New upstream release
This commit is contained in:
parent
4c8f60bfd0
commit
381aba6d21
@ -1,2 +1,2 @@
|
|||||||
db-4.6.21.tar.gz
|
db-4.6.21.tar.gz
|
||||||
openldap-2.4.11.tgz
|
openldap-2.4.12.tgz
|
||||||
|
@ -1,44 +0,0 @@
|
|||||||
453637, 453638, 453639, 453640,453444: CVE-2008-2952 OpenLDAP denial-of-service
|
|
||||||
flaw in ASN.1 decoder
|
|
||||||
|
|
||||||
Source: upstream, cvs diff -r 1.120 -r 1.122 libraries/liblber/io.c
|
|
||||||
|
|
||||||
Index: libraries/liblber/io.c
|
|
||||||
===================================================================
|
|
||||||
RCS file: /repo/OpenLDAP/pkg/ldap/libraries/liblber/io.c,v
|
|
||||||
retrieving revision 1.120
|
|
||||||
retrieving revision 1.122
|
|
||||||
diff -u -r1.120 -r1.122
|
|
||||||
--- libraries/liblber/io.c 7 Jan 2008 23:20:03 -0000 1.120
|
|
||||||
+++ libraries/liblber/io.c 1 Jul 2008 23:33:15 -0000 1.122
|
|
||||||
@@ -522,14 +522,18 @@
|
|
||||||
}
|
|
||||||
|
|
||||||
while (ber->ber_rwptr > (char *)&ber->ber_tag && ber->ber_rwptr <
|
|
||||||
- (char *)&ber->ber_len + LENSIZE*2 -1) {
|
|
||||||
+ (char *)&ber->ber_len + LENSIZE*2) {
|
|
||||||
ber_slen_t sblen;
|
|
||||||
char buf[sizeof(ber->ber_len)-1];
|
|
||||||
ber_len_t tlen = 0;
|
|
||||||
|
|
||||||
+ /* The tag & len can be at most 9 bytes; we try to read up to 8 here */
|
|
||||||
sock_errset(0);
|
|
||||||
- sblen=ber_int_sb_read( sb, ber->ber_rwptr,
|
|
||||||
- ((char *)&ber->ber_len + LENSIZE*2 - 1)-ber->ber_rwptr);
|
|
||||||
+ sblen=((char *)&ber->ber_len + LENSIZE*2 - 1)-ber->ber_rwptr;
|
|
||||||
+ /* Trying to read the last len byte of a 9 byte tag+len */
|
|
||||||
+ if (sblen<1)
|
|
||||||
+ sblen = 1;
|
|
||||||
+ sblen=ber_int_sb_read( sb, ber->ber_rwptr, sblen );
|
|
||||||
if (sblen<=0) return LBER_DEFAULT;
|
|
||||||
ber->ber_rwptr += sblen;
|
|
||||||
|
|
||||||
@@ -579,7 +583,7 @@
|
|
||||||
int i;
|
|
||||||
unsigned char *p = (unsigned char *)ber->ber_ptr;
|
|
||||||
int llen = *p++ & 0x7f;
|
|
||||||
- if (llen > (int)sizeof(ber_len_t)) {
|
|
||||||
+ if (llen > LENSIZE) {
|
|
||||||
sock_errset(ERANGE);
|
|
||||||
return LBER_DEFAULT;
