[Pkg-fedora-ds-maintainers] 389-ds-base: Changes to 'debian-unstable'
Timo Aaltonen
tjaalton-guest at alioth.debian.org
Fri Nov 8 13:49:19 UTC 2013
VERSION.sh | 2 -
debian/changelog | 2 -
ldap/admin/src/scripts/50contentsync.ldif | 1
ldap/admin/src/scripts/DSUtil.pm.in | 19 ++++------
ldap/admin/src/scripts/fixup-memberof.pl.in | 1
ldap/servers/slapd/attrsyntax.c | 20 ++++++++++
ldap/servers/slapd/ldaputil.c | 51 +++++++++++++++++++++++++---
7 files changed, 78 insertions(+), 18 deletions(-)
New commits:
commit b3e76d9f714e3ad98f5bf7ed6b874d5fd13bf20d
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Fri Nov 8 11:30:33 2013 +0200
bump the version
diff --git a/debian/changelog b/debian/changelog
index 4c54bcd..eb26cc1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-389-ds-base (1.3.2.2-1) UNRELEASED; urgency=low
+389-ds-base (1.3.2.3-1) UNRELEASED; urgency=low
* New upstream release. (Closes: #718325)
* Drop the cve fix, upstream.
commit 144869ff974264208f4cb7eb0e2d15c867d0ed51
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Mon Oct 28 10:23:52 2013 -0700
bump version to 1.3.2.3
diff --git a/VERSION.sh b/VERSION.sh
index fc71481..ae89caa 100644
--- a/VERSION.sh
+++ b/VERSION.sh
@@ -10,7 +10,7 @@ vendor="389 Project"
# PACKAGE_VERSION is constructed from these
VERSION_MAJOR=1
VERSION_MINOR=3
-VERSION_MAINT=2.2
+VERSION_MAINT=2.3
# if this is a PRERELEASE, set VERSION_PREREL
# otherwise, comment it out
# be sure to include the dot prefix in the prerel
commit a4073a8b224641280f2cc0c5b6fe0417e34297a6
Author: Rich Megginson <rmeggins at redhat.com>
Date: Mon Oct 7 15:18:12 2013 -0600
Ticket #47515 Fedora 20: setup-ds-admin.pl
https://fedorahosted.org/389/ticket/47515
Reviewed by: nhosoi (Thanks!)
Branch: master
Fix Description: If the last section in the last inf in process_maptbl was
a simple string scalar, and not a hash ref, the $infsection variable would
be set to that string scalar, and execution would pass to the next statement
beyond the foreach loop. The next statement would attempt to dereference
that simple string as a hash reference.
The fix is to just remove that test for the presence of the hash key. If
execution got to this point in the code, the hash key was not found, and we
need to check for a default value, or no key at all. Note that the old
code would always have returned true for this condition - calling
defined($href->{key}) will always return 0 if $href is not really a hash
ref.
Not sure why this is a problem on F20 - perhaps perl 5.18 in F20 is much
more strict with "use strict".
Platforms tested: RHEL6 x86_64, Fedora 20
Flag Day: no
Doc impact: no
(cherry picked from commit 31480d928c561fb41a2511acacb03a3405bf9687)
diff --git a/ldap/admin/src/scripts/DSUtil.pm.in b/ldap/admin/src/scripts/DSUtil.pm.in
index eaf5e4b..d40d889 100644
--- a/ldap/admin/src/scripts/DSUtil.pm.in
+++ b/ldap/admin/src/scripts/DSUtil.pm.in
@@ -861,18 +861,15 @@ sub process_maptbl
}
}
}
- if (!defined($infsection->{$value}))
+ if ($default_value ne "")
{
- if ($default_value ne "")
- {
- $default_value =~ tr/\"//d; # default_value is a regular double quoted string - remove quotes
- $mapper->{$key} = $default_value;
- }
- else
- {
- push @{$errs}, ['no_mapvalue_for_key', $value, $key];
- return {};
- }
+ $default_value =~ tr/\"//d; # default_value is a regular double quoted string - remove quotes
+ $mapper->{$key} = $default_value;
+ }
+ else
+ {
+ push @{$errs}, ['no_mapvalue_for_key', $value, $key];
+ return {};
}
}
}
commit b5676abcf8c5cef686438a53a6514d562f6737dc
Author: Nathan Kinder <nkinder at redhat.com>
Date: Tue Oct 22 17:57:32 2013 -0700
Ticket 47569 - Fix build warnings
The previous commit for this ticket introduced some build warnings.
