Correction of setugid patch, removed c,M and P options from some client utilities

openldap-2.2.13-setugid.patch

@@ -8,7 +8,7 @@ diff -up openldap-2.4.14/libraries/libldap/init.c.setugid openldap-2.4.14/librar
  
  #ifdef HAVE_GETEUID
 -	if ( geteuid() != getuid() )
-+	if ( geteuid() != getuid() || getegid() == getgid() )
++	if ( geteuid() != getuid() || getegid() != getgid() )
  		return;
  #endif
  

openldap-2.4.12-options.patch

@@ -0,0 +1,112 @@
+--- openldap/clients/tools/common.c	2009-04-09 11:37:06.000000000 +0200
++++ openldap/clients/tools/common.c.option	2009-04-09 14:52:23.000000000 +0200
+@@ -267,7 +267,6 @@ void
+ tool_common_usage( void )
+ {
+ 	static const char *const descriptions[] = {
+-N_("  -c         continuous operation mode (do not stop on errors)\n"),
+ N_("  -d level   set LDAP debugging level to `level'\n"),
+ N_("  -D binddn  bind DN\n"),
+ N_("  -e [!]<ext>[=<extparam>] general extensions (! indicates criticality)\n")
+@@ -298,18 +297,15 @@ N_("             [!]sessiontracking\n")
+ N_("             abandon, cancel, ignore (SIGINT sends abandon/cancel,\n"
+    "             or ignores response; if critical, doesn't wait for SIGINT.\n"
+    "             not really controls)\n")
+-N_("  -f file    read operations from `file'\n"),
+ N_("  -h host    LDAP server\n"),
+ N_("  -H URI     LDAP Uniform Resource Identifier(s)\n"),
+ N_("  -I         use SASL Interactive mode\n"),
+-N_("  -M         enable Manage DSA IT control (-MM to make critical)\n"),
+ N_("  -n         show what would be done but don't actually do it\n"),
+ N_("  -N         do not use reverse DNS to canonicalize SASL host name\n"),
+ N_("  -O props   SASL security properties\n"),
+ N_("  -o <opt>[=<optparam] general options\n"),
+ N_("             nettimeout=<timeout> (in seconds, or \"none\" or \"max\")\n"),
+ N_("  -p port    port on LDAP server\n"),
+-N_("  -P version protocol version (default: 3)\n"),
+ N_("  -Q         use SASL Quiet mode\n"),
+ N_("  -R realm   SASL realm\n"),
+ N_("  -U authcid SASL authentication identity\n"),
+
+--- openldap/clients/tools/ldapcompare.c	2009-04-09 11:37:06.000000000 +0200
++++ openldap/clients/tools/ldapcompare.c.option	2009-04-09 14:46:37.000000000 +0200
+@@ -85,6 +85,8 @@ usage( void )
+ 	fprintf( stderr, _("Compare options:\n"));
+ 	fprintf( stderr, _("  -E [!]<ext>[=<extparam>] compare extensions (! indicates criticality)\n"));
+ 	fprintf( stderr, _("             !dontUseCopy                (Don't Use Copy)\n"));
++	fprintf( stderr, _("  -M         enable Manage DSA IT control (-MM to make critical)\n"));
++	fprintf( stderr, _("  -P version protocol version (default: 3)\n"));
+ 	fprintf( stderr, _("  -z         Quiet mode,"
+ 		" don't print anything, use return values\n"));
+ 	tool_common_usage();
+
+--- openldap/clients/tools/ldapdelete.c	2009-04-09 11:37:06.000000000 +0200
++++ openldap/clients/tools/ldapdelete.c.option	2009-04-09 14:48:48.000000000 +0200
+@@ -71,6 +71,10 @@ usage( void )
+ 	fprintf( stderr, _("	dn: list of DNs to delete. If not given, it will be readed from stdin\n"));
+ 	fprintf( stderr, _("	    or from the file specified with \"-f file\".\n"));
+ 	fprintf( stderr, _("Delete Options:\n"));
++	fprintf( stderr, _("  -c         continuous operation mode (do not stop on errors)\n"));
++	fprintf( stderr, _("  -f file    read operations from `file'\n"));
++	fprintf( stderr, _("  -M         enable Manage DSA IT control (-MM to make critical)\n"));
++	fprintf( stderr, _("  -P version protocol version (default: 3)\n"));
+ 	fprintf( stderr, _("  -r         delete recursively\n"));
+ 	tool_common_usage();
+ 	exit( EXIT_FAILURE );
+
+--- openldap/clients/tools/ldapmodify.c	2009-04-09 11:37:06.000000000 +0200
