diff options
Diffstat (limited to 'user/openldap')
| -rw-r--r-- | user/openldap/APKBUILD | 68 | ||||
| -rw-r--r-- | user/openldap/configs.patch | 41 | ||||
| -rw-r--r-- | user/openldap/fix-manpages.patch | 22 | ||||
| -rw-r--r-- | user/openldap/openldap-2.4-ppolicy.patch | 13 | ||||
| -rw-r--r-- | user/openldap/openldap-2.4.11-libldap_r.patch | 11 | ||||
| -rw-r--r-- | user/openldap/test063.patch | 17 | ||||
| -rw-r--r-- | user/openldap/test079.patch | 160 | ||||
| -rw-r--r-- | user/openldap/time64.patch | 198 |
8 files changed, 420 insertions, 110 deletions
diff --git a/user/openldap/APKBUILD b/user/openldap/APKBUILD index 3f84e64c7..0aef3baa7 100644 --- a/user/openldap/APKBUILD +++ b/user/openldap/APKBUILD @@ -1,7 +1,8 @@ # Maintainer: A. Wilcox <awilfox@adelielinux.org> -# Contributor: Jakub Jirutka <jakub@jirutka.cz> # # secfixes: +# 2.4.50-r0: +# - CVE-2020-12243 # 2.4.48-r0: # - CVE-2019-13057 # - CVE-2019-13565 @@ -12,29 +13,28 @@ # - CVE-2017-9287 # pkgname=openldap -pkgver=2.4.48 -pkgrel=0 +pkgver=2.6.3 +pkgrel=2 pkgdesc="LDAP Server" -url="http://www.openldap.org/" +url="https://www.openldap.org/" arch="all" -options="!check" # Test suite takes > 2 hours to complete on each builder. -license="custom" +license="OLDAP-2.8" depends="" -pkgusers="ldap" -pkggroups="ldap" depends_dev="openssl-dev cyrus-sasl-dev util-linux-dev" -makedepends="$depends_dev db-dev groff unixodbc-dev libtool - autoconf automake libtool" +makedepends="$depends_dev groff icu-dev unixodbc-dev libtool" subpackages="$pkgname-dev $pkgname-doc libldap $pkgname-openrc $pkgname-clients $pkgname-passwd-pbkdf2:passwd_pbkdf2 $pkgname-backend-all:_backend_all:noarch $pkgname-overlay-all:_overlay_all:noarch" +pkgusers="ldap" +pkggroups="ldap" install="$pkgname.pre-install $pkgname.post-install $pkgname.post-upgrade" -source="ftp://ftp.$pkgname.org/pub/OpenLDAP/$pkgname-release/$pkgname-$pkgver.tgz - openldap-2.4-ppolicy.patch - openldap-2.4.11-libldap_r.patch +source="https://www.$pkgname.org/software/download/OpenLDAP/$pkgname-release/$pkgname-$pkgver.tgz fix-manpages.patch configs.patch + test063.patch + test079.patch + time64.patch slapd.initd slapd.confd @@ -42,8 +42,7 @@ source="ftp://ftp.$pkgname.org/pub/OpenLDAP/$pkgname-release/$pkgname-$pkgver.tg # SLAPD backends _backends="" -for _name in bdb dnssrv hdb ldap mdb meta monitor null passwd \ - relay shell sql sock +for _name in dnssrv ldap mdb meta null passwd relay sock do subpackages="$subpackages $pkgname-back-$_name:_backend" _backends="$_backends $pkgname-back-$_name" @@ -59,17 +58,7 @@ do _overlays="$_overlays $pkgname-overlay-$_name" done -prepare() { - cd "$builddir" - update_config_sub - - sed -i '/^STRIP/s,-s,,g' build/top.mk - libtoolize --force && aclocal && autoconf -} - -build () { - cd "$builddir" - +build() { ./configure \ --build=$CBUILD \ --host=$CHOST \ @@ -82,22 +71,18 @@ build () { --enable-crypt \ --enable-modules \ --enable-dynamic \ - --enable-bdb=mod \ --enable-dnssrv=mod \ - --enable-hdb=mod \ --enable-ldap=mod \ --enable-mdb=mod \ --enable-meta=mod \ - --enable-monitor=mod \ --enable-null=mod \ --enable-passwd=mod \ --enable-relay=mod \ - --enable-shell=mod \ --enable-sock=mod \ - --enable-sql=mod \ --enable-overlays=mod \ --with-tls=openssl \ --with-cyrus-sasl + make depend make # Build passwd pbkdf2. @@ -106,13 +91,10 @@ build () { } check() { - cd "$builddir" make check } package() { - cd "$builddir" - make