new file mode 100644

@@ -0,0 +1,399 @@

+Submitted by:            Bruce Dubbs <bdubbs at linuxfromscratch.org>

+Date:                    2012-03-26 

+Initial Package Version: 2.4.40

+Upstream Status:         BLFS Specific

+Origin:                  Armin K. <krejzi at email dot com> and Debian 

+Description:             Consolidate earlier patches to:

+ 1. Update various installation options, such as ldap database path, 

+    configuration file options, slapd install location, etc.

+ 2. Remove reference to bdb module

+ 3. Enables symbol versioning in ldap libraries. Without these changes

+    some applications might generate a warning about missing symbol versions.

+

+diff -Naur openldap-2.4.40.orig/build/openldap.m4 openldap-2.4.40/build/openldap.m4

+--- openldap-2.4.40.orig/build/openldap.m4	2014-09-18 20:48:49.000000000 -0500

+@@ -1142,3 +1142,54 @@

+ #endif

+ 	], [ol_cv_ssl_crl_compat=yes], [ol_cv_ssl_crl_compat=no])])

+ ])

++

++dnl ====================================================================

++dnl check for symbol versioning support

++AC_DEFUN([OL_SYMBOL_VERSIONING],

++[AC_CACHE_CHECK([for .symver assembler directive],

++	[ol_cv_asm_symver_directive],[

++cat > conftest.s <<EOF

++${libc_cv_dot_text}

++_sym:

++.symver _sym,sym@VERS

++EOF

++if ${CC-cc} -c $ASFLAGS conftest.s 1>&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD; then

++  ol_cv_asm_symver_directive=yes

++else

++  ol_cv_asm_symver_directive=no

++fi

++rm -f conftest*])

++AC_CACHE_CHECK([for ld --version-script],

++	[ol_cv_ld_version_script_option],[

++if test $ol_cv_asm_symver_directive = yes; then

++  cat > conftest.s <<EOF

++${libc_cv_dot_text}

++_sym:

++.symver _sym,sym@VERS

++EOF

++  cat > conftest.map <<EOF

++VERS_1 {

++	global: sym;

++};

++

++VERS_2 {

++	global: sym;

++} VERS_1;

++EOF

++  if ${CC-cc} -c $ASFLAGS conftest.s 1>&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD; then

++    if AC_TRY_COMMAND([${CC-cc} $CFLAGS $LDFLAGS -shared

++                                                 -o conftest.so conftest.o

++                                                 -Wl,--version-script,conftest.map

++                       1>&AS_MESSAGE_LOG_FD]);

++    then

++      ol_cv_ld_version_script_option=yes

++    else

++      ol_cv_ld_version_script_option=no

++    fi

++  else

++    ol_cv_ld_version_script_option=no

++  fi

++else

++  ol_cv_ld_version_script_option=no

++fi

++rm -f conftest*])])

+diff -Naur openldap-2.4.40.orig/build/top.mk openldap-2.4.40/build/top.mk

+--- openldap-2.4.40.orig/build/top.mk	2014-09-18 20:48:49.000000000 -0500

+@@ -104,6 +104,9 @@

+ # LINK_LIBS referenced in library and module link commands.

+ LINK_LIBS = $(MOD_LIBS) $(@PLAT@_LINK_LIBS)

+ 

++# option to pass to $(CC) to support library symbol versioning, if any

++VERSION_OPTION = @VERSION_OPTION@

++

+ LTSTATIC = @LTSTATIC@

+ 

+ LTLINK   = $(LIBTOOL) --mode=link \

+@@ -113,7 +116,7 @@

+ 	$(CC) $(LT_CFLAGS) $(LT_CPPFLAGS) $(LIB_DEFS) -c

+ 

+ LTLINK_LIB = $(LIBTOOL) $(LTONLY_LIB) --mode=link \

+-	$(CC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS_LIB)

++	$(CC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS_LIB) $(VERSION_FLAGS)

