summaryrefslogtreecommitdiff
path: root/net-nds/openldap/files
diff options
context:
space:
mode:
authorKarel Kočí <cynerd@email.cz>2018-12-03 21:11:10 +0100
committerKarel Kočí <cynerd@email.cz>2018-12-03 21:11:10 +0100
commitef94ef33fc2729b6340fa22abbd500b4728049da (patch)
tree07f28dfd766993308e0de766eaa1207dc1a81f10 /net-nds/openldap/files
parent677325bac4c11638cd75b37fffcf846544ef99b3 (diff)
downloadgentoo-personal-overlay-ef94ef33fc2729b6340fa22abbd500b4728049da.tar.gz
gentoo-personal-overlay-ef94ef33fc2729b6340fa22abbd500b4728049da.tar.bz2
gentoo-personal-overlay-ef94ef33fc2729b6340fa22abbd500b4728049da.zip
openldap: try to add symbol versions
Diffstat (limited to 'net-nds/openldap/files')
-rw-r--r--net-nds/openldap/files/DB_CONFIG.fast.example25
-rw-r--r--net-nds/openldap/files/libldap-symbol-versions.diff164
-rw-r--r--net-nds/openldap/files/openldap-2.2.14-perlthreadsfix.patch12
-rw-r--r--net-nds/openldap/files/openldap-2.4.11-libldap_r.patch11
-rw-r--r--net-nds/openldap/files/openldap-2.4.15-ppolicy.patch12
-rw-r--r--net-nds/openldap/files/openldap-2.4.17-fix-lmpasswd-gnutls-symbols.patch109
-rw-r--r--net-nds/openldap/files/openldap-2.4.17-gcc44.patch11
-rw-r--r--net-nds/openldap/files/openldap-2.4.28-fix-dash.patch26
-rw-r--r--net-nds/openldap/files/openldap-2.4.28-gnutls-gcrypt.patch11
-rw-r--r--net-nds/openldap/files/openldap-2.4.31-gcc47.patch16
-rw-r--r--net-nds/openldap/files/openldap-2.4.35-contrib-samba4.patch38
-rw-r--r--net-nds/openldap/files/openldap-2.4.35-contrib-smbk5pwd.patch48
-rw-r--r--net-nds/openldap/files/openldap-2.4.40-slapd-conf64
-rw-r--r--net-nds/openldap/files/openldap-2.4.42-mdb-unbundle.patch136
-rw-r--r--net-nds/openldap/files/openldap-2.4.45-fix-lmpasswd-gnutls-symbols.patch109
-rw-r--r--net-nds/openldap/files/openldap-2.4.45-libressl.patch65
-rw-r--r--net-nds/openldap/files/openldap-2.4.6-evolution-ntlm.patch192
-rw-r--r--net-nds/openldap/files/slapd-confd14
-rw-r--r--net-nds/openldap/files/slapd-confd-2.4.28-r126
-rw-r--r--net-nds/openldap/files/slapd-initd29
-rw-r--r--net-nds/openldap/files/slapd-initd-2.4.40-r264
-rw-r--r--net-nds/openldap/files/slapd.service12
-rw-r--r--net-nds/openldap/files/slapd.service.conf12
-rw-r--r--net-nds/openldap/files/slapd.tmpfilesd2
24 files changed, 1208 insertions, 0 deletions
diff --git a/net-nds/openldap/files/DB_CONFIG.fast.example b/net-nds/openldap/files/DB_CONFIG.fast.example
new file mode 100644
index 0000000..8b52062
--- /dev/null
+++ b/net-nds/openldap/files/DB_CONFIG.fast.example
@@ -0,0 +1,25 @@
+# $OpenLDAP: pkg/ldap/servers/slapd/DB_CONFIG,v 1.1 2004/06/18 02:49:08 kurt Exp $
+# Example DB_CONFIG file for use with slapd(8) BDB/HDB databases.
+#
+# See Sleepycat Berkeley DB documentation
+# <http://www.sleepycat.com/docs/ref/env/db_config.html>
+# for detail description of DB_CONFIG syntax and semantics.
+#
+# Hints can also be found in the OpenLDAP Software FAQ
+# <http://www.openldap.org/faq/index.cgi?file=2>
+
+# one 0.25 GB cache
+set_cachesize 0 16777216 0
+
+# Data Directory
+#set_data_dir db
+
+# Transaction Log settings
+set_lg_regionmax 262144
+set_lg_bsize 524288
+#set_lg_dir logs
+
+# When using (and only when using) slapadd(8) or slapindex(8),
+# the following flags may be useful:
+#set_flags DB_TXN_NOSYNC
+#set_flags DB_TXN_NOT_DURABLE
diff --git a/net-nds/openldap/files/libldap-symbol-versions.diff b/net-nds/openldap/files/libldap-symbol-versions.diff
new file mode 100644
index 0000000..187ab9c
--- /dev/null
+++ b/net-nds/openldap/files/libldap-symbol-versions.diff
@@ -0,0 +1,164 @@
+--- openldap-2.4.31.orig/debian/patches/libldap-symbol-versions
++++ openldap-2.4.31/debian/patches/libldap-symbol-versions
+@@ -0,0 +1,161 @@
++Add symbol versioning to the public LDAP libraries. This is required for
++library transitions, such as the current transition from 2.1 to 2.4,
++since programs will sometimes have both libraries loaded by different
++dependency chains during the transition.
++
++Not yet contributed upstream.
++
++Upstream ITS #5365 filed requesting symbol versioning for libldap and
++libber.
++
++--- a/libraries/libldap_r/Makefile.in
+++++ b/libraries/libldap_r/Makefile.in
++@@ -61,6 +61,9 @@
++ XXXLIBS = $(LTHREAD_LIBS)
++ NT_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS)
++ UNIX_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) $(LTHREAD_LIBS)
+++ifneq (,$(VERSION_OPTION))
+++ VERSION_FLAGS = "$(VERSION_OPTION)$(XXDIR)/libldap.map"
+++endif
++
++ .links : Makefile
++ @for i in $(XXSRCS); do \
++--- a/build/top.mk
+++++ b/build/top.mk
++@@ -104,6 +104,9 @@
++ # LINK_LIBS referenced in library and module link commands.
