summaryrefslogtreecommitdiff
path: root/net-nds/389-ds-base
diff options
context:
space:
mode:
Diffstat (limited to 'net-nds/389-ds-base')
-rw-r--r--net-nds/389-ds-base/389-ds-base-1.4.4.17.ebuild (renamed from net-nds/389-ds-base/389-ds-base-1.4.4.16-r1.ebuild)149
-rw-r--r--net-nds/389-ds-base/Manifest5
-rw-r--r--net-nds/389-ds-base/files/389-ds-base-1.4.4.16-crypt-import.patch118
3 files changed, 76 insertions, 196 deletions
diff --git a/net-nds/389-ds-base/389-ds-base-1.4.4.16-r1.ebuild b/net-nds/389-ds-base/389-ds-base-1.4.4.17.ebuild
index e3ef7ffdf4bf..e64239ebf7b6 100644
--- a/net-nds/389-ds-base/389-ds-base-1.4.4.16-r1.ebuild
+++ b/net-nds/389-ds-base/389-ds-base-1.4.4.17.ebuild
@@ -4,82 +4,82 @@
EAPI=7
CRATES="
-ahash-0.7.2
-ansi_term-0.11.0
-atty-0.2.14
-autocfg-1.0.1
-base64-0.13.0
-bitflags-1.2.1
-byteorder-1.4.3
-cbindgen-0.9.1
-cc-1.0.67
-cfg-if-1.0.0
-clap-2.33.3
-concread-0.2.9
-crossbeam-0.8.0
-crossbeam-channel-0.5.1
-crossbeam-deque-0.8.0
-crossbeam-epoch-0.9.3
-crossbeam-queue-0.3.1
-crossbeam-utils-0.8.3
-fernet-0.1.4
-foreign-types-0.3.2
-foreign-types-shared-0.1.1
-getrandom-0.2.2
-hermit-abi-0.1.18
-instant-0.1.9
-itoa-0.4.7
-jobserver-0.1.21
-lazy_static-1.4.0
-libc-0.2.93
-lock_api-0.4.3
-log-0.4.14
-memoffset-0.6.3
-once_cell-1.7.2
-openssl-0.10.33
-openssl-sys-0.9.61
-parking_lot-0.11.1
-parking_lot_core-0.8.3
-paste-0.1.18
-paste-impl-0.1.18
-pkg-config-0.3.19
-ppv-lite86-0.2.10
-proc-macro-hack-0.5.19
-proc-macro2-1.0.26
-quote-1.0.9
-rand-0.8.3
-rand_chacha-0.3.0
-rand_core-0.6.2
-rand_hc-0.3.0
-redox_syscall-0.2.6
-remove_dir_all-0.5.3
-ryu-1.0.5
-scopeguard-1.1.0
-serde-1.0.125
-serde_derive-1.0.125
-serde_json-1.0.64
-smallvec-1.6.1
-strsim-0.8.0
-syn-1.0.69
-synstructure-0.12.4
-tempfile-3.2.0
-textwrap-0.11.0
-toml-0.5.8
-unicode-width-0.1.8
-unicode-xid-0.2.1
-uuid-0.8.2
-vcpkg-0.2.11
-vec_map-0.8.2
-version_check-0.9.3
-wasi-0.10.2+wasi-snapshot-preview1
-winapi-0.3.9
-winapi-i686-pc-windows-gnu-0.4.0
-winapi-x86_64-pc-windows-gnu-0.4.0
-zeroize-1.2.0
-zeroize_derive-1.0.1
+ ahash-0.7.2
+ ansi_term-0.11.0
+ atty-0.2.14
+ autocfg-1.0.1
+ base64-0.13.0
+ bitflags-1.2.1
+ byteorder-1.4.3
+ cbindgen-0.9.1
+ cc-1.0.67
+ cfg-if-1.0.0
+ clap-2.33.3
+ concread-0.2.9
+ crossbeam-0.8.0
+ crossbeam-channel-0.5.1
+ crossbeam-deque-0.8.0
+ crossbeam-epoch-0.9.3
+ crossbeam-queue-0.3.1
+ crossbeam-utils-0.8.3
+ fernet-0.1.4
+ foreign-types-0.3.2
+ foreign-types-shared-0.1.1
+ getrandom-0.2.2
+ hermit-abi-0.1.18
+ instant-0.1.9
+ itoa-0.4.7
