From 778482e49ed22cab5e217722dfc6e96e64f574b357342bec928bf52deec3a85c Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Mon, 18 Dec 2006 23:17:14 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openldap2?expand=0&rev=1 --- .gitattributes | 23 + .gitignore | 1 + DB_CONFIG | 5 + addonschema.tar.gz | 3 + back-perl-init.dif | 146 +++++ check-build.sh | 29 + ldap_conf.dif | 8 + ldapi_url.dif | 11 + libldap-gethostbyname_r.dif | 20 + libldap-manpages.dif | 994 +++++++++++++++++++++++++++++++++++ libldap-sasl_bind-assert.dif | 56 ++ openldap-2.3.27.tar.bz2 | 3 + openldap-admin-guide.tar.bz2 | 3 + openldap-ntlm.diff | 189 +++++++ openldap-rc.tgz | 3 + openldap2-client.changes | 926 ++++++++++++++++++++++++++++++++ openldap2-client.spec | 847 +++++++++++++++++++++++++++++ openldap2.changes | 926 ++++++++++++++++++++++++++++++++ openldap2.dif | 44 ++ openldap2.spec | 850 ++++++++++++++++++++++++++++++ pie-compile.dif | 170 ++++++ pre_checkin.sh | 11 + ready | 0 sasl-slapd.conf | 1 + secpatch.dif | 16 + slapd_chain_return_error.dif | 133 +++++ slapd_conf.dif | 100 ++++ 27 files changed, 5518 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 DB_CONFIG create mode 100644 addonschema.tar.gz create mode 100644 back-perl-init.dif create mode 100644 check-build.sh create mode 100644 ldap_conf.dif create mode 100644 ldapi_url.dif create mode 100644 libldap-gethostbyname_r.dif create mode 100644 libldap-manpages.dif create mode 100644 libldap-sasl_bind-assert.dif create mode 100644 openldap-2.3.27.tar.bz2 create mode 100644 openldap-admin-guide.tar.bz2 create mode 100644 openldap-ntlm.diff create mode 100644 openldap-rc.tgz create mode 100644 openldap2-client.changes create mode 100644 openldap2-client.spec create mode 100644 openldap2.changes create mode 100644 openldap2.dif create mode 100644 openldap2.spec create mode 100644 pie-compile.dif create mode 100644 pre_checkin.sh create mode 100644 ready create mode 100644 sasl-slapd.conf create mode 100644 secpatch.dif create mode 100644 slapd_chain_return_error.dif create mode 100644 slapd_conf.dif diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/DB_CONFIG b/DB_CONFIG new file mode 100644 index 0000000..714a8c2 --- /dev/null +++ b/DB_CONFIG @@ -0,0 +1,5 @@ +set_cachesize 0 15000000 1 +set_lg_regionmax 262144 +set_lg_bsize 2097152 +set_flags DB_LOG_AUTOREMOVE + diff --git a/addonschema.tar.gz b/addonschema.tar.gz new file mode 100644 index 0000000..6dd57ac --- /dev/null +++ b/addonschema.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:15df0033de48dd895e7c01da77f98848e23218fa109ecbedb789229d59dad459 +size 3227 diff --git a/back-perl-init.dif b/back-perl-init.dif new file mode 100644 index 0000000..735b40d --- /dev/null +++ b/back-perl-init.dif @@ -0,0 +1,146 @@ +Index: servers/slapd/back-perl/init.c +=================================================================== +--- servers/slapd/back-perl/init.c.orig ++++ servers/slapd/back-perl/init.c +@@ -35,7 +35,9 @@ perl_back_initialize( + BackendInfo *bi + ) + { +- bi->bi_open = perl_back_open; ++ char *embedding[] = { "", "-e", "0" }; ++ ++ bi->bi_open = NULL; + bi->bi_config = 0; + bi->bi_close = perl_back_close; + bi->bi_destroy = 0; +@@ -63,16 +65,7 @@ perl_back_initialize( + bi->bi_connection_init = 0; + bi->bi_connection_destroy = 0; + +- return 0; +-} +- +-int +-perl_back_open( +- BackendInfo *bi +-) +-{ +- char *embedding[] = { "", "-e", "0" }; +- ++ /* injecting code from perl_back_open, because using fonction reference (bi->bi_open) is not functional */ + Debug( LDAP_DEBUG_TRACE, "perl backend open\n", 0, 0, 0 ); + + if( PERL_INTERPRETER != NULL ) { +Index: servers/slapd/back-perl/proto-perl.h +=================================================================== +--- servers/slapd/back-perl/proto-perl.h.orig ++++ servers/slapd/back-perl/proto-perl.h +@@ -22,7 +22,6 @@ LDAP_BEGIN_DECL + + extern BI_init perl_back_initialize; + +-extern BI_open perl_back_open; + extern BI_close perl_back_close; + + extern BI_db_init perl_back_db_init; +Index: servers/slapd/back-perl/bind.c +=================================================================== +--- servers/slapd/back-perl/bind.c.orig ++++ servers/slapd/back-perl/bind.c +@@ -32,7 +32,7 @@ perl_back_bind( + + PerlBackend *perl_back = (PerlBackend *) op->o_bd->be_private; + +-#ifdef HAVE_WIN32_ASPERL ++#if defined(HAVE_WIN32_ASPERL) || defined(USE_ITHREADS) + PERL_SET_CONTEXT( PERL_INTERPRETER ); + #endif + +Index: servers/slapd/back-perl/add.c +=================================================================== +--- servers/slapd/back-perl/add.c.orig ++++ servers/slapd/back-perl/add.c +@@ -26,6 +26,10 @@ perl_back_add( + int len; + int count; + ++#if defined(HAVE_WIN32_ASPERL) || defined(USE_ITHREADS) ++ PERL_SET_CONTEXT( PERL_INTERPRETER ); ++#endif ++ + ldap_pvt_thread_mutex_lock( &perl_interpreter_mutex ); + ldap_pvt_thread_mutex_lock( &entry2str_mutex ); + +Index: servers/slapd/back-perl/compare.c +=================================================================== +--- servers/slapd/back-perl/compare.c.orig ++++ servers/slapd/back-perl/compare.c +@@ -41,6 +41,10 @@ perl_back_compare( + op->orc_ava->aa_desc->ad_cname.bv_val ), "=" ), + op->orc_ava->aa_value.bv_val ); + ++#if defined(HAVE_WIN32_ASPERL) || defined(USE_ITHREADS) ++ PERL_SET_CONTEXT( PERL_INTERPRETER ); ++#endif ++ + ldap_pvt_thread_mutex_lock( &perl_interpreter_mutex ); + + { +Index: servers/slapd/back-perl/delete.c +=================================================================== +--- servers/slapd/back-perl/delete.c.orig ++++ servers/slapd/back-perl/delete.c +@@ -25,6 +25,10 @@ perl_back_delete( + PerlBackend *perl_back = (PerlBackend *) op->o_bd->be_private; + int count; + ++#if defined(HAVE_WIN32_ASPERL) || defined(USE_ITHREADS) ++ PERL_SET_CONTEXT( PERL_INTERPRETER ); ++#endif ++ + ldap_pvt_thread_mutex_lock( &perl_interpreter_mutex ); + + { +Index: servers/slapd/back-perl/modify.c +=================================================================== +--- servers/slapd/back-perl/modify.c.orig ++++ servers/slapd/back-perl/modify.c +@@ -27,7 +27,9 @@ perl_back_modify( + int count; + int i; + +- ++#if defined(HAVE_WIN32_ASPERL) || defined(USE_ITHREADS) ++ PERL_SET_CONTEXT( PERL_INTERPRETER ); ++#endif + ldap_pvt_thread_mutex_lock( &perl_interpreter_mutex ); + + { +Index: servers/slapd/back-perl/modrdn.c +=================================================================== +--- servers/slapd/back-perl/modrdn.c.orig ++++ servers/slapd/back-perl/modrdn.c +@@ -25,6 +25,9 @@ perl_back_modrdn( + PerlBackend *perl_back = (PerlBackend *) op->o_bd->be_private; + int count; + ++#if defined(HAVE_WIN32_ASPERL) || defined(USE_ITHREADS) ++ PERL_SET_CONTEXT( PERL_INTERPRETER ); ++#endif + ldap_pvt_thread_mutex_lock( &perl_interpreter_mutex ); + + { +Index: servers/slapd/back-perl/search.c +=================================================================== +--- servers/slapd/back-perl/search.c.orig ++++ servers/slapd/back-perl/search.c +@@ -34,6 +34,9 @@ perl_back_search( + char *buf; + int i; + ++#if defined(HAVE_WIN32_ASPERL) || defined(USE_ITHREADS) ++ PERL_SET_CONTEXT( PERL_INTERPRETER ); ++#endif + ldap_pvt_thread_mutex_lock( &perl_interpreter_mutex ); + + { diff --git a/check-build.sh b/check-build.sh new file mode 100644 index 0000000..b6e81e0 --- /dev/null +++ b/check-build.sh @@ -0,0 +1,29 @@ +#!/bin/bash +# Copyright (c) 2003 SuSE Linux AG, Germany. All rights reserved. +# +# Authors: Thorsten Kukuk +# +# this script use the following variable(s): +# +# - $BUILD_DIST +# + +case $BUILD_BASENAME in + *axp*|*i386|*i686|*ia64|*ppc|*ppc64|*s390|*s390x|*x86_64) + grep "Linux version 2.[0-5].[0-9][0-9]" /proc/version > /dev/null + if [ $? -ne 1 ]; then + echo "FATAL: kernel too old, need kernel >= 2.6.4 for this package" + exit 1 + fi + grep "Linux version 2.6.[0-3]-" /proc/version > /dev/null + if [ $? -eq 0 ]; then + echo "FATAL: kernel too old, need kernel >= 2.6.4 for this package" + exit 1 + fi + ;; + *) + ;; +esac + +exit 0 + diff --git a/ldap_conf.dif b/ldap_conf.dif new file mode 100644 index 0000000..ac0bce8 --- /dev/null +++ b/ldap_conf.dif @@ -0,0 +1,8 @@ +--- libraries/libldap/ldap.conf 2004/04/01 09:43:12 1.1 ++++ libraries/libldap/ldap.conf 2004/04/01 09:50:42 +@@ -11,3 +11,5 @@ + #SIZELIMIT 12 + #TIMELIMIT 15 + #DEREF never ++TLS_REQCERT allow ++ diff --git a/ldapi_url.dif b/ldapi_url.dif new file mode 100644 index 0000000..b8eb3f9 --- /dev/null +++ b/ldapi_url.dif @@ -0,0 +1,11 @@ +--- include/ldap_defaults.h 2004/04/14 14:13:27 1.1 ++++ include/ldap_defaults.h 2004/04/14 14:14:01 +@@ -39,7 +39,7 @@ + #define LDAP_ENV_PREFIX "LDAP" + + /* default ldapi:// socket */ +-#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "run" LDAP_DIRSEP "ldapi" ++#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "ldapi" + + /* + * SLAPD DEFINITIONS diff --git a/libldap-gethostbyname_r.dif b/libldap-gethostbyname_r.dif new file mode 100644 index 0000000..a653681 --- /dev/null +++ b/libldap-gethostbyname_r.dif @@ -0,0 +1,20 @@ +--- libraries/libldap/util-int.c 2005/08/23 16:07:09 1.1 ++++ libraries/libldap/util-int.c 2005/08/23 16:16:03 +@@ -52,7 +52,7 @@ + #ifndef LDAP_R_COMPILE + # undef HAVE_REENTRANT_FUNCTIONS + # undef HAVE_CTIME_R +-# undef HAVE_GETHOSTBYNAME_R ++/* # undef HAVE_GETHOSTBYNAME_R */ + # undef HAVE_GETHOSTBYADDR_R + + #else +@@ -110,7 +110,7 @@ + #define BUFSTART (1024-32) + #define BUFMAX (32*1024-32) + +-#if defined(LDAP_R_COMPILE) ++#if defined(LDAP_R_COMPILE) || defined(HAVE_GETHOSTBYNAME_R) + static char *safe_realloc( char **buf, int len ); + + #if !(defined(HAVE_GETHOSTBYNAME_R) && defined(HAVE_GETHOSTBYADDR_R)) diff --git a/libldap-manpages.dif b/libldap-manpages.dif new file mode 100644 index 0000000..c855076 --- /dev/null +++ b/libldap-manpages.dif @@ -0,0 +1,994 @@ +--- openldap-2.3.19.orig/doc/man/man3/Makefile.in ++++ openldap-2.3.19/doc/man/man3/Makefile.in +@@ -1,16 +1,16 @@ +-# man3 Makefile.in for OpenLDAP +-# $OpenLDAP: pkg/ldap/doc/man/man3/Makefile.in,v 1.8.2.4 2006/01/03 22:16:04 kurt Exp $ +-## This work is part of OpenLDAP Software . +-## +-## Copyright 1998-2006 The OpenLDAP Foundation. +-## All rights reserved. +-## +-## Redistribution and use in source and binary forms, with or without +-## modification, are permitted only as authorized by the OpenLDAP +-## Public License. +-## +-## A copy of this license is available in the file LICENSE in the +-## top-level directory of the distribution or, alternatively, at +-## . +- +-MANSECT=3 ++# man3 Makefile.in for OpenLDAP ++# $OpenLDAP: pkg/ldap/doc/man/man3/Makefile.in,v 1.11 2006/01/03 22:12:04 kurt Exp $ ++## This work is part of OpenLDAP Software . ++## ++## Copyright 1998-2006 The OpenLDAP Foundation. ++## All rights reserved. ++## ++## Redistribution and use in source and binary forms, with or without ++## modification, are permitted only as authorized by the OpenLDAP ++## Public License. ++## ++## A copy of this license is available in the file LICENSE in the ++## top-level directory of the distribution or, alternatively, at ++## . ++ ++MANSECT=3 +Index: openldap-2.3.19/doc/man/man3/lber-decode.3 +=================================================================== +--- openldap-2.3.19.orig/doc/man/man3/lber-decode.3 ++++ openldap-2.3.19/doc/man/man3/lber-decode.3 +@@ -1,5 +1,5 @@ + .TH LBER_DECODE 3 "RELEASEDATE" "OpenLDAP LDVERSION" +-.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-decode.3,v 1.21.2.3 2006/01/03 22:16:04 kurt Exp $ ++.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-decode.3,v 1.23 2006/01/03 22:12:04 kurt Exp $ + .\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved. + .\" Copying restrictions apply. See COPYRIGHT/LICENSE. + .SH NAME +Index: openldap-2.3.19/doc/man/man3/lber-encode.3 +=================================================================== +--- openldap-2.3.19.orig/doc/man/man3/lber-encode.3 ++++ openldap-2.3.19/doc/man/man3/lber-encode.3 +@@ -1,5 +1,5 @@ + .TH LBER_ENCODE 3 "RELEASEDATE" "OpenLDAP LDVERSION" +-.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-encode.3,v 1.19.2.3 2006/01/03 22:16:04 kurt Exp $ ++.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-encode.3,v 1.21 2006/01/03 22:12:04 kurt Exp $ + .\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved. + .\" Copying restrictions apply. See COPYRIGHT/LICENSE. + .SH NAME +Index: openldap-2.3.19/doc/man/man3/lber-memory.3 +=================================================================== +--- openldap-2.3.19.orig/doc/man/man3/lber-memory.3 ++++ openldap-2.3.19/doc/man/man3/lber-memory.3 +@@ -1,5 +1,5 @@ + .TH LBER_MEMORY 3 "RELEASEDATE" "OpenLDAP LDVERSION" +-.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-memory.3,v 1.12.2.3 2006/01/03 22:16:04 kurt Exp $ ++.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-memory.3,v 1.14 2006/01/03 22:12:04 kurt Exp $ + .\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved. + .\" Copying restrictions apply. See COPYRIGHT/LICENSE. + .SH NAME +Index: openldap-2.3.19/doc/man/man3/lber-types.3 +=================================================================== +--- openldap-2.3.19.orig/doc/man/man3/lber-types.3 ++++ openldap-2.3.19/doc/man/man3/lber-types.3 +@@ -1,5 +1,5 @@ + .TH LBER_TYPES 3 "RELEASEDATE" "OpenLDAP LDVERSION" +-.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-types.3,v 1.16.2.3 2006/01/03 22:16:04 kurt Exp $ ++.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-types.3,v 1.19 2006/01/03 22:12:04 kurt Exp $ + .\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved. + .\" Copying restrictions apply. See COPYRIGHT/LICENSE. + .SH NAME +Index: openldap-2.3.19/doc/man/man3/ldap.3 +=================================================================== +--- openldap-2.3.19.orig/doc/man/man3/ldap.3 ++++ openldap-2.3.19/doc/man/man3/ldap.3 +@@ -1,5 +1,5 @@ + .TH LDAP 3 "RELEASEDATE" "OpenLDAP LDVERSION" +-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap.3,v 1.34.2.5 2006/01/03 22:16:04 kurt Exp $ ++.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap.3,v 1.40 2006/01/03 22:12:04 kurt Exp $ + .\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved. + .\" Copying restrictions apply. See COPYRIGHT/LICENSE. + .SH NAME +@@ -39,16 +39,21 @@ created using + and set the protocol version to 3 by calling + .BR ldap_set_option (3). + The underlying session is established first operation is +-issued. This would generally be a Start TLS or Bind operation. ++issued. This would generally be a Start TLS or Bind operation, ++or a Search operation to read attributes of the Root DSE. + A Start TLS operation is performed by calling + .BR ldap_start_tls_s (3). + A LDAP bind operation is performed by calling + .BR ldap_sasl_bind (3) +-or one of its friends. Subsequently, other operations are performed ++or one of its friends. ++A Search operation is performed by calling ldap_search_ext_s(3) ++or one of its friends. ++ ++Subsequently, additional operations are performed + by calling one of the synchronous or asynchronous routines (e.g., +-.BR ldap_search_ext_s (3) ++.BR ldap_compare_ext_s (3) + or +-.BR ldap_search_ext (3) ++.BR ldap_compare_ext (3) + followed by + .BR ldap_result (3)). + Results returned from these routines are interpreted by calling the +Index: openldap-2.3.19/doc/man/man3/ldap_abandon.3 +=================================================================== +--- openldap-2.3.19.orig/doc/man/man3/ldap_abandon.3 ++++ openldap-2.3.19/doc/man/man3/ldap_abandon.3 +@@ -1,5 +1,5 @@ + .TH LDAP_ABANDON 3 "RELEASEDATE" "OpenLDAP LDVERSION" +-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_abandon.3,v 1.15.2.3 2006/01/03 22:16:04 kurt Exp $ ++.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_abandon.3,v 1.17 2006/01/03 22:12:04 kurt Exp $ + .\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved. + .\" Copying restrictions apply. See COPYRIGHT/LICENSE. + .SH NAME +Index: openldap-2.3.19/doc/man/man3/ldap_add.3 +=================================================================== +--- openldap-2.3.19.orig/doc/man/man3/ldap_add.3 ++++ openldap-2.3.19/doc/man/man3/ldap_add.3 +@@ -1,5 +1,5 @@ + .TH LDAP_ADD 3 "RELEASEDATE" "OpenLDAP LDVERSION" +-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_add.3,v 1.15.2.3 2006/01/03 22:16:04 kurt Exp $ ++.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_add.3,v 1.17 2006/01/03 22:12:04 kurt Exp $ + .\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved. + .\" Copying restrictions apply. See COPYRIGHT/LICENSE. + .SH NAME +Index: openldap-2.3.19/doc/man/man3/ldap_bind.3 +=================================================================== +--- openldap-2.3.19.orig/doc/man/man3/ldap_bind.3 ++++ openldap-2.3.19/doc/man/man3/ldap_bind.3 +@@ -1,9 +1,9 @@ + .TH LDAP_BIND 3 "RELEASEDATE" "OpenLDAP LDVERSION" +-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_bind.3,v 1.16.2.4 2006/01/03 22:16:04 kurt Exp $ ++.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_bind.3,v 1.19 2006/01/03 22:12:04 kurt Exp $ + .\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved. + .\" Copying restrictions apply. See COPYRIGHT/LICENSE. + .SH NAME +-ldap_bind, ldap_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_sasl_bind, ldap_sasl_bind_s, ldap_sasl_interactive_bind_s, ldap_parse_sasl_bind_result, ldap_unbind, ldap_unbind_s \- LDAP bind routines ++ldap_bind, ldap_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_sasl_bind, ldap_sasl_bind_s, ldap_sasl_interactive_bind_s, ldap_parse_sasl_bind_result, ldap_unbind, ldap_unbind_s, ldap_unbind_ext, ldap_unbind_ext_s, ldap_set_rebind_proc \- LDAP bind routines + .SH LIBRARY + OpenLDAP LDAP (libldap, -lldap) + .SH SYNOPSIS +@@ -58,6 +58,18 @@ OpenLDAP LDAP (libldap, -lldap) + .\" .ft + .\" LDAP *ld; + .\" int (*rebindproc)(); ++.LP ++.BI "int ldap_unbind_ext(LDAP *" ld ", LDAPControl *" sctrls "[]," ++.RS ++.BI LDAPControl *" cctrls "[]);" ++.RE ++.LP ++.BI "int ldap_unbind_ext_s(LDAP *" ld ", LDAPControl *" sctrls "[]," ++.RS ++.BI LDAPControl *" cctrls "[]);" ++.RE ++.LP ++.BI "int ldap_set_rebind_proc (LDAP *" ld ", LDAP_REBIND_PROC *" ldap_proc ", void *" params);" + .SH DESCRIPTION + .LP + These routines provide various interfaces to the LDAP bind operation. +@@ -79,7 +91,6 @@ Both synchronous and asynchronous versio + call are provided. All routines + take \fIld\fP as their first parameter, as returned from + .BR ldap_init (3). +-.LP + .SH SIMPLE AUTHENTICATION + The simplest form of the bind call is + .BR ldap_simple_bind_s() . +@@ -110,6 +121,41 @@ returns the message id of the request it + returns an LDAP error indication. + .SH SASL AUTHENTICATION + Description still under construction... ++.SH REBINDING ++.LP ++The ++.B ldap_set_rebind_proc ++function() sets the process to use for binding when an operation returns a ++referral. This function is used when an application needs to bind to another server ++in order to follow a referral or search continuation reference. ++.LP ++The function takes \fIld\fP, the \fIrebind\fP function, and the \fIparams\fP, ++the arbitrary data like state information which the client might need to properly rebind. ++The LDAP_OPT_REFERRALS option in the \fIld\fP must be set to ON for the libraries ++to use the rebind function. Use the ++.BR ldap_set_option ++function to set the value. ++.LP ++The rebind function has the following syntax. ++.B int rebind_function (LDAP *ld, const char *url,int request,ber_int_t msgid); ++.LP ++The \fIld\fP parameter must be used by the application when binding to the ++referred server if the application wants the libraries to follow the referral. ++.LP ++The \fIurl\fP parameter points to the URL referral string received from the LDAP server. ++The LDAP application can use the ++.BR ldap_url_parse() ++.LP ++The \fIrequest\fP parameter specifies the request operation that generated the referral. ++function to parse the string into its components. ++.LP ++The \fImsgid\fP parameter specifies the message ID of the request generating the referral. ++.LP ++The LDAP libraries set all the parameters when they call the rebind function. The application ++should not attempt to free either the ld or the url structures in the rebind function. ++.LP ++The application must supply to the rebind function the required authentication information such as, ++user name, password, and certificates. The rebind function must use a synchronous bind method. + .SH UNBINDING + The + .B ldap_unbind() +@@ -154,16 +200,32 @@ both of these calls are synchronous in n + .\" If anything but LDAP_SUCCESS is returned by the first call to + .\" the rebindproc, then referral processing is stopped and that error code + .\" is returned for the original LDAP operation. ++.LP ++The ++.B ldap_unbind_ext() ++and ++.B ldap_unbind_ext_s() ++allows the operations to sepicify controls. + .SH ERRORS + Asynchronous routines will return -1 in case of error, setting the + \fIld_errno\fP parameter of the \fIld\fP structure. Synchronous + routines return whatever \fIld_errno\fP is set to. See + .BR ldap_error (3) + for more information. ++.SH NOTES ++If an anonymous bind is sufficient for the application,the rebind process ++need not be provided. The LDAP libraries with the LDAP_OPT_REFERRALS option ++set to ON (default value) will automatically follow referrals using an anonymous bind. ++.LP ++If the application needs stronger authentication than an anonymous bind, ++you need to provide a rebind process for that authentication method. ++The bind method must be synchronous. + .SH SEE ALSO + .BR ldap (3), + .BR ldap_error (3), + .BR ldap_open (3), ++.BR ldap_set_option (3), ++.BR ldap_url_parse (3) + .B RFC 2222 + (http://www.ietf.org), + .B Cyrus SASL +Index: openldap-2.3.19/doc/man/man3/ldap_bind.3.links +=================================================================== +--- openldap-2.3.19.orig/doc/man/man3/ldap_bind.3.links ++++ openldap-2.3.19/doc/man/man3/ldap_bind.3.links +@@ -7,3 +7,4 @@ ldap_unbind.3 + ldap_unbind_ext.3 + ldap_unbind_s.3 + ldap_unbind_ext_s.3 ++ldap_set_rebind_proc.3 +Index: openldap-2.3.19/doc/man/man3/ldap_compare.3 +=================================================================== +--- openldap-2.3.19.orig/doc/man/man3/ldap_compare.3 ++++ openldap-2.3.19/doc/man/man3/ldap_compare.3 +@@ -1,9 +1,9 @@ + .TH LDAP_COMPARE 3 "RELEASEDATE" "OpenLDAP LDVERSION" +-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_compare.3,v 1.13.2.3 2006/01/03 22:16:04 kurt Exp $ ++.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_compare.3,v 1.15 2006/01/03 22:12:04 kurt Exp $ + .\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved. + .\" Copying restrictions apply. See COPYRIGHT/LICENSE. + .SH NAME +-ldap_compare, ldap_compare_s \- Perform an LDAP compare operation ++ldap_compare, ldap_compare_s, ldap_compare_ext, ldap_compare_ext_s \- Perform an LDAP compare operation. + .SH LIBRARY + OpenLDAP LDAP (libldap, -lldap) + .SH SYNOPSIS +@@ -22,6 +22,23 @@ int ldap_compare(ld, dn, attr, value) + .ft + LDAP *ld; + char *dn, *attr, *value; ++.LP ++.ft B ++int ldap_compare_ext(ld, dn, attr, bvalue, serverctrls, clientctrls, msgidp) ++.ft ++LDAP *ld; ++char *dn, *attr; ++const struct berval *bvalue; ++LDAPControl **serverctrls, **clientctrls; ++int *msgidp; ++.LP ++.ft B ++int ldap_compare_ext_s(ld, dn, attr, bvalue, serverctrls, clientctrls) ++.ft ++LDAP *ld; ++char *dn, *attr; ++const struct berval *bvalue; ++LDAPControl **serverctrls, **clientctrls; + .SH DESCRIPTION + The + .B ldap_compare_s() +@@ -40,6 +57,20 @@ asynchronously. It takes the same param + but returns the message id of the request it initiated. The result of + the compare can be obtained by a subsequent call to + .BR ldap_result (3). ++.LP ++The ++.B ldap_compare_ext() ++routine allows server and client controls to be ++specified to extend the compare request. This routine is asynchronous like ++ldap_compare(), but its return value is an LDAP error code. It stores the ++message id of the request in the integer pointed to by msgidp. ++.LP ++The ++.B ldap_compare_ext_s() ++routine is the synchronous version of ++.BR ldap_compare_ext(). ++It also returns an LDAP error code indicating success ++or failure of the operation. + .SH ERRORS + .B ldap_compare_s() + returns an LDAP error code which can be interpreted +@@ -48,6 +79,12 @@ by calling one of + and friends. ldap_compare() returns + -1 if something went wrong initiating the request. It returns the + non-negative message id of the request if things went ok. ++.LP ++.B ldap_compare_ext_s() ++and ++.B ldap_compare_ext() ++return some Non-zero value other than 0x05 or 0x06 in case of failure. ++0x05 corresponds to LDAP_COMPARE_FALSE and 0x06 corresponds to LDAP_COMPARE_TRUE. + .SH BUGS + There is no way to compare binary values, but there should be. + .SH SEE ALSO +Index: openldap-2.3.19/doc/man/man3/ldap_delete.3 +=================================================================== +--- openldap-2.3.19.orig/doc/man/man3/ldap_delete.3 ++++ openldap-2.3.19/doc/man/man3/ldap_delete.3 +@@ -1,9 +1,9 @@ + .TH LDAP_DELETE 3 "RELEASEDATE" "OpenLDAP LDVERSION" +-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_delete.3,v 1.13.2.3 2006/01/03 22:16:04 kurt Exp $ ++.