rpms/openldap
7
0
Fork 0
Code Issues Pull Requests Releases Activity

new upstream release (2.4.37)

Browse Source 
Resolves: #1023916
This commit is contained in:
Jan Synacek 2013-10-30 11:06:25 +01:00
parent 4f8940365c
commit f646d734cc
5 changed files with 7 additions and 305 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -8,3 +8,4 @@
/ltb-project-openldap-ppolicy-check-password-1.1.tar.gz
/openldap-2.4.35.tgz
/openldap-2.4.36.tgz
/openldap-2.4.37.tgz

257
openldap-cldap.patch
View File

@ -1,257 +0,0 @@
This is a 3-part patch that fixes connectionless ldap when used with IPv6.
================================================================================
Don't try to parse the result of a CLDAP bind request. Since these are
faked, no message is actually returned.
Author: Stef Walter <stefw@redhat.com>
Upstream commit: 5c919894779d67280fa26afdd94d99248fc38099
ITS: #7695
Backported-By: Jan Synacek <jsynacek@redhat.com>
--- a/clients/tools/common.c 2013-08-16 20:12:59.000000000 +0200
+++ b/clients/tools/common.c 2013-10-14 09:35:50.817033451 +0200
@@ -1521,11 +1521,13 @@ tool_bind( LDAP *ld )
tool_exit( ld, LDAP_LOCAL_ERROR );
}
- rc = ldap_parse_result( ld, result, &err, &matched, &info, &refs,
- &ctrls, 1 );
- if ( rc != LDAP_SUCCESS ) {
- tool_perror( "ldap_bind parse result", rc, NULL, matched, info, refs );
- tool_exit( ld, LDAP_LOCAL_ERROR );
+ if ( result ) {
+ rc = ldap_parse_result( ld, result, &err, &matched, &info, &refs,
+ &ctrls, 1 );
+ if ( rc != LDAP_SUCCESS ) {
+ tool_perror( "ldap_bind parse result", rc, NULL, matched, info, refs );
+ tool_exit( ld, LDAP_LOCAL_ERROR );
+ }
}
#ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST
================================================================================
commit d51ee964fc5e1f02b035811de0f95eee81c2789f
Author: Howard Chu <hyc@openldap.org>
Date: Thu Oct 10 10:48:08 2013 -0700
ITS#7694 more for IPv6 CLDAP, slapd fix
diff --git a/servers/slapd/connection.c b/servers/slapd/connection.c
index e169494..7ed3f63 100644
--- a/servers/slapd/connection.c
+++ b/servers/slapd/connection.c
@@ -1499,22 +1499,53 @@ connection_input( Connection *conn , conn_readinfo *cri )
#ifdef LDAP_CONNECTIONLESS
if ( conn->c_is_udp ) {
+#if defined(LDAP_PF_INET6)
+ char peername[sizeof("IP=[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]:65535")];
+ char addr[INET6_ADDRSTRLEN];
+#else
char peername[sizeof("IP=255.255.255.255:65336")];
+ char addr[INET_ADDRSTRLEN];
+#endif
const char *peeraddr_string = NULL;
- len = ber_int_sb_read(conn->c_sb, &peeraddr, sizeof(struct sockaddr));
- if (len != sizeof(struct sockaddr)) return 1;
+ len = ber_int_sb_read(conn->c_sb, &peeraddr, sizeof(Sockaddr));
+ if (len != sizeof(Sockaddr)) return 1;
+#if defined(LDAP_PF_INET6)
+ if (peeraddr.sa_addr.sa_family == AF_INET6) {
+ if ( IN6_IS_ADDR_V4MAPPED(&peeraddr.sa_in6_addr.sin6_addr) ) {
#if defined( HAVE_GETADDRINFO ) && defined( HAVE_INET_NTOP )
- char addr[INET_ADDRSTRLEN];
- peeraddr_string = inet_ntop( AF_INET, &peeraddr.sa_in_addr.sin_addr,
+ peeraddr_string = inet_ntop( AF_INET,
+ ((struct in_addr *)&peeraddr.sa_in6_addr.sin6_addr.s6_addr[12]),
+ addr, sizeof(addr) );
+#else /* ! HAVE_GETADDRINFO || ! HAVE_INET_NTOP */
+ peeraddr_string = inet_ntoa( *((struct in_addr *)
+ &peeraddr.sa_in6_addr.sin6_addr.s6_addr[12]) );
+#endif /* ! HAVE_GETADDRINFO || ! HAVE_INET_NTOP */
+ if ( !peeraddr_string ) peeraddr_string = SLAP_STRING_UNKNOWN;
