From da8543f19e23dfbf9f3bc6978056cef50497c065 Mon Sep 17 00:00:00 2001 From: Jan Zeleny Date: Thu, 9 Apr 2009 14:03:02 +0000 Subject: [PATCH] Correction of setugid patch, removed c,M and P options from some client utilities --- openldap-2.2.13-setugid.patch | 2 +- openldap-2.4.12-options.patch | 112 ++++++++++++++++++++++++++++++ openldap-2.4.15-file-option.patch | 55 --------------- openldap.spec | 11 ++- 4 files changed, 121 insertions(+), 59 deletions(-) create mode 100644 openldap-2.4.12-options.patch delete mode 100644 openldap-2.4.15-file-option.patch diff --git a/openldap-2.2.13-setugid.patch b/openldap-2.2.13-setugid.patch index 8f55658..9cb7db7 100644 --- a/openldap-2.2.13-setugid.patch +++ b/openldap-2.2.13-setugid.patch @@ -8,7 +8,7 @@ diff -up openldap-2.4.14/libraries/libldap/init.c.setugid openldap-2.4.14/librar #ifdef HAVE_GETEUID - if ( geteuid() != getuid() ) -+ if ( geteuid() != getuid() || getegid() == getgid() ) ++ if ( geteuid() != getuid() || getegid() != getgid() ) return; #endif diff --git a/openldap-2.4.12-options.patch b/openldap-2.4.12-options.patch new file mode 100644 index 0000000..bfc6a6c --- /dev/null +++ b/openldap-2.4.12-options.patch @@ -0,0 +1,112 @@ +--- openldap/clients/tools/common.c 2009-04-09 11:37:06.000000000 +0200 ++++ openldap/clients/tools/common.c.option 2009-04-09 14:52:23.000000000 +0200 +@@ -267,7 +267,6 @@ void + tool_common_usage( void ) + { + static const char *const descriptions[] = { +-N_(" -c continuous operation mode (do not stop on errors)\n"), + N_(" -d level set LDAP debugging level to `level'\n"), + N_(" -D binddn bind DN\n"), + N_(" -e [!][=] general extensions (! indicates criticality)\n") +@@ -298,18 +297,15 @@ N_(" [!]sessiontracking\n") + N_(" abandon, cancel, ignore (SIGINT sends abandon/cancel,\n" + " or ignores response; if critical, doesn't wait for SIGINT.\n" + " not really controls)\n") +-N_(" -f file read operations from `file'\n"), + N_(" -h host LDAP server\n"), + N_(" -H URI LDAP Uniform Resource Identifier(s)\n"), + N_(" -I use SASL Interactive mode\n"), +-N_(" -M enable Manage DSA IT control (-MM to make critical)\n"), + N_(" -n show what would be done but don't actually do it\n"), + N_(" -N do not use reverse DNS to canonicalize SASL host name\n"), + N_(" -O props SASL security properties\n"), + N_(" -o [= (in seconds, or \"none\" or \"max\")\n"), + N_(" -p port port on LDAP server\n"), +-N_(" -P version protocol version (default: 3)\n"), + N_(" -Q use SASL Quiet mode\n"), + N_(" -R realm SASL realm\n"), + N_(" -U authcid SASL authentication identity\n"), + +--- openldap/clients/tools/ldapcompare.c 2009-04-09 11:37:06.000000000 +0200 ++++ openldap/clients/tools/ldapcompare.c.option 2009-04-09 14:46:37.000000000 +0200 +@@ -85,6 +85,8 @@ usage( void ) + fprintf( stderr, _("Compare options:\n")); + fprintf( stderr, _(" -E [!][=] compare extensions (! indicates criticality)\n")); + fprintf( stderr, _(" !dontUseCopy (Don't Use Copy)\n")); ++ fprintf( stderr, _(" -M enable Manage DSA IT control (-MM to make critical)\n")); ++ fprintf( stderr, _(" -P version protocol version (default: 3)\n")); + fprintf( stderr, _(" -z Quiet mode," + " don't print anything, use return values\n")); + tool_common_usage(); + +--- openldap/clients/tools/ldapdelete.c 2009-04-09 11:37:06.000000000 +0200 ++++ openldap/clients/tools/ldapdelete.c.option 2009-04-09 14:48:48.000000000 +0200 +@@ -71,6 +71,10 @@ usage( void ) + fprintf( stderr, _(" dn: list of DNs to delete. If not given, it will be readed from stdin\n")); + fprintf( stderr, _(" or from the file specified with \"-f file\".