diff --git a/backport-ITS-10016-slapo-syncprov-fix-Abandon-with-active-qtask.patch b/backport-ITS-10016-slapo-syncprov-fix-Abandon-with-active-qtask.patch new file mode 100644 index 0000000000000000000000000000000000000000..c1af1a36d63676ad0af7cc96af24df5aa87a63c5 --- /dev/null +++ b/backport-ITS-10016-slapo-syncprov-fix-Abandon-with-active-qtask.patch @@ -0,0 +1,124 @@ +From 5f934c8c457ffe906c844ab2313943ae9b66bc46 Mon Sep 17 00:00:00 2001 +From: Howard Chu +Date: Mon, 27 Feb 2023 15:01:23 +0000 +Subject: [PATCH] ITS#10016: slapo-syncprov: fix Abandon with active qtask + +--- + servers/slapd/overlays/syncprov.c | 42 ++++++++++++++++++++++++++----- + 1 file changed, 36 insertions(+), 6 deletions(-) + +diff --git a/servers/slapd/overlays/syncprov.c b/servers/slapd/overlays/syncprov.c +index f62d6c63ea..44a6181410 100644 +--- a/servers/slapd/overlays/syncprov.c ++++ b/servers/slapd/overlays/syncprov.c +@@ -871,6 +871,11 @@ static void free_resinfo( syncres *sr ) + + #define FS_UNLINK 1 + #define FS_LOCK 2 ++#define FS_DEFER 4 ++ ++#define FSR_NOTFREE 0 ++#define FSR_DIDFREE 1 ++#define FSR_CANFREE 2 + + static int + syncprov_free_syncop( syncops *so, int flags ) +@@ -881,12 +886,19 @@ syncprov_free_syncop( syncops *so, int flags ) + if ( flags & FS_LOCK ) + ldap_pvt_thread_mutex_lock( &so->s_mutex ); + /* already being freed, or still in use */ +- if ( !so->s_inuse || --so->s_inuse > 0 ) { ++ if ( !so->s_inuse || so->s_inuse > 1 ) { + if ( flags & FS_LOCK ) + ldap_pvt_thread_mutex_unlock( &so->s_mutex ); +- return 0; ++ if ( !( flags & FS_DEFER ) && so->s_inuse ) ++ so->s_inuse--; ++ return FSR_NOTFREE; + } + ldap_pvt_thread_mutex_unlock( &so->s_mutex ); ++ ++ /* caller wants to cleanup other stuff before actual free */ ++ if ( flags & FS_DEFER ) ++ return FSR_CANFREE; ++ + if (( flags & FS_UNLINK ) && so->s_si ) { + syncops **sop; + ldap_pvt_thread_mutex_lock( &so->s_si->si_ops_mutex ); +@@ -914,7 +926,7 @@ syncprov_free_syncop( syncops *so, int flags ) + } + ldap_pvt_thread_mutex_destroy( &so->s_mutex ); + ch_free( so ); +- return 1; ++ return FSR_DIDFREE; + } + + /* Send a persistent search response */ +@@ -1029,6 +1041,9 @@ syncprov_qplay( Operation *op, syncops *so ) + } else { + rc = syncprov_sendresp( op, sr->s_info, so, sr->s_mode ); + } ++ } else { ++ /* set rc so we don't do a new qstart */ ++ rc = 1; + } + + free_resinfo( sr ); +@@ -1055,6 +1070,9 @@ syncprov_qplay( Operation *op, syncops *so ) + return rc; + } + ++static int ++syncprov_drop_psearch( syncops *so, int lock ); ++ + /* task for playing back queued responses */ + static void * + syncprov_qtask( void *ctx, void *arg ) +@@ -1063,7 +1081,7 @@ syncprov_qtask( void *ctx, void *arg ) + OperationBuffer opbuf; + Operation *op; + BackendDB be; +- int rc; ++ int rc, flag, frc; + + op = &opbuf.ob_op; + *op = *so->s_op; +@@ -1092,14 +1110,24 @@ syncprov_qtask( void *ctx, void *arg ) + if ( !rc && !so->s_res ) + rc = 1; + ++ flag = FS_UNLINK; ++ if ( rc && op->o_abandon ) ++ flag = FS_DEFER; ++ + /* decrement use count... */ +- if ( !syncprov_free_syncop( so, FS_UNLINK )) { ++ frc = syncprov_free_syncop( so, flag ); ++ if ( frc == FSR_NOTFREE ) { + if ( rc ) + /* if we didn't unlink, and task is no longer queued, clear flag */ + so->s_flags ^= PS_TASK_QUEUED; + ldap_pvt_thread_mutex_unlock( &so->s_mutex ); + } + ++ /* if we got abandoned while processing, cleanup now */ ++ if ( frc == FSR_CANFREE ) { ++ syncprov_drop_psearch( so, 1 ); ++ } ++ + return NULL; + } + +@@ -1274,7 +1302,9 @@ syncprov_op_abandon( Operation *op, SlapReply *rs ) + return SLAP_CB_CONTINUE; + } + } +- syncprov_drop_psearch( so, 0 ); ++ /* if task is active, it must drop itself */ ++ if ( !