rpms/389-ds-base
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import 389-ds-base-1.4.3.16-16.module+el8.4.0+11446+fc96bc48

Browse Source
This commit is contained in:
CentOS Sources 2021-06-29 10:02:09 -04:00 committed by Andrew Lukoshko
parent a7620a3470
commit 9e9ce1f94f
6 changed files with 511 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
SOURCES/0039-Issue-4711-SIGSEV-with-sync_repl-4738.patch Normal file
View File

@ -0,0 +1,55 @@
From 81e9e6431293cbdde5b037c88e5c644f39d3d14d Mon Sep 17 00:00:00 2001
From: tbordaz <tbordaz@redhat.com>
Date: Tue, 27 Apr 2021 09:29:32 +0200
Subject: [PATCH 1/2] Issue 4711 - SIGSEV with sync_repl (#4738)
Bug description:
sync_repl sends back entries identified with a unique
identifier that is 'nsuniqueid'. If 'nsuniqueid' is
missing, then it may crash
Fix description:
Check a nsuniqueid is available else returns OP_ERR
relates: https://github.com/389ds/389-ds-base/issues/4711
Reviewed by: Pierre Rogier, James Chapman, William Brown (Thanks!)
Platforms tested: F33
---
ldap/servers/plugins/sync/sync_util.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/ldap/servers/plugins/sync/sync_util.c b/ldap/servers/plugins/sync/sync_util.c
index e64d519e1..bdba0a6c2 100644
--- a/ldap/servers/plugins/sync/sync_util.c
+++ b/ldap/servers/plugins/sync/sync_util.c
@@ -127,8 +127,8 @@ sync_create_state_control(Slapi_Entry *e, LDAPControl **ctrlp, int type, Sync_Co
BerElement *ber;
struct berval *bvp;
char *uuid;
- Slapi_Attr *attr;
- Slapi_Value *val;
+ Slapi_Attr *attr = NULL;
+ Slapi_Value *val = NULL;
if (type == LDAP_SYNC_NONE || ctrlp == NULL || (ber = der_alloc()) == NULL) {
return (LDAP_OPERATIONS_ERROR);
@@ -138,6 +138,14 @@ sync_create_state_control(Slapi_Entry *e, LDAPControl **ctrlp, int type, Sync_Co
slapi_entry_attr_find(e, SLAPI_ATTR_UNIQUEID, &attr);
slapi_attr_first_value(attr, &val);
+ if ((attr == NULL) || (val == NULL)) {
+ /* It may happen with entries in special backends
+ * such like cn=config, cn=shema, cn=monitor...
+ */
+ slapi_log_err(SLAPI_LOG_ERR, SYNC_PLUGIN_SUBSYSTEM,
+ "sync_create_state_control - Entries are missing nsuniqueid. Unable to proceed.\n");
+ return (LDAP_OPERATIONS_ERROR);
+ }
uuid = sync_nsuniqueid2uuid(slapi_value_get_string(val));
if ((rc = ber_printf(ber, "{eo", type, uuid, 16)) != -1) {
if (cookie) {
--
2.31.1

32
SOURCES/0040-Issue-4764-replicated-operation-sometime-checks-ACI-.patch Normal file
View File

@ -0,0 +1,32 @@
From 76d1b4ff8efdff1dbe6139b51da656880d7a8ec6 Mon Sep 17 00:00:00 2001
From: progier389 <progier@redhat.com>
Date: Wed, 26 May 2021 16:07:43 +0200
Subject: [PATCH 2/2] Issue 4764 - replicated operation sometime checks ACI
(#4783)
---
ldap/servers/slapd/connection.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/ldap/servers/slapd/connection.c b/ldap/servers/slapd/connection.c
index 1883fe711..02c02ffb6 100644
--- a/ldap/servers/slapd/connection.c
+++ b/ldap/servers/slapd/connection.c
@@ -1764,6 +1764,14 @@ connection_threadmain()
}
}
+ /*
+ * Fix bz 1931820 issue (the check to set OP_FLAG_REPLICATED may be done
+ * before replication session is properly set).