This patch corrects the build warnings.
(cherry picked from commit 01df89d34528a4551e079973a78586c87d521ba1)
diff --git a/ldap/servers/slapd/attrsyntax.c b/ldap/servers/slapd/attrsyntax.c
index a08ea96..6386fbe 100644
--- a/ldap/servers/slapd/attrsyntax.c
+++ b/ldap/servers/slapd/attrsyntax.c
@@ -542,14 +542,14 @@ attr_syntax_exists(const char *attr_name)
int free_attr = 0;
/* Ignore any attribute subtypes. */
- if (p = strchr(attr_name, ';')) {
+ if ((p = strchr(attr_name, ';'))) {
int check_attr_len = p - attr_name + 1;
check_attr_name = (char *)slapi_ch_malloc(check_attr_len);
PR_snprintf(check_attr_name, check_attr_len, "%s", attr_name);
free_attr = 1;
} else {
- check_attr_name = attr_name;
+ check_attr_name = (char *)attr_name;
}
asi = attr_syntax_get_by_name(check_attr_name);
commit 2b7cbb8dfe6725f0ce3a19707dea8b8c59c6ea46
Author: Nathan Kinder <nkinder at redhat.com>
Date: Tue Oct 22 14:28:34 2013 -0700
Ticket 47569 - ACIs do not allow attribute subtypes in targetattr keyword
When validating the targetattr ACI keyword, we check if the attribute
is defined in the schema. This schema check fails if the attribute
has a subtype present.
This patch makes the attribute syntax lookup function check if a
subtype was specified before performing the looking. If a subtype
is specified, it is stripped off and we just use the base attribute
name to lookup the syntax from the hashtable.
(cherry picked from commit cb73cf2b09b015696d0ef04820cfbbb564143207)
diff --git a/ldap/servers/slapd/attrsyntax.c b/ldap/servers/slapd/attrsyntax.c
index 7abd6b7..a08ea96 100644
--- a/ldap/servers/slapd/attrsyntax.c
+++ b/ldap/servers/slapd/attrsyntax.c
@@ -537,10 +537,28 @@ int
attr_syntax_exists(const char *attr_name)
{
struct asyntaxinfo *asi;
+ char *check_attr_name = NULL;
+ char *p = NULL;
+ int free_attr = 0;
+
+ /* Ignore any attribute subtypes. */
+ if (p = strchr(attr_name, ';')) {
+ int check_attr_len = p - attr_name + 1;
+
+ check_attr_name = (char *)slapi_ch_malloc(check_attr_len);
+ PR_snprintf(check_attr_name, check_attr_len, "%s", attr_name);
+ free_attr = 1;
+ } else {
+ check_attr_name = attr_name;
+ }
- asi = attr_syntax_get_by_name(attr_name);
+ asi = attr_syntax_get_by_name(check_attr_name);
attr_syntax_return( asi );
+ if (free_attr) {
+ slapi_ch_free_string(&check_attr_name);
+ }
+
if ( asi != NULL )
{
return 1;
commit 8bfefb6244240ec1a243231057f00e0a5499f37a
Author: Nathan Kinder <nkinder at redhat.com>
Date: Tue Oct 22 15:24:36 2013 -0700
Ticket 47565 - Content Sync update file needs extensibleObject
The Content Sync Plug-in update file will cause a schema violation
that causes dse.ldif to fail to load after upgrading an older DS
instance. The problem is that the nsslapd-depends-on-name attribute
is used, but the extensibleObject objectclass is not present for
the config entry. This is required since nsslapd-depends-on-named
is not really defined in the schema like a normal attribute.
