OpenLDAP 2.4.46 Release (2018/03/22) Fixed libldap connection delete callbacks when TLS fails to start (ITS#8717) Fixed libldap to not reuse tls_session if TLS hostname check fails (ITS#7373) Fixed libldap cross-compiling with OpenSSL 1.1 (ITS#8687) Fixed libldap OpenSSL 1.1.1 compatibility with BIO_method (ITS#8791) Fixed libldap MozNSS CA certificate hash matching (ITS#7374) Fixed libldap MozNSS with PEM certs when also using an NSS cert db (ITS#7389) Fixed libldap MozNSS initialization (ITS#8484) Fixed libldap GnuTLS with GNUTLS_E_AGAIN (ITS#8650) Fixed libldap memory leak with cancel operations (ITS#8782) Fixed slapd Eventlog registry key creation on 64-bit Windows (ITS#8705) Fixed slapd to maintain SSF across SASL binds (ITS#8796) Fixed slapd syncrepl deadlock when updating cookie (ITS#8752) Fixed slapd syncrepl callback to always be last in the stack (ITS#8752) Fixed slapd telephoneNumberNormalize when the value is spaces and hyphens (ITS#8778) Fixed slapd CSN queue processing (ITS#8801) Fixed slapd-ldap TLS connection timeout with high latency connections (ITS#8720) Fixed slapd-ldap to ignore unknown schema when omit-unknown-schema is set (ITS#7520) Fixed slapd-mdb with an optimization for long lived read transactions (ITS#8226) Fixed slapd-meta assert when olcDbRewrite is modified (ITS#8404) Fixed slapd-sock with LDAP_MOD_INCREMENT operations (ITS#8692) Fixed slapo-accesslog cleanup to only occur on failed operations (ITS#8752) Fixed slapo-dds entryTTL to actually decrease as per RFC 2589 (ITS#7100) Fixed slapo-syncprov memory leak with delete operations (ITS#8690) Fixed slapo-syncprov to not clear pending operation when checkpointing (ITS#8444) Fixed slapo-syncprov to correctly record contextCSN values in the accesslog (ITS#8100) Fixed slapo-syncprov not to log checkpoints to accesslog db (ITS#8607) Fixed slapo-syncprov to process changes from this SID on REFRESH (ITS#8800) Fixed slapo-syncprov session log parsing to not block other operations (ITS#8486) Build Environment Fixed Windows build with newer MINGW version (ITS#8697) Fixed compiler warnings and removed unused variables (ITS#8578) Contrib Fixed ldapc++ Control structure (ITS#8583) Documentation Delete stub manpage for back-ldbm (ITS#8713) Fixed ldap_bind(3) to mention the LDAP_SASL_SIMPLE mechanism (ITS#8121) Fixed ldap.conf(5) to note SASL_MECH/SASL_REALM are no longer user-only (ITS#8818) Fixed slapd-config(5) typo for olcTLSCipherSuite (ITS#8715) Fixed slapo-syncprov(5) indexing requirements (ITS#5048)
Created attachment 539578 [details, diff] openldap-2.4.46.ebuild.diff Here's my latest attempt to improve the openldap ebuild a bit. Mostly ported to EAPi-6 but also tried to make the ebuild more "maintainable".
Created attachment 539580 [details, diff] openldap-2.4.46.ebuild.diff And of course I added an outdated patch to the bug (*sigh*). Here's my latest attempt.
Lars, would you mind adding your version to the tree for testing? I tried to create 2.4.46 from 2.4.45 with your patch, but some chunks were rejected.
