- Issue 5870 - ns-slapd crashes at startup if a backend has no

suffix (#5871)
- Issue 5984 - Crash when paged result search are abandoned
 (#5985)

SOURCES/389-ds-base.spec

@@ -1,946 +0,0 @@
-
-%global pkgname   dirsrv
-%global srcname   389-ds-base
-
-# Exclude i686 bit arches
-ExcludeArch: i686
-
-# for a pre-release, define the prerel field e.g. .a1 .rc2 - comment out for official release
-# also remove the space between % and global - this space is needed because
-# fedpkg verrel stupidly ignores comment lines
-#% global prerel .rc3
-# also need the relprefix field for a pre-release e.g. .0 - also comment out for official release
-#% global relprefix 0.
-
-# If perl-Socket-2.000 or newer is available, set 0 to use_Socket6.
-%global use_Socket6 0
-
-%global use_asan 0
-%global use_rust 1
-%global use_legacy 1
-%global bundle_jemalloc 1
-%if %{use_asan}
-%global bundle_jemalloc 0
-%endif
-
-%if %{bundle_jemalloc}
-%global jemalloc_name jemalloc
-%global jemalloc_ver 5.3.0
-%global __provides_exclude ^libjemalloc\\.so.*$
-%endif
-
-# Use Clang instead of GCC
-%global use_clang 0
-
-# fedora 15 and later uses tmpfiles.d
-# otherwise, comment this out
-%{!?with_tmpfiles_d: %global with_tmpfiles_d %{_sysconfdir}/tmpfiles.d}
-
-# systemd support
-%global groupname %{pkgname}.target
-
-# set PIE flag
-%global _hardened_build 1
-
-# Filter argparse-manpage from autogenerated package Requires
-%global __requires_exclude ^python.*argparse-manpage
-
-Summary:          389 Directory Server (base)
-Name:             389-ds-base
-Version:          1.4.3.37
-Release:          %{?relprefix}1%{?prerel}%{?dist}
-License:          GPLv3+ and (ASL 2.0 or MIT)
-URL:              https://www.port389.org
-Group:            System Environment/Daemons
-Conflicts:        selinux-policy-base < 3.9.8
-Conflicts:        freeipa-server < 4.0.3
-Obsoletes:        %{name} <= 1.4.0.9
-Provides:         ldif2ldbm >= 0
-
-##### Bundled cargo crates list - START #####
-Provides:  bundled(crate(addr2line)) = 0.20.0
-Provides:  bundled(crate(adler)) = 1.0.2
-Provides:  bundled(crate(ahash)) = 0.7.6
-Provides:  bundled(crate(ansi_term)) = 0.12.1
-Provides:  bundled(crate(atty)) = 0.2.14
-Provides:  bundled(crate(autocfg)) = 1.1.0
-Provides:  bundled(crate(backtrace)) = 0.3.68
-Provides:  bundled(crate(base64)) = 0.13.1
-Provides:  bundled(crate(bitflags)) = 1.3.2
-Provides:  bundled(crate(byteorder)) = 1.4.3
-Provides:  bundled(crate(cbindgen)) = 0.9.1
-Provides:  bundled(crate(cc)) = 1.0.79
-Provides:  bundled(crate(cfg-if)) = 1.0.0
-Provides:  bundled(crate(clap)) = 2.34.0
-Provides:  bundled(crate(concread)) = 0.2.21
-Provides:  bundled(crate(crossbeam)) = 0.8.2
-Provides:  bundled(crate(crossbeam-channel)) = 0.5.8
-Provides:  bundled(crate(crossbeam-deque)) = 0.8.3
-Provides:  bundled(crate(crossbeam-epoch)) = 0.9.15
-Provides:  bundled(crate(crossbeam-queue)) = 0.3.8
-Provides:  bundled(crate(crossbeam-utils)) = 0.8.16
-Provides:  bundled(crate(entryuuid)) = 0.1.0
-Provides:  bundled(crate(entryuuid_syntax)) = 0.1.0
-Provides:  bundled(crate(errno)) = 0.3.1
-Provides:  bundled(crate(errno-dragonfly)) = 0.1.2
-Provides:  bundled(crate(fastrand)) = 1.9.0
-Provides:  bundled(crate(fernet)) = 0.1.4
-Provides:  bundled(crate(foreign-types)) = 0.3.2
-Provides:  bundled(crate(foreign-types-shared)) = 0.1.1
-Provides:  bundled(crate(getrandom)) = 0.2.10
-Provides:  bundled(crate(gimli)) = 0.27.3
-Provides:  bundled(crate(hashbrown)) = 0.12.3
-Provides:  bundled(crate(hermit-abi)) = 0.1.19
-Provides:  bundled(crate(hermit-abi)) = 0.3.2
-Provides:  bundled(crate(instant)) = 0.1.12
-Provides:  bundled(crate(io-lifetimes)) = 1.0.11
-Provides:  bundled(crate(itoa)) = 1.0.8
-Provides:  bundled(crate(jobserver)) = 0.1.26
-Provides:  bundled(crate(libc)) = 0.2.147
-Provides:  bundled(crate(librnsslapd)) = 0.1.0
-Provides:  bundled(crate(librslapd)) = 0.1.0
-Provides:  bundled(crate(linux-raw-sys)) = 0.3.8
-Provides:  bundled(crate(lock_api)) = 0.4.10
-Provides:  bundled(crate(log)) = 0.4.19
-Provides:  bundled(crate(lru)) = 0.7.8
-Provides:  bundled(crate(memchr)) = 2.5.0
-Provides:  bundled(crate(memoffset)) = 0.9.0
-Provides:  bundled(crate(miniz_oxide)) = 0.7.1
-Provides:  bundled(crate(object)) = 0.31.1
-Provides:  bundled(crate(once_cell)) = 1.18.0
-Provides:  bundled(crate(openssl)) = 0.10.55
-Provides:  bundled(crate(openssl-macros)) = 0.1.1
-Provides:  bundled(crate(openssl-sys)) = 0.9.90
-Provides:  bundled(crate(parking_lot)) = 0.11.2
-Provides:  bundled(crate(parking_lot_core)) = 0.8.6
-Provides:  bundled(crate(paste)) = 0.1.18
-Provides:  bundled(crate(paste-impl)) = 0.1.18
-Provides:  bundled(crate(pin-project-lite)) = 0.2.10
-Provides:  bundled(crate(pkg-config)) = 0.3.27
-Provides:  bundled(crate(ppv-lite86)) = 0.2.17
-Provides:  bundled(crate(proc-macro-hack)) = 0.5.20+deprecated
-Provides:  bundled(crate(proc-macro2)) = 1.0.64
-Provides:  bundled(crate(pwdchan)) = 0.1.0
-Provides:  bundled(crate(quote)) = 1.0.29
-Provides:  bundled(crate(rand)) = 0.8.5
-Provides:  bundled(crate(rand_chacha)) = 0.3.1
-Provides:  bundled(crate(rand_core)) = 0.6.4
-Provides:  bundled(crate(redox_syscall)) = 0.2.16
-Provides:  bundled(crate(redox_syscall)) = 0.3.5
-Provides:  bundled(crate(rsds)) = 0.1.0
-Provides:  bundled(crate(rustc-demangle)) = 0.1.23
-Provides:  bundled(crate(rustix)) = 0.37.23
-Provides:  bundled(crate(ryu)) = 1.0.14
-Provides:  bundled(crate(scopeguard)) = 1.1.0
-Provides:  bundled(crate(serde)) = 1.0.171
-Provides:  bundled(crate(serde_derive)) = 1.0.171
-Provides:  bundled(crate(serde_json)) = 1.0.100
-Provides:  bundled(crate(slapd)) = 0.1.0
-Provides:  bundled(crate(slapi_r_plugin)) = 0.1.0
-Provides:  bundled(crate(smallvec)) = 1.11.0
-Provides:  bundled(crate(strsim)) = 0.8.0
-Provides:  bundled(crate(syn)) = 1.0.109
-Provides:  bundled(crate(syn)) = 2.0.25
-Provides:  bundled(crate(tempfile)) = 3.6.0
-Provides:  bundled(crate(textwrap)) = 0.11.0
-Provides:  bundled(crate(tokio)) = 1.29.1
-Provides:  bundled(crate(tokio-macros)) = 2.1.0
-Provides:  bundled(crate(toml)) = 0.5.11
-Provides:  bundled(crate(unicode-ident)) = 1.0.10
-Provides:  bundled(crate(unicode-width)) = 0.1.10
-Provides:  bundled(crate(uuid)) = 0.8.2
-Provides:  bundled(crate(vcpkg)) = 0.2.15
-Provides:  bundled(crate(vec_map)) = 0.8.2
-Provides:  bundled(crate(version_check)) = 0.9.4
-Provides:  bundled(crate(wasi)) = 0.11.0+wasi_snapshot_preview1
-Provides:  bundled(crate(winapi)) = 0.3.9
-Provides:  bundled(crate(winapi-i686-pc-windows-gnu)) = 0.4.0
-Provides:  bundled(crate(winapi-x86_64-pc-windows-gnu)) = 0.4.0
-Provides:  bundled(crate(windows-sys)) = 0.48.0
-Provides:  bundled(crate(windows-targets)) = 0.48.1
-Provides:  bundled(crate(windows_aarch64_gnullvm)) = 0.48.0
-Provides:  bundled(crate(windows_aarch64_msvc)) = 0.48.0
-Provides:  bundled(crate(windows_i686_gnu)) = 0.48.0
-Provides:  bundled(crate(windows_i686_msvc)) = 0.48.0
-Provides:  bundled(crate(windows_x86_64_gnu)) = 0.48.0
-Provides:  bundled(crate(windows_x86_64_gnullvm)) = 0.48.0
-Provides:  bundled(crate(windows_x86_64_msvc)) = 0.48.0
-Provides:  bundled(crate(zeroize)) = 1.6.0
-Provides:  bundled(crate(zeroize_derive)) = 1.4.2
-##### Bundled cargo crates list - END #####
-
-BuildRequires:    nspr-devel >= 4.32
-BuildRequires:    nss-devel >= 3.67.0-7
-BuildRequires:    perl-generators
-BuildRequires:    openldap-devel
-BuildRequires:    libdb-devel
-BuildRequires:    cyrus-sasl-devel
-BuildRequires:    icu
-BuildRequires:    libicu-devel
-BuildRequires:    pcre-devel
-BuildRequires:    cracklib-devel
-%if %{use_clang}
-BuildRequires:    libatomic
-BuildRequires:    clang
-%else
-BuildRequires:    gcc
-BuildRequires:    gcc-c++
-%endif
-# The following are needed to build the snmp ldap-agent
-BuildRequires:    net-snmp-devel
-BuildRequires:    lm_sensors-devel
-BuildRequires:    bzip2-devel
-BuildRequires:    zlib-devel
-BuildRequires:    openssl-devel
-# the following is for the pam passthru auth plug-in
-BuildRequires:    pam-devel
-BuildRequires:    systemd-units
-BuildRequires:    systemd-devel
-%if %{use_asan}
-BuildRequires:    libasan
-%endif
-# If rust is enabled
-%if %{use_rust}
-BuildRequires: cargo
-BuildRequires: rust
-%endif
-BuildRequires:    pkgconfig
-BuildRequires:    pkgconfig(systemd)
