new upstream release (2.4.37)

Resolves: #1023916
2013-10-30 11:06:25 +01:00 · 2013-10-30 11:06:25 +01:00 · f646d734cc
parent 4f8940365c
commit f646d734cc
5 changed files with 7 additions and 305 deletions
--- a/.gitignore
+++ b/.gitignore
@ -8,3 +8,4 @@
 /ltb-project-openldap-ppolicy-check-password-1.1.tar.gz
 /openldap-2.4.35.tgz
 /openldap-2.4.36.tgz
+/openldap-2.4.37.tgz
--- a/openldap-cldap.patch
+++ b/openldap-cldap.patch
@ -1,257 +0,0 @@
-This is a 3-part patch that fixes connectionless ldap when used with IPv6.
-================================================================================
-Don't try to parse the result of a CLDAP bind request. Since these are
-faked, no message is actually returned.
-
-Author: Stef Walter <stefw@redhat.com>
-Upstream commit: 5c919894779d67280fa26afdd94d99248fc38099
-ITS: #7695
-Backported-By: Jan Synacek <jsynacek@redhat.com>
-
--- a/clients/tools/common.c	2013-08-16 20:12:59.000000000 +0200
-+++ b/clients/tools/common.c	2013-10-14 09:35:50.817033451 +0200
-@@ -1521,11 +1521,13 @@ tool_bind( LDAP *ld )
- 			tool_exit( ld, LDAP_LOCAL_ERROR );
- 		}
- 
-		rc = ldap_parse_result( ld, result, &err, &matched, &info, &refs,
-			&ctrls, 1 );
-		if ( rc != LDAP_SUCCESS ) {
-			tool_perror( "ldap_bind parse result", rc, NULL, matched, info, refs );
-			tool_exit( ld, LDAP_LOCAL_ERROR );
-+		if ( result ) {
-+			rc = ldap_parse_result( ld, result, &err, &matched, &info, &refs,
-+									&ctrls, 1 );
-+			if ( rc != LDAP_SUCCESS ) {
-+				tool_perror( "ldap_bind parse result", rc, NULL, matched, info, refs );
-+				tool_exit( ld, LDAP_LOCAL_ERROR );
-+			}
- 		}
- 
- #ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST
-================================================================================
-commit d51ee964fc5e1f02b035811de0f95eee81c2789f
-Author: Howard Chu <hyc@openldap.org>
-Date:   Thu Oct 10 10:48:08 2013 -0700
-
-    ITS#7694 more for IPv6 CLDAP, slapd fix
-
-diff --git a/servers/slapd/connection.c b/servers/slapd/connection.c
-index e169494..7ed3f63 100644
--- a/servers/slapd/connection.c
-+++ b/servers/slapd/connection.c
-@@ -1499,22 +1499,53 @@ connection_input( Connection *conn , conn_readinfo *cri )
- 
- #ifdef LDAP_CONNECTIONLESS
- 	if ( conn->c_is_udp ) {
-+#if defined(LDAP_PF_INET6)
-+		char peername[sizeof("IP=[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]:65535")];
-+		char addr[INET6_ADDRSTRLEN];
-+#else
- 		char peername[sizeof("IP=255.255.255.255:65336")];
-+		char addr[INET_ADDRSTRLEN];
-+#endif
- 		const char *peeraddr_string = NULL;
- 
-		len = ber_int_sb_read(conn->c_sb, &peeraddr, sizeof(struct sockaddr));
-		if (len != sizeof(struct sockaddr)) return 1;
-+		len = ber_int_sb_read(conn->c_sb, &peeraddr, sizeof(Sockaddr));
-+		if (len != sizeof(Sockaddr)) return 1;
- 
-+#if defined(LDAP_PF_INET6)
-+		if (peeraddr.sa_addr.sa_family == AF_INET6) {
-+			if ( IN6_IS_ADDR_V4MAPPED(&peeraddr.sa_in6_addr.sin6_addr) ) {
- #if defined( HAVE_GETADDRINFO ) && defined( HAVE_INET_NTOP )
-		char addr[INET_ADDRSTRLEN];
-		peeraddr_string = inet_ntop( AF_INET, &peeraddr.sa_in_addr.sin_addr,
-+				peeraddr_string = inet_ntop( AF_INET,
-+				   ((struct in_addr *)&peeraddr.sa_in6_addr.sin6_addr.s6_addr[12]),
-+				   addr, sizeof(addr) );
-+#else /* ! HAVE_GETADDRINFO || ! HAVE_INET_NTOP */
-+				peeraddr_string = inet_ntoa( *((struct in_addr *)
-+					&peeraddr.sa_in6_addr.sin6_addr.s6_addr[12]) );
-+#endif /* ! HAVE_GETADDRINFO || ! HAVE_INET_NTOP */
-+				if ( !peeraddr_string ) peeraddr_string = SLAP_STRING_UNKNOWN;
-+				sprintf( peername, "IP=%s:%d", peeraddr_string,
-+					(unsigned) ntohs( peeraddr.sa_in6_addr.sin6_port ) );
-+			} else {
-+				peeraddr_string = inet_ntop( AF_INET6,
-+				      &peeraddr.sa_in6_addr.sin6_addr,
-+				      addr, sizeof addr );
-+				if ( !peeraddr_string ) peeraddr_string = SLAP_STRING_UNKNOWN;
-+				sprintf( peername, "IP=[%s]:%d", peeraddr_string,
-+					 (unsigned) ntohs( peeraddr.sa_in6_addr.sin6_port ) );
-+			}
-+		} else
-+#endif
-+#if defined( HAVE_GETADDRINFO ) && defined( HAVE_INET_NTOP )
-+		{
-+			peeraddr_string = inet_ntop( AF_INET, &peeraddr.sa_in_addr.sin_addr,
