pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/databases
Module Name: pkgsrc
Committed By: adam
Date: Fri Jun 2 08:29:57 UTC 2017
Modified Files:
pkgsrc/databases/openldap: Makefile Makefile.version distinfo
pkgsrc/databases/openldap-client: Makefile
pkgsrc/databases/openldap-cloak: Makefile
pkgsrc/databases/openldap-doc: distinfo
pkgsrc/databases/openldap-nops: Makefile
pkgsrc/databases/openldap-server: Makefile
pkgsrc/databases/openldap-smbk5pwd: Makefile
pkgsrc/databases/openldap/patches: patch-ag patch-its7595
Removed Files:
pkgsrc/databases/openldap/patches:
patch-contrib_modules_smbk5pwd-smbk5pwd.c patch-its7506
patch-libraries_liblmdb_mdb.c
Log Message:
OpenLDAP 2.4.45 Release (2017/06/01)
Added slapd support for OpenSSL 1.1.0 series (ITS-8353, ITS-8533, ITS-8634)
Fixed libldap to fail ldap_result if the handle is already bad (ITS-8585)
Fixed libldap to expose error if user specified CA doesn't exist (ITS-8529)
Fixed libldap handling of Diffie-Hellman parameters (ITS-7506)
Fixed libldap GnuTLS use after free (ITS-8385)
Fixed libldap SASL initialization (ITS-8648)
Fixed slapd bconfig rDN escape handling (ITS-8574)
Fixed slapd segfault with invalid hostname (ITS-8631)
Fixed slapd sasl SEGV rebind in same session (ITS-8568)
Fixed slapd syncrepl filter handling (ITS-8413)
Fixed slapd syncrepl infinite looping mods with delta-sync MMR (ITS-8432)
Fixed slapd callback struct so older modules without writewait should function.
Custom modules may need to be updated for sc_writewait callback (ITS-8435)
Fixed slapd-ldap/meta broken LDAP_TAILQ macro (ITS-8576)
Fixed slapd-mdb so it passes ITS6794 regression test (ITS-6794)
Fixed slapd-mdb double free with size zero paged result (ITS-8655)
Fixed slapd-meta uninitialized diagnostic message (ITS-8442)
Fixed slapo-accesslog to honor pauses during purge for cn=config update (ITS-8423)
Fixed slapo-accesslog with multiple modifications to the same attribute (ITS-6545)
Fixed slapo-relay to correctly initialize sc_writewait (ITS-8428)
Fixed slapo-sssvlv double free (ITS-8592)
Fixed slapo-unique with empty modifications (ITS-8266)
Build Environment
Added test065 for proxyauthz (ITS-8571)
Fix test008 to be portable (ITS-8414)
Fix test064 to wait for slapd to start (ITS-8644)
Fix its4336 regression test (ITS-8534)
Fix its4337 regression test (ITS-8535)
Fix regression tests to execute on all backends (ITS-8539)
Contrib
Added slapo-autogroup(5) man page (ITS-8569)
Added passwd missing conversion scripts for apr1 (ITS-6826)
Fixed contrib modules where the writewait callback was not correctly initialized (ITS-8435)
Fixed smbk5pwd to build with newer OpenSSL releases (ITS-8525)
Documentation
admin24 fixed tls_cipher_suite bindconf option (ITS-8099)
