%define major 0 %define libname %mklibname %{name} %{major} %define develname %mklibname %{name} -d %global pkgname dirsrv %global use_openldap 1 # If perl-Socket-2.000 or newer is available, set 0 to use_Socket6. %global use_Socket6 0 # To build without nunc-stans, set 0 to use_nunc_stans. # nunc-stans only builds on x86_64 for now %ifarch x86_64 %global use_nunc_stans 1 %else %global use_nunc_stans 0 %endif %global nunc_stans_ver 0.1.8 # (cg) NB the --with-tmpfiles_d argument below is for user generated config files # created via DSCreate.pm script - i.e. it should be the /etc/ path, NOT %_tmpfilesdir %global with_tmpfiles_d %{_sysconfdir}/tmpfiles.d} # systemd support %global groupname %{pkgname}.target Summary: 389 Directory Server (base) Name: 389-ds-base Version: 1.3.5.17 %define subrel 3 Release: %mkrel 1 License: GPLv3+ URL: http://port389.org/ Group: System/Servers Requires: %{libname} = %{version}-%{release} Provides: ldif2ldbm BuildRequires: nspr-devel BuildRequires: nss-devel BuildRequires: krb5-devel BuildRequires: svrcore-devel >= 4.1.2 %if %{use_openldap} BuildRequires: openldap-devel %else BuildRequires: mozldap-devel %endif BuildRequires: db-devel BuildRequires: libsasl-devel BuildRequires: icu BuildRequires: libicu-devel BuildRequires: pcre-devel BuildRequires: gcc-c++ # The following are needed to build the snmp ldap-agent BuildRequires: net-snmp-devel BuildRequires: lm_sensors-devel BuildRequires: bzip2-devel BuildRequires: zlib-devel BuildRequires: openssl-devel BuildRequires: tcp_wrappers # the following is for the pam passthru auth plug-in BuildRequires: pam-devel BuildRequires: systemd-units BuildRequires: systemd-devel # this is needed for using semanage from our setup scripts Requires: policycoreutils-python Requires(post): rpm-helper >= %{rpmhelper_required_version} Requires(preun): rpm-helper >= %{rpmhelper_required_version} Requires(pre): %{_sbindir}/useradd Requires(pre): %{_sbindir}/groupadd # the following are needed for some of our scripts %if %{use_openldap} Requires: openldap-clients %else Requires: mozldap-tools %endif # this is needed to setup SSL if you are not using the # administration server package Requires: nss # these are not found by the auto-dependency method # they are required to support the mandatory LDAP SASL mechs Requires: sasl-plug-gssapi Requires: sasl-plug-digestmd5 # this is needed for verify-db.pl Requires: db5-utils # for the init script Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units Source0: http://www.port389.org/binaries/%{name}-%{version}.tar.bz2 # 389-ds-git.sh should be used to generate the source tarball from git Source1: %{name}-git.sh Source2: %{name}-devel.README Source3: https://git.fedorahosted.org/cgit/nunc-stans.git/snapshot/nunc-stans-%{nunc_stans_ver}.tar.bz2 Patch0: 389-ds-base-1.3.4.14_CVE-2017-2591.patch Patch1: 389-ds-base-1.3.5.17_CVE-2017-7551_brute-force.patch Patch2: 389-ds-base-1.3.5.19-CVE-2017-15134.patch Patch3: 389-ds-base-1.3.5.17-CVE-2018-1054.patch %description 389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration. %package -n %{libname} Summary: Core libraries for 389 Directory Server Group: System/Servers BuildRequires: nspr-devel BuildRequires: nss-devel BuildRequires: svrcore-devel %if %{use_openldap} BuildRequires: openldap-devel %else