[Pkg-fedora-ds-maintainers] 389-ds-base: Changes to 'master'
Timo Aaltonen
tjaalton at moszumanska.debian.org
Thu Jan 26 22:03:23 UTC 2017
debian/changelog | 7 +++++
debian/patches/fix-48986-cve-2017-2591.diff | 39 ++++++++++++++++++++++++++++
debian/patches/series | 1
3 files changed, 47 insertions(+)
New commits:
commit d30ffea124c154cbcaa530df6c3ca70633f11dd1
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Fri Jan 27 00:02:15 2017 +0200
releasing package 389-ds-base version 1.3.5.15-2
diff --git a/debian/changelog b/debian/changelog
index 365691f..a3d64b9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,9 +1,9 @@
-389-ds-base (1.3.5.15-2) UNRELEASED; urgency=medium
+389-ds-base (1.3.5.15-2) unstable; urgency=medium
* fix-48986-cve-2017-2591.diff: Fix upstream ticket 48986,
CVE-2017-2591. (Closes: #851769)
- -- Timo Aaltonen <tjaalton at debian.org> Thu, 26 Jan 2017 23:59:14 +0200
+ -- Timo Aaltonen <tjaalton at debian.org> Fri, 27 Jan 2017 00:01:53 +0200
389-ds-base (1.3.5.15-1) unstable; urgency=medium
commit c07f6fa6b465954396edb5a7b6e71a96f2de8fd9
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu Jan 26 23:59:55 2017 +0200
fix-48986-cve-2017-2591.diff: Fix upstream ticket 48986, CVE-2017-2591. (Closes: #851769)
diff --git a/debian/changelog b/debian/changelog
index 9231bb6..365691f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+389-ds-base (1.3.5.15-2) UNRELEASED; urgency=medium
+
+ * fix-48986-cve-2017-2591.diff: Fix upstream ticket 48986,
+ CVE-2017-2591. (Closes: #851769)
+
+ -- Timo Aaltonen <tjaalton at debian.org> Thu, 26 Jan 2017 23:59:14 +0200
+
389-ds-base (1.3.5.15-1) unstable; urgency=medium
* New upstream release.
diff --git a/debian/patches/fix-48986-cve-2017-2591.diff b/debian/patches/fix-48986-cve-2017-2591.diff
new file mode 100644
index 0000000..c5270b9
--- /dev/null
+++ b/debian/patches/fix-48986-cve-2017-2591.diff
@@ -0,0 +1,39 @@
+commit ffda694dd622b31277da07be76d3469fad86150f
+Author: William Brown <william at blackhats.net.au>
+Date: Wed Sep 28 10:46:21 2016 +1000
+
+ Ticket 48986 - 47808 triggers overflow in uiduniq.c
+
+ Bug Description: Certain configurations of uiduniq.c would cause an overflow
+ when running with Address Sanitiser
+
+ Fix Description: Increase the size of the allocation to tmp_config->attrs.
+
+ https://fedorahosted.org/389/ticket/48986
+
+ Author: nhosoi
+
+ Reviewed by: wibrown
+
+diff --git a/ldap/servers/plugins/uiduniq/uid.c b/ldap/servers/plugins/uiduniq/uid.c
+index d1d0162..2aba17a 100644
+--- a/ldap/servers/plugins/uiduniq/uid.c
++++ b/ldap/servers/plugins/uiduniq/uid.c
+@@ -302,7 +302,7 @@ uniqueness_entry_to_config(Slapi_PBlock *pb, Slapi_Entry *config_entry)
+ }
+
+ /* Store attrName in the config */
+- tmp_config->attrs = (const char **) slapi_ch_calloc(1, sizeof(char *));
++ tmp_config->attrs = (const char **) slapi_ch_calloc(2, sizeof(char *));
+ tmp_config->attrs[0] = slapi_ch_strdup(attrName);
+ argc--;
+ argv++; /* First argument was attribute name and remaining are subtrees */
+@@ -345,7 +345,7 @@ uniqueness_entry_to_config(Slapi_PBlock *pb, Slapi_Entry *config_entry)
+ * - requiredObjectClass
+ */
+ /* Store attrName in the config */
+- tmp_config->attrs = (const char **) slapi_ch_calloc(1, sizeof(char *));
++ tmp_config->attrs = (const char **) slapi_ch_calloc(2, sizeof(char *));
+ tmp_config->attrs[0] = slapi_ch_strdup(attrName);
+
+ /* There is no subtrees */
diff --git a/debian/patches/series b/debian/patches/series
index 150992f..9903469 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -7,3 +7,4 @@ fix-obsolete-target.diff
fix-saslpath.diff
reproducible-build.diff
fix-systemctl-path.diff
+fix-48986-cve-2017-2591.diff
More information about the Pkg-fedora-ds-maintainers
mailing list