summaryrefslogtreecommitdiff
path: root/user/openldap
diff options
context:
space:
mode:
Diffstat (limited to 'user/openldap')
-rw-r--r--user/openldap/APKBUILD68
-rw-r--r--user/openldap/configs.patch41
-rw-r--r--user/openldap/fix-manpages.patch22
-rw-r--r--user/openldap/openldap-2.4-ppolicy.patch13
-rw-r--r--user/openldap/openldap-2.4.11-libldap_r.patch11
-rw-r--r--user/openldap/test063.patch17
-rw-r--r--user/openldap/test079.patch160
-rw-r--r--user/openldap/time64.patch198
8 files changed, 420 insertions, 110 deletions
diff --git a/user/openldap/APKBUILD b/user/openldap/APKBUILD
index 3f84e64c7..0aef3baa7 100644
--- a/user/openldap/APKBUILD
+++ b/user/openldap/APKBUILD
@@ -1,7 +1,8 @@
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
-# Contributor: Jakub Jirutka <jakub@jirutka.cz>
#
# secfixes:
+# 2.4.50-r0:
+# - CVE-2020-12243
# 2.4.48-r0:
# - CVE-2019-13057
# - CVE-2019-13565
@@ -12,29 +13,28 @@
# - CVE-2017-9287
#
pkgname=openldap
-pkgver=2.4.48
-pkgrel=0
+pkgver=2.6.3
+pkgrel=2
pkgdesc="LDAP Server"
-url="http://www.openldap.org/"
+url="https://www.openldap.org/"
arch="all"
-options="!check" # Test suite takes > 2 hours to complete on each builder.
-license="custom"
+license="OLDAP-2.8"
depends=""
-pkgusers="ldap"
-pkggroups="ldap"
depends_dev="openssl-dev cyrus-sasl-dev util-linux-dev"
-makedepends="$depends_dev db-dev groff unixodbc-dev libtool
- autoconf automake libtool"
+makedepends="$depends_dev groff icu-dev unixodbc-dev libtool"
subpackages="$pkgname-dev $pkgname-doc libldap $pkgname-openrc
$pkgname-clients $pkgname-passwd-pbkdf2:passwd_pbkdf2
$pkgname-backend-all:_backend_all:noarch
$pkgname-overlay-all:_overlay_all:noarch"
+pkgusers="ldap"
+pkggroups="ldap"
install="$pkgname.pre-install $pkgname.post-install $pkgname.post-upgrade"
-source="ftp://ftp.$pkgname.org/pub/OpenLDAP/$pkgname-release/$pkgname-$pkgver.tgz
- openldap-2.4-ppolicy.patch
- openldap-2.4.11-libldap_r.patch
+source="https://www.$pkgname.org/software/download/OpenLDAP/$pkgname-release/$pkgname-$pkgver.tgz
fix-manpages.patch
configs.patch
+ test063.patch
+ test079.patch
+ time64.patch
slapd.initd
slapd.confd
@@ -42,8 +42,7 @@ source="ftp://ftp.$pkgname.org/pub/OpenLDAP/$pkgname-release/$pkgname-$pkgver.tg
# SLAPD backends
_backends=""
-for _name in bdb dnssrv hdb ldap mdb meta monitor null passwd \
- relay shell sql sock
+for _name in dnssrv ldap mdb meta null passwd relay sock
do
subpackages="$subpackages $pkgname-back-$_name:_backend"
_backends="$_backends $pkgname-back-$_name"
@@ -59,17 +58,7 @@ do
_overlays="$_overlays $pkgname-overlay-$_name"
done
-prepare() {
- cd "$builddir"
- update_config_sub
-
- sed -i '/^STRIP/s,-s,,g' build/top.mk
- libtoolize --force && aclocal && autoconf
-}
-
-build () {
- cd "$builddir"
