head 1.2; access; symbols pkgsrc-2021Q2:1.1.0.24 pkgsrc-2021Q2-base:1.1 pkgsrc-2021Q1:1.1.0.22 pkgsrc-2021Q1-base:1.1 pkgsrc-2020Q4:1.1.0.20 pkgsrc-2020Q4-base:1.1 pkgsrc-2020Q3:1.1.0.18 pkgsrc-2020Q3-base:1.1 pkgsrc-2020Q2:1.1.0.16 pkgsrc-2020Q2-base:1.1 pkgsrc-2020Q1:1.1.0.12 pkgsrc-2020Q1-base:1.1 pkgsrc-2019Q4:1.1.0.14 pkgsrc-2019Q4-base:1.1 pkgsrc-2019Q3:1.1.0.10 pkgsrc-2019Q3-base:1.1 pkgsrc-2019Q2:1.1.0.8 pkgsrc-2019Q2-base:1.1 pkgsrc-2019Q1:1.1.0.6 pkgsrc-2019Q1-base:1.1 pkgsrc-2018Q4:1.1.0.4 pkgsrc-2018Q4-base:1.1 pkgsrc-2018Q3:1.1.0.2 pkgsrc-2018Q3-base:1.1; locks; strict; comment @# @; 1.2 date 2021.08.23.09.58.58; author adam; state dead; branches; next 1.1; commitid 7pL4ZryIb0xf156D; 1.1 date 2018.07.31.12.39.52; author manu; state Exp; branches; next ; commitid T8YdEPV4tgcuShMA; desc @@ 1.2 log @openldap: updated to 2.5.7 OpenLDAP 2.5.7 Release (2021/08/18) Fixed lloadd client state tracking Fixed slapd bconfig to canonicalize structuralObjectclass Fixed slapd-ldif duplicate controls response Fixed slapd-mdb multival crash when attribute is missing an equality matchingrule Fixed slapd-mdb compatibility with OpenLDAP 2.4 MDB databases Fixed slapd-mdb idlexp maximum size handling Fixed slapd-monitor number of ops executing with asynchronous backends Fixed slapd-sql to add support for ppolicy attributes Fixed slapd-sql to close transactions after bind and search Fixed slapo-accesslog to make reqMod optional Fixed slapo-ppolicy logging when pwdChangedTime attribute is not present Documentation slapd-mdb(5) note max idlexp size is 30, not 31 slapo-accesslog(5) note that reqMod is optional Add ldapvc(1) man page Add guide section on load balancer Updated guide to document multiprovider as replacement for mirrormode Updated guide to clarify slapd-mdb upgrade requirements Updated guide to document removal of deprecated options from client tools OpenLDAP 2.5.6 Release (2021/07/27) Fixed libldap buffer overflow Fixed libldap missing mutex unlock on connection alloc failure Fixed lloadd cn=config olcBkLloadClientMaxPending setting Fixed slapd multiple config defaults Fixed slapd ipv6 addresses to work with tcp wrappers Fixed slapo-syncprov delete of nonexistent sessionlog Build Fixed library symbol versioning on Solaris Fixed compile warning in libldap/tpool.c Fixed compile warning in libldap/tls_o.c Contrib Fixed ppm module for sysconfdir Documentation Updated guide to document multival, idlexp, and maxentrysize OpenLDAP 2.5.5 Release (2021/06/03) Added libldap LDAP_OPT_TCP_USER_TIMEOUT support Added lloadd tcp-user-timeout support Added slapd-asyncmeta tcp-user-timeout support Added slapd-ldap tcp-user-timeout support Added slapd-meta tcp-user-timeout support Fixed incorrect control OIDs for AuthZ Identity Fixed libldap typo in util-int.c Fixed libldap double free of LDAP_OPT_DEFBASE Fixed libldap better TLS1.3 cipher suite handling Fixed lloadd multiple issues Fixed slapd slap_op_time to avoid duplicates across restarts Fixed slapd typo in daemon.c Fixed slapd slapi compilation Fixed slapd to handle empty DN in extended filters Fixed slapd syncrepl searches with empty base Fixed slapd syncrepl refresh on startup Fixed slapd abort due to typo Fixed slapd-asyncmeta quarantine handling Fixed slapd-asyncmeta to have a default operations timeout Fixed slapd-ldap quarantine handling Fixed slapd-mdb deletion of context entry Fixed slapd-mdb off-by-one affecting search scope Fixed slapd-meta quarantine handling Fixed slapo-accesslog to record reqNewDN for modRDN ops Fixed slapo-pcache locking during expiration Build Fixed slappw-argon2 module installation Contrib Update ldapc++/ldaptcl to use configure.ac Documentation ldap_first_attribute(3) - Document ldap_get_attribute_ber ldap_modify(3) - Delete non-existent mod_next parameter OpenLDAP 2.5.4 Release (2021/04/29) Initial release for "general use". @ text @$NetBSD: patch-its8885,v 1.1 2018/07/31 12:39:52 manu Exp $ Add a configure test for hdb_generate_key_set_password() prototype From upstream ITS #8885 contrib/slapd-modules/smbk5pwd uses hdb_generate_key_set_password() from Heimdal, which was shortly turned from a 5 arguments function to a 7 arguments function before the prototype change was rolled back to address API incompatibility. Unfortunately, the 7 arguments hdb_generate_key_set_password() made it into released NetBSD 8.0, causing a build break in contrib/slapd-modules/smbk5pwd. This change adds a configure test for 7 arguments prototype so that contrib/slapd-modules/smbk5pwd build again on NetBSD 8.0, and other OS that would include the 7 arguments hdb_generate_key_set_password(). --- build/openldap.m4.orig 2018-03-22 16:44:27.000000000 +0100 +++ build/openldap.m4 2018-07-30 03:50:36.291294379 +0200 @@@@ -1141,4 +1141,27 @@@@ char *__ssl_compat = "0.9.7d"; #endif ], [ol_cv_ssl_crl_compat=yes], [ol_cv_ssl_crl_compat=no])]) ]) +dnl ==================================================================== +dnl check for db_generate_key_set_password prototype +AC_DEFUN([OL_HDB_GENERATE_KEY_SET_PASSWORD], +[AC_CACHE_CHECK([if hdb_generate_key_set_password requires 7 arguments], + [ol_cv_hdb_generate_key_set_password_7_args],[ + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([ + #include "krb5/krb5.h" + #include "krb5/hdb.h" + ],[ + (void)hdb_generate_key_set_password( + NULL, /* context */ + NULL, /* principal */ + NULL, /* password */ + NULL, /* ks_tuple */ + 0, /* n_ks_tuple */ + NULL, /* keys */ + 0 /* num_keys */ + ); + ])], + [ol_cv_hdb_generate_key_set_password_7_args=yes], + [ol_cv_hdb_generate_key_set_password_7_args=no])]) +]) --- include/portable.hin.orig 2018-03-22 16:44:27.000000000 +0100 +++ include/portable.hin 2018-07-30 03:50:36.309332999 +0200 @@@@ -399,8 +399,11 @@@@ /* Define to 1 if you have the header file. */ #undef HAVE_OPENSSL_SSL_H +/* Define to 1 if hdb_generate_key_set_password needs 7 arguments */ +#undef HAVE_HDB_GENERATE_KEY_SET_PASSWORD_7_ARGS + /* Define to 1 if you have the `pipe' function. */ #undef HAVE_PIPE /* Define to 1 if you have the `poll' function. */ --- contrib/slapd-modules/smbk5pwd/smbk5pwd.c.orig 2018-03-22 16:44:27.000000000 +0100 +++ contrib/slapd-modules/smbk5pwd/smbk5pwd.c 2018-07-30 03:50:36.307164222 +0200 @@@@ -462,10 +462,15 @@@@ "dn=\"%s\" missing krb5KeyVersionNumber\n", op->o_log_prefix, e->e_name.bv_val, 