rpms/389-ds-base
1
0
Fork 0
mirror of https://git.centos.org/rpms/389-ds-base.git synced 2025-02-24 00:32:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

import 389-ds-base-1.3.10.2-16.el7_9

Browse source
This commit is contained in:
CentOS Sources 2022-06-28 03:54:04 -04:00
parent 10de5fb125
commit 7a6e0abf10
5 changed files with 526 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

45
SOURCES/0035-Issue-5242-Craft-message-may-crash-the-server-5243.patch Normal file
View file

@ -0,0 +1,45 @@
From 3854c402d06028b63e593463f34bb8d76dc42973 Mon Sep 17 00:00:00 2001
From: tbordaz <tbordaz@redhat.com>
Date: Wed, 30 Mar 2022 18:07:23 +0200
Subject: [PATCH 1/4] Issue 5242- Craft message may crash the server (#5243)
Bug description:
A craft request can result in DoS
Fix description:
If the server fails to decode the ber value
then return an Error
relates: 5242
Reviewed by: Pierre Rogier, Mark Reynolds (thanks !)
Platforms tested: F34
---
ldap/servers/slapd/filter.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/ldap/servers/slapd/filter.c b/ldap/servers/slapd/filter.c
index 8e21b34c3..e86946387 100644
--- a/ldap/servers/slapd/filter.c
+++ b/ldap/servers/slapd/filter.c
@@ -644,8 +644,14 @@ get_extensible_filter(BerElement *ber, mr_filter_t *mrf)
}
}
- if ((tag != LBER_ERROR) && (len != -1)) {
- goto parsing_error;
+ if (tag == LBER_ERROR) {
+ if (len == -1) {
+ /* means that the ber sequence ended without LBER_END_OF_SEQORSET tag
+ * and it is considered as valid to ensure compatibility with open ldap.
+ */
+ } else {
+ goto parsing_error;
+ }
}
slapi_log_err(SLAPI_LOG_FILTER, "get_extensible_filter", "<= %i\n", rc);
--
2.31.1

