From 0381070f4db756c9771576582981e332aab5d141 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Oct 04 2021 20:26:49 +0000 Subject: import 389-ds-base-1.4.3.23-10.module+el8.5.0+12398+47000435 --- diff --git a/SOURCES/0027-Issue-4734-import-of-entry-with-no-parent-warning-47.patch b/SOURCES/0027-Issue-4734-import-of-entry-with-no-parent-warning-47.patch new file mode 100644 index 0000000..138ee66 --- /dev/null +++ b/SOURCES/0027-Issue-4734-import-of-entry-with-no-parent-warning-47.patch @@ -0,0 +1,39 @@ +From a2a51130b2f95316237b85da099a8be734969e54 Mon Sep 17 00:00:00 2001 +From: James Chapman +Date: Sat, 24 Apr 2021 21:37:54 +0100 +Subject: [PATCH] Issue 4734 - import of entry with no parent warning (#4735) + +Description: Online import of ldif file that contains an entry with + no parent doesnt generate a task warning. + +Fixes: https://github.com/389ds/389-ds-base/issues/4734 + +Author: vashirov@redhat.com (Thanks) + +Reviewed by: mreynolds, jchapma +--- + ldap/servers/slapd/back-ldbm/db-bdb/bdb_import_threads.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/ldap/servers/slapd/back-ldbm/db-bdb/bdb_import_threads.c b/ldap/servers/slapd/back-ldbm/db-bdb/bdb_import_threads.c +index 905a84e74..35183ed59 100644 +--- a/ldap/servers/slapd/back-ldbm/db-bdb/bdb_import_threads.c ++++ b/ldap/servers/slapd/back-ldbm/db-bdb/bdb_import_threads.c +@@ -2767,8 +2767,14 @@ import_foreman(void *param) + if (job->flags & FLAG_ABORT) { + goto error; + } ++ ++ /* capture skipped entry warnings for this task */ ++ if((job) && (job->skipped)) { ++ slapi_task_set_warning(job->task, WARN_SKIPPED_IMPORT_ENTRY); ++ } + } + ++ + slapi_pblock_destroy(pb); + info->state = FINISHED; + return; +-- +2.31.1 + diff --git a/SOURCES/0028-Issue-4872-BUG-entryuuid-enabled-by-default-causes-r.patch b/SOURCES/0028-Issue-4872-BUG-entryuuid-enabled-by-default-causes-r.patch new file mode 100644 index 0000000..a9d5958 --- /dev/null +++ b/SOURCES/0028-Issue-4872-BUG-entryuuid-enabled-by-default-causes-r.patch @@ -0,0 +1,37 @@ +From f9bc249b2baa11a8ac0eb54e4077eb706d137e38 Mon Sep 17 00:00:00 2001 +From: Firstyear +Date: Thu, 19 Aug 2021 11:06:06 +1000 +Subject: [PATCH] Issue 4872 - BUG - entryuuid enabled by default causes + replication issues (#4876) + +Bug Description: Due to older servers missing the syntax +plugin this breaks schema replication and causes cascading +errors. + +Fix Description: This changes the syntax to be a case +insensitive string, while leaving the plugins in place +for other usage. + +fixes: https://github.com/389ds/389-ds-base/issues/4872 + +Author: William Brown + +Review by: @mreynolds389 @progier389 +--- + ldap/schema/03entryuuid.ldif | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/ldap/schema/03entryuuid.ldif b/ldap/schema/03entryuuid.ldif +index cbde981fe..f7a7f40d5 100644 +--- a/ldap/schema/03entryuuid.ldif ++++ b/ldap/schema/03entryuuid.ldif +@@ -13,4 +13,5 @@ dn: cn=schema + # + # attributes + # +-attributeTypes: ( 1.3.6.1.1.16.4 NAME 'entryUUID' DESC 'UUID of the entry' EQUALITY UUIDMatch ORDERING UUIDOrderingMatch SYNTAX 1.3.6.1.1.16.1 