diff options
| author | Leo <thinkabit.ukim@gmail.com> | 2019-08-01 17:03:34 -0300 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2019-08-05 13:35:59 +0200 |
| commit | f433608cc24c7e7a214a41e87b5c323e562f779d (patch) | |
| tree | 51da832944b8c7a69a1ea15ce67c0c489efff3ca /main | |
| parent | 5865ea3a9fe4671363312ee4f54742fb2f8f2b5f (diff) | |
| download | aports-f433608cc24c7e7a214a41e87b5c323e562f779d.tar.bz2 aports-f433608cc24c7e7a214a41e87b5c323e562f779d.tar.xz | |
main/openldap: security upgrade to 2.4.46
fixes #8786
Diffstat (limited to 'main')
| -rw-r--r-- | main/openldap/APKBUILD | 14 | ||||
| -rw-r--r-- | main/openldap/libressl.patch | 33 |
2 files changed, 27 insertions, 20 deletions
diff --git a/main/openldap/APKBUILD b/main/openldap/APKBUILD index 3b3caa8628..3d95dc70e0 100644 --- a/main/openldap/APKBUILD +++ b/main/openldap/APKBUILD @@ -2,12 +2,15 @@ # Contributor: Jakub Jirutka <jakub@jirutka.cz> # # secfixes: +# 2.4.46-r0: +# - CVE-2017-14159 +# - CVE-2017-17740 # 2.4.44-r5: # - CVE-2017-9287 # pkgname=openldap -pkgver=2.4.45 -pkgrel=3 +pkgver=2.4.46 +pkgrel=0 pkgdesc="LDAP Server" url="http://www.openldap.org/" arch="all" @@ -23,7 +26,8 @@ subpackages="$pkgname-dev $pkgname-doc libldap $pkgname-backend-all:_backend_all:noarch $pkgname-overlay-all:_overlay_all:noarch" install="$pkgname.pre-install $pkgname.post-install $pkgname.post-upgrade" -source="ftp://ftp.$pkgname.org/pub/OpenLDAP/$pkgname-release/$pkgname-$pkgver.tgz +source=" + https://www.openldap.org/software/download/OpenLDAP/openldap-release/openldap-$pkgver.tgz openldap-2.4-ppolicy.patch openldap-2.4.11-libldap_r.patch openldap-mqtt-overlay.patch @@ -212,11 +216,11 @@ _submv() { done } -sha512sums="1c9fc84efed8998f107ce6e1c6be3f5466388241afdca0cb3847720c9def0bc263a2dbc15bf0f9112d1b4c391fd01e8531a4fb08c5532c30fb86924c08daedab openldap-2.4.45.tgz +sha512sums="eef39d43f04aa09c657a1422cefef060fe00368559ae40d0d97536c08ebeaaa1ab06207b3f121ba6afcde54abdc550027c3505e5217e5fd47ae6f8c001260186 openldap-2.4.46.tgz 5d34d49eabe7cb66cf8284cc3bd9730fa23df4932df68549e242d250ee50d40c434ae074ebc720d5fbcd9d16587c9333c5598d30a5f1177caa61461ab7771f38 openldap-2.4-ppolicy.patch 44d97efb25d4f39ab10cd5571db43f3bfa7c617a5bb087085ae16c0298aca899b55c8742a502121ba743a73e6d77cd2056bc96cee63d6d0862dabc8fb5574357 openldap-2.4.11-libldap_r.patch 9c7f41279e91ed995c91e9a8c543c797d9294a93cf260afdc03ab5777e45ed045a4d6a4d4d0180b5dc387dc04babca01d818fbfa8168309df44f4500d2a430a4 openldap-mqtt-overlay.patch -cbfd573139e6b0c51d0f1f1337d74d5c07813509754758df240b09bc2ba559127f656580eef88f1db1c1322d7cb05042b1926e046e24c19889759647aee7aec6 libressl.patch +ec4604e4ec55ab2109d59deb54e0b6291f43ec91da9bb42a784add67de3200bed22cfd64b1426d3b8f2f0bdee8d97440adc7c21be43db0646d7508cdee2fdac2 libressl.patch 8c4244d316a05870dd1147b2ab7ddbcfd7626b5dce2f5a0e72f066dc635c2edb4f1ea3be88c6fec2d5ab016001be16bedef70f2ce0695c3cd96f69e1614ff177 fix-manpages.patch 0d2e570ddcb7ace1221abad9fc1d3dd0d00d6948340df69879b449959a68feee6a0ad8e17ef9971b35986293e16fc9d8e88de81815fedd5ea6a952eb085406ca configs.patch 0c3606e4dad1b32f1c4b62f2bc1990a4c9f7ccd10c7b50e623309ba9df98064e68fc42a7242450f32fb6e5fa2203609d3d069871b5ae994cd4b227a078c93532 slapd.initd diff --git a/main/openldap/libressl.patch b/main/openldap/libressl.patch index ac01064186..919816c2dc 100644 --- a/main/openldap/libressl.patch +++ b/main/openldap/libressl.patch @@ -1,4 +1,6 @@ ---- a/libraries/libldap/tls_o.c.orig 2017-06-04 16:31:28 UTC +diff --git a/libraries/libldap/tls_o.c b/libraries/libldap/tls_o.c +index 92c708b..77910bb 100644 +--- a/libraries/libldap/tls_o.c +++ b/libraries/libldap/tls_o.c @@ -47,7 +47,7 @@ #include <ssl.h> @@ -9,7 +11,16 @@ #define ASN1_STRING_data(x) ASN1_STRING_get0_data(x) #endif -@@ -157,7 +157,7 @@ tlso_init( void ) +@@ -116,7 +116,7 @@ static void tlso_thr_init( void ) {} + #endif + #endif /* OpenSSL 1.1 */ + +-#if OPENSSL_VERSION_NUMBER < 0x10100000 ++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER) + /* + * OpenSSL 1.1 API and later makes the BIO method concrete types internal. + */ +@@ -197,7 +197,7 @@ tlso_init( void ) (void) tlso_seed_PRNG( lo->ldo_tls_randfile ); #endif @@ -18,7 +29,7 @@ SSL_load_error_strings(); SSL_library_init(); OpenSSL_add_all_digests(); -@@ -205,7 +205,7 @@ static void +@@ -249,7 +249,7 @@ static void tlso_ctx_ref( tls_ctx *ctx ) { tlso_ctx *c = (tlso_ctx *)ctx; @@ -27,7 +38,7 @@ #define SSL_CTX_up_ref(ctx) CRYPTO_add( &(ctx->references), 1, CRYPTO_LOCK_SSL_CTX ) #endif SSL_CTX_up_ref( c ); -@@ -464,7 +464,7 @@ tlso_session_my_dn( tls_session *sess, struct berval * +@@ -508,7 +508,7 @@ tlso_session_my_dn( tls_session *sess, struct berval *der_dn ) if (!x) return LDAP_INVALID_CREDENTIALS; xn = X509_get_subject_name(x); @@ -36,7 +47,7 @@ der_dn->bv_len = i2d_X509_NAME( xn, NULL ); der_dn->bv_val = xn->bytes->data; #else -@@ -500,7 +500,7 @@ tlso_session_peer_dn( tls_session *sess, struct berval +@@ -544,7 +544,7 @@ tlso_session_peer_dn( tls_session *sess, struct berval *der_dn ) return LDAP_INVALID_CREDENTIALS; xn = X509_get_subject_name(x); @@ -45,7 +56,7 @@ der_dn->bv_len = i2d_X509_NAME( xn, NULL ); der_dn->bv_val = xn->bytes->data; #else -@@ -721,7 +721,7 @@ struct tls_data { +@@ -765,7 +765,7 @@ struct tls_data { Sockbuf_IO_Desc *sbiod; }; @@ -54,12 +65,4 @@ #define BIO_set_init(b, x) b->init = x #define BIO_set_data(b, x) b->ptr = x #define BIO_clear_flags(b, x) b->flags &= ~(x) -@@ -822,7 +822,7 @@ tlso_bio_puts( BIO *b, const char *str ) - return tlso_bio_write( b, str, strlen( str ) ); - } - --#if OPENSSL_VERSION_NUMBER >= 0x10100000 -+#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER) - struct bio_method_st { - int type; - const char *name; + |