packages/three-eight-nine-ds-base
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:041305941f31513a6c2491a69ce5be955f93cd88
Branches Tags
packages:main
..
compare: packages:aefd4c9cf66b097e30c7c78e48f5880e791caacd
Branches Tags
packages:main

No commits in common. "041305941f31513a6c2491a69ce5be955f93cd88" and "aefd4c9cf66b097e30c7c78e48f5880e791caacd" have entirely different histories.
041305941f ... aefd4c9cf6

5 changed files with 2 additions and 334 deletions
Show Stats Expand all files Collapse all files

27
389-ds-base.spec
View File

@ -6,8 +6,8 @@ ExcludeArch: i686
Name: 389-ds-base Name: 389-ds-base
Summary: Base 389 Directory Server Summary: Base 389 Directory Server
Version: 3.1.1 Version: 3.1.1
Release: 6 Release: 1
License: GPL-3.0-or-later License: GPLv3+
URL: https://www.port389.org URL: https://www.port389.org
Source0: https://releases.pagure.org/389-ds-base/389-ds-base-%{version}.tar.bz2 Source0: https://releases.pagure.org/389-ds-base/389-ds-base-%{version}.tar.bz2
Source1: 389-ds-base-git.sh Source1: 389-ds-base-git.sh
@ -15,11 +15,6 @@ Source2: 389-ds-base-devel.README
# Refer: https://github.com/389ds/389-ds-base/pull/5374 # Refer: https://github.com/389ds/389-ds-base/pull/5374
Patch0: fix-dsidm-posixgroup-get_dn-fails-with-search_ext.patch Patch0: fix-dsidm-posixgroup-get_dn-fails-with-search_ext.patch
Patch1: remove-where-cockpit_present-is-called.patch
Patch2: fix-dsidm-role-subtree-status-fails-with-TypeError.patch
# https://github.com/sfackler/rust-openssl/commit/f014afb230de4d77bc79dea60e7e58c2f47b60f2
Patch3: CVE-2025-24898.patch
Patch4: CVE-2025-2487.patch
BuildRequires: nspr-devel nss-devel >= 3.34 perl-generators openldap-devel libdb-devel cyrus-sasl-devel icu BuildRequires: nspr-devel nss-devel >= 3.34 perl-generators openldap-devel libdb-devel cyrus-sasl-devel icu
BuildRequires: libicu-devel pcre-devel cracklib-devel gcc-c++ net-snmp-devel lm_sensors-devel bzip2-devel BuildRequires: libicu-devel pcre-devel cracklib-devel gcc-c++ net-snmp-devel lm_sensors-devel bzip2-devel
@ -100,9 +95,6 @@ Documentation for 389 Directory Server.
%prep %prep
%autosetup -n 389-ds-base-%{version} -p1 %autosetup -n 389-ds-base-%{version} -p1
# fix typo
sed -i 's/sucessfully/successfully/g' src/lib389/lib389/cli_conf/backend.py
cp %{SOURCE2} README.devel cp %{SOURCE2} README.devel
%build %build
@ -329,21 +321,6 @@ exit 0
%{_mandir}/*/* %{_mandir}/*/*
%changelog %changelog
* Mon Mar 31 2025 wangkai <13474090681@163.com> - 3.1.1-6
- Fix CVE-2025-2487
* Thu Feb 06 2025 yaoxin <1024769339@qq.com> - 3.1.1-5
- Fix CVE-2025-24898
* Fri Nov 29 2024 wangkai <13474090681@163.com> - 3.1.1-4
- Fix typo sucessfully
* Tue Nov 26 2024 wangkai <13474090681@163.com> - 3.1.1-3
- Fix dsidm role subtree-status fails with TypeError
* Mon Nov 25 2024 xu_ping <707078654@qq.com> - 3.1.1-2
- fix name cockpit_present is not defined.
* Thu Aug 01 2024 yaoxin <yao_xin001@hoperun.com> - 3.1.1-1 * Thu Aug 01 2024 yaoxin <yao_xin001@hoperun.com> - 3.1.1-1
- Update to 3.1.1 - Update to 3.1.1
* Security fix for CVE-2024-6237,CVE-2024-5953,CVE-2024-3657,CVE-2024-2199 * Security fix for CVE-2024-6237,CVE-2024-5953,CVE-2024-3657,CVE-2024-2199

