From 760f896ee9232369ed984716cf2a37c6d28c6a67 Mon Sep 17 00:00:00 2001 From: James Chapman Date: Tue, 7 May 2024 23:56:39 +0100 Subject: [PATCH] Bump version to 2.5.1-1 Resolves: RHEL-31777 - Rebase 389-ds-base.2.5.1 in RHEL 9.5 Resolves: RHEL-33348 - redhat-ds:11/389-ds-base: potential denial of service via specially crafted kerberos AS-REQ requ --- .gitignore | 1 + 0001-CVE-2024-3657.patch | 213 +++++++++++++++++++++++++++ 389-ds-base.spec | 303 +++++++++++++++++++++++++++++++-------- sources | 2 +- 4 files changed, 455 insertions(+), 64 deletions(-) create mode 100644 0001-CVE-2024-3657.patch diff --git a/.gitignore b/.gitignore index 0274925..649e583 100644 --- a/.gitignore +++ b/.gitignore @@ -218,3 +218,4 @@ /389-ds-base-2.3.6.tar.bz2 /389-ds-base-2.4.4.tar.bz2 /389-ds-base-2.4.5.tar.bz2 +/389-ds-base-2.5.1.tar.bz2 diff --git a/0001-CVE-2024-3657.patch b/0001-CVE-2024-3657.patch new file mode 100644 index 0000000..dba55ff --- /dev/null +++ b/0001-CVE-2024-3657.patch @@ -0,0 +1,213 @@ +From 5cfa136c48c477765cb20b007ad441ed21534e86 Mon Sep 17 00:00:00 2001 +From: Pierre Rogier +Date: Wed, 17 Apr 2024 18:18:04 +0200 +Subject: [PATCH] CVE-2024-3657 + +--- + .../tests/suites/filter/large_filter_test.py | 34 +++++- + ldap/servers/slapd/back-ldbm/index.c | 111 ++++++++++-------- + 2 files changed, 92 insertions(+), 53 deletions(-) + +diff --git a/dirsrvtests/tests/suites/filter/large_filter_test.py b/dirsrvtests/tests/suites/filter/large_filter_test.py +index 964facae5..5390a0f9c 100644 +--- a/dirsrvtests/tests/suites/filter/large_filter_test.py ++++ b/dirsrvtests/tests/suites/filter/large_filter_test.py +@@ -13,19 +13,29 @@ verify and testing Filter from a search + + import os + import pytest ++import ldap + +-from lib389._constants import PW_DM ++from lib389._constants import PW_DM, DEFAULT_SUFFIX, ErrorLog + from lib389.topologies import topology_st as topo + from lib389.idm.user import UserAccounts, UserAccount + from lib389.idm.account import Accounts + from lib389.backend import Backends + from lib389.idm.domain import Domain ++from lib389.utils import get_ldapurl_from_serverid + + SUFFIX = 'dc=anuj,dc=com' + + pytestmark = pytest.mark.tier1 + + ++def open_new_ldapi_conn(dsinstance): ++ ldapurl, certdir = get_ldapurl_from_serverid(dsinstance) ++ assert 'ldapi://' in ldapurl ++ conn = ldap.initialize(ldapurl) ++ conn.sasl_interactive_bind_s("", ldap.sasl.external()) ++ return conn ++ ++ + @pytest.fixture(scope="module") + def _create_entries(request, topo): + """ +@@ -159,6 +169,28 @@ def test_large_filter(topo, _create_entries, real_value): + assert len(Accounts(conn, SUFFIX).filter(real_value)) == 3 + + ++def test_long_filter_value(topo): ++ """Exercise large eq filter with dn syntax attributes ++ ++ :id: b069ef72-fcc3-11ee-981c-482ae39447e5 ++ :setup: Standalone ++ :steps: ++ 1. Try to pass filter rules as per the condition. ++ :expectedresults: ++ 1. Pass ++ """ ++ inst = topo.standalone ++ conn = open_new_ldapi_conn(inst.serverid) ++ inst.config.loglevel(vals=(ErrorLog.DEFAULT,ErrorLog.TRACE,ErrorLog.SEARCH_FILTER)) ++ filter_value = "a\x1Edmin" * 1025 ++ conn.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, f'(cn={filter_value})') ++ filter_value = "aAdmin" * 1025 ++ conn.