++ LINK_LIBS = $(MOD_LIBS) $(@PLAT@_LINK_LIBS)
++
+++# option to pass to $(CC) to support library symbol versioning, if any
+++VERSION_OPTION = @VERSION_OPTION@
+++
++ LTSTATIC = @LTSTATIC@
++
++ LTLINK = $(LIBTOOL) --mode=link \
++@@ -113,7 +116,7 @@
++ $(CC) $(LT_CFLAGS) $(LT_CPPFLAGS) $(LIB_DEFS) -c
++
++ LTLINK_LIB = $(LIBTOOL) $(LTONLY_LIB) --mode=link \
++- $(CC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS_LIB)
+++ $(CC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS_LIB) $(VERSION_FLAGS)
++
++ LTCOMPILE_MOD = $(LIBTOOL) $(LTONLY_MOD) --mode=compile \
++ $(CC) $(LT_CFLAGS) $(LT_CPPFLAGS) $(MOD_DEFS) -c
++--- a/build/openldap.m4
+++++ b/build/openldap.m4
++@@ -1136,3 +1136,54 @@
++ #endif
++ ], [ol_cv_ssl_crl_compat=yes], [ol_cv_ssl_crl_compat=no])])
++ ])
+++
+++dnl ====================================================================
+++dnl check for symbol versioning support
+++AC_DEFUN([OL_SYMBOL_VERSIONING],
+++[AC_CACHE_CHECK([for .symver assembler directive],
+++ [ol_cv_asm_symver_directive],[
+++cat > conftest.s <<EOF
+++${libc_cv_dot_text}
+++_sym:
+++.symver _sym,sym@VERS
+++EOF
+++if ${CC-cc} -c $ASFLAGS conftest.s 1>&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD; then
+++ ol_cv_asm_symver_directive=yes
+++else
+++ ol_cv_asm_symver_directive=no
+++fi
+++rm -f conftest*])
+++AC_CACHE_CHECK([for ld --version-script],
+++ [ol_cv_ld_version_script_option],[
+++if test $ol_cv_asm_symver_directive = yes; then
+++ cat > conftest.s <<EOF
+++${libc_cv_dot_text}
+++_sym:
+++.symver _sym,sym@VERS
+++EOF
+++ cat > conftest.map <<EOF
+++VERS_1 {
+++ global: sym;
+++};
+++
+++VERS_2 {
+++ global: sym;
+++} VERS_1;
+++EOF
+++ if ${CC-cc} -c $ASFLAGS conftest.s 1>&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD; then
+++ if AC_TRY_COMMAND([${CC-cc} $CFLAGS $LDFLAGS -shared
+++ -o conftest.so conftest.o
+++ -Wl,--version-script,conftest.map
+++ 1>&AS_MESSAGE_LOG_FD]);
+++ then
+++ ol_cv_ld_version_script_option=yes
+++ else
+++ ol_cv_ld_version_script_option=no
+++ fi
+++ else
+++ ol_cv_ld_version_script_option=no
+++ fi
+++else
+++ ol_cv_ld_version_script_option=no
+++fi
+++rm -f conftest*])])
++--- a/configure.in
+++++ b/configure.in
++@@ -1901,6 +1901,13 @@
++ fi
++ AC_SUBST(LTSTATIC)dnl
++
+++VERSION_OPTION=""
+++OL_SYMBOL_VERSIONING
+++if test $ol_cv_ld_version_script_option = yes ; then
+++ VERSION_OPTION="-Wl,--version-script="
+++fi
+++AC_SUBST(VERSION_OPTION)
+++
++ dnl ----------------------------------------------------------------
++ if test $ol_enable_wrappers != no ; then
++ AC_CHECK_HEADERS(tcpd.h,[
++--- /dev/null
+++++ b/libraries/libldap/libldap.map
++@@ -0,0 +1,7 @@
+++OPENLDAP_2.4_2 {
+++ global:
+++ ldap_*;
+++ ldif_*;
+++ local:
+++ *;
+++};
++--- a/libraries/libldap/Makefile.in
+++++ b/libraries/libldap/Makefile.in
++@@ -52,6 +52,9 @@
++ XXLIBS = $(SECURITY_LIBS) $(LUTIL_LIBS)
++ NT_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS)
++ UNIX_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS)
+++ifneq (,$(VERSION_OPTION))
+++ VERSION_FLAGS = $(VERSION_OPTION)$(srcdir)/libldap.map
+++endif
++
++ apitest: $(XLIBS) apitest.o
++ $(LTLINK) -o $@ apitest.o $(LIBS)
++--- a/libraries/liblber/Makefile.in
+++++ b/libraries/liblber/Makefile.in
++@@ -38,6 +38,9 @@
++ XXLIBS =
++ NT_LINK_LIBS = $(AC_LIBS)
++ UNIX_LINK_LIBS = $(AC_LIBS)
+++ifneq (,$(VERSION_OPTION))
+++ VERSION_FLAGS = "$(VERSION_OPTION)$(srcdir)/liblber.map"
+++endif
++
++ dtest: $(XLIBS) dtest.o
++ $(LTLINK) -o $@ dtest.o $(LIBS)
++--- /dev/null
+++++ b/libraries/liblber/liblber.map
++@@ -0,0 +1,8 @@
+++OPENLDAP_2.4_2 {
+++ global:
+++ ber_*;
+++ der_alloc;
+++ lutil_*;
+++ local:
+++ *;
+++};
diff --git a/net-nds/openldap/files/openldap-2.2.14-perlthreadsfix.patch b/net-nds/openldap/files/openldap-2.2.14-perlthreadsfix.patch
new file mode 100644
index 0000000..ddb6672
--- /dev/null
+++ b/net-nds/openldap/files/openldap-2.2.14-perlthreadsfix.patch
@@ -0,0 +1,12 @@
+diff -ur openldap-2.2.14.orig/servers/slapd/back-perl/Makefile.in openldap-2.2.14/servers/slapd/back-perl/Makefile.in
+--- openldap-2.2.14.orig/servers/slapd/back-perl/Makefile.in 2004-04-12 11:20:14.000000000 -0700
++++ openldap-2.2.14/servers/slapd/back-perl/Makefile.in 2004-06-20 18:43:41.000000000 -0700
+@@ -31,7 +31,7 @@
+
+ shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
+ NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
+-UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
++UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) `perl -MExtUtils::Embed -e ldopts`
+
+ LIBBASE = back_perl
+
diff --git a/net-nds/openldap/files/openldap-2.4.11-libldap_r.patch b/net-nds/openldap/files/openldap-2.4.11-libldap_r.patch
new file mode 100644
index 0000000..448249a
--- /dev/null
+++ b/net-nds/openldap/files/openldap-2.4.11-libldap_r.patch
@@ -0,0 +1,11 @@
+diff -Nuar openldap-2.4.11.orig/servers/slapd/slapi/Makefile.in openldap-2.4.11/servers/slapd/slapi/Makefile.in
+--- openldap-2.4.11.orig/servers/slapd/slapi/Makefile.in 2008-02-11 15:26:49.000000000 -0800
++++ openldap-2.4.11/servers/slapd/slapi/Makefile.in 2008-10-14 02:10:18.402799262 -0700
+@@ -37,6 +37,7 @@
+ XLIBS = $(LIBRARY)
+ XXLIBS =
+ NT_LINK_LIBS = $(AC_LIBS)
++UNIX_LINK_LIBS = ../../../libraries/libldap_r/libldap_r.la $(LTHREAD_LIBS)
+
+ XINCPATH = -I$(srcdir)/.. -I$(srcdir)
+ XDEFS = $(MODULES_CPPFLAGS)
diff --git a/net-nds/openldap/files/openldap-2.4.15-ppolicy.patch b/net-nds/openldap/files/openldap-2.4.15-ppolicy.patch
new file mode 100644
index 0000000..3195ee5
--- /dev/null
+++ b/net-nds/openldap/files/openldap-2.4.15-ppolicy.patch
@@ -0,0 +1,12 @@
+--- openldap-2.4.15/clients/tools/common.c.orig 2009-02-05 15:05:03.000000000 -0800
++++ openldap-2.4.15/clients/tools/common.c 2009-03-21 01:45:14.000000000 -0700
+@@ -1315,8 +1315,8 @@
+ int nsctrls = 0;
+
+ #ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST
++ LDAPControl c;
+ if ( ppolicy ) {
+- LDAPControl c;
+ c.ldctl_oid = LDAP_CONTROL_PASSWORDPOLICYREQUEST;
+ c.ldctl_value.bv_val = NULL;
+ c.ldctl_value.bv_len = 0;
diff --git a/net-nds/openldap/files/openldap-2.4.17-fix-lmpasswd-gnutls-symbols.patch b/net-nds/openldap/files/openldap-2.4.17-fix-lmpasswd-gnutls-symbols.patch
new file mode 100644
index 0000000..e511746
--- /dev/null
+++ b/net-nds/openldap/files/openldap-2.4.17-fix-lmpasswd-gnutls-symbols.patch
@@ -0,0 +1,109 @@
+If GnuTLS is used, the lmpasswd module for USE=samba does not compile.
+Forward-port an old Debian patch that upstream never applied.
