openldap: fix CVE-2021-27212 (#670)

Co-authored-by: nicolasg@microsoft.com <nicolasg@microsoft.com>

SPECS/openldap/CVE-2021-27212.patch

@@ -0,0 +1,25 @@
+From 3539fc33212b528c56b716584f2c2994af7c30b0 Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Sat, 6 Feb 2021 20:52:06 +0000
+Subject: [PATCH] ITS#9454 fix issuerAndThisUpdateCheck
+
+---
+ servers/slapd/schema_init.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
+index 466899625..914df70eb 100644
+--- a/servers/slapd/schema_init.c
++++ b/servers/slapd/schema_init.c
+@@ -3975,6 +3975,8 @@ issuerAndThisUpdateCheck(
+ 					break;
+ 				}
+ 			}
++			if ( tu->bv_len < STRLENOF("YYYYmmddHHmmssZ") ) return LDAP_INVALID_SYNTAX;
++
+ 			x.bv_val += tu->bv_len + 1;
+ 			x.bv_len -= tu->bv_len + 1;
+ 
+-- 
+GitLab
+

SPECS/openldap/openldap.spec

@@ -2,7 +2,7 @@
 Summary:        OpenLDAP (Lightweight Directory Access Protocol)
 Name:           openldap
 Version:        2.4.57
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        OpenLDAP
 URL:            https://www.openldap.org/
 Group:          System Environment/Security
@@ -14,6 +14,7 @@ Source0:        https://gpl.savoirfairelinux.net/pub/mirrors/openldap/openldap-r
 Patch0:         openldap-2.4.40-gssapi-1.patch
 Patch1:         openldap-2.4.44-consolidated-2.patch
 Patch2:         CVE-2015-3276.patch
+Patch3:         CVE-2021-27212.patch
 Requires:       openssl >= 1.0.1, cyrus-sasl >= 2.1
 BuildRequires:  cyrus-sasl >= 2.1
 BuildRequires:  openssl-devel >= 1.0.1
@@ -76,6 +77,8 @@ rm -rf %{buildroot}/*
 /etc/openldap/*
 
 %changelog
+*   Thu Feb 25 2021 Nicolas Guibourge <nicolasg@microsoft.com> - 2.4.57-2
+-   Resolve CVE-2021-27212
 *   Fri Jan 29 2021 Henry Li <lihl@microsoft.com> - 2.4.57-1
 -   Upgrade to version 2.4.57
 -   Resolve CVE-2020-36221, CVE-2020-36222, CVE-2020-36223, CVE-2020-36224, CVE-2020-36225