0 ); } +#ifdef HAVE_HDB_GENERATE_KEY_SET_PASSWORD_7_ARGS + ret = hdb_generate_key_set_password(context, ent.principal, + qpw->rs_new.bv_val, NULL, 0, &ent.keys.val, &nkeys); +#else ret = hdb_generate_key_set_password(context, ent.principal, qpw->rs_new.bv_val, &ent.keys.val, &nkeys); +#endif ent.keys.len = nkeys; hdb_seal_keys(context, db, &ent); krb5_free_principal( context, ent.principal ); --- configure.orig 2018-03-22 16:44:27.000000000 +0100 +++ configure 2018-07-30 03:50:36.300456664 +0200 @@@@ -15815,8 +15815,55 @@@@ $as_echo "#define SLAPD_LMHASH 1" >>confdefs.h fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if hdb_generate_key_set_password requires 7 arguments" >&5 +$as_echo_n "checking if hdb_generate_key_set_password requires 7 arguments... " >&6; } +if test "${ol_cv_hdb_generate_key_set_password_7_args+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + + #include "krb5/krb5.h" + #include "krb5/hdb.h" + +int +main () +{ + + (void)hdb_generate_key_set_password( + NULL, /* context */ + NULL, /* principal */ + NULL, /* password */ + NULL, /* ks_tuple */ + 0, /* n_ks_tuple */ + NULL, /* keys */ + 0 /* num_keys */ + ); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ol_cv_hdb_generate_key_set_password_7_args=yes +else + ol_cv_hdb_generate_key_set_password_7_args=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ol_cv_hdb_generate_key_set_password_7_args" >&5 +$as_echo "$ol_cv_hdb_generate_key_set_password_7_args" >&6; } + +if test $ol_cv_hdb_generate_key_set_password_7_args = yes ; then + +$as_echo "#define HAVE_HDB_GENERATE_KEY_SET_PASSWORD_7_ARGS 1" >>confdefs.h + +fi + ol_link_threads=no case $ol_with_threads in auto | yes | nt) --- configure.in.orig 2018-03-22 16:44:27.000000000 +0100 +++ configure.in 2018-07-30 03:54:41.886303506 +0200 @@@@ -1279,8 +1279,16 @@@@ AC_DEFINE(SLAPD_LMHASH, 1, [define to support LAN Manager passwords]) fi dnl ---------------------------------------------------------------- +dnl hdb_generate_key_set_password prototype +OL_HDB_GENERATE_KEY_SET_PASSWORD +if test $ol_cv_hdb_generate_key_set_password_7_args = yes ; then + AC_DEFINE(HAVE_HDB_GENERATE_KEY_SET_PASSWORD_7_ARGS, 1, + [define if hdb_generate_key_set_password needs 7 arguments]) +fi + +dnl ---------------------------------------------------------------- dnl Threads? ol_link_threads=no case $ol_with_threads in auto | yes | nt) @ 1.1 log @Build fix for databases/openldap-smbk5pwd From upstream ITS #8885 Add a configure test for hdb_generate_key_set_password() prototype contrib/slapd-modules/smbk5pwd uses hdb_generate_key_set_password() from Heimdal, which was shortly turned from a 5 arguments function to a 7 arguments function before the prototype change was rolled back to address API incompatibility. Unfortunately, the 7 arguments hdb_generate_key_set_password() made it into released NetBSD 8.0, causing a build break in contrib/slapd-modules/smbk5pwd. This change adds a configure test for 7 arguments prototype so that contrib/slapd-modules/smbk5pwd build again on NetBSD 8.0, and other OS that would include the 7 arguments hdb_generate_key_set_password(). @ text @d1 1 a1 1 $NetBSD$ @