commit openldap2 for openSUSE:Factory
Hello community,
here is the log from the commit of package openldap2 for openSUSE:Factory
checked in at Fri Dec 11 13:07:58 CET 2009.
--------
--- openldap2/openldap2.changes 2009-11-03 20:21:09.000000000 +0100
+++ /mounts/work_src_done/STABLE/openldap2/openldap2.changes 2009-12-10 17:03:05.000000000 +0100
@@ -1,0 +2,37 @@
+Thu Dec 10 15:41:11 UTC 2009 - rhafer@novell.com
+
+- Fixed an issue in back-config's objectclass inheritence code that
+ could cause the server to fail to start or to spin in an endless
+ loop (bnc#558059,ITS#6408)
+- default the tls_reqcert parameter of a syncrepl config to
+ "demand" as documented even if other tls_ options are absent
+ (bnc#558397, ITS#6319)
+- apply changes to the global size and timelimits to all database
+ that don't specify limits themself. (bnc#562184, ITS#6428)
+
+-------------------------------------------------------------------
+Mon Nov 30 16:09:22 UTC 2009 - rhafer@novell.com
+
+- Update to 2.4.20 (fate#306593), most important fixes since 2.4.19
+ * Fixed liblber embedded NUL values in BerValues (ITS#6353)
+ * Fixed libldap sasl buffer sizing (ITS#6327,ITS#6334)
+ * Fixed libldap uninitialized return value (ITS#6355)
+ * Fixed libldap unlimited timeout (ITS#6388)
+ * Added slapd handling of hex server IDs (ITS#6297)
+ * Fixed slapd checks of str2filter (ITS#6391)
+ * Fixed slapd configArgs initialization (ITS#6363)
+ * Fixed slapd db_open with connection_fake_init (ITS#6381)
+ * Fixed slapd with embedded \0 in bervals (ITS#6378,ITS#6379)
+ * Fixed slapd inclusion of ac/unistd.h (ITS#6342)
+ * Fixed slapd sl_free to better reclaim memory (ITS#6380)
+ * Fixed slapd syncrepl deletes in MirrorMode (ITS#6368)
+ * Fixed slapd syncrepl to use correct SID (ITS#6367)
+ * Fixed slapd tls_accept to retry in certain cases (ITS#6304)
+ * Fixed slapd-bdb/hdb cache corruption (ITS#6341)
+ * Fixed slapd-bdb/hdb entry cache (ITS#6360)
+ * Fixed slapo-syncprov checkpoint conversion (ITS#6370)
+ * Fixed slapo-syncprov deadlock (ITS#6335)
+ * Fixed slapo-syncprov out of order changes (ITS#6346)
+- Added switch to enable/disable testsuite (%run_test_suite)
+
+-------------------------------------------------------------------
openldap2-client.changes: same change
calling whatdependson for head-i586
Old:
----
libldap-tls_chkhost-its6239.dif
openldap-2.4.17.tar.bz2
slapo-collect-include.dif
test056-monitor-its6213.dif
New:
----
0001-back-config-objectclass-inheritence-ITS-6408.dif
0002-init-bindconf-TLS-settings-ITS-6419.dif
0003-apply-global-limit-changes-to-all-databases-ITS-6428.dif
openldap-2.4.20.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openldap2-client.spec ++++++
--- /var/tmp/diff_new_pack.D5JDqJ/_old 2009-12-11 13:02:59.000000000 +0100
+++ /var/tmp/diff_new_pack.D5JDqJ/_new 2009-12-11 13:02:59.000000000 +0100
@@ -1,5 +1,5 @@
#
-# spec file for package openldap2-client (Version 2.4.17)
+# spec file for package openldap2-client (Version 2.4.20)
#
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@@ -17,6 +17,7 @@
# norootforbuild
+%define run_test_suite 1
Name: openldap2-client
BuildRequires: cyrus-sasl-devel db-devel libopenssl-devel openslp-devel tcpd-devel
@@ -26,10 +27,10 @@
%if %sles_version == 10
BuildRequires: -db-devel -libopenssl-devel -pwdutils libdb-4_5-devel openssl-devel
%endif
-Version: 2.4.17
-Release: 5
+Version: 2.4.20
+Release: 1
Url: http://www.openldap.org
-License: BSD 3-clause (or similar) ; openldap 2.8
+License: BSD3c(or similar) ; openldap 2.8
%if "%{name}" == "openldap2"
Group: Productivity/Networking/LDAP/Clients
Provides: ldap2 openldap2-back-ldap openldap2-back-monitor
@@ -41,6 +42,7 @@
%else
Group: Productivity/Networking/LDAP/Clients
Conflicts: openldap-client
+Requires: libldap-2_4-2 = %{version}
Summary: The OpenLDAP commandline client tools
%endif
AutoReqProv: on
@@ -52,16 +54,16 @@
Source5: README.update
Source6: schema2ldif
Source100: openldap-2.3.37.tar.bz2
-Patch: openldap2.dif
+Patch1: openldap2.dif
Patch2: slapd_conf.dif
Patch3: ldap_conf.dif
Patch4: ldapi_url.dif
-Patch5: test056-monitor-its6213.dif
Patch6: libldap-gethostbyname_r.dif
Patch7: pie-compile.dif
Patch11: slapd-bconfig-del-db.dif
-Patch14: slapo-collect-include.dif
-Patch15: libldap-tls_chkhost-its6239.dif
+Patch12: 0001-back-config-objectclass-inheritence-ITS-6408.dif
+Patch13: 0002-init-bindconf-TLS-settings-ITS-6419.dif
+Patch14: 0003-apply-global-limit-changes-to-all-databases-ITS-6428.dif
Patch100: openldap-2.3.37.dif
Patch200: slapd_getaddrinfo_dupl.dif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -80,7 +82,7 @@
The OpenLDAP Project
From 49921a1e1a1832f9461d800eeeaee30f12864441 Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp
Date: Tue, 8 Dec 2009 12:13:39 +0100 Subject: [PATCH 1/3] back-config objectclass inheritence (ITS#6408)
bnc#558059 --- servers/slapd/bconfig.c | 12 ++++++------ 1 files changed, 6 insertions(+), 6 deletions(-) diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c index c903458..d43e927 100644 --- a/servers/slapd/bconfig.c +++ b/servers/slapd/bconfig.c @@ -4932,10 +4932,10 @@ config_add_internal( CfBackInfo *cfb, Entry *e, ConfigArgs *ca, SlapReply *rs, ok: /* Newly added databases and overlays need to be started up */ if ( CONFIG_ONLINE_ADD( ca )) { - if ( colst[0]->co_type == Cft_Database ) { + if ( coptr->co_type == Cft_Database ) { rc = backend_startup_one( ca->be, &ca->reply ); - } else if ( colst[0]->co_type == Cft_Overlay ) { + } else if ( coptr->co_type == Cft_Overlay ) { if ( ca->bi->bi_db_open ) { BackendInfo *bi_orig = ca->be->bd_info; ca->be->bd_info = ca->bi; @@ -4961,7 +4961,7 @@ ok: ce->ce_parent = last; ce->ce_entry = entry_dup( e ); ce->ce_entry->e_private = ce; - ce->ce_type = colst[0]->co_type; + ce->ce_type = coptr->co_type; ce->ce_be = ca->be; ce->ce_bi = ca->bi; ce->ce_private = ca->ca_private; @@ -5006,12 +5006,12 @@ ok: done: if ( rc ) { - if ( (colst[0]->co_type == Cft_Database) && ca->be ) { + if ( (coptr->co_type == Cft_Database) && ca->be ) { if ( ca->be != frontendDB ) backend_destroy_one( ca->be, 1 ); - } else if ( (colst[0]->co_type == Cft_Overlay) && ca->bi ) { + } else if ( (coptr->co_type == Cft_Overlay) && ca->bi ) { overlay_destroy_one( ca->be, (slap_overinst *)ca->bi ); - } else if ( colst[0]->co_type == Cft_Schema ) { + } else if ( coptr->co_type == Cft_Schema ) { schema_destroy_one( ca, colst, nocs, last ); } } -- 1.6.4.2 ++++++ 0002-init-bindconf-TLS-settings-ITS-6419.dif ++++++
From d14434499207d1f0ca4686ce46787056b23b4d2c Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp
Date: Tue, 8 Dec 2009 13:36:17 +0100 Subject: [PATCH 2/3] init bindconf TLS settings (ITS#6419)
bnc#558397 --- servers/slapd/config.c | 71 +++++++++++++++++++++++++++++++++++++++++---- servers/slapd/slap.h | 8 +++++ servers/slapd/syncrepl.c | 4 ++ 3 files changed, 76 insertions(+), 7 deletions(-) diff --git a/servers/slapd/config.c b/servers/slapd/config.c index be5a2f7..171e968 100644 --- a/servers/slapd/config.c +++ b/servers/slapd/config.c @@ -1210,8 +1210,32 @@ static slap_verbmasks versionkey[] = { { BER_BVNULL, 0 } }; +static int +slap_sb_uri( + struct berval *val, + void *bcp, + slap_cf_aux_table *tab0, + const char *tabmsg, + int unparse ) +{ + slap_bindconf *bc = bcp; + if ( unparse ) { + if ( bc->sb_uri.bv_len >= val->bv_len ) + return -1; + val->bv_len = bc->sb_uri.bv_len; + AC_MEMCPY( val->bv_val, bc->sb_uri.bv_val, val->bv_len ); + } else { + bc->sb_uri = *val; +#ifdef HAVE_TLS + if ( ldap_is_ldaps_url( val->bv_val )) + bc->sb_tls_do_init = 1; +#endif + } + return 0; +} + static slap_cf_aux_table bindkey[] = { - { BER_BVC("uri="), offsetof(slap_bindconf, sb_uri), 'b', 1, NULL }, + { BER_BVC("uri="), 0, 'x', 1, slap_sb_uri }, { BER_BVC("version="), offsetof(slap_bindconf, sb_version), 'i', 0, versionkey }, { BER_BVC("bindmethod="), offsetof(slap_bindconf, sb_method), 'i', 0, methkey }, { BER_BVC("timeout="), offsetof(slap_bindconf, sb_timeout_api), 'i', 0, NULL }, @@ -1224,21 +1248,20 @@ static slap_cf_aux_table bindkey[] = { { BER_BVC("authcID="), offsetof(slap_bindconf, sb_authcId), 'b', 1, NULL }, { BER_BVC("authzID="), offsetof(slap_bindconf, sb_authzId), 'b', 1, (slap_verbmasks *)authzNormalize }, #ifdef HAVE_TLS - { BER_BVC("starttls="), offsetof(slap_bindconf, sb_tls), 'i', 0, tlskey }, - /* NOTE: replace "13" with the actual index * of the first TLS-related line */ #define aux_TLS (bindkey+13) /* beginning of TLS keywords */ + { BER_BVC("starttls="), offsetof(slap_bindconf, sb_tls), 'i', 0, tlskey }, { BER_BVC("tls_cert="), offsetof(slap_bindconf, sb_tls_cert), 's', 1, NULL }, { BER_BVC("tls_key="), offsetof(slap_bindconf, sb_tls_key), 's', 1, NULL }, { BER_BVC("tls_cacert="), offsetof(slap_bindconf, sb_tls_cacert), 's', 1, NULL }, { BER_BVC("tls_cacertdir="), offsetof(slap_bindconf, sb_tls_cacertdir), 's', 1, NULL }, - { BER_BVC("tls_reqcert="), offsetof(slap_bindconf, sb_tls_reqcert), 's', 1, NULL }, - { BER_BVC("tls_cipher_suite="), offsetof(slap_bindconf, sb_tls_cipher_suite), 's', 1, NULL }, - { BER_BVC("tls_protocol_min="), offsetof(slap_bindconf, sb_tls_protocol_min), 's', 1, NULL }, + { BER_BVC("tls_reqcert="), offsetof(slap_bindconf, sb_tls_reqcert), 's', 0, NULL }, + { BER_BVC("tls_cipher_suite="), offsetof(slap_bindconf, sb_tls_cipher_suite), 's', 0, NULL }, + { BER_BVC("tls_protocol_min="), offsetof(slap_bindconf, sb_tls_protocol_min), 's', 0, NULL }, #ifdef HAVE_OPENSSL_CRL - { BER_BVC("tls_crlcheck="), offsetof(slap_bindconf, sb_tls_crlcheck), 's', 1, NULL }, + { BER_BVC("tls_crlcheck="), offsetof(slap_bindconf, sb_tls_crlcheck), 's', 0, NULL }, #endif #endif { BER_BVNULL, 0, 0, 0, NULL } @@ -1330,6 +1353,20 @@ slap_cf_aux_table_parse( const char *word, void *dst, slap_cf_aux_table *tab0, L rc = lutil_atoulx( ulptr, val, 0 ); break; + + case 'x': + if ( tab->aux != NULL ) { + struct berval value; + slap_cf_aux_table_parse_x *func = (slap_cf_aux_table_parse_x *)tab->aux; + + ber_str2bv( val, 0, 1, &value ); + + rc = func( &value, (void *)((char *)dst + tab->off), tab, tabmsg, 0 ); + + } else { + rc = 1; + } + break; } if ( rc ) { @@ -1420,6 +1457,26 @@ slap_cf_aux_table_unparse( void *src, struct berval *bv, slap_cf_aux_table *tab0 ptr += snprintf( ptr, sizeof( buf ) - ( ptr - buf ), "%lu", *ulptr ); break; + case 'x': + *ptr++ = ' '; + ptr = lutil_strcopy( ptr, tab->key.bv_val ); + if ( tab->quote ) *ptr++ = '"'; + if ( tab->aux != NULL ) { + struct berval value; + slap_cf_aux_table_parse_x *func = (slap_cf_aux_table_parse_x *)tab->aux; + int rc; + + value.bv_val = ptr; + value.bv_len = buf + sizeof( buf ) - ptr; + + rc = func( &value, (void *)((char *)src + tab->off), tab, "(unparse)", 1 ); + if ( rc == 0 ) { + ptr += value.bv_len; + } + } + if ( tab->quote ) *ptr++ = '"'; + break; + default: assert( 0 ); } diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index 076b898..210f6ba 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -1630,6 +1630,14 @@ typedef struct slap_cf_aux_table { void *aux; } slap_cf_aux_table; +typedef int +slap_cf_aux_table_parse_x LDAP_P(( + struct berval *val, + void *bc, + slap_cf_aux_table *tab0, + const char *tabmsg, + int unparse )); + #define SLAP_LIMIT_TIME 1 #define SLAP_LIMIT_SIZE 2 diff --git a/servers/slapd/syncrepl.c b/servers/slapd/syncrepl.c index fb1001f..bf84556 100644 --- a/servers/slapd/syncrepl.c +++ b/servers/slapd/syncrepl.c @@ -4060,6 +4060,10 @@ parse_syncrepl_line( { val = c->argv[ i ] + STRLENOF( PROVIDERSTR "=" ); ber_str2bv( val, 0, 1, &si->si_bindconf.sb_uri ); +#ifdef HAVE_TLS + if ( ldap_is_ldaps_url( val )) + si->si_bindconf.sb_tls_do_init = 1; +#endif si->si_got |= GOT_PROVIDER; } else if ( !strncasecmp( c->argv[ i ], SCHEMASTR "=", STRLENOF( SCHEMASTR "=" ) ) ) -- 1.6.4.2 ++++++ 0003-apply-global-limit-changes-to-all-databases-ITS-6428.dif ++++++
From ed86ffeec8ac01f9bc8ed531e5205a924c4a2979 Mon Sep 17 00:00:00 2001 From: ralf <ralf> Date: Thu, 10 Dec 2009 10:56:52 +0000 Subject: [PATCH 3/3] apply global limit changes to all databases (ITS#6428)
bnc#562184 --- servers/slapd/bconfig.c | 90 ++++++++++++++++++++++++++++++++++++++++------ 1 files changed, 78 insertions(+), 12 deletions(-) diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c index d43e927..ae15224 100644 --- a/servers/slapd/bconfig.c +++ b/servers/slapd/bconfig.c @@ -2208,14 +2208,23 @@ config_sizelimit(ConfigArgs *c) { rc = 1; return rc; } else if ( c->op == LDAP_MOD_DELETE ) { - /* Reset to defaults */ - lim->lms_s_soft = SLAPD_DEFAULT_SIZELIMIT; - lim->lms_s_hard = 0; - lim->lms_s_unchecked = -1; - lim->lms_s_pr = 0; - lim->lms_s_pr_hide = 0; - lim->lms_s_pr_total = 0; - return 0; + /* Reset to defaults or values from frontend */ + if ( c->be == frontendDB ) { + lim->lms_s_soft = SLAPD_DEFAULT_SIZELIMIT; + lim->lms_s_hard = 0; + lim->lms_s_unchecked = -1; + lim->lms_s_pr = 0; + lim->lms_s_pr_hide = 0; + lim->lms_s_pr_total = 0; + } else { + lim->lms_s_soft = frontendDB->be_def_limit.lms_s_soft; + lim->lms_s_hard = frontendDB->be_def_limit.lms_s_hard; + lim->lms_s_unchecked = frontendDB->be_def_limit.lms_s_unchecked; + lim->lms_s_pr = frontendDB->be_def_limit.lms_s_pr; + lim->lms_s_pr_hide = frontendDB->be_def_limit.lms_s_pr_hide; + lim->lms_s_pr_total = frontendDB->be_def_limit.lms_s_pr_total; + } + goto ok; } for(i = 1; i < c->argc; i++) { if(!strncasecmp(c->argv[i], "size", 4)) { @@ -2240,6 +2249,34 @@ config_sizelimit(ConfigArgs *c) { lim->lms_s_hard = 0; } } + +ok: + if ( ( c->be == frontendDB ) && ( c->ca_entry ) ) { + /* This is a modification to the global limits apply it to + * the other databases as needed */ + AttributeDescription *ad=NULL; + const char *text = NULL; + slap_str2ad(c->argv[0], &ad, &text); + /* if we got here... */ + assert( ad != NULL ); + + CfEntryInfo *ce = c->ca_entry->e_private; + if ( ce->ce_type == Cft_Global ){ + ce = ce->ce_kids; + } + for (; ce; ce=ce->ce_sibs) { + Entry *dbe = ce->ce_entry; + if ( (ce->ce_type == Cft_Database) && (ce->ce_be != frontendDB) + && (!attr_find(dbe->e_attrs, ad)) ) { + ce->ce_be->be_def_limit.lms_s_soft = lim->lms_s_soft; + ce->ce_be->be_def_limit.lms_s_hard = lim->lms_s_hard; + ce->ce_be->be_def_limit.lms_s_unchecked =lim->lms_s_unchecked; + ce->ce_be->be_def_limit.lms_s_pr =lim->lms_s_pr; + ce->ce_be->be_def_limit.lms_s_pr_hide =lim->lms_s_pr_hide; + ce->ce_be->be_def_limit.lms_s_pr_total =lim->lms_s_pr_total; + } + } + } return(0); } @@ -2259,10 +2296,15 @@ config_timelimit(ConfigArgs *c) { rc = 1; return rc; } else if ( c->op == LDAP_MOD_DELETE ) { - /* Reset to defaults */ - lim->lms_t_soft = SLAPD_DEFAULT_TIMELIMIT; - lim->lms_t_hard = 0; - return 0; + /* Reset to defaults or values from frontend */ + if ( c->be == frontendDB ) { + lim->lms_t_soft = SLAPD_DEFAULT_TIMELIMIT; + lim->lms_t_hard = 0; + } else { + lim->lms_t_soft = frontendDB->be_def_limit.lms_t_soft; + lim->lms_t_hard = frontendDB->be_def_limit.lms_t_hard; + } + goto ok; } for(i = 1; i < c->argc; i++) { if(!strncasecmp(c->argv[i], "time", 4)) { @@ -2287,6 +2329,30 @@ config_timelimit(ConfigArgs *c) { lim->lms_t_hard = 0; } } + +ok: + if ( ( c->be == frontendDB ) && ( c->ca_entry ) ) { + /* This is a modification to the global limits apply it to + * the other databases as needed */ + AttributeDescription *ad=NULL; + const char *text = NULL; + slap_str2ad(c->argv[0], &ad, &text); + /* if we got here... */ + assert( ad != NULL ); + + CfEntryInfo *ce = c->ca_entry->e_private; + if ( ce->ce_type == Cft_Global ){ + ce = ce->ce_kids; + } + for (; ce; ce=ce->ce_sibs) { + Entry *dbe = ce->ce_entry; + if ( (ce->ce_type == Cft_Database) && (ce->ce_be != frontendDB) + && (!attr_find(dbe->e_attrs, ad)) ) { + ce->ce_be->be_def_limit.lms_t_soft = lim->lms_t_soft; + ce->ce_be->be_def_limit.lms_t_hard = lim->lms_t_hard; + } + } + } return(0); } -- 1.6.4.2 ++++++ openldap-2.4.17.tar.bz2 -> openldap-2.4.20.tar.bz2 ++++++ ++++ 29119 lines of diff (skipped) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@Hilbert.suse.de