From 61a477e91897e22095584a3314028f5b3b65f57c Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Thu, 12 May 2022 13:41:28 -0400
Subject: [PATCH] Bump version to 2.1.1-1

Resolves: Bug 2061801 - rebase 389-ds-base to 2.1.1
---
 .gitignore                                    |  1 +
 ...2021-4091-389-ds-base-double-free-of.patch | 31 -------------------
 389-ds-base.spec                              | 20 +++++++-----
 sources                                       |  2 +-
 4 files changed, 14 insertions(+), 40 deletions(-)
 delete mode 100644 0001-Bug-2027783-CVE-2021-4091-389-ds-base-double-free-of.patch

diff --git a/.gitignore b/.gitignore
index 9708c75..f1a9c90 100644
--- a/.gitignore
+++ b/.gitignore
@@ -210,3 +210,4 @@
 /389-ds-base-2.0.13.tar.bz2
 /389-ds-base-2.0.14.tar.bz2
 /389-ds-base-2.1.0.tar.bz2
+/389-ds-base-2.1.1.tar.bz2
diff --git a/0001-Bug-2027783-CVE-2021-4091-389-ds-base-double-free-of.patch b/0001-Bug-2027783-CVE-2021-4091-389-ds-base-double-free-of.patch
deleted file mode 100644
index ecea5dc..0000000
--- a/0001-Bug-2027783-CVE-2021-4091-389-ds-base-double-free-of.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From d41352806f44c47a9e99f9eb1b0bdfef7b0aa4f4 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Tue, 25 Jan 2022 12:27:02 -0500
-Subject: [PATCH] Bug 2027783 - CVE-2021-4091 389-ds-base: double-free of the
- virtual attribute context in persistent search
-
-Description:  Fix double free.  The double free is related to
-persistent search req.   It was introduced with i
-https://pagure.io/389-ds-base/issue/49097
-
-Reviewed by: mreynolds, progier, jchapman
----
- ldap/servers/slapd/pblock.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c
-index 94e7c0ab7..56bbfc92e 100644
---- a/ldap/servers/slapd/pblock.c
-+++ b/ldap/servers/slapd/pblock.c
-@@ -330,6 +330,8 @@ slapi_pblock_clone(Slapi_PBlock *pb)
-     if (pb->pb_intplugin != NULL) {
-         _pblock_assert_pb_intplugin(new_pb);
-         *(new_pb->pb_intplugin) = *(pb->pb_intplugin);
-+        /* Make sure that only the cloned pblock refers to vattr_context */
-+        pb->pb_intplugin->pb_vattr_context = NULL;
-     }
-     if (pb->pb_deprecated != NULL) {
-         _pblock_assert_pb_deprecated(new_pb);
--- 
-2.31.1
-
diff --git a/389-ds-base.spec b/389-ds-base.spec
index 73317bf..ee7405c 100644
--- a/389-ds-base.spec
+++ b/389-ds-base.spec
@@ -46,7 +46,7 @@ ExcludeArch: i686
 
 Summary:          389 Directory Server (base)
 Name:             389-ds-base
-Version:          2.1.0
+Version:          2.1.1
 Release:          1%{?dist}
 License:          GPLv3+ and ASL 2.0
 URL:              https://www.port389.org
@@ -147,8 +147,9 @@ Provides:  bundled(crate(zeroize_derive)) = 1.3.1
 
 ##### Bundled cargo crates list - END #####
 
-BuildRequires:    nspr-devel
-BuildRequires:    nss-devel >= 3.34
+BuildRequires:    nspr-devel >= 4.32
+BuildRequires:    nss-devel >= 3.67.0-7
+
 BuildRequires:    openldap-devel
 BuildRequires:    lmdb-devel
 BuildRequires:    libdb-devel
@@ -231,8 +232,8 @@ Requires:         python%{python3_pkgversion}-ldap
 
 # this is needed to setup SSL if you are not using the
 # administration server package
-Requires:         nss-tools
-Requires:         nss >= 3.34
+Requires:         nspr >= 4.32
+Requires:         nss >= 3.67.0-7
 %dirsrv_requires_ge nss
 
 # these are not found by the auto-dependency method
@@ -265,7 +266,6 @@ Source2:          %{name}-devel.README
 %if %{bundle_jemalloc}
 Source3:          https://github.com/jemalloc/%{jemalloc_name}/releases/download/%{jemalloc_ver}/%{jemalloc_name}-%{jemalloc_ver}.tar.bz2
 %endif
-Patch01:          0001-Bug-2027783-CVE-2021-4091-389-ds-base-double-free-of.patch
 
 %description
 389 Directory Server is an LDAPv3 compliant server.  The base package includes
@@ -278,8 +278,8 @@ Please see http://seclists.org/oss-sec/2016/q1/363 for more information.
 
 %package          libs
 Summary:          Core libraries for 389 Directory Server
-BuildRequires:    nspr-devel
-BuildRequires:    nss-devel >= 3.34
+BuildRequires:    nspr >= 4.32
+BuildRequires:    nss >= 3.67.0-7
 BuildRequires:    openldap-devel
 BuildRequires:    libdb-devel
 BuildRequires:    cyrus-sasl-devel
@@ -715,6 +715,10 @@ exit 0
 %endif
 
 %changelog
+* Thu May 12 2022 Mark Reynolds <mreynolds@redhat.com> - 2.1.1-1
+- Bump version to 2.1.1-1
+- Resolves: Bug 2061801 - rebase 389-ds-base to 2.1.1
+
 * Tue Mar 8 2022 Mark Reynolds <mreynolds@redhat.com> - 2.1.0-1
 - Bump version to 2.1.0-1
 - Resolves: Bug 2061801 - rebase 389-ds-base to 2.1.0
diff --git a/sources b/sources
index 7b86ec0..3e8875d 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (389-ds-base-2.1.0.tar.bz2) = 496195b848566a0ccee272f06a041e2f764a5c8f3d84651a0fc3c7ca9128102ac6e8a8c9ae0945ce1742f39006daa724e394d0481d7c494a9701bf6c8709be51
+SHA512 (389-ds-base-2.1.1.tar.bz2) = 38feb135847ef409e03642433a84aea84b65f7c0d55cae35e71ff3c541e2c33bb5c1b207096438c7578db7ec98ce8b3fa3a0282d3ca0637ad9e593bc324fb78c
 SHA512 (jemalloc-5.2.1.tar.bz2) = 0bbb77564d767cef0c6fe1b97b705d368ddb360d55596945aea8c3ba5889fbce10479d85ad492c91d987caacdbbdccc706aa3688e321460069f00c05814fae02