1. photon
  2. Commit 1b77dd15507d641da1990695adbf4ae3202e87ba
Browse code

openldap: fix cve-2015-1545, cve-2015-1546

Vinay Kulkarni authored on 2015/08/15 10:12:50
Showing 3 changed files
SPECS/openldap/cve-2015-1545.patch
History View file @ 1b77dd1
1 1 
new file mode 100644
... ... 
@@ -0,0 +1,26 @@
0 
+From c32e74763f77675b9e144126e375977ed6dc562c Mon Sep 17 00:00:00 2001
1 
+From: Howard Chu <hyc@openldap.org>
2 
+Date: Mon, 19 Jan 2015 22:25:53 +0000
3 
+Subject: [PATCH] ITS#8027 require non-empty AttributeList
4 
+
5 
+---
6 
+ servers/slapd/overlays/deref.c |    3 ++-
7 
+ 1 file changed, 2 insertions(+), 1 deletion(-)
8 
+
9 
+diff --git a/servers/slapd/overlays/deref.c b/servers/slapd/overlays/deref.c
10 
+index 9420e3e..05aa890 100644
11 
+--- a/servers/slapd/overlays/deref.c
12 
+@@ -183,7 +183,8 @@ deref_parseCtrl (
13 
+ 		ber_len_t cnt = sizeof(struct berval);
14 
+ 		ber_len_t off = 0;
15 
+
16 
+-		if ( ber_scanf( ber, "{m{M}}", &derefAttr, &attributes, &cnt, off ) == LBER_ERROR )
17 
++		if ( ber_scanf( ber, "{m{M}}", &derefAttr, &attributes, &cnt, off ) == LBER_ERROR
18 
++			|| !cnt )
19 
+ 		{
20 
+ 			rs->sr_text = "Dereference control: derefSpec decoding error";
21 
+ 			rs->sr_err = LDAP_PROTOCOL_ERROR;
22 
+--
23 
+1.7.10.4
24 
+
SPECS/openldap/cve-2015-1546.patch
History View file @ 1b77dd1
0 25 
new file mode 100644
... ... 
@@ -0,0 +1,34 @@
0 
+From 2f1a2dd329b91afe561cd06b872d09630d4edb6a Mon Sep 17 00:00:00 2001
1 
+From: Howard Chu <hyc@openldap.org>
2 
+Date: Wed, 4 Feb 2015 02:03:55 +0000
3 
+Subject: [PATCH] ITS#8046 fix vrFilter_free
4 
+
5 
+---
6 
+ servers/slapd/filter.c |   10 +++-------
7 
+ 1 file changed, 3 insertions(+), 7 deletions(-)
8 
+
9 
+diff --git a/servers/slapd/filter.c b/servers/slapd/filter.c
10 
+index b859f73..22c81c8 100644
11 
+--- a/servers/slapd/filter.c
12 
+@@ -1158,14 +1158,10 @@ get_vrFilter( Operation *op, BerElement *ber,
13 
+ void
14 
+ vrFilter_free( Operation *op, ValuesReturnFilter *vrf )
15 
+ {
16 
+-	ValuesReturnFilter	*p, *next;
17 
++	ValuesReturnFilter	*next;
18 
+
19 
+-	if ( vrf == NULL ) {
20 
+-		return;
21 
+-	}
22 
+-
23 
+-	for ( p = vrf; p != NULL; p = next ) {
24 
+-		next = p->vrf_next;
25 
++	for ( ; vrf != NULL; vrf = next ) {
26 
++		next = vrf->vrf_next;
27 
+
28 
+ 		switch ( vrf->vrf_choice & SLAPD_FILTER_MASK ) {
29 
+ 		case LDAP_FILTER_PRESENT:
30 
+--
31 
+1.7.10.4
32 
+
SPECS/openldap/openldap.spec
History View file @ 1b77dd1
... ... 
@@ -2,7 +2,7 @@
2 2 
 Summary:	OpenLdap-2.4.40
3 3 
 Name:		openldap
4 4 
 Version:	2.4.40
5 
-Release:	1%{?dist}
5 
+Release:	2%{?dist}
6 6 
 License:	OpenLDAP
7 7 
 URL:		http://cyrusimap.web.cmu.edu/
8 8 
 Group:		System Environment/Security
... ... 
@@ -15,6 +15,8 @@ Source1:	http://www.linuxfromscratch.org/blfs/downloads/svn/blfs-bootscripts-201
15 15 
 Patch0:		openldap-2.4.40-blfs_paths-1.patch
16 16 
 Patch1:		openldap-2.4.40-symbol_versions-1.patch
17 17 
 Patch2:		openldap-2.4.40-gssapi-1.patch
18 
+Patch3:		cve-2015-1545.patch
19 
+Patch4:		cve-2015-1546.patch
18 20 
 Requires:       openssl >= 1.0.1, cyrus-sasl >= 2.1
19 21 
 BuildRequires:  cyrus-sasl >= 2.1
20 22 
 BuildRequires:  openssl-devel >= 1.0.1
... ... 
@@ -31,7 +33,9 @@ libraries, and documentation for OpenLDAP.
31 31 
 %setup -q
32 32 
 %patch2 -p1
33 33 
 %patch1 -p1
34 
-%patch0 -p1
34 
+%patch0 -p1
35 
+%patch3 -p1
36 
+%patch4 -p1
35 37 
 tar xf %{SOURCE1}
36 38 
 %build
37 39
... ... 
@@ -75,5 +79,7 @@ rm -rf %{buildroot}/*
75 75 
 /etc/openldap/*
76 76
77 77 
 %changelog
78 
+*	Fri Aug 14 2015 Vinay Kulkarni <kulkarniv@vmware.com> 2.4.40-2
79 
+-	Patches for CVE-2015-1545 and CVE-2015-1546.
78 80 
 *	Wed Oct 08 2014 Divya Thaluru <dthaluru@vmware.com> 2.4.40-1
79 81 
 -	Initial build.	First version