++++ openldap/clients/tools/ldapmodify.c.option	2009-04-09 14:50:14.000000000 +0200
+@@ -137,8 +137,12 @@ usage( void )
+ 	fprintf( stderr, _("Add or modify options:\n"));
+ 	fprintf( stderr, _("  -a         add values (%s)\n"),
+ 		(ldapadd ? _("default") : _("default is to replace")));
++	fprintf( stderr, _("  -c         continuous operation mode (do not stop on errors)\n"));
+ 	fprintf( stderr, _("  -E [!]ext=extparam	modify extensions"
+ 		" (! indicate s criticality)\n"));
++	fprintf( stderr, _("  -f file    read operations from `file'\n"));
++	fprintf( stderr, _("  -M         enable Manage DSA IT control (-MM to make critical)\n"));
++	fprintf( stderr, _("  -P version protocol version (default: 3)\n"));
+ #ifdef LDAP_X_TXN
+  	fprintf( stderr,
+ 		_("             [!]txn=<commit|abort>         (transaction)\n"));
+
+--- openldap/clients/tools/ldapmodrdn.c	2009-04-09 11:37:06.000000000 +0200
++++ openldap/clients/tools/ldapmodrdn.c.option	2009-04-09 14:50:40.000000000 +0200
+@@ -83,6 +83,10 @@ usage( void )
+ 	fprintf( stderr, _("		If not given, the list of modifications is read from stdin or\n"));
+ 	fprintf( stderr, _("		from the file specified by \"-f file\" (see man page).\n"));
+ 	fprintf( stderr, _("Rename options:\n"));
++	fprintf( stderr, _("  -c         continuous operation mode (do not stop on errors)\n"));
++	fprintf( stderr, _("  -f file    read operations from `file'\n"));
++	fprintf( stderr, _("  -M         enable Manage DSA IT control (-MM to make critical)\n"));
++	fprintf( stderr, _("  -P version protocol version (default: 3)\n"));
+ 	fprintf( stderr, _("  -r         remove old RDN\n"));
+ 	fprintf( stderr, _("  -s newsup  new superior entry\n"));
+ 	tool_common_usage();
+
+--- openldap/clients/tools/ldapsearch.c	2009-04-09 11:37:06.000000000 +0200
++++ openldap/clients/tools/ldapsearch.c.option	2009-04-09 14:51:51.000000000 +0200
+@@ -123,6 +123,7 @@ usage( void )
+ 	fprintf( stderr, _("  -a deref   one of never (default), always, search, or find\n"));
+ 	fprintf( stderr, _("  -A         retrieve attribute names only (no values)\n"));
+ 	fprintf( stderr, _("  -b basedn  base dn for search\n"));
++	fprintf( stderr, _("  -c         continuous operation mode (do not stop on errors)\n"));
+ 	fprintf( stderr, _("  -E [!]<ext>[=<extparam>] search extensions (! indicates criticality)\n"));
+ 	fprintf( stderr, _("             [!]domainScope              (domain scope)\n"));
+ 	fprintf( stderr, _("             !dontUseCopy                (Don't Use Copy)\n"));
+@@ -137,12 +138,15 @@ usage( void )
+ 	fprintf( stderr, _("             [!]deref=derefAttr:attr[,...][;derefAttr:attr[,...][;...]]\n"));
+ #endif
+ 	fprintf( stderr, _("             [!]<oid>=:<value>           (generic control; no response handling)\n"));
++	fprintf( stderr, _("  -f file    read operations from `file'\n"));
+ 	fprintf( stderr, _("  -F prefix  URL prefix for files (default: %s)\n"), def_urlpre);
+ 	fprintf( stderr, _("  -l limit   time limit (in seconds, or \"none\" or \"max\") for search\n"));
+ 	fprintf( stderr, _("  -L         print responses in LDIFv1 format\n"));
+ 	fprintf( stderr, _("  -LL        print responses in LDIF format without comments\n"));
+ 	fprintf( stderr, _("  -LLL       print responses in LDIF format without comments\n"));
+ 	fprintf( stderr, _("             and version\n"));
++	fprintf( stderr, _("  -M         enable Manage DSA IT control (-MM to make critical)\n"));
++	fprintf( stderr, _("  -P version protocol version (default: 3)\n"));
+ 	fprintf( stderr, _("  -s scope   one of base, one, sub or children (search scope)\n"));
+ 	fprintf( stderr, _("  -S attr    sort the results by attribute `attr'\n"));
+ 	fprintf( stderr, _("  -t         write binary values to files in temporary directory\n"));

