From 2b434a1b6cc7fb673f607ffeba2a1ce7201cf782 Mon Sep 17 00:00:00 2001 From: Jan Šafránek Date: Feb 08 2008 14:09:22 +0000 Subject: fix CVE-2008-0658 Resolves: #432013 --- diff --git a/openldap-2.3.27-modify-noop.patch b/openldap-2.3.27-modify-noop.patch new file mode 100644 index 0000000..2f97656 --- /dev/null +++ b/openldap-2.3.27-modify-noop.patch @@ -0,0 +1,20 @@ +432013: CVE-2008-0658 openldap: slapd crash on modrdn operation with NOOP control on entry in bdb storage + +Source: upstream, +http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5358 +http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-bdb/modrdn.c.diff?r1=1.197&r2=1.198 + +=================================================================== +RCS file: /repo/OpenLDAP/pkg/ldap/servers/slapd/back-bdb/modify.c,v +retrieving revision 1.124.2.16 +retrieving revision 1.124.2.17 +--- servers/slapd/back-bdb/modrdn.c 2008/01/11 03:01:37 1.197 ++++ servers/slapd/back-bdb/modrdn.c 2008/02/07 11:06:24 1.198 +@@ -739,6 +739,8 @@ + } else { + rs->sr_err = LDAP_X_NO_OPERATION; + ltid = NULL; ++ /* Only free attrs if they were dup'd. */ ++ if ( dummy.e_attrs == e->e_attrs ) dummy.e_attrs = NULL; + goto return_results; + } diff --git a/openldap.spec b/openldap.spec index 45c895f..9cf1d54 100644 --- a/openldap.spec +++ b/openldap.spec @@ -12,7 +12,7 @@ Summary: The configuration files, libraries, and documentation for OpenLDAP Name: openldap Version: %{version_23} -Release: 2%{?dist} +Release: 3%{?dist} License: OpenLDAP Group: System Environment/Daemons Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version_23}.tgz @@ -38,6 +38,7 @@ Patch6: openldap-2.3.19-gethostbyXXXX_r.patch Patch7: openldap-2.3.34-quiet-slaptest.patch Patch8: openldap-2.3.34-pthread.patch Patch9: openldap-2.3.37-smbk5pwd.patch +Patch10: openldap-2.3.27-modify-noop.patch # Patches for 2.2.29 for the compat-openldap package. Patch100: openldap-2.2.13-tls-fix-connection-test.patch @@ -172,6 +173,7 @@ pushd openldap-%{version_23} %patch7 -p1 -b .quiet-slaptest %patch8 -p1 -b .pthread %patch9 -p1 -b .smbk5pwd +%patch10 -p0 -b .modify-noop cp %{_datadir}/libtool/config.{sub,guess} build/ popd @@ -674,57 +676,60 @@ fi %attr(0644,root,root) %{evolution_connector_libdir}/*.a %changelog -* Mon Jan 14 2008 Jan Safranek 2.3.39-2%{?dist} +* Fri Feb 8 2008 Jan Safranek 2.3.39-2 +- fix CVE-2008-0658 (#432013) + +* Mon Jan 14 2008 Jan Safranek 2.3.39-2 - fix default slurpd directory to /var/lib/ldap (#424831) -* Fri Nov 2 2007 Jan Safranek 2.3.39-1%{?dist} +* Fri Nov 2 2007 Jan Safranek 2.3.39-1 - new upstream version, fixing few security flaws (#362991) -* Thu Oct 4 2007 Jan Safranek 2.3.38-3%{?dist} +* Thu Oct 4 2007 Jan Safranek 2.3.38-3 - BDB downgraded back to 4.4.20 because 4.6.18 is not supported by openldap (#314821) -* Mon Sep 17 2007 Jan Safranek 2.3.38-2%{?dist} +* Mon Sep 17 2007 Jan Safranek 2.3.38-2 - skeleton /etc/sysconfig/ldap added - new SLAPD_LDAP option to turn off listening on ldap:/// (#292591) - fixed