From fedora-directory-commits at redhat.com Fri Apr 7 16:31:12 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Fri, 7 Apr 2006 09:31:12 -0700 Subject: [Fedora-directory-commits] ldapserver/ldap javarules.mk,1.7,1.8 Message-ID: <200604071631.k37GVCeA010508@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10479 Modified Files: javarules.mk Log Message: Previous checkin introduced this bug: a whitespace is inserted by putting a comment at the end of the macro assignment for Solaris JDK Version; moved the comment to one line above. Index: javarules.mk =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/javarules.mk,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- javarules.mk 7 Apr 2006 01:33:30 -0000 1.7 +++ javarules.mk 7 Apr 2006 16:31:10 -0000 1.8 @@ -82,8 +82,8 @@ ifeq ($(ARCH), HPUX) JDK_VERSION:=1.4.2_09 JDK_VERSDIR:=hpjdk/$(JDK_VERSION) - else - JDK_VERSION:=1.4.2_10 # Solaris + else # Solaris + JDK_VERSION:=1.4.2_10 JDK_VERSDIR:=jdk/$(JDK_VERSION)/$(NSOBJDIR_NAME) endif endif From fedora-directory-commits at redhat.com Fri Apr 7 18:03:32 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Fri, 7 Apr 2006 11:03:32 -0700 Subject: [Fedora-directory-commits] ldapserver ns_usesh.mk,1.6,1.7 Message-ID: <200604071803.k37I3WPu015706@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15652 Modified Files: ns_usesh.mk Log Message: Removed extra $(NS64TAG) from sh_release_config; $(NSCONFIG) contains _64. sh_release_config:=$(sh_components_share)/$(SH_VERSION)/$(NSCONFIG)$(NSOBJDIR_TAG) Index: ns_usesh.mk =================================================================== RCS file: /cvs/dirsec/ldapserver/ns_usesh.mk,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- ns_usesh.mk 19 Apr 2005 22:06:42 -0000 1.6 +++ ns_usesh.mk 7 Apr 2006 18:03:29 -0000 1.7 @@ -121,7 +121,7 @@ # define the paths to the component parts sh_path_root:=$(NSCP_DISTDIR)/$(sh_component_name) sh_components_share=/share/builds/components/$(sh_component_name) -sh_release_config:=$(sh_components_share)/$(SH_VERSION)/$(NSCONFIG)$(NS64TAG)$(NSOBJDIR_TAG) +sh_release_config:=$(sh_components_share)/$(SH_VERSION)/$(NSCONFIG)$(NSOBJDIR_TAG) SH_INCLUDE:=$(sh_path_root)/include SH_LIBPATH:=$(sh_path_root)/lib # hack below because I couldn't find this defined anywhere in the nsxxx.mk headers From fedora-directory-commits at redhat.com Fri Apr 7 20:17:15 2006 From: fedora-directory-commits at redhat.com (Robert Crittenden (rcritten)) Date: Fri, 7 Apr 2006 13:17:15 -0700 Subject: [Fedora-directory-commits] mod_nss nss_engine_vars.c, 1.5, 1.6 mod_nss.h, 1.10, 1.11 nss_engine_init.c, 1.17, 1.18 nss_engine_io.c, 1.5, 1.6 nss_engine_kernel.c, 1.4, 1.5 nss_engine_log.c, 1.3, 1.4 nss_engine_pphrase.c, 1.4, 1.5 Message-ID: <200604072017.k37KHFIj023218@cvs-int.fedora.redhat.com> Author: rcritten Update of /cvs/dirsec/mod_nss In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23192 Modified Files: nss_engine_vars.c mod_nss.h nss_engine_init.c nss_engine_io.c nss_engine_kernel.c nss_engine_log.c nss_engine_pphrase.c Log Message: 188300 Replace C++ style comments to make the Sun Forte compiler happy. Index: nss_engine_vars.c =================================================================== RCS file: /cvs/dirsec/mod_nss/nss_engine_vars.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- nss_engine_vars.c 2 Mar 2006 19:21:54 -0000 1.5 +++ nss_engine_vars.c 7 Apr 2006 20:17:12 -0000 1.6 @@ -16,6 +16,7 @@ #include "mod_nss.h" #include "secder.h" /* DER_GetInteger() */ #include "base64.h" /* BTOA_DataToAscii() */ +#include "cert.h" /* CERT_* */ /* _________________________________________________________________ ** @@ -391,7 +392,7 @@ rv = CERT_GetCountryName(cert); } else if (strcEQ(var, "ST")) { rv = CERT_GetStateName(cert); - } else if (strcEQ(var, "SP")) { // for compatibility + } else if (strcEQ(var, "SP")) { /* for compatibility */ rv = CERT_GetStateName(cert); } else if (strcEQ(var, "L")) { rv = CERT_GetLocalityName(cert); @@ -406,12 +407,12 @@ } else if (strcEQ(var, "EMAIL")) { rv = CERT_GetCertEmailAddress(cert); } else { - rv = NULL; // catch any values we don't support + rv = NULL; /* catch any values we don't support */ } if (rv) { result = apr_pstrdup(p, rv); - PORT_Free(rv); // so we can free with the right allocator + PORT_Free(rv); /* so we can free with the right allocator */ } return result; @@ -533,7 +534,7 @@ if (rv == SECSuccess) result = "SUCCESS"; else - result = apr_psprintf(p, "FAILED"); // FIXME, add more info? + result = apr_psprintf(p, "FAILED"); /* FIXME, add more info? */ } if (xs) Index: mod_nss.h =================================================================== RCS file: /cvs/dirsec/mod_nss/mod_nss.h,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- mod_nss.h 2 Mar 2006 19:21:54 -0000 1.10 +++ mod_nss.h 7 Apr 2006 20:17:12 -0000 1.11 @@ -323,7 +323,7 @@ const char *name; int num; int fortezza_only; - PRInt32 version; // protocol version valid for this cipher + PRInt32 version; /* protocol version valid for this cipher */ } cipher_properties; /* Compatibility between Apache 2.0.x and 2.2.x. The numeric version of Index: nss_engine_init.c =================================================================== RCS file: /cvs/dirsec/mod_nss/nss_engine_init.c,v retrieving revision 1.17 retrieving revision 1.18 diff -u -r1.17 -r1.18 --- nss_engine_init.c 2 Mar 2006 19:21:54 -0000 1.17 +++ nss_engine_init.c 7 Apr 2006 20:17:12 -0000 1.18 @@ -872,7 +872,7 @@ switch (certtimestatus) { case secCertTimeValid: - // ok + /* ok */ break; case secCertTimeExpired: ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, @@ -1175,10 +1175,11 @@ PRUint32 matchedUsage = 0; PRBool isValid = PR_FALSE; PRBool swapcert = PR_FALSE; - // We still need to check key usage. Dual-key certs appear - // as 2 certs in the list with different usages. We want to pick - // the "best" one, preferrably the one with certUsageSSLServer. - // Otherwise just return the cert if the nickname matches. + /* We still need to check key usage. Dual-key certs appear + * as 2 certs in the list with different usages. We want to pick + * the "best" one, preferrably the one with certUsageSSLServer. + * Otherwise just return the cert if the nickname matches. + */ if (CERT_CheckCertUsage(cert, certUsageSSLServer) == SECSuccess) { matchedUsage = 2; } else { @@ -1190,24 +1191,27 @@ if (secCertTimeValid == CERT_CheckCertValidTimes(cert, PR_Now(), PR_FALSE)) { - // This is a valid certificate. + /* This is a valid certificate. */ isValid = PR_TRUE; } if (!bestcert) { - // We didn't have a cert picked yet, automatically choose this - // one. + /* We didn't have a cert picked yet, automatically choose this + * one. + */ swapcert = PR_TRUE; } else { if (matchedUsage > bestCertMatchedUsage) { - // The cert previously picked didn't have the correct - // usage, but this one does. Choose this one. + /* The cert previously picked didn't have the correct + * usage, but this one does. Choose this one. + */ swapcert = PR_TRUE; } else { if ( (bestCertMatchedUsage == matchedUsage) && (((PR_FALSE == bestCertIsValid) && (PR_TRUE == isValid)) || ((PR_TRUE == bestCertIsValid == isValid) && (PR_TRUE == cert_IsNewer(cert, bestcert))))) { - // The cert previously picked was invalid but this one - // is. Or they were both valid but this one is newer. + /* The cert previously picked was invalid but this one + * is. Or they were both valid but this one is newer. + */ swapcert = PR_TRUE; } } Index: nss_engine_io.c =================================================================== RCS file: /cvs/dirsec/mod_nss/nss_engine_io.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- nss_engine_io.c 2 Mar 2006 19:21:54 -0000 1.5 +++ nss_engine_io.c 7 Apr 2006 20:17:12 -0000 1.6 @@ -1138,7 +1138,7 @@ int rc = 1; if (gIdentity != PR_INVALID_IO_LAYER) { - // already initialized + /* already initialized */ return PR_FAILURE; } Index: nss_engine_kernel.c =================================================================== RCS file: /cvs/dirsec/mod_nss/nss_engine_kernel.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- nss_engine_kernel.c 2 Mar 2006 19:21:54 -0000 1.4 +++ nss_engine_kernel.c 7 Apr 2006 20:17:12 -0000 1.5 @@ -435,7 +435,7 @@ return HTTP_FORBIDDEN; } - // The cert is ok, fall through to the check SSLRequires + /* The cert is ok, fall through to the check SSLRequires */ } else { int handshake_done = 0; Index: nss_engine_log.c =================================================================== RCS file: /cvs/dirsec/mod_nss/nss_engine_log.c,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- nss_engine_log.c 24 Feb 2006 20:16:24 -0000 1.3 +++ nss_engine_log.c 7 Apr 2006 20:17:12 -0000 1.4 @@ -306,7 +306,7 @@ error = PR_GetError(); if ((error >= NSPR_ERROR_BASE) && (error <= NSPR_MAX_ERROR)) { - return; // We aren't logging NSPR errors + return; /* We aren't logging NSPR errors */ } else if ((error >= LIBSEC_ERROR_BASE) && (error <= LIBSEC_MAX_ERROR)) { err = libsec_errors[error-LIBSEC_ERROR_BASE].errorString; Index: nss_engine_pphrase.c =================================================================== RCS file: /cvs/dirsec/mod_nss/nss_engine_pphrase.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- nss_engine_pphrase.c 4 Jan 2006 22:07:58 -0000 1.4 +++ nss_engine_pphrase.c 7 Apr 2006 20:17:12 -0000 1.5 @@ -79,7 +79,7 @@ status = SECFailure; break; } - parg->retryCount = 0; // reset counter to 0 for the next token + parg->retryCount = 0; /* reset counter to 0 for the next token */ PK11_FreeSlot(slot); } @@ -107,11 +107,11 @@ } prompt = PR_smprintf("Please enter password for \"%s\" token:", PK11_GetTokenName(slot)); if (parg == NULL) { - // should not happen + /* should not happen */ passwd = nss_get_password(stdin, stdout, slot, nss_check_password, 0); } else { if (parg->retryCount > 2) { - passwd = NULL; // abort after 2 retries (3 failed attempts) + passwd = NULL; /* abort after 2 retries (3 failed attempts) */ } else { passwd = nss_get_password(stdin, stdout, slot, nss_check_password, parg); } From fedora-directory-commits at redhat.com Fri Apr 7 22:19:38 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Fri, 7 Apr 2006 15:19:38 -0700 Subject: [Fedora-directory-commits] ldapserver components.mk,1.45,1.46 Message-ID: <200604072219.k37MJcQD027803@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27786 Modified Files: components.mk Log Message: accidentally, overrode the change made on revision 1.42; backing off Index: components.mk =================================================================== RCS file: /cvs/dirsec/ldapserver/components.mk,v retrieving revision 1.45 retrieving revision 1.46 diff -u -r1.45 -r1.46 --- components.mk 7 Apr 2006 01:33:30 -0000 1.45 +++ components.mk 7 Apr 2006 22:19:35 -0000 1.46 @@ -194,8 +194,7 @@ SECURITY_INCLUDE = -I$(SECURITY_INCDIR) # add crlutil and ocspclnt when we support CRL and OCSP cert checking in DS SECURITY_BINNAMES = certutil derdump pp pk12util ssltap modutil shlibsign -# as of NSS 3.11, no longer need to link with softokn3 -SECURITY_LIBNAMES = ssl3 nss3 +SECURITY_LIBNAMES = ssl3 nss3 softokn3 # these libs have a corresponding .chk file SECURITY_NEED_CHK = softokn3 From fedora-directory-commits at redhat.com Fri Apr 7 22:22:20 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Fri, 7 Apr 2006 15:22:20 -0700 Subject: [Fedora-directory-commits] ldapserver nsconfig.mk,1.20,1.21 Message-ID: <200604072222.k37MMKBK027845@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27814 Modified Files: nsconfig.mk Log Message: Moved the SMARTHEAP macro setting from slapd local Makefile to global nsconfig.mk so that the makefile used for packaging gets the info. Index: nsconfig.mk =================================================================== RCS file: /cvs/dirsec/ldapserver/nsconfig.mk,v retrieving revision 1.20 retrieving revision 1.21 diff -u -r1.20 -r1.21 --- nsconfig.mk 7 Apr 2006 01:33:30 -0000 1.20 +++ nsconfig.mk 7 Apr 2006 22:22:17 -0000 1.21 @@ -86,6 +86,33 @@ include $(BUILD_ROOT)/nsdefs.mk include $(BUILD_ROOT)/component_versions.mk +# It looks like most of the latest versions of Unix that we ship on +# have a good enough heap implementations that they don't need +# SmartHeap. We still need it on NT and HPUX. +# Solaris 8 and later has mtmalloc +# By contract HPUX must be aligned with Solaris. +ifneq ($(ARCH), SOLARIS) +ifneq ($(ARCH), WINNT) +ifneq ($(ARCH), HPUX) +LDAP_DONT_USE_SMARTHEAP=1 +endif +endif +endif + +ifeq ($(ARCH), HPUX) + ifeq ($(NSOS_TEST1),ia64) + LDAP_DONT_USE_SMARTHEAP=1 + ifeq ($(DEBUG), optimize) + CFLAGS+=+O3 + endif + endif +endif + +# Don't use smartheap for debug builds +ifeq ($(DEBUG), full) +LDAP_DONT_USE_SMARTHEAP=1 +endif + ifeq ($(SECURITY), domestic) SEC_SUFFIX = D else From fedora-directory-commits at redhat.com Fri Apr 7 22:22:20 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Fri, 7 Apr 2006 15:22:20 -0700 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd Makefile, 1.12, 1.13 Message-ID: <200604072222.k37MMKPo027851@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27814/ldap/servers/slapd Modified Files: Makefile Log Message: Moved the SMARTHEAP macro setting from slapd local Makefile to global nsconfig.mk so that the makefile used for packaging gets the info. Index: Makefile =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/Makefile,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- Makefile 7 Apr 2006 01:33:37 -0000 1.12 +++ Makefile 7 Apr 2006 22:22:18 -0000 1.13 @@ -77,33 +77,6 @@ LDAP_DONT_USE_SMARTHEAP=1 endif -# It looks like most of the latest versions of Unix that we ship on -# have a good enough heap implementations that they don't need -# SmartHeap. We still need it on NT and HPUX. -# Solaris 8 and later has mtmalloc -# By contract HPUX must be aligned with Solaris. -ifneq ($(ARCH), SOLARIS) -ifneq ($(ARCH), WINNT) -ifneq ($(ARCH), HPUX) -LDAP_DONT_USE_SMARTHEAP=1 -endif -endif -endif - -ifeq ($(ARCH), HPUX) - ifeq ($(NSOS_TEST1),ia64) - LDAP_DONT_USE_SMARTHEAP=1 - ifeq ($(DEBUG), optimize) - CFLAGS+=+O3 - endif - endif -endif - -# Don't use smartheap for debug builds -ifeq ($(DEBUG), full) -LDAP_DONT_USE_SMARTHEAP=1 -endif - ifndef LDAP_DONT_USE_SMARTHEAP include $(BUILD_ROOT)/ns_usesh.mk INCLUDES+=-I$(SH_INCLUDE) From fedora-directory-commits at redhat.com Sat Apr 8 19:27:06 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Sat, 8 Apr 2006 12:27:06 -0700 Subject: [Fedora-directory-commits] dsbuild/ds/mod_nss Makefile,1.2,1.3 Message-ID: <200604081927.k38JR6aD009732@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/dsbuild/ds/mod_nss In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9565/dsbuild/ds/mod_nss Modified Files: Makefile Log Message: You can now do a dsbuild with sources from CVS by using make USE_CVS=1 ... Right now this only works with the cvs.fedora.redhat.com