diff -u openldap2.3-2.3.30/debian/changelog openldap2.3-2.3.30/debian/changelog --- openldap2.3-2.3.30/debian/changelog +++ openldap2.3-2.3.30/debian/changelog @@ -1,3 +1,25 @@ +openldap2.3 (2.3.30-2ubuntu0.2) feisty-security; urgency=low + + * SECURITY UPDATE: + + debian/patches/SECURITY_CVE-2007-6698_CVE-2008-0658.patch (LP: #197077) + -The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated + users to cause a denial of service (crash) via a potentially-successful + modify operation with the NOOP control set to critical, possibly due to a double + free vulnerability. CVE-2007-6698 + + - slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 + allows remote authenticated users to cause a denial of service (daemon crash) + via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related + issue to CVE-2007-6698. + + * References + - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2007-6698 + - http://www.openldap.org/lists/openldap-bugs/200704/msg00067.html + - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0658 + - http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5358 + + -- Emanuele Gentili Sun, 02 Mar 2008 21:45:52 +0100 + openldap2.3 (2.3.30-2ubuntu0.1) feisty-security; urgency=low * SECURITY UPDATE: slapd crash when processing crafted modify requests diff -u openldap2.3-2.3.30/debian/patches/series openldap2.3-2.3.30/debian/patches/series --- openldap2.3-2.3.30/debian/patches/series +++ openldap2.3-2.3.30/debian/patches/series @@ -18,0 +19 @@ +SECURITY_CVE-2007-6698_CVE-2008-0658.patch diff -u openldap2.3-2.3.30/build/config.sub openldap2.3-2.3.30/build/config.sub --- openldap2.3-2.3.30/build/config.sub +++ openldap2.3-2.3.30/build/config.sub @@ -4,7 +4,7 @@ # 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, # Inc. -timestamp='2006-09-20' +timestamp='2007-01-18' # This file is (in principle) common to ALL GNU software. # The presence of a machine in this file suggests that SOME GNU software @@ -245,12 +245,12 @@ | bfin \ | c4x | clipper \ | d10v | d30v | dlx | dsp16xx \ - | fr30 | frv \ + | fido | fr30 | frv \ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | i370 | i860 | i960 | ia64 \ | ip2k | iq2000 \ | m32c | m32r | m32rle | m68000 | m68k | m88k \ - | maxq | mb | microblaze | mcore \ + | maxq | mb | microblaze | mcore | mep \ | mips | mipsbe | mipseb | mipsel | mipsle \ | mips16 \ | mips64 | mips64el \ @@ -324,7 +324,7 @@ | clipper-* | craynv-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ | elxsi-* \ - | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \ + | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ | h8300-* | h8500-* \ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ | i*86-* | i860-* | i960-* | ia64-* \ @@ -925,6 +925,9 @@ basic_machine=sh-hitachi os=-hms ;; + sh5el) + basic_machine=sh5le-unknown + ;; sh64) basic_machine=sh64-unknown ;; @@ -1219,7 +1222,7 @@ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ - | -skyos* | -haiku* | -rdos* | -toppers*) + | -skyos* | -haiku* | -rdos* | -toppers* | -drops*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) @@ -1414,6 +1417,9 @@ m68*-cisco) os=-aout ;; + mep-*) + os=-elf + ;; mips*-cisco) os=-elf ;; diff -u openldap2.3-2.3.30/build/config.guess openldap2.3-2.3.30/build/config.guess --- openldap2.3-2.3.30/build/config.guess +++ openldap2.3-2.3.30/build/config.guess @@ -4,7 +4,7 @@ # 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, # Inc. -timestamp='2006-07-02' +timestamp='2007-03-06' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -161,6 +161,7 @@ arm*) machine=arm-unknown ;; sh3el) machine=shl-unknown ;; sh3eb) machine=sh-unknown ;; + sh5el) machine=sh5le-unknown ;; *) machine=${UNAME_MACHINE_ARCH}-unknown ;; esac # The Operating System including object format, if it has switched @@ -780,7 +781,7 @@ i*:CYGWIN*:*) echo ${UNAME_MACHINE}-pc-cygwin exit ;; - i*:MINGW*:*) + *:MINGW*:*) echo ${UNAME_MACHINE}-pc-mingw32 exit ;; i*:windows32*:*) @@ -790,12 +791,15 @@ i*:PW*:*) echo ${UNAME_MACHINE}-pc-pw32 exit ;; - x86:Interix*:[3456]*) - echo i586-pc-interix${UNAME_RELEASE} - exit ;; - EM64T:Interix*:[3456]*) - echo x86_64-unknown-interix${UNAME_RELEASE} - exit ;; + *:Interix*:[3456]*) + case ${UNAME_MACHINE} in + x86) + echo i586-pc-interix${UNAME_RELEASE} + exit ;; + EM64T | authenticamd) + echo x86_64-unknown-interix${UNAME_RELEASE} + exit ;; + esac ;; [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) echo i${UNAME_MACHINE}-pc-mks exit ;; @@ -950,6 +954,9 @@ x86_64:Linux:*:*) echo x86_64-unknown-linux-gnu exit ;; + xtensa:Linux:*:*) + echo xtensa-unknown-linux-gnu + exit ;; i*86:Linux:*:*) # The BFD linker knows what the default object file format is, so # first see if it will tell us. cd to the root directory to prevent @@ -1208,6 +1215,15 @@ SX-6:SUPER-UX:*:*) echo sx6-nec-superux${UNAME_RELEASE} exit ;; + SX-7:SUPER-UX:*:*) + echo sx7-nec-superux${UNAME_RELEASE} + exit ;; + SX-8:SUPER-UX:*:*) + echo sx8-nec-superux${UNAME_RELEASE} + exit ;; + SX-8R:SUPER-UX:*:*) + echo sx8r-nec-superux${UNAME_RELEASE} + exit ;; Power*:Rhapsody:*:*) echo powerpc-apple-rhapsody${UNAME_RELEASE} exit ;; diff -u openldap2.3-2.3.30/contrib/ldapc++/config.sub openldap2.3-2.3.30/contrib/ldapc++/config.sub --- openldap2.3-2.3.30/contrib/ldapc++/config.sub +++ openldap2.3-2.3.30/contrib/ldapc++/config.sub @@ -4,7 +4,7 @@ # 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, # Inc. -timestamp='2006-09-20' +timestamp='2007-01-18' # This file is (in principle) common to ALL GNU software. # The presence of a machine in this file suggests that SOME GNU software @@ -245,12 +245,12 @@ | bfin \ | c4x | clipper \ | d10v | d30v | dlx | dsp16xx \ - | fr30 | frv \ + | fido | fr30 | frv \ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | i370 | i860 | i960 | ia64 \ | ip2k | iq2000 \ | m32c | m32r | m32rle | m68000 | m68k | m88k \ - | maxq | mb | microblaze | mcore \ + | maxq | mb | microblaze | mcore | mep \ | mips | mipsbe | mipseb | mipsel | mipsle \ | mips16 \ | mips64 | mips64el \ @@ -324,7 +324,7 @@ | clipper-* | craynv-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ | elxsi-* \ - | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \ + | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ | h8300-* | h8500-* \ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ | i*86-* | i860-* | i960-* | ia64-* \ @@ -925,6 +925,9 @@ basic_machine=sh-hitachi os=-hms ;; + sh5el) + basic_machine=sh5le-unknown + ;; sh64) basic_machine=sh64-unknown ;; @@ -1219,7 +1222,7 @@ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ - | -skyos* | -haiku* | -rdos* | -toppers*) + | -skyos* | -haiku* | -rdos* | -toppers* | -drops*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) @@ -1414,6 +1417,9 @@ m68*-cisco) os=-aout ;; + mep-*) + os=-elf + ;; mips*-cisco) os=-elf ;; diff -u openldap2.3-2.3.30/contrib/ldapc++/config.guess openldap2.3-2.3.30/contrib/ldapc++/config.guess --- openldap2.3-2.3.30/contrib/ldapc++/config.guess +++ openldap2.3-2.3.30/contrib/ldapc++/config.guess @@ -4,7 +4,7 @@ # 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, # Inc. -timestamp='2006-07-02' +timestamp='2007-03-06' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -161,6 +161,7 @@ arm*) machine=arm-unknown ;; sh3el) machine=shl-unknown ;; sh3eb) machine=sh-unknown ;; + sh5el) machine=sh5le-unknown ;; *) machine=${UNAME_MACHINE_ARCH}-unknown ;; esac # The Operating System including object format, if it has switched @@ -780,7 +781,7 @@ i*:CYGWIN*:*) echo ${UNAME_MACHINE}-pc-cygwin exit ;; - i*:MINGW*:*) + *:MINGW*:*) echo ${UNAME_MACHINE}-pc-mingw32 exit ;; i*:windows32*:*) @@ -790,12 +791,15 @@ i*:PW*:*) echo ${UNAME_MACHINE}-pc-pw32 exit ;; - x86:Interix*:[3456]*) - echo i586-pc-interix${UNAME_RELEASE} - exit ;; - EM64T:Interix*:[3456]*) - echo x86_64-unknown-interix${UNAME_RELEASE} - exit ;; + *:Interix*:[3456]*) + case ${UNAME_MACHINE} in + x86) + echo i586-pc-interix${UNAME_RELEASE} + exit ;; + EM64T | authenticamd) + echo x86_64-unknown-interix${UNAME_RELEASE} + exit ;; + esac ;; [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) echo i${UNAME_MACHINE}-pc-mks exit ;; @@ -951,4 +955,7 @@ echo x86_64-unknown-linux-gnu exit ;; + xtensa:Linux:*:*) + echo xtensa-unknown-linux-gnu + exit ;; i*86:Linux:*:*) # The BFD linker knows what the default object file format is, so @@ -1208,6 +1215,15 @@ SX-6:SUPER-UX:*:*) echo sx6-nec-superux${UNAME_RELEASE} exit ;; + SX-7:SUPER-UX:*:*) + echo sx7-nec-superux${UNAME_RELEASE} + exit ;; + SX-8:SUPER-UX:*:*) + echo sx8-nec-superux${UNAME_RELEASE} + exit ;; + SX-8R:SUPER-UX:*:*) + echo sx8r-nec-superux${UNAME_RELEASE} + exit ;; Power*:Rhapsody:*:*) echo powerpc-apple-rhapsody${UNAME_RELEASE} exit ;; only in patch2: unchanged: --- openldap2.3-2.3.30.orig/debian/patches/SECURITY_CVE-2007-6698_CVE-2008-0658.patch +++ openldap2.3-2.3.30/debian/patches/SECURITY_CVE-2007-6698_CVE-2008-0658.patch @@ -0,0 +1,26 @@ +Index: openldap-2.3.30/servers/slapd/back-bdb/modify.c +=================================================================== +--- openldap-2.3.30.orig/servers/slapd/back-bdb/modify.c 2008-03-02 21:43:56.000000000 +0100 ++++ openldap-2.3.30/servers/slapd/back-bdb/modify.c 2008-03-02 21:44:52.000000000 +0100 +@@ -538,6 +538,8 @@ + } else { + rs->sr_err = LDAP_X_NO_OPERATION; + ltid = NULL; ++ /* Only free attrs if they were dup'd. */ ++ if ( dummy.e_attrs == e->e_attrs ) dummy.e_attrs = NULL; + goto return_results; + } + } else { +Index: openldap-2.3.30/servers/slapd/back-bdb/modrdn.c +=================================================================== +--- openldap-2.3.30.orig/servers/slapd/back-bdb/modrdn.c 2008-03-02 21:42:53.000000000 +0100 ++++ openldap-2.3.30/servers/slapd/back-bdb/modrdn.c 2008-03-02 21:43:51.000000000 +0100 +@@ -729,6 +729,8 @@ + } else { + rs->sr_err = LDAP_X_NO_OPERATION; + ltid = NULL; ++ /* Only free attrs if they were dup'd. */ ++ if ( dummy.e_attrs == e->e_attrs ) dummy.e_attrs = NULL; + goto return_results; + } +