From f74d513b914302921ec890896664f34d376587f9a62a9222ac70c2201dbdfa50 Mon Sep 17 00:00:00 2001 From: Howard Guo Date: Mon, 8 Feb 2016 09:04:15 +0000 Subject: [PATCH] Accepting request 358048 from home:stroeder:branches:network:ldap update to 2.4.44 (successfully tested on Tumbleweed x86_64) OBS-URL: https://build.opensuse.org/request/show/358048 OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=150 --- 0002-slapd.conf.dif | 75 ++++++++------------------------ 0012-openldap-re24-its8336.patch | 25 ----------- openldap-2.4.43.tgz | 3 -- openldap-2.4.44.tgz | 3 ++ openldap2-client.changes | 7 +++ openldap2-client.spec | 6 +-- openldap2.changes | 7 +++ openldap2.spec | 6 +-- 8 files changed, 40 insertions(+), 92 deletions(-) delete mode 100644 0012-openldap-re24-its8336.patch delete mode 100644 openldap-2.4.43.tgz create mode 100644 openldap-2.4.44.tgz diff --git a/0002-slapd.conf.dif b/0002-slapd.conf.dif index 9b9e6f2..dd80e8d 100644 --- a/0002-slapd.conf.dif +++ b/0002-slapd.conf.dif @@ -1,63 +1,38 @@ diff --git a/servers/slapd/slapd.conf b/servers/slapd/slapd.conf -index 4938b85..b9bec75 100644 +index b225fe5..e22e7f2 100644 --- a/servers/slapd/slapd.conf +++ b/servers/slapd/slapd.conf -@@ -2,7 +2,11 @@ - # See slapd.conf(5) for details on configuration options. +@@ -3,6 +3,10 @@ # This file should NOT be world readable. # --include %SYSCONFDIR%/schema/core.schema -+include /etc/openldap/schema/core.schema -+include /etc/openldap/schema/cosine.schema -+include /etc/openldap/schema/inetorgperson.schema -+include /etc/openldap/schema/rfc2307bis.schema -+include /etc/openldap/schema/yast.schema + include %SYSCONFDIR%/schema/core.schema ++include %SYSCONFDIR%/schema/cosine.schema ++include %SYSCONFDIR%/schema/inetorgperson.schema ++include %SYSCONFDIR%/schema/rfc2307bis.schema ++include %SYSCONFDIR%/schema/yast.schema # Define global ACLs to disable default read access. -@@ -10,13 +14,13 @@ include %SYSCONFDIR%/schema/core.schema +@@ -10,12 +14,12 @@ include %SYSCONFDIR%/schema/core.schema # service AND an understanding of referrals. #referral ldap://root.openldap.org -pidfile %LOCALSTATEDIR%/run/slapd.pid -argsfile %LOCALSTATEDIR%/run/slapd.args -+pidfile /run/slapd/slapd.pid -+argsfile /run/slapd/slapd.args ++pidfile %LOCALSTATEDIR%/slapd.pid ++argsfile %LOCALSTATEDIR%/slapd.args # Load dynamic backend modules: --# modulepath %MODULEDIR% -+# modulepath /usr/lib/openldap - # moduleload back_bdb.la --# moduleload back_hdb.la -+moduleload back_hdb.la + # modulepath %MODULEDIR% +-# moduleload back_mdb.la ++moduleload back_mdb.la # moduleload back_ldap.la # Sample security restrictions -@@ -26,20 +30,30 @@ argsfile %LOCALSTATEDIR%/run/slapd.args - # security ssf=1 update_ssf=112 simple_bind=64 +@@ -45,6 +49,23 @@ argsfile %LOCALSTATEDIR%/run/slapd.args + # + # rootdn can always read and write EVERYTHING! - # Sample access control policy: --# Root DSE: allow anyone to read it --# Subschema (sub)entry DSE: allow anyone to read it --# Other DSEs: --# Allow self write access --# Allow authenticated users read access --# Allow anonymous users to authenticate --# Directives needed to implement policy: --# access to dn.base="" by * read --# access to dn.base="cn=Subschema" by * read --# access to * --# by self write --# by users read --# by anonymous auth --# -+# Root DSE: allow anyone to read it -+# Subschema (sub)entry DSE: allow anyone to read it -+# Other DSEs: -+# Allow self write access to user password -+# Allow anonymous users to authenticate -+# Allow read access to everything else -+# Directives needed to implement policy: +access to dn.base="" + by * read + @@ -75,22 +50,10 @@ index 4938b85..b9bec75 100644 +access to * + by * read + - # if no access controls are present, the default policy - # allows anyone and everyone to read anything but restricts - # updates to rootdn. (e.g., "access to * by * read") -@@ -50,8 +64,10 @@ argsfile %LOCALSTATEDIR%/run/slapd.args - # BDB database definitions ####################################################################### - --database bdb -+database hdb - suffix "dc=my-domain,dc=com" -+checkpoint 1024 5 -+cachesize 10000 - rootdn "cn=Manager,dc=my-domain,dc=com" - # Cleartext passwords, especially for the rootdn, should - # be avoid. See slappasswd(8) and slapd.conf(5) for details. -@@ -60,6 +76,6 @@ rootpw secret + # MDB database definitions + ####################################################################### +@@ -60,6 +81,6 @@ rootpw secret # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. diff --git a/0012-openldap-re24-its8336.patch b/0012-openldap-re24-its8336.patch deleted file mode 100644 index 71a0246..0000000 --- a/0012-openldap-re24-its8336.patch +++ /dev/null @@ -1,25 +0,0 @@ -From fd7bfbc0df0ade534bea84914d385ecf2a73f678 Mon Sep 17 00:00:00 2001 -From: Howard Chu -Date: Tue, 8 Dec 2015 18:17:24 +0000 -Subject: ITS#8336 fix page_search_root assert on FreeDB - -Let "illegal" branch pages thru on the FreeDB - the condition -is only temporary and will be fixed by the time rebalance finishes. - -diff --git a/libraries/liblmdb/mdb.c b/libraries/liblmdb/mdb.c -index fa0c9e5..a624cba 100644 ---- a/libraries/liblmdb/mdb.c -+++ b/libraries/liblmdb/mdb.c -@@ -5279,7 +5279,11 @@ mdb_page_search_root(MDB_cursor *mc, MDB_val *key, int flags) - indx_t i; - - DPRINTF(("branch page %"Z"u has %u keys", mp->mp_pgno, NUMKEYS(mp))); -- mdb_cassert(mc, NUMKEYS(mp) > 1); -+ /* Don't assert on branch pages in the FreeDB. We can get here -+ * while in the process of rebalancing a FreeDB branch page; we must -+ * let that proceed. ITS#8336 -+ */ -+ mdb_cassert(mc, !mc->mc_dbi || NUMKEYS(mp) > 1); - DPRINTF(("found index 0 to page %"Z"u", NODEPGNO(NODEPTR(mp, 0)))); - - if (flags & (MDB_PS_FIRST|MDB_PS_LAST)) { diff --git a/openldap-2.4.43.tgz b/openldap-2.4.43.tgz deleted file mode 100644 index 26ad249..0000000 --- a/openldap-2.4.43.tgz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:34d78e5598a2b0360d26a9050fcdbbe198c65493b013bb607839d5598b6978c8 -size 5654057 diff --git a/openldap-2.4.44.tgz b/openldap-2.4.44.tgz new file mode 100644 index 0000000..57ce079 --- /dev/null +++ b/openldap-2.4.44.tgz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d7de6bf3c67009c95525dde3a0212cc110d0a70b92af2af8e3ee800e81b88400 +size 5658830 diff --git a/openldap2-client.changes b/openldap2-client.changes index 818acbd..16eff0e 100644 --- a/openldap2-client.changes +++ b/openldap2-client.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Sat Feb 6 12:10:53 UTC 2016 - michael@stroeder.com + +- Upgrade to upstream 2.4.44 release with accumulated bug fixes. +- Specify source with FTP URL +- Removed obsolete 0012-openldap-re24-its8336.patch + ------------------------------------------------------------------- Mon Jan 25 14:10:12 UTC 2016 - hguo@suse.com diff --git a/openldap2-client.spec b/openldap2-client.spec index 2545dea..4e719ef 100644 --- a/openldap2-client.spec +++ b/openldap2-client.spec @@ -17,7 +17,7 @@ %define run_test_suite 0 -%define version_main 2.4.43 +%define version_main 2.4.44 %if %{suse_version} >= 1310 && %{suse_version} != 1315 %define _rundir /run/slapd @@ -32,7 +32,7 @@ Group: Productivity/Networking/LDAP/Clients Version: %{version_main} Release: 0 Url: http://www.openldap.org -Source: openldap-%{version_main}.tgz +Source: ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-%{version_main}.tgz Source3: DB_CONFIG Source4: sasl-slapd.conf Source5: README.module-loading @@ -55,7 +55,6 @@ Patch8: 0008-In-monitor-backend-do-not-return-Connection0-entries.patch Patch9: 0009-Fix-ldap-host-lookup-ipv6.patch Patch10: 0010-Enforce-minimum-DH-size-of-1024.patch Patch11: 0011-openldap-re24-its7796.patch -Patch12: 0012-openldap-re24-its8336.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: cyrus-sasl-devel BuildRequires: groff @@ -219,7 +218,6 @@ This package contains the OpenLDAP client libraries. %patch9 -p1 %patch10 -p1 %patch11 -p1 -%patch12 -p1 cp %{SOURCE5} . %build diff --git a/openldap2.changes b/openldap2.changes index 818acbd..16eff0e 100644 --- a/openldap2.changes +++ b/openldap2.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Sat Feb 6 12:10:53 UTC 2016 - michael@stroeder.com + +- Upgrade to upstream 2.4.44 release with accumulated bug fixes. +- Specify source with FTP URL +- Removed obsolete 0012-openldap-re24-its8336.patch + ------------------------------------------------------------------- Mon Jan 25 14:10:12 UTC 2016 - hguo@suse.com diff --git a/openldap2.spec b/openldap2.spec index 1ee5ca8..b32edf4 100644 --- a/openldap2.spec +++ b/openldap2.spec @@ -17,7 +17,7 @@ %define run_test_suite 0 -%define version_main 2.4.43 +%define version_main 2.4.44 %if %{suse_version} >= 1310 && %{suse_version} != 1315 %define _rundir /run/slapd @@ -32,7 +32,7 @@ Group: Productivity/Networking/LDAP/Clients Version: %{version_main} Release: 0 Url: http://www.openldap.org -Source: openldap-%{version_main}.tgz +Source: ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-%{version_main}.tgz Source3: DB_CONFIG Source4: sasl-slapd.conf Source5: README.module-loading @@ -55,7 +55,6 @@ Patch8: 0008-In-monitor-backend-do-not-return-Connection0-entries.patch Patch9: 0009-Fix-ldap-host-lookup-ipv6.patch Patch10: 0010-Enforce-minimum-DH-size-of-1024.patch Patch11: 0011-openldap-re24-its7796.patch -Patch12: 0012-openldap-re24-its8336.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: cyrus-sasl-devel BuildRequires: groff @@ -219,7 +218,6 @@ This package contains the OpenLDAP client libraries. %patch9 -p1 %patch10 -p1 %patch11 -p1 -%patch12 -p1 cp %{SOURCE5} . %build