diff options
| author | Roman I Khimov <khimov@altell.ru> | 2010-08-03 22:25:03 +0400 |
|---|---|---|
| committer | Roman I Khimov <khimov@altell.ru> | 2010-08-03 23:38:14 +0400 |
| commit | d4eb4f3ea8f330a25ad9e8290759138e8e0e1803 (patch) | |
| tree | 2c41230ef1243c4cc5b0d9357c0e10db0a03b16a | |
| parent | f70303411dbf963869132aa6717654a3cd7c4216 (diff) | |
openldap: update 2.4.21 to 2.4.23
* bugfixes mostly, considered as safe upgrade
* fixes CVE-2010-0211 and CVE-2010-0212
* switch to PACKAGES_DYNAMIC for backends, allows to kill some recipe bloat,
might be nice to do additional OECONF cleanup later (probably adding more
modules as they're nicely packaged)
* add openldap-backends package to easily install all backends at once
* kill legacy staging
Signed-off-by: Roman I Khimov <khimov@altell.ru>
| -rw-r--r-- | recipes/openldap/openldap-2.4.23/openldap-m4-pthread.patch (renamed from recipes/openldap/openldap-2.4.21/openldap-m4-pthread.patch) | 0 | ||||
| -rw-r--r-- | recipes/openldap/openldap_2.4.23.bb (renamed from recipes/openldap/openldap_2.4.21.bb) | 79 |
2 files changed, 27 insertions, 52 deletions
diff --git a/recipes/openldap/openldap-2.4.21/openldap-m4-pthread.patch b/recipes/openldap/openldap-2.4.23/openldap-m4-pthread.patch index b669b7254d..b669b7254d 100644 --- a/recipes/openldap/openldap-2.4.21/openldap-m4-pthread.patch +++ b/recipes/openldap/openldap-2.4.23/openldap-m4-pthread.patch diff --git a/recipes/openldap/openldap_2.4.21.bb b/recipes/openldap/openldap_2.4.23.bb index 7fb97c07f5..9ad86c8f59 100644 --- a/recipes/openldap/openldap_2.4.21.bb +++ b/recipes/openldap/openldap_2.4.23.bb @@ -13,11 +13,12 @@ SECTION = "libs" LDAP_VER = "${@'.'.join(bb.data.getVar('PV',d,1).split('.')[0:2])}" -SRC_URI = "ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz;name=openldap-${PV}" +SRC_URI = "ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz" SRC_URI += "file://openldap-m4-pthread.patch" SRC_URI += "file://initscript" -SRC_URI[openldap-2.4.21.md5sum] = "e7128c57b2bacd940e8906057c94ff26" -SRC_URI[openldap-2.4.21.sha256sum] = "22eca357137c135b5561e2fa0e3336b280702acf2e5c4f40bc7aed1d1e8e9324" +SRC_URI[md5sum] = "90150b8c0d0192e10b30157e68844ddf" +SRC_URI[sha256sum] = "5a5ede91d5e8ab3c7f637620aa29a3b96eb34318a8b26c8eef2d2c789fc055e3" + # The build tries to run a host executable, this fails. The patch # causes the executable and its data to be installed instead of # the output - ucgendat must be run after the ipkg install! @@ -104,33 +105,24 @@ md = "${libexecdir}/openldap" # a .conf file (this will allow ldbm to be build with gdbm). #OPENLDAP_OPTION_bdb ?= "--enable-bdb=mod" OPENLDAP_DEPENDS_bdb ?= "db" -OPENLDAP_PACKAGE_bdb ?= "${PN}-backend-bdb" -FILES_${PN}-backend-bdb = "${md}/back_bdb.so ${md}/back_bdb.la ${md}/back_bdb-*.so.*" EXTRA_OECONF += "${OPENLDAP_OPTION_bdb}" DEPENDS += "${OPENLDAP_DEPENDS_bdb}" -PACKAGES += "${OPENLDAP_PACKAGE_bdb}" # #--enable-dnssrv enable dnssrv backend no|yes|mod no # This has no dependencies. -FILES_${PN}-backend-dnssrv = "${md}/back_dnssrv.so ${md}/back_dnssrv.la ${md}/back_dnssrv-*.so.*" EXTRA_OECONF += "--enable-dnssrv=mod" -PACKAGES += "${PN}-backend-dnssrv" # #--enable-hdb enable Hierarchical DB backend no|yes|mod no # This forces ldbm to use Berkeley too, remove to use gdbm #OPENLDAP_OPTION_hdb ?