version bump, closes #405127, #428178, #436768

Package-Manager: portage-2.2.0_alpha123/cvs/Linux x86_64
author: Fabio Erculiani <lxnay@gentoo.org> 2012-10-02 20:23:36 +0000
committer: Fabio Erculiani <lxnay@gentoo.org> 2012-10-02 20:23:36 +0000
commit: 27c279ba2cbf3fd7ff471e69b001d7fdd6032caa (patch)
tree: f5c27073d6fe26881a2e307bb74ad80a7fc584c0 /net-nds
parent: stable ppc ppc64, bug #436810 (diff)
download: historical-27c279ba2cbf3fd7ff471e69b001d7fdd6032caa.tar.gz
historical-27c279ba2cbf3fd7ff471e69b001d7fdd6032caa.tar.bz2
historical-27c279ba2cbf3fd7ff471e69b001d7fdd6032caa.zip
6 files changed, 428 insertions, 220 deletions
diff --git a/net-nds/389-ds-base/389-ds-base-1.2.8.3.ebuild b/net-nds/389-ds-base/389-ds-base-1.2.11.15.ebuild
index cb1c90e55a6a..9dc293126a49 100644
--- a/net-nds/389-ds-base/389-ds-base-1.2.8.3.ebuild
+++ b/net-nds/389-ds-base/389-ds-base-1.2.11.15.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2012 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-nds/389-ds-base/389-ds-base-1.2.8.3.ebuild,v 1.4 2012/05/03 04:24:37 jdhore Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-nds/389-ds-base/389-ds-base-1.2.11.15.ebuild,v 1.1 2012/10/02 20:23:36 lxnay Exp $
 
 EAPI=2
 
@@ -19,22 +19,21 @@ KEYWORDS="~amd64 ~x86"
 IUSE="autobind auto-dn-suffix debug doc +pam-passthru +dna +ldapi +bitwise +presence kerberos selinux"
 
 ALL_DEPEND="!>=sys-libs/db-5.0
+	>=dev-libs/cyrus-sasl-2.1.19
+	>=dev-libs/icu-3.4
 	dev-libs/nss[utils]
 	dev-libs/nspr
 	dev-libs/svrcore
+	dev-libs/openssl
+	dev-libs/libpcre:3
 	dev-libs/mozldap
-	>=dev-libs/cyrus-sasl-2.1.19
-	>=dev-libs/icu-3.4
-	>=sys-libs/db-4.5
+	dev-perl/perl-mozldap
 	>=net-analyzer/net-snmp-5.1.2
-	dev-libs/openssl
 	sys-apps/tcp-wrappers
+	>=sys-libs/db-4.5
 	sys-libs/pam
 	sys-libs/zlib
-	dev-perl/perl-mozldap
-	dev-libs/libpcre:3
-	kerberos? ( net-nds/openldap
-		>=app-crypt/mit-krb5-1.7-r100[openldap] )
+	kerberos? ( net-nds/openldap >=app-crypt/mit-krb5-1.7-r100[openldap] )
 	selinux? ( >=sys-apps/policycoreutils-1.30.30
 		sec-policy/selinux-base-policy )"
 
@@ -57,6 +56,10 @@ pkg_setup() {
 
 src_prepare() {
 	epatch "${FILESDIR}/selinux.patch"
+	# Fix compilation against mozldap
+	epatch "${FILESDIR}/389-ds-base-1.2.11-fix-mozldap.patch"
+	# Upstream patch, will be in 1.2.11.16, fixes CVE-2012-4450
+	epatch "${FILESDIR}/389-ds-base-1.2.11.16-cve-2012-4450.patch"
 
 	# as per 389 documentation, when 64bit, export USE_64
 	use amd64 && export USE_64=1
diff --git a/net-nds/389-ds-base/389-ds-base-1.2.9.6.ebuild b/net-nds/389-ds-base/389-ds-base-1.2.9.6.ebuild
deleted file mode 100644
index b6bb8ac18d08..000000000000
--- a/net-nds/389-ds-base/389-ds-base-1.2.9.6.ebuild
+++ /dev/null
@@ -1,199 +0,0 @@
-# Copyright 1999-2012 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-nds/389-ds-base/389-ds-base-1.2.9.6.ebuild,v 1.2 2012/05/03 04:24:37 jdhore Exp $
-
-EAPI=2
-
-WANT_AUTOMAKE="1.9"
-MY_P=${P/_alpha/.a}
-MY_P=${MY_P/_rc/.rc}
-inherit eutils multilib flag-o-matic autotools
-
-DESCRIPTION="389 Directory Server (core librares and daemons )"
-HOMEPAGE="http://port389.org/"
-SRC_URI="http://directory.fedoraproject.org/sources/${MY_P}.tar.bz2"
-
-LICENSE="GPL-2-with-exceptions"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-IUSE="autobind auto-dn-suffix debug doc +pam-passthru +dna +ldapi +bitwise +presence kerberos selinux"
-
-ALL_DEPEND="!>=sys-libs/db-5.0
-	dev-libs/nss[utils]
-	dev-libs/nspr
-	dev-libs/svrcore
-	dev-libs/mozldap
-	>=dev-libs/cyrus-sasl-2.1.19
-	>=dev-libs/icu-3.4
-	>=sys-libs/db-4.5
-	>=net-analyzer/net-snmp-5.1.2
-	dev-libs/openssl
-	sys-apps/tcp-wrappers
-	sys-libs/pam
-	sys-libs/zlib
-	dev-perl/perl-mozldap
-	dev-libs/libpcre:3
-	kerberos? ( net-nds/openldap
-		>=app-crypt/mit-krb5-1.7-r100[openldap] )
-	selinux? ( >=sys-apps/policycoreutils-1.30.30
