diff --git a/Syncprov-might-lose-deletes-ITS-6555.dif b/Syncprov-might-lose-deletes-ITS-6555.dif deleted file mode 100644 index 9e0bd94..0000000 --- a/Syncprov-might-lose-deletes-ITS-6555.dif +++ /dev/null @@ -1,38 +0,0 @@ -From e32aa64d19840a3b76da532d200fa1cb733e0672 Mon Sep 17 00:00:00 2001 -From: ralf -Date: Thu, 20 May 2010 15:08:28 +0000 -Subject: Syncprov might lose deletes (ITS#6555) - -During the refresh phase the sync filter needs to be adjusted (skipping -the "(entrycsn>=cookie)" part that was inserted) when checking whether a -change needs to be replicated, otherwise we lose DELETES that happen during -the refresh phase. - -bnc#606294 - - 1 files changed, 9 insertions(+), 1 deletions(-) - -diff --git a/servers/slapd/overlays/syncprov.c b/servers/slapd/overlays/syncprov.c -index 675568e..030edf5 100644 ---- a/servers/slapd/overlays/syncprov.c -+++ b/servers/slapd/overlays/syncprov.c -@@ -1301,7 +1301,15 @@ syncprov_matchops( Operation *op, opcookie *opc, int saveit ) - op2.o_hdr = &oh; - op2.o_extra = op->o_extra; - op2.o_callback = NULL; -- rc = test_filter( &op2, e, ss->s_op->ors_filter ); -+ ldap_pvt_thread_mutex_lock( &ss->s_mutex ); -+ if (ss->s_flags & PS_FIX_FILTER) { -+ /* Skip the AND/GE clause that we stuck on in front. We -+ would lose deletes/mods that happen during the refresh -+ phase otherwise (ITS#6555) */ -+ op2.ors_filter = ss->s_op->ors_filter->f_and->f_next; -+ } -+ ldap_pvt_thread_mutex_unlock( &ss->s_mutex ); -+ rc = test_filter( &op2, e, op2.ors_filter ); - } - - Debug( LDAP_DEBUG_TRACE, "syncprov_matchops: sid %03x fscope %d rc %d\n", --- -1.7.0.3 - diff --git a/openldap2-client.changes b/openldap2-client.changes index 58841dd..2a80cef 100644 --- a/openldap2-client.changes +++ b/openldap2-client.changes @@ -1,12 +1,3 @@ -------------------------------------------------------------------- -Thu Jul 1 12:48:18 UTC 2010 - rhafer@novell.com - -- LDAP clients could crash the server by submitting a specially - crafted LDAP ModRDN operation. (bnc#612430, ITS#6570) -- Delete Operations happening during the "Refresh" phase of - "refreshAndPersist" replication failed to replicate under - certain circumstances (bnc#606294, ITS#6555) - ------------------------------------------------------------------- Mon May 10 13:35:59 UTC 2010 - rhafer@novell.com diff --git a/openldap2-client.spec b/openldap2-client.spec index 664fe1f..3e71f2e 100644 --- a/openldap2-client.spec +++ b/openldap2-client.spec @@ -1,5 +1,5 @@ # -# spec file for package openldap2 (Version 2.4.21) +# spec file for package openldap2-client (Version 2.4.21) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -19,7 +19,7 @@ %define run_test_suite 1 -Name: openldap2-client +Name: openldap2-client BuildRequires: cyrus-sasl-devel db-devel libopenssl-devel tcpd-devel %if %sles_version == 9 BuildRequires: -db-devel -libopenssl-devel -pwdutils libdb-4_5-devel openssl-devel @@ -60,8 +60,6 @@ Patch5: slapd-back-hdb-fortify.dif Patch6: libldap-gethostbyname_r.dif Patch7: pie-compile.dif Patch11: slapd-bconfig-del-db.dif -Patch12: Syncprov-might-lose-deletes-ITS-6555.dif -Patch13: slapd-modrdn-crash-ITS-6570.dif Patch100: openldap-2.3.37.dif Patch200: slapd_getaddrinfo_dupl.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -182,8 +180,6 @@ Authors: %patch7 %endif %patch11 -%patch12 -p1 -%patch13 -p1 %if %suse_version == 1100 %patch200 -p1 %endif diff --git a/openldap2.changes b/openldap2.changes index 58841dd..2a80cef 100644 --- a/openldap2.changes +++ b/openldap2.changes @@ -1,12 +1,3 @@ -------------------------------------------------------------------- -Thu Jul 1 12:48:18 UTC 2010 - rhafer@novell.com - -- LDAP clients could crash the server by submitting a specially - crafted LDAP ModRDN operation. (bnc#612430, ITS#6570) -- Delete Operations happening during the "Refresh" phase of - "refreshAndPersist" replication failed to replicate under - certain circumstances (bnc#606294, ITS#6555) - ------------------------------------------------------------------- Mon May 10 13:35:59 UTC 2010 - rhafer@novell.com diff --git a/openldap2.spec b/openldap2.spec index d8464f5..9434a1b 100644 --- a/openldap2.spec +++ b/openldap2.spec @@ -60,8 +60,6 @@ Patch5: slapd-back-hdb-fortify.dif Patch6: libldap-gethostbyname_r.dif Patch7: pie-compile.dif Patch11: slapd-bconfig-del-db.dif -Patch12: Syncprov-might-lose-deletes-ITS-6555.dif -Patch13: slapd-modrdn-crash-ITS-6570.dif Patch100: openldap-2.3.37.dif Patch200: slapd_getaddrinfo_dupl.