aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJ0WI <J0WI@users.noreply.github.com>2022-03-11 09:54:50 +0000
committerpsykose <alice@ayaya.dev>2022-03-11 10:54:50 +0100
commitdbdd4309d0b31de329cf6955d97aaad60da4af82 (patch)
tree3bf83f4bfcab0931d4f0e01a61ce38d7701aca35
parentdf2fc2230afc997f6da5ebca419626f51cbcefb0 (diff)
main/openldap: upgrade to 2.4.58
-rw-r--r--main/openldap/APKBUILD21
-rw-r--r--main/openldap/CVE-2020-25692.patch27
-rw-r--r--main/openldap/CVE-2020-25709.patch26
-rw-r--r--main/openldap/CVE-2020-25710.patch27
-rw-r--r--main/openldap/CVE-2021-27212.patch25
-rw-r--r--main/openldap/configs.patch16
6 files changed, 16 insertions, 126 deletions
diff --git a/main/openldap/APKBUILD b/main/openldap/APKBUILD
index cc756f83a8e..6c111d5923f 100644
--- a/main/openldap/APKBUILD
+++ b/main/openldap/APKBUILD
@@ -20,8 +20,8 @@
# - CVE-2017-9287
#
pkgname=openldap
-pkgver=2.4.50
-pkgrel=2
+pkgver=2.4.58
+pkgrel=0
pkgdesc="LDAP Server"
url="https://www.openldap.org"
arch="all"
@@ -60,10 +60,6 @@ source="https://www.openldap.org/software/download/OpenLDAP/openldap-release/ope
fix-manpages.patch
configs.patch
cacheflush.patch
- CVE-2020-25709.patch
- CVE-2020-25710.patch
- CVE-2020-25692.patch
- CVE-2021-27212.patch
slapd.initd
slapd.confd
@@ -153,7 +149,6 @@ build() {
package() {
make DESTDIR="$pkgdir" install
-
# Install MQTT overlay.
make DESTDIR="$pkgdir" prefix=/usr libexec=/usr/lib \
-C contrib/slapd-modules/mqtt install
@@ -277,16 +272,14 @@ _submv() {
done
}
-sha512sums="f528043ff9de36f7b65d8816c9a9c24f0ac400041b2969965178ee6eae62c92a11af33a0a883e4954e5fff98a0738a9f9aa2faf5b385d21974754e045aab31ae openldap-2.4.50.tgz
+sha512sums="
+2fa2aa36117692eca44e55559f162c8c796f78469e6c2aee91b06d46f2b755d416979c913a3d89bbf9db14cc84881ecffee69af75b48e1d16b7aa9d2e3873baa openldap-2.4.58.tgz
5d34d49eabe7cb66cf8284cc3bd9730fa23df4932df68549e242d250ee50d40c434ae074ebc720d5fbcd9d16587c9333c5598d30a5f1177caa61461ab7771f38 openldap-2.4-ppolicy.patch
44d97efb25d4f39ab10cd5571db43f3bfa7c617a5bb087085ae16c0298aca899b55c8742a502121ba743a73e6d77cd2056bc96cee63d6d0862dabc8fb5574357 openldap-2.4.11-libldap_r.patch
9c7f41279e91ed995c91e9a8c543c797d9294a93cf260afdc03ab5777e45ed045a4d6a4d4d0180b5dc387dc04babca01d818fbfa8168309df44f4500d2a430a4 openldap-mqtt-overlay.patch
8c4244d316a05870dd1147b2ab7ddbcfd7626b5dce2f5a0e72f066dc635c2edb4f1ea3be88c6fec2d5ab016001be16bedef70f2ce0695c3cd96f69e1614ff177 fix-manpages.patch
-fd1c1ba368148d42c24071a8a8f668232347f4c48268cd189b6be4a48bb51fc11e8c29074e70db69e1a2c249210bc7d4b4d55a0712e5e97a9df04cc8f743fa70 configs.patch
+5e8694502f6837a4e818c6de261029f720e47279d001008a502bb60d6e33a987e64245379ae623abad2ac4a0a2a12f2d69bafb3c714cfc44842ace004b4bf52b configs.patch
60c1ec62003a33036de68402544e25a71715ed124a3139056a94ed1ba02fb8148ee510ab8f182a308105a2f744b9787e67112bcd8cd0d800cdb6f5409c4f63ff cacheflush.patch
-61d2d02b733011eefaac0681b7f6274e416dac4d420b354e37f51b07cc42dab61c798fbe5fab36f47079962046f309373b41886b4632e86dc08d5bfe59b275f7 CVE-2020-25709.patch
-abb7f43b6379fe6c03e583dc3a2c861c573ad6b83710954e35928e0449a1b78e259d8d5c6b7c33747b347ab67388d4894980a954d5ddb24b51a693b9c43798f2 CVE-2020-25710.patch
-023b32e1a8e61c96b77723dfe39d33de170af684e29defdb34c14719b77fa0e9a101f8aaafe378afb30bf5ca732cf7209ef291089d7524b2301a97c102f5f6e4 CVE-2020-25692.patch
-c207a7d7b07a72fdd89f9d7e80b09c5c9110bf36cef8ad79c1ea3fd25896f6c2242873d17ba7822aea12ba37486272637112a37ad293fbe2ddd6fa50c7824239 CVE-2021-27212.patch
2d286ff7cc56153204f3ab79c464d083801a40cc9bbb0b5cc1fb19de63d6e81c953b1ab0edd256d9ba48144bbda9a0c0d628bfec1342129aa2727344dea5fa9e slapd.initd
-64dc4c0aa0abe3d9f7d2aef25fe4c8e23c53df2421067947ac4d096c9e942b26356cb8577ebc41b52d88d0b0a03b2a3e435fe86242671f9b36555a5f82ee0e3a slapd.confd"
+64dc4c0aa0abe3d9f7d2aef25fe4c8e23c53df2421067947ac4d096c9e942b26356cb8577ebc41b52d88d0b0a03b2a3e435fe86242671f9b36555a5f82ee0e3a slapd.confd
+"
diff --git a/main/openldap/CVE-2020-25692.patch b/main/openldap/CVE-2020-25692.patch
deleted file mode 100644
index 941a4f56be3..00000000000
--- a/main/openldap/CVE-2020-25692.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 4c774220a752bf8e3284984890dc0931fe73165d Mon Sep 17 00:00:00 2001
-From: Howard Chu <hyc@openldap.org>
-Date: Mon, 19 Oct 2020 14:03:41 +0100
-Subject: [PATCH] ITS#9370 check for equality rule on old_rdn
-
-Just skip normalization if there's no equality rule. We accept
-DNs without equality rules already.
----
- servers/slapd/modrdn.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/servers/slapd/modrdn.c b/servers/slapd/modrdn.c
-index c73dd8dba..a22975540 100644
---- a/servers/slapd/modrdn.c
-+++ b/servers/slapd/modrdn.c
-@@ -505,7 +505,7 @@ slap_modrdn2mods(
- mod_tmp->sml_values = ( BerVarray )ch_malloc( 2 * sizeof( struct berval ) );
- ber_dupbv( &mod_tmp->sml_values[0], &old_rdn[d_cnt]->la_value );
- mod_tmp->sml_values[1].bv_val = NULL;
-- if( desc->ad_type->sat_equality->smr_normalize) {
-+ if( desc->ad_type->sat_equality && desc->ad_type->sat_equality->smr_normalize) {
- mod_tmp->sml_nvalues = ( BerVarray )ch_malloc( 2 * sizeof( struct berval ) );
- (void) (*desc->ad_type->sat_equality->smr_normalize)(
- SLAP_MR_EQUALITY|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
---
-GitLab
-
diff --git a/main/openldap/CVE-2020-25709.patch b/main/openldap/CVE-2020-25709.patch
deleted file mode 100644
index d38c9d241da..00000000000
--- a/main/openldap/CVE-2020-25709.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 67670f4544e28fb09eb7319c39f404e1d3229e65 Mon Sep 17 00:00:00 2001
-From: Howard Chu <hyc@openldap.org>
-Date: Mon, 2 Nov 2020 13:12:10 +0000
-Subject: [PATCH] ITS#9383 remove assert in certificateListValidate
-
----
- servers/slapd/schema_init.c | 3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
-
-diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
-index ea0d67aa6..28f9e71a1 100644
---- a/servers/slapd/schema_init.c
-+++ b/servers/slapd/schema_init.c
-@@ -371,8 +371,7 @@ certificateListValidate( Syntax *syntax, struct berval *in )
- /* Optional version */
- if ( tag == LBER_INTEGER ) {
- tag = ber_get_int( ber, &version );
-- assert( tag == LBER_INTEGER );
-- if ( version != SLAP_X509_V2 ) return LDAP_INVALID_SYNTAX;
-+ if ( tag != LBER_INTEGER || version != SLAP_X509_V2 ) return LDAP_INVALID_SYNTAX;
- }
- tag = ber_skip_tag( ber, &len ); /* Signature Algorithm */
- if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;
---
-GitLab
-
diff --git a/main/openldap/CVE-2020-25710.patch b/main/openldap/CVE-2020-25710.patch
deleted file mode 100644
index 9b9bae8b31f..00000000000
--- a/main/openldap/CVE-2020-25710.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From bdb0d459187522a6063df13871b82ba8dcc6efe2 Mon Sep 17 00:00:00 2001
-From: Howard Chu <hyc@openldap.org>
-Date: Mon, 2 Nov 2020 16:01:14 +0000
-Subject: [PATCH] ITS#9384 remove assert in obsolete csnNormalize23()
-
----
- servers/slapd/schema_init.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
-index 5812bc4b6..ea0d67aa6 100644
---- a/servers/slapd/schema_init.c
-+++ b/servers/slapd/schema_init.c
-@@ -5327,8 +5327,8 @@ csnNormalize23(
- }
- *ptr = '\0';
-
-- assert( ptr == &bv.bv_val[bv.bv_len] );
-- if ( csnValidate( syntax, &bv ) != LDAP_SUCCESS ) {
-+ if ( ptr != &bv.bv_val[bv.bv_len] ||
-+ csnValidate( syntax, &bv ) != LDAP_SUCCESS ) {
- return LDAP_INVALID_SYNTAX;
- }
-
---
-GitLab
-
diff --git a/main/openldap/CVE-2021-27212.patch b/main/openldap/CVE-2021-27212.patch
deleted file mode 100644
index 59f6d84e162..00000000000
--- a/main/openldap/CVE-2021-27212.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 9badb73425a67768c09bcaed1a9c26c684af6c30 Mon Sep 17 00:00:00 2001
-From: Howard Chu <hyc@openldap.org>
-Date: Sat, 6 Feb 2021 20:52:06 +0000
-Subject: [PATCH] ITS#9454 fix issuerAndThisUpdateCheck
-
----
- servers/slapd/schema_init.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
-index 31be1154e..8b1e25539 100644
---- a/servers/slapd/schema_init.c
-+++ b/servers/slapd/schema_init.c
-@@ -3900,6 +3900,8 @@ issuerAndThisUpdateCheck(
- break;
- }
- }
-+ if ( tu->bv_len < STRLENOF("YYYYmmddHHmmssZ") ) return LDAP_INVALID_SYNTAX;
-+
- x.bv_val += tu->bv_len + 1;
- x.bv_len -= tu->bv_len + 1;
-
---
-GitLab
-
diff --git a/main/openldap/configs.patch b/main/openldap/configs.patch
index 8f0c2bfdbbd..ed811f10f7e 100644
--- a/main/openldap/configs.patch
+++ b/main/openldap/configs.patch
@@ -63,7 +63,7 @@
#
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
-@@ -26,22 +27,23 @@
+@@ -26,16 +26,17 @@
#
# Load dynamic backend modules:
#
@@ -71,24 +71,26 @@
-#objectClass: olcModuleList
-#cn: module
-#olcModulepath: %MODULEDIR%
--#olcModuleload: back_bdb.la
--#olcModuleload: back_hdb.la
--#olcModuleload: back_ldap.la
--#olcModuleload: back_passwd.la
--#olcModuleload: back_shell.la
+-#olcModuleload: back_mdb.la
+dn: cn=module,cn=config
+objectClass: olcModuleList
+cn: module
+olcModulepath: /usr/lib/openldap
+ #olcModuleload: back_bdb.la
+-#olcModuleload: back_hdb.la
+-#olcModuleload: back_ldap.la
+-#olcModuleload: back_passwd.la
+-#olcModuleload: back_shell.la
+#olcModuleload: back_bdb.so
+#olcModuleload: back_hdb.so
+#olcModuleload: back_ldap.so
-+olcModuleload: back_mdb.so
++olcModuleload: back_mdb.so
+#olcModuleload: back_passwd.so
+#olcModuleload: back_shell.so
dn: cn=schema,cn=config
+@@ -42,7 +42,7 @@
objectClass: olcSchemaConfig
cn: schema