From 337b984955223d0e194e4dfe32d18c4629192c5e3af20eeb35ed256e93a40d16 Mon Sep 17 00:00:00 2001
From: Ralf Haferkamp <ralf@h4kamp.de>
Date: Fri, 23 Jul 2010 07:57:08 +0000
Subject: [PATCH] Accepting request 43806 from network:ldap:OpenLDAP:RE24

Copy from network:ldap:OpenLDAP:RE24/openldap2 via accept of submit request 43806 revision 69.
Request was accepted with message:
Reviewed ok

OBS-URL: https://build.opensuse.org/request/show/43806
OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=41
---
 openldap2.dif => 0001-build-adjustments.dif   |  40 ++--
 slapd_conf.dif => 0002-slapd.conf.dif         |  25 ++-
 0003-LDAPI-socket-location.dif                |  24 +++
 0004-libldap-use-gethostbyname_r.dif          |  33 +++
 pie-compile.dif => 0005-pie-compile.dif       | 193 +++++++++---------
 ...d-fixes-for-back-config-DELETE-support.dif |  23 ++-
 Syncprov-might-lose-deletes-ITS-6555.dif      |  38 ----
 ldapi_url.dif                                 |  11 -
 openldap-2.4.21.tar.bz2                       |   3 -
 openldap-2.4.23.tar.bz2                       |   3 +
 openldap2-client.changes                      | 102 +++++++++
 openldap2-client.spec                         |  95 +++++----
 openldap2.changes                             | 102 +++++++++
 openldap2.spec                                |  91 +++++----
 slapd-back-hdb-fortify.dif                    |  13 --
 slapd-modrdn-crash-ITS-6570.dif               | 100 ---------
 16 files changed, 534 insertions(+), 362 deletions(-)
 rename openldap2.dif => 0001-build-adjustments.dif (50%)
 rename slapd_conf.dif => 0002-slapd.conf.dif (80%)
 create mode 100644 0003-LDAPI-socket-location.dif
 create mode 100644 0004-libldap-use-gethostbyname_r.dif
 rename pie-compile.dif => 0005-pie-compile.dif (53%)
 rename slapd-bconfig-del-db.dif => 0006-assorted-fixes-for-back-config-DELETE-support.dif (66%)
 delete mode 100644 Syncprov-might-lose-deletes-ITS-6555.dif
 delete mode 100644 ldapi_url.dif
 delete mode 100644 openldap-2.4.21.tar.bz2
 create mode 100644 openldap-2.4.23.tar.bz2
 delete mode 100644 slapd-back-hdb-fortify.dif
 delete mode 100644 slapd-modrdn-crash-ITS-6570.dif

diff --git a/openldap2.dif b/0001-build-adjustments.dif
similarity index 50%
rename from openldap2.dif
rename to 0001-build-adjustments.dif
index 44faf27..5f71315 100644
--- a/openldap2.dif
+++ b/0001-build-adjustments.dif
@@ -1,8 +1,19 @@
-Index: build/top.mk
-===================================================================
---- build/top.mk.orig
-+++ build/top.mk
-@@ -39,7 +39,7 @@ libdir = @libdir@
+From 2a6dda988ea0b14931427cce835e8a6da5c3488e Mon Sep 17 00:00:00 2001
+From: Ralf Haferkamp <rhafer@suse.de>
+Date: Wed, 16 Jun 2010 14:04:07 +0200
+Subject: build-adjustments
+
+- Don't strip binaries
+- Adjusted modules path
+- don't use automake macro
+
+ 2 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/build/top.mk b/build/top.mk
+index 0794173..eb4c825 100644
+--- a/build/top.mk
++++ b/build/top.mk
+@@ -40,7 +40,7 @@ libdir = @libdir@
  libexecdir = @libexecdir@
  localstatedir = @localstatedir@
  mandir = @mandir@
@@ -11,19 +22,10 @@ Index: build/top.mk
  sbindir = @sbindir@
  sharedstatedir = @sharedstatedir@
  sysconfdir = @sysconfdir@$(ldap_subdir)
-@@ -58,7 +58,7 @@ INSTALL_PROGRAM = $(INSTALL)
- INSTALL_DATA = $(INSTALL) -m 644
- INSTALL_SCRIPT = $(INSTALL)
- 
--STRIP = -s
-+#STRIP = -s
- 
- LINT = lint
- 5LINT = 5lint
-Index: configure.in
-===================================================================
---- configure.in.orig
-+++ configure.in
+diff --git a/configure.in b/configure.in
+index ba05a5a..e658b81 100644
+--- a/configure.in
++++ b/configure.in
 @@ -67,7 +67,9 @@ dnl Determine host platform
  dnl		we try not to use this for much
  AC_CANONICAL_TARGET([])
@@ -35,4 +37,6 @@ Index: configure.in
  AC_SUBST(PACKAGE)dnl
  AC_SUBST(VERSION)dnl
  AC_DEFINE_UNQUOTED(OPENLDAP_PACKAGE,"$PACKAGE",Package)
+-- 
+1.7.1
 
diff --git a/slapd_conf.dif b/0002-slapd.conf.dif
similarity index 80%
rename from slapd_conf.dif
rename to 0002-slapd.conf.dif
index 5f22516..70adde1 100644
--- a/slapd_conf.dif
+++ b/0002-slapd.conf.dif
@@ -1,5 +1,15 @@
---- servers/slapd/slapd.conf	2007/02/21 16:27:01	1.1
-+++ servers/slapd/slapd.conf	2007/02/21 16:29:20
+From d9c1061b77eec147e6d1df8b466d4b17b89e6890 Mon Sep 17 00:00:00 2001
+From: Ralf Haferkamp <rhafer@suse.de>
+Date: Wed, 16 Jun 2010 14:05:49 +0200
+Subject: slapd.conf
+
+
+ 1 files changed, 33 insertions(+), 17 deletions(-)
+
+diff --git a/servers/slapd/slapd.conf b/servers/slapd/slapd.conf
+index 4938b85..9caf292 100644
+--- a/servers/slapd/slapd.conf
++++ b/servers/slapd/slapd.conf
 @@ -3,6 +3,10 @@
  # This file should NOT be world readable.
  #
@@ -11,7 +21,7 @@
  
  # Define global ACLs to disable default read access.
  
-@@ -10,8 +14,8 @@
+@@ -10,8 +14,8 @@ include		%SYSCONFDIR%/schema/core.schema
  # service AND an understanding of referrals.
  #referral	ldap://root.openldap.org
  
@@ -22,7 +32,7 @@
  
  # Load dynamic backend modules:
  # modulepath	%MODULEDIR%
-@@ -26,20 +30,30 @@
+@@ -26,20 +30,30 @@ argsfile	%LOCALSTATEDIR%/run/slapd.args
  # security ssf=1 update_ssf=112 simple_bind=64
  
  # Sample access control policy:
@@ -67,7 +77,7 @@
  # if no access controls are present, the default policy
  # allows anyone and everyone to read anything but restricts
  # updates to rootdn.  (e.g., "access to * by * read")
-@@ -52,6 +66,8 @@
+@@ -52,6 +66,8 @@ argsfile	%LOCALSTATEDIR%/run/slapd.args
  