+ 

+ LTCOMPILE_MOD = $(LIBTOOL) $(LTONLY_MOD) --mode=compile \

+ 	$(CC) $(LT_CFLAGS) $(LT_CPPFLAGS) $(MOD_DEFS) -c

+diff -Naur openldap-2.4.40.orig/configure.in openldap-2.4.40/configure.in

+--- openldap-2.4.40.orig/configure.in	2014-09-18 20:48:49.000000000 -0500

+@@ -1916,6 +1916,13 @@

+ fi

+ AC_SUBST(LTSTATIC)dnl

+ 

++VERSION_OPTION=""

++OL_SYMBOL_VERSIONING

++if test $ol_cv_ld_version_script_option = yes ; then

++  VERSION_OPTION="-Wl,--version-script="

++fi

++AC_SUBST(VERSION_OPTION)

++

+ dnl ----------------------------------------------------------------

+ if test $ol_enable_wrappers != no ; then

+ 	AC_CHECK_HEADERS(tcpd.h,[

+diff -Naur openldap-2.4.40.orig/doc/man/man5/slapd-bdb.5 openldap-2.4.40/doc/man/man5/slapd-bdb.5

+--- openldap-2.4.40.orig/doc/man/man5/slapd-bdb.5	2014-09-18 20:48:49.000000000 -0500

+@@ -135,7 +135,7 @@

+ associated indexes live.

+ A separate directory must be specified for each database.

+ The default is

+-.BR LOCALSTATEDIR/openldap\-data .

++.BR LOCALSTATEDIR/lib/openldap .

+ .TP

+ .B dirtyread

+ Allow reads of modified but not yet committed data.

+diff -Naur openldap-2.4.40.orig/doc/man/man5/slapd-config.5 openldap-2.4.40/doc/man/man5/slapd-config.5

+--- openldap-2.4.40.orig/doc/man/man5/slapd-config.5	2014-09-18 20:48:49.000000000 -0500

+@@ -2051,7 +2051,7 @@

+ # The database directory MUST exist prior to

+ # running slapd AND should only be accessible

+ # by the slapd/tools. Mode 0700 recommended.

+-olcDbDirectory: LOCALSTATEDIR/openldap\-data

++olcDbDirectory: LOCALSTATEDIR/lib/openldap

+ # Indices to maintain

+ olcDbIndex:     objectClass  eq

+ olcDbIndex:     cn,sn,mail   pres,eq,approx,sub

+diff -Naur openldap-2.4.40.orig/doc/man/man5/slapd.conf.5 openldap-2.4.40/doc/man/man5/slapd.conf.5

+--- openldap-2.4.40.orig/doc/man/man5/slapd.conf.5	2014-09-18 20:48:49.000000000 -0500

+@@ -2021,7 +2021,7 @@

+ # The database directory MUST exist prior to

+ # running slapd AND should only be accessible

+ # by the slapd/tools. Mode 0700 recommended.

+-directory LOCALSTATEDIR/openldap\-data

++directory LOCALSTATEDIR/lib/openldap

+ # Indices to maintain

+ index     objectClass  eq

+ index     cn,sn,mail   pres,eq,approx,sub

+diff -Naur openldap-2.4.40.orig/include/ldap_defaults.h openldap-2.4.40/include/ldap_defaults.h

+--- openldap-2.4.40.orig/include/ldap_defaults.h	2014-09-18 20:48:49.000000000 -0500

+@@ -39,7 +39,7 @@

+ #define LDAP_ENV_PREFIX "LDAP"

+ 

+ /* default ldapi:// socket */

+-#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "run" LDAP_DIRSEP "ldapi"

++#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "run" LDAP_DIRSEP "openldap" LDAP_DIRSEP "ldapi"

+ 

+ /*

+  * SLAPD DEFINITIONS

+@@ -47,7 +47,7 @@

+ 	/* location of the default slapd config file */

+ #define SLAPD_DEFAULT_CONFIGFILE	LDAP_SYSCONFDIR LDAP_DIRSEP "slapd.conf"

+ #define SLAPD_DEFAULT_CONFIGDIR		LDAP_SYSCONFDIR LDAP_DIRSEP "slapd.d"

+-#define SLAPD_DEFAULT_DB_DIR		LDAP_RUNDIR LDAP_DIRSEP "openldap-data"

++#define SLAPD_DEFAULT_DB_DIR		LDAP_RUNDIR LDAP_DIRSEP "lib" LDAP_DIRSEP "openldap"

+ #define SLAPD_DEFAULT_DB_MODE		0600

+ #define SLAPD_DEFAULT_UCDATA		LDAP_DATADIR LDAP_DIRSEP "ucdata"

+ 	/* default max deref depth for aliases */

+diff -Naur openldap-2.4.40.orig/libraries/liblber/Makefile.in openldap-2.4.40/libraries/liblber/Makefile.in

+--- openldap-2.4.40.orig/libraries/liblber/Makefile.in	2014-09-18 20:48:49.000000000 -0500

+@@ -38,6 +38,9 @@

+ XXLIBS = 

+ NT_LINK_LIBS = $(AC_LIBS)

+ UNIX_LINK_LIBS = $(AC_LIBS)

++ifneq (,$(VERSION_OPTION))

++  VERSION_FLAGS = "$(VERSION_OPTION)$(srcdir)/liblber.map"

++endif

+ 

+ dtest:    $(XLIBS) dtest.o

+ 	$(LTLINK) -o $@ dtest.o $(LIBS)

+@@ -48,6 +51,6 @@

+ 

+ install-local: FORCE

+ 	-$(MKDIR) $(DESTDIR)$(libdir)

+-	$(LTINSTALL) $(INSTALLFLAGS) -m 644 $(LIBRARY) $(DESTDIR)$(libdir)

++	$(LTINSTALL) $(INSTALLFLAGS) -m 755 $(LIBRARY) $(DESTDIR)$(libdir)

+ 	$(LTFINISH) $(DESTDIR)$(libdir)

+ 

+diff -Naur openldap-2.4.40.orig/libraries/liblber/liblber.map openldap-2.4.40/libraries/liblber/liblber.map

+--- openldap-2.4.40.orig/libraries/liblber/liblber.map	1969-12-31 18:00:00.000000000 -0600

+@@ -0,0 +1,8 @@

++OPENLDAP_2.4_2 {

++  global:

++    ber_*;

++    der_alloc;

++    lutil_*;

++  local:

++    *;

++};

+diff -Naur openldap-2.4.40.orig/libraries/libldap/Makefile.in openldap-2.4.40/libraries/libldap/Makefile.in

+--- openldap-2.4.40.orig/libraries/libldap/Makefile.in	2014-09-18 20:48:49.000000000 -0500

+@@ -52,6 +52,9 @@

+ XXLIBS = $(SECURITY_LIBS) $(LUTIL_LIBS)

+ NT_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS)

+ UNIX_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS)

++ifneq (,$(VERSION_OPTION))

++  VERSION_FLAGS = $(VERSION_OPTION)$(srcdir)/libldap.map

++endif

+ 

+ apitest:	$(XLIBS) apitest.o

+ 	$(LTLINK) -o $@ apitest.o $(LIBS)

+@@ -68,7 +71,7 @@

+ 

+ install-local: $(CFFILES) FORCE

+ 	-$(MKDIR) $(DESTDIR)$(libdir)

+-	$(LTINSTALL) $(INSTALLFLAGS) -m 644 $(LIBRARY) $(DESTDIR)$(libdir)

++	$(LTINSTALL) $(INSTALLFLAGS) -m 755 $(LIBRARY) $(DESTDIR)$(libdir)

