diff --git a/.389-ds-base.metadata b/.389-ds-base.metadata index ac80774..dff35e2 100644 --- a/.389-ds-base.metadata +++ b/.389-ds-base.metadata @@ -1,3 +1,3 @@ -99591fa118addaa5e8eef3445092d0b2d12758ba SOURCES/389-ds-base-1.4.3.37.tar.bz2 -deb3cdc888660e573fe4be992398f35393c2d1d3 SOURCES/vendor-1.4.3.37-1.tar.gz +bd9aab32d9cbf9231058d585479813f3420dc872 SOURCES/389-ds-base-1.4.3.39.tar.bz2 1c8f2d0dfbf39fa8cd86363bf3314351ab21f8d4 SOURCES/jemalloc-5.3.0.tar.bz2 +978b7c5e4a9e5784fddb23ba1abe4dc5a071589f SOURCES/vendor-1.4.3.39-1.tar.gz diff --git a/.gitignore b/.gitignore index e0cad99..89f8081 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ -SOURCES/389-ds-base-1.4.3.37.tar.bz2 -SOURCES/vendor-1.4.3.37-1.tar.gz +SOURCES/389-ds-base-1.4.3.39.tar.bz2 SOURCES/jemalloc-5.3.0.tar.bz2 +SOURCES/vendor-1.4.3.39-1.tar.gz diff --git a/SOURCES/0001-Issue-3527-Support-HAProxy-and-Instance-on-the-same-.patch b/SOURCES/0001-Issue-3527-Support-HAProxy-and-Instance-on-the-same-.patch new file mode 100644 index 0000000..40dba66 --- /dev/null +++ b/SOURCES/0001-Issue-3527-Support-HAProxy-and-Instance-on-the-same-.patch @@ -0,0 +1,83 @@ +From 7d1bc439a07c51b5f4f37405b6b27a1990b8cb28 Mon Sep 17 00:00:00 2001 +From: Simon Pichugin +Date: Tue, 27 Feb 2024 16:30:47 -0800 +Subject: [PATCH] Issue 3527 - Support HAProxy and Instance on the same machine + configuration (#6107) + +Description: Improve how we handle HAProxy connections to work better when +the DS and HAProxy are on the same machine. +Ensure the client and header destination IPs are checked against the trusted IP list. + +Additionally, this change will also allow configuration having +HAProxy is listening on a different subnet than the one used to forward the request. + +Related: https://github.com/389ds/389-ds-base/issues/3527 + +Reviewed by: @progier389, @jchapma (Thanks!) +--- + ldap/servers/slapd/connection.c | 35 +++++++++++++++++++++++++-------- + 1 file changed, 27 insertions(+), 8 deletions(-) + +diff --git a/ldap/servers/slapd/connection.c b/ldap/servers/slapd/connection.c +index d28a39bf7..10a8cc577 100644 +--- a/ldap/servers/slapd/connection.c ++++ b/ldap/servers/slapd/connection.c +@@ -1187,6 +1187,8 @@ connection_read_operation(Connection *conn, Operation *op, ber_tag_t *tag, int * + char str_ip[INET6_ADDRSTRLEN + 1] = {0}; + char str_haproxy_ip[INET6_ADDRSTRLEN + 1] = {0}; + char str_haproxy_destip[INET6_ADDRSTRLEN + 1] = {0}; ++ int trusted_matches_ip_found = 0; ++ int trusted_matches_destip_found = 0; + struct berval **bvals = NULL; + int proxy_connection = 0; + +@@ -1245,21 +1247,38 @@ connection_read_operation(Connection *conn, Operation *op, ber_tag_t *tag, int * + normalize_IPv4(conn->cin_addr, buf_ip, sizeof(buf_ip), str_ip, sizeof(str_ip)); + normalize_IPv4(&pr_netaddr_dest, buf_haproxy_destip, sizeof(buf_haproxy_destip), + str_haproxy_destip, sizeof(str_haproxy_destip)); ++ size_t ip_len = strlen(buf_ip); ++ size_t destip_len = strlen(buf_haproxy_destip); + + /* Now, reset RC and set it to 0 only if a match is found */ + haproxy_rc = -1; + +- /* Allow only: +- * Trusted IP == Original Client IP == HAProxy Header Destination IP */ ++ /* ++ * We need to allow a configuration where DS instance and HAProxy are on the same machine. ++ * In this case, we need to check if ++ * the HAProxy client IP (which will be a loopback address) matches one of the the trusted IP addresses, ++ * while still checking that ++ * the HAProxy header destination IP address matches one of the trusted IP addresses. ++ * Additionally, this change will also allow configuration having ++ * HAProxy listening on a different subnet than one used to forward the request. ++ */ + for (size_t i = 0; bvals[i] != NULL; ++i) { +- if ((strlen(bvals[i]->bv_val) == strlen(buf_ip)) && +- (strlen(bvals[i]->bv_val) == strlen(buf_haproxy_destip)) && +- (strncasecmp(bvals[i]->bv_val, buf_ip, strlen(buf_ip)) == 0) && +- (strncasecmp(bvals[i]->bv_val, buf_haproxy_destip, strlen(buf_haproxy_destip)) == 0)) { +- haproxy_rc = 0; +- break; ++ size_t bval_len = strlen(bvals[i]->bv_val); ++ ++ /* Check if the Client IP (HAProxy's machine IP) address matches the trusted IP address */ ++ if (!trusted_matches_ip_found) { ++ trusted_matches_ip_found = (bval_len == ip_len) && (strncasecmp(bvals[i]->bv_val, buf_ip, ip_len) == 0); ++ } ++ /* Check if the HAProxy header destination IP address matches the trusted IP address */ ++ if (!trusted_matches_destip_found) { ++ trusted_matches_destip_found = (bval_len == destip_len) && (strncasecmp(bvals[i]->bv_val, buf_haproxy_destip, destip_len) == 0); + } + } ++ ++ if (trusted_matches_ip_found && trusted_matches_destip_found) { ++ haproxy_rc = 0; ++ } ++ + if (haproxy_rc == -1) { + slapi_log_err(SLAPI_LOG_CONNS, "connection_read_operation", "HAProxy header received from unknown source.\n"); + disconnect_server_nomutex(conn, conn->c_connid, -1, SLAPD_DISCONNECT_PROXY_UNKNOWN, EPROTO); +-- +2.43.0 + diff --git a/SOURCES/0001-issue-5647-covscan-memory-leak-in-audit-log-when-add.patch b/SOURCES/0001-issue-5647-covscan-memory-leak-in-audit-log-when-add.patch new file mode 100644 index 0000000..11a2741 --- /dev/null +++ b/SOURCES/0001-issue-5647-covscan-memory-leak-in-audit-log-when-add.patch @@ -0,0 +1,119 @@ +From dddb14210b402f317e566b6387c76a8e659bf7fa Mon Sep 17 00:00:00 2001 +From: progier389 +Date: Tue, 14 Feb 2023 13:34:10 +0100 +Subject: [PATCH 1/2] issue 5647 - covscan: memory leak in audit log when + adding entries (#5650) + +covscan reported an issue about "vals" variable in auditlog.c:231 and indeed a charray_free is missing. +Issue: 5647 +Reviewed by: @mreynolds389, @droideck +--- + ldap/servers/slapd/auditlog.c | 71 +++++++++++++++++++---------------- + 1 file changed, 38 insertions(+), 33 deletions(-) + +diff --git a/ldap/servers/slapd/auditlog.c b/ldap/servers/slapd/auditlog.c +index 68cbc674d..3128e0497 100644 +--- a/ldap/servers/slapd/auditlog.c ++++ b/ldap/servers/slapd/auditlog.c +@@ -177,6 +177,40 @@ write_auditfail_log_entry(Slapi_PBlock *pb) + slapi_ch_free_string(&audit_config); + } + ++/* ++ * Write the attribute values to the audit log as "comments" ++ * ++ * Slapi_Attr *entry - the attribute begin logged. ++ * char *attrname - the attribute name. ++ * lenstr *l - the audit log buffer ++ * ++ * Resulting output in the log: ++ * ++ * #ATTR: VALUE ++ * #ATTR: VALUE ++ */ ++static void ++log_entry_attr(Slapi_Attr *entry_attr, char *attrname, lenstr *l) ++{ ++ Slapi_Value **vals = attr_get_present_values(entry_attr); ++ for(size_t i = 0; vals && vals[i]; i++) { ++ char log_val[256] = ""; ++ const struct berval *bv = slapi_value_get_berval(vals[i]); ++ if (bv->bv_len >= 256) { ++ strncpy(log_val, bv->bv_val, 252); ++ strcpy(log_val+252, "..."); ++ } else { ++ strncpy(log_val, bv->bv_val, bv->bv_len); ++ log_val[bv->bv_len] = 0; ++ } ++ addlenstr(l, "#"); ++ addlenstr(l, attrname); ++ addlenstr(l, ": "); ++ addlenstr(l, log_val); ++ addlenstr(l, "\n"); ++ } ++} ++ + /* + * Write "requested" attributes from the entry to the audit log as "comments" + * +@@ -212,21 +246,9 @@ add_entry_attrs(Slapi_Entry *entry, lenstr *l) + for (req_attr = ldap_utf8strtok_r(display_attrs, ", ", &last); req_attr; + req_attr = ldap_utf8strtok_r(NULL, ", ", &last)) + { +- char **vals = slapi_entry_attr_get_charray(entry, req_attr); +- for(size_t i = 0; vals && vals[i]; i++) { +- char log_val[256] = {0}; +- +- if (strlen(vals[i]) > 256) { +- strncpy(log_val, vals[i], 252); +- strcat(log_val, "..."); +- } else { +- strcpy(log_val, vals[i]); +- } +- addlenstr(l, "#"); +- addlenstr(l, req_attr); +- addlenstr(l, ": "); +- addlenstr(l, log_val); +- addlenstr(l, "\n"); ++ slapi_entry_attr_find(entry, req_attr, &entry_attr); ++ if (entry_attr) { ++ log_entry_attr(entry_attr, req_attr, l); + } + } + } else { +@@ -234,7 +256,6 @@ add_entry_attrs(Slapi_Entry *entry, lenstr *l) + for (; entry_attr; entry_attr = entry_attr->a_next) { + Slapi_Value **vals = attr_get_present_values(entry_attr); + char *attr = NULL; +- const char *val = NULL; + + slapi_attr_get_type(entry_attr, &attr); + if (strcmp(attr, PSEUDO_ATTR_UNHASHEDUSERPASSWORD) == 0) { +@@ -251,23 +272,7 @@ add_entry_attrs(Slapi_Entry *entry, lenstr *l) + addlenstr(l, ": ****************************\n"); + continue; + } +- +- for(size_t i = 0; vals && vals[i]; i++) { +- char log_val[256] = {0}; +- +- val = slapi_value_get_string(vals[i]); +- if (strlen(val) > 256) { +- strncpy(log_val, val, 252); +- strcat(log_val, "..."); +- } else { +- strcpy(log_val, val); +- } +- addlenstr(l, "#"); +- addlenstr(l, attr); +- addlenstr(l, ": "); +- addlenstr(l, log_val); +- addlenstr(l, "\n"); +- } ++ log_entry_attr(entry_attr, attr, l); + } + } + slapi_ch_free_string(&display_attrs); +-- +2.43.0 + diff --git a/SOURCES/0002-Issue-5647-Fix-unused-variable-warning-from-previous.patch b/SOURCES/0002-Issue-5647-Fix-unused-variable-warning-from-previous.patch new file mode 100644 index 0000000..456ea5c --- /dev/null +++ b/SOURCES/0002-Issue-5647-Fix-unused-variable-warning-from-previous.patch @@ -0,0 +1,27 @@ +From be7c2b82958e91ce08775bf6b5da3c311d3b00e5 Mon Sep 17 00:00:00 2001 +From: progier389 +Date: Mon, 20 Feb 2023 16:14:05 +0100 +Subject: [PATCH 2/2] Issue 5647 - Fix unused variable warning from previous + commit (#5670) + +* issue 5647 - memory leak in audit log when adding entries +* Issue 5647 - Fix unused variable warning from previous commit +--- + ldap/servers/slapd/auditlog.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/ldap/servers/slapd/auditlog.c b/ldap/servers/slapd/auditlog.c +index 3128e0497..0597ecc6f 100644 +--- a/ldap/servers/slapd/auditlog.c ++++ b/ldap/servers/slapd/auditlog.c +@@ -254,7 +254,6 @@ add_entry_attrs(Slapi_Entry *entry, lenstr *l) + } else { + /* Return all attributes */ + for (; entry_attr; entry_attr = entry_attr->a_next) { +- Slapi_Value **vals = attr_get_present_values(entry_attr); + char *attr = NULL; + + slapi_attr_get_type(entry_attr, &attr); +-- +2.43.0 + diff --git a/SOURCES/0003-Issue-5407-sync_repl-crashes-if-enabled-while-dynami.patch b/SOURCES/0003-Issue-5407-sync_repl-crashes-if-enabled-while-dynami.patch new file mode 100644 index 0000000..670230c --- /dev/null +++ b/SOURCES/0003-Issue-5407-sync_repl-crashes-if-enabled-while-dynami.patch @@ -0,0 +1,147 @@ +From 692c4cec6cc5c0086cf58f83bcfa690c766c9887 Mon Sep 17 00:00:00 2001 +From: Thierry Bordaz +Date: Fri, 2 Feb 2024 14:14:28 +0100 +Subject: [PATCH] Issue 5407 - sync_repl crashes if enabled while dynamic + plugin is enabled (#5411) + +Bug description: + When dynamic plugin is enabled, if a MOD enables sync_repl plugin + then sync_repl init function registers the postop callback + that will be called for the MOD itself while the preop + has not been called. + postop expects preop to be called and so primary operation + to be set. When it is not set it crashes + +Fix description: + If the primary operation is not set, just return + +relates: #5407 +--- + .../suites/syncrepl_plugin/basic_test.py | 68 +++++++++++++++++++ + ldap/servers/plugins/sync/sync_persist.c | 23 ++++++- + 2 files changed, 90 insertions(+), 1 deletion(-) + +diff --git a/dirsrvtests/tests/suites/syncrepl_plugin/basic_test.py b/dirsrvtests/tests/suites/syncrepl_plugin/basic_test.py +index eb3770b78..cdf35eeaa 100644 +--- a/dirsrvtests/tests/suites/syncrepl_plugin/basic_test.py ++++ b/dirsrvtests/tests/suites/syncrepl_plugin/basic_test.py +@@ -592,6 +592,74 @@ def test_sync_repl_cenotaph(topo_m2, request): + + request.addfinalizer(fin) + ++def test_sync_repl_dynamic_plugin(topology, request): ++ """Test sync_repl with dynamic plugin ++ ++ :id: d4f84913-c18a-459f-8525-110f610ca9e6 ++ :setup: install a standalone instance ++ :steps: ++ 1. reset instance to standard (no retroCL, no sync_repl, no dynamic plugin) ++ 2. Enable dynamic plugin ++ 3. Enable retroCL/content_sync ++ 4. Establish a sync_repl req ++ :expectedresults: ++ 1. Should succeeds ++ 2. Should succeeds ++ 3. Should succeeds ++ 4. Should succeeds ++ """ ++ ++ # Reset the instance in a default config ++ # Disable content sync plugin ++ topology.standalone.plugins.disable(name=PLUGIN_REPL_SYNC) ++ ++ # Disable retro changelog ++ topology.standalone.plugins.disable(name=PLUGIN_RETRO_CHANGELOG) ++ ++ # Disable dynamic plugins ++ topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'nsslapd-dynamic-plugins', b'off')]) ++ topology.standalone.restart() ++ ++ # Now start the test ++ # Enable dynamic plugins ++ try: ++ topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'nsslapd-dynamic-plugins', b'on')]) ++ except ldap.LDAPError as e: ++ log.error('Failed to enable dynamic plugin! {}'.format(e.args[0]['desc'])) ++ assert False ++ ++ # Enable retro changelog ++ topology.standalone.plugins.enable(name=PLUGIN_RETRO_CHANGELOG) ++ ++ # Enbale content sync plugin ++ topology.standalone.plugins.enable(name=PLUGIN_REPL_SYNC) ++ ++ # create a sync repl client and wait 5 seconds to be sure it is running ++ sync_repl = Sync_persist(topology.standalone) ++ sync_repl.start() ++ time.sleep(5) ++ ++ # create users ++ users = UserAccounts(topology.standalone, DEFAULT_SUFFIX) ++ users_set = [] ++ for i in range(10001, 10004): ++ users_set.append(users.create_test_user(uid=i)) ++ ++ time.sleep(10) ++ # delete users, that automember/memberof will generate nested updates ++ for user in users_set: ++ user.delete() ++ # stop the server to get the sync_repl result set (exit from while loop). ++ # Only way I found to acheive that. ++ # and wait a bit to let sync_repl thread time to set its result before fetching it. ++ topology.standalone.stop() ++ sync_repl.get_result() ++ sync_repl.join() ++ log.info('test_sync_repl_dynamic_plugin: PASS\n') ++ ++ # Success ++ log.info('Test complete') ++ + def test_sync_repl_invalid_cookie(topology, request): + """Test sync_repl with invalid cookie + +diff --git a/ldap/servers/plugins/sync/sync_persist.c b/ldap/servers/plugins/sync/sync_persist.c +index d2210b64c..283607361 100644 +--- a/ldap/servers/plugins/sync/sync_persist.c ++++ b/ldap/servers/plugins/sync/sync_persist.c +@@ -156,6 +156,17 @@ ignore_op_pl(Slapi_PBlock *pb) + * This is the same for ident + */ + prim_op = get_thread_primary_op(); ++ if (prim_op == NULL) { ++ /* This can happen if the PRE_OP (sync_update_persist_betxn_pre_op) was not called. ++ * The only known case it happens is with dynamic plugin enabled and an ++ * update that enable the sync_repl plugin. In such case sync_repl registers ++ * the postop (sync_update_persist_op) that is called while the preop was not called ++ */ ++ slapi_log_err(SLAPI_LOG_PLUGIN, SYNC_PLUGIN_SUBSYSTEM, ++ "ignore_op_pl - Operation without primary op set (0x%lx)\n", ++ (ulong) op); ++ return; ++ } + ident = sync_persist_get_operation_extension(pb); + + if (ident) { +@@ -232,8 +243,18 @@ sync_update_persist_op(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eprev, ber + + + prim_op = get_thread_primary_op(); ++ if (prim_op == NULL) { ++ /* This can happen if the PRE_OP (sync_update_persist_betxn_pre_op) was not called. ++ * The only known case it happens is with dynamic plugin enabled and an ++ * update that enable the sync_repl plugin. In such case sync_repl registers ++ * the postop (sync_update_persist_op) that is called while the preop was not called ++ */ ++ slapi_log_err(SLAPI_LOG_PLUGIN, SYNC_PLUGIN_SUBSYSTEM, ++ "sync_update_persist_op - Operation without primary op set (0x%lx)\n", ++ (ulong) pb_op); ++ return; ++ } + ident = sync_persist_get_operation_extension(pb); +- PR_ASSERT(prim_op); + + if ((ident == NULL) && operation_is_flag_set(pb_op, OP_FLAG_NOOP)) { + /* This happens for URP (add cenotaph, fixup rename, tombstone resurrect) +-- +2.43.0 + diff --git a/SOURCES/0004-Issue-5547-automember-plugin-improvements.patch b/SOURCES/0004-Issue-5547-automember-plugin-improvements.patch new file mode 100644 index 0000000..918945d --- /dev/null +++ b/SOURCES/0004-Issue-5547-automember-plugin-improvements.patch @@ -0,0 +1,840 @@ +From 8dc61a176323f0d41df730abd715ccff3034c2be Mon Sep 17 00:00:00 2001 +From: Mark Reynolds +Date: Sun, 27 Nov 2022 09:37:19 -0500 +Subject: [PATCH] Issue 5547 - automember plugin improvements + +Description: + +Rebuild task has the following improvements: + +- Only one task allowed at a time +- Do not cleanup previous members by default. Add new CLI option to intentionally + cleanup memberships before rebuilding from scratch. +- Add better task logging to show fixup progress + +To prevent automember from being called in a nested be_txn loop thread storage is +used to check and skip these loops. + +relates: https://github.com/389ds/389-ds-base/issues/5547 + +Reviewed by: spichugi(Thanks!) +--- + .../automember_plugin/automember_mod_test.py | 43 +++- + ldap/servers/plugins/automember/automember.c | 232 ++++++++++++++---- + ldap/servers/slapd/back-ldbm/ldbm_add.c | 11 +- + ldap/servers/slapd/back-ldbm/ldbm_delete.c | 10 +- + ldap/servers/slapd/back-ldbm/ldbm_modify.c | 11 +- + .../lib389/cli_conf/plugins/automember.py | 10 +- + src/lib389/lib389/plugins.py | 7 +- + src/lib389/lib389/tasks.py | 9 +- + 8 files changed, 250 insertions(+), 83 deletions(-) + +diff --git a/dirsrvtests/tests/suites/automember_plugin/automember_mod_test.py b/dirsrvtests/tests/suites/automember_plugin/automember_mod_test.py +index 8d25384bf..7a0ed3275 100644 +--- a/dirsrvtests/tests/suites/automember_plugin/automember_mod_test.py ++++ b/dirsrvtests/tests/suites/automember_plugin/automember_mod_test.py +@@ -5,12 +5,13 @@ + # License: GPL (version 3 or any later version). + # See LICENSE for details. + # --- END COPYRIGHT BLOCK --- +-# ++import ldap + import logging + import pytest + import os ++import time + from lib389.utils import ds_is_older +-from lib389._constants import * ++from lib389._constants import DEFAULT_SUFFIX + from lib389.plugins import AutoMembershipPlugin, AutoMembershipDefinitions + from lib389.idm.user import UserAccounts + from lib389.idm.group import Groups +@@ -41,6 +42,11 @@ def automember_fixture(topo, request): + user_accts = UserAccounts(topo.standalone, DEFAULT_SUFFIX) + user = user_accts.create_test_user() + ++ # Create extra users ++ users = UserAccounts(topo.standalone, DEFAULT_SUFFIX) ++ for i in range(0, 100): ++ users.create_test_user(uid=i) ++ + # Create automember definitions and regex rules + automember_prop = { + 'cn': 'testgroup_definition', +@@ -59,7 +65,7 @@ def automember_fixture(topo, request): + automemberplugin.enable() + topo.standalone.restart() + +- return (user, groups) ++ return user, groups + + + def test_mods(automember_fixture, topo): +@@ -72,19 +78,21 @@ def test_mods(automember_fixture, topo): + 2. Update user that should add it to group[1] + 3. Update user that should add it to group[2] + 4. Update user that should add it to group[0] +- 5. Test rebuild task correctly moves user to group[1] ++ 5. Test rebuild task adds user to group[1] ++ 6. Test rebuild task cleanups groups and only adds it to group[1] + :expectedresults: + 1. Success + 2. Success + 3. Success + 4. Success + 5. Success ++ 6. Success + """ + (user, groups) = automember_fixture + + # Update user which should go into group[0] + user.replace('cn', 'whatever') +- groups[0].is_member(user.dn) ++ assert groups[0].is_member(user.dn) + if groups[1].is_member(user.dn): + assert False + if groups[2].is_member(user.dn): +@@ -92,7 +100,7 @@ def test_mods(automember_fixture, topo): + + # Update user0 which should go into group[1] + user.replace('cn', 'mark') +- groups[1].is_member(user.dn) ++ assert groups[1].is_member(user.dn) + if groups[0].is_member(user.dn): + assert False + if groups[2].is_member(user.dn): +@@ -100,7 +108,7 @@ def test_mods(automember_fixture, topo): + + # Update user which should go into group[2] + user.replace('cn', 'simon') +- groups[2].is_member(user.dn) ++ assert groups[2].is_member(user.dn) + if groups[0].is_member(user.dn): + assert False + if groups[1].is_member(user.dn): +@@ -108,7 +116,7 @@ def test_mods(automember_fixture, topo): + + # Update user which should go back into group[0] (full circle) + user.replace('cn', 'whatever') +- groups[0].is_member(user.dn) ++ assert groups[0].is_member(user.dn) + if groups[1].is_member(user.dn): + assert False + if groups[2].is_member(user.dn): +@@ -128,12 +136,24 @@ def test_mods(automember_fixture, topo): + automemberplugin.enable() + topo.standalone.restart() + +- # Run rebuild task ++ # Run rebuild task (no cleanup) + task = automemberplugin.fixup(DEFAULT_SUFFIX, "objectclass=posixaccount") ++ with pytest.raises(ldap.UNWILLING_TO_PERFORM): ++ # test only one fixup task is allowed at a time ++ automemberplugin.fixup(DEFAULT_SUFFIX, "objectclass=top") + task.wait() + +- # Test membership +- groups[1].is_member(user.dn) ++ # Test membership (user should still be in groups[0]) ++ assert groups[1].is_member(user.dn) ++ if not groups[0].is_member(user.dn): ++ assert False ++ ++ # Run rebuild task with cleanup ++ task = automemberplugin.fixup(DEFAULT_SUFFIX, "objectclass=posixaccount", cleanup=True) ++ task.wait() ++ ++ # Test membership (user should only be in groups[1]) ++ assert groups[1].is_member(user.dn) + if groups[0].is_member(user.dn): + assert False + if groups[2].is_member(user.dn): +@@ -148,4 +168,3 @@ if __name__ == '__main__': + # -s for DEBUG mode + CURRENT_FILE = os.path.realpath(__file__) + pytest.main(["-s", CURRENT_FILE]) +- +diff --git a/ldap/servers/plugins/automember/automember.c b/ldap/servers/plugins/automember/automember.c +index 3494d0343..419adb052 100644 +--- a/ldap/servers/plugins/automember/automember.c ++++ b/ldap/servers/plugins/automember/automember.c +@@ -1,5 +1,5 @@ + /** BEGIN COPYRIGHT BLOCK +- * Copyright (C) 2011 Red Hat, Inc. ++ * Copyright (C) 2022 Red Hat, Inc. + * All rights reserved. + * + * License: GPL (version 3 or any later version). +@@ -14,7 +14,7 @@ + * Auto Membership Plug-in + */ + #include "automember.h" +- ++#include + + /* + * Plug-in globals +@@ -22,7 +22,9 @@ + static PRCList *g_automember_config = NULL; + static Slapi_RWLock *g_automember_config_lock = NULL; + static uint64_t abort_rebuild_task = 0; +- ++static pthread_key_t td_automem_block_nested; ++static PRBool fixup_running = PR_FALSE; ++static PRLock *fixup_lock = NULL; + static void *_PluginID = NULL; + static Slapi_DN *_PluginDN = NULL; + static Slapi_DN *_ConfigAreaDN = NULL; +@@ -93,9 +95,43 @@ static void automember_task_export_destructor(Slapi_Task *task); + static void automember_task_map_destructor(Slapi_Task *task); + + #define DEFAULT_FILE_MODE PR_IRUSR | PR_IWUSR ++#define FIXUP_PROGRESS_LIMIT 1000 + static uint64_t plugin_do_modify = 0; + static uint64_t plugin_is_betxn = 0; + ++/* automember_plugin fixup task and add operations should block other be_txn ++ * plugins from calling automember_post_op_mod() */ ++static int32_t ++slapi_td_block_nested_post_op(void) ++{ ++ int32_t val = 12345; ++ ++ if (pthread_setspecific(td_automem_block_nested, (void *)&val) != 0) { ++ return PR_FAILURE; ++ } ++ return PR_SUCCESS; ++} ++ ++static int32_t ++slapi_td_unblock_nested_post_op(void) ++{ ++ if (pthread_setspecific(td_automem_block_nested, NULL) != 0) { ++ return PR_FAILURE; ++ } ++ return PR_SUCCESS; ++} ++ ++static int32_t ++slapi_td_is_post_op_nested(void) ++{ ++ int32_t *value = pthread_getspecific(td_automem_block_nested); ++ ++ if (value == NULL) { ++ return 0; ++ } ++ return 1; ++} ++ + /* + * Config cache locking functions + */ +@@ -317,6 +353,14 @@ automember_start(Slapi_PBlock *pb) + return -1; + } + ++ if (fixup_lock == NULL) { ++ if ((fixup_lock = PR_NewLock()) == NULL) { ++ slapi_log_err(SLAPI_LOG_ERR, AUTOMEMBER_PLUGIN_SUBSYSTEM, ++ "automember_start - Failed to create fixup lock.\n"); ++ return -1; ++ } ++ } ++ + /* + * Get the plug-in target dn from the system + * and store it for future use. */ +@@ -360,6 +404,11 @@ automember_start(Slapi_PBlock *pb) + } + } + ++ if (pthread_key_create(&td_automem_block_nested, NULL) != 0) { ++ slapi_log_err(SLAPI_LOG_ERR, AUTOMEMBER_PLUGIN_SUBSYSTEM, ++ "automember_start - pthread_key_create failed\n"); ++ } ++ + slapi_log_err(SLAPI_LOG_PLUGIN, AUTOMEMBER_PLUGIN_SUBSYSTEM, + "automember_start - ready for service\n"); + slapi_log_err(SLAPI_LOG_TRACE, AUTOMEMBER_PLUGIN_SUBSYSTEM, +@@ -394,6 +443,8 @@ automember_close(Slapi_PBlock *pb __attribute__((unused))) + slapi_sdn_free(&_ConfigAreaDN); + slapi_destroy_rwlock(g_automember_config_lock); + g_automember_config_lock = NULL; ++ PR_DestroyLock(fixup_lock); ++ fixup_lock = NULL; + + slapi_log_err(SLAPI_LOG_TRACE, AUTOMEMBER_PLUGIN_SUBSYSTEM, + "<-- automember_close\n"); +@@ -1619,7 +1670,6 @@ out: + return rc; + } + +- + /* + * automember_update_member_value() + * +@@ -1634,7 +1684,7 @@ automember_update_member_value(Slapi_Entry *member_e, const char *group_dn, char + LDAPMod *mods[2]; + char *vals[2]; + char *member_value = NULL; +- int rc = 0; ++ int rc = LDAP_SUCCESS; + Slapi_DN *group_sdn; + + /* First thing check that the group still exists */ +@@ -1653,7 +1703,7 @@ automember_update_member_value(Slapi_Entry *member_e, const char *group_dn, char + "automember_update_member_value - group (default or target) can not be retrieved (%s) err=%d\n", + group_dn, rc); + } +- return rc; ++ goto out; + } + + /* If grouping_value is dn, we need to fetch the dn instead. */ +@@ -1879,6 +1929,13 @@ automember_mod_post_op(Slapi_PBlock *pb) + PRCList *list = NULL; + int rc = SLAPI_PLUGIN_SUCCESS; + ++ if (slapi_td_is_post_op_nested()) { ++ /* don't process op twice in the same thread */ ++ return rc; ++ } else { ++ slapi_td_block_nested_post_op(); ++ } ++ + slapi_log_err(SLAPI_LOG_TRACE, AUTOMEMBER_PLUGIN_SUBSYSTEM, + "--> automember_mod_post_op\n"); + +@@ -2005,6 +2062,7 @@ automember_mod_post_op(Slapi_PBlock *pb) + } + } + } ++ slapi_td_unblock_nested_post_op(); + + slapi_log_err(SLAPI_LOG_TRACE, AUTOMEMBER_PLUGIN_SUBSYSTEM, + "<-- automember_mod_post_op (%d)\n", rc); +@@ -2024,6 +2082,13 @@ automember_add_post_op(Slapi_PBlock *pb) + slapi_log_err(SLAPI_LOG_TRACE, AUTOMEMBER_PLUGIN_SUBSYSTEM, + "--> automember_add_post_op\n"); + ++ if (slapi_td_is_post_op_nested()) { ++ /* don't process op twice in the same thread */ ++ return rc; ++ } else { ++ slapi_td_block_nested_post_op(); ++ } ++ + /* Reload config if a config entry was added. */ + if ((sdn = automember_get_sdn(pb))) { + if (automember_dn_is_config(sdn)) { +@@ -2039,7 +2104,7 @@ automember_add_post_op(Slapi_PBlock *pb) + + /* If replication, just bail. */ + if (automember_isrepl(pb)) { +- return SLAPI_PLUGIN_SUCCESS; ++ goto bail; + } + + /* Get the newly added entry. */ +@@ -2052,7 +2117,7 @@ automember_add_post_op(Slapi_PBlock *pb) + tombstone); + slapi_value_free(&tombstone); + if (is_tombstone) { +- return SLAPI_PLUGIN_SUCCESS; ++ goto bail; + } + + /* Check if a config entry applies +@@ -2063,21 +2128,19 @@ automember_add_post_op(Slapi_PBlock *pb) + list = PR_LIST_HEAD(g_automember_config); + while (list != g_automember_config) { + config = (struct configEntry *)list; +- + /* Does the entry meet scope and filter requirements? */ + if (slapi_dn_issuffix(slapi_sdn_get_dn(sdn), config->scope) && +- (slapi_filter_test_simple(e, config->filter) == 0)) { ++ (slapi_filter_test_simple(e, config->filter) == 0)) ++ { + /* Find out what membership changes are needed and make them. */ + if (automember_update_membership(config, e, NULL) == SLAPI_PLUGIN_FAILURE) { + rc = SLAPI_PLUGIN_FAILURE; + break; + } + } +- + list = PR_NEXT_LINK(list); + } + } +- + automember_config_unlock(); + } else { + slapi_log_err(SLAPI_LOG_PLUGIN, AUTOMEMBER_PLUGIN_SUBSYSTEM, +@@ -2098,6 +2161,7 @@ bail: + slapi_pblock_set(pb, SLAPI_RESULT_CODE, &result); + slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, &errtxt); + } ++ slapi_td_unblock_nested_post_op(); + + return rc; + } +@@ -2138,6 +2202,7 @@ typedef struct _task_data + Slapi_DN *base_dn; + char *bind_dn; + int scope; ++ PRBool cleanup; + } task_data; + + static void +@@ -2270,6 +2335,7 @@ automember_task_abort_thread(void *arg) + * basedn: dc=example,dc=com + * filter: (uid=*) + * scope: sub ++ * cleanup: yes/on (default is off) + * + * basedn and filter are required. If scope is omitted, the default is sub + */ +@@ -2284,9 +2350,22 @@ automember_task_add(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter __attr + const char *base_dn; + const char *filter; + const char *scope; ++ const char *cleanup_str; ++ PRBool cleanup = PR_FALSE; + + *returncode = LDAP_SUCCESS; + ++ PR_Lock(fixup_lock); ++ if (fixup_running) { ++ PR_Unlock(fixup_lock); ++ *returncode = LDAP_UNWILLING_TO_PERFORM; ++ slapi_log_err(SLAPI_LOG_ERR, AUTOMEMBER_PLUGIN_SUBSYSTEM, ++ "automember_task_add - there is already a fixup task running\n"); ++ rv = SLAPI_DSE_CALLBACK_ERROR; ++ goto out; ++ } ++ PR_Unlock(fixup_lock); ++ + /* + * Grab the task params + */ +@@ -2300,6 +2379,12 @@ automember_task_add(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter __attr + rv = SLAPI_DSE_CALLBACK_ERROR; + goto out; + } ++ if ((cleanup_str = slapi_entry_attr_get_ref(e, "cleanup"))) { ++ if (strcasecmp(cleanup_str, "yes") == 0 || strcasecmp(cleanup_str, "on")) { ++ cleanup = PR_TRUE; ++ } ++ } ++ + scope = slapi_fetch_attr(e, "scope", "sub"); + /* + * setup our task data +@@ -2315,6 +2400,7 @@ automember_task_add(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter __attr + mytaskdata->bind_dn = slapi_ch_strdup(bind_dn); + mytaskdata->base_dn = slapi_sdn_new_dn_byval(base_dn); + mytaskdata->filter_str = slapi_ch_strdup(filter); ++ mytaskdata->cleanup = cleanup; + + if (scope) { + if (strcasecmp(scope, "sub") == 0) { +@@ -2334,6 +2420,9 @@ automember_task_add(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter __attr + task = slapi_plugin_new_task(slapi_entry_get_ndn(e), arg); + slapi_task_set_destructor_fn(task, automember_task_destructor); + slapi_task_set_data(task, mytaskdata); ++ PR_Lock(fixup_lock); ++ fixup_running = PR_TRUE; ++ PR_Unlock(fixup_lock); + /* + * Start the task as a separate thread + */ +@@ -2345,6 +2434,9 @@ automember_task_add(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter __attr + "automember_task_add - Unable to create task thread!\n"); + *returncode = LDAP_OPERATIONS_ERROR; + slapi_task_finish(task, *returncode); ++ PR_Lock(fixup_lock); ++ fixup_running = PR_FALSE; ++ PR_Unlock(fixup_lock); + rv = SLAPI_DSE_CALLBACK_ERROR; + } else { + rv = SLAPI_DSE_CALLBACK_OK; +@@ -2372,6 +2464,9 @@ automember_rebuild_task_thread(void *arg) + PRCList *list = NULL; + PRCList *include_list = NULL; + int result = 0; ++ int64_t fixup_progress_count = 0; ++ int64_t fixup_progress_elapsed = 0; ++ int64_t fixup_start_time = 0; + size_t i = 0; + + /* Reset abort flag */ +@@ -2380,6 +2475,7 @@ automember_rebuild_task_thread(void *arg) + if (!task) { + return; /* no task */ + } ++ + slapi_task_inc_refcount(task); + slapi_log_err(SLAPI_LOG_PLUGIN, AUTOMEMBER_PLUGIN_SUBSYSTEM, + "automember_rebuild_task_thread - Refcount incremented.\n"); +@@ -2393,9 +2489,11 @@ automember_rebuild_task_thread(void *arg) + slapi_task_log_status(task, "Automember rebuild task starting (base dn: (%s) filter (%s)...", + slapi_sdn_get_dn(td->base_dn), td->filter_str); + /* +- * Set the bind dn in the local thread data ++ * Set the bind dn in the local thread data, and block post op mods + */ + slapi_td_set_dn(slapi_ch_strdup(td->bind_dn)); ++ slapi_td_block_nested_post_op(); ++ fixup_start_time = slapi_current_rel_time_t(); + /* + * Take the config lock now and search the database + */ +@@ -2426,6 +2524,21 @@ automember_rebuild_task_thread(void *arg) + * Loop over the entries + */ + for (i = 0; entries && (entries[i] != NULL); i++) { ++ fixup_progress_count++; ++ if (fixup_progress_count % FIXUP_PROGRESS_LIMIT == 0 ) { ++ slapi_task_log_notice(task, ++ "Processed %ld entries in %ld seconds (+%ld seconds)", ++ fixup_progress_count, ++ slapi_current_rel_time_t() - fixup_start_time, ++ slapi_current_rel_time_t() - fixup_progress_elapsed); ++ slapi_task_log_status(task, ++ "Processed %ld entries in %ld seconds (+%ld seconds)", ++ fixup_progress_count, ++ slapi_current_rel_time_t() - fixup_start_time, ++ slapi_current_rel_time_t() - fixup_progress_elapsed); ++ slapi_task_inc_progress(task); ++ fixup_progress_elapsed = slapi_current_rel_time_t(); ++ } + if (slapi_atomic_load_64(&abort_rebuild_task, __ATOMIC_ACQUIRE) == 1) { + /* The task was aborted */ + slapi_task_log_notice(task, "Automember rebuild task was intentionally aborted"); +@@ -2443,48 +2556,66 @@ automember_rebuild_task_thread(void *arg) + if (slapi_dn_issuffix(slapi_entry_get_dn(entries[i]), config->scope) && + (slapi_filter_test_simple(entries[i], config->filter) == 0)) + { +- /* First clear out all the defaults groups */ +- for (size_t ii = 0; config->default_groups && config->default_groups[ii]; ii++) { +- if ((result = automember_update_member_value(entries[i], config->default_groups[ii], +- config->grouping_attr, config->grouping_value, NULL, DEL_MEMBER))) +- { +- slapi_task_log_notice(task, "Automember rebuild membership task unable to delete " +- "member from default group (%s) error (%d)", +- config->default_groups[ii], result); +- slapi_task_log_status(task, "Automember rebuild membership task unable to delete " +- "member from default group (%s) error (%d)", +- config->default_groups[ii], result); +- slapi_log_err(SLAPI_LOG_ERR, AUTOMEMBER_PLUGIN_SUBSYSTEM, +- "automember_rebuild_task_thread - Unable to unable to delete from (%s) error (%d)\n", +- config->default_groups[ii], result); +- goto out; +- } +- } +- +- /* Then clear out the non-default group */ +- if (config->inclusive_rules && !PR_CLIST_IS_EMPTY((PRCList *)config->inclusive_rules)) { +- include_list = PR_LIST_HEAD((PRCList *)config->inclusive_rules); +- while (include_list != (PRCList *)config->inclusive_rules) { +- struct automemberRegexRule *curr_rule = (struct automemberRegexRule *)include_list; +- if ((result = automember_update_member_value(entries[i], slapi_sdn_get_dn(curr_rule->target_group_dn), +- config->grouping_attr, config->grouping_value, NULL, DEL_MEMBER))) ++ if (td->cleanup) { ++ ++ slapi_log_err(SLAPI_LOG_PLUGIN, AUTOMEMBER_PLUGIN_SUBSYSTEM, ++ "automember_rebuild_task_thread - Cleaning up groups (config %s)\n", ++ config->dn); ++ /* First clear out all the defaults groups */ ++ for (size_t ii = 0; config->default_groups && config->default_groups[ii]; ii++) { ++ if ((result = automember_update_member_value(entries[i], ++ config->default_groups[ii], ++ config->grouping_attr, ++ config->grouping_value, ++ NULL, DEL_MEMBER))) + { + slapi_task_log_notice(task, "Automember rebuild membership task unable to delete " +- "member from group (%s) error (%d)", +- slapi_sdn_get_dn(curr_rule->target_group_dn), result); ++ "member from default group (%s) error (%d)", ++ config->default_groups[ii], result); + slapi_task_log_status(task, "Automember rebuild membership task unable to delete " +- "member from group (%s) error (%d)", +- slapi_sdn_get_dn(curr_rule->target_group_dn), result); ++ "member from default group (%s) error (%d)", ++ config->default_groups[ii], result); + slapi_log_err(SLAPI_LOG_ERR, AUTOMEMBER_PLUGIN_SUBSYSTEM, + "automember_rebuild_task_thread - Unable to unable to delete from (%s) error (%d)\n", +- slapi_sdn_get_dn(curr_rule->target_group_dn), result); ++ config->default_groups[ii], result); + goto out; + } +- include_list = PR_NEXT_LINK(include_list); + } ++ ++ /* Then clear out the non-default group */ ++ if (config->inclusive_rules && !PR_CLIST_IS_EMPTY((PRCList *)config->inclusive_rules)) { ++ include_list = PR_LIST_HEAD((PRCList *)config->inclusive_rules); ++ while (include_list != (PRCList *)config->inclusive_rules) { ++ struct automemberRegexRule *curr_rule = (struct automemberRegexRule *)include_list; ++ if ((result = automember_update_member_value(entries[i], ++ slapi_sdn_get_dn(curr_rule->target_group_dn), ++ config->grouping_attr, ++ config->grouping_value, ++ NULL, DEL_MEMBER))) ++ { ++ slapi_task_log_notice(task, "Automember rebuild membership task unable to delete " ++ "member from group (%s) error (%d)", ++ slapi_sdn_get_dn(curr_rule->target_group_dn), result); ++ slapi_task_log_status(task, "Automember rebuild membership task unable to delete " ++ "member from group (%s) error (%d)", ++ slapi_sdn_get_dn(curr_rule->target_group_dn), result); ++ slapi_log_err(SLAPI_LOG_ERR, AUTOMEMBER_PLUGIN_SUBSYSTEM, ++ "automember_rebuild_task_thread - Unable to unable to delete from (%s) error (%d)\n", ++ slapi_sdn_get_dn(curr_rule->target_group_dn), result); ++ goto out; ++ } ++ include_list = PR_NEXT_LINK(include_list); ++ } ++ } ++ slapi_log_err(SLAPI_LOG_PLUGIN, AUTOMEMBER_PLUGIN_SUBSYSTEM, ++ "automember_rebuild_task_thread - Finished cleaning up groups (config %s)\n", ++ config->dn); + } + + /* Update the memberships for this entries */ ++ slapi_log_err(SLAPI_LOG_PLUGIN, AUTOMEMBER_PLUGIN_SUBSYSTEM, ++ "automember_rebuild_task_thread - Updating membership (config %s)\n", ++ config->dn); + if (slapi_is_shutting_down() || + automember_update_membership(config, entries[i], NULL) == SLAPI_PLUGIN_FAILURE) + { +@@ -2508,15 +2639,22 @@ out: + slapi_task_log_notice(task, "Automember rebuild task aborted. Error (%d)", result); + slapi_task_log_status(task, "Automember rebuild task aborted. Error (%d)", result); + } else { +- slapi_task_log_notice(task, "Automember rebuild task finished. Processed (%d) entries.", (int32_t)i); +- slapi_task_log_status(task, "Automember rebuild task finished. Processed (%d) entries.", (int32_t)i); ++ slapi_task_log_notice(task, "Automember rebuild task finished. Processed (%ld) entries in %ld seconds", ++ (int64_t)i, slapi_current_rel_time_t() - fixup_start_time); ++ slapi_task_log_status(task, "Automember rebuild task finished. Processed (%ld) entries in %ld seconds", ++ (int64_t)i, slapi_current_rel_time_t() - fixup_start_time); + } + slapi_task_inc_progress(task); + slapi_task_finish(task, result); + slapi_task_dec_refcount(task); + slapi_atomic_store_64(&abort_rebuild_task, 0, __ATOMIC_RELEASE); ++ slapi_td_unblock_nested_post_op(); ++ PR_Lock(fixup_lock); ++ fixup_running = PR_FALSE; ++ PR_Unlock(fixup_lock); ++ + slapi_log_err(SLAPI_LOG_PLUGIN, AUTOMEMBER_PLUGIN_SUBSYSTEM, +- "automember_rebuild_task_thread - Refcount decremented.\n"); ++ "automember_rebuild_task_thread - task finished, refcount decremented.\n"); + } + + /* +diff --git a/ldap/servers/slapd/back-ldbm/ldbm_add.c b/ldap/servers/slapd/back-ldbm/ldbm_add.c +index ba2d73a84..ce4c314a1 100644 +--- a/ldap/servers/slapd/back-ldbm/ldbm_add.c ++++ b/ldap/servers/slapd/back-ldbm/ldbm_add.c +@@ -1,6 +1,6 @@ + /** BEGIN COPYRIGHT BLOCK + * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. +- * Copyright (C) 2005 Red Hat, Inc. ++ * Copyright (C) 2022 Red Hat, Inc. + * Copyright (C) 2009 Hewlett-Packard Development Company, L.P. + * All rights reserved. + * +@@ -1264,10 +1264,6 @@ ldbm_back_add(Slapi_PBlock *pb) + goto common_return; + + error_return: +- /* Revert the caches if this is the parent operation */ +- if (parent_op && betxn_callback_fails) { +- revert_cache(inst, &parent_time); +- } + if (addingentry_id_assigned) { + next_id_return(be, addingentry->ep_id); + } +@@ -1376,6 +1372,11 @@ diskfull_return: + if (!not_an_error) { + rc = SLAPI_FAIL_GENERAL; + } ++ ++ /* Revert the caches if this is the parent operation */ ++ if (parent_op && betxn_callback_fails) { ++ revert_cache(inst, &parent_time); ++ } + } + + common_return: +diff --git a/ldap/servers/slapd/back-ldbm/ldbm_delete.c b/ldap/servers/slapd/back-ldbm/ldbm_delete.c +index de23190c3..27f0ac58a 100644 +--- a/ldap/servers/slapd/back-ldbm/ldbm_delete.c ++++ b/ldap/servers/slapd/back-ldbm/ldbm_delete.c +@@ -1407,11 +1407,6 @@ commit_return: + goto common_return; + + error_return: +- /* Revert the caches if this is the parent operation */ +- if (parent_op && betxn_callback_fails) { +- revert_cache(inst, &parent_time); +- } +- + if (tombstone) { + if (cache_is_in_cache(&inst->inst_cache, tombstone)) { + tomb_ep_id = tombstone->ep_id; /* Otherwise, tombstone might have been freed. */ +@@ -1496,6 +1491,11 @@ error_return: + conn_id, op_id, parent_modify_c.old_entry, parent_modify_c.new_entry, myrc); + } + ++ /* Revert the caches if this is the parent operation */ ++ if (parent_op && betxn_callback_fails) { ++ revert_cache(inst, &parent_time); ++ } ++ + common_return: + if (orig_entry) { + /* NOTE: #define SLAPI_DELETE_BEPREOP_ENTRY SLAPI_ENTRY_PRE_OP */ +diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modify.c b/ldap/servers/slapd/back-ldbm/ldbm_modify.c +index 537369055..64b293001 100644 +--- a/ldap/servers/slapd/back-ldbm/ldbm_modify.c ++++ b/ldap/servers/slapd/back-ldbm/ldbm_modify.c +@@ -1,6 +1,6 @@ + /** BEGIN COPYRIGHT BLOCK + * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. +- * Copyright (C) 2005 Red Hat, Inc. ++ * Copyright (C) 2022 Red Hat, Inc. + * Copyright (C) 2009 Hewlett-Packard Development Company, L.P. + * All rights reserved. + * +@@ -1043,11 +1043,6 @@ ldbm_back_modify(Slapi_PBlock *pb) + goto common_return; + + error_return: +- /* Revert the caches if this is the parent operation */ +- if (parent_op && betxn_callback_fails) { +- revert_cache(inst, &parent_time); +- } +- + if (postentry != NULL) { + slapi_entry_free(postentry); + postentry = NULL; +@@ -1103,6 +1098,10 @@ error_return: + if (!not_an_error) { + rc = SLAPI_FAIL_GENERAL; + } ++ /* Revert the caches if this is the parent operation */ ++ if (parent_op && betxn_callback_fails) { ++ revert_cache(inst, &parent_time); ++ } + } + + /* if ec is in cache, remove it, then add back e if we still have it */ +diff --git a/src/lib389/lib389/cli_conf/plugins/automember.py b/src/lib389/lib389/cli_conf/plugins/automember.py +index 15b00c633..568586ad8 100644 +--- a/src/lib389/lib389/cli_conf/plugins/automember.py ++++ b/src/lib389/lib389/cli_conf/plugins/automember.py +@@ -155,7 +155,7 @@ def fixup(inst, basedn, log, args): + log.info('Attempting to add task entry... This will fail if Automembership plug-in is not enabled.') + if not plugin.status(): + log.error("'%s' is disabled. Rebuild membership task can't be executed" % plugin.rdn) +- fixup_task = plugin.fixup(args.DN, args.filter) ++ fixup_task = plugin.fixup(args.DN, args.filter, args.cleanup) + if args.wait: + log.info(f'Waiting for fixup task "{fixup_task.dn}" to complete. You can safely exit by pressing Control C ...') + fixup_task.wait(timeout=args.timeout) +@@ -225,8 +225,8 @@ def create_parser(subparsers): + subcommands = automember.add_subparsers(help='action') + add_generic_plugin_parsers(subcommands, AutoMembershipPlugin) + +- list = subcommands.add_parser('list', help='List Automembership definitions or regex rules.') +- subcommands_list = list.add_subparsers(help='action') ++ automember_list = subcommands.add_parser('list', help='List Automembership definitions or regex rules.') ++ subcommands_list = automember_list.add_subparsers(help='action') + list_definitions = subcommands_list.add_parser('definitions', help='Lists Automembership definitions.') + list_definitions.set_defaults(func=definition_list) + list_regexes = subcommands_list.add_parser('regexes', help='List Automembership regex rules.') +@@ -269,6 +269,8 @@ def create_parser(subparsers): + fixup_task.add_argument('-f', '--filter', required=True, help='Sets the LDAP filter for entries to fix up') + fixup_task.add_argument('-s', '--scope', required=True, choices=['sub', 'base', 'one'], type=str.lower, + help='Sets the LDAP search scope for entries to fix up') ++ fixup_task.add_argument('--cleanup', action='store_true', ++ help="Clean up previous group memberships before rebuilding") + fixup_task.add_argument('--wait', action='store_true', + help="Wait for the task to finish, this could take a long time") + fixup_task.add_argument('--timeout', default=0, type=int, +@@ -279,7 +281,7 @@ def create_parser(subparsers): + fixup_status.add_argument('--dn', help="The task entry's DN") + fixup_status.add_argument('--show-log', action='store_true', help="Display the task log") + fixup_status.add_argument('--watch', action='store_true', +- help="Watch the task's status and wait for it to finish") ++ help="Watch the task's status and wait for it to finish") + + abort_fixup = subcommands.add_parser('abort-fixup', help='Abort the rebuild membership task.') + abort_fixup.set_defaults(func=abort) +diff --git a/src/lib389/lib389/plugins.py b/src/lib389/lib389/plugins.py +index 52691a44c..a1ad0a45b 100644 +--- a/src/lib389/lib389/plugins.py ++++ b/src/lib389/lib389/plugins.py +@@ -1141,13 +1141,15 @@ class AutoMembershipPlugin(Plugin): + def __init__(self, instance, dn="cn=Auto Membership Plugin,cn=plugins,cn=config"): + super(AutoMembershipPlugin, self).__init__(instance, dn) + +- def fixup(self, basedn, _filter=None): ++ def fixup(self, basedn, _filter=None, cleanup=False): + """Create an automember rebuild membership task + + :param basedn: Basedn to fix up + :type basedn: str + :param _filter: a filter for entries to fix up + :type _filter: str ++ :param cleanup: cleanup old group memberships ++ :type cleanup: boolean + + :returns: an instance of Task(DSLdapObject) + """ +@@ -1156,6 +1158,9 @@ class AutoMembershipPlugin(Plugin): + task_properties = {'basedn': basedn} + if _filter is not None: + task_properties['filter'] = _filter ++ if cleanup: ++ task_properties['cleanup'] = "yes" ++ + task.create(properties=task_properties) + + return task +diff --git a/src/lib389/lib389/tasks.py b/src/lib389/lib389/tasks.py +index 1a16bbb83..193805780 100644 +--- a/src/lib389/lib389/tasks.py ++++ b/src/lib389/lib389/tasks.py +@@ -1006,12 +1006,13 @@ class Tasks(object): + return exitCode + + def automemberRebuild(self, suffix=DEFAULT_SUFFIX, scope='sub', +- filterstr='objectclass=top', args=None): ++ filterstr='objectclass=top', cleanup=False, args=None): + ''' +- @param suffix - The suffix the task should examine - defualt is ++ @param suffix - The suffix the task should examine - default is + "dc=example,dc=com" + @param scope - The scope of the search to find entries +- @param fitlerstr - THe search filter to find entries ++ @param fitlerstr - The search filter to find entries ++ @param cleanup - reset/clear the old group mmeberships prior to rebuilding + @param args - is a dictionary that contains modifier of the task + wait: True/[False] - If True, waits for the completion of + the task before to return +@@ -1027,6 +1028,8 @@ class Tasks(object): + entry.setValues('basedn', suffix) + entry.setValues('filter', filterstr) + entry.setValues('scope', scope) ++ if cleanup: ++ entry.setValues('cleanup', 'yes') + + # start the task and possibly wait for task completion + try: +-- +2.43.0 + diff --git a/SOURCES/389-ds-base.spec b/SOURCES/389-ds-base.spec deleted file mode 100644 index c833486..0000000 --- a/SOURCES/389-ds-base.spec +++ /dev/null @@ -1,946 +0,0 @@ - -%global pkgname dirsrv -%global srcname 389-ds-base - -# Exclude i686 bit arches -ExcludeArch: i686 - -# for a pre-release, define the prerel field e.g. .a1 .rc2 - comment out for official release -# also remove the space between % and global - this space is needed because -# fedpkg verrel stupidly ignores comment lines -#% global prerel .rc3 -# also need the relprefix field for a pre-release e.g. .0 - also comment out for official release -#% global relprefix 0. - -# If perl-Socket-2.000 or newer is available, set 0 to use_Socket6. -%global use_Socket6 0 - -%global use_asan 0 -%global use_rust 1 -%global use_legacy 1 -%global bundle_jemalloc 1 -%if %{use_asan} -%global bundle_jemalloc 0 -%endif - -%if %{bundle_jemalloc} -%global jemalloc_name jemalloc -%global jemalloc_ver 5.3.0 -%global __provides_exclude ^libjemalloc\\.so.*$ -%endif - -# Use Clang instead of GCC -%global use_clang 0 - -# fedora 15 and later uses tmpfiles.d -# otherwise, comment this out -%{!?with_tmpfiles_d: %global with_tmpfiles_d %{_sysconfdir}/tmpfiles.d} - -# systemd support -%global groupname %{pkgname}.target - -# set PIE flag -%global _hardened_build 1 - -# Filter argparse-manpage from autogenerated package Requires -%global __requires_exclude ^python.*argparse-manpage - -Summary: 389 Directory Server (base) -Name: 389-ds-base -Version: 1.4.3.37 -Release: %{?relprefix}1%{?prerel}%{?dist} -License: GPLv3+ and (ASL 2.0 or MIT) -URL: https://www.port389.org -Group: System Environment/Daemons -Conflicts: selinux-policy-base < 3.9.8 -Conflicts: freeipa-server < 4.0.3 -Obsoletes: %{name} <= 1.4.0.9 -Provides: ldif2ldbm >= 0 - -##### Bundled cargo crates list - START ##### -Provides: bundled(crate(addr2line)) = 0.20.0 -Provides: bundled(crate(adler)) = 1.0.2 -Provides: bundled(crate(ahash)) = 0.7.6 -Provides: bundled(crate(ansi_term)) = 0.12.1 -Provides: bundled(crate(atty)) = 0.2.14 -Provides: bundled(crate(autocfg)) = 1.1.0 -Provides: bundled(crate(backtrace)) = 0.3.68 -Provides: bundled(crate(base64)) = 0.13.1 -Provides: bundled(crate(bitflags)) = 1.3.2 -Provides: bundled(crate(byteorder)) = 1.4.3 -Provides: bundled(crate(cbindgen)) = 0.9.1 -Provides: bundled(crate(cc)) = 1.0.79 -Provides: bundled(crate(cfg-if)) = 1.0.0 -Provides: bundled(crate(clap)) = 2.34.0 -Provides: bundled(crate(concread)) = 0.2.21 -Provides: bundled(crate(crossbeam)) = 0.8.2 -Provides: bundled(crate(crossbeam-channel)) = 0.5.8 -Provides: bundled(crate(crossbeam-deque)) = 0.8.3 -Provides: bundled(crate(crossbeam-epoch)) = 0.9.15 -Provides: bundled(crate(crossbeam-queue)) = 0.3.8 -Provides: bundled(crate(crossbeam-utils)) = 0.8.16 -Provides: bundled(crate(entryuuid)) = 0.1.0 -Provides: bundled(crate(entryuuid_syntax)) = 0.1.0 -Provides: bundled(crate(errno)) = 0.3.1 -Provides: bundled(crate(errno-dragonfly)) = 0.1.2 -Provides: bundled(crate(fastrand)) = 1.9.0 -Provides: bundled(crate(fernet)) = 0.1.4 -Provides: bundled(crate(foreign-types)) = 0.3.2 -Provides: bundled(crate(foreign-types-shared)) = 0.1.1 -Provides: bundled(crate(getrandom)) = 0.2.10 -Provides: bundled(crate(gimli)) = 0.27.3 -Provides: bundled(crate(hashbrown)) = 0.12.3 -Provides: bundled(crate(hermit-abi)) = 0.1.19 -Provides: bundled(crate(hermit-abi)) = 0.3.2 -Provides: bundled(crate(instant)) = 0.1.12 -Provides: bundled(crate(io-lifetimes)) = 1.0.11 -Provides: bundled(crate(itoa)) = 1.0.8 -Provides: bundled(crate(jobserver)) = 0.1.26 -Provides: bundled(crate(libc)) = 0.2.147 -Provides: bundled(crate(librnsslapd)) = 0.1.0 -Provides: bundled(crate(librslapd)) = 0.1.0 -Provides: bundled(crate(linux-raw-sys)) = 0.3.8 -Provides: bundled(crate(lock_api)) = 0.4.10 -Provides: bundled(crate(log)) = 0.4.19 -Provides: bundled(crate(lru)) = 0.7.8 -Provides: bundled(crate(memchr)) = 2.5.0 -Provides: bundled(crate(memoffset)) = 0.9.0 -Provides: bundled(crate(miniz_oxide)) = 0.7.1 -Provides: bundled(crate(object)) = 0.31.1 -Provides: bundled(crate(once_cell)) = 1.18.0 -Provides: bundled(crate(openssl)) = 0.10.55 -Provides: bundled(crate(openssl-macros)) = 0.1.1 -Provides: bundled(crate(openssl-sys)) = 0.9.90 -Provides: bundled(crate(parking_lot)) = 0.11.2 -Provides: bundled(crate(parking_lot_core)) = 0.8.6 -Provides: bundled(crate(paste)) = 0.1.18 -Provides: bundled(crate(paste-impl)) = 0.1.18 -Provides: bundled(crate(pin-project-lite)) = 0.2.10 -Provides: bundled(crate(pkg-config)) = 0.3.27 -Provides: bundled(crate(ppv-lite86)) = 0.2.17 -Provides: bundled(crate(proc-macro-hack)) = 0.5.20+deprecated -Provides: bundled(crate(proc-macro2)) = 1.0.64 -Provides: bundled(crate(pwdchan)) = 0.1.0 -Provides: bundled(crate(quote)) = 1.0.29 -Provides: bundled(crate(rand)) = 0.8.5 -Provides: bundled(crate(rand_chacha)) = 0.3.1 -Provides: bundled(crate(rand_core)) = 0.6.4 -Provides: bundled(crate(redox_syscall)) = 0.2.16 -Provides: bundled(crate(redox_syscall)) = 0.3.5 -Provides: bundled(crate(rsds)) = 0.1.0 -Provides: bundled(crate(rustc-demangle)) = 0.1.23 -Provides: bundled(crate(rustix)) = 0.37.23 -Provides: bundled(crate(ryu)) = 1.0.14 -Provides: bundled(crate(scopeguard)) = 1.1.0 -Provides: bundled(crate(serde)) = 1.0.171 -Provides: bundled(crate(serde_derive)) = 1.0.171 -Provides: bundled(crate(serde_json)) = 1.0.100 -Provides: bundled(crate(slapd)) = 0.1.0 -Provides: bundled(crate(slapi_r_plugin)) = 0.1.0 -Provides: bundled(crate(smallvec)) = 1.11.0 -Provides: bundled(crate(strsim)) = 0.8.0 -Provides: bundled(crate(syn)) = 1.0.109 -Provides: bundled(crate(syn)) = 2.0.25 -Provides: bundled(crate(tempfile)) = 3.6.0 -Provides: bundled(crate(textwrap)) = 0.11.0 -Provides: bundled(crate(tokio)) = 1.29.1 -Provides: bundled(crate(tokio-macros)) = 2.1.0 -Provides: bundled(crate(toml)) = 0.5.11 -Provides: bundled(crate(unicode-ident)) = 1.0.10 -Provides: bundled(crate(unicode-width)) = 0.1.10 -Provides: bundled(crate(uuid)) = 0.8.2 -Provides: bundled(crate(vcpkg)) = 0.2.15 -Provides: bundled(crate(vec_map)) = 0.8.2 -Provides: bundled(crate(version_check)) = 0.9.4 -Provides: bundled(crate(wasi)) = 0.11.0+wasi_snapshot_preview1 -Provides: bundled(crate(winapi)) = 0.3.9 -Provides: bundled(crate(winapi-i686-pc-windows-gnu)) = 0.4.0 -Provides: bundled(crate(winapi-x86_64-pc-windows-gnu)) = 0.4.0 -Provides: bundled(crate(windows-sys)) = 0.48.0 -Provides: bundled(crate(windows-targets)) = 0.48.1 -Provides: bundled(crate(windows_aarch64_gnullvm)) = 0.48.0 -Provides: bundled(crate(windows_aarch64_msvc)) = 0.48.0 -Provides: bundled(crate(windows_i686_gnu)) = 0.48.0 -Provides: bundled(crate(windows_i686_msvc)) = 0.48.0 -Provides: bundled(crate(windows_x86_64_gnu)) = 0.48.0 -Provides: bundled(crate(windows_x86_64_gnullvm)) = 0.48.0 -Provides: bundled(crate(windows_x86_64_msvc)) = 0.48.0 -Provides: bundled(crate(zeroize)) = 1.6.0 -Provides: bundled(crate(zeroize_derive)) = 1.4.2 -##### Bundled cargo crates list - END ##### - -BuildRequires: nspr-devel >= 4.32 -BuildRequires: nss-devel >= 3.67.0-7 -BuildRequires: perl-generators -BuildRequires: openldap-devel -BuildRequires: libdb-devel -BuildRequires: cyrus-sasl-devel -BuildRequires: icu -BuildRequires: libicu-devel -BuildRequires: pcre-devel -BuildRequires: cracklib-devel -%if %{use_clang} -BuildRequires: libatomic -BuildRequires: clang -%else -BuildRequires: gcc -BuildRequires: gcc-c++ -%endif -# The following are needed to build the snmp ldap-agent -BuildRequires: net-snmp-devel -BuildRequires: lm_sensors-devel -BuildRequires: bzip2-devel -BuildRequires: zlib-devel -BuildRequires: openssl-devel -# the following is for the