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_delete.3,v 1.15 2006/01/03 22:12:04 kurt Exp $ + .\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved. + .\" Copying restrictions apply. See COPYRIGHT/LICENSE. + .SH NAME +-ldap_delete, ldap_delete_s \- Perform an LDAP delete operation ++ldap_delete, ldap_delete_s, ldap_delete_ext, ldap_delete_ext_s \- Perform an LDAP delete operation. + .SH LIBRARY + OpenLDAP LDAP (libldap, -lldap) + .SH SYNOPSIS +@@ -22,22 +22,51 @@ int ldap_delete(ld, dn) + .ft + LDAP *ld; + char *dn; ++.LP ++.ft B ++int ldap_delete_ext(ld, dn, serverctrls, clientctrls, msgidp) ++.ft ++LDAP *ld; ++char *dn; ++LDAPControl **serverctrls, **clientctrls; ++int *msgidp; ++.LP ++.ft B ++int ldap_delete_ext_s(ld, dn, serverctrls, clientctrls) ++.ft ++LDAP *ld; ++char *dn; ++LDAPControl **serverctrls, **clientctrls; + .SH DESCRIPTION + The + .B ldap_delete_s() + routine is used to perform an LDAP delete operation +-synchronously. It takes \fIdn\fP, the DN of the entry to be deleted. ++synchronously. It takes \fIdn\fP, the DN of the entry to be deleted. + It returns an LDAP error code, indicating the success or failure of the + operation. + .LP + The + .B ldap_delete() + routine is used to perform an LDAP delete operation +-asynchronously. It takes the same parameters as +-.BR ldap_delete_s() , +-but returns the message id of the request it initiated. The result of ++asynchronously. It takes the same parameters as ++.BR ldap_delete_s(), ++but returns the message id of the request it initiated. The result of + the delete can be obtained by a subsequent call to + .BR ldap_result (3). ++.LP ++The ++.B ldap_delete_ext() ++routine allows server and client controls to be ++specified to extend the delete request. This routine is asynchronous like ++ldap_delete(), but its return value is an LDAP error code. It stores the ++message id of the request in the integer pointed to by msgidp. ++.LP ++The ++.B ldap_delete_ext_s() ++routine is the synchronous version of ++.BR ldap_delete_ext(). ++It also returns an LDAP error code indicating success ++or failure of the operation. + .SH ERRORS + .B ldap_delete_s() + returns an LDAP error code which can be interpreted +@@ -45,8 +74,14 @@ by calling one of + .BR ldap_perror (3) + and friends. + .B ldap_delete() +-returns -1 if something went wrong initiating the request. It returns the ++returns -1 if something went wrong initiating the request. It returns the + non-negative message id of the request if things went ok. ++.LP ++.B ldap_delete_ext() ++and ++.B ldap_delete_ext_s() ++return some Non-zero value if ++something went wrong initiating the request, else return 0. + .SH SEE ALSO + .BR ldap (3), + .BR ldap_error (3) +Index: openldap-2.3.19/doc/man/man3/ldap_error.3 +=================================================================== +--- openldap-2.3.19.orig/doc/man/man3/ldap_error.3 ++++ openldap-2.3.19/doc/man/man3/ldap_error.3 +@@ -1,5 +1,5 @@ + .TH LDAP_ERROR 3 "RELEASEDATE" "OpenLDAP LDVERSION" +-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_error.3,v 1.19.2.3 2006/01/03 22:16:04 kurt Exp $ ++.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_error.3,v 1.21 2006/01/03 22:12:04 kurt Exp $ + .\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved. + .\" Copying restrictions apply. See COPYRIGHT/LICENSE. + .SH NAME +Index: openldap-2.3.19/doc/man/man3/ldap_extended_operation.3 +=================================================================== +--- /dev/null ++++ openldap-2.3.19/doc/man/man3/ldap_extended_operation.3 +@@ -0,0 +1,64 @@ ++.TH LDAP_EXTENDED_OPERATION 3 "RELEASEDATE" "OpenLDAP LDVERSION" ++.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_extended_operation.3,v 1.17 2006/01/03 22:12:04 kurt Exp $ ++.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved. ++.\" Copying restrictions apply. See COPYRIGHT/LICENSE. ++.SH NAME ++ldap_extended_operation, ldap_extended_operation_s \- Extends the LDAP operations to the LDAP server. ++.SH LIBRARY ++OpenLDAP LDAP (libldap, -lldap) ++.SH SYNOPSIS ++.nf ++.ft B ++#include ++.LP ++.ft B ++int ldap_extended_operation( ld, requestoid, requestdata, sctrls[], cctrls[], msgidp ); ++.ft ++LDAP *ld; ++const char *requestoid; ++const struct berval *requestdata; ++LDAPControl *sctrls[], *cctrls[]; ++int *msgidp; ++.LP ++.ft B ++int ldap_extended_operation_s( ld, requestoid, requestdata, sctrls[], cctrls[], retoidp, retdatap ); ++.ft ++LDAP *ld, ++const char *requestoid; ++const struct berval *requestdata; ++LDAPControl *sctrls[], *cctrls[]; ++char **retoidp; ++struct berval **retdatap; ++.SH DESCRIPTION ++The ++.B ldap_extended_operation_s ++method is used to synchronously send an extended operation to the server. ++It takes \fIrequestoid\fP, which points to a dotted OID text string identifying ++the extended operation to perform. \fIrequestdata\fP is the data required for the ++operation, \fIseverctrls\fP is an array of LDAPControl structures to use with this ++extended operation,\fIclientctrls\fP is an array of LDAPControl structures that list ++the client controls to use with this extended operation .The input parameter ++\fIretoidp\fP points to a dotted-OID text string returned by the LDAP server. ++The memory used by the string should be freed with the ldap_memfree function. ++retdatap is an output parameter which points to a pointer to a berval structure ++that contains the returned data. If no data is returned, the server set this ++to NULL. The memory used by this structure should be freed with the ber_bvfree ++function. ++.LP ++The ++.B ldap_extended_operation ++works just like ldap_extended_operation_s, but the operation is asynchornous. ++It returns the message id of the request it initiated. ++The result of this operation can be obtained by calling ++.BR ldap_result(3). ++.SH NOTES ++The LDAP server must support the operation; otherwise an ++LDAP_NOT_SUPPORTED error is returned. ++.SH SEE ALSO ++.BR ldap_result (3), ++.BR ldap_parse_extended_result (3) ++.SH ACKNOWLEDGEMENTS ++.B OpenLDAP ++is developed and maintained by The OpenLDAP Project (http://www.openldap.org/). ++.B OpenLDAP ++is derived from University of Michigan LDAP 3.3 Release. +Index: openldap-2.3.19/doc/man/man3/ldap_extended_operation.3.links +=================================================================== +--- /dev/null ++++ openldap-2.3.19/doc/man/man3/ldap_extended_operation.3.links +@@ -0,0 +1,2 @@ ++ldap_extended_operation_s.3 ++ +Index: openldap-2.3.19/doc/man/man3/ldap_first_attribute.3 +=================================================================== +--- openldap-2.3.19.orig/doc/man/man3/ldap_first_attribute.3 ++++ openldap-2.3.19/doc/man/man3/ldap_first_attribute.3 +@@ -1,5 +1,5 @@ + .TH LDAP_FIRST_ATTRIBUTE 3 "RELEASEDATE" "OpenLDAP LDVERSION" +-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_attribute.3,v 1.18.2.5 2006/01/03 22:16:04 kurt Exp $ ++.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_attribute.3,v 1.21 2006/01/03 22:12:04 kurt Exp $ + .\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved. + .\" Copying restrictions apply. See COPYRIGHT/LICENSE. + .SH NAME +Index: openldap-2.3.19/doc/man/man3/ldap_first_entry.3 +=================================================================== +--- openldap-2.3.19.orig/doc/man/man3/ldap_first_entry.3 ++++ openldap-2.3.19/doc/man/man3/ldap_first_entry.3 +@@ -1,5 +1,5 @@ + .TH LDAP_FIRST_ENTRY 3 "RELEASEDATE" "OpenLDAP LDVERSION" +-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_entry.3,v 1.14.2.3 2006/01/03 22:16:04 kurt Exp $ ++.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_entry.3,v 1.16 2006/01/03 22:12:04 kurt Exp $ + .\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved. + .\" Copying restrictions apply. See COPYRIGHT/LICENSE. + .SH NAME +Index: openldap-2.3.19/doc/man/man3/ldap_first_message.3 +=================================================================== +--- openldap-2.3.19.orig/doc/man/man3/ldap_first_message.3 ++++ openldap-2.3.19/doc/man/man3/ldap_first_message.3 +@@ -1,5 +1,5 @@ + .TH LDAP_FIRST_MESSAGE 3 "RELEASEDATE" "OpenLDAP LDVERSION" +-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_message.3,v 1.9.2.3 2006/01/03 22:16:04 kurt Exp $ ++.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_message.3,v 1.11 2006/01/03 22:12:04 kurt Exp $ + .\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved. + .\" Copying restrictions apply. See COPYRIGHT/LICENSE. + .SH NAME +Index: openldap-2.3.19/doc/man/man3/ldap_first_reference.3 +=================================================================== +--- openldap-2.3.19.orig/doc/man/man3/ldap_first_reference.3 ++++ openldap-2.3.19/doc/man/man3/ldap_first_reference.3 +@@ -1,5 +1,5 @@ + .TH LDAP_FIRST_REFERENCE 3 "RELEASEDATE" "OpenLDAP LDVERSION" +-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_reference.3,v 1.9.2.3 2006/01/03 22:16:04 kurt Exp $ ++.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_reference.3,v 1.11 2006/01/03 22:12:04 kurt Exp $ + .\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved. + .\" Copying restrictions apply. See COPYRIGHT/LICENSE. + .SH NAME +Index: openldap-2.3.19/doc/man/man3/ldap_get_dn.3 +=================================================================== +--- openldap-2.3.19.orig/doc/man/man3/ldap_get_dn.3 ++++ openldap-2.3.19/doc/man/man3/ldap_get_dn.3 +@@ -1,5 +1,5 @@ + .TH LDAP_GET_DN 3 "RELEASEDATE" "OpenLDAP LDVERSION" +-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_get_dn.3,v 1.25.2.3 2006/01/03 22:16:04 kurt Exp $ ++.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_get_dn.3,v 1.28 2006/01/03 22:12:04 kurt Exp $ + .\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved. + .\" Copying restrictions apply. See COPYRIGHT/LICENSE. + .SH NAME +Index: openldap-2.3.19/doc/man/man3/ldap_get_values.3 +=================================================================== +--- openldap-2.3.19.orig/doc/man/man3/ldap_get_values.3 ++++ openldap-2.3.19/doc/man/man3/ldap_get_values.3 +@@ -1,5 +1,5 @@ + .TH LDAP_GET_VALUES 3 "RELEASEDATE" "OpenLDAP LDVERSION" +-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_get_values.3,v 1.15.2.3 2006/01/03 22:16:04 kurt Exp $ ++.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_get_values.3,v 1.17 2006/01/03 22:12:04 kurt Exp $ + .\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved. + .\" Copying restrictions apply. See COPYRIGHT/LICENSE. + .SH NAME +Index: openldap-2.3.19/doc/man/man3/ldap_modify.3 +=================================================================== +--- openldap-2.3.19.orig/doc/man/man3/ldap_modify.3 ++++ openldap-2.3.19/doc/man/man3/ldap_modify.3 +@@ -1,5 +1,5 @@ + .TH LDAP_MODIFY 3 "RELEASEDATE" "OpenLDAP LDVERSION" +-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_modify.3,v 1.12.2.3 2006/01/03 22:16:04 kurt Exp $ ++.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_modify.3,v 1.14 2006/01/03 22:12:04 kurt Exp $ + .\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved. + .\" Copying restrictions apply. See COPYRIGHT/LICENSE. + .SH NAME +Index: openldap-2.3.19/doc/man/man3/ldap_modrdn.3 +=================================================================== +--- openldap-2.3.19.orig/doc/man/man3/ldap_modrdn.3 ++++ openldap-2.3.19/doc/man/man3/ldap_modrdn.3 +@@ -1,5 +1,5 @@ + .TH LDAP_MODRDN 3 "RELEASEDATE" "OpenLDAP LDVERSION" +-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_modrdn.3,v 1.12.2.3 2006/01/03 22:16:04 kurt Exp $ ++.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_modrdn.3,v 1.14 2006/01/03 22:12:04 kurt Exp $ + .\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved. + .\" Copying restrictions apply. See COPYRIGHT/LICENSE. + .SH NAME +Index: openldap-2.3.19/doc/man/man3/ldap_open.3 +=================================================================== +--- openldap-2.3.19.orig/doc/man/man3/ldap_open.3 ++++ openldap-2.3.19/doc/man/man3/ldap_open.3 +@@ -1,5 +1,5 @@ + .TH LDAP_OPEN 3 "RELEASEDATE" "OpenLDAP LDVERSION" +-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_open.3,v 1.13.2.3 2006/01/03 22:16:04 kurt Exp $ ++.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_open.3,v 1.15 2006/01/03 22:12:04 kurt Exp $ + .\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved. + .\" Copying restrictions apply. See COPYRIGHT/LICENSE. + .SH NAME +Index: openldap-2.3.19/doc/man/man3/ldap_parse_reference.3 +=================================================================== +--- openldap-2.3.19.orig/doc/man/man3/ldap_parse_reference.3 ++++ openldap-2.3.19/doc/man/man3/ldap_parse_reference.3 +@@ -1,5 +1,5 @@ + .TH LDAP_PARSE_REFERENCE 3 "RELEASEDATE" "OpenLDAP LDVERSION" +-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_parse_reference.3,v 1.10.2.3 2006/01/03 22:16:04 kurt Exp $ ++.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_parse_reference.3,v 1.12 2006/01/03 22:12:04 kurt Exp $ + .\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved. + .\" Copying restrictions apply. See COPYRIGHT/LICENSE. + .SH NAME +Index: openldap-2.3.19/doc/man/man3/ldap_parse_result.3 +=================================================================== +--- openldap-2.3.19.orig/doc/man/man3/ldap_parse_result.3 ++++ openldap-2.3.19/doc/man/man3/ldap_parse_result.3 +@@ -1,5 +1,5 @@ + .TH LDAP_PARSE_RESULT 3 "RELEASEDATE" "OpenLDAP LDVERSION" +-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_parse_result.3,v 1.9.2.3 2006/01/03 22:16:04 kurt Exp $ ++.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_parse_result.3,v 1.11 2006/01/03 22:12:04 kurt Exp $ + .\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved. + .\" Copying restrictions apply. See COPYRIGHT/LICENSE. + .SH NAME +Index: openldap-2.3.19/doc/man/man3/ldap_parse_sort_control.3 +=================================================================== +--- /dev/null ++++ openldap-2.3.19/doc/man/man3/ldap_parse_sort_control.3 +@@ -0,0 +1,44 @@ ++.TH LDAP_PARSE_SORT-CONTROL 3 "RELEASEDATE" "OpenLDAP LDVERSION" ++.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_parse_sort_control.3,v 1.15 2006/01/03 22:12:04 kurt Exp $ ++.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved. ++.\" Copying restrictions apply. See COPYRIGHT/LICENSE. ++.SH NAME ++ldap_parse_sort_control \- Decodes the information returned from a search operation ++that used a server-side sort control. ++.SH LIBRARY ++OpenLDAP LDAP (libldap, -lldap) ++.SH SYNOPSIS ++.nf ++.ft B ++#include ++.LP ++.ft B ++int ldap_parse_sort_control(ld, ctrls, returnCode, attribute) ++.ft ++LDAP *ld; ++LDAPControl **ctrls; ++unsigned long *returnCode; ++char **attribute; ++.SH DESCRIPTION ++This function is used to parse the results returned in a search operation ++that uses a server-side sort control. ++.LP ++It takes a null terminated array of LDAPControl structures usually obtained ++by a call to the ++.BR ldap_parse_result ++function. A returncode which points to the sort control result code,and an array ++of LDAPControl structures that list the client controls to use with the search. ++The function also takes an out parameter \fIattribute\fP and if the sort operation ++fails, the server may return a string that indicates the first attribute in the ++sortKey list that caused the failure. If this parameter is NULL, no string is ++returned. If a string is returned, the memory should be freed by calling the ++ldap_memfree function. ++.SH NOTES ++.SH SEE ALSO ++.BR ldap_result (3), ++.BR ldap_controls_free (3) ++.SH ACKNOWLEDGEMENTS ++.B OpenLDAP ++is developed and maintained by The OpenLDAP Project (http://www.openldap.org/). ++.B OpenLDAP ++is derived from University of Michigan LDAP 3.3 Release. +Index: openldap-2.3.19/doc/man/man3/ldap_parse_vlv_control.3 +=================================================================== +--- /dev/null ++++ openldap-2.3.19/doc/man/man3/ldap_parse_vlv_control.3 +@@ -0,0 +1,53 @@ ++.TH LDAP_PARSE_VLV_CONTROL 3 "RELEASEDATE" "OpenLDAP LDVERSION" ++.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_parse_vlv_control.3,v 1.17 2006/01/03 22:12:04 kurt Exp $ ++.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved. ++.\" Copying restrictions apply. See COPYRIGHT/LICENSE. ++.SH NAME ++ldap_parse_vlv_control \- Decodes the information returned from a search operation that ++used a VLV (virtual list view) control. ++.SH LIBRARY ++OpenLDAP LDAP (libldap, -lldap) ++.SH SYNOPSIS ++.nf ++.ft B ++#include ++.LP ++.ft B ++int ldap_parse_vlv_control( ld, ctrlp, target_posp, list_countp, contextp, errcodep ); ++.ft ++LDAP *ld; ++LDAPControl **ctrlp; ++unsigned long *target_posp, *list_countp; ++struct berval **contextp; ++int *errcodep; ++.SH DESCRIPTION ++The ++.B ldap_parse_vlv_control ++is used to decode the information returned from a search operation that used a ++VLV (virtual list view)control. It takes a null terminated array of LDAPControl ++structures, usually obtained by a call to the ++.BR ldap_parse_result function, ++a \fItarget_pos\fP which points to the list index of the target entry. If ++this parameter is NULL, the target position is not returned. The index returned ++is an approximation of the position of the target entry. It is ++not guaranteed to be exact. The parameter \fIlist_countp\fP points to ++the server's estimate of the size of the list. If this parameter is NULL, the ++size is not returned. \fIcontextp\fP is a pointer to the address of a berval ++structure that contains a server-generated context identifier if server returns ++one. If server does not return a context identifier, the server returns a NULL ++in this parameter. If this parameter is set to NULL, the context identifier is ++not returned. You should use this returned context in the next call to ++create a VLV control. When the berval structure is no longer needed, you should ++free the memory by calling the \fIber_bvfree function.e\fP ++\fIerrcodep\fP is an output paremeter, which points to the result code returned ++by the server. If this parameter is NULL, the result code is not returned. ++.LP ++See ++ldap.h for a list of possible return codes. ++.SH SEE ALSO ++.BR ldap_search (3) ++.SH ACKNOWLEDGEMENTS ++.B OpenLDAP ++is developed and maintained by The OpenLDAP Project (http://www.openldap.org/). ++.B OpenLDAP ++is derived from University of Michigan LDAP 3.3 Release. +Index: openldap-2.3.19/doc/man/man3/ldap_rename.3 +=================================================================== +--- /dev/null ++++ openldap-2.3.19/doc/man/man3/ldap_rename.3 +@@ -0,0 +1,69 @@ ++.TH LDAP_RENAME 3 "RELEASEDATE" "OpenLDAP LDVERSION" ++.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_rename.3,v 1.17 2006/01/03 22:12:04 kurt Exp $ ++.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved. ++.\" Copying restrictions apply. See COPYRIGHT/LICENSE. ++.SH NAME ++ldap_rename, ldap_rename_s \- Renames the specified entry. ++.SH LIBRARY ++OpenLDAP LDAP (libldap, -lldap) ++.SH SYNOPSIS ++.nf ++.ft B ++#include ++.LP ++.ft B ++int ldap_rename( ld, dn, newrdn, newparent, deleteoldrdn, sctrls[], cctrls[], msgidp ); ++.ft ++LDAP *ld; ++const char *dn, *newrdn, *newparent; ++int deleteoldrdn; ++LDAPControl *sctrls[], *cctrls[]; ++int *msgidp); ++.LP ++.ft B ++int ldap_rename_s( ld, dn, newrdn, newparent, deleteoldrdn, sctrls[], cctrls[] ); ++.ft ++LDAP *ld; ++const char *dn, *newrdn, *newparent; ++int deleteoldrdn; ++LDAPControl *sctrls[], *cctrls[]; ++.SH DESCRIPTION ++These routines are used to perform a LDAP rename operation. ++The function changes the leaf component of an entry's distinguished ++name and optionally moves the entry to a new parent container. The ++.B ldap_rename_s ++performs a rename operation synchronously. ++The method takes \fIdn\fP, which points to the distinguished name of ++the entry whose attribute is being compared, \fInewparent\fP,the distinguished ++name of the entry's new parent. If this parameter is NULL, only the RDN is changed. ++The root DN is specified by passing a zero length string, "". ++\fIdeleteoldrdn\fP specifies whether the old RDN should be retained or deleted. ++Zero indicates that the old RDN should be retained. If you choose this option, ++the attribute will contain both names (the old and the new). ++Non-zero indicates that the old RDN should be deleted. ++\fIserverctrls\fP points to an array of LDAPControl structures that list the ++client controls to use with this extended operation. Use NULL to specify ++no client controls. \fIclientctrls\fP points to an array of LDAPControl ++structures that list the client controls to use with the search. ++.LP ++.B ldap_rename ++works just like ++.B ldap_rename_s, ++but the operation is asynchornous. It returns the message id of the request ++it initiated. The result of this operation can be obtained by calling ++.BR ldap_result(3). ++.SH ERRORS ++.B ldap_rename() ++returns -1 in case of error initiating the request, and ++will set the \fIld_errno\fP field in the \fIld\fP parameter to ++indicate the error. ++.BR ldap_rename_s() ++returns the LDAP error code resulting from the rename operation. ++.SH SEE ALSO ++.BR ldap (3), ++.BR ldap_modify (3) ++.SH ACKNOWLEDGEMENTS ++.B OpenLDAP ++is developed and maintained by The OpenLDAP Project (http://www.openldap.org/). ++.B OpenLDAP ++is derived from University of Michigan LDAP 3.3 Release. +Index: openldap-2.3.19/doc/man/man3/ldap_rename.3.links +=================================================================== +--- /dev/null ++++ openldap-2.3.19/doc/man/man3/ldap_rename.3.links +@@ -0,0 +1,2 @@ ++ldap_rename_s.3 ++ +Index: openldap-2.3.19/doc/man/man3/ldap_result.3 +=================================================================== +--- openldap-2.3.19.orig/doc/man/man3/ldap_result.3 ++++ openldap-2.3.19/doc/man/man3/ldap_result.3 +@@ -1,5 +1,5 @@ + .TH LDAP_RESULT 3 "RELEASEDATE" "OpenLDAP LDVERSION" +-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_result.3,v 1.16.2.3 2006/01/03 22:16:04 kurt Exp $ ++.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_result.3,v 1.20 2006/01/03 22:12:04 kurt Exp $ + .\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved. + .\" Copying restrictions apply. See COPYRIGHT/LICENSE. + .SH NAME +@@ -72,7 +72,8 @@ all references, all extended partial res + result have been received. + .LP + Upon success, the type of the result received is returned and the +-\fIresult\fP parameter will contain the result of the operation. This ++\fIresult\fP parameter will contain the result of the operation; ++otherwise, the \fIresult\fP parameter is undefined. This + result should be passed to the LDAP parsing routines, + .BR ldap_first_message (3) + and friends, for interpretation. +Index: openldap-2.3.19/doc/man/man3/ldap_schema.3 +=================================================================== +--- openldap-2.3.19.orig/doc/man/man3/ldap_schema.3 ++++ openldap-2.3.19/doc/man/man3/ldap_schema.3 +@@ -1,5 +1,5 @@ + .TH LDAP_SCHEMA 3 "RELEASEDATE" "OpenLDAP LDVERSION" +-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_schema.3,v 1.12.2.3 2006/01/03 22:16:04 kurt Exp $ ++.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_schema.3,v 1.15 2006/01/03 22:12:04 kurt Exp $ + .\" Copyright 2000-2006 The OpenLDAP Foundation All Rights Reserved. + .\" Copying restrictions apply. See COPYRIGHT/LICENSE. + .SH NAME +Index: openldap-2.3.19/doc/man/man3/ldap_search.3 +=================================================================== +--- openldap-2.3.19.orig/doc/man/man3/ldap_search.3 ++++ openldap-2.3.19/doc/man/man3/ldap_search.3 +@@ -1,9 +1,9 @@ + .TH LDAP_SEARCH 3 "RELEASEDATE" "OpenLDAP LDVERSION" +-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_search.3,v 1.17.2.5 2006/01/03 22:16:04 kurt Exp $ ++.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_search.3,v 1.21 2006/01/03 22:12:04 kurt Exp $ + .\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved. + .