-		sec-policy/selinux-base-policy )"
-
-DEPEND="${ALL_DEPEND}
-	virtual/pkgconfig
-	sys-devel/libtool
-	doc? ( app-doc/doxygen )
-	selinux? ( sys-devel/m4 >=sys-apps/checkpolicy-1.30.12 )
-	sys-apps/sed"
-RDEPEND="${ALL_DEPEND}
-	virtual/perl-Time-Local
-	virtual/perl-MIME-Base64"
-
-S="${WORKDIR}/${MY_P}"
-
-pkg_setup() {
-	enewgroup dirsrv
-	enewuser dirsrv -1 -1 -1 dirsrv
-}
-
-src_prepare() {
-	epatch "${FILESDIR}/selinux.patch"
-
-	# as per 389 documentation, when 64bit, export USE_64
-	use amd64 && export USE_64=1
-
-	sed -i -e 's/nobody/dirsrv/g' configure.ac || die "sed failed on configure.ac"
-	eautoreconf
-
-	# enable nsslapd-allow-unauthenticated-binds by default
-	sed -i '/^nsslapd-allow-unauthenticated-binds/ s/off/on/' "${S}"/ldap/ldif/template-dse.ldif.in || \
-		die "cannot tweak default setting: nsslapd-allow-unauthenticated-binds"
-
-}
-
-src_configure() {
-	local myconf=""
-
-	use auto-dn-suffix && myconf="${myconf} --enable-auto-dn-suffix"
-	use selinux && myconf="${myconf} --with-selinux"
-
-	econf \
-		$(use_enable debug) \
-		$(use_enable pam-passthru) \
-		$(use_enable ldapi) \
-		$(use_enable autobind) \
-		$(use_enable dna) \
-		$(use_enable bitwise) \
-		$(use_enable presence) \
-		$(use_with kerberos) \
-		--enable-maintainer-mode \
-		--enable-autobind \
-		--with-fhs \
-		$myconf || die "econf failed"
-}
-
-src_compile() {
-	append-lfs-flags
-
-	# Use -j1 otherwise libacl-plugin.so could fail to install properly
-	emake -j1 || die "compile failed"
-	if use selinux; then
-		emake -f selinux/Makefile || die " build selinux policy failed"
-	fi
-}
-
-src_install () {
-	# Use -j1 otherwise libacl-plugin.so could fail to install properly
-	emake -j1 DESTDIR="${D}" install || die "emake install failed"
-
-	if use selinux;then
-		emake -f selinux/Makefile DESTDIR="${D}" install || die "Install selinux policy failed"
-	fi
-
-	# install not installed header
-	insinto /usr/include/dirsrv
-	doins ldap/servers/slapd/slapi-plugin.h
-
-	# for build free-ipa require winsync-plugin
-	doins ldap/servers/plugins/replication/winsync-plugin.h
-	doins ldap/servers/plugins/replication/repl-session-plugin.h
-
-	# make sure perl scripts have a proper shebang
-	cd "${D}"/usr/share/dirsrv/script-templates/
-
-	for i in $(find ./  -iname '*.pl') ;do
-		sed -i -e 's/#{{PERL-EXEC}}/#\!\/usr\/bin\/perl/' $i || die
-	done
-
-	# remove redhat style init script
-	rm -rf "${D}"/etc/rc.d || die
-	rm -rf "${D}"/etc/default || die
-
-	# and install gentoo style init script
-	newinitd "${FILESDIR}"/389-ds.initd 389-ds
-	newinitd "${FILESDIR}"/389-ds-snmp.initd 389-ds-snmp
-
-	# install Gentoo-specific start/stop scripts
-	rm -f "${D}"/usr/sbin/{re,}start-dirsrv || die "cannot remove 389 start/stop executables"
-	exeinto /usr/sbin
-	doexe "${FILESDIR}"/{re,}start-dirsrv
-
-	# cope with libraries being in /usr/lib/dirsrv
-	dodir /etc/env.d
-	echo "LDPATH=/usr/$(get_libdir)/dirsrv" > "${D}"/etc/env.d/08dirsrv
-
-	# create the directory where our log file and database
-	diropts -m 0755
-	dodir /var/lib/dirsrv
-	keepdir /var/lib/dirsrv
-	dodir /var/lock/dirsrv
-	keepdir /var/lock/dirsrv
-	# snmp agent, required directory
-	keepdir /var/agentx
-	dodir /var/agentx
-
-	if use doc; then
-		cd "${S}"
-		doxygen slapi.doxy || die "cannot run doxygen"
-		dohtml -r docs/html
-	fi
-}
-
-pkg_postinst() {
-	if use selinux; then
-		if has "loadpolicy" $FEATURES; then
-			einfo "Inserting the following modules into the module store"
-			cd /usr/share/selinux/targeted # struct policy not supported
-			semodule -s dirsrv -i dirsrv.pp
-		else
-			elog
-			elog "Policy has not been loaded.  It is strongly suggested"
-			elog "that the policy be loaded before continuing!!"
-			elog
-			elog "Automatic policy loading can be enabled by adding"
-			elog "\"loadpolicy\" to the FEATURES in make.conf."
-			elog
-			ebeep 4
-		fi
-	fi
-
-	elog
-	elog "If you are planning to use 389-ds-snmp (ldap-agent),"
-	elog "make sure to properly configure: /etc/dirsrv/config/ldap-agent.conf"
-	elog "adding proper 'server' entries, and adding the lines below to"
-	elog " => /etc/snmp/snmpd.conf"
-	elog
-	elog "master agentx"
-	elog "agentXSocket /var/agentx/master"
-	elog
-	elog
-	elog "To start 389 Directory Server (LDAP service) at boot:"
-	elog
-	elog "    rc-update add 389-ds default"
-	elog
-
-	elog "If you are upgrading from previous 1.2.6 release candidates"
-	elog "please see:"
-	elog "http://directory.fedoraproject.org/wiki/Subtree_Rename#warning:_upgrade_from_389_v1.2.6_.28a.3F.2C_rc1_.7E_rc6.29_to_v1.2.6_rc6_or_newer"
-	elog
-
-}
diff --git a/net-nds/389-ds-base/ChangeLog b/net-nds/389-ds-base/ChangeLog
index a9822c80cca0..fe906aed3134 100644
--- a/net-nds/389-ds-base/ChangeLog
+++ b/net-nds/389-ds-base/ChangeLog
@@ -1,6 +1,15 @@
 # ChangeLog for net-nds/389-ds-base
 # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-nds/389-ds-base/ChangeLog,v 1.21 2012/05/03 04:24:37 jdhore Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-nds/389-ds-base/ChangeLog,v 1.22 2012/10/02 20:23:36 lxnay Exp $
+
+*389-ds-base-1.2.11.15 (02 Oct 2012)
+
+  02 Oct 2012; Fabio Erculiani <lxnay@gentoo.org>
+  +389-ds-base-1.2.11.15.ebuild,
+  +files/389-ds-base-1.2.11.16-cve-2012-4450.patch,
+  +files/389-ds-base-1.2.11-fix-mozldap.patch, -389-ds-base-1.2.8.3.ebuild,
+  -389-ds-base-1.2.9.6.ebuild:
+  version bump, closes #405127, #428178, #436768
 
   03 May 2012; Jeff Horelick <jdhore@gentoo.org> 389-ds-base-1.2.8.3.ebuild,
   389-ds-base-1.2.9.6.ebuild:
diff --git a/net-nds/389-ds-base/Manifest b/net-nds/389-ds-base/Manifest
index 210119bc4157..3351b3b228b9 100644
--- a/net-nds/389-ds-base/Manifest
+++ b/net-nds/389-ds-base/Manifest
@@ -1,11 +1,11 @@
-AUX 389-ds-snmp.initd 1076 RMD160 7a3be7745e7e7a6de675b40b56556bfacef76a9a SHA1 8d8cbaa5c288d7d2a4ec25a2d85b406336c37073 SHA256 0dccceef42e29b5f696fc241cccdb3641eca3d8e300aef13b13ba1a40f8382e1
-AUX 389-ds.initd 1995 RMD160 1c6140438e874b5e75bc13533fb493780675a2ff SHA1 a3c567584ce949317a741f2a8410f758d507f9b5 SHA256 722f0c18f21ccb60054433e62748008ffd908d026220be4f705dcf46e9322a92
-AUX restart-dirsrv 581 RMD160 8812d099f1da6bcbefc0d09fe719f340f3c6d534 SHA1 0db36dd8f0379f1cd4bcc10da4f6cfe6dc37eacd SHA256 fd0dfbce5d74b065fc1bef6e11527d56c7fc4f16ae55383841c05d35d03173b2
-AUX selinux.patch 280 RMD160 f20b93a31f0e2435b95f3e927c99c719811b9bd7 SHA1 00391f15331ec22e3b43e098230ad154c150edfb SHA256 0600d46c02987c69c3c77a2f8f90dd4c31edea983911268227aa708230cdb6f9
-AUX start-dirsrv 303 RMD160 92d3d03931614f9a85345feec5a070c7a664996f SHA1 b2b92fc7d6aaec16d9ed31ff4fb5a596f9ce32f7 SHA256 d29272f92d2c4420da8aad7919861ab667c8f224bde560491f1626957418d361
-DIST 389-ds-base-1.2.8.3.tar.bz2 2881255 RMD160 39442a5eaa2e5c05be6db6f3ee76cf051d5a70e5 SHA1 87f1f8ec0044f4b1766b2b65b34f4e14d9d0d41d SHA256 956d15947ed91d1564c539d6932b6bca28b1209dd43ff19594ceb4e41a40cf1f
-DIST 389-ds-base-1.2.9.6.tar.bz2 2886557 RMD160 5b10daf260340009bc14b29fa4dd130d1c47d34a SHA1 f6ce44a8fc61faab96ead8172be45507efb49a4c SHA256 f89ae29db5da6e72e7a5e49a4cef56a0405838673720a2cf5993f42f058a2635
-EBUILD 389-ds-base-1.2.8.3.ebuild 5530 RMD160 f2a2f4e9f7e90bfdf76f6d7ff3b14abd2a7aff89 SHA1 18328858b680fb56c2cb6fefb61f79575f38cf81 SHA256 a71eb328d4f309602a4034225b6ac0fda374ad1185e64fee2a0a1e56d4b9b9c0
-EBUILD 389-ds-base-1.2.9.6.ebuild 5530 RMD160 43d01d5ff93e6e7d10f9a6354227e8f3c572b44c SHA1 3df70b942a49bd8edeeff2922daa9b24860a3190 SHA256 036d350ea55335f44433ef098620e58f963e4dd3e6fd006149fce045523d8d64
-MISC ChangeLog 4326 RMD160 1e13f0710b2ecbc6fe50e678428f3fd03b3d4473 SHA1 e7ed99e98def89c2dd8a9fe4bf8ce9eaedbd92d6 SHA256 0fb341c0698caad1b7802a8e0d3841b6dbece520be04a03b1456c0a098122c0f
-MISC metadata.xml 1048 RMD160 01ba603cae70b0ab5d1e075cdf4a4abe1bb9df80 SHA1 cc0e421e0eeca73585cd591daf6eac215197d35c SHA256 a57ddcbe9aa68a7d05cda7de1dba219fc1a81070899df2d564af33f9d89f5c32
+AUX 389-ds-base-1.2.11-fix-mozldap.patch 789 SHA256 55e33e366ad13c22a00a8255ea34fb84786f2d3308ba1cab74b92684897bbdc5 SHA512 30e3fe84d8d5d380e80ccb19cebd73271b540caef61770514f43c3097e34d133cefdbb5abec3ccd25ad7a46df380719c0ce8fa7b10185091f236f622850ebfa4 WHIRLPOOL 271a2f16a52bc599391d167499aad0f2f9658def2becf35e6364b9125cd9c8d2cd33a8bb41c4c7b16ea3a48dec0de786f0059950f1b3a6a172b6cd4881a784d5
+AUX 389-ds-base-1.2.11.16-cve-2012-4450.patch 12046 SHA256 248f9df6bdae5dd24a0c67168a057fd73d9aeb7a5afb288587680678b27d651c SHA512 90378d2cd8347e32952450e8c648951cd8bcf774fcc6536c7f85a870ffd964d3541ebf7a2f44c76ba71514e1151ced1d43cf7de7f85bfe69b997d2c642180b47 WHIRLPOOL db70f8537f0091f172c396f90fb18361cb29c14b475557dab904a0613563efb5d7742fa2db20a7db62686a80a4ab469f8347082d456df76a1771e83aba876e11
+AUX 389-ds-snmp.initd 1076 SHA256 0dccceef42e29b5f696fc241cccdb3641eca3d8e300aef13b13ba1a40f8382e1 SHA512 0e2a6a8519a82d25cc96c0f5b26e9a53e7a56ddd9b842ff830535628d5f55a3eb662cf4d1c93d49fa66176249866a1ed21461ccd7e920869a95297ca5197db8c WHIRLPOOL dcc8efb767eb7d4044424967b26b93d88b827f652146eaabcc5c105ea373ae02d1a89ab0e61057496eec220e8c0111599099ec711d28e61f61e19008dfe775bb
+AUX 389-ds.initd 1995 SHA256 722f0c18f21ccb60054433e62748008ffd908d026220be4f705dcf46e9322a92 SHA512 185704cc96d5238532ba8f3ee7578587b58c76ae864cb2a1d35fd5361edfe2c504286b7ad738d6530661393461447ca2948af4807f58420c5bb83a0fee7d9054 WHIRLPOOL ad55cccb4ddec7c6c98c467e68359c2f2bab7c11b52ad333687600bf5f4b43c1f9f2da6e317759c4b7b1e68c2d1bf106675bfd7d0a752206a0300b627777efe2
+AUX restart-dirsrv 581 SHA256 fd0dfbce5d74b065fc1bef6e11527d56c7fc4f16ae55383841c05d35d03173b2 SHA512 c8b2168977a1884baa35f78ba9a065bf3900413afcd5c38eba0f3695af6b4900785430ec61e34479a22b6888334a46e6c3796e15866a37969497033a9cbdee6e WHIRLPOOL 81ace8c577aeb931d2bda9bacd1ff9b9389c9d6d0ccdbd53867686d0fd3e3bd9bc4bf1965231dcb7803a16fa6e3f438daf54bb569e7a81062f84fc71e3e278f3
+AUX selinux.patch 280 SHA256 0600d46c02987c69c3c77a2f8f90dd4c31edea983911268227aa708230cdb6f9 SHA512 333aae269ab806057c2e6eb5b6b657bbbbd12334254b7b7a07f46cb89d7a78d6fd573a987bfe3a0cb74df27e01009b68d8510b47a13ac7ab8e7e4c7301842d6e WHIRLPOOL 3f4c9d1ea8907dda7e236f17355a4710dad6a162395999688173c1a818c48505ea47a8cfa43116981a0a978764f7a27d771fd26e551bb0b3e5e123ba7b8e5121
+AUX start-dirsrv 303 SHA256 d29272f92d2c4420da8aad7919861ab667c8f224bde560491f1626957418d361 SHA512 0a150045099e367ed54a3bf9319f3a608ea9b967f13e6f29aac7d3f6ca2e39edc2d8f843bab9a2c7cb93d8d175a8a34e6c0ad1a0dd1a586cf4141a1dcd3d37d6 WHIRLPOOL 936fc295e75ab18e5207eb2fe2eea42eef3807321f3ff526bbc4f4d8d4ef79b0ff8a09b676d7a993c76efb6da8fab3365b085f682d1a0e615092b8bd0b67a6c5
+DIST 389-ds-base-1.2.11.15.tar.bz2 2983709 SHA256 de193bf5e38e1c7e1b9af0e1eebab70c8b62c2b0daeaa0a33e737add90bcbce0 SHA512 ed41fa07ac57c749ae48270a980173b9c63588748e5b45bb7fa0009aeb9c28c2c62e717f68ce764afca9aae4931443b5544343ab02b484654006829e98c5da7c WHIRLPOOL adebfeaf453de8bcfd46ddbb262e471b7bdb63e2858fbf53f192e58ed5b6be90e9e34ef512cf0322e98448a9a51bee90bc569edd6039b241208085c4f55af9e2
