diff --git a/openldap2.dif b/0001-build-adjustments.dif similarity index 50% rename from openldap2.dif rename to 0001-build-adjustments.dif index 44faf27..5f71315 100644 --- a/openldap2.dif +++ b/0001-build-adjustments.dif @@ -1,8 +1,19 @@ -Index: build/top.mk -=================================================================== ---- build/top.mk.orig -+++ build/top.mk -@@ -39,7 +39,7 @@ libdir = @libdir@ +From 2a6dda988ea0b14931427cce835e8a6da5c3488e Mon Sep 17 00:00:00 2001 +From: Ralf Haferkamp +Date: Wed, 16 Jun 2010 14:04:07 +0200 +Subject: build-adjustments + +- Don't strip binaries +- Adjusted modules path +- don't use automake macro + + 2 files changed, 4 insertions(+), 2 deletions(-) + +diff --git a/build/top.mk b/build/top.mk +index 0794173..eb4c825 100644 +--- a/build/top.mk ++++ b/build/top.mk +@@ -40,7 +40,7 @@ libdir = @libdir@ libexecdir = @libexecdir@ localstatedir = @localstatedir@ mandir = @mandir@ @@ -11,19 +22,10 @@ Index: build/top.mk sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ sysconfdir = @sysconfdir@$(ldap_subdir) -@@ -58,7 +58,7 @@ INSTALL_PROGRAM = $(INSTALL) - INSTALL_DATA = $(INSTALL) -m 644 - INSTALL_SCRIPT = $(INSTALL) - --STRIP = -s -+#STRIP = -s - - LINT = lint - 5LINT = 5lint -Index: configure.in -=================================================================== ---- configure.in.orig -+++ configure.in +diff --git a/configure.in b/configure.in +index ba05a5a..e658b81 100644 +--- a/configure.in ++++ b/configure.in @@ -67,7 +67,9 @@ dnl Determine host platform dnl we try not to use this for much AC_CANONICAL_TARGET([]) @@ -35,4 +37,6 @@ Index: configure.in AC_SUBST(PACKAGE)dnl AC_SUBST(VERSION)dnl AC_DEFINE_UNQUOTED(OPENLDAP_PACKAGE,"$PACKAGE",Package) +-- +1.7.1 diff --git a/slapd_conf.dif b/0002-slapd.conf.dif similarity index 80% rename from slapd_conf.dif rename to 0002-slapd.conf.dif index 5f22516..70adde1 100644 --- a/slapd_conf.dif +++ b/0002-slapd.conf.dif @@ -1,5 +1,15 @@ ---- servers/slapd/slapd.conf 2007/02/21 16:27:01 1.1 -+++ servers/slapd/slapd.conf 2007/02/21 16:29:20 +From d9c1061b77eec147e6d1df8b466d4b17b89e6890 Mon Sep 17 00:00:00 2001 +From: Ralf Haferkamp +Date: Wed, 16 Jun 2010 14:05:49 +0200 +Subject: slapd.conf + + + 1 files changed, 33 insertions(+), 17 deletions(-) + +diff --git a/servers/slapd/slapd.conf b/servers/slapd/slapd.conf +index 4938b85..9caf292 100644 +--- a/servers/slapd/slapd.conf ++++ b/servers/slapd/slapd.conf @@ -3,6 +3,10 @@ # This file should NOT be world readable. # @@ -11,7 +21,7 @@ # Define global ACLs to disable default read access. -@@ -10,8 +14,8 @@ +@@ -10,8 +14,8 @@ include %SYSCONFDIR%/schema/core.schema # service AND an understanding of referrals. #referral ldap://root.openldap.org @@ -22,7 +32,7 @@ # Load dynamic backend modules: # modulepath %MODULEDIR% -@@ -26,20 +30,30 @@ +@@ -26,20 +30,30 @@ argsfile %LOCALSTATEDIR%/run/slapd.args # security ssf=1 update_ssf=112 simple_bind=64 # Sample access control policy: @@ -67,7 +77,7 @@ # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") -@@ -52,6 +66,8 @@ +@@ -52,6 +66,8 @@ argsfile %LOCALSTATEDIR%/run/slapd.args database bdb suffix "dc=my-domain,dc=com" @@ -76,7 +86,7 @@ rootdn "cn=Manager,dc=my-domain,dc=com" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. -@@ -60,6 +76,6 @@ +@@ -60,6 +76,6 @@ rootpw secret # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. @@ -84,3 +94,6 @@ +directory /var/lib/ldap # Indices to maintain index objectClass eq +-- +1.7.1 + diff --git a/0003-LDAPI-socket-location.dif b/0003-LDAPI-socket-location.dif new file mode 100644 index 0000000..1e4a3d6 --- /dev/null +++ b/0003-LDAPI-socket-location.dif @@ -0,0 +1,24 @@ +From 82e121e47976ba0058733976b1c5428a6ee33c31 Mon Sep 17 00:00:00 2001 +From: Ralf Haferkamp +Date: Wed, 16 Jun 2010 14:06:42 +0200 +Subject: LDAPI socket location + + + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/include/ldap_defaults.h b/include/ldap_defaults.h +index 3e0d4b2..5235339 100644 +--- a/include/ldap_defaults.h ++++ b/include/ldap_defaults.h +@@ -39,7 +39,7 @@ + #define LDAP_ENV_PREFIX "LDAP" + + /* default ldapi:// socket */ +-#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "run" LDAP_DIRSEP "ldapi" ++#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "ldapi" + + /* + * SLAPD DEFINITIONS +-- +1.7.1 + diff --git a/0004-libldap-use-gethostbyname_r.dif b/0004-libldap-use-gethostbyname_r.dif new file mode 100644 index 0000000..d93e054 --- /dev/null +++ b/0004-libldap-use-gethostbyname_r.dif @@ -0,0 +1,33 @@ +From 21d21f0d9aed8876722748ef8ba92f75dbcdc771 Mon Sep 17 00:00:00 2001 +From: Ralf Haferkamp +Date: Wed, 16 Jun 2010 14:08:03 +0200 +Subject: libldap use gethostbyname_r + + + 1 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/libraries/libldap/util-int.c b/libraries/libldap/util-int.c +index 0704f9a..50a3389 100644 +--- a/libraries/libldap/util-int.c ++++ b/libraries/libldap/util-int.c +@@ -52,7 +52,7 @@ extern int h_errno; + #ifndef LDAP_R_COMPILE + # undef HAVE_REENTRANT_FUNCTIONS + # undef HAVE_CTIME_R +-# undef HAVE_GETHOSTBYNAME_R ++/* # undef HAVE_GETHOSTBYNAME_R */ + # undef HAVE_GETHOSTBYADDR_R + + #else +@@ -330,7 +330,7 @@ ldap_pvt_csnstr(char *buf, size_t len, unsigned int replica, unsigned int mod) + #define BUFSTART (1024-32) + #define BUFMAX (32*1024-32) + +-#if defined(LDAP_R_COMPILE) ++#if defined(LDAP_R_COMPILE) || defined(HAVE_GETHOSTBYNAME_R) + static char *safe_realloc( char **buf, int len ); + + #if !(defined(HAVE_GETHOSTBYNAME_R) && defined(HAVE_GETHOSTBYADDR_R)) +-- +1.7.1 + diff --git a/pie-compile.dif b/0005-pie-compile.dif similarity index 53% rename from pie-compile.dif rename to 0005-pie-compile.dif index 0cede92..8da876d 100644 --- a/pie-compile.dif +++ b/0005-pie-compile.dif @@ -1,8 +1,16 @@ -Index: build/top.mk -=================================================================== ---- build/top.mk.orig -+++ build/top.mk -@@ -178,9 +178,9 @@ SLAPD_L = $(LDAP_LIBLUNICODE_A) $(LDAP_L +From c73e8eb5d25f22ffb1203a38becbe88da4fc9116 Mon Sep 17 00:00:00 2001 +From: Ralf Haferkamp +Date: Wed, 16 Jun 2010 14:08:30 +0200 +Subject: pie compile + + + 12 files changed, 35 insertions(+), 2 deletions(-) + +diff --git a/build/top.mk b/build/top.mk +index eb4c825..4cb3da8 100644 +--- a/build/top.mk ++++ b/build/top.mk +@@ -178,9 +178,9 @@ SLAPD_L = $(LDAP_LIBLUNICODE_A) $(LDAP_LIBREWRITE_A) \ WRAP_LIBS = @WRAP_LIBS@ # AutoConfig generated AC_CC = @CC@ @@ -14,11 +22,11 @@ Index: build/top.mk AC_LIBS = @LIBS@ KRB4_LIBS = @KRB4_LIBS@ -Index: libraries/liblunicode/Makefile.in -=================================================================== ---- libraries/liblunicode/Makefile.in.orig -+++ libraries/liblunicode/Makefile.in -@@ -35,6 +35,9 @@ $(XXDIR)/uctable.h: $(XXDIR)/ucgendat.c +diff --git a/libraries/liblunicode/Makefile.in b/libraries/liblunicode/Makefile.in +index 5348baa..7332d4e 100644 +--- a/libraries/liblunicode/Makefile.in ++++ b/libraries/liblunicode/Makefile.in +@@ -35,6 +35,9 @@ $(XXDIR)/uctable.h: $(XXDIR)/ucgendat.c $(srcdir)/UnicodeData.txt $(srcdir)/Comp $(MAKE) ucgendat ./ucgendat $(srcdir)/UnicodeData.txt -x $(srcdir)/CompositionExclusions.txt @@ -28,10 +36,10 @@ Index: libraries/liblunicode/Makefile.in ucgendat: $(XLIBS) ucgendat.o $(LTLINK) -o $@ ucgendat.o $(LIBS) -Index: libraries/liblutil/Makefile.in -=================================================================== ---- libraries/liblutil/Makefile.in.orig -+++ libraries/liblutil/Makefile.in +diff --git a/libraries/liblutil/Makefile.in b/libraries/liblutil/Makefile.in +index b527966..a04e18e 100644 +--- a/libraries/liblutil/Makefile.in ++++ b/libraries/liblutil/Makefile.in @@ -19,6 +19,9 @@ PROGRAM = testavl LDAP_INCDIR= ../../include LDAP_LIBDIR= ../../libraries @@ -42,11 +50,25 @@ Index: libraries/liblutil/Makefile.in NT_SRCS = ntservice.c NT_OBJS = ntservice.o slapdmsg.res -Index: servers/slapd/Makefile.in -=================================================================== ---- servers/slapd/Makefile.in.orig -+++ servers/slapd/Makefile.in -@@ -69,6 +69,9 @@ SLAPD_DYNAMIC_BACKENDS=@SLAPD_DYNAMIC_BA +diff --git a/libraries/librewrite/Makefile.in b/libraries/librewrite/Makefile.in +index 72678c1..a4e0bcc 100644 +--- a/libraries/librewrite/Makefile.in ++++ b/libraries/librewrite/Makefile.in +@@ -26,6 +26,9 @@ OBJS = config.o context.o info.o ldapmap.o map.o params.o rule.o \ + LDAP_INCDIR= ../../include + LDAP_LIBDIR= ../../libraries + ++PIE_CFLAGS="-fPIE" ++PIE_LDFLAGS="-pie" ++ + LIBRARY = librewrite.a + PROGRAMS = rewrite + XLIBS = $(LIBRARY) $(LDAP_LIBLUTIL_A) \ +diff --git a/servers/slapd/Makefile.in b/servers/slapd/Makefile.in +index c170d79..23a18eb 100644 +--- a/servers/slapd/Makefile.in ++++ b/servers/slapd/Makefile.in +@@ -69,6 +69,9 @@ SLAPD_DYNAMIC_BACKENDS=@SLAPD_DYNAMIC_BACKENDS@ SLAPI_LIBS=@LIBSLAPI@ @SLAPI_LIBS@ @@ -56,10 +78,10 @@ Index: servers/slapd/Makefile.in XDEFS = $(MODULES_CPPFLAGS) XLDFLAGS = $(MODULES_LDFLAGS) -Index: servers/slapd/back-bdb/Makefile.in -=================================================================== ---- servers/slapd/back-bdb/Makefile.in.orig -+++ servers/slapd/back-bdb/Makefile.in +diff --git a/servers/slapd/back-bdb/Makefile.in b/servers/slapd/back-bdb/Makefile.in +index f44dab2..d919931 100644 +--- a/servers/slapd/back-bdb/Makefile.in ++++ b/servers/slapd/back-bdb/Makefile.in @@ -37,6 +37,9 @@ mod_DEFS = -DSLAPD_IMPORT MOD_DEFS = $(@BUILD_BDB@_DEFS) MOD_LIBS = $(BDB_LIBS) @@ -70,10 +92,10 @@ Index: servers/slapd/back-bdb/Makefile.in shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) -Index: servers/slapd/back-hdb/Makefile.in -=================================================================== ---- servers/slapd/back-hdb/Makefile.in.orig -+++ servers/slapd/back-hdb/Makefile.in +diff --git a/servers/slapd/back-hdb/Makefile.in b/servers/slapd/back-hdb/Makefile.in +index 5d8381c..a80d8c0 100644 +--- a/servers/slapd/back-hdb/Makefile.in ++++ b/servers/slapd/back-hdb/Makefile.in @@ -41,6 +41,9 @@ mod_DEFS = -DSLAPD_IMPORT MOD_DEFS = $(@BUILD_HDB@_DEFS) MOD_LIBS = $(BDB_LIBS) @@ -84,66 +106,10 @@ Index: servers/slapd/back-hdb/Makefile.in shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) -Index: servers/slapd/overlays/Makefile.in -=================================================================== ---- servers/slapd/overlays/Makefile.in.orig -+++ servers/slapd/overlays/Makefile.in -@@ -45,6 +45,9 @@ LTONLY_MOD = $(LTONLY_mod) - LDAP_INCDIR= ../../../include - LDAP_LIBDIR= ../../../libraries - -+PIE_CFLAGS="-fPIE" -+PIE_LDFLAGS="-pie" -+ - MOD_DEFS = -DSLAPD_IMPORT - - shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) -Index: servers/slapd/back-relay/Makefile.in -=================================================================== ---- servers/slapd/back-relay/Makefile.in.orig -+++ servers/slapd/back-relay/Makefile.in -@@ -25,6 +25,9 @@ BUILD_MOD = @BUILD_RELAY@ - mod_DEFS = -DSLAPD_IMPORT - MOD_DEFS = $(@BUILD_RELAY@_DEFS) - -+PIE_CFLAGS="-fPIE" -+PIE_LDFLAGS="-pie" -+ - shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) - NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) $(REWRITE) - UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) $(REWRITE) -Index: servers/slapd/back-ldif/Makefile.in -=================================================================== ---- servers/slapd/back-ldif/Makefile.in.orig -+++ servers/slapd/back-ldif/Makefile.in -@@ -25,6 +25,9 @@ BUILD_MOD = yes - mod_DEFS = -DSLAPD_IMPORT - MOD_DEFS = $(yes_DEFS) - -+PIE_CFLAGS="-fPIE" -+PIE_LDFLAGS="-pie" -+ - shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) - NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) - UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) -Index: libraries/librewrite/Makefile.in -=================================================================== ---- libraries/librewrite/Makefile.in.orig -+++ libraries/librewrite/Makefile.in -@@ -26,6 +26,9 @@ OBJS = config.o context.o info.o ldapmap - LDAP_INCDIR= ../../include - LDAP_LIBDIR= ../../libraries - -+PIE_CFLAGS="-fPIE" -+PIE_LDFLAGS="-pie" -+ - LIBRARY = librewrite.a - PROGRAMS = rewrite - XLIBS = $(LIBRARY) $(LDAP_LIBLUTIL_A) \ -Index: servers/slapd/back-ldap/Makefile.in -=================================================================== ---- servers/slapd/back-ldap/Makefile.in.orig -+++ servers/slapd/back-ldap/Makefile.in +diff --git a/servers/slapd/back-ldap/Makefile.in b/servers/slapd/back-ldap/Makefile.in +index 64a4af8..51495d5 100644 +--- a/servers/slapd/back-ldap/Makefile.in ++++ b/servers/slapd/back-ldap/Makefile.in @@ -29,6 +29,9 @@ BUILD_MOD = @BUILD_LDAP@ mod_DEFS = -DSLAPD_IMPORT MOD_DEFS = $(@BUILD_LDAP@_DEFS) @@ -154,10 +120,24 @@ Index: servers/slapd/back-ldap/Makefile.in shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) -Index: servers/slapd/back-monitor/Makefile.in -=================================================================== ---- servers/slapd/back-monitor/Makefile.in.orig -+++ servers/slapd/back-monitor/Makefile.in +diff --git a/servers/slapd/back-ldif/Makefile.in b/servers/slapd/back-ldif/Makefile.in +index 29450ae..c47641f 100644 +--- a/servers/slapd/back-ldif/Makefile.in ++++ b/servers/slapd/back-ldif/Makefile.in +@@ -25,6 +25,9 @@ BUILD_MOD = yes + mod_DEFS = -DSLAPD_IMPORT + MOD_DEFS = $(yes_DEFS) + ++PIE_CFLAGS="-fPIE" ++PIE_LDFLAGS="-pie" ++ + shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) + NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) + UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) +diff --git a/servers/slapd/back-monitor/Makefile.in b/servers/slapd/back-monitor/Makefile.in +index 6005b2d..a8f45a7 100644 +--- a/servers/slapd/back-monitor/Makefile.in ++++ b/servers/slapd/back-monitor/Makefile.in @@ -33,6 +33,9 @@ BUILD_MOD = @BUILD_MONITOR@ mod_DEFS = -DSLAPD_IMPORT MOD_DEFS = $(@BUILD_MONITOR@_DEFS) @@ -168,3 +148,34 @@ Index: servers/slapd/back-monitor/Makefile.in shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) +diff --git a/servers/slapd/back-relay/Makefile.in b/servers/slapd/back-relay/Makefile.in +index a408f34..518c7e5 100644 +--- a/servers/slapd/back-relay/Makefile.in ++++ b/servers/slapd/back-relay/Makefile.in +@@ -25,6 +25,9 @@ BUILD_MOD = @BUILD_RELAY@ + mod_DEFS = -DSLAPD_IMPORT + MOD_DEFS = $(@BUILD_RELAY@_DEFS) + ++PIE_CFLAGS="-fPIE" ++PIE_LDFLAGS="-pie" ++ + shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) + NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) $(REWRITE) + UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) $(REWRITE) +diff --git a/servers/slapd/overlays/Makefile.in b/servers/slapd/overlays/Makefile.in +index 0b7ce5c..7a48574 100644 +--- a/servers/slapd/overlays/Makefile.in ++++ b/servers/slapd/overlays/Makefile.in +@@ -46,6 +46,9 @@ LTONLY_MOD = $(LTONLY_mod) + LDAP_INCDIR= ../../../include + LDAP_LIBDIR= ../../../libraries + ++PIE_CFLAGS="-fPIE" ++PIE_LDFLAGS="-pie" ++ + MOD_DEFS = -DSLAPD_IMPORT + + shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) +-- +1.7.1 + diff --git a/slapd-bconfig-del-db.dif b/0006-assorted-fixes-for-back-config-DELETE-support.dif similarity index 66% rename from slapd-bconfig-del-db.dif rename to 0006-assorted-fixes-for-back-config-DELETE-support.dif index 620232b..44f9946 100644 --- a/slapd-bconfig-del-db.dif +++ b/0006-assorted-fixes-for-back-config-DELETE-support.dif @@ -1,8 +1,16 @@ -Index: servers/slapd/bconfig.c -=================================================================== ---- servers/slapd/bconfig.c.orig -+++ servers/slapd/bconfig.c -@@ -5492,13 +5492,26 @@ config_back_delete( Operation *op, SlapR +From a998fdc90747f222d261e714ea7e757ad0345f56 Mon Sep 17 00:00:00 2001 +From: Ralf Haferkamp +Date: Wed, 16 Jun 2010 14:08:56 +0200 +Subject: assorted fixes for back-config DELETE support + + + 1 files changed, 16 insertions(+), 2 deletions(-) + +diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c +index 8626f21..4ec085f 100644 +--- a/servers/slapd/bconfig.c ++++ b/servers/slapd/bconfig.c +@@ -5924,13 +5924,26 @@ config_back_delete( Operation *op, SlapReply *rs ) rs->sr_err = LDAP_UNWILLING_TO_PERFORM; } else if ( op->o_abandon ) { rs->sr_err = SLAPD_ABANDON; @@ -31,7 +39,7 @@ Index: servers/slapd/bconfig.c /* remove CfEntryInfo from the siblings list */ if ( ce->ce_parent->ce_kids == ce ) { -@@ -5560,6 +5573,7 @@ config_back_delete( Operation *op, SlapR +@@ -5992,6 +6005,7 @@ config_back_delete( Operation *op, SlapReply *rs ) #else rs->sr_err = LDAP_UNWILLING_TO_PERFORM; #endif /* SLAP_CONFIG_DELETE */ @@ -39,3 +47,6 @@ Index: servers/slapd/bconfig.c send_ldap_result( op, rs ); return rs->sr_err; } +-- +1.7.1 + diff --git a/Syncprov-might-lose-deletes-ITS-6555.dif b/Syncprov-might-lose-deletes-ITS-6555.dif deleted file mode 100644 index 9e0bd94..0000000 --- a/Syncprov-might-lose-deletes-ITS-6555.dif +++ /dev/null @@ -1,38 +0,0 @@ -From e32aa64d19840a3b76da532d200fa1cb733e0672 Mon Sep 17 00:00:00 2001 -From: ralf -Date: Thu, 20 May 2010 15:08:28 +0000 -Subject: Syncprov might lose deletes (ITS#6555) - -During the refresh phase the sync filter needs to be adjusted (skipping -the "(entrycsn>=cookie)" part that was inserted) when checking whether a -change needs to be replicated, otherwise we lose DELETES that happen during -the refresh phase. - -bnc#606294 - - 1 files changed, 9 insertions(+), 1 deletions(-) - -diff --git a/servers/slapd/overlays/syncprov.c b/servers/slapd/overlays/syncprov.c -index 675568e..030edf5 100644 ---- a/servers/slapd/overlays/syncprov.c -+++ b/servers/slapd/overlays/syncprov.c -@@ -1301,7 +1301,15 @@ syncprov_matchops( Operation *op, opcookie *opc, int saveit ) - op2.o_hdr = &oh; - op2.o_extra = op->o_extra; - op2.o_callback = NULL; -- rc = test_filter( &op2, e, ss->s_op->ors_filter ); -+ ldap_pvt_thread_mutex_lock( &ss->s_mutex ); -+ if (ss->s_flags & PS_FIX_FILTER) { -+ /* Skip the AND/GE clause that we stuck on in front. We -+ would lose deletes/mods that happen during the refresh -+ phase otherwise (ITS#6555) */ -+ op2.ors_filter = ss->s_op->ors_filter->f_and->f_next; -+ } -+ ldap_pvt_thread_mutex_unlock( &ss->s_mutex ); -+ rc = test_filter( &op2, e, op2.ors_filter ); - } - - Debug( LDAP_DEBUG_TRACE, "syncprov_matchops: sid %03x fscope %d rc %d\n", --- -1.7.0.3 - diff --git a/ldapi_url.dif b/ldapi_url.dif deleted file mode 100644 index b8eb3f9..0000000 --- a/ldapi_url.dif +++ /dev/null @@ -1,11 +0,0 @@ ---- include/ldap_defaults.h 2004/04/14 14:13:27 1.1 -+++ include/ldap_defaults.h 2004/04/14 14:14:01 -@@ -39,7 +39,7 @@ - #define LDAP_ENV_PREFIX "LDAP" - - /* default ldapi:// socket */ --#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "run" LDAP_DIRSEP "ldapi" -+#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "ldapi" - - /* - * SLAPD DEFINITIONS diff --git a/libldap-gethostbyname_r.dif b/libldap-gethostbyname_r.dif deleted file mode 100644 index a653681..0000000 --- a/libldap-gethostbyname_r.dif +++ /dev/null @@ -1,20 +0,0 @@ ---- libraries/libldap/util-int.c 2005/08/23 16:07:09 1.1 -+++ libraries/libldap/util-int.c 2005/08/23 16:16:03 -@@ -52,7 +52,7 @@ - #ifndef LDAP_R_COMPILE - # undef HAVE_REENTRANT_FUNCTIONS - # undef HAVE_CTIME_R --# undef HAVE_GETHOSTBYNAME_R -+/* # undef HAVE_GETHOSTBYNAME_R */ - # undef HAVE_GETHOSTBYADDR_R - - #else -@@ -110,7 +110,7 @@ - #define BUFSTART (1024-32) - #define BUFMAX (32*1024-32) - --#if defined(LDAP_R_COMPILE) -+#if defined(LDAP_R_COMPILE) || defined(HAVE_GETHOSTBYNAME_R) - static char *safe_realloc( char **buf, int len ); - - #if !(defined(HAVE_GETHOSTBYNAME_R) && defined(HAVE_GETHOSTBYADDR_R)) diff --git a/openldap-2.4.21.tar.bz2 b/openldap-2.4.21.tar.bz2 deleted file mode 100644 index ef5bbfc..0000000 --- a/openldap-2.4.21.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7140bb913a95765134daf5ee17254d938f54c981790d328e6cd3ca7ad6cea915 -size 4421498 diff --git a/openldap-2.4.23.tar.bz2 b/openldap-2.4.23.tar.bz2 new file mode 100644 index 0000000..1ab37f7 --- /dev/null +++ b/openldap-2.4.23.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:56349b44f6219fa305e9ebaffd6f2c2c57e3229a1f1c850f6fc5f6ba4e06c03a +size 4223407 diff --git a/openldap-rc.tgz b/openldap-rc.tgz index 1c3fbc9..769d82c 100644 --- a/openldap-rc.tgz +++ b/openldap-rc.tgz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:7461807939d700bfa6fbcbf16c0bceddd42683d8163a61d9a5923a5620450ac0 -size 4552 +oid sha256:f84fdc87394660f5e3ac1977d0f6c6d1aa0c66f4f26c59e49b21807bf95f00c6 +size 4535 diff --git a/openldap2-client.changes b/openldap2-client.changes index 58841dd..c92a54f 100644 --- a/openldap2-client.changes +++ b/openldap2-client.changes @@ -1,3 +1,48 @@ +------------------------------------------------------------------- +Thu Aug 26 14:04:06 UTC 2010 - rhafer@novell.com + +- Fix listener URIs in init script to make SLP registration work + again (bnc#620389) + +------------------------------------------------------------------- +Fri Jul 23 07:49:40 UTC 2010 - rhafer@novell.com + +- Fixed RPM Group and Summary Tags (bnc#624980) + +------------------------------------------------------------------- +Thu