|
|
||||||
}
|
|
@ -3,7 +3,7 @@
|
|||||||
# not work with some versions of OpenLDAP.
|
# not work with some versions of OpenLDAP.
|
||||||
%define db_version 4.6.21
|
%define db_version 4.6.21
|
||||||
%define ldbm_backend berkeley
|
%define ldbm_backend berkeley
|
||||||
%define version 2.4.11
|
%define version 2.4.12
|
||||||
%define evolution_connector_prefix %{_libdir}/evolution-openldap
|
%define evolution_connector_prefix %{_libdir}/evolution-openldap
|
||||||
%define evolution_connector_includedir %{evolution_connector_prefix}/include
|
%define evolution_connector_includedir %{evolution_connector_prefix}/include
|
||||||
%define evolution_connector_libdir %{evolution_connector_prefix}/%{_lib}
|
%define evolution_connector_libdir %{evolution_connector_prefix}/%{_lib}
|
||||||
@ -11,7 +11,7 @@
|
|||||||
Summary: The configuration files, libraries, and documentation for OpenLDAP
|
Summary: The configuration files, libraries, and documentation for OpenLDAP
|
||||||
Name: openldap
|
Name: openldap
|
||||||
Version: %{version}
|
Version: %{version}
|
||||||
Release: 3%{?dist}
|
Release: 1%{?dist}
|
||||||
License: OpenLDAP
|
License: OpenLDAP
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version}.tgz
|
Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version}.tgz
|
||||||
@ -201,11 +201,6 @@ export CFLAGS="$CPPFLAGS $RPM_OPT_FLAGS -D_REENTRANT -fPIC -D_GNU_SOURCE"
|
|||||||
export LDFLAGS="-L${dbdir}/%{_lib}"
|
export LDFLAGS="-L${dbdir}/%{_lib}"
|
||||||
export LD_LIBRARY_PATH=${dbdir}/%{_lib}${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
|
export LD_LIBRARY_PATH=${dbdir}/%{_lib}${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
|
||||||
|
|
||||||
# hack to get properly named __lock_getlocker - needed for bdb 4.6.21 + openldap2.4.8
|
|
||||||
# check later releases
|
|
||||||
export CPPFLAGS="$CPPFLAGS -D __lock_getlocker=__lock_getlocker_openldap_slapd_46"
|
|
||||||
export CFLAGS="$CFLAGS -D __lock_getlocker=__lock_getlocker_openldap_slapd_46"
|
|
||||||
|
|
||||||
build() {
|
build() {
|
||||||
%configure \
|
%configure \
|
||||||
--with-threads=posix \
|
--with-threads=posix \
|
||||||
@ -249,7 +244,9 @@ build \
|
|||||||
--enable-null \
|
--enable-null \
|
||||||
--enable-shell \
|
--enable-shell \
|
||||||
--enable-sql=mod \
|
--enable-sql=mod \
|
||||||
|
--disable-ndb \
|
||||||
--enable-passwd \
|
--enable-passwd \
|
||||||
|
--enable-sock \
|
||||||
--disable-perl \
|
--disable-perl \
|
||||||
--enable-relay \
|
--enable-relay \
|
||||||
--disable-shared \
|
--disable-shared \
|
||||||
@ -603,6 +600,9 @@ fi
|
|||||||
%attr(0644,root,root) %{evolution_connector_libdir}/*.a
|
%attr(0644,root,root) %{evolution_connector_libdir}/*.a
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Oct 15 2008 Jan Safranek <jsafranek@redhat.com> 2.4.11-1
|
||||||
|
- new upstream release
|
||||||
|
|
||||||
* Mon Oct 13 2008 Jan Safranek <jsafranek@redhat.com> 2.4.11-3
|
* Mon Oct 13 2008 Jan Safranek <jsafranek@redhat.com> 2.4.11-3
|
||||||
- add SLAPD_SHUTDOWN_TIMEOUT to /etc/sysconfig/ldap, allowing admins
|
- add SLAPD_SHUTDOWN_TIMEOUT to /etc/sysconfig/ldap, allowing admins
|
||||||
to set non-default slapd shutdown timeout
|
to set non-default slapd shutdown timeout
|
||||||
|
75
patch.4.7.25.1
Normal file
75
patch.4.7.25.1
Normal file
@ -0,0 +1,75 @@
|
|||||||
|
*** sequence/sequence.c.orig 2008-05-05 13:25:09.000000000 -0700
|
||||||
|
--- sequence/sequence.c 2008-08-15 09:58:46.000000000 -0700
|
||||||
|
***************
|
||||||
|
*** 187,193 ****
|
||||||
|
if ((ret = __db_get_flags(dbp, &tflags)) != 0)
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
! if (DB_IS_READONLY(dbp)) {
|
||||||
|
ret = __db_rdonly(dbp->env, "DB_SEQUENCE->open");
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
--- 187,197 ----
|
||||||
|
if ((ret = __db_get_flags(dbp, &tflags)) != 0)
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
! /*
|
||||||
|
! * We can let replication clients open sequences, but must
|
||||||
|
! * check later that they do not update them.
