Hello community,
here is the log from the commit of package openldap2 for openSUSE:Factory
checked in at 2020-10-30 11:45:49
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openldap2 (Old)
and /work/SRC/openSUSE:Factory/.openldap2.new.3463 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openldap2"
Fri Oct 30 11:45:49 2020 rev:159 rq:844184 version:unknown
Changes:
--------
--- /work/SRC/openSUSE:Factory/openldap2/openldap2.changes 2020-10-15
13:44:38.657158703 +0200
+++ /work/SRC/openSUSE:Factory/.openldap2.new.3463/openldap2.changes
2020-10-30 11:45:53.841613264 +0100
@@ -1,0 +2,28 @@
+Tue Oct 27 01:01:54 UTC 2020 - William Brown <william.br...@suse.com>
+
+- bsc#1175568 CVE-2020-8027
+ openldap_update_modules_path.sh has a number of issues in it's
+ design that lead to security issues. This file has been removed,
+ from the package, and the %post execution of the install. The
+ function is replaced by /usr/sbin/slapd-ldif-update-crc and
+ /usr/lib/openldap/fixup-modulepath, through the addition of the
+ source files:
+ * fixup-modulepath.sh
+ * slapd-ldif-update-crc.sh
+ * update-crc.sh
+
+-------------------------------------------------------------------
+Mon Oct 26 21:48:45 UTC 2020 - Michael Ströder <mich...@stroeder.com>
+
+- updated to 2.4.55
+
+OpenLDAP 2.4.55 Release (2020/10/26)
+ Fixed slapd normalization handling with modrdn (ITS#9370)
+ Fixed slapd-meta to check ldap_install_tls return code (ITS#9366)
+ Contrib
+ Fixed nssov misplaced semicolon (ITS#8731, ITS#9368)
+
+LMDB 0.9.27 Release (2020/10/26)
+ ITS#9376 fix repeated DUPSORT cursor deletes
+
+-------------------------------------------------------------------
Old:
----
openldap-2.4.54.tgz
openldap_update_modules_path.sh
New:
----
fixup-modulepath.sh
openldap-2.4.55.tgz
slapd-ldif-update-crc.sh
update-crc.sh
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openldap2.spec ++++++
--- /var/tmp/diff_new_pack.37tmnC/_old 2020-10-30 11:45:55.133614408 +0100
+++ /var/tmp/diff_new_pack.37tmnC/_new 2020-10-30 11:45:55.137614411 +0100
@@ -22,7 +22,7 @@
%endif
%define run_test_suite 0
-%define version_main 2.4.54
+%define version_main 2.4.55
%define name_ppolicy_check_module ppolicy-check-password
%define version_ppolicy_check_module 1.2
%define ppolicy_docdir
%{_docdir}/openldap-%{name_ppolicy_check_module}-%{version_ppolicy_check_module}
@@ -47,9 +47,11 @@
Source13: start
Source14: slapd.service
Source16: sysconfig.openldap
-Source17: openldap_update_modules_path.sh
Source18: openldap2.conf
Source19: ldap-user.conf
+Source20: fixup-modulepath.sh
+Source21: slapd-ldif-update-crc.sh
+Source22: update-crc.sh
Patch1: 0001-ITS-8866-slapo-unique-to-return-filter-used-in-diagn.patch
Patch3: 0003-LDAPI-socket-location.dif
Patch5: 0005-pie-compile.dif
@@ -80,6 +82,7 @@
%if %{suse_version} < 1500