This fails to build: USE="berkdb crypt gnutls ipv6 -minimal overlays perl slp ssl syslog cxx -debug experimental -iodbc -kerberos -kinit -libressl -odbc pbkdf2 -samba sasl sha2 smbkrb5passwd -static-libs tcpd" FEATURES=test ebuild openldap-2.4.46.ebuild digest clean test ... libtool: link: (cd .libs && x86_64-pc-linux-gnu-gcc -march=native -O2 -pipe -c -fno-builtin "slapdS.c") libtool: link: rm -f ".libs/slapdS.c" ".libs/slapd.nm" ".libs/slapd.nmS" ".libs/slapd.nmT" ".libs/slapd.nmI" libtool: link: x86_64-pc-linux-gnu-gcc -march=native -O2 -pipe -Wl,--hash-style=gnu -Wl,-O1 .libs/slapdS.o -o .libs/slapd main.o globals.o bconfig.o config.o daemon.o connection.o search.o filter.o add.o cr.o attr.o entry.o backend.o backends.o result.o operation.o dn.o compare.o modify.o delete.o modrdn.o ch_malloc.o value.o ava.o bind.o unbind.o abandon.o filterentry.o phonetic.o acl.o str2filter.o aclparse.o init.o user.o lock.o controls.o extended.o passwd.o schema.o schema_check.o schema_init.o schema_prep.o schemaparse.o ad.o at.o mr.o syntax.o oc.o saslauthz.o oidm.o starttls.o index.o sets.o referral.o root_dse.o sasl.o module.o mra.o mods.o sl_malloc.o zn_malloc.o limits.o operational.o matchedValues.o cancel.o syncrepl.o backglue.o backover.o ctxcsn.o ldapsync.o frontend.o slapadd.o slapcat.o slapcommon.o slapdn.o slapindex.o slappasswd.o slaptest.o slapauth.o slapacl.o component.o aci.o alock.o txn.o slapschema.o version.o -pthread -Wl,--export-dynamic -Wl,--as-needed libbackends.a liboverlays.a ../../libraries/liblunicode/liblunicode.a ../../libraries/librewrite/librewrite.a ../../libraries/liblutil/liblutil.a ../../libraries/libldap_r/.libs/libldap_r.so ../../libraries/liblber/.libs/liblber.so -luuid /usr/lib64/libdb-5.3.so -llmdb /usr/lib64/libslp.so -lpthread -lm -lnsl -lcrypt slapi/.libs/libslapi.so /dev/shm/portage/net-nds/openldap-2.4.46/work/openldap-2.4.46-abi_x86_64.amd64/libraries/libldap_r/.libs/libldap_r.so /dev/shm/portage/net-nds/openldap-2.4.46/work/openldap-2.4.46-abi_x86_64.amd64/libraries/liblber/.libs/liblber.so -lresolv -lsasl2 -lgnutls -lgcrypt /usr/lib64/libltdl.so -ldl -lwrap -pthread /usr/lib/gcc/x86_64-pc-linux-gnu/8.2.0/../../../../x86_64-pc-linux-gnu/bin/ld: cannot find -lnsl collect2: error: ld returned 1 exit status make[2]: *** [Makefile:520: slapd] Error 1 make[2]: Leaving directory '/dev/shm/portage/net-nds/openldap-2.4.46/work/openldap-2.4.46-abi_x86_64.amd64/servers/slapd' make[1]: *** [Makefile:293: all-common] Error 1 make[1]: Leaving directory '/dev/shm/portage/net-nds/openldap-2.4.46/work/openldap-2.4.46-abi_x86_64.amd64/servers' make: *** [Makefile:314: all-common] Error 1 * ERROR: net-nds/openldap-2.4.46::gentoo failed (compile phase): Which is weird, as libnsl is part of glibc, and definitely present
A copy from 2.4.45 to 2.4.46 with this removed seems to work: # bug #622464 epatch "${FILESDIR}"/${PN}-2.4.45-libressl.patch Could we just bump and then add -r1 with improvements from Lars when they are resolved?
(In reply to Tomáš Mózes from comment #3) > Lars, would you mind adding your version to the tree for testing? I tried to > create 2.4.46 from 2.4.45 with your patch, but some chunks were rejected. Dunno how you managed to get these rejections. I just tried this myself and the patch applied cleanly. Here are the steps that I did: > cp -v openldap-2.4.4{5,6}.ebuild 'openldap-2.4.45.ebuild' -> 'openldap-2.4.46.ebuild' > patch --no-backup-if-mismatch openldap-2.4.46.ebuild ~/temp/openldap-2.4.46.ebuild.diff patching file openldap-2.4.46.ebuild >
Sorry, i forgot that the libressl patch was already removed in my local copy and thus this change failed. It really applies on a clean 2.4.45 ebuild. # ebuild openldap-2.4.46.ebuild manifest Error(s) in metadata for 'net-nds/openldap-2.4.46': DEPEND: no matching '(' for ')', token 105 RDEPEND: no matching '(' for ')', token 105
(In reply to Robin Johnson from comment #4) > This fails to build: What version of glibc do you have installed?
(In reply to Tomáš Mózes from comment #7) > Sorry, i forgot that the libressl patch was already removed in my local copy > and thus this change failed. It really applies on a clean 2.4.45 ebuild. > > # ebuild openldap-2.4.46.ebuild manifest > Error(s) in metadata for 'net-nds/openldap-2.4.46': > DEPEND: no matching '(' for ')', token 105 > RDEPEND: no matching '(' for ')', token 105 There is an extra bracket before DEPEND, this passes the manifest: --- openldap-2.4.46.ebuild 2018-11-14 13:27:55.523352043 +0100 +++ openldap-2.4.46.ebuild 2018-11-14 13:29:02.201410914 +0100 @@ -77,8 +77,7 @@ kinit? ( !app-crypt/heimdal ) ) cxx? ( dev-libs/cyrus-sasl:= ) - ) -)" + )" DEPEND="${CDEPEND} sys-apps/groff" RDEPEND="${CDEPEND}
Created attachment 555086 [details, diff] openldap-2.4.46.ebuild.diff Fixed patch...