repository, but it will be easy to add support for others such as mozilla. I added ICU to the mod_admserv build. adminserver uses MOD_*_LIBPATH instead of MOD_*_LIB_DIR now. ldapserver uses the correct path to directoryconsole now. Index: Makefile =================================================================== RCS file: /cvs/dirsec/dsbuild/ds/mod_nss/Makefile,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- Makefile 14 Feb 2006 22:29:18 -0000 1.2 +++ Makefile 8 Apr 2006 19:26:59 -0000 1.3 @@ -3,9 +3,14 @@ GARNAME = mod_nss GARVERSION = 1.0.2 CATEGORIES = ds -DISTFILES = $(GARNAME)-$(GARVERSION).tar.gz PATCHFILES = +ifdef USE_CVS +CVSMODULES=mod_nss +else +DISTFILES = $(GARNAME)-$(GARVERSION).tar.gz +endif + LIBDEPS = DESCRIPTION = mod_nss @@ -23,6 +28,10 @@ INSTALL_SCRIPTS = custom BUILD_ARGS = +ifdef USE_CVS +post-extract: extract-cvs +endif + ifdef BUILD_MODULE_RPM ifeq ($(DEBUG),full) FLAVOR=dbg From fedora-directory-commits at redhat.com Sat Apr 8 19:27:07 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Sat, 8 Apr 2006 12:27:07 -0700 Subject: [Fedora-directory-commits] dsbuild/ds/onlinehelp Makefile,1.2,1.3 Message-ID: <200604081927.k38JR7Jl009744@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/dsbuild/ds/onlinehelp In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9565/dsbuild/ds/onlinehelp Modified Files: Makefile Log Message: You can now do a dsbuild with sources from CVS by using make USE_CVS=1 ... Right now this only works with the cvs.fedora.redhat.com repository, but it will be easy to add support for others such as mozilla. I added ICU to the mod_admserv build. adminserver uses MOD_*_LIBPATH instead of MOD_*_LIB_DIR now. ldapserver uses the correct path to directoryconsole now. Index: Makefile =================================================================== RCS file: /cvs/dirsec/dsbuild/ds/onlinehelp/Makefile,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- Makefile 14 Feb 2006 22:29:34 -0000 1.2 +++ Makefile 8 Apr 2006 19:27:05 -0000 1.3 @@ -1,15 +1,24 @@ GARNAME = fedora-onlinehelp GARVERSION = 1.0.2 CATEGORIES = ds -DISTFILES = $(GARNAME)-$(GARVERSION).tar.gz PATCHFILES = +ifdef USE_CVS +CVSMODULES=onlinehelp +else +DISTFILES = $(GARNAME)-$(GARVERSION).tar.gz +endif + LIBDEPS = DESCRIPTION = onlinehelp INSTALL_SCRIPTS = custom +ifdef USE_CVS +post-extract: extract-cvs +endif + configure-custom: $(MAKECOOKIE) From fedora-directory-commits at redhat.com Sat Apr 8 19:27:08 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Sat, 8 Apr 2006 12:27:08 -0700 Subject: [Fedora-directory-commits] dsbuild/ds/setuputil Makefile,1.3,1.4 Message-ID: <200604081927.k38JR8fk009750@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/dsbuild/ds/setuputil In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9565/dsbuild/ds/setuputil Modified Files: Makefile Log Message: You can now do a dsbuild with sources from CVS by using make USE_CVS=1 ... Right now this only works with the cvs.fedora.redhat.com repository, but it will be easy to add support for others such as mozilla. I added ICU to the mod_admserv build. adminserver uses MOD_*_LIBPATH instead of MOD_*_LIB_DIR now. ldapserver uses the correct path to directoryconsole now. Index: Makefile =================================================================== RCS file: /cvs/dirsec/dsbuild/ds/setuputil/Makefile,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- Makefile 16 Feb 2006 21:34:09 -0000 1.3 +++ Makefile 8 Apr 2006 19:27:05 -0000 1.4 @@ -3,9 +3,14 @@ GARNAME = fedora-setuputil GARVERSION = 1.0.2 CATEGORIES = ds -DISTFILES = $(GARNAME)-$(GARVERSION).tar.gz PATCHFILES = +ifdef USE_CVS +CVSMODULES=setuputil +else +DISTFILES = $(GARNAME)-$(GARVERSION).tar.gz +endif + LIBDEPS = DESCRIPTION = setuputil @@ -22,6 +27,10 @@ BUILD_ARGS += BUILD_DEBUG=optimize endif +ifdef USE_CVS +post-extract: extract-cvs +endif + configure-custom: $(MAKECOOKIE) From fedora-directory-commits at redhat.com Sat Apr 8 19:27:07 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Sat, 8 Apr 2006 12:27:07 -0700 Subject: [Fedora-directory-commits] dsbuild/ds/mod_restartd Makefile, 1.2, 1.3 Message-ID: <200604081927.k38JR7n0009738@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/dsbuild/ds/mod_restartd In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9565/dsbuild/ds/mod_restartd Modified Files: Makefile Log Message: You can now do a dsbuild with sources from CVS by using make USE_CVS=1 ... Right now this only works with the cvs.fedora.redhat.com repository, but it will be easy to add support for others such as mozilla. I added ICU to the mod_admserv build. adminserver uses MOD_*_LIBPATH instead of MOD_*_LIB_DIR now. ldapserver uses the correct path to directoryconsole now. Index: Makefile =================================================================== RCS file: /cvs/dirsec/dsbuild/ds/mod_restartd/Makefile,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- Makefile 14 Feb 2006 22:29:23 -0000 1.2 +++ Makefile 8 Apr 2006 19:27:04 -0000 1.3 @@ -3,9 +3,14 @@ GARNAME = mod_restartd GARVERSION = 1.0.2 CATEGORIES = ds -DISTFILES = $(GARNAME)-$(GARVERSION).tar.gz PATCHFILES = +ifdef USE_CVS +CVSMODULES=mod_restartd +else +DISTFILES = $(GARNAME)-$(GARVERSION).tar.gz +endif + LIBDEPS = DESCRIPTION = mod_restartd @@ -21,6 +26,10 @@ INSTALL_SCRIPTS = custom BUILD_ARGS = +ifdef USE_CVS +post-extract: extract-cvs +endif + ifdef BUILD_MODULE_RPM ifeq ($(DEBUG),full) FLAVOR=dbg From fedora-directory-commits at redhat.com Sat Apr 8 19:26:52 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Sat, 8 Apr 2006 12:26:52 -0700 Subject: [Fedora-directory-commits] dsbuild ds.conf.mk, 1.1.1.1, 1.2 gar.lib.mk, 1.2, 1.3 Message-ID: <200604081927.k38JRMZe009754@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/dsbuild In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9565/dsbuild Modified Files: ds.conf.mk gar.lib.mk Log Message: You can now do a dsbuild with sources from CVS by using make USE_CVS=1 ... Right now this only works with the cvs.fedora.redhat.com repository, but it will be easy to add support for others such as mozilla. I added ICU to the mod_admserv build. adminserver uses MOD_*_LIBPATH instead of MOD_*_LIB_DIR now. ldapserver uses the correct path to directoryconsole now. Index: ds.conf.mk =================================================================== RCS file: /cvs/dirsec/dsbuild/ds.conf.mk,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- ds.conf.mk 10 Feb 2006 15:28:53 -0000 1.1.1.1 +++ ds.conf.mk 8 Apr 2006 19:26:49 -0000 1.2 @@ -4,3 +4,17 @@ ifdef DSMLGWJAR_VERSION MASTER_SITES += http://directory.fedora.redhat.com/download/dsmlgwjars-$(DSMLGWJAR_VERSION)/ endif + +# cvs information +# use USE_CVS=1 on the make command line to grab the sources from CVS +# instead of from the checksummed source tarballs +# fedora anon cvs +FEDCVSROOT=:pserver:anonymous at cvs.fedora.redhat.com:/cvs/dirsec +# mozilla anon cvs +MOZCVSROOT=:pserver:anonymous at cvs-mirror.mozilla.org:/cvsroot +# default to fedora for now since the mozilla sources are more static +CVSROOT=$(FEDCVSROOT) +# default tag is HEAD +CVSTAG=HEAD +# each ds/*/Makefile must define the CVS modules e.g. +#CVSMODULES=ldapserver Index: gar.lib.mk =================================================================== RCS file: /cvs/dirsec/dsbuild/gar.lib.mk,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- gar.lib.mk 28 Feb 2006 23:40:24 -0000 1.2 +++ gar.lib.mk 8 Apr 2006 19:26:49 -0000 1.3 @@ -32,14 +32,21 @@ URLS = $(subst ://,//,$(foreach SITE,$(FILE_SITES) $(MASTER_SITES),$(addprefix $(SITE),$(DISTFILES))) $(foreach SITE,$(FILE_SITES) $(PATCH_SITES) $(MASTER_SITES),$(addprefix $(SITE),$(PATCHFILES)))) +# use NOCACHE with makesum - if we upload a new source tarball to the official download site, we want +# to use that one to make the checksum, not the cached one ifdef NOCACHE NOCACHEARG = "--header=Cache-Control: no-cache" endif +# these are the flags to use with the cvs export command +CVSFLAGS=-z3 -Q + # Download the file if and only if it doesn't have a preexisting # checksum file. Loop through available URLs and stop when you # get one that doesn't return an error code. $(DOWNLOADDIR)/%: +# no download with cvs - we "extract" the files from CVS instead +ifndef USE_CVS @if test -f $(COOKIEDIR)/checksum-$*; then : ; else \ echo " ==> Grabbing $(call TMSG_ID,$@)"; \ for i in $(filter %/$*,$(URLS)); do \ @@ -52,6 +59,7 @@ false; \ fi; \ fi +endif # download an http URL http//%: @@ -88,11 +96,17 @@ scp//%: @scp -C $* $(DOWNLOADDIR)/ +# an svn url? +# svn//%: +# @svn $(SVNFLAGS) export -r $(SVNTAG) -d $(GARNAME)-$(GARVERSION) svn://$* + #################### CHECKSUM RULES #################### # check a given file's checksum against $(CHECKSUM_FILE) and # error out if it mentions the file without an "OK". checksum-%: $(CHECKSUM_FILE) +# no checksum with cvs - we "extract" the files from CVS instead +ifndef USE_CVS @echo " ==> Running checksum on $(call TMSG_ID,$*)" @if grep -- '$*' $(CHECKSUM_FILE); then \ if LC_ALL="C" LANG="C" $(MD5) -c $(CHECKSUM_FILE) 2>&1 | grep -- '$*' | grep -v ':[ ]\+OK'; then \ @@ -106,7 +120,7 @@ echo '*** GAR GAR GAR! $(call TMSG_ID,$*) not in $(CHECKSUM_FILE) file! GAR GAR GAR! ***' 1>&2; \ false; \ fi - +endif #################### EXTRACT RULES #################### @@ -141,6 +155,11 @@ @cp $(DOWNLOADDIR)/$* $(WORKDIR)/ @$(MAKECOOKIE) +extract-cvs: + @echo Doing CVS checkout of $(CVSMODULES) from $(CVSROOT) with tag $(CVSTAG) + @cd $(WORKDIR) ; cvs $(CVSFLAGS) export -r $(CVSTAG) -d $(GARNAME)-$(GARVERSION) $(CVSMODULES) + @$(MAKECOOKIE) + ### EXTRACT FILE TYPE MAPPINGS ### # These rules specify which of the above extract action rules to use for a # given file extension. Often support for a given extract type can be handled @@ -206,7 +225,6 @@ extract-%: cp-extract-% @$(MAKECOOKIE) - #################### PATCH RULES #################### # apply bzipped patches From fedora-directory-commits at redhat.com Sat Apr 8 19:27:01 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Sat, 8 Apr 2006 12:27:01 -0700 Subject: [Fedora-directory-commits] dsbuild/ds/mod_admserv Makefile,1.2,1.3 Message-ID: <200604081927.k38JRVnA009774@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/dsbuild/ds/mod_admserv In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9565/dsbuild/ds/mod_admserv Modified Files: Makefile Log Message: You can now do a dsbuild with sources from CVS by using make USE_CVS=1 ... Right now this only works with the cvs.fedora.redhat.com repository, but it will be easy to add support for others such as mozilla. I added ICU to the mod_admserv build. adminserver uses MOD_*_LIBPATH instead of MOD_*_LIB_DIR now. ldapserver uses the correct path to directoryconsole now. Index: Makefile =================================================================== RCS file: /cvs/dirsec/dsbuild/ds/mod_admserv/Makefile,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- Makefile 14 Feb 2006 22:29:12 -0000 1.2 +++ Makefile 8 Apr 2006 19:26:58 -0000 1.3 @@ -3,9 +3,14 @@ GARNAME = mod_admserv GARVERSION = 1.0.2 CATEGORIES = ds -DISTFILES = $(GARNAME)-$(GARVERSION).tar.gz PATCHFILES = +ifdef USE_CVS +CVSMODULES=mod_admserv +else +DISTFILES = $(GARNAME)-$(GARVERSION).tar.gz +endif + LIBDEPS = DESCRIPTION = mod_admserv @@ -13,6 +18,7 @@ MOZILLA_DIST = $(ABS_GARDIR)/$(CATEGORIES)/mozilla/work/mozilla/dist ADMINUTIL = $(ABS_GARDIR)/$(CATEGORIES)/adminutil/work/fedora-adminutil-1.0.2/built/adminutil/$(OBJDIR_NAME) +ICU = $(ABS_GARDIR)/$(CATEGORIES)/icu/work/icu-3.4/built INSTALL_SCRIPTS = custom @@ -27,6 +33,10 @@ INSTALL_SCRIPTS = custom BUILD_ARGS = +ifdef USE_CVS +post-extract: extract-cvs +endif + ifdef BUILD_MODULE_RPM ifeq ($(DEBUG),full) FLAVOR=dbg @@ -45,7 +55,7 @@ else # BUILD_MODULE_RPM -CONFIGURE_ARGS = --with-apr-config --with-nspr=$(MOZILLA_DIST)/$(MOZ_OBJDIR_NAME) --with-nss-inc=$(MOZILLA_DIST)/public/nss --with-nss-lib=$(MOZILLA_DIST)/$(MOZ_OBJDIR_NAME)/lib --with-ldapsdk-inc=$(MOZILLA_DIST)/public/ldap --with-ldapsdk-lib=$(MOZILLA_DIST)/lib --with-adminutil=$(ADMINUTIL) +CONFIGURE_ARGS = --with-apr-config --with-nspr=$(MOZILLA_DIST)/$(MOZ_OBJDIR_NAME) --with-nss-inc=$(MOZILLA_DIST)/public/nss --with-nss-lib=$(MOZILLA_DIST)/$(MOZ_OBJDIR_NAME)/lib --with-ldapsdk-inc=$(MOZILLA_DIST)/public/ldap --with-ldapsdk-lib=$(MOZILLA_DIST)/lib --with-adminutil=$(ADMINUTIL) --with-icu=$(ICU) ifeq ($(DEBUG),full) CONFIGURE_ENV = CFLAGS=-g From fedora-directory-commits at redhat.com Sat Apr 8 19:26:58 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Sat, 8 Apr 2006 12:26:58 -0700 Subject: [Fedora-directory-commits] dsbuild/ds/adminserver Makefile,1.3,1.4 Message-ID: <200604081927.k38JRSgQ009759@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/dsbuild/ds/adminserver In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9565/dsbuild/ds/adminserver Modified Files: Makefile Log Message: You can now do a dsbuild with sources from CVS by using make USE_CVS=1 ... Right now this only works with the cvs.fedora.redhat.com repository, but it will be easy to add support for others such as mozilla. I added ICU to the mod_admserv build. adminserver uses MOD_*_LIBPATH instead of MOD_*_LIB_DIR now. ldapserver uses the correct path to directoryconsole now. Index: Makefile =================================================================== RCS file: /cvs/dirsec/dsbuild/ds/adminserver/Makefile,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- Makefile 16 Feb 2006 21:33:47 -0000 1.3 +++ Makefile 8 Apr 2006 19:26:50 -0000 1.4 @@ -3,9 +3,14 @@ GARNAME = fedora-adminserver GARVERSION = 1.0.2 CATEGORIES = ds -DISTFILES = $(GARNAME)-$(GARVERSION).tar.gz PATCHFILES = +ifdef USE_CVS +CVSMODULES=adminserver +else +DISTFILES = $(GARNAME)-$(GARVERSION).tar.gz +endif + LIBDEPS = DESCRIPTION = adminserver @@ -21,10 +26,10 @@ ADMINUTIL_SOURCE_ROOT=$(ABS_GARDIR)/$(CATEGORIES)/adminutil/work/fedora-adminutil-1.0.2 \ SETUPUTIL_SOURCE_ROOT=$(ABS_GARDIR)/$(CATEGORIES)/setuputil/work/fedora-setuputil-1.0.2 \ ONLINEHELP_SOURCE_DIR=$(ABS_GARDIR)/$(CATEGORIES)/onlinehelp/work/fedora-onlinehelp-1.0.2 \ - MOD_ADMSERV_LIB_DIR=$(ABS_GARDIR)/$(CATEGORIES)/mod_admserv/work/mod_admserv-1.0.2/.libs \ - MOD_RESTARTD_LIB_DIR=$(ABS_GARDIR)/$(CATEGORIES)/mod_restartd/work/mod_restartd-1.0.2/.libs \ - MOD_NSS_LIB_DIR=$(ABS_GARDIR)/$(CATEGORIES)/mod_nss/work/mod_nss-1.0.2/.libs \ - MOD_NSS_BIN_DIR=$(ABS_GARDIR)/$(CATEGORIES)/mod_nss/work/mod_nss-1.0.2 + MOD_ADMSERV_LIBPATH=$(ABS_GARDIR)/$(CATEGORIES)/mod_admserv/work/mod_admserv-1.0.2/.libs \ + MOD_RESTARTD_LIBPATH=$(ABS_GARDIR)/$(CATEGORIES)/mod_restartd/work/mod_restartd-1.0.2/.libs \ + MOD_NSS_LIBPATH=$(ABS_GARDIR)/$(CATEGORIES)/mod_nss/work/mod_nss-1.0.2/.libs \ + MOD_NSS_BINPATH=$(ABS_GARDIR)/$(CATEGORIES)/mod_nss/work/mod_nss-1.0.2 ifndef NOJAVA BUILD_ARGS += CONSOLE_SOURCE_DIR=$(ABS_GARDIR)/$(CATEGORIES)/console/work @@ -34,6 +39,10 @@ BUILD_ARGS += BUILD_DEBUG=optimize endif +ifdef USE_CVS +post-extract: extract-cvs +endif + configure-custom: $(MAKECOOKIE) From fedora-directory-commits at redhat.com Sat Apr 8 19:26:58 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Sat, 8 Apr 2006 12:26:58 -0700 Subject: [Fedora-directory-commits] dsbuild/ds/adminutil Makefile,1.3,1.4 Message-ID: <200604081927.k38JRSsD009762@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/dsbuild/ds/adminutil In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9565/dsbuild/ds/adminutil Modified Files: Makefile Log Message: You can now do a dsbuild with sources from CVS by using make USE_CVS=1 ... Right now this only works with the cvs.fedora.redhat.com repository, but it will be easy to add support for others such as mozilla. I added ICU to the mod_admserv build. adminserver uses MOD_*_LIBPATH instead of MOD_*_LIB_DIR now. ldapserver uses the correct path to directoryconsole now. Index: Makefile =================================================================== RCS file: /cvs/dirsec/dsbuild/ds/adminutil/Makefile,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- Makefile 16 Feb 2006 21:33:53 -0000 1.3 +++ Makefile 8 Apr 2006 19:26:56 -0000 1.4 @@ -3,9 +3,14 @@ GARNAME = fedora-adminutil GARVERSION = 1.0.2 CATEGORIES = ds -DISTFILES = $(GARNAME)-$(GARVERSION).tar.gz PATCHFILES = +ifdef USE_CVS +CVSMODULES=adminutil +else +DISTFILES = $(GARNAME)-$(GARVERSION).tar.gz +endif + LIBDEPS = DESCRIPTION = adminutil @@ -22,6 +27,10 @@ BUILD_ARGS += BUILD_DEBUG=optimize endif +ifdef USE_CVS +post-extract: extract-cvs +endif + configure-custom: $(MAKECOOKIE) From fedora-directory-commits at redhat.com Sat Apr 8 19:26:59 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Sat, 8 Apr 2006 12:26:59 -0700 Subject: [Fedora-directory-commits] dsbuild/ds/console Makefile,1.2,1.3 Message-ID: <200604081927.k38JRTr8009765@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/dsbuild/ds/console In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9565/dsbuild/ds/console Modified Files: Makefile Log Message: You can now do a dsbuild with sources from CVS by using make USE_CVS=1 ... Right now this only works with the cvs.fedora.redhat.com repository, but it will be easy to add support for others such as mozilla. I added ICU to the mod_admserv build. adminserver uses MOD_*_LIBPATH instead of MOD_*_LIB_DIR now. ldapserver uses the correct path to directoryconsole now. Index: Makefile =================================================================== RCS file: /cvs/dirsec/dsbuild/ds/console/Makefile,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- Makefile 14 Feb 2006 22:28:30 -0000 1.2 +++ Makefile 8 Apr 2006 19:26:56 -0000 1.3 @@ -3,9 +3,14 @@ GARNAME = fedora-console GARVERSION = 1.0.2 CATEGORIES = ds -DISTFILES = $(GARNAME)-$(GARVERSION).tar.gz PATCHFILES = +ifdef USE_CVS +CVSMODULES=console +else +DISTFILES = $(GARNAME)-$(GARVERSION).tar.gz +endif + LIBDEPS = DESCRIPTION = console @@ -17,6 +22,10 @@ IMPORTS=-Dimports.file=$(IMPORTS.FILE) +ifdef USE_CVS +post-extract: extract-cvs +endif + configure-custom: $(MAKECOOKIE) From fedora-directory-commits at redhat.com Sat Apr 8 19:26:59 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Sat, 8 Apr 2006 12:26:59 -0700 Subject: [Fedora-directory-commits] dsbuild/ds/directoryconsole Makefile, 1.2, 1.3 Message-ID: <200604081927.k38JRT3i009767@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/dsbuild/ds/directoryconsole In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9565/dsbuild/ds/directoryconsole Modified Files: Makefile Log Message: You can now do a dsbuild with sources from CVS by using make USE_CVS=1 ... Right now this only works with the cvs.fedora.redhat.com repository, but it will be easy to add support for others such as mozilla. I added ICU to the mod_admserv build. adminserver uses MOD_*_LIBPATH instead of MOD_*_LIB_DIR now. ldapserver uses the correct path to directoryconsole now. Index: Makefile =================================================================== RCS file: /cvs/dirsec/dsbuild/ds/directoryconsole/Makefile,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- Makefile 14 Feb 2006 22:28:38 -0000 1.2 +++ Makefile 8 Apr 2006 19:26:57 -0000 1.3 @@ -3,9 +3,14 @@ GARNAME = fedora-directoryconsole GARVERSION = 1.0.2 CATEGORIES = ds -DISTFILES = $(GARNAME)-$(GARVERSION).tar.gz PATCHFILES = +ifdef USE_CVS +CVSMODULES=directoryconsole +else +DISTFILES = $(GARNAME)-$(GARVERSION).tar.gz +endif + LIBDEPS = DESCRIPTION = directoryconsole @@ -17,6 +22,10 @@ IMPORTS=-Dconsole.location=$(ABS_GARDIR)/$(CATEGORIES)/console/work/built/release/package +ifdef USE_CVS +post-extract: extract-cvs +endif + configure-custom: $(MAKECOOKIE) From fedora-directory-commits at redhat.com Sat Apr 8 19:27:00 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Sat, 8 Apr 2006 12:27:00 -0700 Subject: [Fedora-directory-commits] dsbuild/ds/ldapserver Makefile,1.4,1.5 Message-ID: <200604081927.k38JRU8B009770@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/dsbuild/ds/ldapserver In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9565/dsbuild/ds/ldapserver Modified Files: Makefile Log Message: You can now do a dsbuild with sources from CVS by using make USE_CVS=1 ... Right now this only works with the cvs.fedora.redhat.com repository, but it will be easy to add support for others such as mozilla. I added ICU to the mod_admserv build. adminserver uses MOD_*_LIBPATH instead of MOD_*_LIB_DIR now. ldapserver uses the correct path to directoryconsole now. Index: Makefile =================================================================== RCS file: /cvs/dirsec/dsbuild/ds/ldapserver/Makefile,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- Makefile 16 Feb 2006 21:33:58 -0000 1.4 +++ Makefile 8 Apr 2006 19:26:57 -0000 1.5 @@ -6,11 +6,16 @@ # have the regular download rule download the patch rather than listing it in PATCHFILES # this is so we can override the default patch rule #MYPATCH = ldapserver-gcc4.patch -DISTFILES = $(GARNAME)-$(GARVERSION).tar.gz $(MYPATCH) PATCHFILES = PKGDIR = $(ABS_GARDIR)/$(CATEGORIES)/ldapserver/work/pkg +ifdef USE_CVS +CVSMODULES = ldapserver +else +DISTFILES = $(GARNAME)-$(GARVERSION).tar.gz +endif + LIBDEPS = DESCRIPTION = ldapserver @@ -48,6 +53,10 @@ BUILD_ARGS += BUILD_DEBUG=optimize endif +ifdef USE_CVS +post-extract: extract-cvs +endif + # this is our "custom" patch target post-patch: ifdef MYPATCH @@ -76,6 +85,6 @@ @echo "http://directory.fedora.redhat.com/wiki/Install_Guide" $(MAKECOOKIE) -include ../../gar.conf.mk +#include ../../gar.conf.mk include ../category.mk From fedora-directory-commits at redhat.com Sat Apr 8 19:29:37 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Sat, 8 Apr 2006 12:29:37 -0700 Subject: [Fedora-directory-commits] ldapserver buildpaths.mk, 1.13, 1.14 components.mk, 1.46, 1.47 Message-ID: <200604081929.k38JTbBM009804@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9783 Modified Files: buildpaths.mk components.mk Log Message: Make the build/pull work like the adminserver does with respect to console. Otherwise, dsbuild with recent code no longer works. Index: buildpaths.mk =================================================================== RCS file: /cvs/dirsec/ldapserver/buildpaths.mk,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- buildpaths.mk 29 Mar 2006 19:42:39 -0000 1.13 +++ buildpaths.mk 8 Apr 2006 19:29:35 -0000 1.14 @@ -139,7 +139,7 @@ ADMINSERVER_SOURCE_ROOT = $(BUILD_ROOT)/../adminserver -LDAPCONSOLE_SOURCE_ROOT = $(BUILD_ROOT)/../directoryconsole +LDAPCONSOLE_SOURCE_ROOT = $(BUILD_ROOT)/.. # these are the files needed to build the java components - xmltools and dsmlgw - # and where to get them Index: components.mk =================================================================== RCS file: /cvs/dirsec/ldapserver/components.mk,v retrieving revision 1.46 retrieving revision 1.47 diff -u -r1.46 -r1.47 --- components.mk 7 Apr 2006 22:19:35 -0000 1.46 +++ components.mk 8 Apr 2006 19:29:35 -0000 1.47 @@ -569,7 +569,7 @@ ADMINSERVER_SUBCOMPS:=admin base ifdef LDAPCONSOLE_SOURCE_ROOT - LDAPCONSOLE_DIR = $(ABS_ROOT)/../built/package + LDAPCONSOLE_DIR = $(LDAPCONSOLE_SOURCE_ROOT)/built/package else LDAPCONSOLE_DIR = $(CLASS_DEST) endif From fedora-directory-commits at redhat.com Tue Apr 11 02:14:55 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Mon, 10 Apr 2006 19:14:55 -0700 Subject: [Fedora-directory-commits] ldapserver/lib/ldaputil certmap.c, 1.5, 1.6 init.c, 1.6, 1.7 ldapauth.c, 1.5, 1.6 Message-ID: <200604110214.k3B2EtvC008560@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/lib/ldaputil In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8136/ldapserver/lib/ldaputil Modified Files: certmap.c init.c ldapauth.c Log Message: Bug(s) fixed: 186280 Bug Description: ldapserver: Close potential security vulnerabilities in CGI code Reviewed by: Nathan, Noriko, and Pete (Thanks!) Fix Description: Clean up usage of sprintf, strcpy, fgets instead of gets, fixed buffer usage, etc., mostly in the CGI code and other user facing code (i.e. setup). Also, Steve Grubb told me about a GCC trick to force it to check printf style varargs functions, to check the format string against the argument string, for type mismatches, missing arguments, and too many arguments. In the CGI form argument parsing code, we needed to be more careful about checking for bad input - good input is supposed to look like this: name=value&name=value&..... &name=value. I don't think the original code was checking properly for something like name&name=value. There was another place where we were not checking to see if a buffer had enough room before appending a string to it. I had to change a couple of functions to allow passing in the size of the buffer. Fixed some issues raised by Noriko and Nathan. Platforms tested: RHEL4 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: certmap.c =================================================================== RCS file: /cvs/dirsec/ldapserver/lib/ldaputil/certmap.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- certmap.c 19 Apr 2005 22:07:45 -0000 1.5 +++ certmap.c 11 Apr 2006 02:14:53 -0000 1.6 @@ -46,6 +46,8 @@ */ #include #include +#include + #include #include #include @@ -388,7 +390,7 @@ static void print_oid_bitmask (long bitmask) { - fprintf(stderr, "%x: ", bitmask); + fprintf(stderr, "%lx: ", bitmask); if (PresentInComps(bitmask, SEC_OID_AVA_COUNTRY_NAME)) fprintf(stderr, " C"); @@ -1812,7 +1814,7 @@ *certmap_list = 0; *certmap_default = 0; - sprintf(this_dllname, "%s", dllname); + PR_snprintf(this_dllname, sizeof(this_dllname), "%s", dllname); if (!certmap_listinfo) return LDAPU_ERR_OUT_OF_MEMORY; Index: init.c =================================================================== RCS file: /cvs/dirsec/ldapserver/lib/ldaputil/init.c,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- init.c 19 Apr 2005 22:07:45 -0000 1.6 +++ init.c 11 Apr 2006 02:14:53 -0000 1.7 @@ -39,6 +39,7 @@ #include #include #include +#include /*#include "base/file.h"*/ #include "ldaputil/certmap.h" @@ -90,7 +91,7 @@ if(is_lib) { char path[1024]; - sprintf(path, "%s%c%s", dir, FILE_PATHSEP, libname); + PR_snprintf(path, sizeof(path), "%s%c%s", dir, FILE_PATHSEP, libname); lib = PR_LoadLibrary(path); if (!lib) rv = LDAPU_ERR_UNABLE_TO_LOAD_PLUGIN; } @@ -123,7 +124,7 @@ if (serv_root && *serv_root) { /* Load common libraries */ - sprintf(dir, "%s%clib%c%s", serv_root, FILE_PATHSEP, + PR_snprintf(dir, sizeof(dir), "%s%clib%c%s", serv_root, FILE_PATHSEP, FILE_PATHSEP, "common"); rv = load_server_libs(dir); Index: ldapauth.c =================================================================== RCS file: /cvs/dirsec/ldapserver/lib/ldaputil/ldapauth.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- ldapauth.c 19 Apr 2005 22:07:45 -0000 1.5 +++ ldapauth.c 11 Apr 2006 02:14:53 -0000 1.6 @@ -46,6 +46,7 @@ #include /* for BUFSIZ */ #include /* for strncpy, strcat */ #include +#include #include #include @@ -274,7 +275,7 @@ int retval; /* setup filter as (uid=) */ - sprintf(filter, ldapu_strings[LDAPU_STR_FILTER_USER], uid); + PR_snprintf(filter, sizeof(filter), ldapu_strings[LDAPU_STR_FILTER_USER], uid); retval = ldapu_find(ld, base, scope, filter, attrs, attrsonly, res); @@ -384,7 +385,7 @@ int retval; /* setup the filter */ - sprintf(filter, + PR_snprintf(filter, sizeof(filter), ldapu_strings[LDAPU_STR_FILTER_GROUP], groupid); @@ -497,7 +498,7 @@ return LDAPU_ERR_CIRCULAR_GROUPS; /* setup the filter */ - sprintf(member_filter, ldapu_strings[LDAPU_STR_FILTER_MEMBER], userdn, userdn); + PR_snprintf(member_filter, sizeof(member_filter), ldapu_strings[LDAPU_STR_FILTER_MEMBER], userdn, userdn); retval = ldapu_find(ld, groupdn, LDAP_SCOPE_BASE, member_filter, attrs, attrsonly, &res); @@ -510,7 +511,7 @@ DBG_PRINT2("Find parent groups of \"%s\"\n", userdn); /* Modify the filter to include the objectclass check */ - sprintf(filter, ldapu_strings[LDAPU_STR_FILTER_MEMBER_RECURSE], + PR_snprintf(filter, sizeof(filter), ldapu_strings[LDAPU_STR_FILTER_MEMBER_RECURSE], member_filter); retval = ldapu_find(ld, base, LDAP_SCOPE_SUBTREE, filter, attrs, attrsonly, &res); @@ -1020,9 +1021,9 @@ /* setup filter as (& (uid=) (attrfilter)) */ if (*attrfilter == '(') - sprintf(filter, "(& (uid=%s) %s)", uid, attrfilter); + PR_snprintf(filter, sizeof(filter), "(& (uid=%s) %s)", uid, attrfilter); else - sprintf(filter, "(& (uid=%s) (%s))", uid, attrfilter); + PR_snprintf(filter, sizeof(filter), "(& (uid=%s) (%s))", uid, attrfilter); retval = ldapu_find(ld, base, scope, filter, attrs, attrsonly, &res); From fedora-directory-commits at redhat.com Tue Apr 11 02:14:56 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Mon, 10 Apr 2006 19:14:56 -0700 Subject: [Fedora-directory-commits] ldapserver/lib/libaccess acl.yy.cpp, 1.4, 1.5 aclscan.l, 1.4, 1.5 authdb.cpp, 1.4, 1.5 lasdns.cpp, 1.5, 1.6 lasip.cpp, 1.5, 1.6 lastod.cpp, 1.4, 1.5 Message-ID: <200604110214.k3B2EuHD008570@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/lib/libaccess In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8136/ldapserver/lib/libaccess Modified Files: acl.yy.cpp aclscan.l authdb.cpp lasdns.cpp lasip.cpp lastod.cpp Log Message: Bug(s) fixed: 186280 Bug Description: ldapserver: Close potential security vulnerabilities in CGI code Reviewed by: Nathan, Noriko, and Pete (Thanks!) Fix Description: Clean up usage of sprintf, strcpy, fgets instead of gets, fixed buffer usage, etc., mostly in the CGI code and other user facing code (i.e. setup). Also, Steve Grubb told me about a GCC trick to force it to check printf style varargs functions, to check the format string against the argument string, for type mismatches, missing arguments, and too many arguments. In the CGI form argument parsing code, we needed to be more careful about checking for bad input - good input is supposed to look like this: name=value&name=value&..... &name=value. I don't think the original code was checking properly for something like name&name=value. There was another place where we were not checking to see if a buffer had enough room before appending a string to it. I had to change a couple of functions to allow passing in the size of the buffer. Fixed some issues raised by Noriko and Nathan. Platforms tested: RHEL4 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: acl.yy.cpp =================================================================== RCS file: /cvs/dirsec/ldapserver/lib/libaccess/acl.yy.cpp,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- acl.yy.cpp 19 Apr 2005 22:07:47 -0000 1.4 +++ acl.yy.cpp 11 Apr 2006 02:14:53 -0000 1.5 @@ -472,6 +472,7 @@ #ifdef XP_WIN32 #include #endif +#include "plstr.h" #include "parse.h" #include "aclscan.h" @@ -1944,7 +1945,7 @@ acl_lineno = 1; acl_use_buffer = (filename == NULL) ? 