Commit Graph

28 Commits

Author SHA1 Message Date
Hmaied Ben Abdellatif f01bf0dbf1 package/openldap: bump version to 2.5.16
Stripping when cross-compiling and libtool static behavior are fixed in
2.5.16, so drop 0001-fix_cross_strip.patch and rename the remaining patches.

Signed-off-by: Hmaied Ben Abdellatif <hmaied.benabdellatif@etictelecom.com>
[Peter: extend commit message, update .checkpackageignore]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-12 12:33:47 +01:00
Francois Perrad 6097cd235e package/openldap: bump to version 2.4.59
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-10-05 21:31:17 +02:00
Fabrice Fontaine 8b5ab83eb3 package/openldap: add SELinux module
Support for openldap is added by the services/ldap module in the SELinux
refpolicy.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-26 22:08:26 +02:00
Fabrice Fontaine 1feedcd845 package/openldap: bump to version 2.4.58
Drop fifth patch (already in version)

https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_4_58/CHANGES

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 21:20:13 +02:00
Peter Korsgaard 2d6a0ea93e package/openldap: add upstream security fix for CVE-2021-27212
In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion
failure in slapd can occur in the issuerAndThisUpdateCheck function via a
crafted packet, resulting in a denial of service (daemon exit) via a short
timestamp.  This is related to schema_init.c and checkTime.

For more details, see the bugtracker:
https://bugs.openldap.org/show_bug.cgi?id=9454

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-02-27 09:10:45 +01:00
Fabrice Fontaine 46c4c9684d package/openldap: bump to version 2.4.57
https://www.openldap.org/software/release/changes.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-25 22:21:30 +01:00
Fabrice Fontaine 20258ba02a package/openldap: add OPENLDAP_CPE_ID_VENDOR
cpe:2.3🅰️openldap:openldap is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aopenldap%3Aopenldap

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-14 22:34:17 +01:00
Francois Perrad 09a565d940 package/openldap: security bump to version 2.4.56
Fixes the following security issue:

- CVE-2020-25692: A NULL pointer dereference was found in OpenLDAP server
  and was fixed in openldap 2.4.55, during a request for renaming RDNs.  An
  unauthenticated attacker could remotely crash the slapd process by sending
  a specially crafted request, causing a Denial of Service.

- CVE-2020-25709: Assertion failure in CSN normalization with invalid input

- CVE-2020-25710: Assertion failure in CSN normalization with invalid input

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[Peter: add CVE info]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-23 13:29:48 +01:00
Stefan Sørensen 9e9c242fb7 package/openldap: security bump to version 2.4.50
Security fixes:
 CVE-2020-12243: Fixed slapd to limit depth of nested filters

Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
[yann.morin.1998@free.fr: two spaces in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-05-19 20:47:29 +02:00
Bernd Kuhls 8961000fe8 package/openldap: bump version to 2.4.49
Release notes:
https://lists.openldap.org/hyperkitty/list/openldap-announce@openldap.org/thread/VMMBUCQHEDF6QA4CDOONP2CDQEOR5YQA/

Switched _SITE to https.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-04-12 23:15:07 +02:00
Sørensen, Stefan ca2dea3b75 package/openldap: security bump to version 2.4.48
Security fixes:
CVE-2019-13057: Fixed slapd to restrict rootDN proxyauthz to its own databases
CVE-2019-13565: Fixed slapd to initialize SASL SSF per connection

Full changelog:
https://www.openldap.org/lists/openldap-announce/201907/msg00001.html

Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
[Peter: fix sha256 hash line]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-27 23:19:40 +02:00
Fabrice Fontaine 6e609d37d3 package/openldap: fix static linking wih atomics
openldap uses its own libtool, static build with atomic fails with our
patches since February 6th 2019 on:

/bin/sh ../../libtool --mode=link /home/buildroot/autobuild/run/instance-0/output/host/bin/or1k-linux-gcc -static -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os   -static  -static   -o idtest idtest.o liblber.la ../../libraries/liblutil/liblutil.a -L/home/buildroot/autobuild/run/instance-0/output/host/bin/../or1k-buildroot-linux-uclibc/sysroot/usr/lib -lssl -L/home/buildroot/autobuild/run/instance-0/output/host/bin/../or1k-buildroot-linux-uclibc/sysroot/usr/lib -lz -pthread -latomic -lcrypto -lz -pthread -latomic

/home/buildroot/autobuild/run/instance-0/output/host/bin/or1k-linux-gcc -static -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -static -static -o etest etest.o -pthread -pthread ./.libs/liblber.a -L/home/buildroot/autobuild/run/instance-0/output/host/bin/../or1k-buildroot-linux-uclibc/sysroot/usr/lib ../../libraries/liblutil/liblutil.a -lssl -lcrypto -lz -pthread /home/buildroot/autobuild/run/instance-0/output/host/opt/ext-toolchain/bin/../lib/gcc/or1k-buildroot-linux-uclibc/5.4.0/../../../../or1k-buildroot-linux-uclibc/lib//libatomic.so

To fix this error, revert the openldap commit that raises this issue

Fixes:
 - http://autobuild.buildroot.org/results/ab4f85fd21cacfaef6b0b43a38da6a4a1d32ecb6

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-31 21:15:48 +02:00
Fabrice Fontaine 3102d7d87c package/openldap: bump to version 2.4.47
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-09 15:01:16 +01:00
Bernd Kuhls da41a058e6 package/openldap: add support for libressl
Openldap builds fine with current libressl 2.7.2.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-04-02 17:40:36 +02:00
Bernd Kuhls 1a10d5f77f package/openldap: bump version to 2.4.46
Changelog: https://www.openldap.org/software/release/changes.html

Added sha256 hashes for tarball and license.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-04-02 17:40:31 +02:00
Thomas Petazzoni 2277fdeca8 package/*/Config.in: fix help text check-package warnings
This commit fixes the warnings reported by check-package on the help
text of all package Config.in files, related to the formatting of the
help text: should start with a tab, then 2 spaces, then at most 62
characters.

The vast majority of warnings fixed were caused by too long lines. A
few warnings were related to spaces being used instead of a tab to
indent the help text.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-12-18 09:22:54 +01:00
Peter Korsgaard aa3ddf7f10 openldap: correct openssl handling
Fixes:
http://autobuild.buildroot.net/results/ffc/ffc9c10c55c2838ab7002c5ec35244e9bfe46189/

Commit dfa1817d31 (openldap: supports only the real OpenSSL, not LibreSSL)
tried to ensure openldap would only use openssl, but changed the wrong
variable. OPENLDAP_TLS is passed to configure, so it shouldn't be changed:

./configure --target=aarch64-buildroot-linux-gnu .. --with-tls=libopenssl ..
Configuring OpenLDAP 2.4.45-Release ...
checking build system type... x86_64-pc-linux-gnu
checking host system type... aarch64-buildroot-linux-gnu
checking target system type... aarch64-buildroot-linux-gnu
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking for aarch64-buildroot-linux-gnu-strip... /usr/lfs/v0/rc-buildroot-test/scripts/instance-0/output/host/bin/aarch64-linux-gnu-strip
checking configure arguments... configure: error: bad value libopenssl for --with-tls

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-22 00:08:55 +02:00
Thomas Petazzoni dfa1817d31 openldap: supports only the real OpenSSL, not LibreSSL
openldap will not build with LibreSSL without patches, so let's
support only OpenSSL.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-21 21:28:13 +02:00
Vicente Olivert Riera 6f44918d49 openldap: bump version to 2.4.45
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-05 14:36:52 +02:00
Gustavo Zacarias 580c518f89 openldap: bump to version 2.4.44
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-02-11 23:12:02 +01:00
Vicente Olivert Riera 8c088c6d54 openldap: bump version to 2.4.43
- Bump version to 2.4.43
- Use md5 and sha1 upstream provided hashes. This combination is
  stronger than a sha256 hash.
- Switch to an http download site to avoid problems with firewalls
  blocking the ftp.

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-12-01 17:47:14 +01:00
Arnout Vandecappelle 7d69a79624 packages: use backtick instead of $(shell ...) make function
It is often difficult to know exactly when make will expand the
variable, and usually it can only be expanded after the dependencies
have been built (e.g. pkg-config or the .pc file). Using a backtick
instead makes it very clear that it will be expanded only while
executing the command.

This change is useful for two cases:

1. The per-package staging (and host) directory will be created as part
   of the configure step, so any $(shell ...) variable that is used in
   the configure step will fail because the directory doesn't exist
   yet.

2. 'make printvars' evaluates the variables it prints. It will therefore
   trigger a lot of errors from missing .pc files and others. The
   backticks, on the other hand, are not expanded, so with this change
   the output of 'make printvars' becomes clean again.

This commit contains only the easy changes: replace $(shell ...) with
`...`, and also replace ' with " where needed. Follow-up commits will
tackle the more complicated cases that need additional explanation.

After this change, the following instances of $(shell ...) will remain:

- All assignments that use :=
- All variables that are used in make conditionals (which don't expand
  the backticks).
- All variables that only refer to system executables and make
  variables that don't change.
- The calls to check-host-* in dependencies.mk, because it is eval'ed.

[Original patch by Fabio Porcedda, but extended quite a bit by Arnout.]

Signed-off-by: Fabio Porcedda <fabio.porcedda@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-07-15 00:42:01 +02:00
Vicente Olivert Riera 0a035206d1 openldap: bump to version 2.4.41
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-07-02 11:01:19 +02:00
Baruch Siach 660dff80f8 openldap: fix static link with openssl
Use pkg-config to get openssl link dependencies.

Fixes:
http://autobuild.buildroot.net/results/dd3/dd3821e713b7da7cde0f059409fba46371c8bc40/
http://autobuild.buildroot.net/results/d60/d60c8b4522e99cf385ee41aa20a1d49deb59c5fb/
http://autobuild.buildroot.net/results/b41/b41c043fb3b2fad1d9cea0a95b512fb4942b5b19/

and more.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-05-13 22:21:32 +02:00
Stefan Sørensen c6aa56e081 openldap: Make client binary install configurable
Some OpenLDAP deployment only need the client libraries and not the client
tools, so make the tool installation optional.

[Thomas: implement the for loop in make rather than in shell.]

Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-03-08 14:43:56 +01:00
Yann E. MORIN c4c9225d65 package/openldap: do not build the doc
Building the documentation fails on some autobuilders,
so disable it as we're not interested in it.

Fixes:
    http://autobuild.buildroot.org/results/1dc/1dc17a54e57130bffd19d360c9a7faae440b8916/
    http://autobuild.buildroot.org/results/407/40797597024cbb9054fdda8bdf4d011bba966b06/

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-01-31 23:19:06 +01:00
Yann E. MORIN f5666a72da package/openldap: needs MMU
openldap uses fork(), so needs an MMU.

Fixes:
    http://autobuild.buildroot.org/results/8a7/8a72aef6525da27b92235b918b6d41ad1c7fac09/
    http://autobuild.buildroot.org/results/1ce/1ce0ac525217fc5308ea510c997c7ac59e69bc4c/
    http://autobuild.buildroot.org/results/0eb/0eb180f77d5b70886e062ada1be133916ac97c31/

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-01-31 23:17:42 +01:00
David Bender b8a8ecd43b package/openldap: new package
Signed-off-by: David Bender <codehero@gmail.com>
[yann.morin.1998@free.fr:
  - remove ldaps config option, use build-time dependencies
  - add dependencies against openssl/gnutls/libnss as appropriate
  - fix mis-detected tls support when openssl is enabled
  - fix strip at install time
  - cleanup configure arguments
  - add hash file
  - fix help entry
]
[Peter: needs wchar]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-01-28 22:44:43 +01:00