GNU bug report logs - #27220
OpenLDAP changes for core-updates

Previous Next

Full log

Message #14 received at 27220 <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: 27220 <at> debbugs.gnu.org
Subject: [PATCH 1/3] gnu: openldap: Update to 2.4.45.
Date: Sat,  3 Jun 2017 17:30:20 -0400

* gnu/packages/openldap.scm (openldap): Update to 2.4.45.
[replacement]: Remove field.
[home-page], [source]: Use HTTPS URLs for home-page and the USA mirror.
(openldap/fixed): Remove variable.
* gnu/packages/patches/openldap-CVE-2017-9287.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
---
 gnu/local.mk                                      |  1 -
 gnu/packages/openldap.scm                         | 17 +++--------
 gnu/packages/patches/openldap-CVE-2017-9287.patch | 37 -----------------------
 3 files changed, 4 insertions(+), 51 deletions(-)
 delete mode 100644 gnu/packages/patches/openldap-CVE-2017-9287.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 8b73f7e64..060079352 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -842,7 +842,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/openexr-missing-samples.patch		\
   %D%/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch		\
   %D%/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch		\
-  %D%/packages/patches/openldap-CVE-2017-9287.patch		\
   %D%/packages/patches/openocd-nrf52.patch			\
   %D%/packages/patches/openssl-runpath.patch			\
   %D%/packages/patches/openssl-1.1.0-c-rehash-in.patch		\
diff --git a/gnu/packages/openldap.scm b/gnu/packages/openldap.scm
index 24bf603c4..a146ef378 100644
--- a/gnu/packages/openldap.scm
+++ b/gnu/packages/openldap.scm
@@ -40,8 +40,7 @@
 (define-public openldap
   (package
    (name "openldap")
-   (replacement openldap/fixed)
-   (version "2.4.44")
+   (version "2.4.45")
    (source (origin
             (method url-fetch)
 
@@ -51,14 +50,14 @@
                         "ftp://mirror.switch.ch/mirror/OpenLDAP/"
                         "openldap-release/openldap-" version ".tgz")
                        (string-append
-                        "ftp://ftp.OpenLDAP.org/pub/OpenLDAP/"
+                        "https://www.openldap.org/software/download/OpenLDAP/"
                         "openldap-release/openldap-" version ".tgz")
                        (string-append
                         "ftp://ftp.dti.ad.jp/pub/net/OpenLDAP/"
                         "openldap-release/openldap-" version ".tgz")))
             (sha256
              (base32
-              "0044p20hx07fwgw2mbwj1fkx04615hhs1qyx4mawj2bhqvrnppnp"))))
+              "091qvwk5dkcpp17ziabcnh3rg3m7qwzw2pihfcd1d5fdxgywzmnd"))))
    (build-system gnu-build-system)
    (inputs `(("bdb" ,bdb-5.3)
              ("cyrus-sasl" ,cyrus-sasl)
@@ -79,15 +78,7 @@
    (description
     "OpenLDAP is a free implementation of the Lightweight Directory Access Protocol.")
    (license openldap2.8)
-   (home-page "http://www.openldap.org/")))
-
-(define openldap/fixed
-  (package
-    (inherit openldap)
-    (source
-      (origin
-        (inherit (package-source openldap))
-        (patches (search-patches "openldap-CVE-2017-9287.patch"))))))
+   (home-page "https://www.openldap.org/")))
 
 (define-public nss-pam-ldapd
   (package
diff --git a/gnu/packages/patches/openldap-CVE-2017-9287.patch b/gnu/packages/patches/openldap-CVE-2017-9287.patch
deleted file mode 100644
index 5ca2a60c6..000000000
--- a/gnu/packages/patches/openldap-CVE-2017-9287.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-Fix CVE-2017-9287:
-
-https://www.openldap.org/its/?findid=8655
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9287
-
-Patch copied from upstream source repository:
-
-https://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=0cee1ffb6021b1aae3fcc9581699da1c85a6dd6e
-
-From 0cee1ffb6021b1aae3fcc9581699da1c85a6dd6e Mon Sep 17 00:00:00 2001
-From: Ryan Tandy <ryan <at> nardis.ca>
-Date: Wed, 17 May 2017 20:07:39 -0700
-Subject: [PATCH] ITS#8655 fix double free on paged search with pagesize 0
-
-Fixes a double free when a search includes the Paged Results control
-with a page size of 0 and the search base matches the filter.
----
- servers/slapd/back-mdb/search.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/servers/slapd/back-mdb/search.c b/servers/slapd/back-mdb/search.c
-index 301d1a498c..43442aa242 100644
---- a/servers/slapd/back-mdb/search.c
-+++ b/servers/slapd/back-mdb/search.c
-@@ -1066,7 +1066,8 @@ notfound:
- 			/* check size limit */
- 			if ( get_pagedresults(op) > SLAP_CONTROL_IGNORED ) {
- 				if ( rs->sr_nentries >= ((PagedResultsState *)op->o_pagedresults_state)->ps_size ) {
--					mdb_entry_return( op, e );
-+					if (e != base)
-+						mdb_entry_return( op, e );
- 					e = NULL;
- 					send_paged_response( op, rs, &lastid, tentries );
- 					goto done;
--- 
-2.13.0
-
-- 
2.13.0

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.