\" Copying restrictions apply. See COPYRIGHT/LICENSE. + .SH NAME +-ldap_search, ldap_search_s, ldap_search_st \- Perform an LDAP search operation ++ldap_search, ldap_search_s, ldap_search_st, ldap_search_ext, ldap_search_ext_s \- Perform an LDAP search operation + .SH LIBRARY + OpenLDAP LDAP (libldap, -lldap) + .SH SYNOPSIS +@@ -41,6 +41,35 @@ char *filter, *attrs[] + int attrsonly; + struct timeval *timeout; + LDAPMessage **res; ++.LP ++.ft B ++int ldap_search_ext(ld, base, scope, filter, attrs, attrsonly, serverctrls, ++.ft ++clientctrls, timeout, sizelimit, msgidp) ++.ft ++LDAP *ld; ++char *base; ++int scope; ++char *filter, *attrs[] ++int attrsonly; ++LDAPControl **serverctrls, **clientctrls; ++struct timeval *timeout; ++int sizelimit, *msgidp; ++.LP ++.ft B ++int ldap_search_ext_s(ld, base, scope, filter, attrs, attrsonly, serverctrls, ++.ft ++clientctrls, timeout, sizelimit, res) ++.ft ++LDAP *ld; ++char *base; ++int scope; ++char *filter, *attrs[] ++int attrsonly; ++LDAPControl **serverctrls, **clientctrls; ++struct timeval *timeout; ++int sizelimit; ++LDAPMessage **res; + .SH DESCRIPTION + These routines are used to perform LDAP search operations. + .B ldap_search_s() +@@ -59,6 +88,7 @@ LDAP_SCOPE_ONELEVEL, to search the objec + or LDAP_SCOPE_SUBTREE, to search the object and all its descendants. + .LP + \fIFilter\fP is a string ++ + representation of the filter to apply in the search. Simple filters + can be specified as \fI(attributetype=attributevalue)\fP. More complex + filters are specified using a prefix notation according to the following +@@ -99,8 +129,24 @@ To request no attributes, the type "1.1" + should be listed by itself. + .LP + \fIAttrsonly\fP should be set to 1 if +-only attribute types are wanted. It should be set to 0 if both ++only attribute types are wanted. It should be set to 0 if both + attributes types and attribute values are wanted. ++.LP ++.B ldap_search_ext() ++routine allows server and client controls to be specified to extend ++the search request. This routine is asynchronous like ++.BR ldap_search() , ++but its return value is an LDAP error code. It stores the message id ++of the request in the integer pointed to ++by ++.IR msgidp . ++.LP ++The ++.B ldap_search_ext_s() ++routine is the synchronous version of ++.BR ldap_search_ext(). ++It also returns an LDAP error code indicating success or failure ++of the operation. + .SH ERRORS + .B ldap_search_s() + and +@@ -111,15 +157,28 @@ See + for details. + .B ldap_search() + returns -1 in case of trouble. ++.LP ++.B ldap_search_s(), ++.B ldap_search_ext_s ++and ++.B ldap_search_st() ++will return the LDAP error code resulting from the search operation. ++See ++.BR ldap_error (3) ++for details. ++.B ldap_search() ++and ++.B ldap_search_ext ++returns -1 in case of trouble. + .SH NOTES + Note that both read + and list functionality are subsumed by these routines, + by using a filter like "(objectclass=*)" and a scope of LDAP_SCOPE_BASE (to + emulate read) or LDAP_SCOPE_ONELEVEL (to emulate list). + .LP +-These routines may dynamically allocate memory. The caller is ++These routines may dynamically allocate memory. The caller is + responsible for freeing such memory using supplied deallocation +-routines. Return values are contained in . ++routines. Return values are contained in . + .SH SEE ALSO + .BR ldap (3), + .BR ldap_result (3), +Index: openldap-2.3.19/doc/man/man3/ldap_sort.3 +=================================================================== +--- openldap-2.3.19.orig/doc/man/man3/ldap_sort.3 ++++ openldap-2.3.19/doc/man/man3/ldap_sort.3 +@@ -1,5 +1,5 @@ + .TH LDAP_SORT 3 "RELEASEDATE" "OpenLDAP LDVERSION" +-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_sort.3,v 1.13.2.3 2006/01/03 22:16:04 kurt Exp $ ++.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_sort.3,v 1.15 2006/01/03 22:12:04 kurt Exp $ + .\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved. + .\" Copying restrictions apply. See COPYRIGHT/LICENSE. + .SH NAME +Index: openldap-2.3.19/doc/man/man3/ldap_url.3 +=================================================================== +--- openldap-2.3.19.orig/doc/man/man3/ldap_url.3 ++++ openldap-2.3.19/doc/man/man3/ldap_url.3 +@@ -1,5 +1,5 @@ + .TH LDAP_URL 3 "RELEASEDATE" "OpenLDAP LDVERSION" +-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_url.3,v 1.16.2.3 2006/01/03 22:16:04 kurt Exp $ ++.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_url.3,v 1.18 2006/01/03 22:12:04 kurt Exp $ + .\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved. + .\" Copying restrictions apply. See COPYRIGHT/LICENSE. + .SH NAME diff --git a/libldap-sasl_bind-assert.dif b/libldap-sasl_bind-assert.dif new file mode 100644 index 0000000..c591c56 --- /dev/null +++ b/libldap-sasl_bind-assert.dif @@ -0,0 +1,56 @@ +Full_Name: Howard Chu +Version: all < 2.3.29 +OS: +URL: ftp://ftp.openldap.org/incoming/ +Submission from: (NULL) (76.168.84.21) +Submitted by: hyc + + +Apparently this bug was discovered by Evgeny Legerov but was not previously +reported to anyone on the Project. The bug is now fixed in HEAD and RE23. + +Performing a SASL Bind with an authcid longer than 255 characters, with a +space +as the 255th character, will cause the length of the normalized name to be +computed incorrectly, failing to take into account the escaping of the +space +character. (The SASL Bind code truncates all incoming names longer than 255 +to +exactly 255 characters.) This triggers an assert in libldap because the +resulting string length doesn't match what we expected it to be. + +The fix is in libldap/getdn.c rev 1.134. + +The MITRE CVE record for this bug is +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5779 + +--- libraries/libldap/getdn.c 2006/10/28 02:47:58 1.133 ++++ libraries/libldap/getdn.c 2006/11/08 22:57:02 1.134 +@@ -2016,7 +2016,7 @@ + strval2strlen( struct berval *val, unsigned flags, ber_len_t *len ) + { + ber_len_t l, cl = 1; +- char *p; ++ char *p, *end; + int escaped_byte_len = LDAP_DN_IS_PRETTY( flags ) ? 1 : 3; + #ifdef PRETTY_ESCAPE + int escaped_ascii_len = LDAP_DN_IS_PRETTY( flags ) ? 2 : 3; +@@ -2030,7 +2030,8 @@ + return( 0 ); + } + +- for ( l = 0, p = val->bv_val; p < val->bv_val + val->bv_len; p += cl ) { ++ end = val->bv_val + val->bv_len - 1; ++ for ( l = 0, p = val->bv_val; p <= end; p += cl ) { + + /* + * escape '%x00' +@@ -2059,7 +2060,7 @@ + } else if ( LDAP_DN_NEEDESCAPE( p[ 0 ] ) + || LDAP_DN_SHOULDESCAPE( p[ 0 ] ) + || ( p == val->bv_val && LDAP_DN_NEEDESCAPE_LEAD( p[ 0 ] ) ) +- || ( !p[ 1 ] && LDAP_DN_NEEDESCAPE_TRAIL( p[ 0 ] ) ) ) { ++ || ( p == end && LDAP_DN_NEEDESCAPE_TRAIL( p[ 0 ] ) ) ) { + #ifdef PRETTY_ESCAPE + #if 0 + if ( LDAP_DN_WILLESCAPE_HEX( flags, p[ 0 ] ) ) { diff --git a/openldap-2.3.27.tar.bz2 b/openldap-2.3.27.tar.bz2 new file mode 100644 index 0000000..6a0adfb --- /dev/null +++ b/openldap-2.3.27.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:eaad67982a1612526bea8ab31dce95f87ecf6d14406a3f8a3209063d84e3777d +size 2901710 diff --git a/openldap-admin-guide.tar.bz2 b/openldap-admin-guide.tar.bz2 new file mode 100644 index 0000000..11df4f4 --- /dev/null +++ b/openldap-admin-guide.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:dd03c8f47c7cd3bf9eb08c6b7245f3afa1eb3dbfeb0212235f129ec3d38a8fec +size 91075 diff --git a/openldap-ntlm.diff b/openldap-ntlm.diff new file mode 100644 index 0000000..a18ddee --- /dev/null +++ b/openldap-ntlm.diff @@ -0,0 +1,189 @@ +--- include/ldap.h.orig 2004-01-01 13:16:28.000000000 -0500 ++++ include/ldap.h 2004-07-14 11:58:49.000000000 -0400 +@@ -1753,5 +1753,26 @@ + LDAPControl **cctrls )); + + ++/* ++ * hacks for NTLM ++ */ ++#define LDAP_AUTH_NTLM_REQUEST ((ber_tag_t) 0x8aU) ++#define LDAP_AUTH_NTLM_RESPONSE ((ber_tag_t) 0x8bU) ++LDAP_F( int ) ++ldap_ntlm_bind LDAP_P(( ++ LDAP *ld, ++ LDAP_CONST char *dn, ++ ber_tag_t tag, ++ struct berval *cred, ++ LDAPControl **sctrls, ++ LDAPControl **cctrls, ++ int *msgidp )); ++LDAP_F( int ) ++ldap_parse_ntlm_bind_result LDAP_P(( ++ LDAP *ld, ++ LDAPMessage *res, ++ struct berval *challenge)); ++ ++ + LDAP_END_DECL + #endif /* _LDAP_H */ +--- libraries/libldap/Makefile.in.orig 2004-01-01 13:16:29.000000000 -0500 ++++ libraries/libldap/Makefile.in 2004-07-14 13:37:23.000000000 -0400 +@@ -20,7 +20,7 @@ + SRCS = bind.c open.c result.c error.c compare.c search.c \ + controls.c messages.c references.c extended.c cyrus.c \ + modify.c add.c modrdn.c delete.c abandon.c \ +- sasl.c sbind.c kbind.c unbind.c cancel.c \ ++ sasl.c ntlm.c sbind.c kbind.c unbind.c cancel.c \ + filter.c free.c sort.c passwd.c whoami.c \ + getdn.c getentry.c getattr.c getvalues.c addentry.c \ + request.c os-ip.c url.c sortctrl.c vlvctrl.c \ +@@ -29,7 +29,7 @@ + OBJS = bind.lo open.lo result.lo error.lo compare.lo search.lo \ + controls.lo messages.lo references.lo extended.lo cyrus.lo \ + modify.lo add.lo modrdn.lo delete.lo abandon.lo \ +- sasl.lo sbind.lo kbind.lo unbind.lo cancel.lo \ ++ sasl.lo ntlm.lo sbind.lo kbind.lo unbind.lo cancel.lo \ + filter.lo free.lo sort.lo passwd.lo whoami.lo \ + getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \ + request.lo os-ip.lo url.lo sortctrl.lo vlvctrl.lo \ +--- /dev/null 2004-06-30 15:04:37.000000000 -0400 ++++ libraries/libldap/ntlm.c 2004-07-14 13:44:18.000000000 -0400 +@@ -0,0 +1,137 @@ ++/* $OpenLDAP: pkg/ldap/libraries/libldap/ntlm.c,v 1.1.4.10 2002/01/04 20:38:21 kurt Exp $ */ ++/* ++ * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved. ++ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file ++ */ ++ ++/* Mostly copied from sasl.c */ ++ ++#include "portable.h" ++ ++#include ++#include ++ ++#include ++#include ++#include ++#include ++ ++#include "ldap-int.h" ++ ++int ++ldap_ntlm_bind( ++ LDAP *ld, ++ LDAP_CONST char *dn, ++ ber_tag_t tag, ++ struct berval *cred, ++ LDAPControl **sctrls, ++ LDAPControl **cctrls, ++ int *msgidp ) ++{ ++ BerElement *ber; ++ int rc; ++ ber_int_t id; ++ ++ Debug( LDAP_DEBUG_TRACE, "ldap_ntlm_bind\n", 0, 0, 0 ); ++ ++ assert( ld != NULL ); ++ assert( LDAP_VALID( ld ) ); ++ assert( msgidp != NULL ); ++ ++ if( msgidp == NULL ) { ++ ld->ld_errno = LDAP_PARAM_ERROR; ++ return ld->ld_errno; ++ } ++ ++ /* create a message to send */ ++ if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) { ++ ld->ld_errno = LDAP_NO_MEMORY; ++ return ld->ld_errno; ++ } ++ ++ assert( LBER_VALID( ber ) ); ++ ++ LDAP_NEXT_MSGID( ld, id ); ++ rc = ber_printf( ber, "{it{istON}" /*}*/, ++ id, LDAP_REQ_BIND, ++ ld->ld_version, dn, tag, ++ cred ); ++ ++ /* Put Server Controls */ ++ if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) { ++ ber_free( ber, 1 ); ++ return ld->ld_errno; ++ } ++ ++ if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) { ++ ld->ld_errno = LDAP_ENCODING_ERROR; ++ ber_free( ber, 1 ); ++ return ld->ld_errno; ++ } ++ ++ /* send the message */ ++ *msgidp = ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber, id ); ++ ++ if(*msgidp < 0) ++ return ld->ld_errno; ++ ++ return LDAP_SUCCESS; ++} ++ ++int ++ldap_parse_ntlm_bind_result( ++ LDAP *ld, ++ LDAPMessage *res, ++ struct berval *challenge) ++{ ++ ber_int_t errcode; ++ ber_tag_t tag; ++ BerElement *ber; ++ ber_len_t len; ++ ++ Debug( LDAP_DEBUG_TRACE, "ldap_parse_ntlm_bind_result\n", 0, 0, 0 ); ++ ++ assert( ld != NULL ); ++ assert( LDAP_VALID( ld ) ); ++ assert( res != NULL ); ++ ++ if ( ld == NULL || res == NULL ) { ++ return LDAP_PARAM_ERROR; ++ } ++ ++ if( res->lm_msgtype != LDAP_RES_BIND ) { ++ ld->ld_errno = LDAP_PARAM_ERROR; ++ return ld->ld_errno; ++ } ++ ++ if ( ld->ld_error ) { ++ LDAP_FREE( ld->ld_error ); ++ ld->ld_error = NULL; ++ } ++ if ( ld->ld_matched ) { ++ LDAP_FREE( ld->ld_matched ); ++ ld->ld_matched = NULL; ++ } ++ ++ /* parse results */ ++ ++ ber = ber_dup( res->lm_ber ); ++ ++ if( ber == NULL ) { ++ ld->ld_errno = LDAP_NO_MEMORY; ++ return ld->ld_errno; ++ } ++ ++ tag = ber_scanf( ber, "{ioa" /*}*/, ++ &errcode, challenge, &ld->ld_error ); ++ ber_free( ber, 0 ); ++ ++ if( tag == LBER_ERROR ) { ++ ld->ld_errno = LDAP_DECODING_ERROR; ++ return ld->ld_errno; ++ } ++ ++ ld->ld_errno = errcode; ++ ++ return( ld->ld_errno ); ++} diff --git a/openldap-rc.tgz b/openldap-rc.tgz new file mode 100644 index 0000000..2780d90 --- /dev/null +++ b/openldap-rc.tgz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:90c31536d68fed1dcb4d26f40f1e48ee576bbbe780735635d7aa51d102d0e7e0 +size 4187 diff --git a/openldap2-client.changes b/openldap2-client.changes new file mode 100644 index 0000000..54f666c --- /dev/null +++ b/openldap2-client.changes @@ -0,0 +1,926 @@ +------------------------------------------------------------------- +Fri Nov 17 10:25:44 CET 2006 - rhafer@suse.de + +- Fix for a flaw in libldap's strval2strlen() function when processing the + authcid string of certain Bind Requests, which could allow attackers to + cause an affected application to crash (especially the OpenLDAP Server), + creating a denial of service condition (Bug#221154,ITS#4740) + +------------------------------------------------------------------- +Tue Nov 14 16:18:34 CET 2006 - rhafer@suse.de + +- Additional back-perl fixes from CVS. The first revision of the + patch did not fix the problem completely (Bug#207618, ITS#4751) + +------------------------------------------------------------------- +Fri Oct 27 16:46:43 CEST 2006 - rhafer@suse.de + +- cyrus-sasl configuration moved from %{_libdir}/sasl2 to + /etc/sasl2/ (Bug: #206414) + +------------------------------------------------------------------- +Wed Oct 4 15:56:11 CEST 2006 - rhafer@suse.de + +- Add $network to Should-Start/Should-Stop in init scripts + (Bug: #206823) +- Imported latest back-perl changes from CVS, to fix back-perl + initialization (Bug: #207618) + +------------------------------------------------------------------- +Tue Aug 22 16:27:25 CEST 2006 - rhafer@suse.de + +- Updated to Version 2.3.27 + * Fixed libldap dnssrv bug with "not present" positive statement + (ITS#4610) + * Fixed libldap dangling pointer issue (ITS#4405) + * Fixed slapd incorrect rebuilding of replica URI (ITS#4633) + * Fixed slapd DN X.509 normalization crash (ITS#4644) + * Fixed slapd-monitor operations order via callbacks (ITS#4631) + * Fixed slapo-accesslog purge task during shutdown + * Fixed slapo-ppolicy handling of default policy (ITS#4634) + * Fixed slapo-ppolicy logging verbosity when using default policy + * Fixed slapo-syncprov incomplete sync on restart issues (ITS#4622) + +------------------------------------------------------------------- +Wed Aug 2 11:08:23 CEST 2006 - rhafer@suse.de + +- Updated to Version 2.3.25 + * Add libldap_r TLS concurrency workaround (ITS#4583) + * Fixed slapd acl selfwrite bug (ITS#4587) + * Fixed various syncrepl and slapo-syncprov bugs (ITS#4582, 4622, + 4534,4613, 4589) + * Fixed slapd-bdb/hdb lock bug with virtual root (ITS#4572) + * Fixed slapd-bdb/hdb modrdn new entry disappearing bug (ITS#4616) + * Fixed slapd-bdb/hdb cache job issue + * Fixed slapo-ppolicy password hashing bug (ITS#4575) + * Fixed slapo-ppolicy password modify pwdMustChange reset bug (ITS#4576) + * Fixed slapo-ppolicy control can be critical (ITS#4596) +- Enabled CLDAP (LDAP over UDP) support + +------------------------------------------------------------------ +Mon Jun 26 16:36:16 CEST 2006 - rhafer@suse.de + +- Updated to Version 2.3.24 + * Fixed slapd syncrepl timestamp bug (delta-sync/cascade) + (ITS#4567) + * Fixed slapd-bdb/hdb non-root users adding suffix/root entries + (ITS#4552) + * Re-fixed slapd-ldap improper free bug in exop (ITS#4550) + * Fixed slapd-ldif assert bug (ITS#4568) + * Fixed slapo-syncprov crash under glued database (ITS#4562) +- cleaned up SLES10 update specific stuff +- added "chain-return-error" feature from HEAD to chain overlay + (ITS#4570) + +------------------------------------------------------------------- +Thu Jun 22 14:46:58 CEST 2006 - schwab@suse.de + +- Don't use automake macros without using automake. + +------------------------------------------------------------------- +Wed May 24 09:52:03 CEST 2006 - rhafer@suse.de + +- Updated to Version 2.3.23 + * obsoletes the patches: libldap_ads-sasl-gssapi.dif, + slapd-epollerr.dif + * Fixed slapd-ldap improper free bug (ITS#4550) + * Fixed libldap referral input destroy issue (ITS#4533) + * Fixed libldap ldap_sort_entries tail bug (ITS#4536) + * Fixed slapd runqueue use of freed memory (ITS#4517) + * Fixed slapd thread pool init issue (ITS#4513) + * Fixed slapd-bdb/hdb pre/post-read freeing (ITS#4532) + * Fixed slapd-bdb/hdb pre/post-read unavailable issue (ITS#4538) + * Fixed slapd-bdb/hdb referral issue (ITS#4548) + * Fixed slapo-ppolicy BER tags issue (ITS#4528) + * Fixed slapo-ppolicy rebind bug (ITS#4516) + * For more details see the CHANGES file +- Install CHANGES file to /usr/share/doc/packages/openldap2 + +------------------------------------------------------------------- +Wed May 10 10:20:16 CEST 2006 - rhafer@suse.de + +- Really apply the patch for Bug#160566 +- slapd could crash while processing queries with pre-/postread + controls (Bug#173877, ITS#4532) + +------------------------------------------------------------------- +Fri Mar 24 13:48:52 CET 2006 - rhafer@suse.de + +- Backported fix from CVS for occasional crashes in referral + chasing code (as used in e.g. back-meta/back-ldap). + (Bug: #160566, ITS: #4448) + +------------------------------------------------------------------- +Mon Mar 13 16:23:32 CET 2006 - rhafer@suse.de + +- openldap2 must obsolete -back-monitor and -back-ldap to have them + removed during update (Bug: #157576) + +------------------------------------------------------------------- +Fri Feb 17 12:58:13 CET 2006 - rhafer@suse.de + +- Add "external" to the list of supported SASL mechanisms + (Bug: #151771) + +------------------------------------------------------------------- +Thu Feb 16 11:45:20 CET 2006 - rhafer@suse.de + +- Error out when conversion from old configfile to config database + fails (Bug: #135484,#135490 ITS: #4407) + +------------------------------------------------------------------- +Mon Feb 13 14:45:43 CET 2006 - rhafer@suse.de + +- Don't ignore non-read/write epoll events (Bug: #149993, + ITS: #4395) +- Added update message to /usr/share/update-messages/en/ and enable + it, when update did not succeed. + +------------------------------------------------------------------- +Thu Feb 9 11:43:56 CET 2006 - rhafer@suse.de + +- OPENLDAP_CHOWN_DIRS honors databases defined in include files + (Bug: #135473) +- Fixed version numbers in README.update +- Fixed GSSAPI binds against Active Directory (Bug: #149390) + +------------------------------------------------------------------- +Fri Feb 3 11:32:27 CET 2006 - rhafer@suse.de + +- Cleaned up update procedure +- man-pages updates and fixes (Fate: #6365) + +------------------------------------------------------------------- +Fri Jan 27 09:15:33 CET 2006 - rhafer@suse.de + +- Updated to 2.3.19 (Bug #144371) + +------------------------------------------------------------------- +Fri Jan 27 02:16:56 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Wed Jan 25 18:17:51 CET 2006 - rhafer@suse.de + +- Updated Admin Guide to latest version +- build slapcat from openldap-2.2.24 and install it to + /usr/sbin/openldap-2.2-slapcat to be able to migrate from + OpenLDAP 2.2. +- removed slapd-backbdb-dbupgrade which is no longer needed +- attempt to dump/reload bdb databases in %{post} +- Update notes in README.update + +------------------------------------------------------------------- +Fri Jan 13 10:36:44 CET 2006 - rhafer@suse.de + +- New sysconfig variable OPENLDAP_KRB5_KEYTAB +- Cleanup in default configuration and init scripts + +------------------------------------------------------------------- +Wed Jan 11 10:13:52 CET 2006 - rhafer@suse.de + +- Updated to 2.3.17 +- Remove OPENLDAP_RUN_DB_RECOVER from sysconfig file in %post + slapd does now automatically recover the database if needed +- Removed unneeded README.SuSE +- Small adjustments to the default DB_CONFIG file + +------------------------------------------------------------------- +Mon Jan 9 11:48:10 CET 2006 - rhafer@suse.de + +- Updated to 2.3.16 + +------------------------------------------------------------------- +Mon Dec 19 13:55:35 CET 2005 - rhafer@suse.de + +- Fixed filelist (slapd-hdb man-page was missing) + +------------------------------------------------------------------- +Fri Dec 9 10:04:28 CET 2005 - rhafer@suse.de + +- Fixed build on x86_64 + +------------------------------------------------------------------- +Wed Dec 7 10:48:57 CET 2005 - rhafer@suse.de + +- Merged -back-ldap and -back-monitor subpackages into the main + package and don't build them as dynamic modules anymore. +- updated to OpenLDAP 2.3.13 + +------------------------------------------------------------------- +Mon Nov 28 16:56:21 CET 2005 - rhafer@suse.de + +- updated to OpenLDAP 2.3.12 + +------------------------------------------------------------------- +Wed Oct 26 11:34:24 CEST 2005 - rhafer@suse.de + +- updated to OpenLDAP 2.3.11 +- removed the "LDAP_DEPRECATED" workaround + +------------------------------------------------------------------- +Mon Sep 26 09:51:11 CEST 2005 - rhafer@suse.de + +- Add "LDAP_DEPRECATED" to ldap.h for now + +------------------------------------------------------------------- +Fri Sep 23 14:41:14 CEST 2005 - rhafer@suse.de + +- updated to OpenLDAP 2.3.7 + +------------------------------------------------------------------- +Tue Aug 16 14:08:49 CEST 2005 - rhafer@suse.de + +- allow start_tls while chasing referrals (Bug #94355, ITS #3791) + +------------------------------------------------------------------- +Mon Jul 4 11:42:08 CEST 2005 - rhafer@suse.de + +- devel-subpackage requires openldap2-client of the same version + (Bugzilla: #93579) + +------------------------------------------------------------------- +Thu Jun 30 17:55:22 CEST 2005 - uli@suse.de + +- build with -fPIE (not -fpie) to avoid GOT overflow on s390* + +------------------------------------------------------------------- +Wed Jun 22 16:26:42 CEST 2005 - rhafer@suse.de + +- build the server packages with -fpie/-pie + +------------------------------------------------------------------- +Wed Jun 15 16:43:25 CEST 2005 - rhafer@suse.de + +- updated to 2.2.27 + +------------------------------------------------------------------- +Wed May 25 13:58:57 CEST 2005 - rhafer@suse.de + +- libldap-gethostbyname_r.dif: Use gethostbyname_r instead of + gethostbyname in libldap. Should fix host lookups through + nss_ldap (Bugzilla: #76173) + +------------------------------------------------------------------- +Fri May 13 12:27:05 CEST 2005 - rhafer@suse.de + +- Updated to 2.2.26 +- made /%{_libdir}]/sasl2/slapd.conf %config(noreplace) + +------------------------------------------------------------------- +Thu Apr 28 09:42:30 CEST 2005 - rhafer@suse.de + +- Added /%{_libdir}]/sasl2/slapd.conf to avoid warnings about + unconfigured OTP mechanism (Bugzilla: #80588) + +------------------------------------------------------------------- +Tue Apr 12 15:02:24 CEST 2005 - rhafer@suse.de + +- added minimal timeout to startproc in init-script to let it + report the "failed" status correctly in case of misconfiguration + (Bugzilla: #76393) + +------------------------------------------------------------------- +Mon Apr 4 16:41:32 CEST 2005 - rhafer@suse.de + +- crl-check.dif: Implements CRL checking on client and server side +- use different base ports for differnt values of BUILD_INCARNATION + (/.buildenv) to allow parallel runs of the test-suite on a single + machine + +------------------------------------------------------------------- +Mon Apr 4 15:33:19 CEST 2005 - uli@suse.de + +- force yielding-select test to yes (test occasionally hangs QEMU) + +------------------------------------------------------------------- +Fri Apr 1 13:16:49 CEST 2005 - uli@suse.de + +- disable test suite on ARM (hangs QEMU) + +------------------------------------------------------------------- +Tue Mar 29 14:21:50 CEST 2005 - rhafer@suse.de + +- updated to 2.2.24 +- enabled back-hdb + +------------------------------------------------------------------- +Wed Mar 2 13:44:23 CET 2005 - rhafer@suse.de + +- syncrepl.dif: merged latest syncrepl fixes (Bugzilla: #65928) +- libldap-reinit-fdset.dif: Re-init fd_sets when select is + interupted (Bugzilla #50076, ITS: #3524) + +------------------------------------------------------------------- +Thu Feb 17 14:28:02 CET 2005 - rhafer@suse.de + +- checkproc_before_recover.dif: Check if slapd is stopped before + running db_recover from the init script. (Bugzilla: #50962) + +------------------------------------------------------------------- +Tue Feb 1 14:30:13 CET 2005 - rhafer@suse.de + +- Cleanup back-bdb databases in %post, db-4.3 changed the + transaction log format again. +- cosmetic fixes in init script + +------------------------------------------------------------------- +Tue Jan 25 15:57:55 CET 2005 - rhafer@suse.de + +- updated to 2.2.23 +- cleaned up #neededforbuild +- package should also build on older SuSE Linux releases now +- increased killproc timeout in init-script (Bugzilla: #47227) + +------------------------------------------------------------------- +Thu Jan 13 15:09:28 CET 2005 - rhafer@suse.de + +- updated to 2.2.20 +- Removed unneeded dependencies + +------------------------------------------------------------------- +Fri Dec 10 12:58:58 CET 2004 - kukuk@suse.de + +- don't install *.la files + +------------------------------------------------------------------- +Wed Nov 10 16:38:10 CET 2004 - rhafer@suse.de + +- updated to 2.2.18 +- use kerberos-devel-packages in neededforbuild + +------------------------------------------------------------------- +Fri Sep 24 17:55:10 CEST 2004 - ro@suse.de + +- re-arranged specfile to sequence (header (package/descr)* rest) + so the checking parser is not confused ... + +------------------------------------------------------------------- +Fri Sep 24 13:59:40 CEST 2004 - rhafer@suse.de + +- Added pre_checkin.sh to generate a separate openldap2-client + spec-file from which the openldap2-client and openldap2-devel + subpackages are built. Should reduce build time for libldap as + the test-suite is only executed in openldap2.spec. + +------------------------------------------------------------------- +Fri Sep 10 13:24:44 CEST 2004 - rhafer@suse.de + +- libldap-result.dif: ldapsearch was hanging in select() when + retrieving results from eDirectory through a StartTLS protected + connection (Bugzilla #44942) + +------------------------------------------------------------------- +Mon Aug 9 