1 : 0 ; if ( filename != NULL ) { - strcpy(acl_filename, filename); + PL_strncpyz(acl_filename, filename, sizeof(acl_filename)); #ifdef UTEST aclin = fopen(filename, "r"); if ( aclin == NULL ) { Index: aclscan.l =================================================================== RCS file: /cvs/dirsec/ldapserver/lib/libaccess/aclscan.l,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- aclscan.l 19 Apr 2005 22:07:47 -0000 1.4 +++ aclscan.l 11 Apr 2006 02:14:53 -0000 1.5 @@ -53,6 +53,7 @@ #ifdef XP_WIN32 #include #endif +#include "plstr.h" #include "parse.h" #include "aclscan.h" @@ -328,7 +329,7 @@ acl_lineno = 1; acl_use_buffer = (filename == NULL) ? 1 : 0 ; if ( filename != NULL ) { - strcpy(acl_filename, filename); + PL_strncpyz(acl_filename, filename, sizeof(acl_filename)); #ifdef UTEST yyin = fopen(filename, "r"); if ( yyin == NULL ) { Index: authdb.cpp =================================================================== RCS file: /cvs/dirsec/ldapserver/lib/libaccess/authdb.cpp,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- authdb.cpp 19 Apr 2005 22:07:47 -0000 1.4 +++ authdb.cpp 11 Apr 2006 02:14:53 -0000 1.5 @@ -167,10 +167,10 @@ else { /* treat prefix in the url as dbtype if it has been registered. */ - int prefix_len = strcspn(url, ":"); + size_t prefix_len = strcspn(url, ":"); char dbtypestr[BIG_LINE]; - if (prefix_len) { + if (prefix_len && (prefix_len < sizeof(dbtypestr))) { strncpy(dbtypestr, url, prefix_len); dbtypestr[prefix_len] = 0; Index: lasdns.cpp =================================================================== RCS file: /cvs/dirsec/ldapserver/lib/libaccess/lasdns.cpp,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- lasdns.cpp 19 Apr 2005 22:07:47 -0000 1.5 +++ lasdns.cpp 11 Apr 2006 02:14:53 -0000 1.6 @@ -132,7 +132,7 @@ int LASDnsBuild(NSErr_t *errp, char *attr_pattern, LASDnsContext_t *context, int aliasflg) { - int delimiter; /* length of valid token */ + size_t delimiter; /* length of valid token */ char token[256]; /* max length dns name */ int i; int ipcnt; @@ -162,9 +162,13 @@ } do { + size_t maxsize = sizeof(token); /* Get a single hostname from the pattern string */ delimiter = strcspn(attr_pattern, ", \t"); - strncpy(token, attr_pattern, delimiter); + if (delimiter >= maxsize) { + delimiter = maxsize-1; + } + PL_strncpyz(token, attr_pattern, delimiter); token[delimiter] = '\0'; /* Skip any white space after the token */ Index: lasip.cpp =================================================================== RCS file: /cvs/dirsec/ldapserver/lib/libaccess/lasip.cpp,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- lasip.cpp 19 Apr 2005 22:07:47 -0000 1.5 +++ lasip.cpp 11 Apr 2006 02:14:53 -0000 1.6 @@ -95,6 +95,14 @@ if (strcspn(ipstr, "0123456789.*")) return LAS_EVAL_INVALID; + if (strlen(netmaskstr) >= sizeof(token)) { + return LAS_EVAL_INVALID; + } + + if (strlen(ipstr) >= sizeof(token)) { + return LAS_EVAL_INVALID; + } + *netmask = *ip = 0; /* Start with "don't care" */ for (i=0; i<4; i++) { @@ -263,6 +271,10 @@ delimiter = strcspn(curptr, ", \t"); delimiter = (delimiter <= strlen(curptr)) ? delimiter : strlen(curptr); strncpy(token, curptr, delimiter); + if (delimiter >= sizeof(token)) { + return LAS_EVAL_INVALID; + } + token[delimiter] = '\0'; /* skip all the white space after the token */ curptr = strpbrk((curptr+delimiter), "1234567890+.*"); @@ -275,6 +287,9 @@ curptr = strpbrk((++curptr), "1234567890.*"); delimiter = strcspn(curptr, ", \t"); delimiter = (delimiter <= strlen(curptr)) ? delimiter : strlen(curptr); + if (delimiter >= sizeof(token2)) { + return LAS_EVAL_INVALID; + } strncpy(token2, curptr, delimiter); token2[delimiter] = '\0'; retcode = dotdecimal(token, token2, &ip, &netmask); @@ -512,7 +527,7 @@ /* Cannot reach here. Even a 32 bit mismatch has a conclusion in * the pattern tree. */ - sprintf(ip_str, "%x", ip); + sprintf(ip_str, "%x", (unsigned int)ip); nserrGenerate(errp, ACLERRINTERNAL, ACLERR5240, ACL_Program, 2, XP_GetAdminStr(DBT_lasipevalReach32BitsWithoutConcl_), ip_str); return LAS_EVAL_INVALID; } Index: lastod.cpp =================================================================== RCS file: /cvs/dirsec/ldapserver/lib/libaccess/lastod.cpp,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- lastod.cpp 19 Apr 2005 22:07:47 -0000 1.4 +++ lastod.cpp 11 Apr 2006 02:14:53 -0000 1.5 @@ -50,6 +50,7 @@ #include "aclutil.h" #include #include +#include "plstr.h" /* Day of the week LAS driver * Note that everything is case-insensitive. @@ -97,7 +98,7 @@ strftime(daystr, 4, "%a", localtime(&t)); #endif makelower(daystr); - strcpy(lcl_pattern, pattern); + PL_strncpyz(lcl_pattern, pattern, sizeof(lcl_pattern)); makelower(lcl_pattern); /* Compare the value to the pattern */ @@ -163,10 +164,18 @@ return LAS_EVAL_INVALID; } + if ((size_t)(dash-pattern) >= sizeof(start)) { + nserrGenerate(errp, ACLERRINVAL, ACLERR5610, ACL_Program, 2, XP_GetAdminStr(DBT_illegalComparatorForTimeOfDayDN_), comparator_string(comparator)); + return LAS_EVAL_INVALID; + } strncpy(start, pattern, dash-pattern); start[dash-pattern]='\0'; intstart = atoi(start); + if (strlen(dash+1) >= sizeof(end)) { + nserrGenerate(errp, ACLERRINVAL, ACLERR5610, ACL_Program, 2, XP_GetAdminStr(DBT_illegalComparatorForTimeOfDayDN_), comparator_string(comparator)); + return LAS_EVAL_INVALID; + } strcpy(end, dash+1); intend = atoi(end); From fedora-directory-commits at redhat.com Tue Apr 11 02:14:56 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Mon, 10 Apr 2006 19:14:56 -0700 Subject: [Fedora-directory-commits] ldapserver/lib/libadmin authdb.c, 1.5, 1.6 Message-ID: <200604110215.k3B2Eu8p008577@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/lib/libadmin In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8136/ldapserver/lib/libadmin Modified Files: authdb.c Log Message: Bug(s) fixed: 186280 Bug Description: ldapserver: Close potential security vulnerabilities in CGI code Reviewed by: Nathan, Noriko, and Pete (Thanks!) Fix Description: Clean up usage of sprintf, strcpy, fgets instead of gets, fixed buffer usage, etc., mostly in the CGI code and other user facing code (i.e. setup). Also, Steve Grubb told me about a GCC trick to force it to check printf style varargs functions, to check the format string against the argument string, for type mismatches, missing arguments, and too many arguments. In the CGI form argument parsing code, we needed to be more careful about checking for bad input - good input is supposed to look like this: name=value&name=value&..... &name=value. I don't think the original code was checking properly for something like name&name=value. There was another place where we were not checking to see if a buffer had enough room before appending a string to it. I had to change a couple of functions to allow passing in the size of the buffer. Fixed some issues raised by Noriko and Nathan. Platforms tested: RHEL4 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: authdb.c =================================================================== RCS file: /cvs/dirsec/ldapserver/lib/libadmin/authdb.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- authdb.c 19 Apr 2005 22:07:53 -0000 1.5 +++ authdb.c 11 Apr 2006 02:14:54 -0000 1.6 @@ -60,11 +60,13 @@ #ifdef USE_ADMSERV char *tmp = getenv("NETSITE_ROOT"); - sprintf(line, "%s%cuserdb", tmp, FILE_PATHSEP); + snprintf(line, sizeof(line), "%s%cuserdb", tmp, FILE_PATHSEP); + line[sizeof(line)-1] = 0; #else char *tmp = get_mag_var("#ServerRoot"); - sprintf(line, "%s%cadmin%cuserdb", tmp, FILE_PATHSEP, FILE_PATHSEP); + snprintf(line, sizeof(line), "%s%cadmin%cuserdb", tmp, FILE_PATHSEP, FILE_PATHSEP); + line[sizeof(line)-1] = 0; #endif userdb = STRDUP(line); return userdb; From fedora-directory-commits at redhat.com Tue Apr 11 02:14:57 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Mon, 10 Apr 2006 19:14:57 -0700 Subject: [Fedora-directory-commits] ldapserver/lib/libsi18n acclanglist.c, 1.5, 1.6 makstrdb.c, 1.6, 1.7 Message-ID: <200604110214.k3B2Evim008582@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/lib/libsi18n In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8136/ldapserver/lib/libsi18n Modified Files: acclanglist.c makstrdb.c Log Message: Bug(s) fixed: 186280 Bug Description: ldapserver: Close potential security vulnerabilities in CGI code Reviewed by: Nathan, Noriko, and Pete (Thanks!) Fix Description: Clean up usage of sprintf, strcpy, fgets instead of gets, fixed buffer usage, etc., mostly in the CGI code and other user facing code (i.e. setup). Also, Steve Grubb told me about a GCC trick to force it to check printf style varargs functions, to check the format string against the argument string, for type mismatches, missing arguments, and too many arguments. In the CGI form argument parsing code, we needed to be more careful about checking for bad input - good input is supposed to look like this: name=value&name=value&..... &name=value. I don't think the original code was checking properly for something like name&name=value. There was another place where we were not checking to see if a buffer had enough room before appending a string to it. I had to change a couple of functions to allow passing in the size of the buffer. Fixed some issues raised by Noriko and Nathan. Platforms tested: RHEL4 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: acclanglist.c =================================================================== RCS file: /cvs/dirsec/ldapserver/lib/libsi18n/acclanglist.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- acclanglist.c 19 Apr 2005 22:07:54 -0000 1.5 +++ acclanglist.c 11 Apr 2006 02:14:54 -0000 1.6 @@ -200,6 +200,7 @@ /* Add current language for future appending.,make sure it's not on list */ if ((strlen(curLanguageList[i]) > 2) && (curLanguageList[i][2] == '_')) { strncpy(lang, curLanguageList[i], 2); + lang[sizeof(lang)-1] = 0; for (k = 0; (k < index) && strcmp(AcceptLanguageList[k], lang); k++); if (k != index) lang[0] = '\0'; Index: makstrdb.c =================================================================== RCS file: /cvs/dirsec/ldapserver/lib/libsi18n/makstrdb.c,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- makstrdb.c 19 Apr 2005 22:07:54 -0000 1.6 +++ makstrdb.c 11 Apr 2006 02:14:54 -0000 1.7 @@ -119,7 +119,6 @@ char* cptr; RESOURCE_TABLE* table; NSRESHANDLE hresdb; - char DBTlibraryName[128]; /* Creating database */ hresdb = NSResCreateTable(DATABASE_NAME, NULL); @@ -189,7 +188,7 @@ */ src = table->str; dest = buffer; - while (*src) { + while (*src && (sizeof(buffer) > (dest-buffer))) { if (*src < 0x20) { strcpy(dest,"\\u00"); dest += 4; From fedora-directory-commits at redhat.com Tue Apr 11 02:14:28 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Mon, 10 Apr 2006 19:14:28 -0700 Subject: [Fedora-directory-commits] ldapserver/config pathsub.h,1.4,1.5 Message-ID: <200604110214.k3B2EwxS008585@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/config In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8136/ldapserver/config Modified Files: pathsub.h Log Message: Bug(s) fixed: 186280 Bug Description: ldapserver: Close potential security vulnerabilities in CGI code Reviewed by: Nathan, Noriko, and Pete (Thanks!) Fix Description: Clean up usage of sprintf, strcpy, fgets instead of gets, fixed buffer usage, etc., mostly in the CGI code and other user facing code (i.e. setup). Also, Steve Grubb told me about a GCC trick to force it to check printf style varargs functions, to check the format string against the argument string, for type mismatches, missing arguments, and too many arguments. In the CGI form argument parsing code, we needed to be more careful about checking for bad input - good input is supposed to look like this: name=value&name=value&..... &name=value. I don't think the original code was checking properly for something like name&name=value. There was another place where we were not checking to see if a buffer had enough room before appending a string to it. I had to change a couple of functions to allow passing in the size of the buffer. Fixed some issues raised by Noriko and Nathan. Platforms tested: RHEL4 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: pathsub.h =================================================================== RCS file: /cvs/dirsec/ldapserver/config/pathsub.h,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- pathsub.h 19 Apr 2005 22:06:42 -0000 1.4 +++ pathsub.h 11 Apr 2006 02:14:25 -0000 1.5 @@ -61,7 +61,12 @@ extern char *program; -extern void fail(char *format, ...); +extern void fail(char *format, ...) +#ifdef __GNUC__ + __attribute__ ((format (printf, 1, 2))); +#else + ; +#endif extern char *getcomponent(char *path, char *name); extern char *ino2name(ino_t ino, char *dir); extern void *xmalloc(size_t size); From fedora-directory-commits at redhat.com Tue Apr 11 02:14:33 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Mon, 10 Apr 2006 19:14:33 -0700 Subject: [Fedora-directory-commits] ldapserver/include/base ereport.h, 1.6, 1.7 util.h, 1.6, 1.7 Message-ID: <200604110215.k3B2F3RA008593@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/include/base In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8136/ldapserver/include/base Modified Files: ereport.h util.h Log Message: Bug(s) fixed: 186280 Bug Description: ldapserver: Close potential security vulnerabilities in CGI code Reviewed by: Nathan, Noriko, and Pete (Thanks!) Fix Description: Clean up usage of sprintf, strcpy, fgets instead of gets, fixed buffer usage, etc., mostly in the CGI code and other user facing code (i.e. setup). Also, Steve Grubb told me about a GCC trick to force it to check printf style varargs functions, to check the format string against the argument string, for type mismatches, missing arguments, and