aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeonardo Arena <rnalrd@alpinelinux.org>2015-09-14 08:21:50 +0000
committerLeonardo Arena <rnalrd@alpinelinux.org>2015-09-14 08:21:50 +0000
commit4041a223b7e7b9a7ab163406bc7f4b04a4a8fad3 (patch)
treec6283b0eed88dd307ad8bbad3b79d758cba2988b
parentacf921b1ab79fc19a2ed1ebb6056ab2017e37568 (diff)
downloadaports-4041a223b7e7b9a7ab163406bc7f4b04a4a8fad3.tar.bz2
aports-4041a223b7e7b9a7ab163406bc7f4b04a4a8fad3.tar.xz
main/openldap: fix ber_get_next denial of service (CVE-2015-6908)
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8240
-rw-r--r--main/openldap/APKBUILD7
-rw-r--r--main/openldap/CVE-2015-6908.patch25
2 files changed, 31 insertions, 1 deletions
diff --git a/main/openldap/APKBUILD b/main/openldap/APKBUILD
index 13ccec338a..d7381249fb 100644
--- a/main/openldap/APKBUILD
+++ b/main/openldap/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=openldap
pkgver=2.4.42
-pkgrel=0
+pkgrel=1
pkgdesc="LDAP Server"
url="http://www.openldap.org/"
arch="all"
@@ -24,6 +24,8 @@ source="ftp://ftp.$pkgname.org/pub/OpenLDAP/$pkgname-release/$pkgname-$pkgver.tg
openldap-2.4.11-libldap_r.patch
0001-dbd-enabled-by-default.patch
openldap-mqtt-overlay.patch
+ CVE-2015-6908.patch
+
slapd.initd
slapd.confd
slurpd.initd
@@ -152,6 +154,7 @@ md5sums="47c8e2f283647a6105b8b0325257e922 openldap-2.4.42.tgz
d19d0502f046078ecd737e29e7552fa8 openldap-2.4.11-libldap_r.patch
7b4eec9a90d2f7f727e0f9cb4653887c 0001-dbd-enabled-by-default.patch
05266dddd5a9cc5de1b67ab62b6d26fb openldap-mqtt-overlay.patch
+2df05f886ad96db4da8098078b3f8ae4 CVE-2015-6908.patch
b1291a48e7f5228a88d8d479cc1c2714 slapd.initd
b672311fca605c398240cd37a2ae080a slapd.confd
9ecb5712e8e4a8fe5bf0183254305f0d slurpd.initd"
@@ -160,6 +163,7 @@ sha256sums="eeb7b0e2c5852bfd2650e83909bb6152835c0b862fab10b63954dc1bcbba8e63 op
3310a89d38bc39e6eb4333799d475411b274482b8bccab212b3edfd4385db70e openldap-2.4.11-libldap_r.patch
8d1ee24c52928302acb876bc99cc75757eb15b278a10bfd3d43cabb332bcd3c4 0001-dbd-enabled-by-default.patch
5de1464a6ae154e1556f7faa9494caf7ca94d26a0ef2f7d5abdc6aa2513cc1c9 openldap-mqtt-overlay.patch
+6950a117365046be3c4f5a1b45557ac2d1df0201d354889b0d7be26dc517e31c CVE-2015-6908.patch
454480c29e938a82fd46e490a0369586ed7c344a2ac559f95bbe813df6c07f8a slapd.initd
1ccb8a3b78b65b125b24779dd065cf8000e2d5e4da267bb0a892e730edd2055d slapd.confd
3cdd67b848f470399c0e8aeb89031de152383deeaf9da1416596093c67594118 slurpd.initd"
@@ -168,6 +172,7 @@ sha512sums="52d6af7610c4fdc8f965ebea04d09c38f73773a02c2e484dc111100f3d472f8b2f76
44d97efb25d4f39ab10cd5571db43f3bfa7c617a5bb087085ae16c0298aca899b55c8742a502121ba743a73e6d77cd2056bc96cee63d6d0862dabc8fb5574357 openldap-2.4.11-libldap_r.patch
b0892e049feab931d6439374ecf2497c54fbf46daef622f9949f02a26cd4b20f73de7cff1e1d64894539dc599793ffbd61d7a5bba6e026f3966295cf6a39f1be 0001-dbd-enabled-by-default.patch
9c7f41279e91ed995c91e9a8c543c797d9294a93cf260afdc03ab5777e45ed045a4d6a4d4d0180b5dc387dc04babca01d818fbfa8168309df44f4500d2a430a4 openldap-mqtt-overlay.patch
+f3d0a844aeea4215d5ce09df2d444b3a29cb43ffeca0d05ba29f72cb3666dd5dfb350467e8003b600e1a93990978b249c4756ad531c34bf538fa7e917d8ee9e5 CVE-2015-6908.patch
1a5490a29a2be8382a64d3d07a36906d2189571f4c44d8ad96b769db58d91a33b2eee24fe10343ec26440fa61cfd406c4e95153dce29c2f315d1f13f5b0f47e8 slapd.initd
8290769b63b3a5863622de2deb9269a0711ba5f4a225eb230d7c5097937b9d4e8cf5a998ee99232824e2335ae1b6e0114357b61c9611bc2460ebd195d12eabae slapd.confd
c8bffecdbd09583bec7720b5f6a5b9680b0eae055fd63f10736cf2fe25378b95acddf910e60f6408c9637a3fe48050299cfb500a6bc9a95a0ef135d5a4c4d5f9 slurpd.initd"
diff --git a/main/openldap/CVE-2015-6908.patch b/main/openldap/CVE-2015-6908.patch
new file mode 100644
index 0000000000..9a2474c647
--- /dev/null
+++ b/main/openldap/CVE-2015-6908.patch
@@ -0,0 +1,25 @@
+From: Howard Chu <hyc@symas.com>
+Date: Sat, 12 Sep 2015 21:18:22 +0000 (+0100)
+Subject: Revert "Revert "ITS#8240 remove obsolete assert""
+X-Git-Url: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff_plain;h=844ee7df820fa397249ce76984d2e7094746cd93;hp=55dd4d3275d24c5190fdfada8dfae0320628b993
+
+Revert "Revert "ITS#8240 remove obsolete assert""
+
+We have never documented our use of assert, so can't expect
+builders to do the right thing.
+This reverts commit 55dd4d3275d24c5190fdfada8dfae0320628b993.
+---
+
+diff --git a/libraries/liblber/io.c b/libraries/liblber/io.c
+index 85c3e23..c05dcf8 100644
+--- a/libraries/liblber/io.c
++++ b/libraries/liblber/io.c
+@@ -679,7 +679,7 @@ done:
+ return (ber->ber_tag);
+ }
+
+- assert( 0 ); /* ber structure is messed up ?*/
++ /* invalid input */
+ return LBER_DEFAULT;
+ }
+