checking of SSL (#292611) - fixed upgrade with empty database -* Thu Sep 6 2007 Jan Safranek 2.3.38-1%{?dist} +* Thu Sep 6 2007 Jan Safranek 2.3.38-1 - new upstream version - added images to the guide.html (#273581) -* Wed Aug 22 2007 Jan Safranek 2.3.37-3%{?dist} +* Wed Aug 22 2007 Jan Safranek 2.3.37-3 - just rebuild -* Thu Aug 2 2007 Jan Safranek 2.3.37-2%{?dist} +* Thu Aug 2 2007 Jan Safranek 2.3.37-2 - do not use specific automake and autoconf - do not distinguish between NPTL and non-NPTL platforms, we have NPTL everywhere - db-4.6.18 integrated - updated openldap-servers License: field to reference BDB license -* Tue Jul 31 2007 Jan Safranek 2.3.37-1%{?dist} +* Tue Jul 31 2007 Jan Safranek 2.3.37-1 - new upstream version -* Fri Jul 20 2007 Jan Safranek 2.3.34-7%{?dist} +* Fri Jul 20 2007 Jan Safranek 2.3.34-7 - MigrationTools-47 integrated -* Wed Jul 4 2007 Jan Safranek 2.3.34-6%{?dist} +* Wed Jul 4 2007 Jan Safranek 2.3.34-6 - fix compat-slapcat compilation. Now it can be found in /usr/lib/compat-openldap/slapcat, because the tool checks argv[0] (#246581) -* Fri Jun 29 2007 Jan Safranek 2.3.34-5%{?dist} +* Fri Jun 29 2007 Jan Safranek 2.3.34-5 - smbk5pwd added (#220895) - correctly distribute modules between servers and servers-sql packages -* Mon Jun 25 2007 Jan Safranek 2.3.34-4%{?dist} +* Mon Jun 25 2007 Jan Safranek 2.3.34-4 - Fix initscript return codes (#242667) - Provide overlays (as modules; #246036, #245896) - Add available modules to config file -* Tue May 22 2007 Jan Safranek 2.3.34-3%{?dist} +* Tue May 22 2007 Jan Safranek 2.3.34-3 - do not create script in /tmp on startup (bz#188298) - add compat-slapcat to openldap-compat (bz#179378) - do not import ddp services with migrate_services.pl @@ -735,7 +740,7 @@ fi - add ldconfig to devel post/postun (bz#240253) - include misc.schema in default slapd.conf (bz#147805) -* Mon Apr 23 2007 Jan Safranek 2.3.34-2%{?dist} +* Mon Apr 23 2007 Jan Safranek 2.3.34-2 - slapadd during package update is now quiet (bz#224581) - use _localstatedir instead of var/ during build (bz#220970) - bind-libbind-devel removed from BuildRequires (bz#216851) @@ -745,20 +750,20 @@ fi - do not strip binaries to produce correct .debuginfo packages (bz#152516) -* Mon Feb 19 2007 Jay Fenlason 2.3.34-1%{?dist} +* Mon Feb 19 2007 Jay Fenlason 2.3.34-1 - New upstream release - Upgrade the scripts for migrating the database so that they might actually work. - change bind-libbind-devel to bind-devel in BuildPreReq -* Mon Dec 4 2006 Thomas Woerner 2.3.30-1.1%{?dist} +* Mon Dec 4 2006 Thomas Woerner 2.3.30-1.1 - tcp_wrappers has a new devel and libs sub package, therefore changing build requirement for tcp_wrappers to tcp_wrappers-devel -* Wed Nov 15 2006 Jay Fenlason 2.3.30-1%{?dist} +* Wed Nov 15 2006 Jay Fenlason 2.3.30-1 - New upstream version -* Wed Oct 25 2006 Jay Fenlason 2.3.28-1%{?dist} +* Wed Oct 25 2006 Jay Fenlason 2.3.28-1 - New upstream version * Sun Oct 01 2006 Jesse Keating - 2.3.27-4