diff --git a/.gitignore b/.gitignore index 44f31c5..9e24f20 100644 --- a/.gitignore +++ b/.gitignore @@ -228,3 +228,4 @@ /389-ds-base-3.0.1.tar.bz2 /389-ds-base-3.0.3.tar.bz2 /libdb-5.3.28-59.tar.bz2 +/389-ds-base-3.0.4.tar.bz2 diff --git a/0001-Issue-6120-usr-lib64-dirsrv-plugins-libback-bdb.so-h.patch b/0001-Issue-6120-usr-lib64-dirsrv-plugins-libback-bdb.so-h.patch deleted file mode 100644 index e25b629..0000000 --- a/0001-Issue-6120-usr-lib64-dirsrv-plugins-libback-bdb.so-h.patch +++ /dev/null @@ -1,40 +0,0 @@ -From cc556a853531190ff829b08e67c30bd986543f03 Mon Sep 17 00:00:00 2001 -From: Viktor Ashirov -Date: Mon, 10 Jun 2024 09:43:38 +0200 -Subject: [PATCH] Issue 6120 - /usr/lib64/dirsrv/plugins/libback-bdb.so has an - invalid-looking DT_RPATH: /usr/lib/dirsrv - -Bug Description: -rpminspect reports an invalid DT_RPATH /usr/lib/dirsrv -It's evaluated in m4/bundle_libdb.m4 from - -``` --R${prefix}/lib/dirsrv" -``` - -Fix Description: -Change it to lib64 - -Fixes: https://github.com/389ds/389-ds-base/issues/6210 - -Reviewed by: @progier389 (Thanks!) ---- - m4/bundle_libdb.m4 | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/m4/bundle_libdb.m4 b/m4/bundle_libdb.m4 -index c9bf3142e..3ae3beb49 100644 ---- a/m4/bundle_libdb.m4 -+++ b/m4/bundle_libdb.m4 -@@ -8,7 +8,7 @@ - - AC_MSG_CHECKING(Handling bundle_libdb) - --db_lib="-L${with_bundle_libdb}/.libs -R${prefix}/lib/dirsrv" -+db_lib="-L${with_bundle_libdb}/.libs -R${prefix}/lib64/dirsrv" - db_incdir=$with_bundle_libdb - db_inc="-I $db_incdir" - db_libver="5.3-389ds" --- -2.45.0 - diff --git a/0002-CVE-2024-3657.patch b/0002-CVE-2024-3657.patch deleted file mode 100644 index dba55ff..0000000 --- a/0002-CVE-2024-3657.patch +++ /dev/null @@ -1,213 +0,0 @@ -From 5cfa136c48c477765cb20b007ad441ed21534e86 Mon Sep 17 00:00:00 2001 -From: Pierre Rogier -Date: Wed, 17 Apr 2024 18:18:04 +0200 -Subject: [PATCH] CVE-2024-3657 - ---- - .../tests/suites/filter/large_filter_test.py | 34 +++++- - ldap/servers/slapd/back-ldbm/index.c | 111 ++++++++++-------- - 2 files changed, 92 insertions(+), 53 deletions(-) - -diff --git a/dirsrvtests/tests/suites/filter/large_filter_test.py b/dirsrvtests/tests/suites/filter/large_filter_test.py -index 964facae5..5390a0f9c 100644 ---- a/dirsrvtests/tests/suites/filter/large_filter_test.py -+++ b/dirsrvtests/tests/suites/filter/large_filter_test.py -@@ -13,19 +13,29 @@ verify and testing Filter from a search - - import os - import pytest -+import ldap - --from lib389._constants import PW_DM -+from lib389._constants import PW_DM, DEFAULT_SUFFIX, ErrorLog - from lib389.topologies import topology_st as topo - from lib389.idm.user import UserAccounts, UserAccount - from lib389.idm.account import Accounts - from lib389.backend import Backends - from lib389.idm.domain import Domain -+from lib389.utils import get_ldapurl_from_serverid - - SUFFIX = 'dc=anuj,dc=com' - - pytestmark = pytest.mark.tier1 - - -+def open_new_ldapi_conn(dsinstance): -+ ldapurl, certdir = get_ldapurl_from_serverid(dsinstance) -+ assert 'ldapi://' in ldapurl -+ conn = ldap.initialize(ldapurl) -+ conn.sasl_interactive_bind_s("", ldap.sasl.external()) -+ return conn -+ -+ - @pytest.fixture(scope="module") - def _create_entries(request, topo): - """ -@@ -159,6 +169,28 @@ def test_large_filter(topo, _create_entries, real_value): - assert len(Accounts(conn, SUFFIX).filter(real_value)) == 3 - - -+def test_long_filter_value(topo): -+ """Exercise large eq filter with dn syntax attributes -+ -+ :id: b069ef72-fcc3-11ee-981c-482ae39447e5 -+ :setup: Standalone -+ :steps: -+ 1. Try to pass filter rules as per the condition. -+ :expectedresults: -+ 1. Pass -+ """ -+ inst = topo.standalone -+ conn = open_new_ldapi_conn(inst.serverid) -+ inst.config.loglevel(vals=(ErrorLog.DEFAULT,ErrorLog.TRACE,ErrorLog.SEARCH_FILTER)) -+ filter_value = "a\x1Edmin" * 1025 -+ conn.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, f'(cn={filter_value})') -+ filter_value = "aAdmin" * 1025 -+ conn.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, f'(cn={filter_value})') -+ filter_value = "*" -+ conn.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, f'(cn={filter_value})') -+ inst.config.loglevel(vals=(ErrorLog.DEFAULT,)) -+ -+ - if __name__ == '__main__': - CURRENT_FILE = os.path.realpath(__file__) - pytest.main("-s -v %s" % CURRENT_FILE) -diff --git a/ldap/servers/slapd/back-ldbm/index.c b/ldap/servers/slapd/back-ldbm/index.c -index 86bc825fe..bdac0a616 100644 ---- a/ldap/servers/slapd/back-ldbm/index.c -+++ b/ldap/servers/slapd/back-ldbm/index.c -@@ -74,6 +74,32 @@ typedef struct _index_buffer_handle index_buffer_handle; - #define INDEX_BUFFER_FLAG_SERIALIZE 1 - #define INDEX_BUFFER_FLAG_STATS 2 - -+/* -+ * space needed to encode a byte: -+ * 0x00-0x31 and 0x7f-0xff requires 3 bytes: \xx -+ * 0x22 and 0x5C requires 2 bytes: \" and \\ -+ * other requires 1 byte: c -+ */ -+static char encode_size[] = { -+ /* 0x00 */ 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, -+ /* 0x10 */ 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, -+ /* 0x20 */ 1, 1, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, -+ /* 0x30 */ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, -+ /* 0x40 */ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, -+ /* 0x50 */ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 2, 1, 1, 1, -+ /* 0x60 */ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, -+ /* 0x70 */ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 3, -+ /* 0x80 */ 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, -+ /* 0x90 */ 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, -+ /* 0xA0 */ 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, -+ /* 0xB0 */ 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, -+ /* 0xC0 */ 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, -+ /* 0xD0 */ 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, -+ /* 0xE0 */ 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, -+ /* 0xF0 */ 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, -+}; -+ -+ - /* Index buffering functions */ - - static int -@@ -802,65 +828,46 @@ index_add_mods( - - /* - * Convert a 'struct berval' into a displayable ASCII string -+ * returns the printable string - */ -- --#define SPECIAL(c) (c < 32 || c > 126 || c == '\\' || c == '"') -- - const char * - encode(const struct berval *data, char buf[BUFSIZ]) - { -- char *s; -- char *last; -- if (data == NULL || data->bv_len == 0) -- return ""; -- last = data->bv_val + data->bv_len - 1; -- for (s = data->bv_val; s < last; ++s) { -- if (SPECIAL(*s)) { -- char *first = data->bv_val; -- char *bufNext = buf; -- size_t bufSpace = BUFSIZ - 4; -- while (1) { -- /* printf ("%lu bytes ASCII\n", (unsigned long)(s - first)); */ -- if (bufSpace < (size_t)(s - first)) -- s = first + bufSpace - 1; -- if (s != first) { -- memcpy(bufNext, first, s - first); -- bufNext += (s - first); -- bufSpace -= (s - first); -- } -- do { -- if (bufSpace) { -- *bufNext++ = '\\'; -- --bufSpace; -- } -- if (bufSpace < 2) { -- memcpy(bufNext, "..", 2); -- bufNext += 2; -- goto bail; -- } -- if (*s == '\\' || *s == '"') { -- *bufNext++ = *s; -- --bufSpace; -- } else { -- sprintf(bufNext, "%02x", (unsigned)*(unsigned char *)s); -- bufNext += 2; -- bufSpace -= 2; -- } -- } while (++s <= last && SPECIAL(*s)); -- if (s > last) -- break; -- first = s; -- while (!SPECIAL(*s) && s <= last) -- ++s; -- } -- bail: -- *bufNext = '\0'; -- /* printf ("%lu chars in buffer\n", (unsigned long)(bufNext - buf)); */ -+ if (!data || !data->bv_val) { -+ strcpy(buf, ""); -+ return buf; -+ } -+ char *endbuff = &buf[BUFSIZ-4]; /* Reserve space to append "...\0" */ -+ char *ptout = buf; -+ unsigned char *ptin = (unsigned char*) data->bv_val; -+ unsigned char *endptin = ptin+data->bv_len; -+ -+ while (ptin < endptin) { -+ if (ptout >= endbuff) { -+ /* -+ * BUFSIZ(8K) > SLAPI_LOG_BUFSIZ(2K) so the error log message will be -+ * truncated anyway. So there is no real interrest to test if the original -+ * data contains no special characters and return it as is. -+ */ -+ strcpy(endbuff, "..."); - return buf; - } -+ switch (encode_size[*ptin]) { -+ case 1: -+ *ptout++ = *ptin++; -+ break; -+ case 2: -+ *ptout++ = '\\'; -+ *ptout++ = *ptin++; -+ break; -+ case 3: -+ sprintf(ptout, "\\%02x", *ptin++); -+ ptout += 3; -+ break; -+ } - } -- /* printf ("%lu bytes, all ASCII\n", (unsigned long)(s - data->bv_val)); */ -- return data->bv_val; -+ *ptout = 0; -+ return buf; - } - - static const char * --- -2.44.0 - diff --git a/0003-CVE-2024-5953.patch b/0003-CVE-2024-5953.patch deleted file mode 100644 index 37c2179..0000000 --- a/0003-CVE-2024-5953.patch +++ /dev/null @@ -1,145 +0,0 @@ -From 52a9ee6556a0467f5134fb6392ff1681a38f3252 Mon Sep 17 00:00:00 2001 -From: Pierre Rogier -Date: Fri, 14 Jun 2024 13:27:10 +0200 -Subject: [PATCH] CVE-2024-5953 - ---- - .../tests/suites/password/regression_test.py | 51 ++++++++++++++++++- - ldap/servers/plugins/pwdstorage/md5_pwd.c | 9 +++- - ldap/servers/plugins/pwdstorage/pbkdf2_pwd.c | 6 +++ - 3 files changed, 64 insertions(+), 2 deletions(-) - -diff --git a/dirsrvtests/tests/suites/password/regression_test.py b/dirsrvtests/tests/suites/password/regression_test.py -index 4876ff435..160d6f01d 100644 ---- a/dirsrvtests/tests/suites/password/regression_test.py -+++ b/dirsrvtests/tests/suites/password/regression_test.py -@@ -8,11 +8,12 @@ - import pytest - import time - import glob -+import base64 - from lib389._constants import PASSWORD, DN_DM, DEFAULT_SUFFIX - from lib389._constants import SUFFIX, PASSWORD, DN_DM, DN_CONFIG, PLUGIN_RETRO_CHANGELOG, DEFAULT_SUFFIX, DEFAULT_CHANGELOG_DB, DEFAULT_BENAME - from lib389 import Entry - from lib389.topologies import topology_m1 as topo_supplier --from lib389.idm.user import UserAccounts -+from lib389.idm.user import UserAccounts, UserAccount - from lib389.utils import ldap, os, logging, ensure_bytes, ds_is_newer, ds_supports_new_changelog - from lib389.topologies import topology_st as topo - from lib389.idm.organizationalunit import OrganizationalUnits -@@ -40,6 +41,13 @@ TEST_PASSWORDS += ['CNpwtest1ZZZZ', 'ZZZZZCNpwtest1', - TEST_PASSWORDS2 = ( - 'CN12pwtest31', 'SN3pwtest231', 'UID1pwtest123', 'MAIL2pwtest12@redhat.com', '2GN1pwtest123', 'People123') - -+SUPPORTED_SCHEMES = ( -+ "{SHA}", "{SSHA}", "{SHA256}", "{SSHA256}", -+ "{SHA384}", "{SSHA384}", "{SHA512}", "{SSHA512}", -+ "{crypt}", "{NS-MTA-MD5}", "{clear}", "{MD5}", -+ "{SMD5}", "{PBKDF2_SHA256}", "{PBKDF2_SHA512}", -+ "{GOST_YESCRYPT}", "{PBKDF2-SHA256}", "{PBKDF2-SHA512}" ) -+ - def _check_unhashed_userpw(inst, user_dn, is_present=False): - """Check if unhashed#user#password attribute is present or not in the changelog""" - unhashed_pwd_attribute = 'unhashed#user#password' -@@ -319,6 +327,47 @@ def test_unhashed_pw_switch(topo_supplier): - # Add debugging steps(if any)... - pass - -+@pytest.mark.parametrize("scheme", SUPPORTED_SCHEMES ) -+def test_long_hashed_password(topo, create_user, scheme): -+ """Check that hashed password with very long value does not cause trouble -+ -+ :id: 252a1f76-114b-11ef-8a7a-482ae39447e5 -+ :setup: standalone Instance -+ :parametrized: yes -+ :steps: -+ 1. Add a test user user -+ 2. Set a long password with requested scheme -+ 3. Bind on that user using a wrong password -+ 4. Check that instance is still alive -+ 5. Remove the added user -+ :expectedresults: -+ 1. Success -+ 2. Success -+ 3. Should get ldap.INVALID_CREDENTIALS exception -+ 4. Success -+ 5. Success -+ """ -+ inst = topo.standalone -+ inst.simple_bind_s(DN_DM, PASSWORD) -+ users = UserAccounts(inst, DEFAULT_SUFFIX) -+ # Make sure that server is started as this test may crash it -+ inst.start() -+ # Adding Test user (It may already exists if previous test failed) -+ user2 = UserAccount(inst, dn='uid=test_user_1002,ou=People,dc=example,dc=com') -+ if not user2.exists(): -+ user2 = users.create_test_user(uid=1002, gid=2002) -+ # Setting hashed password -+ passwd = 'A'*4000 -+ hashed_passwd = scheme.encode('utf-8') + base64.b64encode(passwd.encode('utf-8')) -+ user2.replace('userpassword', hashed_passwd) -+ # Bind on that user using a wrong password -+ with pytest.raises(ldap.INVALID_CREDENTIALS): -+ conn = user2.bind(PASSWORD) -+ # Check that instance is still alive -+ assert inst.status() -+ # Remove the added user -+ user2.delete() -+ - - if __name__ == '__main__': - # Run isolated -diff --git a/ldap/servers/plugins/pwdstorage/md5_pwd.c b/ldap/servers/plugins/pwdstorage/md5_pwd.c -index 1e2cf58e7..b9a48d5ca 100644 ---- a/ldap/servers/plugins/pwdstorage/md5_pwd.c -+++ b/ldap/servers/plugins/pwdstorage/md5_pwd.c -@@ -37,6 +37,7 @@ md5_pw_cmp(const char *userpwd, const char *dbpwd) - unsigned char hash_out[MD5_HASH_LEN]; - unsigned char b2a_out[MD5_HASH_LEN * 2]; /* conservative */ - SECItem binary_item; -+ size_t dbpwd_len = strlen(dbpwd); - - ctx = PK11_CreateDigestContext(SEC_OID_MD5); - if (ctx == NULL) { -@@ -45,6 +46,12 @@ md5_pw_cmp(const char *userpwd, const char *dbpwd) - goto loser; - } - -+ if (dbpwd_len >= sizeof b2a_out) { -+ slapi_log_err(SLAPI_LOG_PLUGIN, MD5_SUBSYSTEM_NAME, -+ "The hashed password stored in the user entry is longer than any valid md5 hash"); -+ goto loser; -+ } -+ - /* create the hash */ - PK11_DigestBegin(ctx); - PK11_DigestOp(ctx, (const unsigned char *)userpwd, strlen(userpwd)); -@@ -57,7 +64,7 @@ md5_pw_cmp(const char *userpwd, const char *dbpwd) - bver = NSSBase64_EncodeItem(NULL, (char *)b2a_out, sizeof b2a_out, &binary_item); - /* bver points to b2a_out upon success */ - if (bver) { -- rc = slapi_ct_memcmp(bver, dbpwd, strlen(dbpwd)); -+ rc = slapi_ct_memcmp(bver, dbpwd, dbpwd_len); - } else { - slapi_log_err(SLAPI_LOG_PLUGIN, MD5_SUBSYSTEM_NAME, - "Could not base64 encode hashed value for password compare"); -diff --git a/ldap/servers/plugins/pwdstorage/pbkdf2_pwd.c b/ldap/servers/plugins/pwdstorage/pbkdf2_pwd.c -index dcac4fcdd..82b8c9501 100644 ---- a/ldap/servers/plugins/pwdstorage/pbkdf2_pwd.c -+++ b/ldap/servers/plugins/pwdstorage/pbkdf2_pwd.c -@@ -255,6 +255,12 @@ pbkdf2_sha256_pw_cmp(const char *userpwd, const char *dbpwd) - passItem.data = (unsigned char *)userpwd; - passItem.len = strlen(userpwd); - -+ if (pwdstorage_base64_decode_len(dbpwd, dbpwd_len) > sizeof dbhash) { -+ /* Hashed value is too long and cannot match any value generated by pbkdf2_sha256_hash */ -+ slapi_log_err(SLAPI_LOG_ERR, (char *)schemeName, "Unable to base64 decode dbpwd value. (hashed value is too long)\n"); -+ return result; -+ } -+ - /* Decode the DBpwd to bytes from b64 */ - if (PL_Base64Decode(dbpwd, dbpwd_len, dbhash) == NULL) { - slapi_log_err(SLAPI_LOG_ERR, (char *)schemeName, "Unable to base64 decode dbpwd value\n"); --- -2.44.0 - diff --git a/0004-CVE-2024-6237.patch b/0004-CVE-2024-6237.patch deleted file mode 100644 index 780cfa8..0000000 --- a/0004-CVE-2024-6237.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 323f74c69f84a8482413ecd73cf61d09cfc4a0a1 Mon Sep 17 00:00:00 2001 -From: Thierry Bordaz -Date: Mon, 24 Jun 2024 15:51:28 +0200 -Subject: [PATCH] CVE-2024-6237 - ---- - ldap/servers/plugins/syntaxes/inchain.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ldap/servers/plugins/syntaxes/inchain.c b/ldap/servers/plugins/syntaxes/inchain.c -index df19c973b..0a6a04e9f 100644 ---- a/ldap/servers/plugins/syntaxes/inchain.c -+++ b/ldap/servers/plugins/syntaxes/inchain.c -@@ -277,7 +277,7 @@ inchain_values2keys(Slapi_PBlock *pb, Slapi_Value **vals, Slapi_Value ***ivals, - slapi_pblock_get(pb, SLAPI_SEARCH_TARGET_SDN, &base_sdn); - - if (! slapi_attr_is_dn_syntax_type(mrTYPE)) { -- slapi_log_err(SLAPI_LOG_ERR, "inchain", "Requires distinguishedName syntax. AttributeDescription %s is not distinguishedName\n"); -+ slapi_log_err(SLAPI_LOG_ERR, "inchain", "Requires distinguishedName syntax. AttributeDescription %s is not distinguishedName\n", mrTYPE); - result = (Slapi_Value **)slapi_ch_calloc(1, sizeof(Slapi_Value *)); - *ivals = result; - return(0); --- -2.44.0 - diff --git a/389-ds-base.spec b/389-ds-base.spec index 9fdf182..d99721b 100644 --- a/389-ds-base.spec +++ b/389-ds-base.spec @@ -60,7 +60,7 @@ ExcludeArch: i686 Summary: 389 Directory Server (%{variant}) Name: 389-ds-base -Version: 3.0.3 +Version: 3.0.4 Release: %{autorelease -n %{?with_asan:-e asan}}%{?dist} License: GPL-3.0-or-later AND (0BSD OR Apache-2.0 OR MIT) AND (Apache-2.0 OR Apache-2.0 WITH LLVM-exception OR MIT) AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR MIT OR Zlib) AND (Apache-2.0 OR MIT) AND (CC-BY-4.0 AND MIT) AND (MIT OR Apache-2.0) AND Unicode-DFS-2016 AND (MIT OR CC0-1.0) AND (MIT OR Unlicense) AND 0BSD AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND ISC AND MIT AND MIT AND ISC AND MPL-2.0 AND PSF-2.0 Conflicts: selinux-policy-base < 3.9.8 @@ -72,53 +72,53 @@ Obsoletes: %{name}-legacy-tools-debuginfo < 1.4.4.6 Provides: ldif2ldbm >= 0 ##### Bundled cargo crates list - START ##### -Provides: bundled(crate(addr2line)) = 0.21.0 +Provides: bundled(crate(addr2line)) = 0.22.0 Provides: bundled(crate(adler)) = 1.0.2 Provides: bundled(crate(ahash)) = 0.7.8 Provides: bundled(crate(atty)) = 0.2.14 Provides: bundled(crate(autocfg)) = 1.3.0 -Provides: bundled(crate(backtrace)) = 0.3.71 +Provides: bundled(crate(backtrace)) = 0.3.73 Provides: bundled(crate(base64)) = 0.13.1 -Provides: bundled(crate(bitflags)) = 2.5.0 +Provides: bundled(crate(bitflags)) = 2.6.0 Provides: bundled(crate(byteorder)) = 1.5.0 Provides: bundled(crate(cbindgen)) = 0.26.0 -Provides: bundled(crate(cc)) = 1.0.97 +Provides: bundled(crate(cc)) = 1.1.7 Provides: bundled(crate(cfg-if)) = 1.0.0 Provides: bundled(crate(clap)) = 3.2.25 Provides: bundled(crate(clap_lex)) = 0.2.4 Provides: bundled(crate(concread)) = 0.2.21 Provides: bundled(crate(crossbeam)) = 0.8.4 -Provides: bundled(crate(crossbeam-channel)) = 0.5.12 +Provides: bundled(crate(crossbeam-channel)) = 0.5.13 Provides: bundled(crate(crossbeam-deque)) = 0.8.5 Provides: bundled(crate(crossbeam-epoch)) = 0.9.18 Provides: bundled(crate(crossbeam-queue)) = 0.3.11 -Provides: bundled(crate(crossbeam-utils)) = 0.8.19 +Provides: bundled(crate(crossbeam-utils)) = 0.8.20 Provides: bundled(crate(errno)) = 0.3.9 Provides: bundled(crate(fastrand)) = 2.1.0 Provides: bundled(crate(fernet)) = 0.1.4 Provides: bundled(crate(foreign-types)) = 0.3.2 Provides: bundled(crate(foreign-types-shared)) = 0.1.1 Provides: bundled(crate(getrandom)) = 0.2.15 -Provides: bundled(crate(gimli)) = 0.28.1 +Provides: bundled(crate(gimli)) = 0.29.0 Provides: bundled(crate(hashbrown)) = 0.12.3 Provides: bundled(crate(heck)) = 0.4.1 Provides: bundled(crate(hermit-abi)) = 0.1.19 Provides: bundled(crate(indexmap)) = 1.9.3 -Provides: bundled(crate(instant)) = 0.1.12 +Provides: bundled(crate(instant)) = 0.1.13 Provides: bundled(crate(itoa)) = 1.0.11 -Provides: bundled(crate(jobserver)) = 0.1.31 -Provides: bundled(crate(libc)) = 0.2.154 -Provides: bundled(crate(linux-raw-sys)) = 0.4.13 +Provides: bundled(crate(jobserver)) = 0.1.32 +Provides: bundled(crate(libc)) = 0.2.155 +Provides: bundled(crate(linux-raw-sys)) = 0.4.14 Provides: bundled(crate(lock_api)) = 0.4.12 -Provides: bundled(crate(log)) = 0.4.21 +Provides: bundled(crate(log)) = 0.4.22 Provides: bundled(crate(lru)) = 0.7.8 -Provides: bundled(crate(memchr)) = 2.7.2 -Provides: bundled(crate(miniz_oxide)) = 0.7.2 -Provides: bundled(crate(object)) = 0.32.2 +Provides: bundled(crate(memchr)) = 2.7.4 +Provides: bundled(crate(miniz_oxide)) = 0.7.4 +Provides: bundled(crate(object)) = 0.36.2 Provides: bundled(crate(once_cell)) = 1.19.0 -Provides: bundled(crate(openssl)) = 0.10.64 +Provides: bundled(crate(openssl)) = 0.10.66 Provides: bundled(crate(openssl-macros)) = 0.1.1 -Provides: bundled(crate(openssl-sys)) = 0.9.102 +Provides: bundled(crate(openssl-sys)) = 0.9.103 Provides: bundled(crate(os_str_bytes)) = 6.6.1 Provides: bundled(crate(parking_lot)) = 0.11.2 Provides: bundled(crate(parking_lot_core)) = 0.8.6 @@ -126,9 +126,9 @@ Provides: bundled(crate(paste)) = 0.1.18 Provides: bundled(crate(paste-impl)) = 0.1.18 Provides: bundled(crate(pin-project-lite)) = 0.2.14 Provides: bundled(crate(pkg-config)) = 0.3.30 -Provides: bundled(crate(ppv-lite86)) = 0.2.17 +Provides: bundled(crate(ppv-lite86)) = 0.2.18 Provides: bundled(crate(proc-macro-hack)) = 0.5.20+deprecated -Provides: bundled(crate(proc-macro2)) = 1.0.82 +Provides: bundled(crate(proc-macro2)) = 1.0.86 Provides: bundled(crate(quote)) = 1.0.36 Provides: bundled(crate(rand)) = 0.8.5 Provides: bundled(crate(rand_chacha)) = 0.3.1 @@ -138,38 +138,40 @@ Provides: bundled(crate(rustc-demangle)) = 0.1.24 Provides: bundled(crate(rustix)) = 0.38.34 Provides: bundled(crate(ryu)) = 1.0.18 Provides: bundled(crate(scopeguard)) = 1.2.0 -Provides: bundled(crate(serde)) = 1.0.201 -Provides: bundled(crate(serde_derive)) = 1.0.201 -Provides: bundled(crate(serde_json)) = 1.0.117 +Provides: bundled(crate(serde)) = 1.0.204 +Provides: bundled(crate(serde_derive)) = 1.0.204 +Provides: bundled(crate(serde_json)) = 1.0.121 Provides: bundled(crate(smallvec)) = 1.13.2 Provides: bundled(crate(strsim)) = 0.10.0 -Provides: bundled(crate(syn)) = 2.0.61 +Provides: bundled(crate(syn)) = 2.0.72 Provides: bundled(crate(tempfile)) = 3.10.1 Provides: bundled(crate(termcolor)) = 1.4.1 Provides: bundled(crate(textwrap)) = 0.16.1 -Provides: bundled(crate(tokio)) = 1.37.0 -Provides: bundled(crate(tokio-macros)) = 2.2.0 +Provides: bundled(crate(tokio)) = 1.39.2 +Provides: bundled(crate(tokio-macros)) = 2.4.0 Provides: bundled(crate(toml)) = 0.5.11 Provides: bundled(crate(unicode-ident)) = 1.0.12 Provides: bundled(crate(uuid)) = 0.8.2 Provides: bundled(crate(vcpkg)) = 0.2.15 -Provides: bundled(crate(version_check)) = 0.9.4 +Provides: bundled(crate(version_check)) = 0.9.5 Provides: bundled(crate(wasi)) = 0.11.0+wasi_snapshot_preview1 Provides: bundled(crate(winapi)) = 0.3.9 Provides: bundled(crate(winapi-i686-pc-windows-gnu)) = 0.4.0 Provides: bundled(crate(winapi-util)) = 0.1.8 Provides: bundled(crate(winapi-x86_64-pc-windows-gnu)) = 0.4.0 Provides: bundled(crate(windows-sys)) = 0.52.0 -Provides: bundled(crate(windows-targets)) = 0.52.5 -Provides: bundled(crate(windows_aarch64_gnullvm)) = 0.52.5 -Provides: bundled(crate(windows_aarch64_msvc)) = 0.52.5 -Provides: bundled(crate(windows_i686_gnu)) = 0.52.5 -Provides: bundled(crate(windows_i686_gnullvm)) = 0.52.5 -Provides: bundled(crate(windows_i686_msvc)) = 0.52.5 -Provides: bundled(crate(windows_x86_64_gnu)) = 0.52.5 -Provides: bundled(crate(windows_x86_64_gnullvm)) = 0.52.5 -Provides: bundled(crate(windows_x86_64_msvc)) = 0.52.5 -Provides: bundled(crate(zeroize)) = 1.7.0 +Provides: bundled(crate(windows-targets)) = 0.52.6 +Provides: bundled(crate(windows_aarch64_gnullvm)) = 0.52.6 +Provides: bundled(crate(windows_aarch64_msvc)) = 0.52.6 +Provides: bundled(crate(windows_i686_gnu)) = 0.52.6 +Provides: bundled(crate(windows_i686_gnullvm)) = 0.52.6 +Provides: bundled(crate(windows_i686_msvc)) = 0.52.6 +Provides: bundled(crate(windows_x86_64_gnu)) = 0.52.6 +Provides: bundled(crate(windows_x86_64_gnullvm)) = 0.52.6 +Provides: bundled(crate(windows_x86_64_msvc)) = 0.52.6 +Provides: bundled(crate(zerocopy)) = 0.6.6 +Provides: bundled(crate(zerocopy-derive)) = 0.6.6 +Provides: bundled(crate(zeroize)) = 1.8.1 Provides: bundled(crate(zeroize_derive)) = 1.4.2 Provides: bundled(npm(@aashutoshrathi/word-wrap)) = 1.2.6 Provides: bundled(npm(@eslint-community/eslint-utils)) = 4.4.0 @@ -485,11 +487,6 @@ Source4: 389-ds-base.sysusers Source5: https://fedorapeople.org/groups/389ds/libdb-5.3.28-59.tar.bz2 %endif -Patch: 0001-Issue-6120-usr-lib64-dirsrv-plugins-libback-bdb.so-h.patch -Patch: 0002-CVE-2024-3657.patch -Patch: 0003-CVE-2024-5953.patch -Patch: 0004-CVE-2024-6237.patch - %description 389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration. diff --git a/sources b/sources index 608341b..3ac5a9f 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ SHA512 (jemalloc-5.3.0.tar.bz2) = 22907bb052096e2caffb6e4e23548aecc5cc9283dce476896a2b1127eee64170e3562fa2e7db9571298814a7a2c7df6e8d1fbe152bd3f3b0c1abec22a2de34b1 -SHA512 (389-ds-base-3.0.3.tar.bz2) = f9e5432d8acc7701c9455cb7b561ff6dd67a8e2f9d0340f47cf17b8a3558aa02dab7319d139a23e8f89682c2521c9c6852a097b702228785dda37cb03d2c9310 +SHA512 (389-ds-base-3.0.4.tar.bz2) = 45ef03d288fc3c1e7a24474393fe769deb52413f57aa1517b71882fb4be653eeae041911d55e60b82079922e7995c55bb0653d3f1ea0a83622e84d6411c863fe SHA512 (libdb-5.3.28-59.tar.bz2) = 731a434fa2e6487ebb05c458b0437456eb9f7991284beb08cb3e21931e23bdeddddbc95bfabe3a2f9f029fe69cd33a2d4f0f5ce6a9811e9c3b940cb6fde4bf79