diff --git a/CVE-2020-25709.patch b/CVE-2020-25709.patch new file mode 100644 index 0000000000000000000000000000000000000000..6aa13ca5e0b8a14eaa493c6eb320764ba4e741b5 --- /dev/null +++ b/CVE-2020-25709.patch @@ -0,0 +1,25 @@ +From 67670f4544e28fb09eb7319c39f404e1d3229e65 Mon Sep 17 00:00:00 2001 +From: Howard Chu +Date: Mon, 2 Nov 2020 13:12:10 +0000 +Subject: [PATCH] ITS#9383 remove assert in certificateListValidate + +--- + servers/slapd/schema_init.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c +index ea0d67aa62..28f9e71a16 100644 +--- a/servers/slapd/schema_init.c ++++ b/servers/slapd/schema_init.c +@@ -371,8 +371,7 @@ certificateListValidate( Syntax *syntax, struct berval *in ) + /* Optional version */ + if ( tag == LBER_INTEGER ) { + tag = ber_get_int( ber, &version ); +- assert( tag == LBER_INTEGER ); +- if ( version != SLAP_X509_V2 ) return LDAP_INVALID_SYNTAX; ++ if ( tag != LBER_INTEGER || version != SLAP_X509_V2 ) return LDAP_INVALID_SYNTAX; + } + tag = ber_skip_tag( ber, &len ); /* Signature Algorithm */ + if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX; +-- +GitLab diff --git a/CVE-2020-25710.patch b/CVE-2020-25710.patch new file mode 100644 index 0000000000000000000000000000000000000000..3edfe421036a090f38d5be8247f79f57edef6a46 --- /dev/null +++ b/CVE-2020-25710.patch @@ -0,0 +1,26 @@ +From bdb0d459187522a6063df13871b82ba8dcc6efe2 Mon Sep 17 00:00:00 2001 +From: Howard Chu +Date: Mon, 2 Nov 2020 16:01:14 +0000 +Subject: [PATCH] ITS#9384 remove assert in obsolete csnNormalize23() + +--- + servers/slapd/schema_init.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c +index 5812bc4b66..ea0d67aa62 100644 +--- a/servers/slapd/schema_init.c ++++ b/servers/slapd/schema_init.c +@@ -5327,8 +5327,8 @@ csnNormalize23( + } + *ptr = '\0'; + +- assert( ptr == &bv.bv_val[bv.bv_len] ); +- if ( csnValidate( syntax, &bv ) != LDAP_SUCCESS ) { ++ if ( ptr != &bv.bv_val[bv.bv_len] || ++ csnValidate( syntax, &bv ) != LDAP_SUCCESS ) { + return LDAP_INVALID_SYNTAX; + } + +-- +GitLab diff --git a/CVE-2021-27212.patch b/CVE-2021-27212.patch new file mode 100644 index 0000000000000000000000000000000000000000..663cae6a964179807a29b5b21b3cf39acd457562 --- /dev/null +++ b/CVE-2021-27212.patch @@ -0,0 +1,28 @@ +From 3539fc33212b528c56b716584f2c2994af7c30b0 Mon Sep 17 00:00:00 2001 +From: Howard Chu +Date: Sat, 6 Feb 2021 20:52:06 +0000 +Subject: [PATCH] ITS#9454 fix issuerAndThisUpdateCheck + +Reference:https://git.openldap.org/openldap/openldap/-/commit/3539fc33212b528c56b716584f2c2994af7c30b0 + +--- + servers/slapd/schema_init.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c +index 466899625..914df70eb 100644 +--- a/servers/slapd/schema_init.c ++++ b/servers/slapd/schema_init.c +@@ -3975,6 +3975,8 @@ issuerAndThisUpdateCheck( + break; + } + } ++ if ( tu->bv_len < STRLENOF("YYYYmmddHHmmssZ") ) return LDAP_INVALID_SYNTAX; ++ + x.bv_val += tu->bv_len + 1; + x.bv_len -= tu->bv_len + 1; + + +-- +GitLab + diff --git a/backport-Fix-test-suite.patch b/backport-Fix-test-suite.patch new file mode 100644 index 0000000000000000000000000000000000000000..cc8f72e1ff1d6ca8ef28a74465a0731311aaf204 --- /dev/null +++ b/backport-Fix-test-suite.patch @@ -0,0 +1,71 @@ +From 70f87370f99e78ac3874501bfe5124dbb86185a8 Mon Sep 17 00:00:00 2001 +From: zhangqiumiao +Date: Fri, 25 Sep 2020 21:56:43 +0800 +Subject: [PATCH] backport Fix test suite + +--- + tests/data/monitor2.out | 3 --- + tests/scripts/test052-memberof | 2 +- + tests/scripts/test056-monitor | 11 ++--------- + 3 files changed, 3 insertions(+), 13 deletions(-) + +diff --git a/tests/data/monitor2.out b/tests/data/monitor2.out +index 26e9ce9..20209d1 100644 +--- a/tests/data/monitor2.out ++++ b/tests/data/monitor2.out +@@ -10,9 +10,6 @@ structuralObjectClass: monitoredObject + monitorIsShadow: FALSE + namingContexts: o=OpenLDAP Project,l=Internet + readOnly: FALSE +-olmBDBEntryCache: 0 +-olmBDBDNCache: 0 +-olmBDBIDLCache: 0 + entryDN: cn=Database 1,cn=Databases,cn=Monitor + + dn: cn=Database 2,cn=Databases,cn=Monitor +diff --git a/tests/scripts/test052-memberof b/tests/scripts/test052-memberof +index a73a929..1dba946 100755 +--- a/tests/scripts/test052-memberof ++++ b/tests/scripts/test052-memberof +@@ -72,7 +72,7 @@ EOF + fi + fi + +-indexInclude="" mainInclude="" " nullExclude="" ++indexInclude="" mainInclude="" nullExclude="" + test $INDEXDB = indexdb || indexInclude="# " + test $MAINDB = maindb || mainInclude="# " + case $BACKEND in +diff --git a/tests/scripts/test056-monitor b/tests/scripts/test056-monitor +index 7a87eaa..0e1ba20 100755 +--- a/tests/scripts/test056-monitor ++++ b/tests/scripts/test056-monitor +@@ -85,7 +85,7 @@ echo "Using ldapsearch to read database monitor entries..." + $LDAPSEARCH -S "" -b "$DATABASESMONITORDN" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' \ + structuralObjectClass entryDN namingContexts readOnly \ +- monitorIsShadow monitorContext ++ monitorIsShadow monitorContext \ + > $SEARCHOUT 2>&1 + RC=$? + +@@ -98,15 +98,8 @@ fi + echo "Filtering ldapsearch results..." + $LDIFFILTER -b monitor < $SEARCHOUT > $SEARCHFLT + +-TMPMONITOROUT2=$MONITOROUT2 +-case $BACKEND in +-*) +- TMPMONITOROUT2=$TESTDIR/monitor2.out +- ;; +-esac +- + echo "Comparing filter output..." +-$CMP $SEARCHFLT $TMPMONITOROUT2 > $CMPOUT ++$CMP $SEARCHFLT $MONITOROUT2 > $CMPOUT + + if test $? != 0 ; then + echo "comparison failed - database monitor output is not correct" +-- +2.19.1 + diff --git a/openldap.spec b/openldap.spec index 965a3dfa653ff3b24125466369f2abda58b2e589..78b7791e590ee2c6c3c7a898bfcd10754aba0f5c 100644 --- a/openldap.spec +++ b/openldap.spec @@ -2,7 +2,7 @@ Name: openldap Version: 2.4.50 -Release: 5 +Release: 6 Summary: LDAP support libraries License: OpenLDAP URL: https://www.openldap.org/ @@ -57,6 +57,10 @@ Patch36: CVE-2020-36227.patch Patch37: CVE-2020-36228.patch Patch38: CVE-2020-36230.patch Patch39: CVE-2020-36229.patch +Patch40: CVE-2021-27212.patch +Patch41: CVE-2020-25709.patch +Patch42: CVE-2020-25710.patch +Patch43: backport-Fix-test-suite.patch BuildRequires: cyrus-sasl-devel openssl-devel krb5-devel unixODBC-devel BuildRequires: glibc-devel libtool libtool-ltdl-devel groff perl-interpreter perl-devel perl-generators perl-ExtUtils-Embed @@ -161,6 +165,10 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi %patch37 -p1 %patch38 -p1 %patch39 -p1 +%patch40 -p1 +%patch41 -p1 +%patch42 -p1 +%patch43 -p1 ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays mv contrib/slapd-modules/smbk5pwd/README contrib/slapd-modules/smbk5pwd/README.smbk5pwd @@ -443,6 +451,12 @@ popd %doc ltb-project-openldap-ppolicy-check-password-1.1/README.check_pwd %changelog +* Thu Oct 28 2021 zengweifeng - 2.4.50-6 +- Type:cves +- ID:NA +- SUG:restart +- DESC: fix CVE-2020-25709 CVE-2020-25710 CVE-2021-27212 + * Thu Feb 18 2021 liulong - 2.4.50-5 - Type:cves - ID:NA