diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2015-03-10 11:07:46 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2015-03-10 11:07:46 +0000 |
| commit | 4063a9f593dc245c618a83ba5d61136ca675efd5 (patch) | |
| tree | e4a0fc82bc1879faf260cfda2e8f43fecdc1140b /main/openldap | |
| parent | c55909f5fdc40ad782d8ab2cbedb17cb6628bc7e (diff) | |
| download | aports-4063a9f593dc245c618a83ba5d61136ca675efd5.tar.bz2 aports-4063a9f593dc245c618a83ba5d61136ca675efd5.tar.xz | |
main/openldap: security fix for CVE-2015-1545
ref #3966
Diffstat (limited to 'main/openldap')
| -rw-r--r-- | main/openldap/APKBUILD | 6 | ||||
| -rw-r--r-- | main/openldap/CVE-2015-1545.patch | 26 |
2 files changed, 31 insertions, 1 deletions
diff --git a/main/openldap/APKBUILD b/main/openldap/APKBUILD index 2c5eea08c..a08a9c67f 100644 --- a/main/openldap/APKBUILD +++ b/main/openldap/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=openldap pkgver=2.4.40 -pkgrel=2 +pkgrel=3 pkgdesc="LDAP Server" url="http://www.openldap.org/" arch="all" @@ -23,6 +23,7 @@ source="ftp://ftp.$pkgname.org/pub/OpenLDAP/$pkgname-release/$pkgname-$pkgver.tg openldap-2.4.11-libldap_r.patch 0001-dbd-enabled-by-default.patch openldap-mqtt-overlay.patch + CVE-2015-1545.patch CVE-2015-1546.patch slapd.initd slapd.confd @@ -155,6 +156,7 @@ md5sums="423c1f23d2a0cb96b3e9baf7e9d7dda7 openldap-2.4.40.tgz d19d0502f046078ecd737e29e7552fa8 openldap-2.4.11-libldap_r.patch 7b4eec9a90d2f7f727e0f9cb4653887c 0001-dbd-enabled-by-default.patch 05266dddd5a9cc5de1b67ab62b6d26fb openldap-mqtt-overlay.patch +b7f994678db068bbe186ce92c73fb060 CVE-2015-1545.patch 09f2be28af8aaf2883446c85d854cfe8 CVE-2015-1546.patch 41d45b9ed59037dcdf640e395ace113c slapd.initd b672311fca605c398240cd37a2ae080a slapd.confd @@ -164,6 +166,7 @@ sha256sums="d12611a5c25b6499293c2bb7b435dc2b174db73e83f5a8cb7e34f2ce5fa6dadb op 3310a89d38bc39e6eb4333799d475411b274482b8bccab212b3edfd4385db70e openldap-2.4.11-libldap_r.patch 8d1ee24c52928302acb876bc99cc75757eb15b278a10bfd3d43cabb332bcd3c4 0001-dbd-enabled-by-default.patch 5de1464a6ae154e1556f7faa9494caf7ca94d26a0ef2f7d5abdc6aa2513cc1c9 openldap-mqtt-overlay.patch +32d423d6b6bb8b16980de98f9ed1de581673c3a63de3a9b7d4841c2b037d27c1 CVE-2015-1545.patch 07d6feebc366c14e42b5027239e12d5ec2981714b6a61a1365981c20d9fd87de CVE-2015-1546.patch 726efdbaceb1b907bb085b7996222a0bc83610730c5d6b9646b062e09f2ef964 slapd.initd 1ccb8a3b78b65b125b24779dd065cf8000e2d5e4da267bb0a892e730edd2055d slapd.confd @@ -173,6 +176,7 @@ sha512sums="c803c4a82878891d60414d64dcb54a7c3f08675106ba13f50cba06034a97b3eee1c2 44d97efb25d4f39ab10cd5571db43f3bfa7c617a5bb087085ae16c0298aca899b55c8742a502121ba743a73e6d77cd2056bc96cee63d6d0862dabc8fb5574357 openldap-2.4.11-libldap_r.patch b0892e049feab931d6439374ecf2497c54fbf46daef622f9949f02a26cd4b20f73de7cff1e1d64894539dc599793ffbd61d7a5bba6e026f3966295cf6a39f1be 0001-dbd-enabled-by-default.patch 9c7f41279e91ed995c91e9a8c543c797d9294a93cf260afdc03ab5777e45ed045a4d6a4d4d0180b5dc387dc04babca01d818fbfa8168309df44f4500d2a430a4 openldap-mqtt-overlay.patch +56394c12b08862843ab7d4a76f5c7f13eaecb2d9717a9571d792c1aa7b77e5b2267525c7d7ecdb646beac736ca437b9f10a17cb18fd54e9f9f2a5d02904cfafa CVE-2015-1545.patch 9eb54e63fecc7ad59bf710803a7da275ea1de069d1a27d56ee01417d33035d90d89ab9903de82154f625c796145c1056d5a52ad8bfb8238c7ab5304c413fd25b CVE-2015-1546.patch 723fb2546ac8a3672240139d4b7ec5041be961990fd8385171a53c737436d6307dc05671fcd190dd5e3b3ee21967a2a632ec8852fe84519fdea0c7f535c598ee slapd.initd 8290769b63b3a5863622de2deb9269a0711ba5f4a225eb230d7c5097937b9d4e8cf5a998ee99232824e2335ae1b6e0114357b61c9611bc2460ebd195d12eabae slapd.confd diff --git a/main/openldap/CVE-2015-1545.patch b/main/openldap/CVE-2015-1545.patch new file mode 100644 index 000000000..a642bed03 --- /dev/null +++ b/main/openldap/CVE-2015-1545.patch @@ -0,0 +1,26 @@ +From c32e74763f77675b9e144126e375977ed6dc562c Mon Sep 17 00:00:00 2001 +From: Howard Chu <hyc@openldap.org> +Date: Mon, 19 Jan 2015 22:25:53 +0000 +Subject: [PATCH] ITS#8027 require non-empty AttributeList + +--- + servers/slapd/overlays/deref.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/servers/slapd/overlays/deref.c b/servers/slapd/overlays/deref.c +index 9420e3e..05aa890 100644 +--- a/servers/slapd/overlays/deref.c ++++ b/servers/slapd/overlays/deref.c +@@ -183,7 +183,8 @@ deref_parseCtrl ( + ber_len_t cnt = sizeof(struct berval); + ber_len_t off = 0; + +- if ( ber_scanf( ber, "{m{M}}", &derefAttr, &attributes, &cnt, off ) == LBER_ERROR ) ++ if ( ber_scanf( ber, "{m{M}}", &derefAttr, &attributes, &cnt, off ) == LBER_ERROR ++ || !cnt ) + { + rs->sr_text = "Dereference control: derefSpec decoding error"; + rs->sr_err = LDAP_PROTOCOL_ERROR; +-- +1.7.10.4 + |