+
+Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
+Signed-off-by: Steffen Hau <steffen@hauihau.de>
+X-Gentoo-Bug: http://bugs.gentoo.org/show_bug.cgi?id=233633
+X-Upstream-Bug: http://www.openldap.org/its/index.cgi/Software%20Enhancements?id=4997
+X-Debian-Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=245341
+
+--- openldap-2.4.17.orig/libraries/liblutil/passwd.c 2009-07-27 18:59:19.635995474 -0700
++++ openldap-2.4.17/libraries/liblutil/passwd.c 2009-07-27 19:01:13.588069010 -0700
+@@ -51,6 +51,26 @@ typedef unsigned char des_data_block[8];
+ typedef PK11Context *des_context[1];
+ #define DES_ENCRYPT CKA_ENCRYPT
+
++#elif defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)
++# include <gcrypt.h>
++static int gcrypt_init = 0;
++
++typedef const void* des_key;
++typedef unsigned char des_cblock[8];
++typedef des_cblock des_data_block;
++typedef int des_key_schedule; /* unused */
++typedef des_key_schedule des_context; /* unused */
++#define des_failed(encrypted) 0
++#define des_finish(key, schedule)
++
++#define des_set_key_unchecked( key, key_sched ) \
++ gcry_cipher_setkey( hd, key, 8 )
++
++#define des_ecb_encrypt( input, output, key_sched, enc ) \
++ gcry_cipher_encrypt( hd, *output, 8, *input, 8 )
++
++#define des_set_odd_parity( key ) do {} while(0)
++
+ #endif
+
+ #endif /* SLAPD_LMHASH */
+@@ -651,7 +671,7 @@ static int chk_md5(
+
+ #ifdef SLAPD_LMHASH
+
+-#if defined(HAVE_OPENSSL)
++#if defined(HAVE_OPENSSL) || defined(HAVE_GNUTLS_GNUTLS_H)
+
+ /*
+ * abstract away setting the parity.
+@@ -841,6 +861,19 @@ static int chk_lanman(
+ des_data_block StdText = "KGS!@#$%";
+ des_data_block PasswordHash1, PasswordHash2;
+ char PasswordHash[33], storedPasswordHash[33];
++
++#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)
++ gcry_cipher_hd_t hd;
++
++ if ( !gcrypt_init ) {
++ gcry_check_version( GCRYPT_VERSION );
++ gcrypt_init = 1;
++ }
++
++ schedule = schedule; /* unused - avoid warning */
++
++ gcry_cipher_open( &hd, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0 );
++#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */
+
+ for( i=0; i<cred->bv_len; i++) {
+ if(cred->bv_val[i] == '\0') {
+@@ -883,6 +916,10 @@ static int chk_lanman(
+ strncpy( storedPasswordHash, passwd->bv_val, 32 );
+ storedPasswordHash[32] = '\0';
+ ldap_pvt_str2lower( storedPasswordHash );
++
++#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)
++ gcry_cipher_close( hd );
++#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */
+
+ return memcmp( PasswordHash, storedPasswordHash, 32) ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
+ }
+@@ -1138,6 +1175,19 @@ static int hash_lanman(
+ des_data_block PasswordHash1, PasswordHash2;
+ char PasswordHash[33];
+
++#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)
++ gcry_cipher_hd_t hd;
++
++ if ( !gcrypt_init ) {
++ gcry_check_version( GCRYPT_VERSION );
++ gcrypt_init = 1;
++ }
++
++ schedule = schedule; /* unused - avoid warning */
++
++ gcry_cipher_open( &hd, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0 );
++#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */
++
+ for( i=0; i<passwd->bv_len; i++) {
+ if(passwd->bv_val[i] == '\0') {
+ return LUTIL_PASSWD_ERR; /* NUL character in password */
+@@ -1168,6 +1218,10 @@ static int hash_lanman(
+
+ hash->bv_val = PasswordHash;
+ hash->bv_len = 32;
++
++#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)
++ gcry_cipher_close( hd );
++#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */
+
+ return pw_string( scheme, hash );
+ }
diff --git a/net-nds/openldap/files/openldap-2.4.17-gcc44.patch b/net-nds/openldap/files/openldap-2.4.17-gcc44.patch
new file mode 100644
index 0000000..aa7fe7a
--- /dev/null
+++ b/net-nds/openldap/files/openldap-2.4.17-gcc44.patch
@@ -0,0 +1,11 @@
+diff -ur openldap-2.4.17.orig/contrib/ldapc++/src/SaslInteractionHandler.cpp openldap-2.4.17/contrib/ldapc++/src/SaslInteractionHandler.cpp
+--- openldap-2.4.17.orig/contrib/ldapc++/src/SaslInteractionHandler.cpp 2008-04-15 02:09:26.000000000 +0300
++++ openldap-2.4.17/contrib/ldapc++/src/SaslInteractionHandler.cpp 2009-08-10 13:21:24.000000000 +0300
+@@ -13,6 +13,7 @@
+ #include <termios.h>
+ #endif
+
++#include <stdio.h>
+ #include <string.h>
+ #include "SaslInteractionHandler.h"
+ #include "SaslInteraction.h"
diff --git a/net-nds/openldap/files/openldap-2.4.28-fix-dash.patch b/net-nds/openldap/files/openldap-2.4.28-fix-dash.patch
new file mode 100644
index 0000000..d15c3d2
--- /dev/null
+++ b/net-nds/openldap/files/openldap-2.4.28-fix-dash.patch
@@ -0,0 +1,26 @@
+Our libtool needs bash to work properly.
+Patch unbreaks build when /bin/sh points to dash:
+
+ Entering subdirectory liblber
+ /bin/sh ../../libtool --mode=compile x86_64-pc-linux-gnu-gcc -O0 -D_GNU_SOURCE -I../../include -I../../include -I/usr/include/db4.8 -DLDAP_CONNECTIONLESS -DLBER_LIBRARY -c assert.c
+ ../../build/mkversion -v "2.4.28" liblber.la > version.c
+ /bin/sh ../../libtool --mode=compile x86_64-pc-linux-gnu-gcc -O0 -D_GNU_SOURCE -I../../include -I../../include -I/usr/include/db4.8 -DLDAP_CONNECTIONLESS -DLBER_LIBRARY -c decode.c
+ eval: 1: base_compile+= x86_64-pc-linux-gnu-gcc: not found
+ eval: 1: base_compile+= -O0: not found
+ eval: 1: base_compile+= -D_GNU_SOURCE: not found
+ eval: 1: base_compile+= x86_64-pc-linux-gnu-gcc: not found
+ ...
+ make[2]: *** [decode.lo] Error 1
+diff --git a/build/top.mk b/build/top.mk
+index 6fea488..ea324e3 100644
+--- a/build/top.mk
++++ b/build/top.mk
+@@ -20,7 +20,7 @@ VERSION= @VERSION@
+ RELEASEDATE= @OPENLDAP_RELEASE_DATE@
+
+ @SET_MAKE@
+-SHELL = /bin/sh
++SHELL = @SHELL@
+
+ top_builddir = @top_builddir@
+
diff --git a/net-nds/openldap/files/openldap-2.4.28-gnutls-gcrypt.patch b/net-nds/openldap/files/openldap-2.4.28-gnutls-gcrypt.patch
new file mode 100644
index 0000000..aeecb0f
--- /dev/null
+++ b/net-nds/openldap/files/openldap-2.4.28-gnutls-gcrypt.patch
@@ -0,0 +1,11 @@
+--- openldap-2.4.28/configure.in.orig 2012-02-11 22:40:36.004360795 +0000
++++ openldap-2.4.28/configure.in 2012-02-11 22:40:13.410986851 +0000
+@@ -1214,7 +1214,7 @@
+ ol_with_tls=gnutls
+ ol_link_tls=yes
+
+- TLS_LIBS="-lgnutls"
++ TLS_LIBS="-lgnutls -lgcrypt"
+
+ AC_DEFINE(HAVE_GNUTLS, 1,
+ [define if you have GNUtls])
diff --git a/net-nds/openldap/files/openldap-2.4.31-gcc47.patch b/net-nds/openldap/files/openldap-2.4.31-gcc47.patch
new file mode 100644
index 0000000..5b6af4b
--- /dev/null
+++ b/net-nds/openldap/files/openldap-2.4.31-gcc47.patch
@@ -0,0 +1,16 @@
+Fix building with gcc-4.7
+
+https://bugs.gentoo.org/show_bug.cgi?id=420959
+http://www.openldap.org/its/index.cgi/Incoming?id=7304;page=16 #ITS 7304
+
+Patch written by Kacper Kowalik <xarthisius@gentoo.org>
+--- a/contrib/ldapc++/src/SaslInteractionHandler.cpp
++++ b/contrib/ldapc++/src/SaslInteractionHandler.cpp
+@@ -16,6 +16,7 @@
+
+ #include <stdio.h>
+ #include <string.h>
++#include <unistd.h>
+ #include "SaslInteractionHandler.h"
+ #include "SaslInteraction.h"
+ #include "debug.h"
diff --git a/net-nds/openldap/files/openldap-2.4.35-contrib-samba4.patch b/net-nds/openldap/files/openldap-2.4.35-contrib-samba4.patch
new file mode 100644
index 0000000..4312dc7
--- /dev/null
+++ b/net-nds/openldap/files/openldap-2.4.35-contrib-samba4.patch
@@ -0,0 +1,38 @@
+diff -Nuar openldap-2.4.35.orig/contrib/slapd-modules/samba4/Makefile openldap-2.4.35/contrib/slapd-modules/samba4/Makefile
+--- openldap-2.4.35.orig/contrib/slapd-modules/samba4/Makefile 2013-03-28 15:41:51.000000000 +0000
++++ openldap-2.4.35/contrib/slapd-modules/samba4/Makefile 2013-04-16 02:16:40.651868432 +0000
+@@ -20,7 +20,8 @@
+
+ LIBTOOL = $(LDAP_BUILD)/libtool
+ CC = gcc
+-OPT = -g -O2 -Wall
++#OPT = -g -O2 -Wall
++OPT = -Wall
+ DEFS = -DSLAPD_OVER_RDNVAL=SLAPD_MOD_DYNAMIC \
+ -DSLAPD_OVER_PGUID=SLAPD_MOD_DYNAMIC \
+ -DSLAPD_OVER_VERNUM=SLAPD_MOD_DYNAMIC
+@@ -41,20 +42,20 @@
+ .SUFFIXES: .c .o .lo
+
+ .c.lo:
+- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $<
++ $(LIBTOOL) --mode=compile $(CC) $(OPT) $(CFLAGS) $(DEFS) $(INCS) -c $<
+
+ all: $(PROGRAMS)
+
+ pguid.la: pguid.lo
+- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \
++ $(LIBTOOL) --mode=link $(CC) $(OPT) $(CFLAGS) -version-info $(LTVER) \
+ -rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+ rdnval.la: rdnval.lo
+- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \
++ $(LIBTOOL) --mode=link $(CC) $(OPT) $(CFLAGS) -version-info $(LTVER) \
+ -rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+ vernum.la: vernum.lo
+- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \
++ $(LIBTOOL) --mode=link $(CC) $(OPT) $(CFLAGS) -version-info $(LTVER) \
+ -rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+ clean:
diff --git a/net-nds/openldap/files/openldap-2.4.35-contrib-smbk5pwd.patch b/net-nds/openldap/files/openldap-2.4.35-contrib-smbk5pwd.patch
new file mode 100644
index 0000000..4383802
--- /dev/null
+++ b/net-nds/openldap/files/openldap-2.4.35-contrib-smbk5pwd.patch
@@ -0,0 +1,48 @@
+diff -Nuar openldap-2.4.35.orig/contrib/slapd-modules/smbk5pwd/Makefile openldap-2.4.35/contrib/slapd-modules/smbk5pwd/Makefile
+--- openldap-2.4.35.orig/contrib/slapd-modules/smbk5pwd/Makefile 2013-03-28 15:41:51.000000000 +0000
++++ openldap-2.4.35/contrib/slapd-modules/smbk5pwd/Makefile 2013-04-16 02:13:38.939913119 +0000
+@@ -21,16 +21,23 @@
+ SSL_INC =
+ SSL_LIB = -lcrypto
+
+-HEIMDAL_INC = -I/usr/heimdal/include
+-HEIMDAL_LIB = -L/usr/heimdal/lib -lkrb5 -lkadm5srv
++#HEIMDAL_INC = -I/usr/heimdal/include
++#HEIMDAL_LIB = -L/usr/heimdal/lib -lkrb5 -lkadm5srv
++KRB5_INC = $(HEIMDAL_INC)
++KRB5_LIB = $(HEIMDAL_LIB) -lkrb5 -lkadm5srv
+
+ LIBTOOL = $(LDAP_BUILD)/libtool
+ CC = gcc
+-OPT = -g -O2 -Wall
++#OPT = -g -O2 -Wall
++OPT = -Wall
+ # Omit DO_KRB5, DO_SAMBA or DO_SHADOW if you don't want to support it.
+-DEFS = -DDO_KRB5 -DDO_SAMBA -DDO_SHADOW
+-INCS = $(LDAP_INC) $(HEIMDAL_INC) $(SSL_INC)
+-LIBS = $(LDAP_LIB) $(HEIMDAL_LIB) $(SSL_LIB)
++#DEFS = -DDO_KRB5 -DDO_SAMBA -DDO_SHADOW
++INCS = $(LDAP_INC) $(KRB5_INC) $(SSL_INC)
++ifneq (DDO_KRB5,$(findstring DDO_KRB5,$(DEFS)))
++ LIBS=$(LDAP_LIB) $(SSL_LIB)
++else
++ LIBS=$(LDAP_LIB) $(KRB5_LIB) $(SSL_LIB)
++endif
+
+ PROGRAMS = smbk5pwd.la
+ LTVER = 0:0:0
+@@ -46,12 +53,12 @@
+ .SUFFIXES: .c .o .lo
+
+ .c.lo:
+- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $<
++ $(LIBTOOL) --mode=compile $(CC) $(OPT) $(CFLAGS) $(DEFS) $(INCS) -c $<
+
+ all: $(PROGRAMS)
+
+ smbk5pwd.la: smbk5pwd.lo
+- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \
++ $(LIBTOOL) --mode=link $(CC) $(OPT) $(CFLAGS) -version-info $(LTVER) \
+ -rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+ clean:
diff --git a/net-nds/openldap/files/openldap-2.4.40-slapd-conf b/net-nds/openldap/files/openldap-2.4.40-slapd-conf
new file mode 100644
index 0000000..8ecc732
--- /dev/null
+++ b/net-nds/openldap/files/openldap-2.4.40-slapd-conf
@@ -0,0 +1,64 @@
+#
+# See slapd.conf(5) for details on configuration options.
+# This file should NOT be world readable.
+#
+include /etc/openldap/schema/core.schema
+
+# Define global ACLs to disable default read access.
+
+# Do not enable referrals until AFTER you have a working directory
+# service AND an understanding of referrals.
