rpms/openldap
5
0
Fork 0
Code Issues Pull Requests Releases Activity

rebase to 2.4.26

Browse Source 
- remove upstream included patches
This commit is contained in:
Jan Vcelak 2011-07-20 15:17:58 +02:00
parent b35dfa8417
commit 583cde50ed
9 changed files with 12 additions and 204 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1 @@
/openldap-2.4.25.tgz /openldap-2.4.26.tgz

18
openldap-export-ldif.patch
View File

@ -1,18 +0,0 @@
Add 'ldif.h' into -devel subpackage. 'libldif' was removed by upstrem and the symbols
were moved to 'libldap'. But the interface is missing.
Author: Jan Vcelak <jvcelak@redhat.com>
diff -uNPrp openldap-2.4.25/include/Makefile.in openldap-2.4.25.ldif/include/Makefile.in
--- openldap-2.4.25/include/Makefile.in 2011-01-05 00:49:52.000000000 +0100
+++ openldap-2.4.25.ldif/include/Makefile.in 2011-06-27 17:13:57.629416190 +0200
@@ -20,7 +20,8 @@ install-local: FORCE
for header in $(srcdir)/lber.h lber_types.h \
$(srcdir)/ldap.h $(srcdir)/ldap_cdefs.h \
$(srcdir)/ldap_schema.h $(srcdir)/ldap_utf8.h \
- $(srcdir)/slapi-plugin.h ldap_features.h; \
+ $(srcdir)/slapi-plugin.h ldap_features.h \
+ $(srcdir)/ldif.h; \
do \
$(INSTALL) $(INSTALLFLAGS) -m 644 $$header $(DESTDIR)$(includedir); \
done

28
openldap-ldapexop-double-free.patch
View File

@ -1,28 +0,0 @@
Segmentation fault fix caused by double free in ldapexop.
Resolves: #699683
Author: Jan Vcelak <jvcelak@redhat.com>
Upstream: ITS #6946, git 3fcf2b1
diff --git a/clients/tools/ldapexop.c b/clients/tools/ldapexop.c
index f17e085..316eca1 100644
--- a/clients/tools/ldapexop.c
+++ b/clients/tools/ldapexop.c
@@ -247,7 +247,7 @@ main( int argc, char *argv[] )
char *retoid = NULL;
struct berval *retdata = NULL;
- rc = ldap_parse_extended_result( ld, res, &retoid, &retdata, 1 );
+ rc = ldap_parse_extended_result( ld, res, &retoid, &retdata, 0 );
if ( rc != LDAP_SUCCESS ) {
tool_perror( "ldap_parse_extended_result", rc, NULL, NULL, NULL, NULL );
@@ -294,7 +294,7 @@ main( int argc, char *argv[] )
printf(_("# extended operation response\n"));
}
- rc = ldap_parse_extended_result( ld, res, &retoid, &retdata, 1 );
+ rc = ldap_parse_extended_result( ld, res, &retoid, &retdata, 0 );
if ( rc != LDAP_SUCCESS ) {
tool_perror( "ldap_parse_extended_result", rc, NULL, NULL, NULL, NULL );
rc = EXIT_FAILURE;