\n")); + fprintf( stderr, _("Delete Options:\n")); ++ fprintf( stderr, _(" -c continuous operation mode (do not stop on errors)\n")); ++ fprintf( stderr, _(" -f file read operations from `file'\n")); ++ fprintf( stderr, _(" -M enable Manage DSA IT control (-MM to make critical)\n")); ++ fprintf( stderr, _(" -P version protocol version (default: 3)\n")); + fprintf( stderr, _(" -r delete recursively\n")); + tool_common_usage(); + exit( EXIT_FAILURE ); + +--- openldap/clients/tools/ldapmodify.c 2009-04-09 11:37:06.000000000 +0200 ++++ openldap/clients/tools/ldapmodify.c.option 2009-04-09 14:50:14.000000000 +0200 +@@ -137,8 +137,12 @@ usage( void ) + fprintf( stderr, _("Add or modify options:\n")); + fprintf( stderr, _(" -a add values (%s)\n"), + (ldapadd ? _("default") : _("default is to replace"))); ++ fprintf( stderr, _(" -c continuous operation mode (do not stop on errors)\n")); + fprintf( stderr, _(" -E [!]ext=extparam modify extensions" + " (! indicate s criticality)\n")); ++ fprintf( stderr, _(" -f file read operations from `file'\n")); ++ fprintf( stderr, _(" -M enable Manage DSA IT control (-MM to make critical)\n")); ++ fprintf( stderr, _(" -P version protocol version (default: 3)\n")); + #ifdef LDAP_X_TXN + fprintf( stderr, + _(" [!]txn= (transaction)\n")); + +--- openldap/clients/tools/ldapmodrdn.c 2009-04-09 11:37:06.000000000 +0200 ++++ openldap/clients/tools/ldapmodrdn.c.option 2009-04-09 14:50:40.000000000 +0200 +@@ -83,6 +83,10 @@ usage( void ) + fprintf( stderr, _(" If not given, the list of modifications is read from stdin or\n")); + fprintf( stderr, _(" from the file specified by \"-f file\" (see man page).\n")); + fprintf( stderr, _("Rename options:\n")); ++ fprintf( stderr, _(" -c continuous operation mode (do not stop on errors)\n")); ++ fprintf( stderr, _(" -f file read operations from `file'\n")); ++ fprintf( stderr, _(" -M enable Manage DSA IT control (-MM to make critical)\n")); ++ fprintf( stderr, _(" -P version protocol version (default: 3)\n")); + fprintf( stderr, _(" -r remove old RDN\n")); + fprintf( stderr, _(" -s newsup new superior entry\n")); + tool_common_usage(); + +--- openldap/clients/tools/ldapsearch.c 2009-04-09 11:37:06.000000000 +0200 ++++ openldap/clients/tools/ldapsearch.c.option 2009-04-09 14:51:51.000000000 +0200 +@@ -123,6 +123,7 @@ usage( void ) + fprintf( stderr, _(" -a deref one of never (default), always, search, or find\n")); + fprintf( stderr, _(" -A retrieve attribute names only (no values)\n")); + fprintf( stderr, _(" -b basedn base dn for search\n")); ++ fprintf( stderr, _(" -c continuous operation mode (do not stop on errors)\n")); + fprintf( stderr, _(" -E [!][=] search extensions (! indicates criticality)\n")); + fprintf( stderr, _(" [!]domainScope (domain scope)\n")); + fprintf( stderr, _(" !dontUseCopy (Don't Use Copy)\n")); +@@ -137,12 +138,15 @@ usage( void ) + fprintf( stderr, _(" [!]deref=derefAttr:attr[,...][;derefAttr:attr[,...][;...]]\n")); + #endif + fprintf( stderr, _(" [!]=: (generic control; no response handling)\n")); ++ fprintf( stderr, _(" -f file read operations from `file'\n")); + fprintf( stderr, _(" -F prefix URL prefix for files (default: %s)\n"), def_urlpre); + fprintf( stderr, _(" -l limit time limit (in seconds, or \"none\" or \"max\") for search\n")); + fprintf( stderr, _(" -L print responses in LDIFv1 format\n")); + fprintf( stderr, _(" -LL print responses in LDIF format without comments\n")); + fprintf( stderr, _(" -LLL print responses in LDIF format without comments\n")); + fprintf( stderr, _(" and version\n")); ++ fprintf( stderr, _(" -M enable Manage DSA IT control (-MM to make critical)\n")); ++ fprintf( stderr, _(" -P version protocol version (default: 3)\n")); + fprintf( stderr, _(" -s scope one of base, one, sub or children (search scope)\n")); + fprintf( stderr, _(" -S attr sort the results by attribute `attr'\n")); + fprintf( stderr, _(" -t write binary values to files in temporary directory\n")); diff --git a/openldap-2.4.15-file-option.patch b/openldap-2.4.15-file-option.patch deleted file mode 100644 index cfdf5a3..0000000 --- a/openldap-2.4.15-file-option.patch +++ /dev/null @@ -1,55 +0,0 @@ ---- openldap-2.4.15/clients/tools/common.c 2009-03-25 12:22:05.000000000 +0100 -+++ openldap-2.4.15/clients/tools/common.c.option 2009-03-25 12:22:10.000000000 +0100 -@@ -274,7 +274,6 @@ N_(" [!]sessiontracking\n") - N_(" abandon, cancel, ignore (SIGINT sends abandon/cancel,\n" - " or ignores response; if critical, doesn't wait for SIGINT.