diff options
| author | Taichi Haradaguchi <20001722@ymail.ne.jp> | 2022-12-05 01:47:35 +0900 |
|---|---|---|
| committer | Taichi Haradaguchi <20001722@ymail.ne.jp> | 2023-06-21 12:52:52 +0200 |
| commit | 299ea597d154e1dc3d0f09adf67e05747cca54cf (patch) | |
| tree | f388aab4b2379c5ab69096673f73e07e3f608263 | |
| parent | sc: Use DateTime::Sub() instead of operator-() (diff) | |
| download | core-299ea597d154e1dc3d0f09adf67e05747cca54cf.tar.gz core-299ea597d154e1dc3d0f09adf67e05747cca54cf.zip | |
openldap: upgrade to release 2.6.4
Because NSS support has been removed in release 2.5,
switch TLS/SSL module used by OpenLDAP to OpenSSL.
Add -pthread flag to openldap_LDFLAGS when building on Linux.
This avoids errors that occur in libcrypto.a (libcrypto-lib-threads_pthread.o).
Change-Id: I4779ce40233d144d930f20e85db7b4ba08f91ea1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/143646
Tested-by: Taichi Haradaguchi <20001722@ymail.ne.jp>
Reviewed-by: Taichi Haradaguchi <20001722@ymail.ne.jp>
| -rw-r--r-- | configure.ac | 4 | ||||
| -rw-r--r-- | connectivity/Library_postgresql-sdbc-impl.mk | 3 | ||||
| -rw-r--r-- | download.lst | 4 | ||||
| -rw-r--r-- | extensions/Library_ldapbe2.mk | 4 | ||||
| -rw-r--r-- | external/openldap/ExternalProject_openldap.mk | 20 | ||||
| -rw-r--r-- | external/openldap/README | 2 | ||||
| -rw-r--r-- | external/openldap/openldap-2.4.44.patch.1 | 67 | ||||
| -rw-r--r-- | external/postgresql/ExternalProject_postgresql.mk | 6 |
8 files changed, 18 insertions, 92 deletions
diff --git a/configure.ac b/configure.ac index af24f1c4fdb5..688bdadf5933 100644 --- a/configure.ac +++ b/configure.ac @@ -10653,14 +10653,14 @@ dnl =================================================================== if test "$test_openldap" = yes; then AC_MSG_CHECKING([whether to enable LDAP support]) - if test "$enable_ldap" = yes -a \( "$ENABLE_NSS" = TRUE -o "$with_system_openldap" = yes \); then + if test "$enable_ldap" = yes -a \( "$enable_openssl" = yes -o "$with_system_openldap" = yes \); then AC_MSG_RESULT([yes]) ENABLE_LDAP=TRUE else if test "$enable_ldap" != "yes"; then AC_MSG_RESULT([no]) else - AC_MSG_RESULT([no (needs NSS or system openldap)]) + AC_MSG_RESULT([no (needs OPENSSL or system openldap)]) fi fi diff --git a/connectivity/Library_postgresql-sdbc-impl.mk b/connectivity/Library_postgresql-sdbc-impl.mk index 497f5b742ef4..19a61ff92534 100644 --- a/connectivity/Library_postgresql-sdbc-impl.mk +++ b/connectivity/Library_postgresql-sdbc-impl.mk @@ -49,9 +49,6 @@ $(eval $(call gb_Library_use_externals,postgresql-sdbc-impl,\ $(if $(ENABLE_OPENSSL),openssl) \ $(if $(ENABLE_LDAP), \ openldap \ - nss3 \ - plc4 \ - ssl3 \ ) \ ) \ )) diff --git a/download.lst b/download.lst index fc3a240f5f94..536f73bb6b4f 100644 --- a/download.lst +++ b/download.lst @@ -418,8 +418,8 @@ OFFICEOTRON_JAR := 8249374c274932a21846fa7629c2aa9b-officeotron-0.7.4-master.jar # three static lines # so that git cherry-pick # will not run into conflicts -OPENLDAP_SHA256SUM := 99f37d6747d88206c470067eda624d5e48c1011e943ec0ab217bae8712e22f34 -OPENLDAP_TARBALL := openldap-2.4.59.tgz +OPENLDAP_SHA256SUM := d51704e50178430c06cf3d8aa174da66badf559747a47d920bb54b2d4aa40991 +OPENLDAP_TARBALL := openldap-2.6.4.tgz # three static lines # so that git cherry-pick # will not run into conflicts diff --git a/extensions/Library_ldapbe2.mk b/extensions/Library_ldapbe2.mk index 58ea11b2d0ce..c08ed88f744e 100644 --- a/extensions/Library_ldapbe2.mk +++ b/extensions/Library_ldapbe2.mk @@ -46,9 +46,7 @@ else # 0S!