summaryrefslogtreecommitdiff
path: root/389-ds-base.spec
diff options
context:
space:
mode:
Diffstat (limited to '389-ds-base.spec')
-rw-r--r--389-ds-base.spec1023
1 files changed, 1023 insertions, 0 deletions
diff --git a/389-ds-base.spec b/389-ds-base.spec
new file mode 100644
index 0000000..6a60120
--- /dev/null
+++ b/389-ds-base.spec
@@ -0,0 +1,1023 @@
+
+%global pkgname dirsrv
+%global srcname 389-ds-base
+
+# Exclude i686 bit arches
+ExcludeArch: i686
+
+# If perl-Socket-2.000 or newer is available, set 0 to use_Socket6.
+%global use_Socket6 0
+
+%global use_asan 0
+%global use_rust 1
+%global bundle_jemalloc 1
+%if %{use_asan}
+%global bundle_jemalloc 0
+%endif
+
+%if %{bundle_jemalloc}
+%global jemalloc_name jemalloc
+%global jemalloc_ver 5.3.0
+%global __provides_exclude ^libjemalloc\\.so.*$
+%endif
+
+# Use Clang instead of GCC
+%global use_clang 0
+
+# Build cockpit plugin
+%global use_cockpit 0
+
+# fedora 15 and later uses tmpfiles.d
+# otherwise, comment this out
+%{!?with_tmpfiles_d: %global with_tmpfiles_d %{_sysconfdir}/tmpfiles.d}
+
+# systemd support
+%global groupname %{pkgname}.target
+
+# set PIE flag
+%global _hardened_build 1
+
+# Filter argparse-manpage from autogenerated package Requires
+%global __requires_exclude ^python.*argparse-manpage
+
+# Force to require nss version greater or equal as the version available at the build time
+# See bz1986327
+%define dirsrv_requires_ge() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} >= %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not")
+
+Summary: 389 Directory Server (base)
+Name: 389-ds-base
+Version: 2.5.1
+Release: 2%{?dist}
+License: GPL-3.0-or-later AND (0BSD OR Apache-2.0 OR MIT) AND (Apache-2.0 OR Apache-2.0 WITH LLVM-exception OR MIT) AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR MIT OR Zlib) AND (Apache-2.0 OR MIT) AND (CC-BY-4.0 AND MIT) AND (MIT OR Apache-2.0) AND Unicode-DFS-2016 AND (MIT OR CC0-1.0) AND (MIT OR Unlicense) AND 0BSD AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND ISC AND MIT AND MIT AND ISC AND MPL-2.0 AND PSF-2.0
+URL: https://www.port389.org
+Conflicts: selinux-policy-base < 3.9.8
+Conflicts: freeipa-server < 4.0.3
+Obsoletes: %{name} <= 1.4.0.9
+Obsoletes: %{name}-legacy-tools < 1.4.4.6
+Obsoletes: %{name}-legacy-tools-debuginfo < 1.4.4.6
+Provides: ldif2ldbm >= 0
+
+##### Bundled cargo crates list - START #####
+Provides: bundled(crate(addr2line)) = 0.21.0
+Provides: bundled(crate(adler)) = 1.0.2
+Provides: bundled(crate(ahash)) = 0.7.8
+Provides: bundled(crate(atty)) = 0.2.14
+Provides: bundled(crate(autocfg)) = 1.3.0
+Provides: bundled(crate(backtrace)) = 0.3.71
+Provides: bundled(crate(base64)) = 0.13.1
+Provides: bundled(crate(bitflags)) = 2.5.0
+Provides: bundled(crate(byteorder)) = 1.5.0
+Provides: bundled(crate(cbindgen)) = 0.26.0
+Provides: bundled(crate(cc)) = 1.0.97
+Provides: bundled(crate(cfg-if)) = 1.0.0
+Provides: bundled(crate(clap)) = 3.2.25
+Provides: bundled(crate(clap_lex)) = 0.2.4
+Provides: bundled(crate(concread)) = 0.2.21
+Provides: bundled(crate(crossbeam)) = 0.8.4
+Provides: bundled(crate(crossbeam-channel)) = 0.5.12
+Provides: bundled(crate(crossbeam-deque)) = 0.8.5
+Provides: bundled(crate(crossbeam-epoch)) = 0.9.18
+Provides: bundled(crate(crossbeam-queue)) = 0.3.11
+Provides: bundled(crate(crossbeam-utils)) = 0.8.19
+Provides: bundled(crate(errno)) = 0.3.8
+Provides: bundled(crate(fastrand)) = 2.1.0
+Provides: bundled(crate(fernet)) = 0.1.4
+Provides: bundled(crate(foreign-types)) = 0.3.2
+Provides: bundled(crate(foreign-types-shared)) = 0.1.1
+Provides: bundled(crate(getrandom)) = 0.2.15
+Provides: bundled(crate(gimli)) = 0.28.1
+Provides: bundled(crate(hashbrown)) = 0.12.3
+Provides: bundled(crate(heck)) = 0.4.1
+Provides: bundled(crate(hermit-abi)) = 0.1.19
+Provides: bundled(crate(indexmap)) = 1.9.3
+Provides: bundled(crate(instant)) = 0.1.12
+Provides: bundled(crate(itoa)) = 1.0.11
+Provides: bundled(crate(jobserver)) = 0.1.31
+Provides: bundled(crate(libc)) = 0.2.154
+Provides: bundled(crate(linux-raw-sys)) = 0.4.13
+Provides: bundled(crate(lock_api)) = 0.4.12
+Provides: bundled(crate(log)) = 0.4.21
+Provides: bundled(crate(lru)) = 0.7.8
+Provides: bundled(crate(memchr)) = 2.7.2
+Provides: bundled(crate(miniz_oxide)) = 0.7.2
+Provides: bundled(crate(object)) = 0.32.2
+Provides: bundled(crate(once_cell)) = 1.19.0
+Provides: bundled(crate(openssl)) = 0.10.64
+Provides: bundled(crate(openssl-macros)) = 0.1.1
+Provides: bundled(crate(openssl-sys)) = 0.9.102
+Provides: bundled(crate(os_str_bytes)) = 6.6.1
+Provides: bundled(crate(parking_lot)) = 0.11.2
+Provides: bundled(crate(parking_lot_core)) = 0.8.6
+Provides: bundled(crate(paste)) = 0.1.18
+Provides: bundled(crate(paste-impl)) = 0.1.18
+Provides: bundled(crate(pin-project-lite)) = 0.2.14
+Provides: bundled(crate(pkg-config)) = 0.3.30
+Provides: bundled(crate(ppv-lite86)) = 0.2.17
+Provides: bundled(crate(proc-macro-hack)) = 0.5.20+deprecated
+Provides: bundled(crate(proc-macro2)) = 1.0.82
+Provides: bundled(crate(quote)) = 1.0.36
+Provides: bundled(crate(rand)) = 0.8.5
+Provides: bundled(crate(rand_chacha)) = 0.3.1
+Provides: bundled(crate(rand_core)) = 0.6.4
+Provides: bundled(crate(redox_syscall)) = 0.2.16
+Provides: bundled(crate(rustc-demangle)) = 0.1.24
+Provides: bundled(crate(rustix)) = 0.38.34
+Provides: bundled(crate(ryu)) = 1.0.18
+Provides: bundled(crate(scopeguard)) = 1.2.0
+Provides: bundled(crate(serde)) = 1.0.201
+Provides: bundled(crate(serde_derive)) = 1.0.201
+Provides: bundled(crate(serde_json)) = 1.0.117
+Provides: bundled(crate(smallvec)) = 1.13.2
+Provides: bundled(crate(strsim)) = 0.10.0
+Provides: bundled(crate(syn)) = 2.0.61
+Provides: bundled(crate(tempfile)) = 3.10.1
+Provides: bundled(crate(termcolor)) = 1.4.1
+Provides: bundled(crate(textwrap)) = 0.16.1
+Provides: bundled(crate(tokio)) = 1.37.0
+Provides: bundled(crate(tokio-macros)) = 2.2.0
+Provides: bundled(crate(toml)) = 0.5.11
+Provides: bundled(crate(unicode-ident)) = 1.0.12
+Provides: bundled(crate(uuid)) = 0.8.2
+Provides: bundled(crate(vcpkg)) = 0.2.15
+Provides: bundled(crate(version_check)) = 0.9.4
+Provides: bundled(crate(wasi)) = 0.11.0+wasi_snapshot_preview1
+Provides: bundled(crate(winapi)) = 0.3.9
+Provides: bundled(crate(winapi-i686-pc-windows-gnu)) = 0.4.0
+Provides: bundled(crate(winapi-util)) = 0.1.8
+Provides: bundled(crate(winapi-x86_64-pc-windows-gnu)) = 0.4.0
+Provides: bundled(crate(windows-sys)) = 0.52.0
+Provides: bundled(crate(windows-targets)) = 0.52.5
+Provides: bundled(crate(windows_aarch64_gnullvm)) = 0.52.5
+Provides: bundled(crate(windows_aarch64_msvc)) = 0.52.5
+Provides: bundled(crate(windows_i686_gnu)) = 0.52.5
+Provides: bundled(crate(windows_i686_gnullvm)) = 0.52.5
+Provides: bundled(crate(windows_i686_msvc)) = 0.52.5
+Provides: bundled(crate(windows_x86_64_gnu)) = 0.52.5
+Provides: bundled(crate(windows_x86_64_gnullvm)) = 0.52.5
+Provides: bundled(crate(windows_x86_64_msvc)) = 0.52.5
+Provides: bundled(crate(zeroize)) = 1.7.0
+Provides: bundled(crate(zeroize_derive)) = 1.4.2
+Provides: bundled(npm(@aashutoshrathi/word-wrap)) = 1.2.6
+Provides: bundled(npm(@eslint-community/eslint-utils)) = 4.4.0
+Provides: bundled(npm(@eslint-community/regexpp)) = 4.5.1
+Provides: bundled(npm(@eslint/eslintrc)) = 2.0.3
+Provides: bundled(npm(@eslint/js)) = 8.42.0
+Provides: bundled(npm(@fortawesome/fontawesome-common-types)) = 0.2.36
+Provides: bundled(npm(@fortawesome/fontawesome-svg-core)) = 1.2.36
+Provides: bundled(npm(@fortawesome/free-solid-svg-icons)) = 5.15.4
+Provides: bundled(npm(@fortawesome/react-fontawesome)) = 0.1.19
+Provides: bundled(npm(@humanwhocodes/config-array)) = 0.11.10
+Provides: bundled(npm(@humanwhocodes/module-importer)) = 1.0.1
+Provides: bundled(npm(@humanwhocodes/object-schema)) = 1.2.1
+Provides: bundled(npm(@nodelib/fs.scandir)) = 2.1.5
+Provides: bundled(npm(@nodelib/fs.stat)) = 2.0.5
+Provides: bundled(npm(@nodelib/fs.walk)) = 1.2.8
+Provides: bundled(npm(@patternfly/patternfly)) = 4.224.2
+Provides: bundled(npm(@patternfly/react-charts)) = 6.94.19
+Provides: bundled(npm(@patternfly/react-core)) = 4.276.8
+Provides: bundled(npm(@patternfly/react-icons)) = 4.93.6
+Provides: bundled(npm(@patternfly/react-styles)) = 4.92.6
+Provides: bundled(npm(@patternfly/react-table)) = 4.113.0
+Provides: bundled(npm(@patternfly/react-tokens)) = 4.94.6
+Provides: bundled(npm(@types/d3-array)) = 3.0.5
+Provides: bundled(npm(@types/d3-color)) = 3.1.0
+Provides: bundled(npm(@types/d3-ease)) = 3.0.0
+Provides: bundled(npm(@types/d3-interpolate)) = 3.0.1
+Provides: bundled(npm(@types/d3-path)) = 3.0.0
+Provides: bundled(npm(@types/d3-scale)) = 4.0.3
+Provides: bundled(npm(@types/d3-shape)) = 3.1.1
+Provides: bundled(npm(@types/d3-time)) = 3.0.0
+Provides: bundled(npm(@types/d3-timer)) = 3.0.0
+Provides: bundled(npm(acorn)) = 8.8.2
+Provides: bundled(npm(acorn-jsx)) = 5.3.2
+Provides: bundled(npm(ajv)) = 6.12.6
+Provides: bundled(npm(ansi-regex)) = 5.0.1
+Provides: bundled(npm(ansi-styles)) = 4.3.0
+Provides: bundled(npm(argparse)) = 2.0.1
+Provides: bundled(npm(attr-accept)) = 1.1.3
+Provides: bundled(npm(balanced-match)) = 1.0.2
+Provides: bundled(npm(brace-expansion)) = 1.1.11
+Provides: bundled(npm(callsites)) = 3.1.0
+Provides: bundled(npm(chalk)) = 4.1.2
+Provides: bundled(npm(color-convert)) = 2.0.1
+Provides: bundled(npm(color-name)) = 1.1.4
+Provides: bundled(npm(concat-map)) = 0.0.1
+Provides: bundled(npm(core-js)) = 2.6.12
+Provides: bundled(npm(cross-spawn)) = 7.0.3
+Provides: bundled(npm(d3-array)) = 3.2.4
+Provides: bundled(npm(d3-color)) = 3.1.0
+Provides: bundled(npm(d3-ease)) = 3.0.1
+Provides: bundled(npm(d3-format)) = 3.1.0
+Provides: bundled(npm(d3-interpolate)) = 3.0.1
+Provides: bundled(npm(d3-path)) = 3.1.0
+Provides: bundled(npm(d3-scale)) = 4.0.2
+Provides: bundled(npm(d3-shape)) = 3.2.0
+Provides: bundled(npm(d3-time)) = 3.1.0
+Provides: bundled(npm(d3-time-format)) = 4.1.0
+Provides: bundled(npm(d3-timer)) = 3.0.1
+Provides: bundled(npm(debug)) = 4.3.4
+Provides: bundled(npm(deep-is)) = 0.1.4
+Provides: bundled(npm(delaunator)) = 4.0.1
+Provides: bundled(npm(delaunay-find)) = 0.0.6
+Provides: bundled(npm(doctrine)) = 3.0.0
+Provides: bundled(npm(encoding)) = 0.1.13
+Provides: bundled(npm(escape-string-regexp)) = 4.0.0
+Provides: bundled(npm(eslint)) = 8.42.0
+Provides: bundled(npm(eslint-plugin-react-hooks)) = 4.6.0
+Provides: bundled(npm(eslint-scope)) = 7.2.0
+Provides: bundled(npm(eslint-visitor-keys)) = 3.4.1
+Provides: bundled(npm(espree)) = 9.5.2
+Provides: bundled(npm(esquery)) = 1.5.0
+Provides: bundled(npm(esrecurse)) = 4.3.0
+Provides: bundled(npm(estraverse)) = 5.3.0
+Provides: bundled(npm(esutils)) = 2.0.3
+Provides: bundled(npm(fast-deep-equal)) = 3.1.3
+Provides: bundled(npm(fast-json-stable-stringify)) = 2.1.0
+Provides: bundled(npm(fast-levenshtein)) = 2.0.6
+Provides: bundled(npm(fastq)) = 1.15.0
+Provides: bundled(npm(file-entry-cache)) = 6.0.1
+Provides: bundled(npm(file-selector)) = 0.1.19
+Provides: bundled(npm(find-up)) = 5.0.0
+Provides: bundled(npm(flat-cache)) = 3.0.4
+Provides: bundled(npm(flatted)) = 3.2.7
+Provides: bundled(npm(focus-trap)) = 6.9.2
+Provides: bundled(npm(fs.realpath)) = 1.0.0
+Provides: bundled(npm(gettext-parser)) = 2.0.0
+Provides: bundled(npm(glob)) = 7.2.3
+Provides: bundled(npm(glob-parent)) = 6.0.2
+Provides: bundled(npm(globals)) = 13.20.0
+Provides: bundled(npm(graphemer)) = 1.4.0
+Provides: bundled(npm(has-flag)) = 4.0.0
+Provides: bundled(npm(hoist-non-react-statics)) = 3.3.2
+Provides: bundled(npm(iconv-lite)) = 0.6.3
+Provides: bundled(npm(ignore)) = 5.2.4
+Provides: bundled(npm(import-fresh)) = 3.3.0
+Provides: bundled(npm(imurmurhash)) = 0.1.4
+Provides: bundled(npm(inflight)) = 1.0.6
+Provides: bundled(npm(inherits)) = 2.0.4
+Provides: bundled(npm(internmap)) = 2.0.3
+Provides: bundled(npm(is-extglob)) = 2.1.1
+Provides: bundled(npm(is-glob)) = 4.0.3
+Provides: bundled(npm(is-path-inside)) = 3.0.3
+Provides: bundled(npm(isexe)) = 2.0.0
+Provides: bundled(npm(js-tokens)) = 4.0.0
+Provides: bundled(npm(js-yaml)) = 4.1.0
+Provides: bundled(npm(json-schema-traverse)) = 0.4.1
+Provides: bundled(npm(json-stable-stringify-without-jsonify)) = 1.0.1
+Provides: bundled(npm(json-stringify-safe)) = 5.0.1
+Provides: bundled(npm(levn)) = 0.4.1
+Provides: bundled(npm(locate-path)) = 6.0.0
+Provides: bundled(npm(lodash)) = 4.17.21
+Provides: bundled(npm(lodash.merge)) = 4.6.2
+Provides: bundled(npm(loose-envify)) = 1.4.0
+Provides: bundled(npm(minimatch)) = 3.1.2
+Provides: bundled(npm(ms)) = 2.1.2
+Provides: bundled(npm(natural-compare)) = 1.4.0
+Provides: bundled(npm(object-assign)) = 4.1.1
+Provides: bundled(npm(once)) = 1.4.0
+Provides: bundled(npm(optionator)) = 0.9.3
+Provides: bundled(npm(p-limit)) = 3.1.0
+Provides: bundled(npm(p-locate)) = 5.0.0
+Provides: bundled(npm(parent-module)) = 1.0.1
+Provides: bundled(npm(path-exists)) = 4.0.0
+Provides: bundled(npm(path-is-absolute)) = 1.0.1
+Provides: bundled(npm(path-key)) = 3.1.1
+Provides: bundled(npm(popper.js)) = 1.16.1
+Provides: bundled(npm(prelude-ls)) = 1.2.1
+Provides: bundled(npm(prop-types)) = 15.8.1
+Provides: bundled(npm(prop-types-extra)) = 1.1.1
+Provides: bundled(npm(punycode)) = 2.3.0
+Provides: bundled(npm(queue-microtask)) = 1.2.3
+Provides: bundled(npm(react)) = 17.0.2
+Provides: bundled(npm(react-dom)) = 17.0.2
+Provides: bundled(npm(react-dropzone)) = 9.0.0
+Provides: bundled(npm(react-fast-compare)) = 3.2.2
+Provides: bundled(npm(react-is)) = 16.13.1
+Provides: bundled(npm(resolve-from)) = 4.0.0
+Provides: bundled(npm(reusify)) = 1.0.4
+Provides: bundled(npm(rimraf)) = 3.0.2
+Provides: bundled(npm(run-parallel)) = 1.2.0
+Provides: bundled(npm(safe-buffer)) = 5.2.1
+Provides: bundled(npm(safer-buffer)) = 2.1.2
+Provides: bundled(npm(scheduler)) = 0.20.2
+Provides: bundled(npm(shebang-command)) = 2.0.0
+Provides: bundled(npm(shebang-regex)) = 3.0.0
+Provides: bundled(npm(strip-ansi)) = 6.0.1
+Provides: bundled(npm(strip-json-comments)) = 3.1.1
+Provides: bundled(npm(supports-color)) = 7.2.0
+Provides: bundled(npm(tabbable)) = 5.3.3
+Provides: bundled(npm(text-table)) = 0.2.0
+Provides: bundled(npm(tippy.js)) = 5.1.2
+Provides: bundled(npm(tslib)) = 2.5.3
+Provides: bundled(npm(type-check)) = 0.4.0
+Provides: bundled(npm(type-fest)) = 0.20.2
+Provides: bundled(npm(uri-js)) = 4.4.1
+Provides: bundled(npm(victory-area)) = 36.6.10
+Provides: bundled(npm(victory-axis)) = 36.6.10
+Provides: bundled(npm(victory-bar)) = 36.6.10
+Provides: bundled(npm(victory-brush-container)) = 36.6.10
+Provides: bundled(npm(victory-chart)) = 36.6.10
+Provides: bundled(npm(victory-core)) = 36.6.10
+Provides: bundled(npm(victory-create-container)) = 36.6.10
+Provides: bundled(npm(victory-cursor-container)) = 36.6.10
+Provides: bundled(npm(victory-group)) = 36.6.10
+Provides: bundled(npm(victory-legend)) = 36.6.10
+Provides: bundled(npm(victory-line)) = 36.6.10
+Provides: bundled(npm(victory-pie)) = 36.6.10
+Provides: bundled(npm(victory-polar-axis)) = 36.6.10
+Provides: bundled(npm(victory-scatter)) = 36.6.10
+Provides: bundled(npm(victory-selection-container)) = 36.6.10
+Provides: bundled(npm(victory-shared-events)) = 36.6.10
+Provides: bundled(npm(victory-stack)) = 36.6.10
+Provides: bundled(npm(victory-tooltip)) = 36.6.10
+Provides: bundled(npm(victory-vendor)) = 36.6.10
+Provides: bundled(npm(victory-voronoi-container)) = 36.6.10
+Provides: bundled(npm(victory-zoom-container)) = 36.6.10
+Provides: bundled(npm(warning)) = 4.0.3
+Provides: bundled(npm(which)) = 2.0.2
+Provides: bundled(npm(wrappy)) = 1.0.2
+Provides: bundled(npm(yocto-queue)) = 0.1.0
+##### Bundled cargo crates list - END #####
+
+BuildRequires: nspr-devel >= 4.32
+BuildRequires: nss-devel >= 3.67.0-7
+
+BuildRequires: openldap-devel
+BuildRequires: lmdb-devel
+BuildRequires: libdb-devel
+BuildRequires: cyrus-sasl-devel
+BuildRequires: icu
+BuildRequires: libicu-devel
+BuildRequires: pcre-devel
+BuildRequires: cracklib-devel
+BuildRequires: json-c-devel
+%if %{use_clang}
+BuildRequires: libatomic
+BuildRequires: clang
+%else
+BuildRequires: gcc
+BuildRequires: gcc-c++
+%endif
+# The following are needed to build the snmp ldap-agent
+BuildRequires: net-snmp-devel
+BuildRequires: lm_sensors-devel
+BuildRequires: bzip2-devel
+BuildRequires: zlib-devel
+BuildRequires: openssl-devel
+# the following is for the pam passthru auth plug-in
+BuildRequires: pam-devel
+BuildRequires: systemd-units
+BuildRequires: systemd-devel
+BuildRequires: systemd-rpm-macros
+%{?sysusers_requires_compat}
+%if %{use_asan}
+BuildRequires: libasan
+%endif
+# If rust is enabled
+%if %{use_rust}
+BuildRequires: cargo
+BuildRequires: rust
+%endif
+BuildRequires: pkgconfig
+BuildRequires: pkgconfig(systemd)
+BuildRequires: pkgconfig(krb5)
+
+# Needed to support regeneration of the autotool artifacts.
+BuildRequires: autoconf
+BuildRequires: automake
+BuildRequires: libtool
+# For our documentation
+BuildRequires: doxygen
+# For tests!
+BuildRequires: libcmocka-devel
+BuildRequires: libevent-devel
+# For lib389 and related components
+BuildRequires: python%{python3_pkgversion}-devel
+BuildRequires: python%{python3_pkgversion}-setuptools
+BuildRequires: python%{python3_pkgversion}-ldap
+BuildRequires: python%{python3_pkgversion}-six
+BuildRequires: python%{python3_pkgversion}-pyasn1
+BuildRequires: python%{python3_pkgversion}-pyasn1-modules
+BuildRequires: python%{python3_pkgversion}-dateutil
+BuildRequires: python%{python3_pkgversion}-argcomplete
+BuildRequires: python%{python3_pkgversion}-argparse-manpage
+BuildRequires: python%{python3_pkgversion}-libselinux
+BuildRequires: python%{python3_pkgversion}-policycoreutils
+BuildRequires: python%{python3_pkgversion}-cryptography
+
+# For cockpit
+%if %{use_cockpit}
+BuildRequires: rsync
+%endif
+
+Requires: %{name}-libs = %{version}-%{release}
+Requires: python%{python3_pkgversion}-lib389 = %{version}-%{release}
+Requires: lmdb-libs
+
+# this is needed for using semanage from our setup scripts
+Requires: policycoreutils-python-utils
+Requires: /usr/sbin/semanage
+Requires: libsemanage-python%{python3_pkgversion}
+Requires: selinux-policy >= 3.14.1-29
+
+# the following are needed for some of our scripts
+Requires: openldap-clients
+Requires: /usr/bin/c_rehash
+Requires: python%{python3_pkgversion}-ldap
+Requires: acl
+Requires: zlib
+Requires: json-c
+
+# this is needed to setup SSL if you are not using the
+# administration server package
+Requires: nspr >= 4.32
+Requires: nss >= 3.67.0-7
+Requires: nss-tools
+%dirsrv_requires_ge nss
+
+# these are not found by the auto-dependency method
+# they are required to support the mandatory LDAP SASL mechs
+Requires: cyrus-sasl-gssapi
+Requires: cyrus-sasl-md5
+Requires: cyrus-sasl-plain
+
+# this is needed for verify-db.pl
+Requires: libdb-utils
+
+# Needed for password dictionary checks
+Requires: cracklib-dicts
+
+# Needed by logconv.pl
+Requires: perl-DB_File
+Requires: perl-Archive-Tar
+Requires: perl-debugger
+Requires: perl-sigtrap
+
+# Picks up our systemd deps.
+%{?systemd_requires}
+
+Obsoletes: %{name} <= 1.3.5.4
+
+Source0: https://releases.pagure.org/389-ds-base/%{name}-%{version}.tar.bz2
+# 389-ds-git.sh should be used to generate the source tarball from git
+Source1: %{name}-git.sh
+Source2: %{name}-devel.README
+%if %{bundle_jemalloc}
+Source3: https://github.com/jemalloc/%{jemalloc_name}/releases/download/%{jemalloc_ver}/%{jemalloc_name}-%{jemalloc_ver}.tar.bz2
+%endif
+Source4: 389-ds-base.sysusers
+Patch01: 0001-CVE-2024-3657.patch
+Patch02: 0002-CVE-2024-2199.patch
+Patch03: 0003-Issue-6188-Add-nsslapd-haproxy-trusted-ip-to-cn-sche.patch
+Patch04: 0004-CVE-2024-5953.patch
+Patch05: 0005-CVE-2024-6237.patch
+Patch06: 0006-Issue-6227-dsconf-schema-does-not-show-inChain-match.patch
+
+
+%description
+389 Directory Server is an LDAPv3 compliant server. The base package includes
+the LDAP server and command line utilities for server administration.
+%if %{use_asan}
+WARNING! This build is linked to Address Sanitisation libraries. This probably
+isn't what you want. Please contact support immediately.
+Please see http://seclists.org/oss-sec/2016/q1/363 for more information.
+%endif
+
+%package libs
+Summary: Core libraries for 389 Directory Server
+BuildRequires: nspr >= 4.32
+BuildRequires: nss >= 3.67.0-7
+BuildRequires: openldap-devel
+BuildRequires: libdb-devel
+BuildRequires: cyrus-sasl-devel
+BuildRequires: libicu-devel
+BuildRequires: pcre-devel
+BuildRequires: libtalloc-devel
+BuildRequires: libevent-devel
+BuildRequires: libtevent-devel
+Requires: krb5-libs
+Requires: libevent
+BuildRequires: systemd-devel
+BuildRequires: make
+Provides: svrcore = 4.1.4
+Conflicts: svrcore
+Obsoletes: svrcore <= 4.1.3
+
+%description libs
+Core libraries for the 389 Directory Server base package. These libraries
+are used by the main package and the -devel package. This allows the -devel
+package to be installed with just the -libs package and without the main package.
+
+%package devel
+Summary: Development libraries for 389 Directory Server
+Requires: %{name}-libs = %{version}-%{release}
+Requires: pkgconfig
+Requires: nspr-devel
+Requires: nss-devel >= 3.34
+Requires: openldap-devel
+Requires: libtalloc
+Requires: libevent
+Requires: libtevent
+Requires: systemd-libs
+Provides: svrcore-devel = 4.1.4
+Conflicts: svrcore-devel
+Obsoletes: svrcore-devel <= 4.1.3
+
+%description devel
+Development Libraries and headers for the 389 Directory Server base package.
+
+%package snmp
+Summary: SNMP Agent for 389 Directory Server
+Requires: %{name} = %{version}-%{release}
+
+Obsoletes: %{name} <= 1.4.0.0
+
+%description snmp
+SNMP Agent for the 389 Directory Server base package.
+
+%package -n python%{python3_pkgversion}-lib389
+Summary: A library for accessing, testing, and configuring the 389 Directory Server
+BuildArch: noarch
+Requires: openssl
+Requires: iproute
+Requires: 389-ds-base
+Recommends: bash-completion
+Requires: python%{python3_pkgversion}
+Requires: python%{python3_pkgversion}-distro
+Requires: python%{python3_pkgversion}-ldap
+Requires: python%{python3_pkgversion}-six
+Requires: python%{python3_pkgversion}-pyasn1
+Requires: python%{python3_pkgversion}-pyasn1-modules
+Requires: python%{python3_pkgversion}-dateutil
+Requires: python%{python3_pkgversion}-argcomplete
+Requires: python%{python3_pkgversion}-libselinux
+Requires: python%{python3_pkgversion}-setuptools
+Requires: python%{python3_pkgversion}-cryptography
+%{?python_provide:%python_provide python%{python3_pkgversion}-lib389}
+
+%description -n python%{python3_pkgversion}-lib389
+This module contains tools and libraries for accessing, testing,
+ and configuring the 389 Directory Server.
+
+%if %{use_cockpit}
+%package -n cockpit-389-ds
+Summary: Cockpit UI Plugin for configuring and administering the 389 Directory Server
+BuildArch: noarch
+Requires: cockpit
+Requires: 389-ds-base
+Requires: python%{python3_pkgversion}
+Requires: python%{python3_pkgversion}-lib389
+
+%description -n cockpit-389-ds
+A cockpit UI Plugin for configuring and administering the 389 Directory Server
+%endif
+
+%prep
+
+%autosetup -p1 -v -n %{name}-%{version}
+%if %{bundle_jemalloc}
+%setup -q -n %{name}-%{version} -T -D -b 3
+%endif
+
+cp %{SOURCE2} README.devel
+
+# The configure macro will modify some autoconf-related files, which upsets
+# cargo when it tries to verify checksums in those files. If we just truncate
+# that file list, cargo won't have anything to complain about.
+find vendor -name .cargo-checksum.json \
+ -exec sed -i.uncheck -e 's/"files":{[^}]*}/"files":{ }/' '{}' '+'
+
+%build
+
+OPENLDAP_FLAG="--with-openldap"
+%{?with_tmpfiles_d: TMPFILES_FLAG="--with-tmpfiles-d=%{with_tmpfiles_d}"}
+# hack hack hack https://bugzilla.redhat.com/show_bug.cgi?id=833529
+NSSARGS="--with-nss-lib=%{_libdir} --with-nss-inc=%{_includedir}/nss3"
+
+%if %{use_asan}
+ASAN_FLAGS="--enable-asan --enable-debug"
+%endif
+
+%if %{use_rust}
+RUST_FLAGS="--enable-rust --enable-rust-offline"
+%endif
+
+%if !%{use_cockpit}
+COCKPIT_FLAGS="--disable-cockpit"
+%endif
+
+%if %{use_clang}
+export CC=clang
+export CXX=clang++
+CLANG_FLAGS="--enable-clang"
+%endif
+
+%if %{bundle_jemalloc}
+# Override page size, bz #1545539
+# 4K
+%ifarch %ix86 %arm x86_64 s390x
+%define lg_page --with-lg-page=12
+%endif
+
+# 64K
+%ifarch ppc64 ppc64le aarch64
+%define lg_page --with-lg-page=16
+%endif
+
+# Override huge page size on aarch64
+# 2M instead of 512M
+%ifarch aarch64
+%define lg_hugepage --with-lg-hugepage=21
+%endif
+
+# Build jemalloc
+pushd ../%{jemalloc_name}-%{jemalloc_ver}
+%configure \
+ --libdir=%{_libdir}/%{pkgname}/lib \
+ --bindir=%{_libdir}/%{pkgname}/bin \
+ --enable-prof
+make %{?_smp_mflags}
+popd
+%endif
+
+# Enforce strict linking
+%define _ld_strict_symbol_defs 1
+
+# Rebuild the autotool artifacts now.
+autoreconf -fiv
+
+%configure --enable-autobind --with-selinux $TMPFILES_FLAG \
+ --with-systemd \
+ --with-systemdsystemunitdir=%{_unitdir} \
+ --with-systemdsystemconfdir=%{_sysconfdir}/systemd/system \
+ --with-systemdgroupname=%{groupname} \
+ --libexecdir=%{_libexecdir}/%{pkgname} \
+ $NSSARGS $ASAN_FLAGS $RUST_FLAGS $CLANG_FLAGS $COCKPIT_FLAGS \
+ --enable-cmocka --enable-new-dtags --with-libldap-r=no
+
+
+# lib389
+make src/lib389/setup.py
+pushd ./src/lib389
+%py3_build
+popd
+# argparse-manpage dynamic man pages have hardcoded man v1 in header,
+# need to change it to v8
+sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}/src/lib389/man/dsconf.8
+sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}/src/lib389/man/dsctl.8
+sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}/src/lib389/man/dsidm.8
+sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}/src/lib389/man/dscreate.8
+
+# Generate symbolic info for debuggers
+export XCFLAGS=$RPM_OPT_FLAGS
+
+#make %{?_smp_mflags}
+make
+
+%install
+
+mkdir -p %{buildroot}%{_datadir}/gdb/auto-load%{_sbindir}
+%if %{use_cockpit}
+mkdir -p %{buildroot}%{_datadir}/cockpit
+%endif
+make DESTDIR="$RPM_BUILD_ROOT" install
+
+%if %{use_cockpit}
+find %{buildroot}%{_datadir}/cockpit/389-console -type d | sed -e "s@%{buildroot}@@" | sed -e 's/^/\%dir /' > cockpit.list
+find %{buildroot}%{_datadir}/cockpit/389-console -type f | sed -e "s@%{buildroot}@@" >> cockpit.list
+%endif
+
+# Copy in our docs from doxygen.
+cp -r %{_builddir}/%{name}-%{version}/man/man3 $RPM_BUILD_ROOT/%{_mandir}/man3
+
+# lib389
+pushd src/lib389
+%py3_install
+popd
+
+mkdir -p $RPM_BUILD_ROOT/var/log/%{pkgname}
+mkdir -p $RPM_BUILD_ROOT/var/lib/%{pkgname}
+mkdir -p $RPM_BUILD_ROOT/var/lock/%{pkgname}
+
+# for systemd
+mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/systemd/system/%{groupname}.wants
+install -p -D -m 0644 %{SOURCE4} %{buildroot}%{_sysusersdir}/389-ds-base.conf
+
+# remove libtool archives and static libs
+rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/*.a
+rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/*.la
+rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/plugins/*.a
+rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/plugins/*.la
+rm -f $RPM_BUILD_ROOT%{_libdir}/libsvrcore.a
+rm -f $RPM_BUILD_ROOT%{_libdir}/libsvrcore.la
+
+%if %{bundle_jemalloc}
+pushd ../%{jemalloc_name}-%{jemalloc_ver}
+make DESTDIR="$RPM_BUILD_ROOT" install_lib install_bin
+cp -pa COPYING ../%{name}-%{version}/COPYING.jemalloc
+cp -pa README ../%{name}-%{version}/README.jemalloc
+popd
+%endif
+
+%check
+# This checks the code, if it fails it prints why, then re-raises the fail to shortcircuit the rpm build.
+if ! make DESTDIR="$RPM_BUILD_ROOT" check; then cat ./test-suite.log && false; fi
+
+%post
+if [ -n "$DEBUGPOSTTRANS" ] ; then
+ output=$DEBUGPOSTTRANS
+ output2=${DEBUGPOSTTRANS}.upgrade
+else
+ output=/dev/null
+ output2=/dev/null
+fi
+# reload to pick up any changes to systemd files
+/bin/systemctl daemon-reload >$output 2>&1 || :
+
+# https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Soft_static_allocation
+# Soft static allocation for UID and GID
+# sysusers.d format https://fedoraproject.org/wiki/Changes/Adopting_sysusers.d_format
+%sysusers_create_compat %{SOURCE4}
+
+# Reload our sysctl before we restart (if we can)
+sysctl --system &> $output; true
+
+# Gather the running instances so we can restart them
+instbase="%{_sysconfdir}/%{pkgname}"
+ninst=0
+for dir in $instbase/slapd-* ; do
+ echo dir = $dir >> $output 2>&1 || :
+ if [ ! -d "$dir" ] ; then continue ; fi
+ case "$dir" in *.removed) continue ;; esac
+ basename=`basename $dir`
+ inst="%{pkgname}@`echo $basename | sed -e 's/slapd-//g'`"
+ echo found instance $inst - getting status >> $output 2>&1 || :
+ if /bin/systemctl -q is-active $inst ; then
+ echo instance $inst is running >> $output 2>&1 || :
+ instances="$instances $inst"
+ else
+ echo instance $inst is not running >> $output 2>&1 || :
+ fi
+ ninst=`expr $ninst + 1`
+done
+if [ $ninst -eq 0 ] ; then
+ echo no instances to upgrade >> $output 2>&1 || :
+ exit 0 # have no instances to upgrade - just skip the rest
+else
+ # restart running instances
+ echo shutting down all instances . . . >> $output 2>&1 || :
+ for inst in $instances ; do
+ echo stopping instance $inst >> $output 2>&1 || :
+ /bin/systemctl stop $inst >> $output 2>&1 || :
+ done
+ for inst in $instances ; do
+ echo starting instance $inst >> $output 2>&1 || :
+ /bin/systemctl start $inst >> $output 2>&1 || :
+ done
+fi
+
+
+%preun
+if [ $1 -eq 0 ]; then # Final removal
+ # remove instance specific service files/links
+ rm -rf %{_sysconfdir}/systemd/system/%{groupname}.wants/* > /dev/null 2>&1 || :
+fi
+
+%postun
+if [ $1 = 0 ]; then # Final removal
+ rm -rf /var/run/%{pkgname}
+fi
+
+%post snmp
+%systemd_post %{pkgname}-snmp.service
+
+%preun snmp
+%systemd_preun %{pkgname}-snmp.service %{groupname}
+
+%postun snmp
+%systemd_postun_with_restart %{pkgname}-snmp.service
+
+exit 0
+
+%files
+%if %{bundle_jemalloc}
+%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.jemalloc
+%license COPYING.jemalloc
+%else
+%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl
+%endif
+%dir %{_sysconfdir}/%{pkgname}
+%dir %{_sysconfdir}/%{pkgname}/schema
+%config(noreplace)%{_sysconfdir}/%{pkgname}/schema/*.ldif
+%dir %{_sysconfdir}/%{pkgname}/config
+%dir %{_sysconfdir}/systemd/system/%{groupname}.wants
+%{_sysusersdir}/389-ds-base.conf
+%config(noreplace)%{_sysconfdir}/%{pkgname}/config/slapd-collations.conf
+%config(noreplace)%{_sysconfdir}/%{pkgname}/config/certmap.conf
+%{_datadir}/%{pkgname}
+%{_datadir}/gdb/auto-load/*
+%{_unitdir}
+%{_bindir}/dbscan
+%{_mandir}/man1/dbscan.1.gz
+%{_bindir}/ds-replcheck
+%{_mandir}/man1/ds-replcheck.1.gz
+%{_bindir}/ds-logpipe.py
+%{_mandir}/man1/ds-logpipe.py.1.gz
+%{_bindir}/ldclt
+%{_mandir}/man1/ldclt.1.gz
+%{_bindir}/logconv.pl
+%{_mandir}/man1/logconv.pl.1.gz
+%{_bindir}/pwdhash
+%{_mandir}/man1/pwdhash.1.gz
+#%caps(CAP_NET_BIND_SERVICE=pe) {_sbindir}/ns-slapd
+%{_sbindir}/ns-slapd
+%{_mandir}/man8/ns-slapd.8.gz
+%{_sbindir}/openldap_to_ds
+%{_mandir}/man8/openldap_to_ds.8.gz
+%{_libexecdir}/%{pkgname}/ds_systemd_ask_password_acl
+%{_libexecdir}/%{pkgname}/ds_selinux_restorecon.sh
+%{_mandir}/man5/99user.ldif.5.gz
+%{_mandir}/man5/certmap.conf.5.gz
+%{_mandir}/man5/slapd-collations.conf.5.gz
+%{_mandir}/man5/dirsrv.5.gz
+%{_mandir}/man5/dirsrv.systemd.5.gz
+%{_libdir}/%{pkgname}/python
+%dir %{_libdir}/%{pkgname}/plugins
+%{_libdir}/%{pkgname}/plugins/*.so
+# This has to be hardcoded to /lib - $libdir changes between lib/lib64, but
+# sysctl.d is always in /lib.
+%{_prefix}/lib/sysctl.d/*
+%dir %{_localstatedir}/lib/%{pkgname}
+%dir %{_localstatedir}/log/%{pkgname}
+%ghost %dir %{_localstatedir}/lock/%{pkgname}
+%exclude %{_sbindir}/ldap-agent*
+%exclude %{_mandir}/man1/ldap-agent.1.gz
+%exclude %{_unitdir}/%{pkgname}-snmp.service
+%if %{bundle_jemalloc}
+%{_libdir}/%{pkgname}/lib/
+%{_libdir}/%{pkgname}/bin/
+%exclude %{_libdir}/%{pkgname}/bin/jemalloc-config
+%exclude %{_libdir}/%{pkgname}/bin/jemalloc.sh
+%exclude %{_libdir}/%{pkgname}/lib/libjemalloc.a
+%exclude %{_libdir}/%{pkgname}/lib/libjemalloc.so
+%exclude %{_libdir}/%{pkgname}/lib/libjemalloc_pic.a
+%exclude %{_libdir}/%{pkgname}/lib/pkgconfig
+%endif
+
+%files devel
+%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
+%{_mandir}/man3/*
+%{_includedir}/svrcore.h
+%{_includedir}/%{pkgname}
+%{_libdir}/libsvrcore.so
+%{_libdir}/%{pkgname}/libslapd.so
+%{_libdir}/%{pkgname}/libns-dshttpd.so
+%{_libdir}/%{pkgname}/libldaputil.so
+%{_libdir}/pkgconfig/svrcore.pc
+%{_libdir}/pkgconfig/dirsrv.pc
+
+%files libs
+%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
+%dir %{_libdir}/%{pkgname}
+%{_libdir}/libsvrcore.so.*
+%{_libdir}/%{pkgname}/libslapd.so.*
+%{_libdir}/%{pkgname}/libns-dshttpd.so.*
+%{_libdir}/%{pkgname}/libldaputil.so.*
+%{_libdir}/%{pkgname}/librewriters.so*
+%if %{bundle_jemalloc}
+%{_libdir}/%{pkgname}/lib/libjemalloc.so.2
+%endif
+
+%files snmp
+%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
+%config(noreplace)%{_sysconfdir}/%{pkgname}/config/ldap-agent.conf
+%{_sbindir}/ldap-agent*
+%{_mandir}/man1/ldap-agent.1.gz
+%{_unitdir}/%{pkgname}-snmp.service
+
+%files -n python%{python3_pkgversion}-lib389
+%doc LICENSE LICENSE.GPLv3+
+%{python3_sitelib}/lib389*
+%{_sbindir}/dsconf
+%{_mandir}/man8/dsconf.8.gz
+%{_sbindir}/dscreate
+%{_mandir}/man8/dscreate.8.gz
+%{_sbindir}/dsctl
+%{_mandir}/man8/dsctl.8.gz
+%{_sbindir}/dsidm
+%{_mandir}/man8/dsidm.8.gz
+%{_libexecdir}/%{pkgname}/dscontainer
+
+%if %{use_cockpit}
+%files -n cockpit-389-ds -f cockpit.list
+%{_datarootdir}/metainfo/389-console/org.port389.cockpit_console.metainfo.xml
+%doc README.md
+%endif
+
+%changelog
+* Tue Jul 09 2024 James Chapman <jachapma@redhat.com> - 2.5.1-2
+- Bump version to 2.5.1-2
+- Resolves: RHEL-44324 - unauthenticated user can trigger a DoS by sending a specific extended search request
+- Resolves: RHEL-40946 - Malformed userPassword hash may cause Denial of Service
+- Resolves: RHEL-33087 - dsconf schema does not show inChain matching rule
+- Resolves: RHEL-28177 - Malformed userPassword may cause crash at do_modify in slapd/modify.c
+- Resolves: RHEL-25070 - nsslapd-haproxy-trusted-ip is not in schema
+
+* Tue May 07 2024 James Chapman <jachapma@redhat.com> - 2.5.1-1
+- Bump version to 2.5.1-1
+- Resolves: RHEL-31777 - Rebase 389-ds-base.2.5.1 in RHEL 9.5
+- Resolves: RHEL-33348 - redhat-ds:11/389-ds-base: potential denial of service via specially crafted kerberos AS-REQ requ
+
+* Thu Apr 04 2024 Viktor Ashirov <vashirov@redhat.com> - 2.4.5-6
+- Bump version to 2.4.5-6