DESTDIR="$pkgdir" install # Install passwd pbkdf2. @@ -124,8 +106,8 @@ package() { rmdir var/lib/openldap/run # Fix tools symlinks to slapd. - local path; for path in $(find usr/sbin/ -type l); do - ln -sf slapd $path + for _path in $(find usr/sbin/ -type l); do + ln -sf slapd $_path done # Move executable from lib to sbin. @@ -149,7 +131,6 @@ package() { libldap() { pkgdesc="OpenLDAP libraries" depends="" - install="" _submv "usr/lib/*.so*" etc/openldap/ldap.conf } @@ -199,16 +180,17 @@ _overlay() { } _submv() { - local path; for path in "$@"; do + for path in "$@"; do mkdir -p "$subpkgdir"/${path%/*} mv "$pkgdir"/$path "$subpkgdir"/${path%/*}/ done } -sha512sums="cf694a415be0bd55cc7f606099da2ed461748efd276561944cd29d7f5a8252a9be799d8778fac2d4fa9f382731eb4ca48c6b85630cb58a3b8249843561ae8feb openldap-2.4.48.tgz -5d34d49eabe7cb66cf8284cc3bd9730fa23df4932df68549e242d250ee50d40c434ae074ebc720d5fbcd9d16587c9333c5598d30a5f1177caa61461ab7771f38 openldap-2.4-ppolicy.patch -44d97efb25d4f39ab10cd5571db43f3bfa7c617a5bb087085ae16c0298aca899b55c8742a502121ba743a73e6d77cd2056bc96cee63d6d0862dabc8fb5574357 openldap-2.4.11-libldap_r.patch -8c4244d316a05870dd1147b2ab7ddbcfd7626b5dce2f5a0e72f066dc635c2edb4f1ea3be88c6fec2d5ab016001be16bedef70f2ce0695c3cd96f69e1614ff177 fix-manpages.patch -0d2e570ddcb7ace1221abad9fc1d3dd0d00d6948340df69879b449959a68feee6a0ad8e17ef9971b35986293e16fc9d8e88de81815fedd5ea6a952eb085406ca configs.patch +sha512sums="56efbbfc68779ad635d2c25228eb9c4f1553b107b96e8a438029b1c5d2f2647cf4d437770554392b436718ea44a4813e17f5195049f67fc09d063a981096cd85 openldap-2.6.3.tgz +0c026a5c8790ebb7d6784514363f1403c693d61defbeaacae574267c3b7833f198919d31604da1f49db3000c9a561cb6d36d95e021f7906761e45d1434cef15b fix-manpages.patch +1a1f669db968061eb8c9fb5e42768d0f12075d4eb4d8ae7085533276775027c56760c2f7413494deebec4d78b053f674661236e6e1506ecffadf510985c393c0 configs.patch +26fbe3fa2182d80ee98e6885972f803d03ac45a72cb8478c31e76a6f07f45565e6fdcdbf528fcf61e77fd4f9e2068e4f82d9c9c178df7da103d4e9b714bf204e test063.patch +c7f2b32f2643d6b7ea5dbee6c1baad7cae53ea9d511cfae6c976edb8f8f85ae14351f612f02e560d15c6b577676804fd7b0a6f45f79cc1cdbe11f117e61ad088 test079.patch +a3d2ce7cbfd8a24605efef47550833e0a2e0f7aa426a46342e5f7bf2ef082b1640c31cd33eb246c225cc4cdc011ed4a640763158111e62f9e76e3530c3fa786e time64.patch 0c3606e4dad1b32f1c4b62f2bc1990a4c9f7ccd10c7b50e623309ba9df98064e68fc42a7242450f32fb6e5fa2203609d3d069871b5ae994cd4b227a078c93532 slapd.initd 64dc4c0aa0abe3d9f7d2aef25fe4c8e23c53df2421067947ac4d096c9e942b26356cb8577ebc41b52d88d0b0a03b2a3e435fe86242671f9b36555a5f82ee0e3a slapd.confd" diff --git a/user/openldap/configs.patch b/user/openldap/configs.patch index e7ec65c4b..c7077672a 100644 --- a/user/openldap/configs.patch +++ b/user/openldap/configs.patch @@ -1,3 +1,6 @@ +* Use /run/openldap for the state directory. +* We use .so instead of .la for module suffix. + --- a/servers/slapd/slapd.conf +++ b/servers/slapd/slapd.conf @@ -2,7 +2,7 @@ @@ -9,7 +12,7 @@ # Define global ACLs to disable default read access. -@@ -10,13 +10,16 @@ +@@ -10,13 +10,14 @@ # service AND an understanding of referrals. #referral ldap://root.openldap.org @@ -20,18 +23,16 @@ +argsfile /run/openldap/slapd.args # Load dynamic backend modules: --# modulepath %MODULEDIR% --# moduleload back_mdb.la +-modulepath %MODULEDIR% +-moduleload back_mdb.la -# moduleload back_ldap.la +modulepath /usr/lib/openldap +moduleload back_mdb.so -+# moduleload back_hdb.so -+# moduleload back_bbd.so +# moduleload back_ldap.so # Sample security restrictions # Require integrity protection (prevent hijacking) -@@ -53,13 +56,16 @@ +@@ -62,13 +63,16 @@ maxsize 1073741824 suffix "dc=my-domain,dc=com" rootdn "cn=Manager,dc=my-domain,dc=com" @@ -63,30 +64,18 @@ # # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. -@@ -26,22 +27,23 @@ - # - # Load dynamic backend modules: - # --#dn: cn=module,cn=config --#objectClass: olcModuleList --#cn: module --#olcModulepath: %MODULEDIR% --#olcModuleload: back_bdb.la --#olcModuleload: back_hdb.la +@@ -29,16 +30,16 @@ + dn: cn=module,cn=config + objectClass: olcModuleList + cn: module +-olcModulepath: %MODULEDIR% +-olcModuleload: back_mdb.la -#olcModuleload: back_ldap.la -#olcModuleload: back_passwd.la --#olcModuleload: back_shell.la -+dn: cn=module,cn=config -+objectClass: olcModuleList -+cn: module +olcModulepath: /usr/lib/openldap -+#olcModuleload: back_bdb.so -+#olcModuleload: back_hdb.so -+#olcModuleload: back_ldap.so +olcModuleload: back_mdb.so ++#olcModuleload: back_ldap.so +#olcModuleload: back_passwd.so -+#olcModuleload: back_shell.so - dn: cn=schema,cn=config objectClass: olcSchemaConfig @@ -97,7 +86,7 @@ # Frontend settings # -@@ -83,13 +85,16 @@ +@@ -81,13 +82,16 @@ olcDatabase: mdb olcSuffix: dc=my-domain,dc=com olcRootDN: cn=Manager,dc=my-domain,dc=com diff --git a/user/openldap/fix-manpages.patch b/user/openldap/fix-manpages.patch index 179569494..03c925537 100644 --- a/user/openldap/fix-manpages.patch +++ b/user/openldap/fix-manpages.patch @@ -8,7 +8,7 @@ diff --git a/doc/man/man1/ldapmodify.1 b/doc/man/man1/ldapmodify.1 index 3def6da..466c772 100644 --- a/doc/man/man1/ldapmodify.1 +++ b/doc/man/man1/ldapmodify.1 -@@ -397,8 +397,7 @@ exit status and a diagnostic message being written to standard error. +@@ -382,8 +382,7 @@ exit status and a diagnostic message being written to standard error. .BR ldap_add_ext (3), .BR ldap_delete_ext (3), .BR ldap_modify_ext (3), @@ -18,18 +18,6 @@ index 3def6da..466c772 100644 .SH AUTHOR The OpenLDAP Project <http://www.openldap.org/> .SH ACKNOWLEDGEMENTS -diff --git a/doc/man/man5/ldap.conf.5 b/doc/man/man5/ldap.conf.5 -index cfde143..63592cb 100644 ---- a/doc/man/man5/ldap.conf.5 -+++ b/doc/man/man5/ldap.conf.5 -@@ -317,6 +317,7 @@ certificates in separate individual files. The - .B TLS_CACERT - is always used before - .B TLS_CACERTDIR. -+The specified directory must be managed with the LibreSSL c_rehash utility. - This parameter is ignored with GnuTLS. - - When using Mozilla NSS, <path> may contain a Mozilla NSS cert/key diff --git a/doc/man/man8/slapd.8 b/doc/man/man8/slapd.8 index b739f4d..e2a1a00 100644 --- a/doc/man/man8/slapd.8 @@ -41,9 +29,9 @@ index b739f4d..e2a1a00 100644 -.B LIBEXECDIR/slapd +.B slapd [\c - .BR \-4 | \-6 ] + .BR \-V [ V [ V ]] [\c -@@ -317,7 +317,7 @@ the LDAP databases defined in the default config file, just type: +@@ -332,7 +332,7 @@ the LDAP databases defined in the default config file, just type: .LP .nf .ft tt @@ -52,7 +40,7 @@ index b739f4d..e2a1a00 100644 .ft .fi .LP -@@ -328,7 +328,7 @@ on voluminous debugging which will be printed on standard error, type: +@@ -343,7 +343,7 @@ on voluminous debugging which will be printed on standard error, type: .LP .nf .ft tt @@ -61,7 +49,7 @@ index b739f4d..e2a1a00 100644 .ft .fi .LP -@@ -336,7 +336,7 @@ To test whether the configuration file is correct or not, type: +@@ -351,7 +351,7 @@ To test whether the configuration file is correct or not, type: .LP .nf .ft tt diff --git a/user/openldap/openldap-2.4-ppolicy.patch b/user/openldap/openldap-2.4-ppolicy.patch deleted file mode 100644 index c05790e3e..000000000 --- a/user/openldap/openldap-2.4-ppolicy.