Commit Graph

93 Commits

Author SHA1 Message Date
Randy Eckenrode
51a0839f72
openldap: fix build on Darwin with sandbox enabled 2023-05-25 21:50:49 -04:00
github-actions[bot]
3cdd771820
Merge staging-next into staging 2023-02-23 18:01:49 +00:00
Artturin
f9fdf2d402 treewide: move NIX_CFLAGS_COMPILE to the env attrset
with structuredAttrs lists will be bash arrays which cannot be exported
which will be a issue with some patches and some wrappers like cc-wrapper

this makes it clearer that NIX_CFLAGS_COMPILE must be a string as lists
in env cause a eval failure
2023-02-22 21:23:04 +02:00
Artturin
6f6cc4a22d treewide: use toString on list NIX_CFLAGS_COMPILE
with structuredAttrs lists will be bash arrays which cannot be exported
which will be a issue with some patches and some wrappers like cc-wrapper
2023-02-22 21:23:04 +02:00
ajs124
85b60c3849 openldap: add passthru.tests 2023-02-15 14:11:52 +01:00
ajs124
a5ea08f7f4 openldap: 2.6.3 -> 2.6.4
see https://openldap.org/software/release/changes.html for changes
2023-02-15 14:06:18 +01:00
Theodore Ni
c1e0845d84
openldap: try to fix test error 2022-12-04 15:36:35 -08:00
ajs124
578b6d336f Revert "openldap: disable failing test"
This reverts commit 66e6f6f852.
2022-11-21 13:46:00 +01:00
ajs124
66e6f6f852 openldap: disable failing test 2022-10-28 14:15:18 +02:00
Vladimír Čunát
b8dfd96154
openldap: fixup build on *-darwin
https://hydra.nixos.org/build/195641103

This essentially partially reverts dd331ad167.
I don't expect issues, as libxcrypt it meant to replace parts dropped
from glibc which's never been used on *-darwin anyway.
2022-10-20 09:50:42 +02:00
Franz Pletz
dd331ad167
openldap: fix build with libxcrypt 2022-10-09 18:09:41 +02:00
Dan Callaghan
b30534eb02 openldap: load client config from /etc, not the nix store
We want Openldap clients to load /etc/ldap.conf at runtime, not
${pkgs.openldap}/etc/ldap.conf which is always a sample config.

Pass sysconfdir=/etc at compile time, so that /etc/krb5.conf is embedded
in the library as the path of its config file.

Pass sysconfdir=${out}/etc at install time, so that the sample configs
and schema files are correctly included in the build output.

This hack works because the Makefiles are not smart enough to notice
that the sysconfdir variable has changed across invocations -- because
nobody ever writes their Makefiles to be that smart. :-)

Fixes #181937.
2022-07-22 03:19:46 +02:00
Martin Weinelt
1ad808196d
Merge pull request #182078 from mweinelt/openldap-2.6.3 2022-07-22 00:28:24 +02:00
Martin Weinelt
e11279e962
openldap: 2.6.2 -> 2.6.3 2022-07-19 11:56:57 +02:00
Kai Wohlfahrt
60d1c1d9ad openldap: change runtime directory
Use `openldap` for consistency between `/var/lib` and `/run`.
2022-06-29 19:59:29 +02:00
Kai Wohlfahrt
d1f55ce0a4 openldap: change default ldapi directory
By default, this is /run/ldapi, which is not compatible with systemd's
runtime directories. Change it to /run/slapd/ldapi (in library and
server). This makes `ldapi:///` work as a default socket again.
2022-06-29 19:59:06 +02:00
Janne Heß
b32df807ea
openldap: Fix some issues by applying patches
These patches are from the 2.6 support branch and will hence make it
into 2.6.3 at a later point. At this point however, I cannot use slapd
as a syncrepl slave because it segfaults on startup. This also fixes
parallel build.
2022-06-04 22:45:41 +02:00
sternenseemann
bf5acbc122 openldap: make extraContribModules actually overrideable
By using the build environment instead of relying on rec, using
overrideAttrs to change the value of extraContribModules will actually
have an effect.
2022-05-28 00:44:03 +02:00
Rick van Schijndel
be2ceef4f1 openldap: fix cross-compilation 2022-05-23 07:34:08 +02:00
Martin Weinelt
1d24e9ae37
openldap: update maintainers 2022-05-18 15:25:53 +02:00
Martin Weinelt
39ef6322b5
openldap: 2.4.58 -> 2.6.2
https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_5/ANNOUNCEMENT
https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_6/ANNOUNCEMENT

Co-Authored-By: Andreas Schrägle <nix@ajs124.de>
2022-05-18 15:25:52 +02:00
Alyssa Ross
fd78240ac8
treewide: use lib.getLib for OpenSSL libraries
At some point, I'd like to make another attempt at
71f1f4884b ("openssl: stop static binaries referencing libs"), which
was reverted in 195c7da07d.  One problem with my previous attempt is
that I moved OpenSSL's libraries to a lib output, but many dependent
packages were hardcoding the out output as the location of the
libraries.  This patch fixes every such case I could find in the tree.
It won't have any effect immediately, but will mean these packages
will automatically use an OpenSSL lib output if it is reintroduced in
future.

This patch should cause very few rebuilds, because it shouldn't make
any change at all to most packages I'm touching.  The few rebuilds
that are introduced come from when I've changed a package builder not
to use variable names like openssl.out in scripts / substitution
patterns, which would be confusing since they don't hardcode the
output any more.

I started by making the following global replacements:

    ${pkgs.openssl.out}/lib -> ${lib.getLib pkgs.openssl}/lib
    ${openssl.out}/lib -> ${lib.getLib openssl}/lib

Then I removed the ".out" suffix when part of the argument to
lib.makeLibraryPath, since that function uses lib.getLib internally.

Then I fixed up cases where openssl was part of the -L flag to the
compiler/linker, since that unambigously is referring to libraries.

Then I manually investigated and fixed the following packages:

 - pycurl
 - citrix-workspace
 - ppp
 - wraith
 - unbound
 - gambit
 - acl2

I'm reasonably confindent in my fixes for all of them.

For acl2, since the openssl library paths are manually provided above
anyway, I don't think openssl is required separately as a build input
at all.  Removing it doesn't make a difference to the output size, the
file list, or the closure.

I've tested evaluation with the OfBorg meta checks, to protect against
introducing evaluation failures.
2022-03-30 15:10:00 +00:00
Andrew Childs
e00c4cdc0a openldap: cap MACOSX_DEPLOYMENT_TARGET at 10.16 2021-05-17 00:28:04 +09:00
Vincent Ambo
3466530d66 openldap: Enable argon2 hash support by default
argon2 is the recommended password hashing function, and the module is
included with OpenLDAP contrib.

This change enables argon2 hashes by default in our OpenLDAP package.

The install command for argon2 needs to be install-lib, as it otherwise
tries to install manpages to /usr, which fails.
2021-04-28 23:22:05 +02:00
R. RyanTM
37e7ad02d3 openldap: 2.4.57 -> 2.4.58 2021-03-20 09:17:46 +01:00
sternenseemann
dc7769bf7e
openldap: fix build if openssl or cyrus_sasl are overridden to null, add flag for cyrus_sasl, require openssl (#108046) 2021-02-19 01:35:39 +01:00
R. RyanTM
b833f741e1 openldap: 2.4.56 -> 2.4.57 2021-01-22 21:31:35 +01:00
Ben Siraphob
66e44425c6 pkgs/development/libraries: stdenv.lib -> lib 2021-01-21 19:11:02 -08:00
Martin Weinelt
abbe621724 openldap: 2.4.51 -> 2.4.56
Drop patch for what became CVE-2020-25692, it was fixed in 2.4.55.

Fixes: CVE-2020-25709, CVE-2020-25710
2020-11-18 15:40:34 +01:00
Martin Weinelt
307abd9eae openldap: add patch to fix unauthenticated nullptr dereference in slapd
This vulnerability does not have a CVE yet.

https://security-tracker.debian.org/tracker/TEMP-0000000-DD4835
https://bugs.openldap.org/show_bug.cgi?id=9370
2020-11-01 18:14:56 +01:00
R. RyanTM
51cd015148 openldap: 2.4.50 -> 2.4.51 2020-08-24 12:01:27 +02:00
Frederik Rietdijk
ae1584dc98
Merge pull request #91457 from matthewbauer/prefixed-pkg-config
Fixes from prefixed pkg config
2020-07-02 17:26:16 +02:00
Matthew Bauer
95930fe857 openldap: set CC for cross compilation 2020-06-25 00:09:22 -04:00
Michael Weiss
bf965338df
openldap: Fix the cross compilation 2020-06-20 13:00:49 +02:00
Mario Rodas
51523069a6
openldap: fix build on darwin 2020-05-22 17:51:52 -05:00
Florian Klink
98efbe9052
Merge pull request #79286 from ju1m/openldap_sha2_pbkdf2
openldap: enable sha2 and pbkdf2 modules
2020-05-22 22:02:37 +02:00
Martin Weinelt
2091d42cef openldap: 2.4.49 → 2.4.50
Fixes: CVE-2020-12243

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters
with nested boolean expressions can result in denial of service
(daemon crash).
2020-04-28 21:51:49 +02:00
Patrick Hilhorst
5b49816cf4
treewide: add quotes to recently-changed urls
Co-Authored-By: Drew <drewrisinger@users.noreply.github.com>
2020-03-28 00:05:50 +01:00
Patrick Hilhorst
9fc5e7e473
treewide: fix redirected urls (again)
Ran the same script as #78265.
Additionally, manually replaced `http://goodies.xfce.org`
with https.
2020-03-20 13:36:23 +01:00
Julien Moutinho
1335a986c8 openldap: enable sha2 and pbkdf2 modules 2020-02-05 18:16:57 +01:00
R. RyanTM
7949dc4291 openldap: 2.4.48 -> 2.4.49 2020-02-02 20:12:46 +01:00
R. RyanTM
8ba8325256 openldap: 2.4.47 -> 2.4.48
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/openldap/versions
2019-08-04 20:04:54 -07:00
R. RyanTM
689f0a7497 openldap: 2.4.46 -> 2.4.47 (#52817)
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/openldap/versions
2019-04-07 08:57:52 +00:00
Jörg Thalheim
2ebe19f330 openldap: fix cross-build 2018-12-11 18:13:21 +01:00
Markus Kowalewski
8844504fba
openldap: add license 2018-08-18 00:03:01 +02:00
Tim Steinbach
e4138804da
openldap: 2.4.45 -> 2.4.46
LibreSSL patch no longer needed
2018-08-05 18:04:38 -04:00
Silvan Mosberger
57bccb3cb8 treewide: http -> https sources (#42676)
* treewide: http -> https sources

This updates the source urls of all top-level packages from http to
https where possible.

* buildtorrent: fix url and tab -> spaces
2018-06-28 20:43:35 +02:00
Jan Malakhovski
7438083a4d tree-wide: disable doCheck and doInstallCheck where it fails (the trivial part) 2018-04-25 04:18:46 +00:00
Yegor Timoshenko
506c89c30a maintainers: remove mornfall from packages 2018-01-17 05:17:33 +00:00
Shea Levy
c3b41a77e6 openldap: Use a global localstatedir 2017-09-21 08:18:45 -06:00