commit 39b9f30b38e50d60979c3f3cc248360d0203f40c Author: MSVSphere Packaging Team Date: Wed Apr 3 15:47:47 2024 +0300 import slapi-nis-0.60.0-4.module+el8.10.0+20723+03062ebd diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..14d5db2 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/slapi-nis-0.60.0.tar.gz diff --git a/.slapi-nis.metadata b/.slapi-nis.metadata new file mode 100644 index 0000000..c8db1e4 --- /dev/null +++ b/.slapi-nis.metadata @@ -0,0 +1 @@ +e5a84cf93b13b174c6d865de2f735cbfbc950917 SOURCES/slapi-nis-0.60.0.tar.gz diff --git a/SOURCES/slapi-nis-0.60.0.tar.gz.asc b/SOURCES/slapi-nis-0.60.0.tar.gz.asc new file mode 100644 index 0000000..a708ec9 --- /dev/null +++ b/SOURCES/slapi-nis-0.60.0.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEhAodHH8+xLL+UwQ1RxniuKu/YhoFAmMAimgACgkQRxniuKu/ +YhorRw/8D0typYdDLGlalL7nMo57rjSApgy6gA4FKxMsNg/KiN1/7rMoCbu13iG0 +sP6wpeZLjBNI/nWGYLRuQOyi7DSxgXYlNp+8xzJDMKjnNjRSaK+/EjqIcWhdWoEq +Q1JDjTdJ3hDCWCMQFrA/EBqb/WgQAhdmPdVzMoy6L2GBvX7W+UlCWaSMfpq5hnqg +9SZe4NpC7i6BVhHrnWUMsQRcApnjdHlC8tQmzqdD0+iNer0asXmJcQGCI9W7EwAs +MT4be/C2hfLfWgBdaMCZGgefGFYGI1ec+hfM9jyGsJcBsRXQ8Rq+VOLEI7lkD+wc +nQwq1VVVcAwFkbziQ5JBZqOKdem8lo9Mucn/sQ297EIfIi8NVhlDDZFtkgsYAglT +gaEeK4+d0QNz2+ViwJxGp2l0mG2inV8GjiyINpntbw8dh+qwI8xLI6/6B7R6wP30 +Kj/90EehX0vFXX2ylrkrvg3d7UGp6PBgsiqeaJT5bL2ItVKJl8FyD0N9JsEL766/ +SKqNHGZjEJv1rzPf2MMqutLHe1aSyTBjq4JBYPJKHAXPdvZluyALLM94erZqA/tJ +17PCLAf3P+OvixcnyzsUTP9U7SNlLPiMqwyvUB26ul0+CqEqKzZxiTOfpbKQ8p/j +3QpkrKLn0JbofZN1K7H6x/Mdwe5scdeTP0T8YPJm+ofZq+fBdnI= +=ZUV6 +-----END PGP SIGNATURE----- diff --git a/SOURCES/slapi-nis-RHEL-5134.patch b/SOURCES/slapi-nis-RHEL-5134.patch new file mode 100644 index 0000000..3ecc30c --- /dev/null +++ b/SOURCES/slapi-nis-RHEL-5134.patch @@ -0,0 +1,102 @@ +From ee94788e63d9f35daca7c0d1e80a488f738a9c52 Mon Sep 17 00:00:00 2001 +From: Thierry Bordaz +Date: Fri, 1 Sep 2023 11:02:08 +0200 +Subject: [PATCH 1/2] BZ 2124214 - schema compat plugin deadlock on delete post + op + +Bug description: + backends locks (SC map and retroCL) are acquired in + the opposite order + (https://bugzilla.redhat.com/show_bug.cgi?id=2124214#c17) + +Fix description: + Credits of the fix are to Pierre Rogier who found + a reproducible testcase, did the fix and verified it. + + In specific condition of retroCL trimming the DEL + callback of the SC should check if the backend should + be ignored + +relates: 2124214 +--- + src/back-shr.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/src/back-shr.c b/src/back-shr.c +index ce2b1f3..1792bef 100644 +--- a/src/back-shr.c ++++ b/src/back-shr.c +@@ -2811,6 +2811,18 @@ backend_shr_delete_cb(Slapi_PBlock *pb) + if (wrap_get_call_level() > 0) { + return 0; + } ++ /* especially important to test if we want to prevent frequent ++ * deadlocks when backends are accesses in opposite order. ++ * i.e. "regular" update on domain map+retroCL and retroCL trimming ++ * retroCL+domain map ++ */ ++ if (backend_shr_write_ignore(pb)) { ++#if DEBUG_MAP_LOCK ++ slapi_log_error(SLAPI_LOG_FATAL, "schema-compat", ++ "backend_shr_delete_cb: (%p) operation is not impacting schema compat\n", PR_MyThreadId(), 1); ++#endif ++ return 0; ++ } + + /* Read parameters from the pblock. */ + slapi_pblock_get(pb, SLAPI_PLUGIN_PRIVATE, &cbdata.state); +-- +2.41.0 + + +From 61fcf534c3da767788e27641f3ebfe4d6a6c0b25 Mon Sep 17 00:00:00 2001 +From: Alexander Bokovoy +Date: Mon, 9 Oct 2023 13:53:28 +0300 +Subject: [PATCH 2/2] Add more ignores to modrdn and modify cases + +BZ 2124214 - schema compat plugin deadlock on delete post op + +Signed-off-by: Alexander Bokovoy +--- + src/back-shr.c | 18 ++++++++++++++++++ + 1 file changed, 18 insertions(+) + +diff --git a/src/back-shr.c b/src/back-shr.c +index 1792bef..4cbc39b 100644 +--- a/src/back-shr.c ++++ b/src/back-shr.c +@@ -2463,6 +2463,15 @@ backend_shr_modify_cb(Slapi_PBlock *pb) + /* No data yet, ignore */ + return 0; + } ++ ++ if (backend_shr_write_ignore(pb)) { ++#if DEBUG_MAP_LOCK ++ slapi_log_error(SLAPI_LOG_FATAL, "schema-compat", ++ "backend_shr_modify_cb: (%p) operation is not impacting schema compat\n", PR_MyThreadId(), 1); ++#endif ++ return 0; ++ } ++ + slapi_pblock_get(pb, SLAPI_MODIFY_TARGET, &dn); + slapi_pblock_get(pb, SLAPI_MODIFY_MODS, &cbdata.mods); + slapi_pblock_get(pb, SLAPI_ENTRY_PRE_OP, &cbdata.e_pre); +@@ -2669,6 +2678,15 @@ backend_shr_modrdn_cb(Slapi_PBlock *pb) + /* No data yet, ignore */ + return 0; + } ++ ++ if (backend_shr_write_ignore(pb)) { ++#if DEBUG_MAP_LOCK ++ slapi_log_error(SLAPI_LOG_FATAL, "schema-compat", ++ "backend_shr_modrdn_cb: (%p) operation is not impacting schema compat\n", PR_MyThreadId(), 1); ++#endif ++ return 0; ++ } ++ + slapi_pblock_get(pb, SLAPI_ENTRY_PRE_OP, &cbdata.e_pre); + slapi_pblock_get(pb, SLAPI_ENTRY_POST_OP, &cbdata.e_post); + +-- +2.41.0 + diff --git a/SOURCES/slapi-nis-bz2183469.patch b/SOURCES/slapi-nis-bz2183469.patch new file mode 100644 index 0000000..7f8db7f --- /dev/null +++ b/SOURCES/slapi-nis-bz2183469.patch @@ -0,0 +1,78 @@ +From 24eeccd408d9627299231d7843ca9e65e71af3de Mon Sep 17 00:00:00 2001 +From: Alexander Bokovoy +Date: Tue, 21 Mar 2023 17:32:47 +0200 +Subject: [PATCH 1/2] Test the case when container is a child of the target DN + +We can have target DN both inside or outside of a container. +Previously, the code did not look into the latter one. When container is +a child of the target DN (like using IPA's base DN instead of +cn=compat,$BASE_DN) and a search was done with a subtree scope, the +check failed. + +With this change a subtree scope search which starts with a base DN +that includes a compat tree's container would be considered for the +search. + +Fixes: rhbz#2168893 + +Signed-off-by: Alexander Bokovoy +--- + src/back-sch.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/src/back-sch.c b/src/back-sch.c +index 93746b1..e447bda 100644 +--- a/src/back-sch.c ++++ b/src/back-sch.c +@@ -1340,11 +1340,12 @@ backend_search_find_set_dn_in_group_cb(const char *group, const char *set, bool_ + + if (slapi_sdn_scope_test(cbdata->target_dn, + set_data->container_sdn, +- cbdata->scope) == 1) { ++ cbdata->scope) != 0) { + cbdata->answer = TRUE; +- } +- +- if (slapi_sdn_issuffix(cbdata->target_dn, set_data->container_sdn) == 1) { ++ } else if ((cbdata->scope == LDAP_SCOPE_SUBTREE) && ++ slapi_sdn_scope_test(set_data->container_sdn, ++ cbdata->target_dn, ++ cbdata->scope) != 0) { + cbdata->answer = TRUE; + } + +-- +2.40.0 + + +From 73058645eac86b40913deec01807854e0a8bda0d Mon Sep 17 00:00:00 2001 +From: Alexander Bokovoy +Date: Mon, 24 Apr 2023 12:19:10 +0300 +Subject: [PATCH 2/2] Identify the container without search base check + +Ignore the actual search base when identifying whether a target DN is +within a known data container. The reason is that we need to know +whether a search would have to descent into a particular container. The +scope validation will happen later. + +Signed-off-by: Alexander Bokovoy +--- + src/back-sch.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/back-sch.c b/src/back-sch.c +index e447bda..a79f61b 100644 +--- a/src/back-sch.c ++++ b/src/back-sch.c +@@ -1340,7 +1340,7 @@ backend_search_find_set_dn_in_group_cb(const char *group, const char *set, bool_ + + if (slapi_sdn_scope_test(cbdata->target_dn, + set_data->container_sdn, +- cbdata->scope) != 0) { ++ LDAP_SCOPE_SUBTREE) != 0) { + cbdata->answer = TRUE; + } else if ((cbdata->scope == LDAP_SCOPE_SUBTREE) && + slapi_sdn_scope_test(set_data->container_sdn, +-- +2.40.0 + diff --git a/SPECS/slapi-nis.spec b/SPECS/slapi-nis.spec new file mode 100644 index 0000000..b0dee17 --- /dev/null +++ b/SPECS/slapi-nis.spec @@ -0,0 +1,547 @@ +%if 0%{?fedora} >= 14 || 0%{?rhel} >= 6 +%define ldap_impl openldap +%else +%define ldap_impl mozldap +%endif +%if 0%{?fedora} >= 18 || 0%{?rhel} >= 6 +%define betxn_opts --enable-be-txns-by-default +%else +%define betxn_opts --disable-be-txns-by-default +%endif + +Name: slapi-nis +Version: 0.60.0 +Release: 4%{?dist} +Summary: NIS Server and Schema Compatibility plugins for Directory Server +Group: System Environment/Daemons +License: GPLv3 +URL: http://pagure.io/slapi-nis/ +Source0: https://releases.pagure.org/slapi-nis/slapi-nis-%{version}.tar.gz +Source1: https://releases.pagure.org/slapi-nis/slapi-nis-%{version}.tar.gz.asc +Patch0: slapi-nis-bz2183469.patch +Patch1: slapi-nis-RHEL-5134.patch + +BuildRequires: make +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool +BuildRequires: 389-ds-base-devel >= 1.3.5.6, %{ldap_impl}-devel +BuildRequires: nspr-devel, nss-devel, /usr/bin/rpcgen +%if 0%{?fedora} > 18 || 0%{?rhel} > 6 +BuildRequires: libsss_nss_idmap-devel > 1.16.0-5 +%define sss_nss_opts --with-sss-nss-idmap --with-idviews +%else +%define sss_nss_opts %{nil} +%endif +BuildRequires: pam-devel +%if (0%{?fedora} > 14 && 0%{?fedora} < 28) || (0%{?rhel} > 6 && 0%{?rhel} < 8) +BuildRequires: libtirpc-devel +%else +BuildRequires: libnsl2-devel +%endif +%if 0%{?fedora} > 27 || 0%{?rhel} > 7 +ExcludeArch: %{ix86} +%endif +Requires: 389-ds-base >= 1.3.5.6 + +%description +This package provides two plugins for Red Hat and 389 Directory Server. + +The NIS Server plugin allows the directory server to act as a NIS server +for clients, dynamically generating and updating NIS maps according to +its configuration and the contents of the DIT, and serving the results to +clients using the NIS protocol as if it were an ordinary NIS server. + +The Schema Compatibility plugin allows the directory server to provide an +alternate view of entries stored in part of the DIT, optionally adding, +dropping, or renaming attribute values, and optionally retrieving values +for attributes from multiple entries in the tree. + +%prep +%setup -q +%patch0 -p1 +%patch1 -p1 + +%build +autoconf --force +%configure --disable-static --with-ldap=%{ldap_impl} \ + --with-nsswitch --with-pam --with-pam-service=system-auth \ + %{sss_nss_opts} %{betxn_opts} +sed -i -e 's,%{_libdir}/dirsrv/plugins/,,g' -e 's,.so$,,g' doc/examples/*.ldif +make %{?_smp_mflags} + +%install +rm -rf $RPM_BUILD_ROOT +make install DESTDIR=$RPM_BUILD_ROOT +rm $RPM_BUILD_ROOT/%{_libdir}/dirsrv/plugins/*.la + +%if 0 +# ns-slapd doesn't want to start in koji, so no tests get run +%check +make check +%endif + +%files +%defattr(-,root,root,-) +%doc COPYING NEWS README STATUS doc/*.txt doc/examples/*.ldif doc/ipa +%{_mandir}/man1/* +%{_libdir}/dirsrv/plugins/*.so +%{_sbindir}/nisserver-plugin-defs + +%changelog +* Tue Oct 10 2023 Alexander Bokovoy - 0.60.0-4 +- Ignore updates from non-tracked subtrees during modify/modrdn/update + to avoid deadlocks with retro changelog +- Resolves: RHEL-5134 + +* Mon Apr 24 2023 Alexander Bokovoy - 0.60.0-3 +- Also handle base searches within the compat tree +- Related: rhbz#2183469 + +* Wed Apr 12 2023 Alexander Bokovoy - 0.60.0-2 +- Fix base DN searches outside the compat tree +- Resolves: rhbz#2183469 + +* Sat Aug 20 2022 Alexander Bokovoy - 0.60.0-1 +- upstream release 0.60.0 +- Change license from GPLv2 to GPLv3+ to follow 389-ds licensing +- Resolves: rhbz#1984010 + Fix ID views integration +- Fix base scope lookups +- Resolves: rhbz#1784172 + Bump NIS max dgram size to 8KB by default instead of 1KB +- Resolves: rhbz#2070575 + Allow to rebuild the compat tree + +* Mon Sep 13 2021 Alexander Bokovoy - 0.56.6-4 +- Resolves: rhbz#2000919 - memory leak in backend_search_cb + +* Thu Jul 01 2021 Alexander Bokovoy - 0.56.6-3 +- Resolves: rhbz#1958909 - fix regression for scoped searches in compat tree +- Resolves: rhbz#1978189 - better handle error response from libsss_nss_idmap + +* Wed Apr 07 2021 Alexander Bokovoy - 0.56.6-2 +- CVE 2021-3480: idm:DL1/slapi-nis: NULL dereference (DoS) with specially crafted Binding DN +- Resolves: rhbz#1944713 + +* Fri Dec 04 2020 Alexander Bokovoy - 0.56.6-1 +- Upstream release 0.56.6 +- Resolves rhbz#1891741 + +* Mon Sep 14 2020 Alexander Bokovoy - 0.56.5-4 +- Ignore unmatched searches +- Resolves: rhbz#1874015 + +* Thu Sep 10 2020 Alexander Bokovoy - 0.56.5-3 +- Fix memory leaks in ID views processing +- Resolves: rhbz#1875348 + +* Wed May 06 2020 Alexander Bokovoy - 0.56.5-2 +- Initialize map lock in NIS plugin +- Resolves: rhbz#1832331 + +* Mon May 04 2020 Alexander Bokovoy - 0.56.5-1 +- Upstream release 0.56.5 +- Resolves: rhbz#1751295: (2) When sync-repl is enabled, slapi-nis can deadlock during retrochanglog trimming +- Resolves: rhbz#1768156: ERR - schemacompat - map rdlock: old way MAP_MONITOR_DISABLED + +* Fri Aug 16 2019 Alexander Bokovoy - 0.56.3-2 +- Resolves rhbz#1741881 + ns-slapd is crashing intermittently + +* Wed Jun 05 2019 Alexander Bokovoy - 0.56.3-1 +- New upstream release +- Resolves rhbz#1684563 + +* Mon Jul 23 2018 Alexander Bokovoy - 0.56.2-7 +- 389-ds is not available on i686 architecture, don't build there + +* Wed May 02 2018 Alexander Bokovoy - 0.56.2-6 +- Force rebuild of configure + +* Wed May 02 2018 Alexander Bokovoy - 0.56.2-5 +- Link with libnsl explicitly in Fedora 28 or later +- Require libnsl2-devel for build +- Resolves rhbz#1573636 + +* Thu Mar 15 2018 Alexander Bokovoy - 0.56.2-4 +- Remove tcpwrappers support as they aren't available in Fedora anymore + +* Thu Mar 15 2018 Alexander Bokovoy - 0.56.2-3 +- Do not build on i686 in Fedora 28 or later as 389-ds-base is not available there anymore +- Resolves rhbz#1556448 +- Remove outdated ExclusiveArch for RHEL6 + +* Fri Feb 09 2018 Fedora Release Engineering - 0.56.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Fri Jan 19 2018 Alexander Bokovoy - 0.56.2-1 +- New upstream release +- Update links to the upstream project page and releases +- Use extended SSSD API to signal that an entry should not be cached anymore +- Add support for timeout-based NSS queries with libsss_nss_idmap + +* Thu Aug 03 2017 Fedora Release Engineering - 0.56.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 0.56.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Sat Feb 11 2017 Fedora Release Engineering - 0.56.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Mon Aug 08 2016 Alexander Bokovoy - 0.56.1-1 +- Support querying external users by UPN alias +- Don't clobber target of the pblock for ID views + +* Mon Jun 20 2016 Alexander Bokovoy - 0.56.0-2 +- Updated upstream tarball + +* Mon Jun 20 2016 Alexander Bokovoy - 0.56-1 +- Add support for changing passwords for users from a primary tree + - requires DS 1.3.5.6 or later + +* Mon May 30 2016 Alexander Bokovoy - 0.55-3 +- Add support to properly shutdown priming cache from RHEL 7.2.4 + +* Fri Feb 05 2016 Fedora Release Engineering - 0.55-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Tue Jan 26 2016 Alexander Bokovoy - 0.55-1 +- Support external members of IPA groups in schema compat +- Support bind over ID overrides when uid is not overridden +- Populate schema compat trees in parallel to LDAP server startup + +* Fri Jun 19 2015 Fedora Release Engineering - 0.54.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Thu Mar 26 2015 Alexander Bokovoy - 0.54.2-1 +- CVE-2015-0283 slapi-nis: infinite loop in getgrnam_r() and getgrgid_r() (#1206049) +- Make sure nss_sss.so.2 module is used directly +- Allow building slapi-nis with ID views against 389-ds-base from RHEL7.0/CentOS7.0 releases + +* Thu Nov 6 2014 Alexander Bokovoy - 0.54.1-1 +- support FreeIPA overrides in LDAP BIND callback +- ignore FreeIPA override searchs outside configured schema compat subtrees + +* Fri Oct 10 2014 Alexander Bokovoy - 0.54-1 +- Add support for FreeIPA's ID views +- Allow searching SSSD-provided users as memberUid case-insensitevly + Fixes bug #1130131 + +* Mon Aug 18 2014 Fedora Release Engineering - 0.53-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sun Jun 08 2014 Fedora Release Engineering - 0.53-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Tue Apr 22 2014 Nalin Dahyabhai - 0.53-1 +- correct the default NIS map settings for hosts.byname and hosts.byaddr, + from report by Rik Megens +- fix several problems when hitting out-of-memory conditions, spotted by + static analysis + +* Mon Jan 20 2014 Nalin Dahyabhai - 0.52-3 +- remove ExclusiveArch if %%{rhel} is 7 or higher, because 389-ds-base gets + built for everything now (#1055711) + +* Fri Dec 27 2013 Daniel Mach - 0.52-2 +- Mass rebuild 2013-12-27 + +* Mon Dec 16 2013 Nalin Dahyabhai - 0.52-1 +- correctly reflect whether or not we're built with transaction support in + the module's nsslapd-pluginVersion attribute +- fix a couple of should've-used-memmove()-instead-of-memcpy() cases which + would hit when removing maps or groups of maps (#1043546/#1043638) + +* Mon Dec 9 2013 Nalin Dahyabhai - 0.51-1 +- fix another request argument memory leak in NIS server (#1040159) +- fix miscellaneous items found by static analysis + +* Tue Oct 1 2013 Nalin Dahyabhai - 0.50-1 +- if we get an EPIPE while registering with rpcbind, try to reconnect and + retransmit before giving up + +* Thu Sep 19 2013 Nalin Dahyabhai - 0.49-1 +- add {nis,schema-compat}-ignore-subtree and -restrict-subtree settings, + which should let us avoid deadlocks when tasks are modifying data in + the backend database (#1007451) + +* Mon Aug 12 2013 Nalin Dahyabhai - 0.48-1 +- try to gracefully handle failures obtaining internal locks +- fix locating-by-name of entries with names that require escaping +- add self-tests for nsswitch and PAM functionality +- make nsswitch mode properly handle user and group names with commas in them +- handle attempts to PAM authenticate to compat groups (i.e., with failure) +- drop the "schema-compat-origin" attribute + +* Wed Aug 7 2013 Nalin Dahyabhai - 0.47.7-1 +- fix building against versions of directory server older than 1.3.0, which + first introduced slapi_escape_filter_value() + +* Wed Aug 7 2013 Nalin Dahyabhai - 0.47.6-1 +- only buildrequire libsss_nss_idmap-devel on releases that included SSSD + version 1.10 or later, where it first appeared + +* Wed Aug 7 2013 Nalin Dahyabhai - 0.47.5-1 +- merge Alexander Bokovoy's patches to + - teach the schema compatibility plugin to optionally serve user and group + information retrieved from libc as part of a set of compat entries + - handle simple bind requests for those entries by calling out to PAM + - to rewrite the DN of incoming bind requests to compat entries to point + at the source entries, instead of returning a referral which most clients + won't handle +- include IPA-specific docs as docs + +* Sun Aug 04 2013 Fedora Release Engineering - 0.47-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Fri May 24 2013 Nalin Dahyabhai - 0.47-1 +- fix request argument memory leaks in NIS server +- add a %%sort function + +* Thu Apr 4 2013 Nalin Dahyabhai - 0.46-1 +- when checking if we can skip processing for a given change, pay attention to + whether or not the changes cause the entry to need to be added or removed + from a map (#912673) +- check SLAPI_PLUGIN_OPRETURN in post-change hooks, in case the backend failed + to update things but the server called us anyway + +* Tue Mar 19 2013 Nalin Dahyabhai - 0.45-1 +- fix dispatching for multiple connected clients in the NIS plugin (#923336) + +* Tue Feb 5 2013 Nalin Dahyabhai - 0.44-3 +- work around multilib differences in the example .ldif files (internal + tooling) + +* Tue Nov 20 2012 Nalin Dahyabhai - 0.44-2 +- set betxn support to be disabled by default on Fedora 17 or EL 5 or older, + which have versions of IPA < 3.0, per mkosek on freeipa-devel + +* Wed Nov 14 2012 Nalin Dahyabhai - 0.44-1 +- add missing newline to a couple of debug log messages +- note whether or not betxn support is compiled in as part of the + nsslapd-pluginVersion value we report to the server +- register callbacks in the same order in both plugins, so that + their log messages are logged in the same order + +* Tue Nov 13 2012 Nalin Dahyabhai - 0.43-1 +- reintroduce support for directory server transactions (nhosoi, IPA#3046) +- control transaction support at run-time, deciding when to do things based + on the value of the nsslapd-pluginbetxn attribute in the plugin's entry +- NIS: add default settings for shadow.byname and passwd.adjunct.byname maps + +* Sat Jul 21 2012 Fedora Release Engineering - 0.42-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Wed Jun 13 2012 Nalin Dahyabhai - 0.42-1 +- drop support for directory server transactions (richm, #766320) + +* Tue May 22 2012 Nalin Dahyabhai +- fix a leak due to us assuming that slapi_mods_add_smod() not taking ownership + of an smod along with its contents, when it just keeps the contents + +* Tue Apr 10 2012 Nalin Dahyabhai - 0.41-1 +- log errors evaluating pad expressions in %%link rather than continuing on + until we hit an arithmetic exception (#810258) + +* Fri Mar 30 2012 Nalin Dahyabhai - 0.40-1 +- treat padding values passed to the "link" function as expressions to be + evaluated rather than simply as literal values (part of #767372) + +* Wed Mar 28 2012 Nalin Dahyabhai - 0.39-1 +- add a "default" function for trying to evaluate one expression, then + another, then another... (part of #767372) +- when creating a compat entry based on a real entry, set an entryUSN based on + the source entry or the rootDSE (freeipa #864); the "scaffolding" entries + won't have them + +* Tue Mar 6 2012 Nalin Dahyabhai - 0.38-1 +- properly escape RDN values when building compat entries (#796509, #800625) + +* Mon Feb 13 2012 Nalin Dahyabhai - 0.37-1 +- fix a compile error on systems where LDAP_SCOPE_SUBORDINATE isn't defined + (reported by Christian Neuhold) +- conditionalize whether we have a build dependency on tcp_wrappers (older + releases) or tcp_wrappers-devel (newer releases) + +* Tue Jan 24 2012 Nalin Dahyabhai - 0.36-1 +- take steps to avoid making yp_first/yp_next clients loop indefinitely + when a single LDAP entry produces multiple copies of the same NIS key + for a given map + +* Tue Jan 24 2012 Nalin Dahyabhai - 0.35-1 +- add mmatch/mregmatch[i]/mregsub[i] formatting functions which work like + match/regmatch[i]/regsub[i], but which can handle and return lists of + zero or more results (part of #783274) + +* Thu Jan 19 2012 Nalin Dahyabhai - 0.34-1 +- do entry comparisons ourselves, albeit less throughly, to avoid the worst + case in pathological cases (more of #771444) + +* Tue Jan 17 2012 Nalin Dahyabhai - 0.33-1 +- get more aggressive about skipping unnecessary calculations (most of + the problem in #771444, though not the approach described there) + +* Mon Jan 16 2012 Nalin Dahyabhai - 0.32-1 +- add support for directory server transactions (#758830,#766320) + +* Sat Jan 14 2012 Fedora Release Engineering - 0.28-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Wed Jan 11 2012 Nalin Dahyabhai - 0.31-1 +- fix some memory leaks (more of #771493) + +* Tue Jan 10 2012 Nalin Dahyabhai - 0.30-1 +- skip recalculations when the attributes which changed don't factor into + our calculations (part of #771493) + +* Wed Jan 4 2012 Nalin Dahyabhai - 0.29-1 +- add regmatchi/regsubi formatting functions which work like regmatch/regsub, + but do matching in a case-insensitive manner +- update NIS map defaults to match {CRYPT} userPassword values in a + case-insensitive manner so that we also use {crypt} userPassword values +- fix inconsistencies in the NIS service stemming from using not-normalized DNs + in some places where it should have used normalized DNs + +* Mon Dec 19 2011 Nalin Dahyabhai - 0.28-1 +- when configured with --with-ldap=openldap, link with -lldap_r rather + than -lldap (rmeggins, #769107) + +* Tue Dec 6 2011 Nalin Dahyabhai - 0.27-1 +- when building for 389-ds, use Slapi_RWLocks if they appear to be available + (the rest of #730394/#730403) + +* Fri Aug 12 2011 Nalin Dahyabhai - 0.26-1 +- when building for 389-ds, use libpthread's read-write locks instead of + NSPR's (part of #730394/#730403) + +* Wed Jul 27 2011 Nalin Dahyabhai - 0.25-1 +- speed up building compat entries which reference thousands of other entries + (more of #692690) +- 389-ds-base is apparently exclusive to x86_64 and %%{ix86} on EL, so we have + to be, too + +* Fri May 13 2011 Nalin Dahyabhai - 0.24-1 +- carry our own yp.x, so that we don't get bitten if libc doesn't include + yp client routines +- we need rpcgen at build-time now + +* Thu Mar 31 2011 Nalin Dahyabhai - 0.23-1 +- speed up building compat entries with attributes with thousands of literal + values (#692690) + +* Wed Feb 09 2011 Fedora Release Engineering - 0.22-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Thu Jan 6 2011 Nalin Dahyabhai - 0.22-1 +- fix a number of scanner-uncovered defects + +* Thu Jan 6 2011 Nalin Dahyabhai - 0.21-2 +- make sure we always pull in nss-devel and nspr-devel, and the right + ldap toolkit for the Fedora or RHEL version + +* Tue Nov 23 2010 Nalin Dahyabhai - 0.21-1 +- update to 0.21 + - schema-compat: don't look at standalone compat containers for a search, + since we'll already have looked at the group container + +* Tue Nov 23 2010 Nalin Dahyabhai - 0.20-1 +- update to 0.20 + - add a deref_f function + +* Mon Nov 22 2010 Nalin Dahyabhai - 0.19-1 +- fix a brown-paper-bag crash + +* Mon Nov 22 2010 Nalin Dahyabhai - 0.18-1 +- update to 0.18 + - add a deref_rf function + - schema-compat: don't respond to search requests for which there's no backend + - schema-compat: add the ability to do standalone compat containers + +* Wed Nov 17 2010 Nalin Dahyabhai - 0.17-6 +- revert that last change, it's unnecessary + +* Thu Nov 11 2010 Nalin Dahyabhai - 0.17-5 +- build against either 389-ds-base or redhat-ds-base, whichever is probably + more appropriate here + +* Sun Jul 26 2009 Fedora Release Engineering - 0.17-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Jul 15 2009 Nalin Dahyabhai - 0.17-3 +- change buildreq from fedora-ds-base-devel to 389-ds-base-devel, which + should avoid multilib conflicts from installing both arches of the new + package (#511504) + +* Tue Jul 14 2009 Nalin Dahyabhai - 0.17-2 +- fixup changelog entries that resemble possible macro invocations + +* Thu May 14 2009 Nalin Dahyabhai - 0.17-1 +- actually send portmap registrations to the right server + +* Thu May 14 2009 Nalin Dahyabhai - 0.16-1 +- fix NIS server startup problem when no port is explicitly configured and + we're using portmap instead of rpcbind (#500903) + +* Fri May 8 2009 Nalin Dahyabhai - 0.15-1 +- fix %%deref and %%referred to fail rather than return a valid-but-empty + result when they fail to evaluate (reported by Rob Crittenden) + +* Wed May 6 2009 Nalin Dahyabhai - 0.14-1 +- correctly handle being loaded but disabled (#499404) + +* Thu Apr 30 2009 Nalin Dahyabhai - 0.13-1 +- update to 0.13, reworking %%link() to correct some bugs (#498432) + +* Thu Apr 30 2009 Nalin Dahyabhai - 0.12-1 +- correct test suite failures that 0.11 started triggering + +* Tue Apr 28 2009 Nalin Dahyabhai - 0.11-1 +- update to 0.11 (#497904) + +* Wed Mar 4 2009 Nalin Dahyabhai - 0.10-1 +- update to 0.10 + +* Wed Feb 25 2009 Fedora Release Engineering - 0.9-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Tue Dec 9 2008 Nalin Dahyabhai - 0.8.5-2 +- make the example nsslapd-pluginpath values the same on 32- and 64-bit + systems, because we can depend on the directory server "knowing" which + directory to search for the plugins + +* Mon Dec 8 2008 Nalin Dahyabhai - 0.8.5-1 +- update to 0.8.5 to suppress duplicate values for attributes in the schema + compatibility plugin + +* Thu Dec 4 2008 Nalin Dahyabhai - 0.8.4-1 +- update to 0.8.4 to fix: + - problems updating references, particularly those for %%referred() (#474478) + - inability to notice internal add/modify/modrdn/delete operations (really + this time) (#474426) + +* Wed Dec 3 2008 Nalin Dahyabhai - 0.8.3-1 +- update to 0.8.3 to also notice and reflect changes caused by internal + add/modify/modrdn/delete operations + +* Wed Nov 19 2008 Nalin Dahyabhai - 0.8.2-1 +- update to 0.8.2 to remove a redundant read lock in the schema-compat plugin + +* Fri Nov 7 2008 Nalin Dahyabhai - 0.9-1 +- update to 0.9 + +* Fri Oct 3 2008 Nalin Dahyabhai - 0.8.1-1 +- update to 0.8.1 to fix a heap corruption (Rich Megginson) + +* Wed Aug 6 2008 Nalin Dahyabhai - 0.8-1 +- update to 0.8 + +* Wed Aug 6 2008 Nalin Dahyabhai - 0.7-1 +- update to 0.7 + +* Wed Jul 23 2008 Nalin Dahyabhai - 0.6-1 +- rebuild (and make rpmlint happy) + +* Wed Jul 9 2008 Nalin Dahyabhai - 0.2-1 +- initial package