diff -Nru 389-admin-1.1.30/.gitignore 389-admin-1.1.35/.gitignore --- 389-admin-1.1.30/.gitignore 2012-06-20 19:51:04.000000000 +0000 +++ 389-admin-1.1.35/.gitignore 2013-08-20 17:08:28.000000000 +0000 @@ -1,2 +1,6 @@ *~ autom4te.cache +.project +.cproject +.autotools +*.patch diff -Nru 389-admin-1.1.30/Makefile.am 389-admin-1.1.35/Makefile.am --- 389-admin-1.1.30/Makefile.am 2012-06-20 19:51:04.000000000 +0000 +++ 389-admin-1.1.35/Makefile.am 2013-08-20 17:08:28.000000000 +0000 @@ -408,7 +408,8 @@ admserv/cfgstuff/nss.conf admserv/cfgstuff/httpd.conf if APACHE24 -HTTPD_CONF_SRC = admserv/cfgstuff/httpd-2.2.conf.in +# F18 and newer +HTTPD_CONF_SRC = admserv/cfgstuff/httpd-2.4.conf.in else if APACHE22 HTTPD_CONF_SRC = admserv/cfgstuff/httpd-2.2.conf.in diff -Nru 389-admin-1.1.30/Makefile.in 389-admin-1.1.35/Makefile.in --- 389-admin-1.1.30/Makefile.in 2012-06-20 19:51:04.000000000 +0000 +++ 389-admin-1.1.35/Makefile.in 2013-08-20 17:08:28.000000000 +0000 @@ -1,9 +1,8 @@ -# Makefile.in generated by automake 1.11.5 from Makefile.am. +# Makefile.in generated by automake 1.12.2 from Makefile.am. # @configure_input@ -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software -# Foundation, Inc. +# Copyright (C) 1994-2012 Free Software Foundation, Inc. + # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -310,6 +309,8 @@ $(systemdsystemunit_DATA) $(update_DATA) ETAGS = etags CTAGS = ctags +CSCOPE = cscope +AM_RECURSIVE_TARGETS = cscope DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) distdir = $(PACKAGE)-$(VERSION) top_distdir = $(distdir) @@ -319,8 +320,10 @@ && rm -rf "$(distdir)" \ || { sleep 5 && rm -rf "$(distdir)"; }; \ else :; fi +am__post_remove_distdir = $(am__remove_distdir) DIST_ARCHIVES = $(distdir).tar.gz GZIP_ENV = --best +DIST_TARGETS = dist-gzip distuninstallcheck_listfiles = find . -type f -print am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \ | sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$' @@ -854,7 +857,9 @@ @APACHE22_FALSE@@APACHE24_FALSE@HTTPD_CONF_SRC = admserv/cfgstuff/httpd.conf.in @APACHE22_TRUE@@APACHE24_FALSE@HTTPD_CONF_SRC = admserv/cfgstuff/httpd-2.2.conf.in -@APACHE24_TRUE@HTTPD_CONF_SRC = admserv/cfgstuff/httpd-2.2.conf.in + +# F18 and newer +@APACHE24_TRUE@HTTPD_CONF_SRC = admserv/cfgstuff/httpd-2.4.conf.in MOSTLYCLEANFILES = $(nodist_cmdbin_SCRIPTS) $(nodist_config_DATA) \ $(RESOURCE_BUNDLES_ROOT) @WINNT_FALSE@ICU_GENRB = sh -x $(srcdir)/admserv/genrb_wrapper.sh "@icu_bin@" "@icu_libdir@" @@ -1157,12 +1162,14 @@ clean-admmodLTLIBRARIES: -test -z "$(admmod_LTLIBRARIES)" || rm -f $(admmod_LTLIBRARIES) - @list='$(admmod_LTLIBRARIES)'; for p in $$list; do \ - dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ - test "$$dir" != "$$p" || dir=.; \ - echo "rm -f \"$${dir}/so_locations\""; \ - rm -f "$${dir}/so_locations"; \ - done + @list='$(admmod_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ @@ -1189,12 +1196,14 @@ clean-libLTLIBRARIES: -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ - test "$$dir" != "$$p" || dir=.; \ - echo "rm -f \"$${dir}/so_locations\""; \ - rm -f "$${dir}/so_locations"; \ - done + @list='$(lib_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } lib/base/$(am__dirstamp): @$(MKDIR_P) lib/base @: > lib/base/$(am__dirstamp) @@ -1649,72 +1658,19 @@ mostlyclean-compile: -rm -f *.$(OBJEXT) - -rm -f admserv/cgi-ds/ds_listdb-ds_listdb.$(OBJEXT) - -rm -f admserv/cgi-ds/ds_listdb-init_ds_env.$(OBJEXT) - -rm -f admserv/cgi-ds/ds_restart-init_ds_env.$(OBJEXT) - -rm -f admserv/cgi-ds/ds_restart-restart.$(OBJEXT) - -rm -f admserv/cgi-ds/ds_shutdown-init_ds_env.$(OBJEXT) - -rm -f admserv/cgi-ds/ds_shutdown-shutdown.$(OBJEXT) - -rm -f admserv/cgi-ds/ds_snmpctrl-ds_snmpctrl.$(OBJEXT) - -rm -f admserv/cgi-ds/ds_snmpctrl-init_ds_env.$(OBJEXT) - -rm -f admserv/cgi-ds/ds_start-init_ds_env.$(OBJEXT) - -rm -f admserv/cgi-ds/ds_start-start.$(OBJEXT) - -rm -f admserv/cgi-src40/ReadLog.$(OBJEXT) - -rm -f admserv/cgi-src40/admpw.$(OBJEXT) - -rm -f admserv/cgi-src40/config.$(OBJEXT) - -rm -f admserv/cgi-src40/download.$(OBJEXT) - -rm -f admserv/cgi-src40/dsconfig.$(OBJEXT) - -rm -f admserv/cgi-src40/help.$(OBJEXT) - -rm -f admserv/cgi-src40/htmladmin.$(OBJEXT) - -rm -f admserv/cgi-src40/monreplication.$(OBJEXT) - -rm -f admserv/cgi-src40/restartsrv.$(OBJEXT) - -rm -f admserv/cgi-src40/sec-activate.$(OBJEXT) - -rm -f admserv/cgi-src40/security.$(OBJEXT) - -rm -f admserv/cgi-src40/start_config_ds.$(OBJEXT) - -rm -f admserv/cgi-src40/statpingserv.$(OBJEXT) - -rm -f admserv/cgi-src40/statusping.$(OBJEXT) - -rm -f admserv/cgi-src40/stopsrv.$(OBJEXT) - -rm -f admserv/cgi-src40/ugdsconfig.$(OBJEXT) - -rm -f admserv/cgi-src40/viewdata.$(OBJEXT) - -rm -f admserv/cgi-src40/viewlog.$(OBJEXT) - -rm -f lib/base/file.$(OBJEXT) - -rm -f lib/base/file.lo - -rm -f lib/base/nscperror.$(OBJEXT) - -rm -f lib/base/nscperror.lo - -rm -f lib/base/nscputil.$(OBJEXT) - -rm -f lib/base/nscputil.lo - -rm -f lib/base/system.$(OBJEXT) - -rm -f lib/base/system.lo - -rm -f lib/libadmin/cluster.$(OBJEXT) - -rm -f lib/libadmin/cluster.lo - -rm -f lib/libadmin/error.$(OBJEXT) - -rm -f lib/libadmin/error.lo - -rm -f lib/libadmin/form_get.$(OBJEXT) - -rm -f lib/libadmin/form_get.lo - -rm -f lib/libadmin/httpcon.$(OBJEXT) - -rm -f lib/libadmin/httpcon.lo - -rm -f lib/libadmin/install.$(OBJEXT) - -rm -f lib/libadmin/install.lo - -rm -f lib/libadmin/referer.$(OBJEXT) - -rm -f lib/libadmin/referer.lo - -rm -f lib/libadmin/template.$(OBJEXT) - -rm -f lib/libadmin/template.lo - -rm -f lib/libadmin/util.$(OBJEXT) - -rm -f lib/libadmin/util.lo - -rm -f lib/libdsa/libdsa_a-dsalib_conf.$(OBJEXT) - -rm -f lib/libdsa/libdsa_a-dsalib_confs.$(OBJEXT) - -rm -f lib/libdsa/libdsa_a-dsalib_db.$(OBJEXT) - -rm -f lib/libdsa/libdsa_a-dsalib_debug.$(OBJEXT) - -rm -f lib/libdsa/libdsa_a-dsalib_location.$(OBJEXT) - -rm -f lib/libdsa/libdsa_a-dsalib_tailf.$(OBJEXT) - -rm -f lib/libdsa/libdsa_a-dsalib_updown.$(OBJEXT) - -rm -f lib/libdsa/libdsa_a-dsalib_util.$(OBJEXT) - -rm -f lib/libsi18n/getstrprop.$(OBJEXT) - -rm -f lib/libsi18n/getstrprop.lo - -rm -f mod_admserv/mod_admserv_la-mod_admserv.$(OBJEXT) - -rm -f mod_admserv/mod_admserv_la-mod_admserv.lo - -rm -f mod_restartd/mod_restartd_la-mod_restartd@ap_ver_suf@.$(OBJEXT) - -rm -f mod_restartd/mod_restartd_la-mod_restartd@ap_ver_suf@.lo + -rm -f admserv/cgi-ds/*.$(OBJEXT) + -rm -f admserv/cgi-src40/*.$(OBJEXT) + -rm -f lib/base/*.$(OBJEXT) + -rm -f lib/base/*.lo + -rm -f lib/libadmin/*.$(OBJEXT) + -rm -f lib/libadmin/*.lo + -rm -f lib/libdsa/*.$(OBJEXT) + -rm -f lib/libsi18n/*.$(OBJEXT) + -rm -f lib/libsi18n/*.lo + -rm -f mod_admserv/*.$(OBJEXT) + -rm -f mod_admserv/*.lo + -rm -f mod_restartd/*.$(OBJEXT) + -rm -f mod_restartd/*.lo distclean-compile: -rm -f *.tab.c @@ -2422,8 +2378,32 @@ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" +cscope: cscope.files + test ! -s cscope.files \ + || $(CSCOPE) -b -q $(AM_CSCOPEFLAGS) $(CSCOPEFLAGS) -i cscope.files $(CSCOPE_ARGS) + +clean-cscope: + -rm -f cscope.files + +cscope.files: clean-cscope cscopelist + +cscopelist: $(HEADERS) $(SOURCES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + -rm -f cscope.out cscope.in.out cscope.po.out cscope.files distdir: $(DISTFILES) @list='$(MANS)'; if test -n "$$list"; then \ @@ -2432,10 +2412,10 @@ if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ if test -n "$$list" && \ grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ - echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ + echo "error: found man pages containing the 'missing help2man' replacement text:" >&2; \ grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ - echo " typically \`make maintainer-clean' will remove them" >&2; \ + echo " typically 'make maintainer-clean' will remove them" >&2; \ exit 1; \ else :; fi; \ else :; fi @@ -2479,40 +2459,36 @@ || chmod -R a+r "$(distdir)" dist-gzip: distdir tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz - $(am__remove_distdir) + $(am__post_remove_distdir) dist-bzip2: distdir tardir=$(distdir) && $(am__tar) | BZIP2=$${BZIP2--9} bzip2 -c >$(distdir).tar.bz2 - $(am__remove_distdir) + $(am__post_remove_distdir) dist-lzip: distdir tardir=$(distdir) && $(am__tar) | lzip -c $${LZIP_OPT--9} >$(distdir).tar.lz - $(am__remove_distdir) - -dist-lzma: distdir - tardir=$(distdir) && $(am__tar) | lzma -9 -c >$(distdir).tar.lzma - $(am__remove_distdir) + $(am__post_remove_distdir) dist-xz: distdir tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz - $(am__remove_distdir) + $(am__post_remove_distdir) dist-tarZ: distdir tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z - $(am__remove_distdir) + $(am__post_remove_distdir) dist-shar: distdir shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz - $(am__remove_distdir) + $(am__post_remove_distdir) dist-zip: distdir -rm -f $(distdir).zip zip -rq $(distdir).zip $(distdir) - $(am__remove_distdir) + $(am__post_remove_distdir) -dist dist-all: distdir - tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz - $(am__remove_distdir) +dist dist-all: + $(MAKE) $(AM_MAKEFLAGS) $(DIST_TARGETS) am__post_remove_distdir='@:' + $(am__post_remove_distdir) # This target untars the dist file and tries a VPATH configuration. Then # it guarantees that the distribution is self-contained by making another @@ -2523,8 +2499,6 @@ GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\ *.tar.bz2*) \ bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\ - *.tar.lzma*) \ - lzma -dc $(distdir).tar.lzma | $(am__untar) ;;\ *.tar.lz*) \ lzip -dc $(distdir).tar.lz | $(am__untar) ;;\ *.tar.xz*) \ @@ -2536,7 +2510,7 @@ *.zip*) \ unzip $(distdir).zip ;;\ esac - chmod -R a-w $(distdir); chmod a+w $(distdir) + chmod -R a-w $(distdir); chmod u+w $(distdir) mkdir $(distdir)/_build mkdir $(distdir)/_inst chmod a-w $(distdir) @@ -2570,7 +2544,7 @@ && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \ && cd "$$am__cwd" \ || exit 1 - $(am__remove_distdir) + $(am__post_remove_distdir) @(echo "$(distdir) archives ready for distribution: "; \ list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \ sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x' @@ -2756,25 +2730,26 @@ .MAKE: all check install install-am install-data-am install-strip .PHONY: CTAGS GTAGS all all-am am--refresh check check-am clean \ - clean-admmodLTLIBRARIES clean-cgibinPROGRAMS clean-generic \ - clean-libLTLIBRARIES clean-libtool clean-local \ - clean-noinstLIBRARIES ctags dist dist-all dist-bzip2 dist-gzip \ - dist-lzip dist-lzma dist-shar dist-tarZ dist-xz dist-zip \ - distcheck distclean distclean-compile distclean-generic \ - distclean-hdr distclean-libtool distclean-tags distcleancheck \ - distdir distuninstallcheck dvi dvi-am html html-am info \ - info-am install install-admmodLTLIBRARIES install-am \ - install-cgibinPROGRAMS install-cgibinSCRIPTS \ - install-cmdbinSCRIPTS install-data install-data-am \ - install-data-hook install-dist_helpDATA install-dist_htmlDATA \ - install-dist_iconDATA install-dvi install-dvi-am install-exec \ - install-exec-am install-html install-html-am install-infDATA \ - install-info install-info-am install-initSCRIPTS \ - install-initconfigDATA install-ldifDATA install-libLTLIBRARIES \ - install-man install-man8 install-nodist_cmdbinSCRIPTS \ - install-nodist_configDATA install-pdf install-pdf-am \ - install-perlDATA install-propertyDATA install-ps install-ps-am \ - install-strip install-systemdsystemunitDATA install-updateDATA \ + clean-admmodLTLIBRARIES clean-cgibinPROGRAMS clean-cscope \ + clean-generic clean-libLTLIBRARIES clean-libtool clean-local \ + clean-noinstLIBRARIES cscope cscopelist ctags dist dist-all \ + dist-bzip2 dist-gzip dist-lzip dist-shar dist-tarZ dist-xz \ + dist-zip distcheck distclean distclean-compile \ + distclean-generic distclean-hdr distclean-libtool \ + distclean-tags distcleancheck distdir distuninstallcheck dvi \ + dvi-am html html-am info info-am install \ + install-admmodLTLIBRARIES install-am install-cgibinPROGRAMS \ + install-cgibinSCRIPTS install-cmdbinSCRIPTS install-data \ + install-data-am install-data-hook install-dist_helpDATA \ + install-dist_htmlDATA install-dist_iconDATA install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-infDATA install-info install-info-am \ + install-initSCRIPTS install-initconfigDATA install-ldifDATA \ + install-libLTLIBRARIES install-man install-man8 \ + install-nodist_cmdbinSCRIPTS install-nodist_configDATA \ + install-pdf install-pdf-am install-perlDATA \ + install-propertyDATA install-ps install-ps-am install-strip \ + install-systemdsystemunitDATA install-updateDATA \ install-updateSCRIPTS installcheck installcheck-am installdirs \ maintainer-clean maintainer-clean-generic mostlyclean \ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ diff -Nru 389-admin-1.1.30/VERSION.sh 389-admin-1.1.35/VERSION.sh --- 389-admin-1.1.30/VERSION.sh 2012-06-20 19:51:04.000000000 +0000 +++ 389-admin-1.1.35/VERSION.sh 2013-08-20 17:08:28.000000000 +0000 @@ -11,7 +11,7 @@ # PACKAGE_VERSION is constructed from these VERSION_MAJOR=1 VERSION_MINOR=1 -VERSION_MAINT=30 +VERSION_MAINT=35 # if this is a PRERELEASE, set VERSION_PREREL # otherwise, comment it out # be sure to include the dot prefix in the prerel diff -Nru 389-admin-1.1.30/aclocal.m4 389-admin-1.1.35/aclocal.m4 --- 389-admin-1.1.30/aclocal.m4 2012-06-20 19:51:04.000000000 +0000 +++ 389-admin-1.1.35/aclocal.m4 2013-08-20 17:08:28.000000000 +0000 @@ -1,8 +1,7 @@ -# generated automatically by aclocal 1.11.5 -*- Autoconf -*- +# generated automatically by aclocal 1.12.2 -*- Autoconf -*- + +# Copyright (C) 1996-2012 Free Software Foundation, Inc. -# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, -# 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation, -# Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -18,7 +17,7 @@ [m4_warning([this file was generated for autoconf 2.69. You have another version of autoconf. It may work, but is not guaranteed to. If you have problems, you may need to regenerate the build system entirely. -To do so, use the procedure documented by the package, typically `autoreconf'.])]) +To do so, use the procedure documented by the package, typically 'autoreconf'.])]) # pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*- # serial 1 (pkg-config-0.24) @@ -180,14 +179,53 @@ fi[]dnl ])# PKG_CHECK_MODULES -# Copyright (C) 2002, 2003, 2005, 2006, 2007, 2008, 2011 Free Software -# Foundation, Inc. + +# PKG_INSTALLDIR(DIRECTORY) +# ------------------------- +# Substitutes the variable pkgconfigdir as the location where a module +# should install pkg-config .pc files. By default the directory is +# $libdir/pkgconfig, but the default can be changed by passing +# DIRECTORY. The user can override through the --with-pkgconfigdir +# parameter. +AC_DEFUN([PKG_INSTALLDIR], +[m4_pushdef([pkg_default], [m4_default([$1], ['${libdir}/pkgconfig'])]) +m4_pushdef([pkg_description], + [pkg-config installation directory @<:@]pkg_default[@:>@]) +AC_ARG_WITH([pkgconfigdir], + [AS_HELP_STRING([--with-pkgconfigdir], pkg_description)],, + [with_pkgconfigdir=]pkg_default) +AC_SUBST([pkgconfigdir], [$with_pkgconfigdir]) +m4_popdef([pkg_default]) +m4_popdef([pkg_description]) +]) dnl PKG_INSTALLDIR + + +# PKG_NOARCH_INSTALLDIR(DIRECTORY) +# ------------------------- +# Substitutes the variable noarch_pkgconfigdir as the location where a +# module should install arch-independent pkg-config .pc files. By +# default the directory is $datadir/pkgconfig, but the default can be +# changed by passing DIRECTORY. The user can override through the +# --with-noarch-pkgconfigdir parameter. +AC_DEFUN([PKG_NOARCH_INSTALLDIR], +[m4_pushdef([pkg_default], [m4_default([$1], ['${datadir}/pkgconfig'])]) +m4_pushdef([pkg_description], + [pkg-config arch-independent installation directory @<:@]pkg_default[@:>@]) +AC_ARG_WITH([noarch-pkgconfigdir], + [AS_HELP_STRING([--with-noarch-pkgconfigdir], pkg_description)],, + [with_noarch_pkgconfigdir=]pkg_default) +AC_SUBST([noarch_pkgconfigdir], [$with_noarch_pkgconfigdir]) +m4_popdef([pkg_default]) +m4_popdef([pkg_description]) +]) dnl PKG_NOARCH_INSTALLDIR + +# Copyright (C) 2002-2012 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 1 +# serial 8 # AM_AUTOMAKE_VERSION(VERSION) # ---------------------------- @@ -195,10 +233,10 @@ # generated from the m4 files accompanying Automake X.Y. # (This private macro should not be called outside this file.) AC_DEFUN([AM_AUTOMAKE_VERSION], -[am__api_version='1.11' +[am__api_version='1.12' dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to dnl require some minimum version. Point them to the right macro. -m4_if([$1], [1.11.5], [], +m4_if([$1], [1.12.2], [], [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl ]) @@ -214,24 +252,24 @@ # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. # This function is AC_REQUIREd by AM_INIT_AUTOMAKE. AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], -[AM_AUTOMAKE_VERSION([1.11.5])dnl +[AM_AUTOMAKE_VERSION([1.12.2])dnl m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) # AM_AUX_DIR_EXPAND -*- Autoconf -*- -# Copyright (C) 2001, 2003, 2005, 2011 Free Software Foundation, Inc. +# Copyright (C) 2001-2012 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 1 +# serial 2 # For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets -# $ac_aux_dir to `$srcdir/foo'. In other projects, it is set to -# `$srcdir', `$srcdir/..', or `$srcdir/../..'