openldap: fix build against gnutls3

OE-core update from gnutls2 to gnutls3, openldap needs patches to cope with that. Also add libgcrypt to DEPENDS since openldap links against it directly now instead of through gnutls. Signed-off-by: Koen Kooi <koen.kooi@linaro.org> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
author: Koen Kooi <koen.kooi@linaro.org> 2014-05-07 11:06:22 +0200
committer: Martin Jansa <Martin.Jansa@gmail.com> 2014-05-15 12:30:17 +0200
commit: 6bb0c0de3f5284ba506211362227d34e02ae5553 (patch)
tree: 18c4e54c98335b7b20b81a9605615339b9ea60d2 /meta-oe/recipes-support/openldap
parent: 04dcd55c9d293a26a925377055660310bd229b1b (diff)
download: meta-openembedded-6bb0c0de3f5284ba506211362227d34e02ae5553.tar.gz
3 files changed, 64 insertions, 1 deletions
diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.23/0205e83f4670d10ad3c6ae4b8fc5ec1d0c7020c0.patch b/meta-oe/recipes-support/openldap/openldap-2.4.23/0205e83f4670d10ad3c6ae4b8fc5ec1d0c7020c0.patch
new file mode 100644
index 000000000..dffd3ca51
--- /dev/null
+++ b/meta-oe/recipes-support/openldap/openldap-2.4.23/0205e83f4670d10ad3c6ae4b8fc5ec1d0c7020c0.patch
@@ -0,0 +1,44 @@
+From 0205e83f4670d10ad3c6ae4b8fc5ec1d0c7020c0 Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Sat, 7 Sep 2013 09:39:24 -0700
+Subject: [PATCH] ITS#7430 GnuTLS: Avoid use of deprecated function
+Upstream-status: Backport
+---
+ libraries/libldap/tls_g.c |   12 ++++++++++++
+ 1 files changed, 12 insertions(+), 0 deletions(-)
+diff --git a/libraries/libldap/tls_g.c b/libraries/libldap/tls_g.c
+index 9acffaf..c793828 100644
+--- a/libraries/libldap/tls_g.c
+++ b/libraries/libldap/tls_g.c
+@@ -368,6 +368,17 @@ tlsg_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
+                 * then we have to build the cert chain.
+                 */
+                if ( max == 1 && !gnutls_x509_crt_check_issuer( certs[0], certs[0] )) {
+#if GNUTLS_VERSION_NUMBER >= 0x020c00
+                       unsigned int i;
+                       for ( i = 1; i<VERIFY_DEPTH; i++ ) {
+                               if ( gnutls_certificate_get_issuer( ctx->cred, certs[i-1], &certs[i], 0 ))
+                                       break;
+                               max++;
+                               /* If this CA is self-signed, we're done */
+                               if ( gnutls_x509_crt_check_issuer( certs[i], certs[i] ))
+                                       break;
+                       }
+#else
+                        gnutls_x509_crt_t *cas;
+                        unsigned int i, j, ncas;
+ 
+@@ -387,6 +398,7 @@ tlsg_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
+                                if ( j == ncas )
+                                        break;
+                        }
+#endif
+                }
+                rc = gnutls_certificate_set_x509_key( ctx->cred, certs, max, key );
+                if ( rc ) return -1;
+-- 
+1.7.4.2
diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.23/openldap-2.4.28-gnutls-gcrypt.patch b/meta-oe/recipes-support/openldap/openldap-2.4.23/openldap-2.4.28-gnutls-gcrypt.patch
new file mode 100644
index 000000000..c7b1552c1
--- /dev/null
+++ b/meta-oe/recipes-support/openldap/openldap-2.4.23/openldap-2.4.28-gnutls-gcrypt.patch
