Hello community, here is the log from the commit of package 389-ds for openSUSE:Factory checked in at 2018-10-25 08:12:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/389-ds (Old) and /work/SRC/openSUSE:Factory/.389-ds.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "389-ds" Thu Oct 25 08:12:05 2018 rev:16 rq:642115 version:1.4.0.18 Changes: -------- --- /work/SRC/openSUSE:Factory/389-ds/389-ds.changes 2018-02-20 17:55:27.237646294 +0100 +++ /work/SRC/openSUSE:Factory/.389-ds.new/389-ds.changes 2018-10-25 08:12:10.600194517 +0200 @@ -1,0 +2,417 @@ +Mon Oct 15 19:48:27 UTC 2018 - Aeneas Jaißle <[email protected]> + +- disable building lib389 by default to circumvent unresolvables + +------------------------------------------------------------------- +Thu Oct 11 22:57:29 UTC 2018 - Marcus Rueckert <[email protected]> + +- remove fscaps until the audit bug is done + +------------------------------------------------------------------- +Thu Oct 11 15:45:33 UTC 2018 - Marcus Rueckert <[email protected]> + +- fix one type pkg_name vs pkgname in the post scriptlets + +------------------------------------------------------------------- +Thu Oct 11 15:40:31 UTC 2018 - Marcus Rueckert <[email protected]> + +- prepare rust support + +------------------------------------------------------------------- +Thu Oct 11 15:22:57 UTC 2018 - Marcus Rueckert <[email protected]> + +- enable lib389 by default now + +------------------------------------------------------------------- +Thu Oct 11 13:11:10 UTC 2018 - Marcus Rueckert <[email protected]> + +- use the same hack for svrcore-devel as the redhat package: claim + to be version 4.1.4 and obsolete olders. the pkg-config file will + report the new version though. + +------------------------------------------------------------------- +Thu Oct 11 11:51:06 UTC 2018 - Marcus Rueckert <[email protected]> + +- update to 1.4.0.18 + - Ticket 49968 - Confusing CRITICAL message: list_candidates - + NULL idl was recieved from filter_candidates_ext + - Ticket 49946 - upgrade of 389-ds-base could remove replication + agreements. + - Ticket 49969 - DOS caused by malformed search operation + (part2) +- changes from 1.4.0.17 + - Ticket 49969 - DOS caused by malformed search operation + (security fix); CVE-2018-14648 [bsc#1109609] + - Ticket 49943 - rfc3673_all_oper_attrs_test is not strict enough + - Ticket 49915 - Master ns-slapd had 100% CPU usage after + starting replication and replication cannot finish + - Ticket 49963 - ASAN build fails on F28 + - Ticket 49947 - Coverity Fixes + - Ticket 49958 - extended search fail to match entries + - Ticket 49928 - WebUI schema functionality and improve CLI part + - Ticket 49954 - On s390x arch retrieved DB page size is stored + as size_t rather than uint32_t + - Ticket 49928 - Refactor and improve schema CLI/lib389 part to + DSLdapObject + - Ticket 49926 - Fix replication tests on 1.3.x + - Ticket 49926 - Add replication functionality to dsconf + - Ticket 49887 - Clean up thread local usage + - Ticket 49937 - Log buffer exceeded emergency logging msg is not + thread-safe (security fix) CVE-2018-14624 [bsc#1106699] + - Ticket 49866 - fix typo in cos template in pwpolicy subtree + create + - Ticket 49930 - Correction of the existing fixture function + names to remove test_ prefix + - Ticket 49932 - Crash in delete_passwdPolicy when persistent + search connections are terminated unexpectedly CVE-2018-14638 [bsc#1108674] + - Ticket 48053 - Add attribute encryption test cases + - Ticket 49866 - Refactor