+ */
+ if (replication_connection) {
+ operation_set_flag(op, OP_FLAG_REPLICATED);
+ }
+
/*
* Call the do_<operation> function to process this request.
*/
--
2.31.1

52
SOURCES/0041-Issue-4797-ACL-IP-ADDRESS-evaluation-may-corrupt-c_i.patch Normal file
View File

@ -0,0 +1,52 @@
From a789f89dbf84dd5f6395198bf5cc4db88453ec4b Mon Sep 17 00:00:00 2001
From: tbordaz <tbordaz@redhat.com>
Date: Thu, 10 Jun 2021 15:03:27 +0200
Subject: [PATCH] Issue 4797 - ACL IP ADDRESS evaluation may corrupt
c_isreplication_session connection flags (#4799)
Bug description:
The fix for ticket #3764 was broken with a missing break in a
switch. The consequence is that while setting the client IP
address in the pblock (SLAPI_CONN_CLIENTNETADDR_ACLIP), the
connection is erroneously set as replication connection.
This can lead to crash or failure of testcase
test_access_from_certain_network_only_ip.
This bug was quite hidden until the fix for #4764 is
showing it more frequently
Fix description:
Add the missing break
relates: https://github.com/389ds/389-ds-base/issues/4797
Reviewed by: Mark Reynolds
Platforms tested: F33
---
ldap/servers/slapd/pblock.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c
index 1ad9d0399..9fd599bcb 100644
--- a/ldap/servers/slapd/pblock.c
+++ b/ldap/servers/slapd/pblock.c
@@ -2589,7 +2589,7 @@ slapi_pblock_set(Slapi_PBlock *pblock, int arg, void *value)
pblock->pb_conn->c_authtype = slapi_ch_strdup((char *)value);
pthread_mutex_unlock(&(pblock->pb_conn->c_mutex));
break;
- case SLAPI_CONN_CLIENTNETADDR_ACLIP:
+ case SLAPI_CONN_CLIENTNETADDR_ACLIP:
if (pblock->pb_conn == NULL) {
break;
}
@@ -2597,6 +2597,7 @@ slapi_pblock_set(Slapi_PBlock *pblock, int arg, void *value)
slapi_ch_free((void **)&pblock->pb_conn->cin_addr_aclip);
pblock->pb_conn->cin_addr_aclip = (PRNetAddr *)value;
pthread_mutex_unlock(&(pblock->pb_conn->c_mutex));
+ break;
case SLAPI_CONN_IS_REPLICATION_SESSION:
if (pblock->pb_conn == NULL) {
slapi_log_err(SLAPI_LOG_ERR,
--
2.31.1

206
SOURCES/0042-Issue-4492-Changelog-cache-can-upload-updates-from-a.patch Normal file
View File

@ -0,0 +1,206 @@
From 16ec195b12688bcbe0d113396eee782175102565 Mon Sep 17 00:00:00 2001
From: Thierry Bordaz <tbordaz@redhat.com>
Date: Mon, 14 Dec 2020 10:41:58 +0100
Subject: [PATCH] Issue 4492 - Changelog cache can upload updates from a wrong
starting point (CSN)
Bug description:
When a replication session starts, a starting point is computed
according to supplier/consumer RUVs.
from the starting point the updates are bulk loaded from the CL.
When a bulk set have been fully evaluated the server needs to bulk load another set.
It iterates until there is no more updates to send.
The bug is that during bulk load, it recomputes the CL cursor position
and this computation can be wrong. For example if a new update on
a rarely updated replica (or not known replica) the new position will
be set before the inital starting point
Fix description:
Fixing the invalid computation is a bit risky (complex code resulting from
years of corner cases handling) and a fix could fail to address others flavor
with the same symptom
The fix is only (sorry for that) safety checking fix that would end a replication session
if the computed cursor position goes before the initial starting point.