@@ -0,0 +1,17 @@
+From http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/net-nds/openldap/files/
+Upstream-status: Unknown
+--
+--- openldap-2.4.28/configure.in.orig   2012-02-11 22:40:36.004360795 +0000
+++ openldap-2.4.28/configure.in        2012-02-11 22:40:13.410986851 +0000
+@@ -1214,7 +1214,7 @@
+                                ol_with_tls=gnutls
+                                ol_link_tls=yes
+ 
+-                               TLS_LIBS="-lgnutls"
+                               TLS_LIBS="-lgnutls -lgcrypt"
+ 
+                                AC_DEFINE(HAVE_GNUTLS, 1, 
+                                        [define if you have GNUtls])
diff --git a/meta-oe/recipes-support/openldap/openldap_2.4.23.bb b/meta-oe/recipes-support/openldap/openldap_2.4.23.bb
index 5c6f9eac6..306a78647 100644
--- a/meta-oe/recipes-support/openldap/openldap_2.4.23.bb
+++ b/meta-oe/recipes-support/openldap/openldap_2.4.23.bb
@@ -16,6 +16,8 @@ LDAP_VER = "${@'.'.join(d.getVar('PV',1).split('.')[0:2])}"
 SRC_URI = "ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz \
    file://openldap-m4-pthread.patch \
    file://kill-icu.patch \
+    file://0205e83f4670d10ad3c6ae4b8fc5ec1d0c7020c0.patch \
+    file://openldap-2.4.28-gnutls-gcrypt.patch \
    file://initscript \
 "
 SRC_URI[md5sum] = "90150b8c0d0192e10b30157e68844ddf"
@@ -48,7 +50,7 @@ PACKAGECONFIG ??= "gnutls modules \
                   ldap meta monitor null passwd shell proxycache dnssrv \
 "
 #--with-tls              with TLS/SSL support auto|openssl|gnutls [auto]
-PACKAGECONFIG[gnutls] = "--with-tls=gnutls,,gnutls"
+PACKAGECONFIG[gnutls] = "--with-tls=gnutls,,gnutls libgcrypt"
 PACKAGECONFIG[openssl] = "--with-tls=openssl,,openssl"
 PACKAGECONFIG[sasl] = "--with-cyrus-sasl,--without-cyrus-sasl,cyrus-sasl"
author	Koen Kooi <koen.kooi@linaro.org>	2014-05-07 11:06:22 +0200
committer	Martin Jansa <Martin.Jansa@gmail.com>	2014-05-15 12:30:17 +0200
commit	6bb0c0de3f5284ba506211362227d34e02ae5553 (patch)
tree	18c4e54c98335b7b20b81a9605615339b9ea60d2 /meta-oe/recipes-support/openldap
parent	04dcd55c9d293a26a925377055660310bd229b1b (diff)
download	meta-openembedded-6bb0c0de3f5284ba506211362227d34e02ae5553.tar.gz

diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.23/0205e83f4670d10ad3c6ae4b8fc5ec1d0c7020c0.patch b/meta-oe/recipes-support/openldap/openldap-2.4.23/0205e83f4670d10ad3c6ae4b8fc5ec1d0c7020c0.patch new file mode 100644 index 000000000..dffd3ca51 --- /dev/null +++ b/meta-oe/recipes-support/openldap/openldap-2.4.23/0205e83f4670d10ad3c6ae4b8fc5ec1d0c7020c0.patch
@@ -0,0 +1,44 @@
		1	From 0205e83f4670d10ad3c6ae4b8fc5ec1d0c7020c0 Mon Sep 17 00:00:00 2001
		2	From: Howard Chu <hyc@openldap.org>
		3	Date: Sat, 7 Sep 2013 09:39:24 -0700
		4	Subject: [PATCH] ITS#7430 GnuTLS: Avoid use of deprecated function
		5
		6	Upstream-status: Backport
		7
		8	---
		9	libraries/libldap/tls_g.c \| 12 ++++++++++++
		10	1 files changed, 12 insertions(+), 0 deletions(-)
		11
		12	diff --git a/libraries/libldap/tls_g.c b/libraries/libldap/tls_g.c
		13	index 9acffaf..c793828 100644
		14	--- a/libraries/libldap/tls_g.c
		15	+++ b/libraries/libldap/tls_g.c
		16	@@ -368,6 +368,17 @@ tlsg_ctx_init( struct ldapoptions lo, struct ldaptls lt, int is_server )
		17	* then we have to build the cert chain.
		18	*/
		19	if ( max == 1 && !gnutls_x509_crt_check_issuer( certs[0], certs[0] )) {
		20	+#if GNUTLS_VERSION_NUMBER >= 0x020c00
		21	+ unsigned int i;
		22	+ for ( i = 1; i<VERIFY_DEPTH; i++ ) {
		23	+ if ( gnutls_certificate_get_issuer( ctx->cred, certs[i-1], &certs[i], 0 ))
		24	+ break;
		25	+ max++;
		26	+ /* If this CA is self-signed, we're done */
		27	+ if ( gnutls_x509_crt_check_issuer( certs[i], certs[i] ))
		28	+ break;
		29	+ }
		30	+#else
		31	gnutls_x509_crt_t *cas;
		32	unsigned int i, j, ncas;
		33
		34	@@ -387,6 +398,7 @@ tlsg_ctx_init( struct ldapoptions lo, struct ldaptls lt, int is_server )
		35	if ( j == ncas )
		36	break;
		37	}
		38	+#endif
		39	}
		40	rc = gnutls_certificate_set_x509_key( ctx->cred, certs, max, key );
		41	if ( rc ) return -1;
		42	--
		43	1.7.4.2
		44


diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.23/openldap-2.4.28-gnutls-gcrypt.patch b/meta-oe/recipes-support/openldap/openldap-2.4.23/openldap-2.4.28-gnutls-gcrypt.patch new file mode 100644 index 000000000..c7b1552c1 --- /dev/null +++ b/meta-oe/recipes-support/openldap/openldap-2.4.23/openldap-2.4.28-gnutls-gcrypt.patch
@@ -0,0 +1,17 @@
		1	From http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/net-nds/openldap/files/
		2
		3	Upstream-status: Unknown
		4
		5	--
		6
		7	--- openldap-2.4.28/configure.in.orig 2012-02-11 22:40:36.004360795 +0000
		8	+++ openldap-2.4.28/configure.in 2012-02-11 22:40:13.410986851 +0000
		9	@@ -1214,7 +1214,7 @@
		10	ol_with_tls=gnutls
		11	ol_link_tls=yes
		12
		13	- TLS_LIBS="-lgnutls"
		14	+ TLS_LIBS="-lgnutls -lgcrypt"
		15
		16	AC_DEFINE(HAVE_GNUTLS, 1,
		17	[define if you have GNUtls])


diff --git a/meta-oe/recipes-support/openldap/openldap_2.4.23.bb b/meta-oe/recipes-support/openldap/openldap_2.4.23.bb index 5c6f9eac6..306a78647 100644 --- a/meta-oe/recipes-support/openldap/openldap_2.4.23.bb +++ b/meta-oe/recipes-support/openldap/openldap_2.4.23.bb
@@ -16,6 +16,8 @@ LDAP_VER = "${@'.'.join(d.getVar('PV',1).split('.')[0:2])}"
16	SRC_URI = "ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz \	16	SRC_URI = "ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz \
17	file://openldap-m4-pthread.patch \	17	file://openldap-m4-pthread.patch \
18	file://kill-icu.patch \	18	file://kill-icu.patch \
		19	file://0205e83f4670d10ad3c6ae4b8fc5ec1d0c7020c0.patch \
		20	file://openldap-2.4.28-gnutls-gcrypt.patch \
19	file://initscript \	21	file://initscript \
20	"	22	"
21	SRC_URI[md5sum] = "90150b8c0d0192e10b30157e68844ddf"	23	SRC_URI[md5sum] = "90150b8c0d0192e10b30157e68844ddf"
@@ -48,7 +50,7 @@ PACKAGECONFIG ??= "gnutls modules \
48	ldap meta monitor null passwd shell proxycache dnssrv \	50	ldap meta monitor null passwd shell proxycache dnssrv \
49	"	51	"
50	#--with-tls with TLS/SSL support auto\|openssl\|gnutls [auto]	52	#--with-tls with TLS/SSL support auto\|openssl\|gnutls [auto]
51	PACKAGECONFIG[gnutls] = "--with-tls=gnutls,,gnutls"	53	PACKAGECONFIG[gnutls] = "--with-tls=gnutls,,gnutls libgcrypt"
52	PACKAGECONFIG[openssl] = "--with-tls=openssl,,openssl"	54	PACKAGECONFIG[openssl] = "--with-tls=openssl,,openssl"
53		55
54	PACKAGECONFIG[sasl] = "--with-cyrus-sasl,--without-cyrus-sasl,cyrus-sasl"	56	PACKAGECONFIG[sasl] = "--with-cyrus-sasl,--without-cyrus-sasl,cyrus-sasl"