. +# $ac_aux_dir to '$srcdir/foo'. In other projects, it is set to +# '$srcdir', '$srcdir/..', or '$srcdir/../..'. # # Of course, Automake must honor this variable whenever it calls a # tool from the auxiliary directory. The problem is that $srcdir (and @@ -250,7 +288,7 @@ # # The reason of the latter failure is that $top_srcdir and $ac_aux_dir # are both prefixed by $srcdir. In an in-source build this is usually -# harmless because $srcdir is `.', but things will broke when you +# harmless because $srcdir is '.', but things will broke when you # start a VPATH build or use an absolute $srcdir. # # So we could use something similar to $top_srcdir/$ac_aux_dir/missing, @@ -276,22 +314,21 @@ # AM_CONDITIONAL -*- Autoconf -*- -# Copyright (C) 1997, 2000, 2001, 2003, 2004, 2005, 2006, 2008 -# Free Software Foundation, Inc. +# Copyright (C) 1997-2012 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 9 +# serial 10 # AM_CONDITIONAL(NAME, SHELL-CONDITION) # ------------------------------------- # Define a conditional. AC_DEFUN([AM_CONDITIONAL], -[AC_PREREQ(2.52)dnl - ifelse([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])], - [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl +[AC_PREREQ([2.52])dnl + m4_if([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])], + [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl AC_SUBST([$1_TRUE])dnl AC_SUBST([$1_FALSE])dnl _AM_SUBST_NOTMAKE([$1_TRUE])dnl @@ -310,16 +347,15 @@ Usually this means the macro was only invoked conditionally.]]) fi])]) -# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2009, -# 2010, 2011 Free Software Foundation, Inc. +# Copyright (C) 1999-2012 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 12 +# serial 17 -# There are a few dirty hacks below to avoid letting `AC_PROG_CC' be +# There are a few dirty hacks below to avoid letting 'AC_PROG_CC' be # written in clear, in which case automake, when reading aclocal.m4, # will think it sees a *use*, and therefore will trigger all it's # C support machinery. Also note that it means that autoscan, seeing @@ -329,7 +365,7 @@ # _AM_DEPENDENCIES(NAME) # ---------------------- # See how the compiler implements dependency checking. -# NAME is "CC", "CXX", "GCJ", or "OBJC". +# NAME is "CC", "CXX", "OBJC", "OBJCXX", "UPC", or "GJC". # We try a few techniques and use that to set a single cache variable. # # We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was @@ -342,12 +378,13 @@ AC_REQUIRE([AM_MAKE_INCLUDE])dnl AC_REQUIRE([AM_DEP_TRACK])dnl -ifelse([$1], CC, [depcc="$CC" am_compiler_list=], - [$1], CXX, [depcc="$CXX" am_compiler_list=], - [$1], OBJC, [depcc="$OBJC" am_compiler_list='gcc3 gcc'], - [$1], UPC, [depcc="$UPC" am_compiler_list=], - [$1], GCJ, [depcc="$GCJ" am_compiler_list='gcc3 gcc'], - [depcc="$$1" am_compiler_list=]) +m4_if([$1], [CC], [depcc="$CC" am_compiler_list=], + [$1], [CXX], [depcc="$CXX" am_compiler_list=], + [$1], [OBJC], [depcc="$OBJC" am_compiler_list='gcc3 gcc'], + [$1], [OBJCXX], [depcc="$OBJCXX" am_compiler_list='gcc3 gcc'], + [$1], [UPC], [depcc="$UPC" am_compiler_list=], + [$1], [GCJ], [depcc="$GCJ" am_compiler_list='gcc3 gcc'], + [depcc="$$1" am_compiler_list=]) AC_CACHE_CHECK([dependency style of $depcc], [am_cv_$1_dependencies_compiler_type], @@ -355,8 +392,8 @@ # We make a subdir and do the tests there. Otherwise we can end up # making bogus files that we don't know about and never remove. For # instance it was reported that on HP-UX the gcc test will end up - # making a dummy file named `D' -- because `-MD' means `put the output - # in D'. + # making a dummy file named 'D' -- because '-MD' means "put the output + # in D". rm -rf conftest.dir mkdir conftest.dir # Copy depcomp to subdir because otherwise we won't find it if we're @@ -396,16 +433,16 @@ : > sub/conftest.c for i in 1 2 3 4 5 6; do echo '#include "conftst'$i'.h"' >> sub/conftest.c - # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with - # Solaris 8's {/usr,}/bin/sh. - touch sub/conftst$i.h + # Using ": > sub/conftst$i.h" creates only sub/conftst1.h with + # Solaris 10 /bin/sh. + echo '/* dummy */' > sub/conftst$i.h done echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf - # We check with `-c' and `-o' for the sake of the "dashmstdout" + # We check with '-c' and '-o' for the sake of the "dashmstdout" # mode. It turns out that the SunPro C++ compiler does not properly - # handle `-M -o', and we need to detect this. Also, some Intel - # versions had trouble with output in subdirs + # handle '-M -o', and we need to detect this. Also, some Intel + # versions had trouble with output in subdirs. am__obj=sub/conftest.${OBJEXT-o} am__minus_obj="-o $am__obj" case $depmode in @@ -414,8 +451,8 @@ test "$am__universal" = false || continue ;; nosideeffect) - # after this tag, mechanisms are not by side-effect, so they'll - # only be used when explicitly requested + # After this tag, mechanisms are not by side-effect, so they'll + # only be used when explicitly requested. if test "x$enable_dependency_tracking" = xyes; then continue else @@ -423,7 +460,7 @@ fi ;; msvc7 | msvc7msys | msvisualcpp | msvcmsys) - # This compiler won't grok `-c -o', but also, the minuso test has + # This compiler won't grok '-c -o', but also, the minuso test has # not run yet. These depmodes are late enough in the game, and # so weak that their functioning should not be impacted. am__obj=conftest.${OBJEXT-o} @@ -471,7 +508,7 @@ # AM_SET_DEPDIR # ------------- # Choose a directory name for dependency files. -# This macro is AC_REQUIREd in _AM_DEPENDENCIES +# This macro is AC_REQUIREd in _AM_DEPENDENCIES. AC_DEFUN([AM_SET_DEPDIR], [AC_REQUIRE([AM_SET_LEADING_DOT])dnl AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl @@ -481,9 +518,13 @@ # AM_DEP_TRACK # ------------ AC_DEFUN([AM_DEP_TRACK], -[AC_ARG_ENABLE(dependency-tracking, -[ --disable-dependency-tracking speeds up one-time build - --enable-dependency-tracking do not reject slow dependency extractors]) +[AC_ARG_ENABLE([dependency-tracking], [dnl +AS_HELP_STRING( + [--enable-dependency-tracking], + [do not reject slow dependency extractors]) +AS_HELP_STRING( + [--disable-dependency-tracking], + [speeds up one-time build])]) if test "x$enable_dependency_tracking" != xno; then am_depcomp="$ac_aux_dir/depcomp" AMDEPBACKSLASH='\' @@ -498,14 +539,13 @@ # Generate code to set up dependency tracking. -*- Autoconf -*- -# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2008 -# Free Software Foundation, Inc. +# Copyright (C) 1999-2012 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -#serial 5 +# serial 6 # _AM_OUTPUT_DEPENDENCY_COMMANDS # ------------------------------ @@ -524,7 +564,7 @@ # Strip MF so we end up with the name of the file. mf=`echo "$mf" | sed -e 's/:.*$//'` # Check whether this is an Automake generated Makefile or not. - # We used to match only the files named `Makefile.in', but + # We used to match only the files named 'Makefile.in', but # some people rename them; so instead we look at the file content. # Grep'ing the first line is not enough: some people post-process # each Makefile.in and add a new line on top of each file to say so. @@ -536,21 +576,19 @@ continue fi # Extract the definition of DEPDIR, am__include, and am__quote - # from the Makefile without running `make'. + # from the Makefile without running 'make'. DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` test -z "$DEPDIR" && continue am__include=`sed -n 's/^am__include = //p' < "$mf"` test -z "am__include" && continue am__quote=`sed -n 's/^am__quote = //p' < "$mf"` - # When using ansi2knr, U may be empty or an underscore; expand it - U=`sed -n 's/^U = //p' < "$mf"` # Find all dependency output files, they are included files with # $(DEPDIR) in their names. We invoke sed twice because it is the # simplest approach to changing $(DEPDIR) to its actual value in the # expansion. for file in `sed -n " s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ - sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do + sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g'`; do # Make sure the directory exists. test -f "$dirpart/$file" && continue fdir=`AS_DIRNAME(["$file"])` @@ -568,7 +606,7 @@ # This macro should only be invoked once -- use via AC_REQUIRE. # # This code is only required when automatic dependency tracking -# is enabled. FIXME. This creates each `.P' file that we will +# is enabled. FIXME. This creates each '.P' file that we will # need in order to bootstrap the dependency handling code. AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS], [AC_CONFIG_COMMANDS([depfiles], @@ -578,14 +616,13 @@ # Do all the work for Automake. -*- Autoconf -*- -# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, -# 2005, 2006, 2008, 2009 Free Software Foundation, Inc. +# Copyright (C) 1996-2012 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 16 +# serial 19 # This macro actually does too much. Some checks are only needed if # your package does certain things. But this isn't really a big deal. @@ -631,31 +668,41 @@ # Define the identity of the package. dnl Distinguish between old-style and new-style calls. m4_ifval([$2], -[m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl +[AC_DIAGNOSE([obsolete], +[$0: two- and three-arguments forms are deprecated. For more info, see: +http://www.gnu.org/software/automake/manual/automake.html#Modernize-AM_INIT_AUTOMAKE-invocation]) +m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl AC_SUBST([PACKAGE], [$1])dnl AC_SUBST([VERSION], [$2])], [_AM_SET_OPTIONS([$1])dnl dnl Diagnose old-style AC_INIT with new-style AM_AUTOMAKE_INIT. -m4_if(m4_ifdef([AC_PACKAGE_NAME], 1)m4_ifdef([AC_PACKAGE_VERSION], 1), 11,, +m4_if( + m4_ifdef([AC_PACKAGE_NAME], [ok]):m4_ifdef([AC_PACKAGE_VERSION], [ok]), + [ok:ok],, [m4_fatal([AC_INIT should be called with package and version arguments])])dnl AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl _AM_IF_OPTION([no-define],, -[AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package]) - AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])])dnl +[AC_DEFINE_UNQUOTED([PACKAGE], ["$PACKAGE"], [Name of package]) + AC_DEFINE_UNQUOTED([VERSION], ["$VERSION"], [Version number of package])])dnl # Some tools Automake needs. AC_REQUIRE([AM_SANITY_CHECK])dnl AC_REQUIRE([AC_ARG_PROGRAM])dnl -AM_MISSING_PROG(ACLOCAL, aclocal-${am__api_version}) -AM_MISSING_PROG(AUTOCONF, autoconf) -AM_MISSING_PROG(AUTOMAKE, automake-${am__api_version}) -AM_MISSING_PROG(AUTOHEADER, autoheader) -AM_MISSING_PROG(MAKEINFO, makeinfo) +AM_MISSING_PROG([ACLOCAL], [aclocal-${am__api_version}]) +AM_MISSING_PROG([AUTOCONF], [autoconf]) +AM_MISSING_PROG([AUTOMAKE], [automake-${am__api_version}]) +AM_MISSING_PROG([AUTOHEADER], [autoheader]) +AM_MISSING_PROG([MAKEINFO], [makeinfo]) AC_REQUIRE([AM_PROG_INSTALL_SH])dnl AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl -AC_REQUIRE([AM_PROG_MKDIR_P])dnl +AC_REQUIRE([AC_PROG_MKDIR_P])dnl +# For better backward compatibility. To be removed once Automake 1.9.x +# dies out for good. For more background, see: +# +# +AC_SUBST([mkdir_p], ['$(MKDIR_P)']) # We need awk for the "check" target. The system "awk" is bad on # some platforms. AC_REQUIRE([AC_PROG_AWK])dnl @@ -666,28 +713,35 @@ [_AM_PROG_TAR([v7])])]) _AM_IF_OPTION([no-dependencies],, [AC_PROVIDE_IFELSE([AC_PROG_CC], - [_AM_DEPENDENCIES(CC)], - [define([AC_PROG_CC], - defn([AC_PROG_CC])[_AM_DEPENDENCIES(CC)])])dnl + [_AM_DEPENDENCIES([CC])], + [m4_define([AC_PROG_CC], + m4_defn([AC_PROG_CC])[_AM_DEPENDENCIES([CC])])])dnl AC_PROVIDE_IFELSE([AC_PROG_CXX], - [_AM_DEPENDENCIES(CXX)], - [define([AC_PROG_CXX], - defn([AC_PROG_CXX])[_AM_DEPENDENCIES(CXX)])])dnl + [_AM_DEPENDENCIES([CXX])], + [m4_define([AC_PROG_CXX], + m4_defn([AC_PROG_CXX])[_AM_DEPENDENCIES([CXX])])])dnl AC_PROVIDE_IFELSE([AC_PROG_OBJC], - [_AM_DEPENDENCIES(OBJC)], - [define([AC_PROG_OBJC], - defn([AC_PROG_OBJC])[_AM_DEPENDENCIES(OBJC)])])dnl + [_AM_DEPENDENCIES([OBJC])], + [m4_define([AC_PROG_OBJC], + m4_defn([AC_PROG_OBJC])[_AM_DEPENDENCIES([OBJC])])])dnl +dnl Support for Objective C++ was only introduced in Autoconf 2.65, +dnl but we still cater to Autoconf 2.62. +m4_ifdef([AC_PROG_OBJCXX], +[AC_PROVIDE_IFELSE([AC_PROG_OBJCXX], + [_AM_DEPENDENCIES([OBJCXX])], + [m4_define([AC_PROG_OBJCXX], + m4_defn([AC_PROG_OBJCXX])[_AM_DEPENDENCIES([OBJCXX])])])])dnl ]) _AM_IF_OPTION([silent-rules], [AC_REQUIRE([AM_SILENT_RULES])])dnl -dnl The `parallel-tests' driver may need to know about EXEEXT, so add the -dnl `am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen. This macro +dnl The 'parallel-tests' driver may need to know about EXEEXT, so add the +dnl 'am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen. This macro dnl is hooked onto _AC_COMPILER_EXEEXT early, see below. AC_CONFIG_COMMANDS_PRE(dnl [m4_provide_if([_AM_COMPILER_EXEEXT], [AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])])])dnl ]) -dnl Hook into `_AC_COMPILER_EXEEXT' early to learn its expansion. Do not +dnl Hook into '_AC_COMPILER_EXEEXT' early to learn its expansion. Do not dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further dnl mangled by Autoconf and run in a shell conditional statement. m4_define([_AC_COMPILER_EXEEXT], @@ -715,14 +769,13 @@ done echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count]) -# Copyright (C) 2001, 2003, 2005, 2008, 2011 Free Software Foundation, -# Inc. +# Copyright (C) 2001-2012 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 1 +# serial 8 # AM_PROG_INSTALL_SH # ------------------ @@ -737,9 +790,9 @@ install_sh="\${SHELL} $am_aux_dir/install-sh" esac fi -AC_SUBST(install_sh)]) +AC_SUBST([install_sh])]) -# Copyright (C) 2003, 2005 Free Software Foundation, Inc. +# Copyright (C) 2003-2012 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -763,20 +816,19 @@ # Add --enable-maintainer-mode option to configure. -*- Autoconf -*- # From Jim Meyering -# Copyright (C) 1996, 1998, 2000, 2001, 2002, 2003, 2004, 2005, 2008, -# 2011 Free Software Foundation, Inc. +# Copyright (C) 1996-2012 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 5 +# serial 7 # AM_MAINTAINER_MODE([DEFAULT-MODE]) # ---------------------------------- # Control maintainer-specific portions of Makefiles. -# Default is to disable them, unless `enable' is passed literally. -# For symmetry, `disable' may be passed as well. Anyway, the user +# Default is to disable them, unless 'enable' is passed literally. +# For symmetry, 'disable' may be passed as well. Anyway, the user # can override the default with the --enable/--disable switch. AC_DEFUN([AM_MAINTAINER_MODE], [m4_case(m4_default([$1], [disable]), @@ -787,10 +839,11 @@ AC_MSG_CHECKING([whether to enable maintainer-specific portions of Makefiles]) dnl maintainer-mode's default is 'disable' unless 'enable' is passed AC_ARG_ENABLE([maintainer-mode], -[ --][am_maintainer_other][-maintainer-mode am_maintainer_other make rules and dependencies not useful - (and sometimes confusing) to the casual installer], - [USE_MAINTAINER_MODE=$enableval], - [USE_MAINTAINER_MODE=]m4_if(am_maintainer_other, [enable], [no], [yes])) + [AS_HELP_STRING([--]am_maintainer_other[-maintainer-mode], + am_maintainer_other[ make rules and dependencies not useful + (and sometimes confusing) to the casual installer])], + [USE_MAINTAINER_MODE=$enableval], + [USE_MAINTAINER_MODE=]m4_if(am_maintainer_other, [enable], [no], [yes])) AC_MSG_RESULT([$USE_MAINTAINER_MODE]) AM_CONDITIONAL([MAINTAINER_MODE], [test $USE_MAINTAINER_MODE = yes]) MAINT=$MAINTAINER_MODE_TRUE @@ -802,13 +855,13 @@ # Check to see how 'make' treats includes. -*- Autoconf -*- -# Copyright (C) 2001, 2002, 2003, 2005, 2009 Free Software Foundation, Inc. +# Copyright (C) 2001-2012 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 4 +# serial 5 # AM_MAKE_INCLUDE() # ----------------- @@ -827,7 +880,7 @@ _am_result=none # First try GNU make style include. echo "include confinc" > confmf -# Ignore all kinds of additional output from `make'. +# Ignore all kinds of additional output from 'make'. case `$am_make -s -f confmf 2> /dev/null` in #( *the\ am__doit\ target*) am__include=include @@ -852,8 +905,7 @@ rm -f confinc confmf ]) -# Copyright (C) 1999, 2000, 2001, 2003, 2004, 2005, 2008 -# Free Software Foundation, Inc. +# Copyright (C) 1999-2012 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -889,14 +941,13 @@ # Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- -# Copyright (C) 1997, 1999, 2000, 2001, 2003, 2004, 2005, 2008 -# Free Software Foundation, Inc. +# Copyright (C) 1997-2012 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 6 +# serial 7 # AM_MISSING_PROG(NAME, PROGRAM) # ------------------------------ @@ -926,49 +977,19 @@ am_missing_run="$MISSING --run " else am_missing_run= - AC_MSG_WARN([`missing' script is too old or missing]) + AC_MSG_WARN(['missing' script is too old or