Accepting request 95877 from network:ldap

update to 2.4.28
license update: OLDAP-2.8, SPDX format (http://www.spdx.org/licenses)

OBS-URL: https://build.opensuse.org/request/show/95877
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openldap2?expand=0&rev=85
This commit is contained in:
Stephan Kulow 2011-12-08 11:26:36 +00:00 committed by Git OBS Bridge
commit 544701745f
20 changed files with 157 additions and 705 deletions

View File

@ -1,4 +1,4 @@
From 43a8df1cab3f7bafb34b3356833779e6e2f0eaf1 Mon Sep 17 00:00:00 2001 From ada0d25f62670b502166ce05fce29beb9d86ce96 Mon Sep 17 00:00:00 2001
From: Ralf Haferkamp <rhafer@suse.de> From: Ralf Haferkamp <rhafer@suse.de>
Date: Wed, 16 Jun 2010 14:04:07 +0200 Date: Wed, 16 Jun 2010 14:04:07 +0200
Subject: build-adjustments Subject: build-adjustments
@ -20,7 +20,7 @@ index 66ac3bf..f09e0c3 100644
sharedstatedir = @sharedstatedir@ sharedstatedir = @sharedstatedir@
sysconfdir = @sysconfdir@$(ldap_subdir) sysconfdir = @sysconfdir@$(ldap_subdir)
diff --git a/configure.in b/configure.in diff --git a/configure.in b/configure.in
index 0872d81..225647b 100644 index e7e5a7e..ef9d4f5 100644
--- a/configure.in --- a/configure.in
+++ b/configure.in +++ b/configure.in
@@ -69,7 +69,9 @@ dnl Determine host platform @@ -69,7 +69,9 @@ dnl Determine host platform
@ -35,5 +35,5 @@ index 0872d81..225647b 100644
AC_SUBST(VERSION)dnl AC_SUBST(VERSION)dnl
AC_DEFINE_UNQUOTED(OPENLDAP_PACKAGE,"$PACKAGE",Package) AC_DEFINE_UNQUOTED(OPENLDAP_PACKAGE,"$PACKAGE",Package)
-- --
1.7.3.4 1.7.7

View File

@ -1,4 +1,4 @@
From 3a5f7ce7960e64d49ad104cc9abc7941b454d933 Mon Sep 17 00:00:00 2001 From dc422b3d677b7bb9c0699d40623def4dc93d54f0 Mon Sep 17 00:00:00 2001
From: Ralf Haferkamp <rhafer@suse.de> From: Ralf Haferkamp <rhafer@suse.de>
Date: Wed, 16 Jun 2010 14:05:49 +0200 Date: Wed, 16 Jun 2010 14:05:49 +0200
Subject: slapd.conf Subject: slapd.conf
@ -93,5 +93,5 @@ index 4938b85..9caf292 100644
# Indices to maintain # Indices to maintain
index objectClass eq index objectClass eq
-- --
1.7.3.4 1.7.7

View File

@ -1,4 +1,4 @@
From c5b25d50557bb79a54654699d47af29342157ad9 Mon Sep 17 00:00:00 2001 From daab8464b7e9269012c22566ff8406122cc1f19b Mon Sep 17 00:00:00 2001
From: Ralf Haferkamp <rhafer@suse.de> From: Ralf Haferkamp <rhafer@suse.de>
Date: Wed, 16 Jun 2010 14:06:42 +0200 Date: Wed, 16 Jun 2010 14:06:42 +0200
Subject: LDAPI socket location Subject: LDAPI socket location
@ -18,5 +18,5 @@ index 426d7f6..9a21f98 100644
/* /*
* SLAPD DEFINITIONS * SLAPD DEFINITIONS
-- --
1.7.3.4 1.7.7

View File

@ -1,11 +1,11 @@
From 119f2c14aac61a04d98719b399266c1ed235793a Mon Sep 17 00:00:00 2001 From ae570a81db3e070d0c449fe9eb70352c8ffcf22a Mon Sep 17 00:00:00 2001
From: Ralf Haferkamp <rhafer@suse.de> From: Ralf Haferkamp <rhafer@suse.de>
Date: Wed, 16 Jun 2010 14:08:03 +0200 Date: Wed, 16 Jun 2010 14:08:03 +0200
Subject: libldap use gethostbyname_r Subject: libldap use gethostbyname_r
diff --git a/libraries/libldap/util-int.c b/libraries/libldap/util-int.c diff --git a/libraries/libldap/util-int.c b/libraries/libldap/util-int.c
index d2b4ae8..3180d74 100644 index f0b5f72..ea5e178 100644
--- a/libraries/libldap/util-int.c --- a/libraries/libldap/util-int.c
+++ b/libraries/libldap/util-int.c +++ b/libraries/libldap/util-int.c
@@ -52,7 +52,7 @@ extern int h_errno; @@ -52,7 +52,7 @@ extern int h_errno;
@ -27,5 +27,5 @@ index d2b4ae8..3180d74 100644
#if !(defined(HAVE_GETHOSTBYNAME_R) && defined(HAVE_GETHOSTBYADDR_R)) #if !(defined(HAVE_GETHOSTBYNAME_R) && defined(HAVE_GETHOSTBYADDR_R))
-- --
1.7.3.4 1.7.7

View File

@ -1,4 +1,4 @@
From 34e2af586533bf43e2fec55e707fa4d51ca6634c Mon Sep 17 00:00:00 2001 From ef2b8372346fd32c21a8b19864c2f29aed5e3e63 Mon Sep 17 00:00:00 2001
From: Ralf Haferkamp <rhafer@suse.de> From: Ralf Haferkamp <rhafer@suse.de>
Date: Fri, 12 Nov 2010 09:39:11 +0100 Date: Fri, 12 Nov 2010 09:39:11 +0100
Subject: pie compile Subject: pie compile
@ -114,5 +114,5 @@ index f93a84c..a35dd83 100644
MOD_DEFS = $(@BUILD_RELAY@_DEFS) MOD_DEFS = $(@BUILD_RELAY@_DEFS)
-- --
1.7.3.4 1.7.7

View File

@ -1,4 +1,4 @@
From 708185d30ee5a94ca4d98707521620291c8ddd1d Mon Sep 17 00:00:00 2001 From b0508b1d0322491955d6ed11fc8c980f6a07dd18 Mon Sep 17 00:00:00 2001
From: Cristian Rodriguez <cristian.rodriguez@opensuse.org> From: Cristian Rodriguez <cristian.rodriguez@opensuse.org>
Date: Tue, 5 Oct 2010 13:59:40 +0200 Date: Tue, 5 Oct 2010 13:59:40 +0200
Subject: No Build date and time in binaries Subject: No Build date and time in binaries
@ -29,5 +29,5 @@ index 5c020b8..0160ab1 100755
__EOF__ __EOF__
-- --
1.7.3.4 1.7.7

View File

@ -1,50 +0,0 @@
From 1b23710affd68704d8fb66ba42901fa7aed1a379 Mon Sep 17 00:00:00 2001
From: Ralf Haferkamp <rhafer@suse.de>
Date: Wed, 16 Jun 2010 14:08:56 +0200
Subject: assorted fixes for back-config DELETE support
diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c
index 006647b..3354c09 100644
--- a/servers/slapd/bconfig.c
+++ b/servers/slapd/bconfig.c
@@ -6050,13 +6050,26 @@ config_back_delete( Operation *op, SlapReply *rs )
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
} else if ( op->o_abandon ) {
rs->sr_err = SLAPD_ABANDON;
- } else if ( ce->ce_type == Cft_Overlay ){
+ } else if ( ce->ce_type == Cft_Overlay || ce->ce_type == Cft_Database){
char *iptr;
int count, ixold;
ldap_pvt_thread_pool_pause( &connection_pool );
- overlay_remove( ce->ce_be, (slap_overinst *)ce->ce_bi );
+ if ( ce->ce_type == Cft_Overlay ){
+ overlay_remove( ce->ce_be, (slap_overinst *)ce->ce_bi );
+ } else { /* Cft_Database*/
+ if ( ce->ce_be == frontendDB || ce->ce_be == op->o_bd ){
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ rs->sr_text = "Cannot delete config or frontend database";
+ ldap_pvt_thread_pool_resume( &connection_pool );
+ goto out;
+ }
+ if ( ce->ce_be->bd_info->bi_db_close ) {
+ ce->ce_be->bd_info->bi_db_close( ce->ce_be, NULL );
+ }
+ backend_destroy_one( ce->ce_be, 1);
+ }
/* remove CfEntryInfo from the siblings list */
if ( ce->ce_parent->ce_kids == ce ) {
@@ -6118,6 +6131,7 @@ config_back_delete( Operation *op, SlapReply *rs )
#else
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
#endif /* SLAP_CONFIG_DELETE */
+out:
send_ldap_result( op, rs );
return rs->sr_err;
}
--
1.7.3.4

View File

@ -1,4 +1,4 @@
From 1ae2909f2464955fde817f3c8447724e4d5035c3 Mon Sep 17 00:00:00 2001 From e17f4d8c705ffa9080fd2ca5cf6780e30d04b0ac Mon Sep 17 00:00:00 2001
From: Ralf Haferkamp <rhafer@suse.de> From: Ralf Haferkamp <rhafer@suse.de>
Date: Tue, 5 Oct 2010 14:20:22 +0200 Date: Tue, 5 Oct 2010 14:20:22 +0200
Subject: Recover on DB version change Subject: Recover on DB version change
@ -25,5 +25,5 @@ index 526fee8..a9f7c5a 100644
/* Regular open failed, probably a missing shm environment. /* Regular open failed, probably a missing shm environment.
* Start over, do a recovery. * Start over, do a recovery.
-- --
1.7.3.4 1.7.7

View File

@ -1,141 +0,0 @@
From 601cde61e0ad14e804a4f1bf54b6fac934aaad4b Mon Sep 17 00:00:00 2001
From: ralf <ralf>
Date: Wed, 30 Jun 2010 10:38:01 +0000
Subject: unregister_supported_control() backport
The fix for bnc#648479/ITS#6647 makes use of this call
Original log-message:
new call unregister_supported_control(), will be
needed for cn=config delete support
Also included: use be_ctrls[cid] for counting the number of overlay
instances that have registered the control for a specific BackendDB to make
sure that the control is unregistered only after the last instance calls
overlay_unregister_control().
diff --git a/servers/slapd/backover.c b/servers/slapd/backover.c
index cad81ab..56bcf65 100644
--- a/servers/slapd/backover.c
+++ b/servers/slapd/backover.c
@@ -1076,14 +1076,22 @@ overlay_register_control( BackendDB *be, const char *oid )
gotit = 1;
}
- bd->be_ctrls[ cid ] = 1;
+ /* overlays can be instanciated multiple times, use
+ * be_ctrls[ cid ] as an instance counter, so that the
+ * overlay's controls are only really disabled after the
+ * last instance called overlay_register_control() */
+ bd->be_ctrls[ cid ]++;
bd->be_ctrls[ SLAP_MAX_CIDS ] = 1;
}
}
if ( !gotit ) {
- be->bd_self->be_ctrls[ cid ] = 1;
+ /* overlays can be instanciated multiple times, use
+ * be_ctrls[ cid ] as an instance counter, so that the
+ * overlay's controls are only really unregistered after the
+ * last instance called overlay_register_control() */
+ be->bd_self->be_ctrls[ cid ]++;
be->bd_self->be_ctrls[ SLAP_MAX_CIDS ] = 1;
}
@@ -1091,6 +1099,34 @@ overlay_register_control( BackendDB *be, const char *oid )
}
void
+overlay_unregister_control( BackendDB *be, const char *oid )
+{
+ int gotit = 0;
+ int cid;
+
+ if ( slap_find_control_id( oid, &cid ) == LDAP_CONTROL_NOT_FOUND ) {
+ return;
+ }
+
+ if ( SLAP_ISGLOBALOVERLAY( be ) ) {
+ BackendDB *bd;
+
+ /* remove from all backends... */
+ LDAP_STAILQ_FOREACH( bd, &backendDB, be_next ) {
+ if ( bd == be->bd_self ) {
+ gotit = 1;
+ }
+
+ bd->be_ctrls[ cid ]--;
+ }
+ }
+
+ if ( !gotit ) {
+ be->bd_self->be_ctrls[ cid ]--;
+ }
+}
+
+void
overlay_destroy_one( BackendDB *be, slap_overinst *on )
{
slap_overinfo *oi = on->on_info;
diff --git a/servers/slapd/controls.c b/servers/slapd/controls.c
index 96df34e..8d079c5 100644
--- a/servers/slapd/controls.c
+++ b/servers/slapd/controls.c
@@ -344,6 +344,38 @@ register_supported_control2(const char *controloid,
return LDAP_SUCCESS;
}
+#ifdef SLAP_CONFIG_DELETE
+int
+unregister_supported_control( const char *controloid )
+{
+ struct slap_control *sc;
+ int i;
+
+ if ( controloid == NULL || (sc = find_ctrl( controloid )) == NULL ){
+ return -1;
+ }
+
+ for ( i = 0; slap_known_controls[ i ]; i++ ) {
+ if ( strcmp( controloid, slap_known_controls[ i ] ) == 0 ) {
+ do {
+ slap_known_controls[ i ] = slap_known_controls[ i+1 ];
+ } while ( slap_known_controls[ i++ ] );
+ num_known_controls--;
+ break;
+ }
+ }
+
+ LDAP_SLIST_REMOVE(&controls_list, sc, slap_control, sc_next);
+ ch_free( sc->sc_oid );
+ if ( sc->sc_extendedopsbv != NULL ) {
+ ber_bvarray_free( sc->sc_extendedopsbv );
+ }
+ ch_free( sc );
+
+ return 0;
+}
+#endif /* SLAP_CONFIG_DELETE */
+
/*
* One-time initialization of internal controls.
*/
diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h
index 4d0e1bb..1aebece 100644
--- a/servers/slapd/proto-slap.h
+++ b/servers/slapd/proto-slap.h
@@ -657,6 +657,10 @@ LDAP_SLAPD_F (int) register_supported_control2 LDAP_P((
int *controlcid ));
#define register_supported_control(oid, mask, exops, fn, cid) \
register_supported_control2((oid), (mask), (exops), (fn), 0, (cid))
+#ifdef SLAP_CONFIG_DELETE
+LDAP_SLAPD_F (int) unregister_supported_control LDAP_P((
+ const char* controloid ));
+#endif /* SLAP_CONFIG_DELETE */
LDAP_SLAPD_F (int) slap_controls_init LDAP_P ((void));
LDAP_SLAPD_F (void) controls_destroy LDAP_P ((void));
LDAP_SLAPD_F (int) controls_root_dse_info LDAP_P ((Entry *e));
--
1.7.3.4

View File

@ -1,46 +0,0 @@
From b5ddeac919d767a390d7d9e3c2dac092cc4232e1 Mon Sep 17 00:00:00 2001
From: ralf <ralf>
Date: Fri, 22 Jan 2010 17:01:25 +0000
Subject: Fix exposure of SSS/VLV controls (ITS#6647)
Fixes bnc#648479
Contains the following upstream commits:
- Unregister VLV control as well when last overlay instance
is removed (additional fix for ITS#6647)
diff --git a/servers/slapd/overlays/sssvlv.c b/servers/slapd/overlays/sssvlv.c
index ce3da34..7ffed1b 100644
--- a/servers/slapd/overlays/sssvlv.c
+++ b/servers/slapd/overlays/sssvlv.c
@@ -1295,6 +1295,10 @@ static int sssvlv_db_init(
if ( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY, "Failed to register VLV Request control '%s' (%d)\n",
LDAP_CONTROL_VLVREQUEST, rc, 0 );
+#ifdef SLAP_CONFIG_DELETE
+ overlay_unregister_control( be, LDAP_CONTROL_SORTREQUEST );
+ unregister_supported_control( LDAP_CONTROL_SORTREQUEST );
+#endif /* SLAP_CONFIG_DELETE */
return rc;
}
}
@@ -1330,6 +1334,15 @@ static int sssvlv_db_destroy(
ldap_pvt_thread_mutex_destroy( &sort_conns_mutex );
}
+#ifdef SLAP_CONFIG_DELETE
+ overlay_unregister_control( be, LDAP_CONTROL_SORTREQUEST );
+ overlay_unregister_control( be, LDAP_CONTROL_VLVREQUEST );
+ if ( ov_count == 0 ) {
+ unregister_supported_control( LDAP_CONTROL_SORTREQUEST );
+ unregister_supported_control( LDAP_CONTROL_VLVREQUEST );
+ }
+#endif /* SLAP_CONFIG_DELETE */
+
if ( si ) {
ch_free( si );
on->on_bi.bi_private = NULL;
--
1.7.3.4

View File

@ -1,110 +0,0 @@
From 0ca1fbc64f2f02cbdff0827e4ca1bbe312bebc2f Mon Sep 17 00:00:00 2001
From: Ralf Haferkamp <rhafer@suse.de>
Date: Fri, 22 Jan 2010 11:18:46 +0100
Subject: config-delete overlay fixes
- unregister controls when removing overlays from cn=config (syncprov,
ppolicy, valsort, chain and sssvlv)
- Send error to active psearches upon syncprov overlay removal
- syncprov: reset BackendInfo to original value after checkpoint. Leaks memory
otherwise (with -DSLAP_CONFIG_DELETE)
bnc#548773
diff --git a/servers/slapd/back-ldap/chain.c b/servers/slapd/back-ldap/chain.c
index 41bb6ef..8f37efb 100644
--- a/servers/slapd/back-ldap/chain.c
+++ b/servers/slapd/back-ldap/chain.c
@@ -1979,6 +1979,11 @@ ldap_chain_db_close(
BackendDB *be,
ConfigReply *cr )
{
+#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
+#ifdef SLAP_CONFIG_DELETE
+ overlay_unregister_control( be, LDAP_CONTROL_X_CHAINING_BEHAVIOR );
+#endif /* SLAP_CONFIG_DELETE */
+#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
return ldap_chain_db_func( be, db_close );
}
diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c
index 43cc345..048bf89 100644
--- a/servers/slapd/overlays/ppolicy.c
+++ b/servers/slapd/overlays/ppolicy.c
@@ -2308,6 +2308,11 @@ ppolicy_close(
slap_overinst *on = (slap_overinst *) be->bd_info;
pp_info *pi = on->on_bi.bi_private;
+
+#ifdef SLAP_CONFIG_DELETE
+ overlay_unregister_control( be, LDAP_CONTROL_PASSWORDPOLICYREQUEST );
+#endif /* SLAP_CONFIG_DELETE */
+
/* Perhaps backover should provide bi_destroy hooks... */
ov_count--;
if ( ov_count <=0 && pwcons ) {
diff --git a/servers/slapd/overlays/syncprov.c b/servers/slapd/overlays/syncprov.c
index 1100de7..814f95e 100644
--- a/servers/slapd/overlays/syncprov.c
+++ b/servers/slapd/overlays/syncprov.c
@@ -3143,6 +3143,7 @@ syncprov_db_close(
{
slap_overinst *on = (slap_overinst *) be->bd_info;
syncprov_info_t *si = (syncprov_info_t *)on->on_bi.bi_private;
+ syncops *so, *sonext;
if ( slapMode & SLAP_TOOL_MODE ) {
return 0;
@@ -3162,6 +3163,20 @@ syncprov_db_close(
syncprov_checkpoint( op, on );
}
+#ifdef SLAP_CONFIG_DELETE
+ ldap_pvt_thread_mutex_lock( &si->si_ops_mutex );
+ for ( so=si->si_ops, sonext=so; so; so=sonext ) {
+ SlapReply rs = {REP_RESULT};
+ rs.sr_err = LDAP_UNAVAILABLE;
+ send_ldap_result( so->s_op, &rs );
+ sonext=so->s_next;
+ syncprov_drop_psearch( so, 0);
+ }
+ si->si_ops=NULL;
+ ldap_pvt_thread_mutex_unlock( &si->si_ops_mutex );
+ overlay_unregister_control( be, LDAP_CONTROL_SYNC );
+#endif /* SLAP_CONFIG_DELETE */
+
return 0;
}
diff --git a/servers/slapd/overlays/valsort.c b/servers/slapd/overlays/valsort.c
index 80d9382..033cbf6 100644
--- a/servers/slapd/overlays/valsort.c
+++ b/servers/slapd/overlays/valsort.c
@@ -490,6 +490,10 @@ valsort_destroy(
slap_overinst *on = (slap_overinst *)be->bd_info;
valsort_info *vi = on->on_bi.bi_private, *next;
+#ifdef SLAP_CONFIG_DELETE
+ overlay_unregister_control( be, LDAP_CONTROL_VALSORT );
+#endif /* SLAP_CONFIG_DELETE */
+
for (; vi; vi = next) {
next = vi->vi_next;
ch_free( vi->vi_dn.bv_val );
diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h
index 1aebece..bb0dd63 100644
--- a/servers/slapd/proto-slap.h
+++ b/servers/slapd/proto-slap.h
@@ -484,6 +484,9 @@ LDAP_SLAPD_F (void) overlay_move LDAP_P((
#ifdef SLAP_CONFIG_DELETE
LDAP_SLAPD_F (void) overlay_remove LDAP_P((
BackendDB *be, slap_overinst *on ));
+LDAP_SLAPD_F (void) overlay_unregister_control LDAP_P((
+ BackendDB *be,
+ const char *oid ));
#endif /* SLAP_CONFIG_DELETE */
LDAP_SLAPD_F (int) overlay_callback_after_backover LDAP_P((
Operation *op, slap_callback *sc, int append ));
--
1.7.3.4

View File

@ -1,115 +0,0 @@
From e9c58d8eb653e2e1fa8d84f8631dcc3fa5965db2 Mon Sep 17 00:00:00 2001
From: Ralf Haferkamp <ralf@openldap.org>
Date: Tue, 15 Mar 2011 16:57:41 +0000
Subject: backport ConfigLDAPdel callback from current master
bnc#704398
diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c
index 3354c09..309668e 100644
--- a/servers/slapd/bconfig.c
+++ b/servers/slapd/bconfig.c
@@ -6047,10 +6047,12 @@ config_back_delete( Operation *op, SlapReply *rs )
rs->sr_matched = last->ce_entry->e_name.bv_val;
rs->sr_err = LDAP_NO_SUCH_OBJECT;
} else if ( ce->ce_kids ) {
- rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ rs->sr_err = LDAP_NOT_ALLOWED_ON_NONLEAF;
} else if ( op->o_abandon ) {
rs->sr_err = SLAPD_ABANDON;
- } else if ( ce->ce_type == Cft_Overlay || ce->ce_type == Cft_Database){
+ } else if ( ce->ce_type == Cft_Overlay ||
+ ce->ce_type == Cft_Database ||
+ ce->ce_type == Cft_Misc ){
char *iptr;
int count, ixold;
@@ -6058,7 +6060,46 @@ config_back_delete( Operation *op, SlapReply *rs )
if ( ce->ce_type == Cft_Overlay ){
overlay_remove( ce->ce_be, (slap_overinst *)ce->ce_bi );
- } else { /* Cft_Database*/
+ } else if ( ce->ce_type == Cft_Misc ) {
+ /*
+ * only Cft_Misc objects that have a co_lddel handler set in
+ * the ConfigOCs struct can be deleted. This code also
+ * assumes that the entry can be only have one objectclass
+ * with co_type == Cft_Misc
+ */
+ ConfigOCs co, *coptr;
+ Attribute *oc_at;
+ int i;
+
+ oc_at = attr_find( ce->ce_entry->e_attrs,
+ slap_schema.si_ad_objectClass );
+ if ( !oc_at ) {
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "objectclass not found";
+ ldap_pvt_thread_pool_resume( &connection_pool );
+ goto out;
+ }
+ for ( i=0; !BER_BVISNULL(&oc_at->a_nvals[i]); i++ ) {
+ co.co_name = &oc_at->a_nvals[i];
+ coptr = avl_find( CfOcTree, &co, CfOc_cmp );
+ if ( coptr == NULL || coptr->co_type != Cft_Misc ) {
+ continue;
+ }
+ if ( ! coptr->co_lddel || coptr->co_lddel( ce, op ) ){
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ if ( ! coptr->co_lddel ) {
+ rs->sr_text = "No delete handler found";
+ } else {
+ rs->sr_err = LDAP_OTHER;
+ /* FIXME: We should return a helpful error message
+ * here */
+ }
+ ldap_pvt_thread_pool_resume( &connection_pool );
+ goto out;
+ }
+ break;
+ }
+ } else if (ce->ce_type == Cft_Database ) {
if ( ce->ce_be == frontendDB || ce->ce_be == op->o_bd ){
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
rs->sr_text = "Cannot delete config or frontend database";
@@ -6128,10 +6169,10 @@ config_back_delete( Operation *op, SlapReply *rs )
} else {
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
}
+out:
#else
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
#endif /* SLAP_CONFIG_DELETE */
-out:
send_ldap_result( op, rs );
return rs->sr_err;
}
diff --git a/servers/slapd/config.h b/servers/slapd/config.h
index 9c037d4..d79ae74 100644
--- a/servers/slapd/config.h
+++ b/servers/slapd/config.h
@@ -100,12 +100,21 @@ typedef int (ConfigLDAPadd)(
typedef int (ConfigCfAdd)(
Operation *op, SlapReply *rs, Entry *parent, struct config_args_s *ca );
+#ifdef SLAP_CONFIG_DELETE
+/* Called when deleting a Cft_Misc Child object from cn=config */
+typedef int (ConfigLDAPdel)(
+ CfEntryInfo *ce, Operation *op );
+#endif
+
typedef struct ConfigOCs {
const char *co_def;
ConfigType co_type;
ConfigTable *co_table;
ConfigLDAPadd *co_ldadd;
ConfigCfAdd *co_cfadd;
+#ifdef SLAP_CONFIG_DELETE
+ ConfigLDAPdel *co_lddel;
+#endif
ObjectClass *co_oc;
struct berval *co_name;
} ConfigOCs;
--
1.7.3.4

View File

@ -1,59 +0,0 @@
From 48e44e993656a08424a020347a458148169196ce Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Thu, 6 Oct 2011 14:05:31 -0700
Subject: UTF8StringNormalize overrun on zero-length string (ITS#7059)
Detected by valgrind
diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
index 67508fc..65a7e2e 100644
--- a/servers/slapd/schema_init.c
+++ b/servers/slapd/schema_init.c
@@ -1852,12 +1852,12 @@ UTF8StringNormalize(
}
nvalue.bv_val[nvalue.bv_len] = '\0';
- } else {
+ } else if ( tmp.bv_len ) {
/* string of all spaces is treated as one space */
nvalue.bv_val[0] = ' ';
nvalue.bv_val[1] = '\0';
nvalue.bv_len = 1;
- }
+ } /* should never be entered with 0-length val */
*normalized = nvalue;
return LDAP_SUCCESS;
@@ -2331,13 +2331,18 @@ postalAddressNormalize(
}
lines[l].bv_len = &val->bv_val[c] - lines[l].bv_val;
- normalized->bv_len = l;
+ normalized->bv_len = c = l;
- for ( l = 0; !BER_BVISNULL( &lines[l] ); l++ ) {
+ for ( l = 0; l <= c; l++ ) {
/* NOTE: we directly normalize each line,
* without unescaping the values, since the special
* values '\24' ('$') and '\5C' ('\') are not affected
* by normalization */
+ if ( !lines[l].bv_len ) {
+ nlines[l].bv_len = 0;
+ nlines[l].bv_val = NULL;
+ continue;
+ }
rc = UTF8StringNormalize( usage, NULL, xmr, &lines[l], &nlines[l], ctx );
if ( rc != LDAP_SUCCESS ) {
rc = LDAP_INVALID_SYNTAX;
@@ -2350,7 +2355,7 @@ postalAddressNormalize(
normalized->bv_val = slap_sl_malloc( normalized->bv_len + 1, ctx );
p = normalized->bv_val;
- for ( l = 0; !BER_BVISNULL( &nlines[l] ); l++ ) {
+ for ( l = 0; l <= c ; l++ ) {
p = lutil_strbvcopy( p, &nlines[l] );
*p++ = '$';
}
--
1.7.6.4

View File

@ -1,95 +0,0 @@
From 5d9026cf3f93f95dd6f80ad209013e30bbb0d8e6 Mon Sep 17 00:00:00 2001
From: Ralf Haferkamp <ralf@openldap.org>
Date: Tue, 18 Oct 2011 17:08:05 +0200
Subject: ITS#7066 reworked default deny ACL for cn=config
Dynamically adding ACL for cn=config didn't work correctly, when no
ACLs where present for that database upon startup. Delete the last
ACL from the DB could also lead to unexpected results.
diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c
index 309668e..7097d72 100644
--- a/servers/slapd/bconfig.c
+++ b/servers/slapd/bconfig.c
@@ -84,6 +84,7 @@ static char *logfileName;
#ifdef SLAP_AUTH_REWRITE
static BerVarray authz_rewrites;
#endif
+static AccessControl *defacl_parsed = NULL;
static struct berval cfdir;
@@ -1297,6 +1298,12 @@ config_generic(ConfigArgs *c) {
*prev = a->acl_next;
acl_free( a );
}
+ if ( SLAP_CONFIG( c->be ) && !c->be->be_acl ) {
+ Debug( LDAP_DEBUG_CONFIG, "config_generic (CFG_ACL): "
+ "Last explicit ACL for back-config removed. "
+ "Using hardcoded default\n", 0, 0, 0 );
+ c->be->be_acl = defacl_parsed;
+ }
break;
case CFG_OC: {
@@ -1792,6 +1799,9 @@ sortval_reject:
break;
case CFG_ACL:
+ if ( SLAP_CONFIG( c->be ) && c->be->be_acl == defacl_parsed) {
+ c->be->be_acl = NULL;
+ }
/* Don't append to the global ACL if we're on a specific DB */
i = c->valx;
if ( c->valx == -1 ) {
@@ -1801,6 +1811,9 @@ sortval_reject:
i++;
}
if ( parse_acl(c->be, c->fname, c->lineno, c->argc, c->argv, i ) ) {
+ if ( SLAP_CONFIG( c->be ) && !c->be->be_acl) {
+ c->be->be_acl = defacl_parsed;
+ }
return 1;
}
break;
@@ -6637,14 +6650,23 @@ config_back_db_open( BackendDB *be, ConfigReply *cr )
slap_callback cb = { NULL, slap_null_cb, NULL, NULL };
SlapReply rs = {REP_RESULT};
void *thrctx = NULL;
+ AccessControl *save_access;
Debug( LDAP_DEBUG_TRACE, "config_back_db_open\n", 0, 0, 0);
/* If we have no explicitly configured ACLs, don't just use
* the global ACLs. Explicitly deny access to everything.
*/
- if ( !be->bd_self->be_acl ) {
- parse_acl(be->bd_self, "config_back_db_open", 0, 6, (char **)defacl, 0 );
+ save_access = be->bd_self->be_acl;
+ be->bd_self->be_acl = NULL;
+ parse_acl(be->bd_self, "config_back_db_open", 0, 6, (char **)defacl, 0 );
+ defacl_parsed = be->bd_self->be_acl;
+ if ( save_access ) {
+ be->bd_self->be_acl = save_access;
+ } else {
+ Debug( LDAP_DEBUG_CONFIG, "config_back_db_open: "
+ "No explicit ACL for back-config configured. "
+ "Using hardcoded default\n", 0, 0, 0 );
}
thrctx = ldap_pvt_thread_pool_context();
@@ -6889,6 +6911,11 @@ config_back_db_close( BackendDB *be, ConfigReply *cr )
backend_shutdown( &cfb->cb_db );
}
+ if ( defacl_parsed && be->be_acl != defacl_parsed ) {
+ acl_free( defacl_parsed );
+ defacl_parsed = NULL;
+ }
+
return 0;
}
--
1.7.6.4

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1f42048cebbcd8647c9c566f8f070946103a15717345915ecd5fccfbe19a7c3d
size 5250064

3
openldap-2.4.28.tgz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:332ab5b13dbc0f85b1112d7a6f3485069108bfbd4d2603c8b548adbfa9bbc371
size 5436340

View File

@ -1,3 +1,62 @@
-------------------------------------------------------------------
Wed Dec 7 11:10:19 UTC 2011 - cfarrell@suse.com
- license update: OLDAP-2.8
SPDX format (http://www.spdx.org/licenses)
-------------------------------------------------------------------
Fri Dec 2 16:11:01 UTC 2011 - rhafer@suse.de
- Update to 2.4.28
* Fixed back-mdb out of order slapadd (ITS#7090)
changes in OpenLDAP 2.4.27 Release (2011/11/24):
* Added slapd delta-syncrepl MMR (ITS#6734,ITS#7029,ITS#7031)
* Fixed ldapmodify crash with LDIF controls (ITS#7039)
* Fixed ldapsearch to honor timeout and timelimit (ITS#7009)
* Fixed libldap endless looping (ITS#7035)
* Fixed libldap TLS to not check hostname when using 'allow'
(ITS#7014)
* Fixed slapadd common code into slapcommon (ITS#6737)
* Fixed slapd backend connection initialization (ITS#6993)
* Fixed slapd frontend DB parsing in cn=config (ITS#7016)
* Fixed slapd hang with {numbered} overlay insertion (ITS#7030)
* Fixed slapd inet_ntop usage (ITS#6925)
* Fixed slapd cn=config deletion of bitmasks (ITS#7083)
* Fixed slapd cn=config modify replace/delete crash (ITS#7065)
* Fixed slapd schema UTF8StringNormalize with 0 length values
(ITS#7059)
* Fixed slapd with dynamic acls for cn=config (ITS#7066)
* Fixed slapd response callbacks (ITS#6059,ITS#7062)
* Fixed slapd no_connection warnings with ldapi
(ITS#6548,ITS#7092)
* Fixed slapd return code processing (ITS#7060)
* Fixed slapd sl_malloc various issues (ITS#6437)
* Fixed slapd startup behavior (ITS#6848)
* Fixed slapd syncrepl crash with non-replicated ops (ITS#6892)
* Fixed slapd syncrepl with modrdn (ITS#7000,ITS#6472)
* Fixed slapd syncrepl timeout when using refreshAndPersist
(ITS#6999)
* Fixed slapd syncrepl deletes need a non-empty CSN (ITS#7052)
* Fixed slapd syncrepl glue for empty suffix (ITS#7037)
* Fixed slapd results cleanup (ITS#6763,ITS#7053)
* Fixed slapd validation of args for TLSCertificateFile
(ITS#7012)
* Fixed slapd-bdb/hdb to build entry DN based on parent DN
(ITS#5326)
* Fixed slapd-hdb with zero-length entries (ITS#7073)
* Fixed slapd-hdb duplicate entries in subtree IDL cache
(ITS#6983)
* Fixed slapo-pcache response cleanup (ITS#6981)
* Fixed slapo-ppolicy pwdAllowUserChange behavior (ITS#7021)
* Fixed slapo-sssvlv issue with greaterThanorEqual (ITS#6985)
* Fixed slapo-sssvlv to only return requested attrs (ITS#7061)
* Fixed slapo-syncprov DSA attribute filtering for Persist mode
(ITS#7019)
* Fixed slapo-syncprov when consumer has newer state of our SID
(ITS#7040)
* Fixed slapo-syncprov crash (ITS#7025)
* Added missing LDIF form of schema files (ITS#7063)
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Nov 25 10:42:39 UTC 2011 - coolo@suse.com Fri Nov 25 10:42:39 UTC 2011 - coolo@suse.com

View File

@ -24,10 +24,10 @@ BuildRequires: cyrus-sasl-devel libopenssl-devel libtool
%if %sles_version == 9 || %sles_version == 10 %if %sles_version == 9 || %sles_version == 10
BuildRequires: -libopenssl-devel -pwdutils openssl-devel BuildRequires: -libopenssl-devel -pwdutils openssl-devel
%endif %endif
Version: 2.4.26 Version: 2.4.28
Release: 1 Release: 1
Url: http://www.openldap.org Url: http://www.openldap.org
License: BSD3c(or similar) ; openldap 2.8 License: OLDAP-2.8
%if "%{name}" == "openldap2" %if "%{name}" == "openldap2"
BuildRequires: db-devel openslp-devel tcpd-devel unixODBC-devel BuildRequires: db-devel openslp-devel tcpd-devel unixODBC-devel
%if %sles_version == 9 || %sles_version == 10 %if %sles_version == 9 || %sles_version == 10
@ -44,7 +44,6 @@ Conflicts: openldap-client
Requires: libldap-2_4-2 = %{version} Requires: libldap-2_4-2 = %{version}
Summary: The OpenLDAP commandline client tools Summary: The OpenLDAP commandline client tools
%endif %endif
AutoReqProv: on
Source: openldap-%{version}.tgz Source: openldap-%{version}.tgz
Source1: openldap-rc.tgz Source1: openldap-rc.tgz
Source2: addonschema.tar.gz Source2: addonschema.tar.gz
@ -59,15 +58,8 @@ Patch2: 0002-slapd.conf.dif
Patch3: 0003-LDAPI-socket-location.dif Patch3: 0003-LDAPI-socket-location.dif
Patch4: 0004-libldap-use-gethostbyname_r.dif Patch4: 0004-libldap-use-gethostbyname_r.dif
Patch5: 0005-pie-compile.dif Patch5: 0005-pie-compile.dif
Patch6: 0006-assorted-fixes-for-back-config-DELETE-support.dif Patch6: 0006-No-Build-date-and-time-in-binaries.dif
Patch7: 0007-No-Build-date-and-time-in-binaries.dif Patch7: 0007-Recover-on-DB-version-change.dif
Patch8: 0008-Recover-on-DB-version-change.dif
Patch9: 0009-unregister_supported_control-backport.dif
Patch10: 0010-Fix-exposure-of-SSS-VLV-controls-ITS-6647.dif
Patch11: 0011-config-delete-overlay-fixes.dif
Patch12: 0012-backport-ConfigLDAPdel-callback-from-current-master.dif
Patch13: 0013-UTF8StringNormalize-overrun-on-zero-length-string-ITS-.dif
Patch14: 0014-ITS-7066-reworked-default-deny-ACL-for-cn-config.dif
Patch100: openldap-2.3.37.dif Patch100: openldap-2.3.37.dif
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
%if "%{name}" == "openldap2" %if "%{name}" == "openldap2"
@ -81,10 +73,8 @@ service that has an X.500 back-end.
This package contains the OpenLDAP client utilities. This package contains the OpenLDAP client utilities.
%package -n openldap2-back-perl %package -n openldap2-back-perl
License: BSD3c(or similar) ; openldap 2.8
Summary: OpenLDAP Perl Back-End Summary: OpenLDAP Perl Back-End
Requires: openldap2 = %{version} perl = %{perl_version} Requires: openldap2 = %{version} perl = %{perl_version}
AutoReqProv: on
Group: Productivity/Networking/LDAP/Servers Group: Productivity/Networking/LDAP/Servers
%description -n openldap2-back-perl %description -n openldap2-back-perl
@ -92,10 +82,8 @@ The OpenLDAP Perl back-end allows you to execute Perl code specific to
different LDAP operations. different LDAP operations.
%package -n openldap2-back-meta %package -n openldap2-back-meta
License: BSD3c(or similar) ; openldap 2.8
Summary: OpenLDAP Meta Back-End Summary: OpenLDAP Meta Back-End
Requires: openldap2 = %{version} Requires: openldap2 = %{version}
AutoReqProv: on
Group: Productivity/Networking/LDAP/Servers Group: Productivity/Networking/LDAP/Servers
Provides: openldap2:/usr/share/man/man5/slapd-meta.5.gz Provides: openldap2:/usr/share/man/man5/slapd-meta.5.gz
@ -106,10 +94,8 @@ these servers can be presented as belonging to a single Directory
Information Tree (DIT). Information Tree (DIT).
%package -n openldap2-back-sql %package -n openldap2-back-sql
License: BSD3c(or similar) ; openldap 2.8
Summary: OpenLDAP SQL Back-End Summary: OpenLDAP SQL Back-End
Requires: openldap2 = %{version} Requires: openldap2 = %{version}
AutoReqProv: on
Group: Productivity/Networking/LDAP/Servers Group: Productivity/Networking/LDAP/Servers
%description -n openldap2-back-sql %description -n openldap2-back-sql
@ -118,10 +104,8 @@ stored in a Relational (SQL) Database as an LDAP subtree without the need
to do any programming. to do any programming.
%package -n openldap2-doc %package -n openldap2-doc
License: BSD3c(or similar) ; openldap 2.8
Summary: OpenLDAP Documentation Summary: OpenLDAP Documentation
Group: Documentation/Other Group: Documentation/Other
AutoReqProv: on
Provides: openldap2:/usr/share/doc/packages/openldap2/drafts/README Provides: openldap2:/usr/share/doc/packages/openldap2/drafts/README
%if 0%{?suse_version} > 1110 %if 0%{?suse_version} > 1110
BuildArch: noarch BuildArch: noarch
@ -141,9 +125,7 @@ service that has an X.500 back-end.
This package contains the OpenLDAP client utilities. This package contains the OpenLDAP client utilities.
%package -n openldap2-devel %package -n openldap2-devel
License: BSD3c(or similar) ; openldap 2.8
Summary: Libraries, Header Files and Documentation for OpenLDAP Summary: Libraries, Header Files and Documentation for OpenLDAP
AutoReqProv: on
# bug437293 # bug437293
%ifarch ppc64 %ifarch ppc64
Obsoletes: openldap2-devel-64bit Obsoletes: openldap2-devel-64bit
@ -162,9 +144,7 @@ This package provides the OpenLDAP libraries, header files, and
documentation. documentation.
%package -n libldap-2_4-2 %package -n libldap-2_4-2
License: BSD3c(or similar) ; openldap 2.8
Summary: OpenLDAP Client Libraries Summary: OpenLDAP Client Libraries
AutoReqProv: on
Group: Productivity/Networking/LDAP/Clients Group: Productivity/Networking/LDAP/Clients
%description -n libldap-2_4-2 %description -n libldap-2_4-2
@ -178,18 +158,9 @@ This package contains the OpenLDAP client libraries.
%patch2 -p1 %patch2 -p1
%patch3 -p1 %patch3 -p1
%patch4 -p1 %patch4 -p1
%if %suse_version > 920
%patch5 -p1 %patch5 -p1
%endif
%patch6 -p1 %patch6 -p1
%patch7 -p1 %patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
cp %{SOURCE5} . cp %{SOURCE5} .
cp %{SOURCE6} . cp %{SOURCE6} .
cd ../openldap-2.3.37 cd ../openldap-2.3.37
@ -223,6 +194,7 @@ export STRIP=""
--enable-monitor=yes \ --enable-monitor=yes \
--enable-perl=mod \ --enable-perl=mod \
--enable-sql=mod \ --enable-sql=mod \
--enable-mdb=no \
--enable-slp \ --enable-slp \
--enable-overlays=mod \ --enable-overlays=mod \
--enable-syncprov=yes \ --enable-syncprov=yes \
@ -315,15 +287,17 @@ install -m 644 doc/guide/images/*.gif $RPM_BUILD_ROOT/%{DOCDIR}/images
install -m 644 doc/drafts/* $RPM_BUILD_ROOT/%{DOCDIR}/drafts install -m 644 doc/drafts/* $RPM_BUILD_ROOT/%{DOCDIR}/drafts
install -m 644 ANNOUNCEMENT \ install -m 644 ANNOUNCEMENT \
COPYRIGHT \ COPYRIGHT \
INSTALL \
LICENSE \ LICENSE \
README \ README \
CHANGES \ CHANGES \
%{SOURCE5} \ %{SOURCE5} \
%{SOURCE6} \ %{SOURCE6} \
$RPM_BUILD_ROOT/%{DOCDIR} $RPM_BUILD_ROOT/%{DOCDIR}
install -m 644 servers/slapd/slapd.ldif \
$RPM_BUILD_ROOT/%{DOCDIR}/slapd.ldif.default
rm -f $RPM_BUILD_ROOT/etc/openldap/DB_CONFIG.example rm -f $RPM_BUILD_ROOT/etc/openldap/DB_CONFIG.example
rm -f $RPM_BUILD_ROOT/etc/openldap/schema/README rm -f $RPM_BUILD_ROOT/etc/openldap/schema/README
rm -f $RPM_BUILD_ROOT/etc/openldap/slapd.ldif*
rm -f $RPM_BUILD_ROOT/var/run/slapd/openldap-data/DB_CONFIG.example rm -f $RPM_BUILD_ROOT/var/run/slapd/openldap-data/DB_CONFIG.example
mv servers/slapd/back-sql/rdbms_depend servers/slapd/back-sql/examples mv servers/slapd/back-sql/rdbms_depend servers/slapd/back-sql/examples
%if %suse_version < 1130 %if %suse_version < 1130
@ -333,6 +307,7 @@ install -m 755 ../openldap-2.3.37/servers/slapd/slapcat $RPM_BUILD_ROOT/usr/sbin
%endif %endif
rm -f $RPM_BUILD_ROOT/usr/lib/openldap/modules/*.a rm -f $RPM_BUILD_ROOT/usr/lib/openldap/modules/*.a
rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-dnssrv.5 rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-dnssrv.5
rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-mdb.5
rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-ndb.5 rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-ndb.5
rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-null.5 rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-null.5
rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-passwd.5 rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-passwd.5
@ -396,10 +371,10 @@ cat >openldap2.filelist <<EOF
%dir %{DOCDIR} %dir %{DOCDIR}
%doc %{DOCDIR}/ANNOUNCEMENT %doc %{DOCDIR}/ANNOUNCEMENT
%doc %{DOCDIR}/COPYRIGHT %doc %{DOCDIR}/COPYRIGHT
%doc %{DOCDIR}/INSTALL
%doc %{DOCDIR}/LICENSE %doc %{DOCDIR}/LICENSE
%doc %{DOCDIR}/README* %doc %{DOCDIR}/README*
%doc %{DOCDIR}/CHANGES %doc %{DOCDIR}/CHANGES
%doc %{DOCDIR}/slapd.ldif.default
EOF EOF
%if %suse_version < 1130 %if %suse_version < 1130
cat >>openldap2.filelist <<EOF cat >>openldap2.filelist <<EOF

View File

@ -1,3 +1,62 @@
-------------------------------------------------------------------
Wed Dec 7 11:10:19 UTC 2011 - cfarrell@suse.com
- license update: OLDAP-2.8
SPDX format (http://www.spdx.org/licenses)
-------------------------------------------------------------------
Fri Dec 2 16:11:01 UTC 2011 - rhafer@suse.de
- Update to 2.4.28
* Fixed back-mdb out of order slapadd (ITS#7090)
changes in OpenLDAP 2.4.27 Release (2011/11/24):
* Added slapd delta-syncrepl MMR (ITS#6734,ITS#7029,ITS#7031)
* Fixed ldapmodify crash with LDIF controls (ITS#7039)
* Fixed ldapsearch to honor timeout and timelimit (ITS#7009)
* Fixed libldap endless looping (ITS#7035)
* Fixed libldap TLS to not check hostname when using 'allow'
(ITS#7014)
* Fixed slapadd common code into slapcommon (ITS#6737)
* Fixed slapd backend connection initialization (ITS#6993)
* Fixed slapd frontend DB parsing in cn=config (ITS#7016)
* Fixed slapd hang with {numbered} overlay insertion (ITS#7030)
* Fixed slapd inet_ntop usage (ITS#6925)
* Fixed slapd cn=config deletion of bitmasks (ITS#7083)
* Fixed slapd cn=config modify replace/delete crash (ITS#7065)
* Fixed slapd schema UTF8StringNormalize with 0 length values
(ITS#7059)
* Fixed slapd with dynamic acls for cn=config (ITS#7066)
* Fixed slapd response callbacks (ITS#6059,ITS#7062)
* Fixed slapd no_connection warnings with ldapi
(ITS#6548,ITS#7092)
* Fixed slapd return code processing (ITS#7060)
* Fixed slapd sl_malloc various issues (ITS#6437)
* Fixed slapd startup behavior (ITS#6848)
* Fixed slapd syncrepl crash with non-replicated ops (ITS#6892)
* Fixed slapd syncrepl with modrdn (ITS#7000,ITS#6472)
* Fixed slapd syncrepl timeout when using refreshAndPersist
(ITS#6999)
* Fixed slapd syncrepl deletes need a non-empty CSN (ITS#7052)
* Fixed slapd syncrepl glue for empty suffix (ITS#7037)
* Fixed slapd results cleanup (ITS#6763,ITS#7053)
* Fixed slapd validation of args for TLSCertificateFile
(ITS#7012)
* Fixed slapd-bdb/hdb to build entry DN based on parent DN
(ITS#5326)
* Fixed slapd-hdb with zero-length entries (ITS#7073)
* Fixed slapd-hdb duplicate entries in subtree IDL cache
(ITS#6983)
* Fixed slapo-pcache response cleanup (ITS#6981)
* Fixed slapo-ppolicy pwdAllowUserChange behavior (ITS#7021)
* Fixed slapo-sssvlv issue with greaterThanorEqual (ITS#6985)
* Fixed slapo-sssvlv to only return requested attrs (ITS#7061)
* Fixed slapo-syncprov DSA attribute filtering for Persist mode
(ITS#7019)
* Fixed slapo-syncprov when consumer has newer state of our SID
(ITS#7040)
* Fixed slapo-syncprov crash (ITS#7025)
* Added missing LDIF form of schema files (ITS#7063)
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Nov 25 10:42:39 UTC 2011 - coolo@suse.com Fri Nov 25 10:42:39 UTC 2011 - coolo@suse.com

View File

@ -24,10 +24,10 @@ BuildRequires: cyrus-sasl-devel libopenssl-devel libtool
%if %sles_version == 9 || %sles_version == 10 %if %sles_version == 9 || %sles_version == 10
BuildRequires: -libopenssl-devel -pwdutils openssl-devel BuildRequires: -libopenssl-devel -pwdutils openssl-devel
%endif %endif
Version: 2.4.26 Version: 2.4.28
Release: 1 Release: 1
Url: http://www.openldap.org Url: http://www.openldap.org
License: BSD3c(or similar) ; openldap 2.8 License: OLDAP-2.8
%if "%{name}" == "openldap2" %if "%{name}" == "openldap2"
BuildRequires: db-devel openslp-devel tcpd-devel unixODBC-devel BuildRequires: db-devel openslp-devel tcpd-devel unixODBC-devel
%if %sles_version == 9 || %sles_version == 10 %if %sles_version == 9 || %sles_version == 10
@ -44,7 +44,6 @@ Conflicts: openldap-client
Requires: libldap-2_4-2 = %{version} Requires: libldap-2_4-2 = %{version}
Summary: The OpenLDAP commandline client tools Summary: The OpenLDAP commandline client tools
%endif %endif
AutoReqProv: on
Source: openldap-%{version}.tgz Source: openldap-%{version}.tgz
Source1: openldap-rc.tgz Source1: openldap-rc.tgz
Source2: addonschema.tar.gz Source2: addonschema.tar.gz
@ -59,15 +58,8 @@ Patch2: 0002-slapd.conf.dif
Patch3: 0003-LDAPI-socket-location.dif Patch3: 0003-LDAPI-socket-location.dif
Patch4: 0004-libldap-use-gethostbyname_r.dif Patch4: 0004-libldap-use-gethostbyname_r.dif
Patch5: 0005-pie-compile.dif Patch5: 0005-pie-compile.dif
Patch6: 0006-assorted-fixes-for-back-config-DELETE-support.dif Patch6: 0006-No-Build-date-and-time-in-binaries.dif
Patch7: 0007-No-Build-date-and-time-in-binaries.dif Patch7: 0007-Recover-on-DB-version-change.dif
Patch8: 0008-Recover-on-DB-version-change.dif
Patch9: 0009-unregister_supported_control-backport.dif
Patch10: 0010-Fix-exposure-of-SSS-VLV-controls-ITS-6647.dif
Patch11: 0011-config-delete-overlay-fixes.dif
Patch12: 0012-backport-ConfigLDAPdel-callback-from-current-master.dif
Patch13: 0013-UTF8StringNormalize-overrun-on-zero-length-string-ITS-.dif
Patch14: 0014-ITS-7066-reworked-default-deny-ACL-for-cn-config.dif
Patch100: openldap-2.3.37.dif Patch100: openldap-2.3.37.dif
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
%if "%{name}" == "openldap2" %if "%{name}" == "openldap2"
@ -79,10 +71,8 @@ access a stand-alone LDAP directory service or to access a directory
service that has an X.500 back-end. service that has an X.500 back-end.
%package -n openldap2-back-perl %package -n openldap2-back-perl
License: BSD3c(or similar) ; openldap 2.8
Summary: OpenLDAP Perl Back-End Summary: OpenLDAP Perl Back-End
Requires: openldap2 = %{version} perl = %{perl_version} Requires: openldap2 = %{version} perl = %{perl_version}
AutoReqProv: on
Group: Productivity/Networking/LDAP/Servers Group: Productivity/Networking/LDAP/Servers
%description -n openldap2-back-perl %description -n openldap2-back-perl
@ -90,10 +80,8 @@ The OpenLDAP Perl back-end allows you to execute Perl code specific to
different LDAP operations. different LDAP operations.
%package -n openldap2-back-meta %package -n openldap2-back-meta
License: BSD3c(or similar) ; openldap 2.8
Summary: OpenLDAP Meta Back-End Summary: OpenLDAP Meta Back-End
Requires: openldap2 = %{version} Requires: openldap2 = %{version}
AutoReqProv: on
Group: Productivity/Networking/LDAP/Servers Group: Productivity/Networking/LDAP/Servers
Provides: openldap2:/usr/share/man/man5/slapd-meta.5.gz Provides: openldap2:/usr/share/man/man5/slapd-meta.5.gz
@ -104,10 +92,8 @@ these servers can be presented as belonging to a single Directory
Information Tree (DIT). Information Tree (DIT).
%package -n openldap2-back-sql %package -n openldap2-back-sql
License: BSD3c(or similar) ; openldap 2.8
Summary: OpenLDAP SQL Back-End Summary: OpenLDAP SQL Back-End
Requires: openldap2 = %{version} Requires: openldap2 = %{version}
AutoReqProv: on
Group: Productivity/Networking/LDAP/Servers Group: Productivity/Networking/LDAP/Servers
%description -n openldap2-back-sql %description -n openldap2-back-sql
@ -116,10 +102,8 @@ stored in a Relational (SQL) Database as an LDAP subtree without the need
to do any programming. to do any programming.
%package -n openldap2-doc %package -n openldap2-doc
License: BSD3c(or similar) ; openldap 2.8
Summary: OpenLDAP Documentation Summary: OpenLDAP Documentation
Group: Documentation/Other Group: Documentation/Other
AutoReqProv: on
Provides: openldap2:/usr/share/doc/packages/openldap2/drafts/README Provides: openldap2:/usr/share/doc/packages/openldap2/drafts/README
%if 0%{?suse_version} > 1110 %if 0%{?suse_version} > 1110
BuildArch: noarch BuildArch: noarch
@ -134,9 +118,7 @@ The OpenLDAP Admin Guide plus a set of OpenLDAP related IETF internet drafts
This package contains the OpenLDAP client utilities. This package contains the OpenLDAP client utilities.
%package -n openldap2-devel %package -n openldap2-devel
License: BSD3c(or similar) ; openldap 2.8
Summary: Libraries, Header Files and Documentation for OpenLDAP Summary: Libraries, Header Files and Documentation for OpenLDAP
AutoReqProv: on
# bug437293 # bug437293
%ifarch ppc64 %ifarch ppc64
Obsoletes: openldap2-devel-64bit Obsoletes: openldap2-devel-64bit
@ -155,9 +137,7 @@ This package provides the OpenLDAP libraries, header files, and
documentation. documentation.
%package -n libldap-2_4-2 %package -n libldap-2_4-2
License: BSD3c(or similar) ; openldap 2.8
Summary: OpenLDAP Client Libraries Summary: OpenLDAP Client Libraries
AutoReqProv: on
Group: Productivity/Networking/LDAP/Clients Group: Productivity/Networking/LDAP/Clients
%description -n libldap-2_4-2 %description -n libldap-2_4-2
@ -171,18 +151,9 @@ This package contains the OpenLDAP client libraries.
%patch2 -p1 %patch2 -p1
%patch3 -p1 %patch3 -p1
%patch4 -p1 %patch4 -p1
%if %suse_version > 920
%patch5 -p1 %patch5 -p1
%endif
%patch6 -p1 %patch6 -p1
%patch7 -p1 %patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
cp %{SOURCE5} . cp %{SOURCE5} .
cp %{SOURCE6} . cp %{SOURCE6} .
cd ../openldap-2.3.37 cd ../openldap-2.3.37
@ -216,6 +187,7 @@ export STRIP=""
--enable-monitor=yes \ --enable-monitor=yes \
--enable-perl=mod \ --enable-perl=mod \
--enable-sql=mod \ --enable-sql=mod \
--enable-mdb=no \
--enable-slp \ --enable-slp \
--enable-overlays=mod \ --enable-overlays=mod \
--enable-syncprov=yes \ --enable-syncprov=yes \
@ -308,15 +280,17 @@ install -m 644 doc/guide/images/*.gif $RPM_BUILD_ROOT/%{DOCDIR}/images
install -m 644 doc/drafts/* $RPM_BUILD_ROOT/%{DOCDIR}/drafts install -m 644 doc/drafts/* $RPM_BUILD_ROOT/%{DOCDIR}/drafts
install -m 644 ANNOUNCEMENT \ install -m 644 ANNOUNCEMENT \
COPYRIGHT \ COPYRIGHT \
INSTALL \
LICENSE \ LICENSE \
README \ README \
CHANGES \ CHANGES \
%{SOURCE5} \ %{SOURCE5} \
%{SOURCE6} \ %{SOURCE6} \
$RPM_BUILD_ROOT/%{DOCDIR} $RPM_BUILD_ROOT/%{DOCDIR}
install -m 644 servers/slapd/slapd.ldif \
$RPM_BUILD_ROOT/%{DOCDIR}/slapd.ldif.default
rm -f $RPM_BUILD_ROOT/etc/openldap/DB_CONFIG.example rm -f $RPM_BUILD_ROOT/etc/openldap/DB_CONFIG.example
rm -f $RPM_BUILD_ROOT/etc/openldap/schema/README rm -f $RPM_BUILD_ROOT/etc/openldap/schema/README
rm -f $RPM_BUILD_ROOT/etc/openldap/slapd.ldif*
rm -f $RPM_BUILD_ROOT/var/run/slapd/openldap-data/DB_CONFIG.example rm -f $RPM_BUILD_ROOT/var/run/slapd/openldap-data/DB_CONFIG.example
mv servers/slapd/back-sql/rdbms_depend servers/slapd/back-sql/examples mv servers/slapd/back-sql/rdbms_depend servers/slapd/back-sql/examples
%if %suse_version < 1130 %if %suse_version < 1130
@ -326,6 +300,7 @@ install -m 755 ../openldap-2.3.37/servers/slapd/slapcat $RPM_BUILD_ROOT/usr/sbin
%endif %endif
rm -f $RPM_BUILD_ROOT/usr/lib/openldap/modules/*.a rm -f $RPM_BUILD_ROOT/usr/lib/openldap/modules/*.a
rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-dnssrv.5 rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-dnssrv.5
rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-mdb.5
rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-ndb.5 rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-ndb.5
rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-null.5 rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-null.5
rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-passwd.5 rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-passwd.5
@ -389,10 +364,10 @@ cat >openldap2.filelist <<EOF
%dir %{DOCDIR} %dir %{DOCDIR}
%doc %{DOCDIR}/ANNOUNCEMENT %doc %{DOCDIR}/ANNOUNCEMENT
%doc %{DOCDIR}/COPYRIGHT %doc %{DOCDIR}/COPYRIGHT
%doc %{DOCDIR}/INSTALL
%doc %{DOCDIR}/LICENSE %doc %{DOCDIR}/LICENSE
%doc %{DOCDIR}/README* %doc %{DOCDIR}/README*
%doc %{DOCDIR}/CHANGES %doc %{DOCDIR}/CHANGES
%doc %{DOCDIR}/slapd.ldif.default
EOF EOF
%if %suse_version < 1130 %if %suse_version < 1130
cat >>openldap2.filelist <<EOF cat >>openldap2.filelist <<EOF