Solved the libnsl side; but there's another issue: the contrib stuff fails still. smbkrb5passwd, overlays, pbkdf2 possible other USE flags for contrib stuff all trigger the failure, because the pushd is running relative to the multilib build dest, eg /var/tmp/portage/net-nds/openldap-2.4.46/work/openldap-2.4.46-abi_x86_64.amd64/ rather than the source dir. Updated patch attached as well with other stuff fixed.
Created attachment 555090 [details, diff] openldap-2.4.46.ebuild.diff
(In reply to Robin Johnson from comment #12) > Created attachment 555090 [details, diff] [details, diff] > openldap-2.4.46.ebuild.diff My previous USE="berkdb crypt ipv6 ssl syslog tcpd" now fails because REQUIRED_USE="^^ ( test minimal )". With minimal it builds fine, but with test it fails. However it's strange one needs to add USE=test to emerge openldap?
OpenLDAP 2.4.47 Release (2018/12/19) Added slapd-sock DN qualifier for subtrees to be processed (ITS#8051) Added slapd-sock ability to send extended operations to external listeners (ITS#8714) Fixed liblber to avoid incremental access to user-supplied bv in dupbv (ITS#8752) Fixed libldap dn to domain parsing with bad input (ITS#8842) Fixed slapd slapcat to correctly honor -g option (ITS#8667) Fixed slapd to correctly handle NO_SUCH_OBJECT with dynamic groups (ITS#8923) Fixed slapd to check status of rdnNormalize (ITS#8932) Fixed slapd cn=config when modifying slapo-syncprov config (ITS#8616) Fixed slapd sasl authz-policy "all" behavior (ITS#8909) Fixed slapd sasl minor typo (ITS#8918) Fixed slapd to correctly hide hidden DBs in the rootDSE (ITS#8912) Fixed slapd domainScope control to match Microsoft specification (ITS#8840) Fixed slapd-bdb/hdb/mdb to not convert certain IDLs to ranges (ITS#8868) Fixed slapo-accesslog deadlock during cleanup (ITS#8752) Fixed slapo-memberof cn=config modifications (ITS#8663) Fixed slapo-ppolicy with multimaster replication (ITS#8927) Fixed slapo-syncprov with NULL modlist (ITS#8843) Build Environment Added slapd reproducible build support (ITS#8928) Fixed missing includes with OpenSSL 1.0.2 (ITS#8809) Contrib Fixed slapo-pbkdf2 hash generation (ITS#8878) Documentation admin24 fixed minor typo (ITS#8887) Latest attached ebuild diff still works for 2.4.47
Created attachment 560910 [details, diff] openldap-2.4.47.ebuild.diff
(In reply to Robin Johnson from comment #11) > Solved the libnsl side; but there's another issue: the contrib stuff fails > still. > > smbkrb5passwd, overlays, pbkdf2 possible other USE flags for contrib stuff > all trigger the failure, because the pushd is running relative to the > multilib build dest, eg > /var/tmp/portage/net-nds/openldap-2.4.46/work/openldap-2.4.46-abi_x86_64. > amd64/ rather than the source dir. > > Updated patch attached as well with other stuff fixed. Please test the latest attached patch. This one should have the contrib stuff being fixed.
Created attachment 560914 [details, diff] openldap-2.4.47.ebuild.diff Minor formatting adjustments in the CDEPEND section.
(In reply to Lars Wendler (Polynomial-C) from comment #17) > Created attachment 560914 [details, diff] [details, diff] > openldap-2.4.47.ebuild.diff > > Minor formatting adjustments in the CDEPEND section. After discussing with Robin please replace "^^ ( test minimal )" with "?? ( minimal test )".
Created attachment 561690 [details, diff] openldap-2.4.47.ebuild.diff And here comes the updated ebuild patch...
Created attachment 561692 [details, diff] openldap-2.4.47.ebuild.diff And another update, doing some minor cleanups. (sorry for spamming so much into this bug)
Can this please be added to the tree?
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=00db46a3bafb7100b0917bcc20bfbc73f1b293d4 commit 00db46a3bafb7100b0917bcc20bfbc73f1b293d4 Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2019-02-20 15:05:45 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2019-02-20 15:06:06 +0000 net-nds/openldap: Bump to version 2.4.47 Closes: https://bugs.gentoo.org/661174 Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> net-nds/openldap/Manifest | 1 + net-nds/openldap/openldap-2.4.47.ebuild | 896 ++++++++++++++++++++++++++++++++ 2 files changed, 897 insertions(+)
Thanks, it worked on a simple replicated instance configuration. Many thanks for the ebuild refresh.
