——————————————————————————–
Fedora Update Notification
FEDORA-2014-9391
2014-08-15 01:48:15
——————————————————————————–

Name : 389-ds-base
Product : Fedora 20
Version : 1.3.2.22
Release : 1.fc20
URL : http://port389.org/
Summary : 389 Directory Server (base)
Description :
389 Directory Server is an LDAPv3 compliant server. The base package includes
the LDAP server and command line utilities for server administration.

——————————————————————————–
Update Information:

389-ds-base-1.3.2.22 release – a security bug fix
——————————————————————————–
ChangeLog:

* Tue Aug 12 2014 Noriko Hosoi <nhosoi@redhat.com> – 1.3.2.22-1
– Release 1.3.2.21
– Resolves: #1127833
Ticket 47869 – unauthenticated information disclosure (Bug 1123477)
389-ds-base-1.3.2.22 = 389-ds-base-1.3.2.19 + Bug 1127833 fix.
* Thu Aug 7 2014 Noriko Hosoi <nhosoi@redhat.com> – 1.3.2.21-1
– Release 1.3.2.21
– Resolves: #1127833
Ticket 47869 – unauthenticated information disclosure (Bug 1123477)
– Ticket 47834 – Tombstone_to_glue: if parents are also converted to glue, the target entry’s DN must be adjusted.
– Ticket 47862 – repl-monitor fails to convert “*” to default values
– Ticket 47824 – paged results control is not working in some cases when we have a subsuffix.
– Ticket 47862 – Repl-monitor.pl ignores the provided connection parameters
– Ticket 346 – Fixing memory leaks
* Tue Jul 22 2014 Noriko Hosoi <nhosoi@redhat.com> – 1.3.2.20-1
– Release 1.3.2.20
– Ticket 47753 – Add switch to disable pre-hashed password checking
– Ticket 47861 – Certain schema files are not replaced during upgrade
– Ticket 47858 – Internal searches using OP_FLAG_REVERSE_CANDIDATE_ORDER can crash the server
– Ticket 47797 – DB deadlock when two threads (on separated backend) try to record changes in retroCL
– Ticket 47834 – Tombstone_to_glue: if parents are also converted to glue, the target entry’s DN must be adjusted.
– Ticket 47692 – single valued attribute replicated ADD does not work
– Ticket 47781 – Server deadlock if online import started while server is under load
* Thu Jul 3 2014 Noriko Hosoi <nhosoi@redhat.com> – 1.3.2.19-1
– Release 1.3.2.19
– Ticket 47779 – Potential deadlock after startup if a dna configuration change is made
– Ticket 47839 – 389-ds production segfault: __memcpy_sse2_unaligned…
* Tue Jul 1 2014 Noriko Hosoi <nhosoi@redhat.com> – 1.3.2.18-1
– Release 1.3.2.18
– Ticket 47750 – Creating a glue fails if one above level is a conflict or missing
– Ticket 47763 – winsync plugin modify is broken
– Ticket 47821 – deref plugin cannot handle complex acis
– Ticket 47831 – server restart wipes out index config if there is a default index
– Ticket 47817 – The error result text message should be obtained just prior to sending result
– Ticket 47815 – Add operations rejected by betxn plugins remain in cache
– Ticket 47809 – find a way to remove replication plugin errors messages “changelog iteration code returned a dummy entry with csn %s, skipping …”
– Ticket 47704 – invalid sizelimits in aci group evaluation
– Ticket 47813 – remove “goto bail” from previous commit
– Ticket 47813 – managed entry plugin fails to update member pointer on modrdn operation
– Ticket 47808 – If be_txn plugin fails in ldbm_back_add, adding entry is double freed.
