Hello community, here is the log from the commit of package openldap2 for openSUSE:Factory checked in at 2020-10-30 11:45:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openldap2 (Old) and /work/SRC/openSUSE:Factory/.openldap2.new.3463 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openldap2" Fri Oct 30 11:45:49 2020 rev:159 rq:844184 version:unknown Changes: -------- --- /work/SRC/openSUSE:Factory/openldap2/openldap2.changes 2020-10-15 13:44:38.657158703 +0200 +++ /work/SRC/openSUSE:Factory/.openldap2.new.3463/openldap2.changes 2020-10-30 11:45:53.841613264 +0100 @@ -1,0 +2,28 @@ +Tue Oct 27 01:01:54 UTC 2020 - William Brown <william.br...@suse.com> + +- bsc#1175568 CVE-2020-8027 + openldap_update_modules_path.sh has a number of issues in it's + design that lead to security issues. This file has been removed, + from the package, and the %post execution of the install. The + function is replaced by /usr/sbin/slapd-ldif-update-crc and + /usr/lib/openldap/fixup-modulepath, through the addition of the + source files: + * fixup-modulepath.sh + * slapd-ldif-update-crc.sh + * update-crc.sh + +------------------------------------------------------------------- +Mon Oct 26 21:48:45 UTC 2020 - Michael Ströder <mich...@stroeder.com> + +- updated to 2.4.55 + +OpenLDAP 2.4.55 Release (2020/10/26) + Fixed slapd normalization handling with modrdn (ITS#9370) + Fixed slapd-meta to check ldap_install_tls return code (ITS#9366) + Contrib + Fixed nssov misplaced semicolon (ITS#8731, ITS#9368) + +LMDB 0.9.27 Release (2020/10/26) + ITS#9376 fix repeated DUPSORT cursor deletes + +------------------------------------------------------------------- Old: ---- openldap-2.4.54.tgz openldap_update_modules_path.sh New: ---- fixup-modulepath.sh openldap-2.4.55.tgz slapd-ldif-update-crc.sh update-crc.sh ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openldap2.spec ++++++ --- /var/tmp/diff_new_pack.37tmnC/_old 2020-10-30 11:45:55.133614408 +0100 +++ /var/tmp/diff_new_pack.37tmnC/_new 2020-10-30 11:45:55.137614411 +0100 @@ -22,7 +22,7 @@ %endif %define run_test_suite 0 -%define version_main 2.4.54 +%define version_main 2.4.55 %define name_ppolicy_check_module ppolicy-check-password %define version_ppolicy_check_module 1.2 %define ppolicy_docdir %{_docdir}/openldap-%{name_ppolicy_check_module}-%{version_ppolicy_check_module} @@ -47,9 +47,11 @@ Source13: start Source14: slapd.service Source16: sysconfig.openldap -Source17: openldap_update_modules_path.sh Source18: openldap2.conf Source19: ldap-user.conf +Source20: fixup-modulepath.sh +Source21: slapd-ldif-update-crc.sh +Source22: update-crc.sh Patch1: 0001-ITS-8866-slapo-unique-to-return-filter-used-in-diagn.patch Patch3: 0003-LDAPI-socket-location.dif Patch5: 0005-pie-compile.dif @@ -80,6 +82,7 @@ %if %{suse_version} < 1500 %{?systemd_requires} %endif +Requires: gawk Requires: libldap-2_4-2 = %{version_main} Recommends: cyrus-sasl Conflicts: openldap @@ -358,12 +361,15 @@ chmod a+x %{buildroot}%{_libdir}/liblber.so* chmod a+x %{buildroot}%{_libdir}/libldap_r.so* install -m 755 %{SOURCE6} %{buildroot}%{_sbindir}/schema2ldif -install -m 755 %{SOURCE17} %{buildroot}%{_sbindir} mkdir -p %{buildroot}%{_tmpfilesdir}/ install -m 644 %{SOURCE18} %{buildroot}%{_tmpfilesdir}/ mkdir -p %{buildroot}%{_sysusersdir} install -m 644 %{SOURCE19} %{buildroot}%{_sysusersdir}/ +install -m 755 %{SOURCE19} ${RPM_BUILD_ROOT}/usr/lib/openldap/fixup-modulepath +install -m 755 %{SOURCE20} ${RPM_BUILD_ROOT}/%{_sbindir}/slapd-ldif-update-crc +install -m 755 %{SOURCE21} ${RPM_BUILD_ROOT}/usr/lib/openldap/update-crc + # Install ppolicy check module make -C contrib/slapd-modules/ppolicy-check-password STRIP="" DESTDIR="%{buildroot}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libexecdir}" install install -m 0644 %{S:202} %{buildroot}%{_sysconfdir}/openldap/check_password.conf @@ -433,9 +439,6 @@ %service_add_pre slapd.service %post -if [ ${1:-0} -gt 1 ] && [ ! -f /var/adm/openldap_modules_path_updated ] ; then - /usr/sbin/openldap_update_modules_path.sh -fi %{fillup_only -n openldap ldap} %tmpfiles_create %{name}.conf %service_add_post slapd.service @@ -468,7 +471,6 @@ %{_fillupdir}/sysconfig.openldap %{_sbindir}/slap* %{_sbindir}/rcslapd -%{_sbindir}/openldap_update_modules_path.sh %{_libdir}/openldap/back_bdb* %{_libdir}/openldap/back_hdb* %{_libdir}/openldap/back_ldap* @@ -498,6 +500,8 @@ %{_libdir}/openldap/valsort* %{_libdir}/slapd /usr/lib/openldap/start +/usr/lib/openldap/update-crc +/usr/lib/openldap/fixup-modulepath %{_unitdir}/slapd.service %{_tmpfilesdir}/%{name}.conf %{_sysusersdir}/ldap-user.conf ++++++ fixup-modulepath.sh ++++++ #!/bin/bash source /usr/lib/openldap/update-crc conf_dir='/etc/openldap/slapd.d' tgt_ldif="${conf_dir}/cn=config.ldif" if [ ! -d ${conf_dir} ] || [ ! -f ${tgt_ldif} ] then exit 0 fi # Make sure slapd.service is not running. slapd_running=1 # Don't check if no systemd, we could be in a container. if [ -f "/usr/bin/systemctl" ]; then /usr/bin/systemctl is-active --quiet slapd.service slapd_running=$? fi if [ $slapd_running -eq 0 ]; then echo "Unable to update crc of '${tgt_ldif}' while slapd.service is running ..." exit 1 fi # Remove the module path. sed -n -i '/olcModulePath/!p' ${tgt_ldif} res=$? if [ $res -ne 0 ] then echo "Failed to remove olcModulePath in ${tgt_ldif}" exit 1 else do_update_crc ${tgt_ldif} echo "Updated crc of ${tgt_ldif}" fi ++++++ openldap-2.4.54.tgz -> openldap-2.4.55.tgz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openldap-2.4.54/CHANGES new/openldap-2.4.55/CHANGES --- old/openldap-2.4.54/CHANGES 2020-10-12 20:27:28.000000000 +0200 +++ new/openldap-2.4.55/CHANGES 2020-10-26 20:02:25.000000000 +0100 @@ -1,10 +1,15 @@ OpenLDAP 2.4 Change Log +OpenLDAP 2.4.55 Release (2020/10/26) + Fixed slapd normalization handling with modrdn (ITS#9370) + Fixed slapd-meta to check ldap_install_tls return code (ITS#9366) + Contrib + Fixed nssov misplaced semicolon (ITS#8731, ITS#9368) + OpenLDAP 2.4.54 Release (2020/10/12) Fixed slapd delta-syncrepl to ignore delete ops on deleted entry (ITS#9342) Fixed slapd delta-syncrepl to be fully serialized (ITS#9330) Fixed slapd delta-syncrepl MOD on zero-length context entry (ITS#9352) - Fixed slapd sessionlog to use a TAVL tree (ITS#8486) Fixed slapd syncrepl to be fully serialized (ITS#8102) Fixed slapd syncrepl to call check_syncprov on fresh consumer (ITS#9345) Fixed slapd syncrepl to propagate errors from overlay_entry_get_ov (ITS#9355) @@ -14,6 +19,7 @@ Fixed slapo-accesslog normalizer for reqStart (ITS#9358) Fixed slapo-accesslog to not generate new contextCSN on purge (ITS#9361) Fixed slapo-syncprov contextCSN generation with empty suffix (ITS#9015) + Fixed slapo-syncprov sessionlog to use a TAVL tree (ITS#8486) OpenLDAP 2.4.53 Release (2020/09/07) Added slapd syncrepl additional SYNC logging (ITS#9043) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openldap-2.4.54/build/version.var new/openldap-2.4.55/build/version.var --- old/openldap-2.4.54/build/version.var 2020-10-12 20:27:28.000000000 +0200 +++ new/openldap-2.4.55/build/version.var 2020-10-26 20:02:25.000000000 +0100 @@ -15,9 +15,9 @@ ol_package=OpenLDAP ol_major=2 ol_minor=4 -ol_patch=54 -ol_api_inc=20454 +ol_patch=55 +ol_api_inc=20455 ol_api_current=13 -ol_api_revision=2 +ol_api_revision=3 ol_api_age=11 -ol_release_date="2020/10/12" +ol_release_date="2020/10/26" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openldap-2.4.54/contrib/slapd-modules/nssov/nssov.c new/openldap-2.4.55/contrib/slapd-modules/nssov/nssov.c --- old/openldap-2.4.54/contrib/slapd-modules/nssov/nssov.c 2020-10-12 20:27:28.000000000 +0200 +++ new/openldap-2.4.55/contrib/slapd-modules/nssov/nssov.c 2020-10-26 20:02:25.000000000 +0100 @@ -947,7 +947,7 @@ if ( slapMode & SLAP_SERVER_MODE ) { /* close socket if it's still in use */ - if (ni->ni_socket >= 0); + if (ni->ni_socket >= 0) { if (close(ni->ni_socket)) Debug( LDAP_DEBUG_ANY,"problem closing server socket (ignored): %s",strerror(errno),0,0); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openldap-2.4.54/doc/guide/admin/guide.html new/openldap-2.4.55/doc/guide/admin/guide.html --- old/openldap-2.4.54/doc/guide/admin/guide.html 2020-10-12 21:34:48.000000000 +0200 +++ new/openldap-2.4.55/doc/guide/admin/guide.html 2020-10-26 21:16:38.000000000 +0100 @@ -23,7 +23,7 @@ <DIV CLASS="title"> <H1 CLASS="doc-title">OpenLDAP Software 2.4 Administrator's Guide</H1> <ADDRESS CLASS="doc-author">The OpenLDAP Project <<A HREF="http://www.openldap.org/">http://www.openldap.org/</A>></ADDRESS> -<ADDRESS CLASS="doc-modified">12 October 2020</ADDRESS> +<ADDRESS CLASS="doc-modified">26 October 2020</ADDRESS> <BR CLEAR="All"> </DIV> <DIV CLASS="contents"> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openldap-2.4.54/libraries/liblmdb/CHANGES new/openldap-2.4.55/libraries/liblmdb/CHANGES --- old/openldap-2.4.54/libraries/liblmdb/CHANGES 2020-10-12 20:27:28.000000000 +0200 +++ new/openldap-2.4.55/libraries/liblmdb/CHANGES 2020-10-26 20:02:25.000000000 +0100 @@ -1,5 +1,8 @@ LMDB 0.9 Change Log +LMDB 0.9.27 Release (2020/10/26) + ITS#9376 fix repeated DUPSORT cursor deletes + LMDB 0.9.26 Release (2020/08/11) ITS#9278 fix robust mutex cleanup for FreeBSD diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openldap-2.4.54/libraries/liblmdb/lmdb.h new/openldap-2.4.55/libraries/liblmdb/lmdb.h --- old/openldap-2.4.54/libraries/liblmdb/lmdb.h 2020-10-12 20:27:28.000000000 +0200 +++ new/openldap-2.4.55/libraries/liblmdb/lmdb.h 2020-10-26 20:02:25.000000000 +0100 @@ -200,7 +200,7 @@ /** Library minor version */ #define MDB_VERSION_MINOR 9 /** Library patch version */ -#define MDB_VERSION_PATCH 26 +#define MDB_VERSION_PATCH 27 /** Combine args a,b,c into a single integer for easy version comparisons */ #define MDB_VERINT(a,b,c) (((a) << 24) | ((b) << 16) | (c)) @@ -210,7 +210,7 @@ MDB_VERINT(MDB_VERSION_MAJOR,MDB_VERSION_MINOR,MDB_VERSION_PATCH) /** The release date of this library version */ -#define MDB_VERSION_DATE "August 11, 2020" +#define MDB_VERSION_DATE "October 26, 2020" /** A stringifier for the version info */ #define MDB_VERSTR(a,b,c,d) "LMDB " #a "." #b "." #c ": (" d ")" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openldap-2.4.54/libraries/liblmdb/mdb.c new/openldap-2.4.55/libraries/liblmdb/mdb.c --- old/openldap-2.4.54/libraries/liblmdb/mdb.c 2020-10-12 20:27:28.000000000 +0200 +++ new/openldap-2.4.55/libraries/liblmdb/mdb.c 2020-10-26 20:02:25.000000000 +0100 @@ -5942,16 +5942,12 @@ if (F_ISSET(leaf->mn_flags, F_DUPDATA)) { mdb_xcursor_init1(mc, leaf); - } - if (data) { + rc = mdb_cursor_first(&mc->mc_xcursor->mx_cursor, data, NULL); + if (rc != MDB_SUCCESS) + return rc; + } else if (data) { if ((rc = mdb_node_read(mc, leaf, data)) != MDB_SUCCESS) return rc; - - if (F_ISSET(leaf->mn_flags, F_DUPDATA)) { - rc = mdb_cursor_first(&mc->mc_xcursor->mx_cursor, data, NULL); - if (rc != MDB_SUCCESS) - return rc; - } } MDB_GET_KEY(leaf, key); @@ -5975,7 +5971,8 @@ mp = mc->mc_pg[mc->mc_top]; - if (mc->mc_db->md_flags & MDB_DUPSORT) { + if ((mc->mc_db->md_flags & MDB_DUPSORT) && + mc->mc_ki[mc->mc_top] < NUMKEYS(mp)) { leaf = NODEPTR(mp, mc->mc_ki[mc->mc_top]); if (F_ISSET(leaf->mn_flags, F_DUPDATA)) { if (op == MDB_PREV || op == MDB_PREV_DUP) { @@ -6014,27 +6011,25 @@ DPRINTF(("==> cursor points to page %"Z"u with %u keys, key index %u", mdb_dbg_pgno(mp), NUMKEYS(mp), mc->mc_ki[mc->mc_top])); + if (!IS_LEAF(mp)) + return MDB_CORRUPTED; + if (IS_LEAF2(mp)) { key->mv_size = mc->mc_db->md_pad; key->mv_data = LEAF2KEY(mp, mc->mc_ki[mc->mc_top], key->mv_size); return MDB_SUCCESS; } - mdb_cassert(mc, IS_LEAF(mp)); leaf = NODEPTR(mp, mc->mc_ki[mc->mc_top]); if (F_ISSET(leaf->mn_flags, F_DUPDATA)) { mdb_xcursor_init1(mc, leaf); - } - if (data) { + rc = mdb_cursor_last(&mc->mc_xcursor->mx_cursor, data, NULL); + if (rc != MDB_SUCCESS) + return rc; + } else if (data) { if ((rc = mdb_node_read(mc, leaf, data)) != MDB_SUCCESS) return rc; - - if (F_ISSET(leaf->mn_flags, F_DUPDATA)) { - rc = mdb_cursor_last(&mc->mc_xcursor->mx_cursor, data, NULL); - if (rc != MDB_SUCCESS) - return rc; - } } MDB_GET_KEY(leaf, key); @@ -6190,24 +6185,22 @@ if (F_ISSET(leaf->mn_flags, F_DUPDATA)) { mdb_xcursor_init1(mc, leaf); - } - if (data) { - if (F_ISSET(leaf->mn_flags, F_DUPDATA)) { - if (op == MDB_SET || op == MDB_SET_KEY || op == MDB_SET_RANGE) { - rc = mdb_cursor_first(&mc->mc_xcursor->mx_cursor, data, NULL); + if (op == MDB_SET || op == MDB_SET_KEY || op == MDB_SET_RANGE) { + rc = mdb_cursor_first(&mc->mc_xcursor->mx_cursor, data, NULL); + } else { + int ex2, *ex2p; + if (op == MDB_GET_BOTH) { + ex2p = &ex2; + ex2 = 0; } else { - int ex2, *ex2p; - if (op == MDB_GET_BOTH) { - ex2p = &ex2; - ex2 = 0; - } else { - ex2p = NULL; - } - rc = mdb_cursor_set(&mc->mc_xcursor->mx_cursor, data, NULL, MDB_SET_RANGE, ex2p); - if (rc != MDB_SUCCESS) - return rc; + ex2p = NULL; } - } else if (op == MDB_GET_BOTH || op == MDB_GET_BOTH_RANGE) { + rc = mdb_cursor_set(&mc->mc_xcursor->mx_cursor, data, NULL, MDB_SET_RANGE, ex2p); + if (rc != MDB_SUCCESS) + return rc; + } + } else if (data) { + if (op == MDB_GET_BOTH || op == MDB_GET_BOTH_RANGE) { MDB_val olddata; MDB_cmp_func *dcmp; if ((rc = mdb_node_read(mc, leaf, &olddata)) != MDB_SUCCESS) @@ -6265,22 +6258,23 @@ mc->mc_ki[mc->mc_top] = 0; if (IS_LEAF2(mc->mc_pg[mc->mc_top])) { - key->mv_size = mc->mc_db->md_pad; - key->mv_data = LEAF2KEY(mc->mc_pg[mc->mc_top], 0, key->mv_size); + if ( key ) { + key->mv_size = mc->mc_db->md_pad; + key->mv_data = LEAF2KEY(mc->mc_pg[mc->mc_top], 0, key->mv_size); + } return MDB_SUCCESS; } - if (data) { - if (F_ISSET(leaf->mn_flags, F_DUPDATA)) { - mdb_xcursor_init1(mc, leaf); - rc = mdb_cursor_first(&mc->mc_xcursor->mx_cursor, data, NULL); - if (rc) - return rc; - } else { - if ((rc = mdb_node_read(mc, leaf, data)) != MDB_SUCCESS) - return rc; - } + if (F_ISSET(leaf->mn_flags, F_DUPDATA)) { + mdb_xcursor_init1(mc, leaf); + rc = mdb_cursor_first(&mc->mc_xcursor->mx_cursor, data, NULL); + if (rc) + return rc; + } else if (data) { + if ((rc = mdb_node_read(mc, leaf, data)) != MDB_SUCCESS) + return rc; } + MDB_GET_KEY(leaf, key); return MDB_SUCCESS; } @@ -6307,21 +6301,21 @@ leaf = NODEPTR(mc->mc_pg[mc->mc_top], mc->mc_ki[mc->mc_top]); if (IS_LEAF2(mc->mc_pg[mc->mc_top])) { - key->mv_size = mc->mc_db->md_pad; - key->mv_data = LEAF2KEY(mc->mc_pg[mc->mc_top], mc->mc_ki[mc->mc_top], key->mv_size); + if (key) { + key->mv_size = mc->mc_db->md_pad; + key->mv_data = LEAF2KEY(mc->mc_pg[mc->mc_top], mc->mc_ki[mc->mc_top], key->mv_size); + } return MDB_SUCCESS; } - if (data) { - if (F_ISSET(leaf->mn_flags, F_DUPDATA)) { - mdb_xcursor_init1(mc, leaf); - rc = mdb_cursor_last(&mc->mc_xcursor->mx_cursor, data, NULL); - if (rc) - return rc; - } else { - if ((rc = mdb_node_read(mc, leaf, data)) != MDB_SUCCESS) - return rc; - } + if (F_ISSET(leaf->mn_flags, F_DUPDATA)) { + mdb_xcursor_init1(mc, leaf); + rc = mdb_cursor_last(&mc->mc_xcursor->mx_cursor, data, NULL); + if (rc) + return rc; + } else if (data) { + if ((rc = mdb_node_read(mc, leaf, data)) != MDB_SUCCESS) + return rc; } MDB_GET_KEY(leaf, key); @@ -7102,6 +7096,8 @@ return rc; mp = mc->mc_pg[mc->mc_top]; + if (!IS_LEAF(mp)) + return MDB_CORRUPTED; if (IS_LEAF2(mp)) goto del_key; leaf = NODEPTR(mp, mc->mc_ki[mc->mc_top]); @@ -8473,60 +8469,70 @@ } } rc = mdb_rebalance(mc); + if (rc) + goto fail; - if (rc == MDB_SUCCESS) { - /* DB is totally empty now, just bail out. - * Other cursors adjustments were already done - * by mdb_rebalance and aren't needed here. - */ - if (!mc->mc_snum) - return rc; + /* DB is totally empty now, just bail out. + * Other cursors adjustments were already done + * by mdb_rebalance and aren't needed here. + */ + if (!mc->mc_snum) { + mc->mc_flags |= C_EOF; + return rc; + } - mp = mc->mc_pg[mc->mc_top]; - nkeys = NUMKEYS(mp); + ki = mc->mc_ki[mc->mc_top]; + mp = mc->mc_pg[mc->mc_top]; + nkeys = NUMKEYS(mp); - /* Adjust other cursors pointing to mp */ - for (m2 = mc->mc_txn->mt_cursors[dbi]; !rc && m2; m2=m2->mc_next) { - m3 = (mc->mc_flags & C_SUB) ? &m2->mc_xcursor->mx_cursor : m2; - if (! (m2->mc_flags & m3->mc_flags & C_INITIALIZED)) - continue; - if (m3->mc_snum < mc->mc_snum) - continue; - if (m3->mc_pg[mc->mc_top] == mp) { - /* if m3 points past last node in page, find next sibling */ - if (m3->mc_ki[mc->mc_top] >= mc->mc_ki[mc->mc_top]) { - if (m3->mc_ki[mc->mc_top] >= nkeys) { - rc = mdb_cursor_sibling(m3, 1); - if (rc == MDB_NOTFOUND) { - m3->mc_flags |= C_EOF; - rc = MDB_SUCCESS; - continue; - } - } - if (mc->mc_db->md_flags & MDB_DUPSORT) { - MDB_node *node = NODEPTR(m3->mc_pg[m3->mc_top], m3->mc_ki[m3->mc_top]); - /* If this node has dupdata, it may need to be reinited - * because its data has moved. - * If the xcursor was not initd it must be reinited. - * Else if node points to a subDB, nothing is needed. - * Else (xcursor was initd, not a subDB) needs mc_pg[0] reset. - */ - if (node->mn_flags & F_DUPDATA) { - if (m3->mc_xcursor->mx_cursor.mc_flags & C_INITIALIZED) { - if (!