+- Resolves: RHEL-30588 - [RFE] allows plugins to log multi-factor authentication notification
+
+* Mon Mar 18 2024 Simon Pichugin <spichugi@redhat.com> - 2.4.5-5
+- Bump version to 2.4.5-5
+- Rebuild for exception phase
+
+* Thu Mar 14 2024 Simon Pichugin <spichugi@redhat.com> - 2.4.5-4
+- Bump version to 2.4.5-4
+- Resolves: RHEL-5130 - RFE Add PROXY protocol support to 389-ds-base via confiuration item - similar to Postfix
+
+* Fri Jan 19 2024 Viktor Ashirov <vashirov@redhat.com> - 2.4.5-3
+- Bump version to 2.4.5-3
+- Fix License tag
+
+* Mon Jan 15 2024 James Chapman <jachapma@redhat.com> - 2.4.5-2
+- Bump version to 2.4.5-2
+- Resolves: RHEL-15907 - Rebase 389-ds-base in RHEL 9.4
+- Resolves: RHEL-5142 - RFE Disable Transparent Huge Pages when using large caches
+- Resolves: RHEL-5130 - RFE Add PROXY protocol support to 389-ds-base via confiuration item - similar to Postfix
+- Resolves: RHEL-5133 - RFE Provide a history for 'LastLoginTime'
+- Resolves: RHEL-16984 - RFE inChain Matching Rule
+
+* Fri Jan 12 2024 James Chapman <jachapma@redhat.com> - 2.4.5-1
+- Bump version to 2.4.5-1
+- Resolves: RHEL-15907 - Rebase 389-ds-base in RHEL 9.4
+- Resolves: RHEL-5142 - RFE Disable Transparent Huge Pages when using large caches
+- Resolves: RHEL-5130 - RFE Add PROXY protocol support to 389-ds-base via confiuration item - similar to Postfix
+- Resolves: RHEL-5133 - RFE Provide a history for 'LastLoginTime'
+- Resolves: RHEL-16984 - RFE inChain Matching Rule
+
+* Tue Nov 21 2023 James Chapman <jachapma@redhat.com> - 2.4.4-1
+- Bump version to 2.4.4-1
+- Resolves: RHEL-15907 - Rebase 389-ds-base-2.4 in RHEL 9.4
+- Resolves: RHEL-16830 - ns-slapd crash in slapi_attr_basetype
+
+* Thu Sep 7 2023 Simon Pichugin <spichugi@redhat.com> - 2.3.6-3
+- Bump version to 2.3.6-3
+- Resolves: rhbz#2236163 - Regression: replication can't be enabled for consumer or hub role
+
+* Tue Aug 8 2023 Mark Reynolds <mreynolds@redhat.com> - 2.3.6-2
+- Bump version to 2.3.6-2
+- Resolves: rhbz#2225532 - 389-ds-base FTBFS with rust-1.71.0
+- Resolves: rhbz#2218209 - useradd: invalid user ID '389:389': installing 389-ds-base in container fails to create the dirsrv user
+- Resolves: rhbz#2207691 - python3-lib389: Python tarfile extraction needs change to avoid a warning
+- Resolves: rhbz#2179278 - dirsrv failed to start after reboot because "dirsrv" did not have access on /run/dirsrv
+
+* Mon Jul 24 2023 Mark Reynolds <mreynolds@redhat.com> - 2.3.4-3
+- Bump version to 2.3.4-3
+- Resolves: rhbz#2189954 - RFE Improve reponse time to filters containing 'nsrole'
+- Resolves: rhbz#2189946 - RFE support of slapi_memberof for plugins/core server
+- Resolves: rhbz#1974242 - Paged search impacts performance
+
+* Fri May 19 2023 Mark Reynolds <mreynolds@redhat.com> - 2.3.4-2
+- Bump version to 2.3.4-2
+- Resolves: rhbz#2188627 - Fix license
+
+* Thu May 18 2023 Mark Reynolds <mreynolds@redhat.com> - 2.3.4-1
+- Bump version to 2.3.4-1
+- Resolves: rhbz#2188627 - Rebase 389-ds-base-2.3 in RHEL 9.3
+
+* Wed Mar 08 2023 Simon Pichugin <spichugi@redhat.com> - 2.2.4-4
+- Resolves: rhbz#2095366 - [RFE] 389-ds-base systemd-sysusers
+
+* Tue Dec 13 2022 Mark Reynolds <mreynolds@redhat.com> - 2.2.4-3
+- Bump version to 2.2.4-3
+- Resolves: rhbz#2142636 - pam mutex lock causing high etimes, affecting red hat internal sso
+- Resolves: rhbz#2093981 - RFE - Create Security Audit Log
+- Resolves: rhbz#2132697 - [RFE] 389ds: run as non-root
+- Resolves: rhbz#2124660 - Retro changelog trimming uses maxage incorrectly
+- Resolves: rhbz#2114039 - Current pbkdf2 hardcoded parameters are no longer secure
+- Resolves: rhbz#2112998 - performance search rate: checking if an entry is a referral is expensive
+- Resolves: rhbz#2112361 - Supplier should do periodic update to avoid slow replication when a new direct update happen
+- Resolves: rhbz#2109891 - Migrate 389 to pcre2
+
+
+* Mon Dec 12 2022 Mark Reynolds <mreynolds@redhat.com> - 2.2.4-2
+- Bump version to 2.2.4-2
+- Resolves: Bug 1859271 - RFE - Extend log of operations statistics in access log
+- Resolves: Bug 2093981 - RFE - Create Security Audit Log
+- Resolves: Bug 2109891 - Migrate 389 to pcre2
+- Resolves: Bug 2112361 - Supplier should do periodic update to avoid slow replication when a new direct update happen
+- Resolves: Bug 2112998 - performance search rate: checking if an entry is a referral is expensive
+- Resolves: Bug 2114039 - Current pbkdf2 hardcoded parameters are no longer secure
+- Resolves: Bug 2124660 - Retro changelog trimming uses maxage incorrectly
+- Resolves: Bug 2132697 - RFE - run as non-root
+- Resolves: Bug 2142636 - pam mutex lock causing high etimes, affecting red hat internal sso
+
+* Fri Nov 11 2022 Mark Reynolds <mreynolds@redhat.com> - 2.2.4-1
+- Bump version to 2.2.4-1
+- Resolves: Bug 1132524 - [RFE] Compression of log files
+
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-29 16:09:31 +0000