!24 fix CVE-2020-25692

From: @angela7
Reviewed-by: @zengwefeng
Signed-off-by: @zengwefeng

CVE-2020-25692.patch

@@ -0,0 +1,29 @@
+From 4c774220a752bf8e3284984890dc0931fe73165d Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Mon, 19 Oct 2020 14:03:41 +0100
+Subject: [PATCH] ITS#9370 check for equality rule on old_rdn
+
+Just skip normalization if there's no equality rule. We accept
+DNs without equality rules already.
+
+Signed-off-by: guoxiaoqi <guoxiaoqi2@huawei.com>
+---
+ servers/slapd/modrdn.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/servers/slapd/modrdn.c b/servers/slapd/modrdn.c
+index c73dd8d..a229755 100644
+--- a/servers/slapd/modrdn.c
++++ b/servers/slapd/modrdn.c
+@@ -505,7 +505,7 @@ slap_modrdn2mods(
+ 			mod_tmp->sml_values = ( BerVarray )ch_malloc( 2 * sizeof( struct berval ) );
+ 			ber_dupbv( &mod_tmp->sml_values[0], &old_rdn[d_cnt]->la_value );
+ 			mod_tmp->sml_values[1].bv_val = NULL;
+-			if( desc->ad_type->sat_equality->smr_normalize) {
++			if( desc->ad_type->sat_equality && desc->ad_type->sat_equality->smr_normalize) {
+ 				mod_tmp->sml_nvalues = ( BerVarray )ch_malloc( 2 * sizeof( struct berval ) );
+ 				(void) (*desc->ad_type->sat_equality->smr_normalize)(
+ 					SLAP_MR_EQUALITY|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
+-- 
+1.8.3.1
+

openldap.spec

@@ -2,7 +2,7 @@
 
 Name:           openldap
 Version:        2.4.50
-Release:        3
+Release:        4
 Summary:        LDAP support libraries
 License:        OpenLDAP
 URL:            https://www.openldap.org/
@@ -43,6 +43,7 @@ Patch22:        bugfix-openldap-ITS9160-OOM-Handing.patch
 Patch23:        bugfix-openldap-fix-implicit-function-declaration.patch
 Patch24:        bugfix-openldap-ITS-8650-Fix-Debug-usage-to-follow-RE24-format.patch
 Patch25:        CVE-2020-15719.patch
+Patch26:	CVE-2020-25692.patch
 
 BuildRequires:  cyrus-sasl-devel openssl-devel krb5-devel unixODBC-devel
 BuildRequires:  glibc-devel libtool libtool-ltdl-devel groff perl-interpreter perl-devel perl-generators perl-ExtUtils-Embed
@@ -133,6 +134,7 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi
 %patch23 -p1
 %patch24 -p1
 %patch25 -p1
+%patch26 -p1
 
 ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays
 mv contrib/slapd-modules/smbk5pwd/README contrib/slapd-modules/smbk5pwd/README.smbk5pwd
@@ -415,6 +417,12 @@ popd
 %doc ltb-project-openldap-ppolicy-check-password-1.1/README.check_pwd
 
 %changelog
+* Mon Dec 14 2020 openEuler Buildteam <buildteam@openeuler.org> - 2.4.50-4
+- Type:cves
+- ID:CVE-2020-25692
+- SUG:restart
+- DESC:fix CVE-2020-25692
+
 * Wed Aug 05 2020 lunankun<lunankun@huawei.com> - 2.4.50-3
 - Type:cves
 - ID:CVE-2020-15719