From 9c0ef47ce4d4d90a9b2a5ba8a19c6231b46b0918 Mon Sep 17 00:00:00 2001 From: Jan Vcelak Date: Mon, 12 Sep 2011 18:42:53 +0200 Subject: [PATCH] fix: allow unsetting of tls_* syncrepl options Resolves: #734187 --- openldap-syncrepl-unset-tls-options.patch | 69 +++++++++++++++++++++++ openldap.spec | 3 + 2 files changed, 72 insertions(+) create mode 100644 openldap-syncrepl-unset-tls-options.patch diff --git a/openldap-syncrepl-unset-tls-options.patch b/openldap-syncrepl-unset-tls-options.patch new file mode 100644 index 0000000..51836a8 --- /dev/null +++ b/openldap-syncrepl-unset-tls-options.patch @@ -0,0 +1,69 @@ +allow unsetting of tls_* syncrepl options + +Author: Patrick Monnerat +Upstream ITS: #7042 +Resolves: #734187 + +--- + libraries/libldap/tls2.c | 16 ++++++++-------- + 1 files changed, 8 insertions(+), 8 deletions(-) + +diff --git a/libraries/libldap/tls2.c b/libraries/libldap/tls2.c +index 5c35fb5..4c9eb30 100644 +--- a/libraries/libldap/tls2.c ++++ b/libraries/libldap/tls2.c +@@ -731,27 +731,27 @@ ldap_pvt_tls_set_option( LDAP *ld, int option, void *arg ) + return 0; + case LDAP_OPT_X_TLS_CACERTFILE: + if ( lo->ldo_tls_cacertfile ) LDAP_FREE( lo->ldo_tls_cacertfile ); +- lo->ldo_tls_cacertfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL; ++ lo->ldo_tls_cacertfile = (arg && *(char *)arg) ? LDAP_STRDUP( (char *) arg ) : NULL; + return 0; + case LDAP_OPT_X_TLS_CACERTDIR: + if ( lo->ldo_tls_cacertdir ) LDAP_FREE( lo->ldo_tls_cacertdir ); +- lo->ldo_tls_cacertdir = arg ? LDAP_STRDUP( (char *) arg ) : NULL; ++ lo->ldo_tls_cacertdir = (arg && *(char *)arg) ? LDAP_STRDUP( (char *) arg ) : NULL; + return 0; + case LDAP_OPT_X_TLS_CERTFILE: + if ( lo->ldo_tls_certfile ) LDAP_FREE( lo->ldo_tls_certfile ); +- lo->ldo_tls_certfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL; ++ lo->ldo_tls_certfile = (arg && *(char *)arg) ? LDAP_STRDUP( (char *) arg ) : NULL; + return 0; + case LDAP_OPT_X_TLS_KEYFILE: + if ( lo->ldo_tls_keyfile ) LDAP_FREE( lo->ldo_tls_keyfile ); +- lo->ldo_tls_keyfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL; ++ lo->ldo_tls_keyfile = (arg && *(char *)arg) ? LDAP_STRDUP( (char *) arg ) : NULL; + return 0; + case LDAP_OPT_X_TLS_DHFILE: + if ( lo->ldo_tls_dhfile ) LDAP_FREE( lo->ldo_tls_dhfile ); +- lo->ldo_tls_dhfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL; ++ lo->ldo_tls_dhfile = (arg && *(char *)arg) ? LDAP_STRDUP( (char *) arg ) : NULL; + return 0; + case LDAP_OPT_X_TLS_CRLFILE: /* GnuTLS only */ + if ( lo->ldo_tls_crlfile ) LDAP_FREE( lo->ldo_tls_crlfile ); +- lo->ldo_tls_crlfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL; ++ lo->ldo_tls_crlfile = (arg && *(char *)arg) ? LDAP_STRDUP( (char *) arg ) : NULL; + return 0; + case LDAP_OPT_X_TLS_REQUIRE_CERT: + if ( !arg ) return -1; +@@ -779,7 +779,7 @@ ldap_pvt_tls_set_option( LDAP *ld, int option, void *arg ) + #endif + case LDAP_OPT_X_TLS_CIPHER_SUITE: + if ( lo->ldo_tls_ciphersuite ) LDAP_FREE( lo->ldo_tls_ciphersuite ); +- lo->ldo_tls_ciphersuite = arg ? LDAP_STRDUP( (char *) arg ) : NULL; ++ lo->ldo_tls_ciphersuite = (arg && *(char *)arg) ? LDAP_STRDUP( (char *) arg ) : NULL; + return 0; + + case LDAP_OPT_X_TLS_PROTOCOL_MIN: +@@ -790,7 +790,7 @@ ldap_pvt_tls_set_option( LDAP *ld, int option, void *arg ) + if ( ld != NULL ) + return -1; + if ( lo->ldo_tls_randfile ) LDAP_FREE (lo->ldo_tls_randfile ); +- lo->ldo_tls_randfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL; ++ lo->ldo_tls_randfile = (arg && *(char *)arg) ? LDAP_STRDUP( (char *) arg ) : NULL; + break; + case LDAP_OPT_X_TLS_NEWCTX: + if ( !arg ) return -1; +-- +1.7.6.1 + diff --git a/openldap.spec b/openldap.spec index 70dbc85..97469c5 100644 --- a/openldap.spec +++ b/openldap.spec @@ -41,6 +41,7 @@ Patch15: openldap-nss-wildcards.patch Patch16: openldap-dns-priority.patch Patch17: openldap-man-ldap-sync.patch Patch18: openldap-nss-handshake-threadsafe.patch +Patch19: openldap-syncrepl-unset-tls-options.patch # patches for the evolution library (see README.evolution) Patch200: openldap-evolution-ntlm.patch @@ -152,6 +153,7 @@ pushd openldap-%{version} %patch16 -p1 -b .dns-priority %patch17 -p1 -b .man-ldap-sync %patch18 -p1 -b .nss-handshake-threadsafe +%patch19 -p1 -b .syncrepl-unset-tls-options cp %{_datadir}/libtool/config/config.{sub,guess} build/ @@ -677,6 +679,7 @@ exit 0 %changelog * Mon Sep 12 2011 Jan Vcelak 2.4.26-3 - fix: SSL_ForceHandshake function is not thread safe (#701678) +- fix: allow unsetting of tls_* syncrepl options (#734187) * Wed Aug 24 2011 Jan Vcelak 2.4.26-2 - security hardening: library needs partial RELRO support added (#733071)