From 56fce6f43a68e1d1875a13056f2237d8b09d3ba6 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Apr 27 2021 07:55:48 +0000 Subject: import openldap-2.4.44-23.el7_9 --- diff --git a/SOURCES/openldap-ITS-9370-check-for-equality-rule-on-old_rdn.patch b/SOURCES/openldap-ITS-9370-check-for-equality-rule-on-old_rdn.patch new file mode 100644 index 0000000..34f6a74 --- /dev/null +++ b/SOURCES/openldap-ITS-9370-check-for-equality-rule-on-old_rdn.patch @@ -0,0 +1,27 @@ +From 4c774220a752bf8e3284984890dc0931fe73165d Mon Sep 17 00:00:00 2001 +From: Howard Chu +Date: Mon, 19 Oct 2020 14:03:41 +0100 +Subject: [PATCH] ITS#9370 check for equality rule on old_rdn + +Just skip normalization if there's no equality rule. We accept +DNs without equality rules already. +--- + servers/slapd/modrdn.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/servers/slapd/modrdn.c b/servers/slapd/modrdn.c +index c73dd8dba..a22975540 100644 +--- a/servers/slapd/modrdn.c ++++ b/servers/slapd/modrdn.c +@@ -505,7 +505,7 @@ slap_modrdn2mods( + mod_tmp->sml_values = ( BerVarray )ch_malloc( 2 * sizeof( struct berval ) ); + ber_dupbv( &mod_tmp->sml_values[0], &old_rdn[d_cnt]->la_value ); + mod_tmp->sml_values[1].bv_val = NULL; +- if( desc->ad_type->sat_equality->smr_normalize) { ++ if( desc->ad_type->sat_equality && desc->ad_type->sat_equality->smr_normalize) { + mod_tmp->sml_nvalues = ( BerVarray )ch_malloc( 2 * sizeof( struct berval ) ); + (void) (*desc->ad_type->sat_equality->smr_normalize)( + SLAP_MR_EQUALITY|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX, +-- +2.26.2 + diff --git a/SPECS/openldap.spec b/SPECS/openldap.spec index 5fd0460..8c3b71c 100644 --- a/SPECS/openldap.spec +++ b/SPECS/openldap.spec @@ -5,7 +5,7 @@ Name: openldap Version: 2.4.44 -Release: 22%{?dist} +Release: 23%{?dist} Summary: LDAP support libraries Group: System Environment/Daemons License: OpenLDAP @@ -56,6 +56,7 @@ Patch36: openldap-bdb_idl_fetch_key-correct-key-pointer.patch Patch37: openldap-ITS8655-fix-double-free-on-paged-search-with-pagesize-0.patch Patch38: openldap-ITS8720-back-ldap-starttls-timeout.patch Patch39: openldap-ITS-9202-limit-depth-of-nested-filters.patch +Patch40: openldap-ITS-9370-check-for-equality-rule-on-old_rdn.patch # fixes for DH and ECDH Patch50: openldap-openssl-its7506-fix-DH-params-1.patch @@ -186,6 +187,7 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi %patch37 -p1 %patch38 -p1 %patch39 -p1 +%patch40 -p1 %patch50 -p1 %patch51 -p1 %patch52 -p1 @@ -677,6 +679,9 @@ exit 0 %{_mandir}/man3/* %changelog +* Mon Jan 4 2021 Simon Pichugin - 2.4.44-23 +- Fix CVE-2020-25692 openldap: NULL pointer dereference for unauthenticated packet in slapd (#1895328) + * Sat Jun 6 2020 Matus Honek - 2.4.44-22 - Fix CVE-2020-12243 openldap: denial of service via nested boolean expressions in LDAP search filters (#1838405)