BuildRequires: mozldap-devel %endif BuildRequires: db-devel BuildRequires: libsasl-devel BuildRequires: libicu-devel BuildRequires: pcre-devel BuildRequires: talloc-devel BuildRequires: event-devel BuildRequires: tevent-devel %description -n %{libname} Core libraries for the 389 Directory Server base package. These libraries are used by the main package and the -devel package. This allows the -devel package to be installed with just the -libs package and without the main package. %package -n %{develname} Summary: Development libraries for 389 Directory Server Group: System/Libraries Requires: pkgconfig Requires: nspr-devel Requires: nss-devel Requires: svrcore-devel %if %{use_openldap} Requires: openldap-devel %else Requires: mozldap-devel %endif %if %{use_nunc_stans} Requires: talloc-devel Requires: event-devel Requires: tevent-devel %endif Requires: %{libname} = %{version}-%{release} Provides: %{develname} = %{version}-%{release} %description -n %{develname} Development Libraries and headers for the 389 Directory Server base package. %package snmp Summary: SNMP Agent for 389 Directory Server Group: System/Servers Requires: %{name} = %{version}-%{release} %description snmp SNMP Agent for the 389 Directory Server base package. %prep %setup -q -n %{name}-%{version} -a 3 %if %{use_nunc_stans} %setup -q -n %{name}-%{version} -T -D -b 3 %endif %autopatch -p1 cp %{_sourcedir}/%{name}-devel.README README.devel # Make sure python3 is used in shebangs # FIX ME!! This should be fixed in the source code !!! sed -r -i '1s|^#!\s*/usr/bin.*python.*|#!%{__python3}|' ldap/admin/src/scripts/*.py %build %serverbuild autoreconf -vfi %if %{use_nunc_stans} pushd ../nunc-stans-%{nunc_stans_ver} autoreconf -fi %configure2_5x --with-fhs --libdir=%{_libdir}/%{pkgname} %make_build mkdir -p lib cp .libs/libnunc-stans.so.0.0.0 lib/libnunc-stans.so mkdir -p include/nunc-stans cp nunc-stans.h include/nunc-stans/nunc-stans.h popd %endif %if %{use_openldap} OPENLDAP_FLAG="--with-openldap" %endif %{?with_tmpfiles_d: TMPFILES_FLAG="--with-tmpfiles-d=%{with_tmpfiles_d}"} # hack hack hack https://bugzilla.redhat.com/show_bug.cgi?id=833529 NSSARGS="--with-svrcore-inc=%{_includedir} --with-svrcore-lib=%{_libdir} --with-nss-lib=%{_libdir} --with-nss-inc=%{_includedir}/nss" %if %{use_nunc_stans} NUNC_STANS_FLAGS="--enable-nunc-stans --with-nunc-stans=../nunc-stans-%{nunc_stans_ver}" %endif %configure2_5x --enable-autobind $OPENLDAP_FLAG $TMPFILES_FLAG \ --with-systemdsystemunitdir=%{_unitdir} \ --with-systemdsystemconfdir=%{_sysconfdir}/systemd/system \ --with-systemdgroupname=%{groupname} $NSSARGS \ --with-perldir=/usr/bin \ --with-systemdgroupname=%{groupname} $NSSARGS $NUNC_STANS_FLAGS \ --with-systemd # Generate symbolic info for debuggers export XCFLAGS=$RPM_OPT_FLAGS %make_build %install %if %{use_nunc_stans} pushd ../nunc-stans-%{nunc_stans_ver} %make_install rm -rf %{buildroot}%{_includedir} %{buildroot}%{_datadir} \ %{buildroot}%{_libdir}/%{pkgname}/pkgconfig popd %endif %make_install mkdir -p %{buildroot}%{_logdir}/%{pkgname} mkdir -p %{buildroot}/var/lib/%{pkgname} mkdir -p %{buildroot}/var/lock/%{pkgname} #remove libtool archives and static libs find %{buildroot} -type f -name "*.la" -delete find %{buildroot} -type f -name "*.a" -delete # make sure perl scripts have a proper shebang sed -i -e 's|#{{PERL-EXEC}}|#!/usr/bin/perl|' %{buildroot}%{_datadir}/%{pkgname}/script-templates/template-*.pl %pre # Add the dirsrv user and group accounts %_pre_useradd %{pkgname} %{_localstatedir}/lib/%{pkgname} /sbin/nologin %_pre_groupadd %{pkgname} %{_localstatedir}/lib/%{pkgname} /sbin/nologin %post output=/dev/null # We need to do this because the BS doesn't accept the way Fedora (upstream) and others do it. if [ $1 = 1 ] ; then mkdir -p %{_sysconfdir}/systemd/system/%{groupname}.wants fi # reload to pick up any changes to systemd files %{_bindir}/systemctl daemon-reload >/dev/null 2>&1 || : # reload to pick up any shared lib changes # find all instances instances="" # instances that require a restart after upgrade ninst=0 # number of instances found in total if [ -n "$DEBUGPOSTTRANS" ] ; then output=$DEBUGPOSTTRANS fi echo looking for services in %{_sysconfdir}/systemd/system/%{groupname}.wants/* >> $output 2>&1 || : for service in %{_sysconfdir}/systemd/system/%{groupname}.wants/* ; do if [ ! -f "$service" ] ; then continue ; fi # in case nothing matches inst=`echo $service | sed -e 's,%{_sysconfdir}/systemd/system/%{groupname}.wants/,,'` echo found instance $inst - getting status >> $output 2>&1 || : if %{_bindir}/systemctl -q is-active $inst ; then echo instance $inst is running >> $output 2>&1 || : instances="$instances $inst" else echo instance $inst is not running >> $output 2>&1 || : fi ninst=`expr $ninst + 1` done if [ $ninst -eq 0 ] ; then echo no instances to upgrade >> $output 2>&1 || : exit 0 # have no instances to upgrade - just skip the rest fi # shutdown all instances echo shutting down all instances . . . >> $output 2>&1 || : for inst in $instances ; do echo stopping instance $inst >> $output 2>&1 || : /bin/systemctl stop $inst >> $output 2>&1 || : done echo remove pid files . . . >> $output 2>&1 || : %{_bindir}/rm -f /run/%{pkgname}*.pid /run/%{pkgname}*.startpid # do the upgrade echo upgrading instances . . . >> $output 2>&1 || : DEBUGPOSTSETUPOPT=`/usr/bin/echo $DEBUGPOSTSETUP | /usr/bin/sed -e "s/[^d]//g"` if [ -n "$DEBUGPOSTSETUPOPT" ] ; then %{_sbindir}/setup-ds.pl -l $output -$DEBUGPOSTSETUPOPT -u -s General.UpdateMode=offline >> $output 2>&1 || : else %{_sbindir}/setup-ds.pl -l $output -u -s General.UpdateMode=offline >> $output 2>&1 || : fi # restart instances that require it for inst in $instances ; do echo restarting instance $inst >> $output 2>&1 || : %{_bindir}/systemctl start $inst >> $output 2>&1 || : done %preun if [ $1 -eq 0 ]; then # Final removal # Package removal, not upgrade # remove instance specific service files/links rm -rf %{_sysconfdir}/systemd/system/%{groupname}.wants/* > /dev/null 2>&1 || : fi %postun if [ $1 = 0 ]; then # Final removal rm -rf /run/%{pkgname} fi %_postun_userdel %{pkgname} %_postun_groupdel %{pkgname} %preun snmp %_preun_service %{pkgname}-snmp.service %{groupname} %post snmp %_post_service %{pkgname}-snmp %files %doc LICENSE LICENSE.GPLv3+ LICENSE.openssl %dir %{_sysconfdir}/%{pkgname} %dir %{_sysconfdir}/%{pkgname}/schema %config(noreplace)%{_sysconfdir}/%{pkgname}/schema/*.ldif %dir %{_sysconfdir}/%{pkgname}/config %config(noreplace)%{_sysconfdir}/%{pkgname}/config/slapd-collations.conf %config(noreplace)%{_sysconfdir}/%{pkgname}/config/certmap.conf %config(noreplace)%{_sysconfdir}/%{pkgname}/config/template-initconfig %config(noreplace)%{_sysconfdir}/sysconfig/%{pkgname} %config(noreplace)%{_sysconfdir}/sysconfig/%{pkgname}.systemd %{_datadir}/%{pkgname} %{_unitdir}/%{pkgname}.target %{_unitdir}/%{pkgname}@.service %{_bindir}/* %{_sbindir}/* %{_libdir}/%{pkgname}/perl %{_libdir}/%{pkgname}/python %{_libdir}/%{pkgname}/plugins/*.so %dir %{_localstatedir}/lib/%{pkgname} %dir %{_logdir}/%{pkgname} %ghost %dir %{_localstatedir}/lock/%{pkgname} %{_mandir}/man1/* %{_mandir}/man8/* %exclude %{_sbindir}/ldap-agent* %exclude %{_mandir}/man1/ldap-agent.1.* %files -n %{develname} %doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel %{_includedir}/%{pkgname} %{_libdir}/%{pkgname}/libslapd.so %{_libdir}/%{pkgname}/libns-dshttpd.so %if %{use_nunc_stans} %{_libdir}/%{pkgname}/libnunc-stans.so %endif %{_libdir}/pkgconfig/* %files -n %{libname} %doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel %{_libdir}/%{pkgname}/libslapd.so.* %{_libdir}/%{pkgname}/libns-dshttpd.so.* %if %{use_nunc_stans} %{_libdir}/%{pkgname}/libnunc-stans.so.* %endif %files snmp %doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel %config(noreplace)%{_sysconfdir}/%{pkgname}/config/ldap-agent.conf %{_unitdir}/%{pkgname}-snmp.service %{_sbindir}/ldap-agent* %{_mandir}/man1/ldap-agent.1.* %changelog * Wed Mar 07 2018 kekepower <kekepower> 1.3.5.17-1.3.mga6 (not released yet) + Revision: 1207031 - Added patch from Redhat to fix CVE-2018-1054 (mga#22710) + mrambo3501 <mrambo3501> - add rediffed fedora patch which fixes CVE-2017-15134 mga#22466 - added patch which fixes CVE-2017-7551 mga#21671 * Mon Apr 24 2017 neoclust <neoclust> 1.3.5.17-1.mga6 + Revision: 1097227 - New version 1.3.5.17 - Fixes CVE-2017-2668 (mga#20659) * Wed Mar 15 2017 mrambo3501 <mrambo3501> 1.3.5.15-5.mga6 + Revision: 1092672 - Rebuild for icu-58.2 * Thu Feb 16 2017 mrambo3501 <mrambo3501> 1.3.5.15-4.mga6 + Revision: 1086490 - rebuild for libevent 2.1.8 * Mon Jan 30 2017 mrambo3501 <mrambo3501> 1.3.5.15-3.mga6 + Revision: 1084237 - add upstream patch to fix CVE-2017-2591 * Sat Jan 28 2017 akien <akien> 1.3.5.15-2.mga6 + Revision: 1083792 - Rebuild for buildsystem issue * Tue Nov 22 2016 mrambo3501 <mrambo3501> 1.3.5.15-1.mga6 + Revision: 1068727 - update to version 1.3.5.15 - fixes CVE-2016-4992, CVE-2016-5405, CVE-2016-5416 * Thu Sep 29 2016 luigiwalser <luigiwalser> 1.3.5.13-2.mga6 + Revision: 1057538 - 1.3.5.13 (fixes CVE-2016-4992) - cosmetic spec cleanups (some synced from fedora) - remove a bunch of stuff from the spec only needed in fedora - remove patch0 (fixed upstream) - remove no longer needed obsoletes - add snmp subpackage (from fedora) * Thu Jun 16 2016 daviddavid <daviddavid> 1.3.5.4-3.mga6 + Revision: 1021701 - add a patch to fix build with new systemd * Mon May 30 2016 spuhler <spuhler> 1.3.5.4-2.mga6 + Revision: 1019467 - needs svrcore-devel >= 4.1.2 - removed build patch * Sun May 29 2016 spuhler <spuhler> 1.3.5.4-1.mga6 + Revision: 1019345 - added build patch provided by David Geiger - upgrade to vesr. 1.3.5.4 * Sat May 14 2016 shlomif <shlomif> 1.3.5.1-4.mga6 + Revision: 1015299 - Rebuild for the new UCI (new major) * Sun Apr 17 2016 spuhler <spuhler> 1.3.5.1-3.mga6 + Revision: 1003124 - fixed missing requires * Sat Apr 16 2016 spuhler <spuhler> 1.3.5.1-2.mga6 + Revision: 1003043 - removed non exixting file in files section - need to bup rel because of failed upload - removed "mkdir -p %%{buildroot}%%{_sysconfdir}/systemd/system/%%{groupname}.wants" * mageia doesn't accept this - removed obsolete patches - removed obsolete patches - update to vers. 1.3.5.1 * changed user and group to dirsrv - upgrade to vers. 1.3.5.1 * Tue Feb 16 2016 spuhler <spuhler> 1.3.4.8-1.mga6 + Revision: 962476 - update to vers 1.3.4.8 * Wed Jan 27 2016 spuhler <spuhler> 1.3.4.7-1.mga6 + Revision: 928283 - upgrade to ver. 1.3.4.7 * Wed Jan 20 2016 spuhler <spuhler> 1.3.4.6-3.mga6 + Revision: 926131 - update to vers. 1.3.4.6 * Thu Jan 07 2016 spuhler <spuhler> 1.3.4.5-3.mga6 + Revision: 920238 - rebuiuld for libicu + cjw <cjw> - make the source rpm (build deps, sources) not depend on the build arch - build nunc-stans in (a subdirectory of) the build dir - run autoreconf for nunc-stans and use configure2_5x instead of configure to fix build + luigiwalser <luigiwalser> - rebuild for icu * Fri Nov 20 2015 spuhler <spuhler> 1.3.4.5-1.mga6 + Revision: 904544 - update to vers. 1.3.4.5 * Tue Sep 08 2015 spuhler <spuhler> 1.3.4.4-1.mga6 + Revision: 873992 - upgrade to vers. 1.3.4.4 * Tue Aug 04 2015 spuhler <spuhler> 1.3.4.3-2.mga6 + Revision: 861116 -upgrade to 1.3.4.3 * Sun Jul 26 2015 cjw <cjw> 1.3.4.1-2.mga6 + Revision: 857730 - rebuild for icu 55 * Thu Jun 25 2015 spuhler <spuhler> 1.3.4.1-1.mga6 + Revision: 843166 - update to vers. 1.3.4.1 * Tue Jun 23 2015 spuhler <spuhler> 1.3.4.0-3.mga6 + Revision: 841079 - incresed Rel. - removed nunc_stans" build on 32 bit systems * doesn't build on 32 bit systems (confirmed by upstream) - Removed "Requires: libtalloc libevent libtevent * system should take care of these - reversed last commit - changed the build of nunc-stans to Make (from %%make) * it may build this way - corrected the BuildReqires (libs) - build of "nunc_stans" enabled * Mon Jun 22 2015 spuhler <spuhler> 1.3.4.0-1.mga6 + Revision: 839556 - update to vers. 1.3.4.0 - added "nunc_stans_ver 0.1.4" * disabled the build (doesn't build) - removed comment to tempfiles - added additional buildrequires * Thu Apr 30 2015 spuhler <spuhler> 1.3.3.10-1.mga5 + Revision: 820863 - upgrade to version 1.3.3.10 - fixes security issue, bug #15796, CVE-2015-1854 * Sat Mar 07 2015 spuhler <spuhler> 1.3.3.9-1.mga5 + Revision: 818071 - upgrade to vers. 1.3.3.9 * fixes security issue CVE-2014-8105 and CVE-2014-8112 Bug # 15440 - removed 389-ds-base-1.3.2.0-build-module.patch - changed %%post section to fix upgrade (bugfix by upstream) - removed %%ifarch x86_64 as told by upstream (not needed anymore) - upgrade fixes lots of bugs (details see logs in upstream) * Fri Mar 06 2015 spuhler <spuhler> 1.3.3.6-2.mga5 + Revision: 817911 - removed "--with-selinux" in the configure section * we don't provide selinux and it didn' work (setup-ds.pl) anymore with this option * Sat Dec 06 2014 spuhler <spuhler> 1.3.3.6-1.mga5 + Revision: 801732 - upgrade to ver. 1.3.3.6 * lots of bug fixes * Thu Nov 06 2014 spuhler <spuhler> 1.3.3.5-1.mga5 + Revision: 795992 - upgrade to vers. 1.3.3.5 * bug fixes from upstream * Wed Oct 15 2014 umeabot <umeabot> 1.3.3.3-2.mga5 + Revision: 741488 - Second Mageia 5 Mass Rebuild * Tue Sep 16 2014 spuhler <spuhler> 1.3.3.3-1.mga5 + Revision: 679287 - changed