- 			   addr, sizeof(addr) );
- #else /* ! HAVE_GETADDRINFO || ! HAVE_INET_NTOP */
-		peeraddr_string = inet_ntoa( peeraddr.sa_in_addr.sin_addr );
-+			peeraddr_string = inet_ntoa( peeraddr.sa_in_addr.sin_addr );
- #endif /* ! HAVE_GETADDRINFO || ! HAVE_INET_NTOP */
-		sprintf( peername, "IP=%s:%d",
-			 peeraddr_string,
-			(unsigned) ntohs( peeraddr.sa_in_addr.sin_port ) );
-+			sprintf( peername, "IP=%s:%d",
-+				 peeraddr_string,
-+				(unsigned) ntohs( peeraddr.sa_in_addr.sin_port ) );
-+		}
- 		Statslog( LDAP_DEBUG_STATS,
- 			"conn=%lu UDP request from %s (%s) accepted.\n",
- 			conn->c_connid, peername, conn->c_sock_name.bv_val, 0, 0 );
-================================================================================
-commit 743a9783d57ea6b693e56f6545ac5d68dc9242c7
-Author: Stef Walter <stefw@redhat.com>
-Date:   Thu Sep 12 15:49:36 2013 +0200
-
-    ITS#7694 Fix use of IPv6 with LDAP_CONNECTIONLESS
-    
-    LDAP_CONNECTIONLESS code assumed that the size of an peer address
-    is equal to or smaller than sizeof (struct sockaddr).
-    
-    Fix to use struct sockaddr_storage instead which is intended for
-    this purpose. Use getnameinfo() where appropriate so we don't
-    assume anything about the contents of struct sockaddr
-
-diff --git a/libraries/liblber/sockbuf.c b/libraries/liblber/sockbuf.c
-index d997e92..858c942 100644
--- a/libraries/liblber/sockbuf.c
-+++ b/libraries/liblber/sockbuf.c
-@@ -888,8 +888,8 @@ Sockbuf_IO ber_sockbuf_io_debug = {
-  *
-  * All I/O at this level must be atomic. For ease of use, the sb_readahead
-  * must be used above this module. All data reads and writes are prefixed
- * with a sockaddr containing the address of the remote entity. Upper levels
- * must read and write this sockaddr before doing the usual ber_printf/scanf
-+ * with a sockaddr_storage containing the address of the remote entity. Upper levels
-+ * must read and write this sockaddr_storage before doing the usual ber_printf/scanf
-  * operations on LDAP messages.
-  */
- 
-@@ -914,13 +914,13 @@ sb_dgram_read( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len )
- 	assert( SOCKBUF_VALID( sbiod->sbiod_sb ) );
- 	assert( buf != NULL );
- 
-	addrlen = sizeof( struct sockaddr );
-+	addrlen = sizeof( struct sockaddr_storage );
- 	src = buf;
- 	buf = (char *) buf + addrlen;
- 	len -= addrlen;
- 	rc = recvfrom( sbiod->sbiod_sb->sb_fd, buf, len, 0, src, &addrlen );
- 
-	return rc > 0 ? rc+sizeof(struct sockaddr) : rc;
-+	return rc > 0 ? rc+sizeof(struct sockaddr_storage) : rc;
- }
- 
- static ber_slen_t 
-@@ -934,11 +934,11 @@ sb_dgram_write( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len )
- 	assert( buf != NULL );
- 
- 	dst = buf;
-	buf = (char *) buf + sizeof( struct sockaddr );
-	len -= sizeof( struct sockaddr );
-+	buf = (char *) buf + sizeof( struct sockaddr_storage );
-+	len -= sizeof( struct sockaddr_storage );
-    
- 	rc = sendto( sbiod->sbiod_sb->sb_fd, buf, len, 0, dst,
-		sizeof( struct sockaddr ) );
-+		sizeof( struct sockaddr_storage ) );
- 
- 	if ( rc < 0 ) return -1;
-    
-@@ -949,7 +949,7 @@ sb_dgram_write( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len )
- # endif
- 		return -1;
- 	}
-	rc = len + sizeof(struct sockaddr);
-+	rc = len + sizeof(struct sockaddr_storage);
- 	return rc;
- }
- 
-diff --git a/libraries/libldap/abandon.c b/libraries/libldap/abandon.c
-index d999b07..8fd9bc2 100644
--- a/libraries/libldap/abandon.c
-+++ b/libraries/libldap/abandon.c
-@@ -209,7 +209,7 @@ start_again:;
- 			LDAP_NEXT_MSGID(ld, i);
- #ifdef LDAP_CONNECTIONLESS
- 			if ( LDAP_IS_UDP(ld) ) {
-				struct sockaddr sa = {0};
-+				struct sockaddr_storage sa = {0};
- 				/* dummy, filled with ldo_peer in request.c */
- 				err = ber_write( ber, (char *) &sa, sizeof(sa), 0 );
- 			}
-diff --git a/libraries/libldap/open.c b/libraries/libldap/open.c
-index ba10939..ac35e99 100644
--- a/libraries/libldap/open.c
-+++ b/libraries/libldap/open.c
-@@ -314,8 +314,8 @@ ldap_init_fd(
- 		LDAP_IS_UDP(ld) = 1;
- 		if( ld->ld_options.ldo_peer )
- 			ldap_memfree( ld->ld_options.ldo_peer );
-		ld->ld_options.ldo_peer = ldap_memalloc( sizeof( struct sockaddr ) );