= "--enable-hdb=mod" OPENLDAP_DEPENDS_hdb ?= "db" OPENLDAP_PACKAGE_hdb ?= "${PN}-backend-hdb" -FILES_${PN}-backend-hdb = "${md}/back_hdb.so ${md}/back_hdb.la ${md}/back_hdb-*.so.*" EXTRA_OECONF += "${OPENLDAP_OPTION_hdb}" DEPENDS += "${OPENLDAP_DEPENDS_hdb}" -PACKAGES += "${OPENLDAP_PACKAGE_hdb}" # #--enable-ldap enable ldap backend no|yes|mod no # This has no dependencies EXTRA_OECONF += "--enable-ldap=mod" -FILES_${PN}-backend-ldap = "${md}/back_ldap.so ${md}/back_ldap.la ${md}/back_ldap-*.so.*" -PACKAGES += "${PN}-backend-ldap" # #--enable-ldbm enable ldbm backend no|yes|mod no # ldbm requires further specification of the underlying database API, because @@ -145,32 +137,21 @@ OPENLDAP_DEPENDS_ldbm = gdbm # And clear the bdb and hdb settings. OPENLDAP_OPTION_ldbm ?= "--enable-ldbm=mod" OPENLDAP_DEPENDS_ldbm ?= "" -OPENLDAP_PACKAGES_ldbm ?= "${PN}-backend-ldbm" -FILES_${PN}-backend-ldbm = "${md}/back_ldbm.so ${md}/back_ldbm.la ${md}/back_ldbm-*.so.*" EXTRA_OECONF += "${OPENLDAP_OPTION_ldbm}" DEPENDS += "${OPENLDAP_DEPENDS_ldbm}" -PACKAGES += "${PN}-backend-ldbm" # #--enable-meta enable metadirectory backend no|yes|mod no # No dependencies EXTRA_OECONF += "--enable-meta=mod" -FILES_${PN}-backend-meta = "${md}/back_meta.so ${md}/back_meta.la ${md}/back_meta-*.so.*" -PACKAGES += "${PN}-backend-meta" # #--enable-monitor enable monitor backend no|yes|mod yes EXTRA_OECONF += "--enable-monitor=mod" -FILES_${PN}-backend-monitor = "${md}/back_monitor.so ${md}/back_monitor.la ${md}/back_monitor-*.so.*" -PACKAGES += "${PN}-backend-monitor" # #--enable-null enable null backend no|yes|mod no EXTRA_OECONF += "--enable-null=mod" -FILES_${PN}-backend-null = "${md}/back_null.so ${md}/back_null.la ${md}/back_null-*.so.*" -PACKAGES += "${PN}-backend-null" # #--enable-passwd enable passwd backend no|yes|mod no EXTRA_OECONF += " --enable-passwd=mod" -FILES_${PN}-backend-passwd = "${md}/back_passwd.so ${md}/back_passwd.la ${md}/back_passwd-*.so.*" -PACKAGES += "${PN}-backend-passwd" # #--enable-perl enable perl backend no|yes|mod no # This requires a loadable perl dynamic library, if enabled without @@ -178,38 +159,28 @@ PACKAGES += "${PN}-backend-passwd" # up the build machine perl - not good. OPENLDAP_OPTION_perl ?= "--enable-perl=mod" OPENLDAP_DEPENDS_perl ?= "perl" -OPENLDAP_PACKAGES_perl ?= "${PN}-backend-perl" -FILES_${PN}-backend-perl = "${md}/back_perl.so ${md}/back_perl.la ${md}/back_perl-*.so.*" #EXTRA_OECONF += "${OPENLDAP_OPTION_perl}" #DEPENDS += "${OPENLDAP_DEPENDS_perl}" -#PACKAGES += "${PN}-backend-perl" # #--enable-shell enable shell backend no|yes|mod no EXTRA_OECONF += "--enable-shell=mod" -FILES_${PN}-backend-shell = "${md}/back_shell.so ${md}/back_shell.la ${md}/back_shell-*.so.*" -PACKAGES += "${PN}-backend-shell" # #--enable-sql enable sql backend no|yes|mod no # sql requires some sql backend which provides sql.h, sqlite* provides # sqlite.h (which may be compatible but hasn't been tried.) OPENLDAP_OPTION_sql ?= "--enable-sql=mod" OPENLDAP_DEPENDS_sql ?= "sql" -OPENLDAP_PACKAGES_sql ?= "${PN}-backend-sql" -FILES_${PN}-backend-sql = "${md}/back_sql.so ${md}/back_sql.la ${md}/back_sql-*.so.*" #EXTRA_OECONF += "${OPENLDAP_OPTION_sql}" #DEPENDS += "${OPENLDAP_DEPENDS_sql}" -#PACKAGES += "${PN}-backend-sql" # #--enable-dyngroup Dynamic Group overlay no|yes|mod no # This is a demo, Proxy Cache defines init_module which conflicts with the # same symbol in dyngroup #EXTRA_OECONF += "--enable-dyngroup=mod" -#FILES_${PN}-overlay-dyngroup = "${md}/back_dyngroup.so ${md}/back_dyngroup.la ${md}/back_dyngroup-*.so.*" -#PACKAGES += "${PN}-overlay-dyngroup" # #--enable-proxycache Proxy Cache overlay no|yes|mod no EXTRA_OECONF += "--enable-proxycache=mod" -FILES_${PN}-overlay-proxycache = "${md}/pcache.so ${md}/pcache.la ${md}/pcache-*.so.*" +FILES_${PN}-overlay-proxycache = "${md}/pcache-*.so.*" PACKAGES += "${PN}-overlay-proxycache" # # LOCAL OPTION OVERRIDES @@ -236,23 +207,6 @@ do_compile_prepend() { ) } -do_stage() { - echo "staging libldap-${LDAP_VER}" >&2 - # - autotools_stage_includes - # Install the -${LDAP_VER} versions, but link foo.so to foo-x.y.so ONLY - # if they do not exist! - oe_libinstall -so -C libraries/libldap/.libs libldap-${LDAP_VER} ${STAGING_LIBDIR} - test -e ${STAGING_LIBDIR}/libldap.so || - ln -s $(basename ${STAGING_LIBDIR}/libldap-${LDAP_VER}.so.*.*.*) ${STAGING_LIBDIR}/libldap.so - oe_libinstall -so -C libraries/libldap_r/.libs libldap_r-${LDAP_VER} ${STAGING_LIBDIR} - test -e ${STAGING_LIBDIR}/libldap_r.so || - ln -s $(basename ${STAGING_LIBDIR}/libldap_r-${LDAP_VER}.so.*.*.*) ${STAGING_LIBDIR}/libldap_r.so - oe_libinstall -so -C libraries/liblber/.libs liblber-${LDAP_VER} ${STAGING_LIBDIR} - test -e ${STAGING_LIBDIR}/liblber.so || - ln -s $(basename ${STAGING_LIBDIR}/liblber-${LDAP_VER}.so.*.*.*) ${STAGING_LIBDIR}/liblber.so -} - LEAD_SONAME = "libldap-${LDAP_VER}.so.*" # The executables go in a separate package. This allows the @@ -267,7 +221,8 @@ FILES_${PN}-slapd = "${sysconfdir}/init.d ${libexecdir}/slapd ${sbindir} ${local ${sysconfdir}/openldap/DB_CONFIG.example" FILES_${PN}-slurpd = "${libexecdir}/slurpd ${localstatedir}/openldap-slurp ${localstatedir}/run" FILES_${PN}-bin = "${bindir}" -FILES_${PN}-dev = "${includedir} ${libdir}/lib*.so ${libdir}/*.la ${libdir}/*.a ${libexecdir}/openldap/*.a" +FILES_${PN}-dev = "${includedir} ${libdir}/lib*.so ${libdir}/*.la ${libdir}/*.a ${libexecdir}/openldap/*.a ${libexecdir}/openldap/*.la ${libexecdir}/openldap/*.so" +FILES_${PN}-dbg += "${libexecdir}/openldap/.debug" do_install_append() { install -d ${D}${sysconfdir}/init.d @@ -290,3 +245,23 @@ pkg_prerm_${PN}-slapd () { fi update-rc.d $D openldap remove } + +PACKAGES_DYNAMIC = "openldap-backends openldap-backend-*" + +python populate_packages_prepend () { + backend_dir = bb.data.expand('${libexecdir}/openldap', d) + do_split_packages(d, backend_dir, 'back_([a-z]*)\-.*\.so\..*$', 'openldap-backend-%s', 'OpenLDAP %s backend', extra_depends='', allow_links=True) + + metapkg = "openldap-backends" + bb.data.setVar('ALLOW_EMPTY_' + metapkg, "1", d) + bb.data.setVar('FILES_' + metapkg, "", d) + metapkg_rdepends = [] + packages = bb.data.getVar('PACKAGES', d, 1).split() + for pkg in packages[1:]: + if pkg.count("openldap-backend-") and not pkg in metapkg_rdepends and not pkg.count("-dev") and not pkg.count("-dbg") and not pkg.count("static") and not pkg.count("locale"): + metapkg_rdepends.append(pkg) + bb.data.setVar('RDEPENDS_' + metapkg, ' '.join(metapkg_rdepends), d) + bb.data.setVar('DESCRIPTION_' + metapkg, 'OpenLDAP backends meta package', d) + packages.append(metapkg) + bb.data.setVar('PACKAGES', ' '.join(packages), d) +} |