[openldap] fix: allow unsetting of tls_* syncrepl options
jvcelak
jvcelak at fedoraproject.org
Mon Sep 12 16:43:35 UTC 2011
commit 9c0ef47ce4d4d90a9b2a5ba8a19c6231b46b0918
Author: Jan Vcelak <jvcelak at redhat.com>
Date: Mon Sep 12 18:42:53 2011 +0200
fix: allow unsetting of tls_* syncrepl options
Resolves: #734187
openldap-syncrepl-unset-tls-options.patch | 69 +++++++++++++++++++++++++++++
openldap.spec | 3 +
2 files changed, 72 insertions(+), 0 deletions(-)
---
diff --git a/openldap-syncrepl-unset-tls-options.patch b/openldap-syncrepl-unset-tls-options.patch
new file mode 100644
index 0000000..51836a8
--- /dev/null
+++ b/openldap-syncrepl-unset-tls-options.patch
@@ -0,0 +1,69 @@
+allow unsetting of tls_* syncrepl options
+
+Author: Patrick Monnerat <pm at datasphere.ch>
+Upstream ITS: #7042
+Resolves: #734187
+
+---
+ libraries/libldap/tls2.c | 16 ++++++++--------
+ 1 files changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/libraries/libldap/tls2.c b/libraries/libldap/tls2.c
+index 5c35fb5..4c9eb30 100644
+--- a/libraries/libldap/tls2.c
++++ b/libraries/libldap/tls2.c
+@@ -731,27 +731,27 @@ ldap_pvt_tls_set_option( LDAP *ld, int option, void *arg )
+ return 0;
+ case LDAP_OPT_X_TLS_CACERTFILE:
+ if ( lo->ldo_tls_cacertfile ) LDAP_FREE( lo->ldo_tls_cacertfile );
+- lo->ldo_tls_cacertfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
++ lo->ldo_tls_cacertfile = (arg && *(char *)arg) ? LDAP_STRDUP( (char *) arg ) : NULL;
+ return 0;
+ case LDAP_OPT_X_TLS_CACERTDIR:
+ if ( lo->ldo_tls_cacertdir ) LDAP_FREE( lo->ldo_tls_cacertdir );
+- lo->ldo_tls_cacertdir = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
++ lo->ldo_tls_cacertdir = (arg && *(char *)arg) ? LDAP_STRDUP( (char *) arg ) : NULL;
+ return 0;
+ case LDAP_OPT_X_TLS_CERTFILE:
+ if ( lo->ldo_tls_certfile ) LDAP_FREE( lo->ldo_tls_certfile );
+- lo->ldo_tls_certfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
++ lo->ldo_tls_certfile = (arg && *(char *)arg) ? LDAP_STRDUP( (char *) arg ) : NULL;
+ return 0;
+ case LDAP_OPT_X_TLS_KEYFILE:
+ if ( lo->ldo_tls_keyfile ) LDAP_FREE( lo->ldo_tls_keyfile );
+- lo->ldo_tls_keyfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
++ lo->ldo_tls_keyfile = (arg && *(char *)arg) ? LDAP_STRDUP( (char *) arg ) : NULL;
+ return 0;
+ case LDAP_OPT_X_TLS_DHFILE:
+ if ( lo->ldo_tls_dhfile ) LDAP_FREE( lo->ldo_tls_dhfile );
+- lo->ldo_tls_dhfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
++ lo->ldo_tls_dhfile = (arg && *(char *)arg) ? LDAP_STRDUP( (char *) arg ) : NULL;
+ return 0;
+ case LDAP_OPT_X_TLS_CRLFILE: /* GnuTLS only */
+ if ( lo->ldo_tls_crlfile ) LDAP_FREE( lo->ldo_tls_crlfile );
+- lo->ldo_tls_crlfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
++ lo->ldo_tls_crlfile = (arg && *(char *)arg) ? LDAP_STRDUP( (char *) arg ) : NULL;
+ return 0;
+ case LDAP_OPT_X_TLS_REQUIRE_CERT:
+ if ( !arg ) return -1;
+@@ -779,7 +779,7 @@ ldap_pvt_tls_set_option( LDAP *ld, int option, void *arg )
+ #endif
+ case LDAP_OPT_X_TLS_CIPHER_SUITE:
+ if ( lo->ldo_tls_ciphersuite ) LDAP_FREE( lo->ldo_tls_ciphersuite );
+- lo->ldo_tls_ciphersuite = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
++ lo->ldo_tls_ciphersuite = (arg && *(char *)arg) ? LDAP_STRDUP( (char *) arg ) : NULL;
+ return 0;
+
+ case LDAP_OPT_X_TLS_PROTOCOL_MIN:
+@@ -790,7 +790,7 @@ ldap_pvt_tls_set_option( LDAP *ld, int option, void *arg )
+ if ( ld != NULL )
+ return -1;
+ if ( lo->ldo_tls_randfile ) LDAP_FREE (lo->ldo_tls_randfile );
+- lo->ldo_tls_randfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
++ lo->ldo_tls_randfile = (arg && *(char *)arg) ? LDAP_STRDUP( (char *) arg ) : NULL;
+ break;
+ case LDAP_OPT_X_TLS_NEWCTX:
+ if ( !arg ) return -1;
+--
+1.7.6.1
+
diff --git a/openldap.spec b/openldap.spec
index 70dbc85..97469c5 100644
--- a/openldap.spec
+++ b/openldap.spec
@@ -41,6 +41,7 @@ Patch15: openldap-nss-wildcards.patch
Patch16: openldap-dns-priority.patch
Patch17: openldap-man-ldap-sync.patch
Patch18: openldap-nss-handshake-threadsafe.patch
+Patch19: openldap-syncrepl-unset-tls-options.patch
# patches for the evolution library (see README.evolution)
Patch200: openldap-evolution-ntlm.patch
@@ -152,6 +153,7 @@ pushd openldap-%{version}
%patch16 -p1 -b .dns-priority
%patch17 -p1 -b .man-ldap-sync
%patch18 -p1 -b .nss-handshake-threadsafe
+%patch19 -p1 -b .syncrepl-unset-tls-options
cp %{_datadir}/libtool/config/config.{sub,guess} build/
@@ -677,6 +679,7 @@ exit 0
%changelog
* Mon Sep 12 2011 Jan Vcelak <jvcelak at redhat.com> 2.4.26-3
- fix: SSL_ForceHandshake function is not thread safe (#701678)
+- fix: allow unsetting of tls_* syncrepl options (#734187)
* Wed Aug 24 2011 Jan Vcelak <jvcelak at redhat.com> 2.4.26-2
- security hardening: library needs partial RELRO support added (#733071)
More information about the scm-commits
mailing list