From 60da8848a15b169f1fe56dd8810fca3dfe4070d4 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Nov 01 2019 17:33:08 +0000 Subject: import perl-LDAP-0.56-6.el7 --- diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..d34d5ae --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/perl-ldap-0.56.tar.gz diff --git a/.perl-LDAP.metadata b/.perl-LDAP.metadata new file mode 100644 index 0000000..745a4b3 --- /dev/null +++ b/.perl-LDAP.metadata @@ -0,0 +1 @@ +e0883ca33902e88db1b01d68d22268b521b789d7 SOURCES/perl-ldap-0.56.tar.gz diff --git a/SOURCES/perl-ldap-0.56-Do-not-set-SSL_ciphers-to-ALL-by-default.patch b/SOURCES/perl-ldap-0.56-Do-not-set-SSL_ciphers-to-ALL-by-default.patch new file mode 100644 index 0000000..9abdebd --- /dev/null +++ b/SOURCES/perl-ldap-0.56-Do-not-set-SSL_ciphers-to-ALL-by-default.patch @@ -0,0 +1,60 @@ +From 9a0188335ea83a5e0078d21624e8bb134ef21687 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= +Date: Thu, 24 Apr 2014 15:51:01 +0200 +Subject: [PATCH 1/2] Do not set SSL_ciphers to ALL by default +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +'ALL' cipher list is not the same as OpenSSL default. The 'ALL' +contains more ciphers. Some of them are too weak, some of them +prevents from using SSLv3 protocol. Then used SSLv2 protocol does not +support elliptic curve parameter negotion which can cause +interoperability issues when server picks a curve not supported by the +client. + +IO-Socket-SSL-1.955 supports special value '' (empty string) to +designed the OpenSSL default. However older IO-Socket-SSL recommends +not to set the option at all. + +Thus this patch sets SSL_ciphers only if Net::LDAP application passes +the ciphers option. + +Signed-off-by: Petr Písař +--- + lib/Net/LDAP.pm | 3 ++- + lib/Net/LDAP.pod | 4 ++-- + 2 files changed, 4 insertions(+), 3 deletions(-) + +diff --git a/lib/Net/LDAP.pm b/lib/Net/LDAP.pm +index 03eb23f..99d227a 100644 +--- a/lib/Net/LDAP.pm ++++ b/lib/Net/LDAP.pm +@@ -243,7 +243,8 @@ sub _SSL_context_init_args { + } + + ( +- SSL_cipher_list => defined $arg->{ciphers} ? $arg->{ciphers} : 'ALL', ++ defined $arg->{ciphers} ? ++ ( SSL_cipher_list => defined $arg->{ciphers}) : (), + SSL_ca_file => exists $arg->{cafile} ? $arg->{cafile} : '', + SSL_ca_path => exists $arg->{capath} ? $arg->{capath} : '', + SSL_key_file => $clientcert ? $clientkey : undef, +diff --git a/lib/Net/LDAP.pod b/lib/Net/LDAP.pod +index 77a8400..c35508a 100644 +--- a/lib/Net/LDAP.pod ++++ b/lib/Net/LDAP.pod +@@ -779,8 +779,8 @@ B<'tlsv1'>. + + Specify which subset of cipher suites are permissible for this + connection, using the standard OpenSSL string format. The default +-value is B<'ALL'>, which permits all ciphers, even those that don't +-encrypt. ++behavior is to keep the decision on the underlying cryptographic ++library. + + =item clientcert =E '/path/to/cert.pem' + +-- +1.9.3 + diff --git a/SOURCES/perl-ldap-0.56-Fix-typos-in-man-pages.patch b/SOURCES/perl-ldap-0.56-Fix-typos-in-man-pages.patch new file mode 100644 index 0000000..a3c9ff9 --- /dev/null +++ b/SOURCES/perl-ldap-0.56-Fix-typos-in-man-pages.patch @@ -0,0 +1,289 @@ +--- a/lib/Net/LDAP/Entry.pod.bak 2015-11-30 11:27:26.531618113 +0100 ++++ b/lib/Net/LDAP/Entry.pod 2015-11-30 11:59:58.171801455 +0100 +@@ -300,7 +300,7 @@ + + B: In the interest of performance the array references returned + by C are references to structures held inside the entry +-object. These values and thier contents should B be modified ++object. These values and their contents should B be modified + directly. + + =item replace ( ATTR =E VALUE, ... ) +--- a/lib/Net/LDAP/Examples.pod.bak 2015-11-30 11:27:26.531618113 +0100 ++++ b/lib/Net/LDAP/Examples.pod 2015-11-30 12:00:46.011901949 +0100 +@@ -15,7 +15,7 @@ + specifics, e.g. Distinguished Name Syntax, related to the user's + own implementation. + +-The Itandard Iperating I

roceedure that is followed here is: ++The Itandard Iperating I

rocedure that is followed here is: + + =over 8 + +@@ -262,7 +262,7 @@ + my @AddArray; + + push @AddArray, 'cn', "me myself"; +- push @ReplaceArray, 'sn', '!@#$%^&*()__+Hello THere'; ++ push @ReplaceArray, 'sn', '!@#$%^&*()__+Hello There'; + push @ReplaceArray, 'cn', "me myself I"; + push @DeleteArray, 'cn', "me myself"; + +--- a/lib/Net/LDAP/FAQ.pod.bak 2015-11-30 11:27:26.531618113 +0100 ++++ b/lib/Net/LDAP/FAQ.pod 2015-11-30 12:05:21.216242185 +0100 +@@ -96,8 +96,8 @@ + + =item Git - fork on GitHub + +-If you have an account on Github (there's a free variant), you can easily +-fork the perl-ldap respository on GitHub. ++If you have an account on GitHub (there's a free variant), you can easily ++fork the perl-ldap repository on GitHub. + When logged on to GitHub, navigate to the perl-ldap repository + + https://github.com/perl-ldap/perl-ldap +@@ -107,7 +107,7 @@ + =item Git - clone repository + + You can download latest development version of perl-ldap from +-GitHub by cloning the repsoitory using the command: ++GitHub by cloning the repository using the command: + + git clone https://github.com/perl-ldap/perl-ldap.git + +@@ -297,7 +297,7 @@ + RDN => dc=com + + RDNs can contain multiple attributes, though this is somewhat +-ususual. They are called multi-AVA RDNs, and each AVA is separated in ++unusual. They are called multi-AVA RDNs, and each AVA is separated in + the RDN from the others with a plus sign (+). + + Example of a DN with a multi-AVA RDN: +@@ -586,7 +586,7 @@ + This optional module is required for JSON-formatted output of perl-ldap's + LWP::Protocol::ldap, LWP::Protocol::ldaps, or LWP::Protocol::ldapi modules. + +-If you need it, you can optain the latest releases from ++If you need it, you can obtain the latest releases from + http://search.cpan.org/search?module=JSON + + =item Time::Local +@@ -1186,7 +1186,7 @@ + In LDAPv3, this is defined to always work even if that attribute + doesn't exist in the entry. + +-ie: ++i.e.: + + my $mesg = $ldap->modify( $entry, replace => { %qv_del_arry } ); + +@@ -1417,7 +1417,7 @@ + $mysid = uc(unpack("H*",$sid)); + + $result = $exch->add ( dn => +- 'cn=user_name,cn=container,ou=site,o=organisation', ++ 'cn=user_name,cn=container,ou=site,o=organization', + attr => [ 'objectClass' => ['organizationalPerson'], + 'cn' => 'directory_name', + 'uid' => 'mail_nickname', +@@ -1523,7 +1523,7 @@ + When changing the password for the user bound to the directory + ADS expects it to be done by deleting the old password and + adding the new one. +-When doing it as a user with administrative priviledges replacing ++When doing it as a user with administrative privileges replacing + the unicodePwd's value with a new one is allowed too. + + Perl-ldap contains convenience methods for Active Directory that +@@ -1584,7 +1584,7 @@ + $ldaps = Net::LDAPS->new([ $ldapserverone, $ldapservertwo ], + port=>636, timeout=>5) or die "$@"; + +-For perl-ldap versions before 0.27, thes same goal can be achieved using: ++For perl-ldap versions before 0.27, the same goal can be achieved using: + + unless ( $ldaps = + Net::LDAPS->new($ldapserverone, +@@ -1745,7 +1745,7 @@ + Oracle Directory Server Enterprise Edition, formerly Sun One, formerly iPlanet. + http://www.oracle.com/technetwork/middleware/id-mgmt/index-085178.html + +-OptimalIDM - Virtual Identitity Server - .NET LDAP virtual directory ++OptimalIDM - Virtual Identity Server - .NET LDAP virtual directory + http://www.optimalidm.com/products/vis/Virtual-Directory-Server-VDS.aspx + + Quest One Quick Connect Virtual Directory Server - LDAP virtual directory +@@ -1764,7 +1764,7 @@ + A german LDAP Website + http://verzeichnisdienst.de/ldap/Perl/index.html + +-(non-exhaustive) list of LDAP software on wikipedia ++(non-exhaustive) list of LDAP software on Wikipedia + http://en.wikipedia.org/wiki/List_of_LDAP_software + + "RFC Sourcebook" on LDAP +--- a/lib/Net/LDAP/Filter.pod.bak 2015-11-30 11:27:26.532618115 +0100 ++++ b/lib/Net/LDAP/Filter.pod 2015-11-30 12:05:47.284397332 +0100 +@@ -105,7 +105,7 @@ + L, + L + +-=head1 ACKNOWLEDGEMENTS ++=head1 ACKNOWLEDGMENTS + + This document is based on a document originally written by Russell Fulton + Er.fulton@auckland.ac.nzE. +--- a/lib/Net/LDAP.pod.bak 2015-11-30 11:27:08.768578306 +0100 ++++ b/lib/Net/LDAP.pod 2015-11-30 11:27:08.768578306 +0100 +@@ -496,7 +496,7 @@ + Atomically increment the existing value in each given attribute by the + provided C. The attributes need to have integer syntax, or be + otherwise "incrementable". Note this will only work if the server +-advertizes support for LDAP_FEATURE_MODIFY_INCREMENT. Use ++advertises support for LDAP_FEATURE_MODIFY_INCREMENT. Use + L to check this. + + $mesg = $ldap->modify( $dn, +@@ -717,7 +717,7 @@ + as one expects even on strings with international characters. + + If this option is not given or the version of Perl Net::LDAP is running on +-is too old strings are encodeed the same as in earlier versions of perl-ldap. ++is too old strings are encoded the same as in earlier versions of perl-ldap. + + The value provided here overwrites the value inherited from the constructor. + +@@ -740,7 +740,7 @@ + Calling this method will convert the existing connection to using + Transport Layer Security (TLS), which provides an encrypted + connection. This is I possible if the connection uses LDAPv3, +-and requires that the server advertizes support for ++and requires that the server advertises support for + LDAP_EXTENSION_START_TLS. Use + L to check this. + +@@ -849,7 +849,7 @@ + + =item done ( ) + +-Convencience alias for C, named after the clean-up method ++Convenience alias for C, named after the clean-up method + of L. + + =back +@@ -1080,7 +1080,7 @@ + The homepage for the perl-ldap modules can be found at + http://ldap.perl.org/. + +-=head1 ACKNOWLEDGEMENTS ++=head1 ACKNOWLEDGMENTS + + This document is based on a document originally written by Russell Fulton + Er.fulton@auckland.ac.nzE. +--- a/lib/Net/LDAP/LDIF.pod.bak 2015-11-30 11:27:26.532618115 +0100 ++++ b/lib/Net/LDAP/LDIF.pod 2015-11-30 12:06:03.473488731 +0100 +@@ -136,7 +136,7 @@ + as one expects even on strings with international characters. + + If this option is not given or the version of Perl Net::LDAP is running on +-is too old strings are encodeed the same as in earlier versions of perl-ldap. ++is too old strings are encoded the same as in earlier versions of perl-ldap. + + Example: raw =E qr/(?i:^jpegPhoto|;binary)/ + +--- a/lib/Net/LDAP/Message.pod.bak 2015-11-30 11:27:26.532618115 +0100 ++++ b/lib/Net/LDAP/Message.pod 2015-11-30 12:06:10.645528088 +0100 +@@ -111,7 +111,7 @@ + L, + L + +-=head1 ACKNOWLEDGEMENTS ++=head1 ACKNOWLEDGMENTS + + This document is based on a document originally written by Russell + Fulton Er.fulton@auckland.ac.nzE. +--- a/lib/Net/LDAP/RFC.pod.bak 2015-11-30 11:27:26.532618115 +0100 ++++ b/lib/Net/LDAP/RFC.pod 2015-11-30 12:07:51.393017941 +0100 +@@ -642,7 +642,7 @@ + + The Internet is used for information exchange and communication + between its users. It can only be effective as such if users are able +-to find each other's addresses. Therefore the Internet benefits from ++to find each others addresses. Therefore the Internet benefits from + an adequate White Pages Service, i.e., a directory service offering + (Internet) address information related to people and organizations. + +--- a/lib/Net/LDAP/Schema.pod.bak 2015-11-30 11:27:26.532618115 +0100 ++++ b/lib/Net/LDAP/Schema.pod 2015-11-30 12:09:19.300370443 +0100 +@@ -32,7 +32,7 @@ + or raw oid (object identifier, in dotted numeric string form, e.g. 2.5.4.0) + may be supplied. + +-Each returned item of schema (eg an attribute definition) is returned ++Each returned item of schema (e.g. an attribute definition) is returned + in a HASH. The keys in the returned HASH are lowercased versions of + the keys read from the server. Here's a partial list (not all HASHes + define all keys) although note that RFC 4512 permits other keys as +@@ -159,7 +159,7 @@ + + =item attribute_syntax ( NAME ) + +-Given an attribute name, return the actual syntax taking into accountr ++Given an attribute name, return the actual syntax taking into account + attribute supertypes. + + =item matchingrule_for_attribute ( NAME, RULE ) +--- a/lib/Net/LDAP/Search.pod.bak 2015-11-30 11:27:26.532618115 +0100 ++++ b/lib/Net/LDAP/Search.pod 2015-11-30 12:09:30.515411574 +0100 +@@ -102,7 +102,7 @@ + L, + L + +-=head1 ACKNOWLEDGEMENTS ++=head1 ACKNOWLEDGMENTS + + This document is based on a document originally written by Russell + Fulton Er.fulton@auckland.ac.nzE. +--- a/lib/Net/LDAP/Security.pod.bak 2015-11-30 11:27:26.532618115 +0100 ++++ b/lib/Net/LDAP/Security.pod 2015-11-30 12:10:05.287534471 +0100 +@@ -130,7 +130,7 @@ + + You can only use TLS with an LDAPv3 server. That is because the + standard (RFC 4511) for LDAP and TLS requires that the I LDAP +-connection (ie., on port 389) can be switched on demand from plain text ++connection (i.e., on port 389) can be switched on demand from plain text + into a TLS connection. The switching mechanism uses a special extended + LDAP operation, and since these are not legal in LDAPv2, you can only + switch to TLS on an LDAPv3 connection. +@@ -151,18 +151,18 @@ + + The use of a mechanism like CRAM-MD5 provides a solution to the + password sniffing vulnerability, because these mechanisms typically do +-not require the user to send across a secret (eg., a password) in the ++not require the user to send across a secret (e.g., a password) in the + clear across the network. Instead, authentication is carried out in a + clever way which avoids this, and so prevents passwords from being + sniffed. + + B supports SASL using the B class. Currently the +-only B subclasses (ie., SASL mechanism) available are ++only B subclasses (i.e., SASL mechanism) available are + CRAM-MD5 and EXTERNAL. + + Some SASL mechanisms provide a general solution to the sniffing of all + data on the network vulnerability, as they can negotiate confidential +-(ie., encrypted) network connections. Note that this is over and above ++(i.e., encrypted) network connections. Note that this is over and above + any SSL or TLS encryption! Unfortunately, perl's B code + cannot negotiate this. + +@@ -172,7 +172,7 @@ + L, + L + +-=head1 ACKNOWLEDGEMENTS ++=head1 ACKNOWLEDGMENTS + + Jim Dutton Ejimd@dutton3.it.siu.eduE provided lots of useful feedback + on the early drafts. diff --git a/SOURCES/perl-ldap-0.56-LDAP.pm-do-not-set-default-sslversion-for-LDAPS.patch b/SOURCES/perl-ldap-0.56-LDAP.pm-do-not-set-default-sslversion-for-LDAPS.patch new file mode 100644 index 0000000..fef3e86 --- /dev/null +++ b/SOURCES/perl-ldap-0.56-LDAP.pm-do-not-set-default-sslversion-for-LDAPS.patch @@ -0,0 +1,61 @@ +From 22d4a8728799fd978c358c9b8f7726170f14a1e4 Mon Sep 17 00:00:00 2001 +From: Peter Marschall +Date: Sun, 23 Nov 2014 19:35:02 +0100 +Subject: [PATCH] LDAP.pm: do not set default sslversion for LDAPS +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Instead of setting a default sslversion for LDAPS, rely on the default +value used by IO::Socket::SSL. + +Petr Písař: Ported to 0.56. + +Signed-off-by: Petr Písař +--- + lib/Net/LDAP.pm | 4 ++-- + lib/Net/LDAP.pod | 6 +++--- + 2 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/lib/Net/LDAP.pm b/lib/Net/LDAP.pm +index fc5649a..5969785 100644 +--- a/lib/Net/LDAP.pm ++++ b/lib/Net/LDAP.pm +@@ -247,6 +247,8 @@ sub _SSL_context_init_args { + ( + defined $arg->{ciphers} ? + ( SSL_cipher_list => $arg->{ciphers} ) : (), ++ defined $arg->{sslversion} ? ++ ( SSL_version => $arg->{sslversion} ) : (), + SSL_ca_file => exists $arg->{cafile} ? $arg->{cafile} : '', + SSL_ca_path => exists $arg->{capath} ? $arg->{capath} : '', + SSL_key_file => $clientcert ? $clientkey : undef, +@@ -255,8 +257,6 @@ sub _SSL_context_init_args { + SSL_use_cert => $clientcert ? 1 : 0, + SSL_cert_file => $clientcert, + SSL_verify_mode => $verify, +- SSL_version => defined $arg->{sslversion} ? $arg->{sslversion} : +- 'sslv23', + %verifycn_ctx, + ); + } +diff --git a/lib/Net/LDAP.pod b/lib/Net/LDAP.pod +index 1a3bcca..06bab70 100644 +--- a/lib/Net/LDAP.pod ++++ b/lib/Net/LDAP.pod +@@ -186,9 +186,9 @@ B + $ldap = Net::LDAP->new( 'remote.host', async => 1 ); + + LDAPS connections have some extra valid options, see the +-L method for details. Note the default value for +-'sslversion' for LDAPS is 'sslv23', and the default port for LDAPS +-is 636. ++L method for details. Note the default port ++for LDAPS is 636, and the default value for 'sslversion' is the ++value used as default by L. + + For LDAPI connections, HOST is actually the location of a UNIX domain + socket to connect to. The default location is '/var/run/ldapi'. +-- +2.13.6 + diff --git a/SOURCES/perl-ldap-0.56-LDAP.pm-do-not-set-default-sslversion-for-start_tls.patch b/SOURCES/perl-ldap-0.56-LDAP.pm-do-not-set-default-sslversion-for-start_tls.patch new file mode 100644 index 0000000..686dd67 --- /dev/null +++ b/SOURCES/perl-ldap-0.56-LDAP.pm-do-not-set-default-sslversion-for-start_tls.patch @@ -0,0 +1,55 @@ +From 0edc4099455173649bf23ce25c20679c198287f7 Mon Sep 17 00:00:00 2001 +From: Peter Marschall +Date: Thu, 2 Apr 2015 14:20:50 +0200 +Subject: [PATCH] LDAP.pm: do not set default sslversion for start_tls +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Instead of setting a default sslversion for start_tls, rely on the default +value used by IO::Socket::SSL. +In addition, extend documentation slightly. + +Petr Písař: Ported to 0.56. + +Signed-off-by: Petr Písař +--- + lib/Net/LDAP.pm | 1 - + lib/Net/LDAP.pod | 8 +++++--- + 2 files changed, 5 insertions(+), 4 deletions(-) + +diff --git a/lib/Net/LDAP.pm b/lib/Net/LDAP.pm +index 5969785..afa3620 100644 +--- a/lib/Net/LDAP.pm ++++ b/lib/Net/LDAP.pm +@@ -1079,7 +1079,6 @@ sub start_tls { + + delete $ldap->{net_ldap_root_dse}; + +- $arg->{sslversion} = 'tlsv1' unless defined $arg->{sslversion}; + $arg->{sslserver} = $ldap->{net_ldap_host} unless defined $arg->{sslserver}; + + my $sock_class = ref($sock); +diff --git a/lib/Net/LDAP.pod b/lib/Net/LDAP.pod +index 06bab70..c819e24 100644 +--- a/lib/Net/LDAP.pod ++++ b/lib/Net/LDAP.pod +@@ -770,10 +770,12 @@ The server must provide a certificate, and it must be valid. + If you set verify to optional or require, you must also set either + cafile or capath. The most secure option is B. + +-=item sslversion =E 'sslv2' | 'sslv3' | 'sslv23' | 'tlsv1' ++=item sslversion =E 'sslv2' | 'sslv3' | 'sslv23' | 'tlsv1' | 'tlsv1_1' | 'tlsv1_2' + +-This defines the version of the SSL/TLS protocol to use. Defaults to +-B<'tlsv1'>. ++This defines the version of the SSL/TLS protocol to use. ++Default is to use the value that L uses as default. ++ ++See L for more details. + + =item ciphers =E CIPHERS + +-- +2.13.6 + diff --git a/SOURCES/perl-ldap-0.56-LDAP.pm-set-SSL_cipher_list-to-correct-value.patch b/SOURCES/perl-ldap-0.56-LDAP.pm-set-SSL_cipher_list-to-correct-value.patch new file mode 100644 index 0000000..27b4198 --- /dev/null +++ b/SOURCES/perl-ldap-0.56-LDAP.pm-set-SSL_cipher_list-to-correct-value.patch @@ -0,0 +1,34 @@ +From ce1c5f1d136c637544a434323ddb5afc27b29449 Mon Sep 17 00:00:00 2001 +From: Peter Marschall +Date: Tue, 17 Jun 2014 19:32:28 +0200 +Subject: [PATCH 2/2] LDAP.pm: set SSL_cipher_list to correct value +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Fix commit 11fe2a9 which contains a superfluous defined and thus +set SSL_cipher_list to true instead of the value of the ciphers arg. + +Thanks to THOMAS GUEVIN for reporting the bug. + +Signed-off-by: Petr Písař +--- + lib/Net/LDAP.pm | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/Net/LDAP.pm b/lib/Net/LDAP.pm +index 99d227a..2f873ad 100644 +--- a/lib/Net/LDAP.pm ++++ b/lib/Net/LDAP.pm +@@ -244,7 +244,7 @@ sub _SSL_context_init_args { + + ( + defined $arg->{ciphers} ? +- ( SSL_cipher_list => defined $arg->{ciphers}) : (), ++ ( SSL_cipher_list => $arg->{ciphers} ) : (), + SSL_ca_file => exists $arg->{cafile} ? $arg->{cafile} : '', + SSL_ca_path => exists $arg->{capath} ? $arg->{capath} : '', + SSL_key_file => $clientcert ? $clientkey : undef, +-- +1.9.3 + diff --git a/SOURCES/perl-ldap-0.56-Make-LDAP-work-after-LDAP-start_tls.patch b/SOURCES/perl-ldap-0.56-Make-LDAP-work-after-LDAP-start_tls.patch new file mode 100644 index 0000000..75a9831 --- /dev/null +++ b/SOURCES/perl-ldap-0.56-Make-LDAP-work-after-LDAP-start_tls.patch @@ -0,0 +1,44 @@ +From be16775bdacfe19ee0af38bd157272e137581640 Mon Sep 17 00:00:00 2001 +From: Peter Marschall +Date: Sat, 14 Dec 2013 15:17:46 +0100 +Subject: [PATCH] RT#90459: LDAP.pm: make LDAPS work after LDAP+start_tls + +Stop setting global SSL settings via IO::Socket::SSL::context_init() +in Net::LDAP::start_tls(). +According to Steffen Ullrich, the IO::Socket::SSL maintainer, setting +the global SSL settings is not necessary. + +While looking at it, Steffen found that connect_ldaps() does not make sure +the 'sslserver' argument is set to allow checking for the correct host name. +Fix this as well. + +Thanks to Klara Mall for reporting the bug and to Steffen Ullrich for +the patch ideas. +--- + lib/Net/LDAP.pm | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/lib/Net/LDAP.pm b/lib/Net/LDAP.pm +index 7ddd26a..2ee6898 100644 +--- a/lib/Net/LDAP.pm ++++ b/lib/Net/LDAP.pm +@@ -186,6 +186,8 @@ sub connect_ldaps { + # separate port from host overwriting given/default port + $host =~ s/^([^:]+|\[.*\]):(\d+)$/$1/ and $port = $2; + ++ $arg->{sslserver} = $host unless defined $arg->{sslserver}; ++ + $ldap->{net_ldap_socket} = IO::Socket::SSL->new( + PeerAddr => $host, + PeerPort => $port, +@@ -1080,7 +1082,6 @@ sub start_tls { + $arg->{sslversion} = 'tlsv1' unless defined $arg->{sslversion}; + $arg->{sslserver} = $ldap->{net_ldap_host} unless defined $arg->{sslserver}; + +- IO::Socket::SSL::context_init( { _SSL_context_init_args($arg) } ); + my $sock_class = ref($sock); + + return $mesg +-- +2.1.0 + diff --git a/SOURCES/perl-ldap-0.56-RT-96203-LDAP.pm-use-correct-length-for-syswrite.patch b/SOURCES/perl-ldap-0.56-RT-96203-LDAP.pm-use-correct-length-for-syswrite.patch new file mode 100644 index 0000000..1a4421b --- /dev/null +++ b/SOURCES/perl-ldap-0.56-RT-96203-LDAP.pm-use-correct-length-for-syswrite.patch @@ -0,0 +1,40 @@ +From 93a1f2fd26cfef95c22530be07ca0e211f7e44d0 Mon Sep 17 00:00:00 2001 +From: Peter Marschall +Date: Sat, 7 Jun 2014 15:38:36 +0200 +Subject: [PATCH] RT#96203: LDAP.pm: use correct length for syswrite +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Use correct length of bytes to write with syswrite() instead of default 15000 +in _sendmesg(). + +According to the bug reporter, it may cause error in case that the function +WRITE was redefined (e.g. Authen-SASL RT#85294) and did not handle this case +properly. + +It should not change anything in Net::LDAP but help other modules not covering +all WRITE cases. + +Signed-off-by: Petr Písař +--- + lib/Net/LDAP.pm | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/lib/Net/LDAP.pm b/lib/Net/LDAP.pm +index 2f873ad..6505276 100644 +--- a/lib/Net/LDAP.pm ++++ b/lib/Net/LDAP.pm +@@ -842,7 +842,8 @@ sub _sendmesg { + my $to_send = \( $mesg->pdu ); + my $offset = 0; + while ($offset < length($$to_send)) { +- my $n = syswrite($socket, substr($$to_send, $offset, 15000), 15000) ++ my $s = substr($$to_send, $offset, 15000); ++ my $n = syswrite($socket, $s, length($s)) + or return _error($ldap, $mesg, LDAP_LOCAL_ERROR, "$!"); + $offset += $n; + } +-- +1.9.3 + diff --git a/SPECS/perl-LDAP.spec b/SPECS/perl-LDAP.spec new file mode 100644 index 0000000..d8a10a7 --- /dev/null +++ b/SPECS/perl-LDAP.spec @@ -0,0 +1,263 @@ +Name: perl-LDAP +Version: 0.56 +Release: 6%{?dist} +Epoch: 1 +Summary: LDAP Perl module +Group: Development/Libraries +License: GPL+ or Artistic +URL: http://search.cpan.org/dist/perl-ldap/ +Source0: http://www.cpan.org/authors/id/M/MA/MARSCHAP/perl-ldap-%{version}.tar.gz +# Do not set SSL ciphers at all by default, bug #1091316, CPAN RT#95001, +# in upstream 0.63 +Patch0: perl-ldap-0.56-Do-not-set-SSL_ciphers-to-ALL-by-default.patch +# Correct Do-not-set-SSL_ciphers-to-ALL-by-default patch, bug #1091316, +# in upstream 0.64 +Patch1: perl-ldap-0.56-LDAP.pm-set-SSL_cipher_list-to-correct-value.patch +# Pass actual length to syswrite() instead of default 1500 B, bug #1104243, +# CPAN RT#96203, in upstream 0.64 +Patch2: perl-ldap-0.56-RT-96203-LDAP.pm-use-correct-length-for-syswrite.patch +# Make LDAPS work after LDAP+start_tls, bug #1210032 +Patch3: perl-ldap-0.56-Make-LDAP-work-after-LDAP-start_tls.patch +# Fix typo in man pages, bug #1286921 +Patch4: perl-ldap-0.56-Fix-typos-in-man-pages.patch +# 1/2 Do not set default SSL version, bug #1520364, fixed in 0.65 +Patch5: perl-ldap-0.56-LDAP.pm-do-not-set-default-sslversion-for-LDAPS.patch +# 2/2 Do not set default SSL version, bug #1520364, fixed in 0.65 +Patch6: perl-ldap-0.56-LDAP.pm-do-not-set-default-sslversion-for-start_tls.patch +BuildArch: noarch +BuildRequires: perl +BuildRequires: perl(inc::Module::Install) +# Run-time: +# Not needed for tests perl(Authen::SASL) >= 2.00 +BuildRequires: perl(base) +BuildRequires: perl(Carp) +BuildRequires: perl(constant) +BuildRequires: perl(Convert::ASN1) >= 0.2 +BuildRequires: perl(Encode) +BuildRequires: perl(Exporter) +BuildRequires: perl(File::Basename) +# Not needed for tests perl(HTTP::Negotiate) +# Not needed for tests perl(HTTP::Response) +# Not needed for tests perl(HTTP::Status) +BuildRequires: perl(integer) +BuildRequires: perl(IO::Select) +BuildRequires: perl(IO::Socket) +# Not needed for tests perl(IO::Socket::SSL) >= 1.26 +# Not needed for tests perl(JSON) +# Not needed for tests perl(LWP::MediaTypes) +# Not needed for tests perl(LWP::Protocol) +# Not needed for tests perl(MIME::Base64) +BuildRequires: perl(Socket) +BuildRequires: perl(strict) +# Prefer core Text::Soundex +BuildRequires: perl(Text::Soundex) +BuildRequires: perl(Tie::Hash) +BuildRequires: perl(Time::Local) +BuildRequires: perl(XML::SAX::Base) +BuildRequires: perl(XML::SAX::Writer) +# Optional: +# Not needed for tests perl(IO::Socket::INET6) +# Tests: +BuildRequires: perl(File::Compare) +BuildRequires: perl(File::Path) +BuildRequires: perl(File::Spec) +BuildRequires: perl(IO::File) +BuildRequires: perl(Test::More) +Requires: perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version)) +Requires: perl(Authen::SASL) >= 2.00 +Requires: perl(Convert::ASN1) >= 0.2 +Requires: perl(IO::Socket::SSL) >= 1.26 +Requires: perl(JSON) +Requires: perl(MIME::Base64) +# Prefer core Text::Soundex +Requires: perl(Text::Soundex) +Requires: perl(Time::Local) +Requires: perl(XML::SAX::Writer) + +# Remove under-specified dependencies +%global __provides_exclude %{?__provides_exclude:%__provides_exclude|}^perl\\(Net::LDAP::Filter\\)$ +%global __requires_exclude %{?__requires_exclude:%__requires_exclude|}^perl\\(Convert::ASN1\\)$ + +%description +Net::LDAP is a collection of modules that implements an LDAP services API +for Perl programs. The module may be used to search directories or perform +maintenance functions such as adding, deleting or modifying entries. + +%prep +%setup -q -n perl-ldap-%{version} +%patch0 -p1 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +chmod -c 644 bin/* contrib/* lib/Net/LDAP/DSML.pm +perl -pi -e 's|^#!/usr/local/bin/perl\b|#!%{__perl}|' contrib/* +# Remove bundled libraries +rm -rf inc +sed -i -e '/^inc\// d' MANIFEST +find -type f -exec chmod -x {} + + +%build +perl Makefile.PL INSTALLDIRS=vendor < /dev/null +make %{?_smp_mflags} + +%install +make pure_install DESTDIR=%{buildroot} +find %{buildroot} -type f -name .packlist -exec rm -f {} + +chmod -R u+w %{buildroot}/* + +%check +make test + +%files +%doc Changes CREDITS +%doc contrib/ bin/ +%{perl_vendorlib}/Bundle/ +%{perl_vendorlib}/LWP/ +%{perl_vendorlib}/Net/ +%{_mandir}/man3/*.3pm* + +%changelog +* Mon Dec 04 2017 Petr Pisar - 1:0.56-6 +- Do not set default SSL version (bug #1520364) + +* Mon Mar 07 2016 Jitka Plesnikova - 1:0.56-5 +- Update patch to cleanup patch leftover + +* Fri Mar 04 2016 Jitka Plesnikova - 1:0.56-4 +- Make LDAPS work after LDAP+start_tls (bug #1210032) +- Fix typo in man pages (bug #1286921) + +* Wed Aug 06 2014 Petr Pisar - 1:0.56-3 +- Do not set SSL ciphers at all by default (bug #1091316) +- Pass actual length to syswrite() instead of default 1500 B (bug #1104243) + +* Fri Dec 27 2013 Daniel Mach - 1:0.56-2 +- Mass rebuild 2013-12-27 + +* Wed Aug 07 2013 Petr Šabata - 1:0.56-1.1 +- Add a few missing BRs + +* Mon Jun 10 2013 Jitka Plesnikova - 1:0.56-1 +- 0.56 bump + +* Wed Apr 24 2013 Jitka Plesnikova - 1:0.55-1 +- 0.55 bump + +* Wed Apr 03 2013 Petr Pisar - 1:0.54-1 +- 0.54 bump + +* Mon Jan 28 2013 Petr Šabata - 1:0.53-1 +- 0.53 enhancement update + +* Thu Jan 03 2013 Jitka Plesnikova - 1:0.52-1 +- 0.52 bump + +* Mon Dec 03 2012 Jitka Plesnikova - 1:0.51-1 +- 0.51 bump + +* Mon Nov 26 2012 Petr Pisar - 1:0.50-1 +- 0.50 bump + +* Tue Nov 20 2012 Petr Šabata - 1:0.49-2 +- Add a few missing deps +- Drop command macros +- Modernize the spec + +* Mon Oct 08 2012 Petr Pisar - 1:0.49-1 +- 0.49 bump + +* Mon Sep 17 2012 Jitka Plesnikova - 1:0.47-1 +- 0.47 bump + +* Fri Sep 14 2012 Jitka Plesnikova - 1:0.46-1 +- 0.46 bump +- Should fix: RT#72108, RT#74572, RT#74759, RT#77180 +- Removed bundled libraries. Use perl(inc::Module::Install). + +* Fri Jul 20 2012 Fedora Release Engineering - 1:0.44-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Fri Jun 15 2012 Petr Pisar - 1:0.44-2 +- Perl 5.16 rebuild +- Specify all dependencies + +* Mon Feb 6 2012 Marcela Maslanova - 1:0.44-1 +- update which should fix RT#66753 +- clean specfile according to new guidelines + +* Fri Jan 13 2012 Fedora Release Engineering - 1:0.40-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Tue Jul 19 2011 Petr Sabata - 1:0.40-5 +- Perl mass rebuild + +* Tue Feb 08 2011 Fedora Release Engineering - 1:0.40-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Mon Dec 20 2010 Marcela Maslanova - 1:0.40-3 +- 661697 rebuild for fixing problems with vendorach/lib + +* Sun May 02 2010 Marcela Maslanova - 1:0.40-2 +- Mass rebuild with perl-5.12.0 + +* Mon Apr 12 2010 Marcela Mašláňová - 1:0.40-1 +- update + +* Mon Dec 7 2009 Stepan Kasal - 1:0.34-7 +- rebuild against perl 5.10.1 + +* Sun Jul 26 2009 Fedora Release Engineering - 1:0.34-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Thu Feb 26 2009 Fedora Release Engineering - 1:0.34-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Thu Mar 06 2008 Tom "spot" Callaway - 1:0.34-4 +- rebuild for new perl + +* Mon Apr 09 2007 Robin Norwood - 1:0.34-3 +- Resolves: bz#226267 +- Only filter out the unversioned Provides: perl(Net::LDAP::Filter) to + avoid breaking dependencies. + +* Thu Apr 05 2007 Robin Norwood - 1:0.34-2 +- Resolves: bz#226267 +- Filter out provides perl(Net::LDAP::Filter) per package review. + +* Tue Feb 13 2007 Robin Norwood - 1:0.34-1 +- New version: 0.34 + +* Wed Sep 27 2006 Robin Norwood - 1:0.33-3 +- Bugzilla: 207430 +- Incorporate fixes from Jose Oliveira's patch +- Add perl(IO::Socket::SSL) as a BuildRequires as well +- Other cleanups from Jose + +* Wed Sep 27 2006 Robin Norwood - 0.33-1.3 +- Add a requirement for IO::Socket::SSL, per bug #122066 + +* Wed Jul 12 2006 Jesse Keating - sh: line 0: fg: no job control +- rebuild + +* Fri Feb 03 2006 Jason Vas Dias - 0.33-1.2 +- rebuild for new perl-5.8.8 + +* Fri Dec 16 2005 Jesse Keating +- rebuilt for new gcc + +* Tue Apr 26 2005 Jose Pedro Oliveira - 0.33-1 +- Update to 0.33. + +* Sat Apr 02 2005 Jose Pedro Oliveira - 0.3202-1 +- Update to 0.3202. +- Specfile cleanup. (#153766) + +* Wed Sep 22 2004 Chip Turner 0.31-5 +- rebuild + +* Wed Mar 10 2004 Chip Turner - 0.31-1 +- Specfile autogenerated. +