main/openldap: fix a few CVEs

CVE-2020-25692
CVE-2020-25709
CVE-2020-25710

See: #12068 #12135

4 files changed, 92 insertions, 2 deletions

diff --git a/main/openldap/APKBUILD b/main/openldap/APKBUILD
index c6e075176b3..0b0c9d9ac6c 100644
--- a/main/openldap/APKBUILD
+++ b/main/openldap/APKBUILD
@@ -2,6 +2,10 @@
 # Contributor: Jakub Jirutka <jakub@jirutka.cz>
 #
 # secfixes:
+#   2.4.48-r2:
+#     - CVE-2020-25709
+#     - CVE-2020-25710
+#     - CVE-2020-25692
 #   2.4.48-r1:
 #   - CVE-2020-12243
 #   2.4.48-r0:
@@ -15,7 +19,7 @@
 #
 pkgname=openldap
 pkgver=2.4.48
-pkgrel=1
+pkgrel=2
 pkgdesc="LDAP Server"
 url="http://www.openldap.org/"
 arch="all"
@@ -38,6 +42,9 @@ source="https://www.openldap.org/software/download/OpenLDAP/$pkgname-release/$pk
 	fix-manpages.patch
 	configs.patch
 	cacheflush.patch
+	CVE-2020-25709.patch
+	CVE-2020-25710.patch
+	CVE-2020-25692.patch
 
