From 5b6c6a8f52ed715a1082d9e420e15388460a93dc Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Oct 31 2019 14:38:03 +0000 Subject: import compat-openldap-2.3.43-5.el7 --- diff --git a/.compat-openldap.metadata b/.compat-openldap.metadata new file mode 100644 index 0000000..49729eb --- /dev/null +++ b/.compat-openldap.metadata @@ -0,0 +1 @@ +796b5db37ae5243b84f7b9c11217bbec44e0da8c SOURCES/openldap-2.3.43.tgz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..408d856 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/openldap-2.3.43.tgz diff --git a/SOURCES/openldap-ai-addrconfig.patch b/SOURCES/openldap-ai-addrconfig.patch new file mode 100644 index 0000000..a0146ce --- /dev/null +++ b/SOURCES/openldap-ai-addrconfig.patch @@ -0,0 +1,29 @@ +use AI_ADDRCONFIG if defined in the environment + +Author: Jan Vcelak +Upstream ITS: #7326 +Resolves: #835013 + +--- + libraries/libldap/os-ip.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/libraries/libldap/os-ip.c b/libraries/libldap/os-ip.c +index c95f34f..fe531a7 100644 +--- a/libraries/libldap/os-ip.c ++++ b/libraries/libldap/os-ip.c +@@ -421,9 +421,8 @@ ldap_connect_to_host(LDAP *ld, Sockbuf *sb, + + #if defined( HAVE_GETADDRINFO ) && defined( HAVE_INET_NTOP ) + memset( &hints, '\0', sizeof(hints) ); +-#ifdef USE_AI_ATTRCONFIG /* FIXME: configure test needed */ +- /* Use AI_ATTRCONFIG only on systems where its known to be needed. */ +- hints.ai_flags = AI_ATTRCONFIG; ++#ifdef AI_ADDRCONFIG ++ hints.ai_flags = AI_ADDRCONFIG; + #endif + hints.ai_family = ldap_int_inet4or6; + hints.ai_socktype = socktype; +-- +1.7.10.4 + diff --git a/SOURCES/openldap-chase-referral.patch b/SOURCES/openldap-chase-referral.patch new file mode 100644 index 0000000..dabd42e --- /dev/null +++ b/SOURCES/openldap-chase-referral.patch @@ -0,0 +1,198 @@ +diff -up openldap-2.3.43/libraries/libldap/os-ip.c.orig openldap-2.3.43/libraries/libldap/os-ip.c +--- openldap-2.3.43/libraries/libldap/os-ip.c.orig 2008-05-19 19:28:54.000000000 -0400 ++++ openldap-2.3.43/libraries/libldap/os-ip.c 2009-07-29 17:01:32.000000000 -0400 +@@ -738,6 +738,9 @@ ldap_mark_select_read( LDAP *ld, Sockbuf + + sip = (struct selectinfo *)ld->ld_selectinfo; + ++ if (ber_sockbuf_ctrl( sb, LBER_SB_OPT_DATA_READY, NULL )) ++ return; ++ + ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_FD, &sd ); + + #ifdef HAVE_POLL +diff -up openldap-2.3.43/libraries/libldap/result.c.orig openldap-2.3.43/libraries/libldap/result.c +--- openldap-2.3.43/libraries/libldap/result.c.orig 2009-07-29 17:00:42.000000000 -0400 ++++ openldap-2.3.43/libraries/libldap/result.c 2009-07-29 18:10:35.000000000 -0400 +@@ -73,7 +73,7 @@ static int ldap_mark_abandoned LDAP_P(( + static int wait4msg LDAP_P(( LDAP *ld, ber_int_t msgid, int all, struct timeval *timeout, + LDAPMessage **result )); + static ber_tag_t try_read1msg LDAP_P(( LDAP *ld, ber_int_t msgid, +- int all, LDAPConn **lc, LDAPMessage **result )); ++ int all, LDAPConn *lc, LDAPMessage **result )); + static ber_tag_t build_result_ber LDAP_P(( LDAP *ld, BerElement **bp, LDAPRequest *lr )); + static void merge_error_info LDAP_P(( LDAP *ld, LDAPRequest *parentr, LDAPRequest *lr )); + static LDAPMessage * chkResponseList LDAP_P(( LDAP *ld, int msgid, int all)); +@@ -118,15 +118,9 @@ ldap_result( + #ifdef LDAP_R_COMPILE + ldap_pvt_thread_mutex_lock( &ld->ld_res_mutex ); + #endif +- lm = chkResponseList(ld, msgid, all); + +- if ( lm == NULL ) { +- rc = wait4msg( ld, msgid, all, timeout, result ); +- } else { +- *result = lm; +- ld->ld_errno = LDAP_SUCCESS; +- rc = lm->lm_msgtype; +- } ++ rc = wait4msg( ld, msgid, all, timeout, result ); ++ + #ifdef LDAP_R_COMPILE + ldap_pvt_thread_mutex_unlock( &ld->ld_res_mutex ); + #endif +@@ -233,7 +227,7 @@ wait4msg( + *tvp; + time_t start_time = 0; + time_t tmp_time; +- LDAPConn *lc; ++ LDAPConn *lc, *nextlc; + + assert( ld != NULL ); + assert( result != NULL ); +@@ -280,13 +274,6 @@ wait4msg( + for ( lc = ld->ld_conns; lc != NULL; lc = lc->lconn_next ) { + if ( ber_sockbuf_ctrl( lc->lconn_sb, + LBER_SB_OPT_DATA_READY, NULL ) ) { +-#ifdef LDAP_R_COMPILE +- ldap_pvt_thread_mutex_unlock( &ld->ld_conn_mutex ); +-#endif +- rc = try_read1msg( ld, msgid, all, &lc, result ); +-#ifdef LDAP_R_COMPILE +- ldap_pvt_thread_mutex_lock( &ld->ld_conn_mutex ); +-#endif + lc_ready = 1; + break; + } +@@ -319,7 +306,11 @@ wait4msg( + if ( rc == -1 ) { + rc = LDAP_MSG_X_KEEP_LOOKING; /* select interrupted: loop */ + } else { +- rc = LDAP_MSG_X_KEEP_LOOKING; ++ lc_ready = 1; ++ } ++ } ++ if ( lc_ready ) { ++ rc = LDAP_MSG_X_KEEP_LOOKING; + #ifdef LDAP_R_COMPILE + ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex ); + #endif +@@ -335,38 +326,43 @@ wait4msg( + ldap_pvt_thread_mutex_lock( &ld->ld_conn_mutex ); + #endif + for ( lc = ld->ld_conns; +- rc == LDAP_MSG_X_KEEP_LOOKING && lc != NULL; ) ++ rc == LDAP_MSG_X_KEEP_LOOKING && lc != NULL; ++ lc = nextlc ) + { + if ( lc->lconn_status == LDAP_CONNST_CONNECTED && + ldap_is_read_ready( ld, lc->lconn_sb )) + { ++ /* Don't let it get freed out from under us */ ++ ++lc->lconn_refcnt; + #ifdef LDAP_R_COMPILE + ldap_pvt_thread_mutex_unlock( &ld->ld_conn_mutex ); + #endif +- rc = try_read1msg( ld, msgid, all, &lc, result ); ++ rc = try_read1msg( ld, msgid, all, lc, result ); ++ nextlc = lc->lconn_next; ++ ++ /* Only take locks if we're really freeing */ ++ if ( lc->lconn_refcnt <= 1 ) { + #ifdef LDAP_R_COMPILE +- ldap_pvt_thread_mutex_lock( &ld->ld_conn_mutex ); ++ ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex ); + #endif +- if ( lc == NULL ) { +- /* if lc gets free()'d, +- * there's no guarantee +- * lc->lconn_next is still +- * sane; better restart +- * (ITS#4405) */ +- lc = ld->ld_conns; +- +- /* don't get to next conn! */ +- break; ++ ldap_free_connection( ld, lc, 0, 1 ); ++#ifdef LDAP_R_COMPILE ++ ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex ); ++#endif ++ } else { ++ --lc->lconn_refcnt; + } ++#ifdef LDAP_R_COMPILE ++ ldap_pvt_thread_mutex_lock( &ld->ld_conn_mutex ); ++#endif ++ } else { ++ /* next conn */ ++ nextlc = lc->lconn_next; + } +- +- /* next conn */ +- lc = lc->lconn_next; + } + #ifdef LDAP_R_COMPILE + ldap_pvt_thread_mutex_unlock( &ld->ld_conn_mutex ); + #endif +- } + } + } + +@@ -380,7 +376,6 @@ wait4msg( + if ( tv0.tv_sec <= delta_time ) { + rc = 0; /* timed out */ + ld->ld_errno = LDAP_TIMEOUT; +- break; + } + tv0.tv_sec -= delta_time; + tv.tv_sec = tv0.tv_sec; +@@ -400,7 +395,7 @@ try_read1msg( + LDAP *ld, + ber_int_t msgid, + int all, +- LDAPConn **lcp, ++ LDAPConn *lc, + LDAPMessage **result ) + { + BerElement *ber; +@@ -410,7 +405,6 @@ try_read1msg( + ber_len_t len; + int foundit = 0; + LDAPRequest *lr, *tmplr; +- LDAPConn *lc; + BerElement tmpber; + int rc, refer_cnt, hadref, simple_request, err; + ber_int_t lderr; +@@ -431,14 +425,11 @@ try_read1msg( + } v3ref; + + assert( ld != NULL ); +- assert( lcp != NULL ); +- assert( *lcp != NULL ); ++ assert( lc != NULL ); + + Debug( LDAP_DEBUG_TRACE, "read1msg: ld %p msgid %d all %d\n", + (void *)ld, msgid, all ); + +- lc = *lcp; +- + retry: + if ( lc->lconn_ber == NULL ) { + lc->lconn_ber = ldap_alloc_ber_with_options(ld); +@@ -839,14 +830,8 @@ lr->lr_res_matched ? lr->lr_res_matched + } + + if ( lc != NULL ) { +-#ifdef LDAP_R_COMPILE +- ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex ); +-#endif +- ldap_free_connection( ld, lc, 0, 1 ); +-#ifdef LDAP_R_COMPILE +- ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex ); +-#endif +- lc = *lcp = NULL; ++ --lc->lconn_refcnt; ++ lc = NULL; + } + } + } diff --git a/SOURCES/openldap-compat-macros.patch b/SOURCES/openldap-compat-macros.patch new file mode 100644 index 0000000..f6492c5 --- /dev/null +++ b/SOURCES/openldap-compat-macros.patch @@ -0,0 +1,26 @@ +--- openldap-2.3.43/libraries/libldap/os-ip.c.orig 2010-05-06 13:48:15.000000000 +0200 ++++ openldap-2.3.43/libraries/libldap/os-ip.c 2010-05-06 13:48:23.000000000 +0200 +@@ -652,7 +652,7 @@ ldap_host_connected_to( Sockbuf *sb, con + char *herr; + #ifdef NI_MAXHOST + char hbuf[NI_MAXHOST]; +-#elif defined( MAXHOSTNAMELEN ++#elif defined( MAXHOSTNAMELEN ) + char hbuf[MAXHOSTNAMELEN]; + #else + char hbuf[256]; +--- openldap-2.3.43/include/ldap_pvt_thread.h.orig 2010-05-06 14:35:45.000000000 +0200 ++++ openldap-2.3.43/include/ldap_pvt_thread.h 2010-05-06 14:36:08.000000000 +0200 +@@ -61,9 +61,11 @@ ldap_pvt_thread_set_concurrency LDAP_P(( + /* LARGE stack. Will be twice as large on 64 bit machine. */ + #define LDAP_PVT_THREAD_STACK_SIZE ( 1 * 1024 * 1024 * sizeof(void *) ) + /* May be explicitly defined to zero to disable it */ +-#elif LDAP_PVT_THREAD_STACK_SIZE == 0 ++#else ++#if LDAP_PVT_THREAD_STACK_SIZE == 0 + #undef LDAP_PVT_THREAD_SET_STACK_SIZE + #endif ++#endif + #endif /* !LDAP_PVT_THREAD_H_DONE */ + + LDAP_F( int ) diff --git a/SOURCES/openldap-config-sasl-options.patch b/SOURCES/openldap-config-sasl-options.patch new file mode 100644 index 0000000..f92b2b7 --- /dev/null +++ b/SOURCES/openldap-config-sasl-options.patch @@ -0,0 +1,15 @@ +SASL_MECH/SASL_REALM should be system configurable +--- openldap-2.3.27/libraries/libldap/init.c.orig 2007-04-26 16:37:02.000000000 +0200 ++++ openldap-2.3.27/libraries/libldap/init.c 2007-04-26 16:39:10.000000000 +0200 +@@ -81,9 +81,9 @@ + {0, ATTR_BOOL, "RESTART", NULL, LDAP_BOOL_RESTART}, + + #ifdef HAVE_CYRUS_SASL +- {1, ATTR_STRING, "SASL_MECH", NULL, ++ {0, ATTR_STRING, "SASL_MECH", NULL, + offsetof(struct ldapoptions, ldo_def_sasl_mech)}, +- {1, ATTR_STRING, "SASL_REALM", NULL, ++ {0, ATTR_STRING, "SASL_REALM", NULL, + offsetof(struct ldapoptions, ldo_def_sasl_realm)}, + {1, ATTR_STRING, "SASL_AUTHCID", NULL, + offsetof(struct ldapoptions, ldo_def_sasl_authcid)}, diff --git a/SOURCES/openldap-gethostbyXXXX_r.patch b/SOURCES/openldap-gethostbyXXXX_r.patch new file mode 100644 index 0000000..7fc9727 --- /dev/null +++ b/SOURCES/openldap-gethostbyXXXX_r.patch @@ -0,0 +1,29 @@ +The non-reentrant gethostbyXXXX() functions deadlock if called recursively, for +example if libldap needs to be initialized from within gethostbyXXXX() (which +actually happens if nss_ldap is used for hostname resolution and earlier +modules can't resolve the local host name), so use the reentrant versions of +the functions, even if we're not being compiled for use in libldap_r (patch +from Jeffery Layton, #179730). +diff -up openldap-2.4.11/libraries/libldap/util-int.c.patch7 openldap-2.4.11/libraries/libldap/util-int.c +--- openldap-2.4.11/libraries/libldap/util-int.c.patch7 2008-02-12 00:26:41.000000000 +0100 ++++ openldap-2.4.11/libraries/libldap/util-int.c 2008-09-01 09:57:09.000000000 +0200 +@@ -52,8 +52,8 @@ extern int h_errno; + #ifndef LDAP_R_COMPILE + # undef HAVE_REENTRANT_FUNCTIONS + # undef HAVE_CTIME_R +-# undef HAVE_GETHOSTBYNAME_R +-# undef HAVE_GETHOSTBYADDR_R ++/* # undef HAVE_GETHOSTBYNAME_R */ ++/* # undef HAVE_GETHOSTBYADDR_R */ + + #else + # include +@@ -110,7 +110,7 @@ char *ldap_pvt_ctime( const time_t *tp, + #define BUFSTART (1024-32) + #define BUFMAX (32*1024-32) + +-#if defined(LDAP_R_COMPILE) ++#if defined(LDAP_R_COMPILE) || defined(HAVE_GETHOSTBYNAME_R) && defined(HAVE_GETHOSTBYADDR_R) + static char *safe_realloc( char **buf, int len ); + + #if !(defined(HAVE_GETHOSTBYNAME_R) && defined(HAVE_GETHOSTBYADDR_R)) diff --git a/SOURCES/openldap-ldaprc.patch b/SOURCES/openldap-ldaprc.patch new file mode 100644 index 0000000..78974ea --- /dev/null +++ b/SOURCES/openldap-ldaprc.patch @@ -0,0 +1,13 @@ +diff -up openldap-2.4.11/libraries/libldap/init.c.patch2 openldap-2.4.11/libraries/libldap/init.c +--- openldap-2.4.11/libraries/libldap/init.c.patch2 2008-02-12 00:26:41.000000000 +0100 ++++ openldap-2.4.11/libraries/libldap/init.c 2008-09-01 09:57:09.000000000 +0200 +@@ -327,9 +327,6 @@ static void openldap_ldap_init_w_usercon + if(path != NULL) { + LDAP_FREE(path); + } +- +- /* try file */ +- openldap_ldap_init_w_conf(file, 1); + } + + static void openldap_ldap_init_w_env( diff --git a/SOURCES/openldap-network-timeout.patch b/SOURCES/openldap-network-timeout.patch new file mode 100644 index 0000000..d10c8ee --- /dev/null +++ b/SOURCES/openldap-network-timeout.patch @@ -0,0 +1,54 @@ +459132: RFE: CRM 1845142 'OpenLDAP libraries on RHEL 4 and failover' + +Source: upstream, cvs diff -r 1.105 -r 1.106 init.c + (+ delete other than NETWORK_TIMEOUT options) + +diff -up openldap-2.3.42/doc/man/man5/ldap.conf.5.network-timeout openldap-2.3.42/doc/man/man5/ldap.conf.5 +--- openldap-2.3.42/doc/man/man5/ldap.conf.5.network-timeout 2008-08-18 10:52:11.000000000 +0200 ++++ openldap-2.3.42/doc/man/man5/ldap.conf.5 2008-02-12 00:24:09.000000000 +0100 +@@ -86,6 +86,10 @@ list of hosts may be provided. + is deprecated in favor of + .BR URI . + .TP ++.B NETWORK_TIMEOUT ++Specifies the timeout (in seconds) after which the poll(2)/select(2) ++following a connect(2) returns in case of no activity. ++.TP + .B PORT + Specifies the default port used when connecting to LDAP servers(s). + The port may be specified as a number. +diff -up openldap-2.3.42/libraries/libldap/init.c.network-timeout openldap-2.3.42/libraries/libldap/init.c +--- openldap-2.3.42/libraries/libldap/init.c.network-timeout 2008-08-18 10:20:20.000000000 +0200 ++++ openldap-2.3.42/libraries/libldap/init.c 2008-08-18 10:48:37.000000000 +0200 +@@ -43,6 +43,8 @@ struct ldapoptions ldap_int_global_optio + #define ATTR_SASL 6 + #define ATTR_TLS 7 + ++#define ATTR_OPT_TV 8 ++ + struct ol_keyvalue { + const char * key; + int value; +@@ -63,6 +65,7 @@ static const struct ol_attribute { + const void * data; + size_t offset; + } attrs[] = { ++ {0, ATTR_OPT_TV, "NETWORK_TIMEOUT", NULL, LDAP_OPT_NETWORK_TIMEOUT}, + {0, ATTR_KV, "DEREF", deref_kv, /* or &deref_kv[0] */ + offsetof(struct ldapoptions, ldo_deref)}, + {0, ATTR_INT, "SIZELIMIT", NULL, +@@ -241,6 +244,14 @@ static void openldap_ldap_init_w_conf( + ldap_int_tls_config( NULL, attrs[i].offset, opt ); + #endif + break; ++ case ATTR_OPT_TV: { ++ struct timeval tv; ++ tv.tv_sec = atol( opt ); ++ tv.tv_usec = 0; ++ if ( tv.tv_sec > 0 ) { ++ (void)ldap_set_option( NULL, attrs[i].offset, (const void *)&tv); ++ } ++ } break; + } + + break; diff --git a/SOURCES/openldap-setugid.patch b/SOURCES/openldap-setugid.patch new file mode 100644 index 0000000..16c01fb --- /dev/null +++ b/SOURCES/openldap-setugid.patch @@ -0,0 +1,23 @@ +Don't read the user's configuration file if we're running in a setuid +or setgid application. +--- openldap-2.2.13/libraries/libldap/init.c 2004-06-15 11:51:32.000000000 -0400 ++++ openldap-2.2.13/libraries/libldap/init.c 2004-06-15 13:42:35.000000000 -0400 +@@ -572,10 +572,11 @@ + if( user != NULL ) { + gopts->ldo_def_sasl_authcid = LDAP_STRDUP( user ); + } +- } ++ } + #endif + + openldap_ldap_init_w_sysconf(LDAP_CONF_FILE); ++ if( ( getuid() == geteuid() ) && ( getgid() == getegid() ) ) { + openldap_ldap_init_w_userconf(LDAP_USERRC_FILE); + + { +@@ -605,4 +606,5 @@ + } + + openldap_ldap_init_w_env(gopts, NULL); ++ } + } diff --git a/SOURCES/openldap-tls-null-char.patch b/SOURCES/openldap-tls-null-char.patch new file mode 100644 index 0000000..60738a9 --- /dev/null +++ b/SOURCES/openldap-tls-null-char.patch @@ -0,0 +1,120 @@ +--- openldap-2.3.43/libraries/libldap/tls.c.orig 2010-02-08 13:58:47.000000000 +0100 ++++ openldap-2.3.43/libraries/libldap/tls.c 2010-02-08 14:10:37.000000000 +0100 +@@ -981,7 +981,7 @@ ldap_pvt_tls_check_hostname( LDAP *ld, v + X509 *x; + const char *name; + char *ptr; +- int ntype = IS_DNS; ++ int ntype = IS_DNS, nlen; + #ifdef LDAP_PF_INET6 + struct in6_addr addr; + #else +@@ -995,6 +995,7 @@ ldap_pvt_tls_check_hostname( LDAP *ld, v + } else { + name = name_in; + } ++ nlen = strlen(name); + + x = tls_get_cert((SSL *)s); + if (!x) { +@@ -1028,15 +1029,14 @@ ldap_pvt_tls_check_hostname( LDAP *ld, v + ex = X509_get_ext(x, i); + alt = X509V3_EXT_d2i(ex); + if (alt) { +- int n, len1 = 0, len2 = 0; ++ int n, len2 = 0; + char *domain = NULL; + GENERAL_NAME *gn; + + if (ntype == IS_DNS) { +- len1 = strlen(name); + domain = strchr(name, '.'); + if (domain) { +- len2 = len1 - (domain-name); ++ len2 = nlen - (domain-name); + } + } + n = sk_GENERAL_NAME_num(alt); +@@ -1054,7 +1054,7 @@ ldap_pvt_tls_check_hostname( LDAP *ld, v + if (sl == 0) continue; + + /* Is this an exact match? */ +- if ((len1 == sl) && !strncasecmp(name, sn, len1)) { ++ if ((nlen == sl) && !strncasecmp(name, sn, nlen)) { + break; + } + +@@ -1094,13 +1094,28 @@ ldap_pvt_tls_check_hostname( LDAP *ld, v + + if (ret != LDAP_SUCCESS) { + X509_NAME *xn; +- char buf[2048]; +- buf[0] = '\0'; ++ X509_NAME_ENTRY *ne; ++ ASN1_OBJECT *obj; ++ ASN1_STRING *cn = NULL; ++ int navas; ++ ++ /* find the last CN */ ++ obj = OBJ_nid2obj( NID_commonName ); ++ if ( !obj ) goto no_cn; /* should never happen */ + + xn = X509_get_subject_name(x); +- if( X509_NAME_get_text_by_NID( xn, NID_commonName, +- buf, sizeof(buf)) == -1) +- { ++ navas = X509_NAME_entry_count( xn ); ++ for ( i=navas-1; i>=0; i-- ) { ++ ne = X509_NAME_get_entry( xn, i ); ++ if ( !OBJ_cmp( ne->object, obj )) { ++ cn = X509_NAME_ENTRY_get_data( ne ); ++ break; ++ } ++ } ++ ++ if( !cn ) ++ { ++no_cn: + Debug( LDAP_DEBUG_ANY, + "TLS: unable to get common name from peer certificate.\n", + 0, 0, 0 ); +@@ -1111,21 +1126,20 @@ ldap_pvt_tls_check_hostname( LDAP *ld, v + ld->ld_error = LDAP_STRDUP( + _("TLS: unable to get CN from peer certificate")); + +- } else if (strcasecmp(name, buf) == 0 ) { ++ } else if ( cn->length == nlen && ++ strncasecmp( name, (char *) cn->data, nlen ) == 0 ) { + ret = LDAP_SUCCESS; + +- } else if (( buf[0] == '*' ) && ( buf[1] == '.' )) { ++ } else if (( cn->data[0] == '*' ) && ( cn->data[1] == '.' )) { + char *domain = strchr(name, '.'); + if( domain ) { +- size_t dlen = 0; +- size_t sl; ++ size_t dlen; + +- sl = strlen(name); +- dlen = sl - (domain-name); +- sl = strlen(buf); ++ dlen = nlen - (domain-name); + + /* Is this a wildcard match? */ +- if ((dlen == sl-1) && !strncasecmp(domain, &buf[1], dlen)) { ++ if ((dlen == cn->length-1) && ++ !strncasecmp(domain, (char *) &cn->data[1], dlen)) { + ret = LDAP_SUCCESS; + } + } +@@ -1133,8 +1147,8 @@ ldap_pvt_tls_check_hostname( LDAP *ld, v + + if( ret == LDAP_LOCAL_ERROR ) { + Debug( LDAP_DEBUG_ANY, "TLS: hostname (%s) does not match " +- "common name in certificate (%s).\n", +- name, buf, 0 ); ++ "common name in certificate (%.*s).\n", ++ name, cn->length, cn->data ); + ret = LDAP_CONNECT_ERROR; + if ( ld->ld_error ) { + LDAP_FREE( ld->ld_error ); diff --git a/SPECS/compat-openldap.spec b/SPECS/compat-openldap.spec new file mode 100644 index 0000000..a484f35 --- /dev/null +++ b/SPECS/compat-openldap.spec @@ -0,0 +1,141 @@ +%global _hardened_build 1 + +Summary: OpenLDAP compatibility shared libraries +Name: compat-openldap +Epoch: 1 +Version: 2.3.43 +Release: 5%{?dist} +License: OpenLDAP +Group: System Environment/Libraries +URL: http://www.openldap.org/ + +Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version}.tgz + +Patch0: openldap-ldaprc.patch +Patch1: openldap-gethostbyXXXX_r.patch +Patch2: openldap-setugid.patch +Patch3: openldap-config-sasl-options.patch +Patch4: openldap-network-timeout.patch +Patch5: openldap-chase-referral.patch +Patch6: openldap-tls-null-char.patch +Patch7: openldap-compat-macros.patch +Patch8: openldap-ai-addrconfig.patch + +BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) +BuildRequires: glibc-devel, cyrus-sasl-devel >= 2.1, openssl-devel +# require current OpenLDAP libraries to have /etc/openldap/ldap.conf +Requires: openldap >= 2.4 + +%description +OpenLDAP is an open source suite of LDAP (Lightweight Directory Access +Protocol) applications and development tools. The compat-openldap package +includes older versions of the OpenLDAP shared libraries which may be +required by some applications. + + +%prep +%setup -q -n openldap-%{version} + +for patch in %patches; do + %__patch -p1 -i $patch +done + + +%build + +export CFLAGS="%{optflags} -fPIC -D_GNU_SOURCE -D_REENTRANT -fno-strict-aliasing" + +%configure \ + --enable-debug \ + --enable-dynamic \ + --disable-syslog \ + --disable-proctitle \ + --enable-ipv6 \ + --enable-local \ + \ + --disable-slapd \ + --disable-slurpd \ + \ + --disable-modules \ + --disable-backends \ + --disable-overlays \ + \ + --disable-static \ + --enable-shared \ + \ + --with-cyrus-sasl \ + --without-fetch \ + --with-threads \ + --with-tls=openssl \ + --with-gnu-ld \ + --with-pic + +# get rid of rpath +sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool +sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool + +make %{?_smp_mflags} + + +%install +rm -rf %{buildroot} + +pushd libraries + make install DESTDIR=%{buildroot} + + # drop libarchive files + rm -f %{buildroot}%{_libdir}/*.la + + # two sets of libraries share the soname, compat is not default + rm -f %{buildroot}/%{_libdir}/*.so + + # fix permissions to correctly generate debuginfo + chmod 0755 %{buildroot}/%{_libdir}/* +popd + +# remove all configuration files +rm -rf %{buildroot}/etc + + +%clean +rm -rf %{buildroot} + +%post -p /sbin/ldconfig + +%postun -p /sbin/ldconfig + +%files +%defattr(-,root,root,-) +%doc ANNOUNCEMENT +%doc COPYRIGHT +%doc LICENSE +%attr(0755,root,root) %{_libdir}/liblber-2.3.so.* +%attr(0755,root,root) %{_libdir}/libldap-2.3.so.* +%attr(0755,root,root) %{_libdir}/libldap_r-2.3.so.* + + +%changelog +* Fri Jan 24 2014 Daniel Mach - 1:2.3.43-5 +- Mass rebuild 2014-01-24 + +* Fri Dec 27 2013 Daniel Mach - 1:2.3.43-4 +- Mass rebuild 2013-12-27 + +* Tue May 07 2013 Jan Synáček - 1:2.3.43-3.2 +- Remove undefined rpm macros (#960090) + +* Fri Apr 19 2013 Daniel Mach - 1:2.3.43-3.1 +- Rebuild for cyrus-sasl + +* Wed Aug 15 2012 Jan Vcelak 1:2.3.43-3 +- enhancement: build with hardening flags (RELRO) +- fix: querying for IPv6 DNS records when IPv6 is disabled on the host (#835013) +- drop unnecessary patches +- clean configure flags + +* Mon Nov 22 2010 Jan Vcelak 1:2.3.43-2 +- run ldconfig in post and postun +- remove rpath + +* Thu Nov 11 2010 Jan Vcelak 1:2.3.43-1 +- split from openldap package