Rebase to version 2.6.13
Resolves: RHEL-157475
This commit is contained in:
Simon Pichugin
parent
9025f0ac20
commit
3aaf3a46cb
32
.gitignore
vendored
32
.gitignore
vendored
@ -1,33 +1,3 @@
|
||||
/openldap-2.4.28.tgz
|
||||
/openldap-2.4.29.tgz
|
||||
/openldap-2.4.30.tgz
|
||||
/openldap-2.4.31.tgz
|
||||
/openldap-2.4.32.tgz
|
||||
/openldap-2.4.33.tgz
|
||||
/openldap-2.4.34.tgz
|
||||
/openldap-*.tgz
|
||||
/ltb-project-openldap-ppolicy-check-password-1.1.tar.gz
|
||||
/openldap-2.4.35.tgz
|
||||
/openldap-2.4.36.tgz
|
||||
/openldap-2.4.37.tgz
|
||||
/openldap-2.4.38.tgz
|
||||
/openldap-2.4.39.tgz
|
||||
/openldap-2.4.40.tgz
|
||||
/openldap-2.4.41.tgz
|
||||
/openldap-2.4.43.tgz
|
||||
/openldap-2.4.44.tgz
|
||||
/openldap-2.4.45.tgz
|
||||
/openldap-2.4.46.tgz
|
||||
/openldap-2.4.47.tgz
|
||||
/openldap-2.4.50.tgz
|
||||
/openldap-2.4.52.tgz
|
||||
/openldap-2.4.53.tgz
|
||||
/openldap-2.4.54.tgz
|
||||
/openldap-2.4.55.tgz
|
||||
/openldap-2.4.56.tgz
|
||||
/openldap-2.4.57.tgz
|
||||
/openldap-2.4.59.tgz
|
||||
/openldap-2.6.2.tgz
|
||||
/openldap-ppolicy-check-password-1.1.tar.gz
|
||||
/openldap-2.6.3.tgz
|
||||
/openldap-2.6.6.tgz
|
||||
/openldap-2.6.8.tgz
|
||||
|
||||
@ -1,100 +0,0 @@
|
||||
From 5645e37044e77c72f8868ecf62b6c7983c0afc2b Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <ondra@mistotebe.net>
|
||||
Date: Mon, 21 Oct 2024 11:50:11 +0100
|
||||
Subject: [PATCH 1/6] ITS#8047 Fix TLS connection timeout handling
|
||||
|
||||
The test for async in ldap_int_tls_start was inverted, we already
|
||||
support calling ldap_int_tls_connect repeatedly. And so long as
|
||||
LBER_SB_OPT_NEEDS_* are managed correctly, the application should be
|
||||
able to do the right thing.
|
||||
|
||||
Might require a new result code rather than reporposing
|
||||
LDAP_X_CONNECTING for this.
|
||||
---
|
||||
libraries/libldap/ldap-int.h | 1 +
|
||||
libraries/libldap/tls2.c | 18 +++++++++++++++++-
|
||||
2 files changed, 18 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/libraries/libldap/ldap-int.h b/libraries/libldap/ldap-int.h
|
||||
index 3ef17643b1..7e754775e8 100644
|
||||
--- a/libraries/libldap/ldap-int.h
|
||||
+++ b/libraries/libldap/ldap-int.h
|
||||
@@ -368,6 +368,7 @@ typedef struct ldap_conn {
|
||||
#define LDAP_CONNST_NEEDSOCKET 1
|
||||
#define LDAP_CONNST_CONNECTING 2
|
||||
#define LDAP_CONNST_CONNECTED 3
|
||||
+#define LDAP_CONNST_TLS_INPROGRESS 4
|
||||
LDAPURLDesc *lconn_server;
|
||||
BerElement *lconn_ber; /* ber receiving on this conn. */
|
||||
|
||||
diff --git a/libraries/libldap/tls2.c b/libraries/libldap/tls2.c
|
||||
index dea46de0ad..cf6f4dcf9a 100644
|
||||
--- a/libraries/libldap/tls2.c
|
||||
+++ b/libraries/libldap/tls2.c
|
||||
@@ -383,6 +383,7 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn, const char *host )
|
||||
if ( lo && lo->ldo_tls_connect_cb && lo->ldo_tls_connect_cb !=
|
||||
ld->ld_options.ldo_tls_connect_cb )
|
||||
lo->ldo_tls_connect_cb( ld, ssl, ctx, lo->ldo_tls_connect_arg );
|
||||
+ conn->lconn_status = LDAP_CONNST_TLS_INPROGRESS;
|
||||
}
|
||||
|
||||
/* pass hostname for SNI, but only if it's an actual name
|
||||
@@ -441,9 +442,11 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn, const char *host )
|
||||
ber_sockbuf_remove_io( sb, &ber_sockbuf_io_debug,
|
||||
LBER_SBIOD_LEVEL_TRANSPORT );
|
||||
#endif
|
||||
+ conn->lconn_status = LDAP_CONNST_CONNECTED;
|
||||
return -1;
|
||||
}
|
||||
|
||||
+ conn->lconn_status = LDAP_CONNST_CONNECTED;
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -516,8 +519,9 @@ int
|
||||
ldap_tls_inplace( LDAP *ld )
|
||||
{
|
||||
Sockbuf *sb = NULL;
|
||||
+ LDAPConn *lc = ld->ld_defconn;
|
||||
|
||||
- if ( ld->ld_defconn && ld->ld_defconn->lconn_sb ) {
|
||||
+ if ( lc && lc->lconn_sb ) {
|
||||
sb = ld->ld_defconn->lconn_sb;
|
||||
|
||||
} else if ( ld->ld_sb ) {
|
||||
@@ -527,6 +531,10 @@ ldap_tls_inplace( LDAP *ld )
|
||||
return 0;
|
||||
}
|
||||
|
||||
+ if ( lc && lc->lconn_status == LDAP_CONNST_TLS_INPROGRESS ) {
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
return ldap_pvt_tls_inplace( sb );
|
||||
}
|
||||
|
||||
@@ -1159,6 +1167,9 @@ ldap_int_tls_start ( LDAP *ld, LDAPConn *conn, LDAPURLDesc *srv )
|
||||
*/
|
||||
while ( ret > 0 ) {
|
||||
if ( async ) {
|
||||
+ ld->ld_errno = LDAP_X_CONNECTING;
|
||||
+ return (ld->ld_errno);
|
||||
+ } else {
|
||||
struct timeval curr_time_tv, delta_tv;
|
||||
int wr=0;
|
||||
|
||||
@@ -1217,6 +1228,11 @@ ldap_int_tls_start ( LDAP *ld, LDAPConn *conn, LDAPURLDesc *srv )
|
||||
ret = ldap_int_tls_connect( ld, conn, host );
|
||||
}
|
||||
|
||||
+ if ( !async && ld->ld_options.ldo_tm_net.tv_sec >= 0 ) {
|
||||
+ /* Restore original sb status */
|
||||
+ ber_sockbuf_ctrl( sb, LBER_SB_OPT_SET_NONBLOCK, (void*)0 );
|
||||
+ }
|
||||
+
|
||||
if ( ret < 0 ) {
|
||||
if ( ld->ld_errno == LDAP_SUCCESS )
|
||||
ld->ld_errno = LDAP_CONNECT_ERROR;
|
||||
--
|
||||
2.47.1
|
||||
|
||||
@ -1,35 +1,20 @@
|
||||
Various manual pages changes:
|
||||
* removes LIBEXECDIR from slapd.8
|
||||
* removes references to non-existing manpages (bz 624616)
|
||||
|
||||
diff --git a/doc/man/man1/ldapmodify.1 b/doc/man/man1/ldapmodify.1
|
||||
index 353b075..cf37856 100644
|
||||
--- a/doc/man/man1/ldapmodify.1
|
||||
+++ b/doc/man/man1/ldapmodify.1
|
||||
@@ -382,8 +382,7 @@ exit status and a diagnostic message being written to standard error.
|
||||
.BR ldap_add_ext (3),
|
||||
.BR ldap_delete_ext (3),
|
||||
.BR ldap_modify_ext (3),
|
||||
-.BR ldap_modrdn_ext (3),
|
||||
-.BR ldif (5).
|
||||
+.BR ldif (5)
|
||||
.SH AUTHOR
|
||||
The OpenLDAP Project <http://www.openldap.org/>
|
||||
.SH ACKNOWLEDGEMENTS
|
||||
diff --git a/doc/man/man5/ldap.conf.5 b/doc/man/man5/ldap.conf.5
|
||||
index 17b7154..6084298 100644
|
||||
index d47481d6ed..ff86fc52ca 100644
|
||||
--- a/doc/man/man5/ldap.conf.5
|
||||
+++ b/doc/man/man5/ldap.conf.5
|
||||
@@ -338,6 +338,7 @@ certificates in separate individual files. The
|
||||
@@ -341,6 +341,7 @@ be specified, separated by a semi-colon. The
|
||||
.B TLS_CACERT
|
||||
is always used before
|
||||
.B TLS_CACERTDIR.
|
||||
.BR TLS_CACERTDIR .
|
||||
+The specified directory must be managed with the OpenSSL c_rehash utility.
|
||||
.TP
|
||||
.B TLS_CERT <filename>
|
||||
Specifies the file that contains the client certificate.
|
||||
diff --git a/doc/man/man8/slapd.8 b/doc/man/man8/slapd.8
|
||||
index 8504b37..f02f1fa 100644
|
||||
index 807634e52d..a06110687b 100644
|
||||
--- a/doc/man/man8/slapd.8
|
||||
+++ b/doc/man/man8/slapd.8
|
||||
@@ -5,7 +5,7 @@
|
||||
@ -41,16 +26,16 @@ index 8504b37..f02f1fa 100644
|
||||
[\c
|
||||
.BR \-V [ V [ V ]]
|
||||
[\c
|
||||
@@ -332,7 +332,7 @@ the LDAP databases defined in the default config file, just type:
|
||||
@@ -333,7 +333,7 @@ the LDAP databases defined in the default config file, just type:
|
||||
.LP
|
||||
.nf
|
||||
.ft tt
|
||||
- LIBEXECDIR/slapd
|
||||
+ slapd
|
||||
+ slapd
|
||||
.ft
|
||||
.fi
|
||||
.LP
|
||||
@@ -343,7 +343,7 @@ on voluminous debugging which will be printed on standard error, type:
|
||||
@@ -344,7 +344,7 @@ on voluminous debugging which will be printed on standard error, type:
|
||||
.LP
|
||||
.nf
|
||||
.ft tt
|
||||
@ -59,7 +44,7 @@ index 8504b37..f02f1fa 100644
|
||||
.ft
|
||||
.fi
|
||||
.LP
|
||||
@@ -351,7 +351,7 @@ To test whether the configuration file is correct or not, type:
|
||||
@@ -352,7 +352,7 @@ To test whether the configuration file is correct or not, type:
|
||||
.LP
|
||||
.nf
|
||||
.ft tt
|
||||
|
||||
@ -15,8 +15,8 @@
|
||||
%global __brp_remove_la_files %nil
|
||||
|
||||
Name: openldap
|
||||
Version: 2.6.8
|
||||
Release: 4%{?dist}
|
||||
Version: 2.6.13
|
||||
Release: 1%{?dist}
|
||||
Summary: LDAP support libraries
|
||||
License: OLDAP-2.8
|
||||
URL: http://www.openldap.org/
|
||||
@ -52,7 +52,6 @@ Patch8: openldap-add-export-symbols-LDAP_CONNECTIONLESS.patch
|
||||
Patch9: openldap-Revert-ITS-8618-Remove-deprecated-h-and-p.patch
|
||||
Patch10: openldap-Revert-ITS-9917-Remove--h-and-p-from-options.patch
|
||||
Patch11: openldap-libldap-avoid-SSL-context-cleanup-during-library-des.patch
|
||||
Patch12: openldap-fix-TLS-connection-timeout-handling.patch
|
||||
|
||||
# check-password module specific patches
|
||||
Patch90: check-password-makefile.patch
|
||||
@ -170,7 +169,6 @@ pushd openldap-%{version}
|
||||
%patch -P9 -p1
|
||||
%patch -P10 -p1
|
||||
%patch -P11 -p1
|
||||
%patch -P12 -p1
|
||||
|
||||
# build smbk5pwd with other overlays
|
||||
ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays
|
||||
@ -555,6 +553,10 @@ exit 0
|
||||
%{_libdir}/libslapi-2.4*.so.*
|
||||
|
||||
%changelog
|
||||
* Thu Apr 23 2026 Simon Pichugin <spichugi@redhat.com> - 2.6.13-1
|
||||
- Rebase to version 2.6.13
|
||||
- Resolves: RHEL-157475
|
||||
|
||||
* Wed Feb 12 2025 Simon Pichugin <spichugi@redhat.com> - 2.6.8-4
|
||||
- Fix TLS connection timeout handling (RHEL-78297)
|
||||
|
||||
|
||||
3
sources
3
sources
@ -1,3 +1,2 @@
|
||||
SHA512 (openldap-ppolicy-check-password-1.1.tar.gz) = a92854d7438cb95fac361da80a49d084d502155e8ce0ad2ea679db9529bbe0182aa4354e6139793c775e496349375d8f017678941d23315ff1c20fefc9573cdc
|
||||
SHA512 (openldap-2.6.6.tgz) = 0e800807b23f090b465dc18c2f0d342585f96768543b3298b85d17c18272d1c5576a66326d30b3520cac493cbd2ea70e309cd923bf19447c973a63d940619fa6
|
||||
SHA512 (openldap-2.6.8.tgz) = c86bda8a0af2645e586d56a1494a5bd486ec5dd55c47859dbabcc2bb6ddc0a8307e23c6b58228d49ee3c8bc5e4d6ead305863442efdcee3dc2ab9953097b5a77
|
||||
SHA512 (openldap-2.6.13.tgz) = a64b222bee2e8693e534f64eeb7afcd1f0c7a4b9ae2288ce2c53be9b532902fac3a1e3318c82545cf30c7f982a68b5167ee8baba1f4be5c1a72abdb7c75ac80b
|
||||
|
||||
Loading…
Reference in New Issue
Block a user