too many arguments. In the CGI form argument parsing code, we needed to be more careful about checking for bad input - good input is supposed to look like this: name=value&name=value&..... &name=value. I don't think the original code was checking properly for something like name&name=value. There was another place where we were not checking to see if a buffer had enough room before appending a string to it. I had to change a couple of functions to allow passing in the size of the buffer. Fixed some issues raised by Noriko and Nathan. Platforms tested: RHEL4 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: ereport.h =================================================================== RCS file: /cvs/dirsec/ldapserver/include/base/ereport.h,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- ereport.h 19 Apr 2005 22:06:44 -0000 1.6 +++ ereport.h 11 Apr 2006 02:14:26 -0000 1.7 @@ -60,7 +60,12 @@ * the current date. */ -NSAPI_PUBLIC int INTereport(int degree, char *fmt, ...); +NSAPI_PUBLIC int INTereport(int degree, char *fmt, ...) +#ifdef __GNUC__ + __attribute__ ((format (printf, 2, 3))); +#else + ; +#endif NSAPI_PUBLIC int INTereport_v(int degree, char *fmt, va_list args); NSPR_END_EXTERN_C Index: util.h =================================================================== RCS file: /cvs/dirsec/ldapserver/include/base/util.h,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- util.h 19 Apr 2005 22:06:44 -0000 1.6 +++ util.h 11 Apr 2006 02:14:26 -0000 1.7 @@ -67,12 +67,22 @@ NSAPI_PUBLIC int INTutil_vsprintf(char *s, register const char *fmt, va_list args); -NSAPI_PUBLIC int INTutil_sprintf(char *s, const char *fmt, ...); +NSAPI_PUBLIC int INTutil_sprintf(char *s, const char *fmt, ...) +#ifdef __GNUC__ + __attribute__ ((format (printf, 2, 3))); +#else + ; +#endif NSAPI_PUBLIC int INTutil_vsnprintf(char *s, int n, register const char *fmt, va_list args); -NSAPI_PUBLIC int INTutil_snprintf(char *s, int n, const char *fmt, ...); +NSAPI_PUBLIC int INTutil_snprintf(char *s, int n, const char *fmt, ...) +#ifdef __GNUC__ + __attribute__ ((format (printf, 3, 4))); +#else + ; +#endif NSAPI_PUBLIC int INTutil_strftime(char *s, const char *format, const struct tm *t); From fedora-directory-commits at redhat.com Tue Apr 11 02:14:35 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Mon, 10 Apr 2006 19:14:35 -0700 Subject: [Fedora-directory-commits] ldapserver/ldap/clients/dsgw cgiutil.c, 1.6, 1.7 ckdel.c, 1.4, 1.5 ckdump.c, 1.4, 1.5 ckget.c, 1.4, 1.5 ckpurge.c, 1.4, 1.5 ckput.c, 1.4, 1.5 config.c, 1.5, 1.6 cookie.c, 1.5, 1.6 dbtdsgw.h, 1.4, 1.5 domodify.c, 1.5, 1.6 dsexpldif.c, 1.4, 1.5 dsgw.h, 1.6, 1.7 dsgwutil.c, 1.5, 1.6 dsimpldif.c, 1.4, 1.5 emitf.c, 1.4, 1.5 entrydisplay.c, 1.5, 1.6 htmlparse.c, 1.4, 1.5 ldaputil.c, 1.4, 1.5 templateindex.c, 1.4, 1.5 tutor.c, 1.4, 1.5 Message-ID: <200604110215.k3B2F5QZ008603@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/clients/dsgw In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8136/ldapserver/ldap/clients/dsgw Modified Files: cgiutil.c ckdel.c ckdump.c ckget.c ckpurge.c ckput.c config.c cookie.c dbtdsgw.h domodify.c dsexpldif.c dsgw.h dsgwutil.c dsimpldif.c emitf.c entrydisplay.c htmlparse.c ldaputil.c templateindex.c tutor.c Log Message: Bug(s) fixed: 186280 Bug Description: ldapserver: Close potential security vulnerabilities in CGI code Reviewed by: Nathan, Noriko, and Pete (Thanks!) Fix Description: Clean up usage of sprintf, strcpy, fgets instead of gets, fixed buffer usage, etc., mostly in the CGI code and other user facing code (i.e. setup). Also, Steve Grubb told me about a GCC trick to force it to check printf style varargs functions, to check the format string against the argument string, for type mismatches, missing arguments, and too many arguments. In the CGI form argument parsing code, we needed to be more careful about checking for bad input - good input is supposed to look like this: name=value&name=value&..... &name=value. I don't think the original code was checking properly for something like name&name=value. There was another place where we were not checking to see if a buffer had enough room before appending a string to it. I had to change a couple of functions to allow passing in the size of the buffer. Fixed some issues raised by Noriko and Nathan. Platforms tested: RHEL4 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: cgiutil.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/clients/dsgw/cgiutil.c,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- cgiutil.c 4 May 2005 16:37:27 -0000 1.6 +++ cgiutil.c 11 Apr 2006 02:14:32 -0000 1.7 @@ -236,7 +236,7 @@ if ( required == DSGW_CGIVAR_REQUIRED && ans == NULL ) { char errbuf[ 256 ]; - PR_snprintf( errbuf, 256, + PR_snprintf( errbuf, sizeof(errbuf), XP_GetClientStr(DBT_missingFormDataElement100s_), varname ); dsgw_error( DSGW_ERR_BADFORMDATA, errbuf, DSGW_ERROPT_EXIT, 0, NULL ); } @@ -325,21 +325,24 @@ vars++; ans = (char **) dsgw_ch_malloc((sizeof(char *)) * (vars+1)); - - x=0; - /* strtok() is not MT safe, but it is okay to call here because it is used in monothreaded env */ - tmp = strtok(in, "&"); - ans[x]=dsgw_ch_strdup(tmp); - dsgw_form_unescape(ans[x++]); - - while((tmp = strtok(NULL, "&"))) { - if ( strchr( tmp, '=' ) == NULL ) { - break; + if (ans) { + x=0; + /* strtok() is not MT safe, but it is okay to call here because it is used in monothreaded env */ + tmp = strtok(in, "&"); + if (tmp && *tmp && strchr(tmp, '=')) { + ans[x]=dsgw_ch_strdup(tmp); + dsgw_form_unescape(ans[x++]); + + while((x <= vars) && (tmp = strtok(NULL, "&"))) { + if ( strchr( tmp, '=' ) == NULL ) { + break; + } + ans[x] = dsgw_ch_strdup(tmp); + dsgw_form_unescape(ans[x++]); + } + } + ans[x] = NULL; } - ans[x] = dsgw_ch_strdup(tmp); - dsgw_form_unescape(ans[x++]); - } - ans[x] = NULL; return(ans); } Index: ckdel.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/clients/dsgw/ckdel.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- ckdel.c 19 Apr 2005 22:07:01 -0000 1.4 +++ ckdel.c 11 Apr 2006 02:14:32 -0000 1.5 @@ -45,12 +45,16 @@ main( int argc, char **argv) { char cookie[ 512 ]; + char *ptr; int rc; printf( "Remove an entry to the cookie database\n" ); printf( "cookie: " ); - gets( cookie ); + fgets( cookie, sizeof(cookie), stdin ); + if (ptr = strchr(cookie, '\n')) { + *ptr = 0; + } rc = dsgw_delcookie( cookie ); if ( rc == 0 ) { Index: ckdump.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/clients/dsgw/ckdump.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- ckdump.c 19 Apr 2005 22:07:01 -0000 1.4 +++ ckdump.c 11 Apr 2006 02:14:32 -0000 1.5 @@ -44,12 +44,6 @@ main() { - char *p; - time_t expires; - char dn[ 512 ]; - char pw[ 512 ]; - char expsec[ 512 ]; - #ifdef notdef /* this was some testing code... */ { char *ck, *r, *d, *p; Index: ckget.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/clients/dsgw/ckget.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- ckget.c 19 Apr 2005 22:07:01 -0000 1.4 +++ ckget.c 11 Apr 2006 02:14:32 -0000 1.5 @@ -55,9 +55,15 @@ printf( "Retrieve an entry from the cookie database\n" ); printf( "cookie: " ); - gets( cookie ); + fgets( cookie, sizeof(cookie), stdin ); + if (p = strchr(cookie, '\n')) { + *p = 0; + } printf( "dn: " ); - gets( dn ); + fgets( dn, sizeof(dn), stdin ); + if (p = strchr(dn, '\n')) { + *p = 0; + } rc = dsgw_ckdn2passwd( cookie, dn, &pw ); if ( rc == 0 ) { Index: ckpurge.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/clients/dsgw/ckpurge.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- ckpurge.c 19 Apr 2005 22:07:01 -0000 1.4 +++ ckpurge.c 11 Apr 2006 02:14:32 -0000 1.5 @@ -44,11 +44,6 @@ main() { - char *p; - time_t expires; - char dn[ 512 ]; - char pw[ 512 ]; - char expsec[ 512 ]; int np = 0; time_t last; FILE *fp; Index: ckput.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/clients/dsgw/ckput.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- ckput.c 19 Apr 2005 22:07:01 -0000 1.4 +++ ckput.c 11 Apr 2006 02:14:32 -0000 1.5 @@ -59,17 +59,18 @@ SEC_RNGInit(); SEC_SystemInfoForRNG(); + dn[0] = pw[0] = lifesec[0] = 0; if ( argc > 1 ) { while (( c = getopt( argc, argv, "d:l:p:" )) != EOF ) { switch ( c ) { case 'd': - strcpy( dn, optarg ); + PL_strncpyz( dn, optarg, sizeof(dn) ); break; case 'l': - strcpy( lifesec, optarg ); + PL_strncpyz( lifesec, optarg, sizeof(lifesec) ); break; case 'p': - strcpy( pw, optarg ); + PL_strncpyz( pw, optarg, sizeof(pw) ); break; } } @@ -77,11 +78,20 @@ if ( strlen( dn ) == 0 || strlen( pw ) == 0 || strlen( lifesec ) == 0 ) { printf( "dn: " ); - gets( dn ); + fgets( dn, sizeof(dn), stdin ); + if (p = strchr(dn, '\n')) { + *p = 0; + } printf( "passwd: " ); - gets( pw ); + fgets( pw, sizeof(pw), stdin ); + if (p = strchr(pw, '\n')) { + *p = 0; + } printf( "expires in how many seconds? " ); - gets( lifesec ); + fgets( lifesec, sizeof(lifesec), stdin ); + if (p = strchr(lifesec, '\n')) { + *p = 0; + } } lifetime = atol( lifesec ); Index: config.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/clients/dsgw/config.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- config.c 19 Apr 2005 22:07:02 -0000 1.5 +++ config.c 11 Apr 2006 02:14:32 -0000 1.6 @@ -298,22 +298,6 @@ read_dsgwconfig( fname, NULL, gc->gc_admserv, 0 ); free( fname ); -#if 0 - /* if necessary, try to set path to certificate database */ -#ifndef DSGW_NO_SSL - if ( gc->gc_ldapssl && gc->gc_securitypath == NULL ) { - if ( gc->gc_admserv ) { - if (( p = get_nsadm_var( "CertFile" )) != NULL ) { - gc->gc_securitypath = dsgw_ch_malloc( strlen( p ) + 4 ); - sprintf( gc->gc_securitypath, "%s.db", p ); - } - } else { - gc->gc_securitypath = DSGW_DEFSECURITYPATH; - } - } -#endif -#endif - if ( browser_ignores_acceptcharset() ) { set_dsgwcharset(); } else { @@ -379,7 +363,7 @@ if ( strstr( filename, "dsgw-l10n.conf" ) != NULL ) { return; /* ignore if it's dsgw-l10n.conf */ } - PR_snprintf( buf, MAXPATHLEN + 100, + PR_snprintf( buf, sizeof(buf), XP_GetClientStr(DBT_cannotOpenConfigFileSN_), filename ); dsgw_error( DSGW_ERR_BADCONFIG, buf, DSGW_ERROPT_EXIT, 0, NULL ); } @@ -978,7 +962,7 @@ return; } - PR_snprintf( tmpldif, 128, "%s.tmp", ldif); + PR_snprintf( tmpldif, sizeof(tmpldif), "%s.tmp", ldif); if ( (newfp = fopen( tmpldif, "w" )) == NULL ) { dsgw_emitf (XP_GetClientStr(DBT_AppSuffixCouldNotOpenTmpFileSN_), ldif); @@ -1199,7 +1183,7 @@ } /* read old dbswitch.conf contents */ - PR_snprintf( oldfname, MAXPATHLEN, "%s/%s", userdb_path, + PR_snprintf( oldfname, sizeof(oldfname), "%s/%s", userdb_path, DSGW_DBSWITCH_FILE ); if (( rc = dbconf_read_config_file( oldfname, &cip )) != LDAPU_SUCCESS ) { report_ldapu_error( rc, DSGW_ERR_BADCONFIG, erropts ); @@ -1207,10 +1191,10 @@ } /* write db info to new file, replacing information for "dbhandle" */ - PR_snprintf( newfname, MAXPATHLEN, "%s/%s", userdb_path, + PR_snprintf( newfname, sizeof(newfname), "%s/%s", userdb_path, DSGW_DBSWITCH_TMPFILE ); if (( newfp = fopen( newfname, "w" )) == NULL ) { - PR_snprintf( buf, MAXPATHLEN + 100, + PR_snprintf( buf, sizeof(buf), XP_GetClientStr(DBT_cannotOpenConfigFileSForWritingN_), newfname ); dsgw_error( DSGW_ERR_UPDATE_DBSWITCH, buf, erropts, 0, NULL ); return( -1 ); @@ -1693,7 +1677,7 @@ for ( token = strtok_quote( line, " \t" ); token != NULL; token = strtok_quote( NULL, " \t" ) ) { if ( *argcp == MAXARGS ) { - PR_snprintf( buf, 20, + PR_snprintf( buf, sizeof(buf), XP_GetClientStr(DBT_maxD_), MAXARGS ); dsgw_error( DSGW_ERR_CONFIGTOOMANYARGS, buf, DSGW_ERROPT_EXIT, 0, NULL ); Index: cookie.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/clients/dsgw/cookie.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- cookie.c 19 Apr 2005 22:07:02 -0000 1.5 +++ cookie.c 11 Apr 2006 02:14:32 -0000 1.6 @@ -144,8 +144,8 @@ PK11_ConfigurePKCS11(NULL, NULL, tokDes, ptokDes, NULL, NULL, NULL, NULL, 0, 0 ); /*NSS_NoDB_Init(NULL);*/ dsgw_initNSS(); - PK11_GenerateRandom(buf, RNDBUFLEN); - return( buf2str( buf, RNDBUFLEN )); + PK11_GenerateRandom(buf, sizeof(buf)); + return( buf2str( buf, sizeof(buf) )); } @@ -162,7 +162,7 @@ #define F_OK 0 #endif #endif - sprintf(cdb, "%s.%s", DSGW_COOKIEDB_FNAME, context); + PR_snprintf(cdb, sizeof(cdb), "%s.%s", DSGW_COOKIEDB_FNAME, context); if ( access( cdb, F_OK ) == 0 ) { fp = fopen( cdb, "r+" ); @@ -253,7 +253,7 @@ } for (;;) { - if ( fgets( buf, CKBUFSIZ, fp ) == NULL ) { + if ( fgets( buf, sizeof(buf), fp ) == NULL ) { dsgw_closecookiedb( fp ); #ifdef DSGW_DEBUG dsgw_log( "dsgw_ckdn2passwd: cookie <%s> not found in db\n", @@ -433,14 +433,14 @@ if (( fp = dsgw_opencookiedb()) == NULL ) { return -1; } - fgets( buf, CKBUFSIZ, fp ); + fgets( buf, sizeof(buf), fp ); if ( strncmp( buf, "lastpurge:", 10 )) { dsgw_closecookiedb( fp ); return -1; } rc = DSGW_CKDB_KEY_NOT_PRESENT; for (;;) { - if ( fgets( buf, CKBUFSIZ, fp ) == NULL ) { + if ( fgets( buf, sizeof(buf), fp ) == NULL ) { break; } if ( strncmp( buf, rndstr, CKLEN )) { @@ -513,7 +513,7 @@ pos = ftell( fp ); fseek( fp, 0L, SEEK_SET ); - fgets( buf, CKBUFSIZ, fp ); + fgets( buf, sizeof(buf), fp ); if ( strncmp( buf, "lastpurge:", 10 )) { ret = (time_t) 0L; } else { @@ -553,7 +553,7 @@ size_t csize; /* current size of file */ char cdb[MAXPATHLEN]; /*DSGW_COOKIEDB_FNAME + context*/ - sprintf(cdb, "%s.%s", DSGW_COOKIEDB_FNAME, context); + PR_snprintf(cdb, sizeof(cdb), "%s.%s", DSGW_COOKIEDB_FNAME, context); if (( fp = dsgw_opencookiedb()) == NULL ) { return -1; @@ -576,10 +576,11 @@ char *p; char *dbdn; int nukeit; + size_t maxlen = sizeof(expbuf); nukeit = 0; - if ( fgets( buf, CKBUFSIZ, fp ) == NULL ) { + if ( fgets( buf, sizeof(buf), fp ) == NULL ) { break; } if ( strncmp( buf, "lastpurge:", 10 ) == 0 ) { @@ -596,8 +597,13 @@ dsgw_closecookiedb( fp ); return -1; } - strncpy( expbuf, exp, p - exp ); - expbuf[ p - exp ] = '\0'; + if ((p - exp) < maxlen) { + maxlen = p - exp; + } else { + maxlen--; /* need a length, not a count */ + } + strncpy( expbuf, exp, maxlen ); + expbuf[ maxlen ] = '\0'; time( &now ); /* Get the entry's DN */ @@ -678,7 +684,7 @@ return; } - if ( fgets( buf, CKBUFSIZ, fp ) == NULL ) { + if ( fgets( buf, sizeof(buf), fp ) == NULL ) { dsgw_closecookiedb( fp ); printf( "Cookie database is empty (no lastpurge line)\n" ); return; @@ -686,8 +692,9 @@ puts( buf ); for (;;) { + size_t maxlen = sizeof(expbuf); char *p; - if ( fgets( buf, CKBUFSIZ, fp ) == NULL ) { + if ( fgets( buf, sizeof(buf), fp ) == NULL ) { dsgw_closecookiedb( fp ); printf( "%d entries, %d expired\n", total, expired ); return; @@ -702,8 +709,13 @@ return; } printf( "%s", buf ); - strncpy( expbuf, exp, p - exp + 1 ); - expbuf[ p - exp + 1 ] = '\0'; + if ((p - exp + 1) < maxlen) { + maxlen = p - exp + 1; + } else { + maxlen--; /* need a length, not a count */ + } + strncpy( expbuf, exp, maxlen ); + expbuf[ maxlen ] = '\0'; time( &now ); total++; if ( now > atol( expbuf )) { @@ -752,6 +764,7 @@ return NULL; } + /* richm: replace with PR_smprintf */ ckbuf = dsgw_ch_malloc( strlen( DSGW_CKHDR ) + strlen( r ) + strlen( edn ) + strlen( DSGW_AUTHCKNAME ) + 2 + 20 ); ckbuf[ 0 ] = '\0'; @@ -770,26 +783,6 @@ -#if 0 -/* - * Given a time_t, return a GMTString representation of that time. - */ -char * -dsgw_t2gmts( time_t cktime ) -{ - time_t tnl; - struct tm *pt; -#define TBUFSIZE 40 - char tbuf[ TBUFSIZE ]; - - tnl = time( NULL ); - pt = gmtime( &tnl ); - (void)strftime( tbuf, (size_t)TBUFSIZE, "%A, %d-%b-%y %T GMT", pt); - return( dsgw_ch_strdup( tbuf )); -} -#endif - - /* * Password obfuscation, etc. * There is no real security here -- we just encrypt using a hard-coded key. Index: dbtdsgw.