[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#690319: Fix regression for kfreebsd-{i386,amd64} builds (#690319/CVE-2013-0288)



On Tue, 2013-05-07 at 21:00 +0200, Salvatore Bonaccorso wrote:
> Thanks for notifying. Yes, indeed nss-pam-ldapd did not build for
> kfreebsd-amd64 and kfreebsd-i386. As the FTBFS is a regression for the
> kfreebsd builds when appliying the initial fix for CVE-2013-0288 I
> think we should release an updated version targetting squeeze-security
> to include the fix for it and send an updated DSA.

Thanks. Attached is a debdiff with the version I'd like to upload.

As indicated before it also provides a fix for RC bug #700971 which
happens on package upgrades in some environments.

-- 
-- arthur - adejong@debian.org - http://people.debian.org/~adejong --
diff -Nru nss-pam-ldapd-0.7.15+squeeze3/debian/changelog nss-pam-ldapd-0.7.15+squeeze4/debian/changelog
--- nss-pam-ldapd-0.7.15+squeeze3/debian/changelog	2013-02-15 23:04:03.000000000 +0100
+++ nss-pam-ldapd-0.7.15+squeeze4/debian/changelog	2013-05-11 20:17:27.000000000 +0200
@@ -1,3 +1,11 @@
+nss-pam-ldapd (0.7.15+squeeze4) stable-security; urgency=low
+
+  * fix FTBFS on kFreeBSD (see #690319)
+  * debian/nslcd.config: handle options that are specified multiple times
+    in nslcd.conf consistently (closes: #700971)
+
+ -- Arthur de Jong <adejong@debian.org>  Sat, 11 May 2013 20:00:00 +0200
+
 nss-pam-ldapd (0.7.15+squeeze3) stable-security; urgency=high
 
   * SECURITY FIX: Garth Mollett discovered that a file descriptor overflow
diff -Nru nss-pam-ldapd-0.7.15+squeeze3/common/tio.c nss-pam-ldapd-0.7.15+squeeze4/common/tio.c
--- nss-pam-ldapd-0.7.15+squeeze3/common/tio.c	2013-02-12 22:03:06.000000000 +0100
+++ nss-pam-ldapd-0.7.15+squeeze4/common/tio.c	2013-05-02 09:54:49.000000000 +0200
@@ -185,7 +185,7 @@
     /* prepare our filedescriptorset */
     if (fp->fd>=FD_SETSIZE)
     {
-      errno=EBADFD;
+      errno=EBADF;
       return -1;
     }
     FD_ZERO(&fdset);
@@ -397,7 +397,7 @@
   /* prepare our filedescriptorset */
   if (fp->fd>=FD_SETSIZE)
   {
-    errno=EBADFD;
+    errno=EBADF;
     return -1;
   }
   FD_ZERO(&fdset);
diff -Nru nss-pam-ldapd-0.7.15+squeeze3/debian/nslcd.config nss-pam-ldapd-0.7.15+squeeze4/debian/nslcd.config
--- nss-pam-ldapd-0.7.15+squeeze3/debian/nslcd.config	2012-01-15 09:27:33.000000000 +0100
+++ nss-pam-ldapd-0.7.15+squeeze4/debian/nslcd.config	2013-02-22 21:05:14.000000000 +0100
@@ -78,7 +78,7 @@
     if [ -z "$uris" ]
     then
       hosts=`sed -n 's/^host[[:space:]]*//ip' "$cfgfile"`
-      port=`sed -n 's/^port[[:space:]]*//ip' "$cfgfile" | tail -n 1`
+      port=`sed -n 's/^port[[:space:]]*//ip' "$cfgfile" | head -n 1`
       for host in $hosts
       do
         if [ -z "$port" ] || (echo "$host" | grep -q ':' )
@@ -95,21 +95,21 @@
   db_get nslcd/ldap-base
   if [ -z "$RET" ]
   then
-    searchbase=`sed -n 's/^base[[:space:]]*\([^[:space:]]*\)[[:space:]]*$/\1/ip' "$cfgfile" | tail -n 1`
+    searchbase=`sed -n 's/^base[[:space:]]*\([^[:space:]]*\)[[:space:]]*$/\1/ip' "$cfgfile" | head -n 1`
     [ -n "$searchbase" ] && db_set nslcd/ldap-base "$searchbase"
   fi
   # find binddn
   db_get nslcd/ldap-binddn
   if [ -z "$RET" ]
   then
-    binddn=`sed -n 's/^binddn[[:space:]]*//ip' "$cfgfile" | tail -n 1`
+    binddn=`sed -n 's/^binddn[[:space:]]*//ip' "$cfgfile" | head -n 1`
     db_set nslcd/ldap-binddn "$binddn"
   fi
   # find bindpw
   db_get nslcd/ldap-bindpw
   if [ -z "$RET" ]
   then
-    bindpw=`sed -n 's/^bindpw[[:space:]]*//ip' "$cfgfile" | tail -n 1`
+    bindpw=`sed -n 's/^bindpw[[:space:]]*//ip' "$cfgfile" | head -n 1`
     db_set nslcd/ldap-bindpw "$bindpw"
   fi
   # check ssl option
@@ -128,7 +128,7 @@
   db_get nslcd/ldap-reqcert
   if [ -z "$RET" ]
   then
-    reqcert=`sed -n 's/^tls_\(reqcert\|checkpeer\)[[:space:]]*\([^[:space:]]*\)[[:space:]]*$/\2/ip' "$cfgfile" | tail -n 1`
+    reqcert=`sed -n 's/^tls_\(reqcert\|checkpeer\)[[:space:]]*\([^[:space:]]*\)[[:space:]]*$/\2/ip' "$cfgfile" | head -n 1`
     # normalise value
     reqcert=`echo "$reqcert" | tr 'A-Z' 'a-z' | sed 's/^no$/never/;s/^yes$/demand/;s/^hard$/demand/'`
     [ -n "$reqcert" ] && db_set nslcd/ldap-reqcert "$reqcert"

Attachment: signature.asc
Description: This is a digitally signed message part


Reply to: