* bug#27220: OpenLDAP changes for core-updates @ 2017-06-03 21:28 Leo Famulari 2017-06-03 21:30 ` bug#27220: [PATCH 1/3] gnu: openldap: Update to 2.4.45 Leo Famulari 0 siblings, 1 reply; 10+ messages in thread From: Leo Famulari @ 2017-06-03 21:28 UTC (permalink / raw) To: 27220 [-- Attachment #1: Type: text/plain, Size: 286 bytes --] These patches remove the OpenLDAP graft, update it to the latest version, and adjust some of libldap's libtool .la files to avoid needing to propagate cyrus-sasl. That fixes this issue I found while testing the latest version of ncmpcpp: https://github.com/arybczak/ncmpcpp/issues/217 [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 10+ messages in thread
* bug#27220: [PATCH 1/3] gnu: openldap: Update to 2.4.45. 2017-06-03 21:28 bug#27220: OpenLDAP changes for core-updates Leo Famulari @ 2017-06-03 21:30 ` Leo Famulari 2017-06-03 21:30 ` bug#27220: [PATCH 2/3] gnu: openldap: Use modify-phases Leo Famulari ` (2 more replies) 0 siblings, 3 replies; 10+ messages in thread From: Leo Famulari @ 2017-06-03 21:30 UTC (permalink / raw) To: 27220 * gnu/packages/openldap.scm (openldap): Update to 2.4.45. [replacement]: Remove field. [home-page], [source]: Use HTTPS URLs for home-page and the USA mirror. (openldap/fixed): Remove variable. * gnu/packages/patches/openldap-CVE-2017-9287.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/openldap.scm | 17 +++-------- gnu/packages/patches/openldap-CVE-2017-9287.patch | 37 ----------------------- 3 files changed, 4 insertions(+), 51 deletions(-) delete mode 100644 gnu/packages/patches/openldap-CVE-2017-9287.patch diff --git a/gnu/local.mk b/gnu/local.mk index 8b73f7e64..060079352 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -842,7 +842,6 @@ dist_patch_DATA = \ %D%/packages/patches/openexr-missing-samples.patch \ %D%/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch \ %D%/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch \ - %D%/packages/patches/openldap-CVE-2017-9287.patch \ %D%/packages/patches/openocd-nrf52.patch \ %D%/packages/patches/openssl-runpath.patch \ %D%/packages/patches/openssl-1.1.0-c-rehash-in.patch \ diff --git a/gnu/packages/openldap.scm b/gnu/packages/openldap.scm index 24bf603c4..a146ef378 100644 --- a/gnu/packages/openldap.scm +++ b/gnu/packages/openldap.scm @@ -40,8 +40,7 @@ (define-public openldap (package (name "openldap") - (replacement openldap/fixed) - (version "2.4.44") + (version "2.4.45") (source (origin (method url-fetch) @@ -51,14 +50,14 @@ "ftp://mirror.switch.ch/mirror/OpenLDAP/" "openldap-release/openldap-" version ".tgz") (string-append - "ftp://ftp.OpenLDAP.org/pub/OpenLDAP/" + "https://www.openldap.org/software/download/OpenLDAP/" "openldap-release/openldap-" version ".tgz") (string-append "ftp://ftp.dti.ad.jp/pub/net/OpenLDAP/" "openldap-release/openldap-" version ".tgz"))) (sha256 (base32 - "0044p20hx07fwgw2mbwj1fkx04615hhs1qyx4mawj2bhqvrnppnp")))) + "091qvwk5dkcpp17ziabcnh3rg3m7qwzw2pihfcd1d5fdxgywzmnd")))) (build-system gnu-build-system) (inputs `(("bdb" ,bdb-5.3) ("cyrus-sasl" ,cyrus-sasl) @@ -79,15 +78,7 @@ (description "OpenLDAP is a free implementation of the Lightweight Directory Access Protocol.") (license openldap2.8) - (home-page "http://www.openldap.org/"))) - -(define openldap/fixed - (package - (inherit openldap) - (source - (origin - (inherit (package-source openldap)) - (patches (search-patches "openldap-CVE-2017-9287.patch")))))) + (home-page "https://www.openldap.org/"))) (define-public nss-pam-ldapd (package diff --git a/gnu/packages/patches/openldap-CVE-2017-9287.patch b/gnu/packages/patches/openldap-CVE-2017-9287.patch deleted file mode 100644 index 5ca2a60c6..000000000 --- a/gnu/packages/patches/openldap-CVE-2017-9287.patch +++ /dev/null @@ -1,37 +0,0 @@ -Fix CVE-2017-9287: - -https://www.openldap.org/its/?findid=8655 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9287 - -Patch copied from upstream source repository: - -https://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=0cee1ffb6021b1aae3fcc9581699da1c85a6dd6e - -From 0cee1ffb6021b1aae3fcc9581699da1c85a6dd6e Mon Sep 17 00:00:00 2001 -From: Ryan Tandy <ryan@nardis.ca> -Date: Wed, 17 May 2017 20:07:39 -0700 -Subject: [PATCH] ITS#8655 fix double free on paged search with pagesize 0 - -Fixes a double free when a search includes the Paged Results control -with a page size of 0 and the search base matches the filter. ---- - servers/slapd/back-mdb/search.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/servers/slapd/back-mdb/search.c b/servers/slapd/back-mdb/search.c -index 301d1a498c..43442aa242 100644 ---- a/servers/slapd/back-mdb/search.c -+++ b/servers/slapd/back-mdb/search.c -@@ -1066,7 +1066,8 @@ notfound: - /* check size limit */ - if ( get_pagedresults(op) > SLAP_CONTROL_IGNORED ) { - if ( rs->sr_nentries >= ((PagedResultsState *)op->o_pagedresults_state)->ps_size ) { -- mdb_entry_return( op, e ); -+ if (e != base) -+ mdb_entry_return( op, e ); - e = NULL; - send_paged_response( op, rs, &lastid, tentries ); - goto done; --- -2.13.0 - -- 2.13.0 ^ permalink raw reply related [flat|nested] 10+ messages in thread
* bug#27220: [PATCH 2/3] gnu: openldap: Use modify-phases. 2017-06-03 21:30 ` bug#27220: [PATCH 1/3] gnu: openldap: Update to 2.4.45 Leo Famulari @ 2017-06-03 21:30 ` Leo Famulari 2017-06-04 13:33 ` Marius Bakke 2017-06-03 21:30 ` bug#27220: [PATCH 3/3] gnu: openldap: Provide path to cyrus-sasl for libtool Leo Famulari 2017-06-04 13:33 ` bug#27220: [PATCH 1/3] gnu: openldap: Update to 2.4.45 Marius Bakke 2 siblings, 1 reply; 10+ messages in thread From: Leo Famulari @ 2017-06-03 21:30 UTC (permalink / raw) To: 27220 * gnu/packages/openldap.scm (openldap)[arguments]: Use modify-phases syntax. --- gnu/packages/openldap.scm | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/gnu/packages/openldap.scm b/gnu/packages/openldap.scm index a146ef378..3fd19632b 100644 --- a/gnu/packages/openldap.scm +++ b/gnu/packages/openldap.scm @@ -70,10 +70,9 @@ (arguments `(#:tests? #f #:phases - (alist-cons-after - 'configure 'provide-libtool - (lambda _ (copy-file (which "libtool") "libtool")) - %standard-phases))) + (modify-phases %standard-phases + (add-after 'configure 'provide-libtool + (lambda _ (copy-file (which "libtool") "libtool")))))) (synopsis "Implementation of the Lightweight Directory Access Protocol") (description "OpenLDAP is a free implementation of the Lightweight Directory Access Protocol.") -- 2.13.0 ^ permalink raw reply related [flat|nested] 10+ messages in thread