-		len = sizeof( struct sockaddr );
-+		ld->ld_options.ldo_peer = ldap_memcalloc( 1, sizeof( struct sockaddr_storage ) );
-+		len = sizeof( struct sockaddr_storage );
- 		if( getpeername ( fd, ld->ld_options.ldo_peer, &len ) < 0) {
- 			ldap_unbind_ext( ld, NULL, NULL );
- 			return( AC_SOCKET_ERROR );
-diff --git a/libraries/libldap/os-ip.c b/libraries/libldap/os-ip.c
-index b31e05d..90b92df 100644
--- a/libraries/libldap/os-ip.c
-+++ b/libraries/libldap/os-ip.c
-@@ -422,8 +422,8 @@ ldap_pvt_connect(LDAP *ld, ber_socket_t s,
- 	if (LDAP_IS_UDP(ld)) {
- 		if (ld->ld_options.ldo_peer)
- 			ldap_memfree(ld->ld_options.ldo_peer);
-		ld->ld_options.ldo_peer=ldap_memalloc(sizeof(struct sockaddr));
-		AC_MEMCPY(ld->ld_options.ldo_peer,sin,sizeof(struct sockaddr));
-+		ld->ld_options.ldo_peer=ldap_memcalloc(1, sizeof(struct sockaddr_storage));
-+		AC_MEMCPY(ld->ld_options.ldo_peer,sin,addrlen);
- 		return ( 0 );
- 	}
- #endif
-diff --git a/libraries/libldap/request.c b/libraries/libldap/request.c
-index fc2f4d0..4822a63 100644
--- a/libraries/libldap/request.c
-+++ b/libraries/libldap/request.c
-@@ -308,7 +308,7 @@ ldap_send_server_request(
- 		ber_rewind( &tmpber );
- 		LDAP_MUTEX_LOCK( &ld->ld_options.ldo_mutex );
- 		rc = ber_write( &tmpber, ld->ld_options.ldo_peer,
-			sizeof( struct sockaddr ), 0 );
-+			sizeof( struct sockaddr_storage ), 0 );
- 		LDAP_MUTEX_UNLOCK( &ld->ld_options.ldo_mutex );
- 		if ( rc == -1 ) {
- 			ld->ld_errno = LDAP_ENCODING_ERROR;
-diff --git a/libraries/libldap/result.c b/libraries/libldap/result.c
-index f2a6c7b..d293299 100644
--- a/libraries/libldap/result.c
-+++ b/libraries/libldap/result.c
-@@ -482,8 +482,8 @@ retry:
- 	sock_errset(0);
- #ifdef LDAP_CONNECTIONLESS
- 	if ( LDAP_IS_UDP(ld) ) {
-		struct sockaddr from;
-		ber_int_sb_read( lc->lconn_sb, &from, sizeof(struct sockaddr) );
-+		struct sockaddr_storage from;
-+		ber_int_sb_read( lc->lconn_sb, &from, sizeof(struct sockaddr_storage) );
- 		if ( ld->ld_options.ldo_version == LDAP_VERSION2 ) isv2 = 1;
- 	}
- nextresp3:
-diff --git a/libraries/libldap/search.c b/libraries/libldap/search.c
-index 3867b5b..b966d1a 100644
--- a/libraries/libldap/search.c
-+++ b/libraries/libldap/search.c
-@@ -305,7 +305,7 @@ ldap_build_search_req(
- 	LDAP_NEXT_MSGID( ld, *idp );
- #ifdef LDAP_CONNECTIONLESS
- 	if ( LDAP_IS_UDP(ld) ) {
-		struct sockaddr sa = {0};
-+		struct sockaddr_storage sa = {0};
- 		/* dummy, filled with ldo_peer in request.c */
- 	    err = ber_write( ber, (char *) &sa, sizeof( sa ), 0 );
- 	}
--- a/openldap-doc3.patch
+++ b/openldap-doc3.patch
@ -1,39 +0,0 @@
-From 128a8c486e86b8e8c8d34f0eb9fdc0b580212e5b Mon Sep 17 00:00:00 2001
-From: Jan Synacek <jsynacek@redhat.com>
-Date: Tue, 3 Sep 2013 14:09:37 +0200
-Subject: [PATCH] Fix typos in manpages.
-
---
- doc/man/man1/ldapsearch.1   | 2 +-
- doc/man/man5/slapd-passwd.5 | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/doc/man/man1/ldapsearch.1 b/doc/man/man1/ldapsearch.1
-index 82ddddb..150f064 100644
--- a/doc/man/man1/ldapsearch.1
-+++ b/doc/man/man1/ldapsearch.1
-@@ -456,7 +456,7 @@ This command:
- .fi
- .LP
- will perform a one-level search at the c=US level for all entries
-whose organization name (o) begins begins with \fBUniversity\fP.
-+whose organization name (o) begins with \fBUniversity\fP.
- The organization name and description attribute values will be retrieved
- and printed to standard output, resulting in output similar to this:
- .LP
-diff --git a/doc/man/man5/slapd-passwd.5 b/doc/man/man5/slapd-passwd.5
-index fbd30f2..2dc5c5d 100644
--- a/doc/man/man5/slapd-passwd.5
-+++ b/doc/man/man5/slapd-passwd.5
-@@ -13,7 +13,7 @@ serves up the user account information listed in the system
- .BR passwd (5)
- file.  This backend is provided for demonstration purposes only.
- The DN of each entry is "uid=<username>,<suffix>".
-Note that non-base searches scan the the entire passwd file, and
-+Note that non-base searches scan the entire passwd file, and
- are best suited for hosts with small passwd files.
- .SH CONFIGURATION
- This
-- 
-1.8.3.1
-
--- a/openldap.spec
+++ b/openldap.spec
@ -4,8 +4,8 @@
 %global check_password_version 1.1

