MFH r391124,395815,396354,396731:

Update to 2.4.42 and apply upstream fix for CVE-2015-6908.

Obtained from:  OpenLDAP git 6fe51a9ab04fd28bbc171da3cf12f1c1040d6629
Security:       CVE-2015-6908
Approved by:	ports-secteam

5 files changed, 20 insertions, 65 deletions

diff --git a/net/openldap24-server/Makefile b/net/openldap24-server/Makefile
index ee91203925ab..e2fbb7bdbbe7 100644
--- a/net/openldap24-server/Makefile
+++ b/net/openldap24-server/Makefile
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=		openldap
-DISTVERSION=		2.4.40
+DISTVERSION=		2.4.42
 PORTREVISION=		${OPENLDAP_PORTREVISION}
 CATEGORIES=		net databases
 MASTER_SITES=		ftp://ftp.OpenLDAP.org/pub/OpenLDAP/%SUBDIR%/ \
@@ -59,9 +59,9 @@ BROKEN=			incompatible OpenLDAP version: ${WANT_OPENLDAP_VER}
 .endif
 
 PORTREVISION_CLIENT=	1
-PORTREVISION_SERVER=	4
+PORTREVISION_SERVER=	1
 OPENLDAP_SHLIB_MAJOR=	2
-OPENLDAP_SHLIB_MINOR=	10.3
+OPENLDAP_SHLIB_MINOR=	10.5
 OPENLDAP_MAJOR=		${DISTVERSION:R}
 
 OPTIONS_DEFINE=		DEBUG FETCH GSSAPI
@@ -560,6 +560,10 @@ post-install:
 		${MKDIR} ${STAGEDIR}${DOCSDIR}/$${dir}; \
 		${INSTALL_DATA} ${WRKSRC}/doc/$${dir}/* ${STAGEDIR}${DOCSDIR}/$${dir}; \
 	done
+	@for prog in ldapcompare ldapdelete ldapexop ldapmodify ldapmodrdn ldappasswd ldapsearch ldapurl ldapwhoami; do\
+		${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/$${prog}; \
+	done
+
 	@for library in lber ldap ldap_r; do \
 		${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/lib$${library}-${OPENLDAP_MAJOR}.so.${OPENLDAP_SHLIB_MAJOR}; \
 	done
diff --git a/net/openldap24-server/distinfo b/net/openldap24-server/distinfo
index 91d91c4dc18b..1c0f790eb646 100644
--- a/net/openldap24-server/distinfo
+++ b/net/openldap24-server/distinfo
@@ -1,2 +1,2 @@
-SHA256 (openldap-2.4.40.tgz) = d12611a5c25b6499293c2bb7b435dc2b174db73e83f5a8cb7e34f2ce5fa6dadb
-SIZE (openldap-2.4.40.tgz) = 5641865
+SHA256 (openldap-2.4.42.tgz) = eeb7b0e2c5852bfd2650e83909bb6152835c0b862fab10b63954dc1bcbba8e63
+SIZE (openldap-2.4.42.tgz) = 5645925
diff --git a/net/openldap24-server/files/patch-CVE-2015-6908 b/net/openldap24-server/files/patch-CVE-2015-6908
new file mode 100644
index 000000000000..5b64e6010e84
--- /dev/null
+++ b/net/openldap24-server/files/patch-CVE-2015-6908
@@ -0,0 +1,11 @@
+--- libraries/liblber/io.c.orig	2015-08-14 15:25:28 UTC
++++ libraries/liblber/io.c
+@@ -679,7 +679,7 @@ done:
+ 		return (ber->ber_tag);
+ 	}
+ 
+-	assert( 0 ); /* ber structure is messed up ?*/
++	/* invalid input */
+ 	return LBER_DEFAULT;
+ }
+ 
diff --git a/net/openldap24-server/files/patch-ITS8027 b/net/openldap24-server/files/patch-ITS8027
deleted file mode 100644
index 2136137b28cb..000000000000
--- a/net/openldap24-server/files/patch-ITS8027
+++ /dev/null
@@ -1,26 +0,0 @@
-From c32e74763f77675b9e144126e375977ed6dc562c Mon Sep 17 00:00:00 2001
-From: Howard Chu <hyc@openldap.org>
-Date: Mon, 19 Jan 2015 22:25:53 +0000
-Subject: [PATCH] ITS#8027 require non-empty AttributeList
-
----
- servers/slapd/overlays/deref.c |    3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git servers/slapd/overlays/deref.c servers/slapd/overlays/deref.c
-index 9420e3e..05aa890 100644
---- servers/slapd/overlays/deref.c
-+++ servers/slapd/overlays/deref.c
-@@ -183,7 +183,8 @@ deref_parseCtrl (
- 		ber_len_t cnt = sizeof(struct berval);
- 		ber_len_t off = 0;
- 
--		if ( ber_scanf( ber, "{m{M}}", &derefAttr, &attributes, &cnt, off ) == LBER_ERROR )
-+		if ( ber_scanf( ber, "{m{M}}", &derefAttr, &attributes, &cnt, off ) == LBER_ERROR
-+			|| !cnt )
- 		{
- 			rs->sr_text = "Dereference control: derefSpec decoding error";
- 			rs->sr_err = LDAP_PROTOCOL_ERROR;
--- 
-1.7.10.4
-
diff --git a/net/openldap24-server/files/patch-ITS8046 b/net/openldap24-server/files/patch-ITS8046
deleted file mode 100644
index eee2145f6fae..000000000000
--- a/net/openldap24-server/files/patch-ITS8046
+++ /dev/null
@@ -1,34 +0,0 @@
-From 2f1a2dd329b91afe561cd06b872d09630d4edb6a Mon Sep 17 00:00:00 2001
-From: Howard Chu <hyc@openldap.org>
-Date: Wed, 4 Feb 2015 02:03:55 +0000
-Subject: [PATCH] ITS#8046 fix vrFilter_free
-
----
- servers/slapd/filter.c |   10 +++-------
- 1 file changed, 3 insertions(+), 7 deletions(-)
-
-diff --git servers/slapd/filter.c servers/slapd/filter.c
-index b859f73..22c81c8 100644
---- servers/slapd/filter.c
-+++ servers/slapd/filter.c
-@@ -1158,14 +1158,10 @@ get_vrFilter( Operation *op, BerElement *ber,
- void
- vrFilter_free( Operation *op, ValuesReturnFilter *vrf )
- {
--	ValuesReturnFilter	*p, *next;
-+	ValuesReturnFilter	*next;
- 
--	if ( vrf == NULL ) {
--		return;
--	}
--
--	for ( p = vrf; p != NULL; p = next ) {
--		next = p->vrf_next;
-+	for ( ; vrf != NULL; vrf = next ) {
-+		next = vrf->vrf_next;
- 
- 		switch ( vrf->vrf_choice & SLAPD_FILTER_MASK ) {
- 		case LDAP_FILTER_PRESENT:
--- 
-1.7.10.4
-