main/ldb: security fix (CVE-2018-1140)

Fixes #9257

main/ldb: security fix (CVE-2018-1140)
Fixes #9257
8c6e5428 · Leonardo Arena · b8aa48b6 · 8c6e5428 · 8c6e5428
Commit 8c6e5428 authored Aug 22, 2018 by Leonardo Arena
Showing with 40 additions and 4 deletions

main/ldb/0001-CVE-2018-1140-ldb-Check-for-ldb_dn_get_casefold-fail.patch ...VE-2018-1140-ldb-Check-for-ldb_dn_get_casefold-fail.patch +30 -0

main/ldb/APKBUILD main/ldb/APKBUILD +10 -4

No files found.
--- a/main/ldb/0001-CVE-2018-1140-ldb-Check-for-ldb_dn_get_casefold-fail.patch
+++ b/main/ldb/0001-CVE-2018-1140-ldb-Check-for-ldb_dn_get_casefold-fail.patch
+From 3f95957d6de321c803a66f3ec67a8ff09befd16d Mon Sep 17 00:00:00 2001
+From: Andrew Bartlett <abartlet@samba.org>
+Date: Mon, 21 May 2018 14:50:50 +1200
+Subject: [PATCH] CVE-2018-1140 ldb: Check for ldb_dn_get_casefold() failure in
+ ldb_sqlite
+
+Signed-off-by: Andrew Bartlett <abartlet@samba.org>
+Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=13374
+---
+ ldb_sqlite3/ldb_sqlite3.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/ldb_sqlite3/ldb_sqlite3.c b/lib/ldb/ldb_sqlite3/ldb_sqlite3.c
+index f94dc993904..0f5abf87547 100644
+--- a/ldb_sqlite3/ldb_sqlite3.c
+++ b/ldb_sqlite3/ldb_sqlite3.c
+@@ -323,6 +323,9 @@ static char *parsetree_to_sql(struct ldb_module *module,
+ 		 	const char *cdn = ldb_dn_get_casefold(
+ 						ldb_dn_new(mem_ctx, ldb,
+ 							      (const char *)value.data));
+			if (cdn == NULL) {
+				return NULL;
+			}
+ 
+ 			return lsqlite3_tprintf(mem_ctx,
+ 						"SELECT eid FROM ldb_entry "
+-- 
+2.18.0
+
--- a/main/ldb/APKBUILD
+++ b/main/ldb/APKBUILD
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=ldb
 pkgver=1.3.0
-pkgrel=0
+pkgrel=1
 pkgdesc="A schema-less, ldap like, API and database"
 url="http://ldb.samba.org/"
 arch="all"
@@ -9,10 +9,15 @@ license="LGPLv3+"
 makedepends="$depends_dev tevent-dev py-tevent tdb-dev py-tdb talloc-dev
 	python2-dev popt-dev cmocka-dev"
 subpackages="$pkgname-dev py-$pkgname:_py $pkgname-tools"
-source="https://www.samba.org/ftp/pub/ldb/ldb-$pkgver.tar.gz"
-
+source="https://www.samba.org/ftp/pub/ldb/ldb-$pkgver.tar.gz
+	0001-CVE-2018-1140-ldb-Check-for-ldb_dn_get_casefold-fail.patch
+	"
 builddir="$srcdir"/ldb-$pkgver

+# secfixes
+#   1.3.0-r1:
+#     - CVE-2018-1140
+
 build() {
 	cd "$builddir"
 	./configure \
@@ -49,4 +54,5 @@ tools() {
 	mv "$pkgdir"/usr/lib/ldb/libldb-cmdline.* "$subpkgdir"/usr/lib/ldb/
 }

-sha512sums="c5afe3c5229cbc35a5715e6ed1faa070dfa3d6b3c0902cc53770373bbc1761ff4ff93aa9b88d5573b9af9925332bb5cebf4a7a129852231f13be33d5cee3a9f8  ldb-1.3.0.tar.gz"
+sha512sums="c5afe3c5229cbc35a5715e6ed1faa070dfa3d6b3c0902cc53770373bbc1761ff4ff93aa9b88d5573b9af9925332bb5cebf4a7a129852231f13be33d5cee3a9f8  ldb-1.3.0.tar.gz
+e582b6e99f94d566de3259e5585baab25d43613711c501e752971a6180ceac60f4fe2cc0bdfc2f0bf26208cb86cb4c857c16f6645410badf694efa8be10db64f  0001-CVE-2018-1140-ldb-Check-for-ldb_dn_get_casefold-fail.patch"