[pkgsrc/trunk]: pkgsrc/databases Add a fix for CVE-2006-5779 as openldap/patc...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/databases Add a fix for CVE-2006-5779 as openldap/patc...
From: ghen <ghen%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 04:16:14 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/5ee397ce06a9
branches:  trunk
changeset: 521902:5ee397ce06a9
user:      ghen <ghen%pkgsrc.org@localhost>
date:      Mon Nov 27 12:44:36 2006 +0000

description:
Add a fix for CVE-2006-5779 as openldap/patches/patch-ap, from OpenLDAP CVS.
Bump PKGREVISION for openldap-client and openldap-server.

diffstat:

 databases/openldap-client/Makefile  |   3 ++-
 databases/openldap-server/Makefile  |   5 +++--
 databases/openldap/distinfo         |   3 ++-
 databases/openldap/patches/patch-ap |  34 ++++++++++++++++++++++++++++++++++
 4 files changed, 41 insertions(+), 4 deletions(-)

diffs (82 lines):

diff -r 5c82245b996d -r 5ee397ce06a9 databases/openldap-client/Makefile
--- a/databases/openldap-client/Makefile        Mon Nov 27 00:05:22 2006 +0000
+++ b/databases/openldap-client/Makefile        Mon Nov 27 12:44:36 2006 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.2 2006/06/02 22:02:33 joerg Exp $
+# $NetBSD: Makefile,v 1.3 2006/11/27 12:44:36 ghen Exp $
 
 PKGNAME=               ${DISTNAME:S/-/-client-/}
+PKGREVISION=           1
 COMMENT=               Lightweight Directory Access Protocol libraries and client programs
 
 CONFLICTS+=            openldap<2.3.23nb1
diff -r 5c82245b996d -r 5ee397ce06a9 databases/openldap-server/Makefile
--- a/databases/openldap-server/Makefile        Mon Nov 27 00:05:22 2006 +0000
+++ b/databases/openldap-server/Makefile        Mon Nov 27 12:44:36 2006 +0000
@@ -1,11 +1,12 @@
-# $NetBSD: Makefile,v 1.4 2006/08/25 07:02:28 ghen Exp $
+# $NetBSD: Makefile,v 1.5 2006/11/27 12:44:37 ghen Exp $
 
 PKGNAME=               ${DISTNAME:S/-/-server-/}
+PKGREVISION=           1
 COMMENT=               Lightweight Directory Access Protocol server suite
 
 CONFLICTS+=            openldap<2.3.23nb1
 
-DEPENDS+=              openldap-client>=2.3.23:../../databases/openldap-client
+DEPENDS+=              openldap-client>=2.3.27nb1:../../databases/openldap-client
 
 # slapd options
 CONFIGURE_ARGS+=       --enable-slapd
diff -r 5c82245b996d -r 5ee397ce06a9 databases/openldap/distinfo
--- a/databases/openldap/distinfo       Mon Nov 27 00:05:22 2006 +0000
+++ b/databases/openldap/distinfo       Mon Nov 27 12:44:36 2006 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.50 2006/08/25 07:02:28 ghen Exp $
+$NetBSD: distinfo,v 1.51 2006/11/27 12:44:36 ghen Exp $
 
 SHA1 (openldap-2.3.27.tgz) = c2b6ac3ec89d0f58d079592946d045dba45edafe
 RMD160 (openldap-2.3.27.tgz) = 8c25c39689daa515f14e88611490ae6d8df0911c
@@ -13,3 +13,4 @@
 SHA1 (patch-am) = 06c17b10bb8cc091461b82fca2b5d6032b613c78
 SHA1 (patch-an) = f98c6457474247c092dd0a062e86560cc894ec4e
 SHA1 (patch-ao) = 6276a1226689fc3be3ffacbcd8df2e4f3e51d1a0
+SHA1 (patch-ap) = 65173e053006d452eb9b60f51829f45bffe442ae
diff -r 5c82245b996d -r 5ee397ce06a9 databases/openldap/patches/patch-ap
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/databases/openldap/patches/patch-ap       Mon Nov 27 12:44:36 2006 +0000
@@ -0,0 +1,34 @@
+$NetBSD: patch-ap,v 1.1 2006/11/27 12:44:36 ghen Exp $
+
+Fix for CVE-2006-5779, from OpenLDAP CVS.  Versions >= 2.3.29 will have it.
+
+--- libraries/libldap/getdn.c.orig     2006-01-16 20:06:12.000000000 +0100
++++ libraries/libldap/getdn.c
+@@ -2025,7 +2025,7 @@ static int
+ strval2strlen( struct berval *val, unsigned flags, ber_len_t *len )
+ {
+       ber_len_t       l, cl = 1;
+-      char            *p;
++      char            *p, *end;
+       int             escaped_byte_len = LDAP_DN_IS_PRETTY( flags ) ? 1 : 3;
+ #ifdef PRETTY_ESCAPE
+       int             escaped_ascii_len = LDAP_DN_IS_PRETTY( flags ) ? 2 : 3;
+@@ -2039,7 +2039,8 @@ strval2strlen( struct berval *val, unsig
+               return( 0 );
+       }
+ 
+-      for ( l = 0, p = val->bv_val; p < val->bv_val + val->bv_len; p += cl ) {
++      end = val->bv_val + val->bv_len - 1;
++      for ( l = 0, p = val->bv_val; p <= end; p += cl ) {
+ 
+               /* 
+                * escape '%x00' 
+@@ -2068,7 +2069,7 @@ strval2strlen( struct berval *val, unsig
+               } else if ( LDAP_DN_NEEDESCAPE( p[ 0 ] )
+                               || LDAP_DN_SHOULDESCAPE( p[ 0 ] )
+                               || ( p == val->bv_val && LDAP_DN_NEEDESCAPE_LEAD( p[ 0 ] ) )
+-                              || ( !p[ 1 ] && LDAP_DN_NEEDESCAPE_TRAIL( p[ 0 ] ) ) ) {
++                              || ( p == end && LDAP_DN_NEEDESCAPE_TRAIL( p[ 0 ] ) ) ) {
+ #ifdef PRETTY_ESCAPE
+ #if 0
+                       if ( LDAP_DN_WILLESCAPE_HEX( flags, p[ 0 ] ) ) {

Prev by Date: [pkgsrc/trunk]: pkgsrc/doc scmgit updated to 1.4.4.1.
Next by Date: [pkgsrc/trunk]: pkgsrc/print/acroread Add SunOS-x86_64 support.
Previous by Thread: [pkgsrc/trunk]: pkgsrc/doc scmgit updated to 1.4.4.1.
Next by Thread: [pkgsrc/trunk]: pkgsrc/print/acroread Add SunOS-x86_64 support.
Indexes:

Home | Main Index | Thread Index | Old Index