pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/databases
Module Name: pkgsrc
Committed By: he
Date: Tue Dec 13 10:38:06 UTC 2016
Modified Files:
pkgsrc/databases/openldap: Makefile distinfo
pkgsrc/databases/openldap-client: Makefile
pkgsrc/databases/openldap-server: Makefile
Added Files:
pkgsrc/databases/openldap/patches: patch-libraries_libldap_tls__m.c
Log Message:
Apply fix from https://bugzilla.redhat.com/show_bug.cgi?id=1238322
Incorrect multi-keyword mode cipherstring parsing.
Fixes CVE-2015-3276.
Submitted upstream as ITS#8543, it apparently wasn't already(!)
http://www.openldap.org/its/index.cgi/Incoming?id=8543
Bump PKGREVISION for both openldap, openldap-server and openldap-client
(to be on the safe side...)
To generate a diff of this commit:
cvs rdiff -u -r1.145 -r1.146 pkgsrc/databases/openldap/Makefile
cvs rdiff -u -r1.107 -r1.108 pkgsrc/databases/openldap/distinfo
cvs rdiff -u -r1.24 -r1.25 pkgsrc/databases/openldap-client/Makefile
cvs rdiff -u -r1.49 -r1.50 pkgsrc/databases/openldap-server/Makefile
cvs rdiff -u -r0 -r1.1 \
pkgsrc/databases/openldap/patches/patch-libraries_libldap_tls__m.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/databases/openldap/Makefile
diff -u pkgsrc/databases/openldap/Makefile:1.145 pkgsrc/databases/openldap/Makefile:1.146
--- pkgsrc/databases/openldap/Makefile:1.145 Sat Mar 5 11:28:12 2016
+++ pkgsrc/databases/openldap/Makefile Tue Dec 13 10:38:06 2016
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.145 2016/03/05 11:28:12 jperkin Exp $
+# $NetBSD: Makefile,v 1.146 2016/12/13 10:38:06 he Exp $
-PKGREVISION= 1
+PKGREVISION= 2
.include "../../databases/openldap/Makefile.version"
DISTNAME= openldap-${OPENLDAP_VERSION}
Index: pkgsrc/databases/openldap/distinfo
diff -u pkgsrc/databases/openldap/distinfo:1.107 pkgsrc/databases/openldap/distinfo:1.108
--- pkgsrc/databases/openldap/distinfo:1.107 Sun Oct 30 05:04:09 2016
+++ pkgsrc/databases/openldap/distinfo Tue Dec 13 10:38:06 2016
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.107 2016/10/30 05:04:09 manu Exp $
+$NetBSD: distinfo,v 1.108 2016/12/13 10:38:06 he Exp $
SHA1 (openldap-2.4.44.tgz) = 016a738d050a68d388602a74b5e991035cdba149
RMD160 (openldap-2.4.44.tgz) = 6ea3139f630e93c6e0af60638672d88d6c535a6a
@@ -22,4 +22,5 @@ SHA1 (patch-dd) = 9c74118ff0b2232bda729c
SHA1 (patch-its7506) = a50f9428d6d7dd28f71d21e11ae3f8b0f1372f75
SHA1 (patch-its7595) = 9ea396adb7f2fd572d60190534caa80a01ef79d2
SHA1 (patch-libraries_libldap_os-local.c) = 7cd4f8638456fae12499de0d36d7802e47d3d688
+SHA1 (patch-libraries_libldap_tls__m.c) = 91dab1dcfa6560c30093094586ea9eabf2e977b8
SHA1 (patch-libraries_liblmdb_mdb.c) = 590a059d784687f678ac44a577770551b11a2be5
Index: pkgsrc/databases/openldap-client/Makefile
diff -u pkgsrc/databases/openldap-client/Makefile:1.24 pkgsrc/databases/openldap-client/Makefile:1.25
