Accepting request 844183 from home:firstyear:branches:network:ldap

- bsc#1175568 CVE-2020-8027 openldap_update_modules_path.sh has a number of issues in it's design that lead to security issues. This file has been removed, from the package, and the %post execution of the install. The function is replaced by /usr/sbin/slapd-ldif-update-crc and /usr/lib/openldap/fixup-modulepath, through the addition of the source files: * fixup-modulepath.sh * slapd-ldif-update-crc.sh * update-crc.sh OBS-URL: https://build.opensuse.org/request/show/844183 OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=278
2020-10-27 01:14:55 +00:00
parent fc56a37d6c
commit 617ae2b561
6 changed files with 166 additions and 156 deletions
--- a/slapd-ldif-update-crc.sh
+++ b/slapd-ldif-update-crc.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+# Script to fix the crc of openldap slapd.d ldifs.
+source /usr/lib/openldap/update-crc
+
+if [ -z ${1} ]; then
+    echo "Usage: ${0} /etc/openldap/slapd.d/<config ldif to update>"
+    exit 1
+fi
+
+if [ ! -f "${1}" ]; then
+    echo "File ${1} does not exist?"
+    echo "Usage: ${0} /etc/openldap/slapd.d/<config ldif to update>"
+    exit 1
+fi
+
+# Make sure slapd.service is not running.
+slapd_running=1
+
+# Don't check if no systemd, we could be in a container.
+if [ -f "/usr/bin/systemctl" ]; then
+    /usr/bin/systemctl is-active --quiet slapd.service
+    slapd_running=$?
+fi
+
+if [ $slapd_running -eq 0 ]; then
+    echo "Unable to update crc of '${1}' while slapd.service is running ..."
+    exit 1
+fi
+
+do_update_crc ${1}
+
+echo "Updated crc of ${1}"
+