Jul 1 13:02:13 UTC 2010 - rhafer@novell.com + +- Updated to 2.4.23: + * Fixed libldap to return server's error code (ITS#6569) + * Fixed libldap memleaks (ITS#6568) + * Fixed liblutil off-by-one with delta (ITS#6541) + * Fixed slapd acls with glued databases (ITS#6468) + * Fixed slapd syncrepl rid logging (ITS#6533) + * Fixed slapd modrdn handling of invalid values (bnc#612430, + ITS#6570) + * Fixed slapd-bdb hasSubordinates computation (ITS#6549) + * Fixed slapd-bdb to use memcpy instead for strcpy (ITS#6474) + * Fixed slapd-bdb entry cache delete failure (ITS#6577) + * Fixed slapd-ldap to return control responses (ITS#6530) + * Fixed slapo-ppolicy to use Debug (ITS#6566) + * Fixed slapo-refint to zero out freed DN vals (ITS#6572) + * Fixed slapo-rwm to use Debug (ITS#6566) + * Fixed slapo-sssvlv to use Debug (ITS#6566) + * Fixed slapo-syncprov lost deletes in refresh phase (bnc#606294, + ITS#6555) + * Fixed slapo-valsort to use Debug (ITS#6566) + * Fixed contrib/nssov network.c missing patch (ITS#6562) +- New subpackage openldap2-back-sql. Contains the SQL backend + module plus some documentation (bnc#395719) +- generate Patches from git tree (resulted in all patches being + renamed) +- installing binaries without stripping them is done by setting + the STRIP enviroment variable instead for patching the Makefile + now +- Fixed a bug in the syncprov overlay which could lead to not + replicate delete Operations (ITS#6555, bnc#606294) +- BuildRequires cleanup + ------------------------------------------------------------------- Thu Jul 1 12:48:18 UTC 2010 - rhafer@novell.com diff --git a/openldap2-client.spec b/openldap2-client.spec index 51137f4..e82b4c3 100644 --- a/openldap2-client.spec +++ b/openldap2-client.spec @@ -1,5 +1,5 @@ # -# spec file for package openldap2-client (Version 2.4.21) +# spec file for package openldap2-client (Version 2.4.23) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -20,19 +20,19 @@ %define run_test_suite 1 Name: openldap2-client -BuildRequires: cyrus-sasl-devel db-devel libopenssl-devel tcpd-devel -%if %sles_version == 9 -BuildRequires: -db-devel -libopenssl-devel -pwdutils libdb-4_5-devel openssl-devel +BuildRequires: cyrus-sasl-devel libopenssl-devel +%if %sles_version == 9 || %sles_version == 10 +BuildRequires: -libopenssl-devel -pwdutils openssl-devel %endif -%if %sles_version == 10 -BuildRequires: -db-devel -libopenssl-devel -pwdutils libdb-4_5-devel openssl-devel -%endif -Version: 2.4.21 -Release: 6 +Version: 2.4.23 +Release: 1 Url: http://www.openldap.org License: BSD3c(or similar) ; openldap 2.8 %if "%{name}" == "openldap2" -BuildRequires: openslp-devel +BuildRequires: db-devel openslp-devel tcpd-devel unixODBC-devel +%if %sles_version == 9 || %sles_version == 10 +BuildRequires: -db-devel libdb-4_5-devel +%endif Group: Productivity/Networking/LDAP/Clients Conflicts: openldap Requires: libldap-2_4-2 = %{version} @@ -53,15 +53,12 @@ Source4: sasl-slapd.conf Source5: README.update Source6: schema2ldif Source100: openldap-2.3.37.tar.bz2 -Patch1: openldap2.dif -Patch2: slapd_conf.dif -Patch4: ldapi_url.dif -Patch5: slapd-back-hdb-fortify.dif -Patch6: libldap-gethostbyname_r.dif -Patch7: pie-compile.dif -Patch11: slapd-bconfig-del-db.dif -Patch12: Syncprov-might-lose-deletes-ITS-6555.dif -Patch13: slapd-modrdn-crash-ITS-6570.dif +Patch1: 0001-build-adjustments.dif +Patch2: 0002-slapd.conf.dif +Patch3: 0003-LDAPI-socket-location.dif +Patch4: 0004-libldap-use-gethostbyname_r.dif +Patch5: 0005-pie-compile.dif +Patch6: 0006-assorted-fixes-for-back-config-DELETE-support.dif Patch100: openldap-2.3.37.dif Patch200: slapd_getaddrinfo_dupl.