– Ticket 47770 – #481 breaks possibility to reassemble memberuid list
* Thu May 29 2014 Noriko Hosoi <nhosoi@redhat.com> – 1.3.2.17-1
– Release 1.3.2.17
– Ticket 47446 – logconv.pl memory continually grows
– Ticket 47713 – Logconv.pl with an empty access log gives lots of errors
– Ticket 47806 – Failed deletion of aci: no such attribute
– bump version
– Ticket 47720 – Normalization from old DN format to New DN format doesnt handel condition properly when there is space in a suffix after the seperator operator.
– Ticket 47670 – Aci warnings in error log
– Ticket 47721 – Schema Replication Issue (follow up)
– Ticket 47721 – Schema Replication Issue (follow up + cleanup)
– Ticket 47721 – Schema Replication Issue
– Ticket 47676 – (cont.) Replication of the schema fails ‘master branch’ -> 1.2.11 or 1.3.1
– Ticket 47676 – Replication of the schema fails ‘master branch’ -> 1.2.11 or 1.3.1
– Ticket 47541 – Fix Jenkins errors
– Ticket 47541 – Replication of the schema may overwrite consumer ‘attributetypes’ even if consumer definition is a superset
– Ticket 47804 – db2bak.pl error with changelogdb
– Ticket 47780 – Some VLV search request causes memory leaks
– Ticket 47787 – A replicated MOD fails (Unwilling to perform) if it targets a tombstone
– Ticket 47764 – Problem with deletion while replicated
– Ticket 47750 – Creating a glue fails if one above level is a conflict or missing; Ticket 47696 – Large Searches Hang – Possibly entryrdn related
– Ticket 47772 – fix coverity issue
– Ticket 47793 – Server crashes if uniqueMember is invalid syntax and memberOf plugin is enabled.
– Ticket 47792 – database plugins need a way to call betxn plugins
– Ticket 47707 – 389 DS Server crashes and dies while handles paged searches from clients
– Ticket 47792 – code cleanup
– Ticket 47779 – Need to lock server list when removing list
– Ticket 47771 – Move parentsdn initialization to avoid crash
– Ticket 47779 – Part of DNA shared configuration is deleted after server restart
– Ticket 346 – Slow ldapmodify operation time for large quantities of multi-valued attribute values
– Ticket 47782 – Parent numbordinate count can be incorrectly updated if an error occurs
– Ticket 47772 – empty modify returns LDAP_INVALID_DN_SYNTAX
– Ticket 47774 – mem leak in do_search – rawbase not freed upon certain errors
– Ticket 47773 – mem leak in do_bind when there is an error
– Ticket 47771 – Performing deletes during tombstone purging results in operation errors
– Ticket 47767 – Nested tombstones become orphaned after purge
– Ticket 47766 – Tombstone purging can crash the server if the backend is stopped/disabled
– Ticket 47759 – Crash in replication when server is under write load
– Ticket 47740 – Fix coverity issues(part 7)
– Ticket 47748 – Simultaneous adding a user and binding as the user could fail in the password policy check
– Ticket 47743 – Memory leak with proxy auth control
– Ticket 47740 – Crash caused by changes to certmap.c
– Ticket 47733 – ds logs many “Operation error fetching Null DN” messages
– Ticket 47740 – Fix coverity issues: null deferences – Part 6
– Ticket 47732 – ds logs many “SLAPI_PLUGIN_BE_TXN_POST_DELETE_FN plugin returned error” messages
– Ticket 47740 – Coverity issue in 1.3.3
– Ticket 47735 – e_uniqueid fails to set if an entry is a conflict entry
– Ticket 47740 – Fix coverity issues – Part 5
