rpms/openldap/F-7 openldap-2.3.27-modify-noop.patch, 1.1, 1.2 openldap.spec, 1.71, 1.72
Jan Šafránek (jsafrane)
fedora-extras-commits at redhat.com
Fri Feb 8 14:02:05 UTC 2008
Author: jsafrane
Update of /cvs/pkgs/rpms/openldap/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29292
Modified Files:
openldap-2.3.27-modify-noop.patch openldap.spec
Log Message:
fix CVE-2008-0658
Resolves: #432012
openldap-2.3.27-modify-noop.patch:
Index: openldap-2.3.27-modify-noop.patch
===================================================================
RCS file: /cvs/pkgs/rpms/openldap/F-7/openldap-2.3.27-modify-noop.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- openldap-2.3.27-modify-noop.patch 5 Feb 2008 15:54:51 -0000 1.1
+++ openldap-2.3.27-modify-noop.patch 8 Feb 2008 14:01:58 -0000 1.2
@@ -1,7 +1,11 @@
431203: CVE-2007-6698 openldap: slapd crash on NOOP control operation on entry in bdb storage
+432012: CVE-2008-0658 openldap: slapd crash on modrdn operation with NOOP control on entry in bdb storage
-Source: upstream, http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4925
+Source: upstream,
+http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4925
+http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5358
http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-bdb/modify.c.diff?r1=1.124.2.16&r2=1.124.2.17&f=h
+http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-bdb/modrdn.c.diff?r1=1.197&r2=1.198
===================================================================
RCS file: /repo/OpenLDAP/pkg/ldap/servers/slapd/back-bdb/modify.c,v
@@ -19,3 +23,13 @@
goto return_results;
}
} else {
+--- servers/slapd/back-bdb/modrdn.c 2008/01/11 03:01:37 1.197
++++ servers/slapd/back-bdb/modrdn.c 2008/02/07 11:06:24 1.198
+@@ -739,6 +739,8 @@
+ } else {
+ rs->sr_err = LDAP_X_NO_OPERATION;
+ ltid = NULL;
++ /* Only free attrs if they were dup'd. */
++ if ( dummy.e_attrs == e->e_attrs ) dummy.e_attrs = NULL;
+ goto return_results;
+ }
Index: openldap.spec
===================================================================
RCS file: /cvs/pkgs/rpms/openldap/F-7/openldap.spec,v
retrieving revision 1.71
retrieving revision 1.72
diff -u -r1.71 -r1.72
--- openldap.spec 5 Feb 2008 15:54:51 -0000 1.71
+++ openldap.spec 8 Feb 2008 14:01:58 -0000 1.72
@@ -13,7 +13,7 @@
Summary: The configuration files, libraries, and documentation for OpenLDAP
Name: openldap
Version: %{version_23}
-Release: 6%{?dist}
+Release: 7%{?dist}
License: OpenLDAP
Group: System Environment/Daemons
Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version_23}.tgz
@@ -753,6 +753,9 @@
%attr(0644,root,root) %{evolution_connector_libdir}/*.a
%changelog
+* Fri Feb 8 2008 Jan Safranek <jsafranek at redhat.com> 2.3.34-7
+- fix CVE-2008-0658 (#432012)
+
* Tue Feb 5 2008 Jan Safranek <jsafranek at redhat.com> 2.3.34-6
- fix CVE-2007-6698 (#431409)
More information about the fedora-extras-commits
mailing list