From: Timo Aaltonen Date: Wed, 10 May 2017 06:25:03 +0000 (+0100) Subject: 389-ds-base (1.3.5.17-2) unstable; urgency=medium X-Git-Tag: archive/raspbian/1.4.0.19-3+rpi1~1^2^2~11 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=3ffd6cca17d33e25d466e12e7fef0fd36b59bd12;p=389-ds-base.git 389-ds-base (1.3.5.17-2) unstable; urgency=medium * fix-upstream-49245.diff: Pull commits from upstream 1.3.5.x, which remove rest of the asm code. (Closes: #862194) [dgit import unpatched 389-ds-base 1.3.5.17-2] --- 3ffd6cca17d33e25d466e12e7fef0fd36b59bd12 diff --cc debian/389-ds-base-dev.install index 0000000,0000000..447fc1b new file mode 100644 --- /dev/null +++ b/debian/389-ds-base-dev.install @@@ -1,0 -1,0 +1,3 @@@ ++usr/include/dirsrv/* ++usr/lib/*/dirsrv/libslapd.so ++usr/lib/*/pkgconfig/* diff --cc debian/389-ds-base-libs.install index 0000000,0000000..d13da2f new file mode 100644 --- /dev/null +++ b/debian/389-ds-base-libs.install @@@ -1,0 -1,0 +1,1 @@@ ++usr/lib/*/dirsrv/libslapd.so.* diff --cc debian/389-ds-base-libs.lintian-overrides index 0000000,0000000..b6702fb new file mode 100644 --- /dev/null +++ b/debian/389-ds-base-libs.lintian-overrides @@@ -1,0 -1,0 +1,3 @@@ ++# these are bogus warnings, no libs shipped in a public libdir ++postinst-has-useless-call-to-ldconfig ++postrm-has-useless-call-to-ldconfig diff --cc debian/389-ds-base.default index 0000000,0000000..14beb77 new file mode 100644 --- /dev/null +++ b/debian/389-ds-base.default @@@ -1,0 -1,0 +1,6 @@@ ++# Defaults for dirsrv ++# ++# This is a POSIX shell fragment ++ ++# Enable bindnow hardening ++LD_BIND_NOW=1 diff --cc debian/389-ds-base.dirs index 0000000,0000000..f12d71e new file mode 100644 --- /dev/null +++ b/debian/389-ds-base.dirs @@@ -1,0 -1,0 +1,2 @@@ ++var/log/dirsrv ++var/lib/dirsrv diff --cc debian/389-ds-base.install index 0000000,0000000..c001ad9 new file mode 100644 --- /dev/null +++ b/debian/389-ds-base.install @@@ -1,0 -1,0 +1,17 @@@ ++etc/default/dirsrv ++etc/default/dirsrv.systemd ++etc/dirsrv/config/ ++etc/dirsrv/schema/*.ldif ++etc/systemd/ ++lib/systemd/system/dirsrv-snmp.service ++lib/systemd/system/dirsrv.target ++lib/systemd/system/dirsrv@.service ++usr/bin/ ++usr/lib/*/dirsrv/libns-dshttpd.so* ++usr/lib/*/dirsrv/perl/ ++usr/lib/*/dirsrv/plugins/*.so ++usr/lib/*/dirsrv/python/ ++usr/sbin/ ++usr/share/dirsrv/ ++usr/share/man/man1/*.1 ++usr/share/man/man8/*.8 diff --cc debian/389-ds-base.links index 0000000,0000000..2f83bc6 new file mode 100644 --- /dev/null +++ b/debian/389-ds-base.links @@@ -1,0 -1,0 +1,1 @@@ ++/dev/null lib/systemd/system/dirsrv.service diff --cc debian/389-ds-base.lintian-overrides index 0000000,0000000..fbe0b92 new file mode 100644 --- /dev/null +++ b/debian/389-ds-base.lintian-overrides @@@ -1,0 -1,0 +1,4 @@@ ++# these are bogus warnings, no libs shipped in a public libdir ++unused-shlib-entry-in-control-file ++postinst-has-useless-call-to-ldconfig ++postrm-has-useless-call-to-ldconfig diff --cc debian/389-ds-base.postinst index 0000000,0000000..5aaf903 new file mode 100644 --- /dev/null +++ b/debian/389-ds-base.postinst @@@ -1,0 -1,0 +1,49 @@@ ++#!/bin/sh ++set -e ++ ++. /usr/share/debconf/confmodule ++ ++CONFIG_DIR=/etc/dirsrv ++OUT=/dev/null ++INSTANCES=`ls -d /etc/dirsrv/slapd-* 2>/dev/null | grep -v removed | sed 's/.*slapd-//'` ++ ++if [ "$1" = configure ]; then ++ # lets give them a user/group in all cases. ++ if ! getent passwd dirsrv > $OUT; then ++ adduser --quiet --system --home /var/lib/dirsrv \ ++ --disabled-password --group \ ++ --gecos "389 Directory Server user" \ ++ --no-create-home \ ++ dirsrv > $OUT ++ fi ++ ++ chown -R dirsrv:dirsrv /etc/dirsrv/ /var/log/dirsrv/ /var/lib/dirsrv/ > $OUT || true ++ chmod 750 /etc/dirsrv/ /var/log/dirsrv/ /var/lib/dirsrv/ > $OUT || true ++ ++ if [ -n "$2" ]; then ++ for inst in $INSTANCES; do ++ service dirsrv@$inst stop > $OUT 2>&1 ++ done ++ ++ setup-ds -l $OUT -u -s General.UpdateMode=offline > $OUT 2>&1 ++ ++ if [ $? = 0 ]; then ++ for inst in $INSTANCES; do ++ service dirsrv@$inst start > $OUT 2>&1 ++ done ++ fi ++ fi ++fi ++ ++invoke_failure() { ++ # invoke-rc.d failed, likely because no instance has been configured yet ++ # but exit with an error if an instance is configured and the invoke failed ++ if [ -z $INSTANCES ]; then ++ echo "... because no instance has been configured yet." ++ else ++ exit 1 ++ fi ++} ++ ++ ++#DEBHELPER# diff --cc debian/389-ds-base.postrm index 0000000,0000000..0a70e0e new file mode 100644 --- /dev/null +++ b/debian/389-ds-base.postrm @@@ -1,0 -1,0 +1,16 @@@ ++#!/bin/sh ++set -e ++ ++. /usr/share/debconf/confmodule ++ ++if [ "$1" = "purge" ]; then ++ if getent group dirsrv > /dev/null; then ++ deluser --system dirsrv || true ++ fi ++ rm -f /etc/systemd/system/dirsrv.target.wants/dirsrv@*.service ++ rm -rf /etc/dirsrv ++ rm -rf /var/lib/dirsrv ++ rm -rf /var/log/dirsrv ++fi ++ ++#DEBHELPER# diff --cc debian/389-ds-base.prerm index 0000000,0000000..3e1529b new file mode 100644 --- /dev/null +++ b/debian/389-ds-base.prerm @@@ -1,0 -1,0 +1,14 @@@ ++#!/bin/sh -e ++set -e ++ ++#DEBHELPER# ++ ++if [ "$1" = "purge" ]; then ++ # remove all installed instances ++ for FILE in `ls -d $CONFDIR/slapd-* 2>/dev/null | sed -n '/\.removed$/!$'` ++ do ++ if [ -d "$FILE" ] ; then ++ remove-ds -f -i $FILE ++ fi ++ done ++fi diff --cc debian/README.Debian index 0000000,0000000..eba838e new file mode 100644 --- /dev/null +++ b/debian/README.Debian @@@ -1,0 -1,0 +1,12 @@@ ++To complete the 389 Directory Server installation just run /usr/sbin/setup-ds. ++ ++If you experience problems accessing the Directory Server, check with ++"netstat -tapen |grep 389" and verify that the server is not listening only ++to ipv6 (check for ^tcp6). In such case you will need to tweak the cn=config ++DIT with something like the following: ++ ++dn: cn=config ++changetype: modify ++add: nsslapd-listenhost ++nsslapd-listenhost: ++ diff --cc debian/changelog index 0000000,0000000..19c5b85 new file mode 100644 --- /dev/null +++ b/debian/changelog @@@ -1,0 -1,0 +1,577 @@@ ++389-ds-base (1.3.5.17-2) unstable; urgency=medium ++ ++ * fix-upstream-49245.diff: Pull commits from upstream 1.3.5.x, which ++ remove rest of the asm code. (Closes: #862194) ++ ++ -- Timo Aaltonen Wed, 10 May 2017 09:25:03 +0300 ++ ++389-ds-base (1.3.5.17-1) unstable; urgency=medium ++ ++ * New upstream bugfix release. ++ - CVE-2017-2668 (Closes: #860125) ++ * watch: Updated. ++ ++ -- Timo Aaltonen Tue, 09 May 2017 11:06:14 +0300 ++ ++389-ds-base (1.3.5.15-2) unstable; urgency=medium ++ ++ * fix-48986-cve-2017-2591.diff: Fix upstream ticket 48986, ++ CVE-2017-2591. (Closes: #851769) ++ ++ -- Timo Aaltonen Fri, 27 Jan 2017 00:01:53 +0200 ++ ++389-ds-base (1.3.5.15-1) unstable; urgency=medium ++ ++ * New upstream release. ++ - CVE-2016-5405 (Closes: #842121) ++ ++ -- Timo Aaltonen Wed, 16 Nov 2016 11:01:00 +0200 ++ ++389-ds-base (1.3.5.14-1) unstable; urgency=medium ++ ++ * New upstream release. ++ * postrm: Remove /etc/dirsrv, /var/lib/dirsrv and /var/log/dirsrv on ++ purge. ++ * control: Bump build-dep on libsvrcore-dev to ensure it has support ++ for systemd password agent. ++ ++ -- Timo Aaltonen Fri, 28 Oct 2016 01:42:27 +0300 ++ ++389-ds-base (1.3.5.13-1) unstable; urgency=medium ++ ++ * New upstream release. ++ * control: Bump policy to 3.9.8, no changes. ++ * patches/default_user: Dropped, upstream. ++ * support-non-nss-libldap.diff: Dropped, upstream. ++ * fix-obsolete-target.diff: Updated. ++ * patches: Refreshed. ++ * control: Add libsystemd-dev to build-deps. ++ * control: Add acl to -base depends. ++ ++ -- Timo Aaltonen Wed, 12 Oct 2016 11:11:20 +0300 ++ ++389-ds-base (1.3.4.14-2) unstable; urgency=medium ++ ++ * tests: Add simple autopkgtests. ++ * postinst: Start instances after offline update. ++ * control, rules: Drop -dbg packages. ++ * control: Drop conflicts on slapd. (Closes: #822532) ++ ++ -- Timo Aaltonen Mon, 03 Oct 2016 17:53:26 +0300 ++ ++389-ds-base (1.3.4.14-1) unstable; urgency=medium ++ ++ * New upstream release. ++ * support-non-nss-libldap.diff: Refreshed. ++ ++ -- Timo Aaltonen Mon, 29 Aug 2016 10:17:41 +0300 ++ ++389-ds-base (1.3.4.9-1) unstable; urgency=medium ++ ++ * New upstream release. ++ * support-non-nss-libldap.diff: Support libldap built against gnutls. ++ (LP: #1564179) ++ ++ -- Timo Aaltonen Mon, 18 Apr 2016 18:08:14 +0300 ++ ++389-ds-base (1.3.4.8-4) unstable; urgency=medium ++ ++ * use-perl-move.diff: Dropped, 'rename' is more reliable. ++ ++ -- Timo Aaltonen Wed, 30 Mar 2016 08:38:24 +0300 ++ ++389-ds-base (1.3.4.8-3) unstable; urgency=medium ++ ++ * use-perl-move.diff: Fix 60upgradeschemafiles.pl to use File::Copy. ++ (Closes: #818578) ++ ++ -- Timo Aaltonen Fri, 18 Mar 2016 11:15:23 +0200 ++ ++389-ds-base (1.3.4.8-2) unstable; urgency=medium ++ ++ * postinst: Silence ls and adduser. ++ * Drop the init file, we depend on systemd anyway. ++ * rules: Don't enable dirsrv-snmp.service by default. ++ * postrm: Clean up /var/lib/dirsrv/scripts-* on purge. ++ * user-perl-move.diff: Use move instead of rename during upgrade. ++ (Closes: #775550) ++ ++ -- Timo Aaltonen Thu, 17 Mar 2016 08:13:38 +0200 ++ ++389-ds-base (1.3.4.8-1) unstable; urgency=medium ++ ++ * New upstream release. ++ ++ -- Timo Aaltonen Mon, 22 Feb 2016 07:58:40 +0200 ++ ++389-ds-base (1.3.4.5-2) unstable; urgency=medium ++ ++ * fix-systemctl-path.diff: Use correct path to /bin/systemctl. ++ (Closes: #779653) ++ ++ -- Timo Aaltonen Wed, 09 Dec 2015 08:31:20 +0200 ++ ++389-ds-base (1.3.4.5-1) unstable; urgency=medium ++ ++ * New upstream release. ++ * patches: Refreshed. ++ ++ -- Timo Aaltonen Wed, 09 Dec 2015 08:14:56 +0200 ++ ++389-ds-base (1.3.3.13-1) unstable; urgency=medium ++ ++ * New upstream release. ++ * control: Add systemd to 389-ds-base Depends. (Closes: #794301) ++ * postrm: Clean target.wants in postrm. ++ * reproducible-build.diff: Make builds reproducible. Thanks, Chris ++ Lamb! (Closes: #799010) ++ ++ -- Timo Aaltonen Tue, 20 Oct 2015 14:25:05 +0300 ++ ++389-ds-base (1.3.3.12-1) unstable; urgency=medium ++ ++ * New upstream release ++ - fix CVE-2015-3230 (Closes: #789202) ++ ++ -- Timo Aaltonen Wed, 24 Jun 2015 11:47:50 +0300 ++ ++389-ds-base (1.3.3.10-1) unstable; urgency=medium ++ ++ * New upstream release ++ - fix CVE-2015-1854 (Closes: #783923) ++ * postinst: Stop actual instances instead of 'dirsrv' on upgrade, and ++ use service(8) instead of invoke-rc.d. ++ ++ -- Timo Aaltonen Thu, 07 May 2015 07:58:35 +0300 ++ ++389-ds-base (1.3.3.9-1) experimental; urgency=medium ++ ++ * New upstream bugfix release. ++ - Drop cve-2014-8*.diff, upstream. ++ ++ -- Timo Aaltonen Thu, 02 Apr 2015 14:47:20 +0300 ++ ++389-ds-base (1.3.3.5-4) unstable; urgency=medium ++ ++ * Security fixes (Closes: #779909) ++ - cve-2014-8105.diff: Fix for CVE-2014-8105 ++ - cve-2014-8112.diff: Fix for CVE-2014-8112 ++ ++ -- Timo Aaltonen Mon, 09 Mar 2015 10:53:03 +0200 ++ ++389-ds-base (1.3.3.5-3) unstable; urgency=medium ++ ++ * use-bash-instead-of-sh.diff: Drop admin_scripts.diff and patch the ++ scripts to use bash instead of trying to fix bashisms. (Closes: ++ #772195) ++ ++ -- Timo Aaltonen Fri, 16 Jan 2015 15:40:23 +0200 ++ ++389-ds-base (1.3.3.5-2) unstable; urgency=medium ++ ++ * fix-saslpath.diff: Fix SASL library path. ++ ++ -- Timo Aaltonen Sat, 25 Oct 2014 01:48:34 +0300 ++ ++389-ds-base (1.3.3.5-1) unstable; urgency=medium ++ ++ * New upstream bugfix release. ++ * control: Bump policy, no changes. ++ ++ -- Timo Aaltonen Mon, 20 Oct 2014 09:57:14 +0300 ++ ++389-ds-base (1.3.3.3-1) unstable; urgency=medium ++ ++ * New upstream release. ++ * Dropped upstreamed patches, refresh others. ++ * control, rules, 389-ds-base.install: Add support for systemd. ++ * fix-obsolete-target.diff: Drop syslog.target from the service files. ++ * 389-ds-base.links: Mask the initscript so that it's not used with systemd. ++ ++ -- Timo Aaltonen Mon, 06 Oct 2014 17:13:01 +0300 ++ ++389-ds-base (1.3.2.23-2) unstable; urgency=medium ++ ++ * Team upload. ++ * Add fix-bsd.patch and support-kfreebsd.patch to fix the build failure ++ on kFreeBSD. ++ ++ -- Benjamin Drung Wed, 03 Sep 2014 15:32:22 +0200 ++ ++389-ds-base (1.3.2.23-1) unstable; urgency=medium ++ ++ * New bugfix release. ++ * watch: Update the url. ++ * control: Update Vcs-Browser url to use cgit. ++ ++ -- Timo Aaltonen Mon, 01 Sep 2014 13:32:59 +0300 ++ ++389-ds-base (1.3.2.21-1) unstable; urgency=medium ++ ++ * New upstream release. ++ - CVE-2014-3562 (Closes: #757437) ++ ++ -- Timo Aaltonen Fri, 08 Aug 2014 10:48:55 +0300 ++ ++389-ds-base (1.3.2.19-1) unstable; urgency=medium ++ ++ * New upstream release. ++ * admin_scripts.diff: Updated to