From 55d82b1c0a2a1f6bed3232b020a3d5c8eb3dcc162209ea4b336e23a9f25eb0f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Str=C3=B6der?= Date: Thu, 20 Dec 2018 11:37:17 +0000 Subject: [PATCH] Accepting request 660237 from home:stroeder:branches:network:ldap Update to upstream release 2.4.47 (successfully tested on Tumbleweed x86_84) OBS-URL: https://build.opensuse.org/request/show/660237 OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=236 --- 0006-No-Build-date-and-time-in-binaries.dif | 33 --- 0012-ITS8051-sockdnpat.patch | 128 ---------- ...DED-operation-message-from-back-sock.patch | 241 ------------------ openldap-2.4.46.tgz | 3 - openldap-2.4.47.tgz | 3 + openldap2.changes | 36 +++ openldap2.spec | 8 +- 7 files changed, 40 insertions(+), 412 deletions(-) delete mode 100644 0006-No-Build-date-and-time-in-binaries.dif delete mode 100644 0012-ITS8051-sockdnpat.patch delete mode 100644 0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch delete mode 100644 openldap-2.4.46.tgz create mode 100644 openldap-2.4.47.tgz diff --git a/0006-No-Build-date-and-time-in-binaries.dif b/0006-No-Build-date-and-time-in-binaries.dif deleted file mode 100644 index 6120a7e..0000000 --- a/0006-No-Build-date-and-time-in-binaries.dif +++ /dev/null @@ -1,33 +0,0 @@ -From a7a37111026ccb9fddfeedc22606b80d8d75557f Mon Sep 17 00:00:00 2001 -From: Cristian Rodriguez -Date: Tue, 5 Oct 2010 13:59:40 +0200 -Subject: No Build date and time in binaries - -This avoids build-compare failures and unhelpful rebuilds/republishes in -the openSUSE buildservice. - -diff --git a/build/mkversion b/build/mkversion -index 3fd9565..dd9a998 100755 ---- a/build/mkversion -+++ b/build/mkversion -@@ -50,7 +50,7 @@ if test $# != 1 ; then - fi - - APPLICATION=$1 --WHOWHERE="$USER@`uname -n`:`pwd`" -+WHOWHERE="opensuse-buildservice@opensuse.org" - - cat << __EOF__ - /* This work is part of OpenLDAP Software . -@@ -72,7 +72,7 @@ static const char copyright[] = - "COPYING RESTRICTIONS APPLY\n"; - - $static $const char $SYMBOL[] = --"@(#) \$$PACKAGE: $APPLICATION $VERSION (" __DATE__ " " __TIME__ ") \$\n" -+"@(#) \$$PACKAGE: $APPLICATION $VERSION \$\n" - "\t$WHOWHERE\n"; - - __EOF__ --- -1.7.10.4 - diff --git a/0012-ITS8051-sockdnpat.patch b/0012-ITS8051-sockdnpat.patch deleted file mode 100644 index 20d0df8..0000000 --- a/0012-ITS8051-sockdnpat.patch +++ /dev/null @@ -1,128 +0,0 @@ -From 328612d3370290c7f42ad835e1b0e3189eadef7b Mon Sep 17 00:00:00 2001 -From: Howard Chu -Date: Wed, 4 Feb 2015 03:53:13 +0000 -Subject: [PATCH] ITS#8051 add DN qualifier - ---- - doc/man/man5/slapd-sock.5 | 5 +++++ - servers/slapd/back-sock/back-sock.h | 2 ++ - servers/slapd/back-sock/config.c | 32 +++++++++++++++++++++++++++++--- - 3 files changed, 36 insertions(+), 3 deletions(-) - -diff --git a/doc/man/man5/slapd-sock.5 b/doc/man/man5/slapd-sock.5 -index ee8cc919f..1ac4f7fdd 100644 ---- a/doc/man/man5/slapd-sock.5 -+++ b/doc/man/man5/slapd-sock.5 -@@ -58,6 +58,11 @@ Specify which response types to send to the external program. "result" - sends just the results of an operation. "search" sends all entries that - the database returned for a search request. The default is empty - (no responses are sent). -+.TP -+.B sockdnpat -+Specify DN patterns for which the overlay will act. Only operations on -+DNs matching the specified regular expression will be processed. The default -+is empty (all DNs are processed). - - .SH PROTOCOL - The protocol is essentially the same as -diff --git a/servers/slapd/back-sock/back-sock.h b/servers/slapd/back-sock/back-sock.h -index 15495a6bc..7a083a8df 100644 ---- a/servers/slapd/back-sock/back-sock.h -+++ b/servers/slapd/back-sock/back-sock.h -@@ -30,6 +30,8 @@ struct sockinfo { - slap_mask_t si_extensions; - slap_mask_t si_ops; /* overlay: operations to act on */ - slap_mask_t si_resps; /* overlay: responses to forward */ -+ regex_t si_dnpat; /* overlay: DN pattern to match */ -+ struct berval si_dnpatstr; - }; - - #define SOCK_EXT_BINDDN 1 -diff --git a/servers/slapd/back-sock/config.c b/servers/slapd/back-sock/config.c -index d8ff95ceb..dc3f1365c 100644 ---- a/servers/slapd/back-sock/config.c -+++ b/servers/slapd/back-sock/config.c -@@ -36,11 +36,12 @@ static slap_response sock_over_response; - enum { - BS_EXT = 1, - BS_OPS, -- BS_RESP -+ BS_RESP, -+ BS_DNPAT - }; - - /* The number of overlay-only config attrs */ --#define NUM_OV_ATTRS 2 -+#define NUM_OV_ATTRS 3 - - static ConfigTable bscfg[] = { - { "sockops", "ops", 2, 0, 0, ARG_MAGIC|BS_OPS, -@@ -53,6 +54,11 @@ static ConfigTable bscfg[] = { - "DESC 'Response types to forward' " - "EQUALITY caseIgnoreMatch " - "SYNTAX OMsDirectoryString )", NULL, NULL }, -+ { "sockdnpat", "regexp", 2, 2, 0, ARG_MAGIC|BS_DNPAT, -+ bs_cf_gen, "( OLcfgDbAt:7.5 NAME 'olcOvSocketDNpat' " -+ "DESC 'DN pattern to match' " -+ "EQUALITY caseIgnoreMatch " -+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL }, - - { "socketpath", "pathname", 2, 2, 0, ARG_STRING|ARG_OFFSET, - (void *)offsetof(struct sockinfo, si_sockpath), -@@ -86,7 +92,8 @@ static ConfigOCs osocs[] = { - "SUP olcOverlayConfig " - "MUST olcDbSocketPath " - "MAY ( olcDbSocketExtensions $ " -- " olcOvSocketOps $ olcOvSocketResps ) )", -+ " olcOvSocketOps $ olcOvSocketResps $ " -+ " olcOvSocketDNpat ) )", - Cft_Overlay, bscfg }, - { NULL, 0, NULL } - }; -@@ -150,6 +157,9 @@ bs_cf_gen( ConfigArgs *c ) - return mask_to_verbs( ov_ops, si->si_ops, &c->rvalue_vals ); - case BS_RESP: - return mask_to_verbs( ov_resps, si->si_resps, &c->rvalue_vals ); -+ case BS_DNPAT: -+ value_add_one( &c->rvalue_vals, &si->si_dnpatstr ); -+ return 0; - } - } else if ( c->op == LDAP_MOD_DELETE ) { - switch( c->type ) { -@@ -186,6 +196,11 @@ bs_cf_gen( ConfigArgs *c ) - si->si_resps ^= dels; - } - return rc; -+ case BS_DNPAT: -+ regfree( &si->si_dnpat ); -+ ch_free( si->si_dnpatstr.bv_val ); -+ BER_BVZERO( &si->si_dnpatstr ); -+ return 0; - } - - } else { -@@ -196,6 +211,13 @@ bs_cf_gen( ConfigArgs *c ) - return verbs_to_mask( c->argc, c->argv, ov_ops, &si->si_ops ); - case BS_RESP: - return verbs_to_mask( c->argc, c->argv, ov_resps, &si->si_resps ); -+ case BS_DNPAT: -+ if ( !regcomp( &si->si_dnpat, c->argv[1], REG_EXTENDED|REG_ICASE|REG_NOSUB )) { -+ ber_str2bv( c->argv[1], 0, 1, &si->si_dnpatstr ); -+ return 0; -+ } else { -+ return 1; -+ } - } - } - return 1; -@@ -268,6 +290,10 @@ static int sock_over_op( - if ( !(si->si_ops & sockopflags[which])) - return SLAP_CB_CONTINUE; - -+ if ( !BER_BVISEMPTY( &si->si_dnpatstr ) && -+ regexec( &si->si_dnpat, op->o_req_ndn.bv_val, 0, NULL, 0 )) -+ return SLAP_CB_CONTINUE; -+ - op->o_bd->be_private = si; - sc = op->o_callback; - op->o_callback = NULL; diff --git a/0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch b/0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch deleted file mode 100644 index ceea7ad..0000000 --- a/0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch +++ /dev/null @@ -1,241 +0,0 @@ -diff --git a/doc/man/man5/slapd-sock.5 b/doc/man/man5/slapd-sock.5 -index 1ac4f7fdd..903155fa4 