From 07565104d1fb6ade6285c63790d167b8360badc3 Mon Sep 17 00:00:00 2001 From: geos_one Date: Sat, 30 Aug 2008 18:31:50 +0000 Subject: [PATCH] net-nds/fedora-ds-base: deactivate devel bugfix git-svn-id: https://svn.disconnected-by-peer.at/svn/linamh/trunk/linamh@489 6952d904-891a-0410-993b-d76249ca496b --- net-nds/fedora-ds-base/ChangeLog | 4 + net-nds/fedora-ds-base/Manifest | 5 +- .../fedora-ds-base-1.1.1-r1.ebuild | 2 + net-nds/fedora-ds-base/files/bug439829.patch | 299 ++++++++++++++++++ 4 files changed, 308 insertions(+), 2 deletions(-) create mode 100644 net-nds/fedora-ds-base/files/bug439829.patch diff --git a/net-nds/fedora-ds-base/ChangeLog b/net-nds/fedora-ds-base/ChangeLog index 24471ff3..a9c9e612 100644 --- a/net-nds/fedora-ds-base/ChangeLog +++ b/net-nds/fedora-ds-base/ChangeLog @@ -2,6 +2,10 @@ # Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2 # $Header: $ + 30 Aug 2008; Mario Fetka +files/bug439829.patch, + fedora-ds-base-1.1.1-r1.ebuild: + deactivate devel bugfix + 20 Aug 2008; Mario Fetka -fedora-ds-base-1.1.0.ebuild, -fedora-ds-base-1.1.1.ebuild, fedora-ds-base-1.1.1-r1.ebuild: diff --git a/net-nds/fedora-ds-base/Manifest b/net-nds/fedora-ds-base/Manifest index 1c5decb5..dba55601 100644 --- a/net-nds/fedora-ds-base/Manifest +++ b/net-nds/fedora-ds-base/Manifest @@ -1,7 +1,8 @@ +AUX bug439829.patch 9701 RMD160 265747b19535c44abd5e5b6f67871d525ba2f152 SHA1 c22008a29dfe59d20e61b16ad70d192be4948c6d SHA256 d3fc786de0e25636673c0e1b5f228e965f5d56b8073f2654b4bd45812600a7fa AUX dirsrv.confd 72 RMD160 d5478a77018aeb727ba72217d3e67af3dcd669c9 SHA1 006d238cd3fd31b9019a2a1e5bff250192b05a91 SHA256 62d68e8ab4b2b1342a3418e6b067a99345a2806ec1575f6d49cd6c0d1cbb17bc AUX dirsrv.initd 2422 RMD160 f90db40234c6177c2e7b23999786f775fb62fa6e SHA1 36c29829002f91aa9e43d20bfc22dab443791c75 SHA256 8cd646015bd5bd4ea5a50fc5781200b1f287bc48a3892af4e1aea0c3c904c859 AUX fedora-ds-cvs.sh 346 RMD160 d9659f0aa8559c59865f42e16bc611a57a63d893 SHA1 8069aeee78a5fd614f19f3438c9f3dada700e944 SHA256 f2e453b1139b010ceae3dee2c0292e616a67ec55046e759b90c1104721ad412a DIST fedora-ds-base-1.1.1.tar.bz2 2590248 RMD160 824ac88f2e901e19a1ec96f5ba9b4d94fc8f39c3 SHA1 78639f5075015cc9663f8e69aacaf2a5aa938e57 SHA256 ffd4cbbd61eef96174784e5de0c01c34738826a6b10bda4fcff6d7369c1cd0b5 -EBUILD fedora-ds-base-1.1.1-r1.ebuild 1804 RMD160 ff74d331e3014526c88715417bc6330a8bbc97e6 SHA1 528fe54a7818ecdde113ae669a61ea0b9d586a0a SHA256 8d785fcea85e3cf3395906abaebecc8a663bf8bc9df6bdf9d47c6bf6769ce977 -MISC ChangeLog 1878 RMD160 0468b1ede1a8ea9c3e65d7c6af1573c0564b5ff3 SHA1 c4d8abefdb56910a9de978153d35cc697f9578b2 SHA256 26c64f64dc6bb670e81acda567f43b018e80271ebe50abb4939f22ab85bae77f +EBUILD fedora-ds-base-1.1.1-r1.ebuild 1851 RMD160 0be248448f65ef9d57f91957d3b01407099332b4 SHA1 48f5b9eaf63143c10675f3031b764246fd51cd64 SHA256 67257aba20ba01e3896b970c46549670406c916eb5ee8308ca02b75abb9ef0ac +MISC ChangeLog 2014 RMD160 19dd6b3f89bf8764149d57e3dbb21deca6e39a46 SHA1 654b852fe4ab4cba8d0ffccc3e69486a385529b9 SHA256 f71338a8857e2d9c003343d2a581ba0016335e585f51b94b98569bc4a62b69df MISC metadata.xml 170 RMD160 645927a396fdc21cdeb089fe42c5397332420ea6 SHA1 ac7f48a14fec325926f9ce1be8fbf1f311b4f2e4 SHA256 d797a2ec6f9dc516c9f9c1a758ee87ad3e8c43101b5dc76c2f872d5bd4639b42 diff --git a/net-nds/fedora-ds-base/fedora-ds-base-1.1.1-r1.ebuild