--- pkgsrc/databases/openldap-client/Makefile:1.24 Fri Jun 17 14:01:58 2016
+++ pkgsrc/databases/openldap-client/Makefile Tue Dec 13 10:38:06 2016
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.24 2016/06/17 14:01:58 jperkin Exp $
+# $NetBSD: Makefile,v 1.25 2016/12/13 10:38:06 he Exp $
PKGNAME= ${DISTNAME:S/-/-client-/}
-PKGREVISION= 2
+PKGREVISION= 3
COMMENT= Lightweight Directory Access Protocol libraries and client programs
CONFLICTS+= openldap<2.3.23nb1
Index: pkgsrc/databases/openldap-server/Makefile
diff -u pkgsrc/databases/openldap-server/Makefile:1.49 pkgsrc/databases/openldap-server/Makefile:1.50
--- pkgsrc/databases/openldap-server/Makefile:1.49 Sat Jul 2 21:03:08 2016
+++ pkgsrc/databases/openldap-server/Makefile Tue Dec 13 10:38:06 2016
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.49 2016/07/02 21:03:08 jperkin Exp $
+# $NetBSD: Makefile,v 1.50 2016/12/13 10:38:06 he Exp $
PKGNAME= ${DISTNAME:S/-/-server-/}
-PKGREVISION= 3
+PKGREVISION= 4
COMMENT= Lightweight Directory Access Protocol server suite
CONFLICTS+= openldap<2.3.23nb1
Added files:
Index: pkgsrc/databases/openldap/patches/patch-libraries_libldap_tls__m.c
diff -u /dev/null pkgsrc/databases/openldap/patches/patch-libraries_libldap_tls__m.c:1.1
--- /dev/null Tue Dec 13 10:38:06 2016
+++ pkgsrc/databases/openldap/patches/patch-libraries_libldap_tls__m.c Tue Dec 13 10:38:06 2016
@@ -0,0 +1,44 @@
+$NetBSD: patch-libraries_libldap_tls__m.c,v 1.1 2016/12/13 10:38:06 he Exp $
+
+Incorrect multi-keyword mode cipherstring parsing.
+Lifted from https://bugzilla.redhat.com/show_bug.cgi?id=1238322
+Fixes CVE-2015-3276.
+Submitted upstream as ITS#8543
+http://www.openldap.org/its/index.cgi/Incoming?id=8543
+
+--- libraries/libldap/tls_m.c.orig 2016-02-05 23:57:45.000000000 +0000
++++ libraries/libldap/tls_m.c
+@@ -621,17 +621,23 @@ nss_parse_ciphers(const char *cipherstr,
+ */
+ if (mask || strength || protocol) {
+ for (i=0; i<ciphernum; i++) {
+- if (((ciphers_def[i].attr & mask) ||
+- (ciphers_def[i].strength & strength) ||
+- (ciphers_def[i].version & protocol)) &&
+- (cipher_list[i] != -1)) {
+- /* Enable the NULL ciphers only if explicity
+- * requested */
+- if (ciphers_def[i].attr & SSL_eNULL) {
+- if (mask & SSL_eNULL)
+- cipher_list[i] = action;
+- } else
++ /* if more than one mask is provided
++ * then AND logic applies (to match openssl)
++ */
++ if ( cipher_list[i] == -1) )
++ continue;
++ if ( mask && ! (ciphers_def[i].attr & mask) )
++ continue;
++ if ( strength && ! (ciphers_def[i].strength & strength) )
++ continue;
++ if ( protocol && ! (ciphers_def[i].version & protocol) )
++ continue;
++ /* Enable the NULL ciphers only if explicity requested */
++ if (ciphers_def[i].attr & SSL_eNULL) {
++ if (mask & SSL_eNULL)
+ cipher_list[i] = action;
++ } else
++ cipher_list[i] = action;
+ }
+ }
+ } else {
Home |
Main Index |
Thread Index |
Old Index