guix-play/gnu/packages/openldap.scm
Leo Famulari b0415c0361
gnu: openldap: Fix CVE-2017-9287.
* gnu/packages/patches/openldap-CVE-2017-9287.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/openldap.scm (openldap)[replacement]: New field.
(openldap/fixed): New variable.
2017-05-30 18:15:23 -04:00

139 lines
5.5 KiB
Scheme

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (gnu packages openldap)
#:use-module (gnu packages autotools)
#:use-module (gnu packages databases)
#:use-module (gnu packages compression)
#:use-module (gnu packages cyrus-sasl)
#:use-module (gnu packages gnupg)
#:use-module (gnu packages groff)
#:use-module (gnu packages icu4c)
#:use-module (gnu packages kerberos)
#:use-module (gnu packages linux)
#:use-module (gnu packages python)
#:use-module (gnu packages tls)
#:use-module (gnu packages)
#:use-module ((guix licenses) #:select (openldap2.8 lgpl2.1+))
#:use-module (guix packages)
#:use-module (guix download)
#:use-module (guix build-system gnu))
(define-public openldap
(package
(name "openldap")
(replacement openldap/fixed)
(version "2.4.44")
(source (origin
(method url-fetch)
;; See <http://www.openldap.org/software/download/> for a list of
;; mirrors.
(uri (list (string-append
"ftp://mirror.switch.ch/mirror/OpenLDAP/"
"openldap-release/openldap-" version ".tgz")
(string-append
"ftp://ftp.OpenLDAP.org/pub/OpenLDAP/"
"openldap-release/openldap-" version ".tgz")
(string-append
"ftp://ftp.dti.ad.jp/pub/net/OpenLDAP/"
"openldap-release/openldap-" version ".tgz")))
(sha256
(base32
"0044p20hx07fwgw2mbwj1fkx04615hhs1qyx4mawj2bhqvrnppnp"))))
(build-system gnu-build-system)
(inputs `(("bdb" ,bdb-5.3)
("cyrus-sasl" ,cyrus-sasl)
("gnutls" ,gnutls)
("groff" ,groff)
("icu4c" ,icu4c)
("libgcrypt" ,libgcrypt)
("zlib" ,zlib)))
(native-inputs `(("libtool" ,libtool)))
(arguments
`(#:tests? #f
#:phases
(alist-cons-after
'configure 'provide-libtool
(lambda _ (copy-file (which "libtool") "libtool"))
%standard-phases)))
(synopsis "Implementation of the Lightweight Directory Access Protocol")
(description
"OpenLDAP is a free implementation of the Lightweight Directory Access Protocol.")
(license openldap2.8)
(home-page "http://www.openldap.org/")))
(define openldap/fixed
(package
(inherit openldap)
(source
(origin
(inherit (package-source openldap))
(patches (search-patches "openldap-CVE-2017-9287.patch"))))))
(define-public nss-pam-ldapd
(package
(name "nss-pam-ldapd")
(version "0.9.7")
(source (origin
(method url-fetch)
(uri (string-append "https://arthurdejong.org/nss-pam-ldapd/"
"nss-pam-ldapd-" version ".tar.gz"))
(sha256
(base32
"1sw36w6zkzvabvjckqick032j5p5xi0qi3sgnh0znzxz31jqvf0d"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags
(list (string-append "--with-pam-seclib-dir="
(assoc-ref %outputs "out") "/lib/security/")
;; nslcd cannot be convinced to look at run-time for its
;; configuration file at a location that differs from the
;; configured location.
"--with-ldap-conf-file=/etc/nslcd.conf")
#:phases
(modify-phases %standard-phases
;; This is necessary because we tell nslcd with configure flags that
;; it should look for its configuration file at /etc/nslcd.conf. The
;; build system tries to install a default configuration to that very
;; location.
(add-after 'unpack 'override-nslcd.conf-install-path
(lambda* (#:key outputs #:allow-other-keys)
(substitute* "Makefile.in"
(("\\$\\(DESTDIR\\)\\$\\(NSLCD_CONF_PATH\\)")
(string-append (assoc-ref outputs "out")
"/etc/nslcd.conf.example")))
#t)))))
(inputs
`(("linux-pam" ,linux-pam)
("openldap" ,openldap)
("mit-krb5" ,mit-krb5)
("python" ,python-2)))
(home-page "https://arthurdejong.org/nss-pam-ldapd")
(synopsis "NSS and PAM modules for LDAP")
(description "nss-pam-ldapd provides a @dfn{Name Service Switch} (NSS)
module that allows your LDAP server to provide user account, group, host name,
alias, netgroup, and basically any other information that you would normally
get from @file{/etc} flat files or NIS. It also provides a @dfn{Pluggable
Authentication Module} (PAM) to do identity and authentication management with
an LDAP server.")
(license lgpl2.1+)))