rpms/openldap/F-12 openldap-2.4.19-tls-accept.patch, NONE, 1.1 .cvsignore, 1.48, 1.49 ldap.init, 1.34, 1.35 openldap.spec, 1.153, 1.154 sources, 1.50, 1.51
Jan Zeleny
jzeleny at fedoraproject.org
Wed Nov 18 15:33:17 UTC 2009
Author: jzeleny
Update of /cvs/extras/rpms/openldap/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv28902
Modified Files:
.cvsignore ldap.init openldap.spec sources
Added Files:
openldap-2.4.19-tls-accept.patch
Log Message:
- rebased openldap to 2.4.19 (bugfixing release)
- rebased bdb to 4.8.24
- fixed tls connection accepting when TLSVerifyClient = allow
- /etc/openldap/ldap.conf removed from files owned by openldap-servers
- minor changes in spec file to supress warnings
- some changes in init script, so it would be possible to use it when
using old configuration style
openldap-2.4.19-tls-accept.patch:
connection.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
--- NEW FILE openldap-2.4.19-tls-accept.patch ---
--- openldap-2.4.19/servers/slapd/connection.c.orig 2009-11-16 12:54:33.000000000 +0100
+++ openldap-2.4.19/servers/slapd/connection.c 2009-11-16 13:23:25.000000000 +0100
@@ -1376,6 +1376,11 @@ connection_read( ber_socket_t s, conn_re
c->c_connid, (int) s, c->c_tls_ssf, c->c_ssf, 0 );
slap_sasl_external( c, c->c_tls_ssf, &authid );
if ( authid.bv_val ) free( authid.bv_val );
+ } else if ( rc == 1 ) { /* need to retry */
+ slapd_set_read( s, 0 );
+ slapd_set_write( s, 1 );
+ connection_return( c );
+ return 0;
}
/* if success and data is ready, fall thru to data input loop */
@@ -1875,6 +1880,14 @@ int connection_write(ber_socket_t s)
return -1;
}
+#ifdef HAVE_TLS
+ if ( c->c_is_tls && c->c_needs_tls_accept ) {
+ connection_return( c );
+ connection_read_activate( s );
+ return 0;
+ }
+#endif
+
c->c_n_write++;
Debug( LDAP_DEBUG_TRACE,
Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/openldap/F-12/.cvsignore,v
retrieving revision 1.48
retrieving revision 1.49
diff -u -p -r1.48 -r1.49
--- .cvsignore 18 Sep 2009 10:01:45 -0000 1.48
+++ .cvsignore 18 Nov 2009 15:33:17 -0000 1.49
@@ -1,2 +1,2 @@
-openldap-2.4.18.tgz
-db-4.7.25.tar.gz
+openldap-2.4.19.tgz
+db-4.8.24.tar.gz
Index: ldap.init
===================================================================
RCS file: /cvs/extras/rpms/openldap/F-12/ldap.init,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -p -r1.34 -r1.35
--- ldap.init 24 Sep 2009 11:30:24 -0000 1.34
+++ ldap.init 18 Nov 2009 15:33:17 -0000 1.35
@@ -43,6 +43,7 @@ slapd=/usr/sbin/slapd
slaptest=/usr/sbin/slaptest
lockfile=/var/lock/subsys/slapd
configdir=/etc/openldap/slapd.d/
+configfile=/etc/openldap/slapd.conf
pidfile=/var/run/slapd.pid
slapd_pidfile=/var/run/openldap/slapd.pid
@@ -104,7 +105,6 @@ function checkkeytab() {
function configtest() {
local user= ldapuid= dbdir= file=
- [ -d $configdir ] || exit 6
# Check for simple-but-common errors.
user=ldap
prog=`basename ${slapd}`
@@ -112,11 +112,20 @@ function configtest() {
# Unaccessible database files.
slaptestflags=""
dbdirs=""
- for configfile in `ls -1 $configdir/cn\=config/olcDatabase*`; do
- dbdirs=$dbdirs"
- "`LANG=C egrep '^olcDbDirectory[[:space:]]*:[[:space:]]+[[:print:]]+$' $configfile | sed 's,^olcDbDirectory: ,,'`
- done
+ if [ -d $configdir ]; then
+ for configfile in `ls -1 $configdir/cn\=config/olcDatabase*`; do
+ dbdirs=$dbdirs"
+ "`LANG=C egrep '^olcDbDirectory[[:space:]]*:[[:space:]]+[[:print:]]+$' $configfile | sed 's,^olcDbDirectory: ,,'`
+ done
+ elif [ -f $configfile ]; then
+ dbdirs=`LANG=C egrep '^directory[[:space:]]+' $configfile | sed 's,^directory[[:space:]]*,,'`
+ else
+ exit 6
+ fi
for dbdir in $dbdirs; do
+ if [ ! -d $dbdir ]; then
+ exit 6
+ fi
for file in `find ${dbdir}/ -not -uid $ldapuid -and \( -name "*.dbb" -or -name "*.gdbm" -or -name "*.bdb" -or -name "__db.*" -or -name "log.*" -or -name alock \)` ; do
echo -n $"$file is not owned by \"$user\"" ; warning ; echo
done
@@ -134,7 +143,11 @@ function configtest() {
echo -n $"$file is not readable by \"$user\"" ; warning ; echo
fi
# Unaccessible TLS configuration files.
- tlsconfigs=`LANG=C egrep '^olc(TLSCACertificateFile|TLSCertificateFile|TLSCertificateKeyFile)[[:space:]]*:[[:space:]]' $configdir/cn\=config.ldif | awk '{print $2}'`
+ if [ -d $configdir ]; then
+ tlsconfigs=`LANG=C egrep '^olc(TLSCACertificateFile|TLSCertificateFile|TLSCertificateKeyFile)[[:space:]]*:[[:space:]]' $configdir/cn\=config.ldif | awk '{print $2}'`
+ elif [ -f $configfile ]; then
+ tlsconfigs=`LANG=C egrep '^(TLSCACertificateFile|TLSCertificateFile|TLSCertificateKeyFile)[[:space:]]+' $configfile | awk '{print $2}'`
+ fi
for file in $tlsconfigs ; do
if ! testasuser $user -r $file ; then
echo -n $"$file is not readable by \"$user\"" ; warning ; echo
@@ -218,24 +231,39 @@ case "$1" in
configtest
;;
start)
- start
+ msg=`status -p $pidfile ${slapd} > /dev/null 2>&1`
RETVAL=$?
+ if [ "$RETVAL" = "0" ]; then
+ echo $msg
+ RETVAL=1
+ else
+ start
+ RETVAL=$?
+ fi
;;
stop)
- stop
+ msg=`status -p $pidfile ${slapd} > /dev/null 2>&1`
RETVAL=$?
+ if [ "$RETVAL" != "0" ]; then
+ echo $msg
+ RETVAL=7
+ else
+ stop
+ RETVAL=$?
+ fi
;;
status)
status -p $pidfile ${slapd}
RETVAL=$?
;;
restart|force-reload)
+ status -p $pidfile ${slapd} > /dev/null 2>&1 || exit 7
stop
start
RETVAL=$?
;;
condrestart|try-restart)
- status -p $pidfile ${slapd} || exit 0
+ status -p $pidfile ${slapd} > /dev/null 2>&1 || exit 0
stop
start
;;
Index: openldap.spec
===================================================================
RCS file: /cvs/extras/rpms/openldap/F-12/openldap.spec,v
retrieving revision 1.153
retrieving revision 1.154
diff -u -p -r1.153 -r1.154
--- openldap.spec 7 Oct 2009 13:04:36 -0000 1.153
+++ openldap.spec 18 Nov 2009 15:33:17 -0000 1.154
@@ -1,9 +1,9 @@
# We distribute own version of Berkeley DB to prevent
# problems on db4.rpm upgrade - some versions of db4 do
# not work with some versions of OpenLDAP.
-%define db_version 4.7.25
+%define db_version 4.8.24
%define ldbm_backend berkeley
-%define version 2.4.18
+%define version 2.4.19
%define evolution_connector_prefix %{_libdir}/evolution-openldap
%define evolution_connector_includedir %{evolution_connector_prefix}/include
%define evolution_connector_libdir %{evolution_connector_prefix}/%{_lib}
@@ -11,7 +11,7 @@
Summary: LDAP support libraries
Name: openldap
Version: %{version}
-Release: 5%{?dist}
+Release: 1%{?dist}
License: OpenLDAP
Group: System Environment/Daemons
Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version}.tgz
@@ -35,16 +35,11 @@ Patch6: openldap-2.3.19-gethostbyXXXX_r.
Patch9: openldap-2.3.37-smbk5pwd.patch
Patch10: openldap-2.4.6-multilib.patch
Patch11: openldap-2.4.16-doc-cacertdir.patch
-Patch12: openldap-2.4.18-ldif-buf-overflow.patch
+Patch12: openldap-2.4.19-tls-accept.patch
# Patches for the evolution library
Patch200: openldap-2.4.6-evolution-ntlm.patch
-# Patches for db4 library
-Patch400: patch.4.7.25.1
-Patch401: patch.4.7.25.2
-Patch402: patch.4.7.25.3
-
URL: http://www.openldap.org/
BuildRoot: %{_tmppath}/%{name}-%{version}-root
BuildRequires: cyrus-sasl-devel >= 2.1, gdbm-devel, libtool >= 1.5.6-2, krb5-devel
@@ -125,12 +120,6 @@ programs needed for accessing and modify
%prep
%setup -q -c -a 1
-pushd db-%{db_version}
-%patch400 -p0 -b .patch1
-%patch401 -p0 -b .patch2
-%patch402 -p0 -b .patch3
-popd
-
pushd openldap-%{version}
%patch0 -p1 -b .config
%patch1 -p1 -b .ldaprc
@@ -142,7 +131,7 @@ pushd openldap-%{version}
%patch9 -p1 -b .smbk5pwd
%patch10 -p1 -b .multilib
%patch11 -p1 -b .cacertdir
-%patch12 -p1 -b .malloc
+%patch12 -p1 -b .tls-accept
cp %{_datadir}/libtool/config/config.{sub,guess} build/
popd
@@ -503,7 +492,7 @@ if [ -f /var/lib/ldap/need_db_upgrade ];
fi
if [ ! -f %{_sysconfdir}/pki/tls/certs/slapd.pem ] ; then
-pushd %{_sysconfdir}/pki/tls/certs
+pushd %{_sysconfdir}/pki/tls/certs > /dev/null 2>&1
umask 077
cat << EOF | make slapd.pem > /dev/null 2>&1
--
@@ -599,7 +588,6 @@ fi
%doc README.schema
%ghost %config(noreplace) %{_sysconfdir}/pki/tls/certs/slapd.pem
%attr(0755,root,root) %{_sysconfdir}/rc.d/init.d/slapd
-%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/openldap/ldap*.conf
%attr(0640,root,ldap) %config(noreplace,missingok) %{_sysconfdir}/openldap/slapd.conf
%attr(0640,root,ldap) %ghost %{_sysconfdir}/openldap/slapd.conf.bak
%attr(0640,ldap,ldap) %ghost %{_sysconfdir}/openldap/slapd.d
@@ -645,6 +633,15 @@ fi
%attr(0644,root,root) %{evolution_connector_libdir}/*.a
%changelog
+* Wed Nov 18 2009 Jan Zeleny <jzeleny at redhat.com> - 2.4.19-1
+- fixed tls connection accepting when TLSVerifyClient = allow
+- /etc/openldap/ldap.conf removed from files owned by openldap-servers
+- minor changes in spec file to supress warnings
+- some changes in init script, so it would be possible to use it when
+ using old configuration style
+- rebased openldap to 2.4.19
+- rebased bdb to 4.8.24
+
* Wed Oct 07 2009 Jan Zeleny <jzeleny at redhat.com> 2.4.18-5
- updated smbk5pwd patch to be linked with libldap (#526500)
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/openldap/F-12/sources,v
retrieving revision 1.50
retrieving revision 1.51
diff -u -p -r1.50 -r1.51
--- sources 18 Sep 2009 10:01:45 -0000 1.50
+++ sources 18 Nov 2009 15:33:17 -0000 1.51
@@ -1,2 +1,2 @@
-fecd7a64b6d9a0eb79b817d2562956ed openldap-2.4.18.tgz
-ec2b87e833779681a0c3a814aa71359e db-4.7.25.tar.gz
+4a6dab2711fcf141f19bb680bc335887 openldap-2.4.19.tgz
+147afdecf438ff99ade105a5272db158 db-4.8.24.tar.gz
More information about the fedora-extras-commits
mailing list