import 389-ds-base-1.3.4.0-29.el7_2

This commit is contained in:
CentOS Sources 2016-03-31 10:24:26 -04:00
parent 400eba123d
commit 3fe9c0d493
6 changed files with 271 additions and 2 deletions

View file

@ -0,0 +1,72 @@
From c92cbe6a93a7933abc59b2fe4bf96a32aff2c6d8 Mon Sep 17 00:00:00 2001
From: Noriko Hosoi <nhosoi@redhat.com>
Date: Tue, 9 Feb 2016 16:12:07 -0800
Subject: [PATCH 84/86] Ticket #48536 - Crash in slapi_get_object_extension
Description: The crashed was caused by the combination of psearch and
updating one of these group values: groupOfNames, groupOfUniqueNames,
groupOfCertificates, groupOfURL.
In the psearch, it creates aclpb in the acl plug-in and sets the original
pblock address in the aclpb. Then, psearch creates a copy of the pblock and
sets it in the psearch structure. Now, the pblock address in aclpb and the
pblock address in the psearch structure do not match. The original pblock
itself is freed and the pblock area which address is stored in aclpb is not
guaranteed what is in it.
If nothing occurs, the freed pblock in aclpb is not accessed. But once one
of the group values is updated, the acl plug-in signature is updated and it
triggers to get aclpb from the pblock.
The acl_get_aclpb call accesses the freed pblock (e.g., NULL op) and it
crashes the server.
This patch checks the current pblock address and the pblock address in aclpb.
If they don't match, the address in aclpb is reassigned to the current pblock
address.
https://fedorahosted.org/389/ticket/48536
Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
(cherry picked from commit 091a5f5daf3fa378f029e293c5358ae9be9f548e)
(cherry picked from commit 8a83a93977f13db36e42798a5eed041c1b3868a9)
---
ldap/servers/plugins/acl/acl.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/ldap/servers/plugins/acl/acl.c b/ldap/servers/plugins/acl/acl.c
index 678a999..d56bed6 100644
--- a/ldap/servers/plugins/acl/acl.c
+++ b/ldap/servers/plugins/acl/acl.c
@@ -317,6 +317,13 @@ acl_access_allowed(
goto cleanup_and_ret;
}
+ if (pb != aclpb->aclpb_pblock) {
+ slapi_log_error(SLAPI_LOG_FATAL, plugin_name,
+ "acl_access_allowed: Resetting aclpb_pblock 0x%x to pblock addr 0x%x\n",
+ aclpb->aclpb_pblock, pb);
+ aclpb->aclpb_pblock = pb;
+ }
+
if ( !aclpb->aclpb_curr_entry_sdn ) {
slapi_log_error ( SLAPI_LOG_FATAL, plugin_name, "NULL aclpb_curr_entry_sdn \n" );
ret_val = LDAP_OPERATIONS_ERROR;
@@ -932,6 +939,13 @@ acl_read_access_allowed_on_entry (
tnf_string,end,"aclpb error");
return LDAP_OPERATIONS_ERROR;
}
+
+ if (pb != aclpb->aclpb_pblock) {
+ slapi_log_error(SLAPI_LOG_ACL, plugin_name,
+ "acl_read_access_allowed_on_entry: Resetting aclpb_pblock 0x%x to pblock addr 0x%x\n",
+ aclpb->aclpb_pblock, pb);
+ aclpb->aclpb_pblock = pb;
+ }
/*
* Am I a anonymous dude ? then we can use our anonympous profile
--
2.4.3