b/net-nds/fedora-ds-base/fedora-ds-base-1.1.1-r1.ebuild index f6f2cc84..ad642372 100644 --- a/net-nds/fedora-ds-base/fedora-ds-base-1.1.1-r1.ebuild +++ b/net-nds/fedora-ds-base/fedora-ds-base-1.1.1-r1.ebuild @@ -31,6 +31,8 @@ DEPEND=">=dev-libs/nss-3.11.4 src_unpack() { unpack ${A} +# cd ${S} +# epatch ${FILESDIR}/bug439829.patch } src_compile() { diff --git a/net-nds/fedora-ds-base/files/bug439829.patch b/net-nds/fedora-ds-base/files/bug439829.patch new file mode 100644 index 00000000..0d755f24 --- /dev/null +++ b/net-nds/fedora-ds-base/files/bug439829.patch @@ -0,0 +1,299 @@ +Index: ldap/servers/slapd/detach.c +=================================================================== +RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/detach.c,v +retrieving revision 1.6 +diff -u -8 -r1.6 detach.c +--- ldap/servers/slapd/detach.c 10 Nov 2006 23:45:40 -0000 1.6 ++++ ldap/servers/slapd/detach.c 2 Apr 2008 23:32:27 -0000 +@@ -71,17 +71,18 @@ + #include "slap.h" + #include "fe.h" + + #if defined(USE_SYSCONF) || defined(LINUX) + #include + #endif /* USE_SYSCONF */ + + void +-detach() ++detach( int slapd_exemode, int importexport_encrypt, ++ int s_port, daemon_ports_t *ports_info ) + { + #ifndef _WIN32 + int i, sd; + char *workingdir = 0; + char *errorlog = 0; + char *ptr = 0; + char errorbuf[BUFSIZ]; + extern char *config_get_errorlog(void); +@@ -103,16 +104,22 @@ + break; + + default: + _exit( 0 ); + } + break; + } + ++ /* call this right after the fork, but before closing stdin */ ++ if (slapd_do_all_nss_ssl_init(slapd_exemode, importexport_encrypt, ++ s_port, ports_info)) { ++ exit(1); ++ } ++ + workingdir = config_get_workingdir(); + if ( NULL == workingdir ) { + errorlog = config_get_errorlog(); + if ( NULL == errorlog ) { + (void) chdir( "/" ); + } else { + if ((ptr = strrchr(errorlog, '/')) || + (ptr = strrchr(errorlog, '\\'))) { +@@ -145,17 +152,22 @@ + #else /* USE_SETSID */ + if ( (sd = open( "/dev/tty", O_RDWR )) != -1 ) { + (void) ioctl( sd, TIOCNOTTY, NULL ); + (void) close( sd ); + } + #endif /* USE_SETSID */ + + g_set_detached(1); +- } ++ } else { /* not detaching - call nss/ssl init */ ++ if (slapd_do_all_nss_ssl_init(slapd_exemode, importexport_encrypt, ++ s_port, ports_info)) { ++ exit(1); ++ } ++ } + + (void) SIGNAL( SIGPIPE, SIG_IGN ); + #endif /* _WIN32 */ + } + + + #ifndef _WIN32 + /* +Index: ldap/servers/slapd/main.c +=================================================================== +RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/main.c,v +retrieving revision 1.22 +diff -u -8 -r1.22 main.c +--- ldap/servers/slapd/main.c 18 Oct 2007 00:08:34 -0000 1.22 ++++ ldap/servers/slapd/main.c 2 Apr 2008 23:32:28 -0000 +@@ -896,58 +896,24 @@ + return_value = main_setuid(slapdFrontendConfig->localuser); + if (0 != return_value) { + LDAPDebug( LDAP_DEBUG_ANY, "Failed to change user and group identity to that of %s\n", + slapdFrontendConfig->localuser, 0, 0 ); + exit(1); + } + #endif + +- /* +- * Initialise NSS once for the whole slapd process, whether SSL +- * is enabled or not. We use NSS for random number generation and +- * other things even if we are not going to accept SSL connections. +- * We also need NSS for attribute encryption/decryption on import and export. +- */ +- init_ssl = ( (slapd_exemode == SLAPD_EXEMODE_SLAPD) || importexport_encrypt) +- && config_get_security() +- && (0 != s_port) && (s_port <= LDAP_PORT_MAX); +- /* As of DS 6.1, always do a full initialization so that other +- * modules can assume NSS is available +- */ +- if ( slapd_nss_init((slapd_exemode == SLAPD_EXEMODE_SLAPD), +- (slapd_exemode != SLAPD_EXEMODE_REFERRAL) /* have config? */ )) { +- LDAPDebug(LDAP_DEBUG_ANY, +- "ERROR: NSS Initialization Failed.