%{?systemd_requires}
%endif
+Requires: gawk
Requires: libldap-2_4-2 = %{version_main}
Recommends: cyrus-sasl
Conflicts: openldap
@@ -358,12 +361,15 @@
chmod a+x %{buildroot}%{_libdir}/liblber.so*
chmod a+x %{buildroot}%{_libdir}/libldap_r.so*
install -m 755 %{SOURCE6} %{buildroot}%{_sbindir}/schema2ldif
-install -m 755 %{SOURCE17} %{buildroot}%{_sbindir}
mkdir -p %{buildroot}%{_tmpfilesdir}/
install -m 644 %{SOURCE18} %{buildroot}%{_tmpfilesdir}/
mkdir -p %{buildroot}%{_sysusersdir}
install -m 644 %{SOURCE19} %{buildroot}%{_sysusersdir}/
+install -m 755 %{SOURCE19} ${RPM_BUILD_ROOT}/usr/lib/openldap/fixup-modulepath
+install -m 755 %{SOURCE20} ${RPM_BUILD_ROOT}/%{_sbindir}/slapd-ldif-update-crc
+install -m 755 %{SOURCE21} ${RPM_BUILD_ROOT}/usr/lib/openldap/update-crc
+
# Install ppolicy check module
make -C contrib/slapd-modules/ppolicy-check-password STRIP=""
DESTDIR="%{buildroot}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}"
"libexecdir=%{_libexecdir}" install
install -m 0644 %{S:202}
%{buildroot}%{_sysconfdir}/openldap/check_password.conf
@@ -433,9 +439,6 @@
%service_add_pre slapd.service
%post
-if [ ${1:-0} -gt 1 ] && [ ! -f /var/adm/openldap_modules_path_updated ] ; then
- /usr/sbin/openldap_update_modules_path.sh
-fi
%{fillup_only -n openldap ldap}
%tmpfiles_create %{name}.conf
%service_add_post slapd.service
@@ -468,7 +471,6 @@
%{_fillupdir}/sysconfig.openldap
%{_sbindir}/slap*
%{_sbindir}/rcslapd
-%{_sbindir}/openldap_update_modules_path.sh
%{_libdir}/openldap/back_bdb*
%{_libdir}/openldap/back_hdb*
%{_libdir}/openldap/back_ldap*
@@ -498,6 +500,8 @@
%{_libdir}/openldap/valsort*
%{_libdir}/slapd
/usr/lib/openldap/start
+/usr/lib/openldap/update-crc
+/usr/lib/openldap/fixup-modulepath
%{_unitdir}/slapd.service
%{_tmpfilesdir}/%{name}.conf
%{_sysusersdir}/ldap-user.conf
++++++ fixup-modulepath.sh ++++++
#!/bin/bash
source /usr/lib/openldap/update-crc
conf_dir='/etc/openldap/slapd.d'
tgt_ldif="${conf_dir}/cn=config.ldif"
if [ ! -d ${conf_dir} ] || [ ! -f ${tgt_ldif} ]
then
exit 0
fi
# Make sure slapd.service is not running.
slapd_running=1
# Don't check if no systemd, we could be in a container.
if [ -f "/usr/bin/systemctl" ]; then
/usr/bin/systemctl is-active --quiet slapd.service
slapd_running=$?
fi
if [ $slapd_running -eq 0 ]; then
echo "Unable to update crc of '${tgt_ldif}' while slapd.service is running
..."
exit 1
fi
# Remove the module path.
sed -n -i '/olcModulePath/!p' ${tgt_ldif}
res=$?
if [ $res -ne 0 ]
then
echo "Failed to remove olcModulePath in ${tgt_ldif}"
exit 1
else
do_update_crc ${tgt_ldif}
echo "Updated crc of ${tgt_ldif}"
fi
++++++ openldap-2.4.54.tgz -> openldap-2.4.55.tgz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openldap-2.4.54/CHANGES new/openldap-2.4.55/CHANGES
--- old/openldap-2.4.54/CHANGES 2020-10-12 20:27:28.000000000 +0200
+++ new/openldap-2.4.55/CHANGES 2020-10-26 20:02:25.000000000 +0100
@@ -1,10 +1,15 @@
OpenLDAP 2.4 Change Log
+OpenLDAP 2.4.55 Release (2020/10/26)
+ Fixed slapd normalization handling with modrdn (ITS#9370)
+ Fixed slapd-meta to check ldap_install_tls return code (ITS#9366)
+ Contrib
+ Fixed nssov misplaced semicolon (ITS#8731, ITS#9368)
+
OpenLDAP 2.4.54 Release (2020/10/12)
Fixed slapd delta-syncrepl to ignore delete ops on deleted entry
(ITS#9342)
Fixed slapd delta-syncrepl to be fully serialized (ITS#9330)
Fixed slapd delta-syncrepl MOD on zero-length context entry (ITS#9352)
- Fixed slapd sessionlog to use a TAVL tree (ITS#8486)
Fixed slapd syncrepl to be fully serialized (ITS#8102)
Fixed slapd syncrepl to call check_syncprov on fresh consumer (ITS#9345)
Fixed slapd syncrepl to propagate errors from overlay_entry_get_ov
(ITS#9355)
@@ -14,6 +19,7 @@
Fixed slapo-accesslog normalizer for reqStart (ITS#9358)
Fixed slapo-accesslog to not generate new contextCSN on purge (ITS#9361)
Fixed slapo-syncprov contextCSN generation with empty suffix (ITS#9015)
+ Fixed slapo-syncprov sessionlog to use a TAVL tree (ITS#8486)
OpenLDAP 2.4.53 Release (2020/09/07)
Added slapd syncrepl additional SYNC logging (ITS#9043)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openldap-2.4.54/build/version.var
new/openldap-2.4.55/build/version.var
--- old/openldap-2.4.54/build/version.var 2020-10-12 20:27:28.000000000
+0200
+++ new/openldap-2.4.55/build/version.var 2020-10-26 20:02:25.000000000
+0100
@@ -15,9 +15,9 @@
ol_package=OpenLDAP
ol_major=2
ol_minor=4
-ol_patch=54
-ol_api_inc=20454
+ol_patch=55
+ol_api_inc=20455
ol_api_current=13
-ol_api_revision=2
+ol_api_revision=3
ol_api_age=11
-ol_release_date="2020/10/12"
+ol_release_date="2020/10/26"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openldap-2.4.54/contrib/slapd-modules/nssov/nssov.c
new/openldap-2.4.55/contrib/slapd-modules/nssov/nssov.c
--- old/openldap-2.4.54/contrib/slapd-modules/nssov/nssov.c 2020-10-12
20:27:28.000000000 +0200
+++ new/openldap-2.4.55/contrib/slapd-modules/nssov/nssov.c 2020-10-26
20:02:25.000000000 +0100
@@ -947,7 +947,7 @@
if ( slapMode & SLAP_SERVER_MODE ) {
/* close socket if it's still in use */
- if (ni->ni_socket >= 0);
+ if (ni->ni_socket >= 0)
{
if (close(ni->ni_socket))
Debug( LDAP_DEBUG_ANY,"problem closing server
socket (ignored): %s",strerror(errno),0,0);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openldap-2.4.54/doc/guide/admin/guide.html
new/openldap-2.4.55/doc/guide/admin/guide.html
--- old/openldap-2.4.54/doc/guide/admin/guide.html 2020-10-12
21:34:48.000000000 +0200
+++ new/openldap-2.4.55/doc/guide/admin/guide.html 2020-10-26
21:16:38.000000000 +0100
@@ -23,7 +23,7 @@
<DIV CLASS="title">
<H1 CLASS="doc-title">OpenLDAP Software 2.4 Administrator's Guide</H1>
<ADDRESS CLASS="doc-author">The OpenLDAP Project <<A
HREF="http://www.openldap.org/";>http://www.openldap.org/</A>></ADDRESS>
-<ADDRESS CLASS="doc-modified">12 October 2020</ADDRESS>
+<ADDRESS CLASS="doc-modified">26 October 2020</ADDRESS>
<BR CLEAR="All">
</DIV>
<DIV CLASS="contents">
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openldap-2.4.54/libraries/liblmdb/CHANGES
new/openldap-2.4.55/libraries/liblmdb/CHANGES
--- old/openldap-2.4.54/libraries/liblmdb/CHANGES 2020-10-12
20:27:28.000000000 +0200
+++ new/openldap-2.4.55/libraries/liblmdb/CHANGES 2020-10-26
20:02:25.000000000 +0100
@@ -1,5 +1,8 @@
LMDB 0.9 Change Log
+LMDB 0.9.27 Release (2020/10/26)
+ ITS#9376 fix repeated DUPSORT cursor deletes
+
LMDB 0.9.26 Release (2020/08/11)
ITS#9278 fix robust mutex cleanup for FreeBSD
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openldap-2.4.54/libraries/liblmdb/lmdb.h
new/openldap-2.4.55/libraries/liblmdb/lmdb.h
--- old/openldap-2.4.54/libraries/liblmdb/lmdb.h 2020-10-12
20:27:28.000000000 +0200
+++ new/openldap-2.4.55/libraries/liblmdb/lmdb.h 2020-10-26
20:02:25.000000000 +0100
@@ -200,7 +200,7 @@
/** Library minor version */
#define MDB_VERSION_MINOR 9
/** Library patch version */
-#define MDB_VERSION_PATCH 26
+#define MDB_VERSION_PATCH 27
/** Combine args a,b,c into a single integer for easy version comparisons */
#define MDB_VERINT(a,b,c) (((a) << 24) | ((b) << 16) | (c))
@@ -210,7 +210,7 @@
MDB_VERINT(MDB_VERSION_MAJOR,MDB_VERSION_MINOR,MDB_VERSION_PATCH)
/** The release date of this library version */
-#define MDB_VERSION_DATE "August 11, 2020"
+#define MDB_VERSION_DATE "October 26, 2020"
/** A stringifier for the version info */
#define MDB_VERSTR(a,b,c,d) "LMDB " #a "." #b "." #c ": (" d ")"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openldap-2.4.54/libraries/liblmdb/mdb.c
new/openldap-2.4.55/libraries/liblmdb/mdb.c
--- old/openldap-2.4.54/libraries/liblmdb/mdb.c 2020-10-12 20:27:28.000000000
+0200
+++ new/openldap-2.4.55/libraries/liblmdb/mdb.c 2020-10-26 20:02:25.000000000
+0100
@@ -5942,16 +5942,12 @@
if (F_ISSET(leaf->mn_flags, F_DUPDATA)) {
mdb_xcursor_init1(mc, leaf);
- }
- if (data) {
+ rc = mdb_cursor_first(&mc->mc_xcursor->mx_cursor, data, NULL);
+ if (rc != MDB_SUCCESS)
+ return rc;
+ } else if (data) {
if ((rc = mdb_node_read(mc, leaf, data)) != MDB_SUCCESS)
return rc;
-
- if (F_ISSET(leaf->mn_flags, F_DUPDATA)) {
- rc = mdb_cursor_first(&mc->mc_xcursor->mx_cursor, data,
NULL);
- if (rc != MDB_SUCCESS)
- return rc;
- }
}
MDB_GET_KEY(leaf, key);
@@ -5975,7 +5971,8 @@
mp = mc->mc_pg[mc->mc_top];
- if (mc->mc_db->md_flags & MDB_DUPSORT) {
+ if ((mc->mc_db->md_flags & MDB_DUPSORT) &&
+ mc->mc_ki[mc->mc_top] < NUMKEYS(mp)) {
leaf = NODEPTR(mp, mc->mc_ki[mc->mc_top]);
if (F_ISSET(leaf->mn_flags, F_DUPDATA)) {
if (op == MDB_PREV || op == MDB_PREV_DUP) {
@@ -6014,27 +6011,25 @@
DPRINTF(("==> cursor points to page %"Z"u with %u keys, key index %u",
mdb_dbg_pgno(mp), NUMKEYS(mp), mc->mc_ki[mc->mc_top]));
+ if (!IS_LEAF(mp))
+ return MDB_CORRUPTED;
+
if (IS_LEAF2(mp)) {
key->mv_size = mc->mc_db->md_pad;
key->mv_data = LEAF2KEY(mp, mc->mc_ki[mc->mc_top],
key->mv_size);
return MDB_SUCCESS;
}
- mdb_cassert(mc, IS_LEAF(mp));
leaf = NODEPTR(mp, mc->mc_ki[mc->mc_top]);
if (F_ISSET(leaf->mn_flags, F_DUPDATA)) {
mdb_xcursor_init1(mc, leaf);
- }
- if (data) {
+ rc = mdb_cursor_last(&mc->mc_xcursor->mx_cursor, data, NULL);
+ if (rc != MDB_SUCCESS)
+ return rc;
+ } else if (data) {
if ((rc = mdb_node_read(mc, leaf, data)) != MDB_SUCCESS)
return rc;
-
- if (F_ISSET(leaf->mn_flags, F_DUPDATA)) {
- rc = mdb_cursor_last(&mc->mc_xcursor->mx_cursor, data,
NULL);
- if (rc != MDB_SUCCESS)
- return rc;
- }
}
MDB_GET_KEY(leaf, key);
@@ -6190,24 +6185,22 @@
if (F_ISSET(leaf->mn_flags, F_DUPDATA)) {
mdb_xcursor_init1(mc, leaf);
- }
- if (data) {
- if (F_ISSET(leaf->mn_flags, F_DUPDATA)) {
- if (op == MDB_SET || op == MDB_SET_KEY || op ==
MDB_SET_RANGE) {
- rc =
mdb_cursor_first(&mc->mc_xcursor->mx_cursor, data, NULL);
+ if (op == MDB_SET || op == MDB_SET_KEY || op == MDB_SET_RANGE) {
+ rc = mdb_cursor_first(&mc->mc_xcursor->mx_cursor, data,
NULL);
+ } else {
+ int ex2, *ex2p;
+ if (op == MDB_GET_BOTH) {
+ ex2p = &ex2;
+ ex2 = 0;
} else {
- int ex2, *ex2p;
- if (op == MDB_GET_BOTH) {
- ex2p = &ex2;
- ex2 = 0;
- } else {
- ex2p = NULL;
- }
- rc = mdb_cursor_set(&mc->mc_xcursor->mx_cursor,
data, NULL, MDB_SET_RANGE, ex2p);
- if (rc != MDB_SUCCESS)
- return rc;
+ ex2p = NULL;
}
- } else if (op == MDB_GET_BOTH || op == MDB_GET_BOTH_RANGE) {
+ rc = mdb_cursor_set(&mc->mc_xcursor->mx_cursor, data,
NULL, MDB_SET_RANGE, ex2p);
+ if (rc != MDB_SUCCESS)
+ return rc;
+ }
+ } else if (data) {
+ if (op == MDB_GET_BOTH || op == MDB_GET_BOTH_RANGE) {
MDB_val olddata;
MDB_cmp_func *dcmp;
if ((rc = mdb_node_read(mc, leaf, &olddata)) !=
MDB_SUCCESS)
@@ -6265,22 +6258,23 @@
mc->mc_ki[mc->mc_top] = 0;
if (IS_LEAF2(mc->mc_pg[mc->mc_top])) {
- key->mv_size = mc->mc_db->md_pad;
- key->mv_data = LEAF2KEY(mc->mc_pg[mc->mc_top], 0, key->mv_size);
+ if ( key ) {
+ key->mv_size = mc->mc_db->md_pad;
+ key->mv_data = LEAF2KEY(mc->mc_pg[mc->mc_top], 0,
key->mv_size);
+ }
return MDB_SUCCESS;
}
- if (data) {
- if (F_ISSET(leaf->mn_flags, F_DUPDATA)) {
- mdb_xcursor_init1(mc, leaf);
- rc = mdb_cursor_first(&mc->mc_xcursor->mx_cursor, data,
NULL);
- if (rc)
- return rc;
- } else {
- if ((rc = mdb_node_read(mc, leaf, data)) != MDB_SUCCESS)
- return rc;
- }
+ if (F_ISSET(leaf->mn_flags, F_DUPDATA)) {
+ mdb_xcursor_init1(mc, leaf);
+ rc = mdb_cursor_first(&mc->mc_xcursor->mx_cursor, data, NULL);
+ if (rc)
+ return rc;
+ } else if (data) {
+ if ((rc = mdb_node_read(mc, leaf, data)) != MDB_SUCCESS)
+ return rc;
}
+
MDB_GET_KEY(leaf, key);
return MDB_SUCCESS;
}
@@ -6307,21 +6301,21 @@
leaf = NODEPTR(mc->mc_pg[mc->mc_top], mc->mc_ki[mc->mc_top]);
if (IS_LEAF2(mc->mc_pg[mc->mc_top])) {
- key->mv_size = mc->mc_db->md_pad;
- key->mv_data = LEAF2KEY(mc->mc_pg[mc->mc_top],
mc->mc_ki[mc->mc_top], key->mv_size);
+ if (key) {
+ key->mv_size = mc->mc_db->md_pad;
+ key->mv_data = LEAF2KEY(mc->mc_pg[mc->mc_top],
mc->mc_ki[mc->mc_top], key->mv_size);
+ }
return MDB_SUCCESS;
}
- if (data) {
- if (F_ISSET(leaf->mn_flags, F_DUPDATA)) {
- mdb_xcursor_init1(mc, leaf);
- rc = mdb_cursor_last(&mc->mc_xcursor->mx_cursor, data,
NULL);
- if (rc)
- return rc;
- } else {
- if ((rc = mdb_node_read(mc, leaf, data)) != MDB_SUCCESS)
- return rc;
- }
+ if (F_ISSET(leaf->mn_flags, F_DUPDATA)) {
+ mdb_xcursor_init1(mc, leaf);
+ rc = mdb_cursor_last(&mc->mc_xcursor->mx_cursor, data, NULL);
+ if (rc)
+ return rc;
+ } else if (data) {
+ if ((rc = mdb_node_read(mc, leaf, data)) != MDB_SUCCESS)
+ return rc;
}
MDB_GET_KEY(leaf, key);
@@ -7102,6 +7096,8 @@
return rc;
mp = mc->mc_pg[mc->mc_top];
+ if (!IS_LEAF(mp))
+ return MDB_CORRUPTED;
if (IS_LEAF2(mp))
goto del_key;
leaf = NODEPTR(mp, mc->mc_ki[mc->mc_top]);
@@ -8473,60 +8469,70 @@
}
}
rc = mdb_rebalance(mc);
+ if (rc)
+ goto fail;
- if (rc == MDB_SUCCESS) {
- /* DB is totally empty now, just bail out.
- * Other cursors adjustments were already done
- * by mdb_rebalance and aren't needed here.
- */
- if (!mc->mc_snum)
- return rc;
+ /* DB is totally empty now, just bail out.
+ * Other cursors adjustments were already done
+ * by mdb_rebalance and aren't needed here.
+ */
+ if (!mc->mc_snum) {
+ mc->mc_flags |= C_EOF;
+ return rc;
+ }
- mp = mc->mc_pg[mc->mc_top];
- nkeys = NUMKEYS(mp);
+ ki = mc->mc_ki[mc->mc_top];
+ mp = mc->mc_pg[mc->mc_top];
+ nkeys = NUMKEYS(mp);
- /* Adjust other cursors pointing to mp */
- for (m2 = mc->mc_txn->mt_cursors[dbi]; !rc && m2;
m2=m2->mc_next) {
- m3 = (mc->mc_flags & C_SUB) ?
&m2->mc_xcursor->mx_cursor : m2;
- if (! (m2->mc_flags & m3->mc_flags & C_INITIALIZED))
- continue;
- if (m3->mc_snum < mc->mc_snum)
- continue;
- if (m3->mc_pg[mc->mc_top] == mp) {
- /* if m3 points past last node in page, find
next sibling */
- if (m3->mc_ki[mc->mc_top] >=
mc->mc_ki[mc->mc_top]) {
- if (m3->mc_ki[mc->mc_top] >= nkeys) {
- rc = mdb_cursor_sibling(m3, 1);
- if (rc == MDB_NOTFOUND) {
- m3->mc_flags |= C_EOF;
- rc = MDB_SUCCESS;
- continue;
- }
- }
- if (mc->mc_db->md_flags & MDB_DUPSORT) {
- MDB_node *node =
NODEPTR(m3->mc_pg[m3->mc_top], m3->mc_ki[m3->mc_top]);
- /* If this node has dupdata, it
may need to be reinited
- * because its data has moved.
- * If the xcursor was not initd
it must be reinited.
- * Else if node points to a
subDB, nothing is needed.
- * Else (xcursor was initd, not
a subDB) needs mc_pg[0] reset.
