From dae8c83930ee9ba73dd3aa2c659cd044643b9360 Mon Sep 17 00:00:00 2001 From: Simon Pichugin Date: Wed, 7 Feb 2024 17:11:58 -0800 Subject: [PATCH] Rebase to version 2.6.7 Use systemd-sysusers for ldap user and group Fix compiler errors Replace License with SPDX identifier Resolves: rhbz#2261163, rhbz#2173965, rhbz#2261427 --- .gitignore | 1 + openldap-explicitly-cast-private-values.patch | 70 +++++++++++++++++++ ...i-fix-plugin-plugin_pblock_new-usage.patch | 23 ++++++ openldap.spec | 44 ++++++++---- openldap.sysusers | 3 + sources | 2 +- 6 files changed, 129 insertions(+), 14 deletions(-) create mode 100644 openldap-explicitly-cast-private-values.patch create mode 100644 openldap-slapi-fix-plugin-plugin_pblock_new-usage.patch create mode 100644 openldap.sysusers diff --git a/.gitignore b/.gitignore index 64d058d..3feae2b 100644 --- a/.gitignore +++ b/.gitignore @@ -38,3 +38,4 @@ /openldap-2.6.4.tgz /openldap-2.6.5.tgz /openldap-2.6.6.tgz +/openldap-2.6.7.tgz diff --git a/openldap-explicitly-cast-private-values.patch b/openldap-explicitly-cast-private-values.patch new file mode 100644 index 0000000..80daad6 --- /dev/null +++ b/openldap-explicitly-cast-private-values.patch @@ -0,0 +1,70 @@ +From fb9e6a81bbee880549e7ec18f0a74ddddbd2d1ab Mon Sep 17 00:00:00 2001 +From: Stephen Gallagher +Date: Tue, 6 Feb 2024 21:38:24 -0500 +Subject: [PATCH] ITS#10171 - Explicitly cast private values + +Fixes issues with -Werror=incompatible-pointer-types + +Signed-off-by: Stephen Gallagher +--- + servers/slapd/config.c | 2 +- + servers/slapd/overlays/constraint.c | 2 +- + servers/slapd/overlays/dyngroup.c | 2 +- + servers/slapd/overlays/valsort.c | 2 +- + 4 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/servers/slapd/config.c b/servers/slapd/config.c +index 80333f359c..987c862d91 100644 +--- a/servers/slapd/config.c ++++ b/servers/slapd/config.c +@@ -151,7 +151,7 @@ int config_check_vals(ConfigTable *Conf, ConfigArgs *c, int check_only ) { + int rc, arg_user, arg_type, arg_syn, iarg; + unsigned uiarg; + long larg; +- size_t ularg; ++ unsigned long ularg; + ber_len_t barg; + + if(Conf->arg_type == ARG_IGNORED) { +diff --git a/servers/slapd/overlays/constraint.c b/servers/slapd/overlays/constraint.c +index f939b37762..0d6156af4d 100644 +--- a/servers/slapd/overlays/constraint.c ++++ b/servers/slapd/overlays/constraint.c +@@ -557,7 +557,7 @@ done:; + a2->restrict_filter = ap.restrict_filter; + a2->restrict_val = ap.restrict_val; + +- for ( app = &on->on_bi.bi_private; *app; app = &(*app)->ap_next ) ++ for ( app = (constraint **)&on->on_bi.bi_private; *app; app = &(*app)->ap_next ) + /* Get to the end */ ; + + a2->ap_next = *app; +diff --git a/servers/slapd/overlays/dyngroup.c b/servers/slapd/overlays/dyngroup.c +index 5d890d6650..e0e70af2d9 100644 +--- a/servers/slapd/overlays/dyngroup.c ++++ b/servers/slapd/overlays/dyngroup.c +@@ -111,7 +111,7 @@ static int dgroup_cf( ConfigArgs *c ) + */ + a2 = ch_malloc( sizeof(adpair) ); + +- for ( app = &on->on_bi.bi_private; *app; app = &(*app)->ap_next ) ++ for ( app = (adpair **)&on->on_bi.bi_private; *app; app = &(*app)->ap_next ) + /* Get to the end */ ; + + a2->ap_mem = ap.ap_mem; +diff --git a/servers/slapd/overlays/valsort.c b/servers/slapd/overlays/valsort.c +index 3d998e2fcb..e251500d0b 100644 +--- a/servers/slapd/overlays/valsort.c ++++ b/servers/slapd/overlays/valsort.c +@@ -201,7 +201,7 @@ valsort_cf_func(ConfigArgs *c) { + return(1); + } + +- for ( vip = &on->on_bi.bi_private; *vip; vip = &(*vip)->vi_next ) ++ for ( vip = (valsort_info **)&on->on_bi.bi_private; *vip; vip = &(*vip)->vi_next ) + /* Get to the end */ ; + + vi = ch_malloc( sizeof(valsort_info) ); +-- +GitLab + diff --git a/openldap-slapi-fix-plugin-plugin_pblock_new-usage.patch b/openldap-slapi-fix-plugin-plugin_pblock_new-usage.patch new file mode 100644 index 0000000..dda0f52 --- /dev/null +++ b/openldap-slapi-fix-plugin-plugin_pblock_new-usage.patch @@ -0,0 +1,23 @@ +From c7a4bd27f5dcf93806972aab236001f1d4801e80 Mon Sep 17 00:00:00 2001 +From: Howard Chu +Date: Wed, 31 Jan 2024 16:00:30 +0000 +Subject: [PATCH] ITS#10166 slapi: fix plugin.c plugin_pblock_new() usage + +Broken in 9142da8eaf691720f7d6288954250ef085bd3da0 +--- + servers/slapd/slapi/plugin.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/servers/slapd/slapi/plugin.c b/servers/slapd/slapi/plugin.c +index ca5dbead59..bfa5c10344 100644 +--- a/servers/slapd/slapi/plugin.c ++++ b/servers/slapd/slapi/plugin.c +@@ -694,7 +694,7 @@ slapi_int_read_config( + int rc; + Slapi_PBlock *pPlugin; + +- pPlugin = plugin_pblock_new( iType, numPluginArgc, c->argv ); ++ pPlugin = plugin_pblock_new( iType, numPluginArgc, c ); + if (pPlugin == NULL) { + return 1; + } diff --git a/openldap.spec b/openldap.spec index ddad919..9398229 100644 --- a/openldap.spec +++ b/openldap.spec @@ -13,10 +13,10 @@ %global __brp_remove_la_files %nil Name: openldap -Version: 2.6.6 -Release: 3%{?dist} +Version: 2.6.7 +Release: 1%{?dist} Summary: LDAP support libraries -License: OpenLDAP +License: OLDAP-2.8 URL: http://www.openldap.org/ Source0: https://openldap.org/software/download/OpenLDAP/openldap-release/openldap-%{version}.tgz @@ -25,6 +25,7 @@ Source2: slapd.tmpfiles Source3: slapd.ldif Source4: ldap.conf Source5: UPGRADE_INSTRUCTIONS +Source6: openldap.sysusers Source10: https://github.com/ltb-project/openldap-ppolicy-check-password/archive/v%{check_password_version}/openldap-ppolicy-check-password-%{check_password_version}.tar.gz Source50: libexec-functions Source52: libexec-check-config.sh @@ -46,6 +47,8 @@ Patch6: openldap-switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.patch # System-wide default for CA certs Patch7: openldap-openssl-manpage-defaultCA.patch Patch8: openldap-add-export-symbols-LDAP_CONNECTIONLESS.patch +Patch9: openldap-slapi-fix-plugin-plugin_pblock_new-usage.patch +Patch10: openldap-explicitly-cast-private-values.patch # check-password module specific patches Patch90: check-password-makefile.patch @@ -116,6 +119,8 @@ License: OpenLDAP Requires: openldap%{?