| Age | Commit message (Collapse) | Author |
|---|
|
Source: meta-openembedded
MR: 108384, 108398, 108412, 108426, 108440, 108454, 108468, 108482, 108496, 108510
Type: Security Fix
Disposition: Backport from https://git.openembedded.org/meta-openembedded/commit/meta-oe/recipes-support/openldap?id=0282b8ce6a5a5f082a37cb0863b3e62ad8e56a5a
ChangeID: 0282b8ce6a5a5f082a37cb0863b3e62ad8e56a5a
Description:
-License-Update: Copyright year updated to 2021.
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 0282b8ce6a5a5f082a37cb0863b3e62ad8e56a5a)
[Maintance update only]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit cef93b7b00e620d90a610112ee574fa60b691cf8)
[Fixes CVE:
CVE-2020-36221
CVE-2020-36222
CVE-2020-36223
CVE-2020-36224
CVE-2020-36225
CVE-2020-36226
CVE-2020-36227
CVE-2020-36228
CVE-2020-36229
CVE-2020-36230
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Source: meta-openembedded
MR: 107249
Type: Security Fix
Disposition: Backport from https://git.openembedded.org/meta-openembedded/commit/meta-oe/recipes-support/openldap?id=768345053e83623e286ce3140756036e75c023bc
ChangeID: fbcadc7f563891b4aa489557c8d518ed46de5e9d
Description:
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 768345053e83623e286ce3140756036e75c023bc)
[Maintenance update only]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit e615c6fceff7275d93e462f4cd4a14cc55b2d656)
[Fixed CVE-2020-25692]
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 70860d99bf4e8036af1adccced8f9066f6dd50a6)
[Bug fix only update]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
in FILES_${PN}-slurpd:
- ${localstatedir}/volatile/run is already covered by FILES_${PN}-slapd
- ${localstatedir}/run is already covered by FILES_${PN}-slapd
in FILES_${PN}-dev:
- ${libdir}/*.a is already covered by FILES_${PN}-staticdev
remove the settings as they were without effect anyway
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 68988584921332f929f2508a3b2678cb33579290)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 8398669b9d423d13a086160af48e0a1185c9644f)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
-License-Update: Copyright year updated to 2020.
-openldap/kill-icu.patch
Removed since this is included in 2.4.49.
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
-License-Update: Copyright year updated to 2019.
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Rework remove-user-host-pwd-from-version.patch to
fix below buildpath warning:
| WARNING: openldap-2.4.46-r0 do_package_qa: QA Issue: File /work/core2-64-wrs-linux/openldap/2.4.46-r0/packages-split/openldap-bin/usr/bin/ldappasswd in package contained reference to tmpdir [buildpaths]
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
This updated patch also sets the date and time strings to the SOURCE_DATE_EPOCH.
The WHOWHERE string will now be set to simply "openldap"
in the case that a SOURCE_DATE_EPOCH is set.
Upstream-Status: Submitted [https://www.openldap.org/its/index.cgi/Incoming?id=8928]
Signed-off-by: Douglas Royds <douglas.royds@taitradio.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Upstream-Status: Pending
Signed-off-by: Douglas Royds <douglas.royds@taitradio.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
While building openldap, there was a warning, like below:
WARNING: QA Issue: openldap: Files/directories were installed but not shipped in any package:
/usr/libexec
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
openldap: 1 installed and not shipped files. [installed-vs-shipped]
This is because that after openldap all contents of /usr/libexec are split
into subsets or moved into other directory and no one makes use of it.
So, to fix this QA warning, delete /usr/libexec.
Signed-off-by: Qi Hou <qi.hou@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
LDFLAGS += "-pthread" adds the flag both for native and target builds,
however the openldap-native build overwrites the variable inside
native.bbclass causing "undefined reference to `pthread_getspecific'"
and other linker errors.
Change the append to happen after parsing by using the override
syntax and thus make sure it executes after native.bbclass (bitbake -e
reports pre-expansion value "${BUILD_LDFLAGS} -pthread").
Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
1) Upgrade openldap from 2.4.44 to 2.4.45
2) Delete openldap-CVE-2017-9287.patch, since it is integrated upstream.
3) License checksum changed, since the copyright years were updated.
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is
prone to a double free vulnerability. A user with access to
search the directory can crash slapd by issuing a search including the
Paged Results control with a page size of 0.
Patch reference:
http://www.openldap.org/its/?findid=8655
Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
getVar() now defaults to expanding by default, thus remove the True
option from getVar() calls. Fix a small number of cases not addressed
by the original patch:
http://git.openembedded.org/meta-openembedded/commit/?id=efd3696e70a6603f1a45faa4a172433514f0a487
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
getVar() now defaults to expanding by default, thus remove the True
option from getVar() calls with a regex search and replace.
