aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeo <thinkabit.ukim@gmail.com>2021-02-24 03:10:49 -0300
committerLeo <thinkabit.ukim@gmail.com>2021-02-24 03:16:28 -0300
commitce26f40be4045873aaf524c46edf771351e4af15 (patch)
tree4119f2139f1e0e4ac075998aa9897b818426a882
parent8b10ecbd5f5904ce3ac3cdaa08a6e3736516b92b (diff)
downloadaports-ce26f40be4045873aaf524c46edf771351e4af15.tar.gz
aports-ce26f40be4045873aaf524c46edf771351e4af15.tar.bz2
aports-ce26f40be4045873aaf524c46edf771351e4af15.tar.xz
main/openldap: fix CVE-2021-27212
Fixes #12464
-rw-r--r--main/openldap/APKBUILD6
-rw-r--r--main/openldap/CVE-2021-27212.patch25
2 files changed, 30 insertions, 1 deletions
diff --git a/main/openldap/APKBUILD b/main/openldap/APKBUILD
index 03010d6445..cc756f83a8 100644
--- a/main/openldap/APKBUILD
+++ b/main/openldap/APKBUILD
@@ -2,6 +2,8 @@
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
#
# secfixes:
+# 2.4.50-r2:
+# - CVE-2021-27212
# 2.4.50-r1:
# - CVE-2020-25709
# - CVE-2020-25710
@@ -19,7 +21,7 @@
#
pkgname=openldap
pkgver=2.4.50
-pkgrel=1
+pkgrel=2
pkgdesc="LDAP Server"
url="https://www.openldap.org"
arch="all"
@@ -61,6 +63,7 @@ source="https://www.openldap.org/software/download/OpenLDAP/openldap-release/ope
CVE-2020-25709.patch
CVE-2020-25710.patch
CVE-2020-25692.patch
+ CVE-2021-27212.patch
slapd.initd
slapd.confd
@@ -284,5 +287,6 @@ fd1c1ba368148d42c24071a8a8f668232347f4c48268cd189b6be4a48bb51fc11e8c29074e70db69
61d2d02b733011eefaac0681b7f6274e416dac4d420b354e37f51b07cc42dab61c798fbe5fab36f47079962046f309373b41886b4632e86dc08d5bfe59b275f7 CVE-2020-25709.patch
abb7f43b6379fe6c03e583dc3a2c861c573ad6b83710954e35928e0449a1b78e259d8d5c6b7c33747b347ab67388d4894980a954d5ddb24b51a693b9c43798f2 CVE-2020-25710.patch
023b32e1a8e61c96b77723dfe39d33de170af684e29defdb34c14719b77fa0e9a101f8aaafe378afb30bf5ca732cf7209ef291089d7524b2301a97c102f5f6e4 CVE-2020-25692.patch
+c207a7d7b07a72fdd89f9d7e80b09c5c9110bf36cef8ad79c1ea3fd25896f6c2242873d17ba7822aea12ba37486272637112a37ad293fbe2ddd6fa50c7824239 CVE-2021-27212.patch
2d286ff7cc56153204f3ab79c464d083801a40cc9bbb0b5cc1fb19de63d6e81c953b1ab0edd256d9ba48144bbda9a0c0d628bfec1342129aa2727344dea5fa9e slapd.initd
64dc4c0aa0abe3d9f7d2aef25fe4c8e23c53df2421067947ac4d096c9e942b26356cb8577ebc41b52d88d0b0a03b2a3e435fe86242671f9b36555a5f82ee0e3a slapd.confd"
diff --git a/main/openldap/CVE-2021-27212.patch b/main/openldap/CVE-2021-27212.patch
new file mode 100644
index 0000000000..59f6d84e16
--- /dev/null
+++ b/main/openldap/CVE-2021-27212.patch
@@ -0,0 +1,25 @@
+From 9badb73425a67768c09bcaed1a9c26c684af6c30 Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Sat, 6 Feb 2021 20:52:06 +0000
+Subject: [PATCH] ITS#9454 fix issuerAndThisUpdateCheck
+
+---
+ servers/slapd/schema_init.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
+index 31be1154e..8b1e25539 100644
+--- a/servers/slapd/schema_init.c
++++ b/servers/slapd/schema_init.c
+@@ -3900,6 +3900,8 @@ issuerAndThisUpdateCheck(
+ break;
+ }
+ }
++ if ( tu->bv_len < STRLENOF("YYYYmmddHHmmssZ") ) return LDAP_INVALID_SYNTAX;
++
+ x.bv_val += tu->bv_len + 1;
+ x.bv_len -= tu->bv_len + 1;
+
+--
+GitLab
+