[Pkg-openldap-devel] [openldap] 01/07: Acknowledge NMU fixing #729367, thanks to Michael Gilbert.
Ryan Tandy
rtandy-guest at moszumanska.debian.org
Fri Aug 29 05:21:59 UTC 2014
This is an automated email from the git hooks/post-receive script.
rtandy-guest pushed a commit to branch master
in repository openldap.
commit 1070b7f558a964ea964a9b931c7c802e874ba81c
Author: Ryan Tandy <ryan at nardis.ca>
Date: Mon Aug 25 13:33:01 2014 -0700
Acknowledge NMU fixing #729367, thanks to Michael Gilbert.
---
debian/changelog | 10 ++++++++--
...eference-counting.patch => CVE-2013-4449.patch} | 23 +---------------------
debian/patches/series | 2 +-
3 files changed, 10 insertions(+), 25 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 5debf08..955b659 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,6 @@
openldap (2.4.39-2) UNRELEASED; urgency=low
[ Ryan Tandy ]
- * 0001-ITS-7723-fix-reference-counting.patch: import upstream fix for
- CVE-2013-4449. Thanks to Hideki Yamane for the patch. (Closes: #729367)
* slapd.scripts-common:
- Anchor grep patterns to avoid matching commented lines in ldif files
under cn=config. (Closes: #723957)
@@ -24,6 +22,7 @@ openldap (2.4.39-2) UNRELEASED; urgency=low
- Drop debian/patches/fix-ftbfs-binutils-gold, no longer needed.
* Drop debconf-utils from Build-Depends, no longer used (replaced by
po-debconf). Thanks Johannes Schauer.
+ * Acknowledge NMU fixing #729367, thanks to Michael Gilbert.
[ Jelmer Vernooij ]
* Depend on heimdal-multidev rather than heimdal-dev. (Closes: #745356,
@@ -35,6 +34,13 @@ openldap (2.4.39-2) UNRELEASED; urgency=low
-- Ryan Tandy <ryan at nardis.ca> Mon, 07 Apr 2014 19:36:18 -0700
+openldap (2.4.39-1.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fix CVE-2013-4449: reference counting logic issue (closes: #729367).
+
+ -- Michael Gilbert <mgilbert at debian.org> Sat, 09 Aug 2014 09:26:51 +0000
+
openldap (2.4.39-1) unstable; urgency=low
[ Peter Marschall ]
diff --git a/debian/patches/0001-ITS-7723-fix-reference-counting.patch b/debian/patches/CVE-2013-4449.patch
similarity index 56%
rename from debian/patches/0001-ITS-7723-fix-reference-counting.patch
rename to debian/patches/CVE-2013-4449.patch
index 644bfa5..d166cf1 100644
--- a/debian/patches/0001-ITS-7723-fix-reference-counting.patch
+++ b/debian/patches/CVE-2013-4449.patch
@@ -1,28 +1,10 @@
-Description: fix remote DoS (CVE-2013-4449)
- taken from RHEL (and Fedora)
- for detail, see https://bugzilla.redhat.com/show_bug.cgi?id=1019490#c0
-
- and upstrea: http://www.openldap.org/its/index.cgi/Incoming?id=7723
-
-Author: Jan Synacek <jsynacek at redhat.com>
-Origin: vendor
-Bug-Debian: http://bugs.debian.org/729367
-Forwarded: not-need
-Last-Update: 2013-11-13
-
-
-
From 742d3e4a6a1f62c3c3ae1e9341f3615b4705a701 Mon Sep 17 00:00:00 2001
From: Jan Synacek <jsynacek at redhat.com>
Date: Wed, 13 Nov 2013 09:06:54 +0100
Subject: [PATCH] ITS#7723 fix reference counting
----
- libraries/librewrite/session.c | 2 ++
- 1 file changed, 2 insertions(+)
+http://www.openldap.org/its/?findid=7723
-diff --git a/libraries/librewrite/session.c b/libraries/librewrite/session.c
-index 28f2551..7c59d14 100644
--- a/libraries/librewrite/session.c
+++ b/libraries/librewrite/session.c
@@ -161,6 +161,7 @@ rewrite_session_find(
@@ -41,6 +23,3 @@ index 28f2551..7c59d14 100644
ldap_pvt_thread_mutex_unlock( &session->ls_mutex );
}
---
-1.8.3.1
-
diff --git a/debian/patches/series b/debian/patches/series
index d411c4b..6c8e04f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -18,7 +18,7 @@ no-AM_INIT_AUTOMAKE
switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff
no-bdb-ABI-second-guessing
heimdal-fix
-0001-ITS-7723-fix-reference-counting.patch
+CVE-2013-4449.patch
pw-sha2-makefile
its7430-avoid-gnutls-deprecated-function
its7877-use-nettle-instead-of-gcrypt
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-openldap/openldap.git
More information about the Pkg-openldap-devel
mailing list