View file

@ -0,0 +1,42 @@
From ac782ed2990d5d8149c6796aa9aaf03044ad1446 Mon Sep 17 00:00:00 2001
From: Noriko Hosoi <nhosoi@redhat.com>
Date: Wed, 10 Feb 2016 13:45:50 -0800
Subject: [PATCH 85/86] Ticket #48536 - Crash in slapi_get_object_extension
Description: commit 091a5f5daf3fa378f029e293c5358ae9be9f548e introduced
a compier warning: format '%x' expects argument of type 'unsigned int',
but argument 4 has type 'Slapi_PBlock * {aka struct slapi_pblock *}
Replacing '%x' with '%p'.
(cherry picked from commit b31749f2a0bed838712719b2e6533bed0a4144e0)
(cherry picked from commit 7fb593fe56dbbce06f707bd9807bf14748273ea2)
---
ldap/servers/plugins/acl/acl.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/ldap/servers/plugins/acl/acl.c b/ldap/servers/plugins/acl/acl.c
index d56bed6..7b7fea1 100644
--- a/ldap/servers/plugins/acl/acl.c
+++ b/ldap/servers/plugins/acl/acl.c
@@ -319,7 +319,7 @@ acl_access_allowed(
if (pb != aclpb->aclpb_pblock) {
slapi_log_error(SLAPI_LOG_FATAL, plugin_name,
- "acl_access_allowed: Resetting aclpb_pblock 0x%x to pblock addr 0x%x\n",
+ "acl_access_allowed: Resetting aclpb_pblock %p to pblock addr %p\n",
aclpb->aclpb_pblock, pb);
aclpb->aclpb_pblock = pb;
}
@@ -942,7 +942,7 @@ acl_read_access_allowed_on_entry (
if (pb != aclpb->aclpb_pblock) {
slapi_log_error(SLAPI_LOG_ACL, plugin_name,
- "acl_read_access_allowed_on_entry: Resetting aclpb_pblock 0x%x to pblock addr 0x%x\n",
+ "acl_read_access_allowed_on_entry: Resetting aclpb_pblock %p to pblock addr %p\n",
aclpb->aclpb_pblock, pb);
aclpb->aclpb_pblock = pb;
}
--
2.4.3

View file

@ -0,0 +1,52 @@
From 9e58aecdd4265759a1c9aac2817da858849f08a1 Mon Sep 17 00:00:00 2001
From: Thierry Bordaz <tbordaz@redhat.com>
Date: Wed, 10 Feb 2016 15:17:02 +0100
Subject: [PATCH 86/86] Ticket 48445: keep alive entries can break replication
Bug Description:
On the consumer side, at the end of a total update the replica is enabled and the changelog recreated.
When the replica is enabled the keep alive entry (for that replica) is created .
There is a race condition (that look quite systematic in our tests) if the creation of the entry is added to the changelog
before the changelog is recreated.
In that case the ADD is erased from the CL and will never be replicated.
The keep alive entry is created (if it does not already exist) :
- during a total update (as supplier)
- when the keep alive is updated
- when the replica is enabled
Fix Description:
It is not strictly necessary to create the keep alive when the replica is enabled.
So we can skip the creation during that step.
https://fedorahosted.org/389/ticket/48445
Reviewed by: Mark Reynolds (thank you Mark)
Platforms tested: F23
Flag Day: no
Doc impact: no
(cherry picked from commit 71a891f0dcfd1aafeb3913279d42e33ed2355312)
(cherry picked from commit 02af085c2a9c23536c8d276ee35794ec6efc81f5)
---
ldap/servers/plugins/replication/repl5_replica.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/ldap/servers/plugins/replication/repl5_replica.c b/ldap/servers/plugins/replication/repl5_replica.c
index 8b53f3c..31c5f0f 100644
--- a/ldap/servers/plugins/replication/repl5_replica.c
+++ b/ldap/servers/plugins/replication/repl5_replica.c
@@ -3972,7 +3972,6 @@ replica_enable_replication (Replica *r)
/* What to do ? */
}
- replica_subentry_check(r->repl_root, replica_get_rid(r));
/* Replica came back online, Check if the total update was terminated.
If flag is still set, it was not terminated, therefore the data is
very likely to be incorrect, and we should not restart Replication threads...
--
2.4.3

View file

@ -0,0 +1,49 @@
From 202bac76ade2dcff8318f545fbccdecaec3bdde8 Mon Sep 17 00:00:00 2001
From: Thierry Bordaz <tbordaz@redhat.com>
Date: Tue, 1 Mar 2016 11:14:54 +0100
Subject: [PATCH] Ticket 48420: change severity of some messages related to
"keep alive" entries
Bug Description:
"keep alive" entries are used to prevent fractional replication
to evaluate several times the same skipped updates. (see https://fedorahosted.org/389/ticket/48266)
This entry is created on the fly when two many evaluated
updates have been skipped. This is a quite common situation
and the creation of such entry is not a FATAL error
Fix Description:
Change the log level to replication level
https://fedorahosted.org/389/ticket/48420
Reviewed by: Ludwig Krispenz (thanks Ludwig)
Platforms tested: F17
Flag Day: no
Doc impact: no
(cherry picked from commit 6788445974404398bc02da8fa105b06514e8a450)
(cherry picked from commit 17bb0688b9249693da0bda239fb7c3b35aa8e1c9)
---
ldap/servers/plugins/replication/repl5_replica.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ldap/servers/plugins/replication/repl5_replica.c b/ldap/servers/plugins/replication/repl5_replica.c
index 31c5f0f..c7cf25f 100644
--- a/ldap/servers/plugins/replication/repl5_replica.c
+++ b/ldap/servers/plugins/replication/repl5_replica.c
@@ -492,7 +492,7 @@ replica_subentry_check(Slapi_DN *repl_root, ReplicaId rid)
"Need to create replication keep alive entry <cn=%s %d,%s>\n", KEEP_ALIVE_ENTRY, rid, slapi_sdn_get_dn(repl_root));
rc = replica_subentry_create(repl_root, rid);
} else {
- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
"replication keep alive entry <cn=%s %d,%s> already exists\n", KEEP_ALIVE_ENTRY, rid, slapi_sdn_get_dn(repl_root));
rc = 0;
}
--
2.4.3

