diff options
Diffstat (limited to 'meta-oe/recipes-support/openldap/openldap')
9 files changed, 77 insertions, 198 deletions
diff --git a/meta-oe/recipes-support/openldap/openldap/0001-build-top.mk-unset-STRIP_OPTS.patch b/meta-oe/recipes-support/openldap/openldap/0001-build-top.mk-unset-STRIP_OPTS.patch new file mode 100644 index 0000000000..9d25f2c599 --- /dev/null +++ b/meta-oe/recipes-support/openldap/openldap/0001-build-top.mk-unset-STRIP_OPTS.patch @@ -0,0 +1,38 @@ +From 321839cbd1d57f12d3d6695254d2003473d8dd1a Mon Sep 17 00:00:00 2001 +From: Yi Zhao <yi.zhao@windriver.com> +Date: Wed, 8 Dec 2021 16:58:55 +0800 +Subject: [PATCH] build/top.mk: unset STRIP_OPTS + +Unset STRIP_OPTS to disable strip to fix QA errors: + +ERROR: openldap-2.5.9-r0 do_package: QA Issue: File +'/usr/bin/ldapcompare' from openldap was already stripped, this will +prevent future debugging! [already-stripped] + +ERROR: openldap-2.5.9-r0 do_package: QA Issue: File +'/usr/bin/ldapdelete' from openldap was already stripped, this will +prevent future debugging! [already-stripped] + +Upstream-Status: Inappropriate [embedded specific] + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + build/top.mk | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/build/top.mk b/build/top.mk +index 38ce146..6e9fe1f 100644 +--- a/build/top.mk ++++ b/build/top.mk +@@ -60,7 +60,7 @@ INSTALL_PROGRAM = $(INSTALL) + INSTALL_DATA = $(INSTALL) -m 644 + INSTALL_SCRIPT = $(INSTALL) + +-STRIP_OPTS = -s ++STRIP_OPTS = + + LINT = lint + 5LINT = 5lint +-- +2.17.1 + diff --git a/meta-oe/recipes-support/openldap/openldap/install-strip.patch b/meta-oe/recipes-support/openldap/openldap/install-strip.patch deleted file mode 100644 index 2992b7030d..0000000000 --- a/meta-oe/recipes-support/openldap/openldap/install-strip.patch +++ /dev/null @@ -1,14 +0,0 @@ -# This patch ensures that the install operations which strip -# programs and libraries (LTINSTALL) work in a cross build -# environment. ---- openldap-2.2.24/.pc/install-strip.patch/build/top.mk 2005-01-20 09:00:55.000000000 -0800 -+++ openldap-2.2.24/build/top.mk 2005-04-16 13:48:20.536710376 -0700 -@@ -116,7 +116,7 @@ - LTLINK_MOD = $(LIBTOOL) $(LTONLY_MOD) --mode=link \ - $(CC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS_MOD) - --LTINSTALL = $(LIBTOOL) --mode=install $(INSTALL) -+LTINSTALL = STRIPPROG="" $(LIBTOOL) --mode=install $(top_srcdir)/contrib/ldapc++/install-sh -c - LTFINISH = $(LIBTOOL) --mode=finish - - # Misc UNIX commands used in build environment diff --git a/meta-oe/recipes-support/openldap/openldap/kill-icu.patch b/meta-oe/recipes-support/openldap/openldap/kill-icu.patch deleted file mode 100644 index dcf5411372..0000000000 --- a/meta-oe/recipes-support/openldap/openldap/kill-icu.patch +++ /dev/null @@ -1,30 +0,0 @@ -From: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org> - -slapd depends on ICU if it was built first. - -Upstream-status: inappropiate [embedded specific] ---- - configure.in | 8 -------- - 1 file changed, 8 deletions(-) - ---- openldap-2.4.23.orig/configure.in -+++ openldap-2.4.23/configure.in -@@ -2045,18 +2045,10 @@ if test $ol_enable_ndb != no ; then - SLAPD_LIBS="$SLAPD_LIBS \$(SLAPD_NDB_LIBS)" - fi - fi - - dnl ---------------------------------------------------------------- --dnl International Components for Unicode --OL_ICU --if test "$ol_icu" = no ; then -- AC_MSG_WARN([ICU not available]) --else -- ICU_LIBS="$ol_icu" --fi --dnl ---------------------------------------------------------------- - dnl - dnl Check for Cyrus SASL - dnl - WITH_SASL=no - ol_link_sasl=no diff --git a/meta-oe/recipes-support/openldap/openldap/openldap-2.4.28-gnutls-gcrypt.patch b/meta-oe/recipes-support/openldap/openldap/openldap-2.4.28-gnutls-gcrypt.patch deleted file mode 100644 index c7b1552c1c..0000000000 --- a/meta-oe/recipes-support/openldap/openldap/openldap-2.4.28-gnutls-gcrypt.patch +++ /dev/null @@ -1,17 +0,0 @@ -From http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/net-nds/openldap/files/ - -Upstream-status: Unknown - --- - ---- openldap-2.4.28/configure.in.orig 2012-02-11 22:40:36.004360795 +0000 -+++ openldap-2.4.28/configure.in 2012-02-11 22:40:13.410986851 +0000 -@@ -1214,7 +1214,7 @@ - ol_with_tls=gnutls - ol_link_tls=yes - -- TLS_LIBS="-lgnutls" -+ TLS_LIBS="-lgnutls -lgcrypt" - - AC_DEFINE(HAVE_GNUTLS, 1, - [define if you have GNUtls]) diff --git a/meta-oe/recipes-support/openldap/openldap/openldap-CVE-2015-3276.patch b/meta-oe/recipes-support/openldap/openldap/openldap-CVE-2015-3276.patch deleted file mode 100644 index de9ca528a2..0000000000 --- a/meta-oe/recipes-support/openldap/openldap/openldap-CVE-2015-3276.patch +++ /dev/null @@ -1,59 +0,0 @@ -openldap CVE-2015-3276 - -the patch comes from: -https://bugzilla.redhat.com/show_bug.cgi?id=1238322 -https://bugzilla.redhat.com/attachment.cgi?id=1055640 - -The nss_parse_ciphers function in libraries/libldap/tls_m.c in -OpenLDAP does not properly parse OpenSSL-style multi-keyword mode -cipher strings, which might cause a weaker than intended cipher to -be used and allow remote attackers to have unspecified impact via -unknown vectors. - -Signed-off-by: Li Wang <li.wang@windriver.com> ---- - libraries/libldap/tls_m.c | 27 ++++++++++++++++----------- - 1 file changed, 16 insertions(+), 11 deletions(-) - -diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c -index 9b101f9..e6f3051 100644 ---- a/libraries/libldap/tls_m.c -+++ b/libraries/libldap/tls_m.c -@@ -621,18 +621,23 @@ nss_parse_ciphers(const char *cipherstr, int cipher_list[ciphernum]) - */ - if (mask || strength || protocol) { - for (i=0; i<ciphernum; i++) { -- if (((ciphers_def[i].attr & mask) || -- (ciphers_def[i].strength & strength) || -- (ciphers_def[i].version & protocol)) && -- (cipher_list[i] != -1)) { -- /* Enable the NULL ciphers only if explicity -- * requested */ -- if (ciphers_def[i].attr & SSL_eNULL) { -- if (mask & SSL_eNULL) -- cipher_list[i] = action; -- } else -+ /* if more than one mask is provided -+ * then AND logic applies (to match openssl) -+ */ -+ if ( cipher_list[i] == -1) ) -+ continue; -+ if ( mask && ! (ciphers_def[i].attr & mask) ) -+ continue; -+ if ( strength && ! (ciphers_def[i].strength & strength) ) -+ continue; -+ if ( protocol && ! (ciphers_def[i].version & protocol) ) -+ continue; -+ /* Enable the NULL ciphers only if explicity requested */ -+ if (ciphers_def[i].attr & SSL_eNULL) { -+ if (mask & SSL_eNULL) - cipher_list[i] = action; -- } -+ } else -+ cipher_list[i] = action; - } - } else { - for (i=0; i<ciphernum; i++) { --- -1.7.9.5 - diff --git a/meta-oe/recipes-support/openldap/openldap/openldap-m4-pthread.patch b/meta-oe/recipes-support/openldap/openldap/openldap-m4-pthread.patch deleted file mode 100644 index b669b7254d..0000000000 --- a/meta-oe/recipes-support/openldap/openldap/openldap-m4-pthread.patch +++ /dev/null @@ -1,20 +0,0 @@ ---- openldap-2.3.11/build/openldap.m4.orig 2005-11-11 00:11:18.604322590 -0800 -+++ openldap-2.3.11/build/openldap.m4 2005-11-11 00:26:21.621145856 -0800 -@@ -788,7 +788,7 @@ AC_DEFUN([OL_PTHREAD_TEST_FUNCTION],[[ - ]]) - - AC_DEFUN([OL_PTHREAD_TEST_PROGRAM], --AC_LANG_SOURCE([OL_PTHREAD_TEST_INCLUDES -+[AC_LANG_SOURCE([[OL_PTHREAD_TEST_INCLUDES - - int main(argc, argv) - int argc; -@@ -796,7 +796,7 @@ int main(argc, argv) - { - OL_PTHREAD_TEST_FUNCTION - } --])) -+]])]) - dnl -------------------------------------------------------------------- - AC_DEFUN([OL_PTHREAD_TRY], [# Pthread try link: $1 ($2) - if test "$ol_link_threads" = no ; then diff --git a/meta-oe/recipes-support/openldap/openldap/remove-user-host-pwd-from-version.patch b/meta-oe/recipes-support/openldap/openldap/remove-user-host-pwd-from-version.patch new file mode 100644 index 0000000000..7a1b5aaad7 --- /dev/null +++ b/meta-oe/recipes-support/openldap/openldap/remove-user-host-pwd-from-version.patch @@ -0,0 +1,39 @@ +From 868a04b0596e2df708ba14ed70815b1411db3db1 Mon Sep 17 00:00:00 2001 +From: Changqing Li <changqing.li@windriver.com> +Date: Thu, 21 Feb 2019 11:33:24 +0800 +Subject: [PATCH] mkversion: remove user host pwd from version + +Upstream-Status: Pending + +Update this patch to version 2.4.47 + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + build/mkversion | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +--- a/build/mkversion ++++ b/build/mkversion +@@ -53,8 +53,12 @@ APPLICATION=$1 + # Reproducible builds set SOURCE_DATE_EPOCH, want constant strings + if [ -n "${SOURCE_DATE_EPOCH}" ]; then + WHOWHERE="openldap" ++ DATE=$(date -d@$SOURCE_DATE_EPOCH +' %b %d %Y ') ++ TIME=$(date -d@$SOURCE_DATE_EPOCH +' %H:%M:%S ') + else +- WHOWHERE="$USER@$(uname -n):$(pwd)" ++ WHOWHERE="openldap" ++ DATE='" __DATE__ "' ++ TIME='" __TIME__ "' + fi + + cat << __EOF__ +@@ -77,7 +81,7 @@ static const char copyright[] = + "COPYING RESTRICTIONS APPLY\n"; + + $static $const char $SYMBOL[] = +-"@(#) \$$PACKAGE: $APPLICATION $VERSION (" __DATE__ " " __TIME__ ") \$\n" ++"@(#) \$$PACKAGE: $APPLICATION $VERSION ($DATE $TIME) \$\n" + "\t$WHOWHERE\n"; + + __EOF__ diff --git a/meta-oe/recipes-support/openldap/openldap/thread_stub.patch b/meta-oe/recipes-support/openldap/openldap/thread_stub.patch deleted file mode 100644 index 540ba4a635..0000000000 --- a/meta-oe/recipes-support/openldap/openldap/thread_stub.patch +++ /dev/null @@ -1,20 +0,0 @@ -openldap: set pointer - -When the function ldap_pvt_thread_pool_getkey() succeeds, it -must set the value of *data since the caller may try to use it. - -Upstream-Status: pending - -Signed-off-by: Joe Slater <jslater@windriver.com> - - ---- a/libraries/libldap_r/thr_stub.c -+++ b/libraries/libldap_r/thr_stub.c -@@ -217,6 +217,7 @@ ldap_pvt_thread_pool_unidle ( ldap_pvt_t - int ldap_pvt_thread_pool_getkey ( - void *ctx, void *key, void **data, ldap_pvt_thread_pool_keyfree_t **kfree ) - { -+ if (data) *data = NULL; /* avoid problems with uninitialized *data */ - return(0); - } - diff --git a/meta-oe/recipes-support/openldap/openldap/use-urandom.patch b/meta-oe/recipes-support/openldap/openldap/use-urandom.patch deleted file mode 100644 index e7b988fafd..0000000000 --- a/meta-oe/recipes-support/openldap/openldap/use-urandom.patch +++ /dev/null @@ -1,38 +0,0 @@ -openldap: assume /dev/urandom exists - -When we are cross-compiling, we want to assume -that /dev/urandom exists. We could change the source -code to look for it, but this is the easy way out. - -Upstream-Status: pending - -Signed-off-by: Joe Slater <jslater@windriver.com> - - ---- a/configure.in -+++ b/configure.in -@@ -2142,8 +2142,8 @@ fi - - dnl ---------------------------------------------------------------- - dnl Check for entropy sources -+dev=no - if test $cross_compiling != yes && test "$ac_cv_mingw32" != yes ; then -- dev=no - if test -r /dev/urandom ; then - dev="/dev/urandom"; - elif test -r /idev/urandom ; then -@@ -2156,9 +2156,11 @@ if test $cross_compiling != yes && test - dev="/idev/random"; - fi - -- if test $dev != no ; then -- AC_DEFINE_UNQUOTED(URANDOM_DEVICE,"$dev",[set to urandom device]) -- fi -+elif test $cross_compiling == yes ; then -+ dev="/dev/urandom"; -+fi -+if test $dev != no ; then -+ AC_DEFINE_UNQUOTED(URANDOM_DEVICE,"$dev",[set to urandom device]) - fi - - dnl ---------------------------------------------------------------- |