+ sprintf( peername, "IP=%s:%d", peeraddr_string,
+ (unsigned) ntohs( peeraddr.sa_in6_addr.sin6_port ) );
+ } else {
+ peeraddr_string = inet_ntop( AF_INET6,
+ &peeraddr.sa_in6_addr.sin6_addr,
+ addr, sizeof addr );
+ if ( !peeraddr_string ) peeraddr_string = SLAP_STRING_UNKNOWN;
+ sprintf( peername, "IP=[%s]:%d", peeraddr_string,
+ (unsigned) ntohs( peeraddr.sa_in6_addr.sin6_port ) );
+ }
+ } else
+#endif
+#if defined( HAVE_GETADDRINFO ) && defined( HAVE_INET_NTOP )
+ {
+ peeraddr_string = inet_ntop( AF_INET, &peeraddr.sa_in_addr.sin_addr,
addr, sizeof(addr) );
#else /* ! HAVE_GETADDRINFO || ! HAVE_INET_NTOP */
- peeraddr_string = inet_ntoa( peeraddr.sa_in_addr.sin_addr );
+ peeraddr_string = inet_ntoa( peeraddr.sa_in_addr.sin_addr );
#endif /* ! HAVE_GETADDRINFO || ! HAVE_INET_NTOP */
- sprintf( peername, "IP=%s:%d",
- peeraddr_string,
- (unsigned) ntohs( peeraddr.sa_in_addr.sin_port ) );
+ sprintf( peername, "IP=%s:%d",
+ peeraddr_string,
+ (unsigned) ntohs( peeraddr.sa_in_addr.sin_port ) );
+ }
Statslog( LDAP_DEBUG_STATS,
"conn=%lu UDP request from %s (%s) accepted.\n",
conn->c_connid, peername, conn->c_sock_name.bv_val, 0, 0 );
================================================================================
commit 743a9783d57ea6b693e56f6545ac5d68dc9242c7
Author: Stef Walter <stefw@redhat.com>
Date: Thu Sep 12 15:49:36 2013 +0200
ITS#7694 Fix use of IPv6 with LDAP_CONNECTIONLESS
LDAP_CONNECTIONLESS code assumed that the size of an peer address
is equal to or smaller than sizeof (struct sockaddr).
Fix to use struct sockaddr_storage instead which is intended for
this purpose. Use getnameinfo() where appropriate so we don't
assume anything about the contents of struct sockaddr
diff --git a/libraries/liblber/sockbuf.c b/libraries/liblber/sockbuf.c
index d997e92..858c942 100644
--- a/libraries/liblber/sockbuf.c
+++ b/libraries/liblber/sockbuf.c
@@ -888,8 +888,8 @@ Sockbuf_IO ber_sockbuf_io_debug = {
*
* All I/O at this level must be atomic. For ease of use, the sb_readahead
* must be used above this module. All data reads and writes are prefixed
- * with a sockaddr containing the address of the remote entity. Upper levels
- * must read and write this sockaddr before doing the usual ber_printf/scanf
+ * with a sockaddr_storage containing the address of the remote entity. Upper levels
+ * must read and write this sockaddr_storage before doing the usual ber_printf/scanf
* operations on LDAP messages.
*/
@@ -914,13 +914,13 @@ sb_dgram_read( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len )
assert( SOCKBUF_VALID( sbiod->sbiod_sb ) );
assert( buf != NULL );
- addrlen = sizeof( struct sockaddr );
+ addrlen = sizeof( struct sockaddr_storage );
src = buf;
buf = (char *) buf + addrlen;
len -= addrlen;
rc = recvfrom( sbiod->sbiod_sb->sb_fd, buf, len, 0, src, &addrlen );
- return rc > 0 ? rc+sizeof(struct sockaddr) : rc;
+ return rc > 0 ? rc+sizeof(struct sockaddr_storage) : rc;
}
static ber_slen_t
@@ -934,11 +934,11 @@ sb_dgram_write( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len )
assert( buf != NULL );
dst = buf;
- buf = (char *) buf + sizeof( struct sockaddr );
- len -= sizeof( struct sockaddr );
+ buf = (char *) buf + sizeof( struct sockaddr_storage );
+ len -= sizeof( struct sockaddr_storage );
rc = sendto( sbiod->sbiod_sb->sb_fd, buf, len, 0, dst,
- sizeof( struct sockaddr ) );
+ sizeof( struct sockaddr_storage ) );