  database	bdb
  suffix		"dc=my-domain,dc=com"
@@ -76,7 +86,7 @@
  rootdn		"cn=Manager,dc=my-domain,dc=com"
  # Cleartext passwords, especially for the rootdn, should
  # be avoid.  See slappasswd(8) and slapd.conf(5) for details.
-@@ -60,6 +76,6 @@
+@@ -60,6 +76,6 @@ rootpw		secret
  # The database directory MUST exist prior to running slapd AND 
  # should only be accessible by the slapd and slap tools.
  # Mode 700 recommended.
@@ -84,3 +94,6 @@
 +directory	/var/lib/ldap
  # Indices to maintain
  index	objectClass	eq
+-- 
+1.7.1
+
diff --git a/0003-LDAPI-socket-location.dif b/0003-LDAPI-socket-location.dif
new file mode 100644
index 0000000..1e4a3d6
--- /dev/null
+++ b/0003-LDAPI-socket-location.dif
@@ -0,0 +1,24 @@
+From 82e121e47976ba0058733976b1c5428a6ee33c31 Mon Sep 17 00:00:00 2001
+From: Ralf Haferkamp <rhafer@suse.de>
+Date: Wed, 16 Jun 2010 14:06:42 +0200
+Subject: LDAPI socket location
+
+
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/include/ldap_defaults.h b/include/ldap_defaults.h
+index 3e0d4b2..5235339 100644
+--- a/include/ldap_defaults.h
++++ b/include/ldap_defaults.h
+@@ -39,7 +39,7 @@
+ #define LDAP_ENV_PREFIX "LDAP"
+ 
+ /* default ldapi:// socket */
+-#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "run" LDAP_DIRSEP "ldapi"
++#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "ldapi"
+ 
+ /*
+  * SLAPD DEFINITIONS
+-- 
+1.7.1
+
diff --git a/0004-libldap-use-gethostbyname_r.dif b/0004-libldap-use-gethostbyname_r.dif
new file mode 100644
index 0000000..d93e054
--- /dev/null
+++ b/0004-libldap-use-gethostbyname_r.dif
@@ -0,0 +1,33 @@
+From 21d21f0d9aed8876722748ef8ba92f75dbcdc771 Mon Sep 17 00:00:00 2001
+From: Ralf Haferkamp <rhafer@suse.de>
+Date: Wed, 16 Jun 2010 14:08:03 +0200
+Subject: libldap use gethostbyname_r
+
+
+ 1 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libraries/libldap/util-int.c b/libraries/libldap/util-int.c
+index 0704f9a..50a3389 100644
+--- a/libraries/libldap/util-int.c
++++ b/libraries/libldap/util-int.c
+@@ -52,7 +52,7 @@ extern int h_errno;
+ #ifndef LDAP_R_COMPILE
+ # undef HAVE_REENTRANT_FUNCTIONS
+ # undef HAVE_CTIME_R
+-# undef HAVE_GETHOSTBYNAME_R
++/* # undef HAVE_GETHOSTBYNAME_R */
+ # undef HAVE_GETHOSTBYADDR_R
+ 
+ #else
+@@ -330,7 +330,7 @@ ldap_pvt_csnstr(char *buf, size_t len, unsigned int replica, unsigned int mod)
+ #define BUFSTART (1024-32)
+ #define BUFMAX (32*1024-32)
+ 
+-#if defined(LDAP_R_COMPILE)
++#if defined(LDAP_R_COMPILE) || defined(HAVE_GETHOSTBYNAME_R)
+ static char *safe_realloc( char **buf, int len );
+ 
+ #if !(defined(HAVE_GETHOSTBYNAME_R) && defined(HAVE_GETHOSTBYADDR_R))
+-- 
+1.7.1
+
diff --git a/pie-compile.dif b/0005-pie-compile.dif
similarity index 53%
rename from pie-compile.dif
rename to 0005-pie-compile.dif
index 0cede92..8da876d 100644
--- a/pie-compile.dif
+++ b/0005-pie-compile.dif
@@ -1,8 +1,16 @@
-Index: build/top.mk
-===================================================================
---- build/top.mk.orig
-+++ build/top.mk
-@@ -178,9 +178,9 @@ SLAPD_L = $(LDAP_LIBLUNICODE_A) $(LDAP_L
+From c73e8eb5d25f22ffb1203a38becbe88da4fc9116 Mon Sep 17 00:00:00 2001
+From: Ralf Haferkamp <rhafer@suse.de>
+Date: Wed, 16 Jun 2010 14:08:30 +0200
+Subject: pie compile
+
+
+ 12 files changed, 35 insertions(+), 2 deletions(-)
+
+diff --git a/build/top.mk b/build/top.mk
+index eb4c825..4cb3da8 100644
+--- a/build/top.mk
++++ b/build/top.mk
+@@ -178,9 +178,9 @@ SLAPD_L = $(LDAP_LIBLUNICODE_A) $(LDAP_LIBREWRITE_A) \
  WRAP_LIBS = @WRAP_LIBS@
  # AutoConfig generated 
  AC_CC	= @CC@
@@ -14,11 +22,11 @@ Index: build/top.mk
  AC_LIBS = @LIBS@
  
  KRB4_LIBS = @KRB4_LIBS@
-Index: libraries/liblunicode/Makefile.in
-===================================================================
---- libraries/liblunicode/Makefile.in.orig
-+++ libraries/liblunicode/Makefile.in
-@@ -35,6 +35,9 @@ $(XXDIR)/uctable.h: $(XXDIR)/ucgendat.c
+diff --git a/libraries/liblunicode/Makefile.in b/libraries/liblunicode/Makefile.in
+index 5348baa..7332d4e 100644
+--- a/libraries/liblunicode/Makefile.in
++++ b/libraries/liblunicode/Makefile.in
+@@ -35,6 +35,9 @@ $(XXDIR)/uctable.h: $(XXDIR)/ucgendat.c $(srcdir)/UnicodeData.txt $(srcdir)/Comp
  	$(MAKE) ucgendat
  	./ucgendat $(srcdir)/UnicodeData.txt -x $(srcdir)/CompositionExclusions.txt
  
@@ -28,10 +36,10 @@ Index: libraries/liblunicode/Makefile.in
  ucgendat: $(XLIBS) ucgendat.o
  	$(LTLINK) -o $@ ucgendat.o $(LIBS)
  
-Index: libraries/liblutil/Makefile.in
-===================================================================
---- libraries/liblutil/Makefile.in.orig
-+++ libraries/liblutil/Makefile.in
+diff --git a/libraries/liblutil/Makefile.in b/libraries/liblutil/Makefile.in
+index b527966..a04e18e 100644
+--- a/libraries/liblutil/Makefile.in
++++ b/libraries/liblutil/Makefile.in
 @@ -19,6 +19,9 @@ PROGRAM = testavl
  LDAP_INCDIR= ../../include       
  LDAP_LIBDIR= ../../libraries
@@ -42,11 +50,25 @@ Index: libraries/liblutil/Makefile.in
  NT_SRCS = ntservice.c
  NT_OBJS = ntservice.o slapdmsg.res
  
-Index: servers/slapd/Makefile.in
-===================================================================
---- servers/slapd/Makefile.in.orig
-+++ servers/slapd/Makefile.in
-@@ -69,6 +69,9 @@ SLAPD_DYNAMIC_BACKENDS=@SLAPD_DYNAMIC_BA
+diff --git a/libraries/librewrite/Makefile.in b/libraries/librewrite/Makefile.in
+index 72678c1..a4e0bcc 100644
+--- a/libraries/librewrite/Makefile.in
++++ b/libraries/librewrite/Makefile.in
+@@ -26,6 +26,9 @@ OBJS = config.o context.o info.o ldapmap.o map.o params.o rule.o \
+ LDAP_INCDIR= ../../include       
+ LDAP_LIBDIR= ../../libraries
+ 
++PIE_CFLAGS="-fPIE"
++PIE_LDFLAGS="-pie"
++
+ LIBRARY = librewrite.a
+ PROGRAMS	= rewrite
+ XLIBS = $(LIBRARY) $(LDAP_LIBLUTIL_A) \
+diff --git a/servers/slapd/Makefile.in b/servers/slapd/Makefile.in
+index c170d79..23a18eb 100644
+--- a/servers/slapd/Makefile.in
++++ b/servers/slapd/Makefile.in
+@@ -69,6 +69,9 @@ SLAPD_DYNAMIC_BACKENDS=@SLAPD_DYNAMIC_BACKENDS@
  
  SLAPI_LIBS=@LIBSLAPI@ @SLAPI_LIBS@
  
@@ -56,10 +78,10 @@ Index: servers/slapd/Makefile.in
  XDEFS = $(MODULES_CPPFLAGS)
  XLDFLAGS = $(MODULES_LDFLAGS)
  
