rpms/389-ds-base
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Bump version to 2.0.13-1

Browse Source 
Resolves: Bug 2034880 - ipa-restore command is failing when restore after uninstalling the server
Resolves: Bug 2045098 - Demoting a supplier to a consumer crashes the server
This commit is contained in:
Mark Reynolds 2022-01-25 14:53:00 -05:00
parent bb1e0bca47
commit 18e096dcd4
5 changed files with 75 additions and 91 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -207,3 +207,4 @@
/389-ds-base-2.0.7.tar.bz2
/389-ds-base-2.0.8.tar.bz2
/389-ds-base-2.0.11.tar.bz2
/389-ds-base-2.0.13.tar.bz2

31
0001-Bug-2027783-CVE-2021-4091-389-ds-base-double-free-of.patch Normal file
View File

@ -0,0 +1,31 @@
From d41352806f44c47a9e99f9eb1b0bdfef7b0aa4f4 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Tue, 25 Jan 2022 12:27:02 -0500
Subject: [PATCH] Bug 2027783 - CVE-2021-4091 389-ds-base: double-free of the
virtual attribute context in persistent search
Description: Fix double free. The double free is related to
persistent search req. It was introduced with i
https://pagure.io/389-ds-base/issue/49097
Reviewed by: mreynolds, progier, jchapman
---
ldap/servers/slapd/pblock.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c
index 94e7c0ab7..56bbfc92e 100644
--- a/ldap/servers/slapd/pblock.c
+++ b/ldap/servers/slapd/pblock.c
@@ -330,6 +330,8 @@ slapi_pblock_clone(Slapi_PBlock *pb)
if (pb->pb_intplugin != NULL) {
_pblock_assert_pb_intplugin(new_pb);
*(new_pb->pb_intplugin) = *(pb->pb_intplugin);
+ /* Make sure that only the cloned pblock refers to vattr_context */
+ pb->pb_intplugin->pb_vattr_context = NULL;
}
if (pb->pb_deprecated != NULL) {
_pblock_assert_pb_deprecated(new_pb);
--
2.31.1

49
389-ds-base-revert-db-home-fix.patch
View File

@ -1,49 +0,0 @@
From ec74c73eaa56271ce74e985ab6a69b36e98488e4 Mon Sep 17 00:00:00 2001
From: Simon Pichugin <spichugi@redhat.com>
Date: Wed, 24 Nov 2021 08:35:17 -0800
Subject: [PATCH] Revert "Issue 2790 - Set db home directory by default"
This reverts commit 269f1f8e879a6fc098bb8cff780df6915e8ecb38.
---
ldap/admin/src/defaults.inf.in | 2 +-
src/lib389/lib389/instance/setup.py | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/ldap/admin/src/defaults.inf.in b/ldap/admin/src/defaults.inf.in
index 28f908bcd..96a3b3eb1 100644
--- a/ldap/admin/src/defaults.inf.in
+++ b/ldap/admin/src/defaults.inf.in
@@ -59,7 +59,7 @@ access_log = @localstatedir@/log/dirsrv/slapd-{instance_name}/access
audit_log = @localstatedir@/log/dirsrv/slapd-{instance_name}/audit
error_log = @localstatedir@/log/dirsrv/slapd-{instance_name}/errors
db_dir = @localstatedir@/lib/dirsrv/slapd-{instance_name}/db
-db_home_dir = /dev/shm/slapd-{instance_name}
+db_home_dir = @localstatedir@/lib/dirsrv/slapd-{instance_name}/db
backup_dir = @localstatedir@/lib/dirsrv/slapd-{instance_name}/bak
ldif_dir = @localstatedir@/lib/dirsrv/slapd-{instance_name}/ldif
diff --git a/src/lib389/lib389/instance/setup.py b/src/lib389/lib389/instance/setup.py
index 0669e5856..4cbdda4fc 100644
--- a/src/lib389/lib389/instance/setup.py
+++ b/src/lib389/lib389/instance/setup.py
@@ -775,7 +775,7 @@ class SetupDs(object):
self.log.info("Create file system structures ...")
# Create all the needed paths
# we should only need to make bak_dir, cert_dir, config_dir, db_dir, ldif_dir, lock_dir, log_dir, run_dir?
- for path in ('backup_dir', 'cert_dir', 'db_dir', 'db_home_dir', 'ldif_dir', 'lock_dir', 'log_dir', 'run_dir'):
+ for path in ('backup_dir', 'cert_dir', 'db_dir', 'ldif_dir', 'lock_dir', 'log_dir', 'run_dir'):
self.log.debug("ACTION: creating %s", slapd[path])
try:
os.umask(0o007) # For parent dirs that get created -> sets 770 for perms
@@ -912,7 +912,7 @@ class SetupDs(object):
if general['selinux']:
self.log.info("Perform SELinux labeling ...")
selinux_paths = ('backup_dir', 'cert_dir', 'config_dir', 'db_dir',
- 'ldif_dir', 'lock_dir', 'log_dir', 'db_home_dir',
+ 'ldif_dir', 'lock_dir', 'log_dir',
'run_dir', 'schema_dir', 'tmp_dir')
for path in selinux_paths:
selinux_restorecon(slapd[path])
--
2.31.1

