packages/three-eight-nine-ds-base
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update to 1.4.3.20 for fix CVE-2020-35518

Browse Source 
(cherry picked from commit 04409bb59548a897e30717ba0f7ea733ecd3befa)
This commit is contained in:
wk333 2022-03-17 15:51:41 +08:00 committed by openeuler-sync-bot
parent 992d8afdda
commit bd7d237ce6
7 changed files with 40 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
0000-fix-compilation-failed.patch
View File

@ -1,35 +0,0 @@
diff -Nur a/ldap/servers/plugins/acl/acl.h b/ldap/servers/plugins/acl/acl.h
--- a/ldap/servers/plugins/acl/acl.h 2019-10-19 01:12:19.000000000 +0800
+++ b/ldap/servers/plugins/acl/acl.h 2021-08-04 16:43:24.182937500 +0800
@@ -311,8 +311,8 @@
#define ATTR_ACLPB_MAX_SELECTED_ACLS "nsslapd-aclpb-max-selected-acls"
#define DEFAULT_ACLPB_MAX_SELECTED_ACLS 200
-int aclpb_max_selected_acls; /* initialized from plugin config entry */
-int aclpb_max_cache_results; /* initialized from plugin config entry */
+extern int aclpb_max_selected_acls; /* initialized from plugin config entry */
+extern int aclpb_max_cache_results; /* initialized from plugin config entry */
typedef struct result_cache
{
diff -Nur a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h
--- a/ldap/servers/slapd/slap.h 2019-11-14 09:00:40.000000000 +0800
+++ b/ldap/servers/slapd/slap.h 2021-08-04 15:57:03.260828000 +0800
@@ -937,7 +937,7 @@
void **elements; /* array of elements */
int element_count; /* number of elements in the array */
int alloc_count; /* number of allocated nodes in the array */
-} datalist;
+};
/* data available to plugins */
typedef struct target_data
@@ -1739,7 +1739,7 @@
int task_refcount;
void *origin_plugin; /* If this is a plugin create task, store the plugin object */
PRLock *task_log_lock; /* To protect task_log to be realloced if it's in use */
-} slapi_task;
+};
/* End of interface to support online tasks **********************************/
/*

BIN
389-ds-base-1.4.0.31.tar.bz2
View File

Binary file not shown.

BIN
389-ds-base-1.4.3.20.tar.bz2 Normal file
View File

Binary file not shown.