23:43:18 CEST 2004 - dobey@suse.de + +- added ntlm support + +------------------------------------------------------------------- +Tue Aug 3 14:48:25 CEST 2004 - rhafer@suse.de + +- updated to 2.2.16 +- Updated ACLs in slapd_conf.dif to disable default read access + to the "userPKCS12" Attribute +- rc-check-conn.diff: When starting slapd wait until is accepts + connections, or 10 seconds at maximum (Bugzilla #41354) +- Backported -o slp={on|off} feature from OpenLDAP Head and added + new sysconfig variable (OPENLDAP_REGISTER_SLP) to be able + to switch SLP registration on and off. (Bugzilla #39865) +- removed unneeded README.update + +------------------------------------------------------------------- +Fri Apr 30 16:46:50 CEST 2004 - rhafer@suse.de + +- updated to 2.2.11 +- remove SLES8 update specific stuff +- Bugzilla #39652: Updated slapd_conf.dif to contain basic access + control +- Bugzilla #39468: Added missing items to yast.schema +- fixed strict-aliasing compiler warnings (strict-aliasing.dif) + +------------------------------------------------------------------- +Thu Apr 29 15:13:31 CEST 2004 - coolo@suse.de + +- build with several jobs if available + +------------------------------------------------------------------- +Mon Apr 19 12:13:41 CEST 2004 - rhafer@suse.de + +- ldapi_url.dif: Fixed paths for LDAPI-socket, pid-file and + args-file (Bugzilla #38790) +- ldbm_modrdn.dif: Fixed back-ldbm modrdn indexing bug (ITS #3059, + Bugzilla #38915) +- modify_check_duplicates.dif: check for duplicate attribute + values in modify requests (ITS #3066/#3097, Bugzilla #38607) +- updated and renamed yast2userconfig.schema to yast.schema as it + contains more that only user configuration now +- syncrepl.dif: addtional fixes for syncrepl (ITS #3055, #3056) +- test_syncrepl_timeout: increased sleep timeout in syncrepl + testsuite + +------------------------------------------------------------------- +Thu Apr 1 15:05:15 CEST 2004 - rhafer@suse.de + +- added "TLS_REQCERT allow" to /etc/openldap/ldap.conf, to make + START_TLS work without access to the CA Certificate. + (Bugzilla: #37393) + +------------------------------------------------------------------- +Fri Mar 26 15:30:12 CET 2004 - rhafer@suse.de + +- fixed filelist +- check-build.sh (build on kernel >= 2.6.4 hosts only) +- yast2user.schema / slapd.conf fixed (#37076) +- don't check for TLS-options is init-script anymore (#33560) +- fixed various typos in README.update + +------------------------------------------------------------------- +Wed Mar 17 13:21:45 CET 2004 - rhafer@suse.de + +- fixed build of openldap-2.1-slapcat (using correct db41 include + files, build backends as on sles8) +- attempt to update bdb database and reindex ldbm database in %{post} +- Update notes in README.update +- better default configuration (including default DB_CONFIG file) +- misc updates for the YaST schema +- fixed crasher in syncrepl-code (syncrepl.dif) + +------------------------------------------------------------------- +Tue Mar 16 16:15:49 CET 2004 - schwab@suse.de + +- Fix type mismatch. + +------------------------------------------------------------------- +Tue Mar 2 19:50:18 CET 2004 - rhafer@suse.de + +- updated to 2.2.6 +- build a openldap-2.1-slapcat from 2.1.25 sources to be able to + migrate from SLES8 and SL 9.0 + +------------------------------------------------------------------- +Thu Feb 19 17:25:12 CET 2004 - ro@suse.de + +- added check-build.sh (build on 2.6 hosts only) + +------------------------------------------------------------------- +Thu Feb 5 17:38:52 CET 2004 - rhafer@suse.de + +- updated to 2.2.5 +- adjusted rfc2307bis.schema to support UTF-8 values in most + attributes +- enabled proxycache-overlay (wiht fix to work with back-ldbm) + +------------------------------------------------------------------- +Tue Jan 13 11:31:03 CET 2004 - rhafer@suse.de + +- updated to 2.2.4 +- updated Admin Guide to most recent version + +------------------------------------------------------------------- +Sat Jan 10 10:19:26 CET 2004 - adrian@suse.de + +- add %defattr +- fix build as user + +------------------------------------------------------------------- +Mon Dec 8 16:46:03 CET 2003 - rhafer@suse.de + +- updated to 2.1.25 +- small fixes for the YaST user schema + +------------------------------------------------------------------- +Tue Nov 11 15:20:05 CET 2003 - rhafer@suse.de + +- enabled SLP-support + +------------------------------------------------------------------- +Fri Oct 17 22:14:24 CEST 2003 - kukuk@suse.de + +- Remove unused des from neededforbuild + +------------------------------------------------------------------- +Tue Sep 2 16:04:05 CEST 2003 - mt@suse.de + +- Bugzilla #29859: fixed typo in sysconfig metadata, + usage of OPENLDAP_LDAPS_INTERFACES in init script +- added /usr/lib/sasl2/slapd.conf permissions handling +- added sysconfig variable OPENLDAP_SLAPD_PARAMS="" + to support additional slapd start parameters +- added sysconfig variable OPENLDAP_START_LDAPI=NO/yes + for ldapi:/// (LDAP over IPC) URLs + +------------------------------------------------------------------- +Thu Aug 14 17:12:35 CEST 2003 - rhafer@suse.de + +- added activation metadata to sysconfig template (Bugzilla #28911) +- removed lint from specfile + +------------------------------------------------------------------- +Thu Aug 7 18:37:16 CEST 2003 - rhafer@suse.de + +- added %stop_on_removal and %restart_on_update calls +- bdb_addcnt.dif fixes a possible endless loop in id2entry() +- addonschema.tar.gz: some extra Schema files (YaST, RFC2307bis) + +------------------------------------------------------------------- +Wed Jul 16 19:27:39 CEST 2003 - rhafer@suse.de + +- removed fillup_only and call fillup_and_insserv correctly +- new Options in sysconfig.openldap: OPENLDAP_LDAP_INTERFACES, + OPENLDAP_LDAPS_INTERFACES and OPENLDAP_RUN_DB_RECOVER + +------------------------------------------------------------------- +Tue Jul 1 15:42:03 CEST 2003 - rhafer@suse.de + +- updated to 2.1.22 +- updated Admin Guide to most recent version +- build librewrite with -fPIC + +------------------------------------------------------------------- +Mon Jun 16 16:29:03 CEST 2003 - rhafer@suse.de + +- updated to 2.1.21 + +------------------------------------------------------------------- +Wed Jun 11 17:08:11 CEST 2003 - ro@suse.de + +- fixed requires lines + +------------------------------------------------------------------- +Mon May 26 16:00:43 CEST 2003 - rhafer@suse.de + +- don't link back-ldap against librewrite.a, it's already linked + into slapd (package should build on non-i386 Archs again) + +------------------------------------------------------------------- +Fri May 23 14:35:49 CEST 2003 - rhafer@suse.de + +- fixed dynamic build of back-ldap +- new subpackage back-ldap + +------------------------------------------------------------------- +Tue May 20 11:04:50 CEST 2003 - rhafer@suse.de + +- updated to version 2.1.20 +- enabled dynamic backend modules +- new subpackages back-perl, back-meta and back-monitor +- remove unpacked files from BuildRoot + +------------------------------------------------------------------- +Fri May 9 14:23:45 CEST 2003 - rhafer@suse.de + +- updated to version 2.1.19 + +------------------------------------------------------------------- +Wed Apr 16 00:34:31 CEST 2003 - ro@suse.de + +- fixed requires for devel-package ... + +------------------------------------------------------------------- +Tue Apr 15 10:18:11 CEST 2003 - ro@suse.de + +- fixed neededforbuild + +------------------------------------------------------------------- +Thu Feb 13 12:13:23 CET 2003 - kukuk@suse.de + +- Enable IPv6 again + +------------------------------------------------------------------- +Tue Feb 11 19:02:14 CET 2003 - rhafer@suse.de + +- added /etc/openldap to filelist + +------------------------------------------------------------------- +Mon Feb 3 16:42:47 CET 2003 - rhafer@suse.de + +- switch default backend to ldbm + +------------------------------------------------------------------- +Sun Feb 2 23:58:34 CET 2003 - ro@suse.de + +- fixed requires for devel package (cyrus-sasl2-devel) + +------------------------------------------------------------------- +Fri Jan 31 08:58:39 CET 2003 - rhafer@suse.de + +- liblber.dif: Fixes two bugs in liblber by which remote attackers + could crash the LDAP server (Bugzilla #22469, OpenLDAP ITS #2275 + and #2280) + +------------------------------------------------------------------- +Tue Jan 14 11:53:11 CET 2003 - choeger@suse.de + +- build using sasl2 + +------------------------------------------------------------------- +Mon Jan 13 12:23:31 CET 2003 - rhafer@suse.de + +- updated to version 2.1.12 +- added metadata to sysconfig template (Bug: #22666) + +------------------------------------------------------------------- +Thu Nov 28 14:42:06 CET 2002 - rhafer@suse.de + +- updated to version 2.1.8 +- added additional fix of 64bit archs +- added secpatch.dif to fix setuid issues in libldap + +------------------------------------------------------------------- +Fri Sep 6 11:11:07 CEST 2002 - rhafer@suse.de + +- fix for Bugzilla ID #18981, chown to OPENLDAP_USER didn't work + with multiple database backend directories + +------------------------------------------------------------------- +Mon Sep 2 18:02:03 CEST 2002 - rhafer@suse.de + +- removed damoenstart_ipv6.diff and disabled IPv6 support due to + massive problems with nss_ldap + +------------------------------------------------------------------- +Mon Aug 26 19:37:32 CEST 2002 - rhafer@suse.de + +- ldap_user.dif: slapd is now run a the user/group ldap (Bugzilla + ID#17697) + +------------------------------------------------------------------- +Fri Aug 23 13:54:15 CEST 2002 - rhafer@suse.de + +- updated to version 2.1.4, which fixes tons of bugs +- added damoenstart_ipv6.diff (slapd was not starting when + configured to listen on IPv4 and IPv6 interfaces, as done by the + start script) +- added README.SuSE with some hints about the bdb-backend +- updated filelist to include only the man pages of the backends, + that were built + +------------------------------------------------------------------- +Thu Aug 15 15:56:09 CEST 2002 - rhafer@suse.de + +- removed termcap and readline from neededforbuild + +------------------------------------------------------------------- +Thu Aug 8 11:21:36 CEST 2002 - rhafer@suse.de + +- enabled {CRYPT} passwords +- update filelist (added new manpages) + +------------------------------------------------------------------- +Thu Jul 25 15:58:03 CEST 2002 - rhafer@suse.de + +- patches for 64 bit architectures + +------------------------------------------------------------------- +Fri Jul 19 11:28:28 CEST 2002 - rhafer@suse.de + +- update to 2.1.3 + +------------------------------------------------------------------- +Fri Jul 5 13:26:17 CEST 2002 - kukuk@suse.de + +- fix openldap2-devel requires + +------------------------------------------------------------------- +Thu Jul 4 10:29:03 CEST 2002 - rhafer@suse.de + +- switched back from cyrus-sasl2 to cyrus-sasl + +------------------------------------------------------------------- +Wed Jul 3 13:30:23 CEST 2002 - rhafer@suse.de + +- updated to OpenLDAP 2.1.2 +- added the OpenLDAP Administration Guide +- enabled additional backends (ldap, meta, monitor) + +------------------------------------------------------------------- +Mon Jun 10 21:59:35 CEST 2002 - olh@suse.de + +- hack build/ltconfig to build shared libs on ppc64 + +------------------------------------------------------------------- +Wed Jun 5 18:25:51 CEST 2002 - rhafer@suse.de + +- created /etc/sysconfig/openldap and OPENLDAP_START_LDAPS variable + to enable ldap over ssl support + +------------------------------------------------------------------- +Thu Mar 7 16:27:15 CET 2002 - rhafer@suse.de + +- Fix for Bugzilla ID#14569 (added cyrus-sasl-devel openssl-devel + to the "Requires" Section of the -devel subpackage) + +------------------------------------------------------------------- +Mon Feb 18 13:06:10 CET 2002 - rhafer@suse.de + +- updated to the latest STABLE release (2.0.23) which fixes some + nasty bugs see ITS #1562,#1582,#1577,#1578 + +------------------------------------------------------------------- +Thu Feb 7 14:13:25 CET 2002 - rhafer@suse.de + +- updated to the latest release (which fixes a index corruption + bug) +- cleanup in neededforbuild +- small fixes for the init-scripts + +------------------------------------------------------------------- +Thu Jan 17 13:51:28 CET 2002 - rhafer@suse.de + +- updated to the latest stable release (2.0.21) + +------------------------------------------------------------------- +Wed Jan 16 18:36:12 CET 2002 - egmont@suselinux.hu + +- removed periods and colons from startup/shutdown messages + +------------------------------------------------------------------- +Tue Jan 15 15:31:09 CET 2002 - rhafer@suse.de + +- updated to v2.0.20 (which fixes a security hole in ACL + processing) + +------------------------------------------------------------------- +Fri Jan 11 15:54:51 CET 2002 - rhafer@suse.de + +- converted archive to bzip2 +- makes use of %{_libdir} now +- set CFLAGS to -O0 for archs ia64, s390(x) and alpha otherwise + the test suite fails on these archs +- changed slapd.conf to store the database under /var/lib/ldap + (this patch was missing in the last versions by accident) + +------------------------------------------------------------------- +Mon Jan 7 16:41:32 CET 2002 - rhafer@suse.de + +- update to v2.0.19 + +------------------------------------------------------------------- +Thu Dec 6 14:51:56 CET 2001 - rhafer@suse.de + +- eliminated START_LDAP, START_SLURPD variables in rc.config +- created separate init script for slurpd +- moved init scripts from dif to separate source tgz + +------------------------------------------------------------------- +Fri Oct 26 10:36:06 CEST 2001 - choeger@suse.de + +- update to v2.0.18 + +------------------------------------------------------------------- +Mon Oct 15 10:00:06 CEST 2001 - choeger@suse.de + +- update to v2.0.17 + added a sleep to the restart section + moved some manpages to the client package + +------------------------------------------------------------------- +Mon Oct 1 18:38:14 CEST 2001 - choeger@suse.de + +- update to v2.0.15 + +------------------------------------------------------------------- +Wed Sep 12 09:53:03 CEST 2001 - choeger@suse.de + +- backported the full bugfix from openldap-2.0.14 + +------------------------------------------------------------------- +Tue Sep 11 11:36:20 CEST 2001 - choeger@suse.de + +- Bugfix for slurpd millionth second bug (ITS#1323) + +------------------------------------------------------------------- +Mon Sep 10 09:06:40 CEST 2001 - choeger@suse.de + +- moved ldapfilter.conf ldaptemplates.conf ldapsearchprefs.conf + to openldap2-client package + +------------------------------------------------------------------- +Mon Sep 3 09:31:21 CEST 2001 - choeger@suse.de + +- update to version 2.0.12 + +------------------------------------------------------------------- +Mon Jul 2 10:52:22 CEST 2001 - choeger@suse.de + +- bugfix: init script was not LSB compliant, Bugzilla ID#9072 + +------------------------------------------------------------------- +Tue Jun 19 16:18:54 CEST 2001 - ro@suse.de + +- fixed for autoconf again + +------------------------------------------------------------------- +Fri Jun 15 10:23:24 CEST 2001 - choeger@suse.de + +- update to 2.0.11 +- removed autoconf in specfile, because it doesn't work + +------------------------------------------------------------------- +Wed May 23 11:43:08 CEST 2001 - choeger@suse.de + +- update to version 2.0.10 (minor fixes) + +------------------------------------------------------------------- +Tue May 22 11:33:58 CEST 2001 - choeger@suse.de + +- update to version 2.0.9 + +------------------------------------------------------------------- +Mon Apr 23 15:55:32 CEST 2001 - choeger@suse.de + +- removed kerberos support +- added aci support + +------------------------------------------------------------------- +Fri Apr 20 11:52:14 CEST 2001 - choeger@suse.de + +- added kerberos support + +------------------------------------------------------------------- +Thu Apr 5 13:47:51 CEST 2001 - choeger@suse.de + +- moved section 5 and 8 manpages to the server part of package + +------------------------------------------------------------------- +Wed Mar 14 18:17:50 CET 2001 - kukuk@suse.de + +- Move *.so links into -devel package +- -devel requires -client + +------------------------------------------------------------------- +Thu Mar 8 10:51:05 CET 2001 - choeger@suse.de + +- split up into openldap2-client and -devel + +------------------------------------------------------------------- +Tue Feb 27 11:20:53 CET 2001 - ro@suse.de + +- changed neededforbuild to + +------------------------------------------------------------------- +Fri Feb 23 00:10:25 CET 2001 - ro@suse.de + +- added readline/readline-devel to neededforbuild (split from bash) + +------------------------------------------------------------------- +Thu Jan 4 14:03:17 CET 2001 - choeger@suse.de + +- bugfix: slapd.conf rename /var/lib/openldap-ldbm to + /var/lib/ldap + init script: use $remote_fs + +------------------------------------------------------------------- +Tue Jan 2 10:38:20 CET 2001 - olh@suse.de + +- use script name in %post + +------------------------------------------------------------------- +Thu Dec 7 15:01:53 CET 2000 - choeger@suse.de + +- bugfix from Andreas Jaeger: + workaround for glibc2.2, detach + +------------------------------------------------------------------- +Fri Dec 1 15:23:45 CET 2000 - ro@suse.de + +- hacked configure for apparently broken pthread + +------------------------------------------------------------------- +Fri Dec 1 02:28:54 CET 2000 - ro@suse.de + +- fixed spec + +------------------------------------------------------------------- +Thu Nov 23 11:27:07 CET 2000 - choeger@suse.de + +- made configs %config(noreplace) (Bug 4112) +- fixed neededforbuild + +------------------------------------------------------------------- +Wed Nov 22 11:37:22 CET 2000 - choeger@suse.de + +- adopted new init scheme + +------------------------------------------------------------------- +Wed Nov 15 16:24:48 CET 2000 - choeger@suse.de + +- fixed neededforbuild + +------------------------------------------------------------------- +Fri Nov 10 16:32:57 CET 2000 - choeger@suse.de + +- added buildroot + +------------------------------------------------------------------- +Tue Nov 7 18:52:54 CET 2000 - choeger@suse.de + +- long package name +- new version, 2.0.7 + +------------------------------------------------------------------- +Fri Oct 6 11:35:47 CEST 2000 - choeger@suse.de + +- first package of openldap2 (v2.0.6) + diff --git a/openldap2-client.spec b/openldap2-client.spec new file mode 100644 index 0000000..245b1ad --- /dev/null +++ b/openldap2-client.spec @@ -0,0 +1,847 @@ +# +# spec file for package openldap2-client (Version 2.3.27) +# +# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. +# This file and all modifications and additions to the pristine +# package are under the same license as the package itself. +# +# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# + +# norootforbuild + +Name: openldap2-client +BuildRequires: cyrus-sasl-devel db-devel db42-devel krb5-devel openslp-devel openssl-devel tcpd-devel +URL: http://www.openldap.org +License: BSD License and BSD-like +%if "%{name}" == "openldap2" +Group: Productivity/Networking/LDAP/Clients +Provides: ldap2 openldap2-back-ldap openldap2-back-monitor +Obsoletes: openldap2-back-ldap openldap2-back-monitor +Conflicts: openldap +PreReq: %insserv_prereq %fillup_prereq /usr/sbin/useradd /usr/sbin/groupadd /usr/bin/strings /usr/bin/awk /usr/bin/grep +Summary: OpenLDAP2 Client Utilities +%else +Group: Productivity/Networking/LDAP/Clients +Conflicts: openldap-client +Summary: OpenLDAP2 Client Utilities +%endif +Autoreqprov: on +Version: 2.3.27 +Release: 23 +Source: openldap-%{version}.tar.bz2 +Source1: openldap-rc.tgz +Source2: openldap-admin-guide.tar.bz2 +Source3: addonschema.tar.gz +Source4: DB_CONFIG +Source5: sasl-slapd.conf +Patch: openldap2.dif +Patch1: secpatch.dif +Patch2: slapd_conf.dif +Patch3: ldap_conf.dif +Patch4: ldapi_url.dif +Patch5: openldap-ntlm.diff +Patch6: libldap-gethostbyname_r.dif +Patch7: pie-compile.dif +Patch8: libldap-manpages.dif +Patch9: slapd_chain_return_error.dif +Patch10: back-perl-init.dif +Patch11: libldap-sasl_bind-assert.dif +BuildRoot: %{_tmppath}/%{name}-%{version}-build +Prefix: %{_prefix} + +%description +This package contains the OpenLDAP2 client utilities. + + + +Authors: +-------- + The OpenLDAP Project + +%if "%{name}" == "openldap2" +%package -n openldap2-back-perl +Summary: OpenLDAP Perl Back-End +Requires: openldap2 = %{version} +Autoreqprov: on +Group: Productivity/Networking/LDAP/Servers + +%description -n openldap2-back-perl +The OpenLDAP Perl back-end allows you to execute Perl code specific to +different LDAP operations. + + + +Authors: +-------- + The OpenLDAP Project + +%package -n openldap2-back-meta +Summary: OpenLDAP Meta Back-End +Requires: openldap2 = %{version} +Autoreqprov: on +Group: Productivity/Networking/LDAP/Servers +Provides: openldap2:/usr/share/man/man5/slapd-meta.5.gz + +%description -n openldap2-back-meta +The OpenLDAP Meta back-end is able to perform basic LDAP proxying with +respect to a set of remote LDAP servers. The information contained in +these servers can be presented as belonging to a single Directory +Information Tree (DIT). + + + +Authors: +-------- + The OpenLDAP Project + +%else +%package -n openldap2-devel +Summary: Libraries, Header Files and Documentation for OpenLDAP2 +Autoreqprov: on +Conflicts: openldap-devel +Requires: openldap2-client = %{version} cyrus-sasl-devel openssl-devel +Group: Development/Libraries/C and C++ + +%description -n openldap2-devel +This package provides the OpenLDAP2 libraries, header files, and +documentation. + + + +Authors: +-------- + The OpenLDAP Project + +%endif +%prep +%setup -q -n openldap-%{version} -a1 -a2 -a3 +%patch +%patch1 +%patch2 +%patch3 +%patch4 +%patch5 +%patch6 +%if %suse_version > 920 +%patch7 +%endif +%patch8 -p1 +%patch9 -p1 +%patch10 +%patch11 + +%build +%{?suse_update_config:%{suse_update_config -f build}} +libtoolize --force +autoreconf +export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -DLDAP_DEPRECATED -DLDAP_CONNECTIONLESS" +./configure --prefix=/usr \ + --exec-prefix=/usr \ + --sysconfdir=/etc \ + --localstatedir=/var/run/slapd \ + --libexecdir=/usr/lib/openldap \ + --libdir=%{_libdir} \ + --mandir=%{_mandir} \ + --enable-wrappers \ + --enable-aclgroups \ + --enable-spasswd \ + --enable-modules \ + --enable-shared \ + --enable-dynamic \ + --with-tls \ + --with-cyrus-sasl \ + --enable-crypt \ + --enable-ipv6=yes \ +%if "%{name}" == "openldap2" + --enable-aci \ + --enable-bdb \ + --enable-hdb \ + --enable-ldbm \ + --enable-rewrite \ + --enable-ldap=yes \ + --enable-meta=mod \ + --enable-monitor=yes \ + --enable-perl=mod \ + --enable-slp \ + --enable-overlays=yes \ +%else + --disable-slapd \ +%endif + --enable-lmpasswd \ + --with-yielding-select +make depend +make %{?jobs:-j%jobs} +rm tests/scripts/test022-ppolicy +rm tests/scripts/test036-meta-concurrency +rm tests/scripts/test039-glue-ldap-concurrency +# calculate the base port to be use in the test-suite +SLAPD_BASEPORT=10000 +if [ -f /.buildenv ] ; then + . /.buildenv + SLAPD_BASEPORT=$(($SLAPD_BASEPORT + $BUILD_INCARNATION * 10)) +fi +export SLAPD_BASEPORT +%ifnarch %arm alpha +make test +%endif + +%install +#[ "$RPM_BUILD_ROOT" != "/" ] && [ -d $RPM_BUILD_ROOT ] && rm -rf $RPM_BUILD_ROOT; +mkdir -p $RPM_BUILD_ROOT/etc/init.d +mkdir -p $RPM_BUILD_ROOT/usr/sbin +make DESTDIR=$RPM_BUILD_ROOT install +install -m 755 rc.ldap $RPM_BUILD_ROOT/etc/init.d/ldap +install -m 755 rc.slurpd $RPM_BUILD_ROOT/etc/init.d/slurpd +ln -sf ../../etc/init.d/ldap $RPM_BUILD_ROOT/usr/sbin/rcldap +ln -sf ../../etc/init.d/slurpd $RPM_BUILD_ROOT/usr/sbin/rcslurpd +mkdir -p $RPM_BUILD_ROOT/etc/sasl2 +install -m 644 %{SOURCE5} $RPM_BUILD_ROOT/etc/sasl2/slapd.conf +install -m 755 -d $RPM_BUILD_ROOT/var/lib/ldap +install -m 700 -d $RPM_BUILD_ROOT/var/lib/slurpd +chmod a+x $RPM_BUILD_ROOT/%{_libdir}/liblber.so* +chmod a+x $RPM_BUILD_ROOT/%{_libdir}/libldap_r.so* +chmod a+x $RPM_BUILD_ROOT/%{_libdir}/libldap.so* +%if "%{name}" == "openldap2" +mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates +install -m 644 sysconfig.openldap $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.openldap +install -m 644 *.schema $RPM_BUILD_ROOT/etc/openldap/schema +install -m 644 $RPM_SOURCE_DIR/DB_CONFIG $RPM_BUILD_ROOT/var/lib/ldap/DB_CONFIG +install -m 644 $RPM_BUILD_ROOT/etc/openldap/DB_CONFIG.example $RPM_BUILD_ROOT/var/lib/ldap/DB_CONFIG.example +rm -f $RPM_BUILD_ROOT/etc/openldap/DB_CONFIG.example +rm -f $RPM_BUILD_ROOT/var/run/slapd/openldap-data/DB_CONFIG.example +%endif +rm -f $RPM_BUILD_ROOT/usr/lib/openldap/modules/*.a +rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-dnssrv.5 +rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-null.5 +rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-passwd.5 +rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-shell.5 +rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-sql.5 +rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-tcl.5 +# Remove *.la files, libtool does not handle this correct +rm -f $RPM_BUILD_ROOT%{_libdir}/lib*.la +# +#put filelists into files +cat >openldap2.filelist < openldap2-client.filelist < openldap2-devel.filelist < openldap2-back-perl.filelist < openldap2-back-meta.filelist < /dev/null || : +/usr/sbin/useradd -r -o -g ldap -u 76 -s /bin/bash -c "User for OpenLDAP" -d \ +/var/lib/ldap ldap 2> /dev/null || : + +%post +if [ ${1:-0} -gt 1 ] && [ -f %{_libdir}/sasl2/slapd.conf ] ; then + cp /etc/sasl2/slapd.conf /etc/sasl2/slapd.conf.rpmnew + cp %{_libdir}/sasl2/slapd.conf /etc/sasl2/slapd.conf +fi +%{fillup_and_insserv -n -s openldap ldap START_LDAP slurpd START_SLURPD} +%{remove_and_set -n openldap OPENLDAP_RUN_DB_RECOVER} + +%preun +%stop_on_removal ldap slurpd + +%postun +%restart_on_update ldap slurpd +%insserv_cleanup + +%files -f openldap2.filelist +%defattr(-,root,root) + +%files -n openldap2-back-perl -f openldap2-back-perl.filelist +%defattr(-,root,root) + +%files -n openldap2-back-meta -f openldap2-back-meta.filelist +%defattr(-,root,root) +%else + +%files -f openldap2-client.filelist +%defattr(-,root,root) + +%files -n openldap2-devel -f openldap2-devel.filelist +%defattr(-,root,root) +%endif + +%changelog -n openldap2-client +* Fri Nov 17 2006 - rhafer@suse.de +- Fix for a flaw in libldap's strval2strlen() function when processing the + authcid string of certain Bind Requests, which could allow attackers to + cause an affected application to crash (especially the OpenLDAP Server), + creating a denial of service condition (Bug#221154,ITS#4740) +* Tue Nov 14 2006 - rhafer@suse.de +- Additional back-perl fixes from CVS. The first revision of the + patch did not fix the problem completely (Bug#207618, ITS#4751) +* Fri Oct 27 2006 - rhafer@suse.de +- cyrus-sasl configuration moved from %%{_libdir}/sasl2 to + /etc/sasl2/ (Bug: #206414) +* Wed Oct 04 2006 - rhafer@suse.de +- Add $network to Should-Start/Should-Stop in init scripts + (Bug: #206823) +- Imported latest back-perl changes from CVS, to fix back-perl + initialization (Bug: #207618) +* Tue Aug 22 2006 - rhafer@suse.de +- Updated to Version 2.3.27 + * Fixed libldap dnssrv bug with "not present" positive statement + (ITS#4610) + * Fixed libldap dangling pointer issue (ITS#4405) + * Fixed slapd incorrect rebuilding of replica URI (ITS#4633) + * Fixed slapd DN X.509 normalization crash (ITS#4644) + * Fixed slapd-monitor operations order via callbacks (ITS#4631) + * Fixed slapo-accesslog purge task during shutdown + * Fixed slapo-ppolicy handling of default policy (ITS#4634) + * Fixed slapo-ppolicy logging verbosity when using default policy + * Fixed slapo-syncprov incomplete sync on restart issues (ITS#4622) +* Wed Aug 02 2006 - rhafer@suse.de +- Updated to Version 2.3.25 + * Add libldap_r TLS concurrency workaround (ITS#4583) + * Fixed slapd acl selfwrite bug (ITS#4587) + * Fixed various syncrepl and slapo-syncprov bugs (ITS#4582, 4622, + 4534,4613, 4589) + * Fixed slapd-bdb/hdb lock bug with virtual root (ITS#4572) + * Fixed slapd-bdb/hdb modrdn new entry disappearing bug (ITS#4616) + * Fixed slapd-bdb/hdb cache job issue + * Fixed slapo-ppolicy password hashing bug (ITS#4575) + * Fixed slapo-ppolicy password modify pwdMustChange reset bug (ITS#4576) + * Fixed slapo-ppolicy control can be critical (ITS#4596) +- Enabled CLDAP (LDAP over UDP) support +* Mon Jun 26 2006 - rhafer@suse.de +- Updated to Version 2.3.24 + * Fixed slapd syncrepl timestamp bug (delta-sync/cascade) + (ITS#4567) + * Fixed slapd-bdb/hdb non-root users adding suffix/root entries + (ITS#4552) + * Re-fixed slapd-ldap improper free bug in exop (ITS#4550) + * Fixed slapd-ldif assert bug (ITS#4568) + * Fixed slapo-syncprov crash under glued database (ITS#4562) +- cleaned up SLES10 update specific stuff +- added "chain-return-error" feature from HEAD to chain overlay + (ITS#4570) +* Thu Jun 22 2006 - schwab@suse.de +- Don't use automake macros without using automake. +* Wed May 24 2006 - rhafer@suse.de +- Updated to Version 2.3.23 + * obsoletes the patches: libldap_ads-sasl-gssapi.dif, + slapd-epollerr.dif + * Fixed slapd-ldap improper free bug (ITS#4550) + * Fixed libldap referral input destroy issue (ITS#4533) + * Fixed libldap ldap_sort_entries tail bug (ITS#4536) + * Fixed slapd runqueue use of freed memory (ITS#4517) + * Fixed slapd thread pool init issue (ITS#4513) + * Fixed slapd-bdb/hdb pre/post-read freeing (ITS#4532) + * Fixed slapd-bdb/hdb pre/post-read unavailable issue (ITS#4538) + * Fixed slapd-bdb/hdb referral issue (ITS#4548) + * Fixed slapo-ppolicy BER tags issue (ITS#4528) + * Fixed slapo-ppolicy rebind bug (ITS#4516) + * For more details see the CHANGES file +- Install CHANGES file to /usr/share/doc/packages/openldap2 +* Wed May 10 2006 - rhafer@suse.de +- Really apply the patch for Bug#160566 +- slapd could crash while processing queries with pre-/postread + controls (Bug#173877, ITS#4532) +* Fri Mar 24 2006 - rhafer@suse.de +- Backported fix from CVS for occasional crashes in referral + chasing code (as used in e.g. back-meta/back-ldap). + (Bug: #160566, ITS: #4448) +* Mon Mar 13 2006 - rhafer@suse.de +- openldap2 must obsolete -back-monitor and -back-ldap to have them + removed during update (Bug: #157576) +* Fri Feb 17 2006 - rhafer@suse.de +- Add "external" to the list of supported SASL mechanisms + (Bug: #151771) +* Thu Feb 16 2006 - rhafer@suse.de +- Error out when conversion from old configfile to config database + fails (Bug: #135484,#135490 ITS: #4407) +* Mon Feb 13 2006 - rhafer@suse.de +- Don't ignore non-read/write epoll events (Bug: #149993, + ITS: #4395) +- Added update message to /usr/share/update-messages/en/ and enable + it, when update did not succeed. +* Thu Feb 09 2006 - rhafer@suse.de +- OPENLDAP_CHOWN_DIRS honors databases defined in include files + (Bug: #135473) +- Fixed version numbers in README.update +- Fixed GSSAPI binds against Active Directory (Bug: #149390) +* Fri Feb 03 2006 - rhafer@suse.de +- Cleaned up update procedure +- man-pages updates and fixes (Fate: #6365) +* Fri Jan 27 2006 - rhafer@suse.de +- Updated to 2.3.19 (Bug #144371) +* Fri Jan 27 2006 - mls@suse.de +- converted neededforbuild to BuildRequires +* Wed Jan 25 2006 - rhafer@suse.de +- Updated Admin Guide to latest version +- build slapcat from openldap-2.2.24 and install it to + /usr/sbin/openldap-2.2-slapcat to be able to migrate from + OpenLDAP 2.2. +- removed slapd-backbdb-dbupgrade which is no longer needed +- attempt to dump/reload bdb databases in %%{post} +- Update notes in README.update +* Fri Jan 13 2006 - rhafer@suse.de +- New sysconfig variable OPENLDAP_KRB5_KEYTAB +- Cleanup in default configuration and init scripts +* Wed Jan 11 2006 - rhafer@suse.de +- Updated to 2.3.17 +- Remove OPENLDAP_RUN_DB_RECOVER from sysconfig file in %%post + slapd does now automatically recover the database if needed +- Removed unneeded README.SuSE +- Small adjustments to the default DB_CONFIG file +* Mon Jan 09 2006 - rhafer@suse.de +- Updated to 2.3.16 +* Mon Dec 19 2005 - rhafer@suse.de +- Fixed filelist (slapd-hdb man-page was missing) +* Fri Dec 09 2005 - rhafer@suse.de +- Fixed build on x86_64 +* Wed Dec 07 2005 - rhafer@suse.de +- Merged -back-ldap and -back-monitor subpackages into the main + package and don't build them as dynamic modules anymore. +- updated to OpenLDAP 2.3.13 +* Mon Nov 28 2005 - rhafer@suse.de +- updated to OpenLDAP 2.3.12 +* Wed Oct 26 2005 - rhafer@suse.de +- updated to OpenLDAP 2.3.11 +- removed the "LDAP_DEPRECATED" workaround +* Mon Sep 26 2005 - rhafer@suse.de +- Add "LDAP_DEPRECATED" to ldap.h for now +* Fri Sep 23 2005 - rhafer@suse.de +- updated to OpenLDAP 2.3.7 +* Tue Aug 16 2005 - rhafer@suse.de +- allow start_tls while chasing referrals (Bug #94355, ITS #3791) +* Mon Jul 04 2005 - rhafer@suse.de +- devel-subpackage requires openldap2-client of the same version + (Bugzilla: #93579) +* Thu Jun 30 2005 - uli@suse.de +- build with -fPIE (not -fpie) to avoid GOT overflow on s390* +* Wed Jun 22 2005 - rhafer@suse.de +- build the server packages with -fpie/-pie +* Wed Jun 15 2005 - rhafer@suse.de +- updated to 2.2.27 +* Wed May 25 2005 - rhafer@suse.de +- libldap-gethostbyname_r.dif: Use gethostbyname_r instead of + gethostbyname in libldap. Should fix host lookups through + nss_ldap (Bugzilla: #76173) +* Fri May 13 2005 - rhafer@suse.de +- Updated to 2.2.26 +- made /%%{_libdir}]/sasl2/slapd.conf %%config(noreplace) +* Thu Apr 28 2005 - rhafer@suse.de +- Added /%%{_libdir}]/sasl2/slapd.conf to avoid warnings about + unconfigured OTP mechanism (Bugzilla: #80588) +* Tue Apr 12 2005 - rhafer@suse.de +- added minimal timeout to startproc in init-script to let it + report the "failed" status correctly in case of misconfiguration + (Bugzilla: #76393) +* Mon Apr 04 2005 - rhafer@suse.de +- crl-check.dif: Implements CRL checking on client and server side +- use different base ports for differnt values of BUILD_INCARNATION + (/.buildenv) to allow parallel runs of the test-suite on a single + machine +* Mon Apr 04 2005 - uli@suse.de +- force yielding-select test to yes (test occasionally hangs QEMU) +* Fri Apr 01 2005 - uli@suse.de +- disable test suite on ARM (hangs QEMU) +* Tue Mar 29 2005 - rhafer@suse.de +- updated to 2.2.24 +- enabled back-hdb +* Wed Mar 02 2005 - rhafer@suse.de +- syncrepl.dif: merged latest syncrepl fixes (Bugzilla: #65928) +- libldap-reinit-fdset.dif: Re-init fd_sets when select is + interupted (Bugzilla #50076, ITS: #3524) +* Thu Feb 17 2005 - rhafer@suse.de +- checkproc_before_recover.dif: Check if slapd is stopped before + running db_recover from the init script. (Bugzilla: #50962) +* Tue Feb 01 2005 - rhafer@suse.de +- Cleanup back-bdb databases in %%post, db-4.3 changed the + transaction log format again. +- cosmetic fixes in init script +* Tue Jan 25 2005 - rhafer@suse.de +- updated to 2.2.23 +- cleaned up #neededforbuild +- package should also build on older SuSE Linux releases now +- increased killproc timeout in init-script (Bugzilla: #47227) +* Thu Jan 13 2005 - rhafer@suse.de +- updated to 2.2.20 +- Removed unneeded dependencies +* Fri Dec 10 2004 - kukuk@suse.de +- don't install *.la files +* Wed Nov 10 2004 - rhafer@suse.de +- updated to 2.2.18 +- use kerberos-devel-packages in neededforbuild +* Fri Sep 24 2004 - ro@suse.de +- re-arranged specfile to sequence (header (package/descr)* rest) + so the checking parser is not confused ... +* Fri Sep 24 2004 - rhafer@suse.de +- Added pre_checkin.sh to generate a separate openldap2-client + spec-file from which the openldap2-client and openldap2-devel + subpackages are built. Should reduce build time for libldap as + the test-suite is only executed in openldap2.spec. +* Fri Sep 10 2004 - rhafer@suse.de +- libldap-result.dif: ldapsearch was hanging in select() when + retrieving results from eDirectory through a StartTLS protected + connection (Bugzilla #44942) +* Mon Aug 09 2004 - dobey@suse.de +- added ntlm support +* Tue Aug 03 2004 - rhafer@suse.de +- updated to 2.2.16 +- Updated ACLs in slapd_conf.dif to disable default read access + to the "userPKCS12" Attribute +- rc-check-conn.diff: When starting slapd wait until is accepts + connections, or 10 seconds at maximum (Bugzilla #41354) +- Backported -o slp={on|off} feature from OpenLDAP Head and added + new sysconfig variable (OPENLDAP_REGISTER_SLP) to be able + to switch SLP registration on and off. (Bugzilla #39865) +- removed unneeded README.update +* Fri Apr 30 2004 - rhafer@suse.de +- updated to 2.2.11 +- remove SLES8 update specific stuff +- Bugzilla #39652: Updated slapd_conf.dif to contain basic access + control +- Bugzilla #39468: Added missing items to yast.schema +- fixed strict-aliasing compiler warnings (strict-aliasing.dif) +* Thu Apr 29 2004 - coolo@suse.de +- build with several jobs if available +* Mon Apr 19 2004 - rhafer@suse.de +- ldapi_url.dif: Fixed paths for LDAPI-socket, pid-file and + args-file (Bugzilla #38790) +- ldbm_modrdn.dif: Fixed back-ldbm modrdn indexing bug (ITS #3059, + Bugzilla #38915) +- modify_check_duplicates.dif: check for duplicate attribute + values in modify requests (ITS #3066/#3097, Bugzilla #38607) +- updated and renamed yast2userconfig.schema to yast.schema as it + contains more that only user configuration now +- syncrepl.dif: addtional fixes for syncrepl (ITS #3055, #3056) +- test_syncrepl_timeout: increased sleep timeout in syncrepl + testsuite +* Thu Apr 01 2004 - rhafer@suse.de +- added "TLS_REQCERT allow" to /etc/openldap/ldap.conf, to make + START_TLS work without access to the CA Certificate. + (Bugzilla: #37393) +* Fri Mar 26 2004 - rhafer@suse.de +- fixed filelist +- check-build.sh (build on kernel >= 2.6.4 hosts only) +- yast2user.schema / slapd.conf fixed (#37076) +- don't check for TLS-options is init-script anymore (#33560) +- fixed various typos in README.update +* Wed Mar 17 2004 - rhafer@suse.de +- fixed build of openldap-2.1-slapcat (using correct db41 include + files, build backends as on sles8) +- attempt to update bdb database and reindex ldbm database in %%{post} +- Update notes in README.update +- better default configuration (including default DB_CONFIG file) +- misc updates for the YaST schema +- fixed crasher in syncrepl-code (syncrepl.dif) +* Tue Mar 16 2004 - schwab@suse.de +- Fix type mismatch. +* Tue Mar 02 2004 - rhafer@suse.de +- updated to 2.2.6 +- build a openldap-2.1-slapcat from 2.1.25 sources to be able to + migrate from SLES8 and SL 9.0 +* Thu Feb 19 2004 - ro@suse.de +- added check-build.sh (build on 2.6 hosts only) +* Thu Feb 05 2004 - rhafer@suse.de +- updated to 2.2.5 +- adjusted rfc2307bis.schema to support UTF-8 values in most + attributes +- enabled proxycache-overlay (wiht fix to work with back-ldbm) +* Tue Jan 13 2004 - rhafer@suse.de +- updated to 2.2.4 +- updated Admin Guide to most recent version +* Sat Jan 10 2004 - adrian@suse.de +- add %%defattr +- fix build as user +* Mon Dec 08 2003 - rhafer@suse.de +- updated to 2.1.25 +- small fixes for the YaST user schema +* Tue Nov 11 2003 - rhafer@suse.de +- enabled SLP-support +* Fri Oct 17 2003 - kukuk@suse.de +- Remove unused des from neededforbuild +* Tue Sep 02 2003 - mt@suse.de +- Bugzilla #29859: fixed typo in sysconfig metadata, + usage of OPENLDAP_LDAPS_INTERFACES in init script +- added /usr/lib/sasl2/slapd.conf permissions handling +- added sysconfig variable OPENLDAP_SLAPD_PARAMS="" + to support additional slapd start parameters +- added sysconfig variable OPENLDAP_START_LDAPI=NO/yes + for ldapi:/// (LDAP over IPC) URLs +* Thu Aug 14 2003 - rhafer@suse.de +- added activation metadata to sysconfig template (Bugzilla #28911) +- removed lint from specfile +* Thu Aug 07 2003 - rhafer@suse.de +- added %%stop_on_removal and %%restart_on_update calls +- bdb_addcnt.dif fixes a possible endless loop in id2entry() +- addonschema.tar.gz: some extra Schema files (YaST, RFC2307bis) +* Wed Jul 16 2003 - rhafer@suse.de +- removed fillup_only and call fillup_and_insserv correctly +- new Options in sysconfig.openldap: OPENLDAP_LDAP_INTERFACES, + OPENLDAP_LDAPS_INTERFACES and OPENLDAP_RUN_DB_RECOVER +* Tue Jul 01 2003 - rhafer@suse.de +- updated to 2.1.22 +- updated Admin Guide to most recent version +- build librewrite with -fPIC +* Mon Jun 16 2003 - rhafer@suse.de +- updated to 2.1.21 +* Wed Jun 11 2003 - ro@suse.de +- fixed requires lines +* Mon May 26 2003 - rhafer@suse.de +- don't link back-ldap against librewrite.a, it's already linked + into slapd (package should build on non-i386 Archs again) +* Fri May 23 2003 - rhafer@suse.de +- fixed dynamic build of back-ldap +- new subpackage back-ldap +* Tue May 20 2003 - rhafer@suse.de +- updated to version 2.1.20 +- enabled dynamic backend modules +- new subpackages back-perl, back-meta and back-monitor +- remove unpacked files from BuildRoot +* Fri May 09 2003 - rhafer@suse.de +- updated to version 2.1.19 +* Wed Apr 16 2003 - ro@suse.de +- fixed requires for devel-package ... +* Tue Apr 15 2003 - ro@suse.de +- fixed neededforbuild +* Thu Feb 13 2003 - kukuk@suse.de +- Enable IPv6 again +* Tue Feb 11 2003 - rhafer@suse.de +- added /etc/openldap to filelist +* Mon Feb 03 2003 - rhafer@suse.de +- switch default backend to ldbm +* Sun Feb 02 2003 - ro@suse.de +- fixed requires for devel package (cyrus-sasl2-devel) +* Fri Jan 31 2003 - rhafer@suse.de +- liblber.dif: Fixes two bugs in liblber by which remote attackers + could crash the LDAP server (Bugzilla #22469, OpenLDAP ITS #2275 + and #2280) +* Tue Jan 14 2003 - choeger@suse.de +- build using sasl2 +* Mon Jan 13 2003 - rhafer@suse.de +- updated to version 2.1.12 +- added metadata to sysconfig template (Bug: #22666) +* Thu Nov 28 2002 - rhafer@suse.de +- updated to version 2.1.8 +- added additional fix of 64bit archs +- added secpatch.dif to fix setuid issues in libldap +* Fri Sep 06 2002 - rhafer@suse.de +- fix for Bugzilla ID #18981, chown to OPENLDAP_USER didn't work + with multiple database backend directories +* Mon Sep 02 2002 - rhafer@suse.de +- removed damoenstart_ipv6.diff and disabled IPv6 support due to + massive problems with nss_ldap +* Mon Aug 26 2002 - rhafer@suse.de +- ldap_user.dif: slapd is now run a the user/group ldap (Bugzilla + ID#17697) +* Fri Aug 23 2002 - rhafer@suse.de +- updated to version 2.1.4, which fixes tons of bugs +- added damoenstart_ipv6.diff (slapd was not starting when + configured to listen on IPv4 and IPv6 interfaces, as done by the + start script) +- added README.SuSE with some hints about the bdb-backend +- updated filelist to include only the man pages of the backends, + that were built +* Thu Aug 15 2002 - rhafer@suse.de +- removed termcap and readline from neededforbuild +* Thu Aug 08 2002 - rhafer@suse.de +- enabled {CRYPT} passwords +- update filelist (added new manpages) +* Thu Jul 25 2002 - rhafer@suse.de +- patches for 64 bit architectures +* Fri Jul 19 2002 - rhafer@suse.de +- update to 2.1.3 +* Fri Jul 05 2002 - kukuk@suse.de +- fix openldap2-devel requires +* Thu Jul 04 2002 - rhafer@suse.de +- switched back from cyrus-sasl2 to cyrus-sasl +* Wed Jul 03 2002 - rhafer@suse.de +- updated to OpenLDAP 2.1.2 +- added the OpenLDAP Administration Guide +- enabled additional backends (ldap, meta, monitor) +* Mon Jun 10 2002 - olh@suse.de +- hack build/ltconfig to build shared libs on ppc64 +* Wed Jun 05 2002 - rhafer@suse.de +- created /etc/sysconfig/openldap and OPENLDAP_START_LDAPS variable + to enable ldap over ssl support +* Thu Mar 07 2002 - rhafer@suse.de +- Fix for Bugzilla ID#14569 (added cyrus-sasl-devel openssl-devel + to the "Requires" Section of the -devel subpackage) +* Mon Feb 18 2002 - rhafer@suse.de +- updated to the latest STABLE release (2.0.23) which fixes some + nasty bugs see ITS #1562,#1582,#1577,#1578 +* Thu Feb 07 2002 - rhafer@suse.de +- updated to the latest release (which fixes a index corruption + bug) +- cleanup in neededforbuild +- small fixes for the init-scripts +* Thu Jan 17 2002 - rhafer@suse.de +- updated to the latest stable release (2.0.21) +* Wed Jan 16 2002 - egmont@suselinux.hu +- removed periods and colons from startup/shutdown messages +* Tue Jan 15 2002 - rhafer@suse.de +- updated to v2.0.20 (which fixes a security hole in ACL + processing) +* Fri Jan 11 2002 - rhafer@suse.de +- converted archive to bzip2 +- makes use of %%{_libdir} now +- set CFLAGS to -O0 for archs ia64, s390(x) and alpha otherwise + the test suite fails on these archs +- changed slapd.conf to store the database under /var/lib/ldap + (this patch was missing in the last versions by accident) +* Mon Jan 07 2002 - rhafer@suse.de +- update to v2.0.19 +* Thu Dec 06 2001 - rhafer@suse.de +- eliminated START_LDAP, START_SLURPD variables in rc.config +- created separate init script for slurpd +- moved init scripts from dif to separate source tgz +* Fri Oct 26 2001 - choeger@suse.de +- update to v2.0.18 +* Mon Oct 15 2001 - choeger@suse.de +- update to v2.0.17 + added a sleep to the restart section + moved some manpages to the client package +* Mon Oct 01 2001 - choeger@suse.de +- update to v2.0.15 +* Wed Sep 12 2001 - choeger@suse.de +- backported the full bugfix from openldap-2.0.14 +* Tue Sep 11 2001 - choeger@suse.de +- Bugfix for slurpd millionth second bug (ITS#1323) +* Mon Sep 10 2001 - choeger@suse.de +- moved ldapfilter.conf ldaptemplates.conf ldapsearchprefs.conf + to openldap2-client package +* Mon Sep 03 2001 - choeger@suse.de +- update to version 2.0.12 +* Mon Jul 02 2001 - choeger@suse.de +- bugfix: init script was not LSB compliant, Bugzilla ID#9072 +* Tue Jun 19 2001 - ro@suse.de +- fixed for autoconf again +* Fri Jun 15 2001 - choeger@suse.de +- update to 2.0.11 +- removed autoconf in specfile, because it doesn't work +* Wed May 23 2001 - choeger@suse.de +- update to version 2.0.10 (minor fixes) +* Tue May 22 2001 - choeger@suse.de +- update to version 2.0.9 +* Mon Apr 23 2001 - choeger@suse.de +- removed kerberos support +- added aci support +* Fri Apr 20 2001 - choeger@suse.de +- added kerberos support +* Thu Apr 05 2001 - choeger@suse.de +- moved section 5 and 8 manpages to the server part of package +* Wed Mar 14 2001 - kukuk@suse.de +- Move *.so links into -devel package +- -devel requires -client +* Thu Mar 08 2001 - choeger@suse.de +- split up into openldap2-client and -devel +* Tue Feb 27 2001 - ro@suse.de +- changed neededforbuild to +* Fri Feb 23 2001 - ro@suse.de +- added readline/readline-devel to neededforbuild (split from bash) +* Thu Jan 04 2001 - choeger@suse.de +- bugfix: slapd.conf rename /var/lib/openldap-ldbm to + /var/lib/ldap + init script: use $remote_fs +* Tue Jan 02 2001 - olh@suse.de +- use script name in %%post +* Thu Dec 07 2000 - choeger@suse.de +- bugfix from Andreas Jaeger: + workaround for glibc2.2, detach +* Fri Dec 01 2000 - ro@suse.de +- hacked configure for apparently broken pthread +* Fri Dec 01 2000 - ro@suse.de +- fixed spec +* Thu Nov 23 2000 - choeger@suse.de +- made configs %%config(noreplace) (Bug 4112) +- fixed neededforbuild +* Wed Nov 22 2000 - choeger@suse.de +- adopted new init scheme +* Wed Nov 15 2000 - choeger@suse.de +- fixed neededforbuild +* Fri Nov 10 2000 - choeger@suse.de +- added buildroot +* Tue Nov 07 2000 - choeger@suse.de +- long package name +- new version, 2.0.7 +* Fri Oct 06 2000 - choeger@suse.de +- first package of openldap2 (v2.0.6) diff --git a/openldap2.changes b/openldap2.changes new file mode 100644 index 0000000..54f666c --- /dev/null +++ b/openldap2.changes @@ -0,0 +1,926 @@ +------------------------------------------------------------------- +Fri Nov 17 10:25:44 CET 2006 - rhafer@suse.de + +- Fix for a flaw in libldap's strval2strlen() function when processing the + authcid string of certain Bind Requests, which could allow attackers to + cause an affected application to crash (especially the OpenLDAP Server), + creating a denial of service condition (Bug#221154,ITS#4740) + +------------------------------------------------------------------- +Tue Nov 14 16:18:34 CET 2006 - rhafer@suse.de + +- Additional back-perl fixes from CVS. The first revision of the + patch did not fix the problem completely (Bug#207618, ITS#4751) + +------------------------------------------------------------------- +Fri Oct 27 16:46:43 CEST 2006 - rhafer@suse.de + +- cyrus-sasl configuration moved from %{_libdir}/sasl2 to + /etc/sasl2/ (Bug: #206414) + +------------------------------------------------------------------- +Wed Oct 4 15:56:11 CEST 2006 - rhafer@suse.de + +- Add $network to Should-Start/Should-Stop in init scripts + (Bug: #206823) +- Imported latest back-perl changes from CVS, to fix back-perl + initialization (Bug: #207618) + +------------------------------------------------------------------- +Tue Aug 22 16:27:25 CEST 2006 - rhafer@suse.de + +- Updated to Version 2.3.27 + * Fixed libldap dnssrv bug with "not present" positive statement + (ITS#4610) + * Fixed libldap dangling pointer issue (ITS#4405) + * Fixed slapd incorrect rebuilding of replica URI (ITS#4633) + * Fixed slapd DN X.509 normalization crash (ITS#4644) + * Fixed slapd-monitor operations order via callbacks (ITS#4631) + * Fixed slapo-accesslog purge task during shutdown + * Fixed slapo-ppolicy handling of default policy (ITS#4634) + * Fixed slapo-ppolicy logging verbosity when using default policy + * Fixed slapo-syncprov incomplete sync on restart issues (ITS#4622) + +------------------------------------------------------------------- +Wed Aug 2 11:08:23 CEST 2006 - rhafer@suse.de + +- Updated to Version 2.3.25 + * Add libldap_r TLS concurrency workaround (ITS#4583) + * Fixed slapd acl selfwrite bug (ITS#4587) + * Fixed various syncrepl and slapo-syncprov bugs (ITS#4582, 4622, + 4534,4613, 4589) + * Fixed slapd-bdb/hdb lock bug with virtual root (ITS#4572) + * Fixed slapd-bdb/hdb modrdn new entry disappearing bug (ITS#4616) + * Fixed slapd-bdb/hdb cache job issue + * Fixed slapo-ppolicy password hashing