pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/databases openldap: updated to 2.4.48
details: https://anonhg.NetBSD.org/pkgsrc/rev/9877e2e744be
branches: trunk
changeset: 399112:9877e2e744be
user: adam <adam%pkgsrc.org@localhost>
date: Sat Aug 03 06:46:52 2019 +0000
description:
openldap: updated to 2.4.48
OpenLDAP 2.4.48
Added libldap OpenSSL Elliptic Curve support
Added libldap Expose OpenLDAP specific interfaces via openldap.h
Added slapd-monitor support for slapd-mdb
Fixed liblber leaks
Fixed liblber with partial flush
Fixed libldap ASYNC TLS so it works
Fixed libldap ASYNC connections with Solaris 10
Fixed libldap with SASL_NOCANON=on and ldapi connections
Fixed libldap to be able to unset syncrepl TLS options
Fixed libldap race condition in ldap_int_initialize
Fixed libldap return code in ldap_create_assertion_control_value
Fixed libldap to correctly disable IPv6 when configured to do so
Fixed libldap to correctly close TLS connection
Fixed libldap_r handling of deprecated OpenSSL function
Fixed liblunicode case correspondance
Fixed slapd with an idletimeout of less than four seconds
Fixed slapd config parser variable for Windows64
Fixed slapd syncrepl fallback handling with delta-syncrepl
Fixed slapd telephoneNumberNormalize, cert DN validation
Fixed slapd syncrepl for relax with delta-syncrepl
Fixed slapd to restrict rootDN proxyauthz to its own databases
Fixed slapd to initialize SASL SSF per connection
Fixed slapo-accesslog with SLAP_MOD_SOFT modifications
Fixed slapd-ldap starttls connections timeout behavior
Fixed slapd-ldap segfault when entry result doesn't match filter
Fixed slapd-meta conversion from slapd.conf to cn=config
Fixed slapd-meta assertion when network interface goes down
Fixed slapd-mdb fix bitshift integer overflow
Fixed slapd-mdb index cleanup with cn=config
Fixed slapd-mdb to improve performance with alias deref
Fixed slapo-accesslog possible assert with exops
Fixed slapo-chain to correctly reject multiple chaining URIs
Fixed slapo-chain conversion from slapd.conf to cn=config
Fixed slapo-memberof conversion from slapd.conf to cn=config
Fixed slapo-memberof for group name change to itself
Fixed slapo-ppolicy behavior when pwdInHistory is changed
Fixed slapo-rwm to not free original filter
Fixed slapo-syncprov contextCSN generation
Build Environment
Fixed slapd to only link to BDB libraries with static build
Fixed libldap implicit declaration with LDAP_CONNECTIONLESS
Fixed libldap double inclusion of limits.h in cyrus.c
Documentation
General - Fixed minor typos
admin24 - Miscellaneous updates promoting mdb and fixing examples
slapd.access(5) - Note MDB is the primary backend
slapd.backends(5) - Note MDB is the recommended backend
slapd-ldap(5) - Document starttls parameter
Contrib
Added slapo-lastbind capability to forward authTimestamp updates
diffstat:
databases/lmdb/Makefile | 6 +-
databases/lmdb/distinfo | 10 +-
databases/openldap-client/Makefile | 3 +-
databases/openldap-client/PLIST | 3 +-
databases/openldap-doc/distinfo | 10 +-
databases/openldap/Makefile.version | 4 +-
databases/openldap/distinfo | 11 +-
databases/openldap/patches/patch-its7595 | 250 -------------------------------