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -182,8 +180,6 @@ Authors: %patch7 %endif %patch11 -%patch12 -p1 -%patch13 -p1 %if %suse_version == 1100 %patch200 -p1 %endif diff --git a/slapd-modrdn-crash-ITS-6570.dif b/slapd-modrdn-crash-ITS-6570.dif deleted file mode 100644 index 667950c..0000000 --- a/slapd-modrdn-crash-ITS-6570.dif +++ /dev/null @@ -1,100 +0,0 @@ -From 6e229f5b94be41c4b9372914ae9bff90ccd81014 Mon Sep 17 00:00:00 2001 -From: hyc -Date: Sun, 6 Jun 2010 22:02:32 +0000 -Subject: slapd modrdn crash (ITS#6570) - -part #1 reject RDNs with binary BER values -part #2 reject RDNs with empty values - -Unauthenticated LDAP clients could crash the server by submitting a -specially crafted LDAP ModRDN operatoin. - -Part #1: -OpenLDAP crashes with segfault during the processing of a modrdn call with -maliciously formed destination rdn string. No authentication is required to -trigger this vulnerability. - -Part #2: -OpenLDAP crashes at a null pointer dereference during the processing of modrdn -call with maliciously formed destination rdn string. No authentication is -required to trigger this vulnerability. - - 3 files changed, 16 insertions(+), 7 deletions(-) - -diff --git a/servers/slapd/dn.c b/servers/slapd/dn.c -index 3534e7f..75d2204 100644 ---- a/servers/slapd/dn.c -+++ b/servers/slapd/dn.c -@@ -302,16 +302,13 @@ LDAPRDN_rewrite( LDAPRDN rdn, unsigned flags, void *ctx ) - ava->la_attr = ad->ad_cname; - - if( ava->la_flags & LDAP_AVA_BINARY ) { -- if( ava->la_value.bv_len == 0 ) { -- /* BER encoding is empty */ -- return LDAP_INVALID_SYNTAX; -- } -+ /* AVA is binary encoded, not supported */ -+ return LDAP_INVALID_SYNTAX; - - /* Do not allow X-ORDERED 'VALUES' naming attributes */ - } else if( ad->ad_type->sat_flags & SLAP_AT_ORDERED_VAL ) { - return LDAP_INVALID_SYNTAX; - -- /* AVA is binary encoded, don't muck with it */ - } else if( flags & SLAP_LDAPDN_PRETTY ) { - transf = ad->ad_type->sat_syntax->ssyn_pretty; - if( !transf ) { -@@ -379,6 +376,10 @@ LDAPRDN_rewrite( LDAPRDN rdn, unsigned flags, void *ctx ) - ava->la_value = bv; - ava->la_flags |= LDAP_AVA_FREE_VALUE; - } -+ /* reject empty values */ -+ if (!ava->la_value.bv_len) { -+ return LDAP_INVALID_SYNTAX; -+ } - } - rc = LDAP_SUCCESS; - -diff --git a/servers/slapd/modrdn.c b/servers/slapd/modrdn.c -index e386ef9..e143a7b 100644 ---- a/servers/slapd/modrdn.c -+++ b/servers/slapd/modrdn.c -@@ -445,12 +445,19 @@ slap_modrdn2mods( - mod_tmp->sml_values[1].bv_val = NULL; - if( desc->ad_type->sat_equality->smr_normalize) { - mod_tmp->sml_nvalues = ( BerVarray )ch_malloc( 2 * sizeof( struct berval ) ); -- (void) (*desc->ad_type->sat_equality->smr_normalize)( -+ rs->sr_err = desc->ad_type->sat_equality->smr_normalize( - SLAP_MR_EQUALITY|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX, - desc->ad_type->sat_syntax, - desc->ad_type->sat_equality, - &mod_tmp->sml_values[0], - &mod_tmp->sml_nvalues[0], NULL ); -+ if (rs->sr_err != LDAP_SUCCESS) { -+ ch_free(mod_tmp->sml_nvalues); -+ ch_free(mod_tmp->sml_values[0].bv_val); -+ ch_free(mod_tmp->sml_values); -+ ch_free(mod_tmp); -+ goto done; -+ } - mod_tmp->sml_nvalues[1].bv_val = NULL; - } else { - mod_tmp->sml_nvalues = NULL; -diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c -index 68e6d28..d2f4708 100644 ---- a/servers/slapd/schema_init.c -+++ b/servers/slapd/schema_init.c -@@ -1732,8 +1732,9 @@ UTF8StringNormalize( - ? LDAP_UTF8_APPROX : 0; - - val = UTF8bvnormalize( val, &tmp, flags, ctx ); -+ /* out of memory or syntax error, the former is unlikely */ - if( val == NULL ) { -- return LDAP_OTHER; -+ return LDAP_INVALID_SYNTAX; - } - - /* collapse spaces (in place) */ --- -1.7.0.3 -