Git-Url:
http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-0.7.git;a=commitdiff;h=e855a9000021ed47de582fd912378f325e224db3
commit e855a9000021ed47de582fd912378f325e224db3
Author: Miklos Vajna <[EMAIL PROTECTED]>
Date: Tue Feb 19 12:55:13 2008 +0100
openldap-2.3.39-1sayshell2-i686
added CVE-2008-0658.diff
closes #2786
diff --git a/source/network-extra/openldap/CVE-2008-0658.diff
b/source/network-extra/openldap/CVE-2008-0658.diff
new file mode 100644
index 0000000..7c01b9a
--- /dev/null
+++ b/source/network-extra/openldap/CVE-2008-0658.diff
@@ -0,0 +1,16 @@
+===================================================================
+RCS file: /repo/OpenLDAP/pkg/ldap/servers/slapd/back-bdb/modrdn.c,v
+retrieving revision 1.197
+retrieving revision 1.198
+diff -p -u -r1.197 -r1.198
+--- ldap/servers/slapd/back-bdb/modrdn.c 2008/01/11 03:01:37 1.197
++++ ldap/servers/slapd/back-bdb/modrdn.c 2008/02/07 11:06:24 1.198
+@@ -739,6 +739,8 @@ retry: /* transaction retry */
+ } else {
+ rs->sr_err = LDAP_X_NO_OPERATION;
+ ltid = NULL;
++ /* Only free attrs if they were dup'd. */
++ if ( dummy.e_attrs == e->e_attrs ) dummy.e_attrs = NULL;
+ goto return_results;
+ }
+
diff --git a/source/network-extra/openldap/FrugalBuild
b/source/network-extra/openldap/FrugalBuild
index 0589953..231ab31 100644
--- a/source/network-extra/openldap/FrugalBuild
+++ b/source/network-extra/openldap/FrugalBuild
@@ -3,7 +3,7 @@
pkgname=openldap
pkgver=2.3.39
-pkgrel=1sayshell1
+pkgrel=1sayshell2
pkgdesc="A suite of the Lightweight Directory Access Protocol servers"
url="http://www.openldap.org/";
groups=('network-extra')
@@ -14,10 +14,11 @@ rodepends=("libldap=$pkgver")
makedepends=('tcp_wrappers' 'openssl' 'cyrus-sasl')
up2date="lynx -dump http://www.openldap.org/software/download/|grep 'United
States'|sed -e 's/.*]\(.*\) \[.*/\1/'"
source=(ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/$pkgname-$pkgver.tgz
rc.slapd \
- openldap-ntlm.patch0)
+ openldap-ntlm.patch CVE-2008-0658.diff)
sha1sums=('e87e60b1269f51d753d88df9b51745a66730a5d4' \
'e2e32477a3252545c04709b172eb65b1847c3678' \
- '29b8e9c4835235c976f026cd5883228b77581083')
+ 'c0546e88975c94567ad657da9205ca30cf41df59' \
+ '729eb4778b44262a97d5a16c2b867729006cea5a')
subpkgs=('libldap')
subdescs=('OpenLDAP library.')
diff --git a/source/network-extra/openldap/openldap-ntlm.patch
b/source/network-extra/openldap/openldap-ntlm.patch
new file mode 100644
index 0000000..24c4b67
--- /dev/null
+++ b/source/network-extra/openldap/openldap-ntlm.patch
@@ -0,0 +1,199 @@
+(Note that this patch is not useful on its own... it just adds some
+hooks to work with the LDAP authentication process at a lower level
+than the API otherwise allows. The code that calls these hooks and
+actually drives the NTLM authentication process is in
+lib/e2k-global-catalog.c, and the code that actually implements the
+NTLM algorithms is in xntlm/.)
