rpms
/
389-ds-base
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import 389-ds-base-1.4.3.23-10.module+el8.5.0+12398+47000435

This commit is contained in:
CentOS Sources 2021-10-04 20:26:49 +00:00 committed by Stepan
parent 9ad1a01ffd
commit 0f5312dfcb
5 changed files with 263 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
SOURCES/0027-Issue-4734-import-of-entry-with-no-parent-warning-47.patch Normal file
View File

@ -0,0 +1,39 @@
From a2a51130b2f95316237b85da099a8be734969e54 Mon Sep 17 00:00:00 2001
From: James Chapman <jachapma@redhat.com>
Date: Sat, 24 Apr 2021 21:37:54 +0100
Subject: [PATCH] Issue 4734 - import of entry with no parent warning (#4735)
Description: Online import of ldif file that contains an entry with
no parent doesnt generate a task warning.
Fixes: https://github.com/389ds/389-ds-base/issues/4734
Author: vashirov@redhat.com (Thanks)
Reviewed by: mreynolds, jchapma
---
ldap/servers/slapd/back-ldbm/db-bdb/bdb_import_threads.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/ldap/servers/slapd/back-ldbm/db-bdb/bdb_import_threads.c b/ldap/servers/slapd/back-ldbm/db-bdb/bdb_import_threads.c
index 905a84e74..35183ed59 100644
--- a/ldap/servers/slapd/back-ldbm/db-bdb/bdb_import_threads.c
+++ b/ldap/servers/slapd/back-ldbm/db-bdb/bdb_import_threads.c
@@ -2767,8 +2767,14 @@ import_foreman(void *param)
if (job->flags & FLAG_ABORT) {
goto error;
}
+
+ /* capture skipped entry warnings for this task */
+ if((job) && (job->skipped)) {
+ slapi_task_set_warning(job->task, WARN_SKIPPED_IMPORT_ENTRY);
+ }
}
+
slapi_pblock_destroy(pb);
info->state = FINISHED;
return;
--
2.31.1

37
SOURCES/0028-Issue-4872-BUG-entryuuid-enabled-by-default-causes-r.patch Normal file
View File

@ -0,0 +1,37 @@
From f9bc249b2baa11a8ac0eb54e4077eb706d137e38 Mon Sep 17 00:00:00 2001
From: Firstyear <william@blackhats.net.au>
Date: Thu, 19 Aug 2021 11:06:06 +1000
Subject: [PATCH] Issue 4872 - BUG - entryuuid enabled by default causes
replication issues (#4876)
Bug Description: Due to older servers missing the syntax
plugin this breaks schema replication and causes cascading
errors.
Fix Description: This changes the syntax to be a case
insensitive string, while leaving the plugins in place
for other usage.
fixes: https://github.com/389ds/389-ds-base/issues/4872
Author: William Brown <william@blackhats.net.au>
Review by: @mreynolds389 @progier389
---
ldap/schema/03entryuuid.ldif | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/ldap/schema/03entryuuid.ldif b/ldap/schema/03entryuuid.ldif
index cbde981fe..f7a7f40d5 100644
--- a/ldap/schema/03entryuuid.ldif
+++ b/ldap/schema/03entryuuid.ldif
@@ -13,4 +13,5 @@ dn: cn=schema
#
# attributes
#
-attributeTypes: ( 1.3.6.1.1.16.4 NAME 'entryUUID' DESC 'UUID of the entry' EQUALITY UUIDMatch ORDERING UUIDOrderingMatch SYNTAX 1.3.6.1.1.16.1 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
+# attributeTypes: ( 1.3.6.1.1.16.4 NAME 'entryUUID' DESC 'UUID of the entry' EQUALITY UUIDMatch ORDERING UUIDOrderingMatch SYNTAX 1.3.6.1.1.16.1 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
+attributeTypes: ( 1.3.6.1.1.16.4 NAME 'entryUUID' DESC 'UUID of the entry' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
--
2.31.1

