pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/databases openldap: updated to 2.4.48



details:   https://anonhg.NetBSD.org/pkgsrc/rev/9877e2e744be
branches:  trunk
changeset: 399112:9877e2e744be
user:      adam <adam%pkgsrc.org@localhost>
date:      Sat Aug 03 06:46:52 2019 +0000

description:
openldap: updated to 2.4.48

OpenLDAP 2.4.48
        Added libldap OpenSSL Elliptic Curve support
        Added libldap Expose OpenLDAP specific interfaces via openldap.h
        Added slapd-monitor support for slapd-mdb
        Fixed liblber leaks
        Fixed liblber with partial flush
        Fixed libldap ASYNC TLS so it works
        Fixed libldap ASYNC connections with Solaris 10
        Fixed libldap with SASL_NOCANON=on and ldapi connections
        Fixed libldap to be able to unset syncrepl TLS options
        Fixed libldap race condition in ldap_int_initialize
        Fixed libldap return code in ldap_create_assertion_control_value
        Fixed libldap to correctly disable IPv6 when configured to do so
        Fixed libldap to correctly close TLS connection
        Fixed libldap_r handling of deprecated OpenSSL function
        Fixed liblunicode case correspondance
        Fixed slapd with an idletimeout of less than four seconds
        Fixed slapd config parser variable for Windows64
        Fixed slapd syncrepl fallback handling with delta-syncrepl
        Fixed slapd telephoneNumberNormalize, cert DN validation
        Fixed slapd syncrepl for relax with delta-syncrepl
        Fixed slapd to restrict rootDN proxyauthz to its own databases
        Fixed slapd to initialize SASL SSF per connection
        Fixed slapo-accesslog with SLAP_MOD_SOFT modifications
        Fixed slapd-ldap starttls connections timeout behavior
        Fixed slapd-ldap segfault when entry result doesn't match filter
        Fixed slapd-meta conversion from slapd.conf to cn=config
        Fixed slapd-meta assertion when network interface goes down
        Fixed slapd-mdb fix bitshift integer overflow
        Fixed slapd-mdb index cleanup with cn=config
        Fixed slapd-mdb to improve performance with alias deref
        Fixed slapo-accesslog possible assert with exops
        Fixed slapo-chain to correctly reject multiple chaining URIs
        Fixed slapo-chain conversion from slapd.conf to cn=config
        Fixed slapo-memberof conversion from slapd.conf to cn=config
        Fixed slapo-memberof for group name change to itself
        Fixed slapo-ppolicy behavior when pwdInHistory is changed
        Fixed slapo-rwm to not free original filter
        Fixed slapo-syncprov contextCSN generation
        Build Environment
                Fixed slapd to only link to BDB libraries with static build
                Fixed libldap implicit declaration with LDAP_CONNECTIONLESS
                Fixed libldap double inclusion of limits.h in cyrus.c
        Documentation
                General - Fixed minor typos
                admin24 - Miscellaneous updates promoting mdb and fixing examples
                slapd.access(5) - Note MDB is the primary backend
                slapd.backends(5) - Note MDB is the recommended backend
                slapd-ldap(5) - Document starttls parameter
        Contrib
                Added slapo-lastbind capability to forward authTimestamp updates

diffstat:

 databases/lmdb/Makefile                  |    6 +-
 databases/lmdb/distinfo                  |   10 +-
 databases/openldap-client/Makefile       |    3 +-
 databases/openldap-client/PLIST          |    3 +-
 databases/openldap-doc/distinfo          |   10 +-
 databases/openldap/Makefile.version      |    4 +-
 databases/openldap/distinfo              |   11 +-
 databases/openldap/patches/patch-its7595 |  250 -------------------------------
 8 files changed, 23 insertions(+), 274 deletions(-)

diffs (truncated from 380 to 300 lines):

diff -r 050e8cafe8a5 -r 9877e2e744be databases/lmdb/Makefile
--- a/databases/lmdb/Makefile   Sat Aug 03 06:45:08 2019 +0000
+++ b/databases/lmdb/Makefile   Sat Aug 03 06:46:52 2019 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.8 2018/12/20 17:55:24 adam Exp $
+# $NetBSD: Makefile,v 1.9 2019/08/03 06:46:52 adam Exp $
 
 .include "../../databases/openldap/Makefile.version"
 
 # get the version from libraries/liblmdb/lmdb.h
-PKGNAME=       lmdb-0.9.23
+PKGNAME=       lmdb-0.9.24
 CATEGORIES=    databases
 
 MAINTAINER=    pkgsrc-users%NetBSD.org@localhost
@@ -25,7 +25,7 @@
 TEST_TARGET=           test
 
 .include "../../mk/bsd.prefs.mk"
-.if "${OPSYS}" == "Darwin"
+.if ${OPSYS} == "Darwin"
 MAKE_FLAGS+=           SOEXT=.dylib
 MAKE_FLAGS+=           SOLIBS=-install_name\ ${PREFIX}/lib/liblmdb.dylib
 .endif
diff -r 050e8cafe8a5 -r 9877e2e744be databases/lmdb/distinfo
--- a/databases/lmdb/distinfo   Sat Aug 03 06:45:08 2019 +0000
+++ b/databases/lmdb/distinfo   Sat Aug 03 06:46:52 2019 +0000
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.6 2018/12/20 17:55:24 adam Exp $
+$NetBSD: distinfo,v 1.7 2019/08/03 06:46:52 adam Exp $
 
-SHA1 (openldap-2.4.47.tgz) = c59d52dd75f7d1c7b02f83725da36c322d439674
-RMD160 (openldap-2.4.47.tgz) = c228e5d55019c90aaeceeda32980e52cd7a0a4a6
-SHA512 (openldap-2.4.47.tgz) = d424079e34207e3d24383a2bea70a07ded40714982a6767174d2b2cb208cd94feab5ef12157accae915b8e404e5773a7547aaef65f06b44dc3cc09c6a64d5a11
-Size (openldap-2.4.47.tgz) = 5699678 bytes
+SHA1 (openldap-2.4.48.tgz) = c1984e80f6db038b317bf931866adb38e5537dcd
+RMD160 (openldap-2.4.48.tgz) = c91aa87634856d84386d2d8498b647ea2b1b7521
+SHA512 (openldap-2.4.48.tgz) = cf694a415be0bd55cc7f606099da2ed461748efd276561944cd29d7f5a8252a9be799d8778fac2d4fa9f382731eb4ca48c6b85630cb58a3b8249843561ae8feb
+Size (openldap-2.4.48.tgz) = 5704883 bytes
 SHA1 (patch-libraries_liblmdb_Makefile) = 6b2f0bb477b17b073095d499ff4496f3b30dc08f
diff -r 050e8cafe8a5 -r 9877e2e744be databases/openldap-client/Makefile
--- a/databases/openldap-client/Makefile        Sat Aug 03 06:45:08 2019 +0000
+++ b/databases/openldap-client/Makefile        Sat Aug 03 06:46:52 2019 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.27 2019/05/02 10:59:13 jperkin Exp $
+# $NetBSD: Makefile,v 1.28 2019/08/03 06:46:52 adam Exp $
 
 PKGNAME=       ${DISTNAME:S/-/-client-/}
-PKGREVISION=   1
 COMMENT=       Lightweight Directory Access Protocol libraries and client programs
 
 CONFLICTS+=            openldap<2.3.23nb1
diff -r 050e8cafe8a5 -r 9877e2e744be databases/openldap-client/PLIST
--- a/databases/openldap-client/PLIST   Sat Aug 03 06:45:08 2019 +0000
+++ b/databases/openldap-client/PLIST   Sat Aug 03 06:46:52 2019 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.11 2018/04/02 13:40:44 adam Exp $
+@comment $NetBSD: PLIST,v 1.12 2019/08/03 06:46:52 adam Exp $
 bin/ldapadd
 bin/ldapcompare
 bin/ldapdelete
@@ -17,6 +17,7 @@
 include/ldap_schema.h
 include/ldap_utf8.h
 include/ldif.h
+include/openldap.h
 include/slapi-plugin.h
 lib/liblber.la
 lib/libldap.la
diff -r 050e8cafe8a5 -r 9877e2e744be databases/openldap-doc/distinfo
--- a/databases/openldap-doc/distinfo   Sat Aug 03 06:45:08 2019 +0000
+++ b/databases/openldap-doc/distinfo   Sat Aug 03 06:46:52 2019 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.19 2018/12/20 17:54:09 adam Exp $
+$NetBSD: distinfo,v 1.20 2019/08/03 06:46:52 adam Exp $
 
