buildroot/package/openldap/0002-fix-bignum.patch
Francois Perrad 8e17ab8866 package/openldap: security bump to version 2.4.56
Fixes the following security issue:

- CVE-2020-25692: A NULL pointer dereference was found in OpenLDAP server
  and was fixed in openldap 2.4.55, during a request for renaming RDNs.  An
  unauthenticated attacker could remotely crash the slapd process by sending
  a specially crafted request, causing a Denial of Service.

- CVE-2020-25709: Assertion failure in CSN normalization with invalid input

- CVE-2020-25710: Assertion failure in CSN normalization with invalid input

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[Peter: add CVE info]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 09a565d940)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-24 12:48:45 +01:00

39 lines
1.6 KiB
Diff

configure: correctly detect bignum
Building with bignum is currently not possible, since we're checking
ol_with_tls against a value it is never assigned in any case.
Since bignum is from openssl, and openssl is the preferred TLS
implementation, if the bignum headers are found, it means we do have
TLS and it is opensl.
So, keep the check for the bignum header, but check against ol_link_tls
which means that openssl is enabled when we find the bignum headers.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
diff -durN openldap-2.4.40.orig/configure openldap-2.4.40/configure
--- openldap-2.4.40.orig/configure 2014-09-19 03:48:49.000000000 +0200
+++ openldap-2.4.40/configure 2015-01-25 18:44:54.216879362 +0100
@@ -23431,7 +23431,7 @@
if test "$ac_cv_header_openssl_bn_h" = "yes" &&
test "$ac_cv_header_openssl_crypto_h" = "yes" &&
- test "$ol_with_tls" = "found" ; then
+ test "$ol_link_tls" = "yes" ; then
ol_with_mp=bignum
$as_echo "#define USE_MP_BIGNUM 1" >>confdefs.h
diff -durN openldap-2.4.40.orig/configure.in openldap-2.4.40/configure.in
--- openldap-2.4.40.orig/configure.in 2014-09-19 03:48:49.000000000 +0200
+++ openldap-2.4.40/configure.in 2015-01-25 18:44:37.628676446 +0100
@@ -2383,7 +2383,7 @@
AC_CHECK_HEADERS(openssl/crypto.h)
if test "$ac_cv_header_openssl_bn_h" = "yes" &&
test "$ac_cv_header_openssl_crypto_h" = "yes" &&
- test "$ol_with_tls" = "found" ; then
+ test "$ol_link_tls" = "yes" ; then
ol_with_mp=bignum
AC_DEFINE(USE_MP_BIGNUM,1,[define to use OpenSSL BIGNUM for MP])
elif test $ol_with_mp = bignum ; then