215
CVE-2025-2487.patch
View File

@ -1,215 +0,0 @@
From 7fbd4526c42806826ca1b335c5686b054486e613 Mon Sep 17 00:00:00 2001
From: Pierre Rogier <progier@redhat.com>
Date: Thu, 27 Feb 2025 16:36:48 +0100
Subject: [PATCH] Security fix for CVE-2025-2487
Origin: https://github.com/389ds/389-ds-base/commit/40e752922e6160356399cd07169ec1f76dd7db99
Description:
A denial of service vulnerability was found in the 389 Directory Server.
The 389 Directory Server may crash (Null Pointer Exception) after some
failed rename subtree operations (i.e. MODDN) issued by a user having enough
privileges to do so.
References:
- https://access.redhat.com/security/cve/CVE-2025-2487
- https://bugzilla.redhat.com/show_bug.cgi?id=2353071
---
ldap/servers/slapd/back-ldbm/findentry.c | 36 +++++++++++++++++-----
ldap/servers/slapd/back-ldbm/ldbm_add.c | 2 ++
ldap/servers/slapd/back-ldbm/ldbm_modify.c | 6 ++++
ldap/servers/slapd/back-ldbm/ldbm_modrdn.c | 13 ++++++--
4 files changed, 48 insertions(+), 9 deletions(-)
diff --git a/ldap/servers/slapd/back-ldbm/findentry.c b/ldap/servers/slapd/back-ldbm/findentry.c
index 7bb56ef2c4..907b4367a1 100644
--- a/ldap/servers/slapd/back-ldbm/findentry.c
+++ b/ldap/servers/slapd/back-ldbm/findentry.c
@@ -99,6 +99,7 @@ find_entry_internal_dn(
int isroot = 0;
int op_type;
int reverted_entry = 0;
+ int return_err = LDAP_SUCCESS;
/* get the managedsait ldap message control */
slapi_pblock_get(pb, SLAPI_MANAGEDSAIT, &managedsait);
@@ -121,6 +122,7 @@ find_entry_internal_dn(
if (rc) { /* if check_entry_for_referral returns non-zero, result is sent. */
*rc = FE_RC_SENT_RESULT;
}
+ slapi_set_ldap_result(pb, LDAP_REFERRAL, NULL, NULL, 0, NULL);
return (NULL);
}
}
@@ -153,7 +155,12 @@ find_entry_internal_dn(
slapi_log_err(SLAPI_LOG_ERR, "find_entry_internal_dn", "Retry count exceeded (%s)\n", slapi_sdn_get_dn(sdn));
}
if (reverted_entry) {
+ CACHE_RETURN(&inst->inst_cache, &e);
+ slapi_set_ldap_result(pb, LDAP_BUSY, NULL, NULL, 0, NULL);
slapi_send_ldap_result(pb, LDAP_BUSY, NULL, "target entry busy because of a canceled operation", 0, NULL);
+ if (rc) {
+ *rc = FE_RC_SENT_RESULT; /* Result is sent */
+ }
return (NULL);
}
/*
@@ -179,6 +186,7 @@ find_entry_internal_dn(
if (rc) { /* if check_entry_for_referral returns non-zero, result is sent. */
*rc = FE_RC_SENT_RESULT;
}
+ slapi_set_ldap_result(pb, LDAP_REFERRAL, NULL, NULL, 0, NULL);
return (NULL);
}
/* else fall through to no such object */
@@ -189,7 +197,7 @@ find_entry_internal_dn(
if (me && !isroot) {
/* If not root, you may not want to reveal it. */
int acl_type = -1;
- int return_err = LDAP_NO_SUCH_OBJECT;
+ return_err = LDAP_NO_SUCH_OBJECT;
err = LDAP_SUCCESS;
switch (op_type) {
case SLAPI_OPERATION_ADD:
@@ -230,18 +238,22 @@ find_entry_internal_dn(
* do not return the "matched" DN.
* Plus, the bind case returns LDAP_INAPPROPRIATE_AUTH.
*/
+ slapi_set_ldap_result(pb, return_err, NULL, NULL, 0, NULL);
slapi_send_ldap_result(pb, return_err, NULL, NULL, 0, NULL);
} else {
+ slapi_set_ldap_result(pb, LDAP_NO_SUCH_OBJECT, NULL, NULL, 0, NULL);
slapi_send_ldap_result(pb, LDAP_NO_SUCH_OBJECT,
(char *)slapi_sdn_get_dn(&ancestorsdn), NULL, 0, NULL);
}
} else {
+ slapi_set_ldap_result(pb, LDAP_NO_SUCH_OBJECT, NULL, NULL, 0, NULL);
slapi_send_ldap_result(pb, LDAP_NO_SUCH_OBJECT,
(char *)slapi_sdn_get_dn(&ancestorsdn), NULL, 0, NULL);
}
} else {
- slapi_send_ldap_result(pb, (LDAP_INVALID_DN_SYNTAX == err) ? LDAP_INVALID_DN_SYNTAX : LDAP_OPERATIONS_ERROR,
- (char *)slapi_sdn_get_dn(&ancestorsdn), NULL, 0, NULL);
+ return_err = (LDAP_INVALID_DN_SYNTAX == err) ? LDAP_INVALID_DN_SYNTAX : LDAP_OPERATIONS_ERROR;
+ slapi_set_ldap_result(pb, return_err, NULL, NULL, 0, NULL);
+ slapi_send_ldap_result(pb, return_err, (char *)slapi_sdn_get_dn(&ancestorsdn), NULL, 0, NULL);
}
if (rc) {
*rc = FE_RC_SENT_RESULT;
@@ -265,13 +277,15 @@ find_entry_internal_uniqueid(
backend *be,
const char *uniqueid,
int lock,
- back_txn *txn)
+ back_txn *txn,
+ int *rc)
{
ldbm_instance *inst = (ldbm_instance *)be->be_instance_info;
struct backentry *e;
int err;
size_t tries = 0;
int reverted_entry = 0;
+ int return_err = 0;
while ((tries < LDBM_CACHE_RETRY_COUNT) &&
(e = uniqueid2entry(be, uniqueid, txn, &err)) != NULL) {
@@ -307,12 +321,20 @@ find_entry_internal_uniqueid(