=WNT $(eval $(call gb_Library_use_externals,ldapbe2,\ boost_headers \ openldap \ - nss3 \ - plc4 \ - ssl3 \ + openssl \ )) endif diff --git a/external/openldap/ExternalProject_openldap.mk b/external/openldap/ExternalProject_openldap.mk index 6914d167b56c..e02a35d9943f 100644 --- a/external/openldap/ExternalProject_openldap.mk +++ b/external/openldap/ExternalProject_openldap.mk @@ -9,7 +9,7 @@ $(eval $(call gb_ExternalProject_ExternalProject,openldap)) -$(eval $(call gb_ExternalProject_use_externals,openldap,nss3)) +$(eval $(call gb_ExternalProject_use_externals,openldap,openssl)) $(eval $(call gb_ExternalProject_register_targets,openldap,\ build \ @@ -25,12 +25,10 @@ openldap_CFLAGS = -D_XOPEN_SOURCE=500 -D_DEFAULT_SOURCE -D_BSD_SOURCE endif openldap_LDFLAGS = $(call gb_ExternalProject_get_link_flags,openldap) -ifeq ($(SYSTEM_NSS),) -openldap_LDFLAGS += -L$(call gb_UnpackedTarball_get_dir,nss)/dist/out/lib +ifeq ($(SYSTEM_OPENSSL),) +openldap_LDFLAGS += -L$(call gb_UnpackedTarball_get_dir,openssl) endif -# Help openldap's configure determine that it needs -lpthread even if libasan.so -# contains a pthread_create override: -ifneq ($(filter -fsanitize=address,$(CC)),) +ifeq ($(OS),LINUX) openldap_LDFLAGS += -pthread endif @@ -40,7 +38,7 @@ $(call gb_ExternalProject_get_state_target,openldap,build) : $(gb_RUN_CONFIGURE) ./configure \ --disable-slapd \ --with-pic \ - --with-tls=moznss \ + --with-tls=openssl \ --without-cyrus-sasl \ --disable-shared \ --enable-static \ @@ -49,11 +47,11 @@ $(call gb_ExternalProject_get_state_target,openldap,build) : --with-yielding_select=yes \ ac_cv_func_memcmp_working=yes \ ) \ - $(if $(SYSTEM_NSS), \ - CPPFLAGS="$(CPPFLAGS) $(NSS_CFLAGS)" CFLAGS="$(CFLAGS) $(openldap_CFLAGS) $(NSS_CFLAGS) $(call gb_ExternalProject_get_build_flags,openldap)" LDFLAGS="$(LDFLAGS) $(NSS_LIBS)" \ + $(if $(SYSTEM_OPENSSL), \ + CPPFLAGS="$(CPPFLAGS) $(OPENSSL_CFLAGS)" CFLAGS="$(CFLAGS) $(openldap_CFLAGS) $(OPENSSL_CFLAGS) $(call gb_ExternalProject_get_build_flags,openldap)" LDFLAGS="$(LDFLAGS) $(openldap_LDFLAGS) $(OPENSSL_LIBS)" \ , \ - CPPFLAGS="$(CPPFLAGS) -I$(call gb_UnpackedTarball_get_dir,nss)/dist/public/nss -I$(call gb_UnpackedTarball_get_dir,nss)/dist/out/include" \ - CFLAGS="$(CFLAGS) $(openldap_CFLAGS) $(call gb_ExternalProject_get_build_flags,openldap) -I$(call gb_UnpackedTarball_get_dir,nss)/dist/public/nss -I$(call gb_UnpackedTarball_get_dir,nss)/dist/out/include" \ + CPPFLAGS="$(CPPFLAGS) -I$(call gb_UnpackedTarball_get_dir,openssl)/include" \ + CFLAGS="$(CFLAGS) $(openldap_CFLAGS) $(call gb_ExternalProject_get_build_flags,openldap) -I$(call gb_UnpackedTarball_get_dir,openssl)/include" \ ) \ $(if $(openldap_LDFLAGS),LDFLAGS="$(LDFLAGS) $(openldap_LDFLAGS)") \ && MAKEFLAGS= && $(MAKE) \ diff --git a/external/openldap/README b/external/openldap/README index 0c1828c12b93..48da788f5447 100644 --- a/external/openldap/README +++ b/external/openldap/README @@ -1,3 +1,3 @@ OpenLDAP provides an LDAP client library -http://www.openldap.org/ +https://www.openldap.org/ diff --git a/external/openldap/openldap-2.4.44.patch.1 b/external/openldap/openldap-2.4.44.patch.1 index 317ef9a62e56..1521e86a2664 100644 --- a/external/openldap/openldap-2.4.44.patch.1 +++ b/external/openldap/openldap-2.4.44.patch.1 @@ -1,69 +1,4 @@ -*- Mode: diff -*- ---- openldap.org/configure -+++ openldap/configure -@@ -15735,7 +15735,7 @@ - $as_echo_n "(cached) " >&6 - else - ac_check_lib_save_LIBS=$LIBS --LIBS="-lnss3 $LIBS" -+LIBS="-lnss3 -lssl3 -lsmime3 -lnss3 -lnssutil3 -lplds4 -lplc4 -lnspr4 $LIBS" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext - /* end confdefs.h. */ - ---- openldap.org/configure.in -+++ openldap/configure.in -@@ -1239,7 +1239,8 @@ - AC_CHECK_HEADERS([nssutil.h]) - if test "$ac_cv_header_nssutil_h" = yes ; then - AC_CHECK_LIB([nss3], [NSS_Initialize], -- [ have_moznss=yes ], [ have_moznss=no ]) -+ [ have_moznss=yes ], [ have_moznss=no ], -+ [ -lssl3 -lsmime3 -lnss3 -lnssutil3 -lplds4 -lplc4 -lnspr4 ]) - fi - - if test "$have_moznss" = yes ; then ---- openldap.org/libraries/libldap/tls_m.c -+++ openldap/libraries/libldap/tls_m.c -@@ -49,17 +49,17 @@ - #include <termios.h> /* for echo on/off */ - #endif - --#include <nspr/nspr.h> --#include <nspr/private/pprio.h> --#include <nss/nss.h> --#include <nss/ssl.h> --#include <nss/sslerr.h> --#include <nss/sslproto.h> --#include <nss/pk11pub.h> --#include <nss/secerr.h> --#include <nss/keyhi.h> --#include <nss/secmod.h> --#include <nss/cert.h> -+#include <nspr.h> -+#include <private/pprio.h> -+#include <nss.h> -+#include <ssl.h> -+#include <sslerr.h> -+#include <sslproto.h> -+#include <pk11pub.h> -+#include <secerr.h> -+#include <keyhi.h> -+#include <secmod.h> -+#include <cert.h> - - #undef NSS_VERSION_INT - #define NSS_VERSION_INT ((NSS_VMAJOR << 24) | (NSS_VMINOR << 16) | \ ---- openldap.org/libraries/libldap/tls2.c -+++ openldap.org/libraries/libldap/tls2.c -@@ -80,6 +80,8 @@ - { BER_BVNULL, BER_BVNULL } - }; - -+int ldap_pvt_tls_check_hostname( LDAP *ld, void *s, const char *name_in ); -+ - #ifdef HAVE_TLS - - void --- openldap.org/Makefile.in +++ openldap/Makefile.in @@ -13,7 +13,7 @@ @@ -82,4 +17,4 @@ - -check: test -test: FORCE -- cd tests; $(MAKE) test +- cd tests && $(MAKE) test diff --git a/external/postgresql/ExternalProject_postgresql.mk b/external/postgresql/ExternalProject_postgresql.mk index 24e54adf3e0c..1d0a13b6bb03 100644 --- a/external/postgresql/ExternalProject_postgresql.mk +++ b/external/postgresql/ExternalProject_postgresql.mk @@ -44,7 +44,7 @@ endif ifeq ($(ENABLE_OPENSSL),TRUE) ifeq ($(SYSTEM_OPENSSL),) postgresql_CPPFLAGS += -I$(call gb_UnpackedTarball_get_dir,openssl)/include -postgresql_LDFLAGS += -L$(call gb_UnpackedTarball_get_dir,openssl)/ $(if $(filter $(OS),LINUX),-pthread) +postgresql_LDFLAGS += -L$(call gb_UnpackedTarball_get_dir,openssl) $(if $(filter $(OS),LINUX),-pthread) endif endif @@ -54,8 +54,6 @@ postgresql_LDFLAGS += \ -L$(call gb_UnpackedTarball_get_dir,openldap)/libraries/libldap_r/.libs \ -L$(call gb_UnpackedTarball_get_dir,openldap)/libraries/libldap/.libs \ -L$(call gb_UnpackedTarball_get_dir,openldap)/libraries/liblber/.libs \ - $(if $(SYSTEM_NSS),,\ - -L$(call gb_UnpackedTarball_get_dir,nss)/dist/out/lib) \ endif @@ -76,7 +74,7 @@ $(call gb_ExternalProject_get_state_target,postgresql,build) : CFLAGS="-fPIC" \ CPPFLAGS="$(postgresql_CPPFLAGS)" \ LDFLAGS="$(postgresql_LDFLAGS)" \ - $(if $(ENABLE_LDAP),EXTRA_LDAP_LIBS="-llber -lssl3 -lsmime3 -lnss3 -lnssutil3 -lplds4 -lplc4 -lnspr4") \ + $(if $(ENABLE_LDAP),EXTRA_LDAP_LIBS="-llber") \ && cd src/interfaces/libpq \ && MAKEFLAGS= && $(MAKE) MAKELEVEL=0 all-static-lib) $(call gb_Trace_EndRange,postgresql,EXTERNAL) |