openldap-2.4.15-file-option.patch

@@ -1,55 +0,0 @@
---- openldap-2.4.15/clients/tools/common.c	2009-03-25 12:22:05.000000000 +0100
-+++ openldap-2.4.15/clients/tools/common.c.option	2009-03-25 12:22:10.000000000 +0100
-@@ -274,7 +274,6 @@ N_("             [!]sessiontracking\n")
- N_("             abandon, cancel, ignore (SIGINT sends abandon/cancel,\n"
-    "             or ignores response; if critical, doesn't wait for SIGINT.\n"
-    "             not really controls)\n")
--N_("  -f file    read operations from `file'\n"),
- N_("  -h host    LDAP server\n"),
- N_("  -H URI     LDAP Uniform Resource Identifier(s)\n"),
- N_("  -I         use SASL Interactive mode\n"),
-
---- openldap-2.4.15/clients/tools/ldapdelete.c	2009-03-25 12:07:29.000000000 +0100
-+++ openldap-2.4.15/clients/tools/ldapdelete.c.option	2009-03-25 12:13:04.000000000 +0100
-@@ -71,6 +71,7 @@ usage( void )
- 	fprintf( stderr, _("	dn: list of DNs to delete. If not given, it will be readed from stdin\n"));
- 	fprintf( stderr, _("	    or from the file specified with \"-f file\".\n"));
- 	fprintf( stderr, _("Delete Options:\n"));
-+	fprintf( stderr, _("  -f file    read operations from `file'\n"));
- 	fprintf( stderr, _("  -r         delete recursively\n"));
- 	tool_common_usage();
- 	exit( EXIT_FAILURE );
-
---- openldap-2.4.15/clients/tools/ldapmodify.c	2009-03-25 12:07:50.000000000 +0100
-+++ openldap-2.4.15/clients/tools/ldapmodify.c.option	2009-03-25 12:12:52.000000000 +0100
-@@ -143,6 +143,7 @@ usage( void )
-  	fprintf( stderr,
- 		_("             [!]txn=<commit|abort>         (transaction)\n"));
- #endif
-+	fprintf( stderr, _("  -f file    read operations from `file'\n"));
- 	fprintf( stderr, _("  -S file    write skipped modifications to `file'\n"));
- 
- 	tool_common_usage();
-
---- openldap-2.4.15/clients/tools/ldapmodrdn.c	2009-03-25 12:08:12.000000000 +0100
-+++ openldap-2.4.15/clients/tools/ldapmodrdn.c.option	2009-03-25 12:13:19.000000000 +0100
-@@ -83,6 +83,7 @@ usage( void )
- 	fprintf( stderr, _("		If not given, the list of modifications is read from stdin or\n"));
- 	fprintf( stderr, _("		from the file specified by \"-f file\" (see man page).\n"));
- 	fprintf( stderr, _("Rename options:\n"));
-+	fprintf( stderr, _("  -f file    read operations from `file'\n"));
- 	fprintf( stderr, _("  -r         remove old RDN\n"));
- 	fprintf( stderr, _("  -s newsup  new superior entry\n"));
- 	tool_common_usage();
-
---- openldap-2.4.15/clients/tools/ldapsearch.c	2009-01-22 01:00:43.000000000 +0100
-+++ openldap-2.4.15/clients/tools/ldapsearch.c.option	2009-03-25 14:57:56.000000000 +0100
-@@ -137,6 +137,7 @@ usage( void )
- 	fprintf( stderr, _("             [!]deref=derefAttr:attr[,...][;derefAttr:attr[,...][;...]]\n"));
- #endif
- 	fprintf( stderr, _("             [!]<oid>=:<value>           (generic control; no response handling)\n"));
-+	fprintf( stderr, _("  -f file    read operations from `file'\n"));
- 	fprintf( stderr, _("  -F prefix  URL prefix for files (default: %s)\n"), def_urlpre);
- 	fprintf( stderr, _("  -l limit   time limit (in seconds, or \"none\" or \"max\") for search\n"));
- 	fprintf( stderr, _("  -L         print responses in LDIFv1 format\n"));
-

openldap.spec

@@ -11,7 +11,7 @@
 Summary: LDAP support libraries
 Name: openldap
 Version: %{version}
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: OpenLDAP
 Group: System Environment/Daemons
 Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version}.tgz
@@ -34,7 +34,7 @@ Patch5: openldap-2.4.6-nosql.patch
 Patch6: openldap-2.3.19-gethostbyXXXX_r.patch
 Patch9: openldap-2.3.37-smbk5pwd.patch
 Patch10: openldap-2.4.6-multilib.patch
-Patch11: openldap-2.4.15-file-option.patch
+Patch11: openldap-2.4.12-options.patch
 
 # Patches for the evolution library
 Patch200: openldap-2.4.6-evolution-ntlm.patch
@@ -140,7 +140,7 @@ pushd openldap-%{version}
 %patch6 -p1 -b .gethostbyname_r
 %patch9 -p1 -b .smbk5pwd
 %patch10 -p1 -b .multilib
-%patch11 -p1 -b .file_option
+%patch11 -p1 -b .options
 
 cp %{_datadir}/libtool/config/config.{sub,guess} build/
 popd
@@ -604,6 +604,11 @@ fi
 %attr(0644,root,root)      %{evolution_connector_libdir}/*.a
 
 %changelog
+* Thu Apr 09 2009 Jan Zeleny <jzeleny@redhat.com> 2.4.15-3
+- extended previous patch (#481310) to remove options cfMP
+  from some client tools
+- correction of patch setugid (#494330)
+
 * Thu Mar 26 2009 Jan Zeleny <jzeleny@redhat.com> 2.4.15-2
 - removed -f option from some client tools (#481310)