-BuildRequires:    pkgconfig(krb5)
-
-# Needed to support regeneration of the autotool artifacts.
-BuildRequires:    autoconf
-BuildRequires:    automake
-BuildRequires:    libtool
-# For our documentation
-BuildRequires:    doxygen
-# For tests!
-BuildRequires:    libcmocka-devel
-BuildRequires:    libevent-devel
-# For lib389 and related components
-BuildRequires:    python%{python3_pkgversion}
-BuildRequires:    python%{python3_pkgversion}-devel
-BuildRequires:    python%{python3_pkgversion}-setuptools
-BuildRequires:    python%{python3_pkgversion}-ldap
-BuildRequires:    python%{python3_pkgversion}-six
-BuildRequires:    python%{python3_pkgversion}-pyasn1
-BuildRequires:    python%{python3_pkgversion}-pyasn1-modules
-BuildRequires:    python%{python3_pkgversion}-dateutil
-BuildRequires:    python%{python3_pkgversion}-argcomplete
-BuildRequires:    python%{python3_pkgversion}-argparse-manpage
-BuildRequires:    python%{python3_pkgversion}-policycoreutils
-BuildRequires:    python%{python3_pkgversion}-libselinux
-BuildRequires:    python%{python3_pkgversion}-cryptography
-
-# For cockpit
-BuildRequires:    rsync
-
-Requires:         %{name}-libs = %{version}-%{release}
-Requires:         python%{python3_pkgversion}-lib389 = %{version}-%{release}
-
-# this is needed for using semanage from our setup scripts
-Requires:         policycoreutils-python-utils
-Requires:         /usr/sbin/semanage
-Requires:         libsemanage-python%{python3_pkgversion}
-
-Requires:         selinux-policy >= 3.14.1-29
-
-# the following are needed for some of our scripts
-Requires:         openldap-clients
-Requires:         openssl-perl
-Requires:         python%{python3_pkgversion}-ldap
-
-# this is needed to setup SSL if you are not using the
-# administration server package
-Requires:         nss-tools
-Requires:         nspr >= 4.32
-Requires:         nss >= 3.67.0-7
-
-# these are not found by the auto-dependency method
-# they are required to support the mandatory LDAP SASL mechs
-Requires:         cyrus-sasl-gssapi
-Requires:         cyrus-sasl-md5
-Requires:         cyrus-sasl-plain
-
-# this is needed for verify-db.pl
-Requires:         libdb-utils
-
-# Needed for password dictionary checks
-Requires:         cracklib-dicts
-
-# This picks up libperl.so as a Requires, so we add this versioned one
-Requires:         perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
-Requires:         perl-Errno >= 1.23-360
-
-# Needed by logconv.pl
-Requires:         perl-DB_File
-Requires:         perl-Archive-Tar
-
-# Needed for password dictionary checks
-Requires:         cracklib-dicts
-
-# Picks up our systemd deps.
-%{?systemd_requires}
-
-Obsoletes:        %{name} <= 1.3.5.4
-
-Source0:          https://releases.pagure.org/389-ds-base/%{name}-%{version}.tar.bz2
-# 389-ds-git.sh should be used to generate the source tarball from git
-Source1:          %{name}-git.sh
-Source2:          %{name}-devel.README
-%if %{bundle_jemalloc}
-Source3:          https://github.com/jemalloc/%{jemalloc_name}/releases/download/%{jemalloc_ver}/%{jemalloc_name}-%{jemalloc_ver}.tar.bz2
-%endif
-%if %{use_rust}
-Source4:          vendor-%{version}-1.tar.gz
-Source5:          Cargo-%{version}-1.lock
-%endif
-
-%description
-389 Directory Server is an LDAPv3 compliant server.  The base package includes
-the LDAP server and command line utilities for server administration.
-%if %{use_asan}
-WARNING! This build is linked to Address Sanitisation libraries. This probably
-isn't what you want. Please contact support immediately.
-Please see http://seclists.org/oss-sec/2016/q1/363 for more information.
-%endif
-
-%package          libs
-Summary:          Core libraries for 389 Directory Server
-Group:            System Environment/Daemons
-BuildRequires:    nspr-devel >= 4.32
-BuildRequires:    nss-devel >= 3.67.0-7
-BuildRequires:    openldap-devel
-BuildRequires:    libdb-devel
-BuildRequires:    cyrus-sasl-devel
-BuildRequires:    libicu-devel
-BuildRequires:    pcre-devel
-BuildRequires:    libtalloc-devel
-BuildRequires:    libevent-devel
-BuildRequires:    libtevent-devel
-Requires:         krb5-libs
-Requires:         libevent
-BuildRequires:    systemd-devel
-Provides:         svrcore = 4.1.4
-Conflicts:        svrcore
-Obsoletes:        svrcore <= 4.1.3
-
-%description      libs
-Core libraries for the 389 Directory Server base package.  These libraries
-are used by the main package and the -devel package.  This allows the -devel
-package to be installed with just the -libs package and without the main package.
-
-%if %{use_legacy}
-%package          legacy-tools
-Summary:          Legacy utilities for 389 Directory Server
-Group:            System Environment/Daemons
-Obsoletes:        %{name} <= 1.4.0.9
-Requires:         %{name}-libs = %{version}-%{release}
-# for setup-ds.pl to support ipv6
-%if %{use_Socket6}
-Requires:         perl-Socket6
-%else
-Requires:         perl-Socket
-%endif
-Requires:         perl-NetAddr-IP
-# use_openldap assumes perl-Mozilla-LDAP is built with openldap support
-Requires:         perl-Mozilla-LDAP
-# for setup-ds.pl
-Requires:         bind-utils
-%global __provides_exclude_from %{_libdir}/%{pkgname}/perl
-%global __requires_exclude perl\\((DSCreate|DSMigration|DSUpdate|DSUtil|Dialog|DialogManager|FileConn|Inf|Migration|Resource|Setup|SetupLog)
-%{?perl_default_filter}
-
-%description      legacy-tools
-Legacy (and deprecated) utilities for 389 Directory Server. This includes
-the old account management and task scripts. These are deprecated in favour of
-the dscreate, dsctl, dsconf and dsidm tools.
-%endif
-
-%package          devel
-Summary:          Development libraries for 389 Directory Server
-Group:            Development/Libraries
-Requires:         %{name}-libs = %{version}-%{release}
-Requires:         pkgconfig
-Requires:         nspr-devel >= 4.32
-Requires:         nss-devel >= 3.67.0-7
-Requires:         openldap-devel
-Requires:         libtalloc
-Requires:         libevent
-Requires:         libtevent
-Requires:         systemd-libs
-Provides:         svrcore-devel = 4.1.4
-Conflicts:        svrcore-devel
-Obsoletes:        svrcore-devel <= 4.1.3
-
-%description      devel
-Development Libraries and headers for the 389 Directory Server base package.
-
-%package          snmp
-Summary:          SNMP Agent for 389 Directory Server
-Group:            System Environment/Daemons
-Requires:         %{name} = %{version}-%{release}
-
-Obsoletes:        %{name} <= 1.4.0.0
-
-%description      snmp
-SNMP Agent for the 389 Directory Server base package.
-
-%package -n python%{python3_pkgversion}-lib389
-Summary:  A library for accessing, testing, and configuring the 389 Directory Server
-BuildArch:        noarch
-Group:            Development/Libraries
-Requires: 389-ds-base
-Requires: openssl
-Requires: iproute
-Requires: platform-python
-Recommends: bash-completion
-Requires: python%{python3_pkgversion}-ldap
-Requires: python%{python3_pkgversion}-six
-Requires: python%{python3_pkgversion}-pyasn1
-Requires: python%{python3_pkgversion}-pyasn1-modules
-Requires: python%{python3_pkgversion}-dateutil
-Requires: python%{python3_pkgversion}-argcomplete
-Requires: python%{python3_pkgversion}-libselinux
-Requires: python%{python3_pkgversion}-setuptools
-Requires: python%{python3_pkgversion}-distro
-Requires: python%{python3_pkgversion}-cryptography
-%{?python_provide:%python_provide python%{python3_pkgversion}-lib389}
-
-%description -n python%{python3_pkgversion}-lib389
-This module contains tools and libraries for accessing, testing,
- and configuring the 389 Directory Server.
-
-%package -n cockpit-389-ds
-Summary:          Cockpit UI Plugin for configuring and administering the 389 Directory Server
-BuildArch:        noarch
-Requires:         cockpit
-Requires:         platform-python
-Requires:         python%{python3_pkgversion}-lib389
-
-%description -n cockpit-389-ds
-A cockpit UI Plugin for configuring and administering the 389 Directory Server
-
-%prep
-%autosetup -p1 -v -n %{name}-%{version}%{?prerel}
-%if %{use_rust}
-tar xvzf %{SOURCE4}
-cp %{SOURCE5} src/Cargo.lock
-%endif
-%if %{bundle_jemalloc}
-%setup -q -n %{name}-%{version}%{?prerel} -T -D -b 3
-%endif
-cp %{SOURCE2} README.devel
-
-%build
-
-OPENLDAP_FLAG="--with-openldap"
-%{?with_tmpfiles_d: TMPFILES_FLAG="--with-tmpfiles-d=%{with_tmpfiles_d}"}
-# hack hack hack https://bugzilla.redhat.com/show_bug.cgi?id=833529
-NSSARGS="--with-nss-lib=%{_libdir} --with-nss-inc=%{_includedir}/nss3"
-
-%if %{use_asan}
-ASAN_FLAGS="--enable-asan --enable-debug"
-%endif
-
-%if %{use_rust}
-RUST_FLAGS="--enable-rust --enable-rust-offline"
-%endif
-
-%if %{use_legacy}
-LEGACY_FLAGS="--enable-legacy --enable-perl"
-%else
-LEGACY_FLAGS="--disable-legacy --disable-perl"
-%endif
-
-%if %{use_clang}
-export CC=clang
-export CXX=clang++
-CLANG_FLAGS="--enable-clang"
-%endif
-
-%if %{bundle_jemalloc}
-# Override page size, bz #1545539
-# 4K
-%ifarch %ix86 %arm x86_64 s390x
-%define lg_page --with-lg-page=12
-%endif
-
-# 64K
-%ifarch ppc64 ppc64le aarch64
-%define lg_page --with-lg-page=16
-%endif
-
-# Override huge page size on aarch64
-# 2M instead of 512M
-%ifarch aarch64
-%define lg_hugepage --with-lg-hugepage=21
-%endif
-
-# Build jemalloc
-pushd ../%{jemalloc_name}-%{jemalloc_ver}
-%configure \
-        --libdir=%{_libdir}/%{pkgname}/lib \
-        --bindir=%{_libdir}/%{pkgname}/bin \
-        --enable-prof
-make %{?_smp_mflags}        
-popd
-%endif
-
-
-# Enforce strict linking
-%define _strict_symbol_defs_build 1
-
-# Rebuild the autotool artifacts now.
-autoreconf -fiv
-
-%configure --enable-autobind --with-selinux $OPENLDAP_FLAG $TMPFILES_FLAG \
-           --with-systemd \
-           --with-systemdsystemunitdir=%{_unitdir} \
-           --with-systemdsystemconfdir=%{_sysconfdir}/systemd/system \
-           --with-systemdgroupname=%{groupname}  \
-           --libexecdir=%{_libexecdir}/%{pkgname} \
-           $NSSARGS $ASAN_FLAGS $RUST_FLAGS $LEGACY_FLAGS $CLANG_FLAGS \
-           --enable-cmocka 
-
-# lib389
-pushd ./src/lib389
-%py3_build
-popd
-# argparse-manpage dynamic man pages have hardcoded man v1 in header,
-# need to change it to v8
-sed -i  "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dsconf.8
-sed -i  "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dsctl.8
-sed -i  "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dsidm.8
-sed -i  "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dscreate.8
-
-# Generate symbolic info for debuggers
-export XCFLAGS=$RPM_OPT_FLAGS
-
-#make %{?_smp_mflags}
-make
-
-%install
-
-mkdir -p %{buildroot}%{_datadir}/gdb/auto-load%{_sbindir}
-mkdir -p %{buildroot}%{_datadir}/cockpit
-make DESTDIR="$RPM_BUILD_ROOT" install
-
-# Cockpit file list
-find %{buildroot}%{_datadir}/cockpit/389-console -type d | sed -e "s@%{buildroot}@@" | sed -e 's/^/\%dir /' > cockpit.list
-find %{buildroot}%{_datadir}/cockpit/389-console -type f | sed -e "s@%{buildroot}@@" >> cockpit.list
-
-# Copy in our docs from doxygen.
-cp -r %{_builddir}/%{name}-%{version}%{?prerel}/man/man3 $RPM_BUILD_ROOT/%{_mandir}/man3
-
-# lib389
-pushd src/lib389
-%py3_install
-popd
-
-mkdir -p $RPM_BUILD_ROOT/var/log/%{pkgname}
-mkdir -p $RPM_BUILD_ROOT/var/lib/%{pkgname}
-mkdir -p $RPM_BUILD_ROOT/var/3lock/%{pkgname}
-
-# for systemd
-mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/systemd/system/%{groupname}.wants
-
-#remove libtool archives and static libs
-find %{buildroot} -type f -name "*.la" -delete
-find %{buildroot} -type f -name "*.a" -delete
-
-%if %{use_legacy}
-# make sure perl scripts have a proper shebang
-sed -i -e 's|#{{PERL-EXEC}}|#!/usr/bin/perl|' $RPM_BUILD_ROOT%{_datadir}/%{pkgname}/script-templates/template-*.pl
-%endif
-
-%if %{bundle_jemalloc}
-pushd ../%{jemalloc_name}-%{jemalloc_ver}
-make DESTDIR="$RPM_BUILD_ROOT" install_lib install_bin
-cp -pa COPYING ../%{name}-%{version}%{?prerel}/COPYING.jemalloc
-cp -pa README ../%{name}-%{version}%{?prerel}/README.jemalloc
-popd
-%endif
-
-%check
-# This checks the code, if it fails it prints why, then re-raises the fail to shortcircuit the rpm build.
-if ! make DESTDIR="$RPM_BUILD_ROOT" check; then cat ./test-suite.log && false; fi
-
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-%post
-if [ -n "$DEBUGPOSTTRANS" ] ; then
-    output=$DEBUGPOSTTRANS
-    output2=${DEBUGPOSTTRANS}.upgrade
-else
-    output=/dev/null
-    output2=/dev/null
-fi
-
-# reload to pick up any changes to systemd files
-/bin/systemctl daemon-reload >$output 2>&1 || :
-
-# https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Soft_static_allocation
-# Soft static allocation for UID and GID
-USERNAME="dirsrv"
-ALLOCATED_UID=389
-GROUPNAME="dirsrv"
-ALLOCATED_GID=389
-HOMEDIR="/usr/share/dirsrv"
-
-getent group $GROUPNAME >/dev/null || /usr/sbin/groupadd -f -g $ALLOCATED_GID -r $GROUPNAME
-if ! getent passwd $USERNAME >/dev/null ; then
-    if ! getent passwd $ALLOCATED_UID >/dev/null ; then
-      /usr/sbin/useradd -r -u $ALLOCATED_UID -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME
-    else
-      /usr/sbin/useradd -r -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME
-    fi
-fi
-
-# Reload our sysctl before we restart (if we can)
-sysctl --system &> $output; true
-
-%preun
-if [ $1 -eq 0 ]; then # Final removal
-    # remove instance specific service files/links
-    rm -rf %{_sysconfdir}/systemd/system/%{groupname}.wants/* > /dev/null 2>&1 || :
-fi
-
-%postun
-if [ $1 = 0 ]; then # Final removal
-    rm -rf /var/run/%{pkgname}
-fi
-
-%post snmp
-%systemd_post %{pkgname}-snmp.service
-
-%preun snmp
-%systemd_preun %{pkgname}-snmp.service %{groupname}
-
-%postun snmp
-%systemd_postun_with_restart %{pkgname}-snmp.service
-
-%if %{use_legacy}
-%post legacy-tools
-
-# START UPGRADE SCRIPT
-
-if [ -n "$DEBUGPOSTTRANS" ] ; then
-    output=$DEBUGPOSTTRANS
-    output2=${DEBUGPOSTTRANS}.upgrade
-else
-    output=/dev/null
-    output2=/dev/null
-fi
-
-# find all instances
-instances="" # instances that require a restart after upgrade
-ninst=0 # number of instances found in total
-
-echo looking for instances in %{_sysconfdir}/%{pkgname} > $output 2>&1 || :
-instbase="%{_sysconfdir}/%{pkgname}"
-for dir in $instbase/slapd-* ; do
-    echo dir = $dir >> $output 2>&1 || :
-    if [ ! -d "$dir" ] ; then continue ; fi
-    case "$dir" in *.removed) continue ;; esac
-    basename=`basename $dir`
-    inst="%{pkgname}@`echo $basename | sed -e 's/slapd-//g'`"
-    echo found instance $inst - getting status  >> $output 2>&1 || :
-    if /bin/systemctl -q is-active $inst ; then
-       echo instance $inst is running >> $output 2>&1 || :
-       instances="$instances $inst"
-    else
-       echo instance $inst is not running >> $output 2>&1 || :
-    fi
-    ninst=`expr $ninst + 1`
-done
-if [ $ninst -eq 0 ] ; then
-    echo no instances to upgrade >> $output 2>&1 || :
-    exit 0 # have no instances to upgrade - just skip the rest
-fi
-# shutdown all instances
-echo shutting down all instances . . . >> $output 2>&1 || :
-for inst in $instances ; do
-    echo stopping instance $inst >> $output 2>&1 || :
-    /bin/systemctl stop $inst >> $output 2>&1 || :
-done
-echo remove pid files . . . >> $output 2>&1 || :
-/bin/rm -f /var/run/%{pkgname}*.pid /var/run/%{pkgname}*.startpid
-# do the upgrade
-echo upgrading instances . . . >> $output 2>&1 || :
-DEBUGPOSTSETUPOPT=`/usr/bin/echo $DEBUGPOSTSETUP | /usr/bin/sed -e "s/[^d]//g"`
-if [ -n "$DEBUGPOSTSETUPOPT" ] ; then
-    %{_sbindir}/setup-ds.pl -$DEBUGPOSTSETUPOPT -u -s General.UpdateMode=offline >> $output 2>&1 || :
-else
-    %{_sbindir}/setup-ds.pl -u -s General.UpdateMode=offline >> $output 2>&1 || :
-fi
-
-# restart instances that require it
-for inst in $instances ; do
-    echo restarting instance $inst >> $output 2>&1 || :
-    /bin/systemctl start $inst >> $output 2>&1 || :
-done
-#END UPGRADE
-%endif
-
-exit 0
-
-
-%files
-%if %{bundle_jemalloc}
-%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.jemalloc
-%license COPYING.jemalloc
-%else
-%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl
-%endif
-%dir %{_sysconfdir}/%{pkgname}
-%dir %{_sysconfdir}/%{pkgname}/schema
-%config(noreplace)%{_sysconfdir}/%{pkgname}/schema/*.ldif
-%dir %{_sysconfdir}/%{pkgname}/config
-%dir %{_sysconfdir}/systemd/system/%{groupname}.wants
-%config(noreplace)%{_sysconfdir}/%{pkgname}/config/slapd-collations.conf
-%config(noreplace)%{_sysconfdir}/%{pkgname}/config/certmap.conf
-%{_datadir}/%{pkgname}
-%{_datadir}/gdb/auto-load/*
-%{_unitdir}
-%{_bindir}/dbscan