+ 	$(LTFINISH) $(DESTDIR)$(libdir)

+ 	-$(MKDIR) $(DESTDIR)$(sysconfdir)

+ 	@for i in $(CFFILES); do \

+diff -Naur openldap-2.4.40.orig/libraries/libldap/libldap.map openldap-2.4.40/libraries/libldap/libldap.map

+--- openldap-2.4.40.orig/libraries/libldap/libldap.map	1969-12-31 18:00:00.000000000 -0600

+@@ -0,0 +1,7 @@

++OPENLDAP_2.4_2 {

++  global:

++    ldap_*;

++    ldif_*;

++  local:

++    *;

++};

+diff -Naur openldap-2.4.40.orig/libraries/libldap_r/Makefile.in openldap-2.4.40/libraries/libldap_r/Makefile.in

+--- openldap-2.4.40.orig/libraries/libldap_r/Makefile.in	2014-09-18 20:48:49.000000000 -0500

+@@ -61,6 +61,9 @@

+ XXXLIBS = $(LTHREAD_LIBS)

+ NT_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS)

+ UNIX_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) $(LTHREAD_LIBS)

++ifneq (,$(VERSION_OPTION))

++  VERSION_FLAGS = "$(VERSION_OPTION)$(XXDIR)/libldap.map"

++endif

+ 

+ .links : Makefile

+ 	@for i in $(XXSRCS); do \

+@@ -83,6 +86,6 @@

+ 

+ install-local: $(CFFILES) FORCE

+ 	-$(MKDIR) $(DESTDIR)$(libdir)

+-	$(LTINSTALL) $(INSTALLFLAGS) -m 644 $(LIBRARY) $(DESTDIR)$(libdir)

++	$(LTINSTALL) $(INSTALLFLAGS) -m 755 $(LIBRARY) $(DESTDIR)$(libdir)

+ 	$(LTFINISH) $(DESTDIR)$(libdir)

+ 

+diff -Naur openldap-2.4.40.orig/servers/slapd/Makefile.in openldap-2.4.40/servers/slapd/Makefile.in

+--- openldap-2.4.40.orig/servers/slapd/Makefile.in	2014-09-18 20:48:49.000000000 -0500

+@@ -376,10 +376,10 @@

+ 	install-conf install-dbc-maybe install-schema install-tools

+ 

+ install-slapd: FORCE

+-	-$(MKDIR) $(DESTDIR)$(libexecdir)

++	-$(MKDIR) $(DESTDIR)$(sbindir)

+ 	-$(MKDIR) $(DESTDIR)$(localstatedir)/run

+ 	$(LTINSTALL) $(INSTALLFLAGS) $(STRIP) -m 755 \

+-		slapd$(EXEEXT) $(DESTDIR)$(libexecdir)

++		slapd$(EXEEXT) $(DESTDIR)$(sbindir)

+ 	@for i in $(SUBDIRS); do \

+ 	    if test -d $$i && test -f $$i/Makefile ; then \

+ 		echo; echo "  cd $$i; $(MAKE) $(MFLAGS) install"; \

+@@ -445,9 +445,9 @@

+ 

+ install-db-config: FORCE

+ 	@-$(MKDIR) $(DESTDIR)$(localstatedir) $(DESTDIR)$(sysconfdir)

+-	@-$(INSTALL) -m 700 -d $(DESTDIR)$(localstatedir)/openldap-data

++	@-$(INSTALL) -m 700 -d $(DESTDIR)$(localstatedir)/lib/openldap

+ 	$(INSTALL) $(INSTALLFLAGS) -m 600 $(srcdir)/DB_CONFIG \

+-		$(DESTDIR)$(localstatedir)/openldap-data/DB_CONFIG.example

++		$(DESTDIR)$(localstatedir)/lib/openldap/DB_CONFIG.example

+ 	$(INSTALL) $(INSTALLFLAGS) -m 600 $(srcdir)/DB_CONFIG \

+ 		$(DESTDIR)$(sysconfdir)/DB_CONFIG.example

+ 

+@@ -455,6 +455,6 @@

+ 	-$(MKDIR) $(DESTDIR)$(sbindir)

