From d2cee4b9d03c052cdf34af0e77abbe8fd42265150b1e27401bdd21ed5234b723 Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp Date: Wed, 4 Nov 2009 08:11:05 +0000 Subject: [PATCH 1/7] Accepting request 23752 from home:coolo:branches:openSUSE:Factory:branched Copy from home:coolo:branches:openSUSE:Factory:branched/openldap2 via accept of submit request 23752 revision 2. Request was accepted with message: OBS-URL: https://build.opensuse.org/request/show/23752 OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=21 --- openldap2.changes | 5 ++ pie-compile.dif | 106 +++++++++++++++++++++++--------------- slapo-collect-include.dif | 10 ++-- 3 files changed, 75 insertions(+), 46 deletions(-) diff --git a/openldap2.changes b/openldap2.changes index 0d808bc..80488b2 100644 --- a/openldap2.changes +++ b/openldap2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue Nov 3 19:13:32 UTC 2009 - coolo@novell.com + +- updated patches to apply with fuzz=0 + ------------------------------------------------------------------- Mon Sep 28 13:59:18 UTC 2009 - rhafer@novell.com diff --git a/pie-compile.dif b/pie-compile.dif index 0514654..0cede92 100644 --- a/pie-compile.dif +++ b/pie-compile.dif @@ -1,6 +1,8 @@ ---- build/top.mk 2005/06/22 09:26:29 1.3 -+++ build/top.mk 2005/06/22 12:20:52 -@@ -169,9 +169,9 @@ +Index: build/top.mk +=================================================================== +--- build/top.mk.orig ++++ build/top.mk +@@ -178,9 +178,9 @@ SLAPD_L = $(LDAP_LIBLUNICODE_A) $(LDAP_L WRAP_LIBS = @WRAP_LIBS@ # AutoConfig generated AC_CC = @CC@ @@ -12,21 +14,25 @@ AC_LIBS = @LIBS@ KRB4_LIBS = @KRB4_LIBS@ ---- libraries/liblunicode/Makefile.in 2005/06/22 12:25:47 1.1 -+++ libraries/liblunicode/Makefile.in 2005/06/22 12:26:18 -@@ -29,6 +29,9 @@ - LDAP_INCDIR= ../../include - LDAP_LIBDIR= ../../libraries +Index: libraries/liblunicode/Makefile.in +=================================================================== +--- libraries/liblunicode/Makefile.in.orig ++++ libraries/liblunicode/Makefile.in +@@ -35,6 +35,9 @@ $(XXDIR)/uctable.h: $(XXDIR)/ucgendat.c + $(MAKE) ucgendat + ./ucgendat $(srcdir)/UnicodeData.txt -x $(srcdir)/CompositionExclusions.txt +PIE_CFLAGS="-fPIE" +PIE_LDFLAGS="-pie" + ucgendat: $(XLIBS) ucgendat.o $(LTLINK) -o $@ ucgendat.o $(LIBS) - ./ucgendat $(srcdir)/UnicodeData.txt -x $(srcdir)/CompositionExclusions.txt ---- libraries/liblutil/Makefile.in 2005/06/22 12:29:51 1.1 -+++ libraries/liblutil/Makefile.in 2005/06/22 12:30:20 -@@ -19,6 +19,9 @@ + +Index: libraries/liblutil/Makefile.in +=================================================================== +--- libraries/liblutil/Makefile.in.orig ++++ libraries/liblutil/Makefile.in +@@ -19,6 +19,9 @@ PROGRAM = testavl LDAP_INCDIR= ../../include LDAP_LIBDIR= ../../libraries @@ -36,9 +42,11 @@ NT_SRCS = ntservice.c NT_OBJS = ntservice.o slapdmsg.res ---- servers/slapd/Makefile.in 2005/06/22 09:28:52 1.1 -+++ servers/slapd/Makefile.in 2005/06/22 10:04:38 -@@ -67,6 +67,9 @@ +Index: servers/slapd/Makefile.in +=================================================================== +--- servers/slapd/Makefile.in.orig ++++ servers/slapd/Makefile.in +@@ -69,6 +69,9 @@ SLAPD_DYNAMIC_BACKENDS=@SLAPD_DYNAMIC_BA SLAPI_LIBS=@LIBSLAPI@ @SLAPI_LIBS@ @@ -48,11 +56,13 @@ XDEFS = $(MODULES_CPPFLAGS) XLDFLAGS = $(MODULES_LDFLAGS) ---- servers/slapd/back-bdb/Makefile.in 2005/06/22 10:05:47 1.1 -+++ servers/slapd/back-bdb/Makefile.in 2005/06/22 10:06:22 -@@ -37,6 +37,9 @@ +Index: servers/slapd/back-bdb/Makefile.in +=================================================================== +--- servers/slapd/back-bdb/Makefile.in.orig ++++ servers/slapd/back-bdb/Makefile.in +@@ -37,6 +37,9 @@ mod_DEFS = -DSLAPD_IMPORT MOD_DEFS = $(@BUILD_BDB@_DEFS) - MOD_LIBS = $(LDBM_LIBS) + MOD_LIBS = $(BDB_LIBS) +PIE_CFLAGS="-fPIE" +PIE_LDFLAGS="-pie" @@ -60,11 +70,13 @@ shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) ---- servers/slapd/back-hdb/Makefile.in 2005/06/22 11:31:01 1.1 -+++ servers/slapd/back-hdb/Makefile.in 2005/06/22 11:31:41 -@@ -39,6 +39,9 @@ +Index: servers/slapd/back-hdb/Makefile.in +=================================================================== +--- servers/slapd/back-hdb/Makefile.in.orig ++++ servers/slapd/back-hdb/Makefile.in +@@ -41,6 +41,9 @@ mod_DEFS = -DSLAPD_IMPORT MOD_DEFS = $(@BUILD_HDB@_DEFS) - MOD_LIBS = $(LDBM_LIBS) + MOD_LIBS = $(BDB_LIBS) +PIE_CFLAGS="-fPIE" +PIE_LDFLAGS="-pie" @@ -72,9 +84,11 @@ shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) ---- servers/slapd/overlays/Makefile.in 2005/06/22 12:35:29 1.1 -+++ servers/slapd/overlays/Makefile.in 2005/06/22 12:35:47 -@@ -19,6 +19,9 @@ +Index: servers/slapd/overlays/Makefile.in +=================================================================== +--- servers/slapd/overlays/Makefile.in.orig ++++ servers/slapd/overlays/Makefile.in +@@ -45,6 +45,9 @@ LTONLY_MOD = $(LTONLY_mod) LDAP_INCDIR= ../../../include LDAP_LIBDIR= ../../../libraries @@ -84,9 +98,11 @@ MOD_DEFS = -DSLAPD_IMPORT shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) ---- servers/slapd/back-relay/Makefile.in 2005/09/23 09:59:31 1.1 -+++ servers/slapd/back-relay/Makefile.in 2005/09/23 09:59:12 -@@ -24,6 +24,9 @@ +Index: servers/slapd/back-relay/Makefile.in +=================================================================== +--- servers/slapd/back-relay/Makefile.in.orig ++++ servers/slapd/back-relay/Makefile.in +@@ -25,6 +25,9 @@ BUILD_MOD = @BUILD_RELAY@ mod_DEFS = -DSLAPD_IMPORT MOD_DEFS = $(@BUILD_RELAY@_DEFS) @@ -96,9 +112,11 @@ shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) $(REWRITE) UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) $(REWRITE) ---- servers/slapd/back-ldif/Makefile.in 2005/09/23 09:58:52 1.1 -+++ servers/slapd/back-ldif/Makefile.in 2005/09/23 09:58:54 -@@ -25,6 +25,9 @@ +Index: servers/slapd/back-ldif/Makefile.in +=================================================================== +--- servers/slapd/back-ldif/Makefile.in.orig ++++ servers/slapd/back-ldif/Makefile.in +@@ -25,6 +25,9 @@ BUILD_MOD = yes mod_DEFS = -DSLAPD_IMPORT MOD_DEFS = $(yes_DEFS) @@ -108,9 +126,11 @@ shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) ---- libraries/librewrite/Makefile.in 2005/09/23 10:16:37 1.1 -+++ libraries/librewrite/Makefile.in 2005/09/23 10:18:36 -@@ -26,6 +26,9 @@ +Index: libraries/librewrite/Makefile.in +=================================================================== +--- libraries/librewrite/Makefile.in.orig ++++ libraries/librewrite/Makefile.in +@@ -26,6 +26,9 @@ OBJS = config.o context.o info.o ldapmap LDAP_INCDIR= ../../include LDAP_LIBDIR= ../../libraries @@ -120,9 +140,11 @@ LIBRARY = librewrite.a PROGRAMS = rewrite XLIBS = $(LIBRARY) $(LDAP_LIBLUTIL_A) \ ---- servers/slapd/back-ldap/Makefile.in 2005/12/09 08:58:44 1.1 -+++ servers/slapd/back-ldap/Makefile.in 2005/12/09 08:59:28 -@@ -27,6 +27,9 @@ +Index: servers/slapd/back-ldap/Makefile.in +=================================================================== +--- servers/slapd/back-ldap/Makefile.in.orig ++++ servers/slapd/back-ldap/Makefile.in +@@ -29,6 +29,9 @@ BUILD_MOD = @BUILD_LDAP@ mod_DEFS = -DSLAPD_IMPORT MOD_DEFS = $(@BUILD_LDAP@_DEFS) @@ -132,9 +154,11 @@ shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) ---- servers/slapd/back-monitor/Makefile.in 2005/12/09 08:58:55 1.1 -+++ servers/slapd/back-monitor/Makefile.in 2005/12/09 08:59:48 -@@ -33,6 +33,9 @@ +Index: servers/slapd/back-monitor/Makefile.in +=================================================================== +--- servers/slapd/back-monitor/Makefile.in.orig ++++ servers/slapd/back-monitor/Makefile.in +@@ -33,6 +33,9 @@ BUILD_MOD = @BUILD_MONITOR@ mod_DEFS = -DSLAPD_IMPORT MOD_DEFS = $(@BUILD_MONITOR@_DEFS) diff --git a/slapo-collect-include.dif b/slapo-collect-include.dif index 2a549b4..6b63bc6 100644 --- a/slapo-collect-include.dif +++ b/slapo-collect-include.dif @@ -1,12 +1,12 @@ -Index: openldap-2.4.12/servers/slapd/overlays/collect.c +Index: openldap-2.4.17/servers/slapd/overlays/collect.c =================================================================== ---- openldap-2.4.12.orig/servers/slapd/overlays/collect.c -+++ openldap-2.4.12/servers/slapd/overlays/collect.c +--- openldap-2.4.17.orig/servers/slapd/overlays/collect.c ++++ openldap-2.4.17/servers/slapd/overlays/collect.c @@ -30,6 +30,7 @@ #include "slap.h" #include "config.h" +#include "lutil.h" - /* This is a cheap hack to implement a collective attribute. - * + #include "lutil.h" + From b4a89e251590c9db648208a09cf74572c0b81c0eb3cceb33c3772e8f26dcfead Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp Date: Mon, 16 Nov 2009 16:29:34 +0000 Subject: [PATCH 2/7] Regenerated openldap2-client OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=22 --- openldap2-client.changes | 5 +++++ openldap2-client.spec | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/openldap2-client.changes b/openldap2-client.changes index 0d808bc..80488b2 100644 --- a/openldap2-client.changes +++ b/openldap2-client.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue Nov 3 19:13:32 UTC 2009 - coolo@novell.com + +- updated patches to apply with fuzz=0 + ------------------------------------------------------------------- Mon Sep 28 13:59:18 UTC 2009 - rhafer@novell.com diff --git a/openldap2-client.spec b/openldap2-client.spec index 3a684f3..2f1089e 100644 --- a/openldap2-client.spec +++ b/openldap2-client.spec @@ -1,5 +1,5 @@ # -# spec file for package openldap2-client (Version 2.4.17) +# spec file for package openldap2 (Version 2.4.17) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -18,7 +18,7 @@ # norootforbuild -Name: openldap2-client +Name: openldap2-client BuildRequires: cyrus-sasl-devel db-devel libopenssl-devel openslp-devel tcpd-devel %if %sles_version == 9 BuildRequires: -db-devel -libopenssl-devel -pwdutils libdb-4_5-devel openssl-devel From 4402337b0e7f8ebe4ae73f38333e5da221b10ba74eaad859ca7af7ff8ff7dd87 Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Mon, 16 Nov 2009 17:32:44 +0000 Subject: [PATCH 3/7] checked in OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=23 --- openldap2-client.changes | 5 -- openldap2-client.spec | 4 +- openldap2.changes | 5 -- pie-compile.dif | 106 +++++++++++++++----------------------- slapo-collect-include.dif | 10 ++-- 5 files changed, 48 insertions(+), 82 deletions(-) diff --git a/openldap2-client.changes b/openldap2-client.changes index 80488b2..0d808bc 100644 --- a/openldap2-client.changes +++ b/openldap2-client.changes @@ -1,8 +1,3 @@ -------------------------------------------------------------------- -Tue Nov 3 19:13:32 UTC 2009 - coolo@novell.com - -- updated patches to apply with fuzz=0 - ------------------------------------------------------------------- Mon Sep 28 13:59:18 UTC 2009 - rhafer@novell.com diff --git a/openldap2-client.spec b/openldap2-client.spec index 2f1089e..3a684f3 100644 --- a/openldap2-client.spec +++ b/openldap2-client.spec @@ -1,5 +1,5 @@ # -# spec file for package openldap2 (Version 2.4.17) +# spec file for package openldap2-client (Version 2.4.17) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -18,7 +18,7 @@ # norootforbuild -Name: openldap2-client +Name: openldap2-client BuildRequires: cyrus-sasl-devel db-devel libopenssl-devel openslp-devel tcpd-devel %if %sles_version == 9 BuildRequires: -db-devel -libopenssl-devel -pwdutils libdb-4_5-devel openssl-devel diff --git a/openldap2.changes b/openldap2.changes index 80488b2..0d808bc 100644 --- a/openldap2.changes +++ b/openldap2.changes @@ -1,8 +1,3 @@ -------------------------------------------------------------------- -Tue Nov 3 19:13:32 UTC 2009 - coolo@novell.com - -- updated patches to apply with fuzz=0 - ------------------------------------------------------------------- Mon Sep 28 13:59:18 UTC 2009 - rhafer@novell.com diff --git a/pie-compile.dif b/pie-compile.dif index 0cede92..0514654 100644 --- a/pie-compile.dif +++ b/pie-compile.dif @@ -1,8 +1,6 @@ -Index: build/top.mk -=================================================================== ---- build/top.mk.orig -+++ build/top.mk -@@ -178,9 +178,9 @@ SLAPD_L = $(LDAP_LIBLUNICODE_A) $(LDAP_L +--- build/top.mk 2005/06/22 09:26:29 1.3 ++++ build/top.mk 2005/06/22 12:20:52 +@@ -169,9 +169,9 @@ WRAP_LIBS = @WRAP_LIBS@ # AutoConfig generated AC_CC = @CC@ @@ -14,25 +12,21 @@ Index: build/top.mk AC_LIBS = @LIBS@ KRB4_LIBS = @KRB4_LIBS@ -Index: libraries/liblunicode/Makefile.in -=================================================================== ---- libraries/liblunicode/Makefile.in.orig -+++ libraries/liblunicode/Makefile.in -@@ -35,6 +35,9 @@ $(XXDIR)/uctable.h: $(XXDIR)/ucgendat.c - $(MAKE) ucgendat - ./ucgendat $(srcdir)/UnicodeData.txt -x $(srcdir)/CompositionExclusions.txt +--- libraries/liblunicode/Makefile.in 2005/06/22 12:25:47 1.1 ++++ libraries/liblunicode/Makefile.in 2005/06/22 12:26:18 +@@ -29,6 +29,9 @@ + LDAP_INCDIR= ../../include + LDAP_LIBDIR= ../../libraries +PIE_CFLAGS="-fPIE" +PIE_LDFLAGS="-pie" + ucgendat: $(XLIBS) ucgendat.o $(LTLINK) -o $@ ucgendat.o $(LIBS) - -Index: libraries/liblutil/Makefile.in -=================================================================== ---- libraries/liblutil/Makefile.in.orig -+++ libraries/liblutil/Makefile.in -@@ -19,6 +19,9 @@ PROGRAM = testavl + ./ucgendat $(srcdir)/UnicodeData.txt -x $(srcdir)/CompositionExclusions.txt +--- libraries/liblutil/Makefile.in 2005/06/22 12:29:51 1.1 ++++ libraries/liblutil/Makefile.in 2005/06/22 12:30:20 +@@ -19,6 +19,9 @@ LDAP_INCDIR= ../../include LDAP_LIBDIR= ../../libraries @@ -42,11 +36,9 @@ Index: libraries/liblutil/Makefile.in NT_SRCS = ntservice.c NT_OBJS = ntservice.o slapdmsg.res -Index: servers/slapd/Makefile.in -=================================================================== ---- servers/slapd/Makefile.in.orig -+++ servers/slapd/Makefile.in -@@ -69,6 +69,9 @@ SLAPD_DYNAMIC_BACKENDS=@SLAPD_DYNAMIC_BA +--- servers/slapd/Makefile.in 2005/06/22 09:28:52 1.1 ++++ servers/slapd/Makefile.in 2005/06/22 10:04:38 +@@ -67,6 +67,9 @@ SLAPI_LIBS=@LIBSLAPI@ @SLAPI_LIBS@ @@ -56,13 +48,11 @@ Index: servers/slapd/Makefile.in XDEFS = $(MODULES_CPPFLAGS) XLDFLAGS = $(MODULES_LDFLAGS) -Index: servers/slapd/back-bdb/Makefile.in -=================================================================== ---- servers/slapd/back-bdb/Makefile.in.orig -+++ servers/slapd/back-bdb/Makefile.in -@@ -37,6 +37,9 @@ mod_DEFS = -DSLAPD_IMPORT +--- servers/slapd/back-bdb/Makefile.in 2005/06/22 10:05:47 1.1 ++++ servers/slapd/back-bdb/Makefile.in 2005/06/22 10:06:22 +@@ -37,6 +37,9 @@ MOD_DEFS = $(@BUILD_BDB@_DEFS) - MOD_LIBS = $(BDB_LIBS) + MOD_LIBS = $(LDBM_LIBS) +PIE_CFLAGS="-fPIE" +PIE_LDFLAGS="-pie" @@ -70,13 +60,11 @@ Index: servers/slapd/back-bdb/Makefile.in shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) -Index: servers/slapd/back-hdb/Makefile.in -=================================================================== ---- servers/slapd/back-hdb/Makefile.in.orig -+++ servers/slapd/back-hdb/Makefile.in -@@ -41,6 +41,9 @@ mod_DEFS = -DSLAPD_IMPORT +--- servers/slapd/back-hdb/Makefile.in 2005/06/22 11:31:01 1.1 ++++ servers/slapd/back-hdb/Makefile.in 2005/06/22 11:31:41 +@@ -39,6 +39,9 @@ MOD_DEFS = $(@BUILD_HDB@_DEFS) - MOD_LIBS = $(BDB_LIBS) + MOD_LIBS = $(LDBM_LIBS) +PIE_CFLAGS="-fPIE" +PIE_LDFLAGS="-pie" @@ -84,11 +72,9 @@ Index: servers/slapd/back-hdb/Makefile.in shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) -Index: servers/slapd/overlays/Makefile.in -=================================================================== ---- servers/slapd/overlays/Makefile.in.orig -+++ servers/slapd/overlays/Makefile.in -@@ -45,6 +45,9 @@ LTONLY_MOD = $(LTONLY_mod) +--- servers/slapd/overlays/Makefile.in 2005/06/22 12:35:29 1.1 ++++ servers/slapd/overlays/Makefile.in 2005/06/22 12:35:47 +@@ -19,6 +19,9 @@ LDAP_INCDIR= ../../../include LDAP_LIBDIR= ../../../libraries @@ -98,11 +84,9 @@ Index: servers/slapd/overlays/Makefile.in MOD_DEFS = -DSLAPD_IMPORT shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) -Index: servers/slapd/back-relay/Makefile.in -=================================================================== ---- servers/slapd/back-relay/Makefile.in.orig -+++ servers/slapd/back-relay/Makefile.in -@@ -25,6 +25,9 @@ BUILD_MOD = @BUILD_RELAY@ +--- servers/slapd/back-relay/Makefile.in 2005/09/23 09:59:31 1.1 ++++ servers/slapd/back-relay/Makefile.in 2005/09/23 09:59:12 +@@ -24,6 +24,9 @@ mod_DEFS = -DSLAPD_IMPORT MOD_DEFS = $(@BUILD_RELAY@_DEFS) @@ -112,11 +96,9 @@ Index: servers/slapd/back-relay/Makefile.in shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) $(REWRITE) UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) $(REWRITE) -Index: servers/slapd/back-ldif/Makefile.in -=================================================================== ---- servers/slapd/back-ldif/Makefile.in.orig -+++ servers/slapd/back-ldif/Makefile.in -@@ -25,6 +25,9 @@ BUILD_MOD = yes +--- servers/slapd/back-ldif/Makefile.in 2005/09/23 09:58:52 1.1 ++++ servers/slapd/back-ldif/Makefile.in 2005/09/23 09:58:54 +@@ -25,6 +25,9 @@ mod_DEFS = -DSLAPD_IMPORT MOD_DEFS = $(yes_DEFS) @@ -126,11 +108,9 @@ Index: servers/slapd/back-ldif/Makefile.in shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) -Index: libraries/librewrite/Makefile.in -=================================================================== ---- libraries/librewrite/Makefile.in.orig -+++ libraries/librewrite/Makefile.in -@@ -26,6 +26,9 @@ OBJS = config.o context.o info.o ldapmap +--- libraries/librewrite/Makefile.in 2005/09/23 10:16:37 1.1 ++++ libraries/librewrite/Makefile.in 2005/09/23 10:18:36 +@@ -26,6 +26,9 @@ LDAP_INCDIR= ../../include LDAP_LIBDIR= ../../libraries @@ -140,11 +120,9 @@ Index: libraries/librewrite/Makefile.in LIBRARY = librewrite.a PROGRAMS = rewrite XLIBS = $(LIBRARY) $(LDAP_LIBLUTIL_A) \ -Index: servers/slapd/back-ldap/Makefile.in -=================================================================== ---- servers/slapd/back-ldap/Makefile.in.orig -+++ servers/slapd/back-ldap/Makefile.in -@@ -29,6 +29,9 @@ BUILD_MOD = @BUILD_LDAP@ +--- servers/slapd/back-ldap/Makefile.in 2005/12/09 08:58:44 1.1 ++++ servers/slapd/back-ldap/Makefile.in 2005/12/09 08:59:28 +@@ -27,6 +27,9 @@ mod_DEFS = -DSLAPD_IMPORT MOD_DEFS = $(@BUILD_LDAP@_DEFS) @@ -154,11 +132,9 @@ Index: servers/slapd/back-ldap/Makefile.in shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) -Index: servers/slapd/back-monitor/Makefile.in -=================================================================== ---- servers/slapd/back-monitor/Makefile.in.orig -+++ servers/slapd/back-monitor/Makefile.in -@@ -33,6 +33,9 @@ BUILD_MOD = @BUILD_MONITOR@ +--- servers/slapd/back-monitor/Makefile.in 2005/12/09 08:58:55 1.1 ++++ servers/slapd/back-monitor/Makefile.in 2005/12/09 08:59:48 +@@ -33,6 +33,9 @@ mod_DEFS = -DSLAPD_IMPORT MOD_DEFS = $(@BUILD_MONITOR@_DEFS) diff --git a/slapo-collect-include.dif b/slapo-collect-include.dif index 6b63bc6..2a549b4 100644 --- a/slapo-collect-include.dif +++ b/slapo-collect-include.dif @@ -1,12 +1,12 @@ -Index: openldap-2.4.17/servers/slapd/overlays/collect.c +Index: openldap-2.4.12/servers/slapd/overlays/collect.c =================================================================== ---- openldap-2.4.17.orig/servers/slapd/overlays/collect.c -+++ openldap-2.4.17/servers/slapd/overlays/collect.c +--- openldap-2.4.12.orig/servers/slapd/overlays/collect.c ++++ openldap-2.4.12/servers/slapd/overlays/collect.c @@ -30,6 +30,7 @@ #include "slap.h" #include "config.h" +#include "lutil.h" - #include "lutil.h" - + /* This is a cheap hack to implement a collective attribute. + * From f7b26454666c1a09b298f9cde74684e364cf370dcb8625695101bd887e0ef5ae Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp Date: Thu, 10 Dec 2009 15:36:32 +0000 Subject: [PATCH 4/7] Accepting request 26203 from network:ldap:OpenLDAP:RE24 Copy from network:ldap:OpenLDAP:RE24/openldap2 via accept of submit request 26203 revision 55. Request was accepted with message: OBS-URL: https://build.opensuse.org/request/show/26203 OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=24 --- libldap-tls_chkhost-its6239.dif | 125 -------------------------------- openldap-2.4.17.tar.bz2 | 3 - openldap-2.4.20.tar.bz2 | 3 + openldap2-client.changes | 30 ++++++++ openldap2-client.spec | 22 +++--- openldap2.changes | 30 ++++++++ openldap2.spec | 18 ++--- pie-compile.dif | 106 ++++++++++++++++----------- slapo-collect-include.dif | 12 --- test056-monitor-its6213.dif | 36 --------- 10 files changed, 146 insertions(+), 239 deletions(-) delete mode 100644 libldap-tls_chkhost-its6239.dif delete mode 100644 openldap-2.4.17.tar.bz2 create mode 100644 openldap-2.4.20.tar.bz2 delete mode 100644 slapo-collect-include.dif delete mode 100644 test056-monitor-its6213.dif diff --git a/libldap-tls_chkhost-its6239.dif b/libldap-tls_chkhost-its6239.dif deleted file mode 100644 index a5b780a..0000000 --- a/libldap-tls_chkhost-its6239.dif +++ /dev/null @@ -1,125 +0,0 @@ -Index: libraries/libldap/tls_o.c -=================================================================== -RCS file: /repo/OpenLDAP/pkg/ldap/libraries/libldap/tls_o.c,v -retrieving revision 1.5.2.4 -retrieving revision 1.5.2.6 -diff -u -r1.5.2.4 -r1.5.2.6 ---- libraries/libldap/tls_o.c 1 Jul 2009 23:04:49 -0000 1.5.2.4 -+++ libraries/libldap/tls_o.c 13 Aug 2009 00:52:04 -0000 1.5.2.6 -@@ -466,7 +466,7 @@ - X509 *x; - const char *name; - char *ptr; -- int ntype = IS_DNS; -+ int ntype = IS_DNS, nlen; - #ifdef LDAP_PF_INET6 - struct in6_addr addr; - #else -@@ -480,6 +480,7 @@ - } else { - name = name_in; - } -+ nlen = strlen(name); - - x = tlso_get_cert(s); - if (!x) { -@@ -513,15 +514,14 @@ - ex = X509_get_ext(x, i); - alt = X509V3_EXT_d2i(ex); - if (alt) { -- int n, len1 = 0, len2 = 0; -+ int n, len2 = 0; - char *domain = NULL; - GENERAL_NAME *gn; - - if (ntype == IS_DNS) { -- len1 = strlen(name); - domain = strchr(name, '.'); - if (domain) { -- len2 = len1 - (domain-name); -+ len2 = nlen - (domain-name); - } - } - n = sk_GENERAL_NAME_num(alt); -@@ -539,7 +539,7 @@ - if (sl == 0) continue; - - /* Is this an exact match? */ -- if ((len1 == sl) && !strncasecmp(name, sn, len1)) { -+ if ((nlen == sl) && !strncasecmp(name, sn, nlen)) { - break; - } - -@@ -579,13 +579,28 @@ - - if (ret != LDAP_SUCCESS) { - X509_NAME *xn; -- char buf[2048]; -- buf[0] = '\0'; -+ X509_NAME_ENTRY *ne; -+ ASN1_OBJECT *obj; -+ ASN1_STRING *cn = NULL; -+ int navas; -+ -+ /* find the last CN */ -+ obj = OBJ_nid2obj( NID_commonName ); -+ if ( !obj ) goto no_cn; /* should never happen */ - - xn = X509_get_subject_name(x); -- if( X509_NAME_get_text_by_NID( xn, NID_commonName, -- buf, sizeof(buf)) == -1) -+ navas = X509_NAME_entry_count( xn ); -+ for ( i=navas-1; i>=0; i-- ) { -+ ne = X509_NAME_get_entry( xn, i ); -+ if ( !OBJ_cmp( ne->object, obj )) { -+ cn = X509_NAME_ENTRY_get_data( ne ); -+ break; -+ } -+ } -+ -+ if( !cn ) - { -+no_cn: - Debug( LDAP_DEBUG_ANY, - "TLS: unable to get common name from peer certificate.\n", - 0, 0, 0 ); -@@ -596,21 +611,20 @@ - ld->ld_error = LDAP_STRDUP( - _("TLS: unable to get CN from peer certificate")); - -- } else if (strcasecmp(name, buf) == 0 ) { -+ } else if ( cn->length == nlen && -+ strncasecmp( name, (char *) cn->data, nlen ) == 0 ) { - ret = LDAP_SUCCESS; - -- } else if (( buf[0] == '*' ) && ( buf[1] == '.' )) { -+ } else if (( cn->data[0] == '*' ) && ( cn->data[1] == '.' )) { - char *domain = strchr(name, '.'); - if( domain ) { -- size_t dlen = 0; -- size_t sl; -+ size_t dlen; - -- sl = strlen(name); -- dlen = sl - (domain-name); -- sl = strlen(buf); -+ dlen = nlen - (domain-name); - - /* Is this a wildcard match? */ -- if ((dlen == sl-1) && !strncasecmp(domain, &buf[1], dlen)) { -+ if ((dlen == cn->length-1) && -+ !strncasecmp(domain, (char *) &cn->data[1], dlen)) { - ret = LDAP_SUCCESS; - } - } -@@ -618,8 +632,8 @@ - - if( ret == LDAP_LOCAL_ERROR ) { - Debug( LDAP_DEBUG_ANY, "TLS: hostname (%s) does not match " -- "common name in certificate (%s).\n", -- name, buf, 0 ); -+ "common name in certificate (%.*s).\n", -+ name, cn->length, cn->data ); - ret = LDAP_CONNECT_ERROR; - if ( ld->ld_error ) { - LDAP_FREE( ld->ld_error ); diff --git a/openldap-2.4.17.tar.bz2 b/openldap-2.4.17.tar.bz2 deleted file mode 100644 index ea0fb88..0000000 --- a/openldap-2.4.17.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:9420647e50819d5b21ce271f827a00e76ac60a06712ec5fa948aaeca160543b6 -size 4372683 diff --git a/openldap-2.4.20.tar.bz2 b/openldap-2.4.20.tar.bz2 new file mode 100644 index 0000000..b06b6c0 --- /dev/null +++ b/openldap-2.4.20.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:af0f2ceb0fbabd866bf25bc6ea2013d4bf0510d84f6d4bcde25c8f0c270b411c +size 4417900 diff --git a/openldap2-client.changes b/openldap2-client.changes index 0d808bc..97a563d 100644 --- a/openldap2-client.changes +++ b/openldap2-client.changes @@ -1,3 +1,33 @@ +------------------------------------------------------------------- +Mon Nov 30 16:09:22 UTC 2009 - rhafer@novell.com + +- Update to 2.4.20 (fate#306593), most important fixes since 2.4.19 + * Fixed liblber embedded NUL values in BerValues (ITS#6353) + * Fixed libldap sasl buffer sizing (ITS#6327,ITS#6334) + * Fixed libldap uninitialized return value (ITS#6355) + * Fixed libldap unlimited timeout (ITS#6388) + * Added slapd handling of hex server IDs (ITS#6297) + * Fixed slapd checks of str2filter (ITS#6391) + * Fixed slapd configArgs initialization (ITS#6363) + * Fixed slapd db_open with connection_fake_init (ITS#6381) + * Fixed slapd with embedded \0 in bervals (ITS#6378,ITS#6379) + * Fixed slapd inclusion of ac/unistd.h (ITS#6342) + * Fixed slapd sl_free to better reclaim memory (ITS#6380) + * Fixed slapd syncrepl deletes in MirrorMode (ITS#6368) + * Fixed slapd syncrepl to use correct SID (ITS#6367) + * Fixed slapd tls_accept to retry in certain cases (ITS#6304) + * Fixed slapd-bdb/hdb cache corruption (ITS#6341) + * Fixed slapd-bdb/hdb entry cache (ITS#6360) + * Fixed slapo-syncprov checkpoint conversion (ITS#6370) + * Fixed slapo-syncprov deadlock (ITS#6335) + * Fixed slapo-syncprov out of order changes (ITS#6346) +- Added switch to enable/disable testsuite (%run_test_suite) + +------------------------------------------------------------------- +Tue Nov 3 19:13:32 UTC 2009 - coolo@novell.com + +- updated patches to apply with fuzz=0 + ------------------------------------------------------------------- Mon Sep 28 13:59:18 UTC 2009 - rhafer@novell.com diff --git a/openldap2-client.spec b/openldap2-client.spec index 3a684f3..577d3a3 100644 --- a/openldap2-client.spec +++ b/openldap2-client.spec @@ -1,5 +1,5 @@ # -# spec file for package openldap2-client (Version 2.4.17) +# spec file for package openldap2 (Version 2.4.17) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -17,8 +17,9 @@ # norootforbuild +%define run_test_suite 1 -Name: openldap2-client +Name: openldap2-client BuildRequires: cyrus-sasl-devel db-devel libopenssl-devel openslp-devel tcpd-devel %if %sles_version == 9 BuildRequires: -db-devel -libopenssl-devel -pwdutils libdb-4_5-devel openssl-devel @@ -26,8 +27,8 @@ BuildRequires: -db-devel -libopenssl-devel -pwdutils libdb-4_5-devel openssl-de %if %sles_version == 10 BuildRequires: -db-devel -libopenssl-devel -pwdutils libdb-4_5-devel openssl-devel %endif -Version: 2.4.17 -Release: 4 +Version: 2.4.20 +Release: 2 Url: http://www.openldap.org License: BSD 3-clause (or similar) ; openldap 2.8 %if "%{name}" == "openldap2" @@ -41,6 +42,7 @@ Summary: The OpenLDAP commandline client tools %else Group: Productivity/Networking/LDAP/Clients Conflicts: openldap-client +Requires: libldap-2_4-2 = %{version} Summary: The OpenLDAP commandline client tools %endif AutoReqProv: on @@ -52,16 +54,13 @@ Source4: sasl-slapd.conf Source5: README.update Source6: schema2ldif Source100: openldap-2.3.37.tar.bz2 -Patch: openldap2.dif +Patch1: openldap2.dif Patch2: slapd_conf.dif Patch3: ldap_conf.dif Patch4: ldapi_url.dif -Patch5: test056-monitor-its6213.dif Patch6: libldap-gethostbyname_r.dif Patch7: pie-compile.dif Patch11: slapd-bconfig-del-db.dif -Patch14: slapo-collect-include.dif -Patch15: libldap-tls_chkhost-its6239.dif Patch100: openldap-2.3.37.dif Patch200: slapd_getaddrinfo_dupl.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -173,18 +172,15 @@ Authors: %prep %setup -q -n openldap-%{version} -a1 -a2 -b100 -%patch +%patch1 %patch2 %patch3 %patch4 -%patch5 %patch6 %if %suse_version > 920 %patch7 %endif %patch11 -%patch14 -p1 -%patch15 %if %suse_version == 1100 %patch200 -p1 %endif @@ -253,6 +249,7 @@ make %{?jobs:-j%jobs} %endif %check +%if %run_test_suite # calculate the base port to be use in the test-suite SLAPD_BASEPORT=10000 if [ -f /.buildenv ] ; then @@ -274,6 +271,7 @@ rm -f tests/scripts/test050-syncrepl-multimaster rm -f tests/scripts/test058-syncrepl-asymmetric make SLAPD_DEBUG=0 test %endif +%endif %install mkdir -p $RPM_BUILD_ROOT/etc/init.d diff --git a/openldap2.changes b/openldap2.changes index 0d808bc..97a563d 100644 --- a/openldap2.changes +++ b/openldap2.changes @@ -1,3 +1,33 @@ +------------------------------------------------------------------- +Mon Nov 30 16:09:22 UTC 2009 - rhafer@novell.com + +- Update to 2.4.20 (fate#306593), most important fixes since 2.4.19 + * Fixed liblber embedded NUL values in BerValues (ITS#6353) + * Fixed libldap sasl buffer sizing (ITS#6327,ITS#6334) + * Fixed libldap uninitialized return value (ITS#6355) + * Fixed libldap unlimited timeout (ITS#6388) + * Added slapd handling of hex server IDs (ITS#6297) + * Fixed slapd checks of str2filter (ITS#6391) + * Fixed slapd configArgs initialization (ITS#6363) + * Fixed slapd db_open with connection_fake_init (ITS#6381) + * Fixed slapd with embedded \0 in bervals (ITS#6378,ITS#6379) + * Fixed slapd inclusion of ac/unistd.h (ITS#6342) + * Fixed slapd sl_free to better reclaim memory (ITS#6380) + * Fixed slapd syncrepl deletes in MirrorMode (ITS#6368) + * Fixed slapd syncrepl to use correct SID (ITS#6367) + * Fixed slapd tls_accept to retry in certain cases (ITS#6304) + * Fixed slapd-bdb/hdb cache corruption (ITS#6341) + * Fixed slapd-bdb/hdb entry cache (ITS#6360) + * Fixed slapo-syncprov checkpoint conversion (ITS#6370) + * Fixed slapo-syncprov deadlock (ITS#6335) + * Fixed slapo-syncprov out of order changes (ITS#6346) +- Added switch to enable/disable testsuite (%run_test_suite) + +------------------------------------------------------------------- +Tue Nov 3 19:13:32 UTC 2009 - coolo@novell.com + +- updated patches to apply with fuzz=0 + ------------------------------------------------------------------- Mon Sep 28 13:59:18 UTC 2009 - rhafer@novell.com diff --git a/openldap2.spec b/openldap2.spec index 24b6736..dac897e 100644 --- a/openldap2.spec +++ b/openldap2.spec @@ -17,6 +17,7 @@ # norootforbuild +%define run_test_suite 1 Name: openldap2 BuildRequires: cyrus-sasl-devel db-devel libopenssl-devel openslp-devel tcpd-devel @@ -26,8 +27,8 @@ BuildRequires: -db-devel -libopenssl-devel -pwdutils libdb-4_5-devel openssl-de %if %sles_version == 10 BuildRequires: -db-devel -libopenssl-devel -pwdutils libdb-4_5-devel openssl-devel %endif -Version: 2.4.17 -Release: 4 +Version: 2.4.20 +Release: 2 Url: http://www.openldap.org License: BSD 3-clause (or similar) ; openldap 2.8 %if "%{name}" == "openldap2" @@ -41,6 +42,7 @@ Summary: The OpenLDAP commandline client tools %else Group: Productivity/Networking/LDAP/Clients Conflicts: openldap-client +Requires: libldap-2_4-2 = %{version} Summary: The OpenLDAP commandline client tools %endif AutoReqProv: on @@ -52,16 +54,13 @@ Source4: sasl-slapd.conf Source5: README.update Source6: schema2ldif Source100: openldap-2.3.37.tar.bz2 -Patch: openldap2.dif +Patch1: openldap2.dif Patch2: slapd_conf.dif Patch3: ldap_conf.dif Patch4: ldapi_url.dif -Patch5: test056-monitor-its6213.dif Patch6: libldap-gethostbyname_r.dif Patch7: pie-compile.dif Patch11: slapd-bconfig-del-db.dif -Patch14: slapo-collect-include.dif -Patch15: libldap-tls_chkhost-its6239.dif Patch100: openldap-2.3.37.dif Patch200: slapd_getaddrinfo_dupl.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -173,18 +172,15 @@ Authors: %prep %setup -q -n openldap-%{version} -a1 -a2 -b100 -%patch +%patch1 %patch2 %patch3 %patch4 -%patch5 %patch6 %if %suse_version > 920 %patch7 %endif %patch11 -%patch14 -p1 -%patch15 %if %suse_version == 1100 %patch200 -p1 %endif @@ -253,6 +249,7 @@ make %{?jobs:-j%jobs} %endif %check +%if %run_test_suite # calculate the base port to be use in the test-suite SLAPD_BASEPORT=10000 if [ -f /.buildenv ] ; then @@ -274,6 +271,7 @@ rm -f tests/scripts/test050-syncrepl-multimaster rm -f tests/scripts/test058-syncrepl-asymmetric make SLAPD_DEBUG=0 test %endif +%endif %install mkdir -p $RPM_BUILD_ROOT/etc/init.d diff --git a/pie-compile.dif b/pie-compile.dif index 0514654..0cede92 100644 --- a/pie-compile.dif +++ b/pie-compile.dif @@ -1,6 +1,8 @@ ---- build/top.mk 2005/06/22 09:26:29 1.3 -+++ build/top.mk 2005/06/22 12:20:52 -@@ -169,9 +169,9 @@ +Index: build/top.mk +=================================================================== +--- build/top.mk.orig ++++ build/top.mk +@@ -178,9 +178,9 @@ SLAPD_L = $(LDAP_LIBLUNICODE_A) $(LDAP_L WRAP_LIBS = @WRAP_LIBS@ # AutoConfig generated AC_CC = @CC@ @@ -12,21 +14,25 @@ AC_LIBS = @LIBS@ KRB4_LIBS = @KRB4_LIBS@ ---- libraries/liblunicode/Makefile.in 2005/06/22 12:25:47 1.1 -+++ libraries/liblunicode/Makefile.in 2005/06/22 12:26:18 -@@ -29,6 +29,9 @@ - LDAP_INCDIR= ../../include - LDAP_LIBDIR= ../../libraries +Index: libraries/liblunicode/Makefile.in +=================================================================== +--- libraries/liblunicode/Makefile.in.orig ++++ libraries/liblunicode/Makefile.in +@@ -35,6 +35,9 @@ $(XXDIR)/uctable.h: $(XXDIR)/ucgendat.c + $(MAKE) ucgendat + ./ucgendat $(srcdir)/UnicodeData.txt -x $(srcdir)/CompositionExclusions.txt +PIE_CFLAGS="-fPIE" +PIE_LDFLAGS="-pie" + ucgendat: $(XLIBS) ucgendat.o $(LTLINK) -o $@ ucgendat.o $(LIBS) - ./ucgendat $(srcdir)/UnicodeData.txt -x $(srcdir)/CompositionExclusions.txt ---- libraries/liblutil/Makefile.in 2005/06/22 12:29:51 1.1 -+++ libraries/liblutil/Makefile.in 2005/06/22 12:30:20 -@@ -19,6 +19,9 @@ + +Index: libraries/liblutil/Makefile.in +=================================================================== +--- libraries/liblutil/Makefile.in.orig ++++ libraries/liblutil/Makefile.in +@@ -19,6 +19,9 @@ PROGRAM = testavl LDAP_INCDIR= ../../include LDAP_LIBDIR= ../../libraries @@ -36,9 +42,11 @@ NT_SRCS = ntservice.c NT_OBJS = ntservice.o slapdmsg.res ---- servers/slapd/Makefile.in 2005/06/22 09:28:52 1.1 -+++ servers/slapd/Makefile.in 2005/06/22 10:04:38 -@@ -67,6 +67,9 @@ +Index: servers/slapd/Makefile.in +=================================================================== +--- servers/slapd/Makefile.in.orig ++++ servers/slapd/Makefile.in +@@ -69,6 +69,9 @@ SLAPD_DYNAMIC_BACKENDS=@SLAPD_DYNAMIC_BA SLAPI_LIBS=@LIBSLAPI@ @SLAPI_LIBS@ @@ -48,11 +56,13 @@ XDEFS = $(MODULES_CPPFLAGS) XLDFLAGS = $(MODULES_LDFLAGS) ---- servers/slapd/back-bdb/Makefile.in 2005/06/22 10:05:47 1.1 -+++ servers/slapd/back-bdb/Makefile.in 2005/06/22 10:06:22 -@@ -37,6 +37,9 @@ +Index: servers/slapd/back-bdb/Makefile.in +=================================================================== +--- servers/slapd/back-bdb/Makefile.in.orig ++++ servers/slapd/back-bdb/Makefile.in +@@ -37,6 +37,9 @@ mod_DEFS = -DSLAPD_IMPORT MOD_DEFS = $(@BUILD_BDB@_DEFS) - MOD_LIBS = $(LDBM_LIBS) + MOD_LIBS = $(BDB_LIBS) +PIE_CFLAGS="-fPIE" +PIE_LDFLAGS="-pie" @@ -60,11 +70,13 @@ shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) ---- servers/slapd/back-hdb/Makefile.in 2005/06/22 11:31:01 1.1 -+++ servers/slapd/back-hdb/Makefile.in 2005/06/22 11:31:41 -@@ -39,6 +39,9 @@ +Index: servers/slapd/back-hdb/Makefile.in +=================================================================== +--- servers/slapd/back-hdb/Makefile.in.orig ++++ servers/slapd/back-hdb/Makefile.in +@@ -41,6 +41,9 @@ mod_DEFS = -DSLAPD_IMPORT MOD_DEFS = $(@BUILD_HDB@_DEFS) - MOD_LIBS = $(LDBM_LIBS) + MOD_LIBS = $(BDB_LIBS) +PIE_CFLAGS="-fPIE" +PIE_LDFLAGS="-pie" @@ -72,9 +84,11 @@ shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) ---- servers/slapd/overlays/Makefile.in 2005/06/22 12:35:29 1.1 -+++ servers/slapd/overlays/Makefile.in 2005/06/22 12:35:47 -@@ -19,6 +19,9 @@ +Index: servers/slapd/overlays/Makefile.in +=================================================================== +--- servers/slapd/overlays/Makefile.in.orig ++++ servers/slapd/overlays/Makefile.in +@@ -45,6 +45,9 @@ LTONLY_MOD = $(LTONLY_mod) LDAP_INCDIR= ../../../include LDAP_LIBDIR= ../../../libraries @@ -84,9 +98,11 @@ MOD_DEFS = -DSLAPD_IMPORT shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) ---- servers/slapd/back-relay/Makefile.in 2005/09/23 09:59:31 1.1 -+++ servers/slapd/back-relay/Makefile.in 2005/09/23 09:59:12 -@@ -24,6 +24,9 @@ +Index: servers/slapd/back-relay/Makefile.in +=================================================================== +--- servers/slapd/back-relay/Makefile.in.orig ++++ servers/slapd/back-relay/Makefile.in +@@ -25,6 +25,9 @@ BUILD_MOD = @BUILD_RELAY@ mod_DEFS = -DSLAPD_IMPORT MOD_DEFS = $(@BUILD_RELAY@_DEFS) @@ -96,9 +112,11 @@ shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) $(REWRITE) UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) $(REWRITE) ---- servers/slapd/back-ldif/Makefile.in 2005/09/23 09:58:52 1.1 -+++ servers/slapd/back-ldif/Makefile.in 2005/09/23 09:58:54 -@@ -25,6 +25,9 @@ +Index: servers/slapd/back-ldif/Makefile.in +=================================================================== +--- servers/slapd/back-ldif/Makefile.in.orig ++++ servers/slapd/back-ldif/Makefile.in +@@ -25,6 +25,9 @@ BUILD_MOD = yes mod_DEFS = -DSLAPD_IMPORT MOD_DEFS = $(yes_DEFS) @@ -108,9 +126,11 @@ shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) ---- libraries/librewrite/Makefile.in 2005/09/23 10:16:37 1.1 -+++ libraries/librewrite/Makefile.in 2005/09/23 10:18:36 -@@ -26,6 +26,9 @@ +Index: libraries/librewrite/Makefile.in +=================================================================== +--- libraries/librewrite/Makefile.in.orig ++++ libraries/librewrite/Makefile.in +@@ -26,6 +26,9 @@ OBJS = config.o context.o info.o ldapmap LDAP_INCDIR= ../../include LDAP_LIBDIR= ../../libraries @@ -120,9 +140,11 @@ LIBRARY = librewrite.a PROGRAMS = rewrite XLIBS = $(LIBRARY) $(LDAP_LIBLUTIL_A) \ ---- servers/slapd/back-ldap/Makefile.in 2005/12/09 08:58:44 1.1 -+++ servers/slapd/back-ldap/Makefile.in 2005/12/09 08:59:28 -@@ -27,6 +27,9 @@ +Index: servers/slapd/back-ldap/Makefile.in +=================================================================== +--- servers/slapd/back-ldap/Makefile.in.orig ++++ servers/slapd/back-ldap/Makefile.in +@@ -29,6 +29,9 @@ BUILD_MOD = @BUILD_LDAP@ mod_DEFS = -DSLAPD_IMPORT MOD_DEFS = $(@BUILD_LDAP@_DEFS) @@ -132,9 +154,11 @@ shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) ---- servers/slapd/back-monitor/Makefile.in 2005/12/09 08:58:55 1.1 -+++ servers/slapd/back-monitor/Makefile.in 2005/12/09 08:59:48 -@@ -33,6 +33,9 @@ +Index: servers/slapd/back-monitor/Makefile.in +=================================================================== +--- servers/slapd/back-monitor/Makefile.in.orig ++++ servers/slapd/back-monitor/Makefile.in +@@ -33,6 +33,9 @@ BUILD_MOD = @BUILD_MONITOR@ mod_DEFS = -DSLAPD_IMPORT MOD_DEFS = $(@BUILD_MONITOR@_DEFS) diff --git a/slapo-collect-include.dif b/slapo-collect-include.dif deleted file mode 100644 index 2a549b4..0000000 --- a/slapo-collect-include.dif +++ /dev/null @@ -1,12 +0,0 @@ -Index: openldap-2.4.12/servers/slapd/overlays/collect.c -=================================================================== ---- openldap-2.4.12.orig/servers/slapd/overlays/collect.c -+++ openldap-2.4.12/servers/slapd/overlays/collect.c -@@ -30,6 +30,7 @@ - - #include "slap.h" - #include "config.h" -+#include "lutil.h" - - /* This is a cheap hack to implement a collective attribute. - * diff --git a/test056-monitor-its6213.dif b/test056-monitor-its6213.dif deleted file mode 100644 index 5f15235..0000000 --- a/test056-monitor-its6213.dif +++ /dev/null @@ -1,36 +0,0 @@ -Index: tests/scripts/test056-monitor -=================================================================== -RCS file: /repo/OpenLDAP/pkg/ldap/tests/scripts/test056-monitor,v -retrieving revision 1.3 -retrieving revision 1.4 -diff -u -r1.3 -r1.4 ---- tests/scripts/test056-monitor 2 Jul 2009 13:26:52 -0000 1.3 -+++ tests/scripts/test056-monitor 14 Jul 2009 11:35:56 -0000 1.4 -@@ -66,7 +66,7 @@ - echo "Filtering ldapsearch results..." - sed -e "$localrewrite" < $SEARCHOUT | . $LDIFFILTER > $SEARCHFLT - echo "Filtering expected data..." --sed -e "$localrewrite" < $MONITOROUT1 | . $LDIFFILTER > $LDIFFLT -+. $CONFFILTER < $MONITOROUT1 | sed -e "$localrewrite" | . $LDIFFILTER > $LDIFFLT - echo "Comparing filter output..." - $CMP $SEARCHFLT $LDIFFLT > $CMPOUT - -Index: tests/data/monitor1.out -=================================================================== -RCS file: /repo/OpenLDAP/pkg/ldap/tests/data/monitor1.out,v -retrieving revision 1.1 -retrieving revision 1.2 -diff -u -r1.1 -r1.2 ---- tests/data/monitor1.out 27 Jan 2009 09:09:51 -0000 1.1 -+++ tests/data/monitor1.out 14 Jul 2009 11:35:56 -0000 1.2 -@@ -9,8 +9,8 @@ - monitorConnectionRead: 2 - monitorConnectionWrite: 0 - monitorConnectionMask: rx --monitorConnectionListener: ldap://localhost:9011/ --monitorConnectionLocalAddress: IP=127.0.0.1:9011 -+monitorConnectionListener: ldap://localhost:@PORT1@/ -+monitorConnectionLocalAddress: IP=127.0.0.1:@PORT1@ - entryDN: cn=Connection 1,cn=Connections,cn=Monitor - - dn: cn=Connections,cn=Monitor From 06a856973efe657354876bbca2175bbc399b4e064a3170dd2cf729f6ce03562a Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp Date: Thu, 10 Dec 2009 16:03:08 +0000 Subject: [PATCH 5/7] - Fixed an issue in back-config's objectclass inheritence code that could cause the server to fail to start or to spin in an endless loop (bnc#558059,ITS#6408) - default the tls_reqcert parameter of a syncrepl config to "demand" as documented even if other tls_ options are absent (bnc#558397, ITS#6319) - apply changes to the global size and timelimits to all database that don't specify limits themself. (bnc#562184, ITS#6428) OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=25 --- ...onfig-objectclass-inheritence-ITS-6408.dif | 55 ++++++ 0002-init-bindconf-TLS-settings-ITS-6419.dif | 162 ++++++++++++++++++ ...imit-changes-to-all-databases-ITS-6428.dif | 135 +++++++++++++++ openldap2-client.changes | 12 ++ openldap2-client.spec | 6 + openldap2.changes | 12 ++ openldap2.spec | 6 + 7 files changed, 388 insertions(+) create mode 100644 0001-back-config-objectclass-inheritence-ITS-6408.dif create mode 100644 0002-init-bindconf-TLS-settings-ITS-6419.dif create mode 100644 0003-apply-global-limit-changes-to-all-databases-ITS-6428.dif diff --git a/0001-back-config-objectclass-inheritence-ITS-6408.dif b/0001-back-config-objectclass-inheritence-ITS-6408.dif new file mode 100644 index 0000000..775edcd --- /dev/null +++ b/0001-back-config-objectclass-inheritence-ITS-6408.dif @@ -0,0 +1,55 @@ +From 49921a1e1a1832f9461d800eeeaee30f12864441 Mon Sep 17 00:00:00 2001 +From: Ralf Haferkamp +Date: Tue, 8 Dec 2009 12:13:39 +0100 +Subject: [PATCH 1/3] back-config objectclass inheritence (ITS#6408) + +bnc#558059 +--- + servers/slapd/bconfig.c | 12 ++++++------ + 1 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c +index c903458..d43e927 100644 +--- a/servers/slapd/bconfig.c ++++ b/servers/slapd/bconfig.c +@@ -4932,10 +4932,10 @@ config_add_internal( CfBackInfo *cfb, Entry *e, ConfigArgs *ca, SlapReply *rs, + ok: + /* Newly added databases and overlays need to be started up */ + if ( CONFIG_ONLINE_ADD( ca )) { +- if ( colst[0]->co_type == Cft_Database ) { ++ if ( coptr->co_type == Cft_Database ) { + rc = backend_startup_one( ca->be, &ca->reply ); + +- } else if ( colst[0]->co_type == Cft_Overlay ) { ++ } else if ( coptr->co_type == Cft_Overlay ) { + if ( ca->bi->bi_db_open ) { + BackendInfo *bi_orig = ca->be->bd_info; + ca->be->bd_info = ca->bi; +@@ -4961,7 +4961,7 @@ ok: + ce->ce_parent = last; + ce->ce_entry = entry_dup( e ); + ce->ce_entry->e_private = ce; +- ce->ce_type = colst[0]->co_type; ++ ce->ce_type = coptr->co_type; + ce->ce_be = ca->be; + ce->ce_bi = ca->bi; + ce->ce_private = ca->ca_private; +@@ -5006,12 +5006,12 @@ ok: + + done: + if ( rc ) { +- if ( (colst[0]->co_type == Cft_Database) && ca->be ) { ++ if ( (coptr->co_type == Cft_Database) && ca->be ) { + if ( ca->be != frontendDB ) + backend_destroy_one( ca->be, 1 ); +- } else if ( (colst[0]->co_type == Cft_Overlay) && ca->bi ) { ++ } else if ( (coptr->co_type == Cft_Overlay) && ca->bi ) { + overlay_destroy_one( ca->be, (slap_overinst *)ca->bi ); +- } else if ( colst[0]->co_type == Cft_Schema ) { ++ } else if ( coptr->co_type == Cft_Schema ) { + schema_destroy_one( ca, colst, nocs, last ); + } + } +-- +1.6.4.2 + diff --git a/0002-init-bindconf-TLS-settings-ITS-6419.dif b/0002-init-bindconf-TLS-settings-ITS-6419.dif new file mode 100644 index 0000000..11a8fca --- /dev/null +++ b/0002-init-bindconf-TLS-settings-ITS-6419.dif @@ -0,0 +1,162 @@ +From d14434499207d1f0ca4686ce46787056b23b4d2c Mon Sep 17 00:00:00 2001 +From: Ralf Haferkamp +Date: Tue, 8 Dec 2009 13:36:17 +0100 +Subject: [PATCH 2/3] init bindconf TLS settings (ITS#6419) + +bnc#558397 +--- + servers/slapd/config.c | 71 +++++++++++++++++++++++++++++++++++++++++---- + servers/slapd/slap.h | 8 +++++ + servers/slapd/syncrepl.c | 4 ++ + 3 files changed, 76 insertions(+), 7 deletions(-) + +diff --git a/servers/slapd/config.c b/servers/slapd/config.c +index be5a2f7..171e968 100644 +--- a/servers/slapd/config.c ++++ b/servers/slapd/config.c +@@ -1210,8 +1210,32 @@ static slap_verbmasks versionkey[] = { + { BER_BVNULL, 0 } + }; + ++static int ++slap_sb_uri( ++ struct berval *val, ++ void *bcp, ++ slap_cf_aux_table *tab0, ++ const char *tabmsg, ++ int unparse ) ++{ ++ slap_bindconf *bc = bcp; ++ if ( unparse ) { ++ if ( bc->sb_uri.bv_len >= val->bv_len ) ++ return -1; ++ val->bv_len = bc->sb_uri.bv_len; ++ AC_MEMCPY( val->bv_val, bc->sb_uri.bv_val, val->bv_len ); ++ } else { ++ bc->sb_uri = *val; ++#ifdef HAVE_TLS ++ if ( ldap_is_ldaps_url( val->bv_val )) ++ bc->sb_tls_do_init = 1; ++#endif ++ } ++ return 0; ++} ++ + static slap_cf_aux_table bindkey[] = { +- { BER_BVC("uri="), offsetof(slap_bindconf, sb_uri), 'b', 1, NULL }, ++ { BER_BVC("uri="), 0, 'x', 1, slap_sb_uri }, + { BER_BVC("version="), offsetof(slap_bindconf, sb_version), 'i', 0, versionkey }, + { BER_BVC("bindmethod="), offsetof(slap_bindconf, sb_method), 'i', 0, methkey }, + { BER_BVC("timeout="), offsetof(slap_bindconf, sb_timeout_api), 'i', 0, NULL }, +@@ -1224,21 +1248,20 @@ static slap_cf_aux_table bindkey[] = { + { BER_BVC("authcID="), offsetof(slap_bindconf, sb_authcId), 'b', 1, NULL }, + { BER_BVC("authzID="), offsetof(slap_bindconf, sb_authzId), 'b', 1, (slap_verbmasks *)authzNormalize }, + #ifdef HAVE_TLS +- { BER_BVC("starttls="), offsetof(slap_bindconf, sb_tls), 'i', 0, tlskey }, +- + /* NOTE: replace "13" with the actual index + * of the first TLS-related line */ + #define aux_TLS (bindkey+13) /* beginning of TLS keywords */ + ++ { BER_BVC("starttls="), offsetof(slap_bindconf, sb_tls), 'i', 0, tlskey }, + { BER_BVC("tls_cert="), offsetof(slap_bindconf, sb_tls_cert), 's', 1, NULL }, + { BER_BVC("tls_key="), offsetof(slap_bindconf, sb_tls_key), 's', 1, NULL }, + { BER_BVC("tls_cacert="), offsetof(slap_bindconf, sb_tls_cacert), 's', 1, NULL }, + { BER_BVC("tls_cacertdir="), offsetof(slap_bindconf, sb_tls_cacertdir), 's', 1, NULL }, +- { BER_BVC("tls_reqcert="), offsetof(slap_bindconf, sb_tls_reqcert), 's', 1, NULL }, +- { BER_BVC("tls_cipher_suite="), offsetof(slap_bindconf, sb_tls_cipher_suite), 's', 1, NULL }, +- { BER_BVC("tls_protocol_min="), offsetof(slap_bindconf, sb_tls_protocol_min), 's', 1, NULL }, ++ { BER_BVC("tls_reqcert="), offsetof(slap_bindconf, sb_tls_reqcert), 's', 0, NULL }, ++ { BER_BVC("tls_cipher_suite="), offsetof(slap_bindconf, sb_tls_cipher_suite), 's', 0, NULL }, ++ { BER_BVC("tls_protocol_min="), offsetof(slap_bindconf, sb_tls_protocol_min), 's', 0, NULL }, + #ifdef HAVE_OPENSSL_CRL +- { BER_BVC("tls_crlcheck="), offsetof(slap_bindconf, sb_tls_crlcheck), 's', 1, NULL }, ++ { BER_BVC("tls_crlcheck="), offsetof(slap_bindconf, sb_tls_crlcheck), 's', 0, NULL }, + #endif + #endif + { BER_BVNULL, 0, 0, 0, NULL } +@@ -1330,6 +1353,20 @@ slap_cf_aux_table_parse( const char *word, void *dst, slap_cf_aux_table *tab0, L + + rc = lutil_atoulx( ulptr, val, 0 ); + break; ++ ++ case 'x': ++ if ( tab->aux != NULL ) { ++ struct berval value; ++ slap_cf_aux_table_parse_x *func = (slap_cf_aux_table_parse_x *)tab->aux; ++ ++ ber_str2bv( val, 0, 1, &value ); ++ ++ rc = func( &value, (void *)((char *)dst + tab->off), tab, tabmsg, 0 ); ++ ++ } else { ++ rc = 1; ++ } ++ break; + } + + if ( rc ) { +@@ -1420,6 +1457,26 @@ slap_cf_aux_table_unparse( void *src, struct berval *bv, slap_cf_aux_table *tab0 + ptr += snprintf( ptr, sizeof( buf ) - ( ptr - buf ), "%lu", *ulptr ); + break; + ++ case 'x': ++ *ptr++ = ' '; ++ ptr = lutil_strcopy( ptr, tab->key.bv_val ); ++ if ( tab->quote ) *ptr++ = '"'; ++ if ( tab->aux != NULL ) { ++ struct berval value; ++ slap_cf_aux_table_parse_x *func = (slap_cf_aux_table_parse_x *)tab->aux; ++ int rc; ++ ++ value.bv_val = ptr; ++ value.bv_len = buf + sizeof( buf ) - ptr; ++ ++ rc = func( &value, (void *)((char *)src + tab->off), tab, "(unparse)", 1 ); ++ if ( rc == 0 ) { ++ ptr += value.bv_len; ++ } ++ } ++ if ( tab->quote ) *ptr++ = '"'; ++ break; ++ + default: + assert( 0 ); + } +diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h +index 076b898..210f6ba 100644 +--- a/servers/slapd/slap.h ++++ b/servers/slapd/slap.h +@@ -1630,6 +1630,14 @@ typedef struct slap_cf_aux_table { + void *aux; + } slap_cf_aux_table; + ++typedef int ++slap_cf_aux_table_parse_x LDAP_P(( ++ struct berval *val, ++ void *bc, ++ slap_cf_aux_table *tab0, ++ const char *tabmsg, ++ int unparse )); ++ + #define SLAP_LIMIT_TIME 1 + #define SLAP_LIMIT_SIZE 2 + +diff --git a/servers/slapd/syncrepl.c b/servers/slapd/syncrepl.c +index fb1001f..bf84556 100644 +--- a/servers/slapd/syncrepl.c ++++ b/servers/slapd/syncrepl.c +@@ -4060,6 +4060,10 @@ parse_syncrepl_line( + { + val = c->argv[ i ] + STRLENOF( PROVIDERSTR "=" ); + ber_str2bv( val, 0, 1, &si->si_bindconf.sb_uri ); ++#ifdef HAVE_TLS ++ if ( ldap_is_ldaps_url( val )) ++ si->si_bindconf.sb_tls_do_init = 1; ++#endif + si->si_got |= GOT_PROVIDER; + } else if ( !strncasecmp( c->argv[ i ], SCHEMASTR "=", + STRLENOF( SCHEMASTR "=" ) ) ) +-- +1.6.4.2 + diff --git a/0003-apply-global-limit-changes-to-all-databases-ITS-6428.dif b/0003-apply-global-limit-changes-to-all-databases-ITS-6428.dif new file mode 100644 index 0000000..1ccc518 --- /dev/null +++ b/0003-apply-global-limit-changes-to-all-databases-ITS-6428.dif @@ -0,0 +1,135 @@ +From ed86ffeec8ac01f9bc8ed531e5205a924c4a2979 Mon Sep 17 00:00:00 2001 +From: ralf +Date: Thu, 10 Dec 2009 10:56:52 +0000 +Subject: [PATCH 3/3] apply global limit changes to all databases (ITS#6428) + +bnc#562184 +--- + servers/slapd/bconfig.c | 90 ++++++++++++++++++++++++++++++++++++++++------ + 1 files changed, 78 insertions(+), 12 deletions(-) + +diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c +index d43e927..ae15224 100644 +--- a/servers/slapd/bconfig.c ++++ b/servers/slapd/bconfig.c +@@ -2208,14 +2208,23 @@ config_sizelimit(ConfigArgs *c) { + rc = 1; + return rc; + } else if ( c->op == LDAP_MOD_DELETE ) { +- /* Reset to defaults */ +- lim->lms_s_soft = SLAPD_DEFAULT_SIZELIMIT; +- lim->lms_s_hard = 0; +- lim->lms_s_unchecked = -1; +- lim->lms_s_pr = 0; +- lim->lms_s_pr_hide = 0; +- lim->lms_s_pr_total = 0; +- return 0; ++ /* Reset to defaults or values from frontend */ ++ if ( c->be == frontendDB ) { ++ lim->lms_s_soft = SLAPD_DEFAULT_SIZELIMIT; ++ lim->lms_s_hard = 0; ++ lim->lms_s_unchecked = -1; ++ lim->lms_s_pr = 0; ++ lim->lms_s_pr_hide = 0; ++ lim->lms_s_pr_total = 0; ++ } else { ++ lim->lms_s_soft = frontendDB->be_def_limit.lms_s_soft; ++ lim->lms_s_hard = frontendDB->be_def_limit.lms_s_hard; ++ lim->lms_s_unchecked = frontendDB->be_def_limit.lms_s_unchecked; ++ lim->lms_s_pr = frontendDB->be_def_limit.lms_s_pr; ++ lim->lms_s_pr_hide = frontendDB->be_def_limit.lms_s_pr_hide; ++ lim->lms_s_pr_total = frontendDB->be_def_limit.lms_s_pr_total; ++ } ++ goto ok; + } + for(i = 1; i < c->argc; i++) { + if(!strncasecmp(c->argv[i], "size", 4)) { +@@ -2240,6 +2249,34 @@ config_sizelimit(ConfigArgs *c) { + lim->lms_s_hard = 0; + } + } ++ ++ok: ++ if ( ( c->be == frontendDB ) && ( c->ca_entry ) ) { ++ /* This is a modification to the global limits apply it to ++ * the other databases as needed */ ++ AttributeDescription *ad=NULL; ++ const char *text = NULL; ++ slap_str2ad(c->argv[0], &ad, &text); ++ /* if we got here... */ ++ assert( ad != NULL ); ++ ++ CfEntryInfo *ce = c->ca_entry->e_private; ++ if ( ce->ce_type == Cft_Global ){ ++ ce = ce->ce_kids; ++ } ++ for (; ce; ce=ce->ce_sibs) { ++ Entry *dbe = ce->ce_entry; ++ if ( (ce->ce_type == Cft_Database) && (ce->ce_be != frontendDB) ++ && (!attr_find(dbe->e_attrs, ad)) ) { ++ ce->ce_be->be_def_limit.lms_s_soft = lim->lms_s_soft; ++ ce->ce_be->be_def_limit.lms_s_hard = lim->lms_s_hard; ++ ce->ce_be->be_def_limit.lms_s_unchecked =lim->lms_s_unchecked; ++ ce->ce_be->be_def_limit.lms_s_pr =lim->lms_s_pr; ++ ce->ce_be->be_def_limit.lms_s_pr_hide =lim->lms_s_pr_hide; ++ ce->ce_be->be_def_limit.lms_s_pr_total =lim->lms_s_pr_total; ++ } ++ } ++ } + return(0); + } + +@@ -2259,10 +2296,15 @@ config_timelimit(ConfigArgs *c) { + rc = 1; + return rc; + } else if ( c->op == LDAP_MOD_DELETE ) { +- /* Reset to defaults */ +- lim->lms_t_soft = SLAPD_DEFAULT_TIMELIMIT; +- lim->lms_t_hard = 0; +- return 0; ++ /* Reset to defaults or values from frontend */ ++ if ( c->be == frontendDB ) { ++ lim->lms_t_soft = SLAPD_DEFAULT_TIMELIMIT; ++ lim->lms_t_hard = 0; ++ } else { ++ lim->lms_t_soft = frontendDB->be_def_limit.lms_t_soft; ++ lim->lms_t_hard = frontendDB->be_def_limit.lms_t_hard; ++ } ++ goto ok; + } + for(i = 1; i < c->argc; i++) { + if(!strncasecmp(c->argv[i], "time", 4)) { +@@ -2287,6 +2329,30 @@ config_timelimit(ConfigArgs *c) { + lim->lms_t_hard = 0; + } + } ++ ++ok: ++ if ( ( c->be == frontendDB ) && ( c->ca_entry ) ) { ++ /* This is a modification to the global limits apply it to ++ * the other databases as needed */ ++ AttributeDescription *ad=NULL; ++ const char *text = NULL; ++ slap_str2ad(c->argv[0], &ad, &text); ++ /* if we got here... */ ++ assert( ad != NULL ); ++ ++ CfEntryInfo *ce = c->ca_entry->e_private; ++ if ( ce->ce_type == Cft_Global ){ ++ ce = ce->ce_kids; ++ } ++ for (; ce; ce=ce->ce_sibs) { ++ Entry *dbe = ce->ce_entry; ++ if ( (ce->ce_type == Cft_Database) && (ce->ce_be != frontendDB) ++ && (!attr_find(dbe->e_attrs, ad)) ) { ++ ce->ce_be->be_def_limit.lms_t_soft = lim->lms_t_soft; ++ ce->ce_be->be_def_limit.lms_t_hard = lim->lms_t_hard; ++ } ++ } ++ } + return(0); + } + +-- +1.6.4.2 + diff --git a/openldap2-client.changes b/openldap2-client.changes index 97a563d..df58381 100644 --- a/openldap2-client.changes +++ b/openldap2-client.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Thu Dec 10 15:41:11 UTC 2009 - rhafer@novell.com + +- Fixed an issue in back-config's objectclass inheritence code that + could cause the server to fail to start or to spin in an endless + loop (bnc#558059,ITS#6408) +- default the tls_reqcert parameter of a syncrepl config to + "demand" as documented even if other tls_ options are absent + (bnc#558397, ITS#6319) +- apply changes to the global size and timelimits to all database + that don't specify limits themself. (bnc#562184, ITS#6428) + ------------------------------------------------------------------- Mon Nov 30 16:09:22 UTC 2009 - rhafer@novell.com diff --git a/openldap2-client.spec b/openldap2-client.spec index 577d3a3..97ce5d3 100644 --- a/openldap2-client.spec +++ b/openldap2-client.spec @@ -61,6 +61,9 @@ Patch4: ldapi_url.dif Patch6: libldap-gethostbyname_r.dif Patch7: pie-compile.dif Patch11: slapd-bconfig-del-db.dif +Patch12: 0001-back-config-objectclass-inheritence-ITS-6408.dif +Patch13: 0002-init-bindconf-TLS-settings-ITS-6419.dif +Patch14: 0003-apply-global-limit-changes-to-all-databases-ITS-6428.dif Patch100: openldap-2.3.37.dif Patch200: slapd_getaddrinfo_dupl.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -181,6 +184,9 @@ Authors: %patch7 %endif %patch11 +%patch12 -p1 +%patch13 -p1 +%patch14 -p1 %if %suse_version == 1100 %patch200 -p1 %endif diff --git a/openldap2.changes b/openldap2.changes index 97a563d..df58381 100644 --- a/openldap2.changes +++ b/openldap2.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Thu Dec 10 15:41:11 UTC 2009 - rhafer@novell.com + +- Fixed an issue in back-config's objectclass inheritence code that + could cause the server to fail to start or to spin in an endless + loop (bnc#558059,ITS#6408) +- default the tls_reqcert parameter of a syncrepl config to + "demand" as documented even if other tls_ options are absent + (bnc#558397, ITS#6319) +- apply changes to the global size and timelimits to all database + that don't specify limits themself. (bnc#562184, ITS#6428) + ------------------------------------------------------------------- Mon Nov 30 16:09:22 UTC 2009 - rhafer@novell.com diff --git a/openldap2.spec b/openldap2.spec index dac897e..7bf46d6 100644 --- a/openldap2.spec +++ b/openldap2.spec @@ -61,6 +61,9 @@ Patch4: ldapi_url.dif Patch6: libldap-gethostbyname_r.dif Patch7: pie-compile.dif Patch11: slapd-bconfig-del-db.dif +Patch12: 0001-back-config-objectclass-inheritence-ITS-6408.dif +Patch13: 0002-init-bindconf-TLS-settings-ITS-6419.dif +Patch14: 0003-apply-global-limit-changes-to-all-databases-ITS-6428.dif Patch100: openldap-2.3.37.dif Patch200: slapd_getaddrinfo_dupl.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -181,6 +184,9 @@ Authors: %patch7 %endif %patch11 +%patch12 -p1 +%patch13 -p1 +%patch14 -p1 %if %suse_version == 1100 %patch200 -p1 %endif From e2805fc2d9d87b6a71448dcd9f3a05fcdaba801ff38086a4b72f8631170778ef Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Fri, 11 Dec 2009 12:08:01 +0000 Subject: [PATCH 6/7] checked in OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=26 --- ...onfig-objectclass-inheritence-ITS-6408.dif | 55 ------ 0002-init-bindconf-TLS-settings-ITS-6419.dif | 162 ------------------ ...imit-changes-to-all-databases-ITS-6428.dif | 135 --------------- libldap-tls_chkhost-its6239.dif | 125 ++++++++++++++ openldap-2.4.17.tar.bz2 | 3 + openldap-2.4.20.tar.bz2 | 3 - openldap2-client.changes | 37 ---- openldap2-client.spec | 26 ++- openldap2.changes | 37 ---- openldap2.spec | 22 +-- slapo-collect-include.dif | 12 ++ test056-monitor-its6213.dif | 36 ++++ 12 files changed, 196 insertions(+), 457 deletions(-) delete mode 100644 0001-back-config-objectclass-inheritence-ITS-6408.dif delete mode 100644 0002-init-bindconf-TLS-settings-ITS-6419.dif delete mode 100644 0003-apply-global-limit-changes-to-all-databases-ITS-6428.dif create mode 100644 libldap-tls_chkhost-its6239.dif create mode 100644 openldap-2.4.17.tar.bz2 delete mode 100644 openldap-2.4.20.tar.bz2 create mode 100644 slapo-collect-include.dif create mode 100644 test056-monitor-its6213.dif diff --git a/0001-back-config-objectclass-inheritence-ITS-6408.dif b/0001-back-config-objectclass-inheritence-ITS-6408.dif deleted file mode 100644 index 775edcd..0000000 --- a/0001-back-config-objectclass-inheritence-ITS-6408.dif +++ /dev/null @@ -1,55 +0,0 @@ -From 49921a1e1a1832f9461d800eeeaee30f12864441 Mon Sep 17 00:00:00 2001 -From: Ralf Haferkamp -Date: Tue, 8 Dec 2009 12:13:39 +0100 -Subject: [PATCH 1/3] back-config objectclass inheritence (ITS#6408) - -bnc#558059 ---- - servers/slapd/bconfig.c | 12 ++++++------ - 1 files changed, 6 insertions(+), 6 deletions(-) - -diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c -index c903458..d43e927 100644 ---- a/servers/slapd/bconfig.c -+++ b/servers/slapd/bconfig.c -@@ -4932,10 +4932,10 @@ config_add_internal( CfBackInfo *cfb, Entry *e, ConfigArgs *ca, SlapReply *rs, - ok: - /* Newly added databases and overlays need to be started up */ - if ( CONFIG_ONLINE_ADD( ca )) { -- if ( colst[0]->co_type == Cft_Database ) { -+ if ( coptr->co_type == Cft_Database ) { - rc = backend_startup_one( ca->be, &ca->reply ); - -- } else if ( colst[0]->co_type == Cft_Overlay ) { -+ } else if ( coptr->co_type == Cft_Overlay ) { - if ( ca->bi->bi_db_open ) { - BackendInfo *bi_orig = ca->be->bd_info; - ca->be->bd_info = ca->bi; -@@ -4961,7 +4961,7 @@ ok: - ce->ce_parent = last; - ce->ce_entry = entry_dup( e ); - ce->ce_entry->e_private = ce; -- ce->ce_type = colst[0]->co_type; -+ ce->ce_type = coptr->co_type; - ce->ce_be = ca->be; - ce->ce_bi = ca->bi; - ce->ce_private = ca->ca_private; -@@ -5006,12 +5006,12 @@ ok: - - done: - if ( rc ) { -- if ( (colst[0]->co_type == Cft_Database) && ca->be ) { -+ if ( (coptr->co_type == Cft_Database) && ca->be ) { - if ( ca->be != frontendDB ) - backend_destroy_one( ca->be, 1 ); -- } else if ( (colst[0]->co_type == Cft_Overlay) && ca->bi ) { -+ } else if ( (coptr->co_type == Cft_Overlay) && ca->bi ) { - overlay_destroy_one( ca->be, (slap_overinst *)ca->bi ); -- } else if ( colst[0]->co_type == Cft_Schema ) { -+ } else if ( coptr->co_type == Cft_Schema ) { - schema_destroy_one( ca, colst, nocs, last ); - } - } --- -1.6.4.2 - diff --git a/0002-init-bindconf-TLS-settings-ITS-6419.dif b/0002-init-bindconf-TLS-settings-ITS-6419.dif deleted file mode 100644 index 11a8fca..0000000 --- a/0002-init-bindconf-TLS-settings-ITS-6419.dif +++ /dev/null @@ -1,162 +0,0 @@ -From d14434499207d1f0ca4686ce46787056b23b4d2c Mon Sep 17 00:00:00 2001 -From: Ralf Haferkamp -Date: Tue, 8 Dec 2009 13:36:17 +0100 -Subject: [PATCH 2/3] init bindconf TLS settings (ITS#6419) - -bnc#558397 ---- - servers/slapd/config.c | 71 +++++++++++++++++++++++++++++++++++++++++---- - servers/slapd/slap.h | 8 +++++ - servers/slapd/syncrepl.c | 4 ++ - 3 files changed, 76 insertions(+), 7 deletions(-) - -diff --git a/servers/slapd/config.c b/servers/slapd/config.c -index be5a2f7..171e968 100644 ---- a/servers/slapd/config.c -+++ b/servers/slapd/config.c -@@ -1210,8 +1210,32 @@ static slap_verbmasks versionkey[] = { - { BER_BVNULL, 0 } - }; - -+static int -+slap_sb_uri( -+ struct berval *val, -+ void *bcp, -+ slap_cf_aux_table *tab0, -+ const char *tabmsg, -+ int unparse ) -+{ -+ slap_bindconf *bc = bcp; -+ if ( unparse ) { -+ if ( bc->sb_uri.bv_len >= val->bv_len ) -+ return -1; -+ val->bv_len = bc->sb_uri.bv_len; -+ AC_MEMCPY( val->bv_val, bc->sb_uri.bv_val, val->bv_len ); -+ } else { -+ bc->sb_uri = *val; -+#ifdef HAVE_TLS -+ if ( ldap_is_ldaps_url( val->bv_val )) -+ bc->sb_tls_do_init = 1; -+#endif -+ } -+ return 0; -+} -+ - static slap_cf_aux_table bindkey[] = { -- { BER_BVC("uri="), offsetof(slap_bindconf, sb_uri), 'b', 1, NULL }, -+ { BER_BVC("uri="), 0, 'x', 1, slap_sb_uri }, - { BER_BVC("version="), offsetof(slap_bindconf, sb_version), 'i', 0, versionkey }, - { BER_BVC("bindmethod="), offsetof(slap_bindconf, sb_method), 'i', 0, methkey }, - { BER_BVC("timeout="), offsetof(slap_bindconf, sb_timeout_api), 'i', 0, NULL }, -@@ -1224,21 +1248,20 @@ static slap_cf_aux_table bindkey[] = { - { BER_BVC("authcID="), offsetof(slap_bindconf, sb_authcId), 'b', 1, NULL }, - { BER_BVC("authzID="), offsetof(slap_bindconf, sb_authzId), 'b', 1, (slap_verbmasks *)authzNormalize }, - #ifdef HAVE_TLS -- { BER_BVC("starttls="), offsetof(slap_bindconf, sb_tls), 'i', 0, tlskey }, -- - /* NOTE: replace "13" with the actual index - * of the first TLS-related line */ - #define aux_TLS (bindkey+13) /* beginning of TLS keywords */ - -+ { BER_BVC("starttls="), offsetof(slap_bindconf, sb_tls), 'i', 0, tlskey }, - { BER_BVC("tls_cert="), offsetof(slap_bindconf, sb_tls_cert), 's', 1, NULL }, - { BER_BVC("tls_key="), offsetof(slap_bindconf, sb_tls_key), 's', 1, NULL }, - { BER_BVC("tls_cacert="), offsetof(slap_bindconf, sb_tls_cacert), 's', 1, NULL }, - { BER_BVC("tls_cacertdir="), offsetof(slap_bindconf, sb_tls_cacertdir), 's', 1, NULL }, -- { BER_BVC("tls_reqcert="), offsetof(slap_bindconf, sb_tls_reqcert), 's', 1, NULL }, -- { BER_BVC("tls_cipher_suite="), offsetof(slap_bindconf, sb_tls_cipher_suite), 's', 1, NULL }, -- { BER_BVC("tls_protocol_min="), offsetof(slap_bindconf, sb_tls_protocol_min), 's', 1, NULL }, -+ { BER_BVC("tls_reqcert="), offsetof(slap_bindconf, sb_tls_reqcert), 's', 0, NULL }, -+ { BER_BVC("tls_cipher_suite="), offsetof(slap_bindconf, sb_tls_cipher_suite), 's', 0, NULL }, -+ { BER_BVC("tls_protocol_min="), offsetof(slap_bindconf, sb_tls_protocol_min), 's', 0, NULL }, - #ifdef HAVE_OPENSSL_CRL -- { BER_BVC("tls_crlcheck="), offsetof(slap_bindconf, sb_tls_crlcheck), 's', 1, NULL }, -+ { BER_BVC("tls_crlcheck="), offsetof(slap_bindconf, sb_tls_crlcheck), 's', 0, NULL }, - #endif - #endif - { BER_BVNULL, 0, 0, 0, NULL } -@@ -1330,6 +1353,20 @@ slap_cf_aux_table_parse( const char *word, void *dst, slap_cf_aux_table *tab0, L - - rc = lutil_atoulx( ulptr, val, 0 ); - break; -+ -+ case 'x': -+ if ( tab->aux != NULL ) { -+ struct berval value; -+ slap_cf_aux_table_parse_x *func = (slap_cf_aux_table_parse_x *)tab->aux; -+ -+ ber_str2bv( val, 0, 1, &value ); -+ -+ rc = func( &value, (void *)((char *)dst + tab->off), tab, tabmsg, 0 ); -+ -+ } else { -+ rc = 1; -+ } -+ break; - } - - if ( rc ) { -@@ -1420,6 +1457,26 @@ slap_cf_aux_table_unparse( void *src, struct berval *bv, slap_cf_aux_table *tab0 - ptr += snprintf( ptr, sizeof( buf ) - ( ptr - buf ), "%lu", *ulptr ); - break; - -+ case 'x': -+ *ptr++ = ' '; -+ ptr = lutil_strcopy( ptr, tab->key.bv_val ); -+ if ( tab->quote ) *ptr++ = '"'; -+ if ( tab->aux != NULL ) { -+ struct berval value; -+ slap_cf_aux_table_parse_x *func = (slap_cf_aux_table_parse_x *)tab->aux; -+ int rc; -+ -+ value.bv_val = ptr; -+ value.bv_len = buf + sizeof( buf ) - ptr; -+ -+ rc = func( &value, (void *)((char *)src + tab->off), tab, "(unparse)", 1 ); -+ if ( rc == 0 ) { -+ ptr += value.bv_len; -+ } -+ } -+ if ( tab->quote ) *ptr++ = '"'; -+ break; -+ - default: - assert( 0 ); - } -diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h -index 076b898..210f6ba 100644 ---- a/servers/slapd/slap.h -+++ b/servers/slapd/slap.h -@@ -1630,6 +1630,14 @@ typedef struct slap_cf_aux_table { - void *aux; - } slap_cf_aux_table; - -+typedef int -+slap_cf_aux_table_parse_x LDAP_P(( -+ struct berval *val, -+ void *bc, -+ slap_cf_aux_table *tab0, -+ const char *tabmsg, -+ int unparse )); -+ - #define SLAP_LIMIT_TIME 1 - #define SLAP_LIMIT_SIZE 2 - -diff --git a/servers/slapd/syncrepl.c b/servers/slapd/syncrepl.c -index fb1001f..bf84556 100644 ---- a/servers/slapd/syncrepl.c -+++ b/servers/slapd/syncrepl.c -@@ -4060,6 +4060,10 @@ parse_syncrepl_line( - { - val = c->argv[ i ] + STRLENOF( PROVIDERSTR "=" ); - ber_str2bv( val, 0, 1, &si->si_bindconf.sb_uri ); -+#ifdef HAVE_TLS -+ if ( ldap_is_ldaps_url( val )) -+ si->si_bindconf.sb_tls_do_init = 1; -+#endif - si->si_got |= GOT_PROVIDER; - } else if ( !strncasecmp( c->argv[ i ], SCHEMASTR "=", - STRLENOF( SCHEMASTR "=" ) ) ) --- -1.6.4.2 - diff --git a/0003-apply-global-limit-changes-to-all-databases-ITS-6428.dif b/0003-apply-global-limit-changes-to-all-databases-ITS-6428.dif deleted file mode 100644 index 1ccc518..0000000 --- a/0003-apply-global-limit-changes-to-all-databases-ITS-6428.dif +++ /dev/null @@ -1,135 +0,0 @@ -From ed86ffeec8ac01f9bc8ed531e5205a924c4a2979 Mon Sep 17 00:00:00 2001 -From: ralf -Date: Thu, 10 Dec 2009 10:56:52 +0000 -Subject: [PATCH 3/3] apply global limit changes to all databases (ITS#6428) - -bnc#562184 ---- - servers/slapd/bconfig.c | 90 ++++++++++++++++++++++++++++++++++++++++------ - 1 files changed, 78 insertions(+), 12 deletions(-) - -diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c -index d43e927..ae15224 100644 ---- a/servers/slapd/bconfig.c -+++ b/servers/slapd/bconfig.c -@@ -2208,14 +2208,23 @@ config_sizelimit(ConfigArgs *c) { - rc = 1; - return rc; - } else if ( c->op == LDAP_MOD_DELETE ) { -- /* Reset to defaults */ -- lim->lms_s_soft = SLAPD_DEFAULT_SIZELIMIT; -- lim->lms_s_hard = 0; -- lim->lms_s_unchecked = -1; -- lim->lms_s_pr = 0; -- lim->lms_s_pr_hide = 0; -- lim->lms_s_pr_total = 0; -- return 0; -+ /* Reset to defaults or values from frontend */ -+ if ( c->be == frontendDB ) { -+ lim->lms_s_soft = SLAPD_DEFAULT_SIZELIMIT; -+ lim->lms_s_hard = 0; -+ lim->lms_s_unchecked = -1; -+ lim->lms_s_pr = 0; -+ lim->lms_s_pr_hide = 0; -+ lim->lms_s_pr_total = 0; -+ } else { -+ lim->lms_s_soft = frontendDB->be_def_limit.lms_s_soft; -+ lim->lms_s_hard = frontendDB->be_def_limit.lms_s_hard; -+ lim->lms_s_unchecked = frontendDB->be_def_limit.lms_s_unchecked; -+ lim->lms_s_pr = frontendDB->be_def_limit.lms_s_pr; -+ lim->lms_s_pr_hide = frontendDB->be_def_limit.lms_s_pr_hide; -+ lim->lms_s_pr_total = frontendDB->be_def_limit.lms_s_pr_total; -+ } -+ goto ok; - } - for(i = 1; i < c->argc; i++) { - if(!strncasecmp(c->argv[i], "size", 4)) { -@@ -2240,6 +2249,34 @@ config_sizelimit(ConfigArgs *c) { - lim->lms_s_hard = 0; - } - } -+ -+ok: -+ if ( ( c->be == frontendDB ) && ( c->ca_entry ) ) { -+ /* This is a modification to the global limits apply it to -+ * the other databases as needed */ -+ AttributeDescription *ad=NULL; -+ const char *text = NULL; -+ slap_str2ad(c->argv[0], &ad, &text); -+ /* if we got here... */ -+ assert( ad != NULL ); -+ -+ CfEntryInfo *ce = c->ca_entry->e_private; -+ if ( ce->ce_type == Cft_Global ){ -+ ce = ce->ce_kids; -+ } -+ for (; ce; ce=ce->ce_sibs) { -+ Entry *dbe = ce->ce_entry; -+ if ( (ce->ce_type == Cft_Database) && (ce->ce_be != frontendDB) -+ && (!attr_find(dbe->e_attrs, ad)) ) { -+ ce->ce_be->be_def_limit.lms_s_soft = lim->lms_s_soft; -+ ce->ce_be->be_def_limit.lms_s_hard = lim->lms_s_hard; -+ ce->ce_be->be_def_limit.lms_s_unchecked =lim->lms_s_unchecked; -+ ce->ce_be->be_def_limit.lms_s_pr =lim->lms_s_pr; -+ ce->ce_be->be_def_limit.lms_s_pr_hide =lim->lms_s_pr_hide; -+ ce->ce_be->be_def_limit.lms_s_pr_total =lim->lms_s_pr_total; -+ } -+ } -+ } - return(0); - } - -@@ -2259,10 +2296,15 @@ config_timelimit(ConfigArgs *c) { - rc = 1; - return rc; - } else if ( c->op == LDAP_MOD_DELETE ) { -- /* Reset to defaults */ -- lim->lms_t_soft = SLAPD_DEFAULT_TIMELIMIT; -- lim->lms_t_hard = 0; -- return 0; -+ /* Reset to defaults or values from frontend */ -+ if ( c->be == frontendDB ) { -+ lim->lms_t_soft = SLAPD_DEFAULT_TIMELIMIT; -+ lim->lms_t_hard = 0; -+ } else { -+ lim->lms_t_soft = frontendDB->be_def_limit.lms_t_soft; -+ lim->lms_t_hard = frontendDB->be_def_limit.lms_t_hard; -+ } -+ goto ok; - } - for(i = 1; i < c->argc; i++) { - if(!strncasecmp(c->argv[i], "time", 4)) { -@@ -2287,6 +2329,30 @@ config_timelimit(ConfigArgs *c) { - lim->lms_t_hard = 0; - } - } -+ -+ok: -+ if ( ( c->be == frontendDB ) && ( c->ca_entry ) ) { -+ /* This is a modification to the global limits apply it to -+ * the other databases as needed */ -+ AttributeDescription *ad=NULL; -+ const char *text = NULL; -+ slap_str2ad(c->argv[0], &ad, &text); -+ /* if we got here... */ -+ assert( ad != NULL ); -+ -+ CfEntryInfo *ce = c->ca_entry->e_private; -+ if ( ce->ce_type == Cft_Global ){ -+ ce = ce->ce_kids; -+ } -+ for (; ce; ce=ce->ce_sibs) { -+ Entry *dbe = ce->ce_entry; -+ if ( (ce->ce_type == Cft_Database) && (ce->ce_be != frontendDB) -+ && (!attr_find(dbe->e_attrs, ad)) ) { -+ ce->ce_be->be_def_limit.lms_t_soft = lim->lms_t_soft; -+ ce->ce_be->be_def_limit.lms_t_hard = lim->lms_t_hard; -+ } -+ } -+ } - return(0); - } - --- -1.6.4.2 - diff --git a/libldap-tls_chkhost-its6239.dif b/libldap-tls_chkhost-its6239.dif new file mode 100644 index 0000000..a5b780a --- /dev/null +++ b/libldap-tls_chkhost-its6239.dif @@ -0,0 +1,125 @@ +Index: libraries/libldap/tls_o.c +=================================================================== +RCS file: /repo/OpenLDAP/pkg/ldap/libraries/libldap/tls_o.c,v +retrieving revision 1.5.2.4 +retrieving revision 1.5.2.6 +diff -u -r1.5.2.4 -r1.5.2.6 +--- libraries/libldap/tls_o.c 1 Jul 2009 23:04:49 -0000 1.5.2.4 ++++ libraries/libldap/tls_o.c 13 Aug 2009 00:52:04 -0000 1.5.2.6 +@@ -466,7 +466,7 @@ + X509 *x; + const char *name; + char *ptr; +- int ntype = IS_DNS; ++ int ntype = IS_DNS, nlen; + #ifdef LDAP_PF_INET6 + struct in6_addr addr; + #else +@@ -480,6 +480,7 @@ + } else { + name = name_in; + } ++ nlen = strlen(name); + + x = tlso_get_cert(s); + if (!x) { +@@ -513,15 +514,14 @@ + ex = X509_get_ext(x, i); + alt = X509V3_EXT_d2i(ex); + if (alt) { +- int n, len1 = 0, len2 = 0; ++ int n, len2 = 0; + char *domain = NULL; + GENERAL_NAME *gn; + + if (ntype == IS_DNS) { +- len1 = strlen(name); + domain = strchr(name, '.'); + if (domain) { +- len2 = len1 - (domain-name); ++ len2 = nlen - (domain-name); + } + } + n = sk_GENERAL_NAME_num(alt); +@@ -539,7 +539,7 @@ + if (sl == 0) continue; + + /* Is this an exact match? */ +- if ((len1 == sl) && !strncasecmp(name, sn, len1)) { ++ if ((nlen == sl) && !strncasecmp(name, sn, nlen)) { + break; + } + +@@ -579,13 +579,28 @@ + + if (ret != LDAP_SUCCESS) { + X509_NAME *xn; +- char buf[2048]; +- buf[0] = '\0'; ++ X509_NAME_ENTRY *ne; ++ ASN1_OBJECT *obj; ++ ASN1_STRING *cn = NULL; ++ int navas; ++ ++ /* find the last CN */ ++ obj = OBJ_nid2obj( NID_commonName ); ++ if ( !obj ) goto no_cn; /* should never happen */ + + xn = X509_get_subject_name(x); +- if( X509_NAME_get_text_by_NID( xn, NID_commonName, +- buf, sizeof(buf)) == -1) ++ navas = X509_NAME_entry_count( xn ); ++ for ( i=navas-1; i>=0; i-- ) { ++ ne = X509_NAME_get_entry( xn, i ); ++ if ( !OBJ_cmp( ne->object, obj )) { ++ cn = X509_NAME_ENTRY_get_data( ne ); ++ break; ++ } ++ } ++ ++ if( !cn ) + { ++no_cn: + Debug( LDAP_DEBUG_ANY, + "TLS: unable to get common name from peer certificate.\n", + 0, 0, 0 ); +@@ -596,21 +611,20 @@ + ld->ld_error = LDAP_STRDUP( + _("TLS: unable to get CN from peer certificate")); + +- } else if (strcasecmp(name, buf) == 0 ) { ++ } else if ( cn->length == nlen && ++ strncasecmp( name, (char *) cn->data, nlen ) == 0 ) { + ret = LDAP_SUCCESS; + +- } else if (( buf[0] == '*' ) && ( buf[1] == '.' )) { ++ } else if (( cn->data[0] == '*' ) && ( cn->data[1] == '.' )) { + char *domain = strchr(name, '.'); + if( domain ) { +- size_t dlen = 0; +- size_t sl; ++ size_t dlen; + +- sl = strlen(name); +- dlen = sl - (domain-name); +- sl = strlen(buf); ++ dlen = nlen - (domain-name); + + /* Is this a wildcard match? */ +- if ((dlen == sl-1) && !strncasecmp(domain, &buf[1], dlen)) { ++ if ((dlen == cn->length-1) && ++ !strncasecmp(domain, (char *) &cn->data[1], dlen)) { + ret = LDAP_SUCCESS; + } + } +@@ -618,8 +632,8 @@ + + if( ret == LDAP_LOCAL_ERROR ) { + Debug( LDAP_DEBUG_ANY, "TLS: hostname (%s) does not match " +- "common name in certificate (%s).\n", +- name, buf, 0 ); ++ "common name in certificate (%.*s).\n", ++ name, cn->length, cn->data ); + ret = LDAP_CONNECT_ERROR; + if ( ld->ld_error ) { + LDAP_FREE( ld->ld_error ); diff --git a/openldap-2.4.17.tar.bz2 b/openldap-2.4.17.tar.bz2 new file mode 100644 index 0000000..ea0fb88 --- /dev/null +++ b/openldap-2.4.17.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9420647e50819d5b21ce271f827a00e76ac60a06712ec5fa948aaeca160543b6 +size 4372683 diff --git a/openldap-2.4.20.tar.bz2 b/openldap-2.4.20.tar.bz2 deleted file mode 100644 index b06b6c0..0000000 --- a/openldap-2.4.20.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:af0f2ceb0fbabd866bf25bc6ea2013d4bf0510d84f6d4bcde25c8f0c270b411c -size 4417900 diff --git a/openldap2-client.changes b/openldap2-client.changes index df58381..80488b2 100644 --- a/openldap2-client.changes +++ b/openldap2-client.changes @@ -1,40 +1,3 @@ -------------------------------------------------------------------- -Thu Dec 10 15:41:11 UTC 2009 - rhafer@novell.com - -- Fixed an issue in back-config's objectclass inheritence code that - could cause the server to fail to start or to spin in an endless - loop (bnc#558059,ITS#6408) -- default the tls_reqcert parameter of a syncrepl config to - "demand" as documented even if other tls_ options are absent - (bnc#558397, ITS#6319) -- apply changes to the global size and timelimits to all database - that don't specify limits themself. (bnc#562184, ITS#6428) - -------------------------------------------------------------------- -Mon Nov 30 16:09:22 UTC 2009 - rhafer@novell.com - -- Update to 2.4.20 (fate#306593), most important fixes since 2.4.19 - * Fixed liblber embedded NUL values in BerValues (ITS#6353) - * Fixed libldap sasl buffer sizing (ITS#6327,ITS#6334) - * Fixed libldap uninitialized return value (ITS#6355) - * Fixed libldap unlimited timeout (ITS#6388) - * Added slapd handling of hex server IDs (ITS#6297) - * Fixed slapd checks of str2filter (ITS#6391) - * Fixed slapd configArgs initialization (ITS#6363) - * Fixed slapd db_open with connection_fake_init (ITS#6381) - * Fixed slapd with embedded \0 in bervals (ITS#6378,ITS#6379) - * Fixed slapd inclusion of ac/unistd.h (ITS#6342) - * Fixed slapd sl_free to better reclaim memory (ITS#6380) - * Fixed slapd syncrepl deletes in MirrorMode (ITS#6368) - * Fixed slapd syncrepl to use correct SID (ITS#6367) - * Fixed slapd tls_accept to retry in certain cases (ITS#6304) - * Fixed slapd-bdb/hdb cache corruption (ITS#6341) - * Fixed slapd-bdb/hdb entry cache (ITS#6360) - * Fixed slapo-syncprov checkpoint conversion (ITS#6370) - * Fixed slapo-syncprov deadlock (ITS#6335) - * Fixed slapo-syncprov out of order changes (ITS#6346) -- Added switch to enable/disable testsuite (%run_test_suite) - ------------------------------------------------------------------- Tue Nov 3 19:13:32 UTC 2009 - coolo@novell.com diff --git a/openldap2-client.spec b/openldap2-client.spec index 97ce5d3..9435a60 100644 --- a/openldap2-client.spec +++ b/openldap2-client.spec @@ -1,5 +1,5 @@ # -# spec file for package openldap2 (Version 2.4.17) +# spec file for package openldap2-client (Version 2.4.17) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -17,9 +17,8 @@ # norootforbuild -%define run_test_suite 1 -Name: openldap2-client +Name: openldap2-client BuildRequires: cyrus-sasl-devel db-devel libopenssl-devel openslp-devel tcpd-devel %if %sles_version == 9 BuildRequires: -db-devel -libopenssl-devel -pwdutils libdb-4_5-devel openssl-devel @@ -27,8 +26,8 @@ BuildRequires: -db-devel -libopenssl-devel -pwdutils libdb-4_5-devel openssl-de %if %sles_version == 10 BuildRequires: -db-devel -libopenssl-devel -pwdutils libdb-4_5-devel openssl-devel %endif -Version: 2.4.20 -Release: 2 +Version: 2.4.17 +Release: 5 Url: http://www.openldap.org License: BSD 3-clause (or similar) ; openldap 2.8 %if "%{name}" == "openldap2" @@ -42,7 +41,6 @@ Summary: The OpenLDAP commandline client tools %else Group: Productivity/Networking/LDAP/Clients Conflicts: openldap-client -Requires: libldap-2_4-2 = %{version} Summary: The OpenLDAP commandline client tools %endif AutoReqProv: on @@ -54,16 +52,16 @@ Source4: sasl-slapd.conf Source5: README.update Source6: schema2ldif Source100: openldap-2.3.37.tar.bz2 -Patch1: openldap2.dif +Patch: openldap2.dif Patch2: slapd_conf.dif Patch3: ldap_conf.dif Patch4: ldapi_url.dif +Patch5: test056-monitor-its6213.dif Patch6: libldap-gethostbyname_r.dif Patch7: pie-compile.dif Patch11: slapd-bconfig-del-db.dif -Patch12: 0001-back-config-objectclass-inheritence-ITS-6408.dif -Patch13: 0002-init-bindconf-TLS-settings-ITS-6419.dif -Patch14: 0003-apply-global-limit-changes-to-all-databases-ITS-6428.dif +Patch14: slapo-collect-include.dif +Patch15: libldap-tls_chkhost-its6239.dif Patch100: openldap-2.3.37.dif Patch200: slapd_getaddrinfo_dupl.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -175,18 +173,18 @@ Authors: %prep %setup -q -n openldap-%{version} -a1 -a2 -b100 -%patch1 +%patch %patch2 %patch3 %patch4 +%patch5 %patch6 %if %suse_version > 920 %patch7 %endif %patch11 -%patch12 -p1 -%patch13 -p1 %patch14 -p1 +%patch15 %if %suse_version == 1100 %patch200 -p1 %endif @@ -255,7 +253,6 @@ make %{?jobs:-j%jobs} %endif %check -%if %run_test_suite # calculate the base port to be use in the test-suite SLAPD_BASEPORT=10000 if [ -f /.buildenv ] ; then @@ -277,7 +274,6 @@ rm -f tests/scripts/test050-syncrepl-multimaster rm -f tests/scripts/test058-syncrepl-asymmetric make SLAPD_DEBUG=0 test %endif -%endif %install mkdir -p $RPM_BUILD_ROOT/etc/init.d diff --git a/openldap2.changes b/openldap2.changes index df58381..80488b2 100644 --- a/openldap2.changes +++ b/openldap2.changes @@ -1,40 +1,3 @@ -------------------------------------------------------------------- -Thu Dec 10 15:41:11 UTC 2009 - rhafer@novell.com - -- Fixed an issue in back-config's objectclass inheritence code that - could cause the server to fail to start or to spin in an endless - loop (bnc#558059,ITS#6408) -- default the tls_reqcert parameter of a syncrepl config to - "demand" as documented even if other tls_ options are absent - (bnc#558397, ITS#6319) -- apply changes to the global size and timelimits to all database - that don't specify limits themself. (bnc#562184, ITS#6428) - -------------------------------------------------------------------- -Mon Nov 30 16:09:22 UTC 2009 - rhafer@novell.com - -- Update to 2.4.20 (fate#306593), most important fixes since 2.4.19 - * Fixed liblber embedded NUL values in BerValues (ITS#6353) - * Fixed libldap sasl buffer sizing (ITS#6327,ITS#6334) - * Fixed libldap uninitialized return value (ITS#6355) - * Fixed libldap unlimited timeout (ITS#6388) - * Added slapd handling of hex server IDs (ITS#6297) - * Fixed slapd checks of str2filter (ITS#6391) - * Fixed slapd configArgs initialization (ITS#6363) - * Fixed slapd db_open with connection_fake_init (ITS#6381) - * Fixed slapd with embedded \0 in bervals (ITS#6378,ITS#6379) - * Fixed slapd inclusion of ac/unistd.h (ITS#6342) - * Fixed slapd sl_free to better reclaim memory (ITS#6380) - * Fixed slapd syncrepl deletes in MirrorMode (ITS#6368) - * Fixed slapd syncrepl to use correct SID (ITS#6367) - * Fixed slapd tls_accept to retry in certain cases (ITS#6304) - * Fixed slapd-bdb/hdb cache corruption (ITS#6341) - * Fixed slapd-bdb/hdb entry cache (ITS#6360) - * Fixed slapo-syncprov checkpoint conversion (ITS#6370) - * Fixed slapo-syncprov deadlock (ITS#6335) - * Fixed slapo-syncprov out of order changes (ITS#6346) -- Added switch to enable/disable testsuite (%run_test_suite) - ------------------------------------------------------------------- Tue Nov 3 19:13:32 UTC 2009 - coolo@novell.com diff --git a/openldap2.spec b/openldap2.spec index 7bf46d6..f1a8c19 100644 --- a/openldap2.spec +++ b/openldap2.spec @@ -17,7 +17,6 @@ # norootforbuild -%define run_test_suite 1 Name: openldap2 BuildRequires: cyrus-sasl-devel db-devel libopenssl-devel openslp-devel tcpd-devel @@ -27,8 +26,8 @@ BuildRequires: -db-devel -libopenssl-devel -pwdutils libdb-4_5-devel openssl-de %if %sles_version == 10 BuildRequires: -db-devel -libopenssl-devel -pwdutils libdb-4_5-devel openssl-devel %endif -Version: 2.4.20 -Release: 2 +Version: 2.4.17 +Release: 5 Url: http://www.openldap.org License: BSD 3-clause (or similar) ; openldap 2.8 %if "%{name}" == "openldap2" @@ -42,7 +41,6 @@ Summary: The OpenLDAP commandline client tools %else Group: Productivity/Networking/LDAP/Clients Conflicts: openldap-client -Requires: libldap-2_4-2 = %{version} Summary: The OpenLDAP commandline client tools %endif AutoReqProv: on @@ -54,16 +52,16 @@ Source4: sasl-slapd.conf Source5: README.update Source6: schema2ldif Source100: openldap-2.3.37.tar.bz2 -Patch1: openldap2.dif +Patch: openldap2.dif Patch2: slapd_conf.dif Patch3: ldap_conf.dif Patch4: ldapi_url.dif +Patch5: test056-monitor-its6213.dif Patch6: libldap-gethostbyname_r.dif Patch7: pie-compile.dif Patch11: slapd-bconfig-del-db.dif -Patch12: 0001-back-config-objectclass-inheritence-ITS-6408.dif -Patch13: 0002-init-bindconf-TLS-settings-ITS-6419.dif -Patch14: 0003-apply-global-limit-changes-to-all-databases-ITS-6428.dif +Patch14: slapo-collect-include.dif +Patch15: libldap-tls_chkhost-its6239.dif Patch100: openldap-2.3.37.dif Patch200: slapd_getaddrinfo_dupl.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -175,18 +173,18 @@ Authors: %prep %setup -q -n openldap-%{version} -a1 -a2 -b100 -%patch1 +%patch %patch2 %patch3 %patch4 +%patch5 %patch6 %if %suse_version > 920 %patch7 %endif %patch11 -%patch12 -p1 -%patch13 -p1 %patch14 -p1 +%patch15 %if %suse_version == 1100 %patch200 -p1 %endif @@ -255,7 +253,6 @@ make %{?jobs:-j%jobs} %endif %check -%if %run_test_suite # calculate the base port to be use in the test-suite SLAPD_BASEPORT=10000 if [ -f /.buildenv ] ; then @@ -277,7 +274,6 @@ rm -f tests/scripts/test050-syncrepl-multimaster rm -f tests/scripts/test058-syncrepl-asymmetric make SLAPD_DEBUG=0 test %endif -%endif %install mkdir -p $RPM_BUILD_ROOT/etc/init.d diff --git a/slapo-collect-include.dif b/slapo-collect-include.dif new file mode 100644 index 0000000..6b63bc6 --- /dev/null +++ b/slapo-collect-include.dif @@ -0,0 +1,12 @@ +Index: openldap-2.4.17/servers/slapd/overlays/collect.c +=================================================================== +--- openldap-2.4.17.orig/servers/slapd/overlays/collect.c ++++ openldap-2.4.17/servers/slapd/overlays/collect.c +@@ -30,6 +30,7 @@ + + #include "slap.h" + #include "config.h" ++#include "lutil.h" + + #include "lutil.h" + diff --git a/test056-monitor-its6213.dif b/test056-monitor-its6213.dif new file mode 100644 index 0000000..5f15235 --- /dev/null +++ b/test056-monitor-its6213.dif @@ -0,0 +1,36 @@ +Index: tests/scripts/test056-monitor +=================================================================== +RCS file: /repo/OpenLDAP/pkg/ldap/tests/scripts/test056-monitor,v +retrieving revision 1.3 +retrieving revision 1.4 +diff -u -r1.3 -r1.4 +--- tests/scripts/test056-monitor 2 Jul 2009 13:26:52 -0000 1.3 ++++ tests/scripts/test056-monitor 14 Jul 2009 11:35:56 -0000 1.4 +@@ -66,7 +66,7 @@ + echo "Filtering ldapsearch results..." + sed -e "$localrewrite" < $SEARCHOUT | . $LDIFFILTER > $SEARCHFLT + echo "Filtering expected data..." +-sed -e "$localrewrite" < $MONITOROUT1 | . $LDIFFILTER > $LDIFFLT ++. $CONFFILTER < $MONITOROUT1 | sed -e "$localrewrite" | . $LDIFFILTER > $LDIFFLT + echo "Comparing filter output..." + $CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +Index: tests/data/monitor1.out +=================================================================== +RCS file: /repo/OpenLDAP/pkg/ldap/tests/data/monitor1.out,v +retrieving revision 1.1 +retrieving revision 1.2 +diff -u -r1.1 -r1.2 +--- tests/data/monitor1.out 27 Jan 2009 09:09:51 -0000 1.1 ++++ tests/data/monitor1.out 14 Jul 2009 11:35:56 -0000 1.2 +@@ -9,8 +9,8 @@ + monitorConnectionRead: 2 + monitorConnectionWrite: 0 + monitorConnectionMask: rx +-monitorConnectionListener: ldap://localhost:9011/ +-monitorConnectionLocalAddress: IP=127.0.0.1:9011 ++monitorConnectionListener: ldap://localhost:@PORT1@/ ++monitorConnectionLocalAddress: IP=127.0.0.1:@PORT1@ + entryDN: cn=Connection 1,cn=Connections,cn=Monitor + + dn: cn=Connections,cn=Monitor From d853972d0c3bd18284f5f40168a46303202a6fe5bf1dac011333fa3018e2a7fe Mon Sep 17 00:00:00 2001 From: OBS User buildservice-autocommit Date: Fri, 11 Dec 2009 12:08:02 +0000 Subject: [PATCH 7/7] Updating link to change in openSUSE:Factory/openldap2 revision 57.0 OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=c18a6cd94bdb9ef75780334e6f0d7564 --- ...onfig-objectclass-inheritence-ITS-6408.dif | 55 ++++++ 0002-init-bindconf-TLS-settings-ITS-6419.dif | 162 ++++++++++++++++++ ...imit-changes-to-all-databases-ITS-6428.dif | 135 +++++++++++++++ libldap-tls_chkhost-its6239.dif | 125 -------------- openldap-2.4.17.tar.bz2 | 3 - openldap-2.4.20.tar.bz2 | 3 + openldap2-client.changes | 37 ++++ openldap2-client.spec | 34 ++-- openldap2.changes | 37 ++++ openldap2.spec | 34 ++-- slapo-collect-include.dif | 12 -- test056-monitor-its6213.dif | 36 ---- 12 files changed, 467 insertions(+), 206 deletions(-) create mode 100644 0001-back-config-objectclass-inheritence-ITS-6408.dif create mode 100644 0002-init-bindconf-TLS-settings-ITS-6419.dif create mode 100644 0003-apply-global-limit-changes-to-all-databases-ITS-6428.dif delete mode 100644 libldap-tls_chkhost-its6239.dif delete mode 100644 openldap-2.4.17.tar.bz2 create mode 100644 openldap-2.4.20.tar.bz2 delete mode 100644 slapo-collect-include.dif delete mode 100644 test056-monitor-its6213.dif diff --git a/0001-back-config-objectclass-inheritence-ITS-6408.dif b/0001-back-config-objectclass-inheritence-ITS-6408.dif new file mode 100644 index 0000000..775edcd --- /dev/null +++ b/0001-back-config-objectclass-inheritence-ITS-6408.dif @@ -0,0 +1,55 @@ +From 49921a1e1a1832f9461d800eeeaee30f12864441 Mon Sep 17 00:00:00 2001 +From: Ralf Haferkamp +Date: Tue, 8 Dec 2009 12:13:39 +0100 +Subject: [PATCH 1/3] back-config objectclass inheritence (ITS#6408) + +bnc#558059 +--- + servers/slapd/bconfig.c | 12 ++++++------ + 1 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c +index c903458..d43e927 100644 +--- a/servers/slapd/bconfig.c ++++ b/servers/slapd/bconfig.c +@@ -4932,10 +4932,10 @@ config_add_internal( CfBackInfo *cfb, Entry *e, ConfigArgs *ca, SlapReply *rs, + ok: + /* Newly added databases and overlays need to be started up */ + if ( CONFIG_ONLINE_ADD( ca )) { +- if ( colst[0]->co_type == Cft_Database ) { ++ if ( coptr->co_type == Cft_Database ) { + rc = backend_startup_one( ca->be, &ca->reply ); + +- } else if ( colst[0]->co_type == Cft_Overlay ) { ++ } else if ( coptr->co_type == Cft_Overlay ) { + if ( ca->bi->bi_db_open ) { + BackendInfo *bi_orig = ca->be->bd_info; + ca->be->bd_info = ca->bi; +@@ -4961,7 +4961,7 @@ ok: + ce->ce_parent = last; + ce->ce_entry = entry_dup( e ); + ce->ce_entry->e_private = ce; +- ce->ce_type = colst[0]->co_type; ++ ce->ce_type = coptr->co_type; + ce->ce_be = ca->be; + ce->ce_bi = ca->bi; + ce->ce_private = ca->ca_private; +@@ -5006,12 +5006,12 @@ ok: + + done: + if ( rc ) { +- if ( (colst[0]->co_type == Cft_Database) && ca->be ) { ++ if ( (coptr->co_type == Cft_Database) && ca->be ) { + if ( ca->be != frontendDB ) + backend_destroy_one( ca->be, 1 ); +- } else if ( (colst[0]->co_type == Cft_Overlay) && ca->bi ) { ++ } else if ( (coptr->co_type == Cft_Overlay) && ca->bi ) { + overlay_destroy_one( ca->be, (slap_overinst *)ca->bi ); +- } else if ( colst[0]->co_type == Cft_Schema ) { ++ } else if ( coptr->co_type == Cft_Schema ) { + schema_destroy_one( ca, colst, nocs, last ); + } + } +-- +1.6.4.2 + diff --git a/0002-init-bindconf-TLS-settings-ITS-6419.dif b/0002-init-bindconf-TLS-settings-ITS-6419.dif new file mode 100644 index 0000000..11a8fca --- /dev/null +++ b/0002-init-bindconf-TLS-settings-ITS-6419.dif @@ -0,0 +1,162 @@ +From d14434499207d1f0ca4686ce46787056b23b4d2c Mon Sep 17 00:00:00 2001 +From: Ralf Haferkamp +Date: Tue, 8 Dec 2009 13:36:17 +0100 +Subject: [PATCH 2/3] init bindconf TLS settings (ITS#6419) + +bnc#558397 +--- + servers/slapd/config.c | 71 +++++++++++++++++++++++++++++++++++++++++---- + servers/slapd/slap.h | 8 +++++ + servers/slapd/syncrepl.c | 4 ++ + 3 files changed, 76 insertions(+), 7 deletions(-) + +diff --git a/servers/slapd/config.c b/servers/slapd/config.c +index be5a2f7..171e968 100644 +--- a/servers/slapd/config.c ++++ b/servers/slapd/config.c +@@ -1210,8 +1210,32 @@ static slap_verbmasks versionkey[] = { + { BER_BVNULL, 0 } + }; + ++static int ++slap_sb_uri( ++ struct berval *val, ++ void *bcp, ++ slap_cf_aux_table *tab0, ++ const char *tabmsg, ++ int unparse ) ++{ ++ slap_bindconf *bc = bcp; ++ if ( unparse ) { ++ if ( bc->sb_uri.bv_len >= val->bv_len ) ++ return -1; ++ val->bv_len = bc->sb_uri.bv_len; ++ AC_MEMCPY( val->bv_val, bc->sb_uri.bv_val, val->bv_len ); ++ } else { ++ bc->sb_uri = *val; ++#ifdef HAVE_TLS ++ if ( ldap_is_ldaps_url( val->bv_val )) ++ bc->sb_tls_do_init = 1; ++#endif ++ } ++ return 0; ++} ++ + static slap_cf_aux_table bindkey[] = { +- { BER_BVC("uri="), offsetof(slap_bindconf, sb_uri), 'b', 1, NULL }, ++ { BER_BVC("uri="), 0, 'x', 1, slap_sb_uri }, + { BER_BVC("version="), offsetof(slap_bindconf, sb_version), 'i', 0, versionkey }, + { BER_BVC("bindmethod="), offsetof(slap_bindconf, sb_method), 'i', 0, methkey }, + { BER_BVC("timeout="), offsetof(slap_bindconf, sb_timeout_api), 'i', 0, NULL }, +@@ -1224,21 +1248,20 @@ static slap_cf_aux_table bindkey[] = { + { BER_BVC("authcID="), offsetof(slap_bindconf, sb_authcId), 'b', 1, NULL }, + { BER_BVC("authzID="), offsetof(slap_bindconf, sb_authzId), 'b', 1, (slap_verbmasks *)authzNormalize }, + #ifdef HAVE_TLS +- { BER_BVC("starttls="), offsetof(slap_bindconf, sb_tls), 'i', 0, tlskey }, +- + /* NOTE: replace "13" with the actual index + * of the first TLS-related line */ + #define aux_TLS (bindkey+13) /* beginning of TLS keywords */ + ++ { BER_BVC("starttls="), offsetof(slap_bindconf, sb_tls), 'i', 0, tlskey }, + { BER_BVC("tls_cert="), offsetof(slap_bindconf, sb_tls_cert), 's', 1, NULL }, + { BER_BVC("tls_key="), offsetof(slap_bindconf, sb_tls_key), 's', 1, NULL }, + { BER_BVC("tls_cacert="), offsetof(slap_bindconf, sb_tls_cacert), 's', 1, NULL }, + { BER_BVC("tls_cacertdir="), offsetof(slap_bindconf, sb_tls_cacertdir), 's', 1, NULL }, +- { BER_BVC("tls_reqcert="), offsetof(slap_bindconf, sb_tls_reqcert), 's', 1, NULL }, +- { BER_BVC("tls_cipher_suite="), offsetof(slap_bindconf, sb_tls_cipher_suite), 's', 1, NULL }, +- { BER_BVC("tls_protocol_min="), offsetof(slap_bindconf, sb_tls_protocol_min), 's', 1, NULL }, ++ { BER_BVC("tls_reqcert="), offsetof(slap_bindconf, sb_tls_reqcert), 's', 0, NULL }, ++ { BER_BVC("tls_cipher_suite="), offsetof(slap_bindconf, sb_tls_cipher_suite), 's', 0, NULL }, ++ { BER_BVC("tls_protocol_min="), offsetof(slap_bindconf, sb_tls_protocol_min), 's', 0, NULL }, + #ifdef HAVE_OPENSSL_CRL +- { BER_BVC("tls_crlcheck="), offsetof(slap_bindconf, sb_tls_crlcheck), 's', 1, NULL }, ++ { BER_BVC("tls_crlcheck="), offsetof(slap_bindconf, sb_tls_crlcheck), 's', 0, NULL }, + #endif + #endif + { BER_BVNULL, 0, 0, 0, NULL } +@@ -1330,6 +1353,20 @@ slap_cf_aux_table_parse( const char *word, void *dst, slap_cf_aux_table *tab0, L + + rc = lutil_atoulx( ulptr, val, 0 ); + break; ++ ++ case 'x': ++ if ( tab->aux != NULL ) { ++ struct berval value; ++ slap_cf_aux_table_parse_x *func = (slap_cf_aux_table_parse_x *)tab->aux; ++ ++ ber_str2bv( val, 0, 1, &value ); ++ ++ rc = func( &value, (void *)((char *)dst + tab->off), tab, tabmsg, 0 ); ++ ++ } else { ++ rc = 1; ++ } ++ break; + } + + if ( rc ) { +@@ -1420,6 +1457,26 @@ slap_cf_aux_table_unparse( void *src, struct berval *bv, slap_cf_aux_table *tab0 + ptr += snprintf( ptr, sizeof( buf ) - ( ptr - buf ), "%lu", *ulptr ); + break; + ++ case 'x': ++ *ptr++ = ' '; ++ ptr = lutil_strcopy( ptr, tab->key.bv_val ); ++ if ( tab->quote ) *ptr++ = '"'; ++ if ( tab->aux != NULL ) { ++ struct berval value; ++ slap_cf_aux_table_parse_x *func = (slap_cf_aux_table_parse_x *)tab->aux; ++ int rc; ++ ++ value.bv_val = ptr; ++ value.bv_len = buf + sizeof( buf ) - ptr; ++ ++ rc = func( &value, (void *)((char *)src + tab->off), tab, "(unparse)", 1 ); ++ if ( rc == 0 ) { ++ ptr += value.bv_len; ++ } ++ } ++ if ( tab->quote ) *ptr++ = '"'; ++ break; ++ + default: + assert( 0 ); + } +diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h +index 076b898..210f6ba 100644 +--- a/servers/slapd/slap.h ++++ b/servers/slapd/slap.h +@@ -1630,6 +1630,14 @@ typedef struct slap_cf_aux_table { + void *aux; + } slap_cf_aux_table; + ++typedef int ++slap_cf_aux_table_parse_x LDAP_P(( ++ struct berval *val, ++ void *bc, ++ slap_cf_aux_table *tab0, ++ const char *tabmsg, ++ int unparse )); ++ + #define SLAP_LIMIT_TIME 1 + #define SLAP_LIMIT_SIZE 2 + +diff --git a/servers/slapd/syncrepl.c b/servers/slapd/syncrepl.c +index fb1001f..bf84556 100644 +--- a/servers/slapd/syncrepl.c ++++ b/servers/slapd/syncrepl.c +@@ -4060,6 +4060,10 @@ parse_syncrepl_line( + { + val = c->argv[ i ] + STRLENOF( PROVIDERSTR "=" ); + ber_str2bv( val, 0, 1, &si->si_bindconf.sb_uri ); ++#ifdef HAVE_TLS ++ if ( ldap_is_ldaps_url( val )) ++ si->si_bindconf.sb_tls_do_init = 1; ++#endif + si->si_got |= GOT_PROVIDER; + } else if ( !strncasecmp( c->argv[ i ], SCHEMASTR "=", + STRLENOF( SCHEMASTR "=" ) ) ) +-- +1.6.4.2 + diff --git a/0003-apply-global-limit-changes-to-all-databases-ITS-6428.dif b/0003-apply-global-limit-changes-to-all-databases-ITS-6428.dif new file mode 100644 index 0000000..1ccc518 --- /dev/null +++ b/0003-apply-global-limit-changes-to-all-databases-ITS-6428.dif @@ -0,0 +1,135 @@ +From ed86ffeec8ac01f9bc8ed531e5205a924c4a2979 Mon Sep 17 00:00:00 2001 +From: ralf +Date: Thu, 10 Dec 2009 10:56:52 +0000 +Subject: [PATCH 3/3] apply global limit changes to all databases (ITS#6428) + +bnc#562184 +--- + servers/slapd/bconfig.c | 90 ++++++++++++++++++++++++++++++++++++++++------ + 1 files changed, 78 insertions(+), 12 deletions(-) + +diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c +index d43e927..ae15224 100644 +--- a/servers/slapd/bconfig.c ++++ b/servers/slapd/bconfig.c +@@ -2208,14 +2208,23 @@ config_sizelimit(ConfigArgs *c) { + rc = 1; + return rc; + } else if ( c->op == LDAP_MOD_DELETE ) { +- /* Reset to defaults */ +- lim->lms_s_soft = SLAPD_DEFAULT_SIZELIMIT; +- lim->lms_s_hard = 0; +- lim->lms_s_unchecked = -1; +- lim->lms_s_pr = 0; +- lim->lms_s_pr_hide = 0; +- lim->lms_s_pr_total = 0; +- return 0; ++ /* Reset to defaults or values from frontend */ ++ if ( c->be == frontendDB ) { ++ lim->lms_s_soft = SLAPD_DEFAULT_SIZELIMIT; ++ lim->lms_s_hard = 0; ++ lim->lms_s_unchecked = -1; ++ lim->lms_s_pr = 0; ++ lim->lms_s_pr_hide = 0; ++ lim->lms_s_pr_total = 0; ++ } else { ++ lim->lms_s_soft = frontendDB->be_def_limit.lms_s_soft; ++ lim->lms_s_hard = frontendDB->be_def_limit.lms_s_hard; ++ lim->lms_s_unchecked = frontendDB->be_def_limit.lms_s_unchecked; ++ lim->lms_s_pr = frontendDB->be_def_limit.lms_s_pr; ++ lim->lms_s_pr_hide = frontendDB->be_def_limit.lms_s_pr_hide; ++ lim->lms_s_pr_total = frontendDB->be_def_limit.lms_s_pr_total; ++ } ++ goto ok; + } + for(i = 1; i < c->argc; i++) { + if(!strncasecmp(c->argv[i], "size", 4)) { +@@ -2240,6 +2249,34 @@ config_sizelimit(ConfigArgs *c) { + lim->lms_s_hard = 0; + } + } ++ ++ok: ++ if ( ( c->be == frontendDB ) && ( c->ca_entry ) ) { ++ /* This is a modification to the global limits apply it to ++ * the other databases as needed */ ++ AttributeDescription *ad=NULL; ++ const char *text = NULL; ++ slap_str2ad(c->argv[0], &ad, &text); ++ /* if we got here... */ ++ assert( ad != NULL ); ++ ++ CfEntryInfo *ce = c->ca_entry->e_private; ++ if ( ce->ce_type == Cft_Global ){ ++ ce = ce->ce_kids; ++ } ++ for (; ce; ce=ce->ce_sibs) { ++ Entry *dbe = ce->ce_entry; ++ if ( (ce->ce_type == Cft_Database) && (ce->ce_be != frontendDB) ++ && (!attr_find(dbe->e_attrs, ad)) ) { ++ ce->ce_be->be_def_limit.lms_s_soft = lim->lms_s_soft; ++ ce->ce_be->be_def_limit.lms_s_hard = lim->lms_s_hard; ++ ce->ce_be->be_def_limit.lms_s_unchecked =lim->lms_s_unchecked; ++ ce->ce_be->be_def_limit.lms_s_pr =lim->lms_s_pr; ++ ce->ce_be->be_def_limit.lms_s_pr_hide =lim->lms_s_pr_hide; ++ ce->ce_be->be_def_limit.lms_s_pr_total =lim->lms_s_pr_total; ++ } ++ } ++ } + return(0); + } + +@@ -2259,10 +2296,15 @@ config_timelimit(ConfigArgs *c) { + rc = 1; + return rc; + } else if ( c->op == LDAP_MOD_DELETE ) { +- /* Reset to defaults */ +- lim->lms_t_soft = SLAPD_DEFAULT_TIMELIMIT; +- lim->lms_t_hard = 0; +- return 0; ++ /* Reset to defaults or values from frontend */ ++ if ( c->be == frontendDB ) { ++ lim->lms_t_soft = SLAPD_DEFAULT_TIMELIMIT; ++ lim->lms_t_hard = 0; ++ } else { ++ lim->lms_t_soft = frontendDB->be_def_limit.lms_t_soft; ++ lim->lms_t_hard = frontendDB->be_def_limit.lms_t_hard; ++ } ++ goto ok; + } + for(i = 1; i < c->argc; i++) { + if(!strncasecmp(c->argv[i], "time", 4)) { +@@ -2287,6 +2329,30 @@ config_timelimit(ConfigArgs *c) { + lim->lms_t_hard = 0; + } + } ++ ++ok: ++ if ( ( c->be == frontendDB ) && ( c->ca_entry ) ) { ++ /* This is a modification to the global limits apply it to ++ * the other databases as needed */ ++ AttributeDescription *ad=NULL; ++ const char *text = NULL; ++ slap_str2ad(c->argv[0], &ad, &text); ++ /* if we got here... */ ++ assert( ad != NULL ); ++ ++ CfEntryInfo *ce = c->ca_entry->e_private; ++ if ( ce->ce_type == Cft_Global ){ ++ ce = ce->ce_kids; ++ } ++ for (; ce; ce=ce->ce_sibs) { ++ Entry *dbe = ce->ce_entry; ++ if ( (ce->ce_type == Cft_Database) && (ce->ce_be != frontendDB) ++ && (!attr_find(dbe->e_attrs, ad)) ) { ++ ce->ce_be->be_def_limit.lms_t_soft = lim->lms_t_soft; ++ ce->ce_be->be_def_limit.lms_t_hard = lim->lms_t_hard; ++ } ++ } ++ } + return(0); + } + +-- +1.6.4.2 + diff --git a/libldap-tls_chkhost-its6239.dif b/libldap-tls_chkhost-its6239.dif deleted file mode 100644 index a5b780a..0000000 --- a/libldap-tls_chkhost-its6239.dif +++ /dev/null @@ -1,125 +0,0 @@ -Index: libraries/libldap/tls_o.c -=================================================================== -RCS file: /repo/OpenLDAP/pkg/ldap/libraries/libldap/tls_o.c,v -retrieving revision 1.5.2.4 -retrieving revision 1.5.2.6 -diff -u -r1.5.2.4 -r1.5.2.6 ---- libraries/libldap/tls_o.c 1 Jul 2009 23:04:49 -0000 1.5.2.4 -+++ libraries/libldap/tls_o.c 13 Aug 2009 00:52:04 -0000 1.5.2.6 -@@ -466,7 +466,7 @@ - X509 *x; - const char *name; - char *ptr; -- int ntype = IS_DNS; -+ int ntype = IS_DNS, nlen; - #ifdef LDAP_PF_INET6 - struct in6_addr addr; - #else -@@ -480,6 +480,7 @@ - } else { - name = name_in; - } -+ nlen = strlen(name); - - x = tlso_get_cert(s); - if (!x) { -@@ -513,15 +514,14 @@ - ex = X509_get_ext(x, i); - alt = X509V3_EXT_d2i(ex); - if (alt) { -- int n, len1 = 0, len2 = 0; -+ int n, len2 = 0; - char *domain = NULL; - GENERAL_NAME *gn; - - if (ntype == IS_DNS) { -- len1 = strlen(name); - domain = strchr(name, '.'); - if (domain) { -- len2 = len1 - (domain-name); -+ len2 = nlen - (domain-name); - } - } - n = sk_GENERAL_NAME_num(alt); -@@ -539,7 +539,7 @@ - if (sl == 0) continue; - - /* Is this an exact match? */ -- if ((len1 == sl) && !strncasecmp(name, sn, len1)) { -+ if ((nlen == sl) && !strncasecmp(name, sn, nlen)) { - break; - } - -@@ -579,13 +579,28 @@ - - if (ret != LDAP_SUCCESS) { - X509_NAME *xn; -- char buf[2048]; -- buf[0] = '\0'; -+ X509_NAME_ENTRY *ne; -+ ASN1_OBJECT *obj; -+ ASN1_STRING *cn = NULL; -+ int navas; -+ -+ /* find the last CN */ -+ obj = OBJ_nid2obj( NID_commonName ); -+ if ( !obj ) goto no_cn; /* should never happen */ - - xn = X509_get_subject_name(x); -- if( X509_NAME_get_text_by_NID( xn, NID_commonName, -- buf, sizeof(buf)) == -1) -+ navas = X509_NAME_entry_count( xn ); -+ for ( i=navas-1; i>=0; i-- ) { -+ ne = X509_NAME_get_entry( xn, i ); -+ if ( !OBJ_cmp( ne->object, obj )) { -+ cn = X509_NAME_ENTRY_get_data( ne ); -+ break; -+ } -+ } -+ -+ if( !cn ) - { -+no_cn: - Debug( LDAP_DEBUG_ANY, - "TLS: unable to get common name from peer certificate.\n", - 0, 0, 0 ); -@@ -596,21 +611,20 @@ - ld->ld_error = LDAP_STRDUP( - _("TLS: unable to get CN from peer certificate")); - -- } else if (strcasecmp(name, buf) == 0 ) { -+ } else if ( cn->length == nlen && -+ strncasecmp( name, (char *) cn->data, nlen ) == 0 ) { - ret = LDAP_SUCCESS; - -- } else if (( buf[0] == '*' ) && ( buf[1] == '.' )) { -+ } else if (( cn->data[0] == '*' ) && ( cn->data[1] == '.' )) { - char *domain = strchr(name, '.'); - if( domain ) { -- size_t dlen = 0; -- size_t sl; -+ size_t dlen; - -- sl = strlen(name); -- dlen = sl - (domain-name); -- sl = strlen(buf); -+ dlen = nlen - (domain-name); - - /* Is this a wildcard match? */ -- if ((dlen == sl-1) && !strncasecmp(domain, &buf[1], dlen)) { -+ if ((dlen == cn->length-1) && -+ !strncasecmp(domain, (char *) &cn->data[1], dlen)) { - ret = LDAP_SUCCESS; - } - } -@@ -618,8 +632,8 @@ - - if( ret == LDAP_LOCAL_ERROR ) { - Debug( LDAP_DEBUG_ANY, "TLS: hostname (%s) does not match " -- "common name in certificate (%s).\n", -- name, buf, 0 ); -+ "common name in certificate (%.*s).\n", -+ name, cn->length, cn->data ); - ret = LDAP_CONNECT_ERROR; - if ( ld->ld_error ) { - LDAP_FREE( ld->ld_error ); diff --git a/openldap-2.4.17.tar.bz2 b/openldap-2.4.17.tar.bz2 deleted file mode 100644 index ea0fb88..0000000 --- a/openldap-2.4.17.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:9420647e50819d5b21ce271f827a00e76ac60a06712ec5fa948aaeca160543b6 -size 4372683 diff --git a/openldap-2.4.20.tar.bz2 b/openldap-2.4.20.tar.bz2 new file mode 100644 index 0000000..b06b6c0 --- /dev/null +++ b/openldap-2.4.20.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:af0f2ceb0fbabd866bf25bc6ea2013d4bf0510d84f6d4bcde25c8f0c270b411c +size 4417900 diff --git a/openldap2-client.changes b/openldap2-client.changes index 80488b2..df58381 100644 --- a/openldap2-client.changes +++ b/openldap2-client.changes @@ -1,3 +1,40 @@ +------------------------------------------------------------------- +Thu Dec 10 15:41:11 UTC 2009 - rhafer@novell.com + +- Fixed an issue in back-config's objectclass inheritence code that + could cause the server to fail to start or to spin in an endless + loop (bnc#558059,ITS#6408) +- default the tls_reqcert parameter of a syncrepl config to + "demand" as documented even if other tls_ options are absent + (bnc#558397, ITS#6319) +- apply changes to the global size and timelimits to all database + that don't specify limits themself. (bnc#562184, ITS#6428) + +------------------------------------------------------------------- +Mon Nov 30 16:09:22 UTC 2009 - rhafer@novell.com + +- Update to 2.4.20 (fate#306593), most important fixes since 2.4.19 + * Fixed liblber embedded NUL values in BerValues (ITS#6353) + * Fixed libldap sasl buffer sizing (ITS#6327,ITS#6334) + * Fixed libldap uninitialized return value (ITS#6355) + * Fixed libldap unlimited timeout (ITS#6388) + * Added slapd handling of hex server IDs (ITS#6297) + * Fixed slapd checks of str2filter (ITS#6391) + * Fixed slapd configArgs initialization (ITS#6363) + * Fixed slapd db_open with connection_fake_init (ITS#6381) + * Fixed slapd with embedded \0 in bervals (ITS#6378,ITS#6379) + * Fixed slapd inclusion of ac/unistd.h (ITS#6342) + * Fixed slapd sl_free to better reclaim memory (ITS#6380) + * Fixed slapd syncrepl deletes in MirrorMode (ITS#6368) + * Fixed slapd syncrepl to use correct SID (ITS#6367) + * Fixed slapd tls_accept to retry in certain cases (ITS#6304) + * Fixed slapd-bdb/hdb cache corruption (ITS#6341) + * Fixed slapd-bdb/hdb entry cache (ITS#6360) + * Fixed slapo-syncprov checkpoint conversion (ITS#6370) + * Fixed slapo-syncprov deadlock (ITS#6335) + * Fixed slapo-syncprov out of order changes (ITS#6346) +- Added switch to enable/disable testsuite (%run_test_suite) + ------------------------------------------------------------------- Tue Nov 3 19:13:32 UTC 2009 - coolo@novell.com diff --git a/openldap2-client.spec b/openldap2-client.spec index 9435a60..7afb3ef 100644 --- a/openldap2-client.spec +++ b/openldap2-client.spec @@ -1,5 +1,5 @@ # -# spec file for package openldap2-client (Version 2.4.17) +# spec file for package openldap2-client (Version 2.4.20) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -17,6 +17,7 @@ # norootforbuild +%define run_test_suite 1 Name: openldap2-client BuildRequires: cyrus-sasl-devel db-devel libopenssl-devel openslp-devel tcpd-devel @@ -26,10 +27,10 @@ BuildRequires: -db-devel -libopenssl-devel -pwdutils libdb-4_5-devel openssl-de %if %sles_version == 10 BuildRequires: -db-devel -libopenssl-devel -pwdutils libdb-4_5-devel openssl-devel %endif -Version: 2.4.17 -Release: 5 +Version: 2.4.20 +Release: 1 Url: http://www.openldap.org -License: BSD 3-clause (or similar) ; openldap 2.8 +License: BSD3c(or similar) ; openldap 2.8 %if "%{name}" == "openldap2" Group: Productivity/Networking/LDAP/Clients Provides: ldap2 openldap2-back-ldap openldap2-back-monitor @@ -41,6 +42,7 @@ Summary: The OpenLDAP commandline client tools %else Group: Productivity/Networking/LDAP/Clients Conflicts: openldap-client +Requires: libldap-2_4-2 = %{version} Summary: The OpenLDAP commandline client tools %endif AutoReqProv: on @@ -52,16 +54,16 @@ Source4: sasl-slapd.conf Source5: README.update Source6: schema2ldif Source100: openldap-2.3.37.tar.bz2 -Patch: openldap2.dif +Patch1: openldap2.dif Patch2: slapd_conf.dif Patch3: ldap_conf.dif Patch4: ldapi_url.dif -Patch5: test056-monitor-its6213.dif Patch6: libldap-gethostbyname_r.dif Patch7: pie-compile.dif Patch11: slapd-bconfig-del-db.dif -Patch14: slapo-collect-include.dif -Patch15: libldap-tls_chkhost-its6239.dif +Patch12: 0001-back-config-objectclass-inheritence-ITS-6408.dif +Patch13: 0002-init-bindconf-TLS-settings-ITS-6419.dif +Patch14: 0003-apply-global-limit-changes-to-all-databases-ITS-6428.dif Patch100: openldap-2.3.37.dif Patch200: slapd_getaddrinfo_dupl.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -80,7 +82,7 @@ Authors: The OpenLDAP Project %package -n openldap2-back-perl -License: BSD 3-clause (or similar) +License: BSD3c(or similar) Summary: OpenLDAP Perl Back-End Requires: openldap2 = %{version} perl = %{perl_version} AutoReqProv: on @@ -97,7 +99,7 @@ Authors: The OpenLDAP Project %package -n openldap2-back-meta -License: BSD 3-clause (or similar) +License: BSD3c(or similar) Summary: OpenLDAP Meta Back-End Requires: openldap2 = %{version} AutoReqProv: on @@ -128,7 +130,7 @@ Authors: %package -n openldap2-devel -License: BSD 3-clause (or similar) ; openldap 2.8 +License: BSD3c(or similar) ; openldap 2.8 Summary: Libraries, Header Files and Documentation for OpenLDAP AutoReqProv: on # bug437293 @@ -155,7 +157,7 @@ Authors: The OpenLDAP Project %package -n libldap-2_4-2 -License: BSD 3-clause (or similar) ; openldap 2.8 +License: BSD3c(or similar) ; openldap 2.8 Summary: OpenLDAP Client Libraries AutoReqProv: on Group: Productivity/Networking/LDAP/Clients @@ -173,18 +175,18 @@ Authors: %prep %setup -q -n openldap-%{version} -a1 -a2 -b100 -%patch +%patch1 %patch2 %patch3 %patch4 -%patch5 %patch6 %if %suse_version > 920 %patch7 %endif %patch11 +%patch12 -p1 +%patch13 -p1 %patch14 -p1 -%patch15 %if %suse_version == 1100 %patch200 -p1 %endif @@ -253,6 +255,7 @@ make %{?jobs:-j%jobs} %endif %check +%if %run_test_suite # calculate the base port to be use in the test-suite SLAPD_BASEPORT=10000 if [ -f /.buildenv ] ; then @@ -274,6 +277,7 @@ rm -f tests/scripts/test050-syncrepl-multimaster rm -f tests/scripts/test058-syncrepl-asymmetric make SLAPD_DEBUG=0 test %endif +%endif %install mkdir -p $RPM_BUILD_ROOT/etc/init.d diff --git a/openldap2.changes b/openldap2.changes index 80488b2..df58381 100644 --- a/openldap2.changes +++ b/openldap2.changes @@ -1,3 +1,40 @@ +------------------------------------------------------------------- +Thu Dec 10 15:41:11 UTC 2009 - rhafer@novell.com + +- Fixed an issue in back-config's objectclass inheritence code that + could cause the server to fail to start or to spin in an endless + loop (bnc#558059,ITS#6408) +- default the tls_reqcert parameter of a syncrepl config to + "demand" as documented even if other tls_ options are absent + (bnc#558397, ITS#6319) +- apply changes to the global size and timelimits to all database + that don't specify limits themself. (bnc#562184, ITS#6428) + +------------------------------------------------------------------- +Mon Nov 30 16:09:22 UTC 2009 - rhafer@novell.com + +- Update to 2.4.20 (fate#306593), most important fixes since 2.4.19 + * Fixed liblber embedded NUL values in BerValues (ITS#6353) + * Fixed libldap sasl buffer sizing (ITS#6327,ITS#6334) + * Fixed libldap uninitialized return value (ITS#6355) + * Fixed libldap unlimited timeout (ITS#6388) + * Added slapd handling of hex server IDs (ITS#6297) + * Fixed slapd checks of str2filter (ITS#6391) + * Fixed slapd configArgs initialization (ITS#6363) + * Fixed slapd db_open with connection_fake_init (ITS#6381) + * Fixed slapd with embedded \0 in bervals (ITS#6378,ITS#6379) + * Fixed slapd inclusion of ac/unistd.h (ITS#6342) + * Fixed slapd sl_free to better reclaim memory (ITS#6380) + * Fixed slapd syncrepl deletes in MirrorMode (ITS#6368) + * Fixed slapd syncrepl to use correct SID (ITS#6367) + * Fixed slapd tls_accept to retry in certain cases (ITS#6304) + * Fixed slapd-bdb/hdb cache corruption (ITS#6341) + * Fixed slapd-bdb/hdb entry cache (ITS#6360) + * Fixed slapo-syncprov checkpoint conversion (ITS#6370) + * Fixed slapo-syncprov deadlock (ITS#6335) + * Fixed slapo-syncprov out of order changes (ITS#6346) +- Added switch to enable/disable testsuite (%run_test_suite) + ------------------------------------------------------------------- Tue Nov 3 19:13:32 UTC 2009 - coolo@novell.com diff --git a/openldap2.spec b/openldap2.spec index f1a8c19..a7c1181 100644 --- a/openldap2.spec +++ b/openldap2.spec @@ -1,5 +1,5 @@ # -# spec file for package openldap2 (Version 2.4.17) +# spec file for package openldap2 (Version 2.4.20) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -17,6 +17,7 @@ # norootforbuild +%define run_test_suite 1 Name: openldap2 BuildRequires: cyrus-sasl-devel db-devel libopenssl-devel openslp-devel tcpd-devel @@ -26,10 +27,10 @@ BuildRequires: -db-devel -libopenssl-devel -pwdutils libdb-4_5-devel openssl-de %if %sles_version == 10 BuildRequires: -db-devel -libopenssl-devel -pwdutils libdb-4_5-devel openssl-devel %endif -Version: 2.4.17 -Release: 5 +Version: 2.4.20 +Release: 1 Url: http://www.openldap.org -License: BSD 3-clause (or similar) ; openldap 2.8 +License: BSD3c(or similar) ; openldap 2.8 %if "%{name}" == "openldap2" Group: Productivity/Networking/LDAP/Clients Provides: ldap2 openldap2-back-ldap openldap2-back-monitor @@ -41,6 +42,7 @@ Summary: The OpenLDAP commandline client tools %else Group: Productivity/Networking/LDAP/Clients Conflicts: openldap-client +Requires: libldap-2_4-2 = %{version} Summary: The OpenLDAP commandline client tools %endif AutoReqProv: on @@ -52,16 +54,16 @@ Source4: sasl-slapd.conf Source5: README.update Source6: schema2ldif Source100: openldap-2.3.37.tar.bz2 -Patch: openldap2.dif +Patch1: openldap2.dif Patch2: slapd_conf.dif Patch3: ldap_conf.dif Patch4: ldapi_url.dif -Patch5: test056-monitor-its6213.dif Patch6: libldap-gethostbyname_r.dif Patch7: pie-compile.dif Patch11: slapd-bconfig-del-db.dif -Patch14: slapo-collect-include.dif -Patch15: libldap-tls_chkhost-its6239.dif +Patch12: 0001-back-config-objectclass-inheritence-ITS-6408.dif +Patch13: 0002-init-bindconf-TLS-settings-ITS-6419.dif +Patch14: 0003-apply-global-limit-changes-to-all-databases-ITS-6428.dif Patch100: openldap-2.3.37.dif Patch200: slapd_getaddrinfo_dupl.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -80,7 +82,7 @@ Authors: The OpenLDAP Project %package -n openldap2-back-perl -License: BSD 3-clause (or similar) +License: BSD3c(or similar) Summary: OpenLDAP Perl Back-End Requires: openldap2 = %{version} perl = %{perl_version} AutoReqProv: on @@ -97,7 +99,7 @@ Authors: The OpenLDAP Project %package -n openldap2-back-meta -License: BSD 3-clause (or similar) +License: BSD3c(or similar) Summary: OpenLDAP Meta Back-End Requires: openldap2 = %{version} AutoReqProv: on @@ -128,7 +130,7 @@ Authors: %package -n openldap2-devel -License: BSD 3-clause (or similar) ; openldap 2.8 +License: BSD3c(or similar) ; openldap 2.8 Summary: Libraries, Header Files and Documentation for OpenLDAP AutoReqProv: on # bug437293 @@ -155,7 +157,7 @@ Authors: The OpenLDAP Project %package -n libldap-2_4-2 -License: BSD 3-clause (or similar) ; openldap 2.8 +License: BSD3c(or similar) ; openldap 2.8 Summary: OpenLDAP Client Libraries AutoReqProv: on Group: Productivity/Networking/LDAP/Clients @@ -173,18 +175,18 @@ Authors: %prep %setup -q -n openldap-%{version} -a1 -a2 -b100 -%patch +%patch1 %patch2 %patch3 %patch4 -%patch5 %patch6 %if %suse_version > 920 %patch7 %endif %patch11 +%patch12 -p1 +%patch13 -p1 %patch14 -p1 -%patch15 %if %suse_version == 1100 %patch200 -p1 %endif @@ -253,6 +255,7 @@ make %{?jobs:-j%jobs} %endif %check +%if %run_test_suite # calculate the base port to be use in the test-suite SLAPD_BASEPORT=10000 if [ -f /.buildenv ] ; then @@ -274,6 +277,7 @@ rm -f tests/scripts/test050-syncrepl-multimaster rm -f tests/scripts/test058-syncrepl-asymmetric make SLAPD_DEBUG=0 test %endif +%endif %install mkdir -p $RPM_BUILD_ROOT/etc/init.d diff --git a/slapo-collect-include.dif b/slapo-collect-include.dif deleted file mode 100644 index 6b63bc6..0000000 --- a/slapo-collect-include.dif +++ /dev/null @@ -1,12 +0,0 @@ -Index: openldap-2.4.17/servers/slapd/overlays/collect.c -=================================================================== ---- openldap-2.4.17.orig/servers/slapd/overlays/collect.c -+++ openldap-2.4.17/servers/slapd/overlays/collect.c -@@ -30,6 +30,7 @@ - - #include "slap.h" - #include "config.h" -+#include "lutil.h" - - #include "lutil.h" - diff --git a/test056-monitor-its6213.dif b/test056-monitor-its6213.dif deleted file mode 100644 index 5f15235..0000000 --- a/test056-monitor-its6213.dif +++ /dev/null @@ -1,36 +0,0 @@ -Index: tests/scripts/test056-monitor -=================================================================== -RCS file: /repo/OpenLDAP/pkg/ldap/tests/scripts/test056-monitor,v -retrieving revision 1.3 -retrieving revision 1.4 -diff -u -r1.3 -r1.4 ---- tests/scripts/test056-monitor 2 Jul 2009 13:26:52 -0000 1.3 -+++ tests/scripts/test056-monitor 14 Jul 2009 11:35:56 -0000 1.4 -@@ -66,7 +66,7 @@ - echo "Filtering ldapsearch results..." - sed -e "$localrewrite" < $SEARCHOUT | . $LDIFFILTER > $SEARCHFLT - echo "Filtering expected data..." --sed -e "$localrewrite" < $MONITOROUT1 | . $LDIFFILTER > $LDIFFLT -+. $CONFFILTER < $MONITOROUT1 | sed -e "$localrewrite" | . $LDIFFILTER > $LDIFFLT - echo "Comparing filter output..." - $CMP $SEARCHFLT $LDIFFLT > $CMPOUT - -Index: tests/data/monitor1.out -=================================================================== -RCS file: /repo/OpenLDAP/pkg/ldap/tests/data/monitor1.out,v -retrieving revision 1.1 -retrieving revision 1.2 -diff -u -r1.1 -r1.2 ---- tests/data/monitor1.out 27 Jan 2009 09:09:51 -0000 1.1 -+++ tests/data/monitor1.out 14 Jul 2009 11:35:56 -0000 1.2 -@@ -9,8 +9,8 @@ - monitorConnectionRead: 2 - monitorConnectionWrite: 0 - monitorConnectionMask: rx --monitorConnectionListener: ldap://localhost:9011/ --monitorConnectionLocalAddress: IP=127.0.0.1:9011 -+monitorConnectionListener: ldap://localhost:@PORT1@/ -+monitorConnectionLocalAddress: IP=127.0.0.1:@PORT1@ - entryDN: cn=Connection 1,cn=Connections,cn=Monitor - - dn: cn=Connections,cn=Monitor