diff options
Diffstat (limited to 'debian/patches')
| -rw-r--r-- | debian/patches/64-bit-time-t-compat.patch | 389 | ||||
| -rw-r--r-- | debian/patches/add-tlscacert-option-to-ldap-conf | 12 | ||||
| -rw-r--r-- | debian/patches/contrib-makefiles | 75 | ||||
| -rw-r--r-- | debian/patches/debian-version | 16 | ||||
| -rw-r--r-- | debian/patches/do-not-second-guess-sonames | 73 | ||||
| -rw-r--r-- | debian/patches/fix-build-top-mk | 13 | ||||
| -rw-r--r-- | debian/patches/getaddrinfo-is-threadsafe | 47 | ||||
| -rw-r--r-- | debian/patches/index-files-created-as-root | 41 | ||||
| -rw-r--r-- | debian/patches/ldap-conf-tls-cacertdir | 29 | ||||
| -rw-r--r-- | debian/patches/ldapi-socket-place | 18 | ||||
| -rw-r--r-- | debian/patches/man-slapd | 62 | ||||
| -rw-r--r-- | debian/patches/sasl-default-path | 59 | ||||
| -rw-r--r-- | debian/patches/series | 16 | ||||
| -rw-r--r-- | debian/patches/set-maintainer-name | 18 | ||||
| -rw-r--r-- | debian/patches/slapi-errorlog-file | 18 | ||||
| -rw-r--r-- | debian/patches/switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff | 42 | ||||
| -rw-r--r-- | debian/patches/wrong-database-location | 73 |
17 files changed, 1001 insertions, 0 deletions
diff --git a/debian/patches/64-bit-time-t-compat.patch b/debian/patches/64-bit-time-t-compat.patch new file mode 100644 index 0000000..aa72bae --- /dev/null +++ b/debian/patches/64-bit-time-t-compat.patch @@ -0,0 +1,389 @@ +Description: handle sizeof(time_t) > sizeof(long) in format strings + 64-bit time_t means that on some architectures, time_t is now larger than + a long, and making some references in format strings incorrect. To avoid + truncation or other size mismatch issues, always cast to a long long and + read using %lld. + . + Fixes an assertion failure detected during build-time tests on armhf: + slapd: ../../../../../servers/slapd/overlays/dds.c:422: dds_op_add: Assertion `bv.bv_len < sizeof( ttlbuf )' failed. +Author: Steve Langasek <steve.langasek@canonical.com> +Last-Update: 2024-03-11 +Forwarded: no + +Index: openldap/libraries/libldap/os-ip.c +=================================================================== +--- openldap.orig/libraries/libldap/os-ip.c ++++ openldap/libraries/libldap/os-ip.c +@@ -287,8 +287,8 @@ + int rc; + + +- Debug2(LDAP_DEBUG_TRACE, "ldap_int_poll: fd: %d tm: %ld\n", +- s, tvp ? tvp->tv_sec : -1L ); ++ Debug2(LDAP_DEBUG_TRACE, "ldap_int_poll: fd: %d tm: %lld\n", ++ s, (long long)(tvp ? tvp->tv_sec : -1L) ); + + #ifdef HAVE_POLL + { +@@ -439,8 +439,8 @@ + } + + Debug3(LDAP_DEBUG_TRACE, +- "ldap_pvt_connect: fd: %d tm: %ld async: %d\n", +- s, opt_tv ? tv.tv_sec : -1L, async); ++ "ldap_pvt_connect: fd: %d tm: %lld async: %d\n", ++ s, (long long)(opt_tv ? tv.tv_sec : -1L), async); + + if ( opt_tv && ldap_pvt_ndelay_on(ld, s) == -1 ) + return ( -1 ); +Index: openldap/libraries/libldap/os-local.c +=================================================================== +--- openldap.orig/libraries/libldap/os-local.c ++++ openldap/libraries/libldap/os-local.c +@@ -164,8 +164,8 @@ + } + + Debug3(LDAP_DEBUG_TRACE, +- "ldap_connect_timeout: fd: %d tm: %ld async: %d\n", +- s, opt_tv ? tv.tv_sec : -1L, async); ++ "ldap_connect_timeout: fd: %d tm: %lld async: %d\n", ++ s, (long long)(opt_tv ? tv.tv_sec : -1L), async); + + if ( ldap_pvt_ndelay_on(ld, s) == -1 ) return -1; + +Index: openldap/libraries/libldap/result.c +=================================================================== +--- openldap.orig/libraries/libldap/result.c ++++ openldap/libraries/libldap/result.c +@@ -264,8 +264,8 @@ + Debug2( LDAP_DEBUG_TRACE, "wait4msg ld %p msgid %d (infinite timeout)\n", + (void *)ld, msgid ); + } else { +- Debug3( LDAP_DEBUG_TRACE, "wait4msg ld %p msgid %d (timeout %ld usec)\n", +- (void *)ld, msgid, (long)timeout->tv_sec * 1000000 + timeout->tv_usec ); ++ Debug3( LDAP_DEBUG_TRACE, "wait4msg ld %p msgid %d (timeout %lld usec)\n", ++ (void *)ld, msgid, (long long)((long long)timeout->tv_sec * 1000000 + timeout->tv_usec) ); + } + #endif /* LDAP_DEBUG */ + +Index: openldap/contrib/slapd-modules/smbk5pwd/smbk5pwd.c +=================================================================== +--- openldap.orig/contrib/slapd-modules/smbk5pwd/smbk5pwd.c ++++ openldap/contrib/slapd-modules/smbk5pwd/smbk5pwd.c +@@ -513,7 +513,7 @@ + keys[0].bv_val = ch_malloc( LDAP_PVT_INTTYPE_CHARS(long) ); + keys[0].bv_len = snprintf(keys[0].bv_val, + LDAP_PVT_INTTYPE_CHARS(long), +- "%ld", slap_get_time()); ++ "%lld", (long long)slap_get_time()); + BER_BVZERO( &keys[1] ); + + ml->sml_desc = ad_sambaPwdLastSet; +@@ -535,7 +535,7 @@ + keys[0].bv_val = ch_malloc( LDAP_PVT_INTTYPE_CHARS(long) ); + keys[0].bv_len = snprintf(keys[0].bv_val, + LDAP_PVT_INTTYPE_CHARS(long), +- "%ld", slap_get_time() + pi->smb_must_change); ++ "%lld", (long long)(slap_get_time() + pi->smb_must_change)); + BER_BVZERO( &keys[1] ); + + ml->sml_desc = ad_sambaPwdMustChange; +@@ -558,7 +558,7 @@ + keys[0].bv_val = ch_malloc( LDAP_PVT_INTTYPE_CHARS(long) ); + keys[0].bv_len = snprintf(keys[0].bv_val, + LDAP_PVT_INTTYPE_CHARS(long), +- "%ld", slap_get_time() + pi->smb_can_change); ++ "%lld", (long long)(slap_get_time() + pi->smb_can_change)); + BER_BVZERO( &keys[1] ); + + ml->sml_desc = ad_sambaPwdCanChange; +Index: openldap/servers/slapd/back-asyncmeta/add.c +=================================================================== +--- openldap.orig/servers/slapd/back-asyncmeta/add.c ++++ openldap/servers/slapd/back-asyncmeta/add.c +@@ -252,8 +252,8 @@ + op->o_req_dn.bv_val ); + + if (current_time > op->o_time) { +- Debug(asyncmeta_debug, "==> asyncmeta_back_add[%s]: o_time:[%ld], current time: [%ld]\n", +- op->o_log_prefix, op->o_time, current_time ); ++ Debug(asyncmeta_debug, "==> asyncmeta_back_add[%s]: o_time:[%lld], current time: [%lld]\n", ++ op->o_log_prefix, (long long)op->o_time, (long long)current_time ); + } + + if ( mi->mi_ntargets == 0 ) { +Index: openldap/servers/slapd/back-asyncmeta/compare.c +=================================================================== +--- openldap.orig/servers/slapd/back-asyncmeta/compare.c ++++ openldap/servers/slapd/back-asyncmeta/compare.c +@@ -194,8 +194,8 @@ + op->o_req_dn.bv_val ); + + if (current_time > op->o_time) { +- Debug( asyncmeta_debug, "==> asyncmeta_back_compare[%s]: o_time:[%ld], current time: [%ld]\n", +- op->o_log_prefix, op->o_time, current_time ); ++ Debug( asyncmeta_debug, "==> asyncmeta_back_compare[%s]: o_time:[%lld], current time: [%lld]\n", ++ op->o_log_prefix, (long long)op->o_time, (long long)current_time ); + } + + if ( mi->mi_ntargets == 0 ) { +Index: openldap/servers/slapd/back-asyncmeta/config.c +=================================================================== +--- openldap.orig/servers/slapd/back-asyncmeta/config.c ++++ openldap/servers/slapd/back-asyncmeta/config.c +@@ -1165,8 +1165,8 @@ + if ( mc->mc_network_timeout == 0 ) { + return 1; + } +- bv.bv_len = snprintf( c->cr_msg, sizeof(c->cr_msg), "%ld", +- mc->mc_network_timeout ); ++ bv.bv_len = snprintf( c->cr_msg, sizeof(c->cr_msg), "%lld", ++ (long long)mc->mc_network_timeout ); + bv.bv_val = c->cr_msg; + value_add_one( &c->rvalue_vals, &bv ); + break; +Index: openldap/servers/slapd/back-asyncmeta/delete.c +=================================================================== +--- openldap.orig/servers/slapd/back-asyncmeta/delete.c ++++ openldap/servers/slapd/back-asyncmeta/delete.c +@@ -186,8 +186,8 @@ + op->o_req_dn.bv_val ); + + if (current_time > op->o_time) { +- Debug(asyncmeta_debug, "==> asyncmeta_back_delete[%s]: o_time:[%ld], current time: [%ld]\n", +- op->o_log_prefix, op->o_time, current_time ); ++ Debug(asyncmeta_debug, "==> asyncmeta_back_delete[%s]: o_time:[%lld], current time: [%lld]\n", ++ op->o_log_prefix, (long long)op->o_time, (long long)current_time ); + } + + if ( mi->mi_ntargets == 0 ) { +Index: openldap/servers/slapd/back-asyncmeta/meta_result.c +=================================================================== +--- openldap.orig/servers/slapd/back-asyncmeta/meta_result.c ++++ openldap/servers/slapd/back-asyncmeta/meta_result.c +@@ -1660,7 +1660,7 @@ + LDAP_STAILQ_HEAD(BCList, bm_context_t) timeout_list; + LDAP_STAILQ_INIT( &timeout_list ); + +- Debug( asyncmeta_debug, "asyncmeta_timeout_loop[%p] start at [%ld] \n", rtask, current_time ); ++ Debug( asyncmeta_debug, "asyncmeta_timeout_loop[%p] start at [%lld] \n", rtask, (long long)current_time ); + void *oldctx = slap_sl_mem_create(SLAP_SLAB_SIZE, SLAP_SLAB_STACK, ctx, 0); + for (i=0; i<mi->mi_num_conns; i++) { + a_metaconn_t * mc= &mi->mi_conns[i]; +@@ -1751,9 +1751,9 @@ + a_metasingleconn_t *log_msc = &mc->mc_conns[0]; + Debug( asyncmeta_debug, + "asyncmeta_timeout_loop:Timeout op %s loop[%p], " +- "current_time:%ld, op->o_time:%ld msc: %p, " ++ "current_time:%lld, op->o_time:%lld msc: %p, " + "msc->msc_binding_time: %x, msc->msc_flags:%x \n", +- bc->op->o_log_prefix, rtask, current_time, bc->op->o_time, ++ bc->op->o_log_prefix, rtask, (long long)current_time, (long long)bc->op->o_time, + log_msc, (unsigned int)log_msc->msc_binding_time, log_msc->msc_mscflags ); + + if (bc->searchtime) { +@@ -1814,7 +1814,7 @@ + + slap_sl_mem_setctx(ctx, oldctx); + current_time = slap_get_time(); +- Debug( asyncmeta_debug, "asyncmeta_timeout_loop[%p] stop at [%ld] \n", rtask, current_time ); ++ Debug( asyncmeta_debug, "asyncmeta_timeout_loop[%p] stop at [%lld] \n", rtask, (long long)current_time ); + ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex ); + if ( ldap_pvt_runqueue_isrunning( &slapd_rq, rtask )) { + ldap_pvt_runqueue_stoptask( &slapd_rq, rtask ); +Index: openldap/servers/slapd/back-asyncmeta/modify.c +=================================================================== +--- openldap.orig/servers/slapd/back-asyncmeta/modify.c ++++ openldap/servers/slapd/back-asyncmeta/modify.c +@@ -242,8 +242,8 @@ + op->o_req_dn.bv_val ); + + if (current_time > op->o_time) { +- Debug(asyncmeta_debug, "==> asyncmeta_back_modify[%s]: o_time:[%ld], current time: [%ld]\n", +- op->o_log_prefix, op->o_time, current_time ); ++ Debug(asyncmeta_debug, "==> asyncmeta_back_modify[%s]: o_time:[%lld], current time: [%lld]\n", ++ op->o_log_prefix, (long long)op->o_time, (long long)current_time ); + } + + if ( mi->mi_ntargets == 0 ) { +Index: openldap/servers/slapd/back-asyncmeta/modrdn.c +=================================================================== +--- openldap.orig/servers/slapd/back-asyncmeta/modrdn.c ++++ openldap/servers/slapd/back-asyncmeta/modrdn.c +@@ -256,8 +256,8 @@ + op->o_req_dn.bv_val ); + + if (current_time > op->o_time) { +- Debug(asyncmeta_debug, "==> asyncmeta_back_modrdn[%s]: o_time:[%ld], current time: [%ld]\n", +- op->o_log_prefix, op->o_time, current_time ); ++ Debug(asyncmeta_debug, "==> asyncmeta_back_modrdn[%s]: o_time:[%lld], current time: [%lld]\n", ++ op->o_log_prefix, (long long)op->o_time, (long long)current_time ); + } + + if ( mi->mi_ntargets == 0 ) { +Index: openldap/servers/slapd/back-ldap/bind.c +=================================================================== +--- openldap.orig/servers/slapd/back-ldap/bind.c ++++ openldap/servers/slapd/back-ldap/bind.c +@@ -2999,14 +2999,14 @@ + } + + if ( lc->lcb_create_time != 0 ) { +- len = snprintf( tbuf, sizeof(tbuf), "%ld", lc->lcb_create_time ); ++ len = snprintf( tbuf, sizeof(tbuf), "%lld", (long long)lc->lcb_create_time ); + if ( ptr + sizeof(" created=") + len >= end ) return -1; + ptr = lutil_strcopy( ptr, " created=" ); + ptr = lutil_strcopy( ptr, tbuf ); + } + + if ( lc->lcb_time != 0 ) { +- len = snprintf( tbuf, sizeof(tbuf), "%ld", lc->lcb_time ); ++ len = snprintf( tbuf, sizeof(tbuf), "%lld", (long long)lc->lcb_time ); + if ( ptr + sizeof(" modified=") + len >= end ) return -1; + ptr = lutil_strcopy( ptr, " modified=" ); + ptr = lutil_strcopy( ptr, tbuf ); +@@ -3185,8 +3185,8 @@ + */ + slap_wake_listener(); + Debug( LDAP_DEBUG_TRACE, +- "ldap_back_conn_prune: scheduled connection expiry timer to %ld sec\n", +- li->li_conn_expire_task->interval.tv_sec ); ++ "ldap_back_conn_prune: scheduled connection expiry timer to %lld sec\n", ++ (long long)li->li_conn_expire_task->interval.tv_sec ); + } else if ( next_timeout == -1 && li->li_conn_expire_task != NULL ) { + if ( ldap_pvt_runqueue_isrunning( &slapd_rq, li->li_conn_expire_task ) ) { + ldap_pvt_runqueue_stoptask( &slapd_rq, li->li_conn_expire_task ); +@@ -3221,8 +3221,8 @@ + "ldap_back_conn_expire_timer" ); + slap_wake_listener(); + Debug( LDAP_DEBUG_TRACE, +- "ldap_back_conn_prune: scheduled connection expiry timer to %ld sec\n", +- li->li_conn_expire_task->interval.tv_sec ); ++ "ldap_back_conn_prune: scheduled connection expiry timer to %lld sec\n", ++ (long long)li->li_conn_expire_task->interval.tv_sec ); + } + ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex ); + +Index: openldap/servers/slapd/bind.c +=================================================================== +--- openldap.orig/servers/slapd/bind.c ++++ openldap/servers/slapd/bind.c +@@ -430,8 +430,8 @@ + bindtime = tt.tt_sec; + } + Debug( LDAP_DEBUG_TRACE, "fe_op_lastbind: " +- "old pwdLastSuccess value=%s %lds ago\n", +- a->a_nvals[0].bv_val, bindtime == (time_t)-1 ? -1 : op->o_time - bindtime ); ++ "old pwdLastSuccess value=%s %llds ago\n", ++ a->a_nvals[0].bv_val, (long long)(bindtime == (time_t)-1 ? -1 : op->o_time - bindtime) ); + + /* + * TODO: If the recorded bind time is within configurable precision, +Index: openldap/servers/slapd/overlays/dds.c +=================================================================== +--- openldap.orig/servers/slapd/overlays/dds.c ++++ openldap/servers/slapd/overlays/dds.c +@@ -418,7 +418,7 @@ + assert( ttl <= DDS_RF2589_MAX_TTL ); + + bv.bv_val = ttlbuf; +- bv.bv_len = snprintf( ttlbuf, sizeof( ttlbuf ), "%ld", ttl ); ++ bv.bv_len = snprintf( ttlbuf, sizeof( ttlbuf ), "%lld", (long long)ttl ); + assert( bv.bv_len < sizeof( ttlbuf ) ); + + /* FIXME: apparently, values in op->ora_e are malloc'ed +@@ -696,7 +696,7 @@ + goto done; + } + +- bv_entryTtl.bv_len = snprintf( textbuf, sizeof( textbuf ), "%ld", entryTtl ); ++ bv_entryTtl.bv_len = snprintf( textbuf, sizeof( textbuf ), "%lld", (long long)entryTtl ); + break; + + default: +@@ -918,7 +918,7 @@ + ttl = (ttl < 0) ? 0 : ttl; + assert( ttl <= DDS_RF2589_MAX_TTL ); + +- len = snprintf( ttlbuf, sizeof(ttlbuf), "%ld", ttl ); ++ len = snprintf( ttlbuf, sizeof(ttlbuf), "%lld", (long long)ttl ); + if ( len < 0 ) + { + goto done; +@@ -1178,7 +1178,7 @@ + ttlmod.sml_values = ttlvalues; + ttlmod.sml_numvals = 1; + ttlvalues[ 0 ].bv_val = ttlbuf; +- ttlvalues[ 0 ].bv_len = snprintf( ttlbuf, sizeof( ttlbuf ), "%ld", ttl ); ++ ttlvalues[ 0 ].bv_len = snprintf( ttlbuf, sizeof( ttlbuf ), "%lld", (long long)ttl ); + BER_BVZERO( &ttlvalues[ 1 ] ); + + /* the entryExpireTimestamp is added by modify */ +@@ -1206,8 +1206,8 @@ + rs->sr_rspoid = ch_strdup( slap_EXOP_REFRESH.bv_val ); + + Log( LDAP_DEBUG_TRACE, LDAP_LEVEL_INFO, +- "%s REFRESH dn=\"%s\" TTL=%ld\n", +- op->o_log_prefix, op->o_req_ndn.bv_val, ttl ); ++ "%s REFRESH dn=\"%s\" TTL=%lld\n", ++ op->o_log_prefix, op->o_req_ndn.bv_val, (long long)ttl ); + } + + ber_free_buf( ber ); +Index: openldap/servers/slapd/overlays/pcache.c +=================================================================== +--- openldap.orig/servers/slapd/overlays/pcache.c ++++ openldap/servers/slapd/overlays/pcache.c +@@ -2729,8 +2729,8 @@ + pbi->bi_flags |= BI_HASHED; + } else { + Debug( pcache_debug, "pc_bind_search: cache is stale, " +- "reftime: %ld, current time: %ld\n", +- pbi->bi_cq->bindref_time, op->o_time ); ++ "reftime: %lld, current time: %lld\n", ++ (long long)pbi->bi_cq->bindref_time, (long long)op->o_time ); + } + } else if ( pbi->bi_si ) { + /* This search result is going into the cache */ +@@ -3866,9 +3866,9 @@ + struct berval bv; + switch( c->type ) { + case PC_MAIN: +- bv.bv_len = snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s %d %d %d %ld", ++ bv.bv_len = snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s %d %d %d %lld", + cm->db.bd_info->bi_type, cm->max_entries, cm->numattrsets, +- cm->num_entries_limit, cm->cc_period ); ++ cm->num_entries_limit, (long long)cm->cc_period ); + bv.bv_val = c->cr_msg; + value_add_one( &c->rvalue_vals, &bv ); + break; +@@ -3910,12 +3910,12 @@ + /* HEADS-UP: always print all; + * if optional == 0, ignore */ + bv.bv_len = snprintf( c->cr_msg, sizeof( c->cr_msg ), +- " %d %ld %ld %ld %ld", ++ " %d %lld %lld %lld %lld", + temp->attr_set_index, +- temp->ttl, +- temp->negttl, +- temp->limitttl, +- temp->ttr ); ++ (long long)temp->ttl, ++ (long long)temp->negttl, ++ (long long)temp->limitttl, ++ (long long)temp->ttr ); + bv.bv_len += temp->querystr.bv_len + 2; + bv.bv_val = ch_malloc( bv.bv_len+1 ); + ptr = bv.bv_val; +@@ -3932,9 +3932,9 @@ + for (temp=qm->templates; temp; temp=temp->qmnext) { + if ( !temp->bindttr ) continue; + bv.bv_len = snprintf( c->cr_msg, sizeof( c->cr_msg ), +- " %d %ld %s ", ++ " %d %lld %s ", + temp->attr_set_index, +- temp->bindttr, ++ (long long)temp->bindttr, + ldap_pvt_scope2str( temp->bindscope )); + bv.bv_len += temp->bindbase.bv_len + temp->bindftemp.bv_len + 4; + bv.bv_val = ch_malloc( bv.bv_len + 1 ); diff --git a/debian/patches/add-tlscacert-option-to-ldap-conf b/debian/patches/add-tlscacert-option-to-ldap-conf new file mode 100644 index 0000000..7512dc1 --- /dev/null +++ b/debian/patches/add-tlscacert-option-to-ldap-conf @@ -0,0 +1,12 @@ +Index: openldap/libraries/libldap/ldap.conf +=================================================================== +--- openldap.orig/libraries/libldap/ldap.conf 2022-05-20 17:36:15.013248293 -0400 ++++ openldap/libraries/libldap/ldap.conf 2022-05-20 17:36:15.013248293 -0400 +@@ -11,3 +11,7 @@ + #SIZELIMIT 12 + #TIMELIMIT 15 + #DEREF never ++ ++# TLS certificates (needed for GnuTLS) ++TLS_CACERT /etc/ssl/certs/ca-certificates.crt ++ diff --git a/debian/patches/contrib-makefiles b/debian/patches/contrib-makefiles new file mode 100644 index 0000000..2d127c8 --- /dev/null +++ b/debian/patches/contrib-makefiles @@ -0,0 +1,75 @@ +Index: openldap/contrib/slapd-modules/passwd/Makefile +=================================================================== +--- openldap.orig/contrib/slapd-modules/passwd/Makefile 2024-02-01 16:22:33.496188990 -0500 ++++ openldap/contrib/slapd-modules/passwd/Makefile 2024-02-01 16:22:33.496188990 -0500 +@@ -20,7 +20,7 @@ + LIBS = $($(PLAT)_LIB) $(LDAP_LIB) + LD_FLAGS = $(LDFLAGS) $($(PLAT)_LDFLAGS) -rpath $(moduledir) -module + +-PROGRAMS = pw-kerberos.la pw-netscape.la pw-radius.la pw-apr1.la ++PROGRAMS = pw-netscape.la pw-apr1.la + MANPAGES = slapd-pw-radius.5 + LTVER = 0:0:0 + +Index: openldap/contrib/slapd-modules/passwd/pbkdf2/Makefile +=================================================================== +--- openldap.orig/contrib/slapd-modules/passwd/pbkdf2/Makefile 2024-02-01 16:22:33.496188990 -0500 ++++ openldap/contrib/slapd-modules/passwd/pbkdf2/Makefile 2024-02-01 16:22:33.496188990 -0500 +@@ -18,7 +18,7 @@ + #DEFS = -DSLAPD_PBKDF2_DEBUG + + SSL_INC = +-SSL_LIB = -lcrypto ++SSL_LIB = -lnettle + + INCS = $(LDAP_INC) $(SSL_INC) + LIBS = $($(PLAT)_LIB) $(LDAP_LIB) $(SSL_LIB) +Index: openldap/contrib/slapd-modules/smbk5pwd/Makefile +=================================================================== +--- openldap.orig/contrib/slapd-modules/smbk5pwd/Makefile 2024-02-01 16:22:33.496188990 -0500 ++++ openldap/contrib/slapd-modules/smbk5pwd/Makefile 2024-02-01 16:23:34.552414593 -0500 +@@ -19,10 +19,10 @@ + $(LDAP_BUILD)/libraries/liblber/liblber.la + + SSL_INC = +-SSL_LIB = -lcrypto ++SSL_LIB = -lnettle + +-HEIMDAL_INC = -I/usr/heimdal/include +-HEIMDAL_LIB = -L/usr/heimdal/lib -lkrb5 -lkadm5srv ++HEIMDAL_INC = $(shell krb5-config.heimdal --cflags krb5 kadm-server) ++HEIMDAL_LIB = $(shell krb5-config.heimdal --libs krb5 kadm-server) + + PLAT = UNIX + NT_LIB = -L$(LDAP_BUILD)/servers/slapd -lslapd +@@ -36,7 +36,8 @@ + # Omit DO_KRB5, DO_SAMBA or DO_SHADOW if you don't want to support it. + DEFS = -DDO_KRB5 -DDO_SAMBA -DDO_SHADOW + INCS = $(LDAP_INC) $(HEIMDAL_INC) $(SSL_INC) +-LIBS = $($(PLAT)_LIB) $(LDAP_LIB) $(HEIMDAL_LIB) $(SSL_LIB) ++# put /usr/lib/heimdal before /usr/lib in case libkrb5-dev is installed, #745356 ++LIBS = $($(PLAT)_LIB) $(HEIMDAL_LIB) $(LDAP_LIB) $(SSL_LIB) + LD_FLAGS = $(LDFLAGS) $($(PLAT)_LDFLAGS) -rpath $(moduledir) -module + + PROGRAMS = smbk5pwd.la +--- a/contrib/slapd-modules/ppm/Makefile ++++ b/contrib/slapd-modules/ppm/Makefile +@@ -68,7 +68,7 @@ + $(CC) $(CFLAGS) $(OPT) $(CPPFLAGS) $(DEFS) $(LDFLAGS) $(INCS) -Wl,-rpath=. -o $(TEST) ppm_test.c $(PROGRAMS) $(LDAP_LIBS) $(CRACKLIB) + + ppm.o: +- $(CC) $(CFLAGS) $(OPT) $(CPPFLAGS) $(DEFS) -c $(INCS) ppm.c ++ $(CC) $(CFLAGS) -fPIC $(OPT) $(CPPFLAGS) $(DEFS) -c $(INCS) ppm.c + + ppm: ppm.o + $(CC) $(LDFLAGS) $(INCS) -shared -o $(PROGRAMS) ppm.o $(CRACKLIB) +@@ -78,7 +78,8 @@ + for p in $(PROGRAMS); do \ + $(LIBTOOL) --mode=install cp $$p $(DESTDIR)/$(moduledir) ; \ + done +- $(INSTALL) -m 644 $(EXAMPLE) $(DESTDIR)$(sysconfdir)/ ++ # installed by debian/slapd-contrib.examples ++ # $(INSTALL) -m 644 $(EXAMPLE) $(DESTDIR)$(sysconfdir)/ + $(INSTALL) -m 644 $(MANDOC) $(DESTDIR)$(man5dir)/ + # $(INSTALL) -m 755 $(TEST) $(libdir) + diff --git a/debian/patches/debian-version b/debian/patches/debian-version new file mode 100644 index 0000000..0529c3e --- /dev/null +++ b/debian/patches/debian-version @@ -0,0 +1,16 @@ +Description: Replace upstream version with Debian version in version strings +Forwarded: not-needed +Author: Ryan Tandy <ryan@nardis.ca> +Index: openldap/build/version.sh +=================================================================== +--- openldap.orig/build/version.sh 2022-05-20 17:35:48.989227363 -0400 ++++ openldap/build/version.sh 2022-05-20 17:35:48.989227363 -0400 +@@ -36,7 +36,7 @@ + echo OL_PATCH=$ol_patch + echo OL_API_INC=$ol_api_inc + echo OL_API_LIB_VERSION=$ol_api_lib_version +-echo OL_VERSION=$ol_version ++echo OL_VERSION=\"${DEB_VERSION:-$ol_version}\" + echo OL_TYPE=$ol_type + echo OL_STRING=\"${ol_string}\" + echo OL_RELEASE_DATE=\"${ol_release_date}\" diff --git a/debian/patches/do-not-second-guess-sonames b/debian/patches/do-not-second-guess-sonames new file mode 100644 index 0000000..a5fb328 --- /dev/null +++ b/debian/patches/do-not-second-guess-sonames @@ -0,0 +1,73 @@ +Rip out code that second-guesses the libsasl soname / Debian shlibs. If +cyrus