checked in

OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=26

0001-back-config-objectclass-inheritence-ITS-6408.dif

@@ -1,55 +0,0 @@
-From 49921a1e1a1832f9461d800eeeaee30f12864441 Mon Sep 17 00:00:00 2001
-From: Ralf Haferkamp <rhafer@suse.de>
-Date: Tue, 8 Dec 2009 12:13:39 +0100
-Subject: [PATCH 1/3] back-config objectclass inheritence (ITS#6408)
-
-bnc#558059
----
- servers/slapd/bconfig.c |   12 ++++++------
- 1 files changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c
-index c903458..d43e927 100644
---- a/servers/slapd/bconfig.c
-+++ b/servers/slapd/bconfig.c
-@@ -4932,10 +4932,10 @@ config_add_internal( CfBackInfo *cfb, Entry *e, ConfigArgs *ca, SlapReply *rs,
- ok:
- 	/* Newly added databases and overlays need to be started up */
- 	if ( CONFIG_ONLINE_ADD( ca )) {
--		if ( colst[0]->co_type == Cft_Database ) {
-+		if ( coptr->co_type == Cft_Database ) {
- 			rc = backend_startup_one( ca->be, &ca->reply );
- 
--		} else if ( colst[0]->co_type == Cft_Overlay ) {
-+		} else if ( coptr->co_type == Cft_Overlay ) {
- 			if ( ca->bi->bi_db_open ) {
- 				BackendInfo *bi_orig = ca->be->bd_info;
- 				ca->be->bd_info = ca->bi;
-@@ -4961,7 +4961,7 @@ ok:
- 	ce->ce_parent = last;
- 	ce->ce_entry = entry_dup( e );
- 	ce->ce_entry->e_private = ce;
--	ce->ce_type = colst[0]->co_type;
-+	ce->ce_type = coptr->co_type;
- 	ce->ce_be = ca->be;
- 	ce->ce_bi = ca->bi;
- 	ce->ce_private = ca->ca_private;
-@@ -5006,12 +5006,12 @@ ok:
- 
- done:
- 	if ( rc ) {
--		if ( (colst[0]->co_type == Cft_Database) && ca->be ) {
-+		if ( (coptr->co_type == Cft_Database) && ca->be ) {
- 			if ( ca->be != frontendDB )
- 				backend_destroy_one( ca->be, 1 );
--		} else if ( (colst[0]->co_type == Cft_Overlay) && ca->bi ) {
-+		} else if ( (coptr->co_type == Cft_Overlay) && ca->bi ) {
- 			overlay_destroy_one( ca->be, (slap_overinst *)ca->bi );
--		} else if ( colst[0]->co_type == Cft_Schema ) {
-+		} else if ( coptr->co_type == Cft_Schema ) {
- 			schema_destroy_one( ca, colst, nocs, last );
- 		}
- 	}
--- 
-1.6.4.2
-