PwPolicy lib389/CLI module + - Ticket 49877 - Add log level functionality to UI +- changes from 1.4.0.16 + - Revert “Ticket 49372 - filter optimisation improvements for + common queries” + - Revert “Ticket 49432 - filter optimise crash” + - Ticket 49887 - Fix SASL map creation when –disable-perl + - Ticket 49858 - Add backup/restore and import/export + functionality to WebUI/CLI +- changes from 1.4.0.15 + - Ticket 49029 - Internal logging thread data needs to allocate + int pointers + - Ticket 48061 - CI test - config + - Ticket 48377 - Only ship libjemalloc.so.2 + - Ticket 49885 - On some platform fips does not exist +- changes from 1.4.0.14 + - Ticket 49891 - Use “__python3” macro for python scripts + - Ticket 49890 - SECURITY FIX - ldapsearch with server side sort + crashes the ldap server CVE-2018-10935 [bsc#1105606] + - Ticket 49029 - RFE -improve internal operations logging + - Ticket 49893 - disable nunc-stans by default + - Ticket 48377 - Update file name for LD_PRELOAD + - Ticket 49884 - Improve nunc-stans test to detect socket errors + sooner + - Ticket 49888 - Use perl filter in rpm specfile + - Ticket 49866 - Add password policy features to CLI/UI + - Ticket 49881 - Missing check for crack.h + - Ticket 48056 - Add more test cases to the basic suite + - Ticket 49761 - Fix replication test suite issues + - Ticket 49381 - Refactor the plugin test suite docstrings + - Ticket 49837 - Add new password policy attributes to UI + - Ticket 49794 - RFE - Add pam_pwquality features to password + syntax checking + - Ticket 49867 - Fix CLI tools’ double output +- changes from 1.4.0.13 + - Ticket 49854 - ns-slapd should create run_dir and lock_dir + directories at startup + - Ticket 49806 - Add SASL functionality to CLI/UI + - Ticket 49789 - backout originali security fix from 1.4.0.12 as + it caused a regression in FreeIPA + - Ticket 49857 - RPM scriptlet for 389-ds-base-legacy-tools + throws an error +- changes from 1.4.0.12 + - Ticket 49813 - Revised interactive installer + - Ticket 49789 - By default, do not manage unhashed password + (Security Fix) CVE-2018-10871 [bsc#1099564] + - Ticket 49844 - lib389: don’t set up logging at module scope + - Ticket 49546 - Fix issues with MIB file + - Ticket 49840 - ds-replcheck command returns traceback errors + against ldif files having garbage content when run in offline + mode + - Ticket 49640 - Cleanup plugin bootstrap logging + - Ticket 49835 - lib389: fix logging + - Ticket 48818 - For a replica bindDNGroup, should be fetched the + first time it is used not when the replica is started + - Ticket 49780 - acl_copyEval_context double free + - Ticket 49830 - Import fails if backend name is “default” + - Ticket 49832 - remove tcmalloc references + - Ticket 49813 - dscreate - add interactive installer + - Ticket 49808 - Add option to add backend to dscreate + - Ticket 49811 - lib389 setup.py should install autogenerated man + pages + - Ticket 49795 - UI - add “action” backend funtionality + - Ticket 49588 - Add py3 support for tickets : part-3 + - Ticket 49820 - lib389 requires wrong python ldap library + - Ticket 49791 - Update docker file for new dscreate options + - Ticket 49761 - Fix more CI test issues + - Ticket 49811 - Update man pages + - Ticket 49783 - UI - add server configuration backend + - Ticket 49717 - Add conftest.py for tests + - Ticket 49588 - Add py3 support for tickets + - Ticket 49793 - Updated descriptions in dscreate example INF + file + - Ticket 49471 - Rename dscreate options + - Ticket 49751 - passwordMustChange attribute is not honored by a + RO consumer if using “Chain on Update” + - Ticket 49734 - Fix various issues with Disk Monitoring +- changes from 1.4.0.11 + - Ticket 49788 - Add test for ticket #49788 + - Ticket 49788 - Fixing 4-byte UTF-8 character validation + - Ticket 49777 - add config subcommand to dsconf + - Ticket 49712 - lib389 CLI tools should return a result code on + failures + - Ticket 49588 - Add py3 support for tickets : part-2 + - Remove old RHEL/fedora version checking from upstream specfile + - Ticket 48204 - remove python2 from scripts + - Ticket 49576 - ds-replcheck: fix certificate directory + verification + - Bug 1591761 - 389-ds-base: Remove jemalloc exports +- changes from 1.4.0.10 + - Ticket 49640 - Errors about PBKDF2 password storage plugin at + server startup + - Ticket 49571 - perl subpackage and python installer by default + - Ticket 49740 - UI - Replication monitor color coding is not + colorblind friendly + - Ticket 49741 - UI - View/Edit replication agreement hangs WebUI + - Ticket 49703 - UI - Set default values in create instance form + - Ticket 49742 - Fine grained password policy can impact search + performance + - Ticket 49768 - Under network intensive load persistent search + can erronously decrease connection refcnt(Security Fix) CVE-2018-10850 [bsc#1096368] + - Ticket 49765 - compiler warning + - Ticket 49689 - Cockpit subpackage does not build in PREFIX + installations + - Ticket 49765 - Async operations can hang when the server is + running nunc-stans + - Ticket 49745 - UI add filter options for error log severity + levels + - Ticket 49761 - Fix test suite issues + - Ticket 49754 - instances created with dscreate can not be + upgraded with setup-ds.pl + - Ticket 47902 - UI - add continuous refresh log feature + - Ticket 49381 - Add docstrings to plugin test suites - Part 1 + - Ticket 49646 - Improve TLS cert processing in lib389 CLI + - Ticket 49748 - Passthru plugin startTLS option not working + - Ticket 49732 - Optimize resource limit checking for rootdn + issued searches + - Ticket 48377 - Bundle jemalloc + - Ticket 49736 - Hardening of active connection list + - Ticket 48184 - clean up and delete connections at shutdown + (3rd) + - Ticket 49675 - Revise coverity fix + - Ticket 49333 - Do not remove versioned man pages + - Ticket 49683 - Add support for JSON option in lib389 CLI tools + - Ticket 49704 - Error log from the installer is concatenating + all lines into one + - Ticket 49726 - DS only accepts RSA and Fortezza cipher families + - Ticket 49722 - Errors log full of “ WARN - keys2idl - recieved + NULL idl from index_read_ext_allids, treating as empty set” + messages ++++ 220 more lines (skipped) ++++ between /work/SRC/openSUSE:Factory/389-ds/389-ds.changes ++++ and /work/SRC/openSUSE:Factory/.389-ds.new/389-ds.changes Old: ---- 0003-fix-rm-non-existent-man-pages.patch 389-ds-base-1.4.0.3.tar.bz2 simplify-lib389-setup-py.patch tw.patch New: ---- 389-ds-base-1.4.0.18.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ 389-ds.spec ++++++ --- /var/tmp/diff_new_pack.eXDjOv/_old 2018-10-25 08:12:11.944193637 +0200 +++ /var/tmp/diff_new_pack.eXDjOv/_new 2018-10-25 08:12:11.944193637 +0200 @@ -21,6 +21,7 @@ %define _fillupdir /var/adm/fillup-templates %endif +%bcond_with rust %bcond_with lib389 %define use_python python3 %define skip_python2 1 @@ -40,12 +41,13 @@ %else %global use_tcmalloc 0 %endif +%define svrcorelib libsvrcore0 Name: 389-ds -Version: 1.4.0.3 +Version: 1.4.0.18 Release: 0 Summary: 389 Directory Server -License: GPL-2.0 +License: GPL-2.0-only AND MPL-2.0 Group: Productivity/Networking/LDAP/Servers Url: https://pagure.io/389-ds-base Source: https://releases.pagure.org/389-ds-base/389-ds-base-%{version}.tar.bz2 @@ -55,12 +57,10 @@ # PATCH-FIX-SLES -- Make init scripts LSB conform Patch1: 0001-init_fhs.patch Patch2: 0002-use-python2-for-selinux-detection.patch -Patch3: 0003-fix-rm-non-existent-man-pages.patch -Patch4: simplify-lib389-setup-py.patch -Patch5: tw.