From: Timo Aaltonen Date: Wed, 10 May 2017 06:25:03 +0000 (+0100) Subject: Import 389-ds-base_1.3.5.17-2.debian.tar.xz X-Git-Tag: archive/raspbian/1.4.0.19-3+rpi1~1^2^2~11^2 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=76040b77c69dc0c3e817a76450dda3633deaa3ac;p=389-ds-base.git Import 389-ds-base_1.3.5.17-2.debian.tar.xz [dgit import tarball 389-ds-base 1.3.5.17-2 389-ds-base_1.3.5.17-2.debian.tar.xz] --- 76040b77c69dc0c3e817a76450dda3633deaa3ac diff --git a/389-ds-base-dev.install b/389-ds-base-dev.install new file mode 100644 index 0000000..447fc1b --- /dev/null +++ b/389-ds-base-dev.install @@ -0,0 +1,3 @@ +usr/include/dirsrv/* +usr/lib/*/dirsrv/libslapd.so +usr/lib/*/pkgconfig/* diff --git a/389-ds-base-libs.install b/389-ds-base-libs.install new file mode 100644 index 0000000..d13da2f --- /dev/null +++ b/389-ds-base-libs.install @@ -0,0 +1 @@ +usr/lib/*/dirsrv/libslapd.so.* diff --git a/389-ds-base-libs.lintian-overrides b/389-ds-base-libs.lintian-overrides new file mode 100644 index 0000000..b6702fb --- /dev/null +++ b/389-ds-base-libs.lintian-overrides @@ -0,0 +1,3 @@ +# these are bogus warnings, no libs shipped in a public libdir +postinst-has-useless-call-to-ldconfig +postrm-has-useless-call-to-ldconfig diff --git a/389-ds-base.default b/389-ds-base.default new file mode 100644 index 0000000..14beb77 --- /dev/null +++ b/389-ds-base.default @@ -0,0 +1,6 @@ +# Defaults for dirsrv +# +# This is a POSIX shell fragment + +# Enable bindnow hardening +LD_BIND_NOW=1 diff --git a/389-ds-base.dirs b/389-ds-base.dirs new file mode 100644 index 0000000..f12d71e --- /dev/null +++ b/389-ds-base.dirs @@ -0,0 +1,2 @@ +var/log/dirsrv +var/lib/dirsrv diff --git a/389-ds-base.install b/389-ds-base.install new file mode 100644 index 0000000..c001ad9 --- /dev/null +++ b/389-ds-base.install @@ -0,0 +1,17 @@ +etc/default/dirsrv +etc/default/dirsrv.systemd +etc/dirsrv/config/ +etc/dirsrv/schema/*.ldif +etc/systemd/ +lib/systemd/system/dirsrv-snmp.service +lib/systemd/system/dirsrv.target +lib/systemd/system/dirsrv@.service +usr/bin/ +usr/lib/*/dirsrv/libns-dshttpd.so* +usr/lib/*/dirsrv/perl/ +usr/lib/*/dirsrv/plugins/*.so +usr/lib/*/dirsrv/python/ +usr/sbin/ +usr/share/dirsrv/ +usr/share/man/man1/*.1 +usr/share/man/man8/*.8 diff --git a/389-ds-base.links b/389-ds-base.links new file mode 100644 index 0000000..2f83bc6 --- /dev/null +++ b/389-ds-base.links @@ -0,0 +1 @@ +/dev/null lib/systemd/system/dirsrv.service diff --git a/389-ds-base.lintian-overrides b/389-ds-base.lintian-overrides new file mode 100644 index 0000000..fbe0b92 --- /dev/null +++ b/389-ds-base.lintian-overrides @@ -0,0 +1,4 @@ +# these are bogus warnings, no libs shipped in a public libdir +unused-shlib-entry-in-control-file +postinst-has-useless-call-to-ldconfig +postrm-has-useless-call-to-ldconfig diff --git a/389-ds-base.postinst b/389-ds-base.postinst new file mode 100644 index 0000000..5aaf903 --- /dev/null +++ b/389-ds-base.postinst @@ -0,0 +1,49 @@ +#!/bin/sh +set -e + +. /usr/share/debconf/confmodule + +CONFIG_DIR=/etc/dirsrv +OUT=/dev/null +INSTANCES=`ls -d /etc/dirsrv/slapd-* 2>/dev/null | grep -v removed | sed 's/.*slapd-//'` + +if [ "$1" = configure ]; then + # lets give them a user/group in all cases. + if ! getent passwd dirsrv > $OUT; then + adduser --quiet --system --home /var/lib/dirsrv \ + --disabled-password --group \ + --gecos "389 Directory Server user" \ + --no-create-home \ + dirsrv > $OUT + fi + + chown -R dirsrv:dirsrv /etc/dirsrv/ /var/log/dirsrv/ /var/lib/dirsrv/ > $OUT || true + chmod 750 /etc/dirsrv/ /var/log/dirsrv/ /var/lib/dirsrv/ > $OUT || true + + if [ -n "$2" ]; then + for inst in $INSTANCES; do + service dirsrv@$inst stop > $OUT 2>&1 + done + + setup-ds -l $OUT -u -s General.UpdateMode=offline > $OUT 2>&1 + + if [ $? = 0 ]; then + for inst in $INSTANCES; do + service dirsrv@$inst start > $OUT 2>&1 + done + fi + fi +fi + +invoke_failure() { + # invoke-rc.d failed, likely because no instance has been configured yet + # but exit with an error if an instance is configured and the invoke failed + if [ -z $INSTANCES ]; then + echo "... because no instance has been configured yet." + else + exit 1 + fi +} + + +#DEBHELPER# diff --git a/389-ds-base.postrm b/389-ds-base.postrm new file mode 100644 index 0000000..0a70e0e --- /dev/null +++ b/389-ds-base.postrm @@ -0,0 +1,16 @@ +#!/bin/sh +set -e + +. /usr/share/debconf/confmodule + +if [ "$1" = "purge" ]; then + if getent group dirsrv > /dev/null; then + deluser --system dirsrv || true + fi + rm -f /etc/systemd/system/dirsrv.target.wants/dirsrv@*.service + rm -rf /etc/dirsrv + rm -rf /var/lib/dirsrv + rm -rf /var/log/dirsrv +fi + +#DEBHELPER# diff --git a/389-ds-base.prerm b/389-ds-base.prerm new file mode 100644 index 0000000..3e1529b --- /dev/null +++ b/389-ds-base.prerm @@ -0,0 +1,14 @@ +#!/bin/sh -e +set -e + +#DEBHELPER# + +if [ "$1" = "purge" ]; then + # remove all installed instances + for FILE in `ls -d $CONFDIR/slapd-* 2>/dev/null | sed -n '/\.removed$/!$'` + do + if [ -d "$FILE" ] ; then + remove-ds -f -i $FILE + fi + done +fi diff --git a/README.Debian b/README.Debian new file mode 100644 index 0000000..eba838e --- /dev/null +++ b/README.Debian @@ -0,0 +1,12 @@ +To complete the 389 Directory Server installation just run /usr/sbin/setup-ds. + +If you experience problems accessing the Directory Server, check with +"netstat -tapen |grep 389" and verify that the server is not listening only +to ipv6 (check for ^tcp6). In such case you will need to tweak the cn=config +DIT with something like the following: + +dn: cn=config +changetype: modify +add: nsslapd-listenhost +nsslapd-listenhost: + diff --git a/changelog b/changelog new file mode 100644 index 0000000..19c5b85 --- /dev/null +++ b/changelog @@ -0,0 +1,577 @@ +389-ds-base (1.3.5.17-2) unstable; urgency=medium + + * fix-upstream-49245.diff: Pull commits from upstream 1.3.5.x, which + remove rest of the asm code. (Closes: #862194) + + -- Timo Aaltonen Wed, 10 May 2017 09:25:03 +0300 + +389-ds-base (1.3.5.17-1) unstable; urgency=medium + + * New upstream bugfix release. + - CVE-2017-2668 (Closes: #860125) + * watch: Updated. + + -- Timo Aaltonen Tue, 09 May 2017 11:06:14 +0300 + +389-ds-base (1.3.5.15-2) unstable; urgency=medium + + * fix-48986-cve-2017-2591.diff: Fix upstream ticket 48986, + CVE-2017-2591. (Closes: #851769) + + -- Timo Aaltonen Fri, 27 Jan 2017 00:01:53 +0200 + +389-ds-base (1.3.5.15-1) unstable; urgency=medium + + * New upstream release. + - CVE-2016-5405 (Closes: #842121) + + -- Timo Aaltonen Wed, 16 Nov 2016 11:01:00 +0200 + +389-ds-base (1.3.5.14-1) unstable; urgency=medium + + * New upstream release. + * postrm: Remove /etc/dirsrv, /var/lib/dirsrv and /var/log/dirsrv on + purge. + * control: Bump build-dep on libsvrcore-dev to ensure it has support + for systemd password agent. + + -- Timo Aaltonen Fri, 28 Oct 2016 01:42:27 +0300 + +389-ds-base (1.3.5.13-1) unstable; urgency=medium + + * New upstream release. + * control: Bump policy to 3.9.8, no changes. + * patches/default_user: Dropped, upstream. + * support-non-nss-libldap.diff: Dropped, upstream. + * fix-obsolete-target.diff: Updated. + * patches: Refreshed. + * control: Add libsystemd-dev to build-deps. + * control: Add acl to -base depends. + + -- Timo Aaltonen Wed, 12 Oct 2016 11:11:20 +0300 + +389-ds-base (1.3.4.14-2) unstable; urgency=medium + + * tests: Add simple autopkgtests. + * postinst: Start instances after offline update. + * control, rules: Drop -dbg packages. + * control: Drop conflicts on slapd. (Closes: #822532) + + -- Timo Aaltonen Mon, 03 Oct 2016 17:53:26 +0300 + +389-ds-base (1.3.4.14-1) unstable; urgency=medium + + * New upstream release. + * support-non-nss-libldap.diff: Refreshed. + + -- Timo Aaltonen Mon, 29 Aug 2016 10:17:41 +0300 + +389-ds-base (1.3.4.9-1) unstable; urgency=medium + + * New upstream release. + * support-non-nss-libldap.diff: Support libldap built against gnutls. + (LP: #1564179) + + -- Timo Aaltonen Mon, 18 Apr 2016 18:08:14 +0300 + +389-ds-base (1.3.4.8-4) unstable; urgency=medium + + * use-perl-move.diff: Dropped, 'rename' is more reliable. + + -- Timo Aaltonen Wed, 30 Mar 2016 08:38:24 +0300 + +389-ds-base (1.3.4.8-3) unstable; urgency=medium + + * use-perl-move.diff: Fix 60upgradeschemafiles.pl to use File::Copy. + (Closes: #818578) + + -- Timo Aaltonen Fri, 18 Mar 2016 11:15:23 +0200 + +389-ds-base (1.3.4.8-2) unstable; urgency=medium + + * postinst: Silence ls and adduser. + * Drop the init file, we depend on systemd anyway. + * rules: Don't enable dirsrv-snmp.service by default. + * postrm: Clean up /var/lib/dirsrv/scripts-* on purge. + * user-perl-move.diff: Use move instead of rename during upgrade. + (Closes: #775550) + + -- Timo Aaltonen Thu, 17 Mar 2016 08:13:38 +0200 + +389-ds-base (1.3.4.8-1) unstable; urgency=medium + + * New upstream release. + + -- Timo Aaltonen Mon, 22 Feb 2016 07:58:40 +0200 + +389-ds-base (1.3.4.5-2) unstable; urgency=medium + + * fix-systemctl-path.diff: Use correct path to /bin/systemctl. + (Closes: #779653) + + -- Timo Aaltonen Wed, 09 Dec 2015 08:31:20 +0200 + +389-ds-base (1.3.4.5-1) unstable; urgency=medium + + * New upstream release. + * patches: Refreshed. + + -- Timo Aaltonen Wed, 09 Dec 2015 08:14:56 +0200 + +389-ds-base (1.3.3.13-1) unstable; urgency=medium + + * New upstream release. + * control: Add systemd to 389-ds-base Depends. (Closes: #794301) + * postrm: Clean target.wants in postrm. + * reproducible-build.diff: Make builds reproducible. Thanks, Chris + Lamb! (Closes: #799010) + + -- Timo Aaltonen Tue, 20 Oct 2015 14:25:05 +0300 + +389-ds-base (1.3.3.12-1) unstable; urgency=medium + + * New upstream release + - fix CVE-2015-3230 (Closes: #789202) + + -- Timo Aaltonen Wed, 24 Jun 2015 11:47:50 +0300 + +389-ds-base (1.3.3.10-1) unstable; urgency=medium + + * New upstream release + - fix CVE-2015-1854 (Closes: #783923) + * postinst: Stop actual instances instead of 'dirsrv' on upgrade, and + use service(8) instead of invoke-rc.d. + + -- Timo Aaltonen Thu, 07 May 2015 07:58:35 +0300 + +389-ds-base (1.3.3.9-1) experimental; urgency=medium + + * New upstream bugfix release. + - Drop cve-2014-8*.diff, upstream. + + -- Timo Aaltonen Thu, 02 Apr 2015 14:47:20 +0300 + +389-ds-base (1.3.3.5-4) unstable; urgency=medium + + * Security fixes (Closes: #779909) + - cve-2014-8105.diff: Fix for CVE-2014-8105 + - cve-2014-8112.diff: Fix for CVE-2014-8112 + + -- Timo Aaltonen Mon, 09 Mar 2015 10:53:03 +0200 + +389-ds-base (1.3.3.5-3) unstable; urgency=medium + + * use-bash-instead-of-sh.diff: Drop admin_scripts.diff and patch the + scripts to use bash instead of trying to fix bashisms. (Closes: + #772195) + + -- Timo Aaltonen Fri, 16 Jan 2015 15:40:23 +0200 + +389-ds-base (1.3.3.5-2) unstable; urgency=medium + + * fix-saslpath.diff: Fix SASL library path. + + -- Timo Aaltonen Sat, 25 Oct 2014 01:48:34 +0300 + +389-ds-base (1.3.3.5-1) unstable; urgency=medium + + * New upstream bugfix release. + * control: Bump policy, no changes. + + -- Timo Aaltonen Mon, 20 Oct 2014 09:57:14 +0300 + +389-ds-base (1.3.3.3-1) unstable; urgency=medium + + * New upstream release. + * Dropped upstreamed patches, refresh others. + * control, rules, 389-ds-base.install: Add support for systemd. + * fix-obsolete-target.diff: Drop syslog.target from the service files. + * 389-ds-base.links: Mask the initscript so that it's not used with systemd. + + -- Timo Aaltonen Mon, 06 Oct 2014 17:13:01 +0300 + +389-ds-base (1.3.2.23-2) unstable; urgency=medium + + * Team upload. + * Add fix-bsd.patch and support-kfreebsd.patch to fix the build failure + on kFreeBSD. + + -- Benjamin Drung Wed, 03 Sep 2014 15:32:22 +0200 + +389-ds-base (1.3.2.23-1) unstable; urgency=medium + + * New bugfix release. + * watch: Update the url. + * control: Update Vcs-Browser url to use cgit. + + -- Timo Aaltonen Mon, 01 Sep 2014 13:32:59 +0300 + +389-ds-base (1.3.2.21-1) unstable; urgency=medium + + * New upstream release. + - CVE-2014-3562 (Closes: #757437) + + -- Timo Aaltonen Fri, 08 Aug 2014 10:48:55 +0300 + +389-ds-base (1.3.2.19-1) unstable; urgency=medium + + * New upstream release. + * admin_scripts.diff: Updated to fix more bashisms. + * watch: Update the url. + * Install failedbinds.py and logregex.py scripts. + * init: Use status