+ 	for i in $(SLAPTOOLS); do \

+ 		$(RM) $(DESTDIR)$(sbindir)/$$i$(EXEEXT); \

+-		$(LN_S) -f $(DESTDIR)$(libexecdir)/slapd$(EXEEXT) $(DESTDIR)$(sbindir)/$$i$(EXEEXT); \

++		$(LN_S) -f $(DESTDIR)$(sbindir)/slapd$(EXEEXT) $(DESTDIR)$(sbindir)/$$i$(EXEEXT); \

+ 	done

+ 

+diff -Naur openldap-2.4.40.orig/servers/slapd/slapd.conf openldap-2.4.40/servers/slapd/slapd.conf

+--- openldap-2.4.40.orig/servers/slapd/slapd.conf	2014-09-18 20:48:49.000000000 -0500

+@@ -2,43 +2,41 @@

+ # See slapd.conf(5) for details on configuration options.

+ # This file should NOT be world readable.

+ #

+-include		%SYSCONFDIR%/schema/core.schema

++include %SYSCONFDIR%/schema/core.schema

+ 

+ # Define global ACLs to disable default read access.

+ 

+ # Do not enable referrals until AFTER you have a working directory

+ # service AND an understanding of referrals.

+-#referral	ldap://root.openldap.org

++#referral   ldap://root.openldap.org

+ 

+-pidfile		%LOCALSTATEDIR%/run/slapd.pid

+-argsfile	%LOCALSTATEDIR%/run/slapd.args

++pidfile  %LOCALSTATEDIR%/run/openldap/slapd.pid

++argsfile %LOCALSTATEDIR%/run/openldap/slapd.args

+ 

+ # Load dynamic backend modules:

+-# modulepath	%MODULEDIR%

+-# moduleload	back_bdb.la

+-# moduleload	back_hdb.la

+-# moduleload	back_ldap.la

++modulepath %MODULEDIR%

++#moduleload back_bdb

+ 

+ # Sample security restrictions

+-#	Require integrity protection (prevent hijacking)

+-#	Require 112-bit (3DES or better) encryption for updates

+-#	Require 63-bit encryption for simple bind

++#  Require integrity protection (prevent hijacking)

++#  Require 112-bit (3DES or better) encryption for updates

++#  Require 63-bit encryption for simple bind

+ # security ssf=1 update_ssf=112 simple_bind=64

+ 

+ # Sample access control policy:

+-#	Root DSE: allow anyone to read it

+-#	Subschema (sub)entry DSE: allow anyone to read it

+-#	Other DSEs:

+-#		Allow self write access

+-#		Allow authenticated users read access

+-#		Allow anonymous users to authenticate

+-#	Directives needed to implement policy:

++#  Root DSE: allow anyone to read it

++#  Subschema (sub)entry DSE: allow anyone to read it

++#  Other DSEs:

++#     Allow self write access

++#     Allow authenticated users read access

++#     Allow anonymous users to authenticate

++#  Directives needed to implement policy:

+ # access to dn.base="" by * read

+ # access to dn.base="cn=Subschema" by * read

+ # access to *

+-#	by self write

+-#	by users read

+-#	by anonymous auth

++#  by self write

++#  by users read

++#  by anonymous auth

+ #

+ # if no access controls are present, the default policy

+ # allows anyone and everyone to read anything but restricts

+@@ -46,20 +44,26 @@

+ #

+ # rootdn can always read and write EVERYTHING!