+ jobserver-0.1.21
+ lazy_static-1.4.0
+ libc-0.2.93
+ lock_api-0.4.3
+ log-0.4.14
+ memoffset-0.6.3
+ once_cell-1.7.2
+ openssl-0.10.33
+ openssl-sys-0.9.61
+ parking_lot-0.11.1
+ parking_lot_core-0.8.3
+ paste-0.1.18
+ paste-impl-0.1.18
+ pkg-config-0.3.19
+ ppv-lite86-0.2.10
+ proc-macro-hack-0.5.19
+ proc-macro2-1.0.26
+ quote-1.0.9
+ rand-0.8.3
+ rand_chacha-0.3.0
+ rand_core-0.6.2
+ rand_hc-0.3.0
+ redox_syscall-0.2.6
+ remove_dir_all-0.5.3
+ ryu-1.0.5
+ scopeguard-1.1.0
+ serde-1.0.125
+ serde_derive-1.0.125
+ serde_json-1.0.64
+ smallvec-1.6.1
+ strsim-0.8.0
+ syn-1.0.69
+ synstructure-0.12.4
+ tempfile-3.2.0
+ textwrap-0.11.0
+ toml-0.5.8
+ unicode-width-0.1.8
+ unicode-xid-0.2.1
+ uuid-0.8.2
+ vcpkg-0.2.11
+ vec_map-0.8.2
+ version_check-0.9.3
+ wasi-0.10.2+wasi-snapshot-preview1
+ winapi-0.3.9
+ winapi-i686-pc-windows-gnu-0.4.0
+ winapi-x86_64-pc-windows-gnu-0.4.0
+ zeroize-1.2.0
+ zeroize_derive-1.0.1
"
-PYTHON_COMPAT=( python3_{8,9} )
+PYTHON_COMPAT=( python3_{8,9,10} )
DISTUTILS_SINGLE_IMPL=1
DISTUTILS_USE_SETUPTOOLS=rdepend
@@ -173,7 +173,6 @@ RDEPEND="${DEPEND}
S="${WORKDIR}/${PN}-${P}"
PATCHES=(
- "${FILESDIR}/${P}-crypt-import.patch"
"${FILESDIR}/${PN}-db-gentoo.patch"
)
diff --git a/net-nds/389-ds-base/Manifest b/net-nds/389-ds-base/Manifest
index adadfd47f7c9..defa53edc7c7 100644
--- a/net-nds/389-ds-base/Manifest
+++ b/net-nds/389-ds-base/Manifest
@@ -1,9 +1,8 @@
-AUX 389-ds-base-1.4.4.16-crypt-import.patch 4527 BLAKE2B b5063cd2a3492ff1f50e64ca1f71305b11536d7fe70346879995a37f68927d9d02e65405dccb8765643fa56e66a55f9113afd991048462f6e4dc2a3eab8bf3d5 SHA512 93c4deaae0427f0641857e9a90bde96d249951eec9f6c683f3ec4abd6dccf572c65ee7932c862afb8aa7ad31d6f7c1fba4070e74fe37d598ce298e4af82bc481
AUX 389-ds-base-db-gentoo.patch 838 BLAKE2B 88ba5e7b2868b9e790fd2b326e4ceddbbb5d82f8f598ab8a41c4f1acb79d3796a9e17f20fc9fd282a801e761612bf568947657f46001fd7d3fa76daadac44cfb SHA512 e37a1ca80cbd733e01bd077cb05cc656b725a3f596221946198a34b9e62f231642d5e10b09e40dd02564cab9e01593225b622c70d49b456054f9fcfd762f597d
AUX 389-ds-base.conf 118 BLAKE2B 48d1ef0410b57658508544aa8826ff8e12a17aaf5de1c1ea3346414d6f16ea3b44d14e300b23b82441ae6272df36089892aabfd027c73a3ce70e6a3c9ec9d358 SHA512 69ed8b8f3bdbf9098088b0c92c41a238f16d14ba9f86ebc2b5debe5f001b4d8e235f7cff4731d72b30b5ac70486b0f4300b99646aa3926a3fa59515a64f16402
AUX 389-ds-snmp.initd 951 BLAKE2B 5598a35b1368cce330d314e335d8fe624ed318c3363f32e9128968cc23de9f87a253b4790673c7557325a395961490ee4918d9a9d9bce4efd23d616418735aaf SHA512 ce58938ac13efb74e3a70def3a44c267095aae4c2e47e65ff176e9cc7e65f4210af230dc52738b5dcd3d831c9ba97cb030f8e5c5f0eaccb6bc6a1a379383f3a4