if ( rc < 0 ) return -1;
@@ -949,7 +949,7 @@ sb_dgram_write( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len )
# endif
return -1;
}
- rc = len + sizeof(struct sockaddr);
+ rc = len + sizeof(struct sockaddr_storage);
return rc;
}
diff --git a/libraries/libldap/abandon.c b/libraries/libldap/abandon.c
index d999b07..8fd9bc2 100644
--- a/libraries/libldap/abandon.c
+++ b/libraries/libldap/abandon.c
@@ -209,7 +209,7 @@ start_again:;
LDAP_NEXT_MSGID(ld, i);
#ifdef LDAP_CONNECTIONLESS
if ( LDAP_IS_UDP(ld) ) {
- struct sockaddr sa = {0};
+ struct sockaddr_storage sa = {0};
/* dummy, filled with ldo_peer in request.c */
err = ber_write( ber, (char *) &sa, sizeof(sa), 0 );
}
diff --git a/libraries/libldap/open.c b/libraries/libldap/open.c
index ba10939..ac35e99 100644
--- a/libraries/libldap/open.c
+++ b/libraries/libldap/open.c
@@ -314,8 +314,8 @@ ldap_init_fd(
LDAP_IS_UDP(ld) = 1;
if( ld->ld_options.ldo_peer )
ldap_memfree( ld->ld_options.ldo_peer );
- ld->ld_options.ldo_peer = ldap_memalloc( sizeof( struct sockaddr ) );
- len = sizeof( struct sockaddr );
+ ld->ld_options.ldo_peer = ldap_memcalloc( 1, sizeof( struct sockaddr_storage ) );
+ len = sizeof( struct sockaddr_storage );
if( getpeername ( fd, ld->ld_options.ldo_peer, &len ) < 0) {
ldap_unbind_ext( ld, NULL, NULL );
return( AC_SOCKET_ERROR );
diff --git a/libraries/libldap/os-ip.c b/libraries/libldap/os-ip.c
index b31e05d..90b92df 100644
--- a/libraries/libldap/os-ip.c
+++ b/libraries/libldap/os-ip.c
@@ -422,8 +422,8 @@ ldap_pvt_connect(LDAP *ld, ber_socket_t s,
if (LDAP_IS_UDP(ld)) {
if (ld->ld_options.ldo_peer)
ldap_memfree(ld->ld_options.ldo_peer);
- ld->ld_options.ldo_peer=ldap_memalloc(sizeof(struct sockaddr));
- AC_MEMCPY(ld->ld_options.ldo_peer,sin,sizeof(struct sockaddr));
+ ld->ld_options.ldo_peer=ldap_memcalloc(1, sizeof(struct sockaddr_storage));
+ AC_MEMCPY(ld->ld_options.ldo_peer,sin,addrlen);
return ( 0 );
}
#endif
diff --git a/libraries/libldap/request.c b/libraries/libldap/request.c
index fc2f4d0..4822a63 100644
--- a/libraries/libldap/request.c
+++ b/libraries/libldap/request.c
@@ -308,7 +308,7 @@ ldap_send_server_request(
ber_rewind( &tmpber );
LDAP_MUTEX_LOCK( &ld->ld_options.ldo_mutex );
rc = ber_write( &tmpber, ld->ld_options.ldo_peer,
- sizeof( struct sockaddr ), 0 );
+ sizeof( struct sockaddr_storage ), 0 );
LDAP_MUTEX_UNLOCK( &ld->ld_options.ldo_mutex );
if ( rc == -1 ) {
ld->ld_errno = LDAP_ENCODING_ERROR;
diff --git a/libraries/libldap/result.c b/libraries/libldap/result.c
index f2a6c7b..d293299 100644
--- a/libraries/libldap/result.c
+++ b/libraries/libldap/result.c
@@ -482,8 +482,8 @@ retry:
sock_errset(0);
#ifdef LDAP_CONNECTIONLESS
if ( LDAP_IS_UDP(ld) ) {
- struct sockaddr from;
- ber_int_sb_read( lc->lconn_sb, &from, sizeof(struct sockaddr) );
+ struct sockaddr_storage from;
+ ber_int_sb_read( lc->lconn_sb, &from, sizeof(struct sockaddr_storage) );
if ( ld->ld_options.ldo_version == LDAP_VERSION2 ) isv2 = 1;
}
nextresp3:
diff --git a/libraries/libldap/search.c b/libraries/libldap/search.c
index 3867b5b..b966d1a 100644
--- a/libraries/libldap/search.c
+++ b/libraries/libldap/search.c
@@ -305,7 +305,7 @@ ldap_build_search_req(
LDAP_NEXT_MSGID( ld, *idp );
#ifdef LDAP_CONNECTIONLESS
if ( LDAP_IS_UDP(ld) ) {
- struct sockaddr sa = {0};
+ struct sockaddr_storage sa = {0};
/* dummy, filled with ldo_peer in request.c */
err = ber_write( ber, (char *) &sa, sizeof( sa ), 0 );
}

