rpms/openldap/devel openldap-2.4.18-ldif-buf-overflow.patch, NONE, 1.1 ldap.init, 1.33, 1.34 openldap.spec, 1.149, 1.150
Jan Zeleny
jzeleny at fedoraproject.org
Thu Sep 24 11:30:24 UTC 2009
- Previous message (by thread): rpms/editarea/devel editarea.conf, NONE, 1.1 editarea.spec, NONE, 1.1 fix_path.patch, NONE, 1.1 import.log, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message (by thread): rpms/cyrus-sasl/devel cyrus-sasl.spec, 1.84, 1.85 saslauthd.init, 1.6, 1.7
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: jzeleny
Update of /cvs/extras/rpms/openldap/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv4558
Modified Files:
ldap.init openldap.spec
Added Files:
openldap-2.4.18-ldif-buf-overflow.patch
Log Message:
- new configuration schema - directory instead of file
- fixed buffer overflow issue pointed out by new glibc
- fixed behaviour during installation / upgrade caused
by renamed init script
openldap-2.4.18-ldif-buf-overflow.patch:
ldif.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
--- NEW FILE openldap-2.4.18-ldif-buf-overflow.patch ---
--- openldap-2.4.18/servers/slapd/back-ldif/ldif.c.orig 2009-09-24 09:46:01.000000000 +0200
+++ openldap-2.4.18/servers/slapd/back-ldif/ldif.c 2009-09-24 12:41:09.000000000 +0200
@@ -593,9 +593,12 @@ typedef struct bvlist {
char *trunc; /* filename was truncated here */
int inum; /* num from "attr={num}" in filename, or INT_MIN */
char savech; /* original char at *trunc */
- char fname; /* variable length array BVL_NAME(bvl) = &fname */
-# define BVL_NAME(bvl) ((char *) (bvl) + offsetof(bvlist, fname))
-# define BVL_SIZE(namelen) (sizeof(bvlist) + (namelen))
+ char *fname; /* variable length array BVL_NAME(bvl) = &fname */
+ //char fname; /* variable length array BVL_NAME(bvl) = &fname */
+# define BVL_NAME(bvl) ((bvl)->fname)
+# define BVL_SIZE(namelen) (sizeof(bvlist))
+//# define BVL_NAME(bvl) ((char *) (bvl) + offsetof(bvlist, fname))
+//# define BVL_SIZE(namelen) (sizeof(bvlist) + (namelen))
} bvlist;
static int
@@ -710,6 +713,7 @@ ldif_readdir(
*fname_maxlenp = fname_len;
bvl = SLAP_MALLOC( BVL_SIZE( fname_len ) );
+ bvl->fname = SLAP_MALLOC( fname_len+1 );
if ( bvl == NULL ) {
rc = LDAP_OTHER;
save_errno = errno;
Index: ldap.init
===================================================================
RCS file: /cvs/extras/rpms/openldap/devel/ldap.init,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -p -r1.33 -r1.34
--- ldap.init 16 Sep 2009 14:06:36 -0000 1.33
+++ ldap.init 24 Sep 2009 11:30:24 -0000 1.34
@@ -1,6 +1,6 @@
#!/bin/bash
#
-# ldap This shell script takes care of starting and stopping
+# slapd This shell script takes care of starting and stopping
# ldap servers (slapd).
#
# chkconfig: - 27 73
@@ -42,7 +42,7 @@ fi
slapd=/usr/sbin/slapd
slaptest=/usr/sbin/slaptest
lockfile=/var/lock/subsys/slapd
-configfile=/etc/openldap/slapd.conf
+configdir=/etc/openldap/slapd.d/
pidfile=/var/run/slapd.pid
slapd_pidfile=/var/run/openldap/slapd.pid
@@ -104,14 +104,19 @@ function checkkeytab() {
function configtest() {
local user= ldapuid= dbdir= file=
- [ -f $configfile ] || exit 6
+ [ -d $configdir ] || exit 6
# Check for simple-but-common errors.
user=ldap
prog=`basename ${slapd}`
ldapuid=`id -u $user`
# Unaccessible database files.
slaptestflags=""
- for dbdir in `LANG=C egrep '^directory[[:space:]]+[[:print:]]+$' $configfile | sed s,^directory,,` ; do
+ dbdirs=""
+ for configfile in `ls -1 $configdir/cn\=config/olcDatabase*`; do
+ dbdirs=$dbdirs"
+ "`LANG=C egrep '^olcDbDirectory[[:space:]]*:[[:space:]]+[[:print:]]+$' $configfile | sed 's,^olcDbDirectory: ,,'`
+ done
+ for dbdir in $dbdirs; do
for file in `find ${dbdir}/ -not -uid $ldapuid -and \( -name "*.dbb" -or -name "*.gdbm" -or -name "*.bdb" -or -name "__db.*" -or -name "log.*" -or -name alock \)` ; do
