Signed-off-by: Pawel Zalewski pzalewski@thegoodpenguin.co.uk --- .../0001-config-fix-provenance-errors.patch | 807 ++++++++++++++++++ .../0002-tpool-remove-errors.patch | 37 + .../0003-config-Remove-format-error.patch | 42 + .../0004-main-Remove-format-error.patch | 28 + ...0005-connection-fix-provenance-error.patch | 67 ++ .../0006-sets-fix-provenance-error.patch | 36 + ...07-slapd-search-fix-cheri-provenance.patch | 152 ++++ .../0001-build-top.mk-unset-STRIP_OPTS.patch | 38 + ...if-filter-fix-parallel-build-failure.patch | 32 + ...-Makefile.in-ignore-the-mkdir-errors.patch | 33 + ...de-ldap_pvt_thread.h-before-redefini.patch | 54 ++ .../openldap/openldap-morello/initscript | 35 + .../remove-user-host-pwd-from-version.patch | 39 + .../openldap/openldap-morello/slapd.service | 10 + .../openldap-morello/use-urandom.patch | 35 + .../openldap/openldap-morello_2.5.12.bb | 255 ++++++ 16 files changed, 1700 insertions(+) create mode 100644 recipes-support/openldap/cheri-patches/0001-config-fix-provenance-errors.patch create mode 100644 recipes-support/openldap/cheri-patches/0002-tpool-remove-errors.patch create mode 100644 recipes-support/openldap/cheri-patches/0003-config-Remove-format-error.patch create mode 100644 recipes-support/openldap/cheri-patches/0004-main-Remove-format-error.patch create mode 100644 recipes-support/openldap/cheri-patches/0005-connection-fix-provenance-error.patch create mode 100644 recipes-support/openldap/cheri-patches/0006-sets-fix-provenance-error.patch create mode 100644 recipes-support/openldap/cheri-patches/0007-slapd-search-fix-cheri-provenance.patch create mode 100644 recipes-support/openldap/openldap-morello/0001-build-top.mk-unset-STRIP_OPTS.patch create mode 100644 recipes-support/openldap/openldap-morello/0001-ldif-filter-fix-parallel-build-failure.patch create mode 100644 recipes-support/openldap/openldap-morello/0001-libraries-Makefile.in-ignore-the-mkdir-errors.patch create mode 100644 recipes-support/openldap/openldap-morello/0001-librewrite-include-ldap_pvt_thread.h-before-redefini.patch create mode 100644 recipes-support/openldap/openldap-morello/initscript create mode 100644 recipes-support/openldap/openldap-morello/remove-user-host-pwd-from-version.patch create mode 100644 recipes-support/openldap/openldap-morello/slapd.service create mode 100644 recipes-support/openldap/openldap-morello/use-urandom.patch create mode 100644 recipes-support/openldap/openldap-morello_2.5.12.bb
diff --git a/recipes-support/openldap/cheri-patches/0001-config-fix-provenance-errors.patch b/recipes-support/openldap/cheri-patches/0001-config-fix-provenance-errors.patch new file mode 100644 index 0000000..b7a40d3 --- /dev/null +++ b/recipes-support/openldap/cheri-patches/0001-config-fix-provenance-errors.patch @@ -0,0 +1,807 @@ +From f3bf7b22898961bb1ff3bdc0fe7d24a1ee1b8e6e Mon Sep 17 00:00:00 2001 +From: Pawel Zalewski pzalewski@thegoodpenguin.co.uk +Date: Thu, 6 Jul 2023 17:19:19 +0100 +Subject: [PATCH 1/7] config: fix provenance errors + +Cast to uintptr_t. + +Signed-off-by: Pawel Zalewski pzalewski@thegoodpenguin.co.uk +--- + build/openldap.m4 | 13 +++- + configure | 189 ++++++++++++++++++++++++++++++++++++++-------- + configure.ac | 9 +++ + 3 files changed, 176 insertions(+), 35 deletions(-) + +diff --git a/build/openldap.m4 b/build/openldap.m4 +index c7fa19e..6945c1d 100644 +--- a/build/openldap.m4 ++++ b/build/openldap.m4 +@@ -296,6 +296,9 @@ dnl -------------------------------------------------------------------- + AC_DEFUN([OL_PTHREAD_TEST_INCLUDES], [[ + /* pthread test headers */ + #include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + #if HAVE_PTHREADS < 7 + #include <errno.h> + #endif +@@ -306,7 +309,7 @@ AC_DEFUN([OL_PTHREAD_TEST_INCLUDES], [[ + static void *task(p) + void *p; + { +- return (void *) (p == NULL); ++ return (void *) ((uintptr_t)(p == NULL)); + } + ]]) + AC_DEFUN([OL_PTHREAD_TEST_FUNCTION],[[ +@@ -407,6 +410,9 @@ AC_DEFUN([OL_HEADER_GNU_PTH_PTHREAD_H], [ + [ol_cv_header_gnu_pth_pthread_h], + [AC_EGREP_CPP(__gnu_pth__, + [#include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + #ifdef _POSIX_THREAD_IS_GNU_PTH + __gnu_pth__; + #endif +@@ -437,7 +443,10 @@ AC_DEFUN([OL_HEADER_LINUX_THREADS], [ + AC_CACHE_CHECK([for LinuxThreads pthread.h], + [ol_cv_header_linux_threads], + [AC_EGREP_CPP(pthread_kill_other_threads_np, +- [#include <pthread.h>], ++ [#include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++], + [ol_cv_header_linux_threads=yes], + [ol_cv_header_linux_threads=no]) + ]) +diff --git a/configure b/configure +index bea23a1..7236a75 100755 +--- a/configure ++++ b/configure +@@ -17688,6 +17688,9 @@ if ac_fn_c_try_compile "$LINENO"; then : + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + #include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + + _ACEOF + if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | +@@ -17717,6 +17720,9 @@ else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + #include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + + _ACEOF + if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | +@@ -17777,6 +17783,9 @@ else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + #include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + _ACEOF + if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "pthread_kill_other_threads_np" >/dev/null 2>&1; then : +@@ -17805,6 +17814,9 @@ else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + #include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + #ifdef _POSIX_THREAD_IS_GNU_PTH + __gnu_pth__; + #endif +@@ -17852,6 +17864,9 @@ else + + /* pthread test headers */ + #include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + #if HAVE_PTHREADS < 7 + #include <errno.h> + #endif +@@ -17862,7 +17877,7 @@ else + static void *task(p) + void *p; + { +- return (void *) (p == NULL); ++ return (void *) ((uintptr_t)(p == NULL)); + } + + int +@@ -17932,6 +17947,9 @@ else + + /* pthread test headers */ + #include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + #if HAVE_PTHREADS < 7 + #include <errno.h> + #endif +@@ -17942,7 +17960,7 @@ else + static void *task(p) + void *p; + { +- return (void *) (p == NULL); ++ return (void *) ((uintptr_t)(p == NULL)); + } + + +@@ -18037,6 +18055,9 @@ else + + /* pthread test headers */ + #include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + #if HAVE_PTHREADS < 7 + #include <errno.h> + #endif +@@ -18047,7 +18068,7 @@ else + static void *task(p) + void *p; + { +- return (void *) (p == NULL); ++ return (void *) ((uintptr_t)(p == NULL)); + } + + int +@@ -18117,6 +18138,9 @@ else + + /* pthread test headers */ + #include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + #if HAVE_PTHREADS < 7 + #include <errno.h> + #endif +@@ -18127,7 +18151,7 @@ else + static void *task(p) + void *p; + { +- return (void *) (p == NULL); ++ return (void *) ((uintptr_t)(p == NULL)); + } + + +@@ -18227,6 +18251,9 @@ else + + /* pthread test headers */ + #include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + #if HAVE_PTHREADS < 7 + #include <errno.h> + #endif +@@ -18237,7 +18264,7 @@ else + static void *task(p) + void *p; + { +- return (void *) (p == NULL); ++ return (void *) ((uintptr_t)(p == NULL)); + } + + int +@@ -18307,6 +18334,9 @@ else + + /* pthread test headers */ + #include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + #if HAVE_PTHREADS < 7 + #include <errno.h> + #endif +@@ -18317,7 +18347,7 @@ else + static void *task(p) + void *p; + { +- return (void *) (p == NULL); ++ return (void *) ((uintptr_t)(p == NULL)); + } + + +@@ -18417,6 +18447,9 @@ else + + /* pthread test headers */ + #include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + #if HAVE_PTHREADS < 7 + #include <errno.h> + #endif +@@ -18427,7 +18460,7 @@ else + static void *task(p) + void *p; + { +- return (void *) (p == NULL); ++ return (void *) ((uintptr_t)(p == NULL)); + } + + int +@@ -18497,6 +18530,9 @@ else + + /* pthread test headers */ + #include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + #if HAVE_PTHREADS < 7 + #include <errno.h> + #endif +@@ -18507,7 +18543,7 @@ else + static void *task(p) + void *p; + { +- return (void *) (p == NULL); ++ return (void *) ((uintptr_t)(p == NULL)); + } + + +@@ -18607,6 +18643,9 @@ else + + /* pthread test headers */ + #include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + #if HAVE_PTHREADS < 7 + #include <errno.h> + #endif +@@ -18617,7 +18656,7 @@ else + static void *task(p) + void *p; + { +- return (void *) (p == NULL); ++ return (void *) ((uintptr_t)(p == NULL)); + } + + int +@@ -18687,6 +18726,9 @@ else + + /* pthread test headers */ + #include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + #if HAVE_PTHREADS < 7 + #include <errno.h> + #endif +@@ -18697,7 +18739,7 @@ else + static void *task(p) + void *p; + { +- return (void *) (p == NULL); ++ return (void *) ((uintptr_t)(p == NULL)); + } + + +@@ -18797,6 +18839,9 @@ else + + /* pthread test headers */ + #include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + #if HAVE_PTHREADS < 7 + #include <errno.h> + #endif +@@ -18807,7 +18852,7 @@ else + static void *task(p) + void *p; + { +- return (void *) (p == NULL); ++ return (void *) ((uintptr_t)(p == NULL)); + } + + int +@@ -18877,6 +18922,9 @@ else + + /* pthread test headers */ + #include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + #if HAVE_PTHREADS < 7 + #include <errno.h> + #endif +@@ -18887,7 +18935,7 @@ else + static void *task(p) + void *p; + { +- return (void *) (p == NULL); ++ return (void *) ((uintptr_t)(p == NULL)); + } + + +@@ -18988,6 +19036,9 @@ else + + /* pthread test headers */ + #include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + #if HAVE_PTHREADS < 7 + #include <errno.h> + #endif +@@ -18998,7 +19049,7 @@ else + static void *task(p) + void *p; + { +- return (void *) (p == NULL); ++ return (void *) ((uintptr_t)(p == NULL)); + } + + int +@@ -19068,6 +19119,9 @@ else + + /* pthread test headers */ + #include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + #if HAVE_PTHREADS < 7 + #include <errno.h> + #endif +@@ -19078,7 +19132,7 @@ else + static void *task(p) + void *p; + { +- return (void *) (p == NULL); ++ return (void *) ((uintptr_t)(p == NULL)); + } + + +@@ -19178,6 +19232,9 @@ else + + /* pthread test headers */ + #include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + #if HAVE_PTHREADS < 7 + #include <errno.h> + #endif +@@ -19188,7 +19245,7 @@ else + static void *task(p) + void *p; + { +- return (void *) (p == NULL); ++ return (void *) ((uintptr_t)(p == NULL)); + } + + int +@@ -19258,6 +19315,9 @@ else + + /* pthread test headers */ + #include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + #if HAVE_PTHREADS < 7 + #include <errno.h> + #endif +@@ -19268,7 +19328,7 @@ else + static void *task(p) + void *p; + { +- return (void *) (p == NULL); ++ return (void *) ((uintptr_t)(p == NULL)); + } + + +@@ -19369,6 +19429,9 @@ else + + /* pthread test headers */ + #include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + #if HAVE_PTHREADS < 7 + #include <errno.h> + #endif +@@ -19379,7 +19442,7 @@ else + static void *task(p) + void *p; + { +- return (void *) (p == NULL); ++ return (void *) ((uintptr_t)(p == NULL)); + } + + int +@@ -19449,6 +19512,9 @@ else + + /* pthread test headers */ + #include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + #if HAVE_PTHREADS < 7 + #include <errno.h> + #endif +@@ -19459,7 +19525,7 @@ else + static void *task(p) + void *p; + { +- return (void *) (p == NULL); ++ return (void *) ((uintptr_t)(p == NULL)); + } + + +@@ -19560,6 +19626,9 @@ else + + /* pthread test headers */ + #include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + #if HAVE_PTHREADS < 7 + #include <errno.h> + #endif +@@ -19570,7 +19639,7 @@ else + static void *task(p) + void *p; + { +- return (void *) (p == NULL); ++ return (void *) ((uintptr_t)(p == NULL)); + } + + int +@@ -19640,6 +19709,9 @@ else + + /* pthread test headers */ + #include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + #if HAVE_PTHREADS < 7 + #include <errno.h> + #endif +@@ -19650,7 +19722,7 @@ else + static void *task(p) + void *p; + { +- return (void *) (p == NULL); ++ return (void *) ((uintptr_t)(p == NULL)); + } + + +@@ -19750,6 +19822,9 @@ else + + /* pthread test headers */ + #include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + #if HAVE_PTHREADS < 7 + #include <errno.h> + #endif +@@ -19760,7 +19835,7 @@ else + static void *task(p) + void *p; + { +- return (void *) (p == NULL); ++ return (void *) ((uintptr_t)(p == NULL)); + } + + int +@@ -19830,6 +19905,9 @@ else + + /* pthread test headers */ + #include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + #if HAVE_PTHREADS < 7 + #include <errno.h> + #endif +@@ -19840,7 +19918,7 @@ else + static void *task(p) + void *p; + { +- return (void *) (p == NULL); ++ return (void *) ((uintptr_t)(p == NULL)); + } + + +@@ -19941,6 +20019,9 @@ else + + /* pthread test headers */ + #include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + #if HAVE_PTHREADS < 7 + #include <errno.h> + #endif +@@ -19951,7 +20032,7 @@ else + static void *task(p) + void *p; + { +- return (void *) (p == NULL); ++ return (void *) ((uintptr_t)(p == NULL)); + } + + int +@@ -20021,6 +20102,9 @@ else + + /* pthread test headers */ + #include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + #if HAVE_PTHREADS < 7 + #include <errno.h> + #endif +@@ -20031,7 +20115,7 @@ else + static void *task(p) + void *p; + { +- return (void *) (p == NULL); ++ return (void *) ((uintptr_t)(p == NULL)); + } + + +@@ -20132,6 +20216,9 @@ else + + /* pthread test headers */ + #include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + #if HAVE_PTHREADS < 7 + #include <errno.h> + #endif +@@ -20142,7 +20229,7 @@ else + static void *task(p) + void *p; + { +- return (void *) (p == NULL); ++ return (void *) ((uintptr_t)(p == NULL)); + } + + int +@@ -20212,6 +20299,9 @@ else + + /* pthread test headers */ + #include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + #if HAVE_PTHREADS < 7 + #include <errno.h> + #endif +@@ -20222,7 +20312,7 @@ else + static void *task(p) + void *p; + { +- return (void *) (p == NULL); ++ return (void *) ((uintptr_t)(p == NULL)); + } + + +@@ -20322,6 +20412,9 @@ else + + /* pthread test headers */ + #include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + #if HAVE_PTHREADS < 7 + #include <errno.h> + #endif +@@ -20332,7 +20425,7 @@ else + static void *task(p) + void *p; + { +- return (void *) (p == NULL); ++ return (void *) ((uintptr_t)(p == NULL)); + } + + int +@@ -20402,6 +20495,9 @@ else + + /* pthread test headers */ + #include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + #if HAVE_PTHREADS < 7 + #include <errno.h> + #endif +@@ -20412,7 +20508,7 @@ else + static void *task(p) + void *p; + { +- return (void *) (p == NULL); ++ return (void *) ((uintptr_t)(p == NULL)); + } + + +@@ -20512,6 +20608,9 @@ else + + /* pthread test headers */ + #include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + #if HAVE_PTHREADS < 7 + #include <errno.h> + #endif +@@ -20522,7 +20621,7 @@ else + static void *task(p) + void *p; + { +- return (void *) (p == NULL); ++ return (void *) ((uintptr_t)(p == NULL)); + } + + int +@@ -20592,6 +20691,9 @@ else + + /* pthread test headers */ + #include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + #if HAVE_PTHREADS < 7 + #include <errno.h> + #endif +@@ -20602,7 +20704,7 @@ else + static void *task(p) + void *p; + { +- return (void *) (p == NULL); ++ return (void *) ((uintptr_t)(p == NULL)); + } + + +@@ -20703,6 +20805,9 @@ else + + /* pthread test headers */ + #include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + #if HAVE_PTHREADS < 7 + #include <errno.h> + #endif +@@ -20713,7 +20818,7 @@ else + static void *task(p) + void *p; + { +- return (void *) (p == NULL); ++ return (void *) ((uintptr_t)(p == NULL)); + } + + int +@@ -20783,6 +20888,9 @@ else + + /* pthread test headers */ + #include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + #if HAVE_PTHREADS < 7 + #include <errno.h> + #endif +@@ -20793,7 +20901,7 @@ else + static void *task(p) + void *p; + { +- return (void *) (p == NULL); ++ return (void *) ((uintptr_t)(p == NULL)); + } + + +@@ -20974,6 +21082,9 @@ else + /* end confdefs.h. */ + + #include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + pthread_rwlock_t rwlock; + + int +@@ -21011,6 +21122,9 @@ else + /* end confdefs.h. */ + + #include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + #ifndef NULL + #define NULL (void*)0 + #endif +@@ -21125,6 +21239,9 @@ else + + /* pthread test headers */ + #include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + #if HAVE_PTHREADS < 7 + #include <errno.h> + #endif +@@ -21135,7 +21252,7 @@ else + static void *task(p) + void *p; + { +- return (void *) (p == NULL); ++ return (void *) ((uintptr_t)(p == NULL)); + } + + +@@ -21235,6 +21352,9 @@ else + #include <sys/time.h> + #include <unistd.h> + #include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + #ifndef NULL + #define NULL (void*) 0 + #endif +@@ -21552,6 +21672,9 @@ else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + #include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + _ACEOF + if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "pthread_kill_other_threads_np" >/dev/null 2>&1; then : +diff --git a/configure.ac b/configure.ac +index 0978eeb..8f5d122 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1452,6 +1452,9 @@ dnl [ol_cv_pthread_lpthread_lexc]) + dnl save the flags + AC_LINK_IFELSE([AC_LANG_PROGRAM([[ + #include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + pthread_rwlock_t rwlock; + ]], [[pthread_rwlock_destroy(&rwlock);]])],[ol_cv_func_pthread_rwlock_destroy=yes],[ol_cv_func_pthread_rwlock_destroy=no]) + ]) +@@ -1467,6 +1470,9 @@ pthread_rwlock_t rwlock; + dnl save the flags + AC_LINK_IFELSE([AC_LANG_PROGRAM([[ + #include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + #ifndef NULL + #define NULL (void*)0 + #endif +@@ -1529,6 +1535,9 @@ dnl esac + #include <sys/time.h> + #include <unistd.h> + #include <pthread.h> ++#include <stdio.h> ++#include <stdint.h> ++ + #ifndef NULL + #define NULL (void*) 0 + #endif +-- +2.34.1 + diff --git a/recipes-support/openldap/cheri-patches/0002-tpool-remove-errors.patch b/recipes-support/openldap/cheri-patches/0002-tpool-remove-errors.patch new file mode 100644 index 0000000..4f2a878 --- /dev/null +++ b/recipes-support/openldap/cheri-patches/0002-tpool-remove-errors.patch @@ -0,0 +1,37 @@ +From cbf9e2e7eccb51ebfa3036c81b3c08691b19ef13 Mon Sep 17 00:00:00 2001 +From: Pawel Zalewski pzalewski@thegoodpenguin.co.uk +Date: Thu, 6 Jul 2023 17:42:48 +0100 +Subject: [PATCH 2/7] tpool: remove errors + +Cast the RHS to uintptr_t. + +Signed-off-by: Pawel Zalewski pzalewski@thegoodpenguin.co.uk +--- + libraries/libldap/tpool.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/libraries/libldap/tpool.c b/libraries/libldap/tpool.c +index 797d59e..ce4a840 100644 +--- a/libraries/libldap/tpool.c ++++ b/libraries/libldap/tpool.c +@@ -258,7 +258,7 @@ ldap_pvt_thread_pool_init_q ( + LDAP_FREE(pool); + return(-1); + } +- pool->ltp_wqs[i] = (struct ldap_int_thread_poolq_s *)(((size_t)ptr + CACHELINE-1) & ~(CACHELINE-1)); ++ pool->ltp_wqs[i] = (struct ldap_int_thread_poolq_s *)((uintptr_t)(((size_t)ptr + CACHELINE-1) & ~(CACHELINE-1))); + pool->ltp_wqs[i]->ltp_free = ptr; + } + +@@ -594,7 +594,7 @@ ldap_pvt_thread_pool_queues( + pool->ltp_wqs[i] = NULL; + return(-1); + } +- pq = (struct ldap_int_thread_poolq_s *)(((size_t)ptr + CACHELINE-1) & ~(CACHELINE-1)); ++ pq = (struct ldap_int_thread_poolq_s *)((uintptr_t)(((size_t)ptr + CACHELINE-1) & ~(CACHELINE-1))); + pq->ltp_free = ptr; + pool->ltp_wqs[i] = pq; + pq->ltp_pool = pool; +-- +2.34.1 + diff --git a/recipes-support/openldap/cheri-patches/0003-config-Remove-format-error.patch b/recipes-support/openldap/cheri-patches/0003-config-Remove-format-error.patch new file mode 100644 index 0000000..a30a231 --- /dev/null +++ b/recipes-support/openldap/cheri-patches/0003-config-Remove-format-error.patch @@ -0,0 +1,42 @@ +From 9d3e1f69ccd087fb219bebd578252aafc82f224a Mon Sep 17 00:00:00 2001 +From: Pawel Zalewski pzalewski@thegoodpenguin.co.uk +Date: Fri, 7 Jul 2023 09:37:26 +0100 +Subject: [PATCH 3/7] config: Remove format error. + +Cast to unsigned char * + +Signed-off-by: Pawel Zalewski pzalewski@thegoodpenguin.co.uk +--- + servers/lloadd/config.c | 2 +- + servers/slapd/config.