( so->s_flags & PS_TASK_QUEUED )) ++ syncprov_drop_psearch( so, 0 ); + } + return SLAP_CB_CONTINUE; + } +-- +GitLab diff --git a/backport-ITS-10028-crash-with-pwdMinDelay.patch b/backport-ITS-10028-crash-with-pwdMinDelay.patch new file mode 100644 index 0000000000000000000000000000000000000000..90587704dcd2286d33c3a4f8a8e47f882ad7200c --- /dev/null +++ b/backport-ITS-10028-crash-with-pwdMinDelay.patch @@ -0,0 +1,27 @@ +From 0e409f49ec9a83d7259f9a671e85125d4d724144 Mon Sep 17 00:00:00 2001 +From: HAMANO Tsukasa +Date: Fri, 24 Mar 2023 11:24:15 +0900 +Subject: [PATCH] ITS#10028 - crash with pwdMinDelay + +--- + servers/slapd/overlays/ppolicy.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c +index 0271dde6a7..d4032cc7d3 100644 +--- a/servers/slapd/overlays/ppolicy.c ++++ b/servers/slapd/overlays/ppolicy.c +@@ -1868,7 +1868,8 @@ ppolicy_bind_response( Operation *op, SlapReply *rs ) + } else if ( ppb->pp.pwdMinDelay ) { + int waittime = ppb->pp.pwdMinDelay << fc; + time_t wait_end; +- struct berval lockout_stamp; ++ char lockout_stamp_buf[ LDAP_LUTIL_GENTIME_BUFSIZE ]; ++ struct berval lockout_stamp = BER_BVC(lockout_stamp_buf); + + if ( waittime > ppb->pp.pwdMaxDelay ) { + waittime = ppb->pp.pwdMaxDelay; +-- +GitLab + + diff --git a/backport-ITS-10035-Fix-setting-TLSv1.3-ciphersuite.patch b/backport-ITS-10035-Fix-setting-TLSv1.3-ciphersuite.patch new file mode 100644 index 0000000000000000000000000000000000000000..1a992246d23bfe13036339fc6afad7d51a86c516 --- /dev/null +++ b/backport-ITS-10035-Fix-setting-TLSv1.3-ciphersuite.patch @@ -0,0 +1,24 @@ +From 818e2a5455bac1db029124b5aabc8b03415f917b Mon Sep 17 00:00:00 2001 +From: Ian Puleston +Date: Thu, 30 Mar 2023 13:04:50 -0700 +Subject: [PATCH] ITS#10035 Fix setting TLSv1.3 ciphersuite + +--- + libraries/libldap/tls_o.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libraries/libldap/tls_o.c b/libraries/libldap/tls_o.c +index 0a74ffa7f9..8f1d84efa1 100644 +--- a/libraries/libldap/tls_o.c ++++ b/libraries/libldap/tls_o.c +@@ -335,7 +335,7 @@ tlso_ctx_cipher13( tlso_ctx *ctx, char *suites ) + if ( !strncmp( ver, "TLSv", 4 ) && strncmp( ver+4, "1.3", 3 ) >= 0 ) { + if ( tls13_suites[0] ) + ts = tlso_stecpy( ts, ":", te ); +- ts = tlso_stecpy( ts, sname, te ); ++ ts = tlso_stecpy( ts, nptr, te ); + } + } + } +-- +GitLab diff --git a/backport-ITS-10091-Do-not-allow-dynlist-being-configured-as-global.patch b/backport-ITS-10091-Do-not-allow-dynlist-being-configured-as-global.patch new file mode 100644 index 0000000000000000000000000000000000000000..1d4a8623d0d90256e03758a225ed303572cf56a1 --- /dev/null +++ b/backport-ITS-10091-Do-not-allow-dynlist-being-configured-as-global.patch @@ -0,0 +1,28 @@ +From 02975a3dc769d0ffa60b07d91f5903bd719a6c9a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= +Date: Tue, 15 Aug 2023 13:07:46 +0100 +Subject: [PATCH] ITS#10091 Do not allow dynlist being configured as global + +--- + servers/slapd/overlays/dynlist.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/servers/slapd/overlays/dynlist.c b/servers/slapd/overlays/dynlist.c +index 10cacf9798..b552353a7d 100644 +--- a/servers/slapd/overlays/dynlist.c ++++ b/servers/slapd/overlays/dynlist.c +@@ -2740,6 +2740,11 @@ dynlist_db_init( + slap_overinst *on = (slap_overinst *)be->bd_info; + dynlist_gen_t *dlg; + ++ if ( SLAP_ISGLOBALOVERLAY( be ) ) { ++ Debug( LDAP_DEBUG_ANY, "dynlist cannot be used as global overlay.\n" ); ++ return 1; ++ } ++ + dlg = (dynlist_gen_t *)ch_malloc( sizeof( *dlg )); + on->on_bi.bi_private = dlg; + dlg->dlg_dli = NULL; +-- +GitLab + diff --git a/backport-ITS-7226-Make-olcAuditlogFile-SINGLE-VALUE.patch b/backport-ITS-7226-Make-olcAuditlogFile-SINGLE-VALUE.patch new file mode 100644 index 0000000000000000000000000000000000000000..e6cb29be802dce0607185899210d232652a5f338 --- /dev/null +++ b/backport-ITS-7226-Make-olcAuditlogFile-SINGLE-VALUE.patch @@ -0,0 +1,25 @@ +From 242d1e6d623dbb2ac0295ae17a54a674b1b356cd Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= +Date: Mon, 21 Aug 2023 12:19:16 +0100 +Subject: [PATCH] ITS#7226 Make olcAuditlogFile SINGLE-VALUE + +--- + servers/slapd/overlays/auditlog.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/servers/slapd/overlays/auditlog.c b/servers/slapd/overlays/auditlog.c +index 9292d4aa8b..43a5c15a41 100644 +--- a/servers/slapd/overlays/auditlog.c ++++ b/servers/slapd/overlays/auditlog.c +@@ -44,7 +44,7 @@ static ConfigTable auditlogcfg[] = { + "( OLcfgOvAt:15.1 NAME 'olcAuditlogFile' " + "DESC 'Filename for auditlogging' " + "EQUALITY caseExactMatch " +- "SYNTAX OMsDirectoryString )", NULL, NULL }, ++ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL }, + { NULL, NULL, 0, 0, 0, ARG_IGNORED } + }; + +-- +GitLab + diff --git a/openldap.spec b/openldap.spec index 1d6796ee51818d5e3332b7e822b251621f402850..77efc5183e6c1a38ac0e911b7004aea4c9e04a0d 100644 --- a/openldap.spec +++ b/openldap.spec @@ -2,7 +2,7 @@ Name: openldap Version: 2.6.0 -Release: 7 +Release: 8 Summary: LDAP support libraries License: Open LDAP Public License v2.8 URL: https://www.openldap.org/ @@ -67,6 +67,12 @@ Patch6036: backport-ITS-9898-tests-fix-slapd-addel-non-std-syntax.patch Patch6037: backport-ITS-9904-ldif_open_url-check-for-ber_strdup-failure.patch Patch6038: backport-ITS-9904-check-for-strdup-failure.patch +Patch6039: backport-ITS-10016-slapo-syncprov-fix-Abandon-with-active-qtask.patch +Patch6040: backport-ITS-10028-crash-with-pwdMinDelay.patch +Patch6041: backport-ITS-10035-Fix-setting-TLSv1.3-ciphersuite.patch +Patch6042: backport-ITS-7226-Make-olcAuditlogFile-SINGLE-VALUE.patch +Patch6043: backport-ITS-10091-Do-not-allow-dynlist-being-configured-as-global.patch + BuildRequires: cyrus-sasl-devel openssl-devel krb5-devel unixODBC-devel BuildRequires: glibc-devel libtool libtool-ltdl-devel groff perl-interpreter perl-devel perl-generators perl-ExtUtils-Embed @@ -181,6 +187,11 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi %patch6036 -p1 %patch6037 -p1 %patch6038 -p1 +%patch6039 -p1 +%patch6040 -p1 +%patch6041 -p1 +%patch6042 -p1 +%patch6043 -p1 ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays mv contrib/slapd-modules/smbk5pwd/README contrib/slapd-modules/smbk5pwd/README.smbk5pwd @@ -467,6 +478,12 @@ popd %doc ltb-project-openldap-ppolicy-check-password-1.1/README.check_pwd %changelog +* Wed Jan 10 2024 liubo - 2.6.0-8 +- Type:bugfix +- ID:NA +- SUG:restart +- DESC:backport patch + * Mon Jul 24 2023 sunhai - 2.6.0-7 - Type:bugfix - ID:NA