100644 ---- a/doc/man/man5/slapd-sock.5 -+++ b/doc/man/man5/slapd-sock.5 -@@ -49,7 +49,7 @@ be sent and from which replies are received. - - When used as an overlay, these additional directives are defined: - .TP --.B sockops [ bind | unbind | search | compare | modify | modrdn | add | delete ]* -+.B sockops [ bind | unbind | search | compare | modify | modrdn | add | delete | extended ]* - Specify which request types to send to the external program. The default is - empty (no requests are sent). - .TP -@@ -115,6 +115,17 @@ dn: - .PP - .RS - .nf -+EXTENDED -+msgid: -+ }> -+oid: -+value: -+ -+.fi -+.RE -+.PP -+.RS -+.nf - MODIFY - msgid: - }> -@@ -213,6 +224,11 @@ msgid: - .fi - .RE - -+.SH KNOWN LIMITATIONS -+The -+.B sock -+backend does not process extended operation results from an external program. -+ - .SH ACCESS CONTROL - The - .B sock -@@ -292,6 +308,11 @@ access to the - pseudo_attribute of the searchBase; - .B search (=s) - access to the attributes and values used in the filter is not checked. -+.LP -+The -+.B extended -+operation does not require any access special rights. -+The external program has to implement any sort of access control. - - .SH EXAMPLE - There is an example script in the slapd/back\-sock/ directory -diff --git a/servers/slapd/back-sock/Makefile.in b/servers/slapd/back-sock/Makefile.in -index 3e527e545..efb916246 100644 ---- a/servers/slapd/back-sock/Makefile.in -+++ b/servers/slapd/back-sock/Makefile.in -@@ -18,9 +18,9 @@ - ## in OpenLDAP Software. - - SRCS = init.c config.c opensock.c search.c bind.c unbind.c add.c \ -- delete.c modify.c modrdn.c compare.c result.c -+ delete.c modify.c modrdn.c compare.c result.c extended.c - OBJS = init.lo config.lo opensock.lo search.lo bind.lo unbind.lo add.lo \ -- delete.lo modify.lo modrdn.lo compare.lo result.lo -+ delete.lo modify.lo modrdn.lo compare.lo result.lo extended.lo - - LDAP_INCDIR= ../../../include - LDAP_LIBDIR= ../../../libraries -diff --git a/servers/slapd/back-sock/config.c b/servers/slapd/back-sock/config.c -index dc3f1365c..2dcf68bf6 100644 ---- a/servers/slapd/back-sock/config.c -+++ b/servers/slapd/back-sock/config.c -@@ -106,6 +106,7 @@ static ConfigOCs osocs[] = { - #define SOCK_OP_MODRDN 0x020 - #define SOCK_OP_ADD 0x040 - #define SOCK_OP_DELETE 0x080 -+#define SOCK_OP_EXTENDED 0x100 - - #define SOCK_REP_RESULT 0x001 - #define SOCK_REP_SEARCH 0x002 -@@ -127,6 +128,7 @@ static slap_verbmasks ov_ops[] = { - { BER_BVC("modrdn"), SOCK_OP_MODRDN }, - { BER_BVC("add"), SOCK_OP_ADD }, - { BER_BVC("delete"), SOCK_OP_DELETE }, -+ { BER_BVC("extended"), SOCK_OP_EXTENDED }, - { BER_BVNULL, 0 } - }; - -@@ -249,7 +251,9 @@ static BI_op_bind *sockfuncs[] = { - sock_back_modify, - sock_back_modrdn, - sock_back_add, -- sock_back_delete -+ sock_back_delete, -+ 0, /* abandon not supported */ -+ sock_back_extended - }; - - static const int sockopflags[] = { -@@ -260,7 +264,9 @@ static const int sockopflags[] = { - SOCK_OP_MODIFY, - SOCK_OP_MODRDN, - SOCK_OP_ADD, -- SOCK_OP_DELETE -+ SOCK_OP_DELETE, -+ 0, /* abandon not supported */ -+ SOCK_OP_EXTENDED - }; - - static int sock_over_op( -@@ -283,6 +289,7 @@ static int sock_over_op( - case LDAP_REQ_MODRDN: which = op_modrdn; break; - case LDAP_REQ_ADD: which = op_add; break; - case LDAP_REQ_DELETE: which = op_delete; break; -+ case LDAP_REQ_EXTENDED: which = op_extended; break; - default: - return SLAP_CB_CONTINUE; - } -@@ -365,6 +372,7 @@ sock_over_setup() - sockover.on_bi.bi_op_modrdn = sock_over_op; - sockover.on_bi.bi_op_add = sock_over_op; - sockover.on_bi.bi_op_delete = sock_over_op; -+ sockover.on_bi.bi_extended = sock_over_op; - sockover.on_response = sock_over_response; - - sockover.on_bi.bi_cf_ocs = osocs; -diff --git a/servers/slapd/back-sock/extended.c b/servers/slapd/back-sock/extended.c -new file mode 100644 -index 000000000..dfe56b32b ---- /dev/null -+++ b/servers/slapd/back-sock/extended.c -@@ -0,0 +1,80 @@ -+/* extended.c - sock backend extended routines */ -+/* $OpenLDAP$ */ -+/* This work is part of OpenLDAP Software . -+ * -+ * Copyright 2000-2017 The OpenLDAP Foundation. -+ * All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted only as authorized by the OpenLDAP -+ * Public License. -+ * -+ * A copy of this license is available in the file LICENSE in the -+ * top-level directory of the distribution or, alternatively, at -+ * . -+ */ -+ -+#include "portable.h" -+ -+#include -+#include -+ -+#include "slap.h" -+#include "back-sock.h" -+ -+#include "lutil.h" -+ -+int -+sock_back_extended( Operation *op, SlapReply *rs ) -+{ -+ int rc; -+ struct sockinfo *si = (struct sockinfo *) op->o_bd->be_private; -+ FILE *fp; -+ struct berval b64; -+ -+ Debug( LDAP_DEBUG_ARGS, "==> sock_back_extended(%s)\n", -+ op->ore_reqoid.bv_val, op->o_req_dn.bv_val, 0 ); -+ -+ if ( (fp = opensock( si->si_sockpath )) == NULL ) { -+ send_ldap_error( op, rs, LDAP_OTHER, -+ "could not open socket" ); -+ return( -1 ); -+ } -+ -+ /* write out the request to the extended process */ -+ fprintf( fp, "EXTENDED\n" ); -+ fprintf( fp, "msgid: %ld\n", (long) op->o_msgid ); -+ sock_print_conn( fp, op->o_conn, si ); -+ sock_print_suffixes( fp, op->o_bd ); -+ fprintf( fp, "oid: %s\n", op->ore_reqoid.bv_val ); -+ -+ if (op->ore_reqdata) { -+ -+ b64.bv_len = LUTIL_BASE64_ENCODE_LEN( op->ore_reqdata->bv_len ) + 1; -+ b64.bv_val = ber_memalloc( b64.bv_len + 1 ); -+ -+ if( b64.bv_val == NULL ) { -+ return LUTIL_PASSWD_ERR; -+ } -+ -+ rc = lutil_b64_ntop( -+ (unsigned char *) op->ore_reqdata->bv_val, op->ore_reqdata->bv_len, -+ b64.bv_val, b64.bv_len ); -+ -+ b64.bv_len = rc; -+ assert( strlen(b64.bv_val) == b64.bv_len ); -+ -+ fprintf( fp, "value: %s\n", b64.bv_val ); -+ -+ ber_memfree( b64.bv_val ); -+ -+ } -+ -+ fprintf( fp, "\n" ); -+ -+ /* read in the results and send them along */ -+ rc = sock_read_and_send_results( op, rs, fp ); -+ fclose( fp ); -+ -+ return( rc ); -+} -diff --git a/servers/slapd/back-sock/init.c b/servers/slapd/back-sock/init.c -index dcfe61a44..92e68782f 100644 ---- a/servers/slapd/back-sock/init.c -+++ b/servers/slapd/back-sock/init.c -@@ -53,7 +53,7 @@ sock_back_initialize( - bi->bi_op_delete = sock_back_delete; - bi->bi_op_abandon = 0; - -- bi->bi_extended = 0; -+ bi->bi_extended = sock_back_extended; - - bi->bi_chk_referrals = 0; - -diff --git a/servers/slapd/back-sock/proto-sock.h b/servers/slapd/back-sock/proto-sock.h -index fa02ab896..8b3b5f3ef 100644 ---- a/servers/slapd/back-sock/proto-sock.h -+++ b/servers/slapd/back-sock/proto-sock.h -@@ -40,6 +40,8 @@ extern BI_op_modrdn sock_back_modrdn; - extern BI_op_add sock_back_add; - extern BI_op_delete sock_back_delete; - -+extern BI_op_extended sock_back_extended; -+ - extern int sock_back_init_cf( BackendInfo *bi ); - - LDAP_END_DECL diff --git a/openldap-2.4.46.tgz b/openldap-2.4.46.tgz deleted file mode 100644 index 981f5c5..0000000 --- a/openldap-2.4.46.tgz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:9a90dcb86b99ae790ccab93b7585a31fbcbeec8c94bf0f7ab0ca0a87ea0c4b2d -size 5700204 diff --git a/openldap-2.4.47.tgz b/openldap-2.4.47.tgz new file mode 100644 index 0000000..e5946a3 --- /dev/null +++ b/openldap-2.4.47.tgz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f54c5877865233d9ada77c60c0f69b3e0bfd8b1b55889504c650047cc305520b +size 5699678 diff --git a/openldap2.changes b/openldap2.changes index 4957964..afe8c58 100644 --- a/openldap2.changes +++ b/openldap2.changes @@ -1,3 +1,39 @@ +------------------------------------------------------------------- +Thu Dec 20 09:35:55 UTC 2018 - Michael Ströder + +- Update to upstream release 2.4.47 +- Removed obsolete patches: + * 0006-No-Build-date-and-time-in-binaries.dif + (upstream now uses SOURCE_DATE_EPOCH for reproducable builds) + * 0012-ITS8051-sockdnpat.patch + * 0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch + +OpenLDAP 2.4.47 Release (2018/12/19) + Added slapd-sock DN qualifier for subtrees to be processed (ITS#8051) + Added slapd-sock ability to send extended operations to external listeners (ITS#8714) + Fixed liblber to avoid incremental access to user-supplied bv in dupbv (ITS#8752) + Fixed libldap dn to domain parsing with bad input (ITS#8842) + Fixed slapd slapcat to correctly honor -g option (ITS#8667) + Fixed slapd to correctly handle NO_SUCH_OBJECT with dynamic groups (ITS#8923) + Fixed slapd to check status of rdnNormalize (ITS#8932) + Fixed slapd cn=config when modifying slapo-syncprov config (ITS#8616) + Fixed slapd sasl authz-policy "all" behavior (ITS#8909) + Fixed slapd sasl minor typo (ITS#8918) + Fixed slapd to correctly hide hidden DBs in the rootDSE (ITS#8912) + Fixed slapd domainScope control to match Microsoft specification (ITS#8840) + Fixed slapd-bdb/hdb/mdb to not convert certain IDLs to ranges (ITS#8868) + Fixed slapo-accesslog deadlock during cleanup (ITS#8752) + Fixed slapo-memberof cn=config modifications (ITS#8663) + Fixed slapo-ppolicy with multimaster replication (ITS#8927) + Fixed slapo-syncprov with NULL modlist (ITS#8843) + Build Environment + Added slapd reproducible build support (ITS#8928) + Fixed missing includes with OpenSSL 1.0.2 (ITS#8809) + Contrib + Fixed slapo-pbkdf2 hash generation (ITS#8878) + Documentation + admin24 fixed minor typo (ITS#8887) + ------------------------------------------------------------------- Thu Nov 22 16:03:22 UTC 2018 - Jan Engelhardt diff --git a/openldap2.spec b/openldap2.spec index 40652c6..27713d6 100644 --- a/openldap2.spec +++ b/openldap2.spec @@ -22,7 +22,7 @@ %endif %define run_test_suite 0 -%define version_main 2.4.46 +%define version_main 2.4.47 %if %{suse_version} >= 1310 && %{suse_version} != 1315 %define _rundir /run/slapd @@ -60,13 +60,10 @@ Source18: openldap2.conf Patch1: 0001-ITS-8866-slapo-unique-to-return-filter-used-in-diagn.patch Patch3: 0003-LDAPI-socket-location.dif Patch5: 0005-pie-compile.dif -Patch6: 0006-No-Build-date-and-time-in-binaries.dif Patch7: 0007-Recover-on-DB-version-change.dif Patch8: 0008-In-monitor-backend-do-not-return-Connection0-entries.patch Patch9: 0009-Fix-ldap-host-lookup-ipv6.patch Patch11: 0011-openldap-re24-its7796.patch -Patch12: 0012-ITS8051-sockdnpat.patch -Patch14: 0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch Patch15: openldap-r-only.dif Patch16: 0016-Clear-shared-key-only-in-close-function.patch Patch17: 0017-Fix-segfault-in-nops.patch @@ -260,13 +257,10 @@ gzip -k %{S:203} %patch1 -p1 %patch3 -p1 %patch5 -p1 -%patch6 -p1 %patch7 -p1 %patch8 -p1 %patch9 -p1 %patch11 -p1 -%patch12 -p1 -%patch14 -p1 %patch15 -p1 %patch16 -p1 %patch17 -p1