-%{_mandir}/man1/dbscan.1.gz
-%{_bindir}/ds-replcheck
-%{_mandir}/man1/ds-replcheck.1.gz
-%{_bindir}/ds-logpipe.py
-%{_mandir}/man1/ds-logpipe.py.1.gz
-%{_bindir}/ldclt
-%{_mandir}/man1/ldclt.1.gz
-%{_sbindir}/ldif2ldap
-%{_mandir}/man8/ldif2ldap.8.gz
-%{_bindir}/logconv.pl
-%{_mandir}/man1/logconv.pl.1.gz
-%{_bindir}/pwdhash
-%{_mandir}/man1/pwdhash.1.gz
-%{_bindir}/readnsstate
-%{_mandir}/man1/readnsstate.1.gz
-# Remove for now: %caps(CAP_NET_BIND_SERVICE=pe) {_sbindir}/ns-slapd
-%{_sbindir}/ns-slapd
-%{_mandir}/man8/ns-slapd.8.gz
-%{_libexecdir}/%{pkgname}/ds_systemd_ask_password_acl
-%{_libexecdir}/%{pkgname}/ds_selinux_restorecon.sh
-%{_mandir}/man5/99user.ldif.5.gz
-%{_mandir}/man5/certmap.conf.5.gz
-%{_mandir}/man5/slapd-collations.conf.5.gz
-%{_mandir}/man5/dirsrv.5.gz
-%{_mandir}/man5/dirsrv.systemd.5.gz
-%{_libdir}/%{pkgname}/python
-%dir %{_libdir}/%{pkgname}/plugins
-%{_libdir}/%{pkgname}/plugins/*.so
-# This has to be hardcoded to /lib - $libdir changes between lib/lib64, but
-# sysctl.d is always in /lib.
-%{_prefix}/lib/sysctl.d/*
-%dir %{_localstatedir}/lib/%{pkgname}
-%dir %{_localstatedir}/log/%{pkgname}
-%ghost %dir %{_localstatedir}/lock/%{pkgname}
-%exclude %{_sbindir}/ldap-agent*
-%exclude %{_mandir}/man1/ldap-agent.1.gz
-%exclude %{_unitdir}/%{pkgname}-snmp.service
-%if %{bundle_jemalloc}
-%{_libdir}/%{pkgname}/lib/
-%{_libdir}/%{pkgname}/bin/
-%exclude %{_libdir}/%{pkgname}/bin/jemalloc-config
-%exclude %{_libdir}/%{pkgname}/bin/jemalloc.sh
-%exclude %{_libdir}/%{pkgname}/lib/libjemalloc.a
-%exclude %{_libdir}/%{pkgname}/lib/libjemalloc.so
-%exclude %{_libdir}/%{pkgname}/lib/libjemalloc_pic.a
-%exclude %{_libdir}/%{pkgname}/lib/pkgconfig
-%endif
-
-%files devel
-%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
-%{_mandir}/man3/*
-%{_includedir}/svrcore.h
-%{_includedir}/%{pkgname}
-%{_libdir}/libsvrcore.so
-%{_libdir}/%{pkgname}/libslapd.so
-%{_libdir}/%{pkgname}/libns-dshttpd.so
-%{_libdir}/%{pkgname}/libsds.so
-%{_libdir}/%{pkgname}/libldaputil.so
-%{_libdir}/pkgconfig/svrcore.pc
-%{_libdir}/pkgconfig/dirsrv.pc
-%{_libdir}/pkgconfig/libsds.pc
-
-%files libs
-%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
-%dir %{_libdir}/%{pkgname}
-%{_libdir}/libsvrcore.so.*
-%{_libdir}/%{pkgname}/libslapd.so.*
-%{_libdir}/%{pkgname}/libns-dshttpd-*.so
-%{_libdir}/%{pkgname}/libsds.so.*
-%{_libdir}/%{pkgname}/libldaputil.so.*
-%{_libdir}/%{pkgname}/librewriters.so*
-%if %{bundle_jemalloc}
-%{_libdir}/%{pkgname}/lib/libjemalloc.so.2
-%endif
-
-%if %{use_legacy}
-%files legacy-tools
-%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
-%{_bindir}/infadd
-%{_mandir}/man1/infadd.1.gz
-%{_bindir}/ldif
-%{_mandir}/man1/ldif.1.gz
-%{_bindir}/migratecred
-%{_mandir}/man1/migratecred.1.gz
-%{_bindir}/mmldif
-%{_mandir}/man1/mmldif.1.gz
-%{_bindir}/rsearch
-%{_mandir}/man1/rsearch.1.gz
-%{_libexecdir}/%{pkgname}/ds_selinux_enabled
-%{_libexecdir}/%{pkgname}/ds_selinux_port_query
-%config(noreplace)%{_sysconfdir}/%{pkgname}/config/template-initconfig
-%{_mandir}/man5/template-initconfig.5.gz
-%{_datadir}/%{pkgname}/properties/*.res
-%{_datadir}/%{pkgname}/script-templates
-%{_datadir}/%{pkgname}/updates
-%{_sbindir}/ldif2ldap
-%{_mandir}/man8/ldif2ldap.8.gz
-%{_sbindir}/bak2db
-%{_mandir}/man8/bak2db.8.gz
-%{_sbindir}/db2bak
-%{_mandir}/man8/db2bak.8.gz
-%{_sbindir}/db2index
-%{_mandir}/man8/db2index.8.gz
-%{_sbindir}/db2ldif
-%{_mandir}/man8/db2ldif.8.gz
-%{_sbindir}/dbverify
-%{_mandir}/man8/dbverify.8.gz
-%{_sbindir}/ldif2db
-%{_mandir}/man8/ldif2db.8.gz
-%{_sbindir}/restart-dirsrv
-%{_mandir}/man8/restart-dirsrv.8.gz
-%{_sbindir}/start-dirsrv
-%{_mandir}/man8/start-dirsrv.8.gz
-%{_sbindir}/status-dirsrv
-%{_mandir}/man8/status-dirsrv.8.gz
-%{_sbindir}/stop-dirsrv
-%{_mandir}/man8/stop-dirsrv.8.gz
-%{_sbindir}/upgradedb
-%{_mandir}/man8/upgradedb.8.gz
-%{_sbindir}/vlvindex
-%{_mandir}/man8/vlvindex.8.gz
-%{_sbindir}/monitor
-%{_mandir}/man8/monitor.8.gz
-%{_sbindir}/dbmon.sh
-%{_mandir}/man8/dbmon.sh.8.gz
-%{_sbindir}/dn2rdn
-%{_mandir}/man8/dn2rdn.8.gz
-%{_sbindir}/restoreconfig
-%{_mandir}/man8/restoreconfig.8.gz
-%{_sbindir}/saveconfig
-%{_mandir}/man8/saveconfig.8.gz
-%{_sbindir}/suffix2instance
-%{_mandir}/man8/suffix2instance.8.gz
-%{_sbindir}/upgradednformat
-%{_mandir}/man8/upgradednformat.8.gz
-%{_mandir}/man1/dbgen.pl.1.gz
-%{_bindir}/repl-monitor
-%{_mandir}/man1/repl-monitor.1.gz
-%{_bindir}/repl-monitor.pl
-%{_mandir}/man1/repl-monitor.pl.1.gz
-%{_bindir}/cl-dump
-%{_mandir}/man1/cl-dump.1.gz
-%{_bindir}/cl-dump.pl
-%{_mandir}/man1/cl-dump.pl.1.gz
-%{_bindir}/dbgen.pl
-%{_mandir}/man8/bak2db.pl.8.gz
-%{_sbindir}/bak2db.pl
-%{_sbindir}/cleanallruv.pl
-%{_mandir}/man8/cleanallruv.pl.8.gz
-%{_sbindir}/db2bak.pl
-%{_mandir}/man8/db2bak.pl.8.gz
-%{_sbindir}/db2index.pl
-%{_mandir}/man8/db2index.pl.8.gz
-%{_sbindir}/db2ldif.pl
-%{_mandir}/man8/db2ldif.pl.8.gz
-%{_sbindir}/fixup-linkedattrs.pl
-%{_mandir}/man8/fixup-linkedattrs.pl.8.gz
-%{_sbindir}/fixup-memberof.pl
-%{_mandir}/man8/fixup-memberof.pl.8.gz
-%{_sbindir}/ldif2db.pl
-%{_mandir}/man8/ldif2db.pl.8.gz
-%{_sbindir}/migrate-ds.pl
-%{_mandir}/man8/migrate-ds.pl.8.gz
-%{_sbindir}/ns-accountstatus.pl
-%{_mandir}/man8/ns-accountstatus.pl.8.gz
-%{_sbindir}/ns-activate.pl
-%{_mandir}/man8/ns-activate.pl.8.gz
-%{_sbindir}/ns-inactivate.pl
-%{_mandir}/man8/ns-inactivate.pl.8.gz
-%{_sbindir}/ns-newpwpolicy.pl
-%{_mandir}/man8/ns-newpwpolicy.pl.8.gz
-%{_sbindir}/remove-ds.pl
-%{_mandir}/man8/remove-ds.pl.8.gz
-%{_sbindir}/schema-reload.pl
-%{_mandir}/man8/schema-reload.pl.8.gz
-%{_sbindir}/setup-ds.pl
-%{_mandir}/man8/setup-ds.pl.8.gz
-%{_sbindir}/syntax-validate.pl
-%{_mandir}/man8/syntax-validate.pl.8.gz
-%{_sbindir}/usn-tombstone-cleanup.pl
-%{_mandir}/man8/usn-tombstone-cleanup.pl.8.gz
-%{_sbindir}/verify-db.pl
-%{_mandir}/man8/verify-db.pl.8.gz
-%{_libdir}/%{pkgname}/perl
-%endif
-
-%files snmp
-%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
-%config(noreplace)%{_sysconfdir}/%{pkgname}/config/ldap-agent.conf
-%{_sbindir}/ldap-agent*
-%{_mandir}/man1/ldap-agent.1.gz
-%{_unitdir}/%{pkgname}-snmp.service
-
-%files -n python%{python3_pkgversion}-lib389
-%doc LICENSE LICENSE.GPLv3+
-%{python3_sitelib}/lib389*
-%{_sbindir}/dsconf
-%{_mandir}/man8/dsconf.8.gz
-%{_sbindir}/dscreate
-%{_mandir}/man8/dscreate.8.gz
-%{_sbindir}/dsctl
-%{_mandir}/man8/dsctl.8.gz
-%{_sbindir}/dsidm
-%{_mandir}/man8/dsidm.8.gz
-%{_libexecdir}/%{pkgname}/dscontainer
-
-%files -n cockpit-389-ds -f cockpit.list
-%{_datarootdir}/metainfo/389-console/org.port389.cockpit_console.metainfo.xml
-%doc README.md
-
-%changelog
-* Wed Aug 16 2023 Mark Reynolds <mreynolds@redhat.com> - 1.4.3.37-1
-- Bump versionto 1.4.3.37-1
-- Resolves: rhbz#2224505 - Paged search impacts performance
-- Resolves: rhbz#2220890 - healthcheck tool needs to be updates for new default password storage scheme
-- Resolves: rhbz#2218235 - python3-lib389: Python tarfile extraction needs change to avoid a warning
-- Resolves: rhbz#2210491 - dtablesize being set to soft maxfiledescriptor limit causing massive slowdown in large enviroments.
-- Resolves: rhbz#2149967 - SELinux labeling for dirsrv files seen during ipa install/uninstall should be moved to DEBUG
-
-* Tue Jul 11 2023 Mark Reynolds <mreynolds@redhat.com> - 1.4.3.36-2
-- Bump version to 1.4.3.36-2
-- Resolves: rhbz#2220890 - healthcheck tool needs to be updates for new default password storage scheme
-
-* Wed Jun 14 2023 Mark Reynolds <mreynolds@redhat.com> - 1.4.3.36-1
-- Bump version to 1.4.3.36-1
-- Resolves: rhbz#2188628 - Rebase 389-ds-base in RHEL 8.9 to 1.4.3.36
-
-* Mon May 22 2023 Mark Reynolds <mreynolds@redhat.com> - 1.4.3.35-1
-- Bump version to 1.4.3.35-1
-- Resolves: rhbz#2188628 - Rebase 389-ds-base in RHEL 8.9 to 1.4.3.35
-
-* Tue Nov 15 2022 Mark Reynolds <mreynolds@redhat.com> - 1.4.3.32-1
-- Bump version to 1.4.3.32-1
-- Resolves: Bug 2098138 - broken nsslapd-subtree-rename-switch option in rhds11
-- Resolves: Bug 2119063 - entryuuid fixup tasks fails because entryUUID is not mutable
-- Resolves: Bug 2136610 - [RFE] Add 'cn' attribute to IPA audit logs 
-- Resolves: Bug 2142638 - pam mutex lock causing high etimes, affecting red hat internal sso
-- Resolves: Bug 2096795 - [RFE] Support ECDSA private keys for TLS
-

