diff --git a/389-ds-base.spec b/389-ds-base.spec index 5734bd8e1e8d9d35b3f901479c32350db7a128eb..6ce52a2edb3ae67f944a596877bf772eb2a58911 100644 --- a/389-ds-base.spec +++ b/389-ds-base.spec @@ -6,7 +6,7 @@ ExcludeArch: i686 Name: 389-ds-base Summary: Base 389 Directory Server Version: 1.4.3.36 -Release: 7 +Release: 8 License: GPLv3+ URL: https://www.port389.org Source0: https://github.com/389ds/389-ds-base/archive/refs/tags/389-ds-base-%{version}.tar.gz @@ -22,6 +22,10 @@ Patch4: CVE-2024-2199.patch Patch5: CVE-2024-3657.patch Patch6: CVE-2022-1949-Fix-ACI-bypass-in-shortcut-filter-condition.patch Patch7: CVE-2024-5953.patch +Patch8: remove-where-cockpit_present-is-called.patch +Patch9: fix-dsidm-role-subtree-status-fails-with-TypeError.patch +Patch10: fix-typo.patch +Patch11: backport-Issue-5142-CLI-dsctl-dbgen-is-broken.patch BuildRequires: nspr-devel nss-devel >= 3.34 perl-generators openldap-devel libdb-devel cyrus-sasl-devel icu BuildRequires: libicu-devel pcre-devel cracklib-devel gcc-c++ net-snmp-devel lm_sensors-devel bzip2-devel @@ -384,6 +388,12 @@ exit 0 %{_mandir}/*/* %changelog +* Wed Nov 27 2024 wangkai <13474090681@163.com> - 1.4.3.36-8 +- Fix dsidm role subtree-status fails with TypeError +- Fix name cockpit_present is not defined. +- Fix typo +- Fix DirSrv has no attribute userid + * Thu Sep 12 2024 wangkai <13474090681@163.com> - 1.4.3.36-7 - Fix CVE-2022-1949,CVE-2024-5953 diff --git a/backport-Issue-5142-CLI-dsctl-dbgen-is-broken.patch b/backport-Issue-5142-CLI-dsctl-dbgen-is-broken.patch new file mode 100644 index 0000000000000000000000000000000000000000..a3b0be553a93e0628fad6b8b256ef5171e3054fb --- /dev/null +++ b/backport-Issue-5142-CLI-dsctl-dbgen-is-broken.patch @@ -0,0 +1,40 @@ +From ba7ad9a4f7d1509fa201d39099af342bbaf67aaf Mon Sep 17 00:00:00 2001 +From: Mark Reynolds +Date: Thu, 3 Feb 2022 16:06:07 -0500 +Subject: [PATCH] Issue 5142 - CLI - dsctl dbgen is broken + +Description: + +Changes to dsctl broke dbgen which requires instance.userid to +set the permissions of the ldif file. It occurred when we added: +local_simple_allocate(). The fix is add userid in this allocate +function. + +relates: https://github.com/389ds/389-ds-base/issues/5142 + +Reviewed by: progier(Thanks!) +--- + src/lib389/lib389/__init__.py | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/lib389/lib389/__init__.py b/src/lib389/lib389/__init__.py +index 78430d720e..b8ca7685f5 100644 +--- a/src/lib389/lib389/__init__.py ++++ b/src/lib389/lib389/__init__.py +@@ -446,6 +446,7 @@ def local_simple_allocate(self, serverid, ldapuri=None, binddn='cn=Directory Man + self.isLocal = True + self.ds_paths = Paths(serverid, instance=self, local=self.isLocal) + self.serverid = serverid ++ self.userid = self.ds_paths.user + + # Do we have ldapi settings? + self.ldapi_enabled = None +@@ -547,7 +548,7 @@ def allocate(self, args): + self.host = ldapuri_parsed.hostname + try: + self.port = ldapuri_parsed.port +- except ValueError as e: ++ except ValueError: + self.port = DEFAULT_PORT + else: + self.host = args.get(SER_HOST, socket.gethostname()) diff --git a/fix-dsidm-role-subtree-status-fails-with-TypeError.patch b/fix-dsidm-role-subtree-status-fails-with-TypeError.patch new file mode 100644 index 0000000000000000000000000000000000000000..9e94d9c34d082cb92c85773be8f7feade9962b09 --- /dev/null +++ b/fix-dsidm-role-subtree-status-fails-with-TypeError.patch @@ -0,0 +1,11 @@ +--- 389-ds-base-3.1.1/src/lib389/lib389/cli_idm/role.py 2024-11-26 14:12:42.805280521 +0800 ++++ 389-ds-base-3.1.1/src/lib389/lib389/cli_idm/role.py 2024-11-26 14:13:08.157340335 +0800 +@@ -109,7 +109,7 @@ + filter = "" + scope = ldap.SCOPE_SUBTREE + +- role_list = Roles(inst, basedn).filter(filter, scope) ++ role_list = Roles(inst, basedn).filter(filter, scope=scope) + if not role_list: + raise ValueError(f"No entries were found under {basedn} or the user doesn't have an access") + diff --git a/fix-typo.patch b/fix-typo.patch new file mode 100644 index 0000000000000000000000000000000000000000..ff4dfb8e98a593a511a98c9a7ce650ca2818cefd --- /dev/null +++ b/fix-typo.patch @@ -0,0 +1,38 @@ +diff --git a/src/lib389/lib389/cli_conf/backend.py b/src/lib389/lib389/cli_conf/backend.py +index 5bcc098..1a02e20 100644 +--- a/src/lib389/lib389/cli_conf/backend.py ++++ b/src/lib389/lib389/cli_conf/backend.py +@@ -217,7 +217,7 @@ def backend_create(inst, basedn, log, args): + # Unsupported rdn + raise ValueError("Suffix RDN is not supported for creating suffix object. Only 'dc', 'o', 'ou', and 'cn' are supported.") + +- log.info("The database was sucessfully created") ++ log.info("The database was successfully created") + + + def _recursively_del_backends(be): +@@ -244,7 +244,7 @@ def backend_delete(inst, basedn, log, args, warn=True): + _recursively_del_backends(be) + be.delete() + +- log.info("The database, and any sub-suffixes, were sucessfully deleted") ++ log.info("The database, and any sub-suffixes, were successfully deleted") + + + def backend_import(inst, basedn, log, args): +diff --git a/src/lib389/lib389/config.py b/src/lib389/lib389/config.py +index 00d3846..91b1cf5 100644 +--- a/src/lib389/lib389/config.py ++++ b/src/lib389/lib389/config.py +@@ -291,7 +291,7 @@ class Encryption(DSLdapObject): + :type ciphers: list of str + """ + self.set('nsSSL3Ciphers', ','.join(ciphers)) +- self._log.info('Remeber to restart the server to apply the new cipher set.') ++ self._log.info('Remember to restart the server to apply the new cipher set.') + self._log.info('Some ciphers may be disabled anyway due to allowWeakCipher attribute.') + + def _get_listed_ciphers(self, attr): +-- +2.33.0 + diff --git a/remove-where-cockpit_present-is-called.patch b/remove-where-cockpit_present-is-called.patch new file mode 100644 index 0000000000000000000000000000000000000000..463e37cf81d632c8446164ff6b3e4047e43d8317 --- /dev/null +++ b/remove-where-cockpit_present-is-called.patch @@ -0,0 +1,47 @@ +From d1f5ab91be74f0c599e619d2ffbf5aa59d389e7c Mon Sep 17 00:00:00 2001 +From: cherry530 <707078654@qq.com> +Date: Mon, 25 Nov 2024 15:38:27 +0800 +Subject: [PATCH] Remove where cockpit_present is called + +Signed-off-by: cherry530 <707078654@qq.com> +--- + src/lib389/lib389/cli_ctl/cockpit.py | 9 --------- + 1 file changed, 9 deletions(-) + +diff --git a/src/lib389/lib389/cli_ctl/cockpit.py b/src/lib389/lib389/cli_ctl/cockpit.py +index afc7247..13a3eae 100644 +--- a/src/lib389/lib389/cli_ctl/cockpit.py ++++ b/src/lib389/lib389/cli_ctl/cockpit.py +@@ -27,9 +27,6 @@ def open_firewall(inst, log, args): + """ + Open the firewall for Cockpit service + """ +- if not cockpit_present(): +- raise ValueError("The 'cockpit' package is not installed on this system") +- + OPEN_CMD = ['sudo', 'firewall-cmd', '--add-service=cockpit', '--permanent'] + if args.zone is not None: + OPEN_CMD.append(f' --zone={args.zone}') +@@ -43,9 +40,6 @@ def disable_cockpit(inst, log, args): + """ + Disable Cockpit socket + """ +- if not cockpit_present(): +- raise ValueError("The 'cockpit' package is not installed on this system") +- + DISABLE_CMD = ['sudo', 'systemctl', 'disable', '--now', 'cockpit.socket'] + try: + subprocess.run(DISABLE_CMD) +@@ -57,9 +51,6 @@ def close_firewall(inst, log, args): + """ + Close firewall for Cockpit service + """ +- if not cockpit_present(): +- raise ValueError("The 'cockpit' package is not installed on this system") +- + CLOSE_CMD = ['sudo', 'firewall-cmd', '--remove-service=cockpit', '--permanent'] + try: + subprocess.run(CLOSE_CMD) +-- +2.43.0 +