diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2017-06-01 11:12:27 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2017-06-01 11:12:27 +0000 |
| commit | 4b66a9765b5554d7a5c951a27b829c0e3cf18ba0 (patch) | |
| tree | 5f94ee29c3877530bc62a1953fca0b8e9bd4b86d /main | |
| parent | 7e44ce9040e45575b12ae9127f5b5dea069c3783 (diff) | |
| download | aports-4b66a9765b5554d7a5c951a27b829c0e3cf18ba0.tar.bz2 aports-4b66a9765b5554d7a5c951a27b829c0e3cf18ba0.tar.xz | |
main/openldap: sec fix for CVE-2017-9287
Diffstat (limited to 'main')
| -rw-r--r-- | main/openldap/APKBUILD | 26 | ||||
| -rw-r--r-- | main/openldap/CVE-2017-9287.patch | 28 |
2 files changed, 36 insertions, 18 deletions
diff --git a/main/openldap/APKBUILD b/main/openldap/APKBUILD index 3f0696f015..f16369a22a 100644 --- a/main/openldap/APKBUILD +++ b/main/openldap/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=openldap pkgver=2.4.44 -pkgrel=4 +pkgrel=5 pkgdesc="LDAP Server" url="http://www.openldap.org/" arch="all" @@ -25,12 +25,17 @@ source="ftp://ftp.$pkgname.org/pub/OpenLDAP/$pkgname-release/$pkgname-$pkgver.tg openldap-2.4.11-libldap_r.patch bdb-enabled-by-default.patch openldap-mqtt-overlay.patch + CVE-2017-9287.patch slapd.initd slapd.confd slurpd.initd " +# secfixes: +# 2.4.44-r5: +# - CVE-2017-9287 + prepare() { cd "$srcdir"/$pkgname-$pkgver update_config_sub || return 1 @@ -101,7 +106,7 @@ package() { chmod 700 "$pkgdir"/var/lib/openldap \ "$pkgdir"/var/lib/openldap/openldap-data chown -R ldap.ldap "$pkgdir"/var/lib/openldap/openldap-data - + install -Dm755 "$srcdir"/slapd.initd "$pkgdir"/etc/init.d/slapd install -Dm755 "$srcdir"/slapd.confd "$pkgdir"/etc/conf.d/slapd install -Dm755 "$srcdir"/slurpd.initd "$pkgdir"/etc/init.d/slurpd @@ -159,27 +164,12 @@ passwd_pbkdf2() { mv "$pkgdir"/usr/lib/openldap/pw-pbkdf2.* "$subpkgdir"/usr/lib/openldap || return 1 } -md5sums="693ac26de86231f8dcae2b4e9d768e51 openldap-2.4.44.tgz -2524e490ba334a760fa57057c16da7a9 openldap-2.4-ppolicy.patch -d19d0502f046078ecd737e29e7552fa8 openldap-2.4.11-libldap_r.patch -2d6b2f0829145c5d9330a381b3ffbb17 bdb-enabled-by-default.patch -05266dddd5a9cc5de1b67ab62b6d26fb openldap-mqtt-overlay.patch -b1291a48e7f5228a88d8d479cc1c2714 slapd.initd -b672311fca605c398240cd37a2ae080a slapd.confd -9ecb5712e8e4a8fe5bf0183254305f0d slurpd.initd" -sha256sums="d7de6bf3c67009c95525dde3a0212cc110d0a70b92af2af8e3ee800e81b88400 openldap-2.4.44.tgz -355a8239355fcc5863ba7430d73af7ccad9e0211ae56180011d15d7418aa5b27 openldap-2.4-ppolicy.patch -3310a89d38bc39e6eb4333799d475411b274482b8bccab212b3edfd4385db70e openldap-2.4.11-libldap_r.patch -710352d2cd64cba73d236bb6ee7053e9fb9a94232c3b91a44d6d2040d26d42ce bdb-enabled-by-default.patch -5de1464a6ae154e1556f7faa9494caf7ca94d26a0ef2f7d5abdc6aa2513cc1c9 openldap-mqtt-overlay.patch -454480c29e938a82fd46e490a0369586ed7c344a2ac559f95bbe813df6c07f8a slapd.initd -1ccb8a3b78b65b125b24779dd065cf8000e2d5e4da267bb0a892e730edd2055d slapd.confd -3cdd67b848f470399c0e8aeb89031de152383deeaf9da1416596093c67594118 slurpd.initd" sha512sums="132eb81798f59a364c9246d08697e1c7ebb6c2c3b983f786b14ec0233df09696cbad33a1f35f3076348b5efb77665a076ab854a24122c31e8b58310b7c7fd136 openldap-2.4.44.tgz 5d34d49eabe7cb66cf8284cc3bd9730fa23df4932df68549e242d250ee50d40c434ae074ebc720d5fbcd9d16587c9333c5598d30a5f1177caa61461ab7771f38 openldap-2.4-ppolicy.patch 44d97efb25d4f39ab10cd5571db43f3bfa7c617a5bb087085ae16c0298aca899b55c8742a502121ba743a73e6d77cd2056bc96cee63d6d0862dabc8fb5574357 openldap-2.4.11-libldap_r.patch d94f791ff3d10f1fe244a6a071331d6dd5933ed859e1cf9465654e650ff7223eedad5f054ad77de2ad4dbbd0b4a2cfda970ad733baaa833183aee996216bdbf1 bdb-enabled-by-default.patch 9c7f41279e91ed995c91e9a8c543c797d9294a93cf260afdc03ab5777e45ed045a4d6a4d4d0180b5dc387dc04babca01d818fbfa8168309df44f4500d2a430a4 openldap-mqtt-overlay.patch +e81417c5df06148ddc6c4458c63349045b750b0f5ca981f92596777996114480301bc0ae62eb82a2cc242a025f53de3174efef5e3c28a54a94ccee773435a42a CVE-2017-9287.patch 1a5490a29a2be8382a64d3d07a36906d2189571f4c44d8ad96b769db58d91a33b2eee24fe10343ec26440fa61cfd406c4e95153dce29c2f315d1f13f5b0f47e8 slapd.initd 8290769b63b3a5863622de2deb9269a0711ba5f4a225eb230d7c5097937b9d4e8cf5a998ee99232824e2335ae1b6e0114357b61c9611bc2460ebd195d12eabae slapd.confd c8bffecdbd09583bec7720b5f6a5b9680b0eae055fd63f10736cf2fe25378b95acddf910e60f6408c9637a3fe48050299cfb500a6bc9a95a0ef135d5a4c4d5f9 slurpd.initd" diff --git a/main/openldap/CVE-2017-9287.patch b/main/openldap/CVE-2017-9287.patch new file mode 100644 index 0000000000..1599c13315 --- /dev/null +++ b/main/openldap/CVE-2017-9287.patch @@ -0,0 +1,28 @@ +From 0cee1ffb6021b1aae3fcc9581699da1c85a6dd6e Mon Sep 17 00:00:00 2001 +From: Ryan Tandy <ryan@nardis.ca> +Date: Wed, 17 May 2017 20:07:39 -0700 +Subject: [PATCH] ITS#8655 fix double free on paged search with pagesize 0 + +Fixes a double free when a search includes the Paged Results control +with a page size of 0 and the search base matches the filter. +--- + servers/slapd/back-mdb/search.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/servers/slapd/back-mdb/search.c b/servers/slapd/back-mdb/search.c +index 301d1a4..43442aa 100644 +--- a/servers/slapd/back-mdb/search.c ++++ b/servers/slapd/back-mdb/search.c +@@ -1066,7 +1066,8 @@ notfound: + /* check size limit */ + if ( get_pagedresults(op) > SLAP_CONTROL_IGNORED ) { + if ( rs->sr_nentries >= ((PagedResultsState *)op->o_pagedresults_state)->ps_size ) { +- mdb_entry_return( op, e ); ++ if (e != base) ++ mdb_entry_return( op, e ); + e = NULL; + send_paged_response( op, rs, &lastid, tentries ); + goto done; +-- +1.7.10.4 + |