– Ticket 47740 – Fix coverity erorrs – Part 4
– Ticket 47640 – Fix coverity issues – part 3
– Ticket 47740 – Fix sync plugin resource leaks
– Ticket 47538 – RFE: repl-monitor.pl plain text output, cmdline config options
– Ticket 47740 – Coverity Fixes (Mark – part 1)
– Ticket 47734 – Change made in resolving ticket #346 fails on Debian SPARC64
– Ticket 47722 – Fixed filter not correctly identified
– Ticket 47722 – rsearch filter error on any search filter
* Fri Mar 14 2014 Noriko Hosoi <nhosoi@redhat.com> – 1.3.2.16-1
– Release 1.3.2.16 (This release is 1.3.2.13 + Ticket 47739)
– Ticket 47739 – directory server is insecurely misinterpreting authzid on a SASL/GSSAPI bind
* Thu Mar 13 2014 Noriko Hosoi <nhosoi@redhat.com> – 1.3.2.15-1
– Bump version to 1.3.2.15
– Ticket 47735 – e_uniqueid fails to set if an entry is a conflict entry
– Ticket 47740 – Coverity issue in 1.3.3
– Ticket 47740 – Fix coverity issues – Part 5
– Ticket 47740 – Fix coverity erorrs – Part 4
– Ticket 47640 – Fix coverity issues – part 3
– Ticket 47740 – Fix sync plugin resource leaks
– Ticket 47538 – RFE: repl-monitor.pl plain text output, cmdline config options
– Ticket 47740 – Coverity Fixes (Mark – part 1)
– Ticket 47734 – Change made in resolving ticket #346 fails on Debian SPARC64
– Ticket 47722 – Fixed filter not correctly identified
– Ticket 47722 – rsearch filter error on any search filter
* Mon Mar 10 2014 Noriko Hosoi <nhosoi@redhat.com> – 1.3.2.14-1
– Bump version to 1.3.2.14
– Ticket 47739 – directory server is insecurely misinterpreting authzid on a SASL/GSSAPI bind
– Ticket 47737 – Under heavy stress, failure of turning a tombstone into glue makes the server hung
– Ticket 47735 – e_uniqueid fails to set if an entry is a conflict entry
– Ticket 47729 – Directory Server crashes if shutdown during a replication initialization
– Ticket 47637 – rsa_null_sha should not be enabled by default
* Fri Feb 28 2014 Noriko Hosoi <nhosoi@redhat.com> – 1.3.2.13-1
– Bump version to 1.3.2.13
– The previous version 1.3.2.12 missed to increment the version in VERSION.sh
* Fri Feb 28 2014 Noriko Hosoi <nhosoi@redhat.com> – 1.3.2.12-1
– Bump version to 1.3.2.12
– Ticket 408 – create a normalized dn cache
– Ticket 571 – Empty control list causes LDAP protocol error is thrown (dup 47361)
– Ticket 408 – create a normalized dn cache
– Ticket 47699 – Propagate plugin precedence to all registered function types
– Ticket 525 – Replication retry time attributes cannot be added
– Ticket 47709 – package issue in 389-ds-base
– Ticket 47700 – Unresolved external symbol references break loading of the ACL plugin
– Ticket 47642 – Windows Sync group issues
– Ticket 525 – Replication retry time attributes cannot be added
– Ticket 47692 – single valued attribute replicated ADD does not work
– Ticket 47615 – Failed to compile the DS 389 1.3.2.3 version against Berkeley DB 4.2 version
– Ticket 47677 – Size returned by slapi_entry_size is not accurate
– Ticket 47693 – Environment variables are not passed when DS is started via service
* Thu Feb 20 2014 Noriko Hosoi <nhosoi@redhat.com> – 1.3.2.11-2
– Added arch aware python dir; moved libns-dshttpd.so* to devel and libs package.
* Wed Feb 5 2014 Noriko Hosoi <nhosoi@redhat.com> – 1.3.2.11-1
– Bump version to 1.3.2.11
– Ticket 47653 – Need a way to allow users to create entries assigned to themselves.