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -116,6 +113,21 @@ Authors: -------- The OpenLDAP Project +%package -n openldap2-back-sql +License: BSD3c(or similar) +Summary: OpenLDAP SQL Back-End +Requires: openldap2 = %{version} +AutoReqProv: on +Group: Productivity/Networking/LDAP/Servers + +%description -n openldap2-back-sql +The primary purpose of this OpenLDAP backend is to present information +stored in a Relational (SQL) Database as an LDAP subtree without the need +to do any programming. + +Authors: +-------- + The OpenLDAP Project %else %description @@ -173,17 +185,14 @@ Authors: %prep %setup -q -n openldap-%{version} -a1 -a2 -b100 -%patch1 -%patch2 -%patch4 -%patch5 -%patch6 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 %if %suse_version > 920 -%patch7 +%patch5 -p1 %endif -%patch11 -%patch12 -p1 -%patch13 -p1 +%patch6 -p1 %if %suse_version == 1100 %patch200 -p1 %endif @@ -196,13 +205,10 @@ cd ../openldap-2.3.37 libtoolize --force autoreconf export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -DLDAP_DEPRECATED -DLDAP_CONNECTIONLESS -DSLAP_CONFIG_DELETE" -./configure --prefix=/usr \ - --exec-prefix=/usr \ - --sysconfdir=%{_sysconfdir} \ +export STRIP="" +%configure \ --localstatedir=/var/run/slapd \ --libexecdir=/usr/lib/openldap \ - --libdir=%{_libdir} \ - --mandir=%{_mandir} \ --enable-wrappers \ --enable-aclgroups \ --enable-spasswd \ @@ -222,6 +228,7 @@ export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -DLDAP_DEPRECATED -DLDAP_CONN --enable-meta=mod \ --enable-monitor=yes \ --enable-perl=mod \ + --enable-sql=mod \ --enable-slp \ --enable-overlays=yes \ %else @@ -279,7 +286,7 @@ make SLAPD_DEBUG=0 test %install mkdir -p $RPM_BUILD_ROOT/etc/init.d mkdir -p $RPM_BUILD_ROOT/usr/sbin -make DESTDIR=$RPM_BUILD_ROOT install +make STRIP="" DESTDIR=$RPM_BUILD_ROOT install install -m 755 rc.ldap $RPM_BUILD_ROOT/etc/init.d/ldap ln -sf ../../etc/init.d/ldap $RPM_BUILD_ROOT/usr/sbin/rcldap mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/slapd.d @@ -313,10 +320,10 @@ rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-null.5 rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-passwd.5 rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-shell.5 rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-sock.5 -rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-sql.5 rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-tcl.5 # Remove *.la files, libtool does not handle this correct rm -f $RPM_BUILD_ROOT%{_libdir}/lib*.la + #put filelists into files cat >openldap2.filelist < openldap2-back-meta.filelist < openldap2-back-sql.filelist < +%package -n openldap2-back-sql +License: BSD3c(or similar) +Summary: OpenLDAP SQL Back-End +Requires: openldap2 = %{version} +AutoReqProv: on +Group: Productivity/Networking/LDAP/Servers + +%description -n openldap2-back-sql +The primary purpose of this OpenLDAP backend is to present information +stored in a Relational (SQL) Database as an LDAP subtree without the need +to do any programming. + +Authors: +-------- + The OpenLDAP Project %else %description @@ -173,17 +185,14 @@ Authors: %prep %setup -q -n openldap-%{version} -a1 -a2 -b100 -%patch1 -%patch2 -%patch4 -%patch5 -%patch6 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 %if %suse_version > 920 -%patch7 +%patch5 -p1 %endif -%patch11 -%patch12 -p1 -%patch13 -p1 +%patch6 -p1 %if %suse_version == 1100 %patch200 -p1 %endif @@ -196,13 +205,10 @@ cd ../openldap-2.3.37 libtoolize --force autoreconf export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -DLDAP_DEPRECATED -DLDAP_CONNECTIONLESS -DSLAP_CONFIG_DELETE" -./configure --prefix=/usr \ - --exec-prefix=/usr \ - --sysconfdir=%{_sysconfdir} \ +export STRIP="" +%configure \ --localstatedir=/var/run/slapd \ --libexecdir=/usr/lib/openldap \ - --libdir=%{_libdir} \ - --mandir=%{_mandir} \ --enable-wrappers \ --enable-aclgroups \ --enable-spasswd \ @@ -222,6 +228,7 @@ export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -DLDAP_DEPRECATED -DLDAP_CONN --enable-meta=mod \ --enable-monitor=yes \ --enable-perl=mod \ + --enable-sql=mod \ --enable-slp \ --enable-overlays=yes \ %else @@ -279,7 +286,7 @@ make SLAPD_DEBUG=0 test %install mkdir -p $RPM_BUILD_ROOT/etc/init.d mkdir -p $RPM_BUILD_ROOT/usr/sbin -make DESTDIR=$RPM_BUILD_ROOT install +make STRIP="" DESTDIR=$RPM_BUILD_ROOT install install -m 755 rc.ldap $RPM_BUILD_ROOT/etc/init.d/ldap ln -sf ../../etc/init.d/ldap $RPM_BUILD_ROOT/usr/sbin/rcldap mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/slapd.d @@ -313,10 +320,10 @@ rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-null.5 rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-passwd.5 rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-shell.5 rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-sock.5 -rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-sql.5 rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-tcl.5 # Remove *.la files, libtool does not handle this correct rm -f $RPM_BUILD_ROOT%{_libdir}/lib*.la + #put filelists into files cat >openldap2.filelist < openldap2-back-meta.filelist < openldap2-back-sql.filelist <nrdnlen[0] = (BEI(e)->bei_nrdn.bv_len >> 8) | 0x80; - dlen[0] = d->nrdnlen[0]; - dlen[1] = d->nrdnlen[1]; -- strcpy( d->nrdn, BEI(e)->bei_nrdn.bv_val ); -+ memcpy ( d->nrdn, BEI(e)->bei_nrdn.bv_val, BEI(e)->bei_nrdn.bv_len + 1); - data.data = d; - - rc = db->cursor( db, txn, &cursor, bdb->bi_db_opflags ); diff --git a/slapd-modrdn-crash-ITS-6570.dif b/slapd-modrdn-crash-ITS-6570.dif deleted file mode 100644 index 667950c..0000000 --- a/slapd-modrdn-crash-ITS-6570.dif +++ /dev/null @@ -1,100 +0,0 @@ -From 6e229f5b94be41c4b9372914ae9bff90ccd81014 Mon Sep 17 00:00:00 2001 -From: hyc -Date: Sun, 6 Jun 2010 22:02:32 +0000 -Subject: slapd modrdn crash (ITS#6570) - -part #1 reject RDNs with binary BER values -part #2 reject RDNs with empty values - -Unauthenticated LDAP clients could crash the server by submitting a -specially crafted LDAP ModRDN operatoin. - -Part #1: -OpenLDAP crashes with segfault during the processing of a modrdn call with -maliciously formed destination rdn string. No authentication is required to -trigger this vulnerability. - -Part #2: -OpenLDAP crashes at a null pointer dereference during the processing of modrdn -call with maliciously formed destination rdn string. No authentication is -required to trigger this vulnerability. - - 3 files changed, 16 insertions(+), 7 deletions(-) - -diff --git a/servers/slapd/dn.c b/servers/slapd/dn.c -index 3534e7f..75d2204 100644 ---- a/servers/slapd/dn.c -+++ b/servers/slapd/dn.c -@@ -302,16 +302,13 @@ LDAPRDN_rewrite( LDAPRDN rdn, unsigned flags, void *ctx ) - ava->la_attr = ad->ad_cname; - - if( ava->la_flags & LDAP_AVA_BINARY ) { -- if( ava->la_value.bv_len == 0 ) { -- /* BER encoding is empty */ -- return LDAP_INVALID_SYNTAX; -- } -+ /* AVA is binary encoded, not supported */ -+ return LDAP_INVALID_SYNTAX; - - /* Do not allow X-ORDERED 'VALUES' naming attributes */ - } else if( ad->ad_type->sat_flags & SLAP_AT_ORDERED_VAL ) { - return LDAP_INVALID_SYNTAX; - -- /* AVA is binary encoded, don't muck with it */ - } else if( flags & SLAP_LDAPDN_PRETTY ) { - transf = ad->ad_type->sat_syntax->ssyn_pretty; - if( !transf ) { -@@ -379,6 +376,10 @@ LDAPRDN_rewrite( LDAPRDN rdn, unsigned flags, void *ctx ) - ava->la_value = bv; - ava->la_flags |= LDAP_AVA_FREE_VALUE; - } -+ /* reject empty values */ -+ if (!ava->la_value.bv_len) { -+ return LDAP_INVALID_SYNTAX; -+ } - } - rc = LDAP_SUCCESS; - -diff --git a/servers/slapd/modrdn.c b/servers/slapd/modrdn.c -index e386ef9..e143a7b 100644 ---- a/servers/slapd/modrdn.c -+++ b/servers/slapd/modrdn.c -@@ -445,12 +445,19 @@ slap_modrdn2mods( - mod_tmp->sml_values[1].bv_val = NULL; - if( desc->ad_type->sat_equality->smr_normalize) { - mod_tmp->sml_nvalues = ( BerVarray )ch_malloc( 2 * sizeof( struct berval ) ); -- (void) (*desc->ad_type->sat_equality->smr_normalize)( -+ rs->sr_err = desc->ad_type->sat_equality->smr_normalize( - SLAP_MR_EQUALITY|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX, - desc->ad_type->sat_syntax, - desc->ad_type->sat_equality, - &mod_tmp->sml_values[0], - &mod_tmp->sml_nvalues[0], NULL ); -+ if (rs->sr_err != LDAP_SUCCESS) { -+ ch_free(mod_tmp->sml_nvalues); -+ ch_free(mod_tmp->sml_values[0].bv_val); -+ ch_free(mod_tmp->sml_values); -+ ch_free(mod_tmp); -+ goto done; -+ } - mod_tmp->sml_nvalues[1].bv_val = NULL; - } else { - mod_tmp->sml_nvalues = NULL; -diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c -index 68e6d28..d2f4708 100644 ---- a/servers/slapd/schema_init.c -+++ b/servers/slapd/schema_init.c -@@ -1732,8 +1732,9 @@ UTF8StringNormalize( - ? LDAP_UTF8_APPROX : 0; - - val = UTF8bvnormalize( val, &tmp, flags, ctx ); -+ /* out of memory or syntax error, the former is unlikely */ - if( val == NULL ) { -- return LDAP_OTHER; -+ return LDAP_INVALID_SYNTAX; - } - - /* collapse spaces (in place) */ --- -1.7.0.3 -