-
+build() {
./configure \
--build=$CBUILD \
--host=$CHOST \
@@ -82,22 +71,18 @@ build () {
--enable-crypt \
--enable-modules \
--enable-dynamic \
- --enable-bdb=mod \
--enable-dnssrv=mod \
- --enable-hdb=mod \
--enable-ldap=mod \
--enable-mdb=mod \
--enable-meta=mod \
- --enable-monitor=mod \
--enable-null=mod \
--enable-passwd=mod \
--enable-relay=mod \
- --enable-shell=mod \
--enable-sock=mod \
- --enable-sql=mod \
--enable-overlays=mod \
--with-tls=openssl \
--with-cyrus-sasl
+ make depend
make
# Build passwd pbkdf2.
@@ -106,13 +91,10 @@ build () {
}
check() {
- cd "$builddir"
make check
}
package() {
- cd "$builddir"
-
make DESTDIR="$pkgdir" install
# Install passwd pbkdf2.
@@ -124,8 +106,8 @@ package() {
rmdir var/lib/openldap/run
# Fix tools symlinks to slapd.
- local path; for path in $(find usr/sbin/ -type l); do
- ln -sf slapd $path
+ for _path in $(find usr/sbin/ -type l); do
+ ln -sf slapd $_path
done
# Move executable from lib to sbin.
@@ -149,7 +131,6 @@ package() {
libldap() {
pkgdesc="OpenLDAP libraries"
depends=""
- install=""
_submv "usr/lib/*.so*" etc/openldap/ldap.conf
}
@@ -199,16 +180,17 @@ _overlay() {
}
_submv() {
- local path; for path in "$@"; do
+ for path in "$@"; do
mkdir -p "$subpkgdir"/${path%/*}
mv "$pkgdir"/$path "$subpkgdir"/${path%/*}/
done
}
-sha512sums="cf694a415be0bd55cc7f606099da2ed461748efd276561944cd29d7f5a8252a9be799d8778fac2d4fa9f382731eb4ca48c6b85630cb58a3b8249843561ae8feb openldap-2.4.48.tgz
-5d34d49eabe7cb66cf8284cc3bd9730fa23df4932df68549e242d250ee50d40c434ae074ebc720d5fbcd9d16587c9333c5598d30a5f1177caa61461ab7771f38 openldap-2.4-ppolicy.patch
-44d97efb25d4f39ab10cd5571db43f3bfa7c617a5bb087085ae16c0298aca899b55c8742a502121ba743a73e6d77cd2056bc96cee63d6d0862dabc8fb5574357 openldap-2.4.11-libldap_r.patch
-8c4244d316a05870dd1147b2ab7ddbcfd7626b5dce2f5a0e72f066dc635c2edb4f1ea3be88c6fec2d5ab016001be16bedef70f2ce0695c3cd96f69e1614ff177 fix-manpages.patch
-0d2e570ddcb7ace1221abad9fc1d3dd0d00d6948340df69879b449959a68feee6a0ad8e17ef9971b35986293e16fc9d8e88de81815fedd5ea6a952eb085406ca configs.patch
+sha512sums="56efbbfc68779ad635d2c25228eb9c4f1553b107b96e8a438029b1c5d2f2647cf4d437770554392b436718ea44a4813e17f5195049f67fc09d063a981096cd85 openldap-2.6.3.tgz
+0c026a5c8790ebb7d6784514363f1403c693d61defbeaacae574267c3b7833f198919d31604da1f49db3000c9a561cb6d36d95e021f7906761e45d1434cef15b fix-manpages.patch
+1a1f669db968061eb8c9fb5e42768d0f12075d4eb4d8ae7085533276775027c56760c2f7413494deebec4d78b053f674661236e6e1506ecffadf510985c393c0 configs.patch
+26fbe3fa2182d80ee98e6885972f803d03ac45a72cb8478c31e76a6f07f45565e6fdcdbf528fcf61e77fd4f9e2068e4f82d9c9c178df7da103d4e9b714bf204e test063.patch
+c7f2b32f2643d6b7ea5dbee6c1baad7cae53ea9d511cfae6c976edb8f8f85ae14351f612f02e560d15c6b577676804fd7b0a6f45f79cc1cdbe11f117e61ad088 test079.patch
+a3d2ce7cbfd8a24605efef47550833e0a2e0f7aa426a46342e5f7bf2ef082b1640c31cd33eb246c225cc4cdc011ed4a640763158111e62f9e76e3530c3fa786e time64.patch
0c3606e4dad1b32f1c4b62f2bc1990a4c9f7ccd10c7b50e623309ba9df98064e68fc42a7242450f32fb6e5fa2203609d3d069871b5ae994cd4b227a078c93532 slapd.initd
64dc4c0aa0abe3d9f7d2aef25fe4c8e23c53df2421067947ac4d096c9e942b26356cb8577ebc41b52d88d0b0a03b2a3e435fe86242671f9b36555a5f82ee0e3a slapd.confd"
diff --git a/user/openldap/configs.patch b/user/openldap/configs.patch
index e7ec65c4b..c7077672a 100644
--- a/user/openldap/configs.patch
+++ b/user/openldap/configs.patch
@@ -1,3 +1,6 @@
+* Use /run/openldap for the state directory.
+* We use .so instead of .la for module suffix.
+
--- a/servers/slapd/slapd.conf
+++ b/servers/slapd/slapd.conf
@@ -2,7 +2,7 @@
@@ -9,7 +12,7 @@
# Define global ACLs to disable default read access.
-@@ -10,13 +10,16 @@
+@@ -10,13 +10,14 @@
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
@@ -20,18 +23,16 @@
+argsfile /run/openldap/slapd.args
# Load dynamic backend modules:
--# modulepath %MODULEDIR%
--# moduleload back_mdb.la
+-modulepath %MODULEDIR%
+-moduleload back_mdb.la
-# moduleload back_ldap.la
+modulepath /usr/lib/openldap
+moduleload back_mdb.so
-+# moduleload back_hdb.so
-+# moduleload back_bbd.so
+# moduleload back_ldap.so
# Sample security restrictions
# Require integrity protection (prevent hijacking)
-@@ -53,13 +56,16 @@
+@@ -62,13 +63,16 @@
maxsize 1073741824
suffix "dc=my-domain,dc=com"
rootdn "cn=Manager,dc=my-domain,dc=com"
@@ -63,30 +64,18 @@
#
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
-@@ -26,22 +27,23 @@
- #
- # Load dynamic backend modules:
- #
--#dn: cn=module,cn=config
--#objectClass: olcModuleList
--#cn: module
--#olcModulepath: %MODULEDIR%
--#olcModuleload: back_bdb.la
--#olcModuleload: back_hdb.la
+@@ -29,16 +30,16 @@
+ dn: cn=module,cn=config
+ objectClass: olcModuleList
+ cn: module
+-olcModulepath: %MODULEDIR%
+-olcModuleload: back_mdb.la
-#olcModuleload: back_ldap.la
-#olcModuleload: back_passwd.la
--#olcModuleload: back_shell.la
-+dn: cn=module,cn=config
-+objectClass: olcModuleList
-+cn: module
+olcModulepath: /usr/lib/openldap
-+#olcModuleload: back_bdb.so
-+#olcModuleload: back_hdb.so
-+#olcModuleload: back_ldap.so
+olcModuleload: back_mdb.so
++#olcModuleload: back_ldap.so
+#olcModuleload: back_passwd.so
-+#olcModuleload: back_shell.so
-
dn: cn=schema,cn=config
objectClass: olcSchemaConfig
@@ -97,7 +86,7 @@
# Frontend settings
#
-@@ -83,13 +85,16 @@
+@@ -81,13 +82,16 @@
olcDatabase: mdb
olcSuffix: dc=my-domain,dc=com
olcRootDN: cn=Manager,dc=my-domain,dc=com
diff --git a/user/openldap/fix-manpages.patch b/user/openldap/fix-manpages.patch
index 179569494..03c925537 100644
--- a/user/openldap/fix-manpages.patch
+++ b/user/openldap/fix-manpages.patch
@@ -8,7 +8,7 @@ diff --git a/doc/man/man1/ldapmodify.1 b/doc/man/man1/ldapmodify.1
index 3def6da..466c772 100644
--- a/doc/man/man1/ldapmodify.1
+++ b/doc/man/man1/ldapmodify.1
-@@ -397,8 +397,7 @@ exit status and a diagnostic message being written to standard error.
+@@ -382,8 +382,7 @@ exit status and a diagnostic message being written to standard error.
.BR ldap_add_ext (3),
.BR ldap_delete_ext (3),
.BR ldap_modify_ext (3),
@@ -18,18 +18,6 @@ index 3def6da..466c772 100644
.SH AUTHOR
The OpenLDAP Project <http://www.openldap.org/>
.SH ACKNOWLEDGEMENTS
-diff --git a/doc/man/man5/ldap.conf.5 b/doc/man/man5/ldap.conf.5
-index cfde143..63592cb 100644
---- a/doc/man/man5/ldap.conf.5
-+++ b/doc/man/man5/ldap.conf.5
-@@ -317,6 +317,7 @@ certificates in separate individual files. The
- .B TLS_CACERT
- is always used before
- .B TLS_CACERTDIR.
-+The specified directory must be managed with the LibreSSL c_rehash utility.
- This parameter is ignored with GnuTLS.
-
- When using Mozilla NSS, <path> may contain a Mozilla NSS cert/key
diff --git a/doc/man/man8/slapd.8 b/doc/man/man8/slapd.8
index b739f4d..e2a1a00 100644
--- a/doc/man/man8/slapd.8
@@ -41,9 +29,9 @@ index b739f4d..e2a1a00 100644
-.B LIBEXECDIR/slapd
+.B slapd
[\c
- .BR \-4 | \-6 ]
+ .BR \-V [ V [ V ]]
[\c
-@@ -317,7 +317,7 @@ the LDAP databases defined in the default config file, just type:
+@@ -332,7 +332,7 @@ the LDAP databases defined in the default config file, just type:
.LP
.nf
.ft tt
@@ -52,7 +40,7 @@ index b739f4d..e2a1a00 100644
.ft
.fi
.LP
-@@ -328,7 +328,7 @@ on voluminous debugging which will be printed on standard error, type:
+@@ -343,7 +343,7 @@ on voluminous debugging which will be printed on standard error, type:
.LP
.nf
.ft tt
@@ -61,7 +49,7 @@ index b739f4d..e2a1a00 100644
.ft
.fi
.LP
-@@ -336,7 +336,7 @@ To test whether the configuration file is correct or not, type:
+@@ -351,7 +351,7 @@ To test whether the configuration file is correct or not, type:
.LP
.nf
.ft tt
diff --git a/user/openldap/openldap-2.4-ppolicy.patch b/user/openldap/openldap-2.4-ppolicy.patch
deleted file mode 100644
index c05790e3e..000000000
--- a/user/openldap/openldap-2.4-ppolicy.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff -urN ./clients.orig/tools/common.c ./clients/tools/common.c
---- ./clients.orig/tools/common.c 2007-09-01 01:13:50.000000000 +0200
-+++ ./clients/tools/common.c 2008-01-13 21:50:06.000000000 +0100
-@@ -1262,8 +1262,8 @@
- int nsctrls = 0;
-
- #ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST
-+ LDAPControl c;
- if ( ppolicy ) {
-- LDAPControl c;
- c.ldctl_oid = LDAP_CONTROL_PASSWORDPOLICYREQUEST;
- c.ldctl_value.bv_val = NULL;
- c.ldctl_value.bv_len = 0;
diff --git a/user/openldap/openldap-2.4.11-libldap_r.patch b/user/openldap/openldap-2.4.11-libldap_r.patch
deleted file mode 100644
index 448249a3b..000000000
--- a/user/openldap/openldap-2.4.11-libldap_r.patch
+++ /dev/null
@@ -1,11 +0,0 @@
-diff -Nuar openldap-2.4.11.orig/servers/slapd/slapi/Makefile.in openldap-2.4.11/servers/slapd/slapi/Makefile.in
---- openldap-2.4.11.orig/servers/slapd/slapi/Makefile.in 2008-02-11 15:26:49.000000000 -0800
-+++ openldap-2.4.11/servers/slapd/slapi/Makefile.in 2008-10-14 02:10:18.402799262 -0700
-@@ -37,6 +37,7 @@
- XLIBS = $(LIBRARY)
- XXLIBS =
- NT_LINK_LIBS = $(AC_LIBS)
-+UNIX_LINK_LIBS = ../../../libraries/libldap_r/libldap_r.la $(LTHREAD_LIBS)
-
- XINCPATH = -I$(srcdir)/.. -I$(srcdir)
- XDEFS = $(MODULES_CPPFLAGS)
diff --git a/user/openldap/test063.patch b/user/openldap/test063.patch
new file mode 100644
index 000000000..972feba6f
--- /dev/null
+++ b/user/openldap/test063.patch
@@ -0,0 +1,17 @@
+Test #63 fails with a server replication race.
+
+Seen in Debian at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010608 -
+thanks to Ryan Tandy for root cause analysis and suggested fix.
+
+--- openldap-2.6.2/tests/scripts/test063-delta-multiprovider 2022-05-04 09:55:23.000000000 -0500
++++ openldap-2.6.2/tests/scripts/test063-delta-multiprovider 2022-06-01 02:14:47.230724205 -0500
+@@ -318,6 +318,9 @@
+ exit $RC
+ fi
+
++echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
++sleep $SLEEP1
++
+ THEDN="cn=James A Jones 2,ou=Alumni Association,ou=People,dc=example,dc=com"
+ sleep 1
+ for i in 1 2 3; do
diff --git a/user/openldap/test079.patch b/user/openldap/test079.patch
new file mode 100644
index 000000000..a902ba878
--- /dev/null
+++ b/user/openldap/test079.patch
@@ -0,0 +1,160 @@
+From 0031b8ed342386960ab9d0cd1566196ba0e6ae42 Mon Sep 17 00:00:00 2001
+From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
+Date: Wed, 1 Jun 2022 04:36:24 -0500
+Subject: [PATCH] Tests: Use ldapsearch(1) correctly in test079
+
+Before this change, ldapsearch(1) was not being called with the correct
+parameter syntax. This caused the test to fail on musl libc environments
+where getopt(3) is more strict, with messages like:
+
+Error: LDAP connection to remote LDAP server is not found (1)
+
+The test.out file simply stated:
+
+ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
+
+Indeed, strace showed that the `-H` param was missed and we were trying
+to connect to port 389:
+
+connect(3, {sa_family=AF_INET6, sin6_port=htons(389), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_scope_id=0}, 28) = -1 ECONNREFUSED (Connection refused)
+---
+ tests/scripts/test079-proxy-timeout | 40 ++++++++++++++---------------
+ 1 file changed, 20 insertions(+), 20 deletions(-)
+
+diff --git a/tests/scripts/test079-proxy-timeout b/tests/scripts/test079-proxy-timeout
+index 6a8e0c7a8..9ece4c1a1 100755
+--- a/tests/scripts/test079-proxy-timeout
++++ b/tests/scripts/test079-proxy-timeout
+@@ -139,10 +139,10 @@ fi
+
+ echo "Checking that proxy has created connections towards backend (time_t now=`date +%s`)"
+
+-$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \
++$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL \
+ -D "cn=Manager,dc=local,dc=com" \
+ -H $URI2 \
+- -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
++ -w $PASSWD olmDbConnURI 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
+ RC=$?
+ if test $RC != 0 ; then
+ echo "Error: LDAP connection to remote LDAP server is not found ($RC)"
+@@ -150,10 +150,10 @@ if test $RC != 0 ; then
+ exit $RC
+ fi
+
+-$LDAPSEARCH -b "cn=Connections,cn=database 3,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \
++$LDAPSEARCH -b "cn=Connections,cn=database 3,cn=databases,cn=monitor" -s one -LLL \
+ -D "cn=Manager,dc=local,dc=com" \
+ -H $URI2 \
+- -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
++ -w $PASSWD olmDbConnURI 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
+ RC=$?
+ if test $RC != 0 ; then
+ echo "Error: LDAP connection to remote LDAP server is not found ($RC)"
+@@ -171,10 +171,10 @@ sleep `expr $CONN_EXPIRES - $NOW + 2`
+
+ echo "Checking that proxy has closed expired connections towards the remote LDAP server (time_t now=`date +%s`)"
+
+-$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \
++$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL \
+ -D "cn=Manager,dc=local,dc=com" \
+ -H $URI2 \
+- -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
++ -w $PASSWD olmDbConnURI 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
+ RC=$?
+ if test $RC != 1 ; then
+ echo "Error: LDAP connection to remote LDAP server was not closed"
+@@ -182,10 +182,10 @@ if test $RC != 1 ; then
+ exit $RC
+ fi
+
+-$LDAPSEARCH -b "cn=Connections,cn=database 3,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \
++$LDAPSEARCH -b "cn=Connections,cn=database 3,cn=databases,cn=monitor" -s one -LLL \
+ -D "cn=Manager,dc=local,dc=com" \
+ -H $URI2 \
+- -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
++ -w $PASSWD olmDbConnURI 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
+ RC=$?
+ if test $RC != 1 ; then
+ echo "Error: LDAP connection to remote LDAP server was not closed"
+@@ -235,10 +235,10 @@ sleep 2
+
+ echo "Checking that proxy has created connections towards backend (time_t now=`date +%s`)"
+
+-$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \
++$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL \
+ -D "cn=Manager,dc=local,dc=com" \
+ -H $URI2 \
+- -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
++ -w $PASSWD olmDbConnURI 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
+ RC=$?
+ if test $RC != 0 ; then
+ echo "Error: LDAP connection to remote LDAP server is not found ($RC)"
+@@ -246,10 +246,10 @@ if test $RC != 0 ; then
+ exit $RC
+ fi
+
+-$LDAPSEARCH -b "cn=Connections,cn=database 3,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \
++$LDAPSEARCH -b "cn=Connections,cn=database 3,cn=databases,cn=monitor" -s one -LLL \
+ -D "cn=Manager,dc=local,dc=com" \
+ -H $URI2 \
+- -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
++ -w $PASSWD olmDbConnURI 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
+ RC=$?
+ if test $RC != 0 ; then
+ echo "Error: LDAP connection to remote LDAP server is not found ($RC)"
+@@ -267,10 +267,10 @@ sleep `expr $CONN_EXPIRES - $NOW + 2`
+
+ echo "Checking that proxy has closed expired connections towards the remote LDAP server (time_t now=`date +%s`)"
+
+-$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \
++$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL \
+ -D "cn=Manager,dc=local,dc=com" \
+ -H $URI2 \
+- -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
++ -w $PASSWD olmDbConnURI 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
+ RC=$?
+ if test $RC != 1 ; then
+ echo "Error: LDAP connection to remote LDAP server was not closed"
+@@ -278,10 +278,10 @@ if test $RC != 1 ; then
+ exit $RC
+ fi
+
+-$LDAPSEARCH -b "cn=Connections,cn=database 3,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \
++$LDAPSEARCH -b "cn=Connections,cn=database 3,cn=databases,cn=monitor" -s one -LLL \
+ -D "cn=Manager,dc=local,dc=com" \
+ -H $URI2 \
+- -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
++ -w $PASSWD olmDbConnURI 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
+ RC=$?
+ if test $RC != 1 ; then
+ echo "Error: LDAP connection to remote LDAP server was not closed"
+@@ -339,10 +339,10 @@ fi
+ NOW=`date +%s`
+ sleep `expr $CONN_EXPIRES - $NOW - 2`
+ echo "Check that connection is still alive due to idle-timeout reset (time_t now=`date +%s`)"
+-$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \
++$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL \
+ -D "cn=Manager,dc=local,dc=com" \
+ -H $URI2 \
+- -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
++ -w $PASSWD olmDbConnURI 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
+ RC=$?
+ if test $RC != 0 ; then
+ echo "Error: LDAP connection to remote LDAP server is not found ($RC)"
+@@ -354,10 +354,10 @@ fi
+ NOW=`date +%s`
+ sleep `expr $CONN_EXPIRES - $NOW + 2`
+ echo "Check that connection is closed after extended idle-timeout has passed (time_t now=`date +%s`)"
+-$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \
++$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL \
+ -D "cn=Manager,dc=local,dc=com" \
+ -H $URI2 \
+- -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
++ -w $PASSWD olmDbConnURI 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
+ RC=$?
+ if test $RC != 1 ; then
+ echo "Error: LDAP connection to remote LDAP server was not closed"
+--
+2.32.0 (Apple Git-132)
+
diff --git a/user/openldap/time64.patch b/user/openldap/time64.patch
new file mode 100644
index 000000000..780d67069
--- /dev/null
+++ b/user/openldap/time64.patch
@@ -0,0 +1,198 @@
+diff -ur a/libraries/libldap/os-ip.c b/libraries/libldap/os-ip.c
+--- a/libraries/libldap/os-ip.c 2022-12-12 23:12:56.618567894 -0600
++++ b/libraries/libldap/os-ip.c 2022-12-13 00:07:17.852129075 -0600
+@@ -287,7 +287,7 @@
+ int rc;
+
+
+- Debug2(LDAP_DEBUG_TRACE, "ldap_int_poll: fd: %d tm: %ld\n",
++ Debug2(LDAP_DEBUG_TRACE, "ldap_int_poll: fd: %d tm: %lld\n",
+ s, tvp ? tvp->tv_sec : -1L );
+
+ #ifdef HAVE_POLL
+@@ -439,7 +439,7 @@
+ }
+
+ Debug3(LDAP_DEBUG_TRACE,
+- "ldap_pvt_connect: fd: %d tm: %ld async: %d\n",
++ "ldap_pvt_connect: fd: %d tm: %lld async: %d\n",
+ s, opt_tv ? tv.tv_sec : -1L, async);
+
+ if ( opt_tv && ldap_pvt_ndelay_on(ld, s) == -1 )
+diff -ur a/libraries/libldap/os-local.c b/libraries/libldap/os-local.c
+--- a/libraries/libldap/os-local.c 2022-12-12 23:12:56.618567894 -0600
++++ b/libraries/libldap/os-local.c 2022-12-12 23:36:15.152936427 -0600
+@@ -164,7 +164,7 @@
+ }
+
+ Debug3(LDAP_DEBUG_TRACE,
+- "ldap_connect_timeout: fd: %d tm: %ld async: %d\n",
++ "ldap_connect_timeout: fd: %d tm: %lld async: %d\n",
+ s, opt_tv ? tv.tv_sec : -1L, async);
+
