From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:41312) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dHGdW-0005SV-8v for guix-patches@gnu.org; Sat, 03 Jun 2017 17:31:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dHGdT-0000iC-ND for guix-patches@gnu.org; Sat, 03 Jun 2017 17:31:06 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:51581) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dHGdT-0000hd-E6 for guix-patches@gnu.org; Sat, 03 Jun 2017 17:31:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1dHGdT-0007GS-8F for guix-patches@gnu.org; Sat, 03 Jun 2017 17:31:03 -0400 Subject: bug#27220: [PATCH 1/3] gnu: openldap: Update to 2.4.45. References: <20170603212819.GA11817@jasmine> In-Reply-To: <20170603212819.GA11817@jasmine> Resent-Message-ID: From: Leo Famulari Date: Sat, 3 Jun 2017 17:30:20 -0400 Message-Id: List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: 27220@debbugs.gnu.org * gnu/packages/openldap.scm (openldap): Update to 2.4.45. [replacement]: Remove field. [home-page], [source]: Use HTTPS URLs for home-page and the USA mirror. (openldap/fixed): Remove variable. * gnu/packages/patches/openldap-CVE-2017-9287.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/openldap.scm | 17 +++-------- gnu/packages/patches/openldap-CVE-2017-9287.patch | 37 ----------------------- 3 files changed, 4 insertions(+), 51 deletions(-) delete mode 100644 gnu/packages/patches/openldap-CVE-2017-9287.patch diff --git a/gnu/local.mk b/gnu/local.mk index 8b73f7e64..060079352 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -842,7 +842,6 @@ dist_patch_DATA = \ %D%/packages/patches/openexr-missing-samples.patch \ %D%/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch \ %D%/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch \ - %D%/packages/patches/openldap-CVE-2017-9287.patch \ %D%/packages/patches/openocd-nrf52.patch \ %D%/packages/patches/openssl-runpath.patch \ %D%/packages/patches/openssl-1.1.0-c-rehash-in.patch \ diff --git a/gnu/packages/openldap.scm b/gnu/packages/openldap.scm index 24bf603c4..a146ef378 100644 --- a/gnu/packages/openldap.scm +++ b/gnu/packages/openldap.scm @@ -40,8 +40,7 @@ (define-public openldap (package (name "openldap") - (replacement openldap/fixed) - (version "2.4.44") + (version "2.4.45") (source (origin (method url-fetch) @@ -51,14 +50,14 @@ "ftp://mirror.switch.ch/mirror/OpenLDAP/" "openldap-release/openldap-" version ".tgz") (string-append - "ftp://ftp.OpenLDAP.org/pub/OpenLDAP/" + "https://www.openldap.org/software/download/OpenLDAP/" "openldap-release/openldap-" version ".tgz") (string-append "ftp://ftp.dti.ad.jp/pub/net/OpenLDAP/" "openldap-release/openldap-" version ".tgz"))) (sha256 (base32 - "0044p20hx07fwgw2mbwj1fkx04615hhs1qyx4mawj2bhqvrnppnp")))) + "091qvwk5dkcpp17ziabcnh3rg3m7qwzw2pihfcd1d5fdxgywzmnd")))) (build-system gnu-build-system) (inputs `(("bdb" ,bdb-5.3) ("cyrus-sasl" ,cyrus-sasl) @@ -79,15 +78,7 @@ (description "OpenLDAP is a free implementation of the Lightweight Directory Access Protocol.") (license openldap2.8) - (home-page "http://www.openldap.org/"))) - -(define openldap/fixed - (package - (inherit openldap) - (source - (origin - (inherit (package-source openldap)) - (patches (search-patches "openldap-CVE-2017-9287.patch")))))) + (home-page "https://www.openldap.org/"))) (define-public nss-pam-ldapd (package diff --git a/gnu/packages/patches/openldap-CVE-2017-9287.patch b/gnu/packages/patches/openldap-CVE-2017-9287.patch deleted file mode 100644 index 5ca2a60c6..000000000 --- a/gnu/packages/patches/openldap-CVE-2017-9287.patch +++ /dev/null @@ -1,37 +0,0 @@ -Fix CVE-2017-9287: - -https://www.openldap.org/its/?findid=8655 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9287 - -Patch copied from upstream source repository: - -https://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=0cee1ffb6021b1aae3fcc9581699da1c85a6dd6e - -From 0cee1ffb6021b1aae3fcc9581699da1c85a6dd6e Mon Sep 17 00:00:00 2001 -From: Ryan Tandy -Date: Wed, 17 May 2017 20:07:39 -0700 -Subject: [PATCH] ITS#8655 fix double free on paged search with pagesize 0 - -Fixes a double free when a search includes the Paged Results control -with a page size of 0 and the search base matches the filter. ---- - servers/slapd/back-mdb/search.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/servers/slapd/back-mdb/search.c b/servers/slapd/back-mdb/search.c -index 301d1a498c..43442aa242 100644 ---- a/servers/slapd/back-mdb/search.c -+++ b/servers/slapd/back-mdb/search.c -@@ -1066,7 +1066,8 @@ notfound: - /* check size limit */ - if ( get_pagedresults(op) > SLAP_CONTROL_IGNORED ) { - if ( rs->sr_nentries >= ((PagedResultsState *)op->o_pagedresults_state)->ps_size ) { -- mdb_entry_return( op, e ); -+ if (e != base) -+ mdb_entry_return( op, e ); - e = NULL; - send_paged_response( op, rs, &lastid, tentries ); - goto done; --- -2.13.0 - -- 2.13.0