public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
From: Viktor Ashirov <vashirov@redhat.com>
To: git-commits@fedoraproject.org
Subject: [rpms/389-ds-base] f43: Resolves: CVE-2026-9064
Date: Fri, 05 Jun 2026 08:11:58 GMT [thread overview]
Message-ID: <178064711884.1.11717163679627680987.rpms-389-ds-base-b69019f5ff31@fedoraproject.org> (raw)
A new commit has been pushed.
Repo : rpms/389-ds-base
Branch : f43
Commit : b69019f5ff31e2961b184db6e312403b779c6128
Author : Viktor Ashirov <vashirov@redhat.com>
Date : 2026-06-05T10:11:20+02:00
Stats : +441/-1 in 2 file(s)
URL : https://src.fedoraproject.org/rpms/389-ds-base/c/b69019f5ff31e2961b184db6e312403b779c6128?branch=f43
Log:
Resolves: CVE-2026-9064
---
diff --git a/0029-Issue-7503-CVE-2026-9064-Add-a-limit-to-the-number-c.patch b/0029-Issue-7503-CVE-2026-9064-Add-a-limit-to-the-number-c.patch
new file mode 100644
index 0000000..3804c34
--- /dev/null
+++ b/0029-Issue-7503-CVE-2026-9064-Add-a-limit-to-the-number-c.patch
@@ -0,0 +1,439 @@
+From 7e9647f5bb5c47602f4cdf0022cf6bd22872d3ef Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Thu, 21 May 2026 09:17:39 -0400
+Subject: [PATCH] Issue 7503 - CVE-2026-9064 - Add a limit to the number
+ controls per operation
+
+Description:
+
+Security fix for CVE-2026-9064
+
+To prevent resource starvation limit the number of controls the server will
+process per operation. Reject the operation if number of controls exceeds
+the limit
+
+relates: https://github.com/389ds/389-ds-base/issues/7503
+
+References:
+ - https://access.redhat.com/security/cve/cve-2026-9064
+ - https://bugzilla.redhat.com/show_bug.cgi?id=2480093
+
+CI test assisted by: Cursor
+
+Reviewed by: jchapman & tbordaz (Thanks!!)
+---
+ .../suites/features/ldap_controls_test.py | 76 ++++++++++++++++++-
+ ldap/schema/01core389.ldif | 3 +-
+ ldap/servers/slapd/control.c | 14 +++-
+ ldap/servers/slapd/libglobs.c | 52 +++++++++++++
+ ldap/servers/slapd/proto-slap.h | 2 +
+ ldap/servers/slapd/slap.h | 4 +
+ .../389-console/src/lib/server/tuning.jsx | 52 ++++++++++++-
+ 7 files changed, 197 insertions(+), 6 deletions(-)
+
+diff --git a/dirsrvtests/tests/suites/features/ldap_controls_test.py b/dirsrvtests/tests/suites/features/ldap_controls_test.py
+index 0f8aa08be..59a58b21d 100644
+--- a/dirsrvtests/tests/suites/features/ldap_controls_test.py
++++ b/dirsrvtests/tests/suites/features/ldap_controls_test.py
+@@ -9,15 +9,18 @@
+ import logging
+ import pytest
+ import ldap
++from ldap.controls import RequestControl
+ from ldap.controls.readentry import PostReadControl
+ from lib389.idm.user import UserAccounts, UserAccount
+-from lib389.topologies import topology_st
+-from lib389._constants import DEFAULT_SUFFIX
++from test389.topologies import topology_st
++from lib389._constants import DEFAULT_SUFFIX, DN_DM, PASSWORD
+
+ pytestmark = pytest.mark.tier1
+
+ log = logging.getLogger(__name__)
+
++MANAGE_DSAIT_OID = "2.16.840.1.113730.3.4.2"
++MAX_CONTROLS_PER_OP_ATTR = "nsslapd-maxcontrolsperop"
+
+ def test_postread_ctrl_modify(topology_st):
+ """Test PostReadControl with LDAP modify operations.