0002-init-bindconf-TLS-settings-ITS-6419.dif

@@ -1,162 +0,0 @@
-From d14434499207d1f0ca4686ce46787056b23b4d2c Mon Sep 17 00:00:00 2001
-From: Ralf Haferkamp <rhafer@suse.de>
-Date: Tue, 8 Dec 2009 13:36:17 +0100
-Subject: [PATCH 2/3] init bindconf TLS settings (ITS#6419)
-
-bnc#558397
----
- servers/slapd/config.c   |   71 +++++++++++++++++++++++++++++++++++++++++----
- servers/slapd/slap.h     |    8 +++++
- servers/slapd/syncrepl.c |    4 ++
- 3 files changed, 76 insertions(+), 7 deletions(-)
-
-diff --git a/servers/slapd/config.c b/servers/slapd/config.c
-index be5a2f7..171e968 100644
---- a/servers/slapd/config.c
-+++ b/servers/slapd/config.c
-@@ -1210,8 +1210,32 @@ static slap_verbmasks versionkey[] = {
- 	{ BER_BVNULL, 0 }
- };
- 
-+static int
-+slap_sb_uri(
-+	struct berval *val,
-+	void *bcp,
-+	slap_cf_aux_table *tab0,
-+	const char *tabmsg,
-+	int unparse )
-+{
-+	slap_bindconf *bc = bcp;
-+	if ( unparse ) {
-+		if ( bc->sb_uri.bv_len >= val->bv_len )
-+			return -1;
-+		val->bv_len = bc->sb_uri.bv_len;
-+		AC_MEMCPY( val->bv_val, bc->sb_uri.bv_val, val->bv_len );
-+	} else {
-+		bc->sb_uri = *val;
-+#ifdef HAVE_TLS
-+		if ( ldap_is_ldaps_url( val->bv_val ))
-+			bc->sb_tls_do_init = 1;
-+#endif
-+	}
-+	return 0;
-+}
-+
- static slap_cf_aux_table bindkey[] = {
--	{ BER_BVC("uri="), offsetof(slap_bindconf, sb_uri), 'b', 1, NULL },
-+	{ BER_BVC("uri="), 0, 'x', 1, slap_sb_uri },
- 	{ BER_BVC("version="), offsetof(slap_bindconf, sb_version), 'i', 0, versionkey },
- 	{ BER_BVC("bindmethod="), offsetof(slap_bindconf, sb_method), 'i', 0, methkey },
- 	{ BER_BVC("timeout="), offsetof(slap_bindconf, sb_timeout_api), 'i', 0, NULL },
-@@ -1224,21 +1248,20 @@ static slap_cf_aux_table bindkey[] = {
- 	{ BER_BVC("authcID="), offsetof(slap_bindconf, sb_authcId), 'b', 1, NULL },
- 	{ BER_BVC("authzID="), offsetof(slap_bindconf, sb_authzId), 'b', 1, (slap_verbmasks *)authzNormalize },
- #ifdef HAVE_TLS
--	{ BER_BVC("starttls="), offsetof(slap_bindconf, sb_tls), 'i', 0, tlskey },
--
- 	/* NOTE: replace "13" with the actual index
- 	 * of the first TLS-related line */
- #define aux_TLS (bindkey+13)	/* beginning of TLS keywords */
- 
-+	{ BER_BVC("starttls="), offsetof(slap_bindconf, sb_tls), 'i', 0, tlskey },
- 	{ BER_BVC("tls_cert="), offsetof(slap_bindconf, sb_tls_cert), 's', 1, NULL },
- 	{ BER_BVC("tls_key="), offsetof(slap_bindconf, sb_tls_key), 's', 1, NULL },
- 	{ BER_BVC("tls_cacert="), offsetof(slap_bindconf, sb_tls_cacert), 's', 1, NULL },
- 	{ BER_BVC("tls_cacertdir="), offsetof(slap_bindconf, sb_tls_cacertdir), 's', 1, NULL },
--	{ BER_BVC("tls_reqcert="), offsetof(slap_bindconf, sb_tls_reqcert), 's', 1, NULL },
--	{ BER_BVC("tls_cipher_suite="), offsetof(slap_bindconf, sb_tls_cipher_suite), 's', 1, NULL },
--	{ BER_BVC("tls_protocol_min="), offsetof(slap_bindconf, sb_tls_protocol_min), 's', 1, NULL },
-+	{ BER_BVC("tls_reqcert="), offsetof(slap_bindconf, sb_tls_reqcert), 's', 0, NULL },
-+	{ BER_BVC("tls_cipher_suite="), offsetof(slap_bindconf, sb_tls_cipher_suite), 's', 0, NULL },
-+	{ BER_BVC("tls_protocol_min="), offsetof(slap_bindconf, sb_tls_protocol_min), 's', 0, NULL },
- #ifdef HAVE_OPENSSL_CRL
--	{ BER_BVC("tls_crlcheck="), offsetof(slap_bindconf, sb_tls_crlcheck), 's', 1, NULL },
-+	{ BER_BVC("tls_crlcheck="), offsetof(slap_bindconf, sb_tls_crlcheck), 's', 0, NULL },
- #endif
- #endif
- 	{ BER_BVNULL, 0, 0, 0, NULL }
-@@ -1330,6 +1353,20 @@ slap_cf_aux_table_parse( const char *word, void *dst, slap_cf_aux_table *tab0, L
- 
- 				rc = lutil_atoulx( ulptr, val, 0 );
- 				break;
-+
-+			case 'x':
-+				if ( tab->aux != NULL ) {
-+					struct berval value;
-+					slap_cf_aux_table_parse_x *func = (slap_cf_aux_table_parse_x *)tab->aux;
-+
-+					ber_str2bv( val, 0, 1, &value );
-+
-+					rc = func( &value, (void *)((char *)dst + tab->off), tab, tabmsg, 0 );
-+
-+				} else {
-+					rc = 1;
-+				}
-+				break;
- 			}
- 
- 			if ( rc ) {
-@@ -1420,6 +1457,26 @@ slap_cf_aux_table_unparse( void *src, struct berval *bv, slap_cf_aux_table *tab0
- 			ptr += snprintf( ptr, sizeof( buf ) - ( ptr - buf ), "%lu", *ulptr );
- 			break;
- 
-+		case 'x':
-+			*ptr++ = ' ';
-+			ptr = lutil_strcopy( ptr, tab->key.bv_val );
-+			if ( tab->quote ) *ptr++ = '"';
-+			if ( tab->aux != NULL ) {
-+				struct berval value;
-+				slap_cf_aux_table_parse_x *func = (slap_cf_aux_table_parse_x *)tab->aux;
-+				int rc;
-+
-+				value.bv_val = ptr;
-+				value.bv_len = buf + sizeof( buf ) - ptr;
-+
-+				rc = func( &value, (void *)((char *)src + tab->off), tab, "(unparse)", 1 );
-+				if ( rc == 0 ) {
-+					ptr += value.bv_len;
-+				}
-+			}
-+			if ( tab->quote ) *ptr++ = '"';
-+			break;
-+
- 		default:
- 			assert( 0 );
- 		}
-diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h
-index 076b898..210f6ba 100644
---- a/servers/slapd/slap.h
-+++ b/servers/slapd/slap.h
-@@ -1630,6 +1630,14 @@ typedef struct slap_cf_aux_table {
- 	void *aux;
- } slap_cf_aux_table;
- 
-+typedef int
-+slap_cf_aux_table_parse_x LDAP_P((
-+	struct berval *val,
-+	void *bc,
-+	slap_cf_aux_table *tab0,
-+	const char *tabmsg,
-+	int unparse ));
-+
- #define SLAP_LIMIT_TIME	1
- #define SLAP_LIMIT_SIZE	2
- 
-diff --git a/servers/slapd/syncrepl.c b/servers/slapd/syncrepl.c
-index fb1001f..bf84556 100644
---- a/servers/slapd/syncrepl.c
-+++ b/servers/slapd/syncrepl.c
-@@ -4060,6 +4060,10 @@ parse_syncrepl_line(
- 		{
- 			val = c->argv[ i ] + STRLENOF( PROVIDERSTR "=" );
- 			ber_str2bv( val, 0, 1, &si->si_bindconf.sb_uri );
-+#ifdef HAVE_TLS
-+			if ( ldap_is_ldaps_url( val ))
-+				si->si_bindconf.sb_tls_do_init = 1;
-+#endif
- 			si->si_got |= GOT_PROVIDER;
- 		} else if ( !strncasecmp( c->argv[ i ], SCHEMASTR "=",
- 					STRLENOF( SCHEMASTR "=" ) ) )
--- 
-1.6.4.2
-

