diff --git a/.gitignore b/.gitignore index 296dabc..6fb7efc 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -/openldap-2.4.25.tgz +/openldap-2.4.26.tgz diff --git a/openldap-export-ldif.patch b/openldap-export-ldif.patch deleted file mode 100644 index 506253f..0000000 --- a/openldap-export-ldif.patch +++ /dev/null @@ -1,18 +0,0 @@ -Add 'ldif.h' into -devel subpackage. 'libldif' was removed by upstrem and the symbols -were moved to 'libldap'. But the interface is missing. - -Author: Jan Vcelak - -diff -uNPrp openldap-2.4.25/include/Makefile.in openldap-2.4.25.ldif/include/Makefile.in ---- openldap-2.4.25/include/Makefile.in 2011-01-05 00:49:52.000000000 +0100 -+++ openldap-2.4.25.ldif/include/Makefile.in 2011-06-27 17:13:57.629416190 +0200 -@@ -20,7 +20,8 @@ install-local: FORCE - for header in $(srcdir)/lber.h lber_types.h \ - $(srcdir)/ldap.h $(srcdir)/ldap_cdefs.h \ - $(srcdir)/ldap_schema.h $(srcdir)/ldap_utf8.h \ -- $(srcdir)/slapi-plugin.h ldap_features.h; \ -+ $(srcdir)/slapi-plugin.h ldap_features.h \ -+ $(srcdir)/ldif.h; \ - do \ - $(INSTALL) $(INSTALLFLAGS) -m 644 $$header $(DESTDIR)$(includedir); \ - done diff --git a/openldap-ldapexop-double-free.patch b/openldap-ldapexop-double-free.patch deleted file mode 100644 index 5d4b2dd..0000000 --- a/openldap-ldapexop-double-free.patch +++ /dev/null @@ -1,28 +0,0 @@ -Segmentation fault fix caused by double free in ldapexop. - -Resolves: #699683 -Author: Jan Vcelak -Upstream: ITS #6946, git 3fcf2b1 - -diff --git a/clients/tools/ldapexop.c b/clients/tools/ldapexop.c -index f17e085..316eca1 100644 ---- a/clients/tools/ldapexop.c -+++ b/clients/tools/ldapexop.c -@@ -247,7 +247,7 @@ main( int argc, char *argv[] ) - char *retoid = NULL; - struct berval *retdata = NULL; - -- rc = ldap_parse_extended_result( ld, res, &retoid, &retdata, 1 ); -+ rc = ldap_parse_extended_result( ld, res, &retoid, &retdata, 0 ); - - if ( rc != LDAP_SUCCESS ) { - tool_perror( "ldap_parse_extended_result", rc, NULL, NULL, NULL, NULL ); -@@ -294,7 +294,7 @@ main( int argc, char *argv[] ) - printf(_("# extended operation response\n")); - } - -- rc = ldap_parse_extended_result( ld, res, &retoid, &retdata, 1 ); -+ rc = ldap_parse_extended_result( ld, res, &retoid, &retdata, 0 ); - if ( rc != LDAP_SUCCESS ) { - tool_perror( "ldap_parse_extended_result", rc, NULL, NULL, NULL, NULL ); - rc = EXIT_FAILURE; diff --git a/openldap-nss-cacertdir-soft-error.patch b/openldap-nss-cacertdir-soft-error.patch deleted file mode 100644 index 3da419a..0000000 --- a/openldap-nss-cacertdir-soft-error.patch +++ /dev/null @@ -1,68 +0,0 @@ -Connection fails if TLS_CACERTDIR doesn't exist but TLS_REQCERT is set to 'never' - -Resolves: #716854 -Author: Rich Megginson -Upstream: ITS #6975, git 7e528ae - -diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c -index 911885d..7be703b 100644 ---- a/libraries/libldap/tls_m.c -+++ b/libraries/libldap/tls_m.c -@@ -1320,7 +1320,7 @@ static int - tlsm_init_ca_certs( tlsm_ctx *ctx, const char *cacertfile, const char *cacertdir ) - { - PRBool isca = PR_TRUE; -- PRStatus status = PR_FAILURE; -+ PRStatus status = PR_SUCCESS; - PRErrorCode errcode = PR_SUCCESS; - - if ( !cacertfile && !cacertdir ) { -@@ -1336,14 +1336,24 @@ tlsm_init_ca_certs( tlsm_ctx *ctx, const char *cacertfile, const char *cacertdir - "TLS: %s is not a valid CA certificate file - error %d:%s.