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/clients/dsgw/dbtdsgw.h,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- dbtdsgw.h 19 Apr 2005 22:07:02 -0000 1.4 +++ dbtdsgw.h 11 Apr 2006 02:14:32 -0000 1.5 @@ -463,5 +463,6 @@ ResDef( DBT_missingArgumentForOrgChartURLDirectiv_, 412, "Missing argument for \"url-orgchart-base\" directive\n" )/*extracted from config.c*/ ResDef( DBT_missingArgumentForOrgChartSearchAttr_ , 413, "Missing argument for \"orgchart-attrib-farleft-rdn\" directive\n" )/*extracted from config.c*/ ResDef( DBT_theCharsetIsNotSupported , 414, "The charset is not supported\n" ) + ResDef( DBT_invalidTemplateVarLen, 415, "The string length %d of template variable \"%s\" is too long\n" ) END_STR(dsgw) Index: domodify.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/clients/dsgw/domodify.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- domodify.c 20 May 2005 15:52:43 -0000 1.5 +++ domodify.c 11 Apr 2006 02:14:32 -0000 1.6 @@ -153,7 +153,7 @@ } if ( !quiet ) { - PR_snprintf( buf, 256, + PR_snprintf( buf, sizeof(buf), XP_GetClientStr(DBT_SDirectoryEntry_), changedesc ); dsgw_html_begin( buf, 1 ); } else { @@ -413,7 +413,7 @@ entry_modify_or_add( LDAP *ld, char *dn, int add, int *pwdchangedp ) { int lderr, i, j, opoffset, modop, mls, unique, unchanged_count; - char *varname, *varvalue, *retval, *attr, *p, **vals, **unchanged_attrs; + char *varname, *varvalue, *attr, *p, **vals, **unchanged_attrs; char *ntuserid = NULL; LDAPMod **pmods; Index: dsexpldif.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/clients/dsgw/dsexpldif.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- dsexpldif.c 19 Apr 2005 22:07:02 -0000 1.4 +++ dsexpldif.c 11 Apr 2006 02:14:32 -0000 1.5 @@ -124,14 +124,14 @@ if (gc->gc_localdbconf == NULL) { /* remote */ - PR_snprintf (cmd, BIG_LINE, + PR_snprintf (cmd, sizeof(cmd), "./%s -b \"%s\" -h %s -p %d \"objectclass=*\" > %s 2> %s", DSGW_LDAPSEARCH, gc->gc_ldapsearchbase, gc->gc_ldapserver, gc->gc_ldapport, ldiffile, DSGW_NULL_DEVICE); } else { /* local database */ - PR_snprintf (cmd, BIG_LINE, + PR_snprintf (cmd, sizeof(cmd), "./%s -b \"\" -C %s \"objectclass=*\" > %s 2> %s", DSGW_LDAPSEARCH, gc->gc_localdbconf, ldiffile, DSGW_NULL_DEVICE); } Index: dsgw.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/clients/dsgw/dsgw.h,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- dsgw.h 20 May 2005 15:52:43 -0000 1.6 +++ dsgw.h 11 Apr 2006 02:14:32 -0000 1.7 @@ -825,7 +825,12 @@ int dsgw_parse_cookie( char *cookie, char **rndstr, char **dn ); char *dsgw_getvp( int cginum ); #ifdef DSGW_DEBUG -void dsgw_log( char *fmt, ... ); +void dsgw_log( char *fmt, ... ) +#ifdef __GNUC__ + __attribute__ ((format (printf, 1, 2))); +#else + ; +#endif void dsgw_logstringarray( char *arrayname, char **strs ); void dsgw_log_out (const char* s, size_t n); #else @@ -875,16 +880,36 @@ void dsgw_strcat_escaped( char *s1, const char *s2 ); char *dsgw_strdup_escaped( const char *s ); void dsgw_substitute_and_output( char *s, char *tag, char *value, int escape ); -void dsgw_form_begin( const char* name, const char* format, ... ); +void dsgw_form_begin( const char* name, const char* format, ... ) +#ifdef __GNUC__ + __attribute__ ((format (printf, 2, 3))); +#else + ; +#endif char *dsgw_strdup_with_entities( char *s, int *madecopyp ); void dsgw_HTML_emits( char * ); void dsgw_emit_cgi_var( int argc, char **argv ); -void dsgw_emit_button( int argc, char **argv, const char* format, ... ); +void dsgw_emit_button( int argc, char **argv, const char* format, ... ) +#ifdef __GNUC__ + __attribute__ ((format (printf, 3, 4))); +#else + ; +#endif void dsgw_emit_alertForm(); -void dsgw_emit_alert( const char* frame, const char* windowOptions, const char* fmt, ... ); +void dsgw_emit_alert( const char* frame, const char* windowOptions, const char* fmt, ... ) +#ifdef __GNUC__ + __attribute__ ((format (printf, 3, 4))); +#else + ; +#endif void dsgw_emit_confirmForm(); void dsgw_emit_confirm( const char* frame, const char* yes, const char* no, - const char* windowOptions, int enquote, const char* fmt, ... ); + const char* windowOptions, int enquote, const char* fmt, ... ) +#ifdef __GNUC__ + __attribute__ ((format (printf, 6, 7))); +#else + ; +#endif /* * in htmlparse.c: @@ -983,7 +1008,12 @@ * in emitf.c */ int dsgw_emits (const char* s); /* like fputs(s, stdout) */ -int dsgw_emitf (const char* format, ...); /* like printf */ +int dsgw_emitf (const char* format, ...) /* like printf */ +#ifdef __GNUC__ + __attribute__ ((format (printf, 1, 2))); +#else + ; +#endif int dsgw_emitfv (const char* format, va_list argl); char* dsgw_emit_converts_to (char* charset); int is_UTF_8 (const char* charset); @@ -995,7 +1025,12 @@ void dsgw_quotation_begin (int kind); void dsgw_quotation_end(); int dsgw_quote_emits (int kind, const char* s); -int dsgw_quote_emitf (int kind, const char* format, ...); +int dsgw_quote_emitf (int kind, const char* format, ...) +#ifdef __GNUC__ + __attribute__ ((format (printf, 2, 3))); +#else + ; +#endif /* * in collate.c Index: dsgwutil.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/clients/dsgw/dsgwutil.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- dsgwutil.c 19 Apr 2005 22:07:02 -0000 1.5 +++ dsgwutil.c 11 Apr 2006 02:14:32 -0000 1.6 @@ -927,7 +927,7 @@ #endif install_dir = getenv("NETSITE_ROOT"); if (install_dir != NULL) { - sprintf(tmp_log, "%s/tmp/dsgw", install_dir); + PR_snprintf(tmp_log, sizeof(tmp_log), "%s/tmp/dsgw", install_dir); #if defined( XP_WIN32 ) for(ilen=0; ilen < strlen(tmp_log); ilen++) { @@ -937,15 +937,15 @@ #endif /* XP_WIN32 */ } else { #if defined( XP_WIN32 ) - ilen = strlen(tmp_dir); GetTempPath( ilen+1, tmp_dir ); + ilen = strlen(tmp_dir); /* Remove trailing slash. */ pch = tmp_dir[ilen-1]; if( pch == '\\' || pch == '/' ) tmp_dir[ilen-1] = '\0'; - sprintf(tmp_log, "%s\\DSGW", tmp_dir); + PR_snprintf(tmp_log, sizeof(tmp_log), "%s\\DSGW", tmp_dir); #else - sprintf(tmp_log, "/tmp/dsgw"); + PR_snprintf(tmp_log, sizeof(tmp_log), "/tmp/dsgw"); #endif } return tmp_log; @@ -964,7 +964,7 @@ #else "%s/%.50s.out"; #endif - PR_snprintf( fname, 256, format, dsgw_get_tmp_log_dir(), progname ); + PR_snprintf( fname, sizeof(fname), format, dsgw_get_tmp_log_dir(), progname ); log_out_fp = fopen( fname, "w" ); } if (log_out_fp != NULL) { @@ -996,14 +996,14 @@ #else "%s/%.50s"; #endif - PR_snprintf( fname, 256, format, dsgw_get_tmp_log_dir(), progname ); + PR_snprintf( fname, sizeof(fname), format, dsgw_get_tmp_log_dir(), progname ); if (( logfp = fopen( fname, "a+" )) == NULL ) { return; } } - memcpy( timebuf, ctime( &t ), 19 ); - timebuf[ 19 ] = '\0'; + memcpy( timebuf, ctime( &t ), sizeof(timebuf)-1 ); + timebuf[ sizeof(timebuf)-1 ] = '\0'; fprintf( logfp, "%s %s: ", timebuf, progname ); va_start( ap, fmt ); @@ -1327,7 +1327,7 @@ } } for ( i=0 ; i=MAX_ACCEPT_LANGUAGE) break; /* quit if too many */ } cPtr = strtok(NULL,","); Index: dsimpldif.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/clients/dsgw/dsimpldif.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- dsimpldif.c 19 Apr 2005 22:07:02 -0000 1.4 +++ dsimpldif.c 11 Apr 2006 02:14:32 -0000 1.5 @@ -148,17 +148,17 @@ if (gc->gc_localdbconf == NULL) { /* remote */ - PR_snprintf (cmd, BIG_LINE, "./%s -a %s -h %s -p %d -f %s > %s 2>&1", + PR_snprintf (cmd, sizeof(cmd), "./%s -a %s -h %s -p %d -f %s > %s 2>&1", DSGW_LDAPMODIFY, stop?"":"-c",gc->gc_ldapserver, gc->gc_ldapport, ldiffile, DSGW_NULL_DEVICE); } else { /* local database */ - PR_snprintf (cmd, BIG_LINE, "./%s -a %s -C %s -f %s > %s 2>&1", + PR_snprintf (cmd, sizeof(cmd), "./%s -a %s -C %s -f %s > %s 2>&1", DSGW_LDAPMODIFY, stop?"":"-c", gc->gc_localdbconf, ldiffile, DSGW_NULL_DEVICE); } - PR_snprintf (path, BIG_LINE, "%s%s", userdb_path, DSGW_TOOLSDIR); + PR_snprintf (path, sizeof(path), "%s%s", userdb_path, DSGW_TOOLSDIR); chdir ( path ); fflush (stdout); if (system (cmd) == 0) { Index: emitf.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/clients/dsgw/emitf.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- emitf.c 19 Apr 2005 22:07:02 -0000 1.4 +++ emitf.c 11 Apr 2006 02:14:32 -0000 1.5 @@ -188,12 +188,12 @@ char deffmt[DEFFMTC]; char* fmt = deffmt; - size_t fmtc = DEFFMTC; + size_t fmtc = sizeof(deffmt); const char* next; const char* f; - char buf [1024]; + char buf [1024] = {0}; int i; i = count_slots (format); @@ -396,33 +396,33 @@ } /* produce a single argument */ switch (islot->type) { - case TYPE_I: PR_snprintf (buf, 1024, fmt, argv[islot->arg].i); break; - case TYPE_U: PR_snprintf (buf, 1024, fmt, argv[islot->arg].u); break; - case TYPE_F: PR_snprintf (buf, 1024, fmt, argv[islot->arg].f); break; - case TYPE_LI: PR_snprintf (buf, 1024, fmt, argv[islot->arg].li); break; - case TYPE_LU: PR_snprintf (buf, 1024, fmt, argv[islot->arg].lu); break; - case TYPE_LF: PR_snprintf (buf, 1024, fmt, argv[islot->arg].lf); break; - case TYPE_P: PR_snprintf (buf, 1024, fmt, argv[islot->arg].p); break; + case TYPE_I: PR_snprintf (buf, sizeof(buf), fmt, argv[islot->arg].i); break; + case TYPE_U: PR_snprintf (buf, sizeof(buf), fmt, argv[islot->arg].u); break; + case TYPE_F: PR_snprintf (buf, sizeof(buf), fmt, argv[islot->arg].f); break; + case TYPE_LI: PR_snprintf (buf, sizeof(buf), fmt, argv[islot->arg].li); break; + case TYPE_LU: PR_snprintf (buf, sizeof(buf), fmt, argv[islot->arg].lu); break; + case TYPE_LF: PR_snprintf (buf, sizeof(buf), fmt, argv[islot->arg].lf); break; + case TYPE_P: PR_snprintf (buf, sizeof(buf), fmt, argv[islot->arg].p); break; case TYPE_WIDTH: case TYPE_PRECISION: switch ((++islot)->type) { - case TYPE_I: PR_snprintf (buf, 1024, fmt, argv[islot->arg].i); break; - case TYPE_U: PR_snprintf (buf, 1024, fmt, argv[islot->arg].u); break; - case TYPE_F: PR_snprintf (buf, 1024, fmt, argv[islot->arg].f); break; - case TYPE_LI: PR_snprintf (buf, 1024, fmt, argv[islot->arg].li); break; - case TYPE_LU: PR_snprintf (buf, 1024, fmt, argv[islot->arg].lu); break; - case TYPE_LF: PR_snprintf (buf, 1024, fmt, argv[islot->arg].lf); break; - case TYPE_P: PR_snprintf (buf, 1024, fmt, argv[islot->arg].p); break; + case TYPE_I: PR_snprintf (buf, sizeof(buf), fmt, argv[islot->arg].i); break; + case TYPE_U: PR_snprintf (buf, sizeof(buf), fmt, argv[islot->arg].u); break; + case TYPE_F: PR_snprintf (buf, sizeof(buf), fmt, argv[islot->arg].f); break; + case TYPE_LI: PR_snprintf (buf, sizeof(buf), fmt, argv[islot->arg].li); break; + case TYPE_LU: PR_snprintf (buf, sizeof(buf), fmt, argv[islot->arg].lu); break; + case TYPE_LF: PR_snprintf (buf, sizeof(buf), fmt, argv[islot->arg].lf); break; + case TYPE_P: PR_snprintf (buf, sizeof(buf), fmt, argv[islot->arg].p); break; case TYPE_WIDTH: case TYPE_PRECISION: switch ((++islot)->type) { - case TYPE_I: PR_snprintf (buf, 1024, fmt, argv[islot->arg].i); break; - case TYPE_U: PR_snprintf (buf, 1024, fmt, argv[islot->arg].u); break; - case TYPE_F: PR_snprintf (buf, 1024, fmt, argv[islot->arg].f); break; - case TYPE_LI: PR_snprintf (buf, 1024, fmt, argv[islot->arg].li); break; - case TYPE_LU: PR_snprintf (buf, 1024, fmt, argv[islot->arg].lu); break; - case TYPE_LF: PR_snprintf (buf, 1024, fmt, argv[islot->arg].lf); break; - case TYPE_P: PR_snprintf (buf, 1024, fmt, argv[islot->arg].p); break; + case TYPE_I: PR_snprintf (buf, sizeof(buf), fmt, argv[islot->arg].i); break; + case TYPE_U: PR_snprintf (buf, sizeof(buf), fmt, argv[islot->arg].u); break; + case TYPE_F: PR_snprintf (buf, sizeof(buf), fmt, argv[islot->arg].f); break; + case TYPE_LI: PR_snprintf (buf, sizeof(buf), fmt, argv[islot->arg].li); break; + case TYPE_LU: PR_snprintf (buf, sizeof(buf), fmt, argv[islot->arg].lu); break; + case TYPE_LF: PR_snprintf (buf, sizeof(buf), fmt, argv[islot->arg].lf); break; + case TYPE_P: PR_snprintf (buf, sizeof(buf), fmt, argv[islot->arg].p); break; case TYPE_WIDTH: case TYPE_PRECISION: goto bail; /* how did this happen? */ case TYPE_PERCENT: @@ -647,7 +647,7 @@ s += slen; /* advance pointer to next unconverted chars */ /* convert as many chars from s as will fit in buf */ result = dsgw_convert(DSGW_FROM_UTF8, emit_converter, - &bufptr, CONVERT_BUFSIZE, &len, + &bufptr, sizeof(buf), &len, s, n, &slen, &err); /* write the converted chars to the output */ n = dsgw_emitq ((FILE*)parm, buf, len); @@ -661,34 +661,6 @@ return parm; } -#if 0 -static void -dsgw_convert (void* parm, const char* s, size_t n) - /* Transform the output, in a visually distinctive way. - This function is intended for testing, only. - */ -{ - while (parm && n > 0) { - const size_t len = LDAP_UTF8LEN(s); - if (len == 1 && *s >= '!' && *s <= '~') { /* ASCII */ - /* output the double-width variant of this character */ - unsigned c = (unsigned)*s - '!' + 0xFF01; - unsigned char buf[3]; - buf[2] = 0x80 | (c & 0x3F); c >>= 6; - buf[1] = 0x80 | (c & 0x3F); c >>= 6; - buf[0] = 0xE0 | (c & 0x0F); - parm = dsgw_emitn (parm, (char*)buf, 3); - } else { - parm = dsgw_emitn (parm, s, len); - } - if (parm) { - n -= len; - s += len; - } - } -} -#endif - int dsgw_emits (const char* s) /* This function works like fputs(s, stdout), except it Index: entrydisplay.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/clients/dsgw/entrydisplay.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- entrydisplay.c 20 May 2005 15:52:43 -0000 1.5 +++ entrydisplay.c 11 Apr 2006 02:14:32 -0000 1.6 @@ -239,7 +239,9 @@ static char *dsgw_time(time_t secs_since_1970); /* attribute syntax handler routines */ +#if NEEDED_FOR_DEBUGGING static void ntdomain_display( struct dsgw_attrdispinfo *adip ); +#endif static void ntuserid_display( struct dsgw_attrdispinfo *adip ); static void str_display( struct dsgw_attrdispinfo *adip ); static void str_edit( struct dsgw_attrdispinfo *adip ); @@ -1623,10 +1625,10 @@ memcpy( &iValue, bin_data.bv_val, sizeof( iValue ) ); if(( adip->adi_opts & DSGW_ATTROPT_DECIMAL ) != 0 ) - PR_snprintf( szFormat, 512, "%%lu" ); + PR_snprintf( szFormat, sizeof(szFormat), "%%lu" ); else - PR_snprintf( szFormat, 512, "%%#0%lu.%lux", bin_data.bv_len*2, bin_data.bv_len*2 ); - PR_snprintf( szFlags, 512, szFormat, iValue ); + PR_snprintf( szFormat, sizeof(szFormat), "%%#0%lu.%lux", bin_data.bv_len*2, bin_data.bv_len*2 ); + PR_snprintf( szFlags, sizeof(szFlags), szFormat, iValue ); fputs( szFlags, stdout ); @@ -1639,6 +1641,7 @@ } } +#if NEEDED_FOR_DEBUGGING /* * display handler for NT Domain Identifier string */ @@ -1671,7 +1674,7 @@ } } - +#endif /* @@ -3222,7 +3225,7 @@ } /* convert to utf8 */ - u_strToUTF8(obuf, BSIZ, NULL, dstr0, myStrlen, &err); + u_strToUTF8(obuf, sizeof(obuf), NULL, dstr0, myStrlen, &err); if (err != U_ZERO_ERROR) { dsgw_error( DSGW_ERR_LDAPGENERAL, NULL, DSGW_ERROPT_EXIT, err, NULL ); Index: htmlparse.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/clients/dsgw/htmlparse.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- htmlparse.c 19 Apr 2005 22:07:02 -0000 1.4 +++ htmlparse.c 11 Apr 2006 02:14:32 -0000 1.5 @@ -202,14 +202,14 @@ } else if ( parse_status != DSGW_PARSE_STATUS_NO_OUTPUT && !strcmp(templates[ index ].name + 1, "CONTEXT ")) { char line[ BIG_LINE ]; - PR_snprintf( line, BIG_LINE, templates[ index ].format, context); + PR_snprintf( line, sizeof(line), templates[ index ].format, context); dsgw_emits( line ); } else if ( parse_status != DSGW_PARSE_STATUS_NO_OUTPUT ) { /* I just can't believe there's no easy way to create * a va_list. */ char line[ BIG_LINE ]; - PR_snprintf( line, BIG_LINE, templates[ index ].format, + PR_snprintf( line, sizeof(line), templates[ index ].format, ( *argc > 0 && vars[ 0 ] != NULL ) ? vars[ 0 ]: "", ( *argc > 1 && vars[ 1 ] != NULL ) ? vars[ 1 ]: "", ( *argc > 2 && vars[ 2 ] != NULL ) ? vars[ 2 ]: "", @@ -377,14 +377,14 @@ dsgw_emits("