lib and devel names to comply with Mageia Policies - changed /bin/ to %%{_bindir} - corrected wrong %%systemd macro - upgrade to vers. 1.3.3.3 * fixed lots of bugs by upstream + umeabot <umeabot> - Mageia 5 Mass Rebuild * Sat Sep 06 2014 spuhler <spuhler> 1.3.3.0-1.mga5 + Revision: 672823 - upgrade to version 1.3.3.0 * lots of bugfixes by upstream, incl. memory leak * Sat Aug 30 2014 spuhler <spuhler> 1.3.2.23-1.mga5 + Revision: 669591 - upgrade to version 1.3.2.23 * Thu Aug 14 2014 spuhler <spuhler> 1.3.2.22-1.mga5 + Revision: 662406 - upgrade to version 1.3.2.22 * Thu Aug 07 2014 spuhler <spuhler> 1.3.2.21-1.mga5 + Revision: 660910 - upgrade to version 1.3.2.21 * solves Bug 13878 - 389-ds-base new security issue CVE-2014-3562 * Wed Aug 06 2014 spuhler <spuhler> 1.3.2.20-1.mga5 + Revision: 660088 - upgrade to ver. 1.3.2.20 * Wed Jul 09 2014 spuhler <spuhler> 1.3.2.19-1.mga5 + Revision: 650989 - replaced %%global _hardened_build 1 with serverbuild - moved libns-dshttpd.so* to the libs - reversed most of last commit - changed lib and devel names according to mga policy - some spec cleaning * Sun Jul 06 2014 spuhler <spuhler> 1.3.2.18-1.mga5 + Revision: 644099 - upgrade to ver. 1.3.2.18 * Tue Jun 10 2014 spuhler <spuhler> 1.3.2.17-1.mga5 + Revision: 635293 - upgrade to 1.3.2.17 * Sun Apr 06 2014 wally <wally> 1.3.2.16-2.mga5 + Revision: 612235 - rebuild for new icu * Fri Mar 14 2014 spuhler <spuhler> 1.3.2.16-1.mga5 + Revision: 603924 - upgrade to ver. 1.3.2.16 * Fri Mar 14 2014 spuhler <spuhler> 1.3.2.15-1.mga5 + Revision: 603919 - upgrade to ver. 1.3.2.15 - removed obsolete ereport patch - upgrade to ver. 1.3.2.14 * Fri Feb 07 2014 spuhler <spuhler> 1.3.2.11-1.mga5 + Revision: 584894 - upgrade to ver 1.3.2.11 * Wed Feb 05 2014 spuhler <spuhler> 1.3.2.10-1.mga5 + Revision: 582771 - upgrade to ver. 1.3.2.10 * Mon Nov 25 2013 spuhler <spuhler> 1.3.2.7-1.mga4 + Revision: 553513 - upgrade to version 1.3.2.7 * upgrade to vers. 1.3.2.6 solves a ton of bugs, incl the ldif upgrade * to version 1.3.2.7 resolves the library problem that prevented it from starting * Fri Nov 22 2013 spuhler <spuhler> 1.3.2.5-1.mga4 + Revision: 552369 - upgrade to version 1.3.2.5 - resolves Security issue CVE-2013-4485, bug #11720 - bug fixes by upstream * Tue Oct 22 2013 umeabot <umeabot> 1.3.2.2-2.mga4 + Revision: 541510 - Mageia 4 Mass Rebuild * Sat Oct 12 2013 spuhler <spuhler> 1.3.2.2-1.mga4 + Revision: 496049 - upgrade to version 1.3.2.2 * Fri Oct 11 2013 spuhler <spuhler> 1.3.2.1-1.mga4 + Revision: 495330 - upgrade to version 1.3.2.1 - rediffed build-module patch * Mon Oct 07 2013 spuhler <spuhler> 1.3.2.0-1.mga4 + Revision: 492794 -upgrade to version 1.3.2.0 * Lot's of bug fixes from upstream - removed 1.3.1.7 build-module.patch * Wed Oct 02 2013 spuhler <spuhler> 1.3.1.11-1.mga4 + Revision: 490172 - upgrade to vers. 1.3.1.1 - some cleanup of spec - bug fixes by upstream * Set localrundir outside of the "with-fhs" block * Refine the check for @localrundir@ * remove unnecessary typedef * Repl Sync does not compile against MozLDAP libraries * Sat Sep 28 2013 spuhler <spuhler> 1.3.1.10-1.mga4 + Revision: 488515 - upgrade to vers. 1.3.1.10 - bugfixes from upstream * RUV tombstone search with scope "one" doesn`t work * 389-ds-base does not compile against MozLDAP libraries * Set up replication/agreement before initializing the sub suffix, the sub suffix is not found by ldapsearch * 389-ds-base built with mozldap can crash from invalid free * idlistscanlimit per index/type/value * tmpfiles.d references /var/lock when they should reference /run/lock * PassSync removes User must change password flag on the Windows side * CLEANALLRUV doesnt run across all replicas * replication stops with excessive clock skew * Coverity fix - 11952 - for Ticket 47512 * backend txn plugin fixup tasks should be done in a txn * Allow macro aci keywords to be case-insensitive * Under specific values of nsDS5ReplicaName, replication may get broken or updates missing * automember rebuild task not working as expected * valgrind - value mem leaks, uninit mem usage * fix breakage in slapi-nis introduced with the previous fix * start-dirsrv/restart-dirsrv/stop-disrv do not register with systemd correctly * Fri Sep 27 2013 fwang <fwang> 1.3.1.7-2.mga4 + Revision: 487459 - rebuild for icu 52 * Wed Sep 04 2013 fwang <fwang> 1.3.1.7-1.mga4 + Revision: 475030 - more strict declares - correctly build modules + spuhler <spuhler> - added ereport.patch to make it build - upgrade to version 1.3.1.7 - made the mkdir in the %%post section conditional - upgrade to ver 1.3.1.6 - upgrade to ver. 1.3.1.5 - bug #10889 CVE-2013-2219 ACLs inoperative in some search scenarios - bugfixes from upstream * delete present values should append values to deleted values * valgrind - value mem leaks, uninit mem usage * Segfault in 389-ds-base-1.3.1.4-1.fc19 when setting up FreeIPA replication * Fix runtime errors caused by last patch. * Fix compilation warnings and header files * logconv.pl man page missing -m,-M,-B,-D * fix recent compiler warnings * Overflow in nsslapd-disk-monitoring-threshold * deadlock after adding and deleting entries * Disk Monitoring not checking filesystem with logs + luigiwalser <luigiwalser> - rebuild for cyrus-sasl * Wed Jul 31 2013 spuhler <spuhler> 1.3.1.4-1.mga4 + Revision: 461328 - upgrade to 1.3.1.4 - bugfixes from upstream - Very large entryusn values after enabling the USN plugin and the lastusn value is negative. * Replication problem with add-delete requests on single-valued attributes * (phase 2) ldapdelete returns non-leaf entry error while trying to remove a leaf entry * (phase 1) ldapdelete returns non-leaf entry error while trying to remove a leaf entry * memory leaks in set_krb5_creds * version 4 Slow ldapmodify operation time for large quantities of multi-valued attribute values * provide default syntax plugin * Overflow in nsslapd-disk-monitoring-threshold * RHDS denies MODRDN access if ACI list contains any DENY rule * Memory leak in 389-ds-base 1.2.11.15 * ldbm errors when adding/modifying/deleting entries * Disk Monitoring is not triggered as expected. * changelog db deadlocks with DNA and replication * Wed Jul 17 2013 spuhler <spuhler> 1.3.1.3-1.mga4 + Revision: 455121 - upgrade to ver 1.3.1.3 - added mkdir for systemd dir -upgrade to version 1.3.1.0 - added Requires(post): rpm-helper - added Requires(preun): rpm-helper - added mageia nogroup patch to replace group nobody in the install script. - added %%dir %%{_sysconfdir}/systemd/system/%%{groupname}.wants * needed to allow dirsrv@instance.service + fwang <fwang> - rebuild for new icu * Tue Apr 