- */
- if (node->mn_flags & F_DUPDATA)
{
- if
(m3->mc_xcursor->mx_cursor.mc_flags & C_INITIALIZED) {
- if
(!(node->mn_flags & F_SUBDATA))
-
m3->mc_xcursor->mx_cursor.mc_pg[0] = NODEDATA(node);
- } else {
-
mdb_xcursor_init1(m3, node);
-
m3->mc_xcursor->mx_cursor.mc_flags |= C_DEL;
- }
+ /* Adjust other cursors pointing to mp */
+ for (m2 = mc->mc_txn->mt_cursors[dbi]; !rc && m2; m2=m2->mc_next) {
+ m3 = (mc->mc_flags & C_SUB) ? &m2->mc_xcursor->mx_cursor : m2;
+ if (!(m2->mc_flags & m3->mc_flags & C_INITIALIZED))
+ continue;
+ if (m3->mc_snum < mc->mc_snum)
+ continue;
+ if (m3->mc_pg[mc->mc_top] == mp) {
+ /* if m3 points past last node in page, find next
sibling */
+ if (m3->mc_ki[mc->mc_top] >= nkeys) {
+ rc = mdb_cursor_sibling(m3, 1);
+ if (rc == MDB_NOTFOUND) {
+ m3->mc_flags |= C_EOF;
+ rc = MDB_SUCCESS;
+ continue;
+ }
+ if (rc)
+ goto fail;
+ }
+ if (m3->mc_ki[mc->mc_top] >= ki ||
+ /* moved to right sibling */
m3->mc_pg[mc->mc_top] != mp) {
+ if (m3->mc_xcursor && !(m3->mc_flags & C_EOF)) {
+ MDB_node *node =
NODEPTR(m3->mc_pg[m3->mc_top], m3->mc_ki[m3->mc_top]);
+ /* If this node has dupdata, it may
need to be reinited
+ * because its data has moved.
+ * If the xcursor was not initd it must
be reinited.
+ * Else if node points to a subDB,
nothing is needed.
+ * Else (xcursor was initd, not a
subDB) needs mc_pg[0] reset.
+ */
+ if (node->mn_flags & F_DUPDATA) {
+ if
(m3->mc_xcursor->mx_cursor.mc_flags & C_INITIALIZED) {
+ if (!(node->mn_flags &
F_SUBDATA))
+
m3->mc_xcursor->mx_cursor.mc_pg[0] = NODEDATA(node);
+ } else {
+ mdb_xcursor_init1(m3,
node);
+ rc =
mdb_cursor_first(&m3->mc_xcursor->mx_cursor, NULL, NULL);
+ if (rc)
+ goto fail;
}
}
+ m3->mc_xcursor->mx_cursor.mc_flags |=
C_DEL;
}
+ m3->mc_flags |= C_DEL;
}
}
- mc->mc_flags |= C_DEL;
}
+fail:
if (rc)
mc->mc_txn->mt_flags |= MDB_TXN_ERROR;
return rc;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openldap-2.4.54/servers/slapd/back-meta/conn.c
new/openldap-2.4.55/servers/slapd/back-meta/conn.c
--- old/openldap-2.4.54/servers/slapd/back-meta/conn.c 2020-10-12
20:27:28.000000000 +0200
+++ new/openldap-2.4.55/servers/slapd/back-meta/conn.c 2020-10-26
20:02:25.000000000 +0100
@@ -520,7 +520,7 @@
* using it instead of the
* configured URI? */
if ( rs->sr_err == LDAP_SUCCESS ) {
- ldap_install_tls( msc->msc_ld );
+ rs->sr_err = ldap_install_tls(
msc->msc_ld );
} else if ( rs->sr_err == LDAP_REFERRAL
) {
/* FIXME:
LDAP_OPERATIONS_ERROR? */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openldap-2.4.54/servers/slapd/controls.c
new/openldap-2.4.55/servers/slapd/controls.c
--- old/openldap-2.4.54/servers/slapd/controls.c 2020-10-12
20:27:28.000000000 +0200
+++ new/openldap-2.4.55/servers/slapd/controls.c 2020-10-26
20:02:25.000000000 +0100
@@ -257,7 +257,7 @@
if ( num_known_controls >= SLAP_MAX_CIDS ) {
Debug( LDAP_DEBUG_ANY, "Too many controls registered."
" Recompile slapd with SLAP_MAX_CIDS defined > %d\n",
- SLAP_MAX_CIDS, 0, 0 );
+ num_known_controls, 0, 0 );
return LDAP_OTHER;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openldap-2.4.54/servers/slapd/modrdn.c
new/openldap-2.4.55/servers/slapd/modrdn.c
--- old/openldap-2.4.54/servers/slapd/modrdn.c 2020-10-12 20:27:28.000000000
+0200
+++ new/openldap-2.4.55/servers/slapd/modrdn.c 2020-10-26 20:02:25.000000000
+0100
@@ -505,7 +505,7 @@
mod_tmp->sml_values = ( BerVarray )ch_malloc( 2 *
sizeof( struct berval ) );
ber_dupbv( &mod_tmp->sml_values[0],
&old_rdn[d_cnt]->la_value );
mod_tmp->sml_values[1].bv_val = NULL;
- if( desc->ad_type->sat_equality->smr_normalize) {
+ if( desc->ad_type->sat_equality &&
desc->ad_type->sat_equality->smr_normalize) {
mod_tmp->sml_nvalues = ( BerVarray )ch_malloc(
2 * sizeof( struct berval ) );
(void)
(*desc->ad_type->sat_equality->smr_normalize)(
SLAP_MR_EQUALITY|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
++++++ slapd-ldif-update-crc.sh ++++++
#!/bin/bash
# Script to fix the crc of openldap slapd.d ldifs.
source /usr/lib/openldap/update-crc
if [ -z ${1} ]; then
echo "Usage: ${0} /etc/openldap/slapd.d/<config ldif to update>"
exit 1
fi
if [ ! -f "${1}" ]; then
echo "File ${1} does not exist?"
echo "Usage: ${0} /etc/openldap/slapd.d/<config ldif to update>"
exit 1
fi
# Make sure slapd.service is not running.
slapd_running=1
# Don't check if no systemd, we could be in a container.
if [ -f "/usr/bin/systemctl" ]; then
/usr/bin/systemctl is-active --quiet slapd.service
slapd_running=$?
fi
if [ $slapd_running -eq 0 ]; then
echo "Unable to update crc of '${1}' while slapd.service is running ..."
exit 1
fi
do_update_crc ${1}
echo "Updated crc of ${1}"
++++++ update-crc.sh ++++++
#!/bin/bash
# Script to fix the crc of openldap slapd.d ldifs.
do_update_crc () {
if [ -z ${1} ]; then
echo "Invalid call to do_update_crc() - no filename provided"
exit 1
fi
tgt_ldif=$1
if [ ! -f "${tgt_ldif}" ]; then
echo "invalid call to do_update_crc() - file ${tgt_ldif} does not
exist?"
exit 1
fi
rm -f "${tgt_ldif}.crcbak"
mv "${tgt_ldif}" "${tgt_ldif}.crcbak"
/usr/bin/awk '
BEGIN {
# CRC-32 ZIP polynomial in reversed bit order.
POLY = 0xedb88320
# 8-bit character -> ordinal table.
for (i = 0; i < 256; i++)
ORD[sprintf("%c", i)] = i
}
{
# Remember each input line.
input[NR] = $0
# Verify the file header.
if (NR == 1 && $0 != "# AUTO-GENERATED FILE - DO NOT EDIT!! Use
ldapmodify.")
exit 1
if (NR == 2 && $0 !~ /# CRC32 ......../)
exit 1
}
# Calculate CRC-32.
function crc32(crc, string, i, j, c) {
crc = and(compl(crc), 0xffffffff)
for (i = 1; i <= length(string); i++) {
c = substr(string, i, 1)
crc = xor(crc, ORD[c])
for (j = 0; j < 8; j++)
crc = and(crc, 1) ? xor(rshift(crc, 1), POLY) : rshift(crc, 1)
}
crc = and(compl(crc), 0xffffffff)
return crc
}
END {
# Calculate CRC-32 of the file and update it in the header.
crc = 0
for (i = 3; i <= length(input); i++)
crc = crc32(crc, input[i] "\n")
input[2] = "# CRC32 " sprintf("%08x", crc)
# Print the output.
for (i = 1; i <= length(input); i++)
print input[i]
}' "${tgt_ldif}.crcbak" > "${tgt_ldif}"
}
