Hello community, here is the log from the commit of package openldap2.3937 for openSUSE:13.1:Update checked in at 2015-07-31 09:10:12 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1:Update/openldap2.3937 (Old) and /work/SRC/openSUSE:13.1:Update/.openldap2.3937.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openldap2.3937" Changes: -------- New Changes file: --- /dev/null 2015-07-22 21:25:44.928025004 +0200 +++ /work/SRC/openSUSE:13.1:Update/.openldap2.3937.new/openldap2-client.changes 2015-07-31 09:10:15.000000000 +0200 @@ -0,0 +1,2186 @@ +------------------------------------------------------------------- +Mon Jun 17 14:37:45 UTC 2013 - [email protected] + +- For now, avoid automatic use of libdb-6_0 by explicitly selecting + libdb-4_8 as BuildRequire. + +------------------------------------------------------------------- +Mon Mar 25 16:08:21 UTC 2013 - [email protected] + +- Put static libs into openldap2-devel-static and relieve + openldap2-devel of static-only deps + +------------------------------------------------------------------- +Sat Nov 17 12:06:23 CET 2012 - [email protected] + +- fix check-build.sh for kernel > 3.0 + +------------------------------------------------------------------- +Fri Nov 16 09:52:42 UTC 2012 - [email protected] + +- Fixed initscript to avoid endless loop when no configuration + is present in /etc/openldap/slapd.d/ (bnc#767464) +- cleaned up SLES10 buildrequires and dependencies +- removed support for building on SLES9, didn't work anyway anymore +- Don't buildrequire krb5-mini on Distributions where it does not + exist + +------------------------------------------------------------------- +Fri Oct 26 12:38:46 UTC 2012 - [email protected] + +- enabled mdb backend +- Update to 2.4.33 + * Added slapd-meta cn=config support + * Fixed slapd alock handling on Windows (ITS#7361) + * Fixed slapd acl handling with zero-length values (ITS#7350) + * Fixed slapd syncprov to not reference ops inside a lock (ITS#7172) + * Fixed slapd delta-syncrepl MMR with large attribute values (ITS#7354) + * Fixed slapd slapd_rw_destroy function (ITS#7390) + * Fixed slapd-ldap idassert bind handling (ITS#7403) + * Fixed slapo-constraint with multiple modifications (ITS#7168) + Changes in 2.4.32: + * Added slappasswd loadable module support (ITS#7284) + * Fixed tools to not clobber SASL_NOCANON (ITS#7271) + * Fixed libldap function declarations (ITS#7293) + * Fixed libldap double free (ITS#7270) + * Fixed libldap debug level setting (ITS#7290) + * Fixed libldap gettime() regression (ITS#6262) + * Fixed libldap sasl handling (ITS#7118, ITS#7133) + * Fixed libldap to correctly free socket with TLS (ITS#7241) + * Fixed slapd config index renumbering (ITS#6987) + * Fixed slapd duplicate error response (ITS#7076) + * Fixed slapd parsing of PermissiveModify control (ITS#7298) + * Fixed slapd-bdb/hdb cache hang under high load (ITS#7222) + * Fixed slapd-bdb/hdb alias checking (ITS#7303) + * Fixed slapd-bdb/hdb olcDbConfig changes work immediately (ITS#7338) + * Fixed slapd-ldap to encode user DN during password change (ITS#7319) + * Fixed slapd-ldap assertion when proxying to MS AD (ITS#6851) + * Fixed slapd-ldap monitoring (ITS#7182, ITS#7225) + * Fixed slapd-perl panic (ITS#7325) + * Fixed slapo-accesslog memory leaks with sync replication (ITS#7292) + * Fixed slapo-syncprov memory leaks with sync replication (ITS#7292) + +------------------------------------------------------------------- +Fri Oct 26 08:44:23 UTC 2012 - [email protected] + +- add explicit buildrequire on groff - needed to build manuals + +------------------------------------------------------------------- +Tue Oct 16 07:38:01 UTC 2012 - [email protected] + +- buildrequire krb5-mini in openldap2-client to avoid cycle +- move Summary out of the %if as prepare_spec is confused about + the license otherwise + +------------------------------------------------------------------- +Thu May 10 09:22:52 UTC 2012 - [email protected] + +- update to 2.4.31 + * Added slapo-accesslog support for reqEntryUUID (ITS#6656) + * Fixed libldap IPv6 URL detection (ITS#7194) + * Fixed libldap rebinding on failed connection (ITS#7207) + * Fixed slapd listener initialization (ITS#7233) + * Fixed slapd cn=config with olcTLSVerifyClient (ITS#7197) + * Fixed slapd delta-syncrepl fallback on non-leaf error (ITS#7195) + * Fixed slapd to reject MMR setups with bad serverID setting + (ITS#7200) + * Fixed slapd approxIndexer key generation (ITS#7203) + * Fixed slapd modification of olcSuffix (ITS#7205) + * Fixed slapd schema validation with missing definitions + (ITS#7224) + * Fixed slapd syncrepl -c with supplied CSN values (ITS#7245) + * Fixed slapd-bdb/hdb idlcache with only one element (ITS#7231) + * Fixed slapo-accesslog deadlock with non-logged write ops + (ITS#7088) + * Fixed slapo-syncprov sessionlog check (ITS#7218) + * Fixed slapo-syncprov entry leak (ITS#7234) + * Fixed slapo-syncprov startup initialization (ITS#7235) + +------------------------------------------------------------------- +Mon Apr 23 07:08:13 UTC 2012 - [email protected] + +- Disabled testsuite for now. Causes problems in the buildserivce + +------------------------------------------------------------------- +Tue Mar 6 12:23:35 UTC 2012 - [email protected] + +- Update to 2.4.30 + * Fixed libldap socket polling for writes (ITS#7167) + * Fixed liblutil string modifications (ITS#7174) + * Fixed slapd crash when attrsOnly is true (ITS#7143) + * Fixed slapd syncrepl delete handling (ITS#7052,ITS#7162) + * Fixed slapo-pcache time-to-refesh handling (ITS#7178) + * Fixed slapo-syncprov loop detection (ITS#6024) + +------------------------------------------------------------------- +Mon Feb 27 14:14:23 UTC 2012 - [email protected] + +- Update to 2.4.29 + * Fixed slapd cn=config modification of first schema element + (ITS#7098) + * Fixed slapd operation reuse (ITS#7107) + * Fixed slapd blocked writers to not interfere with pool pause + (ITS#7115) + * Fixed slapd connection loop connindex usage (ITS#7131) + * Fixed slapd double mutex unlock via connection_done (ITS#7125) + * Fixed slapd check order in connection_write (ITS#7113) + * Fixed slapd slapadd to exit on failure (ITS#7142) + * Fixed slapd syncrepl reference to freed memory + (ITS#7127,ITS#7132) + * Fixed slapd syncrepl to ignore some errors on delete + (ITS#7052) + * Fixed slapd syncrepl to handle missing oldRDN (ITS#7144) + * Fixed slapd-monitor compare op to update cached entry + (ITS#7123) + * Fixed slapo-syncprov with already abandoned operation + (ITS#7150) +- Included patches from RE24 branch: + * only poll sockets for write as needed (ITS#7167, bnc#749082) + * sycnrepl Fixes (ITS#7162) + +------------------------------------------------------------------- +Wed Dec 7 11:10:19 UTC 2011 - [email protected] + +- license update: OLDAP-2.8 + SPDX format (http://www.spdx.org/licenses) + +------------------------------------------------------------------- +Fri Dec 2 16:11:01 UTC 2011 - [email protected] + +- Update to 2.4.28 + * Fixed back-mdb out of order slapadd (ITS#7090) + changes in OpenLDAP 2.4.27 Release (2011/11/24): + * Added slapd delta-syncrepl MMR (ITS#6734,ITS#7029,ITS#7031) + * Fixed ldapmodify crash with LDIF controls (ITS#7039) + * Fixed ldapsearch to honor timeout and timelimit (ITS#7009) + * Fixed libldap endless looping (ITS#7035) + * Fixed libldap TLS to not check hostname when using 'allow' + (ITS#7014) + * Fixed slapadd common code into slapcommon (ITS#6737) + * Fixed slapd backend connection initialization (ITS#6993) + * Fixed slapd frontend DB parsing in cn=config (ITS#7016) + * Fixed slapd hang with {numbered} overlay insertion (ITS#7030) + * Fixed slapd inet_ntop usage (ITS#6925) + * Fixed slapd cn=config deletion of bitmasks (ITS#7083) + * Fixed slapd cn=config modify replace/delete crash (ITS#7065) + * Fixed slapd schema UTF8StringNormalize with 0 length values + (ITS#7059) + * Fixed slapd with dynamic acls for cn=config (ITS#7066) + * Fixed slapd response callbacks (ITS#6059,ITS#7062) + * Fixed slapd no_connection warnings with ldapi + (ITS#6548,ITS#7092) + * Fixed slapd return code processing (ITS#7060) + * Fixed slapd sl_malloc various issues (ITS#6437) + * Fixed slapd startup behavior (ITS#6848) + * Fixed slapd syncrepl crash with non-replicated ops (ITS#6892) + * Fixed slapd syncrepl with modrdn (ITS#7000,ITS#6472) + * Fixed slapd syncrepl timeout when using refreshAndPersist + (ITS#6999) + * Fixed slapd syncrepl deletes need a non-empty CSN (ITS#7052) + * Fixed slapd syncrepl glue for empty suffix (ITS#7037) + * Fixed slapd results cleanup (ITS#6763,ITS#7053) + * Fixed slapd validation of args for TLSCertificateFile + (ITS#7012) + * Fixed slapd-bdb/hdb to build entry DN based on parent DN + (ITS#5326) + * Fixed slapd-hdb with zero-length entries (ITS#7073) + * Fixed slapd-hdb duplicate entries in subtree IDL cache + (ITS#6983) + * Fixed slapo-pcache response cleanup (ITS#6981) + * Fixed slapo-ppolicy pwdAllowUserChange behavior (ITS#7021) + * Fixed slapo-sssvlv issue with greaterThanorEqual (ITS#6985) + * Fixed slapo-sssvlv to only return requested attrs (ITS#7061) + * Fixed slapo-syncprov DSA attribute filtering for Persist mode + (ITS#7019) + * Fixed slapo-syncprov when consumer has newer state of our SID + (ITS#7040) + * Fixed slapo-syncprov crash (ITS#7025) ++++ 1989 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:13.1:Update/.openldap2.3937.new/openldap2-client.changes New Changes file: --- /dev/null 2015-07-22 21:25:44.928025004 +0200 +++ /work/SRC/openSUSE:13.1:Update/.openldap2.3937.new/openldap2.changes 2015-07-31 09:10:15.000000000 +0200 @@ -0,0 +1,2196 @@ +------------------------------------------------------------------- +Thu Jul 23 08:15:56 UTC 2015 - [email protected] + +- Apply the following security fixes: + CVE-2015-1546: openldap2: slapd crash in valueReturnFilter cleanup (bnc#916914) + CVE-2015-1545: openldap2: slapd crashes on search with deref control and empty attr list (bnc#916897) + In addition, apply a functional bug fix: + Prevent connection-0 (internal connection) from show up in the monitor backend (bnc#905959) + + +------------------------------------------------------------------- +Mon Jun 17 14:37:45 UTC 2013 - [email protected] + +- For now, avoid automatic use of libdb-6_0 by explicitly selecting + libdb-4_8 as BuildRequire. + +------------------------------------------------------------------- +Mon Mar 25 16:08:21 UTC 2013 - [email protected] + +- Put static libs into openldap2-devel-static and relieve + openldap2-devel of static-only deps + +------------------------------------------------------------------- +Sat Nov 17 12:06:23 CET 2012 - [email protected] + +- fix check-build.sh for kernel > 3.0 + +------------------------------------------------------------------- +Fri Nov 16 09:52:42 UTC 2012 - [email protected] + +- Fixed initscript to avoid endless loop when no configuration + is present in /etc/openldap/slapd.d/ (bnc#767464) +- cleaned up SLES10 buildrequires and dependencies +- removed support for building on SLES9, didn't work anyway anymore +- Don't buildrequire krb5-mini on Distributions where it does not + exist + +------------------------------------------------------------------- +Fri Oct 26 12:38:46 UTC 2012 - [email protected] + +- enabled mdb backend +- Update to 2.4.33 + * Added slapd-meta cn=config support + * Fixed slapd alock handling on Windows (ITS#7361) + * Fixed slapd acl handling with zero-length values (ITS#7350) + * Fixed slapd syncprov to not reference ops inside a lock (ITS#7172) + * Fixed slapd delta-syncrepl MMR with large attribute values (ITS#7354) + * Fixed slapd slapd_rw_destroy function (ITS#7390) + * Fixed slapd-ldap idassert bind handling (ITS#7403) + * Fixed slapo-constraint with multiple modifications (ITS#7168) + Changes in 2.4.32: + * Added slappasswd loadable module support (ITS#7284) + * Fixed tools to not clobber SASL_NOCANON (ITS#7271) + * Fixed libldap function declarations (ITS#7293) + * Fixed libldap double free (ITS#7270) + * Fixed libldap debug level setting (ITS#7290) + * Fixed libldap gettime() regression (ITS#6262) + * Fixed libldap sasl handling (ITS#7118, ITS#7133) + * Fixed libldap to correctly free socket with TLS (ITS#7241) + * Fixed slapd config index renumbering (ITS#6987) + * Fixed slapd duplicate error response (ITS#7076) + * Fixed slapd parsing of PermissiveModify control (ITS#7298) + * Fixed slapd-bdb/hdb cache hang under high load (ITS#7222) + * Fixed slapd-bdb/hdb alias checking (ITS#7303) + * Fixed slapd-bdb/hdb olcDbConfig changes work immediately (ITS#7338) + * Fixed slapd-ldap to encode user DN during password change (ITS#7319) + * Fixed slapd-ldap assertion when proxying to MS AD (ITS#6851) + * Fixed slapd-ldap monitoring (ITS#7182, ITS#7225) + * Fixed slapd-perl panic (ITS#7325) + * Fixed slapo-accesslog memory leaks with sync replication (ITS#7292) + * Fixed slapo-syncprov memory leaks with sync replication (ITS#7292) + +------------------------------------------------------------------- +Fri Oct 26 08:44:23 UTC 2012 - [email protected] + +- add explicit buildrequire on groff - needed to build manuals + +------------------------------------------------------------------- +Tue Oct 16 07:38:01 UTC 2012 - [email protected] + +- buildrequire krb5-mini in openldap2-client to avoid cycle +- move Summary out of the %if as prepare_spec is confused about + the license otherwise + +------------------------------------------------------------------- +Thu May 10 09:22:52 UTC 2012 - [email protected] + +- update to 2.4.31 + * Added slapo-accesslog support for reqEntryUUID (ITS#6656) + * Fixed libldap IPv6 URL detection (ITS#7194) + * Fixed libldap rebinding on failed connection (ITS#7207) + * Fixed slapd listener initialization (ITS#7233) + * Fixed slapd cn=config with olcTLSVerifyClient (ITS#7197) + * Fixed slapd delta-syncrepl fallback on non-leaf error (ITS#7195) + * Fixed slapd to reject MMR setups with bad serverID setting + (ITS#7200) + * Fixed slapd approxIndexer key generation (ITS#7203) + * Fixed slapd modification of olcSuffix (ITS#7205) + * Fixed slapd schema validation with missing definitions + (ITS#7224) + * Fixed slapd syncrepl -c with supplied CSN values (ITS#7245) + * Fixed slapd-bdb/hdb idlcache with only one element (ITS#7231) + * Fixed slapo-accesslog deadlock with non-logged write ops + (ITS#7088) + * Fixed slapo-syncprov sessionlog check (ITS#7218) + * Fixed slapo-syncprov entry leak (ITS#7234) + * Fixed slapo-syncprov startup initialization (ITS#7235) + +------------------------------------------------------------------- +Mon Apr 23 07:08:13 UTC 2012 - [email protected] + +- Disabled testsuite for now. Causes problems in the buildserivce + +------------------------------------------------------------------- +Tue Mar 6 12:23:35 UTC 2012 - [email protected] + +- Update to 2.4.30 + * Fixed libldap socket polling for writes (ITS#7167) + * Fixed liblutil string modifications (ITS#7174) + * Fixed slapd crash when attrsOnly is true (ITS#7143) + * Fixed slapd syncrepl delete handling (ITS#7052,ITS#7162) + * Fixed slapo-pcache time-to-refesh handling (ITS#7178) + * Fixed slapo-syncprov loop detection (ITS#6024) + +------------------------------------------------------------------- +Mon Feb 27 14:14:23 UTC 2012 - [email protected] + +- Update to 2.4.29 + * Fixed slapd cn=config modification of first schema element + (ITS#7098) + * Fixed slapd operation reuse (ITS#7107) + * Fixed slapd blocked writers to not interfere with pool pause + (ITS#7115) + * Fixed slapd connection loop connindex usage (ITS#7131) + * Fixed slapd double mutex unlock via connection_done (ITS#7125) + * Fixed slapd check order in connection_write (ITS#7113) + * Fixed slapd slapadd to exit on failure (ITS#7142) + * Fixed slapd syncrepl reference to freed memory + (ITS#7127,ITS#7132) + * Fixed slapd syncrepl to ignore some errors on delete + (ITS#7052) + * Fixed slapd syncrepl to handle missing oldRDN (ITS#7144) + * Fixed slapd-monitor compare op to update cached entry + (ITS#7123) + * Fixed slapo-syncprov with already abandoned operation + (ITS#7150) +- Included patches from RE24 branch: + * only poll sockets for write as needed (ITS#7167, bnc#749082) + * sycnrepl Fixes (ITS#7162) + +------------------------------------------------------------------- +Wed Dec 7 11:10:19 UTC 2011 - [email protected] + +- license update: OLDAP-2.8 + SPDX format (http://www.spdx.org/licenses) + +------------------------------------------------------------------- +Fri Dec 2 16:11:01 UTC 2011 - [email protected] + +- Update to 2.4.28 + * Fixed back-mdb out of order slapadd (ITS#7090) + changes in OpenLDAP 2.4.27 Release (2011/11/24): + * Added slapd delta-syncrepl MMR (ITS#6734,ITS#7029,ITS#7031) + * Fixed ldapmodify crash with LDIF controls (ITS#7039) + * Fixed ldapsearch to honor timeout and timelimit (ITS#7009) + * Fixed libldap endless looping (ITS#7035) + * Fixed libldap TLS to not check hostname when using 'allow' + (ITS#7014) + * Fixed slapadd common code into slapcommon (ITS#6737) + * Fixed slapd backend connection initialization (ITS#6993) + * Fixed slapd frontend DB parsing in cn=config (ITS#7016) + * Fixed slapd hang with {numbered} overlay insertion (ITS#7030) + * Fixed slapd inet_ntop usage (ITS#6925) + * Fixed slapd cn=config deletion of bitmasks (ITS#7083) + * Fixed slapd cn=config modify replace/delete crash (ITS#7065) + * Fixed slapd schema UTF8StringNormalize with 0 length values + (ITS#7059) + * Fixed slapd with dynamic acls for cn=config (ITS#7066) + * Fixed slapd response callbacks (ITS#6059,ITS#7062) + * Fixed slapd no_connection warnings with ldapi + (ITS#6548,ITS#7092) + * Fixed slapd return code processing (ITS#7060) + * Fixed slapd sl_malloc various issues (ITS#6437) + * Fixed slapd startup behavior (ITS#6848) + * Fixed slapd syncrepl crash with non-replicated ops (ITS#6892) + * Fixed slapd syncrepl with modrdn (ITS#7000,ITS#6472) + * Fixed slapd syncrepl timeout when using refreshAndPersist + (ITS#6999) + * Fixed slapd syncrepl deletes need a non-empty CSN (ITS#7052) + * Fixed slapd syncrepl glue for empty suffix (ITS#7037) + * Fixed slapd results cleanup (ITS#6763,ITS#7053) + * Fixed slapd validation of args for TLSCertificateFile + (ITS#7012) + * Fixed slapd-bdb/hdb to build entry DN based on parent DN + (ITS#5326) + * Fixed slapd-hdb with zero-length entries (ITS#7073) + * Fixed slapd-hdb duplicate entries in subtree IDL cache ++++ 1999 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:13.1:Update/.openldap2.3937.new/openldap2.changes New: ---- 0001-build-adjustments.dif 0002-slapd.conf.dif 0003-LDAPI-socket-location.dif 0004-libldap-use-gethostbyname_r.dif 0005-pie-compile.dif 0006-No-Build-date-and-time-in-binaries.dif 0007-Recover-on-DB-version-change.dif 0008-ITS-7723-fix-reference-counting.patch 0009-In-monitor-backend-do-not-return-Connection0-entries.patch 0010-ITS-ITS-8027-require-non-empty-AttributeList.patch 0011-ITS-8046-fix-vrFilter_free.patch DB_CONFIG README.dynamic-overlays README.update addonschema.tar.gz baselibs.conf check-build.sh openldap-2.3.37.dif openldap-2.3.37.tgz openldap-2.4.33.tgz openldap-rc.tgz openldap2-client.changes openldap2-client.spec openldap2.changes openldap2.spec pre_checkin.sh sasl-slapd.conf schema2ldif ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openldap2-client.spec ++++++ # # spec file for package openldap2-client # # Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %define run_test_suite 0 Name: openldap2-client Summary: The OpenLDAP commandline client tools License: OLDAP-2.8 Group: Productivity/Networking/LDAP/Clients BuildRequires: cyrus-sasl-devel BuildRequires: groff BuildRequires: libopenssl-devel BuildRequires: libtool %if %sles_version == 10 BuildRequires: -libopenssl-devel BuildRequires: -pwdutils BuildRequires: openssl-devel %endif Version: 2.4.33 Release: 0 Url: http://www.openldap.org %if "%{name}" == "openldap2" BuildRequires: libdb-4_8-devel BuildRequires: openslp-devel BuildRequires: tcpd-devel BuildRequires: unixODBC-devel %if %sles_version == 10 BuildRequires: -libdb-4_8-devel BuildRequires: libdb-4_5-devel %endif Conflicts: openldap Requires: libldap-2_4-2 = %{version} PreReq: %insserv_prereq %fillup_prereq /usr/sbin/useradd /usr/sbin/groupadd /usr/bin/grep %else %if 0%{?suse_version} >= 1140 # avoid cycle with krb5 BuildRequires: krb5-mini %endif Conflicts: openldap-client Requires: libldap-2_4-2 = %{version} %endif Source: openldap-%{version}.tgz Source1: openldap-rc.tgz Source2: addonschema.tar.gz Source3: DB_CONFIG Source4: sasl-slapd.conf Source5: README.update Source6: README.dynamic-overlays Source7: schema2ldif Source100: openldap-2.3.37.tgz Patch1: 0001-build-adjustments.dif Patch2: 0002-slapd.conf.dif Patch3: 0003-LDAPI-socket-location.dif Patch4: 0004-libldap-use-gethostbyname_r.dif Patch5: 0005-pie-compile.dif Patch6: 0006-No-Build-date-and-time-in-binaries.dif Patch7: 0007-Recover-on-DB-version-change.dif Patch100: openldap-2.3.37.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build %if "%{name}" == "openldap2" %description The Lightweight Directory Access Protocol (LDAP) is used to access online directory services. It runs directly over TCP and can be used to access a stand-alone LDAP directory service or to access a directory service that has an X.500 back-end. %package -n openldap2-back-perl Summary: OpenLDAP Perl Back-End Group: Productivity/Networking/LDAP/Servers Requires: openldap2 = %{version} Requires: perl = %{perl_version} %description -n openldap2-back-perl The OpenLDAP Perl back-end allows you to execute Perl code specific to different LDAP operations. %package -n openldap2-back-meta Summary: OpenLDAP Meta Back-End Group: Productivity/Networking/LDAP/Servers Requires: openldap2 = %{version} Provides: openldap2:/usr/share/man/man5/slapd-meta.5.gz %description -n openldap2-back-meta The OpenLDAP Meta back-end is able to perform basic LDAP proxying with respect to a set of remote LDAP servers. The information contained in these servers can be presented as belonging to a single Directory Information Tree (DIT). %package -n openldap2-back-sql Summary: OpenLDAP SQL Back-End Group: Productivity/Networking/LDAP/Servers Requires: openldap2 = %{version} %description -n openldap2-back-sql The primary purpose of this OpenLDAP backend is to present information stored in a Relational (SQL) Database as an LDAP subtree without the need to do any programming. %package -n openldap2-doc Summary: OpenLDAP Documentation Group: Documentation/Other Provides: openldap2:/usr/share/doc/packages/openldap2/drafts/README %if 0%{?suse_version} > 1110 BuildArch: noarch %endif %description -n openldap2-doc The OpenLDAP Admin Guide plus a set of OpenLDAP related IETF internet drafts %else %description This package contains the OpenLDAP client utilities. %package -n openldap2-devel Summary: Libraries, Header Files and Documentation for OpenLDAP Group: Development/Libraries/C and C++ # bug437293 %ifarch ppc64 Obsoletes: openldap2-devel-64bit %endif # Conflicts: openldap-devel Requires: libldap-2_4-2 = %{version} %description -n openldap2-devel This package provides the OpenLDAP libraries, header files, and documentation. %package -n openldap2-devel-static Summary: Static libraries for the OpenLDAP libraries Group: Development/Libraries/C and C++ Requires: openldap2-devel = %version %if %sles_version == 10 Requires: openssl-devel %else Requires: libopenssl-devel %endif Requires: cyrus-sasl-devel %description -n openldap2-devel-static This package provides the static versions of the OpenLDAP libraries for development. %package -n libldap-2_4-2 Summary: OpenLDAP Client Libraries Group: Productivity/Networking/LDAP/Clients %description -n libldap-2_4-2 This package contains the OpenLDAP client libraries. %endif %prep %setup -q -n openldap-%{version} -a1 -a2 -b100 %patch1 -p1 %patch2 -p1 %patch3 -p1 %patch4 -p1 %patch5 -p1 %patch6 -p1 %patch7 -p1 cp %{SOURCE5} . cp %{SOURCE6} . cd ../openldap-2.3.37 %patch100 %build %{?suse_update_config:%{suse_update_config -f build}} libtoolize --force autoreconf export CFLAGS="$RPM_OPT_FLAGS -Wno-format-extra-args -fno-strict-aliasing -DLDAP_DEPRECATED -DLDAP_CONNECTIONLESS -DSLAP_CONFIG_DELETE" export STRIP="" %configure \ --localstatedir=/var/run/slapd \ --libexecdir=/usr/lib/openldap \ --enable-wrappers \ --enable-spasswd \ --enable-modules \ --enable-shared \ --enable-dynamic \ --with-tls \ --with-cyrus-sasl \ --enable-crypt \ --enable-ipv6=yes \ %if "%{name}" == "openldap2" --enable-aci \ --enable-bdb \ --enable-hdb \ --enable-rewrite \ --enable-ldap=yes \ --enable-meta=mod \ --enable-monitor=yes \ --enable-perl=mod \ --enable-sql=mod \ --enable-mdb=yes \ --enable-slp \ --enable-overlays=mod \ --enable-syncprov=yes \ --enable-ppolicy=yes \ %else --disable-slapd \ %endif --enable-lmpasswd \ --with-yielding-select make depend make %{?jobs:-j%jobs} %if "%{name}" == "openldap2" %if %suse_version < 1130 # build a static slapcat binary from the OpenLDAP 2.3 release # to be able to update existing databases cd ../openldap-2.3.37 %{?suse_update_config:%{suse_update_config -f build}} libtoolize --force #aclocal -I build autoreconf export CFLAGS="$RPM_OPT_FLAGS -Wno-format-extra-args -fno-strict-aliasing -DLDAP_DEPRECATED" ./configure --prefix=/usr --exec-prefix=/usr --sysconfdir=/etc \ --localstatedir=/var/run/slapd --libexecdir=/usr/lib/openldap \ --libdir=%{_libdir} --mandir=%{_mandir} --enable-aci \ --enable-hdb --enable-bdb --enable-ldbm --enable-crypt \ --enable-ipv6=no \ --enable-ldap --enable-monitor --enable-meta --enable-rewrite \ --enable-dynamic=no --enable-shared=no make depend make %{?jobs:-j%jobs} %endif %endif %check %if %run_test_suite # calculate the base port to be use in the test-suite SLAPD_BASEPORT=10000 if [ -f /.buildenv ] ; then . /.buildenv SLAPD_BASEPORT=$(($SLAPD_BASEPORT + ${BUILD_INCARNATION:-0} * 10)) fi export SLAPD_BASEPORT %ifnarch %arm alpha rm -f tests/scripts/test019-syncreplication-cascade rm -f tests/scripts/test022-ppolicy rm -f tests/scripts/test023-refint rm -f tests/scripts/test033-glue-syncrepl #rm -f tests/scripts/test036-meta-concurrency #rm -f tests/scripts/test039-glue-ldap-concurrency rm -f tests/scripts/test043-delta-syncrepl #rm -f tests/scripts/test045-syncreplication-proxied rm -f tests/scripts/test048-syncrepl-multiproxy rm -f tests/scripts/test050-syncrepl-multimaster rm -f tests/scripts/test058-syncrepl-asymmetric make SLAPD_DEBUG=0 test %endif %endif %install mkdir -p $RPM_BUILD_ROOT/etc/init.d mkdir -p $RPM_BUILD_ROOT/usr/sbin make STRIP="" DESTDIR=$RPM_BUILD_ROOT install install -m 755 rc.ldap $RPM_BUILD_ROOT/etc/init.d/ldap ln -sf ../../etc/init.d/ldap $RPM_BUILD_ROOT/usr/sbin/rcldap mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/slapd.d mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sasl2 install -m 644 %{SOURCE4} $RPM_BUILD_ROOT/%{_sysconfdir}/sasl2/slapd.conf install -m 755 -d $RPM_BUILD_ROOT/var/lib/ldap chmod a+x $RPM_BUILD_ROOT/%{_libdir}/liblber.so* chmod a+x $RPM_BUILD_ROOT/%{_libdir}/libldap_r.so* chmod a+x $RPM_BUILD_ROOT/%{_libdir}/libldap.so* install -m 755 %{SOURCE7} $RPM_BUILD_ROOT/usr/sbin/schema2ldif %if "%{name}" == "openldap2" %define DOCDIR %{_defaultdocdir}/%{name} mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates install -m 644 sysconfig.openldap $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.openldap install -m 644 *.schema $RPM_BUILD_ROOT/etc/openldap/schema install -m 644 %{SOURCE3} $RPM_BUILD_ROOT/var/lib/ldap/DB_CONFIG install -m 644 $RPM_BUILD_ROOT/etc/openldap/DB_CONFIG.example $RPM_BUILD_ROOT/var/lib/ldap/DB_CONFIG.example install -d $RPM_BUILD_ROOT/etc/sysconfig/SuSEfirewall2.d/services/ install -m 644 SuSEfirewall2.openldap $RPM_BUILD_ROOT/etc/sysconfig/SuSEfirewall2.d/services/openldap rm -f `find doc/guide ! -name *.html -a ! -name *.gif -a ! -name *.png -a ! -type d` rm -rf doc/guide/release install -d $RPM_BUILD_ROOT/%{DOCDIR}/adminguide \ $RPM_BUILD_ROOT/%{DOCDIR}/images \ $RPM_BUILD_ROOT/%{DOCDIR}/drafts install -m 644 doc/guide/admin/* $RPM_BUILD_ROOT/%{DOCDIR}/adminguide install -m 644 doc/guide/images/*.gif $RPM_BUILD_ROOT/%{DOCDIR}/images install -m 644 doc/drafts/* $RPM_BUILD_ROOT/%{DOCDIR}/drafts install -m 644 ANNOUNCEMENT \ COPYRIGHT \ LICENSE \ README \ CHANGES \ %{SOURCE5} \ %{SOURCE6} \ $RPM_BUILD_ROOT/%{DOCDIR} install -m 644 servers/slapd/slapd.ldif \ $RPM_BUILD_ROOT/%{DOCDIR}/slapd.ldif.default rm -f $RPM_BUILD_ROOT/etc/openldap/DB_CONFIG.example rm -f $RPM_BUILD_ROOT/etc/openldap/schema/README rm -f $RPM_BUILD_ROOT/etc/openldap/slapd.ldif* rm -f $RPM_BUILD_ROOT/var/run/slapd/openldap-data/DB_CONFIG.example mv servers/slapd/back-sql/rdbms_depend servers/slapd/back-sql/examples %if %suse_version < 1130 # install 2.3 slapcat install -m 755 ../openldap-2.3.37/servers/slapd/slapcat $RPM_BUILD_ROOT/usr/sbin/openldap-2.3-slapcat %endif %endif rm -f $RPM_BUILD_ROOT/usr/lib/openldap/modules/*.a rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-dnssrv.5 rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-ndb.5 rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-null.5 rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-passwd.5 rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-shell.5 rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-sock.5 rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-tcl.5 # Remove *.la files, libtool does not handle this correct rm -f $RPM_BUILD_ROOT%{_libdir}/lib*.la #put filelists into files cat >openldap2.filelist <<EOF /var/adm/fillup-templates/sysconfig.openldap %config /etc/init.d/ldap %config /etc/sysconfig/SuSEfirewall2.d/services/openldap /usr/sbin/rcldap /usr/sbin/slap* %dir /etc/openldap %dir %attr(0770, ldap, ldap) /etc/openldap/slapd.d %dir /etc/openldap/schema %config /etc/openldap/schema/*.schema %config /etc/openldap/schema/*.ldif %config(noreplace) %attr(640, root, ldap) /etc/openldap/slapd.conf %config(noreplace) %attr(640, ldap, ldap) /var/lib/ldap/DB_CONFIG %config /var/lib/ldap/DB_CONFIG.example %attr(640, root, ldap) /%{_sysconfdir}/openldap/slapd.conf.default %config(noreplace) /etc/sasl2/slapd.conf %dir /usr/lib/openldap %dir /usr/lib/openldap/modules /usr/lib/openldap/modules/accesslog* /usr/lib/openldap/modules/auditlog* /usr/lib/openldap/modules/collect* /usr/lib/openldap/modules/constraint* /usr/lib/openldap/modules/dds* /usr/lib/openldap/modules/deref* /usr/lib/openldap/modules/dyngroup* /usr/lib/openldap/modules/dynlist* /usr/lib/openldap/modules/memberof* /usr/lib/openldap/modules/pcache* /usr/lib/openldap/modules/refint* /usr/lib/openldap/modules/retcode* /usr/lib/openldap/modules/rwm* /usr/lib/openldap/modules/seqmod* /usr/lib/openldap/modules/sssvlv* /usr/lib/openldap/modules/translucent* /usr/lib/openldap/modules/unique* /usr/lib/openldap/modules/valsort* /usr/lib/openldap/slapd %dir %attr(0700, ldap, ldap) /var/lib/ldap %dir %attr(0755, ldap, ldap) %ghost /var/run/slapd %doc %{_mandir}/man8/sl* %doc %{_mandir}/man5/slapd.* %doc %{_mandir}/man5/slapd-bdb.* %doc %{_mandir}/man5/slapd-config.* %doc %{_mandir}/man5/slapd-hdb.* %doc %{_mandir}/man5/slapd-ldbm.* %doc %{_mandir}/man5/slapd-ldap.* %doc %{_mandir}/man5/slapd-ldif.* %doc %{_mandir}/man5/slapd-mdb.* %doc %{_mandir}/man5/slapd-monitor.* %doc %{_mandir}/man5/slapd-relay.* %doc %{_mandir}/man5/slapo-* %dir %{DOCDIR} %doc %{DOCDIR}/ANNOUNCEMENT %doc %{DOCDIR}/COPYRIGHT %doc %{DOCDIR}/LICENSE %doc %{DOCDIR}/README* %doc %{DOCDIR}/CHANGES %doc %{DOCDIR}/slapd.ldif.default EOF %if %suse_version < 1130 cat >>openldap2.filelist <<EOF /usr/sbin/openldap-2.3-slapcat EOF %endif # cat > openldap2-client.filelist <<EOF %dir /etc/openldap %config(noreplace) /etc/openldap/ldap.conf /etc/openldap/ldap.conf.default /usr/bin/ldapadd /usr/bin/ldapcompare /usr/bin/ldapdelete /usr/bin/ldapexop /usr/bin/ldapmodify /usr/bin/ldapmodrdn /usr/bin/ldapsearch /usr/bin/ldappasswd /usr/bin/ldapurl /usr/bin/ldapwhoami /usr/sbin/schema2ldif %doc %{_mandir}/man1/ldap* %doc %{_mandir}/man5/ldap.conf* %doc %{_mandir}/man5/ldif.* EOF cat > libldap.filelist <<EOF %{_libdir}/liblber*.so.* %{_libdir}/libldap*.so.* EOF cat > openldap2-devel.filelist <<EOF /usr/include/*.h %{_libdir}/liblber.so %{_libdir}/libldap*.so %doc %{_mandir}/man3/ber* %doc %{_mandir}/man3/lber* %doc %{_mandir}/man3/ld_errno* %doc %{_mandir}/man3/ldap* EOF cat > openldap2-devel-static.filelist <<-EOF %_libdir/liblber.a %_libdir/libldap*.a EOF cat > openldap2-back-perl.filelist <<EOF /usr/lib/openldap/modules/back_perl* %doc %{_mandir}/man5/slapd-perl.* EOF cat > openldap2-back-meta.filelist <<EOF /usr/lib/openldap/modules/back_meta* %doc %{_mandir}/man5/slapd-meta.* EOF cat > openldap2-back-sql.filelist <<EOF /usr/lib/openldap/modules/back_sql* %doc %{_mandir}/man5/slapd-sql.* %doc servers/slapd/back-sql/examples %doc servers/slapd/back-sql/docs/bugs %doc servers/slapd/back-sql/docs/install EOF cat >openldap2-doc.filelist <<EOF %dir %{DOCDIR} %doc %{DOCDIR}/drafts %doc %{DOCDIR}/adminguide %doc %{DOCDIR}/images EOF #remove files from other spec file %if "%{name}" == "openldap2" cat openldap2-client.filelist libldap.filelist openldap2-devel.filelist \ openldap2-devel-static.filelist | %else cat openldap2.filelist openldap2-back-perl.filelist \ openldap2-back-meta.filelist openldap2-back-sql.filelist \ openldap2-doc.filelist | %endif grep -v "%dir " |sed -e "s|^.* ||" |grep "^/" |while read name ; do rm -rf $RPM_BUILD_ROOT$name done %if "%{name}" == "openldap2" %pre /usr/sbin/groupadd -g 70 -o -r ldap 2> /dev/null || : /usr/sbin/useradd -r -o -g ldap -u 76 -s /bin/bash -c "User for OpenLDAP" -d \ /var/lib/ldap ldap 2> /dev/null || : # try to figure out if a db update is needed if [ ${1:-0} -gt 1 ] && [ -f /usr/lib/openldap/slapd ] && /usr/bin/strings /usr/lib/openldap/slapd | \ grep "slapd 2.3" 2>&1 > /dev/null; then # create a backup of the schema shipped with 2.3 # at least core.schema changed between 2.3 and 2.4 TEMPDIR=`mktemp -d /etc/openldap/schema.backup.XXXXXX` echo "Schema backup created in $TEMPDIR" cp -p --remove-destination /etc/openldap/schema/* $TEMPDIR echo $TEMPDIR > /etc/openldap/UPDATE_NEEDED ; fi %post if [ ${1:-0} -gt 1 ] && [ -f %{_libdir}/sasl2/slapd.conf ] ; then cp /etc/sasl2/slapd.conf /etc/sasl2/slapd.conf.rpmnew cp %{_libdir}/sasl2/slapd.conf /etc/sasl2/slapd.conf fi %{fillup_and_insserv -n openldap ldap} %{remove_and_set -n openldap OPENLDAP_RUN_DB_RECOVER} %preun %stop_on_removal ldap %postun %restart_on_update ldap %insserv_cleanup %files -f openldap2.filelist %defattr(-,root,root) %files -n openldap2-back-perl -f openldap2-back-perl.filelist %defattr(-,root,root) %files -n openldap2-back-meta -f openldap2-back-meta.filelist %defattr(-,root,root) %files -n openldap2-back-sql -f openldap2-back-sql.filelist %defattr(-,root,root) %files -n openldap2-doc -f openldap2-doc.filelist %defattr(-,root,root) %else %post -n libldap-2_4-2 -p /sbin/ldconfig %postun -n libldap-2_4-2 -p /sbin/ldconfig %files -f openldap2-client.filelist %defattr(-,root,root) %files -n libldap-2_4-2 -f libldap.filelist %defattr(-,root,root) %files -n openldap2-devel -f openldap2-devel.filelist %defattr(-,root,root) %files -n openldap2-devel-static -f openldap2-devel-static.filelist %defattr(-,root,root) %endif %changelog ++++++ openldap2.spec ++++++ # # spec file for package openldap2 # # Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %define run_test_suite 0 Name: openldap2 Summary: The OpenLDAP Server License: OLDAP-2.8 Group: Productivity/Networking/LDAP/Clients BuildRequires: cyrus-sasl-devel BuildRequires: groff BuildRequires: libopenssl-devel BuildRequires: libtool %if %sles_version == 10 BuildRequires: -libopenssl-devel BuildRequires: -pwdutils BuildRequires: openssl-devel %endif Version: 2.4.33 Release: 0 Url: http://www.openldap.org %if "%{name}" == "openldap2" BuildRequires: libdb-4_8-devel BuildRequires: openslp-devel BuildRequires: tcpd-devel BuildRequires: unixODBC-devel %if %sles_version == 10 BuildRequires: -libdb-4_8-devel BuildRequires: libdb-4_5-devel %endif Conflicts: openldap Requires: libldap-2_4-2 = %{version} PreReq: %insserv_prereq %fillup_prereq /usr/sbin/useradd /usr/sbin/groupadd /usr/bin/grep %else %if 0%{?suse_version} >= 1140 # avoid cycle with krb5 BuildRequires: krb5-mini %endif Conflicts: openldap-client Requires: libldap-2_4-2 = %{version} %endif Source: openldap-%{version}.tgz Source1: openldap-rc.tgz Source2: addonschema.tar.gz Source3: DB_CONFIG Source4: sasl-slapd.conf Source5: README.update Source6: README.dynamic-overlays Source7: schema2ldif Patch8: 0008-ITS-7723-fix-reference-counting.patch Patch9: 0009-In-monitor-backend-do-not-return-Connection0-entries.patch Patch10: 0010-ITS-ITS-8027-require-non-empty-AttributeList.patch Patch11: 0011-ITS-8046-fix-vrFilter_free.patch Source100: openldap-2.3.37.tgz Patch1: 0001-build-adjustments.dif Patch2: 0002-slapd.conf.dif Patch3: 0003-LDAPI-socket-location.dif Patch4: 0004-libldap-use-gethostbyname_r.dif Patch5: 0005-pie-compile.dif Patch6: 0006-No-Build-date-and-time-in-binaries.dif Patch7: 0007-Recover-on-DB-version-change.dif Patch100: openldap-2.3.37.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build %if "%{name}" == "openldap2" %description The Lightweight Directory Access Protocol (LDAP) is used to access online directory services. It runs directly over TCP and can be used to access a stand-alone LDAP directory service or to access a directory service that has an X.500 back-end. %package -n openldap2-back-perl Summary: OpenLDAP Perl Back-End Group: Productivity/Networking/LDAP/Servers Requires: openldap2 = %{version} Requires: perl = %{perl_version} %description -n openldap2-back-perl The OpenLDAP Perl back-end allows you to execute Perl code specific to different LDAP operations. %package -n openldap2-back-meta Summary: OpenLDAP Meta Back-End Group: Productivity/Networking/LDAP/Servers Requires: openldap2 = %{version} Provides: openldap2:/usr/share/man/man5/slapd-meta.5.gz %description -n openldap2-back-meta The OpenLDAP Meta back-end is able to perform basic LDAP proxying with respect to a set of remote LDAP servers. The information contained in these servers can be presented as belonging to a single Directory Information Tree (DIT). %package -n openldap2-back-sql Summary: OpenLDAP SQL Back-End Group: Productivity/Networking/LDAP/Servers Requires: openldap2 = %{version} %description -n openldap2-back-sql The primary purpose of this OpenLDAP backend is to present information stored in a Relational (SQL) Database as an LDAP subtree without the need to do any programming. %package -n openldap2-doc Summary: OpenLDAP Documentation Group: Documentation/Other Provides: openldap2:/usr/share/doc/packages/openldap2/drafts/README %if 0%{?suse_version} > 1110 BuildArch: noarch %endif %description -n openldap2-doc The OpenLDAP Admin Guide plus a set of OpenLDAP related IETF internet drafts %else %description This package contains the OpenLDAP client utilities. %package -n openldap2-devel Summary: Libraries, Header Files and Documentation for OpenLDAP Group: Development/Libraries/C and C++ # bug437293 %ifarch ppc64 Obsoletes: openldap2-devel-64bit %endif # Conflicts: openldap-devel Requires: libldap-2_4-2 = %{version} %description -n openldap2-devel This package provides the OpenLDAP libraries, header files, and documentation. %package -n openldap2-devel-static Summary: Static libraries for the OpenLDAP libraries Group: Development/Libraries/C and C++ Requires: openldap2-devel = %version %if %sles_version == 10 Requires: openssl-devel %else Requires: libopenssl-devel %endif Requires: cyrus-sasl-devel %description -n openldap2-devel-static This package provides the static versions of the OpenLDAP libraries for development. %package -n libldap-2_4-2 Summary: OpenLDAP Client Libraries Group: Productivity/Networking/LDAP/Clients %description -n libldap-2_4-2 This package contains the OpenLDAP client libraries. %endif %prep %setup -q -n openldap-%{version} -a1 -a2 -b100 %patch1 -p1 %patch2 -p1 %patch3 -p1 %patch4 -p1 %patch5 -p1 %patch6 -p1 %patch7 -p1 %patch8 -p1 %patch9 -p1 %patch10 -p1 %patch11 -p1 cp %{SOURCE5} . cp %{SOURCE6} . cd ../openldap-2.3.37 %patch100 %build %{?suse_update_config:%{suse_update_config -f build}} libtoolize --force autoreconf export CFLAGS="$RPM_OPT_FLAGS -Wno-format-extra-args -fno-strict-aliasing -DLDAP_DEPRECATED -DLDAP_CONNECTIONLESS -DSLAP_CONFIG_DELETE" export STRIP="" %configure \ --localstatedir=/var/run/slapd \ --libexecdir=/usr/lib/openldap \ --enable-wrappers \ --enable-spasswd \ --enable-modules \ --enable-shared \ --enable-dynamic \ --with-tls \ --with-cyrus-sasl \ --enable-crypt \ --enable-ipv6=yes \ %if "%{name}" == "openldap2" --enable-aci \ --enable-bdb \ --enable-hdb \ --enable-rewrite \ --enable-ldap=yes \ --enable-meta=mod \ --enable-monitor=yes \ --enable-perl=mod \ --enable-sql=mod \ --enable-mdb=yes \ --enable-slp \ --enable-overlays=mod \ --enable-syncprov=yes \ --enable-ppolicy=yes \ %else --disable-slapd \ %endif --enable-lmpasswd \ --with-yielding-select make depend make %{?jobs:-j%jobs} %if "%{name}" == "openldap2" %if %suse_version < 1130 # build a static slapcat binary from the OpenLDAP 2.3 release # to be able to update existing databases cd ../openldap-2.3.37 %{?suse_update_config:%{suse_update_config -f build}} libtoolize --force #aclocal -I build autoreconf export CFLAGS="$RPM_OPT_FLAGS -Wno-format-extra-args -fno-strict-aliasing -DLDAP_DEPRECATED" ./configure --prefix=/usr --exec-prefix=/usr --sysconfdir=/etc \ --localstatedir=/var/run/slapd --libexecdir=/usr/lib/openldap \ --libdir=%{_libdir} --mandir=%{_mandir} --enable-aci \ --enable-hdb --enable-bdb --enable-ldbm --enable-crypt \ --enable-ipv6=no \ --enable-ldap --enable-monitor --enable-meta --enable-rewrite \ --enable-dynamic=no --enable-shared=no make depend make %{?jobs:-j%jobs} %endif %endif %check %if %run_test_suite # calculate the base port to be use in the test-suite SLAPD_BASEPORT=10000 if [ -f /.buildenv ] ; then . /.buildenv SLAPD_BASEPORT=$(($SLAPD_BASEPORT + ${BUILD_INCARNATION:-0} * 10)) fi export SLAPD_BASEPORT %ifnarch %arm alpha rm -f tests/scripts/test019-syncreplication-cascade rm -f tests/scripts/test022-ppolicy rm -f tests/scripts/test023-refint rm -f tests/scripts/test033-glue-syncrepl #rm -f tests/scripts/test036-meta-concurrency #rm -f tests/scripts/test039-glue-ldap-concurrency rm -f tests/scripts/test043-delta-syncrepl #rm -f tests/scripts/test045-syncreplication-proxied rm -f tests/scripts/test048-syncrepl-multiproxy rm -f tests/scripts/test050-syncrepl-multimaster rm -f tests/scripts/test058-syncrepl-asymmetric make SLAPD_DEBUG=0 test %endif %endif %install mkdir -p $RPM_BUILD_ROOT/etc/init.d mkdir -p $RPM_BUILD_ROOT/usr/sbin make STRIP="" DESTDIR=$RPM_BUILD_ROOT install install -m 755 rc.ldap $RPM_BUILD_ROOT/etc/init.d/ldap ln -sf ../../etc/init.d/ldap $RPM_BUILD_ROOT/usr/sbin/rcldap mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/slapd.d mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sasl2 install -m 644 %{SOURCE4} $RPM_BUILD_ROOT/%{_sysconfdir}/sasl2/slapd.conf install -m 755 -d $RPM_BUILD_ROOT/var/lib/ldap chmod a+x $RPM_BUILD_ROOT/%{_libdir}/liblber.so* chmod a+x $RPM_BUILD_ROOT/%{_libdir}/libldap_r.so* chmod a+x $RPM_BUILD_ROOT/%{_libdir}/libldap.so* install -m 755 %{SOURCE7} $RPM_BUILD_ROOT/usr/sbin/schema2ldif %if "%{name}" == "openldap2" %define DOCDIR %{_defaultdocdir}/%{name} mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates install -m 644 sysconfig.openldap $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.openldap install -m 644 *.schema $RPM_BUILD_ROOT/etc/openldap/schema install -m 644 %{SOURCE3} $RPM_BUILD_ROOT/var/lib/ldap/DB_CONFIG install -m 644 $RPM_BUILD_ROOT/etc/openldap/DB_CONFIG.example $RPM_BUILD_ROOT/var/lib/ldap/DB_CONFIG.example install -d $RPM_BUILD_ROOT/etc/sysconfig/SuSEfirewall2.d/services/ install -m 644 SuSEfirewall2.openldap $RPM_BUILD_ROOT/etc/sysconfig/SuSEfirewall2.d/services/openldap rm -f `find doc/guide ! -name *.html -a ! -name *.gif -a ! -name *.png -a ! -type d` rm -rf doc/guide/release install -d $RPM_BUILD_ROOT/%{DOCDIR}/adminguide \ $RPM_BUILD_ROOT/%{DOCDIR}/images \ $RPM_BUILD_ROOT/%{DOCDIR}/drafts install -m 644 doc/guide/admin/* $RPM_BUILD_ROOT/%{DOCDIR}/adminguide install -m 644 doc/guide/images/*.gif $RPM_BUILD_ROOT/%{DOCDIR}/images install -m 644 doc/drafts/* $RPM_BUILD_ROOT/%{DOCDIR}/drafts install -m 644 ANNOUNCEMENT \ COPYRIGHT \ LICENSE \ README \ CHANGES \ %{SOURCE5} \ %{SOURCE6} \ $RPM_BUILD_ROOT/%{DOCDIR} install -m 644 servers/slapd/slapd.ldif \ $RPM_BUILD_ROOT/%{DOCDIR}/slapd.ldif.default rm -f $RPM_BUILD_ROOT/etc/openldap/DB_CONFIG.example rm -f $RPM_BUILD_ROOT/etc/openldap/schema/README rm -f $RPM_BUILD_ROOT/etc/openldap/slapd.ldif* rm -f $RPM_BUILD_ROOT/var/run/slapd/openldap-data/DB_CONFIG.example mv servers/slapd/back-sql/rdbms_depend servers/slapd/back-sql/examples %if %suse_version < 1130 # install 2.3 slapcat install -m 755 ../openldap-2.3.37/servers/slapd/slapcat $RPM_BUILD_ROOT/usr/sbin/openldap-2.3-slapcat %endif %endif rm -f $RPM_BUILD_ROOT/usr/lib/openldap/modules/*.a rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-dnssrv.5 rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-ndb.5 rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-null.5 rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-passwd.5 rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-shell.5 rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-sock.5 rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-tcl.5 # Remove *.la files, libtool does not handle this correct rm -f $RPM_BUILD_ROOT%{_libdir}/lib*.la #put filelists into files cat >openldap2.filelist <<EOF /var/adm/fillup-templates/sysconfig.openldap %config /etc/init.d/ldap %config /etc/sysconfig/SuSEfirewall2.d/services/openldap /usr/sbin/rcldap /usr/sbin/slap* %dir /etc/openldap %dir %attr(0770, ldap, ldap) /etc/openldap/slapd.d %dir /etc/openldap/schema %config /etc/openldap/schema/*.schema %config /etc/openldap/schema/*.ldif %config(noreplace) %attr(640, root, ldap) /etc/openldap/slapd.conf %config(noreplace) %attr(640, ldap, ldap) /var/lib/ldap/DB_CONFIG %config /var/lib/ldap/DB_CONFIG.example %attr(640, root, ldap) /%{_sysconfdir}/openldap/slapd.conf.default %config(noreplace) /etc/sasl2/slapd.conf %dir /usr/lib/openldap %dir /usr/lib/openldap/modules /usr/lib/openldap/modules/accesslog* /usr/lib/openldap/modules/auditlog* /usr/lib/openldap/modules/collect* /usr/lib/openldap/modules/constraint* /usr/lib/openldap/modules/dds* /usr/lib/openldap/modules/deref* /usr/lib/openldap/modules/dyngroup* /usr/lib/openldap/modules/dynlist* /usr/lib/openldap/modules/memberof* /usr/lib/openldap/modules/pcache* /usr/lib/openldap/modules/refint* /usr/lib/openldap/modules/retcode* /usr/lib/openldap/modules/rwm* /usr/lib/openldap/modules/seqmod* /usr/lib/openldap/modules/sssvlv* /usr/lib/openldap/modules/translucent* /usr/lib/openldap/modules/unique* /usr/lib/openldap/modules/valsort* /usr/lib/openldap/slapd %dir %attr(0700, ldap, ldap) /var/lib/ldap %dir %attr(0755, ldap, ldap) %ghost /var/run/slapd %doc %{_mandir}/man8/sl* %doc %{_mandir}/man5/slapd.* %doc %{_mandir}/man5/slapd-bdb.* %doc %{_mandir}/man5/slapd-config.* %doc %{_mandir}/man5/slapd-hdb.* %doc %{_mandir}/man5/slapd-ldbm.* %doc %{_mandir}/man5/slapd-ldap.* %doc %{_mandir}/man5/slapd-ldif.* %doc %{_mandir}/man5/slapd-mdb.* %doc %{_mandir}/man5/slapd-monitor.* %doc %{_mandir}/man5/slapd-relay.* %doc %{_mandir}/man5/slapo-* %dir %{DOCDIR} %doc %{DOCDIR}/ANNOUNCEMENT %doc %{DOCDIR}/COPYRIGHT %doc %{DOCDIR}/LICENSE %doc %{DOCDIR}/README* %doc %{DOCDIR}/CHANGES %doc %{DOCDIR}/slapd.ldif.default EOF %if %suse_version < 1130 cat >>openldap2.filelist <<EOF /usr/sbin/openldap-2.3-slapcat EOF %endif # cat > openldap2-client.filelist <<EOF %dir /etc/openldap %config(noreplace) /etc/openldap/ldap.conf /etc/openldap/ldap.conf.default /usr/bin/ldapadd /usr/bin/ldapcompare /usr/bin/ldapdelete /usr/bin/ldapexop /usr/bin/ldapmodify /usr/bin/ldapmodrdn /usr/bin/ldapsearch /usr/bin/ldappasswd /usr/bin/ldapurl /usr/bin/ldapwhoami /usr/sbin/schema2ldif %doc %{_mandir}/man1/ldap* %doc %{_mandir}/man5/ldap.conf* %doc %{_mandir}/man5/ldif.* EOF cat > libldap.filelist <<EOF %{_libdir}/liblber*.so.* %{_libdir}/libldap*.so.* EOF cat > openldap2-devel.filelist <<EOF /usr/include/*.h %{_libdir}/liblber.so %{_libdir}/libldap*.so %doc %{_mandir}/man3/ber* %doc %{_mandir}/man3/lber* %doc %{_mandir}/man3/ld_errno* %doc %{_mandir}/man3/ldap* EOF cat > openldap2-devel-static.filelist <<-EOF %_libdir/liblber.a %_libdir/libldap*.a EOF cat > openldap2-back-perl.filelist <<EOF /usr/lib/openldap/modules/back_perl* %doc %{_mandir}/man5/slapd-perl.* EOF cat > openldap2-back-meta.filelist <<EOF /usr/lib/openldap/modules/back_meta* %doc %{_mandir}/man5/slapd-meta.* EOF cat > openldap2-back-sql.filelist <<EOF /usr/lib/openldap/modules/back_sql* %doc %{_mandir}/man5/slapd-sql.* %doc servers/slapd/back-sql/examples %doc servers/slapd/back-sql/docs/bugs %doc servers/slapd/back-sql/docs/install EOF cat >openldap2-doc.filelist <<EOF %dir %{DOCDIR} %doc %{DOCDIR}/drafts %doc %{DOCDIR}/adminguide %doc %{DOCDIR}/images EOF #remove files from other spec file %if "%{name}" == "openldap2" cat openldap2-client.filelist libldap.filelist openldap2-devel.filelist \ openldap2-devel-static.filelist | %else cat openldap2.filelist openldap2-back-perl.filelist \ openldap2-back-meta.filelist openldap2-back-sql.filelist \ openldap2-doc.filelist | %endif grep -v "%dir " |sed -e "s|^.* ||" |grep "^/" |while read name ; do rm -rf $RPM_BUILD_ROOT$name done %if "%{name}" == "openldap2" %pre /usr/sbin/groupadd -g 70 -o -r ldap 2> /dev/null || : /usr/sbin/useradd -r -o -g ldap -u 76 -s /bin/bash -c "User for OpenLDAP" -d \ /var/lib/ldap ldap 2> /dev/null || : # try to figure out if a db update is needed if [ ${1:-0} -gt 1 ] && [ -f /usr/lib/openldap/slapd ] && /usr/bin/strings /usr/lib/openldap/slapd | \ grep "slapd 2.3" 2>&1 > /dev/null; then # create a backup of the schema shipped with 2.3 # at least core.schema changed between 2.3 and 2.4 TEMPDIR=`mktemp -d /etc/openldap/schema.backup.XXXXXX` echo "Schema backup created in $TEMPDIR" cp -p --remove-destination /etc/openldap/schema/* $TEMPDIR echo $TEMPDIR > /etc/openldap/UPDATE_NEEDED ; fi %post if [ ${1:-0} -gt 1 ] && [ -f %{_libdir}/sasl2/slapd.conf ] ; then cp /etc/sasl2/slapd.conf /etc/sasl2/slapd.conf.rpmnew cp %{_libdir}/sasl2/slapd.conf /etc/sasl2/slapd.conf fi %{fillup_and_insserv -n openldap ldap} %{remove_and_set -n openldap OPENLDAP_RUN_DB_RECOVER} %preun %stop_on_removal ldap %postun %restart_on_update ldap %insserv_cleanup %files -f openldap2.filelist %defattr(-,root,root) %files -n openldap2-back-perl -f openldap2-back-perl.filelist %defattr(-,root,root) %files -n openldap2-back-meta -f openldap2-back-meta.filelist %defattr(-,root,root) %files -n openldap2-back-sql -f openldap2-back-sql.filelist %defattr(-,root,root) %files -n openldap2-doc -f openldap2-doc.filelist %defattr(-,root,root) %else %post -n libldap-2_4-2 -p /sbin/ldconfig %postun -n libldap-2_4-2 -p /sbin/ldconfig %files -f openldap2-client.filelist %defattr(-,root,root) %files -n libldap-2_4-2 -f libldap.filelist %defattr(-,root,root) %files -n openldap2-devel -f openldap2-devel.filelist %defattr(-,root,root) %files -n openldap2-devel-static -f openldap2-devel-static.filelist %defattr(-,root,root) %endif %changelog ++++++ 0001-build-adjustments.dif ++++++ >From 39e5cc1cbae0f7c64ba242357a5d50f23a8475ba Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp <[email protected]> Date: Wed, 16 Jun 2010 14:04:07 +0200 Subject: build-adjustments - Adjusted modules path - don't use automake macro diff --git a/build/top.mk b/build/top.mk index 14e291e..633c9a4 100644 --- a/build/top.mk +++ b/build/top.mk @@ -40,7 +40,7 @@ libdir = @libdir@ libexecdir = @libexecdir@ localstatedir = @localstatedir@ mandir = @mandir@ -moduledir = @libexecdir@$(ldap_subdir) +moduledir = @libexecdir@/modules sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ sysconfdir = @sysconfdir@$(ldap_subdir) diff --git a/configure.in b/configure.in index 792cf0c..6c357ee 100644 --- a/configure.in +++ b/configure.in @@ -69,7 +69,9 @@ dnl Determine host platform dnl we try not to use this for much AC_CANONICAL_TARGET([]) -AM_INIT_AUTOMAKE([$OL_PACKAGE],[$OL_VERSION], [no defines])dnl +AC_PROG_MAKE_SET +PACKAGE=$OL_PACKAGE +VERSION=$OL_VERSION AC_SUBST(PACKAGE)dnl AC_SUBST(VERSION)dnl AC_DEFINE_UNQUOTED(OPENLDAP_PACKAGE,"$PACKAGE",Package) -- 1.7.10.4 ++++++ 0002-slapd.conf.dif ++++++ >From a8be17d4a1db1c6ee24b328f3f34e21ccb02ca3f Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp <[email protected]> Date: Wed, 16 Jun 2010 14:05:49 +0200 Subject: slapd.conf diff --git a/servers/slapd/slapd.conf b/servers/slapd/slapd.conf index 4938b85..9caf292 100644 --- a/servers/slapd/slapd.conf +++ b/servers/slapd/slapd.conf @@ -3,6 +3,10 @@ # This file should NOT be world readable. # include %SYSCONFDIR%/schema/core.schema +include %SYSCONFDIR%/schema/cosine.schema +include %SYSCONFDIR%/schema/inetorgperson.schema +include %SYSCONFDIR%/schema/rfc2307bis.schema +include %SYSCONFDIR%/schema/yast.schema # Define global ACLs to disable default read access. @@ -10,8 +14,8 @@ include %SYSCONFDIR%/schema/core.schema # service AND an understanding of referrals. #referral ldap://root.openldap.org -pidfile %LOCALSTATEDIR%/run/slapd.pid -argsfile %LOCALSTATEDIR%/run/slapd.args +pidfile %LOCALSTATEDIR%/slapd.pid +argsfile %LOCALSTATEDIR%/slapd.args # Load dynamic backend modules: # modulepath %MODULEDIR% @@ -26,20 +30,30 @@ argsfile %LOCALSTATEDIR%/run/slapd.args # security ssf=1 update_ssf=112 simple_bind=64 # Sample access control policy: -# Root DSE: allow anyone to read it -# Subschema (sub)entry DSE: allow anyone to read it -# Other DSEs: -# Allow self write access -# Allow authenticated users read access -# Allow anonymous users to authenticate -# Directives needed to implement policy: -# access to dn.base="" by * read -# access to dn.base="cn=Subschema" by * read -# access to * -# by self write -# by users read -# by anonymous auth -# +# Root DSE: allow anyone to read it +# Subschema (sub)entry DSE: allow anyone to read it +# Other DSEs: +# Allow self write access to user password +# Allow anonymous users to authenticate +# Allow read access to everything else +# Directives needed to implement policy: +access to dn.base="" + by * read + +access to dn.base="cn=Subschema" + by * read + +access to attrs=userPassword,userPKCS12 + by self write + by * auth + +access to attrs=shadowLastChange + by self write + by * read + +access to * + by * read + # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") @@ -52,6 +66,8 @@ argsfile %LOCALSTATEDIR%/run/slapd.args database bdb suffix "dc=my-domain,dc=com" +checkpoint 1024 5 +cachesize 10000 rootdn "cn=Manager,dc=my-domain,dc=com" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. @@ -60,6 +76,6 @@ rootpw secret # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. -directory %LOCALSTATEDIR%/openldap-data +directory /var/lib/ldap # Indices to maintain index objectClass eq -- 1.7.10.4 ++++++ 0003-LDAPI-socket-location.dif ++++++ >From 73f1a31ec1d90872ac6f09ffac5adfb199eba963 Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp <[email protected]> Date: Wed, 16 Jun 2010 14:06:42 +0200 Subject: LDAPI socket location diff --git a/include/ldap_defaults.h b/include/ldap_defaults.h index 9dba666..b9780bc 100644 --- a/include/ldap_defaults.h +++ b/include/ldap_defaults.h @@ -39,7 +39,7 @@ #define LDAP_ENV_PREFIX "LDAP" /* default ldapi:// socket */ -#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "run" LDAP_DIRSEP "ldapi" +#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "ldapi" /* * SLAPD DEFINITIONS -- 1.7.10.4 ++++++ 0004-libldap-use-gethostbyname_r.dif ++++++ >From a36c907fe49e96a304c294a0d46b34c374c29c7f Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp <[email protected]> Date: Wed, 16 Jun 2010 14:08:03 +0200 Subject: libldap use gethostbyname_r diff --git a/libraries/libldap/util-int.c b/libraries/libldap/util-int.c index 3510aec..666cdad 100644 --- a/libraries/libldap/util-int.c +++ b/libraries/libldap/util-int.c @@ -52,7 +52,7 @@ extern int h_errno; #ifndef LDAP_R_COMPILE # undef HAVE_REENTRANT_FUNCTIONS # undef HAVE_CTIME_R -# undef HAVE_GETHOSTBYNAME_R +/* # undef HAVE_GETHOSTBYNAME_R */ # undef HAVE_GETHOSTBYADDR_R #else @@ -317,7 +317,7 @@ ldap_pvt_csnstr(char *buf, size_t len, unsigned int replica, unsigned int mod) #define BUFSTART (1024-32) #define BUFMAX (32*1024-32) -#if defined(LDAP_R_COMPILE) +#if defined(LDAP_R_COMPILE) || defined(HAVE_GETHOSTBYNAME_R) static char *safe_realloc( char **buf, int len ); #if !(defined(HAVE_GETHOSTBYNAME_R) && defined(HAVE_GETHOSTBYADDR_R)) -- 1.7.10.4 ++++++ 0005-pie-compile.dif ++++++ >From 60edf86023da15db7be5935c85826e16d2b78648 Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp <[email protected]> Date: Fri, 12 Nov 2010 09:39:11 +0100 Subject: pie compile diff --git a/build/top.mk b/build/top.mk index 633c9a4..c67289d 100644 --- a/build/top.mk +++ b/build/top.mk @@ -107,7 +107,7 @@ LINK_LIBS = $(MOD_LIBS) $(@PLAT@_LINK_LIBS) LTSTATIC = @LTSTATIC@ LTLINK = $(LIBTOOL) --mode=link \ - $(CC) $(LTSTATIC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS) + $(CC) -pie $(LTSTATIC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS) LTCOMPILE_LIB = $(LIBTOOL) $(LTONLY_LIB) --mode=compile \ $(CC) $(LT_CFLAGS) $(LT_CPPFLAGS) $(LIB_DEFS) -c @@ -116,7 +116,7 @@ LTLINK_LIB = $(LIBTOOL) $(LTONLY_LIB) --mode=link \ $(CC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS_LIB) LTCOMPILE_MOD = $(LIBTOOL) $(LTONLY_MOD) --mode=compile \ - $(CC) $(LT_CFLAGS) $(LT_CPPFLAGS) $(MOD_DEFS) -c + $(CC) $(LT_CFLAGS) $(PIE_CFLAGS) $(LT_CPPFLAGS) $(MOD_DEFS) -c LTLINK_MOD = $(LIBTOOL) $(LTONLY_MOD) --mode=link \ $(CC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS_MOD) @@ -206,7 +206,7 @@ SLAPD_LIBS = @SLAPD_LIBS@ @SLAPD_PERL_LDFLAGS@ @SLAPD_SQL_LDFLAGS@ @SLAPD_SQL_LI # Our Defaults CC = $(AC_CC) DEFS = $(LDAP_INCPATH) $(XINCPATH) $(XDEFS) $(AC_DEFS) $(DEFINES) -CFLAGS = $(AC_CFLAGS) $(DEFS) +CFLAGS = -fPIE $(AC_CFLAGS) $(DEFS) LDFLAGS = $(LDAP_LIBPATH) $(AC_LDFLAGS) $(XLDFLAGS) LIBS = $(XLIBS) $(XXLIBS) $(AC_LIBS) $(XXXLIBS) diff --git a/servers/slapd/back-bdb/Makefile.in b/servers/slapd/back-bdb/Makefile.in index da7da0c..dcb6d92 100644 --- a/servers/slapd/back-bdb/Makefile.in +++ b/servers/slapd/back-bdb/Makefile.in @@ -33,6 +33,8 @@ LDAP_LIBDIR= ../../../libraries BUILD_OPT = "--enable-bdb" BUILD_MOD = @BUILD_BDB@ +PIE_CFLAGS="-fPIE" + mod_DEFS = -DSLAPD_IMPORT MOD_DEFS = $(@BUILD_BDB@_DEFS) MOD_LIBS = $(BDB_LIBS) diff --git a/servers/slapd/back-hdb/Makefile.in b/servers/slapd/back-hdb/Makefile.in index 5af828f..6f43f7b 100644 --- a/servers/slapd/back-hdb/Makefile.in +++ b/servers/slapd/back-hdb/Makefile.in @@ -37,6 +37,8 @@ LDAP_LIBDIR= ../../../libraries BUILD_OPT = "--enable-hdb" BUILD_MOD = @BUILD_HDB@ +PIE_CFLAGS="-fPIE" + mod_DEFS = -DSLAPD_IMPORT MOD_DEFS = $(@BUILD_HDB@_DEFS) MOD_LIBS = $(BDB_LIBS) diff --git a/servers/slapd/back-ldap/Makefile.in b/servers/slapd/back-ldap/Makefile.in index 392d92e..3a0663d 100644 --- a/servers/slapd/back-ldap/Makefile.in +++ b/servers/slapd/back-ldap/Makefile.in @@ -26,6 +26,8 @@ LDAP_LIBDIR= ../../../libraries BUILD_OPT = "--enable-ldap" BUILD_MOD = @BUILD_LDAP@ +PIE_CFLAGS="-fPIE" + mod_DEFS = -DSLAPD_IMPORT MOD_DEFS = $(@BUILD_LDAP@_DEFS) diff --git a/servers/slapd/back-ldif/Makefile.in b/servers/slapd/back-ldif/Makefile.in index 5e4abc1..1e8c454 100644 --- a/servers/slapd/back-ldif/Makefile.in +++ b/servers/slapd/back-ldif/Makefile.in @@ -22,6 +22,8 @@ LDAP_LIBDIR= ../../../libraries BUILD_OPT = "--enable-ldif" BUILD_MOD = yes +PIE_CFLAGS="-fPIE" + mod_DEFS = -DSLAPD_IMPORT MOD_DEFS = $(yes_DEFS) diff --git a/servers/slapd/back-mdb/Makefile.in b/servers/slapd/back-mdb/Makefile.in index 9b01d2a..e37520a 100644 --- a/servers/slapd/back-mdb/Makefile.in +++ b/servers/slapd/back-mdb/Makefile.in @@ -34,6 +34,8 @@ MDB_SUBDIR = $(srcdir)/$(LDAP_LIBDIR)/libmdb BUILD_OPT = "--enable-mdb" BUILD_MOD = @BUILD_MDB@ +PIE_CFLAGS="-fPIE" + mod_DEFS = -DSLAPD_IMPORT MOD_DEFS = $(@BUILD_MDB@_DEFS) MOD_LIBS = $(MDB_LIBS) diff --git a/servers/slapd/back-monitor/Makefile.in b/servers/slapd/back-monitor/Makefile.in index 9aecdbc..11c962c 100644 --- a/servers/slapd/back-monitor/Makefile.in +++ b/servers/slapd/back-monitor/Makefile.in @@ -30,6 +30,8 @@ LDAP_LIBDIR= ../../../libraries BUILD_OPT = "--enable-monitor" BUILD_MOD = @BUILD_MONITOR@ +PIE_CFLAGS="-fPIE" + mod_DEFS = -DSLAPD_IMPORT MOD_DEFS = $(@BUILD_MONITOR@_DEFS) diff --git a/servers/slapd/back-relay/Makefile.in b/servers/slapd/back-relay/Makefile.in index 90ea4b3..ff2f429 100644 --- a/servers/slapd/back-relay/Makefile.in +++ b/servers/slapd/back-relay/Makefile.in @@ -22,6 +22,8 @@ LDAP_LIBDIR= ../../../libraries BUILD_OPT = "--enable-relay" BUILD_MOD = @BUILD_RELAY@ +PIE_CFLAGS="-fPIE" + mod_DEFS = -DSLAPD_IMPORT MOD_DEFS = $(@BUILD_RELAY@_DEFS) -- 1.7.10.4 ++++++ 0006-No-Build-date-and-time-in-binaries.dif ++++++ >From a7a37111026ccb9fddfeedc22606b80d8d75557f Mon Sep 17 00:00:00 2001 From: Cristian Rodriguez <[email protected]> Date: Tue, 5 Oct 2010 13:59:40 +0200 Subject: No Build date and time in binaries This avoids build-compare failures and unhelpful rebuilds/republishes in the openSUSE buildservice. diff --git a/build/mkversion b/build/mkversion index 3fd9565..dd9a998 100755 --- a/build/mkversion +++ b/build/mkversion @@ -50,7 +50,7 @@ if test $# != 1 ; then fi APPLICATION=$1 -WHOWHERE="$USER@`uname -n`:`pwd`" +WHOWHERE="[email protected]" cat << __EOF__ /* This work is part of OpenLDAP Software <http://www.openldap.org/>. @@ -72,7 +72,7 @@ static const char copyright[] = "COPYING RESTRICTIONS APPLY\n"; $static $const char $SYMBOL[] = -"@(#) \$$PACKAGE: $APPLICATION $VERSION (" __DATE__ " " __TIME__ ") \$\n" +"@(#) \$$PACKAGE: $APPLICATION $VERSION \$\n" "\t$WHOWHERE\n"; __EOF__ -- 1.7.10.4 ++++++ 0007-Recover-on-DB-version-change.dif ++++++ >From 895fa6d9b49344e1a92f7df3ed65458519e22f98 Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp <[email protected]> Date: Tue, 5 Oct 2010 14:20:22 +0200 Subject: Recover on DB version change If the libdb Version changed try to recover the database. Note: This will only succeed if only the format of transaction logs changed. diff --git a/servers/slapd/back-bdb/init.c b/servers/slapd/back-bdb/init.c index ac5a6d5..fea5cb4 100644 --- a/servers/slapd/back-bdb/init.c +++ b/servers/slapd/back-bdb/init.c @@ -330,6 +330,13 @@ shm_retry: rc = (bdb->bi_dbenv->open)( bdb->bi_dbenv, dbhome, flags | do_recover, bdb->bi_dbenv_mode ); + if ( rc == DB_VERSION_MISMATCH ) { + Debug( LDAP_DEBUG_ANY, + LDAP_XSTRING(bdb_db_open) ": bdb version change detected " + "trying to recover\n", 0, 0, 0 ); + rc = (bdb->bi_dbenv->open)( bdb->bi_dbenv, dbhome, + flags | DB_RECOVER, bdb->bi_dbenv_mode ); + } if ( rc ) { /* Regular open failed, probably a missing shm environment. * Start over, do a recovery. -- 1.7.10.4 ++++++ 0008-ITS-7723-fix-reference-counting.patch ++++++ >From 742d3e4a6a1f62c3c3ae1e9341f3615b4705a701 Mon Sep 17 00:00:00 2001 From: Jan Synacek <[email protected]> Date: Wed, 13 Nov 2013 09:06:54 +0100 Subject: [PATCH] ITS#7723 fix reference counting --- libraries/librewrite/session.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libraries/librewrite/session.c b/libraries/librewrite/session.c index 28f2551..7c59d14 100644 --- a/libraries/librewrite/session.c +++ b/libraries/librewrite/session.c @@ -161,6 +161,7 @@ rewrite_session_find( #ifdef USE_REWRITE_LDAP_PVT_THREADS if ( session ) { ldap_pvt_thread_mutex_lock( &session->ls_mutex ); + session->ls_count++; } ldap_pvt_thread_rdwr_runlock( &info->li_cookies_mutex ); #endif /* USE_REWRITE_LDAP_PVT_THREADS */ @@ -178,6 +179,7 @@ rewrite_session_return( ) { assert( session != NULL ); + session->ls_count--; ldap_pvt_thread_mutex_unlock( &session->ls_mutex ); } -- 1.8.3.1 ++++++ 0009-In-monitor-backend-do-not-return-Connection0-entries.patch ++++++ >From d4b247e43fe1ea1b3713f3d8f493422d5adcc537 Mon Sep 17 00:00:00 2001 From: HouzuoGuo <[email protected]> Date: Fri, 13 Mar 2015 16:14:10 +0100 Subject: [PATCH] In monitor backend, do not return Connection0 entries as they are created for internal use only. --- servers/slapd/back-monitor/conn.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/servers/slapd/back-monitor/conn.c b/servers/slapd/back-monitor/conn.c index c1995b0..2d27738 100644 --- a/servers/slapd/back-monitor/conn.c +++ b/servers/slapd/back-monitor/conn.c @@ -454,6 +454,11 @@ monitor_subsys_conn_create( c != NULL; c = connection_next( c, &connindex ) ) { + /* Connection 0 is created by connection_client_setup for internal use only */ + if (c->c_connid == 0) { + continue; + } + monitor_entry_t *mp; if ( conn_create( mi, c, &e, ms ) != SLAP_CB_CONTINUE -- 2.1.4 ++++++ 0010-ITS-ITS-8027-require-non-empty-AttributeList.patch ++++++ >From 7a5a98577a0481d864ca7fe05b9b32274d4d1fb5 Mon Sep 17 00:00:00 2001 From: Howard Chu <[email protected]> Date: Mon, 19 Jan 2015 22:25:53 +0000 Subject: [PATCH] ITS#8027 require non-empty AttributeList --- servers/slapd/overlays/deref.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/servers/slapd/overlays/deref.c b/servers/slapd/overlays/deref.c index 9420e3e..05aa890 100644 --- a/servers/slapd/overlays/deref.c +++ b/servers/slapd/overlays/deref.c @@ -183,7 +183,8 @@ deref_parseCtrl ( ber_len_t cnt = sizeof(struct berval); ber_len_t off = 0; - if ( ber_scanf( ber, "{m{M}}", &derefAttr, &attributes, &cnt, off ) == LBER_ERROR ) + if ( ber_scanf( ber, "{m{M}}", &derefAttr, &attributes, &cnt, off ) == LBER_ERROR + || !cnt ) { rs->sr_text = "Dereference control: derefSpec decoding error"; rs->sr_err = LDAP_PROTOCOL_ERROR; -- 1.7.10.4 ++++++ 0011-ITS-8046-fix-vrFilter_free.patch ++++++ >From 2f1a2dd329b91afe561cd06b872d09630d4edb6a Mon Sep 17 00:00:00 2001 From: Howard Chu <[email protected]> Date: Wed, 4 Feb 2015 02:03:55 +0000 Subject: [PATCH] ITS#8046 fix vrFilter_free --- servers/slapd/filter.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/servers/slapd/filter.c b/servers/slapd/filter.c index b859f73..22c81c8 100644 --- a/servers/slapd/filter.c +++ b/servers/slapd/filter.c @@ -1158,14 +1158,10 @@ get_vrFilter( Operation *op, BerElement *ber, void vrFilter_free( Operation *op, ValuesReturnFilter *vrf ) { - ValuesReturnFilter *p, *next; + ValuesReturnFilter *next; - if ( vrf == NULL ) { - return; - } - - for ( p = vrf; p != NULL; p = next ) { - next = p->vrf_next; + for ( ; vrf != NULL; vrf = next ) { + next = vrf->vrf_next; switch ( vrf->vrf_choice & SLAPD_FILTER_MASK ) { case LDAP_FILTER_PRESENT: -- 1.7.10.4 ++++++ DB_CONFIG ++++++ set_cachesize 0 15000000 1 set_lg_regionmax 262144 set_lg_bsize 2097152 set_lk_max_locks 30000 set_lk_max_objects 30000 set_flags DB_LOG_AUTOREMOVE ++++++ README.dynamic-overlays ++++++ Most of the OpenLDAP overlays are now compiled as dynamic modules in our packages. If you want to use any of these in your setup make sure to put the correct "olcModuleLoad" or "moduleload" statements in your configuration. For details please see the slapd-config(5) and slapd.conf(5) manpages (depending on which config mechanism you use). For a list of the list of included dynamic modules see the "/usr/lib/openldap/modules/" directory. For convenience and backwards compatibility some overlays are are still compiled statically into the slapd binary. To see which overlays that are call "/usr/lib/openldap/slapd -VVV". Currently these are: syncprov (the provider part of syncrepl replication) ppolicy (a LDAP Password Policy implementation) Documentations for the overlays can be found in the respective man pages (named "slapo-<overlay-name>") or the OpenLDAP Administration Guide which is part of the "openldap2-doc" package. ++++++ README.update ++++++ Updating from OpenLDAP 2.3.X to 2.4.X ===================================== Changed Database format: Due change in the "BDB"-backend's index database format, existing bdb-databases need to be reloaded from LDIF completely. This is normally done during the package installation/update. This might not work in all setups and for that database dumps of all bdb/hdb databases are created during the update. You can find the database dump of each bdb database in the database directory for that database (default: /var/lib/ldap/). The file name is "ldapbak.ldif.X" where "X" presents the number of the database. If the database backups where not created during the package update for some reason, you can do them manually by using the command: /usr/sbin/openldap-2.3-slapcat -T c \ -f /etc/openldap/schema.backup.XXXXXX/slapd.conf.update Before dumping the database you should remove the db's enviroment (the __db*-file in /var/lib/ldap) To reload the databases please use the tool "slapadd". Other Changes: For additional information on important changes and upgrade instructions, please have a look a the OpenLDAP Administrator's Guide. You can find in at: /usr/share/doc/packages/openldap2/guide/admin/guide.html or online at: http://www.openldap.org/doc/admin24/ ++++++ baselibs.conf ++++++ libldap-2_4-2 provides "openldap2-client-<targettype> = <version>" obsoletes "openldap2-client-<targettype> <= <version>" openldap2-devel requires -openldap2-<targettype> requires "libldap-2_4-2-<targettype> = <version>" ++++++ check-build.sh ++++++ #!/bin/bash # Copyright (c) 2003 SuSE Linux AG, Germany. All rights reserved. # get kernel version OFS="$IFS" ; IFS=".-" ; version=(`uname -r`) ; IFS="$OIFS" if test ${version[0]} -gt 2 ; then : # okay elif test ${version[0]} -lt 2 -o ${version[1]} -lt 6 -o ${version[2]} -lt 11 ; then echo "FATAL: kernel too old, need kernel >= 2.6.11 for this package" 1>&2 exit 1 fi exit 0 ++++++ openldap-2.3.37.dif ++++++ Index: build/top.mk =================================================================== --- build/top.mk.orig +++ build/top.mk @@ -39,7 +39,7 @@ libdir = @libdir@ libexecdir = @libexecdir@ localstatedir = @localstatedir@ mandir = @mandir@ -moduledir = @libexecdir@$(ldap_subdir) +moduledir = @libexecdir@/modules sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ sysconfdir = @sysconfdir@$(ldap_subdir) @@ -58,7 +58,7 @@ INSTALL_PROGRAM = $(INSTALL) INSTALL_DATA = $(INSTALL) -m 644 INSTALL_SCRIPT = $(INSTALL) -STRIP = -s +#STRIP = -s LINT = lint 5LINT = 5lint Index: configure.in =================================================================== --- configure.in.orig +++ configure.in @@ -64,7 +64,9 @@ dnl Determine host platform dnl we try not to use this for much AC_CANONICAL_TARGET([]) -AM_INIT_AUTOMAKE([$OL_PACKAGE],[$OL_VERSION], [no defines])dnl +AC_PROG_MAKE_SET +PACKAGE=$OL_PACKAGE +VERSION=$OL_VERSION AC_SUBST(PACKAGE)dnl AC_SUBST(VERSION)dnl AC_DEFINE_UNQUOTED(OPENLDAP_PACKAGE,"$PACKAGE",Package) Index: servers/slapd/aclparse.c =================================================================== --- servers/slapd/aclparse.c.orig +++ servers/slapd/aclparse.c @@ -662,7 +662,7 @@ parse_acl( if ( rc != LDAP_SUCCESS ) { char buf[ SLAP_TEXT_BUFLEN ]; - snprintf( buf, sizeof( buf ), "%s: line %d: " + snprintf( buf, sizeof( buf ), " attr \"%s\" normalization failed (%d: %s)", fname, lineno, a->acl_attrs[ 0 ].an_name.bv_val, rc, text ); Index: libraries/liblunicode/Makefile.in =================================================================== --- libraries/liblunicode/Makefile.in.orig +++ libraries/liblunicode/Makefile.in @@ -35,6 +35,9 @@ $(XXDIR)/uctable.h: $(XXDIR)/ucgendat.c $(MAKE) ucgendat ./ucgendat $(srcdir)/UnicodeData.txt -x $(srcdir)/CompositionExclusions.txt +PIE_CFLAGS="-fPIE" +PIE_LDFLAGS="-pie" + ucgendat: $(XLIBS) ucgendat.o $(LTLINK) -o $@ ucgendat.o $(LIBS) Index: libraries/liblutil/Makefile.in =================================================================== --- libraries/liblutil/Makefile.in.orig +++ libraries/liblutil/Makefile.in @@ -19,6 +19,9 @@ PROGRAM = testavl LDAP_INCDIR= ../../include LDAP_LIBDIR= ../../libraries +PIE_CFLAGS="-fPIE" +PIE_LDFLAGS="-pie" + NT_SRCS = ntservice.c NT_OBJS = ntservice.o slapdmsg.res Index: servers/slapd/Makefile.in =================================================================== --- servers/slapd/Makefile.in.orig +++ servers/slapd/Makefile.in @@ -69,6 +69,9 @@ SLAPD_DYNAMIC_BACKENDS=@SLAPD_DYNAMIC_BA SLAPI_LIBS=@LIBSLAPI@ @SLAPI_LIBS@ +PIE_CFLAGS="-fPIE" +PIE_LDFLAGS="-pie" + XDEFS = $(MODULES_CPPFLAGS) XLDFLAGS = $(MODULES_LDFLAGS) Index: servers/slurpd/Makefile.in =================================================================== --- servers/slurpd/Makefile.in.orig +++ servers/slurpd/Makefile.in @@ -38,6 +38,9 @@ BUILD_SRV = @BUILD_SLURPD@ all-local-srv: $(PROGRAMS) +PIE_CFLAGS="-fPIE" +PIE_LDFLAGS="-pie" + # $(LTHREAD_LIBS) must be last! XLIBS = $(SLURPD_L) XXLIBS = $(SLURPD_LIBS) $(SECURITY_LIBS) $(LUTIL_LIBS) Index: servers/slapd/back-bdb/Makefile.in =================================================================== --- servers/slapd/back-bdb/Makefile.in.orig +++ servers/slapd/back-bdb/Makefile.in @@ -37,6 +37,9 @@ mod_DEFS = -DSLAPD_IMPORT MOD_DEFS = $(@BUILD_BDB@_DEFS) MOD_LIBS = $(LDBM_LIBS) +PIE_CFLAGS="-fPIE" +PIE_LDFLAGS="-pie" + shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) Index: servers/slapd/back-hdb/Makefile.in =================================================================== --- servers/slapd/back-hdb/Makefile.in.orig +++ servers/slapd/back-hdb/Makefile.in @@ -39,6 +39,9 @@ mod_DEFS = -DSLAPD_IMPORT MOD_DEFS = $(@BUILD_HDB@_DEFS) MOD_LIBS = $(LDBM_LIBS) +PIE_CFLAGS="-fPIE" +PIE_LDFLAGS="-pie" + shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) Index: servers/slapd/back-ldbm/Makefile.in =================================================================== --- servers/slapd/back-ldbm/Makefile.in.orig +++ servers/slapd/back-ldbm/Makefile.in @@ -36,6 +36,9 @@ mod_DEFS = -DSLAPD_IMPORT MOD_DEFS = $(@BUILD_LDBM@_DEFS) MOD_LIBS = $(LDBM_LIBS) +PIE_CFLAGS="-fPIE" +PIE_LDFLAGS="-pie" + shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) Index: servers/slapd/overlays/Makefile.in =================================================================== --- servers/slapd/overlays/Makefile.in.orig +++ servers/slapd/overlays/Makefile.in @@ -41,6 +41,9 @@ LTONLY_MOD = $(LTONLY_mod) LDAP_INCDIR= ../../../include LDAP_LIBDIR= ../../../libraries +PIE_CFLAGS="-fPIE" +PIE_LDFLAGS="-pie" + MOD_DEFS = -DSLAPD_IMPORT shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) Index: servers/slapd/back-relay/Makefile.in =================================================================== --- servers/slapd/back-relay/Makefile.in.orig +++ servers/slapd/back-relay/Makefile.in @@ -24,6 +24,9 @@ BUILD_MOD = @BUILD_RELAY@ mod_DEFS = -DSLAPD_IMPORT MOD_DEFS = $(@BUILD_RELAY@_DEFS) +PIE_CFLAGS="-fPIE" +PIE_LDFLAGS="-pie" + shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) $(REWRITE) UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) $(REWRITE) Index: servers/slapd/back-ldif/Makefile.in =================================================================== --- servers/slapd/back-ldif/Makefile.in.orig +++ servers/slapd/back-ldif/Makefile.in @@ -25,6 +25,9 @@ BUILD_MOD = yes mod_DEFS = -DSLAPD_IMPORT MOD_DEFS = $(yes_DEFS) +PIE_CFLAGS="-fPIE" +PIE_LDFLAGS="-pie" + shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) Index: libraries/librewrite/Makefile.in =================================================================== --- libraries/librewrite/Makefile.in.orig +++ libraries/librewrite/Makefile.in @@ -26,6 +26,9 @@ OBJS = config.o context.o info.o ldapmap LDAP_INCDIR= ../../include LDAP_LIBDIR= ../../libraries +PIE_CFLAGS="-fPIE" +PIE_LDFLAGS="-pie" + LIBRARY = librewrite.a PROGRAMS = rewrite XLIBS = $(LIBRARY) $(LDAP_LIBLUTIL_A) \ Index: servers/slapd/back-ldap/Makefile.in =================================================================== --- servers/slapd/back-ldap/Makefile.in.orig +++ servers/slapd/back-ldap/Makefile.in @@ -27,6 +27,9 @@ BUILD_MOD = @BUILD_LDAP@ mod_DEFS = -DSLAPD_IMPORT MOD_DEFS = $(@BUILD_LDAP@_DEFS) +PIE_CFLAGS="-fPIE" +PIE_LDFLAGS="-pie" + shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) Index: servers/slapd/back-monitor/Makefile.in =================================================================== --- servers/slapd/back-monitor/Makefile.in.orig +++ servers/slapd/back-monitor/Makefile.in @@ -33,6 +33,9 @@ BUILD_MOD = @BUILD_MONITOR@ mod_DEFS = -DSLAPD_IMPORT MOD_DEFS = $(@BUILD_MONITOR@_DEFS) +PIE_CFLAGS="-fPIE" +PIE_LDFLAGS="-pie" + shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) Index: servers/slapd/modify.c =================================================================== --- servers/slapd/modify.c.orig +++ servers/slapd/modify.c @@ -1,4 +1,4 @@ -/* $OpenLDAP: pkg/ldap/servers/slapd/modify.c,v 1.227.2.25 2007/01/02 21:43:56 kurt Exp $ */ +/* $OpenLDAP: pkg/ldap/servers/slapd/modify.c,v 1.227.2.26 2007/09/04 03:42:37 hyc Exp $ */ /* This work is part of OpenLDAP Software <http://www.openldap.org/>. * * Copyright 1998-2007 The OpenLDAP Foundation. @@ -734,6 +734,7 @@ int slap_mods_check( "%s: value #%ld normalization failed", ml->sml_type.bv_val, (long) nvals ); *text = textbuf; + BER_BVZERO( &ml->sml_nvalues[nvals] ); return rc; } } Index: servers/slapd/back-bdb/modrdn.c =================================================================== --- servers/slapd/back-bdb/modrdn.c.orig +++ servers/slapd/back-bdb/modrdn.c @@ -729,6 +729,8 @@ retry: /* transaction retry */ } else { rs->sr_err = LDAP_X_NO_OPERATION; ltid = NULL; + /* Only free attrs if they were dup'd. */ + if ( dummy.e_attrs == e->e_attrs ) dummy.e_attrs = NULL; goto return_results; } Index: libraries/liblber/Makefile.in =================================================================== --- libraries/liblber/Makefile.in.orig +++ libraries/liblber/Makefile.in @@ -34,6 +34,9 @@ PROGRAMS= dtest etest idtest LDAP_INCDIR= ../../include LDAP_LIBDIR= ../../libraries +PIE_CFLAGS="-fPIE" +PIE_LDFLAGS="-pie" + XLIBS = $(LIBRARY) $(LDAP_LIBLUTIL_A) XXLIBS = NT_LINK_LIBS = $(AC_LIBS) Index: libraries/libldap/Makefile.in =================================================================== --- libraries/libldap/Makefile.in.orig +++ libraries/libldap/Makefile.in @@ -42,6 +42,9 @@ OBJS = bind.lo open.lo result.lo error.l LDAP_INCDIR= ../../include LDAP_LIBDIR= ../../libraries +PIE_CFLAGS="-fPIE" +PIE_LDFLAGS="-pie" + LIB_DEFS = -DLDAP_LIBRARY XLIBS = $(LIBRARY) $(LDAP_LIBLBER_LA) $(LDAP_LIBLUTIL_A) Index: libraries/libldap_r/Makefile.in =================================================================== --- libraries/libldap_r/Makefile.in.orig +++ libraries/libldap_r/Makefile.in @@ -49,6 +49,9 @@ OBJS = threads.lo rdwr.lo tpool.lo rq.l LDAP_INCDIR= ../../include LDAP_LIBDIR= ../../libraries +PIE_CFLAGS="-fPIE" +PIE_LDFLAGS="-pie" + LIB_DEFS = -DLDAP_LIBRARY XDEFS = -DLDAP_R_COMPILE -I$(XXDIR) Index: servers/slapd/back-meta/Makefile.in =================================================================== --- servers/slapd/back-meta/Makefile.in.orig +++ servers/slapd/back-meta/Makefile.in @@ -23,6 +23,9 @@ OBJS = init.lo config.lo search.lo bind. LDAP_INCDIR= ../../../include LDAP_LIBDIR= ../../../libraries +PIE_CFLAGS="-fPIE" +PIE_LDFLAGS="-pie" + BUILD_OPT = "--enable-meta" BUILD_MOD = @BUILD_META@ Index: libraries/libldap/os-ip.c =================================================================== --- libraries/libldap/os-ip.c.orig +++ libraries/libldap/os-ip.c @@ -646,7 +646,7 @@ ldap_host_connected_to( Sockbuf *sb, con char *herr; #ifdef NI_MAXHOST char hbuf[NI_MAXHOST]; -#elif defined( MAXHOSTNAMELEN +#elif defined( MAXHOSTNAMELEN ) char hbuf[MAXHOSTNAMELEN]; #else char hbuf[256]; Index: include/ldap_pvt_thread.h =================================================================== --- include/ldap_pvt_thread.h.orig +++ include/ldap_pvt_thread.h @@ -61,8 +61,6 @@ ldap_pvt_thread_set_concurrency LDAP_P(( /* LARGE stack. Will be twice as large on 64 bit machine. */ #define LDAP_PVT_THREAD_STACK_SIZE ( 1 * 1024 * 1024 * sizeof(void *) ) /* May be explicitly defined to zero to disable it */ -#elif LDAP_PVT_THREAD_STACK_SIZE == 0 -#undef LDAP_PVT_THREAD_SET_STACK_SIZE #endif #endif /* !LDAP_PVT_THREAD_H_DONE */ Index: libraries/liblutil/getpeereid.c =================================================================== --- libraries/liblutil/getpeereid.c.orig +++ libraries/liblutil/getpeereid.c @@ -13,7 +13,9 @@ * top-level directory of the distribution or, alternatively, at * <http://www.OpenLDAP.org/license.html>. */ - +#ifndef _GNU_SOURCE +#define _GNU_SOURCE 1 /* Needed for glibc struct ucred */ +#endif #include "portable.h" #ifndef HAVE_GETPEEREID ++++++ pre_checkin.sh ++++++ #!/bin/bash echo -n "Generating openldap2-client " cp openldap2.changes openldap2-client.changes cp openldap2.spec openldap2-client.spec perl -pi -e "s/^Name:.*openldap2$/Name: openldap2-client/g" openldap2-client.spec perl -pi -e "s/^Summary:.*Server$/Summary: The OpenLDAP commandline client tools/" openldap2-client.spec osc service localrun format_spec_file echo "Done." ++++++ sasl-slapd.conf ++++++ mech_list: gssapi digest-md5 cram-md5 external ++++++ schema2ldif ++++++ #!/bin/bash # # This is a simple tool to convert OpenLDAP Schema files to # LDIF suitable for usage with OpenLDAP's dynamic configuration # backend (cn=config) # # usage: # schema2ldif <input file> # # The generated LDIF is printed to stdout. # if [ -z "$1" ]; then echo 'usage: schema2ldif <input file>' exit; fi cn=`basename $1 .schema` echo "dn: cn=$cn,cn=schema,cn=config"; echo "objectclass: olcSchemaConfig"; echo "cn: $cn"; /usr/bin/awk ' BEGIN { buffer = ""; width=78 ; } function wrap(data) { if (length(data) > 0) { do { print substr(data,0,width); data = " " substr(data, width+1); } while (length(data) > 1 ) }; } /^[\t ]*$/ {wrap(buffer); buffer=""; print "#"; next; } /^#.*$/ { wrap(buffer); buffer=""; print $0; next } /^[\t ]+/ { gsub("^[\t ]+",""); buffer = buffer " " $0; next; } { wrap(buffer); $1 = tolower($1) ; gsub("^objectclass$","olcObjectclasses:",$1) gsub("^attributetype$","olcAttributeTypes:",$1) gsub("^objectidentifier$","olcObjectIdentifier:",$1) buffer = $0; } END { wrap(buffer); print "" } ' "$@"