pam passthru auth plug-in -BuildRequires: pam-devel -BuildRequires: systemd-units -BuildRequires: systemd-devel -%if %{use_asan} -BuildRequires: libasan -%endif -# If rust is enabled -%if %{use_rust} -BuildRequires: cargo -BuildRequires: rust -%endif -BuildRequires: pkgconfig -BuildRequires: pkgconfig(systemd) -BuildRequires: pkgconfig(krb5) - -# Needed to support regeneration of the autotool artifacts. -BuildRequires: autoconf -BuildRequires: automake -BuildRequires: libtool -# For our documentation -BuildRequires: doxygen -# For tests! -BuildRequires: libcmocka-devel -BuildRequires: libevent-devel -# For lib389 and related components -BuildRequires: python%{python3_pkgversion} -BuildRequires: python%{python3_pkgversion}-devel -BuildRequires: python%{python3_pkgversion}-setuptools -BuildRequires: python%{python3_pkgversion}-ldap -BuildRequires: python%{python3_pkgversion}-six -BuildRequires: python%{python3_pkgversion}-pyasn1 -BuildRequires: python%{python3_pkgversion}-pyasn1-modules -BuildRequires: python%{python3_pkgversion}-dateutil -BuildRequires: python%{python3_pkgversion}-argcomplete -BuildRequires: python%{python3_pkgversion}-argparse-manpage -BuildRequires: python%{python3_pkgversion}-policycoreutils -BuildRequires: python%{python3_pkgversion}-libselinux -BuildRequires: python%{python3_pkgversion}-cryptography - -# For cockpit -BuildRequires: rsync - -Requires: %{name}-libs = %{version}-%{release} -Requires: python%{python3_pkgversion}-lib389 = %{version}-%{release} - -# this is needed for using semanage from our setup scripts -Requires: policycoreutils-python-utils -Requires: /usr/sbin/semanage -Requires: libsemanage-python%{python3_pkgversion} - -Requires: selinux-policy >= 3.14.1-29 - -# the following are needed for some of our scripts -Requires: openldap-clients -Requires: openssl-perl -Requires: python%{python3_pkgversion}-ldap - -# this is needed to setup SSL if you are not using the -# administration server package -Requires: nss-tools -Requires: nspr >= 4.32 -Requires: nss >= 3.67.0-7 - -# these are not found by the auto-dependency method -# they are required to support the mandatory LDAP SASL mechs -Requires: cyrus-sasl-gssapi -Requires: cyrus-sasl-md5 -Requires: cyrus-sasl-plain - -# this is needed for verify-db.pl -Requires: libdb-utils - -# Needed for password dictionary checks -Requires: cracklib-dicts - -# This picks up libperl.so as a Requires, so we add this versioned one -Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) -Requires: perl-Errno >= 1.23-360 - -# Needed by logconv.pl -Requires: perl-DB_File -Requires: perl-Archive-Tar - -# Needed for password dictionary checks -Requires: cracklib-dicts - -# Picks up our systemd deps. -%{?systemd_requires} - -Obsoletes: %{name} <= 1.3.5.4 - -Source0: https://releases.pagure.org/389-ds-base/%{name}-%{version}.tar.bz2 -# 389-ds-git.sh should be used to generate the source tarball from git -Source1: %{name}-git.sh -Source2: %{name}-devel.README -%if %{bundle_jemalloc} -Source3: https://github.com/jemalloc/%{jemalloc_name}/releases/download/%{jemalloc_ver}/%{jemalloc_name}-%{jemalloc_ver}.tar.bz2 -%endif -%if %{use_rust} -Source4: vendor-%{version}-1.tar.gz -Source5: Cargo-%{version}-1.lock -%endif - -%description -389 Directory Server is an LDAPv3 compliant server. The base package includes -the LDAP server and command line utilities for server administration. -%if %{use_asan} -WARNING! This build is linked to Address Sanitisation libraries. This probably -isn't what you want. Please contact support immediately. -Please see http://seclists.org/oss-sec/2016/q1/363 for more information. -%endif - -%package libs -Summary: Core libraries for 389 Directory Server -Group: System Environment/Daemons -BuildRequires: nspr-devel >= 4.32 -BuildRequires: nss-devel >= 3.67.0-7 -BuildRequires: openldap-devel -BuildRequires: libdb-devel -BuildRequires: cyrus-sasl-devel -BuildRequires: libicu-devel -BuildRequires: pcre-devel -BuildRequires: libtalloc-devel -BuildRequires: libevent-devel -BuildRequires: libtevent-devel -Requires: krb5-libs -Requires: libevent -BuildRequires: systemd-devel -Provides: svrcore = 4.1.4 -Conflicts: svrcore -Obsoletes: svrcore <= 4.1.3 - -%description libs -Core libraries for the 389 Directory Server base package. These libraries -are used by the main package and the -devel package. This allows the -devel -package to be installed with just the -libs package and without the main package. - -%if %{use_legacy} -%package legacy-tools -Summary: Legacy utilities for 389 Directory Server -Group: System Environment/Daemons -Obsoletes: %{name} <= 1.4.0.9 -Requires: %{name}-libs = %{version}-%{release} -# for setup-ds.pl to support ipv6 -%if %{use_Socket6} -Requires: perl-Socket6 -%else -Requires: perl-Socket -%endif -Requires: perl-NetAddr-IP -# use_openldap assumes perl-Mozilla-LDAP is built with openldap support -Requires: perl-Mozilla-LDAP -# for setup-ds.pl -Requires: bind-utils -%global __provides_exclude_from %{_libdir}/%{pkgname}/perl -%global __requires_exclude perl\\((DSCreate|DSMigration|DSUpdate|DSUtil|Dialog|DialogManager|FileConn|Inf|Migration|Resource|Setup|SetupLog) -%{?perl_default_filter} - -%description legacy-tools -Legacy (and deprecated) utilities for 389 Directory Server. This includes -the old account management and task scripts. These are deprecated in favour of -the dscreate, dsctl, dsconf and dsidm tools. -%endif - -%package devel -Summary: Development libraries for 389 Directory Server -Group: Development/Libraries -Requires: %{name}-libs = %{version}-%{release} -Requires: pkgconfig -Requires: nspr-devel >= 4.32 -Requires: nss-devel >= 3.67.0-7 -Requires: openldap-devel -Requires: libtalloc -Requires: libevent -Requires: libtevent -Requires: systemd-libs -Provides: svrcore-devel = 4.1.4 -Conflicts: svrcore-devel -Obsoletes: svrcore-devel <= 4.1.3 - -%description devel -Development Libraries and headers for the 389 Directory Server base package. - -%package snmp -Summary: SNMP Agent for 389 Directory Server -Group: System Environment/Daemons -Requires: %{name} = %{version}-%{release} - -Obsoletes: %{name} <= 1.4.0.0 - -%description snmp -SNMP Agent for the 389 Directory Server base package. - -%package -n python%{python3_pkgversion}-lib389 -Summary: A library for accessing, testing, and configuring the 389 Directory Server -BuildArch: noarch -Group: Development/Libraries -Requires: 389-ds-base -Requires: openssl -Requires: iproute -Requires: platform-python -Recommends: bash-completion -Requires: python%{python3_pkgversion}-ldap -Requires: python%{python3_pkgversion}-six -Requires: python%{python3_pkgversion}-pyasn1 -Requires: python%{python3_pkgversion}-pyasn1-modules -Requires: python%{python3_pkgversion}-dateutil -Requires: python%{python3_pkgversion}-argcomplete -Requires: python%{python3_pkgversion}-libselinux -Requires: python%{python3_pkgversion}-setuptools -Requires: python%{python3_pkgversion}-distro -Requires: python%{python3_pkgversion}-cryptography -%{?python_provide:%python_provide python%{python3_pkgversion}-lib389} - -%description -n python%{python3_pkgversion}-lib389 -This module contains tools and libraries for accessing, testing, - and configuring the 389 Directory Server. - -%package -n cockpit-389-ds -Summary: Cockpit UI Plugin for configuring and administering the 389 Directory Server -BuildArch: noarch -Requires: cockpit -Requires: platform-python -Requires: python%{python3_pkgversion}-lib389 - -%description -n cockpit-389-ds -A cockpit UI Plugin for configuring and administering the 389 Directory Server - -%prep -%autosetup -p1 -v -n %{name}-%{version}%{?prerel} -%if %{use_rust} -tar xvzf %{SOURCE4} -cp %{SOURCE5} src/Cargo.lock -%endif -%if %{bundle_jemalloc} -%setup -q -n %{name}-%{version}%{?prerel} -T -D -b 3 -%endif -cp %{SOURCE2} README.devel - -%build - -OPENLDAP_FLAG="--with-openldap" -%{?with_tmpfiles_d: TMPFILES_FLAG="--with-tmpfiles-d=%{with_tmpfiles_d}"} -# hack hack hack https://bugzilla.redhat.com/show_bug.cgi?id=833529 -NSSARGS="--with-nss-lib=%{_libdir} --with-nss-inc=%{_includedir}/nss3" - -%if %{use_asan} -ASAN_FLAGS="--enable-asan --enable-debug" -%endif - -%if %{use_rust} -RUST_FLAGS="--enable-rust --enable-rust-offline" -%endif - -%if %{use_legacy} -LEGACY_FLAGS="--enable-legacy --enable-perl" -%else -LEGACY_FLAGS="--disable-legacy --disable-perl" -%endif - -%if %{use_clang} -export CC=clang -export CXX=clang++ -CLANG_FLAGS="--enable-clang" -%endif - -%if %{bundle_jemalloc} -# Override page size, bz #1545539 -# 4K -%ifarch %ix86 %arm x86_64 s390x -%define lg_page --with-lg-page=12 -%endif - -# 64K -%ifarch ppc64 ppc64le aarch64 -%define lg_page --with-lg-page=16 -%endif - -# Override huge page size on aarch64 -# 2M instead of 512M -%ifarch aarch64 -%define lg_hugepage --with-lg-hugepage=21 -%endif - -# Build jemalloc -pushd ../%{jemalloc_name}-%{jemalloc_ver} -%configure \ - --libdir=%{_libdir}/%{pkgname}/lib \ - --bindir=%{_libdir}/%{pkgname}/bin \ - --enable-prof -make %{?_smp_mflags} -popd -%endif - - -# Enforce strict linking -%define _strict_symbol_defs_build 1 - -# Rebuild the autotool artifacts now. -autoreconf -fiv - -%configure --enable-autobind --with-selinux $OPENLDAP_FLAG $TMPFILES_FLAG \ - --with-systemd \ - --with-systemdsystemunitdir=%{_unitdir} \ - --with-systemdsystemconfdir=%{_sysconfdir}/systemd/system \ - --with-systemdgroupname=%{groupname} \ - --libexecdir=%{_libexecdir}/%{pkgname} \ - $NSSARGS $ASAN_FLAGS $RUST_FLAGS $LEGACY_FLAGS $CLANG_FLAGS \ - --enable-cmocka - -# lib389 -pushd ./src/lib389 -%py3_build -popd -# argparse-manpage dynamic man pages have hardcoded man v1 in header, -# need to change it to v8 -sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dsconf.8 -sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dsctl.8 -sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dsidm.8 -sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dscreate.8 - -# Generate symbolic info for debuggers -export XCFLAGS=$RPM_OPT_FLAGS - -#make %{?_smp_mflags} -make - -%install - -mkdir -p %{buildroot}%{_datadir}/gdb/auto-load%{_sbindir} -mkdir -p %{buildroot}%{_datadir}/cockpit -make DESTDIR="$RPM_BUILD_ROOT" install - -# Cockpit file list -find %{buildroot}%{_datadir}/cockpit/389-console -type d | sed -e "s@%{buildroot}@@" | sed -e 's/^/\%dir /' > cockpit.list -find %{buildroot}%{_datadir}/cockpit/389-console -type f | sed -e "s@%{buildroot}@@" >> cockpit.list - -# Copy in our docs from doxygen. -cp -r %{_builddir}/%{name}-%{version}%{?prerel}/man/man3 $RPM_BUILD_ROOT/%{_mandir}/man3 - -# lib389 -pushd src/lib389 -%py3_install -popd - -mkdir -p $RPM_BUILD_ROOT/var/log/%{pkgname} -mkdir -p $RPM_BUILD_ROOT/var/lib/%{pkgname} -mkdir -p $RPM_BUILD_ROOT/var/3lock/%{pkgname} - -# for systemd -mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/systemd/system/%{groupname}.wants - -#remove libtool archives and static libs -find %{buildroot} -type f -name "*.la" -delete -find %{buildroot} -type f -name "*.a" -delete - -%if %{use_legacy} -# make sure perl scripts have a proper shebang -sed -i -e 's|#{{PERL-EXEC}}|#!/usr/bin/perl|' $RPM_BUILD_ROOT%{_datadir}/%{pkgname}/script-templates/template-*.pl -%endif - -%if %{bundle_jemalloc} -pushd ../%{jemalloc_name}-%{jemalloc_ver} -make DESTDIR="$RPM_BUILD_ROOT" install_lib install_bin -cp -pa COPYING ../%{name}-%{version}%{?prerel}/COPYING.jemalloc -cp -pa README ../%{name}-%{version}%{?prerel}/README.jemalloc -popd -%endif - -%check -# This checks the code, if it fails it prints why, then re-raises the fail to shortcircuit the rpm build. -if ! make DESTDIR="$RPM_BUILD_ROOT" check; then cat ./test-suite.log && false; fi - -%clean -rm -rf $RPM_BUILD_ROOT - -%post -if [ -n "$DEBUGPOSTTRANS" ] ; then - output=$DEBUGPOSTTRANS - output2=${DEBUGPOSTTRANS}.upgrade -else - output=/dev/null - output2=/dev/null -fi - -# reload to pick up any changes to systemd files -/bin/systemctl daemon-reload >$output 2>&1 || : - -# https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Soft_static_allocation -# Soft static allocation for UID and GID -USERNAME="dirsrv" -ALLOCATED_UID=389 -GROUPNAME="dirsrv" -ALLOCATED_GID=389 -HOMEDIR="/usr/share/dirsrv" - -getent group $GROUPNAME >/dev/null || /usr/sbin/groupadd -f -g $ALLOCATED_GID -r $GROUPNAME -if ! getent passwd $USERNAME >/dev/null ; then - if ! getent passwd $ALLOCATED_UID >/dev/null ; then - /usr/sbin/useradd -r -u $ALLOCATED_UID -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME - else - /usr/sbin/useradd -r -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME - fi -fi - -# Reload our sysctl before we restart (if we can) -sysctl --system &> $output; true - -%preun -if [ $1 -eq 0 ]; then # Final removal - # remove instance specific service files/links - rm -rf %{_sysconfdir}/systemd/system/%{groupname}.wants/* > /dev/null 2>&1 || : -fi - -%postun -if [ $1 = 0 ]; then # Final removal - rm -rf /var/run/%{pkgname} -fi - -%post snmp -%systemd_post %{pkgname}-snmp.service - -%preun snmp -%systemd_preun %{pkgname}-snmp.service %{groupname} - -%postun snmp -%systemd_postun_with_restart %{pkgname}-snmp.service - -%if %{use_legacy} -%post legacy-tools - -# START UPGRADE SCRIPT - -if [ -n "$DEBUGPOSTTRANS" ] ; then - output=$DEBUGPOSTTRANS - output2=${DEBUGPOSTTRANS}.upgrade -else - output=/dev/null - output2=/dev/null -fi - -# find all instances -instances="" # instances that require a restart after upgrade -ninst=0 # number of instances found in total - -echo looking for instances in %{_sysconfdir}/%{pkgname} > $output 2>&1 || : -instbase="%{_sysconfdir}/%{pkgname}" -for