openldap: update to 2.4.45

Fix CVE-2017-9287.
2017-06-03 19:20:48 +02:00 · 2017-06-03 19:20:48 +02:00 · c339e955cf
commit c339e955cf
parent 0dc814df16
2 changed files with 105 additions and 6 deletions
--- a/srcpkgs/openldap/patches/libressl.patch
+++ b/srcpkgs/openldap/patches/libressl.patch
@ -1,6 +1,105 @@
--- libraries/libldap/tls_o.c.orig	2014-07-15 18:08:35.841431410 +0200
-+++ libraries/libldap/tls_o.c	2014-07-15 18:09:10.681720371 +0200
-@@ -1128,10 +1128,11 @@ tlso_seed_PRNG( const char *randfile )
+--- libraries/libldap/tls_o.c.orig
+++ libraries/libldap/tls_o.c
+@@ -47,7 +47,7 @@
+ #include <ssl.h>
+ #endif
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000
+#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000
+ #define ASN1_STRING_data(x)	ASN1_STRING_get0_data(x)
+ #endif
+ 
+@@ -62,7 +62,7 @@ static void tlso_info_cb( const SSL *ssl, int where, i
+ static int tlso_verify_cb( int ok, X509_STORE_CTX *ctx );
+ static int tlso_verify_ok( int ok, X509_STORE_CTX *ctx );
+ static int tlso_seed_PRNG( const char *randfile );
+-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000
+ /*
+  * OpenSSL 1.1 API and later has new locking code
+ */
+@@ -157,7 +157,7 @@ tlso_init( void )
+ 	(void) tlso_seed_PRNG( lo->ldo_tls_randfile );
+ #endif
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000
+ 	SSL_load_error_strings();
+ 	SSL_library_init();
+ 	OpenSSL_add_all_digests();
+@@ -179,7 +179,7 @@ tlso_destroy( void )
+ {
+ 	struct ldapoptions *lo = LDAP_INT_GLOBAL_OPT();   
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000
+ 	EVP_cleanup();
+ #if OPENSSL_VERSION_NUMBER < 0x10000000
+ 	ERR_remove_state(0);
+@@ -205,7 +205,7 @@ static void
+ tlso_ctx_ref( tls_ctx *ctx )
+ {
+ 	tlso_ctx *c = (tlso_ctx *)ctx;
+-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000
+ #define	SSL_CTX_up_ref(ctx)	CRYPTO_add( &(ctx->references), 1, CRYPTO_LOCK_SSL_CTX )
+ #endif
+ 	SSL_CTX_up_ref( c );
+@@ -367,7 +367,7 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls 
+ 	SSL_CTX_set_verify( ctx, i,
+ 		lo->ldo_tls_require_cert == LDAP_OPT_X_TLS_ALLOW ?
+ 		tlso_verify_ok : tlso_verify_cb );
+-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000
+ 	SSL_CTX_set_tmp_rsa_callback( ctx, tlso_tmp_rsa_cb );
+ #endif
+ #ifdef HAVE_OPENSSL_CRL
+@@ -464,7 +464,7 @@ tlso_session_my_dn( tls_session *sess, struct berval *
+ 	if (!x) return LDAP_INVALID_CREDENTIALS;
+ 	
+ 	xn = X509_get_subject_name(x);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000
+ 	der_dn->bv_len = i2d_X509_NAME( xn, NULL );
+ 	der_dn->bv_val = xn->bytes->data;
+ #else
+@@ -500,7 +500,7 @@ tlso_session_peer_dn( tls_session *sess, struct berval
+ 		return LDAP_INVALID_CREDENTIALS;
+ 
+ 	xn = X509_get_subject_name(x);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000
+ 	der_dn->bv_len = i2d_X509_NAME( xn, NULL );
+ 	der_dn->bv_val = xn->bytes->data;
+ #else
+@@ -721,7 +721,7 @@ struct tls_data {
+ 	Sockbuf_IO_Desc		*sbiod;
+ };
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000
+ #define BIO_set_init(b, x)	b->init = x
+ #define BIO_set_data(b, x)	b->ptr = x
+ #define BIO_clear_flags(b, x)	b->flags &= ~(x)
+@@ -822,7 +822,7 @@ tlso_bio_puts( BIO *b, const char *str )
+ 	return tlso_bio_write( b, str, strlen( str ) );
+ }
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000
+#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000
+ struct bio_method_st {
+     int type;
+     const char *name;
+@@ -1138,7 +1138,7 @@ tlso_report_error( void )
+ 	}
+ }
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000
+ static RSA *
+ tlso_tmp_rsa_cb( SSL *ssl, int is_export, int key_length )
+ {
+@@ -1186,10 +1186,11 @@
 		 * The fact is that when $HOME is NULL, .rnd is used.
 		 */
 		randfile = RAND_file_name( buffer, sizeof( buffer ) );
--- a/srcpkgs/openldap/template
+++ b/srcpkgs/openldap/template
@ -1,7 +1,7 @@
 # Template file for 'libldap'
 pkgname=openldap
-version=2.4.44
-revision=5
+version=2.4.45
+revision=1
 build_style=gnu-configure
 configure_args="--prefix=/usr
 --libexecdir=/usr/libexec
@ -21,7 +21,7 @@ license="OpenLDAP License v2.8 - BSD alike"
 maintainer="Juan RP <xtraeme@voidlinux.eu>"
 homepage="http://www.openldap.org"
 distfiles="ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-$version.tgz"
-checksum=d7de6bf3c67009c95525dde3a0212cc110d0a70b92af2af8e3ee800e81b88400
+checksum=cdd6cffdebcd95161a73305ec13fc7a78e9707b46ca9f84fb897cd5626df3824

 system_accounts="ldap"
 ldap_homedir="/var/lib/openldap"