openldap: Fix CVE-2015-6908

9 years ago · 6634bdc93c
parent bc54ecd811
commit 6634bdc93c
2 changed files with 28 additions and 0 deletions
--- a/pkgs/development/libraries/openldap/CVE-2015-6908.patch
+++ b/pkgs/development/libraries/openldap/CVE-2015-6908.patch
@ -0,0 +1,25 @@
+From 6fe51a9ab04fd28bbc171da3cf12f1c1040d6629 Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Thu, 10 Sep 2015 00:37:32 +0100
+Subject: [PATCH] ITS#8240 remove obsolete assert
+
+---
+ libraries/liblber/io.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libraries/liblber/io.c b/libraries/liblber/io.c
+index 85c3e23..c05dcf8 100644
+--- a/libraries/liblber/io.c
+++ b/libraries/liblber/io.c
+@@ -679,7 +679,7 @@ done:
+ 		return (ber->ber_tag);
+ 	}
+ 
+-	assert( 0 ); /* ber structure is messed up ?*/
+	/* invalid input */
+ 	return LBER_DEFAULT;
+ }
+ 
+-- 
+1.7.10.4
+
--- a/pkgs/development/libraries/openldap/default.nix
+++ b/pkgs/development/libraries/openldap/default.nix
@ -8,6 +8,9 @@ stdenv.mkDerivation rec {
    sha256 = "0qwfpb5ipp2l76v11arghq5mr0sjc6xhjfg8a0kgsaw5qpib1dzf";
  };

+  # Should be removed with >=2.4.43
+  patches = [ ./CVE-2015-6908.patch ];
+
  outputs = [ "out" "man" ];

  buildInputs = [ openssl cyrus_sasl db groff ];