\n"); - util_snprintf(line, BIG_LINE, ""); + util_snprintf(line, sizeof(line), ""); dsgw_emits(line); - util_snprintf(line, BIG_LINE, "\n", XP_GetClientStr(DBT_ok_1)); dsgw_emits(outstr); } else { char outstr[256]; - PR_snprintf(outstr, 256, "\n", @@ -467,7 +467,7 @@ } { char outstr[256]; - PR_snprintf(outstr, 256, "\n", XP_GetClientStr(DBT_reset_)); dsgw_emits(outstr); @@ -489,12 +489,12 @@ dsgw_emits("
"); + util_snprintf(line, sizeof(line), ""); dsgw_emits(line); - util_snprintf(line, BIG_LINE, "
"); + util_snprintf(line, sizeof(line), "
"); dsgw_emits(line); - util_snprintf(line, BIG_LINE, "%s" + util_snprintf(line, sizeof(line), "%s" "
" "", ( argc > 0 ) ? argv[0] : "" ); dsgw_emits(line); @@ -399,7 +399,7 @@ char line[BIG_LINE]; dsgw_emits(""); dsgw_head_begin(); - util_snprintf(line, BIG_LINE, "\n%s\n" + util_snprintf(line, sizeof(line), "\n%s\n" "\n", ( argc > 0 ) ? argv[0] : "", dsgw_html_body_colors ); dsgw_emits(line); } @@ -411,10 +411,10 @@ char line[BIG_LINE]; if ( argc > 0 ) { - util_snprintf(line, BIG_LINE, "\n", dsgw_html_body_colors, + util_snprintf(line, sizeof(line), "\n", dsgw_html_body_colors, ( argc > 0 ) ? argv[0] : "" ); } else { - util_snprintf(line, BIG_LINE, "\n", dsgw_html_body_colors ); + util_snprintf(line, sizeof(line), "\n", dsgw_html_body_colors ); } dsgw_emits(line); @@ -451,14 +451,14 @@ if(!verify) { char outstr[256]; - PR_snprintf(outstr, 256, "		" + PR_snprintf(outstr, sizeof(outstr), "" "" "" + PR_snprintf(outstr, sizeof(outstr), "" "" "" + PR_snprintf(outstr, sizeof(outstr), "" "
"); - PR_snprintf(outstr, 256, "\n", XP_GetClientStr(DBT_done_)); dsgw_emits(outstr); - PR_snprintf(outstr, 256, "\n", XP_GetClientStr(DBT_cancel_2)); @@ -707,8 +707,19 @@ } } else { if ( isvar != -1 ) { - isvar += LDAP_UTF8COPY(scratch + isvar, string); - scratch[ isvar ] = '\0'; + /* check for scratch overflow */ + if ((strlen(string) + isvar) < sizeof(scratch)) { + isvar += LDAP_UTF8COPY(scratch + isvar, string); + scratch[ isvar ] = '\0'; + } else { + char msg[BUFSIZ]; + /* error - buffer overflow */ + PR_snprintf(msg, sizeof(msg), XP_GetClientStr(DBT_invalidTemplateVarLen), + strlen(string), string); + template_error(msg); + *argc = 0; + return NULL; + } } else { if ( *string == DIRECTIVE_END ) { break; Index: ldaputil.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/clients/dsgw/ldaputil.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- ldaputil.c 19 Apr 2005 22:07:02 -0000 1.4 +++ ldaputil.c 11 Apr 2006 02:14:32 -0000 1.5 @@ -50,6 +50,7 @@ #include #include #endif +#include "libadminutil/distadm.h" static dsgwtmplinfo *init_listdisplay( char *tmplname, unsigned long options ); static int do_search( dsgwtmplinfo *tip, LDAP *ld, char *base, int scope, @@ -1305,7 +1306,7 @@ *errsp = XP_GetClientStr(DBT_invalidUserIdOrNullLdapHandle_); return NULL; } - PR_snprintf( filtbuf, 85, "uid=%s", uid ); + PR_snprintf( filtbuf, sizeof(filtbuf), "uid=%s", uid ); if (( rc = ldap_search_s( ld, base, LDAP_SCOPE_SUBTREE, filtbuf, attrs, 1, &result )) != LDAP_SUCCESS ) { @@ -1423,10 +1424,10 @@ } if ( count > 1 ) { - util_snprintf( line, BIG_LINE, "%s\n\n", prefix, varname ); } else { - util_snprintf( line, BIG_LINE, " 1 ) { - util_snprintf( line, BIG_LINE, "\n%s\n", suffix ); + util_snprintf( line, sizeof(line), "\n%s\n", suffix ); dsgw_emits( line ); } @@ -1500,7 +1501,7 @@ } } - util_snprintf( line, BIG_LINE, " VALUE=\"%s\">%s\n", escapeddn, + util_snprintf( line, sizeof(line), " VALUE=\"%s\">%s\n", escapeddn, only_one ? "" : friendlyname ); free( escapeddn ); if ( rdns != NULL ) { Index: templateindex.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/clients/dsgw/templateindex.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- templateindex.c 19 Apr 2005 22:07:02 -0000 1.4 +++ templateindex.c 11 Apr 2006 02:14:32 -0000 1.5 @@ -63,11 +63,11 @@ if( ( dir == NULL ) || (strlen( dir ) == 0) ) return NULL; - if( ( ret = malloc( sizeof( char * ) ) ) == NULL ) + if( ( ret = malloc( sizeof( char * ) * 2 ) ) == NULL ) return NULL; - strcpy(szWildcardFileSpec, dir); - strcat(szWildcardFileSpec, "/*"); + PL_strncpyz(szWildcardFileSpec, dir, sizeof(szWildcardFileSpec)); + PL_strcatn(szWildcardFileSpec, sizeof(szWildcardFileSpec), "/*"); hFile = _findfirst( szWildcardFileSpec, &fileinfo); if( hFile == -1 ) Index: tutor.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/clients/dsgw/tutor.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- tutor.c 19 Apr 2005 22:07:03 -0000 1.4 +++ tutor.c 11 Apr 2006 02:14:32 -0000 1.5 @@ -124,7 +124,7 @@ *tmp='\0'; dsgw_emitf("\n", surl, sn, base); } - while( fgets(line, BIG_LINE, html)) { + while( fgets(line, sizeof(line), html)) { dsgw_emits( line ); } } @@ -210,7 +210,7 @@ map=fopen(man_index, "r"); if(!map) goto ohwell; - while(fgets(line, BIG_LINE, map)) { + while(fgets(line, sizeof(line), map)) { if(line[0]==';') continue; else if(ldap_utf8isspace(line)) From fedora-directory-commits at redhat.com Tue Apr 11 02:14:34 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Mon, 10 Apr 2006 19:14:34 -0700 Subject: [Fedora-directory-commits] ldapserver/ldap/admin/src cfg_sspt.c, 1.8, 1.9 create_instance.c, 1.26, 1.27 ds_remove_uninst.cpp, 1.6, 1.7 init_ds_env.c, 1.5, 1.6 instindex.cpp, 1.9, 1.10 Message-ID: <200604110215.k3B2F433008598@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/admin/src In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8136/ldapserver/ldap/admin/src Modified Files: cfg_sspt.c create_instance.c ds_remove_uninst.cpp init_ds_env.c instindex.cpp Log Message: Bug(s) fixed: 186280 Bug Description: ldapserver: Close potential security vulnerabilities in CGI code Reviewed by: Nathan, Noriko, and Pete (Thanks!) Fix Description: Clean up usage of sprintf, strcpy, fgets instead of gets, fixed buffer usage, etc., mostly in the CGI code and other user facing code (i.e. setup). Also, Steve Grubb told me about a GCC trick to force it to check printf style varargs functions, to check the format string against the argument string, for type mismatches, missing arguments, and too many arguments. In the CGI form argument parsing code, we needed to be more careful about checking for bad input - good input is supposed to look like this: name=value&name=value&..... &name=value. I don't think the original code was checking properly for something like name&name=value. There was another place where we were not checking to see if a buffer had enough room before appending a string to it. I had to change a couple of functions to allow passing in the size of the buffer. Fixed some issues raised by Noriko and Nathan. Platforms tested: RHEL4 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: cfg_sspt.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/cfg_sspt.c,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- cfg_sspt.c 16 Feb 2006 17:39:47 -0000 1.8 +++ cfg_sspt.c 11 Apr 2006 02:14:31 -0000 1.9 @@ -239,6 +239,12 @@ #ifdef CGI_DEBUG #include +static void debug_log (const char* file, const char* format, ...) +#ifdef __GNUC__ + __attribute__ ((format (printf, 2, 3))); +#else + ; +#endif static void debug_log (const char* file, const char* format, ...) @@ -375,6 +381,12 @@ list of strings to substitute in the format; basically just constructs the correct aci string and passes it to add_aci */ +int add_aci_v(LDAP* ld, char* DN, char* format, ...) +#ifdef __GNUC__ + __attribute__ ((format (printf, 3, 4))); +#else + ; +#endif int add_aci_v(LDAP* ld, char* DN, char* format, ...) { Index: create_instance.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/create_instance.c,v retrieving revision 1.26 retrieving revision 1.27 diff -u -r1.26 -r1.27 --- create_instance.c 16 Mar 2006 22:19:31 -0000 1.26 +++ create_instance.c 11 Apr 2006 02:14:31 -0000 1.27 @@ -145,6 +145,13 @@ #endif static char *make_error(char *fmt, ...) +#ifdef __GNUC__ + __attribute__ ((format (printf, 1, 2))); +#else + ; +#endif + +static char *make_error(char *fmt, ...) { static char errbuf[ERR_SIZE]; va_list args; @@ -661,6 +668,12 @@ #define chownsearch(a, b) #endif +char *gen_script(char *s_root, char *name, char *fmt, ...) +#ifdef __GNUC__ + __attribute__ ((format (printf, 3, 4))); +#else + ; +#endif char *gen_script(char *s_root, char *name, char *fmt, ...) { @@ -715,6 +728,12 @@ } char *gen_perl_script(char *s_root, char *cs_path, char *name, char *fmt, ...) +#ifdef __GNUC__ + __attribute__ ((format (printf, 4, 5))); +#else + ; +#endif +char *gen_perl_script(char *s_root, char *cs_path, char *name, char *fmt, ...) { char myperl[PATH_SIZE]; char fn[PATH_SIZE]; @@ -1356,8 +1375,7 @@ /* ---------------------- Update server script files ---------------------- */ int update_server(server_config_s *cf) { - char line[PATH_SIZE], *t, *sroot = cf->sroot; - char subdir[PATH_SIZE]; + char *t; char error_param[BIG_LINE] = {0}; #if defined( SOLARIS ) Index: ds_remove_uninst.cpp =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/ds_remove_uninst.cpp,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- ds_remove_uninst.cpp 2 Sep 2005 20:40:48 -0000 1.6 +++ ds_remove_uninst.cpp 11 Apr 2006 02:14:31 -0000 1.7 @@ -80,6 +80,13 @@ #include "setupapi.h" #define MAX_STR_SIZE 512 +static void dsLogMessage(const char *level, const char *which, + const char *format, ...) +#ifdef __GNUC__ + __attribute__ ((format (printf, 3, 4))); +#else + ; +#endif static InstallLog *installLog = NULL; Index: init_ds_env.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/init_ds_env.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- init_ds_env.c 19 Apr 2005 22:06:55 -0000 1.5 +++ init_ds_env.c 11 Apr 2006 02:14:31 -0000 1.6 @@ -48,6 +48,7 @@ #include "libadminutil/distadm.h" #include "init_ds_env.h" #include "dsalib.h" +#include "prprf.h" int init_ds_env() { Index: instindex.cpp =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/instindex.cpp,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- instindex.cpp 14 Mar 2006 17:13:38 -0000 1.9 +++ instindex.cpp 11 Apr 2006 02:14:31 -0000 1.10 @@ -55,7 +55,7 @@ #include /* --------------------------------- main --------------------------------- */ - +#if NEEDED_FOR_DEBUGGING static void printInfo(int argc, char *argv[], char *envp[], FILE* fp) { @@ -76,6 +76,7 @@ fprintf(fp, "#####################################\n"); } +#endif #if defined (__hpux) && defined (__ia64) int main(int argc, char *argv[], char *envp[]) From fedora-directory-commits at redhat.com Tue Apr 11 02:14:40 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Mon, 10 Apr 2006 19:14:40 -0700 Subject: [Fedora-directory-commits] ldapserver/ldap/clients/orgchart wrapper.c, 1.4, 1.5 Message-ID: <200604110215.k3B2FAWo008625@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/clients/orgchart In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8136/ldapserver/ldap/clients/orgchart Modified Files: wrapper.c Log Message: Bug(s) fixed: 186280 Bug Description: ldapserver: Close potential security vulnerabilities in CGI code Reviewed by: Nathan, Noriko, and Pete (Thanks!) Fix Description: Clean up usage of sprintf, strcpy, fgets instead of gets, fixed buffer usage, etc., mostly in the CGI code and other user facing code (i.e. setup). Also, Steve Grubb told me about a GCC trick to force it to check printf style varargs functions, to check the format string against the argument string, for type mismatches, missing arguments, and too many arguments. In the CGI form argument parsing code, we needed to be more careful about checking for bad input - good input is supposed to look like this: name=value&name=value&..... &name=value. I don't think the original code was checking properly for something like name&name=value. There was another place where we were not checking to see if a buffer had enough room before appending a string to it. I had to change a couple of functions to allow passing in the size of the buffer. Fixed some issues raised by Noriko and Nathan. Platforms tested: RHEL4 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: wrapper.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/clients/orgchart/wrapper.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- wrapper.c 19 Apr 2005 22:07:20 -0000 1.4 +++ wrapper.c 11 Apr 2006 02:14:33 -0000 1.5 @@ -62,7 +62,7 @@ #define PATH_MAX 512 #endif -char *get_perl_file(char *); +char *get_perl_file(char *, size_t); /* @@ -77,7 +77,7 @@ printf("Content-type:text/html;charset=UTF-8\n\nHi\n"); - get_perl_file(script); + get_perl_file(script, sizeof(script)-1); if (strchr(script, '/') != NULL || strchr(script, '\\') != NULL) { printf("Paths not allowed. Filenames only.