83
389-ds-base.spec
View File

@ -46,9 +46,9 @@ ExcludeArch: i686
Summary: 389 Directory Server (base)
Name: 389-ds-base
Version: 2.0.11
Release: 3%{?dist}
License: GPLv3+ and ASL 2.0 and MPLv2.0 and Boost
Version: 2.0.13
Release: 1%{?dist}
License: GPLv3+ and ASL 2.0
URL: https://www.port389.org
Conflicts: selinux-policy-base < 3.9.8
Conflicts: freeipa-server < 4.0.3
@ -59,7 +59,7 @@ Provides: ldif2ldbm >= 0
##### Bundled cargo crates list - START #####
Provides: bundled(crate(ahash)) = 0.7.6
Provides: bundled(crate(ansi_term)) = 0.11.0
Provides: bundled(crate(ansi_term)) = 0.12.1
Provides: bundled(crate(atty)) = 0.2.14
Provides: bundled(crate(autocfg)) = 1.0.1
Provides: bundled(crate(base64)) = 0.13.0
@ -68,81 +68,82 @@ Provides: bundled(crate(byteorder)) = 1.4.3
Provides: bundled(crate(cbindgen)) = 0.9.1
Provides: bundled(crate(cc)) = 1.0.72
Provides: bundled(crate(cfg-if)) = 1.0.0
Provides: bundled(crate(clap)) = 2.33.3
Provides: bundled(crate(concread)) = 0.2.19
Provides: bundled(crate(clap)) = 2.34.0
Provides: bundled(crate(concread)) = 0.2.21
Provides: bundled(crate(crossbeam)) = 0.8.1
Provides: bundled(crate(crossbeam-channel)) = 0.5.1
Provides: bundled(crate(crossbeam-channel)) = 0.5.2
Provides: bundled(crate(crossbeam-deque)) = 0.8.1
Provides: bundled(crate(crossbeam-epoch)) = 0.9.5
Provides: bundled(crate(crossbeam-queue)) = 0.3.2
Provides: bundled(crate(crossbeam-utils)) = 0.8.5
Provides: bundled(crate(crossbeam-epoch)) = 0.9.6
Provides: bundled(crate(crossbeam-queue)) = 0.3.3
Provides: bundled(crate(crossbeam-utils)) = 0.8.6
Provides: bundled(crate(entryuuid)) = 0.1.0
Provides: bundled(crate(entryuuid_syntax)) = 0.1.0
Provides: bundled(crate(fastrand)) = 1.7.0
Provides: bundled(crate(fernet)) = 0.1.4
Provides: bundled(crate(foreign-types)) = 0.3.2
Provides: bundled(crate(foreign-types-shared)) = 0.1.1
Provides: bundled(crate(getrandom)) = 0.2.3
Provides: bundled(crate(getrandom)) = 0.2.4
Provides: bundled(crate(hashbrown)) = 0.11.2
Provides: bundled(crate(hermit-abi)) = 0.1.19
Provides: bundled(crate(instant)) = 0.1.12
Provides: bundled(crate(itoa)) = 0.4.8
Provides: bundled(crate(itoa)) = 1.0.1
Provides: bundled(crate(jobserver)) = 0.1.24
Provides: bundled(crate(lazy_static)) = 1.4.0
Provides: bundled(crate(libc)) = 0.2.107
Provides: bundled(crate(libc)) = 0.2.113
Provides: bundled(crate(librnsslapd)) = 0.1.0
Provides: bundled(crate(librslapd)) = 0.1.0
Provides: bundled(crate(lock_api)) = 0.4.5
Provides: bundled(crate(log)) = 0.4.14
Provides: bundled(crate(lru)) = 0.6.6
Provides: bundled(crate(memoffset)) = 0.6.4
Provides: bundled(crate(once_cell)) = 1.8.0
Provides: bundled(crate(lru)) = 0.7.2
Provides: bundled(crate(memoffset)) = 0.6.5
Provides: bundled(crate(once_cell)) = 1.9.0
Provides: bundled(crate(openssl)) = 0.10.38
Provides: bundled(crate(openssl-sys)) = 0.9.71
Provides: bundled(crate(openssl-sys)) = 0.9.72
Provides: bundled(crate(parking_lot)) = 0.11.2
Provides: bundled(crate(parking_lot_core)) = 0.8.5
Provides: bundled(crate(paste)) = 0.1.18
Provides: bundled(crate(paste-impl)) = 0.1.18
Provides: bundled(crate(pin-project-lite)) = 0.2.7
Provides: bundled(crate(pkg-config)) = 0.3.22
Provides: bundled(crate(ppv-lite86)) = 0.2.15
Provides: bundled(crate(pin-project-lite)) = 0.2.8
Provides: bundled(crate(pkg-config)) = 0.3.24
Provides: bundled(crate(ppv-lite86)) = 0.2.16
Provides: bundled(crate(proc-macro-hack)) = 0.5.19
Provides: bundled(crate(proc-macro2)) = 1.0.32
Provides: bundled(crate(proc-macro2)) = 1.0.36
Provides: bundled(crate(pwdchan)) = 0.1.0
Provides: bundled(crate(quote)) = 1.0.10
Provides: bundled(crate(quote)) = 1.0.15
Provides: bundled(crate(rand)) = 0.8.4
Provides: bundled(crate(rand_chacha)) = 0.3.1
Provides: bundled(crate(rand_core)) = 0.6.3
Provides: bundled(crate(rand_hc)) = 0.3.1
Provides: bundled(crate(redox_syscall)) = 0.2.10
Provides: bundled(crate(remove_dir_all)) = 0.5.3
Provides: bundled(crate(ryu)) = 1.0.5
Provides: bundled(crate(ryu)) = 1.0.9
Provides: bundled(crate(scopeguard)) = 1.1.0
Provides: bundled(crate(serde)) = 1.0.130
Provides: bundled(crate(serde_derive)) = 1.0.130
Provides: bundled(crate(serde_json)) = 1.0.71
Provides: bundled(crate(serde)) = 1.0.135
Provides: bundled(crate(serde_derive)) = 1.0.135
Provides: bundled(crate(serde_json)) = 1.0.78
Provides: bundled(crate(slapd)) = 0.1.0
Provides: bundled(crate(slapi_r_plugin)) = 0.1.0
Provides: bundled(crate(smallvec)) = 1.7.0
Provides: bundled(crate(smallvec)) = 1.8.0
Provides: bundled(crate(strsim)) = 0.8.0
Provides: bundled(crate(syn)) = 1.0.81
Provides: bundled(crate(syn)) = 1.0.86
Provides: bundled(crate(synstructure)) = 0.12.6
Provides: bundled(crate(tempfile)) = 3.2.0
Provides: bundled(crate(tempfile)) = 3.3.0
Provides: bundled(crate(textwrap)) = 0.11.0
Provides: bundled(crate(tokio)) = 1.14.0
Provides: bundled(crate(tokio-macros)) = 1.6.0
Provides: bundled(crate(tokio)) = 1.15.0
Provides: bundled(crate(tokio-macros)) = 1.7.0
Provides: bundled(crate(toml)) = 0.5.8
Provides: bundled(crate(unicode-width)) = 0.1.9
Provides: bundled(crate(unicode-xid)) = 0.2.2
Provides: bundled(crate(uuid)) = 0.8.2
Provides: bundled(crate(vcpkg)) = 0.2.15
Provides: bundled(crate(vec_map)) = 0.8.2
Provides: bundled(crate(version_check)) = 0.9.3
Provides: bundled(crate(version_check)) = 0.9.4
Provides: bundled(crate(wasi)) = 0.10.2+wasi_snapshot_preview1
Provides: bundled(crate(winapi)) = 0.3.9
Provides: bundled(crate(winapi-i686-pc-windows-gnu)) = 0.4.0
Provides: bundled(crate(winapi-x86_64-pc-windows-gnu)) = 0.4.0
Provides: bundled(crate(zeroize)) = 1.4.3
Provides: bundled(crate(zeroize_derive)) = 1.2.2
Provides: bundled(crate(zeroize)) = 1.5.0
Provides: bundled(crate(zeroize_derive)) = 1.3.1
##### Bundled cargo crates list - END #####
BuildRequires: nspr-devel
@ -261,9 +262,7 @@ Source2: %{name}-devel.README
%if %{bundle_jemalloc}
Source3: https://github.com/jemalloc/%{jemalloc_name}/releases/download/%{jemalloc_ver}/%{jemalloc_name}-%{jemalloc_ver}.tar.bz2
%endif
# The patch should be removed after selinux-policy bz2015928 is fixed
Patch0: 389-ds-base-revert-db-home-fix.patch
Patch01: 0001-Bug-2027783-CVE-2021-4091-389-ds-base-double-free-of.patch
%description
389 Directory Server is an LDAPv3 compliant server. The base package includes
@ -633,6 +632,7 @@ exit 0
%{_sbindir}/openldap_to_ds
%{_mandir}/man8/openldap_to_ds.8.gz
%{_libexecdir}/%{pkgname}/ds_systemd_ask_password_acl
%{_libexecdir}/%{pkgname}/ds_selinux_restorecon.sh
%{_mandir}/man5/99user.ldif.5.gz
%{_mandir}/man5/certmap.conf.5.gz
%{_mandir}/man5/slapd-collations.conf.5.gz
@ -712,11 +712,12 @@ exit 0
%endif
%changelog
* Thu Nov 25 2021 Viktor Ashirov <vashirov@redhat.com> - 2.0.11-3
- Bump version to 2.0.11-3
- rebuilt
* Tue Jan 25 2022 Mark Reynolds <mreynolds@redhat.com> - 2.0.13-1
- Bump version to 2.0.13-1
- Resolves: Bug 2034880 - ipa-restore command is failing when restore after uninstalling the server
- Resolves: Bug 2045098 - Demoting a supplier to a consumer crashes the server
* Thu Nov 25 2021 Thierry Bordaz <tbordaz@redhat.com> - 2.0.11-2
* Wed Nov 24 2021 Simon Pichugin <spichugi@redhat.com> - 2.0.11-2
- Bump version to 2.0.11-2
- Revert commit "Set db home directory by default"

2
sources
View File

@ -1,2 +1,2 @@
SHA512 (389-ds-base-2.0.11.tar.bz2) = 44aaf422505ec543752f79292d3fc15a49940f48035e8cfb1c4e646251aaf8f1be3fde5bcb1e3e8c7df220fda3e1af173a16ff88696761056abf59feb550578d
SHA512 (389-ds-base-2.0.13.tar.bz2) = ab9429b391b32d4a09ea5fb0ce15fcf31f7c13e781588ce5587a0ed169959938ce59bff857dbf58bb9413208f6c35792c127cad27c7aca6aa53ef66ef4c36196
SHA512 (jemalloc-5.2.1.tar.bz2) = 0bbb77564d767cef0c6fe1b97b705d368ddb360d55596945aea8c3ba5889fbce10479d85ad492c91d987caacdbbdccc706aa3688e321460069f00c05814fae02