[bug#46415] [PATCH] gnu: OpenLDAP: Update to 2.4.57 [security fixes].

[bug#46415] [PATCH] gnu: OpenLDAP: Update to 2.4.57 [security fixes].

[Leo Famulari]

Fixes CVE-2020-{36221,36222,36223,36224,36225,36226,36226,36228,36229,36230}.

* gnu/packages/openldap.scm (openldap-2.4.57): New variable.
(openldap)[replacement]: New field.
---
 gnu/packages/openldap.scm | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/openldap.scm b/gnu/packages/openldap.scm
index fb917882e7..c23a9f6c25 100644
--- a/gnu/packages/openldap.scm
+++ b/gnu/packages/openldap.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2014, 2015, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
-;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2016, 2021 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2017, 2018, 2019 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2019 Mathieu Othacehe <m.othacehe@gmail.com>
@@ -61,6 +61,7 @@
 (define-public openldap
   (package
    (name "openldap")
+   (replacement openldap-2.4.57)
    (version "2.4.50")
    (source (origin
              (method url-fetch)
@@ -125,6 +126,27 @@
    (license openldap2.8)
    (home-page "https://www.openldap.org/")))
 
+(define-public openldap-2.4.57
+  (package
+    (inherit openldap)
+    (version "2.4.57")
+    (source (origin
+              (method url-fetch)
+              ;; See <http://www.openldap.org/software/download/> for a list of
+              ;; mirrors.
+              (uri (list (string-append
+                          "ftp://mirror.switch.ch/mirror/OpenLDAP/"
+                          "openldap-release/openldap-" version ".tgz")
+                         (string-append
+                          "https://www.openldap.org/software/download/OpenLDAP/"
+                          "openldap-release/openldap-" version ".tgz")
+                         (string-append
+                          "ftp://ftp.dti.ad.jp/pub/net/OpenLDAP/"
+                          "openldap-release/openldap-" version ".tgz")))
+              (sha256
+               (base32
+                "0nmlyqhc52v24b4awh914sczmvxbazgq2cnlycvb9dgcwvhlgfn7"))))))
+
 (define-public nss-pam-ldapd
   (package
     (name "nss-pam-ldapd")
-- 
2.30.0

[bug#46415] [PATCH] gnu: OpenLDAP: Update to 2.4.57 [security fixes].

[Efraim Flashner]

[-- Attachment #1: Type: text/plain, Size: 397 bytes --]

I assume you've tested it out? Looks good to me. I assume there's no way
to inherit the list of URLs from openldap to openldap/fixed and still
have it download the correct version.

-- 
Efraim Flashner   <efraim@flashner.co.il>   אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

[bug#46415] [PATCH] gnu: OpenLDAP: Update to 2.4.57 [security fixes].

[Leo Famulari]

[-- Attachment #1: Type: text/plain, Size: 328 bytes --]

On Thu, Feb 11, 2021 at 01:15:08PM +0200, Efraim Flashner wrote:
> I assume you've tested it out? Looks good to me. I assume there's no way
> to inherit the list of URLs from openldap to openldap/fixed and still
> have it download the correct version.

I tested that it builds but I don't have a way to test LDAP
functionality.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

[bug#46415] [PATCH] gnu: OpenLDAP: Update to 2.4.57 [security fixes].

[Efraim Flashner]

[-- Attachment #1: Type: text/plain, Size: 714 bytes --]

On Thu, Feb 11, 2021 at 02:18:57PM -0500, Leo Famulari wrote:
> On Thu, Feb 11, 2021 at 01:15:08PM +0200, Efraim Flashner wrote:
> > I assume you've tested it out? Looks good to me. I assume there's no way
> > to inherit the list of URLs from openldap to openldap/fixed and still
> > have it download the correct version.
> 
> I tested that it builds but I don't have a way to test LDAP
> functionality.

I meant I assumed you tested it built and grafted correctly, as best as
we can tell.

-- 
Efraim Flashner   <efraim@flashner.co.il>   אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

bug#46415: [PATCH] gnu: OpenLDAP: Update to 2.4.57 [security fixes].

[Leo Famulari]

[-- Attachment #1: Type: text/plain, Size: 668 bytes --]

On Thu, Feb 11, 2021 at 09:21:14PM +0200, Efraim Flashner wrote:
> On Thu, Feb 11, 2021 at 02:18:57PM -0500, Leo Famulari wrote:
> > On Thu, Feb 11, 2021 at 01:15:08PM +0200, Efraim Flashner wrote:
> > > I assume you've tested it out? Looks good to me. I assume there's no way
> > > to inherit the list of URLs from openldap to openldap/fixed and still
> > > have it download the correct version.
> > 
> > I tested that it builds but I don't have a way to test LDAP
> > functionality.
> 
> I meant I assumed you tested it built and grafted correctly, as best as
> we can tell.

Yeah. Thanks for review! Pushed as a18492118cc73bee9a2e6424363e3e072572f52e

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]