aboutsummaryrefslogtreecommitdiffstats
path: root/main/openldap
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2015-03-10 11:07:46 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2015-03-10 11:07:46 +0000
commit4063a9f593dc245c618a83ba5d61136ca675efd5 (patch)
treee4a0fc82bc1879faf260cfda2e8f43fecdc1140b /main/openldap
parentc55909f5fdc40ad782d8ab2cbedb17cb6628bc7e (diff)
downloadaports-4063a9f593dc245c618a83ba5d61136ca675efd5.tar.bz2
aports-4063a9f593dc245c618a83ba5d61136ca675efd5.tar.xz
main/openldap: security fix for CVE-2015-1545
ref #3966
Diffstat (limited to 'main/openldap')
-rw-r--r--main/openldap/APKBUILD6
-rw-r--r--main/openldap/CVE-2015-1545.patch26
2 files changed, 31 insertions, 1 deletions
diff --git a/main/openldap/APKBUILD b/main/openldap/APKBUILD
index 2c5eea08cc..a08a9c67f9 100644
--- a/main/openldap/APKBUILD
+++ b/main/openldap/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=openldap
pkgver=2.4.40
-pkgrel=2
+pkgrel=3
pkgdesc="LDAP Server"
url="http://www.openldap.org/"
arch="all"
@@ -23,6 +23,7 @@ source="ftp://ftp.$pkgname.org/pub/OpenLDAP/$pkgname-release/$pkgname-$pkgver.tg
openldap-2.4.11-libldap_r.patch
0001-dbd-enabled-by-default.patch
openldap-mqtt-overlay.patch
+ CVE-2015-1545.patch
CVE-2015-1546.patch
slapd.initd
slapd.confd
@@ -155,6 +156,7 @@ md5sums="423c1f23d2a0cb96b3e9baf7e9d7dda7 openldap-2.4.40.tgz
d19d0502f046078ecd737e29e7552fa8 openldap-2.4.11-libldap_r.patch
7b4eec9a90d2f7f727e0f9cb4653887c 0001-dbd-enabled-by-default.patch
05266dddd5a9cc5de1b67ab62b6d26fb openldap-mqtt-overlay.patch
+b7f994678db068bbe186ce92c73fb060 CVE-2015-1545.patch
09f2be28af8aaf2883446c85d854cfe8 CVE-2015-1546.patch
41d45b9ed59037dcdf640e395ace113c slapd.initd
b672311fca605c398240cd37a2ae080a slapd.confd
@@ -164,6 +166,7 @@ sha256sums="d12611a5c25b6499293c2bb7b435dc2b174db73e83f5a8cb7e34f2ce5fa6dadb op
3310a89d38bc39e6eb4333799d475411b274482b8bccab212b3edfd4385db70e openldap-2.4.11-libldap_r.patch
8d1ee24c52928302acb876bc99cc75757eb15b278a10bfd3d43cabb332bcd3c4 0001-dbd-enabled-by-default.patch
5de1464a6ae154e1556f7faa9494caf7ca94d26a0ef2f7d5abdc6aa2513cc1c9 openldap-mqtt-overlay.patch
+32d423d6b6bb8b16980de98f9ed1de581673c3a63de3a9b7d4841c2b037d27c1 CVE-2015-1545.patch
07d6feebc366c14e42b5027239e12d5ec2981714b6a61a1365981c20d9fd87de CVE-2015-1546.patch
726efdbaceb1b907bb085b7996222a0bc83610730c5d6b9646b062e09f2ef964 slapd.initd
1ccb8a3b78b65b125b24779dd065cf8000e2d5e4da267bb0a892e730edd2055d slapd.confd
@@ -173,6 +176,7 @@ sha512sums="c803c4a82878891d60414d64dcb54a7c3f08675106ba13f50cba06034a97b3eee1c2
44d97efb25d4f39ab10cd5571db43f3bfa7c617a5bb087085ae16c0298aca899b55c8742a502121ba743a73e6d77cd2056bc96cee63d6d0862dabc8fb5574357 openldap-2.4.11-libldap_r.patch
b0892e049feab931d6439374ecf2497c54fbf46daef622f9949f02a26cd4b20f73de7cff1e1d64894539dc599793ffbd61d7a5bba6e026f3966295cf6a39f1be 0001-dbd-enabled-by-default.patch
9c7f41279e91ed995c91e9a8c543c797d9294a93cf260afdc03ab5777e45ed045a4d6a4d4d0180b5dc387dc04babca01d818fbfa8168309df44f4500d2a430a4 openldap-mqtt-overlay.patch
+56394c12b08862843ab7d4a76f5c7f13eaecb2d9717a9571d792c1aa7b77e5b2267525c7d7ecdb646beac736ca437b9f10a17cb18fd54e9f9f2a5d02904cfafa CVE-2015-1545.patch
9eb54e63fecc7ad59bf710803a7da275ea1de069d1a27d56ee01417d33035d90d89ab9903de82154f625c796145c1056d5a52ad8bfb8238c7ab5304c413fd25b CVE-2015-1546.patch
723fb2546ac8a3672240139d4b7ec5041be961990fd8385171a53c737436d6307dc05671fcd190dd5e3b3ee21967a2a632ec8852fe84519fdea0c7f535c598ee slapd.initd
8290769b63b3a5863622de2deb9269a0711ba5f4a225eb230d7c5097937b9d4e8cf5a998ee99232824e2335ae1b6e0114357b61c9611bc2460ebd195d12eabae slapd.confd
diff --git a/main/openldap/CVE-2015-1545.patch b/main/openldap/CVE-2015-1545.patch
new file mode 100644
index 0000000000..a642bed03b
--- /dev/null
+++ b/main/openldap/CVE-2015-1545.patch
@@ -0,0 +1,26 @@
+From c32e74763f77675b9e144126e375977ed6dc562c Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Mon, 19 Jan 2015 22:25:53 +0000
+Subject: [PATCH] ITS#8027 require non-empty AttributeList
+
+---
+ servers/slapd/overlays/deref.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/servers/slapd/overlays/deref.c b/servers/slapd/overlays/deref.c
+index 9420e3e..05aa890 100644
+--- a/servers/slapd/overlays/deref.c
++++ b/servers/slapd/overlays/deref.c
+@@ -183,7 +183,8 @@ deref_parseCtrl (
+ ber_len_t cnt = sizeof(struct berval);
+ ber_len_t off = 0;
+
+- if ( ber_scanf( ber, "{m{M}}", &derefAttr, &attributes, &cnt, off ) == LBER_ERROR )
++ if ( ber_scanf( ber, "{m{M}}", &derefAttr, &attributes, &cnt, off ) == LBER_ERROR
++ || !cnt )
+ {
+ rs->sr_text = "Dereference control: derefSpec decoding error";
+ rs->sr_err = LDAP_PROTOCOL_ERROR;
+--
+1.7.10.4
+