125
SOURCES/0029-Remove-GOST-YESCRYPT-password-sotrage-scheme.patch Normal file
View File

@ -0,0 +1,125 @@
From 120511d35095a48d60abbb7cb2367d0c30fbc757 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Wed, 25 Aug 2021 13:20:56 -0400
Subject: [PATCH] Remove GOST-YESCRYPT password sotrage scheme
---
.../tests/suites/password/pwd_algo_test.py | 1 -
ldap/ldif/template-dse-minimal.ldif.in | 9 ---------
ldap/ldif/template-dse.ldif.in | 9 ---------
ldap/servers/plugins/pwdstorage/pwd_init.c | 18 ------------------
ldap/servers/slapd/fedse.c | 13 -------------
5 files changed, 50 deletions(-)
diff --git a/dirsrvtests/tests/suites/password/pwd_algo_test.py b/dirsrvtests/tests/suites/password/pwd_algo_test.py
index 66bda420e..88f8e40b7 100644
--- a/dirsrvtests/tests/suites/password/pwd_algo_test.py
+++ b/dirsrvtests/tests/suites/password/pwd_algo_test.py
@@ -124,7 +124,6 @@ def _test_algo_for_pbkdf2(inst, algo_name):
('CLEAR', 'CRYPT', 'CRYPT-MD5', 'CRYPT-SHA256', 'CRYPT-SHA512',
'MD5', 'SHA', 'SHA256', 'SHA384', 'SHA512', 'SMD5', 'SSHA',
'SSHA256', 'SSHA384', 'SSHA512', 'PBKDF2_SHA256', 'DEFAULT',
- 'GOST_YESCRYPT',
))
def test_pwd_algo_test(topology_st, algo):
"""Assert that all of our password algorithms correctly PASS and FAIL varying
diff --git a/ldap/ldif/template-dse-minimal.ldif.in b/ldap/ldif/template-dse-minimal.ldif.in
index 2eccae9b2..1a05f4a67 100644
--- a/ldap/ldif/template-dse-minimal.ldif.in
+++ b/ldap/ldif/template-dse-minimal.ldif.in
@@ -194,15 +194,6 @@ nsslapd-pluginarg1: nsds5ReplicaCredentials
nsslapd-pluginid: aes-storage-scheme
nsslapd-pluginprecedence: 1
-dn: cn=GOST_YESCRYPT,cn=Password Storage Schemes,cn=plugins,cn=config
-objectclass: top
-objectclass: nsSlapdPlugin
-cn: GOST_YESCRYPT
-nsslapd-pluginpath: libpwdstorage-plugin
-nsslapd-plugininitfunc: gost_yescrypt_pwd_storage_scheme_init
-nsslapd-plugintype: pwdstoragescheme
-nsslapd-pluginenabled: on
-
dn: cn=Syntax Validation Task,cn=plugins,cn=config
objectclass: top
objectclass: nsSlapdPlugin
diff --git a/ldap/ldif/template-dse.ldif.in b/ldap/ldif/template-dse.ldif.in
index 7e7480cba..f30531bec 100644
--- a/ldap/ldif/template-dse.ldif.in
+++ b/ldap/ldif/template-dse.ldif.in
@@ -242,15 +242,6 @@ nsslapd-pluginarg2: nsds5ReplicaBootstrapCredentials
nsslapd-pluginid: aes-storage-scheme
nsslapd-pluginprecedence: 1
-dn: cn=GOST_YESCRYPT,cn=Password Storage Schemes,cn=plugins,cn=config
-objectclass: top
-objectclass: nsSlapdPlugin
-cn: GOST_YESCRYPT
-nsslapd-pluginpath: libpwdstorage-plugin
-nsslapd-plugininitfunc: gost_yescrypt_pwd_storage_scheme_init
-nsslapd-plugintype: pwdstoragescheme
-nsslapd-pluginenabled: on