|
||||||
|
! */
|
||||||
|
! if (F_ISSET(dbp, DB_AM_RDONLY)) {
|
||||||
|
ret = __db_rdonly(dbp->env, "DB_SEQUENCE->open");
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
***************
|
||||||
|
*** 244,249 ****
|
||||||
|
--- 248,258 ----
|
||||||
|
if ((ret != DB_NOTFOUND && ret != DB_KEYEMPTY) ||
|
||||||
|
!LF_ISSET(DB_CREATE))
|
||||||
|
goto err;
|
||||||
|
+ if (IS_REP_CLIENT(env) &&
|
||||||
|
+ !F_ISSET(dbp, DB_AM_NOT_DURABLE)) {
|
||||||
|
+ ret = __db_rdonly(env, "DB_SEQUENCE->open");
|
||||||
|
+ goto err;
|
||||||
|
+ }
|
||||||
|
ret = 0;
|
||||||
|
|
||||||
|
rp = &seq->seq_record;
|
||||||
|
***************
|
||||||
|
*** 296,302 ****
|
||||||
|
*/
|
||||||
|
rp = seq->seq_data.data;
|
||||||
|
if (rp->seq_version == DB_SEQUENCE_OLDVER) {
|
||||||
|
! oldver: rp->seq_version = DB_SEQUENCE_VERSION;
|
||||||
|
if (!F_ISSET(env, ENV_LITTLEENDIAN)) {
|
||||||
|
if (IS_DB_AUTO_COMMIT(dbp, txn)) {
|
||||||
|
if ((ret =
|
||||||
|
--- 305,316 ----
|
||||||
|
*/
|
||||||
|
rp = seq->seq_data.data;
|
||||||
|
if (rp->seq_version == DB_SEQUENCE_OLDVER) {
|
||||||
|
! oldver: if (IS_REP_CLIENT(env) &&
|
||||||
|
! !F_ISSET(dbp, DB_AM_NOT_DURABLE)) {
|
||||||
|
! ret = __db_rdonly(env, "DB_SEQUENCE->open");
|
||||||
|
! goto err;
|
||||||
|
! }
|
||||||
|
! rp->seq_version = DB_SEQUENCE_VERSION;
|
||||||
|
if (!F_ISSET(env, ENV_LITTLEENDIAN)) {
|
||||||
|
if (IS_DB_AUTO_COMMIT(dbp, txn)) {
|
||||||
|
if ((ret =
|
||||||
|
***************
|
||||||
|
*** 707,712 ****
|
||||||
|
--- 721,733 ----
|
||||||
|
|
||||||
|
MUTEX_LOCK(env, seq->mtx_seq);
|
||||||
|
|
||||||
|
+ if (handle_check && IS_REP_CLIENT(env) &&
|
||||||
|
+ !F_ISSET(dbp, DB_AM_NOT_DURABLE)) {
|
||||||
|
+ ret = __db_rdonly(env, "DB_SEQUENCE->get");
|
||||||
|
+ goto err;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+
|
||||||
|
if (rp->seq_min + delta > rp->seq_max) {
|
||||||
|
__db_errx(env, "Sequence overflow");
|
||||||
|
ret = EINVAL;
|
Loading…
Reference in New Issue
Block a user