_isa} = %{version}-%{release} Requires(pre): shadow-utils BuildRequires: systemd +BuildRequires: systemd-rpm-macros +%{?sysusers_requires_compat} BuildRequires: cracklib-devel # migrationtools (slapadd functionality): Provides: ldif2ldbm @@ -146,14 +151,16 @@ programs needed for accessing and modifying OpenLDAP directories. %setup -q -c -a 0 -a 10 pushd openldap-%{version} -%patch0 -p1 -%patch1 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 +%patch -P0 -p1 +%patch -P1 -p1 +%patch -P3 -p1 +%patch -P4 -p1 +%patch -P5 -p1 +%patch -P6 -p1 +%patch -P7 -p1 +%patch -P8 -p1 +%patch -P9 -p1 +%patch -P10 -p1 # build smbk5pwd with other overlays ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays @@ -174,8 +181,8 @@ done popd pushd openldap-ppolicy-check-password-%{check_password_version} -%patch90 -p1 -%patch91 -p1 +%patch -P90 -p1 +%patch -P91 -p1 popd %build @@ -237,6 +244,7 @@ popd %install mkdir -p %{buildroot}%{_libdir}/ +install -p -D -m 0644 %{SOURCE6} %{buildroot}%{_sysusersdir}/openldap.conf pushd openldap-%{version} %make_install STRIP_OPTS="" @@ -368,6 +376,9 @@ rm %{buildroot}%{_libdir}/*.la # because we do not want files in %{_libdir}/ope %pre servers # create ldap user and group +# sysusers.d format https://fedoraproject.org/wiki/Changes/Adopting_sysusers.d_format +%sysusers_create_compat %{SOURCE6} + getent group ldap &>/dev/null || groupadd -r -g 55 ldap getent passwd ldap &>/dev/null || \ useradd -r -g ldap -u 55 -d %{_sharedstatedir}/ldap -s /sbin/nologin -c "OpenLDAP server" ldap @@ -480,6 +491,7 @@ exit 0 %{_mandir}/man5/slapd*.5* %{_mandir}/man5/slapo-*.5* %{_mandir}/man5/slappw-argon2.5* +%{_sysusersdir}/openldap.conf # obsolete configuration %ghost %config(noreplace,missingok) %attr(0640,ldap,ldap) %{_sysconfdir}/openldap/slapd.conf @@ -504,6 +516,12 @@ exit 0 %{_libdir}/libslapi-2.4*.so.* %changelog +* Fri Feb 9 2024 Simon Pichugin - 2.6.7-1 +- Rebase to version 2.6.7 (rhbz#2261163) +- Use systemd-sysusers for ldap user and group (rhbz#2173965) +- Fix compiler errors (rhbz#2261427) +- Replace License with SPDX identifier + * Thu Jan 25 2024 Fedora Release Engineering - 2.6.6-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild diff --git a/openldap.sysusers b/openldap.sysusers new file mode 100644 index 0000000..37ef083 --- /dev/null +++ b/openldap.sysusers @@ -0,0 +1,3 @@ +#Type Name ID GECOS Home directory Shell +g ldap 55 +u ldap 55:55 "OpenLDAP server" /var/lib/ldap /sbin/nologin diff --git a/sources b/sources index f38b7f6..d27ec13 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ SHA512 (openldap-ppolicy-check-password-1.1.tar.gz) = a92854d7438cb95fac361da80a49d084d502155e8ce0ad2ea679db9529bbe0182aa4354e6139793c775e496349375d8f017678941d23315ff1c20fefc9573cdc -SHA512 (openldap-2.6.6.tgz) = 0e800807b23f090b465dc18c2f0d342585f96768543b3298b85d17c18272d1c5576a66326d30b3520cac493cbd2ea70e309cd923bf19447c973a63d940619fa6 +SHA512 (openldap-2.6.7.tgz) = ea207b84fdb7bc6cdff2bc1201fcdde6a907f5766f9637589d956ca86ecf61d4e732ab7d80f33b18b691644e1f5fa39b00ff2c7f4084c9b85760ee693a7c451e