\n", 0, 0, 0); +- exit (1); +- } +- +- if (slapd_exemode == SLAPD_EXEMODE_SLAPD) { +- client_auth_init(); +- } +- +- if ( init_ssl && ( 0 != slapd_ssl_init())) { +- LDAPDebug(LDAP_DEBUG_ANY, +- "ERROR: SSL Initialization Failed.\n", 0, 0, 0 ); +- exit( 1 ); +- } +- +- if ((slapd_exemode == SLAPD_EXEMODE_SLAPD) || +- (slapd_exemode == SLAPD_EXEMODE_REFERRAL)) { +- if ( init_ssl ) { +- PRFileDesc **sock; +- for (sock = ports_info.s_socket; sock && *sock; sock++) { +- if ( 0 != slapd_ssl_init2(sock, 0) ) { +- LDAPDebug(LDAP_DEBUG_ANY, +- "ERROR: SSL Initialization phase 2 Failed.\n", 0, 0, 0 ); +- exit( 1 ); +- } +- } +- } +- } ++ /* Do NSS and/or SSL init for those modes other than listening modes */ ++ if ((slapd_exemode != SLAPD_EXEMODE_REFERRAL) && ++ (slapd_exemode != SLAPD_EXEMODE_SLAPD)) { ++ if (slapd_do_all_nss_ssl_init(slapd_exemode, importexport_encrypt, ++ s_port, &ports_info)) { ++ return 1; ++ } ++ } + + /* + * if we were called upon to do special database stuff, do it and be + * done. + */ + switch ( slapd_exemode ) { + case SLAPD_EXEMODE_LDIF2DB: + return slapd_exemode_ldif2db(); +@@ -997,17 +963,18 @@ + + /* + * Detach ourselves from the terminal (unless running in debug mode). + * We must detach before we start any threads since detach forks() on + * UNIX. + * Have to detach after ssl_init - the user may be prompted for the PIN + * on the terminal, so it must be open. + */ +- detach(); ++ detach(slapd_exemode, importexport_encrypt, ++ s_port, &ports_info); + + /* + * Now write our PID to the startup PID file. + * This is used by the start up script to determine our PID quickly + * after we fork, without needing to wait for the 'real' pid file to be + * written. That could take minutes. And the start script will wait + * that long looking for it. With this new 'early pid' file, it can avoid + * doing that, by detecting the pid and watching for the process exiting. +@@ -2880,8 +2847,72 @@ + "values with a + character, e.g., all of the following" + " have the same effect:\n" + " -d connections+filters\n" + " -d 8+32\n" + " -d 40\n" ); + } + #endif /* LDAP_DEBUG */ + ++/* ++ This function does all NSS and SSL related initialization ++ required during startup. We use this function rather ++ than just call this code from main because we must perform ++ all of this initialization after the fork() but before ++ we detach from the controlling terminal. This is because ++ the NSS softokn requires that NSS_Init is called after the ++ fork - this was always the case, but it is a hard error in ++ NSS 3.11.99 and later. We also have to call NSS_Init before ++ doing the detach because NSS may prompt the user for the ++ token (h/w or softokn) password on stdin. So we use this ++ function that we can call from detach() if running in ++ regular slapd exemode or from main() if running in other ++ modes (or just not detaching). ++*/ ++int ++slapd_do_all_nss_ssl_init(int slapd_exemode, int