8 files changed, 23 insertions(+), 274 deletions(-)
diffs (truncated from 380 to 300 lines):
diff -r 050e8cafe8a5 -r 9877e2e744be databases/lmdb/Makefile
--- a/databases/lmdb/Makefile Sat Aug 03 06:45:08 2019 +0000
+++ b/databases/lmdb/Makefile Sat Aug 03 06:46:52 2019 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.8 2018/12/20 17:55:24 adam Exp $
+# $NetBSD: Makefile,v 1.9 2019/08/03 06:46:52 adam Exp $
.include "../../databases/openldap/Makefile.version"
# get the version from libraries/liblmdb/lmdb.h
-PKGNAME= lmdb-0.9.23
+PKGNAME= lmdb-0.9.24
CATEGORIES= databases
MAINTAINER= pkgsrc-users%NetBSD.org@localhost
@@ -25,7 +25,7 @@
TEST_TARGET= test
.include "../../mk/bsd.prefs.mk"
-.if "${OPSYS}" == "Darwin"
+.if ${OPSYS} == "Darwin"
MAKE_FLAGS+= SOEXT=.dylib
MAKE_FLAGS+= SOLIBS=-install_name\ ${PREFIX}/lib/liblmdb.dylib
.endif
diff -r 050e8cafe8a5 -r 9877e2e744be databases/lmdb/distinfo
--- a/databases/lmdb/distinfo Sat Aug 03 06:45:08 2019 +0000
+++ b/databases/lmdb/distinfo Sat Aug 03 06:46:52 2019 +0000
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.6 2018/12/20 17:55:24 adam Exp $
+$NetBSD: distinfo,v 1.7 2019/08/03 06:46:52 adam Exp $
-SHA1 (openldap-2.4.47.tgz) = c59d52dd75f7d1c7b02f83725da36c322d439674
-RMD160 (openldap-2.4.47.tgz) = c228e5d55019c90aaeceeda32980e52cd7a0a4a6
-SHA512 (openldap-2.4.47.tgz) = d424079e34207e3d24383a2bea70a07ded40714982a6767174d2b2cb208cd94feab5ef12157accae915b8e404e5773a7547aaef65f06b44dc3cc09c6a64d5a11
-Size (openldap-2.4.47.tgz) = 5699678 bytes
+SHA1 (openldap-2.4.48.tgz) = c1984e80f6db038b317bf931866adb38e5537dcd
+RMD160 (openldap-2.4.48.tgz) = c91aa87634856d84386d2d8498b647ea2b1b7521
+SHA512 (openldap-2.4.48.tgz) = cf694a415be0bd55cc7f606099da2ed461748efd276561944cd29d7f5a8252a9be799d8778fac2d4fa9f382731eb4ca48c6b85630cb58a3b8249843561ae8feb
+Size (openldap-2.4.48.tgz) = 5704883 bytes
SHA1 (patch-libraries_liblmdb_Makefile) = 6b2f0bb477b17b073095d499ff4496f3b30dc08f
diff -r 050e8cafe8a5 -r 9877e2e744be databases/openldap-client/Makefile
--- a/databases/openldap-client/Makefile Sat Aug 03 06:45:08 2019 +0000
+++ b/databases/openldap-client/Makefile Sat Aug 03 06:46:52 2019 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.27 2019/05/02 10:59:13 jperkin Exp $
+# $NetBSD: Makefile,v 1.28 2019/08/03 06:46:52 adam Exp $
PKGNAME= ${DISTNAME:S/-/-client-/}
-PKGREVISION= 1
COMMENT= Lightweight Directory Access Protocol libraries and client programs
CONFLICTS+= openldap<2.3.23nb1
diff -r 050e8cafe8a5 -r 9877e2e744be databases/openldap-client/PLIST
--- a/databases/openldap-client/PLIST Sat Aug 03 06:45:08 2019 +0000
+++ b/databases/openldap-client/PLIST Sat Aug 03 06:46:52 2019 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.11 2018/04/02 13:40:44 adam Exp $
+@comment $NetBSD: PLIST,v 1.12 2019/08/03 06:46:52 adam Exp $
bin/ldapadd
bin/ldapcompare
bin/ldapdelete
@@ -17,6 +17,7 @@
include/ldap_schema.h
include/ldap_utf8.h
include/ldif.h
+include/openldap.h
include/slapi-plugin.h
lib/liblber.la
lib/libldap.la
diff -r 050e8cafe8a5 -r 9877e2e744be databases/openldap-doc/distinfo
--- a/databases/openldap-doc/distinfo Sat Aug 03 06:45:08 2019 +0000