In case of large jump behind (24h) the starting point, a warning is logged.
relates: https://github.com/389ds/389-ds-base/issues/4492
Reviewed by: Mark Reynolds, William Brown
Platforms tested: F31
---
ldap/servers/plugins/replication/cl5_api.c | 6 +-
.../servers/plugins/replication/cl5_clcache.c | 60 ++++++++++++++++++-
.../servers/plugins/replication/cl5_clcache.h | 4 +-
3 files changed, 63 insertions(+), 7 deletions(-)
diff --git a/ldap/servers/plugins/replication/cl5_api.c b/ldap/servers/plugins/replication/cl5_api.c
index d7e47495a..403a6a666 100644
--- a/ldap/servers/plugins/replication/cl5_api.c
+++ b/ldap/servers/plugins/replication/cl5_api.c
@@ -143,6 +143,7 @@ struct cl5replayiterator
ReplicaId consumerRID; /* consumer's RID */
const RUV *consumerRuv; /* consumer's update vector */
Object *supplierRuvObj; /* supplier's update vector object */
+ char starting_csn[CSN_STRSIZE];
};
typedef struct cl5iterator
@@ -1367,7 +1368,7 @@ cl5GetNextOperationToReplay(CL5ReplayIterator *iterator, CL5Entry *entry)
return CL5_BAD_DATA;
}
- rc = clcache_get_next_change(iterator->clcache, (void **)&key, &keylen, (void **)&data, &datalen, &csn);
+ rc = clcache_get_next_change(iterator->clcache, (void **)&key, &keylen, (void **)&data, &datalen, &csn, iterator->starting_csn);
if (rc == DB_NOTFOUND) {
/*
@@ -4999,7 +5000,7 @@ _cl5PositionCursorForReplay(ReplicaId consumerRID, const RUV *consumerRuv, Repli
if (rc != 0)
goto done;
- rc = clcache_load_buffer(clcache, &startCSN, continue_on_missing);
+ rc = clcache_load_buffer(clcache, &startCSN, continue_on_missing, NULL);
if (rc == 0) {
haveChanges = PR_TRUE;
@@ -5063,6 +5064,7 @@ _cl5PositionCursorForReplay(ReplicaId consumerRID, const RUV *consumerRuv, Repli
(*iterator)->consumerRID = consumerRID;
(*iterator)->consumerRuv = consumerRuv;
(*iterator)->supplierRuvObj = supplierRuvObj;
+ csn_as_string(startCSN, PR_FALSE, (*iterator)->starting_csn);
} else if (rc == CL5_SUCCESS) {
/* we have no changes to send */
rc = CL5_NOTFOUND;
diff --git a/ldap/servers/plugins/replication/cl5_clcache.c b/ldap/servers/plugins/replication/cl5_clcache.c
index 6b591fb8d..fcbca047a 100644
--- a/ldap/servers/plugins/replication/cl5_clcache.c
+++ b/ldap/servers/plugins/replication/cl5_clcache.c
@@ -15,6 +15,8 @@
#include "db.h" /* Berkeley DB */
#include "cl5.h" /* changelog5Config */
#include "cl5_clcache.h"
+#include "slap.h"
+#include "proto-slap.h"
/* newer bdb uses DB_BUFFER_SMALL instead of ENOMEM as the
error return if the given buffer in which to load a
@@ -323,14 +325,21 @@ clcache_return_buffer(CLC_Buffer **buf)
* anchorcsn - passed in for the first load of a replication session;
* flag - DB_SET to load in the key CSN record.
* DB_NEXT to load in the records greater than key CSN.
+ * initial_starting_csn
+ * This is the starting_csn computed at the beginning of
+ * the replication session. It never change during a session
+ * (aka iterator creation).
