SHA256
1
0
forked from jengelh/openldap2

Accepting request 800820 from home:stroeder:branches:network:ldap

- updated to 2.4.50
- added 0014-ITS-8650-fix-debug-usage.patch
- enabled new contrib overlay pw-argon2
- replaced FTP by HTTPS download URL for source
- removed 0009-Fix-ldap-host-lookup-ipv6.patch (see bsc#1171127)

OBS-URL: https://build.opensuse.org/request/show/800820
OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=258
This commit is contained in:
William Brown 2020-05-07 03:10:47 +00:00 committed by Git OBS Bridge
parent 447aef3759
commit 7341d09271
6 changed files with 77 additions and 84 deletions

View File

@ -1,73 +0,0 @@
The patch was written by Christian Kornacker on 2014-01-08 to fix an issue with unresponsive
LDAP host lookups in IPv6 environment.
---
libraries/libldap/util-int.c | 39 +++++++++++++++++++++++++++++++++++++--
1 file changed, 37 insertions(+), 2 deletions(-)
Index: openldap-2.4.41/libraries/libldap/util-int.c
===================================================================
--- openldap-2.4.41.orig/libraries/libldap/util-int.c
+++ openldap-2.4.41/libraries/libldap/util-int.c
@@ -731,10 +731,16 @@ static char *safe_realloc( char **buf, i
char * ldap_pvt_get_fqdn( char *name )
{
- char *fqdn, *ha_buf;
+ int rc;
+ char *fqdn;
char hostbuf[MAXHOSTNAMELEN+1];
+#ifdef HAVE_GETADDRINFO
+ struct addrinfo hints, *res;
+#else
+ char *ha_buf;
struct hostent *hp, he_buf;
- int rc, local_h_errno;
+ int local_h_errno;
+#endif
if( name == NULL ) {
if( gethostname( hostbuf, MAXHOSTNAMELEN ) == 0 ) {
@@ -745,6 +751,33 @@ char * ldap_pvt_get_fqdn( char *name )
}
}
+#ifdef HAVE_GETADDRINFO
+ memset( &hints, '\0', sizeof( hints ) );
+ hints.ai_family = AF_UNSPEC;
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_flags |= AI_CANONNAME;
+
+ /* most getaddrinfo(3) use non-threadsafe resolver libraries */
+ LDAP_MUTEX_LOCK(&ldap_int_resolv_mutex);
+
+ rc = getaddrinfo( name, NULL, &hints, &res );
+
+ LDAP_MUTEX_UNLOCK(&ldap_int_resolv_mutex);
+
+ if ( rc != 0 ) {
+ fqdn = LDAP_STRDUP( name );
+ } else {
+ while ( res ) {
+ if ( res->ai_canonname ) {
+ fqdn = LDAP_STRDUP ( res->ai_canonname );
+ break;
+ }
+ res = res->ai_next;
+ }
+ freeaddrinfo( res );
+ }
+#else
+
rc = ldap_pvt_gethostbyname_a( name,
&he_buf, &ha_buf, &hp, &local_h_errno );
@@ -755,6 +788,8 @@ char * ldap_pvt_get_fqdn( char *name )
}
LDAP_FREE( ha_buf );
+#endif
+
return fqdn;
}