+
+This is a patch against OpenLDAP 2.2.6. Apply with -p1
+
+
+--- include/ldap.h.orig 2004-01-01 13:16:28.000000000 -0500
++++ include/ldap.h 2004-07-14 11:58:49.000000000 -0400
+@@ -1753,5 +1753,26 @@
+ LDAPControl **cctrls ));
+
+
++/*
++ * hacks for NTLM
++ */
++#define LDAP_AUTH_NTLM_REQUEST ((ber_tag_t) 0x8aU)
++#define LDAP_AUTH_NTLM_RESPONSE ((ber_tag_t) 0x8bU)
++LDAP_F( int )
++ldap_ntlm_bind LDAP_P((
++ LDAP *ld,
++ LDAP_CONST char *dn,
++ ber_tag_t tag,
++ struct berval *cred,
++ LDAPControl **sctrls,
++ LDAPControl **cctrls,
++ int *msgidp ));
++LDAP_F( int )
++ldap_parse_ntlm_bind_result LDAP_P((
++ LDAP *ld,
++ LDAPMessage *res,
++ struct berval *challenge));
++
++
+ LDAP_END_DECL
+ #endif /* _LDAP_H */
+--- libraries/libldap/Makefile.in.orig 2004-01-01 13:16:29.000000000 -0500
++++ libraries/libldap/Makefile.in 2004-07-14 13:37:23.000000000 -0400
+@@ -20,7 +20,7 @@
+ SRCS = bind.c open.c result.c error.c compare.c search.c \
+ controls.c messages.c references.c extended.c cyrus.c \
+ modify.c add.c modrdn.c delete.c abandon.c \
+- sasl.c sbind.c kbind.c unbind.c cancel.c \
++ sasl.c ntlm.c sbind.c kbind.c unbind.c cancel.c \
+ filter.c free.c sort.c passwd.c whoami.c \
+ getdn.c getentry.c getattr.c getvalues.c addentry.c \
+ request.c os-ip.c url.c sortctrl.c vlvctrl.c \
+@@ -29,7 +29,7 @@
+ OBJS = bind.lo open.lo result.lo error.lo compare.lo search.lo \
+ controls.lo messages.lo references.lo extended.lo cyrus.lo \
+ modify.lo add.lo modrdn.lo delete.lo abandon.lo \
+- sasl.lo sbind.lo kbind.lo unbind.lo cancel.lo \
++ sasl.lo ntlm.lo sbind.lo kbind.lo unbind.lo cancel.lo \
+ filter.lo free.lo sort.lo passwd.lo whoami.lo \
+ getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \
+ request.lo os-ip.lo url.lo sortctrl.lo vlvctrl.lo \
+--- /dev/null 2004-06-30 15:04:37.000000000 -0400
++++ libraries/libldap/ntlm.c 2004-07-14 13:44:18.000000000 -0400
+@@ -0,0 +1,137 @@
++/* $OpenLDAP: pkg/ldap/libraries/libldap/ntlm.c,v 1.1.4.10 2002/01/04
20:38:21 kurt Exp $ */
++/*
++ * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
++ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
++ */
++
++/* Mostly copied from sasl.c */
++
++#include "portable.h"
++
++#include <stdlib.h>
++#include <stdio.h>
++
++#include <ac/socket.h>
++#include <ac/string.h>
++#include <ac/time.h>
++#include <ac/errno.h>
++
++#include "ldap-int.h"
++
++int
++ldap_ntlm_bind(
++ LDAP *ld,
++ LDAP_CONST char *dn,
++ ber_tag_t tag,
++ struct berval *cred,
++ LDAPControl **sctrls,
++ LDAPControl **cctrls,
++ int *msgidp )
++{
++ BerElement *ber;
++ int rc;
++ ber_int_t id;
++
++ Debug( LDAP_DEBUG_TRACE, "ldap_ntlm_bind\n", 0, 0, 0 );
++
++ assert( ld != NULL );
++ assert( LDAP_VALID( ld ) );
++ assert( msgidp != NULL );
++
++ if( msgidp == NULL ) {
++ ld->ld_errno = LDAP_PARAM_ERROR;
++ return ld->ld_errno;
++ }
++
++ /* create a message to send */
++ if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
++ ld->ld_errno = LDAP_NO_MEMORY;
++ return ld->ld_errno;
++ }
++
++ assert( LBER_VALID( ber ) );
++
++ LDAP_NEXT_MSGID( ld, id );
++ rc = ber_printf( ber, "{it{istON}" /*}*/,
++ id, LDAP_REQ_BIND,
++ ld->ld_version, dn, tag,
++ cred );
++
++ /* Put Server Controls */
++ if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) {
++ ber_free( ber, 1 );
++ return ld->ld_errno;
++ }
++
++ if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) {
++ ld->ld_errno = LDAP_ENCODING_ERROR;
++ ber_free( ber, 1 );
