rpms/openldap/F-8 openldap-2.3.27-modify-noop.patch, NONE, 1.1 openldap.spec, 1.100, 1.101
Jan Šafránek (jsafrane)
fedora-extras-commits at redhat.com
Fri Feb 8 14:09:57 UTC 2008
Author: jsafrane
Update of /cvs/pkgs/rpms/openldap/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29597
Modified Files:
openldap.spec
Added Files:
openldap-2.3.27-modify-noop.patch
Log Message:
fix CVE-2008-0658
Resolves: #432013
openldap-2.3.27-modify-noop.patch:
--- NEW FILE openldap-2.3.27-modify-noop.patch ---
432013: CVE-2008-0658 openldap: slapd crash on modrdn operation with NOOP control on entry in bdb storage
Source: upstream,
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5358
http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-bdb/modrdn.c.diff?r1=1.197&r2=1.198
===================================================================
RCS file: /repo/OpenLDAP/pkg/ldap/servers/slapd/back-bdb/modify.c,v
retrieving revision 1.124.2.16
retrieving revision 1.124.2.17
--- servers/slapd/back-bdb/modrdn.c 2008/01/11 03:01:37 1.197
+++ servers/slapd/back-bdb/modrdn.c 2008/02/07 11:06:24 1.198
@@ -739,6 +739,8 @@
} else {
rs->sr_err = LDAP_X_NO_OPERATION;
ltid = NULL;
+ /* Only free attrs if they were dup'd. */
+ if ( dummy.e_attrs == e->e_attrs ) dummy.e_attrs = NULL;
goto return_results;
}
Index: openldap.spec
===================================================================
RCS file: /cvs/pkgs/rpms/openldap/F-8/openldap.spec,v
retrieving revision 1.100
retrieving revision 1.101
diff -u -r1.100 -r1.101
--- openldap.spec 14 Jan 2008 13:12:40 -0000 1.100
+++ openldap.spec 8 Feb 2008 14:09:22 -0000 1.101
@@ -12,7 +12,7 @@
Summary: The configuration files, libraries, and documentation for OpenLDAP
Name: openldap
Version: %{version_23}
-Release: 2%{?dist}
+Release: 3%{?dist}
License: OpenLDAP
Group: System Environment/Daemons
Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version_23}.tgz
@@ -38,6 +38,7 @@
Patch7: openldap-2.3.34-quiet-slaptest.patch
Patch8: openldap-2.3.34-pthread.patch
Patch9: openldap-2.3.37-smbk5pwd.patch
+Patch10: openldap-2.3.27-modify-noop.patch
# Patches for 2.2.29 for the compat-openldap package.
Patch100: openldap-2.2.13-tls-fix-connection-test.patch
@@ -172,6 +173,7 @@
%patch7 -p1 -b .quiet-slaptest
%patch8 -p1 -b .pthread
%patch9 -p1 -b .smbk5pwd
+%patch10 -p0 -b .modify-noop
cp %{_datadir}/libtool/config.{sub,guess} build/
popd
@@ -674,57 +676,60 @@
%attr(0644,root,root) %{evolution_connector_libdir}/*.a
%changelog
-* Mon Jan 14 2008 Jan Safranek <jsafranek at redhat.com> 2.3.39-2%{?dist}
+* Fri Feb 8 2008 Jan Safranek <jsafranek at redhat.com> 2.3.39-2
+- fix CVE-2008-0658 (#432013)
+
+* Mon Jan 14 2008 Jan Safranek <jsafranek at redhat.com> 2.3.39-2
- fix default slurpd directory to /var/lib/ldap (#424831)
-* Fri Nov 2 2007 Jan Safranek <jsafranek at redhat.com> 2.3.39-1%{?dist}
+* Fri Nov 2 2007 Jan Safranek <jsafranek at redhat.com> 2.3.39-1
- new upstream version, fixing few security flaws (#362991)
-* Thu Oct 4 2007 Jan Safranek <jsafranek at redhat.com> 2.3.38-3%{?dist}
+* Thu Oct 4 2007 Jan Safranek <jsafranek at redhat.com> 2.3.38-3
- BDB downgraded back to 4.4.20 because 4.6.18 is not supported by
openldap (#314821)
-* Mon Sep 17 2007 Jan Safranek <jsafranek at redhat.com> 2.3.38-2%{?dist}
+* Mon Sep 17 2007 Jan Safranek <jsafranek at redhat.com> 2.3.38-2
- skeleton /etc/sysconfig/ldap added
- new SLAPD_LDAP option to turn off listening on ldap:/// (#292591)
- fixed checking of SSL (#292611)
- fixed upgrade with empty database
-* Thu Sep 6 2007 Jan Safranek <jsafranek at redhat.com> 2.3.38-1%{?dist}
+* Thu Sep 6 2007 Jan Safranek <jsafranek at redhat.com> 2.3.38-1
- new upstream version
- added images to the guide.html (#273581)
-* Wed Aug 22 2007 Jan Safranek <jsafranek at redhat.com> 2.3.37-3%{?dist}
+* Wed Aug 22 2007 Jan Safranek <jsafranek at redhat.com> 2.3.37-3
- just rebuild
-* Thu Aug 2 2007 Jan Safranek <jsafranek at redhat.com> 2.3.37-2%{?dist}
+* Thu Aug 2 2007 Jan Safranek <jsafranek at redhat.com> 2.3.37-2
- do not use specific automake and autoconf
- do not distinguish between NPTL and non-NPTL platforms, we have NPTL
everywhere
- db-4.6.18 integrated
- updated openldap-servers License: field to reference BDB license
-* Tue Jul 31 2007 Jan Safranek <jsafranek at redhat.com> 2.3.37-1%{?dist}
+* Tue Jul 31 2007 Jan Safranek <jsafranek at redhat.com> 2.3.37-1
- new upstream version
-* Fri Jul 20 2007 Jan Safranek <jsafranek at redhat.com> 2.3.34-7%{?dist}
+* Fri Jul 20 2007 Jan Safranek <jsafranek at redhat.com> 2.3.34-7
- MigrationTools-47 integrated
-* Wed Jul 4 2007 Jan Safranek <jsafranek at redhat.com> 2.3.34-6%{?dist}
+* Wed Jul 4 2007 Jan Safranek <jsafranek at redhat.com> 2.3.34-6
- fix compat-slapcat compilation. Now it can be found in
/usr/lib/compat-openldap/slapcat, because the tool checks argv[0]
(#246581)
-* Fri Jun 29 2007 Jan Safranek <jsafranek at redhat.com> 2.3.34-5%{?dist}
+* Fri Jun 29 2007 Jan Safranek <jsafranek at redhat.com> 2.3.34-5
- smbk5pwd added (#220895)
- correctly distribute modules between servers and servers-sql packages
-* Mon Jun 25 2007 Jan Safranek <jsafranek at redhat.com> 2.3.34-4%{?dist}
+* Mon Jun 25 2007 Jan Safranek <jsafranek at redhat.com> 2.3.34-4
- Fix initscript return codes (#242667)
- Provide overlays (as modules; #246036, #245896)
- Add available modules to config file
-* Tue May 22 2007 Jan Safranek <jsafranek at redhat.com> 2.3.34-3%{?dist}
+* Tue May 22 2007 Jan Safranek <jsafranek at redhat.com> 2.3.34-3
- do not create script in /tmp on startup (bz#188298)
- add compat-slapcat to openldap-compat (bz#179378)
- do not import ddp services with migrate_services.pl
@@ -735,7 +740,7 @@
- add ldconfig to devel post/postun (bz#240253)
- include misc.schema in default slapd.conf (bz#147805)
-* Mon Apr 23 2007 Jan Safranek <jsafranek at redhat.com> 2.3.34-2%{?dist}
+* Mon Apr 23 2007 Jan Safranek <jsafranek at redhat.com> 2.3.34-2
- slapadd during package update is now quiet (bz#224581)
- use _localstatedir instead of var/ during build (bz#220970)
- bind-libbind-devel removed from BuildRequires (bz#216851)
@@ -745,20 +750,20 @@
- do not strip binaries to produce correct .debuginfo packages
(bz#152516)
-* Mon Feb 19 2007 Jay Fenlason <fenlason<redhat.com> 2.3.34-1%{?dist}
+* Mon Feb 19 2007 Jay Fenlason <fenlason<redhat.com> 2.3.34-1
- New upstream release
- Upgrade the scripts for migrating the database so that they might
actually work.
- change bind-libbind-devel to bind-devel in BuildPreReq
-* Mon Dec 4 2006 Thomas Woerner <twoerner at redhat.com> 2.3.30-1.1%{?dist}
+* Mon Dec 4 2006 Thomas Woerner <twoerner at redhat.com> 2.3.30-1.1
- tcp_wrappers has a new devel and libs sub package, therefore changing build
requirement for tcp_wrappers to tcp_wrappers-devel
-* Wed Nov 15 2006 Jay Fenlason <fenlason at redhat.com> 2.3.30-1%{?dist}
+* Wed Nov 15 2006 Jay Fenlason <fenlason at redhat.com> 2.3.30-1
- New upstream version
-* Wed Oct 25 2006 Jay Fenlason <fenlason at redhat.com> 2.3.28-1%{?dist}
+* Wed Oct 25 2006 Jay Fenlason <fenlason at redhat.com> 2.3.28-1
- New upstream version
* Sun Oct 01 2006 Jesse Keating <jkeating at redhat.com> - 2.3.27-4
More information about the fedora-extras-commits
mailing list