missing]) fi ]) -# Copyright (C) 2003, 2004, 2005, 2006, 2011 Free Software Foundation, -# Inc. -# -# This file is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# serial 1 - -# AM_PROG_MKDIR_P -# --------------- -# Check for `mkdir -p'. -AC_DEFUN([AM_PROG_MKDIR_P], -[AC_PREREQ([2.60])dnl -AC_REQUIRE([AC_PROG_MKDIR_P])dnl -dnl Automake 1.8 to 1.9.6 used to define mkdir_p. We now use MKDIR_P, -dnl while keeping a definition of mkdir_p for backward compatibility. -dnl @MKDIR_P@ is magic: AC_OUTPUT adjusts its value for each Makefile. -dnl However we cannot define mkdir_p as $(MKDIR_P) for the sake of -dnl Makefile.ins that do not define MKDIR_P, so we do our own -dnl adjustment using top_builddir (which is defined more often than -dnl MKDIR_P). -AC_SUBST([mkdir_p], ["$MKDIR_P"])dnl -case $mkdir_p in - [[\\/$]]* | ?:[[\\/]]*) ;; - */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;; -esac -]) - # Helper functions for option handling. -*- Autoconf -*- -# Copyright (C) 2001, 2002, 2003, 2005, 2008, 2010 Free Software -# Foundation, Inc. +# Copyright (C) 2001-2012 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 5 +# serial 6 # _AM_MANGLE_OPTION(NAME) # ----------------------- @@ -979,7 +1000,7 @@ # -------------------- # Set option NAME. Presently that only means defining a flag for this option. AC_DEFUN([_AM_SET_OPTION], -[m4_define(_AM_MANGLE_OPTION([$1]), 1)]) +[m4_define(_AM_MANGLE_OPTION([$1]), [1])]) # _AM_SET_OPTIONS(OPTIONS) # ------------------------ @@ -995,22 +1016,18 @@ # Check to make sure that the build environment is sane. -*- Autoconf -*- -# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005, 2008 -# Free Software Foundation, Inc. +# Copyright (C) 1996-2012 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 5 +# serial 9 # AM_SANITY_CHECK # --------------- AC_DEFUN([AM_SANITY_CHECK], [AC_MSG_CHECKING([whether build environment is sane]) -# Just in case -sleep 1 -echo timestamp > conftest.file # Reject unsafe characters in $srcdir or the absolute working directory # name. Accept space and tab only in the latter. am_lf=' @@ -1021,32 +1038,40 @@ esac case $srcdir in *[[\\\"\#\$\&\'\`$am_lf\ \ ]]*) - AC_MSG_ERROR([unsafe srcdir value: `$srcdir']);; + AC_MSG_ERROR([unsafe srcdir value: '$srcdir']);; esac -# Do `set' in a subshell so we don't clobber the current shell's +# Do 'set' in a subshell so we don't clobber the current shell's # arguments. Must try -L first in case configure is actually a # symlink; some systems play weird games with the mod time of symlinks # (eg FreeBSD returns the mod time of the symlink's containing # directory). if ( - set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` - if test "$[*]" = "X"; then - # -L didn't work. - set X `ls -t "$srcdir/configure" conftest.file` - fi - rm -f conftest.file - if test "$[*]" != "X $srcdir/configure conftest.file" \ - && test "$[*]" != "X conftest.file $srcdir/configure"; then - - # If neither matched, then we have a broken ls. This can happen - # if, for instance, CONFIG_SHELL is bash and it inherits a - # broken ls alias from the environment. This has actually - # happened. Such a system could not be considered "sane". - AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken -alias in your environment]) - fi - + am_has_slept=no + for am_try in 1 2; do + echo "timestamp, slept: $am_has_slept" > conftest.file + set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` + if test "$[*]" = "X"; then + # -L didn't work. + set X `ls -t "$srcdir/configure" conftest.file` + fi + if test "$[*]" != "X $srcdir/configure conftest.file" \ + && test "$[*]" != "X conftest.file $srcdir/configure"; then + + # If neither matched, then we have a broken ls. This can happen + # if, for instance, CONFIG_SHELL is bash and it inherits a + # broken ls alias from the environment. This has actually + # happened. Such a system could not be considered "sane". + AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken + alias in your environment]) + fi + if test "$[2]" = conftest.file || test $am_try -eq 2; then + break + fi + # Just in case. + sleep 1 + am_has_slept=yes + done test "$[2]" = conftest.file ) then @@ -1056,39 +1081,55 @@ AC_MSG_ERROR([newly created file is older than distributed files! Check your system clock]) fi -AC_MSG_RESULT(yes)]) +AC_MSG_RESULT([yes]) +# If we didn't sleep, we still need to ensure time stamps of config.status and +# generated files are strictly newer. +am_sleep_pid= +if grep 'slept: no' conftest.file >/dev/null 2>&1; then + ( sleep 1 ) & + am_sleep_pid=$! +fi +AC_CONFIG_COMMANDS_PRE( + [AC_MSG_CHECKING([that generated files are newer than configure]) + if test -n "$am_sleep_pid"; then + # Hide warnings about reused PIDs. + wait $am_sleep_pid 2>/dev/null + fi + AC_MSG_RESULT([done])]) +rm -f conftest.file +]) -# Copyright (C) 2001, 2003, 2005, 2011 Free Software Foundation, Inc. +# Copyright (C) 2001-2012 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 1 +# serial 2 # AM_PROG_INSTALL_STRIP # --------------------- -# One issue with vendor `install' (even GNU) is that you can't +# One issue with vendor 'install' (even GNU) is that you can't # specify the program used to strip binaries. This is especially # annoying in cross-compiling environments, where the build's strip # is unlikely to handle the host's binaries. # Fortunately install-sh will honor a STRIPPROG variable, so we -# always use install-sh in `make install-strip', and initialize +# always use install-sh in "make install-strip", and initialize # STRIPPROG with the value of the STRIP variable (set by the user). AC_DEFUN([AM_PROG_INSTALL_STRIP], [AC_REQUIRE([AM_PROG_INSTALL_SH])dnl -# Installed binaries are usually stripped using `strip' when the user -# run `make install-strip'. However `strip' might not be the right +# Installed binaries are usually stripped using 'strip' when the user +# run "make install-strip". However 'strip' might not be the right # tool to use in cross-compilation environments, therefore Automake -# will honor the `STRIP' environment variable to overrule this program. -dnl Don't test for $cross_compiling = yes, because it might be `maybe'. +# will honor the 'STRIP' environment variable to overrule this program. +dnl Don't test for $cross_compiling = yes, because it might be 'maybe'. if test "$cross_compiling" != no; then AC_CHECK_TOOL([STRIP], [strip], :) fi INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" AC_SUBST([INSTALL_STRIP_PROGRAM])]) -# Copyright (C) 2006, 2008, 2010 Free Software Foundation, Inc. +# Copyright (C) 2006-2012 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1109,18 +1150,18 @@ # Check how to create a tarball. -*- Autoconf -*- -# Copyright (C) 2004, 2005, 2012 Free Software Foundation, Inc. +# Copyright (C) 2004-2012 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 2 +# serial 3 # _AM_PROG_TAR(FORMAT) # -------------------- # Check how to create a tarball in format FORMAT. -# FORMAT should be one of `v7', `ustar', or `pax'. +# FORMAT should be one of 'v7', 'ustar', or 'pax'. # # Substitute a variable $(am__tar) that is a command # writing to stdout a FORMAT-tarball containing the directory @@ -1143,7 +1184,7 @@ _am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none' _am_tools=${am_cv_prog_tar_$1-$_am_tools} # Do not fold the above two line into one, because Tru64 sh and -# Solaris sh will not grok spaces in the rhs of `-'. +# Solaris sh will not grok spaces in the rhs of '-'. for _am_tool in $_am_tools do case $_am_tool in diff -Nru 389-admin-1.1.30/admserv/cfgstuff/httpd-2.4.conf.in 389-admin-1.1.35/admserv/cfgstuff/httpd-2.4.conf.in --- 389-admin-1.1.30/admserv/cfgstuff/httpd-2.4.conf.in 1970-01-01 00:00:00.000000000 +0000 +++ 389-admin-1.1.35/admserv/cfgstuff/httpd-2.4.conf.in 2013-08-20 17:08:28.000000000 +0000 @@ -0,0 +1,742 @@ +# BEGIN COPYRIGHT BLOCK +# Copyright (C) 2013 Red Hat, Inc. +# All rights reserved. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; version 2 +# of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# + +# END COPYRIGHT BLOCK +# +# Based upon the NCSA server configuration files originally by Rob McCool. +# +# This is the main Apache server configuration file. It contains the +# configuration directives that give the server its instructions. +# See for detailed information about +# the directives. +# +# Do NOT simply read the instructions in here without understanding +# what they do. They're here only as hints or reminders. If you are unsure +# consult the online docs. You have been warned. +# +# The configuration directives are grouped into three basic sections: +# 1. Directives that control the operation of the Apache server process as a +# whole (the 'global environment'). +# 2. Directives that define the parameters of the 'main' or 'default' server, +# which responds to requests that aren't handled by a virtual host. +# These directives also provide default values for the settings +# of all virtual hosts. +# 3. Settings for virtual hosts, which allow Web requests to be sent to +# different IP addresses or hostnames and have them handled by the +# same Apache server process. +# +# Configuration and logfile names: If the filenames you specify for many +# of the server's control files begin with "/" (or "drive:/" for Win32), the +# server will use that explicit path. If the filenames do *not* begin +# with "/", the value of ServerRoot is prepended -- so "logs/foo.log" +# with ServerRoot set to "/path/redhat/apache" will be interpreted by the +# server as "/path/redhat/apache/logs/foo.log". +# + +### Section 1: Global Environment +# +# The directives in this section affect the overall operation of Apache, +# such as the number of concurrent requests it can handle or where it +# can find its configuration files. +# + +# +# ServerRoot: The top of the directory tree under which the server's +# configuration, error, and log files are kept. +# +# NOTE! If you intend to place this on an NFS (or otherwise network) +# mounted filesystem then please read the LockFile documentation (available +# at ); +# you will save yourself a lot of trouble. +# +# Do NOT add a slash at the end of the directory path. +# +#ServerRoot This is passed in via the start-admin command line + +# +# Timeout: The number of seconds before receives and sends time out. +# +Timeout 300 + +# +# KeepAlive: Whether or not to allow persistent connections (more than +# one request per connection). Set to "Off" to deactivate. +# +KeepAlive Off + +# +# MaxKeepAliveRequests: The maximum number of requests to allow +# during a persistent connection. Set to 0 to allow an unlimited amount. +# We recommend you leave this number high, for maximum performance. +# +MaxKeepAliveRequests 100 + +# +# KeepAliveTimeout: Number of seconds to wait for the next request from the +# same client on the same connection. +# +KeepAliveTimeout 15 + +# The console bombs on the x.y.z version format, so omit the .z +ServerTokens Minor + +# start one server in multi threaded mode +StartServers 1 +# mtm +ServerLimit 1 + +MaxClients 64 +MinSpareThreads 32 +MaxSpareThreads 64 +ThreadsPerChild 64 + +# +# Dynamic Shared Object (DSO) Support +# +# To be able to use the functionality of a module which was built as a DSO you +# have to place corresponding `LoadModule' lines at this location so the +# directives contained in it are actually available _before_ they are used. +# Statically compiled modules (those listed by `httpd -l') do not need +# to be loaded here. +# +# Example: +# LoadModule foo_module modules/mod_foo.so +LoadModule authz_host_module @moddir@/mod_authz_host.so +LoadModule auth_basic_module @moddir@/mod_auth_basic.so +LoadModule authn_file_module @moddir@/mod_authn_file.so +LoadModule log_config_module @moddir@/mod_log_config.so +LoadModule env_module @moddir@/mod_env.so +LoadModule mime_magic_module @moddir@/mod_mime_magic.so +LoadModule unique_id_module @moddir@/mod_unique_id.so +LoadModule setenvif_module @moddir@/mod_setenvif.so +LoadModule mime_module @moddir@/mod_mime.so +LoadModule negotiation_module @moddir@/mod_negotiation.so +LoadModule dir_module @moddir@/mod_dir.so +LoadModule alias_module @moddir@/mod_alias.so +LoadModule rewrite_module @moddir@/mod_rewrite.so +LoadModule cgi_module @moddir@/mod_cgi.so +LoadModule restartd_module @admmoddir@/mod_restartd.so +LoadModule nss_module @nssmoddir@/libmodnss.so +LoadModule admserv_module @admmoddir@/mod_admserv.so +LoadModule mpm_worker_module @moddir@/mod_mpm_worker.so +LoadModule access_compat_module @moddir@/mod_access_compat.so +LoadModule authn_core_module @moddir@/mod_authn_core.so +LoadModule authz_core_module @moddir@/mod_authz_core.so +LoadModule authz_user_module @moddir@/mod_authz_user.so +LoadModule unixd_module @moddir@/mod_unixd.so + +### Section 2: 'Main' server configuration +# +# The directives in this section set up the values used by the 'main' +# server, which responds to any requests that aren't handled by a +# definition. These values also provide defaults for +# any containers you may define later in the file. +# +# All of these directives may appear inside containers, +# in which case these default settings will be overridden for the +# virtual host being defined. +# + +# +# ServerAdmin: Your address, where problems with the server should be +# e-mailed. This address appears on some server-generated pages, such +# as error documents. e.g. admin@your-domain.com +# +#ServerAdmin you@example.com + +# +# ServerName gives the name and port that the server uses to identify itself. +# This can often be determined automatically, but we recommend you specify +# it explicitly to prevent problems during startup. +# +# If this is not set to valid DNS name for your host, server-generated +# redirections will not work. See also the UseCanonicalName directive. +# +# If your host doesn't have a registered DNS name, enter its IP address here. +# You will have to access it by its address anyway, and this will make +# redirections work in a sensible way. +# +#ServerName www.example.com:80 + +# +# UseCanonicalName: Determines how Apache constructs self-referencing +# URLs and the SERVER_NAME and SERVER_PORT variables. +# When set "Off", Apache will use the Hostname and Port supplied +# by the client. When set "On", Apache will use the value of the +# ServerName directive. +# +UseCanonicalName Off + +# +# DocumentRoot: The directory out of which you will serve your +# documents. By default, all requests are taken from this directory, but +# symbolic links and aliases may be used to point to other locations. +# +DocumentRoot @htmldir@ + +# +# Each directory to which Apache has access can be configured with respect +# to which services and features are allowed and/or disabled in that +# directory (and its subdirectories). +# +# First, we configure the "default" to be a very restrictive set of +# features. +# + + Options FollowSymLinks + AllowOverride None + + +# +# Note that from this point forward you must specifically allow +# particular features to be enabled - so if something's not working as +# you might expect, make sure that you have specifically enabled it +# below. +# + +# +# This should be changed to whatever you set DocumentRoot to. +# + + +# +# Possible values for the Options directive are "None", "All", +# or any combination of: +# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews +# +# Note that "MultiViews" must be named *explicitly* --- "Options All" +# doesn't give it to you. +# +# The Options directive is both complicated and important. Please see +# http://httpd.apache.org/docs-2.0/mod/core.html#options +# for more information. +# + Options Indexes FollowSymLinks + +# +# AllowOverride controls what directives may be placed in .htaccess files. +# It can be "All", "None", or any combination of the keywords: +# Options FileInfo AuthConfig Limit +# + AllowOverride None + +# +# Controls who can get stuff from this server. +# By default, no one may access anything +# Access must be explicitly granted in admserv.conf + Order deny,allow + Deny from all + + + +# +# DirectoryIndex: sets the file that Apache will serve if a directory +# is requested. +# +# The index.html.var file (a type-map) is used to deliver content- +# negotiated documents. The MultiViews Option can be used for the +# same purpose, but it is much slower. +# +DirectoryIndex index.html index.html.var + +# +# AccessFileName: The name of the file to look for in each directory +# for additional configuration directives. See also the AllowOverride +# directive. +# +AccessFileName .htaccess + +# +# The following lines prevent .htaccess and .htpasswd files from being +# viewed by Web clients. +# + + Order allow,deny + Deny from all + + +# +# TypesConfig describes where the mime.types file (or equivalent) is +# to be found. +# +TypesConfig /etc/mime.types + +# +# DefaultType is the default MIME type the server will use for a document +# if it cannot otherwise determine one, such as from filename extensions. +# If your server contains mostly text or HTML documents, "text/plain" is +# a good value. If most of your content is binary, such as applications +# or images, you may want to use "application/octet-stream" instead to +# keep browsers from trying to display binary files as though they are +# text. +# +DefaultType none + +# +# The mod_mime_magic module allows the server to use various hints from the +# contents of the file itself to determine its type. The MIMEMagicFile +# directive tells the module where the hint definitions are located. +# + + MIMEMagicFile @mimemagic@ + + +# +# HostnameLookups: Log the names of clients or just their IP addresses +# e.g., www.apache.org (on) or 204.62.129.132 (off). +# The default is off because it'd be overall better for the net if people +# had to knowingly turn this feature on, since enabling it means that +# each client request will result in AT LEAST one lookup request to the +# nameserver. +# +HostnameLookups Off + +# +# EnableMMAP: Control whether memory-mapping is used to deliver +# files (assuming that the underlying OS supports it). +# The default is on; turn this off if you serve from NFS-mounted +# filesystems. On some systems, turning it off (regardless of +# filesystem) can improve performance; for details, please see +# http://httpd.apache.org/docs-2.0/mod/core.html#enablemmap +# +#EnableMMAP off + +# +# EnableSendfile: Control whether the sendfile kernel support is +# used to deliver files (assuming that the OS supports it). +# The default is on; turn this off if you serve from NFS-mounted +# filesystems. Please see +# http://httpd.apache.org/docs-2.0/mod/core.html#enablesendfile +# +#EnableSendfile off + +# +# LogLevel: Control the number of messages logged to the error_log. +# Possible values include: debug, info, notice, warn, error, crit, +# alert, emerg. +# +LogLevel warn + +# +# The following directives define some format nicknames for use with +# a CustomLog directive (see below). +# +LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %b" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent + +# You need to enable mod_logio.c to use %I and %O +#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio + +# +# Optionally add a line containing the server version and virtual host +# name to server-generated pages (internal error documents, FTP directory +# listings, mod_status and mod_info output etc., but not CGI generated +# documents or custom error documents). +# Set to "EMail" to also include a mailto: link to the ServerAdmin. +# Set to one of: On | Off | EMail +# +ServerSignature On + +# +# Aliases: Add here as many aliases as you need (with no limit). The format is +# Alias fakename realname +# +# Note that if you include a trailing / on fakename then the server will +# require it to be present in the URL. So "/icons" isn't aliased in this +# example, only "/icons/". If the fakename is slash-terminated, then the +# realname must also be slash terminated, and if the fakename omits the +# trailing slash, the realname must also omit it. +# +# We include the /icons/ alias for FancyIndexed directory listings. If you +# do not use FancyIndexing, you may comment this out. +# + +# +# This should be changed to the ServerRoot/manual/. The alias provides +# the manual, even if you choose to move your DocumentRoot. You may comment +# this out if you do not care for the documentation. +# + +# +# ScriptAlias: This controls which directories contain server scripts. +# ScriptAliases are essentially the same as Aliases, except that +# documents in the realname directory are treated as applications and +# run by the server when requested rather than as documents sent to the client. +# The same rules about trailing "/" apply to ScriptAlias directives as to +# Alias. +# + + +# +# Additional to mod_cgid.c settings, mod_cgid has Scriptsock +# for setting UNIX socket for communicating with cgid. +# +Scriptsock @piddir@/admin-serv.cgisock + + +# and this one is for mod_restartd because mod_cgid will consume the other one +Scriptsock @piddir@/admin-serv.cgisock + +# +# Redirect allows you to tell clients about documents which used to exist in +# your server's namespace, but do not anymore. This allows you to tell the +# clients where to look for the relocated document. +# Example: +# Redirect permanent /foo http://www.example.com/bar + +# +# DefaultLanguage and AddLanguage allows you to specify the language of +# a document. You can then use content negotiation to give a browser a +# file in a language the user can understand. +# +# Specify a default language. This means that all data +# going out without a specific language tag (see below) will +# be marked with this one. You probably do NOT want to set +# this unless you are sure it is correct for all cases. +# +# * It is generally better to not mark a page as +# * being a certain language than marking it with the wrong +# * language! +# +# DefaultLanguage nl +# +# Note 1: The suffix does not have to be the same as the language +# keyword --- those with documents in Polish (whose net-standard +# language code is pl) may wish to use "AddLanguage pl .po" to +# avoid the ambiguity with the common suffix for perl scripts. +# +# Note 2: The example entries below illustrate that in some cases +# the two character 'Language' abbreviation is not identical to +# the two character 'Country' code for its country, +# E.g. 'Danmark/dk' versus 'Danish/da'. +# +# Note 3: In the case of 'ltz' we violate the RFC by using a three char +# specifier. There is 'work in progress' to fix this and get +# the reference data for rfc1766 cleaned up. +# +# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl) +# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de) +# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja) +# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn) +# Norwegian (no) - Polish (pl) - Portugese (pt) +# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv) +# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW) +# +AddLanguage ca .ca +AddLanguage cs .cz .cs +AddLanguage da .dk +AddLanguage de .de +AddLanguage el .el +AddLanguage en .en +AddLanguage eo .eo +AddLanguage es .es +AddLanguage et .et +AddLanguage fr .fr +AddLanguage he .he +AddLanguage hr .hr +AddLanguage it .it +AddLanguage ja .ja +AddLanguage ko .ko +AddLanguage ltz .ltz +AddLanguage nl .nl +AddLanguage nn .nn +AddLanguage no .no +AddLanguage pl .po +AddLanguage pt .pt +AddLanguage pt-BR .pt-br +AddLanguage ru .ru +AddLanguage sv .sv +AddLanguage zh-CN .zh-cn +AddLanguage zh-TW .zh-tw + +# +# LanguagePriority allows you to give precedence to some languages +# in case of a tie during content negotiation. +# +# Just list the languages in decreasing order of preference. We have +# more or less alphabetized them here. You probably want to change this. +# +LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW + +# +# ForceLanguagePriority allows you to serve a result page rather than +# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback) +# [in case no accepted languages matched the available variants] +# +ForceLanguagePriority Prefer Fallback + +# +# Commonly used filename extensions to character sets. You probably +# want to avoid clashes with the language extensions, unless you +# are good at carefully testing your setup after each change. +# See http://www.iana.org/assignments/character-sets for the +# official list of charset names and their respective RFCs. +# +AddCharset ISO-8859-1 .iso8859-1 .latin1 +AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen +AddCharset ISO-8859-3 .iso8859-3 .latin3 +AddCharset ISO-8859-4 .iso8859-4 .latin4 +AddCharset ISO-8859-5 .iso8859-5 .latin5 .cyr .iso-ru +AddCharset ISO-8859-6 .iso8859-6 .latin6 .arb +AddCharset ISO-8859-7 .iso8859-7 .latin7 .grk +AddCharset ISO-8859-8 .iso8859-8 .latin8 .heb +AddCharset ISO-8859-9 .iso8859-9 .latin9 .trk +AddCharset ISO-2022-JP .iso2022-jp .jis +AddCharset ISO-2022-KR .iso2022-kr .kis +AddCharset ISO-2022-CN .iso2022-cn .cis +AddCharset Big5 .Big5 .big5 +# For russian, more than one charset is used (depends on client, mostly): +AddCharset WINDOWS-1251 .cp-1251 .win-1251 +AddCharset CP866 .cp866 +AddCharset KOI8-r .koi8-r .koi8-ru +AddCharset KOI8-ru .koi8-uk .ua +AddCharset ISO-10646-UCS-2 .ucs2 +AddCharset ISO-10646-UCS-4 .ucs4 +AddCharset UTF-8 .utf8 + +# The set below does not map to a specific (iso) standard +# but works on a fairly wide range of browsers. Note that +# capitalization actually matters (it should not, but it +# does for some browsers). +# +# See http://www.iana.org/assignments/character-sets +# for a list of sorts. But browsers support few. +# +AddCharset GB2312 .gb2312 .gb +AddCharset utf-7 .utf7 +AddCharset utf-8 .utf8 +AddCharset big5 .big5 .b5 +AddCharset EUC-TW .euc-tw +AddCharset EUC-JP .euc-jp +AddCharset EUC-KR .euc-kr +AddCharset shift_jis .sjis + +# +# AddType allows you to add to or override the MIME configuration +# file mime.types for specific file types. +# +#AddType application/x-tar .tgz +# +# AddEncoding allows you to have certain browsers uncompress +# information on the fly. Note: Not all browsers support this. +# Despite the name similarity, the following Add* directives have nothing +# to do with the FancyIndexing customization directives above. +# +#AddEncoding x-compress .Z +#AddEncoding x-gzip .gz .tgz +# +# If the AddEncoding directives above are commented-out, then you +# probably should define those extensions to indicate media types: +# +AddType application/x-compress .Z +AddType application/x-gzip .gz .tgz + +# +# AddHandler allows you to map certain file extensions to "handlers": +# actions unrelated to filetype. These can be either built into the server +# or added with the Action directive (see below) +# +# To use CGI scripts outside of ScriptAliased directories: +# (You will also need to add "ExecCGI" to the "Options" directive.) +# +AddHandler cgi-script .pl + +# +# For files that include their own HTTP headers: +# +#AddHandler send-as-is asis + +# +# For server-parsed imagemap files: +# +#AddHandler imap-file map + +# +# For type maps (negotiated resources): +# (This is enabled by default to allow the Apache "It Worked" page +# to be distributed in multiple languages.) +# +AddHandler type-map var + +# +# Filters allow you to process content before it is sent to the client. +# +# To parse .shtml files for server-side includes (SSI): +# (You will also need to add "Includes" to the "Options" directive.) +# +#AddType text/html .shtml +#AddOutputFilter INCLUDES .shtml + +# +# Action lets you define media types that will execute a script whenever +# a matching file is called. This eliminates the need for repeated URL +# pathnames for oft-used CGI file processors. +# Format: Action media/type /cgi-script/location +# Format: Action handler-name /cgi-script/location +# + +# +# Customizable error responses come in three flavors: +# 1) plain text 2) local redirects 3) external redirects +# +# Some examples: +#ErrorDocument 500 "The server made a boo boo." +#ErrorDocument 404 /missing.html +#ErrorDocument 404 "/cgi-bin/missing_handler.pl" +#ErrorDocument 402 http://www.example.com/subscription_info.html +# + +# +# Putting this all together, we can internationalize error responses. +# +# We use Alias to redirect any /error/HTTP_.html.var response to +# our collection of by-error message multi-language collections. We use +# includes to substitute the appropriate text. +# +# You can modify the messages' appearance without changing any of the +# default HTTP_.html.var files by adding the line: +# +# Alias /error/include/ "/your/include/path/" +# +# which allows you to create your own set of files by starting with the +# /path/to/error/include/ files and copying them to /your/include/path/, +# even on a per-VirtualHost basis. The default include files will display +# your Apache version number and your ServerAdmin email address regardless +# of the setting of ServerSignature. +# +# The internationalized error documents require mod_alias, mod_include +# and mod_negotiation. To activate them, uncomment the following 30 lines. + +# Alias /error/ "/path/redhat/apache/error/" +# +# +# AllowOverride None +# Options IncludesNoExec +# AddOutputFilter Includes html +# AddHandler type-map var +# Order allow,deny +# Allow from all +# LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr +# ForceLanguagePriority Prefer Fallback +# +# +# ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var +# ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var +# ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var +# ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var +# ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var +# ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var +# ErrorDocument 410 /error/HTTP_GONE.html.var +# ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var +# ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var +# ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var +# ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var +# ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var +# ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var +# ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var +# ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var +# ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var +# ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var + + +# +# The following directives modify normal HTTP response behavior to +# handle known problems with browser implementations. +# +BrowserMatch "Mozilla/2" nokeepalive +BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 +BrowserMatch "RealPlayer 4\.0" force-response-1.0 +BrowserMatch "Java/1\.0" force-response-1.0 +BrowserMatch "JDK/1\.0" force-response-1.0 + +# +# The following directive disables redirects on non-GET requests for +# a directory that does not include the trailing slash. This fixes a +# problem with Microsoft WebFolders which does not appropriately handle +# redirects for folders with DAV methods. +# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV. +# +BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully +BrowserMatch "^WebDrive" redirect-carefully +BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully +BrowserMatch "^gnome-vfs" redirect-carefully + +# +# Allow server status reports generated by mod_status, +# with the URL of http://servername/server-status +# Change the ".example.com" to match your domain to enable. +# +# +# SetHandler server-status +# Order deny,allow +# Deny from all +# Allow from .example.com +# + +# +# Allow remote server configuration reports, with the URL of +# http://servername/server-info (requires that mod_info.c be loaded). +# Change the ".example.com" to match your domain to enable. +# +# +# SetHandler server-info +# Order deny,allow +# Deny from all +# Allow from .example.com +# + + +### Section 3: Virtual Hosts +# +# VirtualHost: If you want to maintain multiple domains/hostnames on your +# machine you can setup VirtualHost containers for them. Most configurations +# use only name-based virtual hosts so the server doesn't need to worry about +# IP addresses. This is indicated by the asterisks in the directives below. +# +# Please see the documentation at +# +# for further details before you try to setup virtual hosts. +# +# You may use the command line option '-S' to verify your virtual host +# configuration. + +# +# Use name-based virtual hosting. +# +#NameVirtualHost *:80 + +# +# VirtualHost example: +# Almost any Apache directive may go into a VirtualHost container. +# The first VirtualHost section is used for requests without a known +# server name. +# +# +# ServerAdmin webmaster@dummy-host.example.com +# DocumentRoot /www/docs/dummy-host.example.com +# ServerName dummy-host.example.com +# ErrorLog logs/dummy-host.example.com-error_log +# CustomLog logs/dummy-host.example.com-access_log common +# + +Include @configdir@/admserv.conf +Include @configdir@/nss.conf +Include @configdir@/console.conf diff -Nru 389-admin-1.1.30/admserv/cgi-src40/admpw.c 389-admin-1.1.35/admserv/cgi-src40/admpw.c --- 389-admin-1.1.30/admserv/cgi-src40/admpw.c 2012-06-20 19:51:04.000000000 +0000 +++ 389-admin-1.1.35/admserv/cgi-src40/admpw.c 2013-08-20 17:08:28.000000000 +0000 @@ -73,11 +73,10 @@ unsigned char hash[SHA1_LENGTH]; char *enc; char *retval; - SECStatus rc; int32 pwdlen = strlen(pwd); /* SHA1 hash the user's key */ - rc = PK11_HashBuf(SEC_OID_SHA1, hash, (unsigned char *)pwd, pwdlen); + PK11_HashBuf(SEC_OID_SHA1, hash, (unsigned char *)pwd, pwdlen); /* convert to base64 */ if (!