39
openldap-doc3.patch
View File

@ -1,39 +0,0 @@
From 128a8c486e86b8e8c8d34f0eb9fdc0b580212e5b Mon Sep 17 00:00:00 2001
From: Jan Synacek <jsynacek@redhat.com>
Date: Tue, 3 Sep 2013 14:09:37 +0200
Subject: [PATCH] Fix typos in manpages.
---
doc/man/man1/ldapsearch.1 | 2 +-
doc/man/man5/slapd-passwd.5 | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/doc/man/man1/ldapsearch.1 b/doc/man/man1/ldapsearch.1
index 82ddddb..150f064 100644
--- a/doc/man/man1/ldapsearch.1
+++ b/doc/man/man1/ldapsearch.1
@@ -456,7 +456,7 @@ This command:
.fi
.LP
will perform a one-level search at the c=US level for all entries
-whose organization name (o) begins begins with \fBUniversity\fP.
+whose organization name (o) begins with \fBUniversity\fP.
The organization name and description attribute values will be retrieved
and printed to standard output, resulting in output similar to this:
.LP
diff --git a/doc/man/man5/slapd-passwd.5 b/doc/man/man5/slapd-passwd.5
index fbd30f2..2dc5c5d 100644
--- a/doc/man/man5/slapd-passwd.5
+++ b/doc/man/man5/slapd-passwd.5
@@ -13,7 +13,7 @@ serves up the user account information listed in the system
.BR passwd (5)
file. This backend is provided for demonstration purposes only.
The DN of each entry is "uid=<username>,<suffix>".
-Note that non-base searches scan the the entire passwd file, and
+Note that non-base searches scan the entire passwd file, and
are best suited for hosts with small passwd files.
.SH CONFIGURATION
This
--
1.8.3.1

13
openldap.spec
View File

@ -4,8 +4,8 @@
%global check_password_version 1.1
Name: openldap
Version: 2.4.36
Release: 4%{?dist}
Version: 2.4.37
Release: 1%{?dist}
Summary: LDAP support libraries
Group: System Environment/Daemons
License: OpenLDAP
@ -48,10 +48,6 @@ Patch16: openldap-nss-pk11-freeslot.patch
Patch19: openldap-switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.patch
# ldapi sasl fix pending upstream inclusion
Patch20: openldap-ldapi-sasl.patch
# more documentation fixes, upstreamed
Patch21: openldap-doc3.patch
# cldap fixes, upstreamed
Patch22: openldap-cldap.patch
# Fedora specific patches
Patch100: openldap-autoconf-pkgconfig-nss.patch
@ -168,8 +164,6 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi
%patch16 -p1
%patch19 -p1
%patch20 -p1
%patch21 -p1
%patch22 -p1
%patch102 -p1
@ -605,6 +599,9 @@ exit 0
%{_mandir}/man3/*
%changelog
* Wed Oct 30 2013 Jan Synáček <jsynacek@redhat.com> - 2.4.37-1
- new upstream release (#1023916)
* Mon Oct 21 2013 Jan Synáček <jsynacek@redhat.com> - 2.4.36-4
- fix: slapd daemon fails to start with segmentation fault on s390x (#1020661)

2
sources
View File

@ -1,2 +1,2 @@
744701405d396b1fb9de6cb7a453c6e9 openldap-2.4.36.tgz
49f0e9a77ddd0d49f88bf7233a51efa8 openldap-2.4.37.tgz
3535b7cd46dcf41c9a9480efa9e64618 ltb-project-openldap-ppolicy-check-password-1.1.tar.gz