+@@ -79,6 +82,75 @@ def test_postread_ctrl_modify(topology_st):
+ user.delete()
+
+
++def _make_request_controls(count):
++ return [
++ RequestControl(controlType=MANAGE_DSAIT_OID, criticality=False)
++ for _ in range(count)
++ ]
++
++
++def test_bind_excessive_controls(topology_st):
++ """Bind request control count is limited by nsslapd-maxcontrolsperop
++
++ :id: c3888f02-2107-4682-a50a-2189d1436233
++ :setup: Standalone instance
++ :steps:
++ 1. Read nsslapd-maxcontrolsperop from cn=config (default 10)
++ 2. Bind with one fewer control than the limit
++ 3. Bind with one more control than the limit
++ 4. Set nsslapd-maxcontrolsperop to 5
++ 5. Bind with 4 controls (new limit minus one)
++ 6. Bind with 6 controls (over new limit)
++ 7. Restore nsslapd-maxcontrolsperop and re-bind as Directory Manager
++ :expectedresults:
++ 1. Config value is 10
++ 2. Bind succeeds
++ 3. Bind fails with ldap.UNWILLING_TO_PERFORM
++ 4. Success
++ 5. Bind succeeds
++ 6. Bind fails with ldap.UNWILLING_TO_PERFORM
++ 7. Success
++ """
++ inst = topology_st.standalone
++ original_max = inst.config.get_attr_val_utf8(MAX_CONTROLS_PER_OP_ATTR)
++
++ try:
++ max_controls = int(inst.config.get_attr_val_utf8(MAX_CONTROLS_PER_OP_ATTR))
++ assert max_controls == 10
++
++ log.info("Bind with %d controls (limit %d, limit minus one)",
++ max_controls - 1, max_controls)
++ inst.simple_bind_s(DN_DM, PASSWORD,
++ serverctrls=_make_request_controls(max_controls - 1))
++
++ log.info("Bind with %d controls (limit %d plus one)",
++ max_controls + 1, max_controls)
++ with pytest.raises(ldap.UNWILLING_TO_PERFORM):
++ inst.simple_bind_s(DN_DM, PASSWORD,
++ serverctrls=_make_request_controls(max_controls + 1))
++ inst.simple_bind_s(DN_DM, PASSWORD)
++
++ lowered_max = 5
++ log.info("Set %s to %d", MAX_CONTROLS_PER_OP_ATTR, lowered_max)
++ inst.config.set(MAX_CONTROLS_PER_OP_ATTR, str(lowered_max))
++ assert int(inst.config.get_attr_val_utf8(MAX_CONTROLS_PER_OP_ATTR)) == lowered_max
++
++ log.info("Bind with %d controls (lowered limit %d, limit minus one)",
++ lowered_max - 1, lowered_max)
++ inst.simple_bind_s(DN_DM, PASSWORD,
++ serverctrls=_make_request_controls(lowered_max - 1))
++
++ log.info("Bind with %d controls (lowered limit %d plus one)",
++ lowered_max + 1, lowered_max)
++ with pytest.raises(ldap.UNWILLING_TO_PERFORM):
++ inst.simple_bind_s(DN_DM, PASSWORD,
++ serverctrls=_make_request_controls(lowered_max + 1))
++ finally:
++ log.info("Restore %s to %s", MAX_CONTROLS_PER_OP_ATTR, original_max)
++ inst.config.set(MAX_CONTROLS_PER_OP_ATTR, original_max)
++ inst.simple_bind_s(DN_DM, PASSWORD)
++
++
+ if __name__ == '__main__':
+ CURRENT_FILE = __file__
+ pytest.main(["-s", "-v", CURRENT_FILE])
+diff --git a/ldap/schema/01core389.ldif b/ldap/schema/01core389.ldif
+index bfe8259f8..7e2d1ac44 100644
+--- a/ldap/schema/01core389.ldif
++++ b/ldap/schema/01core389.ldif
+@@ -5,7 +5,7 @@
+ # All rights reserved.