View File

@ -0,0 +1,30 @@
From 85fc8974f5c32a9a052baafaa9499c8484e043c2 Mon Sep 17 00:00:00 2001
From: Quanah Gibson-Mount <quanah@openldap.org>
Date: Tue, 28 Apr 2020 20:49:53 +0000
Subject: ITS#8650 - Fix Debug usage to follow RE24 format
diff --git a/libraries/libldap/tls2.c b/libraries/libldap/tls2.c
index c1f15cbc1..ebe5bf125 100644
--- a/libraries/libldap/tls2.c
+++ b/libraries/libldap/tls2.c
@@ -907,8 +907,8 @@ ldap_int_tls_start ( LDAP *ld, LDAPConn *conn, LDAPURLDesc *srv )
} else if ( sb->sb_trans_needs_write ) {
wr=1;
}
- Debug1( LDAP_DEBUG_TRACE, "ldap_int_tls_start: ldap_int_tls_connect needs %s\n",
- wr ? "write": "read" );
+ Debug( LDAP_DEBUG_TRACE, "ldap_int_tls_start: ldap_int_tls_connect needs %s\n",
+ wr ? "write": "read", 0, 0 );
/* This is mostly copied from result.c:wait4msg(), should
* probably be moved into a separate function */
@@ -946,7 +946,7 @@ ldap_int_tls_start ( LDAP *ld, LDAPConn *conn, LDAPURLDesc *srv )
start_time_tv.tv_sec = curr_time_tv.tv_sec;
start_time_tv.tv_usec = curr_time_tv.tv_usec;
tv = tv0;
- Debug3( LDAP_DEBUG_TRACE, "ldap_int_tls_start: ld %p %ld s %ld us to go\n",
+ Debug( LDAP_DEBUG_TRACE, "ldap_int_tls_start: ld %p %ld s %ld us to go\n",
(void *)ld, (long) tv.tv_sec, (long) tv.tv_usec );
ret = ldap_int_poll( ld, sd, &tv, wr);
if ( ret < 0 ) {

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e3b117944b4180f23befe87d0dcf47f29de775befbc469dcf4ac3dab3311e56e
size 5704723

3
openldap-2.4.50.tgz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:5cb57d958bf5c55a678c6a0f06821e0e5504d5a92e6a33240841fbca1db586b8
size 5712635

View File

@ -1,3 +1,35 @@
-------------------------------------------------------------------
Wed May 6 17:59:58 UTC 2020 - Michael Ströder <michael@stroeder.com>
- updated to 2.4.50
- added 0014-ITS-8650-fix-debug-usage.patch
- enabled new contrib overlay pw-argon2
- replaced FTP by HTTPS download URL for source
- removed 0009-Fix-ldap-host-lookup-ipv6.patch (see bsc#1171127)
OpenLDAP 2.4.50 Release (2020/04/28)
Fixed client benign typos (ITS#8890)
Fixed libldap type cast (ITS#9175)
Fixed libldap retry loop in ldap_int_tls_connect (ITS#8650)
Fixed libldap_r race on Windows mutex initialization (ITS#9181)
Fixed liblunicode memory leak (ITS#9198)
Fixed slapd benign typos (ITS#8890)
Fixed slapd to limit depth of nested filters (ITS#9202)
Fixed slapd-mdb memory leak in dnSuperiorMatch (ITS#9214)
Fixed slapo-pcache database initialization (ITS#9182)
Fixed slapo-ppolicy callback (ITS#9171)
Build
Fix olcDatabaseDummy initialization for windows (ITS#7074)
Fix detection for ws2tcpip.h for windows (ITS#8383)
Fix back-mdb types for windows (ITS#7878)
Contrib
Update ldapc++ config.guess and config.sub to support newer architectures (ITS#7855)
Added pw-argon2 module (ITS#9233, ITS#8575, ITS#9203, ITS#9206)
Documentation
slapd-ldap(5) - Clarify idassert-authzfrom behavior (ITS#9003)
slapd-meta(5) - Remove client-pr option (ITS#8683)
slapdinex(8) - Fix truncate option information for back-mdb (ITS#9230)
-------------------------------------------------------------------
Thu Jan 30 20:57:33 UTC 2020 - Michael Ströder <michael@stroeder.com>

View File

@ -22,7 +22,7 @@
%endif
%define run_test_suite 0
%define version_main 2.4.49
%define version_main 2.4.50
%if %{suse_version} >= 1310 && %{suse_version} != 1315
%define _rundir /run/slapd
@ -40,8 +40,8 @@ License: OLDAP-2.8
Group: Productivity/Networking/LDAP/Servers
Version: %{version_main}
Release: 0
Url: http://www.openldap.org
Source: ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-%{version_main}.tgz
Url: https://www.openldap.org
Source: https://www.openldap.org/software/download/OpenLDAP/openldap-release/openldap-%{version_main}.tgz
Source1: slapd.conf
Source2: slapd.conf.olctemplate
Source3: DB_CONFIG
@ -61,8 +61,8 @@ Patch3: 0003-LDAPI-socket-location.dif
Patch5: 0005-pie-compile.dif
Patch7: 0007-Recover-on-DB-version-change.dif
Patch8: 0008-In-monitor-backend-do-not-return-Connection0-entries.patch
Patch9: 0009-Fix-ldap-host-lookup-ipv6.patch
Patch11: 0011-openldap-re24-its7796.patch
Patch14: 0014-ITS-8650-fix-debug-usage.patch
Patch15: openldap-r-only.dif
Patch16: 0016-Clear-shared-key-only-in-close-function.patch
Source200: %{name_ppolicy_check_module}-%{version_ppolicy_check_module}.tar.gz
@ -76,6 +76,7 @@ BuildRequires: cyrus-sasl-devel
BuildRequires: db-devel
BuildRequires: groff
BuildRequires: libopenssl-devel
BuildRequires: libsodium-devel
BuildRequires: libtool
BuildRequires: openslp-devel
BuildRequires: unixODBC-devel
@ -166,6 +167,7 @@ cloak
denyop
lastbind writes last bind timestamp to entry
noopsrch handles no-op search control
pw-argon2 generates/validates Argon2 password hashes
pw-sha2 generates/validates SHA-2 password hashes
pw-pbkdf2 generates/validates PBKDF2 password hashes
smbk5pwd generates Samba3 password hashes (heimdal krb disabled)
@ -256,8 +258,8 @@ gzip -k %{S:203}
%patch5 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch11 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
cp %{SOURCE5} .
@ -307,7 +309,7 @@ export STRIP=""
make depend
make %{?_smp_mflags}
# Build selected contrib overlays
for SLAPO_NAME in addpartial allowed allop autogroup lastbind denyop cloak noopsrch passwd/sha2 passwd/pbkdf2 trace
for SLAPO_NAME in addpartial allowed allop autogroup lastbind denyop cloak noopsrch passwd/argon2 passwd/sha2 passwd/pbkdf2 trace
do
make -C contrib/slapd-modules/${SLAPO_NAME} %{?_smp_mflags} "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}"
done
@ -351,9 +353,9 @@ make STRIP="" DESTDIR="%{buildroot}" "sysconfdir=%{_sysconfdir}/openldap" "libdi
# Additional symbolic link to slapd executable in /usr/sbin/
ln -s %{_libdir}/slapd %{buildroot}/usr/sbin/slapd
# Install selected contrib overlays
for SLAPO_NAME in addpartial allowed allop autogroup lastbind denyop cloak noopsrch passwd/sha2 passwd/pbkdf2 trace
for SLAPO_NAME in addpartial allowed allop autogroup lastbind denyop cloak noopsrch passwd/argon2 passwd/sha2 passwd/pbkdf2 trace
do
make -C contrib/slapd-modules/${SLAPO_NAME} STRIP="" DESTDIR="%{buildroot}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install
make -C contrib/slapd-modules/${SLAPO_NAME} STRIP="" DESTDIR="%{buildroot}" "mandir=%{_mandir}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install
done
# slapo-smbk5pwd only for Samba password hashes
make -C contrib/slapd-modules/smbk5pwd STRIP="" DESTDIR="%{buildroot}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install
@ -581,12 +583,14 @@ fi
%{_libdir}/openldap/autogroup.*
%{_libdir}/openldap/lastbind.*
%{_libdir}/openldap/noopsrch.*
%{_libdir}/openldap/pw-argon2.*
%{_libdir}/openldap/pw-sha2.*
%{_libdir}/openldap/pw-pbkdf2.*
%{_libdir}/openldap/denyop.*
%{_libdir}/openldap/cloak.*
%{_libdir}/openldap/smbk5pwd.*
%{_libdir}/openldap/trace.*
%doc %{_mandir}/man5/slapd-pw-argon2.*
%files client
%defattr(-,root,root)