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/servers/lloadd/config.c b/servers/lloadd/config.c +index 12b4406..56a69ca 100644 +--- a/servers/lloadd/config.c ++++ b/servers/lloadd/config.c +@@ -2113,7 +2113,7 @@ lload_config_find_keyword( ConfigTable *Conf, ConfigArgs *c ) + size_t decode_len = LUTIL_BASE64_DECODE_LEN( c->linelen ); + ch_free( c->tline ); + c->tline = ch_malloc( decode_len + 1 ); +- c->linelen = lutil_b64_pton( c->line, c->tline, decode_len ); ++ c->linelen = lutil_b64_pton( c->line, (unsigned char *)c->tline, decode_len ); + if ( c->linelen < 0 ) { + ch_free( c->tline ); + c->tline = NULL; +diff --git a/servers/slapd/config.c b/servers/slapd/config.c +index 8823c74..3ae7d1f 100644 +--- a/servers/slapd/config.c ++++ b/servers/slapd/config.c +@@ -134,7 +134,7 @@ ConfigTable *config_find_keyword(ConfigTable *Conf, ConfigArgs *c) { + size_t decode_len = LUTIL_BASE64_DECODE_LEN(c->linelen); + ch_free( c->tline ); + c->tline = ch_malloc( decode_len+1 ); +- c->linelen = lutil_b64_pton( c->line, c->tline, decode_len ); ++ c->linelen = lutil_b64_pton( c->line, (unsigned char *)c->tline, decode_len ); + if ( c->linelen < 0 ) + { + ch_free( c->tline ); +-- +2.34.1 + diff --git a/recipes-support/openldap/cheri-patches/0004-main-Remove-format-error.patch b/recipes-support/openldap/cheri-patches/0004-main-Remove-format-error.patch new file mode 100644 index 0000000..e55ab08 --- /dev/null +++ b/recipes-support/openldap/cheri-patches/0004-main-Remove-format-error.patch @@ -0,0 +1,28 @@ +From ace0b9cd1c47662133e599a2f77597dfd184a5d0 Mon Sep 17 00:00:00 2001 +From: Pawel Zalewski pzalewski@thegoodpenguin.co.uk +Date: Fri, 7 Jul 2023 09:47:39 +0100 +Subject: [PATCH 4/7] main: Remove format error. + +cast to unsigned int + +Signed-off-by: Pawel Zalewski pzalewski@thegoodpenguin.co.uk +--- + servers/slapd/main.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/servers/slapd/main.c b/servers/slapd/main.c +index 11e7a8f..6f69087 100644 +--- a/servers/slapd/main.c ++++ b/servers/slapd/main.c +@@ -396,7 +396,7 @@ static void debug_print( const char *data ) + + buf[sizeof(buf)-1] = '\0'; + snprintf( buf, sizeof(buf)-1, "%lx." TS " %p %s", +- (long)tv.tv_sec, Tfrac, (void *)ldap_pvt_thread_self(), data ); ++ (long)tv.tv_sec, (unsigned int)Tfrac, (void *)ldap_pvt_thread_self(), data ); + ber_logger( buf ); + } + +-- +2.34.1 + diff --git a/recipes-support/openldap/cheri-patches/0005-connection-fix-provenance-error.patch b/recipes-support/openldap/cheri-patches/0005-connection-fix-provenance-error.patch new file mode 100644 index 0000000..04451a2 --- /dev/null +++ b/recipes-support/openldap/cheri-patches/0005-connection-fix-provenance-error.patch @@ -0,0 +1,67 @@ +From b9d319b8e5a71eb036937959da051d3780f9c27d Mon Sep 17 00:00:00 2001 +From: Pawel Zalewski pzalewski@thegoodpenguin.co.uk +Date: Fri, 7 Jul 2023 09:59:36 +0100 +Subject: [PATCH 5/7] connection: fix provenance error + +Use uintptr_t not int for pointers. + +Signed-off-by: Pawel Zalewski pzalewski@thegoodpenguin.co.uk +--- + servers/slapd/connection.c | 13 +++++++------ + 1 file changed, 7 insertions(+), 6 deletions(-) + +diff --git a/servers/slapd/connection.c b/servers/slapd/connection.c +index b8ea92a..33a6c13 100644 +--- a/servers/slapd/connection.c ++++ b/servers/slapd/connection.c +@@ -25,6 +25,7 @@ + + #include "portable.h" + ++#include <stdint.h> + #include <stdio.h> + #ifdef HAVE_LIMITS_H + #include <limits.h> +@@ -1246,7 +1247,7 @@ static int connection_read( ber_socket_t s, conn_readinfo *cri ); + + static void* connection_read_thread( void* ctx, void* argv ) + { +- int rc ; ++ int rc; + conn_readinfo cri = { NULL, NULL, NULL, NULL, 0 }; + ber_socket_t s = (long)argv; + +@@ -1257,17 +1258,17 @@ static void* connection_read_thread( void* ctx, void* argv ) + cri.ctx = ctx; + if( ( rc = connection_read( s, &cri ) ) < 0 ) { + Debug( LDAP_DEBUG_CONNS, "connection_read(%d) error\n", s ); +- return (void*)(long)rc; ++ return (void*)(uintptr_t)rc; + } + + /* execute a single queued request in the same thread */ + if( cri.op && !cri.nullop ) { +- rc = (long)connection_operation( ctx, cri.op ); ++ rc = connection_operation( ctx, cri.op ); + } else if ( cri.func ) { +- rc = (long)cri.func( ctx, cri.arg ); ++ rc = cri.func( ctx, cri.arg ); + } + +- return (void*)(long)rc; ++ return (void*)(uintptr_t)rc; + } + + int connection_read_activate( ber_socket_t s ) +@@ -1284,7 +1285,7 @@ int connection_read_activate( ber_socket_t s ) + return rc; + + rc = ldap_pvt_thread_pool_submit( &connection_pool, +- connection_read_thread, (void *)(long)s ); ++ connection_read_thread, (void *)(uintptr_t)s ); + + if( rc != 0 ) { + Debug( LDAP_DEBUG_ANY, +-- +2.34.1 + diff --git a/recipes-support/openldap/cheri-patches/0006-sets-fix-provenance-error.patch b/recipes-support/openldap/cheri-patches/0006-sets-fix-provenance-error.patch new file mode 100644 index 0000000..cb6b1d0 --- /dev/null +++ b/recipes-support/openldap/cheri-patches/0006-sets-fix-provenance-error.patch @@ -0,0 +1,36 @@ +From e0fbb1b9512e85f33497a96d7a9ade87be9d170e Mon Sep 17 00:00:00 2001 +From: Pawel Zalewski pzalewski@thegoodpenguin.co.uk +Date: Fri, 7 Jul 2023 10:52:37 +0100 +Subject: [PATCH 6/7] sets: fix provenance error + +Use uintptr_t not int for pointers. + +Signed-off-by: Pawel Zalewski pzalewski@thegoodpenguin.co.uk +--- + servers/slapd/sets.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/servers/slapd/sets.c b/servers/slapd/sets.c +index 9ab2b36..8a2dc58 100644 +--- a/servers/slapd/sets.c ++++ b/servers/slapd/sets.c +@@ -15,6 +15,7 @@ + + #include "portable.h" + ++#include <stdint.h> + #include <stdio.h> + #include <ac/string.h> + +@@ -553,7 +554,7 @@ slap_set_filter( SLAP_SET_GATHER gatherer, + #define SF_POP() ( (BerVarray)( ( stp < 0 ) ? 