0003-apply-global-limit-changes-to-all-databases-ITS-6428.dif

@@ -1,135 +0,0 @@
-From ed86ffeec8ac01f9bc8ed531e5205a924c4a2979 Mon Sep 17 00:00:00 2001
-From: ralf <ralf>
-Date: Thu, 10 Dec 2009 10:56:52 +0000
-Subject: [PATCH 3/3] apply global limit changes to all databases (ITS#6428)
-
-bnc#562184
----
- servers/slapd/bconfig.c |   90 ++++++++++++++++++++++++++++++++++++++++------
- 1 files changed, 78 insertions(+), 12 deletions(-)
-
-diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c
-index d43e927..ae15224 100644
---- a/servers/slapd/bconfig.c
-+++ b/servers/slapd/bconfig.c
-@@ -2208,14 +2208,23 @@ config_sizelimit(ConfigArgs *c) {
- 			rc = 1;
- 		return rc;
- 	} else if ( c->op == LDAP_MOD_DELETE ) {
--		/* Reset to defaults */
--		lim->lms_s_soft = SLAPD_DEFAULT_SIZELIMIT;
--		lim->lms_s_hard = 0;
--		lim->lms_s_unchecked = -1;
--		lim->lms_s_pr = 0;
--		lim->lms_s_pr_hide = 0;
--		lim->lms_s_pr_total = 0;
--		return 0;
-+		/* Reset to defaults or values from frontend */
-+		if ( c->be == frontendDB ) {
-+			lim->lms_s_soft = SLAPD_DEFAULT_SIZELIMIT;
-+			lim->lms_s_hard = 0;
-+			lim->lms_s_unchecked = -1;
-+			lim->lms_s_pr = 0;
-+			lim->lms_s_pr_hide = 0;
-+			lim->lms_s_pr_total = 0;
-+		} else {
-+			lim->lms_s_soft = frontendDB->be_def_limit.lms_s_soft;
-+			lim->lms_s_hard = frontendDB->be_def_limit.lms_s_hard;
-+			lim->lms_s_unchecked = frontendDB->be_def_limit.lms_s_unchecked;
-+			lim->lms_s_pr = frontendDB->be_def_limit.lms_s_pr;
-+			lim->lms_s_pr_hide = frontendDB->be_def_limit.lms_s_pr_hide;
-+			lim->lms_s_pr_total = frontendDB->be_def_limit.lms_s_pr_total;
-+		}
-+		goto ok;
- 	}
- 	for(i = 1; i < c->argc; i++) {
- 		if(!strncasecmp(c->argv[i], "size", 4)) {
-@@ -2240,6 +2249,34 @@ config_sizelimit(ConfigArgs *c) {
- 			lim->lms_s_hard = 0;
- 		}
- 	}
-+
-+ok:
-+	if ( ( c->be == frontendDB ) && ( c->ca_entry ) ) {
-+		/* This is a modification to the global limits apply it to
-+		 * the other databases as needed */
-+		AttributeDescription *ad=NULL;
-+		const char *text = NULL;
-+		slap_str2ad(c->argv[0], &ad, &text);
-+		/* if we got here... */
-+		assert( ad != NULL );
-+
-+		CfEntryInfo *ce = c->ca_entry->e_private;
-+		if ( ce->ce_type == Cft_Global ){
-+			ce = ce->ce_kids;
-+		}
-+		for (; ce; ce=ce->ce_sibs) {
-+			Entry *dbe = ce->ce_entry;
-+			if ( (ce->ce_type == Cft_Database) && (ce->ce_be != frontendDB)
-+					&& (!attr_find(dbe->e_attrs, ad)) ) {
-+				ce->ce_be->be_def_limit.lms_s_soft = lim->lms_s_soft;
-+				ce->ce_be->be_def_limit.lms_s_hard = lim->lms_s_hard;
-+				ce->ce_be->be_def_limit.lms_s_unchecked =lim->lms_s_unchecked;
-+				ce->ce_be->be_def_limit.lms_s_pr =lim->lms_s_pr;
-+				ce->ce_be->be_def_limit.lms_s_pr_hide =lim->lms_s_pr_hide;
-+				ce->ce_be->be_def_limit.lms_s_pr_total =lim->lms_s_pr_total;
-+			}
-+		}
-+	}
- 	return(0);
- }
- 
-@@ -2259,10 +2296,15 @@ config_timelimit(ConfigArgs *c) {
- 			rc = 1;
- 		return rc;
- 	} else if ( c->op == LDAP_MOD_DELETE ) {
--		/* Reset to defaults */
--		lim->lms_t_soft = SLAPD_DEFAULT_TIMELIMIT;
--		lim->lms_t_hard = 0;
--		return 0;
-+		/* Reset to defaults or values from frontend */
-+		if ( c->be == frontendDB ) {
-+			lim->lms_t_soft = SLAPD_DEFAULT_TIMELIMIT;
-+			lim->lms_t_hard = 0;
-+		} else {
-+			lim->lms_t_soft = frontendDB->be_def_limit.lms_t_soft;
-+			lim->lms_t_hard = frontendDB->be_def_limit.lms_t_hard;
-+		}
-+		goto ok;
- 	}
- 	for(i = 1; i < c->argc; i++) {
- 		if(!strncasecmp(c->argv[i], "time", 4)) {
-@@ -2287,6 +2329,30 @@ config_timelimit(ConfigArgs *c) {
- 			lim->lms_t_hard = 0;
- 		}
- 	}
-+
-+ok:
-+	if ( ( c->be == frontendDB ) && ( c->ca_entry ) ) {
-+		/* This is a modification to the global limits apply it to
-+		 * the other databases as needed */
-+		AttributeDescription *ad=NULL;
-+		const char *text = NULL;
-+		slap_str2ad(c->argv[0], &ad, &text);
-+		/* if we got here... */
-+		assert( ad != NULL );
-+
-+		CfEntryInfo *ce = c->ca_entry->e_private;
-+		if ( ce->ce_type == Cft_Global ){
-+			ce = ce->ce_kids;
-+		}
-+		for (; ce; ce=ce->ce_sibs) {
-+			Entry *dbe = ce->ce_entry;
-+			if ( (ce->ce_type == Cft_Database) && (ce->ce_be != frontendDB)
-+					&& (!attr_find(dbe->e_attrs, ad)) ) {
-+				ce->ce_be->be_def_limit.lms_t_soft = lim->lms_t_soft;
-+				ce->ce_be->be_def_limit.lms_t_hard = lim->lms_t_hard;
-+			}
-+		}
-+	}
- 	return(0);
- }
- 
--- 
-1.6.4.2
-

libldap-tls_chkhost-its6239.dif

@@ -0,0 +1,125 @@
+Index: libraries/libldap/tls_o.c
+===================================================================
+RCS file: /repo/OpenLDAP/pkg/ldap/libraries/libldap/tls_o.c,v
+retrieving revision 1.5.2.4
+retrieving revision 1.5.2.6
+diff -u -r1.5.2.4 -r1.5.2.6
+--- libraries/libldap/tls_o.c	1 Jul 2009 23:04:49 -0000	1.5.2.4
++++ libraries/libldap/tls_o.c	13 Aug 2009 00:52:04 -0000	1.5.2.6
+@@ -466,7 +466,7 @@
+ 	X509 *x;
+ 	const char *name;
+ 	char *ptr;
+-	int ntype = IS_DNS;
++	int ntype = IS_DNS, nlen;
+ #ifdef LDAP_PF_INET6
+ 	struct in6_addr addr;
+ #else
+@@ -480,6 +480,7 @@
+ 	} else {
+ 		name = name_in;
+ 	}
++	nlen = strlen(name);
+ 
+ 	x = tlso_get_cert(s);
+ 	if (!x) {
+@@ -513,15 +514,14 @@
+ 		ex = X509_get_ext(x, i);
+ 		alt = X509V3_EXT_d2i(ex);
+ 		if (alt) {
+-			int n, len1 = 0, len2 = 0;
++			int n, len2 = 0;
+ 			char *domain = NULL;
+ 			GENERAL_NAME *gn;
+ 
+ 			if (ntype == IS_DNS) {
+-				len1 = strlen(name);
+ 				domain = strchr(name, '.');
+ 				if (domain) {
+-					len2 = len1 - (domain-name);
++					len2 = nlen - (domain-name);
+ 				}
+ 			}
+ 			n = sk_GENERAL_NAME_num(alt);
+@@ -539,7 +539,7 @@
+ 					if (sl == 0) continue;
+ 
+ 					/* Is this an exact match? */
+-					if ((len1 == sl) && !strncasecmp(name, sn, len1)) {
++					if ((nlen == sl) && !strncasecmp(name, sn, nlen)) {
+ 						break;
+ 					}
+ 
+@@ -579,13 +579,28 @@
+ 
+ 	if (ret != LDAP_SUCCESS) {
+ 		X509_NAME *xn;
+-		char buf[2048];
+-		buf[0] = '\0';
++		X509_NAME_ENTRY *ne;
++		ASN1_OBJECT *obj;
++		ASN1_STRING *cn = NULL;
++		int navas;
++
++		/* find the last CN */
++		obj = OBJ_nid2obj( NID_commonName );
++		if ( !obj ) goto no_cn;	/* should never happen */
+ 
+ 		xn = X509_get_subject_name(x);
+-		if( X509_NAME_get_text_by_NID( xn, NID_commonName,
+-			buf, sizeof(buf)) == -1)
++		navas = X509_NAME_entry_count( xn );
++		for ( i=navas-1; i>=0; i-- ) {
++			ne = X509_NAME_get_entry( xn, i );
++			if ( !OBJ_cmp( ne->object, obj )) {
++				cn = X509_NAME_ENTRY_get_data( ne );
++				break;
++			}
++		}
++
++		if( !cn )
+ 		{
++no_cn:
+ 			Debug( LDAP_DEBUG_ANY,
+ 				"TLS: unable to get common name from peer certificate.\n",
+ 				0, 0, 0 );
+@@ -596,21 +611,20 @@
+ 			ld->ld_error = LDAP_STRDUP(
+ 				_("TLS: unable to get CN from peer certificate"));
+ 
+-		} else if (strcasecmp(name, buf) == 0 ) {
++		} else if ( cn->length == nlen &&
++			strncasecmp( name, (char *) cn->data, nlen ) == 0 ) {
+ 			ret = LDAP_SUCCESS;
+ 
+-		} else if (( buf[0] == '*' ) && ( buf[1] == '.' )) {
++		} else if (( cn->data[0] == '*' ) && ( cn->data[1] == '.' )) {
+ 			char *domain = strchr(name, '.');
+ 			if( domain ) {
+-				size_t dlen = 0;
+-				size_t sl;
++				size_t dlen;
+ 
+-				sl = strlen(name);
+-				dlen = sl - (domain-name);
+-				sl = strlen(buf);
++				dlen = nlen - (domain-name);
+ 
+ 				/* Is this a wildcard match? */
+-				if ((dlen == sl-1) && !strncasecmp(domain, &buf[1], dlen)) {
++				if ((dlen == cn->length-1) &&
++					!strncasecmp(domain, (char *) &cn->data[1], dlen)) {
+ 					ret = LDAP_SUCCESS;
+ 				}
+ 			}
+@@ -618,8 +632,8 @@
+ 
+ 		if( ret == LDAP_LOCAL_ERROR ) {
+ 			Debug( LDAP_DEBUG_ANY, "TLS: hostname (%s) does not match "
+-				"common name in certificate (%s).\n", 
+-				name, buf, 0 );
++				"common name in certificate (%.*s).\n", 
++				name, cn->length, cn->data );
+ 			ret = LDAP_CONNECT_ERROR;
+ 			if ( ld->ld_error ) {
+ 				LDAP_FREE( ld->ld_error );

openldap-2.4.17.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9420647e50819d5b21ce271f827a00e76ac60a06712ec5fa948aaeca160543b6
+size 4372683

openldap-2.4.20.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:af0f2ceb0fbabd866bf25bc6ea2013d4bf0510d84f6d4bcde25c8f0c270b411c
-size 4417900