++ return ld->ld_errno;
++ }
++
++ /* send the message */
++ *msgidp = ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber, id );
++
++ if(*msgidp < 0)
++ return ld->ld_errno;
++
++ return LDAP_SUCCESS;
++}
++
++int
++ldap_parse_ntlm_bind_result(
++ LDAP *ld,
++ LDAPMessage *res,
++ struct berval *challenge)
++{
++ ber_int_t errcode;
++ ber_tag_t tag;
++ BerElement *ber;
++ ber_len_t len;
++
++ Debug( LDAP_DEBUG_TRACE, "ldap_parse_ntlm_bind_result\n", 0, 0, 0 );
++
++ assert( ld != NULL );
++ assert( LDAP_VALID( ld ) );
++ assert( res != NULL );
++
++ if ( ld == NULL || res == NULL ) {
++ return LDAP_PARAM_ERROR;
++ }
++
++ if( res->lm_msgtype != LDAP_RES_BIND ) {
++ ld->ld_errno = LDAP_PARAM_ERROR;
++ return ld->ld_errno;
++ }
++
++ if ( ld->ld_error ) {
++ LDAP_FREE( ld->ld_error );
++ ld->ld_error = NULL;
++ }
++ if ( ld->ld_matched ) {
++ LDAP_FREE( ld->ld_matched );
++ ld->ld_matched = NULL;
++ }
++
++ /* parse results */
++
++ ber = ber_dup( res->lm_ber );
++
++ if( ber == NULL ) {
++ ld->ld_errno = LDAP_NO_MEMORY;
++ return ld->ld_errno;
++ }
++
++ tag = ber_scanf( ber, "{ioa" /*}*/,
++ &errcode, challenge, &ld->ld_error );
++ ber_free( ber, 0 );
++
++ if( tag == LBER_ERROR ) {
++ ld->ld_errno = LDAP_DECODING_ERROR;
++ return ld->ld_errno;
++ }
++
++ ld->ld_errno = errcode;
++
++ return( ld->ld_errno );
++}
diff --git a/source/network-extra/openldap/openldap-ntlm.patch0
b/source/network-extra/openldap/openldap-ntlm.patch0
deleted file mode 100644
index 1e52f99..0000000
--- a/source/network-extra/openldap/openldap-ntlm.patch0
+++ /dev/null
@@ -1,199 +0,0 @@
-(Note that this patch is not useful on its own... it just adds some
-hooks to work with the LDAP authentication process at a lower level
-than the API otherwise allows. The code that calls these hooks and
-actually drives the NTLM authentication process is in
-lib/e2k-global-catalog.c, and the code that actually implements the
-NTLM algorithms is in xntlm/.)
-
-This is a patch against OpenLDAP 2.2.6. Apply with -p0
-
-
---- include/ldap.h.orig 2004-01-01 13:16:28.000000000 -0500
-+++ include/ldap.h 2004-07-14 11:58:49.000000000 -0400
-@@ -1753,5 +1753,26 @@
- LDAPControl **cctrls ));
-
-
-+/*
-+ * hacks for NTLM
-+ */
-+#define LDAP_AUTH_NTLM_REQUEST ((ber_tag_t) 0x8aU)
-+#define LDAP_AUTH_NTLM_RESPONSE ((ber_tag_t) 0x8bU)
-+LDAP_F( int )
-+ldap_ntlm_bind LDAP_P((
-+ LDAP *ld,
-+ LDAP_CONST char *dn,
-+ ber_tag_t tag,
-+ struct berval *cred,
-+ LDAPControl **sctrls,
-+ LDAPControl **cctrls,
-+ int *msgidp ));
-+LDAP_F( int )
-+ldap_parse_ntlm_bind_result LDAP_P((
-+ LDAP *ld,
-+ LDAPMessage *res,
-+ struct berval *challenge));
-+
-+
- LDAP_END_DECL
- #endif /* _LDAP_H */
---- libraries/libldap/Makefile.in.orig 2004-01-01 13:16:29.000000000 -0500
-+++ libraries/libldap/Makefile.in 2004-07-14 13:37:23.000000000 -0400
-@@ -20,7 +20,7 @@
- SRCS = bind.c open.c result.c error.c compare.c search.c \
- controls.c messages.c references.c extended.c cyrus.c \
- modify.c add.c modrdn.c delete.c abandon.c \
-- sasl.c sbind.c kbind.c unbind.c cancel.c \
-+ sasl.c ntlm.c sbind.c kbind.c unbind.c cancel.c \
- filter.c free.c sort.c passwd.c whoami.c \
- getdn.c getentry.c getattr.c getvalues.c addentry.c \
- request.c os-ip.c url.c sortctrl.c vlvctrl.c \
-@@ -29,7 +29,7 @@
- OBJS = bind.lo open.lo result.lo error.lo compare.lo search.lo \
- controls.lo messages.lo references.lo extended.lo cyrus.lo \
- modify.lo add.lo modrdn.lo delete.lo abandon.lo \