+ if ( ldap_pvt_ndelay_on(ld, s) == -1 ) return -1;
+diff -ur a/libraries/libldap/result.c b/libraries/libldap/result.c
+--- a/libraries/libldap/result.c 2022-12-12 23:12:56.618567894 -0600
++++ b/libraries/libldap/result.c 2022-12-12 23:34:24.977768222 -0600
+@@ -264,8 +264,8 @@
+ Debug2( LDAP_DEBUG_TRACE, "wait4msg ld %p msgid %d (infinite timeout)\n",
+ (void *)ld, msgid );
+ } else {
+- Debug3( LDAP_DEBUG_TRACE, "wait4msg ld %p msgid %d (timeout %ld usec)\n",
+- (void *)ld, msgid, (long)timeout->tv_sec * 1000000 + timeout->tv_usec );
++ Debug3( LDAP_DEBUG_TRACE, "wait4msg ld %p msgid %d (timeout %lld usec)\n",
++ (void *)ld, msgid, (time_t)timeout->tv_sec * 1000000 + timeout->tv_usec );
+ }
+ #endif /* LDAP_DEBUG */
+
+diff -ur a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c
+--- a/servers/slapd/back-ldap/bind.c 2022-12-12 23:12:56.614567788 -0600
++++ b/servers/slapd/back-ldap/bind.c 2022-12-12 23:43:22.086371097 -0600
+@@ -2999,14 +2999,14 @@
+ }
+
+ if ( lc->lcb_create_time != 0 ) {
+- len = snprintf( tbuf, sizeof(tbuf), "%ld", lc->lcb_create_time );
++ len = snprintf( tbuf, sizeof(tbuf), "%lld", lc->lcb_create_time );
+ if ( ptr + sizeof(" created=") + len >= end ) return -1;
+ ptr = lutil_strcopy( ptr, " created=" );
+ ptr = lutil_strcopy( ptr, tbuf );
+ }
+
+ if ( lc->lcb_time != 0 ) {
+- len = snprintf( tbuf, sizeof(tbuf), "%ld", lc->lcb_time );
++ len = snprintf( tbuf, sizeof(tbuf), "%lld", lc->lcb_time );
+ if ( ptr + sizeof(" modified=") + len >= end ) return -1;
+ ptr = lutil_strcopy( ptr, " modified=" );
+ ptr = lutil_strcopy( ptr, tbuf );
+@@ -3185,7 +3185,7 @@
+ */
+ slap_wake_listener();
+ Debug( LDAP_DEBUG_TRACE,
+- "ldap_back_conn_prune: scheduled connection expiry timer to %ld sec\n",
++ "ldap_back_conn_prune: scheduled connection expiry timer to %lld sec\n",
+ li->li_conn_expire_task->interval.tv_sec );
+ } else if ( next_timeout == -1 && li->li_conn_expire_task != NULL ) {
+ if ( ldap_pvt_runqueue_isrunning( &slapd_rq, li->li_conn_expire_task ) ) {
+@@ -3221,7 +3221,7 @@
+ "ldap_back_conn_expire_timer" );
+ slap_wake_listener();
+ Debug( LDAP_DEBUG_TRACE,
+- "ldap_back_conn_prune: scheduled connection expiry timer to %ld sec\n",
++ "ldap_back_conn_prune: scheduled connection expiry timer to %lld sec\n",
+ li->li_conn_expire_task->interval.tv_sec );
+ }
+ ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
+diff -ur a/servers/slapd/overlays/dds.c b/servers/slapd/overlays/dds.c
+--- a/servers/slapd/overlays/dds.c 2022-12-12 23:12:56.614567788 -0600
++++ b/servers/slapd/overlays/dds.c 2022-12-12 23:42:29.632772350 -0600
+@@ -418,7 +418,7 @@
+ assert( ttl <= DDS_RF2589_MAX_TTL );
+
+ bv.bv_val = ttlbuf;
+- bv.bv_len = snprintf( ttlbuf, sizeof( ttlbuf ), "%ld", ttl );
++ bv.bv_len = snprintf( ttlbuf, sizeof( ttlbuf ), "%lld", ttl );
+ assert( bv.bv_len < sizeof( ttlbuf ) );
+
+ /* FIXME: apparently, values in op->ora_e are malloc'ed
+@@ -696,7 +696,7 @@
+ goto done;
+ }
+
+- bv_entryTtl.bv_len = snprintf( textbuf, sizeof( textbuf ), "%ld", entryTtl );
++ bv_entryTtl.bv_len = snprintf( textbuf, sizeof( textbuf ), "%lld", entryTtl );
+ break;
+
+ default:
+@@ -918,7 +918,7 @@
+ ttl = (ttl < 0) ? 0 : ttl;
+ assert( ttl <= DDS_RF2589_MAX_TTL );
+
+- len = snprintf( ttlbuf, sizeof(ttlbuf), "%ld", ttl );
++ len = snprintf( ttlbuf, sizeof(ttlbuf), "%lld", ttl );
+ if ( len < 0 )
+ {
+ goto done;
+@@ -1178,7 +1178,7 @@
+ ttlmod.sml_values = ttlvalues;
+ ttlmod.sml_numvals = 1;
+ ttlvalues[ 0 ].bv_val = ttlbuf;
+- ttlvalues[ 0 ].bv_len = snprintf( ttlbuf, sizeof( ttlbuf ), "%ld", ttl );
++ ttlvalues[ 0 ].bv_len = snprintf( ttlbuf, sizeof( ttlbuf ), "%lld", ttl );
+ BER_BVZERO( &ttlvalues[ 1 ] );
+
+ /* the entryExpireTimestamp is added by modify */
+@@ -1206,7 +1206,7 @@
+ rs->sr_rspoid = ch_strdup( slap_EXOP_REFRESH.bv_val );
+
+ Log( LDAP_DEBUG_TRACE, LDAP_LEVEL_INFO,
+- "%s REFRESH dn=\"%s\" TTL=%ld\n",
++ "%s REFRESH dn=\"%s\" TTL=%lld\n",
+ op->o_log_prefix, op->o_req_ndn.bv_val, ttl );
+ }
+
+diff -ur a/servers/slapd/overlays/pcache.c b/servers/slapd/overlays/pcache.c
+--- a/servers/slapd/overlays/pcache.c 2022-12-12 23:12:56.614567788 -0600
++++ b/servers/slapd/overlays/pcache.c 2022-12-13 00:07:55.205195373 -0600
+@@ -375,12 +375,12 @@
+ attrset_len = sprintf( attrset_buf,
+ "%lu", (unsigned long)q->qtemp->attr_set_index );
+ expiry_len = sprintf( expiry_buf,
+- "%lu", (unsigned long)q->expiry_time );
++ "%llu", (unsigned long long)q->expiry_time );
+ answerable_len = snprintf( answerable_buf, sizeof( answerable_buf ),
+ "%lu", q->answerable_cnt );
+ if ( q->refresh_time )
+ refresh_len = sprintf( refresh_buf,
+- "%lu", (unsigned long)q->refresh_time );
++ "%llu", (unsigned long long)q->refresh_time );
+ else
+ refresh_len = 0;
+
+@@ -1601,8 +1601,8 @@
+
+ new_cached_query->lru_up = NULL;
+ new_cached_query->lru_down = NULL;
+- Debug( pcache_debug, "Added query expires at %ld (%s)\n",
+- (long) new_cached_query->expiry_time,
++ Debug( pcache_debug, "Added query expires at %lld (%s)\n",
++ (long long) new_cached_query->expiry_time,
+ pc_caching_reason_str[ why ] );
+
+ new_cached_query->scope = query->scope;
+@@ -2729,7 +2729,7 @@
+ pbi->bi_flags |= BI_HASHED;
+ } else {
+ Debug( pcache_debug, "pc_bind_search: cache is stale, "
+- "reftime: %ld, current time: %ld\n",
++ "reftime: %lld, current time: %lld\n",
+ pbi->bi_cq->bindref_time, op->o_time );
+ }
+ } else if ( pbi->bi_si ) {
+@@ -3865,7 +3865,7 @@
+ struct berval bv;
+ switch( c->type ) {
+ case PC_MAIN:
+- bv.bv_len = snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s %d %d %d %ld",
++ bv.bv_len = snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s %d %d %d %lld",
+ cm->db.bd_info->bi_type, cm->max_entries, cm->numattrsets,
+ cm->num_entries_limit, cm->cc_period );
+ bv.bv_val = c->cr_msg;
+@@ -3909,7 +3909,7 @@
+ /* HEADS-UP: always print all;
+ * if optional == 0, ignore */
+ bv.bv_len = snprintf( c->cr_msg, sizeof( c->cr_msg ),
+- " %d %ld %ld %ld %ld",
++ " %d %lld %lld %lld %lld",
+ temp->attr_set_index,
+ temp->ttl,
+ temp->negttl,
+@@ -3931,7 +3931,7 @@
+ for (temp=qm->templates; temp; temp=temp->qmnext) {
+ if ( !temp->bindttr ) continue;
+ bv.bv_len = snprintf( c->cr_msg, sizeof( c->cr_msg ),
+- " %d %ld %s ",
++ " %d %lld %s ",
+ temp->attr_set_index,
+ temp->bindttr,
+ ldap_pvt_scope2str( temp->bindscope ));