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: autoconf BuildRequires: automake +BuildRequires: cracklib-devel BuildRequires: cyrus-sasl-devel BuildRequires: db-devel >= 4.5 BuildRequires: doxygen @@ -79,12 +79,13 @@ BuildRequires: %{python_module devel} BuildRequires: %{python_module setuptools} %if %{with lib389} -BuildRequires: %{python_module ldap >= 3.0} +BuildRequires: %{python_module argcomplete} +BuildRequires: %{python_module argparse-manpage} +BuildRequires: %{python_module ldap >= 3} BuildRequires: %{python_module pyasn1-modules} BuildRequires: %{python_module pyasn1} BuildRequires: %{python_module python-dateutil} BuildRequires: %{python_module six} -BuildRequires: python3-ldap %endif BuildRequires: pam-devel BuildRequires: pkgconfig @@ -95,11 +96,16 @@ BuildRequires: pkgconfig(libsystemd) BuildRequires: pkgconfig(nspr) BuildRequires: pkgconfig(nss) -BuildRequires: pkgconfig(svrcore) >= 4.1.3 BuildRequires: pkgconfig(systemd) %if %{use_tcmalloc} BuildRequires: pkgconfig(libtcmalloc) %endif +BuildRequires: rsync +%if %{with rust} +BuildRequires: cargo +BuildRequires: rust +BuildRequires: rust-std +%endif Requires: %{_sbindir}/service Requires: acl Requires: bind-utils @@ -132,13 +138,16 @@ %package devel Summary: Development files for the 389 Directory Server +License: GPL-2.0-only AND MPL-2.0 Group: Development/Libraries/C and C++ +Provides: svrcore-devel = 4.1.4 +Obsoletes: svrcore-devel < 4.1.4 Requires: %{name} = %{version} +Requires: %{svrcorelib} = %{version} Requires: openldap2-devel Requires: pkgconfig Requires: pkgconfig(nspr) Requires: pkgconfig(nss) -Requires: pkgconfig(svrcore) >= 4.1.3 Requires: pkgconfig(systemd) %description devel @@ -153,6 +162,7 @@ %package snmp Summary: SNMP Agent for 389 Directory Server +License: GPL-2.0-only AND MPL-2.0 Group: System/Daemons Requires: %{name} = %{version} @@ -164,7 +174,10 @@ %if %{with lib389} %package -n lib389 Summary: Python library for interacting with the 389 Directory Server +License: GPL-2.0-only AND MPL-2.0 Group: Development/Languages/Python +Requires: %{use_python}-argcomplete +Requires: %{use_python}-argparse-manpage Requires: %{use_python}-ldap >= 3.0 Requires: %{use_python}-pyasn1 Requires: %{use_python}-pyasn1-modules @@ -182,13 +195,21 @@ Python library for interacting with the 389 Directory Server %endif +%package -n %{svrcorelib} +Summary: Secure PIN handling using NSS crypto +License: MPL-2.0 +Group: System/Libraries + +%description -n %{svrcorelib} +svrcore provides applications with several ways to handle secure PIN storage +e.g. in an application that must be restarted, but needs the PIN to unlock +the private key and other crypto material, without user intervention. svrcore +uses the facilities provided by NSS. + %prep %setup -q -a 1 -n %{name}-base-%{version} %patch1 -p1 %patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 %build # Make sure python3 is used in shebangs @@ -213,7 +234,11 @@ --enable-tcmalloc \ %endif --with-selinux \ + %if %{with rust} + --enable-rust \ + %endif --with-perldir=%{_bindir} \ + --libexecdir=%{_prefix}/lib/dirsrv/ \ --with-pythonexec="%{_bindir}/%{use_python}" \ --with-systemd \ --with-systemdgroupname=%{groupname} \ @@ -266,6 +291,10 @@ mv "$i" "%{buildroot}%{_fillupdir}/sysconfig.${i##*/}" done +rm -rv %{buildroot}/usr/share/cockpit/ +mv src/svrcore/README{,.svrcore} +mv src/svrcore/LICENSE{,.svrcore} + %pre if ! getent group %{user_group} >/dev/null; then %{_sbindir}/groupadd -f -r %{user_group} @@ -335,7 +364,7 @@ exit 0 %preun -%service_del_preun %{pkg_name}.target +%service_del_preun %{pkgname}.target %pre snmp %service_add_pre dirsrv-snmp.service @@ -349,9 +378,14 @@ %postun snmp %service_del_postun %{pkgname}-snmp.service +%post -n %{svrcorelib} -p /sbin/ldconfig + +%postun -n %{svrcorelib} -p /sbin/ldconfig + %files %defattr(-,root,root) -%doc LICENSE README LICENSE.openldap +%doc README* +%license LICENSE LICENSE.openldap %dir %attr(-,%{user_group},%{user_group}) %{homedir} %dir %attr(-,%{user_group},%{user_group}) %{logdir} %config(noreplace) %{_sysconfdir}/dirsrv/config/* @@ -367,13 +401,19 @@ %{_libdir}/dirsrv/plugins/*.so %{_libdir}/dirsrv/python/*.py %{_libdir}/dirsrv/*.so.* +%if %{with rust} +%{_libdir}/dirsrv/librsds.so +%endif %{_fillupdir}/sysconfig.* %exclude %{_mandir}/man1/ldap-agent* %{_mandir}/man1/* +%{_mandir}/man5/* %{_mandir}/man8/* %{_bindir}/* -%caps(CAP_NET_BIND_SERVICE=pe) %{_sbindir}/ns-slapd -#{_sbindir}/ns-slapd +# TODO: audit bug running https://bugzilla.opensuse.org/show_bug.cgi?id=1111564 +# This also needs a lot more work on the service file +#%attr(750,root,dirsrv) %caps(CAP_NET_BIND_SERVICE=pe) %{_sbindir}/ns-slapd +%{_sbindir}/ns-slapd %{_sbindir}/bak2db %{_sbindir}/bak2db.pl %{_sbindir}/cleanallruv.pl @@ -386,9 +426,6 @@ %{_sbindir}/dbmon.sh %{_sbindir}/dbverify %{_sbindir}/dn2rdn -%{_sbindir}/ds_selinux_enabled -%{_sbindir}/ds_selinux_port_query -%{_sbindir}/ds_systemd_ask_password_acl %{_sbindir}/fixup-linkedattrs.pl %{_sbindir}/fixup-memberof.pl %{_sbindir}/ldif2db @@ -418,6 +455,7 @@ %{_sbindir}/vlvindex %{_unitdir}/[email protected] %{_unitdir}/dirsrv.target +%{_prefix}/lib/dirsrv/ # This has to be hardcoded to /lib - $libdir changes between lib/lib64, but # sysctl.d is always in /lib. %{_prefix}/lib/sysctl.d/* @@ -426,19 +464,32 @@ %files devel %defattr(-,root,root) -%doc LICENSE README +%doc README* +%doc src/svrcore/README.svrcore +%license LICENSE +%license src/svrcore/LICENSE.svrcore %{_mandir}/man3/* %{_includedir}/dirsrv +%{_includedir}/svrcore.h +%{_libdir}/libsvrcore.so %{_libdir}/dirsrv/libns-dshttpd.so %{_libdir}/dirsrv/libnunc-stans.so %{_libdir}/dirsrv/libsds.so %{_libdir}/dirsrv/libslapd.so %{_libdir}/dirsrv/libldaputil.so -%{_libdir}/pkgconfig/*.pc +%{_libdir}/pkgconfig/dirsrv.pc +%{_libdir}/pkgconfig/libsds.pc +%{_libdir}/pkgconfig/nunc-stans.pc +%{_libdir}/pkgconfig/svrcore.pc + +%files -n %{svrcorelib} +%defattr(-,root,root,-) +%license src/svrcore/LICENSE* +%{_libdir}/libsvrcore.so.* %files snmp %defattr(-,root,root,-) -%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl +%license LICENSE LICENSE.GPLv3+ LICENSE.openssl # TODO: README.devel %config(noreplace)%{_sysconfdir}/%{pkgname}/config/ldap-agent.conf %{_sbindir}/ldap-agent* @@ -448,7 +499,8 @@ %if %{with lib389} %files -n lib389 %defattr(-,root,root,-) -%doc src/lib389/LICENSE src/lib389/README* +%license src/lib389/LICENSE +%doc src/lib389/README* %{_sbindir}/dsconf %{_sbindir}/dscreate %{_sbindir}/dsctl ++++++ 389-ds-base-1.4.0.3.tar.bz2 -> 389-ds-base-1.4.0.18.tar.bz2 ++++++ ++++ 109813 lines of diff (skipped)