sasl upstream is breaking the ABI, this needs to be fixed upstream +there, not kludged around upstream here! + +Debian bug #546885 + +Upstream ITS #6302 filed. + +Index: openldap/libraries/libldap/cyrus.c +=================================================================== +--- openldap.orig/libraries/libldap/cyrus.c 2022-05-20 17:36:13.661247231 -0400 ++++ openldap/libraries/libldap/cyrus.c 2022-05-20 17:36:13.661247231 -0400 +@@ -74,29 +74,6 @@ + */ + int ldap_int_sasl_init( void ) + { +-#ifdef HAVE_SASL_VERSION +- /* stringify the version number, sasl.h doesn't do it for us */ +-#define VSTR0(maj, min, pat) #maj "." #min "." #pat +-#define VSTR(maj, min, pat) VSTR0(maj, min, pat) +-#define SASL_VERSION_STRING VSTR(SASL_VERSION_MAJOR, SASL_VERSION_MINOR, \ +- SASL_VERSION_STEP) +- { int rc; +- sasl_version( NULL, &rc ); +- if ( ((rc >> 16) != ((SASL_VERSION_MAJOR << 8)|SASL_VERSION_MINOR)) || +- (rc & 0xffff) < SASL_VERSION_STEP) { +- char version[sizeof("xxx.xxx.xxxxx")]; +- sprintf( version, "%u.%d.%d", (unsigned)rc >> 24, (rc >> 16) & 0xff, +- rc & 0xffff ); +- +- Debug1( LDAP_DEBUG_ANY, +- "ldap_int_sasl_init: SASL library version mismatch:" +- " expected " SASL_VERSION_STRING "," +- " got %s\n", version ); +- return -1; +- } +- } +-#endif +- + /* SASL 2 takes care of its own memory completely internally */ + #if SASL_VERSION_MAJOR < 2 && !defined(CSRIMALLOC) + sasl_set_alloc( +Index: openldap/servers/slapd/sasl.c +=================================================================== +--- openldap.orig/servers/slapd/sasl.c 2022-05-20 17:36:13.661247231 -0400 ++++ openldap/servers/slapd/sasl.c 2022-05-20 17:36:13.661247231 -0400 +@@ -1271,26 +1271,6 @@ + rewrite_mapper_register( &slapd_mapper ); + + #ifdef HAVE_CYRUS_SASL +-#ifdef HAVE_SASL_VERSION +- /* stringify the version number, sasl.h doesn't do it for us */ +-#define VSTR0(maj, min, pat) #maj "." #min "." #pat +-#define VSTR(maj, min, pat) VSTR0(maj, min, pat) +-#define SASL_VERSION_STRING VSTR(SASL_VERSION_MAJOR, SASL_VERSION_MINOR, \ +- SASL_VERSION_STEP) +- +- sasl_version( NULL, &rc ); +- if ( ((rc >> 16) != ((SASL_VERSION_MAJOR << 8)|SASL_VERSION_MINOR)) || +- (rc & 0xffff) < SASL_VERSION_STEP) +- { +- char version[sizeof("xxx.xxx.xxxxx")]; +- sprintf( version, "%u.%d.%d", (unsigned)rc >> 24, (rc >> 16) & 0xff, +- rc & 0xffff ); +- Debug( LDAP_DEBUG_ANY, "slap_sasl_init: SASL library version mismatch:" +- " expected %s, got %s\n", +- SASL_VERSION_STRING, version ); +- return -1; +- } +-#endif + + sasl_set_mutex( + ldap_pvt_sasl_mutex_new, diff --git a/debian/patches/fix-build-top-mk b/debian/patches/fix-build-top-mk new file mode 100644 index 0000000..5cb469d --- /dev/null +++ b/debian/patches/fix-build-top-mk @@ -0,0 +1,13 @@ +Index: openldap/build/top.mk +=================================================================== +--- openldap.orig/build/top.mk 2022-05-20 17:36:15.513248684 -0400 ++++ openldap/build/top.mk 2022-05-20 17:36:15.509248681 -0400 +@@ -20,7 +20,7 @@ + RELEASEDATE= @OPENLDAP_RELEASE_DATE@ + + @SET_MAKE@ +-SHELL = /bin/sh ++SHELL = @SHELL@ + + top_builddir = @top_builddir@ + diff --git a/debian/patches/getaddrinfo-is-threadsafe b/debian/patches/getaddrinfo-is-threadsafe new file mode 100644 index 0000000..b79bcbf --- /dev/null +++ b/debian/patches/getaddrinfo-is-threadsafe @@ -0,0 +1,47 @@ +Author: Steve Langasek <vorlon@debian.org> + +OpenLDAP upstream conservatively assumes that certain resolver functions +(getaddrinfo, getnameinfo, res_query, dn_expand) are not re-entrant; but we +know that the glibc implementations of these functions are thread-safe, so +we should bypass the use of this mutex. This fixes a locking problem when +an application uses libldap and libnss-ldap is also used for hosts +resolution. + +Closes Debian bug #340601. + +Not suitable for forwarding upstream; might be made suitable by adding a +configure-time check for glibc and disabling the mutex only on known +thread-safe implementations. + +Index: openldap/libraries/libldap/os-ip.c +=================================================================== +--- openldap.orig/libraries/libldap/os-ip.c 2022-05-20 17:36:12.989246703 -0400 ++++ openldap/libraries/libldap/os-ip.c 2022-05-20 17:36:12.989246703 -0400 +@@ -645,13 +645,7 @@ + hints.ai_socktype = socktype; + snprintf(serv, sizeof serv, "%d", port ); + +- /* most getaddrinfo(3) use non-threadsafe resolver libraries */ +- LDAP_MUTEX_LOCK(&ldap_int_resolv_mutex); +- + err = getaddrinfo( host, serv, &hints, &res ); +- +- LDAP_MUTEX_UNLOCK(&ldap_int_resolv_mutex); +- + if ( err != 0 ) { + Debug1(LDAP_DEBUG_TRACE, + "ldap_connect_to_host: getaddrinfo failed: %s\n", +Index: openldap/libraries/libldap/util-int.c +=================================================================== +--- openldap.orig/libraries/libldap/util-int.c 2022-05-20 17:36:12.989246703 -0400 ++++ openldap/libraries/libldap/util-int.c 2022-05-20 17:36:12.989246703 -0400 +@@ -559,9 +559,7 @@ + int rc; + #if defined( HAVE_GETNAMEINFO ) + +- LDAP_MUTEX_LOCK( &ldap_int_resolv_mutex ); + rc = getnameinfo( sa, len, name, namelen, NULL, 0, 0 ); +- LDAP_MUTEX_UNLOCK( &ldap_int_resolv_mutex ); + if ( rc ) *err = (char *)AC_GAI_STRERROR( rc ); + return rc; + diff --git a/debian/patches/index-files-created-as-root b/debian/patches/index-files-created-as-root new file mode 100644 index 0000000..432113c --- /dev/null +++ b/debian/patches/index-files-created-as-root @@ -0,0 +1,41 @@ +Document in the man page that slapindex should be run as the same user +as slapd, and print a warning if it's run as root (since Debian defaults +to running slapd as openldap). + +Not suitable for upstream in this form. This patch needs to be reworked +to check the BerkeleyDB database ownership and only warn if running as +root with a database that's not owned by root. + +Upstream ITS #5356 filed requesting better handling of this. Current +upstream discussion leans towards putting the check into the database +backend and aborting if slapd is run as a different user than the database +owner, which is an even better fix. + +Index: openldap/doc/man/man8/slapindex.8 +=================================================================== +--- openldap.orig/doc/man/man8/slapindex.8 2022-05-20 17:36:11.609245615 -0400 ++++ openldap/doc/man/man8/slapindex.8 2022-05-20 17:36:11.605245612 -0400 +@@ -148,6 +148,10 @@ + should not be running (at least, not in read-write + mode) when you do this to ensure consistency of the database. + .LP ++slapindex ought to be run as the user specified for ++.BR slapd (8) ++to ensure correct database permissions. ++.LP + This command provides ample opportunity for the user to obtain + and drink their favorite beverage. + .SH EXAMPLES +Index: openldap/servers/slapd/slapindex.c +=================================================================== +--- openldap.orig/servers/slapd/slapindex.c 2022-05-20 17:36:11.609245615 -0400 ++++ openldap/servers/slapd/slapindex.c 2022-05-20 17:36:11.605245612 -0400 +@@ -34,6 +34,8 @@ + int + slapindex( int argc, char **argv ) + { ++ if (geteuid() == 0) ++ fprintf( stderr, "\nWARNING!\nRunning as root!\nThere's a fair chance slapd will fail to start.\nCheck file permissions!\n\n"); + ID id; + int rc = EXIT_SUCCESS; + const char *progname = "slapindex"; diff --git a/debian/patches/ldap-conf-tls-cacertdir b/debian/patches/ldap-conf-tls-cacertdir new file mode 100644 index 0000000..2b83e56 --- /dev/null +++ b/debian/patches/ldap-conf-tls-cacertdir @@ -0,0 +1,29 @@ +Index: openldap/doc/man/man5/ldap.conf.5 +=================================================================== +--- openldap.orig/doc/man/man5/ldap.conf.5 2022-05-20 17:36:14.589247961 -0400 ++++ openldap/doc/man/man5/ldap.conf.5 2022-05-20 17:36:14.589247961 -0400 +@@ -408,13 +408,13 @@ + Specifying a minimum that is higher than that supported by the + OpenLDAP implementation will result in it requiring the + highest level that it does support. +-This parameter is ignored with GnuTLS. ++This parameter is ignored with GnuTLS. On Debian openldap is linked against GnuTLS. + .TP + .B TLS_RANDFILE <filename> + Specifies the file to obtain random bits from when /dev/[u]random is + not available. Generally set to the name of the EGD/PRNGD socket. + The environment variable RANDFILE can also be used to specify the filename. +-This parameter is ignored with GnuTLS. ++This parameter is ignored with GnuTLS. On Debian openldap is linked against GnuTLS. + .TP + .B TLS_REQCERT <level> + Specifies what checks to perform on server certificates in a TLS session. +@@ -476,7 +476,7 @@ + used to verify if the server certificates have not been revoked. This + requires + .B TLS_CACERTDIR +-parameter to be set. This parameter is ignored with GnuTLS. ++parameter to be set. This parameter is ignored with GnuTLS. On Debian openldap is linked against GnuTLS. + .B <level> + can be specified as one of the following keywords: + .RS diff --git a/debian/patches/ldapi-socket-place b/debian/patches/ldapi-socket-place new file mode 100644 index 0000000..1a52eca --- /dev/null +++ b/debian/patches/ldapi-socket-place @@ -0,0 +1,18 @@ +Move the ldapi socket to /var/run/slapd from /var/run, since /var/run +is only writable by root and slapd runs as openldap. + +Debian-specific. + +Index: openldap/include/ldap_defaults.h +=================================================================== +--- openldap.orig/include/ldap_defaults.h 2022-05-20 17:36:09.977244324 -0400 ++++ openldap/include/ldap_defaults.h 2022-05-20 17:36:09.973244321 -0400 +@@ -40,7 +40,7 @@ + + /* default ldapi:// socket */ + #ifndef LDAPI_SOCK +-#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "run" LDAP_DIRSEP "ldapi" ++#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "run" LDAP_DIRSEP "slapd" LDAP_DIRSEP "ldapi" + #endif + + /* diff --git a/debian/patches/man-slapd b/debian/patches/man-slapd new file mode 100644 index 0000000..aec9515 --- /dev/null +++ b/debian/patches/man-slapd @@ -0,0 +1,62 @@ +Patch the slapd man page to not refer to a header file that isn't +installed with the slapd package and to reference the correct path +for slapd. + +Debian-specific. + +Index: openldap/doc/man/man8/slapd.8 +=================================================================== +--- openldap.orig/doc/man/man8/slapd.8 2022-05-20 17:36:07.977242738 -0400 ++++ openldap/doc/man/man8/slapd.8 2022-05-20 17:36:07.973242735 -0400 +@@ -5,7 +5,7 @@ + .SH NAME + slapd \- Stand-alone LDAP Daemon + .SH SYNOPSIS +-.B LIBEXECDIR/slapd ++.B /usr/sbin/slapd + [\c + .BR \-V [ V [ V ]] + [\c +@@ -110,11 +110,10 @@ + will not fork or disassociate from the invoking terminal. Some general + operation and status messages are printed for any value of \fIdebug-level\fP. + \fIdebug-level\fP is taken as a bit string, with each bit corresponding to a +-different kind of debugging information. See <ldap_log.h> for details. +-Comma-separated arrays of friendly names can be specified to select +-debugging output of the corresponding debugging information. +-All the names recognized by the \fIloglevel\fP directive +-described in \fBslapd.conf\fP(5) are supported. ++different kind of debugging information. Comma-separated arrays of friendly ++names can be specified to select debugging output of the corresponding ++debugging information. All the names recognized by the \fIloglevel\fP ++directive described in \fBslapd.conf\fP(5) are supported. + If \fIdebug-level\fP is \fB?\fP, a list of installed debug-levels is printed, + and slapd exits. + +@@ -332,7 +331,7 @@ + .LP + .nf + .ft tt +- LIBEXECDIR/slapd ++ /usr/sbin/slapd + .ft + .fi + .LP +@@ -343,7 +342,7 @@ + .LP + .nf + .ft tt +- LIBEXECDIR/slapd \-f /var/tmp/slapd.conf \-d 255 ++ /usr/sbin/slapd \-f /var/tmp/slapd.conf \-d 255 + .ft + .fi + .LP +@@ -351,7 +350,7 @@ + .LP + .nf + .ft tt +- LIBEXECDIR/slapd \-Tt ++ /usr/sbin/slapd \-Tt + .ft + .fi + .LP diff --git a/debian/patches/sasl-default-path b/debian/patches/sasl-default-path new file mode 100644 index 0000000..aced4e5 --- /dev/null +++ b/debian/patches/sasl-default-path @@ -0,0 +1,59 @@ +Add /etc/ldap/sasl2 to the SASL configuration search path. + +Not submitted upstream. Somewhat Debian-specific and probably not of +interest upstream. + +Index: openldap/include/ldap_defaults.h +=================================================================== +--- openldap.orig/include/ldap_defaults.h 2022-05-20 17:36:12.337246188 -0400 ++++ openldap/include/ldap_defaults.h 2022-05-20 17:36:12.333246185 -0400 +@@ -75,4 +75,6 @@ + */ + #define LLOADD_DEFAULT_CONFIGFILE LDAP_SYSCONFDIR LDAP_DIRSEP "lloadd.conf" + ++#define SASL_CONFIGPATH LDAP_SYSCONFDIR LDAP_DIRSEP "sasl2" ++ + #endif /* _LDAP_CONFIG_H */ +Index: openldap/servers/slapd/sasl.c +=================================================================== +--- openldap.orig/servers/slapd/sasl.c 2022-05-20 17:36:12.337246188 -0400 ++++ openldap/servers/slapd/sasl.c 2022-05-20 17:36:12.333246185 -0400 +@@ -1231,12 +1231,38 @@ + slapd_rw_destroy + }; + ++static int ++slap_sasl_getconfpath( void * context, char ** path ) ++{ ++ char * sasl_default_configpath; ++ size_t len; ++ ++#if SASL_VERSION_MAJOR >= 2 ++ sasl_default_configpath = "/usr/lib/sasl2"; ++#else ++ sasl_default_configpath = "/usr/lib/sasl"; ++#endif ++ ++ len = strlen(SASL_CONFIGPATH) + 1 /* colon */ + ++ strlen(sasl_default_configpath) + 1 /* \0 */; ++ *path = malloc( len ); ++ if ( *path == NULL ) ++ return SASL_FAIL; ++ ++ if (snprintf( *path, len, "%s:%s", SASL_CONFIGPATH, ++ sasl_default_configpath ) != len-1 ) ++ return SASL_FAIL; ++ ++ return SASL_OK; ++} ++ + int slap_sasl_init( void ) + { + #ifdef HAVE_CYRUS_SASL + int rc; + static sasl_callback_t server_callbacks[] = { + { SASL_CB_LOG, (slap_sasl_cb_ft)&slap_sasl_log, NULL }, ++ { SASL_CB_GETCONFPATH, (slap_sasl_cb_ft)&slap_sasl_getconfpath, NULL }, + { SASL_CB_GETOPT, (slap_sasl_cb_ft)&slap_sasl_getopt, NULL }, + { SASL_CB_LIST_END, NULL, NULL } + }; diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..a80392e --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,16 @@ +debian-version +man-slapd +slapi-errorlog-file +ldapi-socket-place +wrong-database-location +index-files-created-as-root +sasl-default-path +getaddrinfo-is-threadsafe +do-not-second-guess-sonames +contrib-makefiles +ldap-conf-tls-cacertdir +add-tlscacert-option-to-ldap-conf +fix-build-top-mk +switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff +set-maintainer-name +64-bit-time-t-compat.patch diff --git a/debian/patches/set-maintainer-name b/debian/patches/set-maintainer-name new file mode 100644 index 0000000..b537e4e --- /dev/null +++ b/debian/patches/set-maintainer-name @@ -0,0 +1,18 @@ +Index: openldap/build/mkversion +=================================================================== +--- openldap.orig/build/mkversion 2022-05-20 17:36:16.721249629 -0400 ++++ openldap/build/mkversion 2022-05-20 17:36:16.717249626 -0400 +@@ -50,12 +50,7 @@ + fi + + APPLICATION=$1 +-# Reproducible builds set SOURCE_DATE_EPOCH, want constant strings +-if [ -n "${SOURCE_DATE_EPOCH}" ]; then +- WHOWHERE="openldap" +-else +- WHOWHERE="$USER@$(uname -n):$(pwd)" +-fi ++WHOWHERE="${DEB_MAINTAINER:-openldap}" + + cat << __EOF__ + /* This work is part of OpenLDAP Software <http://www.openldap.org/>. diff --git a/debian/patches/slapi-errorlog-file b/debian/patches/slapi-errorlog-file new file mode 100644 index 0000000..f538c10 --- /dev/null +++ b/debian/patches/slapi-errorlog-file @@ -0,0 +1,18 @@ +The slapi error log file defaults to /var/errors given our setting +of --localstatedir. Move it to /var/log/slapi-errors instead. + +Debian-specific. + +Index: openldap/servers/slapd/slapi/slapi_overlay.c +=================================================================== +--- openldap.orig/servers/slapd/slapi/slapi_overlay.c 2022-05-20 17:36:09.141243662 -0400 ++++ openldap/servers/slapd/slapi/slapi_overlay.c 2022-05-20 17:36:09.141243662 -0400 +@@ -933,7 +933,7 @@ + ldap_pvt_thread_mutex_init( &slapi_printmessage_mutex ); + + if ( slapi_log_file == NULL ) +- slapi_log_file = slapi_ch_strdup( LDAP_RUNDIR LDAP_DIRSEP "errors" ); ++ slapi_log_file = slapi_ch_strdup( LDAP_RUNDIR LDAP_DIRSEP "log" LDAP_DIRSEP "slapi-errors" ); + + rc = slapi_int_init_object_extensions(); + if ( rc != 0 ) diff --git a/debian/patches/switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff b/debian/patches/switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff new file mode 100644 index 0000000..17b448a --- /dev/null +++ b/debian/patches/switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff @@ -0,0 +1,42 @@ +From: Jan-Marek Glogowski <jan-marek.glogowski@muenchen.de>
+Date: Tue, 18 May 2010 17:47:05 +0200
+Subject: Switch to lt_dlopenadvise() so back_perl can be opened with RTLD_GLOBAL.