-
dn: cn=Syntax Validation Task,cn=plugins,cn=config
objectclass: top
objectclass: nsSlapdPlugin
diff --git a/ldap/servers/plugins/pwdstorage/pwd_init.c b/ldap/servers/plugins/pwdstorage/pwd_init.c
index 606e63404..59cfc4684 100644
--- a/ldap/servers/plugins/pwdstorage/pwd_init.c
+++ b/ldap/servers/plugins/pwdstorage/pwd_init.c
@@ -52,8 +52,6 @@ static Slapi_PluginDesc smd5_pdesc = {"smd5-password-storage-scheme", VENDOR, DS
static Slapi_PluginDesc pbkdf2_sha256_pdesc = {"pbkdf2-sha256-password-storage-scheme", VENDOR, DS_PACKAGE_VERSION, "Salted PBKDF2 SHA256 hash algorithm (PBKDF2_SHA256)"};
-static Slapi_PluginDesc gost_yescrypt_pdesc = {"gost-yescrypt-password-storage-scheme", VENDOR, DS_PACKAGE_VERSION, "Yescrypt KDF algorithm (Streebog256)"};
-
static char *plugin_name = "NSPwdStoragePlugin";
int
@@ -431,19 +429,3 @@ pbkdf2_sha256_pwd_storage_scheme_init(Slapi_PBlock *pb)
return rc;
}
-int
-gost_yescrypt_pwd_storage_scheme_init(Slapi_PBlock *pb)
-{
- int rc;
-
- slapi_log_err(SLAPI_LOG_PLUGIN, plugin_name, "=> gost_yescrypt_pwd_storage_scheme_init\n");
-
- rc = slapi_pblock_set(pb, SLAPI_PLUGIN_VERSION, (void *)SLAPI_PLUGIN_VERSION_01);
- rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_DESCRIPTION, (void *)&gost_yescrypt_pdesc);
- rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_ENC_FN, (void *)gost_yescrypt_pw_enc);
- rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_CMP_FN, (void *)gost_yescrypt_pw_cmp);
- rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_NAME, GOST_YESCRYPT_SCHEME_NAME);
-
- slapi_log_err(SLAPI_LOG_PLUGIN, plugin_name, "<= gost_yescrypt_pwd_storage_scheme_init %d\n", rc);
- return rc;
-}
diff --git a/ldap/servers/slapd/fedse.c b/ldap/servers/slapd/fedse.c
index 44159c991..24b7ed11c 100644
--- a/ldap/servers/slapd/fedse.c
+++ b/ldap/servers/slapd/fedse.c
@@ -203,19 +203,6 @@ static const char *internal_entries[] =
"nsslapd-pluginVersion: none\n"
"nsslapd-pluginVendor: 389 Project\n"
"nsslapd-pluginDescription: CRYPT-SHA512\n",
-
- "dn: cn=GOST_YESCRYPT,cn=Password Storage Schemes,cn=plugins,cn=config\n"
- "objectclass: top\n"
- "objectclass: nsSlapdPlugin\n"
- "cn: GOST_YESCRYPT\n"
- "nsslapd-pluginpath: libpwdstorage-plugin\n"
- "nsslapd-plugininitfunc: gost_yescrypt_pwd_storage_scheme_init\n"
- "nsslapd-plugintype: pwdstoragescheme\n"
- "nsslapd-pluginenabled: on\n"
- "nsslapd-pluginId: GOST_YESCRYPT\n"
- "nsslapd-pluginVersion: none\n"
- "nsslapd-pluginVendor: 389 Project\n"
- "nsslapd-pluginDescription: GOST_YESCRYPT\n",
};
static int NUM_INTERNAL_ENTRIES = sizeof(internal_entries) / sizeof(internal_entries[0]);
--
2.31.1