bug (ITS#4575) + * Fixed slapo-ppolicy password modify pwdMustChange reset bug (ITS#4576) + * Fixed slapo-ppolicy control can be critical (ITS#4596) +- Enabled CLDAP (LDAP over UDP) support + +------------------------------------------------------------------ +Mon Jun 26 16:36:16 CEST 2006 - rhafer@suse.de + +- Updated to Version 2.3.24 + * Fixed slapd syncrepl timestamp bug (delta-sync/cascade) + (ITS#4567) + * Fixed slapd-bdb/hdb non-root users adding suffix/root entries + (ITS#4552) + * Re-fixed slapd-ldap improper free bug in exop (ITS#4550) + * Fixed slapd-ldif assert bug (ITS#4568) + * Fixed slapo-syncprov crash under glued database (ITS#4562) +- cleaned up SLES10 update specific stuff +- added "chain-return-error" feature from HEAD to chain overlay + (ITS#4570) + +------------------------------------------------------------------- +Thu Jun 22 14:46:58 CEST 2006 - schwab@suse.de + +- Don't use automake macros without using automake. + +------------------------------------------------------------------- +Wed May 24 09:52:03 CEST 2006 - rhafer@suse.de + +- Updated to Version 2.3.23 + * obsoletes the patches: libldap_ads-sasl-gssapi.dif, + slapd-epollerr.dif + * Fixed slapd-ldap improper free bug (ITS#4550) + * Fixed libldap referral input destroy issue (ITS#4533) + * Fixed libldap ldap_sort_entries tail bug (ITS#4536) + * Fixed slapd runqueue use of freed memory (ITS#4517) + * Fixed slapd thread pool init issue (ITS#4513) + * Fixed slapd-bdb/hdb pre/post-read freeing (ITS#4532) + * Fixed slapd-bdb/hdb pre/post-read unavailable issue (ITS#4538) + * Fixed slapd-bdb/hdb referral issue (ITS#4548) + * Fixed slapo-ppolicy BER tags issue (ITS#4528) + * Fixed slapo-ppolicy rebind bug (ITS#4516) + * For more details see the CHANGES file +- Install CHANGES file to /usr/share/doc/packages/openldap2 + +------------------------------------------------------------------- +Wed May 10 10:20:16 CEST 2006 - rhafer@suse.de + +- Really apply the patch for Bug#160566 +- slapd could crash while processing queries with pre-/postread + controls (Bug#173877, ITS#4532) + +------------------------------------------------------------------- +Fri Mar 24 13:48:52 CET 2006 - rhafer@suse.de + +- Backported fix from CVS for occasional crashes in referral + chasing code (as used in e.g. back-meta/back-ldap). + (Bug: #160566, ITS: #4448) + +------------------------------------------------------------------- +Mon Mar 13 16:23:32 CET 2006 - rhafer@suse.de + +- openldap2 must obsolete -back-monitor and -back-ldap to have them + removed during update (Bug: #157576) + +------------------------------------------------------------------- +Fri Feb 17 12:58:13 CET 2006 - rhafer@suse.de + +- Add "external" to the list of supported SASL mechanisms + (Bug: #151771) + +------------------------------------------------------------------- +Thu Feb 16 11:45:20 CET 2006 - rhafer@suse.de + +- Error out when conversion from old configfile to config database + fails (Bug: #135484,#135490 ITS: #4407) + +------------------------------------------------------------------- +Mon Feb 13 14:45:43 CET 2006 - rhafer@suse.de + +- Don't ignore non-read/write epoll events (Bug: #149993, + ITS: #4395) +- Added update message to /usr/share/update-messages/en/ and enable + it, when update did not succeed. + +------------------------------------------------------------------- +Thu Feb 9 11:43:56 CET 2006 - rhafer@suse.de + +- OPENLDAP_CHOWN_DIRS honors databases defined in include files + (Bug: #135473) +- Fixed version numbers in README.update +- Fixed GSSAPI binds against Active Directory (Bug: #149390) + +------------------------------------------------------------------- +Fri Feb 3 11:32:27 CET 2006 - rhafer@suse.de + +- Cleaned up update procedure +- man-pages updates and fixes (Fate: #6365) + +------------------------------------------------------------------- +Fri Jan 27 09:15:33 CET 2006 - rhafer@suse.de + +- Updated to 2.3.19 (Bug #144371) + +------------------------------------------------------------------- +Fri Jan 27 02:16:56 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Wed Jan 25 18:17:51 CET 2006 - rhafer@suse.de + +- Updated Admin Guide to latest version +- build slapcat from openldap-2.2.24 and install it to + /usr/sbin/openldap-2.2-slapcat to be able to migrate from + OpenLDAP 2.2. +- removed slapd-backbdb-dbupgrade which is no longer needed +- attempt to dump/reload bdb databases in %{post} +- Update notes in README.update + +------------------------------------------------------------------- +Fri Jan 13 10:36:44 CET 2006 - rhafer@suse.de + +- New sysconfig variable OPENLDAP_KRB5_KEYTAB +- Cleanup in default configuration and init scripts + +------------------------------------------------------------------- +Wed Jan 11 10:13:52 CET 2006 - rhafer@suse.de + +- Updated to 2.3.17 +- Remove OPENLDAP_RUN_DB_RECOVER from sysconfig file in %post + slapd does now automatically recover the database if needed +- Removed unneeded README.SuSE +- Small adjustments to the default DB_CONFIG file + +------------------------------------------------------------------- +Mon Jan 9 11:48:10 CET 2006 - rhafer@suse.de + +- Updated to 2.3.16 + +------------------------------------------------------------------- +Mon Dec 19 13:55:35 CET 2005 - rhafer@suse.de + +- Fixed filelist (slapd-hdb man-page was missing) + +------------------------------------------------------------------- +Fri Dec 9 10:04:28 CET 2005 - rhafer@suse.de + +- Fixed build on x86_64 + +------------------------------------------------------------------- +Wed Dec 7 10:48:57 CET 2005 - rhafer@suse.de + +- Merged -back-ldap and -back-monitor subpackages into the main + package and don't build them as dynamic modules anymore. +- updated to OpenLDAP 2.3.13 + +------------------------------------------------------------------- +Mon Nov 28 16:56:21 CET 2005 - rhafer@suse.de + +- updated to OpenLDAP 2.3.12 + +------------------------------------------------------------------- +Wed Oct 26 11:34:24 CEST 2005 - rhafer@suse.de + +- updated to OpenLDAP 2.3.11 +- removed the "LDAP_DEPRECATED" workaround + +------------------------------------------------------------------- +Mon Sep 26 09:51:11 CEST 2005 - rhafer@suse.de + +- Add "LDAP_DEPRECATED" to ldap.h for now + +------------------------------------------------------------------- +Fri Sep 23 14:41:14 CEST 2005 - rhafer@suse.de + +- updated to OpenLDAP 2.3.7 + +------------------------------------------------------------------- +Tue Aug 16 14:08:49 CEST 2005 - rhafer@suse.de + +- allow start_tls while chasing referrals (Bug #94355, ITS #3791) + +------------------------------------------------------------------- +Mon Jul 4 11:42:08 CEST 2005 - rhafer@suse.de + +- devel-subpackage requires openldap2-client of the same version + (Bugzilla: #93579) + +------------------------------------------------------------------- +Thu Jun 30 17:55:22 CEST 2005 - uli@suse.de + +- build with -fPIE (not -fpie) to avoid GOT overflow on s390* + +------------------------------------------------------------------- +Wed Jun 22 16:26:42 CEST 2005 - rhafer@suse.de + +- build the server packages with -fpie/-pie + +------------------------------------------------------------------- +Wed Jun 15 16:43:25 CEST 2005 - rhafer@suse.de + +- updated to 2.2.27 + +------------------------------------------------------------------- +Wed May 25 13:58:57 CEST 2005 - rhafer@suse.de + +- libldap-gethostbyname_r.dif: Use gethostbyname_r instead of + gethostbyname in libldap. Should fix host lookups through + nss_ldap (Bugzilla: #76173) + +------------------------------------------------------------------- +Fri May 13 12:27:05 CEST 2005 - rhafer@suse.de + +- Updated to 2.2.26 +- made /%{_libdir}]/sasl2/slapd.conf %config(noreplace) + +------------------------------------------------------------------- +Thu Apr 28 09:42:30 CEST 2005 - rhafer@suse.de + +- Added /%{_libdir}]/sasl2/slapd.conf to avoid warnings about + unconfigured OTP mechanism (Bugzilla: #80588) + +------------------------------------------------------------------- +Tue Apr 12 15:02:24 CEST 2005 - rhafer@suse.de + +- added minimal timeout to startproc in init-script to let it + report the "failed" status correctly in case of misconfiguration + (Bugzilla: #76393) + +------------------------------------------------------------------- +Mon Apr 4 16:41:32 CEST 2005 - rhafer@suse.de + +- crl-check.dif: Implements CRL checking on client and server side +- use different base ports for differnt values of BUILD_INCARNATION + (/.buildenv) to allow parallel runs of the test-suite on a single + machine + +------------------------------------------------------------------- +Mon Apr 4 15:33:19 CEST 2005 - uli@suse.de + +- force yielding-select test to yes (test occasionally hangs QEMU) + +------------------------------------------------------------------- +Fri Apr 1 13:16:49 CEST 2005 - uli@suse.de + +- disable test suite on ARM (hangs QEMU) + +------------------------------------------------------------------- +Tue Mar 29 14:21:50 CEST 2005 - rhafer@suse.de + +- updated to 2.2.24 +- enabled back-hdb + +------------------------------------------------------------------- +Wed Mar 2 13:44:23 CET 2005 - rhafer@suse.de + +- syncrepl.dif: merged latest syncrepl fixes (Bugzilla: #65928) +- libldap-reinit-fdset.dif: Re-init fd_sets when select is + interupted (Bugzilla #50076, ITS: #3524) + +------------------------------------------------------------------- +Thu Feb 17 14:28:02 CET 2005 - rhafer@suse.de + +- checkproc_before_recover.dif: Check if slapd is stopped before + running db_recover from the init script. (Bugzilla: #50962) + +------------------------------------------------------------------- +Tue Feb 1 14:30:13 CET 2005 - rhafer@suse.de + +- Cleanup back-bdb databases in %post, db-4.3 changed the + transaction log format again. +- cosmetic fixes in init script + +------------------------------------------------------------------- +Tue Jan 25 15:57:55 CET 2005 - rhafer@suse.de + +- updated to 2.2.23 +- cleaned up #neededforbuild +- package should also build on older SuSE Linux releases now +- increased killproc timeout in init-script (Bugzilla: #47227) + +------------------------------------------------------------------- +Thu Jan 13 15:09:28 CET 2005 - rhafer@suse.de + +- updated to 2.2.20 +- Removed unneeded dependencies + +------------------------------------------------------------------- +Fri Dec 10 12:58:58 CET 2004 - kukuk@suse.de + +- don't install *.la files + +------------------------------------------------------------------- +Wed Nov 10 16:38:10 CET 2004 - rhafer@suse.de + +- updated to 2.2.18 +- use kerberos-devel-packages in neededforbuild + +------------------------------------------------------------------- +Fri Sep 24 17:55:10 CEST 2004 - ro@suse.de + +- re-arranged specfile to sequence (header (package/descr)* rest) + so the checking parser is not confused ... + +------------------------------------------------------------------- +Fri Sep 24 13:59:40 CEST 2004 - rhafer@suse.de + +- Added pre_checkin.sh to generate a separate openldap2-client + spec-file from which the openldap2-client and openldap2-devel + subpackages are built. Should reduce build time for libldap as + the test-suite is only executed in openldap2.spec. + +------------------------------------------------------------------- +Fri Sep 10 13:24:44 CEST 2004 - rhafer@suse.de + +- libldap-result.dif: ldapsearch was hanging in select() when + retrieving results from eDirectory through a StartTLS protected + connection (Bugzilla #44942) + +------------------------------------------------------------------- +Mon Aug 9 23:43:18 CEST 2004 - dobey@suse.de + +- added ntlm support + +------------------------------------------------------------------- +Tue Aug 3 14:48:25 CEST 2004 - rhafer@suse.de + +- updated to 2.2.16 +- Updated ACLs in slapd_conf.dif to disable default read access + to the "userPKCS12" Attribute +- rc-check-conn.diff: When starting slapd wait until is accepts + connections, or 10 seconds at maximum (Bugzilla #41354) +- Backported -o slp={on|off} feature from OpenLDAP Head and added + new sysconfig variable (OPENLDAP_REGISTER_SLP) to be able + to switch SLP registration on and off. (Bugzilla #39865) +- removed unneeded README.update + +------------------------------------------------------------------- +Fri Apr 30 16:46:50 CEST 2004 - rhafer@suse.de + +- updated to 2.2.11 +- remove SLES8 update specific stuff +- Bugzilla #39652: Updated slapd_conf.dif to contain basic access + control +- Bugzilla #39468: Added missing items to yast.schema +- fixed strict-aliasing compiler warnings (strict-aliasing.dif) + +------------------------------------------------------------------- +Thu Apr 29 15:13:31 CEST 2004 - coolo@suse.de + +- build with several jobs if available + +------------------------------------------------------------------- +Mon Apr 19 12:13:41 CEST 2004 - rhafer@suse.de + +- ldapi_url.dif: Fixed paths for LDAPI-socket, pid-file and + args-file (Bugzilla #38790) +- ldbm_modrdn.dif: Fixed back-ldbm modrdn indexing bug (ITS #3059, + Bugzilla #38915) +- modify_check_duplicates.dif: check for duplicate attribute + values in modify requests (ITS #3066/#3097, Bugzilla #38607) +- updated and renamed yast2userconfig.schema to yast.schema as it + contains more that only user configuration now +- syncrepl.dif: addtional fixes for syncrepl (ITS #3055, #3056) +- test_syncrepl_timeout: increased sleep timeout in syncrepl + testsuite + +------------------------------------------------------------------- +Thu Apr 1 15:05:15 CEST 2004 - rhafer@suse.de + +- added "TLS_REQCERT allow" to /etc/openldap/ldap.conf, to make + START_TLS work without access to the CA Certificate. + (Bugzilla: #37393) + +------------------------------------------------------------------- +Fri Mar 26 15:30:12 CET 2004 - rhafer@suse.de + +- fixed filelist +- check-build.sh (build on kernel >= 2.6.4 hosts only) +- yast2user.schema / slapd.conf fixed (#37076) +- don't check for TLS-options is init-script anymore (#33560) +- fixed various typos in README.update + +------------------------------------------------------------------- +Wed Mar 17 13:21:45 CET 2004 - rhafer@suse.de + +- fixed build of openldap-2.1-slapcat (using correct db41 include + files, build backends as on sles8) +- attempt to update bdb database and reindex ldbm database in %{post} +- Update notes in README.update +- better default configuration (including default DB_CONFIG file) +- misc updates for the YaST schema +- fixed crasher in syncrepl-code (syncrepl.dif) + +------------------------------------------------------------------- +Tue Mar 16 16:15:49 CET 2004 - schwab@suse.de + +- Fix type mismatch. + +------------------------------------------------------------------- +Tue Mar 2 19:50:18 CET 2004 - rhafer@suse.de + +- updated to 2.2.6 +- build a openldap-2.1-slapcat from 2.1.25 sources to be able to + migrate from SLES8 and SL 9.0 + +------------------------------------------------------------------- +Thu Feb 19 17:25:12 CET 2004 - ro@suse.de + +- added check-build.sh (build on 2.6 hosts only) + +------------------------------------------------------------------- +Thu Feb 5 17:38:52 CET 2004 - rhafer@suse.de + +- updated to 2.2.5 +- adjusted rfc2307bis.schema to support UTF-8 values in most + attributes +- enabled proxycache-overlay (wiht fix to work with back-ldbm) + +------------------------------------------------------------------- +Tue Jan 13 11:31:03 CET 2004 - rhafer@suse.de + +- updated to 2.2.4 +- updated Admin Guide to most recent version + +------------------------------------------------------------------- +Sat Jan 10 10:19:26 CET 2004 - adrian@suse.de + +- add %defattr +- fix build as user + +------------------------------------------------------------------- +Mon Dec 8 16:46:03 CET 2003 - rhafer@suse.de + +- updated to 2.1.25 +- small fixes for the YaST user schema + +------------------------------------------------------------------- +Tue Nov 11 15:20:05 CET 2003 - rhafer@suse.de + +- enabled SLP-support + +------------------------------------------------------------------- +Fri Oct 17 22:14:24 CEST 2003 - kukuk@suse.de + +- Remove unused des from neededforbuild + +------------------------------------------------------------------- +Tue Sep 2 16:04:05 CEST 2003 - mt@suse.de + +- Bugzilla #29859: fixed typo in sysconfig metadata, + usage of OPENLDAP_LDAPS_INTERFACES in init script +- added /usr/lib/sasl2/slapd.conf permissions handling +- added sysconfig variable OPENLDAP_SLAPD_PARAMS="" + to support additional slapd start parameters +- added sysconfig variable OPENLDAP_START_LDAPI=NO/yes + for ldapi:/// (LDAP over IPC) URLs + +------------------------------------------------------------------- +Thu Aug 14 17:12:35 CEST 2003 - rhafer@suse.de + +- added activation metadata to sysconfig template (Bugzilla #28911) +- removed lint from specfile + +------------------------------------------------------------------- +Thu Aug 7 18:37:16 CEST 2003 - rhafer@suse.de + +- added %stop_on_removal and %restart_on_update calls +- bdb_addcnt.dif fixes a possible endless loop in id2entry() +- addonschema.tar.gz: some extra Schema files (YaST, RFC2307bis) + +------------------------------------------------------------------- +Wed Jul 16 19:27:39 CEST 2003 - rhafer@suse.de + +- removed fillup_only and call fillup_and_insserv correctly +- new Options in sysconfig.openldap: OPENLDAP_LDAP_INTERFACES, + OPENLDAP_LDAPS_INTERFACES and OPENLDAP_RUN_DB_RECOVER + +------------------------------------------------------------------- +Tue Jul 1 15:42:03 CEST 2003 - rhafer@suse.de + +- updated to 2.1.22 +- updated Admin Guide to most recent version +- build librewrite with -fPIC + +------------------------------------------------------------------- +Mon Jun 16 16:29:03 CEST 2003 - rhafer@suse.de + +- updated to 2.1.21 + +------------------------------------------------------------------- +Wed Jun 11 17:08:11 CEST 2003 - ro@suse.de + +- fixed requires lines + +------------------------------------------------------------------- +Mon May 26 16:00:43 CEST 2003 - rhafer@suse.de + +- don't link back-ldap against librewrite.a, it's already linked + into slapd (package should build on non-i386 Archs again) + +------------------------------------------------------------------- +Fri May 23 14:35:49 CEST 2003 - rhafer@suse.de + +- fixed dynamic build of back-ldap +- new subpackage back-ldap + +------------------------------------------------------------------- +Tue May 20 11:04:50 CEST 2003 - rhafer@suse.de + +- updated to version 2.1.20 +- enabled dynamic backend modules +- new subpackages back-perl, back-meta and back-monitor +- remove unpacked files from BuildRoot + +------------------------------------------------------------------- +Fri May 9 14:23:45 CEST 2003 - rhafer@suse.de + +- updated to version 2.1.19 + +------------------------------------------------------------------- +Wed Apr 16 00:34:31 CEST 2003 - ro@suse.de + +- fixed requires for devel-package ... + +------------------------------------------------------------------- +Tue Apr 15 10:18:11 CEST 2003 - ro@suse.de + +- fixed neededforbuild + +------------------------------------------------------------------- +Thu Feb 13 12:13:23 CET 2003 - kukuk@suse.de + +- Enable IPv6 again + +------------------------------------------------------------------- +Tue Feb 11 19:02:14 CET 2003 - rhafer@suse.de + +- added /etc/openldap to filelist + +------------------------------------------------------------------- +Mon Feb 3 16:42:47 CET 2003 - rhafer@suse.de + +- switch default backend to ldbm + +------------------------------------------------------------------- +Sun Feb 2 23:58:34 CET 2003 - ro@suse.de + +- fixed requires for devel package (cyrus-sasl2-devel) + +------------------------------------------------------------------- +Fri Jan 31 08:58:39 CET 2003 - rhafer@suse.de + +- liblber.dif: Fixes two bugs in liblber by which remote attackers + could crash the LDAP server (Bugzilla #22469, OpenLDAP ITS #2275 + and #2280) + +------------------------------------------------------------------- +Tue Jan 14 11:53:11 CET 2003 - choeger@suse.de + +- build using sasl2 + +------------------------------------------------------------------- +Mon Jan 13 12:23:31 CET 2003 - rhafer@suse.de + +- updated to version 2.1.12 +- added metadata to sysconfig template (Bug: #22666) + +------------------------------------------------------------------- +Thu Nov 28 14:42:06 CET 2002 - rhafer@suse.de + +- updated to version 2.1.8 +- added additional fix of 64bit archs +- added secpatch.dif to fix setuid issues in libldap + +------------------------------------------------------------------- +Fri Sep 6 11:11:07 CEST 2002 - rhafer@suse.de + +- fix for Bugzilla ID #18981, chown to OPENLDAP_USER didn't work + with multiple database backend directories + +------------------------------------------------------------------- +Mon Sep 2 18:02:03 CEST 2002 - rhafer@suse.de + +- removed damoenstart_ipv6.diff and disabled IPv6 support due to + massive problems with nss_ldap + +------------------------------------------------------------------- +Mon Aug 26 19:37:32 CEST 2002 - rhafer@suse.de + +- ldap_user.dif: slapd is now run a the user/group ldap (Bugzilla + ID#17697) + +------------------------------------------------------------------- +Fri Aug 23 13:54:15 CEST 2002 - rhafer@suse.de + +- updated to version 2.1.4, which fixes tons of bugs +- added damoenstart_ipv6.diff (slapd was not starting when + configured to listen on IPv4 and IPv6 interfaces, as done by the + start script) +- added README.SuSE with some hints about the bdb-backend +- updated filelist to include only the man pages of the backends, + that were built + +------------------------------------------------------------------- +Thu Aug 15 15:56:09 CEST 2002 - rhafer@suse.de + +- removed termcap and readline from neededforbuild + +------------------------------------------------------------------- +Thu Aug 8 11:21:36 CEST 2002 - rhafer@suse.de + +- enabled {CRYPT} passwords +- update filelist (added new manpages) + +------------------------------------------------------------------- +Thu Jul 25 15:58:03 CEST 2002 - rhafer@suse.de + +- patches for 64 bit architectures + +------------------------------------------------------------------- +Fri Jul 19 11:28:28 CEST 2002 - rhafer@suse.de + +- update to 2.1.3 + +------------------------------------------------------------------- +Fri Jul 5 13:26:17 CEST 2002 - kukuk@suse.de + +- fix openldap2-devel requires + +------------------------------------------------------------------- +Thu Jul 4 10:29:03 CEST 2002 - rhafer@suse.de + +- switched back from cyrus-sasl2 to cyrus-sasl + +------------------------------------------------------------------- +Wed Jul 3 13:30:23 CEST 2002 - rhafer@suse.de + +- updated to OpenLDAP 2.1.2 +- added the OpenLDAP Administration Guide +- enabled additional backends (ldap, meta, monitor) + +------------------------------------------------------------------- +Mon Jun 10 21:59:35 CEST 2002 - olh@suse.de + +- hack build/ltconfig to build shared libs on ppc64 + +------------------------------------------------------------------- +Wed Jun 5 18:25:51 CEST 2002 - rhafer@suse.de + +- created /etc/sysconfig/openldap and OPENLDAP_START_LDAPS variable + to enable ldap over ssl support + +------------------------------------------------------------------- +Thu Mar 7 16:27:15 CET 2002 - rhafer@suse.de + +- Fix for Bugzilla ID#14569 (added cyrus-sasl-devel openssl-devel + to the "Requires" Section of the -devel subpackage) + +------------------------------------------------------------------- +Mon Feb 18 13:06:10 CET 2002 - rhafer@suse.de + +- updated to the latest STABLE release (2.0.23) which fixes some + nasty bugs see ITS #1562,#1582,#1577,#1578 + +------------------------------------------------------------------- +Thu Feb 7 14:13:25 CET 2002 - rhafer@suse.de + +- updated to the latest release (which fixes a index corruption + bug) +- cleanup in neededforbuild +- small fixes for the init-scripts + +------------------------------------------------------------------- +Thu Jan 17 13:51:28 CET 2002 - rhafer@suse.de + +- updated to the latest stable release (2.0.21) + +------------------------------------------------------------------- +Wed Jan 16 18:36:12 CET 2002 - egmont@suselinux.hu + +- removed periods and colons from startup/shutdown messages + +------------------------------------------------------------------- +Tue Jan 15 15:31:09 CET 2002 - rhafer@suse.de + +- updated to v2.0.20 (which fixes a security hole in ACL + processing) + +------------------------------------------------------------------- +Fri Jan 11 15:54:51 CET 2002 - rhafer@suse.de + +- converted archive to bzip2 +- makes use of %{_libdir} now +- set CFLAGS to -O0 for archs ia64, s390(x) and alpha otherwise + the test suite fails on these archs +- changed slapd.conf to store the database under /var/lib/ldap + (this patch was missing in the last versions by accident) + +------------------------------------------------------------------- +Mon Jan 7 16:41:32 CET 2002 - rhafer@suse.de + +- update to v2.0.19 + +------------------------------------------------------------------- +Thu Dec 6 14:51:56 CET 2001 - rhafer@suse.de + +- eliminated START_LDAP, START_SLURPD variables in rc.config +- created separate init script for slurpd +- moved init scripts from dif to separate source tgz + +------------------------------------------------------------------- +Fri Oct 26 10:36:06 CEST 2001 - choeger@suse.de + +- update to v2.0.18 + +------------------------------------------------------------------- +Mon Oct 15 10:00:06 CEST 2001 - choeger@suse.de + +- update to v2.0.17 + added a sleep to the restart section + moved some manpages to the client package + +------------------------------------------------------------------- +Mon Oct 1 18:38:14 CEST 2001 - choeger@suse.de + +- update to v2.0.15 + +------------------------------------------------------------------- +Wed Sep 12 09:53:03 CEST 2001 - choeger@suse.de + +- backported the full bugfix from openldap-2.0.14 + +------------------------------------------------------------------- +Tue Sep 11 11:36:20 CEST 2001 - choeger@suse.de + +- Bugfix for slurpd millionth second bug (ITS#1323) + +------------------------------------------------------------------- +Mon Sep 10 09:06:40 CEST 2001 - choeger@suse.de + +- moved ldapfilter.conf ldaptemplates.conf ldapsearchprefs.conf + to openldap2-client package + +------------------------------------------------------------------- +Mon Sep 3 09:31:21 CEST 2001 - choeger@suse.de + +- update to version 2.0.12 + +------------------------------------------------------------------- +Mon Jul 2 10:52:22 CEST 2001 - choeger@suse.de + +- bugfix: init script was not LSB compliant, Bugzilla ID#9072 + +------------------------------------------------------------------- +Tue Jun 19 16:18:54 CEST 2001 - ro@suse.de + +- fixed for autoconf again + +------------------------------------------------------------------- +Fri Jun 15 10:23:24 CEST 2001 - choeger@suse.de + +- update to 2.0.11 +- removed autoconf in specfile, because it doesn't work + +------------------------------------------------------------------- +Wed May 23 11:43:08 CEST 2001 - choeger@suse.de + +- update to version 2.0.10 (minor fixes) + +------------------------------------------------------------------- +Tue May 22 11:33:58 CEST 2001 - choeger@suse.de + +- update to version 2.0.9 + +------------------------------------------------------------------- +Mon Apr 23 15:55:32 CEST 2001 - choeger@suse.de + +- removed kerberos support +- added aci support + +------------------------------------------------------------------- +Fri Apr 20 11:52:14 CEST 2001 - choeger@suse.de + +- added kerberos support + +------------------------------------------------------------------- +Thu Apr 5 13:47:51 CEST 2001 - choeger@suse.de + +- moved section 5 and 8 manpages to the server part of package + +------------------------------------------------------------------- +Wed Mar 14 18:17:50 CET 2001 - kukuk@suse.de + +- Move *.so links into -devel package +- -devel requires -client + +------------------------------------------------------------------- +Thu Mar 8 10:51:05 CET 2001 - choeger@suse.de + +- split up into openldap2-client and -devel + +------------------------------------------------------------------- +Tue Feb 27 11:20:53 CET 2001 - ro@suse.de + +- changed neededforbuild to + +------------------------------------------------------------------- +Fri Feb 23 00:10:25 CET 2001 - ro@suse.de + +- added readline/readline-devel to neededforbuild (split from bash) + +------------------------------------------------------------------- +Thu Jan 4 14:03:17 CET 2001 - choeger@suse.de + +- bugfix: slapd.conf rename /var/lib/openldap-ldbm to + /var/lib/ldap + init script: use $remote_fs + +------------------------------------------------------------------- +Tue Jan 2 10:38:20 CET 2001 - olh@suse.de + +- use script name in %post + +------------------------------------------------------------------- +Thu Dec 7 15:01:53 CET 2000 - choeger@suse.de + +- bugfix from Andreas Jaeger: + workaround for glibc2.2, detach + +------------------------------------------------------------------- +Fri Dec 1 15:23:45 CET 2000 - ro@suse.de + +- hacked configure for apparently broken pthread + +------------------------------------------------------------------- +Fri Dec 1 02:28:54 CET 2000 - ro@suse.de + +- fixed spec + +------------------------------------------------------------------- +Thu Nov 23 11:27:07 CET 2000 - choeger@suse.de + +- made configs %config(noreplace) (Bug 4112) +- fixed neededforbuild + +------------------------------------------------------------------- +Wed Nov 22 11:37:22 CET 2000 - choeger@suse.de + +- adopted new init scheme + +------------------------------------------------------------------- +Wed Nov 15 16:24:48 CET 2000 - choeger@suse.de + +- fixed neededforbuild + +------------------------------------------------------------------- +Fri Nov 10 16:32:57 CET 2000 - choeger@suse.de + +- added buildroot + +------------------------------------------------------------------- +Tue Nov 7 18:52:54 CET 2000 - choeger@suse.de + +- long package name +- new version, 2.0.7 + +------------------------------------------------------------------- +Fri Oct 6 11:35:47 CEST 2000 - choeger@suse.de + +- first package of openldap2 (v2.0.6) + diff --git a/openldap2.dif b/openldap2.dif new file mode 100644 index 0000000..0e2ce87 --- /dev/null +++ b/openldap2.dif @@ -0,0 +1,44 @@ +--- build/top.mk ++++ build/top.mk +@@ -39,7 +39,7 @@ + libexecdir = @libexecdir@ + localstatedir = @localstatedir@ + mandir = @mandir@ +-moduledir = @libexecdir@$(ldap_subdir) ++moduledir = @libexecdir@/modules + sbindir = @sbindir@ + sharedstatedir = @sharedstatedir@ + sysconfdir = @sysconfdir@$(ldap_subdir) +@@ -58,7 +58,7 @@ + INSTALL_DATA = $(INSTALL) -m 644 + INSTALL_SCRIPT = $(INSTALL) + +-STRIP = -s ++#STRIP = -s + + LINT = lint + 5LINT = 5lint +--- configure.in ++++ configure.in +@@ -64,7 +64,9 @@ + dnl we try not to use this for much + AC_CANONICAL_TARGET([]) + +-AM_INIT_AUTOMAKE([$OL_PACKAGE],[$OL_VERSION], [no defines])dnl ++AC_PROG_MAKE_SET ++PACKAGE=$OL_PACKAGE ++VERSION=$OL_VERSION + AC_SUBST(PACKAGE)dnl + AC_SUBST(VERSION)dnl + AC_DEFINE_UNQUOTED(OPENLDAP_PACKAGE,"$PACKAGE",Package) +--- servers/slapd/aclparse.c ++++ servers/slapd/aclparse.c +@@ -662,7 +662,7 @@ + if ( rc != LDAP_SUCCESS ) { + char buf[ SLAP_TEXT_BUFLEN ]; + +- snprintf( buf, sizeof( buf ), "%s: line %d: " ++ snprintf( buf, sizeof( buf ), + " attr \"%s\" normalization failed (%d: %s)", + fname, lineno, + a->acl_attrs[ 0 ].an_name.bv_val, rc, text ); diff --git a/openldap2.spec b/openldap2.spec new file mode 100644 index 0000000..aac4f49 --- /dev/null +++ b/openldap2.spec @@ -0,0 +1,850 @@ +# +# spec file for package openldap2 (Version 2.3.27) +# +# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. +# This file and all modifications and additions to the pristine +# package are under the same license as the package itself. +# +# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# + +# norootforbuild + +Name: openldap2 +BuildRequires: cyrus-sasl-devel db-devel db42-devel krb5-devel openslp-devel openssl-devel tcpd-devel +URL: http://www.openldap.org +License: BSD License and BSD-like +%if "%{name}" == "openldap2" +Group: Productivity/Networking/LDAP/Servers +Provides: ldap2 openldap2-back-ldap openldap2-back-monitor +Obsoletes: openldap2-back-ldap openldap2-back-monitor +Conflicts: openldap +PreReq: %insserv_prereq %fillup_prereq /usr/sbin/useradd /usr/sbin/groupadd /usr/bin/strings /usr/bin/awk /usr/bin/grep +Summary: The New OpenLDAP Server (LDAPv3) +%else +Group: Productivity/Networking/LDAP/Servers +Conflicts: openldap-client +Summary: The New OpenLDAP Server (LDAPv3) +%endif +Autoreqprov: on +Version: 2.3.27 +Release: 23 +Source: openldap-%{version}.tar.bz2 +Source1: openldap-rc.tgz +Source2: openldap-admin-guide.tar.bz2 +Source3: addonschema.tar.gz +Source4: DB_CONFIG +Source5: sasl-slapd.conf +Patch: openldap2.dif +Patch1: secpatch.dif +Patch2: slapd_conf.dif +Patch3: ldap_conf.dif +Patch4: ldapi_url.dif +Patch5: openldap-ntlm.diff +Patch6: libldap-gethostbyname_r.dif +Patch7: pie-compile.dif +Patch8: libldap-manpages.dif +Patch9: slapd_chain_return_error.dif +Patch10: back-perl-init.dif +Patch11: libldap-sasl_bind-assert.dif +BuildRoot: %{_tmppath}/%{name}-%{version}-build +Prefix: %{_prefix} + +%description +The Lightweight Directory Access Protocol (LDAP) is used to access +online directory services. It runs directly over TCP and can be used to +access a stand-alone LDAP directory service or to access a directory +service that has an X.500 back-end. + + + +Authors: +-------- + The OpenLDAP Project + +%if "%{name}" == "openldap2" +%package -n openldap2-back-perl +Summary: OpenLDAP Perl Back-End +Requires: openldap2 = %{version} +Autoreqprov: on +Group: Productivity/Networking/LDAP/Servers + +%description -n openldap2-back-perl +The OpenLDAP Perl back-end allows you to execute Perl code specific to +different LDAP operations. + + + +Authors: +-------- + The OpenLDAP Project + +%package -n openldap2-back-meta +Summary: OpenLDAP Meta Back-End +Requires: openldap2 = %{version} +Autoreqprov: on +Group: Productivity/Networking/LDAP/Servers +Provides: openldap2:/usr/share/man/man5/slapd-meta.5.gz + +%description -n openldap2-back-meta +The OpenLDAP Meta back-end is able to perform basic LDAP proxying with +respect to a set of remote LDAP servers. The information contained in +these servers can be presented as belonging to a single Directory +Information Tree (DIT). + + + +Authors: +-------- + The OpenLDAP Project + +%else +%package -n openldap2-devel +Summary: Libraries, Header Files and Documentation for OpenLDAP2 +Autoreqprov: on +Conflicts: openldap-devel +Requires: openldap2-client = %{version} cyrus-sasl-devel openssl-devel +Group: Development/Libraries/C and C++ + +%description -n openldap2-devel +This package provides the OpenLDAP2 libraries, header files, and +documentation. + + + +Authors: +-------- + The OpenLDAP Project + +%endif +%prep +%setup -q -n openldap-%{version} -a1 -a2 -a3 +%patch +%patch1 +%patch2 +%patch3 +%patch4 +%patch5 +%patch6 +%if %suse_version > 920 +%patch7 +%endif +%patch8 -p1 +%patch9 -p1 +%patch10 +%patch11 + +%build +%{?suse_update_config:%{suse_update_config -f build}} +libtoolize --force +autoreconf +export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -DLDAP_DEPRECATED -DLDAP_CONNECTIONLESS" +./configure --prefix=/usr \ + --exec-prefix=/usr \ + --sysconfdir=/etc \ + --localstatedir=/var/run/slapd \ + --libexecdir=/usr/lib/openldap \ + --libdir=%{_libdir} \ + --mandir=%{_mandir} \ + --enable-wrappers \ + --enable-aclgroups \ + --enable-spasswd \ + --enable-modules \ + --enable-shared \ + --enable-dynamic \ + --with-tls \ + --with-cyrus-sasl \ + --enable-crypt \ + --enable-ipv6=yes \ +%if "%{name}" == "openldap2" + --enable-aci \ + --enable-bdb \ + --enable-hdb \ + --enable-ldbm \ + --enable-rewrite \ + --enable-ldap=yes \ + --enable-meta=mod \ + --enable-monitor=yes \ + --enable-perl=mod \ + --enable-slp \ + --enable-overlays=yes \ +%else + --disable-slapd \ +%endif + --enable-lmpasswd \ + --with-yielding-select +make depend +make %{?jobs:-j%jobs} +rm tests/scripts/test022-ppolicy +rm tests/scripts/test036-meta-concurrency +rm tests/scripts/test039-glue-ldap-concurrency +# calculate the base port to be use in the test-suite +SLAPD_BASEPORT=10000 +if [ -f /.buildenv ] ; then + . /.buildenv + SLAPD_BASEPORT=$(($SLAPD_BASEPORT + $BUILD_INCARNATION * 10)) +fi +export SLAPD_BASEPORT +%ifnarch %arm alpha +make test +%endif + +%install +#[ "$RPM_BUILD_ROOT" != "/" ] && [ -d $RPM_BUILD_ROOT ] && rm -rf $RPM_BUILD_ROOT; +mkdir -p $RPM_BUILD_ROOT/etc/init.d +mkdir -p $RPM_BUILD_ROOT/usr/sbin +make DESTDIR=$RPM_BUILD_ROOT install +install -m 755 rc.ldap $RPM_BUILD_ROOT/etc/init.d/ldap +install -m 755 rc.slurpd $RPM_BUILD_ROOT/etc/init.d/slurpd +ln -sf ../../etc/init.d/ldap $RPM_BUILD_ROOT/usr/sbin/rcldap +ln -sf ../../etc/init.d/slurpd $RPM_BUILD_ROOT/usr/sbin/rcslurpd +mkdir -p $RPM_BUILD_ROOT/etc/sasl2 +install -m 644 %{SOURCE5} $RPM_BUILD_ROOT/etc/sasl2/slapd.conf +install -m 755 -d $RPM_BUILD_ROOT/var/lib/ldap +install -m 700 -d $RPM_BUILD_ROOT/var/lib/slurpd +chmod a+x $RPM_BUILD_ROOT/%{_libdir}/liblber.so* +chmod a+x $RPM_BUILD_ROOT/%{_libdir}/libldap_r.so* +chmod a+x $RPM_BUILD_ROOT/%{_libdir}/libldap.so* +%if "%{name}" == "openldap2" +mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates +install -m 644 sysconfig.openldap $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.openldap +install -m 644 *.schema $RPM_BUILD_ROOT/etc/openldap/schema +install -m 644 $RPM_SOURCE_DIR/DB_CONFIG $RPM_BUILD_ROOT/var/lib/ldap/DB_CONFIG +install -m 644 $RPM_BUILD_ROOT/etc/openldap/DB_CONFIG.example $RPM_BUILD_ROOT/var/lib/ldap/DB_CONFIG.example +rm -f $RPM_BUILD_ROOT/etc/openldap/DB_CONFIG.example +rm -f $RPM_BUILD_ROOT/var/run/slapd/openldap-data/DB_CONFIG.example +%endif +rm -f $RPM_BUILD_ROOT/usr/lib/openldap/modules/*.a +rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-dnssrv.5 +rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-null.5 +rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-passwd.5 +rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-shell.5 +rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-sql.5 +rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-tcl.5 +# Remove *.la files, libtool does not handle this correct +rm -f $RPM_BUILD_ROOT%{_libdir}/lib*.la +# +#put filelists into files +cat >openldap2.filelist < openldap2-client.filelist < openldap2-devel.filelist < openldap2-back-perl.filelist < openldap2-back-meta.filelist < /dev/null || : +/usr/sbin/useradd -r -o -g ldap -u 76 -s /bin/bash -c "User for OpenLDAP" -d \ +/var/lib/ldap ldap 2> /dev/null || : + +%post +if [ ${1:-0} -gt 1 ] && [ -f %{_libdir}/sasl2/slapd.conf ] ; then + cp /etc/sasl2/slapd.conf /etc/sasl2/slapd.conf.rpmnew + cp %{_libdir}/sasl2/slapd.conf /etc/sasl2/slapd.conf +fi +%{fillup_and_insserv -n -s openldap ldap START_LDAP slurpd START_SLURPD} +%{remove_and_set -n openldap OPENLDAP_RUN_DB_RECOVER} + +%preun +%stop_on_removal ldap slurpd + +%postun +%restart_on_update ldap slurpd +%insserv_cleanup + +%files -f openldap2.filelist +%defattr(-,root,root) + +%files -n openldap2-back-perl -f openldap2-back-perl.filelist +%defattr(-,root,root) + +%files -n openldap2-back-meta -f openldap2-back-meta.filelist +%defattr(-,root,root) +%else + +%files -f openldap2-client.filelist +%defattr(-,root,root) + +%files -n openldap2-devel -f openldap2-devel.filelist +%defattr(-,root,root) +%endif + +%changelog -n openldap2 +* Fri Nov 17 2006 - rhafer@suse.de +- Fix for a flaw in libldap's strval2strlen() function when processing the + authcid string of certain Bind Requests, which could allow attackers to + cause an affected application to crash (especially the OpenLDAP Server), + creating a denial of service condition (Bug#221154,ITS#4740) +* Tue Nov 14 2006 - rhafer@suse.de +- Additional back-perl fixes from CVS. The first revision of the + patch did not fix the problem completely (Bug#207618, ITS#4751) +* Fri Oct 27 2006 - rhafer@suse.de +- cyrus-sasl configuration moved from %%{_libdir}/sasl2 to + /etc/sasl2/ (Bug: #206414) +* Wed Oct 04 2006 - rhafer@suse.de +- Add $network to Should-Start/Should-Stop in init scripts + (Bug: #206823) +- Imported latest back-perl changes from CVS, to fix back-perl + initialization (Bug: #207618) +* Tue Aug 22 2006 - rhafer@suse.de +- Updated to Version 2.3.27 + * Fixed libldap dnssrv bug with "not present" positive statement + (ITS#4610) + * Fixed libldap dangling pointer issue (ITS#4405) + * Fixed slapd incorrect rebuilding of replica URI (ITS#4633) + * Fixed slapd DN X.509 normalization crash (ITS#4644) + * Fixed slapd-monitor operations order via callbacks (ITS#4631) + * Fixed slapo-accesslog purge task during shutdown + * Fixed slapo-ppolicy handling of default policy (ITS#4634) + * Fixed slapo-ppolicy logging verbosity when using default policy + * Fixed slapo-syncprov incomplete sync on restart issues (ITS#4622) +* Wed Aug 02 2006 - rhafer@suse.de +- Updated to Version 2.3.25 + * Add libldap_r TLS concurrency workaround (ITS#4583) + * Fixed slapd acl selfwrite bug (ITS#4587) + * Fixed various syncrepl and slapo-syncprov bugs (ITS#4582, 4622, + 4534,4613, 4589) + * Fixed slapd-bdb/hdb lock bug with virtual root (ITS#4572) + * Fixed slapd-bdb/hdb modrdn new entry disappearing bug (ITS#4616) + * Fixed slapd-bdb/hdb cache job issue + * Fixed slapo-ppolicy password hashing bug (ITS#4575) + * Fixed slapo-ppolicy password modify pwdMustChange reset bug (ITS#4576) + * Fixed slapo-ppolicy control can be critical (ITS#4596) +- Enabled CLDAP (LDAP over UDP) support +* Mon Jun 26 2006 - rhafer@suse.de +- Updated to Version 2.3.24 + * Fixed slapd syncrepl timestamp bug (delta-sync/cascade) + (ITS#4567) + * Fixed slapd-bdb/hdb non-root users adding suffix/root entries + (ITS#4552) + * Re-fixed slapd-ldap improper free bug in exop (ITS#4550) + * Fixed slapd-ldif assert bug (ITS#4568) + * Fixed slapo-syncprov crash under glued database (ITS#4562) +- cleaned up SLES10 update specific stuff +- added "chain-return-error" feature from HEAD to chain overlay + (ITS#4570) +* Thu Jun 22 2006 - schwab@suse.de +- Don't use automake macros without using automake. +* Wed May 24 2006 - rhafer@suse.de +- Updated to Version 2.3.23 + * obsoletes the patches: libldap_ads-sasl-gssapi.dif, + slapd-epollerr.dif + * Fixed slapd-ldap improper free bug (ITS#4550) + * Fixed libldap referral input destroy issue (ITS#4533) + * Fixed libldap ldap_sort_entries tail bug (ITS#4536) + * Fixed slapd runqueue use of freed memory (ITS#4517) + * Fixed slapd thread pool init issue (ITS#4513) + * Fixed slapd-bdb/hdb pre/post-read freeing (ITS#4532) + * Fixed slapd-bdb/hdb pre/post-read unavailable issue (ITS#4538) + * Fixed slapd-bdb/hdb referral issue (ITS#4548) + * Fixed slapo-ppolicy BER tags issue (ITS#4528) + * Fixed slapo-ppolicy rebind bug (ITS#4516) + * For more details see the CHANGES file +- Install CHANGES file to /usr/share/doc/packages/openldap2 +* Wed May 10 2006 - rhafer@suse.de +- Really apply the patch for Bug#160566 +- slapd could crash while processing queries with pre-/postread + controls (Bug#173877, ITS#4532) +* Fri Mar 24 2006 - rhafer@suse.de +- Backported fix from CVS for occasional crashes in referral + chasing code (as used in e.g. back-meta/back-ldap). + (Bug: #160566, ITS: #4448) +* Mon Mar 13 2006 - rhafer@suse.de +- openldap2 must obsolete -back-monitor and -back-ldap to have them + removed during update (Bug: #157576) +* Fri Feb 17 2006 - rhafer@suse.de +- Add "external" to the list of supported SASL mechanisms + (Bug: #151771) +* Thu Feb 16 2006 - rhafer@suse.de +- Error out when conversion from old configfile to config database + fails (Bug: #135484,#135490 ITS: #4407) +* Mon Feb 13 2006 - rhafer@suse.de +- Don't ignore non-read/write epoll events (Bug: #149993, + ITS: #4395) +- Added update message to /usr/share/update-messages/en/ and enable + it, when update did not succeed. +* Thu Feb 09 2006 - rhafer@suse.de +- OPENLDAP_CHOWN_DIRS honors databases defined in include files + (Bug: #135473) +- Fixed version numbers in README.update +- Fixed GSSAPI binds against Active Directory (Bug: #149390) +* Fri Feb 03 2006 - rhafer@suse.de +- Cleaned up update procedure +- man-pages updates and fixes (Fate: #6365) +* Fri Jan 27 2006 - rhafer@suse.de +- Updated to 2.3.19 (Bug #144371) +* Fri Jan 27 2006 - mls@suse.de +- converted neededforbuild to BuildRequires +* Wed Jan 25 2006 - rhafer@suse.de +- Updated Admin Guide to latest version +- build slapcat from openldap-2.2.24 and install it to + /usr/sbin/openldap-2.2-slapcat to be able to migrate from + OpenLDAP 2.2. +- removed slapd-backbdb-dbupgrade which is no longer needed +- attempt to dump/reload bdb databases in %%{post} +- Update notes in README.update +* Fri Jan 13 2006 - rhafer@suse.de +- New sysconfig variable OPENLDAP_KRB5_KEYTAB +- Cleanup in default configuration and init scripts +* Wed Jan 11 2006 - rhafer@suse.de +- Updated to 2.3.17 +- Remove OPENLDAP_RUN_DB_RECOVER from sysconfig file in %%post + slapd does now automatically recover the database if needed +- Removed unneeded README.SuSE +- Small adjustments to the default DB_CONFIG file +* Mon Jan 09 2006 - rhafer@suse.de +- Updated to 2.3.16 +* Mon Dec 19 2005 - rhafer@suse.de +- Fixed filelist (slapd-hdb man-page was missing) +* Fri Dec 09 2005 - rhafer@suse.de +- Fixed build on x86_64 +* Wed Dec 07 2005 - rhafer@suse.de +- Merged -back-ldap and -back-monitor subpackages into the main + package and don't build them as dynamic modules anymore. +- updated to OpenLDAP 2.3.13 +* Mon Nov 28 2005 - rhafer@suse.de +- updated to OpenLDAP 2.3.12 +* Wed Oct 26 2005 - rhafer@suse.de +- updated to OpenLDAP 2.3.11 +- removed the "LDAP_DEPRECATED" workaround +* Mon Sep 26 2005 - rhafer@suse.de +- Add "LDAP_DEPRECATED" to ldap.h for now +* Fri Sep 23 2005 - rhafer@suse.de +- updated to OpenLDAP 2.3.7 +* Tue Aug 16 2005 - rhafer@suse.de +- allow start_tls while chasing referrals (Bug #94355, ITS #3791) +* Mon Jul 04 2005 - rhafer@suse.de +- devel-subpackage requires openldap2-client of the same version + (Bugzilla: #93579) +* Thu Jun 30 2005 - uli@suse.de +- build with -fPIE (not -fpie) to avoid GOT overflow on s390* +* Wed Jun 22 2005 - rhafer@suse.de +- build the server packages with -fpie/-pie +* Wed Jun 15 2005 - rhafer@suse.de +- updated to 2.2.27 +* Wed May 25 2005 - rhafer@suse.de +- libldap-gethostbyname_r.dif: Use gethostbyname_r instead of + gethostbyname in libldap. Should fix host lookups through + nss_ldap (Bugzilla: #76173) +* Fri May 13 2005 - rhafer@suse.de +- Updated to 2.2.26 +- made /%%{_libdir}]/sasl2/slapd.conf %%config(noreplace) +* Thu Apr 28 2005 - rhafer@suse.de +- Added /%%{_libdir}]/sasl2/slapd.conf to avoid warnings about + unconfigured OTP mechanism (Bugzilla: #80588) +* Tue Apr 12 2005 - rhafer@suse.de +- added minimal timeout to startproc in init-script to let it + report the "failed" status correctly in case of misconfiguration + (Bugzilla: #76393) +* Mon Apr 04 2005 - rhafer@suse.de +- crl-check.dif: Implements CRL checking on client and server side +- use different base ports for differnt values of BUILD_INCARNATION + (/.buildenv) to allow parallel runs of the test-suite on a single + machine +* Mon Apr 04 2005 - uli@suse.de +- force yielding-select test to yes (test occasionally hangs QEMU) +* Fri Apr 01 2005 - uli@suse.de +- disable test suite on ARM (hangs QEMU) +* Tue Mar 29 2005 - rhafer@suse.de +- updated to 2.2.24 +- enabled back-hdb +* Wed Mar 02 2005 - rhafer@suse.de +- syncrepl.dif: merged latest syncrepl fixes (Bugzilla: #65928) +- libldap-reinit-fdset.dif: Re-init fd_sets when select is + interupted (Bugzilla #50076, ITS: #3524) +* Thu Feb 17 2005 - rhafer@suse.de +- checkproc_before_recover.dif: Check if slapd is stopped before + running db_recover from the init script. (Bugzilla: #50962) +* Tue Feb 01 2005 - rhafer@suse.de +- Cleanup back-bdb databases in %%post, db-4.3 changed the + transaction log format again. +- cosmetic fixes in init script +* Tue Jan 25 2005 - rhafer@suse.de +- updated to 2.2.23 +- cleaned up #neededforbuild +- package should also build on older SuSE Linux releases now +- increased killproc timeout in init-script (Bugzilla: #47227) +* Thu Jan 13 2005 - rhafer@suse.de +- updated to 2.2.20 +- Removed unneeded dependencies +* Fri Dec 10 2004 - kukuk@suse.de +- don't install *.la files +* Wed Nov 10 2004 - rhafer@suse.de +- updated to 2.2.18 +- use kerberos-devel-packages in neededforbuild +* Fri Sep 24 2004 - ro@suse.de +- re-arranged specfile to sequence (header (package/descr)* rest) + so the checking parser is not confused ... +* Fri Sep 24 2004 - rhafer@suse.de +- Added pre_checkin.sh to generate a separate openldap2-client + spec-file from which the openldap2-client and openldap2-devel + subpackages are built. Should reduce build time for libldap as + the test-suite is only executed in openldap2.spec. +* Fri Sep 10 2004 - rhafer@suse.de +- libldap-result.dif: ldapsearch was hanging in select() when + retrieving results from eDirectory through a StartTLS protected + connection (Bugzilla #44942) +* Mon Aug 09 2004 - dobey@suse.de +- added ntlm support +* Tue Aug 03 2004 - rhafer@suse.de +- updated to 2.2.16 +- Updated ACLs in slapd_conf.dif to disable default read access + to the "userPKCS12" Attribute +- rc-check-conn.diff: When starting slapd wait until is accepts + connections, or 10 seconds at maximum (Bugzilla #41354) +- Backported -o slp={on|off} feature from OpenLDAP Head and added + new sysconfig variable (OPENLDAP_REGISTER_SLP) to be able + to switch SLP registration on and off. (Bugzilla #39865) +- removed unneeded README.update +* Fri Apr 30 2004 - rhafer@suse.de +- updated to 2.2.11 +- remove SLES8 update specific stuff +- Bugzilla #39652: Updated slapd_conf.dif to contain basic access + control +- Bugzilla #39468: Added missing items to yast.schema +- fixed strict-aliasing compiler warnings (strict-aliasing.dif) +* Thu Apr 29 