diff options
author | Xin LI <delphij@FreeBSD.org> | 2015-09-15 20:13:05 +0000 |
---|---|---|
committer | Xin LI <delphij@FreeBSD.org> | 2015-09-15 20:13:05 +0000 |
commit | 2c3d16ebbe6ff0cd12962d4a3d4933d0686b0944 (patch) | |
tree | fbe731e49e0fcce7eebeac952c20a2b27d2936be | |
parent | 1fba65f1fb3522a0137eeb8992822af35878e6b3 (diff) | |
download | ports-2c3d16ebbe6ff0cd12962d4a3d4933d0686b0944.tar.gz ports-2c3d16ebbe6ff0cd12962d4a3d4933d0686b0944.zip |
MFH r391124,395815,396354,396731:
Update to 2.4.42 and apply upstream fix for CVE-2015-6908.
Obtained from: OpenLDAP git 6fe51a9ab04fd28bbc171da3cf12f1c1040d6629
Security: CVE-2015-6908
Approved by: ports-secteam
Notes
Notes:
svn path=/branches/2015Q3/; revision=397021
-rw-r--r-- | net/openldap24-server/Makefile | 10 | ||||
-rw-r--r-- | net/openldap24-server/distinfo | 4 | ||||
-rw-r--r-- | net/openldap24-server/files/patch-CVE-2015-6908 | 11 | ||||
-rw-r--r-- | net/openldap24-server/files/patch-ITS8027 | 26 | ||||
-rw-r--r-- | net/openldap24-server/files/patch-ITS8046 | 34 |
5 files changed, 20 insertions, 65 deletions
diff --git a/net/openldap24-server/Makefile b/net/openldap24-server/Makefile index ee91203925ab..e2fbb7bdbbe7 100644 --- a/net/openldap24-server/Makefile +++ b/net/openldap24-server/Makefile @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= openldap -DISTVERSION= 2.4.40 +DISTVERSION= 2.4.42 PORTREVISION= ${OPENLDAP_PORTREVISION} CATEGORIES= net databases MASTER_SITES= ftp://ftp.OpenLDAP.org/pub/OpenLDAP/%SUBDIR%/ \ @@ -59,9 +59,9 @@ BROKEN= incompatible OpenLDAP version: ${WANT_OPENLDAP_VER} .endif PORTREVISION_CLIENT= 1 -PORTREVISION_SERVER= 4 +PORTREVISION_SERVER= 1 OPENLDAP_SHLIB_MAJOR= 2 -OPENLDAP_SHLIB_MINOR= 10.3 +OPENLDAP_SHLIB_MINOR= 10.5 OPENLDAP_MAJOR= ${DISTVERSION:R} OPTIONS_DEFINE= DEBUG FETCH GSSAPI @@ -560,6 +560,10 @@ post-install: ${MKDIR} ${STAGEDIR}${DOCSDIR}/$${dir}; \ ${INSTALL_DATA} ${WRKSRC}/doc/$${dir}/* ${STAGEDIR}${DOCSDIR}/$${dir}; \ done + @for prog in ldapcompare ldapdelete ldapexop ldapmodify ldapmodrdn ldappasswd ldapsearch ldapurl ldapwhoami; do\ + ${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/$${prog}; \ + done + @for library in lber ldap ldap_r; do \ ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/lib$${library}-${OPENLDAP_MAJOR}.so.${OPENLDAP_SHLIB_MAJOR}; \ done diff --git a/net/openldap24-server/distinfo b/net/openldap24-server/distinfo index 91d91c4dc18b..1c0f790eb646 100644 --- a/net/openldap24-server/distinfo +++ b/net/openldap24-server/distinfo @@ -1,2 +1,2 @@ -SHA256 (openldap-2.4.40.tgz) = d12611a5c25b6499293c2bb7b435dc2b174db73e83f5a8cb7e34f2ce5fa6dadb -SIZE (openldap-2.4.40.tgz) = 5641865 +SHA256 (openldap-2.4.42.tgz) = eeb7b0e2c5852bfd2650e83909bb6152835c0b862fab10b63954dc1bcbba8e63 +SIZE (openldap-2.4.42.tgz) = 5645925 diff --git a/net/openldap24-server/files/patch-CVE-2015-6908 b/net/openldap24-server/files/patch-CVE-2015-6908 new file mode 100644 index 000000000000..5b64e6010e84 --- /dev/null +++ b/net/openldap24-server/files/patch-CVE-2015-6908 @@ -0,0 +1,11 @@ +--- libraries/liblber/io.c.orig 2015-08-14 15:25:28 UTC ++++ libraries/liblber/io.c +@@ -679,7 +679,7 @@ done: + return (ber->ber_tag); + } + +- assert( 0 ); /* ber structure is messed up ?*/ ++ /* invalid input */ + return LBER_DEFAULT; + } + diff --git a/net/openldap24-server/files/patch-ITS8027 b/net/openldap24-server/files/patch-ITS8027 deleted file mode 100644 index 2136137b28cb..000000000000 --- a/net/openldap24-server/files/patch-ITS8027 +++ /dev/null @@ -1,26 +0,0 @@ -From c32e74763f77675b9e144126e375977ed6dc562c Mon Sep 17 00:00:00 2001 -From: Howard Chu <hyc@openldap.org> -Date: Mon, 19 Jan 2015 22:25:53 +0000 -Subject: [PATCH] ITS#8027 require non-empty AttributeList - ---- - servers/slapd/overlays/deref.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git servers/slapd/overlays/deref.c servers/slapd/overlays/deref.c -index 9420e3e..05aa890 100644 ---- servers/slapd/overlays/deref.c -+++ servers/slapd/overlays/deref.c -@@ -183,7 +183,8 @@ deref_parseCtrl ( - ber_len_t cnt = sizeof(struct berval); - ber_len_t off = 0; - -- if ( ber_scanf( ber, "{m{M}}", &derefAttr, &attributes, &cnt, off ) == LBER_ERROR ) -+ if ( ber_scanf( ber, "{m{M}}", &derefAttr, &attributes, &cnt, off ) == LBER_ERROR -+ || !cnt ) - { - rs->sr_text = "Dereference control: derefSpec decoding error"; - rs->sr_err = LDAP_PROTOCOL_ERROR; --- -1.7.10.4 - diff --git a/net/openldap24-server/files/patch-ITS8046 b/net/openldap24-server/files/patch-ITS8046 deleted file mode 100644 index eee2145f6fae..000000000000 --- a/net/openldap24-server/files/patch-ITS8046 +++ /dev/null @@ -1,34 +0,0 @@ -From 2f1a2dd329b91afe561cd06b872d09630d4edb6a Mon Sep 17 00:00:00 2001 -From: Howard Chu <hyc@openldap.org> -Date: Wed, 4 Feb 2015 02:03:55 +0000 -Subject: [PATCH] ITS#8046 fix vrFilter_free - ---- - servers/slapd/filter.c | 10 +++------- - 1 file changed, 3 insertions(+), 7 deletions(-) - -diff --git servers/slapd/filter.c servers/slapd/filter.c -index b859f73..22c81c8 100644 ---- servers/slapd/filter.c -+++ servers/slapd/filter.c -@@ -1158,14 +1158,10 @@ get_vrFilter( Operation *op, BerElement *ber, - void - vrFilter_free( Operation *op, ValuesReturnFilter *vrf ) - { -- ValuesReturnFilter *p, *next; -+ ValuesReturnFilter *next; - -- if ( vrf == NULL ) { -- return; -- } -- -- for ( p = vrf; p != NULL; p = next ) { -- next = p->vrf_next; -+ for ( ; vrf != NULL; vrf = next ) { -+ next = vrf->vrf_next; - - switch ( vrf->vrf_choice & SLAPD_FILTER_MASK ) { - case LDAP_FILTER_PRESENT: --- -1.7.10.4 - |