diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2015-03-10 11:01:45 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2015-03-10 13:57:48 +0000 |
| commit | c35d8ac23c9256c6c00de60a8d96fbd509695d69 (patch) | |
| tree | ccd0bcd3210ed918a919d94b2b916b9922e0d3a8 | |
| parent | 9801f0b7278995ed3cb9a19c187f3004d4caf4ab (diff) | |
| download | aports-c35d8ac23c9256c6c00de60a8d96fbd509695d69.tar.bz2 aports-c35d8ac23c9256c6c00de60a8d96fbd509695d69.tar.xz | |
main/openldap: security fix for CVE-2015-1545,CVE-2015-1546
| -rw-r--r-- | main/openldap/APKBUILD | 10 | ||||
| -rw-r--r-- | main/openldap/CVE-2015-1545.patch | 26 | ||||
| -rw-r--r-- | main/openldap/CVE-2015-1546.patch | 34 |
3 files changed, 69 insertions, 1 deletions
diff --git a/main/openldap/APKBUILD b/main/openldap/APKBUILD index 4e021e5b6b..3f15d44d54 100644 --- a/main/openldap/APKBUILD +++ b/main/openldap/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=openldap pkgver=2.4.35 -pkgrel=1 +pkgrel=2 pkgdesc="LDAP Server" url="http://www.openldap.org/" arch="all" @@ -19,6 +19,8 @@ install="$pkgname.pre-install" source="ftp://ftp.$pkgname.org/pub/OpenLDAP/$pkgname-release/$pkgname-$pkgver.tgz openldap-2.4-ppolicy.patch openldap-2.4.11-libldap_r.patch + CVE-2015-1545.patch + CVE-2015-1546.patch slapd.initd slapd.confd slurpd.initd @@ -129,18 +131,24 @@ clients() { md5sums="cd75d82ca89fb0280cba66ca6bd97448 openldap-2.4.35.tgz 2524e490ba334a760fa57057c16da7a9 openldap-2.4-ppolicy.patch d19d0502f046078ecd737e29e7552fa8 openldap-2.4.11-libldap_r.patch +b7f994678db068bbe186ce92c73fb060 CVE-2015-1545.patch +09f2be28af8aaf2883446c85d854cfe8 CVE-2015-1546.patch 41d45b9ed59037dcdf640e395ace113c slapd.initd b672311fca605c398240cd37a2ae080a slapd.confd fa5ce0005ef5f1160b6ff126f97aaa1a slurpd.initd" sha256sums="16100374c147df0d82a5c52ca60da5eca1a5ea8b5a187467d40a78e3691e9eeb openldap-2.4.35.tgz 355a8239355fcc5863ba7430d73af7ccad9e0211ae56180011d15d7418aa5b27 openldap-2.4-ppolicy.patch 3310a89d38bc39e6eb4333799d475411b274482b8bccab212b3edfd4385db70e openldap-2.4.11-libldap_r.patch +32d423d6b6bb8b16980de98f9ed1de581673c3a63de3a9b7d4841c2b037d27c1 CVE-2015-1545.patch +07d6feebc366c14e42b5027239e12d5ec2981714b6a61a1365981c20d9fd87de CVE-2015-1546.patch 726efdbaceb1b907bb085b7996222a0bc83610730c5d6b9646b062e09f2ef964 slapd.initd 1ccb8a3b78b65b125b24779dd065cf8000e2d5e4da267bb0a892e730edd2055d slapd.confd 9cfe54485585a1bd74dd167c27ad9e60a5dec7351b6a64804749f253bb6cfbad slurpd.initd" sha512sums="b39232b4bab7ecb0ae14961adaa555590ca24ecbaeb3d94ea251e2de3bf7425ce364a2a488f9745fae17f106cdf198c852c73b5f2b910d329c598db435d6b31d openldap-2.4.35.tgz 5d34d49eabe7cb66cf8284cc3bd9730fa23df4932df68549e242d250ee50d40c434ae074ebc720d5fbcd9d16587c9333c5598d30a5f1177caa61461ab7771f38 openldap-2.4-ppolicy.patch 44d97efb25d4f39ab10cd5571db43f3bfa7c617a5bb087085ae16c0298aca899b55c8742a502121ba743a73e6d77cd2056bc96cee63d6d0862dabc8fb5574357 openldap-2.4.11-libldap_r.patch +56394c12b08862843ab7d4a76f5c7f13eaecb2d9717a9571d792c1aa7b77e5b2267525c7d7ecdb646beac736ca437b9f10a17cb18fd54e9f9f2a5d02904cfafa CVE-2015-1545.patch +9eb54e63fecc7ad59bf710803a7da275ea1de069d1a27d56ee01417d33035d90d89ab9903de82154f625c796145c1056d5a52ad8bfb8238c7ab5304c413fd25b CVE-2015-1546.patch 723fb2546ac8a3672240139d4b7ec5041be961990fd8385171a53c737436d6307dc05671fcd190dd5e3b3ee21967a2a632ec8852fe84519fdea0c7f535c598ee slapd.initd 8290769b63b3a5863622de2deb9269a0711ba5f4a225eb230d7c5097937b9d4e8cf5a998ee99232824e2335ae1b6e0114357b61c9611bc2460ebd195d12eabae slapd.confd 69ee0d739d8c8c1cb2478d5c864f703cba215d0ceb399da941c0ebc91e7de87a4d99172670686a84a98e57bde94837777a8066d27f79b6b8bf4bcd72336ce775 slurpd.initd" diff --git a/main/openldap/CVE-2015-1545.patch b/main/openldap/CVE-2015-1545.patch new file mode 100644 index 0000000000..a642bed03b --- /dev/null +++ b/main/openldap/CVE-2015-1545.patch @@ -0,0 +1,26 @@ +From c32e74763f77675b9e144126e375977ed6dc562c Mon Sep 17 00:00:00 2001 +From: Howard Chu <hyc@openldap.org> +Date: Mon, 19 Jan 2015 22:25:53 +0000 +Subject: [PATCH] ITS#8027 require non-empty AttributeList + +--- + servers/slapd/overlays/deref.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/servers/slapd/overlays/deref.c b/servers/slapd/overlays/deref.c +index 9420e3e..05aa890 100644 +--- a/servers/slapd/overlays/deref.c ++++ b/servers/slapd/overlays/deref.c +@@ -183,7 +183,8 @@ deref_parseCtrl ( + ber_len_t cnt = sizeof(struct berval); + ber_len_t off = 0; + +- if ( ber_scanf( ber, "{m{M}}", &derefAttr, &attributes, &cnt, off ) == LBER_ERROR ) ++ if ( ber_scanf( ber, "{m{M}}", &derefAttr, &attributes, &cnt, off ) == LBER_ERROR ++ || !cnt ) + { + rs->sr_text = "Dereference control: derefSpec decoding error"; + rs->sr_err = LDAP_PROTOCOL_ERROR; +-- +1.7.10.4 + diff --git a/main/openldap/CVE-2015-1546.patch b/main/openldap/CVE-2015-1546.patch new file mode 100644 index 0000000000..c7d81bb721 --- /dev/null +++ b/main/openldap/CVE-2015-1546.patch @@ -0,0 +1,34 @@ +From 2f1a2dd329b91afe561cd06b872d09630d4edb6a Mon Sep 17 00:00:00 2001 +From: Howard Chu <hyc@openldap.org> +Date: Wed, 4 Feb 2015 02:03:55 +0000 +Subject: [PATCH] ITS#8046 fix vrFilter_free + +--- + servers/slapd/filter.c | 10 +++------- + 1 file changed, 3 insertions(+), 7 deletions(-) + +diff --git a/servers/slapd/filter.c b/servers/slapd/filter.c +index b859f73..22c81c8 100644 +--- a/servers/slapd/filter.c ++++ b/servers/slapd/filter.c +@@ -1158,14 +1158,10 @@ get_vrFilter( Operation *op, BerElement *ber, + void + vrFilter_free( Operation *op, ValuesReturnFilter *vrf ) + { +- ValuesReturnFilter *p, *next; ++ ValuesReturnFilter *next; + +- if ( vrf == NULL ) { +- return; +- } +- +- for ( p = vrf; p != NULL; p = next ) { +- next = p->vrf_next; ++ for ( ; vrf != NULL; vrf = next ) { ++ next = vrf->vrf_next; + + switch ( vrf->vrf_choice & SLAPD_FILTER_MASK ) { + case LDAP_FILTER_PRESENT: +-- +1.7.10.4 + |