from init-functions. + * control: Update my email. + + -- Timo Aaltonen Tue, 08 Jul 2014 15:50:11 +0300 + +389-ds-base (1.3.2.9-1.1) unstable; urgency=medium + + * Non-maintainer upload. + * Apply fix for CVE-2014-0132, see like named patch (Closes: 741600) + * Fix m4-macro for libsrvcore and add missing B-D on libpci-dev + (Closes: #745821) + + -- Tobias Frost Fri, 25 Apr 2014 15:11:16 +0200 + +389-ds-base (1.3.2.9-1) unstable; urgency=low + + * New upstream release. + - fixes CVE-2013-0336 (Closes: #704077) + - fixes CVE-2013-1897 (Closes: #704421) + - fixes CVE-2013-2219 (Closes: #718325) + - fixes CVE-2013-4283 (Closes: #721222) + - fixes CVE-2013-4485 (Closes: #730115) + * Drop fix-CVE-2013-0312.diff, upstream. + * rules: Add new scripts to rename. + * fix-sasl-path.diff: Use a triplet path to find libsasl2. (LP: + #1088822) + * admin_scripts.diff: Add patch from upstream #47511 to fix bashisms. + * control: Add ldap-utils to -base depends. + * rules, rename-online-scripts.diff: Some scripts with .pl suffix are + meant for an online server, so instead of overwriting the offline + scripts use -online suffix. + * rules: Enable parallel build, but limit the jobs to 1 for + dh_auto_install. + * control: Bump policy to 3.9.5, no changes. + * rules: Add get-orig-source target. + * lintian-overrides: Drop obsolete entries, add comments for the rest. + + -- Timo Aaltonen Mon, 03 Feb 2014 11:08:50 +0200 + +389-ds-base (1.3.0.3-1) unstable; urgency=low + + * New upstream release. + * control: Bump the policy to 3.9.4, no changes. + * fix-CVE-2013-0312.diff: Patch to fix handling LDAPv3 control data. + + -- Timo Aaltonen Mon, 11 Mar 2013 14:23:20 +0200 + +389-ds-base (1.2.11.17-1) UNRELEASED; urgency=low + + * New upstream release. + * watch: Add a comment about the upstream git tree. + * fix-cve-2012-4450.diff: Remove, upstream. + + -- Timo Aaltonen Sat, 01 Dec 2012 14:22:13 +0200 + +389-ds-base (1.2.11.15-1) unstable; urgency=low + + * New upstream release. + * Add fix-cve-2012-4450.diff. (Closes: #688942) + * dirsrv.init: Fix stop() to remove the pidfile only when the process + is finished. (Closes: #689389) + * copyright: Update the source url. + * control: Drop quilt from build-depends, since using 3.0 (quilt) + * lintian-overrides: Add an override for hardening-no-fortify- + functions, since it's a false positive in this case. + * control: Drop dpkg-dev from build-depends, no need to specify it + directly. + * copyright: Add myself as a copyright holder for debian/*. + * 389-ds-base.prerm: Add 'set -e'. + * rules: drop DEB_HOST_MULTIARCH, dh9 handles it. + + -- Timo Aaltonen Wed, 03 Oct 2012 19:33:52 +0300 + +389-ds-base (1.2.11.7-5) unstable; urgency=low + + * control: Drop debconf-utils and po-debconf from build-depends. + * control: Add libnetaddr-ip-perl and libsocket-getaddrinfo-perl to + 389-ds-base Depends for ipv6 support. (Closes: #682847) + + -- Timo Aaltonen Mon, 30 Jul 2012 13:12:23 +0200 + +389-ds-base (1.2.11.7-4) unstable; urgency=low + + * debian/po: Remove, leftover from the template purge. (Closes: #681543) + + -- Timo Aaltonen Thu, 19 Jul 2012 23:12:01 +0300 + +389-ds-base (1.2.11.7-3) unstable; urgency=low + + * 389-ds-base.config: Removed, the debconf template is no more. + (Closes: #680351) + * control: Remove duplicate 'the' from the 389-ds description. + + -- Timo Aaltonen Wed, 11 Jul 2012 11:59:36 +0300 + +389-ds-base (1.2.11.7-2) unstable; urgency=low + + * control: Stop hardcoding libs to binary depends. (Closes: #679790) + * control: Add libnspr4-dev and libldap2-dev to 389-ds-base-dev + Depends. (Closes: #679742) + * l10n review (Closes: #679870) : + - Drop the debconf template, and rewrap README.Debian. + - control: Update the descriptions + + -- Timo Aaltonen Tue, 03 Jul 2012 17:58:20 +0300 + +389-ds-base (1.2.11.7-1) unstable; urgency=low + + [ Timo Aaltonen ] + * New upstream release. + * watch: Fix the url. + * patches/remove_license_prompt: Dropped, included upstream. + * patches/default_user: Refreshed. + * control: Change the VCS header to point to the git repository. + * control: Rename last remnants of Fedora to 389. + * changelog, control: Be consistent with the naming; renamed the source + to just '389-ds-base', which matches upstream tarball naming. + * control: Wrap Depends. + * compat, control: Bump compat to 9, and debhelper build-dep to (>= 9). + * rules: Switch to dh. + * Move dirsrv.lintian to dirsrv.lintian-overrides, adjust dirsrv.install. + * *.dirs: Clean up. + * control: Build-depend on dh-autoreconf, drop duplicate bdeps. + * Fold dirsrv-tools into the main package. + * Build against libldap2-dev (>= 2.4.28). + * Rename binary package to 389-ds-base. + * -dev.install: Install the pkgconfig file. + * rules: Enable PIE hardening. + * Add a default file, currently sets LD_BIND_NOW=1. + * control: 'dbgen' uses old perl libs, add libperl4-corelibs-perl + dependency to 389-ds-base. + * rules: Add --fail-missing for dh_install, remove files not needed + and make sure to install the rest. + * rules, control: Fix the installation name of ds-logpipe.py, add + python dependency to 389-ds-base.. + * libns-dshttpd is internal to the server, ship it in 389-ds-base. + * Rename libdirsrv{-dev,0} -> 389-ds-base-{dev,libs}, includes only + libslapd and headers for external plugin development. + * control: Breaks/Replaces old libdirsrv-dev/libdirsrv0/dirsrv. + * Drop hyphen_used_as_minus, applied upstream. + * copyright: Use DEP5 format. + * Cherry-pick upstream commit ee320163c6 to get rid of unnecessary + and non-free MIB's from the tree, and build a dfsg compliant tarball. + * lintian-overrides: Update, create one for -libs. + * Fix the initscript to create the lockdir, and refactor code into separate + functions. + * Drop obsolete entries from copyright, and make it lintian clean. + * debian/po: Refer to the correct file after rename. + * control: Bump Standards-Version to 3.9.3, no changes. + * postinst: Drop unused 'lastversion'. + * patches: Add DEP3 compliant headers. + * rules, postinst: Add an error handler function for dh_installinit, so + that clean installs don't fail due to missing configuration. + * postinst: Run the update tool. + * dirsrv.init: + - Make the start and stop functions much simpler and LSB compliant + - Fix starting multiple instances + - Use '-b' for start-stop-daemon, since ns-slapd doesn't detach properly + * control: Add 389-ds metapackage. + * control: Change libdb4.8-dev build-depends to libdb-dev, since this version + supports db5.x. + * 389-ds-base.prerm: Add prerm script for removing installed instances on + purge. + + [ Krzysztof Klimonda ] + * dirsrv.init: + - return 0 code if there are no instances configured and tweak message + so it doesn't indicate a failure. + + -- Krzysztof Klimonda Tue, 27 Mar 2012 14:26:16 +0200 + +389-directory-server (1.2.6.1-5) unstable; urgency=low + + * Removed db_stop from dirsrv.postinst + * Fix short description in libdirsrv0-dbg + + -- Michele Baldessari Wed, 20 Oct 2010 20:24:20 +0200 + +389-directory-server (1.2.6.1-4) unstable; urgency=low + + * Make libicu dep dependent on dpkg-vendor + + -- Michele Baldessari Mon, 18 Oct 2010 21:21:52 +0200 + +389-directory-server (1.2.6.1-3) unstable; urgency=low + + * Remove dirsrv user and group in postrm + * Clean up postrm and postinst + + -- Michele Baldessari Sun, 17 Oct 2010 21:54:08 +0200 + +389-directory-server (1.2.6.1-2) unstable; urgency=low + + * Fix QUILT_STAMPFN + + -- Michele Baldessari Sun, 17 Oct 2010 15:03:34 +0200 + +389-directory-server (1.2.6.1-1) unstable; urgency=low + + * New upstream + + -- Michele Baldessari Sat, 16 Oct 2010 23:08:09 +0200 + +389-directory-server (1.2.6-2) unstable; urgency=low + + * Update my email address + + -- Michele Baldessari Sat, 16 Oct 2010 22:34:19 +0200 + +389-directory-server (1.2.6-1) unstable; urgency=low + + * New upstream + * s/Fedora/389/g to clean up the branding + * Remove automatic configuration (breaks too often with every update) + * Remove dirsrv.config translation, no questions are asked anymore + * Fix old changelog versions with proper ~ on rc versions + * Update policy to 3.9.1 + * Improve README.Debian + * Depend on libicu44 + * Remove /var/run/dirsrv from the postinst scripts (managed by init script) + + -- Michele Baldessari Sat, 04 Sep 2010 11:58:21 +0200 + +389-directory-server (1.2.6~rc7-1) unstable; urgency=low + + * New upstream + + -- Michele Baldessari Fri, 03 Sep 2010 20:06:08 +0200 + +389-directory-server (1.2.6~a3-1) unstable; urgency=low + + * New upstream + * Rename man page remove-ds.pl in remove-ds + * Removed Debian.source + + -- Michele Baldessari Sun, 23 May 2010 22:12:13 +0200 + +389-directory-server (1.2.6~a2-1) unstable; urgency=low + + * New upstream + * Removed speling_fixes patch, applied upstream + + -- Michele Baldessari Sun, 23 May 2010 13:36:25 +0200 + +389-directory-server (1.2.5-1) unstable; urgency=low + + * New upstream + * Add libpcre3-dev Build-dep + * ldap-agent moved ti /usr/sbin + * Fix spelling errors in code and manpages + * Fix some lintian warnings + * Bump policy to 3.8.3 + * Ignore lintian warning pkg-has-shlibs-control-file-but-no-actual-shared-libs + as the shlibs file is for dirsrv plugins + * Upgraded deps to libicu42 and libdb4.8 + * Do create /var/lib/dirsrv as dirsrv user's home + * Added libsasl2-modules-gssapi-mit as a dependency for dirsrv (needed by + mandatory LDAP SASL mechs) + * Install all files of etc/dirsrv/config + * Add some missing start scripts in usr/sbin + * Fixed a bug in the dirsrv.init script + * Switch to dpkg-source 3.0 (quilt) format + * Bump policy to 3.8.4 + + -- Michele Baldessari Sun, 23 May 2010 12:31:24 +0200 + +389-directory-server (1.2.1-0) unstable; urgency=low + + * Rename of source package (note, since this is still staging work no + replace or upgrade is in place) + * Update watch file + * New Upstream + + -- Michele Baldessari Fri, 12 Jun 2009 22:08:42 +0200 + +fedora-directory-server (1.2.0-1) unstable; urgency=low + + * New upstream release + * Add missing libkrb5-dev dependency + * Fix section of -dbg packages + * Fix all "dpatch-missing-description" lintian warnings + + -- Michele Baldessari Wed, 22 Apr 2009 23:36:22 +0200 + +fedora-directory-server (1.1.3-1) unstable; urgency=low + + * New upstream + * Added watch file + * Make setup-ds use dirsrv:dirsrv user/group as defaults + * Added VCS-* fields + * --enable-autobind + * Add ldap/servers/plugins/replication/winsync-plugin.h to libdirsrv-dev + + -- Michele Baldessari Mon, 24 Nov 2008 22:42:26 +0100 + +fedora-directory-server (1.1.2-2) unstable; urgency=low + + * Fixed build+configure twice issue + * Added Conflicts: slapd (thanks Alessandro) + + -- Michele Baldessari Tue, 23 Sep 2008 21:12:44 +0200 + +fedora-directory-server (1.1.2-1) unstable; urgency=low + + * New upstream + * Removed /usr/sbin PATH from postinst script + + -- Michele Baldessari Sat, 20 Sep 2008 20:10:52 +0000 + +fedora-directory-server (1.1.1-0) unstable; urgency=low + + * New upstream + * Don't apply patch for 439829, fixed upstream + * Bump to policy 3.8.0 + * Added README.source + + -- Michele Baldessari Fri, 22 Aug 2008 00:09:40 +0200 + +fedora-directory-server (1.1.0-4) unstable; urgency=low + + * dirsrv should depend on libmozilla-ldap-perl (thanks Mathias Kaufmann + ) + + -- Michele Baldessari Sun, 20 Jul 2008 18:41:58 +0200 + +fedora-directory-server (1.1.0-3) unstable; urgency=low + + * Fix up some descriptions + + -- Michele Baldessari Sun, 25 May 2008 21:36:32 +0200 + +fedora-directory-server (1.1.0-2) unstable; urgency=low + + * Silenced init warning messages when chowning pid directory + + -- Michele Baldessari Wed, 21 May 2008 23:08:32 +0200 + +fedora-directory-server (1.1.0-1) unstable; urgency=low + + * Removed template lintian warning + * Cleaned up manpages + + -- Michele Baldessari Sun, 18 May 2008 13:39:58 +0200 + +fedora-directory-server (1.1.0-0) unstable; urgency=low + + * Initial release (Closes: #497098). + * Fixed postinst after renaming setup-ds.pl to setup-ds + * Applied patch from https://bugzilla.redhat.com/show_bug.cgi?id=439829 to + fix segfault against late NSS versions + * Switched to parseable copyright format + * Source package is lintian clean now + * Added initial