– Ticket 471 – logconv.pl tool removes the access logs contents if “-M” is not correctly used
– Ticket 47374 – flush.pl is not included in perl5
– Ticket 47649 – Server hangs in cos_cache when adding a user entry
– Ticket 443 – Deleting attribute present in nsslapd-allowed-to-delete-attrs returns Operations error
– Ticket 47638 – Overflow in nsslapd-disk-monitoring-threshold on 32bit platform
– Ticket 47641 – 7-bit check plugin not checking MODRDN operation
– Ticket 342 – better error message when cache overflows
– Ticket 47516 – replication stops with excessive clock skew
– Ticket 47620 – Unable to delete protocol timeout attribute
– Ticket 408 – Fix crash when disabling/enabling the setting
– Ticket 47629 – random crashes related to sync repl
– Ticket 47571 – targetattr ACIs ignore subtype
– Ticket 47660 – config_set_allowed_to_delete_attrs: Valgrind reports Invalid read
– Revert “Ticket 47653 – Need a way to allow users to create entries assigned to themselves”
* Wed Jan 8 2014 Noriko Hosoi <nhosoi@redhat.com> – 1.3.2.10-1
– Bump version to 1.3.2.10
– Ticket 447 – Possible to add invalid attribute to nsslapd-allowed-to-delete-attrs
– Ticket 47653 – Need a way to allow users to create entries assigned to themselves
– Ticket 47647 – remove bogus definition in 60rfc3712.ldif
– Ticket 47634 – support AttributeTypeDescription USAGE userApplications distributedOperation dSAOperation
– Ticket 47645 – reset stack, op fields to NULL – clean up stacks at shutdown – free unused plugin config entries
* Tue Dec 17 2013 Noriko Hosoi <nhosoi@redhat.com> – 1.3.2.9-1
– Bump version to 1.3.2.9
– Ticket 47621 – v2 make referential integrity configuration more flexible
– Ticket 47620 – Fix missing left bracket
– Ticket 47620 – Fix dereferenced NULL pointer in agmtlist_modify_callback()
– Ticket 47606 – replica init/bulk import errors should be more verbose
– Ticket 47631 – objectclass may, must lists skip rest of objectclass once first is found in sup
– Ticket 47627 – Fix replication logging
– Ticket 47620 – Fix logically dead code.
– Ticket 47313 – Indexed search with filter containing ‘&’ and “!” with attribute subtypes gives wrong result
– Ticket 47620 – Config value validation improvement
– Ticket 47620 – Fix cherry-pick error for 1.3.2 and 1.3.1
– Ticket 47613 – Issues setting allowed mechanisms
– Ticket 47617 – allow configuring changelog trim interval
– Ticket 47601 – Plugin library path validation prevents intentional loading of out-of-tree modules
– Ticket 47627 – changelog iteration should ignore cleaned rids when getting the minCSN
– Ticket 47623 – fix memleak caused by 47347
– Ticket 47622 – Automember betxnpreoperation – transaction not aborted when group entry does not exist
– Ticket 47623 – fix memleak caused by 47347
– Ticket 47620 – 389-ds rejects nsds5ReplicaProtocolTimeout attribute
* Fri Dec 6 2013 Noriko Hosoi <nhosoi@redhat.com> – 1.3.2.8-1
– Bump version to 1.3.2.8
– Ticket 47612 – ns-slapd eats all the memory
– Ticket 47527 – Allow referential integrity suffixes to be configurable
– Ticket 47526 – Allow memberof suffixes to be configurable
– Ticket 342 – better error message when cache overflows (phase 2)
– Ticket 47587 – hard coded limit of 64 masters in agreement and changelog code
– Ticket 47611 – Add script to build patched RPMs
– Ticket 47614 – Possible to specify invalid SASL mechanism in nsslapd-allowed-sasl-mechanisms
– Ticket 47613 – Impossible to configure nsslapd-allowed-sasl-mechanisms
– Ticket 47592 – automember plugin task memory leaks
– Ticket 47591 – entries with empty objectclass attribute value can be hidden
– Ticket 47596 – attrcrypt fails to find unlocked key
——————————————————————————–
References:

[ 1 ] Bug #1127833 – CVE-2014-3562 389-ds-base: 389-ds: unauthenticated information disclosure [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1127833
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update 389-ds-base’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce