[Pkg-openldap-devel] r1129 - openldap/trunk/debian/patches
matthijs at alioth.debian.org
matthijs at alioth.debian.org
Sun May 25 15:17:14 UTC 2008
Author: matthijs
Date: 2008-05-25 15:17:12 +0000 (Sun, 25 May 2008)
New Revision: 1129
Removed:
openldap/trunk/debian/patches/entryCSN-backwards-compatibility
openldap/trunk/debian/patches/libldap_r-link
openldap/trunk/debian/patches/sasl-cleartext-strncasecmp
openldap/trunk/debian/patches/slapd-tlsverifyclient-default
Modified:
openldap/trunk/debian/patches/series
Log:
* Removed patches applied upstream.
Deleted: openldap/trunk/debian/patches/entryCSN-backwards-compatibility
===================================================================
--- openldap/trunk/debian/patches/entryCSN-backwards-compatibility 2008-05-25 14:29:31 UTC (rev 1128)
+++ openldap/trunk/debian/patches/entryCSN-backwards-compatibility 2008-05-25 15:17:12 UTC (rev 1129)
@@ -1,255 +0,0 @@
-Patch from Pierangelo Masarati <ando at sys-net.it>
-
-Support transitioning old entryCSN syntax to the current syntax on
-slapadd, fixing a problem reported on upgrades from 2.3.38. (ITS #5348,
-Debian bug #462099)
-
-Patch committed upstream.
-
-Index: trunk/servers/slapd/schema_init.c
-===================================================================
---- trunk.orig/servers/slapd/schema_init.c
-+++ trunk/servers/slapd/schema_init.c
-@@ -3561,6 +3561,114 @@
- return hexValidate( NULL, &bv );
- }
-
-+/* Normalize a CSN in OpenLDAP 2.1 format */
-+static int
-+csnNormalize21(
-+ slap_mask_t usage,
-+ Syntax *syntax,
-+ MatchingRule *mr,
-+ struct berval *val,
-+ struct berval *normalized,
-+ void *ctx )
-+{
-+ struct berval gt, cnt, sid, mod;
-+ struct berval bv;
-+ char buf[ STRLENOF( "YYYYmmddHHMMSS.uuuuuuZ#SSSSSS#SID#ssssss" ) + 1 ];
-+ char *ptr;
-+ int i;
-+
-+ assert( SLAP_MR_IS_VALUE_OF_SYNTAX( usage ) != 0 );
-+ assert( !BER_BVISEMPTY( val ) );
-+
-+ gt = *val;
-+
-+ ptr = ber_bvchr( >, '#' );
-+ if ( ptr == NULL || ptr - gt.bv_val == gt.bv_len ) {
-+ return LDAP_INVALID_SYNTAX;
-+ }
-+
-+ gt.bv_len = ptr - gt.bv_val;
-+ if ( gt.bv_len != STRLENOF( "YYYYmmddHH:MM:SSZ" ) ) {
-+ return LDAP_INVALID_SYNTAX;
-+ }
-+
-+ if ( gt.bv_val[ 10 ] != ':' || gt.bv_val[ 13 ] != ':' ) {
-+ return LDAP_INVALID_SYNTAX;
-+ }
-+
-+ cnt.bv_val = ptr + 1;
-+ cnt.bv_len = val->bv_len - ( cnt.bv_val - val->bv_val );
-+
-+ ptr = ber_bvchr( &cnt, '#' );
-+ if ( ptr == NULL || ptr - val->bv_val == val->bv_len ) {
-+ return LDAP_INVALID_SYNTAX;
-+ }
-+
-+ cnt.bv_len = ptr - cnt.bv_val;
-+ if ( cnt.bv_len != STRLENOF( "0x0000" ) ) {
-+ return LDAP_INVALID_SYNTAX;
-+ }
-+
-+ if ( strncmp( cnt.bv_val, "0x", STRLENOF( "0x" ) ) != 0 ) {
-+ return LDAP_INVALID_SYNTAX;
-+ }
-+
-+ cnt.bv_val += STRLENOF( "0x" );
-+ cnt.bv_len -= STRLENOF( "0x" );
-+
