[dgit import tarball 389-ds-base 1.3.5.17-2 389-ds-base_1.3.5.17-2.debian.tar.xz]
--- /dev/null
+usr/include/dirsrv/*
+usr/lib/*/dirsrv/libslapd.so
+usr/lib/*/pkgconfig/*
--- /dev/null
+usr/lib/*/dirsrv/libslapd.so.*
--- /dev/null
+# these are bogus warnings, no libs shipped in a public libdir
+postinst-has-useless-call-to-ldconfig
+postrm-has-useless-call-to-ldconfig
--- /dev/null
+# Defaults for dirsrv
+#
+# This is a POSIX shell fragment
+
+# Enable bindnow hardening
+LD_BIND_NOW=1
--- /dev/null
+var/log/dirsrv
+var/lib/dirsrv
--- /dev/null
+etc/default/dirsrv
+etc/default/dirsrv.systemd
+etc/dirsrv/config/
+etc/dirsrv/schema/*.ldif
+etc/systemd/
+lib/systemd/system/dirsrv-snmp.service
+lib/systemd/system/dirsrv.target
+lib/systemd/system/dirsrv@.service
+usr/bin/
+usr/lib/*/dirsrv/libns-dshttpd.so*
+usr/lib/*/dirsrv/perl/
+usr/lib/*/dirsrv/plugins/*.so
+usr/lib/*/dirsrv/python/
+usr/sbin/
+usr/share/dirsrv/
+usr/share/man/man1/*.1
+usr/share/man/man8/*.8
--- /dev/null
+/dev/null lib/systemd/system/dirsrv.service
--- /dev/null
+# these are bogus warnings, no libs shipped in a public libdir
+unused-shlib-entry-in-control-file
+postinst-has-useless-call-to-ldconfig
+postrm-has-useless-call-to-ldconfig
--- /dev/null
+#!/bin/sh
+set -e
+
+. /usr/share/debconf/confmodule
+
+CONFIG_DIR=/etc/dirsrv
+OUT=/dev/null
+INSTANCES=`ls -d /etc/dirsrv/slapd-* 2>/dev/null | grep -v removed | sed 's/.*slapd-//'`
+
+if [ "$1" = configure ]; then
+ # lets give them a user/group in all cases.
+ if ! getent passwd dirsrv > $OUT; then
+ adduser --quiet --system --home /var/lib/dirsrv \
+ --disabled-password --group \
+ --gecos "389 Directory Server user" \
+ --no-create-home \
+ dirsrv > $OUT
+ fi
+
+ chown -R dirsrv:dirsrv /etc/dirsrv/ /var/log/dirsrv/ /var/lib/dirsrv/ > $OUT || true
+ chmod 750 /etc/dirsrv/ /var/log/dirsrv/ /var/lib/dirsrv/ > $OUT || true
+
+ if [ -n "$2" ]; then
+ for inst in $INSTANCES; do
+ service dirsrv@$inst stop > $OUT 2>&1
+ done
+
+ setup-ds -l $OUT -u -s General.UpdateMode=offline > $OUT 2>&1
+
+ if [ $? = 0 ]; then
+ for inst in $INSTANCES; do
+ service dirsrv@$inst start > $OUT 2>&1
+ done
+ fi
+ fi
+fi
+
+invoke_failure() {
+ # invoke-rc.d failed, likely because no instance has been configured yet
+ # but exit with an error if an instance is configured and the invoke failed
+ if [ -z $INSTANCES ]; then
+ echo "... because no instance has been configured yet."
+ else
+ exit 1
+ fi
+}
+
+
+#DEBHELPER#
--- /dev/null
+#!/bin/sh
+set -e
+
+. /usr/share/debconf/confmodule
+
+if [ "$1" = "purge" ]; then
+ if getent group dirsrv > /dev/null; then
+ deluser --system dirsrv || true
+ fi
+ rm -f /etc/systemd/system/dirsrv.target.wants/dirsrv@*.service
+ rm -rf /etc/dirsrv
+ rm -rf /var/lib/dirsrv
+ rm -rf /var/log/dirsrv
+fi
+
+#DEBHELPER#
--- /dev/null
+#!/bin/sh -e
+set -e
+
+#DEBHELPER#
+
+if [ "$1" = "purge" ]; then
+ # remove all installed instances
+ for FILE in `ls -d $CONFDIR/slapd-* 2>/dev/null | sed -n '/\.removed$/!$'`
+ do
+ if [ -d "$FILE" ] ; then
+ remove-ds -f -i $FILE
+ fi
+ done
+fi
--- /dev/null
+To complete the 389 Directory Server installation just run /usr/sbin/setup-ds.
+
+If you experience problems accessing the Directory Server, check with
+"netstat -tapen |grep 389" and verify that the server is not listening only
+to ipv6 (check for ^tcp6). In such case you will need to tweak the cn=config
+DIT with something like the following:
+
+dn: cn=config
+changetype: modify
+add: nsslapd-listenhost
+nsslapd-listenhost: <youripv4>
+
--- /dev/null
+389-ds-base (1.3.5.17-2) unstable; urgency=medium
+
+ * fix-upstream-49245.diff: Pull commits from upstream 1.3.5.x, which
+ remove rest of the asm code. (Closes: #862194)
+
+ -- Timo Aaltonen <tjaalton@debian.org> Wed, 10 May 2017 09:25:03 +0300
+
+389-ds-base (1.3.5.17-1) unstable; urgency=medium
+
+ * New upstream bugfix release.
+ - CVE-2017-2668 (Closes: #860125)
+ * watch: Updated.
+
+ -- Timo Aaltonen <tjaalton@debian.org> Tue, 09 May 2017 11:06:14 +0300
+
+389-ds-base (1.3.5.15-2) unstable; urgency=medium
+
+ * fix-48986-cve-2017-2591.diff: Fix upstream ticket 48986,
+ CVE-2017-2591. (Closes: #851769)
+
+ -- Timo Aaltonen <tjaalton@debian.org> Fri, 27 Jan 2017 00:01:53 +0200
+
+389-ds-base (1.3.5.15-1) unstable; urgency=medium
+
+ * New upstream release.
+ - CVE-2016-5405 (Closes: #842121)
+
+ -- Timo Aaltonen <tjaalton@debian.org> Wed, 16 Nov 2016 11:01:00 +0200
+
+389-ds-base (1.3.5.14-1) unstable; urgency=medium
+
+ * New upstream release.
+ * postrm: Remove /etc/dirsrv, /var/lib/dirsrv and /var/log/dirsrv on
+ purge.
+ * control: Bump build-dep on libsvrcore-dev to ensure it has support
+ for systemd password agent.
+
+ -- Timo Aaltonen <tjaalton@debian.org> Fri, 28 Oct 2016 01:42:27 +0300
+
+389-ds-base (1.3.5.13-1) unstable; urgency=medium
+
+ * New upstream release.
+ * control: Bump policy to 3.9.8, no changes.
+ * patches/default_user: Dropped, upstream.
+ * support-non-nss-libldap.diff: Dropped, upstream.
+ * fix-obsolete-target.diff: Updated.
+ * patches: Refreshed.
+ * control: Add libsystemd-dev to build-deps.
+ * control: Add acl to -base depends.
+
+ -- Timo Aaltonen <tjaalton@debian.org> Wed, 12 Oct 2016 11:11:20 +0300
+
+389-ds-base (1.3.4.14-2) unstable; urgency=medium
+
+ * tests: Add simple autopkgtests.
+ * postinst: Start instances after offline update.
+ * control, rules: Drop -dbg packages.
+ * control: Drop conflicts on slapd. (Closes: #822532)
+
+ -- Timo Aaltonen <tjaalton@debian.org> Mon, 03 Oct 2016 17:53:26 +0300
+
+389-ds-base (1.3.4.14-1) unstable; urgency=medium
+
+ * New upstream release.
+ * support-non-nss-libldap.diff: Refreshed.
+
+ -- Timo Aaltonen <tjaalton@debian.org> Mon, 29 Aug 2016 10:17:41 +0300
+
+389-ds-base (1.3.4.9-1) unstable; urgency=medium
+
+ * New upstream release.
+ * support-non-nss-libldap.diff: Support libldap built against gnutls.
+ (LP: #1564179)
+
+ -- Timo Aaltonen <tjaalton@debian.org> Mon, 18 Apr 2016 18:08:14 +0300
+
+389-ds-base (1.3.4.8-4) unstable; urgency=medium
+
+ * use-perl-move.diff: Dropped, 'rename' is more reliable.
+
+ -- Timo Aaltonen <tjaalton@debian.org> Wed, 30 Mar 2016 08:38:24 +0300
+
+389-ds-base (1.3.4.8-3) unstable; urgency=medium
+
+ * use-perl-move.diff: Fix 60upgradeschemafiles.pl to use File::Copy.
+ (Closes: #818578)
+
+ -- Timo Aaltonen <tjaalton@debian.org> Fri, 18 Mar 2016 11:15:23 +0200
+
+389-ds-base (1.3.4.8-2) unstable; urgency=medium
+
+ * postinst: Silence ls and adduser.
+ * Drop the init file, we depend on systemd anyway.
+ * rules: Don't enable dirsrv-snmp.service by default.
+ * postrm: Clean up /var/lib/dirsrv/scripts-* on purge.
+ * user-perl-move.diff: Use move instead of rename during upgrade.
+ (Closes: #775550)
+
+ -- Timo Aaltonen <tjaalton@debian.org> Thu, 17 Mar 2016 08:13:38 +0200
+
+389-ds-base (1.3.4.8-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Timo Aaltonen <tjaalton@debian.org> Mon, 22 Feb 2016 07:58:40 +0200
+
+389-ds-base (1.3.4.5-2) unstable; urgency=medium
+
+ * fix-systemctl-path.diff: Use correct path to /bin/systemctl.
+ (Closes: #779653)
+
+ -- Timo Aaltonen <tjaalton@debian.org> Wed, 09 Dec 2015 08:31:20 +0200
+
+389-ds-base (1.3.4.5-1) unstable; urgency=medium
+
+ * New upstream release.
+ * patches: Refreshed.
+
+ -- Timo Aaltonen <tjaalton@debian.org> Wed, 09 Dec 2015 08:14:56 +0200
+
+389-ds-base (1.3.3.13-1) unstable; urgency=medium
+
+ * New upstream release.
+ * control: Add systemd to 389-ds-base Depends. (Closes: #794301)
+ * postrm: Clean target.wants in postrm.
+ * reproducible-build.diff: Make builds reproducible. Thanks, Chris
+ Lamb! (Closes: #799010)
+
+ -- Timo Aaltonen <tjaalton@debian.org> Tue, 20 Oct 2015 14:25:05 +0300
+
+389-ds-base (1.3.3.12-1) unstable; urgency=medium
+
+ * New upstream release
+ - fix CVE-2015-3230 (Closes: #789202)
+
+ -- Timo Aaltonen <tjaalton@debian.org> Wed, 24 Jun 2015 11:47:50 +0300
+
+389-ds-base (1.3.3.10-1) unstable; urgency=medium
+
+ * New upstream release
+ - fix CVE-2015-1854 (Closes: #783923)
+ * postinst: Stop actual instances instead of 'dirsrv' on upgrade, and
+ use service(8) instead of invoke-rc.d.
+
+ -- Timo Aaltonen <tjaalton@debian.org> Thu, 07 May 2015 07:58:35 +0300
+
+389-ds-base (1.3.3.9-1) experimental; urgency=medium
+
+ * New upstream bugfix release.
+ - Drop cve-2014-8*.diff, upstream.
+
+ -- Timo Aaltonen <tjaalton@debian.org> Thu, 02 Apr 2015 14:47:20 +0300
+
+389-ds-base (1.3.3.5-4) unstable; urgency=medium
+
+ * Security fixes (Closes: #779909)
+ - cve-2014-8105.diff: Fix for CVE-2014-8105
+ - cve-2014-8112.diff: Fix for CVE-2014-8112
+
+ -- Timo Aaltonen <tjaalton@debian.org> Mon, 09 Mar 2015 10:53:03 +0200
+
+389-ds-base (1.3.3.5-3) unstable; urgency=medium
+
+ * use-bash-instead-of-sh.diff: Drop admin_scripts.diff and patch the
+ scripts to use bash instead of trying to fix bashisms. (Closes:
+ #772195)
+
+ -- Timo Aaltonen <tjaalton@debian.org> Fri, 16 Jan 2015 15:40:23 +0200
+
+389-ds-base (1.3.3.5-2) unstable; urgency=medium
+
+ * fix-saslpath.diff: Fix SASL library path.
+
+ -- Timo Aaltonen <tjaalton@debian.org> Sat, 25 Oct 2014 01:48:34 +0300
+
+389-ds-base (1.3.3.5-1) unstable; urgency=medium
+
+ * New upstream bugfix release.
+ * control: Bump policy, no changes.
+
+ -- Timo Aaltonen <tjaalton@debian.org> Mon, 20 Oct 2014 09:57:14 +0300
+
+389-ds-base (1.3.3.3-1) unstable; urgency=medium
+
+ * New upstream release.
+ * Dropped upstreamed patches, refresh others.
+ * control, rules, 389-ds-base.install: Add support for systemd.
+ * fix-obsolete-target.diff: Drop syslog.target from the service files.
+ * 389-ds-base.links: Mask the initscript so that it's not used with systemd.
+
+ -- Timo Aaltonen <tjaalton@debian.org> Mon, 06 Oct 2014 17:13:01 +0300
+
+389-ds-base (1.3.2.23-2) unstable; urgency=medium
+
+ * Team upload.
+ * Add fix-bsd.patch and support-kfreebsd.patch to fix the build failure
+ on kFreeBSD.
+
+ -- Benjamin Drung <benjamin.drung@profitbricks.com> Wed, 03 Sep 2014 15:32:22 +0200
+
+389-ds-base (1.3.2.23-1) unstable; urgency=medium
+
+ * New bugfix release.
+ * watch: Update the url.
+ * control: Update Vcs-Browser url to use cgit.
+
+ -- Timo Aaltonen <tjaalton@debian.org> Mon, 01 Sep 2014 13:32:59 +0300
+
+389-ds-base (1.3.2.21-1) unstable; urgency=medium
+
+ * New upstream release.
+ - CVE-2014-3562 (Closes: #757437)
+
+ -- Timo Aaltonen <tjaalton@ubuntu.com> Fri, 08 Aug 2014 10:48:55 +0300
+
+389-ds-base (1.3.2.19-1) unstable; urgency=medium
+
+ * New upstream release.