AUX 389-ds.initd-r1 2339 BLAKE2B 81094cc67b907d5b864c816b14b550ce90cecb526804ecee136074d338fad14eb44d715ca502fe1e631d982a534405c76616863e1c0d21afc6d9b3ae41cd8f34 SHA512 79d51de1ae25883b6f3a6fdd808bd06bedc5bf7c0d2ce0d090184a1d69fd2f6a031a6230158639fa592a5b4712a6fd063f43154d7e9525e4eccf274e5cc67f22
-DIST 389-ds-base-1.4.4.16.tar.gz 5456272 BLAKE2B bb157de3ebfdf214a56a56cd991255080890b28ca5fbd4ce5437e1ab4ca03181b7c2a58630ee26112771aaf9037cff8102926f48da136d6af43024c70ca1eeb8 SHA512 2c8d446dd26f67345351a6ea5f6095d89ed5eb26df09e09b19d625fb01418c5354b93ac0272e68b2d444a70b63180ce53042e0e43b6ea826948f6c93f4c22fc0
+DIST 389-ds-base-1.4.4.17.tar.gz 5356426 BLAKE2B 4972d7a7a7d12fb13f76db5cb2c8b896d5bb02c9f1e4bfbfae709f5fc01b9f662b5557710ca52d9f0a6ac3dc9e36bfab594e597db90ab146a5a5f252e11b4175 SHA512 83cc20915d59d4a45febad1462103c51108deee271cae7f98ff28e0a939451060edca28046719a417b3d3b956a74687a288880d64a6ab201e682ad577bf70583
DIST ahash-0.7.2.crate 37192 BLAKE2B a2ea98d408f6ac72b96a7e14b22999d52a6839d724f3e8fc82f67ea985a110d8dc17847087e6aaeca477ef93afadda3488ee77cc5425cab5f77c00cd67ff4463 SHA512 77886a994102c1edf93b133e27658e3c84152c83597191d58c571dc7dfc765d41c2879ea55d64e04e3af804a4f10aeb1c10e33a924fd967b288e6d0b12728b34
DIST ansi_term-0.11.0.crate 17087 BLAKE2B 9bd35c045a01ce4c6c4a5db1b4f15e9412bb97426eec19d4421dffbec633de8d13452c13c1dc1b30998690b78d7ed38311aca700087f13a81f66bd1d5d7300c4 SHA512 a637466a380748f939b3af090b8c0333f35581925bc03f4dda9b3f95d338836403cf5487ae3af9ff68f8245a837f8ab061aabe57a126a6a2c20f2e972c77d1fa
DIST atty-0.2.14.crate 5470 BLAKE2B 2db856a9e898a430258f059aeaf7c844a153293e8856d90ac81f7d91a888c89198768ad5cb09303c23241fe85c560a55148fa56a303651a82b0edb895616bfab SHA512 d7b6c4b9a0f898d91ddbc41a5ee45bbf45d1d269508c8cc87ee3e3990500e41e0ec387afb1f3bc7db55bedac396dd86c6509f4bf9e5148d809c3802edcc5e1d9
@@ -77,5 +76,5 @@ DIST winapi-i686-pc-windows-gnu-0.4.0.crate 2918815 BLAKE2B 4d357e4d30f955297217
DIST winapi-x86_64-pc-windows-gnu-0.4.0.crate 2947998 BLAKE2B 2ad1ea8b5fa07d544e910ccba043ae925269b76b26c9da356305b34b86741dd8b9aff0b9ffe3d562db4fcd7d7c46a11ce9e3168b782b1d89ae6881742b7ede82 SHA512 4a654af6a5d649dc87e00497245096b35a2894ae66f155cb62389902c3b93ddcc5cf7d0d8b9dd97b291d2d80bc686af2298e80abef6ac69883f4a54e79712513