manpage patch + * Switched to dh_install + + -- Michele Baldessari Thu, 27 Mar 2008 23:56:17 +0200 diff --git a/compat b/compat new file mode 100644 index 0000000..ec63514 --- /dev/null +++ b/compat @@ -0,0 +1 @@ +9 diff --git a/control b/control new file mode 100644 index 0000000..a42c961 --- /dev/null +++ b/control @@ -0,0 +1,122 @@ +Source: 389-ds-base +Section: net +Priority: optional +Maintainer: Debian 389ds Team +Uploaders: + Timo Aaltonen , + Krzysztof Klimonda , +Build-Depends: + debhelper (>= 9), + dh-autoreconf, + dh-systemd, + libbz2-dev, + libdb-dev, + libicu-dev, + libkrb5-dev, + libldap2-dev (>= 2.4.28), + libnspr4-dev, + libnss3-dev, + libpam0g-dev, + libpci-dev, + libpcre3-dev, + libperl-dev, + libsasl2-dev, + libsnmp-dev, + libssl-dev, + libsvrcore-dev (>= 1:4.1.2+dfsg1-3), + libsystemd-dev, + pkg-config, + zlib1g-dev, +Standards-Version: 3.9.8 +Vcs-Git: git://anonscm.debian.org/pkg-fedora-ds/389-ds-base.git +Vcs-Browser: http://anonscm.debian.org/cgit/pkg-fedora-ds/389-ds-base.git +Homepage: http://directory.fedoraproject.org + +Package: 389-ds +Architecture: all +Depends: + 389-admin, + 389-admin-console, + 389-console, + 389-ds-base, + 389-ds-console, + 389-dsgw, + ${misc:Depends}, +Description: 389 Directory Server suite - metapackage + Based on the Lightweight Directory Access Protocol (LDAP), the 389 + Directory Server is designed to manage large directories of users and + resources robustly and scalably. + . + This is a metapackage depending on the LDAPv3 server, the HTTP + daemon used for server administration, and the graphical console used + for server and user/group administration. + +Package: 389-ds-base-libs +Section: libs +Architecture: any +Pre-Depends: ${misc:Pre-Depends} +Depends: ${misc:Depends}, ${shlibs:Depends} +Breaks: libdirsrv0 +Replaces: libdirsrv0 +Description: 389 Directory Server suite - libraries + Based on the Lightweight Directory Access Protocol (LDAP), the 389 + Directory Server is designed to manage large directories of users and + resources robustly and scalably. + . + This package contains core libraries for the 389 Directory Server. + +Package: 389-ds-base-dev +Section: libdevel +Architecture: any +Depends: + 389-ds-base-libs (= ${binary:Version}), + libldap2-dev, + libnspr4-dev, + ${misc:Depends}, + ${shlibs:Depends}, +Breaks: libdirsrv-dev +Replaces: libdirsrv-dev +Description: 389 Directory Server suite - development files + Based on the Lightweight Directory Access Protocol (LDAP), the 389 + Directory Server is designed to manage large directories of users and + resources robustly and scalably. + . + This package contains development headers for the core libraries + of the 389 Directory Server, useful for developing plugins without + having to install the server itself. + +Package: 389-ds-base +Architecture: any +Pre-Depends: debconf (>= 0.5) | debconf-2.0 +Depends: + 389-ds-base-libs (= ${binary:Version}), + adduser, + acl, + ldap-utils, + libmozilla-ldap-perl, + libnetaddr-ip-perl, + libperl4-corelibs-perl | perl (<< 5.12.3-7), + libsasl2-modules-gssapi-mit, + libsocket-getaddrinfo-perl, + python, + systemd, + ${misc:Depends}, + ${shlibs:Depends}, +Breaks: dirsrv, libdirsrv-dev, libdirsrv0 +Replaces: dirsrv, libdirsrv-dev, libdirsrv0 +Description: 389 Directory Server suite - server + Based on the Lightweight Directory Access Protocol (LDAP), the 389 + Directory Server is designed to manage large directories of users and + resources robustly and scalably. + . + Its key features include: + * four-way multi-master replication; + * great scalability; + * extensive documentation; + * Active Directory user and group synchronization; + * secure authentication and transport; + * support for LDAPv3; + * graphical management console; + * on-line, zero downtime update of schema, configuration, and + in-tree Access Control Information. + diff --git a/copyright b/copyright new file mode 100644 index 0000000..d99fca2 --- /dev/null +++ b/copyright @@ -0,0 +1,539 @@ +Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-name: 389-ds-base +Source: http://directory.fedoraproject.org/wiki/Source + +Files: * +Copyright: 2001 Sun Microsystems, Inc. + 2005 Red Hat, Inc. +License: GPL-2 and Other + +Files: ldap/libraries/libavl/*.[ch] ldap/servers/slapd/abandon.c + ldap/servers/slapd/add.c ldap/servers/slapd/abandon.c + ldap/servers/slapd/add.c ldap/servers/slapd/bind.c + ldap/servers/slapd/bulk_import.c ldap/servers/slapd/compare.c + ldap/servers/slapd/delete.c ldap/servers/slapd/detach.c + ldap/servers/slapd/globals.c ldap/servers/slapd/modify.c + ldap/servers/slapd/modrdn.c ldap/servers/slapd/monitor.c + ldap/servers/slapd/search.c ldap/servers/slapd/unbind.c +Copyright: 1993 Regents of the University of Michigan + 2001 Sun Microsystems, Inc. + 2005 Red Hat, Inc. +License: GPL-2 and Other + +Files: ldap/servers/slapd/tools/ldaptool.h +Copyright: 1998 Netscape Communication Corporation +License: GPL-2+ or LGPL-2.1 or MPL-1.1 + +Files: ldap/servers/slapd/tools/ldaptool-sasl.c + ldap/servers/slapd/tools/ldaptool-sasl.h +Copyright: 2005 Sun Microsystems, Inc. +License: GPL-2+ or LGPL-2.1 or MPL-1.1 + +Files: m4/* +Copyright: 2006, 2007 Red Hat, Inc. +License: GPL-2+ + +Files: debian/* +Copyright: 2008 Michele Baldessari + 2012 Timo Aaltonen +License: GPL-2+ or LGPL-2.1 or MPL-1.1 + +License: Other + In addition, as a special exception, Red Hat, Inc. gives You the additional + right to link the code of this Program with code not covered under the GNU + General Public License ("Non-GPL Code") and to distribute linked combinations + including the two, subject to the limitations in this paragraph. Non-GPL Code + permitted under this exception must only link to the code of this Program + through those well defined interfaces identified in the file named EXCEPTION + found in the source code files (the "Approved Interfaces"). The files of + Non-GPL Code may instantiate templates or use macros or inline functions from + the Approved Interfaces without causing the resulting work to be covered by + the GNU General Public License. Only Red Hat, Inc. may make changes or + additions to the list of Approved Interfaces. You must obey the GNU General + Public License in all respects for all of the Program code and other code used + in conjunction with the Program except the Non-GPL Code covered by this + exception. If you modify this file, you may extend this exception to your + version of the file, but you are not obligated to do so. If you do not wish to + provide this exception without modification, you must delete this exception + statement from your version and license this file solely under the GPL without + exception. + +License: GPL-2 or GPL-2+ + On Debian machines the full text of the GNU General Public License + can be found in the file /usr/share/common-licenses/GPL-2. + +License: LGPL-2.1 + On Debian machines the full text of the GNU General Public License + can be found in the file /usr/share/common-licenses/LGPL-2.1. + + +License: MPL-1.1 + MOZILLA PUBLIC LICENSE + Version 1.1 + . + --------------- + . + 1. Definitions. + . + 1.0.1. "Commercial Use" means distribution or otherwise making the + Covered Code available to a third party. + . + 1.1. "Contributor" means each entity that creates or contributes to + the creation of Modifications. + . + 1.2. "Contributor Version" means the combination of the Original + Code, prior Modifications used by a Contributor, and the Modifications + made by that particular Contributor. + . + 1.3. "Covered Code" means the Original Code or Modifications or the + combination of the Original Code and Modifications, in each case + including portions thereof. + . + 1.4. "Electronic Distribution Mechanism" means a mechanism generally + accepted in the software development community for the electronic + transfer of data. + . + 1.5. "Executable" means Covered Code in any form other than Source + Code. + . + 1.6. "Initial Developer" means the individual or entity identified + as the Initial Developer in the Source Code notice required by Exhibit + A. + . + 1.7. "Larger Work" means a work which combines Covered Code or + portions thereof with code not governed by the terms of this License. + . + 1.8. "License" means this document. + . + 1.8.1. "Licensable" means having the right to grant, to the maximum + extent possible, whether at the time of the initial grant or + subsequently acquired, any and all of the rights conveyed herein. + . + 1.9. "Modifications" means any addition to or deletion from the + substance or structure of either the Original Code or any previous + Modifications. When Covered Code is released as a series of files, a + Modification is: + A. Any addition to or deletion from the contents of a file + containing Original Code or previous Modifications. + . + B. Any new file that contains any part of the Original Code or + previous Modifications. + . + 1.10. "Original Code" means Source Code of computer software code + which is described in the Source Code notice required by Exhibit A as + Original Code, and which, at the time of its release under this + License is not already Covered Code governed by this License. + . + 1.10.1. "Patent Claims" means any patent claim(s), now owned or + hereafter acquired, including without limitation, method, process, + and apparatus claims, in any patent Licensable by grantor. + . + 1.11. "Source Code" means the preferred form of the Covered Code for + making modifications to it, including all modules it contains, plus + any associated interface definition files, scripts used to control + compilation and installation of an Executable, or source code + differential comparisons against either the Original Code or another + well known, available Covered Code of the Contributor's choice. The + Source Code can be in a compressed or archival form, provided the + appropriate decompression or de-archiving software is widely available + for no charge. + . + 1.12. "You" (or "Your") means an individual or a legal entity + exercising rights under, and complying with all of the terms of, this + License or a future version of this License issued under Section 6.1. + For legal entities, "You" includes any entity which controls, is + controlled by, or is under common control with You. For purposes of + this definition, "control" means (a) the power, direct or indirect, + to cause the direction or management of such entity, whether by + contract or otherwise, or (b) ownership of more than fifty percent + (50%) of the outstanding shares or beneficial ownership of such + entity. + . + 2. Source Code License. + . + 2.1. The Initial Developer Grant. + The Initial Developer hereby grants You a world-wide, royalty-free, + non-exclusive license, subject to third party intellectual property + claims: + (a) under intellectual property rights (other than patent or + trademark) Licensable by Initial Developer to use, reproduce, + modify, display, perform, sublicense and distribute the Original + Code (or portions thereof) with or without Modifications, and/or + as part of a Larger Work; and + . + (b) under Patents Claims infringed by the making, using or + selling of Original Code, to make, have made, use, practice, + sell, and offer for sale, and/or otherwise dispose of the + Original Code (or portions thereof). + . + (c) the licenses granted in this Section 2.1(a) and (b) are + effective on the date Initial Developer first distributes + Original Code under the terms of this License. + . + (d) Notwithstanding Section 2.1(b) above, no patent license is + granted: 1) for code that You delete from the Original Code; 2) + separate from the Original Code; or 3) for infringements caused + by: i) the modification of the Original Code or ii) the + combination of the Original Code with other software or devices. + . + 2.2. Contributor Grant. + Subject to third party intellectual property claims, each Contributor + hereby grants You a world-wide, royalty-free, non-exclusive license + . + (a) under intellectual property rights (other than patent or + trademark) Licensable by Contributor, to use, reproduce, modify, + display, perform, sublicense and distribute the Modifications + created by such Contributor (or portions thereof) either on an + unmodified basis, with other Modifications, as Covered Code + and/or as part of a Larger Work; and + . + (b) under Patent Claims infringed by the making, using, or + selling of Modifications made by that Contributor either alone + and/or in combination with its Contributor Version (or portions + of such combination), to make, use, sell, offer for sale, have + made, and/or otherwise dispose of: 1) Modifications made by that + Contributor (or portions thereof); and 2) the combination of + Modifications made by that Contributor with its Contributor + Version (or portions of such combination). + . + (c) the licenses granted in Sections 2.2(a) and 2.2(b) are + effective on the date Contributor first makes Commercial Use of + the Covered Code. + . + (d) Notwithstanding Section 2.2(b) above, no patent license is + granted: 1) for any code that Contributor has deleted from the + Contributor Version; 2) separate from the Contributor Version; + 3) for infringements caused by: i) third party modifications of + Contributor Version or ii) the combination of Modifications made + by that Contributor with other software (except as part of the + Contributor Version) or other devices; or 4) under Patent Claims + infringed by Covered Code in the absence of Modifications made by + that Contributor. + . + 3. Distribution Obligations. + . + 3.1. Application of License. + The Modifications which You create or to which You contribute are + governed by the terms of this License, including without limitation + Section 2.2. The Source Code version of Covered Code may be + distributed only under the terms of this License or a future version + of this License released under Section 6.1, and You must include a + copy of this License with every copy of the Source Code You + distribute. You may not offer or impose any terms on any Source Code + version that alters or restricts the applicable version of this + License or the recipients' rights hereunder. However, You may include + an additional document offering the additional rights described in + Section 3.5. + . + 3.2. Availability of Source Code. + Any Modification which You create or to which You contribute must be + made available in Source Code form under the terms of this License + either on the same media as an Executable version or via an accepted + Electronic Distribution Mechanism to anyone to whom you made an + Executable version available; and if made available via Electronic + Distribution Mechanism, must remain available for at least twelve (12) + months after the date it initially became available, or at least six + (6) months after a subsequent version of that particular Modification + has been made available to such recipients. You are responsible for + ensuring that the Source Code version remains available even if the + Electronic Distribution Mechanism is maintained by a third party. + . + 3.3. Description of Modifications. + You must cause all Covered Code to which You contribute to contain a + file documenting the changes You made to create that Covered Code and + the date of any change. You must include a prominent statement that + the Modification is derived, directly or indirectly, from Original + Code provided by the Initial Developer and including the name of the + Initial Developer in (a) the Source Code, and (b) in any notice in an + Executable version or related documentation in which You describe the + origin or ownership of the Covered Code. + . + 3.4. Intellectual Property Matters + (a) Third Party Claims. + If Contributor has knowledge that a license under a third party's + intellectual property rights is required to exercise the rights + granted by such Contributor under Sections 2.1 or 2.2, + Contributor must include a text file with the Source Code + distribution titled "LEGAL" which describes the claim and the + party making the claim in sufficient detail that a recipient will + know whom to contact. If Contributor obtains such knowledge after + the Modification is made available as described in Section 3.2, + Contributor shall promptly modify the LEGAL file in all copies + Contributor makes available thereafter and shall take other steps + (such as notifying appropriate mailing lists or newsgroups) + reasonably calculated to inform those who received the Covered + Code that new knowledge has been obtained. + . + (b) Contributor APIs. + If Contributor's Modifications include an application programming + interface and Contributor has knowledge of patent licenses which + are reasonably necessary to implement that API, Contributor must + also include this information in the LEGAL file. + . + (c) Representations. + Contributor represents that, except as disclosed pursuant to + Section 3.4(a) above, Contributor believes that Contributor's + Modifications are Contributor's original creation(s) and/or + Contributor has sufficient rights to grant the rights conveyed by + this License. + . + 3.5. Required Notices. + You must duplicate the notice in Exhibit A in each file of the Source + Code. If it is not possible to put such notice in a particular Source + Code file due to its structure, then You must include such notice in a + location (such as a relevant directory) where a user would be likely + to look for such a notice. If You created one or more Modification(s) + You may add your name as a Contributor to the notice described in + Exhibit A. You must also duplicate this License in any documentation + for the Source Code where You describe recipients' rights or ownership + rights relating to Covered Code. You may choose to offer, and to + charge a fee for, warranty, support, indemnity or liability + obligations to one or more recipients of Covered Code. However, You + may do so only on Your own behalf, and not on behalf of the Initial + Developer or any Contributor. You must make it absolutely clear than + any such warranty, support, indemnity or liability obligation is + offered by You alone, and You hereby agree to indemnify the Initial + Developer and every Contributor for any liability incurred by the + Initial Developer or such Contributor as a result of warranty, + support, indemnity or liability terms You offer. + . + 3.6. Distribution of Executable Versions. + You may distribute Covered Code in Executable form only if the + requirements of Section 3.1-3.5 have been met for that Covered Code, + and if You include a notice stating that the Source Code version of + the Covered Code is available under the terms of this License, + including a description of how and where You have fulfilled the + obligations of Section 3.2. The notice must be conspicuously included + in any notice in an Executable version, related documentation or + collateral in which You describe recipients' rights relating to the + Covered Code. You may distribute the Executable version of Covered + Code or ownership rights under a license of Your choice, which may + contain terms different from this License, provided that You are in + compliance with the terms of this License and that the license for the + Executable version does not attempt to limit or alter the recipient's + rights in the Source Code version from the rights set forth in this + License. If You distribute the Executable version under a different + license You must make it absolutely clear that any terms which differ + from this License are offered by You alone, not by the Initial + Developer or any Contributor. You hereby agree to indemnify the + Initial Developer and every Contributor for any liability incurred by + the Initial Developer or such Contributor as a result of any such + terms You offer. + . + 3.7. Larger Works. + You may create a Larger Work by combining Covered Code with other code + not governed by the terms of this License and distribute the Larger + Work as a single product. In such a case, You must make sure the + requirements of this License are fulfilled for the Covered Code. + . + 4. Inability to Comply Due to Statute or Regulation. + . + If it is impossible for You to comply with any of the terms of this + License with respect to some or all of the Covered Code due to + statute, judicial order, or regulation then You must: (a) comply with + the terms of this License to the maximum extent possible; and (b) + describe the limitations and the code they affect. Such description + must be included in the LEGAL file described in Section 3.4 and must + be included with all distributions of the Source Code. Except to the + extent prohibited by statute or regulation, such description must be + sufficiently detailed for a recipient of ordinary skill to be able to + understand it. + . + 5. Application of this License. + . + This License applies to code to which the Initial Developer has + attached the notice in Exhibit A and to related Covered Code. + . + 6. Versions of the License. + . + 6.1. New Versions. + Netscape Communications Corporation ("Netscape") may publish revised + and/or new versions of the License from time to time. Each version + will be given a distinguishing version number. + . + 6.2. Effect of New Versions. + Once Covered Code has been published under a particular version of the + License, You may always continue to use it under the terms of that + version. You may also choose to use such Covered Code under the terms + of any subsequent version of the License published by Netscape. No one + other than Netscape has the right to modify the terms applicable to + Covered Code created under this License. + . + 6.3. Derivative Works. + If You create or use a modified version of this License (which you may + only do in order to apply it to code which is not already Covered Code + governed by this License), You must (a) rename Your license so that + the phrases "Mozilla", "MOZILLAPL", "MOZPL", "Netscape", + "MPL", "NPL" or any confusingly similar phrase do not appear in your + license (except to note that your license differs from this License) + and (b) otherwise make it clear that Your version of the license + contains terms which differ from the Mozilla Public License and + Netscape Public License. (Filling in the name of the Initial + Developer, Original Code or Contributor in the notice described in + Exhibit A shall not of themselves be deemed to be modifications of + this License.) + . + 7. DISCLAIMER OF WARRANTY. + . + COVERED CODE IS PROVIDED UNDER THIS LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, + WITHOUT LIMITATION, WARRANTIES THAT THE COVERED CODE IS FREE OF + DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE OR NON-INFRINGING. + THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE COVERED CODE + IS WITH YOU. SHOULD ANY COVERED CODE PROVE DEFECTIVE IN ANY RESPECT, + YOU (NOT THE INITIAL DEVELOPER OR ANY OTHER CONTRIBUTOR) ASSUME THE + COST OF ANY NECESSARY SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER + OF WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS LICENSE. NO USE OF + ANY COVERED CODE IS AUTHORIZED HEREUNDER EXCEPT UNDER THIS DISCLAIMER. + . + 8. TERMINATION. + . + 8.1. This License and the rights granted hereunder will terminate + automatically if You fail to comply with terms herein and fail to cure + such breach within 30 days of becoming aware of the breach. All + sublicenses to the Covered Code which are properly granted shall + survive any termination of this License. Provisions which, by their + nature, must remain in effect beyond the termination of this License + shall survive. + . + 8.2. If You initiate litigation by asserting a patent infringement + claim (excluding declatory judgment actions) against Initial Developer + or a Contributor (the Initial Developer or Contributor against whom + You file such action is referred to as "Participant") alleging that: + . + (a) such Participant's Contributor Version directly or indirectly + infringes any patent, then any and all rights granted by such + Participant to You under Sections 2.1 and/or 2.2 of this License + shall, upon 60 days notice from Participant terminate prospectively, + unless if within 60 days after receipt of notice You either: (i) + agree in writing to pay Participant a mutually agreeable reasonable + royalty for Your past and future use of Modifications made by such + Participant, or (ii) withdraw Your