Search made with the following regex: getVar ?\(( ?[^,()]*), True\)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
|
|
Fixes errors e.g.
relocation R_AARCH64_ADR_PREL_PG_HI21 against external symbol `stderr@@GLIBC_2.17' can not be us
ed when making a shared object; recompile with -fPIC
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
The mdb backend to slapd(8) is the recommended primary backend for a
normal slapd database. Add PACKAGECONFIG 'mdb' to enable it and build
mdb as SLAPD_STATIC_BACKENDS.
This fixes the errors while starting slapd:
$systemctl start slapd
Job for slapd.service failed because the control process exited \
with error code. See "systemctl status slapd.service" and \
"journalctl -xe" for details.
$ systemctl status slapd
...
/etc/openldap/slapd.conf: line 53: <database> failed init (bdb)
Unrecognized database type (bdb)
slapd.service: Control process exited, code=exited status=1
...
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
the patch comes from:
https://bugzilla.redhat.com/show_bug.cgi?id=1238322
https://bugzilla.redhat.com/attachment.cgi?id=1055640
The nss_parse_ciphers function in libraries/libldap/tls_m.c in
OpenLDAP does not properly parse OpenSSL-style multi-keyword mode
cipher strings, which might cause a weaker than intended cipher to
be used and allow remote attackers to have unspecified impact via
unknown vectors.
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
1)Upgrade openldap from 2.4.43 to 2.4.44.
2)Modify LIC_FILES_CHKSUM, since the date in it has been changed, But the LICENSE has not been changed.
Signed-off-by: Wang Xin <wangxin2015.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Explicitly disable ipv6 support if the distro does not include it.
Signed-off-by: Richard Tollerton <rich.tollerton@ni.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
This is required by the apr-util & apache2 recipes to enable
ldap support without breaking the build (nothing provides -native)
Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
1. Upgrade openldap from 2.4.42 to 2.4.43
2. Delete patch file openldap-fix-CVE-2015-6908.patch
because the bug(ITS#8240) has been fixed in OpenLDAP 2.4.43
http://www.openldap.org/software/release/changes.html
Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Upgrade phpmyadmin from 2.4.41 to 2.4.42. And backport patch from
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=6fe51a9
to fix CVE-2015-6908.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
1) Dropped backported patches(commit-id):
-0001-ITS-8027-require-non-empty-AttributeList.patch(c32e747)
-0001-ITS-8046-fix-vrFilter_free.patch(2f1a2dd)
2) Update the checksum of COPYRIGHT,since the date in it has been changed,
but the LICENSE has not been changed.
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
1. upgrade to 2.4.20
2. remove two backup patches
2. integrate two patches to fix CVE-2015-1545 and CVE-2015-1546
3. disable bdb/hdb backend, since BerkeleyDB 6.0.20+ license is
incompatible with LDAP
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
To be safe, the ldap_pvt_thread_pool_getkey() function should
always set the data parameter. If this is not done, slapd can
segfault during shutdown.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
The new libtool's ltmain.sh is in build-aux.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Fixed do_packagedata error when multilib:
ERROR: The recipe openldap is trying to install files into a shared area when those files already exist. Those files and their manifest location are:
/path/to/sysroots/qemux86-64/pkgdata/runtime-rprovides/openldap-backends/openldap-backends
Matched in manifest-qemux86-64-lib32-openldap.packagedata
/path/to/tmp/sysroots/qemux86-64/pkgdata/runtime/openldap-backends.packaged
Matched in manifest-qemux86-64-lib32-openldap.packagedata
/path/to/tmp/sysroots/qemux86-64/pkgdata/runtime/openldap-backends
Matched in manifest-qemux86-64-lib32-openldap.packagedata
Please verify which recipe should provide the above files.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
Changed:
* Move slapd from ${libexecdir} to ${sbin}:
Installing slapd under ${sbin} is more FHS and LSB compliance
* Manage init script by inheriting update-rc.d, than postinst
* Add status for initscript
* Rename the patch named with commit id to
gnutls-Avoid-use-of-deprecated-function.patch
* Add a patch for CVE-2013-4449
* Add a patch to use /dev/urandom for entropy
* Allow tls obtains random bits from /dev/urandom:
The URANDOM_DEVICE is undefined for cross-compiling, define it as
/dev/urandom to allow tls obtains random bits from /dev/urandom.
* Add PACKAGECONFIG for mdb, ndb, relay and sock
* Remove unsupported config for ldbm
* Add license file
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Add a '\n' to the last line of the file to fix:
No newline at end of file
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Fixed SRC_URI:
* ${PN} -> ${BPN}, use ${BP} if it was ${PN}-${PV}
* ${P} -> ${BP}
Otherwise we would meet do_fetch errors when we do the multilib, native
or nativesdk build.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
OE-core update from gnutls2 to gnutls3, openldap needs patches to cope with that. Also add libgcrypt to DEPENDS since openldap links against it directly now instead of through gnutls.
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Also remove hack that deletes headers from staging, it's not needed anymore.
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
During compiling? we need soelim command provided by groff-native.
So add DEPENDS to fix this issue, else we will get following error:
/bin/sh: 15: soelim: not found
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
* openldap-slapd was sometime depending on util-linux-libuuid
add dependency to explicitly enable it
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
* some options like ldbm weren't supported by current version
* when gnutls and openssl were both available it was picking openssl
because default --with-tls is auto
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
The /var/run directory is already created by base-files.
Signed-off-by: Jonathan Liu <net147@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Before:
WARNING: File '/usr/lib/openldap/slapd' from openldap was already stripped, this will prevent future debugging!
WARNING: File '/usr/bin/ldapsearch' from openldap was already stripped, this will prevent future debugging!
WARNING: File '/usr/bin/ldapmodify' from openldap was already stripped, this will prevent future debugging!
WARNING: File '/usr/bin/ldapdelete' from openldap was already stripped, this will prevent future debugging!
WARNING: File '/usr/bin/ldapmodrdn' from openldap was already stripped, this will prevent future debugging!
WARNING: File '/usr/bin/ldappasswd' from openldap was already stripped, this will prevent future debugging!
WARNING: File '/usr/bin/ldapwhoami' from openldap was already stripped, this will prevent future debugging!
WARNING: File '/usr/bin/ldapcompare' from openldap was already stripped, this will prevent future debugging!
WARNING: File '/usr/bin/ldapexop' from openldap was already stripped, this will prevent future debugging!
WARNING: File '/usr/bin/ldapurl' from openldap was already stripped, this will prevent future debugging!
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
* openldap-2.4.23: openldap: Files/directories were installed but not shipped
/var/volatile
/var/volatile/run
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Used sed expression given here:
http://lists.linuxtogo.org/pipermail/openembedded-core/2011-November/012373.html
Plus an additional expression for .expand. Full expression is:
sed \
-e 's:bb.data.\(setVar([^,]*,[^,]*\), \([^ )]*\) *):\2.\1):g' \
-e 's:bb.data.\(setVarFlag([^,]*,[^,]*,[^,]*\), \([^) ]*\) *):\2.\1):g' \
-e 's:bb.data.\(getVar([^,]*\), \([^, ]*\) *,\([^)]*\)):\2.\1,\3):g' \
-e 's:bb.data.\(getVarFlag([^,]*,[^,]*\), \([^, ]*\) *,\([^)]*\)):\2.\1,\3):g' \
-e 's:bb.data.\(getVarFlag([^,]*,[^,]*\), \([^) ]*\) *):\2.\1):g' \
-e 's:bb.data.\(getVar([^,]*\), \([^) ]*\) *):\2.\1):g' \
-e 's:bb.data.\(expand([^,]*\), \([^ )]*\) *):\2.\1):g' \
-i `grep -ril bb.data *`
Some minor correction in systemd.bbclass was needed for some expressions
that didn't quite match the regex in the desired way; additionally a few
instances were manually changed.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
|
|
* bitbake uses PACKAGES_DYNAMIC as regexp
^ could make matching faster (and it will be more clear that we're expecting regexp not glob)
* made all those last '-' optional, use .* (or nothing)
* use += instead of = in most cases to keep ${PN}-locale from
bitbake.conf:PACKAGES_DYNAMIC = "^${PN}-locale-.*"
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
zhengruoqin
zangrc
Konrad Weihmann
Wang Mingyu
Qi.Chen@windriver.com
Changqing Li
Mingli Yu
douglas.royds
Qi Hou
Ioan-Adrian Ratiu
Huang Qiyu
fan.xin
Peter Kjellerstedt
Andre McCurdy
Joshua Lock
Khem Raj
Kai Kang
Li Wang
Wang Xin
Martin Jansa
Richard Tollerton
Bruno Vernay
Li xin
Roy Li
Joe Slater
Robert Yang
Jackie Huang
Koen Kooi
Chong.Lu@windriver.com
Jonathan Liu
Marcin Juszkiewicz
Paul Eggleton