Hello community, here is the log from the commit of package openldap2 for openSUSE:Factory checked in at 2018-11-28 11:08:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openldap2 (Old) and /work/SRC/openSUSE:Factory/.openldap2.new.19453 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openldap2" Wed Nov 28 11:08:45 2018 rev:142 rq:651186 version:unknown Changes: -------- --- /work/SRC/openSUSE:Factory/openldap2/openldap2.changes 2018-11-13 17:30:17.173227494 +0100 +++ /work/SRC/openSUSE:Factory/.openldap2.new.19453/openldap2.changes 2018-11-28 11:08:48.631280848 +0100 @@ -1,0 +2,14 @@ +Thu Nov 22 16:03:22 UTC 2018 - Jan Engelhardt <[email protected]> + +- Replace old $RPM_* shell vars + +------------------------------------------------------------------- +Tue Nov 20 13:32:36 UTC 2018 - [email protected] + +- Fix CVE-2017-17740: when both the nops module and the memberof + overlay are enabled, attempts to free a buffer that was allocated + on the stack + * patch: 0017-Fix-segfault-in-nops.patch + (bsc#1073313) + +------------------------------------------------------------------- @@ -38,0 +53,5 @@ + +------------------------------------------------------------------- +Tue Jun 5 13:24:09 UTC 2018 - [email protected] + +- bsc#1095816 libldap package does not contain and provide libldap anymore New: ---- 0017-Fix-segfault-in-nops.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openldap2.spec ++++++ --- /var/tmp/diff_new_pack.mbPQPH/_old 2018-11-28 11:08:49.575279562 +0100 +++ /var/tmp/diff_new_pack.mbPQPH/_new 2018-11-28 11:08:49.579279556 +0100 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -69,6 +69,7 @@ Patch14: 0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch Patch15: openldap-r-only.dif Patch16: 0016-Clear-shared-key-only-in-close-function.patch +Patch17: 0017-Fix-segfault-in-nops.patch Source200: %{name_ppolicy_check_module}-%{version_ppolicy_check_module}.tar.gz Source201: %{name_ppolicy_check_module}.Makefile Source202: %{name_ppolicy_check_module}.conf @@ -268,6 +269,7 @@ %patch14 -p1 %patch15 -p1 %patch16 -p1 +%patch17 -p1 cp %{SOURCE5} . # Move ppolicy check module and its Makefile into openldap-2.4/contrib/slapd-modules/ @@ -350,36 +352,36 @@ %endif %install -mkdir -p ${RPM_BUILD_ROOT}/%{_libdir}/openldap -mkdir -p ${RPM_BUILD_ROOT}/usr/lib/openldap -mkdir -p ${RPM_BUILD_ROOT}/usr/sbin -mkdir -p ${RPM_BUILD_ROOT}/%{_unitdir} -make STRIP="" "DESTDIR=${RPM_BUILD_ROOT}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install +mkdir -p %{buildroot}/%{_libdir}/openldap +mkdir -p %{buildroot}/usr/lib/openldap +mkdir -p %{buildroot}/usr/sbin +mkdir -p %{buildroot}/%{_unitdir} +make STRIP="" DESTDIR="%{buildroot}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install # Additional symbolic link to slapd executable in /usr/sbin/ -ln -s %{_libdir}/slapd ${RPM_BUILD_ROOT}/usr/sbin/slapd +ln -s %{_libdir}/slapd %{buildroot}/usr/sbin/slapd # Install selected contrib overlays for SLAPO_NAME in addpartial allowed allop autogroup lastbind nops denyop cloak noopsrch passwd/sha2 passwd/pbkdf2 trace do - make -C contrib/slapd-modules/${SLAPO_NAME} STRIP="" "DESTDIR=${RPM_BUILD_ROOT}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install + make -C contrib/slapd-modules/${SLAPO_NAME} STRIP="" DESTDIR="%{buildroot}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install done # slapo-smbk5pwd only for Samba password hashes -make -C contrib/slapd-modules/smbk5pwd STRIP="" "DESTDIR=${RPM_BUILD_ROOT}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install -install -m 755 %{SOURCE13} ${RPM_BUILD_ROOT}/usr/lib/openldap/start -install -m 644 %{SOURCE14} ${RPM_BUILD_ROOT}/%{_unitdir} -mkdir -p ${RPM_BUILD_ROOT}/%{_sysconfdir}/openldap/slapd.d -mkdir -p ${RPM_BUILD_ROOT}/%{_sysconfdir}/sasl2 -install -m 644 %{SOURCE4} ${RPM_BUILD_ROOT}/%{_sysconfdir}/sasl2/slapd.conf -install -m 755 -d ${RPM_BUILD_ROOT}/var/lib/ldap -chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/liblber.so* -chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/libldap_r.so* -install -m 755 %{SOURCE6} ${RPM_BUILD_ROOT}/usr/sbin/schema2ldif -install -m 755 %{SOURCE17} ${RPM_BUILD_ROOT}/usr/sbin -mkdir -p ${RPM_BUILD_ROOT}/usr/lib/tmpfiles.d/ -install -m 644 %{SOURCE18} ${RPM_BUILD_ROOT}/usr/lib/tmpfiles.d/ -install -m 644 %{SOURCE3} ${RPM_BUILD_ROOT}/%{_libexecdir}/openldap/ +make -C contrib/slapd-modules/smbk5pwd STRIP="" DESTDIR="%{buildroot}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install +install -m 755 %{SOURCE13} %{buildroot}/usr/lib/openldap/start +install -m 644 %{SOURCE14} %{buildroot}/%{_unitdir} +mkdir -p %{buildroot}/%{_sysconfdir}/openldap/slapd.d +mkdir -p %{buildroot}/%{_sysconfdir}/sasl2 +install -m 644 %{SOURCE4} %{buildroot}/%{_sysconfdir}/sasl2/slapd.conf +install -m 755 -d %{buildroot}/var/lib/ldap +chmod a+x %{buildroot}/%{_libdir}/liblber.so* +chmod a+x %{buildroot}/%{_libdir}/libldap_r.so* +install -m 755 %{SOURCE6} %{buildroot}/usr/sbin/schema2ldif +install -m 755 %{SOURCE17} %{buildroot}/usr/sbin +mkdir -p %{buildroot}/usr/lib/tmpfiles.d/ +install -m 644 %{SOURCE18} %{buildroot}/usr/lib/tmpfiles.d/ +install -m 644 %{SOURCE3} %{buildroot}/%{_libexecdir}/openldap/ # Install ppolicy check module -make -C contrib/slapd-modules/ppolicy-check-password STRIP="" "DESTDIR=${RPM_BUILD_ROOT}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libexecdir}" install +make -C contrib/slapd-modules/ppolicy-check-password STRIP="" DESTDIR="%{buildroot}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libexecdir}" install install -m 0644 %{S:202} %{buildroot}%{_sysconfdir}/openldap/check_password.conf # Install ppolicy check module's doc files pushd contrib/slapd-modules/%{name_ppolicy_check_module} @@ -390,58 +392,60 @@ # Install ppolicy check module's manual page install -m 0644 %{S:203}.gz %{buildroot}%{_mandir}/man5/ -mkdir -p ${RPM_BUILD_ROOT}%{_fillupdir} -install -m 644 %{SOURCE16} ${RPM_BUILD_ROOT}%{_fillupdir}/sysconfig.openldap -install -m 644 *.ldif ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap/schema -install -m 644 *.schema ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap/schema +mkdir -p %{buildroot}/%{_fillupdir} +install -m 644 %{SOURCE16} %{buildroot}/%{_fillupdir}/sysconfig.openldap +install -m 644 *.ldif %{buildroot}/%{_sysconfdir}/openldap/schema +install -m 644 *.schema %{buildroot}/%{_sysconfdir}/openldap/schema # Install default and sample configuration files -install -m 644 %{SOURCE1} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap -install -m 644 %{SOURCE2} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap -install -m 644 %{SOURCE12} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap -install -d ${RPM_BUILD_ROOT}/etc/sysconfig/SuSEfirewall2.d/services/ -install -m 644 %{SOURCE15} ${RPM_BUILD_ROOT}/etc/sysconfig/SuSEfirewall2.d/services/openldap +install -m 644 %{SOURCE1} %{buildroot}/%{_sysconfdir}/openldap +install -m 644 %{SOURCE2} %{buildroot}/%{_sysconfdir}/openldap +install -m 644 %{SOURCE12} %{buildroot}/%{_sysconfdir}/openldap +install -d %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/ +install -m 644 %{SOURCE15} %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/openldap find doc/guide '(' ! -name *.html -a ! -name *.gif -a ! -name *.png -a ! -type d ')' -delete rm -rf doc/guide/release %define DOCDIR %{_defaultdocdir}/%{name} # Install default database optimisation -install -d ${RPM_BUILD_ROOT}/%{DOCDIR}/adminguide \ - ${RPM_BUILD_ROOT}/%{DOCDIR}/images \ - ${RPM_BUILD_ROOT}/%{DOCDIR}/drafts -install -m 644 ${RPM_BUILD_ROOT}/etc/openldap/DB_CONFIG.example ${RPM_BUILD_ROOT}/%{DOCDIR}/ -install -m 644 doc/guide/admin/* ${RPM_BUILD_ROOT}/%{DOCDIR}/adminguide -install -m 644 doc/guide/images/*.gif ${RPM_BUILD_ROOT}/%{DOCDIR}/images -install -m 644 doc/drafts/* ${RPM_BUILD_ROOT}/%{DOCDIR}/drafts +install -d %{buildroot}/%{DOCDIR}/adminguide \ + %{buildroot}/%{DOCDIR}/images \ + %{buildroot}/%{DOCDIR}/drafts +install -m 644 %{buildroot}/etc/openldap/DB_CONFIG.example %{buildroot}/%{DOCDIR}/ +install -m 644 doc/guide/admin/* %{buildroot}/%{DOCDIR}/adminguide +install -m 644 doc/guide/images/*.gif %{buildroot}/%{DOCDIR}/images +install -m 644 doc/drafts/* %{buildroot}/%{DOCDIR}/drafts install -m 644 ANNOUNCEMENT \ COPYRIGHT \ README \ CHANGES \ %{SOURCE5} \ - ${RPM_BUILD_ROOT}/%{DOCDIR} + %{buildroot}/%{DOCDIR} install -m 644 servers/slapd/slapd.ldif \ - ${RPM_BUILD_ROOT}/%{DOCDIR}/slapd.ldif.default -rm -f ${RPM_BUILD_ROOT}/etc/openldap/DB_CONFIG.example -rm -f ${RPM_BUILD_ROOT}/etc/openldap/schema/README -rm -f ${RPM_BUILD_ROOT}/etc/openldap/slapd.ldif* -rm -f ${RPM_BUILD_ROOT}/%{_rundir}/openldap-data/DB_CONFIG.example + %{buildroot}/%{DOCDIR}/slapd.ldif.default +rm -f %{buildroot}/etc/openldap/DB_CONFIG.example +rm -f %{buildroot}/etc/openldap/schema/README +rm -f %{buildroot}/etc/openldap/slapd.ldif* +rm -f %{buildroot}/%{_rundir}/openldap-data/DB_CONFIG.example mv servers/slapd/back-sql/rdbms_depend servers/slapd/back-sql/examples ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rcslapd -rm -f ${RPM_BUILD_ROOT}/%{_libdir}/openldap/*.a -rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-dnssrv.5 -rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-ndb.5 -rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-null.5 -rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-passwd.5 -rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-shell.5 -rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-tcl.5 +rm -f %{buildroot}/%{_libdir}/openldap/*.a +rm -f %{buildroot}/usr/share/man/man5/slapd-dnssrv.5 +rm -f %{buildroot}/usr/share/man/man5/slapd-ndb.5 +rm -f %{buildroot}/usr/share/man/man5/slapd-null.5 +rm -f %{buildroot}/usr/share/man/man5/slapd-passwd.5 +rm -f %{buildroot}/usr/share/man/man5/slapd-shell.5 +rm -f %{buildroot}/usr/share/man/man5/slapd-tcl.5 # Remove *.la files, libtool does not handle this correct -rm -f ${RPM_BUILD_ROOT}%{_libdir}/lib*.la +rm -f %{buildroot}/%{_libdir}/lib*.la # Make ldap_r the only copy in the system [rh#1370065]. # libldap.so is only for `gcc/ld -lldap`. Make no libldap-2.4.so.2. rm -f "%{buildroot}/%{_libdir}"/libldap-2.4.so* ln -fs libldap_r.so "%{buildroot}/%{_libdir}/libldap.so" +gcc -shared -o "%{buildroot}/%{_libdir}/libldap-2.4.so.2" -Wl,--no-as-needed \ + -Wl,-soname -Wl,libldap-2.4.so.2 -L "%{buildroot}/%{_libdir}" -lldap_r %pre getent group ldap >/dev/null || /usr/sbin/groupadd -g 70 -o -r ldap ++++++ 0017-Fix-segfault-in-nops.patch ++++++ diff --git a/servers/slapd/overlays/memberof.c b/servers/slapd/overlays/memberof.c index 54c24682a..06945d811 100644 --- a/servers/slapd/overlays/memberof.c +++ b/servers/slapd/overlays/memberof.c @@ -360,10 +360,16 @@ memberof_value_modify( unsigned long opid = op->o_opid; SlapReply rs2 = { REP_RESULT }; slap_callback cb = { NULL, slap_null_cb, NULL, NULL }; - Modifications mod[ 2 ] = { { { 0 } } }, *ml; - struct berval values[ 4 ], nvalues[ 4 ]; + Modifications *mod, *ml; + struct berval *values, *nvalues; int mcnt = 0; + mod = (Modifications*)malloc(2 * sizeof(Modifications)); + memset(mod, 0, 2 * sizeof(Modifications)); + + values = (struct berval*)malloc(4 * sizeof(struct berval)); + nvalues = (struct berval*)malloc(4 * sizeof(struct berval)); + op2.o_tag = LDAP_REQ_MODIFY; op2.o_req_dn = *ndn; @@ -493,6 +499,11 @@ memberof_value_modify( /* restore original opid */ op->o_opid = opid; + + slap_mods_free( mod, 0 ); + free(values); + free(nvalues); + /* FIXME: if old_group_ndn doesn't exist, both delete __and__ * add will fail; better split in two operations, although * not optimal in terms of performance. At least it would
