tjh.dev
+19
-1
pkgs/development/libraries/openldap/default.nix
+19
-1
pkgs/development/libraries/openldap/default.nix
···
1
-
{ stdenv, fetchurl, openssl, cyrus_sasl, db, groff, libtool }:
1
+
{ stdenv, fetchurl, fetchpatch, openssl, cyrus_sasl, db, groff, libtool }:
2
2
3
3
stdenv.mkDerivation rec {
4
4
name = "openldap-2.4.50";
···
7
7
url = "https://www.openldap.org/software/download/OpenLDAP/openldap-release/${name}.tgz";
8
8
sha256 = "1f46nlfwmys110j36sifm7ah8m8f3s10c3vaiikmmigmifapvdaw";
9
9
};
10
+
11
+
patches = [
12
+
(fetchpatch {
13
+
name = "CVE-2020-25692.patch";
14
+
url = "https://git.openldap.org/openldap/openldap/-/commit/4c774220a752bf8e3284984890dc0931fe73165d.patch";
15
+
sha256 = "0mpmf2wqn1wsn94qrarahqff9600lb852zpvyh0g8bwr4cmi4bx7";
16
+
})
17
+
(fetchpatch {
18
+
name = "CVE-2020-25709.patch";
19
+
url = "https://git.openldap.org/openldap/openldap/-/commit/67670f4544e28fb09eb7319c39f404e1d3229e65.patch";
20
+
sha256 = "12rks96gzk80892mfjm93rvyda1rv2sh9zqdnz5j885l9wkksfaf";
21
+
})
22
+
(fetchpatch {
23
+
name = "CVE-2020-25710.patch";
24
+
url = "https://git.openldap.org/openldap/openldap/-/commit/bdb0d459187522a6063df13871b82ba8dcc6efe2.patch";
25
+
sha256 = "1v72zcz8dk8mr259ig1xrqqb4rjffzfsbmmzn9jgmi3qnf6cilyk";
26
+
})
27
+
];
10
28
11
29
# TODO: separate "out" and "bin"
12
30
outputs = [ "out" "dev" "man" "devdoc" ];