JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
245ce34f68
nixpkgs/pkgs/development/libraries/openldap/default.nix
Martin Weinelt 2091d42cef openldap: 2.4.49 → 2.4.50 
Fixes: CVE-2020-12243

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters
with nested boolean expressions can result in denial of service
(daemon crash).
2020-04-28 21:51:49 +02:00

68 lines
2.1 KiB
Nix
Raw Blame History

{ stdenv, fetchurl, openssl, cyrus_sasl, db, groff, libtool }:
stdenv.mkDerivation rec {
name = "openldap-2.4.50";
src = fetchurl {
url = "https://www.openldap.org/software/download/OpenLDAP/openldap-release/${name}.tgz";
sha256 = "1f46nlfwmys110j36sifm7ah8m8f3s10c3vaiikmmigmifapvdaw";
};
# TODO: separate "out" and "bin"
outputs = [ "out" "dev" "man" "devdoc" ];
enableParallelBuilding = true;
nativeBuildInputs = [ groff ];
buildInputs = [ openssl cyrus_sasl db libtool ];
# Disable install stripping as it breaks cross-compiling.
# We strip binaries anyway in fixupPhase.
makeFlags= [ "STRIP=" ];
configureFlags = [
"--enable-overlays"
"--disable-dependency-tracking" # speeds up one-time build
"--enable-modules"
"--sysconfdir=/etc"
"--localstatedir=/var"
"--enable-crypt"
] ++ stdenv.lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [
"--with-yielding_select=yes"
"ac_cv_func_memcmp_working=yes"
] ++ stdenv.lib.optional (openssl == null) "--without-tls"
++ stdenv.lib.optional (cyrus_sasl == null) "--without-cyrus-sasl"
++ stdenv.lib.optional stdenv.isFreeBSD "--with-pic";
doCheck = false; # needs a running LDAP server
installFlags = [ "sysconfdir=$(out)/etc" "localstatedir=$(out)/var" ];
# 1. Fixup broken libtool
# 2. Libraries left in the build location confuse `patchelf --shrink-rpath`
# Delete these to let patchelf discover the right path instead.
# FIXME: that one can be removed when https://github.com/NixOS/patchelf/pull/98
# is in Nixpkgs patchelf.
preFixup = ''
sed -e 's,-lsasl2,-L${cyrus_sasl.out}/lib -lsasl2,' \
-e 's,-lssl,-L${openssl.out}/lib -lssl,' \
-i $out/lib/libldap.la -i $out/lib/libldap_r.la
rm -rf $out/var
rm -r libraries/*/.libs
'';
postInstall = ''
chmod +x "$out"/lib/*.{so,dylib}
'';
meta = with stdenv.lib; {
homepage = "https://www.openldap.org/";
description = "An open source implementation of the Lightweight Directory Access Protocol";
license = licenses.openldap;
maintainers = with maintainers; [ lovek323 ];
platforms = platforms.unix;
};
}
Reference in New Issue View Git Blame Copy Permalink