+ 

++# Specific Backend Directives for mdb:

++backend mdb

++

+ #######################################################################

+ # BDB database definitions

+ #######################################################################

+ 

+-database	bdb

+-suffix		"dc=my-domain,dc=com"

+-rootdn		"cn=Manager,dc=my-domain,dc=com"

++database mdb

++suffix   "dc=my-domain,dc=com"

++#rootdn   "cn=Manager,dc=my-domain,dc=com"

++

+ # Cleartext passwords, especially for the rootdn, should

+ # be avoid.  See slappasswd(8) and slapd.conf(5) for details.

+ # Use of strong authentication encouraged.

+-rootpw		secret

++#rootpw     secret

++

+ # The database directory MUST exist prior to running slapd AND 

+ # should only be accessible by the slapd and slap tools.

+ # Mode 700 recommended.

+-directory	%LOCALSTATEDIR%/openldap-data

++directory %LOCALSTATEDIR%/lib/openldap

++

+ # Indices to maintain

+-index	objectClass	eq

++index objectClass eq

+diff -Naur openldap-2.4.40.orig/servers/slapd/slapi/Makefile.in openldap-2.4.40/servers/slapd/slapi/Makefile.in

+--- openldap-2.4.40.orig/servers/slapd/slapi/Makefile.in	2014-09-18 20:48:49.000000000 -0500

+@@ -46,6 +46,6 @@

+ install-local: FORCE

+ 	if test "$(BUILD_MOD)" = "yes"; then \

+ 		$(MKDIR) $(DESTDIR)$(libdir); \

+-		$(LTINSTALL) $(INSTALLFLAGS) -m 644 $(LIBRARY) $(DESTDIR)$(libdir); \

++		$(LTINSTALL) $(INSTALLFLAGS) -m 755 $(LIBRARY) $(DESTDIR)$(libdir); \

+ 	fi

+ 

@@ -1,20 +1,17 @@

 %global _default_patch_fuzz 2

-Summary:	OpenLdap-2.4.40

+Summary:	OpenLdap-2.4.43

 Name:		openldap

-Version:	2.4.40

-Release:	2%{?dist}

+Version:	2.4.43

+Release:	1%{?dist}

 License:	OpenLDAP

 URL:		http://cyrusimap.web.cmu.edu/

 Group:		System Environment/Security

 Vendor:		VMware, Inc.

 Distribution:	Photon

-Source0:	ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.4.40.tgz

-%define sha1 openldap=0cfac3b024b99de2e2456cc7254481b6644e0b96

-Patch0:		openldap-2.4.40-blfs_paths-1.patch

-Patch1:		openldap-2.4.40-symbol_versions-1.patch

+Source0:	ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/%{name}-%{version}.tgz

+%define sha1 openldap=3b52924df2f45e81f25ecbe37551bc837d090cfa

+Patch0:		openldap-2.4.43-consolidated-1.patch

 Patch2:		openldap-2.4.40-gssapi-1.patch

-Patch3:		cve-2015-1545.patch

-Patch4:		cve-2015-1546.patch

 Requires:       openssl >= 1.0.1, cyrus-sasl >= 2.1

 BuildRequires:  cyrus-sasl >= 2.1

 BuildRequires:  openssl-devel >= 1.0.1

@@ -31,10 +28,7 @@ libraries, and documentation for OpenLDAP.

 %prep

 %setup -q

 %patch2 -p1

-%patch1 -p1

 %patch0 -p1

-%patch3 -p1

-%patch4 -p1

 %build

 autoconf

@@ -77,6 +71,8 @@ rm -rf %{buildroot}/*

 /etc/openldap/*

 %changelog

+* 	Thu Jan 21 2016 Xiaolin Li <xiaolinl@vmware.com> 2.4.43-1

+- 	Updated to version 2.4.43

 *	Fri Aug 14 2015 Vinay Kulkarni <kulkarniv@vmware.com> 2.4.40-2

 -	Patches for CVE-2015-1545 and CVE-2015-1546.

 *	Wed Oct 08 2014 Divya Thaluru <dthaluru@vmware.com> 2.4.40-1