(node->mn_flags & F_SUBDATA)) - m3->mc_xcursor->mx_cursor.mc_pg[0] = NODEDATA(node); - } else { - mdb_xcursor_init1(m3, node); - m3->mc_xcursor->mx_cursor.mc_flags |= C_DEL; - } + /* Adjust other cursors pointing to mp */ + for (m2 = mc->mc_txn->mt_cursors[dbi]; !rc && m2; m2=m2->mc_next) { + m3 = (mc->mc_flags & C_SUB) ? &m2->mc_xcursor->mx_cursor : m2; + if (!(m2->mc_flags & m3->mc_flags & C_INITIALIZED)) + continue; + if (m3->mc_snum < mc->mc_snum) + continue; + if (m3->mc_pg[mc->mc_top] == mp) { + /* if m3 points past last node in page, find next sibling */ + if (m3->mc_ki[mc->mc_top] >= nkeys) { + rc = mdb_cursor_sibling(m3, 1); + if (rc == MDB_NOTFOUND) { + m3->mc_flags |= C_EOF; + rc = MDB_SUCCESS; + continue; + } + if (rc) + goto fail; + } + if (m3->mc_ki[mc->mc_top] >= ki || + /* moved to right sibling */ m3->mc_pg[mc->mc_top] != mp) { + if (m3->mc_xcursor && !(m3->mc_flags & C_EOF)) { + MDB_node *node = NODEPTR(m3->mc_pg[m3->mc_top], m3->mc_ki[m3->mc_top]); + /* If this node has dupdata, it may need to be reinited + * because its data has moved. + * If the xcursor was not initd it must be reinited. + * Else if node points to a subDB, nothing is needed. + * Else (xcursor was initd, not a subDB) needs mc_pg[0] reset. + */ + if (node->mn_flags & F_DUPDATA) { + if (m3->mc_xcursor->mx_cursor.mc_flags & C_INITIALIZED) { + if (!(node->mn_flags & F_SUBDATA)) + m3->mc_xcursor->mx_cursor.mc_pg[0] = NODEDATA(node); + } else { + mdb_xcursor_init1(m3, node); + rc = mdb_cursor_first(&m3->mc_xcursor->mx_cursor, NULL, NULL); + if (rc) + goto fail; } } + m3->mc_xcursor->mx_cursor.mc_flags |= C_DEL; } + m3->mc_flags |= C_DEL; } } - mc->mc_flags |= C_DEL; } +fail: if (rc) mc->mc_txn->mt_flags |= MDB_TXN_ERROR; return rc; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openldap-2.4.54/servers/slapd/back-meta/conn.c new/openldap-2.4.55/servers/slapd/back-meta/conn.c --- old/openldap-2.4.54/servers/slapd/back-meta/conn.c 2020-10-12 20:27:28.000000000 +0200 +++ new/openldap-2.4.55/servers/slapd/back-meta/conn.c 2020-10-26 20:02:25.000000000 +0100 @@ -520,7 +520,7 @@ * using it instead of the * configured URI? */ if ( rs->sr_err == LDAP_SUCCESS ) { - ldap_install_tls( msc->msc_ld ); + rs->sr_err = ldap_install_tls( msc->msc_ld ); } else if ( rs->sr_err == LDAP_REFERRAL ) { /* FIXME: LDAP_OPERATIONS_ERROR? */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openldap-2.4.54/servers/slapd/controls.c new/openldap-2.4.55/servers/slapd/controls.c --- old/openldap-2.4.54/servers/slapd/controls.c 2020-10-12 20:27:28.000000000 +0200 +++ new/openldap-2.4.55/servers/slapd/controls.c 2020-10-26 20:02:25.000000000 +0100 @@ -257,7 +257,7 @@ if ( num_known_controls >= SLAP_MAX_CIDS ) { Debug( LDAP_DEBUG_ANY, "Too many controls registered." " Recompile slapd with SLAP_MAX_CIDS defined > %d\n", - SLAP_MAX_CIDS, 0, 0 ); + num_known_controls, 0, 0 ); return LDAP_OTHER; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openldap-2.4.54/servers/slapd/modrdn.c new/openldap-2.4.55/servers/slapd/modrdn.c --- old/openldap-2.4.54/servers/slapd/modrdn.c 2020-10-12 20:27:28.000000000 +0200 +++ new/openldap-2.4.55/servers/slapd/modrdn.c 2020-10-26 20:02:25.000000000 +0100 @@ -505,7 +505,7 @@ mod_tmp->sml_values = ( BerVarray )ch_malloc( 2 * sizeof( struct berval ) ); ber_dupbv( &mod_tmp->sml_values[0], &old_rdn[d_cnt]->la_value ); mod_tmp->sml_values[1].bv_val = NULL; - if( desc->ad_type->sat_equality->smr_normalize) { + if( desc->ad_type->sat_equality && desc->ad_type->sat_equality->smr_normalize) { mod_tmp->sml_nvalues = ( BerVarray )ch_malloc( 2 * sizeof( struct berval ) ); (void) (*desc->ad_type->sat_equality->smr_normalize)( SLAP_MR_EQUALITY|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX, ++++++ slapd-ldif-update-crc.sh ++++++ #!/bin/bash # Script to fix the crc of openldap slapd.d ldifs. source /usr/lib/openldap/update-crc if [ -z ${1} ]; then echo "Usage: ${0} /etc/openldap/slapd.d/<config ldif to update>" exit 1 fi if [ ! -f "${1}" ]; then echo "File ${1} does not exist?" echo "Usage: ${0} /etc/openldap/slapd.d/<config ldif to update>" exit 1 fi # Make sure slapd.service is not running. slapd_running=1 # Don't check if no systemd, we could be in a container. if [ -f "/usr/bin/systemctl" ]; then /usr/bin/systemctl is-active --quiet slapd.service slapd_running=$? fi if [ $slapd_running -eq 0 ]; then echo "Unable to update crc of '${1}' while slapd.service is running ..." exit 1 fi do_update_crc ${1} echo "Updated crc of ${1}" ++++++ update-crc.sh ++++++ #!/bin/bash # Script to fix the crc of openldap slapd.d ldifs. do_update_crc () { if [ -z ${1} ]; then echo "Invalid call to do_update_crc() - no filename provided" exit 1 fi tgt_ldif=$1 if [ ! -f "${tgt_ldif}" ]; then echo "invalid call to do_update_crc() - file ${tgt_ldif} does not exist?" exit 1 fi rm -f "${tgt_ldif}.crcbak" mv "${tgt_ldif}" "${tgt_ldif}.crcbak" /usr/bin/awk ' BEGIN { # CRC-32 ZIP polynomial in reversed bit order. POLY = 0xedb88320 # 8-bit character -> ordinal table. for (i = 0; i < 256; i++) ORD[sprintf("%c", i)] = i } { # Remember each input line. input[NR] = $0 # Verify the file header. if (NR == 1 && $0 != "# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.") exit 1 if (NR == 2 && $0 !~ /# CRC32 ......../) exit 1 } # Calculate CRC-32. function crc32(crc, string, i, j, c) { crc = and(compl(crc), 0xffffffff) for (i = 1; i <= length(string); i++) { c = substr(string, i, 1) crc = xor(crc, ORD[c]) for (j = 0; j < 8; j++) crc = and(crc, 1) ? xor(rshift(crc, 1), POLY) : rshift(crc, 1) } crc = and(compl(crc), 0xffffffff) return crc } END { # Calculate CRC-32 of the file and update it in the header. crc = 0 for (i = 3; i <= length(input); i++) crc = crc32(crc, input[i] "\n") input[2] = "# CRC32 " sprintf("%08x", crc) # Print the output. for (i = 1; i <= length(input); i++) print input[i] }' "${tgt_ldif}.crcbak" > "${tgt_ldif}" }