From 2caae11bc00b028e978eb940700755f4c77c77ff Mon Sep 17 00:00:00 2001 From: eaglegai Date: Fri, 9 Jul 2021 09:39:19 +0800 Subject: [PATCH] fix CVE-2020-25709 CVE-2020-25710 --- CVE-2020-25709.patch | 25 +++++++++++++++++++++++++ CVE-2020-25710.patch | 26 ++++++++++++++++++++++++++ openldap.spec | 10 ++++++++-- 3 files changed, 59 insertions(+), 2 deletions(-) create mode 100644 CVE-2020-25709.patch create mode 100644 CVE-2020-25710.patch diff --git a/CVE-2020-25709.patch b/CVE-2020-25709.patch new file mode 100644 index 0000000..6aa13ca --- /dev/null +++ b/CVE-2020-25709.patch @@ -0,0 +1,25 @@ +From 67670f4544e28fb09eb7319c39f404e1d3229e65 Mon Sep 17 00:00:00 2001 +From: Howard Chu +Date: Mon, 2 Nov 2020 13:12:10 +0000 +Subject: [PATCH] ITS#9383 remove assert in certificateListValidate + +--- + servers/slapd/schema_init.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c +index ea0d67aa62..28f9e71a16 100644 +--- a/servers/slapd/schema_init.c ++++ b/servers/slapd/schema_init.c +@@ -371,8 +371,7 @@ certificateListValidate( Syntax *syntax, struct berval *in ) + /* Optional version */ + if ( tag == LBER_INTEGER ) { + tag = ber_get_int( ber, &version ); +- assert( tag == LBER_INTEGER ); +- if ( version != SLAP_X509_V2 ) return LDAP_INVALID_SYNTAX; ++ if ( tag != LBER_INTEGER || version != SLAP_X509_V2 ) return LDAP_INVALID_SYNTAX; + } + tag = ber_skip_tag( ber, &len ); /* Signature Algorithm */ + if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX; +-- +GitLab diff --git a/CVE-2020-25710.patch b/CVE-2020-25710.patch new file mode 100644 index 0000000..3edfe42 --- /dev/null +++ b/CVE-2020-25710.patch @@ -0,0 +1,26 @@ +From bdb0d459187522a6063df13871b82ba8dcc6efe2 Mon Sep 17 00:00:00 2001 +From: Howard Chu +Date: Mon, 2 Nov 2020 16:01:14 +0000 +Subject: [PATCH] ITS#9384 remove assert in obsolete csnNormalize23() + +--- + servers/slapd/schema_init.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c +index 5812bc4b66..ea0d67aa62 100644 +--- a/servers/slapd/schema_init.c ++++ b/servers/slapd/schema_init.c +@@ -5327,8 +5327,8 @@ csnNormalize23( + } + *ptr = '\0'; + +- assert( ptr == &bv.bv_val[bv.bv_len] ); +- if ( csnValidate( syntax, &bv ) != LDAP_SUCCESS ) { ++ if ( ptr != &bv.bv_val[bv.bv_len] || ++ csnValidate( syntax, &bv ) != LDAP_SUCCESS ) { + return LDAP_INVALID_SYNTAX; + } + +-- +GitLab diff --git a/openldap.spec b/openldap.spec index 6fd22c8..881cd3a 100644 --- a/openldap.spec +++ b/openldap.spec @@ -2,7 +2,7 @@ Name: openldap Version: 2.4.50 -Release: 7 +Release: 8 Summary: LDAP support libraries License: OpenLDAP URL: https://www.openldap.org/ @@ -62,7 +62,8 @@ Patch41: backport-Fix-test-suite.patch Patch42: backport-ITS-9010-regenerate-configure.patch Patch43: backport-ITS-9010-More-BDB-HDB-cleanup.patch Patch44: CVE-2021-27212.patch - +Patch45: CVE-2020-25709.patch +Patch46: CVE-2020-25710.patch BuildRequires: cyrus-sasl-devel openssl-devel krb5-devel unixODBC-devel BuildRequires: glibc-devel libtool libtool-ltdl-devel groff perl-interpreter perl-devel perl-generators perl-ExtUtils-Embed @@ -172,6 +173,8 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi %patch42 -p1 %patch43 -p1 %patch44 -p1 +%patch45 -p1 +%patch46 -p1 ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays mv contrib/slapd-modules/smbk5pwd/README contrib/slapd-modules/smbk5pwd/README.smbk5pwd @@ -451,6 +454,9 @@ popd %doc ltb-project-openldap-ppolicy-check-password-1.1/README.check_pwd %changelog +* Fri Jul 09 2021 gaihuiying - 2.4.50-8 +- fix CVE-2020-25709 CVE-2020-25710 + * Sat Feb 27 2021 orange-snn - 2.4.50-7 - fix CVE-2021-27212 -- Gitee