CVE-2013-4449: segfault on certain queries with rwm overlay

Resolves: #1060851

openldap-rwm-reference-counting.patch

@@ -0,0 +1,26 @@
+Author: Jan Synáček <jsynacek@redhat.com>
+Resolves: #1060851
+Upstream ITS: #7723
+
+Correctly count references in rwm overlay.
+
+--- a/libraries/librewrite/session.c	2010-04-13 22:23:09.000000000 +0200
++++ b/libraries/librewrite/session.c	2013-11-08 08:47:26.000000000 +0100
+@@ -161,6 +161,7 @@
+ #ifdef USE_REWRITE_LDAP_PVT_THREADS
+ 	if ( session ) {
+ 		ldap_pvt_thread_mutex_lock( &session->ls_mutex );
++		session->ls_count++;
+ 	}
+ 	ldap_pvt_thread_rdwr_runlock( &info->li_cookies_mutex );
+ #endif /* USE_REWRITE_LDAP_PVT_THREADS */
+@@ -178,6 +179,7 @@
+ )
+ {
+ 	assert( session != NULL );
++	session->ls_count--;
+ 	ldap_pvt_thread_mutex_unlock( &session->ls_mutex );
+ }
+ 
+
+

openldap.spec

@@ -5,7 +5,7 @@
 
 Name: openldap
 Version: 2.4.39
-Release: 1%{?dist}
+Release: 2%{?dist}
 Summary: LDAP support libraries
 Group: System Environment/Daemons
 License: OpenLDAP
@@ -48,6 +48,8 @@ Patch16: openldap-nss-pk11-freeslot.patch
 Patch19: openldap-switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.patch
 # ldapi sasl fix pending upstream inclusion
 Patch20: openldap-ldapi-sasl.patch
+# rwm reference counting fix, pending upstream inclusion
+Patch21: openldap-rwm-reference-counting.patch
 
 # Fedora specific patches
 Patch100: openldap-autoconf-pkgconfig-nss.patch
@@ -164,6 +166,7 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi
 %patch16 -p1
 %patch19 -p1
 %patch20 -p1
+%patch21 -p1
 
 %patch102 -p1
 
@@ -599,6 +602,9 @@ exit 0
 %{_mandir}/man3/*
 
 %changelog
+* Tue Feb  4 2014 Jan Synáček <jsynacek@redhat.com> - 2.4.39-2
+- CVE-2013-4449: segfault on certain queries with rwm overlay (#1060851)
+
 * Wed Jan 29 2014 Jan Synáček <jsynacek@redhat.com> - 2.4.39-1
 - new upstream release (#1059186)