2004 - coolo@suse.de +- build with several jobs if available +* Mon Apr 19 2004 - rhafer@suse.de +- ldapi_url.dif: Fixed paths for LDAPI-socket, pid-file and + args-file (Bugzilla #38790) +- ldbm_modrdn.dif: Fixed back-ldbm modrdn indexing bug (ITS #3059, + Bugzilla #38915) +- modify_check_duplicates.dif: check for duplicate attribute + values in modify requests (ITS #3066/#3097, Bugzilla #38607) +- updated and renamed yast2userconfig.schema to yast.schema as it + contains more that only user configuration now +- syncrepl.dif: addtional fixes for syncrepl (ITS #3055, #3056) +- test_syncrepl_timeout: increased sleep timeout in syncrepl + testsuite +* Thu Apr 01 2004 - rhafer@suse.de +- added "TLS_REQCERT allow" to /etc/openldap/ldap.conf, to make + START_TLS work without access to the CA Certificate. + (Bugzilla: #37393) +* Fri Mar 26 2004 - rhafer@suse.de +- fixed filelist +- check-build.sh (build on kernel >= 2.6.4 hosts only) +- yast2user.schema / slapd.conf fixed (#37076) +- don't check for TLS-options is init-script anymore (#33560) +- fixed various typos in README.update +* Wed Mar 17 2004 - rhafer@suse.de +- fixed build of openldap-2.1-slapcat (using correct db41 include + files, build backends as on sles8) +- attempt to update bdb database and reindex ldbm database in %%{post} +- Update notes in README.update +- better default configuration (including default DB_CONFIG file) +- misc updates for the YaST schema +- fixed crasher in syncrepl-code (syncrepl.dif) +* Tue Mar 16 2004 - schwab@suse.de +- Fix type mismatch. +* Tue Mar 02 2004 - rhafer@suse.de +- updated to 2.2.6 +- build a openldap-2.1-slapcat from 2.1.25 sources to be able to + migrate from SLES8 and SL 9.0 +* Thu Feb 19 2004 - ro@suse.de +- added check-build.sh (build on 2.6 hosts only) +* Thu Feb 05 2004 - rhafer@suse.de +- updated to 2.2.5 +- adjusted rfc2307bis.schema to support UTF-8 values in most + attributes +- enabled proxycache-overlay (wiht fix to work with back-ldbm) +* Tue Jan 13 2004 - rhafer@suse.de +- updated to 2.2.4 +- updated Admin Guide to most recent version +* Sat Jan 10 2004 - adrian@suse.de +- add %%defattr +- fix build as user +* Mon Dec 08 2003 - rhafer@suse.de +- updated to 2.1.25 +- small fixes for the YaST user schema +* Tue Nov 11 2003 - rhafer@suse.de +- enabled SLP-support +* Fri Oct 17 2003 - kukuk@suse.de +- Remove unused des from neededforbuild +* Tue Sep 02 2003 - mt@suse.de +- Bugzilla #29859: fixed typo in sysconfig metadata, + usage of OPENLDAP_LDAPS_INTERFACES in init script +- added /usr/lib/sasl2/slapd.conf permissions handling +- added sysconfig variable OPENLDAP_SLAPD_PARAMS="" + to support additional slapd start parameters +- added sysconfig variable OPENLDAP_START_LDAPI=NO/yes + for ldapi:/// (LDAP over IPC) URLs +* Thu Aug 14 2003 - rhafer@suse.de +- added activation metadata to sysconfig template (Bugzilla #28911) +- removed lint from specfile +* Thu Aug 07 2003 - rhafer@suse.de +- added %%stop_on_removal and %%restart_on_update calls +- bdb_addcnt.dif fixes a possible endless loop in id2entry() +- addonschema.tar.gz: some extra Schema files (YaST, RFC2307bis) +* Wed Jul 16 2003 - rhafer@suse.de +- removed fillup_only and call fillup_and_insserv correctly +- new Options in sysconfig.openldap: OPENLDAP_LDAP_INTERFACES, + OPENLDAP_LDAPS_INTERFACES and OPENLDAP_RUN_DB_RECOVER +* Tue Jul 01 2003 - rhafer@suse.de +- updated to 2.1.22 +- updated Admin Guide to most recent version +- build librewrite with -fPIC +* Mon Jun 16 2003 - rhafer@suse.de +- updated to 2.1.21 +* Wed Jun 11 2003 - ro@suse.de +- fixed requires lines +* Mon May 26 2003 - rhafer@suse.de +- don't link back-ldap against librewrite.a, it's already linked + into slapd (package should build on non-i386 Archs again) +* Fri May 23 2003 - rhafer@suse.de +- fixed dynamic build of back-ldap +- new subpackage back-ldap +* Tue May 20 2003 - rhafer@suse.de +- updated to version 2.1.20 +- enabled dynamic backend modules +- new subpackages back-perl, back-meta and back-monitor +- remove unpacked files from BuildRoot +* Fri May 09 2003 - rhafer@suse.de +- updated to version 2.1.19 +* Wed Apr 16 2003 - ro@suse.de +- fixed requires for devel-package ... +* Tue Apr 15 2003 - ro@suse.de +- fixed neededforbuild +* Thu Feb 13 2003 - kukuk@suse.de +- Enable IPv6 again +* Tue Feb 11 2003 - rhafer@suse.de +- added /etc/openldap to filelist +* Mon Feb 03 2003 - rhafer@suse.de +- switch default backend to ldbm +* Sun Feb 02 2003 - ro@suse.de +- fixed requires for devel package (cyrus-sasl2-devel) +* Fri Jan 31 2003 - rhafer@suse.de +- liblber.dif: Fixes two bugs in liblber by which remote attackers + could crash the LDAP server (Bugzilla #22469, OpenLDAP ITS #2275 + and #2280) +* Tue Jan 14 2003 - choeger@suse.de +- build using sasl2 +* Mon Jan 13 2003 - rhafer@suse.de +- updated to version 2.1.12 +- added metadata to sysconfig template (Bug: #22666) +* Thu Nov 28 2002 - rhafer@suse.de +- updated to version 2.1.8 +- added additional fix of 64bit archs +- added secpatch.dif to fix setuid issues in libldap +* Fri Sep 06 2002 - rhafer@suse.de +- fix for Bugzilla ID #18981, chown to OPENLDAP_USER didn't work + with multiple database backend directories +* Mon Sep 02 2002 - rhafer@suse.de +- removed damoenstart_ipv6.diff and disabled IPv6 support due to + massive problems with nss_ldap +* Mon Aug 26 2002 - rhafer@suse.de +- ldap_user.dif: slapd is now run a the user/group ldap (Bugzilla + ID#17697) +* Fri Aug 23 2002 - rhafer@suse.de +- updated to version 2.1.4, which fixes tons of bugs +- added damoenstart_ipv6.diff (slapd was not starting when + configured to listen on IPv4 and IPv6 interfaces, as done by the + start script) +- added README.SuSE with some hints about the bdb-backend +- updated filelist to include only the man pages of the backends, + that were built +* Thu Aug 15 2002 - rhafer@suse.de +- removed termcap and readline from neededforbuild +* Thu Aug 08 2002 - rhafer@suse.de +- enabled {CRYPT} passwords +- update filelist (added new manpages) +* Thu Jul 25 2002 - rhafer@suse.de +- patches for 64 bit architectures +* Fri Jul 19 2002 - rhafer@suse.de +- update to 2.1.3 +* Fri Jul 05 2002 - kukuk@suse.de +- fix openldap2-devel requires +* Thu Jul 04 2002 - rhafer@suse.de +- switched back from cyrus-sasl2 to cyrus-sasl +* Wed Jul 03 2002 - rhafer@suse.de +- updated to OpenLDAP 2.1.2 +- added the OpenLDAP Administration Guide +- enabled additional backends (ldap, meta, monitor) +* Mon Jun 10 2002 - olh@suse.de +- hack build/ltconfig to build shared libs on ppc64 +* Wed Jun 05 2002 - rhafer@suse.de +- created /etc/sysconfig/openldap and OPENLDAP_START_LDAPS variable + to enable ldap over ssl support +* Thu Mar 07 2002 - rhafer@suse.de +- Fix for Bugzilla ID#14569 (added cyrus-sasl-devel openssl-devel + to the "Requires" Section of the -devel subpackage) +* Mon Feb 18 2002 - rhafer@suse.de +- updated to the latest STABLE release (2.0.23) which fixes some + nasty bugs see ITS #1562,#1582,#1577,#1578 +* Thu Feb 07 2002 - rhafer@suse.de +- updated to the latest release (which fixes a index corruption + bug) +- cleanup in neededforbuild +- small fixes for the init-scripts +* Thu Jan 17 2002 - rhafer@suse.de +- updated to the latest stable release (2.0.21) +* Wed Jan 16 2002 - egmont@suselinux.hu +- removed periods and colons from startup/shutdown messages +* Tue Jan 15 2002 - rhafer@suse.de +- updated to v2.0.20 (which fixes a security hole in ACL + processing) +* Fri Jan 11 2002 - rhafer@suse.de +- converted archive to bzip2 +- makes use of %%{_libdir} now +- set CFLAGS to -O0 for archs ia64, s390(x) and alpha otherwise + the test suite fails on these archs +- changed slapd.conf to store the database under /var/lib/ldap + (this patch was missing in the last versions by accident) +* Mon Jan 07 2002 - rhafer@suse.de +- update to v2.0.19 +* Thu Dec 06 2001 - rhafer@suse.de +- eliminated START_LDAP, START_SLURPD variables in rc.config +- created separate init script for slurpd +- moved init scripts from dif to separate source tgz +* Fri Oct 26 2001 - choeger@suse.de +- update to v2.0.18 +* Mon Oct 15 2001 - choeger@suse.de +- update to v2.0.17 + added a sleep to the restart section + moved some manpages to the client package +* Mon Oct 01 2001 - choeger@suse.de +- update to v2.0.15 +* Wed Sep 12 2001 - choeger@suse.de +- backported the full bugfix from openldap-2.0.14 +* Tue Sep 11 2001 - choeger@suse.de +- Bugfix for slurpd millionth second bug (ITS#1323) +* Mon Sep 10 2001 - choeger@suse.de +- moved ldapfilter.conf ldaptemplates.conf ldapsearchprefs.conf + to openldap2-client package +* Mon Sep 03 2001 - choeger@suse.de +- update to version 2.0.12 +* Mon Jul 02 2001 - choeger@suse.de +- bugfix: init script was not LSB compliant, Bugzilla ID#9072 +* Tue Jun 19 2001 - ro@suse.de +- fixed for autoconf again +* Fri Jun 15 2001 - choeger@suse.de +- update to 2.0.11 +- removed autoconf in specfile, because it doesn't work +* Wed May 23 2001 - choeger@suse.de +- update to version 2.0.10 (minor fixes) +* Tue May 22 2001 - choeger@suse.de +- update to version 2.0.9 +* Mon Apr 23 2001 - choeger@suse.de +- removed kerberos support +- added aci support +* Fri Apr 20 2001 - choeger@suse.de +- added kerberos support +* Thu Apr 05 2001 - choeger@suse.de +- moved section 5 and 8 manpages to the server part of package +* Wed Mar 14 2001 - kukuk@suse.de +- Move *.so links into -devel package +- -devel requires -client +* Thu Mar 08 2001 - choeger@suse.de +- split up into openldap2-client and -devel +* Tue Feb 27 2001 - ro@suse.de +- changed neededforbuild to +* Fri Feb 23 2001 - ro@suse.de +- added readline/readline-devel to neededforbuild (split from bash) +* Thu Jan 04 2001 - choeger@suse.de +- bugfix: slapd.conf rename /var/lib/openldap-ldbm to + /var/lib/ldap + init script: use $remote_fs +* Tue Jan 02 2001 - olh@suse.de +- use script name in %%post +* Thu Dec 07 2000 - choeger@suse.de +- bugfix from Andreas Jaeger: + workaround for glibc2.2, detach +* Fri Dec 01 2000 - ro@suse.de +- hacked configure for apparently broken pthread +* Fri Dec 01 2000 - ro@suse.de +- fixed spec +* Thu Nov 23 2000 - choeger@suse.de +- made configs %%config(noreplace) (Bug 4112) +- fixed neededforbuild +* Wed Nov 22 2000 - choeger@suse.de +- adopted new init scheme +* Wed Nov 15 2000 - choeger@suse.de +- fixed neededforbuild +* Fri Nov 10 2000 - choeger@suse.de +- added buildroot +* Tue Nov 07 2000 - choeger@suse.de +- long package name +- new version, 2.0.7 +* Fri Oct 06 2000 - choeger@suse.de +- first package of openldap2 (v2.0.6) diff --git a/pie-compile.dif b/pie-compile.dif new file mode 100644 index 0000000..388f2b1 --- /dev/null +++ b/pie-compile.dif @@ -0,0 +1,170 @@ +--- build/top.mk 2005/06/22 09:26:29 1.3 ++++ build/top.mk 2005/06/22 12:20:52 +@@ -169,9 +169,9 @@ + WRAP_LIBS = @WRAP_LIBS@ + # AutoConfig generated + AC_CC = @CC@ +-AC_CFLAGS = @CFLAGS@ ++AC_CFLAGS = @CFLAGS@ $(PIE_CFLAGS) + AC_DEFS = @CPPFLAGS@ # @DEFS@ +-AC_LDFLAGS = @LDFLAGS@ ++AC_LDFLAGS = @LDFLAGS@ $(PIE_LDFLAGS) + AC_LIBS = @LIBS@ + + KRB4_LIBS = @KRB4_LIBS@ +--- libraries/liblunicode/Makefile.in 2005/06/22 12:25:47 1.1 ++++ libraries/liblunicode/Makefile.in 2005/06/22 12:26:18 +@@ -29,6 +29,9 @@ + LDAP_INCDIR= ../../include + LDAP_LIBDIR= ../../libraries + ++PIE_CFLAGS="-fPIE" ++PIE_LDFLAGS="-pie" ++ + ucgendat: $(XLIBS) ucgendat.o + $(LTLINK) -o $@ ucgendat.o $(LIBS) + ./ucgendat $(srcdir)/UnicodeData.txt -x $(srcdir)/CompositionExclusions.txt +--- libraries/liblutil/Makefile.in 2005/06/22 12:29:51 1.1 ++++ libraries/liblutil/Makefile.in 2005/06/22 12:30:20 +@@ -19,6 +19,9 @@ + LDAP_INCDIR= ../../include + LDAP_LIBDIR= ../../libraries + ++PIE_CFLAGS="-fPIE" ++PIE_LDFLAGS="-pie" ++ + NT_SRCS = ntservice.c + NT_OBJS = ntservice.o slapdmsg.res + +--- servers/slapd/Makefile.in 2005/06/22 09:28:52 1.1 ++++ servers/slapd/Makefile.in 2005/06/22 10:04:38 +@@ -67,6 +67,9 @@ + + SLAPI_LIBS=@LIBSLAPI@ @SLAPI_LIBS@ + ++PIE_CFLAGS="-fPIE" ++PIE_LDFLAGS="-pie" ++ + XDEFS = $(MODULES_CPPFLAGS) + XLDFLAGS = $(MODULES_LDFLAGS) + +--- servers/slurpd/Makefile.in 2005/06/22 09:28:58 1.1 ++++ servers/slurpd/Makefile.in 2005/06/22 10:05:30 +@@ -38,6 +38,9 @@ + + all-local-srv: $(PROGRAMS) + ++PIE_CFLAGS="-fPIE" ++PIE_LDFLAGS="-pie" ++ + # $(LTHREAD_LIBS) must be last! + XLIBS = $(SLURPD_L) + XXLIBS = $(SLURPD_LIBS) $(SECURITY_LIBS) $(LUTIL_LIBS) +--- servers/slapd/back-bdb/Makefile.in 2005/06/22 10:05:47 1.1 ++++ servers/slapd/back-bdb/Makefile.in 2005/06/22 10:06:22 +@@ -37,6 +37,9 @@ + MOD_DEFS = $(@BUILD_BDB@_DEFS) + MOD_LIBS = $(LDBM_LIBS) + ++PIE_CFLAGS="-fPIE" ++PIE_LDFLAGS="-pie" ++ + shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) + NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) + UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) +--- servers/slapd/back-hdb/Makefile.in 2005/06/22 11:31:01 1.1 ++++ servers/slapd/back-hdb/Makefile.in 2005/06/22 11:31:41 +@@ -39,6 +39,9 @@ + MOD_DEFS = $(@BUILD_HDB@_DEFS) + MOD_LIBS = $(LDBM_LIBS) + ++PIE_CFLAGS="-fPIE" ++PIE_LDFLAGS="-pie" ++ + shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) + NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) + UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) +--- servers/slapd/back-ldbm/Makefile.in 2005/06/22 10:05:41 1.1 ++++ servers/slapd/back-ldbm/Makefile.in 2005/06/22 11:30:52 +@@ -36,6 +36,9 @@ + MOD_DEFS = $(@BUILD_LDBM@_DEFS) + MOD_LIBS = $(LDBM_LIBS) + ++PIE_CFLAGS="-fPIE" ++PIE_LDFLAGS="-pie" ++ + shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) + NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) + UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) +--- servers/slapd/overlays/Makefile.in 2005/06/22 12:35:29 1.1 ++++ servers/slapd/overlays/Makefile.in 2005/06/22 12:35:47 +@@ -19,6 +19,9 @@ + LDAP_INCDIR= ../../../include + LDAP_LIBDIR= ../../../libraries + ++PIE_CFLAGS="-fPIE" ++PIE_LDFLAGS="-pie" ++ + MOD_DEFS = -DSLAPD_IMPORT + + shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) +--- servers/slapd/back-relay/Makefile.in 2005/09/23 09:59:31 1.1 ++++ servers/slapd/back-relay/Makefile.in 2005/09/23 09:59:12 +@@ -24,6 +24,9 @@ + mod_DEFS = -DSLAPD_IMPORT + MOD_DEFS = $(@BUILD_RELAY@_DEFS) + ++PIE_CFLAGS="-fPIE" ++PIE_LDFLAGS="-pie" ++ + shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) + NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) $(REWRITE) + UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) $(REWRITE) +--- servers/slapd/back-ldif/Makefile.in 2005/09/23 09:58:52 1.1 ++++ servers/slapd/back-ldif/Makefile.in 2005/09/23 09:58:54 +@@ -25,6 +25,9 @@ + mod_DEFS = -DSLAPD_IMPORT + MOD_DEFS = $(yes_DEFS) + ++PIE_CFLAGS="-fPIE" ++PIE_LDFLAGS="-pie" ++ + shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) + NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) + UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) +--- libraries/librewrite/Makefile.in 2005/09/23 10:16:37 1.1 ++++ libraries/librewrite/Makefile.in 2005/09/23 10:18:36 +@@ -26,6 +26,9 @@ + LDAP_INCDIR= ../../include + LDAP_LIBDIR= ../../libraries + ++PIE_CFLAGS="-fPIE" ++PIE_LDFLAGS="-pie" ++ + LIBRARY = librewrite.a + PROGRAMS = rewrite + XLIBS = $(LIBRARY) $(LDAP_LIBLUTIL_A) \ +--- servers/slapd/back-ldap/Makefile.in 2005/12/09 08:58:44 1.1 ++++ servers/slapd/back-ldap/Makefile.in 2005/12/09 08:59:28 +@@ -27,6 +27,9 @@ + mod_DEFS = -DSLAPD_IMPORT + MOD_DEFS = $(@BUILD_LDAP@_DEFS) + ++PIE_CFLAGS="-fPIE" ++PIE_LDFLAGS="-pie" ++ + shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) + NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) + UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) +--- servers/slapd/back-monitor/Makefile.in 2005/12/09 08:58:55 1.1 ++++ servers/slapd/back-monitor/Makefile.in 2005/12/09 08:59:48 +@@ -33,6 +33,9 @@ + mod_DEFS = -DSLAPD_IMPORT + MOD_DEFS = $(@BUILD_MONITOR@_DEFS) + ++PIE_CFLAGS="-fPIE" ++PIE_LDFLAGS="-pie" ++ + shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) + NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) + UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) diff --git a/pre_checkin.sh b/pre_checkin.sh new file mode 100644 index 0000000..12ecd0c --- /dev/null +++ b/pre_checkin.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +echo -n "Generating openldap2-client " + +cp openldap2.changes openldap2-client.changes +cp openldap2.spec openldap2-client.spec + +perl -pi -e "s/^Name:.*openldap2$/Name: openldap2-client/g" openldap2-client.spec + +echo "Done." + diff --git a/ready b/ready new file mode 100644 index 0000000..473a0f4 diff --git a/sasl-slapd.conf b/sasl-slapd.conf new file mode 100644 index 0000000..5fe3eb8 --- /dev/null +++ b/sasl-slapd.conf @@ -0,0 +1 @@ +mech_list: gssapi digest-md5 cram-md5 external diff --git a/secpatch.dif b/secpatch.dif new file mode 100644 index 0000000..3a1ab81 --- /dev/null +++ b/secpatch.dif @@ -0,0 +1,16 @@ +--- libraries/libldap/init.c 2004/01/08 10:44:36 1.1 ++++ libraries/libldap/init.c 2004/01/08 10:44:45 +@@ -558,6 +558,7 @@ + #endif + + openldap_ldap_init_w_sysconf(LDAP_CONF_FILE); ++ if( getuid() == geteuid() ){ + openldap_ldap_init_w_userconf(LDAP_USERRC_FILE); + + { +@@ -611,4 +612,5 @@ + } + + openldap_ldap_init_w_env(gopts, NULL); ++ } + } diff --git a/slapd_chain_return_error.dif b/slapd_chain_return_error.dif new file mode 100644 index 0000000..fd48847 --- /dev/null +++ b/slapd_chain_return_error.dif @@ -0,0 +1,133 @@ +Index: openldap-2.3.24/servers/slapd/back-ldap/chain.c +=================================================================== +--- openldap-2.3.24.orig/servers/slapd/back-ldap/chain.c ++++ openldap-2.3.24/servers/slapd/back-ldap/chain.c +@@ -90,10 +90,12 @@ typedef struct ldap_chain_t { + unsigned lc_flags; + #define LDAP_CHAIN_F_NONE (0x00U) + #define LDAP_CHAIN_F_CHAINING (0x01U) +-#define LDAP_CHAIN_F_CACHE_URI (0x10U) ++#define LDAP_CHAIN_F_CACHE_URI (0x02U) ++#define LDAP_CHAIN_F_RETURN_ERR (0x04U) + + #define LDAP_CHAIN_CHAINING( lc ) ( ( (lc)->lc_flags & LDAP_CHAIN_F_CHAINING ) == LDAP_CHAIN_F_CHAINING ) + #define LDAP_CHAIN_CACHE_URI( lc ) ( ( (lc)->lc_flags & LDAP_CHAIN_F_CACHE_URI ) == LDAP_CHAIN_F_CACHE_URI ) ++#define LDAP_CHAIN_RETURN_ERR( lc ) ( ( (lc)->lc_flags & LDAP_CHAIN_F_RETURN_ERR ) == LDAP_CHAIN_F_RETURN_ERR ) + + #ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR + LDAPControl lc_chaining_ctrl; +@@ -475,6 +477,7 @@ static int + ldap_chain_response( Operation *op, SlapReply *rs ) + { + slap_overinst *on = (slap_overinst *)op->o_bd->bd_info; ++ ldap_chain_t *lc = (ldap_chain_t *)on->on_bi.bi_private; + void *private = op->o_bd->be_private; + slap_callback *sc = op->o_callback, + sc2 = { 0 }; +@@ -796,11 +799,16 @@ cannot_chain:; + + default: + #endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */ +- rc = SLAP_CB_CONTINUE; +- rs->sr_err = sr_err; +- rs->sr_type = sr_type; +- rs->sr_matched = matched; +- rs->sr_ref = ref; ++ if( LDAP_CHAIN_RETURN_ERR(lc) ){ ++ rs->sr_err = rc; ++ rs->sr_type = sr_type; ++ } else { ++ rc = SLAP_CB_CONTINUE; ++ rs->sr_err = sr_err; ++ rs->sr_type = sr_type; ++ rs->sr_matched = matched; ++ rs->sr_ref = ref; ++ } + #ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR + break; + } +@@ -858,7 +866,8 @@ str2chain( const char *s ) + + enum { + CH_CHAINING = 1, +- CH_CACHE_URI = 2, ++ CH_CACHE_URI, ++ CH_RETURN_ERR, + + CH_LAST + }; +@@ -880,6 +889,11 @@ static ConfigTable chaincfg[] = { + "( OLcfgOvAt:3.2 NAME 'olcCacheURI' " + "DESC 'Enables caching of URIs not present in configuration' " + "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL }, ++ { "chain-return-error", "TRUE/FALSE", ++ 2, 2, 0, ARG_MAGIC|ARG_ON_OFF|CH_RETURN_ERR, chain_cf_gen, ++ "( OLcfgOvAt:3.4 NAME 'olcChainReturnError' " ++ "DESC 'Errors are returned instead of the original referral' " ++ "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL }, + { NULL, NULL, 0, 0, 0, ARG_IGNORED } + }; + +@@ -892,7 +906,8 @@ static ConfigOCs chainocs[] = { + #ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR + "olcChainingBehavior $ " + #endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */ +- "olcCacheURI " ++ "olcCacheURI $ " ++ "olcChainReturnError " + ") )", + Cft_Overlay, chaincfg, NULL, chain_cfadd }, + { "( OLcfgOvOc:3.2 " +@@ -1109,6 +1124,9 @@ chain_cf_gen( ConfigArgs *c ) + case CH_CACHE_URI: + c->value_int = LDAP_CHAIN_CACHE_URI( lc ); + break; ++ case CH_RETURN_ERR: ++ c->value_int = LDAP_CHAIN_RETURN_ERR( lc ); ++ break; + + default: + assert( 0 ); +@@ -1124,6 +1142,9 @@ chain_cf_gen( ConfigArgs *c ) + case CH_CACHE_URI: + lc->lc_flags &= ~LDAP_CHAIN_F_CACHE_URI; + break; ++ case CH_RETURN_ERR: ++ lc->lc_flags &= ~LDAP_CHAIN_F_RETURN_ERR; ++ break; + + default: + return 1; +@@ -1256,6 +1277,13 @@ chain_cf_gen( ConfigArgs *c ) + lc->lc_flags &= ~LDAP_CHAIN_F_CACHE_URI; + } + break; ++ case CH_RETURN_ERR: ++ if ( c->value_int ) { ++ lc->lc_flags |= LDAP_CHAIN_F_RETURN_ERR; ++ } else { ++ lc->lc_flags &= ~LDAP_CHAIN_F_RETURN_ERR; ++ } ++ break; + + default: + assert( 0 ); +Index: openldap-2.3.24/doc/man/man5/slapo-chain.5 +=================================================================== +--- openldap-2.3.24.orig/doc/man/man5/slapo-chain.5 ++++ openldap-2.3.24/doc/man/man5/slapo-chain.5 +@@ -79,6 +79,14 @@ These URIs inherit the properties config + \fBslapd-ldap\fP(5) before any occurrence of the \fBchain-uri\fP + directive; in detail, they are essentially chained anonymously. + .TP ++.B chain-return-error {FALSE|true} ++In case referral chasing fails, the real error is returned instead ++of the original referral. In case multiple referral URIs are present, ++only the first error is returned. This behavior may not be always ++appropriate nor desirable, since failures in referral chasing might be ++better resolved by the client (e.g. when caused by distributed ++authentication issues). ++.TP + .B chain-uri + This directive instantiates a new underlying \fIldap\fP database + and instructs it about which URI to contact to chase referrals. diff --git a/slapd_conf.dif b/slapd_conf.dif new file mode 100644 index 0000000..d87ae8c --- /dev/null +++ b/slapd_conf.dif @@ -0,0 +1,100 @@ +Index: servers/slapd/slapd.conf +=================================================================== +--- servers/slapd/slapd.conf.orig ++++ servers/slapd/slapd.conf +@@ -3,6 +3,10 @@ + # This file should NOT be world readable. + # + include %SYSCONFDIR%/schema/core.schema ++include %SYSCONFDIR%/schema/cosine.schema ++include %SYSCONFDIR%/schema/inetorgperson.schema ++include %SYSCONFDIR%/schema/rfc2307bis.schema ++include %SYSCONFDIR%/schema/yast.schema + + # Define global ACLs to disable default read access. + +@@ -10,16 +14,15 @@ include %SYSCONFDIR%/schema/core.schema + # service AND an understanding of referrals. + #referral ldap://root.openldap.org + +-pidfile %LOCALSTATEDIR%/run/slapd.pid +-argsfile %LOCALSTATEDIR%/run/slapd.args ++pidfile %LOCALSTATEDIR%/slapd.pid ++argsfile %LOCALSTATEDIR%/slapd.args + + # Load dynamic backend modules: +-# modulepath %MODULEDIR% +-# moduleload back_bdb.la ++modulepath %MODULEDIR% + # moduleload back_ldap.la +-# moduleload back_ldbm.la +-# moduleload back_passwd.la +-# moduleload back_shell.la ++# moduleload back_meta.la ++# moduleload back_monitor.la ++# moduleload back_perl.la + + # Sample security restrictions + # Require integrity protection (prevent hijacking) +@@ -28,20 +31,30 @@ argsfile %LOCALSTATEDIR%/run/slapd.args + # security ssf=1 update_ssf=112 simple_bind=64 + + # Sample access control policy: +-# Root DSE: allow anyone to read it +-# Subschema (sub)entry DSE: allow anyone to read it +-# Other DSEs: +-# Allow self write access +-# Allow authenticated users read access +-# Allow anonymous users to authenticate +-# Directives needed to implement policy: +-# access to dn.base="" by * read +-# access to dn.base="cn=Subschema" by * read +-# access to * +-# by self write +-# by users read +-# by anonymous auth +-# ++# Root DSE: allow anyone to read it ++# Subschema (sub)entry DSE: allow anyone to read it ++# Other DSEs: ++# Allow self write access to user password ++# Allow anonymous users to authenticate ++# Allow read access to everything else ++# Directives needed to implement policy: ++access to dn.base="" ++ by * read ++ ++access to dn.base="cn=Subschema" ++ by * read ++ ++access to attrs=userPassword,userPKCS12 ++ by self write ++ by * auth ++ ++access to attrs=shadowLastChange ++ by self write ++ by * read ++ ++access to * ++ by * read ++ + # if no access controls are present, the default policy + # allows anyone and everyone to read anything but restricts + # updates to rootdn. (e.g., "access to * by * read") +@@ -54,6 +67,8 @@ argsfile %LOCALSTATEDIR%/run/slapd.args + + database bdb + suffix "dc=my-domain,dc=com" ++checkpoint 1024 5 ++cachesize 10000 + rootdn "cn=Manager,dc=my-domain,dc=com" + # Cleartext passwords, especially for the rootdn, should + # be avoid. See slappasswd(8) and slapd.conf(5) for details. +@@ -62,6 +77,6 @@ rootpw secret + # The database directory MUST exist prior to running slapd AND + # should only be accessible by the slapd and slap tools. + # Mode 700 recommended. +-directory %LOCALSTATEDIR%/openldap-data ++directory /var/lib/ldap + # Indices to maintain + index objectClass eq