echo -n $"$file is not owned by \"$user\"" ; warning ; echo
done
@@ -129,7 +134,7 @@ function configtest() {
echo -n $"$file is not readable by \"$user\"" ; warning ; echo
fi
# Unaccessible TLS configuration files.
- tlsconfigs=`LANG=C egrep '^(TLSCACertificateFile|TLSCertificateFile|TLSCertificateKeyFile)[[:space:]]' $configfile | awk '{print $2}'`
+ tlsconfigs=`LANG=C egrep '^olc(TLSCACertificateFile|TLSCertificateFile|TLSCertificateKeyFile)[[:space:]]*:[[:space:]]' $configdir/cn\=config.ldif | awk '{print $2}'`
for file in $tlsconfigs ; do
if ! testasuser $user -r $file ; then
echo -n $"$file is not readable by \"$user\"" ; warning ; echo
@@ -151,8 +156,8 @@ function configtest() {
echo -n $"Checking configuration files for $prog: " ; failure ; echo
echo "$slaptestout"
if /sbin/runuser -m -s "$slaptest" -- "$user" "-u" > /dev/null 2> /dev/null ; then
- dirs=`LANG=C egrep '^directory[[:space:]]+[[:print:]]+$' $configfile | awk '{print $2}'`
- for directory in $dirs ; do
+ #dirs=`LANG=C egrep '^directory[[:space:]]+[[:print:]]+$' $configfile | awk '{print $2}'`
+ for directory in $dbdirs ; do
if test -r $directory/__db.001 ; then
echo -n $"stale lock files may be present in $directory" ; warning ; echo
fi
Index: openldap.spec
===================================================================
RCS file: /cvs/extras/rpms/openldap/devel/openldap.spec,v
retrieving revision 1.149
retrieving revision 1.150
diff -u -p -r1.149 -r1.150
--- openldap.spec 18 Sep 2009 10:01:45 -0000 1.149
+++ openldap.spec 24 Sep 2009 11:30:24 -0000 1.150
@@ -11,7 +11,7 @@
Summary: LDAP support libraries
Name: openldap
Version: %{version}
-Release: 1%{?dist}
+Release: 2%{?dist}
License: OpenLDAP
Group: System Environment/Daemons
Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version}.tgz
@@ -35,6 +35,7 @@ Patch6: openldap-2.3.19-gethostbyXXXX_r.
Patch9: openldap-2.3.37-smbk5pwd.patch
Patch10: openldap-2.4.6-multilib.patch
Patch11: openldap-2.4.16-doc-cacertdir.patch
+Patch12: openldap-2.4.18-ldif-buf-overflow.patch
# Patches for the evolution library
Patch200: openldap-2.4.6-evolution-ntlm.patch
@@ -141,6 +142,7 @@ pushd openldap-%{version}
%patch9 -p1 -b .smbk5pwd
%patch10 -p1 -b .multilib
%patch11 -p1 -b .cacertdir
+%patch12 -p1 -b .malloc
cp %{_datadir}/libtool/config/config.{sub,guess} build/
popd
@@ -425,6 +427,14 @@ if [ "$1" = "2" ]; then
OLD_SLAPD_VERSION=$( rpm -q --qf "%{VERSION}" openldap-servers | sed 's/\.[0-9]*$//' )
NEW_SLAPD_VERSION=$( echo %{version} | sed 's/\.[0-9]*$//' )
+ # we need to detect how is the init script named
+ # - in older versions ldap
+ # - in newer versions slapd
+ if [ -f %{_initrddir}/ldap ]; then
+ SERVICE_NAME=ldap
+ elif [ -f %{_initrddir}/slapd ]; then
+ SERVICE_NAME=slapd
+ fi
if [ "$OLD_SLAPD_VERSION" != "$NEW_SLAPD_VERSION" ]; then
# Minor version number has changed -> slapcat/slapadd of the BDB database
@@ -433,9 +443,9 @@ if [ "$1" = "2" ]; then
# directory - Just In Case (TM)
# stop the server
- if /sbin/service ldap status &>/dev/null; then
+ if /sbin/service $SERVICE_NAME status &>/dev/null; then
touch /var/lib/ldap/need_start
- /sbin/service ldap stop &>/dev/null
+ /sbin/service $SERVICE_NAME stop &>/dev/null
fi
files=$(echo /var/lib/ldap/{log.*,__db.*,[a]lock})
@@ -456,9 +466,9 @@ if [ "$1" = "2" ]; then
# Minor version number of bdb has changed -> run db_upgrade in % post script
# stop the server
- if /sbin/service ldap status &>/dev/null; then
+ if /sbin/service $SERVICE_NAME status &>/dev/null; then
touch /var/lib/ldap/need_start
- /sbin/service ldap stop &>/dev/null
+ /sbin/service $SERVICE_NAME stop &>/dev/null
fi
# Ensure, that the database is correct
@@ -472,7 +482,7 @@ exit 0
%post servers
/sbin/ldconfig
-/sbin/chkconfig --add ldap
+/sbin/chkconfig --add slapd
# If there's a /var/lib/ldap/upgrade.ldif file, slapadd it and delete it.
# It was created by the % pre above.
if [ -f /var/lib/ldap/upgrade.ldif ] ; then
@@ -505,11 +515,34 @@ chmod 640 slapd.pem
popd
fi
+if [ -f %{_sysconfdir}/openldap/slapd.conf ]; then
+ # if there is no slapd.conf, we probably already have new configuration in place
+ mv %{_sysconfdir}/openldap/slapd.conf %{_sysconfdir}/openldap/slapd.conf.bak
+ mkdir -p %{_sysconfdir}/openldap/slapd.d/
+ lines=`egrep -n '^(database|backend)' %{_sysconfdir}/openldap/slapd.conf.bak | cut -d: -f1 | head -n 1`
+ lines=$(($lines-1))
+ head -n $lines %{_sysconfdir}/openldap/slapd.conf.bak > %{_sysconfdir}/openldap/slapd.conf
+ cat >> %{_sysconfdir}/openldap/slapd.conf << EOF
+database config
+rootdn "cn=admin,cn=config"
+#rootpw secret
+EOF
+ lines_r=`wc --lines %{_sysconfdir}/openldap/slapd.conf.bak | cut -f1 -d" "`
+ lines_r=$(($lines_r-$lines))
+ tail -n $lines_r %{_sysconfdir}/openldap/slapd.conf.bak >> %{_sysconfdir}/openldap/slapd.conf
+ slaptest -f %{_sysconfdir}/openldap/slapd.conf -F %{_sysconfdir}/openldap/slapd.d > /dev/null 2> /dev/null
+ chown -R ldap:ldap %{_sysconfdir}/openldap/slapd.d
+ chmod -R 000 %{_sysconfdir}/openldap/slapd.d
+ chmod -R u+rwX %{_sysconfdir}/openldap/slapd.d
+ rm -f %{_sysconfdir}/openldap/slapd.conf
+fi
+
+
if [ $1 -ge 1 ] ; then
- /sbin/service ldap condrestart &>/dev/null
- /sbin/service ldap status &>/dev/null
+ /sbin/service slapd condrestart &>/dev/null
+ /sbin/service slapd status &>/dev/null
if [ "$?" != "0" -a -f /var/lib/ldap/need_start ]; then
- /sbin/service ldap start &>/dev/null
+ /sbin/service slapd start &>/dev/null
rm -f /var/lib/ldap/need_start &>/dev/null
fi
fi
@@ -518,8 +551,8 @@ exit 0
%preun servers
if [ "$1" = "0" ] ; then
- /sbin/service ldap stop > /dev/null 2>&1 || :
- /sbin/chkconfig --del ldap
+ /sbin/service slapd stop > /dev/null 2>&1 || :
+ /sbin/chkconfig --del slapd
# Openldap-servers are being removed from system.
# Do not touch the database! Older versions of this
# package attempted to store database in LDIF format, so
@@ -606,6 +639,12 @@ fi
%attr(0644,root,root) %{evolution_connector_libdir}/*.a
%changelog
+* Tue Sep 22 2009 Jan Zeleny <jzeleny at redhat.com> 2.4.18-2
+- changed configuration approach. Instead od slapd.conf slapd
+ is using slapd.d directory now
+- fix of some issues caused by renaming of init script
+- fix of buffer overflow issue in ldif.c pointed out by new glibc
+
* Fri Sep 18 2009 Jan Zeleny <jzeleny at redhat.com> 2.4.18-1
- rebase of openldap to 2.4.18
@@ -614,6 +653,7 @@ fi
* Wed Sep 16 2009 Jan Zeleny <jzeleny at redhat.com> 2.4.16-6
- updated init script to be LSB-compliant (#523434)
+- init script renamed to slapd
* Thu Aug 27 2009 Tomas Mraz <tmraz at redhat.com> - 2.4.16-5
- rebuilt with new openssl
- Previous message (by thread): rpms/editarea/devel editarea.conf, NONE, 1.1 editarea.spec, NONE, 1.1 fix_path.patch, NONE, 1.1 import.log, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message (by thread): rpms/cyrus-sasl/devel cyrus-sasl.spec, 1.84, 1.85 saslauthd.init, 1.6, 1.7
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list