(cherry picked from commit bf1203a0916cdbee27651644b85aa21e6de1224b)
diff --git a/ldap/admin/src/scripts/50contentsync.ldif b/ldap/admin/src/scripts/50contentsync.ldif
index 0f15bdb..c48202b 100644
--- a/ldap/admin/src/scripts/50contentsync.ldif
+++ b/ldap/admin/src/scripts/50contentsync.ldif
@@ -1,6 +1,7 @@
dn: cn=Content Synchronization,cn=plugins,cn=config
objectclass: top
objectclass: nsSlapdPlugin
+objectclass: extensibleObject
cn: Content Synchronization
nsslapd-pluginpath: libcontentsync-plugin
nsslapd-plugininitfunc: sync_init
commit 9b0e6a3c3add3a4e8f4493f9317d52fa84374c91
Author: Thierry bordaz (tbordaz) <tbordaz at redhat.com>
Date: Mon Oct 21 16:55:11 2013 +0200
Ticket 47560: fixup memberof task does not work: task entry not added
Bug Description:
The fixup memberof tasks is triggered by ADD of entry like:
cn=memberOf_fixup_YYYY_MM_DD_HH_MM_SS, cn=memberOf task, cn=tasks, cn=config
the script fixup-memberof.pl does not add this entry
Fix Description:
Initialize the $entry variable
https://fedorahosted.org/389/ticket/47560
Reviewed by: Noriko Hosoi
Platforms tested: F17
Flag Day: no
Doc impact: no
diff --git a/ldap/admin/src/scripts/fixup-memberof.pl.in b/ldap/admin/src/scripts/fixup-memberof.pl.in
index c7038f6..2355455 100644
--- a/ldap/admin/src/scripts/fixup-memberof.pl.in
+++ b/ldap/admin/src/scripts/fixup-memberof.pl.in
@@ -135,6 +135,7 @@ if ( $filter_arg ne "" )
$filter = "filter: $filter_arg\n";
}
+$entry = "${dn}${misc}${cn}${basedn}${filter}";
$rc = DSUtil::ldapmod($entry, %info);
$dn =~ s/^dn: //;
commit 7b3b2fe9d4a7f73a12b4f2d499b2e6a2f80e454b
Author: Rich Megginson <rmeggins at redhat.com>
Date: Mon Oct 14 12:43:51 2013 -0600
Ticket #47559 hung server - related to sasl and initialize
https://fedorahosted.org/389/ticket/47559
Reviewed by: nhosoi (Thanks!)
Branch: 389-ds-base-1.3.2
Fix Description: Use a mutex to protect calls to openldap functions that do
anything with crypto - bind, unbind, start_tls, other calls.
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: no
(cherry picked from commit da3e4aa40b04094d0e77052b894b0f0c335ea1ef)
diff --git a/ldap/servers/slapd/ldaputil.c b/ldap/servers/slapd/ldaputil.c
index ed3491e..32c05ec 100644
--- a/ldap/servers/slapd/ldaputil.c
+++ b/ldap/servers/slapd/ldaputil.c
@@ -99,10 +99,16 @@
#if !defined(USE_OPENLDAP)
#include <ldap_ssl.h>
#include <ldappr.h>
+#define BIND_LOCK (void)0
+#define BIND_UNLOCK (void)0
#else
/* need mutex around ldap_initialize - see https://fedorahosted.org/389/ticket/348 */
static PRCallOnceType ol_init_callOnce = {0,0};
static PRLock *ol_init_lock = NULL;
+/* need mutex around ldap_sasl_bind - see https://fedorahosted.org/389/ticket/47599 */
+static PRLock *ol_bind_lock = NULL;
+#define BIND_LOCK PR_Lock(ol_bind_lock)
+#define BIND_UNLOCK PR_Unlock(ol_bind_lock)
static PRStatus
internal_ol_init_init(void)
@@ -110,12 +116,20 @@ internal_ol_init_init(void)
PR_ASSERT(NULL == ol_init_lock);
if ((ol_init_lock = PR_NewLock()) == NULL) {
PRErrorCode errorCode = PR_GetError();
- slapi_log_error(SLAPI_LOG_FATAL, "internal_ol_init_init", "PR_NewLock failed %d:%s\n",