44
SOURCES/0030-Issue-4884-server-crashes-when-dnaInterval-attribute.patch Normal file
View File

@ -0,0 +1,44 @@
From df0ccce06259b9ef06d522e61da4e3ffcbbf5016 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Wed, 25 Aug 2021 16:54:57 -0400
Subject: [PATCH] Issue 4884 - server crashes when dnaInterval attribute is set
to zero
Bug Description:
A division by zero crash occurs if the dnaInterval is set to zero
Fix Description:
Validate the config value of dnaInterval and adjust it to the
default/safe value of "1" if needed.
relates: https://github.com/389ds/389-ds-base/issues/4884
Reviewed by: tbordaz(Thanks!)
---
ldap/servers/plugins/dna/dna.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/ldap/servers/plugins/dna/dna.c b/ldap/servers/plugins/dna/dna.c
index 928a3f54a..c983ebdd0 100644
--- a/ldap/servers/plugins/dna/dna.c
+++ b/ldap/servers/plugins/dna/dna.c
@@ -1025,7 +1025,14 @@ dna_parse_config_entry(Slapi_PBlock *pb, Slapi_Entry *e, int apply)
value = slapi_entry_attr_get_charptr(e, DNA_INTERVAL);
if (value) {
+ errno = 0;
entry->interval = strtoull(value, 0, 0);
+ if (entry->interval == 0 || errno == ERANGE) {
+ slapi_log_err(SLAPI_LOG_WARNING, DNA_PLUGIN_SUBSYSTEM,
+ "dna_parse_config_entry - Invalid value for dnaInterval (%s), "
+ "Using default value of 1\n", value);
+ entry->interval = 1;
+ }
slapi_ch_free_string(&value);
}
--
2.31.1

19
SPECS/389-ds-base.spec
View File

@ -48,7 +48,7 @@ ExcludeArch: i686
Summary: 389 Directory Server (base)
Name: 389-ds-base
Version: 1.4.3.23
Release: %{?relprefix}7%{?prerel}%{?dist}
Release: %{?relprefix}10%{?prerel}%{?dist}
License: GPLv3+
URL: https://www.port389.org
Group: System Environment/Daemons
@ -263,6 +263,10 @@ Patch23: 0023-Issue-4443-Internal-unindexed-searches-in-syncrepl-r.patc
Patch24: 0024-Issue-4817-BUG-locked-crypt-accounts-on-import-may-a.patch
Patch25: 0025-Issue-4837-persistent-search-returns-entries-even-wh.patch
Patch26: 0026-Hardcode-gost-crypt-passsword-storage-scheme.patch
Patch27: 0027-Issue-4734-import-of-entry-with-no-parent-warning-47.patch
Patch28: 0028-Issue-4872-BUG-entryuuid-enabled-by-default-causes-r.patch
Patch29: 0029-Remove-GOST-YESCRYPT-password-sotrage-scheme.patch
Patch30: 0030-Issue-4884-server-crashes-when-dnaInterval-attribute.patch
%description
@ -882,6 +886,19 @@ exit 0
%doc README.md
%changelog
* Thu Aug 26 2021 Mark Reynolds <mreynolds@redhat.com> - 1.4.3.23-10
- Bump version to 1.4.3.23-10
- Resolves: Bug 1997138 - LDAP server crashes when dnaInterval attribute is set to 0
* Wed Aug 25 2021 Mark Reynolds <mreynolds@redhat.com> - 1.4.3.23-9
- Bump version to 1.4.3.23-9
- Resolves: Bug 1947044 - remove unsupported GOST password storage scheme
* Thu Aug 19 2021 Mark Reynolds <mreynolds@redhat.com> - 1.4.3.23-8
- Bump version to 1.4.3.23-8
- Resolves: Bug 1947044 - add missing patch for import result code
- Resolves: Bug 1944494 - support for RFC 4530 entryUUID attribute
* Mon Jul 26 2021 Mark Reynolds <mreynolds@redhat.com> - 1.4.3.23-7
- Bump version to 1.4.3.23-7
- Resolves: Bug 1983921 - persistent search returns entries even when an error is returned by content-sync-plugin