\n" - " not really controls)\n") --N_(" -f file read operations from `file'\n"), - N_(" -h host LDAP server\n"), - N_(" -H URI LDAP Uniform Resource Identifier(s)\n"), - N_(" -I use SASL Interactive mode\n"), - ---- openldap-2.4.15/clients/tools/ldapdelete.c 2009-03-25 12:07:29.000000000 +0100 -+++ openldap-2.4.15/clients/tools/ldapdelete.c.option 2009-03-25 12:13:04.000000000 +0100 -@@ -71,6 +71,7 @@ usage( void ) - fprintf( stderr, _(" dn: list of DNs to delete. If not given, it will be readed from stdin\n")); - fprintf( stderr, _(" or from the file specified with \"-f file\".\n")); - fprintf( stderr, _("Delete Options:\n")); -+ fprintf( stderr, _(" -f file read operations from `file'\n")); - fprintf( stderr, _(" -r delete recursively\n")); - tool_common_usage(); - exit( EXIT_FAILURE ); - ---- openldap-2.4.15/clients/tools/ldapmodify.c 2009-03-25 12:07:50.000000000 +0100 -+++ openldap-2.4.15/clients/tools/ldapmodify.c.option 2009-03-25 12:12:52.000000000 +0100 -@@ -143,6 +143,7 @@ usage( void ) - fprintf( stderr, - _(" [!]txn= (transaction)\n")); - #endif -+ fprintf( stderr, _(" -f file read operations from `file'\n")); - fprintf( stderr, _(" -S file write skipped modifications to `file'\n")); - - tool_common_usage(); - ---- openldap-2.4.15/clients/tools/ldapmodrdn.c 2009-03-25 12:08:12.000000000 +0100 -+++ openldap-2.4.15/clients/tools/ldapmodrdn.c.option 2009-03-25 12:13:19.000000000 +0100 -@@ -83,6 +83,7 @@ usage( void ) - fprintf( stderr, _(" If not given, the list of modifications is read from stdin or\n")); - fprintf( stderr, _(" from the file specified by \"-f file\" (see man page).\n")); - fprintf( stderr, _("Rename options:\n")); -+ fprintf( stderr, _(" -f file read operations from `file'\n")); - fprintf( stderr, _(" -r remove old RDN\n")); - fprintf( stderr, _(" -s newsup new superior entry\n")); - tool_common_usage(); - ---- openldap-2.4.15/clients/tools/ldapsearch.c 2009-01-22 01:00:43.000000000 +0100 -+++ openldap-2.4.15/clients/tools/ldapsearch.c.option 2009-03-25 14:57:56.000000000 +0100 -@@ -137,6 +137,7 @@ usage( void ) - fprintf( stderr, _(" [!]deref=derefAttr:attr[,...][;derefAttr:attr[,...][;...]]\n")); - #endif - fprintf( stderr, _(" [!]=: (generic control; no response handling)\n")); -+ fprintf( stderr, _(" -f file read operations from `file'\n")); - fprintf( stderr, _(" -F prefix URL prefix for files (default: %s)\n"), def_urlpre); - fprintf( stderr, _(" -l limit time limit (in seconds, or \"none\" or \"max\") for search\n")); - fprintf( stderr, _(" -L print responses in LDIFv1 format\n")); - diff --git a/openldap.spec b/openldap.spec index 9be80ba..3448946 100644 --- a/openldap.spec +++ b/openldap.spec @@ -11,7 +11,7 @@ Summary: LDAP support libraries Name: openldap Version: %{version} -Release: 2%{?dist} +Release: 3%{?dist} License: OpenLDAP Group: System Environment/Daemons Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version}.tgz @@ -34,7 +34,7 @@ Patch5: openldap-2.4.6-nosql.patch Patch6: openldap-2.3.19-gethostbyXXXX_r.patch Patch9: openldap-2.3.37-smbk5pwd.patch Patch10: openldap-2.4.6-multilib.patch -Patch11: openldap-2.4.15-file-option.patch +Patch11: openldap-2.4.12-options.patch # Patches for the evolution library Patch200: openldap-2.4.6-evolution-ntlm.patch @@ -140,7 +140,7 @@ pushd openldap-%{version} %patch6 -p1 -b .gethostbyname_r %patch9 -p1 -b .smbk5pwd %patch10 -p1 -b .multilib -%patch11 -p1 -b .file_option +%patch11 -p1 -b .options cp %{_datadir}/libtool/config/config.{sub,guess} build/ popd @@ -604,6 +604,11 @@ fi %attr(0644,root,root) %{evolution_connector_libdir}/*.a %changelog +* Thu Apr 09 2009 Jan Zeleny 2.4.15-3 +- extended previous patch (#481310) to remove options cfMP + from some client tools +- correction of patch setugid (#494330) + * Thu Mar 26 2009 Jan Zeleny 2.4.15-2 - removed -f option from some client tools (#481310)