commit: a536db7c392465301259b2a502dc06a7ef51e2d1 Author: orbea <orbea <AT> riseup <DOT> net> AuthorDate: Sat Apr 8 22:42:15 2023 +0000 Commit: orbea <orbea <AT> riseup <DOT> net> CommitDate: Wed Apr 12 01:59:56 2023 +0000 URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=a536db7c
net-nds/openldap: Add 2.5.14, 2.6.3-r7, 2.6.4-r1 Also removes 2.6.1-r1 + 2.6.2 Upstream-issue: https://bugs.openldap.org/show_bug.cgi?id=10039 Upstream-PR: https://git.openldap.org/openldap/openldap/-/merge_requests/612 Closes: https://github.com/gentoo/libressl/pull/513 Signed-off-by: orbea <orbea <AT> riseup.net> net-nds/openldap/Manifest | 5 +- .../openldap/files/openldap-2.6.1-make-flags.patch | 59 ------ .../files/openldap-2.6.1-parallel-build.patch | 46 ---- .../openldap/files/openldap-2.6.3-clang16.patch | 185 ++++++++++++++++ net-nds/openldap/files/openldap-2.6.3-slapd-conf | 64 ++++++ .../openldap/files/openldap-2.6.4-clang16.patch | 234 +++++++++++++++++++++ net-nds/openldap/files/slapd-2.6.1.service | 1 + net-nds/openldap/files/slapd-confd | 14 -- net-nds/openldap/files/slapd-initd | 29 --- net-nds/openldap/metadata.xml | 5 +- ...ldap-2.6.1-r1.ebuild => openldap-2.5.14.ebuild} | 148 +++++++++---- ...ap-2.6.1-r1.ebuild => openldap-2.6.3-r7.ebuild} | 74 +++++-- ...nldap-2.6.2.ebuild => openldap-2.6.4-r1.ebuild} | 142 +++++++++---- 13 files changed, 748 insertions(+), 258 deletions(-) diff --git a/net-nds/openldap/Manifest b/net-nds/openldap/Manifest index dfa5c56..d5da25e 100644 --- a/net-nds/openldap/Manifest +++ b/net-nds/openldap/Manifest @@ -1,3 +1,4 @@ -DIST openldap-OPENLDAP_REL_ENG_2_6_1.tar.gz 6211863 BLAKE2B 81f4591db483a214351c2e02631fef2875e17e0890fc621182d2ed61d927c3c029a4f290ee6c0788952495d6f7a76ed15e62557b8d8f2e241d867e19fdf223b7 SHA512 ca61c1dccf3194d8d149ca0c45a4834d6fadf67a3676cf348f5f62ab92c94bc7501216d7da681c3a6f87f646a18d0f3d116c3d3a24d2e5cbebc6c695c986e517 -DIST openldap-OPENLDAP_REL_ENG_2_6_2.tar.gz 6216063 BLAKE2B 51c8d5ee712971c1aeeaedfc7bb89e65b2ccc2dc171bd0fb99e2b568d70ea5c66903194ab92a66de88fd9bc78511ffee0ab595b13a725933c7084943ac8c624a SHA512 0668165e194a7b1a483f88bf6b0f6eab2707c404f6c3164948cb11896c5e5411972a0677a927c0e509e98bfebb75b79e514bb6346b23d35687d9234f973d7520 +DIST openldap-OPENLDAP_REL_ENG_2_5_14.tar.bz2 5024359 BLAKE2B ffdffbd47e76545c2dc2d433d290945ab6eebd910031a60249cd8f6eac24f67841098e61c7e57864428e20a183a46d36dac422bba8cf6f3596f97439875af96b SHA512 abd1e8bda0762500db028f283fe2da9480a419072927295d6f3e1448cae130592511f385a87585843cf88217417c90ef57174ca919cfcf163eb41642a72bb4e3 +DIST openldap-OPENLDAP_REL_ENG_2_6_3.tar.gz 6244895 BLAKE2B 97792a1b368de44867b0ce9eef38601c3e64b7d40e4ca206295bee110097697c919040d2220eea6f0581812e09a2cc3e6afb4a243a5072a8a0a95f24f9fb354b SHA512 1c882a0cd0729b5d0f40b58588d0e36ae3b1cae6d569f0576e940c7c63d03c29ed2c9db87695a87594ba99a927ef4cba491bddba3ce049025fd5883463122ba7 +DIST openldap-OPENLDAP_REL_ENG_2_6_4.tar.bz2 5043227 BLAKE2B 9bec77dbace0e52d1607d9ac13a77349e7d0b8876aa81fa635893638d00db58ec6bf8412f11fd266bba0440887be1aa21eb4a876122152f7f6de9fd8f75b6b4c SHA512 bff11bf1ae125bcabbd307f6c4e1c102a8df6f1091f84f5e7053fdbaa89ccd6aa0c86cc8dcce4fb9b6ffd853b5f8d3c933733f5713aeb4d6a9d77ab145293b48 DIST rfc2307bis.schema-20140524 12262 BLAKE2B 98031f49e9bde1e4821e637af3382364d8344ed7017649686a088070d96a632dffa6c661552352656b1b159c0fd962965580069a64c7f3d5bb6a3ed75f60fd99 SHA512 83b89a1deeefc8566b97e7e865b9b6d04541099cbdf719e24538a7d27d61b6209e87ab9003a9f140bd9afd018ec569e71721e3a24090e1902c8b6659d2ba103e diff --git a/net-nds/openldap/files/openldap-2.6.1-make-flags.patch b/net-nds/openldap/files/openldap-2.6.1-make-flags.patch deleted file mode 100644 index bf94f99..0000000 --- a/net-nds/openldap/files/openldap-2.6.1-make-flags.patch +++ /dev/null @@ -1,59 +0,0 @@ -https://github.com/openldap/openldap/commit/8e3f87f86a51e78bffefb85968e5684213422cb7 - -From: Orgad Shaneh <[email protected]> -Date: Tue, 25 Jan 2022 17:38:46 +0200 -Subject: [PATCH] ITS#9788 Fix make jobserver warnings - -Running make -j8 issues the following warning for each directory with -make 4.3: -make[2]: warning: -j8 forced in submake: resetting jobserver mode. - -There is no need to pass MFLAGS. Make picks it up from the -environment anyway. ---- a/build/dir.mk -+++ b/build/dir.mk -@@ -21,7 +21,7 @@ all-common: FORCE - @echo "Making all in `$(PWD)`" - @for i in $(SUBDIRS) $(ALLDIRS); do \ - echo " Entering subdirectory $$i"; \ -- ( cd $$i && $(MAKE) $(MFLAGS) all ); \ -+ ( cd $$i && $(MAKE) all ); \ - if test $$? != 0 ; then exit 1; fi ; \ - echo " "; \ - done -@@ -30,7 +30,7 @@ install-common: FORCE - @echo "Making install in `$(PWD)`" - @for i in $(SUBDIRS) $(INSTALLDIRS); do \ - echo " Entering subdirectory $$i"; \ -- ( cd $$i && $(MAKE) $(MFLAGS) install ); \ -+ ( cd $$i && $(MAKE) install ); \ - if test $$? != 0 ; then exit 1; fi ; \ - echo " "; \ - done -@@ -39,7 +39,7 @@ clean-common: FORCE - @echo "Making clean in `$(PWD)`" - @for i in $(SUBDIRS) $(CLEANDIRS); do \ - echo " Entering subdirectory $$i"; \ -- ( cd $$i && $(MAKE) $(MFLAGS) clean ); \ -+ ( cd $$i && $(MAKE) clean ); \ - if test $$? != 0 ; then exit 1; fi ; \ - echo " "; \ - done -@@ -48,7 +48,7 @@ veryclean-common: FORCE - @echo "Making veryclean in `$(PWD)`" - @for i in $(SUBDIRS) $(CLEANDIRS); do \ - echo " Entering subdirectory $$i"; \ -- ( cd $$i && $(MAKE) $(MFLAGS) veryclean ); \ -+ ( cd $$i && $(MAKE) veryclean ); \ - if test $$? != 0 ; then exit 1; fi ; \ - echo " "; \ - done -@@ -57,7 +57,7 @@ depend-common: FORCE - @echo "Making depend in `$(PWD)`" - @for i in $(SUBDIRS) $(DEPENDDIRS); do \ - echo " Entering subdirectory $$i"; \ -- ( cd $$i && $(MAKE) $(MFLAGS) depend ); \ -+ ( cd $$i && $(MAKE) depend ); \ - if test $$? != 0 ; then exit 1; fi ; \ - echo " "; \ - done diff --git a/net-nds/openldap/files/openldap-2.6.1-parallel-build.patch b/net-nds/openldap/files/openldap-2.6.1-parallel-build.patch deleted file mode 100644 index 757a33c..0000000 --- a/net-nds/openldap/files/openldap-2.6.1-parallel-build.patch +++ /dev/null @@ -1,46 +0,0 @@ -https://github.com/openldap/openldap/commit/d7c0417bcfba5400c0be2ce83eaf43ec97c97edd.patch -https://github.com/openldap/openldap/commit/d75de4d6e98e9501ada2b6a1d527669bd7eb2fa3.patch -https://bugs.gentoo.org/836557 - -From: Yi Zhao <[email protected]> -Date: Thu, 2 Dec 2021 11:38:15 +0800 -Subject: [PATCH] ITS#9840 - ldif-filter: fix parallel build failure - -Add slapd-common.o as dependency for ldif-filter to fix the parallel -build failure: - ld: cannot find slapd-common.o: No such file or directory - -Signed-off-by: Yi Zhao <[email protected]> ---- a/tests/progs/Makefile.in -+++ b/tests/progs/Makefile.in -@@ -56,7 +56,7 @@ slapd-modify: slapd-modify.o $(OBJS) $(XLIBS) - slapd-bind: slapd-bind.o $(OBJS) $(XLIBS) - $(LTLINK) -o $@ slapd-bind.o $(OBJS) $(LIBS) - --ldif-filter: ldif-filter.o $(XLIBS) -+ldif-filter: ldif-filter.o $(OBJS) $(XLIBS) - $(LTLINK) -o $@ ldif-filter.o $(OBJS) $(LIBS) - - slapd-mtread: slapd-mtread.o $(OBJS) $(XLIBS) - -From: Yi Zhao <[email protected]> -Date: Mon, 10 Jan 2022 10:13:51 +0800 -Subject: [PATCH] ITS#9840 - libraries/Makefile.in: ignore the mkdir errors - -Ignore the mkdir errors to fix the parallel build failure: - -../../build/shtool mkdir -p TOPDIR/tmp-glibc/work/cortexa15t2hf-neon-wrs-linux-gnueabi/openldap/2.5.9-r0/image/usr/lib -mkdir: cannot create directory 'TOPDIR/tmp-glibc/work/cortexa15t2hf-neon-wrs-linux-gnueabi/openldap/2.5.9-r0/image/usr/lib': File exists - -Signed-off-by: Yi Zhao <[email protected]> ---- a/libraries/Makefile.in -+++ b/libraries/Makefile.in -@@ -24,7 +24,7 @@ PKGCONFIG_DIR=$(DESTDIR)$(libdir)/pkgconfig - PKGCONFIG_SRCDIRS=liblber libldap - - install-local: -- @$(MKDIR) $(PKGCONFIG_DIR) -+ @-$(MKDIR) $(PKGCONFIG_DIR) - @for i in $(PKGCONFIG_SRCDIRS); do \ - $(INSTALL_DATA) $$i/*.pc $(PKGCONFIG_DIR); \ - done diff --git a/net-nds/openldap/files/openldap-2.6.3-clang16.patch b/net-nds/openldap/files/openldap-2.6.3-clang16.patch new file mode 100644 index 0000000..7027197 --- /dev/null +++ b/net-nds/openldap/files/openldap-2.6.3-clang16.patch @@ -0,0 +1,185 @@ +From ee4983302d6f052e77ab0332d2a128d169c2eacb Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Arsen=20Arsenovi=C4=87?= <[email protected]> +Date: Tue, 15 Nov 2022 21:45:27 +0100 +Subject: [PATCH] Remove default-int/k&r declarations from the configure macros + +Recently, Clang tried to switch to having K&R prototypes and other +non-strictly-conforming prototypes error out, as a result of C2x changes +to the standard. These have been located across many packages, and +range in severity from mild compile errors to runtime misconfiguration +as a result of broken configure scripts. + +This covers all the instances I could find by grepping around the +codebase, and gets OpenLDAP building on my system. + +Bug: https://bugs.gentoo.org/871288 +Bug: https://bugs.gentoo.org/871372 +--- a/build/openldap.m4 ++++ b/build/openldap.m4 +@@ -154,6 +154,7 @@ fi + if test $ol_cv_header_stdc = yes; then + # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. + AC_RUN_IFELSE([AC_LANG_SOURCE([[#include <ctype.h> ++#include <stdlib.h> + #ifndef HAVE_EBCDIC + # define ISLOWER(c) ('a' <= (c) && (c) <= 'z') + # define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) +@@ -394,9 +395,7 @@ AC_DEFUN([OL_PTHREAD_TEST_FUNCTION],[[ + AC_DEFUN([OL_PTHREAD_TEST_PROGRAM], + [AC_LANG_SOURCE([OL_PTHREAD_TEST_INCLUDES + +-int main(argc, argv) +- int argc; +- char **argv; ++int main(int argc, char **argv) + { + OL_PTHREAD_TEST_FUNCTION + } +@@ -518,7 +517,7 @@ AC_CACHE_CHECK([for compatible POSIX regex],ol_cv_c_posix_regex,[ + #include <sys/types.h> + #include <regex.h> + static char *pattern, *string; +-main() ++int main(void) + { + int rc; + regex_t re; +@@ -545,7 +544,8 @@ AC_DEFUN([OL_C_UPPER_LOWER], + [AC_CACHE_CHECK([if toupper() requires islower()],ol_cv_c_upper_lower,[ + AC_RUN_IFELSE([AC_LANG_SOURCE([[ + #include <ctype.h> +-main() ++#include <stdlib.h> ++int main(void) + { + if ('C' == toupper('C')) + exit(0); +@@ -603,7 +603,7 @@ AC_DEFUN([OL_NONPOSIX_STRERROR_R], + ]])],[ol_cv_nonposix_strerror_r=yes],[ol_cv_nonposix_strerror_r=no]) + else + AC_RUN_IFELSE([AC_LANG_SOURCE([[ +- main() { ++ int main(void) { + char buf[100]; + buf[0] = 0; + strerror_r( 1, buf, sizeof buf ); +--- a/configure.ac ++++ b/configure.ac +@@ -1031,7 +1031,11 @@ dnl ---------------------------------------------------------------- + AC_CHECK_HEADERS( sys/epoll.h ) + if test "${ac_cv_header_sys_epoll_h}" = yes; then + AC_MSG_CHECKING(for epoll system call) +- AC_RUN_IFELSE([AC_LANG_SOURCE([[int main(int argc, char **argv) ++ AC_RUN_IFELSE([AC_LANG_SOURCE([[#include <stdlib.h> ++#ifdef HAVE_SYS_POLL_H ++#include <sys/epoll.h> ++#endif ++int main(int argc, char **argv) + { + int epfd = epoll_create(256); + exit (epfd == -1 ? 1 : 0); +@@ -1493,10 +1497,8 @@ pthread_rwlock_t rwlock; + dnl save the flags + AC_LINK_IFELSE([AC_LANG_PROGRAM([[ + #include <pthread.h> +-#ifndef NULL +-#define NULL (void*)0 +-#endif +-]], [[pthread_detach(NULL);]])],[ol_cv_func_pthread_detach=yes],[ol_cv_func_pthread_detach=no]) ++pthread_t thread; ++]], [[pthread_detach(thread);]])],[ol_cv_func_pthread_detach=yes],[ol_cv_func_pthread_detach=no]) + ]) + + if test $ol_cv_func_pthread_detach = no ; then +@@ -1551,6 +1553,9 @@ dnl esac + AC_CACHE_CHECK([if select yields when using pthreads], + ol_cv_pthread_select_yields,[ + AC_RUN_IFELSE([AC_LANG_SOURCE([[ ++#define _XOPEN_SOURCE 500 /* For pthread_setconcurrency() on glibc */ ++#include <stdlib.h> ++#include <stdio.h> + #include <sys/types.h> + #include <sys/time.h> + #include <unistd.h> +@@ -1561,8 +1566,7 @@ dnl esac + + static int fildes[2]; + +-static void *task(p) +- void *p; ++static void *task(void *p) + { + int i; + struct timeval tv; +@@ -1586,9 +1590,7 @@ static void *task(p) + exit(0); /* if we exit here, the select blocked the whole process */ + } + +-int main(argc, argv) +- int argc; +- char **argv; ++int main(int argc, char **argv) + { + pthread_t t; + +--- a/contrib/ldaptcl/tclAppInit.c ++++ b/contrib/ldaptcl/tclAppInit.c +@@ -45,9 +45,7 @@ EXTERN int Tcltest_Init _ANSI_ARGS_((Tcl_Interp *interp)); + */ + + int +-main(argc, argv) +- int argc; /* Number of command-line arguments. */ +- char **argv; /* Values of command-line arguments. */ ++main(int argc, char **argv) + { + #ifdef USE_TCLX + TclX_Main(argc, argv, Tcl_AppInit); +--- a/contrib/ldaptcl/tkAppInit.c ++++ b/contrib/ldaptcl/tkAppInit.c +@@ -37,16 +37,9 @@ int (*tclDummyMathPtr)() = matherr; + * This is the main program for the application. + *----------------------------------------------------------------------------- + */ +-#ifdef __cplusplus + int + main (int argc, + char **argv) +-#else +-int +-main (argc, argv) +- int argc; +- char **argv; +-#endif + { + #ifdef USE_TCLX + TkX_Main(argc, argv, Tcl_AppInit); +@@ -68,14 +61,8 @@ main (argc, argv) + * interp->result if an error occurs. + *----------------------------------------------------------------------------- + */ +-#ifdef __cplusplus + int + Tcl_AppInit (Tcl_Interp *interp) +-#else +-int +-Tcl_AppInit (interp) +- Tcl_Interp *interp; +-#endif + { + if (Tcl_Init (interp) == TCL_ERROR) { + return TCL_ERROR; +--- a/servers/slapd/syslog.c ++++ b/servers/slapd/syslog.c +@@ -209,7 +209,7 @@ openlog(const char *ident, int logstat, int logfac) + } + + void +-closelog() ++closelog(void) + { + (void)close(LogFile); + LogFile = -1; +-- +2.38.1 + diff --git a/net-nds/openldap/files/openldap-2.6.3-slapd-conf b/net-nds/openldap/files/openldap-2.6.3-slapd-conf new file mode 100644 index 0000000..4555c62 --- /dev/null +++ b/net-nds/openldap/files/openldap-2.6.3-slapd-conf @@ -0,0 +1,64 @@ +# +# See slapd.conf(5) for details on configuration options. +# This file should NOT be world readable. +# +include /etc/openldap/schema/core.schema + +# Define global ACLs to disable default read access. + +# Do not enable referrals until AFTER you have a working directory +# service AND an understanding of referrals. +#referral ldap://root.openldap.org + +pidfile /run/openldap/slapd.pid +argsfile /run/openldap/slapd.args + +# Load dynamic backend modules: +###INSERTDYNAMICMODULESHERE### + +# Sample security restrictions +# Require integrity protection (prevent hijacking) +# Require 112-bit (3DES or better) encryption for updates +# Require 63-bit encryption for simple bind +# security ssf=1 update_ssf=112 simple_bind=64 + +# Sample access control policy: +# Root DSE: allow anyone to read it +# Subschema (sub)entry DSE: allow anyone to read it +# Other DSEs: +# Allow self write access +# Allow authenticated users read access +# Allow anonymous users to authenticate +# Directives needed to implement policy: +# access to dn.base="" by * read +# access to dn.base="cn=Subschema" by * read +# access to * +# by self write +# by users read +# by anonymous auth +# +# if no access controls are present, the default policy +# allows anyone and everyone to read anything but restricts +# updates to rootdn. (e.g., "access to * by * read") +# +# rootdn can always read and write EVERYTHING! + +####################################################################### +# BDB database definitions +####################################################################### + +database mdb +suffix "dc=my-domain,dc=com" +# <kbyte> <min> +checkpoint 32 30 +rootdn "cn=Manager,dc=my-domain,dc=com" +# Cleartext passwords, especially for the rootdn, should +# be avoid. See slappasswd(8) and slapd.conf(5) for details. +# Use of strong authentication encouraged. +rootpw secret +# The database directory MUST exist prior to running slapd AND +# should only be accessible by the slapd and slap tools. +# Mode 700 recommended. +directory /var/lib/openldap-data +# Indices to maintain +index objectClass eq diff --git a/net-nds/openldap/files/openldap-2.6.4-clang16.patch b/net-nds/openldap/files/openldap-2.6.4-clang16.patch new file mode 100644 index 0000000..bcbdf0b --- /dev/null +++ b/net-nds/openldap/files/openldap-2.6.4-clang16.patch @@ -0,0 +1,234 @@ +https://git.openldap.org/openldap/openldap/-/merge_requests/605 + +From 83e2db9bf9fc2530a0ea6ca538a7732f6ad9de0e Mon Sep 17 00:00:00 2001 +From: Sam James <[email protected]> +Date: Thu, 9 Feb 2023 23:17:53 +0000 +Subject: [PATCH 1/3] build: fix compatibility with stricter C99 compilers + +Fix the following warnings: +- -Wimplicit-int (fatal with Clang 16) +- -Wimplicit-function-declaration (fatal with Clang 16) +- -Wincompatible-function-pointer-types (fatal with Clang 16) +- -Wint-conversion (fatal with Clang 15) +- Old style prototypes (K&R, removed from C23) + +These warnings-now-error led to misconfigurations and failure to build +OpenLDAP, as the tests used during configure caused the wrong results +to be emitted. + +For more information, see LWN.net [0] or LLVM's Discourse [1], the Gentoo wiki [2], +or the (new) c-std-porting mailing list [3]. + +[0] https://lwn.net/Articles/913505/ +[1] https://discourse.llvm.org/t/configure-script-breakage-with-the-new-werror-implicit-function-declaration/65213 +[2] https://wiki.gentoo.org/wiki/Modern_C_porting +[3] hosted at lists.linux.dev. + +Bug: https://bugs.gentoo.org/871288 +Signed-off-by: Sam James <[email protected]> +--- a/build/openldap.m4 ++++ b/build/openldap.m4 +@@ -154,6 +154,7 @@ fi + if test $ol_cv_header_stdc = yes; then + # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. + AC_RUN_IFELSE([AC_LANG_SOURCE([[#include <ctype.h> ++#include <stdlib.h> + #ifndef HAVE_EBCDIC + # define ISLOWER(c) ('a' <= (c) && (c) <= 'z') + # define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) +@@ -360,9 +361,7 @@ AC_DEFUN([OL_PTHREAD_TEST_FUNCTION],[[ + AC_DEFUN([OL_PTHREAD_TEST_PROGRAM], + [AC_LANG_SOURCE([OL_PTHREAD_TEST_INCLUDES + +-int main(argc, argv) +- int argc; +- char **argv; ++int main(int argc, char **argv) + { + OL_PTHREAD_TEST_FUNCTION + } +@@ -484,7 +483,7 @@ AC_CACHE_CHECK([for compatible POSIX regex],ol_cv_c_posix_regex,[ + #include <sys/types.h> + #include <regex.h> + static char *pattern, *string; +-main() ++int main(void) + { + int rc; + regex_t re; +@@ -511,7 +510,8 @@ AC_DEFUN([OL_C_UPPER_LOWER], + [AC_CACHE_CHECK([if toupper() requires islower()],ol_cv_c_upper_lower,[ + AC_RUN_IFELSE([AC_LANG_SOURCE([[ + #include <ctype.h> +-main() ++#include <stdlib.h> ++int main(void) + { + if ('C' == toupper('C')) + exit(0); +@@ -569,7 +569,7 @@ AC_DEFUN([OL_NONPOSIX_STRERROR_R], + ]])],[ol_cv_nonposix_strerror_r=yes],[ol_cv_nonposix_strerror_r=no]) + else + AC_RUN_IFELSE([AC_LANG_SOURCE([[ +- main() { ++ int main(void) { + char buf[100]; + buf[0] = 0; + strerror_r( 1, buf, sizeof buf ); +--- a/configure.ac ++++ b/configure.ac +@@ -1017,7 +1017,11 @@ dnl ---------------------------------------------------------------- + AC_CHECK_HEADERS( sys/epoll.h ) + if test "${ac_cv_header_sys_epoll_h}" = yes; then + AC_MSG_CHECKING(for epoll system call) +- AC_RUN_IFELSE([AC_LANG_SOURCE([[int main(int argc, char **argv) ++ AC_RUN_IFELSE([AC_LANG_SOURCE([[#include <stdlib.h> ++#ifdef HAVE_SYS_POLL_H ++#include <sys/epoll.h> ++#endif ++int main(int argc, char **argv) + { + int epfd = epoll_create(256); + exit (epfd == -1 ? 1 : 0); +@@ -1479,10 +1483,8 @@ pthread_rwlock_t rwlock; + dnl save the flags + AC_LINK_IFELSE([AC_LANG_PROGRAM([[ + #include <pthread.h> +-#ifndef NULL +-#define NULL (void*)0 +-#endif +-]], [[pthread_detach(NULL);]])],[ol_cv_func_pthread_detach=yes],[ol_cv_func_pthread_detach=no]) ++pthread_t thread; ++]], [[pthread_detach(thread);]])],[ol_cv_func_pthread_detach=yes],[ol_cv_func_pthread_detach=no]) + ]) + + if test $ol_cv_func_pthread_detach = no ; then +@@ -1537,6 +1539,9 @@ dnl esac + AC_CACHE_CHECK([if select yields when using pthreads], + ol_cv_pthread_select_yields,[ + AC_RUN_IFELSE([AC_LANG_SOURCE([[ ++#define _XOPEN_SOURCE 500 /* For pthread_setconcurrency() on glibc */ ++#include <stdlib.h> ++#include <stdio.h> + #include <sys/types.h> + #include <sys/time.h> + #include <unistd.h> +@@ -1547,8 +1552,7 @@ dnl esac + + static int fildes[2]; + +-static void *task(p) +- void *p; ++static void *task(void *p) + { + int i; + struct timeval tv; +@@ -1572,9 +1576,7 @@ static void *task(p) + exit(0); /* if we exit here, the select blocked the whole process */ + } + +-int main(argc, argv) +- int argc; +- char **argv; ++int main(int argc, char **argv) + { + pthread_t t; + +-- +GitLab + + +From 853d613f39ae9e8d7dad4492076959c2d80e38c1 Mon Sep 17 00:00:00 2001 +From: Sam James <[email protected]> +Date: Thu, 9 Feb 2023 23:20:32 +0000 +Subject: [PATCH 2/3] contrib: fix old-style K&R declarations + +Removed in C23. + +For more information, see LWN.net [0] or LLVM's Discourse [1], the Gentoo wiki [2], +or the (new) c-std-porting mailing list [3]. + +[0] https://lwn.net/Articles/913505/ +[1] https://discourse.llvm.org/t/configure-script-breakage-with-the-new-werror-implicit-function-declaration/65213 +[2] https://wiki.gentoo.org/wiki/Modern_C_porting +[3] hosted at lists.linux.dev. + +Signed-off-by: Sam James <[email protected]> +--- a/contrib/ldaptcl/tclAppInit.c ++++ b/contrib/ldaptcl/tclAppInit.c +@@ -45,9 +45,7 @@ EXTERN int Tcltest_Init _ANSI_ARGS_((Tcl_Interp *interp)); + */ + + int +-main(argc, argv) +- int argc; /* Number of command-line arguments. */ +- char **argv; /* Values of command-line arguments. */ ++main(int argc, char **argv) + { + #ifdef USE_TCLX + TclX_Main(argc, argv, Tcl_AppInit); +--- a/contrib/ldaptcl/tkAppInit.c ++++ b/contrib/ldaptcl/tkAppInit.c +@@ -37,16 +37,9 @@ int (*tclDummyMathPtr)() = matherr; + * This is the main program for the application. + *----------------------------------------------------------------------------- + */ +-#ifdef __cplusplus + int + main (int argc, + char **argv) +-#else +-int +-main (argc, argv) +- int argc; +- char **argv; +-#endif + { + #ifdef USE_TCLX + TkX_Main(argc, argv, Tcl_AppInit); +@@ -68,14 +61,8 @@ main (argc, argv) + * interp->result if an error occurs. + *----------------------------------------------------------------------------- + */ +-#ifdef __cplusplus + int + Tcl_AppInit (Tcl_Interp *interp) +-#else +-int +-Tcl_AppInit (interp) +- Tcl_Interp *interp; +-#endif + { + if (Tcl_Init (interp) == TCL_ERROR) { + return TCL_ERROR; +-- +GitLab + + +From b4b3d026461b16f4f462e70225a5a0493647f0c8 Mon Sep 17 00:00:00 2001 +From: Sam James <[email protected]> +Date: Thu, 9 Feb 2023 23:20:51 +0000 +Subject: [PATCH 3/3] servers: fix -Wstrict-prototypes + +For more information, see LWN.net [0] or LLVM's Discourse [1], the Gentoo wiki [2], +or the (new) c-std-porting mailing list [3]. + +[0] https://lwn.net/Articles/913505/ +[1] https://discourse.llvm.org/t/configure-script-breakage-with-the-new-werror-implicit-function-declaration/65213 +[2] https://wiki.gentoo.org/wiki/Modern_C_porting +[3] hosted at lists.linux.dev. + +Signed-off-by: Sam James <[email protected]> +--- a/servers/slapd/syslog.c ++++ b/servers/slapd/syslog.c +@@ -209,7 +209,7 @@ openlog(const char *ident, int logstat, int logfac) + } + + void +-closelog() ++closelog(void) + { + (void)close(LogFile); + LogFile = -1; +-- +GitLab diff --git a/net-nds/openldap/files/slapd-2.6.1.service b/net-nds/openldap/files/slapd-2.6.1.service index 5f08be3..ff571d2 100644 --- a/net-nds/openldap/files/slapd-2.6.1.service +++ b/net-nds/openldap/files/slapd-2.6.1.service @@ -7,6 +7,7 @@ Type=notify PIDFile=/run/openldap/slapd.pid ExecStartPre=/usr/sbin/slaptest -Q -u $SLAPD_OPTIONS ExecStart=/usr/lib/openldap/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS +NotifyAccess=all [Install] WantedBy=multi-user.target diff --git a/net-nds/openldap/files/slapd-confd b/net-nds/openldap/files/slapd-confd deleted file mode 100644 index 28e9d23..0000000 --- a/net-nds/openldap/files/slapd-confd +++ /dev/null @@ -1,14 +0,0 @@ -# conf.d file for openldap -# -# To enable both the standard unciphered server and the ssl encrypted -# one uncomment this line or set any other server starting options -# you may desire. -# -# OPTS="-h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'" -# Uncomment the below to use the new slapd configuration for openldap 2.3 -#OPTS="-F /etc/openldap/slapd.d -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'" -# -# If you change the above listen statement to bind on a specific IP for -# listening, you should ensure that interface is up here (change eth0 as -# needed). -#rc_need="net.eth0" diff --git a/net-nds/openldap/files/slapd-initd b/net-nds/openldap/files/slapd-initd deleted file mode 100644 index a8e9864..0000000 --- a/net-nds/openldap/files/slapd-initd +++ /dev/null @@ -1,29 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2013 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -depend() { - need net.lo - before hald avahi-daemon -} - -start() { - checkpath -q -d /var/run/openldap/ -o ldap:ldap - if ! checkconfig ; then - eerror "There is a problem with your slapd.conf!" - return 1 - fi - ebegin "Starting ldap-server" - eval start-stop-daemon --start --pidfile /var/run/openldap/slapd.pid --exec /usr/lib/openldap/slapd -- -u ldap -g ldap "${OPTS}" - eend $? -} - -stop() { - ebegin "Stopping ldap-server" - start-stop-daemon --stop --signal 2 --quiet --pidfile /var/run/openldap/slapd.pid - eend $? -} - -checkconfig() { - /usr/sbin/slaptest -u "$@" ${OPTS_CONF} -} diff --git a/net-nds/openldap/metadata.xml b/net-nds/openldap/metadata.xml index d19853e..115e7b6 100644 --- a/net-nds/openldap/metadata.xml +++ b/net-nds/openldap/metadata.xml @@ -1,10 +1,6 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd";> <pkgmetadata> - <maintainer type="person"> - <email>[email protected]</email> - <name>Mikle Kolyada</name> - </maintainer> <maintainer type="project"> <email>[email protected]</email> </maintainer> @@ -24,6 +20,7 @@ <upstream> <bugs-to>https://bugs.openldap.org/</bugs-to> <remote-id type="cpe">cpe:/a:openldap:openldap</remote-id> + <remote-id type="github">openldap/openldap</remote-id> <remote-id type="gitlab">openldap/openldap</remote-id> </upstream> </pkgmetadata> diff --git a/net-nds/openldap/openldap-2.6.1-r1.ebuild b/net-nds/openldap/openldap-2.5.14.ebuild similarity index 85% copy from net-nds/openldap/openldap-2.6.1-r1.ebuild copy to net-nds/openldap/openldap-2.5.14.ebuild index db84648..6cf81a4 100644 --- a/net-nds/openldap/openldap-2.6.1-r1.ebuild +++ b/net-nds/openldap/openldap-2.5.14.ebuild @@ -1,8 +1,11 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 +# Re cleanups: +# 2.5.x is an LTS release so we want to keep it for a while. + inherit autotools flag-o-matic multilib multilib-minimal preserve-libs ssl-cert toolchain-funcs systemd tmpfiles MY_PV="$(ver_rs 1-2 _)" @@ -12,11 +15,12 @@ BIS_PV=20140524 BIS_P="${BIS_PN}-${BIS_PV}" DESCRIPTION="LDAP suite of application and development tools" -HOMEPAGE="https://www.OpenLDAP.org/"; - +HOMEPAGE="https://www.openldap.org/"; SRC_URI=" - https://gitlab.com/openldap/${PN}/-/archive/OPENLDAP_REL_ENG_${MY_PV}/${PN}-OPENLDAP_REL_ENG_${MY_PV}.tar.gz - mirror://gentoo/${BIS_P}" + https://gitlab.com/openldap/${PN}/-/archive/OPENLDAP_REL_ENG_${MY_PV}/${PN}-OPENLDAP_REL_ENG_${MY_PV}.tar.bz2 + mirror://gentoo/${BIS_P} +" +S="${WORKDIR}"/${PN}-OPENLDAP_REL_ENG_${MY_PV} LICENSE="OPENLDAP GPL-2" # Subslot added for bug #835654 @@ -34,12 +38,12 @@ RESTRICT="!test? ( test )" RESTRICT="!test? ( test )" REQUIRED_USE="cxx? ( sasl ) pbkdf2? ( ssl ) - test? ( cleartext sasl ) + test? ( cleartext debug sasl ) autoca? ( !gnutls ) - ?? ( test minimal )" - -S=${WORKDIR}/${PN}-OPENLDAP_REL_ENG_${MY_PV} + ?? ( test minimal ) + kerberos? ( ?? ( kinit smbkrb5passwd ) )" +SYSTEM_LMDB_VER=0.9.30 # openssl is needed to generate lanman-passwords required by samba COMMON_DEPEND=" kernel_linux? ( sys-apps/util-linux ) @@ -56,7 +60,7 @@ COMMON_DEPEND=" !minimal? ( dev-libs/libltdl sys-fs/e2fsprogs - >=dev-db/lmdb-0.9.18:= + >=dev-db/lmdb-${SYSTEM_LMDB_VER}:= argon2? ( app-crypt/argon2:= ) crypt? ( virtual/libcrypt:= ) tcpd? ( sys-apps/tcp-wrappers ) @@ -69,7 +73,7 @@ COMMON_DEPEND=" smbkrb5passwd? ( dev-libs/openssl:0= kerberos? ( app-crypt/heimdal ) - ) + ) kerberos? ( virtual/krb5 kinit? ( !app-crypt/heimdal ) @@ -138,10 +142,7 @@ PATCHES=( "${FILESDIR}"/${PN}-2.6.1-system-mdb.patch "${FILESDIR}"/${PN}-2.6.1-cloak.patch "${FILESDIR}"/${PN}-2.6.1-flags.patch - "${FILESDIR}"/${PN}-2.6.1-fix-missing-mapping.patch - "${FILESDIR}"/${PN}-2.6.1-make-flags.patch - "${FILESDIR}"/${PN}-2.6.1-fix-bashism-configure.patch - "${FILESDIR}"/${PN}-2.6.1-parallel-build.patch + "${FILESDIR}"/${PN}-2.6.4-clang16.patch ) openldap_filecount() { @@ -167,7 +168,7 @@ openldap_find_versiontags() { openldap_found_tag=0 have_files=0 for each in ${openldap_datadirs[@]} ; do - CURRENT_TAGDIR="${ROOT}$(sed "s:\/::" <<< ${each})" + CURRENT_TAGDIR="${EROOT}$(sed "s:\/::" <<< ${each})" CURRENT_TAG="${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}" if [[ -d "${CURRENT_TAGDIR}" ]] && [[ "${openldap_found_tag}" == 0 ]] ; then einfo "- Checking ${each}..." @@ -232,7 +233,27 @@ openldap_find_versiontags() { OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \ | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')" local fail=0 - if [[ -z "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then + + # This will not cover detection of cn=Config based configuration, but + # it's hopefully good enough. + if grep -sq '^backend.*shell' "${EROOT}"/etc/openldap/slapd.conf; then + eerror " OpenLDAP >= 2.6.x has dropped support for Shell backend." + eerror " You will need to migrate per upstream's migration notes" + eerror " at https://www.openldap.org/doc/admin25/appendix-upgrading.html."; + eerror " Your existing database will not be accessible until it is" + eerror " converted away from backend shell!" + echo + fail=1 + fi + if has_version "${CATEGORY}/${PN}[berkdb]" || grep -sq '^backend.*(bdb|hdb)' /etc/openldap/slapd.conf; then + eerror " OpenLDAP >= 2.6.x has dropped support for Berkeley DB." + eerror " You will need to migrate per upstream's migration notes" + eerror " at https://www.openldap.org/doc/admin25/appendix-upgrading.html."; + eerror " Your existing database will not be accessible until it is" + eerror " converted to mdb!" + echo + fail=1 + elif [[ -z "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then : # Nothing wrong here. elif [[ -z "${OLDVER}" ]] && [[ -n "${NEWVER}" ]]; then @@ -288,8 +309,8 @@ openldap_upgrade_howto() { eerror " 7. slapadd -l ${l}" eerror " 8. chown ldap:ldap /var/lib/openldap-data/*" eerror " 9. /etc/init.d/slapd start" - eerror "10. check that your data is intact." - eerror "11. set up the new replication system." + eerror "10. Check that your data is intact." + eerror "11. Set up the new replication system." eerror if [[ "${FORCE_UPGRADE}" != "1" ]]; then die "You need to upgrade your database first" @@ -314,26 +335,47 @@ pkg_setup() { } src_prepare() { + # The system copy of dev-db/lmdb must match the version that this copy + # of OpenLDAP shipped with! See bug #588792. + # + # Fish out MDB_VERSION_MAJOR/MDB_VERSION_MINOR/MDB_VERSION_PATCH from + # the bundled lmdb's header to find out the version. + local bundled_lmdb_version=$(sed -En '/^#define MDB_VERSION_(MAJOR|MINOR|PATCH)(\s+)?/{s/[^0-9.]//gp}' libraries/liblmdb/lmdb.h || die) + bundled_lmdb_version=$(printf "%s." ${bundled_lmdb_version}) + + if [[ ${SYSTEM_LMDB_VER}. != ${bundled_lmdb_version} ]] ; then + eerror "Source lmdb version: ${bundled_lmdb_version}" + eerror "Ebuild lmdb version: ${SYSTEM_LMDB_VER}" + die "Ebuild needs to update SYSTEM_LMDB_VER!" + fi + rm -r libraries/liblmdb || die 'could not removed bundled lmdb directory' + local filename for filename in doc/drafts/draft-ietf-ldapext-acl-model-xx.txt; do - iconv -f iso-8859-1 -t utf-8 "$filename" > "$filename.utf8" - mv "$filename.utf8" "$filename" + iconv -f iso-8859-1 -t utf-8 "${filename}" > "${filename}.utf8" + mv "${filename}.utf8" "${filename}" done default sed -i \ -e "s:\$(localstatedir)/run:${EPREFIX}/run:" \ + -e '/MKDIR.*.(DESTDIR)\/run/d' \ + -e '/MKDIR.*.(DESTDIR).*.(runstatedir)/d' \ servers/slapd/Makefile.in || die 'adjusting slapd Makefile.in failed' pushd build &>/dev/null || die "pushd build" einfo "Making sure upstream build strip does not do stripping too early" sed -i.orig \ -e '/^STRIP/s,-s,,g' \ - top.mk || die "Failed to remove to early stripping" + top.mk || die "Failed to remove too early stripping" popd &>/dev/null || die + # Fails with OpenSSL 3, bug #848894 + # https://bugs.openldap.org/show_bug.cgi?id=10009 + rm tests/scripts/test076-authid-rewrite || die + eautoreconf multilib_copy_sources } @@ -346,7 +388,7 @@ build_contrib_module() { emake \ LDAP_BUILD="${BUILD_DIR}" prefix="${EPREFIX}/usr" \ CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" \ - "$target" + "${target}" popd &>/dev/null || die } @@ -366,6 +408,14 @@ multilib_src_configure() { --without-fetch ) + if use experimental ; then + # connectionless ldap per bug #342439 + # connectionless is a unsupported feature according to Howard Chu + # see https://bugs.openldap.org/show_bug.cgi?id=9739 + # (see also bug #892009) + append-flags -DLDAP_CONNECTIONLESS + fi + if ! use minimal && multilib_is_native_abi; then # SLAPD (Standalone LDAP Daemon) Options # overlay chaining requires '--enable-ldap' #296567 @@ -380,11 +430,6 @@ multilib_src_configure() { $(use_enable tcpd wrappers) ) if use experimental ; then - # connectionless ldap per bug #342439 - # connectionless is a unsupported feature according to Howard Chu - # see https://bugs.openldap.org/show_bug.cgi?id=9739 - append-cppflags -DLDAP_CONNECTIONLESS - myconf+=( --enable-dynacl # ACI build as dynamic module not supported (yet) @@ -508,13 +553,14 @@ src_configure_cxx() { mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die "could not create ${BUILD_DIR}/contrib/ldapc++ directory" pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++" - local LDFLAGS=${LDFLAGS} - local CPPFLAGS=${CPPFLAGS} - append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \ - -L"${BUILD_DIR}"/libraries/libldap/.libs + + local LDFLAGS="${LDFLAGS}" + local CPPFLAGS="${CPPFLAGS}" + + append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs -L"${BUILD_DIR}"/libraries/libldap/.libs append-cppflags -I"${BUILD_DIR}"/include - ECONF_SOURCE=${S}/contrib/ldapc++ \ - econf "${myconf_ldapcpp[@]}" + + ECONF_SOURCE="${S}"/contrib/ldapc++ econf "${myconf_ldapcpp[@]}" popd &>/dev/null || die "popd contrib/ldapc++" } @@ -605,6 +651,7 @@ multilib_src_compile() { $(tc-getCC) -shared \ -I"${BUILD_DIR}"/include \ -I../../../include \ + ${CPPFLAGS} \ ${CFLAGS} \ -fPIC \ ${LDFLAGS} \ @@ -616,14 +663,23 @@ multilib_src_compile() { multilib_src_test() { if multilib_is_native_abi; then - cd "tests" + cd tests || die pwd + + # Increase various test timeouts/delays, bug #894012 + # We can't just double everything as there's a cumulative effect. + export SLEEP0=2 # originally 1 + export SLEEP1=10 # originally 7 + export SLEEP2=20 # originally 15 + export TIMEOUT=16 # originally 8 + # emake test => runs only lloadd & mdb, in serial; skips ldif,sql,wt,regression # emake partests => runs ALL of the tests in parallel # wt/WiredTiger is not supported in Gentoo - TESTS=( plloadd pmdb ) + TESTS=( lloadd mdb ) #TESTS+=( pldif ) # not done by default, so also exclude here #use odbc && TESTS+=( psql ) # not done by default, so also exclude here + emake "${TESTS[@]}" fi } @@ -649,7 +705,7 @@ multilib_src_install() { # use our config rm "${ED}"/etc/openldap/slapd.conf insinto /etc/openldap - newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf + newins "${FILESDIR}"/${PN}-2.6.3-slapd-conf slapd.conf configfile="${ED}"/etc/openldap/slapd.conf # populate with built backends @@ -669,11 +725,15 @@ multilib_src_install() { doinitd "${T}"/slapd newconfd "${FILESDIR}"/slapd-confd-2.6.1 slapd - einfo "Install systemd service" - sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-2.6.1.service > "${T}"/slapd.service || die - systemd_dounit "${T}"/slapd.service - systemd_install_serviced "${FILESDIR}"/slapd.service.conf - newtmpfiles "${FILESDIR}"/slapd.tmpfilesd slapd.conf + if use systemd; then + # The systemd unit uses Type=notify, so it is useless without USE=systemd + einfo "Install systemd service" + rm -rf "${ED}"/{,usr/}lib/systemd + sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-2.6.1.service > "${T}"/slapd.service || die + systemd_dounit "${T}"/slapd.service + systemd_install_serviced "${FILESDIR}"/slapd.service.conf + newtmpfiles "${FILESDIR}"/slapd.tmpfilesd slapd.conf + fi # if built without SLP, we don't need to be before avahi sed -i \ @@ -763,7 +823,9 @@ pkg_preinst() { pkg_postinst() { if ! use minimal ; then - tmpfiles_process slapd.conf + if use systemd; then + tmpfiles_process slapd.conf + fi # You cannot build SSL certificates during src_install that will make # binary packages containing your SSL key, which is both a security risk diff --git a/net-nds/openldap/openldap-2.6.1-r1.ebuild b/net-nds/openldap/openldap-2.6.3-r7.ebuild similarity index 91% rename from net-nds/openldap/openldap-2.6.1-r1.ebuild rename to net-nds/openldap/openldap-2.6.3-r7.ebuild index db84648..138d31c 100644 --- a/net-nds/openldap/openldap-2.6.1-r1.ebuild +++ b/net-nds/openldap/openldap-2.6.3-r7.ebuild @@ -1,8 +1,11 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 +# Re cleanups: +# 2.5.x is an LTS release so we want to keep it for a while. + inherit autotools flag-o-matic multilib multilib-minimal preserve-libs ssl-cert toolchain-funcs systemd tmpfiles MY_PV="$(ver_rs 1-2 _)" @@ -12,16 +15,17 @@ BIS_PV=20140524 BIS_P="${BIS_PN}-${BIS_PV}" DESCRIPTION="LDAP suite of application and development tools" -HOMEPAGE="https://www.OpenLDAP.org/"; - +HOMEPAGE="https://www.openldap.org/"; SRC_URI=" https://gitlab.com/openldap/${PN}/-/archive/OPENLDAP_REL_ENG_${MY_PV}/${PN}-OPENLDAP_REL_ENG_${MY_PV}.tar.gz - mirror://gentoo/${BIS_P}" + mirror://gentoo/${BIS_P} +" +S="${WORKDIR}"/${PN}-OPENLDAP_REL_ENG_${MY_PV} LICENSE="OPENLDAP GPL-2" # Subslot added for bug #835654 SLOT="0/$(ver_cut 1-2)" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-solaris" +KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x86-solaris" IUSE_DAEMON="argon2 +cleartext crypt experimental minimal samba tcpd" IUSE_OVERLAY="overlays perl autoca" @@ -36,9 +40,8 @@ REQUIRED_USE="cxx? ( sasl ) pbkdf2? ( ssl ) test? ( cleartext sasl ) autoca? ( !gnutls ) - ?? ( test minimal )" - -S=${WORKDIR}/${PN}-OPENLDAP_REL_ENG_${MY_PV} + ?? ( test minimal ) + kerberos? ( ?? ( kinit smbkrb5passwd ) )" # openssl is needed to generate lanman-passwords required by samba COMMON_DEPEND=" @@ -69,7 +72,7 @@ COMMON_DEPEND=" smbkrb5passwd? ( dev-libs/openssl:0= kerberos? ( app-crypt/heimdal ) - ) + ) kerberos? ( virtual/krb5 kinit? ( !app-crypt/heimdal ) @@ -139,9 +142,8 @@ PATCHES=( "${FILESDIR}"/${PN}-2.6.1-cloak.patch "${FILESDIR}"/${PN}-2.6.1-flags.patch "${FILESDIR}"/${PN}-2.6.1-fix-missing-mapping.patch - "${FILESDIR}"/${PN}-2.6.1-make-flags.patch "${FILESDIR}"/${PN}-2.6.1-fix-bashism-configure.patch - "${FILESDIR}"/${PN}-2.6.1-parallel-build.patch + "${FILESDIR}"/${PN}-2.6.3-clang16.patch ) openldap_filecount() { @@ -167,7 +169,7 @@ openldap_find_versiontags() { openldap_found_tag=0 have_files=0 for each in ${openldap_datadirs[@]} ; do - CURRENT_TAGDIR="${ROOT}$(sed "s:\/::" <<< ${each})" + CURRENT_TAGDIR="${EROOT}$(sed "s:\/::" <<< ${each})" CURRENT_TAG="${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}" if [[ -d "${CURRENT_TAGDIR}" ]] && [[ "${openldap_found_tag}" == 0 ]] ; then einfo "- Checking ${each}..." @@ -232,7 +234,27 @@ openldap_find_versiontags() { OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \ | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')" local fail=0 - if [[ -z "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then + + # This will not cover detection of cn=Config based configuration, but + # it's hopefully good enough. + if grep -sq '^backend.*shell' "${EROOT}"/etc/openldap/slapd.conf; then + eerror " OpenLDAP >= 2.6.x has dropped support for Shell backend." + eerror " You will need to migrate per upstream's migration notes" + eerror " at https://www.openldap.org/doc/admin25/appendix-upgrading.html."; + eerror " Your existing database will not be accessible until it is" + eerror " converted away from backend shell!" + echo + fail=1 + fi + if has_version "${CATEGORY}/${PN}[berkdb]" || grep -sq '^backend.