- Fix CVE-2017-17740: when both the nops module and the memberof

overlay are enabled, attempts to free a buffer that was allocated on the stack * patch: 0017-Fix-segfault-in-nops.patch (bsc#1073313) OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=233
2018-11-21 15:17:38 +00:00
parent 7fcf270ced
commit e604505058
3 changed files with 46 additions and 0 deletions
--- a/openldap2.spec
+++ b/openldap2.spec
@@ -69,6 +69,7 @@ Patch12:        0012-ITS8051-sockdnpat.patch
 Patch14:        0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch
 Patch15:        openldap-r-only.dif
 Patch16:        0016-Clear-shared-key-only-in-close-function.patch
+Patch17:        0017-Fix-segfault-in-nops.patch
 Source200:      %{name_ppolicy_check_module}-%{version_ppolicy_check_module}.tar.gz
 Source201:      %{name_ppolicy_check_module}.Makefile
 Source202:      %{name_ppolicy_check_module}.conf
@@ -268,6 +269,7 @@ gzip -k %{S:203}
 %patch14 -p1
 %patch15 -p1
 %patch16 -p1
+%patch17 -p1
 cp %{SOURCE5} .

 # Move ppolicy check module and its Makefile into openldap-2.4/contrib/slapd-modules/