* bug#27220: [PATCH 2/3] gnu: openldap: Use modify-phases. 2017-06-03 21:30 ` bug#27220: [PATCH 2/3] gnu: openldap: Use modify-phases Leo Famulari @ 2017-06-04 13:33 ` Marius Bakke 2017-06-04 16:39 ` Leo Famulari 0 siblings, 1 reply; 10+ messages in thread From: Marius Bakke @ 2017-06-04 13:33 UTC (permalink / raw) To: Leo Famulari, 27220 [-- Attachment #1: Type: text/plain, Size: 837 bytes --] Leo Famulari <leo@famulari.name> writes: > * gnu/packages/openldap.scm (openldap)[arguments]: Use modify-phases syntax. > --- > gnu/packages/openldap.scm | 7 +++---- > 1 file changed, 3 insertions(+), 4 deletions(-) > > diff --git a/gnu/packages/openldap.scm b/gnu/packages/openldap.scm > index a146ef378..3fd19632b 100644 > --- a/gnu/packages/openldap.scm > +++ b/gnu/packages/openldap.scm > @@ -70,10 +70,9 @@ > (arguments > `(#:tests? #f > #:phases > - (alist-cons-after > - 'configure 'provide-libtool > - (lambda _ (copy-file (which "libtool") "libtool")) > - %standard-phases))) > + (modify-phases %standard-phases > + (add-after 'configure 'provide-libtool > + (lambda _ (copy-file (which "libtool") "libtool")))))) Add a #t at the end of this phase while at it. [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 487 bytes --] ^ permalink raw reply [flat|nested] 10+ messages in thread
* bug#27220: [PATCH 2/3] gnu: openldap: Use modify-phases. 2017-06-04 13:33 ` Marius Bakke @ 2017-06-04 16:39 ` Leo Famulari 0 siblings, 0 replies; 10+ messages in thread From: Leo Famulari @ 2017-06-04 16:39 UTC (permalink / raw) To: Marius Bakke; +Cc: 27220 [-- Attachment #1: Type: text/plain, Size: 1125 bytes --] On Sun, Jun 04, 2017 at 03:33:51PM +0200, Marius Bakke wrote: > Leo Famulari <leo@famulari.name> writes: > > > * gnu/packages/openldap.scm (openldap)[arguments]: Use modify-phases syntax. > > --- > > gnu/packages/openldap.scm | 7 +++---- > > 1 file changed, 3 insertions(+), 4 deletions(-) > > > > diff --git a/gnu/packages/openldap.scm b/gnu/packages/openldap.scm > > index a146ef378..3fd19632b 100644 > > --- a/gnu/packages/openldap.scm > > +++ b/gnu/packages/openldap.scm > > @@ -70,10 +70,9 @@ > > (arguments > > `(#:tests? #f > > #:phases > > - (alist-cons-after > > - 'configure 'provide-libtool > > - (lambda _ (copy-file (which "libtool") "libtool")) > > - %standard-phases))) > > + (modify-phases %standard-phases > > + (add-after 'configure 'provide-libtool > > + (lambda _ (copy-file (which "libtool") "libtool")))))) > > Add a #t at the end of this phase while at it. Okay, will do. Looking at this phase more closely, I wonder if it's doing the right thing. Copying libtool into the build tree? That's unusual... [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 10+ messages in thread
* bug#27220: [PATCH 3/3] gnu: openldap: Provide path to cyrus-sasl for libtool. 2017-06-03 21:30 ` bug#27220: [PATCH 1/3] gnu: openldap: Update to 2.4.45 Leo Famulari 2017-06-03 21:30 ` bug#27220: [PATCH 2/3] gnu: openldap: Use modify-phases Leo Famulari @ 2017-06-03 21:30 ` Leo Famulari 2017-06-04 13:38 ` Marius Bakke 2017-06-04 13:33 ` bug#27220: [PATCH 1/3] gnu: openldap: Update to 2.4.45 Marius Bakke 2 siblings, 1 reply; 10+ messages in thread From: Leo Famulari @ 2017-06-03 21:30 UTC (permalink / raw) To: 27220 * gnu/packages/openldap.scm (openldap)[arguments]: Add 'patch-sasl-path' phase.. --- gnu/packages/openldap.scm | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/gnu/packages/openldap.scm b/gnu/packages/openldap.scm index 3fd19632b..9a68d553b 100644 --- a/gnu/packages/openldap.scm +++ b/gnu/packages/openldap.scm @@ -72,7 +72,17 @@ #:phases (modify-phases %standard-phases (add-after 'configure 'provide-libtool - (lambda _ (copy-file (which "libtool") "libtool")))))) + (lambda _ (copy-file (which "libtool") "libtool"))) + (add-after 'install 'patch-sasl-path + ;; Give -L arguments for cyrus-sasl to avoid propagation. + (lambda* (#:key inputs outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out")) + (sasl (assoc-ref inputs "cyrus-sasl"))) + (substitute* (map (lambda (f) (string-append out "/" f)) + '("lib/libldap.la" "lib/libldap_r.la")) + (("-lsasl2" lib) + (string-append "-L" sasl "/lib " lib))) + #t)))))) (synopsis "Implementation of the Lightweight Directory Access Protocol") (description "OpenLDAP is a free implementation of the Lightweight Directory Access Protocol.") -- 2.13.0 ^ permalink raw reply related [flat|nested] 10+ messages in thread
* bug#27220: [PATCH 3/3] gnu: openldap: Provide path to cyrus-sasl for libtool. 2017-06-03 21:30 ` bug#27220: [PATCH 3/3] gnu: openldap: Provide path to cyrus-sasl for libtool Leo Famulari @ 2017-06-04 13:38 ` Marius Bakke 2017-06-04 16:44 ` Leo Famulari 0 siblings, 1 reply; 10+ messages in thread From: Marius Bakke @ 2017-06-04 13:38 UTC (permalink / raw) To: Leo Famulari, 27220 [-- Attachment #1: Type: text/plain, Size: 1488 bytes --] Leo Famulari <leo@famulari.name> writes: > * gnu/packages/openldap.scm (openldap)[arguments]: Add 'patch-sasl-path' phase.. > --- > gnu/packages/openldap.scm | 12 +++++++++++- > 1 file changed, 11 insertions(+), 1 deletion(-) > > diff --git a/gnu/packages/openldap.scm b/gnu/packages/openldap.scm > index 3fd19632b..9a68d553b 100644 > --- a/gnu/packages/openldap.scm > +++ b/gnu/packages/openldap.scm > @@ -72,7 +72,17 @@ > #:phases > (modify-phases %standard-phases > (add-after 'configure 'provide-libtool > - (lambda _ (copy-file (which "libtool") "libtool")))))) > + (lambda _ (copy-file (which "libtool") "libtool"))) > + (add-after 'install 'patch-sasl-path > + ;; Give -L arguments for cyrus-sasl to avoid propagation. > + (lambda* (#:key inputs outputs #:allow-other-keys) > + (let ((out (assoc-ref outputs "out")) > + (sasl (assoc-ref inputs "cyrus-sasl"))) > + (substitute* (map (lambda (f) (string-append out "/" f)) > + '("lib/libldap.la" "lib/libldap_r.la")) > + (("-lsasl2" lib) > + (string-append "-L" sasl "/lib " lib))) > + #t)))))) Good find. LGTM, but I wonder if it would be better to remove the static library (and associated .la files) and instead provide an explicit static-package. This mostly for grafting purposes. However, I think that's a journey for another core-updates. [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 487 bytes --] ^ permalink raw reply [flat|nested] 10+ messages in thread
* bug#27220: [PATCH 3/3] gnu: openldap: Provide path to cyrus-sasl for libtool. 2017-06-04 13:38 ` Marius Bakke @ 2017-06-04 16:44 ` Leo Famulari 0 siblings, 0 replies; 10+ messages in thread From: Leo Famulari @ 2017-06-04 16:44 UTC (permalink / raw) To: Marius Bakke; +Cc: 27220 [-- Attachment #1: Type: text/plain, Size: 1267 bytes --] On Sun, Jun 04, 2017 at 03:38:29PM +0200, Marius Bakke wrote: > Leo Famulari <leo@famulari.name> writes: > > * gnu/packages/openldap.scm (openldap)[arguments]: Add 'patch-sasl-path' phase.. > > + (add-after 'install 'patch-sasl-path > > + ;; Give -L arguments for cyrus-sasl to avoid propagation. > > + (lambda* (#:key inputs outputs #:allow-other-keys) > > + (let ((out (assoc-ref outputs "out")) > > + (sasl (assoc-ref inputs "cyrus-sasl"))) > > + (substitute* (map (lambda (f) (string-append out "/" f)) > > + '("lib/libldap.la" "lib/libldap_r.la")) > > + (("-lsasl2" lib) > > + (string-append "-L" sasl "/lib " lib))) > > + #t)))))) > > Good find. LGTM, but I wonder if it would be better to remove the static > library (and associated .la files) and instead provide an explicit > static-package. This mostly for grafting purposes. True. I found this while trying to build the latest ncmpcpp, which added a dependency on curl, which depends on openldap. I copied the solution from the hwloc package in (gnu packages mpi). > However, I think that's a journey for another core-updates. Yes :) [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 10+ messages in thread
* bug#27220: [PATCH 1/3] gnu: openldap: Update to 2.4.45. 2017-06-03 21:30 ` bug#27220: [PATCH 1/3] gnu: openldap: Update to 2.4.45 Leo Famulari 2017-06-03 21:30 ` bug#27220: [PATCH 2/3] gnu: openldap: Use modify-phases Leo Famulari 2017-06-03 21:30 ` bug#27220: [PATCH 3/3] gnu: openldap: Provide path to cyrus-sasl for libtool Leo Famulari @ 2017-06-04 13:33 ` Marius Bakke 2017-06-04 16:37 ` Leo Famulari 2 siblings, 1 reply; 10+ messages in thread From: Marius Bakke @ 2017-06-04 13:33 UTC (permalink / raw) To: Leo Famulari, 27220 [-- Attachment #1: Type: text/plain, Size: 366 bytes --] Leo Famulari <leo@famulari.name> writes: > * gnu/packages/openldap.scm (openldap): Update to 2.4.45. > [replacement]: Remove field. > [home-page], [source]: Use HTTPS URLs for home-page and the USA mirror. > (openldap/fixed): Remove variable. > * gnu/packages/patches/openldap-CVE-2017-9287.patch: Delete file. > * gnu/local.mk (dist_patch_DATA): Remove it. LGTM. [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 487 bytes --] ^ permalink raw reply [flat|nested] 10+ messages in thread
* bug#27220: [PATCH 1/3] gnu: openldap: Update to 2.4.45. 2017-06-04 13:33 ` bug#27220: [PATCH 1/3] gnu: openldap: Update to 2.4.45 Marius Bakke @ 2017-06-04 16:37 ` Leo Famulari 0 siblings, 0 replies; 10+ messages in thread From: Leo Famulari @ 2017-06-04 16:37 UTC (permalink / raw) To: Marius Bakke; +Cc: 27220 [-- Attachment #1: Type: text/plain, Size: 554 bytes --] On Sun, Jun 04, 2017 at 03:33:29PM +0200, Marius Bakke wrote: > Leo Famulari <leo@famulari.name> writes: > > > * gnu/packages/openldap.scm (openldap): Update to 2.4.45. > > [replacement]: Remove field. > > [home-page], [source]: Use HTTPS URLs for home-page and the USA mirror. > > (openldap/fixed): Remove variable. > > * gnu/packages/patches/openldap-CVE-2017-9287.patch: Delete file. > > * gnu/local.mk (dist_patch_DATA): Remove it. > > LGTM. Is core-updates open for these changes to OpenLDAP? Or should I wait until the next cycle? [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2017-06-04 16:45 UTC | newest] Thread overview: 10+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2017-06-03 21:28 bug#27220: OpenLDAP changes for core-updates Leo Famulari 2017-06-03 21:30 ` bug#27220: [PATCH 1/3] gnu: openldap: Update to 2.4.45 Leo Famulari 2017-06-03 21:30 ` bug#27220: [PATCH 2/3] gnu: openldap: Use modify-phases Leo Famulari 2017-06-04 13:33 ` Marius Bakke 2017-06-04 16:39 ` Leo Famulari 2017-06-03 21:30 ` bug#27220: [PATCH 3/3] gnu: openldap: Provide path to cyrus-sasl for libtool Leo Famulari 2017-06-04 13:38 ` Marius Bakke 2017-06-04 16:44 ` Leo Famulari 2017-06-04 13:33 ` bug#27220: [PATCH 1/3] gnu: openldap: Update to 2.4.45 Marius Bakke 2017-06-04 16:37 ` Leo Famulari
Code repositories for project(s) associated with this public inbox https://git.savannah.gnu.org/cgit/guix.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).