diff --git a/.cvsignore b/.cvsignore index 15f13a7..07c9e1e 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,2 +1,2 @@ db-4.6.21.tar.gz -openldap-2.4.10.tgz +openldap-2.4.11.tgz diff --git a/openldap.spec b/openldap.spec index 6383642..5070f11 100644 --- a/openldap.spec +++ b/openldap.spec @@ -3,7 +3,7 @@ # not work with some versions of OpenLDAP. %define db_version 4.6.21 %define ldbm_backend berkeley -%define version 2.4.10 +%define version 2.4.11 %define evolution_connector_prefix %{_libdir}/evolution-openldap %define evolution_connector_includedir %{evolution_connector_prefix}/include %define evolution_connector_libdir %{evolution_connector_prefix}/%{_lib} @@ -11,7 +11,7 @@ Summary: The configuration files, libraries, and documentation for OpenLDAP Name: openldap Version: %{version} -Release: 2%{?dist} +Release: 1%{?dist} License: OpenLDAP Group: System Environment/Daemons Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version}.tgz @@ -34,13 +34,13 @@ Patch5: openldap-2.4.6-nosql.patch Patch6: openldap-2.3.19-gethostbyXXXX_r.patch Patch9: openldap-2.3.37-smbk5pwd.patch Patch10: openldap-2.4.6-multilib.patch -Patch11: openldap-2.3.27-ber-decode.patch # Patches for the evolution library Patch200: openldap-2.4.6-evolution-ntlm.patch # Patches for db4 library - +Patch400: patch.4.6.21.1 +Patch401: patch.4.6.21.2 URL: http://www.openldap.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-root @@ -120,6 +120,8 @@ programs needed for accessing and modifying OpenLDAP directories. %setup -q -c -a 1 pushd db-%{db_version} +%patch400 -p0 -b .patch1 +%patch401 -p0 -b .patch2 popd pushd openldap-%{version} @@ -132,7 +134,6 @@ pushd openldap-%{version} %patch6 -p1 -b .gethostbyname_r %patch9 -p1 -b .smbk5pwd %patch10 -p1 -b .multilib -%patch11 -p0 -b .ber-decode cp %{_datadir}/libtool/config.{sub,guess} build/ popd @@ -599,6 +600,10 @@ fi %attr(0644,root,root) %{evolution_connector_libdir}/*.a %changelog +* Mon Jul 21 2008 Jan Safranek 2.4.11-1 +- new upstream release +- apply official bdb-4.6.21 patches + * Wed Jul 2 2008 Jan Safranek 2.4.10-2 - fix CVE-2008-2952 (#453728) diff --git a/patch.4.6.21.1 b/patch.4.6.21.1 new file mode 100644 index 0000000..26af30e --- /dev/null +++ b/patch.4.6.21.1 @@ -0,0 +1,94 @@ +Official usptream patch #1 + +Source: http://www.oracle.com/technology/products/berkeley-db/db/update/4.6.21/patch.4.6.21.html + +*** dbinc/mp.h 2007-09-28 01:28:25.000000000 +1000 +--- dbinc/mp.h 2008-02-14 01:22:09.000000000 +1100 +*************** +*** 639,644 **** +--- 639,647 ---- + */ + #define MP_TRUNC_RECOVER 0x01 + ++ /* Private flags to DB_MPOOLFILE->close. */ ++ #define DB_MPOOL_NOLOCK 0x002 /* Already have mpf locked. */ ++ + #if defined(__cplusplus) + } + #endif +*** mp/mp_fopen.c 2007-05-18 03:18:01.000000000 +1000 +--- mp/mp_fopen.c 2008-02-12 16:09:42.000000000 +1100 +*************** +*** 888,894 **** + * when we try to flush them. + */ + deleted = 0; +! MUTEX_LOCK(dbenv, mfp->mutex); + if (F_ISSET(dbmfp, MP_MULTIVERSION)) + --mfp->multiversion; + if (--mfp->mpf_cnt == 0 || LF_ISSET(DB_MPOOL_DISCARD)) { +--- 888,895 ---- + * when we try to flush them. + */ + deleted = 0; +! if (!LF_ISSET(DB_MPOOL_NOLOCK)) +! MUTEX_LOCK(dbenv, mfp->mutex); + if (F_ISSET(dbmfp, MP_MULTIVERSION)) + --mfp->multiversion; + if (--mfp->mpf_cnt == 0 || LF_ISSET(DB_MPOOL_DISCARD)) { +*************** +*** 909,921 **** + } + } + if (mfp->block_cnt == 0) { + if ((t_ret = + __memp_mf_discard(dbmp, mfp)) != 0 && ret == 0) + ret = t_ret; + deleted = 1; + } + } +! if (!deleted) + MUTEX_UNLOCK(dbenv, mfp->mutex); + + done: /* Discard the DB_MPOOLFILE structure. */ +--- 910,928 ---- + } + } + if (mfp->block_cnt == 0) { ++ /* ++ * We should never discard this mp file if our caller ++ * is holding the lock on it. See comment in ++ * __memp_sync_file. ++ */ ++ DB_ASSERT(dbenv, !LF_ISSET(DB_MPOOL_NOLOCK)); + if ((t_ret = + __memp_mf_discard(dbmp, mfp)) != 0 && ret == 0) + ret = t_ret; + deleted = 1; + } + } +! if (!deleted && !LF_ISSET(DB_MPOOL_NOLOCK)) + MUTEX_UNLOCK(dbenv, mfp->mutex); + + done: /* Discard the DB_MPOOLFILE structure. */ +*** mp/mp_sync.c 2007-06-02 04:32:44.000000000 +1000 +--- mp/mp_sync.c 2008-02-12 16:09:42.000000000 +1100 +*************** +*** 755,761 **** + * This is important since we are called with the hash bucket + * locked. The mfp will get freed via the cleanup pass. + */ +! if (dbmfp != NULL && (t_ret = __memp_fclose(dbmfp, 0)) != 0 && ret == 0) + ret = t_ret; + + --mfp->mpf_cnt; +--- 755,762 ---- + * This is important since we are called with the hash bucket + * locked. The mfp will get freed via the cleanup pass. + */ +! if (dbmfp != NULL && +! (t_ret = __memp_fclose(dbmfp, DB_MPOOL_NOLOCK)) != 0 && ret == 0) + ret = t_ret; + + --mfp->mpf_cnt; + diff --git a/patch.4.6.21.2 b/patch.4.6.21.2 new file mode 100644 index 0000000..8dea6a8 --- /dev/null +++ b/patch.4.6.21.2 @@ -0,0 +1,31 @@ +Official usptream patch #2 + +Source: http://www.oracle.com/technology/products/berkeley-db/db/update/4.6.21/patch.4.6.21.html + +*** mp/mp_region.c 2007-05-18 03:18:01.000000000 +1000 +--- mp/mp_region.c 2008-06-24 13:15:56.000000000 +1000 +*************** +*** 249,256 **** + mtx_base = htab[0].mtx_hash; + } + + if (mtx_base != MUTEX_INVALID) +! mtx_base += reginfo_off * htab_buckets; + + /* Allocate hash table space and initialize it. */ + if ((ret = __env_alloc(infop, +--- 249,262 ---- + mtx_base = htab[0].mtx_hash; + } + ++ /* ++ * We preallocated all of the mutexes in a block, so for regions after ++ * the first, we skip mutexes in use in earlier regions. Each region ++ * has the same number of buckets and there are two mutexes per hash ++ * bucket (the bucket mutex and the I/O mutex). ++ */ + if (mtx_base != MUTEX_INVALID) +! mtx_base += reginfo_off * htab_buckets * 2; + + /* Allocate hash table space and initialize it. */ + if ((ret = __env_alloc(infop, diff --git a/sources b/sources index 0964082..578b8b1 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ 718082e7e35fc48478a2334b0bc4cd11 db-4.6.21.tar.gz -519171f3e562bfced7afac7756cf7bf5 openldap-2.4.10.tgz +920fedbbb5bc61c2ca52c56edeef770a openldap-2.4.11.tgz