Recommended update for 389-ds

Announcement ID: SUSE-RU-2020:1186-1
Rating: moderate
References:
Affected Products:
  • Server Applications Module 15-SP1
  • SUSE Linux Enterprise High Performance Computing 15 SP1
  • SUSE Linux Enterprise Real Time 15 SP1
  • SUSE Linux Enterprise Server 15 SP1
  • SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1
  • SUSE Linux Enterprise Server for SAP Applications 15 SP1
  • SUSE Manager Proxy 4.0
  • SUSE Manager Retail Branch Server 4.0
  • SUSE Manager Server 4.0

An update that has one fix can now be installed.

Description:

This update for 389-ds fixes the following issues:

  • Update ns-slapd ownership to remove dirsrv as an owner as dirsrv will not exist in containers with systemd users.

Update to version 1.4.2.12~git0.b11942c36:

  • Issue 50337 - Replace exec() with setattr()
  • Issue 50545 - the check for the ds version for the backend config was broken
  • Issue 50875 - Refactor passwordUserAttributes's and passwordBadWords's code
  • Ticket 51014 - slapi_pal.c possible static buffer overflow
  • Issue 50545 - remove dbmon "incr" option from arg parser
  • Issue 50545 - Port dbmon.sh to dsconf
  • Ticket 50905 - intermittent SSL hang with rhds
  • Issue 50952 - SSCA lacks basicConstraint:CA
  • Issue 50640 - Database links: get_monitor() takes 1 positional argument but 2 were given
  • Issue 50869 - Setting nsslapd-allowed-sasl-mechanisms truncates the value

Update to version 1.4.2.11~git0.aff1a2831: (bsc#1169364)

  • Issue 50994 - Fix latest UI bugs found by QE
  • Issue 50337 - Replace exec() with setattr()
  • Issue 50984 - Memory leaks in disk monitoring
  • Issue 50975 - Revise UI branding with new minimized build
  • Issue 49437 - Fix memory leak with indirect COS
  • Issue 50976 - Clean up Web UI source directory from unused files
  • Issue 50744 - -n option of dbverify does not work
  • Issue 50952- SSCA lacks basicConstraint:CA
  • Bump version to 1.4.2.10
  • Issue 50966 - UI - Database indexes not using typeAhead correctly
  • Issue 50974 - UI - wrong title in "Delete Suffix" popup
  • Issue 50972 - Fix cockpit plugin build
  • Issue 50800 - wildcards in rootdn-allow-ip attribute are not accepted
  • Issue 50963 - We should bundle *.min.js files of Console
  • Bump version to 1.4.2.9
  • Ticket: 50755 - setting nsslapd-db-home-directory is overriding db_directory
  • Issue 50937 - Update CLI for new backend split configuration
  • Issue 50499 - Fix npm audit issues
  • Issue 50884 - Health check tool DSEldif check fails
  • Issue 50926 - Remove dual spinner and other UI fixes
  • Issue 49845 - Remove pkgconfig check for libasan
  • Issue 50758 - Only Recommend bash-completion, not Require
  • Issue 50928 - Unable to create a suffix with countryName
  • Issue 50904 - Connect All React Components And Refactor the Main Navigation Tab Code
  • Issue 50919 - Backend delete fails using dsconf
  • Issue 50872 - dsconf can't create GSSAPI replication agreements
  • Ticket 50914 - No error returned when adding an entry matching filters for a non existing automember group
  • Issue 50909 - nsDS5ReplicaId cant be set to the old value it had before
  • Ticket 50618 - support cgroupv2
  • Ticket 50898 - ldclt core dumped when run with -e genldif option
  • Bump version to 1.4.2.8
  • Issue 50855 - remove unused file from UI
  • Issue 50855 - UI: Port Server Tab to React
  • Issue 49845 - README does not contain complete information on building
  • Ticket - 49623-cont cenotaph errors on modrdn operations
  • Issue 50882 - Fix healthcheck errors for instances that do not have TLS enabled
  • Issue 50886 - Typo in the replication debug message
  • Issue 50873 - Fix healthcheck and virtual attr check
  • Issue 50873 - Fix issues with healthcheck tool
  • Ticket 50857 - Memory leak in ACI using IP subject
  • Issue 50823 - dsctl doesn't work with 'slapd-' in the instance name
  • Ticket 49624 cont - DB Deadlock on modrdn appears to corrupt database and entry cache
  • Issue 50850 - Fix dsctl healthcheck for python36
  • Issue 49990 - Need to enforce a hard maximum limit for file descriptors
  • Bump version to 1.4.2.7
  • Issue 49254 - Fix compiler failures and warnings
  • Ticket 50741-cont bdb_start - Detected Disorderly Shutdown
  • Issue 50836 - Port Schema UI tab to React
  • Issue 50842 - Decrease 389-console Cockpit component size
  • Ticket 50790 - Add result text when filter is invalid
  • Issue 50834 - Incorrectly setting the NSS default SSL version max
  • Issue 50829 - Disk monitoring rotated log cleanup causes heap-use-after-free
  • Ticket 50709 - (cont) Several memory leaks reported by Valgrind for 389-ds 1.3.9.1-10
  • Issue 50599 - Fix memory leak when removing db region files
  • Issue 49395 - Set the default TLS version min to TLS1.2
  • Issue 50818 - dsconf pwdpolicy get error
  • Issue 50824 - dsctl remove fails with "name 'ensure_str' is not defined"
  • Issue 50599 - Remove db region files prior to db recovery
  • Issue 50812 - dscontainer executable should be placed under /usr/libexec/dirsrv/
  • Issue 50816 - dsconf allows the root password to be set to nothing
  • Issue 50798 - incorrect bytes in format string(fix import issue)

  • resolve a warning found in static analysis in OBS (upstream #51014)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • Server Applications Module 15-SP1
    zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-1186=1

Package List:

  • Server Applications Module 15-SP1 (aarch64 ppc64le s390x x86_64)
    • 389-ds-snmp-1.4.2.12~git0.b11942c36-7.15.1
    • 389-ds-1.4.2.12~git0.b11942c36-7.15.1
    • lib389-1.4.2.12~git0.b11942c36-7.15.1
    • 389-ds-snmp-debuginfo-1.4.2.12~git0.b11942c36-7.15.1
    • libsvrcore0-debuginfo-1.4.2.12~git0.b11942c36-7.15.1
    • 389-ds-debuginfo-1.4.2.12~git0.b11942c36-7.15.1
    • libsvrcore0-1.4.2.12~git0.b11942c36-7.15.1
    • 389-ds-debugsource-1.4.2.12~git0.b11942c36-7.15.1
    • 389-ds-devel-1.4.2.12~git0.b11942c36-7.15.1

References: