From 5d47a20f54f3b84cbd8f816b17085e8b6d1b7bbdff28e8ee2b6baa927bcbc180 Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp Date: Tue, 6 Dec 2011 12:54:38 +0000 Subject: [PATCH] Accepting request 95567 from home:rhafer:branches:network:ldap update to 2.4.28 OBS-URL: https://build.opensuse.org/request/show/95567 OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=76 --- 0001-build-adjustments.dif | 6 +- 0002-slapd.conf.dif | 4 +- 0003-LDAPI-socket-location.dif | 4 +- 0004-libldap-use-gethostbyname_r.dif | 6 +- 0005-pie-compile.dif | 4 +- ...006-No-Build-date-and-time-in-binaries.dif | 4 +- ...d-fixes-for-back-config-DELETE-support.dif | 50 ------- ...f => 0007-Recover-on-DB-version-change.dif | 4 +- ...-unregister_supported_control-backport.dif | 141 ------------------ ...-exposure-of-SSS-VLV-controls-ITS-6647.dif | 46 ------ 0011-config-delete-overlay-fixes.dif | 110 -------------- ...igLDAPdel-callback-from-current-master.dif | 115 -------------- ...ize-overrun-on-zero-length-string-ITS-.dif | 59 -------- ...eworked-default-deny-ACL-for-cn-config.dif | 95 ------------ openldap-2.4.26.tgz | 3 - openldap-2.4.28.tgz | 3 + openldap2-client.changes | 53 +++++++ openldap2-client.spec | 45 ++---- openldap2.changes | 53 +++++++ openldap2.spec | 45 ++---- 20 files changed, 145 insertions(+), 705 deletions(-) rename 0007-No-Build-date-and-time-in-binaries.dif => 0006-No-Build-date-and-time-in-binaries.dif (92%) delete mode 100644 0006-assorted-fixes-for-back-config-DELETE-support.dif rename 0008-Recover-on-DB-version-change.dif => 0007-Recover-on-DB-version-change.dif (92%) delete mode 100644 0009-unregister_supported_control-backport.dif delete mode 100644 0010-Fix-exposure-of-SSS-VLV-controls-ITS-6647.dif delete mode 100644 0011-config-delete-overlay-fixes.dif delete mode 100644 0012-backport-ConfigLDAPdel-callback-from-current-master.dif delete mode 100644 0013-UTF8StringNormalize-overrun-on-zero-length-string-ITS-.dif delete mode 100644 0014-ITS-7066-reworked-default-deny-ACL-for-cn-config.dif delete mode 100644 openldap-2.4.26.tgz create mode 100644 openldap-2.4.28.tgz diff --git a/0001-build-adjustments.dif b/0001-build-adjustments.dif index 1e77e55..77bd9a1 100644 --- a/0001-build-adjustments.dif +++ b/0001-build-adjustments.dif @@ -1,4 +1,4 @@ -From 43a8df1cab3f7bafb34b3356833779e6e2f0eaf1 Mon Sep 17 00:00:00 2001 +From ada0d25f62670b502166ce05fce29beb9d86ce96 Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp Date: Wed, 16 Jun 2010 14:04:07 +0200 Subject: build-adjustments @@ -20,7 +20,7 @@ index 66ac3bf..f09e0c3 100644 sharedstatedir = @sharedstatedir@ sysconfdir = @sysconfdir@$(ldap_subdir) diff --git a/configure.in b/configure.in -index 0872d81..225647b 100644 +index e7e5a7e..ef9d4f5 100644 --- a/configure.in +++ b/configure.in @@ -69,7 +69,9 @@ dnl Determine host platform @@ -35,5 +35,5 @@ index 0872d81..225647b 100644 AC_SUBST(VERSION)dnl AC_DEFINE_UNQUOTED(OPENLDAP_PACKAGE,"$PACKAGE",Package) -- -1.7.3.4 +1.7.7 diff --git a/0002-slapd.conf.dif b/0002-slapd.conf.dif index 698661d..dd8d75a 100644 --- a/0002-slapd.conf.dif +++ b/0002-slapd.conf.dif @@ -1,4 +1,4 @@ -From 3a5f7ce7960e64d49ad104cc9abc7941b454d933 Mon Sep 17 00:00:00 2001 +From dc422b3d677b7bb9c0699d40623def4dc93d54f0 Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp Date: Wed, 16 Jun 2010 14:05:49 +0200 Subject: slapd.conf @@ -93,5 +93,5 @@ index 4938b85..9caf292 100644 # Indices to maintain index objectClass eq -- -1.7.3.4 +1.7.7 diff --git a/0003-LDAPI-socket-location.dif b/0003-LDAPI-socket-location.dif index a41d379..d13a430 100644 --- a/0003-LDAPI-socket-location.dif +++ b/0003-LDAPI-socket-location.dif @@ -1,4 +1,4 @@ -From c5b25d50557bb79a54654699d47af29342157ad9 Mon Sep 17 00:00:00 2001 +From daab8464b7e9269012c22566ff8406122cc1f19b Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp Date: Wed, 16 Jun 2010 14:06:42 +0200 Subject: LDAPI socket location @@ -18,5 +18,5 @@ index 426d7f6..9a21f98 100644 /* * SLAPD DEFINITIONS -- -1.7.3.4 +1.7.7 diff --git a/0004-libldap-use-gethostbyname_r.dif b/0004-libldap-use-gethostbyname_r.dif index d6bdb1c..f7b3c47 100644 --- a/0004-libldap-use-gethostbyname_r.dif +++ b/0004-libldap-use-gethostbyname_r.dif @@ -1,11 +1,11 @@ -From 119f2c14aac61a04d98719b399266c1ed235793a Mon Sep 17 00:00:00 2001 +From ae570a81db3e070d0c449fe9eb70352c8ffcf22a Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp Date: Wed, 16 Jun 2010 14:08:03 +0200 Subject: libldap use gethostbyname_r diff --git a/libraries/libldap/util-int.c b/libraries/libldap/util-int.c -index d2b4ae8..3180d74 100644 +index f0b5f72..ea5e178 100644 --- a/libraries/libldap/util-int.c +++ b/libraries/libldap/util-int.c @@ -52,7 +52,7 @@ extern int h_errno; @@ -27,5 +27,5 @@ index d2b4ae8..3180d74 100644 #if !(defined(HAVE_GETHOSTBYNAME_R) && defined(HAVE_GETHOSTBYADDR_R)) -- -1.7.3.4 +1.7.7 diff --git a/0005-pie-compile.dif b/0005-pie-compile.dif index 9751244..61a7bd5 100644 --- a/0005-pie-compile.dif +++ b/0005-pie-compile.dif @@ -1,4 +1,4 @@ -From 34e2af586533bf43e2fec55e707fa4d51ca6634c Mon Sep 17 00:00:00 2001 +From ef2b8372346fd32c21a8b19864c2f29aed5e3e63 Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp Date: Fri, 12 Nov 2010 09:39:11 +0100 Subject: pie compile @@ -114,5 +114,5 @@ index f93a84c..a35dd83 100644 MOD_DEFS = $(@BUILD_RELAY@_DEFS) -- -1.7.3.4 +1.7.7 diff --git a/0007-No-Build-date-and-time-in-binaries.dif b/0006-No-Build-date-and-time-in-binaries.dif similarity index 92% rename from 0007-No-Build-date-and-time-in-binaries.dif rename to 0006-No-Build-date-and-time-in-binaries.dif index 9fef94f..86ac1f1 100644 --- a/0007-No-Build-date-and-time-in-binaries.dif +++ b/0006-No-Build-date-and-time-in-binaries.dif @@ -1,4 +1,4 @@ -From 708185d30ee5a94ca4d98707521620291c8ddd1d Mon Sep 17 00:00:00 2001 +From b0508b1d0322491955d6ed11fc8c980f6a07dd18 Mon Sep 17 00:00:00 2001 From: Cristian Rodriguez Date: Tue, 5 Oct 2010 13:59:40 +0200 Subject: No Build date and time in binaries @@ -29,5 +29,5 @@ index 5c020b8..0160ab1 100755 __EOF__ -- -1.7.3.4 +1.7.7 diff --git a/0006-assorted-fixes-for-back-config-DELETE-support.dif b/0006-assorted-fixes-for-back-config-DELETE-support.dif deleted file mode 100644 index 8ab22fa..0000000 --- a/0006-assorted-fixes-for-back-config-DELETE-support.dif +++ /dev/null @@ -1,50 +0,0 @@ -From 1b23710affd68704d8fb66ba42901fa7aed1a379 Mon Sep 17 00:00:00 2001 -From: Ralf Haferkamp -Date: Wed, 16 Jun 2010 14:08:56 +0200 -Subject: assorted fixes for back-config DELETE support - - -diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c -index 006647b..3354c09 100644 ---- a/servers/slapd/bconfig.c -+++ b/servers/slapd/bconfig.c -@@ -6050,13 +6050,26 @@ config_back_delete( Operation *op, SlapReply *rs ) - rs->sr_err = LDAP_UNWILLING_TO_PERFORM; - } else if ( op->o_abandon ) { - rs->sr_err = SLAPD_ABANDON; -- } else if ( ce->ce_type == Cft_Overlay ){ -+ } else if ( ce->ce_type == Cft_Overlay || ce->ce_type == Cft_Database){ - char *iptr; - int count, ixold; - - ldap_pvt_thread_pool_pause( &connection_pool ); - -- overlay_remove( ce->ce_be, (slap_overinst *)ce->ce_bi ); -+ if ( ce->ce_type == Cft_Overlay ){ -+ overlay_remove( ce->ce_be, (slap_overinst *)ce->ce_bi ); -+ } else { /* Cft_Database*/ -+ if ( ce->ce_be == frontendDB || ce->ce_be == op->o_bd ){ -+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM; -+ rs->sr_text = "Cannot delete config or frontend database"; -+ ldap_pvt_thread_pool_resume( &connection_pool ); -+ goto out; -+ } -+ if ( ce->ce_be->bd_info->bi_db_close ) { -+ ce->ce_be->bd_info->bi_db_close( ce->ce_be, NULL ); -+ } -+ backend_destroy_one( ce->ce_be, 1); -+ } - - /* remove CfEntryInfo from the siblings list */ - if ( ce->ce_parent->ce_kids == ce ) { -@@ -6118,6 +6131,7 @@ config_back_delete( Operation *op, SlapReply *rs ) - #else - rs->sr_err = LDAP_UNWILLING_TO_PERFORM; - #endif /* SLAP_CONFIG_DELETE */ -+out: - send_ldap_result( op, rs ); - return rs->sr_err; - } --- -1.7.3.4 - diff --git a/0008-Recover-on-DB-version-change.dif b/0007-Recover-on-DB-version-change.dif similarity index 92% rename from 0008-Recover-on-DB-version-change.dif rename to 0007-Recover-on-DB-version-change.dif index 545ad64..0029115 100644 --- a/0008-Recover-on-DB-version-change.dif +++ b/0007-Recover-on-DB-version-change.dif @@ -1,4 +1,4 @@ -From 1ae2909f2464955fde817f3c8447724e4d5035c3 Mon Sep 17 00:00:00 2001 +From e17f4d8c705ffa9080fd2ca5cf6780e30d04b0ac Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp Date: Tue, 5 Oct 2010 14:20:22 +0200 Subject: Recover on DB version change @@ -25,5 +25,5 @@ index 526fee8..a9f7c5a 100644 /* Regular open failed, probably a missing shm environment. * Start over, do a recovery. -- -1.7.3.4 +1.7.7 diff --git a/0009-unregister_supported_control-backport.dif b/0009-unregister_supported_control-backport.dif deleted file mode 100644 index 13cb6bf..0000000 --- a/0009-unregister_supported_control-backport.dif +++ /dev/null @@ -1,141 +0,0 @@ -From 601cde61e0ad14e804a4f1bf54b6fac934aaad4b Mon Sep 17 00:00:00 2001 -From: ralf -Date: Wed, 30 Jun 2010 10:38:01 +0000 -Subject: unregister_supported_control() backport - -The fix for bnc#648479/ITS#6647 makes use of this call - -Original log-message: -new call unregister_supported_control(), will be -needed for cn=config delete support - -Also included: use be_ctrls[cid] for counting the number of overlay -instances that have registered the control for a specific BackendDB to make -sure that the control is unregistered only after the last instance calls -overlay_unregister_control(). - -diff --git a/servers/slapd/backover.c b/servers/slapd/backover.c -index cad81ab..56bcf65 100644 ---- a/servers/slapd/backover.c -+++ b/servers/slapd/backover.c -@@ -1076,14 +1076,22 @@ overlay_register_control( BackendDB *be, const char *oid ) - gotit = 1; - } - -- bd->be_ctrls[ cid ] = 1; -+ /* overlays can be instanciated multiple times, use -+ * be_ctrls[ cid ] as an instance counter, so that the -+ * overlay's controls are only really disabled after the -+ * last instance called overlay_register_control() */ -+ bd->be_ctrls[ cid ]++; - bd->be_ctrls[ SLAP_MAX_CIDS ] = 1; - } - - } - - if ( !gotit ) { -- be->bd_self->be_ctrls[ cid ] = 1; -+ /* overlays can be instanciated multiple times, use -+ * be_ctrls[ cid ] as an instance counter, so that the -+ * overlay's controls are only really unregistered after the -+ * last instance called overlay_register_control() */ -+ be->bd_self->be_ctrls[ cid ]++; - be->bd_self->be_ctrls[ SLAP_MAX_CIDS ] = 1; - } - -@@ -1091,6 +1099,34 @@ overlay_register_control( BackendDB *be, const char *oid ) - } - - void -+overlay_unregister_control( BackendDB *be, const char *oid ) -+{ -+ int gotit = 0; -+ int cid; -+ -+ if ( slap_find_control_id( oid, &cid ) == LDAP_CONTROL_NOT_FOUND ) { -+ return; -+ } -+ -+ if ( SLAP_ISGLOBALOVERLAY( be ) ) { -+ BackendDB *bd; -+ -+ /* remove from all backends... */ -+ LDAP_STAILQ_FOREACH( bd, &backendDB, be_next ) { -+ if ( bd == be->bd_self ) { -+ gotit = 1; -+ } -+ -+ bd->be_ctrls[ cid ]--; -+ } -+ } -+ -+ if ( !gotit ) { -+ be->bd_self->be_ctrls[ cid ]--; -+ } -+} -+ -+void - overlay_destroy_one( BackendDB *be, slap_overinst *on ) - { - slap_overinfo *oi = on->on_info; -diff --git a/servers/slapd/controls.c b/servers/slapd/controls.c -index 96df34e..8d079c5 100644 ---- a/servers/slapd/controls.c -+++ b/servers/slapd/controls.c -@@ -344,6 +344,38 @@ register_supported_control2(const char *controloid, - return LDAP_SUCCESS; - } - -+#ifdef SLAP_CONFIG_DELETE -+int -+unregister_supported_control( const char *controloid ) -+{ -+ struct slap_control *sc; -+ int i; -+ -+ if ( controloid == NULL || (sc = find_ctrl( controloid )) == NULL ){ -+ return -1; -+ } -+ -+ for ( i = 0; slap_known_controls[ i ]; i++ ) { -+ if ( strcmp( controloid, slap_known_controls[ i ] ) == 0 ) { -+ do { -+ slap_known_controls[ i ] = slap_known_controls[ i+1 ]; -+ } while ( slap_known_controls[ i++ ] ); -+ num_known_controls--; -+ break; -+ } -+ } -+ -+ LDAP_SLIST_REMOVE(&controls_list, sc, slap_control, sc_next); -+ ch_free( sc->sc_oid ); -+ if ( sc->sc_extendedopsbv != NULL ) { -+ ber_bvarray_free( sc->sc_extendedopsbv ); -+ } -+ ch_free( sc ); -+ -+ return 0; -+} -+#endif /* SLAP_CONFIG_DELETE */ -+ - /* - * One-time initialization of internal controls. - */ -diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h -index 4d0e1bb..1aebece 100644 ---- a/servers/slapd/proto-slap.h -+++ b/servers/slapd/proto-slap.h -@@ -657,6 +657,10 @@ LDAP_SLAPD_F (int) register_supported_control2 LDAP_P(( - int *controlcid )); - #define register_supported_control(oid, mask, exops, fn, cid) \ - register_supported_control2((oid), (mask), (exops), (fn), 0, (cid)) -+#ifdef SLAP_CONFIG_DELETE -+LDAP_SLAPD_F (int) unregister_supported_control LDAP_P(( -+ const char* controloid )); -+#endif /* SLAP_CONFIG_DELETE */ - LDAP_SLAPD_F (int) slap_controls_init LDAP_P ((void)); - LDAP_SLAPD_F (void) controls_destroy LDAP_P ((void)); - LDAP_SLAPD_F (int) controls_root_dse_info LDAP_P ((Entry *e)); --- -1.7.3.4 - diff --git a/0010-Fix-exposure-of-SSS-VLV-controls-ITS-6647.dif b/0010-Fix-exposure-of-SSS-VLV-controls-ITS-6647.dif deleted file mode 100644 index ffaef47..0000000 --- a/0010-Fix-exposure-of-SSS-VLV-controls-ITS-6647.dif +++ /dev/null @@ -1,46 +0,0 @@ -From b5ddeac919d767a390d7d9e3c2dac092cc4232e1 Mon Sep 17 00:00:00 2001 -From: ralf -Date: Fri, 22 Jan 2010 17:01:25 +0000 -Subject: Fix exposure of SSS/VLV controls (ITS#6647) - -Fixes bnc#648479 - -Contains the following upstream commits: - -- Unregister VLV control as well when last overlay instance - is removed (additional fix for ITS#6647) - -diff --git a/servers/slapd/overlays/sssvlv.c b/servers/slapd/overlays/sssvlv.c -index ce3da34..7ffed1b 100644 ---- a/servers/slapd/overlays/sssvlv.c -+++ b/servers/slapd/overlays/sssvlv.c -@@ -1295,6 +1295,10 @@ static int sssvlv_db_init( - if ( rc != LDAP_SUCCESS ) { - Debug( LDAP_DEBUG_ANY, "Failed to register VLV Request control '%s' (%d)\n", - LDAP_CONTROL_VLVREQUEST, rc, 0 ); -+#ifdef SLAP_CONFIG_DELETE -+ overlay_unregister_control( be, LDAP_CONTROL_SORTREQUEST ); -+ unregister_supported_control( LDAP_CONTROL_SORTREQUEST ); -+#endif /* SLAP_CONFIG_DELETE */ - return rc; - } - } -@@ -1330,6 +1334,15 @@ static int sssvlv_db_destroy( - ldap_pvt_thread_mutex_destroy( &sort_conns_mutex ); - } - -+#ifdef SLAP_CONFIG_DELETE -+ overlay_unregister_control( be, LDAP_CONTROL_SORTREQUEST ); -+ overlay_unregister_control( be, LDAP_CONTROL_VLVREQUEST ); -+ if ( ov_count == 0 ) { -+ unregister_supported_control( LDAP_CONTROL_SORTREQUEST ); -+ unregister_supported_control( LDAP_CONTROL_VLVREQUEST ); -+ } -+#endif /* SLAP_CONFIG_DELETE */ -+ - if ( si ) { - ch_free( si ); - on->on_bi.bi_private = NULL; --- -1.7.3.4 - diff --git a/0011-config-delete-overlay-fixes.dif b/0011-config-delete-overlay-fixes.dif deleted file mode 100644 index 5e7407a..0000000 --- a/0011-config-delete-overlay-fixes.dif +++ /dev/null @@ -1,110 +0,0 @@ -From 0ca1fbc64f2f02cbdff0827e4ca1bbe312bebc2f Mon Sep 17 00:00:00 2001 -From: Ralf Haferkamp -Date: Fri, 22 Jan 2010 11:18:46 +0100 -Subject: config-delete overlay fixes - -- unregister controls when removing overlays from cn=config (syncprov, - ppolicy, valsort, chain and sssvlv) -- Send error to active psearches upon syncprov overlay removal -- syncprov: reset BackendInfo to original value after checkpoint. Leaks memory - otherwise (with -DSLAP_CONFIG_DELETE) - -bnc#548773 - -diff --git a/servers/slapd/back-ldap/chain.c b/servers/slapd/back-ldap/chain.c -index 41bb6ef..8f37efb 100644 ---- a/servers/slapd/back-ldap/chain.c -+++ b/servers/slapd/back-ldap/chain.c -@@ -1979,6 +1979,11 @@ ldap_chain_db_close( - BackendDB *be, - ConfigReply *cr ) - { -+#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR -+#ifdef SLAP_CONFIG_DELETE -+ overlay_unregister_control( be, LDAP_CONTROL_X_CHAINING_BEHAVIOR ); -+#endif /* SLAP_CONFIG_DELETE */ -+#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */ - return ldap_chain_db_func( be, db_close ); - } - -diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c -index 43cc345..048bf89 100644 ---- a/servers/slapd/overlays/ppolicy.c -+++ b/servers/slapd/overlays/ppolicy.c -@@ -2308,6 +2308,11 @@ ppolicy_close( - slap_overinst *on = (slap_overinst *) be->bd_info; - pp_info *pi = on->on_bi.bi_private; - -+ -+#ifdef SLAP_CONFIG_DELETE -+ overlay_unregister_control( be, LDAP_CONTROL_PASSWORDPOLICYREQUEST ); -+#endif /* SLAP_CONFIG_DELETE */ -+ - /* Perhaps backover should provide bi_destroy hooks... */ - ov_count--; - if ( ov_count <=0 && pwcons ) { -diff --git a/servers/slapd/overlays/syncprov.c b/servers/slapd/overlays/syncprov.c -index 1100de7..814f95e 100644 ---- a/servers/slapd/overlays/syncprov.c -+++ b/servers/slapd/overlays/syncprov.c -@@ -3143,6 +3143,7 @@ syncprov_db_close( - { - slap_overinst *on = (slap_overinst *) be->bd_info; - syncprov_info_t *si = (syncprov_info_t *)on->on_bi.bi_private; -+ syncops *so, *sonext; - - if ( slapMode & SLAP_TOOL_MODE ) { - return 0; -@@ -3162,6 +3163,20 @@ syncprov_db_close( - syncprov_checkpoint( op, on ); - } - -+#ifdef SLAP_CONFIG_DELETE -+ ldap_pvt_thread_mutex_lock( &si->si_ops_mutex ); -+ for ( so=si->si_ops, sonext=so; so; so=sonext ) { -+ SlapReply rs = {REP_RESULT}; -+ rs.sr_err = LDAP_UNAVAILABLE; -+ send_ldap_result( so->s_op, &rs ); -+ sonext=so->s_next; -+ syncprov_drop_psearch( so, 0); -+ } -+ si->si_ops=NULL; -+ ldap_pvt_thread_mutex_unlock( &si->si_ops_mutex ); -+ overlay_unregister_control( be, LDAP_CONTROL_SYNC ); -+#endif /* SLAP_CONFIG_DELETE */ -+ - return 0; - } - -diff --git a/servers/slapd/overlays/valsort.c b/servers/slapd/overlays/valsort.c -index 80d9382..033cbf6 100644 ---- a/servers/slapd/overlays/valsort.c -+++ b/servers/slapd/overlays/valsort.c -@@ -490,6 +490,10 @@ valsort_destroy( - slap_overinst *on = (slap_overinst *)be->bd_info; - valsort_info *vi = on->on_bi.bi_private, *next; - -+#ifdef SLAP_CONFIG_DELETE -+ overlay_unregister_control( be, LDAP_CONTROL_VALSORT ); -+#endif /* SLAP_CONFIG_DELETE */ -+ - for (; vi; vi = next) { - next = vi->vi_next; - ch_free( vi->vi_dn.bv_val ); -diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h -index 1aebece..bb0dd63 100644 ---- a/servers/slapd/proto-slap.h -+++ b/servers/slapd/proto-slap.h -@@ -484,6 +484,9 @@ LDAP_SLAPD_F (void) overlay_move LDAP_P(( - #ifdef SLAP_CONFIG_DELETE - LDAP_SLAPD_F (void) overlay_remove LDAP_P(( - BackendDB *be, slap_overinst *on )); -+LDAP_SLAPD_F (void) overlay_unregister_control LDAP_P(( -+ BackendDB *be, -+ const char *oid )); - #endif /* SLAP_CONFIG_DELETE */ - LDAP_SLAPD_F (int) overlay_callback_after_backover LDAP_P(( - Operation *op, slap_callback *sc, int append )); --- -1.7.3.4 - diff --git a/0012-backport-ConfigLDAPdel-callback-from-current-master.dif b/0012-backport-ConfigLDAPdel-callback-from-current-master.dif deleted file mode 100644 index a48c65c..0000000 --- a/0012-backport-ConfigLDAPdel-callback-from-current-master.dif +++ /dev/null @@ -1,115 +0,0 @@ -From e9c58d8eb653e2e1fa8d84f8631dcc3fa5965db2 Mon Sep 17 00:00:00 2001 -From: Ralf Haferkamp -Date: Tue, 15 Mar 2011 16:57:41 +0000 -Subject: backport ConfigLDAPdel callback from current master - -bnc#704398 - -diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c -index 3354c09..309668e 100644 ---- a/servers/slapd/bconfig.c -+++ b/servers/slapd/bconfig.c -@@ -6047,10 +6047,12 @@ config_back_delete( Operation *op, SlapReply *rs ) - rs->sr_matched = last->ce_entry->e_name.bv_val; - rs->sr_err = LDAP_NO_SUCH_OBJECT; - } else