}
if (reverted_entry) {
+ slapi_set_ldap_result(pb, LDAP_BUSY, NULL, NULL, 0, NULL);
slapi_send_ldap_result(pb, LDAP_BUSY, NULL, "target entry busy because of a canceled operation", 0, NULL);
+ if (rc) {
+ *rc = FE_RC_SENT_RESULT; /* Result is sent */
+ }
return (NULL);
} else {
/* entry not found */
- slapi_send_ldap_result(pb, (0 == err || DBI_RC_NOTFOUND == err) ? LDAP_NO_SUCH_OBJECT : LDAP_OPERATIONS_ERROR, NULL /* matched */, NULL,
- 0, NULL);
+ return_err = (0 == err || DBI_RC_NOTFOUND == err) ? LDAP_NO_SUCH_OBJECT : LDAP_OPERATIONS_ERROR;
+ slapi_set_ldap_result(pb, return_err, NULL, NULL, 0, NULL);
+ slapi_send_ldap_result(pb, return_err, NULL /* matched */, NULL, 0, NULL);
+ if (rc) {
+ *rc = FE_RC_SENT_RESULT; /* Result is sent */
+ }
}
slapi_log_err(SLAPI_LOG_TRACE,
"find_entry_internal_uniqueid", "<= not found; uniqueid = (%s)\n",
@@ -334,7 +356,7 @@ find_entry_internal(
if (addr->uniqueid != NULL) {
slapi_log_err(SLAPI_LOG_TRACE, "find_entry_internal", "=> (uniqueid=%s) lock %d\n",
addr->uniqueid, lock);
- return (find_entry_internal_uniqueid(pb, be, addr->uniqueid, lock, txn));
+ return (find_entry_internal_uniqueid(pb, be, addr->uniqueid, lock, txn, rc));
} else {
struct backentry *entry = NULL;
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_add.c b/ldap/servers/slapd/back-ldbm/ldbm_add.c
index 4a5ed025ee..6a41740524 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_add.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_add.c
@@ -435,6 +435,8 @@ ldbm_back_add(Slapi_PBlock *pb)
slapi_log_err(SLAPI_LOG_BACKLDBM, "ldbm_back_add",
"find_entry2modify_only returned NULL parententry pdn: %s, uniqueid: %s\n",
slapi_sdn_get_dn(&parentsdn), addr.uniqueid ? addr.uniqueid : "none");
+ slapi_pblock_get(pb, SLAPI_RESULT_CODE, &ldap_result_code);
+ goto error_return;
}
modify_init(&parent_modify_c, parententry);
}
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modify.c b/ldap/servers/slapd/back-ldbm/ldbm_modify.c
index 6c90389f5a..ea49a4c567 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_modify.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_modify.c
@@ -177,6 +177,12 @@ modify_update_all(backend *be, Slapi_PBlock *pb, modify_context *mc, back_txn *t
slapi_pblock_get(pb, SLAPI_OPERATION, &operation);
is_ruv = operation_is_flag_set(operation, OP_FLAG_REPL_RUV);
}
+ if (NULL == mc->new_entry) {
+ /* test entry to avoid crashing in id2entry_add_ext */
+ slapi_log_err(SLAPI_LOG_BACKLDBM, "modify_update_all",
+ "No entry in modify_context ==> operation is aborted.\n");
+ return -1;
+ }
/*
* Update the ID to Entry index.
* Note that id2entry_add replaces the entry, so the Entry ID stays the same.
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
index 78d01fa4e0..066f53ad67 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
@@ -485,8 +485,8 @@ ldbm_back_modrdn(Slapi_PBlock *pb)
slapi_pblock_get(pb, SLAPI_TARGET_ADDRESS, &old_addr);
e = find_entry2modify(pb, be, old_addr, &txn, &result_sent);
if (e == NULL) {
- ldap_result_code = -1;
- goto error_return; /* error result sent by find_entry2modify() */
+ slapi_pblock_get(pb, SLAPI_RESULT_CODE, &ldap_result_code);
+ goto error_return; /* error result set and sent by find_entry2modify() */
}
if (slapi_entry_flag_is_set(e->ep_entry, SLAPI_ENTRY_FLAG_TOMBSTONE) &&
!is_resurect_operation) {
@@ -518,6 +518,11 @@ ldbm_back_modrdn(Slapi_PBlock *pb)
oldparent_addr.uniqueid = NULL;
}
parententry = find_entry2modify_only(pb, be, &oldparent_addr, &txn, &result_sent);
+ if (parententry == NULL) {
+ slapi_pblock_get(pb, SLAPI_RESULT_CODE, &ldap_result_code);
+ goto error_return; /* error result set and sent by find_entry2modify() */
+ }
+
modify_init(&parent_modify_context, parententry);
/* Fetch and lock the new parent of the entry that is moving */
@@ -528,6 +533,10 @@ ldbm_back_modrdn(Slapi_PBlock *pb)
}
newparententry = find_entry2modify_only(pb, be, newsuperior_addr, &txn, &result_sent);
slapi_ch_free_string(&newsuperior_addr->uniqueid);
+ if (newparententry == NULL) {
+ slapi_pblock_get(pb, SLAPI_RESULT_CODE, &ldap_result_code);
+ goto error_return; /* error result set and sent by find_entry2modify() */
+ }
modify_init(&newparent_modify_context, newparententry);
}