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) ++# attributeTypes: ( 1.3.6.1.1.16.4 NAME 'entryUUID' DESC 'UUID of the entry' EQUALITY UUIDMatch ORDERING UUIDOrderingMatch SYNTAX 1.3.6.1.1.16.1 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) ++attributeTypes: ( 1.3.6.1.1.16.4 NAME 'entryUUID' DESC 'UUID of the entry' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) +-- +2.31.1 + diff --git a/SOURCES/0029-Remove-GOST-YESCRYPT-password-sotrage-scheme.patch b/SOURCES/0029-Remove-GOST-YESCRYPT-password-sotrage-scheme.patch new file mode 100644 index 0000000..7b74019 --- /dev/null +++ b/SOURCES/0029-Remove-GOST-YESCRYPT-password-sotrage-scheme.patch @@ -0,0 +1,125 @@ +From 120511d35095a48d60abbb7cb2367d0c30fbc757 Mon Sep 17 00:00:00 2001 +From: Mark Reynolds +Date: Wed, 25 Aug 2021 13:20:56 -0400 +Subject: [PATCH] Remove GOST-YESCRYPT password sotrage scheme + +--- + .../tests/suites/password/pwd_algo_test.py | 1 - + ldap/ldif/template-dse-minimal.ldif.in | 9 --------- + ldap/ldif/template-dse.ldif.in | 9 --------- + ldap/servers/plugins/pwdstorage/pwd_init.c | 18 ------------------ + ldap/servers/slapd/fedse.c | 13 ------------- + 5 files changed, 50 deletions(-) + +diff --git a/dirsrvtests/tests/suites/password/pwd_algo_test.py b/dirsrvtests/tests/suites/password/pwd_algo_test.py +index 66bda420e..88f8e40b7 100644 +--- a/dirsrvtests/tests/suites/password/pwd_algo_test.py ++++ b/dirsrvtests/tests/suites/password/pwd_algo_test.py +@@ -124,7 +124,6 @@ def _test_algo_for_pbkdf2(inst, algo_name): + ('CLEAR', 'CRYPT', 'CRYPT-MD5', 'CRYPT-SHA256', 'CRYPT-SHA512', + 'MD5', 'SHA', 'SHA256', 'SHA384', 'SHA512', 'SMD5', 'SSHA', + 'SSHA256', 'SSHA384', 'SSHA512', 'PBKDF2_SHA256', 'DEFAULT', +- 'GOST_YESCRYPT', + )) + def test_pwd_algo_test(topology_st, algo): + """Assert that all of our password algorithms correctly PASS and FAIL varying +diff --git a/ldap/ldif/template-dse-minimal.ldif.in b/ldap/ldif/template-dse-minimal.ldif.in +index 2eccae9b2..1a05f4a67 100644 +--- a/ldap/ldif/template-dse-minimal.ldif.in ++++ b/ldap/ldif/template-dse-minimal.ldif.in +@@ -194,15 +194,6 @@ nsslapd-pluginarg1: nsds5ReplicaCredentials + nsslapd-pluginid: aes-storage-scheme + nsslapd-pluginprecedence: 1 + +-dn: cn=GOST_YESCRYPT,cn=Password Storage Schemes,cn=plugins,cn=config +-objectclass: top +-objectclass: nsSlapdPlugin +-cn: GOST_YESCRYPT +-nsslapd-pluginpath: libpwdstorage-plugin +-nsslapd-plugininitfunc: gost_yescrypt_pwd_storage_scheme_init +-nsslapd-plugintype: pwdstoragescheme +-nsslapd-pluginenabled: on +- + dn: cn=Syntax Validation Task,cn=plugins,cn=config + objectclass: top + objectclass: nsSlapdPlugin +diff --git a/ldap/ldif/template-dse.ldif.in b/ldap/ldif/template-dse.ldif.in +index 7e7480cba..f30531bec 100644 +--- a/ldap/ldif/template-dse.ldif.in ++++ b/ldap/ldif/template-dse.ldif.in +@@ -242,15 +242,6 @@ nsslapd-pluginarg2: nsds5ReplicaBootstrapCredentials + nsslapd-pluginid: aes-storage-scheme + nsslapd-pluginprecedence: 1 + +-dn: cn=GOST_YESCRYPT,cn=Password Storage Schemes,cn=plugins,cn=config +-objectclass: top +-objectclass: nsSlapdPlugin +-cn: GOST_YESCRYPT +-nsslapd-pluginpath: libpwdstorage-plugin +-nsslapd-plugininitfunc: gost_yescrypt_pwd_storage_scheme_init +-nsslapd-plugintype: pwdstoragescheme +-nsslapd-pluginenabled: on +- + dn: cn=Syntax Validation Task,cn=plugins,cn=config + objectclass: top + objectclass: nsSlapdPlugin +diff --git a/ldap/servers/plugins/pwdstorage/pwd_init.c b/ldap/servers/plugins/pwdstorage/pwd_init.c +index 606e63404..59cfc4684 100644 +--- a/ldap/servers/plugins/pwdstorage/pwd_init.c ++++ b/ldap/servers/plugins/pwdstorage/pwd_init.c +@@ -52,8 +52,6 @@ static Slapi_PluginDesc smd5_pdesc = {"smd5-password-storage-scheme", VENDOR, DS + + static Slapi_PluginDesc pbkdf2_sha256_pdesc = {"pbkdf2-sha256-password-storage-scheme", VENDOR, DS_PACKAGE_VERSION, "Salted PBKDF2 SHA256 hash algorithm (PBKDF2_SHA256)"}; + +-static Slapi_PluginDesc gost_yescrypt_pdesc = {"gost-yescrypt-password-storage-scheme", VENDOR, DS_PACKAGE_VERSION, "Yescrypt KDF algorithm (Streebog256)"}; +- + static char *plugin_name = "NSPwdStoragePlugin"; + + int +@@ -431,19 +429,3 @@ pbkdf2_sha256_pwd_storage_scheme_init(Slapi_PBlock *pb) + return rc; + } + +-int +-gost_yescrypt_pwd_storage_scheme_init(Slapi_PBlock *pb) +-{ +- int rc; +- +- slapi_log_err(SLAPI_LOG_PLUGIN, plugin_name, "=> gost_yescrypt_pwd_storage_scheme_init\n"); +- +- rc = slapi_pblock_set(pb, SLAPI_PLUGIN_VERSION, (void *)SLAPI_PLUGIN_VERSION_01); +- rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_DESCRIPTION, (void *)&gost_yescrypt_pdesc); +- rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_ENC_FN, (void *)gost_yescrypt_pw_enc); +- rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_CMP_FN, (void *)gost_yescrypt_pw_cmp); +- rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_NAME, GOST_YESCRYPT_SCHEME_NAME); +- +- slapi_log_err(SLAPI_LOG_PLUGIN, plugin_name, "<= gost_yescrypt_pwd_storage_scheme_init %d\n", rc); +- return rc; +-} +diff --git a/ldap/servers/slapd/fedse.c b/ldap/servers/slapd/fedse.c +index 44159c991..24b7ed11c 100644 +--- a/ldap/servers/slapd/fedse.c ++++ b/ldap/servers/slapd/fedse.c +@@ -203,19 +203,6 @@ static const char *internal_entries[] = + "nsslapd-pluginVersion: none\n" + "nsslapd-pluginVendor: 389 Project\n" + "nsslapd-pluginDescription: CRYPT-SHA512\n", +- +- "dn: cn=GOST_YESCRYPT,cn=Password Storage Schemes,cn=plugins,cn=config\n" +- "objectclass: top\n" +- "objectclass: nsSlapdPlugin\n" +- "cn: GOST_YESCRYPT\n" +- "nsslapd-pluginpath: libpwdstorage-plugin\n" +- "nsslapd-plugininitfunc: gost_yescrypt_pwd_storage_scheme_init\n" +- "nsslapd-plugintype: pwdstoragescheme\n" +- "nsslapd-pluginenabled: on\n" +- "nsslapd-pluginId: GOST_YESCRYPT\n" +- "nsslapd-pluginVersion: none\n" +- "nsslapd-pluginVendor: 389 Project\n" +- "nsslapd-pluginDescription: GOST_YESCRYPT\n", + }; + + static int NUM_INTERNAL_ENTRIES = sizeof(internal_entries) / sizeof(internal_entries[0]); +-- +2.31.1 + diff --git a/SOURCES/0030-Issue-4884-server-crashes-when-dnaInterval-attribute.patch b/SOURCES/0030-Issue-4884-server-crashes-when-dnaInterval-attribute.patch new file mode 100644 index 0000000..332394c --- /dev/null +++ b/SOURCES/0030-Issue-4884-server-crashes-when-dnaInterval-attribute.patch @@ -0,0 +1,44 @@ +From df0ccce06259b9ef06d522e61da4e3ffcbbf5016 Mon Sep 17 00:00:00 2001 +From: Mark Reynolds +Date: Wed, 25 Aug 2021 16:54:57 -0400 +Subject: [PATCH] Issue 4884 - server crashes when dnaInterval attribute is set + to zero + +Bug Description: + +A division by zero crash occurs if the dnaInterval is set to zero + +Fix Description: + +Validate the config value of dnaInterval and adjust it to the +default/safe value of "1" if needed. + +relates: https://github.com/389ds/389-ds-base/issues/4884 + +Reviewed by: tbordaz(Thanks!) +--- + ldap/servers/plugins/dna/dna.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/ldap/servers/plugins/dna/dna.c b/ldap/servers/plugins/dna/dna.c +index 928a3f54a..c983ebdd0 100644 +--- a/ldap/servers/plugins/dna/dna.c ++++ b/ldap/servers/plugins/dna/dna.c +@@ -1025,7 +1025,14 @@ dna_parse_config_entry(Slapi_PBlock *pb, Slapi_Entry *e, int apply) + + value = slapi_entry_attr_get_charptr(e, DNA_INTERVAL); + if (value) { ++ errno = 0; + entry->interval = strtoull(value, 0, 0); ++ if (entry->interval == 0 || errno == ERANGE) { ++ slapi_log_err(SLAPI_LOG_WARNING, DNA_PLUGIN_SUBSYSTEM, ++ "dna_parse_config_entry - Invalid value for dnaInterval (%s), " ++ "Using default value of 1\n", value); ++ entry->interval = 1; ++ } + slapi_ch_free_string(&value); + } + +-- +2.31.1 + diff --git a/SPECS/389-ds-base.spec b/SPECS/389-ds-base.spec index 129ac96..bd2daeb 100644 --- a/SPECS/389-ds-base.spec +++ b/SPECS/389-ds-base.spec @@ -48,7 +48,7 @@ ExcludeArch: i686 Summary: 389 Directory Server (base) Name: 389-ds-base Version: 1.4.3.23 -Release: %{?relprefix}7%{?prerel}%{?dist} +Release: %{?relprefix}10%{?prerel}%{?dist} License: GPLv3+ URL: https://www.port389.org Group: System Environment/Daemons @@ -263,6 +263,10 @@ Patch23: 0023-Issue-4443-Internal-unindexed-searches-in-syncrepl-r.patc Patch24: 0024-Issue-4817-BUG-locked-crypt-accounts-on-import-may-a.patch Patch25: 0025-Issue-4837-persistent-search-returns-entries-even-wh.patch Patch26: 0026-Hardcode-gost-crypt-passsword-storage-scheme.patch +Patch27: 0027-Issue-4734-import-of-entry-with-no-parent-warning-47.patch +Patch28: 0028-Issue-4872-BUG-entryuuid-enabled-by-default-causes-r.patch +Patch29: 0029-Remove-GOST-YESCRYPT-password-sotrage-scheme.patch +Patch30: 0030-Issue-4884-server-crashes-when-dnaInterval-attribute.patch %description @@ -882,6 +886,19 @@ exit 0 %doc README.md %changelog +* Thu Aug 26 2021 Mark Reynolds - 1.4.3.23-10 +- Bump version to 1.4.3.23-10 +- Resolves: Bug 1997138 - LDAP server crashes when dnaInterval attribute is set to 0 + +* Wed Aug 25 2021 Mark Reynolds - 1.4.3.23-9 +- Bump version to 1.4.3.23-9 +- Resolves: Bug 1947044 - remove unsupported GOST password storage scheme + +* Thu Aug 19 2021 Mark Reynolds - 1.4.3.23-8 +- Bump version to 1.4.3.23-8 +- Resolves: Bug 1947044 - add missing patch for import result code +- Resolves: Bug 1944494 - support for RFC 4530 entryUUID attribute + * Mon Jul 26 2021 Mark Reynolds - 1.4.3.23-7 - Bump version to 1.4.3.23-7 - Resolves: Bug 1983921 - persistent search returns entries even when an error is returned by content-sync-plugin