litigation claim with respect to + the Contributor Version against such Participant. If within 60 days + of notice, a reasonable royalty and payment arrangement are not + mutually agreed upon in writing by the parties or the litigation claim + is not withdrawn, the rights granted by Participant to You under + Sections 2.1 and/or 2.2 automatically terminate at the expiration of + the 60 day notice period specified above. + . + (b) any software, hardware, or device, other than such Participant's + Contributor Version, directly or indirectly infringes any patent, then + any rights granted to You by such Participant under Sections 2.1(b) + and 2.2(b) are revoked effective as of the date You first made, used, + sold, distributed, or had made, Modifications made by that + Participant. + . + 8.3. If You assert a patent infringement claim against Participant + alleging that such Participant's Contributor Version directly or + indirectly infringes any patent where such claim is resolved (such as + by license or settlement) prior to the initiation of patent + infringement litigation, then the reasonable value of the licenses + granted by such Participant under Sections 2.1 or 2.2 shall be taken + into account in determining the amount or value of any payment or + license. + . + 8.4. In the event of termination under Sections 8.1 or 8.2 above, + all end user license agreements (excluding distributors and resellers) + which have been validly granted by You or any distributor hereunder + prior to termination shall survive termination. + . + 9. LIMITATION OF LIABILITY. + . + UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER TORT + (INCLUDING NEGLIGENCE), CONTRACT, OR OTHERWISE, SHALL YOU, THE INITIAL + DEVELOPER, ANY OTHER CONTRIBUTOR, OR ANY DISTRIBUTOR OF COVERED CODE, + OR ANY SUPPLIER OF ANY OF SUCH PARTIES, BE LIABLE TO ANY PERSON FOR + ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY + CHARACTER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, + WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER + COMMERCIAL DAMAGES OR LOSSES, EVEN IF SUCH PARTY SHALL HAVE BEEN + INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION OF + LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL INJURY + RESULTING FROM SUCH PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW + PROHIBITS SUCH LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE + EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO + THIS EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. + . + 10. U.S. GOVERNMENT END USERS. + . + The Covered Code is a "commercial item," as that term is defined in + 48 C.F.R. 2.101 (Oct. 1995), consisting of "commercial computer + software" and "commercial computer software documentation," as such + terms are used in 48 C.F.R. 12.212 (Sept. 1995). Consistent with 48 + C.F.R. 12.212 and 48 C.F.R. 227.7202-1 through 227.7202-4 (June 1995), + all U.S. Government End Users acquire Covered Code with only those + rights set forth herein. + . + 11. MISCELLANEOUS. + . + This License represents the complete agreement concerning subject + matter hereof. If any provision of this License is held to be + unenforceable, such provision shall be reformed only to the extent + necessary to make it enforceable. This License shall be governed by + California law provisions (except to the extent applicable law, if + any, provides otherwise), excluding its conflict-of-law provisions. + With respect to disputes in which at least one party is a citizen of, + or an entity chartered or registered to do business in the United + States of America, any litigation relating to this License shall be + subject to the jurisdiction of the Federal Courts of the Northern + District of California, with venue lying in Santa Clara County, + California, with the losing party responsible for costs, including + without limitation, court costs and reasonable attorneys' fees and + expenses. The application of the United Nations Convention on + Contracts for the International Sale of Goods is expressly excluded. + Any law or regulation which provides that the language of a contract + shall be construed against the drafter shall not apply to this + License. + . + 12. RESPONSIBILITY FOR CLAIMS. + . + As between Initial Developer and the Contributors, each party is + responsible for claims and damages arising, directly or indirectly, + out of its utilization of rights under this License and You agree to + work with Initial Developer and Contributors to distribute such + responsibility on an equitable basis. Nothing herein is intended or + shall be deemed to constitute any admission of liability. + . + 13. MULTIPLE-LICENSED CODE. + . + Initial Developer may designate portions of the Covered Code as + "Multiple-Licensed". "Multiple-Licensed" means that the Initial + Developer permits you to utilize portions of the Covered Code under + Your choice of the NPL or the alternative licenses, if any, specified + by the Initial Developer in the file described in Exhibit A. + . + EXHIBIT A -Mozilla Public License. + . + ``The contents of this file are subject to the Mozilla Public License + Version 1.1 (the "License"); you may not use this file except in + compliance with the License. You may obtain a copy of the License at + http://www.mozilla.org/MPL/ + . + Software distributed under the License is distributed on an "AS IS" + basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the + License for the specific language governing rights and limitations + under the License. + . + The Original Code is ______________________________________. + . + The Initial Developer of the Original Code is ________________________. + Portions created by ______________________ are Copyright (C) ______ + _______________________. All Rights Reserved. + . + Contributor(s): ______________________________________. + . + Alternatively, the contents of this file may be used under the terms + of the _____ license (the "[___] License"), in which case the + provisions of [______] License are applicable instead of those + above. If you wish to allow use of your version of this file only + under the terms of the [____] License and not to allow others to use + your version of this file under the MPL, indicate your decision by + deleting the provisions above and replace them with the notice and + other provisions required by the [___] License. If you do not delete + the provisions above, a recipient may use your version of this file + under either the MPL or the [___] License." + . + [NOTE: The text of this Exhibit A may differ slightly from the text of + the notices in the Source Code files of the Original Code. You should + use the text of this Exhibit A rather than the text found in the + Original Code Source Code for Your Modifications.] diff --git a/patches/fix-48986-cve-2017-2591.diff b/patches/fix-48986-cve-2017-2591.diff new file mode 100644 index 0000000..c5270b9 --- /dev/null +++ b/patches/fix-48986-cve-2017-2591.diff @@ -0,0 +1,39 @@ +commit ffda694dd622b31277da07be76d3469fad86150f +Author: William Brown +Date: Wed Sep 28 10:46:21 2016 +1000 + + Ticket 48986 - 47808 triggers overflow in uiduniq.c + + Bug Description: Certain configurations of uiduniq.c would cause an overflow + when running with Address Sanitiser + + Fix Description: Increase the size of the allocation to tmp_config->attrs. + + https://fedorahosted.org/389/ticket/48986 + + Author: nhosoi + + Reviewed by: wibrown + +diff --git a/ldap/servers/plugins/uiduniq/uid.c b/ldap/servers/plugins/uiduniq/uid.c +index d1d0162..2aba17a 100644 +--- a/ldap/servers/plugins/uiduniq/uid.c ++++ b/ldap/servers/plugins/uiduniq/uid.c +@@ -302,7 +302,7 @@ uniqueness_entry_to_config(Slapi_PBlock *pb, Slapi_Entry *config_entry) + } + + /* Store attrName in the config */ +- tmp_config->attrs = (const char **) slapi_ch_calloc(1, sizeof(char *)); ++ tmp_config->attrs = (const char **) slapi_ch_calloc(2, sizeof(char *)); + tmp_config->attrs[0] = slapi_ch_strdup(attrName); + argc--; + argv++; /* First argument was attribute name and remaining are subtrees */ +@@ -345,7 +345,7 @@ uniqueness_entry_to_config(Slapi_PBlock *pb, Slapi_Entry *config_entry) + * - requiredObjectClass + */ + /* Store attrName in the config */ +- tmp_config->attrs = (const char **) slapi_ch_calloc(1, sizeof(char *)); ++ tmp_config->attrs = (const char **) slapi_ch_calloc(2, sizeof(char *)); + tmp_config->attrs[0] = slapi_ch_strdup(attrName); + + /* There is no subtrees */ diff --git a/patches/fix-bsd.patch b/patches/fix-bsd.patch new file mode 100644 index 0000000..44b8bd5 --- /dev/null +++ b/patches/fix-bsd.patch @@ -0,0 +1,33 @@ +Description: Fix build on kFreeBSD (and probably other BSD systems) + 1) ENODATA is no ISO C standard and is missing on BSD. + 2) The sysctl for the TCP keepalive interval is net.inet.tcp.keepintvl + on BSD. +Author: Benjamin Drung + +--- a/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c ++++ b/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c +@@ -66,6 +66,10 @@ typedef struct _rdn_elem { + + #define TMPID 0 /* Used for the fake ID */ + ++#ifndef ENODATA /* not defined on BSD systems */ ++#define ENODATA ENOMSG ++#endif ++ + /* RDN(s) which can be added even if no suffix exists in the entryrdn index */ + const char *rdn_exceptions[] = { + "nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff", +--- a/ldap/systools/idsktune.c ++++ b/ldap/systools/idsktune.c +@@ -165,6 +165,11 @@ int mem_rec = 1024; + #define NAME_TCP_KEEPALIVE_INTERVAL "net.ipv4.tcp_keepalive_time" + #endif + ++#if defined(IDDS_BSD_SYSCTL) ++#define NAME_TCP_SMALLEST_ANON_PORT "net.inet.ip.portrange.hifirst" ++#define NAME_TCP_KEEPALIVE_INTERVAL "net.inet.tcp.keepintvl" ++#endif ++ + #if defined(__sun) || defined(__hpux) || defined(IDDS_LINUX_SYSCTL) + + long ndd_tcp_conn_req_max_q = 0; diff --git a/patches/fix-obsolete-target.diff b/patches/fix-obsolete-target.diff new file mode 100644 index 0000000..4befbaf --- /dev/null +++ b/patches/fix-obsolete-target.diff @@ -0,0 +1,21 @@ +--- a/wrappers/systemd-snmp.service.in ++++ b/wrappers/systemd-snmp.service.in +@@ -5,7 +5,7 @@ + # systemctl (re)start dirsrv-snmp.service + [Unit] + Description=@capbrand@ Directory Server SNMP Subagent. +-After=syslog.target network.target ++After=network.target + + [Service] + Type=forking +--- a/wrappers/systemd.group.in ++++ b/wrappers/systemd.group.in +@@ -1,6 +1,6 @@ + [Unit] + Description=@capbrand@ Directory Server +-After=chronyd.service ntpd.service network-online.target syslog.target ++After=chronyd.service ntpd.service network-online.target + + [Install] + WantedBy=multi-user.target diff --git a/patches/fix-saslpath.diff b/patches/fix-saslpath.diff new file mode 100644 index 0000000..7ab7b06 --- /dev/null +++ b/patches/fix-saslpath.diff @@ -0,0 +1,33 @@ +--- a/ldap/servers/slapd/ldaputil.c ++++ b/ldap/servers/slapd/ldaputil.c +@@ -980,10 +980,10 @@ ldaputil_get_saslpath() + if (PR_SUCCESS != PR_Access(saslpath, PR_ACCESS_EXISTS)) { + #ifdef CPU_arm + /* the 64-bit ARMv8 architecture. */ +- saslpath = "/usr/lib/aarch64-linux-gnu"; ++ saslpath = "/usr/lib/aarch64-linux-gnu/sasl2"; + #else + /* Try x86_64 gnu triplet */ +- saslpath = "/usr/lib/x86_64-linux-gnu"; ++ saslpath = "/usr/lib/x86_64-linux-gnu/sasl2"; + #endif + } + #else +@@ -991,14 +991,14 @@ ldaputil_get_saslpath() + if (PR_SUCCESS != PR_Access(saslpath, PR_ACCESS_EXISTS)) { + #ifdef CPU_arm + /* the latest 32 bit ARM architecture using the hard-float version of EABI. */ +- saslpath = "/usr/lib/arm-linux-gnueabihf"; ++ saslpath = "/usr/lib/arm-linux-gnueabihf/sasl2"; + if (PR_SUCCESS != PR_Access(saslpath, PR_ACCESS_EXISTS)) { + /* the 32 bit ARM architecture of EABI. */ +- saslpath = "/usr/lib/arm-linux-gnueabi"; ++ saslpath = "/usr/lib/arm-linux-gnueabi/sasl2"; + } + #else + /* Try i386 gnu triplet */ +- saslpath = "/usr/lib/i386-linux-gnu"; ++ saslpath = "/usr/lib/i386-linux-gnu/sasl2"; + #endif + } + #endif diff --git a/patches/fix-systemctl-path.diff b/patches/fix-systemctl-path.diff new file mode 100644 index 0000000..aaaeb8c --- /dev/null +++ b/patches/fix-systemctl-path.diff @@ -0,0 +1,31 @@ +Description: Fix the path to systemctl binary +Author: Timo Aaltonen + +--- a/ldap/admin/src/scripts/start-dirsrv.in ++++ b/ldap/admin/src/scripts/start-dirsrv.in +@@ -55,7 +55,7 @@ start_instance() { + # otherwise start the instance the old way. + # + if [ -d "@systemdsystemunitdir@" ] && [ $(id -u) -eq 0 ];then +- @bindir@/systemctl start @package_name@@$SERV_ID.service ++ /bin/systemctl start @package_name@@$SERV_ID.service + if [ $? -ne 0 ]; then + return 1 + fi +--- a/ldap/admin/src/scripts/stop-dirsrv.in ++++ b/ldap/admin/src/scripts/stop-dirsrv.in +@@ -43,12 +43,12 @@ stop_instance() { + # + # Now, check if systemctl is aware of this running instance + # +- @bindir@/systemctl is-active @package_name@@$SERV_ID.service > /dev/null 2>&1 ++ /bin/systemctl is-active @package_name@@$SERV_ID.service > /dev/null 2>&1 + if [ $? -eq 0 ]; then + # + # systemctl sees the running process, so stop it correctly + # +- @bindir@/systemctl stop @package_name@@$SERV_ID.service ++ /bin/systemctl stop @package_name@@$SERV_ID.service + else + # + # Have to kill it since systemctl doesn't think it's running diff --git a/patches/fix-upstream-49245.diff b/patches/fix-upstream-49245.diff new file mode 100644 index 0000000..9c78400 --- /dev/null +++ b/patches/fix-upstream-49245.diff @@ -0,0 +1,544 @@ +diff --git a/Makefile.am b/Makefile.am +index d54a2cc..f885eea 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -1059,9 +1059,6 @@ libslapd_la_SOURCES = ldap/servers/slapd/add.c \ + $(libavl_a_SOURCES) + + libslapd_la_CPPFLAGS = $(PLUGIN_CPPFLAGS) @sasl_inc@ @db_inc@ @svrcore_inc@ @kerberos_inc@ @pcre_inc@ +-if SPARC +-libslapd_la_SOURCES += ldap/servers/slapd/slapi_counter_sunos_sparcv9.S +-endif + libslapd_la_LIBADD = $(LDAPSDK_LINK) $(SASL_LINK) $(NUNC_STANS_LINK) $(SVRCORE_LINK) $(NSS_LINK) $(NSPR_LINK) $(KERBEROS_LINK) $(PCRE_LINK) $(THREADLIB) $(SYSTEMD_LINK) + + +diff --git a/configure.ac b/configure.ac +index 846e3b4..9b6377a 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -519,11 +519,14 @@ case $host in + case $host in + i*86-*-linux*) + AC_DEFINE([CPU_x86], [], [cpu type x86]) +- AC_DEFINE([ATOMIC_64BIT_OPERATIONS], [1], [enabling atomic counter]) + ;; + x86_64-*-linux*) +- AC_DEFINE([CPU_x86_64], [], [cpu type x86_64]) +- AC_DEFINE([ATOMIC_64BIT_OPERATIONS], [1], [enabling atomic counter]) ++ AC_DEFINE([CPU_x86_64], [1], [cpu type x86_64]) ++ ++ # This turns on and off LFDS inside of libsds ++ # wibrown -- 2017-02-21 disabled temporarily ++ # with_atomic_queue="yes" ++ # AC_DEFINE([ATOMIC_QUEUE_OPERATIONS], [1], [enabling atomic queue operations]) + ;; + aarch64-*-linux*) + AC_DEFINE([CPU_arm], [], [cpu type arm]) +@@ -532,16 +535,6 @@ case $host in + AC_DEFINE([CPU_arm], [], [cpu type arm]) + ;; + esac +- AC_MSG_CHECKING([for GCC provided 64-bit atomic bool cas function ...]) +- AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], +- [[long long ptrval = 0, val = 0, newval = 1; (void)__sync_bool_compare_and_swap_8(&ptrval, val, newval);]])], +- [AC_DEFINE([HAVE_64BIT_ATOMIC_CAS_FUNC], [1], [have 64-bit atomic bool compare and swap function provided by gcc])AC_MSG_RESULT([yes])], +- [AC_MSG_RESULT([no])]) +- AC_MSG_CHECKING([for GCC provided 64-bit atomic ops functions ...]) +- AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], +- [[long long ptrval = 0, val = 0; (void)__sync_add_and_fetch_8(&ptrval, val);]])], +- [AC_DEFINE([HAVE_64BIT_ATOMIC_OP_FUNCS], [1], [have 64-bit atomic operation functions provided by gcc])AC_MSG_RESULT([yes])], +- [AC_MSG_RESULT([no])]) + # some programs use the native thread library directly + THREADLIB=-lpthread + AC_SUBST([THREADLIB], [$THREADLIB]) +@@ -576,7 +569,6 @@ case $host in + AC_DEFINE([_POSIX_C_SOURCE], [199506L], [POSIX revision]) + AC_DEFINE([_HPUX_SOURCE], [1], [Source namespace]) + AC_DEFINE([_INCLUDE_STDC__SOURCE_199901], [1], [to pick up all of the printf format macros in inttypes.h]) +- AC_DEFINE([ATOMIC_64BIT_OPERATIONS], [1], [enabling atomic counter]) + # assume 64 bit + initconfigdir="/$PACKAGE_NAME/config" + perlexec='/opt/perl_64/bin/perl' +@@ -611,12 +603,11 @@ dnl Cstd and Crun are required to link any C++ related code + initdir='$(sysconfdir)/init.d' + case $host in + i?86-*-solaris2.1[[0-9]]*) +-dnl I dont know why i386 need this explicit ++ dnl I dont know why i386 need this explicit + AC_DEFINE([HAVE_GETPEERUCRED], [1], [have getpeerucred]) + ;; + sparc-*-solaris*) +-dnl includes some assembler stuff in counter.o +- AC_DEFINE([ATOMIC_64BIT_OPERATIONS], [1], [enabling atomic counter]) ++ dnl includes some assembler stuff in counter.o + AC_DEFINE([CPU_sparc], [], [cpu type sparc]) + TARGET='SPARC' + ;; +@@ -627,6 +618,30 @@ dnl includes some assembler stuff in counter.o + ;; + esac + ++AC_MSG_CHECKING([for GCC provided 64-bit atomic operations]) ++AC_LINK_IFELSE([AC_LANG_PROGRAM([[ ++ #include ++ ]], ++ [[ ++ uint64_t t_counter = 0; ++ uint64_t t_oldval = 0; ++ uint64_t t_newval = 1; ++ ++ __atomic_compare_exchange_8(&t_counter, &t_oldval, t_newval, 0, __ATOMIC_SEQ_CST, __ATOMIC_SEQ_CST); ++ __atomic_add_fetch_8(&t_counter, t_newval, __ATOMIC_SEQ_CST); ++ __atomic_sub_fetch_8(&t_counter, t_newval, __ATOMIC_SEQ_CST); ++ __atomic_load(&t_counter, &t_oldval, __ATOMIC_SEQ_CST); ++ return 0; ++ ]])], ++ [ ++ AC_DEFINE([ATOMIC_64BIT_OPERATIONS], [1], [have 64-bit atomic operation functions provided by gcc]) ++ AC_MSG_RESULT([yes]) ++ ], ++ [ ++ AC_MSG_RESULT([no]) ++ ] ++) ++ + # cmd line overrides default setting above + if test -n "$with_initddir" ; then + initdir="$with_initddir" +diff --git a/ldap/servers/slapd/slapi_counter.c b/ldap/servers/slapd/slapi_counter.c +index d0696eb..9904fe9 100644 +--- a/ldap/servers/slapd/slapi_counter.c ++++ b/ldap/servers/slapd/slapi_counter.c +@@ -12,17 +12,22 @@ + + #include "slap.h" + ++#ifndef ATOMIC_64BIT_OPERATIONS ++#include ++#endif ++ + #ifdef HPUX +-#ifdef ATOMIC_64BIT_OPERATIONS + #include + #endif +-#endif + + /* + * Counter Structure + */ + typedef struct slapi_counter { + uint64_t value; ++#ifndef ATOMIC_64BIT_OPERATIONS ++ pthread_mutex_t _lock; ++#endif + } slapi_counter; + + /* +@@ -53,6 +58,9 @@ void slapi_counter_init(Slapi_Counter *counter) + if (counter != NULL) { + /* Set the value to 0. */ + slapi_counter_set_value(counter, 0); ++#ifndef ATOMIC_64BIT_OPERATIONS ++ pthread_mutex_init(&(counter->_lock), NULL); ++#endif + } + } + +@@ -65,6 +73,9 @@ void slapi_counter_init(Slapi_Counter *counter) + void slapi_counter_destroy(Slapi_Counter **counter) + { + if ((counter != NULL) && (*counter != NULL)) { ++#ifndef ATOMIC_64BIT_OPERATIONS ++ pthread_mutex_destroy(&((*counter)->_lock)); ++#endif + slapi_ch_free((void **)counter); + } + } +@@ -99,17 +110,15 @@ uint64_t slapi_counter_decrement(Slapi_Counter *counter) + uint64_t slapi_counter_add(Slapi_Counter *counter, uint64_t addvalue) + { + uint64_t newvalue = 0; +-#ifdef HPUX +- uint64_t prev = 0; +-#endif + + if (counter == NULL) { + return newvalue; + } +- +-#ifndef HPUX ++#ifdef ATOMIC_64BIT_OPERATIONS + newvalue = __atomic_add_fetch_8(&(counter->value), addvalue, __ATOMIC_SEQ_CST); + #else ++#ifdef HPUX ++ uint64_t prev = 0; + /* fetchadd only works with values of 1, 4, 8, and 16. In addition, it requires + * it's argument to be an integer constant. */ + if (addvalue == 1) { +@@ -133,6 +142,12 @@ uint64_t slapi_counter_add(Slapi_Counter *counter, uint64_t addvalue) + _Asm_mov_to_ar(_AREG_CCV, prev); + } while (prev != _Asm_cmpxchg(_FASZ_D, _SEM_ACQ, &(counter->value), newvalue, _LDHINT_NONE)); + } ++#else ++ pthread_mutex_lock(&(counter->_lock)); ++ counter->value += addvalue; ++ newvalue = counter->value; ++ pthread_mutex_unlock(&(counter->_lock)); ++#endif + #endif + + return newvalue; +@@ -147,17 +162,16 @@ uint64_t slapi_counter_add(Slapi_Counter *counter, uint64_t addvalue) + uint64_t slapi_counter_subtract(Slapi_Counter *counter, uint64_t subvalue) + { + uint64_t newvalue = 0; +-#ifdef HPUX +- uint64_t prev = 0; +-#endif + + if (counter == NULL) { + return newvalue; + } + +-#ifndef HPUX ++#ifdef ATOMIC_64BIT_OPERATIONS + newvalue = __atomic_sub_fetch_8(&(counter->value), subvalue, __ATOMIC_SEQ_CST); + #else ++#ifdef HPUX ++ uint64_t prev = 0; + /* fetchadd only works with values of -1, -4, -8, and -16. In addition, it requires + * it's argument to be an integer constant. */ + if (subvalue == 1) { +@@ -181,6 +195,12 @@ uint64_t slapi_counter_subtract(Slapi_Counter *counter, uint64_t subvalue) + _Asm_mov_to_ar(_AREG_CCV, prev); + } while (prev != _Asm_cmpxchg(_FASZ_D, _SEM_ACQ, &(counter->value), newvalue, _LDHINT_NONE)); + } ++#else ++ pthread_mutex_lock(&(counter->_lock)); ++ counter->value -= subvalue; ++ newvalue = counter->value; ++ pthread_mutex_unlock(&(counter->_lock)); ++#endif + #endif + + return newvalue; +@@ -199,58 +219,22 @@ uint64_t slapi_counter_set_value(Slapi_Counter *counter, uint64_t newvalue) + return value; + } + +-#ifndef HPUX +-/* Use our own inline assembly for an atomic set if +- * the builtins aren't available. */ +-#if !HAVE_64BIT_ATOMIC_CAS_FUNC +- /* +- * %0 = counter->value +- * %1 = newvalue +- */ +- __asm__ __volatile__( +-#ifdef CPU_x86 +- /* Save the PIC register */ +- " pushl %%ebx;" +-#endif /* CPU_x86 */ +- /* Put value of counter->value in EDX:EAX */ +- "retryset: movl %0, %%eax;" +- " movl 4%0, %%edx;" +- /* Put newval in ECX:EBX */ +- " movl %1, %%ebx;" +- " movl 4+%1, %%ecx;" +- /* If EDX:EAX and counter-> are the same, +- * replace *ptr with ECX:EBX */ +- " lock; cmpxchg8b %0;" +- " jnz retryset;" +-#ifdef CPU_x86 +- /* Restore the PIC register */ +- " popl %%ebx" +-#endif /* CPU_x86 */ +- : "+o" (counter->value) +- : "m" (newvalue) +-#ifdef CPU_x86 +- : "memory", "eax", "ecx", "edx", "cc"); +-#else +- : "memory", "eax", "ebx", "ecx", "edx", "cc"); +-#endif +- +- return newvalue; +-#else /* HAVE_64BIT_ATOMIC_CAS_FUNC */ +- while (1) { +- value = __atomic_load_8(&(counter->value), __ATOMIC_SEQ_CST); +- if (__atomic_compare_exchange_8(&(counter->value), &value, newvalue, PR_FALSE, __ATOMIC_SEQ_CST, __ATOMIC_SEQ_CST)){ +- return newvalue; +- } +- } +-#endif ++#ifdef ATOMIC_64BIT_OPERATIONS ++ __atomic_store_8(&(counter->value), newvalue, __ATOMIC_SEQ_CST); + #else /* HPUX */ ++#ifdef HPUX + do { + value = counter->value; + /* Put value in a register for cmpxchg to compare against */ + _Asm_mov_to_ar(_AREG_CCV, value); + } while (value != _Asm_cmpxchg(_FASZ_D, _SEM_ACQ, &(counter->value), newvalue, _LDHINT_NONE)); +- return newvalue; ++#else ++ pthread_mutex_lock(&(counter->_lock)); ++ counter->value = newvalue; ++ pthread_mutex_unlock(&(counter->_lock)); ++#endif + #endif ++ return newvalue; + } + + /* +@@ -266,57 +250,20 @@ uint64_t slapi_counter_get_value(Slapi_Counter *counter) + return value; + } + +-#ifndef HPUX +-/* Use our own inline assembly for an atomic get if +- * the builtins aren't available. */ +-#if !HAVE_64BIT_ATOMIC_CAS_FUNC +- /* +- * %0 = counter->value +- * %1 = value +- */ +- __asm__ __volatile__( +-#ifdef CPU_x86 +- /* Save the PIC register */ +- " pushl %%ebx;" +-#endif /* CPU_x86 */ +- /* Put value of counter->value in EDX:EAX */ +- "retryget: movl %0, %%eax;" +- " movl 4%0, %%edx;" +- /* Copy EDX:EAX to ECX:EBX */ +- " movl %%eax, %%ebx;" +- " movl %%edx, %%ecx;" +- /* If EDX:EAX and counter->value are the same, +- * replace *ptr with ECX:EBX */ +- " lock; cmpxchg8b %0;" +- " jnz retryget;" +- /* Put retrieved value into value */ +- " movl %%ebx, %1;" +- " movl %%ecx, 4%1;" +-#ifdef CPU_x86 +- /* Restore the PIC register */ +- " popl %%ebx" +-#endif /* CPU_x86 */ +- : "+o" (counter->value), "=m" (value) +- : +-#ifdef CPU_x86 +- : "memory", "eax", "ecx", "edx", "cc"); +-#else +- : "memory", "eax", "ebx", "ecx", "edx", "cc"); +-#endif +-#else /* HAVE_64BIT_ATOMIC_CAS_FUNC */ +- while (1) { +- value = __atomic_load_8(&(counter->value), __ATOMIC_SEQ_CST); +- if (__atomic_compare_exchange_8(&(counter->value), &value, value, PR_FALSE, __ATOMIC_SEQ_CST, __ATOMIC_SEQ_CST)){ +- break; +- } +- } +-#endif ++#ifdef ATOMIC_64BIT_OPERATIONS ++ value = __atomic_load_8(&(counter->value), __ATOMIC_SEQ_CST); + #else /* HPUX */ ++#ifdef HPUX + do { + value = counter->value; + /* Put value in a register for cmpxchg to compare against */ + _Asm_mov_to_ar(_AREG_CCV, value); + } while (value != _Asm_cmpxchg(_FASZ_D, _SEM_ACQ, &(counter->value), value, _LDHINT_NONE)); ++#else ++ pthread_mutex_lock(&(counter->_lock)); ++ value = counter->value; ++ pthread_mutex_unlock(&(counter->_lock)); ++#endif + #endif + + return value; +diff --git a/ldap/servers/slapd/slapi_counter_sunos_sparcv9.S b/ldap/servers/slapd/slapi_counter_sunos_sparcv9.S +deleted file mode 100644 +index e582c2a..0000000 +--- a/ldap/servers/slapd/slapi_counter_sunos_sparcv9.S ++++ /dev/null +@@ -1,105 +0,0 @@ +-! BEGIN COPYRIGHT BLOCK +-! The Original Code is the Netscape Portable Runtime (NSPR). +-! +-! The Initial Developer of the Original Code is +-! Netscape Communications Corporation. +-! Portions created by the Initial Developer are Copyright (C) 1998-2000 +-! the Initial Developer. All Rights Reserved. +-! +-! The original code has been modified to support 64-bit atomic increments by +-! Red Hat, Inc. These portions are Copyright (C) 2008 Red Hat, Inc. All Rights +-! reserved. +-! +-! License: GPL (version 3 or any later version). +-! See LICENSE for details. +-! END COPYRIGHT BLOCK +-! +- +-#define _ASM 1 /* force to set an assembler code macro _ASM */ +-#include +- +-! ====================================================================== +-! +-! Perform the sequence a = b atomically with respect to other +-! fetch-and-stores to location a in a wait-free fashion. +-! +-! usage : old_val = PR_AtomicSet(address, newval) +-! +-! ----------------------- +-! Note on REGISTER USAGE: +-! as this is a LEAF procedure, a new stack frame is not created; +-! we use the caller's stack frame so what would normally be %i (input) +-! registers are actually %o (output registers). Also, we must not +-! overwrite the contents of %l (local) registers as they are not +-! assumed to be volatile during calls. +-! ----------------------- +- +- ENTRY(_sparcv9_AtomicSet) ! standard assembler/ELF prologue +- +-retryAS: +- ldx [%o0], %o2 ! set o2 to the current value +- mov %o1, %o3 ! set up the new value +- casx [%o0], %o2, %o3 ! atomically set if o0 hasn't changed +- cmp %o2, %o3 ! see if we set the value +- bne retryAS ! if not, try again +- nop ! empty out the branch pipeline +- retl ! return back to the caller +- mov %o3, %o0 ! set the return code to the prev value +- +- SET_SIZE(_sparcv9_AtomicSet) ! standard assembler/ELF epilogue +- +-! +-! end +-! +-! ====================================================================== +-! +-! Perform the sequence a = a + b atomically with respect to other +-! fetch-and-adds to location a in a wait-free fashion. +-! +-! usage : newval = PR_AtomicAdd(address, val) +-! return: the value after addition +-! +- ENTRY(_sparcv9_AtomicAdd) ! standard assembler/ELF prologue +- +-retryAA: +- ldx [%o0], %o2 ! set o2 to the current value +- addx %o2, %o1, %o3 ! calc the new value +- mov %o3, %o4 ! save the return value +- casx [%o0], %o2, %o3 ! atomically set if o0 hasn't changed +- cmp %o2, %o3 ! see if we set the value +- bne retryAA ! if not, try again +- nop ! empty out the branch pipeline +- retl ! return back to the caller +- mov %o4, %o0 ! set the return code to the new value +- +- SET_SIZE(_sparcv9_AtomicAdd) ! standard assembler/ELF epilogue +- +-! +-! end +-! +-! ====================================================================== +-! +-! Perform the sequence a = a - b atomically with respect to other +-! fetch-and-subs to location a in a wait-free fashion. +-! +-! usage : newval = PR_AtomicSub(address, val) +-! return: the value after addition +-! +- ENTRY(_sparcv9_AtomicSub) ! standard assembler/ELF prologue +- +-retryAU: +- ldx [%o0], %o2 ! set o2 to the current value +- subx %o2, %o1, %o3 ! calc the new value +- mov %o3, %o4 ! save the return value +- casx [%o0], %o2, %o3 ! atomically set if o0 hasn't changed +- cmp %o2, %o3 ! see if we set the value +- bne retryAU ! if not, try again +- nop ! empty out the branch pipeline +- retl ! return back to the caller +- mov %o4, %o0 ! set the return code to the new value +- +- SET_SIZE(_sparcv9_AtomicSub) ! standard assembler/ELF epilogue +- +-! +-! end +-! +diff --git a/test/libslapd/counters/atomic.c b/test/libslapd/counters/atomic.c +new file mode 100644 +index 0000000..72fad88 +--- /dev/null ++++ b/test/libslapd/counters/atomic.c +@@ -0,0 +1,69 @@ ++/** BEGIN COPYRIGHT BLOCK ++ * Copyright (C) 2017 Red Hat, Inc. ++ * All rights reserved. ++ * ++ * License: GPL (version 3 or any later version). ++ * See LICENSE for details. ++ * END COPYRIGHT BLOCK **/ ++ ++#include "../../test_slapd.h" ++ ++void ++test_libslapd_counters_atomic_usage(void **state __attribute__((unused))) { ++ Slapi_Counter *tc = slapi_counter_new(); ++ ++ uint64_t value = 0; ++ /* Check that it starts as 0 */ ++ value = slapi_counter_get_value(tc); ++ assert_true(value == 0); ++ /* Increment */ ++ slapi_counter_increment(tc); ++ value = slapi_counter_get_value(tc); ++ assert_true(value == 1); ++ /* add */ ++ slapi_counter_add(tc, 100); ++ value = slapi_counter_get_value(tc); ++ assert_true(value == 101); ++ /* set */ ++ slapi_counter_set_value(tc, 200); ++ value = slapi_counter_get_value(tc); ++ assert_true(value == 200); ++ /* dec */ ++ slapi_counter_decrement(tc); ++ value = slapi_counter_get_value(tc); ++ assert_true(value == 199); ++ /* sub */ ++ slapi_counter_subtract(tc, 99); ++ value = slapi_counter_get_value(tc); ++ assert_true(value == 100); ++ /* init */ ++ slapi_counter_init(tc); ++ value = slapi_counter_get_value(tc); ++ assert_true(value == 0); ++ ++ ++ slapi_counter_destroy(&tc); ++ ++ /* We could attempt a more complex thread test later? */ ++ ++} ++ ++void ++test_libslapd_counters_atomic_overflow(void **state __attribute__((unused))) { ++ Slapi_Counter *tc = slapi_counter_new(); ++ /* This is intmax ... */ ++ uint32_t value_32 = 0xFFFFFFFF; ++ uint64_t value = 0; ++ ++ slapi_counter_set_value(tc, (uint64_t)value_32); ++ value = slapi_counter_get_value(tc); ++ assert_true(value == (uint64_t)value_32); ++ ++ slapi_counter_increment(tc); ++ value = slapi_counter_get_value(tc); ++ assert_true(value != 0); ++ assert_true(value > (uint64_t)value_32); ++ ++ slapi_counter_destroy(&tc); ++} ++ diff --git a/patches/ftbs_lsoftotkn3.diff b/patches/ftbs_lsoftotkn3.diff new file mode 100644 index 0000000..7ebbcb6 --- /dev/null +++ b/patches/ftbs_lsoftotkn3.diff @@ -0,0 +1,20 @@ +Description: Fix autoconf macro to detect svrcore properly + configure bails out with a linking error against libsoftokn, which is according + #473275 the correct behaviour. The patch modifies the m4 file to do not link + against this lib. +Author: Tobias Frost +Forwarded: no +Last-Update: 2014-04-25 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/m4/svrcore.m4 ++++ b/m4/svrcore.m4 +@@ -84,7 +84,7 @@ fi + if test -z "$svrcore_inc" -o -z "$svrcore_lib"; then + dnl just see if SVRCORE is already a system library + AC_CHECK_LIB([svrcore], [SVRCORE_GetRegisteredPinObj], [havesvrcore=1], +- [], [$nss_inc $nspr_inc $nss_lib -lnss3 -lsoftokn3 $nspr_lib -lplds4 -lplc4 -lnspr4]) ++ [], [$nss_inc $nspr_inc $nss_lib -lnss3 $nspr_lib -lplds4 -lplc4 -lnspr4]) + if test -n "$havesvrcore" ; then + dnl just see if SVRCORE is already a system header file + save_cppflags="$CPPFLAGS" diff --git a/patches/rename-online-scripts.diff b/patches/rename-online-scripts.diff new file mode 100644 index 0000000..e37ee75 --- /dev/null +++ b/patches/rename-online-scripts.diff @@ -0,0 +1,51 @@ +--- a/ldap/admin/src/scripts/template-bak2db.pl.in ++++ b/ldap/admin/src/scripts/template-bak2db.pl.in +@@ -23,6 +23,6 @@ while ($i <= $#ARGV) { + $i++; + } + +-exec "{{SERVERBIN-DIR}}/bak2db.pl @wrapperArgs -Z {{SERV-ID}}"; ++exec "{{SERVERBIN-DIR}}/bak2db-online @wrapperArgs -Z {{SERV-ID}}"; + + exit ($?); +--- a/ldap/admin/src/scripts/template-db2bak.pl.in ++++ b/ldap/admin/src/scripts/template-db2bak.pl.in +@@ -23,7 +23,7 @@ while ($i <= $#ARGV) { + $i++; + } + +-exec "{{SERVERBIN-DIR}}/db2bak.pl @wrapperArgs -Z {{SERV-ID}}"; ++exec "{{SERVERBIN-DIR}}/db2bak-online @wrapperArgs -Z {{SERV-ID}}"; + + exit ($?); + +--- a/ldap/admin/src/scripts/template-db2index.pl.in ++++ b/ldap/admin/src/scripts/template-db2index.pl.in +@@ -23,6 +23,6 @@ while ($i <= $#ARGV) { + $i++; + } + +-exec "{{SERVERBIN-DIR}}/db2index.pl @wrapperArgs -Z {{SERV-ID}}"; ++exec "{{SERVERBIN-DIR}}/db2index-online @wrapperArgs -Z {{SERV-ID}}"; + + exit ($?); +--- a/ldap/admin/src/scripts/template-db2ldif.pl.in ++++ b/ldap/admin/src/scripts/template-db2ldif.pl.in +@@ -26,6 +26,6 @@ while ($i <= $#ARGV) { + + $cwd = cwd(); + +-exec "{{SERVERBIN-DIR}}/db2ldif.pl -c $cwd @wrapperArgs -Z {{SERV-ID}}"; ++exec "{{SERVERBIN-DIR}}/db2ldif-online -c $cwd @wrapperArgs -Z {{SERV-ID}}"; + + exit ($?); +--- a/ldap/admin/src/scripts/template-ldif2db.pl.in ++++ b/ldap/admin/src/scripts/template-ldif2db.pl.in +@@ -23,6 +23,6 @@ while ($i <= $#ARGV) { + $i++; + } + +-exec "{{SERVERBIN-DIR}}/ldif2db.pl @wrapperArgs -Z {{SERV-ID}}"; ++exec "{{SERVERBIN-DIR}}/ldif2db-online @wrapperArgs -Z {{SERV-ID}}"; + + exit ($?); diff --git a/patches/reproducible-build.diff b/patches/reproducible-build.diff new file mode 100644 index 0000000..9fca919 --- /dev/null +++ b/patches/reproducible-build.diff @@ -0,0 +1,11 @@ +--- a/buildnum.pl ++++ b/buildnum.pl +@@ -31,7 +31,7 @@ if ($opt_H) {exitHelp();} + $platdir = $opt_p; + + # Get current time +-@now = gmtime; ++@now = gmtime ($ENV{SOURCE_DATE_EPOCH} || time); + + # Format buildnum as YYYY.DDD.HHMM + $year = $now[5] + 1900; diff --git a/patches/series b/patches/series new file mode 100644 index 0000000..9702f7b --- /dev/null +++ b/patches/series @@ -0,0 +1,11 @@ +use-bash-instead-of-sh.diff +rename-online-scripts.diff +ftbs_lsoftotkn3.diff +fix-bsd.patch +support-kfreebsd.patch +fix-obsolete-target.diff +fix-saslpath.diff +reproducible-build.diff +fix-systemctl-path.diff +fix-48986-cve-2017-2591.diff +fix-upstream-49245.diff diff --git a/patches/support-kfreebsd.patch b/patches/support-kfreebsd.patch new file mode 100644 index 0000000..729d496 --- /dev/null +++ b/patches/support-kfreebsd.patch @@ -0,0 +1,190 @@ +Description: Add support for kFreeBSD + The configure script should check for available features of the host instead + of assuming that specific hosts (e.g. Linux) have specific features. + . + This patch hacks the configure script and various source files to behave + on kFreeBSD similar to Linux. +Author: Benjamin Drung + +--- a/configure.ac ++++ b/configure.ac +@@ -544,6 +544,46 @@ case $host in + AC_SUBST([LIBCRYPT], [$LIBCRYPT]) + AC_DEFINE([USE_POSIX_RWLOCKS], [1], [POSIX rwlocks]) + ;; ++ *-*-kfreebsd*) ++ dnl Assume that BSD has the getpeereid() function. ++ dnl TODO: Check for the existance of the getpeereid() function! ++ AC_DEFINE([HAVE_GETPEEREID], [1], [have getpeereid]) ++ dnl Check if we need to link against the bsd library for the getpeereid() function. ++ AC_SEARCH_LIBS([getpeereid], [bsd]) ++ dnl Copied stuff from Linux section above ++ dnl TODO: Check for features instead of setting flags based on the host! ++ AC_DEFINE([XP_UNIX], [1], [UNIX]) ++ AC_DEFINE([freebsd], [1], [freebsd]) ++ AC_DEFINE([_GNU_SOURCE], [1], [GNU Source]) ++ initdir='$(sysconfdir)/rc.d/init.d' ++ # do arch specific kfreebsd stuff here ++ case $host in ++ i*86-*-linux*) ++ AC_DEFINE([CPU_x86], [], [cpu type x86]) ++ AC_DEFINE([ATOMIC_64BIT_OPERATIONS], [1], [enabling atomic counter]) ++ ;; ++ x86_64-*-linux*) ++ AC_DEFINE([CPU_x86_64], [], [cpu type x86_64]) ++ AC_DEFINE([ATOMIC_64BIT_OPERATIONS], [1], [enabling atomic counter]) ++ ;; ++ esac ++ AC_MSG_CHECKING([for GCC provided 64-bit atomic bool cas function ...]) ++ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], ++ [[long long ptrval = 0, val = 0, newval = 1; (void)__sync_bool_compare_and_swap_8(&ptrval, val, newval);]])], ++ [AC_DEFINE([HAVE_64BIT_ATOMIC_CAS_FUNC], [1], [have 64-bit atomic bool compare and swap function provided by gcc])AC_MSG_RESULT([yes])], ++ [AC_MSG_RESULT([no])]) ++ AC_MSG_CHECKING([for GCC provided 64-bit atomic ops functions ...]) ++ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], ++ [[long long ptrval = 0, val = 0; (void)__sync_add_and_fetch_8(&ptrval, val);]])], ++ [AC_DEFINE([HAVE_64BIT_ATOMIC_OP_FUNCS], [1], [have 64-bit atomic operation functions provided by gcc])AC_MSG_RESULT([yes])], ++ [AC_MSG_RESULT([no])]) ++ # some programs use the native thread library directly ++ THREADLIB=-lpthread ++ AC_SUBST([THREADLIB], [$THREADLIB]) ++ LIBCRYPT=-lcrypt ++ AC_SUBST([LIBCRYPT], [$LIBCRYPT]) ++ AC_DEFINE([USE_POSIX_RWLOCKS], [1], [POSIX rwlocks]) ++ ;; + ia64-hp-hpux*) + AC_DEFINE([hpux], [1], [HP-UX]) + AC_DEFINE([HPUX], [1], [HP-UX]) +--- a/include/base/systems.h ++++ b/include/base/systems.h +@@ -62,7 +62,7 @@ + /* warning: mmap doesn't work under 9.04 */ + #define SHMEM_MMAP_FLAGS MAP_FILE | MAP_VARIABLE | MAP_SHARED + +-#elif defined(Linux) ++#elif defined(Linux) || defined(freebsd) + + #define ACCELERATOR_CACHE + #define DNS_CACHE +--- a/include/public/base/systems.h ++++ b/include/public/base/systems.h +@@ -56,7 +56,7 @@ + #define SHMEM_UNIX_MMAP + #define ZERO(ptr,len) memset(ptr,0,len) + +-#elif defined(Linux) ++#elif defined(Linux) || defined(freebsd) + + #define FILE_UNIX + #define FILE_UNIX_MMAP +--- a/ldap/include/portable.h ++++ b/ldap/include/portable.h +@@ -250,7 +250,7 @@ int strncasecmp(const char *, const char + defined(UNIXWARE) || defined(SUNOS4) || defined(SNI) || defined(BSDI) || \ + defined(NCR) || defined(OSF1) || defined(NEC) || \ + ( defined(HPUX10) && !defined(_REENTRANT)) || defined(HPUX11) || \ +- defined(UnixWare) || defined(LINUX2_0) ++ defined(UnixWare) || defined(LINUX2_0) || defined(freebsd) + #define GETHOSTBYNAME( n, r, b, l, e ) gethostbyname( n ) + #elif defined(AIX) + #define GETHOSTBYNAME_BUF_T struct hostent_data +@@ -288,7 +288,7 @@ typedef char GETHOSTBYADDR_buf_t [BUFSIZ + #elif defined( hpux10 ) + #define CTIME( c, b, l ) nsldapi_compat_ctime_r( c, b, l ) + #elif defined( IRIX ) || defined(UNIXWARE) || defined(LINUX) \ +- || defined(OSF1V4) || defined(AIX) || defined(UnixWare) || defined (HPUX11) ++ || defined(OSF1V4) || defined(AIX) || defined(UnixWare) || defined (HPUX11) || defined(freebsd) + #define CTIME( c, b, l ) ctime_r( c, b ) + #elif defined( OSF1V3 ) + #define CTIME( c, b, l ) (ctime_r( c, b, l ) ? NULL : b) +@@ -297,7 +297,7 @@ typedef char GETHOSTBYADDR_buf_t [BUFSIZ + #endif + #if defined(hpux9) || defined(LINUX1_2) || defined(SUNOS4) || defined(SNI) || \ + defined(SCOOS) || defined(BSDI) || defined(NCR) || \ +- defined(NEC) || defined(LINUX2_0) ++ defined(NEC) || defined(LINUX2_0) || defined(freebsd) + /* strtok() is not MT safe, but it is okay to call here because used in mmt_protocol.xs which + has been moved in the tetframewrok */ + #define STRTOK( s1, s2, l ) strtok( s1, s2 ) +--- a/ldap/servers/slapd/daemon.c ++++ b/ldap/servers/slapd/daemon.c +@@ -38,7 +38,7 @@ + #endif /* NEED_FILIO */ + /* for some reason, linux tty stuff defines CTIME */ + #include +-#ifdef LINUX ++#if defined(LINUX) || defined(freebsd) + #undef CTIME + #include + #else +@@ -442,7 +442,7 @@ disk_mon_get_dirs(char ***list, int logs + char * + disk_mon_check_diskspace(char **dirs, PRUint64 threshold, PRUint64 *disk_space) + { +-#ifdef LINUX ++#if defined(LINUX) || defined(freebsd) + struct statfs buf; + #else + struct statvfs buf; +@@ -455,7 +455,7 @@ disk_mon_check_diskspace(char **dirs, PR + int i = 0; + + for(i = 0; dirs && dirs[i]; i++){ +-#ifndef LINUX ++#if !defined(LINUX) && !defined(freebsd) + if (statvfs(dirs[i], &buf) != -1) + #else + if (statfs(dirs[i], &buf) != -1) +--- a/ldap/servers/slapd/tools/pwenc.c ++++ b/ldap/servers/slapd/tools/pwenc.c +@@ -16,7 +16,7 @@ + #include + #include + #include +-#if defined(LINUX) /* I bet other Unix would like ++#if defined(LINUX) || defined(freebsd) /* I bet other Unix would like + * this flag. But don't want to + * break other builds so far */ + #include +--- a/ldap/systools/idsktune.c ++++ b/ldap/systools/idsktune.c +@@ -16,6 +16,11 @@ + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */ + static char *build_date = "14-JULY-2016"; + ++#if defined(freebsd) ++#define IDDS_BSD_INCLUDE 1 ++#define IDDS_BSD_SYSCTL 1 ++#endif ++ + #if defined(linux) || defined(__linux) || defined(__linux__) + #define IDDS_LINUX_INCLUDE 1 + #define IDDS_LINUX_SYSCTL 1 +--- a/lib/base/dnsdmain.cpp ++++ b/lib/base/dnsdmain.cpp +@@ -35,12 +35,12 @@ extern "C" { + #define _PATH_RESCONF "/etc/resolv.conf" + + NSPR_BEGIN_EXTERN_C +-#ifdef Linux ++#if defined Linux || defined(freebsd) + extern int getdomainname(char *, size_t); + #else + extern int getdomainname(char *, int); + #endif /* Linux */ +-#if defined(HPUX) || defined(Linux) || defined(SOLARIS_GCC) ++#if defined(HPUX) || defined(Linux) || defined(SOLARIS_GCC) || defined(freebsd) + extern int gethostname (char *name, size_t namelen); + #else + extern int gethostname (char *name, int namelen); +--- a/lib/base/file.cpp ++++ b/lib/base/file.cpp +@@ -213,7 +213,7 @@ NSAPI_PUBLIC int file_notfound(void) + return (errno == ENOENT); + } + +-#if !defined(LINUX) ++#if !defined(LINUX) && !defined(freebsd) + extern char *sys_errlist[]; + #endif + diff --git a/patches/use-bash-instead-of-sh.diff b/patches/use-bash-instead-of-sh.diff new file mode 100644 index 0000000..9febec0 --- /dev/null +++ b/patches/use-bash-instead-of-sh.diff @@ -0,0 +1,144 @@ +--- a/ldap/admin/src/scripts/bak2db.in ++++ b/ldap/admin/src/scripts/bak2db.in +@@ -1,4 +1,4 @@ +-#!/bin/sh ++#!/bin/bash + + . @datadir@/@package_name@/data/DSSharedLib + +--- a/ldap/admin/src/scripts/db2bak.in ++++ b/ldap/admin/src/scripts/db2bak.in +@@ -1,4 +1,4 @@ +-#!/bin/sh ++#!/bin/bash + + . @datadir@/@package_name@/data/DSSharedLib + +--- a/ldap/admin/src/scripts/db2index.in ++++ b/ldap/admin/src/scripts/db2index.in +@@ -1,4 +1,4 @@ +-#!/bin/sh ++#!/bin/bash + + . @datadir@/@package_name@/data/DSSharedLib + +--- a/ldap/admin/src/scripts/db2ldif.in ++++ b/ldap/admin/src/scripts/db2ldif.in +@@ -1,4 +1,4 @@ +-#!/bin/sh ++#!/bin/bash + + . @datadir@/@package_name@/data/DSSharedLib + +--- a/ldap/admin/src/scripts/dbverify.in ++++ b/ldap/admin/src/scripts/dbverify.in +@@ -1,4 +1,4 @@ +-#!/bin/sh ++#!/bin/bash + + . @datadir@/@package_name@/data/DSSharedLib + +--- a/ldap/admin/src/scripts/dn2rdn.in ++++ b/ldap/admin/src/scripts/dn2rdn.in +@@ -1,4 +1,4 @@ +-#!/bin/sh ++#!/bin/bash + + . @datadir@/@package_name@/data/DSSharedLib + +--- a/ldap/admin/src/scripts/ldif2db.in ++++ b/ldap/admin/src/scripts/ldif2db.in +@@ -1,4 +1,4 @@ +-#!/bin/sh ++#!/bin/bash + + . @datadir@/@package_name@/data/DSSharedLib + +--- a/ldap/admin/src/scripts/ldif2ldap.in ++++ b/ldap/admin/src/scripts/ldif2ldap.in +@@ -1,4 +1,4 @@ +-#!/bin/sh ++#!/bin/bash + + . @datadir@/@package_name@/data/DSSharedLib + +--- a/ldap/admin/src/scripts/monitor.in ++++ b/ldap/admin/src/scripts/monitor.in +@@ -1,4 +1,4 @@ +-#!/bin/sh ++#!/bin/bash + + . @datadir@/@package_name@/data/DSSharedLib + +--- a/ldap/admin/src/scripts/restart-dirsrv.in ++++ b/ldap/admin/src/scripts/restart-dirsrv.in +@@ -1,4 +1,4 @@ +-#!/bin/sh ++#!/bin/bash + + # Script that restarts the ns-slapd server. + # Exit status can be: +--- a/ldap/admin/src/scripts/restoreconfig.in ++++ b/ldap/admin/src/scripts/restoreconfig.in +@@ -1,4 +1,4 @@ +-#!/bin/sh ++#!/bin/bash + + . @datadir@/@package_name@/data/DSSharedLib + +--- a/ldap/admin/src/scripts/saveconfig.in ++++ b/ldap/admin/src/scripts/saveconfig.in +@@ -1,4 +1,4 @@ +-#!/bin/sh ++#!/bin/bash + + . @datadir@/@package_name@/data/DSSharedLib + +--- a/ldap/admin/src/scripts/start-dirsrv.in ++++ b/ldap/admin/src/scripts/start-dirsrv.in +@@ -1,4 +1,4 @@ +-#!/bin/sh ++#!/bin/bash + + # Script that starts the ns-slapd server. + # Exit status can be: +--- a/ldap/admin/src/scripts/stop-dirsrv.in ++++ b/ldap/admin/src/scripts/stop-dirsrv.in +@@ -1,4 +1,4 @@ +-#!/bin/sh ++#!/bin/bash + + # Script that stops the ns-slapd server. + # Exit status can be: +--- a/ldap/admin/src/scripts/suffix2instance.in ++++ b/ldap/admin/src/scripts/suffix2instance.in +@@ -1,4 +1,4 @@ +-#!/bin/sh ++#!/bin/bash + + . @datadir@/@package_name@/data/DSSharedLib + +--- a/ldap/admin/src/scripts/upgradedb.in ++++ b/ldap/admin/src/scripts/upgradedb.in +@@ -1,4 +1,4 @@ +-#!/bin/sh ++#!/bin/bash + + . @datadir@/@package_name@/data/DSSharedLib + +--- a/ldap/admin/src/scripts/upgradednformat.in ++++ b/ldap/admin/src/scripts/upgradednformat.in +@@ -1,4 +1,4 @@ +-#!/bin/sh ++#!/bin/bash + + . @datadir@/@package_name@/data/DSSharedLib + +--- a/ldap/admin/src/scripts/vlvindex.in ++++ b/ldap/admin/src/scripts/vlvindex.in +@@ -1,4 +1,4 @@ +-#!/bin/sh ++#!/bin/bash + + . @datadir@/@package_name@/data/DSSharedLib + diff --git a/rules b/rules new file mode 100755 index 0000000..d812ff0 --- /dev/null +++ b/rules @@ -0,0 +1,93 @@ +#!/usr/bin/make -f +# -*- makefile -*- + +export DEB_BUILD_MAINT_OPTIONS = hardening=+pie + +# Keep track of files we don't install +NOT_INSTALLED := + +REALFILE = \ + bin/cl-dump.pl \ + bin/dbgen.pl \ + bin/ds-logpipe.py \ + bin/logconv.pl \ + bin/repl-monitor.pl \ + sbin/migrate-ds.pl \ + sbin/remove-ds.pl \ + sbin/setup-ds.pl \ + sbin/cleanallruv.pl \ + sbin/fixup-linkedattrs.pl \ + sbin/fixup-memberof.pl \ + sbin/ns-accountstatus.pl \ + sbin/ns-activate.pl \ + sbin/ns-inactivate.pl \ + sbin/ns-newpwpolicy.pl \ + sbin/schema-reload.pl \ + sbin/syntax-validate.pl \ + sbin/usn-tombstone-cleanup.pl \ + sbin/verify-db.pl \ + share/man/man1/dbgen.pl.1 \ + share/man/man1/ds-logpipe.py.1 \ + share/man/man1/logconv.pl.1 \ + share/man/man8/migrate-ds.pl.8 \ + share/man/man8/setup-ds.pl.8 \ + share/man/man8/remove-ds.pl.8 + +# scripts for handling online servers +REALFILE_ONLINE = \ + sbin/bak2db.pl \ + sbin/db2bak.pl \ + sbin/db2index.pl \ + sbin/db2ldif.pl \ + sbin/ldif2db.pl \ + share/man/man8/bak2db.pl.8 \ + share/man/man8/db2bak.pl.8 \ + share/man/man8/db2index.pl.8 \ + share/man/man8/db2ldif.pl.8 \ + share/man/man8/ldif2db.pl.8 + +%: + dh $@ --parallel --with autoreconf,systemd --builddir build/ + +override_dh_auto_configure: + dh_auto_configure -- \ + --with-openldap \ + --with-systemd \ + --with-systemdsystemunitdir=/lib/systemd/system \ + --with-systemdsystemconfdir=/etc/systemd/system \ + --with-systemdgroupname=dirsrv.target \ + --with-tmpfiles-d=/etc/tmpfiles.d \ + --enable-autobind + +override_dh_auto_install: + dh_auto_install --max-parallel=1 + +override_dh_install: + # lets do the renaming here afterall, instead of in 389-ds-base.install + for file in $(REALFILE); do mv -f $(CURDIR)/debian/tmp/usr/$$file \ + $(CURDIR)/debian/tmp/usr/`echo $$file | \ + sed -s 's/\.pl//;s/\.py//'`; \ + done + # use -online suffix so that they won't overwrite the offline scripts + for file in $(REALFILE_ONLINE); do mv -f $(CURDIR)/debian/tmp/usr/$$file \ + $(CURDIR)/debian/tmp/usr/`echo $$file | \ + sed -s 's/\.pl/-online/'`; \ + done + # purge .la files + find $(CURDIR)/debian/tmp -name "*.la" -type f -exec rm -f "{}" \; + # fix template script headers + find $(CURDIR)/debian/tmp/usr/share/dirsrv/script-templates/ -type f -exec perl -pi -e 's,#\{\{PERL-EXEC\}\},#!/usr/bin/perl,' "{}" \; + + # Also get rid of other files which aren't installed. Do not + # use -f to ensure we notice disappearing files: + set -e; for file in $(NOT_INSTALLED); do rm debian/tmp/$$file; done + + mkdir -p $(CURDIR)/debian/tmp/etc/systemd/system/dirsrv.target.wants + + dh_install --fail-missing + +override_dh_systemd_enable: + dh_systemd_enable -p389-ds-base --no-enable dirsrv-snmp.service + +override_dh_shlibdeps: + dh_shlibdeps -l"debian/389-ds-base/usr/lib/$(DEB_HOST_MULTIARCH)/dirsrv" -a diff --git a/source/format b/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/tests/control b/tests/control new file mode 100644 index 0000000..603e559 --- /dev/null +++ b/tests/control @@ -0,0 +1,5 @@ +Tests: setup +Depends: + 389-ds-base, + python-lib389, +Restrictions: needs-root diff --git a/tests/setup b/tests/setup new file mode 100644 index 0000000..e23d910 --- /dev/null +++ b/tests/setup @@ -0,0 +1,17 @@ +#!/bin/sh + +# hack for lxc +IP=`ip route get 1.1.1.1 | awk '{print $NF; exit}'` +HOSTNAME=`cat /etc/hosts| grep '127.0.1.1' | awk '{print $NF; exit}'` +echo "$IP $HOSTNAME.debci $HOSTNAME" >> /etc/hosts + +/usr/sbin/setup-ds --silent -- \ + General.FullMachineName=$HOSTNAME.debci\ + General.SuiteSpotUserID=dirsrv\ + General.SuiteSpotGroup=dirsrv\ + slapd.ServerPort=1389\ + slapd.ServerIdentifier=debci\ + slapd.Suffix=dc=example,dc=com\ + slapd.RootDN="cn=Directory Manager"\ + slapd.RootDNPwd=Secret123 + diff --git a/watch b/watch new file mode 100644 index 0000000..727205b --- /dev/null +++ b/watch @@ -0,0 +1,3 @@ +#git=https://pagure.io/389-ds-base.git +version=3 +http://releases.pagure.org/389-ds-base/389-ds-base-(.*).tar.bz2