From 6634bdc93c125459c4fd865dff029f4542c6f18c Mon Sep 17 00:00:00 2001
From: "William A. Kennington III" <william@wkennington.com>
Date: Thu, 17 Sep 2015 14:22:51 -0700
Subject: openldap: Fix CVE-2015-6908

---
 .../libraries/openldap/CVE-2015-6908.patch         | 25 ++++++++++++++++++++++
 pkgs/development/libraries/openldap/default.nix    |  3 +++
 2 files changed, 28 insertions(+)
 create mode 100644 pkgs/development/libraries/openldap/CVE-2015-6908.patch

(limited to 'pkgs/development/libraries/openldap')

diff --git a/pkgs/development/libraries/openldap/CVE-2015-6908.patch b/pkgs/development/libraries/openldap/CVE-2015-6908.patch
new file mode 100644
index 00000000000..5db36629475
--- /dev/null
+++ b/pkgs/development/libraries/openldap/CVE-2015-6908.patch
@@ -0,0 +1,25 @@
+From 6fe51a9ab04fd28bbc171da3cf12f1c1040d6629 Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Thu, 10 Sep 2015 00:37:32 +0100
+Subject: [PATCH] ITS#8240 remove obsolete assert
+
+---
+ libraries/liblber/io.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libraries/liblber/io.c b/libraries/liblber/io.c
+index 85c3e23..c05dcf8 100644
+--- a/libraries/liblber/io.c
++++ b/libraries/liblber/io.c
+@@ -679,7 +679,7 @@ done:
+ 		return (ber->ber_tag);
+ 	}
+ 
+-	assert( 0 ); /* ber structure is messed up ?*/
++	/* invalid input */
+ 	return LBER_DEFAULT;
+ }
+ 
+-- 
+1.7.10.4
+
diff --git a/pkgs/development/libraries/openldap/default.nix b/pkgs/development/libraries/openldap/default.nix
index 83c65048227..253f74ecc6a 100644
--- a/pkgs/development/libraries/openldap/default.nix
+++ b/pkgs/development/libraries/openldap/default.nix
@@ -8,6 +8,9 @@ stdenv.mkDerivation rec {
     sha256 = "0qwfpb5ipp2l76v11arghq5mr0sjc6xhjfg8a0kgsaw5qpib1dzf";
   };
 
+  # Should be removed with >=2.4.43
+  patches = [ ./CVE-2015-6908.patch ];
+
   outputs = [ "out" "man" ];
 
   buildInputs = [ openssl cyrus_sasl db groff ];
-- 
cgit 1.4.1