53
389-ds-base.spec
View File

@ -5,19 +5,19 @@ ExcludeArch: i686
Name: 389-ds-base
Summary: Base 389 Directory Server
Version: 1.4.0.31
Release: 6
Version: 1.4.3.20
Release: 1
License: GPLv3+
URL: https://www.port389.org
Source0: https://releases.pagure.org/389-ds-base/389-ds-base-%{version}.tar.bz2
Source1: 389-ds-base-git.sh
Source2: 389-ds-base-devel.README
Source3: https://github.com/jemalloc/jemalloc/releases/download/5.2.0/jemalloc-5.2.0.tar.bz2
Source3: https://github.com/jemalloc/jemalloc/releases/download/5.2.1/jemalloc-5.2.1.tar.bz2
Patch0: 0000-fix-compilation-failed.patch
Patch1: CVE-2021-3652.patch
Patch2: CVE-2021-3514.patch
Patch3: Fix-attributeError-type-object-build_manpages.patch
Patch0: CVE-2021-3652.patch
Patch1: CVE-2021-3514.patch
# https://github.com/389ds/389-ds-base/commit/5a18aeb49c357a16c138d37a8251d73d8ed35319
Patch2: Fix-attributeError-type-object-build_manpages.patch
BuildRequires: nspr-devel nss-devel >= 3.34 perl-generators openldap-devel libdb-devel cyrus-sasl-devel icu
BuildRequires: libicu-devel pcre-devel cracklib-devel gcc-c++ net-snmp-devel lm_sensors-devel bzip2-devel
@ -34,7 +34,7 @@ Requires: python%{python3_pkgversion}-lib389 = %{version}-%{release}
Requires: policycoreutils-python-utils /usr/sbin/semanage libsemanage-python%{python3_pkgversion}
Requires: selinux-policy >= 3.14.1-29 openldap-clients openssl-perl python%{python3_pkgversion}-ldap
Requires: nss-tools nss >= 3.34 krb5-libs libevent cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plain
Requires: libdb-utils perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
Requires: libdb-utils
Requires: perl-Errno >= 1.23-360 perl-DB_File perl-Archive-Tar cracklib-dicts
%{?systemd_requires}
@ -52,6 +52,9 @@ Summary: Legacy utilities for 389 Directory Server
Obsoletes: 389-ds-base <= 1.4.0.9
Requires: 389-ds-base = %{version}-%{release} perl-Socket perl-NetAddr-IP
Requires: perl-Mozilla-LDAP bind-utils
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
%global __provides_exclude_from %{_libdir}/dirsrv/perl
%global __requires_exclude perl\\((DSCreate|DSMigration|DSUpdate|DSUtil|Dialog|DialogManager|FileConn|Inf|Migration|Resource|Setup|SetupLog)
%{?perl_default_filter}
%description legacy-tools
@ -117,8 +120,9 @@ OPENLDAP_FLAG="--with-openldap"
%{?with_tmpfiles_d: TMPFILES_FLAG="--with-tmpfiles-d=%{with_tmpfiles_d}"}
NSSARGS="--with-nss-lib=%{_libdir} --with-nss-inc=%{_includedir}/nss3"
cd ../jemalloc-5.2.0
%configure --libdir=%{_libdir}/dirsrv/lib --bindir=%{_libdir}/dirsrv/bin
LEGACY_FLAGS="--enable-legacy --enable-perl"
cd ../jemalloc-5.2.1
%configure --libdir=%{_libdir}/dirsrv/lib --bindir=%{_libdir}/dirsrv/bin --enable-prof
%make_build
cd -
@ -128,7 +132,7 @@ autoreconf -fiv
--with-systemdsystemunitdir=%{_unitdir} \
--with-systemdsystemconfdir=%{_sysconfdir}/systemd/system \
--with-systemdgroupname=dirsrv.target --libexecdir=%{_libexecdir}/dirsrv \
$NSSARGS $ASAN_FLAGS $RUST_FLAGS $PERL_FLAGS $CLANG_FLAGS --enable-cmocka
$NSSARGS $ASAN_FLAGS $RUST_FLAGS $PERL_FLAGS $CLANG_FLAGS $LEGACY_FLAGS --enable-cmocka --enable-perl
cd ./src/lib389
%py3_build
@ -162,7 +166,7 @@ install -d $RPM_BUILD_ROOT%{_sysconfdir}/systemd/system/dirsrv.target.wants
sed -i -e 's|#{{PERL-EXEC}}|#!/usr/bin/perl|' $RPM_BUILD_ROOT%{_datadir}/dirsrv/script-templates/template-*.pl
cd ../jemalloc-5.2.0
cd ../jemalloc-5.2.1
make DESTDIR="$RPM_BUILD_ROOT" install_lib install_bin
cp -pa COPYING ../389-ds-base-%{version}/COPYING.jemalloc
cp -pa README ../389-ds-base-%{version}/README.jemalloc
@ -290,9 +294,11 @@ done
exit 0
%files
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl COPYING.jemalloc
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.jemalloc
%license COPYING.jemalloc
%{_libdir}/libsvrcore.so.*
%{_libdir}/dirsrv/{libslapd.so.*,libns-dshttpd-*.so,libnunc-stans.so.*,libsds.so.*,libldaputil.so.*}
%{_libdir}/dirsrv/{libslapd.so.*,libns-dshttpd-*.so,libsds.so.*,libldaputil.so.*,librewriters.so*}
%{_libdir}/dirsrv/lib/libjemalloc.so.2
%dir %{_sysconfdir}/dirsrv
%dir %{_sysconfdir}/dirsrv/schema
%config(noreplace)%{_sysconfdir}/dirsrv/schema/*.ldif
@ -300,14 +306,10 @@ exit 0
%dir %{_sysconfdir}/systemd/system/dirsrv.target.wants
%config(noreplace)%{_sysconfdir}/dirsrv/config/{slapd-collations.conf,certmap.conf,template-initconfig}
%{_datadir}/dirsrv
%exclude %{_datadir}/dirsrv/script-templates
%exclude %{_datadir}/dirsrv/updates
%exclude %{_datadir}/dirsrv/properties/*.res
%{_datadir}/gdb/auto-load/*
%{_unitdir}
%{_bindir}/{dbscan,ds-replcheck,ds-logpipe.py,ldclt,logconv.pl,pwdhash,readnsstate}
%{_sbindir}/{ldif2ldap,ns-slapd,bak2db,db2bak,db2index,db2ldif,dbverify,ldif2db,restart-dirsrv}
%{_sbindir}/{start-dirsrv,status-dirsrv,stop-dirsrv,upgradedb,vlvindex}
%{_sbindir}/ns-slapd
%{_libexecdir}/dirsrv/ds_systemd_ask_password_acl
%{_libdir}/dirsrv/python
%dir %{_libdir}/dirsrv/plugins
@ -329,12 +331,15 @@ exit 0
%{_includedir}/svrcore.h
%{_includedir}/dirsrv
%{_libdir}/libsvrcore.so
%{_libdir}/dirsrv/{libslapd.so,libns-dshttpd.so,libnunc-stans.so,libsds.so,libldaputil.so}
%{_libdir}/pkgconfig/{svrcore.pc,dirsrv.pc,libsds.pc,nunc-stans.pc}
%{_libdir}/dirsrv/{libslapd.so,libns-dshttpd.so,libsds.so,libldaputil.so}
%{_libdir}/pkgconfig/{svrcore.pc,dirsrv.pc,libsds.pc}
%files legacy-tools
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
%{_bindir}/{infadd,ldif,migratecred,mmldif,rsearch,repl-monitor,cl-dump}
%config(noreplace)%{_sysconfdir}/dirsrv/config/template-initconfig
%{_sbindir}/{ldif2ldap,bak2db,db2bak,db2index,db2ldif,dbverify,ldif2db,restart-dirsrv}
%{_sbindir}/{start-dirsrv,status-dirsrv,stop-dirsrv,upgradedb,vlvindex}
%{_sbindir}/{monitor,dbmon.sh,dn2rdn,restoreconfig,saveconfig,suffix2instance,upgradednformat}
%{_libexecdir}/dirsrv/{ds_selinux_enabled,ds_selinux_port_query}
%{_datadir}/dirsrv/properties/*.res
@ -354,6 +359,7 @@ exit 0
%doc LICENSE LICENSE.GPLv3+
%{python3_sitelib}/lib389*
%{_sbindir}/{dsconf,dscreate,dsctl,dsidm}
%{_libexecdir}/dirsrv/dscontainer
%files -n cockpit-389-ds -f cockpit.list
%{_datarootdir}/metainfo/389-console/org.port389.cockpit_console.metainfo.xml
@ -363,6 +369,9 @@ exit 0
%{_mandir}/*/*
%changelog
* Tue Mar 15 2022 wangkai <wangkai385@huawei.com> - 1.4.3.20-1
- Update to 1.4.3.20 for fix CVE-2020-35518
* Tue Feb 15 2022 xu_ping<xuping33@huawei.com> - 1.4.0.31-6
- Fix attributeError

15
Fix-attributeError-type-object-build_manpages.patch
View File

@ -1,4 +1,4 @@
From 7cee0c3184f948ff76a907cac007afc7a303169e Mon Sep 17 00:00:00 2001
From 5a18aeb49c357a16c138d37a8251d73d8ed35319 Mon Sep 17 00:00:00 2001
From: Viktor Ashirov <vashirov@redhat.com>
Date: Tue, 18 Jan 2022 13:24:53 +0100
Subject: [PATCH] Issue 5115 - AttributeError: type object 'build_manpages'
@ -18,11 +18,11 @@ Fixes: https://github.com/389ds/389-ds-base/issues/5115
Reviewed by: @tbordaz, @mreynolds389 (Thanks!)
---
src/lib389/setup.py | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
src/lib389/setup.py | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/lib389/setup.py b/src/lib389/setup.py
index ce8b512..3f7947f 100644
index cadec25..5974d2c 100644
--- a/src/lib389/setup.py
+++ b/src/lib389/setup.py
@@ -14,7 +14,9 @@
@ -34,9 +34,9 @@ index ce8b512..3f7947f 100644
+if bm.__version__ < '2.1':
+ from build_manpages import build_manpages as bm
from setuptools.command.build_py import build_py
from setuptools.command.install import install
@@ -85,8 +87,8 @@ setup(
here = path.abspath(path.dirname(__file__))
@@ -89,8 +91,8 @@ setup(
cmdclass={
# Dynamically build man pages for cli tools
@ -47,3 +47,6 @@ index ce8b512..3f7947f 100644
}
)
--
2.27.0

BIN
jemalloc-5.2.0.tar.bz2
View File

Binary file not shown.

BIN
jemalloc-5.2.1.tar.bz2 Normal file
View File

Binary file not shown.