View file

@ -0,0 +1,31 @@
From 3bc24e232913684830edb2e029d1695f3470308e Mon Sep 17 00:00:00 2001
From: Noriko Hosoi <nhosoi@redhat.com>
Date: Tue, 8 Mar 2016 14:52:37 -0800
Subject: [PATCH] Ticket #48757 - License tag does not match actual license of
code
Fix Description: License tag in the spec file was updated to match the
actual license of code.
(cherry picked from commit 415d8553eddfe9b19fd9b8d8be9b934bf75a5765)
(cherry picked from commit c9bd68813c658e1caeaba9ee2c2aef62f0cc6dd6)
---
rpm/389-ds-base.spec.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/rpm/389-ds-base.spec.in b/rpm/389-ds-base.spec.in
index b7556e1..8bbd979 100644
--- a/rpm/389-ds-base.spec.in
+++ b/rpm/389-ds-base.spec.in
@@ -33,7 +33,7 @@ Name: 389-ds-base
Version: __VERSION__
#Release: %{?relprefix}1%{?prerel}%{?dist}
Release: __RELEASE__%{?dist}
-License: GPLv2 with exceptions
+License: GPLv3+
URL: http://port389.org/
Group: System Environment/Daemons
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
--
2.4.3

View file

@ -34,8 +34,8 @@
Summary: 389 Directory Server (base)
Name: 389-ds-base
Version: 1.3.4.0
Release: %{?relprefix}26%{?prerel}%{?dist}
License: GPLv2 with exceptions
Release: %{?relprefix}29%{?prerel}%{?dist}
License: GPLv3+
URL: http://port389.org/
Group: System Environment/Daemons
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -206,6 +206,11 @@ Patch79: 0080-Revert-Ticket-48338-SimplePagedResults-abandon-could.patc
Patch80: 0081-Ticket-48406-Avoid-self-deadlock-by-PR_Lock-conn-c_m.patch
Patch81: 0082-Ticket-48412-worker-threads-do-not-detect-abnormally.patch
Patch82: 0083-Ticket-48341-deadlock-on-connection-mutex.patch
Patch83: 0084-Ticket-48536-Crash-in-slapi_get_object_extension.patch
Patch84: 0085-Ticket-48536-Crash-in-slapi_get_object_extension.patch
Patch85: 0086-Ticket-48445-keep-alive-entries-can-break-replicatio.patch
Patch86: 0087-Ticket-48420-change-severity-of-some-messages-relate.patch
Patch87: 0088-Ticket-48757-License-tag-does-not-match-actual-licen.patch
%description
389 Directory Server is an LDAPv3 compliant server. The base package includes
@ -352,6 +357,11 @@ cp %{SOURCE2} README.devel
%patch80 -p1
%patch81 -p1
%patch82 -p1
%patch83 -p1
%patch84 -p1
%patch85 -p1
%patch86 -p1
%patch87 -p1
%build
%if %{use_nunc_stans}
@ -546,6 +556,19 @@ fi
%endif
%changelog
* Thu Mar 10 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-29
- release 1.3.4.0-29
- Resolves: bug 1316552 - License tag does not match actual license of code (DS 48757)
* Tue Mar 8 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-28
- release 1.3.4.0-28
- Resolves: bug 1315181 - change severity of some messages related to "keep alive" entries (DS 48420)
* Fri Feb 19 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-27
- release 1.3.4.0-27
- Resolves: bug 1309963 - keep alive entries can break replication (DS 48445)
- Resolves: bug 1309964 - Crash in slapi_get_object_extension (DS 48536)
* Mon Jan 25 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-26
- release 1.3.4.0-26
- Resolves: bug 1299346 - deadlock on connection mutex (DS 48341)