Message ID | 20140728185013.GA17391@windriver.com |
---|---|
State | Accepted, archived |
Headers | show |
diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/add-tlscacert-option-to-ldap-conf.patch b/meta-oe/recipes-support/openldap/openldap-2.4.39/add-tlscacert-option-to-ldap-conf.patch new file mode 100644 index 0000000..e8e731a --- /dev/null +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/add-tlscacert-option-to-ldap-conf.patch @@ -0,0 +1,10 @@ +--- a/libraries/libldap/ldap.conf ++++ b/libraries/libldap/ldap.conf +@@ -11,3 +11,7 @@ + #SIZELIMIT 12 + #TIMELIMIT 15 + #DEREF never ++ ++# TLS certificates (needed for GnuTLS) ++TLS_CACERT /etc/ssl/certs/ca-certificates.crt ++ diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/autogroup-makefile.patch b/meta-oe/recipes-support/openldap/openldap-2.4.39/autogroup-makefile.patch new file mode 100644 index 0000000..d3f56c3 --- /dev/null +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/autogroup-makefile.patch @@ -0,0 +1,35 @@ +--- a/contrib/slapd-modules/autogroup/Makefile ++++ b/contrib/slapd-modules/autogroup/Makefile +@@ -2,11 +2,11 @@ + + LDAP_SRC = ../../.. + LDAP_BUILD = ../../.. +-LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd +-LDAP_LIB = $(LDAP_BUILD)/libraries/libldap_r/libldap_r.la \ +- $(LDAP_BUILD)/libraries/liblber/liblber.la ++LDAP_INC = -I$(LDAP_BUILD)/debian/build/include -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd ++LDAP_LIB = $(LDAP_BUILD)/debian/build/libraries/libldap_r/libldap_r.la \ ++ $(LDAP_BUILD)/debian/build/libraries/liblber/liblber.la + +-LIBTOOL = $(LDAP_BUILD)/libtool ++LIBTOOL = $(LDAP_BUILD)/debian/build/libtool + CC = gcc + OPT = -g -O2 -Wall + DEFS = +@@ -16,13 +16,13 @@ LIBS = $(LDAP_LIB) + PROGRAMS = autogroup.la + LTVER = 0:0:0 + +-prefix=/usr/local ++prefix=/usr + exec_prefix=$(prefix) +-ldap_subdir=/openldap ++ldap_subdir=/ldap + + libdir=$(exec_prefix)/lib + libexecdir=$(exec_prefix)/libexec +-moduledir = $(libexecdir)$(ldap_subdir) ++moduledir = $(libdir)$(ldap_subdir) + + .SUFFIXES: .c .o .lo + diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/contrib-modules-use-dpkg-buildflags.patch b/meta-oe/recipes-support/openldap/openldap-2.4.39/contrib-modules-use-dpkg-buildflags.patch new file mode 100644 index 0000000..1b15529 --- /dev/null +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/contrib-modules-use-dpkg-buildflags.patch @@ -0,0 +1,40 @@ +Description: pass CFLAGS to contrib builds + $(CFLAGS) is missing from the compiler invocations for autogroup and + smbk5pwd, which means they're not being hardened. +Author: Simon Ruderich <simon@ruderich.org> +Bug-Debian: http://bugs.debian.org/663724 + +--- a/contrib/slapd-modules/autogroup/Makefile ++++ b/contrib/slapd-modules/autogroup/Makefile +@@ -27,12 +27,12 @@ moduledir = $(libexecdir)$(ldap_subdir) + .SUFFIXES: .c .o .lo + + .c.lo: +- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $< ++ $(LIBTOOL) --mode=compile $(CC) $(OPT) $(CFLAGS) $(DEFS) $(INCS) -c $< + + all: $(PROGRAMS) + + autogroup.la: autogroup.lo +- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \ ++ $(LIBTOOL) --mode=link $(CC) $(OPT) $(LDFLAGS) -version-info $(LTVER) \ + -rpath $(moduledir) -module -o $@ $? $(LIBS) + + clean: +--- a/contrib/slapd-modules/smbk5pwd/Makefile ++++ b/contrib/slapd-modules/smbk5pwd/Makefile +@@ -46,12 +46,12 @@ moduledir = $(libexecdir)$(ldap_subdir) + .SUFFIXES: .c .o .lo + + .c.lo: +- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $< ++ $(LIBTOOL) --mode=compile $(CC) $(OPT) $(CFLAGS) $(DEFS) $(INCS) -c $< + + all: $(PROGRAMS) + + smbk5pwd.la: smbk5pwd.lo +- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \ ++ $(LIBTOOL) --mode=link $(CC) $(OPT) $(LDFLAGS) -version-info $(LTVER) \ + -rpath $(moduledir) -module -o $@ $? $(LIBS) + + clean: diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/do-not-second-guess-sonames.patch b/meta-oe/recipes-support/openldap/openldap-2.4.39/do-not-second-guess-sonames.patch new file mode 100644 index 0000000..31cf652 --- /dev/null +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/do-not-second-guess-sonames.patch @@ -0,0 +1,68 @@ +Rip out code that second-guesses the libsasl soname / Debian shlibs. If +cyrus sasl upstream is breaking the ABI, this needs to be fixed upstream +there, not kludged around upstream here! + +Debian bug #546885 + +Upstream ITS #6302 filed. + +--- a/libraries/libldap/cyrus.c ++++ b/libraries/libldap/cyrus.c +@@ -74,28 +74,6 @@ int ldap_int_sasl_init( void ) + /* XXX not threadsafe */ + static int sasl_initialized = 0; + +-#ifdef HAVE_SASL_VERSION +- /* stringify the version number, sasl.h doesn't do it for us */ +-#define VSTR0(maj, min, pat) #maj "." #min "." #pat +-#define VSTR(maj, min, pat) VSTR0(maj, min, pat) +-#define SASL_VERSION_STRING VSTR(SASL_VERSION_MAJOR, SASL_VERSION_MINOR, \ +- SASL_VERSION_STEP) +- { int rc; +- sasl_version( NULL, &rc ); +- if ( ((rc >> 16) != ((SASL_VERSION_MAJOR << 8)|SASL_VERSION_MINOR)) || +- (rc & 0xffff) < SASL_VERSION_STEP) { +- char version[sizeof("xxx.xxx.xxxxx")]; +- sprintf( version, "%u.%d.%d", (unsigned)rc >> 24, (rc >> 16) & 0xff, +- rc & 0xffff ); +- +- Debug( LDAP_DEBUG_ANY, +- "ldap_int_sasl_init: SASL library version mismatch:" +- " expected " SASL_VERSION_STRING "," +- " got %s\n", version, 0, 0 ); +- return -1; +- } +- } +-#endif + if ( sasl_initialized ) { + return 0; + } +--- a/servers/slapd/sasl.c ++++ b/servers/slapd/sasl.c +@@ -1145,26 +1145,6 @@ int slap_sasl_init( void ) + #endif + + #ifdef HAVE_CYRUS_SASL +-#ifdef HAVE_SASL_VERSION +- /* stringify the version number, sasl.h doesn't do it for us */ +-#define VSTR0(maj, min, pat) #maj "." #min "." #pat +-#define VSTR(maj, min, pat) VSTR0(maj, min, pat) +-#define SASL_VERSION_STRING VSTR(SASL_VERSION_MAJOR, SASL_VERSION_MINOR, \ +- SASL_VERSION_STEP) +- +- sasl_version( NULL, &rc ); +- if ( ((rc >> 16) != ((SASL_VERSION_MAJOR << 8)|SASL_VERSION_MINOR)) || +- (rc & 0xffff) < SASL_VERSION_STEP) +- { +- char version[sizeof("xxx.xxx.xxxxx")]; +- sprintf( version, "%u.%d.%d", (unsigned)rc >> 24, (rc >> 16) & 0xff, +- rc & 0xffff ); +- Debug( LDAP_DEBUG_ANY, "slap_sasl_init: SASL library version mismatch:" +- " expected %s, got %s\n", +- SASL_VERSION_STRING, version, 0 ); +- return -1; +- } +-#endif + + sasl_set_mutex( + ldap_pvt_sasl_mutex_new, diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/evolution-ntlm.patch b/meta-oe/recipes-support/openldap/openldap-2.4.39/evolution-ntlm.patch new file mode 100644 index 0000000..cd9bc26 --- /dev/null +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/evolution-ntlm.patch @@ -0,0 +1,222 @@ +Patch from evolution-exchange (2.10.3). The ldap_ntlm_bind function is +actually called by evolution-data-server, checked at version 1.12.2. +Without this patch, the Exchange addressbook integration uses simple binds +with cleartext passwords. + +Russ checked with openldap-software for upstream's opinion on this patch +on 2007-12-21. Upstream had never received it as a patch submission and +given that it's apparently only for older Exchange servers that can't do +SASL and DIGEST-MD5, it's not very appealing. + +Bug#457374 filed against evolution-data-server asking if this support is +still required on 2007-12-21. + +--- a/include/ldap.h ++++ b/include/ldap.h +@@ -2517,5 +2517,25 @@ ldap_parse_deref_control LDAP_P(( + LDAPControl **ctrls, + LDAPDerefRes **drp )); + ++/* ++ * hacks for NTLM ++ */ ++#define LDAP_AUTH_NTLM_REQUEST ((ber_tag_t) 0x8aU) ++#define LDAP_AUTH_NTLM_RESPONSE ((ber_tag_t) 0x8bU) ++LDAP_F( int ) ++ldap_ntlm_bind LDAP_P(( ++ LDAP *ld, ++ LDAP_CONST char *dn, ++ ber_tag_t tag, ++ struct berval *cred, ++ LDAPControl **sctrls, ++ LDAPControl **cctrls, ++ int *msgidp )); ++LDAP_F( int ) ++ldap_parse_ntlm_bind_result LDAP_P(( ++ LDAP *ld, ++ LDAPMessage *res, ++ struct berval *challenge)); ++ + LDAP_END_DECL + #endif /* _LDAP_H */ +--- /dev/null ++++ b/libraries/libldap/ntlm.c +@@ -0,0 +1,138 @@ ++/* $OpenLDAP: pkg/ldap/libraries/libldap/ntlm.c,v 1.1.4.10 2002/01/04 20:38:21 kurt Exp $ */ ++/* ++ * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved. ++ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file ++ */ ++ ++/* Mostly copied from sasl.c */ ++ ++#include "portable.h" ++ ++#include <stdlib.h> ++#include <stdio.h> ++ ++#include <ac/socket.h> ++#include <ac/string.h> ++#include <ac/time.h> ++#include <ac/errno.h> ++ ++#include "ldap-int.h" ++ ++int ++ldap_ntlm_bind( ++ LDAP *ld, ++ LDAP_CONST char *dn, ++ ber_tag_t tag, ++ struct berval *cred, ++ LDAPControl **sctrls, ++ LDAPControl **cctrls, ++ int *msgidp ) ++{ ++ BerElement *ber; ++ int rc; ++ ber_int_t id; ++ ++ Debug( LDAP_DEBUG_TRACE, "ldap_ntlm_bind\n", 0, 0, 0 ); ++ ++ assert( ld != NULL ); ++ assert( LDAP_VALID( ld ) ); ++ assert( msgidp != NULL ); ++ ++ if( msgidp == NULL ) { ++ ld->ld_errno = LDAP_PARAM_ERROR; ++ return ld->ld_errno; ++ } ++ ++ /* create a message to send */ ++ if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) { ++ ld->ld_errno = LDAP_NO_MEMORY; ++ return ld->ld_errno; ++ } ++ ++ assert( LBER_VALID( ber ) ); ++ ++ LDAP_NEXT_MSGID( ld, id ); ++ rc = ber_printf( ber, "{it{istON}" /*}*/, ++ id, LDAP_REQ_BIND, ++ ld->ld_version, dn, tag, ++ cred ); ++ ++ /* Put Server Controls */ ++ if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) { ++ ber_free( ber, 1 ); ++ return ld->ld_errno; ++ } ++ ++ if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) { ++ ld->ld_errno = LDAP_ENCODING_ERROR; ++ ber_free( ber, 1 ); ++ return ld->ld_errno; ++ } ++ ++ /* send the message */ ++ *msgidp = ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber, id ); ++ ++ if(*msgidp < 0) ++ return ld->ld_errno; ++ ++ return LDAP_SUCCESS; ++} ++ ++int ++ldap_parse_ntlm_bind_result( ++ LDAP *ld, ++ LDAPMessage *res, ++ struct berval *challenge) ++{ ++ ber_int_t errcode; ++ ber_tag_t tag; ++ BerElement *ber; ++ ber_len_t len; ++ ++ Debug( LDAP_DEBUG_TRACE, "ldap_parse_ntlm_bind_result\n", 0, 0, 0 ); ++ ++ assert( ld != NULL ); ++ assert( LDAP_VALID( ld ) ); ++ assert( res != NULL ); ++ ++ if ( ld == NULL || res == NULL ) { ++ return LDAP_PARAM_ERROR; ++ } ++ ++ if( res->lm_msgtype != LDAP_RES_BIND ) { ++ ld->ld_errno = LDAP_PARAM_ERROR; ++ return ld->ld_errno; ++ } ++ ++ if ( ld->ld_error ) { ++ LDAP_FREE( ld->ld_error ); ++ ld->ld_error = NULL; ++ } ++ if ( ld->ld_matched ) { ++ LDAP_FREE( ld->ld_matched ); ++ ld->ld_matched = NULL; ++ } ++ ++ /* parse results */ ++ ++ ber = ber_dup( res->lm_ber ); ++ ++ if( ber == NULL ) { ++ ld->ld_errno = LDAP_NO_MEMORY; ++ return ld->ld_errno; ++ } ++ ++ tag = ber_scanf( ber, "{ioa" /*}*/, ++ &errcode, challenge, &ld->ld_error ); ++ ber_free( ber, 0 ); ++ ++ if( tag == LBER_ERROR ) { ++ ld->ld_errno = LDAP_DECODING_ERROR; ++ return ld->ld_errno; ++ } ++ ++ ld->ld_errno = errcode; ++ ++ return( ld->ld_errno ); ++} ++ +--- a/libraries/libldap/Makefile.in ++++ b/libraries/libldap/Makefile.in +@@ -27,7 +27,7 @@ SRCS = bind.c open.c result.c error.c co + init.c options.c print.c string.c util-int.c schema.c \ + charray.c os-local.c dnssrv.c utf-8.c utf-8-conv.c \ + tls2.c tls_o.c tls_g.c tls_m.c \ +- turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c \ ++ turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c ntlm.c \ + assertion.c deref.c ldif.c fetch.c + + OBJS = bind.lo open.lo result.lo error.lo compare.lo search.lo \ +@@ -40,7 +40,7 @@ OBJS = bind.lo open.lo result.lo error.l + init.lo options.lo print.lo string.lo util-int.lo schema.lo \ + charray.lo os-local.lo dnssrv.lo utf-8.lo utf-8-conv.lo \ + tls2.lo tls_o.lo tls_g.lo tls_m.lo \ +- turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo \ ++ turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo ntlm.lo \ + assertion.lo deref.lo ldif.lo fetch.lo + + LDAP_INCDIR= ../../include +--- a/libraries/libldap_r/Makefile.in ++++ b/libraries/libldap_r/Makefile.in +@@ -29,7 +29,7 @@ XXSRCS = apitest.c test.c \ + init.c options.c print.c string.c util-int.c schema.c \ + charray.c os-local.c dnssrv.c utf-8.c utf-8-conv.c \ + tls2.c tls_o.c tls_g.c tls_m.c \ +- turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c \ ++ turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c ntlm.c \ + assertion.c deref.c ldif.c fetch.c + SRCS = threads.c rdwr.c rmutex.c tpool.c rq.c \ + thr_posix.c thr_cthreads.c thr_thr.c thr_nt.c \ +@@ -47,7 +47,7 @@ OBJS = threads.lo rdwr.lo rmutex.lo tpoo + init.lo options.lo print.lo string.lo util-int.lo schema.lo \ + charray.lo os-local.lo dnssrv.lo utf-8.lo utf-8-conv.lo \ + tls2.lo tls_o.lo tls_g.lo tls_m.lo \ +- turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo \ ++ turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo ntlm.lo \ + assertion.lo deref.lo ldif.lo fetch.lo + + LDAP_INCDIR= ../../include diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/fix-build-top-mk.patch b/meta-oe/recipes-support/openldap/openldap-2.4.39/fix-build-top-mk.patch new file mode 100644 index 0000000..418fe35 --- /dev/null +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/fix-build-top-mk.patch @@ -0,0 +1,11 @@ +--- a/build/top.mk ++++ b/build/top.mk +@@ -20,7 +20,7 @@ + RELEASEDATE= @OPENLDAP_RELEASE_DATE@ + + @SET_MAKE@ +-SHELL = /bin/sh ++SHELL = @SHELL@ + + top_builddir = @top_builddir@ + diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/fix-ftbfs-binutils-gold.patch b/meta-oe/recipes-support/openldap/openldap-2.4.39/fix-ftbfs-binutils-gold.patch new file mode 100644 index 0000000..1f0ca88 --- /dev/null +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/fix-ftbfs-binutils-gold.patch @@ -0,0 +1,64 @@ +--- a/configure.in ++++ b/configure.in +@@ -1214,7 +1214,7 @@ if test $ol_link_tls = no ; then + ol_with_tls=gnutls + ol_link_tls=yes + +- TLS_LIBS="-lgnutls" ++ TLS_LIBS="-lgnutls -lgcrypt" + + AC_DEFINE(HAVE_GNUTLS, 1, + [define if you have GNUtls]) +--- a/libraries/libldap/Makefile.in ++++ b/libraries/libldap/Makefile.in +@@ -51,21 +51,21 @@ LIB_DEFS = -DLDAP_LIBRARY + XLIBS = $(LIBRARY) $(LDAP_LIBLBER_LA) $(LDAP_LIBLUTIL_A) + XXLIBS = $(SECURITY_LIBS) $(LUTIL_LIBS) + NT_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) +-UNIX_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) ++UNIX_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) $(TLS_LIBS) + ifneq (,$(VERSION_OPTION)) + VERSION_FLAGS = $(VERSION_OPTION)$(srcdir)/libldap.map + endif + + apitest: $(XLIBS) apitest.o +- $(LTLINK) -o $@ apitest.o $(LIBS) ++ $(LTLINK) -o $@ apitest.o $(LIBS) $(TLS_LIBS) + dntest: $(XLIBS) dntest.o +- $(LTLINK) -o $@ dntest.o $(LIBS) ++ $(LTLINK) -o $@ dntest.o $(LIBS) $(TLS_LIBS) + ftest: $(XLIBS) ftest.o +- $(LTLINK) -o $@ ftest.o $(LIBS) ++ $(LTLINK) -o $@ ftest.o $(LIBS) $(TLS_LIBS) + ltest: $(XLIBS) test.o +- $(LTLINK) -o $@ test.o $(LIBS) ++ $(LTLINK) -o $@ test.o $(LIBS) $(TLS_LIBS) + urltest: $(XLIBS) urltest.o +- $(LTLINK) -o $@ urltest.o $(LIBS) ++ $(LTLINK) -o $@ urltest.o $(LIBS) $(TLS_LIBS) + + CFFILES=ldap.conf + +--- a/libraries/libldap_r/Makefile.in ++++ b/libraries/libldap_r/Makefile.in +@@ -60,7 +60,7 @@ XLIBS = $(LIBRARY) $(LDAP_LIBLBER_LA) $( + XXLIBS = $(SECURITY_LIBS) $(LUTIL_LIBS) + XXXLIBS = $(LTHREAD_LIBS) + NT_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) +-UNIX_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) $(LTHREAD_LIBS) ++UNIX_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) $(LTHREAD_LIBS) $(TLS_LIBS) + ifneq (,$(VERSION_OPTION)) + VERSION_FLAGS = "$(VERSION_OPTION)$(XXDIR)/libldap.map" + endif +@@ -80,9 +80,9 @@ clean-local: FORCE + depend-common: .links + + apitest: $(XLIBS) apitest.o +- $(LTLINK) -o $@ apitest.o $(LIBS) ++ $(LTLINK) -o $@ apitest.o $(LIBS) $(TLS_LIBS) + ltest: $(XLIBS) test.o +- $(LTLINK) -o $@ test.o $(LIBS) ++ $(LTLINK) -o $@ test.o $(LIBS) $(TLS_LIBS) + + install-local: $(CFFILES) FORCE + -$(MKDIR) $(DESTDIR)$(libdir) diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/getaddrinfo-is-threadsafe.patch b/meta-oe/recipes-support/openldap/openldap-2.4.39/getaddrinfo-is-threadsafe.patch new file mode 100644 index 0000000..ab6e2b7 --- /dev/null +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/getaddrinfo-is-threadsafe.patch @@ -0,0 +1,43 @@ +Author: Steve Langasek <vorlon@debian.org> + +OpenLDAP upstream conservatively assumes that certain resolver functions +(getaddrinfo, getnameinfo, res_query, dn_expand) are not re-entrant; but we +know that the glibc implementations of these functions are thread-safe, so +we should bypass the use of this mutex. This fixes a locking problem when +an application uses libldap and libnss-ldap is also used for hosts +resolution. + +Closes Debian bug #340601. + +Not suitable for forwarding upstream; might be made suitable by adding a +configure-time check for glibc and disabling the mutex only on known +thread-safe implementations. + +--- a/libraries/libldap/os-ip.c ++++ b/libraries/libldap/os-ip.c +@@ -602,13 +602,7 @@ ldap_connect_to_host(LDAP *ld, Sockbuf * + hints.ai_socktype = socktype; + snprintf(serv, sizeof serv, "%d", port ); + +- /* most getaddrinfo(3) use non-threadsafe resolver libraries */ +- LDAP_MUTEX_LOCK(&ldap_int_resolv_mutex); +- + err = getaddrinfo( host, serv, &hints, &res ); +- +- LDAP_MUTEX_UNLOCK(&ldap_int_resolv_mutex); +- + if ( err != 0 ) { + osip_debug(ld, "ldap_connect_to_host: getaddrinfo failed: %s\n", + AC_GAI_STRERROR(err), 0, 0); +--- a/libraries/libldap/util-int.c ++++ b/libraries/libldap/util-int.c +@@ -431,9 +431,7 @@ int ldap_pvt_get_hname( + int rc; + #if defined( HAVE_GETNAMEINFO ) + +- LDAP_MUTEX_LOCK( &ldap_int_resolv_mutex ); + rc = getnameinfo( sa, len, name, namelen, NULL, 0, 0 ); +- LDAP_MUTEX_UNLOCK( &ldap_int_resolv_mutex ); + if ( rc ) *err = (char *)AC_GAI_STRERROR( rc ); + return rc; + diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/heimdal-fix.patch b/meta-oe/recipes-support/openldap/openldap-2.4.39/heimdal-fix.patch new file mode 100644 index 0000000..4aad47c --- /dev/null +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/heimdal-fix.patch @@ -0,0 +1,23 @@ +Author: Mattias Ellert <mattias.ellert@fysast.uu.se> +Description: adapt parameters of hdb_generate_key_set_password() to heimdal 1.6~git20120311 + . + With version heimdal 1.6~git20120311 heimdal schanged the number of parameters + of function hdb_generate_key_set_password(), implementing a fallback to "default" + values when NULL-values are passed for these parameters. + . + This patch does exactly that. + . +Bug-Debian: 664930 +Reviewed-by: Peter Marschall <peter@adpm.de> + +--- a/contrib/slapd-modules/smbk5pwd/smbk5pwd.c ++++ b/contrib/slapd-modules/smbk5pwd/smbk5pwd.c +@@ -470,7 +470,7 @@ static int smbk5pwd_exop_passwd( + } + + ret = hdb_generate_key_set_password(context, ent.principal, +- qpw->rs_new.bv_val, &ent.keys.val, &nkeys); ++ qpw->rs_new.bv_val, NULL, 0, &ent.keys.val, &nkeys); + ent.keys.len = nkeys; + hdb_seal_keys(context, db, &ent); + krb5_free_principal( context, ent.principal ); diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/index-files-created-as-root.patch b/meta-oe/recipes-support/openldap/openldap-2.4.39/index-files-created-as-root.patch new file mode 100644 index 0000000..47fc88a --- /dev/null +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/index-files-created-as-root.patch @@ -0,0 +1,37 @@ +Document in the man page that slapindex should be run as the same user +as slapd, and print a warning if it's run as root (since Debian defaults +to running slapd as openldap). + +Not suitable for upstream in this form. This patch needs to be reworked +to check the BerkeleyDB database ownership and only warn if running as +root with a database that's not owned by root. + +Upstream ITS #5356 filed requesting better handling of this. Current +upstream discussion leans towards putting the check into the database +backend and aborting if slapd is run as a different user than the database +owner, which is an even better fix. + +--- a/doc/man/man8/slapindex.8 ++++ b/doc/man/man8/slapindex.8 +@@ -148,6 +148,10 @@ + should not be running (at least, not in read-write + mode) when you do this to ensure consistency of the database. + .LP ++slapindex ought to be run as the user specified for ++.BR slapd (8) ++to ensure correct database permissions. ++.LP + This command provides ample opportunity for the user to obtain + and drink their favorite beverage. + .SH EXAMPLES +--- a/servers/slapd/slapindex.c ++++ b/servers/slapd/slapindex.c +@@ -34,6 +34,8 @@ + int + slapindex( int argc, char **argv ) + { ++ if (geteuid() == 0) ++ fprintf( stderr, "\nWARNING!\nRunnig as root!\nThere's a fair chance slapd will fail to start.\nCheck file permissions!\n\n"); + ID id; + int rc = EXIT_SUCCESS; + const char *progname = "slapindex"; diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/install-strip.patch b/meta-oe/recipes-support/openldap/openldap-2.4.39/install-strip.patch new file mode 100644 index 0000000..2992b70 --- /dev/null +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/install-strip.patch @@ -0,0 +1,14 @@ +# This patch ensures that the install operations which strip +# programs and libraries (LTINSTALL) work in a cross build +# environment. +--- openldap-2.2.24/.pc/install-strip.patch/build/top.mk 2005-01-20 09:00:55.000000000 -0800 ++++ openldap-2.2.24/build/top.mk 2005-04-16 13:48:20.536710376 -0700 +@@ -116,7 +116,7 @@ + LTLINK_MOD = $(LIBTOOL) $(LTONLY_MOD) --mode=link \ + $(CC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS_MOD) + +-LTINSTALL = $(LIBTOOL) --mode=install $(INSTALL) ++LTINSTALL = STRIPPROG="" $(LIBTOOL) --mode=install $(top_srcdir)/contrib/ldapc++/install-sh -c + LTFINISH = $(LIBTOOL) --mode=finish + + # Misc UNIX commands used in build environment diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/ldap-conf-tls-cacertdir.patch b/meta-oe/recipes-support/openldap/openldap-2.4.39/ldap-conf-tls-cacertdir.patch new file mode 100644 index 0000000..e8aab91 --- /dev/null +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/ldap-conf-tls-cacertdir.patch @@ -0,0 +1,29 @@ +--- a/doc/man/man5/ldap.conf.5 ++++ b/doc/man/man5/ldap.conf.5 +@@ -317,7 +317,7 @@ certificates in separate individual file + .B TLS_CACERT + is always used before + .B TLS_CACERTDIR. +-This parameter is ignored with GnuTLS. ++This parameter is ignored with GnuTLS. On Debian openldap is linked against GnuTLS. + + When using Mozilla NSS, <path> may contain a Mozilla NSS cert/key + database. If <path> contains a Mozilla NSS cert/key database and +@@ -428,7 +428,7 @@ This parameter is ignored with GnuTLS. + Specifies the file to obtain random bits from when /dev/[u]random is + not available. Generally set to the name of the EGD/PRNGD socket. + The environment variable RANDFILE can also be used to specify the filename. +-This parameter is ignored with GnuTLS and Mozilla NSS. ++This parameter is ignored with GnuTLS and Mozilla NSS. On Debian openldap is linked against GnuTLS. + .TP + .B TLS_REQCERT <level> + Specifies what checks to perform on server certificates in a TLS session, +@@ -461,7 +461,7 @@ Specifies if the Certificate Revocation + used to verify if the server certificates have not been revoked. This + requires + .B TLS_CACERTDIR +-parameter to be set. This parameter is ignored with GnuTLS and Mozilla NSS. ++parameter to be set. This parameter is ignored with GnuTLS and Mozilla NSS. On Debian openldap is linked against GnuTLS. + .B <level> + can be specified as one of the following keywords: + .RS diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/ldapi-socket-place.patch b/meta-oe/recipes-support/openldap/openldap-2.4.39/ldapi-socket-place.patch new file mode 100644 index 0000000..a482bbf --- /dev/null +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/ldapi-socket-place.patch @@ -0,0 +1,16 @@ +Move the ldapi socket to /var/run/slapd from /var/run, since /var/run +is only writable by root and slapd runs as openldap. + +Debian-specific. + +--- a/include/ldap_defaults.h ++++ b/include/ldap_defaults.h +@@ -39,7 +39,7 @@ + #define LDAP_ENV_PREFIX "LDAP" + + /* default ldapi:// socket */ +-#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "run" LDAP_DIRSEP "ldapi" ++#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "run" LDAP_DIRSEP "slapd" LDAP_DIRSEP "ldapi" + + /* + * SLAPD DEFINITIONS diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/libldap-symbol-versions.patch b/meta-oe/recipes-support/openldap/openldap-2.4.39/libldap-symbol-versions.patch new file mode 100644 index 0000000..fb28f49 --- /dev/null +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/libldap-symbol-versions.patch @@ -0,0 +1,161 @@ +Add symbol versioning to the public LDAP libraries. This is required for +library transitions, such as the current transition from 2.1 to 2.4, +since programs will sometimes have both libraries loaded by different +dependency chains during the transition. + +Not yet contributed upstream. + +Upstream ITS #5365 filed requesting symbol versioning for libldap and +libber. + +--- a/libraries/libldap_r/Makefile.in ++++ b/libraries/libldap_r/Makefile.in +@@ -61,6 +61,9 @@ XXLIBS = $(SECURITY_LIBS) $(LUTIL_LIBS) + XXXLIBS = $(LTHREAD_LIBS) + NT_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) + UNIX_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) $(LTHREAD_LIBS) ++ifneq (,$(VERSION_OPTION)) ++ VERSION_FLAGS = "$(VERSION_OPTION)$(XXDIR)/libldap.map" ++endif + + .links : Makefile + @for i in $(XXSRCS); do \ +--- a/build/top.mk ++++ b/build/top.mk +@@ -104,6 +104,9 @@ LTFLAGS_MOD = $(@PLAT@_LTFLAGS_MOD) + # LINK_LIBS referenced in library and module link commands. + LINK_LIBS = $(MOD_LIBS) $(@PLAT@_LINK_LIBS) + ++# option to pass to $(CC) to support library symbol versioning, if any ++VERSION_OPTION = @VERSION_OPTION@ ++ + LTSTATIC = @LTSTATIC@ + + LTLINK = $(LIBTOOL) --mode=link \ +@@ -113,7 +116,7 @@ LTCOMPILE_LIB = $(LIBTOOL) $(LTONLY_LIB) + $(CC) $(LT_CFLAGS) $(LT_CPPFLAGS) $(LIB_DEFS) -c + + LTLINK_LIB = $(LIBTOOL) $(LTONLY_LIB) --mode=link \ +- $(CC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS_LIB) ++ $(CC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS_LIB) $(VERSION_FLAGS) + + LTCOMPILE_MOD = $(LIBTOOL) $(LTONLY_MOD) --mode=compile \ + $(CC) $(LT_CFLAGS) $(LT_CPPFLAGS) $(MOD_DEFS) -c +--- a/build/openldap.m4 ++++ b/build/openldap.m4 +@@ -1136,3 +1136,54 @@ AC_DEFUN([OL_SSL_COMPAT], + #endif + ], [ol_cv_ssl_crl_compat=yes], [ol_cv_ssl_crl_compat=no])]) + ]) ++ ++dnl ==================================================================== ++dnl check for symbol versioning support ++AC_DEFUN([OL_SYMBOL_VERSIONING], ++[AC_CACHE_CHECK([for .symver assembler directive], ++ [ol_cv_asm_symver_directive],[ ++cat > conftest.s <<EOF ++${libc_cv_dot_text} ++_sym: ++.symver _sym,sym@VERS ++EOF ++if ${CC-cc} -c $ASFLAGS conftest.s 1>&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD; then ++ ol_cv_asm_symver_directive=yes ++else ++ ol_cv_asm_symver_directive=no ++fi ++rm -f conftest*]) ++AC_CACHE_CHECK([for ld --version-script], ++ [ol_cv_ld_version_script_option],[ ++if test $ol_cv_asm_symver_directive = yes; then ++ cat > conftest.s <<EOF ++${libc_cv_dot_text} ++_sym: ++.symver _sym,sym@VERS ++EOF ++ cat > conftest.map <<EOF ++VERS_1 { ++ global: sym; ++}; ++ ++VERS_2 { ++ global: sym; ++} VERS_1; ++EOF ++ if ${CC-cc} -c $ASFLAGS conftest.s 1>&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD; then ++ if AC_TRY_COMMAND([${CC-cc} $CFLAGS $LDFLAGS -shared ++ -o conftest.so conftest.o ++ -Wl,--version-script,conftest.map ++ 1>&AS_MESSAGE_LOG_FD]); ++ then ++ ol_cv_ld_version_script_option=yes ++ else ++ ol_cv_ld_version_script_option=no ++ fi ++ else ++ ol_cv_ld_version_script_option=no ++ fi ++else ++ ol_cv_ld_version_script_option=no ++fi ++rm -f conftest*])]) +--- a/configure.in ++++ b/configure.in +@@ -1909,6 +1909,13 @@ else + fi + AC_SUBST(LTSTATIC)dnl + ++VERSION_OPTION="" ++OL_SYMBOL_VERSIONING ++if test $ol_cv_ld_version_script_option = yes ; then ++ VERSION_OPTION="-Wl,--version-script=" ++fi ++AC_SUBST(VERSION_OPTION) ++ + dnl ---------------------------------------------------------------- + if test $ol_enable_wrappers != no ; then + AC_CHECK_HEADERS(tcpd.h,[ +--- /dev/null ++++ b/libraries/libldap/libldap.map +@@ -0,0 +1,7 @@ ++OPENLDAP_2.4_2 { ++ global: ++ ldap_*; ++ ldif_*; ++ local: ++ *; ++}; +--- a/libraries/libldap/Makefile.in ++++ b/libraries/libldap/Makefile.in +@@ -52,6 +52,9 @@ XLIBS = $(LIBRARY) $(LDAP_LIBLBER_LA) $( + XXLIBS = $(SECURITY_LIBS) $(LUTIL_LIBS) + NT_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) + UNIX_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) ++ifneq (,$(VERSION_OPTION)) ++ VERSION_FLAGS = $(VERSION_OPTION)$(srcdir)/libldap.map ++endif + + apitest: $(XLIBS) apitest.o + $(LTLINK) -o $@ apitest.o $(LIBS) +--- a/libraries/liblber/Makefile.in ++++ b/libraries/liblber/Makefile.in +@@ -38,6 +38,9 @@ XLIBS = $(LIBRARY) $(LDAP_LIBLUTIL_A) + XXLIBS = + NT_LINK_LIBS = $(AC_LIBS) + UNIX_LINK_LIBS = $(AC_LIBS) ++ifneq (,$(VERSION_OPTION)) ++ VERSION_FLAGS = "$(VERSION_OPTION)$(srcdir)/liblber.map" ++endif + + dtest: $(XLIBS) dtest.o + $(LTLINK) -o $@ dtest.o $(LIBS) +--- /dev/null ++++ b/libraries/liblber/liblber.map +@@ -0,0 +1,8 @@ ++OPENLDAP_2.4_2 { ++ global: ++ ber_*; ++ der_alloc; ++ lutil_*; ++ local: ++ *; ++}; diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/man-slapd.patch b/meta-oe/recipes-support/openldap/openldap-2.4.39/man-slapd.patch new file mode 100644 index 0000000..5f55137 --- /dev/null +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/man-slapd.patch @@ -0,0 +1,60 @@ +Patch the slapd man page to not refer to a header file that isn't +installed with the slapd package and to reference the correct path +for slapd. + +Debian-specific. + +--- a/doc/man/man8/slapd.8 ++++ b/doc/man/man8/slapd.8 +@@ -5,7 +5,7 @@ + .SH NAME + slapd \- Stand-alone LDAP Daemon + .SH SYNOPSIS +-.B LIBEXECDIR/slapd ++.B /usr/sbin/slapd + [\c + .BR \-4 | \-6 ] + [\c +@@ -103,11 +103,10 @@ + will not fork or disassociate from the invoking terminal. Some general + operation and status messages are printed for any value of \fIdebug-level\fP. + \fIdebug-level\fP is taken as a bit string, with each bit corresponding to a +-different kind of debugging information. See <ldap_log.h> for details. +-Comma-separated arrays of friendly names can be specified to select +-debugging output of the corresponding debugging information. +-All the names recognized by the \fIloglevel\fP directive +-described in \fBslapd.conf\fP(5) are supported. ++different kind of debugging information. Comma-separated arrays of friendly ++names can be specified to select debugging output of the corresponding ++debugging information. All the names recognized by the \fIloglevel\fP ++directive described in \fBslapd.conf\fP(5) are supported. + If \fIdebug-level\fP is \fB?\fP, a list of installed debug-levels is printed, + and slapd exits. + +@@ -317,7 +316,7 @@ + .LP + .nf + .ft tt +- LIBEXECDIR/slapd ++ /usr/sbin/slapd + .ft + .fi + .LP +@@ -328,7 +327,7 @@ + .LP + .nf + .ft tt +- LIBEXECDIR/slapd \-f /var/tmp/slapd.conf \-d 255 ++ /usr/sbin/slapd \-f /var/tmp/slapd.conf \-d 255 + .ft + .fi + .LP +@@ -336,7 +335,7 @@ + .LP + .nf + .ft tt +- LIBEXECDIR/slapd \-Tt ++ /usr/sbin/slapd \-Tt + .ft + .fi + .LP diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/no-AM_INIT_AUTOMAKE.patch b/meta-oe/recipes-support/openldap/openldap-2.4.39/no-AM_INIT_AUTOMAKE.patch new file mode 100644 index 0000000..8e7812d --- /dev/null +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/no-AM_INIT_AUTOMAKE.patch @@ -0,0 +1,25 @@ +Description: don't use AM_INIT_AUTOMAKE macro when we aren't using automake + Calling AM_INIT_AUTOMAKE() in configure.in serves no purpose if we're not + using automake, and it confuses autoreconf. Use AC_INIT() instead. +Author: Steve Langasek <vorlon@debian.org> + +--- a/configure.in ++++ b/configure.in +@@ -26,7 +26,8 @@ dnl Configure.in for OpenLDAP + AC_COPYRIGHT([[Copyright 1998-2014 The OpenLDAP Foundation. All rights reserved. + Restrictions apply, see COPYRIGHT and LICENSE files.]]) + AC_REVISION([$Id: 81bd528fb5194c83d688db355737b7715448b958 $]) +-AC_INIT([OpenLDAP],,[http://www.openldap.org/its/]) ++AC_INIT([OpenLDAP],[$OL_VERSION],[http://www.openldap.org/its/]) ++AC_PROG_MAKE_SET + m4_define([AC_PACKAGE_BUGREPORT],[<http://www.openldap.org/its/>]) + AC_CONFIG_SRCDIR(build/version.sh)dnl + dnl ---------------------------------------------------------------- +@@ -69,7 +70,6 @@ dnl Determine host platform + dnl we try not to use this for much + AC_CANONICAL_TARGET([]) + +-AM_INIT_AUTOMAKE([$OL_PACKAGE],[$OL_VERSION], [no defines])dnl + AC_SUBST(PACKAGE)dnl + AC_SUBST(VERSION)dnl + AC_DEFINE_UNQUOTED(OPENLDAP_PACKAGE,"$PACKAGE",Package) diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/no-bdb-ABI-second-guessing.patch b/meta-oe/recipes-support/openldap/openldap-2.4.39/no-bdb-ABI-second-guessing.patch new file mode 100644 index 0000000..db76aa7 --- /dev/null +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/no-bdb-ABI-second-guessing.patch @@ -0,0 +1,42 @@ +Author: Steve Langasek <vorlon@debian.org> +Description: don't second-guess BDB ABI + OpenLDAP upstream conservatively assumes that any change to the version + number of libdb can result in an API-breaking change that could impact + the database. In Debian, we know that such changes require bumping the + library soname and changing the package name, and demand such rigor from + our package maintainers even when upstreams don't deliver; so any such + check in the source code works against the packaging system by forcing + database upgrades when we know none are required. Disable this check + so we rely on the packaging system to do its job. +Bug-Debian: http://bugs.debian.org/651333 +Forwarded: not-needed + +--- a/servers/slapd/back-bdb/init.c ++++ b/servers/slapd/back-bdb/init.c +@@ -762,7 +762,7 @@ bdb_back_initialize( + bi->bi_controls = controls; + + { /* version check */ +- int major, minor, patch, ver; ++ int major, minor, patch; + char *version = db_version( &major, &minor, &patch ); + #ifdef HAVE_EBCDIC + char v2[1024]; +@@ -776,17 +776,6 @@ bdb_back_initialize( + version = v2; + #endif + +- ver = (major << 24) | (minor << 16) | patch; +- if( ver != DB_VERSION_FULL ) { +- /* fail if a versions don't match */ +- Debug( LDAP_DEBUG_ANY, +- LDAP_XSTRING(bdb_back_initialize) ": " +- "BDB library version mismatch:" +- " expected " DB_VERSION_STRING "," +- " got %s\n", version, 0, 0 ); +- return -1; +- } +- + Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_back_initialize) + ": %s\n", version, 0, 0 ); + } diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/sasl-default-path.patch b/meta-oe/recipes-support/openldap/openldap-2.4.39/sasl-default-path.patch new file mode 100644 index 0000000..5ea240f --- /dev/null +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/sasl-default-path.patch @@ -0,0 +1,55 @@ +Add /etc/ldap/sasl2 to the SASL configuration search path. + +Not submitted upstream. Somewhat Debian-specific and probably not of +interest upstream. + +--- a/include/ldap_defaults.h ++++ b/include/ldap_defaults.h +@@ -63,4 +63,6 @@ + /* dn of the default "monitor" subentry */ + #define SLAPD_MONITOR_DN "cn=Monitor" + ++#define SASL_CONFIGPATH LDAP_SYSCONFDIR LDAP_DIRSEP "sasl2" ++ + #endif /* _LDAP_CONFIG_H */ +--- a/servers/slapd/sasl.c ++++ b/servers/slapd/sasl.c +@@ -1103,12 +1103,38 @@ static const rewrite_mapper slapd_mapper + }; + #endif + ++static int ++slap_sasl_getconfpath( void * context, char ** path ) ++{ ++ char * sasl_default_configpath; ++ size_t len; ++ ++#if SASL_VERSION_MAJOR >= 2 ++ sasl_default_configpath = "/usr/lib/sasl2"; ++#else ++ sasl_default_configpath = "/usr/lib/sasl"; ++#endif ++ ++ len = strlen(SASL_CONFIGPATH) + 1 /* colon */ + ++ strlen(sasl_default_configpath) + 1 /* \0 */; ++ *path = malloc( len ); ++ if ( *path == NULL ) ++ return SASL_FAIL; ++ ++ if (snprintf( *path, len, "%s:%s", SASL_CONFIGPATH, ++ sasl_default_configpath ) != len-1 ) ++ return SASL_FAIL; ++ ++ return SASL_OK; ++} ++ + int slap_sasl_init( void ) + { + #ifdef HAVE_CYRUS_SASL + int rc; + static sasl_callback_t server_callbacks[] = { + { SASL_CB_LOG, &slap_sasl_log, NULL }, ++ { SASL_CB_GETCONFPATH, &slap_sasl_getconfpath, NULL }, + { SASL_CB_GETOPT, &slap_sasl_getopt, NULL }, + { SASL_CB_LIST_END, NULL, NULL } + }; diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/series b/meta-oe/recipes-support/openldap/openldap-2.4.39/series new file mode 100644 index 0000000..2f47de3 --- /dev/null +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/series @@ -0,0 +1,21 @@ +man-slapd +evolution-ntlm +slapi-errorlog-file +ldapi-socket-place +wrong-database-location +index-files-created-as-root +sasl-default-path +libldap-symbol-versions +getaddrinfo-is-threadsafe +do-not-second-guess-sonames +contrib-modules-use-dpkg-buildflags +smbk5pwd-makefile +autogroup-makefile +ldap-conf-tls-cacertdir +add-tlscacert-option-to-ldap-conf +fix-ftbfs-binutils-gold +fix-build-top-mk +no-AM_INIT_AUTOMAKE +switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff +no-bdb-ABI-second-guessing +heimdal-fix diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/slapi-errorlog-file.patch b/meta-oe/recipes-support/openldap/openldap-2.4.39/slapi-errorlog-file.patch new file mode 100644 index 0000000..4899451 --- /dev/null +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/slapi-errorlog-file.patch @@ -0,0 +1,16 @@ +The slapi error log file defaults to /var/errors given our setting +of --localstatedir. Move it to /var/log/slapi-errors instead. + +Debian-specific. + +--- a/servers/slapd/slapi/slapi_overlay.c ++++ b/servers/slapd/slapi/slapi_overlay.c +@@ -930,7 +930,7 @@ int slapi_over_config( BackendDB *be, Co + ldap_pvt_thread_mutex_init( &slapi_printmessage_mutex ); + + if ( slapi_log_file == NULL ) +- slapi_log_file = slapi_ch_strdup( LDAP_RUNDIR LDAP_DIRSEP "errors" ); ++ slapi_log_file = slapi_ch_strdup( LDAP_RUNDIR LDAP_DIRSEP "log" LDAP_DIRSEP "slapi-errors" ); + + rc = slapi_int_init_object_extensions(); + if ( rc != 0 ) diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/smbk5pwd-makefile.patch b/meta-oe/recipes-support/openldap/openldap-2.4.39/smbk5pwd-makefile.patch new file mode 100644 index 0000000..17d1b56 --- /dev/null +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/smbk5pwd-makefile.patch @@ -0,0 +1,53 @@ +--- a/contrib/slapd-modules/smbk5pwd/Makefile ++++ b/contrib/slapd-modules/smbk5pwd/Makefile +@@ -14,17 +14,17 @@ + + LDAP_SRC = ../../.. + LDAP_BUILD = ../../.. +-LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd +-LDAP_LIB = $(LDAP_BUILD)/libraries/libldap_r/libldap_r.la \ +- $(LDAP_BUILD)/libraries/liblber/liblber.la ++LDAP_INC = -I$(LDAP_BUILD)/debian/build/include -I$(LDAP_BUILD)/debian/build/servers/slapd -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd ++LDAP_LIB = $(LDAP_BUILD)/debian/build/libraries/libldap_r/libldap_r.la \ ++ $(LDAP_BUILD)/debian/build/libraries/liblber/liblber.la + + SSL_INC = +-SSL_LIB = -lcrypto ++SSL_LIB = -lgcrypt + +-HEIMDAL_INC = -I/usr/heimdal/include +-HEIMDAL_LIB = -L/usr/heimdal/lib -lkrb5 -lkadm5srv ++HEIMDAL_INC = -I/usr/include ++HEIMDAL_LIB = -lkrb5 -lkadm5srv + +-LIBTOOL = $(LDAP_BUILD)/libtool ++LIBTOOL = $(LDAP_BUILD)/debian/build/libtool + CC = gcc + OPT = -g -O2 -Wall + # Omit DO_KRB5, DO_SAMBA or DO_SHADOW if you don't want to support it. +@@ -35,13 +35,13 @@ LIBS = $(LDAP_LIB) $(HEIMDAL_LIB) $(SSL_ + PROGRAMS = smbk5pwd.la + LTVER = 0:0:0 + +-prefix=/usr/local ++prefix=/usr + exec_prefix=$(prefix) +-ldap_subdir=/openldap ++ldap_subdir=/ldap + + libdir=$(exec_prefix)/lib + libexecdir=$(exec_prefix)/libexec +-moduledir = $(libexecdir)$(ldap_subdir) ++moduledir = $(libdir)$(ldap_subdir) + + .SUFFIXES: .c .o .lo + +@@ -55,7 +55,7 @@ smbk5pwd.la: smbk5pwd.lo + -rpath $(moduledir) -module -o $@ $? $(LIBS) + + clean: +- rm -rf *.o *.lo *.la .libs ++ $(LIBTOOL) --mode=clean rm -f + + install: $(PROGRAMS) + mkdir -p $(DESTDIR)$(moduledir) diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff.patch b/meta-oe/recipes-support/openldap/openldap-2.4.39/switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff.patch new file mode 100644 index 0000000..f0dd4e1 --- /dev/null +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff.patch @@ -0,0 +1,40 @@ +From: Jan-Marek Glogowski <jan-marek.glogowski@muenchen.de> +Date: Tue, 18 May 2010 17:47:05 +0200 +Subject: Switch to lt_dlopenadvise() so back_perl can be opened with RTLD_GLOBAL. + Open all modules with RTLD_GLOBAL, needed so that back_perl can load + non-trivial Perl extensions that require symbols from back_perl.so itself. +Bug-Debian: http://bugs.debian.org/327585 + +--- +--- a/servers/slapd/module.c ++++ b/servers/slapd/module.c +@@ -117,6 +117,20 @@ int module_unload( const char *file_name + return -1; /* not found */ + } + ++static lt_dlhandle slapd_lt_dlopenext_global( const char *filename ) ++{ ++ lt_dlhandle handle = 0; ++ lt_dladvise advise; ++ ++ if (!lt_dladvise_init (&advise) && !lt_dladvise_ext (&advise) ++ && !lt_dladvise_global (&advise)) ++ handle = lt_dlopenadvise (filename, advise); ++ ++ lt_dladvise_destroy (&advise); ++ ++ return handle; ++} ++ + int module_load(const char* file_name, int argc, char *argv[]) + { + module_loaded_t *module; +@@ -180,7 +194,7 @@ int module_load(const char* file_name, i + * to calling Debug. This is because Debug is a macro that expands + * into multiple function calls. + */ +- if ((module->lib = lt_dlopenext(file)) == NULL) { ++ if ((module->lib = slapd_lt_dlopenext_global(file)) == NULL) { + error = lt_dlerror(); + #ifdef HAVE_EBCDIC + strcpy( ebuf, error ); diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/wrong-database-location.patch b/meta-oe/recipes-support/openldap/openldap-2.4.39/wrong-database-location.patch new file mode 100644 index 0000000..25d96cb --- /dev/null +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/wrong-database-location.patch @@ -0,0 +1,74 @@ +Move the default slapd database location to /var/lib/ldap instead of +/var/openldap-data. + +Debian-specific. + +--- a/doc/man/man5/slapd-bdb.5 ++++ b/doc/man/man5/slapd-bdb.5 +@@ -131,7 +131,7 @@ Specify the directory where the BDB file + associated indexes live. + A separate directory must be specified for each database. + The default is +-.BR LOCALSTATEDIR/openldap\-data . ++.BR LOCALSTATEDIR/lib/ldap . + .TP + .B dirtyread + Allow reads of modified but not yet committed data. +--- a/doc/man/man5/slapd.conf.5 ++++ b/doc/man/man5/slapd.conf.5 +@@ -2007,7 +2007,7 @@ suffix "dc=our\-domain,dc=com" + # The database directory MUST exist prior to + # running slapd AND should only be accessible + # by the slapd/tools. Mode 0700 recommended. +-directory LOCALSTATEDIR/openldap\-data ++directory LOCALSTATEDIR/lib/ldap + # Indices to maintain + index objectClass eq + index cn,sn,mail pres,eq,approx,sub +--- a/include/ldap_defaults.h ++++ b/include/ldap_defaults.h +@@ -47,7 +47,7 @@ + /* location of the default slapd config file */ + #define SLAPD_DEFAULT_CONFIGFILE LDAP_SYSCONFDIR LDAP_DIRSEP "slapd.conf" + #define SLAPD_DEFAULT_CONFIGDIR LDAP_SYSCONFDIR LDAP_DIRSEP "slapd.d" +-#define SLAPD_DEFAULT_DB_DIR LDAP_RUNDIR LDAP_DIRSEP "openldap-data" ++#define SLAPD_DEFAULT_DB_DIR LDAP_RUNDIR LDAP_DIRSEP "lib" LDAP_DIRSEP "ldap" + #define SLAPD_DEFAULT_DB_MODE 0600 + #define SLAPD_DEFAULT_UCDATA LDAP_DATADIR LDAP_DIRSEP "ucdata" + /* default max deref depth for aliases */ +--- a/servers/slapd/Makefile.in ++++ b/servers/slapd/Makefile.in +@@ -445,9 +445,9 @@ install-conf: FORCE + + install-db-config: FORCE + @-$(MKDIR) $(DESTDIR)$(localstatedir) $(DESTDIR)$(sysconfdir) +- @-$(INSTALL) -m 700 -d $(DESTDIR)$(localstatedir)/openldap-data ++ @-$(INSTALL) -m 700 -d $(DESTDIR)$(localstatedir)/lib/ldap + $(INSTALL) $(INSTALLFLAGS) -m 600 $(srcdir)/DB_CONFIG \ +- $(DESTDIR)$(localstatedir)/openldap-data/DB_CONFIG.example ++ $(DESTDIR)$(localstatedir)/lib/ldap/DB_CONFIG.example + $(INSTALL) $(INSTALLFLAGS) -m 600 $(srcdir)/DB_CONFIG \ + $(DESTDIR)$(sysconfdir)/DB_CONFIG.example + +--- a/doc/man/man5/slapd-config.5 ++++ b/doc/man/man5/slapd-config.5 +@@ -2051,7 +2051,7 @@ olcSuffix: "dc=our\-domain,dc=com" + # The database directory MUST exist prior to + # running slapd AND should only be accessible + # by the slapd/tools. Mode 0700 recommended. +-olcDbDirectory: LOCALSTATEDIR/openldap\-data ++olcDbDirectory: LOCALSTATEDIR/lib/ldap + # Indices to maintain + olcDbIndex: objectClass eq + olcDbIndex: cn,sn,mail pres,eq,approx,sub +--- a/doc/man/man5/slapd-mdb.5 ++++ b/doc/man/man5/slapd-mdb.5 +@@ -52,7 +52,7 @@ Specify the directory where the LMDB fil + associated indexes live. + A separate directory must be specified for each database. + The default is +-.BR LOCALSTATEDIR/openldap\-data . ++.BR LOCALSTATEDIR/lib/ldap . + .TP + \fBenvflags \fR{\fBnosync\fR,\fBnometasync\fR,\fBwritemap\fR,\fBmapasync\fR,\fBnordahead\fR} + Specify flags for finer-grained control of the LMDB library's operation. diff --git a/meta-oe/recipes-support/openldap/openldap_2.4.39.bb b/meta-oe/recipes-support/openldap/openldap_2.4.39.bb new file mode 100644 index 0000000..3048c8e --- /dev/null +++ b/meta-oe/recipes-support/openldap/openldap_2.4.39.bb @@ -0,0 +1,182 @@ +# OpenLDAP, a license free (see http://www.OpenLDAP.org/license.html) +# +DESCRIPTION = "OpenLDAP Software is an open source implementation of the Lightweight Directory Access Protocol." +HOMEPAGE = "http://www.OpenLDAP.org/license.html" +# The OpenLDAP Public License - see the HOMEPAGE - defines +# the license. www.openldap.org claims this is Open Source +# (see http://www.openldap.org), the license appears to be +# basically BSD. opensource.org does not record this license +# at present (so it is apparently not OSI certified). +LICENSE = "OpenLDAP" +LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=f2bdbaa4f50199a00b6de2ca7ec1db05" +SECTION = "libs" + +# patches taken from Debian +SRC_URI = "\ + ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz \ + file://man-slapd.patch \ + file://evolution-ntlm.patch \ + file://slapi-errorlog-file.patch \ + file://ldapi-socket-place.patch \ + file://wrong-database-location.patch \ + file://index-files-created-as-root.patch \ + file://sasl-default-path.patch \ + file://libldap-symbol-versions.patch \ + file://getaddrinfo-is-threadsafe.patch \ + file://do-not-second-guess-sonames.patch \ + file://contrib-modules-use-dpkg-buildflags.patch \ + file://smbk5pwd-makefile.patch \ + file://autogroup-makefile.patch \ + file://ldap-conf-tls-cacertdir.patch \ + file://add-tlscacert-option-to-ldap-conf.patch \ + file://fix-ftbfs-binutils-gold.patch \ + file://fix-build-top-mk.patch \ + file://no-AM_INIT_AUTOMAKE.patch \ + file://switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff.patch \ + file://no-bdb-ABI-second-guessing.patch \ + file://heimdal-fix.patch \ +" +SRC_URI[md5sum] = "b0d5ee4b252c841dec6b332d679cf943" +SRC_URI[sha256sum] = "8267c87347103fef56b783b24877c0feda1063d3cb85d070e503d076584bf8a7" + +DEPENDS = "util-linux groff-native db" + +PR = "r0" +# The original top.mk used INSTALL, not INSTALL_STRIP_PROGRAM when +# installing .so and executables, this fails in cross compilation +# environments +SRC_URI += "file://install-strip.patch" + +# inherit autotools +inherit autotools-brokensep + +# CV SETTINGS +# Required to work round AC_FUNC_MEMCMP which gets the wrong answer +# when cross compiling (should be in site?) +EXTRA_OECONF += "ac_cv_func_memcmp_working=yes" + +# CONFIG DEFINITIONS +# The following is necessary because it cannot be determined for a +# cross compile automagically. Select should yield fine on all OE +# systems... +EXTRA_OECONF += "--with-yielding-select=yes" +# Shared libraries are nice... +EXTRA_OECONF += "--enable-dynamic" + +PACKAGECONFIG ??= "openssl modules \ + ldap meta monitor null passwd shell proxycache dnssrv \ + bdb hdb mdb sasl \ +" +#--with-tls with TLS/SSL support auto|openssl|gnutls [auto] +PACKAGECONFIG[gnutls] = "--with-tls=gnutls,,gnutls" +PACKAGECONFIG[openssl] = "--with-tls=openssl,,openssl" + +PACKAGECONFIG[sasl] = "--with-cyrus-sasl,--without-cyrus-sasl,cyrus-sasl" +PACKAGECONFIG[modules] = "lt_cv_dlopen_self=yes --enable-modules,--disable-modules,libtool" + +# SLAPD options +# +# UNIX crypt(3) passwd support: +EXTRA_OECONF += "--enable-crypt" + +EXTRA_OECONF += "--enable-ipv6" + +# SLAPD BACKEND +# +# The backend must be set by the configuration. This controls the +# required database, the default database, bdb, is turned off but +# can be turned back on again and it *is* below! The monitor backend +# is also disabled. If you try to change the backends but fail to +# enable a single one the build will fail in an obvious way. +# +# EXTRA_OECONF += "--disable-bdb --disable-hdb --disable-monitor" +# +# Backends="bdb dnssrv hdb ldap ldbm meta monitor null passwd perl shell sql" +# +# Note that multiple backends can be built. The ldbm backend requires a +# build-time choice of database API. The bdb backend forces this to be +# DB4. To use the gdbm (or other) API the Berkely database module must +# be removed from the build. +md = "${libexecdir}/openldap" +# +#--enable-bdb enable Berkeley DB backend no|yes|mod yes +# The Berkely DB is the standard choice. This version of OpenLDAP requires +# the version 4 implementation or better. +PACKAGECONFIG[bdb] = "--enable-bdb=mod,--enable-bdb=no,db" + +#--enable-dnssrv enable dnssrv backend no|yes|mod no +PACKAGECONFIG[dnssrv] = "--enable-dnssrv=mod,--enable-dnssrv=no" + +#--enable-hdb enable Hierarchical DB backend no|yes|mod no +# This forces ldbm to use Berkeley too, remove to use gdbm +PACKAGECONFIG[hdb] = "--enable-hdb=mod,--enable-hdb=no,db" + +#--enable-ldap enable ldap backend no|yes|mod no +PACKAGECONFIG[ldap] = "--enable-ldap=mod,--enable-ldap=no," + +#--enable-ldbm enable ldbm backend no|yes|mod no +# ldbm requires further specification of the underlying database API, because +# bdb is enabled above this must be set to berkeley, however the config +# defaults this correctly so --with-ldbm-api is *not* set. The build will +# fail if bdb is removed, but no database is built to provide the +# support for ldbm +# guide.html:<P>back-ldbm was both slow and unreliable. Its byzantine indexing code was prone to spontaneous corruption, as were the underlying database libraries that were commonly used (e.g. GDBM or NDBM). back-bdb and back-hdb are superior in every aspect, with simplified indexing to avoid index corruption, fine-grained locking for greater concurrency, hierarchical caching for greater performance, streamlined on-disk format for greater efficiency and portability, and full transaction support for greater reliability.</P> +# configure: WARNING: unrecognized options: --disable-silent-rules, --enable-ldbm, --with-ldbm-api +#PACKAGECONFIG[ldbm] = "--enable-ldbm=mod --with-ldbm-api=gdbm,--enable-ldbm-no,gdbm" + +#--enable-meta enable metadirectory backend no|yes|mod no +PACKAGECONFIG[meta] = "--enable-meta=mod,--enable-meta=no," + +#--enable-monitor enable monitor backend no|yes|mod yes +PACKAGECONFIG[monitor] = "--enable-monitor=mod,--enable-monitor=no," + +#--enable-null enable null backend no|yes|mod no +PACKAGECONFIG[null] = "--enable-null=mod,--enable-null=no," + +#--enable-passwd enable passwd backend no|yes|mod no +PACKAGECONFIG[passwd] = "--enable-passwd=mod,--enable-passwd=no," + +# disabling perl support - host contamination issues +# +#--enable-perl enable perl backend no|yes|mod no +# This requires a loadable perl dynamic library, if enabled without +# doing something appropriate (building perl?) the build will pick +# up the build machine perl - not good (inherit perlnative?) +# PACKAGECONFIG[perl] = "--enable-perl=mod,--enable-perl=no,perl" + +#--enable-shell enable shell backend no|yes|mod no +# configure: WARNING: Use of --without-threads is recommended with back-shell +PACKAGECONFIG[shell] = "--enable-shell=mod --without-threads,--enable-shell=no," + +#--enable-sql enable sql backend no|yes|mod no +# sql requires some sql backend which provides sql.h, sqlite* provides +# sqlite.h (which may be compatible but hasn't been tried.) +PACKAGECONFIG[sql] = "--enable-sql=mod,--enable-sql=no,sqlite3" + +#--enable-dyngroup Dynamic Group overlay no|yes|mod no +# This is a demo, Proxy Cache defines init_module which conflicts with the +# same symbol in dyngroup +PACKAGECONFIG[dyngroup] = "--enable-dyngroup=mod,--enable-dyngroup=no," + +#--enable-proxycache Proxy Cache overlay no|yes|mod no +PACKAGECONFIG[proxycache] = "--enable-proxycache=mod,--enable-proxycache=no," + +#--enable-mdb enable mdb database backend no|yes|mod no +PACKAGECONFIG[mdb] = "--enable-mdb=mod,--enable-mdb=no," + +CPPFLAGS_append = " -D_GNU_SOURCE" + +do_configure() { + cp ${STAGING_DATADIR_NATIVE}/libtool/config/ltmain.sh ${S}/build + rm -f ${S}/libtool + rm -f ${S}/libtool + aclocal + libtoolize --force --copy + gnu-configize + autoconf + oe_runconf +} + +FILES_${PN}-dev = "${includedir} ${libdir}/lib*.so ${libdir}/*.la ${libdir}/*.a ${libexecdir}/openldap/*.a ${libexecdir}/openldap/*.la ${libexecdir}/openldap/*.so" +FILES_${PN}-dbg += "${libexecdir}/openldap/.debug" +
On Mon, Jul 28, 2014 at 02:50:13PM -0400, Amy Fong wrote: > From 10be38b1a220079953f1aab0d1d79eee10a9855e Mon Sep 17 00:00:00 2001 > From: Amy Fong <amy.fong@windriver.com> > Date: Tue, 15 Jul 2014 17:48:54 -0400 > Subject: [PATCH] keystone: package openLDAP 2.4.39 > > The patches are taken from Debian. Please fix: openldap-2.4.39: openldap: Files/directories were installed but not shipped /run [installed-vs-shipped] > > Signed-off-by: Amy Fong <amy.fong@windriver.com> > --- > .../add-tlscacert-option-to-ldap-conf.patch | 10 + > .../openldap-2.4.39/autogroup-makefile.patch | 35 ++++ > .../contrib-modules-use-dpkg-buildflags.patch | 40 ++++ > .../do-not-second-guess-sonames.patch | 68 +++++++ > .../openldap/openldap-2.4.39/evolution-ntlm.patch | 222 +++++++++++++++++++++ > .../openldap-2.4.39/fix-build-top-mk.patch | 11 + > .../openldap-2.4.39/fix-ftbfs-binutils-gold.patch | 64 ++++++ > .../getaddrinfo-is-threadsafe.patch | 43 ++++ > .../openldap/openldap-2.4.39/heimdal-fix.patch | 23 +++ > .../index-files-created-as-root.patch | 37 ++++ > .../openldap/openldap-2.4.39/install-strip.patch | 14 ++ > .../openldap-2.4.39/ldap-conf-tls-cacertdir.patch | 29 +++ > .../openldap-2.4.39/ldapi-socket-place.patch | 16 ++ > .../openldap-2.4.39/libldap-symbol-versions.patch | 161 +++++++++++++++ > .../openldap/openldap-2.4.39/man-slapd.patch | 60 ++++++ > .../openldap-2.4.39/no-AM_INIT_AUTOMAKE.patch | 25 +++ > .../no-bdb-ABI-second-guessing.patch | 42 ++++ > .../openldap-2.4.39/sasl-default-path.patch | 55 +++++ > .../openldap/openldap-2.4.39/series | 21 ++ > .../openldap-2.4.39/slapi-errorlog-file.patch | 16 ++ > .../openldap-2.4.39/smbk5pwd-makefile.patch | 53 +++++ > ..._dlopenadvise-to-get-RTLD_GLOBAL-set.diff.patch | 40 ++++ > .../openldap-2.4.39/wrong-database-location.patch | 74 +++++++ > .../recipes-support/openldap/openldap_2.4.39.bb | 182 +++++++++++++++++ > 24 files changed, 1341 insertions(+) > create mode 100644 meta-oe/recipes-support/openldap/openldap-2.4.39/add-tlscacert-option-to-ldap-conf.patch > create mode 100644 meta-oe/recipes-support/openldap/openldap-2.4.39/autogroup-makefile.patch > create mode 100644 meta-oe/recipes-support/openldap/openldap-2.4.39/contrib-modules-use-dpkg-buildflags.patch > create mode 100644 meta-oe/recipes-support/openldap/openldap-2.4.39/do-not-second-guess-sonames.patch > create mode 100644 meta-oe/recipes-support/openldap/openldap-2.4.39/evolution-ntlm.patch > create mode 100644 meta-oe/recipes-support/openldap/openldap-2.4.39/fix-build-top-mk.patch > create mode 100644 meta-oe/recipes-support/openldap/openldap-2.4.39/fix-ftbfs-binutils-gold.patch > create mode 100644 meta-oe/recipes-support/openldap/openldap-2.4.39/getaddrinfo-is-threadsafe.patch > create mode 100644 meta-oe/recipes-support/openldap/openldap-2.4.39/heimdal-fix.patch > create mode 100644 meta-oe/recipes-support/openldap/openldap-2.4.39/index-files-created-as-root.patch > create mode 100644 meta-oe/recipes-support/openldap/openldap-2.4.39/install-strip.patch > create mode 100644 meta-oe/recipes-support/openldap/openldap-2.4.39/ldap-conf-tls-cacertdir.patch > create mode 100644 meta-oe/recipes-support/openldap/openldap-2.4.39/ldapi-socket-place.patch > create mode 100644 meta-oe/recipes-support/openldap/openldap-2.4.39/libldap-symbol-versions.patch > create mode 100644 meta-oe/recipes-support/openldap/openldap-2.4.39/man-slapd.patch > create mode 100644 meta-oe/recipes-support/openldap/openldap-2.4.39/no-AM_INIT_AUTOMAKE.patch > create mode 100644 meta-oe/recipes-support/openldap/openldap-2.4.39/no-bdb-ABI-second-guessing.patch > create mode 100644 meta-oe/recipes-support/openldap/openldap-2.4.39/sasl-default-path.patch > create mode 100644 meta-oe/recipes-support/openldap/openldap-2.4.39/series > create mode 100644 meta-oe/recipes-support/openldap/openldap-2.4.39/slapi-errorlog-file.patch > create mode 100644 meta-oe/recipes-support/openldap/openldap-2.4.39/smbk5pwd-makefile.patch > create mode 100644 meta-oe/recipes-support/openldap/openldap-2.4.39/switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff.patch > create mode 100644 meta-oe/recipes-support/openldap/openldap-2.4.39/wrong-database-location.patch > create mode 100644 meta-oe/recipes-support/openldap/openldap_2.4.39.bb > > diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/add-tlscacert-option-to-ldap-conf.patch b/meta-oe/recipes-support/openldap/openldap-2.4.39/add-tlscacert-option-to-ldap-conf.patch > new file mode 100644 > index 0000000..e8e731a > --- /dev/null > +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/add-tlscacert-option-to-ldap-conf.patch > @@ -0,0 +1,10 @@ > +--- a/libraries/libldap/ldap.conf > ++++ b/libraries/libldap/ldap.conf > +@@ -11,3 +11,7 @@ > + #SIZELIMIT 12 > + #TIMELIMIT 15 > + #DEREF never > ++ > ++# TLS certificates (needed for GnuTLS) > ++TLS_CACERT /etc/ssl/certs/ca-certificates.crt > ++ > diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/autogroup-makefile.patch b/meta-oe/recipes-support/openldap/openldap-2.4.39/autogroup-makefile.patch > new file mode 100644 > index 0000000..d3f56c3 > --- /dev/null > +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/autogroup-makefile.patch > @@ -0,0 +1,35 @@ > +--- a/contrib/slapd-modules/autogroup/Makefile > ++++ b/contrib/slapd-modules/autogroup/Makefile > +@@ -2,11 +2,11 @@ > + > + LDAP_SRC = ../../.. > + LDAP_BUILD = ../../.. > +-LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd > +-LDAP_LIB = $(LDAP_BUILD)/libraries/libldap_r/libldap_r.la \ > +- $(LDAP_BUILD)/libraries/liblber/liblber.la > ++LDAP_INC = -I$(LDAP_BUILD)/debian/build/include -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd > ++LDAP_LIB = $(LDAP_BUILD)/debian/build/libraries/libldap_r/libldap_r.la \ > ++ $(LDAP_BUILD)/debian/build/libraries/liblber/liblber.la > + > +-LIBTOOL = $(LDAP_BUILD)/libtool > ++LIBTOOL = $(LDAP_BUILD)/debian/build/libtool > + CC = gcc > + OPT = -g -O2 -Wall > + DEFS = > +@@ -16,13 +16,13 @@ LIBS = $(LDAP_LIB) > + PROGRAMS = autogroup.la > + LTVER = 0:0:0 > + > +-prefix=/usr/local > ++prefix=/usr > + exec_prefix=$(prefix) > +-ldap_subdir=/openldap > ++ldap_subdir=/ldap > + > + libdir=$(exec_prefix)/lib > + libexecdir=$(exec_prefix)/libexec > +-moduledir = $(libexecdir)$(ldap_subdir) > ++moduledir = $(libdir)$(ldap_subdir) > + > + .SUFFIXES: .c .o .lo > + > diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/contrib-modules-use-dpkg-buildflags.patch b/meta-oe/recipes-support/openldap/openldap-2.4.39/contrib-modules-use-dpkg-buildflags.patch > new file mode 100644 > index 0000000..1b15529 > --- /dev/null > +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/contrib-modules-use-dpkg-buildflags.patch > @@ -0,0 +1,40 @@ > +Description: pass CFLAGS to contrib builds > + $(CFLAGS) is missing from the compiler invocations for autogroup and > + smbk5pwd, which means they're not being hardened. > +Author: Simon Ruderich <simon@ruderich.org> > +Bug-Debian: http://bugs.debian.org/663724 > + > +--- a/contrib/slapd-modules/autogroup/Makefile > ++++ b/contrib/slapd-modules/autogroup/Makefile > +@@ -27,12 +27,12 @@ moduledir = $(libexecdir)$(ldap_subdir) > + .SUFFIXES: .c .o .lo > + > + .c.lo: > +- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $< > ++ $(LIBTOOL) --mode=compile $(CC) $(OPT) $(CFLAGS) $(DEFS) $(INCS) -c $< > + > + all: $(PROGRAMS) > + > + autogroup.la: autogroup.lo > +- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \ > ++ $(LIBTOOL) --mode=link $(CC) $(OPT) $(LDFLAGS) -version-info $(LTVER) \ > + -rpath $(moduledir) -module -o $@ $? $(LIBS) > + > + clean: > +--- a/contrib/slapd-modules/smbk5pwd/Makefile > ++++ b/contrib/slapd-modules/smbk5pwd/Makefile > +@@ -46,12 +46,12 @@ moduledir = $(libexecdir)$(ldap_subdir) > + .SUFFIXES: .c .o .lo > + > + .c.lo: > +- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $< > ++ $(LIBTOOL) --mode=compile $(CC) $(OPT) $(CFLAGS) $(DEFS) $(INCS) -c $< > + > + all: $(PROGRAMS) > + > + smbk5pwd.la: smbk5pwd.lo > +- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \ > ++ $(LIBTOOL) --mode=link $(CC) $(OPT) $(LDFLAGS) -version-info $(LTVER) \ > + -rpath $(moduledir) -module -o $@ $? $(LIBS) > + > + clean: > diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/do-not-second-guess-sonames.patch b/meta-oe/recipes-support/openldap/openldap-2.4.39/do-not-second-guess-sonames.patch > new file mode 100644 > index 0000000..31cf652 > --- /dev/null > +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/do-not-second-guess-sonames.patch > @@ -0,0 +1,68 @@ > +Rip out code that second-guesses the libsasl soname / Debian shlibs. If > +cyrus sasl upstream is breaking the ABI, this needs to be fixed upstream > +there, not kludged around upstream here! > + > +Debian bug #546885 > + > +Upstream ITS #6302 filed. > + > +--- a/libraries/libldap/cyrus.c > ++++ b/libraries/libldap/cyrus.c > +@@ -74,28 +74,6 @@ int ldap_int_sasl_init( void ) > + /* XXX not threadsafe */ > + static int sasl_initialized = 0; > + > +-#ifdef HAVE_SASL_VERSION > +- /* stringify the version number, sasl.h doesn't do it for us */ > +-#define VSTR0(maj, min, pat) #maj "." #min "." #pat > +-#define VSTR(maj, min, pat) VSTR0(maj, min, pat) > +-#define SASL_VERSION_STRING VSTR(SASL_VERSION_MAJOR, SASL_VERSION_MINOR, \ > +- SASL_VERSION_STEP) > +- { int rc; > +- sasl_version( NULL, &rc ); > +- if ( ((rc >> 16) != ((SASL_VERSION_MAJOR << 8)|SASL_VERSION_MINOR)) || > +- (rc & 0xffff) < SASL_VERSION_STEP) { > +- char version[sizeof("xxx.xxx.xxxxx")]; > +- sprintf( version, "%u.%d.%d", (unsigned)rc >> 24, (rc >> 16) & 0xff, > +- rc & 0xffff ); > +- > +- Debug( LDAP_DEBUG_ANY, > +- "ldap_int_sasl_init: SASL library version mismatch:" > +- " expected " SASL_VERSION_STRING "," > +- " got %s\n", version, 0, 0 ); > +- return -1; > +- } > +- } > +-#endif > + if ( sasl_initialized ) { > + return 0; > + } > +--- a/servers/slapd/sasl.c > ++++ b/servers/slapd/sasl.c > +@@ -1145,26 +1145,6 @@ int slap_sasl_init( void ) > + #endif > + > + #ifdef HAVE_CYRUS_SASL > +-#ifdef HAVE_SASL_VERSION > +- /* stringify the version number, sasl.h doesn't do it for us */ > +-#define VSTR0(maj, min, pat) #maj "." #min "." #pat > +-#define VSTR(maj, min, pat) VSTR0(maj, min, pat) > +-#define SASL_VERSION_STRING VSTR(SASL_VERSION_MAJOR, SASL_VERSION_MINOR, \ > +- SASL_VERSION_STEP) > +- > +- sasl_version( NULL, &rc ); > +- if ( ((rc >> 16) != ((SASL_VERSION_MAJOR << 8)|SASL_VERSION_MINOR)) || > +- (rc & 0xffff) < SASL_VERSION_STEP) > +- { > +- char version[sizeof("xxx.xxx.xxxxx")]; > +- sprintf( version, "%u.%d.%d", (unsigned)rc >> 24, (rc >> 16) & 0xff, > +- rc & 0xffff ); > +- Debug( LDAP_DEBUG_ANY, "slap_sasl_init: SASL library version mismatch:" > +- " expected %s, got %s\n", > +- SASL_VERSION_STRING, version, 0 ); > +- return -1; > +- } > +-#endif > + > + sasl_set_mutex( > + ldap_pvt_sasl_mutex_new, > diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/evolution-ntlm.patch b/meta-oe/recipes-support/openldap/openldap-2.4.39/evolution-ntlm.patch > new file mode 100644 > index 0000000..cd9bc26 > --- /dev/null > +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/evolution-ntlm.patch > @@ -0,0 +1,222 @@ > +Patch from evolution-exchange (2.10.3). The ldap_ntlm_bind function is > +actually called by evolution-data-server, checked at version 1.12.2. > +Without this patch, the Exchange addressbook integration uses simple binds > +with cleartext passwords. > + > +Russ checked with openldap-software for upstream's opinion on this patch > +on 2007-12-21. Upstream had never received it as a patch submission and > +given that it's apparently only for older Exchange servers that can't do > +SASL and DIGEST-MD5, it's not very appealing. > + > +Bug#457374 filed against evolution-data-server asking if this support is > +still required on 2007-12-21. > + > +--- a/include/ldap.h > ++++ b/include/ldap.h > +@@ -2517,5 +2517,25 @@ ldap_parse_deref_control LDAP_P(( > + LDAPControl **ctrls, > + LDAPDerefRes **drp )); > + > ++/* > ++ * hacks for NTLM > ++ */ > ++#define LDAP_AUTH_NTLM_REQUEST ((ber_tag_t) 0x8aU) > ++#define LDAP_AUTH_NTLM_RESPONSE ((ber_tag_t) 0x8bU) > ++LDAP_F( int ) > ++ldap_ntlm_bind LDAP_P(( > ++ LDAP *ld, > ++ LDAP_CONST char *dn, > ++ ber_tag_t tag, > ++ struct berval *cred, > ++ LDAPControl **sctrls, > ++ LDAPControl **cctrls, > ++ int *msgidp )); > ++LDAP_F( int ) > ++ldap_parse_ntlm_bind_result LDAP_P(( > ++ LDAP *ld, > ++ LDAPMessage *res, > ++ struct berval *challenge)); > ++ > + LDAP_END_DECL > + #endif /* _LDAP_H */ > +--- /dev/null > ++++ b/libraries/libldap/ntlm.c > +@@ -0,0 +1,138 @@ > ++/* $OpenLDAP: pkg/ldap/libraries/libldap/ntlm.c,v 1.1.4.10 2002/01/04 20:38:21 kurt Exp $ */ > ++/* > ++ * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved. > ++ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file > ++ */ > ++ > ++/* Mostly copied from sasl.c */ > ++ > ++#include "portable.h" > ++ > ++#include <stdlib.h> > ++#include <stdio.h> > ++ > ++#include <ac/socket.h> > ++#include <ac/string.h> > ++#include <ac/time.h> > ++#include <ac/errno.h> > ++ > ++#include "ldap-int.h" > ++ > ++int > ++ldap_ntlm_bind( > ++ LDAP *ld, > ++ LDAP_CONST char *dn, > ++ ber_tag_t tag, > ++ struct berval *cred, > ++ LDAPControl **sctrls, > ++ LDAPControl **cctrls, > ++ int *msgidp ) > ++{ > ++ BerElement *ber; > ++ int rc; > ++ ber_int_t id; > ++ > ++ Debug( LDAP_DEBUG_TRACE, "ldap_ntlm_bind\n", 0, 0, 0 ); > ++ > ++ assert( ld != NULL ); > ++ assert( LDAP_VALID( ld ) ); > ++ assert( msgidp != NULL ); > ++ > ++ if( msgidp == NULL ) { > ++ ld->ld_errno = LDAP_PARAM_ERROR; > ++ return ld->ld_errno; > ++ } > ++ > ++ /* create a message to send */ > ++ if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) { > ++ ld->ld_errno = LDAP_NO_MEMORY; > ++ return ld->ld_errno; > ++ } > ++ > ++ assert( LBER_VALID( ber ) ); > ++ > ++ LDAP_NEXT_MSGID( ld, id ); > ++ rc = ber_printf( ber, "{it{istON}" /*}*/, > ++ id, LDAP_REQ_BIND, > ++ ld->ld_version, dn, tag, > ++ cred ); > ++ > ++ /* Put Server Controls */ > ++ if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) { > ++ ber_free( ber, 1 ); > ++ return ld->ld_errno; > ++ } > ++ > ++ if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) { > ++ ld->ld_errno = LDAP_ENCODING_ERROR; > ++ ber_free( ber, 1 ); > ++ return ld->ld_errno; > ++ } > ++ > ++ /* send the message */ > ++ *msgidp = ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber, id ); > ++ > ++ if(*msgidp < 0) > ++ return ld->ld_errno; > ++ > ++ return LDAP_SUCCESS; > ++} > ++ > ++int > ++ldap_parse_ntlm_bind_result( > ++ LDAP *ld, > ++ LDAPMessage *res, > ++ struct berval *challenge) > ++{ > ++ ber_int_t errcode; > ++ ber_tag_t tag; > ++ BerElement *ber; > ++ ber_len_t len; > ++ > ++ Debug( LDAP_DEBUG_TRACE, "ldap_parse_ntlm_bind_result\n", 0, 0, 0 ); > ++ > ++ assert( ld != NULL ); > ++ assert( LDAP_VALID( ld ) ); > ++ assert( res != NULL ); > ++ > ++ if ( ld == NULL || res == NULL ) { > ++ return LDAP_PARAM_ERROR; > ++ } > ++ > ++ if( res->lm_msgtype != LDAP_RES_BIND ) { > ++ ld->ld_errno = LDAP_PARAM_ERROR; > ++ return ld->ld_errno; > ++ } > ++ > ++ if ( ld->ld_error ) { > ++ LDAP_FREE( ld->ld_error ); > ++ ld->ld_error = NULL; > ++ } > ++ if ( ld->ld_matched ) { > ++ LDAP_FREE( ld->ld_matched ); > ++ ld->ld_matched = NULL; > ++ } > ++ > ++ /* parse results */ > ++ > ++ ber = ber_dup( res->lm_ber ); > ++ > ++ if( ber == NULL ) { > ++ ld->ld_errno = LDAP_NO_MEMORY; > ++ return ld->ld_errno; > ++ } > ++ > ++ tag = ber_scanf( ber, "{ioa" /*}*/, > ++ &errcode, challenge, &ld->ld_error ); > ++ ber_free( ber, 0 ); > ++ > ++ if( tag == LBER_ERROR ) { > ++ ld->ld_errno = LDAP_DECODING_ERROR; > ++ return ld->ld_errno; > ++ } > ++ > ++ ld->ld_errno = errcode; > ++ > ++ return( ld->ld_errno ); > ++} > ++ > +--- a/libraries/libldap/Makefile.in > ++++ b/libraries/libldap/Makefile.in > +@@ -27,7 +27,7 @@ SRCS = bind.c open.c result.c error.c co > + init.c options.c print.c string.c util-int.c schema.c \ > + charray.c os-local.c dnssrv.c utf-8.c utf-8-conv.c \ > + tls2.c tls_o.c tls_g.c tls_m.c \ > +- turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c \ > ++ turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c ntlm.c \ > + assertion.c deref.c ldif.c fetch.c > + > + OBJS = bind.lo open.lo result.lo error.lo compare.lo search.lo \ > +@@ -40,7 +40,7 @@ OBJS = bind.lo open.lo result.lo error.l > + init.lo options.lo print.lo string.lo util-int.lo schema.lo \ > + charray.lo os-local.lo dnssrv.lo utf-8.lo utf-8-conv.lo \ > + tls2.lo tls_o.lo tls_g.lo tls_m.lo \ > +- turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo \ > ++ turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo ntlm.lo \ > + assertion.lo deref.lo ldif.lo fetch.lo > + > + LDAP_INCDIR= ../../include > +--- a/libraries/libldap_r/Makefile.in > ++++ b/libraries/libldap_r/Makefile.in > +@@ -29,7 +29,7 @@ XXSRCS = apitest.c test.c \ > + init.c options.c print.c string.c util-int.c schema.c \ > + charray.c os-local.c dnssrv.c utf-8.c utf-8-conv.c \ > + tls2.c tls_o.c tls_g.c tls_m.c \ > +- turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c \ > ++ turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c ntlm.c \ > + assertion.c deref.c ldif.c fetch.c > + SRCS = threads.c rdwr.c rmutex.c tpool.c rq.c \ > + thr_posix.c thr_cthreads.c thr_thr.c thr_nt.c \ > +@@ -47,7 +47,7 @@ OBJS = threads.lo rdwr.lo rmutex.lo tpoo > + init.lo options.lo print.lo string.lo util-int.lo schema.lo \ > + charray.lo os-local.lo dnssrv.lo utf-8.lo utf-8-conv.lo \ > + tls2.lo tls_o.lo tls_g.lo tls_m.lo \ > +- turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo \ > ++ turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo ntlm.lo \ > + assertion.lo deref.lo ldif.lo fetch.lo > + > + LDAP_INCDIR= ../../include > diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/fix-build-top-mk.patch b/meta-oe/recipes-support/openldap/openldap-2.4.39/fix-build-top-mk.patch > new file mode 100644 > index 0000000..418fe35 > --- /dev/null > +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/fix-build-top-mk.patch > @@ -0,0 +1,11 @@ > +--- a/build/top.mk > ++++ b/build/top.mk > +@@ -20,7 +20,7 @@ > + RELEASEDATE= @OPENLDAP_RELEASE_DATE@ > + > + @SET_MAKE@ > +-SHELL = /bin/sh > ++SHELL = @SHELL@ > + > + top_builddir = @top_builddir@ > + > diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/fix-ftbfs-binutils-gold.patch b/meta-oe/recipes-support/openldap/openldap-2.4.39/fix-ftbfs-binutils-gold.patch > new file mode 100644 > index 0000000..1f0ca88 > --- /dev/null > +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/fix-ftbfs-binutils-gold.patch > @@ -0,0 +1,64 @@ > +--- a/configure.in > ++++ b/configure.in > +@@ -1214,7 +1214,7 @@ if test $ol_link_tls = no ; then > + ol_with_tls=gnutls > + ol_link_tls=yes > + > +- TLS_LIBS="-lgnutls" > ++ TLS_LIBS="-lgnutls -lgcrypt" > + > + AC_DEFINE(HAVE_GNUTLS, 1, > + [define if you have GNUtls]) > +--- a/libraries/libldap/Makefile.in > ++++ b/libraries/libldap/Makefile.in > +@@ -51,21 +51,21 @@ LIB_DEFS = -DLDAP_LIBRARY > + XLIBS = $(LIBRARY) $(LDAP_LIBLBER_LA) $(LDAP_LIBLUTIL_A) > + XXLIBS = $(SECURITY_LIBS) $(LUTIL_LIBS) > + NT_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) > +-UNIX_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) > ++UNIX_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) $(TLS_LIBS) > + ifneq (,$(VERSION_OPTION)) > + VERSION_FLAGS = $(VERSION_OPTION)$(srcdir)/libldap.map > + endif > + > + apitest: $(XLIBS) apitest.o > +- $(LTLINK) -o $@ apitest.o $(LIBS) > ++ $(LTLINK) -o $@ apitest.o $(LIBS) $(TLS_LIBS) > + dntest: $(XLIBS) dntest.o > +- $(LTLINK) -o $@ dntest.o $(LIBS) > ++ $(LTLINK) -o $@ dntest.o $(LIBS) $(TLS_LIBS) > + ftest: $(XLIBS) ftest.o > +- $(LTLINK) -o $@ ftest.o $(LIBS) > ++ $(LTLINK) -o $@ ftest.o $(LIBS) $(TLS_LIBS) > + ltest: $(XLIBS) test.o > +- $(LTLINK) -o $@ test.o $(LIBS) > ++ $(LTLINK) -o $@ test.o $(LIBS) $(TLS_LIBS) > + urltest: $(XLIBS) urltest.o > +- $(LTLINK) -o $@ urltest.o $(LIBS) > ++ $(LTLINK) -o $@ urltest.o $(LIBS) $(TLS_LIBS) > + > + CFFILES=ldap.conf > + > +--- a/libraries/libldap_r/Makefile.in > ++++ b/libraries/libldap_r/Makefile.in > +@@ -60,7 +60,7 @@ XLIBS = $(LIBRARY) $(LDAP_LIBLBER_LA) $( > + XXLIBS = $(SECURITY_LIBS) $(LUTIL_LIBS) > + XXXLIBS = $(LTHREAD_LIBS) > + NT_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) > +-UNIX_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) $(LTHREAD_LIBS) > ++UNIX_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) $(LTHREAD_LIBS) $(TLS_LIBS) > + ifneq (,$(VERSION_OPTION)) > + VERSION_FLAGS = "$(VERSION_OPTION)$(XXDIR)/libldap.map" > + endif > +@@ -80,9 +80,9 @@ clean-local: FORCE > + depend-common: .links > + > + apitest: $(XLIBS) apitest.o > +- $(LTLINK) -o $@ apitest.o $(LIBS) > ++ $(LTLINK) -o $@ apitest.o $(LIBS) $(TLS_LIBS) > + ltest: $(XLIBS) test.o > +- $(LTLINK) -o $@ test.o $(LIBS) > ++ $(LTLINK) -o $@ test.o $(LIBS) $(TLS_LIBS) > + > + install-local: $(CFFILES) FORCE > + -$(MKDIR) $(DESTDIR)$(libdir) > diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/getaddrinfo-is-threadsafe.patch b/meta-oe/recipes-support/openldap/openldap-2.4.39/getaddrinfo-is-threadsafe.patch > new file mode 100644 > index 0000000..ab6e2b7 > --- /dev/null > +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/getaddrinfo-is-threadsafe.patch > @@ -0,0 +1,43 @@ > +Author: Steve Langasek <vorlon@debian.org> > + > +OpenLDAP upstream conservatively assumes that certain resolver functions > +(getaddrinfo, getnameinfo, res_query, dn_expand) are not re-entrant; but we > +know that the glibc implementations of these functions are thread-safe, so > +we should bypass the use of this mutex. This fixes a locking problem when > +an application uses libldap and libnss-ldap is also used for hosts > +resolution. > + > +Closes Debian bug #340601. > + > +Not suitable for forwarding upstream; might be made suitable by adding a > +configure-time check for glibc and disabling the mutex only on known > +thread-safe implementations. > + > +--- a/libraries/libldap/os-ip.c > ++++ b/libraries/libldap/os-ip.c > +@@ -602,13 +602,7 @@ ldap_connect_to_host(LDAP *ld, Sockbuf * > + hints.ai_socktype = socktype; > + snprintf(serv, sizeof serv, "%d", port ); > + > +- /* most getaddrinfo(3) use non-threadsafe resolver libraries */ > +- LDAP_MUTEX_LOCK(&ldap_int_resolv_mutex); > +- > + err = getaddrinfo( host, serv, &hints, &res ); > +- > +- LDAP_MUTEX_UNLOCK(&ldap_int_resolv_mutex); > +- > + if ( err != 0 ) { > + osip_debug(ld, "ldap_connect_to_host: getaddrinfo failed: %s\n", > + AC_GAI_STRERROR(err), 0, 0); > +--- a/libraries/libldap/util-int.c > ++++ b/libraries/libldap/util-int.c > +@@ -431,9 +431,7 @@ int ldap_pvt_get_hname( > + int rc; > + #if defined( HAVE_GETNAMEINFO ) > + > +- LDAP_MUTEX_LOCK( &ldap_int_resolv_mutex ); > + rc = getnameinfo( sa, len, name, namelen, NULL, 0, 0 ); > +- LDAP_MUTEX_UNLOCK( &ldap_int_resolv_mutex ); > + if ( rc ) *err = (char *)AC_GAI_STRERROR( rc ); > + return rc; > + > diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/heimdal-fix.patch b/meta-oe/recipes-support/openldap/openldap-2.4.39/heimdal-fix.patch > new file mode 100644 > index 0000000..4aad47c > --- /dev/null > +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/heimdal-fix.patch > @@ -0,0 +1,23 @@ > +Author: Mattias Ellert <mattias.ellert@fysast.uu.se> > +Description: adapt parameters of hdb_generate_key_set_password() to heimdal 1.6~git20120311 > + . > + With version heimdal 1.6~git20120311 heimdal schanged the number of parameters > + of function hdb_generate_key_set_password(), implementing a fallback to "default" > + values when NULL-values are passed for these parameters. > + . > + This patch does exactly that. > + . > +Bug-Debian: 664930 > +Reviewed-by: Peter Marschall <peter@adpm.de> > + > +--- a/contrib/slapd-modules/smbk5pwd/smbk5pwd.c > ++++ b/contrib/slapd-modules/smbk5pwd/smbk5pwd.c > +@@ -470,7 +470,7 @@ static int smbk5pwd_exop_passwd( > + } > + > + ret = hdb_generate_key_set_password(context, ent.principal, > +- qpw->rs_new.bv_val, &ent.keys.val, &nkeys); > ++ qpw->rs_new.bv_val, NULL, 0, &ent.keys.val, &nkeys); > + ent.keys.len = nkeys; > + hdb_seal_keys(context, db, &ent); > + krb5_free_principal( context, ent.principal ); > diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/index-files-created-as-root.patch b/meta-oe/recipes-support/openldap/openldap-2.4.39/index-files-created-as-root.patch > new file mode 100644 > index 0000000..47fc88a > --- /dev/null > +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/index-files-created-as-root.patch > @@ -0,0 +1,37 @@ > +Document in the man page that slapindex should be run as the same user > +as slapd, and print a warning if it's run as root (since Debian defaults > +to running slapd as openldap). > + > +Not suitable for upstream in this form. This patch needs to be reworked > +to check the BerkeleyDB database ownership and only warn if running as > +root with a database that's not owned by root. > + > +Upstream ITS #5356 filed requesting better handling of this. Current > +upstream discussion leans towards putting the check into the database > +backend and aborting if slapd is run as a different user than the database > +owner, which is an even better fix. > + > +--- a/doc/man/man8/slapindex.8 > ++++ b/doc/man/man8/slapindex.8 > +@@ -148,6 +148,10 @@ > + should not be running (at least, not in read-write > + mode) when you do this to ensure consistency of the database. > + .LP > ++slapindex ought to be run as the user specified for > ++.BR slapd (8) > ++to ensure correct database permissions. > ++.LP > + This command provides ample opportunity for the user to obtain > + and drink their favorite beverage. > + .SH EXAMPLES > +--- a/servers/slapd/slapindex.c > ++++ b/servers/slapd/slapindex.c > +@@ -34,6 +34,8 @@ > + int > + slapindex( int argc, char **argv ) > + { > ++ if (geteuid() == 0) > ++ fprintf( stderr, "\nWARNING!\nRunnig as root!\nThere's a fair chance slapd will fail to start.\nCheck file permissions!\n\n"); > + ID id; > + int rc = EXIT_SUCCESS; > + const char *progname = "slapindex"; > diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/install-strip.patch b/meta-oe/recipes-support/openldap/openldap-2.4.39/install-strip.patch > new file mode 100644 > index 0000000..2992b70 > --- /dev/null > +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/install-strip.patch > @@ -0,0 +1,14 @@ > +# This patch ensures that the install operations which strip > +# programs and libraries (LTINSTALL) work in a cross build > +# environment. > +--- openldap-2.2.24/.pc/install-strip.patch/build/top.mk 2005-01-20 09:00:55.000000000 -0800 > ++++ openldap-2.2.24/build/top.mk 2005-04-16 13:48:20.536710376 -0700 > +@@ -116,7 +116,7 @@ > + LTLINK_MOD = $(LIBTOOL) $(LTONLY_MOD) --mode=link \ > + $(CC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS_MOD) > + > +-LTINSTALL = $(LIBTOOL) --mode=install $(INSTALL) > ++LTINSTALL = STRIPPROG="" $(LIBTOOL) --mode=install $(top_srcdir)/contrib/ldapc++/install-sh -c > + LTFINISH = $(LIBTOOL) --mode=finish > + > + # Misc UNIX commands used in build environment > diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/ldap-conf-tls-cacertdir.patch b/meta-oe/recipes-support/openldap/openldap-2.4.39/ldap-conf-tls-cacertdir.patch > new file mode 100644 > index 0000000..e8aab91 > --- /dev/null > +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/ldap-conf-tls-cacertdir.patch > @@ -0,0 +1,29 @@ > +--- a/doc/man/man5/ldap.conf.5 > ++++ b/doc/man/man5/ldap.conf.5 > +@@ -317,7 +317,7 @@ certificates in separate individual file > + .B TLS_CACERT > + is always used before > + .B TLS_CACERTDIR. > +-This parameter is ignored with GnuTLS. > ++This parameter is ignored with GnuTLS. On Debian openldap is linked against GnuTLS. > + > + When using Mozilla NSS, <path> may contain a Mozilla NSS cert/key > + database. If <path> contains a Mozilla NSS cert/key database and > +@@ -428,7 +428,7 @@ This parameter is ignored with GnuTLS. > + Specifies the file to obtain random bits from when /dev/[u]random is > + not available. Generally set to the name of the EGD/PRNGD socket. > + The environment variable RANDFILE can also be used to specify the filename. > +-This parameter is ignored with GnuTLS and Mozilla NSS. > ++This parameter is ignored with GnuTLS and Mozilla NSS. On Debian openldap is linked against GnuTLS. > + .TP > + .B TLS_REQCERT <level> > + Specifies what checks to perform on server certificates in a TLS session, > +@@ -461,7 +461,7 @@ Specifies if the Certificate Revocation > + used to verify if the server certificates have not been revoked. This > + requires > + .B TLS_CACERTDIR > +-parameter to be set. This parameter is ignored with GnuTLS and Mozilla NSS. > ++parameter to be set. This parameter is ignored with GnuTLS and Mozilla NSS. On Debian openldap is linked against GnuTLS. > + .B <level> > + can be specified as one of the following keywords: > + .RS > diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/ldapi-socket-place.patch b/meta-oe/recipes-support/openldap/openldap-2.4.39/ldapi-socket-place.patch > new file mode 100644 > index 0000000..a482bbf > --- /dev/null > +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/ldapi-socket-place.patch > @@ -0,0 +1,16 @@ > +Move the ldapi socket to /var/run/slapd from /var/run, since /var/run > +is only writable by root and slapd runs as openldap. > + > +Debian-specific. > + > +--- a/include/ldap_defaults.h > ++++ b/include/ldap_defaults.h > +@@ -39,7 +39,7 @@ > + #define LDAP_ENV_PREFIX "LDAP" > + > + /* default ldapi:// socket */ > +-#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "run" LDAP_DIRSEP "ldapi" > ++#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "run" LDAP_DIRSEP "slapd" LDAP_DIRSEP "ldapi" > + > + /* > + * SLAPD DEFINITIONS > diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/libldap-symbol-versions.patch b/meta-oe/recipes-support/openldap/openldap-2.4.39/libldap-symbol-versions.patch > new file mode 100644 > index 0000000..fb28f49 > --- /dev/null > +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/libldap-symbol-versions.patch > @@ -0,0 +1,161 @@ > +Add symbol versioning to the public LDAP libraries. This is required for > +library transitions, such as the current transition from 2.1 to 2.4, > +since programs will sometimes have both libraries loaded by different > +dependency chains during the transition. > + > +Not yet contributed upstream. > + > +Upstream ITS #5365 filed requesting symbol versioning for libldap and > +libber. > + > +--- a/libraries/libldap_r/Makefile.in > ++++ b/libraries/libldap_r/Makefile.in > +@@ -61,6 +61,9 @@ XXLIBS = $(SECURITY_LIBS) $(LUTIL_LIBS) > + XXXLIBS = $(LTHREAD_LIBS) > + NT_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) > + UNIX_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) $(LTHREAD_LIBS) > ++ifneq (,$(VERSION_OPTION)) > ++ VERSION_FLAGS = "$(VERSION_OPTION)$(XXDIR)/libldap.map" > ++endif > + > + .links : Makefile > + @for i in $(XXSRCS); do \ > +--- a/build/top.mk > ++++ b/build/top.mk > +@@ -104,6 +104,9 @@ LTFLAGS_MOD = $(@PLAT@_LTFLAGS_MOD) > + # LINK_LIBS referenced in library and module link commands. > + LINK_LIBS = $(MOD_LIBS) $(@PLAT@_LINK_LIBS) > + > ++# option to pass to $(CC) to support library symbol versioning, if any > ++VERSION_OPTION = @VERSION_OPTION@ > ++ > + LTSTATIC = @LTSTATIC@ > + > + LTLINK = $(LIBTOOL) --mode=link \ > +@@ -113,7 +116,7 @@ LTCOMPILE_LIB = $(LIBTOOL) $(LTONLY_LIB) > + $(CC) $(LT_CFLAGS) $(LT_CPPFLAGS) $(LIB_DEFS) -c > + > + LTLINK_LIB = $(LIBTOOL) $(LTONLY_LIB) --mode=link \ > +- $(CC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS_LIB) > ++ $(CC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS_LIB) $(VERSION_FLAGS) > + > + LTCOMPILE_MOD = $(LIBTOOL) $(LTONLY_MOD) --mode=compile \ > + $(CC) $(LT_CFLAGS) $(LT_CPPFLAGS) $(MOD_DEFS) -c > +--- a/build/openldap.m4 > ++++ b/build/openldap.m4 > +@@ -1136,3 +1136,54 @@ AC_DEFUN([OL_SSL_COMPAT], > + #endif > + ], [ol_cv_ssl_crl_compat=yes], [ol_cv_ssl_crl_compat=no])]) > + ]) > ++ > ++dnl ==================================================================== > ++dnl