summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeonardo Arena <rnalrd@alpinelinux.org>2015-09-14 08:21:50 +0000
committerLeonardo Arena <rnalrd@alpinelinux.org>2015-09-14 09:03:02 +0000
commit0c87e4a76b392a481552008dcdd888026a2e307c (patch)
tree44b86f54410f6f58ff9b9fe853726cccc7bb588d
parentb12e6474c4e41603935ac706b1ec898f9aeb5955 (diff)
main/openldap: fix ber_get_next denial of service (CVE-2015-6908)2.6-stable
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8240 (cherry picked from commit 4041a223b7e7b9a7ab163406bc7f4b04a4a8fad3)
-rw-r--r--main/openldap/APKBUILD7
-rw-r--r--main/openldap/CVE-2015-6908.patch25
2 files changed, 31 insertions, 1 deletions
diff --git a/main/openldap/APKBUILD b/main/openldap/APKBUILD
index 3f15d44d54e..f13d7456706 100644
--- a/main/openldap/APKBUILD
+++ b/main/openldap/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=openldap
pkgver=2.4.35
-pkgrel=2
+pkgrel=3
pkgdesc="LDAP Server"
url="http://www.openldap.org/"
arch="all"
@@ -21,6 +21,8 @@ source="ftp://ftp.$pkgname.org/pub/OpenLDAP/$pkgname-release/$pkgname-$pkgver.tg
openldap-2.4.11-libldap_r.patch
CVE-2015-1545.patch
CVE-2015-1546.patch
+ CVE-2015-6908.patch
+
slapd.initd
slapd.confd
slurpd.initd
@@ -133,6 +135,7 @@ md5sums="cd75d82ca89fb0280cba66ca6bd97448 openldap-2.4.35.tgz
d19d0502f046078ecd737e29e7552fa8 openldap-2.4.11-libldap_r.patch
b7f994678db068bbe186ce92c73fb060 CVE-2015-1545.patch
09f2be28af8aaf2883446c85d854cfe8 CVE-2015-1546.patch
+2df05f886ad96db4da8098078b3f8ae4 CVE-2015-6908.patch
41d45b9ed59037dcdf640e395ace113c slapd.initd
b672311fca605c398240cd37a2ae080a slapd.confd
fa5ce0005ef5f1160b6ff126f97aaa1a slurpd.initd"
@@ -141,6 +144,7 @@ sha256sums="16100374c147df0d82a5c52ca60da5eca1a5ea8b5a187467d40a78e3691e9eeb op
3310a89d38bc39e6eb4333799d475411b274482b8bccab212b3edfd4385db70e openldap-2.4.11-libldap_r.patch
32d423d6b6bb8b16980de98f9ed1de581673c3a63de3a9b7d4841c2b037d27c1 CVE-2015-1545.patch
07d6feebc366c14e42b5027239e12d5ec2981714b6a61a1365981c20d9fd87de CVE-2015-1546.patch
+6950a117365046be3c4f5a1b45557ac2d1df0201d354889b0d7be26dc517e31c CVE-2015-6908.patch
726efdbaceb1b907bb085b7996222a0bc83610730c5d6b9646b062e09f2ef964 slapd.initd
1ccb8a3b78b65b125b24779dd065cf8000e2d5e4da267bb0a892e730edd2055d slapd.confd
9cfe54485585a1bd74dd167c27ad9e60a5dec7351b6a64804749f253bb6cfbad slurpd.initd"
@@ -149,6 +153,7 @@ sha512sums="b39232b4bab7ecb0ae14961adaa555590ca24ecbaeb3d94ea251e2de3bf7425ce364
44d97efb25d4f39ab10cd5571db43f3bfa7c617a5bb087085ae16c0298aca899b55c8742a502121ba743a73e6d77cd2056bc96cee63d6d0862dabc8fb5574357 openldap-2.4.11-libldap_r.patch
56394c12b08862843ab7d4a76f5c7f13eaecb2d9717a9571d792c1aa7b77e5b2267525c7d7ecdb646beac736ca437b9f10a17cb18fd54e9f9f2a5d02904cfafa CVE-2015-1545.patch
9eb54e63fecc7ad59bf710803a7da275ea1de069d1a27d56ee01417d33035d90d89ab9903de82154f625c796145c1056d5a52ad8bfb8238c7ab5304c413fd25b CVE-2015-1546.patch
+f3d0a844aeea4215d5ce09df2d444b3a29cb43ffeca0d05ba29f72cb3666dd5dfb350467e8003b600e1a93990978b249c4756ad531c34bf538fa7e917d8ee9e5 CVE-2015-6908.patch
723fb2546ac8a3672240139d4b7ec5041be961990fd8385171a53c737436d6307dc05671fcd190dd5e3b3ee21967a2a632ec8852fe84519fdea0c7f535c598ee slapd.initd
8290769b63b3a5863622de2deb9269a0711ba5f4a225eb230d7c5097937b9d4e8cf5a998ee99232824e2335ae1b6e0114357b61c9611bc2460ebd195d12eabae slapd.confd
69ee0d739d8c8c1cb2478d5c864f703cba215d0ceb399da941c0ebc91e7de87a4d99172670686a84a98e57bde94837777a8066d27f79b6b8bf4bcd72336ce775 slurpd.initd"
diff --git a/main/openldap/CVE-2015-6908.patch b/main/openldap/CVE-2015-6908.patch
new file mode 100644
index 00000000000..9a2474c6474
--- /dev/null
+++ b/main/openldap/CVE-2015-6908.patch
@@ -0,0 +1,25 @@
+From: Howard Chu <hyc@symas.com>
+Date: Sat, 12 Sep 2015 21:18:22 +0000 (+0100)
+Subject: Revert "Revert "ITS#8240 remove obsolete assert""
+X-Git-Url: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff_plain;h=844ee7df820fa397249ce76984d2e7094746cd93;hp=55dd4d3275d24c5190fdfada8dfae0320628b993
+
+Revert "Revert "ITS#8240 remove obsolete assert""
+
+We have never documented our use of assert, so can't expect
+builders to do the right thing.
+This reverts commit 55dd4d3275d24c5190fdfada8dfae0320628b993.
+---
+
+diff --git a/libraries/liblber/io.c b/libraries/liblber/io.c
+index 85c3e23..c05dcf8 100644
+--- a/libraries/liblber/io.c
++++ b/libraries/liblber/io.c
+@@ -679,7 +679,7 @@ done:
+ return (ber->ber_tag);
+ }
+
+- assert( 0 ); /* ber structure is messed up ?*/
++ /* invalid input */
+ return LBER_DEFAULT;
+ }
+