importexport_encrypt, ++ int s_port, daemon_ports_t *ports_info) ++{ ++ /* ++ * Initialise NSS once for the whole slapd process, whether SSL ++ * is enabled or not. We use NSS for random number generation and ++ * other things even if we are not going to accept SSL connections. ++ * We also need NSS for attribute encryption/decryption on import and export. ++ */ ++ int init_ssl = ( (slapd_exemode == SLAPD_EXEMODE_SLAPD) || importexport_encrypt) ++ && config_get_security() ++ && (0 != s_port) && (s_port <= LDAP_PORT_MAX); ++ /* As of DS 6.1, always do a full initialization so that other ++ * modules can assume NSS is available ++ */ ++ if ( slapd_nss_init((slapd_exemode == SLAPD_EXEMODE_SLAPD), ++ (slapd_exemode != SLAPD_EXEMODE_REFERRAL) /* have config? */ )) { ++ LDAPDebug(LDAP_DEBUG_ANY, ++ "ERROR: NSS Initialization Failed.\n", 0, 0, 0); ++ exit (1); ++ } ++ ++ if (slapd_exemode == SLAPD_EXEMODE_SLAPD) { ++ client_auth_init(); ++ } ++ ++ if ( init_ssl && ( 0 != slapd_ssl_init())) { ++ LDAPDebug(LDAP_DEBUG_ANY, ++ "ERROR: SSL Initialization Failed.\n", 0, 0, 0 ); ++ exit( 1 ); ++ } ++ ++ if ((slapd_exemode == SLAPD_EXEMODE_SLAPD) || ++ (slapd_exemode == SLAPD_EXEMODE_REFERRAL)) { ++ if ( init_ssl ) { ++ PRFileDesc **sock; ++ for (sock = ports_info->s_socket; sock && *sock; sock++) { ++ if ( 0 != slapd_ssl_init2(sock, 0) ) { ++ LDAPDebug(LDAP_DEBUG_ANY, ++ "ERROR: SSL Initialization phase 2 Failed.\n", 0, 0, 0 ); ++ exit( 1 ); ++ } ++ } ++ } ++ } ++ ++ return 0; ++} +Index: ldap/servers/slapd/proto-slap.h +=================================================================== +RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/proto-slap.h,v +retrieving revision 1.31 +diff -u -8 -r1.31 proto-slap.h +--- ldap/servers/slapd/proto-slap.h 18 Oct 2007 01:22:29 -0000 1.31 ++++ ldap/servers/slapd/proto-slap.h 2 Apr 2008 23:32:28 -0000 +@@ -478,17 +478,18 @@ + * delete.c + */ + void do_delete( Slapi_PBlock *pb ); + + + /* + * detach.c + */ +-void detach( void ); ++void detach( int slapd_exemode, int importexport_encrypt, ++ int s_port, daemon_ports_t *ports_info ); + #ifndef _WIN32 + void close_all_files( void ); + #endif + void raise_process_limits( void ); + + + /* + * dn.c +@@ -874,17 +875,16 @@ + int slapd_sasl_ext_client_bind( LDAP* ld, int **msgid); + int slapd_nss_init(int init_ssl, int config_available); + int slapd_ssl_init(); + int slapd_ssl_init2(PRFileDesc **fd, int startTLS); + int slapd_security_library_is_initialized(); + int slapd_ssl_listener_is_initialized(); + int sasl_io_cleanup(Connection *c); + +- + /* + * security_wrappers.c + */ + int slapd_ssl_handshakeCallback(PRFileDesc *fd, void * callback, void * client_data); + int slapd_ssl_badCertHook(PRFileDesc *fd, void * callback, void * client_data); + CERTCertificate * slapd_ssl_peerCertificate(PRFileDesc *fd); + SECStatus slapd_ssl_getChannelInfo(PRFileDesc *fd, SSLChannelInfo *sinfo, PRUintn len); + SECStatus slapd_ssl_getCipherSuiteInfo(PRUint16 ciphersuite, SSLCipherSuiteInfo *cinfo, PRUintn len); +@@ -1272,9 +1272,12 @@ + #endif + + /* + * main.c + */ + #if ( defined( hpux ) || defined( irix )) + void signal2sigaction( int s, void *a ); + #endif ++int slapd_do_all_nss_ssl_init(int slapd_exemode, int importexport_encrypt, ++ int s_port, daemon_ports_t *ports_info); ++ + #endif /* _PROTO_SLAP */