+#referral ldap://root.openldap.org
+
+pidfile /run/openldap/slapd.pid
+argsfile /run/openldap/slapd.args
+
+# Load dynamic backend modules:
+###INSERTDYNAMICMODULESHERE###
+
+# Sample security restrictions
+# Require integrity protection (prevent hijacking)
+# Require 112-bit (3DES or better) encryption for updates
+# Require 63-bit encryption for simple bind
+# security ssf=1 update_ssf=112 simple_bind=64
+
+# Sample access control policy:
+# Root DSE: allow anyone to read it
+# Subschema (sub)entry DSE: allow anyone to read it
+# Other DSEs:
+# Allow self write access
+# Allow authenticated users read access
+# Allow anonymous users to authenticate
+# Directives needed to implement policy:
+# access to dn.base="" by * read
+# access to dn.base="cn=Subschema" by * read
+# access to *
+# by self write
+# by users read
+# by anonymous auth
+#
+# if no access controls are present, the default policy
+# allows anyone and everyone to read anything but restricts
+# updates to rootdn. (e.g., "access to * by * read")
+#
+# rootdn can always read and write EVERYTHING!
+
+#######################################################################
+# BDB database definitions
+#######################################################################
+
+database hdb
+suffix "dc=my-domain,dc=com"
+# <kbyte> <min>
+checkpoint 32 30
+rootdn "cn=Manager,dc=my-domain,dc=com"
+# Cleartext passwords, especially for the rootdn, should
+# be avoid. See slappasswd(8) and slapd.conf(5) for details.
+# Use of strong authentication encouraged.
+rootpw secret
+# The database directory MUST exist prior to running slapd AND
+# should only be accessible by the slapd and slap tools.
+# Mode 700 recommended.
+directory /var/lib/openldap-data
+# Indices to maintain
+index objectClass eq
diff --git a/net-nds/openldap/files/openldap-2.4.42-mdb-unbundle.patch b/net-nds/openldap/files/openldap-2.4.42-mdb-unbundle.patch
new file mode 100644
index 0000000..9265a01
--- /dev/null
+++ b/net-nds/openldap/files/openldap-2.4.42-mdb-unbundle.patch
@@ -0,0 +1,136 @@
+--- ./build/top.mk.orig 2014-10-24 14:34:59.260827298 +0200
++++ ./build/top.mk 2014-10-24 14:35:25.281168893 +0200
+@@ -160,6 +160,7 @@
+ LTHREAD_LIBS = @LTHREAD_LIBS@
+
+ BDB_LIBS = @BDB_LIBS@
++MDB_LIBS = @MDB_LIBS@
+ SLAPD_NDB_LIBS = @SLAPD_NDB_LIBS@
+
+ LDAP_LIBLBER_LA = $(LDAP_LIBDIR)/liblber/liblber.la
+--- ./build/openldap.m4.orig 2014-10-24 10:52:02.837221734 +0200
++++ ./build/openldap.m4 2014-10-24 11:31:02.748087966 +0200
+@@ -563,6 +563,38 @@
+ ], [ol_cv_bdb_compat=yes], [ol_cv_bdb_compat=no])])
+ ])
+
++dnl --------------------------------------------------------------------
++dnl Check for version compatility with back-mdb
++AC_DEFUN([OL_MDB_COMPAT],
++[AC_CACHE_CHECK([if LMDB version supported by MDB backends], [ol_cv_mdb_compat],[
++ AC_EGREP_CPP(__mdb_version_compat,[
++#include <lmdb.h>
++
++/* require 0.9.14 or later */
++#if MDB_VERSION_FULL >= 0x00000009000E
++ __mdb_version_compat
++#endif
++ ], [ol_cv_mdb_compat=yes], [ol_cv_mdb_compat=no])])
++])
++
++dnl
++dnl --------------------------------------------------------------------
++dnl Find any MDB
++AC_DEFUN([OL_MDB],
++[ol_cv_mdb=no
++AC_CHECK_HEADERS(lmdb.h)
++if test $ac_cv_header_lmdb_h = yes; then
++ OL_MDB_COMPAT
++
++ if test $ol_cv_mdb_compat != yes ; then
++ AC_MSG_ERROR([LMDB version incompatible with MDB backends])
++ fi
++
++ ol_cv_lib_mdb=-llmdb
++ ol_cv_mdb=yes
++fi
++])
++
+ dnl
+ dnl ====================================================================
+ dnl Check POSIX Thread version
+--- ./servers/slapd/back-mdb/Makefile.in.orig 2014-10-24 10:31:30.860931076 +0200
++++ ./servers/slapd/back-mdb/Makefile.in 2014-10-24 14:33:33.803705424 +0200
+@@ -25,11 +25,10 @@
+ extended.lo operational.lo \
+ attr.lo index.lo key.lo filterindex.lo \
+ dn2entry.lo dn2id.lo id2entry.lo idl.lo \
+- nextid.lo monitor.lo mdb.lo midl.lo
++ nextid.lo monitor.lo
+
+ LDAP_INCDIR= ../../../include
+ LDAP_LIBDIR= ../../../libraries
+-MDB_SUBDIR = $(srcdir)/$(LDAP_LIBDIR)/liblmdb
+
+ BUILD_OPT = "--enable-mdb"
+ BUILD_MOD = @BUILD_MDB@
+@@ -44,7 +43,7 @@
+
+ LIBBASE = back_mdb
+
+-XINCPATH = -I.. -I$(srcdir)/.. -I$(MDB_SUBDIR)
++XINCPATH = -I.. -I$(srcdir)/..
+ XDEFS = $(MODULES_CPPFLAGS)
+
+ all-local-lib: ../.backend
+@@ -52,11 +51,5 @@
+ ../.backend: lib$(LIBBASE).a
+ @touch $@
+
+-mdb.lo: $(MDB_SUBDIR)/mdb.c
+- $(LTCOMPILE_MOD) $(MDB_SUBDIR)/mdb.c
+-
+-midl.lo: $(MDB_SUBDIR)/midl.c
+- $(LTCOMPILE_MOD) $(MDB_SUBDIR)/midl.c
+-
+ veryclean-local-lib: FORCE
+ $(RM) $(XXHEADERS) $(XXSRCS) .links
+--- ./configure.in.orig 2014-10-24 10:46:53.289139847 +0200
++++ ./configure.in 2014-10-24 10:51:34.372846374 +0200
+@@ -519,6 +519,7 @@
+ dnl Initialize vars
+ LDAP_LIBS=
+ BDB_LIBS=
++MDB_LIBS=
+ SLAPD_NDB_LIBS=
+ SLAPD_NDB_INCS=
+ LTHREAD_LIBS=
+@@ -1905,6 +1906,30 @@
+ fi
+
+ dnl ----------------------------------------------------------------
++ol_link_mdb=no
++
++if test $ol_enable_mdb != no; then
++ OL_MDB
++
++ if test $ol_cv_mdb = no ; then
++ AC_MSG_ERROR(MDB: LMDB not available)
++ fi
++
++ AC_DEFINE(HAVE_MDB,1,
++ [define this if LMDB is available])
++
++ dnl $ol_cv_lib_mdb should be yes or -llmdb
++ dnl (it could be no, but that would be an error
++ if test $ol_cv_lib_mdb != yes ; then
++ MDB_LIBS="$MDB_LIBS $ol_cv_lib_mdb"
++ fi
++
++ SLAPD_LIBS="$SLAPD_LIBS \$(MDB_LIBS)"
++
++ ol_link_mdb=yes
++fi
++
++dnl ----------------------------------------------------------------
+
+ if test $ol_enable_dynamic = yes && test $enable_shared = yes ; then
+ BUILD_LIBS_DYNAMIC=shared
+@@ -3133,6 +3158,7 @@
+ AC_SUBST(LDAP_LIBS)
+ AC_SUBST(SLAPD_LIBS)
+ AC_SUBST(BDB_LIBS)
++AC_SUBST(MDB_LIBS)
+ AC_SUBST(SLAPD_NDB_LIBS)
+ AC_SUBST(SLAPD_NDB_INCS)
+ AC_SUBST(LTHREAD_LIBS)
diff --git a/net-nds/openldap/files/openldap-2.4.45-fix-lmpasswd-gnutls-symbols.patch b/net-nds/openldap/files/openldap-2.4.45-fix-lmpasswd-gnutls-symbols.patch
new file mode 100644
index 0000000..29688fc
--- /dev/null
+++ b/net-nds/openldap/files/openldap-2.4.45-fix-lmpasswd-gnutls-symbols.patch
@@ -0,0 +1,109 @@
+If GnuTLS is used, the lmpasswd module for USE=samba does not compile.