(enc = BTOA_DataToAscii(hash, sizeof(hash)))) { return NULL; @@ -181,6 +180,7 @@ int errorcode = 0; char *configdir = util_get_conf_dir(); + (void)_ai; /* get rid of unused variable warning */ logMsg(" In %s\n", argv[0]); i18nInit(); diff -Nru 389-admin-1.1.30/admserv/cgi-src40/config.c 389-admin-1.1.35/admserv/cgi-src40/config.c --- 389-admin-1.1.30/admserv/cgi-src40/config.c 2012-06-20 19:51:04.000000000 +0000 +++ 389-admin-1.1.35/admserv/cgi-src40/config.c 2013-08-20 17:08:28.000000000 +0000 @@ -155,9 +155,8 @@ char **inputs = 0; char *operation = 0; char *qs = 0; - char *nameptr, *valptr, *val; + char *nameptr, *valptr; char error_info[128]; - char *valsbuf[2]; int setFlag = 0, getFlag = 0, forceSetFlag = 0; int ignorePsetErrors = 0; AttributeList resultList, nvl; @@ -176,11 +175,9 @@ while (waitforever); #endif + (void)_ai; /* get rid of unused variable warning */ i18nResource = res_find_and_init_resource(PROPERTYDIR, RESOURCE_FILE); - valsbuf[0] = NULL; - valsbuf[1] = NULL; - memset((void *)errp, 0, sizeof(int)); method = getenv("REQUEST_METHOD"); @@ -620,7 +617,7 @@ #endif errorCode = PSET_OP_OK; - val = psetGetAttrSingleValue(pset, nameptr, &errorCode); + (void)psetGetAttrSingleValue(pset, nameptr, &errorCode); if (errorCode && !ignorePsetErrors) { if (forceSetFlag) addSingleValueAttribute(addList, j++, nameptr, valptr); diff -Nru 389-admin-1.1.30/admserv/cgi-src40/dsconfig.c 389-admin-1.1.35/admserv/cgi-src40/dsconfig.c --- 389-admin-1.1.30/admserv/cgi-src40/dsconfig.c 2012-06-20 19:51:04.000000000 +0000 +++ 389-admin-1.1.35/admserv/cgi-src40/dsconfig.c 2013-08-20 17:08:28.000000000 +0000 @@ -159,6 +159,7 @@ logMsg(" In %s\n", argv[0]); + (void)_ai; /* get rid of unused variable warning */ i18nInit(); /* GET or POST method */ diff -Nru 389-admin-1.1.30/admserv/cgi-src40/htmladmin.c 389-admin-1.1.35/admserv/cgi-src40/htmladmin.c --- 389-admin-1.1.30/admserv/cgi-src40/htmladmin.c 2012-06-20 19:51:04.000000000 +0000 +++ 389-admin-1.1.35/admserv/cgi-src40/htmladmin.c 2013-08-20 17:08:28.000000000 +0000 @@ -1582,6 +1582,7 @@ const char *configdir = util_get_conf_dir(); const char *secdir = util_get_security_dir(); + (void)_ai; /* get rid of unused variable warning */ i18nResource = res_find_and_init_resource(PROPERTYDIR, RESOURCE_FILE); acceptLanguage = "en"; if (lang) acceptLanguage = strdup(lang); diff -Nru 389-admin-1.1.30/admserv/cgi-src40/monreplication.c 389-admin-1.1.35/admserv/cgi-src40/monreplication.c --- 389-admin-1.1.30/admserv/cgi-src40/monreplication.c 2012-06-20 19:51:04.000000000 +0000 +++ 389-admin-1.1.35/admserv/cgi-src40/monreplication.c 2013-08-20 17:08:28.000000000 +0000 @@ -85,6 +85,7 @@ char configfile[256] = {'\0'}; char *resstr; + (void)_ai; /* get rid of unused variable warning */ i18nInit(); fprintf(stdout, "Content-type: text/html;charset=utf-8\n\n"); diff -Nru 389-admin-1.1.30/admserv/cgi-src40/restartsrv.c 389-admin-1.1.35/admserv/cgi-src40/restartsrv.c --- 389-admin-1.1.30/admserv/cgi-src40/restartsrv.c 2012-06-20 19:51:04.000000000 +0000 +++ 389-admin-1.1.35/admserv/cgi-src40/restartsrv.c 2013-08-20 17:08:28.000000000 +0000 @@ -125,6 +125,7 @@ char *acceptLanguage = (char*)"en", *lang=getenv((char*)"HTTP_ACCEPT_LANGUAGE"); Resource *i18nResource = NULL; + (void)_ai; /* get rid of unused variable warning */ i18nResource = res_find_and_init_resource(PROPERTYDIR, RESOURCE_FILE); if (lang) acceptLanguage = strdup(lang); @@ -184,10 +185,10 @@ break; case 0: #if defined(WITH_SYSTEMD) - PL_strncpyz(line, sizeof(line), "/bin/systemctl restart " PACKAGE_NAME ".service"); + PL_strncpyz(line, "/bin/systemctl restart " PACKAGE_NAME ".service", sizeof(line)); restart(line); #elif defined(ENABLE_SERVICE) - PL_strncpyz(line, sizeof(line), "service " PACKAGE_NAME " restart"); + PL_strncpyz(line, "service " PACKAGE_NAME " restart", sizeof(line)); restart(line); #else if (util_find_file_in_paths(line, sizeof(line), "restart-ds-admin", CMDBINDIR, "../..", "")) { diff -Nru 389-admin-1.1.30/admserv/cgi-src40/sec-activate.c 389-admin-1.1.35/admserv/cgi-src40/sec-activate.c --- 389-admin-1.1.30/admserv/cgi-src40/sec-activate.c 2012-06-20 19:51:04.000000000 +0000 +++ 389-admin-1.1.35/admserv/cgi-src40/sec-activate.c 2013-08-20 17:08:28.000000000 +0000 @@ -81,7 +81,7 @@ #define DBT_PSET_INV_ATTR resource_key(RESOURCE_FILE, "16") #define DBT_ADMIN_CONF_MOD resource_key(RESOURCE_FILE, "17") -static int update_conf(char *configdir, char *file, char *name, char *val); +static int update_conf(char *configdir, char *file, char *name, char *val, int quoted); Resource *i18nResource; char *acceptLanguage; @@ -499,6 +499,7 @@ AdmldapInfo ldapInfo = NULL; char *lang; + (void)_ai; /* get rid of unused variable warning */ memset((void *)errp, 0, sizeof(int)); method = getenv("REQUEST_METHOD"); @@ -619,7 +620,7 @@ /* change security parameters in console.conf */ if (strcmp(security, "off")==0) { - rv = update_conf(configdir, "console.conf", "NSSEngine", "off"); + rv = update_conf(configdir, "console.conf", "NSSEngine", "off", 0); if (rv < 0) { rpt_err(APP_ERROR, NULL, getResourceString(DBT_ADMIN_CONF_MOD), NULL); } @@ -658,8 +659,8 @@ if (strlen(clientauth) == 0) { clientauth = (char*)"off"; } - rv = update_conf(configdir, "console.conf", "NSSEngine", "on"); - rv = update_conf(configdir, "console.conf", "NSSNickname", certnickname); + rv = update_conf(configdir, "console.conf", "NSSEngine", "on", 0); + rv = update_conf(configdir, "console.conf", "NSSNickname", certnickname, 1); strcpy(protocols, ""); @@ -669,17 +670,17 @@ strcat(protocols, "SSLv3,TLSv1,"); protocols[strlen(protocols) - 1] = '\0'; /* remove trailing comma */ - rv = update_conf(configdir, "console.conf", "NSSProtocol", protocols); + rv = update_conf(configdir, "console.conf", "NSSProtocol", protocols, 0); snprintf(ciphers, sizeof(ciphers), "%s,%s", ssl2, merged_ssl3); PR_smprintf_free(merged_ssl3); ciphers[sizeof(ciphers)-1] = 0; - rv = update_conf(configdir, "console.conf", "NSSCipherSuite", ciphers); + rv = update_conf(configdir, "console.conf", "NSSCipherSuite", ciphers, 0); if (!strcmp(clientauth, "on")) - rv = update_conf(configdir, "console.conf", "NSSVerifyClient", "require"); + rv = update_conf(configdir, "console.conf", "NSSVerifyClient", "require", 0); else - rv = update_conf(configdir, "console.conf", "NSSVerifyClient", "none"); + rv = update_conf(configdir, "console.conf", "NSSVerifyClient", "none", 0); if (rv < 0) { rpt_err(APP_ERROR, NULL, getResourceString(DBT_ADMIN_CONF_MOD), NULL); @@ -703,7 +704,7 @@ * Modify any attribute in a configuration file with a name/value pair * If the attribute value is NULL, remove it from the file completely. */ -static int update_conf(char *configdir, char *file, char *name, char *val) { +static int update_conf(char *configdir, char *file, char *name, char *val, int quoted) { FILE *f; int i, modified=0; @@ -725,7 +726,11 @@ while(fgets(inbuf, sizeof(inbuf), f) != NULL) { if (strncasecmp(inbuf,name,strlen(name)) == 0) { /* Line starts with the attribute name */ if(val && *val != '\0') { - PR_snprintf(buf, sizeof(buf), "%s \"%s\"\n", name, val); + if (quoted) { + PR_snprintf(buf, sizeof(buf), "%s \"%s\"\n", name, val); + } else { + PR_snprintf(buf, sizeof(buf), "%s %s\n", name, val); + } lines[linecnt++] = strdup(buf); modified=1; } @@ -740,7 +745,11 @@ fclose(f); if (!modified && (val && *val != '\0')) { /* Add the attribute name/val pair*/ - PR_snprintf(buf, sizeof(buf), "%s \"%s\"\n", name, val); + if (quoted) { + PR_snprintf(buf, sizeof(buf), "%s \"%s\"\n", name, val); + } else { + PR_snprintf(buf, sizeof(buf), "%s %s\n", name, val); + } lines[linecnt++] = strdup(buf); } diff -Nru 389-admin-1.1.30/admserv/cgi-src40/security.c 389-admin-1.1.35/admserv/cgi-src40/security.c --- 389-admin-1.1.30/admserv/cgi-src40/security.c 2012-06-20 19:51:04.000000000 +0000 +++ 389-admin-1.1.35/admserv/cgi-src40/security.c 2013-08-20 17:08:28.000000000 +0000 @@ -73,11 +73,8 @@ } #endif -#ifdef NS_DOMESTIC -#define MAX_KEY_BITS 1024/*2048*/ -#else -#define MAX_KEY_BITS 512/*1024*/ -#endif +#define DEFAULT_KEY_BITS 2048 +#define MAX_KEY_BITS 4096 #define SUBJECT_NEW "Certificate request" #define SUBJECT_OLD "Certificate renewal" @@ -1064,6 +1061,8 @@ PRArenaPool *arena = NULL; PRBool error = PR_FALSE; char *line; + char *sSignAlgo = NULL; + int signAlgo = 0; /*DebugBreak();*/ /* convert subject name(DN) */ certName = CERT_AsciiToName(subjectName); @@ -1101,8 +1100,25 @@ /* Encode the result will get a "request blob" */ der = (SECItem *)SEC_ASN1EncodeItem(arena, result, request, SEC_ASN1_GET(CERT_CertificateRequestTemplate)); + /* Determine the signing algorithm to use. We default + * to SHA-1 and support SHA-256, SHA-384, and SHA-512. */ + sSignAlgo = get_cgi_var("signingalgo", NULL, NULL); + + if (!sSignAlgo || !PORT_Strcmp(sSignAlgo, "SHA-1")) { + signAlgo = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION; + } else if (!PORT_Strcmp(sSignAlgo, "SHA-256")) { + signAlgo = SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION; + } else if (!PORT_Strcmp(sSignAlgo, "SHA-384")) { + signAlgo = SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION; + } else if (!PORT_Strcmp(sSignAlgo, "SHA-512")) { + signAlgo = SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION; + } else { + /* Unknown algorithm, so just use the default. */ + signAlgo = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION; + } + /* Sign certificate request(the blob) with private key */ - if (SEC_DerSignData(arena, result, der->data, der->len, privateKey, SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION) != SECSuccess) { + if (SEC_DerSignData(arena, result, der->data, der->len, privateKey, signAlgo) != SECSuccess) { rpt_err(GENERAL_FAILURE, getResourceString(DBT_INTERNAL_ERROR), getResourceString(DBT_CSR_GEN_FAIL), @@ -1172,16 +1188,16 @@ /* generate key pair */ { - char *sKeySize = get_cgi_var("keysize", NULL, NULL); int keySize = 0; if (sKeySize) { keySize = atoi(sKeySize); } - - if ((keySize > MAX_KEY_BITS) || (keySize <=0)) { + if (keySize > MAX_KEY_BITS) { params.keySizeInBits = MAX_KEY_BITS; + } else if (keySize <= 0) { + params.keySizeInBits = DEFAULT_KEY_BITS; } else { params.keySizeInBits = keySize; } @@ -1194,12 +1210,7 @@ loser: if (privateKey==NULL) { - char *tmpLine = NULL; - - tmpLine = (char *)PR_Malloc(PR_GetErrorTextLength()+1); - PR_GetErrorText(tmpLine); - PR_snprintf(line, sizeof(line), "%d:%s", PR_GetError(), tmpLine); - PR_Free(tmpLine); + PR_snprintf(line, sizeof(line), "%d:%s", PR_GetError(), PR_ErrorToString(PR_GetError(), PR_LANGUAGE_EN)); rpt_err(GENERAL_FAILURE, getResourceString(DBT_INTERNAL_ERROR), @@ -1324,7 +1335,7 @@ * Decode and display a DER certificate. */ static void printDERCert(int isCACert) { - + SECStatus rv; char *derCertBase64 = getParameter("dercert",getResourceString(DBT_DER_CERT)); CERTDERCerts *collectArgs = decodeDERCert(derCertBase64); @@ -1341,12 +1352,23 @@ char *nickname = NULL; /*add all cert to temp */ - CERT_ImportCerts(certdb, certUsageSSLServer, + rv = CERT_ImportCerts(certdb, certUsageSSLServer, collectArgs->numcerts, &collectArgs->rawCerts, &retCerts, keepCerts, caOnly, nickname); - printCert(retCerts[collectArgs->numcerts-1], /*showDetail=*/PR_TRUE, certType); + if (rv == SECSuccess) { + printCert(retCerts[collectArgs->numcerts-1], /*showDetail=*/PR_TRUE, certType); + } else { + PR_snprintf(line, sizeof(line), "%d:%s", PR_GetError(), + PR_ErrorToString(PR_GetError(), PR_LANGUAGE_EN)); + + /* if unable to import report error */ + rpt_err(SYSTEM_ERROR, + getResourceString(DBT_INTERNAL_ERROR), + getResourceString(DBT_INSTALL_FAIL), + line); + } } } @@ -1378,11 +1400,15 @@ PRBool caOnly = PR_FALSE; char *nickname = certname; - CERT_ImportCerts(certdb, certUsageSSLServer, + rv = CERT_ImportCerts(certdb, certUsageSSLServer, ncerts, &collectArgs->rawCerts, &retCerts, keepCerts, caOnly, nickname); + if (rv != SECSuccess) { + goto bail; + } + cert = retCerts[0]; } @@ -1420,19 +1446,15 @@ /* import certificate to the PKCS11 module */ rv = PK11_ImportCertForKeyToSlot(slot, cert, certname, PR_TRUE, 0); +bail: if (rv != SECSuccess) { - { - char *tmpLine; + PR_snprintf(line, sizeof(line), "%d:%s", PR_GetError(), + PR_ErrorToString(PR_GetError(), PR_LANGUAGE_EN)); - tmpLine = (char *)PR_Malloc(PR_GetErrorTextLength()+1); - PR_GetErrorText(tmpLine); - PR_snprintf(line, sizeof(line), "%d:%s", PR_GetError(), tmpLine); - PR_Free(tmpLine); - } /* if unable to import report error */ - rpt_err(SYSTEM_ERROR, - getResourceString(DBT_INTERNAL_ERROR), - getResourceString(DBT_INSTALL_FAIL), + rpt_err(SYSTEM_ERROR, + getResourceString(DBT_INTERNAL_ERROR), + getResourceString(DBT_INSTALL_FAIL), line); } } @@ -1482,14 +1504,20 @@ rc = CERT_ImportCerts(certdb, (trustedCA ? certUsageSSLCA : certUsageAnyCA), collectArgs->numcerts, &collectArgs->rawCerts, &retCerts, keepCerts, caOnly, nickname); + + if (rc != SECSuccess) { + goto bail; + } + CERT_FindCertByDERCert(certdb, collectArgs->rawCerts); cert = retCerts[0]; rc = PK11_ImportCert(slot, cert, CK_INVALID_HANDLE, certname, PR_FALSE); + +bail: if (rc != SECSuccess) { - char *tmpLine = (char *)PR_Malloc(PR_GetErrorTextLength()+1); - PR_GetErrorText(tmpLine); - PR_snprintf(line, sizeof(line), "%d:%s", PR_GetError(), tmpLine); - PR_Free(tmpLine); + PR_snprintf(line, sizeof(line), "%d:%s", PR_GetError(), + PR_ErrorToString(PR_GetError(), PR_LANGUAGE_EN)); + /* if unable to import report error */ rpt_err(SYSTEM_ERROR, getResourceString(DBT_INTERNAL_ERROR), getResourceString(DBT_INSTALL_FAIL), line); @@ -2184,8 +2212,15 @@ } else if (!PORT_Strcmp(operation, "INIT_PIN")) { /* initialize internal token pin */ - initPin(getParameter("newpwd",getResourceString(DBT_PASSWORD)), - getParameter("confirmpwd",getResourceString(DBT_PASSWORD))); + + /* We fetch the paramters here for the benefit of the Console. If we call + * getParameter() as an argument to initPin, the calling order causes the + * error message that is returned to be out of order with the display in + * the UI. */ + char *newpwd = getParameter("newpwd",getResourceString(DBT_PASSWORD)); + char *confirmpwd = getParameter("confirmpwd",getResourceString(DBT_PASSWORD)); + + initPin(newpwd, confirmpwd); } else if (!PORT_Strcmp(operation, "DELETE_CACERT")) { /* remove a ca certificate */ @@ -2218,9 +2253,16 @@ /* currently change password only apply to key3.db, and we do not deal with change password for external token. User can do that via the software that comes with the hardware */ - changePassword(getParameter("oldpwd", getResourceString(DBT_OLD_PWD)), - getParameter("newpwd", getResourceString(DBT_NEW_PWD)), - getParameter("confirmpwd", getResourceString(DBT_CONFIRM_PWD))); + + /* We fetch the paramters here for the benefit of the Console. If we call + * getParameter() as an argument to initPin, the calling order causes the + * error message that is returned to be out of order with the display in + * the UI. */ + char *oldpwd = getParameter("oldpwd", getResourceString(DBT_OLD_PWD)); + char *newpwd = getParameter("newpwd", getResourceString(DBT_NEW_PWD)); + char *confirmpwd = getParameter("confirmpwd", getResourceString(DBT_CONFIRM_PWD)); + + changePassword(oldpwd, newpwd, confirmpwd); } else if (!PORT_Strcmp(operation, "INSTALL_CRL_CKL")) { /* install a crl/ckl certificate */ diff -Nru 389-admin-1.1.30/admserv/cgi-src40/security.properties 389-admin-1.1.35/admserv/cgi-src40/security.properties --- 389-admin-1.1.30/admserv/cgi-src40/security.properties 2012-06-20 19:51:04.000000000 +0000 +++ 389-admin-1.1.35/admserv/cgi-src40/security.properties 2013-08-20 17:08:28.000000000 +0000 @@ -39,7 +39,7 @@ security20 { "Slot not found." } security21 { "Unable to decode the certificate." } security22 { "Private key not found." } -security23 { "Fail to install certificate." } +security23 { "Failed to install certificate." } security24 { "Either this certificate is for another server, or this certificate was not requested using this server and the selected security device \"%s\"." } security25 { "Invalid DER certificate." } security26 { "Unable to extract any certificates." } @@ -58,7 +58,7 @@ security44 { "Unable to delete the CRL or CKL specified." } security45 { "Unable to find the CRL or CKL specified." } //#/* module operation */ -security50 { "Could not open file %s. File does not exist or filename is invalid." } +security50 { "Could not open file %s. File does not exist or filename is invalid. A filename that exists in the server security directory must be specified. Absolute or relative paths should not be specified." } security51 { "Could not add module found in file %s." } security52 { "The module has been successfully added. Please restart the console for changes to take effect." } security53 { "No file specified. Enter the full path of a file." } @@ -96,7 +96,7 @@ security110 { "Error decoding the CRL/CKL file. Please make sure it is valid." } security111 { "Error deleting the existing CRL/CKL in replacement process." } security112 { "Error writing the new CRL/CKL into the certificate database." } -security113 { "The file %s does not contain a valid CRL/CKL" } +security113 { "The file %s does not contain a valid CRL/CKL. Please make sure it is in the PEM format (base64 encoded DER)." } //#/* key/cert migration */ security120 { "Alias" } security121 { "Key or Certificate database doesn't exist in the old server root specified" } diff -Nru 389-admin-1.1.30/admserv/cgi-src40/statpingserv.c 389-admin-1.1.35/admserv/cgi-src40/statpingserv.c --- 389-admin-1.1.30/admserv/cgi-src40/statpingserv.c 2012-06-20 19:51:04.000000000 +0000 +++ 389-admin-1.1.35/admserv/cgi-src40/statpingserv.c 2013-08-20 17:08:28.000000000 +0000 @@ -75,6 +75,7 @@ char *portstr; struct PRFileInfo64 prfileinfo; + (void)_ai; /* get