-+ sid.bv_val = ptr + 1;
-+ sid.bv_len = val->bv_len - ( sid.bv_val - val->bv_val );
-+
-+ ptr = ber_bvchr( &sid, '#' );
-+ if ( ptr == NULL || ptr - val->bv_val == val->bv_len ) {
-+ return LDAP_INVALID_SYNTAX;
-+ }
-+
-+ sid.bv_len = ptr - sid.bv_val;
-+ if ( sid.bv_len != STRLENOF( "0" ) ) {
-+ return LDAP_INVALID_SYNTAX;
-+ }
-+
-+ mod.bv_val = ptr + 1;
-+ mod.bv_len = val->bv_len - ( mod.bv_val - val->bv_val );
-+ if ( mod.bv_len != STRLENOF( "0000" ) ) {
-+ return LDAP_INVALID_SYNTAX;
-+ }
-+
-+ bv.bv_len = STRLENOF( "YYYYmmddHHMMSS.uuuuuuZ#SSSSSS#SID#ssssss" );
-+ bv.bv_val = buf;
-+
-+ ptr = bv.bv_val;
-+ ptr = lutil_strncopy( ptr, gt.bv_val, STRLENOF( "YYYYmmddHH" ) );
-+ ptr = lutil_strncopy( ptr, >.bv_val[ STRLENOF( "YYYYmmddHH:" ) ],
-+ STRLENOF( "MM" ) );
-+ ptr = lutil_strncopy( ptr, >.bv_val[ STRLENOF( "YYYYmmddHH:MM:" ) ],
-+ STRLENOF( "SS" ) );
-+ ptr = lutil_strcopy( ptr, ".000000Z#00" );
-+ ptr = lutil_strncopy( ptr, cnt.bv_val, cnt.bv_len );
-+ *ptr++ = '#';
-+ *ptr++ = '0';
-+ *ptr++ = '0';
-+ *ptr++ = sid.bv_val[ 0 ];
-+ *ptr++ = '#';
-+ *ptr++ = '0';
-+ *ptr++ = '0';
-+ for ( i = 0; i < mod.bv_len; i++ ) {
-+ *ptr++ = TOLOWER( mod.bv_val[ i ] );
-+ }
-+ *ptr = '\0';
-+
-+ assert( ptr - bv.bv_val == bv.bv_len );
-+
-+ if ( csnValidate( syntax, &bv ) != LDAP_SUCCESS ) {
-+ return LDAP_INVALID_SYNTAX;
-+ }
-+
-+ ber_dupbv_x( normalized, &bv, ctx );
-+
-+ return LDAP_SUCCESS;
-+}
-+
- /* Normalize a CSN in OpenLDAP 2.3 format */
- static int
- csnNormalize23(
-@@ -3572,6 +3680,8 @@
- void *ctx )
- {
- struct berval gt, cnt, sid, mod;
-+ struct berval bv;
-+ char buf[ STRLENOF( "YYYYmmddHHMMSS.uuuuuuZ#SSSSSS#SID#ssssss" ) + 1 ];
- char *ptr;
- int i;
-
-@@ -3586,7 +3696,9 @@
- }
-
- gt.bv_len = ptr - gt.bv_val;
-- assert( gt.bv_len == STRLENOF( "YYYYmmddHHMMSSZ" ) );
-+ if ( gt.bv_len != STRLENOF( "YYYYmmddHHMMSSZ" ) ) {
-+ return LDAP_INVALID_SYNTAX;
-+ }
-
- cnt.bv_val = ptr + 1;
- cnt.bv_len = val->bv_len - ( cnt.bv_val - val->bv_val );
-@@ -3597,7 +3709,9 @@
- }
-
- cnt.bv_len = ptr - cnt.bv_val;
-- assert( cnt.bv_len == STRLENOF( "000000" ) );
-+ if ( cnt.bv_len != STRLENOF( "000000" ) ) {
-+ return LDAP_INVALID_SYNTAX;
-+ }
-
- sid.bv_val = ptr + 1;
- sid.bv_len = val->bv_len - ( sid.bv_val - val->bv_val );
-@@ -3608,16 +3722,20 @@
- }
-
- sid.bv_len = ptr - sid.bv_val;
-- assert( sid.bv_len == STRLENOF( "00" ) );
-+ if ( sid.bv_len != STRLENOF( "00" ) ) {
-+ return LDAP_INVALID_SYNTAX;
-+ }
-
- mod.bv_val = ptr + 1;
- mod.bv_len = val->bv_len - ( mod.bv_val - val->bv_val );
-- assert( mod.bv_len == STRLENOF( "000000" ) );
-+ if ( mod.bv_len != STRLENOF( "000000" ) ) {
-+ return LDAP_INVALID_SYNTAX;
-+ }
-
-- normalized->bv_len = STRLENOF( "YYYYmmddHHMMSS.uuuuuuZ#SSSSSS#SID#ssssss" );