+Forward-port an old Debian patch that upstream never applied.
+
+Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
+Signed-off-by: Steffen Hau <steffen@hauihau.de>
+X-Gentoo-Bug: http://bugs.gentoo.org/show_bug.cgi?id=233633
+X-Upstream-Bug: http://www.openldap.org/its/index.cgi/Software%20Enhancements?id=4997
+X-Debian-Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=245341
+
+--- openldap-2.4.17.orig/libraries/liblutil/passwd.c 2009-07-27 18:59:19.635995474 -0700
++++ openldap-2.4.17/libraries/liblutil/passwd.c 2009-07-27 19:01:13.588069010 -0700
+@@ -51,6 +51,26 @@ typedef unsigned char des_data_block[8];
+ typedef PK11Context *des_context[1];
+ #define DES_ENCRYPT CKA_ENCRYPT
+
++#elif defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)
++# include <gcrypt.h>
++static int gcrypt_init = 0;
++
++typedef const void* des_key;
++typedef unsigned char DES_cblock[8];
++typedef DES_cblock des_data_block;
++typedef int DES_key_schedule; /* unused */
++typedef DES_key_schedule des_context; /* unused */
++#define des_failed(encrypted) 0
++#define des_finish(key, schedule)
++
++#define DES_set_key_unchecked( key, key_sched ) \
++ gcry_cipher_setkey( hd, key, 8 )
++
++#define DES_ecb_encrypt( input, output, key_sched, enc ) \
++ gcry_cipher_encrypt( hd, *output, 8, *input, 8 )
++
++#define DES_set_odd_parity( key ) do {} while(0)
++
+ #endif
+
+ #endif /* SLAPD_LMHASH */
+@@ -651,7 +671,7 @@ static int chk_md5(
+
+ #ifdef SLAPD_LMHASH
+
+-#if defined(HAVE_OPENSSL)
++#if defined(HAVE_OPENSSL) || defined(HAVE_GNUTLS_GNUTLS_H)
+
+ /*
+ * abstract away setting the parity.
+@@ -841,6 +861,19 @@ static int chk_lanman(
+ des_data_block StdText = "KGS!@#$%";
+ des_data_block PasswordHash1, PasswordHash2;
+ char PasswordHash[33], storedPasswordHash[33];
++
++#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)
++ gcry_cipher_hd_t hd;
++
++ if ( !gcrypt_init ) {
++ gcry_check_version( GCRYPT_VERSION );
++ gcrypt_init = 1;
++ }
++
++ schedule = schedule; /* unused - avoid warning */
++
++ gcry_cipher_open( &hd, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0 );
++#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */
+
+ for( i=0; i<cred->bv_len; i++) {
+ if(cred->bv_val[i] == '\0') {
+@@ -883,6 +916,10 @@ static int chk_lanman(
+ strncpy( storedPasswordHash, passwd->bv_val, 32 );
+ storedPasswordHash[32] = '\0';
+ ldap_pvt_str2lower( storedPasswordHash );
++
++#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)
++ gcry_cipher_close( hd );
++#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */
+
+ return memcmp( PasswordHash, storedPasswordHash, 32) ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
+ }
+@@ -1138,6 +1175,19 @@ static int hash_lanman(
+ des_data_block PasswordHash1, PasswordHash2;
+ char PasswordHash[33];
+
++#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)
++ gcry_cipher_hd_t hd;
++
++ if ( !gcrypt_init ) {
++ gcry_check_version( GCRYPT_VERSION );
++ gcrypt_init = 1;
++ }
++
++ schedule = schedule; /* unused - avoid warning */
++
++ gcry_cipher_open( &hd, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0 );
++#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */
++
+ for( i=0; i<passwd->bv_len; i++) {
+ if(passwd->bv_val[i] == '\0') {
+ return LUTIL_PASSWD_ERR; /* NUL character in password */
+@@ -1168,6 +1218,10 @@ static int hash_lanman(
+
+ hash->bv_val = PasswordHash;
+ hash->bv_len = 32;
++
++#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)
++ gcry_cipher_close( hd );
++#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */
+
+ return pw_string( scheme, hash );
+ }
diff --git a/net-nds/openldap/files/openldap-2.4.45-libressl.patch b/net-nds/openldap/files/openldap-2.4.45-libressl.patch
new file mode 100644
index 0000000..20a65a4
--- /dev/null
+++ b/net-nds/openldap/files/openldap-2.4.45-libressl.patch
@@ -0,0 +1,65 @@
+--- libraries/libldap/tls_o.c.orig 2017-06-04 16:31:28 UTC
++++ libraries/libldap/tls_o.c
+@@ -47,7 +47,7 @@
+ #include <ssl.h>
+ #endif
+
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000
++#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)
+ #define ASN1_STRING_data(x) ASN1_STRING_get0_data(x)
+ #endif
+
+@@ -157,7 +157,7 @@ tlso_init( void )
+ (void) tlso_seed_PRNG( lo->ldo_tls_randfile );
+ #endif
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000
++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
+ SSL_load_error_strings();
+ SSL_library_init();
+ OpenSSL_add_all_digests();
+@@ -205,7 +205,7 @@ static void
+ tlso_ctx_ref( tls_ctx *ctx )
+ {
+ tlso_ctx *c = (tlso_ctx *)ctx;
+-#if OPENSSL_VERSION_NUMBER < 0x10100000
++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
+ #define SSL_CTX_up_ref(ctx) CRYPTO_add( &(ctx->references), 1, CRYPTO_LOCK_SSL_CTX )
+ #endif
+ SSL_CTX_up_ref( c );
+@@ -464,7 +464,7 @@ tlso_session_my_dn( tls_session *sess, struct berval *
+ if (!x) return LDAP_INVALID_CREDENTIALS;
+
+ xn = X509_get_subject_name(x);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000
++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
+ der_dn->bv_len = i2d_X509_NAME( xn, NULL );
+ der_dn->bv_val = xn->bytes->data;
+ #else
+@@ -500,7 +500,7 @@ tlso_session_peer_dn( tls_session *sess, struct berval
+ return LDAP_INVALID_CREDENTIALS;
+
+ xn = X509_get_subject_name(x);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000
++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
+ der_dn->bv_len = i2d_X509_NAME( xn, NULL );
+ der_dn->bv_val = xn->bytes->data;
+ #else
+@@ -721,7 +721,7 @@ struct tls_data {
+ Sockbuf_IO_Desc *sbiod;
+ };
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000
++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
+ #define BIO_set_init(b, x) b->init = x
+ #define BIO_set_data(b, x) b->ptr = x
+ #define BIO_clear_flags(b, x) b->flags &= ~(x)
+@@ -822,7 +822,7 @@ tlso_bio_puts( BIO *b, const char *str )
+ return tlso_bio_write( b, str, strlen( str ) );
+ }
+
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000
++#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)
+ struct bio_method_st {
+ int type;
+ const char *name;
diff --git a/net-nds/openldap/files/openldap-2.4.6-evolution-ntlm.patch b/net-nds/openldap/files/openldap-2.4.6-evolution-ntlm.patch
new file mode 100644
index 0000000..33ff29e
--- /dev/null
+++ b/net-nds/openldap/files/openldap-2.4.6-evolution-ntlm.patch
@@ -0,0 +1,192 @@
+diff -up evo-openldap-2.4.14/include/ldap.h.evolution-ntlm evo-openldap-2.4.14/include/ldap.h
+--- evo-openldap-2.4.14/include/ldap.h.evolution-ntlm 2009-01-27 00:29:53.000000000 +0100
++++ evo-openldap-2.4.14/include/ldap.h 2009-02-17 10:10:00.000000000 +0100
+@@ -2461,5 +2461,26 @@ ldap_parse_deref_control LDAP_P((
+ LDAPControl **ctrls,
+ LDAPDerefRes **drp ));
+
++/*
++ * hacks for NTLM
++ */
++#define LDAP_AUTH_NTLM_REQUEST ((ber_tag_t) 0x8aU)
++#define LDAP_AUTH_NTLM_RESPONSE ((ber_tag_t) 0x8bU)
++LDAP_F( int )
++ldap_ntlm_bind LDAP_P((
++ LDAP *ld,
++ LDAP_CONST char *dn,
++ ber_tag_t tag,
++ struct berval *cred,
++ LDAPControl **sctrls,
++ LDAPControl **cctrls,
++ int *msgidp ));
++LDAP_F( int )
++ldap_parse_ntlm_bind_result LDAP_P((
++ LDAP *ld,
++ LDAPMessage *res,
++ struct berval *challenge));
++
++
+ LDAP_END_DECL
+ #endif /* _LDAP_H */
+diff -up evo-openldap-2.4.14/libraries/libldap/Makefile.in.evolution-ntlm evo-openldap-2.4.14/libraries/libldap/Makefile.in
+--- evo-openldap-2.4.14/libraries/libldap/Makefile.in.evolution-ntlm 2009-01-27 00:29:53.000000000 +0100
++++ evo-openldap-2.4.14/libraries/libldap/Makefile.in 2009-02-17 10:10:00.000000000 +0100
+@@ -20,7 +20,7 @@ PROGRAMS = apitest dntest ftest ltest ur
+ SRCS = bind.c open.c result.c error.c compare.c search.c \
+ controls.c messages.c references.c extended.c cyrus.c \
+ modify.c add.c modrdn.c delete.c abandon.c \
+- sasl.c gssapi.c sbind.c unbind.c cancel.c \
++ sasl.c ntlm.c gssapi.c sbind.c unbind.c cancel.c \
+ filter.c free.c sort.c passwd.c whoami.c \
+ getdn.c getentry.c getattr.c getvalues.c addentry.c \
+ request.c os-ip.c url.c pagectrl.c sortctrl.c vlvctrl.c \
+@@ -33,7 +33,7 @@ SRCS = bind.c open.c result.c error.c co
+ OBJS = bind.lo open.lo result.lo error.lo compare.lo search.lo \
+ controls.lo messages.lo references.lo extended.lo cyrus.lo \
+ modify.lo add.lo modrdn.lo delete.lo abandon.lo \
+- sasl.lo gssapi.lo sbind.lo unbind.lo cancel.lo \
++ sasl.lo ntlm.lo gssapi.lo sbind.lo unbind.lo cancel.lo \
+ filter.lo free.lo sort.lo passwd.lo whoami.lo \
+ getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \
+ request.lo os-ip.lo url.lo pagectrl.lo sortctrl.lo vlvctrl.lo \
+diff -up /dev/null evo-openldap-2.4.14/libraries/libldap/ntlm.c
+--- /dev/null 2009-02-17 09:19:52.829004420 +0100
++++ evo-openldap-2.4.14/libraries/libldap/ntlm.c 2009-02-17 10:10:00.000000000 +0100
+@@ -0,0 +1,137 @@
++/* $OpenLDAP: pkg/ldap/libraries/libldap/ntlm.c,v 1.1.4.10 2002/01/04 20:38:21 kurt Exp $ */
++/*
++ * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
++ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
++ */
++
++/* Mostly copied from sasl.c */
++
++#include "portable.h"
++
++#include <stdlib.h>
++#include <stdio.h>
++
++#include <ac/socket.h>
++#include <ac/string.h>
++#include <ac/time.h>
++#include <ac/errno.h>
++
++#include "ldap-int.h"
++
++int
++ldap_ntlm_bind(
++ LDAP *ld,
++ LDAP_CONST char *dn,
++ ber_tag_t tag,
++ struct berval *cred,
++ LDAPControl **sctrls,
++ LDAPControl **cctrls,
++ int *msgidp )
++{
++ BerElement *ber;
++ int rc;
++ ber_int_t id;
++
++ Debug( LDAP_DEBUG_TRACE, "ldap_ntlm_bind\n", 0, 0, 0 );
++
++ assert( ld != NULL );
++ assert( LDAP_VALID( ld ) );
++ assert( msgidp != NULL );
++
++ if( msgidp == NULL ) {
++ ld->ld_errno = LDAP_PARAM_ERROR;
++ return ld->ld_errno;
++ }
++
++ /* create a message to send */
++ if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
++ ld->ld_errno = LDAP_NO_MEMORY;
++ return ld->ld_errno;
++ }
++
++ assert( LBER_VALID( ber ) );
++
++ LDAP_NEXT_MSGID( ld, id );
++ rc = ber_printf( ber, "{it{istON}" /*}*/,
++ id, LDAP_REQ_BIND,
++ ld->ld_version, dn, tag,
++ cred );
++
++ /* Put Server Controls */
++ if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) {
++ ber_free( ber, 1 );
++ return ld->ld_errno;
++ }
++
++ if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) {
++ ld->ld_errno = LDAP_ENCODING_ERROR;
++ ber_free( ber, 1 );
++ return ld->ld_errno;
++ }
++
++ /* send the message */
++ *msgidp = ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber, id );
++
++ if(*msgidp < 0)
++ return ld->ld_errno;
++
++ return LDAP_SUCCESS;
++}
++
++int
++ldap_parse_ntlm_bind_result(
++ LDAP *ld,
++ LDAPMessage *res,
++ struct berval *challenge)
++{
++ ber_int_t errcode;
++ ber_tag_t tag;
++ BerElement *ber;
++ ber_len_t len;
++
++ Debug( LDAP_DEBUG_TRACE, "ldap_parse_ntlm_bind_result\n", 0, 0, 0 );
++
++ assert( ld != NULL );
++ assert( LDAP_VALID( ld ) );
++ assert( res != NULL );
++
++ if ( ld == NULL || res == NULL ) {
++ return LDAP_PARAM_ERROR;
++ }
++
++ if( res->lm_msgtype != LDAP_RES_BIND ) {
++ ld->ld_errno = LDAP_PARAM_ERROR;
++ return ld->ld_errno;
++ }
++
++ if ( ld->ld_error ) {
++ LDAP_FREE( ld->ld_error );
++ ld->ld_error = NULL;
++ }
++ if ( ld->ld_matched ) {
++ LDAP_FREE( ld->ld_matched );
++ ld->ld_matched = NULL;
++ }
++
++ /* parse results */
++
++ ber = ber_dup( res->lm_ber );
++
++ if( ber == NULL ) {
++ ld->ld_errno = LDAP_NO_MEMORY;
++ return ld->ld_errno;
++ }
++
++ tag = ber_scanf( ber, "{ioa" /*}*/,
++ &errcode, challenge, &ld->ld_error );
++ ber_free( ber, 0 );
++
++ if( tag == LBER_ERROR ) {
++ ld->ld_errno = LDAP_DECODING_ERROR;
++ return ld->ld_errno;
++ }
++
++ ld->ld_errno = errcode;
++
++ return( ld->ld_errno );
++}
diff --git a/net-nds/openldap/files/slapd-confd b/net-nds/openldap/files/slapd-confd
new file mode 100644
index 0000000..28e9d23
--- /dev/null
+++ b/net-nds/openldap/files/slapd-confd
@@ -0,0 +1,14 @@
+# conf.d file for openldap
+#
+# To enable both the standard unciphered server and the ssl encrypted
+# one uncomment this line or set any other server starting options
+# you may desire.
+#
+# OPTS="-h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'"
+# Uncomment the below to use the new slapd configuration for openldap 2.3
+#OPTS="-F /etc/openldap/slapd.d -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'"
+#
+# If you change the above listen statement to bind on a specific IP for
+# listening, you should ensure that interface is up here (change eth0 as
+# needed).
+#rc_need="net.eth0"
diff --git a/net-nds/openldap/files/slapd-confd-2.4.28-r1 b/net-nds/openldap/files/slapd-confd-2.4.28-r1
new file mode 100644
index 0000000..ef19899
--- /dev/null
+++ b/net-nds/openldap/files/slapd-confd-2.4.28-r1
@@ -0,0 +1,26 @@
+# conf.d file for openldap
+#
+# To enable both the standard unciphered server and the ssl encrypted
+# one uncomment this line or set any other server starting options
+# you may desire.
+
+# If you have multiple slapd instances per #376699, this will provide a default config
+INSTANCE="openldap${SVCNAME#slapd}"
+
+# If you use the classical configuration file:
+OPTS_CONF="-f /etc/${INSTANCE}/slapd.conf"
+# Uncomment this instead to use the new slapd.d configuration directory for openldap 2.3
+#OPTS_CONF="-F /etc/${INSTANCE}/slapd.d"
+# (the OPTS_CONF variable is also passed to slaptest during startup)
+
+OPTS="${OPTS_CONF} -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'"
+# Optional connectionless LDAP:
+#OPTS="${OPTS_CONF} -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock cldap://'"
+
+# If you change the above listen statement to bind on a specific IP for
+# listening, you should ensure that interface is up here (change eth0 as
+# needed).
+#rc_need="net.eth0"
+
+# Specify the kerberos keytab file
+#KRB5_KTNAME=/etc/openldap/krb5-ldap.keytab
diff --git a/net-nds/openldap/files/slapd-initd b/net-nds/openldap/files/slapd-initd
new file mode 100644
index 0000000..ecd8f65
--- /dev/null
+++ b/net-nds/openldap/files/slapd-initd
@@ -0,0 +1,29 @@
+#!/sbin/openrc-run
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+depend() {
+ need net.lo
+ before hald avahi-daemon
+}
+
+start() {
+ checkpath -q -d /var/run/openldap/ -o ldap:ldap
+ if ! checkconfig ; then
+ eerror "There is a problem with your slapd.conf!"
+ return 1
+ fi
+ ebegin "Starting ldap-server"
+ eval start-stop-daemon --start --pidfile /var/run/openldap/slapd.pid --exec /usr/lib/openldap/slapd -- -u ldap -g ldap "${OPTS}"
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping ldap-server"
+ start-stop-daemon --stop --signal 2 --quiet --pidfile /var/run/openldap/slapd.pid
+ eend $?
+}
+
+checkconfig() {
+ /usr/sbin/slaptest -u "$@" ${OPTS_CONF}
+}
diff --git a/net-nds/openldap/files/slapd-initd-2.4.40-r2 b/net-nds/openldap/files/slapd-initd-2.4.40-r2
new file mode 100644
index 0000000..722b6c2
--- /dev/null
+++ b/net-nds/openldap/files/slapd-initd-2.4.40-r2
@@ -0,0 +1,64 @@
+#!/sbin/openrc-run
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+extra_commands="checkconfig"
+
+[ -z "$INSTANCE" ] && INSTANCE="openldap${SVCNAME#slapd}"
+PIDDIR=/run/openldap
+PIDFILE=$PIDDIR/$SVCNAME.pid
+
+depend() {
+ need net
+ before dbus hald avahi-daemon
+ provide ldap
+}
+
+start() {
+ checkpath -q -d ${PIDDIR} -o ldap:ldap
+ if ! checkconfig -Q ; then
+ eerror "There is a problem with your slapd.conf!"
+ return 1
+ fi
+ ebegin "Starting ldap-server"
+ [ -n "$KRB5_KTNAME" ] && export KRB5_KTNAME
+ eval start-stop-daemon --start --pidfile ${PIDFILE} --exec /usr/lib/openldap/slapd -- -u ldap -g ldap "${OPTS}"
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping ldap-server"
+ start-stop-daemon --stop --signal 2 --quiet --pidfile ${PIDFILE}
+ eend $?
+}
+
+checkconfig() {
+ # checks requested by bug #502948
+ # Step 1: extract the last valid config file or config dir
+ set -- $OPTS
+ while [ -n "$*" ]; do
+ opt=$1 ; shift
+ if [ "$opt" = "-f" -o "$opt" = "-F" ] ; then
+ CONF=$1
+ shift
+ fi
+ done
+ set --
+ # Fallback
+ CONF=${CONF-/etc/openldap/slapd.conf}
+ [ -d $CONF ] && CONF=${CONF}/*
+ DBDIRS=`eval awk '"/^(directory|olcDbDirectory:)/{print \\$2}"' $CONF`
+ for d in $DBDIRS; do
+ if [ ! -d $d ]; then
+ eerror "Directory $d in config does not exist!"
+ return 1
+ fi
+ /usr/bin/find $d ! -name DB_CONFIG ! -user ldap -o ! -group ldap |grep -sq .
+ if [ $? -ne 0 ]; then
+ ewarn "You have files in $d not owned by the ldap user, you must ensure they are accessible to the slapd instance!"
+ fi
+ [ ! -e $d/DB_CONFIG ] && ewarn "$d/DB_CONFIG does not exist, slapd performance may be sub-optimal"
+ done
+ # now test the config fully
+ /usr/sbin/slaptest -u "$@" ${OPTS_CONF}
+}
diff --git a/net-nds/openldap/files/slapd.service b/net-nds/openldap/files/slapd.service
new file mode 100644
index 0000000..3427b87
--- /dev/null
+++ b/net-nds/openldap/files/slapd.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=OpenLDAP Server Daemon
+After=network.target
+
+[Service]
+Type=forking
+PIDFile=/run/openldap/slapd.pid
+ExecStartPre=/usr/sbin/slaptest -Q -u $SLAPD_OPTIONS
+ExecStart=/usr/lib/openldap/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS
+
+[Install]
+WantedBy=multi-user.target
diff --git a/net-nds/openldap/files/slapd.service.conf b/net-nds/openldap/files/slapd.service.conf
new file mode 100644
index 0000000..812ea68
--- /dev/null
+++ b/net-nds/openldap/files/slapd.service.conf
@@ -0,0 +1,12 @@
+[Service]
+# Use the classical configuration file:
+#Environment="SLAPD_OPTIONS=-f /etc/openldap/slapd.conf"
+# Use the slapd configuration directory:
+#Environment="SLAPD_OPTIONS=-F /etc/openldap/slapd.d"
+
+Environment="SLAPD_URLS=ldaps:/// ldap:/// ldapi:///"
+# Other examples:
+#Environment="SLAPD_URLS=ldap://127.0.0.1/ ldap://10.0.0.1:1389/ cldap:///"
+
+# Specify the kerberos keytab file
+#Environment=KRB5_KTNAME=/etc/openldap/krb5-ldap.keytab
diff --git a/net-nds/openldap/files/slapd.tmpfilesd b/net-nds/openldap/files/slapd.tmpfilesd
new file mode 100644
index 0000000..634cea1
--- /dev/null
+++ b/net-nds/openldap/files/slapd.tmpfilesd
@@ -0,0 +1,2 @@
+# openldap runtime directory for slapd.arg and slapd.pid
+d /run/openldap 0755 ldap ldap -