-Index: servers/slapd/back-bdb/Makefile.in
-===================================================================
---- servers/slapd/back-bdb/Makefile.in.orig
-+++ servers/slapd/back-bdb/Makefile.in
+diff --git a/servers/slapd/back-bdb/Makefile.in b/servers/slapd/back-bdb/Makefile.in
+index f44dab2..d919931 100644
+--- a/servers/slapd/back-bdb/Makefile.in
++++ b/servers/slapd/back-bdb/Makefile.in
 @@ -37,6 +37,9 @@ mod_DEFS = -DSLAPD_IMPORT
  MOD_DEFS = $(@BUILD_BDB@_DEFS)
  MOD_LIBS = $(BDB_LIBS)
@@ -70,10 +92,10 @@ Index: servers/slapd/back-bdb/Makefile.in
  shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
  NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
  UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
-Index: servers/slapd/back-hdb/Makefile.in
-===================================================================
---- servers/slapd/back-hdb/Makefile.in.orig
-+++ servers/slapd/back-hdb/Makefile.in
+diff --git a/servers/slapd/back-hdb/Makefile.in b/servers/slapd/back-hdb/Makefile.in
+index 5d8381c..a80d8c0 100644
+--- a/servers/slapd/back-hdb/Makefile.in
++++ b/servers/slapd/back-hdb/Makefile.in
 @@ -41,6 +41,9 @@ mod_DEFS = -DSLAPD_IMPORT
  MOD_DEFS = $(@BUILD_HDB@_DEFS)
  MOD_LIBS = $(BDB_LIBS)
@@ -84,66 +106,10 @@ Index: servers/slapd/back-hdb/Makefile.in
  shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
  NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
  UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
-Index: servers/slapd/overlays/Makefile.in
-===================================================================
---- servers/slapd/overlays/Makefile.in.orig
-+++ servers/slapd/overlays/Makefile.in
-@@ -45,6 +45,9 @@ LTONLY_MOD = $(LTONLY_mod)
- LDAP_INCDIR= ../../../include       
- LDAP_LIBDIR= ../../../libraries
- 
-+PIE_CFLAGS="-fPIE"
-+PIE_LDFLAGS="-pie"
-+
- MOD_DEFS = -DSLAPD_IMPORT
- 
- shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
-Index: servers/slapd/back-relay/Makefile.in
-===================================================================
---- servers/slapd/back-relay/Makefile.in.orig
-+++ servers/slapd/back-relay/Makefile.in
-@@ -25,6 +25,9 @@ BUILD_MOD = @BUILD_RELAY@
- mod_DEFS = -DSLAPD_IMPORT
- MOD_DEFS = $(@BUILD_RELAY@_DEFS)
- 
-+PIE_CFLAGS="-fPIE"
-+PIE_LDFLAGS="-pie"
-+
- shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
- NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) $(REWRITE)
- UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) $(REWRITE)
-Index: servers/slapd/back-ldif/Makefile.in
-===================================================================
---- servers/slapd/back-ldif/Makefile.in.orig
-+++ servers/slapd/back-ldif/Makefile.in
-@@ -25,6 +25,9 @@ BUILD_MOD = yes
- mod_DEFS = -DSLAPD_IMPORT
- MOD_DEFS = $(yes_DEFS)
- 
-+PIE_CFLAGS="-fPIE"
-+PIE_LDFLAGS="-pie"
-+
- shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
- NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
- UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
-Index: libraries/librewrite/Makefile.in
-===================================================================
---- libraries/librewrite/Makefile.in.orig
-+++ libraries/librewrite/Makefile.in
-@@ -26,6 +26,9 @@ OBJS = config.o context.o info.o ldapmap
- LDAP_INCDIR= ../../include       
- LDAP_LIBDIR= ../../libraries
- 
-+PIE_CFLAGS="-fPIE"
-+PIE_LDFLAGS="-pie"
-+
- LIBRARY = librewrite.a
- PROGRAMS	= rewrite
- XLIBS = $(LIBRARY) $(LDAP_LIBLUTIL_A) \
-Index: servers/slapd/back-ldap/Makefile.in
-===================================================================
---- servers/slapd/back-ldap/Makefile.in.orig
-+++ servers/slapd/back-ldap/Makefile.in
+diff --git a/servers/slapd/back-ldap/Makefile.in b/servers/slapd/back-ldap/Makefile.in
+index 64a4af8..51495d5 100644
+--- a/servers/slapd/back-ldap/Makefile.in
++++ b/servers/slapd/back-ldap/Makefile.in
 @@ -29,6 +29,9 @@ BUILD_MOD = @BUILD_LDAP@
  mod_DEFS = -DSLAPD_IMPORT
  MOD_DEFS = $(@BUILD_LDAP@_DEFS)
@@ -154,10 +120,24 @@ Index: servers/slapd/back-ldap/Makefile.in
  shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
  NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
  UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
-Index: servers/slapd/back-monitor/Makefile.in
-===================================================================
---- servers/slapd/back-monitor/Makefile.in.orig
-+++ servers/slapd/back-monitor/Makefile.in
+diff --git a/servers/slapd/back-ldif/Makefile.in b/servers/slapd/back-ldif/Makefile.in
+index 29450ae..c47641f 100644
+--- a/servers/slapd/back-ldif/Makefile.in
++++ b/servers/slapd/back-ldif/Makefile.in
+@@ -25,6 +25,9 @@ BUILD_MOD = yes
+ mod_DEFS = -DSLAPD_IMPORT
+ MOD_DEFS = $(yes_DEFS)
+ 
++PIE_CFLAGS="-fPIE"
++PIE_LDFLAGS="-pie"
++
+ shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
+ NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
+ UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
+diff --git a/servers/slapd/back-monitor/Makefile.in b/servers/slapd/back-monitor/Makefile.in
+index 6005b2d..a8f45a7 100644
+--- a/servers/slapd/back-monitor/Makefile.in
++++ b/servers/slapd/back-monitor/Makefile.in
 @@ -33,6 +33,9 @@ BUILD_MOD = @BUILD_MONITOR@
  mod_DEFS = -DSLAPD_IMPORT
  MOD_DEFS = $(@BUILD_MONITOR@_DEFS)
@@ -168,3 +148,34 @@ Index: servers/slapd/back-monitor/Makefile.in
  shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
  NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
  UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
+diff --git a/servers/slapd/back-relay/Makefile.in b/servers/slapd/back-relay/Makefile.in
+index a408f34..518c7e5 100644
+--- a/servers/slapd/back-relay/Makefile.in
++++ b/servers/slapd/back-relay/Makefile.in
+@@ -25,6 +25,9 @@ BUILD_MOD = @BUILD_RELAY@
+ mod_DEFS = -DSLAPD_IMPORT
+ MOD_DEFS = $(@BUILD_RELAY@_DEFS)
+ 
++PIE_CFLAGS="-fPIE"
++PIE_LDFLAGS="-pie"
++
+ shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
+ NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) $(REWRITE)
+ UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) $(REWRITE)
+diff --git a/servers/slapd/overlays/Makefile.in b/servers/slapd/overlays/Makefile.in
+index 0b7ce5c..7a48574 100644
+--- a/servers/slapd/overlays/Makefile.in
++++ b/servers/slapd/overlays/Makefile.in
+@@ -46,6 +46,9 @@ LTONLY_MOD = $(LTONLY_mod)
+ LDAP_INCDIR= ../../../include       
+ LDAP_LIBDIR= ../../../libraries
+ 
++PIE_CFLAGS="-fPIE"
++PIE_LDFLAGS="-pie"
++
+ MOD_DEFS = -DSLAPD_IMPORT
+ 
+ shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
+-- 
+1.7.1
+
diff --git a/slapd-bconfig-del-db.dif b/0006-assorted-fixes-for-back-config-DELETE-support.dif
similarity index 66%
rename from slapd-bconfig-del-db.dif
rename to 0006-assorted-fixes-for-back-config-DELETE-support.dif
index 620232b..44f9946 100644
--- a/slapd-bconfig-del-db.dif
+++ b/0006-assorted-fixes-for-back-config-DELETE-support.dif
@@ -1,8 +1,16 @@
-Index: servers/slapd/bconfig.c
-===================================================================
---- servers/slapd/bconfig.c.orig
-+++ servers/slapd/bconfig.c
-@@ -5492,13 +5492,26 @@ config_back_delete( Operation *op, SlapR
+From a998fdc90747f222d261e714ea7e757ad0345f56 Mon Sep 17 00:00:00 2001
+From: Ralf Haferkamp <rhafer@suse.de>
+Date: Wed, 16 Jun 2010 14:08:56 +0200
+Subject: assorted fixes for back-config DELETE support
+
+
+ 1 files changed, 16 insertions(+), 2 deletions(-)
+
+diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c
+index 8626f21..4ec085f 100644
+--- a/servers/slapd/bconfig.c
++++ b/servers/slapd/bconfig.c
+@@ -5924,13 +5924,26 @@ config_back_delete( Operation *op, SlapReply *rs )
  		rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
  	} else if ( op->o_abandon ) {
  		rs->sr_err = SLAPD_ABANDON;
@@ -31,7 +39,7 @@ Index: servers/slapd/bconfig.c
  
  		/* remove CfEntryInfo from the siblings list */
  		if ( ce->ce_parent->ce_kids == ce ) {
-@@ -5560,6 +5573,7 @@ config_back_delete( Operation *op, SlapR
+@@ -5992,6 +6005,7 @@ config_back_delete( Operation *op, SlapReply *rs )
  #else
  	rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
  #endif /* SLAP_CONFIG_DELETE */
@@ -39,3 +47,6 @@ Index: servers/slapd/bconfig.c
  	send_ldap_result( op, rs );
  	return rs->sr_err;
  }
+-- 
+1.7.1
+
diff --git a/Syncprov-might-lose-deletes-ITS-6555.dif b/Syncprov-might-lose-deletes-ITS-6555.dif
deleted file mode 100644
index 9e0bd94..0000000
--- a/Syncprov-might-lose-deletes-ITS-6555.dif
+++ /dev/null
@@ -1,38 +0,0 @@
-From e32aa64d19840a3b76da532d200fa1cb733e0672 Mon Sep 17 00:00:00 2001
-From: ralf <ralf>
-Date: Thu, 20 May 2010 15:08:28 +0000
-Subject: Syncprov might lose deletes (ITS#6555)
-
-During the refresh phase the sync filter needs to be adjusted (skipping
-the "(entrycsn>=cookie)" part that was inserted) when checking whether a
-change needs to be replicated, otherwise we lose DELETES that happen during
-the refresh phase.
-
-bnc#606294
-
- 1 files changed, 9 insertions(+), 1 deletions(-)
-
-diff --git a/servers/slapd/overlays/syncprov.c b/servers/slapd/overlays/syncprov.c
-index 675568e..030edf5 100644
---- a/servers/slapd/overlays/syncprov.c
-+++ b/servers/slapd/overlays/syncprov.c
-@@ -1301,7 +1301,15 @@ syncprov_matchops( Operation *op, opcookie *opc, int saveit )
- 			op2.o_hdr = &oh;
- 			op2.o_extra = op->o_extra;
- 			op2.o_callback = NULL;
--			rc = test_filter( &op2, e, ss->s_op->ors_filter );
-+			ldap_pvt_thread_mutex_lock( &ss->s_mutex );
-+			if (ss->s_flags & PS_FIX_FILTER) {
-+				/* Skip the AND/GE clause that we stuck on in front. We
-+				   would lose deletes/mods that happen during the refresh
-+				   phase otherwise (ITS#6555) */
-+				op2.ors_filter = ss->s_op->ors_filter->f_and->f_next;
-+			}
-+			ldap_pvt_thread_mutex_unlock( &ss->s_mutex );
-+			rc = test_filter( &op2, e, op2.ors_filter );
- 		}
- 
- 		Debug( LDAP_DEBUG_TRACE, "syncprov_matchops: sid %03x fscope %d rc %d\n",
--- 
-1.7.0.3
-
diff --git a/ldapi_url.dif b/ldapi_url.dif
deleted file mode 100644
index b8eb3f9..0000000
--- a/ldapi_url.dif
+++ /dev/null
@@ -1,11 +0,0 @@
---- include/ldap_defaults.h	2004/04/14 14:13:27	1.1
-+++ include/ldap_defaults.h	2004/04/14 14:14:01
-@@ -39,7 +39,7 @@
- #define LDAP_ENV_PREFIX "LDAP"
- 
- /* default ldapi:// socket */
--#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "run" LDAP_DIRSEP "ldapi"
-+#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "ldapi"
- 
- /*
-  * SLAPD DEFINITIONS
diff --git a/openldap-2.4.21.tar.bz2 b/openldap-2.4.21.tar.bz2
deleted file mode 100644
index ef5bbfc..0000000
--- a/openldap-2.4.21.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:7140bb913a95765134daf5ee17254d938f54c981790d328e6cd3ca7ad6cea915
-size 4421498
diff --git a/openldap-2.4.23.tar.bz2 b/openldap-2.4.23.tar.bz2
new file mode 100644
index 0000000..1ab37f7
--- /dev/null
+++ b/openldap-2.4.23.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:56349b44f6219fa305e9ebaffd6f2c2c57e3229a1f1c850f6fc5f6ba4e06c03a
+size 4223407
diff --git a/openldap2-client.changes b/openldap2-client.changes
index 58841dd..ba2e760 100644
--- a/openldap2-client.changes
+++ b/openldap2-client.changes
@@ -1,3 +1,32 @@
+-------------------------------------------------------------------
+Fri Jul 23 07:49:40 UTC 2010 - rhafer@novell.com
+
+- Fixed RPM Group and Summary Tags (bnc#624980)
+
+-------------------------------------------------------------------
+Thu Jul  1 13:02:13 UTC 2010 - rhafer@novell.com
+
+- Updated to 2.4.23:
+ * Fixed libldap to return server's error code (ITS#6569)
+ * Fixed libldap memleaks (ITS#6568)
+ * Fixed liblutil off-by-one with delta (ITS#6541)
+ * Fixed slapd acls with glued databases (ITS#6468)
+ * Fixed slapd syncrepl rid logging (ITS#6533)
+ * Fixed slapd modrdn handling of invalid values (bnc#612430, 
+   ITS#6570)
+ * Fixed slapd-bdb hasSubordinates computation (ITS#6549)
+ * Fixed slapd-bdb to use memcpy instead for strcpy (ITS#6474)
+ * Fixed slapd-bdb entry cache delete failure (ITS#6577)
+ * Fixed slapd-ldap to return control responses (ITS#6530)
+ * Fixed slapo-ppolicy to use Debug (ITS#6566)
+ * Fixed slapo-refint to zero out freed DN vals (ITS#6572)
+ * Fixed slapo-rwm to use Debug (ITS#6566)
+ * Fixed slapo-sssvlv to use Debug (ITS#6566)
+ * Fixed slapo-syncprov lost deletes in refresh phase (bnc#606294,
+   ITS#6555)
+ * Fixed slapo-valsort to use Debug (ITS#6566)
+ * Fixed contrib/nssov network.c missing patch (ITS#6562)
+
 -------------------------------------------------------------------
 Thu Jul  1 12:48:18 UTC 2010 - rhafer@novell.com
 
@@ -7,12 +36,85 @@ Thu Jul  1 12:48:18 UTC 2010 - rhafer@novell.com
   "refreshAndPersist" replication failed to replicate under
   certain circumstances (bnc#606294, ITS#6555) 
 
+-------------------------------------------------------------------
+Thu Jun 17 15:53:49 UTC 2010 - rhafer@novell.com
+
+- New subpackage openldap2-back-sql. Contains the SQL backend 
+  module plus some documentation (bnc#395719)
+
+-------------------------------------------------------------------
+Thu Jun 17 13:02:40 UTC 2010 - rhafer@novell.com
+
+- generate Patches from git tree (resulted in all patches being
+  renamed)
+- installing binaries without stripping them is done by setting
+  the STRIP enviroment variable instead for patching the Makefile
+  now
+- Fixed a bug in the syncprov overlay which could lead to not
+  replicate delete Operations (ITS#6555, bnc#606294)
+
 -------------------------------------------------------------------
 Mon May 10 13:35:59 UTC 2010 - rhafer@novell.com
 
 - Create /var/run/slapd on demand. /var/run might be mounted on 
   tmpfs.
 
+-------------------------------------------------------------------
+Wed Apr 28 11:17:06 UTC 2010 - rhafer@novell.com
+
+- BuildRequires cleanup
+
+-------------------------------------------------------------------
+Mon Apr 26 15:14:17 UTC 2010 - rhafer@novell.com
+
+- Updated to 2.4.22:
+  * Added slapd SLAP_SCHEMA_EXPOSE flag for hidden schema elements 
+    (ITS#6435)
+  * Added slapd tools selective iterations (ITS#6442)
+  * Added slapd syncrepl TCP keepalive (ITS#6389)
+  * Added slapo-ldap idassert-passthru (ITS#6456)
+  * Added slapo-pbind
+  * Fixed libldap gmtime re-entrancy (ITS#6262)
+  * Fixed libldap gssapi off by one error (ITS#6223)
+  * Fixed libldap referral on bind behavior(ITS#6510)
+  * Fixed slapd acl non-entry internal searches (ITS#6481)
+  * Fixed slapd acl attrval style initialization (ITS#6520)
+  * Fixed slapd certificateListValidate (ITS#6466)
+  * Fixed slapd empty URI parsing (ITS#6465)
+  * Fixed slapd glued misplaced entries (ITS#6506)
+  * Fixed slapd glued paged cookies (ITS#6507)
+  * Fixed slapd glued paged results (ITS#6504)
+  * Fixed slapd gmtime re-entrancy (ITS#6262)
+  * Fixed slapd to ignore controls with unrecognized flag
+    (ITS#6480)
+  * Fixed slapd entry ownership (ITS#5340)
+  * Fixed slapd sasl auxprop_lookup (ITS#6441)
+  * Fixed slapd sasl auxprop ssf (ITS#5195)
+  * Fixed slapd syncrepl for attributes with no matching rule
+    (ITS#6458)
+  * Fixed slapd syncrepl for unknown attrs and delta-sync
+    (ITS#6473)
+  * Fixed slapd syncrep loop with moddn (ITS#6472)
+  * Fixed slapo-accesslog to not replicate internal purges
+    (ITS#6519)
+  * Fixed slapd-bdb contextCSN updates from updatedn (ITS#6469)
+  * Fixed slapd-bdb lockobj zeroing (ITS#6501)
+  * Fixed slapd-ldap/meta control criticality (ITS#6523)
+  * Fixed slapd-ldap/meta with ordered values (ITS#6516)
+  * Fixed slapo-collect entry ownership (ITS#5340,ITS#6423)
+  * Fixed slapo-dds with NULL backend (ITS#6490)
+  * Fixed slapo-dynlist entry ownership (ITS#5340,ITS#6423)
+  * Fixed slapo-memberof attr count (ITS#6508)
+  * Fixed slapo-pcache to release its own entries (ITS#6484)
+  * Fixed slapo-pcache with NULL backend (ITS#6490)
+  * Fixed slapo-rwm entry release handling (ITS#6484)
+  * Fixed slapo-rwm memory handling with rewrites (ITS#6526)
+  * Fixed slapo-rwm olcRwmMap handling (ITS#6436)
+  * Fixed slapo-rwm entry ownership (ITS#5340,ITS#6423)
+  * Fixed slapo-syncprov memory leak (ITS#6459)
+  * Fixed slapo-translucent counter increment (ITS#6497)
+  * Fixed slapo-valsort entry ownership (ITS#5340,ITS#6423)
+
 -------------------------------------------------------------------
 Thu Apr 15 08:18:49 UTC 2010 - adrian@suse.de
 
diff --git a/openldap2-client.spec b/openldap2-client.spec
index 51137f4..cd58ff2 100644
--- a/openldap2-client.spec
+++ b/openldap2-client.spec
@@ -1,5 +1,5 @@
 #
-# spec file for package openldap2-client (Version 2.4.21)
+# spec file for package openldap2 (Version 2.4.21)
 #
 # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
@@ -19,25 +19,25 @@
 
 %define run_test_suite 1
 
-Name:           openldap2-client
-BuildRequires:  cyrus-sasl-devel db-devel libopenssl-devel tcpd-devel
-%if %sles_version == 9
-BuildRequires:  -db-devel -libopenssl-devel -pwdutils libdb-4_5-devel openssl-devel
+Name:         openldap2-client
+BuildRequires:  cyrus-sasl-devel libopenssl-devel
+%if %sles_version == 9 || %sles_version == 10
+BuildRequires:  -libopenssl-devel -pwdutils openssl-devel
 %endif
-%if %sles_version == 10
-BuildRequires:  -db-devel -libopenssl-devel -pwdutils libdb-4_5-devel openssl-devel
-%endif
-Version:        2.4.21
-Release:        6
+Version:        2.4.23
+Release:        4
 Url:            http://www.openldap.org
 License:        BSD3c(or similar) ; openldap 2.8
 %if "%{name}" == "openldap2"
-BuildRequires:  openslp-devel
-Group:          Productivity/Networking/LDAP/Clients
+BuildRequires:  unixODBC-devel openslp-devel db-devel tcpd-devel
+%if %sles_version == 9 || %sles_version == 10
+BuildRequires:  -db-devel libdb-4_5-devel
+%endif
+Group:          Productivity/Networking/LDAP/Servers
 Conflicts:      openldap
 Requires:       libldap-2_4-2 = %{version}
 PreReq:         %insserv_prereq %fillup_prereq /usr/sbin/useradd /usr/sbin/groupadd /usr/bin/grep
-Summary:        The OpenLDAP commandline client tools 
+Summary:        The OpenLDAP Server
 %else
 Group:          Productivity/Networking/LDAP/Clients
 Conflicts:      openldap-client
@@ -53,15 +53,12 @@ Source4:        sasl-slapd.conf
 Source5:        README.update
 Source6:        schema2ldif
 Source100:      openldap-2.3.37.tar.bz2
-Patch1:         openldap2.dif
-Patch2:         slapd_conf.dif
-Patch4:         ldapi_url.dif
-Patch5:         slapd-back-hdb-fortify.dif
-Patch6:         libldap-gethostbyname_r.dif
-Patch7:         pie-compile.dif
-Patch11:        slapd-bconfig-del-db.dif
-Patch12:        Syncprov-might-lose-deletes-ITS-6555.dif
-Patch13:        slapd-modrdn-crash-ITS-6570.dif
+Patch1:         0001-build-adjustments.dif
+Patch2:         0002-slapd.conf.dif
+Patch3:         0003-LDAPI-socket-location.dif
+Patch4:         0004-libldap-use-gethostbyname_r.dif
+Patch5:         0005-pie-compile.dif
+Patch6:         0006-assorted-fixes-for-back-config-DELETE-support.dif
 Patch100:       openldap-2.3.37.dif
 Patch200:       slapd_getaddrinfo_dupl.dif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
@@ -116,6 +113,21 @@ Authors:
 --------
     The OpenLDAP Project <project@openldap.org>
 
+%package      -n openldap2-back-sql
+License:        BSD3c(or similar)
+Summary:        OpenLDAP SQL Back-End
+Requires:       openldap2 = %{version}
+AutoReqProv:    on
+Group:          Productivity/Networking/LDAP/Servers
+
+%description -n openldap2-back-sql
+The primary purpose of this OpenLDAP backend is to present information
+stored in a Relational (SQL) Database as an LDAP subtree without the need
+to do any programming.
+
+Authors:
+--------
+    The OpenLDAP Project <project@openldap.org>
 %else
 
 %description
@@ -173,17 +185,14 @@ Authors:
 
 %prep
 %setup -q -n openldap-%{version} -a1 -a2 -b100
-%patch1
-%patch2
-%patch4
-%patch5
-%patch6
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
 %if %suse_version > 920
-%patch7
+%patch5 -p1
 %endif
-%patch11
-%patch12 -p1
-%patch13 -p1
+%patch6 -p1
 %if %suse_version == 1100
 %patch200 -p1
 %endif
@@ -196,13 +205,10 @@ cd ../openldap-2.3.37
 libtoolize --force
 autoreconf
 export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -DLDAP_DEPRECATED -DLDAP_CONNECTIONLESS -DSLAP_CONFIG_DELETE"
-./configure --prefix=/usr \
-        --exec-prefix=/usr \
-        --sysconfdir=%{_sysconfdir} \
+export STRIP=""
+%configure \
         --localstatedir=/var/run/slapd \
         --libexecdir=/usr/lib/openldap \
-        --libdir=%{_libdir} \
-        --mandir=%{_mandir} \
         --enable-wrappers \
         --enable-aclgroups \
         --enable-spasswd \
@@ -222,6 +228,7 @@ export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -DLDAP_DEPRECATED -DLDAP_CONN
         --enable-meta=mod \
         --enable-monitor=yes \
         --enable-perl=mod \
+        --enable-sql=mod \
         --enable-slp \
         --enable-overlays=yes \
 %else
@@ -279,7 +286,7 @@ make SLAPD_DEBUG=0 test
 %install
 mkdir -p $RPM_BUILD_ROOT/etc/init.d
 mkdir -p $RPM_BUILD_ROOT/usr/sbin
-make DESTDIR=$RPM_BUILD_ROOT install
+make STRIP="" DESTDIR=$RPM_BUILD_ROOT install
 install -m 755 rc.ldap $RPM_BUILD_ROOT/etc/init.d/ldap
 ln -sf ../../etc/init.d/ldap $RPM_BUILD_ROOT/usr/sbin/rcldap
 mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/slapd.d
@@ -313,10 +320,10 @@ rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-null.5
 rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-passwd.5
 rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-shell.5
 rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-sock.5
-rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-sql.5
 rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-tcl.5
 # Remove *.la files, libtool does not handle this correct
 rm -f  $RPM_BUILD_ROOT%{_libdir}/lib*.la
+
 #put filelists into files
 cat >openldap2.filelist <<EOF
 /var/adm/fillup-templates/sysconfig.openldap
@@ -401,11 +408,18 @@ cat > openldap2-back-meta.filelist <<EOF
 /usr/lib/openldap/modules/back_meta*
 %doc %{_mandir}/man5/slapd-meta.*
 EOF
+cat > openldap2-back-sql.filelist <<EOF
+/usr/lib/openldap/modules/back_sql*
+%doc %{_mandir}/man5/slapd-sql.*
+%doc servers/slapd/back-sql/rdbms_depend
+%doc servers/slapd/back-sql/docs/bugs
+%doc servers/slapd/back-sql/docs/install
+EOF
 #remove files from other spec file
 %if "%{name}" == "openldap2"
 cat openldap2-client.filelist libldap.filelist openldap2-devel.filelist |    
 %else
-cat openldap2.filelist openldap2-back-perl.filelist openldap2-back-meta.filelist |
+cat openldap2.filelist openldap2-back-perl.filelist openldap2-back-meta.filelist openldap2-back-sql.filelist |
 %endif
   grep -v "%dir " |sed -e "s|^.* ||" |grep "^/" |while read name ; do
     rm -rf $RPM_BUILD_ROOT$name
@@ -537,6 +551,9 @@ fi
 
 %files -n openldap2-back-meta -f openldap2-back-meta.filelist
 %defattr(-,root,root)
+
+%files -n openldap2-back-sql -f openldap2-back-sql.filelist
+%defattr(-,root,root)
 %else
 
 %post -n libldap-2_4-2 -p /sbin/ldconfig
diff --git a/openldap2.changes b/openldap2.changes
index 58841dd..ba2e760 100644
--- a/openldap2.changes
+++ b/openldap2.changes
@@ -1,3 +1,32 @@
+-------------------------------------------------------------------
+Fri Jul 23 07:49:40 UTC 2010 - rhafer@novell.com
+
+- Fixed RPM Group and Summary Tags (bnc#624980)
+
+-------------------------------------------------------------------
+Thu Jul  1 13:02:13 UTC 2010 - rhafer@novell.com
+
+- Updated to 2.4.23:
+ * Fixed libldap to return server's error code (ITS#6569)
+ * Fixed libldap memleaks (ITS#6568)
+ * Fixed liblutil off-by-one with delta (ITS#6541)
+ * Fixed slapd acls with glued databases (ITS#6468)
+ * Fixed slapd syncrepl rid logging (ITS#6533)
+ * Fixed slapd modrdn handling of invalid values (bnc#612430, 
+   ITS#6570)
+ * Fixed slapd-bdb hasSubordinates computation (ITS#6549)
+ * Fixed slapd-bdb to use memcpy instead for strcpy (ITS#6474)
+ * Fixed slapd-bdb entry cache delete failure (ITS#6577)
+ * Fixed slapd-ldap to return control responses (ITS#6530)
+ * Fixed slapo-ppolicy to use Debug (ITS#6566)
+ * Fixed slapo-refint to zero out freed DN vals (ITS#6572)
+ * Fixed slapo-rwm to use Debug (ITS#6566)
+ * Fixed slapo-sssvlv to use Debug (ITS#6566)
+ * Fixed slapo-syncprov lost deletes in refresh phase (bnc#606294,
+   ITS#6555)
+ * Fixed slapo-valsort to use Debug (ITS#6566)
+ * Fixed contrib/nssov network.c missing patch (ITS#6562)
+
 -------------------------------------------------------------------
 Thu Jul  1 12:48:18 UTC 2010 - rhafer@novell.com
 
@@ -7,12 +36,85 @@ Thu Jul  1 12:48:18 UTC 2010 - rhafer@novell.com
   "refreshAndPersist" replication failed to replicate under
   certain circumstances (bnc#606294, ITS#6555) 
 
+-------------------------------------------------------------------
+Thu Jun 17 15:53:49 UTC 2010 - rhafer@novell.com
+
+- New subpackage openldap2-back-sql. Contains the SQL backend 
+  module plus some documentation (bnc#395719)
+
+-------------------------------------------------------------------
+Thu Jun 17 13:02:40 UTC 2010 - rhafer@novell.com
+
+- generate Patches from git tree (resulted in all patches being
+  renamed)
+- installing binaries without stripping them is done by setting
+  the STRIP enviroment variable instead for patching the Makefile
+  now
+- Fixed a bug in the syncprov overlay which could lead to not
+  replicate delete Operations (ITS#6555, bnc#606294)
+
 -------------------------------------------------------------------
 Mon May 10 13:35:59 UTC 2010 - rhafer@novell.com
 
 - Create /var/run/slapd on demand. /var/run might be mounted on 
   tmpfs.
 
