aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeo <thinkabit.ukim@gmail.com>2021-02-24 03:10:49 -0300
committerLeo <thinkabit.ukim@gmail.com>2021-02-24 18:43:39 +0000
commita2dc275fa79022f02431a3557b92a800d0dbc076 (patch)
tree6258d5adbb3386c1bd64f7aed0c11322312067f0
parentd58961085c82fdeabd8b5c43c910bd6212b435e7 (diff)
downloadaports-a2dc275fa79022f02431a3557b92a800d0dbc076.tar.gz
aports-a2dc275fa79022f02431a3557b92a800d0dbc076.tar.bz2
aports-a2dc275fa79022f02431a3557b92a800d0dbc076.tar.xz
main/openldap: fix CVE-2021-27212
Fixes #12464
-rw-r--r--main/openldap/APKBUILD6
-rw-r--r--main/openldap/CVE-2021-27212.patch25
2 files changed, 30 insertions, 1 deletions
diff --git a/main/openldap/APKBUILD b/main/openldap/APKBUILD
index cb38e90cc3..6a88fe9c1c 100644
--- a/main/openldap/APKBUILD
+++ b/main/openldap/APKBUILD
@@ -2,6 +2,8 @@
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
#
# secfixes:
+# 2.4.57-r1:
+# - CVE-2021-27212
# 2.4.57-r0:
# - CVE-2020-36221
# - CVE-2020-36222
@@ -29,7 +31,7 @@
#
pkgname=openldap
pkgver=2.4.57
-pkgrel=0
+pkgrel=1
pkgdesc="LDAP Server"
url="https://www.openldap.org/"
arch="all"
@@ -67,6 +69,7 @@ source="https://www.openldap.org/software/download/OpenLDAP/openldap-release/ope
openldap-mqtt-overlay.patch
fix-manpages.patch
cacheflush.patch
+ CVE-2021-27212.patch
slapd.initd
slapd.confd
@@ -302,5 +305,6 @@ f0014ceb13f0ce6a791be09b613727a12e7d18420c25ab1cad835c2efae436653a667ece3043c355
9c7f41279e91ed995c91e9a8c543c797d9294a93cf260afdc03ab5777e45ed045a4d6a4d4d0180b5dc387dc04babca01d818fbfa8168309df44f4500d2a430a4 openldap-mqtt-overlay.patch
d1847aa94e56869adb4575423473f13696401ee0c41dc39c963febb767e2b87de9f5b0eff1a43d170c3b9819d011401e01e159e5150544e1d1079b9e177423b1 fix-manpages.patch
60c1ec62003a33036de68402544e25a71715ed124a3139056a94ed1ba02fb8148ee510ab8f182a308105a2f744b9787e67112bcd8cd0d800cdb6f5409c4f63ff cacheflush.patch
+c207a7d7b07a72fdd89f9d7e80b09c5c9110bf36cef8ad79c1ea3fd25896f6c2242873d17ba7822aea12ba37486272637112a37ad293fbe2ddd6fa50c7824239 CVE-2021-27212.patch
2d286ff7cc56153204f3ab79c464d083801a40cc9bbb0b5cc1fb19de63d6e81c953b1ab0edd256d9ba48144bbda9a0c0d628bfec1342129aa2727344dea5fa9e slapd.initd
64dc4c0aa0abe3d9f7d2aef25fe4c8e23c53df2421067947ac4d096c9e942b26356cb8577ebc41b52d88d0b0a03b2a3e435fe86242671f9b36555a5f82ee0e3a slapd.confd"
diff --git a/main/openldap/CVE-2021-27212.patch b/main/openldap/CVE-2021-27212.patch
new file mode 100644
index 0000000000..59f6d84e16
--- /dev/null
+++ b/main/openldap/CVE-2021-27212.patch
@@ -0,0 +1,25 @@
+From 9badb73425a67768c09bcaed1a9c26c684af6c30 Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Sat, 6 Feb 2021 20:52:06 +0000
+Subject: [PATCH] ITS#9454 fix issuerAndThisUpdateCheck
+
+---
+ servers/slapd/schema_init.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
+index 31be1154e..8b1e25539 100644
+--- a/servers/slapd/schema_init.c
++++ b/servers/slapd/schema_init.c
+@@ -3900,6 +3900,8 @@ issuerAndThisUpdateCheck(
+ break;
+ }
+ }
++ if ( tu->bv_len < STRLENOF("YYYYmmddHHmmssZ") ) return LDAP_INVALID_SYNTAX;
++
+ x.bv_val += tu->bv_len + 1;
+ x.bv_len -= tu->bv_len + 1;
+
+--
+GitLab
+