main/openldap: upgrade to 2.4.58

author: J0WI <J0WI@users.noreply.github.com> 2022-03-11 09:54:50 +0000
committer: psykose <alice@ayaya.dev> 2022-03-11 10:54:50 +0100
commit: dbdd4309d0b31de329cf6955d97aaad60da4af82 (patch)
tree: 3bf83f4bfcab0931d4f0e01a61ce38d7701aca35
parent: df2fc2230afc997f6da5ebca419626f51cbcefb0 (diff)
download: aports-dbdd4309d0b31de329cf6955d97aaad60da4af82.tar.gz
aports-dbdd4309d0b31de329cf6955d97aaad60da4af82.tar.bz2
aports-dbdd4309d0b31de329cf6955d97aaad60da4af82.tar.xz
6 files changed, 16 insertions, 126 deletions
diff --git a/main/openldap/APKBUILD b/main/openldap/APKBUILD
index cc756f83a8e..6c111d5923f 100644
--- a/main/openldap/APKBUILD
+++ b/main/openldap/APKBUILD
@@ -20,8 +20,8 @@
 #     - CVE-2017-9287
 #
 pkgname=openldap
-pkgver=2.4.50
-pkgrel=2
+pkgver=2.4.58
+pkgrel=0
 pkgdesc="LDAP Server"
 url="https://www.openldap.org"
 arch="all"
@@ -60,10 +60,6 @@ source="https://www.openldap.org/software/download/OpenLDAP/openldap-release/ope
 	fix-manpages.patch
 	configs.patch
 	cacheflush.patch
-	CVE-2020-25709.patch
-	CVE-2020-25710.patch
-	CVE-2020-25692.patch
-	CVE-2021-27212.patch
 
 	slapd.initd
 	slapd.confd
@@ -153,7 +149,6 @@ build() {
 
 package() {
 	make DESTDIR="$pkgdir" install
-
 	# Install MQTT overlay.
 	make DESTDIR="$pkgdir" prefix=/usr libexec=/usr/lib \
 		-C contrib/slapd-modules/mqtt install
@@ -277,16 +272,14 @@ _submv() {
 	done
 }
 
-sha512sums="f528043ff9de36f7b65d8816c9a9c24f0ac400041b2969965178ee6eae62c92a11af33a0a883e4954e5fff98a0738a9f9aa2faf5b385d21974754e045aab31ae  openldap-2.4.50.tgz
+sha512sums="
+2fa2aa36117692eca44e55559f162c8c796f78469e6c2aee91b06d46f2b755d416979c913a3d89bbf9db14cc84881ecffee69af75b48e1d16b7aa9d2e3873baa  openldap-2.4.58.tgz
 5d34d49eabe7cb66cf8284cc3bd9730fa23df4932df68549e242d250ee50d40c434ae074ebc720d5fbcd9d16587c9333c5598d30a5f1177caa61461ab7771f38  openldap-2.4-ppolicy.patch
 44d97efb25d4f39ab10cd5571db43f3bfa7c617a5bb087085ae16c0298aca899b55c8742a502121ba743a73e6d77cd2056bc96cee63d6d0862dabc8fb5574357  openldap-2.4.11-libldap_r.patch
 9c7f41279e91ed995c91e9a8c543c797d9294a93cf260afdc03ab5777e45ed045a4d6a4d4d0180b5dc387dc04babca01d818fbfa8168309df44f4500d2a430a4  openldap-mqtt-overlay.patch
 8c4244d316a05870dd1147b2ab7ddbcfd7626b5dce2f5a0e72f066dc635c2edb4f1ea3be88c6fec2d5ab016001be16bedef70f2ce0695c3cd96f69e1614ff177  fix-manpages.patch
-fd1c1ba368148d42c24071a8a8f668232347f4c48268cd189b6be4a48bb51fc11e8c29074e70db69e1a2c249210bc7d4b4d55a0712e5e97a9df04cc8f743fa70  configs.patch
+5e8694502f6837a4e818c6de261029f720e47279d001008a502bb60d6e33a987e64245379ae623abad2ac4a0a2a12f2d69bafb3c714cfc44842ace004b4bf52b  configs.patch
 60c1ec62003a33036de68402544e25a71715ed124a3139056a94ed1ba02fb8148ee510ab8f182a308105a2f744b9787e67112bcd8cd0d800cdb6f5409c4f63ff  cacheflush.patch
-61d2d02b733011eefaac0681b7f6274e416dac4d420b354e37f51b07cc42dab61c798fbe5fab36f47079962046f309373b41886b4632e86dc08d5bfe59b275f7  CVE-2020-25709.patch
-abb7f43b6379fe6c03e583dc3a2c861c573ad6b83710954e35928e0449a1b78e259d8d5c6b7c33747b347ab67388d4894980a954d5ddb24b51a693b9c43798f2  CVE-2020-25710.patch
-023b32e1a8e61c96b77723dfe39d33de170af684e29defdb34c14719b77fa0e9a101f8aaafe378afb30bf5ca732cf7209ef291089d7524b2301a97c102f5f6e4  CVE-2020-25692.patch
-c207a7d7b07a72fdd89f9d7e80b09c5c9110bf36cef8ad79c1ea3fd25896f6c2242873d17ba7822aea12ba37486272637112a37ad293fbe2ddd6fa50c7824239  CVE-2021-27212.patch
 2d286ff7cc56153204f3ab79c464d083801a40cc9bbb0b5cc1fb19de63d6e81c953b1ab0edd256d9ba48144bbda9a0c0d628bfec1342129aa2727344dea5fa9e  slapd.initd
-64dc4c0aa0abe3d9f7d2aef25fe4c8e23c53df2421067947ac4d096c9e942b26356cb8577ebc41b52d88d0b0a03b2a3e435fe86242671f9b36555a5f82ee0e3a  slapd.confd"
+64dc4c0aa0abe3d9f7d2aef25fe4c8e23c53df2421067947ac4d096c9e942b26356cb8577ebc41b52d88d0b0a03b2a3e435fe86242671f9b36555a5f82ee0e3a  slapd.confd
+"
diff --git a/main/openldap/CVE-2020-25692.patch b/main/openldap/CVE-2020-25692.patch
deleted file mode 100644
index 941a4f56be3..00000000000
--- a/main/openldap/CVE-2020-25692.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 4c774220a752bf8e3284984890dc0931fe73165d Mon Sep 17 00:00:00 2001
-From: Howard Chu <hyc@openldap.org>
-Date: Mon, 19 Oct 2020 14:03:41 +0100
-Subject: [PATCH] ITS#9370 check for equality rule on old_rdn
-
-Just skip normalization if there's no equality rule. We accept
-DNs without equality rules already.
----
- servers/slapd/modrdn.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/servers/slapd/modrdn.c b/servers/slapd/modrdn.c
-index c73dd8dba..a22975540 100644
---- a/servers/slapd/modrdn.c
-+++ b/servers/slapd/modrdn.c
-@@ -505,7 +505,7 @@ slap_modrdn2mods(
- 			mod_tmp->sml_values = ( BerVarray )ch_malloc( 2 * sizeof( struct berval ) );
- 			ber_dupbv( &mod_tmp->sml_values[0], &old_rdn[d_cnt]->la_value );
- 			mod_tmp->sml_values[1].bv_val = NULL;
--			if( desc->ad_type->sat_equality->smr_normalize) {
-+			if( desc->ad_type->sat_equality && desc->ad_type->sat_equality->smr_normalize) {
- 				mod_tmp->sml_nvalues = ( BerVarray )ch_malloc( 2 * sizeof( struct berval ) );
- 				(void) (*desc->ad_type->sat_equality->smr_normalize)(
- 					SLAP_MR_EQUALITY|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
--- 
-GitLab
-
diff --git a/main/openldap/CVE-2020-25709.patch b/main/openldap/CVE-2020-25709.patch
deleted file mode 100644
index d38c9d241da..00000000000
--- a/main/openldap/CVE-2020-25709.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 67670f4544e28fb09eb7319c39f404e1d3229e65 Mon Sep 17 00:00:00 2001
-From: Howard Chu <hyc@openldap.org>
-Date: Mon, 2 Nov 2020 13:12:10 +0000
-Subject: [PATCH] ITS#9383 remove assert in certificateListValidate
-
----