admin24 fixed typo cn=config to be slapd.d (ITS-8449)
admin24 fixed slapo-syncprov information to be curent (ITS-8253)
admin24 fixed typo in access control docs (ITS-7341, ITS-8391)
admin24 fixed minor typo in tuning guide (ITS-8499)
admin24 fixed information about the limits option (ITS-7700)
admin24 fixed missing options for syncrepl configuration (ITS-7700)
admin24 fixed accesslog documentation to note it should not be replicated (ITS-8344)
Fixed ldap.conf(5) missing information on SASL_NOCANON option (ITS-7177)
Fixed ldapsearch(1) information on the V[V] flag behavior (ITS-7177, ITS-6339)
Fixed slapd-config(5), slapd.conf(5) clarification on interval keyword for refreshAndPersist (ITS-8538)
Fixed slapd-config(5), slapd.conf(5) clarify serverID requirements (ITS-8635)
Fixed slapd-config(5), slapd.conf(5) clarification on loglevel settings (ITS-8123)
Fixed slapo-ppolicy(5) to clearly note rootdn requirement (ITS-8565)
Fixed slapo-memberof(5) to note it is not safe to use with replication (ITS-8613)
Fixed slapo-syncprov(5) documentation to be current (ITS-8253)
Fixed slapadd(8) manpage to note slapd-mdb (ITS-8215)
Fixed various minor grammar issues in the man pages (ITS-8544)
Fixed various typos (ITS-8587)
To generate a diff of this commit:
cvs rdiff -u -r1.146 -r1.147 pkgsrc/databases/openldap/Makefile
cvs rdiff -u -r1.13 -r1.14 pkgsrc/databases/openldap/Makefile.version
cvs rdiff -u -r1.108 -r1.109 pkgsrc/databases/openldap/distinfo
cvs rdiff -u -r1.25 -r1.26 pkgsrc/databases/openldap-client/Makefile
cvs rdiff -u -r1.16 -r1.17 pkgsrc/databases/openldap-cloak/Makefile
cvs rdiff -u -r1.16 -r1.17 pkgsrc/databases/openldap-doc/distinfo
cvs rdiff -u -r1.19 -r1.20 pkgsrc/databases/openldap-nops/Makefile
cvs rdiff -u -r1.50 -r1.51 pkgsrc/databases/openldap-server/Makefile
cvs rdiff -u -r1.22 -r1.23 pkgsrc/databases/openldap-smbk5pwd/Makefile
cvs rdiff -u -r1.7 -r1.8 pkgsrc/databases/openldap/patches/patch-ag
cvs rdiff -u -r1.1 -r0 \
pkgsrc/databases/openldap/patches/patch-contrib_modules_smbk5pwd-smbk5pwd.c \
pkgsrc/databases/openldap/patches/patch-its7506 \
pkgsrc/databases/openldap/patches/patch-libraries_liblmdb_mdb.c
cvs rdiff -u -r1.1 -r1.2 pkgsrc/databases/openldap/patches/patch-its7595
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/databases/openldap/Makefile
diff -u pkgsrc/databases/openldap/Makefile:1.146 pkgsrc/databases/openldap/Makefile:1.147
--- pkgsrc/databases/openldap/Makefile:1.146 Tue Dec 13 10:38:06 2016
+++ pkgsrc/databases/openldap/Makefile Fri Jun 2 08:29:56 2017
@@ -1,6 +1,5 @@
-# $NetBSD: Makefile,v 1.146 2016/12/13 10:38:06 he Exp $
+# $NetBSD: Makefile,v 1.147 2017/06/02 08:29:56 adam Exp $
-PKGREVISION= 2
.include "../../databases/openldap/Makefile.version"
DISTNAME= openldap-${OPENLDAP_VERSION}
Index: pkgsrc/databases/openldap/Makefile.version
diff -u pkgsrc/databases/openldap/Makefile.version:1.13 pkgsrc/databases/openldap/Makefile.version:1.14
--- pkgsrc/databases/openldap/Makefile.version:1.13 Sun Feb 7 08:42:59 2016
+++ pkgsrc/databases/openldap/Makefile.version Fri Jun 2 08:29:56 2017
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile.version,v 1.13 2016/02/07 08:42:59 adam Exp $
+# $NetBSD: Makefile.version,v 1.14 2017/06/02 08:29:56 adam Exp $
# used by databases/openldap/Makefile
# used by databases/openldap/Makefile.common
# used by databases/openldap-docs/Makefile
-OPENLDAP_VERSION= 2.4.44
+OPENLDAP_VERSION= 2.4.45
Index: pkgsrc/databases/openldap/distinfo
diff -u pkgsrc/databases/openldap/distinfo:1.108 pkgsrc/databases/openldap/distinfo:1.109
--- pkgsrc/databases/openldap/distinfo:1.108 Tue Dec 13 10:38:06 2016
+++ pkgsrc/databases/openldap/distinfo Fri Jun 2 08:29:56 2017
@@ -1,26 +1,23 @@
-$NetBSD: distinfo,v 1.108 2016/12/13 10:38:06 he Exp $
+$NetBSD: distinfo,v 1.109 2017/06/02 08:29:56 adam Exp $
-SHA1 (openldap-2.4.44.tgz) = 016a738d050a68d388602a74b5e991035cdba149
-RMD160 (openldap-2.4.44.tgz) = 6ea3139f630e93c6e0af60638672d88d6c535a6a
-SHA512 (openldap-2.4.44.tgz) = 132eb81798f59a364c9246d08697e1c7ebb6c2c3b983f786b14ec0233df09696cbad33a1f35f3076348b5efb77665a076ab854a24122c31e8b58310b7c7fd136
-Size (openldap-2.4.44.tgz) = 5658830 bytes
+SHA1 (openldap-2.4.45.tgz) = c98437385d3eaee80c9e2c09f3f0d4b7c140233d
+RMD160 (openldap-2.4.45.tgz) = a2f4483ffb958cc103a2aa0fb13c1f78e7951263
+SHA512 (openldap-2.4.45.tgz) = 1c9fc84efed8998f107ce6e1c6be3f5466388241afdca0cb3847720c9def0bc263a2dbc15bf0f9112d1b4c391fd01e8531a4fb08c5532c30fb86924c08daedab
+Size (openldap-2.4.45.tgz) = 5672845 bytes
SHA1 (patch-ac) = 2995c518278b363bf9657e181c2340d3024d5980
SHA1 (patch-ad) = 24e7ec27d592dd76bdec1e4805801c5304951daf
SHA1 (patch-af) = 2e00b01bd813e73bdc1fb764a02e98d7755703de
-SHA1 (patch-ag) = ec8581f7145ba47712be65f97051ffd2d7299896
+SHA1 (patch-ag) = 380336d8b50dd6b3a277f2ea6a03eb88cc5919b8
SHA1 (patch-ah) = 7b5a9d042df36f17bcb503372e301a0c6554af68
SHA1 (patch-aj) = 857bbf14855d7d2a2911457bc6373d8beb69b751
SHA1 (patch-am) = fb8f3e7699f8b2ef55c066cdc6216522c101c7f3
SHA1 (patch-an) = 3e904d05a3e69930259329ca821d3bbf7dd54eb2
SHA1 (patch-ao) = 4fcbbfd4d6be792392e3646123022aeaf25923e3
-SHA1 (patch-contrib_modules_smbk5pwd-smbk5pwd.c) = c31fc75f94778c93dfb20e7b7fc6ab8c74212942
SHA1 (patch-contrib_slapd-modules_cloak_Makefile) = 47c81def0c013a360acb549ed69e9042f0bc1be3
SHA1 (patch-contrib_slapd-modules_nops_Makefile) = c51bccf34c3f3112232a134038622d31b6315628
SHA1 (patch-contrib_slapd-modules_nops_slapo-nops.5) = f32352f19361b7e9aa5b038ae8578def7c08fa47
SHA1 (patch-da) = 75e26bd08c6e66b69192ebfbb36db974d391ec3e
SHA1 (patch-dd) = 9c74118ff0b2232bda729c9917082fceef41dd16
-SHA1 (patch-its7506) = a50f9428d6d7dd28f71d21e11ae3f8b0f1372f75
-SHA1 (patch-its7595) = 9ea396adb7f2fd572d60190534caa80a01ef79d2
+SHA1 (patch-its7595) = 941b055bb5ac1f963b9d39384d3627a32f531cf1
SHA1 (patch-libraries_libldap_os-local.c) = 7cd4f8638456fae12499de0d36d7802e47d3d688
SHA1 (patch-libraries_libldap_tls__m.c) = 91dab1dcfa6560c30093094586ea9eabf2e977b8
-SHA1 (patch-libraries_liblmdb_mdb.c) = 590a059d784687f678ac44a577770551b11a2be5
Index: pkgsrc/databases/openldap-client/Makefile
diff -u pkgsrc/databases/openldap-client/Makefile:1.25 pkgsrc/databases/openldap-client/Makefile:1.26
--- pkgsrc/databases/openldap-client/Makefile:1.25 Tue Dec 13 10:38:06 2016
+++ pkgsrc/databases/openldap-client/Makefile Fri Jun 2 08:29:56 2017
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.25 2016/12/13 10:38:06 he Exp $
+# $NetBSD: Makefile,v 1.26 2017/06/02 08:29:56 adam Exp $
PKGNAME= ${DISTNAME:S/-/-client-/}
-PKGREVISION= 3
COMMENT= Lightweight Directory Access Protocol libraries and client programs
CONFLICTS+= openldap<2.3.23nb1
Index: pkgsrc/databases/openldap-cloak/Makefile
diff -u pkgsrc/databases/openldap-cloak/Makefile:1.16 pkgsrc/databases/openldap-cloak/Makefile:1.17
--- pkgsrc/databases/openldap-cloak/Makefile:1.16 Sat Mar 5 11:28:12 2016
+++ pkgsrc/databases/openldap-cloak/Makefile Fri Jun 2 08:29:56 2017
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.16 2016/03/05 11:28:12 jperkin Exp $
+# $NetBSD: Makefile,v 1.17 2017/06/02 08:29:56 adam Exp $
PKGNAME= ${DISTNAME:S/-/-cloak-/}
-PKGREVISION= 1
COMMENT= Hide specific attributes unless explicitely requested for OpenLDAP
CONFLICTS+= openldap<2.3.23nb1
Index: pkgsrc/databases/openldap-doc/distinfo
diff -u pkgsrc/databases/openldap-doc/distinfo:1.16 pkgsrc/databases/openldap-doc/distinfo:1.17
--- pkgsrc/databases/openldap-doc/distinfo:1.16 Sun Feb 7 08:42:59 2016
+++ pkgsrc/databases/openldap-doc/distinfo Fri Jun 2 08:29:57 2017
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.16 2016/02/07 08:42:59 adam Exp $
+$NetBSD: distinfo,v 1.17 2017/06/02 08:29:57 adam Exp $
-SHA1 (openldap-2.4.44.tgz) = 016a738d050a68d388602a74b5e991035cdba149
-RMD160 (openldap-2.4.44.tgz) = 6ea3139f630e93c6e0af60638672d88d6c535a6a
-SHA512 (openldap-2.4.44.tgz) = 132eb81798f59a364c9246d08697e1c7ebb6c2c3b983f786b14ec0233df09696cbad33a1f35f3076348b5efb77665a076ab854a24122c31e8b58310b7c7fd136
-Size (openldap-2.4.44.tgz) = 5658830 bytes
+SHA1 (openldap-2.4.45.tgz) = c98437385d3eaee80c9e2c09f3f0d4b7c140233d
+RMD160 (openldap-2.4.45.tgz) = a2f4483ffb958cc103a2aa0fb13c1f78e7951263
+SHA512 (openldap-2.4.45.tgz) = 1c9fc84efed8998f107ce6e1c6be3f5466388241afdca0cb3847720c9def0bc263a2dbc15bf0f9112d1b4c391fd01e8531a4fb08c5532c30fb86924c08daedab
+Size (openldap-2.4.45.tgz) = 5672845 bytes
Index: pkgsrc/databases/openldap-nops/Makefile
diff -u pkgsrc/databases/openldap-nops/Makefile:1.19 pkgsrc/databases/openldap-nops/Makefile:1.20
--- pkgsrc/databases/openldap-nops/Makefile:1.19 Sat Mar 5 11:28:12 2016
+++ pkgsrc/databases/openldap-nops/Makefile Fri Jun 2 08:29:57 2017
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.19 2016/03/05 11:28:12 jperkin Exp $
+# $NetBSD: Makefile,v 1.20 2017/06/02 08:29:57 adam Exp $
PKGNAME= ${DISTNAME:S/-/-nops-/}
-PKGREVISION= 1
COMMENT= Remove null-ops for OpenLDAP
CONFLICTS+= openldap<2.3.23nb1
Index: pkgsrc/databases/openldap-server/Makefile
diff -u pkgsrc/databases/openldap-server/Makefile:1.50 pkgsrc/databases/openldap-server/Makefile:1.51
--- pkgsrc/databases/openldap-server/Makefile:1.50 Tue Dec 13 10:38:06 2016
+++ pkgsrc/databases/openldap-server/Makefile Fri Jun 2 08:29:57 2017
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.50 2016/12/13 10:38:06 he Exp $
+# $NetBSD: Makefile,v 1.51 2017/06/02 08:29:57 adam Exp $
PKGNAME= ${DISTNAME:S/-/-server-/}
-PKGREVISION= 4
COMMENT= Lightweight Directory Access Protocol server suite
CONFLICTS+= openldap<2.3.23nb1
Index: pkgsrc/databases/openldap-smbk5pwd/Makefile
diff -u pkgsrc/databases/openldap-smbk5pwd/Makefile:1.22 pkgsrc/databases/openldap-smbk5pwd/Makefile:1.23
--- pkgsrc/databases/openldap-smbk5pwd/Makefile:1.22 Mon Dec 12 14:22:02 2016
+++ pkgsrc/databases/openldap-smbk5pwd/Makefile Fri Jun 2 08:29:57 2017
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.22 2016/12/12 14:22:02 wiz Exp $
+# $NetBSD: Makefile,v 1.23 2017/06/02 08:29:57 adam Exp $
PKGNAME= ${DISTNAME:S/-/-smbk5pwd-/}
-PKGREVISION= 2
COMMENT= Samba and Kerberos password sync for OpenLDAP
CONFLICTS+= openldap<2.3.23nb1
@@ -30,6 +29,7 @@ LIBS+= -lkrb5 -lkadm5srv
CPPFLAGS+= -DDO_SAMBA
.endif
+LIBS+= -L${BUILDLINK_PREFIX.openssl}/lib
MAKE_ENV+= EXTRA_LIBS=${LIBS:M*:Q}
.include "../../databases/openldap/Makefile.common"
Index: pkgsrc/databases/openldap/patches/patch-ag
diff -u pkgsrc/databases/openldap/patches/patch-ag:1.7 pkgsrc/databases/openldap/patches/patch-ag:1.8
--- pkgsrc/databases/openldap/patches/patch-ag:1.7 Tue Mar 13 19:57:11 2012
+++ pkgsrc/databases/openldap/patches/patch-ag Fri Jun 2 08:29:56 2017
@@ -1,6 +1,9 @@
-$NetBSD: patch-ag,v 1.7 2012/03/13 19:57:11 adam Exp $
+$NetBSD: patch-ag,v 1.8 2017/06/02 08:29:56 adam Exp $
---- servers/slapd/Makefile.in.orig 2007-02-14 16:59:43.000000000 +0100
+slapd must be installed unstripped: on some platorms (Darwin) tcp_wrappers'
+ variable called "allow_severity" must not be stripped away.
+
+--- servers/slapd/Makefile.in.orig 2016-02-05 23:57:45.000000000 +0000
+++ servers/slapd/Makefile.in
@@ -76,6 +76,10 @@ XLIBS = $(SLAPD_STATIC_DEPENDS) $(SLAPD_
XXLIBS = $(SLAPD_LIBS) $(SECURITY_LIBS) $(LUTIL_LIBS)
@@ -13,7 +16,16 @@ $NetBSD: patch-ag,v 1.7 2012/03/13 19:57
BUILD_OPT = "--enable-slapd"
BUILD_SRV = @BUILD_SLAPD@
-@@ -441,9 +445,7 @@ install-db-config: FORCE
+@@ -378,7 +382,7 @@ install-local-srv: install-slapd install
+ install-slapd: FORCE
+ -$(MKDIR) $(DESTDIR)$(libexecdir)
+ -$(MKDIR) $(DESTDIR)$(localstatedir)/run
+- $(LTINSTALL) $(INSTALLFLAGS) $(STRIP) -m 755 \
++ $(LTINSTALL) $(INSTALLFLAGS) -m 755 \
+ slapd$(EXEEXT) $(DESTDIR)$(libexecdir)
+ @for i in $(SUBDIRS); do \
+ if test -d $$i && test -f $$i/Makefile ; then \
+@@ -447,9 +451,7 @@ install-db-config: FORCE
@-$(MKDIR) $(DESTDIR)$(localstatedir) $(DESTDIR)$(sysconfdir)
@-$(INSTALL) -m 700 -d $(DESTDIR)$(localstatedir)/openldap-data
$(INSTALL) $(INSTALLFLAGS) -m 600 $(srcdir)/DB_CONFIG \
Index: pkgsrc/databases/openldap/patches/patch-its7595
diff -u pkgsrc/databases/openldap/patches/patch-its7595:1.1 pkgsrc/databases/openldap/patches/patch-its7595:1.2
--- pkgsrc/databases/openldap/patches/patch-its7595:1.1 Mon Sep 14 16:32:26 2015
+++ pkgsrc/databases/openldap/patches/patch-its7595 Fri Jun 2 08:29:56 2017
@@ -1,4 +1,4 @@
-$NetBSD: patch-its7595,v 1.1 2015/09/14 16:32:26 manu Exp $
+$NetBSD: patch-its7595,v 1.2 2017/06/02 08:29:56 adam Exp $
ECDH support from upstream
@@ -19,10 +19,9 @@ Subject: [PATCH] ITS#7595 don't try to u
--- doc/guide/admin/tls.sdf.orig
+++ doc/guide/admin/tls.sdf
-@@ -200,8 +200,20 @@
- > openssl dhparam [-dsaparam] -out <filename> <numbits>
+@@ -203,6 +203,18 @@
- This directive is ignored with GnuTLS and Mozilla NSS.
+ This directive is ignored with Mozilla NSS.
+H4: TLSECName <name>
+
@@ -39,12 +38,10 @@ Subject: [PATCH] ITS#7595 don't try to u
H4: TLSVerifyClient { never | allow | try | demand }
This directive specifies what checks to perform on client certificates
- in an incoming TLS session, if any. This option is set to {{EX:never}}
--- doc/man/man5/slapd-config.5.orig
+++ doc/man/man5/slapd-config.5
-@@ -917,8 +917,15 @@
- from the default, otherwise no certificate exchanges or verification will
- be done. When using GnuTLS or Mozilla NSS these parameters are always generated randomly
+@@ -922,6 +922,13 @@
+ When using Mozilla NSS these parameters are always generated randomly
so this directive is ignored.
.TP
+.B olcTLSECName: <name>
@@ -57,13 +54,11 @@ Subject: [PATCH] ITS#7595 don't try to u
.B olcTLSProtocolMin: <major>[.<minor>]
Specifies minimum SSL/TLS protocol version that will be negotiated.
If the server doesn't support at least that version,
- the SSL handshake will fail.
--- doc/man/man5/slapd.conf.5.orig
+++ doc/man/man5/slapd.conf.5
-@@ -1148,8 +1148,15 @@
- from the default, otherwise no certificate exchanges or verification will
- be done. When using GnuTLS these parameters are always generated randomly so
- this directive is ignored. This directive is ignored when using Mozilla NSS.
+@@ -1153,6 +1153,13 @@
+ When using Mozilla NSS these parameters are always generated randomly
+ so this directive is ignored.
.TP
+.B TLSECName <name>
+Specify the name of a curve to use for Elliptic curve Diffie-Hellman
@@ -75,11 +70,9 @@ Subject: [PATCH] ITS#7595 don't try to u
.B TLSProtocolMin <major>[.<minor>]
Specifies minimum SSL/TLS protocol version that will be negotiated.
If the server doesn't support at least that version,
- the SSL handshake will fail.
--- include/ldap.h.orig
+++ include/ldap.h
-@@ -157,8 +157,9 @@
- #define LDAP_OPT_X_TLS_DHFILE 0x600e
+@@ -158,6 +158,7 @@
#define LDAP_OPT_X_TLS_NEWCTX 0x600f
#define LDAP_OPT_X_TLS_CRLFILE 0x6010 /* GNUtls only */
#define LDAP_OPT_X_TLS_PACKAGE 0x6011
@@ -87,11 +80,9 @@ Subject: [PATCH] ITS#7595 don't try to u
#define LDAP_OPT_X_TLS_NEVER 0
#define LDAP_OPT_X_TLS_HARD 1
- #define LDAP_OPT_X_TLS_DEMAND 2
--- libraries/libldap/ldap-int.h.orig
+++ libraries/libldap/ldap-int.h
-@@ -164,8 +164,9 @@
- char *lt_cacertdir;
+@@ -165,6 +165,7 @@
char *lt_ciphersuite;
char *lt_crlfile;
char *lt_randfile; /* OpenSSL only */
@@ -99,9 +90,7 @@ Subject: [PATCH] ITS#7595 don't try to u
int lt_protocol_min;
};
#endif
-
-@@ -249,8 +250,9 @@
- struct ldaptls ldo_tls_info;
+@@ -250,6 +251,7 @@
#define ldo_tls_certfile ldo_tls_info.lt_certfile
#define ldo_tls_keyfile ldo_tls_info.lt_keyfile
#define ldo_tls_dhfile ldo_tls_info.lt_dhfile
@@ -109,11 +98,9 @@ Subject: [PATCH] ITS#7595 don't try to u
#define ldo_tls_cacertfile ldo_tls_info.lt_cacertfile
#define ldo_tls_cacertdir ldo_tls_info.lt_cacertdir
#define ldo_tls_ciphersuite ldo_tls_info.lt_ciphersuite
- #define ldo_tls_protocol_min ldo_tls_info.lt_protocol_min
--- libraries/libldap/tls2.c.orig
+++ libraries/libldap/tls2.c
-@@ -117,8 +117,12 @@
- if ( lo->ldo_tls_dhfile ) {
+@@ -118,6 +118,10 @@
LDAP_FREE( lo->ldo_tls_dhfile );
lo->ldo_tls_dhfile = NULL;
}
@@ -124,9 +111,7 @@ Subject: [PATCH] ITS#7595 don't try to u
if ( lo->ldo_tls_cacertfile ) {
LDAP_FREE( lo->ldo_tls_cacertfile );
lo->ldo_tls_cacertfile = NULL;
- }
-@@ -231,8 +235,12 @@
- if ( lts.lt_dhfile ) {
+@@ -232,6 +236,10 @@
lts.lt_dhfile = LDAP_STRDUP( lts.lt_dhfile );
__atoe( lts.lt_dhfile );
}
@@ -137,9 +122,7 @@ Subject: [PATCH] ITS#7595 don't try to u
#endif
lo->ldo_tls_ctx = ti->ti_ctx_new( lo );
if ( lo->ldo_tls_ctx == NULL ) {
- Debug( LDAP_DEBUG_ANY,
-@@ -256,8 +264,9 @@
- LDAP_FREE( lts.lt_keyfile );
+@@ -257,6 +265,7 @@
LDAP_FREE( lts.lt_crlfile );
LDAP_FREE( lts.lt_cacertdir );
LDAP_FREE( lts.lt_dhfile );
@@ -147,9 +130,7 @@ Subject: [PATCH] ITS#7595 don't try to u
#endif
return rc;
}
-
-@@ -633,8 +642,12 @@
- case LDAP_OPT_X_TLS_DHFILE:
+@@ -634,6 +643,10 @@
*(char **)arg = lo->ldo_tls_dhfile ?
LDAP_STRDUP( lo->ldo_tls_dhfile ) : NULL;
break;
@@ -160,9 +141,7 @@ Subject: [PATCH] ITS#7595 don't try to u
case LDAP_OPT_X_TLS_CRLFILE: /* GnuTLS only */
*(char **)arg = lo->ldo_tls_crlfile ?