+EBUILD 389-ds-base-1.2.11.15.ebuild 5748 SHA256 b366b88c41095e0d1b5a1de96ecab350ded96ecc19e34a6640128f3a50fc23e0 SHA512 9246420eeb82ae6566c157a79b71c67551389e3ae9a81622b53df4e2ddc51b26c72dcb8cdf7a3524b004693e11aa2ed1d1a95494509ad2e3d6f7db6d9d451ed7 WHIRLPOOL a7d278044c5719c0770dd88ec4143cfd2b37cc4024e53d3d4f42cdd17075db4a5238d349cb74bfbc2edabb20401deb49a053766f153a0dcd943ed63c45191968
+MISC ChangeLog 4655 SHA256 5283908ce2c8d0b92ca49c318b0ecfc6aa17eac88e409c6a3a4449f1ee00f30d SHA512 aa5c90900d5e6236c7d411af901d16be9f0619e87fc848bdaf1ff9a60234ddaa02fa661743e999c77439646a3884f8de3526eab5bc0e3e7f5581f090cb3d7674 WHIRLPOOL ac96c29f2a0eff6ba3dbb746b0e2a0283c63539c8b2610ee8105483f5d9ddf3b40d5582f1cedf76a84332f9a92faa7848d876b4ebe798fc4873495b968da2012
+MISC metadata.xml 1048 SHA256 a57ddcbe9aa68a7d05cda7de1dba219fc1a81070899df2d564af33f9d89f5c32 SHA512 0ec15db03c6526ebc7404ac4d674695764d820fad63e6ce3c7fb9e015f1d9a0157cb3507356f074502d0186d18bc1b5fa26d9d1d2fbc622bb426a8054f34dd49 WHIRLPOOL 1dbbc21809873987acde2013a7cc4a3a31bf122b65d04576f7ec6c33df1725e86b778611a2c7dff91f236db7692e87f2d9456918e1c9f0d5f84efd675021a0f0
diff --git a/net-nds/389-ds-base/files/389-ds-base-1.2.11-fix-mozldap.patch b/net-nds/389-ds-base/files/389-ds-base-1.2.11-fix-mozldap.patch
new file mode 100644
index 000000000000..7c99085e3d3b
--- /dev/null
+++ b/net-nds/389-ds-base/files/389-ds-base-1.2.11-fix-mozldap.patch
@@ -0,0 +1,28 @@
+commit f5bd0ed47523b39aedb6bcc1f9c0754371159a77
+Author: Rich Megginson <rmeggins at redhat.com>
+Date:   Fri Sep 14 09:20:18 2012 -0600
+
+    Ticket #461 - fix build problem with mozldap c sdk
+    
+    https://fedorahosted.org/389/ticket/461
+    Reviewed by: rmeggins
+    Fixed by: cgrzemba
+    Branch: master
+    Fix Description: mozldap does not define LDAP_MOD_OP so define it
+    Platforms tested: RHEL6 x86_64
+    Flag Day: no
+    Doc impact: no
+
+diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
+index bfd48b1..4736e82 100644
+--- a/ldap/servers/slapd/pw.c
++++ b/ldap/servers/slapd/pw.c
+@@ -61,6 +61,9 @@
+ #if defined( _WIN32 )
+ #undef LDAPDebug
+ #endif	/*  _WIN32 */
++#if defined( USE_MOZLDAP )
++#define LDAP_MOD_OP (0x0007)
++#endif /* USE_MOZLDAP */
+ 
+ #include "slap.h"
diff --git a/net-nds/389-ds-base/files/389-ds-base-1.2.11.16-cve-2012-4450.patch b/net-nds/389-ds-base/files/389-ds-base-1.2.11.16-cve-2012-4450.patch
new file mode 100644
index 000000000000..54d9b1b975d7
--- /dev/null
+++ b/net-nds/389-ds-base/files/389-ds-base-1.2.11.16-cve-2012-4450.patch
@@ -0,0 +1,367 @@
+From 5beb93d42efb807838c09c5fab898876876f8d09 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@totoro.usersys.redhat.com>
+Date: Fri, 21 Sep 2012 19:35:18 +0000
+Subject: Trac Ticket #340 - Change on SLAPI_MODRDN_NEWSUPERIOR is not
+
+      evaluated in acl
+
+https://fedorahosted.org/389/ticket/340
+
+Bug Description: When modrdn operation was executed, only newrdn
+change was passed to the acl plugin.  Also, the change was used
+only for the acl search, but not for the acl target in the items
+in the acl cache.
+
+Fix Description: This patch also passes the newsuperior update
+to the acl plugin.  And the modrdn updates are applied to the
+acl target in the acl cache.
+---
+diff --git a/ldap/servers/plugins/acl/acl.c b/ldap/servers/plugins/acl/acl.c
+index 15e474e..3389404 100644
+--- a/ldap/servers/plugins/acl/acl.c
++++ b/ldap/servers/plugins/acl/acl.c
+@@ -170,9 +170,9 @@ acl_access_allowed_modrdn(
+  * Test if have access to make the first rdn of dn in entry e.
+ */
+  
+-static int check_rdn_access( Slapi_PBlock *pb, Slapi_Entry *e, const char *dn,
+-						int access) {
+-	
++static int
++check_rdn_access( Slapi_PBlock *pb, Slapi_Entry *e, const char *dn, int access)
++{
+ 	char **dns;
+ 	char **rdns;
+ 	int retCode = LDAP_INSUFFICIENT_ACCESS;
+@@ -655,7 +655,8 @@ cleanup_and_ret:
+ 	
+ }
+ 
+-static void print_access_control_summary( char *source, int ret_val, char *clientDn,
++static void
++print_access_control_summary( char *source, int ret_val, char *clientDn,
+ 									struct	acl_pblock	*aclpb,
+ 									char *right,
+ 									char *attr,
+@@ -1524,11 +1525,12 @@ acl_check_mods(
+ *
+ **************************************************************************/
+ extern void
+-acl_modified (Slapi_PBlock *pb, int optype, char *n_dn, void *change)
++acl_modified (Slapi_PBlock *pb, int optype, Slapi_DN *e_sdn, void *change)
+ {
+ 	struct  berval	**bvalue;
+ 	char			**value;
+ 	int				rv=0;		/* returned value */
++	const char*     n_dn;
+ 	char*          	new_RDN;
+ 	char*          	parent_DN;
+ 	char*          	new_DN;
+@@ -1537,10 +1539,12 @@ acl_modified (Slapi_PBlock *pb, int optype, char *n_dn, void *change)
+ 	int				j;
+ 	Slapi_Attr 		*attr = NULL;
+ 	Slapi_Entry		*e = NULL;
+-	Slapi_DN		*e_sdn;
+ 	aclUserGroup	*ugroup = NULL;
+ 	
+-	e_sdn = slapi_sdn_new_normdn_byval ( n_dn );
++	if (NULL == e_sdn) {
++		return;
++	}
++	n_dn = slapi_sdn_get_dn(e_sdn);
+ 	/* Before we proceed, Let's first check if we are changing any groups.
+ 	** If we are, then we need to change the signature
+ 	*/
+@@ -1768,45 +1772,64 @@ acl_modified (Slapi_PBlock *pb, int optype, char *n_dn, void *change)
+ 		}
+ 
+ 		break;
+-	   }/* case op is modify*/
++	    }/* case op is modify*/
+ 
+-	   case SLAPI_OPERATION_MODRDN:
+-
+-		new_RDN = (char*) change;
+-		slapi_log_error (SLAPI_LOG_ACL, plugin_name, 
+-			   "acl_modified (MODRDN %s => \"%s\"\n", 
+-			   n_dn, new_RDN);
++	    case SLAPI_OPERATION_MODRDN:
++	    {
++		char **rdn_parent;
++		rdn_parent = (char **)change;
++		new_RDN = rdn_parent[0];
++		parent_DN = rdn_parent[1];
+ 
+ 		/* compute new_DN: */
+-		parent_DN = slapi_dn_parent (n_dn);
+-		if (parent_DN == NULL) {
+-			new_DN = new_RDN;
++		if (NULL == parent_DN) {
++			parent_DN = slapi_dn_parent(n_dn);
++		}
++		if (NULL == parent_DN) {
++			if (NULL == new_RDN) {
++				slapi_log_error (SLAPI_LOG_ACL, plugin_name, 
++				                 "acl_modified (MODRDN %s => \"no change\"\n", 
++				                 n_dn);
++				break;
++			} else {
++				new_DN = new_RDN;
++			}
+ 		} else {
+-			new_DN = slapi_create_dn_string("%s,%s", new_RDN, parent_DN);
++			if (NULL == new_RDN) {
++				Slapi_RDN *rdn= slapi_rdn_new();
++				slapi_sdn_get_rdn(e_sdn, rdn);
++				new_DN = slapi_create_dn_string("%s,%s", slapi_rdn_get_rdn(rdn),
++				                                parent_DN);
++				slapi_rdn_free(&rdn);
++			} else {
++				new_DN = slapi_create_dn_string("%s,%s", new_RDN, parent_DN);
++			}
+ 		}
++		slapi_log_error (SLAPI_LOG_ACL, plugin_name, 
++		                 "acl_modified (MODRDN %s => \"%s\"\n", n_dn, new_RDN);
+ 
+ 		/* Change the acls */
+-		acllist_acicache_WRITE_LOCK();		
++		acllist_acicache_WRITE_LOCK();
+ 		/* acllist_moddn_aci_needsLock expects normalized new_DN, 
+ 		 * which is no need to be case-ignored */
+ 		acllist_moddn_aci_needsLock ( e_sdn, new_DN );
+ 		acllist_acicache_WRITE_UNLOCK();
+ 
+ 		/* deallocat the parent_DN */
+-		if (parent_DN != NULL)  {
+-			slapi_ch_free ( (void **) &new_DN );
+-			slapi_ch_free ( (void **) &parent_DN );
++		if (parent_DN != NULL) {
++			slapi_ch_free_string(&new_DN);
++			if (parent_DN != rdn_parent[1]) {
++				slapi_ch_free_string(&parent_DN);
++			}
+ 		}
+ 		break;
+-
+-	   default:
++	    } /* case op is modrdn */
++	    default:
+ 		/* print ERROR */
+ 		break;
+ 	} /*optype switch */
+-		
+-	slapi_sdn_free ( &e_sdn );	
+-
+ }
++
+ /***************************************************************************