*(bdb|hdb)' /etc/openldap/slapd.conf; then + eerror " OpenLDAP >= 2.6.x has dropped support for Berkeley DB." + eerror " You will need to migrate per upstream's migration notes" + eerror " at https://www.openldap.org/doc/admin25/appendix-upgrading.html."; + eerror " Your existing database will not be accessible until it is" + eerror " converted to mdb!" + echo + fail=1 + elif [[ -z "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then : # Nothing wrong here. elif [[ -z "${OLDVER}" ]] && [[ -n "${NEWVER}" ]]; then @@ -288,8 +310,8 @@ openldap_upgrade_howto() { eerror " 7. slapadd -l ${l}" eerror " 8. chown ldap:ldap /var/lib/openldap-data/*" eerror " 9. /etc/init.d/slapd start" - eerror "10. check that your data is intact." - eerror "11. set up the new replication system." + eerror "10. Check that your data is intact." + eerror "11. Set up the new replication system." eerror if [[ "${FORCE_UPGRADE}" != "1" ]]; then die "You need to upgrade your database first" @@ -325,6 +347,8 @@ src_prepare() { sed -i \ -e "s:\$(localstatedir)/run:${EPREFIX}/run:" \ + -e '/MKDIR.*.(DESTDIR)\/run/d' \ + -e '/MKDIR.*.(DESTDIR).*.(runstatedir)/d' \ servers/slapd/Makefile.in || die 'adjusting slapd Makefile.in failed' pushd build &>/dev/null || die "pushd build" @@ -649,7 +673,7 @@ multilib_src_install() { # use our config rm "${ED}"/etc/openldap/slapd.conf insinto /etc/openldap - newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf + newins "${FILESDIR}"/${PN}-2.6.3-slapd-conf slapd.conf configfile="${ED}"/etc/openldap/slapd.conf # populate with built backends @@ -669,11 +693,15 @@ multilib_src_install() { doinitd "${T}"/slapd newconfd "${FILESDIR}"/slapd-confd-2.6.1 slapd - einfo "Install systemd service" - sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-2.6.1.service > "${T}"/slapd.service || die - systemd_dounit "${T}"/slapd.service - systemd_install_serviced "${FILESDIR}"/slapd.service.conf - newtmpfiles "${FILESDIR}"/slapd.tmpfilesd slapd.conf + if use systemd; then + # The systemd unit uses Type=notify, so it is useless without USE=systemd + einfo "Install systemd service" + rm -rf "${ED}"/{,usr/}lib/systemd + sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-2.6.1.service > "${T}"/slapd.service || die + systemd_dounit "${T}"/slapd.service + systemd_install_serviced "${FILESDIR}"/slapd.service.conf + newtmpfiles "${FILESDIR}"/slapd.tmpfilesd slapd.conf + fi # if built without SLP, we don't need to be before avahi sed -i \ @@ -763,7 +791,9 @@ pkg_preinst() { pkg_postinst() { if ! use minimal ; then - tmpfiles_process slapd.conf + if use systemd; then + tmpfiles_process slapd.conf + fi # You cannot build SSL certificates during src_install that will make # binary packages containing your SSL key, which is both a security risk diff --git a/net-nds/openldap/openldap-2.6.2.ebuild b/net-nds/openldap/openldap-2.6.4-r1.ebuild similarity index 85% rename from net-nds/openldap/openldap-2.6.2.ebuild rename to net-nds/openldap/openldap-2.6.4-r1.ebuild index 49a3d8a..6029877 100644 --- a/net-nds/openldap/openldap-2.6.2.ebuild +++ b/net-nds/openldap/openldap-2.6.4-r1.ebuild @@ -1,8 +1,11 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 +# Re cleanups: +# 2.5.x is an LTS release so we want to keep it for a while. + inherit autotools flag-o-matic multilib multilib-minimal preserve-libs ssl-cert toolchain-funcs systemd tmpfiles MY_PV="$(ver_rs 1-2 _)" @@ -12,11 +15,12 @@ BIS_PV=20140524 BIS_P="${BIS_PN}-${BIS_PV}" DESCRIPTION="LDAP suite of application and development tools" -HOMEPAGE="https://www.OpenLDAP.org/"; - +HOMEPAGE="https://www.openldap.org/"; SRC_URI=" - https://gitlab.com/openldap/${PN}/-/archive/OPENLDAP_REL_ENG_${MY_PV}/${PN}-OPENLDAP_REL_ENG_${MY_PV}.tar.gz - mirror://gentoo/${BIS_P}" + https://gitlab.com/openldap/${PN}/-/archive/OPENLDAP_REL_ENG_${MY_PV}/${PN}-OPENLDAP_REL_ENG_${MY_PV}.tar.bz2 + mirror://gentoo/${BIS_P} +" +S="${WORKDIR}"/${PN}-OPENLDAP_REL_ENG_${MY_PV} LICENSE="OPENLDAP GPL-2" # Subslot added for bug #835654 @@ -36,10 +40,10 @@ REQUIRED_USE="cxx? ( sasl ) pbkdf2? ( ssl ) test? ( cleartext sasl ) autoca? ( !gnutls ) - ?? ( test minimal )" - -S=${WORKDIR}/${PN}-OPENLDAP_REL_ENG_${MY_PV} + ?? ( test minimal ) + kerberos? ( ?? ( kinit smbkrb5passwd ) )" +SYSTEM_LMDB_VER=0.9.30 # openssl is needed to generate lanman-passwords required by samba COMMON_DEPEND=" kernel_linux? ( sys-apps/util-linux ) @@ -56,7 +60,7 @@ COMMON_DEPEND=" !minimal? ( dev-libs/libltdl sys-fs/e2fsprogs - >=dev-db/lmdb-0.9.18:= + >=dev-db/lmdb-${SYSTEM_LMDB_VER}:= argon2? ( app-crypt/argon2:= ) crypt? ( virtual/libcrypt:= ) tcpd? ( sys-apps/tcp-wrappers ) @@ -69,7 +73,7 @@ COMMON_DEPEND=" smbkrb5passwd? ( dev-libs/openssl:0= kerberos? ( app-crypt/heimdal ) - ) + ) kerberos? ( virtual/krb5 kinit? ( !app-crypt/heimdal ) @@ -139,8 +143,7 @@ PATCHES=( "${FILESDIR}"/${PN}-2.6.1-cloak.patch "${FILESDIR}"/${PN}-2.6.1-flags.patch "${FILESDIR}"/${PN}-2.6.1-fix-missing-mapping.patch - "${FILESDIR}"/${PN}-2.6.1-fix-bashism-configure.patch - "${FILESDIR}"/${PN}-2.6.1-parallel-build.patch + "${FILESDIR}"/${PN}-2.6.4-clang16.patch ) openldap_filecount() { @@ -166,7 +169,7 @@ openldap_find_versiontags() { openldap_found_tag=0 have_files=0 for each in ${openldap_datadirs[@]} ; do - CURRENT_TAGDIR="${ROOT}$(sed "s:\/::" <<< ${each})" + CURRENT_TAGDIR="${EROOT}$(sed "s:\/::" <<< ${each})" CURRENT_TAG="${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}" if [[ -d "${CURRENT_TAGDIR}" ]] && [[ "${openldap_found_tag}" == 0 ]] ; then einfo "- Checking ${each}..." @@ -231,7 +234,27 @@ openldap_find_versiontags() { OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \ | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')" local fail=0 - if [[ -z "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then + + # This will not cover detection of cn=Config based configuration, but + # it's hopefully good enough. + if grep -sq '^backend.*shell' "${EROOT}"/etc/openldap/slapd.conf; then + eerror " OpenLDAP >= 2.6.x has dropped support for Shell backend." + eerror " You will need to migrate per upstream's migration notes" + eerror " at https://www.openldap.org/doc/admin25/appendix-upgrading.html."; + eerror " Your existing database will not be accessible until it is" + eerror " converted away from backend shell!" + echo + fail=1 + fi + if has_version "${CATEGORY}/${PN}[berkdb]" || grep -sq '^backend.*(bdb|hdb)' /etc/openldap/slapd.conf; then + eerror " OpenLDAP >= 2.6.x has dropped support for Berkeley DB." + eerror " You will need to migrate per upstream's migration notes" + eerror " at https://www.openldap.org/doc/admin25/appendix-upgrading.html."; + eerror " Your existing database will not be accessible until it is" + eerror " converted to mdb!" + echo + fail=1 + elif [[ -z "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then : # Nothing wrong here. elif [[ -z "${OLDVER}" ]] && [[ -n "${NEWVER}" ]]; then @@ -287,8 +310,8 @@ openldap_upgrade_howto() { eerror " 7. slapadd -l ${l}" eerror " 8. chown ldap:ldap /var/lib/openldap-data/*" eerror " 9. /etc/init.d/slapd start" - eerror "10. check that your data is intact." - eerror "11. set up the new replication system." + eerror "10. Check that your data is intact." + eerror "11. Set up the new replication system." eerror if [[ "${FORCE_UPGRADE}" != "1" ]]; then die "You need to upgrade your database first" @@ -313,26 +336,47 @@ pkg_setup() { } src_prepare() { + # The system copy of dev-db/lmdb must match the version that this copy + # of OpenLDAP shipped with! See bug #588792. + # + # Fish out MDB_VERSION_MAJOR/MDB_VERSION_MINOR/MDB_VERSION_PATCH from + # the bundled lmdb's header to find out the version. + local bundled_lmdb_version=$(sed -En '/^#define MDB_VERSION_(MAJOR|MINOR|PATCH)(\s+)?/{s/[^0-9.]//gp}' libraries/liblmdb/lmdb.h || die) + bundled_lmdb_version=$(printf "%s." ${bundled_lmdb_version}) + + if [[ ${SYSTEM_LMDB_VER}. != ${bundled_lmdb_version} ]] ; then + eerror "Source lmdb version: ${bundled_lmdb_version}" + eerror "Ebuild lmdb version: ${SYSTEM_LMDB_VER}" + die "Ebuild needs to update SYSTEM_LMDB_VER!" + fi + rm -r libraries/liblmdb || die 'could not removed bundled lmdb directory' + local filename for filename in doc/drafts/draft-ietf-ldapext-acl-model-xx.txt; do - iconv -f iso-8859-1 -t utf-8 "$filename" > "$filename.utf8" - mv "$filename.utf8" "$filename" + iconv -f iso-8859-1 -t utf-8 "${filename}" > "${filename}.utf8" + mv "${filename}.utf8" "${filename}" done default sed -i \ -e "s:\$(localstatedir)/run:${EPREFIX}/run:" \ + -e '/MKDIR.*.(DESTDIR)\/run/d' \ + -e '/MKDIR.*.(DESTDIR).*.(runstatedir)/d' \ servers/slapd/Makefile.in || die 'adjusting slapd Makefile.in failed' pushd build &>/dev/null || die "pushd build" einfo "Making sure upstream build strip does not do stripping too early" sed -i.orig \ -e '/^STRIP/s,-s,,g' \ - top.mk || die "Failed to remove to early stripping" + top.mk || die "Failed to remove too early stripping" popd &>/dev/null || die + # Fails with OpenSSL 3, bug #848894 + # https://bugs.openldap.org/show_bug.cgi?id=10009 + rm tests/scripts/test076-authid-rewrite || die + eautoreconf multilib_copy_sources } @@ -345,7 +389,7 @@ build_contrib_module() { emake \ LDAP_BUILD="${BUILD_DIR}" prefix="${EPREFIX}/usr" \ CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" \ - "$target" + "${target}" popd &>/dev/null || die } @@ -365,6 +409,14 @@ multilib_src_configure() { --without-fetch ) + if use experimental ; then + # connectionless ldap per bug #342439 + # connectionless is a unsupported feature according to Howard Chu + # see https://bugs.openldap.org/show_bug.cgi?id=9739 + # (see also bug #892009) + append-flags -DLDAP_CONNECTIONLESS + fi + if ! use minimal && multilib_is_native_abi; then # SLAPD (Standalone LDAP Daemon) Options # overlay chaining requires '--enable-ldap' #296567 @@ -379,11 +431,6 @@ multilib_src_configure() { $(use_enable tcpd wrappers) ) if use experimental ; then - # connectionless ldap per bug #342439 - # connectionless is a unsupported feature according to Howard Chu - # see https://bugs.openldap.org/show_bug.cgi?id=9739 - append-cppflags -DLDAP_CONNECTIONLESS - myconf+=( --enable-dynacl # ACI build as dynamic module not supported (yet) @@ -507,13 +554,14 @@ src_configure_cxx() { mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die "could not create ${BUILD_DIR}/contrib/ldapc++ directory" pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++" - local LDFLAGS=${LDFLAGS} - local CPPFLAGS=${CPPFLAGS} - append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \ - -L"${BUILD_DIR}"/libraries/libldap/.libs + + local LDFLAGS="${LDFLAGS}" + local CPPFLAGS="${CPPFLAGS}" + + append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs -L"${BUILD_DIR}"/libraries/libldap/.libs append-cppflags -I"${BUILD_DIR}"/include - ECONF_SOURCE=${S}/contrib/ldapc++ \ - econf "${myconf_ldapcpp[@]}" + + ECONF_SOURCE="${S}"/contrib/ldapc++ econf "${myconf_ldapcpp[@]}" popd &>/dev/null || die "popd contrib/ldapc++" } @@ -604,6 +652,7 @@ multilib_src_compile() { $(tc-getCC) -shared \ -I"${BUILD_DIR}"/include \ -I../../../include \ + ${CPPFLAGS} \ ${CFLAGS} \ -fPIC \ ${LDFLAGS} \ @@ -615,14 +664,23 @@ multilib_src_compile() { multilib_src_test() { if multilib_is_native_abi; then - cd "tests" + cd tests || die pwd + + # Increase various test timeouts/delays, bug #894012 + # We can't just double everything as there's a cumulative effect. + export SLEEP0=2 # originally 1 + export SLEEP1=10 # originally 7 + export SLEEP2=20 # originally 15 + export TIMEOUT=16 # originally 8 + # emake test => runs only lloadd & mdb, in serial; skips ldif,sql,wt,regression # emake partests => runs ALL of the tests in parallel # wt/WiredTiger is not supported in Gentoo TESTS=( plloadd pmdb ) #TESTS+=( pldif ) # not done by default, so also exclude here #use odbc && TESTS+=( psql ) # not done by default, so also exclude here + emake "${TESTS[@]}" fi } @@ -648,7 +706,7 @@ multilib_src_install() { # use our config rm "${ED}"/etc/openldap/slapd.conf insinto /etc/openldap - newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf + newins "${FILESDIR}"/${PN}-2.6.3-slapd-conf slapd.conf configfile="${ED}"/etc/openldap/slapd.conf # populate with built backends @@ -668,11 +726,15 @@ multilib_src_install() { doinitd "${T}"/slapd newconfd "${FILESDIR}"/slapd-confd-2.6.1 slapd - einfo "Install systemd service" - sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-2.6.1.service > "${T}"/slapd.service || die - systemd_dounit "${T}"/slapd.service - systemd_install_serviced "${FILESDIR}"/slapd.service.conf - newtmpfiles "${FILESDIR}"/slapd.tmpfilesd slapd.conf + if use systemd; then + # The systemd unit uses Type=notify, so it is useless without USE=systemd + einfo "Install systemd service" + rm -rf "${ED}"/{,usr/}lib/systemd + sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-2.6.1.service > "${T}"/slapd.service || die + systemd_dounit "${T}"/slapd.service + systemd_install_serviced "${FILESDIR}"/slapd.service.conf + newtmpfiles "${FILESDIR}"/slapd.tmpfilesd slapd.conf + fi # if built without SLP, we don't need to be before avahi sed -i \ @@ -762,7 +824,9 @@ pkg_preinst() { pkg_postinst() { if ! use minimal ; then - tmpfiles_process slapd.conf + if use systemd; then + tmpfiles_process slapd.conf + fi # You cannot build SSL certificates during src_install that will make # binary packages containing your SSL key, which is both a security risk