-SHA1 (openldap-2.4.47.tgz) = c59d52dd75f7d1c7b02f83725da36c322d439674
-RMD160 (openldap-2.4.47.tgz) = c228e5d55019c90aaeceeda32980e52cd7a0a4a6
-SHA512 (openldap-2.4.47.tgz) = d424079e34207e3d24383a2bea70a07ded40714982a6767174d2b2cb208cd94feab5ef12157accae915b8e404e5773a7547aaef65f06b44dc3cc09c6a64d5a11
-Size (openldap-2.4.47.tgz) = 5699678 bytes
+SHA1 (openldap-2.4.48.tgz) = c1984e80f6db038b317bf931866adb38e5537dcd
+RMD160 (openldap-2.4.48.tgz) = c91aa87634856d84386d2d8498b647ea2b1b7521
+SHA512 (openldap-2.4.48.tgz) = cf694a415be0bd55cc7f606099da2ed461748efd276561944cd29d7f5a8252a9be799d8778fac2d4fa9f382731eb4ca48c6b85630cb58a3b8249843561ae8feb
+Size (openldap-2.4.48.tgz) = 5704883 bytes
diff -r 050e8cafe8a5 -r 9877e2e744be databases/openldap/Makefile.version
--- a/databases/openldap/Makefile.version       Sat Aug 03 06:45:08 2019 +0000
+++ b/databases/openldap/Makefile.version       Sat Aug 03 06:46:52 2019 +0000
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile.version,v 1.16 2018/12/20 17:54:09 adam Exp $
+# $NetBSD: Makefile.version,v 1.17 2019/08/03 06:46:52 adam Exp $
 # used by databases/lmdb/Makefile
 # used by databases/openldap/Makefile
 # used by databases/openldap/Makefile.common
 # used by databases/openldap-docs/Makefile
 
-OPENLDAP_VERSION=      2.4.47
+OPENLDAP_VERSION=      2.4.48
 
 DISTNAME=      openldap-${OPENLDAP_VERSION}
 MASTER_SITES=  ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/
diff -r 050e8cafe8a5 -r 9877e2e744be databases/openldap/distinfo
--- a/databases/openldap/distinfo       Sat Aug 03 06:45:08 2019 +0000
+++ b/databases/openldap/distinfo       Sat Aug 03 06:46:52 2019 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.112 2018/12/20 17:54:09 adam Exp $
+$NetBSD: distinfo,v 1.113 2019/08/03 06:46:52 adam Exp $
 
-SHA1 (openldap-2.4.47.tgz) = c59d52dd75f7d1c7b02f83725da36c322d439674
-RMD160 (openldap-2.4.47.tgz) = c228e5d55019c90aaeceeda32980e52cd7a0a4a6
-SHA512 (openldap-2.4.47.tgz) = d424079e34207e3d24383a2bea70a07ded40714982a6767174d2b2cb208cd94feab5ef12157accae915b8e404e5773a7547aaef65f06b44dc3cc09c6a64d5a11
-Size (openldap-2.4.47.tgz) = 5699678 bytes
+SHA1 (openldap-2.4.48.tgz) = c1984e80f6db038b317bf931866adb38e5537dcd
+RMD160 (openldap-2.4.48.tgz) = c91aa87634856d84386d2d8498b647ea2b1b7521
+SHA512 (openldap-2.4.48.tgz) = cf694a415be0bd55cc7f606099da2ed461748efd276561944cd29d7f5a8252a9be799d8778fac2d4fa9f382731eb4ca48c6b85630cb58a3b8249843561ae8feb
+Size (openldap-2.4.48.tgz) = 5704883 bytes
 SHA1 (patch-ac) = 2995c518278b363bf9657e181c2340d3024d5980
 SHA1 (patch-ad) = 24e7ec27d592dd76bdec1e4805801c5304951daf
 SHA1 (patch-af) = 2e00b01bd813e73bdc1fb764a02e98d7755703de
@@ -18,7 +18,6 @@
 SHA1 (patch-contrib_slapd-modules_nops_slapo-nops.5) = f32352f19361b7e9aa5b038ae8578def7c08fa47
 SHA1 (patch-da) = 75e26bd08c6e66b69192ebfbb36db974d391ec3e
 SHA1 (patch-dd) = 9c74118ff0b2232bda729c9917082fceef41dd16
-SHA1 (patch-its7595) = 941b055bb5ac1f963b9d39384d3627a32f531cf1
 SHA1 (patch-its8885) = f70666e1a44499013c93fe9bd0d8198b5bffe11c
 SHA1 (patch-libraries_libldap_os-local.c) = 7cd4f8638456fae12499de0d36d7802e47d3d688
 SHA1 (patch-libraries_libldap_tls__m.c) = 91dab1dcfa6560c30093094586ea9eabf2e977b8
diff -r 050e8cafe8a5 -r 9877e2e744be databases/openldap/patches/patch-its7595
--- a/databases/openldap/patches/patch-its7595  Sat Aug 03 06:45:08 2019 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,250 +0,0 @@
-$NetBSD: patch-its7595,v 1.2 2017/06/02 08:29:56 adam Exp $
-
-ECDH support from upstream
-
-From e631ce808ed56119e61321463d06db7999ba5a08 Mon Sep 17 00:00:00 2001
-From: Howard Chu <hyc%openldap.org@localhost>
-Date: Sat, 7 Sep 2013 09:47:19 -0700
-Subject: [PATCH] ITS#7595 Add Elliptic Curve support for OpenSSL
-
-From 9562ad00bd7f965df721bc22ac905bc759298a27 Mon Sep 17 00:00:00 2001
-From: Howard Chu <hyc%openldap.org@localhost>
-Date: Sat, 7 Sep 2013 10:13:40 -0700
-Subject: [PATCH] ITS#7595 more doc for elliptic curve
-
-From 721e46fe6695077d63a3df6ea2e397920a72308d Mon Sep 17 00:00:00 2001
-From: Howard Chu <hyc%openldap.org@localhost>
-Date: Sun, 8 Sep 2013 06:32:23 -0700
-Subject: [PATCH] ITS#7595 don't try to use EC if OpenSSL lacks it
-
---- doc/guide/admin/tls.sdf.orig
-+++ doc/guide/admin/tls.sdf
-@@ -203,6 +203,18 @@
- 
- This directive is ignored with Mozilla NSS.
- 
-+H4: TLSECName <name>
-+
-+This directive specifies the curve to use for Elliptic Curve
-+Diffie-Hellman ephemeral key exchange.  This is required in order
-+to use ECDHE-based cipher suites in OpenSSL.  The names of supported
-+curves may be shown using the following command
-+
-+>     openssl ecparam -list_curves
-+
-+This directive is not used for GnuTLS and is ignored with Mozilla NSS.
-+For GnuTLS the curves may be specified in the ciphersuite.
-+
- H4: TLSVerifyClient { never | allow | try | demand }
- 
- This directive specifies what checks to perform on client certificates
---- doc/man/man5/slapd-config.5.orig
-+++ doc/man/man5/slapd-config.5
-@@ -922,6 +922,13 @@
- When using Mozilla NSS these parameters are always generated randomly
- so this directive is ignored.
- .TP
-+.B olcTLSECName: <name>
-+Specify the name of a curve to use for Elliptic curve Diffie-Hellman
-+ephemeral key exchange.  This is required to enable ECDHE algorithms in
-+OpenSSL.  This option is not used with GnuTLS; the curves may be
-+chosen in the GnuTLS ciphersuite specification. This option is also
-+ignored for Mozilla NSS.
-+.TP
- .B olcTLSProtocolMin: <major>[.<minor>]
- Specifies minimum SSL/TLS protocol version that will be negotiated.
- If the server doesn't support at least that version,
---- doc/man/man5/slapd.conf.5.orig
-+++ doc/man/man5/slapd.conf.5
-@@ -1153,6 +1153,13 @@
- When using Mozilla NSS these parameters are always generated randomly
- so this directive is ignored.
- .TP
-+.B TLSECName <name>
-+Specify the name of a curve to use for Elliptic curve Diffie-Hellman
-+ephemeral key exchange.  This is required to enable ECDHE algorithms in