-- sasl.lo sbind.lo kbind.lo unbind.lo cancel.lo \
-+ sasl.lo ntlm.lo sbind.lo kbind.lo unbind.lo cancel.lo \
- filter.lo free.lo sort.lo passwd.lo whoami.lo \
- getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \
- request.lo os-ip.lo url.lo sortctrl.lo vlvctrl.lo \
---- /dev/null 2004-06-30 15:04:37.000000000 -0400
-+++ libraries/libldap/ntlm.c 2004-07-14 13:44:18.000000000 -0400
-@@ -0,0 +1,137 @@
-+/* $OpenLDAP: pkg/ldap/libraries/libldap/ntlm.c,v 1.1.4.10 2002/01/04
20:38:21 kurt Exp $ */
-+/*
-+ * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
-+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
-+ */
-+
-+/* Mostly copied from sasl.c */
-+
-+#include "portable.h"
-+
-+#include <stdlib.h>
-+#include <stdio.h>
-+
-+#include <ac/socket.h>
-+#include <ac/string.h>
-+#include <ac/time.h>
-+#include <ac/errno.h>
-+
-+#include "ldap-int.h"
-+
-+int
-+ldap_ntlm_bind(
-+ LDAP *ld,
-+ LDAP_CONST char *dn,
-+ ber_tag_t tag,
-+ struct berval *cred,
-+ LDAPControl **sctrls,
-+ LDAPControl **cctrls,
-+ int *msgidp )
-+{
-+ BerElement *ber;
-+ int rc;
-+ ber_int_t id;
-+
-+ Debug( LDAP_DEBUG_TRACE, "ldap_ntlm_bind\n", 0, 0, 0 );
-+
-+ assert( ld != NULL );
-+ assert( LDAP_VALID( ld ) );
-+ assert( msgidp != NULL );
-+
-+ if( msgidp == NULL ) {
-+ ld->ld_errno = LDAP_PARAM_ERROR;
-+ return ld->ld_errno;
-+ }
-+
-+ /* create a message to send */
-+ if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
-+ ld->ld_errno = LDAP_NO_MEMORY;
-+ return ld->ld_errno;
-+ }
-+
-+ assert( LBER_VALID( ber ) );
-+
-+ LDAP_NEXT_MSGID( ld, id );
-+ rc = ber_printf( ber, "{it{istON}" /*}*/,
-+ id, LDAP_REQ_BIND,
-+ ld->ld_version, dn, tag,
-+ cred );
-+
-+ /* Put Server Controls */
-+ if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) {
-+ ber_free( ber, 1 );
-+ return ld->ld_errno;
-+ }
-+
-+ if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) {
-+ ld->ld_errno = LDAP_ENCODING_ERROR;
-+ ber_free( ber, 1 );
-+ return ld->ld_errno;
-+ }
-+
-+ /* send the message */
-+ *msgidp = ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber, id );
-+
-+ if(*msgidp < 0)
-+ return ld->ld_errno;
-+
-+ return LDAP_SUCCESS;
-+}
-+
-+int
-+ldap_parse_ntlm_bind_result(
-+ LDAP *ld,
-+ LDAPMessage *res,
-+ struct berval *challenge)
-+{
-+ ber_int_t errcode;
-+ ber_tag_t tag;
-+ BerElement *ber;
-+ ber_len_t len;
-+
-+ Debug( LDAP_DEBUG_TRACE, "ldap_parse_ntlm_bind_result\n", 0, 0, 0 );
-+
-+ assert( ld != NULL );
-+ assert( LDAP_VALID( ld ) );
-+ assert( res != NULL );
-+
-+ if ( ld == NULL || res == NULL ) {
-+ return LDAP_PARAM_ERROR;
-+ }
-+
-+ if( res->lm_msgtype != LDAP_RES_BIND ) {
-+ ld->ld_errno = LDAP_PARAM_ERROR;
-+ return ld->ld_errno;
-+ }
-+
-+ if ( ld->ld_error ) {
-+ LDAP_FREE( ld->ld_error );
-+ ld->ld_error = NULL;
-+ }
-+ if ( ld->ld_matched ) {
-+ LDAP_FREE( ld->ld_matched );
-+ ld->ld_matched = NULL;
-+ }
-+
-+ /* parse results */
-+
-+ ber = ber_dup( res->lm_ber );
-+
-+ if( ber == NULL ) {
-+ ld->ld_errno = LDAP_NO_MEMORY;
-+ return ld->ld_errno;
-+ }
-+
-+ tag = ber_scanf( ber, "{ioa" /*}*/,
-+ &errcode, challenge, &ld->ld_error );
-+ ber_free( ber, 0 );
-+
-+ if( tag == LBER_ERROR ) {
-+ ld->ld_errno = LDAP_DECODING_ERROR;
-+ return ld->ld_errno;
-+ }
-+
-+ ld->ld_errno = errcode;
-+
-+ return( ld->ld_errno );
-+}
_______________________________________________
Frugalware-git mailing list
Frugalware-git@frugalware.org
http://frugalware.org/mailman/listinfo/frugalware-git