+ #
+ # License: GPL (version 3 or any later version).
+-# See LICENSE for details.
++# See LICENSE for details.
+ # END COPYRIGHT BLOCK
+ #
+ #
+@@ -333,6 +333,7 @@ attributeTypes: ( 2.16.840.1.113730.3.1.2392 NAME 'nsslapd-return-original-entry
+ attributeTypes: ( 2.16.840.1.113730.3.1.2393 NAME 'nsslapd-auditlog-display-attrs' DESC '389 Directory Server defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN '389 Directory Server' )
+ attributeTypes: ( 2.16.840.1.113730.3.1.2398 NAME 'nsslapd-haproxy-trusted-ip' DESC '389 Directory Server defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN '389 Directory Server' )
+ attributeTypes: ( 2.16.840.1.113730.3.1.2400 NAME 'nsslapd-pwdPBKDF2NumIterations' DESC '389 Directory Server defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Directory Server' )
++attributeTypes: ( 2.16.840.1.113730.3.1.2402 NAME 'nsslapd-maxcontrolsperop' DESC '389 Directory Server defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN '389 Directory Server' )
+ #
+ # objectclasses
+ #
+diff --git a/ldap/servers/slapd/control.c b/ldap/servers/slapd/control.c
+index d661dc6e1..9373c9f70 100644
+--- a/ldap/servers/slapd/control.c
++++ b/ldap/servers/slapd/control.c
+@@ -302,7 +302,7 @@ get_ldapmessage_controls_ext(
+ ber_tag_t tag;
+ /* ber_len_t is uint, cannot be -1 */
+ ber_len_t len = LBER_ERROR;
+- int rc, maxcontrols, curcontrols;
++ int rc, maxcontrols, curcontrols, maxcontrols_per_op;
+ char *last;
+ int managedsait, pwpolicy_ctrl;
+ Connection *pb_conn = NULL;
+@@ -379,11 +379,21 @@ get_ldapmessage_controls_ext(
+ return (LDAP_PROTOCOL_ERROR);
+ }
+
++ maxcontrols_per_op = config_get_maxcontrolsperop();
+ maxcontrols = curcontrols = 0;
+ for (tag = ber_first_element(ber, &len, &last);
+ tag != LBER_ERROR && tag != LBER_END_OF_SEQORSET;
+- tag = ber_next_element(ber, &len, last)) {
++ tag = ber_next_element(ber, &len, last))
++ {
+ len = -1; /* reset */
++ if (curcontrols >= maxcontrols_per_op) {
++ slapi_log_err(SLAPI_LOG_ERR, "get_ldapmessage_controls_ext",
++ "Too many controls in LDAP request (max %d)\n",
++ maxcontrols_per_op);
++ rc = LDAP_UNWILLING_TO_PERFORM;
++ goto free_and_return;
++ }
++
+ if (curcontrols >= maxcontrols - 1) {
+ #define CONTROL_GRABSIZE 6
+ maxcontrols += CONTROL_GRABSIZE;
+diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
+index 887ae9a9d..ecf736ef6 100644
+--- a/ldap/servers/slapd/libglobs.c
++++ b/ldap/servers/slapd/libglobs.c
+@@ -1466,6 +1466,11 @@ static struct config_get_and_set
+ NULL, 0,
+ (void **)&global_slapdFrontendConfig.return_orig_dn,
+ CONFIG_ON_OFF, (ConfigGetFunc)config_get_return_orig_dn, &init_return_orig_dn, NULL},
++ {CONFIG_MAXCONTROLS_PER_OP_ATTRIBUTE, config_set_maxcontrolsperop,
++ NULL, 0,
++ (void **)&global_slapdFrontendConfig.maxcontrols_per_op,