-- normalized->bv_val = ber_memalloc_x( normalized->bv_len + 1, ctx );
-+ bv.bv_len = STRLENOF( "YYYYmmddHHMMSS.uuuuuuZ#SSSSSS#SID#ssssss" );
-+ bv.bv_val = buf;
-
-- ptr = normalized->bv_val;
-+ ptr = bv.bv_val;
- ptr = lutil_strncopy( ptr, gt.bv_val, gt.bv_len - 1 );
- ptr = lutil_strcopy( ptr, ".000000Z#" );
- ptr = lutil_strncopy( ptr, cnt.bv_val, cnt.bv_len );
-@@ -3632,7 +3750,12 @@
- }
- *ptr = '\0';
-
-- assert( ptr - normalized->bv_val == normalized->bv_len );
-+ assert( ptr - bv.bv_val == bv.bv_len );
-+ if ( csnValidate( syntax, &bv ) != LDAP_SUCCESS ) {
-+ return LDAP_INVALID_SYNTAX;
-+ }
-+
-+ ber_dupbv_x( normalized, &bv, ctx );
-
- return LDAP_SUCCESS;
- }
-@@ -3666,14 +3789,24 @@
- return csnNormalize23( usage, syntax, mr, val, normalized, ctx );
- }
-
-- assert( val->bv_len == STRLENOF( "YYYYmmddHHMMSS.uuuuuuZ#SSSSSS#SID#ssssss" ) );
-+ if ( val->bv_len == STRLENOF( "YYYYmmddHH:MM:SSZ#0xSSSS#I#ssss" ) ) {
-+ /* Openldap 2.1 */
-+
-+ return csnNormalize21( usage, syntax, mr, val, normalized, ctx );
-+ }
-+
-+ if ( val->bv_len != STRLENOF( "YYYYmmddHHMMSS.uuuuuuZ#SSSSSS#SID#ssssss" ) ) {
-+ return LDAP_INVALID_SYNTAX;
-+ }
-
- ptr = ber_bvchr( val, '#' );
- if ( ptr == NULL || ptr - val->bv_val == val->bv_len ) {
- return LDAP_INVALID_SYNTAX;
- }
-
-- assert( ptr - val->bv_val == STRLENOF( "YYYYmmddHHMMSS.uuuuuuZ" ) );
-+ if ( ptr - val->bv_val != STRLENOF( "YYYYmmddHHMMSS.uuuuuuZ" ) ) {
-+ return LDAP_INVALID_SYNTAX;
-+ }
-
- cnt.bv_val = ptr + 1;
- cnt.bv_len = val->bv_len - ( cnt.bv_val - val->bv_val );
-@@ -3683,7 +3816,9 @@
- return LDAP_INVALID_SYNTAX;
- }
-
-- assert( ptr - cnt.bv_val == STRLENOF( "000000" ) );
-+ if ( ptr - cnt.bv_val != STRLENOF( "000000" ) ) {
-+ return LDAP_INVALID_SYNTAX;
-+ }
-
- sid.bv_val = ptr + 1;
- sid.bv_len = val->bv_len - ( sid.bv_val - val->bv_val );
-@@ -3694,12 +3829,16 @@
- }
-
- sid.bv_len = ptr - sid.bv_val;
-- assert( sid.bv_len == STRLENOF( "000" ) );
-+ if ( sid.bv_len != STRLENOF( "000" ) ) {
-+ return LDAP_INVALID_SYNTAX;
-+ }
-
- mod.bv_val = ptr + 1;
- mod.bv_len = val->bv_len - ( mod.bv_val - val->bv_val );
-
-- assert( mod.bv_len == STRLENOF( "000000" ) );
-+ if ( mod.bv_len != STRLENOF( "000000" ) ) {
-+ return LDAP_INVALID_SYNTAX;
-+ }
-
- ber_dupbv_x( normalized, val, ctx );
-
Deleted: openldap/trunk/debian/patches/libldap_r-link
===================================================================
--- openldap/trunk/debian/patches/libldap_r-link 2008-05-25 14:29:31 UTC (rev 1128)
+++ openldap/trunk/debian/patches/libldap_r-link 2008-05-25 15:17:12 UTC (rev 1129)
@@ -1,15 +0,0 @@
-Link libldap_r directly with the threading libraries. Otherwise, it gets
-unversioned references to the pthread symbols, which is a time bomb should
-the ABI ever change (as it did with glibc on alpha in the past).