36
CVE-2025-24898.patch
View File

File diff suppressed because one or more lines are too long

11
fix-dsidm-role-subtree-status-fails-with-TypeError.patch
View File

@ -1,11 +0,0 @@
--- 389-ds-base-3.1.1/src/lib389/lib389/cli_idm/role.py 2024-11-26 14:12:42.805280521 +0800
+++ 389-ds-base-3.1.1/src/lib389/lib389/cli_idm/role.py 2024-11-26 14:13:08.157340335 +0800
@@ -109,7 +109,7 @@
filter = ""
scope = ldap.SCOPE_SUBTREE
- role_list = Roles(inst, basedn).filter(filter, scope)
+ role_list = Roles(inst, basedn).filter(filter, scope=scope)
if not role_list:
raise ValueError(f"No entries were found under {basedn} or the user doesn't have an access")

47
remove-where-cockpit_present-is-called.patch
View File

@ -1,47 +0,0 @@
From d1f5ab91be74f0c599e619d2ffbf5aa59d389e7c Mon Sep 17 00:00:00 2001
From: cherry530 <707078654@qq.com>
Date: Mon, 25 Nov 2024 15:38:27 +0800
Subject: [PATCH] Remove where cockpit_present is called
Signed-off-by: cherry530 <707078654@qq.com>
---
src/lib389/lib389/cli_ctl/cockpit.py | 9 ---------
1 file changed, 9 deletions(-)
diff --git a/src/lib389/lib389/cli_ctl/cockpit.py b/src/lib389/lib389/cli_ctl/cockpit.py
index afc7247..13a3eae 100644
--- a/src/lib389/lib389/cli_ctl/cockpit.py
+++ b/src/lib389/lib389/cli_ctl/cockpit.py
@@ -27,9 +27,6 @@ def open_firewall(inst, log, args):
"""
Open the firewall for Cockpit service
"""
- if not cockpit_present():
- raise ValueError("The 'cockpit' package is not installed on this system")
-
OPEN_CMD = ['sudo', 'firewall-cmd', '--add-service=cockpit', '--permanent']
if args.zone is not None:
OPEN_CMD.append(f' --zone={args.zone}')
@@ -43,9 +40,6 @@ def disable_cockpit(inst, log, args):
"""
Disable Cockpit socket
"""
- if not cockpit_present():
- raise ValueError("The 'cockpit' package is not installed on this system")
-
DISABLE_CMD = ['sudo', 'systemctl', 'disable', '--now', 'cockpit.socket']
try:
subprocess.run(DISABLE_CMD)
@@ -57,9 +51,6 @@ def close_firewall(inst, log, args):
"""
Close firewall for Cockpit service
"""
- if not cockpit_present():
- raise ValueError("The 'cockpit' package is not installed on this system")
-
CLOSE_CMD = ['sudo', 'firewall-cmd', '--remove-service=cockpit', '--permanent']
try:
subprocess.run(CLOSE_CMD)
--
2.43.0