Commit f433608c authored by Leo's avatar Leo Committed by Natanael Copa

main/openldap: security upgrade to 2.4.46

fixes #8786
parent 5865ea3a
...@@ -2,12 +2,15 @@ ...@@ -2,12 +2,15 @@
# Contributor: Jakub Jirutka <jakub@jirutka.cz> # Contributor: Jakub Jirutka <jakub@jirutka.cz>
# #
# secfixes: # secfixes:
# 2.4.46-r0:
# - CVE-2017-14159
# - CVE-2017-17740
# 2.4.44-r5: # 2.4.44-r5:
# - CVE-2017-9287 # - CVE-2017-9287
# #
pkgname=openldap pkgname=openldap
pkgver=2.4.45 pkgver=2.4.46
pkgrel=3 pkgrel=0
pkgdesc="LDAP Server" pkgdesc="LDAP Server"
url="http://www.openldap.org/" url="http://www.openldap.org/"
arch="all" arch="all"
...@@ -23,7 +26,8 @@ subpackages="$pkgname-dev $pkgname-doc libldap ...@@ -23,7 +26,8 @@ subpackages="$pkgname-dev $pkgname-doc libldap
$pkgname-backend-all:_backend_all:noarch $pkgname-backend-all:_backend_all:noarch
$pkgname-overlay-all:_overlay_all:noarch" $pkgname-overlay-all:_overlay_all:noarch"
install="$pkgname.pre-install $pkgname.post-install $pkgname.post-upgrade" install="$pkgname.pre-install $pkgname.post-install $pkgname.post-upgrade"
source="ftp://ftp.$pkgname.org/pub/OpenLDAP/$pkgname-release/$pkgname-$pkgver.tgz source="
https://www.openldap.org/software/download/OpenLDAP/openldap-release/openldap-$pkgver.tgz
openldap-2.4-ppolicy.patch openldap-2.4-ppolicy.patch
openldap-2.4.11-libldap_r.patch openldap-2.4.11-libldap_r.patch
openldap-mqtt-overlay.patch openldap-mqtt-overlay.patch
...@@ -212,11 +216,11 @@ _submv() { ...@@ -212,11 +216,11 @@ _submv() {
done done
} }
sha512sums="1c9fc84efed8998f107ce6e1c6be3f5466388241afdca0cb3847720c9def0bc263a2dbc15bf0f9112d1b4c391fd01e8531a4fb08c5532c30fb86924c08daedab openldap-2.4.45.tgz sha512sums="eef39d43f04aa09c657a1422cefef060fe00368559ae40d0d97536c08ebeaaa1ab06207b3f121ba6afcde54abdc550027c3505e5217e5fd47ae6f8c001260186 openldap-2.4.46.tgz
5d34d49eabe7cb66cf8284cc3bd9730fa23df4932df68549e242d250ee50d40c434ae074ebc720d5fbcd9d16587c9333c5598d30a5f1177caa61461ab7771f38 openldap-2.4-ppolicy.patch 5d34d49eabe7cb66cf8284cc3bd9730fa23df4932df68549e242d250ee50d40c434ae074ebc720d5fbcd9d16587c9333c5598d30a5f1177caa61461ab7771f38 openldap-2.4-ppolicy.patch
44d97efb25d4f39ab10cd5571db43f3bfa7c617a5bb087085ae16c0298aca899b55c8742a502121ba743a73e6d77cd2056bc96cee63d6d0862dabc8fb5574357 openldap-2.4.11-libldap_r.patch 44d97efb25d4f39ab10cd5571db43f3bfa7c617a5bb087085ae16c0298aca899b55c8742a502121ba743a73e6d77cd2056bc96cee63d6d0862dabc8fb5574357 openldap-2.4.11-libldap_r.patch
9c7f41279e91ed995c91e9a8c543c797d9294a93cf260afdc03ab5777e45ed045a4d6a4d4d0180b5dc387dc04babca01d818fbfa8168309df44f4500d2a430a4 openldap-mqtt-overlay.patch 9c7f41279e91ed995c91e9a8c543c797d9294a93cf260afdc03ab5777e45ed045a4d6a4d4d0180b5dc387dc04babca01d818fbfa8168309df44f4500d2a430a4 openldap-mqtt-overlay.patch
cbfd573139e6b0c51d0f1f1337d74d5c07813509754758df240b09bc2ba559127f656580eef88f1db1c1322d7cb05042b1926e046e24c19889759647aee7aec6 libressl.patch ec4604e4ec55ab2109d59deb54e0b6291f43ec91da9bb42a784add67de3200bed22cfd64b1426d3b8f2f0bdee8d97440adc7c21be43db0646d7508cdee2fdac2 libressl.patch
8c4244d316a05870dd1147b2ab7ddbcfd7626b5dce2f5a0e72f066dc635c2edb4f1ea3be88c6fec2d5ab016001be16bedef70f2ce0695c3cd96f69e1614ff177 fix-manpages.patch 8c4244d316a05870dd1147b2ab7ddbcfd7626b5dce2f5a0e72f066dc635c2edb4f1ea3be88c6fec2d5ab016001be16bedef70f2ce0695c3cd96f69e1614ff177 fix-manpages.patch
0d2e570ddcb7ace1221abad9fc1d3dd0d00d6948340df69879b449959a68feee6a0ad8e17ef9971b35986293e16fc9d8e88de81815fedd5ea6a952eb085406ca configs.patch 0d2e570ddcb7ace1221abad9fc1d3dd0d00d6948340df69879b449959a68feee6a0ad8e17ef9971b35986293e16fc9d8e88de81815fedd5ea6a952eb085406ca configs.patch
0c3606e4dad1b32f1c4b62f2bc1990a4c9f7ccd10c7b50e623309ba9df98064e68fc42a7242450f32fb6e5fa2203609d3d069871b5ae994cd4b227a078c93532 slapd.initd 0c3606e4dad1b32f1c4b62f2bc1990a4c9f7ccd10c7b50e623309ba9df98064e68fc42a7242450f32fb6e5fa2203609d3d069871b5ae994cd4b227a078c93532 slapd.initd
......
--- a/libraries/libldap/tls_o.c.orig 2017-06-04 16:31:28 UTC diff --git a/libraries/libldap/tls_o.c b/libraries/libldap/tls_o.c
index 92c708b..77910bb 100644
--- a/libraries/libldap/tls_o.c
+++ b/libraries/libldap/tls_o.c +++ b/libraries/libldap/tls_o.c
@@ -47,7 +47,7 @@ @@ -47,7 +47,7 @@
#include <ssl.h> #include <ssl.h>
...@@ -9,7 +11,16 @@ ...@@ -9,7 +11,16 @@
#define ASN1_STRING_data(x) ASN1_STRING_get0_data(x) #define ASN1_STRING_data(x) ASN1_STRING_get0_data(x)
#endif #endif
@@ -157,7 +157,7 @@ tlso_init( void ) @@ -116,7 +116,7 @@ static void tlso_thr_init( void ) {}
#endif
#endif /* OpenSSL 1.1 */
-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
/*
* OpenSSL 1.1 API and later makes the BIO method concrete types internal.
*/
@@ -197,7 +197,7 @@ tlso_init( void )
(void) tlso_seed_PRNG( lo->ldo_tls_randfile ); (void) tlso_seed_PRNG( lo->ldo_tls_randfile );
#endif #endif
...@@ -18,7 +29,7 @@ ...@@ -18,7 +29,7 @@
SSL_load_error_strings(); SSL_load_error_strings();
SSL_library_init(); SSL_library_init();
OpenSSL_add_all_digests(); OpenSSL_add_all_digests();
@@ -205,7 +205,7 @@ static void @@ -249,7 +249,7 @@ static void
tlso_ctx_ref( tls_ctx *ctx ) tlso_ctx_ref( tls_ctx *ctx )
{ {
tlso_ctx *c = (tlso_ctx *)ctx; tlso_ctx *c = (tlso_ctx *)ctx;
...@@ -27,7 +38,7 @@ ...@@ -27,7 +38,7 @@
#define SSL_CTX_up_ref(ctx) CRYPTO_add( &(ctx->references), 1, CRYPTO_LOCK_SSL_CTX ) #define SSL_CTX_up_ref(ctx) CRYPTO_add( &(ctx->references), 1, CRYPTO_LOCK_SSL_CTX )
#endif #endif
SSL_CTX_up_ref( c ); SSL_CTX_up_ref( c );
@@ -464,7 +464,7 @@ tlso_session_my_dn( tls_session *sess, struct berval * @@ -508,7 +508,7 @@ tlso_session_my_dn( tls_session *sess, struct berval *der_dn )
if (!x) return LDAP_INVALID_CREDENTIALS; if (!x) return LDAP_INVALID_CREDENTIALS;
xn = X509_get_subject_name(x); xn = X509_get_subject_name(x);
...@@ -36,7 +47,7 @@ ...@@ -36,7 +47,7 @@
der_dn->bv_len = i2d_X509_NAME( xn, NULL ); der_dn->bv_len = i2d_X509_NAME( xn, NULL );
der_dn->bv_val = xn->bytes->data; der_dn->bv_val = xn->bytes->data;
#else #else
@@ -500,7 +500,7 @@ tlso_session_peer_dn( tls_session *sess, struct berval @@ -544,7 +544,7 @@ tlso_session_peer_dn( tls_session *sess, struct berval *der_dn )
return LDAP_INVALID_CREDENTIALS; return LDAP_INVALID_CREDENTIALS;
xn = X509_get_subject_name(x); xn = X509_get_subject_name(x);
...@@ -45,7 +56,7 @@ ...@@ -45,7 +56,7 @@
der_dn->bv_len = i2d_X509_NAME( xn, NULL ); der_dn->bv_len = i2d_X509_NAME( xn, NULL );
der_dn->bv_val = xn->bytes->data; der_dn->bv_val = xn->bytes->data;
#else #else
@@ -721,7 +721,7 @@ struct tls_data { @@ -765,7 +765,7 @@ struct tls_data {
Sockbuf_IO_Desc *sbiod; Sockbuf_IO_Desc *sbiod;
}; };
...@@ -54,12 +65,4 @@ ...@@ -54,12 +65,4 @@
#define BIO_set_init(b, x) b->init = x #define BIO_set_init(b, x) b->init = x
#define BIO_set_data(b, x) b->ptr = x #define BIO_set_data(b, x) b->ptr = x
#define BIO_clear_flags(b, x) b->flags &= ~(x) #define BIO_clear_flags(b, x) b->flags &= ~(x)
@@ -822,7 +822,7 @@ tlso_bio_puts( BIO *b, const char *str )
return tlso_bio_write( b, str, strlen( str ) );
}
-#if OPENSSL_VERSION_NUMBER >= 0x10100000
+#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)
struct bio_method_st {
int type;
const char *name;
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment