1 | 1 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,26 @@ |
0 |
+From c32e74763f77675b9e144126e375977ed6dc562c Mon Sep 17 00:00:00 2001 |
|
1 |
+From: Howard Chu <hyc@openldap.org> |
|
2 |
+Date: Mon, 19 Jan 2015 22:25:53 +0000 |
|
3 |
+Subject: [PATCH] ITS#8027 require non-empty AttributeList |
|
4 |
+ |
|
5 |
+--- |
|
6 |
+ servers/slapd/overlays/deref.c | 3 ++- |
|
7 |
+ 1 file changed, 2 insertions(+), 1 deletion(-) |
|
8 |
+ |
|
9 |
+diff --git a/servers/slapd/overlays/deref.c b/servers/slapd/overlays/deref.c |
|
10 |
+index 9420e3e..05aa890 100644 |
|
11 |
+--- a/servers/slapd/overlays/deref.c |
|
12 |
+@@ -183,7 +183,8 @@ deref_parseCtrl ( |
|
13 |
+ ber_len_t cnt = sizeof(struct berval); |
|
14 |
+ ber_len_t off = 0; |
|
15 |
+ |
|
16 |
+- if ( ber_scanf( ber, "{m{M}}", &derefAttr, &attributes, &cnt, off ) == LBER_ERROR ) |
|
17 |
++ if ( ber_scanf( ber, "{m{M}}", &derefAttr, &attributes, &cnt, off ) == LBER_ERROR |
|
18 |
++ || !cnt ) |
|
19 |
+ { |
|
20 |
+ rs->sr_text = "Dereference control: derefSpec decoding error"; |
|
21 |
+ rs->sr_err = LDAP_PROTOCOL_ERROR; |
|
22 |
+-- |
|
23 |
+1.7.10.4 |
|
24 |
+ |
0 | 25 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,34 @@ |
0 |
+From 2f1a2dd329b91afe561cd06b872d09630d4edb6a Mon Sep 17 00:00:00 2001 |
|
1 |
+From: Howard Chu <hyc@openldap.org> |
|
2 |
+Date: Wed, 4 Feb 2015 02:03:55 +0000 |
|
3 |
+Subject: [PATCH] ITS#8046 fix vrFilter_free |
|
4 |
+ |
|
5 |
+--- |
|
6 |
+ servers/slapd/filter.c | 10 +++------- |
|
7 |
+ 1 file changed, 3 insertions(+), 7 deletions(-) |
|
8 |
+ |
|
9 |
+diff --git a/servers/slapd/filter.c b/servers/slapd/filter.c |
|
10 |
+index b859f73..22c81c8 100644 |
|
11 |
+--- a/servers/slapd/filter.c |
|
12 |
+@@ -1158,14 +1158,10 @@ get_vrFilter( Operation *op, BerElement *ber, |
|
13 |
+ void |
|
14 |
+ vrFilter_free( Operation *op, ValuesReturnFilter *vrf ) |
|
15 |
+ { |
|
16 |
+- ValuesReturnFilter *p, *next; |
|
17 |
++ ValuesReturnFilter *next; |
|
18 |
+ |
|
19 |
+- if ( vrf == NULL ) { |
|
20 |
+- return; |
|
21 |
+- } |
|
22 |
+- |
|
23 |
+- for ( p = vrf; p != NULL; p = next ) { |
|
24 |
+- next = p->vrf_next; |
|
25 |
++ for ( ; vrf != NULL; vrf = next ) { |
|
26 |
++ next = vrf->vrf_next; |
|
27 |
+ |
|
28 |
+ switch ( vrf->vrf_choice & SLAPD_FILTER_MASK ) { |
|
29 |
+ case LDAP_FILTER_PRESENT: |
|
30 |
+-- |
|
31 |
+1.7.10.4 |
|
32 |
+ |
... | ... |
@@ -2,7 +2,7 @@ |
2 | 2 |
Summary: OpenLdap-2.4.40 |
3 | 3 |
Name: openldap |
4 | 4 |
Version: 2.4.40 |
5 |
-Release: 1%{?dist} |
|
5 |
+Release: 2%{?dist} |
|
6 | 6 |
License: OpenLDAP |
7 | 7 |
URL: http://cyrusimap.web.cmu.edu/ |
8 | 8 |
Group: System Environment/Security |
... | ... |
@@ -15,6 +15,8 @@ Source1: http://www.linuxfromscratch.org/blfs/downloads/svn/blfs-bootscripts-201 |
15 | 15 |
Patch0: openldap-2.4.40-blfs_paths-1.patch |
16 | 16 |
Patch1: openldap-2.4.40-symbol_versions-1.patch |
17 | 17 |
Patch2: openldap-2.4.40-gssapi-1.patch |
18 |
+Patch3: cve-2015-1545.patch |
|
19 |
+Patch4: cve-2015-1546.patch |
|
18 | 20 |
Requires: openssl >= 1.0.1, cyrus-sasl >= 2.1 |
19 | 21 |
BuildRequires: cyrus-sasl >= 2.1 |
20 | 22 |
BuildRequires: openssl-devel >= 1.0.1 |
... | ... |
@@ -31,7 +33,9 @@ libraries, and documentation for OpenLDAP. |
31 | 31 |
%setup -q |
32 | 32 |
%patch2 -p1 |
33 | 33 |
%patch1 -p1 |
34 |
-%patch0 -p1 |
|
34 |
+%patch0 -p1 |
|
35 |
+%patch3 -p1 |
|
36 |
+%patch4 -p1 |
|
35 | 37 |
tar xf %{SOURCE1} |
36 | 38 |
%build |
37 | 39 |
|
... | ... |
@@ -75,5 +79,7 @@ rm -rf %{buildroot}/* |
75 | 75 |
/etc/openldap/* |
76 | 76 |
|
77 | 77 |
%changelog |
78 |
+* Fri Aug 14 2015 Vinay Kulkarni <kulkarniv@vmware.com> 2.4.40-2 |
|
79 |
+- Patches for CVE-2015-1545 and CVE-2015-1546. |
|
78 | 80 |
* Wed Oct 08 2014 Divya Thaluru <dthaluru@vmware.com> 2.4.40-1 |
79 | 81 |
- Initial build. First version |