+++ b/databases/openldap-doc/distinfo Sat Aug 03 06:46:52 2019 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.19 2018/12/20 17:54:09 adam Exp $
+$NetBSD: distinfo,v 1.20 2019/08/03 06:46:52 adam Exp $
-SHA1 (openldap-2.4.47.tgz) = c59d52dd75f7d1c7b02f83725da36c322d439674
-RMD160 (openldap-2.4.47.tgz) = c228e5d55019c90aaeceeda32980e52cd7a0a4a6
-SHA512 (openldap-2.4.47.tgz) = d424079e34207e3d24383a2bea70a07ded40714982a6767174d2b2cb208cd94feab5ef12157accae915b8e404e5773a7547aaef65f06b44dc3cc09c6a64d5a11
-Size (openldap-2.4.47.tgz) = 5699678 bytes
+SHA1 (openldap-2.4.48.tgz) = c1984e80f6db038b317bf931866adb38e5537dcd
+RMD160 (openldap-2.4.48.tgz) = c91aa87634856d84386d2d8498b647ea2b1b7521
+SHA512 (openldap-2.4.48.tgz) = cf694a415be0bd55cc7f606099da2ed461748efd276561944cd29d7f5a8252a9be799d8778fac2d4fa9f382731eb4ca48c6b85630cb58a3b8249843561ae8feb
+Size (openldap-2.4.48.tgz) = 5704883 bytes
diff -r 050e8cafe8a5 -r 9877e2e744be databases/openldap/Makefile.version
--- a/databases/openldap/Makefile.version Sat Aug 03 06:45:08 2019 +0000
+++ b/databases/openldap/Makefile.version Sat Aug 03 06:46:52 2019 +0000
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile.version,v 1.16 2018/12/20 17:54:09 adam Exp $
+# $NetBSD: Makefile.version,v 1.17 2019/08/03 06:46:52 adam Exp $
# used by databases/lmdb/Makefile
# used by databases/openldap/Makefile
# used by databases/openldap/Makefile.common
# used by databases/openldap-docs/Makefile
-OPENLDAP_VERSION= 2.4.47
+OPENLDAP_VERSION= 2.4.48
DISTNAME= openldap-${OPENLDAP_VERSION}
MASTER_SITES= ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/
diff -r 050e8cafe8a5 -r 9877e2e744be databases/openldap/distinfo
--- a/databases/openldap/distinfo Sat Aug 03 06:45:08 2019 +0000
+++ b/databases/openldap/distinfo Sat Aug 03 06:46:52 2019 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.112 2018/12/20 17:54:09 adam Exp $
+$NetBSD: distinfo,v 1.113 2019/08/03 06:46:52 adam Exp $
-SHA1 (openldap-2.4.47.tgz) = c59d52dd75f7d1c7b02f83725da36c322d439674
-RMD160 (openldap-2.4.47.tgz) = c228e5d55019c90aaeceeda32980e52cd7a0a4a6
-SHA512 (openldap-2.4.47.tgz) = d424079e34207e3d24383a2bea70a07ded40714982a6767174d2b2cb208cd94feab5ef12157accae915b8e404e5773a7547aaef65f06b44dc3cc09c6a64d5a11
-Size (openldap-2.4.47.tgz) = 5699678 bytes
+SHA1 (openldap-2.4.48.tgz) = c1984e80f6db038b317bf931866adb38e5537dcd
+RMD160 (openldap-2.4.48.tgz) = c91aa87634856d84386d2d8498b647ea2b1b7521
+SHA512 (openldap-2.4.48.tgz) = cf694a415be0bd55cc7f606099da2ed461748efd276561944cd29d7f5a8252a9be799d8778fac2d4fa9f382731eb4ca48c6b85630cb58a3b8249843561ae8feb
+Size (openldap-2.4.48.tgz) = 5704883 bytes
SHA1 (patch-ac) = 2995c518278b363bf9657e181c2340d3024d5980
SHA1 (patch-ad) = 24e7ec27d592dd76bdec1e4805801c5304951daf
SHA1 (patch-af) = 2e00b01bd813e73bdc1fb764a02e98d7755703de
@@ -18,7 +18,6 @@
SHA1 (patch-contrib_slapd-modules_nops_slapo-nops.5) = f32352f19361b7e9aa5b038ae8578def7c08fa47
SHA1 (patch-da) = 75e26bd08c6e66b69192ebfbb36db974d391ec3e
SHA1 (patch-dd) = 9c74118ff0b2232bda729c9917082fceef41dd16
-SHA1 (patch-its7595) = 941b055bb5ac1f963b9d39384d3627a32f531cf1
SHA1 (patch-its8885) = f70666e1a44499013c93fe9bd0d8198b5bffe11c
SHA1 (patch-libraries_libldap_os-local.c) = 7cd4f8638456fae12499de0d36d7802e47d3d688
SHA1 (patch-libraries_libldap_tls__m.c) = 91dab1dcfa6560c30093094586ea9eabf2e977b8
diff -r 050e8cafe8a5 -r 9877e2e744be databases/openldap/patches/patch-its7595
--- a/databases/openldap/patches/patch-its7595 Sat Aug 03 06:45:08 2019 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,250 +0,0 @@
-$NetBSD: patch-its7595,v 1.2 2017/06/02 08:29:56 adam Exp $
-
-ECDH support from upstream
-
-From e631ce808ed56119e61321463d06db7999ba5a08 Mon Sep 17 00:00:00 2001
-From: Howard Chu <hyc%openldap.org@localhost>
-Date: Sat, 7 Sep 2013 09:47:19 -0700
-Subject: [PATCH] ITS#7595 Add Elliptic Curve support for OpenSSL
-
-From 9562ad00bd7f965df721bc22ac905bc759298a27 Mon Sep 17 00:00:00 2001
-From: Howard Chu <hyc%openldap.org@localhost>
-Date: Sat, 7 Sep 2013 10:13:40 -0700
-Subject: [PATCH] ITS#7595 more doc for elliptic curve
-
-From 721e46fe6695077d63a3df6ea2e397920a72308d Mon Sep 17 00:00:00 2001
-From: Howard Chu <hyc%openldap.org@localhost>
-Date: Sun, 8 Sep 2013 06:32:23 -0700
-Subject: [PATCH] ITS#7595 don't try to use EC if OpenSSL lacks it
-
---- doc/guide/admin/tls.sdf.orig
-+++ doc/guide/admin/tls.sdf
-@@ -203,6 +203,18 @@
-
- This directive is ignored with Mozilla NSS.
-
-+H4: TLSECName <name>
-+
-+This directive specifies the curve to use for Elliptic Curve
-+Diffie-Hellman ephemeral key exchange. This is required in order
-+to use ECDHE-based cipher suites in OpenSSL. The names of supported
-+curves may be shown using the following command
-+
-+> openssl ecparam -list_curves
-+
-+This directive is not used for GnuTLS and is ignored with Mozilla NSS.
-+For GnuTLS the curves may be specified in the ciphersuite.
-+
- H4: TLSVerifyClient { never | allow | try | demand }
-
- This directive specifies what checks to perform on client certificates
---- doc/man/man5/slapd-config.5.orig
-+++ doc/man/man5/slapd-config.5
-@@ -922,6 +922,13 @@
- When using Mozilla NSS these parameters are always generated randomly
- so this directive is ignored.
- .TP
-+.B olcTLSECName: <name>
-+Specify the name of a curve to use for Elliptic curve Diffie-Hellman
-+ephemeral key exchange. This is required to enable ECDHE algorithms in
-+OpenSSL. This option is not used with GnuTLS; the curves may be
-+chosen in the GnuTLS ciphersuite specification. This option is also
-+ignored for Mozilla NSS.
-+.TP
- .B olcTLSProtocolMin: <major>[.<minor>]
- Specifies minimum SSL/TLS protocol version that will be negotiated.
- If the server doesn't support at least that version,
---- doc/man/man5/slapd.conf.5.orig
-+++ doc/man/man5/slapd.conf.5
-@@ -1153,6 +1153,13 @@
- When using Mozilla NSS these parameters are always generated randomly
- so this directive is ignored.
- .TP
-+.B TLSECName <name>
-+Specify the name of a curve to use for Elliptic curve Diffie-Hellman
-+ephemeral key exchange. This is required to enable ECDHE algorithms in
-+OpenSSL. This option is not used with GnuTLS; the curves may be
-+chosen in the GnuTLS ciphersuite specification. This option is also
-+ignored for Mozilla NSS.
-+.TP
- .B TLSProtocolMin <major>[.<minor>]
- Specifies minimum SSL/TLS protocol version that will be negotiated.
- If the server doesn't support at least that version,
---- include/ldap.h.orig
-+++ include/ldap.h
-@@ -158,6 +158,7 @@
- #define LDAP_OPT_X_TLS_NEWCTX 0x600f
- #define LDAP_OPT_X_TLS_CRLFILE 0x6010 /* GNUtls only */
- #define LDAP_OPT_X_TLS_PACKAGE 0x6011
-+#define LDAP_OPT_X_TLS_ECNAME 0x6012
-
- #define LDAP_OPT_X_TLS_NEVER 0
- #define LDAP_OPT_X_TLS_HARD 1
---- libraries/libldap/ldap-int.h.orig
-+++ libraries/libldap/ldap-int.h
-@@ -165,6 +165,7 @@
- char *lt_ciphersuite;
- char *lt_crlfile;
- char *lt_randfile; /* OpenSSL only */
-+ char *lt_ecname; /* OpenSSL only */
- int lt_protocol_min;
- };
- #endif
-@@ -250,6 +251,7 @@
- #define ldo_tls_certfile ldo_tls_info.lt_certfile
- #define ldo_tls_keyfile ldo_tls_info.lt_keyfile
- #define ldo_tls_dhfile ldo_tls_info.lt_dhfile
-+#define ldo_tls_ecname ldo_tls_info.lt_ecname
- #define ldo_tls_cacertfile ldo_tls_info.lt_cacertfile
- #define ldo_tls_cacertdir ldo_tls_info.lt_cacertdir
- #define ldo_tls_ciphersuite ldo_tls_info.lt_ciphersuite
---- libraries/libldap/tls2.c.orig
-+++ libraries/libldap/tls2.c
-@@ -118,6 +118,10 @@
- LDAP_FREE( lo->ldo_tls_dhfile );
- lo->ldo_tls_dhfile = NULL;
- }
-+ if ( lo->ldo_tls_ecname ) {
-+ LDAP_FREE( lo->ldo_tls_ecname );
-+ lo->ldo_tls_ecname = NULL;
-+ }
- if ( lo->ldo_tls_cacertfile ) {
- LDAP_FREE( lo->ldo_tls_cacertfile );
- lo->ldo_tls_cacertfile = NULL;
-@@ -232,6 +236,10 @@
- lts.lt_dhfile = LDAP_STRDUP( lts.lt_dhfile );
- __atoe( lts.lt_dhfile );
- }
-+ if ( lts.lt_ecname ) {
-+ lts.lt_ecname = LDAP_STRDUP( lts.lt_ecname );
-+ __atoe( lts.lt_ecname );
-+ }
- #endif
- lo->ldo_tls_ctx = ti->ti_ctx_new( lo );
- if ( lo->ldo_tls_ctx == NULL ) {
-@@ -257,6 +265,7 @@
- LDAP_FREE( lts.lt_crlfile );
- LDAP_FREE( lts.lt_cacertdir );
- LDAP_FREE( lts.lt_dhfile );
-+ LDAP_FREE( lts.lt_ecname );
- #endif
- return rc;
- }
-@@ -634,6 +643,10 @@
- *(char **)arg = lo->ldo_tls_dhfile ?
- LDAP_STRDUP( lo->ldo_tls_dhfile ) : NULL;
- break;
-+ case LDAP_OPT_X_TLS_ECNAME:
-+ *(char **)arg = lo->ldo_tls_ecname ?
-+ LDAP_STRDUP( lo->ldo_tls_ecname ) : NULL;
-+ break;
- case LDAP_OPT_X_TLS_CRLFILE: /* GnuTLS only */
- *(char **)arg = lo->ldo_tls_crlfile ?
- LDAP_STRDUP( lo->ldo_tls_crlfile ) : NULL;
-@@ -753,6 +766,10 @@
- if ( lo->ldo_tls_dhfile ) LDAP_FREE( lo->ldo_tls_dhfile );
- lo->ldo_tls_dhfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
- return 0;
-+ case LDAP_OPT_X_TLS_ECNAME:
-+ if ( lo->ldo_tls_ecname ) LDAP_FREE( lo->ldo_tls_ecname );
-+ lo->ldo_tls_ecname = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
-+ return 0;
- case LDAP_OPT_X_TLS_CRLFILE: /* GnuTLS only */
- if ( lo->ldo_tls_crlfile ) LDAP_FREE( lo->ldo_tls_crlfile );
- lo->ldo_tls_crlfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
---- libraries/libldap/tls_o.c.orig
-+++ libraries/libldap/tls_o.c
-@@ -327,10 +327,9 @@
- return -1;
- }
-
-- if ( lo->ldo_tls_dhfile ) {
-- DH *dh = NULL;
-+ if ( is_server && lo->ldo_tls_dhfile ) {
-+ DH *dh;
- BIO *bio;
-- SSL_CTX_set_options( ctx, SSL_OP_SINGLE_DH_USE );
-
- if (( bio=BIO_new_file( lt->lt_dhfile,"r" )) == NULL ) {
- Debug( LDAP_DEBUG_ANY,
-@@ -349,6 +348,38 @@
Home |
Main Index |
Thread Index |
Old Index