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff -urN ./clients.orig/tools/common.c ./clients/tools/common.c ---- ./clients.orig/tools/common.c 2007-09-01 01:13:50.000000000 +0200 -+++ ./clients/tools/common.c 2008-01-13 21:50:06.000000000 +0100 -@@ -1262,8 +1262,8 @@ - int nsctrls = 0; - - #ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST -+ LDAPControl c; - if ( ppolicy ) { -- LDAPControl c; - c.ldctl_oid = LDAP_CONTROL_PASSWORDPOLICYREQUEST; - c.ldctl_value.bv_val = NULL; - c.ldctl_value.bv_len = 0; diff --git a/user/openldap/openldap-2.4.11-libldap_r.patch b/user/openldap/openldap-2.4.11-libldap_r.patch deleted file mode 100644 index 448249a3b..000000000 --- a/user/openldap/openldap-2.4.11-libldap_r.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -Nuar openldap-2.4.11.orig/servers/slapd/slapi/Makefile.in openldap-2.4.11/servers/slapd/slapi/Makefile.in ---- openldap-2.4.11.orig/servers/slapd/slapi/Makefile.in 2008-02-11 15:26:49.000000000 -0800 -+++ openldap-2.4.11/servers/slapd/slapi/Makefile.in 2008-10-14 02:10:18.402799262 -0700 -@@ -37,6 +37,7 @@ - XLIBS = $(LIBRARY) - XXLIBS = - NT_LINK_LIBS = $(AC_LIBS) -+UNIX_LINK_LIBS = ../../../libraries/libldap_r/libldap_r.la $(LTHREAD_LIBS) - - XINCPATH = -I$(srcdir)/.. -I$(srcdir) - XDEFS = $(MODULES_CPPFLAGS) diff --git a/user/openldap/test063.patch b/user/openldap/test063.patch new file mode 100644 index 000000000..972feba6f --- /dev/null +++ b/user/openldap/test063.patch @@ -0,0 +1,17 @@ +Test #63 fails with a server replication race. + +Seen in Debian at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010608 - +thanks to Ryan Tandy for root cause analysis and suggested fix. + +--- openldap-2.6.2/tests/scripts/test063-delta-multiprovider 2022-05-04 09:55:23.000000000 -0500 ++++ openldap-2.6.2/tests/scripts/test063-delta-multiprovider 2022-06-01 02:14:47.230724205 -0500 +@@ -318,6 +318,9 @@ + exit $RC + fi + ++echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." ++sleep $SLEEP1 ++ + THEDN="cn=James A Jones 2,ou=Alumni Association,ou=People,dc=example,dc=com" + sleep 1 + for i in 1 2 3; do diff --git a/user/openldap/test079.patch b/user/openldap/test079.patch new file mode 100644 index 000000000..a902ba878 --- /dev/null +++ b/user/openldap/test079.patch @@ -0,0 +1,160 @@ +From 0031b8ed342386960ab9d0cd1566196ba0e6ae42 Mon Sep 17 00:00:00 2001 +From: "A. Wilcox" <AWilcox@Wilcox-Tech.com> +Date: Wed, 1 Jun 2022 04:36:24 -0500 +Subject: [PATCH] Tests: Use ldapsearch(1) correctly in test079 + +Before this change, ldapsearch(1) was not being called with the correct +parameter syntax. This caused the test to fail on musl libc environments +where getopt(3) is more strict, with messages like: + +Error: LDAP connection to remote LDAP server is not found (1) + +The test.out file simply stated: + +ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) + +Indeed, strace showed that the `-H` param was missed and we were trying +to connect to port 389: + +connect(3, {sa_family=AF_INET6, sin6_port=htons(389), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_scope_id=0}, 28) = -1 ECONNREFUSED (Connection refused) +--- + tests/scripts/test079-proxy-timeout | 40 ++++++++++++++--------------- + 1 file changed, 20 insertions(+), 20 deletions(-) + +diff --git a/tests/scripts/test079-proxy-timeout b/tests/scripts/test079-proxy-timeout +index 6a8e0c7a8..9ece4c1a1 100755 +--- a/tests/scripts/test079-proxy-timeout ++++ b/tests/scripts/test079-proxy-timeout +@@ -139,10 +139,10 @@ fi + + echo "Checking that proxy has created connections towards backend (time_t now=`date +%s`)" + +-$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \ ++$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL \ + -D "cn=Manager,dc=local,dc=com" \ + -H $URI2 \ +- -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null ++ -w $PASSWD olmDbConnURI 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null + RC=$? + if test $RC != 0 ; then + echo "Error: LDAP connection to remote LDAP server is not found ($RC)" +@@ -150,10 +150,10 @@ if test $RC != 0 ; then + exit $RC + fi + +-$LDAPSEARCH -b "cn=Connections,cn=database 3,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \ ++$LDAPSEARCH -b "cn=Connections,cn=database 3,cn=databases,cn=monitor" -s one -LLL \ + -D "cn=Manager,dc=local,dc=com" \ + -H $URI2 \ +- -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null ++ -w $PASSWD olmDbConnURI 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null + RC=$? + if test $RC != 0 ; then + echo "Error: LDAP connection to remote LDAP server is not found ($RC)" +@@ -171,10 +171,10 @@ sleep `expr $CONN_EXPIRES - $NOW + 2` + + echo "Checking that proxy has closed expired connections towards the remote LDAP server (time_t now=`date +%s`)" + +-$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \ ++$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL \ + -D "cn=Manager,dc=local,dc=com" \ + -H $URI2 \ +- -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null ++ -w $PASSWD olmDbConnURI 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null + RC=$? + if test $RC != 1 ; then + echo "Error: LDAP connection to remote LDAP server was not closed" +@@ -182,10 +182,10 @@ if test $RC != 1 ; then + exit $RC + fi + +-$LDAPSEARCH -b "cn=Connections,cn=database 3,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \ ++$LDAPSEARCH -b "cn=Connections,cn=database 3,cn=databases,cn=monitor" -s one -LLL \ + -D "cn=Manager,dc=local,dc=com" \ + -H $URI2 \ +- -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null ++ -w $PASSWD olmDbConnURI 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null + RC=$? + if test $RC != 1 ; then + echo "Error: LDAP connection to remote LDAP server was not closed" +@@ -235,10 +235,10 @@ sleep 2 + + echo "Checking that proxy has created connections towards backend (time_t now=`date +%s`)" + +-$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \ ++$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL \ + -D "cn=Manager,dc=local,dc=com" \ + -H $URI2 \ +- -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null ++ -w $PASSWD olmDbConnURI 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null + RC=$? + if test $RC != 0 ; then + echo "Error: LDAP connection to remote LDAP server is not found ($RC)" +@@ -246,10 +246,10 @@ if test $RC != 0 ; then + exit $RC + fi + +-$LDAPSEARCH -b "cn=Connections,cn=database 3,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \ ++$LDAPSEARCH -b "cn=Connections,cn=database 3,cn=databases,cn=monitor" -s one -LLL \ + -D "cn=Manager,dc=local,dc=com" \ + -H $URI2 \ +- -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null ++ -w $PASSWD olmDbConnURI 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null + RC=$? + if test $RC != 0 ; then + echo "Error: LDAP connection to remote LDAP server is not found ($RC)" +@@ -267,10 +267,10 @@ sleep `expr $CONN_EXPIRES - $NOW + 2` + + echo "Checking that proxy has closed expired connections towards the remote LDAP server (time_t now=`date +%s`)" + +-$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \ ++$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL \ + -D "cn=Manager,dc=local,dc=com" \ + -H $URI2 \ +- -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null ++ -w $PASSWD olmDbConnURI 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null + RC=$? + if test $RC != 1 ; then + echo "Error: LDAP connection to remote LDAP server was not closed" +@@ -278,10 +278,10 @@ if test $RC != 1 ; then + exit $RC + fi + +-$LDAPSEARCH -b "cn=Connections,cn=database 3,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \ ++$LDAPSEARCH -b "cn=Connections,cn=database 3,cn=databases,cn=monitor" -s one -LLL \ + -D "cn=Manager,dc=local,dc=com" \ + -H $URI2 \ +- -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null ++ -w $PASSWD olmDbConnURI 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null + RC=$? + if test $RC != 1 ; then + echo "Error: LDAP connection to remote LDAP server was not closed" +@@ -339,10 +339,10 @@ fi + NOW=`date +%s` + sleep `expr $CONN_EXPIRES - $NOW - 2` + echo "Check that connection is still alive due to idle-timeout reset (time_t now=`date +%s`)" +-$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \ ++$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL \ + -D "cn=Manager,dc=local,dc=com" \ + -H $URI2 \ +- -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null ++ -w $PASSWD olmDbConnURI 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null + RC=$? + if test $RC != 0 ; then + echo "Error: LDAP connection to remote LDAP server is not found ($RC)" +@@ -354,10 +354,10 @@ fi + NOW=`date +%s` + sleep `expr $CONN_EXPIRES - $NOW + 2` + echo "Check that connection is closed after extended idle-timeout has passed (time_t now=`date +%s`)" +-$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \ ++$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL \ + -D "cn=Manager,dc=local,dc=com" \ + -H $URI2 \ +- -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null ++ -w $PASSWD olmDbConnURI 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null + RC=$? + if test $RC != 1 ; then + echo "Error: LDAP connection to remote LDAP server was not closed" +-- +2.32.0 (Apple Git-132) + diff --git a/user/openldap/time64.patch b/user/openldap/time64.patch new file mode 100644 index 000000000..780d67069 --- /dev/null +++ b/user/openldap/time64.patch @@ -0,0 +1,198 @@ +diff -ur a/libraries/libldap/os-ip.c b/libraries/libldap/os-ip.c +--- a/libraries/libldap/os-ip.c 2022-12-12 23:12:56.618567894 -0600 ++++ b/libraries/libldap/os-ip.c 2022-12-13 00:07:17.852129075 -0600 +@@ -287,7 +287,7 @@ + int rc; + + +- Debug2(LDAP_DEBUG_TRACE, "ldap_int_poll: fd: %d tm: %ld\n", ++ Debug2(LDAP_DEBUG_TRACE, "ldap_int_poll: fd: %d tm: %lld\n", + s, tvp ? tvp->tv_sec : -1L ); + + #ifdef HAVE_POLL +@@ -439,7 +439,7 @@ + } + + Debug3(LDAP_DEBUG_TRACE, +- "ldap_pvt_connect: fd: %d tm: %ld async: %d\n", ++ "ldap_pvt_connect: fd: %d tm: %lld async: %d\n", + s, opt_tv ? tv.tv_sec : -1L, async); + + if ( opt_tv && ldap_pvt_ndelay_on(ld, s) == -1 ) +diff -ur a/libraries/libldap/os-local.c b/libraries/libldap/os-local.c +--- a/libraries/libldap/os-local.c 2022-12-12 23:12:56.618567894 -0600 ++++ b/libraries/libldap/os-local.c 2022-12-12 23:36:15.152936427 -0600 +@@ -164,7 +164,7 @@ + } + + Debug3(LDAP_DEBUG_TRACE, +- "ldap_connect_timeout: fd: %d tm: %ld async: %d\n", ++ "ldap_connect_timeout: fd: %d tm: %lld async: %d\n", + s, opt_tv ? tv.tv_sec : -1L, async); + + if ( ldap_pvt_ndelay_on(ld, s) == -1 ) return -1; +diff -ur a/libraries/libldap/result.c b/libraries/libldap/result.c +--- a/libraries/libldap/result.c 2022-12-12 23:12:56.618567894 -0600 ++++ b/libraries/libldap/result.c 2022-12-12 23:34:24.977768222 -0600 +@@ -264,8 +264,8 @@ + Debug2( LDAP_DEBUG_TRACE, "wait4msg ld %p msgid %d (infinite timeout)\n", + (void *)ld, msgid ); + } else { +- Debug3( LDAP_DEBUG_TRACE, "wait4msg ld %p msgid %d (timeout %ld usec)\n", +- (void *)ld, msgid, (long)timeout->tv_sec * 1000000 + timeout->tv_usec ); ++ Debug3( LDAP_DEBUG_TRACE, "wait4msg ld %p msgid %d (timeout %lld usec)\n", ++ (void *)ld, msgid, (time_t)timeout->tv_sec * 1000000 + timeout->tv_usec ); + } + #endif /* LDAP_DEBUG */ + +diff -ur a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c +--- a/servers/slapd/back-ldap/bind.c 2022-12-12 23:12:56.614567788 -0600 ++++ b/servers/slapd/back-ldap/bind.c 2022-12-12 23:43:22.086371097 -0600 +@@ -2999,14 +2999,14 @@ + } + + if ( lc->lcb_create_time != 0 ) { +- len = snprintf( tbuf, sizeof(tbuf), "%ld", lc->lcb_create_time ); ++ len = snprintf( tbuf, sizeof(tbuf), "%lld", lc->lcb_create_time ); + if ( ptr + sizeof(" created=") + len >= end ) return -1; + ptr = lutil_strcopy( ptr, " created=" ); + ptr = lutil_strcopy( ptr, tbuf ); + } + + if ( lc->lcb_time != 0 ) { +- len = snprintf( tbuf, sizeof(tbuf), "%ld", lc->lcb_time ); ++ len = snprintf( tbuf, sizeof(tbuf), "%lld", lc->lcb_time ); + if ( ptr + sizeof(" modified=") + len >= end ) return -1; + ptr = lutil_strcopy( ptr, " modified=" ); + ptr = lutil_strcopy( ptr, tbuf ); +@@ -3185,7 +3185,7 @@ + */ + slap_wake_listener(); + Debug( LDAP_DEBUG_TRACE, +- "ldap_back_conn_prune: scheduled connection expiry timer to %ld sec\n", ++ "ldap_back_conn_prune: scheduled connection expiry timer to %lld sec\n", + li->li_conn_expire_task->interval.tv_sec ); + } else if ( next_timeout == -1 && li->li_conn_expire_task != NULL ) { + if ( ldap_pvt_runqueue_isrunning( &slapd_rq, li->li_conn_expire_task ) ) { +@@ -3221,7 +3221,7 @@ + "ldap_back_conn_expire_timer" ); + slap_wake_listener(); + Debug( LDAP_DEBUG_TRACE, +- "ldap_back_conn_prune: scheduled connection expiry timer to %ld sec\n", ++ "ldap_back_conn_prune: scheduled connection expiry timer to %lld sec\n", + li->li_conn_expire_task->interval.tv_sec ); + } + ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex ); +diff -ur a/servers/slapd/overlays/dds.c b/servers/slapd/overlays/dds.c +--- a/servers/slapd/overlays/dds.c 2022-12-12 23:12:56.614567788 -0600 ++++ b/servers/slapd/overlays/dds.c 2022-12-12 23:42:29.632772350 -0600 +@@ -418,7 +418,7 @@ + assert( ttl <= DDS_RF2589_MAX_TTL ); + + bv.bv_val = ttlbuf; +- bv.bv_len = snprintf( ttlbuf, sizeof( ttlbuf ), "%ld", ttl ); ++ bv.bv_len = snprintf( ttlbuf, sizeof( ttlbuf ), "%lld", ttl ); + assert( bv.bv_len < sizeof( ttlbuf ) ); + + /* FIXME: apparently, values in op->ora_e are malloc'ed +@@ -696,7 +696,7 @@ + goto done; + } + +- bv_entryTtl.bv_len = snprintf( textbuf, sizeof( textbuf ), "%ld", entryTtl ); ++ bv_entryTtl.bv_len = snprintf( textbuf, sizeof( textbuf ), "%lld", entryTtl ); + break; + + default: +@@ -918,7 +918,7 @@ + ttl = (ttl < 0) ? 0 : ttl; + assert( ttl <= DDS_RF2589_MAX_TTL ); + +- len = snprintf( ttlbuf, sizeof(ttlbuf), "%ld", ttl ); ++ len = snprintf( ttlbuf, sizeof(ttlbuf), "%lld", ttl ); + if ( len < 0 ) + { + goto done; +@@ -1178,7 +1178,7 @@ + ttlmod.sml_values = ttlvalues; + ttlmod.sml_numvals = 1; + ttlvalues[ 0 ].bv_val = ttlbuf; +- ttlvalues[ 0 ].bv_len = snprintf( ttlbuf, sizeof( ttlbuf ), "%ld", ttl ); ++ ttlvalues[ 0 ].bv_len = snprintf( ttlbuf, sizeof( ttlbuf ), "%lld", ttl ); + BER_BVZERO( &ttlvalues[ 1 ] ); + + /* the entryExpireTimestamp is added by modify */ +@@ -1206,7 +1206,7 @@ + rs->sr_rspoid = ch_strdup( slap_EXOP_REFRESH.bv_val ); + + Log( LDAP_DEBUG_TRACE, LDAP_LEVEL_INFO, +- "%s REFRESH dn=\"%s\" TTL=%ld\n", ++ "%s REFRESH dn=\"%s\" TTL=%lld\n", + op->o_log_prefix, op->o_req_ndn.bv_val, ttl ); + } + +diff -ur a/servers/slapd/overlays/pcache.c b/servers/slapd/overlays/pcache.c +--- a/servers/slapd/overlays/pcache.c 2022-12-12 23:12:56.614567788 -0600 ++++ b/servers/slapd/overlays/pcache.c 2022-12-13 00:07:55.205195373 -0600 +@@ -375,12 +375,12 @@ + attrset_len = sprintf( attrset_buf, + "%lu", (unsigned long)q->qtemp->attr_set_index ); + expiry_len = sprintf( expiry_buf, +- "%lu", (unsigned long)q->expiry_time ); ++ "%llu", (unsigned long long)q->expiry_time ); + answerable_len = snprintf( answerable_buf, sizeof( answerable_buf ), + "%lu", q->answerable_cnt ); + if ( q->refresh_time ) + refresh_len = sprintf( refresh_buf, +- "%lu", (unsigned long)q->refresh_time ); ++ "%llu", (unsigned long long)q->refresh_time ); + else + refresh_len = 0; + +@@ -1601,8 +1601,8 @@ + + new_cached_query->lru_up = NULL; + new_cached_query->lru_down = NULL; +- Debug( pcache_debug, "Added query expires at %ld (%s)\n", +- (long) new_cached_query->expiry_time, ++ Debug( pcache_debug, "Added query expires at %lld (%s)\n", ++ (long long) new_cached_query->expiry_time, + pc_caching_reason_str[ why ] ); + + new_cached_query->scope = query->scope; +@@ -2729,7 +2729,7 @@ + pbi->bi_flags |= BI_HASHED; + } else { + Debug( pcache_debug, "pc_bind_search: cache is stale, " +- "reftime: %ld, current time: %ld\n", ++ "reftime: %lld, current time: %lld\n", + pbi->bi_cq->bindref_time, op->o_time ); + } + } else if ( pbi->bi_si ) { +@@ -3865,7 +3865,7 @@ + struct berval bv; + switch( c->type ) { + case PC_MAIN: +- bv.bv_len = snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s %d %d %d %ld", ++ bv.bv_len = snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s %d %d %d %lld", + cm->db.bd_info->bi_type, cm->max_entries, cm->numattrsets, + cm->num_entries_limit, cm->cc_period ); + bv.bv_val = c->cr_msg; +@@ -3909,7 +3909,7 @@ + /* HEADS-UP: always print all; + * if optional == 0, ignore */ + bv.bv_len = snprintf( c->cr_msg, sizeof( c->cr_msg ), +- " %d %ld %ld %ld %ld", ++ " %d %lld %lld %lld %lld", + temp->attr_set_index, + temp->ttl, + temp->negttl, +@@ -3931,7 +3931,7 @@ + for (temp=qm->templates; temp; temp=temp->qmnext) { + if ( !temp->bindttr ) continue; + bv.bv_len = snprintf( c->cr_msg, sizeof( c->cr_msg ), +- " %d %ld %s ", ++ " %d %lld %s ", + temp->attr_set_index, + temp->bindttr, + ldap_pvt_scope2str( temp->bindscope )); |