+ Open all modules with RTLD_GLOBAL, needed so that back_perl can load
+ non-trivial Perl extensions that require symbols from back_perl.so itself.
+Bug-Debian: http://bugs.debian.org/327585
+
+---
+Index: openldap/servers/slapd/module.c +=================================================================== +--- openldap.orig/servers/slapd/module.c 2022-05-20 17:36:16.057249110 -0400 ++++ openldap/servers/slapd/module.c 2022-05-20 17:36:16.053249107 -0400 +@@ -117,6 +117,20 @@ + return -1; /* not found */ + } + ++static lt_dlhandle slapd_lt_dlopenext_global( const char *filename ) ++{ ++ lt_dlhandle handle = 0; ++ lt_dladvise advise; ++ ++ if (!lt_dladvise_init (&advise) && !lt_dladvise_ext (&advise) ++ && !lt_dladvise_global (&advise)) ++ handle = lt_dlopenadvise (filename, advise); ++ ++ lt_dladvise_destroy (&advise); ++ ++ return handle; ++} ++ + int module_load(const char* file_name, int argc, char *argv[]) + { + module_loaded_t *module; +@@ -179,7 +193,7 @@ + * to calling Debug. This is because Debug is a macro that expands + * into multiple function calls. + */ +- if ((module->lib = lt_dlopenext(file)) == NULL) { ++ if ((module->lib = slapd_lt_dlopenext_global(file)) == NULL) { + error = lt_dlerror(); + #ifdef HAVE_EBCDIC + strcpy( ebuf, error ); diff --git a/debian/patches/wrong-database-location b/debian/patches/wrong-database-location new file mode 100644 index 0000000..3900a0e --- /dev/null +++ b/debian/patches/wrong-database-location @@ -0,0 +1,73 @@ +Move the default slapd database location to /var/lib/ldap instead of +/var/openldap-data. + +Debian-specific. + +Index: openldap/doc/man/man5/slapd.conf.5 +=================================================================== +--- openldap.orig/doc/man/man5/slapd.conf.5 2022-05-20 17:36:10.817244990 -0400 ++++ openldap/doc/man/man5/slapd.conf.5 2022-05-20 17:36:10.813244986 -0400 +@@ -2122,7 +2122,7 @@ + # The database directory MUST exist prior to + # running slapd AND should only be accessible + # by the slapd/tools. Mode 0700 recommended. +-directory LOCALSTATEDIR/openldap\-data ++directory LOCALSTATEDIR/lib/ldap + # Indices to maintain + index objectClass eq + index cn,sn,mail pres,eq,approx,sub +Index: openldap/include/ldap_defaults.h +=================================================================== +--- openldap.orig/include/ldap_defaults.h 2022-05-20 17:36:10.817244990 -0400 ++++ openldap/include/ldap_defaults.h 2022-05-20 17:36:10.813244986 -0400 +@@ -54,7 +54,7 @@ + #define SLAPD_DEFAULT_CONFIGDIR LDAP_SYSCONFDIR LDAP_DIRSEP "slapd.d" + #endif + #ifndef SLAPD_DEFAULT_DB_DIR +-#define SLAPD_DEFAULT_DB_DIR LDAP_RUNDIR LDAP_DIRSEP "openldap-data" ++#define SLAPD_DEFAULT_DB_DIR LDAP_RUNDIR LDAP_DIRSEP "lib" LDAP_DIRSEP "ldap" + #endif + #define SLAPD_DEFAULT_DB_MODE 0600 + /* default max deref depth for aliases */ +Index: openldap/servers/slapd/Makefile.in +=================================================================== +--- openldap.orig/servers/slapd/Makefile.in 2022-05-20 17:36:10.817244990 -0400 ++++ openldap/servers/slapd/Makefile.in 2022-05-20 17:36:10.813244986 -0400 +@@ -452,9 +452,9 @@ + + install-db-config: FORCE + @-$(MKDIR) $(DESTDIR)$(localstatedir) $(DESTDIR)$(sysconfdir) +- @-$(INSTALL) -m 700 -d $(DESTDIR)$(localstatedir)/openldap-data ++ @-$(INSTALL) -m 700 -d $(DESTDIR)$(localstatedir)/lib/ldap + $(INSTALL) $(INSTALLFLAGS) -m 600 $(srcdir)/DB_CONFIG \ +- $(DESTDIR)$(localstatedir)/openldap-data/DB_CONFIG.example ++ $(DESTDIR)$(localstatedir)/lib/ldap/DB_CONFIG.example + $(INSTALL) $(INSTALLFLAGS) -m 600 $(srcdir)/DB_CONFIG \ + $(DESTDIR)$(sysconfdir)/DB_CONFIG.example + +Index: openldap/doc/man/man5/slapd-config.5 +=================================================================== +--- openldap.orig/doc/man/man5/slapd-config.5 2022-05-20 17:36:10.817244990 -0400 ++++ openldap/doc/man/man5/slapd-config.5 2022-05-20 17:36:10.813244986 -0400 +@@ -2233,7 +2233,7 @@ + # The database directory MUST exist prior to + # running slapd AND should only be accessible + # by the slapd/tools. Mode 0700 recommended. +-olcDbDirectory: LOCALSTATEDIR/openldap\-data ++olcDbDirectory: LOCALSTATEDIR/lib/ldap + # Indices to maintain + olcDbIndex: objectClass eq + olcDbIndex: cn,sn,mail pres,eq,approx,sub +Index: openldap/doc/man/man5/slapd-mdb.5 +=================================================================== +--- openldap.orig/doc/man/man5/slapd-mdb.5 2022-05-20 17:36:10.817244990 -0400 ++++ openldap/doc/man/man5/slapd-mdb.5 2022-05-20 17:36:10.813244986 -0400 +@@ -63,7 +63,7 @@ + associated indexes live. + A separate directory must be specified for each database. + The default is +-.BR LOCALSTATEDIR/openldap\-data . ++.BR LOCALSTATEDIR/lib/ldap . + .TP + \fBenvflags \fR{\fBnosync\fR,\fBnometasync\fR,\fBwritemap\fR,\fBmapasync\fR,\fBnordahead\fR} + Specify flags for finer-grained control of the LMDB library's operation. |