rid of unused variable warning */ m = getenv("REQUEST_METHOD"); if(!strcmp(m, "GET")) { diff -Nru 389-admin-1.1.30/admserv/cgi-src40/stopsrv.c 389-admin-1.1.35/admserv/cgi-src40/stopsrv.c --- 389-admin-1.1.30/admserv/cgi-src40/stopsrv.c 2012-06-20 19:51:04.000000000 +0000 +++ 389-admin-1.1.35/admserv/cgi-src40/stopsrv.c 2013-08-20 17:08:28.000000000 +0000 @@ -85,6 +85,7 @@ char *return_format = NULL; char *qs = 0; + (void)_ai; /* get rid of unused variable warning */ i18nResource = res_find_and_init_resource(PROPERTYDIR, RESOURCE_FILE); if (lang) acceptLanguage = strdup(lang); diff -Nru 389-admin-1.1.30/admserv/cgi-src40/ugdsconfig.c 389-admin-1.1.35/admserv/cgi-src40/ugdsconfig.c --- 389-admin-1.1.30/admserv/cgi-src40/ugdsconfig.c 2012-06-20 19:51:04.000000000 +0000 +++ 389-admin-1.1.35/admserv/cgi-src40/ugdsconfig.c 2013-08-20 17:08:28.000000000 +0000 @@ -179,6 +179,7 @@ const char *configdir = util_get_conf_dir(); const char *secdir = util_get_security_dir(); + (void)_ai; /* get rid of unused variable warning */ logMsg(" In %s\n", argv[0]); i18nInit(); diff -Nru 389-admin-1.1.30/admserv/cgi-src40/viewdata.c 389-admin-1.1.35/admserv/cgi-src40/viewdata.c --- 389-admin-1.1.30/admserv/cgi-src40/viewdata.c 2012-06-20 19:51:04.000000000 +0000 +++ 389-admin-1.1.35/admserv/cgi-src40/viewdata.c 2013-08-20 17:08:28.000000000 +0000 @@ -412,6 +412,7 @@ AdmldapInfo ldapInfo = get_adm_ldapinfo(configdir, secdir); + (void)_ai; /* get rid of unused variable warning */ i18nInit(); if(!get_bindinfo(&binddn, &bindpw)) diff -Nru 389-admin-1.1.30/admserv/cgi-src40/viewlog.c 389-admin-1.1.35/admserv/cgi-src40/viewlog.c --- 389-admin-1.1.30/admserv/cgi-src40/viewlog.c 2012-06-20 19:51:04.000000000 +0000 +++ 389-admin-1.1.35/admserv/cgi-src40/viewlog.c 2013-08-20 17:08:28.000000000 +0000 @@ -341,6 +341,7 @@ int rc = 0; char *configdir = NULL; + (void)_ai; /* get rid of unused variable warning */ i18nInit(); fprintf(stdout, "Content-type: text/html;charset=utf-8\n\n"); diff -Nru 389-admin-1.1.30/admserv/newinst/src/AdminServer.pm.in 389-admin-1.1.35/admserv/newinst/src/AdminServer.pm.in --- 389-admin-1.1.30/admserv/newinst/src/AdminServer.pm.in 2012-06-20 19:51:04.000000000 +0000 +++ 389-admin-1.1.35/admserv/newinst/src/AdminServer.pm.in 2013-08-20 17:08:28.000000000 +0000 @@ -412,6 +412,20 @@ print CONSOLECONF @contents; close (CONSOLECONF); } + my @savefiles = qw(admserv.conf httpd.conf nss.conf console.conf cert8.db key3.db secmod.db); + if (! -d "$admConf->{configdir}/bakup") { + if (system ("mkdir -p $admConf->{configdir}/bakup")) { + debug(0, "Error backing up $admConf->{configdir}/console.conf failed: $!"); + } + } + # backup savefiles for "remove-ds-admin.pl -a" + foreach my $savefile (@savefiles) { + if (! -f "$admConf->{configdir}/bakup/$savefile") { + if (system ("cp -p $admConf->{configdir}/$savefile $admConf->{configdir}/bakup")) { + debug(0, "Error backing up $admConf->{configdir}/$savefile failed: $!"); + } + } + } return 1; } @@ -591,10 +605,10 @@ sub stopAdminServer { my $prog = "@sbindir@/stop-ds-admin"; - if ("@with_systemdsystemunitdir@") { - $prog = "/bin/systemctl stop @package_name@.service"; - } elsif ("@enable_service@") { + if ("@enable_service@") { $prog = "service @package_name@ stop"; + } elsif ("@systemdsystemunitdir@") { + $prog = "/bin/systemctl stop @package_name@.service"; } elsif (! -x $prog) { debug(1, "stopping admin server: no such program $prog: cannot stop server\n"); return 0; @@ -617,6 +631,7 @@ sub removeAdminServer { my $baseconfigdir = shift; my $force = shift; + my $all = shift; if (!stopAdminServer()) { if ($force) { debug(1, "Warning: Could not stop admin server - forcing continue\n"); @@ -737,6 +752,18 @@ } } closedir(CONFDIR); + if ($all) { + # restore backed up savefiles + foreach my $savefile (@savefiles) { + if (-f "$configdir/bakup/$savefile") { + if (system ("mv $configdir/bakup/$savefile $configdir")) { + debug(0, "Error Restoring $configdir/$savefile failed: $!"); + } + } + } + } + # Clean up the bakup dir + system ("rm -rf $configdir/bakup"); } else { debug(1, "Error: could not read config files in $configdir: $!"); if (!$force) { diff -Nru 389-admin-1.1.30/admserv/newinst/src/remove-ds-admin.pl.in 389-admin-1.1.35/admserv/newinst/src/remove-ds-admin.pl.in --- 389-admin-1.1.30/admserv/newinst/src/remove-ds-admin.pl.in 2012-06-20 19:51:04.000000000 +0000 +++ 389-admin-1.1.35/admserv/newinst/src/remove-ds-admin.pl.in 2013-08-20 17:08:28.000000000 +0000 @@ -31,6 +31,7 @@ sub usage { print(STDERR "Usage: $0 [-f] [-d -d ...]\n\n"); print(STDERR " Opts: -f - force removal\n"); + print(STDERR " -a - remove all\n"); print(STDERR " -d - turn on debugging output\n"); print(STDERR " -y - actually do the removal\n"); print(STDERR "WARNING: This command is extremely destructive!\n"); @@ -45,12 +46,15 @@ my $i = 0; my $force = ""; +my $all = 0; my $seeny; # load args from the command line while ($i <= $#ARGV) { if ( "$ARGV[$i]" eq "-f" ) { $force = 1; + } elsif ("$ARGV[$i]" eq "-a") { + $all = 1; } elsif ("$ARGV[$i]" eq "-d") { $DSUtil::debuglevel++; } elsif ( "$ARGV[$i]" eq "-y" ) { @@ -95,7 +99,7 @@ exit 1; } } - @errs = removeDSInstance($inst, $force); + @errs = removeDSInstance($inst, $force, $all); if (@errs) { print STDERR "The following errors occurred during removal of $inst:\n"; for (@errs) { @@ -109,7 +113,7 @@ } # remove the admin server -if (@errs = removeAdminServer($baseconfigdir, $force)) { +if (@errs = removeAdminServer($baseconfigdir, $force, $all)) { print STDERR "The following errors occurred during removal of the admin server:\n"; for (@errs) { print STDERR $res->getText($_); diff -Nru 389-admin-1.1.30/compile 389-admin-1.1.35/compile --- 389-admin-1.1.30/compile 2012-06-20 19:51:04.000000000 +0000 +++ 389-admin-1.1.35/compile 2013-08-20 17:08:28.000000000 +0000 @@ -3,8 +3,7 @@ scriptversion=2012-03-05.13; # UTC -# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2009, 2010, 2012 Free -# Software Foundation, Inc. +# Copyright (C) 1999-2012 Free Software Foundation, Inc. # Written by Tom Tromey . # # This program is free software; you can redistribute it and/or modify diff -Nru 389-admin-1.1.30/config.guess 389-admin-1.1.35/config.guess --- 389-admin-1.1.30/config.guess 2012-06-20 19:51:04.000000000 +0000 +++ 389-admin-1.1.35/config.guess 2013-08-20 17:08:28.000000000 +0000 @@ -4,7 +4,7 @@ # 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, # 2011, 2012 Free Software Foundation, Inc. -timestamp='2012-02-10' +timestamp='2012-06-10' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -1256,7 +1256,7 @@ NEO-?:NONSTOP_KERNEL:*:*) echo neo-tandem-nsk${UNAME_RELEASE} exit ;; - NSE-?:NONSTOP_KERNEL:*:*) + NSE-*:NONSTOP_KERNEL:*:*) echo nse-tandem-nsk${UNAME_RELEASE} exit ;; NSR-?:NONSTOP_KERNEL:*:*) diff -Nru 389-admin-1.1.30/config.sub 389-admin-1.1.35/config.sub --- 389-admin-1.1.30/config.sub 2012-06-20 19:51:04.000000000 +0000 +++ 389-admin-1.1.35/config.sub 2013-08-20 17:08:28.000000000 +0000 @@ -4,7 +4,7 @@ # 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, # 2011, 2012 Free Software Foundation, Inc. -timestamp='2012-02-10' +timestamp='2012-04-18' # This file is (in principle) common to ALL GNU software. # The presence of a machine in this file suggests that SOME GNU software @@ -225,6 +225,12 @@ -isc*) basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; + -lynx*178) + os=-lynxos178 + ;; + -lynx*5) + os=-lynxos5 + ;; -lynx*) os=-lynxos ;; @@ -1537,6 +1543,9 @@ c4x-* | tic4x-*) os=-coff ;; + hexagon-*) + os=-elf + ;; tic54x-*) os=-coff ;; diff -Nru 389-admin-1.1.30/configure 389-admin-1.1.35/configure --- 389-admin-1.1.30/configure 2012-06-20 19:51:04.000000000 +0000 +++ 389-admin-1.1.35/configure 2013-08-20 17:08:28.000000000 +0000 @@ -1552,10 +1552,13 @@ --disable-option-checking ignore unrecognized --enable/--with options --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) --enable-FEATURE[=ARG] include FEATURE [ARG=yes] - --enable-maintainer-mode enable make rules and dependencies not useful - (and sometimes confusing) to the casual installer - --disable-dependency-tracking speeds up one-time build - --enable-dependency-tracking do not reject slow dependency extractors + --enable-maintainer-mode + enable make rules and dependencies not useful (and + sometimes confusing) to the casual installer + --enable-dependency-tracking + do not reject slow dependency extractors + --disable-dependency-tracking + speeds up one-time build --enable-static[=PKGS] build static libraries [default=no] --enable-shared[=PKGS] build shared libraries [default=yes] --enable-fast-install[=PKGS] @@ -2682,7 +2685,7 @@ #define ADM_PACKAGE_STRING "$PACKAGE_STRING" _ACEOF -am__api_version='1.11' +am__api_version='1.12' ac_aux_dir= for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do @@ -2808,9 +2811,6 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5 $as_echo_n "checking whether build environment is sane... " >&6; } -# Just in case -sleep 1 -echo timestamp > conftest.file # Reject unsafe characters in $srcdir or the absolute working directory # name. Accept space and tab only in the latter. am_lf=' @@ -2821,32 +2821,40 @@ esac case $srcdir in *[\\\"\#\$\&\'\`$am_lf\ \ ]*) - as_fn_error $? "unsafe srcdir value: \`$srcdir'" "$LINENO" 5;; + as_fn_error $? "unsafe srcdir value: '$srcdir'" "$LINENO" 5;; esac -# Do `set' in a subshell so we don't clobber the current shell's +# Do 'set' in a subshell so we don't clobber the current shell's # arguments. Must try -L first in case configure is actually a # symlink; some systems play weird games with the mod time of symlinks # (eg FreeBSD returns the mod time of the symlink's containing # directory). if ( - set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` - if test "$*" = "X"; then - # -L didn't work. - set X `ls -t "$srcdir/configure" conftest.file` - fi - rm -f conftest.file - if test "$*" != "X $srcdir/configure conftest.file" \ - && test "$*" != "X conftest.file $srcdir/configure"; then - - # If neither matched, then we have a broken ls. This can happen - # if, for instance, CONFIG_SHELL is bash and it inherits a - # broken ls alias from the environment. This has actually - # happened. Such a system could not be considered "sane". - as_fn_error $? "ls -t appears to fail. Make sure there is not a broken -alias in your environment" "$LINENO" 5 - fi + am_has_slept=no + for am_try in 1 2; do + echo "timestamp, slept: $am_has_slept" > conftest.file + set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` + if test "$*" = "X"; then + # -L didn't work. + set X `ls -t "$srcdir/configure" conftest.file` + fi + if test "$*" != "X $srcdir/configure conftest.file" \ + && test "$*" != "X conftest.file $srcdir/configure"; then + # If neither matched, then we have a broken ls. This can happen + # if, for instance, CONFIG_SHELL is bash and it inherits a + # broken ls alias from the environment. This has actually + # happened. Such a system could not be considered "sane". + as_fn_error $? "ls -t appears to fail. Make sure there is not a broken + alias in your environment" "$LINENO" 5 + fi + if test "$2" = conftest.file || test $am_try -eq 2; then + break + fi + # Just in case. + sleep 1 + am_has_slept=yes + done test "$2" = conftest.file ) then @@ -2858,6 +2866,16 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } +# If we didn't sleep, we still need to ensure time stamps of config.status and +# generated files are strictly newer. +am_sleep_pid= +if grep 'slept: no' conftest.file >/dev/null 2>&1; then + ( sleep 1 ) & + am_sleep_pid=$! +fi + +rm -f conftest.file + test "$program_prefix" != NONE && program_transform_name="s&^&$program_prefix&;$program_transform_name" # Use a double $ so make ignores it. @@ -2884,8 +2902,8 @@ am_missing_run="$MISSING --run " else am_missing_run= - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`missing' script is too old or missing" >&5 -$as_echo "$as_me: WARNING: \`missing' script is too old or missing" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: 'missing' script is too old or missing" >&5 +$as_echo "$as_me: WARNING: 'missing' script is too old or missing" >&2;} fi if test x"${install_sh}" != xset; then @@ -2897,10 +2915,10 @@ esac fi -# Installed binaries are usually stripped using `strip' when the user -# run `make install-strip'. However `strip' might not be the right +# Installed binaries are usually stripped using 'strip' when the user +# run "make install-strip". However 'strip' might not be the right # tool to use in cross-compilation environments, therefore Automake -# will honor the `STRIP' environment variable to overrule this program. +# will honor the 'STRIP' environment variable to overrule this program. if test "$cross_compiling" != no; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. @@ -3039,12 +3057,6 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5 $as_echo "$MKDIR_P" >&6; } -mkdir_p="$MKDIR_P" -case $mkdir_p in - [\\/$]* | ?:[\\/]*) ;; - */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;; -esac - for ac_prog in gawk mawk nawk awk do # Extract the first word of "$ac_prog", so it can be a program name with args. @@ -3177,6 +3189,12 @@ MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"} +# For better backward compatibility. To be removed once Automake 1.9.x +# dies out for good. For more background, see: +# +# +mkdir_p='$(MKDIR_P)' + # We need awk for the "check" target. The system "awk" is bad on # some platforms. # Always define AMTAR for backward compatibility. Yes, it's still used @@ -3826,7 +3844,7 @@ _am_result=none # First try GNU make style include. echo "include confinc" > confmf -# Ignore all kinds of additional output from `make'. +# Ignore all kinds of additional output from 'make'. case `$am_make -s -f confmf 2> /dev/null` in #( *the\ am__doit\ target*) am__include=include @@ -3882,8 +3900,8 @@ # We make a subdir and do the tests there. Otherwise we can end up # making bogus files that we don't know about and never remove. For # instance it was reported that on HP-UX the gcc test will end up - # making a dummy file named `D' -- because `-MD' means `put the output - # in D'. + # making a dummy file named 'D' -- because '-MD' means "put the output + # in D". rm -rf conftest.dir mkdir conftest.dir # Copy depcomp to subdir because otherwise we won't find it if we're @@ -3918,16 +3936,16 @@ : > sub/conftest.c for i in 1 2 3 4 5 6; do echo '#include "conftst'$i'.h"' >> sub/conftest.c - # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with - # Solaris 8's {/usr,}/bin/sh. - touch sub/conftst$i.h + # Using ": > sub/conftst$i.h" creates only sub/conftst1.h with + # Solaris 10 /bin/sh. + echo '/* dummy */' > sub/conftst$i.h done echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf - # We check with `-c' and `-o' for the sake of the "dashmstdout" + # We check with '-c' and '-o' for the sake of the "dashmstdout" # mode. It turns out that the SunPro C++ compiler does not properly - # handle `-M -o', and we need to detect this. Also, some Intel - # versions had trouble with output in subdirs + # handle '-M -o', and we need to detect this. Also, some Intel + # versions had trouble with output in subdirs. am__obj=sub/conftest.${OBJEXT-o} am__minus_obj="-o $am__obj" case $depmode in @@ -3936,8 +3954,8 @@ test "$am__universal" = false || continue ;; nosideeffect) - # after this tag, mechanisms are not by side-effect, so they'll - # only be used when explicitly requested + # After this tag, mechanisms are not by side-effect, so they'll + # only be used when explicitly requested. if test "x$enable_dependency_tracking" = xyes; then continue else @@ -3945,7 +3963,7 @@ fi ;; msvc7 | msvc7msys | msvisualcpp | msvcmsys) - # This compiler won't grok `-c -o', but also, the minuso test has + # This compiler won't grok '-c -o', but also, the minuso test has # not run yet. These depmodes are late enough in the game, and # so weak that their functioning should not be impacted. am__obj=conftest.${OBJEXT-o} @@ -4549,8 +4567,8 @@ # We make a subdir and do the tests there. Otherwise we can end up # making bogus files that we don't know about and never remove. For # instance it was reported that on HP-UX the gcc test will end up - # making a dummy file named `D' -- because `-MD' means `put the output - # in D'. + # making a dummy file named 'D' -- because '-MD' means "put the output + # in D". rm -rf conftest.dir mkdir conftest.dir # Copy depcomp to subdir because otherwise we won't find it if we're @@ -4585,16 +4603,16 @@ : > sub/conftest.c for i in 1 2 3 4 5 6; do echo '#include "conftst'$i'.h"' >> sub/conftest.c - # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with - # Solaris 8's {/usr,}/bin/sh. - touch sub/conftst$i.h + # Using ": > sub/conftst$i.h" creates only sub/conftst1.h with + # Solaris 10 /bin/sh. + echo '/* dummy */' > sub/conftst$i.h done echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf - # We check with `-c' and `-o' for the sake of the "dashmstdout" + # We check with '-c' and '-o' for the sake of the "dashmstdout" # mode. It turns out that the SunPro C++ compiler does not properly - # handle `-M -o', and we need to detect this. Also, some Intel - # versions had trouble with output in subdirs + # handle '-M -o', and we need to detect this. Also, some Intel + # versions had trouble with output in subdirs. am__obj=sub/conftest.${OBJEXT-o} am__minus_obj="-o $am__obj" case $depmode in @@ -4603,8 +4621,8 @@ test "$am__universal" = false || continue ;; nosideeffect) - # after this tag, mechanisms are not by side-effect, so they'll - # only be used when explicitly requested + # After this tag, mechanisms are not by side-effect, so they'll + # only be used when explicitly requested. if test "x$enable_dependency_tracking" = xyes; then continue else @@ -4612,7 +4630,7 @@ fi ;; msvc7 | msvc7msys | msvisualcpp | msvcmsys) - # This compiler won't grok `-c -o', but also, the minuso test has + # This compiler won't grok '-c -o', but also, the minuso test has # not run yet. These depmodes are late enough in the game, and # so weak that their functioning should not be impacted. am__obj=conftest.${OBJEXT-o} @@ -18067,7 +18085,7 @@ httpdconf=${httpd_root}/${httpd_conf_rel} -mimemagic=`grep MIMEMagicFile $httpdconf|grep -v \^# | awk '{print $2}'` +mimemagic=`awk '"MIMEMagicFile" == $1" {print $2}' $httpdconf` if test ! -f "$mimemagic" ; then # assume relative to root mimemagic=${httpd_root}/${mimemagic} @@ -19707,10 +19725,6 @@ fi fi -if test -z "$adminutil_inc" -o -z "$adminutil_lib"; then - as_fn_error $? "ADMINUTIL not found, specify with --with-adminutil." "$LINENO" 5 -fi - # BEGIN COPYRIGHT BLOCK # Copyright (C) 2007 Red Hat, Inc. # All rights reserved. @@ -20319,6 +20333,14 @@ LTLIBOBJS=$ac_ltlibobjs +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking that generated files are newer than configure" >&5 +$as_echo_n "checking that generated files are newer than configure... " >&6; } + if test -n "$am_sleep_pid"; then + # Hide warnings about reused PIDs. + wait $am_sleep_pid 2>/dev/null + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: done" >&5 +$as_echo "done" >&6; } if test -n "$EXEEXT"; then am__EXEEXT_TRUE= am__EXEEXT_FALSE='#' @@ -21963,7 +21985,7 @@ # Strip MF so we end up with the name of the file. mf=`echo "$mf" | sed -e 's/:.*$//'` # Check whether this is an Automake generated Makefile or not. - # We used to match only the files named `Makefile.in', but + # We used to match only the files named 'Makefile.in', but # some people rename them; so instead we look at the file content. # Grep'ing the first line is not enough: some people post-process # each Makefile.in and add a new line on top of each file to say so. @@ -21997,21 +22019,19 @@ continue fi # Extract the definition of DEPDIR, am__include, and am__quote - # from the Makefile without running `make'. + # from the Makefile without running 'make'. DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` test -z "$DEPDIR" && continue am__include=`sed -n 's/^am__include = //p' < "$mf"` test -z "am__include" && continue am__quote=`sed -n 's/^am__quote = //p' < "$mf"` - # When using ansi2knr, U may be empty or an underscore; expand it - U=`sed -n 's/^U = //p' < "$mf"` # Find all dependency output files, they are included files with # $(DEPDIR) in their names. We invoke sed twice because it is the # simplest approach to changing $(DEPDIR) to its actual value in the # expansion. for file in `sed -n " s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ - sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do + sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g'`; do # Make sure the directory exists. test -f "$dirpart/$file" && continue fdir=`$as_dirname -- "$file" || diff -Nru 389-admin-1.1.30/debian/changelog 389-admin-1.1.35/debian/changelog --- 389-admin-1.1.30/debian/changelog 2012-06-28 11:22:42.000000000 +0000 +++ 389-admin-1.1.35/debian/changelog 2013-10-08 09:11:25.000000000 +0000 @@ -1,3 +1,20 @@ +389-admin (1.1.35-0ubuntu1) saucy; urgency=low + + * Sync from unreleased debian git + - new upstream bugfix release + - migrate to apache 2.4 + + -- Timo Aaltonen Tue, 08 Oct 2013 12:10:47 +0300 + +389-admin (1.1.35-1) UNRELEASED; urgency=low + + * New upstream release. + * watch: Add a comment about the upstream git tree. + * control, http_conf_fix: Migrate to apache 2.4, thanks Colin Watson! + (Closes: #725701) + + -- Timo Aaltonen Tue, 08 Oct 2013 10:40:24 +0300 + 389-admin (1.1.30-1) unstable; urgency=low * New upstream release. diff -Nru 389-admin-1.1.30/debian/control 389-admin-1.1.35/debian/control --- 389-admin-1.1.30/debian/control 2012-06-28 11:22:42.000000000 +0000 +++ 389-admin-1.1.35/debian/control 2013-10-08 09:10:23.000000000 +0000 @@ -1,8 +1,9 @@ Source: 389-admin Section: net Priority: optional -Maintainer: Debian 389ds Team -Uploaders: Timo Aaltonen +Maintainer: Ubuntu 389ds +XSBC-Original-Maintainer: Debian 389ds Team +Uploaders: Timo Aaltonen Build-Depends: quilt, debhelper (>= 9), dh-autoreconf, libnspr4-dev, @@ -15,7 +16,7 @@ libperl-dev, po-debconf, 389-ds-base-dev, - apache2-threaded-dev, + apache2-dev, libadminutil-dev, apache2-mpm-worker, libapache2-mod-nss, diff -Nru 389-admin-1.1.30/debian/gbp.conf 389-admin-1.1.35/debian/gbp.conf --- 389-admin-1.1.30/debian/gbp.conf 1970-01-01 00:00:00.000000000 +0000 +++ 389-admin-1.1.35/debian/gbp.conf 2013-10-08 09:09:13.000000000 +0000 @@ -0,0 +1,6 @@ +[DEFAULT] +debian-branch=debian-unstable +upstream-branch=upstream-unstable +upstream-tag=389-admin-%(version)s +pristine-tar=True +pristine-tar-commit=True diff -Nru 389-admin-1.1.30/debian/patches/fix-group-name.patch 389-admin-1.1.35/debian/patches/fix-group-name.patch --- 389-admin-1.1.30/debian/patches/fix-group-name.patch 1970-01-01 00:00:00.000000000 +0000 +++ 389-admin-1.1.35/debian/patches/fix-group-name.patch 2013-10-08 09:09:13.000000000 +0000 @@ -0,0 +1,18 @@ +Description: nobody's group is called "nogroup" on Debian, not "nobody" +Author: Colin Watson +Forwarded: not-needed +Last-Update: 2013-10-07 + +Index: b/configure.ac +=================================================================== +--- a/configure.ac ++++ b/configure.ac +@@ -114,7 +114,7 @@ + + # server userid, groupid + httpduser=nobody +-httpdgroup=nobody ++httpdgroup=nogroup + admservport=9830 + admservip=0.0.0.0 + # this is the subdir under $PACKAGE_BASE_NAME where admin server diff -Nru 389-admin-1.1.30/debian/patches/http_conf_fix 389-admin-1.1.35/debian/patches/http_conf_fix --- 389-admin-1.1.30/debian/patches/http_conf_fix 2012-06-28 11:22:42.000000000 +0000 +++ 389-admin-1.1.35/debian/patches/http_conf_fix 2013-10-08 09:09:13.000000000 +0000 @@ -2,11 +2,9 @@ Description: comment out mod_log_config (built in) and rename mod_nss dirsrv httpd.conf path fixes -Index: 389-admin/admserv/cfgstuff/httpd-2.2.conf.in -=================================================================== ---- 389-admin.orig/admserv/cfgstuff/httpd-2.2.conf.in 2011-10-11 15:33:59.489805355 +0300 -+++ 389-admin/admserv/cfgstuff/httpd-2.2.conf.in 2011-10-11 16:04:29.993761158 +0300 -@@ -120,7 +120,7 @@ +--- a/admserv/cfgstuff/httpd-2.2.conf.in ++++ b/admserv/cfgstuff/httpd-2.2.conf.in +@@ -120,7 +120,7 @@ ThreadsPerChild 64 LoadModule authz_host_module @moddir@/mod_authz_host.so LoadModule auth_basic_module @moddir@/mod_auth_basic.so LoadModule authn_file_module @moddir@/mod_authn_file.so @@ -15,7 +13,7 @@ LoadModule env_module @moddir@/mod_env.so LoadModule mime_magic_module @moddir@/mod_mime_magic.so LoadModule unique_id_module @moddir@/mod_unique_id.so -@@ -132,7 +132,7 @@ +@@ -132,7 +132,7 @@ LoadModule alias_module @moddir@/mod_ali LoadModule rewrite_module @moddir@/mod_rewrite.so LoadModule cgi_module @moddir@/mod_cgi.so LoadModule restartd_module @admmoddir@/mod_restartd.so @@ -24,11 +22,9 @@ LoadModule admserv_module @admmoddir@/mod_admserv.so ### Section 2: 'Main' server configuration -Index: 389-admin/admserv/cfgstuff/httpd.conf.in -=================================================================== ---- 389-admin.orig/admserv/cfgstuff/httpd.conf.in 2011-10-11 16:02:22.689869333 +0300 -+++ 389-admin/admserv/cfgstuff/httpd.conf.in 2011-10-11 16:04:29.997761279 +0300 -@@ -119,7 +119,7 @@ +--- a/admserv/cfgstuff/httpd.conf.in ++++ b/admserv/cfgstuff/httpd.conf.in +@@ -119,7 +119,7 @@ ThreadsPerChild 64 # LoadModule foo_module modules/mod_foo.so LoadModule access_module @moddir@/mod_access.so LoadModule auth_module @moddir@/mod_auth.so @@ -37,7 +33,7 @@ LoadModule env_module @moddir@/mod_env.so LoadModule mime_magic_module @moddir@/mod_mime_magic.so LoadModule expires_module @moddir@/mod_expires.so -@@ -142,7 +142,7 @@ +@@ -142,7 +142,7 @@ LoadModule file_cache_module @moddir@/mo LoadModule mem_cache_module @moddir@/mod_mem_cache.so LoadModule cgi_module @moddir@/mod_cgi.so LoadModule restartd_module @admmoddir@/mod_restartd.so @@ -46,3 +42,31 @@ LoadModule admserv_module @admmoddir@/mod_admserv.so ### Section 2: 'Main' server configuration +--- a/admserv/cfgstuff/httpd-2.4.conf.in ++++ b/admserv/cfgstuff/httpd-2.4.conf.in +@@ -120,7 +120,7 @@ ThreadsPerChild 64 + LoadModule authz_host_module @moddir@/mod_authz_host.so + LoadModule auth_basic_module @moddir@/mod_auth_basic.so + LoadModule authn_file_module @moddir@/mod_authn_file.so +-LoadModule log_config_module @moddir@/mod_log_config.so ++#LoadModule log_config_module @moddir@/mod_log_config.so + LoadModule env_module @moddir@/mod_env.so + LoadModule mime_magic_module @moddir@/mod_mime_magic.so + LoadModule unique_id_module @moddir@/mod_unique_id.so +@@ -132,14 +132,14 @@ LoadModule alias_module @moddir@/mod_ali + LoadModule rewrite_module @moddir@/mod_rewrite.so + LoadModule cgi_module @moddir@/mod_cgi.so + LoadModule restartd_module @admmoddir@/mod_restartd.so +-LoadModule nss_module @nssmoddir@/libmodnss.so ++LoadModule nss_module @nssmoddir@/mod_nss.so + LoadModule admserv_module @admmoddir@/mod_admserv.so + LoadModule mpm_worker_module @moddir@/mod_mpm_worker.so + LoadModule access_compat_module @moddir@/mod_access_compat.so + LoadModule authn_core_module @moddir@/mod_authn_core.so + LoadModule authz_core_module @moddir@/mod_authz_core.so + LoadModule authz_user_module @moddir@/mod_authz_user.so +-LoadModule unixd_module @moddir@/mod_unixd.so ++#LoadModule unixd_module @moddir@/mod_unixd.so + + ### Section 2: 'Main' server configuration + # diff -Nru 389-admin-1.1.30/debian/watch 389-admin-1.1.35/debian/watch --- 389-admin-1.1.30/debian/watch 2012-06-28 11:22:42.000000000 +0000 +++ 389-admin-1.1.35/debian/watch 2013-10-08 09:09:13.000000000 +0000 @@ -1,2 +1,3 @@ +#git=git://git.fedorahosted.org/389/admin.git version=3 http://directory.fedoraproject.org/wiki/Source .*/389-admin-(.*).tar.bz2 diff -Nru 389-admin-1.1.30/depcomp 389-admin-1.1.35/depcomp --- 389-admin-1.1.30/depcomp 2012-06-20 19:51:04.000000000 +0000 +++ 389-admin-1.1.35/depcomp 2013-08-20 17:08:28.000000000 +0000 @@ -3,8 +3,7 @@ scriptversion=2012-03-27.16; # UTC -# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2006, 2007, 2009, 2010, -# 2011, 2012 Free Software Foundation, Inc. +# Copyright (C) 1999-2012 Free Software Foundation, Inc. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff -Nru 389-admin-1.1.30/include/libadmin/dbtlibadmin.h 389-admin-1.1.35/include/libadmin/dbtlibadmin.h --- 389-admin-1.1.30/include/libadmin/dbtlibadmin.h 2012-06-20 19:51:04.000000000 +0000 +++ 389-admin-1.1.35/include/libadmin/dbtlibadmin.h 2013-08-20 17:08:28.000000000 +0000 @@ -21,8 +21,6 @@ #define LIBRARY_NAME "libadmin" -static char dbtlibadminid[] = "$DBT: libadmin referenced v1 $"; - #include "i18n.h" BEGIN_STR(libadmin) diff -Nru 389-admin-1.1.30/install-sh 389-admin-1.1.35/install-sh --- 389-admin-1.1.30/install-sh 2012-06-20 19:51:04.000000000 +0000 +++ 389-admin-1.1.35/install-sh 2013-08-20 17:08:28.000000000 +0000 @@ -1,7 +1,7 @@ #!/bin/sh # install - install a program, script, or datafile -scriptversion=2011-01-19.21; # UTC +scriptversion=2011-11-20.07; # UTC # This originates from X11R5 (mit/util/scripts/install.sh), which was # later released in X11R6 (xc/config/util/install.sh) with the @@ -35,7 +35,7 @@ # FSF changes to this file are in the public domain. # # Calling this script install-sh is preferred over install.sh, to prevent -# `make' implicit rules from creating a file called install from it +# 'make' implicit rules from creating a file called install from it # when there is no Makefile. # # This script is compatible with the BSD install script, but was written @@ -156,7 +156,7 @@ -s) stripcmd=$stripprog;; -t) dst_arg=$2 - # Protect names problematic for `test' and other utilities. + # Protect names problematic for 'test' and other utilities. case $dst_arg in -* | [=\(\)!]) dst_arg=./$dst_arg;; esac @@ -190,7 +190,7 @@ fi shift # arg dst_arg=$arg - # Protect names problematic for `test' and other utilities. + # Protect names problematic for 'test' and other utilities. case $dst_arg in -* | [=\(\)!]) dst_arg=./$dst_arg;; esac @@ -202,7 +202,7 @@ echo "$0: no input file specified." >&2 exit 1 fi - # It's OK to call `install-sh -d' without argument. + # It's OK to call 'install-sh -d' without argument. # This can happen when creating conditional directories. exit 0 fi @@ -240,7 +240,7 @@ for src do - # Protect names problematic for `test' and other utilities. + # Protect names problematic for 'test' and other utilities. case $src in -* | [=\(\)!]) src=./$src;; esac @@ -354,7 +354,7 @@ if test -z "$dir_arg" || { # Check for POSIX incompatibilities with -m. # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or - # other-writeable bit of parent directory when it shouldn't. + # other-writable bit of parent directory when it shouldn't. # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. ls_ld_tmpdir=`ls -ld "$tmpdir"` case $ls_ld_tmpdir in diff -Nru 389-admin-1.1.30/lib/base/file.cpp 389-admin-1.1.35/lib/base/file.cpp --- 389-admin-1.1.30/lib/base/file.cpp 2012-06-20 19:51:04.000000000 +0000 +++ 389-admin-1.1.35/lib/base/file.cpp 2013-08-20 17:08:28.000000000 +0000 @@ -483,19 +483,11 @@ char static_error[128]; char *lmsg = 0; /* Local message pointer */ size_t msglen = 0; - int sys_error = 0; PRErrorCode nscp_error; #ifdef XP_WIN32 LPTSTR sysmsg = 0; #endif - - /* Grab the OS error message */ -#ifdef XP_WIN32 - sys_error = GetLastError(); -#else - sys_error = errno; -#endif nscp_error = PR_GetError(); /* If there is a NSPR error, but it is "unknown", try to get the OSError diff -Nru 389-admin-1.1.30/lib/base/nscputil.cpp 389-admin-1.1.35/lib/base/nscputil.cpp --- 389-admin-1.1.30/lib/base/nscputil.cpp 2012-06-20 19:51:04.000000000 +0000 +++ 389-admin-1.1.35/lib/base/nscputil.cpp 2013-08-20 17:08:28.000000000 +0000 @@ -833,11 +833,12 @@ for(rv = 0; !rv; PR_Sleep(500)) { rv = waitpid(pid, statptr, options | WNOHANG); if (rv == -1) { - if (errno == EINTR) + if (errno == EINTR) { rv = 0; /* sleep and try again */ - else + } else { // ereport(LOG_WARN, "waitpid failed for pid %d:%s", pid, system_errmsg()); ; + } } } return rv; diff -Nru 389-admin-1.1.30/lib/libadmin/util.c 389-admin-1.1.35/lib/libadmin/util.c --- 389-admin-1.1.30/lib/libadmin/util.c 2012-06-20 19:51:04.000000000 +0000 +++ 389-admin-1.1.35/lib/libadmin/util.c 2013-08-20 17:08:28.000000000 +0000 @@ -1558,17 +1558,19 @@ if (secure > 0) { #if defined(USE_OPENLDAP) int optval = 0; +#else + LDAP *myld = NULL; #endif /* !USE_OPENLDAP */ int ssl_strength = 0; - LDAP *myld = NULL; +#if !defined(USE_OPENLDAP) /* we can only use the set functions below with a real LDAP* if it has already gone through ldapssl_init - so, use NULL if using starttls */ if (secure == 1) { myld = ld; } - +#endif /* verify certificate only */ #if defined(USE_OPENLDAP) ssl_strength = LDAP_OPT_X_TLS_NEVER; @@ -1682,55 +1684,13 @@ ) { int rc = LDAP_SUCCESS; - int secure = 0; + int err = LDAP_SUCCESS; struct berval bvcreds = {0, NULL}; LDAPMessage *result = NULL; struct berval *servercredp = NULL; -#if defined(USE_OPENLDAP) - /* openldap doesn't have a SSL/TLS yes/no flag - so grab the - ldapurl, parse it, and see if it is a secure one */ - char *ldapurl = NULL; - - ldap_get_option(ld, LDAP_OPT_URI, &ldapurl); - if (ldapurl && !PL_strncasecmp(ldapurl, "ldaps", 5)) { - secure = 1; - } - PL_strfree(ldapurl); - ldapurl = NULL; -#else /* !USE_OPENLDAP */ - ldap_get_option(ld, LDAP_OPT_SSL, &secure); -#endif -#ifdef EXTERNAL_AUTH_SUPPORTED - if (secure && mech && !strcmp(mech, LDAP_SASL_EXTERNAL)) { - /* SSL connections will use the server's security context - and cert for client auth */ - rc = slapd_SSL_client_auth(ld); - - if (rc != 0) { -#ifdef DEBUG - fprintf(stderr, "util_ldap_bind: " - "Error: could not configure the server for cert " - "auth - error %d - make sure the server is " - "correctly configured for SSL/TLS\n", rc); -#endif - goto done; - } else { -#ifdef DEBUG - fprintf(stderr, "util_ldap_bind: " - "Set up conn to use client auth\n"); -#endif - } - bvcreds.bv_val = NULL; /* ignore username and passed in creds */ - bvcreds.bv_len = 0; /* for external auth */ - bindid = NULL; - } else { /* other type of auth */ -#endif /* EXTERNAL_AUTH_SUPPORTED */ - bvcreds.bv_val = (char *)creds; - bvcreds.bv_len = creds ? strlen(creds) : 0; -#ifdef EXTERNAL_AUTH_SUPPORTED - } -#endif /* EXTERNAL_AUTH_SUPPORTED */ + bvcreds.bv_val = (char *)creds; + bvcreds.bv_len = creds ? strlen(creds) : 0; /* The connection has been set up - now do the actual bind, depending on the mechanism and arguments */ @@ -1788,20 +1748,30 @@ } /* if we got here, we were able to read success result */ /* Get the controls sent by the server if requested */ - if (returnedctrls) { - if ((rc = ldap_parse_result(ld, result, &rc, NULL, NULL, - NULL, returnedctrls, - 0)) != LDAP_SUCCESS) { -#ifdef DEBUG - fprintf(stderr, "util_ldap_bind: " - "Error: could not bind id " - "[%s] mech [%s]: error %d (%s)\n", - bindid ? bindid : "(anon)", - mech ? mech : "SIMPLE", - rc, ldap_err2string(rc)); + if ((rc = ldap_parse_result(ld, result, &err, NULL, NULL, + NULL, returnedctrls, 0)) != LDAP_SUCCESS) { +#ifdef DEBUG + fprintf(stderr, "util_ldap_bind: " + "Error: could not parse bind result " + "[%s] mech [%s]: error %d (%s)\n", + bindid ? bindid : "(anon)", + mech ? mech : "SIMPLE", + rc, ldap_err2string(rc)); +#endif + goto done; + } + + if(err){ + rc = err; +#ifdef DEBUG + fprintf(stderr, "util_ldap_bind: " + "Error: could not bind id " + "[%s] mech [%s]: error %d (%s)\n", + bindid ? bindid : "(anon)", + mech ? mech : "SIMPLE", + rc, ldap_err2string(rc)); #endif - goto done; - } + goto done; } /* parse the bind result and get the ldap error code */ diff -Nru 389-admin-1.1.30/lib/libdsa/dsalib_confs.c 389-admin-1.1.35/lib/libdsa/dsalib_confs.c --- 389-admin-1.1.30/lib/libdsa/dsalib_confs.c 2012-06-20 19:51:04.000000000 +0000 +++ 389-admin-1.1.35/lib/libdsa/dsalib_confs.c 2013-08-20 17:08:28.000000000 +0000 @@ -38,6 +38,18 @@ #include "nspr.h" #include "plstr.h" +/* ldif_read_record lineno argument type depends on openldap version */ +#if defined(USE_OPENLDAP) +#include +#if LDAP_VENDOR_VERSION >= 20434 /* changed in 2.4.34 */ +typedef unsigned long int ldif_record_lineno_t; +#else +typedef int ldif_record_lineno_t; +#endif +#else +typedef int ldif_record_lineno_t; +#endif + int dsalib_ldif_parse_line( char *line, @@ -75,11 +87,11 @@ int listsize = 0; char **conf_list = NULL; char *entry = 0; - int lineno = 0; - int i = 0; #if defined(USE_OPENLDAP) int buflen = 0; #endif + ldif_record_lineno_t lineno; + int i = 0; #if defined(USE_OPENLDAP) while (ldif_read_record(conf, &lineno, &entry, &buflen)) { diff -Nru 389-admin-1.1.30/lib/libdsa/dsalib_util.c 389-admin-1.1.35/lib/libdsa/dsalib_util.c --- 389-admin-1.1.30/lib/libdsa/dsalib_util.c 2012-06-20 19:51:04.000000000 +0000 +++ 389-admin-1.1.35/lib/libdsa/dsalib_util.c 2013-08-20 17:08:28.000000000 +0000 @@ -402,18 +402,10 @@ static char static_error[BUFSIZ]; char *lmsg = 0; /* Local message pointer */ size_t msglen = 0; - int sys_error = 0; #ifdef XP_WIN32 LPTSTR sysmsg = 0; #endif - /* Grab the OS error message */ -#ifdef XP_WIN32 - sys_error = GetLastError(); -#else - sys_error = errno; -#endif - #if defined(XP_WIN32) msglen = FormatMessage( FORMAT_MESSAGE_FROM_SYSTEM|FORMAT_MESSAGE_ALLOCATE_BUFFER, diff -Nru 389-admin-1.1.30/m4/adminutil.m4 389-admin-1.1.35/m4/adminutil.m4 --- 389-admin-1.1.30/m4/adminutil.m4 2012-06-20 19:51:04.000000000 +0000 +++ 389-admin-1.1.35/m4/adminutil.m4 2013-08-20 17:08:28.000000000 +0000 @@ -62,7 +62,3 @@ fi fi fi - -if test -z "$adminutil_inc" -o -z "$adminutil_lib"; then - AC_MSG_ERROR([ADMINUTIL not found, specify with --with-adminutil.]) -fi diff -Nru 389-admin-1.1.30/m4/httpd.m4 389-admin-1.1.35/m4/httpd.m4 --- 389-admin-1.1.30/m4/httpd.m4 2012-06-20 19:51:04.000000000 +0000 +++ 389-admin-1.1.35/m4/httpd.m4 2013-08-20 17:08:28.000000000 +0000 @@ -61,7 +61,7 @@ httpdconf=${httpd_root}/${httpd_conf_rel} -mimemagic=`grep MIMEMagicFile $httpdconf|grep -v \^# | awk '{print $2}'` +mimemagic=`awk '"MIMEMagicFile" == $1" {print $2}' $httpdconf` if test ! -f "$mimemagic" ; then # assume relative to root mimemagic=${httpd_root}/${mimemagic} diff -Nru 389-admin-1.1.30/missing 389-admin-1.1.35/missing --- 389-admin-1.1.30/missing 2012-06-20 19:51:04.000000000 +0000 +++ 389-admin-1.1.35/missing 2013-08-20 17:08:28.000000000 +0000 @@ -1,10 +1,9 @@ #! /bin/sh # Common stub for a few missing GNU programs while installing. -scriptversion=2012-01-06.13; # UTC +scriptversion=2012-01-06.18; # UTC -# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005, 2006, -# 2008, 2009, 2010, 2011, 2012 Free Software Foundation, Inc. +# Copyright (C) 1996-2012 Free Software Foundation, Inc. # Originally by Fran,cois Pinard , 1996. # This program is free software; you can redistribute it and/or modify @@ -26,7 +25,7 @@ # the same distribution terms that you use for the rest of that program. if test $# -eq 0; then - echo 1>&2 "Try \`$0 --help' for more information" + echo 1>&2 "Try '$0 --help' for more information" exit 1 fi @@ -34,7 +33,7 @@ sed_output='s/.* --output[ =]\([^ ]*\).*/\1/p' sed_minuso='s/.* -o \([^ ]*\).*/\1/p' -# In the cases where this matters, `missing' is being run in the +# In the cases where this matters, 'missing' is being run in the # srcdir already. if test -f configure.ac; then configure_ac=configure.ac @@ -65,7 +64,7 @@ echo "\ $0 [OPTION]... PROGRAM [ARGUMENT]... -Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an +Handle 'PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an error status if there is no known handling for PROGRAM. Options: @@ -74,20 +73,20 @@ --run try to run the given command, and emulate it if it fails Supported PROGRAM values: - aclocal touch file \`aclocal.m4' - autoconf touch file \`configure' - autoheader touch file \`config.h.in' + aclocal touch file 'aclocal.m4' + autoconf touch file 'configure' + autoheader touch file 'config.h.in' autom4te touch the output file, or create a stub one - automake touch all \`Makefile.in' files - bison create \`y.tab.[ch]', if possible, from existing .[ch] - flex create \`lex.yy.c', if possible, from existing .c + automake touch all 'Makefile.in' files + bison create 'y.tab.[ch]', if possible, from existing .[ch] + flex create 'lex.yy.c', if possible, from existing .c help2man touch the output file - lex create \`lex.yy.c', if possible, from existing .c + lex create 'lex.yy.c', if possible, from existing .c makeinfo touch the output file - yacc create \`y.tab.[ch]', if possible, from existing .[ch] + yacc create 'y.tab.[ch]', if possible, from existing .[ch] -Version suffixes to PROGRAM as well as the prefixes \`gnu-', \`gnu', and -\`g' are ignored when checking the name. +Version suffixes to PROGRAM as well as the prefixes 'gnu-', 'gnu', and +'g' are ignored when checking the name. Send bug reports to ." exit $? @@ -99,8 +98,8 @@ ;; -*) - echo 1>&2 "$0: Unknown \`$1' option" - echo 1>&2 "Try \`$0 --help' for more information" + echo 1>&2 "$0: Unknown '$1' option" + echo 1>&2 "Try '$0 --help' for more information" exit 1 ;; @@ -127,7 +126,7 @@ exit 1 elif test "x$2" = "x--version" || test "x$2" = "x--help"; then # Could not run --version or --help. This is probably someone - # running `$TOOL --version' or `$TOOL --help' to check whether + # running '$TOOL --version' or '$TOOL --help' to check whether # $TOOL exists and not knowing $TOOL uses missing. exit 1 fi @@ -139,27 +138,27 @@ case $program in aclocal*) echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified \`acinclude.m4' or \`${configure_ac}'. You might want - to install the \`Automake' and \`Perl' packages. Grab them from +WARNING: '$1' is $msg. You should only need it if + you modified 'acinclude.m4' or '${configure_ac}'. You might want + to install the Automake and Perl packages. Grab them from any GNU archive site." touch aclocal.m4 ;; autoconf*) echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified \`${configure_ac}'. You might want to install the - \`Autoconf' and \`GNU m4' packages. Grab them from any GNU +WARNING: '$1' is $msg. You should only need it if + you modified '${configure_ac}'. You might want to install the + Autoconf and GNU m4 packages. Grab them from any GNU archive site." touch configure ;; autoheader*) echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified \`acconfig.h' or \`${configure_ac}'. You might want - to install the \`Autoconf' and \`GNU m4' packages. Grab them +WARNING: '$1' is $msg. You should only need it if + you modified 'acconfig.h' or '${configure_ac}'. You might want + to install the Autoconf and GNU m4 packages. Grab them from any GNU archive site." files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' ${configure_ac}` test -z "$files" && files="config.h" @@ -176,9 +175,9 @@ automake*) echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified \`Makefile.am', \`acinclude.m4' or \`${configure_ac}'. - You might want to install the \`Automake' and \`Perl' packages. +WARNING: '$1' is $msg. You should only need it if + you modified 'Makefile.am', 'acinclude.m4' or '${configure_ac}'. + You might want to install the Automake and Perl packages. Grab them from any GNU archive site." find . -type f -name Makefile.am -print | sed 's/\.am$/.in/' | @@ -187,10 +186,10 @@ autom4te*) echo 1>&2 "\ -WARNING: \`$1' is needed, but is $msg. +WARNING: '$1' is needed, but is $msg. You might have modified some files without having the proper tools for further handling them. - You can get \`$1' as part of \`Autoconf' from any GNU + You can get '$1' as part of Autoconf from any GNU archive site." file=`echo "$*" | sed -n "$sed_output"` @@ -210,10 +209,10 @@ bison*|yacc*) echo 1>&2 "\ -WARNING: \`$1' $msg. You should only need it if - you modified a \`.y' file. You may need the \`Bison' package +WARNING: '$1' $msg. You should only need it if + you modified a '.y' file. You may need the Bison package in order for those modifications to take effect. You can get - \`Bison' from any GNU archive site." + Bison from any GNU archive site." rm -f y.tab.c y.tab.h if test $# -ne 1; then eval LASTARG=\${$#} @@ -240,10 +239,10 @@ lex*|flex*) echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified a \`.l' file. You may need the \`Flex' package +WARNING: '$1' is $msg. You should only need it if + you modified a '.l' file. You may need the Flex package in order for those modifications to take effect. You can get - \`Flex' from any GNU archive site." + Flex from any GNU archive site." rm -f lex.yy.c if test $# -ne 1; then eval LASTARG=\${$#} @@ -263,10 +262,10 @@ help2man*) echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if +WARNING: '$1' is $msg. You should only need it if you modified a dependency of a manual page. You may need the - \`Help2man' package in order for those modifications to take - effect. You can get \`Help2man' from any GNU archive site." + Help2man package in order for those modifications to take + effect. You can get Help2man from any GNU archive site." file=`echo "$*" | sed -n "$sed_output"` test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"` @@ -281,12 +280,12 @@ makeinfo*) echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified a \`.texi' or \`.texinfo' file, or any other file +WARNING: '$1' is $msg. You should only need it if + you modified a '.texi' or '.texinfo' file, or any other file indirectly affecting the aspect of the manual. The spurious - call might also be the consequence of using a buggy \`make' (AIX, - DU, IRIX). You might want to install the \`Texinfo' package or - the \`GNU make' package. Grab either from any GNU archive site." + call might also be the consequence of using a buggy 'make' (AIX, + DU, IRIX). You might want to install the Texinfo package or + the GNU make package. Grab either from any GNU archive site." # The file to touch is that specified with -o ... file=`echo "$*" | sed -n "$sed_output"` test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"` @@ -310,12 +309,12 @@ *) echo 1>&2 "\ -WARNING: \`$1' is needed, and is $msg. +WARNING: '$1' is needed, and is $msg. You might have modified some files without having the - proper tools for further handling them. Check the \`README' file, + proper tools for further handling them. Check the 'README' file, it often tells you about the needed prerequisites for installing this package. You may also peek at any GNU archive site, in case - some other package would contain this missing \`$1' program." + some other package would contain this missing '$1' program." exit 1 ;; esac diff -Nru 389-admin-1.1.30/mod_admserv/mod_admserv.c 389-admin-1.1.35/mod_admserv/mod_admserv.c --- 389-admin-1.1.30/mod_admserv/mod_admserv.c 2012-06-20 19:51:04.000000000 +0000 +++ 389-admin-1.1.35/mod_admserv/mod_admserv.c 2013-08-20 17:08:28.000000000 +0000 @@ -779,6 +779,8 @@ sslinit(AdmldapInfo info, const char *configdir) { if (!NSS_IsInitialized()) { + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0 /* status */, NULL, + "sslinit: doing NSS initialization"); /* mod_nss is used when we are a TLS/SSL server - mod_nss starts up before we do and will set up all of the TLS/SSL stuff */ /* if we are acting as simply a TLS/SSL client to the directory server, @@ -2088,6 +2090,11 @@ if (admldapGetSecurity(info)) { sslinit(info, configdir); if (admldapBuildInfoSSL(info, &error)) { + if (error != ADMUTIL_OP_OK) { + ap_log_error(APLOG_MARK, APLOG_INFO, 0, base_server, + "host_ip_init(): problem creating secure AdmldapInfo (error code = %d)", + error); + } } else { ap_log_error(APLOG_MARK, APLOG_CRIT, 0, base_server, "host_ip_init(): unable to create secure AdmldapInfo (error code = %d)", @@ -2095,6 +2102,10 @@ destroyAdmldap(info); return DONE; } + } else { + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, base_server, + "host_ip_init(): secure connection not enabled, skipping sslinit"); + } destroyAdmldap(info); @@ -2261,6 +2272,11 @@ { if (NSS_IsInitialized()) { SSL_ClearSessionCache(); + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, NULL, + "mod_admserv_unload: cleared SSL session cache"); + } else { + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, NULL, + "mod_admserv_unload: cannot clear cache - NSS not initialized"); } return OK; } @@ -2641,7 +2657,7 @@ authenticate_user(LdapServerData *data, char *baseDN, char *user, const char *pw, request_rec *r) { LDAP *server; - char *uid, *userdn, *ldapURL; + char *userdn, *ldapURL; int ldapError = LDAP_SUCCESS; int pw_expiring = 0; int tries = 0; @@ -2650,39 +2666,16 @@ "authenticate_user: begin auth user [%s] pw [%s] in [%s] for [%s:%d]", user, pw, baseDN, data->host, data->port); - if (!(server = openLDAPConnection(data))) + if (!(server = openLDAPConnection(data))){ ap_log_rerror(APLOG_MARK, APLOG_NOTICE|APLOG_NOERRNO, 0, r, "unable to open LDAPConnection to server [%s:%d]", data->host, data->port); - - tries = 0; - do { - ldapError = admserv_ldap_auth_server(server, data); - if (ldapError != LDAP_SERVER_DOWN && ldapError != LDAP_CONNECT_ERROR) - break; - - closeLDAPConnection(server); - if (!(server = openLDAPConnection(data))) { - ap_log_rerror(APLOG_MARK, APLOG_NOTICE|APLOG_NOERRNO, 0, r, - "unable to open LDAPConnection to server [%s:%d]", data->host, data->port); - return DECLINED; - } - } while (server != NULL && ++tries < 2); - - if (ldapError != LDAPU_SUCCESS) - { - closeLDAPConnection(server); - ap_log_rerror(APLOG_MARK, APLOG_NOTICE|APLOG_NOERRNO, 0, r, - "unable to bind to server [%s:%d] as [%s]", - data->host, data->port, - (data->bindDN && *data->bindDN) ? data->bindDN : "(anonymous)"); /*i18n*/ return DECLINED; } /* The basic auth data may be either uid:pw or userDN:pw. The test for '=' * is hopefully adequate to detect a DN... */ - if (!strchr(user, '=')) - { + if (!strchr(user, '=')) { /* not a DN, so resolve the DN from the uid */ tries = 0; @@ -2701,33 +2694,26 @@ } } while (server != NULL && ++tries < 2); - if (ldapError != LDAPU_SUCCESS) - { + if (ldapError != LDAPU_SUCCESS) { closeLDAPConnection(server); if ((ldapError == LDAP_CONNECT_ERROR) || (ldapError == LDAP_SERVER_DOWN)) return check_auth_users_cache(user, pw, r, 0); /* DS down. Use the cache, ignoring entry expiration. */ return DECLINED; /* fall back to final check against admpw */ - } - - uid = user; - } - else - { + } + } else { /* it's a DN */ userdn = user; - uid = NULL; /* strip the leading "ldap:", if present */ - if (!STRNCASECMP(userdn, LDAP_PREFIX, LDAP_PREFIX_LENGTH)) - { + if (!STRNCASECMP(userdn, LDAP_PREFIX, LDAP_PREFIX_LENGTH)) { if (strlen(userdn) > LDAP_PREFIX_LENGTH) userdn += LDAP_PREFIX_LENGTH; - } - } + } + } tries = 0; do { @@ -2744,15 +2730,14 @@ } } while (server != NULL && ++tries < 2); - if (ldapError != LDAP_SUCCESS) - { + if (ldapError != LDAP_SUCCESS) { closeLDAPConnection(server); if ((ldapError == LDAP_CONNECT_ERROR) || (ldapError == LDAP_SERVER_DOWN)) return check_auth_users_cache(user, pw, r, 0); /* DS down. Look in the cache, ignoring entry expiration. */ return DECLINED; /* fall back to final check against admpw */ - } + } closeLDAPConnection(server); diff -Nru 389-admin-1.1.30/wrappers/initscript.in 389-admin-1.1.35/wrappers/initscript.in --- 389-admin-1.1.30/wrappers/initscript.in 2012-06-20 19:51:04.000000000 +0000 +++ 389-admin-1.1.35/wrappers/initscript.in 2013-08-20 17:08:28.000000000 +0000 @@ -164,6 +164,9 @@ fi fi [ $RETVAL -eq 0 -a -d /var/lock/subsys ] && touch $lockfile + if [ -f $lockfile ]; then + restorecon $lockfile + fi } stop() {