mirror of
https://git.centos.org/rpms/389-ds-base.git
synced 2025-02-24 00:32:54 +00:00
import 389-ds-base-1.3.4.0-29.el7_2
This commit is contained in:
parent
400eba123d
commit
3fe9c0d493
6 changed files with 271 additions and 2 deletions
|
@ -0,0 +1,72 @@
|
|||
From c92cbe6a93a7933abc59b2fe4bf96a32aff2c6d8 Mon Sep 17 00:00:00 2001
|
||||
From: Noriko Hosoi <nhosoi@redhat.com>
|
||||
Date: Tue, 9 Feb 2016 16:12:07 -0800
|
||||
Subject: [PATCH 84/86] Ticket #48536 - Crash in slapi_get_object_extension
|
||||
|
||||
Description: The crashed was caused by the combination of psearch and
|
||||
updating one of these group values: groupOfNames, groupOfUniqueNames,
|
||||
groupOfCertificates, groupOfURL.
|
||||
|
||||
In the psearch, it creates aclpb in the acl plug-in and sets the original
|
||||
pblock address in the aclpb. Then, psearch creates a copy of the pblock and
|
||||
sets it in the psearch structure. Now, the pblock address in aclpb and the
|
||||
pblock address in the psearch structure do not match. The original pblock
|
||||
itself is freed and the pblock area which address is stored in aclpb is not
|
||||
guaranteed what is in it.
|
||||
|
||||
If nothing occurs, the freed pblock in aclpb is not accessed. But once one
|
||||
of the group values is updated, the acl plug-in signature is updated and it
|
||||
triggers to get aclpb from the pblock.
|
||||
|
||||
The acl_get_aclpb call accesses the freed pblock (e.g., NULL op) and it
|
||||
crashes the server.
|
||||
|
||||
This patch checks the current pblock address and the pblock address in aclpb.
|
||||
If they don't match, the address in aclpb is reassigned to the current pblock
|
||||
address.
|
||||
|
||||
https://fedorahosted.org/389/ticket/48536
|
||||
|
||||
Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
|
||||
|
||||
(cherry picked from commit 091a5f5daf3fa378f029e293c5358ae9be9f548e)
|
||||
(cherry picked from commit 8a83a93977f13db36e42798a5eed041c1b3868a9)
|
||||
---
|
||||
ldap/servers/plugins/acl/acl.c | 14 ++++++++++++++
|
||||
1 file changed, 14 insertions(+)
|
||||
|
||||
diff --git a/ldap/servers/plugins/acl/acl.c b/ldap/servers/plugins/acl/acl.c
|
||||
index 678a999..d56bed6 100644
|
||||
--- a/ldap/servers/plugins/acl/acl.c
|
||||
+++ b/ldap/servers/plugins/acl/acl.c
|
||||
@@ -317,6 +317,13 @@ acl_access_allowed(
|
||||
goto cleanup_and_ret;
|
||||
}
|
||||
|
||||
+ if (pb != aclpb->aclpb_pblock) {
|
||||
+ slapi_log_error(SLAPI_LOG_FATAL, plugin_name,
|
||||
+ "acl_access_allowed: Resetting aclpb_pblock 0x%x to pblock addr 0x%x\n",
|
||||
+ aclpb->aclpb_pblock, pb);
|
||||
+ aclpb->aclpb_pblock = pb;
|
||||
+ }
|
||||
+
|
||||
if ( !aclpb->aclpb_curr_entry_sdn ) {
|
||||
slapi_log_error ( SLAPI_LOG_FATAL, plugin_name, "NULL aclpb_curr_entry_sdn \n" );
|
||||
ret_val = LDAP_OPERATIONS_ERROR;
|
||||
@@ -932,6 +939,13 @@ acl_read_access_allowed_on_entry (
|
||||
tnf_string,end,"aclpb error");
|
||||
return LDAP_OPERATIONS_ERROR;
|
||||
}
|
||||
+
|
||||
+ if (pb != aclpb->aclpb_pblock) {
|
||||
+ slapi_log_error(SLAPI_LOG_ACL, plugin_name,
|
||||
+ "acl_read_access_allowed_on_entry: Resetting aclpb_pblock 0x%x to pblock addr 0x%x\n",
|
||||
+ aclpb->aclpb_pblock, pb);
|
||||
+ aclpb->aclpb_pblock = pb;
|
||||
+ }
|
||||
|
||||
/*
|
||||
* Am I a anonymous dude ? then we can use our anonympous profile
|
||||
--
|
||||
2.4.3
|
||||
|
|
@ -0,0 +1,42 @@
|
|||
From ac782ed2990d5d8149c6796aa9aaf03044ad1446 Mon Sep 17 00:00:00 2001
|
||||
From: Noriko Hosoi <nhosoi@redhat.com>
|
||||
Date: Wed, 10 Feb 2016 13:45:50 -0800
|
||||
Subject: [PATCH 85/86] Ticket #48536 - Crash in slapi_get_object_extension
|
||||
|
||||
Description: commit 091a5f5daf3fa378f029e293c5358ae9be9f548e introduced
|
||||
a compier warning: format '%x' expects argument of type 'unsigned int',
|
||||
but argument 4 has type 'Slapi_PBlock * {aka struct slapi_pblock *}
|
||||
|
||||
Replacing '%x' with '%p'.