if ( ce->ce_kids ) { -- rs->sr_err = LDAP_UNWILLING_TO_PERFORM; -+ rs->sr_err = LDAP_NOT_ALLOWED_ON_NONLEAF; - } else if ( op->o_abandon ) { - rs->sr_err = SLAPD_ABANDON; -- } else if ( ce->ce_type == Cft_Overlay || ce->ce_type == Cft_Database){ -+ } else if ( ce->ce_type == Cft_Overlay || -+ ce->ce_type == Cft_Database || -+ ce->ce_type == Cft_Misc ){ - char *iptr; - int count, ixold; - -@@ -6058,7 +6060,46 @@ config_back_delete( Operation *op, SlapReply *rs ) - - if ( ce->ce_type == Cft_Overlay ){ - overlay_remove( ce->ce_be, (slap_overinst *)ce->ce_bi ); -- } else { /* Cft_Database*/ -+ } else if ( ce->ce_type == Cft_Misc ) { -+ /* -+ * only Cft_Misc objects that have a co_lddel handler set in -+ * the ConfigOCs struct can be deleted. This code also -+ * assumes that the entry can be only have one objectclass -+ * with co_type == Cft_Misc -+ */ -+ ConfigOCs co, *coptr; -+ Attribute *oc_at; -+ int i; -+ -+ oc_at = attr_find( ce->ce_entry->e_attrs, -+ slap_schema.si_ad_objectClass ); -+ if ( !oc_at ) { -+ rs->sr_err = LDAP_OTHER; -+ rs->sr_text = "objectclass not found"; -+ ldap_pvt_thread_pool_resume( &connection_pool ); -+ goto out; -+ } -+ for ( i=0; !BER_BVISNULL(&oc_at->a_nvals[i]); i++ ) { -+ co.co_name = &oc_at->a_nvals[i]; -+ coptr = avl_find( CfOcTree, &co, CfOc_cmp ); -+ if ( coptr == NULL || coptr->co_type != Cft_Misc ) { -+ continue; -+ } -+ if ( ! coptr->co_lddel || coptr->co_lddel( ce, op ) ){ -+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM; -+ if ( ! coptr->co_lddel ) { -+ rs->sr_text = "No delete handler found"; -+ } else { -+ rs->sr_err = LDAP_OTHER; -+ /* FIXME: We should return a helpful error message -+ * here */ -+ } -+ ldap_pvt_thread_pool_resume( &connection_pool ); -+ goto out; -+ } -+ break; -+ } -+ } else if (ce->ce_type == Cft_Database ) { - if ( ce->ce_be == frontendDB || ce->ce_be == op->o_bd ){ - rs->sr_err = LDAP_UNWILLING_TO_PERFORM; - rs->sr_text = "Cannot delete config or frontend database"; -@@ -6128,10 +6169,10 @@ config_back_delete( Operation *op, SlapReply *rs ) - } else { - rs->sr_err = LDAP_UNWILLING_TO_PERFORM; - } -+out: - #else - rs->sr_err = LDAP_UNWILLING_TO_PERFORM; - #endif /* SLAP_CONFIG_DELETE */ --out: - send_ldap_result( op, rs ); - return rs->sr_err; - } -diff --git a/servers/slapd/config.h b/servers/slapd/config.h -index 9c037d4..d79ae74 100644 ---- a/servers/slapd/config.h -+++ b/servers/slapd/config.h -@@ -100,12 +100,21 @@ typedef int (ConfigLDAPadd)( - typedef int (ConfigCfAdd)( - Operation *op, SlapReply *rs, Entry *parent, struct config_args_s *ca ); - -+#ifdef SLAP_CONFIG_DELETE -+/* Called when deleting a Cft_Misc Child object from cn=config */ -+typedef int (ConfigLDAPdel)( -+ CfEntryInfo *ce, Operation *op ); -+#endif -+ - typedef struct ConfigOCs { - const char *co_def; - ConfigType co_type; - ConfigTable *co_table; - ConfigLDAPadd *co_ldadd; - ConfigCfAdd *co_cfadd; -+#ifdef SLAP_CONFIG_DELETE -+ ConfigLDAPdel *co_lddel; -+#endif - ObjectClass *co_oc; - struct berval *co_name; - } ConfigOCs; --- -1.7.3.4 - diff --git a/0013-UTF8StringNormalize-overrun-on-zero-length-string-ITS-.dif b/0013-UTF8StringNormalize-overrun-on-zero-length-string-ITS-.dif deleted file mode 100644 index ca01816..0000000 --- a/0013-UTF8StringNormalize-overrun-on-zero-length-string-ITS-.dif +++ /dev/null @@ -1,59 +0,0 @@ -From 48e44e993656a08424a020347a458148169196ce Mon Sep 17 00:00:00 2001 -From: Howard Chu -Date: Thu, 6 Oct 2011 14:05:31 -0700 -Subject: UTF8StringNormalize overrun on zero-length string (ITS#7059) - -Detected by valgrind - -diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c -index 67508fc..65a7e2e 100644 ---- a/servers/slapd/schema_init.c -+++ b/servers/slapd/schema_init.c -@@ -1852,12 +1852,12 @@ UTF8StringNormalize( - } - nvalue.bv_val[nvalue.bv_len] = '\0'; - -- } else { -+ } else if ( tmp.bv_len ) { - /* string of all spaces is treated as one space */ - nvalue.bv_val[0] = ' '; - nvalue.bv_val[1] = '\0'; - nvalue.bv_len = 1; -- } -+ } /* should never be entered with 0-length val */ - - *normalized = nvalue; - return LDAP_SUCCESS; -@@ -2331,13 +2331,18 @@ postalAddressNormalize( - } - lines[l].bv_len = &val->bv_val[c] - lines[l].bv_val; - -- normalized->bv_len = l; -+ normalized->bv_len = c = l; - -- for ( l = 0; !BER_BVISNULL( &lines[l] ); l++ ) { -+ for ( l = 0; l <= c; l++ ) { - /* NOTE: we directly normalize each line, - * without unescaping the values, since the special - * values '\24' ('$') and '\5C' ('\') are not affected - * by normalization */ -+ if ( !lines[l].bv_len ) { -+ nlines[l].bv_len = 0; -+ nlines[l].bv_val = NULL; -+ continue; -+ } - rc = UTF8StringNormalize( usage, NULL, xmr, &lines[l], &nlines[l], ctx ); - if ( rc != LDAP_SUCCESS ) { - rc = LDAP_INVALID_SYNTAX; -@@ -2350,7 +2355,7 @@ postalAddressNormalize( - normalized->bv_val = slap_sl_malloc( normalized->bv_len + 1, ctx ); - - p = normalized->bv_val; -- for ( l = 0; !BER_BVISNULL( &nlines[l] ); l++ ) { -+ for ( l = 0; l <= c ; l++ ) { - p = lutil_strbvcopy( p, &nlines[l] ); - *p++ = '$'; - } --- -1.7.6.4 - diff --git a/0014-ITS-7066-reworked-default-deny-ACL-for-cn-config.dif b/0014-ITS-7066-reworked-default-deny-ACL-for-cn-config.dif deleted file mode 100644 index 26ba050..0000000 --- a/0014-ITS-7066-reworked-default-deny-ACL-for-cn-config.dif +++ /dev/null @@ -1,95 +0,0 @@ -From 5d9026cf3f93f95dd6f80ad209013e30bbb0d8e6 Mon Sep 17 00:00:00 2001 -From: Ralf Haferkamp -Date: Tue, 18 Oct 2011 17:08:05 +0200 -Subject: ITS#7066 reworked default deny ACL for cn=config - -Dynamically adding ACL for cn=config didn't work correctly, when no -ACLs where present for that database upon startup. Delete the last -ACL from the DB could also lead to unexpected results. - -diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c -index 309668e..7097d72 100644 ---- a/servers/slapd/bconfig.c -+++ b/servers/slapd/bconfig.c -@@ -84,6 +84,7 @@ static char *logfileName; - #ifdef SLAP_AUTH_REWRITE - static BerVarray authz_rewrites; - #endif -+static AccessControl *defacl_parsed = NULL; - - static struct berval cfdir; - -@@ -1297,6 +1298,12 @@ config_generic(ConfigArgs *c) { - *prev = a->acl_next; - acl_free( a ); - } -+ if ( SLAP_CONFIG( c->be ) && !c->be->be_acl ) { -+ Debug( LDAP_DEBUG_CONFIG, "config_generic (CFG_ACL): " -+ "Last explicit ACL for back-config removed. " -+ "Using hardcoded default\n", 0, 0, 0 ); -+ c->be->be_acl = defacl_parsed; -+ } - break; - - case CFG_OC: { -@@ -1792,6 +1799,9 @@ sortval_reject: - break; - - case CFG_ACL: -+ if ( SLAP_CONFIG( c->be ) && c->be->be_acl == defacl_parsed) { -+ c->be->be_acl = NULL; -+ } - /* Don't append to the global ACL if we're on a specific DB */ - i = c->valx; - if ( c->valx == -1 ) { -@@ -1801,6 +1811,9 @@ sortval_reject: - i++; - } - if ( parse_acl(c->be, c->fname, c->lineno, c->argc, c->argv, i ) ) { -+ if ( SLAP_CONFIG( c->be ) && !c->be->be_acl) { -+ c->be->be_acl = defacl_parsed; -+ } - return 1; - } - break; -@@ -6637,14 +6650,23 @@ config_back_db_open( BackendDB *be, ConfigReply *cr ) - slap_callback cb = { NULL, slap_null_cb, NULL, NULL }; - SlapReply rs = {REP_RESULT}; - void *thrctx = NULL; -+ AccessControl *save_access; - - Debug( LDAP_DEBUG_TRACE, "config_back_db_open\n", 0, 0, 0); - - /* If we have no explicitly configured ACLs, don't just use - * the global ACLs. Explicitly deny access to everything. - */ -- if ( !be->bd_self->be_acl ) { -- parse_acl(be->bd_self, "config_back_db_open", 0, 6, (char **)defacl, 0 ); -+ save_access = be->bd_self->be_acl; -+ be->bd_self->be_acl = NULL; -+ parse_acl(be->bd_self, "config_back_db_open", 0, 6, (char **)defacl, 0 ); -+ defacl_parsed = be->bd_self->be_acl; -+ if ( save_access ) { -+ be->bd_self->be_acl = save_access; -+ } else { -+ Debug( LDAP_DEBUG_CONFIG, "config_back_db_open: " -+ "No explicit ACL for back-config configured. " -+ "Using hardcoded default\n", 0, 0, 0 ); - } - - thrctx = ldap_pvt_thread_pool_context(); -@@ -6889,6 +6911,11 @@ config_back_db_close( BackendDB *be, ConfigReply *cr ) - backend_shutdown( &cfb->cb_db ); - } - -+ if ( defacl_parsed && be->be_acl != defacl_parsed ) { -+ acl_free( defacl_parsed ); -+ defacl_parsed = NULL; -+ } -+ - return 0; - } - --- -1.7.6.4 - diff --git a/openldap-2.4.26.tgz b/openldap-2.4.26.tgz deleted file mode 100644 index 479da70..0000000 --- a/openldap-2.4.26.tgz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1f42048cebbcd8647c9c566f8f070946103a15717345915ecd5fccfbe19a7c3d -size 5250064 diff --git a/openldap-2.4.28.tgz b/openldap-2.4.28.tgz new file mode 100644 index 0000000..6f355e5 --- /dev/null +++ b/openldap-2.4.28.tgz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:332ab5b13dbc0f85b1112d7a6f3485069108bfbd4d2603c8b548adbfa9bbc371 +size 5436340 diff --git a/openldap2-client.changes b/openldap2-client.changes index 5bfd4c5..0b30468 100644 --- a/openldap2-client.changes +++ b/openldap2-client.changes @@ -1,3 +1,56 @@ +------------------------------------------------------------------- +Fri Dec 2 16:11:01 UTC 2011 - rhafer@suse.de + +- Update to 2.4.28 + * Fixed back-mdb out of order slapadd (ITS#7090) + changes in OpenLDAP 2.4.27 Release (2011/11/24): + * Added slapd delta-syncrepl MMR (ITS#6734,ITS#7029,ITS#7031) + * Fixed ldapmodify crash with LDIF controls (ITS#7039) + * Fixed ldapsearch to honor timeout and timelimit (ITS#7009) + * Fixed libldap endless looping (ITS#7035) + * Fixed libldap TLS to not check hostname when using 'allow' + (ITS#7014) + * Fixed slapadd common code into slapcommon (ITS#6737) + * Fixed slapd backend connection initialization (ITS#6993) + * Fixed slapd frontend DB parsing in cn=config (ITS#7016) + * Fixed slapd hang with {numbered} overlay insertion (ITS#7030) + * Fixed slapd inet_ntop usage (ITS#6925) + * Fixed slapd cn=config deletion of bitmasks (ITS#7083) + * Fixed slapd cn=config modify replace/delete crash (ITS#7065) + * Fixed slapd schema UTF8StringNormalize with 0 length values + (ITS#7059) + * Fixed slapd with dynamic acls for cn=config (ITS#7066) + * Fixed slapd response callbacks (ITS#6059,ITS#7062) + * Fixed slapd no_connection warnings with ldapi + (ITS#6548,ITS#7092) + * Fixed slapd return code processing (ITS#7060) + * Fixed slapd sl_malloc various issues (ITS#6437) + * Fixed slapd startup behavior (ITS#6848) + * Fixed slapd syncrepl crash with non-replicated ops (ITS#6892) + * Fixed slapd syncrepl with modrdn (ITS#7000,ITS#6472) + * Fixed slapd syncrepl timeout when using refreshAndPersist + (ITS#6999) + * Fixed slapd syncrepl deletes need a non-empty CSN (ITS#7052) + * Fixed slapd syncrepl glue for empty suffix (ITS#7037) + * Fixed slapd results cleanup (ITS#6763,ITS#7053) + * Fixed slapd validation of args for TLSCertificateFile + (ITS#7012) + * Fixed slapd-bdb/hdb to build entry DN based on parent DN + (ITS#5326) + * Fixed slapd-hdb with zero-length entries (ITS#7073) + * Fixed slapd-hdb duplicate entries in subtree IDL cache + (ITS#6983) + * Fixed slapo-pcache response cleanup (ITS#6981) + * Fixed slapo-ppolicy pwdAllowUserChange behavior (ITS#7021) + * Fixed slapo-sssvlv issue with greaterThanorEqual (ITS#6985) + * Fixed slapo-sssvlv to only return requested attrs (ITS#7061) + * Fixed slapo-syncprov DSA attribute filtering for Persist mode + (ITS#7019) + * Fixed slapo-syncprov when consumer has newer state of our SID + (ITS#7040) + * Fixed slapo-syncprov crash (ITS#7025) + * Added missing LDIF form of schema files (ITS#7063) + ------------------------------------------------------------------- Fri Nov 25 10:42:39 UTC 2011 - coolo@suse.com diff --git a/openldap2-client.spec b/openldap2-client.spec index 61e0271..076b7f1 100644 --- a/openldap2-client.spec +++ b/openldap2-client.spec @@ -24,10 +24,10 @@ BuildRequires: cyrus-sasl-devel libopenssl-devel libtool %if %sles_version == 9 || %sles_version == 10 BuildRequires: -libopenssl-devel -pwdutils openssl-devel %endif -Version: 2.4.26 +Version: 2.4.28 Release: 1 Url: http://www.openldap.org -License: BSD3c(or similar) ; openldap 2.8 +License: OpenLDAP 2.8 %if "%{name}" == "openldap2" BuildRequires: db-devel openslp-devel tcpd-devel unixODBC-devel %if %sles_version == 9 || %sles_version == 10 @@ -44,7 +44,6 @@ Conflicts: openldap-client Requires: libldap-2_4-2 = %{version} Summary: The OpenLDAP commandline client tools %endif -AutoReqProv: on Source: openldap-%{version}.tgz Source1: openldap-rc.tgz Source2: addonschema.tar.gz @@ -59,15 +58,8 @@ Patch2: 0002-slapd.conf.dif Patch3: 0003-LDAPI-socket-location.dif Patch4: 0004-libldap-use-gethostbyname_r.dif Patch5: 0005-pie-compile.dif -Patch6: 0006-assorted-fixes-for-back-config-DELETE-support.dif -Patch7: 0007-No-Build-date-and-time-in-binaries.dif -Patch8: 0008-Recover-on-DB-version-change.dif -Patch9: 0009-unregister_supported_control-backport.dif -Patch10: 0010-Fix-exposure-of-SSS-VLV-controls-ITS-6647.dif -Patch11: 0011-config-delete-overlay-fixes.dif -Patch12: 0012-backport-ConfigLDAPdel-callback-from-current-master.dif -Patch13: 0013-UTF8StringNormalize-overrun-on-zero-length-string-ITS-.dif -Patch14: 0014-ITS-7066-reworked-default-deny-ACL-for-cn-config.dif +Patch6: 0006-No-Build-date-and-time-in-binaries.dif +Patch7: 0007-Recover-on-DB-version-change.dif Patch100: openldap-2.3.37.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build %if "%{name}" == "openldap2" @@ -81,10 +73,8 @@ service that has an X.500 back-end. This package contains the OpenLDAP client utilities. %package -n openldap2-back-perl -License: BSD3c(or similar) ; openldap 2.8 Summary: OpenLDAP Perl Back-End Requires: openldap2 = %{version} perl = %{perl_version} -AutoReqProv: on Group: Productivity/Networking/LDAP/Servers %description -n openldap2-back-perl @@ -92,10 +82,8 @@ The OpenLDAP Perl back-end allows you to execute Perl code specific to different LDAP operations. %package -n openldap2-back-meta -License: BSD3c(or similar) ; openldap 2.8 Summary: OpenLDAP Meta Back-End Requires: openldap2 = %{version} -AutoReqProv: on Group: Productivity/Networking/LDAP/Servers Provides: openldap2:/usr/share/man/man5/slapd-meta.5.gz @@ -106,10 +94,8 @@ these servers can be presented as belonging to a single Directory Information Tree (DIT). %package -n openldap2-back-sql -License: BSD3c(or similar) ; openldap 2.8 Summary: OpenLDAP SQL Back-End Requires: openldap2 = %{version} -AutoReqProv: on Group: Productivity/Networking/LDAP/Servers %description -n openldap2-back-sql @@ -118,10 +104,8 @@ stored in a Relational (SQL) Database as an LDAP subtree without the need to do any programming. %package -n openldap2-doc -License: BSD3c(or similar) ; openldap 2.8 Summary: OpenLDAP Documentation Group: Documentation/Other -AutoReqProv: on Provides: openldap2:/usr/share/doc/packages/openldap2/drafts/README %if 0%{?suse_version} > 1110 BuildArch: noarch @@ -141,9 +125,7 @@ service that has an X.500 back-end. This package contains the OpenLDAP client utilities. %package -n openldap2-devel -License: BSD3c(or similar) ; openldap 2.8 Summary: Libraries, Header Files and Documentation for OpenLDAP -AutoReqProv: on # bug437293 %ifarch ppc64 Obsoletes: openldap2-devel-64bit @@ -162,9 +144,7 @@ This package provides the OpenLDAP libraries, header files, and documentation. %package -n libldap-2_4-2 -License: BSD3c(or similar) ; openldap 2.8 Summary: OpenLDAP Client Libraries -AutoReqProv: on Group: Productivity/Networking/LDAP/Clients %description -n libldap-2_4-2 @@ -178,18 +158,9 @@ This package contains the OpenLDAP client libraries. %patch2 -p1 %patch3 -p1 %patch4 -p1 -%if %suse_version > 920 %patch5 -p1 -%endif %patch6 -p1 %patch7 -p1 -%patch8 -p1 -%patch9 -p1 -%patch10 -p1 -%patch11 -p1 -%patch12 -p1 -%patch13 -p1 -%patch14 -p1 cp %{SOURCE5} . cp %{SOURCE6} . cd ../openldap-2.3.37 @@ -223,6 +194,7 @@ export STRIP="" --enable-monitor=yes \ --enable-perl=mod \ --enable-sql=mod \ + --enable-mdb=no \ --enable-slp \ --enable-overlays=mod \ --enable-syncprov=yes \ @@ -315,15 +287,17 @@ install -m 644 doc/guide/images/*.gif $RPM_BUILD_ROOT/%{DOCDIR}/images install -m 644 doc/drafts/* $RPM_BUILD_ROOT/%{DOCDIR}/drafts install -m 644 ANNOUNCEMENT \ COPYRIGHT \ - INSTALL \ LICENSE \ README \ CHANGES \ %{SOURCE5} \ %{SOURCE6} \ $RPM_BUILD_ROOT/%{DOCDIR} +install -m 644 servers/slapd/slapd.ldif \ + $RPM_BUILD_ROOT/%{DOCDIR}/slapd.ldif.default rm -f $RPM_BUILD_ROOT/etc/openldap/DB_CONFIG.example rm -f $RPM_BUILD_ROOT/etc/openldap/schema/README +rm -f $RPM_BUILD_ROOT/etc/openldap/slapd.ldif* rm -f $RPM_BUILD_ROOT/var/run/slapd/openldap-data/DB_CONFIG.example mv servers/slapd/back-sql/rdbms_depend servers/slapd/back-sql/examples %if %suse_version < 1130 @@ -333,6 +307,7 @@ install -m 755 ../openldap-2.3.37/servers/slapd/slapcat $RPM_BUILD_ROOT/usr/sbin %endif rm -f $RPM_BUILD_ROOT/usr/lib/openldap/modules/*.a rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-dnssrv.5 +rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-mdb.5 rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-ndb.5 rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-null.5 rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-passwd.5 @@ -396,10 +371,10 @@ cat >openldap2.filelist <>openldap2.filelist < 1110 BuildArch: noarch @@ -134,9 +118,7 @@ The OpenLDAP Admin Guide plus a set of OpenLDAP related IETF internet drafts This package contains the OpenLDAP client utilities. %package -n openldap2-devel -License: BSD3c(or similar) ; openldap 2.8 Summary: Libraries, Header Files and Documentation for OpenLDAP -AutoReqProv: on # bug437293 %ifarch ppc64 Obsoletes: openldap2-devel-64bit @@ -155,9 +137,7 @@ This package provides the OpenLDAP libraries, header files, and documentation. %package -n libldap-2_4-2 -License: BSD3c(or similar) ; openldap 2.8 Summary: OpenLDAP Client Libraries -AutoReqProv: on Group: Productivity/Networking/LDAP/Clients %description -n libldap-2_4-2 @@ -171,18 +151,9 @@ This package contains the OpenLDAP client libraries. %patch2 -p1 %patch3 -p1 %patch4 -p1 -%if %suse_version > 920 %patch5 -p1 -%endif %patch6 -p1 %patch7 -p1 -%patch8 -p1 -%patch9 -p1 -%patch10 -p1 -%patch11 -p1 -%patch12 -p1 -%patch13 -p1 -%patch14 -p1 cp %{SOURCE5} . cp %{SOURCE6} . cd ../openldap-2.3.37 @@ -216,6 +187,7 @@ export STRIP="" --enable-monitor=yes \ --enable-perl=mod \ --enable-sql=mod \ + --enable-mdb=no \ --enable-slp \ --enable-overlays=mod \ --enable-syncprov=yes \ @@ -308,15 +280,17 @@ install -m 644 doc/guide/images/*.gif $RPM_BUILD_ROOT/%{DOCDIR}/images install -m 644 doc/drafts/* $RPM_BUILD_ROOT/%{DOCDIR}/drafts install -m 644 ANNOUNCEMENT \ COPYRIGHT \ - INSTALL \ LICENSE \ README \ CHANGES \ %{SOURCE5} \ %{SOURCE6} \ $RPM_BUILD_ROOT/%{DOCDIR} +install -m 644 servers/slapd/slapd.ldif \ + $RPM_BUILD_ROOT/%{DOCDIR}/slapd.ldif.default rm -f $RPM_BUILD_ROOT/etc/openldap/DB_CONFIG.example rm -f $RPM_BUILD_ROOT/etc/openldap/schema/README +rm -f $RPM_BUILD_ROOT/etc/openldap/slapd.ldif* rm -f $RPM_BUILD_ROOT/var/run/slapd/openldap-data/DB_CONFIG.example mv servers/slapd/back-sql/rdbms_depend servers/slapd/back-sql/examples %if %suse_version < 1130 @@ -326,6 +300,7 @@ install -m 755 ../openldap-2.3.37/servers/slapd/slapcat $RPM_BUILD_ROOT/usr/sbin %endif rm -f $RPM_BUILD_ROOT/usr/lib/openldap/modules/*.a rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-dnssrv.5 +rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-mdb.5 rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-ndb.5 rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-null.5 rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-passwd.5 @@ -389,10 +364,10 @@ cat >openldap2.filelist <>openldap2.filelist <