+ *
+ * acl__scan_for_acis
+diff --git a/ldap/servers/plugins/acl/acl.h b/ldap/servers/plugins/acl/acl.h
+index 4fa3e3f..28c38e7 100644
+--- a/ldap/servers/plugins/acl/acl.h
++++ b/ldap/servers/plugins/acl/acl.h
+@@ -796,7 +796,8 @@ int  		acl_read_access_allowed_on_attr ( Slapi_PBlock *pb, Slapi_Entry *e, char
+                                   struct berval *val, int access);
+ void 		acl_set_acllist (Slapi_PBlock *pb, int scope, char *base);
+ void 		acl_gen_err_msg(int access, char *edn, char *attr, char **errbuf);
+-void 		acl_modified ( Slapi_PBlock *pb, int optype, char *dn, void *change);
++void 		acl_modified (Slapi_PBlock *pb, int optype, Slapi_DN *e_sdn, void *change);
++
+ int 		acl_access_allowed_disjoint_resource( Slapi_PBlock *pb, Slapi_Entry *e,
+ 					char *attr, struct berval *val, int access );
+ int 		acl_access_allowed_main ( Slapi_PBlock *pb, Slapi_Entry *e, char **attrs, 
+@@ -866,7 +867,7 @@ void		acllist_print_tree ( Avlnode *root, int *depth, char *start, char *side);
+ AciContainer *acllist_get_aciContainer_new ( );
+ void 		acllist_done_aciContainer (  AciContainer *);
+ 
+-aclUserGroup* aclg_find_userGroup (char *n_dn);
++aclUserGroup* aclg_find_userGroup (const char *n_dn);
+ void 		aclg_regen_ugroup_signature( aclUserGroup *ugroup);
+ void		aclg_markUgroupForRemoval ( aclUserGroup *u_group );
+ void		aclg_reader_incr_ugroup_refcnt(aclUserGroup* u_group);
+diff --git a/ldap/servers/plugins/acl/aclgroup.c b/ldap/servers/plugins/acl/aclgroup.c
+index c694293..2231304 100644
+--- a/ldap/servers/plugins/acl/aclgroup.c
++++ b/ldap/servers/plugins/acl/aclgroup.c
+@@ -213,7 +213,7 @@ aclg_reset_userGroup ( struct acl_pblock *aclpb )
+ */
+ 
+ aclUserGroup*
+-aclg_find_userGroup(char *n_dn)
++aclg_find_userGroup(const char *n_dn)
+ {
+ 	aclUserGroup		*u_group = NULL;	
+ 	int			i;
+diff --git a/ldap/servers/plugins/acl/acllist.c b/ldap/servers/plugins/acl/acllist.c
+index 9b5363a..e8198af 100644
+--- a/ldap/servers/plugins/acl/acllist.c
++++ b/ldap/servers/plugins/acl/acllist.c
+@@ -600,7 +600,6 @@ void
+ acllist_init_scan (Slapi_PBlock *pb, int scope, const char *base)
+ {
+ 	Acl_PBlock			*aclpb;
+-	int					i;
+ 	AciContainer		*root;
+ 	char				*basedn = NULL;
+ 	int					index;
+@@ -671,11 +670,6 @@ acllist_init_scan (Slapi_PBlock *pb, int scope, const char *base)
+ 		aclpb->aclpb_state &= ~ACLPB_SEARCH_BASED_ON_LIST ;
+ 
+ 	acllist_acicache_READ_UNLOCK();
+-
+-	i = 0;
+-	while ( i < aclpb_max_selected_acls && aclpb->aclpb_base_handles_index[i]  != -1 ) {
+-		i++;
+-	}
+ }
+ 
+ /*
+@@ -893,34 +887,50 @@ acllist_acicache_WRITE_LOCK( )
+ int
+ acllist_moddn_aci_needsLock ( Slapi_DN *oldsdn, char *newdn )
+ {
+-
+-
+ 	AciContainer		*aciListHead;
+ 	AciContainer		*head;
++	aci_t *acip;
++	const char *oldndn;
+ 
+ 	/* first get the container */
+ 
+ 	aciListHead =   acllist_get_aciContainer_new ( );
+ 	slapi_sdn_free(&aciListHead->acic_sdn);
+-    aciListHead->acic_sdn = oldsdn;
+-
++	aciListHead->acic_sdn = oldsdn;
+ 
+ 	if ( NULL == (head = (AciContainer *) avl_find( acllistRoot, aciListHead,
+-									(IFP) __acllist_aciContainer_node_cmp ) ) ) {
++	     (IFP) __acllist_aciContainer_node_cmp ) ) ) {
+ 
+ 		slapi_log_error ( SLAPI_PLUGIN_ACL, plugin_name,
+- 						"Can't find the acl in the tree for moddn operation:olddn%s\n",
+-							slapi_sdn_get_ndn ( oldsdn ));
++		         "Can't find the acl in the tree for moddn operation:olddn%s\n",
++		         slapi_sdn_get_ndn ( oldsdn ));
+ 		aciListHead->acic_sdn = NULL;
+ 		__acllist_free_aciContainer ( &aciListHead );
+- 		return 1;
++		return 1;
+ 	}
+ 
+-
+-	/* Now set the new DN */	
+-	slapi_sdn_done ( head->acic_sdn );
+- 	slapi_sdn_set_normdn_byval ( head->acic_sdn, newdn );
+-
++	/* Now set the new DN */
++	slapi_sdn_set_normdn_byval(head->acic_sdn, newdn);
++
++	/* If necessary, reset the target DNs, as well. */
++	oldndn = slapi_sdn_get_ndn(oldsdn);
++	for (acip = head->acic_list; acip; acip = acip->aci_next) {