check for symbol versioning support > ++AC_DEFUN([OL_SYMBOL_VERSIONING], > ++[AC_CACHE_CHECK([for .symver assembler directive], > ++ [ol_cv_asm_symver_directive],[ > ++cat > conftest.s <<EOF > ++${libc_cv_dot_text} > ++_sym: > ++.symver _sym,sym@VERS > ++EOF > ++if ${CC-cc} -c $ASFLAGS conftest.s 1>&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD; then > ++ ol_cv_asm_symver_directive=yes > ++else > ++ ol_cv_asm_symver_directive=no > ++fi > ++rm -f conftest*]) > ++AC_CACHE_CHECK([for ld --version-script], > ++ [ol_cv_ld_version_script_option],[ > ++if test $ol_cv_asm_symver_directive = yes; then > ++ cat > conftest.s <<EOF > ++${libc_cv_dot_text} > ++_sym: > ++.symver _sym,sym@VERS > ++EOF > ++ cat > conftest.map <<EOF > ++VERS_1 { > ++ global: sym; > ++}; > ++ > ++VERS_2 { > ++ global: sym; > ++} VERS_1; > ++EOF > ++ if ${CC-cc} -c $ASFLAGS conftest.s 1>&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD; then > ++ if AC_TRY_COMMAND([${CC-cc} $CFLAGS $LDFLAGS -shared > ++ -o conftest.so conftest.o > ++ -Wl,--version-script,conftest.map > ++ 1>&AS_MESSAGE_LOG_FD]); > ++ then > ++ ol_cv_ld_version_script_option=yes > ++ else > ++ ol_cv_ld_version_script_option=no > ++ fi > ++ else > ++ ol_cv_ld_version_script_option=no > ++ fi > ++else > ++ ol_cv_ld_version_script_option=no > ++fi > ++rm -f conftest*])]) > +--- a/configure.in > ++++ b/configure.in > +@@ -1909,6 +1909,13 @@ else > + fi > + AC_SUBST(LTSTATIC)dnl > + > ++VERSION_OPTION="" > ++OL_SYMBOL_VERSIONING > ++if test $ol_cv_ld_version_script_option = yes ; then > ++ VERSION_OPTION="-Wl,--version-script=" > ++fi > ++AC_SUBST(VERSION_OPTION) > ++ > + dnl ---------------------------------------------------------------- > + if test $ol_enable_wrappers != no ; then > + AC_CHECK_HEADERS(tcpd.h,[ > +--- /dev/null > ++++ b/libraries/libldap/libldap.map > +@@ -0,0 +1,7 @@ > ++OPENLDAP_2.4_2 { > ++ global: > ++ ldap_*; > ++ ldif_*; > ++ local: > ++ *; > ++}; > +--- a/libraries/libldap/Makefile.in > ++++ b/libraries/libldap/Makefile.in > +@@ -52,6 +52,9 @@ XLIBS = $(LIBRARY) $(LDAP_LIBLBER_LA) $( > + XXLIBS = $(SECURITY_LIBS) $(LUTIL_LIBS) > + NT_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) > + UNIX_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) > ++ifneq (,$(VERSION_OPTION)) > ++ VERSION_FLAGS = $(VERSION_OPTION)$(srcdir)/libldap.map > ++endif > + > + apitest: $(XLIBS) apitest.o > + $(LTLINK) -o $@ apitest.o $(LIBS) > +--- a/libraries/liblber/Makefile.in > ++++ b/libraries/liblber/Makefile.in > +@@ -38,6 +38,9 @@ XLIBS = $(LIBRARY) $(LDAP_LIBLUTIL_A) > + XXLIBS = > + NT_LINK_LIBS = $(AC_LIBS) > + UNIX_LINK_LIBS = $(AC_LIBS) > ++ifneq (,$(VERSION_OPTION)) > ++ VERSION_FLAGS = "$(VERSION_OPTION)$(srcdir)/liblber.map" > ++endif > + > + dtest: $(XLIBS) dtest.o > + $(LTLINK) -o $@ dtest.o $(LIBS) > +--- /dev/null > ++++ b/libraries/liblber/liblber.map > +@@ -0,0 +1,8 @@ > ++OPENLDAP_2.4_2 { > ++ global: > ++ ber_*; > ++ der_alloc; > ++ lutil_*; > ++ local: > ++ *; > ++}; > diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/man-slapd.patch b/meta-oe/recipes-support/openldap/openldap-2.4.39/man-slapd.patch > new file mode 100644 > index 0000000..5f55137 > --- /dev/null > +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/man-slapd.patch > @@ -0,0 +1,60 @@ > +Patch the slapd man page to not refer to a header file that isn't > +installed with the slapd package and to reference the correct path > +for slapd. > + > +Debian-specific. > + > +--- a/doc/man/man8/slapd.8 > ++++ b/doc/man/man8/slapd.8 > +@@ -5,7 +5,7 @@ > + .SH NAME > + slapd \- Stand-alone LDAP Daemon > + .SH SYNOPSIS > +-.B LIBEXECDIR/slapd > ++.B /usr/sbin/slapd > + [\c > + .BR \-4 | \-6 ] > + [\c > +@@ -103,11 +103,10 @@ > + will not fork or disassociate from the invoking terminal. Some general > + operation and status messages are printed for any value of \fIdebug-level\fP. > + \fIdebug-level\fP is taken as a bit string, with each bit corresponding to a > +-different kind of debugging information. See <ldap_log.h> for details. > +-Comma-separated arrays of friendly names can be specified to select > +-debugging output of the corresponding debugging information. > +-All the names recognized by the \fIloglevel\fP directive > +-described in \fBslapd.conf\fP(5) are supported. > ++different kind of debugging information. Comma-separated arrays of friendly > ++names can be specified to select debugging output of the corresponding > ++debugging information. All the names recognized by the \fIloglevel\fP > ++directive described in \fBslapd.conf\fP(5) are supported. > + If \fIdebug-level\fP is \fB?\fP, a list of installed debug-levels is printed, > + and slapd exits. > + > +@@ -317,7 +316,7 @@ > + .LP > + .nf > + .ft tt > +- LIBEXECDIR/slapd > ++ /usr/sbin/slapd > + .ft > + .fi > + .LP > +@@ -328,7 +327,7 @@ > + .LP > + .nf > + .ft tt > +- LIBEXECDIR/slapd \-f /var/tmp/slapd.conf \-d 255 > ++ /usr/sbin/slapd \-f /var/tmp/slapd.conf \-d 255 > + .ft > + .fi > + .LP > +@@ -336,7 +335,7 @@ > + .LP > + .nf > + .ft tt > +- LIBEXECDIR/slapd \-Tt > ++ /usr/sbin/slapd \-Tt > + .ft > + .fi > + .LP > diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/no-AM_INIT_AUTOMAKE.patch b/meta-oe/recipes-support/openldap/openldap-2.4.39/no-AM_INIT_AUTOMAKE.patch > new file mode 100644 > index 0000000..8e7812d > --- /dev/null > +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/no-AM_INIT_AUTOMAKE.patch > @@ -0,0 +1,25 @@ > +Description: don't use AM_INIT_AUTOMAKE macro when we aren't using automake > + Calling AM_INIT_AUTOMAKE() in configure.in serves no purpose if we're not > + using automake, and it confuses autoreconf. Use AC_INIT() instead. > +Author: Steve Langasek <vorlon@debian.org> > + > +--- a/configure.in > ++++ b/configure.in > +@@ -26,7 +26,8 @@ dnl Configure.in for OpenLDAP > + AC_COPYRIGHT([[Copyright 1998-2014 The OpenLDAP Foundation. All rights reserved. > + Restrictions apply, see COPYRIGHT and LICENSE files.]]) > + AC_REVISION([$Id: 81bd528fb5194c83d688db355737b7715448b958 $]) > +-AC_INIT([OpenLDAP],,[http://www.openldap.org/its/]) > ++AC_INIT([OpenLDAP],[$OL_VERSION],[http://www.openldap.org/its/]) > ++AC_PROG_MAKE_SET > + m4_define([AC_PACKAGE_BUGREPORT],[<http://www.openldap.org/its/>]) > + AC_CONFIG_SRCDIR(build/version.sh)dnl > + dnl ---------------------------------------------------------------- > +@@ -69,7 +70,6 @@ dnl Determine host platform > + dnl we try not to use this for much > + AC_CANONICAL_TARGET([]) > + > +-AM_INIT_AUTOMAKE([$OL_PACKAGE],[$OL_VERSION], [no defines])dnl > + AC_SUBST(PACKAGE)dnl > + AC_SUBST(VERSION)dnl > + AC_DEFINE_UNQUOTED(OPENLDAP_PACKAGE,"$PACKAGE",Package) > diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/no-bdb-ABI-second-guessing.patch b/meta-oe/recipes-support/openldap/openldap-2.4.39/no-bdb-ABI-second-guessing.patch > new file mode 100644 > index 0000000..db76aa7 > --- /dev/null > +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/no-bdb-ABI-second-guessing.patch > @@ -0,0 +1,42 @@ > +Author: Steve Langasek <vorlon@debian.org> > +Description: don't second-guess BDB ABI > + OpenLDAP upstream conservatively assumes that any change to the version > + number of libdb can result in an API-breaking change that could impact > + the database. In Debian, we know that such changes require bumping the > + library soname and changing the package name, and demand such rigor from > + our package maintainers even when upstreams don't deliver; so any such > + check in the source code works against the packaging system by forcing > + database upgrades when we know none are required. Disable this check > + so we rely on the packaging system to do its job. > +Bug-Debian: http://bugs.debian.org/651333 > +Forwarded: not-needed > + > +--- a/servers/slapd/back-bdb/init.c > ++++ b/servers/slapd/back-bdb/init.c > +@@ -762,7 +762,7 @@ bdb_back_initialize( > + bi->bi_controls = controls; > + > + { /* version check */ > +- int major, minor, patch, ver; > ++ int major, minor, patch; > + char *version = db_version( &major, &minor, &patch ); > + #ifdef HAVE_EBCDIC > + char v2[1024]; > +@@ -776,17 +776,6 @@ bdb_back_initialize( > + version = v2; > + #endif > + > +- ver = (major << 24) | (minor << 16) | patch; > +- if( ver != DB_VERSION_FULL ) { > +- /* fail if a versions don't match */ > +- Debug( LDAP_DEBUG_ANY, > +- LDAP_XSTRING(bdb_back_initialize) ": " > +- "BDB library version mismatch:" > +- " expected " DB_VERSION_STRING "," > +- " got %s\n", version, 0, 0 ); > +- return -1; > +- } > +- > + Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_back_initialize) > + ": %s\n", version, 0, 0 ); > + } > diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/sasl-default-path.patch b/meta-oe/recipes-support/openldap/openldap-2.4.39/sasl-default-path.patch > new file mode 100644 > index 0000000..5ea240f > --- /dev/null > +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/sasl-default-path.patch > @@ -0,0 +1,55 @@ > +Add /etc/ldap/sasl2 to the SASL configuration search path. > + > +Not submitted upstream. Somewhat Debian-specific and probably not of > +interest upstream. > + > +--- a/include/ldap_defaults.h > ++++ b/include/ldap_defaults.h > +@@ -63,4 +63,6 @@ > + /* dn of the default "monitor" subentry */ > + #define SLAPD_MONITOR_DN "cn=Monitor" > + > ++#define SASL_CONFIGPATH LDAP_SYSCONFDIR LDAP_DIRSEP "sasl2" > ++ > + #endif /* _LDAP_CONFIG_H */ > +--- a/servers/slapd/sasl.c > ++++ b/servers/slapd/sasl.c > +@@ -1103,12 +1103,38 @@ static const rewrite_mapper slapd_mapper > + }; > + #endif > + > ++static int > ++slap_sasl_getconfpath( void * context, char ** path ) > ++{ > ++ char * sasl_default_configpath; > ++ size_t len; > ++ > ++#if SASL_VERSION_MAJOR >= 2 > ++ sasl_default_configpath = "/usr/lib/sasl2"; > ++#else > ++ sasl_default_configpath = "/usr/lib/sasl"; > ++#endif > ++ > ++ len = strlen(SASL_CONFIGPATH) + 1 /* colon */ + > ++ strlen(sasl_default_configpath) + 1 /* \0 */; > ++ *path = malloc( len ); > ++ if ( *path == NULL ) > ++ return SASL_FAIL; > ++ > ++ if (snprintf( *path, len, "%s:%s", SASL_CONFIGPATH, > ++ sasl_default_configpath ) != len-1 ) > ++ return SASL_FAIL; > ++ > ++ return SASL_OK; > ++} > ++ > + int slap_sasl_init( void ) > + { > + #ifdef HAVE_CYRUS_SASL > + int rc; > + static sasl_callback_t server_callbacks[] = { > + { SASL_CB_LOG, &slap_sasl_log, NULL }, > ++ { SASL_CB_GETCONFPATH, &slap_sasl_getconfpath, NULL }, > + { SASL_CB_GETOPT, &slap_sasl_getopt, NULL }, > + { SASL_CB_LIST_END, NULL, NULL } > + }; > diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/series b/meta-oe/recipes-support/openldap/openldap-2.4.39/series > new file mode 100644 > index 0000000..2f47de3 > --- /dev/null > +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/series > @@ -0,0 +1,21 @@ > +man-slapd > +evolution-ntlm > +slapi-errorlog-file > +ldapi-socket-place > +wrong-database-location > +index-files-created-as-root > +sasl-default-path > +libldap-symbol-versions > +getaddrinfo-is-threadsafe > +do-not-second-guess-sonames > +contrib-modules-use-dpkg-buildflags > +smbk5pwd-makefile > +autogroup-makefile > +ldap-conf-tls-cacertdir > +add-tlscacert-option-to-ldap-conf > +fix-ftbfs-binutils-gold > +fix-build-top-mk > +no-AM_INIT_AUTOMAKE > +switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff > +no-bdb-ABI-second-guessing > +heimdal-fix > diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/slapi-errorlog-file.patch b/meta-oe/recipes-support/openldap/openldap-2.4.39/slapi-errorlog-file.patch > new file mode 100644 > index 0000000..4899451 > --- /dev/null > +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/slapi-errorlog-file.patch > @@ -0,0 +1,16 @@ > +The slapi error log file defaults to /var/errors given our setting > +of --localstatedir. Move it to /var/log/slapi-errors instead. > + > +Debian-specific. > + > +--- a/servers/slapd/slapi/slapi_overlay.c > ++++ b/servers/slapd/slapi/slapi_overlay.c > +@@ -930,7 +930,7 @@ int slapi_over_config( BackendDB *be, Co > + ldap_pvt_thread_mutex_init( &slapi_printmessage_mutex ); > + > + if ( slapi_log_file == NULL ) > +- slapi_log_file = slapi_ch_strdup( LDAP_RUNDIR LDAP_DIRSEP "errors" ); > ++ slapi_log_file = slapi_ch_strdup( LDAP_RUNDIR LDAP_DIRSEP "log" LDAP_DIRSEP "slapi-errors" ); > + > + rc = slapi_int_init_object_extensions(); > + if ( rc != 0 ) > diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/smbk5pwd-makefile.patch b/meta-oe/recipes-support/openldap/openldap-2.4.39/smbk5pwd-makefile.patch > new file mode 100644 > index 0000000..17d1b56 > --- /dev/null > +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/smbk5pwd-makefile.patch > @@ -0,0 +1,53 @@ > +--- a/contrib/slapd-modules/smbk5pwd/Makefile > ++++ b/contrib/slapd-modules/smbk5pwd/Makefile > +@@ -14,17 +14,17 @@ > + > + LDAP_SRC = ../../.. > + LDAP_BUILD = ../../.. > +-LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd > +-LDAP_LIB = $(LDAP_BUILD)/libraries/libldap_r/libldap_r.la \ > +- $(LDAP_BUILD)/libraries/liblber/liblber.la > ++LDAP_INC = -I$(LDAP_BUILD)/debian/build/include -I$(LDAP_BUILD)/debian/build/servers/slapd -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd > ++LDAP_LIB = $(LDAP_BUILD)/debian/build/libraries/libldap_r/libldap_r.la \ > ++ $(LDAP_BUILD)/debian/build/libraries/liblber/liblber.la > + > + SSL_INC = > +-SSL_LIB = -lcrypto > ++SSL_LIB = -lgcrypt > + > +-HEIMDAL_INC = -I/usr/heimdal/include > +-HEIMDAL_LIB = -L/usr/heimdal/lib -lkrb5 -lkadm5srv > ++HEIMDAL_INC = -I/usr/include > ++HEIMDAL_LIB = -lkrb5 -lkadm5srv > + > +-LIBTOOL = $(LDAP_BUILD)/libtool > ++LIBTOOL = $(LDAP_BUILD)/debian/build/libtool > + CC = gcc > + OPT = -g -O2 -Wall > + # Omit DO_KRB5, DO_SAMBA or DO_SHADOW if you don't want to support it. > +@@ -35,13 +35,13 @@ LIBS = $(LDAP_LIB) $(HEIMDAL_LIB) $(SSL_ > + PROGRAMS = smbk5pwd.la > + LTVER = 0:0:0 > + > +-prefix=/usr/local > ++prefix=/usr > + exec_prefix=$(prefix) > +-ldap_subdir=/openldap > ++ldap_subdir=/ldap > + > + libdir=$(exec_prefix)/lib > + libexecdir=$(exec_prefix)/libexec > +-moduledir = $(libexecdir)$(ldap_subdir) > ++moduledir = $(libdir)$(ldap_subdir) > + > + .SUFFIXES: .c .o .lo > + > +@@ -55,7 +55,7 @@ smbk5pwd.la: smbk5pwd.lo > + -rpath $(moduledir) -module -o $@ $? $(LIBS) > + > + clean: > +- rm -rf *.o *.lo *.la .libs > ++ $(LIBTOOL) --mode=clean rm -f > + > + install: $(PROGRAMS) > + mkdir -p $(DESTDIR)$(moduledir) > diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff.patch b/meta-oe/recipes-support/openldap/openldap-2.4.39/switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff.patch > new file mode 100644 > index 0000000..f0dd4e1 > --- /dev/null > +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff.patch > @@ -0,0 +1,40 @@ > +From: Jan-Marek Glogowski <jan-marek.glogowski@muenchen.de> > +Date: Tue, 18 May 2010 17:47:05 +0200 > +Subject: Switch to lt_dlopenadvise() so back_perl can be opened with RTLD_GLOBAL. > + Open all modules with RTLD_GLOBAL, needed so that back_perl can load > + non-trivial Perl extensions that require symbols from back_perl.so itself. > +Bug-Debian: http://bugs.debian.org/327585 > + > +--- > +--- a/servers/slapd/module.c > ++++ b/servers/slapd/module.c > +@@ -117,6 +117,20 @@ int module_unload( const char *file_name > + return -1; /* not found */ > + } > + > ++static lt_dlhandle slapd_lt_dlopenext_global( const char *filename ) > ++{ > ++ lt_dlhandle handle = 0; > ++ lt_dladvise advise; > ++ > ++ if (!lt_dladvise_init (&advise) && !lt_dladvise_ext (&advise) > ++ && !lt_dladvise_global (&advise)) > ++ handle = lt_dlopenadvise (filename, advise); > ++ > ++ lt_dladvise_destroy (&advise); > ++ > ++ return handle; > ++} > ++ > + int module_load(const char* file_name, int argc, char *argv[]) > + { > + module_loaded_t *module; > +@@ -180,7 +194,7 @@ int module_load(const char* file_name, i > + * to calling Debug. This is because Debug is a macro that expands > + * into multiple function calls. > + */ > +- if ((module->lib = lt_dlopenext(file)) == NULL) { > ++ if ((module->lib = slapd_lt_dlopenext_global(file)) == NULL) { > + error = lt_dlerror(); > + #ifdef HAVE_EBCDIC > + strcpy( ebuf, error ); > diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.39/wrong-database-location.patch b/meta-oe/recipes-support/openldap/openldap-2.4.39/wrong-database-location.patch > new file mode 100644 > index 0000000..25d96cb > --- /dev/null > +++ b/meta-oe/recipes-support/openldap/openldap-2.4.39/wrong-database-location.patch > @@ -0,0 +1,74 @@ > +Move the default slapd database location to /var/lib/ldap instead of > +/var/openldap-data. > + > +Debian-specific. > + > +--- a/doc/man/man5/slapd-bdb.5 > ++++ b/doc/man/man5/slapd-bdb.5 > +@@ -131,7 +131,7 @@ Specify the directory where the BDB file > + associated indexes live. > + A separate directory must be specified for each database. > + The default is > +-.BR LOCALSTATEDIR/openldap\-data . > ++.BR LOCALSTATEDIR/lib/ldap . > + .TP > + .B dirtyread > + Allow reads of modified but not yet committed data. > +--- a/doc/man/man5/slapd.conf.5 > ++++ b/doc/man/man5/slapd.conf.5 > +@@ -2007,7 +2007,7 @@ suffix "dc=our\-domain,dc=com" > + # The database directory MUST exist prior to > + # running slapd AND should only be accessible > + # by the slapd/tools. Mode 0700 recommended. > +-directory LOCALSTATEDIR/openldap\-data > ++directory LOCALSTATEDIR/lib/ldap > + # Indices to maintain > + index objectClass eq > + index cn,sn,mail pres,eq,approx,sub > +--- a/include/ldap_defaults.h > ++++ b/include/ldap_defaults.h > +@@ -47,7 +47,7 @@ > + /* location of the default slapd config file */ > + #define SLAPD_DEFAULT_CONFIGFILE LDAP_SYSCONFDIR LDAP_DIRSEP "slapd.conf" > + #define SLAPD_DEFAULT_CONFIGDIR LDAP_SYSCONFDIR LDAP_DIRSEP "slapd.d" > +-#define SLAPD_DEFAULT_DB_DIR LDAP_RUNDIR LDAP_DIRSEP "openldap-data" > ++#define SLAPD_DEFAULT_DB_DIR LDAP_RUNDIR LDAP_DIRSEP "lib" LDAP_DIRSEP "ldap" > + #define SLAPD_DEFAULT_DB_MODE 0600 > + #define SLAPD_DEFAULT_UCDATA LDAP_DATADIR LDAP_DIRSEP "ucdata" > + /* default max deref depth for aliases */ > +--- a/servers/slapd/Makefile.in > ++++ b/servers/slapd/Makefile.in > +@@ -445,9 +445,9 @@ install-conf: FORCE > + > + install-db-config: FORCE > + @-$(MKDIR) $(DESTDIR)$(localstatedir) $(DESTDIR)$(sysconfdir) > +- @-$(INSTALL) -m 700 -d $(DESTDIR)$(localstatedir)/openldap-data > ++ @-$(INSTALL) -m 700 -d $(DESTDIR)$(localstatedir)/lib/ldap > + $(INSTALL) $(INSTALLFLAGS) -m 600 $(srcdir)/DB_CONFIG \ > +- $(DESTDIR)$(localstatedir)/openldap-data/DB_CONFIG.example > ++ $(DESTDIR)$(localstatedir)/lib/ldap/DB_CONFIG.example > + $(INSTALL) $(INSTALLFLAGS) -m 600 $(srcdir)/DB_CONFIG \ > + $(DESTDIR)$(sysconfdir)/DB_CONFIG.example > + > +--- a/doc/man/man5/slapd-config.5 > ++++ b/doc/man/man5/slapd-config.5 > +@@ -2051,7 +2051,7 @@ olcSuffix: "dc=our\-domain,dc=com" > + # The database directory MUST exist prior to > + # running slapd AND should only be accessible > + # by the slapd/tools. Mode 0700 recommended. > +-olcDbDirectory: LOCALSTATEDIR/openldap\-data > ++olcDbDirectory: LOCALSTATEDIR/lib/ldap > + # Indices to maintain > + olcDbIndex: objectClass eq > + olcDbIndex: cn,sn,mail pres,eq,approx,sub > +--- a/doc/man/man5/slapd-mdb.5 > ++++ b/doc/man/man5/slapd-mdb.5 > +@@ -52,7 +52,7 @@ Specify the directory where the LMDB fil > + associated indexes live. > + A separate directory must be specified for each database. > + The default is > +-.BR LOCALSTATEDIR/openldap\-data . > ++.BR LOCALSTATEDIR/lib/ldap . > + .TP > + \fBenvflags \fR{\fBnosync\fR,\fBnometasync\fR,\fBwritemap\fR,\fBmapasync\fR,\fBnordahead\fR} > + Specify flags for finer-grained control of the LMDB library's operation. > diff --git a/meta-oe/recipes-support/openldap/openldap_2.4.39.bb b/meta-oe/recipes-support/openldap/openldap_2.4.39.bb > new file mode 100644 > index 0000000..3048c8e > --- /dev/null > +++ b/meta-oe/recipes-support/openldap/openldap_2.4.39.bb > @@ -0,0 +1,182 @@ > +# OpenLDAP, a license free (see http://www.OpenLDAP.org/license.html) > +# > +DESCRIPTION = "OpenLDAP Software is an open source implementation of the Lightweight Directory Access Protocol." > +HOMEPAGE = "http://www.OpenLDAP.org/license.html" > +# The OpenLDAP Public License - see the HOMEPAGE - defines > +# the license. www.openldap.org claims this is Open Source > +# (see http://www.openldap.org), the license appears to be > +# basically BSD. opensource.org does not record this license > +# at present (so it is apparently not OSI certified). > +LICENSE = "OpenLDAP" > +LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=f2bdbaa4f50199a00b6de2ca7ec1db05" > +SECTION = "libs" > + > +# patches taken from Debian > +SRC_URI = "\ > + ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz \ > + file://man-slapd.patch \ > + file://evolution-ntlm.patch \ > + file://slapi-errorlog-file.patch \ > + file://ldapi-socket-place.patch \ > + file://wrong-database-location.patch \ > + file://index-files-created-as-root.patch \ > + file://sasl-default-path.patch \ > + file://libldap-symbol-versions.patch \ > + file://getaddrinfo-is-threadsafe.patch \ > + file://do-not-second-guess-sonames.patch \ > + file://contrib-modules-use-dpkg-buildflags.patch \ > + file://smbk5pwd-makefile.patch \ > + file://autogroup-makefile.patch \ > + file://ldap-conf-tls-cacertdir.patch \ > + file://add-tlscacert-option-to-ldap-conf.patch \ > + file://fix-ftbfs-binutils-gold.patch \ > + file://fix-build-top-mk.patch \ > + file://no-AM_INIT_AUTOMAKE.patch \ > + file://switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff.patch \ > + file://no-bdb-ABI-second-guessing.patch \ > + file://heimdal-fix.patch \ > +" > +SRC_URI[md5sum] = "b0d5ee4b252c841dec6b332d679cf943" > +SRC_URI[sha256sum] = "8267c87347103fef56b783b24877c0feda1063d3cb85d070e503d076584bf8a7" > + > +DEPENDS = "util-linux groff-native db" > + > +PR = "r0" > +# The original top.mk used INSTALL, not INSTALL_STRIP_PROGRAM when > +# installing .so and executables, this fails in cross compilation > +# environments > +SRC_URI += "file://install-strip.patch" > + > +# inherit autotools > +inherit autotools-brokensep > + > +# CV SETTINGS > +# Required to work round AC_FUNC_MEMCMP which gets the wrong answer > +# when cross compiling (should be in site?) > +EXTRA_OECONF += "ac_cv_func_memcmp_working=yes" > + > +# CONFIG DEFINITIONS > +# The following is necessary because it cannot be determined for a > +# cross compile automagically. Select should yield fine on all OE > +# systems... > +EXTRA_OECONF += "--with-yielding-select=yes" > +# Shared libraries are nice... > +EXTRA_OECONF += "--enable-dynamic" > + > +PACKAGECONFIG ??= "openssl modules \ > + ldap meta monitor null passwd shell proxycache dnssrv \ > + bdb hdb mdb sasl \ > +" > +#--with-tls with TLS/SSL support auto|openssl|gnutls [auto] > +PACKAGECONFIG[gnutls] = "--with-tls=gnutls,,gnutls" > +PACKAGECONFIG[openssl] = "--with-tls=openssl,,openssl" > + > +PACKAGECONFIG[sasl] = "--with-cyrus-sasl,--without-cyrus-sasl,cyrus-sasl" > +PACKAGECONFIG[modules] = "lt_cv_dlopen_self=yes --enable-modules,--disable-modules,libtool" > + > +# SLAPD options > +# > +# UNIX crypt(3) passwd support: > +EXTRA_OECONF += "--enable-crypt" > + > +EXTRA_OECONF += "--enable-ipv6" > + > +# SLAPD BACKEND > +# > +# The backend must be set by the configuration. This controls the > +# required database, the default database, bdb, is turned off but > +# can be turned back on again and it *is* below! The monitor backend > +# is also disabled. If you try to change the backends but fail to > +# enable a single one the build will fail in an obvious way. > +# > +# EXTRA_OECONF += "--disable-bdb --disable-hdb --disable-monitor" > +# > +# Backends="bdb dnssrv hdb ldap ldbm meta monitor null passwd perl shell sql" > +# > +# Note that multiple backends can be built. The ldbm backend requires a > +# build-time choice of database API. The bdb backend forces this to be > +# DB4. To use the gdbm (or other) API the Berkely database module must > +# be removed from the build. > +md = "${libexecdir}/openldap" > +# > +#--enable-bdb enable Berkeley DB backend no|yes|mod yes > +# The Berkely DB is the standard choice. This version of OpenLDAP requires > +# the version 4 implementation or better. > +PACKAGECONFIG[bdb] = "--enable-bdb=mod,--enable-bdb=no,db" > + > +#--enable-dnssrv enable dnssrv backend no|yes|mod no > +PACKAGECONFIG[dnssrv] = "--enable-dnssrv=mod,--enable-dnssrv=no" > + > +#--enable-hdb enable Hierarchical DB backend no|yes|mod no > +# This forces ldbm to use Berkeley too, remove to use gdbm > +PACKAGECONFIG[hdb] = "--enable-hdb=mod,--enable-hdb=no,db" > + > +#--enable-ldap enable ldap backend no|yes|mod no > +PACKAGECONFIG[ldap] = "--enable-ldap=mod,--enable-ldap=no," > + > +#--enable-ldbm enable ldbm backend no|yes|mod no > +# ldbm requires further specification of the underlying database API, because > +# bdb is enabled above this must be set to berkeley, however the config > +# defaults this correctly so --with-ldbm-api is *not* set. The build will > +# fail if bdb is removed, but no database is built to provide the > +# support for ldbm > +# guide.html:<P>back-ldbm was both slow and unreliable. Its byzantine indexing code was prone to spontaneous corruption, as were the underlying database libraries that were commonly used (e.g. GDBM or NDBM). back-bdb and back-hdb are superior in every aspect, with simplified indexing to avoid index corruption, fine-grained locking for greater concurrency, hierarchical caching for greater performance, streamlined on-disk format for greater efficiency and portability, and full transaction support for greater reliability.</P> > +# configure: WARNING: unrecognized options: --disable-silent-rules, --enable-ldbm, --with-ldbm-api > +#PACKAGECONFIG[ldbm] = "--enable-ldbm=mod --with-ldbm-api=gdbm,--enable-ldbm-no,gdbm" > + > +#--enable-meta enable metadirectory backend no|yes|mod no > +PACKAGECONFIG[meta] = "--enable-meta=mod,--enable-meta=no," > + > +#--enable-monitor enable monitor backend no|yes|mod yes > +PACKAGECONFIG[monitor] = "--enable-monitor=mod,--enable-monitor=no," > + > +#--enable-null enable null backend no|yes|mod no > +PACKAGECONFIG[null] = "--enable-null=mod,--enable-null=no," > + > +#--enable-passwd enable passwd backend no|yes|mod no > +PACKAGECONFIG[passwd] = "--enable-passwd=mod,--enable-passwd=no," > + > +# disabling perl support - host contamination issues > +# > +#--enable-perl enable perl backend no|yes|mod no > +# This requires a loadable perl dynamic library, if enabled without > +# doing something appropriate (building perl?) the build will pick > +# up the build machine perl - not good (inherit perlnative?) > +# PACKAGECONFIG[perl] = "--enable-perl=mod,--enable-perl=no,perl" > + > +#--enable-shell enable shell backend no|yes|mod no > +# configure: WARNING: Use of --without-threads is recommended with back-shell > +PACKAGECONFIG[shell] = "--enable-shell=mod --without-threads,--enable-shell=no," > + > +#--enable-sql enable sql backend no|yes|mod no > +# sql requires some sql backend which provides sql.h, sqlite* provides > +# sqlite.h (which may be compatible but hasn't been tried.) > +PACKAGECONFIG[sql] = "--enable-sql=mod,--enable-sql=no,sqlite3" > + > +#--enable-dyngroup Dynamic Group overlay no|yes|mod no > +# This is a demo, Proxy Cache defines init_module which conflicts with the > +# same symbol in dyngroup > +PACKAGECONFIG[dyngroup] = "--enable-dyngroup=mod,--enable-dyngroup=no," > + > +#--enable-proxycache Proxy Cache overlay no|yes|mod no > +PACKAGECONFIG[proxycache] = "--enable-proxycache=mod,--enable-proxycache=no," > + > +#--enable-mdb enable mdb database backend no|yes|mod no > +PACKAGECONFIG[mdb] = "--enable-mdb=mod,--enable-mdb=no," > + > +CPPFLAGS_append = " -D_GNU_SOURCE" > + > +do_configure() { > + cp ${STAGING_DATADIR_NATIVE}/libtool/config/ltmain.sh ${S}/build > + rm -f ${S}/libtool > + rm -f ${S}/libtool > + aclocal > + libtoolize --force --copy > + gnu-configize > + autoconf > + oe_runconf > +} > + > +FILES_${PN}-dev = "${includedir} ${libdir}/lib*.so ${libdir}/*.la ${libdir}/*.a ${libexecdir}/openldap/*.a ${libexecdir}/openldap/*.la ${libexecdir}/openldap/*.so" > +FILES_${PN}-dbg += "${libexecdir}/openldap/.debug" > + > -- > 1.8.3.2 > > -- > _______________________________________________ > Openembedded-devel mailing list > Openembedded-devel@lists.openembedded.org > http://lists.openembedded.org/mailman/listinfo/openembedded-devel