 	slapd.initd
 	slapd.confd
@@ -229,6 +236,9 @@ sha512sums="cf694a415be0bd55cc7f606099da2ed461748efd276561944cd29d7f5a8252a9be79
 8c4244d316a05870dd1147b2ab7ddbcfd7626b5dce2f5a0e72f066dc635c2edb4f1ea3be88c6fec2d5ab016001be16bedef70f2ce0695c3cd96f69e1614ff177  fix-manpages.patch
 0d2e570ddcb7ace1221abad9fc1d3dd0d00d6948340df69879b449959a68feee6a0ad8e17ef9971b35986293e16fc9d8e88de81815fedd5ea6a952eb085406ca  configs.patch
 60c1ec62003a33036de68402544e25a71715ed124a3139056a94ed1ba02fb8148ee510ab8f182a308105a2f744b9787e67112bcd8cd0d800cdb6f5409c4f63ff  cacheflush.patch
+61d2d02b733011eefaac0681b7f6274e416dac4d420b354e37f51b07cc42dab61c798fbe5fab36f47079962046f309373b41886b4632e86dc08d5bfe59b275f7  CVE-2020-25709.patch
+abb7f43b6379fe6c03e583dc3a2c861c573ad6b83710954e35928e0449a1b78e259d8d5c6b7c33747b347ab67388d4894980a954d5ddb24b51a693b9c43798f2  CVE-2020-25710.patch
+023b32e1a8e61c96b77723dfe39d33de170af684e29defdb34c14719b77fa0e9a101f8aaafe378afb30bf5ca732cf7209ef291089d7524b2301a97c102f5f6e4  CVE-2020-25692.patch
 0c3606e4dad1b32f1c4b62f2bc1990a4c9f7ccd10c7b50e623309ba9df98064e68fc42a7242450f32fb6e5fa2203609d3d069871b5ae994cd4b227a078c93532  slapd.initd
 64dc4c0aa0abe3d9f7d2aef25fe4c8e23c53df2421067947ac4d096c9e942b26356cb8577ebc41b52d88d0b0a03b2a3e435fe86242671f9b36555a5f82ee0e3a  slapd.confd
-d4d8bec1c23c73e7126462bfe2e51cb603d1e83be4c64698ac167f221d515554b3b0e311f9789450b5c4c206c09cbdad1842b0b5b2364919967195da4ea6d833  CVE-2020-12243.patch"
+fddf5cf57c5b4b1d0e148ce850aafe5791dd7772727c824e858fe97e375871d2d3f622894d978444f7c5d8d64160c6fd766ae91de5eac3eb7f5292ceaaf599ea  CVE-2020-12243.patch"
diff --git a/main/openldap/CVE-2020-25692.patch b/main/openldap/CVE-2020-25692.patch
new file mode 100644
index 00000000000..941a4f56be3
--- /dev/null
+++ b/main/openldap/CVE-2020-25692.patch
@@ -0,0 +1,27 @@
+From 4c774220a752bf8e3284984890dc0931fe73165d Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Mon, 19 Oct 2020 14:03:41 +0100
+Subject: [PATCH] ITS#9370 check for equality rule on old_rdn
+
+Just skip normalization if there's no equality rule. We accept
+DNs without equality rules already.
+---
+ servers/slapd/modrdn.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/servers/slapd/modrdn.c b/servers/slapd/modrdn.c
+index c73dd8dba..a22975540 100644
+--- a/servers/slapd/modrdn.c
++++ b/servers/slapd/modrdn.c
+@@ -505,7 +505,7 @@ slap_modrdn2mods(
+ 			mod_tmp->sml_values = ( BerVarray )ch_malloc( 2 * sizeof( struct berval ) );
+ 			ber_dupbv( &mod_tmp->sml_values[0], &old_rdn[d_cnt]->la_value );
+ 			mod_tmp->sml_values[1].bv_val = NULL;
+-			if( desc->ad_type->sat_equality->smr_normalize) {
++			if( desc->ad_type->sat_equality && desc->ad_type->sat_equality->smr_normalize) {
+ 				mod_tmp->sml_nvalues = ( BerVarray )ch_malloc( 2 * sizeof( struct berval ) );
+ 				(void) (*desc->ad_type->sat_equality->smr_normalize)(
+ 					SLAP_MR_EQUALITY|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
+-- 
+GitLab
+
diff --git a/main/openldap/CVE-2020-25709.patch b/main/openldap/CVE-2020-25709.patch
new file mode 100644
index 00000000000..d38c9d241da
--- /dev/null
+++ b/main/openldap/CVE-2020-25709.patch
@@ -0,0 +1,26 @@
+From 67670f4544e28fb09eb7319c39f404e1d3229e65 Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Mon, 2 Nov 2020 13:12:10 +0000
+Subject: [PATCH] ITS#9383 remove assert in certificateListValidate
+
+---
+ servers/slapd/schema_init.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
+index ea0d67aa6..28f9e71a1 100644
+--- a/servers/slapd/schema_init.c
++++ b/servers/slapd/schema_init.c
+@@ -371,8 +371,7 @@ certificateListValidate( Syntax *syntax, struct berval *in )
+ 	/* Optional version */
+ 	if ( tag == LBER_INTEGER ) {
+ 		tag = ber_get_int( ber, &version );
+-		assert( tag == LBER_INTEGER );
+-		if ( version != SLAP_X509_V2 ) return LDAP_INVALID_SYNTAX;
++		if ( tag != LBER_INTEGER || version != SLAP_X509_V2 ) return LDAP_INVALID_SYNTAX;
+ 	}
+ 	tag = ber_skip_tag( ber, &len );	/* Signature Algorithm */
+ 	if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;
+-- 
+GitLab
+
diff --git a/main/openldap/CVE-2020-25710.patch b/main/openldap/CVE-2020-25710.patch
new file mode 100644
index 00000000000..9b9bae8b31f
--- /dev/null
+++ b/main/openldap/CVE-2020-25710.patch
@@ -0,0 +1,27 @@
+From bdb0d459187522a6063df13871b82ba8dcc6efe2 Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Mon, 2 Nov 2020 16:01:14 +0000
+Subject: [PATCH] ITS#9384 remove assert in obsolete csnNormalize23()
+
+---
+ servers/slapd/schema_init.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
+index 5812bc4b6..ea0d67aa6 100644
+--- a/servers/slapd/schema_init.c
++++ b/servers/slapd/schema_init.c
+@@ -5327,8 +5327,8 @@ csnNormalize23(
+ 	}
+ 	*ptr = '\0';
+ 
+-	assert( ptr == &bv.bv_val[bv.bv_len] );
+-	if ( csnValidate( syntax, &bv ) != LDAP_SUCCESS ) {
++	if ( ptr != &bv.bv_val[bv.bv_len] ||
++		csnValidate( syntax, &bv ) != LDAP_SUCCESS ) {
+ 		return LDAP_INVALID_SYNTAX;
+ 	}
+ 
+-- 
+GitLab
+