diff --git a/openldap-require-non-empty-attributelist.patch b/openldap-require-non-empty-attributelist.patch new file mode 100644 index 0000000..c1def80 --- /dev/null +++ b/openldap-require-non-empty-attributelist.patch @@ -0,0 +1,26 @@ +From 7a5a98577a0481d864ca7fe05b9b32274d4d1fb5 Mon Sep 17 00:00:00 2001 +From: Howard Chu +Date: Mon, 19 Jan 2015 22:25:53 +0000 +Subject: [PATCH] ITS#8027 require non-empty AttributeList + +--- + servers/slapd/overlays/deref.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/servers/slapd/overlays/deref.c b/servers/slapd/overlays/deref.c +index 9420e3e..05aa890 100644 +--- a/servers/slapd/overlays/deref.c ++++ b/servers/slapd/overlays/deref.c +@@ -183,7 +183,8 @@ deref_parseCtrl ( + ber_len_t cnt = sizeof(struct berval); + ber_len_t off = 0; + +- if ( ber_scanf( ber, "{m{M}}", &derefAttr, &attributes, &cnt, off ) == LBER_ERROR ) ++ if ( ber_scanf( ber, "{m{M}}", &derefAttr, &attributes, &cnt, off ) == LBER_ERROR ++ || !cnt ) + { + rs->sr_text = "Dereference control: derefSpec decoding error"; + rs->sr_err = LDAP_PROTOCOL_ERROR; +-- +2.1.0 + diff --git a/openldap.spec b/openldap.spec index 3cb51d6..b0b5f09 100644 --- a/openldap.spec +++ b/openldap.spec @@ -5,7 +5,7 @@ Name: openldap Version: 2.4.40 -Release: 8%{?dist} +Release: 9%{?dist} Summary: LDAP support libraries Group: System Environment/Daemons License: OpenLDAP @@ -36,6 +36,8 @@ Patch19: openldap-switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.patch Patch20: openldap-ldapi-sasl.patch # TLSv1 support, already included upstream Patch21: openldap-support-tlsv1-and-later.patch +# CVE-2015-1545, already upstream +Patch22: openldap-require-non-empty-attributelist.patch # check-password module specific patches Patch90: check-password-makefile.patch @@ -121,6 +123,7 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi %patch19 -p1 %patch20 -p1 %patch21 -p1 +%patch22 -p1 # build smbk5pwd with other overlays ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays @@ -506,6 +509,9 @@ exit 0 %{_mandir}/man3/* %changelog +* Tue Feb 10 2015 Jan Synáček - 2.4.40-9 +- CVE-2015-1545: slapd crashes on search with deref control (#1190645) + * Tue Jan 27 2015 Jan Synáček - 2.4.40-8 - link against openssl by default - simplify package even more by removing certificate generation