DIST zeroize-1.2.0.crate 15450 BLAKE2B 1f3c2688cf84d8bc22f777cc06673c29c9306b2c246bec67404729dac01570dd550c4ebe1f9cbd04c3d6a2711bf7106c45a34d01bb0ab7b73d3a15a65bf66eb7 SHA512 9bc0242824908909669e473029990a582efb884ce8f37d153d3a92083f64afe7b3bb26821dff8f39af74ea7935024d9414d458cf61c2e6291ca3611e896ae390
DIST zeroize_derive-1.0.1.crate 8047 BLAKE2B c43d99d7f80d104ec43708742d2c13080a3b96d0b8ffac099f86c82bce33d263313a42ebec42ed5dbeaeac397d1717e6cf089980dd7934b1efc7228b737a5f21 SHA512 cbb7fe8d9ecb38c0f6fd11e491afa289cc9d8719f2460f4569816d7d55ec17fc88aa9a167aafb83809e2122481e016039b055e3bc4edfdeaf009fc0d65212dc7
-EBUILD 389-ds-base-1.4.4.16-r1.ebuild 6583 BLAKE2B 4f73a5ed48192f5b0449b71eea70b4b9c65e828a04a731066369aee0a802db5b26d94fa2b54a7818342ce671c0dad725e0d22e13fcaabf266920486085e40860 SHA512 b6628b6e28f6b6998d59336e2b1e845ee2cf8d3fdef60b877aef12ee8fbd60bdb949a5f72603dd10c17e49faf51f99ef440b7164e9e8b2f5daec286749ab1887
+EBUILD 389-ds-base-1.4.4.17.ebuild 6620 BLAKE2B d9527bed34a2fb3b5d2b50341bff0976b007a5de463958e21e573e2f9d125578adbc27e2de0ae4e698d2a904a8cc62d0782558dc3c5804c2c1155b469698247c SHA512 a1a81e585fb4b7a46f7ff24fd20612dc4fc510870ae2e3d7f30c63bd274d14fb5b77a0fcd25118f55dbd161d831ce08d2841d21b3a6d07c194005a76607f2040
MISC metadata.xml 1460 BLAKE2B c3c5e271a36f665015758b047f9e533dc0c593c2b8a241ed560afb3d54e2798ad08c98586dadafdcc5dc44b249db95f510022ace1a71167004d8dd721f2ec513 SHA512 6397b47a23a4bdb197b9298b08e7f9c3cf86c2ec4102170e49619b4e636d55837b4e28782cfda0790d9d2824903fd6169fe125052bf4efde2df1f3968c06476e
diff --git a/net-nds/389-ds-base/files/389-ds-base-1.4.4.16-crypt-import.patch b/net-nds/389-ds-base/files/389-ds-base-1.4.4.16-crypt-import.patch
deleted file mode 100644
index cf8c7d9b4524..000000000000
--- a/net-nds/389-ds-base/files/389-ds-base-1.4.4.16-crypt-import.patch
+++ /dev/null
@@ -1,118 +0,0 @@
-From c1926dfc6591b55c4d33f9944de4d7ebe077e964 Mon Sep 17 00:00:00 2001
-From: Firstyear <william@blackhats.net.au>
-Date: Fri, 9 Jul 2021 11:53:35 +1000
-Subject: [PATCH] Issue 4817 - BUG - locked crypt accounts on import may allow
- all passwords (#4819)
-
-Bug Description: Due to mishanding of short dbpwd hashes, the
-crypt_r algorithm was misused and was only comparing salts
-in some cases, rather than checking the actual content
-of the password.
-
-Fix Description: Stricter checks on dbpwd lengths to ensure
-that content passed to crypt_r has at least 2 salt bytes and
-1 hash byte, as well as stricter checks on ct_memcmp to ensure
-that compared values are the same length, rather than potentially
-allowing overruns/short comparisons.
-
-fixes: https://github.com/389ds/389-ds-base/issues/4817
-
-Author: William Brown <william@blackhats.net.au>
-
-Review by: @mreynolds389
----
- .../password/pwd_crypt_asterisk_test.py | 50 +++++++++++++++++++
- ldap/servers/plugins/pwdstorage/crypt_pwd.c | 20 +++++---
- 2 files changed, 64 insertions(+), 6 deletions(-)
- create mode 100644 dirsrvtests/tests/suites/password/pwd_crypt_asterisk_test.py
-
-diff --git a/dirsrvtests/tests/suites/password/pwd_crypt_asterisk_test.py b/dirsrvtests/tests/suites/password/pwd_crypt_asterisk_test.py
-new file mode 100644
-index 000000000..d76614db1
---- /dev/null
-+++ b/dirsrvtests/tests/suites/password/pwd_crypt_asterisk_test.py
-@@ -0,0 +1,50 @@
-+# --- BEGIN COPYRIGHT BLOCK ---
-+# Copyright (C) 2021 William Brown <william@blackhats.net.au>
-+# All rights reserved.
-+#
-+# License: GPL (version 3 or any later version).
-+# See LICENSE for details.
-+# --- END COPYRIGHT BLOCK ---
-+#
-+import ldap
-+import pytest
-+from lib389.topologies import topology_st
-+from lib389.idm.user import UserAccounts
-+from lib389._constants import (DEFAULT_SUFFIX, PASSWORD)
-+
-+pytestmark = pytest.mark.tier1
-+
-+def test_password_crypt_asterisk_is_rejected(topology_st):
-+ """It was reported that {CRYPT}* was allowing all passwords to be
-+ valid in the bind process. This checks that we should be rejecting
-+ these as they should represent locked accounts. Similar, {CRYPT}!
-+
-+ :id: 0b8f1a6a-f3eb-4443-985e-da14d0939dc3
-+ :setup: Single instance
-+ :steps: 1. Set a password hash in with CRYPT and the content *
-+ 2. Test a bind
-+ 3. Set a password hash in with CRYPT and the content !
-+ 4. Test a bind
-+ :expectedresults:
-+ 1. Successfully set the values
-+ 2. The bind fails
-+ 3. Successfully set the values
-+ 4. The bind fails
-+ """
-+ topology_st.standalone.config.set('nsslapd-allow-hashed-passwords', 'on')
-+ topology_st.standalone.config.set('nsslapd-enable-upgrade-hash', 'off')
-+
-+ users = UserAccounts(topology_st.standalone, DEFAULT_SUFFIX)
-+ user = users.create_test_user()
-+
-+ user.set('userPassword', "{CRYPT}*")
-+
-+ # Attempt to bind with incorrect password.
-+ with pytest.raises(ldap.INVALID_CREDENTIALS):
-+ badconn = user.bind('badpassword')
-+
-+ user.set('userPassword', "{CRYPT}!")
-+ # Attempt to bind with incorrect password.
-+ with pytest.raises(ldap.INVALID_CREDENTIALS):
-+ badconn = user.bind('badpassword')
-+
-diff --git a/ldap/servers/plugins/pwdstorage/crypt_pwd.c b/ldap/servers/plugins/pwdstorage/crypt_pwd.c
-index 9031b2199..1b37d41ed 100644
---- a/ldap/servers/plugins/pwdstorage/crypt_pwd.c
-+++ b/ldap/servers/plugins/pwdstorage/crypt_pwd.c
-@@ -48,15 +48,23 @@ static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */
- int
- crypt_pw_cmp(const char *userpwd, const char *dbpwd)
- {
-- int rc;
-- char *cp;
-+ int rc = -1;
-+ char *cp = NULL;
-+ size_t dbpwd_len = strlen(dbpwd);
- struct crypt_data data;
- data.initialized = 0;
-
-- /* we use salt (first 2 chars) of encoded password in call to crypt_r() */
-- cp = crypt_r(userpwd, dbpwd, &data);
-- if (cp) {
-- rc = slapi_ct_memcmp(dbpwd, cp, strlen(dbpwd));
-+ /*
-+ * there MUST be at least 2 chars of salt and some pw bytes, else this is INVALID and will
-+ * allow any password to bind as we then only compare SALTS.
-+ */
-+ if (dbpwd_len >= 3) {
-+ /* we use salt (first 2 chars) of encoded password in call to crypt_r() */
-+ cp = crypt_r(userpwd, dbpwd, &data);
-+ }
-+ /* If these are not the same length, we can not proceed safely with memcmp. */
-+ if (cp && dbpwd_len == strlen(cp)) {
-+ rc = slapi_ct_memcmp(dbpwd, cp, dbpwd_len);
- } else {
- rc = -1;
- }