|
||||
|
||||
(cherry picked from commit b31749f2a0bed838712719b2e6533bed0a4144e0)
|
||||
(cherry picked from commit 7fb593fe56dbbce06f707bd9807bf14748273ea2)
|
||||
---
|
||||
ldap/servers/plugins/acl/acl.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/ldap/servers/plugins/acl/acl.c b/ldap/servers/plugins/acl/acl.c
|
||||
index d56bed6..7b7fea1 100644
|
||||
--- a/ldap/servers/plugins/acl/acl.c
|
||||
+++ b/ldap/servers/plugins/acl/acl.c
|
||||
@@ -319,7 +319,7 @@ acl_access_allowed(
|
||||
|
||||
if (pb != aclpb->aclpb_pblock) {
|
||||
slapi_log_error(SLAPI_LOG_FATAL, plugin_name,
|
||||
- "acl_access_allowed: Resetting aclpb_pblock 0x%x to pblock addr 0x%x\n",
|
||||
+ "acl_access_allowed: Resetting aclpb_pblock %p to pblock addr %p\n",
|
||||
aclpb->aclpb_pblock, pb);
|
||||
aclpb->aclpb_pblock = pb;
|
||||
}
|
||||
@@ -942,7 +942,7 @@ acl_read_access_allowed_on_entry (
|
||||
|
||||
if (pb != aclpb->aclpb_pblock) {
|
||||
slapi_log_error(SLAPI_LOG_ACL, plugin_name,
|
||||
- "acl_read_access_allowed_on_entry: Resetting aclpb_pblock 0x%x to pblock addr 0x%x\n",
|
||||
+ "acl_read_access_allowed_on_entry: Resetting aclpb_pblock %p to pblock addr %p\n",
|
||||
aclpb->aclpb_pblock, pb);
|
||||
aclpb->aclpb_pblock = pb;
|
||||
}
|
||||
--
|
||||
2.4.3
|
||||
|
|
@ -0,0 +1,52 @@
|
|||
From 9e58aecdd4265759a1c9aac2817da858849f08a1 Mon Sep 17 00:00:00 2001
|
||||
From: Thierry Bordaz <tbordaz@redhat.com>
|
||||
Date: Wed, 10 Feb 2016 15:17:02 +0100
|
||||
Subject: [PATCH 86/86] Ticket 48445: keep alive entries can break replication
|
||||
|
||||
Bug Description:
|
||||
On the consumer side, at the end of a total update the replica is enabled and the changelog recreated.
|
||||
When the replica is enabled the keep alive entry (for that replica) is created .
|
||||
There is a race condition (that look quite systematic in our tests) if the creation of the entry is added to the changelog
|
||||
before the changelog is recreated.
|
||||
In that case the ADD is erased from the CL and will never be replicated.
|
||||
|
||||
The keep alive entry is created (if it does not already exist) :
|
||||
- during a total update (as supplier)
|
||||
- when the keep alive is updated
|
||||
- when the replica is enabled
|
||||
|
||||
Fix Description:
|
||||
It is not strictly necessary to create the keep alive when the replica is enabled.
|
||||
So we can skip the creation during that step.