+-------------------------------------------------------------------
+Wed Apr 28 11:17:06 UTC 2010 - rhafer@novell.com
+
+- BuildRequires cleanup
+
+-------------------------------------------------------------------
+Mon Apr 26 15:14:17 UTC 2010 - rhafer@novell.com
+
+- Updated to 2.4.22:
+  * Added slapd SLAP_SCHEMA_EXPOSE flag for hidden schema elements 
+    (ITS#6435)
+  * Added slapd tools selective iterations (ITS#6442)
+  * Added slapd syncrepl TCP keepalive (ITS#6389)
+  * Added slapo-ldap idassert-passthru (ITS#6456)
+  * Added slapo-pbind
+  * Fixed libldap gmtime re-entrancy (ITS#6262)
+  * Fixed libldap gssapi off by one error (ITS#6223)
+  * Fixed libldap referral on bind behavior(ITS#6510)
+  * Fixed slapd acl non-entry internal searches (ITS#6481)
+  * Fixed slapd acl attrval style initialization (ITS#6520)
+  * Fixed slapd certificateListValidate (ITS#6466)
+  * Fixed slapd empty URI parsing (ITS#6465)
+  * Fixed slapd glued misplaced entries (ITS#6506)
+  * Fixed slapd glued paged cookies (ITS#6507)
+  * Fixed slapd glued paged results (ITS#6504)
+  * Fixed slapd gmtime re-entrancy (ITS#6262)
+  * Fixed slapd to ignore controls with unrecognized flag
+    (ITS#6480)
+  * Fixed slapd entry ownership (ITS#5340)
+  * Fixed slapd sasl auxprop_lookup (ITS#6441)
+  * Fixed slapd sasl auxprop ssf (ITS#5195)
+  * Fixed slapd syncrepl for attributes with no matching rule
+    (ITS#6458)
+  * Fixed slapd syncrepl for unknown attrs and delta-sync
+    (ITS#6473)
+  * Fixed slapd syncrep loop with moddn (ITS#6472)
+  * Fixed slapo-accesslog to not replicate internal purges
+    (ITS#6519)
+  * Fixed slapd-bdb contextCSN updates from updatedn (ITS#6469)
+  * Fixed slapd-bdb lockobj zeroing (ITS#6501)
+  * Fixed slapd-ldap/meta control criticality (ITS#6523)
+  * Fixed slapd-ldap/meta with ordered values (ITS#6516)
+  * Fixed slapo-collect entry ownership (ITS#5340,ITS#6423)
+  * Fixed slapo-dds with NULL backend (ITS#6490)
+  * Fixed slapo-dynlist entry ownership (ITS#5340,ITS#6423)
+  * Fixed slapo-memberof attr count (ITS#6508)
+  * Fixed slapo-pcache to release its own entries (ITS#6484)
+  * Fixed slapo-pcache with NULL backend (ITS#6490)
+  * Fixed slapo-rwm entry release handling (ITS#6484)
+  * Fixed slapo-rwm memory handling with rewrites (ITS#6526)
+  * Fixed slapo-rwm olcRwmMap handling (ITS#6436)
+  * Fixed slapo-rwm entry ownership (ITS#5340,ITS#6423)
+  * Fixed slapo-syncprov memory leak (ITS#6459)
+  * Fixed slapo-translucent counter increment (ITS#6497)
+  * Fixed slapo-valsort entry ownership (ITS#5340,ITS#6423)
+
 -------------------------------------------------------------------
 Thu Apr 15 08:18:49 UTC 2010 - adrian@suse.de
 
diff --git a/openldap2.spec b/openldap2.spec
index c037261..04adec8 100644
--- a/openldap2.spec
+++ b/openldap2.spec
@@ -20,24 +20,24 @@
 %define run_test_suite 1
 
 Name:           openldap2
-BuildRequires:  cyrus-sasl-devel db-devel libopenssl-devel tcpd-devel
-%if %sles_version == 9
-BuildRequires:  -db-devel -libopenssl-devel -pwdutils libdb-4_5-devel openssl-devel
+BuildRequires:  cyrus-sasl-devel libopenssl-devel
+%if %sles_version == 9 || %sles_version == 10
+BuildRequires:  -libopenssl-devel -pwdutils openssl-devel
 %endif
-%if %sles_version == 10
-BuildRequires:  -db-devel -libopenssl-devel -pwdutils libdb-4_5-devel openssl-devel
-%endif
-Version:        2.4.21
-Release:        6
+Version:        2.4.23
+Release:        4
 Url:            http://www.openldap.org
 License:        BSD3c(or similar) ; openldap 2.8
 %if "%{name}" == "openldap2"
-BuildRequires:  openslp-devel
-Group:          Productivity/Networking/LDAP/Clients
+BuildRequires:  unixODBC-devel openslp-devel db-devel tcpd-devel
+%if %sles_version == 9 || %sles_version == 10
+BuildRequires:  -db-devel libdb-4_5-devel
+%endif
+Group:          Productivity/Networking/LDAP/Servers
 Conflicts:      openldap
 Requires:       libldap-2_4-2 = %{version}
 PreReq:         %insserv_prereq %fillup_prereq /usr/sbin/useradd /usr/sbin/groupadd /usr/bin/grep
-Summary:        The OpenLDAP commandline client tools 
+Summary:        The OpenLDAP Server
 %else
 Group:          Productivity/Networking/LDAP/Clients
 Conflicts:      openldap-client
@@ -53,15 +53,12 @@ Source4:        sasl-slapd.conf
 Source5:        README.update
 Source6:        schema2ldif
 Source100:      openldap-2.3.37.tar.bz2
-Patch1:         openldap2.dif
-Patch2:         slapd_conf.dif
-Patch4:         ldapi_url.dif
-Patch5:         slapd-back-hdb-fortify.dif
-Patch6:         libldap-gethostbyname_r.dif
-Patch7:         pie-compile.dif
-Patch11:        slapd-bconfig-del-db.dif
-Patch12:        Syncprov-might-lose-deletes-ITS-6555.dif
-Patch13:        slapd-modrdn-crash-ITS-6570.dif
+Patch1:         0001-build-adjustments.dif
+Patch2:         0002-slapd.conf.dif
+Patch3:         0003-LDAPI-socket-location.dif
+Patch4:         0004-libldap-use-gethostbyname_r.dif
+Patch5:         0005-pie-compile.dif
+Patch6:         0006-assorted-fixes-for-back-config-DELETE-support.dif
 Patch100:       openldap-2.3.37.dif
 Patch200:       slapd_getaddrinfo_dupl.dif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
@@ -116,6 +113,21 @@ Authors:
 --------
     The OpenLDAP Project <project@openldap.org>
 
+%package      -n openldap2-back-sql
+License:        BSD3c(or similar)
+Summary:        OpenLDAP SQL Back-End
+Requires:       openldap2 = %{version}
+AutoReqProv:    on
+Group:          Productivity/Networking/LDAP/Servers
+
+%description -n openldap2-back-sql
+The primary purpose of this OpenLDAP backend is to present information
+stored in a Relational (SQL) Database as an LDAP subtree without the need
+to do any programming.
+
+Authors:
+--------
+    The OpenLDAP Project <project@openldap.org>
 %else
 
 %description
@@ -173,17 +185,14 @@ Authors:
 
 %prep
 %setup -q -n openldap-%{version} -a1 -a2 -b100
-%patch1
-%patch2
-%patch4
-%patch5
-%patch6
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
 %if %suse_version > 920
-%patch7
+%patch5 -p1
 %endif
-%patch11
-%patch12 -p1
-%patch13 -p1
+%patch6 -p1
 %if %suse_version == 1100
 %patch200 -p1
 %endif
@@ -196,13 +205,10 @@ cd ../openldap-2.3.37
 libtoolize --force
 autoreconf
 export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -DLDAP_DEPRECATED -DLDAP_CONNECTIONLESS -DSLAP_CONFIG_DELETE"
-./configure --prefix=/usr \
-        --exec-prefix=/usr \
-        --sysconfdir=%{_sysconfdir} \
+export STRIP=""
+%configure \
         --localstatedir=/var/run/slapd \
         --libexecdir=/usr/lib/openldap \
-        --libdir=%{_libdir} \
-        --mandir=%{_mandir} \
         --enable-wrappers \
         --enable-aclgroups \
         --enable-spasswd \
@@ -222,6 +228,7 @@ export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -DLDAP_DEPRECATED -DLDAP_CONN
         --enable-meta=mod \
         --enable-monitor=yes \
         --enable-perl=mod \
+        --enable-sql=mod \
         --enable-slp \
         --enable-overlays=yes \
 %else
@@ -279,7 +286,7 @@ make SLAPD_DEBUG=0 test
 %install
 mkdir -p $RPM_BUILD_ROOT/etc/init.d
 mkdir -p $RPM_BUILD_ROOT/usr/sbin
-make DESTDIR=$RPM_BUILD_ROOT install
+make STRIP="" DESTDIR=$RPM_BUILD_ROOT install
 install -m 755 rc.ldap $RPM_BUILD_ROOT/etc/init.d/ldap
 ln -sf ../../etc/init.d/ldap $RPM_BUILD_ROOT/usr/sbin/rcldap
 mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/slapd.d
@@ -313,10 +320,10 @@ rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-null.5
 rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-passwd.5
 rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-shell.5
 rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-sock.5
-rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-sql.5
 rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-tcl.5
 # Remove *.la files, libtool does not handle this correct
 rm -f  $RPM_BUILD_ROOT%{_libdir}/lib*.la
+
 #put filelists into files
 cat >openldap2.filelist <<EOF
 /var/adm/fillup-templates/sysconfig.openldap
@@ -401,11 +408,18 @@ cat > openldap2-back-meta.filelist <<EOF
 /usr/lib/openldap/modules/back_meta*
 %doc %{_mandir}/man5/slapd-meta.*
 EOF
+cat > openldap2-back-sql.filelist <<EOF
+/usr/lib/openldap/modules/back_sql*
+%doc %{_mandir}/man5/slapd-sql.*
+%doc servers/slapd/back-sql/rdbms_depend
+%doc servers/slapd/back-sql/docs/bugs
+%doc servers/slapd/back-sql/docs/install
+EOF
 #remove files from other spec file
 %if "%{name}" == "openldap2"
 cat openldap2-client.filelist libldap.filelist openldap2-devel.filelist |    
 %else
-cat openldap2.filelist openldap2-back-perl.filelist openldap2-back-meta.filelist |
+cat openldap2.filelist openldap2-back-perl.filelist openldap2-back-meta.filelist openldap2-back-sql.filelist |
 %endif
   grep -v "%dir " |sed -e "s|^.* ||" |grep "^/" |while read name ; do
     rm -rf $RPM_BUILD_ROOT$name
@@ -537,6 +551,9 @@ fi
 
 %files -n openldap2-back-meta -f openldap2-back-meta.filelist
 %defattr(-,root,root)
+
+%files -n openldap2-back-sql -f openldap2-back-sql.filelist
+%defattr(-,root,root)
 %else
 
 %post -n libldap-2_4-2 -p /sbin/ldconfig
diff --git a/slapd-back-hdb-fortify.dif b/slapd-back-hdb-fortify.dif
deleted file mode 100644
index 6dcea6e..0000000
--- a/slapd-back-hdb-fortify.dif
+++ /dev/null
@@ -1,13 +0,0 @@
-Index: servers/slapd/back-bdb/dn2id.c
-===================================================================
---- servers/slapd/back-bdb/dn2id.c.orig
-+++ servers/slapd/back-bdb/dn2id.c
-@@ -676,7 +676,7 @@ hdb_dn2id_delete(
- 	d->nrdnlen[0] = (BEI(e)->bei_nrdn.bv_len >> 8) | 0x80;
- 	dlen[0] = d->nrdnlen[0];
- 	dlen[1] = d->nrdnlen[1];
--	strcpy( d->nrdn, BEI(e)->bei_nrdn.bv_val );
-+	memcpy ( d->nrdn, BEI(e)->bei_nrdn.bv_val, BEI(e)->bei_nrdn.bv_len + 1);
- 	data.data = d;
- 
- 	rc = db->cursor( db, txn, &cursor, bdb->bi_db_opflags );
diff --git a/slapd-modrdn-crash-ITS-6570.dif b/slapd-modrdn-crash-ITS-6570.dif
deleted file mode 100644
index 667950c..0000000
--- a/slapd-modrdn-crash-ITS-6570.dif
+++ /dev/null
@@ -1,100 +0,0 @@
-From 6e229f5b94be41c4b9372914ae9bff90ccd81014 Mon Sep 17 00:00:00 2001
-From: hyc <hyc>
-Date: Sun, 6 Jun 2010 22:02:32 +0000
-Subject: slapd modrdn crash (ITS#6570)
-
-part #1 reject RDNs with binary BER values
-part #2 reject RDNs with empty values
-
-Unauthenticated LDAP clients could crash the server by submitting a
-specially crafted LDAP ModRDN operatoin.
-
-Part #1:
-OpenLDAP crashes with segfault during the processing of a modrdn call with
-maliciously formed destination rdn string. No authentication is required to
-trigger this vulnerability.
-
-Part #2:
-OpenLDAP crashes at a null pointer dereference during the processing of modrdn
-call with maliciously formed destination rdn string. No authentication is
-required to trigger this vulnerability.
-
- 3 files changed, 16 insertions(+), 7 deletions(-)
-
-diff --git a/servers/slapd/dn.c b/servers/slapd/dn.c
-index 3534e7f..75d2204 100644
---- a/servers/slapd/dn.c
-+++ b/servers/slapd/dn.c
-@@ -302,16 +302,13 @@ LDAPRDN_rewrite( LDAPRDN rdn, unsigned flags, void *ctx )
- 		ava->la_attr = ad->ad_cname;
- 
- 		if( ava->la_flags & LDAP_AVA_BINARY ) {
--			if( ava->la_value.bv_len == 0 ) {
--				/* BER encoding is empty */
--				return LDAP_INVALID_SYNTAX;
--			}
-+			/* AVA is binary encoded, not supported */
-+			return LDAP_INVALID_SYNTAX;
- 
- 			/* Do not allow X-ORDERED 'VALUES' naming attributes */
- 		} else if( ad->ad_type->sat_flags & SLAP_AT_ORDERED_VAL ) {
- 			return LDAP_INVALID_SYNTAX;
- 
--			/* AVA is binary encoded, don't muck with it */
- 		} else if( flags & SLAP_LDAPDN_PRETTY ) {
- 			transf = ad->ad_type->sat_syntax->ssyn_pretty;
- 			if( !transf ) {
-@@ -379,6 +376,10 @@ LDAPRDN_rewrite( LDAPRDN rdn, unsigned flags, void *ctx )
- 			ava->la_value = bv;
- 			ava->la_flags |= LDAP_AVA_FREE_VALUE;
- 		}
-+		/* reject empty values */
-+		if (!ava->la_value.bv_len) {
-+			return LDAP_INVALID_SYNTAX;
-+		}
- 	}
- 	rc = LDAP_SUCCESS;
- 
-diff --git a/servers/slapd/modrdn.c b/servers/slapd/modrdn.c
-index e386ef9..e143a7b 100644
---- a/servers/slapd/modrdn.c
-+++ b/servers/slapd/modrdn.c
-@@ -445,12 +445,19 @@ slap_modrdn2mods(
- 		mod_tmp->sml_values[1].bv_val = NULL;
- 		if( desc->ad_type->sat_equality->smr_normalize) {
- 			mod_tmp->sml_nvalues = ( BerVarray )ch_malloc( 2 * sizeof( struct berval ) );
--			(void) (*desc->ad_type->sat_equality->smr_normalize)(
-+			rs->sr_err = desc->ad_type->sat_equality->smr_normalize(
- 				SLAP_MR_EQUALITY|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
- 				desc->ad_type->sat_syntax,
- 				desc->ad_type->sat_equality,
- 				&mod_tmp->sml_values[0],
- 				&mod_tmp->sml_nvalues[0], NULL );
-+			if (rs->sr_err != LDAP_SUCCESS) {
-+				ch_free(mod_tmp->sml_nvalues);
-+				ch_free(mod_tmp->sml_values[0].bv_val);
-+				ch_free(mod_tmp->sml_values);
-+				ch_free(mod_tmp);
-+				goto done;
-+			}
- 			mod_tmp->sml_nvalues[1].bv_val = NULL;
- 		} else {
- 			mod_tmp->sml_nvalues = NULL;
-diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
-index 68e6d28..d2f4708 100644
---- a/servers/slapd/schema_init.c
-+++ b/servers/slapd/schema_init.c
-@@ -1732,8 +1732,9 @@ UTF8StringNormalize(
- 		? LDAP_UTF8_APPROX : 0;
- 
- 	val = UTF8bvnormalize( val, &tmp, flags, ctx );
-+	/* out of memory or syntax error, the former is unlikely */
- 	if( val == NULL ) {
--		return LDAP_OTHER;
-+		return LDAP_INVALID_SYNTAX;
- 	}
- 	
- 	/* collapse spaces (in place) */
--- 
-1.7.0.3
-