From 307abd9eae0d02de7a517a309145d0d9f162706f Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Sun, 1 Nov 2020 16:53:23 +0100
Subject: [PATCH] openldap: add patch to fix unauthenticated nullptr
 dereference in slapd

This vulnerability does not have a CVE yet.

https://security-tracker.debian.org/tracker/TEMP-0000000-DD4835
https://bugs.openldap.org/show_bug.cgi?id=9370
---
 pkgs/development/libraries/openldap/default.nix | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/pkgs/development/libraries/openldap/default.nix b/pkgs/development/libraries/openldap/default.nix
index 7f9c2dbf3ee..1304799f56c 100644
--- a/pkgs/development/libraries/openldap/default.nix
+++ b/pkgs/development/libraries/openldap/default.nix
@@ -8,6 +8,16 @@ stdenv.mkDerivation rec {
     sha256 = "0qmy2jkk6v9iqwrsdsn8s7lwzaplr01a2mgf21r6nl66lig7g47l";
   };
 
+  patches = [
+    (fetchurl {
+      # Fix a null-ptr dereference for unauthenticated packet in slapd
+      # NO CVE yet
+      # https://bugs.openldap.org/show_bug.cgi?id=9370
+      url = "https://git.openldap.org/openldap/openldap/-/commit/4c774220a752bf8e3284984890dc0931fe73165d.patch";
+      sha256 = "1vkbb6szscnhch5zzf6iq104l3dkwd50rih8jk9y0s2vgyz76mil";
+    })
+  ];
+
   # TODO: separate "out" and "bin"
   outputs = [ "out" "dev" "man" "devdoc" ];