configure.ac | 4 3 + 1 - 0 !
ldap/servers/slapd/ldaputil.c | 14 9 + 5 - 0 !
2 files changed, 12 insertions(+), 6 deletions(-)

---

Makefile.am | 6 3 + 3 - 0 !
configure.ac | 4 2 + 2 - 0 !
2 files changed, 5 insertions(+), 5 deletions(-)

Move -lssl and -lcrypto for libslapd.so from LDFLAGS to LIBADD.

Fixes: https://github.com/389ds/389-ds-base/issues/5610

Reviewed by: ???

src/lib389/lib389/cli_ctl/cockpit.py | 18 11 + 7 - 0 !
1 file changed, 11 insertions(+), 7 deletions(-)

---

.cargo/config.in | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---

Makefile.am | 2 1 + 1 - 0 !
src/librnsslapd/Cargo.toml | 2 1 + 1 - 0 !
src/librslapd/Cargo.toml | 4 2 + 2 - 0 !
src/plugins/entryuuid/Cargo.toml | 2 1 + 1 - 0 !
src/plugins/entryuuid_syntax/Cargo.toml | 2 1 + 1 - 0 !
src/plugins/pwdchan/Cargo.toml | 2 1 + 1 - 0 !
src/slapd/Cargo.toml | 2 1 + 1 - 0 !
src/slapi_r_plugin/Cargo.toml | 2 1 + 1 - 0 !
8 files changed, 9 insertions(+), 9 deletions(-)

---

dirsrvtests/tests/suites/password/password_test.py | 56 56 + 0 - 0 !
ldap/servers/slapd/modify.c | 8 6 + 2 - 0 !
2 files changed, 62 insertions(+), 2 deletions(-)

When doing a mod on userPassword we reset the pblock modifier after we
set the modified timestamp, ensuring the pblock data stays valid.

References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-2199
- https://access.redhat.com/security/cve/CVE-2024-2199
- https://bugzilla.redhat.com/show_bug.cgi?id=2267976

ldap/servers/slapd/modify.c | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all
scenarios. In certain product versions, this issue may allow
an authenticated user to cause a server crash while modifying
`userPassword` using malformed input.

References:
- https://access.redhat.com/security/cve/CVE-2024-8445
- https://nvd.nist.gov/vuln/detail/cve-2024-8445
- https://bugzilla.redhat.com/show_bug.cgi?id=2310110
- https://nvd.nist.gov/vuln/detail/CVE-2024-2199
- https://access.redhat.com/security/cve/CVE-2024-2199
- https://bugzilla.redhat.com/show_bug.cgi?id=2267976

dirsrvtests/tests/suites/password/regression_test.py | 51 50 + 1 - 0 !
ldap/servers/plugins/pwdstorage/md5_pwd.c | 9 8 + 1 - 0 !
ldap/servers/plugins/pwdstorage/pbkdf2_pwd.c | 6 6 + 0 - 0 !
3 files changed, 64 insertions(+), 2 deletions(-)

To prevent buffer overflow when a bind request is processed, the bind fails
if the hash size is not coherent without even attempting to process further
the hashed password.

References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-5953
- https://access.redhat.com/security/cve/CVE-2024-5953
- https://bugzilla.redhat.com/show_bug.cgi?id=2292104

dirsrvtests/tests/suites/filter/large_filter_test.py | 39 38 + 1 - 0 !
ldap/servers/slapd/back-ldbm/index.c | 111 59 + 52 - 0 !
2 files changed, 97 insertions(+), 53 deletions(-)

The code was modified to avoid a buffer overflow when logging some requests
in the audit log.

References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-3657
- https://access.redhat.com/security/cve/CVE-2024-3657
- https://bugzilla.redhat.com/show_bug.cgi?id=2274401