-+OpenSSL.  This option is not used with GnuTLS; the curves may be
-+chosen in the GnuTLS ciphersuite specification. This option is also
-+ignored for Mozilla NSS.
-+.TP
- .B TLSProtocolMin <major>[.<minor>]
- Specifies minimum SSL/TLS protocol version that will be negotiated.
- If the server doesn't support at least that version,
---- include/ldap.h.orig
-+++ include/ldap.h
-@@ -158,6 +158,7 @@
- #define LDAP_OPT_X_TLS_NEWCTX         0x600f
- #define LDAP_OPT_X_TLS_CRLFILE                0x6010  /* GNUtls only */
- #define LDAP_OPT_X_TLS_PACKAGE                0x6011
-+#define LDAP_OPT_X_TLS_ECNAME         0x6012
- 
- #define LDAP_OPT_X_TLS_NEVER  0
- #define LDAP_OPT_X_TLS_HARD           1
---- libraries/libldap/ldap-int.h.orig
-+++ libraries/libldap/ldap-int.h
-@@ -165,6 +165,7 @@
-       char            *lt_ciphersuite;
-       char            *lt_crlfile;
-       char            *lt_randfile;   /* OpenSSL only */
-+      char            *lt_ecname;             /* OpenSSL only */
-       int             lt_protocol_min;
- };
- #endif
-@@ -250,6 +251,7 @@
- #define ldo_tls_certfile      ldo_tls_info.lt_certfile
- #define ldo_tls_keyfile       ldo_tls_info.lt_keyfile
- #define ldo_tls_dhfile        ldo_tls_info.lt_dhfile
-+#define ldo_tls_ecname        ldo_tls_info.lt_ecname
- #define ldo_tls_cacertfile    ldo_tls_info.lt_cacertfile
- #define ldo_tls_cacertdir     ldo_tls_info.lt_cacertdir
- #define ldo_tls_ciphersuite   ldo_tls_info.lt_ciphersuite
---- libraries/libldap/tls2.c.orig
-+++ libraries/libldap/tls2.c
-@@ -118,6 +118,10 @@
-               LDAP_FREE( lo->ldo_tls_dhfile );
-               lo->ldo_tls_dhfile = NULL;
-       }
-+      if ( lo->ldo_tls_ecname ) {
-+              LDAP_FREE( lo->ldo_tls_ecname );
-+              lo->ldo_tls_ecname = NULL;
-+      }
-       if ( lo->ldo_tls_cacertfile ) {
-               LDAP_FREE( lo->ldo_tls_cacertfile );
-               lo->ldo_tls_cacertfile = NULL;
-@@ -232,6 +236,10 @@
-               lts.lt_dhfile = LDAP_STRDUP( lts.lt_dhfile );
-               __atoe( lts.lt_dhfile );
-       }
-+      if ( lts.lt_ecname ) {
-+              lts.lt_ecname = LDAP_STRDUP( lts.lt_ecname );
-+              __atoe( lts.lt_ecname );
-+      }
- #endif
-       lo->ldo_tls_ctx = ti->ti_ctx_new( lo );
-       if ( lo->ldo_tls_ctx == NULL ) {
-@@ -257,6 +265,7 @@
-       LDAP_FREE( lts.lt_crlfile );
-       LDAP_FREE( lts.lt_cacertdir );
-       LDAP_FREE( lts.lt_dhfile );
-+      LDAP_FREE( lts.lt_ecname );
- #endif
-       return rc;
- }
-@@ -634,6 +643,10 @@
-               *(char **)arg = lo->ldo_tls_dhfile ?
-                       LDAP_STRDUP( lo->ldo_tls_dhfile ) : NULL;
-               break;
-+      case LDAP_OPT_X_TLS_ECNAME:
-+              *(char **)arg = lo->ldo_tls_ecname ?
-+                      LDAP_STRDUP( lo->ldo_tls_ecname ) : NULL;
-+              break;
-       case LDAP_OPT_X_TLS_CRLFILE:    /* GnuTLS only */
-               *(char **)arg = lo->ldo_tls_crlfile ?
-                       LDAP_STRDUP( lo->ldo_tls_crlfile ) : NULL;
-@@ -753,6 +766,10 @@
-               if ( lo->ldo_tls_dhfile ) LDAP_FREE( lo->ldo_tls_dhfile );
-               lo->ldo_tls_dhfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
-               return 0;
-+      case LDAP_OPT_X_TLS_ECNAME:
-+              if ( lo->ldo_tls_ecname ) LDAP_FREE( lo->ldo_tls_ecname );
-+              lo->ldo_tls_ecname = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
-+              return 0;
-       case LDAP_OPT_X_TLS_CRLFILE:    /* GnuTLS only */
-               if ( lo->ldo_tls_crlfile ) LDAP_FREE( lo->ldo_tls_crlfile );
-               lo->ldo_tls_crlfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
---- libraries/libldap/tls_o.c.orig
-+++ libraries/libldap/tls_o.c
-@@ -327,10 +327,9 @@
-               return -1;
-       }
- 
--      if ( lo->ldo_tls_dhfile ) {
--              DH *dh = NULL;
-+      if ( is_server && lo->ldo_tls_dhfile ) {
-+              DH *dh;
-               BIO *bio;
--              SSL_CTX_set_options( ctx, SSL_OP_SINGLE_DH_USE );
- 
-               if (( bio=BIO_new_file( lt->lt_dhfile,"r" )) == NULL ) {
-                       Debug( LDAP_DEBUG_ANY,
-@@ -349,6 +348,38 @@



Home | Main Index | Thread Index | Old Index