106
SOURCES/0036-Issue-4956-Automember-allows-invalid-regex-and-does-.patch Normal file
View file

@ -0,0 +1,106 @@
From 6458f3cb9a959dd6ad9f8cadc236289715a99979 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Wed, 20 Oct 2021 10:04:06 -0400
Subject: [PATCH 2/4] Issue 4956 - Automember allows invalid regex, and does
not log proper error
Bug Description: The server was detecting an invalid automember
regex, but it did not reject it, and it did not
log which regex rule was invalid.
Fix Description: By properly rejecting the invalid regex will also
trigger the proper error logging to occur.
relates: https://github.com/389ds/389-ds-base/issues/4956
Reviewed by: tbordaz & spichugi(Thanks!!)
---
.../automember_plugin/configuration_test.py | 63 +++++++++++++++++++
ldap/servers/plugins/automember/automember.c | 1 +
2 files changed, 64 insertions(+)
create mode 100644 dirsrvtests/tests/suites/automember_plugin/configuration_test.py
diff --git a/dirsrvtests/tests/suites/automember_plugin/configuration_test.py b/dirsrvtests/tests/suites/automember_plugin/configuration_test.py
new file mode 100644
index 000000000..fc7c15c45
--- /dev/null
+++ b/dirsrvtests/tests/suites/automember_plugin/configuration_test.py
@@ -0,0 +1,63 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# Copyright (C) 2021 Red Hat, Inc.
+# All rights reserved.
+#
+# License: GPL (version 3 or any later version).
+# See LICENSE for details.
+# --- END COPYRIGHT BLOCK ---
+
+import ldap
+import os
+import pytest
+from lib389.topologies import topology_st as topo
+from lib389.plugins import AutoMembershipPlugin, AutoMembershipDefinitions, MemberOfPlugin
+from lib389._constants import DEFAULT_SUFFIX
+
+pytestmark = pytest.mark.tier1
+
+def test_invalid_regex(topo):
+ """Test invalid regex is properly reportedin the error log
+
+ :id: a6d89f84-ec76-4871-be96-411d051800b1
+ :setup: Standalone Instance
+ :steps:
+ 1. Setup automember
+ 2. Add invalid regex
+ 3. Error log reports useful message
+ :expectedresults:
+ 1. Success
+ 2. Success
+ 3. Success
+ """
+ REGEX_DN = "cn=regex1,cn=testregex,cn=auto membership plugin,cn=plugins,cn=config"
+ REGEX_VALUE = "cn=*invalid*"
+ REGEX_ESC_VALUE = "cn=\\*invalid\\*"
+ GROUP_DN = "cn=demo_group,ou=groups," + DEFAULT_SUFFIX
+
+ AutoMembershipPlugin(topo.standalone).remove_all("nsslapd-pluginConfigArea")
+ automemberplugin = AutoMembershipPlugin(topo.standalone)
+
+ automember_prop = {
+ 'cn': 'testRegex',
+ 'autoMemberScope': 'ou=People,' + DEFAULT_SUFFIX,
+ 'autoMemberFilter': 'objectclass=*',
+ 'autoMemberDefaultGroup': GROUP_DN,
+ 'autoMemberGroupingAttr': 'member:dn',
+ }
+ automember_defs = AutoMembershipDefinitions(topo.standalone, "cn=Auto Membership Plugin,cn=plugins,cn=config")
+ automember_def = automember_defs.create(properties=automember_prop)
+ automember_def.add_regex_rule("regex1", GROUP_DN, include_regex=[REGEX_VALUE])
+
+ automemberplugin.enable()
+ topo.standalone.restart()
+
+ # Check errors log for invalid message
+ ERR_STR1 = "automember_parse_regex_rule - Unable to parse regex rule"
+ ERR_STR2 = "Skipping invalid inclusive regex rule in rule entry \"%s\" \\(rule = \"%s\"\\)" % (REGEX_DN, REGEX_ESC_VALUE)
+ assert topo.standalone.searchErrorsLog(ERR_STR1)
+ assert topo.standalone.searchErrorsLog(ERR_STR2)
+
+
+if __name__ == "__main__":
+ CURRENT_FILE = os.path.realpath(__file__)
+ pytest.main("-s -v %s" % CURRENT_FILE)
diff --git a/ldap/servers/plugins/automember/automember.c b/ldap/servers/plugins/automember/automember.c
index 24fd874aa..d06c6375e 100644
--- a/ldap/servers/plugins/automember/automember.c
+++ b/ldap/servers/plugins/automember/automember.c
@@ -1224,6 +1224,7 @@ automember_parse_regex_rule(char *rule_string)
"automember_parse_regex_rule - Unable to parse "
"regex rule (invalid regex). Error \"%s\".\n",
recomp_result ? recomp_result : "unknown");
+ goto bail;
}
/* Validation has passed, so create the regex rule struct and fill it in.
--
2.31.1

255
SOURCES/0037-Issue-5155-RFE-Provide-an-option-to-abort-an-Auto-Me.patch Normal file
View file

@ -0,0 +1,255 @@
From b74fa27d5da3e96f474a9643d6c56cea7e395db8 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Tue, 8 Feb 2022 12:38:54 -0500
Subject: [PATCH 3/4] Issue 5155 - RFE - Provide an option to abort an Auto
Member rebuild task
https://github.com/389ds/389-ds-base/issues/5155
https://github.com/389ds/389-ds-base/pull/5157
---
ldap/servers/plugins/automember/automember.c | 124 +++++++++++++------
1 file changed, 88 insertions(+), 36 deletions(-)
diff --git a/ldap/servers/plugins/automember/automember.c b/ldap/servers/plugins/automember/automember.c
index d06c6375e..c377431f4 100644
--- a/ldap/servers/plugins/automember/automember.c
+++ b/ldap/servers/plugins/automember/automember.c
@@ -21,6 +21,7 @@
*/
static PRCList *g_automember_config = NULL;
static Slapi_RWLock *g_automember_config_lock = NULL;
+static uint64_t abort_rebuild_task = 0;
static void *_PluginID = NULL;
static Slapi_DN *_PluginDN = NULL;
@@ -82,9 +83,11 @@ static int automember_update_member_value(Slapi_Entry *member_e, const char *gro
static int automember_task_add(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter, int *returncode, char *returntext, void *arg);
static int automember_task_add_export_updates(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter, int *returncode, char *returntext, void *arg);
static int automember_task_add_map_entries(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter, int *returncode, char *returntext, void *arg);
+static int automember_task_abort(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter, int *returncode, char *returntext, void *arg);
void automember_rebuild_task_thread(void *arg);
void automember_export_task_thread(void *arg);
void automember_map_task_thread(void *arg);
+void automember_task_abort_thread(void *arg);
static void automember_task_destructor(Slapi_Task *task);
static void automember_task_export_destructor(Slapi_Task *task);
static void automember_task_map_destructor(Slapi_Task *task);
@@ -305,6 +308,7 @@ automember_start(Slapi_PBlock *pb)
"--> automember_start\n");
slapi_plugin_task_register_handler("automember rebuild membership", automember_task_add, pb);
+ slapi_plugin_task_register_handler("automember abort rebuild", automember_task_abort, pb);
slapi_plugin_task_register_handler("automember export updates", automember_task_add_export_updates, pb);
slapi_plugin_task_register_handler("automember map updates", automember_task_add_map_entries, pb);
@@ -383,6 +387,9 @@ automember_close(Slapi_PBlock *pb __attribute__((unused)))
automember_task_add_export_updates);
slapi_plugin_task_unregister_handler("automember map updates",
automember_task_add_map_entries);
+ slapi_plugin_task_unregister_handler("automember abort rebuild",
+ automember_task_abort);
+
automember_delete_config();
slapi_sdn_free(&_PluginDN);
@@ -2207,6 +2214,65 @@ automember_task_map_destructor(Slapi_Task *task)
}
}
+/*
+ * automember_task_abort
+ *
+ * This task is designed to abort and existing rebuild task
+ *
+ * task entry:
+ *
+ * dn: cn=my abort task, cn=automember abort rebuild,cn=tasks,cn=config
+ * objectClass: top
+ * objectClass: extensibleObject
+ * cn: my abort task
+ */
+static int
+automember_task_abort(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter __attribute__((unused)), int *returncode, char *returntext __attribute__((unused)), void *arg)
+{
+ Slapi_Task *task = NULL;
+ PRThread *thread = NULL;
+ int rc;
+
+ *returncode = LDAP_SUCCESS; /* can not fail - always success */
+
+ task = slapi_plugin_new_task(slapi_entry_get_ndn(e), arg);
+ thread = PR_CreateThread(PR_USER_THREAD, automember_task_abort_thread,
+ (void *)task, PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
+ PR_UNJOINABLE_THREAD, SLAPD_DEFAULT_THREAD_STACKSIZE);
+ if (thread == NULL) {
+ slapi_log_err(SLAPI_LOG_ERR, AUTOMEMBER_PLUGIN_SUBSYSTEM,
+ "automember_task_abort - Unable to create task thread!\n");
+ *returncode = LDAP_OPERATIONS_ERROR;
+ slapi_task_finish(task, *returncode);
+ rc = SLAPI_DSE_CALLBACK_ERROR;
+ } else {
+ rc = SLAPI_DSE_CALLBACK_OK;
+ }
+ return rc;
+}
+
+void
+automember_task_abort_thread(void *arg)
+{
+ Slapi_Task *task = (Slapi_Task *)arg;
+
+ slapi_task_inc_refcount(task);
+ slapi_task_begin(task, 1);
+ slapi_task_log_notice(task, "Automember abort rebuild task started.");
+ slapi_task_log_status(task, "Automember abort rebuild task started.");
+
+ /* Set the abort flag */
+ slapi_atomic_store_64(&abort_rebuild_task, 1, __ATOMIC_RELEASE);
+
+ /* Wrap things up */
+ slapi_task_log_notice(task, "Automember abort rebuild task finished.");
