rpms/openldap/F-7 openldap-2.3.34-classes-dos.patch, NONE, 1.1 openldap-2.3.34-pcache.patch, NONE, 1.1 openldap.spec, 1.68, 1.69

Fri Nov 2 12:08:15 UTC 2007

Author: jsafrane

Update of /cvs/pkgs/rpms/openldap/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29702

Modified Files:
	openldap.spec 
Added Files:
	openldap-2.3.34-classes-dos.patch openldap-2.3.34-pcache.patch 
Log Message:
Fix various security flaws
Resolves: 360081

openldap-2.3.34-classes-dos.patch:

--- NEW FILE openldap-2.3.34-classes-dos.patch ---
Source: cvs diff -u -r1.227.2.25 -r1.227.2.26 modify.c
Index: modify.c
===================================================================
RCS file: /repo/OpenLDAP/pkg/ldap/servers/slapd/modify.c,v
retrieving revision 1.227.2.25
retrieving revision 1.227.2.26
diff -u -r1.227.2.25 -r1.227.2.26
--- servers/slapd/modify.c	2 Jan 2007 21:43:56 -0000	1.227.2.25
+++ servers/slapd/modify.c	4 Sep 2007 03:42:37 -0000	1.227.2.26
@@ -734,6 +734,7 @@
 							"%s: value #%ld normalization failed",
 							ml->sml_type.bv_val, (long) nvals );
 						*text = textbuf;
+						BER_BVZERO( &ml->sml_nvalues[nvals] );
 						return rc;
 					}
 				}

openldap-2.3.34-pcache.patch:

--- NEW FILE openldap-2.3.34-pcache.patch ---
Source: cvs diff -u -r 1.41.2.20 -r 1.41.2.21 pcache.c
Index: pcache.c
===================================================================
RCS file: /repo/OpenLDAP/pkg/ldap/servers/slapd/overlays/pcache.c,v
retrieving revision 1.41.2.20
retrieving revision 1.41.2.21
diff -u -r1.41.2.20 -r1.41.2.21
--- servers/slapd/overlays/pcache.c	28 Aug 2007 09:21:34 -0000	1.41.2.20
+++ servers/slapd/overlays/pcache.c	2 Oct 2007 16:24:09 -0000	1.41.2.21
@@ -1134,8 +1134,8 @@
 		count++;
 	}
 
-	*new_attrs = (AttributeName*)ch_malloc((count+1)*
-		sizeof(AttributeName));
+	*new_attrs = (AttributeName*)ch_calloc( count + 1,
+		sizeof(AttributeName) );
 	for (i=0; i<attrs->count; i++) {
 		(*new_attrs)[i].an_name = attrs->attrs[i].an_name;
 		(*new_attrs)[i].an_desc = attrs->attrs[i].an_desc;
@@ -1155,18 +1155,13 @@
 			continue;
 		(*new_attrs)[j].an_name = filter_attrs[i].an_name;
 		(*new_attrs)[j].an_desc = filter_attrs[i].an_desc;
-		(*new_attrs)[j].an_oc = NULL;
-		(*new_attrs)[j].an_oc_exclude = 0;
 		j++;
 	}
 	if ( addoc ) {
 		(*new_attrs)[j].an_name = slap_schema.si_ad_objectClass->ad_cname;
 		(*new_attrs)[j].an_desc = slap_schema.si_ad_objectClass;
-		(*new_attrs)[j].an_oc = NULL;
-		(*new_attrs)[j].an_oc_exclude = 0;
 		j++;
 	}
-	BER_BVZERO( &(*new_attrs)[j].an_name );
 }
 
 /* NOTE: this is a quick workaround to let pcache minimally interact


Index: openldap.spec
===================================================================
RCS file: /cvs/pkgs/rpms/openldap/F-7/openldap.spec,v
retrieving revision 1.68
retrieving revision 1.69
diff -u -r1.68 -r1.69
--- openldap.spec	13 Jul 2007 20:00:26 -0000	1.68
+++ openldap.spec	2 Nov 2007 12:07:42 -0000	1.69
@@ -13,7 +13,7 @@
 Summary: The configuration files, libraries, and documentation for OpenLDAP
 Name: openldap
 Version: %{version_23}
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: OpenLDAP
 Group: System Environment/Daemons
 Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version_23}.tgz
@@ -43,6 +43,8 @@
 Patch9: openldap-2.3.34-quiet-slaptest.patch
 Patch10: openldap-2.3.34-pthread.patch
 Patch11: openldap-2.3.34-smbk5pwd.patch
+Patch12: openldap-2.3.34-classes-dos.patch
+Patch13: openldap-2.3.34-pcache.patch
 
 # Patches for 2.2.29 for the compat-openldap package.
 Patch100: openldap-2.2.13-tls-fix-connection-test.patch
@@ -182,6 +184,8 @@
 %patch9 -p1 -b .quiet-slaptest
 %patch10 -p1 -b .pthread
 %patch11 -p1 -b .smbk5pwd
+%patch12 -p0 -b .classes
+%patch13 -p0 -b .pcache
 
 cp %{_datadir}/libtool/config.{sub,guess} build/
 popd
@@ -747,6 +751,9 @@
 %attr(0644,root,root)      %{evolution_connector_libdir}/*.a
 
 %changelog
+* Fri Nov  2 2007 Jan Safranek <jsafranek at redhat.com> 2.3.34-4%{?dist}
+- fix various security flaws (#360081)
+
 * Fri Jul 13 2007 Jan Safranek <jsafranek at redhat.com> 2.3.34-3%{?dist}
 - Fix initscript return codes (#242667)
 - Provide overlays including smbk5pwd (as modules; #246036, #245896, #220895)


