aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeonardo Arena <rnalrd@alpinelinux.org>2018-08-22 08:22:46 +0000
committerLeonardo Arena <rnalrd@alpinelinux.org>2018-08-22 11:55:31 +0000
commit8c6e5428a4982898bfe0a8d6e2c6c64d4f3f653f (patch)
tree8493b827443c921d7aaff3ec13034977a7e4a949
parentb8aa48b63f0e9c71ac7f32c88567de03ee626f78 (diff)
downloadaports-8c6e5428a4982898bfe0a8d6e2c6c64d4f3f653f.tar.gz
aports-8c6e5428a4982898bfe0a8d6e2c6c64d4f3f653f.tar.bz2
aports-8c6e5428a4982898bfe0a8d6e2c6c64d4f3f653f.tar.xz
main/ldb: security fix (CVE-2018-1140)
Fixes #9257
-rw-r--r--main/ldb/0001-CVE-2018-1140-ldb-Check-for-ldb_dn_get_casefold-fail.patch30
-rw-r--r--main/ldb/APKBUILD14
2 files changed, 40 insertions, 4 deletions
diff --git a/main/ldb/0001-CVE-2018-1140-ldb-Check-for-ldb_dn_get_casefold-fail.patch b/main/ldb/0001-CVE-2018-1140-ldb-Check-for-ldb_dn_get_casefold-fail.patch
new file mode 100644
index 0000000000..86d601883e
--- /dev/null
+++ b/main/ldb/0001-CVE-2018-1140-ldb-Check-for-ldb_dn_get_casefold-fail.patch
@@ -0,0 +1,30 @@
+From 3f95957d6de321c803a66f3ec67a8ff09befd16d Mon Sep 17 00:00:00 2001
+From: Andrew Bartlett <abartlet@samba.org>
+Date: Mon, 21 May 2018 14:50:50 +1200
+Subject: [PATCH] CVE-2018-1140 ldb: Check for ldb_dn_get_casefold() failure in
+ ldb_sqlite
+
+Signed-off-by: Andrew Bartlett <abartlet@samba.org>
+Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=13374
+---
+ ldb_sqlite3/ldb_sqlite3.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/ldb_sqlite3/ldb_sqlite3.c b/lib/ldb/ldb_sqlite3/ldb_sqlite3.c
+index f94dc993904..0f5abf87547 100644
+--- a/ldb_sqlite3/ldb_sqlite3.c
++++ b/ldb_sqlite3/ldb_sqlite3.c
+@@ -323,6 +323,9 @@ static char *parsetree_to_sql(struct ldb_module *module,
+ const char *cdn = ldb_dn_get_casefold(
+ ldb_dn_new(mem_ctx, ldb,
+ (const char *)value.data));
++ if (cdn == NULL) {
++ return NULL;
++ }
+
+ return lsqlite3_tprintf(mem_ctx,
+ "SELECT eid FROM ldb_entry "
+--
+2.18.0
+
diff --git a/main/ldb/APKBUILD b/main/ldb/APKBUILD
index d27f40fb26..250faf6451 100644
--- a/main/ldb/APKBUILD
+++ b/main/ldb/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=ldb
pkgver=1.3.0
-pkgrel=0
+pkgrel=1
pkgdesc="A schema-less, ldap like, API and database"
url="http://ldb.samba.org/"
arch="all"
@@ -9,10 +9,15 @@ license="LGPLv3+"
makedepends="$depends_dev tevent-dev py-tevent tdb-dev py-tdb talloc-dev
python2-dev popt-dev cmocka-dev"
subpackages="$pkgname-dev py-$pkgname:_py $pkgname-tools"
-source="https://www.samba.org/ftp/pub/ldb/ldb-$pkgver.tar.gz"
-
+source="https://www.samba.org/ftp/pub/ldb/ldb-$pkgver.tar.gz
+ 0001-CVE-2018-1140-ldb-Check-for-ldb_dn_get_casefold-fail.patch
+ "
builddir="$srcdir"/ldb-$pkgver
+# secfixes
+# 1.3.0-r1:
+# - CVE-2018-1140
+
build() {
cd "$builddir"
./configure \
@@ -49,4 +54,5 @@ tools() {
mv "$pkgdir"/usr/lib/ldb/libldb-cmdline.* "$subpkgdir"/usr/lib/ldb/
}
-sha512sums="c5afe3c5229cbc35a5715e6ed1faa070dfa3d6b3c0902cc53770373bbc1761ff4ff93aa9b88d5573b9af9925332bb5cebf4a7a129852231f13be33d5cee3a9f8 ldb-1.3.0.tar.gz"
+sha512sums="c5afe3c5229cbc35a5715e6ed1faa070dfa3d6b3c0902cc53770373bbc1761ff4ff93aa9b88d5573b9af9925332bb5cebf4a7a129852231f13be33d5cee3a9f8 ldb-1.3.0.tar.gz
+e582b6e99f94d566de3259e5585baab25d43613711c501e752971a6180ceac60f4fe2cc0bdfc2f0bf26208cb86cb4c857c16f6645410badf694efa8be10db64f 0001-CVE-2018-1140-ldb-Check-for-ldb_dn_get_casefold-fail.patch"