 Name: openldap
-Version: 2.4.36
-Release: 4%{?dist}
+Version: 2.4.37
+Release: 1%{?dist}
 Summary: LDAP support libraries
 Group: System Environment/Daemons
 License: OpenLDAP
@ -48,10 +48,6 @@ Patch16: openldap-nss-pk11-freeslot.patch
 Patch19: openldap-switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.patch
 # ldapi sasl fix pending upstream inclusion
 Patch20: openldap-ldapi-sasl.patch
-# more documentation fixes, upstreamed
-Patch21: openldap-doc3.patch
-# cldap fixes, upstreamed
-Patch22: openldap-cldap.patch

 # Fedora specific patches
 Patch100: openldap-autoconf-pkgconfig-nss.patch
@ -168,8 +164,6 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi
 %patch16 -p1
 %patch19 -p1
 %patch20 -p1
-%patch21 -p1
-%patch22 -p1

 %patch102 -p1

@ -605,6 +599,9 @@ exit 0
 %{_mandir}/man3/*

 %changelog
+* Wed Oct 30 2013 Jan Synáček <jsynacek@redhat.com> - 2.4.37-1
+- new upstream release (#1023916)
+
 * Mon Oct 21 2013 Jan Synáček <jsynacek@redhat.com> - 2.4.36-4
 - fix: slapd daemon fails to start with segmentation fault on s390x (#1020661)

--- a/2
+++ b/2
@ -1,2 +1,2 @@
-744701405d396b1fb9de6cb7a453c6e9  openldap-2.4.36.tgz
+49f0e9a77ddd0d49f88bf7233a51efa8  openldap-2.4.37.tgz
 3535b7cd46dcf41c9a9480efa9e64618  ltb-project-openldap-ppolicy-check-password-1.1.tar.gz