68
openldap-nss-cacertdir-soft-error.patch
View File

@ -1,68 +0,0 @@
Connection fails if TLS_CACERTDIR doesn't exist but TLS_REQCERT is set to 'never'
Resolves: #716854
Author: Rich Megginson <rmeggins@redhat.com>
Upstream: ITS #6975, git 7e528ae
diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
index 911885d..7be703b 100644
--- a/libraries/libldap/tls_m.c
+++ b/libraries/libldap/tls_m.c
@@ -1320,7 +1320,7 @@ static int
tlsm_init_ca_certs( tlsm_ctx *ctx, const char *cacertfile, const char *cacertdir )
{
PRBool isca = PR_TRUE;
- PRStatus status = PR_FAILURE;
+ PRStatus status = PR_SUCCESS;
PRErrorCode errcode = PR_SUCCESS;
if ( !cacertfile && !cacertdir ) {
@@ -1336,14 +1336,24 @@ tlsm_init_ca_certs( tlsm_ctx *ctx, const char *cacertfile, const char *cacertdir
"TLS: %s is not a valid CA certificate file - error %d:%s.\n",
cacertfile, errcode,
PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
+ /* failure with cacertfile is a hard failure even if cacertdir is
+ also specified and contains valid CA cert files */
+ status = PR_FAILURE;
} else {
Debug( LDAP_DEBUG_TRACE,
"TLS: loaded CA certificate file %s.\n",
cacertfile, 0, 0 );
- status = PR_SUCCESS; /* have at least one good CA - we can proceed */
}
}
+ /* if cacertfile above failed, we will return failure, even
+ if there is a valid CA cert in cacertdir - but we still
+ process cacertdir in case the user has enabled trace level
+ debugging so they can see the processing for cacertdir too */
+ /* any cacertdir failures are "soft" failures - if the user specifies
+ no cert checking, then we allow the tls/ssl to continue, no matter
+ what was specified for cacertdir, or the contents of the directory
+ - this is different behavior than that of cacertfile */
if ( cacertdir ) {
PRFileInfo fi;
PRDir *dir;
@@ -1397,7 +1407,6 @@ tlsm_init_ca_certs( tlsm_ctx *ctx, const char *cacertfile, const char *cacertdir
Debug( LDAP_DEBUG_TRACE,
"TLS: loaded CA certificate file %s from CA certificate directory %s.\n",
fullpath, cacertdir, 0 );
- status = PR_SUCCESS; /* found at least 1 valid CA file in the dir */
} else {
errcode = PR_GetError();
Debug( LDAP_DEBUG_TRACE,
@@ -1412,14 +1421,6 @@ tlsm_init_ca_certs( tlsm_ctx *ctx, const char *cacertfile, const char *cacertdir
}
done:
if ( status != PR_SUCCESS ) {
- const char *fmtstr = NULL;
- if ( cacertfile && cacertdir ) {
- fmtstr = "TLS: did not find any valid CA certificates in %s or %s\n";
- } else {
- fmtstr = "TLS: did not find any valid CA certificates in %s%s\n";
- }
- Debug( LDAP_DEBUG_ANY, fmtstr, cacertdir ? cacertdir : "",
- cacertfile ? cacertfile : "", 0 );
return -1;
}

19
openldap-nss-nofork.patch
View File

@ -1,19 +0,0 @@
fix: OpenLDAP can't use TLS after a fork()
Resolves: #636956
Upstream ITS: #6862
Author: Rich Megginson <rmeggins@redhat.com>
--- openldap-2.4.24.orig/libraries/libldap/tls_m.c
+++ openldap-2.4.24/libraries/libldap/tls_m.c
@@ -2890,7 +2890,9 @@
* context in the child.
*/
if ( !nofork ) {
- PR_SetEnv( "NSS_STRICT_NOFORK=DISABLED" );
+ /* will leak one time */
+ char *noforkenvvar = PL_strdup( "NSS_STRICT_NOFORK=DISABLED" );
+ PR_SetEnv( noforkenvvar );
}
return 0;

19
openldap-segfault-ldif-indent.patch
View File

@ -1,19 +0,0 @@
Segmentation fault of client tool when input LDIF line is splitted but not indented correctly.
Resolves: #716855
Author: Howard Chu <hyc@openldap.org>
Upstream: ITS#6978, git 4b057bc
diff --git a/clients/tools/ldapmodify.c b/clients/tools/ldapmodify.c
index 7cd9774..2d11045 100644
--- a/clients/tools/ldapmodify.c
+++ b/clients/tools/ldapmodify.c
@@ -449,7 +449,7 @@ process_ldif_rec( char *rbuf, int linenum )
fprintf( stderr, _("%s: invalid format (line %d) entry: \"%s\"\n"),
prog, linenum+i, dn == NULL ? "" : dn );
rc = LDAP_PARAM_ERROR;
- break;
+ goto leave;
}
freeval[i] = freev;

31
openldap-segfault-ldif-nl-end.patch
View File

@ -1,31 +0,0 @@
commit 83814a220fb70db8344469dc3e2db5357b36fc5c
Author: Jan Vcelak <jvcelak@redhat.com>
Date: Mon Jun 20 17:31:57 2011 +0200
ITS#6947 Handle missing '\n' termination in LDIF input
diff --git a/libraries/libldap/ldif.c b/libraries/libldap/ldif.c
index 0ee7849..0bc35bb 100644
--- a/libraries/libldap/ldif.c
+++ b/libraries/libldap/ldif.c
@@ -842,11 +842,16 @@ ldif_read_record(
if ( fgets( line, sizeof( line ), lfp->fp ) == NULL ) {
stop = 1;
- /* Add \n in case the file does not end with newline */
- line[0] = '\n';
- line[1] = '\0';
+ len = 0;
+ } else {
+ len = strlen( line );
+ }
+
+ if ( len == 0 || line[len-1] != '\n' ) {
+ /* Add \n in case the line/file does not end with newline */
+ line[len] = '\n';
+ line[++len] = '\0';
}
- len = strlen( line );
if ( last_ch == '\n' ) {
(*lno)++;