fix more bashisms. ++ * watch: Update the url. ++ * Install failedbinds.py and logregex.py scripts. ++ * init: Use status from init-functions. ++ * control: Update my email. ++ ++ -- Timo Aaltonen Tue, 08 Jul 2014 15:50:11 +0300 ++ ++389-ds-base (1.3.2.9-1.1) unstable; urgency=medium ++ ++ * Non-maintainer upload. ++ * Apply fix for CVE-2014-0132, see like named patch (Closes: 741600) ++ * Fix m4-macro for libsrvcore and add missing B-D on libpci-dev ++ (Closes: #745821) ++ ++ -- Tobias Frost Fri, 25 Apr 2014 15:11:16 +0200 ++ ++389-ds-base (1.3.2.9-1) unstable; urgency=low ++ ++ * New upstream release. ++ - fixes CVE-2013-0336 (Closes: #704077) ++ - fixes CVE-2013-1897 (Closes: #704421) ++ - fixes CVE-2013-2219 (Closes: #718325) ++ - fixes CVE-2013-4283 (Closes: #721222) ++ - fixes CVE-2013-4485 (Closes: #730115) ++ * Drop fix-CVE-2013-0312.diff, upstream. ++ * rules: Add new scripts to rename. ++ * fix-sasl-path.diff: Use a triplet path to find libsasl2. (LP: ++ #1088822) ++ * admin_scripts.diff: Add patch from upstream #47511 to fix bashisms. ++ * control: Add ldap-utils to -base depends. ++ * rules, rename-online-scripts.diff: Some scripts with .pl suffix are ++ meant for an online server, so instead of overwriting the offline ++ scripts use -online suffix. ++ * rules: Enable parallel build, but limit the jobs to 1 for ++ dh_auto_install. ++ * control: Bump policy to 3.9.5, no changes. ++ * rules: Add get-orig-source target. ++ * lintian-overrides: Drop obsolete entries, add comments for the rest. ++ ++ -- Timo Aaltonen Mon, 03 Feb 2014 11:08:50 +0200 ++ ++389-ds-base (1.3.0.3-1) unstable; urgency=low ++ ++ * New upstream release. ++ * control: Bump the policy to 3.9.4, no changes. ++ * fix-CVE-2013-0312.diff: Patch to fix handling LDAPv3 control data. ++ ++ -- Timo Aaltonen Mon, 11 Mar 2013 14:23:20 +0200 ++ ++389-ds-base (1.2.11.17-1) UNRELEASED; urgency=low ++ ++ * New upstream release. ++ * watch: Add a comment about the upstream git tree. ++ * fix-cve-2012-4450.diff: Remove, upstream. ++ ++ -- Timo Aaltonen Sat, 01 Dec 2012 14:22:13 +0200 ++ ++389-ds-base (1.2.11.15-1) unstable; urgency=low ++ ++ * New upstream release. ++ * Add fix-cve-2012-4450.diff. (Closes: #688942) ++ * dirsrv.init: Fix stop() to remove the pidfile only when the process ++ is finished. (Closes: #689389) ++ * copyright: Update the source url. ++ * control: Drop quilt from build-depends, since using 3.0 (quilt) ++ * lintian-overrides: Add an override for hardening-no-fortify- ++ functions, since it's a false positive in this case. ++ * control: Drop dpkg-dev from build-depends, no need to specify it ++ directly. ++ * copyright: Add myself as a copyright holder for debian/*. ++ * 389-ds-base.prerm: Add 'set -e'. ++ * rules: drop DEB_HOST_MULTIARCH, dh9 handles it. ++ ++ -- Timo Aaltonen Wed, 03 Oct 2012 19:33:52 +0300 ++ ++389-ds-base (1.2.11.7-5) unstable; urgency=low ++ ++ * control: Drop debconf-utils and po-debconf from build-depends. ++ * control: Add libnetaddr-ip-perl and libsocket-getaddrinfo-perl to ++ 389-ds-base Depends for ipv6 support. (Closes: #682847) ++ ++ -- Timo Aaltonen Mon, 30 Jul 2012 13:12:23 +0200 ++ ++389-ds-base (1.2.11.7-4) unstable; urgency=low ++ ++ * debian/po: Remove, leftover from the template purge. (Closes: #681543) ++ ++ -- Timo Aaltonen Thu, 19 Jul 2012 23:12:01 +0300 ++ ++389-ds-base (1.2.11.7-3) unstable; urgency=low ++ ++ * 389-ds-base.config: Removed, the debconf template is no more. ++ (Closes: #680351) ++ * control: Remove duplicate 'the' from the 389-ds description. ++ ++ -- Timo Aaltonen Wed, 11 Jul 2012 11:59:36 +0300 ++ ++389-ds-base (1.2.11.7-2) unstable; urgency=low ++ ++ * control: Stop hardcoding libs to binary depends. (Closes: #679790) ++ * control: Add libnspr4-dev and libldap2-dev to 389-ds-base-dev ++ Depends. (Closes: #679742) ++ * l10n review (Closes: #679870) : ++ - Drop the debconf template, and rewrap README.Debian. ++ - control: Update the descriptions ++ ++ -- Timo Aaltonen Tue, 03 Jul 2012 17:58:20 +0300 ++ ++389-ds-base (1.2.11.7-1) unstable; urgency=low ++ ++ [ Timo Aaltonen ] ++ * New upstream release. ++ * watch: Fix the url. ++ * patches/remove_license_prompt: Dropped, included upstream. ++ * patches/default_user: Refreshed. ++ * control: Change the VCS header to point to the git repository. ++ * control: Rename last remnants of Fedora to 389. ++ * changelog, control: Be consistent with the naming; renamed the source ++ to just '389-ds-base', which matches upstream tarball naming. ++ * control: Wrap Depends. ++ * compat, control: Bump compat to 9, and debhelper build-dep to (>= 9). ++ * rules: Switch to dh. ++ * Move dirsrv.lintian to dirsrv.lintian-overrides, adjust dirsrv.install. ++ * *.dirs: Clean up. ++ * control: Build-depend on dh-autoreconf, drop duplicate bdeps. ++ * Fold dirsrv-tools into the main package. ++ * Build against libldap2-dev (>= 2.4.28). ++ * Rename binary package to 389-ds-base. ++ * -dev.install: Install the pkgconfig file. ++ * rules: Enable PIE hardening. ++ * Add a default file, currently sets LD_BIND_NOW=1. ++ * control: 'dbgen' uses old perl libs, add libperl4-corelibs-perl ++ dependency to 389-ds-base. ++ * rules: Add --fail-missing for dh_install, remove files not needed ++ and make sure to install the rest. ++ * rules, control: Fix the installation name of ds-logpipe.py, add ++ python dependency to 389-ds-base.. ++ * libns-dshttpd is internal to the server, ship it in 389-ds-base. ++ * Rename libdirsrv{-dev,0} -> 389-ds-base-{dev,libs}, includes only ++ libslapd and headers for external plugin development. ++ * control: Breaks/Replaces old libdirsrv-dev/libdirsrv0/dirsrv. ++ * Drop hyphen_used_as_minus, applied upstream. ++ * copyright: Use DEP5 format. ++ * Cherry-pick upstream commit ee320163c6 to get rid of unnecessary ++ and non-free MIB's from the tree, and build a dfsg compliant tarball. ++ * lintian-overrides: Update, create one for -libs. ++ * Fix the initscript to create the lockdir, and refactor code into separate ++ functions. ++ * Drop obsolete entries from copyright, and make it lintian clean. ++ * debian/po: Refer to the correct file after rename. ++ * control: Bump Standards-Version to 3.9.3, no changes. ++ * postinst: Drop unused 'lastversion'. ++ * patches: Add DEP3 compliant headers. ++ * rules, postinst: Add an error handler function for dh_installinit, so ++ that clean installs don't fail due to missing configuration. ++ * postinst: Run the update tool. ++ * dirsrv.init: ++ - Make the start and stop functions much simpler and LSB compliant ++ - Fix starting multiple instances ++ - Use '-b' for start-stop-daemon, since ns-slapd doesn't detach properly ++ * control: Add 389-ds metapackage. ++ * control: Change libdb4.8-dev build-depends to libdb-dev, since this version ++ supports db5.x. ++ * 389-ds-base.prerm: Add prerm script for removing installed instances on ++ purge. ++ ++ [ Krzysztof Klimonda ] ++ * dirsrv.init: ++ - return 0 code if there are no instances configured and tweak message ++ so it doesn't indicate a failure. ++ ++ -- Krzysztof Klimonda Tue, 27 Mar 2012 14:26:16 +0200 ++ ++389-directory-server (1.2.6.1-5) unstable; urgency=low ++ ++ * Removed db_stop from dirsrv.postinst ++ * Fix short description in libdirsrv0-dbg ++ ++ -- Michele Baldessari Wed, 20 Oct 2010 20:24:20 +0200 ++ ++389-directory-server (1.2.6.1-4) unstable; urgency=low ++ ++ * Make libicu dep dependent on dpkg-vendor ++ ++ -- Michele Baldessari Mon, 18 Oct 2010 21:21:52 +0200 ++ ++389-directory-server (1.2.6.1-3) unstable; urgency=low ++ ++ * Remove dirsrv user and group in postrm ++ * Clean up postrm and postinst ++ ++ -- Michele Baldessari Sun, 17 Oct 2010 21:54:08 +0200 ++ ++389-directory-server (1.2.6.1-2) unstable; urgency=low ++ ++ * Fix QUILT_STAMPFN ++ ++ -- Michele Baldessari Sun, 17 Oct 2010 15:03:34 +0200 ++ ++389-directory-server (1.2.6.1-1) unstable; urgency=low ++ ++ * New upstream ++ ++ -- Michele Baldessari Sat, 16 Oct 2010 23:08:09 +0200 ++ ++389-directory-server (1.2.6-2) unstable; urgency=low ++ ++ * Update my email address ++ ++ -- Michele Baldessari Sat, 16 Oct 2010 22:34:19 +0200 ++ ++389-directory-server (1.2.6-1) unstable; urgency=low ++ ++ * New upstream ++ * s/Fedora/389/g to clean up the branding ++ * Remove automatic configuration (breaks too often with every update) ++ * Remove dirsrv.config translation, no questions are asked anymore ++ * Fix old changelog versions with proper ~ on rc versions ++ * Update policy to 3.9.1 ++ * Improve README.Debian ++ * Depend on libicu44 ++ * Remove /var/run/dirsrv from the postinst scripts (managed by init script) ++ ++ -- Michele Baldessari Sat, 04 Sep 2010 11:58:21 +0200 ++ ++389-directory-server (1.2.6~rc7-1) unstable; urgency=low ++ ++ * New upstream ++ ++ -- Michele Baldessari Fri, 03 Sep 2010 20:06:08 +0200 ++ ++389-directory-server (1.2.6~a3-1) unstable; urgency=low ++ ++ * New upstream ++ * Rename man page remove-ds.pl in remove-ds ++ * Removed Debian.source ++ ++ -- Michele Baldessari Sun, 23 May 2010 22:12:13 +0200 ++ ++389-directory-server (1.2.6~a2-1) unstable; urgency=low ++ ++ * New upstream ++ * Removed speling_fixes patch, applied upstream ++ ++ -- Michele Baldessari Sun, 23 May 2010 13:36:25 +0200 ++ ++389-directory-server (1.2.5-1) unstable; urgency=low ++ ++ * New upstream ++ * Add libpcre3-dev Build-dep ++ * ldap-agent moved ti /usr/sbin ++ * Fix spelling errors in code and manpages ++ * Fix some lintian warnings ++ * Bump policy to 3.8.3 ++ * Ignore lintian warning pkg-has-shlibs-control-file-but-no-actual-shared-libs ++ as the shlibs file is for dirsrv plugins ++ * Upgraded deps to libicu42 and libdb4.8 ++ * Do create /var/lib/dirsrv as dirsrv user's home ++ * Added libsasl2-modules-gssapi-mit as a dependency for dirsrv (needed by ++ mandatory LDAP SASL mechs) ++ * Install all files of etc/dirsrv/config ++ * Add some missing start scripts in usr/sbin ++ * Fixed a bug in the dirsrv.init script ++ * Switch to dpkg-source 3.0 (quilt) format ++ * Bump policy to 3.8.4 ++ ++ -- Michele Baldessari Sun, 23 May 2010 12:31:24 +0200 ++ ++389-directory-server (1.2.1-0) unstable; urgency=low ++ ++ * Rename of source package (note, since this is still staging work no ++ replace or upgrade is in place) ++ * Update watch file ++ * New Upstream ++ ++ -- Michele Baldessari Fri, 12 Jun 2009 22:08:42 +0200 ++ ++fedora-directory-server (1.2.0-1) unstable; urgency=low ++ ++ * New upstream release ++ * Add missing libkrb5-dev dependency ++ * Fix section of -dbg packages ++ * Fix all "dpatch-missing-description" lintian warnings ++ ++ -- Michele Baldessari Wed, 22 Apr 2009 23:36:22 +0200 ++ ++fedora-directory-server (1.1.3-1) unstable; urgency=low ++ ++ * New upstream ++ * Added watch file ++ * Make setup-ds use dirsrv:dirsrv user/group as defaults ++ * Added VCS-* fields ++ * --enable-autobind ++ * Add ldap/servers/plugins/replication/winsync-plugin.h to libdirsrv-dev ++ ++ -- Michele Baldessari Mon, 24 Nov 2008 22:42:26 +0100 ++ ++fedora-directory-server (1.1.2-2) unstable; urgency=low ++ ++ * Fixed build+configure twice issue ++ * Added Conflicts: slapd (thanks Alessandro) ++ ++ -- Michele Baldessari Tue, 23 Sep 2008 21:12:44 +0200 ++ ++fedora-directory-server (1.1.2-1) unstable; urgency=low ++ ++ * New upstream ++ * Removed /usr/sbin PATH from postinst script ++ ++ -- Michele Baldessari Sat, 20 Sep 2008 20:10:52 +0000 ++ ++fedora-directory-server (1.1.1-0) unstable; urgency=low ++ ++ * New upstream ++ * Don't apply patch for 439829, fixed upstream ++ * Bump to policy 3.8.0 ++ * Added README.source ++ ++ -- Michele Baldessari Fri, 22 Aug 2008 00:09:40 +0200 ++ ++fedora-directory-server (1.1.0-4) unstable; urgency=low ++ ++ * dirsrv should depend on libmozilla-ldap-perl (thanks Mathias Kaufmann ++ ) ++ ++ -- Michele Baldessari Sun, 20 Jul 2008 18:41:58 +0200 ++ ++fedora-directory-server (1.1.0-3) unstable; urgency=low ++ ++ * Fix up some descriptions ++ ++ -- Michele Baldessari Sun, 25 May 2008 21:36:32 +0200 ++ ++fedora-directory-server (1.1.0-2) unstable; urgency=low ++ ++ * Silenced init warning messages when chowning pid directory ++ ++ -- Michele Baldessari Wed, 21 May 2008 23:08:32 +0200 ++ ++fedora-directory-server (1.1.0-1) unstable; urgency=low ++ ++ * Removed template lintian warning ++ * Cleaned up manpages ++ ++ -- Michele Baldessari Sun, 18 May 2008 13:39:58 +0200 ++ ++fedora-directory-server (1.1.0-0) unstable; urgency=low ++ ++ * Initial release (Closes: #497098). ++ * Fixed postinst after renaming setup-ds.pl to setup-ds ++ * Applied patch from https://bugzilla.redhat.com/show_bug.cgi?id=439829 to ++ fix segfault against late NSS versions ++ * Switched to parseable copyright format ++ * Source package is lintian clean now ++ * Added initial manpage patch ++ * Switched to dh_install ++ ++ -- Michele Baldessari Thu, 27 Mar 2008 23:56:17 +0200 diff --cc debian/compat index 0000000,0000000..ec63514 new file mode 100644 --- /dev/null +++ b/debian/compat @@@ -1,0 -1,0 +1,1 @@@ ++9 diff --cc debian/control index 0000000,0000000..a42c961 new file mode 100644 --- /dev/null +++ b/debian/control @@@ -1,0 -1,0 +1,122 @@@ ++Source: 389-ds-base ++Section: net ++Priority: optional ++Maintainer: Debian 389ds Team ++Uploaders: ++ Timo Aaltonen , ++ Krzysztof Klimonda , ++Build-Depends: ++ debhelper (>= 9), ++ dh-autoreconf, ++ dh-systemd, ++ libbz2-dev, ++ libdb-dev, ++ libicu-dev, ++ libkrb5-dev, ++ libldap2-dev (>= 2.4.28), ++ libnspr4-dev, ++ libnss3-dev, ++ libpam0g-dev, ++ libpci-dev, ++ libpcre3-dev, ++ libperl-dev, ++ libsasl2-dev, ++ libsnmp-dev, ++ libssl-dev, ++ libsvrcore-dev (>= 1:4.1.2+dfsg1-3), ++ libsystemd-dev, ++ pkg-config, ++ zlib1g-dev, ++Standards-Version: 3.9.8 ++Vcs-Git: git://anonscm.debian.org/pkg-fedora-ds/389-ds-base.git ++Vcs-Browser: http://anonscm.debian.org/cgit/pkg-fedora-ds/389-ds-base.git ++Homepage: http://directory.fedoraproject.org ++ ++Package: 389-ds ++Architecture: all ++Depends: ++ 389-admin, ++ 389-admin-console, ++ 389-console, ++ 389-ds-base, ++ 389-ds-console, ++ 389-dsgw, ++ ${misc:Depends}, ++Description: 389 Directory Server suite - metapackage ++ Based on the Lightweight Directory Access Protocol (LDAP), the 389 ++ Directory Server is designed to manage large directories of users and ++ resources robustly and scalably. ++ . ++ This is a metapackage depending on the LDAPv3 server, the HTTP ++ daemon used for server administration, and the graphical console used ++ for server and user/group administration. ++ ++Package: 389-ds-base-libs ++Section: libs ++Architecture: any ++Pre-Depends: ${misc:Pre-Depends} ++Depends: ${misc:Depends}, ${shlibs:Depends} ++Breaks: libdirsrv0 ++Replaces: libdirsrv0 ++Description: 389 Directory Server suite - libraries ++ Based on the Lightweight Directory Access Protocol (LDAP), the 389 ++ Directory Server is designed to manage large directories of users and ++ resources robustly and scalably. ++ . ++ This package contains core libraries for the 389 Directory Server. ++ ++Package: 389-ds-base-dev ++Section: libdevel ++Architecture: any ++Depends: ++ 389-ds-base-libs (= ${binary:Version}), ++ libldap2-dev, ++ libnspr4-dev, ++ ${misc:Depends}, ++ ${shlibs:Depends}, ++Breaks: libdirsrv-dev ++Replaces: libdirsrv-dev ++Description: 389 Directory Server suite - development files ++ Based on the Lightweight Directory Access Protocol (LDAP), the 389 ++ Directory Server is designed to manage large directories of users and ++ resources robustly and scalably. ++ . ++ This package contains development headers for the core libraries ++ of the 389 Directory Server, useful for developing plugins without ++ having to install the server itself. ++ ++Package: 389-ds-base ++Architecture: any ++Pre-Depends: debconf (>= 0.5) | debconf-2.0 ++Depends: ++ 389-ds-base-libs (= ${binary:Version}), ++ adduser, ++ acl, ++ ldap-utils, ++ libmozilla-ldap-perl, ++ libnetaddr-ip-perl, ++ libperl4-corelibs-perl | perl (<< 5.12.3-7), ++ libsasl2-modules-gssapi-mit, ++ libsocket-getaddrinfo-perl, ++ python, ++ systemd, ++ ${misc:Depends}, ++ ${shlibs:Depends}, ++Breaks: dirsrv, libdirsrv-dev, libdirsrv0 ++Replaces: dirsrv, libdirsrv-dev, libdirsrv0 ++Description: 389 Directory Server suite - server ++ Based on the Lightweight Directory Access Protocol (LDAP), the 389 ++ Directory Server is designed to manage large directories of users and ++ resources robustly and scalably. ++ . ++ Its key features include: ++ * four-way multi-master replication; ++ * great scalability; ++ * extensive documentation; ++ * Active Directory user and group synchronization; ++ * secure authentication and transport; ++ * support for LDAPv3; ++ * graphical management console; ++ * on-line, zero downtime update of schema, configuration, and ++ in-tree Access Control Information. ++ diff --cc debian/copyright index 0000000,0000000..d99fca2 new file mode 100644 --- /dev/null +++ b/debian/copyright @@@ -1,0 -1,0 +1,539 @@@ ++Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ ++Upstream-name: 389-ds-base ++Source: http://directory.fedoraproject.org/wiki/Source ++ ++Files: * ++Copyright: 2001 Sun Microsystems, Inc. ++ 2005 Red Hat, Inc. ++License: GPL-2 and Other ++ ++Files: ldap/libraries/libavl/*.[ch] ldap/servers/slapd/abandon.c ++ ldap/servers/slapd/add.c ldap/servers/slapd/abandon.c ++ ldap/servers/slapd/add.c ldap/servers/slapd/bind.c ++ ldap/servers/slapd/bulk_import.c ldap/servers/slapd/compare.c ++ ldap/servers/slapd/delete.c ldap/servers/slapd/detach.c ++ ldap/servers/slapd/globals.c ldap/servers/slapd/modify.c ++ ldap/servers/slapd/modrdn.c ldap/servers/slapd/monitor.c ++ ldap/servers/slapd/search.c ldap/servers/slapd/unbind.c ++Copyright: 1993 Regents of the University of Michigan ++ 2001 Sun Microsystems, Inc. ++ 2005 Red Hat, Inc. ++License: GPL-2 and Other ++ ++Files: ldap/servers/slapd/tools/ldaptool.h ++Copyright: 1998 Netscape Communication Corporation ++License: GPL-2+ or LGPL-2.1 or MPL-1.1 ++ ++Files: ldap/servers/slapd/tools/ldaptool-sasl.c ++ ldap/servers/slapd/tools/ldaptool-sasl.h ++Copyright: 2005 Sun Microsystems, Inc. ++License: GPL-2+ or LGPL-2.1 or MPL-1.1 ++ ++Files: m4/* ++Copyright: 2006, 2007 Red Hat, Inc. ++License: GPL-2+ ++ ++Files: debian/* ++Copyright: 2008 Michele Baldessari ++ 2012 Timo Aaltonen ++License: GPL-2+ or LGPL-2.1 or MPL-1.1 ++ ++License: Other ++ In addition, as a special exception, Red Hat, Inc. gives You the additional ++ right to link the code of this Program with code not covered under the GNU ++ General Public License ("Non-GPL Code") and to distribute linked combinations ++ including the two, subject to the limitations in this paragraph. Non-GPL Code ++ permitted under this exception must only link to the code of this Program ++ through those well defined interfaces identified in the file named EXCEPTION ++ found in the source code files (the "Approved Interfaces"). The files of ++ Non-GPL Code may instantiate templates or use macros or inline functions from ++ the Approved Interfaces without causing the resulting work to be covered by ++ the GNU General Public License. Only Red Hat, Inc. may make changes or ++ additions to the list of Approved Interfaces. You must obey the GNU General ++ Public License in all respects for all of the Program code and other code used ++ in conjunction with the Program except the Non-GPL Code covered by this ++ exception. If you modify this file, you may extend this exception to your ++ version of the file, but you are not obligated to do so. If you do not wish to ++ provide this exception without modification, you must delete this exception ++ statement from your version and license this file solely under the GPL without ++ exception. ++ ++License: GPL-2 or GPL-2+ ++ On Debian machines the full text of the GNU General Public License ++ can be found in the file /usr/share/common-licenses/GPL-2. ++ ++License: LGPL-2.1 ++ On Debian machines the full text of the GNU General Public License ++ can be found in the file /usr/share/common-licenses/LGPL-2.1. ++ ++ ++License: MPL-1.1 ++ MOZILLA PUBLIC LICENSE ++ Version 1.1 ++ . ++ --------------- ++ . ++ 1. Definitions. ++ . ++ 1.0.1. "Commercial Use" means distribution or otherwise making the ++ Covered Code available to a third party. ++ . ++ 1.1. "Contributor" means each entity that creates or contributes to ++ the creation of Modifications. ++ . ++ 1.2. "Contributor Version" means the combination of the Original ++ Code, prior Modifications used by a Contributor, and the Modifications ++ made by that particular Contributor. ++ . ++ 1.3. "Covered Code" means the Original Code or Modifications or the ++ combination of the Original Code and Modifications, in each case ++ including portions thereof. ++ . ++ 1.4. "Electronic Distribution Mechanism" means a mechanism generally ++ accepted in the software development community for the electronic ++ transfer of data. ++ . ++ 1.5. "Executable" means Covered Code in any form other than Source ++ Code. ++ . ++ 1.6. "Initial Developer" means the individual or entity identified ++ as the Initial Developer in the Source Code notice required by Exhibit ++ A. ++ . ++ 1.7. "Larger Work" means a work which combines Covered Code or ++ portions thereof with code not governed by the terms of this License. ++ . ++ 1.8. "License" means this document. ++ . ++ 1.8.1. "Licensable" means having the right to grant, to the maximum ++ extent possible, whether at the time of the initial grant or ++ subsequently acquired, any and all of the rights conveyed herein. ++ . ++ 1.9. "Modifications" means any addition to or deletion from the ++ substance or structure of either the Original Code or any previous ++ Modifications. When Covered Code is released as a series of files, a ++ Modification is: ++ A. Any addition to or deletion from the contents of a file ++ containing Original Code or previous Modifications. ++ . ++ B. Any new file that contains any part of the Original Code or ++ previous Modifications. ++ . ++ 1.10. "Original Code" means Source Code of computer software code ++ which is described in the Source Code notice required by Exhibit A as ++ Original Code, and which, at the time of its release under this ++ License is not already Covered Code governed by this License. ++ . ++ 1.10.1. "Patent Claims" means any patent claim(s), now owned or ++ hereafter acquired, including without limitation, method, process, ++ and apparatus claims, in any patent Licensable by grantor. ++ . ++ 1.11. "Source Code" means the preferred form of the Covered Code for ++ making modifications to it, including all modules it contains, plus ++ any associated interface definition files, scripts used to control ++ compilation and installation of an Executable, or source code ++ differential comparisons against either the Original Code or another ++ well known, available Covered Code of the Contributor's choice. The ++ Source Code can be in a compressed or archival form, provided the ++ appropriate decompression or de-archiving software is widely available ++ for no charge. ++ . ++ 1.12. "You" (or "Your") means an individual or a legal entity ++ exercising rights under, and complying with all of the terms of, this ++ License or a future version of this License issued under Section 6.1. ++ For legal entities, "You" includes any entity which controls, is ++ controlled by, or is under common control with You. For purposes of ++ this definition, "control" means (a) the power, direct or indirect, ++ to cause the direction or management of such entity, whether by ++ contract or otherwise, or (b) ownership of more than fifty percent ++ (50%) of the outstanding shares or beneficial ownership of such ++ entity. ++ . ++ 2. Source Code License. ++ . ++ 2.1. The Initial Developer Grant. ++ The Initial Developer hereby grants You a world-wide, royalty-free, ++ non-exclusive license, subject to third party intellectual property ++ claims: ++ (a) under intellectual property rights (other than patent or ++ trademark) Licensable by Initial Developer to use, reproduce, ++ modify, display, perform, sublicense and distribute the Original ++ Code (or portions thereof) with or without Modifications, and/or ++ as part of a Larger Work; and ++ . ++ (b) under Patents Claims infringed by the making, using or ++ selling of Original Code, to make, have made, use, practice, ++ sell, and offer for sale, and/or otherwise dispose of the ++ Original Code (or portions thereof). ++ . ++ (c) the licenses granted in this Section 2.1(a) and (b) are ++ effective on the date Initial Developer first distributes ++ Original Code under the terms of this License. ++ . ++ (d) Notwithstanding Section 2.1(b) above, no patent license is ++ granted: 1) for code that You delete from the Original Code; 2) ++ separate from the Original Code; or 3) for infringements caused ++ by: i) the modification of the Original Code or ii) the ++ combination of the Original Code with other software or devices. ++ . ++ 2.2. Contributor Grant. ++ Subject to third party intellectual property claims, each Contributor ++ hereby grants You a world-wide, royalty-free, non-exclusive license ++ . ++ (a) under intellectual property rights (other than patent or ++ trademark) Licensable by Contributor, to use, reproduce, modify, ++ display, perform, sublicense and distribute the Modifications ++ created by such Contributor (or portions thereof) either on an ++ unmodified basis, with other Modifications, as Covered Code ++ and/or as part of a Larger Work; and ++ . ++ (b) under Patent Claims infringed by the making, using, or ++ selling of Modifications made by that Contributor either alone ++ and/or in combination with its Contributor Version (or portions ++ of such combination), to make, use, sell, offer for sale, have ++ made, and/or otherwise dispose of: 1) Modifications made by that ++ Contributor (or portions thereof); and 2) the combination of ++ Modifications made by that Contributor with its Contributor ++ Version (or portions of such combination). ++ . ++ (c) the licenses granted in Sections 2.2(a) and 2.2(b) are ++ effective on the date Contributor first makes Commercial Use of ++ the Covered Code. ++ . ++ (d) Notwithstanding Section 2.2(b) above, no patent license is ++ granted: 1) for any code that Contributor has deleted from the ++ Contributor Version; 2) separate from the Contributor Version; ++ 3) for infringements caused by: i) third party modifications of ++ Contributor Version or ii) the combination of Modifications made ++ by that Contributor with other software (except as part of the ++ Contributor Version) or other devices; or 4) under Patent Claims ++ infringed by Covered Code in the absence of Modifications made by ++ that Contributor. ++ . ++ 3. Distribution Obligations. ++ . ++ 3.1. Application of License. ++ The Modifications which You create or to which You contribute are ++ governed by the terms of this License, including without limitation ++ Section 2.2. The Source Code version of Covered Code may be ++ distributed only under the terms of this License or a future version ++ of this License released under Section 6.1, and You must include a ++ copy of this License with every copy of the Source Code You ++ distribute. You may not offer or impose any terms on any Source Code ++ version that alters or restricts the applicable version of this ++ License or the recipients' rights hereunder. However, You may include ++ an additional document offering the additional rights described in ++ Section 3.5. ++ . ++ 3.2. Availability of Source Code. ++ Any Modification which You create or to which You contribute must be ++ made available in Source Code form under the terms of this License ++ either on the same media as an Executable version or via an accepted ++ Electronic Distribution Mechanism to anyone to whom you made an ++ Executable version available; and if made available via Electronic ++ Distribution Mechanism, must remain available for at least twelve (12) ++ months after the date it initially became available, or at least six ++ (6) months after a subsequent version of that particular Modification ++ has been made available to such recipients. You are responsible for ++ ensuring that the Source Code version remains available even if the ++ Electronic Distribution Mechanism is maintained by a third party. ++ . ++ 3.3. Description of Modifications. ++ You must cause all Covered Code to which You contribute to contain a ++ file documenting the changes You made to create that Covered Code and ++ the date of any change. You must include a prominent statement that ++ the Modification is derived, directly or indirectly, from Original ++ Code provided by the Initial Developer and including the name of the ++ Initial Developer in (a) the Source Code, and (b) in any notice in an ++ Executable version or related documentation in which You describe the ++ origin or ownership of the Covered Code. ++ . ++ 3.4. Intellectual Property Matters ++ (a) Third Party Claims. ++ If Contributor has knowledge that a license under a third party's ++ intellectual property rights is required to exercise the rights ++ granted by such Contributor under Sections 2.1 or 2.2, ++ Contributor must include a text file with the Source Code ++ distribution titled "LEGAL" which describes the claim and the ++ party making the claim in sufficient detail that a recipient will ++ know whom to contact. If Contributor obtains such knowledge after ++ the Modification is made available as described in Section 3.2, ++ Contributor shall promptly modify the LEGAL file in all copies ++ Contributor makes available thereafter and shall take other steps ++ (such as notifying appropriate mailing lists or newsgroups) ++ reasonably calculated to inform those who received the Covered ++ Code that new knowledge has been obtained. ++ . ++ (b) Contributor APIs. ++ If Contributor's Modifications include an application programming ++ interface and Contributor has knowledge of patent licenses which ++ are reasonably necessary to implement that API, Contributor must ++ also include this information in the LEGAL file. ++ . ++ (c) Representations. ++ Contributor represents that, except as disclosed pursuant to ++ Section 3.4(a) above, Contributor believes that Contributor's ++ Modifications are Contributor's original creation(s) and/or ++ Contributor has sufficient rights to grant the rights conveyed by ++ this License. ++ . ++ 3.5. Required Notices. ++ You must duplicate the notice in Exhibit A in each file of the Source ++ Code. If it is not possible to put such notice in a particular Source ++ Code file due to its structure, then You must include such notice in a ++ location (such as a relevant directory) where a user would be likely ++ to look for such a notice. If You created one or more Modification(s) ++ You may add your name as a Contributor to the notice described in ++ Exhibit A. You must also duplicate this License in any documentation ++ for the Source Code where You describe recipients' rights or ownership ++ rights relating to Covered Code. You may choose to offer, and to ++ charge a fee for, warranty, support, indemnity or liability ++ obligations to one or more recipients of Covered Code. However, You ++ may do so only on Your own behalf, and not on behalf of the Initial ++ Developer or any Contributor. You must make it absolutely clear than ++ any such warranty, support, indemnity or liability obligation is ++ offered by You alone, and You hereby agree to indemnify the Initial ++ Developer and every Contributor for any liability incurred by the ++ Initial Developer or such Contributor as a result of warranty, ++ support, indemnity or liability terms You offer. ++ . ++ 3.6. Distribution of Executable Versions. ++ You may distribute Covered Code in Executable form only if the ++ requirements of Section 3.1-3.5 have been met for that Covered Code, ++ and if You include a notice stating that the Source Code version of ++ the Covered Code is available under the terms of this License, ++ including a description of how and where You have fulfilled the ++ obligations of Section 3.2. The notice must be conspicuously included ++ in any notice in an Executable version, related documentation or ++ collateral in which You describe recipients' rights relating to the ++ Covered Code. You may distribute the Executable version of Covered ++ Code or ownership rights under a license of Your choice, which may ++ contain terms different from this License, provided that You are in ++ compliance with the terms of this License and that the license for the ++ Executable version does not attempt to limit or alter the recipient's ++ rights in the Source Code version from the rights set forth in this ++ License. If You distribute the Executable version under a different ++ license You must make it absolutely clear that any terms which differ ++ from this License are offered by You alone, not by the Initial ++ Developer or any Contributor. You hereby agree to indemnify the ++ Initial Developer and every Contributor for any liability incurred by ++ the Initial Developer or such Contributor as a result of any such ++ terms You offer. ++ . ++ 3.7. Larger Works. ++ You may create a Larger Work by combining Covered Code with other code ++ not governed by the terms of this License and distribute the Larger ++ Work as a single product. In such a case, You must make sure the ++ requirements of this License are fulfilled for the Covered Code. ++ . ++ 4. Inability to Comply Due to Statute or Regulation. ++ . ++ If it is impossible for You to comply with any of the terms of this ++ License with respect to some or all of the Covered Code due to ++ statute, judicial order, or regulation then You must: (a) comply with ++ the terms of this License to the maximum extent possible; and (b) ++ describe the limitations and the code they affect. Such description ++ must be included in the LEGAL file described in Section 3.4 and must ++ be included with all distributions of the Source Code. Except to the ++ extent prohibited by statute or regulation, such description must be ++ sufficiently detailed for a recipient of ordinary skill to be able to ++ understand it. ++ . ++ 5. Application of this License. ++ . ++ This License applies to code to which the Initial Developer has ++ attached the notice in Exhibit A and to related Covered Code. ++ . ++ 6. Versions of the License. ++ . ++ 6.1. New Versions. ++ Netscape Communications Corporation ("Netscape") may publish revised ++ and/or new versions of the License from time to time. Each version ++ will be given a distinguishing version number. ++ . ++ 6.2. Effect of New Versions. ++ Once Covered Code has been published under a particular version of the ++ License, You may always continue to use it under the terms of that ++ version. You may also choose to use such Covered Code under the terms ++ of any subsequent version of the License published by Netscape. No one ++ other than Netscape has the right to modify the terms applicable to ++ Covered Code created under this License. ++ . ++ 6.3. Derivative Works. ++ If You create or use a modified version of this License (which you may ++ only do in order to apply it to code which is not already Covered Code ++ governed by this License), You must (a) rename Your license so that ++ the phrases "Mozilla", "MOZILLAPL", "MOZPL", "Netscape", ++ "MPL", "NPL" or any confusingly similar phrase do not appear in your ++ license (except to note that your license differs from this License) ++ and (b) otherwise make it clear that Your version of the license ++ contains terms which differ from the Mozilla Public License and ++ Netscape Public License. (Filling in the name of the Initial ++ Developer, Original Code or Contributor in the notice described in ++ Exhibit A shall not of themselves be deemed to be modifications of ++ this License.) ++ . ++ 7. DISCLAIMER OF WARRANTY. ++ . ++ COVERED CODE IS PROVIDED UNDER THIS LICENSE ON AN "AS IS" BASIS, ++ WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, ++ WITHOUT LIMITATION, WARRANTIES THAT THE COVERED CODE IS FREE OF ++ DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE OR NON-INFRINGING. ++ THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE COVERED CODE ++ IS WITH YOU. SHOULD ANY COVERED CODE PROVE DEFECTIVE IN ANY RESPECT, ++ YOU (NOT THE INITIAL DEVELOPER OR ANY OTHER CONTRIBUTOR) ASSUME THE ++ COST OF ANY NECESSARY SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER ++ OF WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS LICENSE. NO USE OF ++ ANY COVERED CODE IS AUTHORIZED HEREUNDER EXCEPT UNDER THIS DISCLAIMER. ++ . ++ 8. TERMINATION. ++ . ++ 8.1. This License and the rights granted hereunder will terminate ++ automatically if You fail to comply with terms herein and fail to cure ++ such breach within 30 days of becoming aware of the breach. All ++ sublicenses to the Covered Code which are properly granted shall ++ survive any termination of this License. Provisions which, by their ++ nature, must remain in effect beyond the termination of this License ++ shall survive. ++ . ++ 8.2. If You initiate litigation by asserting a patent infringement ++ claim (excluding declatory judgment actions) against Initial Developer ++ or a Contributor (the Initial Developer or Contributor against whom ++ You file such action is referred to as "Participant") alleging that: ++ . ++ (a) such Participant's Contributor Version directly or indirectly ++ infringes any patent, then any and all rights granted by such ++ Participant to You under Sections 2.1 and/or 2.2 of this License ++ shall, upon 60 days notice from Participant terminate prospectively, ++ unless if within 60 days after receipt of notice You either: (i) ++ agree in writing to pay Participant a mutually agreeable reasonable ++ royalty for Your past and future use of Modifications made by such ++ Participant, or (ii) withdraw Your litigation claim with respect to ++ the Contributor Version against such Participant. If within 60 days ++ of notice, a reasonable royalty and payment arrangement are not ++ mutually agreed upon in writing by the parties or the litigation claim ++ is not withdrawn, the rights granted by Participant to You under ++ Sections 2.1 and/or 2.2 automatically terminate at the expiration of ++ the 60 day notice period specified above. ++ . ++ (b) any software, hardware, or device, other than such Participant's ++ Contributor Version, directly or indirectly infringes any patent, then ++ any rights granted to You by such Participant under Sections 2.1(b) ++ and 2.2(b) are revoked effective as of the date You first made, used, ++ sold, distributed, or had made, Modifications made by that ++ Participant. ++ . ++ 8.3. If You assert a patent infringement claim against Participant ++ alleging that such Participant's Contributor Version directly or ++ indirectly infringes any patent where such claim is resolved (such as ++ by license or settlement) prior to the initiation of patent ++ infringement litigation, then the reasonable value of the licenses ++ granted by such Participant under Sections 2.1 or 2.2 shall be taken ++ into account in determining the amount or value of any payment or ++ license. ++ . ++ 8.4. In the event of termination under Sections 8.1 or 8.2 above, ++ all end user license agreements (excluding distributors and resellers) ++ which have been validly granted by You or any distributor hereunder ++ prior to termination shall survive termination. ++ . ++ 9. LIMITATION OF LIABILITY. ++ . ++ UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER TORT ++ (INCLUDING NEGLIGENCE), CONTRACT, OR OTHERWISE, SHALL YOU, THE INITIAL ++ DEVELOPER, ANY OTHER CONTRIBUTOR, OR ANY DISTRIBUTOR OF COVERED CODE, ++ OR ANY SUPPLIER OF ANY OF SUCH PARTIES, BE LIABLE TO ANY PERSON FOR ++ ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY ++ CHARACTER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, ++ WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER ++ COMMERCIAL DAMAGES OR LOSSES, EVEN IF SUCH PARTY SHALL HAVE BEEN ++ INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION OF ++ LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL INJURY ++ RESULTING FROM SUCH PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW ++ PROHIBITS SUCH LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE ++ EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO ++ THIS EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. ++ . ++ 10. U.S. GOVERNMENT END USERS. ++ . ++ The Covered Code is a "commercial item," as that term is defined in ++ 48 C.F.R. 2.101 (Oct. 1995), consisting of "commercial computer ++ software" and "commercial computer software documentation," as such ++ terms are used in 48 C.F.R. 12.212 (Sept. 1995). Consistent with 48 ++ C.F.R. 12.212 and 48 C.F.R. 227.7202-1 through 227.7202-4 (June 1995), ++ all U.S. Government End Users acquire Covered Code with only those ++ rights set forth herein. ++ . ++ 11. MISCELLANEOUS. ++ . ++ This License represents the complete agreement concerning subject ++ matter hereof. If any provision of this License is held to be ++ unenforceable, such provision shall be reformed only to the extent ++ necessary to make it enforceable. This License shall be governed by ++ California law provisions (except to the extent applicable law, if ++ any, provides otherwise), excluding its conflict-of-law provisions. ++ With respect to disputes in which at least one party is a citizen of, ++ or an entity chartered or registered to do business in the United ++ States of America, any litigation relating to this License shall be ++ subject to the jurisdiction of the Federal Courts of the Northern ++ District of California, with venue lying in Santa Clara County, ++ California, with the losing party responsible for costs, including ++ without limitation, court costs and reasonable attorneys' fees and ++ expenses. The application of the United Nations Convention on ++ Contracts for the International Sale of Goods is expressly excluded. ++ Any law or regulation which provides that the language of a contract ++ shall be construed against the drafter shall not apply to this ++ License. ++ . ++ 12. RESPONSIBILITY FOR CLAIMS. ++ . ++ As between Initial Developer and the Contributors, each party is ++ responsible for claims and damages arising, directly or indirectly, ++ out of its utilization of rights under this License and You agree to ++ work with Initial Developer and Contributors to distribute such ++ responsibility on an equitable basis. Nothing herein is intended or ++ shall be deemed to constitute any admission of liability. ++ . ++ 13. MULTIPLE-LICENSED CODE. ++ . ++ Initial Developer may designate portions of the Covered Code as ++ "Multiple-Licensed". "Multiple-Licensed" means that the Initial ++ Developer permits you to utilize portions of the Covered Code under ++ Your choice of the NPL or the alternative licenses, if any, specified ++ by the Initial Developer in the file described in Exhibit A. ++ . ++ EXHIBIT A -Mozilla Public License. ++ . ++ ``The contents of this file are subject to the Mozilla Public License ++ Version 1.1 (the "License"); you may not use this file except in ++ compliance with the License. You may obtain a copy of the License at ++ http://www.mozilla.org/MPL/ ++ . ++ Software distributed under the License is distributed on an "AS IS" ++ basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the ++ License for the specific language governing rights and limitations ++ under the License. ++ . ++ The Original Code is ______________________________________. ++ . ++ The Initial Developer of the Original Code is ________________________. ++ Portions created by ______________________ are Copyright (C) ______ ++ _______________________. All Rights Reserved. ++ . ++ Contributor(s): ______________________________________. ++ . ++ Alternatively, the contents of this file may be used under the terms ++ of the _____ license (the "[___] License"), in which case the ++ provisions of [______] License are applicable instead of those ++ above. If you wish to allow use of your version of this file only ++ under the terms of the [____] License and not to allow others to use ++ your version of this file under the MPL, indicate your decision by ++ deleting the provisions above and replace them with the notice and ++ other provisions required by the [___] License. If you do not delete ++ the provisions above, a recipient may use your version of this file ++ under either the MPL or the [___] License." ++ . ++ [NOTE: The text of this Exhibit A may differ slightly from the text of ++ the notices in the Source Code files of the Original Code. You should ++ use the text of this Exhibit A rather than the text found in the ++ Original Code Source Code for Your Modifications.] diff --cc debian/patches/fix-48986-cve-2017-2591.diff index 0000000,0000000..c5270b9 new file mode 100644 --- /dev/null +++ b/debian/patches/fix-48986-cve-2017-2591.diff @@@ -1,0 -1,0 +1,39 @@@ ++commit ffda694dd622b31277da07be76d3469fad86150f ++Author: William Brown ++Date: Wed Sep 28 10:46:21 2016 +1000 ++ ++ Ticket 48986 - 47808 triggers overflow in uiduniq.c ++ ++ Bug Description: Certain configurations of uiduniq.c would cause an overflow ++ when running with Address Sanitiser ++ ++ Fix Description: Increase the size of the allocation to tmp_config->attrs. ++ ++ https://fedorahosted.org/389/ticket/48986 ++ ++ Author: nhosoi ++ ++ Reviewed by: wibrown ++ ++diff --git a/ldap/servers/plugins/uiduniq/uid.c b/ldap/servers/plugins/uiduniq/uid.c ++index d1d0162..2aba17a 100644 ++--- a/ldap/servers/plugins/uiduniq/uid.c +++++ b/ldap/servers/plugins/uiduniq/uid.c ++@@ -302,7 +302,7 @@ uniqueness_entry_to_config(Slapi_PBlock *pb, Slapi_Entry *config_entry) ++ } ++ ++ /* Store attrName in the config */ ++- tmp_config->attrs = (const char **) slapi_ch_calloc(1, sizeof(char *)); +++ tmp_config->attrs = (const char **) slapi_ch_calloc(2, sizeof(char *)); ++ tmp_config->attrs[0] = slapi_ch_strdup(attrName); ++ argc--; ++ argv++; /* First argument was attribute name and remaining are subtrees */ ++@@ -345,7 +345,7 @@ uniqueness_entry_to_config(Slapi_PBlock *pb, Slapi_Entry *config_entry) ++ * - requiredObjectClass ++ */ ++ /* Store attrName in the config */ ++- tmp_config->attrs = (const char **) slapi_ch_calloc(1, sizeof(char *)); +++ tmp_config->attrs = (const char **) slapi_ch_calloc(2, sizeof(char *)); ++ tmp_config->attrs[0] = slapi_ch_strdup(attrName); ++ ++ /* There is no subtrees */ diff --cc debian/patches/fix-bsd.patch index 0000000,0000000..44b8bd5 new file mode 100644 --- /dev/null +++ b/debian/patches/fix-bsd.patch @@@ -1,0 -1,0 +1,33 @@@ ++Description: Fix build on kFreeBSD (and probably other BSD systems) ++ 1) ENODATA is no ISO C standard and is missing on BSD. ++ 2) The sysctl for the TCP keepalive interval is net.inet.tcp.keepintvl ++ on BSD. ++Author: Benjamin Drung ++ ++--- a/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c +++++ b/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c ++@@ -66,6 +66,10 @@ typedef struct _rdn_elem { ++ ++ #define TMPID 0 /* Used for the fake ID */ ++ +++#ifndef ENODATA /* not defined on BSD systems */ +++#define ENODATA ENOMSG +++#endif +++ ++ /* RDN(s) which can be added even if no suffix exists in the entryrdn index */ ++ const char *rdn_exceptions[] = { ++ "nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff", ++--- a/ldap/systools/idsktune.c +++++ b/ldap/systools/idsktune.c ++@@ -165,6 +165,11 @@ int mem_rec = 1024; ++ #define NAME_TCP_KEEPALIVE_INTERVAL "net.ipv4.tcp_keepalive_time" ++ #endif ++ +++#if defined(IDDS_BSD_SYSCTL) +++#define NAME_TCP_SMALLEST_ANON_PORT "net.inet.ip.portrange.hifirst" +++#define NAME_TCP_KEEPALIVE_INTERVAL "net.inet.tcp.keepintvl" +++#endif +++ ++ #if defined(__sun) || defined(__hpux) || defined(IDDS_LINUX_SYSCTL) ++ ++ long ndd_tcp_conn_req_max_q = 0; diff --cc debian/patches/fix-obsolete-target.diff index 0000000,0000000..4befbaf new file mode 100644 --- /dev/null +++ b/debian/patches/fix-obsolete-target.diff @@@ -1,0 -1,0 +1,21 @@@ ++--- a/wrappers/systemd-snmp.service.in +++++ b/wrappers/systemd-snmp.service.in ++@@ -5,7 +5,7 @@ ++ # systemctl (re)start dirsrv-snmp.service ++ [Unit] ++ Description=@capbrand@ Directory Server SNMP Subagent. ++-After=syslog.target network.target +++After=network.target ++ ++ [Service] ++ Type=forking ++--- a/wrappers/systemd.group.in +++++ b/wrappers/systemd.group.in ++@@ -1,6 +1,6 @@ ++ [Unit] ++ Description=@capbrand@ Directory Server ++-After=chronyd.service ntpd.service network-online.target syslog.target +++After=chronyd.service ntpd.service network-online.target ++ ++ [Install] ++ WantedBy=multi-user.target diff --cc debian/patches/fix-saslpath.diff index 0000000,0000000..7ab7b06 new file mode 100644 --- /dev/null +++ b/debian/patches/fix-saslpath.diff @@@ -1,0 -1,0 +1,33 @@@ ++--- a/ldap/servers/slapd/ldaputil.c +++++ b/ldap/servers/slapd/ldaputil.c ++@@ -980,10 +980,10 @@ ldaputil_get_saslpath() ++ if (PR_SUCCESS != PR_Access(saslpath, PR_ACCESS_EXISTS)) { ++ #ifdef CPU_arm ++ /* the 64-bit ARMv8 architecture. */ ++- saslpath = "/usr/lib/aarch64-linux-gnu"; +++ saslpath = "/usr/lib/aarch64-linux-gnu/sasl2"; ++ #else ++ /* Try x86_64 gnu triplet */ ++- saslpath = "/usr/lib/x86_64-linux-gnu"; +++ saslpath = "/usr/lib/x86_64-linux-gnu/sasl2"; ++ #endif ++ } ++ #else ++@@ -991,14 +991,14 @@ ldaputil_get_saslpath() ++ if (PR_SUCCESS != PR_Access(saslpath, PR_ACCESS_EXISTS)) { ++ #ifdef CPU_arm ++ /* the latest 32 bit ARM architecture using the hard-float version of EABI. */ ++- saslpath = "/usr/lib/arm-linux-gnueabihf"; +++ saslpath = "/usr/lib/arm-linux-gnueabihf/sasl2"; ++ if (PR_SUCCESS != PR_Access(saslpath, PR_ACCESS_EXISTS)) { ++ /* the 32 bit ARM architecture of EABI. */ ++- saslpath = "/usr/lib/arm-linux-gnueabi"; +++ saslpath = "/usr/lib/arm-linux-gnueabi/sasl2"; ++ } ++ #else ++ /* Try i386 gnu triplet */ ++- saslpath = "/usr/lib/i386-linux-gnu"; +++ saslpath = "/usr/lib/i386-linux-gnu/sasl2"; ++ #endif ++ } ++ #endif diff --cc debian/patches/fix-systemctl-path.diff index 0000000,0000000..aaaeb8c new file mode 100644 --- /dev/null +++ b/debian/patches/fix-systemctl-path.diff @@@ -1,0 -1,0 +1,31 @@@ ++Description: Fix the path to systemctl binary ++Author: Timo Aaltonen ++ ++--- a/ldap/admin/src/scripts/start-dirsrv.in +++++ b/ldap/admin/src/scripts/start-dirsrv.in ++@@ -55,7 +55,7 @@ start_instance() { ++ # otherwise start the instance the old way. ++ # ++ if [ -d "@systemdsystemunitdir@" ] && [ $(id -u) -eq 0 ];then ++- @bindir@/systemctl start @package_name@@$SERV_ID.service +++ /bin/systemctl start @package_name@@$SERV_ID.service ++ if [ $? -ne 0 ]; then ++ return 1 ++ fi ++--- a/ldap/admin/src/scripts/stop-dirsrv.in +++++ b/ldap/admin/src/scripts/stop-dirsrv.in ++@@ -43,12 +43,12 @@ stop_instance() { ++ # ++ # Now, check if systemctl is aware of this running instance ++ # ++- @bindir@/systemctl is-active @package_name@@$SERV_ID.service > /dev/null 2>&1 +++ /bin/systemctl is-active @package_name@@$SERV_ID.service > /dev/null 2>&1 ++ if [ $? -eq 0 ]; then ++ # ++ # systemctl sees the running process, so stop it correctly ++ # ++- @bindir@/systemctl stop @package_name@@$SERV_ID.service +++ /bin/systemctl stop @package_name@@$SERV_ID.service ++ else ++ # ++ # Have to kill it since systemctl doesn't think it's running diff --cc debian/patches/fix-upstream-49245.diff index 0000000,0000000..9c78400 new file mode 100644 --- /dev/null +++ b/debian/patches/fix-upstream-49245.diff @@@ -1,0 -1,0 +1,544 @@@ ++diff --git a/Makefile.am b/Makefile.am ++index d54a2cc..f885eea 100644 ++--- a/Makefile.am +++++ b/Makefile.am ++@@ -1059,9 +1059,6 @@ libslapd_la_SOURCES = ldap/servers/slapd/add.c \ ++ $(libavl_a_SOURCES) ++ ++ libslapd_la_CPPFLAGS = $(PLUGIN_CPPFLAGS) @sasl_inc@ @db_inc@ @svrcore_inc@ @kerberos_inc@ @pcre_inc@ ++-if SPARC ++-libslapd_la_SOURCES += ldap/servers/slapd/slapi_counter_sunos_sparcv9.S ++-endif ++ libslapd_la_LIBADD = $(LDAPSDK_LINK) $(SASL_LINK) $(NUNC_STANS_LINK) $(SVRCORE_LINK) $(NSS_LINK) $(NSPR_LINK) $(KERBEROS_LINK) $(PCRE_LINK) $(THREADLIB) $(SYSTEMD_LINK) ++ ++ ++diff --git a/configure.ac b/configure.ac ++index 846e3b4..9b6377a 100644 ++--- a/configure.ac +++++ b/configure.ac ++@@ -519,11 +519,14 @@ case $host in ++ case $host in ++ i*86-*-linux*) ++ AC_DEFINE([CPU_x86], [], [cpu type x86]) ++- AC_DEFINE([ATOMIC_64BIT_OPERATIONS], [1], [enabling atomic counter]) ++ ;; ++ x86_64-*-linux*) ++- AC_DEFINE([CPU_x86_64], [], [cpu type x86_64]) ++- AC_DEFINE([ATOMIC_64BIT_OPERATIONS], [1], [enabling atomic counter]) +++ AC_DEFINE([CPU_x86_64], [1], [cpu type x86_64]) +++ +++ # This turns on and off LFDS inside of libsds +++ # wibrown -- 2017-02-21 disabled temporarily +++ # with_atomic_queue="yes" +++ # AC_DEFINE([ATOMIC_QUEUE_OPERATIONS], [1], [enabling atomic queue operations]) ++ ;; ++ aarch64-*-linux*) ++ AC_DEFINE([CPU_arm], [], [cpu type arm]) ++@@ -532,16 +535,6 @@ case $host in ++ AC_DEFINE([CPU_arm], [], [cpu type arm]) ++ ;; ++ esac ++- AC_MSG_CHECKING([for GCC provided 64-bit atomic bool cas function ...]) ++- AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], ++- [[long long ptrval = 0, val = 0, newval = 1; (void)__sync_bool_compare_and_swap_8(&ptrval, val, newval);]])], ++- [AC_DEFINE([HAVE_64BIT_ATOMIC_CAS_FUNC], [1], [have 64-bit atomic bool compare and swap function provided by gcc])AC_MSG_RESULT([yes])], ++- [AC_MSG_RESULT([no])]) ++- AC_MSG_CHECKING([for GCC provided 64-bit atomic ops functions ...]) ++- AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], ++- [[long long ptrval = 0, val = 0; (void)__sync_add_and_fetch_8(&ptrval, val);]])], ++- [AC_DEFINE([HAVE_64BIT_ATOMIC_OP_FUNCS], [1], [have 64-bit atomic operation functions provided by gcc])AC_MSG_RESULT([yes])], ++- [AC_MSG_RESULT([no])]) ++ # some programs use the native thread library directly ++ THREADLIB=-lpthread ++ AC_SUBST([THREADLIB], [$THREADLIB]) ++@@ -576,7 +569,6 @@ case $host in ++ AC_DEFINE([_POSIX_C_SOURCE], [199506L], [POSIX revision]) ++ AC_DEFINE([_HPUX_SOURCE], [1], [Source namespace]) ++ AC_DEFINE([_INCLUDE_STDC__SOURCE_199901], [1], [to pick up all of the printf format macros in inttypes.h]) ++- AC_DEFINE([ATOMIC_64BIT_OPERATIONS], [1], [enabling atomic counter]) ++ # assume 64 bit ++ initconfigdir="/$PACKAGE_NAME/config" ++ perlexec='/opt/perl_64/bin/perl' ++@@ -611,12 +603,11 @@ dnl Cstd and Crun are required to link any C++ related code ++ initdir='$(sysconfdir)/init.d' ++ case $host in ++ i?86-*-solaris2.1[[0-9]]*) ++-dnl I dont know why i386 need this explicit +++ dnl I dont know why i386 need this explicit ++ AC_DEFINE([HAVE_GETPEERUCRED], [1], [have getpeerucred]) ++ ;; ++ sparc-*-solaris*) ++-dnl includes some assembler stuff in counter.o ++- AC_DEFINE([ATOMIC_64BIT_OPERATIONS], [1], [enabling atomic counter]) +++ dnl includes some assembler stuff in counter.o ++ AC_DEFINE([CPU_sparc], [], [cpu type sparc]) ++ TARGET='SPARC' ++ ;; ++@@ -627,6 +618,30 @@ dnl includes some assembler stuff in counter.o ++ ;; ++ esac ++ +++AC_MSG_CHECKING([for GCC provided 64-bit atomic operations]) +++AC_LINK_IFELSE([AC_LANG_PROGRAM([[ +++ #include +++ ]], +++ [[ +++ uint64_t t_counter = 0; +++ uint64_t t_oldval = 0; +++ uint64_t t_newval = 1; +++ +++ __atomic_compare_exchange_8(&t_counter, &t_oldval, t_newval, 0, __ATOMIC_SEQ_CST, __ATOMIC_SEQ_CST); +++ __atomic_add_fetch_8(&t_counter, t_newval, __ATOMIC_SEQ_CST); +++ __atomic_sub_fetch_8(&t_counter, t_newval, __ATOMIC_SEQ_CST); +++ __atomic_load(&t_counter, &t_oldval, __ATOMIC_SEQ_CST); +++ return 0; +++ ]])], +++ [ +++ AC_DEFINE([ATOMIC_64BIT_OPERATIONS], [1], [have 64-bit atomic operation functions provided by gcc]) +++ AC_MSG_RESULT([yes]) +++ ], +++ [ +++ AC_MSG_RESULT([no]) +++ ] +++) +++ ++ # cmd line overrides default setting above ++ if test -n "$with_initddir" ; then ++ initdir="$with_initddir" ++diff --git a/ldap/servers/slapd/slapi_counter.c b/ldap/servers/slapd/slapi_counter.c ++index d0696eb..9904fe9 100644 ++--- a/ldap/servers/slapd/slapi_counter.c +++++ b/ldap/servers/slapd/slapi_counter.c ++@@ -12,17 +12,22 @@ ++ ++ #include "slap.h" ++ +++#ifndef ATOMIC_64BIT_OPERATIONS +++#include +++#endif +++ ++ #ifdef HPUX ++-#ifdef ATOMIC_64BIT_OPERATIONS ++ #include ++ #endif ++-#endif ++ ++ /* ++ * Counter Structure ++ */ ++ typedef struct slapi_counter { ++ uint64_t value; +++#ifndef ATOMIC_64BIT_OPERATIONS +++ pthread_mutex_t _lock; +++#endif ++ } slapi_counter; ++ ++ /* ++@@ -53,6 +58,9 @@ void slapi_counter_init(Slapi_Counter *counter) ++ if (counter != NULL) { ++ /* Set the value to 0. */ ++ slapi_counter_set_value(counter, 0); +++#ifndef ATOMIC_64BIT_OPERATIONS +++ pthread_mutex_init(&(counter->_lock), NULL); +++#endif ++ } ++ } ++ ++@@ -65,6 +73,9 @@ void slapi_counter_init(Slapi_Counter *counter) ++ void slapi_counter_destroy(Slapi_Counter **counter) ++ { ++ if ((counter != NULL) && (*counter != NULL)) { +++#ifndef ATOMIC_64BIT_OPERATIONS +++ pthread_mutex_destroy(&((*counter)->_lock)); +++#endif ++ slapi_ch_free((void **)counter); ++ } ++ } ++@@ -99,17 +110,15 @@ uint64_t slapi_counter_decrement(Slapi_Counter *counter) ++ uint64_t slapi_counter_add(Slapi_Counter *counter, uint64_t addvalue) ++ { ++ uint64_t newvalue = 0; ++-#ifdef HPUX ++- uint64_t prev = 0; ++-#endif ++ ++ if (counter == NULL) { ++ return newvalue; ++ } ++- ++-#ifndef HPUX +++#ifdef ATOMIC_64BIT_OPERATIONS ++ newvalue = __atomic_add_fetch_8(&(counter->value), addvalue, __ATOMIC_SEQ_CST); ++ #else +++#ifdef HPUX +++ uint64_t prev = 0; ++ /* fetchadd only works with values of 1, 4, 8, and 16. In addition, it requires ++ * it's argument to be an integer constant. */ ++ if (addvalue == 1) { ++@@ -133,6 +142,12 @@ uint64_t slapi_counter_add(Slapi_Counter *counter, uint64_t addvalue) ++ _Asm_mov_to_ar(_AREG_CCV, prev); ++ } while (prev != _Asm_cmpxchg(_FASZ_D, _SEM_ACQ, &(counter->value), newvalue, _LDHINT_NONE)); ++ } +++#else +++ pthread_mutex_lock(&(counter->_lock)); +++ counter->value += addvalue; +++ newvalue = counter->value; +++ pthread_mutex_unlock(&(counter->_lock)); +++#endif ++ #endif ++ ++ return newvalue; ++@@ -147,17 +162,16 @@ uint64_t slapi_counter_add(Slapi_Counter *counter, uint64_t addvalue) ++ uint64_t slapi_counter_subtract(Slapi_Counter *counter, uint64_t subvalue) ++ { ++ uint64_t newvalue = 0; ++-#ifdef HPUX ++- uint64_t prev = 0; ++-#endif ++ ++ if (counter == NULL) { ++ return newvalue; ++ } ++ ++-#ifndef HPUX +++#ifdef ATOMIC_64BIT_OPERATIONS ++ newvalue = __atomic_sub_fetch_8(&(counter->value), subvalue, __ATOMIC_SEQ_CST); ++ #else +++#ifdef HPUX +++ uint64_t prev = 0; ++ /* fetchadd only works with values of -1, -4, -8, and -16. In addition, it requires ++ * it's argument to be an integer constant. */ ++ if (subvalue == 1) { ++@@ -181,6 +195,12 @@ uint64_t slapi_counter_subtract(Slapi_Counter *counter, uint64_t subvalue) ++ _Asm_mov_to_ar(_AREG_CCV, prev); ++ } while (prev != _Asm_cmpxchg(_FASZ_D, _SEM_ACQ, &(counter->value), newvalue, _LDHINT_NONE)); ++ } +++#else +++ pthread_mutex_lock(&(counter->_lock)); +++ counter->value -= subvalue; +++ newvalue = counter->value; +++ pthread_mutex_unlock(&(counter->_lock)); +++#endif ++ #endif ++ ++ return newvalue; ++@@ -199,58 +219,22 @@ uint64_t slapi_counter_set_value(Slapi_Counter *counter, uint64_t newvalue) ++ return value; ++ } ++ ++-#ifndef HPUX ++-/* Use our own inline assembly for an atomic set if ++- * the builtins aren't available. */ ++-#if !HAVE_64BIT_ATOMIC_CAS_FUNC ++- /* ++- * %0 = counter->value ++- * %1 = newvalue ++- */ ++- __asm__ __volatile__( ++-#ifdef CPU_x86 ++- /* Save the PIC register */ ++- " pushl %%ebx;" ++-#endif /* CPU_x86 */ ++- /* Put value of counter->value in EDX:EAX */ ++- "retryset: movl %0, %%eax;" ++- " movl 4%0, %%edx;" ++- /* Put newval in ECX:EBX */ ++- " movl %1, %%ebx;" ++- " movl 4+%1, %%ecx;" ++- /* If EDX:EAX and counter-> are the same, ++- * replace *ptr with ECX:EBX */ ++- " lock; cmpxchg8b %0;" ++- " jnz retryset;" ++-#ifdef CPU_x86 ++- /* Restore the PIC register */ ++- " popl %%ebx" ++-#endif /* CPU_x86 */ ++- : "+o" (counter->value) ++- : "m" (newvalue) ++-#ifdef CPU_x86 ++- : "memory", "eax", "ecx", "edx", "cc"); ++-#else ++- : "memory", "eax", "ebx", "ecx", "edx", "cc"); ++-#endif ++- ++- return newvalue; ++-#else /* HAVE_64BIT_ATOMIC_CAS_FUNC */ ++- while (1) { ++- value = __atomic_load_8(&(counter->value), __ATOMIC_SEQ_CST); ++- if (__atomic_compare_exchange_8(&(counter->value), &value, newvalue, PR_FALSE, __ATOMIC_SEQ_CST, __ATOMIC_SEQ_CST)){ ++- return newvalue; ++- } ++- } ++-#endif +++#ifdef ATOMIC_64BIT_OPERATIONS +++ __atomic_store_8(&(counter->value), newvalue, __ATOMIC_SEQ_CST); ++ #else /* HPUX */ +++#ifdef HPUX ++ do { ++ value = counter->value; ++ /* Put value in a register for cmpxchg to compare against */ ++ _Asm_mov_to_ar(_AREG_CCV, value); ++ } while (value != _Asm_cmpxchg(_FASZ_D, _SEM_ACQ, &(counter->value), newvalue, _LDHINT_NONE)); ++- return newvalue; +++#else +++ pthread_mutex_lock(&(counter->_lock)); +++ counter->value = newvalue; +++ pthread_mutex_unlock(&(counter->_lock)); +++#endif ++ #endif +++ return newvalue; ++ } ++ ++ /* ++@@ -266,57 +250,20 @@ uint64_t slapi_counter_get_value(Slapi_Counter *counter) ++ return value; ++ } ++ ++-#ifndef HPUX ++-/* Use our own inline assembly for an atomic get if ++- * the builtins aren't available. */ ++-#if !HAVE_64BIT_ATOMIC_CAS_FUNC ++- /* ++- * %0 = counter->value ++- * %1 = value ++- */ ++- __asm__ __volatile__( ++-#ifdef CPU_x86 ++- /* Save the PIC register */ ++- " pushl %%ebx;" ++-#endif /* CPU_x86 */ ++- /* Put value of counter->value in EDX:EAX */ ++- "retryget: movl %0, %%eax;" ++- " movl 4%0, %%edx;" ++- /* Copy EDX:EAX to ECX:EBX */ ++- " movl %%eax, %%ebx;" ++- " movl %%edx, %%ecx;" ++- /* If EDX:EAX and counter->value are the same, ++- * replace *ptr with ECX:EBX */ ++- " lock; cmpxchg8b %0;" ++- " jnz retryget;" ++- /* Put retrieved value into value */ ++- " movl %%ebx, %1;" ++- " movl %%ecx, 4%1;" ++-#ifdef CPU_x86 ++- /* Restore the PIC register */ ++- " popl %%ebx" ++-#endif /* CPU_x86 */ ++- : "+o" (counter->value), "=m" (value) ++- : ++-#ifdef CPU_x86 ++- : "memory", "eax", "ecx", "edx", "cc"); ++-#else ++- : "memory", "eax", "ebx", "ecx", "edx", "cc"); ++-#endif ++-#else /* HAVE_64BIT_ATOMIC_CAS_FUNC */ ++- while (1) { ++- value = __atomic_load_8(&(counter->value), __ATOMIC_SEQ_CST); ++- if (__atomic_compare_exchange_8(&(counter->value), &value, value, PR_FALSE, __ATOMIC_SEQ_CST, __ATOMIC_SEQ_CST)){ ++- break; ++- } ++- } ++-#endif +++#ifdef ATOMIC_64BIT_OPERATIONS +++ value = __atomic_load_8(&(counter->value), __ATOMIC_SEQ_CST); ++ #else /* HPUX */ +++#ifdef HPUX ++ do { ++ value = counter->value; ++ /* Put value in a register for cmpxchg to compare against */ ++ _Asm_mov_to_ar(_AREG_CCV, value); ++ } while (value != _Asm_cmpxchg(_FASZ_D, _SEM_ACQ, &(counter->value), value, _LDHINT_NONE)); +++#else +++ pthread_mutex_lock(&(counter->_lock)); +++ value = counter->value; +++ pthread_mutex_unlock(&(counter->_lock)); +++#endif ++ #endif ++ ++ return value; ++diff --git a/ldap/servers/slapd/slapi_counter_sunos_sparcv9.S b/ldap/servers/slapd/slapi_counter_sunos_sparcv9.S ++deleted file mode 100644 ++index e582c2a..0000000 ++--- a/ldap/servers/slapd/slapi_counter_sunos_sparcv9.S +++++ /dev/null ++@@ -1,105 +0,0 @@ ++-! BEGIN COPYRIGHT BLOCK ++-! The Original Code is the Netscape Portable Runtime (NSPR). ++-! ++-! The Initial Developer of the Original Code is ++-! Netscape Communications Corporation. ++-! Portions created by the Initial Developer are Copyright (C) 1998-2000 ++-! the Initial Developer. All Rights Reserved. ++-! ++-! The original code has been modified to support 64-bit atomic increments by ++-! Red Hat, Inc. These portions are Copyright (C) 2008 Red Hat, Inc. All Rights ++-! reserved. ++-! ++-! License: GPL (version 3 or any later version). ++-! See LICENSE for details. ++-! END COPYRIGHT BLOCK ++-! ++- ++-#define _ASM 1 /* force to set an assembler code macro _ASM */ ++-#include ++- ++-! ====================================================================== ++-! ++-! Perform the sequence a = b atomically with respect to other ++-! fetch-and-stores to location a in a wait-free fashion. ++-! ++-! usage : old_val = PR_AtomicSet(address, newval) ++-! ++-! ----------------------- ++-! Note on REGISTER USAGE: ++-! as this is a LEAF procedure, a new stack frame is not created; ++-! we use the caller's stack frame so what would normally be %i (input) ++-! registers are actually %o (output registers). Also, we must not ++-! overwrite the contents of %l (local) registers as they are not ++-! assumed to be volatile during calls. ++-! ----------------------- ++- ++- ENTRY(_sparcv9_AtomicSet) ! standard assembler/ELF prologue ++- ++-retryAS: ++- ldx [%o0], %o2 ! set o2 to the current value ++- mov %o1, %o3 ! set up the new value ++- casx [%o0], %o2, %o3 ! atomically set if o0 hasn't changed ++- cmp %o2, %o3 ! see if we set the value ++- bne retryAS ! if not, try again ++- nop ! empty out the branch pipeline ++- retl ! return back to the caller ++- mov %o3, %o0 ! set the return code to the prev value ++- ++- SET_SIZE(_sparcv9_AtomicSet) ! standard assembler/ELF epilogue ++- ++-! ++-! end ++-! ++-! ====================================================================== ++-! ++-! Perform the sequence a = a + b atomically with respect to other ++-! fetch-and-adds to location a in a wait-free fashion. ++-! ++-! usage : newval = PR_AtomicAdd(address, val) ++-! return: the value after addition ++-! ++- ENTRY(_sparcv9_AtomicAdd) ! standard assembler/ELF prologue ++- ++-retryAA: ++- ldx [%o0], %o2 ! set o2 to the current value ++- addx %o2, %o1, %o3 ! calc the new value ++- mov %o3, %o4 ! save the return value ++- casx [%o0], %o2, %o3 ! atomically set if o0 hasn't changed ++- cmp %o2, %o3 ! see if we set the value ++- bne retryAA ! if not, try again ++- nop ! empty out the branch pipeline ++- retl ! return back to the caller ++- mov %o4, %o0 ! set the return code to the new value ++- ++- SET_SIZE(_sparcv9_AtomicAdd) ! standard assembler/ELF epilogue ++- ++-! ++-! end ++-! ++-! ====================================================================== ++-! ++-! Perform the sequence a = a - b atomically with respect to other ++-! fetch-and-subs to location a in a wait-free fashion. ++-! ++-! usage : newval = PR_AtomicSub(address, val) ++-! return: the value after addition ++-! ++- ENTRY(_sparcv9_AtomicSub) ! standard assembler/ELF prologue ++- ++-retryAU: ++- ldx [%o0], %o2 ! set o2 to the current value ++- subx %o2, %o1, %o3 ! calc the new value ++- mov %o3, %o4 ! save the return value ++- casx [%o0], %o2, %o3 ! atomically set if o0 hasn't changed ++- cmp %o2, %o3 ! see if we set the value ++- bne retryAU ! if not, try again ++- nop ! empty out the branch pipeline ++- retl ! return back to the caller ++- mov %o4, %o0 ! set the return code to the new value ++- ++- SET_SIZE(_sparcv9_AtomicSub) ! standard assembler/ELF epilogue ++- ++-! ++-! end ++-! ++diff --git a/test/libslapd/counters/atomic.c b/test/libslapd/counters/atomic.c ++new file mode 100644 ++index 0000000..72fad88 ++--- /dev/null +++++ b/test/libslapd/counters/atomic.c ++@@ -0,0 +1,69 @@ +++/** BEGIN COPYRIGHT BLOCK +++ * Copyright (C) 2017 Red Hat, Inc. +++ * All rights reserved. +++ * +++ * License: GPL (version 3 or any later version). +++ * See LICENSE for details. +++ * END COPYRIGHT BLOCK **/ +++ +++#include "../../test_slapd.h" +++ +++void +++test_libslapd_counters_atomic_usage(void **state __attribute__((unused))) { +++ Slapi_Counter *tc = slapi_counter_new(); +++ +++ uint64_t value = 0; +++ /* Check that it starts as 0 */ +++ value = slapi_counter_get_value(tc); +++ assert_true(value == 0); +++ /* Increment */ +++ slapi_counter_increment(tc); +++ value = slapi_counter_get_value(tc); +++ assert_true(value == 1); +++ /* add */ +++ slapi_counter_add(tc, 100); +++ value = slapi_counter_get_value(tc); +++ assert_true(value == 101); +++ /* set */ +++ slapi_counter_set_value(tc, 200); +++ value = slapi_counter_get_value(tc); +++ assert_true(value == 200); +++ /* dec */ +++ slapi_counter_decrement(tc); +++ value = slapi_counter_get_value(tc); +++ assert_true(value == 199); +++ /* sub */ +++ slapi_counter_subtract(tc, 99); +++ value = slapi_counter_get_value(tc); +++ assert_true(value == 100); +++ /* init */ +++ slapi_counter_init(tc); +++ value = slapi_counter_get_value(tc); +++ assert_true(value == 0); +++ +++ +++ slapi_counter_destroy(&tc); +++ +++ /* We could attempt a more complex thread test later? */ +++ +++} +++ +++void +++test_libslapd_counters_atomic_overflow(void **state __attribute__((unused))) { +++ Slapi_Counter *tc = slapi_counter_new(); +++ /* This is intmax ... */ +++ uint32_t value_32 = 0xFFFFFFFF; +++ uint64_t value = 0; +++ +++ slapi_counter_set_value(tc, (uint64_t)value_32); +++ value = slapi_counter_get_value(tc); +++ assert_true(value == (uint64_t)value_32); +++ +++ slapi_counter_increment(tc); +++ value = slapi_counter_get_value(tc); +++ assert_true(value != 0); +++ assert_true(value > (uint64_t)value_32); +++ +++ slapi_counter_destroy(&tc); +++} +++ diff --cc debian/patches/ftbs_lsoftotkn3.diff index 0000000,0000000..7ebbcb6 new file mode 100644 --- /dev/null +++ b/debian/patches/ftbs_lsoftotkn3.diff @@@ -1,0 -1,0 +1,20 @@@ ++Description: Fix autoconf macro to detect svrcore properly ++ configure bails out with a linking error against libsoftokn, which is according ++ #473275 the correct behaviour. The patch modifies the m4 file to do not link ++ against this lib. ++Author: Tobias Frost ++Forwarded: no ++Last-Update: 2014-04-25 ++--- ++This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ ++--- a/m4/svrcore.m4 +++++ b/m4/svrcore.m4 ++@@ -84,7 +84,7 @@ fi ++ if test -z "$svrcore_inc" -o -z "$svrcore_lib"; then ++ dnl just see if SVRCORE is already a system library ++ AC_CHECK_LIB([svrcore], [SVRCORE_GetRegisteredPinObj], [havesvrcore=1], ++- [], [$nss_inc $nspr_inc $nss_lib -lnss3 -lsoftokn3 $nspr_lib -lplds4 -lplc4 -lnspr4]) +++ [], [$nss_inc $nspr_inc $nss_lib -lnss3 $nspr_lib -lplds4 -lplc4 -lnspr4]) ++ if test -n "$havesvrcore" ; then ++ dnl just see if SVRCORE is already a system header file ++ save_cppflags="$CPPFLAGS" diff --cc debian/patches/rename-online-scripts.diff index 0000000,0000000..e37ee75 new file mode 100644 --- /dev/null +++ b/debian/patches/rename-online-scripts.diff @@@ -1,0 -1,0 +1,51 @@@ ++--- a/ldap/admin/src/scripts/template-bak2db.pl.in +++++ b/ldap/admin/src/scripts/template-bak2db.pl.in ++@@ -23,6 +23,6 @@ while ($i <= $#ARGV) { ++ $i++; ++ } ++ ++-exec "{{SERVERBIN-DIR}}/bak2db.pl @wrapperArgs -Z {{SERV-ID}}"; +++exec "{{SERVERBIN-DIR}}/bak2db-online @wrapperArgs -Z {{SERV-ID}}"; ++ ++ exit ($?); ++--- a/ldap/admin/src/scripts/template-db2bak.pl.in +++++ b/ldap/admin/src/scripts/template-db2bak.pl.in ++@@ -23,7 +23,7 @@ while ($i <= $#ARGV) { ++ $i++; ++ } ++ ++-exec "{{SERVERBIN-DIR}}/db2bak.pl @wrapperArgs -Z {{SERV-ID}}"; +++exec "{{SERVERBIN-DIR}}/db2bak-online @wrapperArgs -Z {{SERV-ID}}"; ++ ++ exit ($?); ++ ++--- a/ldap/admin/src/scripts/template-db2index.pl.in +++++ b/ldap/admin/src/scripts/template-db2index.pl.in ++@@ -23,6 +23,6 @@ while ($i <= $#ARGV) { ++ $i++; ++ } ++ ++-exec "{{SERVERBIN-DIR}}/db2index.pl @wrapperArgs -Z {{SERV-ID}}"; +++exec "{{SERVERBIN-DIR}}/db2index-online @wrapperArgs -Z {{SERV-ID}}"; ++ ++ exit ($?); ++--- a/ldap/admin/src/scripts/template-db2ldif.pl.in +++++ b/ldap/admin/src/scripts/template-db2ldif.pl.in ++@@ -26,6 +26,6 @@ while ($i <= $#ARGV) { ++ ++ $cwd = cwd(); ++ ++-exec "{{SERVERBIN-DIR}}/db2ldif.pl -c $cwd @wrapperArgs -Z {{SERV-ID}}"; +++exec "{{SERVERBIN-DIR}}/db2ldif-online -c $cwd @wrapperArgs -Z {{SERV-ID}}"; ++ ++ exit ($?); ++--- a/ldap/admin/src/scripts/template-ldif2db.pl.in +++++ b/ldap/admin/src/scripts/template-ldif2db.pl.in ++@@ -23,6 +23,6 @@ while ($i <= $#ARGV) { ++ $i++; ++ } ++ ++-exec "{{SERVERBIN-DIR}}/ldif2db.pl @wrapperArgs -Z {{SERV-ID}}"; +++exec "{{SERVERBIN-DIR}}/ldif2db-online @wrapperArgs -Z {{SERV-ID}}"; ++ ++ exit ($?); diff --cc debian/patches/reproducible-build.diff index 0000000,0000000..9fca919 new file mode 100644 --- /dev/null +++ b/debian/patches/reproducible-build.diff @@@ -1,0 -1,0 +1,11 @@@ ++--- a/buildnum.pl +++++ b/buildnum.pl ++@@ -31,7 +31,7 @@ if ($opt_H) {exitHelp();} ++ $platdir = $opt_p; ++ ++ # Get current time ++-@now = gmtime; +++@now = gmtime ($ENV{SOURCE_DATE_EPOCH} || time); ++ ++ # Format buildnum as YYYY.DDD.HHMM ++ $year = $now[5] + 1900; diff --cc debian/patches/series index 0000000,0000000..9702f7b new file mode 100644 --- /dev/null +++ b/debian/patches/series @@@ -1,0 -1,0 +1,11 @@@ ++use-bash-instead-of-sh.diff ++rename-online-scripts.diff ++ftbs_lsoftotkn3.diff ++fix-bsd.patch ++support-kfreebsd.patch ++fix-obsolete-target.diff ++fix-saslpath.diff ++reproducible-build.diff ++fix-systemctl-path.diff ++fix-48986-cve-2017-2591.diff ++fix-upstream-49245.diff diff --cc debian/patches/support-kfreebsd.patch index 0000000,0000000..729d496 new file mode 100644 --- /dev/null +++ b/debian/patches/support-kfreebsd.patch @@@ -1,0 -1,0 +1,190 @@@ ++Description: Add support for kFreeBSD ++ The configure script should check for available features of the host instead ++ of assuming that specific hosts (e.g. Linux) have specific features. ++ . ++ This patch hacks the configure script and various source files to behave ++ on kFreeBSD similar to Linux. ++Author: Benjamin Drung ++ ++--- a/configure.ac +++++ b/configure.ac ++@@ -544,6 +544,46 @@ case $host in ++ AC_SUBST([LIBCRYPT], [$LIBCRYPT]) ++ AC_DEFINE([USE_POSIX_RWLOCKS], [1], [POSIX rwlocks]) ++ ;; +++ *-*-kfreebsd*) +++ dnl Assume that BSD has the getpeereid() function. +++ dnl TODO: Check for the existance of the getpeereid() function! +++ AC_DEFINE([HAVE_GETPEEREID], [1], [have getpeereid]) +++ dnl Check if we need to link against the bsd library for the getpeereid() function. +++ AC_SEARCH_LIBS([getpeereid], [bsd]) +++ dnl Copied stuff from Linux section above +++ dnl TODO: Check for features instead of setting flags based on the host! +++ AC_DEFINE([XP_UNIX], [1], [UNIX]) +++ AC_DEFINE([freebsd], [1], [freebsd]) +++ AC_DEFINE([_GNU_SOURCE], [1], [GNU Source]) +++ initdir='$(sysconfdir)/rc.d/init.d' +++ # do arch specific kfreebsd stuff here +++ case $host in +++ i*86-*-linux*) +++ AC_DEFINE([CPU_x86], [], [cpu type x86]) +++ AC_DEFINE([ATOMIC_64BIT_OPERATIONS], [1], [enabling atomic counter]) +++ ;; +++ x86_64-*-linux*) +++ AC_DEFINE([CPU_x86_64], [], [cpu type x86_64]) +++ AC_DEFINE([ATOMIC_64BIT_OPERATIONS], [1], [enabling atomic counter]) +++ ;; +++ esac +++ AC_MSG_CHECKING([for GCC provided 64-bit atomic bool cas function ...]) +++ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], +++ [[long long ptrval = 0, val = 0, newval = 1; (void)__sync_bool_compare_and_swap_8(&ptrval, val, newval);]])], +++ [AC_DEFINE([HAVE_64BIT_ATOMIC_CAS_FUNC], [1], [have 64-bit atomic bool compare and swap function provided by gcc])AC_MSG_RESULT([yes])], +++ [AC_MSG_RESULT([no])]) +++ AC_MSG_CHECKING([for GCC provided 64-bit atomic ops functions ...]) +++ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], +++ [[long long ptrval = 0, val = 0; (void)__sync_add_and_fetch_8(&ptrval, val);]])], +++ [AC_DEFINE([HAVE_64BIT_ATOMIC_OP_FUNCS], [1], [have 64-bit atomic operation functions provided by gcc])AC_MSG_RESULT([yes])], +++ [AC_MSG_RESULT([no])]) +++ # some programs use the native thread library directly +++ THREADLIB=-lpthread +++ AC_SUBST([THREADLIB], [$THREADLIB]) +++ LIBCRYPT=-lcrypt +++ AC_SUBST([LIBCRYPT], [$LIBCRYPT]) +++ AC_DEFINE([USE_POSIX_RWLOCKS], [1], [POSIX rwlocks]) +++ ;; ++ ia64-hp-hpux*) ++ AC_DEFINE([hpux], [1], [HP-UX]) ++ AC_DEFINE([HPUX], [1], [HP-UX]) ++--- a/include/base/systems.h +++++ b/include/base/systems.h ++@@ -62,7 +62,7 @@ ++ /* warning: mmap doesn't work under 9.04 */ ++ #define SHMEM_MMAP_FLAGS MAP_FILE | MAP_VARIABLE | MAP_SHARED ++ ++-#elif defined(Linux) +++#elif defined(Linux) || defined(freebsd) ++ ++ #define ACCELERATOR_CACHE ++ #define DNS_CACHE ++--- a/include/public/base/systems.h +++++ b/include/public/base/systems.h ++@@ -56,7 +56,7 @@ ++ #define SHMEM_UNIX_MMAP ++ #define ZERO(ptr,len) memset(ptr,0,len) ++ ++-#elif defined(Linux) +++#elif defined(Linux) || defined(freebsd) ++ ++ #define FILE_UNIX ++ #define FILE_UNIX_MMAP ++--- a/ldap/include/portable.h +++++ b/ldap/include/portable.h ++@@ -250,7 +250,7 @@ int strncasecmp(const char *, const char ++ defined(UNIXWARE) || defined(SUNOS4) || defined(SNI) || defined(BSDI) || \ ++ defined(NCR) || defined(OSF1) || defined(NEC) || \ ++ ( defined(HPUX10) && !defined(_REENTRANT)) || defined(HPUX11) || \ ++- defined(UnixWare) || defined(LINUX2_0) +++ defined(UnixWare) || defined(LINUX2_0) || defined(freebsd) ++ #define GETHOSTBYNAME( n, r, b, l, e ) gethostbyname( n ) ++ #elif defined(AIX) ++ #define GETHOSTBYNAME_BUF_T struct hostent_data ++@@ -288,7 +288,7 @@ typedef char GETHOSTBYADDR_buf_t [BUFSIZ ++ #elif defined( hpux10 ) ++ #define CTIME( c, b, l ) nsldapi_compat_ctime_r( c, b, l ) ++ #elif defined( IRIX ) || defined(UNIXWARE) || defined(LINUX) \ ++- || defined(OSF1V4) || defined(AIX) || defined(UnixWare) || defined (HPUX11) +++ || defined(OSF1V4) || defined(AIX) || defined(UnixWare) || defined (HPUX11) || defined(freebsd) ++ #define CTIME( c, b, l ) ctime_r( c, b ) ++ #elif defined( OSF1V3 ) ++ #define CTIME( c, b, l ) (ctime_r( c, b, l ) ? NULL : b) ++@@ -297,7 +297,7 @@ typedef char GETHOSTBYADDR_buf_t [BUFSIZ ++ #endif ++ #if defined(hpux9) || defined(LINUX1_2) || defined(SUNOS4) || defined(SNI) || \ ++ defined(SCOOS) || defined(BSDI) || defined(NCR) || \ ++- defined(NEC) || defined(LINUX2_0) +++ defined(NEC) || defined(LINUX2_0) || defined(freebsd) ++ /* strtok() is not MT safe, but it is okay to call here because used in mmt_protocol.xs which ++ has been moved in the tetframewrok */ ++ #define STRTOK( s1, s2, l ) strtok( s1, s2 ) ++--- a/ldap/servers/slapd/daemon.c +++++ b/ldap/servers/slapd/daemon.c ++@@ -38,7 +38,7 @@ ++ #endif /* NEED_FILIO */ ++ /* for some reason, linux tty stuff defines CTIME */ ++ #include ++-#ifdef LINUX +++#if defined(LINUX) || defined(freebsd) ++ #undef CTIME ++ #include ++ #else ++@@ -442,7 +442,7 @@ disk_mon_get_dirs(char ***list, int logs ++ char * ++ disk_mon_check_diskspace(char **dirs, PRUint64 threshold, PRUint64 *disk_space) ++ { ++-#ifdef LINUX +++#if defined(LINUX) || defined(freebsd) ++ struct statfs buf; ++ #else ++ struct statvfs buf; ++@@ -455,7 +455,7 @@ disk_mon_check_diskspace(char **dirs, PR ++ int i = 0; ++ ++ for(i = 0; dirs && dirs[i]; i++){ ++-#ifndef LINUX +++#if !defined(LINUX) && !defined(freebsd) ++ if (statvfs(dirs[i], &buf) != -1) ++ #else ++ if (statfs(dirs[i], &buf) != -1) ++--- a/ldap/servers/slapd/tools/pwenc.c +++++ b/ldap/servers/slapd/tools/pwenc.c ++@@ -16,7 +16,7 @@ ++ #include ++ #include ++ #include ++-#if defined(LINUX) /* I bet other Unix would like +++#if defined(LINUX) || defined(freebsd) /* I bet other Unix would like ++ * this flag. But don't want to ++ * break other builds so far */ ++ #include ++--- a/ldap/systools/idsktune.c +++++ b/ldap/systools/idsktune.c ++@@ -16,6 +16,11 @@ ++ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */ ++ static char *build_date = "14-JULY-2016"; ++ +++#if defined(freebsd) +++#define IDDS_BSD_INCLUDE 1 +++#define IDDS_BSD_SYSCTL 1 +++#endif +++ ++ #if defined(linux) || defined(__linux) || defined(__linux__) ++ #define IDDS_LINUX_INCLUDE 1 ++ #define IDDS_LINUX_SYSCTL 1 ++--- a/lib/base/dnsdmain.cpp +++++ b/lib/base/dnsdmain.cpp ++@@ -35,12 +35,12 @@ extern "C" { ++ #define _PATH_RESCONF "/etc/resolv.conf" ++ ++ NSPR_BEGIN_EXTERN_C ++-#ifdef Linux +++#if defined Linux || defined(freebsd) ++ extern int getdomainname(char *, size_t); ++ #else ++ extern int getdomainname(char *, int); ++ #endif /* Linux */ ++-#if defined(HPUX) || defined(Linux) || defined(SOLARIS_GCC) +++#if defined(HPUX) || defined(Linux) || defined(SOLARIS_GCC) || defined(freebsd) ++ extern int gethostname (char *name, size_t namelen); ++ #else ++ extern int gethostname (char *name, int namelen); ++--- a/lib/base/file.cpp +++++ b/lib/base/file.cpp ++@@ -213,7 +213,7 @@ NSAPI_PUBLIC int file_notfound(void) ++ return (errno == ENOENT); ++ } ++ ++-#if !defined(LINUX) +++#if !defined(LINUX) && !defined(freebsd) ++ extern char *sys_errlist[]; ++ #endif ++ diff --cc debian/patches/use-bash-instead-of-sh.diff index 0000000,0000000..9febec0 new file mode 100644 --- /dev/null +++ b/debian/patches/use-bash-instead-of-sh.diff @@@ -1,0 -1,0 +1,144 @@@ ++--- a/ldap/admin/src/scripts/bak2db.in +++++ b/ldap/admin/src/scripts/bak2db.in ++@@ -1,4 +1,4 @@ ++-#!/bin/sh +++#!/bin/bash ++ ++ . @datadir@/@package_name@/data/DSSharedLib ++ ++--- a/ldap/admin/src/scripts/db2bak.in +++++ b/ldap/admin/src/scripts/db2bak.in ++@@ -1,4 +1,4 @@ ++-#!/bin/sh +++#!/bin/bash ++ ++ . @datadir@/@package_name@/data/DSSharedLib ++ ++--- a/ldap/admin/src/scripts/db2index.in +++++ b/ldap/admin/src/scripts/db2index.in ++@@ -1,4 +1,4 @@ ++-#!/bin/sh +++#!/bin/bash ++ ++ . @datadir@/@package_name@/data/DSSharedLib ++ ++--- a/ldap/admin/src/scripts/db2ldif.in +++++ b/ldap/admin/src/scripts/db2ldif.in ++@@ -1,4 +1,4 @@ ++-#!/bin/sh +++#!/bin/bash ++ ++ . @datadir@/@package_name@/data/DSSharedLib ++ ++--- a/ldap/admin/src/scripts/dbverify.in +++++ b/ldap/admin/src/scripts/dbverify.in ++@@ -1,4 +1,4 @@ ++-#!/bin/sh +++#!/bin/bash ++ ++ . @datadir@/@package_name@/data/DSSharedLib ++ ++--- a/ldap/admin/src/scripts/dn2rdn.in +++++ b/ldap/admin/src/scripts/dn2rdn.in ++@@ -1,4 +1,4 @@ ++-#!/bin/sh +++#!/bin/bash ++ ++ . @datadir@/@package_name@/data/DSSharedLib ++ ++--- a/ldap/admin/src/scripts/ldif2db.in +++++ b/ldap/admin/src/scripts/ldif2db.in ++@@ -1,4 +1,4 @@ ++-#!/bin/sh +++#!/bin/bash ++ ++ . @datadir@/@package_name@/data/DSSharedLib ++ ++--- a/ldap/admin/src/scripts/ldif2ldap.in +++++ b/ldap/admin/src/scripts/ldif2ldap.in ++@@ -1,4 +1,4 @@ ++-#!/bin/sh +++#!/bin/bash ++ ++ . @datadir@/@package_name@/data/DSSharedLib ++ ++--- a/ldap/admin/src/scripts/monitor.in +++++ b/ldap/admin/src/scripts/monitor.in ++@@ -1,4 +1,4 @@ ++-#!/bin/sh +++#!/bin/bash ++ ++ . @datadir@/@package_name@/data/DSSharedLib ++ ++--- a/ldap/admin/src/scripts/restart-dirsrv.in +++++ b/ldap/admin/src/scripts/restart-dirsrv.in ++@@ -1,4 +1,4 @@ ++-#!/bin/sh +++#!/bin/bash ++ ++ # Script that restarts the ns-slapd server. ++ # Exit status can be: ++--- a/ldap/admin/src/scripts/restoreconfig.in +++++ b/ldap/admin/src/scripts/restoreconfig.in ++@@ -1,4 +1,4 @@ ++-#!/bin/sh +++#!/bin/bash ++ ++ . @datadir@/@package_name@/data/DSSharedLib ++ ++--- a/ldap/admin/src/scripts/saveconfig.in +++++ b/ldap/admin/src/scripts/saveconfig.in ++@@ -1,4 +1,4 @@ ++-#!/bin/sh +++#!/bin/bash ++ ++ . @datadir@/@package_name@/data/DSSharedLib ++ ++--- a/ldap/admin/src/scripts/start-dirsrv.in +++++ b/ldap/admin/src/scripts/start-dirsrv.in ++@@ -1,4 +1,4 @@ ++-#!/bin/sh +++#!/bin/bash ++ ++ # Script that starts the ns-slapd server. ++ # Exit status can be: ++--- a/ldap/admin/src/scripts/stop-dirsrv.in +++++ b/ldap/admin/src/scripts/stop-dirsrv.in ++@@ -1,4 +1,4 @@ ++-#!/bin/sh +++#!/bin/bash ++ ++ # Script that stops the ns-slapd server. ++ # Exit status can be: ++--- a/ldap/admin/src/scripts/suffix2instance.in +++++ b/ldap/admin/src/scripts/suffix2instance.in ++@@ -1,4 +1,4 @@ ++-#!/bin/sh +++#!/bin/bash ++ ++ . @datadir@/@package_name@/data/DSSharedLib ++ ++--- a/ldap/admin/src/scripts/upgradedb.in +++++ b/ldap/admin/src/scripts/upgradedb.in ++@@ -1,4 +1,4 @@ ++-#!/bin/sh +++#!/bin/bash ++ ++ . @datadir@/@package_name@/data/DSSharedLib ++ ++--- a/ldap/admin/src/scripts/upgradednformat.in +++++ b/ldap/admin/src/scripts/upgradednformat.in ++@@ -1,4 +1,4 @@ ++-#!/bin/sh +++#!/bin/bash ++ ++ . @datadir@/@package_name@/data/DSSharedLib ++ ++--- a/ldap/admin/src/scripts/vlvindex.in +++++ b/ldap/admin/src/scripts/vlvindex.in ++@@ -1,4 +1,4 @@ ++-#!/bin/sh +++#!/bin/bash ++ ++ . @datadir@/@package_name@/data/DSSharedLib ++ diff --cc debian/rules index 0000000,0000000..d812ff0 new file mode 100755 --- /dev/null +++ b/debian/rules @@@ -1,0 -1,0 +1,93 @@@ ++#!/usr/bin/make -f ++# -*- makefile -*- ++ ++export DEB_BUILD_MAINT_OPTIONS = hardening=+pie ++ ++# Keep track of files we don't install ++NOT_INSTALLED := ++ ++REALFILE = \ ++ bin/cl-dump.pl \ ++ bin/dbgen.pl \ ++ bin/ds-logpipe.py \ ++ bin/logconv.pl \ ++ bin/repl-monitor.pl \ ++ sbin/migrate-ds.pl \ ++ sbin/remove-ds.pl \ ++ sbin/setup-ds.pl \ ++ sbin/cleanallruv.pl \ ++ sbin/fixup-linkedattrs.pl \ ++ sbin/fixup-memberof.pl \ ++ sbin/ns-accountstatus.pl \ ++ sbin/ns-activate.pl \ ++ sbin/ns-inactivate.pl \ ++ sbin/ns-newpwpolicy.pl \ ++ sbin/schema-reload.pl \ ++ sbin/syntax-validate.pl \ ++ sbin/usn-tombstone-cleanup.pl \ ++ sbin/verify-db.pl \ ++ share/man/man1/dbgen.pl.1 \ ++ share/man/man1/ds-logpipe.py.1 \ ++ share/man/man1/logconv.pl.1 \ ++ share/man/man8/migrate-ds.pl.8 \ ++ share/man/man8/setup-ds.pl.8 \ ++ share/man/man8/remove-ds.pl.8 ++ ++# scripts for handling online servers ++REALFILE_ONLINE = \ ++ sbin/bak2db.pl \ ++ sbin/db2bak.pl \ ++ sbin/db2index.pl \ ++ sbin/db2ldif.pl \ ++ sbin/ldif2db.pl \ ++ share/man/man8/bak2db.pl.8 \ ++ share/man/man8/db2bak.pl.8 \ ++ share/man/man8/db2index.pl.8 \ ++ share/man/man8/db2ldif.pl.8 \ ++ share/man/man8/ldif2db.pl.8 ++ ++%: ++ dh $@ --parallel --with autoreconf,systemd --builddir build/ ++ ++override_dh_auto_configure: ++ dh_auto_configure -- \ ++ --with-openldap \ ++ --with-systemd \ ++ --with-systemdsystemunitdir=/lib/systemd/system \ ++ --with-systemdsystemconfdir=/etc/systemd/system \ ++ --with-systemdgroupname=dirsrv.target \ ++ --with-tmpfiles-d=/etc/tmpfiles.d \ ++ --enable-autobind ++ ++override_dh_auto_install: ++ dh_auto_install --max-parallel=1 ++ ++override_dh_install: ++ # lets do the renaming here afterall, instead of in 389-ds-base.install ++ for file in $(REALFILE); do mv -f $(CURDIR)/debian/tmp/usr/$$file \ ++ $(CURDIR)/debian/tmp/usr/`echo $$file | \ ++ sed -s 's/\.pl//;s/\.py//'`; \ ++ done ++ # use -online suffix so that they won't overwrite the offline scripts ++ for file in $(REALFILE_ONLINE); do mv -f $(CURDIR)/debian/tmp/usr/$$file \ ++ $(CURDIR)/debian/tmp/usr/`echo $$file | \ ++ sed -s 's/\.pl/-online/'`; \ ++ done ++ # purge .la files ++ find $(CURDIR)/debian/tmp -name "*.la" -type f -exec rm -f "{}" \; ++ # fix template script headers ++ find $(CURDIR)/debian/tmp/usr/share/dirsrv/script-templates/ -type f -exec perl -pi -e 's,#\{\{PERL-EXEC\}\},#!/usr/bin/perl,' "{}" \; ++ ++ # Also get rid of other files which aren't installed. Do not ++ # use -f to ensure we notice disappearing files: ++ set -e; for file in $(NOT_INSTALLED); do rm debian/tmp/$$file; done ++ ++ mkdir -p $(CURDIR)/debian/tmp/etc/systemd/system/dirsrv.target.wants ++ ++ dh_install --fail-missing ++ ++override_dh_systemd_enable: ++ dh_systemd_enable -p389-ds-base --no-enable dirsrv-snmp.service ++ ++override_dh_shlibdeps: ++ dh_shlibdeps -l"debian/389-ds-base/usr/lib/$(DEB_HOST_MULTIARCH)/dirsrv" -a diff --cc debian/source/format index 0000000,0000000..163aaf8 new file mode 100644 --- /dev/null +++ b/debian/source/format @@@ -1,0 -1,0 +1,1 @@@ ++3.0 (quilt) diff --cc debian/tests/control index 0000000,0000000..603e559 new file mode 100644 --- /dev/null +++ b/debian/tests/control @@@ -1,0 -1,0 +1,5 @@@ ++Tests: setup ++Depends: ++ 389-ds-base, ++ python-lib389, ++Restrictions: needs-root diff --cc debian/tests/setup index 0000000,0000000..e23d910 new file mode 100644 --- /dev/null +++ b/debian/tests/setup @@@ -1,0 -1,0 +1,17 @@@ ++#!/bin/sh ++ ++# hack for lxc ++IP=`ip route get 1.1.1.1 | awk '{print $NF; exit}'` ++HOSTNAME=`cat /etc/hosts| grep '127.0.1.1' | awk '{print $NF; exit}'` ++echo "$IP $HOSTNAME.debci $HOSTNAME" >> /etc/hosts ++ ++/usr/sbin/setup-ds --silent -- \ ++ General.FullMachineName=$HOSTNAME.debci\ ++ General.SuiteSpotUserID=dirsrv\ ++ General.SuiteSpotGroup=dirsrv\ ++ slapd.ServerPort=1389\ ++ slapd.ServerIdentifier=debci\ ++ slapd.Suffix=dc=example,dc=com\ ++ slapd.RootDN="cn=Directory Manager"\ ++ slapd.RootDNPwd=Secret123 ++ diff --cc debian/watch index 0000000,0000000..727205b new file mode 100644 --- /dev/null +++ b/debian/watch @@@ -1,0 -1,0 +1,3 @@@ ++#git=https://pagure.io/389-ds-base.git ++version=3 ++http://releases.pagure.org/389-ds-base/389-ds-base-(.*).tar.bz2