openldap2-client.changes

@@ -1,40 +1,3 @@
--------------------------------------------------------------------
-Thu Dec 10 15:41:11 UTC 2009 - rhafer@novell.com
-
-- Fixed an issue in back-config's objectclass inheritence code that
-  could cause the server to fail to start or to spin in an endless
-  loop (bnc#558059,ITS#6408)
-- default the tls_reqcert parameter of a syncrepl config to
-  "demand" as documented even if other tls_ options are absent
-  (bnc#558397, ITS#6319)
-- apply changes to the global size and timelimits to all database
-  that don't specify limits themself. (bnc#562184, ITS#6428) 
-
--------------------------------------------------------------------
-Mon Nov 30 16:09:22 UTC 2009 - rhafer@novell.com
-
-- Update to 2.4.20 (fate#306593), most important fixes since 2.4.19
-  * Fixed liblber embedded NUL values in BerValues (ITS#6353)
-  * Fixed libldap sasl buffer sizing (ITS#6327,ITS#6334)
-  * Fixed libldap uninitialized return value (ITS#6355)
-  * Fixed libldap unlimited timeout (ITS#6388)
-  * Added slapd handling of hex server IDs (ITS#6297)
-  * Fixed slapd checks of str2filter (ITS#6391)
-  * Fixed slapd configArgs initialization (ITS#6363)
-  * Fixed slapd db_open with connection_fake_init (ITS#6381)
-  * Fixed slapd with embedded \0 in bervals (ITS#6378,ITS#6379)
-  * Fixed slapd inclusion of ac/unistd.h (ITS#6342)
-  * Fixed slapd sl_free to better reclaim memory (ITS#6380)
-  * Fixed slapd syncrepl deletes in MirrorMode (ITS#6368)
-  * Fixed slapd syncrepl to use correct SID (ITS#6367)
-  * Fixed slapd tls_accept to retry in certain cases (ITS#6304)
-  * Fixed slapd-bdb/hdb cache corruption (ITS#6341)
-  * Fixed slapd-bdb/hdb entry cache (ITS#6360)
-  * Fixed slapo-syncprov checkpoint conversion (ITS#6370)
-  * Fixed slapo-syncprov deadlock (ITS#6335)
-  * Fixed slapo-syncprov out of order changes (ITS#6346)
-- Added switch to enable/disable testsuite (%run_test_suite) 
-
 -------------------------------------------------------------------
 Tue Nov  3 19:13:32 UTC 2009 - coolo@novell.com
 

openldap2-client.spec

@@ -1,5 +1,5 @@
 #
-# spec file for package openldap2 (Version 2.4.17)
+# spec file for package openldap2-client (Version 2.4.17)
 #
 # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
@@ -17,9 +17,8 @@
 
 # norootforbuild
 
-%define run_test_suite 1
 
-Name:         openldap2-client
+Name:           openldap2-client
 BuildRequires:  cyrus-sasl-devel db-devel libopenssl-devel openslp-devel tcpd-devel
 %if %sles_version == 9
 BuildRequires:  -db-devel -libopenssl-devel -pwdutils libdb-4_5-devel openssl-devel
@@ -27,8 +26,8 @@ BuildRequires:  -db-devel -libopenssl-devel -pwdutils libdb-4_5-devel openssl-de
 %if %sles_version == 10
 BuildRequires:  -db-devel -libopenssl-devel -pwdutils libdb-4_5-devel openssl-devel
 %endif
-Version:        2.4.20
-Release:        2
+Version:        2.4.17
+Release:        5
 Url:            http://www.openldap.org
 License:        BSD 3-clause (or similar) ; openldap 2.8
 %if "%{name}" == "openldap2"
@@ -42,7 +41,6 @@ Summary:        The OpenLDAP commandline client tools
 %else
 Group:          Productivity/Networking/LDAP/Clients
 Conflicts:      openldap-client
-Requires:       libldap-2_4-2 = %{version}
 Summary:        The OpenLDAP commandline client tools 
 %endif
 AutoReqProv:    on
@@ -54,16 +52,16 @@ Source4:        sasl-slapd.conf
 Source5:        README.update
 Source6:        schema2ldif
 Source100:      openldap-2.3.37.tar.bz2
-Patch1:         openldap2.dif
+Patch:          openldap2.dif
 Patch2:         slapd_conf.dif
 Patch3:         ldap_conf.dif
 Patch4:         ldapi_url.dif
+Patch5:         test056-monitor-its6213.dif
 Patch6:         libldap-gethostbyname_r.dif
 Patch7:         pie-compile.dif
 Patch11:        slapd-bconfig-del-db.dif
-Patch12:        0001-back-config-objectclass-inheritence-ITS-6408.dif
-Patch13:        0002-init-bindconf-TLS-settings-ITS-6419.dif
-Patch14:        0003-apply-global-limit-changes-to-all-databases-ITS-6428.dif
+Patch14:        slapo-collect-include.dif
+Patch15:        libldap-tls_chkhost-its6239.dif
 Patch100:       openldap-2.3.37.dif
 Patch200:       slapd_getaddrinfo_dupl.dif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
@@ -175,18 +173,18 @@ Authors:
 