- servers/slapd/schema_init.c | 3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
-
-diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
-index ea0d67aa6..28f9e71a1 100644
---- a/servers/slapd/schema_init.c
-+++ b/servers/slapd/schema_init.c
-@@ -371,8 +371,7 @@ certificateListValidate( Syntax *syntax, struct berval *in )
- 	/* Optional version */
- 	if ( tag == LBER_INTEGER ) {
- 		tag = ber_get_int( ber, &version );
--		assert( tag == LBER_INTEGER );
--		if ( version != SLAP_X509_V2 ) return LDAP_INVALID_SYNTAX;
-+		if ( tag != LBER_INTEGER || version != SLAP_X509_V2 ) return LDAP_INVALID_SYNTAX;
- 	}
- 	tag = ber_skip_tag( ber, &len );	/* Signature Algorithm */
- 	if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;
--- 
-GitLab
-
diff --git a/main/openldap/CVE-2020-25710.patch b/main/openldap/CVE-2020-25710.patch
deleted file mode 100644
index 9b9bae8b31f..00000000000
--- a/main/openldap/CVE-2020-25710.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From bdb0d459187522a6063df13871b82ba8dcc6efe2 Mon Sep 17 00:00:00 2001
-From: Howard Chu <hyc@openldap.org>
-Date: Mon, 2 Nov 2020 16:01:14 +0000
-Subject: [PATCH] ITS#9384 remove assert in obsolete csnNormalize23()
-
----
- servers/slapd/schema_init.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
-index 5812bc4b6..ea0d67aa6 100644
---- a/servers/slapd/schema_init.c
-+++ b/servers/slapd/schema_init.c
-@@ -5327,8 +5327,8 @@ csnNormalize23(
- 	}
- 	*ptr = '\0';
- 
--	assert( ptr == &bv.bv_val[bv.bv_len] );
--	if ( csnValidate( syntax, &bv ) != LDAP_SUCCESS ) {
-+	if ( ptr != &bv.bv_val[bv.bv_len] ||
-+		csnValidate( syntax, &bv ) != LDAP_SUCCESS ) {
- 		return LDAP_INVALID_SYNTAX;
- 	}
- 
--- 
-GitLab
-
diff --git a/main/openldap/CVE-2021-27212.patch b/main/openldap/CVE-2021-27212.patch
deleted file mode 100644
index 59f6d84e162..00000000000
--- a/main/openldap/CVE-2021-27212.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 9badb73425a67768c09bcaed1a9c26c684af6c30 Mon Sep 17 00:00:00 2001
-From: Howard Chu <hyc@openldap.org>
-Date: Sat, 6 Feb 2021 20:52:06 +0000
-Subject: [PATCH] ITS#9454 fix issuerAndThisUpdateCheck
-
----
- servers/slapd/schema_init.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
-index 31be1154e..8b1e25539 100644
---- a/servers/slapd/schema_init.c
-+++ b/servers/slapd/schema_init.c
-@@ -3900,6 +3900,8 @@ issuerAndThisUpdateCheck(
- 					break;
- 				}
- 			}
-+			if ( tu->bv_len < STRLENOF("YYYYmmddHHmmssZ") ) return LDAP_INVALID_SYNTAX;
-+
- 			x.bv_val += tu->bv_len + 1;
- 			x.bv_len -= tu->bv_len + 1;
- 
--- 
-GitLab
-
diff --git a/main/openldap/configs.patch b/main/openldap/configs.patch
index 8f0c2bfdbbd..ed811f10f7e 100644
--- a/main/openldap/configs.patch
+++ b/main/openldap/configs.patch
@@ -63,7 +63,7 @@
  #
  # Do not enable referrals until AFTER you have a working directory
  # service AND an understanding of referrals.
-@@ -26,22 +27,23 @@
+@@ -26,16 +26,17 @@
  #
  # Load dynamic backend modules:
  #
@@ -71,24 +71,26 @@
 -#objectClass: olcModuleList
 -#cn: module
 -#olcModulepath:	%MODULEDIR%
--#olcModuleload:	back_bdb.la
--#olcModuleload:	back_hdb.la
--#olcModuleload:	back_ldap.la
--#olcModuleload:	back_passwd.la
--#olcModuleload:	back_shell.la
+-#olcModuleload:	back_mdb.la
 +dn: cn=module,cn=config
 +objectClass: olcModuleList
 +cn: module
 +olcModulepath:	/usr/lib/openldap
+ #olcModuleload:	back_bdb.la
+-#olcModuleload:	back_hdb.la
+-#olcModuleload:	back_ldap.la
+-#olcModuleload:	back_passwd.la
+-#olcModuleload:	back_shell.la
 +#olcModuleload:	back_bdb.so
 +#olcModuleload:	back_hdb.so
 +#olcModuleload:	back_ldap.so
-+olcModuleload:	back_mdb.so
++olcModuleload:		back_mdb.so
 +#olcModuleload:	back_passwd.so
 +#olcModuleload:	back_shell.so
  
  
  dn: cn=schema,cn=config
+@@ -42,7 +42,7 @@
  objectClass: olcSchemaConfig
  cn: schema
author	J0WI <J0WI@users.noreply.github.com>	2022-03-11 09:54:50 +0000
committer	psykose <alice@ayaya.dev>	2022-03-11 10:54:50 +0100
commit	dbdd4309d0b31de329cf6955d97aaad60da4af82 (patch)
tree	3bf83f4bfcab0931d4f0e01a61ce38d7701aca35
parent	df2fc2230afc997f6da5ebca419626f51cbcefb0 (diff)
download	aports-dbdd4309d0b31de329cf6955d97aaad60da4af82.tar.gz aports-dbdd4309d0b31de329cf6955d97aaad60da4af82.tar.bz2 aports-dbdd4309d0b31de329cf6955d97aaad60da4af82.tar.xz