-
---- trunk.orig/libraries/libldap_r/Makefile.in
-+++ trunk/libraries/libldap_r/Makefile.in
-@@ -56,7 +56,7 @@
- XXLIBS = $(SECURITY_LIBS) $(LUTIL_LIBS)
- XXXLIBS = $(LTHREAD_LIBS)
- NT_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS)
--UNIX_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS)
-+UNIX_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) $(LTHREAD_LIBS)
-
- .links : Makefile
- @for i in $(XXSRCS); do \
Deleted: openldap/trunk/debian/patches/sasl-cleartext-strncasecmp
===================================================================
--- openldap/trunk/debian/patches/sasl-cleartext-strncasecmp 2008-05-25 14:29:31 UTC (rev 1128)
+++ openldap/trunk/debian/patches/sasl-cleartext-strncasecmp 2008-05-25 15:17:12 UTC (rev 1129)
@@ -1,25 +0,0 @@
-Author: Steve Langasek <vorlon at debian.org>
-
-Fix a regression introduced by wholesale replacement of strncasecmp()
-with ber_bvstrcasecmp(): this code deliberately used strncasecmp() to
-check for {CLEARTEXT} as an initial substring of the userPassword field,
-changing this to strcasecmp() breaks the use of the {CLEARTEXT} password
-scheme for sasl auth.
-
-Forwarded as ITS#5368, committed to upstream CVS.
-
-Index: servers/slapd/sasl.c
-===================================================================
---- servers/slapd/sasl.c (revision 1086)
-+++ servers/slapd/sasl.c (working copy)
-@@ -237,7 +237,9 @@
- * past the scheme name, skip this value.
- */
- #ifdef SLAPD_CLEARTEXT
-- if ( !ber_bvstrcasecmp( bv, &sc_cleartext ) ) {
-+ if ( !strncasecmp( bv->bv_val, sc_cleartext.bv_val,
-+ sc_cleartext.bv_len ))
-+ {
- struct berval cbv;
- cbv.bv_len = bv->bv_len - sc_cleartext.bv_len;
- if ( cbv.bv_len > 0 ) {
Modified: openldap/trunk/debian/patches/series
===================================================================
--- openldap/trunk/debian/patches/series 2008-05-25 14:29:31 UTC (rev 1128)
+++ openldap/trunk/debian/patches/series 2008-05-25 15:17:12 UTC (rev 1129)
@@ -1,6 +1,5 @@
man-slapd -p0
evolution-ntlm
-libldap_r-link
add-autogen-sh
slapi-errorlog-file -p0
ldapi-socket-place -p0
@@ -9,7 +8,4 @@
sasl-default-path -p0
libldap-symbol-versions
gnutls-ciphers
-entryCSN-backwards-compatibility
-slapd-tlsverifyclient-default -p0
getaddrinfo-is-threadsafe
-sasl-cleartext-strncasecmp -p0
Deleted: openldap/trunk/debian/patches/slapd-tlsverifyclient-default
===================================================================
--- openldap/trunk/debian/patches/slapd-tlsverifyclient-default 2008-05-25 14:29:31 UTC (rev 1128)
+++ openldap/trunk/debian/patches/slapd-tlsverifyclient-default 2008-05-25 15:17:12 UTC (rev 1129)
@@ -1,49 +0,0 @@
-Author: Steve Langasek <vorlon at debian.org>
-
-Set the default value for client certificate checking with TLS/SSL in
-the per-context options, not in the "global" options which are in fact
-never used within slapd.
-
-Partially addresses Debian bug #462588.
-
-Forwarded as ITS#5360, committed to upstream CVS.
-
-Index: servers/slapd/main.c
-===================================================================
---- servers/slapd/main.c (revision 1074)
-+++ servers/slapd/main.c (working copy)
-@@ -736,6 +736,13 @@
- SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 20 );
- goto destroy;
- }
-+ /* Library defaults to full certificate checking. This is correct when
-+ * a client is verifying a server because all servers should have a
-+ * valid cert. But few clients have valid certs, so we want our default
-+ * to be no checking. The config file can override this as usual.
-+ */
-+ rc = LDAP_OPT_X_TLS_NEVER;
-+ (void) ldap_pvt_tls_set_option( slap_tls_ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &rc );
- #endif
-
- rc = slap_init( serverMode, serverName );
-Index: servers/slapd/init.c
-===================================================================
---- servers/slapd/init.c (revision 1074)
-+++ servers/slapd/init.c (working copy)
-@@ -179,16 +179,6 @@
- return 1;
- }
-
--#ifdef HAVE_TLS
-- /* Library defaults to full certificate checking. This is correct when
-- * a client is verifying a server because all servers should have a
-- * valid cert. But few clients have valid certs, so we want our default
-- * to be no checking. The config file can override this as usual.
-- */
-- rc = 0;
-- (void) ldap_pvt_tls_set_option( NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &rc );
--#endif
--
- if ( frontend_init() ) {
- slap_debug |= LDAP_DEBUG_NONE;
- Debug( LDAP_DEBUG_ANY,
More information about the Pkg-openldap-devel
mailing list