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, f'(cn={filter_value})') ++ filter_value = "*" ++ conn.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, f'(cn={filter_value})') ++ inst.config.loglevel(vals=(ErrorLog.DEFAULT,)) ++ ++ + if __name__ == '__main__': + CURRENT_FILE = os.path.realpath(__file__) + pytest.main("-s -v %s" % CURRENT_FILE) +diff --git a/ldap/servers/slapd/back-ldbm/index.c b/ldap/servers/slapd/back-ldbm/index.c +index 86bc825fe..bdac0a616 100644 +--- a/ldap/servers/slapd/back-ldbm/index.c ++++ b/ldap/servers/slapd/back-ldbm/index.c +@@ -74,6 +74,32 @@ typedef struct _index_buffer_handle index_buffer_handle; + #define INDEX_BUFFER_FLAG_SERIALIZE 1 + #define INDEX_BUFFER_FLAG_STATS 2 + ++/* ++ * space needed to encode a byte: ++ * 0x00-0x31 and 0x7f-0xff requires 3 bytes: \xx ++ * 0x22 and 0x5C requires 2 bytes: \" and \\ ++ * other requires 1 byte: c ++ */ ++static char encode_size[] = { ++ /* 0x00 */ 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, ++ /* 0x10 */ 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, ++ /* 0x20 */ 1, 1, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, ++ /* 0x30 */ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, ++ /* 0x40 */ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, ++ /* 0x50 */ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 2, 1, 1, 1, ++ /* 0x60 */ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, ++ /* 0x70 */ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 3, ++ /* 0x80 */ 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, ++ /* 0x90 */ 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, ++ /* 0xA0 */ 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, ++ /* 0xB0 */ 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, ++ /* 0xC0 */ 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, ++ /* 0xD0 */ 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, ++ /* 0xE0 */ 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, ++ /* 0xF0 */ 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, ++}; ++ ++ + /* Index buffering functions */ + + static int +@@ -802,65 +828,46 @@ index_add_mods( + + /* + * Convert a 'struct berval' into a displayable ASCII string ++ * returns the printable string + */ +- +-#define SPECIAL(c) (c < 32 || c > 126 || c == '\\' || c == '"') +- + const char * + encode(const struct berval *data, char buf[BUFSIZ]) + { +- char *s; +- char *last; +- if (data == NULL || data->bv_len == 0) +- return ""; +- last = data->bv_val + data->bv_len - 1; +- for (s = data->bv_val; s < last; ++s) { +- if (SPECIAL(*s)) { +- char *first = data->bv_val; +- char *bufNext = buf; +- size_t bufSpace = BUFSIZ - 4; +- while (1) { +- /* printf ("%lu bytes ASCII\n", (unsigned long)(s - first)); */ +- if (bufSpace < (size_t)(s - first)) +- s = first + bufSpace - 1; +- if (s != first) { +- memcpy(bufNext, first, s - first); +- bufNext += (s - first); +- bufSpace -= (s - first); +- } +- do { +- if (bufSpace) { +- *bufNext++ = '\\'; +- --bufSpace; +- } +- if (bufSpace < 2) { +- memcpy(bufNext, "..", 2); +- bufNext += 2; +- goto bail; +- } +- if (*s == '\\' || *s == '"') { +- *bufNext++ = *s; +- --bufSpace; +- } else { +- sprintf(bufNext, "%02x", (unsigned)*(unsigned char *)s); +- bufNext += 2; +- bufSpace -= 2; +- } +- } while (++s <= last && SPECIAL(*s)); +- if (s > last) +- break; +- first = s; +- while (!SPECIAL(*s) && s <= last) +- ++s; +- } +- bail: +- *bufNext = '\0'; +- /* printf ("%lu chars in buffer\n", (unsigned long)(bufNext - buf)); */ ++ if (!data || !data->bv_val) { ++ strcpy(buf, ""); ++ return buf; ++ } ++ char *endbuff = &buf[BUFSIZ-4]; /* Reserve space to append "...