|
||||
|
||||
https://fedorahosted.org/389/ticket/48445
|
||||
|
||||
Reviewed by: Mark Reynolds (thank you Mark)
|
||||
|
||||
Platforms tested: F23
|
||||
|
||||
Flag Day: no
|
||||
|
||||
Doc impact: no
|
||||
|
||||
(cherry picked from commit 71a891f0dcfd1aafeb3913279d42e33ed2355312)
|
||||
(cherry picked from commit 02af085c2a9c23536c8d276ee35794ec6efc81f5)
|
||||
---
|
||||
ldap/servers/plugins/replication/repl5_replica.c | 1 -
|
||||
1 file changed, 1 deletion(-)
|
||||
|
||||
diff --git a/ldap/servers/plugins/replication/repl5_replica.c b/ldap/servers/plugins/replication/repl5_replica.c
|
||||
index 8b53f3c..31c5f0f 100644
|
||||
--- a/ldap/servers/plugins/replication/repl5_replica.c
|
||||
+++ b/ldap/servers/plugins/replication/repl5_replica.c
|
||||
@@ -3972,7 +3972,6 @@ replica_enable_replication (Replica *r)
|
||||
/* What to do ? */
|
||||
}
|
||||
|
||||
- replica_subentry_check(r->repl_root, replica_get_rid(r));
|
||||
/* Replica came back online, Check if the total update was terminated.
|
||||
If flag is still set, it was not terminated, therefore the data is
|
||||
very likely to be incorrect, and we should not restart Replication threads...
|
||||
--
|
||||
2.4.3
|
||||
|
|
@ -0,0 +1,49 @@
|
|||
From 202bac76ade2dcff8318f545fbccdecaec3bdde8 Mon Sep 17 00:00:00 2001
|
||||
From: Thierry Bordaz <tbordaz@redhat.com>
|
||||
Date: Tue, 1 Mar 2016 11:14:54 +0100
|
||||
Subject: [PATCH] Ticket 48420: change severity of some messages related to
|
||||
"keep alive" entries
|
||||
|
||||
Bug Description:
|
||||
"keep alive" entries are used to prevent fractional replication
|
||||
to evaluate several times the same skipped updates. (see https://fedorahosted.org/389/ticket/48266)
|
||||
|
||||
This entry is created on the fly when two many evaluated
|
||||
updates have been skipped. This is a quite common situation
|
||||
and the creation of such entry is not a FATAL error
|
||||
|
||||
Fix Description:
|
||||
Change the log level to replication level
|
||||
|
||||
https://fedorahosted.org/389/ticket/48420
|
||||
|
||||
Reviewed by: Ludwig Krispenz (thanks Ludwig)
|
||||
|
||||
Platforms tested: F17
|
||||
|
||||
Flag Day: no
|
||||
|
||||
Doc impact: no
|
||||
|
||||
(cherry picked from commit 6788445974404398bc02da8fa105b06514e8a450)
|
||||
(cherry picked from commit 17bb0688b9249693da0bda239fb7c3b35aa8e1c9)
|
||||
---
|
||||
ldap/servers/plugins/replication/repl5_replica.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/ldap/servers/plugins/replication/repl5_replica.c b/ldap/servers/plugins/replication/repl5_replica.c
|
||||
index 31c5f0f..c7cf25f 100644
|
||||
--- a/ldap/servers/plugins/replication/repl5_replica.c
|
||||
+++ b/ldap/servers/plugins/replication/repl5_replica.c
|
||||
@@ -492,7 +492,7 @@ replica_subentry_check(Slapi_DN *repl_root, ReplicaId rid)
|
||||
"Need to create replication keep alive entry <cn=%s %d,%s>\n", KEEP_ALIVE_ENTRY, rid, slapi_sdn_get_dn(repl_root));
|
||||
rc = replica_subentry_create(repl_root, rid);
|
||||
} else {
|
||||
- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
|
||||
+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
|
||||
"replication keep alive entry <cn=%s %d,%s> already exists\n", KEEP_ALIVE_ENTRY, rid, slapi_sdn_get_dn(repl_root));
|
||||
rc = 0;
|
||||
}
|
||||
--
|
||||
2.4.3
|
||||
|
|
@ -0,0 +1,31 @@
|
|||
From 3bc24e232913684830edb2e029d1695f3470308e Mon Sep 17 00:00:00 2001
|
||||
From: Noriko Hosoi <nhosoi@redhat.com>
|
||||
Date: Tue, 8 Mar 2016 14:52:37 -0800
|
||||
Subject: [PATCH] Ticket #48757 - License tag does not match actual license of
|
||||
code
|
||||
|
||||
Fix Description: License tag in the spec file was updated to match the
|
||||
actual license of code.