 %prep
 %setup -q -n openldap-%{version} -a1 -a2 -b100
-%patch1
+%patch
 %patch2
 %patch3
 %patch4
+%patch5
 %patch6
 %if %suse_version > 920
 %patch7
 %endif
 %patch11
-%patch12 -p1
-%patch13 -p1
 %patch14 -p1
+%patch15
 %if %suse_version == 1100
 %patch200 -p1
 %endif
@@ -255,7 +253,6 @@ make %{?jobs:-j%jobs}
 %endif
 
 %check
-%if %run_test_suite
 # calculate the base port to be use in the test-suite
 SLAPD_BASEPORT=10000
 if [ -f /.buildenv ] ; then
@@ -277,7 +274,6 @@ rm -f tests/scripts/test050-syncrepl-multimaster
 rm -f tests/scripts/test058-syncrepl-asymmetric
 make SLAPD_DEBUG=0 test
 %endif
-%endif
 
 %install
 mkdir -p $RPM_BUILD_ROOT/etc/init.d

openldap2.changes

@@ -1,40 +1,3 @@
--------------------------------------------------------------------
-Thu Dec 10 15:41:11 UTC 2009 - rhafer@novell.com
-
-- Fixed an issue in back-config's objectclass inheritence code that
-  could cause the server to fail to start or to spin in an endless
-  loop (bnc#558059,ITS#6408)
-- default the tls_reqcert parameter of a syncrepl config to
-  "demand" as documented even if other tls_ options are absent
-  (bnc#558397, ITS#6319)
-- apply changes to the global size and timelimits to all database
-  that don't specify limits themself. (bnc#562184, ITS#6428) 
-
--------------------------------------------------------------------
-Mon Nov 30 16:09:22 UTC 2009 - rhafer@novell.com
-
-- Update to 2.4.20 (fate#306593), most important fixes since 2.4.19
-  * Fixed liblber embedded NUL values in BerValues (ITS#6353)
-  * Fixed libldap sasl buffer sizing (ITS#6327,ITS#6334)
-  * Fixed libldap uninitialized return value (ITS#6355)
-  * Fixed libldap unlimited timeout (ITS#6388)
-  * Added slapd handling of hex server IDs (ITS#6297)
-  * Fixed slapd checks of str2filter (ITS#6391)
-  * Fixed slapd configArgs initialization (ITS#6363)
-  * Fixed slapd db_open with connection_fake_init (ITS#6381)
-  * Fixed slapd with embedded \0 in bervals (ITS#6378,ITS#6379)
-  * Fixed slapd inclusion of ac/unistd.h (ITS#6342)
-  * Fixed slapd sl_free to better reclaim memory (ITS#6380)
-  * Fixed slapd syncrepl deletes in MirrorMode (ITS#6368)
-  * Fixed slapd syncrepl to use correct SID (ITS#6367)
-  * Fixed slapd tls_accept to retry in certain cases (ITS#6304)
-  * Fixed slapd-bdb/hdb cache corruption (ITS#6341)
-  * Fixed slapd-bdb/hdb entry cache (ITS#6360)
-  * Fixed slapo-syncprov checkpoint conversion (ITS#6370)
-  * Fixed slapo-syncprov deadlock (ITS#6335)
-  * Fixed slapo-syncprov out of order changes (ITS#6346)
-- Added switch to enable/disable testsuite (%run_test_suite) 
-
 -------------------------------------------------------------------
 Tue Nov  3 19:13:32 UTC 2009 - coolo@novell.com
 