+ slapi_task_log_status(task, "Automember abort rebuild task finished.");
+ slapi_task_inc_progress(task);
+ slapi_task_finish(task, 0);
+ slapi_task_dec_refcount(task);
+}
+
+
/*
* automember_task_add
*
@@ -2320,13 +2386,16 @@ automember_rebuild_task_thread(void *arg)
{
Slapi_Task *task = (Slapi_Task *)arg;
struct configEntry *config = NULL;
- Slapi_PBlock *search_pb = NULL, *fixup_pb = NULL;
+ Slapi_PBlock *search_pb = NULL;
Slapi_Entry **entries = NULL;
task_data *td = NULL;
PRCList *list = NULL;
PRCList *include_list = NULL;
int result = 0;
- size_t i = 0, ii = 0;
+ size_t i = 0;
+
+ /* Reset abort flag */
+ slapi_atomic_store_64(&abort_rebuild_task, 0, __ATOMIC_RELEASE);
if (!task) {
return; /* no task */
@@ -2350,6 +2419,8 @@ automember_rebuild_task_thread(void *arg)
/*
* Search the database
*/
+ automember_config_read_lock();
+
search_pb = slapi_pblock_new();
slapi_search_internal_set_pb_ext(search_pb, td->base_dn, td->scope, td->filter_str, NULL,
0, NULL, NULL, automember_get_plugin_id(), 0);
@@ -2372,30 +2443,19 @@ automember_rebuild_task_thread(void *arg)
slapi_pblock_get(search_pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries);
/*
- * If this is a backend txn plugin, start the transaction
+ * loop over the entries
*/
- if (plugin_is_betxn) {
- Slapi_Backend *be = slapi_be_select(td->base_dn);
-
- if (be) {
- fixup_pb = slapi_pblock_new();
- slapi_pblock_set(fixup_pb, SLAPI_BACKEND, be);
- if (slapi_back_transaction_begin(fixup_pb) != LDAP_SUCCESS) {
- slapi_log_err(SLAPI_LOG_ERR, AUTOMEMBER_PLUGIN_SUBSYSTEM,
- "automember_rebuild_task_thread - Failed to start transaction\n");
- }
- } else {
- slapi_log_err(SLAPI_LOG_ERR, AUTOMEMBER_PLUGIN_SUBSYSTEM,
- "automember_rebuild_task_thread - Failed to get be backend from %s\n",
- slapi_sdn_get_dn(td->base_dn));
+ for (i = 0; entries && (entries[i] != NULL); i++) {
+ if (slapi_atomic_load_64(&abort_rebuild_task, __ATOMIC_ACQUIRE) == 1) {
+ /* The task was aborted */
+ slapi_task_log_notice(task, "Automember rebuild task was intentionally aborted");
+ slapi_task_log_status(task, "Automember rebuild task was intentionally aborted");
+ slapi_log_err(SLAPI_LOG_NOTICE, AUTOMEMBER_PLUGIN_SUBSYSTEM,
+ "automember_rebuild_task_thread - task was intentionally aborted\n");
+ result = -1;
+ goto out;
}
- }
- /*
- * Grab the config read lock, and loop over the entries
- */
- automember_config_read_lock();
- for (i = 0; entries && (entries[i] != NULL); i++) {
if (!PR_CLIST_IS_EMPTY(g_automember_config)) {
list = PR_LIST_HEAD(g_automember_config);
while (list != g_automember_config) {
@@ -2405,7 +2465,7 @@ automember_rebuild_task_thread(void *arg)
(slapi_filter_test_simple(entries[i], config->filter) == 0))
{
/* First clear out all the defaults groups */
- for (ii = 0; config->default_groups && config->default_groups[ii]; ii++) {
+ for (size_t ii = 0; config->default_groups && config->default_groups[ii]; ii++) {
if ((result = automember_update_member_value(entries[i], config->default_groups[ii],
config->grouping_attr, config->grouping_value, NULL, DEL_MEMBER)))
{
@@ -2418,7 +2478,6 @@ automember_rebuild_task_thread(void *arg)
slapi_log_err(SLAPI_LOG_ERR, AUTOMEMBER_PLUGIN_SUBSYSTEM,
"automember_rebuild_task_thread - Unable to unable to delete from (%s) error (%d)\n",
config->default_groups[ii], result);
- automember_config_unlock();
goto out;
}
}
@@ -2440,7 +2499,6 @@ automember_rebuild_task_thread(void *arg)
slapi_log_err(SLAPI_LOG_ERR, AUTOMEMBER_PLUGIN_SUBSYSTEM,
"automember_rebuild_task_thread - Unable to unable to delete from (%s) error (%d)\n",
slapi_sdn_get_dn(curr_rule->target_group_dn), result);
- automember_config_unlock();
goto out;
}
include_list = PR_NEXT_LINK(include_list);
@@ -2452,7 +2510,6 @@ automember_rebuild_task_thread(void *arg)
automember_update_membership(config, entries[i], NULL) == SLAPI_PLUGIN_FAILURE)
{
result = SLAPI_PLUGIN_FAILURE;
- automember_config_unlock();
goto out;
}
}
@@ -2460,17 +2517,10 @@ automember_rebuild_task_thread(void *arg)
}
}
}
- automember_config_unlock();
out:
- if (plugin_is_betxn && fixup_pb) {
- if (i == 0 || result != 0) { /* no updates performed */
- slapi_back_transaction_abort(fixup_pb);
- } else {
- slapi_back_transaction_commit(fixup_pb);
- }
- slapi_pblock_destroy(fixup_pb);
- }
+ automember_config_unlock();
+
slapi_free_search_results_internal(search_pb);
slapi_pblock_destroy(search_pb);
@@ -2485,6 +2535,8 @@ out:
slapi_task_inc_progress(task);
slapi_task_finish(task, result);
slapi_task_dec_refcount(task);
+ slapi_atomic_store_64(&abort_rebuild_task, 0, __ATOMIC_RELEASE);
+
slapi_log_err(SLAPI_LOG_PLUGIN, AUTOMEMBER_PLUGIN_SUBSYSTEM,
"automember_rebuild_task_thread - Refcount decremented.\n");
}
--
2.31.1

108
SOURCES/0038-Issue-5221-User-with-expired-password-can-still-logi.patch Normal file
View file

@ -0,0 +1,108 @@
From 1a5c28b6546214054ca44e57dc0c21b9a8a73baa Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Thu, 3 Mar 2022 16:29:41 -0500
Subject: [PATCH 4/4] Issue 5221 - User with expired password can still login
with full privledges
Bug Description:
A user with an expired password can still login and perform operations
with its typical access perimssions. But an expired password means the
account should be considered anonymous.
Fix Description:
Clear the bind credentials if the password is expired
relates: https://github.com/389ds/389-ds-base/issues/5221
Reviewed by: progier(Thanks!)
---
.../suites/password/pw_expired_access_test.py | 62 +++++++++++++++++++
ldap/servers/slapd/pw_mgmt.c | 1 +
2 files changed, 63 insertions(+)
create mode 100644 dirsrvtests/tests/suites/password/pw_expired_access_test.py
diff --git a/dirsrvtests/tests/suites/password/pw_expired_access_test.py b/dirsrvtests/tests/suites/password/pw_expired_access_test.py
new file mode 100644
index 000000000..fb0afb190
--- /dev/null
+++ b/dirsrvtests/tests/suites/password/pw_expired_access_test.py
@@ -0,0 +1,62 @@
+import ldap
+import logging
+import pytest
+import os
+import time
+from lib389._constants import DEFAULT_SUFFIX, PASSWORD
+from lib389.idm.domain import Domain
+from lib389.idm.user import UserAccounts
+from lib389.topologies import topology_st as topo
+
+log = logging.getLogger(__name__)
+
+def test_expired_user_has_no_privledge(topo):
+ """Specify a test case purpose or name here
+
+ :id: 3df86b45-9929-414b-9bf6-06c25301d207
+ :setup: Standalone Instance
+ :steps:
+ 1. Set short password expiration time
+ 2. Add user and wait for expiration time to run out
+ 3. Set one aci that allows authenticated users full access
+ 4. Bind as user (password should be expired)
+ 5. Attempt modify
+ :expectedresults:
+ 1. Success
+ 2. Success
+ 3. Success
+ 4. Success
+ 5. Success
+ """
+
+ # Configured password epxiration
+ topo.standalone.config.replace_many(('passwordexp', 'on'), ('passwordmaxage', '1'))
+
+ # Set aci
+ suffix = Domain(topo.standalone, DEFAULT_SUFFIX)
+ ACI_TEXT = '(targetattr="*")(version 3.0; acl "test aci"; allow (all) (userdn="ldap:///all");)'
+ suffix.replace('aci', ACI_TEXT)
+
+ # Add user
+ user = UserAccounts(topo.standalone, DEFAULT_SUFFIX, rdn=None).create_test_user()
+ user.replace('userpassword', PASSWORD)
+ time.sleep(2)
+
+ # Bind as user with expired password. Need to use raw ldap calls because
+ # lib389 will close the connection when an error 49 is encountered.
+ ldap_object = ldap.initialize(topo.standalone.toLDAPURL())
+ with pytest.raises(ldap.INVALID_CREDENTIALS):
+ res_type, res_data, res_msgid, res_ctrls = ldap_object.simple_bind_s(
+ user.dn, PASSWORD)
+
+ # Try modify
+ with pytest.raises(ldap.INSUFFICIENT_ACCESS):
+ modlist = [ (ldap.MOD_REPLACE, 'description', b'Should not work!') ]
+ ldap_object.modify_ext_s(DEFAULT_SUFFIX, modlist)
+
+
+if __name__ == '__main__':
+ # Run isolated
+ # -s for DEBUG mode
+ CURRENT_FILE = os.path.realpath(__file__)
+ pytest.main(["-s", CURRENT_FILE])
diff --git a/ldap/servers/slapd/pw_mgmt.c b/ldap/servers/slapd/pw_mgmt.c
index ca76fc12f..f9b5a9add 100644
--- a/ldap/servers/slapd/pw_mgmt.c
+++ b/ldap/servers/slapd/pw_mgmt.c
@@ -211,6 +211,7 @@ skip:
slapi_pwpolicy_make_response_control(pb, -1, -1, LDAP_PWPOLICY_PWDEXPIRED);
}
slapi_add_pwd_control(pb, LDAP_CONTROL_PWEXPIRED, 0);
+ bind_credentials_clear(pb_conn, PR_FALSE, PR_TRUE);
slapi_send_ldap_result(pb, LDAP_INVALID_CREDENTIALS, NULL,
"password expired!", 0, NULL);
--
2.31.1

14
SPECS/389-ds-base.spec
View file

@ -39,7 +39,7 @@
Summary: 389 Directory Server (%{variant})
Name: 389-ds-base
Version: 1.3.10.2
Release: %{?relprefix}15%{?prerel}%{?dist}
Release: %{?relprefix}16%{?prerel}%{?dist}
License: GPLv3+
URL: https://www.port389.org/
Group: System Environment/Daemons
@ -180,7 +180,10 @@ Patch31: 0031-Issue-4667-incorrect-accounting-of-readers-in-vattr-.patc
Patch32: 0032-Issue-4943-Fix-csn-generator-to-limit-time-skew-drif.patch
Patch33: 0033-Issue-4943-followup-Fix-csn-generator-to-limit-time-.patch
Patch34: 0034-CVE-2021-4091-BZ-2030367-double-free-of-the-virtual-.patch
Patch35: 0035-Issue-5242-Craft-message-may-crash-the-server-5243.patch
Patch36: 0036-Issue-4956-Automember-allows-invalid-regex-and-does-.patch
Patch37: 0037-Issue-5155-RFE-Provide-an-option-to-abort-an-Auto-Me.patch
Patch38: 0038-Issue-5221-User-with-expired-password-can-still-logi.patch
%description
389 Directory Server is an LDAPv3 compliant server. The base package includes
@ -534,6 +537,13 @@ fi
%{_sysconfdir}/%{pkgname}/dirsrvtests
%changelog
* Tue Jun 07 2022 Thierry Bordaz <tbordaz@redhat.com> - 1.3.10.2-16
- Bump version to 1.3.10.2-16
- Resolves: Bug 2077395 - CVE-2022-0918 389-ds:1.4/389-ds-base: sending crafted message could result in DoS
- Resolves: Bug 2014768 - Log the Auto Member invalid regex rules in the LDAP errors log
- Resolves: Bug 2018153 - RFE - Provide an option to abort an Auto Member rebuild task
- Resolves: Bug 2093294 - CVE-2022-0996 389-ds:1.4/389-ds-base: expired password was still allowed to access the database
* Thu Feb 03 2022 Thierry Bordaz <tbordaz@redhat.com> - 1.3.10.2-15
- Bump version to 1.3.10.2-15
- Resolves: Bug 2049812 - Fix csn generator to limit time skew drift