dir in $instbase/slapd-* ; do - echo dir = $dir >> $output 2>&1 || : - if [ ! -d "$dir" ] ; then continue ; fi - case "$dir" in *.removed) continue ;; esac - basename=`basename $dir` - inst="%{pkgname}@`echo $basename | sed -e 's/slapd-//g'`" - echo found instance $inst - getting status >> $output 2>&1 || : - if /bin/systemctl -q is-active $inst ; then - echo instance $inst is running >> $output 2>&1 || : - instances="$instances $inst" - else - echo instance $inst is not running >> $output 2>&1 || : - fi - ninst=`expr $ninst + 1` -done -if [ $ninst -eq 0 ] ; then - echo no instances to upgrade >> $output 2>&1 || : - exit 0 # have no instances to upgrade - just skip the rest -fi -# shutdown all instances -echo shutting down all instances . . . >> $output 2>&1 || : -for inst in $instances ; do - echo stopping instance $inst >> $output 2>&1 || : - /bin/systemctl stop $inst >> $output 2>&1 || : -done -echo remove pid files . . . >> $output 2>&1 || : -/bin/rm -f /var/run/%{pkgname}*.pid /var/run/%{pkgname}*.startpid -# do the upgrade -echo upgrading instances . . . >> $output 2>&1 || : -DEBUGPOSTSETUPOPT=`/usr/bin/echo $DEBUGPOSTSETUP | /usr/bin/sed -e "s/[^d]//g"` -if [ -n "$DEBUGPOSTSETUPOPT" ] ; then - %{_sbindir}/setup-ds.pl -$DEBUGPOSTSETUPOPT -u -s General.UpdateMode=offline >> $output 2>&1 || : -else - %{_sbindir}/setup-ds.pl -u -s General.UpdateMode=offline >> $output 2>&1 || : -fi - -# restart instances that require it -for inst in $instances ; do - echo restarting instance $inst >> $output 2>&1 || : - /bin/systemctl start $inst >> $output 2>&1 || : -done -#END UPGRADE -%endif - -exit 0 - - -%files -%if %{bundle_jemalloc} -%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.jemalloc -%license COPYING.jemalloc -%else -%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl -%endif -%dir %{_sysconfdir}/%{pkgname} -%dir %{_sysconfdir}/%{pkgname}/schema -%config(noreplace)%{_sysconfdir}/%{pkgname}/schema/*.ldif -%dir %{_sysconfdir}/%{pkgname}/config -%dir %{_sysconfdir}/systemd/system/%{groupname}.wants -%config(noreplace)%{_sysconfdir}/%{pkgname}/config/slapd-collations.conf -%config(noreplace)%{_sysconfdir}/%{pkgname}/config/certmap.conf -%{_datadir}/%{pkgname} -%{_datadir}/gdb/auto-load/* -%{_unitdir} -%{_bindir}/dbscan -%{_mandir}/man1/dbscan.1.gz -%{_bindir}/ds-replcheck -%{_mandir}/man1/ds-replcheck.1.gz -%{_bindir}/ds-logpipe.py -%{_mandir}/man1/ds-logpipe.py.1.gz -%{_bindir}/ldclt -%{_mandir}/man1/ldclt.1.gz -%{_sbindir}/ldif2ldap -%{_mandir}/man8/ldif2ldap.8.gz -%{_bindir}/logconv.pl -%{_mandir}/man1/logconv.pl.1.gz -%{_bindir}/pwdhash -%{_mandir}/man1/pwdhash.1.gz -%{_bindir}/readnsstate -%{_mandir}/man1/readnsstate.1.gz -# Remove for now: %caps(CAP_NET_BIND_SERVICE=pe) {_sbindir}/ns-slapd -%{_sbindir}/ns-slapd -%{_mandir}/man8/ns-slapd.8.gz -%{_libexecdir}/%{pkgname}/ds_systemd_ask_password_acl -%{_libexecdir}/%{pkgname}/ds_selinux_restorecon.sh -%{_mandir}/man5/99user.ldif.5.gz -%{_mandir}/man5/certmap.conf.5.gz -%{_mandir}/man5/slapd-collations.conf.5.gz -%{_mandir}/man5/dirsrv.5.gz -%{_mandir}/man5/dirsrv.systemd.5.gz -%{_libdir}/%{pkgname}/python -%dir %{_libdir}/%{pkgname}/plugins -%{_libdir}/%{pkgname}/plugins/*.so -# This has to be hardcoded to /lib - $libdir changes between lib/lib64, but -# sysctl.d is always in /lib. -%{_prefix}/lib/sysctl.d/* -%dir %{_localstatedir}/lib/%{pkgname} -%dir %{_localstatedir}/log/%{pkgname} -%ghost %dir %{_localstatedir}/lock/%{pkgname} -%exclude %{_sbindir}/ldap-agent* -%exclude %{_mandir}/man1/ldap-agent.1.gz -%exclude %{_unitdir}/%{pkgname}-snmp.service -%if %{bundle_jemalloc} -%{_libdir}/%{pkgname}/lib/ -%{_libdir}/%{pkgname}/bin/ -%exclude %{_libdir}/%{pkgname}/bin/jemalloc-config -%exclude %{_libdir}/%{pkgname}/bin/jemalloc.sh -%exclude %{_libdir}/%{pkgname}/lib/libjemalloc.a -%exclude %{_libdir}/%{pkgname}/lib/libjemalloc.so -%exclude %{_libdir}/%{pkgname}/lib/libjemalloc_pic.a -%exclude %{_libdir}/%{pkgname}/lib/pkgconfig -%endif - -%files devel -%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel -%{_mandir}/man3/* -%{_includedir}/svrcore.h -%{_includedir}/%{pkgname} -%{_libdir}/libsvrcore.so -%{_libdir}/%{pkgname}/libslapd.so -%{_libdir}/%{pkgname}/libns-dshttpd.so -%{_libdir}/%{pkgname}/libsds.so -%{_libdir}/%{pkgname}/libldaputil.so -%{_libdir}/pkgconfig/svrcore.pc -%{_libdir}/pkgconfig/dirsrv.pc -%{_libdir}/pkgconfig/libsds.pc - -%files libs -%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel -%dir %{_libdir}/%{pkgname} -%{_libdir}/libsvrcore.so.* -%{_libdir}/%{pkgname}/libslapd.so.* -%{_libdir}/%{pkgname}/libns-dshttpd-*.so -%{_libdir}/%{pkgname}/libsds.so.* -%{_libdir}/%{pkgname}/libldaputil.so.* -%{_libdir}/%{pkgname}/librewriters.so* -%if %{bundle_jemalloc} -%{_libdir}/%{pkgname}/lib/libjemalloc.so.2 -%endif - -%if %{use_legacy} -%files legacy-tools -%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel -%{_bindir}/infadd -%{_mandir}/man1/infadd.1.gz -%{_bindir}/ldif -%{_mandir}/man1/ldif.1.gz -%{_bindir}/migratecred -%{_mandir}/man1/migratecred.1.gz -%{_bindir}/mmldif -%{_mandir}/man1/mmldif.1.gz -%{_bindir}/rsearch -%{_mandir}/man1/rsearch.1.gz -%{_libexecdir}/%{pkgname}/ds_selinux_enabled -%{_libexecdir}/%{pkgname}/ds_selinux_port_query -%config(noreplace)%{_sysconfdir}/%{pkgname}/config/template-initconfig -%{_mandir}/man5/template-initconfig.5.gz -%{_datadir}/%{pkgname}/properties/*.res -%{_datadir}/%{pkgname}/script-templates -%{_datadir}/%{pkgname}/updates -%{_sbindir}/ldif2ldap -%{_mandir}/man8/ldif2ldap.8.gz -%{_sbindir}/bak2db -%{_mandir}/man8/bak2db.8.gz -%{_sbindir}/db2bak -%{_mandir}/man8/db2bak.8.gz -%{_sbindir}/db2index -%{_mandir}/man8/db2index.8.gz -%{_sbindir}/db2ldif -%{_mandir}/man8/db2ldif.8.gz -%{_sbindir}/dbverify -%{_mandir}/man8/dbverify.8.gz -%{_sbindir}/ldif2db -%{_mandir}/man8/ldif2db.8.gz -%{_sbindir}/restart-dirsrv -%{_mandir}/man8/restart-dirsrv.8.gz -%{_sbindir}/start-dirsrv -%{_mandir}/man8/start-dirsrv.8.gz -%{_sbindir}/status-dirsrv -%{_mandir}/man8/status-dirsrv.8.gz -%{_sbindir}/stop-dirsrv -%{_mandir}/man8/stop-dirsrv.8.gz -%{_sbindir}/upgradedb -%{_mandir}/man8/upgradedb.8.gz -%{_sbindir}/vlvindex -%{_mandir}/man8/vlvindex.8.gz -%{_sbindir}/monitor -%{_mandir}/man8/monitor.8.gz -%{_sbindir}/dbmon.sh -%{_mandir}/man8/dbmon.sh.8.gz -%{_sbindir}/dn2rdn -%{_mandir}/man8/dn2rdn.8.gz -%{_sbindir}/restoreconfig -%{_mandir}/man8/restoreconfig.8.gz -%{_sbindir}/saveconfig -%{_mandir}/man8/saveconfig.8.gz -%{_sbindir}/suffix2instance -%{_mandir}/man8/suffix2instance.8.gz -%{_sbindir}/upgradednformat -%{_mandir}/man8/upgradednformat.8.gz -%{_mandir}/man1/dbgen.pl.1.gz -%{_bindir}/repl-monitor -%{_mandir}/man1/repl-monitor.1.gz -%{_bindir}/repl-monitor.pl -%{_mandir}/man1/repl-monitor.pl.1.gz -%{_bindir}/cl-dump -%{_mandir}/man1/cl-dump.1.gz -%{_bindir}/cl-dump.pl -%{_mandir}/man1/cl-dump.pl.1.gz -%{_bindir}/dbgen.pl -%{_mandir}/man8/bak2db.pl.8.gz -%{_sbindir}/bak2db.pl -%{_sbindir}/cleanallruv.pl -%{_mandir}/man8/cleanallruv.pl.8.gz -%{_sbindir}/db2bak.pl -%{_mandir}/man8/db2bak.pl.8.gz -%{_sbindir}/db2index.pl -%{_mandir}/man8/db2index.pl.8.gz -%{_sbindir}/db2ldif.pl -%{_mandir}/man8/db2ldif.pl.8.gz -%{_sbindir}/fixup-linkedattrs.pl -%{_mandir}/man8/fixup-linkedattrs.pl.8.gz -%{_sbindir}/fixup-memberof.pl -%{_mandir}/man8/fixup-memberof.pl.8.gz -%{_sbindir}/ldif2db.pl -%{_mandir}/man8/ldif2db.pl.8.gz -%{_sbindir}/migrate-ds.pl -%{_mandir}/man8/migrate-ds.pl.8.gz -%{_sbindir}/ns-accountstatus.pl -%{_mandir}/man8/ns-accountstatus.pl.8.gz -%{_sbindir}/ns-activate.pl -%{_mandir}/man8/ns-activate.pl.8.gz -%{_sbindir}/ns-inactivate.pl -%{_mandir}/man8/ns-inactivate.pl.8.gz -%{_sbindir}/ns-newpwpolicy.pl -%{_mandir}/man8/ns-newpwpolicy.pl.8.gz -%{_sbindir}/remove-ds.pl -%{_mandir}/man8/remove-ds.pl.8.gz -%{_sbindir}/schema-reload.pl -%{_mandir}/man8/schema-reload.pl.8.gz -%{_sbindir}/setup-ds.pl -%{_mandir}/man8/setup-ds.pl.8.gz -%{_sbindir}/syntax-validate.pl -%{_mandir}/man8/syntax-validate.pl.8.gz -%{_sbindir}/usn-tombstone-cleanup.pl -%{_mandir}/man8/usn-tombstone-cleanup.pl.8.gz -%{_sbindir}/verify-db.pl -%{_mandir}/man8/verify-db.pl.8.gz -%{_libdir}/%{pkgname}/perl -%endif - -%files snmp -%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel -%config(noreplace)%{_sysconfdir}/%{pkgname}/config/ldap-agent.conf -%{_sbindir}/ldap-agent* -%{_mandir}/man1/ldap-agent.1.gz -%{_unitdir}/%{pkgname}-snmp.service - -%files -n python%{python3_pkgversion}-lib389 -%doc LICENSE LICENSE.GPLv3+ -%{python3_sitelib}/lib389* -%{_sbindir}/dsconf -%{_mandir}/man8/dsconf.8.gz -%{_sbindir}/dscreate -%{_mandir}/man8/dscreate.8.gz -%{_sbindir}/dsctl -%{_mandir}/man8/dsctl.8.gz -%{_sbindir}/dsidm -%{_mandir}/man8/dsidm.8.gz -%{_libexecdir}/%{pkgname}/dscontainer - -%files -n cockpit-389-ds -f cockpit.list -%{_datarootdir}/metainfo/389-console/org.port389.cockpit_console.metainfo.xml -%doc README.md - -%changelog -* Wed Aug 16 2023 Mark Reynolds - 1.4.3.37-1 -- Bump versionto 1.4.3.37-1 -- Resolves: rhbz#2224505 - Paged search impacts performance -- Resolves: rhbz#2220890 - healthcheck tool needs to be updates for new default password storage scheme -- Resolves: rhbz#2218235 - python3-lib389: Python tarfile extraction needs change to avoid a warning -- Resolves: rhbz#2210491 - dtablesize being set to soft maxfiledescriptor limit causing massive slowdown in large enviroments. -- Resolves: rhbz#2149967 - SELinux labeling for dirsrv files seen during ipa install/uninstall should be moved to DEBUG - -* Tue Jul 11 2023 Mark Reynolds - 1.4.3.36-2 -- Bump version to 1.4.3.36-2 -- Resolves: rhbz#2220890 - healthcheck tool needs to be updates for new default password storage scheme - -* Wed Jun 14 2023 Mark Reynolds - 1.4.3.36-1 -- Bump version to 1.4.3.36-1 -- Resolves: rhbz#2188628 - Rebase 389-ds-base in RHEL 8.9 to 1.4.3.36 - -* Mon May 22 2023 Mark Reynolds - 1.4.3.35-1 -- Bump version to 1.4.3.35-1 -- Resolves: rhbz#2188628 - Rebase 389-ds-base in RHEL 8.9 to 1.4.3.35 - -* Tue Nov 15 2022 Mark Reynolds - 1.4.3.32-1 -- Bump version to 1.4.3.32-1 -- Resolves: Bug 2098138 - broken nsslapd-subtree-rename-switch option in rhds11 -- Resolves: Bug 2119063 - entryuuid fixup tasks fails because entryUUID is not mutable -- Resolves: Bug 2136610 - [RFE] Add 'cn' attribute to IPA audit logs -- Resolves: Bug 2142638 - pam mutex lock causing high etimes, affecting red hat internal sso -- Resolves: Bug 2096795 - [RFE] Support ECDSA private keys for TLS - diff --git a/SOURCES/Cargo-1.4.3.37-1.lock b/SOURCES/Cargo-1.4.3.39-1.lock similarity index 75% rename from SOURCES/Cargo-1.4.3.37-1.lock rename to SOURCES/Cargo-1.4.3.39-1.lock index 6ace601..4667a17 100644 --- a/SOURCES/Cargo-1.4.3.37-1.lock +++ b/SOURCES/Cargo-1.4.3.39-1.lock @@ -4,9 +4,9 @@ version = 3 [[package]] name = "addr2line" -version = "0.20.0" +version = "0.21.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f4fa78e18c64fce05e902adecd7a5eed15a5e0a3439f7b0e169f0252214865e3" +checksum = "8a30b2e23b9e17a9f90641c7ab1549cd9b44f296d3ccbf309d2863cfe398a0cb" dependencies = [ "gimli", ] @@ -19,9 +19,9 @@ checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" [[package]] name = "ahash" -version = "0.7.6" +version = "0.7.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fcb51a0695d8f838b1ee009b3fbf66bda078cd64590202a864a8f3e8c4315c47" +checksum = "5a824f2aa7e75a0c98c5a504fceb80649e9c35265d44525b5f94de4771a395cd" dependencies = [ "getrandom", "once_cell", @@ -56,9 +56,9 @@ checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" [[package]] name = "backtrace" -version = "0.3.68" +version = "0.3.69" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4319208da049c43661739c5fade2ba182f09d1dc2299b32298d3a31692b17e12" +checksum = "2089b7e3f35b9dd2d0ed921ead4f6d318c27680d4a5bd167b3ee120edb105837" dependencies = [ "addr2line", "cc", @@ -83,15 +83,15 @@ checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" [[package]] name = "bitflags" -version = "2.3.3" +version = "2.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "630be753d4e58660abd17930c71b647fe46c27ea6b63cc59e1e3851406972e42" +checksum = "327762f6e5a765692301e5bb513e0d9fef63be86bbc14528052b1cd3e6f03e07" [[package]] name = "byteorder" -version = "1.4.3" +version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610" +checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" [[package]] name = "cbindgen" @@ -112,9 +112,9 @@ dependencies = [ [[package]] name = "cc" -version = "1.0.82" +version = "1.0.83" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "305fe645edc1442a0fa8b6726ba61d422798d37a52e12eaecf4b022ebbb88f01" +checksum = "f1174fb0b6ec23863f8b971027804a42614e347eafb0a95bf0b12cdae21fc4d0" dependencies = [ "jobserver", "libc", @@ -160,11 +160,10 @@ dependencies = [ [[package]] name = "crossbeam" -version = "0.8.2" +version = "0.8.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2801af0d36612ae591caa9568261fddce32ce6e08a7275ea334a06a4ad021a2c" +checksum = "1137cd7e7fc0fb5d3c5a8678be38ec56e819125d8d7907411fe24ccb943faca8" dependencies = [ - "cfg-if", "crossbeam-channel", "crossbeam-deque", "crossbeam-epoch", @@ -174,56 +173,46 @@ dependencies = [ [[package]] name = "crossbeam-channel" -version = "0.5.8" +version = "0.5.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a33c2bf77f2df06183c3aa30d1e96c0695a313d4f9c453cc3762a6db39f99200" +checksum = "176dc175b78f56c0f321911d9c8eb2b77a78a4860b9c19db83835fea1a46649b" dependencies = [ - "cfg-if", "crossbeam-utils", ] [[package]] name = "crossbeam-deque" -version = "0.8.3" +version = "0.8.