+ * This is used for safety checking that the next CSN use
+ * for bulk load is not before the initial csn
* return - DB error code instead of cl5 one because of the
* historic reason.
*/
int
-clcache_load_buffer(CLC_Buffer *buf, CSN **anchorCSN, int *continue_on_miss)
+clcache_load_buffer(CLC_Buffer *buf, CSN **anchorCSN, int *continue_on_miss, char *initial_starting_csn)
{
int rc = 0;
int flag = DB_NEXT;
+ CSN limit_csn = {0};
if (anchorCSN)
*anchorCSN = NULL;
@@ -343,6 +352,30 @@ clcache_load_buffer(CLC_Buffer *buf, CSN **anchorCSN, int *continue_on_miss)
rc = clcache_adjust_anchorcsn(buf, &flag);
}
+ /* safety checking, we do not want to (re)start replication before
+ * the inital computed starting point
+ */
+ if (initial_starting_csn) {
+ csn_init_by_string(&limit_csn, initial_starting_csn);
+ if (csn_compare(&limit_csn, buf->buf_current_csn) > 0) {
+ char curr[CSN_STRSIZE];
+ int loglevel = SLAPI_LOG_REPL;
+
+ if (csn_time_difference(&limit_csn, buf->buf_current_csn) > (24 * 60 * 60)) {
+ /* This is a big jump (more than a day) behind the
+ * initial starting csn. Log a warning before ending
+ * the session
+ */
+ loglevel = SLAPI_LOG_WARNING;
+ }
+ csn_as_string(buf->buf_current_csn, 0, curr);
+ slapi_log_err(loglevel, buf->buf_agmt_name,
+ "clcache_load_buffer - bulk load cursor (%s) is lower than starting csn %s. Ending session.\n", curr, initial_starting_csn);
+ /* it just end the session with UPDATE_NO_MORE_UPDATES */
+ rc = CLC_STATE_DONE;
+ }
+ }
+
if (rc == 0) {
buf->buf_state = CLC_STATE_READY;
@@ -365,6 +398,27 @@ clcache_load_buffer(CLC_Buffer *buf, CSN **anchorCSN, int *continue_on_miss)
}
/* the use of alternative start csns can be limited, record its usage */
(*continue_on_miss)--;
+
+ if (initial_starting_csn) {
+ if (csn_compare(&limit_csn, buf->buf_current_csn) > 0) {
+ char curr[CSN_STRSIZE];
+ int loglevel = SLAPI_LOG_REPL;
+
+ if (csn_time_difference(&limit_csn, buf->buf_current_csn) > (24 * 60 * 60)) {
+ /* This is a big jump (more than a day) behind the
+ * initial starting csn. Log a warning before ending
+ * the session
+ */
+ loglevel = SLAPI_LOG_WARNING;
+ }
+ csn_as_string(buf->buf_current_csn, 0, curr);
+ slapi_log_err(loglevel, buf->buf_agmt_name,
+ "clcache_load_buffer - (DB_SET_RANGE) bulk load cursor (%s) is lower than starting csn %s. Ending session.\n", curr, initial_starting_csn);
+ rc = DB_NOTFOUND;
+
+ return rc;
+ }
+ }
}
/* Reset some flag variables */
if (rc == 0) {
@@ -492,7 +546,7 @@ retry:
* *data: output - data of the next change, or NULL if no more change
*/
int
-clcache_get_next_change(CLC_Buffer *buf, void **key, size_t *keylen, void **data, size_t *datalen, CSN **csn)
+clcache_get_next_change(CLC_Buffer *buf, void **key, size_t *keylen, void **data, size_t *datalen, CSN **csn, char *initial_starting_csn)
{
int skip = 1;
int rc = 0;
@@ -510,7 +564,7 @@ clcache_get_next_change(CLC_Buffer *buf, void **key, size_t *keylen, void **data
* We're done with the current buffer. Now load the next chunk.
*/
if (NULL == *key && CLC_STATE_READY == buf->buf_state) {
- rc = clcache_load_buffer(buf, NULL, NULL);
+ rc = clcache_load_buffer(buf, NULL, NULL, initial_starting_csn);
if (0 == rc && buf->buf_record_ptr) {
DB_MULTIPLE_KEY_NEXT(buf->buf_record_ptr, &buf->buf_data,
*key, *keylen, *data, *datalen);
diff --git a/ldap/servers/plugins/replication/cl5_clcache.h b/ldap/servers/plugins/replication/cl5_clcache.h
index 73eb41590..16d53d563 100644
--- a/ldap/servers/plugins/replication/cl5_clcache.h
+++ b/ldap/servers/plugins/replication/cl5_clcache.h
@@ -23,9 +23,9 @@ typedef struct clc_buffer CLC_Buffer;
int clcache_init(DB_ENV **dbenv);
void clcache_set_config(void);
int clcache_get_buffer(CLC_Buffer **buf, DB *db, ReplicaId consumer_rid, const RUV *consumer_ruv, const RUV *local_ruv);
-int clcache_load_buffer(CLC_Buffer *buf, CSN **anchorCSN, int *continue_on_miss);
+int clcache_load_buffer(CLC_Buffer *buf, CSN **anchorCSN, int *continue_on_miss, char *initial_starting_csn);
void clcache_return_buffer(CLC_Buffer **buf);
-int clcache_get_next_change(CLC_Buffer *buf, void **key, size_t *keylen, void **data, size_t *datalen, CSN **csn);
+int clcache_get_next_change(CLC_Buffer *buf, void **key, size_t *keylen, void **data, size_t *datalen, CSN **csn, char *initial_starting_csn);
void clcache_destroy(void);
#endif
--
2.31.1

146
SOURCES/0043-Issue-4644-Large-updates-can-reset-the-CLcache-to-th.patch Normal file
View File

@ -0,0 +1,146 @@
From f05f5f20a468efa82d13a99687ac5d3a5d80a3c9 Mon Sep 17 00:00:00 2001
From: tbordaz <tbordaz@redhat.com>
Date: Tue, 23 Feb 2021 13:42:31 +0100
Subject: [PATCH] Issue 4644 - Large updates can reset the CLcache to the
beginning of the changelog (#4647)
Bug description:
The replication agreements are using bulk load to load updates.
For bulk load it uses a cursor with DB_MULTIPLE_KEY and DB_NEXT.
Before using the cursor, it must be initialized with DB_SET.
If during the cursor/DB_SET the CSN refers to an update that is larger than
the size of the provided buffer, then the cursor remains not initialized and
c_get returns DB_BUFFER_SMALL.
The consequence is that the next c_get(DB_MULTIPLE_KEY and DB_NEXT) will return the
first record in the changelog DB. This break CLcache.
Fix description:
The fix is to harden cursor initialization so that if DB_SET fails
because of DB_BUFFER_SMALL. It reallocates buf_data and retries a DB_SET.
If DB_SET can not be initialized it logs a warning.
The patch also changes the behaviour of the fix #4492.
#4492 detected a massive (1day) jump prior the starting csn and ended the
replication session. If the jump was systematic, for example
if the CLcache got broken because of a too large updates, then
replication was systematically stopped.
This patch suppress the systematically stop, letting RA doing a big jump.
From #4492 only remains the warning.
relates: https://github.com/389ds/389-ds-base/issues/4644
Reviewed by: Pierre Rogier (Thanks !!!!)
Platforms tested: F31
---
.../servers/plugins/replication/cl5_clcache.c | 68 +++++++++++++++----
1 file changed, 53 insertions(+), 15 deletions(-)
diff --git a/ldap/servers/plugins/replication/cl5_clcache.c b/ldap/servers/plugins/replication/cl5_clcache.c
index fcbca047a..90dec4d54 100644
--- a/ldap/servers/plugins/replication/cl5_clcache.c
+++ b/ldap/servers/plugins/replication/cl5_clcache.c
@@ -370,9 +370,7 @@ clcache_load_buffer(CLC_Buffer *buf, CSN **anchorCSN, int *continue_on_miss, cha
}
csn_as_string(buf->buf_current_csn, 0, curr);
slapi_log_err(loglevel, buf->buf_agmt_name,
- "clcache_load_buffer - bulk load cursor (%s) is lower than starting csn %s. Ending session.\n", curr, initial_starting_csn);
- /* it just end the session with UPDATE_NO_MORE_UPDATES */
- rc = CLC_STATE_DONE;
+ "clcache_load_buffer - bulk load cursor (%s) is lower than starting csn %s.\n", curr, initial_starting_csn);
}
}
@@ -413,10 +411,7 @@ clcache_load_buffer(CLC_Buffer *buf, CSN **anchorCSN, int *continue_on_miss, cha
}
csn_as_string(buf->buf_current_csn, 0, curr);
slapi_log_err(loglevel, buf->buf_agmt_name,
- "clcache_load_buffer - (DB_SET_RANGE) bulk load cursor (%s) is lower than starting csn %s. Ending session.\n", curr, initial_starting_csn);
- rc = DB_NOTFOUND;
-
- return rc;
+ "clcache_load_buffer - (DB_SET_RANGE) bulk load cursor (%s) is lower than starting csn %s.\n", curr, initial_starting_csn);
}
}
}
@@ -444,6 +439,42 @@ clcache_load_buffer(CLC_Buffer *buf, CSN **anchorCSN, int *continue_on_miss, cha
return rc;
}
+/* Set a cursor to a specific key (buf->buf_key)
+ * In case buf_data is too small to receive the value, DB_SET fails
+ * (DB_BUFFER_SMALL). This let the cursor uninitialized that is
+ * problematic because further cursor DB_NEXT will reset the cursor
+ * to the beginning of the CL.
+ * If buf_data is too small, this function reallocates enough space
+ *
+ * It returns the return code of cursor->c_get
+ */
+static int
+clcache_cursor_set(DBC *cursor, CLC_Buffer *buf)
+{
+ int rc;
+ uint32_t ulen;
+ uint32_t dlen;
+ uint32_t size;
+
+ rc = cursor->c_get(cursor, &buf->buf_key, &buf->buf_data, DB_SET);
+ if (rc == DB_BUFFER_SMALL) {
+ uint32_t ulen;
+
+ /* Fortunately, buf->buf_data.size has been set by
+ * c_get() to the actual data size needed. So we can
+ * reallocate the data buffer and try to set again.
+ */
+ ulen = buf->buf_data.ulen;
+ buf->buf_data.ulen = (buf->buf_data.size / DEFAULT_CLC_BUFFER_PAGE_SIZE + 1) * DEFAULT_CLC_BUFFER_PAGE_SIZE;
+ buf->buf_data.data = slapi_ch_realloc(buf->buf_data.data, buf->buf_data.ulen);
+ slapi_log_err(SLAPI_LOG_REPL, buf->buf_agmt_name,
+ "clcache_cursor_set - buf data len reallocated %d -> %d bytes (DB_BUFFER_SMALL)\n",
+ ulen, buf->buf_data.ulen);
+ rc = cursor->c_get(cursor, &buf->buf_key, &buf->buf_data, DB_SET);
+ }
+ return rc;
+}
+
static int
clcache_load_buffer_bulk(CLC_Buffer *buf, int flag)
{
@@ -478,17 +509,24 @@ retry:
if (use_flag == DB_NEXT) {
/* For bulk read, position the cursor before read the next block */
- rc = cursor->c_get(cursor,
- &buf->buf_key,
- &buf->buf_data,
- DB_SET);
+ rc = clcache_cursor_set(cursor, buf);
}
- /*
- * Continue if the error is no-mem since we don't need to
- * load in the key record anyway with DB_SET.
- */
if (0 == rc || DB_BUFFER_SMALL == rc) {
+ /*
+ * It should not have failed with DB_BUFFER_SMALL as we tried
+ * to adjust buf_data in clcache_cursor_set.
+ * But if it failed with DB_BUFFER_SMALL, there is a risk in clcache_cursor_get
+ * that the cursor will be reset to the beginning of the changelog.
+ * Returning an error at this point will stop replication that is
+ * a risk. So just accept the risk of a reset to the beginning of the CL
+ * and log an alarming message.
+ */
+ if (rc == DB_BUFFER_SMALL) {
+ slapi_log_err(SLAPI_LOG_WARNING, buf->buf_agmt_name,
+ "clcache_load_buffer_bulk - Fail to position on csn=%s from the changelog (too large update ?). Risk of full CL evaluation.\n",
+ (char *)buf->buf_key.data);
+ }
rc = clcache_cursor_get(cursor, buf, use_flag);
}
}
--
2.31.1

21
SPECS/389-ds-base.spec
View File

@ -45,7 +45,7 @@ ExcludeArch: i686
Summary: 389 Directory Server (base)
Name: 389-ds-base
Version: 1.4.3.16
Release: %{?relprefix}13%{?prerel}%{?dist}
Release: %{?relprefix}16%{?prerel}%{?dist}
License: GPLv3+
URL: https://www.port389.org
Group: System Environment/Daemons
@ -212,6 +212,11 @@ Patch35: 0035-Issue-4581-A-failed-re-indexing-leaves-the-database-.patc
Patch36: 0036-Issue-4513-CI-Tests-fix-test-failures.patch
Patch37: 0037-Issue-4609-CVE-info-disclosure-when-authenticating.patch
Patch38: 0038-Issue-4649-crash-in-sync_repl-when-a-MODRDN-create-a.patch
Patch39: 0039-Issue-4711-SIGSEV-with-sync_repl-4738.patch
Patch40: 0040-Issue-4764-replicated-operation-sometime-checks-ACI-.patch
Patch41: 0041-Issue-4797-ACL-IP-ADDRESS-evaluation-may-corrupt-c_i.patch
Patch42: 0042-Issue-4492-Changelog-cache-can-upload-updates-from-a.patch
Patch43: 0043-Issue-4644-Large-updates-can-reset-the-CLcache-to-th.patch
%description
@ -830,6 +835,20 @@ exit 0
%doc README.md
%changelog
* Wed Jun 16 2021 Thierry Bordaz <tbordaz@redhat.com> - 1.4.3.16-16
- Bump version to 1.4.3.16-16
- Resolves: Bug 1972738 - Changelog cache can upload updates from a wrong starting point (CSN)
- Resolves: Bug 1972721 - Large updates can reset the CLcache to the beginning of the changelog
* Fri Jun 11 2021 Thierry Bordaz <tbordaz@redhat.com> - 1.4.3.16-15
- Bump version to 1.4.3.16-15
- Resolves: Bug 1970791 - A connection can be erroneously flagged as replication conn during evaluation of an aci with ip bind rule
* Tue Jun 08 2021 Thierry Bordaz <tbordaz@redhat.com> - 1.4.3.16-14
- Bump version to 1.4.3.16-14
- Resolves: Bug 1968588 - ACIs are being evaluated against the Replication Manager account in a replication context
- Resolves: Bug 1960720 - sync_repl NULL pointer dereference in sync_create_state_control()
* Thu Mar 11 2021 Mark Reynolds <mreynolds@redhat.com> - 1.4.3.16-13
- Bump version to 1.4.3.16-13
- Resolves: Bug 1930188 - crash in sync_repl when a MODRDN create a cenotaph