unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
From: Leo Famulari <leo@famulari.name>
To: Mark H Weaver <mhw@netris.org>
Cc: guix-devel@gnu.org
Subject: Re: [PATCH 0/1] Update OpenLDAP, fixing CVE-2015-6908
Date: Sat, 23 Apr 2016 21:40:13 -0400	[thread overview]
Message-ID: <20160424014013.GA2732@jasmine> (raw)
In-Reply-To: <87y485f1gr.fsf@netris.org>

[-- Attachment #1: Type: text/plain, Size: 489 bytes --]

On Fri, Apr 22, 2016 at 11:28:20PM -0400, Mark H Weaver wrote:
> Leo Famulari <leo@famulari.name> writes:
> > There is a remote denial of service bug in OpenLDAP in version 2.4.42
> > and earlier [0].
> 
> I think we'll need to graft this.  Would you like to try grafting it on
> your own system, see if anything obvious breaks, and then report back?

My last patch was, to be nice, incomplete. Here is an updated version.

I've tried to replicate the examples in caeadfddb and d8173f21f.

[-- Attachment #2: 0001-gnu-openldap-Update-to-2.4.44-fixes-CVE-2015-6908.patch --]
[-- Type: text/x-diff, Size: 2008 bytes --]

From 267f0cf5e5f062484780b8e0c9d246a56b9a3a35 Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Thu, 21 Apr 2016 12:49:48 -0400
Subject: [PATCH] gnu: openldap: Update to 2.4.44 [fixes CVE-2015-6908].

* gnu/packages/openldap.scm (openldap)[replacement]: New field.
(openldap-fixed): New variable.
---
 gnu/packages/openldap.scm | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/gnu/packages/openldap.scm b/gnu/packages/openldap.scm
index d416a43..429078f 100644
--- a/gnu/packages/openldap.scm
+++ b/gnu/packages/openldap.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
+;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -33,6 +34,7 @@
 
 (define-public openldap
   (package
+   (replacement openldap-2.4.44)
    (name "openldap")
    (version "2.4.42")
    (source (origin
@@ -76,3 +78,24 @@
     "OpenLDAP is a free implementation of the Lightweight Directory Access Protocol.")
    (license openldap2.8)
    (home-page "http://www.openldap.org/")))
+
+(define openldap-2.4.44
+  (package
+    (inherit openldap)
+    (replacement #f)
+    (source
+      (let ((version "2.4.44"))
+        (origin
+          (method url-fetch)
+          (uri (list (string-append
+                      "ftp://mirror.switch.ch/mirror/OpenLDAP/"
+                      "openldap-release/openldap-" version ".tgz")
+                     (string-append
+                      "ftp://ftp.OpenLDAP.org/pub/OpenLDAP/"
+                      "openldap-release/openldap-" version ".tgz")
+                     (string-append
+                      "ftp://ftp.dti.ad.jp/pub/net/OpenLDAP/"
+                      "openldap-release/openldap-" version ".tgz")))
+          (sha256
+           (base32
+            "0044p20hx07fwgw2mbwj1fkx04615hhs1qyx4mawj2bhqvrnppnp")))))))
-- 
2.7.4


  parent reply	other threads:[~2016-04-24  1:40 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-04-21 18:57 [PATCH 0/1] Update OpenLDAP, fixing CVE-2015-6908 Leo Famulari
2016-04-21 18:57 ` [PATCH 1/1] gnu: openldap: Update to 2.4.44 [fixes CVE-2015-6908] Leo Famulari
2016-04-23  3:28 ` [PATCH 0/1] Update OpenLDAP, fixing CVE-2015-6908 Mark H Weaver
2016-04-24  0:58   ` Leo Famulari
2016-04-24  1:40   ` Leo Famulari [this message]
2016-04-24 19:04 ` Leo Famulari

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160424014013.GA2732@jasmine \
    --to=leo@famulari.name \
    --cc=guix-devel@gnu.org \
    --cc=mhw@netris.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).