0 : stack[ stp-- ] ) ) + #define SF_PUSH(x) do { \ + if ( stp >= ( STACK_SIZE - 1 ) ) SF_ERROR( overflow ); \ +- stack[ ++stp ] = (BerVarray)(long)(x); \ ++ stack[ ++stp ] = (BerVarray)(uintptr_t)(x); \ + } while ( 0 ) + + BerVarray set, lset; +-- +2.34.1 + diff --git a/recipes-support/openldap/cheri-patches/0007-slapd-search-fix-cheri-provenance.patch b/recipes-support/openldap/cheri-patches/0007-slapd-search-fix-cheri-provenance.patch new file mode 100644 index 0000000..08fea7e --- /dev/null +++ b/recipes-support/openldap/cheri-patches/0007-slapd-search-fix-cheri-provenance.patch @@ -0,0 +1,152 @@ +From 2d39482eea00f2afe2598ed5c469d7bffc097ebc Mon Sep 17 00:00:00 2001 +From: Pawel Zalewski pzalewski@thegoodpenguin.co.uk +Date: Fri, 14 Jul 2023 08:00:42 +0100 +Subject: [PATCH 7/7] slapd:search: fix cheri provenance + +Pre-cast the integer to uintptr_t. + +Signed-off-by: Pawel Zalewski pzalewski@thegoodpenguin.co.uk +--- + servers/slapd/back-meta/search.c | 30 +++++++++++++++--------------- + 1 file changed, 15 insertions(+), 15 deletions(-) + +diff --git a/servers/slapd/back-meta/search.c b/servers/slapd/back-meta/search.c +index cfd2f4b..28dcbd4 100644 +--- a/servers/slapd/back-meta/search.c ++++ b/servers/slapd/back-meta/search.c +@@ -868,7 +868,7 @@ getconn:; + + case META_SEARCH_ERR: + savepriv = op->o_private; +- op->o_private = (void *)i; ++ op->o_private = (void *)(uintptr_t)i; + send_ldap_result( op, rs ); + op->o_private = savepriv; + rc = -1; +@@ -995,7 +995,7 @@ getconn:; + rc = rs->sr_err = op->o_protocol >= LDAP_VERSION3 ? + LDAP_ADMINLIMIT_EXCEEDED : LDAP_OTHER; + savepriv = op->o_private; +- op->o_private = (void *)i; ++ op->o_private = (void *)(uintptr_t)i; + send_ldap_result( op, rs ); + op->o_private = savepriv; + goto finish; +@@ -1008,7 +1008,7 @@ getconn:; + doabandon = 1; + rc = rs->sr_err = LDAP_TIMELIMIT_EXCEEDED; + savepriv = op->o_private; +- op->o_private = (void *)i; ++ op->o_private = (void *)(uintptr_t)i; + send_ldap_result( op, rs ); + op->o_private = savepriv; + goto finish; +@@ -1047,7 +1047,7 @@ getconn:; + candidates[ i ].sr_err = rs->sr_err; + if ( META_BACK_ONERR_STOP( mi ) ) { + savepriv = op->o_private; +- op->o_private = (void *)i; ++ op->o_private = (void *)(uintptr_t)i; + send_ldap_result( op, rs ); + op->o_private = savepriv; + goto finish; +@@ -1076,7 +1076,7 @@ getconn:; + candidates[ i ].sr_err = rs->sr_err; + if ( META_BACK_ONERR_STOP( mi ) ) { + savepriv = op->o_private; +- op->o_private = (void *)i; ++ op->o_private = (void *)(uintptr_t)i; + send_ldap_result( op, rs ); + op->o_private = savepriv; + goto finish; +@@ -1161,7 +1161,7 @@ really_bad:; + candidates[ i ].sr_err = rs->sr_err; + if ( META_BACK_ONERR_STOP( mi ) ) { + savepriv = op->o_private; +- op->o_private = (void *)i; ++ op->o_private = (void *)(uintptr_t)i; + send_ldap_result( op, rs ); + op->o_private = savepriv; + goto finish; +@@ -1189,7 +1189,7 @@ really_bad:; + candidates[ i ].sr_err = rs->sr_err; + if ( META_BACK_ONERR_STOP( mi ) ) { + savepriv = op->o_private; +- op->o_private = (void *)i; ++ op->o_private = (void *)(uintptr_t)i; + send_ldap_result( op, rs ); + op->o_private = savepriv; + goto finish; +@@ -1236,13 +1236,13 @@ really_bad:; + + e = ldap_first_entry( msc->msc_ld, msg ); + savepriv = op->o_private; +- op->o_private = (void *)i; ++ op->o_private = (void *)(uintptr_t)i; + rs->sr_err = meta_send_entry( op, rs, mc, i, e ); + + switch ( rs->sr_err ) { + case LDAP_SIZELIMIT_EXCEEDED: + savepriv = op->o_private; +- op->o_private = (void *)i; ++ op->o_private = (void *)(uintptr_t)i; + send_ldap_result( op, rs ); + op->o_private = savepriv; + rs->sr_err = LDAP_SUCCESS; +@@ -1311,7 +1311,7 @@ really_bad:; + if ( rs->sr_ref != NULL && !BER_BVISNULL( &rs->sr_ref[ 0 ] ) ) { + /* ignore return value by now */ + savepriv = op->o_private; +- op->o_private = (void *)i; ++ op->o_private = (void *)(uintptr_t)i; + ( void )send_search_reference( op, rs ); + op->o_private = savepriv; + +@@ -1580,7 +1580,7 @@ err_pr:; + candidates[ i ].sr_err = rs->sr_err; + if ( META_BACK_ONERR_STOP( mi ) ) { + savepriv = op->o_private; +- op->o_private = (void *)i; ++ op->o_private = (void *)(uintptr_t)i; + send_ldap_result( op, rs ); + op->o_private = savepriv; + ldap_controls_free( ctrls ); +@@ -1629,7 +1629,7 @@ err_pr:; + got_err: + save_text = rs->sr_text; + savepriv = op->o_private; +- op->o_private = (void *)i; ++ op->o_private = (void *)(uintptr_t)i; + rs->sr_text = candidates[ i ].sr_text; + send_ldap_result( op, rs ); + rs->sr_text = save_text; +@@ -1682,7 +1682,7 @@ got_err: + candidates[ i ].sr_err = rs->sr_err; + if ( META_BACK_ONERR_STOP( mi ) ) { + savepriv = op->o_private; +- op->o_private = (void *)i; ++ op->o_private = (void *)(uintptr_t)i; + send_ldap_result( op, rs ); + op->o_private = savepriv; + ldap_msgfree( res ); +@@ -1806,7 +1806,7 @@ free_message:; + * FIXME: only the last one gets caught! + */ + savepriv = op->o_private; +- op->o_private = (void *)(long)mi->mi_ntargets; ++ op->o_private = (void *)(uintptr_t)mi->mi_ntargets; + if ( candidate_match > 0 ) { + struct berval pmatched = BER_BVNULL; + +@@ -1844,7 +1844,7 @@ free_message:; + op->o_tmpfree( pmatched.bv_val, op->o_tmpmemctx ); + } + pmatched = pbv; +- op->o_private = (void *)i; ++ op->o_private = (void *)(uintptr_t)i; + + } else { + op->o_tmpfree( pbv.bv_val, op->o_tmpmemctx ); +-- +2.34.1 + diff --git a/recipes-support/openldap/openldap-morello/0001-build-top.mk-unset-STRIP_OPTS.patch b/recipes-support/openldap/openldap-morello/0001-build-top.mk-unset-STRIP_OPTS.patch new file mode 100644 index 0000000..9d25f2c --- /dev/null +++ b/recipes-support/openldap/openldap-morello/0001-build-top.mk-unset-STRIP_OPTS.patch @@ -0,0 +1,38 @@ +From 321839cbd1d57f12d3d6695254d2003473d8dd1a Mon Sep 17 00:00:00 2001 +From: Yi Zhao yi.zhao@windriver.com +Date: Wed, 8 Dec 2021 16:58:55 +0800 +Subject: [PATCH] build/top.mk: unset STRIP_OPTS + +Unset STRIP_OPTS to disable strip to fix QA errors: + +ERROR: openldap-2.5.9-r0 do_package: QA Issue: File +'/usr/bin/ldapcompare' from openldap was already stripped, this will +prevent future debugging! [already-stripped] + +ERROR: openldap-2.5.9-r0 do_package: QA Issue: File +'/usr/bin/ldapdelete' from openldap was already stripped, this will +prevent future debugging! [already-stripped] + +Upstream-Status: Inappropriate [embedded specific] + +Signed-off-by: Yi Zhao yi.zhao@windriver.com +--- + build/top.mk | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/build/top.mk b/build/top.mk +index 38ce146..6e9fe1f 100644 +--- a/build/top.mk ++++ b/build/top.mk +@@ -60,7 +60,7 @@ INSTALL_PROGRAM = $(INSTALL) + INSTALL_DATA = $(INSTALL) -m 644 + INSTALL_SCRIPT = $(INSTALL) + +-STRIP_OPTS = -s ++STRIP_OPTS = + + LINT = lint + 5LINT = 5lint +-- +2.17.1 + diff --git a/recipes-support/openldap/openldap-morello/0001-ldif-filter-fix-parallel-build-failure.patch b/recipes-support/openldap/openldap-morello/0001-ldif-filter-fix-parallel-build-failure.patch new file mode 100644 index 0000000..b42bd97 --- /dev/null +++ b/recipes-support/openldap/openldap-morello/0001-ldif-filter-fix-parallel-build-failure.patch @@ -0,0 +1,32 @@ +From 9e4ccd1e78ceac8de1ab66ee62ee216f1fbd4956 Mon Sep 17 00:00:00 2001 +From: Yi Zhao yi.zhao@windriver.com +Date: Thu, 2 Dec 2021 11:38:15 +0800 +Subject: [PATCH] ldif-filter: fix parallel build failure + +Add slapd-common.o as dependency for ldif-filter to fix the parallel +build failure: + ld: cannot find slapd-common.o: No such file or directory + +Upstream-Status: Pending + +Signed-off-by: Yi Zhao yi.zhao@windriver.com +--- + tests/progs/Makefile.