\n", - cacertfile, errcode, - PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) ); -+ /* failure with cacertfile is a hard failure even if cacertdir is -+ also specified and contains valid CA cert files */ -+ status = PR_FAILURE; - } else { - Debug( LDAP_DEBUG_TRACE, - "TLS: loaded CA certificate file %s.\n", - cacertfile, 0, 0 ); -- status = PR_SUCCESS; /* have at least one good CA - we can proceed */ - } - } - -+ /* if cacertfile above failed, we will return failure, even -+ if there is a valid CA cert in cacertdir - but we still -+ process cacertdir in case the user has enabled trace level -+ debugging so they can see the processing for cacertdir too */ -+ /* any cacertdir failures are "soft" failures - if the user specifies -+ no cert checking, then we allow the tls/ssl to continue, no matter -+ what was specified for cacertdir, or the contents of the directory -+ - this is different behavior than that of cacertfile */ - if ( cacertdir ) { - PRFileInfo fi; - PRDir *dir; -@@ -1397,7 +1407,6 @@ tlsm_init_ca_certs( tlsm_ctx *ctx, const char *cacertfile, const char *cacertdir - Debug( LDAP_DEBUG_TRACE, - "TLS: loaded CA certificate file %s from CA certificate directory %s.\n", - fullpath, cacertdir, 0 ); -- status = PR_SUCCESS; /* found at least 1 valid CA file in the dir */ - } else { - errcode = PR_GetError(); - Debug( LDAP_DEBUG_TRACE, -@@ -1412,14 +1421,6 @@ tlsm_init_ca_certs( tlsm_ctx *ctx, const char *cacertfile, const char *cacertdir - } - done: - if ( status != PR_SUCCESS ) { -- const char *fmtstr = NULL; -- if ( cacertfile && cacertdir ) { -- fmtstr = "TLS: did not find any valid CA certificates in %s or %s\n"; -- } else { -- fmtstr = "TLS: did not find any valid CA certificates in %s%s\n"; -- } -- Debug( LDAP_DEBUG_ANY, fmtstr, cacertdir ? cacertdir : "", -- cacertfile ? cacertfile : "", 0 ); - return -1; - } - diff --git a/openldap-nss-nofork.patch b/openldap-nss-nofork.patch deleted file mode 100644 index 87c8c2b..0000000 --- a/openldap-nss-nofork.patch +++ /dev/null @@ -1,19 +0,0 @@ -fix: OpenLDAP can't use TLS after a fork() - -Resolves: #636956 -Upstream ITS: #6862 -Author: Rich Megginson - ---- openldap-2.4.24.orig/libraries/libldap/tls_m.c -+++ openldap-2.4.24/libraries/libldap/tls_m.c -@@ -2890,7 +2890,9 @@ - * context in the child. - */ - if ( !nofork ) { -- PR_SetEnv( "NSS_STRICT_NOFORK=DISABLED" ); -+ /* will leak one time */ -+ char *noforkenvvar = PL_strdup( "NSS_STRICT_NOFORK=DISABLED" ); -+ PR_SetEnv( noforkenvvar ); - } - - return 0; diff --git a/openldap-segfault-ldif-indent.patch b/openldap-segfault-ldif-indent.patch deleted file mode 100644 index f7ee4d0..0000000 --- a/openldap-segfault-ldif-indent.patch +++ /dev/null @@ -1,19 +0,0 @@ -Segmentation fault of client tool when input LDIF line is splitted but not indented correctly. - -Resolves: #716855 -Author: Howard Chu -Upstream: ITS#6978, git 4b057bc - -diff --git a/clients/tools/ldapmodify.c b/clients/tools/ldapmodify.c -index 7cd9774..2d11045 100644 ---- a/clients/tools/ldapmodify.c -+++ b/clients/tools/ldapmodify.c -@@ -449,7 +449,7 @@ process_ldif_rec( char *rbuf, int linenum ) - fprintf( stderr, _("%s: invalid format (line %d) entry: \"%s\"\n"), - prog, linenum+i, dn == NULL ? "" : dn ); - rc = LDAP_PARAM_ERROR; -- break; -+ goto leave; - } - freeval[i] = freev; - diff --git a/openldap-segfault-ldif-nl-end.patch b/openldap-segfault-ldif-nl-end.patch deleted file mode 100644 index ac87b43..0000000 --- a/openldap-segfault-ldif-nl-end.patch +++ /dev/null @@ -1,31 +0,0 @@ -commit 83814a220fb70db8344469dc3e2db5357b36fc5c -Author: Jan Vcelak -Date: Mon Jun 20 17:31:57 2011 +0200 - - ITS#6947 Handle missing '\n' termination in LDIF input - -diff --git a/libraries/libldap/ldif.c b/libraries/libldap/ldif.c -index 0ee7849..0bc35bb 100644 ---- a/libraries/libldap/ldif.c -+++ b/libraries/libldap/ldif.c -@@ -842,11 +842,16 @@ ldif_read_record( - - if ( fgets( line, sizeof( line ), lfp->fp ) == NULL ) { - stop = 1; -- /* Add \n in case the file does not end with newline */ -- line[0] = '\n'; -- line[1] = '\0'; -+ len = 0; -+ } else { -+ len = strlen( line ); -+ } -+ -+ if ( len == 0 || line[len-1] != '\n' ) { -+ /* Add \n in case the line/file does not end with newline */ -+ line[len] = '\n'; -+ line[++len] = '\0'; - } -- len = strlen( line ); - - if ( last_ch == '\n' ) { - (*lno)++; diff --git a/openldap.spec b/openldap.spec index d1207d5..b5b6db2 100644 --- a/openldap.spec +++ b/openldap.spec @@ -5,7 +5,7 @@ %define evolution_connector_libdir %{evolution_connector_prefix}/%{_lib} Name: openldap -Version: 2.4.25 +Version: 2.4.26 Release: 1%{?dist} Summary: LDAP support libraries Group: System Environment/Daemons @@ -23,15 +23,9 @@ Patch0: openldap-manpages.patch Patch1: openldap-security-pie.patch Patch2: openldap-sql-linking.patch Patch3: openldap-reentrant-gethostby.patch -Patch4: openldap-export-ldif.patch -Patch5: openldap-smbk5pwd-overlay.patch -Patch6: openldap-ldaprc-currentdir.patch -Patch7: openldap-userconfig-setgid.patch -Patch8: openldap-nss-nofork.patch -Patch9: openldap-nss-cacertdir-soft-error.patch -Patch10: openldap-ldapexop-double-free.patch -Patch11: openldap-segfault-ldif-indent.patch -Patch12: openldap-segfault-ldif-nl-end.patch +Patch4: openldap-smbk5pwd-overlay.patch +Patch5: openldap-ldaprc-currentdir.patch +Patch6: openldap-userconfig-setgid.patch # patches for the evolution library (see README.evolution) Patch200: openldap-evolution-ntlm.patch @@ -128,15 +122,9 @@ pushd openldap-%{version} %patch1 -p1 -b .security-pie %patch2 -p1 -b .sql-linking %patch3 -p1 -b .reentrant-gethostby -%patch4 -p1 -b .export-ldif -%patch5 -p1 -b .smbk5pwd-overlay -%patch6 -p1 -b .ldaprc-currentdir -%patch7 -p1 -b .userconfig-setgid -%patch8 -p1 -b .nss-nofork -%patch9 -p1 -b .nss-cacertdir-soft-error -%patch10 -p1 -b .ldapexop-double-free -%patch11 -p1 -b .segfault-ldif-indent -%patch12 -p1 -b .segfault-ldif-nl-end +%patch4 -p1 -b .smbk5pwd-overlay +%patch5 -p1 -b .ldaprc-currentdir +%patch6 -p1 -b .userconfig-setgid cp %{_datadir}/libtool/config/config.{sub,guess} build/ @@ -659,6 +647,9 @@ exit 0 %attr(0644,root,root) %{evolution_connector_libdir}/*.a %changelog +* Wed Jul 20 2011 Jan Vcelak 2.4.26-1 +- rebase to new upstream release + * Mon Jun 27 2011 Jan Vcelak 2.4.25-1 - rebase to new upstream release - change default database type from BDB to HDB diff --git a/sources b/sources index fa8c395..e809d56 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -ec63f9c2add59f323a0459128846905b openldap-2.4.25.tgz +f36f3086031dd56ae94f722ffae8df5e openldap-2.4.26.tgz