openldap2.spec

@@ -17,7 +17,6 @@
 
 # norootforbuild
 
-%define run_test_suite 1
 
 Name:           openldap2
 BuildRequires:  cyrus-sasl-devel db-devel libopenssl-devel openslp-devel tcpd-devel
@@ -27,8 +26,8 @@ BuildRequires:  -db-devel -libopenssl-devel -pwdutils libdb-4_5-devel openssl-de
 %if %sles_version == 10
 BuildRequires:  -db-devel -libopenssl-devel -pwdutils libdb-4_5-devel openssl-devel
 %endif
-Version:        2.4.20
-Release:        2
+Version:        2.4.17
+Release:        5
 Url:            http://www.openldap.org
 License:        BSD 3-clause (or similar) ; openldap 2.8
 %if "%{name}" == "openldap2"
@@ -42,7 +41,6 @@ Summary:        The OpenLDAP commandline client tools
 %else
 Group:          Productivity/Networking/LDAP/Clients
 Conflicts:      openldap-client
-Requires:       libldap-2_4-2 = %{version}
 Summary:        The OpenLDAP commandline client tools 
 %endif
 AutoReqProv:    on
@@ -54,16 +52,16 @@ Source4:        sasl-slapd.conf
 Source5:        README.update
 Source6:        schema2ldif
 Source100:      openldap-2.3.37.tar.bz2
-Patch1:         openldap2.dif
+Patch:          openldap2.dif
 Patch2:         slapd_conf.dif
 Patch3:         ldap_conf.dif
 Patch4:         ldapi_url.dif
+Patch5:         test056-monitor-its6213.dif
 Patch6:         libldap-gethostbyname_r.dif
 Patch7:         pie-compile.dif
 Patch11:        slapd-bconfig-del-db.dif
-Patch12:        0001-back-config-objectclass-inheritence-ITS-6408.dif
-Patch13:        0002-init-bindconf-TLS-settings-ITS-6419.dif
-Patch14:        0003-apply-global-limit-changes-to-all-databases-ITS-6428.dif
+Patch14:        slapo-collect-include.dif
+Patch15:        libldap-tls_chkhost-its6239.dif
 Patch100:       openldap-2.3.37.dif
 Patch200:       slapd_getaddrinfo_dupl.dif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
@@ -175,18 +173,18 @@ Authors:
 
 %prep
 %setup -q -n openldap-%{version} -a1 -a2 -b100
-%patch1
+%patch
 %patch2
 %patch3
 %patch4
+%patch5
 %patch6
 %if %suse_version > 920
 %patch7
 %endif
 %patch11
-%patch12 -p1
-%patch13 -p1
 %patch14 -p1
+%patch15
 %if %suse_version == 1100
 %patch200 -p1
 %endif
@@ -255,7 +253,6 @@ make %{?jobs:-j%jobs}
 %endif
 
 %check
-%if %run_test_suite
 # calculate the base port to be use in the test-suite
 SLAPD_BASEPORT=10000
 if [ -f /.buildenv ] ; then
@@ -277,7 +274,6 @@ rm -f tests/scripts/test050-syncrepl-multimaster
 rm -f tests/scripts/test058-syncrepl-asymmetric
 make SLAPD_DEBUG=0 test
 %endif
-%endif
 
 %install
 mkdir -p $RPM_BUILD_ROOT/etc/init.d

slapo-collect-include.dif

@@ -0,0 +1,12 @@
+Index: openldap-2.4.17/servers/slapd/overlays/collect.c
+===================================================================
+--- openldap-2.4.17.orig/servers/slapd/overlays/collect.c
++++ openldap-2.4.17/servers/slapd/overlays/collect.c
+@@ -30,6 +30,7 @@
+ 
+ #include "slap.h"
+ #include "config.h"
++#include "lutil.h"
+ 
+ #include "lutil.h"
+ 

test056-monitor-its6213.dif

@@ -0,0 +1,36 @@
+Index: tests/scripts/test056-monitor
+===================================================================
+RCS file: /repo/OpenLDAP/pkg/ldap/tests/scripts/test056-monitor,v
+retrieving revision 1.3
+retrieving revision 1.4
+diff -u -r1.3 -r1.4
+--- tests/scripts/test056-monitor	2 Jul 2009 13:26:52 -0000	1.3
++++ tests/scripts/test056-monitor	14 Jul 2009 11:35:56 -0000	1.4
+@@ -66,7 +66,7 @@
+ echo "Filtering ldapsearch results..."
+ sed -e "$localrewrite" < $SEARCHOUT   | . $LDIFFILTER > $SEARCHFLT
+ echo "Filtering expected data..."
+-sed -e "$localrewrite" < $MONITOROUT1 | . $LDIFFILTER > $LDIFFLT
++. $CONFFILTER < $MONITOROUT1 | sed -e "$localrewrite" | . $LDIFFILTER > $LDIFFLT
+ echo "Comparing filter output..."
+ $CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+ 
+Index: tests/data/monitor1.out
+===================================================================
+RCS file: /repo/OpenLDAP/pkg/ldap/tests/data/monitor1.out,v
+retrieving revision 1.1
+retrieving revision 1.2
+diff -u -r1.1 -r1.2
+--- tests/data/monitor1.out	27 Jan 2009 09:09:51 -0000	1.1
++++ tests/data/monitor1.out	14 Jul 2009 11:35:56 -0000	1.2
+@@ -9,8 +9,8 @@
+ monitorConnectionRead: 2
+ monitorConnectionWrite: 0
+ monitorConnectionMask: rx
+-monitorConnectionListener: ldap://localhost:9011/
+-monitorConnectionLocalAddress: IP=127.0.0.1:9011
++monitorConnectionListener: ldap://localhost:@PORT1@/
++monitorConnectionLocalAddress: IP=127.0.0.1:@PORT1@
+ entryDN: cn=Connection 1,cn=Connections,cn=Monitor
+ 
+ dn: cn=Connections,cn=Monitor