++ CONFIG_INT, (ConfigGetFunc)config_get_maxcontrolsperop,
++ SLAPD_DEFAULT_MAXCONTROLS_PER_OP_STR, NULL},
+ /* End config */
+ };
+
+@@ -2041,6 +2046,7 @@ FrontendConfig_init(void)
+ init_cn_uses_dn_syntax_in_dns = cfg->cn_uses_dn_syntax_in_dns = LDAP_OFF;
+ init_global_backend_local = LDAP_OFF;
+ cfg->maxsimplepaged_per_conn = SLAPD_DEFAULT_MAXSIMPLEPAGED_PER_CONN;
++ cfg->maxcontrols_per_op = SLAPD_DEFAULT_MAXCONTROLS_PER_OP;
+ cfg->maxbersize = SLAPD_DEFAULT_MAXBERSIZE;
+ cfg->logging_backend = slapi_ch_strdup(SLAPD_INIT_LOGGING_BACKEND_INTERNAL);
+ cfg->rootdn = slapi_ch_strdup(SLAPD_DEFAULT_DIRECTORY_MANAGER);
+@@ -10105,6 +10111,52 @@ config_get_maxsimplepaged_per_conn()
+ return retVal;
+ }
+
++int
++config_set_maxcontrolsperop(const char *attrname, char *value, char *errorbuf, int apply)
++{
++ int retVal = LDAP_SUCCESS;
++ slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
++ long size;
++ char *endp;
++
++ if (config_value_is_null(attrname, value, errorbuf, 0)) {
++ return LDAP_OPERATIONS_ERROR;
++ }
++
++ errno = 0;
++ size = strtol(value, &endp, 10);
++ if (*endp != '\0' || errno == ERANGE || size < 1 || size > 1000) {
++ slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
++ "(%s) value (%s) is invalid, must be at least 1 and less than 1000\n",
++ attrname, value);
++ return LDAP_OPERATIONS_ERROR;
++ }
++
++ if (!apply) {
++ return retVal;
++ }
++
++ CFG_LOCK_WRITE(slapdFrontendConfig);
++
++ slapdFrontendConfig->maxcontrols_per_op = size;
++
++ CFG_UNLOCK_WRITE(slapdFrontendConfig);
++ return retVal;
++}
++
++int
++config_get_maxcontrolsperop()
++{
++ slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
++ int retVal;
++
++ retVal = slapdFrontendConfig->maxcontrols_per_op;
++ if (retVal == 0) {
++ retVal = SLAPD_DEFAULT_MAXCONTROLS_PER_OP;
++ }
++ return retVal;
++}
++
+ int32_t
+ config_set_extract_pem(const char *attrname, char *value, char *errorbuf, int apply)
+ {
+diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h
+index 8a2f74836..c6482414f 100644
+--- a/ldap/servers/slapd/proto-slap.h
++++ b/ldap/servers/slapd/proto-slap.h
+@@ -426,6 +426,7 @@ int32_t config_set_maxdescriptors(const char *attrname, char *value, char *error
+ int config_set_localuser(const char *attrname, char *value, char *errorbuf, int apply);
+
+ int config_set_maxsimplepaged_per_conn(const char *attrname, char *value, char *errorbuf, int apply);
++int config_set_maxcontrolsperop(const char *attrname, char *value, char *errorbuf, int apply);
+
+ int log_external_libs_debug_set_log_fn(void);
+ int log_set_backend(const char *attrname, char *value, int logtype, char *errorbuf, int apply);
+@@ -631,6 +632,7 @@ int config_get_malloc_mmap_threshold(void);
+ #endif
+
+ int config_get_maxsimplepaged_per_conn(void);
++int config_get_maxcontrolsperop(void);
+ int config_get_extract_pem(void);
+
+ int32_t config_get_enable_upgrade_hash(void);
+diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h
+index 1e5ad84bf..5b1d8850e 100644
+--- a/ldap/servers/slapd/slap.h
++++ b/ldap/servers/slapd/slap.h
+@@ -301,6 +301,8 @@ typedef void (*VFPV)(); /* takes undefined arguments */
+ #define SLAPD_DEFAULT_MAXBERSIZE_STR "2097152"
+ #define SLAPD_DEFAULT_MAXSIMPLEPAGED_PER_CONN (-1)
+ #define SLAPD_DEFAULT_MAXSIMPLEPAGED_PER_CONN_STR "-1"
++#define SLAPD_DEFAULT_MAXCONTROLS_PER_OP 10
++#define SLAPD_DEFAULT_MAXCONTROLS_PER_OP_STR "10"
+ #define SLAPD_DEFAULT_LDAPSSOTOKEN_TTL 3600
+ #define SLAPD_DEFAULT_LDAPSSOTOKEN_TTL_STR "3600"
+
+@@ -2417,6 +2419,7 @@ typedef struct _slapdEntryPoints
+ #define CONFIG_CN_USES_DN_SYNTAX_IN_DNS "nsslapd-cn-uses-dn-syntax-in-dns"
+
+ #define CONFIG_MAXSIMPLEPAGED_PER_CONN_ATTRIBUTE "nsslapd-maxsimplepaged-per-conn"
++#define CONFIG_MAXCONTROLS_PER_OP_ATTRIBUTE "nsslapd-maxcontrolsperop"
+ #define CONFIG_LOGGING_BACKEND "nsslapd-logging-backend"
+
+ #define CONFIG_EXTRACT_PEM "nsslapd-extract-pemfiles"
+@@ -2749,6 +2752,7 @@ typedef struct _slapdFrontendConfig
+ slapi_onoff_t cn_uses_dn_syntax_in_dns; /* indicates the cn value in dns has dn syntax */
+ slapi_onoff_t global_backend_lock;
+ slapi_int_t maxsimplepaged_per_conn; /* max simple paged results reqs handled per connection */
++ slapi_int_t maxcontrols_per_op; /* max LDAP controls allowed per operation */
+ slapi_onoff_t enable_nunc_stans; /* Despite the removal of NS, we have to leave the value in
+ * case someone was setting it.
+ */
+diff --git a/src/cockpit/389-console/src/lib/server/tuning.jsx b/src/cockpit/389-console/src/lib/server/tuning.jsx
+index 5f56ff858..fe0ed9d2e 100644
+--- a/src/cockpit/389-console/src/lib/server/tuning.jsx
++++ b/src/cockpit/389-console/src/lib/server/tuning.jsx
+@@ -23,6 +23,7 @@ const tuning_attrs = [
+ 'nsslapd-connection-nocanon',
+ 'nsslapd-enable-turbo-mode',
+ 'nsslapd-threadnumber',
++ 'nsslapd-maxthreadsperconn',
+ 'nsslapd-maxdescriptors',
+ 'nsslapd-timelimit',
+ 'nsslapd-sizelimit',
+@@ -34,6 +35,7 @@ const tuning_attrs = [
+ 'nsslapd-maxsasliosize',
+ 'nsslapd-listen-backlog-size',
+ 'nsslapd-max-filter-nest-level',
++ 'nsslapd-maxcontrolsperop',
+ 'nsslapd-ndn-cache-max-size',
+ ];
+
+@@ -161,6 +163,7 @@ export class ServerTuning extends React.Component {
+ 'nsslapd-connection-nocanon': connNoCannon,
+ 'nsslapd-enable-turbo-mode': turboMode,
+ 'nsslapd-threadnumber': attrs['nsslapd-threadnumber'][0],
++ 'nsslapd-maxthreadsperconn': attrs['nsslapd-maxthreadsperconn'][0],
+ 'nsslapd-maxdescriptors': attrs['nsslapd-maxdescriptors'][0],
+ 'nsslapd-timelimit': attrs['nsslapd-timelimit'][0],
+ 'nsslapd-sizelimit': attrs['nsslapd-sizelimit'][0],
+@@ -172,6 +175,7 @@ export class ServerTuning extends React.Component {
+ 'nsslapd-maxsasliosize': attrs['nsslapd-maxsasliosize'][0],
+ 'nsslapd-listen-backlog-size': attrs['nsslapd-listen-backlog-size'][0],
+ 'nsslapd-max-filter-nest-level': attrs['nsslapd-max-filter-nest-level'][0],
++ 'nsslapd-maxcontrolsperop': attrs['nsslapd-maxcontrolsperop'][0],
+ 'nsslapd-ndn-cache-max-size': attrs['nsslapd-ndn-cache-max-size'][0],
+ // Record original values
+ '_nsslapd-ndn-cache-enabled': ndnEnabled,
+@@ -179,6 +183,7 @@ export class ServerTuning extends React.Component {
+ '_nsslapd-connection-nocanon': connNoCannon,
+ '_nsslapd-enable-turbo-mode': turboMode,
+ '_nsslapd-threadnumber': attrs['nsslapd-threadnumber'][0],
++ '_nsslapd-maxthreadsperconn': attrs['nsslapd-maxthreadsperconn'][0],
+ '_nsslapd-maxdescriptors': attrs['nsslapd-maxdescriptors'][0],
+ '_nsslapd-timelimit': attrs['nsslapd-timelimit'][0],
+ '_nsslapd-sizelimit': attrs['nsslapd-sizelimit'][0],
+@@ -190,6 +195,7 @@ export class ServerTuning extends React.Component {
+ '_nsslapd-maxsasliosize': attrs['nsslapd-maxsasliosize'][0],
+ '_nsslapd-listen-backlog-size': attrs['nsslapd-listen-backlog-size'][0],
+ '_nsslapd-max-filter-nest-level': attrs['nsslapd-max-filter-nest-level'][0],
++ '_nsslapd-maxcontrolsperop': attrs['nsslapd-maxcontrolsperop'][0],
+ '_nsslapd-ndn-cache-max-size': attrs['nsslapd-ndn-cache-max-size'][0],
+ }, this.props.enableTree());
+ })
+@@ -275,7 +281,7 @@ export class ServerTuning extends React.Component {
+ <TextContent>
+ <Text component={TextVariants.h3}>
+ {_("Tuning & Limits")}
+- <Button
++ <Button
+ variant="plain"
+ aria-label={_("Refresh settings")}
+ onClick={() => {
+@@ -312,6 +318,28 @@ export class ServerTuning extends React.Component {
+ />
+ </GridItem>
+ </Grid>
++ <Grid
++ title={_("The maximum number of threads that can handle requests for a single connection (nsslapd-maxthreadsperconn).")}
++ >
++ <GridItem className="ds-label" span={3}>
++ {_("Max Threads Per Connection")}
++ </GridItem>
++ <GridItem span={9}>
++ <NumberInput
++ value={this.state['nsslapd-maxthreadsperconn']}
++ min={1}
++ max={65535}
++ onMinus={() => { this.onMinusConfig("nsslapd-maxthreadsperconn") }}
++ onChange={(e) => { this.onConfigChange(e, "nsslapd-maxthreadsperconn", 1, 65535) }}
++ onPlus={() => { this.onPlusConfig("nsslapd-maxthreadsperconn") }}
++ inputName="input"
++ inputAriaLabel="number input"
++ minusBtnAriaLabel="minus"
++ plusBtnAriaLabel="plus"
++ widthChars={8}
++ />
++ </GridItem>
++ </Grid>
+ <Grid
+ title={_("The maximum number of seconds allocated for a search request. Set to '-1' to disable the time limit (nsslapd-timelimit).")}
+ >
+@@ -542,6 +570,28 @@ export class ServerTuning extends React.Component {
+ />
+ </GridItem>
+ </Grid>
++ <Grid
++ title={_("The maximum number of LDAP controls allowed per operation (nsslapd-maxcontrolsperop).")}
++ >
++ <GridItem className="ds-label" span={3}>
++ {_("Maximum Controls Per Operation")}
++ </GridItem>
++ <GridItem span={9}>
++ <NumberInput
++ value={this.state['nsslapd-maxcontrolsperop']}
++ min={1}
++ max={1000}
++ onMinus={() => { this.onMinusConfig("nsslapd-maxcontrolsperop") }}
++ onChange={(e) => { this.onConfigChange(e, "nsslapd-maxcontrolsperop", 1, 0) }}
++ onPlus={() => { this.onPlusConfig("nsslapd-maxcontrolsperop") }}
++ inputName="input"
++ inputAriaLabel="number input"
++ minusBtnAriaLabel="minus"
++ plusBtnAriaLabel="plus"
++ widthChars={8}
++ />
++ </GridItem>
++ </Grid>
+ <Grid
+ title={_("Disable DNS reverse entries for outgoing connections (nsslapd-connection-nocanon).")}
+ >
+--
+2.54.0
+
diff --git a/389-ds-base.spec b/389-ds-base.spec
index c160a9b..965c8fc 100644
--- a/389-ds-base.spec
+++ b/389-ds-base.spec
@@ -545,6 +545,7 @@ Patch: 0025-Issue-7223-Remove-integerOrderingMatch-requirement-f.patc
Patch: 0026-Security-fix-for-CVE-2025-14905.patch
Patch: 0027-Issue-7302-dblib-bdb2mdb-fails-on-F43-F43-upgrade-73.patch
Patch: 0028-Issue-7267-MDB_BAD_VALSIZE-error-when-updating-index.patch
+Patch: 0029-Issue-7503-CVE-2026-9064-Add-a-limit-to-the-number-c.patch
%description
389 Directory Server is an LDAPv3 compliant server. The base package includes
@@ -558,7 +559,7 @@ Please see http://seclists.org/oss-sec/2016/q1/363 for more information.
%if %{with libbdb_ro}
%package robdb-libs
Summary: Read-only Berkeley Database Library
-License: GPL-3.0-or-later WITH GPL-3.0-389-ds-base-exception AND (Apache-2.0 OR Apache-2.0 WITH LLVM-exception OR MIT) AND (Apache-2.0 OR LGPL-2.1-or-later OR MIT) AND (Apache-2.0 OR MIT) AND (CC-BY-4.0 AND MIT) AND (MIT OR Apache-2.0) AND Unicode-3.0 AND (MIT OR CC0-1.0) AND (MIT OR Unlicense) AND 0BSD AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND ISC AND MIT AND MIT AND ISC AND MPL-2.0 AND PSF-2.0 AND Zlib
+License: GPL-3.0-or-later WITH GPL-3.0-389-ds-base-exception AND (Apache-2.0 OR Apache-2.0 WITH LLVM-exception OR MIT) AND (Apache-2.0 OR LGPL-2.1-or-later OR MIT) AND (Apache-2.0 OR MIT) AND (CC-BY-4.0 AND MIT) AND (MIT OR Apache-2.0) AND Unicode-3.0 AND (MIT OR CC0-1.0) AND (MIT OR Unlicense) AND 0BSD AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND ISC AND MIT AND MIT AND ISC AND MPL-2.0 AND PSF-2.0 AND Zlib
%description robdb-libs
The %{name}-robdb-lib package contains a library derived from rpm
reply other threads:[~2026-06-05 8:11 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=178064711884.1.11717163679627680987.rpms-389-ds-base-b69019f5ff31@fedoraproject.org \
--to=vashirov@redhat.com \
--cc=git-commits@fedoraproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox