From e4c99ed10b31167eaecbd34f77d667cd8ca22a15 Mon Sep 17 00:00:00 2001 From: "Robin H. Johnson" Date: Thu, 2 Dec 2004 04:54:33 +0000 Subject: Fix bugs #67080 (2.1.30-r4) and #71268 (init-script). --- net-nds/openldap/ChangeLog | 9 +- net-nds/openldap/Manifest | 5 +- net-nds/openldap/files/2.0/slapd | 4 +- net-nds/openldap/files/digest-openldap-2.1.30-r4 | 1 + ...nldap-2.1.30-tls-activedirectory-hang-fix.patch | 39 ++++ net-nds/openldap/openldap-2.1.30-r4.ebuild | 231 +++++++++++++++++++++ 6 files changed, 285 insertions(+), 4 deletions(-) create mode 100644 net-nds/openldap/files/digest-openldap-2.1.30-r4 create mode 100644 net-nds/openldap/files/openldap-2.1.30-tls-activedirectory-hang-fix.patch create mode 100644 net-nds/openldap/openldap-2.1.30-r4.ebuild (limited to 'net-nds') diff --git a/net-nds/openldap/ChangeLog b/net-nds/openldap/ChangeLog index d0d15197ffd4..b4840cf1ed8f 100644 --- a/net-nds/openldap/ChangeLog +++ b/net-nds/openldap/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for net-nds/openldap # Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/ChangeLog,v 1.91 2004/12/02 04:39:31 robbat2 Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/ChangeLog,v 1.92 2004/12/02 04:54:33 robbat2 Exp $ + +*openldap-2.1.30-r4 (01 Dec 2004) + + 01 Dec 2004; Robin H. Johnson + +files/openldap-2.1.30-tls-activedirectory-hang-fix.patch, + files/2.0/slapd, +openldap-2.1.30-r4.ebuild: + Fix bugs #67080 (2.1.30-r4) and #71268 (init-script). *openldap-2.2.19 (01 Dec 2004) diff --git a/net-nds/openldap/Manifest b/net-nds/openldap/Manifest index cebd8d90bcbf..70b2e1588fa4 100644 --- a/net-nds/openldap/Manifest +++ b/net-nds/openldap/Manifest @@ -1,6 +1,7 @@ MD5 e713e1190322c83f334f3044f698272e openldap-2.1.30-r3.ebuild 7189 MD5 fcf2498fd5a5126d7e735603e54e45fa openldap-2.1.27.ebuild 7057 MD5 456232c9bd2a5921a3e34f9cef26f67b openldap-2.1.30-r2.ebuild 7485 +MD5 40859b5d940af844c747771cb1e72a25 openldap-2.1.30-r4.ebuild 7257 MD5 534a92ecf8f0d7eae6f97d22d24ec4f1 openldap-2.2.19.ebuild 7797 MD5 d94f2359d8d95ddb1b4d2fd2bd490037 openldap-2.2.14.ebuild 7257 MD5 ba77f306a8d0cb13ba801e10323ca35e openldap-2.1.30.ebuild 7367 @@ -15,6 +16,8 @@ MD5 f829d2ebaab2e3e020a6b25522734331 files/digest-openldap-2.1.27-r1 65 MD5 6da89687536a5ec9a422938e997a8a04 files/digest-openldap-2.1.30-r1 65 MD5 6da89687536a5ec9a422938e997a8a04 files/digest-openldap-2.1.30-r2 65 MD5 6da89687536a5ec9a422938e997a8a04 files/digest-openldap-2.1.30-r3 65 +MD5 6da89687536a5ec9a422938e997a8a04 files/digest-openldap-2.1.30-r4 65 +MD5 1afdae6ce6fa709abed41ce45f41f5e8 files/openldap-2.1.30-tls-activedirectory-hang-fix.patch 1122 MD5 4c6ef684996786b3a7cc2dc15c4ae7a4 files/openldap-2.2.14-db40.patch 773 MD5 95a998755d69f0f30cb64b9cb8eeab15 files/openldap-2.2.14-perlthreadsfix.patch 614 MD5 ca2c43219df88502aafeab9db9eda4d5 files/openldap-2.1.27-perlthreadsfix.patch 967 @@ -25,6 +28,6 @@ MD5 27d2ee25b32bf4a429ae80149508ff34 files/digest-openldap-2.2.14 65 MD5 d1db1a9bf4afc66b26e33beef17f07f4 files/digest-openldap-2.2.19 65 MD5 b10517f0e7be829d47bb8096d86fb519 files/openldap-2.1.27-db40.patch 718 MD5 2e6d3f7cf49a1d85468befdff2bfc1d8 files/openldap-2.1.30-ximian_connector.patch 6435 -MD5 31d3482f03cf8661b7b6c870641d66fa files/2.0/slapd 574 +MD5 96a9198ad664be519920d68820290ac1 files/2.0/slapd 585 MD5 50257f7d6b63c8e9778b6407c7d2dddb files/2.0/slapd.conf 277 MD5 d68ba97d9f54b8455c1e2d93c352d24a files/2.0/slurpd 495 diff --git a/net-nds/openldap/files/2.0/slapd b/net-nds/openldap/files/2.0/slapd index bc14d0b51d4b..17427a94f256 100644 --- a/net-nds/openldap/files/2.0/slapd +++ b/net-nds/openldap/files/2.0/slapd @@ -1,7 +1,7 @@ #!/sbin/runscript # Copyright 1999-2004 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/files/2.0/slapd,v 1.6 2004/07/15 00:18:02 agriffis Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/files/2.0/slapd,v 1.7 2004/12/02 04:54:33 robbat2 Exp $ depend() { need net @@ -15,6 +15,6 @@ start() { stop() { ebegin "Stopping ldap-server" - start-stop-daemon --stop --quiet --pidfile /var/run/openldap/slapd.pid + start-stop-daemon --stop --signal 2 --quiet --pidfile /var/run/openldap/slapd.pid eend $? } diff --git a/net-nds/openldap/files/digest-openldap-2.1.30-r4 b/net-nds/openldap/files/digest-openldap-2.1.30-r4 new file mode 100644 index 000000000000..a6a4a08b05c0 --- /dev/null +++ b/net-nds/openldap/files/digest-openldap-2.1.30-r4 @@ -0,0 +1 @@ +MD5 e2ae8148c4bed07d7a70edd930bdc403 openldap-2.1.30.tgz 2044673 diff --git a/net-nds/openldap/files/openldap-2.1.30-tls-activedirectory-hang-fix.patch b/net-nds/openldap/files/openldap-2.1.30-tls-activedirectory-hang-fix.patch new file mode 100644 index 000000000000..57f6f08d465c --- /dev/null +++ b/net-nds/openldap/files/openldap-2.1.30-tls-activedirectory-hang-fix.patch @@ -0,0 +1,39 @@ +diff --recursive --context=3 openldap-2.1.30/libraries/libldap/result.c openldap-2.1.30.patched/libraries/libldap/result.c +*** openldap-2.1.30/libraries/libldap/result.c Fri Mar 26 22:34:27 2004 +--- openldap-2.1.30.patched/libraries/libldap/result.c Mon Oct 11 12:32:02 2004 +*************** +*** 297,302 **** +--- 297,303 ---- + if( (*result = chkResponseList(ld, msgid, all)) != NULL ) { + rc = (*result)->lm_msgtype; + } else { ++ int found_msg = 0; + + for ( lc = ld->ld_conns; lc != NULL; lc = nextlc ) { + nextlc = lc->lconn_next; +*************** +*** 304,314 **** + LBER_SB_OPT_DATA_READY, NULL ) ) { + rc = try_read1msg( ld, msgid, all, lc->lconn_sb, + &lc, result ); + break; + } + } + +! if ( lc == NULL ) { + rc = ldap_int_select( ld, tvp ); + + +--- 305,316 ---- + LBER_SB_OPT_DATA_READY, NULL ) ) { + rc = try_read1msg( ld, msgid, all, lc->lconn_sb, + &lc, result ); ++ found_msg = 1; + break; + } + } + +! if ( !found_msg ) { + rc = ldap_int_select( ld, tvp ); + + diff --git a/net-nds/openldap/openldap-2.1.30-r4.ebuild b/net-nds/openldap/openldap-2.1.30-r4.ebuild new file mode 100644 index 000000000000..1a62b292adf4 --- /dev/null +++ b/net-nds/openldap/openldap-2.1.30-r4.ebuild @@ -0,0 +1,231 @@ +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/openldap-2.1.30-r4.ebuild,v 1.1 2004/12/02 04:54:33 robbat2 Exp $ + +inherit eutils + +DESCRIPTION="LDAP suite of application and development tools" +HOMEPAGE="http://www.OpenLDAP.org/" +SRC_URI="mirror://openldap/openldap-release/${P}.tgz" + +LICENSE="OPENLDAP" +SLOT="0" +KEYWORDS="~x86 ~ppc ~sparc ~mips ~alpha ~arm ~amd64 ~s390 ~hppa ~ppc64" +IUSE="berkdb crypt debug gdbm ipv6 odbc perl readline samba sasl slp ssl tcpd" + +DEPEND=">=sys-libs/ncurses-5.1 + >=sys-apps/sed-4 + tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) + ssl? ( >=dev-libs/openssl-0.9.6 ) + readline? ( >=sys-libs/readline-4.1 ) + sasl? ( >=dev-libs/cyrus-sasl-2.1.7-r3 ) + odbc? ( dev-db/unixODBC ) + slp? ( >=net-libs/openslp-1.0 ) + perl? ( >=dev-lang/perl-5.6 ) + samba? ( >=dev-libs/openssl-0.9.6 )" + +# note that the 'samba' USE flag pulling in OpenSSL is NOT an error. OpenLDAP +# uses OpenSSL for LanMan/NTLM hashing (which is used in some enviroments, like +# mine at work)! +# Robin H. Johnson March 8, 2004 + +# if USE=berkdb +# pull in sys-libs/db +# else if USE=gdbm +# pull in sys-libs/gdbm +# else +# pull in sys-libs/db +DEPEND="${DEPEND} + berkdb? ( >=sys-libs/db-4.1.25_p1-r3 ) + !berkdb? ( + gdbm? ( >=sys-libs/gdbm-1.8.0 ) + !gdbm? ( >=sys-libs/db-4.1.25_p1-r3 ) + )" + +pkg_preinst() { + enewgroup ldap 439 + enewuser ldap 439 /dev/null /usr/lib/openldap ldap +} + +src_unpack() { + unpack ${A} + + # According to MDK, the link order needs to be changed so that + # on systems w/ MD5 passwords the system crypt library is used + # (the net result is that "passwd" can be used to change ldap passwords w/ + # proper pam support) + sed -ie 's/$(SECURITY_LIBS) $(LDIF_LIBS) $(LUTIL_LIBS)/$(LUTIL_LIBS) $(SECURITY_LIBS) $(LDIF_LIBS)/' \ + ${S}/servers/slapd/Makefile.in + + # Fix up DB-4.0 linking problem + # remember to autoconf! this expands configure by 500 lines (4 lines to m4 + # stuff). + epatch ${FILESDIR}/${PN}-2.1.30-db40.patch + epatch ${FILESDIR}/${PN}-2.1.30-tls-activedirectory-hang-fix.patch + + # supersedes old fix for bug #31202 + cd ${S} + epatch ${FILESDIR}/${PN}-2.1.27-perlthreadsfix.patch + + # fix up stuff for newer autoconf that simulates autoconf-2.13, but doesn't + # do it perfectly. + cd ${S}/build + ln -s shtool install + ln -s shtool install.sh + + # ximian connector 1.4.7 ntlm patch + cd ${S} + epatch ${FILESDIR}/${PN}-2.1.30-ximian_connector.patch + + # reconf for db40 fixes. + cd ${S} + WANT_AUTOCONF="2.1" autoconf +} + +src_compile() { + local myconf + + # enable debugging to syslog + use debug && myconf="${myconf} --enable-debug" + myconf="${myconf} --enable-syslog" + + # enable slapd/slurpd servers + myconf="${myconf} --enable-ldap" + myconf="${myconf} --enable-slapd --enable-slurpd" + + myconf="${myconf} `use_enable crypt`" + myconf="${myconf} `use_enable ipv6`" + myconf="${myconf} `use_with sasl cyrus-sasl` `use_enable sasl spasswd`" + myconf="${myconf} `use_with readline`" + myconf="${myconf} `use_with ssl tls` `use_with samba lmpasswd`" + myconf="${myconf} `use_enable tcpd wrappers`" + myconf="${myconf} `use_enable odbc sql`" + myconf="${myconf} `use_enable perl`" + myconf="${myconf} `use_enable slp`" + + myconf="${myconf} --enable-ldbm" + myconf_berkdb='--enable-bdb --with-ldbm-api=berkeley' + myconf_gdbm='--disable-bdb --with-ldbm-api=gdbm' + if use berkdb; then + einfo "Using Berkeley DB for local backend" + myconf="${myconf} ${myconf_berkdb}" + elif use gdbm; then + einfo "Using GDBM for local backend" + myconf="${myconf} ${myconf_gdbm}" + else + ewarn "Neither gdbm or berkdb USE flags present, falling back to" + ewarn "Berkeley DB for local backend" + myconf="${myconf} ${myconf_berkdb}" + fi + + # alas, for BSD only + #myconf="${myconf} --with-fetch" + + myconf="${myconf} --enable-dynamic --enable-modules" + myconf="${myconf} --enable-rewrite --enable-rlookups" + myconf="${myconf} --enable-passwd --enable-phonetic" + myconf="${myconf} --enable-dnssrv --enable-ldap" + myconf="${myconf} --enable-meta --enable-monitor" + myconf="${myconf} --enable-null --enable-shell" + myconf="${myconf} --enable-local --enable-proctitle" + + # disabled options + # --with-bdb-module=dynamic + # --enable-dnsserv --with-dnsserv-module=dynamic + + econf \ + --libexecdir=/usr/lib/openldap \ + ${myconf} || die "configure failed" + + make depend || die "make depend failed" + make || die "make failed" + +} + +src_test() { + cd tests ; make tests || die "make tests failed" +} + +src_install() { + make DESTDIR=${D} install || die "make install failed" + + dodoc ANNOUNCEMENT CHANGES COPYRIGHT README LICENSE + docinto rfc ; dodoc doc/rfc/*.txt + + # make state directories + for x in data slurp ldbm; do + keepdir /var/lib/openldap-${x} + fowners ldap:ldap /var/lib/openldap-${x} + fperms 0700 /var/lib/openldap-${x} + done + + # manually remove /var/tmp references in .la + # because it is packaged with an ancient libtool + for x in ${D}/usr/lib/lib*.la; do + sed -i -e "s:-L${S}[/]*libraries::" ${x} + done + + # change slapd.pid location in configuration file + keepdir /var/run/openldap + fowners ldap:ldap /var/run/openldap + fperms 0755 /var/run/openldap + for f in /etc/openldap/slapd.conf /etc/openldap/slapd.conf.default; do + sed -e "s:/var/lib/slapd.:/var/run/openldap/slapd.:" -i ${D}/${f} + sed -e "/database\tbdb$/acheckpoint 32 30 # " -i ${D}/${f} + fowners root:ldap ${f} + fperms 0640 ${f} + done + + # install our own init scripts + exeinto /etc/init.d + newexe ${FILESDIR}/2.0/slapd slapd + newexe ${FILESDIR}/2.0/slurpd slurpd + insinto /etc/conf.d + newins ${FILESDIR}/2.0/slapd.conf slapd + + # install MDK's ssl cert script + if use ssl || use samba; then + dodir /etc/openldap/ssl + exeinto /etc/openldap/ssl + doexe ${FILESDIR}/gencert.sh + fi +} + +pkg_postinst() { + if use ssl; then + # make a self-signed ssl cert (if there isn't one there already) + if [ ! -e /etc/openldap/ssl/ldap.pem ] + then + cd /etc/openldap/ssl + yes "" | sh gencert.sh + chmod 640 ldap.pem + chown root:ldap ldap.pem + else + einfo "An LDAP cert already appears to exist, no creating" + fi + fi + + # Since moving to running openldap as user ldap there are some + # permissions problems with directories and files. + # Let's make sure these permissions are correct. + chown ldap:ldap /var/run/openldap + chmod 0755 /var/run/openldap + chown root:ldap /etc/openldap/slapd.conf + chmod 0640 /etc/openldap/slapd.conf + chown root:ldap /etc/openldap/slapd.conf.default + chmod 0640 /etc/openldap/slapd.conf.default + chown ldap:ldap /var/lib/openldap-{data,ldbm,slurp} + + # notes from bug #41297, bug #41039 + ewarn "If you are upgrading from OpenLDAP 2.0, major changes have occured:" + ewarn "- bind_anon_dn is now disabled by default for security" + ewarn " add 'allow bind_anon_dn' to your config for the old behavior." + ewarn "- Default schemas have changed, you should slapcat your entire DB to" + ewarn " a file, delete your DB, and then slapadd it again. Alternatively" + ewarn " you can try slapindex which should work in almost all cases. Be" + ewarn " sure to check the permissions on the database files afterwards!" + if use ssl; then + ewarn "- Self-signed SSL certificates are treated harshly by OpenLDAP 2.1" + ewarn " add 'TLS_REQCERT never' if you want to use them." + fi +} -- cgit v1.2.3-65-gdbad