LDAP_STRDUP( lo->ldo_tls_crlfile ) : NULL;
- break;
-@@ -752,8 +765,12 @@
- case LDAP_OPT_X_TLS_DHFILE:
+@@ -753,6 +766,10 @@
if ( lo->ldo_tls_dhfile ) LDAP_FREE( lo->ldo_tls_dhfile );
lo->ldo_tls_dhfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
return 0;
@@ -173,11 +152,9 @@ Subject: [PATCH] ITS#7595 don't try to u
case LDAP_OPT_X_TLS_CRLFILE: /* GnuTLS only */
if ( lo->ldo_tls_crlfile ) LDAP_FREE( lo->ldo_tls_crlfile );
lo->ldo_tls_crlfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
- return 0;
--- libraries/libldap/tls_o.c.orig
+++ libraries/libldap/tls_o.c
-@@ -295,12 +295,11 @@
- tlso_report_error();
+@@ -327,10 +327,9 @@
return -1;
}
@@ -190,9 +167,7 @@ Subject: [PATCH] ITS#7595 don't try to u
if (( bio=BIO_new_file( lt->lt_dhfile,"r" )) == NULL ) {
Debug( LDAP_DEBUG_ANY,
- "TLS: could not use DH parameters file `%s'.\n",
-@@ -317,8 +316,40 @@
- return -1;
+@@ -349,6 +348,38 @@
}
BIO_free( bio );
SSL_CTX_set_tmp_dh( ctx, dh );
@@ -231,11 +206,9 @@ Subject: [PATCH] ITS#7595 don't try to u
}
if ( tlso_opt_trace ) {
- SSL_CTX_set_info_callback( ctx, tlso_info_cb );
--- servers/slapd/bconfig.c.orig
+++ servers/slapd/bconfig.c
-@@ -193,8 +193,9 @@
- CFG_SYNTAX,
+@@ -194,6 +194,7 @@
CFG_ACL_ADD,
CFG_SYNC_SUBENTRY,
CFG_LTHREADS,
@@ -243,9 +216,7 @@ Subject: [PATCH] ITS#7595 don't try to u
CFG_LAST
};
-
-@@ -737,8 +738,16 @@
- ARG_IGNORED, NULL,
+@@ -738,6 +739,14 @@
#endif
"( OLcfgGlAt:77 NAME 'olcTLSDHParamFile' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
@@ -260,9 +231,7 @@ Subject: [PATCH] ITS#7595 don't try to u
{ "TLSProtocolMin", NULL, 2, 2, 0,
#ifdef HAVE_TLS
CFG_TLS_PROTOCOL_MIN|ARG_STRING|ARG_MAGIC, &config_tls_config,
- #else
-@@ -818,9 +827,9 @@
- "olcTCPBuffer $ "
+@@ -819,7 +828,7 @@
"olcThreads $ olcTimeLimit $ olcTLSCACertificateFile $ "
"olcTLSCACertificatePath $ olcTLSCertificateFile $ "
"olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ "
@@ -271,9 +240,7 @@ Subject: [PATCH] ITS#7595 don't try to u
"olcTLSCRLFile $ olcTLSProtocolMin $ olcToolThreads $ olcWriteTimeout $ "
"olcObjectIdentifier $ olcAttributeTypes $ olcObjectClasses $ "
"olcDitContentRules $ olcLdapSyntaxes ) )", Cft_Global },
- { "( OLcfgGlOc:2 "
-@@ -3823,8 +3832,9 @@
- case CFG_TLS_CERT_KEY: flag = LDAP_OPT_X_TLS_KEYFILE; break;
+@@ -3824,6 +3833,7 @@
case CFG_TLS_CA_PATH: flag = LDAP_OPT_X_TLS_CACERTDIR; break;
case CFG_TLS_CA_FILE: flag = LDAP_OPT_X_TLS_CACERTFILE; break;
case CFG_TLS_DH_FILE: flag = LDAP_OPT_X_TLS_DHFILE; break;
@@ -281,4 +248,3 @@ Subject: [PATCH] ITS#7595 don't try to u
#ifdef HAVE_GNUTLS
case CFG_TLS_CRL_FILE: flag = LDAP_OPT_X_TLS_CRLFILE; break;
#endif
- default: Debug(LDAP_DEBUG_ANY, "%s: "
Home |
Main Index |
Thread Index |
Old Index