Date: Saturday, September 12, 2015 @ 15:13:01 Author: seblu Revision: 245992
upgpkg: openldap 2.4.42-2 - security fix: FS#46265 Added: openldap/trunk/01-CVE-2015-6908.patch Modified: openldap/trunk/PKGBUILD ------------------------+ 01-CVE-2015-6908.patch | 25 +++++++++++++++++++++++++ PKGBUILD | 8 +++++--- 2 files changed, 30 insertions(+), 3 deletions(-) Added: 01-CVE-2015-6908.patch =================================================================== --- 01-CVE-2015-6908.patch (rev 0) +++ 01-CVE-2015-6908.patch 2015-09-12 13:13:01 UTC (rev 245992) @@ -0,0 +1,25 @@ +From 6fe51a9ab04fd28bbc171da3cf12f1c1040d6629 Mon Sep 17 00:00:00 2001 +From: Howard Chu <h...@openldap.org> +Date: Thu, 10 Sep 2015 00:37:32 +0100 +Subject: [PATCH] ITS#8240 remove obsolete assert + +--- + libraries/liblber/io.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libraries/liblber/io.c b/libraries/liblber/io.c +index 85c3e23..c05dcf8 100644 +--- a/libraries/liblber/io.c ++++ b/libraries/liblber/io.c +@@ -679,7 +679,7 @@ done: + return (ber->ber_tag); + } + +- assert( 0 ); /* ber structure is messed up ?*/ ++ /* invalid input */ + return LBER_DEFAULT; + } + +-- +1.7.10.4 + Modified: PKGBUILD =================================================================== --- PKGBUILD 2015-09-12 12:35:46 UTC (rev 245991) +++ PKGBUILD 2015-09-12 13:13:01 UTC (rev 245992) @@ -4,7 +4,7 @@ pkgbase=openldap pkgname=('openldap' 'libldap') pkgver=2.4.42 -pkgrel=1 +pkgrel=2 arch=('i686' 'x86_64') url="http://www.openldap.org/" license=('custom') @@ -11,12 +11,13 @@ makedepends=('libltdl' 'libsasl' 'e2fsprogs' 'util-linux' 'chrpath' 'unixodbc') options=('!makeflags' 'emptydirs') source=(ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${pkgbase}-${pkgver}.tgz - slapd.service openldap.tmpfiles openldap.sysusers openldap-ntlm.patch) + slapd.service openldap.tmpfiles openldap.sysusers openldap-ntlm.patch 01-CVE-2015-6908.patch) sha1sums=('ec03e061bfdb2e6a90827855cf77a72cb3f89cf4' '2441815efbfa01ad7a1d39068e5503b53d1d04b0' '1f68bd85fb50595c4e916db164d8e90e0c6e21ee' '2bf64351c32b0bf0a70663bd42de22910998b795' - 'e4afd9f1c810ef4c4cd8fe1101dfe5887f2b7eef') + 'e4afd9f1c810ef4c4cd8fe1101dfe5887f2b7eef' + '008cb2c9b66a7b031e23eee85a1954d57432e338') # see http://www.openldap.org/faq/data/cache/756.html # there's no proper backend support for anything apart from @@ -26,6 +27,7 @@ prepare() { cd ${pkgbase}-${pkgver} patch -p1 -i "${srcdir}"/openldap-ntlm.patch + patch -p1 -i "${srcdir}"/01-CVE-2015-6908.patch sed -i 's|-m 644 $(LIBRARY)|-m 755 $(LIBRARY)|' libraries/{liblber,libldap,libldap_r}/Makefile.in sed -i 's|#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "run" LDAP_DIRSEP "ldapi"|#define LDAPI_SOCK LDAP_DIRSEP "run" LDAP_DIRSEP "openldap" LDAP_DIRSEP "ldapi"|' include/ldap_defaults.h sed -i 's|%LOCALSTATEDIR%/run|/run/openldap|' servers/slapd/slapd.{conf,ldif}