16 2013 spuhler <spuhler> 1.3.0.5-2.mga4 + Revision: 410202 - replaced incorrect macro in post section with Mageia macro - %%systemd_post with %%_post_service * Wed Apr 03 2013 spuhler <spuhler> 1.3.0.5-1.mga3 + Revision: 407558 - upgrade to ver. 1.3.0.5 Fixes to following issues from upstream - unintended information exposure when anonymous access is set to rootdse - crash in aci evaluation - ns-slapd crashes sporadically with segmentation fault in libslapd.so - Deadlock in DNA plug-in Ticket #576 - DNA: use event queue for config update only at the start up - 389-ds-base cannot handle Kerberos tickets with PAC - cleanAllRUV task fails to cleanup config upon completion * Wed Mar 13 2013 spuhler <spuhler> 1.3.0.4-1.mga3 + Revision: 402840 - upgrade to version 1.3.0.4 fixes * Bug 9349 - CVE-2013-0312 389-ds: unauthenticated denial of service vulnerability in handling of LDAPv3 control data * DS returns error 20 when replacing values of a multi-valued attribute (only when replication is enabled) * Slow role performance when using a lot of roles * Ticket 590 - ns-slapd segfaults while trying to delete a tombstone entry * Mon Mar 04 2013 spuhler <spuhler> 1.3.0.3-1.mga3 + Revision: 401340 - upgrade to 1.3.0.3 Lots of bugfixes by upstream o Ticket #584 - Existence of an entry is not checked when its password is to be deleted o Ticket 562 - Crash when deleting suffix o Ticket #542 - Cannot dynamically set nsslapd-maxbersize o Ticket 556 - Don't overwrite certmap.conf during upgrade o Ticket 549 - DNA plugin no longer reports additional info when range is depleted o Ticket 541 - need to set plugin as off in ldif template o Ticket 541 - RootDN Access Control plugin is missing after upgrade - cleaned up spec file aaded Requires: libselinux-utils * Fri Jan 11 2013 umeabot <umeabot> 1.3.0-4.mga3 + Revision: 345051 - Mass Rebuild - https://wiki.mageia.org/en/Feature:Mageia3MassRebuild * Tue Dec 18 2012 spuhler <spuhler> 1.3.0-3.mga3 + Revision: 332415 - upgrade to rc2 bumped rel * Sun Dec 16 2012 spuhler <spuhler> 1.3.0-2.mga3 + Revision: 331346 - upgrade to from a1 to rc1 * Sat Dec 01 2012 spuhler <spuhler> 1.3.0-1.mga3 + Revision: 324211 - upgrade to 1.3.0 * Sat Dec 01 2012 fwang <fwang> 1.2.11.15-5.mga3 + Revision: 323723 - rebuild for new pcre * Sun Nov 25 2012 colin <colin> 1.2.11.15-4.mga3 + Revision: 321807 - Do not ship the /var/lock folder - Ensure tmpfiles.d is enabled in the DSCreate.pm script - Add patch to create the .wants folder for systemd units. - Do not ship any systemd folders in /etc * Fri Nov 09 2012 fwang <fwang> 1.2.11.15-3.mga3 + Revision: 316610 - rebuild for update icu * Tue Nov 06 2012 fwang <fwang> 1.2.11.15-2.mga3 + Revision: 314759 - rebuild for new icu * Sun Oct 21 2012 spuhler <spuhler> 1.2.11.15-1.mga3 + Revision: 308664 - upgrade to version 2.12.11.15 * Mon Oct 15 2012 spuhler <spuhler> 1.2.11.12-2.mga3 + Revision: 305913 - changed the libname as done by upstream bumped rel * Sat Oct 13 2012 spuhler <spuhler> 1.2.11.12-1.mga3 + Revision: 305248 - added LDFLAGS=-L%%{perl_archlib}/CORE commented out Requires: perl(:MODULE_COMPAT_%%(eval "`%%{__perl} -V:version`"; echo $version)) - added Buildrequires: krb5-devel - fixed Requires naming - mageified spec file and removed unneeded lines - cleaned up spec file - imported package 389-ds-base