rpms/openldap/F-8 openldap-2.3.27-modify-noop.patch, NONE, 1.1 openldap.spec, 1.100, 1.101

Jan Šafránek (jsafrane) fedora-extras-commits at redhat.com
Fri Feb 8 14:09:57 UTC 2008 

Author: jsafrane

Update of /cvs/pkgs/rpms/openldap/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29597

Modified Files:
	openldap.spec 
Added Files:
	openldap-2.3.27-modify-noop.patch 
Log Message:
fix CVE-2008-0658
Resolves: #432013

openldap-2.3.27-modify-noop.patch:

--- NEW FILE openldap-2.3.27-modify-noop.patch ---
432013: CVE-2008-0658 openldap: slapd crash on modrdn operation with NOOP control on entry in bdb storage

Source: upstream, 
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5358
http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-bdb/modrdn.c.diff?r1=1.197&r2=1.198

===================================================================
RCS file: /repo/OpenLDAP/pkg/ldap/servers/slapd/back-bdb/modify.c,v
retrieving revision 1.124.2.16
retrieving revision 1.124.2.17
--- servers/slapd/back-bdb/modrdn.c     2008/01/11 03:01:37     1.197
+++ servers/slapd/back-bdb/modrdn.c     2008/02/07 11:06:24     1.198
@@ -739,6 +739,8 @@
 		} else {
 			rs->sr_err = LDAP_X_NO_OPERATION;
 			ltid = NULL;
+			/* Only free attrs if they were dup'd.  */
+			if ( dummy.e_attrs == e->e_attrs ) dummy.e_attrs = NULL;
 			goto return_results;
 		}


Index: openldap.spec
===================================================================
RCS file: /cvs/pkgs/rpms/openldap/F-8/openldap.spec,v
retrieving revision 1.100
retrieving revision 1.101
diff -u -r1.100 -r1.101
--- openldap.spec	14 Jan 2008 13:12:40 -0000	1.100
+++ openldap.spec	8 Feb 2008 14:09:22 -0000	1.101
@@ -12,7 +12,7 @@
 Summary: The configuration files, libraries, and documentation for OpenLDAP
 Name: openldap
 Version: %{version_23}
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: OpenLDAP
 Group: System Environment/Daemons
 Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version_23}.tgz
@@ -38,6 +38,7 @@
 Patch7: openldap-2.3.34-quiet-slaptest.patch
 Patch8: openldap-2.3.34-pthread.patch
 Patch9: openldap-2.3.37-smbk5pwd.patch
+Patch10: openldap-2.3.27-modify-noop.patch
 
 # Patches for 2.2.29 for the compat-openldap package.
 Patch100: openldap-2.2.13-tls-fix-connection-test.patch
@@ -172,6 +173,7 @@
 %patch7 -p1 -b .quiet-slaptest
 %patch8 -p1 -b .pthread
 %patch9 -p1 -b .smbk5pwd
+%patch10 -p0 -b .modify-noop
 
 cp %{_datadir}/libtool/config.{sub,guess} build/
 popd
@@ -674,57 +676,60 @@
 %attr(0644,root,root)      %{evolution_connector_libdir}/*.a
 
 %changelog
-* Mon Jan 14 2008 Jan Safranek <jsafranek at redhat.com> 2.3.39-2%{?dist}
+* Fri Feb  8 2008 Jan Safranek <jsafranek at redhat.com> 2.3.39-2
+- fix CVE-2008-0658 (#432013)
+
+* Mon Jan 14 2008 Jan Safranek <jsafranek at redhat.com> 2.3.39-2
 - fix default slurpd directory to /var/lib/ldap (#424831)
 
-* Fri Nov  2 2007 Jan Safranek <jsafranek at redhat.com> 2.3.39-1%{?dist}
+* Fri Nov  2 2007 Jan Safranek <jsafranek at redhat.com> 2.3.39-1
 - new upstream version, fixing few security flaws (#362991)
 
-* Thu Oct  4 2007 Jan Safranek <jsafranek at redhat.com> 2.3.38-3%{?dist}
+* Thu Oct  4 2007 Jan Safranek <jsafranek at redhat.com> 2.3.38-3
 - BDB downgraded back to 4.4.20 because 4.6.18 is not supported by 
   openldap (#314821)
 
-* Mon Sep 17 2007 Jan Safranek <jsafranek at redhat.com> 2.3.38-2%{?dist}
+* Mon Sep 17 2007 Jan Safranek <jsafranek at redhat.com> 2.3.38-2
 - skeleton /etc/sysconfig/ldap added
 - new SLAPD_LDAP option to turn off listening on ldap:/// (#292591)
 - fixed checking of SSL (#292611)
 - fixed upgrade with empty database
 
-* Thu Sep  6 2007 Jan Safranek <jsafranek at redhat.com> 2.3.38-1%{?dist}
+* Thu Sep  6 2007 Jan Safranek <jsafranek at redhat.com> 2.3.38-1
 - new upstream version
 - added images to the guide.html (#273581)
 
-* Wed Aug 22 2007 Jan Safranek <jsafranek at redhat.com> 2.3.37-3%{?dist}
+* Wed Aug 22 2007 Jan Safranek <jsafranek at redhat.com> 2.3.37-3
 - just rebuild
 
-* Thu Aug  2 2007 Jan Safranek <jsafranek at redhat.com> 2.3.37-2%{?dist}
+* Thu Aug  2 2007 Jan Safranek <jsafranek at redhat.com> 2.3.37-2
 - do not use specific automake and autoconf
 - do not distinguish between NPTL and non-NPTL platforms, we have NPTL
   everywhere
 - db-4.6.18 integrated
 - updated openldap-servers License: field to reference BDB license
 
-* Tue Jul 31 2007 Jan Safranek <jsafranek at redhat.com> 2.3.37-1%{?dist}
+* Tue Jul 31 2007 Jan Safranek <jsafranek at redhat.com> 2.3.37-1
 - new upstream version
 
-* Fri Jul 20 2007 Jan Safranek <jsafranek at redhat.com> 2.3.34-7%{?dist}
+* Fri Jul 20 2007 Jan Safranek <jsafranek at redhat.com> 2.3.34-7
 - MigrationTools-47 integrated
 
-* Wed Jul  4 2007 Jan Safranek <jsafranek at redhat.com> 2.3.34-6%{?dist}
+* Wed Jul  4 2007 Jan Safranek <jsafranek at redhat.com> 2.3.34-6
 - fix compat-slapcat compilation. Now it can be found in 
   /usr/lib/compat-openldap/slapcat, because the tool checks argv[0]
   (#246581)
 
-* Fri Jun 29 2007 Jan Safranek <jsafranek at redhat.com> 2.3.34-5%{?dist}
+* Fri Jun 29 2007 Jan Safranek <jsafranek at redhat.com> 2.3.34-5
 - smbk5pwd added (#220895)
 - correctly distribute modules between servers and servers-sql packages
 
-* Mon Jun 25 2007 Jan Safranek <jsafranek at redhat.com> 2.3.34-4%{?dist}
+* Mon Jun 25 2007 Jan Safranek <jsafranek at redhat.com> 2.3.34-4
 - Fix initscript return codes (#242667)
 - Provide overlays (as modules; #246036, #245896)
 - Add available modules to config file
 
-* Tue May 22 2007 Jan Safranek <jsafranek at redhat.com> 2.3.34-3%{?dist}
+* Tue May 22 2007 Jan Safranek <jsafranek at redhat.com> 2.3.34-3
 - do not create script in /tmp on startup (bz#188298)
 - add compat-slapcat to openldap-compat (bz#179378)
 - do not import ddp services with migrate_services.pl
@@ -735,7 +740,7 @@
 - add ldconfig to devel post/postun (bz#240253)
 - include misc.schema in default slapd.conf (bz#147805)
 
-* Mon Apr 23 2007 Jan Safranek <jsafranek at redhat.com> 2.3.34-2%{?dist}
+* Mon Apr 23 2007 Jan Safranek <jsafranek at redhat.com> 2.3.34-2
 - slapadd during package update is now quiet (bz#224581)
 - use _localstatedir instead of var/ during build (bz#220970)
 - bind-libbind-devel removed from BuildRequires (bz#216851)
@@ -745,20 +750,20 @@
 - do not strip binaries to produce correct .debuginfo packages
   (bz#152516)
 
-* Mon Feb 19 2007 Jay Fenlason <fenlason<redhat.com> 2.3.34-1%{?dist}
+* Mon Feb 19 2007 Jay Fenlason <fenlason<redhat.com> 2.3.34-1
 - New upstream release
 - Upgrade the scripts for migrating the database so that they might
   actually work.
 - change bind-libbind-devel to bind-devel in BuildPreReq
 
-* Mon Dec  4 2006 Thomas Woerner <twoerner at redhat.com> 2.3.30-1.1%{?dist}
+* Mon Dec  4 2006 Thomas Woerner <twoerner at redhat.com> 2.3.30-1.1
 - tcp_wrappers has a new devel and libs sub package, therefore changing build
   requirement for tcp_wrappers to tcp_wrappers-devel
 
-* Wed Nov 15 2006 Jay Fenlason <fenlason at redhat.com> 2.3.30-1%{?dist}
+* Wed Nov 15 2006 Jay Fenlason <fenlason at redhat.com> 2.3.30-1
 - New upstream version
 
-* Wed Oct 25 2006 Jay Fenlason <fenlason at redhat.com> 2.3.28-1%{?dist}
+* Wed Oct 25 2006 Jay Fenlason <fenlason at redhat.com> 2.3.28-1
 - New upstream version
 
 * Sun Oct 01 2006 Jesse Keating <jkeating at redhat.com> - 2.3.27-4

More information about the fedora-extras-commits mailing list