SOURCES/Issue-5870-ns-slapd-crashes-at-startup-if.patch

@@ -0,0 +1,81 @@
+From c98a1f0d4ad35778204440a8a5fc497d476621a9 Mon Sep 17 00:00:00 2001
+From: tbordaz <tbordaz@redhat.com>
+Date: Wed, 2 Aug 2023 14:44:42 +0200
+Subject: [PATCH] Issue 5870 - ns-slapd crashes at startup if a backend has no
+ suffix (#5871)
+
+Bug description:
+	With $5598, the server checks at startup if it exists
+	some referrals entries in the various backends/suffixes.
+	If a backend has no defined suffix (not clear how it
+	occurs except crafting dse.ldif) the checking
+	triggers a sigsev
+
+Fix description:
+	Check it exists a suffix before using it
+---
+ .../tests/suites/ds_logs/ds_logs_test.py      | 29 +++++++++++++++++++
+ ldap/servers/slapd/backend.c                  |  3 +-
+ 2 files changed, 31 insertions(+), 1 deletion(-)
+
+diff --git a/dirsrvtests/tests/suites/ds_logs/ds_logs_test.py b/dirsrvtests/tests/suites/ds_logs/ds_logs_test.py
+index 1a51ca5485..812936c62e 100644
+--- a/dirsrvtests/tests/suites/ds_logs/ds_logs_test.py
++++ b/dirsrvtests/tests/suites/ds_logs/ds_logs_test.py
+@@ -11,6 +11,8 @@
+ import time
+ import logging
+ import pytest
++import shutil
++from lib389.rootdse import RootDSE
+ import subprocess
+ from lib389.referral import Referrals, Referral
+ from lib389.backend import Backend
+@@ -1398,6 +1400,33 @@ def fin():
+ 
+     request.addfinalizer(fin)
+ 
++def test_missing_backend_suffix(topology_st, request):
++    """Test that the server does not crash if a backend has no suffix
++
++    :id: 427c9780-4875-4a94-a3e4-afa11be7d1a9
++    :setup: Standalone instance
++    :steps:
++        1. Stop the instance
++        2. remove 'nsslapd-suffix' from the backend (userRoot)
++        3. start the instance
++        4. Check it started successfully with SRCH on rootDSE
++    :expectedresults:
++        all steps succeeds
++    """
++    topology_st.standalone.stop()
++    dse_ldif = topology_st.standalone.confdir + '/dse.ldif'
++    shutil.copy(dse_ldif, dse_ldif + '.correct')
++    os.system('sed -e "/nsslapd-suffix/d" %s > %s' % (dse_ldif + '.correct', dse_ldif))
++    topology_st.standalone.start()
++    rdse = RootDSE(topology_st.standalone)
++
++    def fin():
++        log.info('Restore dse.ldif')
++        topology_st.standalone.stop()
++        shutil.copy(dse_ldif + '.correct', dse_ldif)
++
++    request.addfinalizer(fin)
++
+ if __name__ == '__main__':
+     # Run isolated
+     # -s for DEBUG mode
+diff --git a/ldap/servers/slapd/backend.c b/ldap/servers/slapd/backend.c
+index ea8ccb88d2..498f683b15 100644
+--- a/ldap/servers/slapd/backend.c
++++ b/ldap/servers/slapd/backend.c
+@@ -222,7 +222,8 @@ slapi_exist_referral(Slapi_Backend *be)
+         suffix = slapi_sdn_get_dn(slapi_be_getsuffix(be, 0));
+ 
+         /* ignore special backends */
+-        if ((strcmp(suffix, "cn=schema") == 0) ||
++        if ((suffix == NULL) ||
++            (strcmp(suffix, "cn=schema") == 0) ||
+             (strcmp(suffix, "cn=config") == 0)) {
+             return 0; /* it does not mean anything having a referral in those backends */
+         }

SOURCES/Issue-5984-Crash-when-paged-result-search-are-abandoned-fix2.patch

@@ -0,0 +1,88 @@
+From 189f3a65c222c980b51591bdbfd79d64fa338a10 Mon Sep 17 00:00:00 2001
+From: progier389 <progier@redhat.com>
+Date: Tue, 21 Nov 2023 11:57:44 +0100
+Subject: [PATCH] Issue 5984 - Crash when paged result search are abandoned -
+ fix2 (#5987)
+
+Chasing several rabbits at the same time is a bad idea !
+and I mixed branches and unwillingly pushed one commit for #5980 in #5984
+just before the PR #5985 merge ! -:(
+Hopefully it does not break anything but just logs some useless crap if instance fails to starts.
+Anyway This commit reverts the change about __init.py
+and also do a minor code cleanup (removed a trailing space) in abandon.c
+
+Issue #5984
+
+Reviewed by: @tbordaz Thanks !
+
+(cherry picked from commit df7dd8320424f7ab616c9ad8086a6874ff8bf859)
+---
+ ldap/servers/slapd/abandon.c  |  2 +-
+ src/lib389/lib389/__init__.py | 27 +--------------------------
+ 2 files changed, 2 insertions(+), 27 deletions(-)
+
+diff --git a/ldap/servers/slapd/abandon.c b/ldap/servers/slapd/abandon.c
+index 964d28836f..2dd1ee3205 100644
+--- a/ldap/servers/slapd/abandon.c
++++ b/ldap/servers/slapd/abandon.c
+@@ -43,7 +43,7 @@ do_abandon(Slapi_PBlock *pb)
+         struct timespec hr_time_end;
+         int nentries;
+         int opid;
+-    } o_copy; 
++    } o_copy;
+ 
+     slapi_pblock_get(pb, SLAPI_OPERATION, &pb_op);
+     slapi_pblock_get(pb, SLAPI_CONNECTION, &pb_conn);
+diff --git a/src/lib389/lib389/__init__.py b/src/lib389/lib389/__init__.py
+index 81e41c58b8..b8ca7685f5 100644
+--- a/src/lib389/lib389/__init__.py
++++ b/src/lib389/lib389/__init__.py
+@@ -1048,24 +1048,6 @@ class DirSrv(SimpleLDAPObject, object):
+ 
+         self.state = DIRSRV_STATE_OFFLINE
+ 
+-    def dump_errorlog(self):
+-        '''
+-            Its logs all errors messages within the error log that occured 
+-            after the last startup.
+-        '''
+-        if os.path.isfile(self.errlog):
+-            lines = []
+-            with open(self.errlog, 'r') as file:
+-                for line in file:
+-                    if "starting up" in line:
+-                        lines = []
+-                    for key in ( 'DEBUG', 'INFO', 'NOTICE', 'WARN' ):
+-                        if key in line:
+-                            lines.append(line)
+-                            break
+-            for line in lines:
+-                self.log.error(line)
+-
+     def start(self, timeout=120, post_open=True):
+         '''
+             It starts an instance and rebind it. Its final state after rebind
+@@ -1089,13 +1071,7 @@ class DirSrv(SimpleLDAPObject, object):
+         if self.with_systemd():
+             self.log.debug("systemd status -> True")
+             # Do systemd things here ...
+-            try:
+-                subprocess.check_output(["systemctl", "start", "dirsrv@%s" % self.serverid], stderr=subprocess.STDOUT)
+-            except subprocess.CalledProcessError as e:
+-                self.dump_errorlog()
+-                self.log.error('Failed to start dirsrv@%s: "%s"' % (self.serverid, e.output.decode()))
+-                self.log.error(e)
+-                raise ValueError('Failed to start DS')
++            subprocess.check_output(["systemctl", "start", "dirsrv@%s" % self.serverid], stderr=subprocess.STDOUT)
+         else:
+             self.log.debug("systemd status -> False")
+             # Start the process.
+@@ -1119,7 +1095,6 @@ class DirSrv(SimpleLDAPObject, object):
+                 self.log.debug("DEBUG: starting with %s" % cmd)
+                 output = subprocess.check_output(*cmd, env=env, stderr=subprocess.STDOUT)
+             except subprocess.CalledProcessError as e:
+-                self.dump_errorlog()
+                 self.log.error('Failed to start ns-slapd: "%s"' % e.output.decode())
+                 self.log.error(e)
+                 raise ValueError('Failed to start DS')

SOURCES/Issue-5984-Crash-when-paged-result-search-are-abandoned.patch

@@ -0,0 +1,386 @@
+From 1fefae50842b6bcdd631b59d91688388e90e0a5c Mon Sep 17 00:00:00 2001
+From: progier389 <progier@redhat.com>
+Date: Fri, 17 Nov 2023 14:41:51 +0100
+Subject: [PATCH] Issue 5984 - Crash when paged result search are abandoned
+ (#5985)
+
+* Issue 5984 - Crash when paged result search are abandoned
+
+Problem:
+  Fix #4551 has changed the lock that protects the paged result data
+  within a connection. But the abandon operation attempts to free
+  the paged search result with the connection lock.
+  This leads to race condition and double free causing an heap
+  corruption and a SIGSEGV.
+
+  Solution:
+   - Get a copy of the operation data that needs to be logged.
+   - Unlock the connection mutex (to avoid deadlock risk)
+   - Free the paged result while holding the paged result lock.
+
+Issue: 5984
+
+Reviewed by: @tbordaz (Thanks!)
+
+(cherry picked from commit 06bd0862956672eb76276cab5c1dd906fe5a7eec)
+---
+ .../paged_results/paged_results_test.py       | 110 ++++++++++++++++--
+ ldap/servers/slapd/abandon.c                  |  23 ++--
+ ldap/servers/slapd/opshared.c                 |   4 +-
+ ldap/servers/slapd/pagedresults.c             |   8 +-
+ ldap/servers/slapd/proto-slap.h               |   2 +-
+ src/lib389/lib389/__init__.py                 |  27 ++++-
+ 6 files changed, 152 insertions(+), 22 deletions(-)
+
+diff --git a/dirsrvtests/tests/suites/paged_results/paged_results_test.py b/dirsrvtests/tests/suites/paged_results/paged_results_test.py
+index 893d28a07e..2fc418d3f0 100644
+--- a/dirsrvtests/tests/suites/paged_results/paged_results_test.py
++++ b/dirsrvtests/tests/suites/paged_results/paged_results_test.py
+@@ -7,7 +7,7 @@
+ # --- END COPYRIGHT BLOCK ---
+ #
+ import socket
+-from random import sample
++from random import sample, randrange
+ 
+ import pytest
+ from ldap.controls import SimplePagedResultsControl, GetEffectiveRightsControl
+@@ -17,8 +21,10 @@ from lib389.topologies import topology_st
+ from lib389._constants import DN_LDBM, DN_DM, DEFAULT_SUFFIX, BACKEND_NAME, PASSWORD
+ 
+ from lib389._controls import SSSRequestControl
+-
+-from lib389.idm.user import UserAccounts
++from lib389.idm.user import UserAccount, UserAccounts
++from lib389.cli_base import FakeArgs
++from lib389.config import LDBMConfig
++from lib389.dbgen import dbgen_users
+ from lib389.idm.organization import Organization
+ from lib389.idm.organizationalunit import OrganizationalUnit
+ from lib389.backend import Backends
+@@ -46,11 +52,56 @@ NEW_BACKEND_1 = 'parent_base'
+ NEW_BACKEND_2 = 'child_base'
+ 
+ OLD_HOSTNAME = socket.gethostname()
+-socket.sethostname('localhost')
++if os.getuid() == 0:
++    socket.sethostname('localhost')
+ HOSTNAME = socket.gethostname()
+ IP_ADDRESS = socket.gethostbyname(HOSTNAME)
+ OLD_IP_ADDRESS = socket.gethostbyname(OLD_HOSTNAME)
+ 
++
++@pytest.fixture(scope="module")
++def create_40k_users(topology_st, request):
++    inst = topology_st.standalone
++
++    # Prepare return value
++    retval = FakeArgs()
++    retval.inst = inst
++    retval.bename = '40k'
++    retval.suffix = f'o={retval.bename}'
++    retval.ldif_file = f'{inst.get_ldif_dir()}/{retval.bename}.ldif'
++
++    # Create new backend
++    bes = Backends(inst)
++    be_1 = bes.create(properties={
++        'cn': retval.bename,
++        'nsslapd-suffix': retval.suffix,
++    })
++
++    # Set paged search lookthrough limit
++    ldbmconfig = LDBMConfig(inst)
++    ldbmconfig.replace('nsslapd-pagedlookthroughlimit', b'100000')
++
++    # Create ldif and import it.
++    dbgen_users(inst, 40000, retval.ldif_file, retval.suffix)
++    # tasks = Tasks(inst)
++    # args = {TASK_WAIT: True}
++    # tasks.importLDIF(retval.suffix, None, retval.ldif_file, args)
++    inst.stop()
++    assert inst.ldif2db(retval.bename, None, None, None, retval.ldif_file, None)
++    inst.start()
++
++    # And set an aci allowing anonymous read
++    log.info('Adding ACI to allow our test user to search')
++    ACI_TARGET = '(targetattr != "userPassword || aci")'
++    ACI_ALLOW = '(version 3.0; acl "Enable anonymous access";allow (read, search, compare)'
++    ACI_SUBJECT = '(userdn = "ldap:///anyone");)'
++    ACI_BODY = ACI_TARGET + ACI_ALLOW + ACI_SUBJECT
++    o_1 = Organization(inst, retval.suffix)
++    o_1.set('aci', ACI_BODY)
++
++    return retval
++
++
+ @pytest.fixture(scope="module")
+ def create_user(topology_st, request):
+     """User for binding operation"""
+@@ -75,8 +126,10 @@ def create_user(topology_st, request):
+ 
+     def fin():
+         log.info('Deleting user simplepaged_test')
+-        user.delete()
+-        socket.sethostname(OLD_HOSTNAME)
++        if not DEBUGGING:
++            user.delete()
++        if os.getuid() == 0:
++            socket.sethostname(OLD_HOSTNAME)
+ 
+     request.addfinalizer(fin)
+ 
+@@ -179,7 +232,7 @@ def change_conf_attr(topology_st, suffix, attr_name, attr_value):
+     return attr_value_bck
+ 
+ 
+-def paged_search(conn, suffix, controls, search_flt, searchreq_attrlist):
++def paged_search(conn, suffix, controls, search_flt, searchreq_attrlist, abandon_rate=0):
+     """Search at the DEFAULT_SUFFIX with ldap.SCOPE_SUBTREE
+     using Simple Paged Control(should the first item in the
+     list controls.
+@@ -199,9 +252,16 @@ def paged_search(conn, suffix, controls, search_flt, searchreq_attrlist):
+                                                     req_pr_ctrl.size,
+                                                     str(controls)))
+     msgid = conn.search_ext(suffix, ldap.SCOPE_SUBTREE, search_flt, searchreq_attrlist, serverctrls=controls)
++    log.info('Getting page %d' % (pages,))
+     while True:
+-        log.info('Getting page %d' % (pages,))
+-        rtype, rdata, rmsgid, rctrls = conn.result3(msgid)
++        try:
++            rtype, rdata, rmsgid, rctrls = conn.result3(msgid, timeout=0.001)
++        except ldap.TIMEOUT:
++            if pages > 0 and abandon_rate>0 and randrange(100)<abandon_rate:
++                conn.abandon(msgid)
++                log.info('Paged result search is abandonned.')
++                return all_results
++            continue
+         log.debug('Data: {}'.format(rdata))
+         all_results.extend(rdata)
+         pages += 1
+@@ -221,6 +281,7 @@ def paged_search(conn, suffix, controls, search_flt, searchreq_attrlist):
+                 break  # No more pages available
+         else:
+             break
++        log.info('Getting page %d' % (pages,))
+ 
+     assert not pctrls[0].cookie
+     return all_results
+@@ -1179,6 +1240,39 @@ def test_maxsimplepaged_per_conn_failure(topology_st, create_user, conf_attr_val
+         del_users(users_list)
+         change_conf_attr(topology_st, DN_CONFIG, 'nsslapd-maxsimplepaged-per-conn', max_per_con_bck)
+ 
++
++def test_search_stress_abandon(create_40k_users, create_user):
++    """Verify that search with a simple paged results control
++    returns all entries it should without errors.
++
++    :id: e154b24a-83d6-11ee-90d1-482ae39447e5
++    :customerscenario: True
++    :feature: Simple paged results
++    :setup: Standalone instance, test user for binding,
++            40K  users in a second backend
++    :steps:
++        1. Bind as test user
++        2. Loops a number of times doing:
++                 - search through added users with a simple paged control
++                 - randomly abandoning the search after a few ms.
++    :expectedresults:
++        1. Bind should be successful
++        2. The loop should complete successfully.
++    """
++
++    abandon_rate = 10
++    page_size = 500
++    nbloops = 1000
++    search_flt = r'(uid=*)'
++    searchreq_attrlist = ['dn', 'sn']
++    log.info('Set user bind %s ' % create_user)
++    conn = create_user.bind(TEST_USER_PWD)
++    for idx in range(nbloops):
++        req_ctrl = SimplePagedResultsControl(True, size=page_size, cookie='')
++        # If the issue #5984 is not fixed the server crashs and the paged search fails with ldap.SERVER_DOWN exception
++        paged_search(conn, create_40k_users.suffix, [req_ctrl], search_flt, searchreq_attrlist, abandon_rate=abandon_rate)
++
++
+ if __name__ == '__main__':
+     # Run isolated
+     # -s for DEBUG mode
+diff --git a/ldap/servers/slapd/abandon.c b/ldap/servers/slapd/abandon.c
+index 26a2e7bf83..964d28836f 100644
+--- a/ldap/servers/slapd/abandon.c
++++ b/ldap/servers/slapd/abandon.c
+@@ -38,6 +38,12 @@ do_abandon(Slapi_PBlock *pb)
+     Connection *pb_conn = NULL;