|
||||
|
||||
(cherry picked from commit 415d8553eddfe9b19fd9b8d8be9b934bf75a5765)
|
||||
(cherry picked from commit c9bd68813c658e1caeaba9ee2c2aef62f0cc6dd6)
|
||||
---
|
||||
rpm/389-ds-base.spec.in | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/rpm/389-ds-base.spec.in b/rpm/389-ds-base.spec.in
|
||||
index b7556e1..8bbd979 100644
|
||||
--- a/rpm/389-ds-base.spec.in
|
||||
+++ b/rpm/389-ds-base.spec.in
|
||||
@@ -33,7 +33,7 @@ Name: 389-ds-base
|
||||
Version: __VERSION__
|
||||
#Release: %{?relprefix}1%{?prerel}%{?dist}
|
||||
Release: __RELEASE__%{?dist}
|
||||
-License: GPLv2 with exceptions
|
||||
+License: GPLv3+
|
||||
URL: http://port389.org/
|
||||
Group: System Environment/Daemons
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
--
|
||||
2.4.3
|
||||
|
|
@ -34,8 +34,8 @@
|
|||
Summary: 389 Directory Server (base)
|
||||
Name: 389-ds-base
|
||||
Version: 1.3.4.0
|
||||
Release: %{?relprefix}26%{?prerel}%{?dist}
|
||||
License: GPLv2 with exceptions
|
||||
Release: %{?relprefix}29%{?prerel}%{?dist}
|
||||
License: GPLv3+
|
||||
URL: http://port389.org/
|
||||
Group: System Environment/Daemons
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
|
@ -206,6 +206,11 @@ Patch79: 0080-Revert-Ticket-48338-SimplePagedResults-abandon-could.patc
|
|||
Patch80: 0081-Ticket-48406-Avoid-self-deadlock-by-PR_Lock-conn-c_m.patch
|
||||
Patch81: 0082-Ticket-48412-worker-threads-do-not-detect-abnormally.patch
|
||||
Patch82: 0083-Ticket-48341-deadlock-on-connection-mutex.patch
|
||||
Patch83: 0084-Ticket-48536-Crash-in-slapi_get_object_extension.patch
|
||||
Patch84: 0085-Ticket-48536-Crash-in-slapi_get_object_extension.patch
|
||||
Patch85: 0086-Ticket-48445-keep-alive-entries-can-break-replicatio.patch
|
||||
Patch86: 0087-Ticket-48420-change-severity-of-some-messages-relate.patch
|
||||
Patch87: 0088-Ticket-48757-License-tag-does-not-match-actual-licen.patch
|
||||
|
||||
%description
|
||||
389 Directory Server is an LDAPv3 compliant server. The base package includes
|
||||
|
@ -352,6 +357,11 @@ cp %{SOURCE2} README.devel
|
|||
%patch80 -p1
|
||||
%patch81 -p1
|
||||
%patch82 -p1
|
||||
%patch83 -p1
|
||||
%patch84 -p1
|
||||
%patch85 -p1
|
||||
%patch86 -p1
|
||||
%patch87 -p1
|
||||
|
||||
%build
|
||||
%if %{use_nunc_stans}
|
||||
|
@ -546,6 +556,19 @@ fi
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Thu Mar 10 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-29
|
||||
- release 1.3.4.0-29
|
||||
- Resolves: bug 1316552 - License tag does not match actual license of code (DS 48757)
|
||||
|
||||
* Tue Mar 8 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-28
|
||||
- release 1.3.4.0-28
|
||||
- Resolves: bug 1315181 - change severity of some messages related to "keep alive" entries (DS 48420)
|
||||
|
||||
* Fri Feb 19 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-27
|
||||
- release 1.3.4.0-27
|
||||
- Resolves: bug 1309963 - keep alive entries can break replication (DS 48445)
|
||||
- Resolves: bug 1309964 - Crash in slapi_get_object_extension (DS 48536)
|
||||
|
||||
* Mon Jan 25 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-26
|
||||
- release 1.3.4.0-26
|
||||
- Resolves: bug 1299346 - deadlock on connection mutex (DS 48341)
|
||||
|
|
Loading…
Add table
Reference in a new issue