++		const char *ndn = slapi_sdn_get_ndn(acip->aci_sdn);
++		char *p = PL_strstr(ndn, oldndn);
++		if (p) {
++			if (p == ndn) {
++				/* target dn is identical, replace it with new DN*/
++				slapi_sdn_set_normdn_byval(acip->aci_sdn, newdn);
++			} else {
++				/* target dn is a descendent of olddn, merge it with new DN*/
++				char *mynewdn;
++				*p = '\0';
++				mynewdn = slapi_ch_smprintf("%s%s", ndn, newdn);
++				slapi_sdn_set_normdn_passin(acip->aci_sdn, mynewdn);
++			}
++		}
++	}
++    
+ 	aciListHead->acic_sdn = NULL;
+ 	__acllist_free_aciContainer ( &aciListHead );
+ 
+diff --git a/ldap/servers/slapd/dn.c b/ldap/servers/slapd/dn.c
+index 11e56a9..b79d0f2 100644
+--- a/ldap/servers/slapd/dn.c
++++ b/ldap/servers/slapd/dn.c
+@@ -2097,7 +2097,7 @@ slapi_sdn_set_normdn_byval(Slapi_DN *sdn, const char *normdn)
+     slapi_sdn_done(sdn);
+     sdn->flag = slapi_setbit_uchar(sdn->flag, FLAG_DN);
+     if(normdn == NULL) {
+-        sdn->dn = slapi_ch_strdup(normdn);
++        sdn->dn = NULL;
+         sdn->ndn_len = 0;
+     } else {
+         sdn->dn = slapi_ch_strdup(normdn);
+diff --git a/ldap/servers/slapd/plugin_acl.c b/ldap/servers/slapd/plugin_acl.c
+index b878156..3bc3f21 100644
+--- a/ldap/servers/slapd/plugin_acl.c
++++ b/ldap/servers/slapd/plugin_acl.c
+@@ -134,11 +134,10 @@ int
+ plugin_call_acl_mods_update ( Slapi_PBlock *pb, int optype )
+ {
+ 	struct slapdplugin	*p;
+-	char 				*dn;
+ 	int					rc = 0;
+-   	void				*change = NULL;
+-   	Slapi_Entry			*te = NULL;
+-    Slapi_DN			*sdn = NULL;
++	void				*change = NULL;
++	Slapi_Entry			*te = NULL;
++	Slapi_DN			*sdn = NULL;
+ 	Operation			*operation;
+ 
+ 	slapi_pblock_get (pb, SLAPI_OPERATION, &operation);
+@@ -146,7 +145,7 @@ plugin_call_acl_mods_update ( Slapi_PBlock *pb, int optype )
+ 	(void)slapi_pblock_get( pb, SLAPI_TARGET_SDN, &sdn );
+ 
+ 	switch ( optype ) {
+- 	  case SLAPI_OPERATION_MODIFY:
++	  case SLAPI_OPERATION_MODIFY:
+ 		(void)slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &change );
+ 		break;
+ 	  case SLAPI_OPERATION_ADD:
+@@ -158,11 +157,27 @@ plugin_call_acl_mods_update ( Slapi_PBlock *pb, int optype )
+ 		}
+ 		break;
+ 	  case SLAPI_OPERATION_MODRDN:
++	  {
++		void *mychange[2];
++		char *newrdn = NULL;
++		Slapi_DN *psdn = NULL;
++		char *pdn = NULL;
++
+ 		/* newrdn: "change" is normalized but not case-ignored */
+ 		/* The acl plugin expects normalized newrdn, but no need to be case-
+ 		 * ignored. */
+-		(void)slapi_pblock_get( pb, SLAPI_MODRDN_NEWRDN, &change );
++		(void)slapi_pblock_get( pb, SLAPI_MODRDN_NEWRDN, &newrdn );
++		(void)slapi_pblock_get( pb, SLAPI_MODRDN_NEWSUPERIOR_SDN, &psdn );
++		if (psdn) {
++			pdn = (char *)slapi_sdn_get_dn(psdn);
++		} else {
++			(void)slapi_pblock_get( pb, SLAPI_MODRDN_NEWSUPERIOR, &pdn );
++		}
++		mychange[0] = newrdn;
++		mychange[1] = pdn;
++		change = mychange;
+ 		break;
++	  }
+ 	}
+ 	
+ 	if (NULL == sdn) {
+@@ -172,10 +187,9 @@ plugin_call_acl_mods_update ( Slapi_PBlock *pb, int optype )
+ 	}
+ 
+ 	/* call the global plugins first and then the backend specific */
+-	dn = (char*)slapi_sdn_get_ndn(sdn); /* jcm - Had to cast away const */
+ 	for ( p = get_plugin_list(PLUGIN_LIST_ACL); p != NULL; p = p->plg_next ) {
+ 		if (plugin_invoke_plugin_sdn(p, SLAPI_PLUGIN_ACL_MODS_UPDATE, pb, sdn)){
+-			rc = (*p->plg_acl_mods_update)(pb, optype, dn, change );
++			rc = (*p->plg_acl_mods_update)(pb, optype, sdn, change );
+ 			if ( rc != LDAP_SUCCESS ) break;
+ 		}
+ 	}
+--
+cgit v0.9.0.2
author	Fabio Erculiani <lxnay@gentoo.org>	2012-10-02 20:23:36 +0000
committer	Fabio Erculiani <lxnay@gentoo.org>	2012-10-02 20:23:36 +0000
commit	27c279ba2cbf3fd7ff471e69b001d7fdd6032caa (patch)
tree	f5c27073d6fe26881a2e307bb74ad80a7fc584c0 /net-nds
parent	stable ppc ppc64, bug #436810 (diff)
download	historical-27c279ba2cbf3fd7ff471e69b001d7fdd6032caa.tar.gz historical-27c279ba2cbf3fd7ff471e69b001d7fdd6032caa.tar.bz2 historical-27c279ba2cbf3fd7ff471e69b001d7fdd6032caa.zip