+     Operation *pb_op = NULL;
+     Operation *o;
++    /* Keep a copy of some data because o may vanish once conn is unlocked */
++    struct {
++        struct timespec hr_time_end;
++        int nentries;
++        int opid;
++    } o_copy; 
+ 
+     slapi_pblock_get(pb, SLAPI_OPERATION, &pb_op);
+     slapi_pblock_get(pb, SLAPI_CONNECTION, &pb_conn);
+@@ -90,8 +96,12 @@ do_abandon(Slapi_PBlock *pb)
+ 
+     pthread_mutex_lock(&(pb_conn->c_mutex));
+     for (o = pb_conn->c_ops; o != NULL; o = o->o_next) {
+-        if (o->o_msgid == id && o != pb_op)
++        if (o->o_msgid == id && o != pb_op) {
++            slapi_operation_time_elapsed(o, &o_copy.hr_time_end);
++            o_copy.nentries = o->o_results.r.r_search.nentries;
++            o_copy.opid = o->o_opid;
+             break;
++        }
+     }
+ 
+     if (o != NULL) {
+@@ -130,7 +140,8 @@ do_abandon(Slapi_PBlock *pb)
+         slapi_log_err(SLAPI_LOG_TRACE, "do_abandon", "op not found\n");
+     }
+ 
+-    if (0 == pagedresults_free_one_msgid_nolock(pb_conn, id)) {
++    pthread_mutex_unlock(&(pb_conn->c_mutex));
++    if (0 == pagedresults_free_one_msgid(pb_conn, id, pageresult_lock_get_addr(pb_conn))) {
+         slapi_log_access(LDAP_DEBUG_STATS, "conn=%" PRIu64
+                                            " op=%d ABANDON targetop=Simple Paged Results msgid=%d\n",
+                          pb_conn->c_connid, pb_op->o_opid, id);
+@@ -143,15 +154,11 @@ do_abandon(Slapi_PBlock *pb)
+                                            " targetop=SUPPRESSED-BY-PLUGIN msgid=%d\n",
+                          pb_conn->c_connid, pb_op->o_opid, id);
+     } else {
+-        struct timespec o_hr_time_end;
+-        slapi_operation_time_elapsed(o, &o_hr_time_end);
+         slapi_log_access(LDAP_DEBUG_STATS, "conn=%" PRIu64 " op=%d ABANDON"
+                                            " targetop=%d msgid=%d nentries=%d etime=%" PRId64 ".%010" PRId64 "\n",
+-                         pb_conn->c_connid, pb_op->o_opid, o->o_opid, id,
+-                         o->o_results.r.r_search.nentries, (int64_t)o_hr_time_end.tv_sec, (int64_t)o_hr_time_end.tv_nsec);
++                         pb_conn->c_connid, pb_op->o_opid, o_copy.opid, id,
++                         o_copy.nentries, (int64_t)o_copy.hr_time_end.tv_sec, (int64_t)o_copy.hr_time_end.tv_nsec);
+     }
+-
+-    pthread_mutex_unlock(&(pb_conn->c_mutex));
+     /*
+      * Wake up the persistent searches, so they
+      * can notice if they've been abandoned.
+diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c
+index 897b9566e5..7ab4117cd4 100644
+--- a/ldap/servers/slapd/opshared.c
++++ b/ldap/servers/slapd/opshared.c
+@@ -922,9 +922,7 @@ op_shared_search(Slapi_PBlock *pb, int send_result)
+                     next_be = NULL; /* to break the loop */
+                     if (operation->o_status & SLAPI_OP_STATUS_ABANDONED) {
+                         /* It turned out this search was abandoned. */
+-                        pthread_mutex_lock(pagedresults_mutex);
+-                        pagedresults_free_one_msgid_nolock(pb_conn, operation->o_msgid);
+-                        pthread_mutex_unlock(pagedresults_mutex);
++                        pagedresults_free_one_msgid(pb_conn, operation->o_msgid, pagedresults_mutex);
+                         /* paged-results-request was abandoned; making an empty cookie. */
+                         pagedresults_set_response_control(pb, 0, estimate, -1, pr_idx);
+                         send_ldap_result(pb, 0, NULL, "Simple Paged Results Search abandoned", 0, NULL);
+diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c
+index 01fe3370f5..db87e486ea 100644
+--- a/ldap/servers/slapd/pagedresults.c
++++ b/ldap/servers/slapd/pagedresults.c
+@@ -34,6 +34,10 @@ pageresult_lock_cleanup()
+     slapi_ch_free((void**)&lock_hash);
+ }
+ 
++/* Beware to the lock order with c_mutex:
++ * c_mutex is sometime locked while holding pageresult_lock
++ * ==> Do not lock pageresult_lock when holing c_mutex
++ */
+ pthread_mutex_t *
+ pageresult_lock_get_addr(Connection *conn)
+ {
+@@ -350,7 +354,7 @@ pagedresults_free_one(Connection *conn, Operation *op, int index)
+  * Used for abandoning - pageresult_lock_get_addr(conn) is already locked in do_abandone.
+  */
+ int
+-pagedresults_free_one_msgid_nolock(Connection *conn, ber_int_t msgid)
++pagedresults_free_one_msgid(Connection *conn, ber_int_t msgid, pthread_mutex_t *mutex)
+ {
+     int rc = -1;
+     int i;
+@@ -361,6 +365,7 @@ pagedresults_free_one_msgid_nolock(Connection *conn, ber_int_t msgid)
+         } else {
+             slapi_log_err(SLAPI_LOG_TRACE,
+                           "pagedresults_free_one_msgid_nolock", "=> msgid=%d\n", msgid);
++            pthread_mutex_lock(mutex);
+             for (i = 0; i < conn->c_pagedresults.prl_maxlen; i++) {
+                 if (conn->c_pagedresults.prl_list[i].pr_msgid == msgid) {
+                     PagedResults *prp = conn->c_pagedresults.prl_list + i;
+@@ -375,6 +380,7 @@ pagedresults_free_one_msgid_nolock(Connection *conn, ber_int_t msgid)
+                     break;
+                 }
+             }
++            pthread_mutex_unlock(mutex);
+             slapi_log_err(SLAPI_LOG_TRACE,
+                           "pagedresults_free_one_msgid_nolock", "<= %d\n", rc);
+         }
+diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h
+index bb1f8aea2c..76b2e3af23 100644
+--- a/ldap/servers/slapd/proto-slap.h
++++ b/ldap/servers/slapd/proto-slap.h
+@@ -1587,7 +1587,7 @@ int pagedresults_is_timedout_nolock(Connection *conn);
+ int pagedresults_reset_timedout_nolock(Connection *conn);
+ int pagedresults_in_use_nolock(Connection *conn);
+ int pagedresults_free_one(Connection *conn, Operation *op, int index);
+-int pagedresults_free_one_msgid_nolock(Connection *conn, ber_int_t msgid);
++int pagedresults_free_one_msgid(Connection *conn, ber_int_t msgid, pthread_mutex_t *mutex);
+ int op_is_pagedresults(Operation *op);
+ int pagedresults_cleanup_all(Connection *conn, int needlock);
+ void op_set_pagedresults(Operation *op);
+diff --git a/src/lib389/lib389/__init__.py b/src/lib389/lib389/__init__.py
+index b8ca7685f5..81e41c58b8 100644
+--- a/src/lib389/lib389/__init__.py
++++ b/src/lib389/lib389/__init__.py
+@@ -1040,6 +1040,24 @@ class DirSrv(SimpleLDAPObject, object):
+ 
+         self.state = DIRSRV_STATE_OFFLINE
+ 
++    def dump_errorlog(self):
++        '''
++            Its logs all errors messages within the error log that occured 
++            after the last startup.
++        '''
++        if os.path.isfile(self.errlog):
++            lines = []
++            with open(self.errlog, 'r') as file:
++                for line in file:
++                    if "starting up" in line:
++                        lines = []
++                    for key in ( 'DEBUG', 'INFO', 'NOTICE', 'WARN' ):
++                        if key in line:
++                            lines.append(line)
++                            break
++            for line in lines:
++                self.log.error(line)
++
+     def start(self, timeout=120, post_open=True):
+         '''
+             It starts an instance and rebind it. Its final state after rebind
+@@ -1063,7 +1081,13 @@ class DirSrv(SimpleLDAPObject, object):
+         if self.with_systemd():
+             self.log.debug("systemd status -> True")
+             # Do systemd things here ...
+-            subprocess.check_output(["systemctl", "start", "dirsrv@%s" % self.serverid], stderr=subprocess.STDOUT)
++            try:
++                subprocess.check_output(["systemctl", "start", "dirsrv@%s" % self.serverid], stderr=subprocess.STDOUT)
++            except subprocess.CalledProcessError as e:
++                self.dump_errorlog()
++                self.log.error('Failed to start dirsrv@%s: "%s"' % (self.serverid, e.output.decode()))
++                self.log.error(e)
++                raise ValueError('Failed to start DS')
+         else:
+             self.log.debug("systemd status -> False")
+             # Start the process.
+@@ -1087,6 +1111,7 @@ class DirSrv(SimpleLDAPObject, object):
+                 self.log.debug("DEBUG: starting with %s" % cmd)
+                 output = subprocess.check_output(*cmd, env=env, stderr=subprocess.STDOUT)
+             except subprocess.CalledProcessError as e:
++                self.dump_errorlog()
+                 self.log.error('Failed to start ns-slapd: "%s"' % e.output.decode())
+                 self.log.error(e)
+                 raise ValueError('Failed to start DS')

SPECS/389-ds-base.spec

@@ -47,9 +47,9 @@ ExcludeArch: i686
 
 Summary:          389 Directory Server (base)
 Name:             389-ds-base
-Version:          1.4.3.35
-Release:          %{?relprefix}1%{?prerel}%{?dist}
-License:          GPLv3+ and ASL 2.0 and MIT
+Version:          1.4.3.37
+Release:          %{?relprefix}2%{?prerel}%{?dist}.alma.1
+License:          GPLv3+ and (ASL 2.0 or MIT)
 URL:              https://www.port389.org
 Group:            System Environment/Daemons
 Conflicts:        selinux-policy-base < 3.9.8
@@ -58,10 +58,13 @@ Obsoletes:        %{name} <= 1.4.0.9
 Provides:         ldif2ldbm >= 0
 
 ##### Bundled cargo crates list - START #####
+Provides:  bundled(crate(addr2line)) = 0.20.0
+Provides:  bundled(crate(adler)) = 1.0.2
 Provides:  bundled(crate(ahash)) = 0.7.6
 Provides:  bundled(crate(ansi_term)) = 0.12.1
 Provides:  bundled(crate(atty)) = 0.2.14
 Provides:  bundled(crate(autocfg)) = 1.1.0
+Provides:  bundled(crate(backtrace)) = 0.3.68
 Provides:  bundled(crate(base64)) = 0.13.1
 Provides:  bundled(crate(bitflags)) = 1.3.2
 Provides:  bundled(crate(byteorder)) = 1.4.3
@@ -73,9 +76,9 @@ Provides:  bundled(crate(concread)) = 0.2.21
 Provides:  bundled(crate(crossbeam)) = 0.8.2
 Provides:  bundled(crate(crossbeam-channel)) = 0.5.8
 Provides:  bundled(crate(crossbeam-deque)) = 0.8.3
-Provides:  bundled(crate(crossbeam-epoch)) = 0.9.14
+Provides:  bundled(crate(crossbeam-epoch)) = 0.9.15
 Provides:  bundled(crate(crossbeam-queue)) = 0.3.8
-Provides:  bundled(crate(crossbeam-utils)) = 0.8.15
+Provides:  bundled(crate(crossbeam-utils)) = 0.8.16
 Provides:  bundled(crate(entryuuid)) = 0.1.0
 Provides:  bundled(crate(entryuuid_syntax)) = 0.1.0
 Provides:  bundled(crate(errno)) = 0.3.1
@@ -84,61 +87,66 @@ Provides:  bundled(crate(fastrand)) = 1.9.0
 Provides:  bundled(crate(fernet)) = 0.1.4
 Provides:  bundled(crate(foreign-types)) = 0.3.2
 Provides:  bundled(crate(foreign-types-shared)) = 0.1.1
-Provides:  bundled(crate(getrandom)) = 0.2.9
+Provides:  bundled(crate(getrandom)) = 0.2.10
+Provides:  bundled(crate(gimli)) = 0.27.3
 Provides:  bundled(crate(hashbrown)) = 0.12.3
 Provides:  bundled(crate(hermit-abi)) = 0.1.19
-Provides:  bundled(crate(hermit-abi)) = 0.3.1
+Provides:  bundled(crate(hermit-abi)) = 0.3.2
 Provides:  bundled(crate(instant)) = 0.1.12
-Provides:  bundled(crate(io-lifetimes)) = 1.0.10
-Provides:  bundled(crate(itoa)) = 1.0.6
+Provides:  bundled(crate(io-lifetimes)) = 1.0.11
+Provides:  bundled(crate(itoa)) = 1.0.8
 Provides:  bundled(crate(jobserver)) = 0.1.26
-Provides:  bundled(crate(libc)) = 0.2.144
+Provides:  bundled(crate(libc)) = 0.2.147
 Provides:  bundled(crate(librnsslapd)) = 0.1.0
 Provides:  bundled(crate(librslapd)) = 0.1.0
 Provides:  bundled(crate(linux-raw-sys)) = 0.3.8
-Provides:  bundled(crate(lock_api)) = 0.4.9
-Provides:  bundled(crate(log)) = 0.4.17
+Provides:  bundled(crate(lock_api)) = 0.4.10
+Provides:  bundled(crate(log)) = 0.4.19
 Provides:  bundled(crate(lru)) = 0.7.8
-Provides:  bundled(crate(memoffset)) = 0.8.0
-Provides:  bundled(crate(once_cell)) = 1.17.1
-Provides:  bundled(crate(openssl)) = 0.10.52
+Provides:  bundled(crate(memchr)) = 2.5.0
+Provides:  bundled(crate(memoffset)) = 0.9.0
+Provides:  bundled(crate(miniz_oxide)) = 0.7.1
+Provides:  bundled(crate(object)) = 0.31.1
+Provides:  bundled(crate(once_cell)) = 1.18.0
+Provides:  bundled(crate(openssl)) = 0.10.55
 Provides:  bundled(crate(openssl-macros)) = 0.1.1
-Provides:  bundled(crate(openssl-sys)) = 0.9.87
+Provides:  bundled(crate(openssl-sys)) = 0.9.90
 Provides:  bundled(crate(parking_lot)) = 0.11.2
 Provides:  bundled(crate(parking_lot_core)) = 0.8.6
 Provides:  bundled(crate(paste)) = 0.1.18
 Provides:  bundled(crate(paste-impl)) = 0.1.18
-Provides:  bundled(crate(pin-project-lite)) = 0.2.9
+Provides:  bundled(crate(pin-project-lite)) = 0.2.10
 Provides:  bundled(crate(pkg-config)) = 0.3.27
 Provides:  bundled(crate(ppv-lite86)) = 0.2.17
 Provides:  bundled(crate(proc-macro-hack)) = 0.5.20+deprecated
-Provides:  bundled(crate(proc-macro2)) = 1.0.58
+Provides:  bundled(crate(proc-macro2)) = 1.0.64
 Provides:  bundled(crate(pwdchan)) = 0.1.0
-Provides:  bundled(crate(quote)) = 1.0.27
+Provides:  bundled(crate(quote)) = 1.0.29
 Provides:  bundled(crate(rand)) = 0.8.5
 Provides:  bundled(crate(rand_chacha)) = 0.3.1
 Provides:  bundled(crate(rand_core)) = 0.6.4
 Provides:  bundled(crate(redox_syscall)) = 0.2.16
 Provides:  bundled(crate(redox_syscall)) = 0.3.5
 Provides:  bundled(crate(rsds)) = 0.1.0
-Provides:  bundled(crate(rustix)) = 0.37.19
-Provides:  bundled(crate(ryu)) = 1.0.13
+Provides:  bundled(crate(rustc-demangle)) = 0.1.23
+Provides:  bundled(crate(rustix)) = 0.37.23
+Provides:  bundled(crate(ryu)) = 1.0.14
 Provides:  bundled(crate(scopeguard)) = 1.1.0
-Provides:  bundled(crate(serde)) = 1.0.163
-Provides:  bundled(crate(serde_derive)) = 1.0.163
-Provides:  bundled(crate(serde_json)) = 1.0.96
+Provides:  bundled(crate(serde)) = 1.0.171
+Provides:  bundled(crate(serde_derive)) = 1.0.171
+Provides:  bundled(crate(serde_json)) = 1.0.100
 Provides:  bundled(crate(slapd)) = 0.1.0
 Provides:  bundled(crate(slapi_r_plugin)) = 0.1.0
-Provides:  bundled(crate(smallvec)) = 1.10.0
+Provides:  bundled(crate(smallvec)) = 1.11.0
 Provides:  bundled(crate(strsim)) = 0.8.0
 Provides:  bundled(crate(syn)) = 1.0.109
-Provides:  bundled(crate(syn)) = 2.0.16
-Provides:  bundled(crate(tempfile)) = 3.5.0
+Provides:  bundled(crate(syn)) = 2.0.25
+Provides:  bundled(crate(tempfile)) = 3.6.0
 Provides:  bundled(crate(textwrap)) = 0.11.0
-Provides:  bundled(crate(tokio)) = 1.28.1
+Provides:  bundled(crate(tokio)) = 1.29.1
 Provides:  bundled(crate(tokio-macros)) = 2.1.0
 Provides:  bundled(crate(toml)) = 0.5.11
-Provides:  bundled(crate(unicode-ident)) = 1.0.8
+Provides:  bundled(crate(unicode-ident)) = 1.0.10
 Provides:  bundled(crate(unicode-width)) = 0.1.10
 Provides:  bundled(crate(uuid)) = 0.8.2
 Provides:  bundled(crate(vcpkg)) = 0.2.15
@@ -148,23 +156,14 @@ Provides:  bundled(crate(wasi)) = 0.11.0+wasi_snapshot_preview1
 Provides:  bundled(crate(winapi)) = 0.3.9
 Provides:  bundled(crate(winapi-i686-pc-windows-gnu)) = 0.4.0
 Provides:  bundled(crate(winapi-x86_64-pc-windows-gnu)) = 0.4.0
-Provides:  bundled(crate(windows-sys)) = 0.45.0
 Provides:  bundled(crate(windows-sys)) = 0.48.0
-Provides:  bundled(crate(windows-targets)) = 0.42.2
-Provides:  bundled(crate(windows-targets)) = 0.48.0
-Provides:  bundled(crate(windows_aarch64_gnullvm)) = 0.42.2
+Provides:  bundled(crate(windows-targets)) = 0.48.1
 Provides:  bundled(crate(windows_aarch64_gnullvm)) = 0.48.0
-Provides:  bundled(crate(windows_aarch64_msvc)) = 0.42.2
 Provides:  bundled(crate(windows_aarch64_msvc)) = 0.48.0
-Provides:  bundled(crate(windows_i686_gnu)) = 0.42.2
 Provides:  bundled(crate(windows_i686_gnu)) = 0.48.0
-Provides:  bundled(crate(windows_i686_msvc)) = 0.42.2
 Provides:  bundled(crate(windows_i686_msvc)) = 0.48.0
-Provides:  bundled(crate(windows_x86_64_gnu)) = 0.42.2
 Provides:  bundled(crate(windows_x86_64_gnu)) = 0.48.0
-Provides:  bundled(crate(windows_x86_64_gnullvm)) = 0.42.2
 Provides:  bundled(crate(windows_x86_64_gnullvm)) = 0.48.0
-Provides:  bundled(crate(windows_x86_64_msvc)) = 0.42.2
 Provides:  bundled(crate(windows_x86_64_msvc)) = 0.48.0
 Provides:  bundled(crate(zeroize)) = 1.6.0
 Provides:  bundled(crate(zeroize_derive)) = 1.4.2
@@ -294,9 +293,17 @@ Source3:          https://github.com/jemalloc/%{jemalloc_name}/releases/download
 %endif
 %if %{use_rust}
 Source4:          vendor-%{version}-1.tar.gz
-Source5:          Cargo-%{version}.lock
+Source5:          Cargo-%{version}-1.lock
 %endif
 
+# Patches were taken from:
+# https://github.com/389ds/389-ds-base/commit/c98a1f0d4ad35778204440a8a5fc497d476621a9
+Patch1:             Issue-5870-ns-slapd-crashes-at-startup-if.patch
+# https://github.com/389ds/389-ds-base/commit/1fefae50842b6bcdd631b59d91688388e90e0a5c
+Patch2:             Issue-5984-Crash-when-paged-result-search-are-abandoned.patch
+# https://github.com/389ds/389-ds-base/commit/189f3a65c222c980b51591bdbfd79d64fa338a10
+Patch3:             Issue-5984-Crash-when-paged-result-search-are-abandoned-fix2.patch
+
 %description
 389 Directory Server is an LDAPv3 compliant server.  The base package includes
 the LDAP server and command line utilities for server administration.
@@ -917,9 +924,31 @@ exit 0
 %doc README.md
 
 %changelog
+* Mon Jan 15 2025 Eduard Abdullin <eabdullin@almalinux.org> - 1.4.3.37-2.alma.1
+- Issue 5870 - ns-slapd crashes at startup if a backend has no
+ suffix (#5871)
+- Issue 5984 - Crash when paged result search are abandoned
+ (#5985)
+
+* Wed Aug 16 2023 Mark Reynolds <mreynolds@redhat.com> - 1.4.3.37-1
+- Bump versionto 1.4.3.37-1
+- Resolves: rhbz#2224505 - Paged search impacts performance
+- Resolves: rhbz#2220890 - healthcheck tool needs to be updates for new default password storage scheme
+- Resolves: rhbz#2218235 - python3-lib389: Python tarfile extraction needs change to avoid a warning
+- Resolves: rhbz#2210491 - dtablesize being set to soft maxfiledescriptor limit causing massive slowdown in large enviroments.
+- Resolves: rhbz#2149967 - SELinux labeling for dirsrv files seen during ipa install/uninstall should be moved to DEBUG
+
+* Tue Jul 11 2023 Mark Reynolds <mreynolds@redhat.com> - 1.4.3.36-2
+- Bump version to 1.4.3.36-2
+- Resolves: rhbz#2220890 - healthcheck tool needs to be updates for new default password storage scheme
+
+* Wed Jun 14 2023 Mark Reynolds <mreynolds@redhat.com> - 1.4.3.36-1
+- Bump version to 1.4.3.36-1
+- Resolves: rhbz#2188628 - Rebase 389-ds-base in RHEL 8.9 to 1.4.3.36
+
 * Mon May 22 2023 Mark Reynolds <mreynolds@redhat.com> - 1.4.3.35-1
 - Bump version to 1.4.3.35-1
-- Resolves: rhbz#2188628 - Rebase 389-ds-base in RHEL 8.9 to 1.4.3.25
+- Resolves: rhbz#2188628 - Rebase 389-ds-base in RHEL 8.9 to 1.4.3.35
 
 * Tue Nov 15 2022 Mark Reynolds <mreynolds@redhat.com> - 1.4.3.32-1
 - Bump version to 1.4.3.32-1