\0" */ ++ char *ptout = buf; ++ unsigned char *ptin = (unsigned char*) data->bv_val; ++ unsigned char *endptin = ptin+data->bv_len; ++ ++ while (ptin < endptin) { ++ if (ptout >= endbuff) { ++ /* ++ * BUFSIZ(8K) > SLAPI_LOG_BUFSIZ(2K) so the error log message will be ++ * truncated anyway. So there is no real interrest to test if the original ++ * data contains no special characters and return it as is. ++ */ ++ strcpy(endbuff, "..."); + return buf; + } ++ switch (encode_size[*ptin]) { ++ case 1: ++ *ptout++ = *ptin++; ++ break; ++ case 2: ++ *ptout++ = '\\'; ++ *ptout++ = *ptin++; ++ break; ++ case 3: ++ sprintf(ptout, "\\%02x", *ptin++); ++ ptout += 3; ++ break; ++ } + } +- /* printf ("%lu bytes, all ASCII\n", (unsigned long)(s - data->bv_val)); */ +- return data->bv_val; ++ *ptout = 0; ++ return buf; + } + + static const char * +-- +2.44.0 + diff --git a/389-ds-base.spec b/389-ds-base.spec index 251b6e5..a7462e9 100644 --- a/389-ds-base.spec +++ b/389-ds-base.spec @@ -46,9 +46,9 @@ ExcludeArch: i686 Summary: 389 Directory Server (base) Name: 389-ds-base -Version: 2.4.5 -Release: 6%{?dist} -License: GPLv3+ and (ASL 2.0 or MIT) and MIT and (Unlicense or MIT) and (0BSD or MIT or ASL 2.0) and MPLv2.0 and ASL 2.0 and (MIT or zlib or ASL 2.0) and ((MIT or ASL 2.0) and Unicode-DFS-2016) and (ASL 2.0 or Boost) and BSD +Version: 2.5.1 +Release: 1%{?dist} +License: GPL-3.0-or-later AND (0BSD OR Apache-2.0 OR MIT) AND (Apache-2.0 OR Apache-2.0 WITH LLVM-exception OR MIT) AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR MIT OR Zlib) AND (Apache-2.0 OR MIT) AND (CC-BY-4.0 AND MIT) AND (MIT OR Apache-2.0) AND Unicode-DFS-2016 AND (MIT OR CC0-1.0) AND (MIT OR Unlicense) AND 0BSD AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND ISC AND MIT AND MIT AND ISC AND MPL-2.0 AND PSF-2.0 URL: https://www.port389.org Conflicts: selinux-policy-base < 3.9.8 Conflicts: freeipa-server < 4.0.3 @@ -60,109 +60,283 @@ Provides: ldif2ldbm >= 0 ##### Bundled cargo crates list - START ##### Provides: bundled(crate(addr2line)) = 0.21.0 Provides: bundled(crate(adler)) = 1.0.2 -Provides: bundled(crate(ahash)) = 0.7.7 -Provides: bundled(crate(ansi_term)) = 0.12.1 +Provides: bundled(crate(ahash)) = 0.7.8 Provides: bundled(crate(atty)) = 0.2.14 -Provides: bundled(crate(autocfg)) = 1.1.0 -Provides: bundled(crate(backtrace)) = 0.3.69 +Provides: bundled(crate(autocfg)) = 1.3.0 +Provides: bundled(crate(backtrace)) = 0.3.71 Provides: bundled(crate(base64)) = 0.13.1 -Provides: bundled(crate(bitflags)) = 1.3.2 -Provides: bundled(crate(bitflags)) = 2.4.1 +Provides: bundled(crate(bitflags)) = 2.5.0 Provides: bundled(crate(byteorder)) = 1.5.0 -Provides: bundled(crate(cbindgen)) = 0.9.1 -Provides: bundled(crate(cc)) = 1.0.83 +Provides: bundled(crate(cbindgen)) = 0.26.0 +Provides: bundled(crate(cc)) = 1.0.97 Provides: bundled(crate(cfg-if)) = 1.0.0 -Provides: bundled(crate(clap)) = 2.34.0 +Provides: bundled(crate(clap)) = 3.2.25 +Provides: bundled(crate(clap_lex)) = 