29
openldap.spec
View File

@ -5,7 +5,7 @@
%define evolution_connector_libdir %{evolution_connector_prefix}/%{_lib} %define evolution_connector_libdir %{evolution_connector_prefix}/%{_lib}
Name: openldap Name: openldap
Version: 2.4.25 Version: 2.4.26
Release: 1%{?dist} Release: 1%{?dist}
Summary: LDAP support libraries Summary: LDAP support libraries
Group: System Environment/Daemons Group: System Environment/Daemons
@ -23,15 +23,9 @@ Patch0: openldap-manpages.patch
Patch1: openldap-security-pie.patch Patch1: openldap-security-pie.patch
Patch2: openldap-sql-linking.patch Patch2: openldap-sql-linking.patch
Patch3: openldap-reentrant-gethostby.patch Patch3: openldap-reentrant-gethostby.patch
Patch4: openldap-export-ldif.patch Patch4: openldap-smbk5pwd-overlay.patch
Patch5: openldap-smbk5pwd-overlay.patch Patch5: openldap-ldaprc-currentdir.patch
Patch6: openldap-ldaprc-currentdir.patch Patch6: openldap-userconfig-setgid.patch
Patch7: openldap-userconfig-setgid.patch
Patch8: openldap-nss-nofork.patch
Patch9: openldap-nss-cacertdir-soft-error.patch
Patch10: openldap-ldapexop-double-free.patch
Patch11: openldap-segfault-ldif-indent.patch
Patch12: openldap-segfault-ldif-nl-end.patch
# patches for the evolution library (see README.evolution) # patches for the evolution library (see README.evolution)
Patch200: openldap-evolution-ntlm.patch Patch200: openldap-evolution-ntlm.patch
@ -128,15 +122,9 @@ pushd openldap-%{version}
%patch1 -p1 -b .security-pie %patch1 -p1 -b .security-pie
%patch2 -p1 -b .sql-linking %patch2 -p1 -b .sql-linking
%patch3 -p1 -b .reentrant-gethostby %patch3 -p1 -b .reentrant-gethostby
%patch4 -p1 -b .export-ldif %patch4 -p1 -b .smbk5pwd-overlay
%patch5 -p1 -b .smbk5pwd-overlay %patch5 -p1 -b .ldaprc-currentdir
%patch6 -p1 -b .ldaprc-currentdir %patch6 -p1 -b .userconfig-setgid
%patch7 -p1 -b .userconfig-setgid
%patch8 -p1 -b .nss-nofork
%patch9 -p1 -b .nss-cacertdir-soft-error
%patch10 -p1 -b .ldapexop-double-free
%patch11 -p1 -b .segfault-ldif-indent
%patch12 -p1 -b .segfault-ldif-nl-end
cp %{_datadir}/libtool/config/config.{sub,guess} build/ cp %{_datadir}/libtool/config/config.{sub,guess} build/
@ -659,6 +647,9 @@ exit 0
%attr(0644,root,root) %{evolution_connector_libdir}/*.a %attr(0644,root,root) %{evolution_connector_libdir}/*.a
%changelog %changelog
* Wed Jul 20 2011 Jan Vcelak <jvcelak@redhat.com> 2.4.26-1
- rebase to new upstream release
* Mon Jun 27 2011 Jan Vcelak <jvcelak@redhat.com> 2.4.25-1 * Mon Jun 27 2011 Jan Vcelak <jvcelak@redhat.com> 2.4.25-1
- rebase to new upstream release - rebase to new upstream release
- change default database type from BDB to HDB - change default database type from BDB to HDB

2
sources
View File

@ -1 +1 @@
ec63f9c2add59f323a0459128846905b openldap-2.4.25.tgz f36f3086031dd56ae94f722ffae8df5e openldap-2.4.26.tgz