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tests/progs/Makefile.in b/tests/progs/Makefile.in +index 13f1e8be2..e4f4ccf98 100644 +--- a/tests/progs/Makefile.in ++++ b/tests/progs/Makefile.in +@@ -56,7 +56,7 @@ slapd-modify: slapd-modify.o $(OBJS) $(XLIBS) + slapd-bind: slapd-bind.o $(OBJS) $(XLIBS) + $(LTLINK) -o $@ slapd-bind.o $(OBJS) $(LIBS) + +-ldif-filter: ldif-filter.o $(XLIBS) ++ldif-filter: ldif-filter.o $(OBJS) $(XLIBS) + $(LTLINK) -o $@ ldif-filter.o $(OBJS) $(LIBS) + + slapd-mtread: slapd-mtread.o $(OBJS) $(XLIBS) +-- +2.25.1 + diff --git a/recipes-support/openldap/openldap-morello/0001-libraries-Makefile.in-ignore-the-mkdir-errors.patch b/recipes-support/openldap/openldap-morello/0001-libraries-Makefile.in-ignore-the-mkdir-errors.patch new file mode 100644 index 0000000..552726b --- /dev/null +++ b/recipes-support/openldap/openldap-morello/0001-libraries-Makefile.in-ignore-the-mkdir-errors.patch @@ -0,0 +1,33 @@ +From 690f69791eb6cd0d7e94b4d73219ee864de27f62 Mon Sep 17 00:00:00 2001 +From: Yi Zhao yi.zhao@windriver.com +Date: Mon, 10 Jan 2022 10:13:51 +0800 +Subject: [PATCH] libraries/Makefile.in: ignore the mkdir errors + +Ignore the mkdir errors to fix the parallel build failure: + +../../build/shtool mkdir -p TOPDIR/tmp-glibc/work/cortexa15t2hf-neon-wrs-linux-gnueabi/openldap/2.5.9-r0/image/usr/lib +mkdir: cannot create directory 'TOPDIR/tmp-glibc/work/cortexa15t2hf-neon-wrs-linux-gnueabi/openldap/2.5.9-r0/image/usr/lib': File exists + +Upstream-Status: Pending + +Signed-off-by: Yi Zhao yi.zhao@windriver.com +--- + libraries/Makefile.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libraries/Makefile.in b/libraries/Makefile.in +index d9cb2ff..c6b251f 100644 +--- a/libraries/Makefile.in ++++ b/libraries/Makefile.in +@@ -24,7 +24,7 @@ PKGCONFIG_DIR=$(DESTDIR)$(libdir)/pkgconfig + PKGCONFIG_SRCDIRS=liblber libldap + + install-local: +- @$(MKDIR) $(PKGCONFIG_DIR) ++ @-$(MKDIR) $(PKGCONFIG_DIR) + @for i in $(PKGCONFIG_SRCDIRS); do \ + $(INSTALL_DATA) $$i/*.pc $(PKGCONFIG_DIR); \ + done +-- +2.17.1 + diff --git a/recipes-support/openldap/openldap-morello/0001-librewrite-include-ldap_pvt_thread.h-before-redefini.patch b/recipes-support/openldap/openldap-morello/0001-librewrite-include-ldap_pvt_thread.h-before-redefini.patch new file mode 100644 index 0000000..bcd1525 --- /dev/null +++ b/recipes-support/openldap/openldap-morello/0001-librewrite-include-ldap_pvt_thread.h-before-redefini.patch @@ -0,0 +1,54 @@ +From 79381ab335898c9184e22dd25b544adefa9bf6c5 Mon Sep 17 00:00:00 2001 +From: Khem Raj raj.khem@gmail.com +Date: Mon, 7 Feb 2022 16:26:57 -0800 +Subject: [PATCH] librewrite: include ldap_pvt_thread.h before redefining + calloc + +This helps compiling with musl, where sched.h is included by +ldap_pvt_thread.h which provides prototype for calloc() and conflicts + +/usr/include/sched.h:84:7: error: conflicting types for 'ber_memcalloc' +| void *calloc(size_t, size_t); +| ^1 +| warning and 1 error generated. +| ./rewrite-int.h:44:21: note: expanded from macro 'calloc' +| #define calloc(x,y) ber_memcalloc(x,y) +| ^ + +Upstream-Status: Pending +Signed-off-by: Khem Raj raj.khem@gmail.com +--- + libraries/librewrite/rewrite-int.h | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/libraries/librewrite/rewrite-int.h b/libraries/librewrite/rewrite-int.h +index 4481dd3..5ec226d 100644 +--- a/libraries/librewrite/rewrite-int.h ++++ b/libraries/librewrite/rewrite-int.h +@@ -40,6 +40,11 @@ + + #include <rewrite.h> + ++#ifndef NO_THREADS ++#define USE_REWRITE_LDAP_PVT_THREADS ++#include <ldap_pvt_thread.h> ++#endif ++ + #define malloc(x) ber_memalloc(x) + #define calloc(x,y) ber_memcalloc(x,y) + #define realloc(x,y) ber_memrealloc(x,y) +@@ -47,11 +52,6 @@ + #undef strdup + #define strdup(x) ber_strdup(x) + +-#ifndef NO_THREADS +-#define USE_REWRITE_LDAP_PVT_THREADS +-#include <ldap_pvt_thread.h> +-#endif +- + /* + * For details, see RATIONALE. + */ +-- +2.35.1 + diff --git a/recipes-support/openldap/openldap-morello/initscript b/recipes-support/openldap/openldap-morello/initscript new file mode 100644 index 0000000..08d1067 --- /dev/null +++ b/recipes-support/openldap/openldap-morello/initscript @@ -0,0 +1,35 @@ +#! /bin/sh +# +# This is an init script for openembedded +# Copy it to /etc/init.d/openldap and type +# > update-rc.d openldap defaults 60 +# + +# Source function library. +. /etc/init.d/functions + +slapd=/usr/sbin/slapd +test -x "$slapd" || exit 0 + + +case "$1" in + start) + echo -n "Starting OpenLDAP: " + start-stop-daemon --start --quiet --exec $slapd + echo "." + ;; + stop) + echo -n "Stopping OpenLDAP: " + start-stop-daemon --stop --quiet --pidfile /var/run/slapd.pid + echo "." + ;; + status) + status $slapd; + exit $? + ;; + *) + echo "Usage: /etc/init.d/openldap {start|stop|status}" + exit 1 +esac + +exit 0 diff --git a/recipes-support/openldap/openldap-morello/remove-user-host-pwd-from-version.patch b/recipes-support/openldap/openldap-morello/remove-user-host-pwd-from-version.patch new file mode 100644 index 0000000..7a1b5aa --- /dev/null +++ b/recipes-support/openldap/openldap-morello/remove-user-host-pwd-from-version.patch @@ -0,0 +1,39 @@ +From 868a04b0596e2df708ba14ed70815b1411db3db1 Mon Sep 17 00:00:00 2001 +From: Changqing Li changqing.li@windriver.com +Date: Thu, 21 Feb 2019 11:33:24 +0800 +Subject: [PATCH] mkversion: remove user host pwd from version + +Upstream-Status: Pending + +Update this patch to version 2.4.47 + +Signed-off-by: Changqing Li changqing.li@windriver.com +--- + build/mkversion | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +--- a/build/mkversion ++++ b/build/mkversion +@@ -53,8 +53,12 @@ APPLICATION=$1 + # Reproducible builds set SOURCE_DATE_EPOCH, want constant strings + if [ -n "${SOURCE_DATE_EPOCH}" ]; then + WHOWHERE="openldap" ++ DATE=$(date -d@$SOURCE_DATE_EPOCH +' %b %d %Y ') ++ TIME=$(date -d@$SOURCE_DATE_EPOCH +' %H:%M:%S ') + else +- WHOWHERE="$USER@$(uname -n):$(pwd)" ++ WHOWHERE="openldap" ++ DATE='" __DATE__ "' ++ TIME='" __TIME__ "' + fi + + cat << __EOF__ +@@ -77,7 +81,7 @@ static const char copyright[] = + "COPYING RESTRICTIONS APPLY\n"; + + $static $const char $SYMBOL[] = +-"@(#) $$PACKAGE: $APPLICATION $VERSION (" __DATE__ " " __TIME__ ") $\n" ++"@(#) $$PACKAGE: $APPLICATION $VERSION ($DATE $TIME) $\n" + "\t$WHOWHERE\n"; + + __EOF__ diff --git a/recipes-support/openldap/openldap-morello/slapd.service b/recipes-support/openldap/openldap-morello/slapd.service new file mode 100644 index 0000000..f5f83fd --- /dev/null +++ b/recipes-support/openldap/openldap-morello/slapd.service @@ -0,0 +1,10 @@ +[Unit] +Description=Standalone LDAP Daemon +After=syslog.target network.target + +[Service] +Type=forking +ExecStart=@SBINDIR@/slapd + +[Install] +WantedBy=multi-user.target diff --git a/recipes-support/openldap/openldap-morello/use-urandom.patch b/recipes-support/openldap/openldap-morello/use-urandom.patch new file mode 100644 index 0000000..0b7e3a2 --- /dev/null +++ b/recipes-support/openldap/openldap-morello/use-urandom.patch @@ -0,0 +1,35 @@ +openldap: assume /dev/urandom exists + +When we are cross-compiling, we want to assume +that /dev/urandom exists. We could change the source +code to look for it, but this is the easy way out. + +Upstream-Status: Inappropriate [embedded specific] + +Signed-off-by: Joe Slater jslater@windriver.com + +--- a/configure.ac ++++ b/configure.ac +@@ -2117,6 +2117,7 @@ AC_SUBST(systemdsystemunitdir) + + dnl ---------------------------------------------------------------- + dnl Check for entropy sources ++dev=no + if test $cross_compiling != yes && test "$ac_cv_mingw32" != yes ; then + dev=no + if test -r /dev/urandom ; then +@@ -2131,9 +2132,11 @@ if test $cross_compiling != yes && test "$ac_cv_mingw32" != yes ; then + dev="/idev/random"; + fi + +- if test $dev != no ; then +- AC_DEFINE_UNQUOTED(URANDOM_DEVICE,"$dev",[set to urandom device]) +- fi ++elif test $cross_compiling == yes ; then ++ dev="/dev/urandom"; ++fi ++if test $dev != no ; then ++ AC_DEFINE_UNQUOTED(URANDOM_DEVICE,"$dev",[set to urandom device]) + fi + + dnl ---------------------------------------------------------------- diff --git a/recipes-support/openldap/openldap-morello_2.5.12.bb b/recipes-support/openldap/openldap-morello_2.5.12.bb new file mode 100644 index 0000000..34ac852 --- /dev/null +++ b/recipes-support/openldap/openldap-morello_2.5.12.bb @@ -0,0 +1,255 @@ +inherit autotools-brokensep update-rc.d systemd pkgconfig pure-cap-kheaders purecap-sysroot + +MORELLO_SRC = "meta-openembedded/meta-oe/recipes-support/openldap/openldap_2.5.12.bb" + +SUMMARY = "OpenLDAP Directory Service" + +DESCRIPTION = "OpenLDAP Software is an open source implementation of the Lightweight Directory Access Protocol." +HOMEPAGE = "http://www.OpenLDAP.org/license.html" +# The OpenLDAP Public License - see the HOMEPAGE - defines +# the license. www.openldap.org claims this is Open Source +# (see http://www.openldap.org), the license appears to be +# basically BSD. opensource.org does not record this license +# at present (so it is apparently not OSI certified). +LICENSE = "OpenLDAP" +LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=beceb5ac7100b6430640c61655b25c1f \ + file://LICENSE;md5=153d07ef052c4a37a8fac23bc6031972 \ + " +SECTION = "libs" + +BPN_LDAP = "openldap" + +TOOLCHAIN = "${MORELLO_TOOLCHAIN}" +FILESEXTRAPATHS:prepend := "${THISDIR}/cheri-patches:" + +LDAP_VER = "${@'.'.join(d.getVar('PV').split('.')[0:2])}" + +SRC_URI = "http://www.openldap.org/software/download/OpenLDAP/openldap-release/%24%7BBP... \ + file://use-urandom.patch \ + file://initscript \ + file://slapd.service \ + file://remove-user-host-pwd-from-version.patch \ + file://0001-ldif-filter-fix-parallel-build-failure.patch \ + file://0001-build-top.mk-unset-STRIP_OPTS.patch \ + file://0001-libraries-Makefile.in-ignore-the-mkdir-errors.patch \ + file://0001-librewrite-include-ldap_pvt_thread.h-before-redefini.patch \ +" + +SRC_URI += "\ + file://0001-config-fix-provenance-errors.patch \ + file://0002-tpool-remove-errors.patch \ + file://0003-config-Remove-format-error.patch \ + file://0004-main-Remove-format-error.patch \ + file://0005-connection-fix-provenance-error.patch \ + file://0006-sets-fix-provenance-error.patch \ + file://0007-slapd-search-fix-cheri-provenance.patch \ +" + +SRC_URI[sha256sum] = "d5086cbfc49597fa7d0670a429a9054552d441b16ee8b2435412797ab0e37b96" + +S = "${WORKDIR}/${BPN_LDAP}-${PV}" + +DEPENDS += "util-linux-morello groff-native libtool-native openssl-morello" +RDEPENDS:${PN} += "openssl-morello" + +# CV SETTINGS +# Required to work round AC_FUNC_MEMCMP which gets the wrong answer +# when cross compiling (should be in site?) +EXTRA_OECONF += "ac_cv_func_memcmp_working=yes" + +# CONFIG DEFINITIONS +# The following is necessary because it cannot be determined for a +# cross compile automagically. Select should yield fine on all OE +# systems... +EXTRA_OECONF += "--with-yielding-select=yes" +# Shared libraries are nice... +EXTRA_OECONF += "-disable-modules -disable-static" + +PACKAGECONFIG ??= "asyncmeta gnutls modules \ + mdb ldap meta null passwd proxycache dnssrv \ + ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ +" +#--with-tls with TLS/SSL support auto|openssl|gnutls [auto] +PACKAGECONFIG[openssl] = "--with-tls=openssl,,openssl-morello" + +PACKAGECONFIG[sasl] = "--with-cyrus-sasl,--without-cyrus-sasl,cyrus-sasl" +PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6" + +# SLAPD options +# +# UNIX crypt(3) passwd support: +EXTRA_OECONF += "--enable-crypt" + + +# SLAPD BACKEND +# +# The backend must be set by the configuration. This controls the +# required database. +# +# Backends="asyncmeta dnssrv ldap mdb meta ndb null passwd perl relay sock sql wt" +# +# Note that multiple backends can be built. The ldbm backend requires a +# build-time choice of database API. To use the gdbm (or other) API the +# Berkely database module must be removed from the build. +md = "${libexecdir}/openldap" + +# #--enable-asyncmeta enable asyncmeta backend no|yes|mod no +PACKAGECONFIG[asyncmeta] = "--enable-asyncmeta=yes,--enable-asyncmeta=no" + +# #--enable-dnssrv enable dnssrv backend no|yes|mod no +PACKAGECONFIG[dnssrv] = "--enable-dnssrv=yes,--enable-dnssrv=no" + +# #--enable-ldap enable ldap backend no|yes|mod no +PACKAGECONFIG[ldap] = "--enable-ldap=yes,--enable-ldap=no," + +# #--enable-mdb enable mdb database backend no|yes|mod [yes] +PACKAGECONFIG[mdb] = "--enable-mdb=yes,--enable-mdb=no," + +# #--enable-meta enable metadirectory backend no|yes|mod no +PACKAGECONFIG[meta] = "--enable-meta=yes,--enable-meta=no," + +# #--enable-ndb enable MySQL NDB Cluster backend no|yes|mod [no] +PACKAGECONFIG[ndb] = "--enable-ndb=yes,--enable-ndb=no," + +# #--enable-null enable null backend no|yes|mod no +PACKAGECONFIG[null] = "--enable-null=yes,--enable-null=no," + +# #--enable-passwd enable passwd backend no|yes|mod no +PACKAGECONFIG[passwd] = "--enable-passwd=yes,--enable-passwd=no," + +# #--enable-perl enable perl backend no|yes|mod no +# # This requires a loadable perl dynamic library, if enabled without +# # doing something appropriate (building perl?) the build will pick +# # up the build machine perl - not good (inherit perlnative?) +PACKAGECONFIG[perl] = "--enable-perl=yes,--enable-perl=no,perl" + +# #--enable-relay enable relay backend no|yes|mod [yes] +PACKAGECONFIG[relay] = "--enable-relay=yes,--enable-relay=no," + +# #--enable-sock enable sock backend no|yes|mod [no] +PACKAGECONFIG[sock] = "--enable-sock=yes,--enable-sock=no," + +# #--enable-sql enable sql backend no|yes|mod no +# # sql requires some sql backend which provides sql.h, sqlite* provides +# # sqlite.h (which may be compatible but hasn't been tried.) +PACKAGECONFIG[sql] = "--enable-sql=yes,--enable-sql=no,sqlite3" + +# #--enable-wt enable wt backend no|yes|mod no +# # back-wt is marked currently as experimental +PACKAGECONFIG[wt] = "--enable-wt=yes,--enable-wt=no" + +# #--enable-dyngroup Dynamic Group overlay no|yes|mod no +# # This is a demo, Proxy Cache defines init_module which conflicts with the +# # same symbol in dyngroup +PACKAGECONFIG[dyngroup] = "--enable-dyngroup=yes,--enable-dyngroup=no," + +# #--enable-proxycache Proxy Cache overlay no|yes|mod no +PACKAGECONFIG[proxycache] = "--enable-proxycache=yes,--enable-proxycache=no," +FILES:${PN}-overlay-proxycache = "${md}/pcache-*.so.*" +PACKAGES += "${PN}-overlay-proxycache" + +# Append URANDOM_DEVICE='/dev/urandom' to CPPFLAGS: +# This allows tls to obtain random bits from /dev/urandom, by default +# it was disabled for cross-compiling. +CPPFLAGS:append = " -D_GNU_SOURCE -DURANDOM_DEVICE='/dev/urandom' -fPIC" + +LDFLAGS:append = " -pthread" + +do_configure() { + + export CPPFLAGS="${CPPFLAGS} ${CC_PURECAP_FLAGS}" + + rm -f ${S}/libtool + aclocal + libtoolize --force --copy + gnu-configize + cp ${STAGING_DATADIR_NATIVE}/libtool/build-aux/ltmain.sh ${S}/build + cp ${STAGING_DATADIR_NATIVE}/libtool/build-aux/missing ${S}/build + cp ${STAGING_DATADIR_NATIVE}/libtool/build-aux/compile ${S}/build + autoconf + oe_runconf +} + +do_install:append() { + install -d ${D}${sysconfdir}/init.d + cat ${WORKDIR}/initscript > ${D}${sysconfdir}/init.d/openldap + chmod 755 ${D}${sysconfdir}/init.d/openldap + # This is duplicated in /etc/openldap and is for slapd + rm -f ${D}{localstatedir}/openldap-data/DB_CONFIG.example + + # Installing slapd under ${sbin} is more FHS and LSB compliance + mv ${D}${libexecdir}/slapd ${D}${sbindir}/slapd + rmdir --ignore-fail-on-non-empty ${D}${libexecdir} + SLAPTOOLS="slapadd slapcat slapdn slapindex slappasswd slaptest slapauth slapacl slapschema slapmodify" + cd ${D}${sbindir}/ + rm -f ${SLAPTOOLS} + for i in ${SLAPTOOLS}; do ln -sf slapd $i; done + + rmdir "${D}${localstatedir}/run" + rmdir --ignore-fail-on-non-empty "${D}${localstatedir}" + + install -d ${D}${systemd_unitdir}/system/ + install -m 0644 ${WORKDIR}/slapd.service ${D}${systemd_unitdir}/system/slapd-morello.service + sed -i -e 's,@SBINDIR@,${sbindir},g' ${D}${systemd_unitdir}/system/*.service + + # Uses mdm as the database + # and localstatedir as data directory ... + sed -e 's/# modulepath/modulepath/' \ + -e 's/# moduleload\s*back_bdb.*/moduleload back_mdb/' \ + -e 's/database\s*bdb/database mdb/' \ + -e 's%^directory\s*.*%directory ${localstatedir}/${BPN_LDAP}/data/%' \ + -i ${D}${sysconfdir}/openldap/slapd.conf + + mkdir -p ${D}${localstatedir}/${BPN_LDAP}/data +} + +do_install:append() { + ${OBJDUMP_COMMAND} ${D}${libdir}/libldap-2.5.so.0 > ${D}${PURECAP_DEBUGDIR}/libldap-2.5.dump + ${READELF_COMMAND} ${D}${libdir}/libldap-2.5.so.0 > ${D}${PURECAP_DEBUGDIR}/libldap-2.5.readelf + + ${OBJDUMP_COMMAND} ${D}${libdir}/liblber-2.5.so.0 > ${D}${PURECAP_DEBUGDIR}/liblber-2.5.dump + ${READELF_COMMAND} ${D}${libdir}/liblber-2.5.so.0 > ${D}${PURECAP_DEBUGDIR}/liblber-2.5.readelf +} + +LEAD_SONAME = "libldap-${LDAP_VER}.so.*" + +# The executables go in a separate package. This allows the +# installation of the libraries with no daemon support. +# Each module also has its own package - see above. +PACKAGES += "${PN}-slapd ${PN}-slurpd ${PN}-bin" + +# Package contents - shift most standard contents to -bin +FILES:${PN} = "${libdir}/lib*.so.* ${sysconfdir}/openldap/ldap.* \ + ${localstatedir}/${BPN_LDAP}/data ${libdir} \ + " +FILES:${PN}-slapd = "${sysconfdir}/init.d ${libexecdir}/slapd ${sbindir} ${localstatedir}/run ${localstatedir}/volatile/run \ + ${sysconfdir}/openldap/slapd.* ${sysconfdir}/openldap/schema \ + ${sysconfdir}/openldap/DB_CONFIG.example ${systemd_unitdir}/system/*" +FILES:${PN}-slurpd = "${libexecdir}/slurpd ${localstatedir}/openldap-slurp" +FILES:${PN}-bin = "${bindir}" +FILES:${PN}-dev = "${includedir} ${libdir}/lib*.so ${libdir}/*.la ${libexecdir}/openldap/*.a ${libexecdir}/openldap/*.la ${libexecdir}/openldap/*.so ${libdir}/pkgconfig/*.pc" +FILES:${PN}-dbg += "${libexecdir}/openldap/.debug ${datadir}" + +FILES:${PN}-static-dev = "${libdir}/libldap.a ${libdir}/liblber.a" + +INITSCRIPT_PACKAGES = "${PN}-slapd" +INITSCRIPT_NAME:${PN}-slapd = "openldap" +INITSCRIPT_PARAMS:${PN}-slapd = "defaults" + +SYSTEMD_PACKAGES = "${PN}-slapd" +SYSTEMD_SERVICE:${PN}-slapd = "slapd-morello.service" +SYSTEMD_AUTO_ENABLE:${PN}-slapd ?= "disable" + +PACKAGES_DYNAMIC += "^${PN}-backends.* ^${PN}-backend-.*" + +# The modules require their .so to be dynamicaly loaded +INSANE_SKIP:${PN}-backend-asyncmeta += "dev-so" +INSANE_SKIP:${PN}-backend-dnssrv += "dev-so" +INSANE_SKIP:${PN}-backend-ldap += "dev-so" +INSANE_SKIP:${PN}-backend-meta += "dev-so" +INSANE_SKIP:${PN}-backend-mdb += "dev-so" +INSANE_SKIP:${PN}-backend-null += "dev-so" +INSANE_SKIP:${PN}-backend-passwd += "dev-so" + +# CVE-2015-3276 has no target code. +CVE_CHECK_IGNORE += "CVE-2015-3276"