0.2.4 Provides: bundled(crate(concread)) = 0.2.21 Provides: bundled(crate(crossbeam)) = 0.8.4 -Provides: bundled(crate(crossbeam-channel)) = 0.5.11 +Provides: bundled(crate(crossbeam-channel)) = 0.5.12 Provides: bundled(crate(crossbeam-deque)) = 0.8.5 Provides: bundled(crate(crossbeam-epoch)) = 0.9.18 Provides: bundled(crate(crossbeam-queue)) = 0.3.11 Provides: bundled(crate(crossbeam-utils)) = 0.8.19 -Provides: bundled(crate(entryuuid)) = 0.1.0 -Provides: bundled(crate(entryuuid_syntax)) = 0.1.0 Provides: bundled(crate(errno)) = 0.3.8 -Provides: bundled(crate(fastrand)) = 2.0.1 +Provides: bundled(crate(fastrand)) = 2.1.0 Provides: bundled(crate(fernet)) = 0.1.4 Provides: bundled(crate(foreign-types)) = 0.3.2 Provides: bundled(crate(foreign-types-shared)) = 0.1.1 -Provides: bundled(crate(getrandom)) = 0.2.12 +Provides: bundled(crate(getrandom)) = 0.2.15 Provides: bundled(crate(gimli)) = 0.28.1 Provides: bundled(crate(hashbrown)) = 0.12.3 +Provides: bundled(crate(heck)) = 0.4.1 Provides: bundled(crate(hermit-abi)) = 0.1.19 +Provides: bundled(crate(indexmap)) = 1.9.3 Provides: bundled(crate(instant)) = 0.1.12 -Provides: bundled(crate(itoa)) = 1.0.10 -Provides: bundled(crate(jobserver)) = 0.1.27 -Provides: bundled(crate(libc)) = 0.2.152 -Provides: bundled(crate(librnsslapd)) = 0.1.0 -Provides: bundled(crate(librslapd)) = 0.1.0 -Provides: bundled(crate(linux-raw-sys)) = 0.4.12 -Provides: bundled(crate(lock_api)) = 0.4.11 -Provides: bundled(crate(log)) = 0.4.20 +Provides: bundled(crate(itoa)) = 1.0.11 +Provides: bundled(crate(jobserver)) = 0.1.31 +Provides: bundled(crate(libc)) = 0.2.154 +Provides: bundled(crate(linux-raw-sys)) = 0.4.13 +Provides: bundled(crate(lock_api)) = 0.4.12 +Provides: bundled(crate(log)) = 0.4.21 Provides: bundled(crate(lru)) = 0.7.8 -Provides: bundled(crate(memchr)) = 2.7.1 -Provides: bundled(crate(miniz_oxide)) = 0.7.1 +Provides: bundled(crate(memchr)) = 2.7.2 +Provides: bundled(crate(miniz_oxide)) = 0.7.2 Provides: bundled(crate(object)) = 0.32.2 Provides: bundled(crate(once_cell)) = 1.19.0 -Provides: bundled(crate(openssl)) = 0.10.62 +Provides: bundled(crate(openssl)) = 0.10.64 Provides: bundled(crate(openssl-macros)) = 0.1.1 -Provides: bundled(crate(openssl-sys)) = 0.9.98 +Provides: bundled(crate(openssl-sys)) = 0.9.102 +Provides: bundled(crate(os_str_bytes)) = 6.6.1 Provides: bundled(crate(parking_lot)) = 0.11.2 Provides: bundled(crate(parking_lot_core)) = 0.8.6 Provides: bundled(crate(paste)) = 0.1.18 Provides: bundled(crate(paste-impl)) = 0.1.18 -Provides: bundled(crate(pin-project-lite)) = 0.2.13 -Provides: bundled(crate(pkg-config)) = 0.3.28 +Provides: bundled(crate(pin-project-lite)) = 0.2.14 +Provides: bundled(crate(pkg-config)) = 0.3.30 Provides: bundled(crate(ppv-lite86)) = 0.2.17 Provides: bundled(crate(proc-macro-hack)) = 0.5.20+deprecated -Provides: bundled(crate(proc-macro2)) = 1.0.76 -Provides: bundled(crate(pwdchan)) = 0.1.0 -Provides: bundled(crate(quote)) = 1.0.35 +Provides: bundled(crate(proc-macro2)) = 1.0.82 +Provides: bundled(crate(quote)) = 1.0.36 Provides: bundled(crate(rand)) = 0.8.5 Provides: bundled(crate(rand_chacha)) = 0.3.1 Provides: bundled(crate(rand_core)) = 0.6.4 Provides: bundled(crate(redox_syscall)) = 0.2.16 -Provides: bundled(crate(redox_syscall)) = 0.4.1 -Provides: bundled(crate(rustc-demangle)) = 0.1.23 -Provides: bundled(crate(rustix)) = 0.38.28 -Provides: bundled(crate(ryu)) = 1.0.16 +Provides: bundled(crate(rustc-demangle)) = 0.1.24 +Provides: bundled(crate(rustix)) = 0.38.34 +Provides: bundled(crate(ryu)) = 1.0.18 Provides: bundled(crate(scopeguard)) = 1.2.0 -Provides: bundled(crate(serde)) = 1.0.195 -Provides: bundled(crate(serde_derive)) = 1.0.195 -Provides: bundled(crate(serde_json)) = 1.0.111 -Provides: bundled(crate(slapd)) = 0.1.0 -Provides: bundled(crate(slapi_r_plugin)) = 0.1.0 -Provides: bundled(crate(smallvec)) = 1.11.2 -Provides: bundled(crate(strsim)) = 0.8.0 -Provides: bundled(crate(syn)) = 1.0.109 -Provides: bundled(crate(syn)) = 2.0.48 -Provides: bundled(crate(tempfile)) = 3.9.0 -Provides: bundled(crate(textwrap)) = 0.11.0 -Provides: bundled(crate(tokio)) = 1.35.1 +Provides: bundled(crate(serde)) = 1.0.201 +Provides: bundled(crate(serde_derive)) = 1.0.201 +Provides: bundled(crate(serde_json)) = 1.0.117 +Provides: bundled(crate(smallvec)) = 1.13.2 +Provides: bundled(crate(strsim)) = 0.10.0 +Provides: bundled(crate(syn)) = 2.0.61 +Provides: bundled(crate(tempfile)) = 3.10.1 +Provides: bundled(crate(termcolor)) = 1.4.1 +Provides: bundled(crate(textwrap)) = 0.16.1 +Provides: bundled(crate(tokio)) = 1.37.0 Provides: bundled(crate(tokio-macros)) = 2.2.0 Provides: bundled(crate(toml)) = 0.5.11 Provides: bundled(crate(unicode-ident)) = 1.0.12 -Provides: bundled(crate(unicode-width)) = 0.1.11 Provides: bundled(crate(uuid)) = 0.8.2 Provides: bundled(crate(vcpkg)) = 0.2.15 -Provides: bundled(crate(vec_map)) = 0.8.2 Provides: bundled(crate(version_check)) = 0.9.4 Provides: bundled(crate(wasi)) = 0.11.0+wasi_snapshot_preview1 Provides: bundled(crate(winapi)) = 0.3.9 Provides: bundled(crate(winapi-i686-pc-windows-gnu)) = 0.4.0 +Provides: bundled(crate(winapi-util)) = 0.1.8 Provides: bundled(crate(winapi-x86_64-pc-windows-gnu)) = 0.4.0 Provides: bundled(crate(windows-sys)) = 0.52.0 -Provides: bundled(crate(windows-targets)) = 0.52.0 -Provides: bundled(crate(windows_aarch64_gnullvm)) = 0.52.0 -Provides: bundled(crate(windows_aarch64_msvc)) = 0.52.0 -Provides: bundled(crate(windows_i686_gnu)) = 0.52.0 -Provides: bundled(crate(windows_i686_msvc)) = 0.52.0 -Provides: bundled(crate(windows_x86_64_gnu)) = 0.52.0 -Provides: bundled(crate(windows_x86_64_gnullvm)) = 0.52.0 -Provides: bundled(crate(windows_x86_64_msvc)) = 0.52.0 +Provides: bundled(crate(windows-targets)) = 0.52.5 +Provides: bundled(crate(windows_aarch64_gnullvm)) = 0.52.5 +Provides: bundled(crate(windows_aarch64_msvc)) = 0.52.5 +Provides: bundled(crate(windows_i686_gnu)) = 0.52.5 +Provides: bundled(crate(windows_i686_gnullvm)) = 0.52.5 +Provides: bundled(crate(windows_i686_msvc)) = 0.52.5 +Provides: bundled(crate(windows_x86_64_gnu)) = 0.52.5 +Provides: bundled(crate(windows_x86_64_gnullvm)) = 0.52.5 +Provides: bundled(crate(windows_x86_64_msvc)) = 0.52.5 Provides: bundled(crate(zeroize)) = 1.7.0 Provides: bundled(crate(zeroize_derive)) = 1.4.2 +Provides: bundled(npm(@aashutoshrathi/word-wrap)) = 1.2.6 +Provides: bundled(npm(@eslint-community/eslint-utils)) = 4.4.0 +Provides: bundled(npm(@eslint-community/regexpp)) = 4.5.1 +Provides: bundled(npm(@eslint/eslintrc)) = 2.0.3 +Provides: bundled(npm(@eslint/js)) = 8.42.0 +Provides: bundled(npm(@fortawesome/fontawesome-common-types)) = 0.2.36 +Provides: bundled(npm(@fortawesome/fontawesome-svg-core)) = 1.2.36 +Provides: bundled(npm(@fortawesome/free-solid-svg-icons)) = 5.15.4 +Provides: bundled(npm(@fortawesome/react-fontawesome)) = 0.1.19 +Provides: bundled(npm(@humanwhocodes/config-array)) = 0.11.10 +Provides: bundled(npm(@humanwhocodes/module-importer)) = 1.0.1 +Provides: bundled(npm(@humanwhocodes/object-schema)) = 1.2.1 +Provides: bundled(npm(@nodelib/fs.scandir)) = 2.1.5 +Provides: bundled(npm(@nodelib/fs.stat)) = 2.0.5 +Provides: bundled(npm(@nodelib/fs.walk)) = 1.2.8 +Provides: bundled(npm(@patternfly/patternfly)) = 4.224.2 +Provides: bundled(npm(@patternfly/react-charts)) = 6.94.19 +Provides: bundled(npm(@patternfly/react-core)) = 4.276.8 +Provides: bundled(npm(@patternfly/react-icons)) = 4.93.6 +Provides: bundled(npm(@patternfly/react-styles)) = 4.92.6 +Provides: bundled(npm(@patternfly/react-table)) = 4.113.0 +Provides: bundled(npm(@patternfly/react-tokens)) = 4.94.6 +Provides: bundled(npm(@types/d3-array)) = 3.0.5 +Provides: bundled(npm(@types/d3-color)) = 3.1.0 +Provides: bundled(npm(@types/d3-ease)) = 3.0.0 +Provides: bundled(npm(@types/d3-interpolate)) = 3.0.1 +Provides: bundled(npm(@types/d3-path)) = 3.0.0 +Provides: bundled(npm(@types/d3-scale)) = 4.0.3 +Provides: bundled(npm(@types/d3-shape)) = 3.1.1 +Provides: bundled(npm(@types/d3-time)) = 3.0.0 +Provides: bundled(npm(@types/d3-timer)) = 3.0.0 +Provides: bundled(npm(acorn)) = 8.8.2 +Provides: bundled(npm(acorn-jsx)) = 5.3.2 +Provides: bundled(npm(ajv)) = 6.12.6 +Provides: bundled(npm(ansi-regex)) = 5.0.1 +Provides: bundled(npm(ansi-styles)) = 4.3.0 +Provides: bundled(npm(argparse)) = 2.0.1 +Provides: bundled(npm(attr-accept)) = 1.1.3 +Provides: bundled(npm(balanced-match)) = 1.0.2 +Provides: bundled(npm(brace-expansion)) = 1.1.11 +Provides: bundled(npm(callsites)) = 3.1.0 +Provides: bundled(npm(chalk)) = 4.1.2 +Provides: bundled(npm(color-convert)) = 2.0.1 +Provides: bundled(npm(color-name)) = 1.1.4 +Provides: bundled(npm(concat-map)) = 0.0.1 +Provides: bundled(npm(core-js)) = 2.6.12 +Provides: bundled(npm(cross-spawn)) = 7.0.3 +Provides: bundled(npm(d3-array)) = 3.2.4 +Provides: bundled(npm(d3-color)) = 3.1.0 +Provides: bundled(npm(d3-ease)) = 3.0.1 +Provides: bundled(npm(d3-format)) = 3.1.0 +Provides: bundled(npm(d3-interpolate)) = 3.0.1 +Provides: bundled(npm(d3-path)) = 3.1.0 +Provides: bundled(npm(d3-scale)) = 4.0.2 +Provides: bundled(npm(d3-shape)) = 3.2.0 +Provides: bundled(npm(d3-time)) = 3.1.0 +Provides: bundled(npm(d3-time-format)) = 4.1.0 +Provides: bundled(npm(d3-timer)) = 3.0.1 +Provides: bundled(npm(debug)) = 4.3.4 +Provides: bundled(npm(deep-is)) = 0.1.4 +Provides: bundled(npm(delaunator)) = 4.0.1 +Provides: bundled(npm(delaunay-find)) = 0.0.6 +Provides: bundled(npm(doctrine)) = 3.0.0 +Provides: bundled(npm(encoding)) = 0.1.13 +Provides: bundled(npm(escape-string-regexp)) = 4.0.0 +Provides: bundled(npm(eslint)) = 8.42.0 +Provides: bundled(npm(eslint-plugin-react-hooks)) = 4.6.0 +Provides: bundled(npm(eslint-scope)) = 7.2.0 +Provides: bundled(npm(eslint-visitor-keys)) = 3.4.1 +Provides: bundled(npm(espree)) = 9.5.2 +Provides: bundled(npm(esquery)) = 1.5.0 +Provides: bundled(npm(esrecurse)) = 4.3.0 +Provides: bundled(npm(estraverse)) = 5.3.0 +Provides: bundled(npm(esutils)) = 2.0.3 +Provides: bundled(npm(fast-deep-equal)) = 3.1.3 +Provides: bundled(npm(fast-json-stable-stringify)) = 2.1.0 +Provides: bundled(npm(fast-levenshtein)) = 2.0.6 +Provides: bundled(npm(fastq)) = 1.15.0 +Provides: bundled(npm(file-entry-cache)) = 6.0.1 +Provides: bundled(npm(file-selector)) = 0.1.19 +Provides: bundled(npm(find-up)) = 5.0.0 +Provides: bundled(npm(flat-cache)) = 3.0.4 +Provides: bundled(npm(flatted)) = 3.2.7 +Provides: bundled(npm(focus-trap)) = 6.9.2 +Provides: bundled(npm(fs.realpath)) = 1.0.0 +Provides: bundled(npm(gettext-parser)) = 2.0.0 +Provides: bundled(npm(glob)) = 7.2.3 +Provides: bundled(npm(glob-parent)) = 6.0.2 +Provides: bundled(npm(globals)) = 13.20.0 +Provides: bundled(npm(graphemer)) = 1.4.0 +Provides: bundled(npm(has-flag)) = 4.0.0 +Provides: bundled(npm(hoist-non-react-statics)) = 3.3.2 +Provides: bundled(npm(iconv-lite)) = 0.6.3 +Provides: bundled(npm(ignore)) = 5.2.4 +Provides: bundled(npm(import-fresh)) = 3.3.0 +Provides: bundled(npm(imurmurhash)) = 0.1.4 +Provides: bundled(npm(inflight)) = 1.0.6 +Provides: bundled(npm(inherits)) = 2.0.4 +Provides: bundled(npm(internmap)) = 2.0.3 +Provides: bundled(npm(is-extglob)) = 2.1.1 +Provides: bundled(npm(is-glob)) = 4.0.3 +Provides: bundled(npm(is-path-inside)) = 3.0.3 +Provides: bundled(npm(isexe)) = 2.0.0 +Provides: bundled(npm(js-tokens)) = 4.0.0 +Provides: bundled(npm(js-yaml)) = 4.1.0 +Provides: bundled(npm(json-schema-traverse)) = 0.4.1 +Provides: bundled(npm(json-stable-stringify-without-jsonify)) = 1.0.1 +Provides: bundled(npm(json-stringify-safe)) = 5.0.1 +Provides: bundled(npm(levn)) = 0.4.1 +Provides: bundled(npm(locate-path)) = 6.0.0 +Provides: bundled(npm(lodash)) = 4.17.21 +Provides: bundled(npm(lodash.merge)) = 4.6.2 +Provides: bundled(npm(loose-envify)) = 1.4.0 +Provides: bundled(npm(minimatch)) = 3.1.2 +Provides: bundled(npm(ms)) = 2.1.2 +Provides: bundled(npm(natural-compare)) = 1.4.0 +Provides: bundled(npm(object-assign)) = 4.1.1 +Provides: bundled(npm(once)) = 1.4.0 +Provides: bundled(npm(optionator)) = 0.9.3 +Provides: bundled(npm(p-limit)) = 3.1.0 +Provides: bundled(npm(p-locate)) = 5.0.0 +Provides: bundled(npm(parent-module)) = 1.0.1 +Provides: bundled(npm(path-exists)) = 4.0.0 +Provides: bundled(npm(path-is-absolute)) = 1.0.1 +Provides: bundled(npm(path-key)) = 3.1.1 +Provides: bundled(npm(popper.js)) = 1.16.1 +Provides: bundled(npm(prelude-ls)) = 1.2.1 +Provides: bundled(npm(prop-types)) = 15.8.1 +Provides: bundled(npm(prop-types-extra)) = 1.1.1 +Provides: bundled(npm(punycode)) = 2.3.0 +Provides: bundled(npm(queue-microtask)) = 1.2.3 +Provides: bundled(npm(react)) = 17.0.2 +Provides: bundled(npm(react-dom)) = 17.0.2 +Provides: bundled(npm(react-dropzone)) = 9.0.0 +Provides: bundled(npm(react-fast-compare)) = 3.2.2 +Provides: bundled(npm(react-is)) = 16.13.1 +Provides: bundled(npm(resolve-from)) = 4.0.0 +Provides: bundled(npm(reusify)) = 1.0.4 +Provides: bundled(npm(rimraf)) = 3.0.2 +Provides: bundled(npm(run-parallel)) = 1.2.0 +Provides: bundled(npm(safe-buffer)) = 5.2.1 +Provides: bundled(npm(safer-buffer)) = 2.1.2 +Provides: bundled(npm(scheduler)) = 0.20.2 +Provides: bundled(npm(shebang-command)) = 2.0.0 +Provides: bundled(npm(shebang-regex)) = 3.0.0 +Provides: bundled(npm(strip-ansi)) = 6.0.1 +Provides: bundled(npm(strip-json-comments)) = 3.1.1 +Provides: bundled(npm(supports-color)) = 7.2.0 +Provides: bundled(npm(tabbable)) = 5.3.3 +Provides: bundled(npm(text-table)) = 0.2.0 +Provides: bundled(npm(tippy.js)) = 5.1.2 +Provides: bundled(npm(tslib)) = 2.5.3 +Provides: bundled(npm(type-check)) = 0.4.0 +Provides: bundled(npm(type-fest)) = 0.20.2 +Provides: bundled(npm(uri-js)) = 4.4.1 +Provides: bundled(npm(victory-area)) = 36.6.10 +Provides: bundled(npm(victory-axis)) = 36.6.10 +Provides: bundled(npm(victory-bar)) = 36.6.10 +Provides: bundled(npm(victory-brush-container)) = 36.6.10 +Provides: bundled(npm(victory-chart)) = 36.6.10 +Provides: bundled(npm(victory-core)) = 36.6.10 +Provides: bundled(npm(victory-create-container)) = 36.6.10 +Provides: bundled(npm(victory-cursor-container)) = 36.6.10 +Provides: bundled(npm(victory-group)) = 36.6.10 +Provides: bundled(npm(victory-legend)) = 36.6.10 +Provides: bundled(npm(victory-line)) = 36.6.10 +Provides: bundled(npm(victory-pie)) = 36.6.10 +Provides: bundled(npm(victory-polar-axis)) = 36.6.10 +Provides: bundled(npm(victory-scatter)) = 36.6.10 +Provides: bundled(npm(victory-selection-container)) = 36.6.10 +Provides: bundled(npm(victory-shared-events)) = 36.6.10 +Provides: bundled(npm(victory-stack)) = 36.6.10 +Provides: bundled(npm(victory-tooltip)) = 36.6.10 +Provides: bundled(npm(victory-vendor)) = 36.6.10 +Provides: bundled(npm(victory-voronoi-container)) = 36.6.10 +Provides: bundled(npm(victory-zoom-container)) = 36.6.10 +Provides: bundled(npm(warning)) = 4.0.3 +Provides: bundled(npm(which)) = 2.0.2 +Provides: bundled(npm(wrappy)) = 1.0.2 +Provides: bundled(npm(yocto-queue)) = 0.1.0 ##### Bundled cargo crates list - END ##### BuildRequires: nspr-devel >= 4.32 @@ -292,9 +466,7 @@ Source2: %{name}-devel.README Source3: https://github.com/jemalloc/%{jemalloc_name}/releases/download/%{jemalloc_ver}/%{jemalloc_name}-%{jemalloc_ver}.tar.bz2 %endif Source4: 389-ds-base.sysusers -Patch0: 0001-Issue-3527-Support-HAProxy-and-Instance-on-the-same-.patch -Patch1: 0002-Issue-6112-RFE-add-new-operation-note-for-MFA-authen.patch -Patch2: 0003-Issue-6133-Move-slapi_pblock_set_flag_operation_note.patch +Patch01: 0001-CVE-2024-3657.patch %description @@ -738,6 +910,11 @@ exit 0 %endif %changelog +* Tue May 07 2024 James Chapman - 2.5.1-1 +- Bump version to 2.5.1-1 +- Resolves: RHEL-31777 - Rebase 389-ds-base.2.5.1 in RHEL 9.5 +- Resolves: RHEL-33348 - redhat-ds:11/389-ds-base: potential denial of service via specially crafted kerberos AS-REQ requ + * Thu Apr 04 2024 Viktor Ashirov - 2.4.5-6 - Bump version to 2.4.5-6 - Resolves: RHEL-30588 - [RFE] allows plugins to log multi-factor authentication notification diff --git a/sources b/sources index 6604548..f7ddc58 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (389-ds-base-2.4.5.tar.bz2) = 452c2194bdbe6c4c87409469e33de6d134f3a839f329f67cd5e7d92bbc635c7914f76acc85bcdd8e68427234c1c5b00cee83b7f83f293f9df0666dca3dd38375 SHA512 (jemalloc-5.3.0.tar.bz2) = 22907bb052096e2caffb6e4e23548aecc5cc9283dce476896a2b1127eee64170e3562fa2e7db9571298814a7a2c7df6e8d1fbe152bd3f3b0c1abec22a2de34b1 +SHA512 (389-ds-base-2.5.1.tar.bz2) = bb3c9b4f08787deccc70a653520438b386f8b45d69ab3a755ed67c6b2896fb1727a8710643e042d68af5126b3183ee6cd501816f476541566bad0727c99de36c