From 3c0f039e661b8ae3c62b69e6b1b077feb8f9257b Mon Sep 17 00:00:00 2001 From: tmacbb Date: Tue, 9 Jan 2024 19:59:54 +0800 Subject: [PATCH] backport upstream patch --- ...w-dynlist-being-configured-as-global.patch | 28 +++++++++++++++++++ ...26-Make-olcAuditlogFile-SINGLE-VALUE.patch | 25 +++++++++++++++++ openldap.spec | 14 ++++++++-- 3 files changed, 65 insertions(+), 2 deletions(-) create mode 100644 backport-ITS-10091-Do-not-allow-dynlist-being-configured-as-global.patch create mode 100644 backport-ITS-7226-Make-olcAuditlogFile-SINGLE-VALUE.patch diff --git a/backport-ITS-10091-Do-not-allow-dynlist-being-configured-as-global.patch b/backport-ITS-10091-Do-not-allow-dynlist-being-configured-as-global.patch new file mode 100644 index 0000000..1d4a862 --- /dev/null +++ b/backport-ITS-10091-Do-not-allow-dynlist-being-configured-as-global.patch @@ -0,0 +1,28 @@ +From 02975a3dc769d0ffa60b07d91f5903bd719a6c9a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= +Date: Tue, 15 Aug 2023 13:07:46 +0100 +Subject: [PATCH] ITS#10091 Do not allow dynlist being configured as global + +--- + servers/slapd/overlays/dynlist.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/servers/slapd/overlays/dynlist.c b/servers/slapd/overlays/dynlist.c +index 10cacf9798..b552353a7d 100644 +--- a/servers/slapd/overlays/dynlist.c ++++ b/servers/slapd/overlays/dynlist.c +@@ -2740,6 +2740,11 @@ dynlist_db_init( + slap_overinst *on = (slap_overinst *)be->bd_info; + dynlist_gen_t *dlg; + ++ if ( SLAP_ISGLOBALOVERLAY( be ) ) { ++ Debug( LDAP_DEBUG_ANY, "dynlist cannot be used as global overlay.\n" ); ++ return 1; ++ } ++ + dlg = (dynlist_gen_t *)ch_malloc( sizeof( *dlg )); + on->on_bi.bi_private = dlg; + dlg->dlg_dli = NULL; +-- +GitLab + diff --git a/backport-ITS-7226-Make-olcAuditlogFile-SINGLE-VALUE.patch b/backport-ITS-7226-Make-olcAuditlogFile-SINGLE-VALUE.patch new file mode 100644 index 0000000..e6cb29b --- /dev/null +++ b/backport-ITS-7226-Make-olcAuditlogFile-SINGLE-VALUE.patch @@ -0,0 +1,25 @@ +From 242d1e6d623dbb2ac0295ae17a54a674b1b356cd Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= +Date: Mon, 21 Aug 2023 12:19:16 +0100 +Subject: [PATCH] ITS#7226 Make olcAuditlogFile SINGLE-VALUE + +--- + servers/slapd/overlays/auditlog.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/servers/slapd/overlays/auditlog.c b/servers/slapd/overlays/auditlog.c +index 9292d4aa8b..43a5c15a41 100644 +--- a/servers/slapd/overlays/auditlog.c ++++ b/servers/slapd/overlays/auditlog.c +@@ -44,7 +44,7 @@ static ConfigTable auditlogcfg[] = { + "( OLcfgOvAt:15.1 NAME 'olcAuditlogFile' " + "DESC 'Filename for auditlogging' " + "EQUALITY caseExactMatch " +- "SYNTAX OMsDirectoryString )", NULL, NULL }, ++ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL }, + { NULL, NULL, 0, 0, 0, ARG_IGNORED } + }; + +-- +GitLab + diff --git a/openldap.spec b/openldap.spec index 4feef26..063d325 100644 --- a/openldap.spec +++ b/openldap.spec @@ -2,7 +2,7 @@ Name: openldap Version: 2.6.0 -Release: 6 +Release: 7 Summary: LDAP support libraries License: OpenLDAP URL: https://www.openldap.org/ @@ -69,7 +69,8 @@ Patch6038: backport-ITS-9904-check-for-strdup-failure.patch Patch6039: backport-ITS-10016-slapo-syncprov-fix-Abandon-with-active-qtask.patch Patch6040: backport-ITS-10028-crash-with-pwdMinDelay.patch Patch6041: backport-ITS-10035-Fix-setting-TLSv1.3-ciphersuite.patch - +Patch6042: backport-ITS-7226-Make-olcAuditlogFile-SINGLE-VALUE.patch +Patch6043: backport-ITS-10091-Do-not-allow-dynlist-being-configured-as-global.patch BuildRequires: cyrus-sasl-devel openssl-devel krb5-devel unixODBC-devel BuildRequires: glibc-devel libtool libtool-ltdl-devel groff perl-interpreter perl-devel perl-generators perl-ExtUtils-Embed @@ -187,6 +188,8 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi %patch6039 -p1 %patch6040 -p1 %patch6041 -p1 +%patch6042 -p1 +%patch6043 -p1 ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays mv contrib/slapd-modules/smbk5pwd/README contrib/slapd-modules/smbk5pwd/README.smbk5pwd @@ -468,6 +471,13 @@ popd %doc ltb-project-openldap-ppolicy-check-password-1.1/README.check_pwd %changelog +* Tue Jan 09 2024 liubo - 2.6.0-7 +- Type:bugfix +- CVE:NA +- SUG:restart +- DESC:ITS#10091 Do not allow dynlist being configured as global + ITS#7226 Make olcAuditlogFile SINGLE-VALUE + * Wed Aug 30 2023 zhujunhao - 2.6.0-6 - Type:bugfix - CVE:NA -- Gitee