+ slapi_log_error(SLAPI_LOG_FATAL, "internal_ol_init_init", "PR_NewLock init_lock failed %d:%s\n",
errorCode, slapd_pr_strerror(errorCode));
return PR_FAILURE;
}
- return PR_SUCCESS;
+ PR_ASSERT(NULL == ol_bind_lock);
+ if ((ol_bind_lock = PR_NewLock()) == NULL) {
+ PRErrorCode errorCode = PR_GetError();
+ slapi_log_error(SLAPI_LOG_FATAL, "internal_ol_init_init", "PR_NewLock bind_lock failed %d:%s\n",
+ errorCode, slapd_pr_strerror(errorCode));
+ return PR_FAILURE;
+ }
+
+ return PR_SUCCESS;
}
#endif
@@ -145,7 +159,16 @@ void
slapi_ldap_unbind( LDAP *ld )
{
if ( ld != NULL ) {
+#if defined(USE_OPENLDAP)
+ if (PR_SUCCESS != PR_CallOnce(&ol_init_callOnce, internal_ol_init_init)) {
+ slapi_log_error(SLAPI_LOG_FATAL, "slapi_ldap_unbind",
+ "Could not perform internal ol_init init\n");
+ return;
+ }
+#endif
+ BIND_LOCK;
ldap_unbind_ext( ld, NULL, NULL );
+ BIND_UNLOCK;
}
}
@@ -1034,11 +1057,22 @@ slapi_ldap_bind(
ldap_controls_free(clientctrls);
ldap_set_option(ld, LDAP_OPT_CLIENT_CONTROLS, NULL);
+#if defined(USE_OPENLDAP)
+ if (PR_SUCCESS != PR_CallOnce(&ol_init_callOnce, internal_ol_init_init)) {
+ slapi_log_error(SLAPI_LOG_FATAL, "slapi_ldap_bind",
+ "Could not perform internal ol_init init\n");
+ rc = -1;
+ goto done;
+ }
+#endif
+
if ((secure > 0) && mech && !strcmp(mech, LDAP_SASL_EXTERNAL)) {
#if defined(USE_OPENLDAP)
/* we already set up a tls context in slapi_ldap_init_ext() - this will
free those old settings and context and create a new one */
+ PR_Lock(ol_bind_lock);
rc = setup_ol_tls_conn(ld, 1);
+ PR_Unlock(ol_bind_lock);
#else
/* SSL connections will use the server's security context
and cert for client auth */
@@ -1063,7 +1097,9 @@ slapi_ldap_bind(
}
if (secure == 2) { /* send start tls */
+ BIND_LOCK;
rc = ldap_start_tls_s(ld, NULL /* serverctrls?? */, NULL);
+ BIND_UNLOCK;
if (LDAP_SUCCESS != rc) {
slapi_log_error(SLAPI_LOG_FATAL, "slapi_ldap_bind",
"Error: could not send startTLS request: "
@@ -1085,8 +1121,11 @@ slapi_ldap_bind(
"attempting %s bind with id [%s] creds [%s]\n",
mech ? mech : "SIMPLE",
bindid, creds);
- if ((rc = ldap_sasl_bind(ld, bindid, mech, &bvcreds, serverctrls,
- NULL /* clientctrls */, &mymsgid))) {
+ BIND_LOCK;
+ rc = ldap_sasl_bind(ld, bindid, mech, &bvcreds, serverctrls,
+ NULL /* clientctrls */, &mymsgid);
+ BIND_UNLOCK;
+ if (rc) {
char *myhostname = NULL;
char *copy = NULL;
char *ptr = NULL;
@@ -1142,7 +1181,9 @@ slapi_ldap_bind(
/* take the one provided by the caller. It should be the one defined in the protocol */
bind_timeout = timeout;
}
+ BIND_LOCK;
rc = ldap_result(ld, mymsgid, LDAP_MSG_ALL, bind_timeout, &result);
+ BIND_UNLOCK;
if (-1 == rc) { /* error */
rc = slapi_ldap_get_lderrno(ld, NULL, NULL);
slapi_log_error(SLAPI_LOG_FATAL, "slapi_ldap_bind",
@@ -1206,9 +1247,11 @@ slapi_ldap_bind(
ldap_set_option(ld, LDAP_OPT_X_SASL_SSF_MAX, &max_ssf);
}
#endif
+ BIND_LOCK;
rc = slapd_ldap_sasl_interactive_bind(ld, bindid, creds, mech,
serverctrls, returnedctrls,
msgidp);
+ BIND_UNLOCK;
if (LDAP_SUCCESS != rc) {
slapi_log_error(SLAPI_LOG_FATAL, "slapi_ldap_bind",
"Error: could not perform interactive bind for id "
More information about the Pkg-fedora-ds-maintainers
mailing list