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ce6fd6f855243022dcecf8702fef0c297d4338e226845fe067f6341ad9fa0cef" +checksum = "613f8cc01fe9cf1a3eb3d7f488fd2fa8388403e97039e2f73692932e291a770d" dependencies = [ - "cfg-if", "crossbeam-epoch", "crossbeam-utils", ] [[package]] name = "crossbeam-epoch" -version = "0.9.15" +version = "0.9.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ae211234986c545741a7dc064309f67ee1e5ad243d0e48335adc0484d960bcc7" +checksum = "5b82ac4a3c2ca9c3460964f020e1402edd5753411d7737aa39c3714ad1b5420e" dependencies = [ - "autocfg", - "cfg-if", "crossbeam-utils", - "memoffset", - "scopeguard", ] [[package]] name = "crossbeam-queue" -version = "0.3.8" +version = "0.3.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d1cfb3ea8a53f37c40dea2c7bedcbd88bdfae54f5e2175d6ecaff1c988353add" +checksum = "df0346b5d5e76ac2fe4e327c5fd1118d6be7c51dfb18f9b7922923f287471e35" dependencies = [ - "cfg-if", "crossbeam-utils", ] [[package]] name = "crossbeam-utils" -version = "0.8.16" +version = "0.8.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5a22b2d63d4d1dc0b7f1b6b2747dd0088008a9be28b6ddf0b1e7d335e3037294" -dependencies = [ - "cfg-if", -] +checksum = "248e3bacc7dc6baa3b21e405ee045c3047101a49145e7e9eca583ab4c2ca5345" [[package]] name = "entryuuid" @@ -249,30 +238,19 @@ dependencies = [ [[package]] name = "errno" -version = "0.3.2" +version = "0.3.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6b30f669a7961ef1631673d2766cc92f52d64f7ef354d4fe0ddfd30ed52f0f4f" +checksum = "a258e46cdc063eb8519c00b9fc845fc47bcfca4130e2f08e88665ceda8474245" dependencies = [ - "errno-dragonfly", "libc", "windows-sys", ] -[[package]] -name = "errno-dragonfly" -version = "0.1.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "aa68f1b12764fab894d2755d2518754e71b4fd80ecfb822714a1206c2aab39bf" -dependencies = [ - "cc", - "libc", -] - [[package]] name = "fastrand" -version = "2.0.0" +version = "2.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6999dc1837253364c2ebb0704ba97994bd874e8f195d665c50b7548f6ea92764" +checksum = "25cbce373ec4653f1a01a31e8a5e5ec0c622dc27ff9c4e6606eefef5cbbed4a5" [[package]] name = "fernet" @@ -304,9 +282,9 @@ checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" [[package]] name = "getrandom" -version = "0.2.10" +version = "0.2.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "be4136b2a15dd319360be1c07d9933517ccf0be8f16bf62a3bee4f0d618df427" +checksum = "190092ea657667030ac6a35e305e62fc4dd69fd98ac98631e5d3a2b1575a12b5" dependencies = [ "cfg-if", "libc", @@ -315,9 +293,9 @@ dependencies = [ [[package]] name = "gimli" -version = "0.27.3" +version = "0.28.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b6c80984affa11d98d1b88b66ac8853f143217b399d3c74116778ff8fdb4ed2e" +checksum = "4271d37baee1b8c7e4b708028c57d816cf9d2434acb33a549475f78c181f6253" [[package]] name = "hashbrown" @@ -348,24 +326,24 @@ dependencies = [ [[package]] name = "itoa" -version = "1.0.9" +version = "1.0.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "af150ab688ff2122fcef229be89cb50dd66af9e01a4ff320cc137eecc9bacc38" +checksum = "b1a46d1a171d865aa5f83f92695765caa047a9b4cbae2cbf37dbd613a793fd4c" [[package]] name = "jobserver" -version = "0.1.26" +version = "0.1.27" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "936cfd212a0155903bcbc060e316fb6cc7cbf2e1907329391ebadc1fe0ce77c2" +checksum = "8c37f63953c4c63420ed5fd3d6d398c719489b9f872b9fa683262f8edd363c7d" dependencies = [ "libc", ] [[package]] name = "libc" -version = "0.2.147" +version = "0.2.152" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b4668fb0ea861c1df094127ac5f1da3409a82116a4ba74fca2e58ef927159bb3" +checksum = "13e3bf6590cbc649f4d1a3eefc9d5d6eb746f5200ffb04e5e142700b8faa56e7" [[package]] name = "librnsslapd" @@ -388,15 +366,15 @@ dependencies = [ [[package]] name = "linux-raw-sys" -version = "0.4.5" +version = "0.4.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "57bcfdad1b858c2db7c38303a6d2ad4dfaf5eb53dfeb0910128b2c26d6158503" +checksum = "c4cd1a83af159aa67994778be9070f0ae1bd732942279cabb14f86f986a21456" [[package]] name = "lock_api" -version = "0.4.10" +version = "0.4.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c1cc9717a20b1bb222f333e6a92fd32f7d8a18ddc5a3191a11af45dcbf4dcd16" +checksum = "3c168f8615b12bc01f9c17e2eb0cc07dcae1940121185446edc3744920e8ef45" dependencies = [ "autocfg", "scopeguard", @@ -404,9 +382,9 @@ dependencies = [ [[package]] name = "log" -version = "0.4.19" +version = "0.4.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b06a4cde4c0f271a446782e3eff8de789548ce57dbc8eca9292c27f4a42004b4" +checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f" [[package]] name = "lru" @@ -419,18 +397,9 @@ dependencies = [ [[package]] name = "memchr" -version = "2.5.0" +version = "2.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2dffe52ecf27772e601905b7522cb4ef790d2cc203488bbd0e2fe85fcb74566d" - -[[package]] -name = "memoffset" -version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5a634b1c61a95585bd15607c6ab0c4e5b226e695ff2800ba0cdccddf208c406c" -dependencies = [ - "autocfg", -] +checksum = "523dc4f511e55ab87b694dc30d0f820d60906ef06413f93d4d7a1385599cc149" [[package]] name = "miniz_oxide" @@ -443,26 +412,26 @@ dependencies = [ [[package]] name = "object" -version = "0.31.1" +version = "0.32.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8bda667d9f2b5051b8833f59f3bf748b28ef54f850f4fcb389a252aa383866d1" +checksum = "a6a622008b6e321afc04970976f62ee297fdbaa6f95318ca343e3eebb9648441" dependencies = [ "memchr", ] [[package]] name = "once_cell" -version = "1.18.0" +version = "1.19.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dd8b5dd2ae5ed71462c540258bedcb51965123ad7e7ccf4b9a8cafaa4a63576d" +checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" [[package]] name = "openssl" -version = "0.10.56" +version = "0.10.62" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "729b745ad4a5575dd06a3e1af1414bd330ee561c01b3899eb584baeaa8def17e" +checksum = "8cde4d2d9200ad5909f8dac647e29482e07c3a35de8a13fce7c9c7747ad9f671" dependencies = [ - "bitflags 1.3.2", + "bitflags 2.4.1", "cfg-if", "foreign-types", "libc", @@ -479,14 +448,14 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.28", + "syn 2.0.48", ] [[package]] name = "openssl-sys" -version = "0.9.91" +version = "0.9.98" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "866b5f16f90776b9bb8dc1e1802ac6f0513de3a7a7465867bfbc563dc737faac" +checksum = "c1665caf8ab2dc9aef43d1c0023bd904633a6a05cb30b0ad59bec2ae986e57a7" dependencies = [ "cc", "libc", @@ -540,15 +509,15 @@ dependencies = [ [[package]] name = "pin-project-lite" -version = "0.2.11" +version = "0.2.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2c516611246607d0c04186886dbb3a754368ef82c79e9827a802c6d836dd111c" +checksum = "8afb450f006bf6385ca15ef45d71d2288452bc3683ce2e2cacc0d18e4be60b58" [[package]] name = "pkg-config" -version = "0.3.27" +version = "0.3.28" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "26072860ba924cbfa98ea39c8c19b4dd6a4a25423dbdf219c1eca91aa0cf6964" +checksum = "69d3587f8a9e599cc7ec2c00e331f71c4e69a5f9a4b8a6efd5b07466b9736f9a" [[package]] name = "ppv-lite86" @@ -564,9 +533,9 @@ checksum = "dc375e1527247fe1a97d8b7156678dfe7c1af2fc075c9a4db3690ecd2a148068" [[package]] name = "proc-macro2" -version = "1.0.66" +version = "1.0.76" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "18fb31db3f9bddb2ea821cde30a9f70117e3f119938b5ee630b7403aa6e2ead9" +checksum = "95fc56cda0b5c3325f5fbbd7ff9fda9e02bb00bb3dac51252d2f1bfa1cb8cc8c" dependencies = [ "unicode-ident", ] @@ -586,9 +555,9 @@ dependencies = [ [[package]] name = "quote" -version = "1.0.32" +version = "1.0.35" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "50f3b39ccfb720540debaa0164757101c08ecb8d326b15358ce76a62c7e85965" +checksum = "291ec9ab5efd934aaf503a6466c5d5251535d108ee747472c3977cc5acc868ef" dependencies = [ "proc-macro2", ] @@ -634,9 +603,9 @@ dependencies = [ [[package]] name = "redox_syscall" -version = "0.3.5" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "567664f262709473930a4bf9e51bf2ebf3348f2e748ccc50dea20646858f8f29" +checksum = "4722d768eff46b75989dd134e5c353f0d6296e5aaa3132e776cbdb56be7731aa" dependencies = [ "bitflags 1.3.2", ] @@ -653,11 +622,11 @@ checksum = "d626bb9dae77e28219937af045c257c28bfd3f69333c512553507f5f9798cb76" [[package]] name = "rustix" -version = "0.38.7" +version = "0.38.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "172891ebdceb05aa0005f533a6cbfca599ddd7d966f6f5d4d9b2e70478e70399" +checksum = "322394588aaf33c24007e8bb3238ee3e4c5c09c084ab32bc73890b99ff326bca" dependencies = [ - "bitflags 2.3.3", + "bitflags 2.4.1", "errno", "libc", "linux-raw-sys", @@ -666,9 +635,9 @@ dependencies = [ [[package]] name = "ryu" -version = "1.0.15" +version = "1.0.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1ad4cc8da4ef723ed60bced201181d83791ad433213d8c24efffda1eec85d741" +checksum = "f98d2aa92eebf49b69786be48e4477826b256916e84a57ff2a4f21923b48eb4c" [[package]] name = "scopeguard" @@ -678,29 +647,29 @@ checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" [[package]] name = "serde" -version = "1.0.183" +version = "1.0.195" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "32ac8da02677876d532745a130fc9d8e6edfa81a269b107c5b00829b91d8eb3c" +checksum = "63261df402c67811e9ac6def069e4786148c4563f4b50fd4bf30aa370d626b02" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.183" +version = "1.0.195" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "aafe972d60b0b9bee71a91b92fee2d4fb3c9d7e8f6b179aa99f27203d99a4816" +checksum = "46fe8f8603d81ba86327b23a2e9cdf49e1255fb94a4c5f297f6ee0547178ea2c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.28", + "syn 2.0.48", ] [[package]] name = "serde_json" -version = "1.0.104" +version = "1.0.111" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "076066c5f1078eac5b722a31827a8832fe108bed65dfa75e233c89f8206e976c" +checksum = "176e46fa42316f18edd598015a5166857fc835ec732f5215eac6b7bdbf0a84f4" dependencies = [ "itoa", "ryu", @@ -725,9 +694,9 @@ dependencies = [ [[package]] name = "smallvec" -version = "1.11.0" +version = "1.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "62bb4feee49fdd9f707ef802e22365a35de4b7b299de4763d44bfea899442ff9" +checksum = "2593d31f82ead8df961d8bd23a64c2ccf2eb5dd34b0a34bfb4dd54011c72009e" [[package]] name = "strsim" @@ -748,9 +717,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.28" +version = "2.0.48" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "04361975b3f5e348b2189d8dc55bc942f278b2d482a6a0365de5bdd62d351567" +checksum = "0f3531638e407dfc0814761abb7c00a5b54992b849452a0646b7f65c9f770f3f" dependencies = [ "proc-macro2", "quote", @@ -759,13 +728,13 @@ dependencies = [ [[package]] name = "tempfile" -version = "3.7.1" +version = "3.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dc02fddf48964c42031a0b3fe0428320ecf3a73c401040fc0096f97794310651" +checksum = "01ce4141aa927a6d1bd34a041795abd0db1cccba5d5f24b009f694bdf3a1f3fa" dependencies = [ "cfg-if", "fastrand", - "redox_syscall 0.3.5", + "redox_syscall 0.4.1", "rustix", "windows-sys", ] @@ -781,11 +750,10 @@ dependencies = [ [[package]] name = "tokio" -version = "1.29.1" +version = "1.35.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "532826ff75199d5833b9d2c5fe410f29235e25704ee5f0ef599fb51c21f4a4da" +checksum = "c89b4efa943be685f629b149f53829423f8f5531ea21249408e8e2f8671ec104" dependencies = [ - "autocfg", "backtrace", "pin-project-lite", "tokio-macros", @@ -793,13 +761,13 @@ dependencies = [ [[package]] name = "tokio-macros" -version = "2.1.0" +version = "2.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "630bdcf245f78637c13ec01ffae6187cca34625e8c63150d424b59e55af2675e" +checksum = "5b8a1e28f2deaa14e508979454cb3a223b10b938b45af148bc0986de36f1923b" dependencies = [ "proc-macro2", "quote", - "syn 2.0.28", + "syn 2.0.48", ] [[package]] @@ -813,15 +781,15 @@ dependencies = [ [[package]] name = "unicode-ident" -version = "1.0.11" +version = "1.0.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "301abaae475aa91687eb82514b328ab47a211a533026cb25fc3e519b86adfc3c" +checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" [[package]] name = "unicode-width" -version = "0.1.10" +version = "0.1.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c0edd1e5b14653f783770bce4a4dabb4a5108a5370a5f5d8cfe8710c361f6c8b" +checksum = "e51733f11c9c4f72aa0c160008246859e340b00807569a0da0e7a1079b27ba85" [[package]] name = "uuid" @@ -880,18 +848,18 @@ checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" [[package]] name = "windows-sys" -version = "0.48.0" +version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9" +checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" dependencies = [ "windows-targets", ] [[package]] name = "windows-targets" -version = "0.48.1" +version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "05d4b17490f70499f20b9e791dcf6a299785ce8af4d709018206dc5b4953e95f" +checksum = "8a18201040b24831fbb9e4eb208f8892e1f50a37feb53cc7ff887feb8f50e7cd" dependencies = [ "windows_aarch64_gnullvm", "windows_aarch64_msvc", @@ -904,51 +872,51 @@ dependencies = [ [[package]] name = "windows_aarch64_gnullvm" -version = "0.48.0" +version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "91ae572e1b79dba883e0d315474df7305d12f569b400fcf90581b06062f7e1bc" +checksum = "cb7764e35d4db8a7921e09562a0304bf2f93e0a51bfccee0bd0bb0b666b015ea" [[package]] name = "windows_aarch64_msvc" -version = "0.48.0" +version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b2ef27e0d7bdfcfc7b868b317c1d32c641a6fe4629c171b8928c7b08d98d7cf3" +checksum = "bbaa0368d4f1d2aaefc55b6fcfee13f41544ddf36801e793edbbfd7d7df075ef" [[package]] name = "windows_i686_gnu" -version = "0.48.0" +version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "622a1962a7db830d6fd0a69683c80a18fda201879f0f447f065a3b7467daa241" +checksum = "a28637cb1fa3560a16915793afb20081aba2c92ee8af57b4d5f28e4b3e7df313" [[package]] name = "windows_i686_msvc" -version = "0.48.0" +version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4542c6e364ce21bf45d69fdd2a8e455fa38d316158cfd43b3ac1c5b1b19f8e00" +checksum = "ffe5e8e31046ce6230cc7215707b816e339ff4d4d67c65dffa206fd0f7aa7b9a" [[package]] name = "windows_x86_64_gnu" -version = "0.48.0" +version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ca2b8a661f7628cbd23440e50b05d705db3686f894fc9580820623656af974b1" +checksum = "3d6fa32db2bc4a2f5abeacf2b69f7992cd09dca97498da74a151a3132c26befd" [[package]] name = "windows_x86_64_gnullvm" -version = "0.48.0" +version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7896dbc1f41e08872e9d5e8f8baa8fdd2677f29468c4e156210174edc7f7b953" +checksum = "1a657e1e9d3f514745a572a6846d3c7aa7dbe1658c056ed9c3344c4109a6949e" [[package]] name = "windows_x86_64_msvc" -version = "0.48.0" +version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1a515f5799fe4961cb532f983ce2b23082366b898e52ffbce459c86f67c8378a" +checksum = "dff9641d1cd4be8d1a070daf9e3773c5f67e78b4d9d42263020c057706765c04" [[package]] name = "zeroize" -version = "1.6.0" +version = "1.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2a0956f1ba7c7909bfb66c2e9e4124ab6f6482560f6628b5aaeba39207c9aad9" +checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d" dependencies = [ "zeroize_derive", ] @@ -961,5 +929,5 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.28", + "syn 2.0.48", ] diff --git a/SPECS/389-ds-base.spec b/SPECS/389-ds-base.spec index 8fece80..903fcf4 100644 --- a/SPECS/389-ds-base.spec +++ b/SPECS/389-ds-base.spec @@ -47,9 +47,9 @@ ExcludeArch: i686 Summary: 389 Directory Server (base) Name: 389-ds-base -Version: 1.4.3.35 -Release: %{?relprefix}1%{?prerel}%{?dist} -License: GPLv3+ and ASL 2.0 and MIT +Version: 1.4.3.39 +Release: %{?relprefix}3%{?prerel}%{?dist} +License: GPLv3+ and (ASL 2.0 or MIT) URL: https://www.port389.org Group: System Environment/Daemons Conflicts: selinux-policy-base < 3.9.8 @@ -58,88 +58,93 @@ Obsoletes: %{name} <= 1.4.0.9 Provides: ldif2ldbm >= 0 ##### Bundled cargo crates list - START ##### -Provides: bundled(crate(ahash)) = 0.7.6 +Provides: bundled(crate(addr2line)) = 0.21.0 +Provides: bundled(crate(adler)) = 1.0.2 +Provides: bundled(crate(ahash)) = 0.7.7 Provides: bundled(crate(ansi_term)) = 0.12.1 Provides: bundled(crate(atty)) = 0.2.14 Provides: bundled(crate(autocfg)) = 1.1.0 +Provides: bundled(crate(backtrace)) = 0.3.69 Provides: bundled(crate(base64)) = 0.13.1 Provides: bundled(crate(bitflags)) = 1.3.2 -Provides: bundled(crate(byteorder)) = 1.4.3 +Provides: bundled(crate(bitflags)) = 2.4.1 +Provides: bundled(crate(byteorder)) = 1.5.0 Provides: bundled(crate(cbindgen)) = 0.9.1 -Provides: bundled(crate(cc)) = 1.0.79 +Provides: bundled(crate(cc)) = 1.0.83 Provides: bundled(crate(cfg-if)) = 1.0.0 Provides: bundled(crate(clap)) = 2.34.0 Provides: bundled(crate(concread)) = 0.2.21 -Provides: bundled(crate(crossbeam)) = 0.8.2 -Provides: bundled(crate(crossbeam-channel)) = 0.5.8 -Provides: bundled(crate(crossbeam-deque)) = 0.8.3 -Provides: bundled(crate(crossbeam-epoch)) = 0.9.14 -Provides: bundled(crate(crossbeam-queue)) = 0.3.8 -Provides: bundled(crate(crossbeam-utils)) = 0.8.15 +Provides: bundled(crate(crossbeam)) = 0.8.4 +Provides: bundled(crate(crossbeam-channel)) = 0.5.11 +Provides: bundled(crate(crossbeam-deque)) = 0.8.5 +Provides: bundled(crate(crossbeam-epoch)) = 0.9.18 +Provides: bundled(crate(crossbeam-queue)) = 0.3.11 +Provides: bundled(crate(crossbeam-utils)) = 0.8.19 Provides: bundled(crate(entryuuid)) = 0.1.0 Provides: bundled(crate(entryuuid_syntax)) = 0.1.0 -Provides: bundled(crate(errno)) = 0.3.1 -Provides: bundled(crate(errno-dragonfly)) = 0.1.2 -Provides: bundled(crate(fastrand)) = 1.9.0 +Provides: bundled(crate(errno)) = 0.3.8 +Provides: bundled(crate(fastrand)) = 2.0.1 Provides: bundled(crate(fernet)) = 0.1.4 Provides: bundled(crate(foreign-types)) = 0.3.2 Provides: bundled(crate(foreign-types-shared)) = 0.1.1 -Provides: bundled(crate(getrandom)) = 0.2.9 +Provides: bundled(crate(getrandom)) = 0.2.12 +Provides: bundled(crate(gimli)) = 0.28.1 Provides: bundled(crate(hashbrown)) = 0.12.3 Provides: bundled(crate(hermit-abi)) = 0.1.19 -Provides: bundled(crate(hermit-abi)) = 0.3.1 Provides: bundled(crate(instant)) = 0.1.12 -Provides: bundled(crate(io-lifetimes)) = 1.0.10 -Provides: bundled(crate(itoa)) = 1.0.6 -Provides: bundled(crate(jobserver)) = 0.1.26 -Provides: bundled(crate(libc)) = 0.2.144 +Provides: bundled(crate(itoa)) = 1.0.10 +Provides: bundled(crate(jobserver)) = 0.1.27 +Provides: bundled(crate(libc)) = 0.2.152 Provides: bundled(crate(librnsslapd)) = 0.1.0 Provides: bundled(crate(librslapd)) = 0.1.0 -Provides: bundled(crate(linux-raw-sys)) = 0.3.8 -Provides: bundled(crate(lock_api)) = 0.4.9 -Provides: bundled(crate(log)) = 0.4.17 +Provides: bundled(crate(linux-raw-sys)) = 0.4.12 +Provides: bundled(crate(lock_api)) = 0.4.11 +Provides: bundled(crate(log)) = 0.4.20 Provides: bundled(crate(lru)) = 0.7.8 -Provides: bundled(crate(memoffset)) = 0.8.0 -Provides: bundled(crate(once_cell)) = 1.17.1 -Provides: bundled(crate(openssl)) = 0.10.52 +Provides: bundled(crate(memchr)) = 2.7.1 +Provides: bundled(crate(miniz_oxide)) = 0.7.1 +Provides: bundled(crate(object)) = 0.32.2 +Provides: bundled(crate(once_cell)) = 1.19.0 +Provides: bundled(crate(openssl)) = 0.10.62 Provides: bundled(crate(openssl-macros)) = 0.1.1 -Provides: bundled(crate(openssl-sys)) = 0.9.87 +Provides: bundled(crate(openssl-sys)) = 0.9.98 Provides: bundled(crate(parking_lot)) = 0.11.2 Provides: bundled(crate(parking_lot_core)) = 0.8.6 Provides: bundled(crate(paste)) = 0.1.18 Provides: bundled(crate(paste-impl)) = 0.1.18 -Provides: bundled(crate(pin-project-lite)) = 0.2.9 -Provides: bundled(crate(pkg-config)) = 0.3.27 +Provides: bundled(crate(pin-project-lite)) = 0.2.13 +Provides: bundled(crate(pkg-config)) = 0.3.28 Provides: bundled(crate(ppv-lite86)) = 0.2.17 Provides: bundled(crate(proc-macro-hack)) = 0.5.20+deprecated -Provides: bundled(crate(proc-macro2)) = 1.0.58 +Provides: bundled(crate(proc-macro2)) = 1.0.76 Provides: bundled(crate(pwdchan)) = 0.1.0 -Provides: bundled(crate(quote)) = 1.0.27 +Provides: bundled(crate(quote)) = 1.0.35 Provides: bundled(crate(rand)) = 0.8.5 Provides: bundled(crate(rand_chacha)) = 0.3.1 Provides: bundled(crate(rand_core)) = 0.6.4 Provides: bundled(crate(redox_syscall)) = 0.2.16 -Provides: bundled(crate(redox_syscall)) = 0.3.5 +Provides: bundled(crate(redox_syscall)) = 0.4.1 Provides: bundled(crate(rsds)) = 0.1.0 -Provides: bundled(crate(rustix)) = 0.37.19 -Provides: bundled(crate(ryu)) = 1.0.13 -Provides: bundled(crate(scopeguard)) = 1.1.0 -Provides: bundled(crate(serde)) = 1.0.163 -Provides: bundled(crate(serde_derive)) = 1.0.163 -Provides: bundled(crate(serde_json)) = 1.0.96 +Provides: bundled(crate(rustc-demangle)) = 0.1.23 +Provides: bundled(crate(rustix)) = 0.38.30 +Provides: bundled(crate(ryu)) = 1.0.16 +Provides: bundled(crate(scopeguard)) = 1.2.0 +Provides: bundled(crate(serde)) = 1.0.195 +Provides: bundled(crate(serde_derive)) = 1.0.195 +Provides: bundled(crate(serde_json)) = 1.0.111 Provides: bundled(crate(slapd)) = 0.1.0 Provides: bundled(crate(slapi_r_plugin)) = 0.1.0 -Provides: bundled(crate(smallvec)) = 1.10.0 +Provides: bundled(crate(smallvec)) = 1.12.0 Provides: bundled(crate(strsim)) = 0.8.0 Provides: bundled(crate(syn)) = 1.0.109 -Provides: bundled(crate(syn)) = 2.0.16 -Provides: bundled(crate(tempfile)) = 3.5.0 +Provides: bundled(crate(syn)) = 2.0.48 +Provides: bundled(crate(tempfile)) = 3.9.0 Provides: bundled(crate(textwrap)) = 0.11.0 -Provides: bundled(crate(tokio)) = 1.28.1 -Provides: bundled(crate(tokio-macros)) = 2.1.0 +Provides: bundled(crate(tokio)) = 1.35.1 +Provides: bundled(crate(tokio-macros)) = 2.2.0 Provides: bundled(crate(toml)) = 0.5.11 -Provides: bundled(crate(unicode-ident)) = 1.0.8 -Provides: bundled(crate(unicode-width)) = 0.1.10 +Provides: bundled(crate(unicode-ident)) = 1.0.12 +Provides: bundled(crate(unicode-width)) = 0.1.11 Provides: bundled(crate(uuid)) = 0.8.2 Provides: bundled(crate(vcpkg)) = 0.2.15 Provides: bundled(crate(vec_map)) = 0.8.2 @@ -148,25 +153,16 @@ Provides: bundled(crate(wasi)) = 0.11.0+wasi_snapshot_preview1 Provides: bundled(crate(winapi)) = 0.3.9 Provides: bundled(crate(winapi-i686-pc-windows-gnu)) = 0.4.0 Provides: bundled(crate(winapi-x86_64-pc-windows-gnu)) = 0.4.0 -Provides: bundled(crate(windows-sys)) = 0.45.0 -Provides: bundled(crate(windows-sys)) = 0.48.0 -Provides: bundled(crate(windows-targets)) = 0.42.2 -Provides: bundled(crate(windows-targets)) = 0.48.0 -Provides: bundled(crate(windows_aarch64_gnullvm)) = 0.42.2 -Provides: bundled(crate(windows_aarch64_gnullvm)) = 0.48.0 -Provides: bundled(crate(windows_aarch64_msvc)) = 0.42.2 -Provides: bundled(crate(windows_aarch64_msvc)) = 0.48.0 -Provides: bundled(crate(windows_i686_gnu)) = 0.42.2 -Provides: bundled(crate(windows_i686_gnu)) = 0.48.0 -Provides: bundled(crate(windows_i686_msvc)) = 0.42.2 -Provides: bundled(crate(windows_i686_msvc)) = 0.48.0 -Provides: bundled(crate(windows_x86_64_gnu)) = 0.42.2 -Provides: bundled(crate(windows_x86_64_gnu)) = 0.48.0 -Provides: bundled(crate(windows_x86_64_gnullvm)) = 0.42.2 -Provides: bundled(crate(windows_x86_64_gnullvm)) = 0.48.0 -Provides: bundled(crate(windows_x86_64_msvc)) = 0.42.2 -Provides: bundled(crate(windows_x86_64_msvc)) = 0.48.0 -Provides: bundled(crate(zeroize)) = 1.6.0 +Provides: bundled(crate(windows-sys)) = 0.52.0 +Provides: bundled(crate(windows-targets)) = 0.52.0 +Provides: bundled(crate(windows_aarch64_gnullvm)) = 0.52.0 +Provides: bundled(crate(windows_aarch64_msvc)) = 0.52.0 +Provides: bundled(crate(windows_i686_gnu)) = 0.52.0 +Provides: bundled(crate(windows_i686_msvc)) = 0.52.0 +Provides: bundled(crate(windows_x86_64_gnu)) = 0.52.0 +Provides: bundled(crate(windows_x86_64_gnullvm)) = 0.52.0 +Provides: bundled(crate(windows_x86_64_msvc)) = 0.52.0 +Provides: bundled(crate(zeroize)) = 1.7.0 Provides: bundled(crate(zeroize_derive)) = 1.4.2 ##### Bundled cargo crates list - END ##### @@ -294,9 +290,15 @@ Source3: https://github.com/jemalloc/%{jemalloc_name}/releases/download %endif %if %{use_rust} Source4: vendor-%{version}-1.tar.gz -Source5: Cargo-%{version}.lock +Source5: Cargo-%{version}-1.lock %endif +Patch01: 0001-issue-5647-covscan-memory-leak-in-audit-log-when-add.patch +Patch02: 0002-Issue-5647-Fix-unused-variable-warning-from-previous.patch +Patch03: 0003-Issue-5407-sync_repl-crashes-if-enabled-while-dynami.patch +Patch04: 0004-Issue-5547-automember-plugin-improvements.patch +Patch05: 0001-Issue-3527-Support-HAProxy-and-Instance-on-the-same-.patch + %description 389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration. @@ -917,9 +919,49 @@ exit 0 %doc README.md %changelog +* Thu Mar 14 2024 Simon Pichugin - 1.4.3.39-3 +- Bump version to 1.4.3.39-3 +- Resolves: RHEL-19240 - RFE Add PROXY protocol support to 389-ds-base via confiuration item - similar to Postfix + +* Mon Feb 05 2024 Thierry Bordaz - 1.4.3.39-2 +- Bump version to 1.4.3.39-2 +- Resolves: RHEL-23209 - CVE-2024-1062 389-ds:1.4/389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr) +- Resolves: RHEL-5390 - schema-compat-plugin expensive with automember rebuild +- Resolves: RHEL-5135 - crash in sync_update_persist_op() of content sync plugin + +* Tue Jan 16 2024 Simon Pichugin - 1.4.3.39-1 +- Bump version to 1.4.3.39-1 +- Resolves: RHEL-19028 - Rebase 389-ds-base in RHEL 8.10 to 1.4.3.39 +- Resolves: RHEL-19240 - [RFE] Add PROXY protocol support to 389-ds-base +- Resolves: RHEL-5143 - SELinux labeling for dirsrv files seen during ipa install/uninstall should be moved to DEBUG. +- Resolves: RHEL-5107 - bdb_start - Detected Disorderly Shutdown directory server is not starting +- Resolves: RHEL-16338 - ns-slapd crash in slapi_attr_basetype +- Resolves: RHEL-14025 - After an upgrade the LDAP server won't start if nsslapd-conntablesize is present in the dse.ldif file. + + +* Fri Dec 08 2023 James Chapman - 1.4.3.38-1 +- Bump version to 1.4.3.38-1 +- Resolves: RHEL-19028 - Rebase 389-ds-base in RHEL 8.10 to 1.4.3.38 + +* Wed Aug 16 2023 Mark Reynolds - 1.4.3.37-1 +- Bump versionto 1.4.3.37-1 +- Resolves: rhbz#2224505 - Paged search impacts performance +- Resolves: rhbz#2220890 - healthcheck tool needs to be updates for new default password storage scheme +- Resolves: rhbz#2218235 - python3-lib389: Python tarfile extraction needs change to avoid a warning +- Resolves: rhbz#2210491 - dtablesize being set to soft maxfiledescriptor limit causing massive slowdown in large enviroments. +- Resolves: rhbz#2149967 - SELinux labeling for dirsrv files seen during ipa install/uninstall should be moved to DEBUG + +* Tue Jul 11 2023 Mark Reynolds - 1.4.3.36-2 +- Bump version to 1.4.3.36-2 +- Resolves: rhbz#2220890 - healthcheck tool needs to be updates for new default password storage scheme + +* Wed Jun 14 2023 Mark Reynolds - 1.4.3.36-1 +- Bump version to 1.4.3.36-1 +- Resolves: rhbz#2188628 - Rebase 389-ds-base in RHEL 8.9 to 1.4.3.36 + * Mon May 22 2023 Mark Reynolds - 1.4.3.35-1 - Bump version to 1.4.3.35-1 -- Resolves: rhbz#2188628 - Rebase 389-ds-base in RHEL 8.9 to 1.4.3.25 +- Resolves: rhbz#2188628 - Rebase 389-ds-base in RHEL 8.9 to 1.4.3.35 * Tue Nov 15 2022 Mark Reynolds - 1.4.3.32-1 - Bump version to 1.4.3.32-1