On Mon, Jul 28, 2014 at 02:50:13PM -0400, Amy Fong wrote: > From 10be38b1a220079953f1aab0d1d79eee10a9855e Mon Sep 17 00:00:00 2001 > From: Amy Fong <[email protected]> > Date: Tue, 15 Jul 2014 17:48:54 -0400 > Subject: [PATCH] keystone: package openLDAP 2.4.39 > > The patches are taken from Debian.
Please fix: openldap-2.4.39: openldap: Files/directories were installed but not shipped /run [installed-vs-shipped] > > Signed-off-by: Amy Fong <[email protected]> > --- > .../add-tlscacert-option-to-ldap-conf.patch | 10 + > .../openldap-2.4.39/autogroup-makefile.patch | 35 ++++ > .../contrib-modules-use-dpkg-buildflags.patch | 40 ++++ > .../do-not-second-guess-sonames.patch | 68 +++++++ > .../openldap/openldap-2.4.39/evolution-ntlm.patch | 222 > +++++++++++++++++++++ > .../openldap-2.4.39/fix-build-top-mk.patch | 11 + > .../openldap-2.4.39/fix-ftbfs-binutils-gold.patch | 64 ++++++ > .../getaddrinfo-is-threadsafe.patch | 43 ++++ > .../openldap/openldap-2.4.39/heimdal-fix.patch | 23 +++ > .../index-files-created-as-root.patch | 37 ++++ > .../openldap/openldap-2.4.39/install-strip.patch | 14 ++ > .../openldap-2.4.39/ldap-conf-tls-cacertdir.patch | 29 +++ > .../openldap-2.4.39/ldapi-socket-place.patch | 16 ++ > .../openldap-2.4.39/libldap-symbol-versions.patch | 161 +++++++++++++++ > .../openldap/openldap-2.4.39/man-slapd.patch | 60 ++++++ > .../openldap-2.4.39/no-AM_INIT_AUTOMAKE.patch | 25 +++ > .../no-bdb-ABI-second-guessing.patch | 42 ++++ > .../openldap-2.4.39/sasl-default-path.patch | 55 +++++ > .../openldap/openldap-2.4.39/series | 21 ++ > .../openldap-2.4.39/slapi-errorlog-file.patch | 16 ++ > .../openldap-2.4.39/smbk5pwd-makefile.patch | 53 +++++ > ..._dlopenadvise-to-get-RTLD_GLOBAL-set.diff.patch | 40 ++++ > .../openldap-2.4.39/wrong-database-location.patch | 74 +++++++ > .../recipes-support/openldap/openldap_2.4.39.bb | 182 +++++++++++++++++ > 24 files changed, 1341 insertions(+) > create mode 100644 > meta-oe/recipes-support/openldap/openldap-2.4.39/add-tlscacert-option-to-ldap-conf.patch > create mode 100644 > meta-oe/recipes-support/openldap/openldap-2.4.39/autogroup-makefile.patch > create mode 100644 > meta-oe/recipes-support/openldap/openldap-2.4.39/contrib-modules-use-dpkg-buildflags.patch > create mode 100644 > meta-oe/recipes-support/openldap/openldap-2.4.39/do-not-second-guess-sonames.patch > create mode 100644 > meta-oe/recipes-support/openldap/openldap-2.4.39/evolution-ntlm.patch > create mode 100644 > meta-oe/recipes-support/openldap/openldap-2.4.39/fix-build-top-mk.patch > create mode 100644 > meta-oe/recipes-support/openldap/openldap-2.4.39/fix-ftbfs-binutils-gold.patch > create mode 100644 > meta-oe/recipes-support/openldap/openldap-2.4.39/getaddrinfo-is-threadsafe.patch > create mode 100644 > meta-oe/recipes-support/openldap/openldap-2.4.39/heimdal-fix.patch > create mode 100644 > meta-oe/recipes-support/openldap/openldap-2.4.39/index-files-created-as-root.patch > create mode 100644 > meta-oe/recipes-support/openldap/openldap-2.4.39/install-strip.patch > create mode 100644 > meta-oe/recipes-support/openldap/openldap-2.4.39/ldap-conf-tls-cacertdir.patch > create mode 100644 > meta-oe/recipes-support/openldap/openldap-2.4.39/ldapi-socket-place.patch > create mode 100644 > meta-oe/recipes-support/openldap/openldap-2.4.39/libldap-symbol-versions.patch > create mode 100644 > meta-oe/recipes-support/openldap/openldap-2.4.39/man-slapd.patch > create mode 100644 > meta-oe/recipes-support/openldap/openldap-2.4.39/no-AM_INIT_AUTOMAKE.patch > create mode 100644 > meta-oe/recipes-support/openldap/openldap-2.4.39/no-bdb-ABI-second-guessing.patch > create mode 100644 > meta-oe/recipes-support/openldap/openldap-2.4.39/sasl-default-path.patch > create mode 100644 meta-oe/recipes-support/openldap/openldap-2.4.39/series > create mode 100644 > meta-oe/recipes-support/openldap/openldap-2.4.39/slapi-errorlog-file.patch > create mode 100644 > meta-oe/recipes-support/openldap/openldap-2.4.39/smbk5pwd-makefile.patch > create mode 100644 > meta-oe/recipes-support/openldap/openldap-2.4.39/switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff.patch > create mode 100644 > meta-oe/recipes-support/openldap/openldap-2.4.39/wrong-database-location.patch > create mode 100644 meta-oe/recipes-support/openldap/openldap_2.4.39.bb > > diff --git > a/meta-oe/recipes-support/openldap/openldap-2.4.39/add-tlscacert-option-to-ldap-conf.patch > > b/meta-oe/recipes-support/openldap/openldap-2.4.39/add-tlscacert-option-to-ldap-conf.patch > new file mode 100644 > index 0000000..e8e731a > --- /dev/null > +++ > b/meta-oe/recipes-support/openldap/openldap-2.4.39/add-tlscacert-option-to-ldap-conf.patch > @@ -0,0 +1,10 @@ > +--- a/libraries/libldap/ldap.conf > ++++ b/libraries/libldap/ldap.conf > +@@ -11,3 +11,7 @@ > + #SIZELIMIT 12 > + #TIMELIMIT 15 > + #DEREF never > ++ > ++# TLS certificates (needed for GnuTLS) > ++TLS_CACERT /etc/ssl/certs/ca-certificates.crt > ++ > diff --git > a/meta-oe/recipes-support/openldap/openldap-2.4.39/autogroup-makefile.patch > b/meta-oe/recipes-support/openldap/openldap-2.4.39/autogroup-makefile.patch > new file mode 100644 > index 0000000..d3f56c3 > --- /dev/null > +++ > b/meta-oe/recipes-support/openldap/openldap-2.4.39/autogroup-makefile.patch > @@ -0,0 +1,35 @@ > +--- a/contrib/slapd-modules/autogroup/Makefile > ++++ b/contrib/slapd-modules/autogroup/Makefile > +@@ -2,11 +2,11 @@ > + > + LDAP_SRC = ../../.. > + LDAP_BUILD = ../../.. > +-LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include > -I$(LDAP_SRC)/servers/slapd > +-LDAP_LIB = $(LDAP_BUILD)/libraries/libldap_r/libldap_r.la \ > +- $(LDAP_BUILD)/libraries/liblber/liblber.la > ++LDAP_INC = -I$(LDAP_BUILD)/debian/build/include -I$(LDAP_BUILD)/include > -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd > ++LDAP_LIB = $(LDAP_BUILD)/debian/build/libraries/libldap_r/libldap_r.la \ > ++ $(LDAP_BUILD)/debian/build/libraries/liblber/liblber.la > + > +-LIBTOOL = $(LDAP_BUILD)/libtool > ++LIBTOOL = $(LDAP_BUILD)/debian/build/libtool > + CC = gcc > + OPT = -g -O2 -Wall > + DEFS = > +@@ -16,13 +16,13 @@ LIBS = $(LDAP_LIB) > + PROGRAMS = autogroup.la > + LTVER = 0:0:0 > + > +-prefix=/usr/local > ++prefix=/usr > + exec_prefix=$(prefix) > +-ldap_subdir=/openldap > ++ldap_subdir=/ldap > + > + libdir=$(exec_prefix)/lib > + libexecdir=$(exec_prefix)/libexec > +-moduledir = $(libexecdir)$(ldap_subdir) > ++moduledir = $(libdir)$(ldap_subdir) > + > + .SUFFIXES: .c .o .lo > + > diff --git > a/meta-oe/recipes-support/openldap/openldap-2.4.39/contrib-modules-use-dpkg-buildflags.patch > > b/meta-oe/recipes-support/openldap/openldap-2.4.39/contrib-modules-use-dpkg-buildflags.patch > new file mode 100644 > index 0000000..1b15529 > --- /dev/null > +++ > b/meta-oe/recipes-support/openldap/openldap-2.4.39/contrib-modules-use-dpkg-buildflags.patch > @@ -0,0 +1,40 @@ > +Description: pass CFLAGS to contrib builds > + $(CFLAGS) is missing from the compiler invocations for autogroup and > + smbk5pwd, which means they're not being hardened. > +Author: Simon Ruderich <[email protected]> > +Bug-Debian: http://bugs.debian.org/663724 > + > +--- a/contrib/slapd-modules/autogroup/Makefile > ++++ b/contrib/slapd-modules/autogroup/Makefile > +@@ -27,12 +27,12 @@ moduledir = $(libexecdir)$(ldap_subdir) > + .SUFFIXES: .c .o .lo > + > + .c.lo: > +- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $< > ++ $(LIBTOOL) --mode=compile $(CC) $(OPT) $(CFLAGS) $(DEFS) $(INCS) -c $< > + > + all: $(PROGRAMS) > + > + autogroup.la: autogroup.lo > +- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \ > ++ $(LIBTOOL) --mode=link $(CC) $(OPT) $(LDFLAGS) -version-info $(LTVER) \ > + -rpath $(moduledir) -module -o $@ $? $(LIBS) > + > + clean: > +--- a/contrib/slapd-modules/smbk5pwd/Makefile > ++++ b/contrib/slapd-modules/smbk5pwd/Makefile > +@@ -46,12 +46,12 @@ moduledir = $(libexecdir)$(ldap_subdir) > + .SUFFIXES: .c .o .lo > + > + .c.lo: > +- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $< > ++ $(LIBTOOL) --mode=compile $(CC) $(OPT) $(CFLAGS) $(DEFS) $(INCS) -c $< > + > + all: $(PROGRAMS) > + > + smbk5pwd.la: smbk5pwd.lo > +- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \ > ++ $(LIBTOOL) --mode=link $(CC) $(OPT) $(LDFLAGS) -version-info $(LTVER) \ > + -rpath $(moduledir) -module -o $@ $? $(LIBS) > + > + clean: > diff --git > a/meta-oe/recipes-support/openldap/openldap-2.4.39/do-not-second-guess-sonames.patch > > b/meta-oe/recipes-support/openldap/openldap-2.4.39/do-not-second-guess-sonames.patch > new file mode 100644 > index 0000000..31cf652 > --- /dev/null > +++ > b/meta-oe/recipes-support/openldap/openldap-2.4.39/do-not-second-guess-sonames.patch > @@ -0,0 +1,68 @@ > +Rip out code that second-guesses the libsasl soname / Debian shlibs. If > +cyrus sasl upstream is breaking the ABI, this needs to be fixed upstream > +there, not kludged around upstream here! > + > +Debian bug #546885 > + > +Upstream ITS #6302 filed. > + > +--- a/libraries/libldap/cyrus.c > ++++ b/libraries/libldap/cyrus.c > +@@ -74,28 +74,6 @@ int ldap_int_sasl_init( void ) > + /* XXX not threadsafe */ > + static int sasl_initialized = 0; > + > +-#ifdef HAVE_SASL_VERSION > +- /* stringify the version number, sasl.h doesn't do it for us */ > +-#define VSTR0(maj, min, pat) #maj "." #min "." #pat > +-#define VSTR(maj, min, pat) VSTR0(maj, min, pat) > +-#define SASL_VERSION_STRING VSTR(SASL_VERSION_MAJOR, SASL_VERSION_MINOR, \ > +- SASL_VERSION_STEP) > +- { int rc; > +- sasl_version( NULL, &rc ); > +- if ( ((rc >> 16) != ((SASL_VERSION_MAJOR << 8)|SASL_VERSION_MINOR)) || > +- (rc & 0xffff) < SASL_VERSION_STEP) { > +- char version[sizeof("xxx.xxx.xxxxx")]; > +- sprintf( version, "%u.%d.%d", (unsigned)rc >> 24, (rc >> 16) & > 0xff, > +- rc & 0xffff ); > +- > +- Debug( LDAP_DEBUG_ANY, > +- "ldap_int_sasl_init: SASL library version mismatch:" > +- " expected " SASL_VERSION_STRING "," > +- " got %s\n", version, 0, 0 ); > +- return -1; > +- } > +- } > +-#endif > + if ( sasl_initialized ) { > + return 0; > + } > +--- a/servers/slapd/sasl.c > ++++ b/servers/slapd/sasl.c > +@@ -1145,26 +1145,6 @@ int slap_sasl_init( void ) > + #endif > + > + #ifdef HAVE_CYRUS_SASL > +-#ifdef HAVE_SASL_VERSION > +- /* stringify the version number, sasl.h doesn't do it for us */ > +-#define VSTR0(maj, min, pat) #maj "." #min "." #pat > +-#define VSTR(maj, min, pat) VSTR0(maj, min, pat) > +-#define SASL_VERSION_STRING VSTR(SASL_VERSION_MAJOR, > SASL_VERSION_MINOR, \ > +- SASL_VERSION_STEP) > +- > +- sasl_version( NULL, &rc ); > +- if ( ((rc >> 16) != ((SASL_VERSION_MAJOR << 8)|SASL_VERSION_MINOR)) || > +- (rc & 0xffff) < SASL_VERSION_STEP) > +- { > +- char version[sizeof("xxx.xxx.xxxxx")]; > +- sprintf( version, "%u.%d.%d", (unsigned)rc >> 24, (rc >> 16) & > 0xff, > +- rc & 0xffff ); > +- Debug( LDAP_DEBUG_ANY, "slap_sasl_init: SASL library version > mismatch:" > +- " expected %s, got %s\n", > +- SASL_VERSION_STRING, version, 0 ); > +- return -1; > +- } > +-#endif > + > + sasl_set_mutex( > + ldap_pvt_sasl_mutex_new, > diff --git > a/meta-oe/recipes-support/openldap/openldap-2.4.39/evolution-ntlm.patch > b/meta-oe/recipes-support/openldap/openldap-2.4.39/evolution-ntlm.patch > new file mode 100644 > index 0000000..cd9bc26 > --- /dev/null > +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/evolution-ntlm.patch > @@ -0,0 +1,222 @@ > +Patch from evolution-exchange (2.10.3). The ldap_ntlm_bind function is > +actually called by evolution-data-server, checked at version 1.12.2. > +Without this patch, the Exchange addressbook integration uses simple binds > +with cleartext passwords. > + > +Russ checked with openldap-software for upstream's opinion on this patch > +on 2007-12-21. Upstream had never received it as a patch submission and > +given that it's apparently only for older Exchange servers that can't do > +SASL and DIGEST-MD5, it's not very appealing. > + > +Bug#457374 filed against evolution-data-server asking if this support is > +still required on 2007-12-21. > + > +--- a/include/ldap.h > ++++ b/include/ldap.h > +@@ -2517,5 +2517,25 @@ ldap_parse_deref_control LDAP_P(( > + LDAPControl **ctrls, > + LDAPDerefRes **drp )); > + > ++/* > ++ * hacks for NTLM > ++ */ > ++#define LDAP_AUTH_NTLM_REQUEST ((ber_tag_t) 0x8aU) > ++#define LDAP_AUTH_NTLM_RESPONSE ((ber_tag_t) 0x8bU) > ++LDAP_F( int ) > ++ldap_ntlm_bind LDAP_P(( > ++ LDAP *ld, > ++ LDAP_CONST char *dn, > ++ ber_tag_t tag, > ++ struct berval *cred, > ++ LDAPControl **sctrls, > ++ LDAPControl **cctrls, > ++ int *msgidp )); > ++LDAP_F( int ) > ++ldap_parse_ntlm_bind_result LDAP_P(( > ++ LDAP *ld, > ++ LDAPMessage *res, > ++ struct berval *challenge)); > ++ > + LDAP_END_DECL > + #endif /* _LDAP_H */ > +--- /dev/null > ++++ b/libraries/libldap/ntlm.c > +@@ -0,0 +1,138 @@ > ++/* $OpenLDAP: pkg/ldap/libraries/libldap/ntlm.c,v 1.1.4.10 2002/01/04 > 20:38:21 kurt Exp $ */ > ++/* > ++ * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved. > ++ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file > ++ */ > ++ > ++/* Mostly copied from sasl.c */ > ++ > ++#include "portable.h" > ++ > ++#include <stdlib.h> > ++#include <stdio.h> > ++ > ++#include <ac/socket.h> > ++#include <ac/string.h> > ++#include <ac/time.h> > ++#include <ac/errno.h> > ++ > ++#include "ldap-int.h" > ++ > ++int > ++ldap_ntlm_bind( > ++ LDAP *ld, > ++ LDAP_CONST char *dn, > ++ ber_tag_t tag, > ++ struct berval *cred, > ++ LDAPControl **sctrls, > ++ LDAPControl **cctrls, > ++ int *msgidp ) > ++{ > ++ BerElement *ber; > ++ int rc; > ++ ber_int_t id; > ++ > ++ Debug( LDAP_DEBUG_TRACE, "ldap_ntlm_bind\n", 0, 0, 0 ); > ++ > ++ assert( ld != NULL ); > ++ assert( LDAP_VALID( ld ) ); > ++ assert( msgidp != NULL ); > ++ > ++ if( msgidp == NULL ) { > ++ ld->ld_errno = LDAP_PARAM_ERROR; > ++ return ld->ld_errno; > ++ } > ++ > ++ /* create a message to send */ > ++ if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) { > ++ ld->ld_errno = LDAP_NO_MEMORY; > ++ return ld->ld_errno; > ++ } > ++ > ++ assert( LBER_VALID( ber ) ); > ++ > ++ LDAP_NEXT_MSGID( ld, id ); > ++ rc = ber_printf( ber, "{it{istON}" /*}*/, > ++ id, LDAP_REQ_BIND, > ++ ld->ld_version, dn, tag, > ++ cred ); > ++ > ++ /* Put Server Controls */ > ++ if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) { > ++ ber_free( ber, 1 ); > ++ return ld->ld_errno; > ++ } > ++ > ++ if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) { > ++ ld->ld_errno = LDAP_ENCODING_ERROR; > ++ ber_free( ber, 1 ); > ++ return ld->ld_errno; > ++ } > ++ > ++ /* send the message */ > ++ *msgidp = ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber, id ); > ++ > ++ if(*msgidp < 0) > ++ return ld->ld_errno; > ++ > ++ return LDAP_SUCCESS; > ++} > ++ > ++int > ++ldap_parse_ntlm_bind_result( > ++ LDAP *ld, > ++ LDAPMessage *res, > ++ struct berval *challenge) > ++{ > ++ ber_int_t errcode; > ++ ber_tag_t tag; > ++ BerElement *ber; > ++ ber_len_t len; > ++ > ++ Debug( LDAP_DEBUG_TRACE, "ldap_parse_ntlm_bind_result\n", 0, 0, 0 ); > ++ > ++ assert( ld != NULL ); > ++ assert( LDAP_VALID( ld ) ); > ++ assert( res != NULL ); > ++ > ++ if ( ld == NULL || res == NULL ) { > ++ return LDAP_PARAM_ERROR; > ++ } > ++ > ++ if( res->lm_msgtype != LDAP_RES_BIND ) { > ++ ld->ld_errno = LDAP_PARAM_ERROR; > ++ return ld->ld_errno; > ++ } > ++ > ++ if ( ld->ld_error ) { > ++ LDAP_FREE( ld->ld_error ); > ++ ld->ld_error = NULL; > ++ } > ++ if ( ld->ld_matched ) { > ++ LDAP_FREE( ld->ld_matched ); > ++ ld->ld_matched = NULL; > ++ } > ++ > ++ /* parse results */ > ++ > ++ ber = ber_dup( res->lm_ber ); > ++ > ++ if( ber == NULL ) { > ++ ld->ld_errno = LDAP_NO_MEMORY; > ++ return ld->ld_errno; > ++ } > ++ > ++ tag = ber_scanf( ber, "{ioa" /*}*/, > ++ &errcode, challenge, &ld->ld_error ); > ++ ber_free( ber, 0 ); > ++ > ++ if( tag == LBER_ERROR ) { > ++ ld->ld_errno = LDAP_DECODING_ERROR; > ++ return ld->ld_errno; > ++ } > ++ > ++ ld->ld_errno = errcode; > ++ > ++ return( ld->ld_errno ); > ++} > ++ > +--- a/libraries/libldap/Makefile.in > ++++ b/libraries/libldap/Makefile.in > +@@ -27,7 +27,7 @@ SRCS = bind.c open.c result.c error.c co > + init.c options.c print.c string.c util-int.c schema.c \ > + charray.c os-local.c dnssrv.c utf-8.c utf-8-conv.c \ > + tls2.c tls_o.c tls_g.c tls_m.c \ > +- turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c \ > ++ turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c ntlm.c \ > + assertion.c deref.c ldif.c fetch.c > + > + OBJS = bind.lo open.lo result.lo error.lo compare.lo search.lo \ > +@@ -40,7 +40,7 @@ OBJS = bind.lo open.lo result.lo error.l > + init.lo options.lo print.lo string.lo util-int.lo schema.lo \ > + charray.lo os-local.lo dnssrv.lo utf-8.lo utf-8-conv.lo \ > + tls2.lo tls_o.lo tls_g.lo tls_m.lo \ > +- turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo \ > ++ turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo ntlm.lo \ > + assertion.lo deref.lo ldif.lo fetch.lo > + > + LDAP_INCDIR= ../../include > +--- a/libraries/libldap_r/Makefile.in > ++++ b/libraries/libldap_r/Makefile.in > +@@ -29,7 +29,7 @@ XXSRCS = apitest.c test.c \ > + init.c options.c print.c string.c util-int.c schema.c \ > + charray.c os-local.c dnssrv.c utf-8.c utf-8-conv.c \ > + tls2.c tls_o.c tls_g.c tls_m.c \ > +- turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c \ > ++ turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c ntlm.c \ > + assertion.c deref.c ldif.c fetch.c > + SRCS = threads.c rdwr.c rmutex.c tpool.c rq.c \ > + thr_posix.c thr_cthreads.c thr_thr.c thr_nt.c \ > +@@ -47,7 +47,7 @@ OBJS = threads.lo rdwr.lo rmutex.lo tpoo > + init.lo options.lo print.lo string.lo util-int.lo schema.lo \ > + charray.lo os-local.lo dnssrv.lo utf-8.lo utf-8-conv.lo \ > + tls2.lo tls_o.lo tls_g.lo tls_m.lo \ > +- turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo \ > ++ turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo ntlm.lo \ > + assertion.lo deref.lo ldif.lo fetch.lo > + > + LDAP_INCDIR= ../../include > diff --git > a/meta-oe/recipes-support/openldap/openldap-2.4.39/fix-build-top-mk.patch > b/meta-oe/recipes-support/openldap/openldap-2.4.39/fix-build-top-mk.patch > new file mode 100644 > index 0000000..418fe35 > --- /dev/null > +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/fix-build-top-mk.patch > @@ -0,0 +1,11 @@ > +--- a/build/top.mk > ++++ b/build/top.mk > +@@ -20,7 +20,7 @@ > + RELEASEDATE= @OPENLDAP_RELEASE_DATE@ > + > + @SET_MAKE@ > +-SHELL = /bin/sh > ++SHELL = @SHELL@ > + > + top_builddir = @top_builddir@ > + > diff --git > a/meta-oe/recipes-support/openldap/openldap-2.4.39/fix-ftbfs-binutils-gold.patch > > b/meta-oe/recipes-support/openldap/openldap-2.4.39/fix-ftbfs-binutils-gold.patch > new file mode 100644 > index 0000000..1f0ca88 > --- /dev/null > +++ > b/meta-oe/recipes-support/openldap/openldap-2.4.39/fix-ftbfs-binutils-gold.patch > @@ -0,0 +1,64 @@ > +--- a/configure.in > ++++ b/configure.in > +@@ -1214,7 +1214,7 @@ if test $ol_link_tls = no ; then > + ol_with_tls=gnutls > + ol_link_tls=yes > + > +- TLS_LIBS="-lgnutls" > ++ TLS_LIBS="-lgnutls -lgcrypt" > + > + AC_DEFINE(HAVE_GNUTLS, 1, > + [define if you have GNUtls]) > +--- a/libraries/libldap/Makefile.in > ++++ b/libraries/libldap/Makefile.in > +@@ -51,21 +51,21 @@ LIB_DEFS = -DLDAP_LIBRARY > + XLIBS = $(LIBRARY) $(LDAP_LIBLBER_LA) $(LDAP_LIBLUTIL_A) > + XXLIBS = $(SECURITY_LIBS) $(LUTIL_LIBS) > + NT_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) > +-UNIX_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) > ++UNIX_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) $(TLS_LIBS) > + ifneq (,$(VERSION_OPTION)) > + VERSION_FLAGS = $(VERSION_OPTION)$(srcdir)/libldap.map > + endif > + > + apitest: $(XLIBS) apitest.o > +- $(LTLINK) -o $@ apitest.o $(LIBS) > ++ $(LTLINK) -o $@ apitest.o $(LIBS) $(TLS_LIBS) > + dntest: $(XLIBS) dntest.o > +- $(LTLINK) -o $@ dntest.o $(LIBS) > ++ $(LTLINK) -o $@ dntest.o $(LIBS) $(TLS_LIBS) > + ftest: $(XLIBS) ftest.o > +- $(LTLINK) -o $@ ftest.o $(LIBS) > ++ $(LTLINK) -o $@ ftest.o $(LIBS) $(TLS_LIBS) > + ltest: $(XLIBS) test.o > +- $(LTLINK) -o $@ test.o $(LIBS) > ++ $(LTLINK) -o $@ test.o $(LIBS) $(TLS_LIBS) > + urltest: $(XLIBS) urltest.o > +- $(LTLINK) -o $@ urltest.o $(LIBS) > ++ $(LTLINK) -o $@ urltest.o $(LIBS) $(TLS_LIBS) > + > + CFFILES=ldap.conf > + > +--- a/libraries/libldap_r/Makefile.in > ++++ b/libraries/libldap_r/Makefile.in > +@@ -60,7 +60,7 @@ XLIBS = $(LIBRARY) $(LDAP_LIBLBER_LA) $( > + XXLIBS = $(SECURITY_LIBS) $(LUTIL_LIBS) > + XXXLIBS = $(LTHREAD_LIBS) > + NT_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) > +-UNIX_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) > $(LTHREAD_LIBS) > ++UNIX_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) > $(LTHREAD_LIBS) $(TLS_LIBS) > + ifneq (,$(VERSION_OPTION)) > + VERSION_FLAGS = "$(VERSION_OPTION)$(XXDIR)/libldap.map" > + endif > +@@ -80,9 +80,9 @@ clean-local: FORCE > + depend-common: .links > + > + apitest: $(XLIBS) apitest.o > +- $(LTLINK) -o $@ apitest.o $(LIBS) > ++ $(LTLINK) -o $@ apitest.o $(LIBS) $(TLS_LIBS) > + ltest: $(XLIBS) test.o > +- $(LTLINK) -o $@ test.o $(LIBS) > ++ $(LTLINK) -o $@ test.o $(LIBS) $(TLS_LIBS) > + > + install-local: $(CFFILES) FORCE > + -$(MKDIR) $(DESTDIR)$(libdir) > diff --git > a/meta-oe/recipes-support/openldap/openldap-2.4.39/getaddrinfo-is-threadsafe.patch > > b/meta-oe/recipes-support/openldap/openldap-2.4.39/getaddrinfo-is-threadsafe.patch > new file mode 100644 > index 0000000..ab6e2b7 > --- /dev/null > +++ > b/meta-oe/recipes-support/openldap/openldap-2.4.39/getaddrinfo-is-threadsafe.patch > @@ -0,0 +1,43 @@ > +Author: Steve Langasek <[email protected]> > + > +OpenLDAP upstream conservatively assumes that certain resolver functions > +(getaddrinfo, getnameinfo, res_query, dn_expand) are not re-entrant; but we > +know that the glibc implementations of these functions are thread-safe, so > +we should bypass the use of this mutex. This fixes a locking problem when > +an application uses libldap and libnss-ldap is also used for hosts > +resolution. > + > +Closes Debian bug #340601. > + > +Not suitable for forwarding upstream; might be made suitable by adding a > +configure-time check for glibc and disabling the mutex only on known > +thread-safe implementations. > + > +--- a/libraries/libldap/os-ip.c > ++++ b/libraries/libldap/os-ip.c > +@@ -602,13 +602,7 @@ ldap_connect_to_host(LDAP *ld, Sockbuf * > + hints.ai_socktype = socktype; > + snprintf(serv, sizeof serv, "%d", port ); > + > +- /* most getaddrinfo(3) use non-threadsafe resolver libraries */ > +- LDAP_MUTEX_LOCK(&ldap_int_resolv_mutex); > +- > + err = getaddrinfo( host, serv, &hints, &res ); > +- > +- LDAP_MUTEX_UNLOCK(&ldap_int_resolv_mutex); > +- > + if ( err != 0 ) { > + osip_debug(ld, "ldap_connect_to_host: getaddrinfo failed: %s\n", > + AC_GAI_STRERROR(err), 0, 0); > +--- a/libraries/libldap/util-int.c > ++++ b/libraries/libldap/util-int.c > +@@ -431,9 +431,7 @@ int ldap_pvt_get_hname( > + int rc; > + #if defined( HAVE_GETNAMEINFO ) > + > +- LDAP_MUTEX_LOCK( &ldap_int_resolv_mutex ); > + rc = getnameinfo( sa, len, name, namelen, NULL, 0, 0 ); > +- LDAP_MUTEX_UNLOCK( &ldap_int_resolv_mutex ); > + if ( rc ) *err = (char *)AC_GAI_STRERROR( rc ); > + return rc; > + > diff --git > a/meta-oe/recipes-support/openldap/openldap-2.4.39/heimdal-fix.patch > b/meta-oe/recipes-support/openldap/openldap-2.4.39/heimdal-fix.patch > new file mode 100644 > index 0000000..4aad47c > --- /dev/null > +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/heimdal-fix.patch > @@ -0,0 +1,23 @@ > +Author: Mattias Ellert <[email protected]> > +Description: adapt parameters of hdb_generate_key_set_password() to heimdal > 1.6~git20120311 > + . > + With version heimdal 1.6~git20120311 heimdal schanged the number of > parameters > + of function hdb_generate_key_set_password(), implementing a fallback to > "default" > + values when NULL-values are passed for these parameters. > + . > + This patch does exactly that. > + . > +Bug-Debian: 664930 > +Reviewed-by: Peter Marschall <[email protected]> > + > +--- a/contrib/slapd-modules/smbk5pwd/smbk5pwd.c > ++++ b/contrib/slapd-modules/smbk5pwd/smbk5pwd.c > +@@ -470,7 +470,7 @@ static int smbk5pwd_exop_passwd( > + } > + > + ret = hdb_generate_key_set_password(context, ent.principal, > +- qpw->rs_new.bv_val, &ent.keys.val, &nkeys); > ++ qpw->rs_new.bv_val, NULL, 0, &ent.keys.val, &nkeys); > + ent.keys.len = nkeys; > + hdb_seal_keys(context, db, &ent); > + krb5_free_principal( context, ent.principal ); > diff --git > a/meta-oe/recipes-support/openldap/openldap-2.4.39/index-files-created-as-root.patch > > b/meta-oe/recipes-support/openldap/openldap-2.4.39/index-files-created-as-root.patch > new file mode 100644 > index 0000000..47fc88a > --- /dev/null > +++ > b/meta-oe/recipes-support/openldap/openldap-2.4.39/index-files-created-as-root.patch > @@ -0,0 +1,37 @@ > +Document in the man page that slapindex should be run as the same user > +as slapd, and print a warning if it's run as root (since Debian defaults > +to running slapd as openldap). > + > +Not suitable for upstream in this form. This patch needs to be reworked > +to check the BerkeleyDB database ownership and only warn if running as > +root with a database that's not owned by root. > + > +Upstream ITS #5356 filed requesting better handling of this. Current > +upstream discussion leans towards putting the check into the database > +backend and aborting if slapd is run as a different user than the database > +owner, which is an even better fix. > + > +--- a/doc/man/man8/slapindex.8 > ++++ b/doc/man/man8/slapindex.8 > +@@ -148,6 +148,10 @@ > + should not be running (at least, not in read-write > + mode) when you do this to ensure consistency of the database. > + .LP > ++slapindex ought to be run as the user specified for > ++.BR slapd (8) > ++to ensure correct database permissions. > ++.LP > + This command provides ample opportunity for the user to obtain > + and drink their favorite beverage. > + .SH EXAMPLES > +--- a/servers/slapd/slapindex.c > ++++ b/servers/slapd/slapindex.c > +@@ -34,6 +34,8 @@ > + int > + slapindex( int argc, char **argv ) > + { > ++ if (geteuid() == 0) > ++ fprintf( stderr, "\nWARNING!\nRunnig as root!\nThere's a fair > chance slapd will fail to start.\nCheck file permissions!\n\n"); > + ID id; > + int rc = EXIT_SUCCESS; > + const char *progname = "slapindex"; > diff --git > a/meta-oe/recipes-support/openldap/openldap-2.4.39/install-strip.patch > b/meta-oe/recipes-support/openldap/openldap-2.4.39/install-strip.patch > new file mode 100644 > index 0000000..2992b70 > --- /dev/null > +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/install-strip.patch > @@ -0,0 +1,14 @@ > +# This patch ensures that the install operations which strip > +# programs and libraries (LTINSTALL) work in a cross build > +# environment. > +--- openldap-2.2.24/.pc/install-strip.patch/build/top.mk 2005-01-20 > 09:00:55.000000000 -0800 > ++++ openldap-2.2.24/build/top.mk 2005-04-16 13:48:20.536710376 -0700 > +@@ -116,7 +116,7 @@ > + LTLINK_MOD = $(LIBTOOL) $(LTONLY_MOD) --mode=link \ > + $(CC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS_MOD) > + > +-LTINSTALL = $(LIBTOOL) --mode=install $(INSTALL) > ++LTINSTALL = STRIPPROG="" $(LIBTOOL) --mode=install > $(top_srcdir)/contrib/ldapc++/install-sh -c > + LTFINISH = $(LIBTOOL) --mode=finish > + > + # Misc UNIX commands used in build environment > diff --git > a/meta-oe/recipes-support/openldap/openldap-2.4.39/ldap-conf-tls-cacertdir.patch > > b/meta-oe/recipes-support/openldap/openldap-2.4.39/ldap-conf-tls-cacertdir.patch > new file mode 100644 > index 0000000..e8aab91 > --- /dev/null > +++ > b/meta-oe/recipes-support/openldap/openldap-2.4.39/ldap-conf-tls-cacertdir.patch > @@ -0,0 +1,29 @@ > +--- a/doc/man/man5/ldap.conf.5 > ++++ b/doc/man/man5/ldap.conf.5 > +@@ -317,7 +317,7 @@ certificates in separate individual file > + .B TLS_CACERT > + is always used before > + .B TLS_CACERTDIR. > +-This parameter is ignored with GnuTLS. > ++This parameter is ignored with GnuTLS. On Debian openldap is linked against > GnuTLS. > + > + When using Mozilla NSS, <path> may contain a Mozilla NSS cert/key > + database. If <path> contains a Mozilla NSS cert/key database and > +@@ -428,7 +428,7 @@ This parameter is ignored with GnuTLS. > + Specifies the file to obtain random bits from when /dev/[u]random is > + not available. Generally set to the name of the EGD/PRNGD socket. > + The environment variable RANDFILE can also be used to specify the filename. > +-This parameter is ignored with GnuTLS and Mozilla NSS. > ++This parameter is ignored with GnuTLS and Mozilla NSS. On Debian openldap > is linked against GnuTLS. > + .TP > + .B TLS_REQCERT <level> > + Specifies what checks to perform on server certificates in a TLS session, > +@@ -461,7 +461,7 @@ Specifies if the Certificate Revocation > + used to verify if the server certificates have not been revoked. This > + requires > + .B TLS_CACERTDIR > +-parameter to be set. This parameter is ignored with GnuTLS and Mozilla NSS. > ++parameter to be set. This parameter is ignored with GnuTLS and Mozilla NSS. > On Debian openldap is linked against GnuTLS. > + .B <level> > + can be specified as one of the following keywords: > + .RS > diff --git > a/meta-oe/recipes-support/openldap/openldap-2.4.39/ldapi-socket-place.patch > b/meta-oe/recipes-support/openldap/openldap-2.4.39/ldapi-socket-place.patch > new file mode 100644 > index 0000000..a482bbf > --- /dev/null > +++ > b/meta-oe/recipes-support/openldap/openldap-2.4.39/ldapi-socket-place.patch > @@ -0,0 +1,16 @@ > +Move the ldapi socket to /var/run/slapd from /var/run, since /var/run > +is only writable by root and slapd runs as openldap. > + > +Debian-specific. > + > +--- a/include/ldap_defaults.h > ++++ b/include/ldap_defaults.h > +@@ -39,7 +39,7 @@ > + #define LDAP_ENV_PREFIX "LDAP" > + > + /* default ldapi:// socket */ > +-#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "run" LDAP_DIRSEP "ldapi" > ++#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "run" LDAP_DIRSEP "slapd" > LDAP_DIRSEP "ldapi" > + > + /* > + * SLAPD DEFINITIONS > diff --git > a/meta-oe/recipes-support/openldap/openldap-2.4.39/libldap-symbol-versions.patch > > b/meta-oe/recipes-support/openldap/openldap-2.4.39/libldap-symbol-versions.patch > new file mode 100644 > index 0000000..fb28f49 > --- /dev/null > +++ > b/meta-oe/recipes-support/openldap/openldap-2.4.39/libldap-symbol-versions.patch > @@ -0,0 +1,161 @@ > +Add symbol versioning to the public LDAP libraries. This is required for > +library transitions, such as the current transition from 2.1 to 2.4, > +since programs will sometimes have both libraries loaded by different > +dependency chains during the transition. > + > +Not yet contributed upstream. > + > +Upstream ITS #5365 filed requesting symbol versioning for libldap and > +libber. > + > +--- a/libraries/libldap_r/Makefile.in > ++++ b/libraries/libldap_r/Makefile.in > +@@ -61,6 +61,9 @@ XXLIBS = $(SECURITY_LIBS) $(LUTIL_LIBS) > + XXXLIBS = $(LTHREAD_LIBS) > + NT_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) > + UNIX_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) > $(LTHREAD_LIBS) > ++ifneq (,$(VERSION_OPTION)) > ++ VERSION_FLAGS = "$(VERSION_OPTION)$(XXDIR)/libldap.map" > ++endif > + > + .links : Makefile > + @for i in $(XXSRCS); do \ > +--- a/build/top.mk > ++++ b/build/top.mk > +@@ -104,6 +104,9 @@ LTFLAGS_MOD = $(@PLAT@_LTFLAGS_MOD) > + # LINK_LIBS referenced in library and module link commands. > + LINK_LIBS = $(MOD_LIBS) $(@PLAT@_LINK_LIBS) > + > ++# option to pass to $(CC) to support library symbol versioning, if any > ++VERSION_OPTION = @VERSION_OPTION@ > ++ > + LTSTATIC = @LTSTATIC@ > + > + LTLINK = $(LIBTOOL) --mode=link \ > +@@ -113,7 +116,7 @@ LTCOMPILE_LIB = $(LIBTOOL) $(LTONLY_LIB) > + $(CC) $(LT_CFLAGS) $(LT_CPPFLAGS) $(LIB_DEFS) -c > + > + LTLINK_LIB = $(LIBTOOL) $(LTONLY_LIB) --mode=link \ > +- $(CC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS_LIB) > ++ $(CC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS_LIB) $(VERSION_FLAGS) > + > + LTCOMPILE_MOD = $(LIBTOOL) $(LTONLY_MOD) --mode=compile \ > + $(CC) $(LT_CFLAGS) $(LT_CPPFLAGS) $(MOD_DEFS) -c > +--- a/build/openldap.m4 > ++++ b/build/openldap.m4 > +@@ -1136,3 +1136,54 @@ AC_DEFUN([OL_SSL_COMPAT], > + #endif > + ], [ol_cv_ssl_crl_compat=yes], [ol_cv_ssl_crl_compat=no])]) > + ]) > ++ > ++dnl ==================================================================== > ++dnl check for symbol versioning support > ++AC_DEFUN([OL_SYMBOL_VERSIONING], > ++[AC_CACHE_CHECK([for .symver assembler directive], > ++ [ol_cv_asm_symver_directive],[ > ++cat > conftest.s <<EOF > ++${libc_cv_dot_text} > ++_sym: > ++.symver _sym,sym@VERS > ++EOF > ++if ${CC-cc} -c $ASFLAGS conftest.s 1>&AS_MESSAGE_LOG_FD > 2>&AS_MESSAGE_LOG_FD; then > ++ ol_cv_asm_symver_directive=yes > ++else > ++ ol_cv_asm_symver_directive=no > ++fi > ++rm -f conftest*]) > ++AC_CACHE_CHECK([for ld --version-script], > ++ [ol_cv_ld_version_script_option],[ > ++if test $ol_cv_asm_symver_directive = yes; then > ++ cat > conftest.s <<EOF > ++${libc_cv_dot_text} > ++_sym: > ++.symver _sym,sym@VERS > ++EOF > ++ cat > conftest.map <<EOF > ++VERS_1 { > ++ global: sym; > ++}; > ++ > ++VERS_2 { > ++ global: sym; > ++} VERS_1; > ++EOF > ++ if ${CC-cc} -c $ASFLAGS conftest.s 1>&AS_MESSAGE_LOG_FD > 2>&AS_MESSAGE_LOG_FD; then > ++ if AC_TRY_COMMAND([${CC-cc} $CFLAGS $LDFLAGS -shared > ++ -o conftest.so conftest.o > ++ > -Wl,--version-script,conftest.map > ++ 1>&AS_MESSAGE_LOG_FD]); > ++ then > ++ ol_cv_ld_version_script_option=yes > ++ else > ++ ol_cv_ld_version_script_option=no > ++ fi > ++ else > ++ ol_cv_ld_version_script_option=no > ++ fi > ++else > ++ ol_cv_ld_version_script_option=no > ++fi > ++rm -f conftest*])]) > +--- a/configure.in > ++++ b/configure.in > +@@ -1909,6 +1909,13 @@ else > + fi > + AC_SUBST(LTSTATIC)dnl > + > ++VERSION_OPTION="" > ++OL_SYMBOL_VERSIONING > ++if test $ol_cv_ld_version_script_option = yes ; then > ++ VERSION_OPTION="-Wl,--version-script=" > ++fi > ++AC_SUBST(VERSION_OPTION) > ++ > + dnl ---------------------------------------------------------------- > + if test $ol_enable_wrappers != no ; then > + AC_CHECK_HEADERS(tcpd.h,[ > +--- /dev/null > ++++ b/libraries/libldap/libldap.map > +@@ -0,0 +1,7 @@ > ++OPENLDAP_2.4_2 { > ++ global: > ++ ldap_*; > ++ ldif_*; > ++ local: > ++ *; > ++}; > +--- a/libraries/libldap/Makefile.in > ++++ b/libraries/libldap/Makefile.in > +@@ -52,6 +52,9 @@ XLIBS = $(LIBRARY) $(LDAP_LIBLBER_LA) $( > + XXLIBS = $(SECURITY_LIBS) $(LUTIL_LIBS) > + NT_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) > + UNIX_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) > ++ifneq (,$(VERSION_OPTION)) > ++ VERSION_FLAGS = $(VERSION_OPTION)$(srcdir)/libldap.map > ++endif > + > + apitest: $(XLIBS) apitest.o > + $(LTLINK) -o $@ apitest.o $(LIBS) > +--- a/libraries/liblber/Makefile.in > ++++ b/libraries/liblber/Makefile.in > +@@ -38,6 +38,9 @@ XLIBS = $(LIBRARY) $(LDAP_LIBLUTIL_A) > + XXLIBS = > + NT_LINK_LIBS = $(AC_LIBS) > + UNIX_LINK_LIBS = $(AC_LIBS) > ++ifneq (,$(VERSION_OPTION)) > ++ VERSION_FLAGS = "$(VERSION_OPTION)$(srcdir)/liblber.map" > ++endif > + > + dtest: $(XLIBS) dtest.o > + $(LTLINK) -o $@ dtest.o $(LIBS) > +--- /dev/null > ++++ b/libraries/liblber/liblber.map > +@@ -0,0 +1,8 @@ > ++OPENLDAP_2.4_2 { > ++ global: > ++ ber_*; > ++ der_alloc; > ++ lutil_*; > ++ local: > ++ *; > ++}; > diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/man-slapd.patch > b/meta-oe/recipes-support/openldap/openldap-2.4.39/man-slapd.patch > new file mode 100644 > index 0000000..5f55137 > --- /dev/null > +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/man-slapd.patch > @@ -0,0 +1,60 @@ > +Patch the slapd man page to not refer to a header file that isn't > +installed with the slapd package and to reference the correct path > +for slapd. > + > +Debian-specific. > + > +--- a/doc/man/man8/slapd.8 > ++++ b/doc/man/man8/slapd.8 > +@@ -5,7 +5,7 @@ > + .SH NAME > + slapd \- Stand-alone LDAP Daemon > + .SH SYNOPSIS > +-.B LIBEXECDIR/slapd > ++.B /usr/sbin/slapd > + [\c > + .BR \-4 | \-6 ] > + [\c > +@@ -103,11 +103,10 @@ > + will not fork or disassociate from the invoking terminal. Some general > + operation and status messages are printed for any value of > \fIdebug-level\fP. > + \fIdebug-level\fP is taken as a bit string, with each bit corresponding to a > +-different kind of debugging information. See <ldap_log.h> for details. > +-Comma-separated arrays of friendly names can be specified to select > +-debugging output of the corresponding debugging information. > +-All the names recognized by the \fIloglevel\fP directive > +-described in \fBslapd.conf\fP(5) are supported. > ++different kind of debugging information. Comma-separated arrays of friendly > ++names can be specified to select debugging output of the corresponding > ++debugging information. All the names recognized by the \fIloglevel\fP > ++directive described in \fBslapd.conf\fP(5) are supported. > + If \fIdebug-level\fP is \fB?\fP, a list of installed debug-levels is > printed, > + and slapd exits. > + > +@@ -317,7 +316,7 @@ > + .LP > + .nf > + .ft tt > +- LIBEXECDIR/slapd > ++ /usr/sbin/slapd > + .ft > + .fi > + .LP > +@@ -328,7 +327,7 @@ > + .LP > + .nf > + .ft tt > +- LIBEXECDIR/slapd \-f /var/tmp/slapd.conf \-d 255 > ++ /usr/sbin/slapd \-f /var/tmp/slapd.conf \-d 255 > + .ft > + .fi > + .LP > +@@ -336,7 +335,7 @@ > + .LP > + .nf > + .ft tt > +- LIBEXECDIR/slapd \-Tt > ++ /usr/sbin/slapd \-Tt > + .ft > + .fi > + .LP > diff --git > a/meta-oe/recipes-support/openldap/openldap-2.4.39/no-AM_INIT_AUTOMAKE.patch > b/meta-oe/recipes-support/openldap/openldap-2.4.39/no-AM_INIT_AUTOMAKE.patch > new file mode 100644 > index 0000000..8e7812d > --- /dev/null > +++ > b/meta-oe/recipes-support/openldap/openldap-2.4.39/no-AM_INIT_AUTOMAKE.patch > @@ -0,0 +1,25 @@ > +Description: don't use AM_INIT_AUTOMAKE macro when we aren't using automake > + Calling AM_INIT_AUTOMAKE() in configure.in serves no purpose if we're not > + using automake, and it confuses autoreconf. Use AC_INIT() instead. > +Author: Steve Langasek <[email protected]> > + > +--- a/configure.in > ++++ b/configure.in > +@@ -26,7 +26,8 @@ dnl Configure.in for OpenLDAP > + AC_COPYRIGHT([[Copyright 1998-2014 The OpenLDAP Foundation. All rights > reserved. > + Restrictions apply, see COPYRIGHT and LICENSE files.]]) > + AC_REVISION([$Id: 81bd528fb5194c83d688db355737b7715448b958 $]) > +-AC_INIT([OpenLDAP],,[http://www.openldap.org/its/]) > ++AC_INIT([OpenLDAP],[$OL_VERSION],[http://www.openldap.org/its/]) > ++AC_PROG_MAKE_SET > + m4_define([AC_PACKAGE_BUGREPORT],[<http://www.openldap.org/its/>]) > + AC_CONFIG_SRCDIR(build/version.sh)dnl > + dnl ---------------------------------------------------------------- > +@@ -69,7 +70,6 @@ dnl Determine host platform > + dnl we try not to use this for much > + AC_CANONICAL_TARGET([]) > + > +-AM_INIT_AUTOMAKE([$OL_PACKAGE],[$OL_VERSION], [no defines])dnl > + AC_SUBST(PACKAGE)dnl > + AC_SUBST(VERSION)dnl > + AC_DEFINE_UNQUOTED(OPENLDAP_PACKAGE,"$PACKAGE",Package) > diff --git > a/meta-oe/recipes-support/openldap/openldap-2.4.39/no-bdb-ABI-second-guessing.patch > > b/meta-oe/recipes-support/openldap/openldap-2.4.39/no-bdb-ABI-second-guessing.patch > new file mode 100644 > index 0000000..db76aa7 > --- /dev/null > +++ > b/meta-oe/recipes-support/openldap/openldap-2.4.39/no-bdb-ABI-second-guessing.patch > @@ -0,0 +1,42 @@ > +Author: Steve Langasek <[email protected]> > +Description: don't second-guess BDB ABI > + OpenLDAP upstream conservatively assumes that any change to the version > + number of libdb can result in an API-breaking change that could impact > + the database. In Debian, we know that such changes require bumping the > + library soname and changing the package name, and demand such rigor from > + our package maintainers even when upstreams don't deliver; so any such > + check in the source code works against the packaging system by forcing > + database upgrades when we know none are required. Disable this check > + so we rely on the packaging system to do its job. > +Bug-Debian: http://bugs.debian.org/651333 > +Forwarded: not-needed > + > +--- a/servers/slapd/back-bdb/init.c > ++++ b/servers/slapd/back-bdb/init.c > +@@ -762,7 +762,7 @@ bdb_back_initialize( > + bi->bi_controls = controls; > + > + { /* version check */ > +- int major, minor, patch, ver; > ++ int major, minor, patch; > + char *version = db_version( &major, &minor, &patch ); > + #ifdef HAVE_EBCDIC > + char v2[1024]; > +@@ -776,17 +776,6 @@ bdb_back_initialize( > + version = v2; > + #endif > + > +- ver = (major << 24) | (minor << 16) | patch; > +- if( ver != DB_VERSION_FULL ) { > +- /* fail if a versions don't match */ > +- Debug( LDAP_DEBUG_ANY, > +- LDAP_XSTRING(bdb_back_initialize) ": " > +- "BDB library version mismatch:" > +- " expected " DB_VERSION_STRING "," > +- " got %s\n", version, 0, 0 ); > +- return -1; > +- } > +- > + Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_back_initialize) > + ": %s\n", version, 0, 0 ); > + } > diff --git > a/meta-oe/recipes-support/openldap/openldap-2.4.39/sasl-default-path.patch > b/meta-oe/recipes-support/openldap/openldap-2.4.39/sasl-default-path.patch > new file mode 100644 > index 0000000..5ea240f > --- /dev/null > +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/sasl-default-path.patch > @@ -0,0 +1,55 @@ > +Add /etc/ldap/sasl2 to the SASL configuration search path. > + > +Not submitted upstream. Somewhat Debian-specific and probably not of > +interest upstream. > + > +--- a/include/ldap_defaults.h > ++++ b/include/ldap_defaults.h > +@@ -63,4 +63,6 @@ > + /* dn of the default "monitor" subentry */ > + #define SLAPD_MONITOR_DN "cn=Monitor" > + > ++#define SASL_CONFIGPATH LDAP_SYSCONFDIR LDAP_DIRSEP > "sasl2" > ++ > + #endif /* _LDAP_CONFIG_H */ > +--- a/servers/slapd/sasl.c > ++++ b/servers/slapd/sasl.c > +@@ -1103,12 +1103,38 @@ static const rewrite_mapper slapd_mapper > + }; > + #endif > + > ++static int > ++slap_sasl_getconfpath( void * context, char ** path ) > ++{ > ++ char * sasl_default_configpath; > ++ size_t len; > ++ > ++#if SASL_VERSION_MAJOR >= 2 > ++ sasl_default_configpath = "/usr/lib/sasl2"; > ++#else > ++ sasl_default_configpath = "/usr/lib/sasl"; > ++#endif > ++ > ++ len = strlen(SASL_CONFIGPATH) + 1 /* colon */ + > ++ strlen(sasl_default_configpath) + 1 /* \0 */; > ++ *path = malloc( len ); > ++ if ( *path == NULL ) > ++ return SASL_FAIL; > ++ > ++ if (snprintf( *path, len, "%s:%s", SASL_CONFIGPATH, > ++ sasl_default_configpath ) != len-1 ) > ++ return SASL_FAIL; > ++ > ++ return SASL_OK; > ++} > ++ > + int slap_sasl_init( void ) > + { > + #ifdef HAVE_CYRUS_SASL > + int rc; > + static sasl_callback_t server_callbacks[] = { > + { SASL_CB_LOG, &slap_sasl_log, NULL }, > ++ { SASL_CB_GETCONFPATH, &slap_sasl_getconfpath, NULL }, > + { SASL_CB_GETOPT, &slap_sasl_getopt, NULL }, > + { SASL_CB_LIST_END, NULL, NULL } > + }; > diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/series > b/meta-oe/recipes-support/openldap/openldap-2.4.39/series > new file mode 100644 > index 0000000..2f47de3 > --- /dev/null > +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/series > @@ -0,0 +1,21 @@ > +man-slapd > +evolution-ntlm > +slapi-errorlog-file > +ldapi-socket-place > +wrong-database-location > +index-files-created-as-root > +sasl-default-path > +libldap-symbol-versions > +getaddrinfo-is-threadsafe > +do-not-second-guess-sonames > +contrib-modules-use-dpkg-buildflags > +smbk5pwd-makefile > +autogroup-makefile > +ldap-conf-tls-cacertdir > +add-tlscacert-option-to-ldap-conf > +fix-ftbfs-binutils-gold > +fix-build-top-mk > +no-AM_INIT_AUTOMAKE > +switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff > +no-bdb-ABI-second-guessing > +heimdal-fix > diff --git > a/meta-oe/recipes-support/openldap/openldap-2.4.39/slapi-errorlog-file.patch > b/meta-oe/recipes-support/openldap/openldap-2.4.39/slapi-errorlog-file.patch > new file mode 100644 > index 0000000..4899451 > --- /dev/null > +++ > b/meta-oe/recipes-support/openldap/openldap-2.4.39/slapi-errorlog-file.patch > @@ -0,0 +1,16 @@ > +The slapi error log file defaults to /var/errors given our setting > +of --localstatedir. Move it to /var/log/slapi-errors instead. > + > +Debian-specific. > + > +--- a/servers/slapd/slapi/slapi_overlay.c > ++++ b/servers/slapd/slapi/slapi_overlay.c > +@@ -930,7 +930,7 @@ int slapi_over_config( BackendDB *be, Co > + ldap_pvt_thread_mutex_init( &slapi_printmessage_mutex ); > + > + if ( slapi_log_file == NULL ) > +- slapi_log_file = slapi_ch_strdup( LDAP_RUNDIR > LDAP_DIRSEP "errors" ); > ++ slapi_log_file = slapi_ch_strdup( LDAP_RUNDIR > LDAP_DIRSEP "log" LDAP_DIRSEP "slapi-errors" ); > + > + rc = slapi_int_init_object_extensions(); > + if ( rc != 0 ) > diff --git > a/meta-oe/recipes-support/openldap/openldap-2.4.39/smbk5pwd-makefile.patch > b/meta-oe/recipes-support/openldap/openldap-2.4.39/smbk5pwd-makefile.patch > new file mode 100644 > index 0000000..17d1b56 > --- /dev/null > +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/smbk5pwd-makefile.patch > @@ -0,0 +1,53 @@ > +--- a/contrib/slapd-modules/smbk5pwd/Makefile > ++++ b/contrib/slapd-modules/smbk5pwd/Makefile > +@@ -14,17 +14,17 @@ > + > + LDAP_SRC = ../../.. > + LDAP_BUILD = ../../.. > +-LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include > -I$(LDAP_SRC)/servers/slapd > +-LDAP_LIB = $(LDAP_BUILD)/libraries/libldap_r/libldap_r.la \ > +- $(LDAP_BUILD)/libraries/liblber/liblber.la > ++LDAP_INC = -I$(LDAP_BUILD)/debian/build/include > -I$(LDAP_BUILD)/debian/build/servers/slapd -I$(LDAP_BUILD)/include > -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd > ++LDAP_LIB = $(LDAP_BUILD)/debian/build/libraries/libldap_r/libldap_r.la \ > ++ $(LDAP_BUILD)/debian/build/libraries/liblber/liblber.la > + > + SSL_INC = > +-SSL_LIB = -lcrypto > ++SSL_LIB = -lgcrypt > + > +-HEIMDAL_INC = -I/usr/heimdal/include > +-HEIMDAL_LIB = -L/usr/heimdal/lib -lkrb5 -lkadm5srv > ++HEIMDAL_INC = -I/usr/include > ++HEIMDAL_LIB = -lkrb5 -lkadm5srv > + > +-LIBTOOL = $(LDAP_BUILD)/libtool > ++LIBTOOL = $(LDAP_BUILD)/debian/build/libtool > + CC = gcc > + OPT = -g -O2 -Wall > + # Omit DO_KRB5, DO_SAMBA or DO_SHADOW if you don't want to support it. > +@@ -35,13 +35,13 @@ LIBS = $(LDAP_LIB) $(HEIMDAL_LIB) $(SSL_ > + PROGRAMS = smbk5pwd.la > + LTVER = 0:0:0 > + > +-prefix=/usr/local > ++prefix=/usr > + exec_prefix=$(prefix) > +-ldap_subdir=/openldap > ++ldap_subdir=/ldap > + > + libdir=$(exec_prefix)/lib > + libexecdir=$(exec_prefix)/libexec > +-moduledir = $(libexecdir)$(ldap_subdir) > ++moduledir = $(libdir)$(ldap_subdir) > + > + .SUFFIXES: .c .o .lo > + > +@@ -55,7 +55,7 @@ smbk5pwd.la: smbk5pwd.lo > + -rpath $(moduledir) -module -o $@ $? $(LIBS) > + > + clean: > +- rm -rf *.o *.lo *.la .libs > ++ $(LIBTOOL) --mode=clean rm -f > + > + install: $(PROGRAMS) > + mkdir -p $(DESTDIR)$(moduledir) > diff --git > a/meta-oe/recipes-support/openldap/openldap-2.4.39/switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff.patch > > b/meta-oe/recipes-support/openldap/openldap-2.4.39/switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff.patch > new file mode 100644 > index 0000000..f0dd4e1 > --- /dev/null > +++ > b/meta-oe/recipes-support/openldap/openldap-2.4.39/switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff.patch > @@ -0,0 +1,40 @@ > +From: Jan-Marek Glogowski <[email protected]> > +Date: Tue, 18 May 2010 17:47:05 +0200 > +Subject: Switch to lt_dlopenadvise() so back_perl can be opened with > RTLD_GLOBAL. > + Open all modules with RTLD_GLOBAL, needed so that back_perl can load > + non-trivial Perl extensions that require symbols from back_perl.so itself. > +Bug-Debian: http://bugs.debian.org/327585 > + > +--- > +--- a/servers/slapd/module.c > ++++ b/servers/slapd/module.c > +@@ -117,6 +117,20 @@ int module_unload( const char *file_name > + return -1; /* not found */ > + } > + > ++static lt_dlhandle slapd_lt_dlopenext_global( const char *filename ) > ++{ > ++ lt_dlhandle handle = 0; > ++ lt_dladvise advise; > ++ > ++ if (!lt_dladvise_init (&advise) && !lt_dladvise_ext (&advise) > ++ && !lt_dladvise_global (&advise)) > ++ handle = lt_dlopenadvise (filename, advise); > ++ > ++ lt_dladvise_destroy (&advise); > ++ > ++ return handle; > ++} > ++ > + int module_load(const char* file_name, int argc, char *argv[]) > + { > + module_loaded_t *module; > +@@ -180,7 +194,7 @@ int module_load(const char* file_name, i > + * to calling Debug. This is because Debug is a macro that expands > + * into multiple function calls. > + */ > +- if ((module->lib = lt_dlopenext(file)) == NULL) { > ++ if ((module->lib = slapd_lt_dlopenext_global(file)) == NULL) { > + error = lt_dlerror(); > + #ifdef HAVE_EBCDIC > + strcpy( ebuf, error ); > diff --git > a/meta-oe/recipes-support/openldap/openldap-2.4.39/wrong-database-location.patch > > b/meta-oe/recipes-support/openldap/openldap-2.4.39/wrong-database-location.patch > new file mode 100644 > index 0000000..25d96cb > --- /dev/null > +++ > b/meta-oe/recipes-support/openldap/openldap-2.4.39/wrong-database-location.patch > @@ -0,0 +1,74 @@ > +Move the default slapd database location to /var/lib/ldap instead of > +/var/openldap-data. > + > +Debian-specific. > + > +--- a/doc/man/man5/slapd-bdb.5 > ++++ b/doc/man/man5/slapd-bdb.5 > +@@ -131,7 +131,7 @@ Specify the directory where the BDB file > + associated indexes live. > + A separate directory must be specified for each database. > + The default is > +-.BR LOCALSTATEDIR/openldap\-data . > ++.BR LOCALSTATEDIR/lib/ldap . > + .TP > + .B dirtyread > + Allow reads of modified but not yet committed data. > +--- a/doc/man/man5/slapd.conf.5 > ++++ b/doc/man/man5/slapd.conf.5 > +@@ -2007,7 +2007,7 @@ suffix "dc=our\-domain,dc=com" > + # The database directory MUST exist prior to > + # running slapd AND should only be accessible > + # by the slapd/tools. Mode 0700 recommended. > +-directory LOCALSTATEDIR/openldap\-data > ++directory LOCALSTATEDIR/lib/ldap > + # Indices to maintain > + index objectClass eq > + index cn,sn,mail pres,eq,approx,sub > +--- a/include/ldap_defaults.h > ++++ b/include/ldap_defaults.h > +@@ -47,7 +47,7 @@ > + /* location of the default slapd config file */ > + #define SLAPD_DEFAULT_CONFIGFILE LDAP_SYSCONFDIR LDAP_DIRSEP "slapd.conf" > + #define SLAPD_DEFAULT_CONFIGDIR LDAP_SYSCONFDIR LDAP_DIRSEP > "slapd.d" > +-#define SLAPD_DEFAULT_DB_DIR LDAP_RUNDIR LDAP_DIRSEP > "openldap-data" > ++#define SLAPD_DEFAULT_DB_DIR LDAP_RUNDIR LDAP_DIRSEP "lib" > LDAP_DIRSEP "ldap" > + #define SLAPD_DEFAULT_DB_MODE 0600 > + #define SLAPD_DEFAULT_UCDATA LDAP_DATADIR LDAP_DIRSEP > "ucdata" > + /* default max deref depth for aliases */ > +--- a/servers/slapd/Makefile.in > ++++ b/servers/slapd/Makefile.in > +@@ -445,9 +445,9 @@ install-conf: FORCE > + > + install-db-config: FORCE > + @-$(MKDIR) $(DESTDIR)$(localstatedir) $(DESTDIR)$(sysconfdir) > +- @-$(INSTALL) -m 700 -d $(DESTDIR)$(localstatedir)/openldap-data > ++ @-$(INSTALL) -m 700 -d $(DESTDIR)$(localstatedir)/lib/ldap > + $(INSTALL) $(INSTALLFLAGS) -m 600 $(srcdir)/DB_CONFIG \ > +- $(DESTDIR)$(localstatedir)/openldap-data/DB_CONFIG.example > ++ $(DESTDIR)$(localstatedir)/lib/ldap/DB_CONFIG.example > + $(INSTALL) $(INSTALLFLAGS) -m 600 $(srcdir)/DB_CONFIG \ > + $(DESTDIR)$(sysconfdir)/DB_CONFIG.example > + > +--- a/doc/man/man5/slapd-config.5 > ++++ b/doc/man/man5/slapd-config.5 > +@@ -2051,7 +2051,7 @@ olcSuffix: "dc=our\-domain,dc=com" > + # The database directory MUST exist prior to > + # running slapd AND should only be accessible > + # by the slapd/tools. Mode 0700 recommended. > +-olcDbDirectory: LOCALSTATEDIR/openldap\-data > ++olcDbDirectory: LOCALSTATEDIR/lib/ldap > + # Indices to maintain > + olcDbIndex: objectClass eq > + olcDbIndex: cn,sn,mail pres,eq,approx,sub > +--- a/doc/man/man5/slapd-mdb.5 > ++++ b/doc/man/man5/slapd-mdb.5 > +@@ -52,7 +52,7 @@ Specify the directory where the LMDB fil > + associated indexes live. > + A separate directory must be specified for each database. > + The default is > +-.BR LOCALSTATEDIR/openldap\-data . > ++.BR LOCALSTATEDIR/lib/ldap . > + .TP > + \fBenvflags > \fR{\fBnosync\fR,\fBnometasync\fR,\fBwritemap\fR,\fBmapasync\fR,\fBnordahead\fR} > + Specify flags for finer-grained control of the LMDB library's operation. > diff --git a/meta-oe/recipes-support/openldap/openldap_2.4.39.bb > b/meta-oe/recipes-support/openldap/openldap_2.4.39.bb > new file mode 100644 > index 0000000..3048c8e > --- /dev/null > +++ b/meta-oe/recipes-support/openldap/openldap_2.4.39.bb > @@ -0,0 +1,182 @@ > +# OpenLDAP, a license free (see http://www.OpenLDAP.org/license.html) > +# > +DESCRIPTION = "OpenLDAP Software is an open source implementation of the > Lightweight Directory Access Protocol." > +HOMEPAGE = "http://www.OpenLDAP.org/license.html"; > +# The OpenLDAP Public License - see the HOMEPAGE - defines > +# the license. www.openldap.org claims this is Open Source > +# (see http://www.openldap.org), the license appears to be > +# basically BSD. opensource.org does not record this license > +# at present (so it is apparently not OSI certified). > +LICENSE = "OpenLDAP" > +LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=f2bdbaa4f50199a00b6de2ca7ec1db05" > +SECTION = "libs" > + > +# patches taken from Debian > +SRC_URI = "\ > + ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz \ > + file://man-slapd.patch \ > + file://evolution-ntlm.patch \ > + file://slapi-errorlog-file.patch \ > + file://ldapi-socket-place.patch \ > + file://wrong-database-location.patch \ > + file://index-files-created-as-root.patch \ > + file://sasl-default-path.patch \ > + file://libldap-symbol-versions.patch \ > + file://getaddrinfo-is-threadsafe.patch \ > + file://do-not-second-guess-sonames.patch \ > + file://contrib-modules-use-dpkg-buildflags.patch \ > + file://smbk5pwd-makefile.patch \ > + file://autogroup-makefile.patch \ > + file://ldap-conf-tls-cacertdir.patch \ > + file://add-tlscacert-option-to-ldap-conf.patch \ > + file://fix-ftbfs-binutils-gold.patch \ > + file://fix-build-top-mk.patch \ > + file://no-AM_INIT_AUTOMAKE.patch \ > + file://switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff.patch \ > + file://no-bdb-ABI-second-guessing.patch \ > + file://heimdal-fix.patch \ > +" > +SRC_URI[md5sum] = "b0d5ee4b252c841dec6b332d679cf943" > +SRC_URI[sha256sum] = > "8267c87347103fef56b783b24877c0feda1063d3cb85d070e503d076584bf8a7" > + > +DEPENDS = "util-linux groff-native db" > + > +PR = "r0" > +# The original top.mk used INSTALL, not INSTALL_STRIP_PROGRAM when > +# installing .so and executables, this fails in cross compilation > +# environments > +SRC_URI += "file://install-strip.patch" > + > +# inherit autotools > +inherit autotools-brokensep > + > +# CV SETTINGS > +# Required to work round AC_FUNC_MEMCMP which gets the wrong answer > +# when cross compiling (should be in site?) > +EXTRA_OECONF += "ac_cv_func_memcmp_working=yes" > + > +# CONFIG DEFINITIONS > +# The following is necessary because it cannot be determined for a > +# cross compile automagically. Select should yield fine on all OE > +# systems... > +EXTRA_OECONF += "--with-yielding-select=yes" > +# Shared libraries are nice... > +EXTRA_OECONF += "--enable-dynamic" > + > +PACKAGECONFIG ??= "openssl modules \ > + ldap meta monitor null passwd shell proxycache dnssrv \ > + bdb hdb mdb sasl \ > +" > +#--with-tls with TLS/SSL support auto|openssl|gnutls [auto] > +PACKAGECONFIG[gnutls] = "--with-tls=gnutls,,gnutls" > +PACKAGECONFIG[openssl] = "--with-tls=openssl,,openssl" > + > +PACKAGECONFIG[sasl] = "--with-cyrus-sasl,--without-cyrus-sasl,cyrus-sasl" > +PACKAGECONFIG[modules] = "lt_cv_dlopen_self=yes > --enable-modules,--disable-modules,libtool" > + > +# SLAPD options > +# > +# UNIX crypt(3) passwd support: > +EXTRA_OECONF += "--enable-crypt" > + > +EXTRA_OECONF += "--enable-ipv6" > + > +# SLAPD BACKEND > +# > +# The backend must be set by the configuration. This controls the > +# required database, the default database, bdb, is turned off but > +# can be turned back on again and it *is* below! The monitor backend > +# is also disabled. If you try to change the backends but fail to > +# enable a single one the build will fail in an obvious way. > +# > +# EXTRA_OECONF += "--disable-bdb --disable-hdb --disable-monitor" > +# > +# Backends="bdb dnssrv hdb ldap ldbm meta monitor null passwd perl shell sql" > +# > +# Note that multiple backends can be built. The ldbm backend requires a > +# build-time choice of database API. The bdb backend forces this to be > +# DB4. To use the gdbm (or other) API the Berkely database module must > +# be removed from the build. > +md = "${libexecdir}/openldap" > +# > +#--enable-bdb enable Berkeley DB backend no|yes|mod yes > +# The Berkely DB is the standard choice. This version of OpenLDAP requires > +# the version 4 implementation or better. > +PACKAGECONFIG[bdb] = "--enable-bdb=mod,--enable-bdb=no,db" > + > +#--enable-dnssrv enable dnssrv backend no|yes|mod no > +PACKAGECONFIG[dnssrv] = "--enable-dnssrv=mod,--enable-dnssrv=no" > + > +#--enable-hdb enable Hierarchical DB backend no|yes|mod no > +# This forces ldbm to use Berkeley too, remove to use gdbm > +PACKAGECONFIG[hdb] = "--enable-hdb=mod,--enable-hdb=no,db" > + > +#--enable-ldap enable ldap backend no|yes|mod no > +PACKAGECONFIG[ldap] = "--enable-ldap=mod,--enable-ldap=no," > + > +#--enable-ldbm enable ldbm backend no|yes|mod no > +# ldbm requires further specification of the underlying database API, because > +# bdb is enabled above this must be set to berkeley, however the config > +# defaults this correctly so --with-ldbm-api is *not* set. The build will > +# fail if bdb is removed, but no database is built to provide the > +# support for ldbm > +# guide.html:<P>back-ldbm was both slow and unreliable. Its byzantine > indexing code was prone to spontaneous corruption, as were the underlying > database libraries that were commonly used (e.g. GDBM or NDBM). back-bdb and > back-hdb are superior in every aspect, with simplified indexing to avoid > index corruption, fine-grained locking for greater concurrency, hierarchical > caching for greater performance, streamlined on-disk format for greater > efficiency and portability, and full transaction support for greater > reliability.</P> > +# configure: WARNING: unrecognized options: --disable-silent-rules, > --enable-ldbm, --with-ldbm-api > +#PACKAGECONFIG[ldbm] = "--enable-ldbm=mod > --with-ldbm-api=gdbm,--enable-ldbm-no,gdbm" > + > +#--enable-meta enable metadirectory backend no|yes|mod no > +PACKAGECONFIG[meta] = "--enable-meta=mod,--enable-meta=no," > + > +#--enable-monitor enable monitor backend no|yes|mod yes > +PACKAGECONFIG[monitor] = "--enable-monitor=mod,--enable-monitor=no," > + > +#--enable-null enable null backend no|yes|mod no > +PACKAGECONFIG[null] = "--enable-null=mod,--enable-null=no," > + > +#--enable-passwd enable passwd backend no|yes|mod no > +PACKAGECONFIG[passwd] = "--enable-passwd=mod,--enable-passwd=no," > + > +# disabling perl support - host contamination issues > +# > +#--enable-perl enable perl backend no|yes|mod no > +# This requires a loadable perl dynamic library, if enabled without > +# doing something appropriate (building perl?) the build will pick > +# up the build machine perl - not good (inherit perlnative?) > +# PACKAGECONFIG[perl] = "--enable-perl=mod,--enable-perl=no,perl" > + > +#--enable-shell enable shell backend no|yes|mod no > +# configure: WARNING: Use of --without-threads is recommended with back-shell > +PACKAGECONFIG[shell] = "--enable-shell=mod > --without-threads,--enable-shell=no," > + > +#--enable-sql enable sql backend no|yes|mod no > +# sql requires some sql backend which provides sql.h, sqlite* provides > +# sqlite.h (which may be compatible but hasn't been tried.) > +PACKAGECONFIG[sql] = "--enable-sql=mod,--enable-sql=no,sqlite3" > + > +#--enable-dyngroup Dynamic Group overlay no|yes|mod no > +# This is a demo, Proxy Cache defines init_module which conflicts with the > +# same symbol in dyngroup > +PACKAGECONFIG[dyngroup] = "--enable-dyngroup=mod,--enable-dyngroup=no," > + > +#--enable-proxycache Proxy Cache overlay no|yes|mod no > +PACKAGECONFIG[proxycache] = "--enable-proxycache=mod,--enable-proxycache=no," > + > +#--enable-mdb enable mdb database backend no|yes|mod no > +PACKAGECONFIG[mdb] = "--enable-mdb=mod,--enable-mdb=no," > + > +CPPFLAGS_append = " -D_GNU_SOURCE" > + > +do_configure() { > + cp ${STAGING_DATADIR_NATIVE}/libtool/config/ltmain.sh ${S}/build > + rm -f ${S}/libtool > + rm -f ${S}/libtool > + aclocal > + libtoolize --force --copy > + gnu-configize > + autoconf > + oe_runconf > +} > + > +FILES_${PN}-dev = "${includedir} ${libdir}/lib*.so ${libdir}/*.la > ${libdir}/*.a ${libexecdir}/openldap/*.a ${libexecdir}/openldap/*.la > ${libexecdir}/openldap/*.so" > +FILES_${PN}-dbg += "${libexecdir}/openldap/.debug" > + > -- > 1.8.3.2 > > -- > _______________________________________________ > Openembedded-devel mailing list > [email protected] > http://lists.openembedded.org/mailman/listinfo/openembedded-devel -- Martin 'JaMa' Jansa jabber: [email protected]
signature.asc
Description: Digital signature
-- _______________________________________________ Openembedded-devel mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-devel
