NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/openldap: security bump to version 2.4.56

Browse Source 
Fixes the following security issue:

- CVE-2020-25692: A NULL pointer dereference was found in OpenLDAP server
  and was fixed in openldap 2.4.55, during a request for renaming RDNs.  An
  unauthenticated attacker could remotely crash the slapd process by sending
  a specially crafted request, causing a Denial of Service.

- CVE-2020-25709: Assertion failure in CSN normalization with invalid input

- CVE-2020-25710: Assertion failure in CSN normalization with invalid input

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[Peter: add CVE info]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Francois Perrad 2020-12-22 18:11:49 +01:00 committed by Peter Korsgaard
parent 3bd72efdaf
commit 09a565d940
4 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package/openldap/0001-fix_cross_strip.patch
View File

@ -44,7 +44,7 @@ diff -rupN openldap-2.4.40/clients/tools/Makefile.in openldap-2.4.40-br/clients/
diff -rupN openldap-2.4.40/configure.in openldap-2.4.40-br/configure.in
--- openldap-2.4.40/configure.in 2014-09-18 21:48:49.000000000 -0400
+++ openldap-2.4.40-br/configure.in 2015-01-16 15:50:48.874816786 -0500
@@ -669,6 +669,15 @@ if test -z "${AR}"; then
@@ -668,6 +668,15 @@ if test -z "${AR}"; then
fi
fi

4
package/openldap/0002-fix-bignum.patch
View File

@ -15,7 +15,7 @@ Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
diff -durN openldap-2.4.40.orig/configure openldap-2.4.40/configure
--- openldap-2.4.40.orig/configure 2014-09-19 03:48:49.000000000 +0200
+++ openldap-2.4.40/configure 2015-01-25 18:44:54.216879362 +0100
@@ -23478,7 +23478,7 @@
@@ -23431,7 +23431,7 @@
if test "$ac_cv_header_openssl_bn_h" = "yes" &&
test "$ac_cv_header_openssl_crypto_h" = "yes" &&
@ -27,7 +27,7 @@ diff -durN openldap-2.4.40.orig/configure openldap-2.4.40/configure
diff -durN openldap-2.4.40.orig/configure.in openldap-2.4.40/configure.in
--- openldap-2.4.40.orig/configure.in 2014-09-19 03:48:49.000000000 +0200
+++ openldap-2.4.40/configure.in 2015-01-25 18:44:37.628676446 +0100
@@ -2367,7 +2367,7 @@
@@ -2383,7 +2383,7 @@
AC_CHECK_HEADERS(openssl/crypto.h)
if test "$ac_cv_header_openssl_bn_h" = "yes" &&
test "$ac_cv_header_openssl_crypto_h" = "yes" &&

10
package/openldap/openldap.hash
View File

@ -1,7 +1,7 @@
# From https://www.openldap.org/software/download/OpenLDAP/openldap-release/openldap-2.4.50.md5
md5 f9ed44ef373abed04c9e4c8586260f9e openldap-2.4.50.tgz
# From https://www.openldap.org/software/download/OpenLDAP/openldap-release/openldap-2.4.50.sha1
sha1 82f576e0d0d334e9e798d9de8936683546247bb9 openldap-2.4.50.tgz
# From https://www.openldap.org/software/download/OpenLDAP/openldap-release/openldap-2.4.56.md5
md5 82a7dcf7aeaf95fdad16017c0ed9983a openldap-2.4.56.tgz
# From https://www.openldap.org/software/download/OpenLDAP/openldap-release/openldap-2.4.56.sha1
sha1 4c617b87bd50ef8d071e7deb7525af79b08d4910 openldap-2.4.56.tgz
# Locally computed
sha256 5cb57d958bf5c55a678c6a0f06821e0e5504d5a92e6a33240841fbca1db586b8 openldap-2.4.50.tgz
sha256 25520e0363c93f3bcb89802a4aa3db33046206039436e0c7c9262db5a61115e0 openldap-2.4.56.tgz
sha256 310fe25c858a9515fc8c8d7d1f24a67c9496f84a91e0a0e41ea9975b1371e569 LICENSE

2
package/openldap/openldap.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
OPENLDAP_VERSION = 2.4.50
OPENLDAP_VERSION = 2.4.56
OPENLDAP_SOURCE = openldap-$(OPENLDAP_VERSION).tgz
OPENLDAP_SITE = https://www.openldap.org/software/download/OpenLDAP/openldap-release
OPENLDAP_LICENSE = OpenLDAP Public License