Accepting request 800820 from home:stroeder:branches:network:ldap

- updated to 2.4.50
- added 0014-ITS-8650-fix-debug-usage.patch
- enabled new contrib overlay pw-argon2
- replaced FTP by HTTPS download URL for source
- removed 0009-Fix-ldap-host-lookup-ipv6.patch (see bsc#1171127)

OBS-URL: https://build.opensuse.org/request/show/800820
OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=258

0009-Fix-ldap-host-lookup-ipv6.patch

@@ -1,73 +0,0 @@
-The patch was written by Christian Kornacker on 2014-01-08 to fix an issue with unresponsive
-LDAP host lookups in IPv6 environment.
-
----
- libraries/libldap/util-int.c |   39 +++++++++++++++++++++++++++++++++++++--
- 1 file changed, 37 insertions(+), 2 deletions(-)
-
-Index: openldap-2.4.41/libraries/libldap/util-int.c
-===================================================================
---- openldap-2.4.41.orig/libraries/libldap/util-int.c
-+++ openldap-2.4.41/libraries/libldap/util-int.c
-@@ -731,10 +731,16 @@ static char *safe_realloc( char **buf, i
- 
- char * ldap_pvt_get_fqdn( char *name )
- {
--	char *fqdn, *ha_buf;
-+	int rc;
-+	char *fqdn;
- 	char hostbuf[MAXHOSTNAMELEN+1];
-+#ifdef HAVE_GETADDRINFO
-+	struct addrinfo hints, *res;
-+#else
-+	char *ha_buf;
- 	struct hostent *hp, he_buf;
--	int rc, local_h_errno;
-+	int local_h_errno;
-+#endif
- 
- 	if( name == NULL ) {
- 		if( gethostname( hostbuf, MAXHOSTNAMELEN ) == 0 ) {
-@@ -745,6 +751,33 @@ char * ldap_pvt_get_fqdn( char *name )
- 		}
- 	}
- 
-+#ifdef HAVE_GETADDRINFO
-+	memset( &hints, '\0', sizeof( hints ) );
-+	hints.ai_family = AF_UNSPEC;
-+	hints.ai_socktype = SOCK_STREAM;
-+	hints.ai_flags |= AI_CANONNAME;
-+
-+	/* most getaddrinfo(3) use non-threadsafe resolver libraries */
-+	LDAP_MUTEX_LOCK(&ldap_int_resolv_mutex);
-+
-+	rc = getaddrinfo( name, NULL, &hints, &res );
-+
-+	LDAP_MUTEX_UNLOCK(&ldap_int_resolv_mutex);
-+
-+	if ( rc != 0 ) {
-+		fqdn = LDAP_STRDUP( name );
-+	} else {
-+		while ( res ) {
-+			if ( res->ai_canonname ) {
-+				fqdn = LDAP_STRDUP ( res->ai_canonname );
-+				break;
-+			}
-+			res = res->ai_next;
-+		}
-+		freeaddrinfo( res );
-+	}
-+#else
-+
- 	rc = ldap_pvt_gethostbyname_a( name,
- 		&he_buf, &ha_buf, &hp, &local_h_errno );
- 
-@@ -755,6 +788,8 @@ char * ldap_pvt_get_fqdn( char *name )
- 	}
- 
- 	LDAP_FREE( ha_buf );
-+#endif
-+
- 	return fqdn;
- }
- 

0014-ITS-8650-fix-debug-usage.patch

@@ -0,0 +1,30 @@
+From 85fc8974f5c32a9a052baafaa9499c8484e043c2 Mon Sep 17 00:00:00 2001
+From: Quanah Gibson-Mount <quanah@openldap.org>
+Date: Tue, 28 Apr 2020 20:49:53 +0000
+Subject: ITS#8650 - Fix Debug usage to follow RE24 format
+
+
+diff --git a/libraries/libldap/tls2.c b/libraries/libldap/tls2.c
+index c1f15cbc1..ebe5bf125 100644
+--- a/libraries/libldap/tls2.c
++++ b/libraries/libldap/tls2.c
+@@ -907,8 +907,8 @@ ldap_int_tls_start ( LDAP *ld, LDAPConn *conn, LDAPURLDesc *srv )
+ 			} else if ( sb->sb_trans_needs_write ) {
+ 				wr=1;
+ 			}
+-			Debug1( LDAP_DEBUG_TRACE, "ldap_int_tls_start: ldap_int_tls_connect needs %s\n",
+-					wr ? "write": "read" );
++			Debug( LDAP_DEBUG_TRACE, "ldap_int_tls_start: ldap_int_tls_connect needs %s\n",
++					wr ? "write": "read", 0, 0 );
+ 
+ 			/* This is mostly copied from result.c:wait4msg(), should
+ 			 * probably be moved into a separate function */
+@@ -946,7 +946,7 @@ ldap_int_tls_start ( LDAP *ld, LDAPConn *conn, LDAPURLDesc *srv )
+ 			start_time_tv.tv_sec = curr_time_tv.tv_sec;
+ 			start_time_tv.tv_usec = curr_time_tv.tv_usec;
+ 			tv = tv0;
+-			Debug3( LDAP_DEBUG_TRACE, "ldap_int_tls_start: ld %p %ld s %ld us to go\n",
++			Debug( LDAP_DEBUG_TRACE, "ldap_int_tls_start: ld %p %ld s %ld us to go\n",
+ 				(void *)ld, (long) tv.tv_sec, (long) tv.tv_usec );
+ 			ret = ldap_int_poll( ld, sd, &tv, wr);
+ 			if ( ret < 0 ) {

openldap-2.4.49.tgz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e3b117944b4180f23befe87d0dcf47f29de775befbc469dcf4ac3dab3311e56e
-size 5704723

openldap-2.4.50.tgz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5cb57d958bf5c55a678c6a0f06821e0e5504d5a92e6a33240841fbca1db586b8
+size 5712635

openldap2.changes

@@ -1,3 +1,35 @@
+-------------------------------------------------------------------
+Wed May  6 17:59:58 UTC 2020 - Michael Ströder <michael@stroeder.com>
+
+- updated to 2.4.50
+- added 0014-ITS-8650-fix-debug-usage.patch
+- enabled new contrib overlay pw-argon2
+- replaced FTP by HTTPS download URL for source
+- removed 0009-Fix-ldap-host-lookup-ipv6.patch (see bsc#1171127)
+
+OpenLDAP 2.4.50 Release (2020/04/28)
+  Fixed client benign typos (ITS#8890)
+  Fixed libldap type cast (ITS#9175)
+  Fixed libldap retry loop in ldap_int_tls_connect (ITS#8650)
+  Fixed libldap_r race on Windows mutex initialization (ITS#9181)
+  Fixed liblunicode memory leak (ITS#9198)
+  Fixed slapd benign typos (ITS#8890)
+  Fixed slapd to limit depth of nested filters (ITS#9202)
+  Fixed slapd-mdb memory leak in dnSuperiorMatch (ITS#9214)
+  Fixed slapo-pcache database initialization (ITS#9182)
+  Fixed slapo-ppolicy callback (ITS#9171)
+  Build
+    Fix olcDatabaseDummy initialization for windows (ITS#7074)
+    Fix detection for ws2tcpip.h for windows (ITS#8383)
+    Fix back-mdb types for windows (ITS#7878)
+  Contrib
+    Update ldapc++ config.guess and config.sub to support newer architectures (ITS#7855)
+    Added pw-argon2 module (ITS#9233, ITS#8575, ITS#9203, ITS#9206)
+  Documentation
+    slapd-ldap(5) - Clarify idassert-authzfrom behavior (ITS#9003)
+    slapd-meta(5) - Remove client-pr option (ITS#8683)
+    slapdinex(8) - Fix truncate option information for back-mdb (ITS#9230)
+
 -------------------------------------------------------------------
 Thu Jan 30 20:57:33 UTC 2020 - Michael Ströder <michael@stroeder.com>
 

openldap2.spec

@@ -22,7 +22,7 @@
 %endif
 
 %define run_test_suite 0
-%define version_main 2.4.49
+%define version_main 2.4.50
 
 %if %{suse_version} >= 1310 && %{suse_version} != 1315
 %define  _rundir /run/slapd
@@ -40,8 +40,8 @@ License:        OLDAP-2.8
 Group:          Productivity/Networking/LDAP/Servers
 Version:        %{version_main}
 Release:        0
-Url:            http://www.openldap.org
+Url:            https://www.openldap.org
-Source:         ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-%{version_main}.tgz
+Source:         https://www.openldap.org/software/download/OpenLDAP/openldap-release/openldap-%{version_main}.tgz
 Source1:        slapd.conf
 Source2:        slapd.conf.olctemplate
 Source3:        DB_CONFIG
@@ -61,8 +61,8 @@ Patch3:         0003-LDAPI-socket-location.dif
 Patch5:         0005-pie-compile.dif
 Patch7:         0007-Recover-on-DB-version-change.dif
 Patch8:         0008-In-monitor-backend-do-not-return-Connection0-entries.patch
-Patch9:         0009-Fix-ldap-host-lookup-ipv6.patch
 Patch11:        0011-openldap-re24-its7796.patch
+Patch14:        0014-ITS-8650-fix-debug-usage.patch
 Patch15:        openldap-r-only.dif
 Patch16:        0016-Clear-shared-key-only-in-close-function.patch
 Source200:      %{name_ppolicy_check_module}-%{version_ppolicy_check_module}.tar.gz
@@ -76,6 +76,7 @@ BuildRequires:  cyrus-sasl-devel
 BuildRequires:  db-devel
 BuildRequires:  groff
 BuildRequires:  libopenssl-devel
+BuildRequires:  libsodium-devel
 BuildRequires:  libtool
 BuildRequires:  openslp-devel
 BuildRequires:  unixODBC-devel
@@ -166,6 +167,7 @@ cloak
 denyop
 lastbind      writes last bind timestamp to entry
 noopsrch      handles no-op search control
+pw-argon2     generates/validates Argon2 password hashes
 pw-sha2       generates/validates SHA-2 password hashes
 pw-pbkdf2     generates/validates PBKDF2 password hashes
 smbk5pwd      generates Samba3 password hashes (heimdal krb disabled)
@@ -256,8 +258,8 @@ gzip -k %{S:203}
 %patch5 -p1
 %patch7 -p1
 %patch8 -p1
-%patch9 -p1
 %patch11 -p1
+%patch14 -p1
 %patch15 -p1
 %patch16 -p1
 cp %{SOURCE5} .
@@ -307,7 +309,7 @@ export STRIP=""
 make depend
 make %{?_smp_mflags}
 # Build selected contrib overlays
-for SLAPO_NAME in addpartial allowed allop autogroup lastbind denyop cloak noopsrch passwd/sha2 passwd/pbkdf2 trace
+for SLAPO_NAME in addpartial allowed allop autogroup lastbind denyop cloak noopsrch passwd/argon2 passwd/sha2 passwd/pbkdf2 trace
 do
   make -C contrib/slapd-modules/${SLAPO_NAME} %{?_smp_mflags} "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}"
 done
@@ -351,9 +353,9 @@ make STRIP="" DESTDIR="%{buildroot}" "sysconfdir=%{_sysconfdir}/openldap" "libdi
 # Additional symbolic link to slapd executable in /usr/sbin/
 ln -s %{_libdir}/slapd %{buildroot}/usr/sbin/slapd
 # Install selected contrib overlays
-for SLAPO_NAME in addpartial allowed allop autogroup lastbind denyop cloak noopsrch passwd/sha2 passwd/pbkdf2 trace
+for SLAPO_NAME in addpartial allowed allop autogroup lastbind denyop cloak noopsrch passwd/argon2 passwd/sha2 passwd/pbkdf2 trace
 do
-  make -C contrib/slapd-modules/${SLAPO_NAME} STRIP="" DESTDIR="%{buildroot}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install
+  make -C contrib/slapd-modules/${SLAPO_NAME} STRIP="" DESTDIR="%{buildroot}" "mandir=%{_mandir}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install
 done
 # slapo-smbk5pwd only for Samba password hashes
 make -C contrib/slapd-modules/smbk5pwd STRIP="" DESTDIR="%{buildroot}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install
@@ -581,12 +583,14 @@ fi
 %{_libdir}/openldap/autogroup.*
 %{_libdir}/openldap/lastbind.*
 %{_libdir}/openldap/noopsrch.*
+%{_libdir}/openldap/pw-argon2.*
 %{_libdir}/openldap/pw-sha2.*
 %{_libdir}/openldap/pw-pbkdf2.*
 %{_libdir}/openldap/denyop.*
 %{_libdir}/openldap/cloak.*
 %{_libdir}/openldap/smbk5pwd.*
 %{_libdir}/openldap/trace.*
+%doc %{_mandir}/man5/slapd-pw-argon2.*
 
 %files client
 %defattr(-,root,root)