* gnu/packages/openldap.scm (openldap)[replacement]: Use openldap-2.4.50.
(openldap/fixed): Replace with ...
(openldap-2.4.50): ... new variable.
* gnu/packages/patches/openldap-CVE-2020-12243.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
gnu/packages/openldap.scm | 16 ++-
.../patches/openldap-CVE-2020-12243.patch | 125 ------------------
3 files changed, 11 insertions(+), 131 deletions(-)
delete mode 100644 gnu/packages/patches/openldap-CVE-2020-12243.patch
Toggle diff (182 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index 67bf04547c..9426ee30a0 100644
@@ -1276,7 +1276,6 @@ dist_patch_DATA = \
%D%/packages/patches/opencv-rgbd-aarch64-test-fix.patch \
%D%/packages/patches/openfoam-4.1-cleanup.patch \
%D%/packages/patches/openjdk-10-idlj-reproducibility.patch \
- %D%/packages/patches/openldap-CVE-2020-12243.patch \
%D%/packages/patches/openmpi-mtl-priorities.patch \
%D%/packages/patches/openocd-nrf52.patch \
%D%/packages/patches/openssl-runpath.patch \
diff --git a/gnu/packages/openldap.scm b/gnu/packages/openldap.scm
index aa51520654..53c57e846f 100644
--- a/gnu/packages/openldap.scm
+++ b/gnu/packages/openldap.scm
- (replacement openldap/fixed)
+ (replacement openldap-2.4.50)
(home-page "https://www.openldap.org/")))
- (origin (inherit (package-source openldap))
- (patches (search-patches "openldap-CVE-2020-12243.patch"))))))
+ (uri (string-append "https://www.openldap.org/software/download/"
+ "OpenLDAP/openldap-release/openldap-" version
+ "1f46nlfwmys110j36sifm7ah8m8f3s10c3vaiikmmigmifapvdaw"))))))
(define-public nss-pam-ldapd
diff --git a/gnu/packages/patches/openldap-CVE-2020-12243.patch b/gnu/packages/patches/openldap-CVE-2020-12243.patch
index 6321998198..0000000000
--- a/gnu/packages/patches/openldap-CVE-2020-12243.patch
-From 98464c11df8247d6a11b52e294ba5dd4f0380440 Mon Sep 17 00:00:00 2001
-From: Howard Chu <hyc@openldap.org>
-Date: Thu, 16 Apr 2020 01:08:19 +0100
-Subject: [PATCH] ITS#9202 limit depth of nested filters
-Using a hardcoded limit for now; no reasonable apps
-should ever run into it.
- servers/slapd/filter.c | 41 ++++++++++++++++++++++++++++++++---------
- 1 file changed, 32 insertions(+), 9 deletions(-)
-diff --git a/servers/slapd/filter.c b/servers/slapd/filter.c
-index 3252cf2a7..ed57bbd7b 100644
---- a/servers/slapd/filter.c
-+++ b/servers/slapd/filter.c
- const Filter *slap_filter_objectClass_pres;
- const struct berval *slap_filterstr_objectClass_pres;
-+#ifndef SLAPD_MAX_FILTER_DEPTH
-+#define SLAPD_MAX_FILTER_DEPTH 5000
- static int get_filter_list(
-@@ -80,12 +85,13 @@ filter_destroy( void )
-@@ -126,6 +132,11 @@ get_filter(
-+ if( depth > SLAPD_MAX_FILTER_DEPTH ) {
-+ *text = "filter nested too deeply";
-+ return SLAPD_DISCONNECT;
- tag = ber_peek_tag( ber, &len );
- if( tag == LBER_ERROR ) {
-@@ -221,7 +232,7 @@ get_filter(
- Debug( LDAP_DEBUG_FILTER, "AND\n", 0, 0, 0 );
-- err = get_filter_list( op, ber, &f.f_and, text );
-+ err = get_filter_list( op, ber, &f.f_and, text, depth+1 );
- if ( err != LDAP_SUCCESS ) {
-@@ -234,7 +245,7 @@ get_filter(
- Debug( LDAP_DEBUG_FILTER, "OR\n", 0, 0, 0 );
-- err = get_filter_list( op, ber, &f.f_or, text );
-+ err = get_filter_list( op, ber, &f.f_or, text, depth+1 );
- if ( err != LDAP_SUCCESS ) {
-@@ -248,7 +259,7 @@ get_filter(
- Debug( LDAP_DEBUG_FILTER, "NOT\n", 0, 0, 0 );
- (void) ber_skip_tag( ber, &len );
-- err = get_filter( op, ber, &f.f_not, text );
-+ err = get_filter0( op, ber, &f.f_not, text, depth+1 );
- if ( err != LDAP_SUCCESS ) {
-@@ -311,10 +322,22 @@ get_filter(
-+ return get_filter0( op, ber, filt, text, 0 );
- get_filter_list( Operation *op, BerElement *ber,
-@@ -328,7 +351,7 @@ get_filter_list( Operation *op, BerElement *ber,
- tag = ber_next_element( ber, &len, last ) )
-- err = get_filter( op, ber, new, text );
-+ err = get_filter0( op, ber, new, text, depth );
- if ( err != LDAP_SUCCESS )