+ * admin_scripts.diff: Updated to fix more bashisms.
+ * watch: Update the url.
+ * Install failedbinds.py and logregex.py scripts.
+ * init: Use status from init-functions.
+ * control: Update my email.
+
+ -- Timo Aaltonen <tjaalton@debian.org> Tue, 08 Jul 2014 15:50:11 +0300
+
+389-ds-base (1.3.2.9-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Apply fix for CVE-2014-0132, see like named patch (Closes: 741600)
+ * Fix m4-macro for libsrvcore and add missing B-D on libpci-dev
+ (Closes: #745821)
+
+ -- Tobias Frost <tobi@coldtobi.de> Fri, 25 Apr 2014 15:11:16 +0200
+
+389-ds-base (1.3.2.9-1) unstable; urgency=low
+
+ * New upstream release.
+ - fixes CVE-2013-0336 (Closes: #704077)
+ - fixes CVE-2013-1897 (Closes: #704421)
+ - fixes CVE-2013-2219 (Closes: #718325)
+ - fixes CVE-2013-4283 (Closes: #721222)
+ - fixes CVE-2013-4485 (Closes: #730115)
+ * Drop fix-CVE-2013-0312.diff, upstream.
+ * rules: Add new scripts to rename.
+ * fix-sasl-path.diff: Use a triplet path to find libsasl2. (LP:
+ #1088822)
+ * admin_scripts.diff: Add patch from upstream #47511 to fix bashisms.
+ * control: Add ldap-utils to -base depends.
+ * rules, rename-online-scripts.diff: Some scripts with .pl suffix are
+ meant for an online server, so instead of overwriting the offline
+ scripts use -online suffix.
+ * rules: Enable parallel build, but limit the jobs to 1 for
+ dh_auto_install.
+ * control: Bump policy to 3.9.5, no changes.
+ * rules: Add get-orig-source target.
+ * lintian-overrides: Drop obsolete entries, add comments for the rest.
+
+ -- Timo Aaltonen <tjaalton@ubuntu.com> Mon, 03 Feb 2014 11:08:50 +0200
+
+389-ds-base (1.3.0.3-1) unstable; urgency=low
+
+ * New upstream release.
+ * control: Bump the policy to 3.9.4, no changes.
+ * fix-CVE-2013-0312.diff: Patch to fix handling LDAPv3 control data.
+
+ -- Timo Aaltonen <tjaalton@ubuntu.com> Mon, 11 Mar 2013 14:23:20 +0200
+
+389-ds-base (1.2.11.17-1) UNRELEASED; urgency=low
+
+ * New upstream release.
+ * watch: Add a comment about the upstream git tree.
+ * fix-cve-2012-4450.diff: Remove, upstream.
+
+ -- Timo Aaltonen <tjaalton@ubuntu.com> Sat, 01 Dec 2012 14:22:13 +0200
+
+389-ds-base (1.2.11.15-1) unstable; urgency=low
+
+ * New upstream release.
+ * Add fix-cve-2012-4450.diff. (Closes: #688942)
+ * dirsrv.init: Fix stop() to remove the pidfile only when the process
+ is finished. (Closes: #689389)
+ * copyright: Update the source url.
+ * control: Drop quilt from build-depends, since using 3.0 (quilt)
+ * lintian-overrides: Add an override for hardening-no-fortify-
+ functions, since it's a false positive in this case.
+ * control: Drop dpkg-dev from build-depends, no need to specify it
+ directly.
+ * copyright: Add myself as a copyright holder for debian/*.
+ * 389-ds-base.prerm: Add 'set -e'.
+ * rules: drop DEB_HOST_MULTIARCH, dh9 handles it.
+
+ -- Timo Aaltonen <tjaalton@ubuntu.com> Wed, 03 Oct 2012 19:33:52 +0300
+
+389-ds-base (1.2.11.7-5) unstable; urgency=low
+
+ * control: Drop debconf-utils and po-debconf from build-depends.
+ * control: Add libnetaddr-ip-perl and libsocket-getaddrinfo-perl to
+ 389-ds-base Depends for ipv6 support. (Closes: #682847)
+
+ -- Timo Aaltonen <tjaalton@ubuntu.com> Mon, 30 Jul 2012 13:12:23 +0200
+
+389-ds-base (1.2.11.7-4) unstable; urgency=low
+
+ * debian/po: Remove, leftover from the template purge. (Closes: #681543)
+
+ -- Timo Aaltonen <tjaalton@ubuntu.com> Thu, 19 Jul 2012 23:12:01 +0300
+
+389-ds-base (1.2.11.7-3) unstable; urgency=low
+
+ * 389-ds-base.config: Removed, the debconf template is no more.
+ (Closes: #680351)
+ * control: Remove duplicate 'the' from the 389-ds description.
+
+ -- Timo Aaltonen <tjaalton@ubuntu.com> Wed, 11 Jul 2012 11:59:36 +0300
+
+389-ds-base (1.2.11.7-2) unstable; urgency=low
+
+ * control: Stop hardcoding libs to binary depends. (Closes: #679790)
+ * control: Add libnspr4-dev and libldap2-dev to 389-ds-base-dev
+ Depends. (Closes: #679742)
+ * l10n review (Closes: #679870) :
+ - Drop the debconf template, and rewrap README.Debian.
+ - control: Update the descriptions
+
+ -- Timo Aaltonen <tjaalton@ubuntu.com> Tue, 03 Jul 2012 17:58:20 +0300
+
+389-ds-base (1.2.11.7-1) unstable; urgency=low
+
+ [ Timo Aaltonen ]
+ * New upstream release.
+ * watch: Fix the url.
+ * patches/remove_license_prompt: Dropped, included upstream.
+ * patches/default_user: Refreshed.
+ * control: Change the VCS header to point to the git repository.
+ * control: Rename last remnants of Fedora to 389.
+ * changelog, control: Be consistent with the naming; renamed the source
+ to just '389-ds-base', which matches upstream tarball naming.
+ * control: Wrap Depends.
+ * compat, control: Bump compat to 9, and debhelper build-dep to (>= 9).
+ * rules: Switch to dh.
+ * Move dirsrv.lintian to dirsrv.lintian-overrides, adjust dirsrv.install.
+ * *.dirs: Clean up.
+ * control: Build-depend on dh-autoreconf, drop duplicate bdeps.
+ * Fold dirsrv-tools into the main package.
+ * Build against libldap2-dev (>= 2.4.28).
+ * Rename binary package to 389-ds-base.
+ * -dev.install: Install the pkgconfig file.
+ * rules: Enable PIE hardening.
+ * Add a default file, currently sets LD_BIND_NOW=1.
+ * control: 'dbgen' uses old perl libs, add libperl4-corelibs-perl
+ dependency to 389-ds-base.
+ * rules: Add --fail-missing for dh_install, remove files not needed
+ and make sure to install the rest.
+ * rules, control: Fix the installation name of ds-logpipe.py, add
+ python dependency to 389-ds-base..
+ * libns-dshttpd is internal to the server, ship it in 389-ds-base.
+ * Rename libdirsrv{-dev,0} -> 389-ds-base-{dev,libs}, includes only
+ libslapd and headers for external plugin development.
+ * control: Breaks/Replaces old libdirsrv-dev/libdirsrv0/dirsrv.
+ * Drop hyphen_used_as_minus, applied upstream.
+ * copyright: Use DEP5 format.
+ * Cherry-pick upstream commit ee320163c6 to get rid of unnecessary
+ and non-free MIB's from the tree, and build a dfsg compliant tarball.
+ * lintian-overrides: Update, create one for -libs.
+ * Fix the initscript to create the lockdir, and refactor code into separate
+ functions.
+ * Drop obsolete entries from copyright, and make it lintian clean.
+ * debian/po: Refer to the correct file after rename.
+ * control: Bump Standards-Version to 3.9.3, no changes.
+ * postinst: Drop unused 'lastversion'.
+ * patches: Add DEP3 compliant headers.
+ * rules, postinst: Add an error handler function for dh_installinit, so
+ that clean installs don't fail due to missing configuration.
+ * postinst: Run the update tool.
+ * dirsrv.init:
+ - Make the start and stop functions much simpler and LSB compliant
+ - Fix starting multiple instances
+ - Use '-b' for start-stop-daemon, since ns-slapd doesn't detach properly
+ * control: Add 389-ds metapackage.
+ * control: Change libdb4.8-dev build-depends to libdb-dev, since this version
+ supports db5.x.
+ * 389-ds-base.prerm: Add prerm script for removing installed instances on
+ purge.
+
+ [ Krzysztof Klimonda ]
+ * dirsrv.init:
+ - return 0 code if there are no instances configured and tweak message
+ so it doesn't indicate a failure.
+
+ -- Krzysztof Klimonda <kklimonda@syntaxhighlighted.com> Tue, 27 Mar 2012 14:26:16 +0200
+
+389-directory-server (1.2.6.1-5) unstable; urgency=low
+
+ * Removed db_stop from dirsrv.postinst
+ * Fix short description in libdirsrv0-dbg
+
+ -- Michele Baldessari <michele@acksyn.org> Wed, 20 Oct 2010 20:24:20 +0200
+
+389-directory-server (1.2.6.1-4) unstable; urgency=low
+
+ * Make libicu dep dependent on dpkg-vendor
+
+ -- Michele Baldessari <michele@acksyn.org> Mon, 18 Oct 2010 21:21:52 +0200
+
+389-directory-server (1.2.6.1-3) unstable; urgency=low
+
+ * Remove dirsrv user and group in postrm
+ * Clean up postrm and postinst
+
+ -- Michele Baldessari <michele@acksyn.org> Sun, 17 Oct 2010 21:54:08 +0200
+
+389-directory-server (1.2.6.1-2) unstable; urgency=low
+
+ * Fix QUILT_STAMPFN
+
+ -- Michele Baldessari <michele@acksyn.org> Sun, 17 Oct 2010 15:03:34 +0200
+
+389-directory-server (1.2.6.1-1) unstable; urgency=low
+
+ * New upstream
+
+ -- Michele Baldessari <michele@acksyn.org> Sat, 16 Oct 2010 23:08:09 +0200
+
+389-directory-server (1.2.6-2) unstable; urgency=low
+
+ * Update my email address
+
+ -- Michele Baldessari <michele@acksyn.org> Sat, 16 Oct 2010 22:34:19 +0200
+
+389-directory-server (1.2.6-1) unstable; urgency=low
+
+ * New upstream
+ * s/Fedora/389/g to clean up the branding
+ * Remove automatic configuration (breaks too often with every update)
+ * Remove dirsrv.config translation, no questions are asked anymore
+ * Fix old changelog versions with proper ~ on rc versions
+ * Update policy to 3.9.1
+ * Improve README.Debian
+ * Depend on libicu44
+ * Remove /var/run/dirsrv from the postinst scripts (managed by init script)
+
+ -- Michele Baldessari <michele@pupazzo.org> Sat, 04 Sep 2010 11:58:21 +0200
+
+389-directory-server (1.2.6~rc7-1) unstable; urgency=low
+
+ * New upstream
+
+ -- Michele Baldessari <michele@pupazzo.org> Fri, 03 Sep 2010 20:06:08 +0200
+
+389-directory-server (1.2.6~a3-1) unstable; urgency=low
+
+ * New upstream
+ * Rename man page remove-ds.pl in remove-ds
+ * Removed Debian.source
+
+ -- Michele Baldessari <michele@pupazzo.org> Sun, 23 May 2010 22:12:13 +0200
+
+389-directory-server (1.2.6~a2-1) unstable; urgency=low
+
+ * New upstream
+ * Removed speling_fixes patch, applied upstream
+
+ -- Michele Baldessari <michele@pupazzo.org> Sun, 23 May 2010 13:36:25 +0200
+
+389-directory-server (1.2.5-1) unstable; urgency=low
+
+ * New upstream
+ * Add libpcre3-dev Build-dep
+ * ldap-agent moved ti /usr/sbin
+ * Fix spelling errors in code and manpages
+ * Fix some lintian warnings
+ * Bump policy to 3.8.3
+ * Ignore lintian warning pkg-has-shlibs-control-file-but-no-actual-shared-libs
+ as the shlibs file is for dirsrv plugins
+ * Upgraded deps to libicu42 and libdb4.8
+ * Do create /var/lib/dirsrv as dirsrv user's home
+ * Added libsasl2-modules-gssapi-mit as a dependency for dirsrv (needed by
+ mandatory LDAP SASL mechs)
+ * Install all files of etc/dirsrv/config
+ * Add some missing start scripts in usr/sbin
+ * Fixed a bug in the dirsrv.init script
+ * Switch to dpkg-source 3.0 (quilt) format
+ * Bump policy to 3.8.4
+
+ -- Michele Baldessari <michele@pupazzo.org> Sun, 23 May 2010 12:31:24 +0200
+
+389-directory-server (1.2.1-0) unstable; urgency=low
+
+ * Rename of source package (note, since this is still staging work no
+ replace or upgrade is in place)
+ * Update watch file
+ * New Upstream
+
+ -- Michele Baldessari <michele@pupazzo.org> Fri, 12 Jun 2009 22:08:42 +0200
+
+fedora-directory-server (1.2.0-1) unstable; urgency=low
+
+ * New upstream release
+ * Add missing libkrb5-dev dependency
+ * Fix section of -dbg packages
+ * Fix all "dpatch-missing-description" lintian warnings
+
+ -- Michele Baldessari <michele@pupazzo.org> Wed, 22 Apr 2009 23:36:22 +0200
+
+fedora-directory-server (1.1.3-1) unstable; urgency=low
+
+ * New upstream
+ * Added watch file
+ * Make setup-ds use dirsrv:dirsrv user/group as defaults
+ * Added VCS-* fields
+ * --enable-autobind
+ * Add ldap/servers/plugins/replication/winsync-plugin.h to libdirsrv-dev
+
+ -- Michele Baldessari <michele@pupazzo.org> Mon, 24 Nov 2008 22:42:26 +0100
+
+fedora-directory-server (1.1.2-2) unstable; urgency=low
+
+ * Fixed build+configure twice issue
+ * Added Conflicts: slapd (thanks Alessandro)
+
+ -- Michele Baldessari <michele@pupazzo.org> Tue, 23 Sep 2008 21:12:44 +0200
+
+fedora-directory-server (1.1.2-1) unstable; urgency=low
+
+ * New upstream
+ * Removed /usr/sbin PATH from postinst script
+
+ -- Michele Baldessari <michele@pupazzo.org> Sat, 20 Sep 2008 20:10:52 +0000
+
+fedora-directory-server (1.1.1-0) unstable; urgency=low
+
+ * New upstream
+ * Don't apply patch for 439829, fixed upstream
+ * Bump to policy 3.8.0
+ * Added README.source
+
+ -- Michele Baldessari <michele@pupazzo.org> Fri, 22 Aug 2008 00:09:40 +0200
+
+fedora-directory-server (1.1.0-4) unstable; urgency=low
+
+ * dirsrv should depend on libmozilla-ldap-perl (thanks Mathias Kaufmann
+ <steiger@mmforces.de>)
+
+ -- Michele Baldessari <michele@pupazzo.org> Sun, 20 Jul 2008 18:41:58 +0200
+
+fedora-directory-server (1.1.0-3) unstable; urgency=low
+
+ * Fix up some descriptions
+
+ -- Michele Baldessari <michele@pupazzo.org> Sun, 25 May 2008 21:36:32 +0200
+
+fedora-directory-server (1.1.0-2) unstable; urgency=low
+
+ * Silenced init warning messages when chowning pid directory
+
+ -- Michele Baldessari <michele@pupazzo.org> Wed, 21 May 2008 23:08:32 +0200
+
+fedora-directory-server (1.1.0-1) unstable; urgency=low
+
+ * Removed template lintian warning
+ * Cleaned up manpages
+
+ -- Michele Baldessari <michele@pupazzo.org> Sun, 18 May 2008 13:39:58 +0200
+
+fedora-directory-server (1.1.0-0) unstable; urgency=low
+
+ * Initial release (Closes: #497098).
+ * Fixed postinst after renaming setup-ds.pl to setup-ds
+ * Applied patch from https://bugzilla.redhat.com/show_bug.cgi?id=439829 to
+ fix segfault against late NSS versions
+ * Switched to parseable copyright format
+ * Source package is lintian clean now
+ * Added initial manpage patch
+ * Switched to dh_install
+
+ -- Michele Baldessari <michele@pupazzo.org> Thu, 27 Mar 2008 23:56:17 +0200
--- /dev/null
+Source: 389-ds-base
+Section: net
+Priority: optional
+Maintainer: Debian 389ds Team <pkg-fedora-ds-maintainers@lists.alioth.debian.org>
+Uploaders:
+ Timo Aaltonen <tjaalton@debian.org>,
+ Krzysztof Klimonda <kklimonda@syntaxhighlighted.com>,
+Build-Depends:
+ debhelper (>= 9),
+ dh-autoreconf,
+ dh-systemd,
+ libbz2-dev,
+ libdb-dev,
+ libicu-dev,
+ libkrb5-dev,
+ libldap2-dev (>= 2.4.28),
+ libnspr4-dev,
+ libnss3-dev,
+ libpam0g-dev,
+ libpci-dev,
+ libpcre3-dev,
+ libperl-dev,
+ libsasl2-dev,
+ libsnmp-dev,
+ libssl-dev,
+ libsvrcore-dev (>= 1:4.1.2+dfsg1-3),
+ libsystemd-dev,
+ pkg-config,
+ zlib1g-dev,
+Standards-Version: 3.9.8
+Vcs-Git: git://anonscm.debian.org/pkg-fedora-ds/389-ds-base.git
+Vcs-Browser: http://anonscm.debian.org/cgit/pkg-fedora-ds/389-ds-base.git
+Homepage: http://directory.fedoraproject.org
+
+Package: 389-ds
+Architecture: all
+Depends:
+ 389-admin,
+ 389-admin-console,
+ 389-console,
+ 389-ds-base,
+ 389-ds-console,
+ 389-dsgw,
+ ${misc:Depends},
+Description: 389 Directory Server suite - metapackage
+ Based on the Lightweight Directory Access Protocol (LDAP), the 389
+ Directory Server is designed to manage large directories of users and
+ resources robustly and scalably.
+ .
+ This is a metapackage depending on the LDAPv3 server, the HTTP
+ daemon used for server administration, and the graphical console used
+ for server and user/group administration.
+
+Package: 389-ds-base-libs
+Section: libs
+Architecture: any
+Pre-Depends: ${misc:Pre-Depends}
+Depends: ${misc:Depends}, ${shlibs:Depends}
+Breaks: libdirsrv0
+Replaces: libdirsrv0
+Description: 389 Directory Server suite - libraries
+ Based on the Lightweight Directory Access Protocol (LDAP), the 389
+ Directory Server is designed to manage large directories of users and
+ resources robustly and scalably.
+ .
+ This package contains core libraries for the 389 Directory Server.
+
+Package: 389-ds-base-dev
+Section: libdevel
+Architecture: any
+Depends:
+ 389-ds-base-libs (= ${binary:Version}),
+ libldap2-dev,
+ libnspr4-dev,
+ ${misc:Depends},
+ ${shlibs:Depends},
+Breaks: libdirsrv-dev
+Replaces: libdirsrv-dev
+Description: 389 Directory Server suite - development files
+ Based on the Lightweight Directory Access Protocol (LDAP), the 389
+ Directory Server is designed to manage large directories of users and
+ resources robustly and scalably.
+ .
+ This package contains development headers for the core libraries
+ of the 389 Directory Server, useful for developing plugins without
+ having to install the server itself.
+
+Package: 389-ds-base
+Architecture: any
+Pre-Depends: debconf (>= 0.5) | debconf-2.0
+Depends:
+ 389-ds-base-libs (= ${binary:Version}),
+ adduser,
+ acl,
+ ldap-utils,
+ libmozilla-ldap-perl,
+ libnetaddr-ip-perl,
+ libperl4-corelibs-perl | perl (<< 5.12.3-7),
+ libsasl2-modules-gssapi-mit,
+ libsocket-getaddrinfo-perl,
+ python,
+ systemd,
+ ${misc:Depends},
+ ${shlibs:Depends},
+Breaks: dirsrv, libdirsrv-dev, libdirsrv0
+Replaces: dirsrv, libdirsrv-dev, libdirsrv0
+Description: 389 Directory Server suite - server
+ Based on the Lightweight Directory Access Protocol (LDAP), the 389
+ Directory Server is designed to manage large directories of users and
+ resources robustly and scalably.
+ .
+ Its key features include:
+ * four-way multi-master replication;
+ * great scalability;
+ * extensive documentation;
+ * Active Directory user and group synchronization;
+ * secure authentication and transport;
+ * support for LDAPv3;
+ * graphical management console;
+ * on-line, zero downtime update of schema, configuration, and
+ in-tree Access Control Information.
+
--- /dev/null
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-name: 389-ds-base
+Source: http://directory.fedoraproject.org/wiki/Source
+
+Files: *
+Copyright: 2001 Sun Microsystems, Inc.
+ 2005 Red Hat, Inc.
+License: GPL-2 and Other
+
+Files: ldap/libraries/libavl/*.[ch] ldap/servers/slapd/abandon.c
+ ldap/servers/slapd/add.c ldap/servers/slapd/abandon.c
+ ldap/servers/slapd/add.c ldap/servers/slapd/bind.c
+ ldap/servers/slapd/bulk_import.c ldap/servers/slapd/compare.c
+ ldap/servers/slapd/delete.c ldap/servers/slapd/detach.c
+ ldap/servers/slapd/globals.c ldap/servers/slapd/modify.c
+ ldap/servers/slapd/modrdn.c ldap/servers/slapd/monitor.c
+ ldap/servers/slapd/search.c ldap/servers/slapd/unbind.c
+Copyright: 1993 Regents of the University of Michigan
+ 2001 Sun Microsystems, Inc.
+ 2005 Red Hat, Inc.
+License: GPL-2 and Other
+
+Files: ldap/servers/slapd/tools/ldaptool.h
+Copyright: 1998 Netscape Communication Corporation
+License: GPL-2+ or LGPL-2.1 or MPL-1.1
+
+Files: ldap/servers/slapd/tools/ldaptool-sasl.c
+ ldap/servers/slapd/tools/ldaptool-sasl.h
+Copyright: 2005 Sun Microsystems, Inc.
+License: GPL-2+ or LGPL-2.1 or MPL-1.1
+
+Files: m4/*
+Copyright: 2006, 2007 Red Hat, Inc.
+License: GPL-2+
+
+Files: debian/*
+Copyright: 2008 Michele Baldessari <michele@acksyn.org>
+ 2012 Timo Aaltonen <tjaalton@ubuntu.com>
+License: GPL-2+ or LGPL-2.1 or MPL-1.1
+
+License: Other
+ In addition, as a special exception, Red Hat, Inc. gives You the additional
+ right to link the code of this Program with code not covered under the GNU
+ General Public License ("Non-GPL Code") and to distribute linked combinations
+ including the two, subject to the limitations in this paragraph. Non-GPL Code
+ permitted under this exception must only link to the code of this Program
+ through those well defined interfaces identified in the file named EXCEPTION
+ found in the source code files (the "Approved Interfaces"). The files of
+ Non-GPL Code may instantiate templates or use macros or inline functions from
+ the Approved Interfaces without causing the resulting work to be covered by
+ the GNU General Public License. Only Red Hat, Inc. may make changes or
+ additions to the list of Approved Interfaces. You must obey the GNU General
+ Public License in all respects for all of the Program code and other code used
+ in conjunction with the Program except the Non-GPL Code covered by this
+ exception. If you modify this file, you may extend this exception to your
+ version of the file, but you are not obligated to do so. If you do not wish to
+ provide this exception without modification, you must delete this exception
+ statement from your version and license this file solely under the GPL without
+ exception.
+
+License: GPL-2 or GPL-2+
+ On Debian machines the full text of the GNU General Public License
+ can be found in the file /usr/share/common-licenses/GPL-2.
+
+License: LGPL-2.1
+ On Debian machines the full text of the GNU General Public License
+ can be found in the file /usr/share/common-licenses/LGPL-2.1.
+
+
+License: MPL-1.1
+ MOZILLA PUBLIC LICENSE
+ Version 1.1
+ .
+ ---------------
+ .
+ 1. Definitions.
+ .
+ 1.0.1. "Commercial Use" means distribution or otherwise making the
+ Covered Code available to a third party.
+ .
+ 1.1. "Contributor" means each entity that creates or contributes to
+ the creation of Modifications.
+ .
+ 1.2. "Contributor Version" means the combination of the Original
+ Code, prior Modifications used by a Contributor, and the Modifications
+ made by that particular Contributor.
+ .
+ 1.3. "Covered Code" means the Original Code or Modifications or the
+ combination of the Original Code and Modifications, in each case
+ including portions thereof.
+ .
+ 1.4. "Electronic Distribution Mechanism" means a mechanism generally
+ accepted in the software development community for the electronic
+ transfer of data.
+ .
+ 1.5. "Executable" means Covered Code in any form other than Source
+ Code.
+ .
+ 1.6. "Initial Developer" means the individual or entity identified
+ as the Initial Developer in the Source Code notice required by Exhibit
+ A.
+ .
+ 1.7. "Larger Work" means a work which combines Covered Code or
+ portions thereof with code not governed by the terms of this License.
+ .
+ 1.8. "License" means this document.
+ .
+ 1.8.1. "Licensable" means having the right to grant, to the maximum
+ extent possible, whether at the time of the initial grant or
+ subsequently acquired, any and all of the rights conveyed herein.
+ .
+ 1.9. "Modifications" means any addition to or deletion from the
+ substance or structure of either the Original Code or any previous
+ Modifications. When Covered Code is released as a series of files, a
+ Modification is:
+ A. Any addition to or deletion from the contents of a file
+ containing Original Code or previous Modifications.
+ .
+ B. Any new file that contains any part of the Original Code or
+ previous Modifications.
+ .
+ 1.10. "Original Code" means Source Code of computer software code
+ which is described in the Source Code notice required by Exhibit A as
+ Original Code, and which, at the time of its release under this
+ License is not already Covered Code governed by this License.
+ .
+ 1.10.1. "Patent Claims" means any patent claim(s), now owned or
+ hereafter acquired, including without limitation, method, process,
+ and apparatus claims, in any patent Licensable by grantor.
+ .
+ 1.11. "Source Code" means the preferred form of the Covered Code for
+ making modifications to it, including all modules it contains, plus
+ any associated interface definition files, scripts used to control
+ compilation and installation of an Executable, or source code
+ differential comparisons against either the Original Code or another
+ well known, available Covered Code of the Contributor's choice. The
+ Source Code can be in a compressed or archival form, provided the
+ appropriate decompression or de-archiving software is widely available
+ for no charge.
+ .
+ 1.12. "You" (or "Your") means an individual or a legal entity
+ exercising rights under, and complying with all of the terms of, this
+ License or a future version of this License issued under Section 6.1.
+ For legal entities, "You" includes any entity which controls, is
+ controlled by, or is under common control with You. For purposes of
+ this definition, "control" means (a) the power, direct or indirect,
+ to cause the direction or management of such entity, whether by
+ contract or otherwise, or (b) ownership of more than fifty percent
+ (50%) of the outstanding shares or beneficial ownership of such
+ entity.
+ .
+ 2. Source Code License.
+ .
+ 2.1. The Initial Developer Grant.
+ The Initial Developer hereby grants You a world-wide, royalty-free,
+ non-exclusive license, subject to third party intellectual property
+ claims:
+ (a) under intellectual property rights (other than patent or
+ trademark) Licensable by Initial Developer to use, reproduce,
+ modify, display, perform, sublicense and distribute the Original
+ Code (or portions thereof) with or without Modifications, and/or
+ as part of a Larger Work; and
+ .
+ (b) under Patents Claims infringed by the making, using or
+ selling of Original Code, to make, have made, use, practice,
+ sell, and offer for sale, and/or otherwise dispose of the
+ Original Code (or portions thereof).
+ .
+ (c) the licenses granted in this Section 2.1(a) and (b) are
+ effective on the date Initial Developer first distributes
+ Original Code under the terms of this License.
+ .
+ (d) Notwithstanding Section 2.1(b) above, no patent license is
+ granted: 1) for code that You delete from the Original Code; 2)
+ separate from the Original Code; or 3) for infringements caused
+ by: i) the modification of the Original Code or ii) the
+ combination of the Original Code with other software or devices.
+ .
+ 2.2. Contributor Grant.
+ Subject to third party intellectual property claims, each Contributor
+ hereby grants You a world-wide, royalty-free, non-exclusive license
+ .
+ (a) under intellectual property rights (other than patent or
+ trademark) Licensable by Contributor, to use, reproduce, modify,
+ display, perform, sublicense and distribute the Modifications
+ created by such Contributor (or portions thereof) either on an
+ unmodified basis, with other Modifications, as Covered Code
+ and/or as part of a Larger Work; and
+ .
+ (b) under Patent Claims infringed by the making, using, or
+ selling of Modifications made by that Contributor either alone
+ and/or in combination with its Contributor Version (or portions
+ of such combination), to make, use, sell, offer for sale, have
+ made, and/or otherwise dispose of: 1) Modifications made by that
+ Contributor (or portions thereof); and 2) the combination of
+ Modifications made by that Contributor with its Contributor
+ Version (or portions of such combination).
+ .
+ (c) the licenses granted in Sections 2.2(a) and 2.2(b) are
+ effective on the date Contributor first makes Commercial Use of
+ the Covered Code.
+ .
+ (d) Notwithstanding Section 2.2(b) above, no patent license is
+ granted: 1) for any code that Contributor has deleted from the
+ Contributor Version; 2) separate from the Contributor Version;
+ 3) for infringements caused by: i) third party modifications of
+ Contributor Version or ii) the combination of Modifications made
+ by that Contributor with other software (except as part of the
+ Contributor Version) or other devices; or 4) under Patent Claims
+ infringed by Covered Code in the absence of Modifications made by
+ that Contributor.
+ .
+ 3. Distribution Obligations.
+ .
+ 3.1. Application of License.
+ The Modifications which You create or to which You contribute are
+ governed by the terms of this License, including without limitation
+ Section 2.2. The Source Code version of Covered Code may be
+ distributed only under the terms of this License or a future version
+ of this License released under Section 6.1, and You must include a
+ copy of this License with every copy of the Source Code You
+ distribute. You may not offer or impose any terms on any Source Code
+ version that alters or restricts the applicable version of this
+ License or the recipients' rights hereunder. However, You may include
+ an additional document offering the additional rights described in
+ Section 3.5.
+ .
+ 3.2. Availability of Source Code.
+ Any Modification which You create or to which You contribute must be
+ made available in Source Code form under the terms of this License
+ either on the same media as an Executable version or via an accepted
+ Electronic Distribution Mechanism to anyone to whom you made an
+ Executable version available; and if made available via Electronic
+ Distribution Mechanism, must remain available for at least twelve (12)
+ months after the date it initially became available, or at least six
+ (6) months after a subsequent version of that particular Modification
+ has been made available to such recipients. You are responsible for
+ ensuring that the Source Code version remains available even if the
+ Electronic Distribution Mechanism is maintained by a third party.
+ .
+ 3.3. Description of Modifications.
+ You must cause all Covered Code to which You contribute to contain a
+ file documenting the changes You made to create that Covered Code and
+ the date of any change. You must include a prominent statement that
+ the Modification is derived, directly or indirectly, from Original
+ Code provided by the Initial Developer and including the name of the
+ Initial Developer in (a) the Source Code, and (b) in any notice in an
+ Executable version or related documentation in which You describe the
+ origin or ownership of the Covered Code.
+ .
+ 3.4. Intellectual Property Matters
+ (a) Third Party Claims.
+ If Contributor has knowledge that a license under a third party's
+ intellectual property rights is required to exercise the rights
+ granted by such Contributor under Sections 2.1 or 2.2,
+ Contributor must include a text file with the Source Code
+ distribution titled "LEGAL" which describes the claim and the
+ party making the claim in sufficient detail that a recipient will
+ know whom to contact. If Contributor obtains such knowledge after
+ the Modification is made available as described in Section 3.2,
+ Contributor shall promptly modify the LEGAL file in all copies
+ Contributor makes available thereafter and shall take other steps
+ (such as notifying appropriate mailing lists or newsgroups)
+ reasonably calculated to inform those who received the Covered
+ Code that new knowledge has been obtained.
+ .
+ (b) Contributor APIs.
+ If Contributor's Modifications include an application programming
+ interface and Contributor has knowledge of patent licenses which
+ are reasonably necessary to implement that API, Contributor must
+ also include this information in the LEGAL file.
+ .
+ (c) Representations.
+ Contributor represents that, except as disclosed pursuant to
+ Section 3.4(a) above, Contributor believes that Contributor's
+ Modifications are Contributor's original creation(s) and/or
+ Contributor has sufficient rights to grant the rights conveyed by
+ this License.
+ .
+ 3.5. Required Notices.
+ You must duplicate the notice in Exhibit A in each file of the Source
+ Code. If it is not possible to put such notice in a particular Source
+ Code file due to its structure, then You must include such notice in a
+ location (such as a relevant directory) where a user would be likely
+ to look for such a notice. If You created one or more Modification(s)
+ You may add your name as a Contributor to the notice described in
+ Exhibit A. You must also duplicate this License in any documentation
+ for the Source Code where You describe recipients' rights or ownership
+ rights relating to Covered Code. You may choose to offer, and to
+ charge a fee for, warranty, support, indemnity or liability
+ obligations to one or more recipients of Covered Code. However, You
+ may do so only on Your own behalf, and not on behalf of the Initial
+ Developer or any Contributor. You must make it absolutely clear than
+ any such warranty, support, indemnity or liability obligation is
+ offered by You alone, and You hereby agree to indemnify the Initial
+ Developer and every Contributor for any liability incurred by the
+ Initial Developer or such Contributor as a result of warranty,
+ support, indemnity or liability terms You offer.
+ .
+ 3.6. Distribution of Executable Versions.
+ You may distribute Covered Code in Executable form only if the
+ requirements of Section 3.1-3.5 have been met for that Covered Code,
+ and if You include a notice stating that the Source Code version of
+ the Covered Code is available under the terms of this License,
+ including a description of how and where You have fulfilled the
+ obligations of Section 3.2. The notice must be conspicuously included
+ in any notice in an Executable version, related documentation or
+ collateral in which You describe recipients' rights relating to the
+ Covered Code. You may distribute the Executable version of Covered
+ Code or ownership rights under a license of Your choice, which may
+ contain terms different from this License, provided that You are in
+ compliance with the terms of this License and that the license for the
+ Executable version does not attempt to limit or alter the recipient's
+ rights in the Source Code version from the rights set forth in this
+ License. If You distribute the Executable version under a different
+ license You must make it absolutely clear that any terms which differ
+ from this License are offered by You alone, not by the Initial
+ Developer or any Contributor. You hereby agree to indemnify the
+ Initial Developer and every Contributor for any liability incurred by
+ the Initial Developer or such Contributor as a result of any such
+ terms You offer.
+ .
+ 3.7. Larger Works.
+ You may create a Larger Work by combining Covered Code with other code
+ not governed by the terms of this License and distribute the Larger
+ Work as a single product. In such a case, You must make sure the
+ requirements of this License are fulfilled for the Covered Code.
+ .
+ 4. Inability to Comply Due to Statute or Regulation.
+ .
+ If it is impossible for You to comply with any of the terms of this
+ License with respect to some or all of the Covered Code due to
+ statute, judicial order, or regulation then You must: (a) comply with
+ the terms of this License to the maximum extent possible; and (b)
+ describe the limitations and the code they affect. Such description
+ must be included in the LEGAL file described in Section 3.4 and must
+ be included with all distributions of the Source Code. Except to the
+ extent prohibited by statute or regulation, such description must be
+ sufficiently detailed for a recipient of ordinary skill to be able to
+ understand it.
+ .
+ 5. Application of this License.
+ .
+ This License applies to code to which the Initial Developer has
+ attached the notice in Exhibit A and to related Covered Code.
+ .
+ 6. Versions of the License.
+ .
+ 6.1. New Versions.
+ Netscape Communications Corporation ("Netscape") may publish revised
+ and/or new versions of the License from time to time. Each version
+ will be given a distinguishing version number.
+ .
+ 6.2. Effect of New Versions.
+ Once Covered Code has been published under a particular version of the
+ License, You may always continue to use it under the terms of that
+ version. You may also choose to use such Covered Code under the terms
+ of any subsequent version of the License published by Netscape. No one
+ other than Netscape has the right to modify the terms applicable to
+ Covered Code created under this License.
+ .
+ 6.3. Derivative Works.
+ If You create or use a modified version of this License (which you may
+ only do in order to apply it to code which is not already Covered Code
+ governed by this License), You must (a) rename Your license so that
+ the phrases "Mozilla", "MOZILLAPL", "MOZPL", "Netscape",
+ "MPL", "NPL" or any confusingly similar phrase do not appear in your
+ license (except to note that your license differs from this License)
+ and (b) otherwise make it clear that Your version of the license
+ contains terms which differ from the Mozilla Public License and
+ Netscape Public License. (Filling in the name of the Initial
+ Developer, Original Code or Contributor in the notice described in
+ Exhibit A shall not of themselves be deemed to be modifications of
+ this License.)
+ .
+ 7. DISCLAIMER OF WARRANTY.
+ .
+ COVERED CODE IS PROVIDED UNDER THIS LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING,
+ WITHOUT LIMITATION, WARRANTIES THAT THE COVERED CODE IS FREE OF
+ DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE OR NON-INFRINGING.
+ THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE COVERED CODE
+ IS WITH YOU. SHOULD ANY COVERED CODE PROVE DEFECTIVE IN ANY RESPECT,
+ YOU (NOT THE INITIAL DEVELOPER OR ANY OTHER CONTRIBUTOR) ASSUME THE
+ COST OF ANY NECESSARY SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER
+ OF WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS LICENSE. NO USE OF
+ ANY COVERED CODE IS AUTHORIZED HEREUNDER EXCEPT UNDER THIS DISCLAIMER.
+ .
+ 8. TERMINATION.
+ .
+ 8.1. This License and the rights granted hereunder will terminate
+ automatically if You fail to comply with terms herein and fail to cure
+ such breach within 30 days of becoming aware of the breach. All
+ sublicenses to the Covered Code which are properly granted shall
+ survive any termination of this License. Provisions which, by their
+ nature, must remain in effect beyond the termination of this License
+ shall survive.
+ .
+ 8.2. If You initiate litigation by asserting a patent infringement
+ claim (excluding declatory judgment actions) against Initial Developer
+ or a Contributor (the Initial Developer or Contributor against whom
+ You file such action is referred to as "Participant") alleging that:
+ .
+ (a) such Participant's Contributor Version directly or indirectly
+ infringes any patent, then any and all rights granted by such
+ Participant to You under Sections 2.1 and/or 2.2 of this License
+ shall, upon 60 days notice from Participant terminate prospectively,
+ unless if within 60 days after receipt of notice You either: (i)
+ agree in writing to pay Participant a mutually agreeable reasonable
+ royalty for Your past and future use of Modifications made by such
+ Participant, or (ii) withdraw Your litigation claim with respect to
+ the Contributor Version against such Participant. If within 60 days
+ of notice, a reasonable royalty and payment arrangement are not
+ mutually agreed upon in writing by the parties or the litigation claim
+ is not withdrawn, the rights granted by Participant to You under
+ Sections 2.1 and/or 2.2 automatically terminate at the expiration of
+ the 60 day notice period specified above.
+ .
+ (b) any software, hardware, or device, other than such Participant's
+ Contributor Version, directly or indirectly infringes any patent, then
+ any rights granted to You by such Participant under Sections 2.1(b)
+ and 2.2(b) are revoked effective as of the date You first made, used,
+ sold, distributed, or had made, Modifications made by that
+ Participant.
+ .
+ 8.3. If You assert a patent infringement claim against Participant
+ alleging that such Participant's Contributor Version directly or
+ indirectly infringes any patent where such claim is resolved (such as
+ by license or settlement) prior to the initiation of patent
+ infringement litigation, then the reasonable value of the licenses
+ granted by such Participant under Sections 2.1 or 2.2 shall be taken
+ into account in determining the amount or value of any payment or
+ license.
+ .
+ 8.4. In the event of termination under Sections 8.1 or 8.2 above,
+ all end user license agreements (excluding distributors and resellers)
+ which have been validly granted by You or any distributor hereunder
+ prior to termination shall survive termination.
+ .
+ 9. LIMITATION OF LIABILITY.
+ .
+ UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER TORT
+ (INCLUDING NEGLIGENCE), CONTRACT, OR OTHERWISE, SHALL YOU, THE INITIAL
+ DEVELOPER, ANY OTHER CONTRIBUTOR, OR ANY DISTRIBUTOR OF COVERED CODE,
+ OR ANY SUPPLIER OF ANY OF SUCH PARTIES, BE LIABLE TO ANY PERSON FOR
+ ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY
+ CHARACTER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL,
+ WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER
+ COMMERCIAL DAMAGES OR LOSSES, EVEN IF SUCH PARTY SHALL HAVE BEEN
+ INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION OF
+ LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL INJURY
+ RESULTING FROM SUCH PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW
+ PROHIBITS SUCH LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE
+ EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO
+ THIS EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU.
+ .
+ 10. U.S. GOVERNMENT END USERS.
+ .
+ The Covered Code is a "commercial item," as that term is defined in
+ 48 C.F.R. 2.101 (Oct. 1995), consisting of "commercial computer
+ software" and "commercial computer software documentation," as such
+ terms are used in 48 C.F.R. 12.212 (Sept. 1995). Consistent with 48
+ C.F.R. 12.212 and 48 C.F.R. 227.7202-1 through 227.7202-4 (June 1995),
+ all U.S. Government End Users acquire Covered Code with only those
+ rights set forth herein.
+ .
+ 11. MISCELLANEOUS.
+ .
+ This License represents the complete agreement concerning subject
+ matter hereof. If any provision of this License is held to be
+ unenforceable, such provision shall be reformed only to the extent
+ necessary to make it enforceable. This License shall be governed by
+ California law provisions (except to the extent applicable law, if
+ any, provides otherwise), excluding its conflict-of-law provisions.
+ With respect to disputes in which at least one party is a citizen of,
+ or an entity chartered or registered to do business in the United
+ States of America, any litigation relating to this License shall be
+ subject to the jurisdiction of the Federal Courts of the Northern
+ District of California, with venue lying in Santa Clara County,
+ California, with the losing party responsible for costs, including
+ without limitation, court costs and reasonable attorneys' fees and
+ expenses. The application of the United Nations Convention on
+ Contracts for the International Sale of Goods is expressly excluded.
+ Any law or regulation which provides that the language of a contract
+ shall be construed against the drafter shall not apply to this
+ License.
+ .
+ 12. RESPONSIBILITY FOR CLAIMS.
+ .
+ As between Initial Developer and the Contributors, each party is
+ responsible for claims and damages arising, directly or indirectly,
+ out of its utilization of rights under this License and You agree to
+ work with Initial Developer and Contributors to distribute such
+ responsibility on an equitable basis. Nothing herein is intended or
+ shall be deemed to constitute any admission of liability.
+ .
+ 13. MULTIPLE-LICENSED CODE.
+ .
+ Initial Developer may designate portions of the Covered Code as
+ "Multiple-Licensed". "Multiple-Licensed" means that the Initial
+ Developer permits you to utilize portions of the Covered Code under
+ Your choice of the NPL or the alternative licenses, if any, specified
+ by the Initial Developer in the file described in Exhibit A.
+ .
+ EXHIBIT A -Mozilla Public License.
+ .
+ ``The contents of this file are subject to the Mozilla Public License
+ Version 1.1 (the "License"); you may not use this file except in
+ compliance with the License. You may obtain a copy of the License at
+ http://www.mozilla.org/MPL/
+ .
+ Software distributed under the License is distributed on an "AS IS"
+ basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
+ License for the specific language governing rights and limitations
+ under the License.
+ .
+ The Original Code is ______________________________________.
+ .
+ The Initial Developer of the Original Code is ________________________.
+ Portions created by ______________________ are Copyright (C) ______
+ _______________________. All Rights Reserved.
+ .
+ Contributor(s): ______________________________________.
+ .
+ Alternatively, the contents of this file may be used under the terms
+ of the _____ license (the "[___] License"), in which case the
+ provisions of [______] License are applicable instead of those
+ above. If you wish to allow use of your version of this file only
+ under the terms of the [____] License and not to allow others to use
+ your version of this file under the MPL, indicate your decision by
+ deleting the provisions above and replace them with the notice and
+ other provisions required by the [___] License. If you do not delete
+ the provisions above, a recipient may use your version of this file
+ under either the MPL or the [___] License."
+ .
+ [NOTE: The text of this Exhibit A may differ slightly from the text of
+ the notices in the Source Code files of the Original Code. You should
+ use the text of this Exhibit A rather than the text found in the
+ Original Code Source Code for Your Modifications.]
--- /dev/null
+commit ffda694dd622b31277da07be76d3469fad86150f
+Author: William Brown <william@blackhats.net.au>
+Date: Wed Sep 28 10:46:21 2016 +1000
+
+ Ticket 48986 - 47808 triggers overflow in uiduniq.c
+
+ Bug Description: Certain configurations of uiduniq.c would cause an overflow
+ when running with Address Sanitiser
+
+ Fix Description: Increase the size of the allocation to tmp_config->attrs.
+
+ https://fedorahosted.org/389/ticket/48986
+
+ Author: nhosoi
+
+ Reviewed by: wibrown
+
+diff --git a/ldap/servers/plugins/uiduniq/uid.c b/ldap/servers/plugins/uiduniq/uid.c
+index d1d0162..2aba17a 100644
+--- a/ldap/servers/plugins/uiduniq/uid.c
++++ b/ldap/servers/plugins/uiduniq/uid.c
+@@ -302,7 +302,7 @@ uniqueness_entry_to_config(Slapi_PBlock *pb, Slapi_Entry *config_entry)
+ }
+
+ /* Store attrName in the config */
+- tmp_config->attrs = (const char **) slapi_ch_calloc(1, sizeof(char *));
++ tmp_config->attrs = (const char **) slapi_ch_calloc(2, sizeof(char *));
+ tmp_config->attrs[0] = slapi_ch_strdup(attrName);
+ argc--;
+ argv++; /* First argument was attribute name and remaining are subtrees */
+@@ -345,7 +345,7 @@ uniqueness_entry_to_config(Slapi_PBlock *pb, Slapi_Entry *config_entry)
+ * - requiredObjectClass
+ */
+ /* Store attrName in the config */
+- tmp_config->attrs = (const char **) slapi_ch_calloc(1, sizeof(char *));
++ tmp_config->attrs = (const char **) slapi_ch_calloc(2, sizeof(char *));
+ tmp_config->attrs[0] = slapi_ch_strdup(attrName);
+
+ /* There is no subtrees */
--- /dev/null
+Description: Fix build on kFreeBSD (and probably other BSD systems)
+ 1) ENODATA is no ISO C standard and is missing on BSD.
+ 2) The sysctl for the TCP keepalive interval is net.inet.tcp.keepintvl
+ on BSD.
+Author: Benjamin Drung <benjamin.drung@profitbricks.com>
+
+--- a/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c
++++ b/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c
+@@ -66,6 +66,10 @@ typedef struct _rdn_elem {
+
+ #define TMPID 0 /* Used for the fake ID */
+
++#ifndef ENODATA /* not defined on BSD systems */
++#define ENODATA ENOMSG
++#endif
++
+ /* RDN(s) which can be added even if no suffix exists in the entryrdn index */
+ const char *rdn_exceptions[] = {
+ "nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff",
+--- a/ldap/systools/idsktune.c
++++ b/ldap/systools/idsktune.c
+@@ -165,6 +165,11 @@ int mem_rec = 1024;
+ #define NAME_TCP_KEEPALIVE_INTERVAL "net.ipv4.tcp_keepalive_time"
+ #endif
+
++#if defined(IDDS_BSD_SYSCTL)
++#define NAME_TCP_SMALLEST_ANON_PORT "net.inet.ip.portrange.hifirst"
++#define NAME_TCP_KEEPALIVE_INTERVAL "net.inet.tcp.keepintvl"
++#endif
++
+ #if defined(__sun) || defined(__hpux) || defined(IDDS_LINUX_SYSCTL)
+
+ long ndd_tcp_conn_req_max_q = 0;
--- /dev/null
+--- a/wrappers/systemd-snmp.service.in
++++ b/wrappers/systemd-snmp.service.in
+@@ -5,7 +5,7 @@
+ # systemctl (re)start dirsrv-snmp.service
+ [Unit]
+ Description=@capbrand@ Directory Server SNMP Subagent.
+-After=syslog.target network.target
++After=network.target
+
+ [Service]
+ Type=forking
+--- a/wrappers/systemd.group.in
++++ b/wrappers/systemd.group.in
+@@ -1,6 +1,6 @@
+ [Unit]
+ Description=@capbrand@ Directory Server
+-After=chronyd.service ntpd.service network-online.target syslog.target
++After=chronyd.service ntpd.service network-online.target
+
+ [Install]
+ WantedBy=multi-user.target
--- /dev/null
+--- a/ldap/servers/slapd/ldaputil.c
++++ b/ldap/servers/slapd/ldaputil.c
+@@ -980,10 +980,10 @@ ldaputil_get_saslpath()
+ if (PR_SUCCESS != PR_Access(saslpath, PR_ACCESS_EXISTS)) {
+ #ifdef CPU_arm
+ /* the 64-bit ARMv8 architecture. */
+- saslpath = "/usr/lib/aarch64-linux-gnu";
++ saslpath = "/usr/lib/aarch64-linux-gnu/sasl2";
+ #else
+ /* Try x86_64 gnu triplet */
+- saslpath = "/usr/lib/x86_64-linux-gnu";
++ saslpath = "/usr/lib/x86_64-linux-gnu/sasl2";
+ #endif
+ }
+ #else
+@@ -991,14 +991,14 @@ ldaputil_get_saslpath()
+ if (PR_SUCCESS != PR_Access(saslpath, PR_ACCESS_EXISTS)) {
+ #ifdef CPU_arm
+ /* the latest 32 bit ARM architecture using the hard-float version of EABI. */
+- saslpath = "/usr/lib/arm-linux-gnueabihf";
++ saslpath = "/usr/lib/arm-linux-gnueabihf/sasl2";
+ if (PR_SUCCESS != PR_Access(saslpath, PR_ACCESS_EXISTS)) {
+ /* the 32 bit ARM architecture of EABI. */
+- saslpath = "/usr/lib/arm-linux-gnueabi";
++ saslpath = "/usr/lib/arm-linux-gnueabi/sasl2";
+ }
+ #else
+ /* Try i386 gnu triplet */
+- saslpath = "/usr/lib/i386-linux-gnu";
++ saslpath = "/usr/lib/i386-linux-gnu/sasl2";
+ #endif
+ }
+ #endif
--- /dev/null
+Description: Fix the path to systemctl binary
+Author: Timo Aaltonen <tjaalton@debian.org>
+
+--- a/ldap/admin/src/scripts/start-dirsrv.in
++++ b/ldap/admin/src/scripts/start-dirsrv.in
+@@ -55,7 +55,7 @@ start_instance() {
+ # otherwise start the instance the old way.
+ #
+ if [ -d "@systemdsystemunitdir@" ] && [ $(id -u) -eq 0 ];then
+- @bindir@/systemctl start @package_name@@$SERV_ID.service
++ /bin/systemctl start @package_name@@$SERV_ID.service
+ if [ $? -ne 0 ]; then
+ return 1
+ fi
+--- a/ldap/admin/src/scripts/stop-dirsrv.in
++++ b/ldap/admin/src/scripts/stop-dirsrv.in
+@@ -43,12 +43,12 @@ stop_instance() {
+ #
+ # Now, check if systemctl is aware of this running instance
+ #
+- @bindir@/systemctl is-active @package_name@@$SERV_ID.service > /dev/null 2>&1
++ /bin/systemctl is-active @package_name@@$SERV_ID.service > /dev/null 2>&1
+ if [ $? -eq 0 ]; then
+ #
+ # systemctl sees the running process, so stop it correctly
+ #
+- @bindir@/systemctl stop @package_name@@$SERV_ID.service
++ /bin/systemctl stop @package_name@@$SERV_ID.service
+ else
+ #
+ # Have to kill it since systemctl doesn't think it's running
--- /dev/null
+diff --git a/Makefile.am b/Makefile.am
+index d54a2cc..f885eea 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -1059,9 +1059,6 @@ libslapd_la_SOURCES = ldap/servers/slapd/add.c \
+ $(libavl_a_SOURCES)
+
+ libslapd_la_CPPFLAGS = $(PLUGIN_CPPFLAGS) @sasl_inc@ @db_inc@ @svrcore_inc@ @kerberos_inc@ @pcre_inc@
+-if SPARC
+-libslapd_la_SOURCES += ldap/servers/slapd/slapi_counter_sunos_sparcv9.S
+-endif
+ libslapd_la_LIBADD = $(LDAPSDK_LINK) $(SASL_LINK) $(NUNC_STANS_LINK) $(SVRCORE_LINK) $(NSS_LINK) $(NSPR_LINK) $(KERBEROS_LINK) $(PCRE_LINK) $(THREADLIB) $(SYSTEMD_LINK)
+
+
+diff --git a/configure.ac b/configure.ac
+index 846e3b4..9b6377a 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -519,11 +519,14 @@ case $host in
+ case $host in
+ i*86-*-linux*)
+ AC_DEFINE([CPU_x86], [], [cpu type x86])
+- AC_DEFINE([ATOMIC_64BIT_OPERATIONS], [1], [enabling atomic counter])
+ ;;
+ x86_64-*-linux*)
+- AC_DEFINE([CPU_x86_64], [], [cpu type x86_64])
+- AC_DEFINE([ATOMIC_64BIT_OPERATIONS], [1], [enabling atomic counter])
++ AC_DEFINE([CPU_x86_64], [1], [cpu type x86_64])
++
++ # This turns on and off LFDS inside of libsds
++ # wibrown -- 2017-02-21 disabled temporarily
++ # with_atomic_queue="yes"
++ # AC_DEFINE([ATOMIC_QUEUE_OPERATIONS], [1], [enabling atomic queue operations])
+ ;;
+ aarch64-*-linux*)
+ AC_DEFINE([CPU_arm], [], [cpu type arm])
+@@ -532,16 +535,6 @@ case $host in
+ AC_DEFINE([CPU_arm], [], [cpu type arm])
+ ;;
+ esac
+- AC_MSG_CHECKING([for GCC provided 64-bit atomic bool cas function ...])
+- AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
+- [[long long ptrval = 0, val = 0, newval = 1; (void)__sync_bool_compare_and_swap_8(&ptrval, val, newval);]])],
+- [AC_DEFINE([HAVE_64BIT_ATOMIC_CAS_FUNC], [1], [have 64-bit atomic bool compare and swap function provided by gcc])AC_MSG_RESULT([yes])],
+- [AC_MSG_RESULT([no])])
+- AC_MSG_CHECKING([for GCC provided 64-bit atomic ops functions ...])
+- AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
+- [[long long ptrval = 0, val = 0; (void)__sync_add_and_fetch_8(&ptrval, val);]])],
+- [AC_DEFINE([HAVE_64BIT_ATOMIC_OP_FUNCS], [1], [have 64-bit atomic operation functions provided by gcc])AC_MSG_RESULT([yes])],
+- [AC_MSG_RESULT([no])])
+ # some programs use the native thread library directly
+ THREADLIB=-lpthread
+ AC_SUBST([THREADLIB], [$THREADLIB])
+@@ -576,7 +569,6 @@ case $host in
+ AC_DEFINE([_POSIX_C_SOURCE], [199506L], [POSIX revision])
+ AC_DEFINE([_HPUX_SOURCE], [1], [Source namespace])
+ AC_DEFINE([_INCLUDE_STDC__SOURCE_199901], [1], [to pick up all of the printf format macros in inttypes.h])
+- AC_DEFINE([ATOMIC_64BIT_OPERATIONS], [1], [enabling atomic counter])
+ # assume 64 bit
+ initconfigdir="/$PACKAGE_NAME/config"
+ perlexec='/opt/perl_64/bin/perl'
+@@ -611,12 +603,11 @@ dnl Cstd and Crun are required to link any C++ related code
+ initdir='$(sysconfdir)/init.d'
+ case $host in
+ i?86-*-solaris2.1[[0-9]]*)
+-dnl I dont know why i386 need this explicit
++ dnl I dont know why i386 need this explicit
+ AC_DEFINE([HAVE_GETPEERUCRED], [1], [have getpeerucred])
+ ;;
+ sparc-*-solaris*)
+-dnl includes some assembler stuff in counter.o
+- AC_DEFINE([ATOMIC_64BIT_OPERATIONS], [1], [enabling atomic counter])
++ dnl includes some assembler stuff in counter.o
+ AC_DEFINE([CPU_sparc], [], [cpu type sparc])
+ TARGET='SPARC'
+ ;;
+@@ -627,6 +618,30 @@ dnl includes some assembler stuff in counter.o
+ ;;
+ esac
+
++AC_MSG_CHECKING([for GCC provided 64-bit atomic operations])
++AC_LINK_IFELSE([AC_LANG_PROGRAM([[
++ #include <inttypes.h>
++ ]],
++ [[
++ uint64_t t_counter = 0;
++ uint64_t t_oldval = 0;
++ uint64_t t_newval = 1;
++
++ __atomic_compare_exchange_8(&t_counter, &t_oldval, t_newval, 0, __ATOMIC_SEQ_CST, __ATOMIC_SEQ_CST);
++ __atomic_add_fetch_8(&t_counter, t_newval, __ATOMIC_SEQ_CST);
++ __atomic_sub_fetch_8(&t_counter, t_newval, __ATOMIC_SEQ_CST);
++ __atomic_load(&t_counter, &t_oldval, __ATOMIC_SEQ_CST);
++ return 0;
++ ]])],
++ [
++ AC_DEFINE([ATOMIC_64BIT_OPERATIONS], [1], [have 64-bit atomic operation functions provided by gcc])
++ AC_MSG_RESULT([yes])
++ ],
++ [
++ AC_MSG_RESULT([no])
++ ]
++)
++
+ # cmd line overrides default setting above
+ if test -n "$with_initddir" ; then
+ initdir="$with_initddir"
+diff --git a/ldap/servers/slapd/slapi_counter.c b/ldap/servers/slapd/slapi_counter.c
+index d0696eb..9904fe9 100644
+--- a/ldap/servers/slapd/slapi_counter.c
++++ b/ldap/servers/slapd/slapi_counter.c
+@@ -12,17 +12,22 @@
+
+ #include "slap.h"
+
++#ifndef ATOMIC_64BIT_OPERATIONS
++#include <pthread.h>
++#endif
++
+ #ifdef HPUX
+-#ifdef ATOMIC_64BIT_OPERATIONS
+ #include <machine/sys/inline.h>
+ #endif
+-#endif
+
+ /*
+ * Counter Structure
+ */
+ typedef struct slapi_counter {
+ uint64_t value;
++#ifndef ATOMIC_64BIT_OPERATIONS
++ pthread_mutex_t _lock;
++#endif
+ } slapi_counter;
+
+ /*
+@@ -53,6 +58,9 @@ void slapi_counter_init(Slapi_Counter *counter)
+ if (counter != NULL) {
+ /* Set the value to 0. */
+ slapi_counter_set_value(counter, 0);
++#ifndef ATOMIC_64BIT_OPERATIONS
++ pthread_mutex_init(&(counter->_lock), NULL);
++#endif
+ }
+ }
+
+@@ -65,6 +73,9 @@ void slapi_counter_init(Slapi_Counter *counter)
+ void slapi_counter_destroy(Slapi_Counter **counter)
+ {
+ if ((counter != NULL) && (*counter != NULL)) {
++#ifndef ATOMIC_64BIT_OPERATIONS
++ pthread_mutex_destroy(&((*counter)->_lock));
++#endif
+ slapi_ch_free((void **)counter);
+ }
+ }
+@@ -99,17 +110,15 @@ uint64_t slapi_counter_decrement(Slapi_Counter *counter)
+ uint64_t slapi_counter_add(Slapi_Counter *counter, uint64_t addvalue)
+ {
+ uint64_t newvalue = 0;
+-#ifdef HPUX
+- uint64_t prev = 0;
+-#endif
+
+ if (counter == NULL) {
+ return newvalue;
+ }
+-
+-#ifndef HPUX
++#ifdef ATOMIC_64BIT_OPERATIONS
+ newvalue = __atomic_add_fetch_8(&(counter->value), addvalue, __ATOMIC_SEQ_CST);
+ #else
++#ifdef HPUX
++ uint64_t prev = 0;
+ /* fetchadd only works with values of 1, 4, 8, and 16. In addition, it requires
+ * it's argument to be an integer constant. */
+ if (addvalue == 1) {
+@@ -133,6 +142,12 @@ uint64_t slapi_counter_add(Slapi_Counter *counter, uint64_t addvalue)
+ _Asm_mov_to_ar(_AREG_CCV, prev);
+ } while (prev != _Asm_cmpxchg(_FASZ_D, _SEM_ACQ, &(counter->value), newvalue, _LDHINT_NONE));
+ }
++#else
++ pthread_mutex_lock(&(counter->_lock));
++ counter->value += addvalue;
++ newvalue = counter->value;
++ pthread_mutex_unlock(&(counter->_lock));
++#endif
+ #endif
+
+ return newvalue;
+@@ -147,17 +162,16 @@ uint64_t slapi_counter_add(Slapi_Counter *counter, uint64_t addvalue)
+ uint64_t slapi_counter_subtract(Slapi_Counter *counter, uint64_t subvalue)
+ {
+ uint64_t newvalue = 0;
+-#ifdef HPUX
+- uint64_t prev = 0;
+-#endif
+
+ if (counter == NULL) {
+ return newvalue;
+ }
+
+-#ifndef HPUX
++#ifdef ATOMIC_64BIT_OPERATIONS
+ newvalue = __atomic_sub_fetch_8(&(counter->value), subvalue, __ATOMIC_SEQ_CST);
+ #else
++#ifdef HPUX
++ uint64_t prev = 0;
+ /* fetchadd only works with values of -1, -4, -8, and -16. In addition, it requires
+ * it's argument to be an integer constant. */
+ if (subvalue == 1) {
+@@ -181,6 +195,12 @@ uint64_t slapi_counter_subtract(Slapi_Counter *counter, uint64_t subvalue)
+ _Asm_mov_to_ar(_AREG_CCV, prev);
+ } while (prev != _Asm_cmpxchg(_FASZ_D, _SEM_ACQ, &(counter->value), newvalue, _LDHINT_NONE));
+ }
++#else
++ pthread_mutex_lock(&(counter->_lock));
++ counter->value -= subvalue;
++ newvalue = counter->value;
++ pthread_mutex_unlock(&(counter->_lock));
++#endif
+ #endif
+
+ return newvalue;
+@@ -199,58 +219,22 @@ uint64_t slapi_counter_set_value(Slapi_Counter *counter, uint64_t newvalue)
+ return value;
+ }
+
+-#ifndef HPUX
+-/* Use our own inline assembly for an atomic set if
+- * the builtins aren't available. */
+-#if !HAVE_64BIT_ATOMIC_CAS_FUNC
+- /*
+- * %0 = counter->value
+- * %1 = newvalue
+- */
+- __asm__ __volatile__(
+-#ifdef CPU_x86
+- /* Save the PIC register */
+- " pushl %%ebx;"
+-#endif /* CPU_x86 */
+- /* Put value of counter->value in EDX:EAX */
+- "retryset: movl %0, %%eax;"
+- " movl 4%0, %%edx;"
+- /* Put newval in ECX:EBX */
+- " movl %1, %%ebx;"
+- " movl 4+%1, %%ecx;"
+- /* If EDX:EAX and counter-> are the same,
+- * replace *ptr with ECX:EBX */
+- " lock; cmpxchg8b %0;"
+- " jnz retryset;"
+-#ifdef CPU_x86
+- /* Restore the PIC register */
+- " popl %%ebx"
+-#endif /* CPU_x86 */
+- : "+o" (counter->value)
+- : "m" (newvalue)
+-#ifdef CPU_x86
+- : "memory", "eax", "ecx", "edx", "cc");
+-#else
+- : "memory", "eax", "ebx", "ecx", "edx", "cc");
+-#endif
+-
+- return newvalue;
+-#else /* HAVE_64BIT_ATOMIC_CAS_FUNC */
+- while (1) {
+- value = __atomic_load_8(&(counter->value), __ATOMIC_SEQ_CST);
+- if (__atomic_compare_exchange_8(&(counter->value), &value, newvalue, PR_FALSE, __ATOMIC_SEQ_CST, __ATOMIC_SEQ_CST)){
+- return newvalue;
+- }
+- }
+-#endif
++#ifdef ATOMIC_64BIT_OPERATIONS
++ __atomic_store_8(&(counter->value), newvalue, __ATOMIC_SEQ_CST);
+ #else /* HPUX */
++#ifdef HPUX
+ do {
+ value = counter->value;
+ /* Put value in a register for cmpxchg to compare against */
+ _Asm_mov_to_ar(_AREG_CCV, value);
+ } while (value != _Asm_cmpxchg(_FASZ_D, _SEM_ACQ, &(counter->value), newvalue, _LDHINT_NONE));
+- return newvalue;
++#else
++ pthread_mutex_lock(&(counter->_lock));
++ counter->value = newvalue;
++ pthread_mutex_unlock(&(counter->_lock));
++#endif
+ #endif
++ return newvalue;
+ }
+
+ /*
+@@ -266,57 +250,20 @@ uint64_t slapi_counter_get_value(Slapi_Counter *counter)
+ return value;
+ }
+
+-#ifndef HPUX
+-/* Use our own inline assembly for an atomic get if
+- * the builtins aren't available. */
+-#if !HAVE_64BIT_ATOMIC_CAS_FUNC
+- /*
+- * %0 = counter->value
+- * %1 = value
+- */
+- __asm__ __volatile__(
+-#ifdef CPU_x86
+- /* Save the PIC register */
+- " pushl %%ebx;"
+-#endif /* CPU_x86 */
+- /* Put value of counter->value in EDX:EAX */
+- "retryget: movl %0, %%eax;"
+- " movl 4%0, %%edx;"
+- /* Copy EDX:EAX to ECX:EBX */
+- " movl %%eax, %%ebx;"
+- " movl %%edx, %%ecx;"
+- /* If EDX:EAX and counter->value are the same,
+- * replace *ptr with ECX:EBX */
+- " lock; cmpxchg8b %0;"
+- " jnz retryget;"
+- /* Put retrieved value into value */
+- " movl %%ebx, %1;"
+- " movl %%ecx, 4%1;"
+-#ifdef CPU_x86
+- /* Restore the PIC register */
+- " popl %%ebx"
+-#endif /* CPU_x86 */
+- : "+o" (counter->value), "=m" (value)
+- :
+-#ifdef CPU_x86
+- : "memory", "eax", "ecx", "edx", "cc");
+-#else
+- : "memory", "eax", "ebx", "ecx", "edx", "cc");
+-#endif
+-#else /* HAVE_64BIT_ATOMIC_CAS_FUNC */
+- while (1) {
+- value = __atomic_load_8(&(counter->value), __ATOMIC_SEQ_CST);
+- if (__atomic_compare_exchange_8(&(counter->value), &value, value, PR_FALSE, __ATOMIC_SEQ_CST, __ATOMIC_SEQ_CST)){
+- break;
+- }
+- }
+-#endif
++#ifdef ATOMIC_64BIT_OPERATIONS
++ value = __atomic_load_8(&(counter->value), __ATOMIC_SEQ_CST);
+ #else /* HPUX */
++#ifdef HPUX
+ do {
+ value = counter->value;
+ /* Put value in a register for cmpxchg to compare against */
+ _Asm_mov_to_ar(_AREG_CCV, value);
+ } while (value != _Asm_cmpxchg(_FASZ_D, _SEM_ACQ, &(counter->value), value, _LDHINT_NONE));
++#else
++ pthread_mutex_lock(&(counter->_lock));
++ value = counter->value;
++ pthread_mutex_unlock(&(counter->_lock));
++#endif
+ #endif
+
+ return value;
+diff --git a/ldap/servers/slapd/slapi_counter_sunos_sparcv9.S b/ldap/servers/slapd/slapi_counter_sunos_sparcv9.S
+deleted file mode 100644
+index e582c2a..0000000
+--- a/ldap/servers/slapd/slapi_counter_sunos_sparcv9.S
++++ /dev/null
+@@ -1,105 +0,0 @@
+-! BEGIN COPYRIGHT BLOCK
+-! The Original Code is the Netscape Portable Runtime (NSPR).
+-!
+-! The Initial Developer of the Original Code is
+-! Netscape Communications Corporation.
+-! Portions created by the Initial Developer are Copyright (C) 1998-2000
+-! the Initial Developer. All Rights Reserved.
+-!
+-! The original code has been modified to support 64-bit atomic increments by
+-! Red Hat, Inc. These portions are Copyright (C) 2008 Red Hat, Inc. All Rights
+-! reserved.
+-!
+-! License: GPL (version 3 or any later version).
+-! See LICENSE for details.
+-! END COPYRIGHT BLOCK
+-!
+-
+-#define _ASM 1 /* force to set an assembler code macro _ASM */
+-#include <sys/asm_linkage.h>
+-
+-! ======================================================================
+-!
+-! Perform the sequence a = b atomically with respect to other
+-! fetch-and-stores to location a in a wait-free fashion.
+-!
+-! usage : old_val = PR_AtomicSet(address, newval)
+-!
+-! -----------------------
+-! Note on REGISTER USAGE:
+-! as this is a LEAF procedure, a new stack frame is not created;
+-! we use the caller's stack frame so what would normally be %i (input)
+-! registers are actually %o (output registers). Also, we must not
+-! overwrite the contents of %l (local) registers as they are not
+-! assumed to be volatile during calls.
+-! -----------------------
+-
+- ENTRY(_sparcv9_AtomicSet) ! standard assembler/ELF prologue
+-
+-retryAS:
+- ldx [%o0], %o2 ! set o2 to the current value
+- mov %o1, %o3 ! set up the new value
+- casx [%o0], %o2, %o3 ! atomically set if o0 hasn't changed
+- cmp %o2, %o3 ! see if we set the value
+- bne retryAS ! if not, try again
+- nop ! empty out the branch pipeline
+- retl ! return back to the caller
+- mov %o3, %o0 ! set the return code to the prev value
+-
+- SET_SIZE(_sparcv9_AtomicSet) ! standard assembler/ELF epilogue
+-
+-!
+-! end
+-!
+-! ======================================================================
+-!
+-! Perform the sequence a = a + b atomically with respect to other
+-! fetch-and-adds to location a in a wait-free fashion.
+-!
+-! usage : newval = PR_AtomicAdd(address, val)
+-! return: the value after addition
+-!
+- ENTRY(_sparcv9_AtomicAdd) ! standard assembler/ELF prologue
+-
+-retryAA:
+- ldx [%o0], %o2 ! set o2 to the current value
+- addx %o2, %o1, %o3 ! calc the new value
+- mov %o3, %o4 ! save the return value
+- casx [%o0], %o2, %o3 ! atomically set if o0 hasn't changed
+- cmp %o2, %o3 ! see if we set the value
+- bne retryAA ! if not, try again
+- nop ! empty out the branch pipeline
+- retl ! return back to the caller
+- mov %o4, %o0 ! set the return code to the new value
+-
+- SET_SIZE(_sparcv9_AtomicAdd) ! standard assembler/ELF epilogue
+-
+-!
+-! end
+-!
+-! ======================================================================
+-!
+-! Perform the sequence a = a - b atomically with respect to other
+-! fetch-and-subs to location a in a wait-free fashion.
+-!
+-! usage : newval = PR_AtomicSub(address, val)
+-! return: the value after addition
+-!
+- ENTRY(_sparcv9_AtomicSub) ! standard assembler/ELF prologue
+-
+-retryAU:
+- ldx [%o0], %o2 ! set o2 to the current value
+- subx %o2, %o1, %o3 ! calc the new value
+- mov %o3, %o4 ! save the return value
+- casx [%o0], %o2, %o3 ! atomically set if o0 hasn't changed
+- cmp %o2, %o3 ! see if we set the value
+- bne retryAU ! if not, try again
+- nop ! empty out the branch pipeline
+- retl ! return back to the caller
+- mov %o4, %o0 ! set the return code to the new value
+-
+- SET_SIZE(_sparcv9_AtomicSub) ! standard assembler/ELF epilogue
+-
+-!
+-! end
+-!
+diff --git a/test/libslapd/counters/atomic.c b/test/libslapd/counters/atomic.c
+new file mode 100644
+index 0000000..72fad88
+--- /dev/null
++++ b/test/libslapd/counters/atomic.c
+@@ -0,0 +1,69 @@
++/** BEGIN COPYRIGHT BLOCK
++ * Copyright (C) 2017 Red Hat, Inc.
++ * All rights reserved.
++ *
++ * License: GPL (version 3 or any later version).
++ * See LICENSE for details.
++ * END COPYRIGHT BLOCK **/
++
++#include "../../test_slapd.h"
++
++void
++test_libslapd_counters_atomic_usage(void **state __attribute__((unused))) {
++ Slapi_Counter *tc = slapi_counter_new();
++
++ uint64_t value = 0;
++ /* Check that it starts as 0 */
++ value = slapi_counter_get_value(tc);
++ assert_true(value == 0);
++ /* Increment */
++ slapi_counter_increment(tc);
++ value = slapi_counter_get_value(tc);
++ assert_true(value == 1);
++ /* add */
++ slapi_counter_add(tc, 100);
++ value = slapi_counter_get_value(tc);
++ assert_true(value == 101);
++ /* set */
++ slapi_counter_set_value(tc, 200);
++ value = slapi_counter_get_value(tc);
++ assert_true(value == 200);
++ /* dec */
++ slapi_counter_decrement(tc);
++ value = slapi_counter_get_value(tc);
++ assert_true(value == 199);
++ /* sub */
++ slapi_counter_subtract(tc, 99);
++ value = slapi_counter_get_value(tc);
++ assert_true(value == 100);
++ /* init */
++ slapi_counter_init(tc);
++ value = slapi_counter_get_value(tc);
++ assert_true(value == 0);
++
++
++ slapi_counter_destroy(&tc);
++
++ /* We could attempt a more complex thread test later? */
++
++}
++
++void
++test_libslapd_counters_atomic_overflow(void **state __attribute__((unused))) {
++ Slapi_Counter *tc = slapi_counter_new();
++ /* This is intmax ... */
++ uint32_t value_32 = 0xFFFFFFFF;
++ uint64_t value = 0;
++
++ slapi_counter_set_value(tc, (uint64_t)value_32);
++ value = slapi_counter_get_value(tc);
++ assert_true(value == (uint64_t)value_32);
++
++ slapi_counter_increment(tc);
++ value = slapi_counter_get_value(tc);
++ assert_true(value != 0);
++ assert_true(value > (uint64_t)value_32);
++
++ slapi_counter_destroy(&tc);
++}
++
--- /dev/null
+Description: Fix autoconf macro to detect svrcore properly
+ configure bails out with a linking error against libsoftokn, which is according
+ #473275 the correct behaviour. The patch modifies the m4 file to do not link
+ against this lib.
+Author: Tobias Frost <tobi@coldtobi.de>
+Forwarded: no
+Last-Update: 2014-04-25
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/m4/svrcore.m4
++++ b/m4/svrcore.m4
+@@ -84,7 +84,7 @@ fi
+ if test -z "$svrcore_inc" -o -z "$svrcore_lib"; then
+ dnl just see if SVRCORE is already a system library
+ AC_CHECK_LIB([svrcore], [SVRCORE_GetRegisteredPinObj], [havesvrcore=1],
+- [], [$nss_inc $nspr_inc $nss_lib -lnss3 -lsoftokn3 $nspr_lib -lplds4 -lplc4 -lnspr4])
++ [], [$nss_inc $nspr_inc $nss_lib -lnss3 $nspr_lib -lplds4 -lplc4 -lnspr4])
+ if test -n "$havesvrcore" ; then
+ dnl just see if SVRCORE is already a system header file
+ save_cppflags="$CPPFLAGS"
--- /dev/null
+--- a/ldap/admin/src/scripts/template-bak2db.pl.in
++++ b/ldap/admin/src/scripts/template-bak2db.pl.in
+@@ -23,6 +23,6 @@ while ($i <= $#ARGV) {
+ $i++;
+ }
+
+-exec "{{SERVERBIN-DIR}}/bak2db.pl @wrapperArgs -Z {{SERV-ID}}";
++exec "{{SERVERBIN-DIR}}/bak2db-online @wrapperArgs -Z {{SERV-ID}}";
+
+ exit ($?);
+--- a/ldap/admin/src/scripts/template-db2bak.pl.in
++++ b/ldap/admin/src/scripts/template-db2bak.pl.in
+@@ -23,7 +23,7 @@ while ($i <= $#ARGV) {
+ $i++;
+ }
+
+-exec "{{SERVERBIN-DIR}}/db2bak.pl @wrapperArgs -Z {{SERV-ID}}";
++exec "{{SERVERBIN-DIR}}/db2bak-online @wrapperArgs -Z {{SERV-ID}}";
+
+ exit ($?);
+
+--- a/ldap/admin/src/scripts/template-db2index.pl.in
++++ b/ldap/admin/src/scripts/template-db2index.pl.in
+@@ -23,6 +23,6 @@ while ($i <= $#ARGV) {
+ $i++;
+ }
+
+-exec "{{SERVERBIN-DIR}}/db2index.pl @wrapperArgs -Z {{SERV-ID}}";
++exec "{{SERVERBIN-DIR}}/db2index-online @wrapperArgs -Z {{SERV-ID}}";
+
+ exit ($?);
+--- a/ldap/admin/src/scripts/template-db2ldif.pl.in
++++ b/ldap/admin/src/scripts/template-db2ldif.pl.in
+@@ -26,6 +26,6 @@ while ($i <= $#ARGV) {
+
+ $cwd = cwd();
+
+-exec "{{SERVERBIN-DIR}}/db2ldif.pl -c $cwd @wrapperArgs -Z {{SERV-ID}}";
++exec "{{SERVERBIN-DIR}}/db2ldif-online -c $cwd @wrapperArgs -Z {{SERV-ID}}";
+
+ exit ($?);
+--- a/ldap/admin/src/scripts/template-ldif2db.pl.in
++++ b/ldap/admin/src/scripts/template-ldif2db.pl.in
+@@ -23,6 +23,6 @@ while ($i <= $#ARGV) {
+ $i++;
+ }
+
+-exec "{{SERVERBIN-DIR}}/ldif2db.pl @wrapperArgs -Z {{SERV-ID}}";
++exec "{{SERVERBIN-DIR}}/ldif2db-online @wrapperArgs -Z {{SERV-ID}}";
+
+ exit ($?);
--- /dev/null
+--- a/buildnum.pl
++++ b/buildnum.pl
+@@ -31,7 +31,7 @@ if ($opt_H) {exitHelp();}
+ $platdir = $opt_p;
+
+ # Get current time
+-@now = gmtime;
++@now = gmtime ($ENV{SOURCE_DATE_EPOCH} || time);
+
+ # Format buildnum as YYYY.DDD.HHMM
+ $year = $now[5] + 1900;
--- /dev/null
+use-bash-instead-of-sh.diff
+rename-online-scripts.diff
+ftbs_lsoftotkn3.diff
+fix-bsd.patch
+support-kfreebsd.patch
+fix-obsolete-target.diff
+fix-saslpath.diff
+reproducible-build.diff
+fix-systemctl-path.diff
+fix-48986-cve-2017-2591.diff
+fix-upstream-49245.diff
--- /dev/null
+Description: Add support for kFreeBSD
+ The configure script should check for available features of the host instead
+ of assuming that specific hosts (e.g. Linux) have specific features.
+ .
+ This patch hacks the configure script and various source files to behave
+ on kFreeBSD similar to Linux.
+Author: Benjamin Drung <benjamin.drung@profitbricks.com>
+
+--- a/configure.ac
++++ b/configure.ac
+@@ -544,6 +544,46 @@ case $host in
+ AC_SUBST([LIBCRYPT], [$LIBCRYPT])
+ AC_DEFINE([USE_POSIX_RWLOCKS], [1], [POSIX rwlocks])
+ ;;
++ *-*-kfreebsd*)
++ dnl Assume that BSD has the getpeereid() function.
++ dnl TODO: Check for the existance of the getpeereid() function!
++ AC_DEFINE([HAVE_GETPEEREID], [1], [have getpeereid])
++ dnl Check if we need to link against the bsd library for the getpeereid() function.
++ AC_SEARCH_LIBS([getpeereid], [bsd])
++ dnl Copied stuff from Linux section above
++ dnl TODO: Check for features instead of setting flags based on the host!
++ AC_DEFINE([XP_UNIX], [1], [UNIX])
++ AC_DEFINE([freebsd], [1], [freebsd])
++ AC_DEFINE([_GNU_SOURCE], [1], [GNU Source])
++ initdir='$(sysconfdir)/rc.d/init.d'
++ # do arch specific kfreebsd stuff here
++ case $host in
++ i*86-*-linux*)
++ AC_DEFINE([CPU_x86], [], [cpu type x86])
++ AC_DEFINE([ATOMIC_64BIT_OPERATIONS], [1], [enabling atomic counter])
++ ;;
++ x86_64-*-linux*)
++ AC_DEFINE([CPU_x86_64], [], [cpu type x86_64])
++ AC_DEFINE([ATOMIC_64BIT_OPERATIONS], [1], [enabling atomic counter])
++ ;;
++ esac
++ AC_MSG_CHECKING([for GCC provided 64-bit atomic bool cas function ...])
++ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
++ [[long long ptrval = 0, val = 0, newval = 1; (void)__sync_bool_compare_and_swap_8(&ptrval, val, newval);]])],
++ [AC_DEFINE([HAVE_64BIT_ATOMIC_CAS_FUNC], [1], [have 64-bit atomic bool compare and swap function provided by gcc])AC_MSG_RESULT([yes])],
++ [AC_MSG_RESULT([no])])
++ AC_MSG_CHECKING([for GCC provided 64-bit atomic ops functions ...])
++ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
++ [[long long ptrval = 0, val = 0; (void)__sync_add_and_fetch_8(&ptrval, val);]])],
++ [AC_DEFINE([HAVE_64BIT_ATOMIC_OP_FUNCS], [1], [have 64-bit atomic operation functions provided by gcc])AC_MSG_RESULT([yes])],
++ [AC_MSG_RESULT([no])])
++ # some programs use the native thread library directly
++ THREADLIB=-lpthread
++ AC_SUBST([THREADLIB], [$THREADLIB])
++ LIBCRYPT=-lcrypt
++ AC_SUBST([LIBCRYPT], [$LIBCRYPT])
++ AC_DEFINE([USE_POSIX_RWLOCKS], [1], [POSIX rwlocks])
++ ;;
+ ia64-hp-hpux*)
+ AC_DEFINE([hpux], [1], [HP-UX])
+ AC_DEFINE([HPUX], [1], [HP-UX])
+--- a/include/base/systems.h
++++ b/include/base/systems.h
+@@ -62,7 +62,7 @@
+ /* warning: mmap doesn't work under 9.04 */
+ #define SHMEM_MMAP_FLAGS MAP_FILE | MAP_VARIABLE | MAP_SHARED
+
+-#elif defined(Linux)
++#elif defined(Linux) || defined(freebsd)
+
+ #define ACCELERATOR_CACHE
+ #define DNS_CACHE
+--- a/include/public/base/systems.h
++++ b/include/public/base/systems.h
+@@ -56,7 +56,7 @@
+ #define SHMEM_UNIX_MMAP
+ #define ZERO(ptr,len) memset(ptr,0,len)
+
+-#elif defined(Linux)
++#elif defined(Linux) || defined(freebsd)
+
+ #define FILE_UNIX
+ #define FILE_UNIX_MMAP
+--- a/ldap/include/portable.h
++++ b/ldap/include/portable.h
+@@ -250,7 +250,7 @@ int strncasecmp(const char *, const char
+ defined(UNIXWARE) || defined(SUNOS4) || defined(SNI) || defined(BSDI) || \
+ defined(NCR) || defined(OSF1) || defined(NEC) || \
+ ( defined(HPUX10) && !defined(_REENTRANT)) || defined(HPUX11) || \
+- defined(UnixWare) || defined(LINUX2_0)
++ defined(UnixWare) || defined(LINUX2_0) || defined(freebsd)
+ #define GETHOSTBYNAME( n, r, b, l, e ) gethostbyname( n )
+ #elif defined(AIX)
+ #define GETHOSTBYNAME_BUF_T struct hostent_data
+@@ -288,7 +288,7 @@ typedef char GETHOSTBYADDR_buf_t [BUFSIZ
+ #elif defined( hpux10 )
+ #define CTIME( c, b, l ) nsldapi_compat_ctime_r( c, b, l )
+ #elif defined( IRIX ) || defined(UNIXWARE) || defined(LINUX) \
+- || defined(OSF1V4) || defined(AIX) || defined(UnixWare) || defined (HPUX11)
++ || defined(OSF1V4) || defined(AIX) || defined(UnixWare) || defined (HPUX11) || defined(freebsd)
+ #define CTIME( c, b, l ) ctime_r( c, b )
+ #elif defined( OSF1V3 )
+ #define CTIME( c, b, l ) (ctime_r( c, b, l ) ? NULL : b)
+@@ -297,7 +297,7 @@ typedef char GETHOSTBYADDR_buf_t [BUFSIZ
+ #endif
+ #if defined(hpux9) || defined(LINUX1_2) || defined(SUNOS4) || defined(SNI) || \
+ defined(SCOOS) || defined(BSDI) || defined(NCR) || \
+- defined(NEC) || defined(LINUX2_0)
++ defined(NEC) || defined(LINUX2_0) || defined(freebsd)
+ /* strtok() is not MT safe, but it is okay to call here because used in mmt_protocol.xs which
+ has been moved in the tetframewrok */
+ #define STRTOK( s1, s2, l ) strtok( s1, s2 )
+--- a/ldap/servers/slapd/daemon.c
++++ b/ldap/servers/slapd/daemon.c
+@@ -38,7 +38,7 @@
+ #endif /* NEED_FILIO */
+ /* for some reason, linux tty stuff defines CTIME */
+ #include <stdio.h>
+-#ifdef LINUX
++#if defined(LINUX) || defined(freebsd)
+ #undef CTIME
+ #include <sys/statfs.h>
+ #else
+@@ -442,7 +442,7 @@ disk_mon_get_dirs(char ***list, int logs
+ char *
+ disk_mon_check_diskspace(char **dirs, PRUint64 threshold, PRUint64 *disk_space)
+ {
+-#ifdef LINUX
++#if defined(LINUX) || defined(freebsd)
+ struct statfs buf;
+ #else
+ struct statvfs buf;
+@@ -455,7 +455,7 @@ disk_mon_check_diskspace(char **dirs, PR
+ int i = 0;
+
+ for(i = 0; dirs && dirs[i]; i++){
+-#ifndef LINUX
++#if !defined(LINUX) && !defined(freebsd)
+ if (statvfs(dirs[i], &buf) != -1)
+ #else
+ if (statfs(dirs[i], &buf) != -1)
+--- a/ldap/servers/slapd/tools/pwenc.c
++++ b/ldap/servers/slapd/tools/pwenc.c
+@@ -16,7 +16,7 @@
+ #include <sys/errno.h>
+ #include <sys/param.h>
+ #include <sys/types.h>
+-#if defined(LINUX) /* I bet other Unix would like
++#if defined(LINUX) || defined(freebsd) /* I bet other Unix would like
+ * this flag. But don't want to
+ * break other builds so far */
+ #include <unistd.h>
+--- a/ldap/systools/idsktune.c
++++ b/ldap/systools/idsktune.c
+@@ -16,6 +16,11 @@
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */
+ static char *build_date = "14-JULY-2016";
+
++#if defined(freebsd)
++#define IDDS_BSD_INCLUDE 1
++#define IDDS_BSD_SYSCTL 1
++#endif
++
+ #if defined(linux) || defined(__linux) || defined(__linux__)
+ #define IDDS_LINUX_INCLUDE 1
+ #define IDDS_LINUX_SYSCTL 1
+--- a/lib/base/dnsdmain.cpp
++++ b/lib/base/dnsdmain.cpp
+@@ -35,12 +35,12 @@ extern "C" {
+ #define _PATH_RESCONF "/etc/resolv.conf"
+
+ NSPR_BEGIN_EXTERN_C
+-#ifdef Linux
++#if defined Linux || defined(freebsd)
+ extern int getdomainname(char *, size_t);
+ #else
+ extern int getdomainname(char *, int);
+ #endif /* Linux */
+-#if defined(HPUX) || defined(Linux) || defined(SOLARIS_GCC)
++#if defined(HPUX) || defined(Linux) || defined(SOLARIS_GCC) || defined(freebsd)
+ extern int gethostname (char *name, size_t namelen);
+ #else
+ extern int gethostname (char *name, int namelen);
+--- a/lib/base/file.cpp
++++ b/lib/base/file.cpp
+@@ -213,7 +213,7 @@ NSAPI_PUBLIC int file_notfound(void)
+ return (errno == ENOENT);
+ }
+
+-#if !defined(LINUX)
++#if !defined(LINUX) && !defined(freebsd)
+ extern char *sys_errlist[];
+ #endif
+
--- /dev/null
+--- a/ldap/admin/src/scripts/bak2db.in
++++ b/ldap/admin/src/scripts/bak2db.in
+@@ -1,4 +1,4 @@
+-#!/bin/sh
++#!/bin/bash
+
+ . @datadir@/@package_name@/data/DSSharedLib
+
+--- a/ldap/admin/src/scripts/db2bak.in
++++ b/ldap/admin/src/scripts/db2bak.in
+@@ -1,4 +1,4 @@
+-#!/bin/sh
++#!/bin/bash
+
+ . @datadir@/@package_name@/data/DSSharedLib
+
+--- a/ldap/admin/src/scripts/db2index.in
++++ b/ldap/admin/src/scripts/db2index.in
+@@ -1,4 +1,4 @@
+-#!/bin/sh
++#!/bin/bash
+
+ . @datadir@/@package_name@/data/DSSharedLib
+
+--- a/ldap/admin/src/scripts/db2ldif.in
++++ b/ldap/admin/src/scripts/db2ldif.in
+@@ -1,4 +1,4 @@
+-#!/bin/sh
++#!/bin/bash
+
+ . @datadir@/@package_name@/data/DSSharedLib
+
+--- a/ldap/admin/src/scripts/dbverify.in
++++ b/ldap/admin/src/scripts/dbverify.in
+@@ -1,4 +1,4 @@
+-#!/bin/sh
++#!/bin/bash
+
+ . @datadir@/@package_name@/data/DSSharedLib
+
+--- a/ldap/admin/src/scripts/dn2rdn.in
++++ b/ldap/admin/src/scripts/dn2rdn.in
+@@ -1,4 +1,4 @@
+-#!/bin/sh
++#!/bin/bash
+
+ . @datadir@/@package_name@/data/DSSharedLib
+
+--- a/ldap/admin/src/scripts/ldif2db.in
++++ b/ldap/admin/src/scripts/ldif2db.in
+@@ -1,4 +1,4 @@
+-#!/bin/sh
++#!/bin/bash
+
+ . @datadir@/@package_name@/data/DSSharedLib
+
+--- a/ldap/admin/src/scripts/ldif2ldap.in
++++ b/ldap/admin/src/scripts/ldif2ldap.in
+@@ -1,4 +1,4 @@
+-#!/bin/sh
++#!/bin/bash
+
+ . @datadir@/@package_name@/data/DSSharedLib
+
+--- a/ldap/admin/src/scripts/monitor.in
++++ b/ldap/admin/src/scripts/monitor.in
+@@ -1,4 +1,4 @@
+-#!/bin/sh
++#!/bin/bash
+
+ . @datadir@/@package_name@/data/DSSharedLib
+
+--- a/ldap/admin/src/scripts/restart-dirsrv.in
++++ b/ldap/admin/src/scripts/restart-dirsrv.in
+@@ -1,4 +1,4 @@
+-#!/bin/sh
++#!/bin/bash
+
+ # Script that restarts the ns-slapd server.
+ # Exit status can be:
+--- a/ldap/admin/src/scripts/restoreconfig.in
++++ b/ldap/admin/src/scripts/restoreconfig.in
+@@ -1,4 +1,4 @@
+-#!/bin/sh
++#!/bin/bash
+
+ . @datadir@/@package_name@/data/DSSharedLib
+
+--- a/ldap/admin/src/scripts/saveconfig.in
++++ b/ldap/admin/src/scripts/saveconfig.in
+@@ -1,4 +1,4 @@
+-#!/bin/sh
++#!/bin/bash
+
+ . @datadir@/@package_name@/data/DSSharedLib
+
+--- a/ldap/admin/src/scripts/start-dirsrv.in
++++ b/ldap/admin/src/scripts/start-dirsrv.in
+@@ -1,4 +1,4 @@
+-#!/bin/sh
++#!/bin/bash
+
+ # Script that starts the ns-slapd server.
+ # Exit status can be:
+--- a/ldap/admin/src/scripts/stop-dirsrv.in
++++ b/ldap/admin/src/scripts/stop-dirsrv.in
+@@ -1,4 +1,4 @@
+-#!/bin/sh
++#!/bin/bash
+
+ # Script that stops the ns-slapd server.
+ # Exit status can be:
+--- a/ldap/admin/src/scripts/suffix2instance.in
++++ b/ldap/admin/src/scripts/suffix2instance.in
+@@ -1,4 +1,4 @@
+-#!/bin/sh
++#!/bin/bash
+
+ . @datadir@/@package_name@/data/DSSharedLib
+
+--- a/ldap/admin/src/scripts/upgradedb.in
++++ b/ldap/admin/src/scripts/upgradedb.in
+@@ -1,4 +1,4 @@
+-#!/bin/sh
++#!/bin/bash
+
+ . @datadir@/@package_name@/data/DSSharedLib
+
+--- a/ldap/admin/src/scripts/upgradednformat.in
++++ b/ldap/admin/src/scripts/upgradednformat.in
+@@ -1,4 +1,4 @@
+-#!/bin/sh
++#!/bin/bash
+
+ . @datadir@/@package_name@/data/DSSharedLib
+
+--- a/ldap/admin/src/scripts/vlvindex.in
++++ b/ldap/admin/src/scripts/vlvindex.in
+@@ -1,4 +1,4 @@
+-#!/bin/sh
++#!/bin/bash
+
+ . @datadir@/@package_name@/data/DSSharedLib
+
--- /dev/null
+#!/usr/bin/make -f
+# -*- makefile -*-
+
+export DEB_BUILD_MAINT_OPTIONS = hardening=+pie
+
+# Keep track of files we don't install
+NOT_INSTALLED :=
+
+REALFILE = \
+ bin/cl-dump.pl \
+ bin/dbgen.pl \
+ bin/ds-logpipe.py \
+ bin/logconv.pl \
+ bin/repl-monitor.pl \
+ sbin/migrate-ds.pl \
+ sbin/remove-ds.pl \
+ sbin/setup-ds.pl \
+ sbin/cleanallruv.pl \
+ sbin/fixup-linkedattrs.pl \
+ sbin/fixup-memberof.pl \
+ sbin/ns-accountstatus.pl \
+ sbin/ns-activate.pl \
+ sbin/ns-inactivate.pl \
+ sbin/ns-newpwpolicy.pl \
+ sbin/schema-reload.pl \
+ sbin/syntax-validate.pl \
+ sbin/usn-tombstone-cleanup.pl \
+ sbin/verify-db.pl \
+ share/man/man1/dbgen.pl.1 \
+ share/man/man1/ds-logpipe.py.1 \
+ share/man/man1/logconv.pl.1 \
+ share/man/man8/migrate-ds.pl.8 \
+ share/man/man8/setup-ds.pl.8 \
+ share/man/man8/remove-ds.pl.8
+
+# scripts for handling online servers
+REALFILE_ONLINE = \
+ sbin/bak2db.pl \
+ sbin/db2bak.pl \
+ sbin/db2index.pl \
+ sbin/db2ldif.pl \
+ sbin/ldif2db.pl \
+ share/man/man8/bak2db.pl.8 \
+ share/man/man8/db2bak.pl.8 \
+ share/man/man8/db2index.pl.8 \
+ share/man/man8/db2ldif.pl.8 \
+ share/man/man8/ldif2db.pl.8
+
+%:
+ dh $@ --parallel --with autoreconf,systemd --builddir build/
+
+override_dh_auto_configure:
+ dh_auto_configure -- \
+ --with-openldap \
+ --with-systemd \
+ --with-systemdsystemunitdir=/lib/systemd/system \
+ --with-systemdsystemconfdir=/etc/systemd/system \
+ --with-systemdgroupname=dirsrv.target \
+ --with-tmpfiles-d=/etc/tmpfiles.d \
+ --enable-autobind
+
+override_dh_auto_install:
+ dh_auto_install --max-parallel=1
+
+override_dh_install:
+ # lets do the renaming here afterall, instead of in 389-ds-base.install
+ for file in $(REALFILE); do mv -f $(CURDIR)/debian/tmp/usr/$$file \
+ $(CURDIR)/debian/tmp/usr/`echo $$file | \
+ sed -s 's/\.pl//;s/\.py//'`; \
+ done
+ # use -online suffix so that they won't overwrite the offline scripts
+ for file in $(REALFILE_ONLINE); do mv -f $(CURDIR)/debian/tmp/usr/$$file \
+ $(CURDIR)/debian/tmp/usr/`echo $$file | \
+ sed -s 's/\.pl/-online/'`; \
+ done
+ # purge .la files
+ find $(CURDIR)/debian/tmp -name "*.la" -type f -exec rm -f "{}" \;
+ # fix template script headers
+ find $(CURDIR)/debian/tmp/usr/share/dirsrv/script-templates/ -type f -exec perl -pi -e 's,#\{\{PERL-EXEC\}\},#!/usr/bin/perl,' "{}" \;
+
+ # Also get rid of other files which aren't installed. Do not
+ # use -f to ensure we notice disappearing files:
+ set -e; for file in $(NOT_INSTALLED); do rm debian/tmp/$$file; done
+
+ mkdir -p $(CURDIR)/debian/tmp/etc/systemd/system/dirsrv.target.wants
+
+ dh_install --fail-missing
+
+override_dh_systemd_enable:
+ dh_systemd_enable -p389-ds-base --no-enable dirsrv-snmp.service
+
+override_dh_shlibdeps:
+ dh_shlibdeps -l"debian/389-ds-base/usr/lib/$(DEB_HOST_MULTIARCH)/dirsrv" -a
--- /dev/null
+3.0 (quilt)
--- /dev/null
+Tests: setup
+Depends:
+ 389-ds-base,
+ python-lib389,
+Restrictions: needs-root
--- /dev/null
+#!/bin/sh
+
+# hack for lxc
+IP=`ip route get 1.1.1.1 | awk '{print $NF; exit}'`
+HOSTNAME=`cat /etc/hosts| grep '127.0.1.1' | awk '{print $NF; exit}'`
+echo "$IP $HOSTNAME.debci $HOSTNAME" >> /etc/hosts
+
+/usr/sbin/setup-ds --silent -- \
+ General.FullMachineName=$HOSTNAME.debci\
+ General.SuiteSpotUserID=dirsrv\
+ General.SuiteSpotGroup=dirsrv\
+ slapd.ServerPort=1389\
+ slapd.ServerIdentifier=debci\
+ slapd.Suffix=dc=example,dc=com\
+ slapd.RootDN="cn=Directory Manager"\
+ slapd.RootDNPwd=Secret123
+
--- /dev/null
+#git=https://pagure.io/389-ds-base.git
+version=3
+http://releases.pagure.org/389-ds-base/389-ds-base-(.*).tar.bz2
projects / 389-ds-base.git / commitdiff