\n"); @@ -94,10 +94,11 @@ } char * -get_perl_file(char *script) { +get_perl_file(char *script, size_t scriptsize) { char *qs = getenv("QUERY_STRING"); char *p1 = NULL; char *p2 = NULL; + size_t maxsize; if (qs == NULL || *qs == '\0') { printf("No QUERY_STRING found\n"); @@ -113,6 +114,8 @@ for (p2 = p1; *p2 != '\0' && *p2 != '&'; p2++); - strncpy(script, p1, p2-p1); - script[p2-p1] = '\0'; + maxsize = (scriptsize < (p2-p1)) ? scriptsize : (p2-p1); + + PL_strncpyz(script, p1, maxsize); + script[maxsize] = '\0'; } From fedora-directory-commits at redhat.com Tue Apr 11 02:14:41 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Mon, 10 Apr 2006 19:14:41 -0700 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/acl acldllmain.c, 1.4, 1.5 acllas.c, 1.5, 1.6 Message-ID: <200604110215.k3B2FBBR008629@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/acl In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8136/ldapserver/ldap/servers/plugins/acl Modified Files: acldllmain.c acllas.c Log Message: Bug(s) fixed: 186280 Bug Description: ldapserver: Close potential security vulnerabilities in CGI code Reviewed by: Nathan, Noriko, and Pete (Thanks!) Fix Description: Clean up usage of sprintf, strcpy, fgets instead of gets, fixed buffer usage, etc., mostly in the CGI code and other user facing code (i.e. setup). Also, Steve Grubb told me about a GCC trick to force it to check printf style varargs functions, to check the format string against the argument string, for type mismatches, missing arguments, and too many arguments. In the CGI form argument parsing code, we needed to be more careful about checking for bad input - good input is supposed to look like this: name=value&name=value&..... &name=value. I don't think the original code was checking properly for something like name&name=value. There was another place where we were not checking to see if a buffer had enough room before appending a string to it. I had to change a couple of functions to allow passing in the size of the buffer. Fixed some issues raised by Noriko and Nathan. Platforms tested: RHEL4 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: acldllmain.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/acl/acldllmain.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- acldllmain.c 19 Apr 2005 22:07:28 -0000 1.4 +++ acldllmain.c 11 Apr 2006 02:14:38 -0000 1.5 @@ -136,6 +136,7 @@ va_list ap; va_start (ap, fmt); _snprintf (debugBuf, sizeof(debugBuf), fmt, ap); + debugBuf[sizeof(debugBuf)-1] = 0; va_end (ap); OutputDebugString (debugBuf); Index: acllas.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/acl/acllas.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- acllas.c 19 Apr 2005 22:07:28 -0000 1.5 +++ acllas.c 11 Apr 2006 02:14:38 -0000 1.6 @@ -1436,10 +1436,11 @@ if ( idx < 0 ) { sprintf ( buf, "\nuserDN=\"%s\"\nmember=", info->userDN); - if (info->member) + if (info->member && *info->member) { len = strlen (buf); - sprintf ( &(buf[len]), "\"%s\"", info->member ); + /* member is a char ** */ + sprintf ( &(buf[len]), "\"%s\"", *info->member ); } len = strlen (buf); sprintf ( &(buf[len]), "\nmemberinfo[%d]-[%d]:", info->c_idx, info->lu_idx ); From fedora-directory-commits at redhat.com Tue Apr 11 02:14:41 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Mon, 10 Apr 2006 19:14:41 -0700 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/chainingdb cb_instance.c, 1.5, 1.6 cb_monitor.c, 1.4, 1.5 Message-ID: <200604110215.k3B2FCVa008633@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/chainingdb In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8136/ldapserver/ldap/servers/plugins/chainingdb Modified Files: cb_instance.c cb_monitor.c Log Message: Bug(s) fixed: 186280 Bug Description: ldapserver: Close potential security vulnerabilities in CGI code Reviewed by: Nathan, Noriko, and Pete (Thanks!) Fix Description: Clean up usage of sprintf, strcpy, fgets instead of gets, fixed buffer usage, etc., mostly in the CGI code and other user facing code (i.e. setup). Also, Steve Grubb told me about a GCC trick to force it to check printf style varargs functions, to check the format string against the argument string, for type mismatches, missing arguments, and too many arguments. In the CGI form argument parsing code, we needed to be more careful about checking for bad input - good input is supposed to look like this: name=value&name=value&..... &name=value. I don't think the original code was checking properly for something like name&name=value. There was another place where we were not checking to see if a buffer had enough room before appending a string to it. I had to change a couple of functions to allow passing in the size of the buffer. Fixed some issues raised by Noriko and Nathan. Platforms tested: RHEL4 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: cb_instance.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/chainingdb/cb_instance.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- cb_instance.c 19 Apr 2005 22:07:29 -0000 1.5 +++ cb_instance.c 11 Apr 2006 02:14:39 -0000 1.6 @@ -1436,7 +1436,7 @@ sprintf(buf, "%o", (int) config->config_get_fn(arg)); break; case CB_CONFIG_TYPE_LONG: - sprintf(buf, "%d", (long) config->config_get_fn(arg)); + sprintf(buf, "%ld", (long) config->config_get_fn(arg)); break; case CB_CONFIG_TYPE_STRING: /* Remember the get function for strings returns memory Index: cb_monitor.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/chainingdb/cb_monitor.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- cb_monitor.c 19 Apr 2005 22:07:29 -0000 1.4 +++ cb_monitor.c 11 Apr 2006 02:14:39 -0000 1.5 @@ -76,9 +76,9 @@ char buf[CB_BUFSIZE]; struct berval val; struct berval *vals[2]; - int deletecount,addcount,modifycount,modrdncount,searchbasecount,searchonelevelcount; - int searchsubtreecount,abandoncount,bindcount,unbindcount,comparecount; - int outgoingconn, outgoingbindconn; + unsigned long deletecount,addcount,modifycount,modrdncount,searchbasecount,searchonelevelcount; + unsigned long searchsubtreecount,abandoncount,bindcount,unbindcount,comparecount; + unsigned int outgoingconn, outgoingbindconn; cb_backend_instance *inst = (cb_backend_instance *)arg; /* First make sure the backend instance is configured */ @@ -178,12 +178,12 @@ val.bv_len = strlen( buf ); slapi_entry_attr_replace( e, CB_MONITOR_COMPARECOUNT, ( struct berval **)vals ); - sprintf( buf, "%d", outgoingconn ); + sprintf( buf, "%u", outgoingconn ); val.bv_val = buf; val.bv_len = strlen( buf ); slapi_entry_attr_replace( e, CB_MONITOR_OUTGOINGCONN, ( struct berval **)vals ); - sprintf( buf, "%d", outgoingbindconn ); + sprintf( buf, "%u", outgoingbindconn ); val.bv_val = buf; val.bv_len = strlen( buf ); slapi_entry_attr_replace( e, CB_MONITOR_OUTGOINGBINDCOUNT, ( struct berval **)vals ); From fedora-directory-commits at redhat.com Tue Apr 11 02:14:42 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Mon, 10 Apr 2006 19:14:42 -0700 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/collation dllmain.c, 1.4, 1.5 Message-ID: <200604110215.k3B2FCOo008634@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/collation In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8136/ldapserver/ldap/servers/plugins/collation Modified Files: dllmain.c Log Message: Bug(s) fixed: 186280 Bug Description: ldapserver: Close potential security vulnerabilities in CGI code Reviewed by: Nathan, Noriko, and Pete (Thanks!) Fix Description: Clean up usage of sprintf, strcpy, fgets instead of gets, fixed buffer usage, etc., mostly in the CGI code and other user facing code (i.e. setup). Also, Steve Grubb told me about a GCC trick to force it to check printf style varargs functions, to check the format string against the argument string, for type mismatches, missing arguments, and too many arguments. In the CGI form argument parsing code, we needed to be more careful about checking for bad input - good input is supposed to look like this: name=value&name=value&..... &name=value. I don't think the original code was checking properly for something like name&name=value. There was another place where we were not checking to see if a buffer had enough room before appending a string to it. I had to change a couple of functions to allow passing in the size of the buffer. Fixed some issues raised by Noriko and Nathan. Platforms tested: RHEL4 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: dllmain.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/collation/dllmain.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- dllmain.c 19 Apr 2005 22:07:29 -0000 1.4 +++ dllmain.c 11 Apr 2006 02:14:39 -0000 1.5 @@ -139,6 +139,7 @@ va_list ap; va_start (ap, fmt); _snprintf (debugBuf, sizeof(debugBuf), fmt, ap); + debugBuf[sizeof(debugBuf)-1] = 0; va_end (ap); OutputDebugString (debugBuf); From fedora-directory-commits at redhat.com Tue Apr 11 02:14:43 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Mon, 10 Apr 2006 19:14:43 -0700 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/http http_impl.c, 1.7, 1.8 Message-ID: <200604110215.k3B2FDXk008637@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/http In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8136/ldapserver/ldap/servers/plugins/http Modified Files: http_impl.c Log Message: Bug(s) fixed: 186280 Bug Description: ldapserver: Close potential security vulnerabilities in CGI code Reviewed by: Nathan, Noriko, and Pete (Thanks!) Fix Description: Clean up usage of sprintf, strcpy, fgets instead of gets, fixed buffer usage, etc., mostly in the CGI code and other user facing code (i.e. setup). Also, Steve Grubb told me about a GCC trick to force it to check printf style varargs functions, to check the format string against the argument string, for type mismatches, missing arguments, and too many arguments. In the CGI form argument parsing code, we needed to be more careful about checking for bad input - good input is supposed to look like this: name=value&name=value&..... &name=value. I don't think the original code was checking properly for something like name&name=value. There was another place where we were not checking to see if a buffer had enough room before appending a string to it. I had to change a couple of functions to allow passing in the size of the buffer. Fixed some issues raised by Noriko and Nathan. Platforms tested: RHEL4 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: http_impl.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/http/http_impl.c,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- http_impl.c 19 Apr 2005 22:07:30 -0000 1.7 +++ http_impl.c 11 Apr 2006 02:14:40 -0000 1.8 @@ -62,6 +62,7 @@ /*** from proto-slap.h ***/ int slapd_log_error_proc( char *subsystem, char *fmt, ... ); + char *config_get_instancedir(); /*** from ldaplog.h ***/ @@ -965,11 +966,11 @@ { PRStatus status = PR_SUCCESS; char *dir = "%s%s"; - *path = (char *)PR_Calloc(1, (strlen(dir) + 1024)); + *path = (char *)PR_Calloc(1, strlen(dir) + strlen(url) + 2); /* Just write the path and check for a starting / */ if ('/' != *url) { - PR_sscanf(*path, dir, "/", url); + sprintf(*path, dir, "/", url); } else { strcpy(*path, url); } From fedora-directory-commits at redhat.com Tue Apr 11 02:14:44 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Mon, 10 Apr 2006 19:14:44 -0700 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/passthru ptdllmain.c, 1.4, 1.5 Message-ID: <200604110215.k3B2FElg008643@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/passthru In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8136/ldapserver/ldap/servers/plugins/passthru Modified Files: ptdllmain.c Log Message: Bug(s) fixed: 186280 Bug Description: ldapserver: Close potential security vulnerabilities in CGI code Reviewed by: Nathan, Noriko, and Pete (Thanks!) Fix Description: Clean up usage of sprintf, strcpy, fgets instead of gets, fixed buffer usage, etc., mostly in the CGI code and other user facing code (i.e. setup). Also, Steve Grubb told me about a GCC trick to force it to check printf style varargs functions, to check the format string against the argument string, for type mismatches, missing arguments, and too many arguments. In the CGI form argument parsing code, we needed to be more careful about checking for bad input - good input is supposed to look like this: name=value&name=value&..... &name=value. I don't think the original code was checking properly for something like name&name=value. There was another place where we were not checking to see if a buffer had enough room before appending a string to it. I had to change a couple of functions to allow passing in the size of the buffer. Fixed some issues raised by Noriko and Nathan. Platforms tested: RHEL4 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: ptdllmain.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/passthru/ptdllmain.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- ptdllmain.c 19 Apr 2005 22:07:31 -0000 1.4 +++ ptdllmain.c 11 Apr 2006 02:14:41 -0000 1.5 @@ -139,6 +139,7 @@ va_list ap; va_start (ap, fmt); _snprintf (debugBuf, sizeof(debugBuf), fmt, ap); + debugBuf[sizeof(debugBuf)-1] = 0; va_end (ap); OutputDebugString (debugBuf); From fedora-directory-commits at redhat.com Tue Apr 11 02:14:45 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Mon, 10 Apr 2006 19:14:45 -0700 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/replication cl5_api.c, 1.9, 1.10 repl.h, 1.5, 1.6 repl5_inc_protocol.c, 1.8, 1.9 repl5_replica.c, 1.12, 1.13 repl5_tot_protocol.c, 1.7, 1.8 windows_connection.c, 1.13, 1.14 windows_inc_protocol.c, 1.11, 1.12 windows_private.c, 1.10, 1.11 windows_protocol_util.c, 1.25, 1.26 Message-ID: <200604110215.k3B2FF6G008649@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/replication In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8136/ldapserver/ldap/servers/plugins/replication Modified Files: cl5_api.c repl.h repl5_inc_protocol.c repl5_replica.c repl5_tot_protocol.c windows_connection.c windows_inc_protocol.c windows_private.c windows_protocol_util.c Log Message: Bug(s) fixed: 186280 Bug Description: ldapserver: Close potential security vulnerabilities in CGI code Reviewed by: Nathan, Noriko, and Pete (Thanks!) Fix Description: Clean up usage of sprintf, strcpy, fgets instead of gets, fixed buffer usage, etc., mostly in the CGI code and other user facing code (i.e. setup). Also, Steve Grubb told me about a GCC trick to force it to check printf style varargs functions, to check the format string against the argument string, for type mismatches, missing arguments, and too many arguments. In the CGI form argument parsing code, we needed to be more careful about checking for bad input - good input is supposed to look like this: name=value&name=value&..... &name=value. I don't think the original code was checking properly for something like name&name=value. There was another place where we were not checking to see if a buffer had enough room before appending a string to it. I had to change a couple of functions to allow passing in the size of the buffer. Fixed some issues raised by Noriko and Nathan. Platforms tested: RHEL4 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: cl5_api.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/cl5_api.c,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- cl5_api.c 19 Apr 2005 22:07:32 -0000 1.9 +++ cl5_api.c 11 Apr 2006 02:14:42 -0000 1.10 @@ -51,6 +51,7 @@ #include "cl5_api.h" #include "plhash.h" +#include "plstr.h" #include "db.h" #include "cl5_clcache.h" /* To use the Changelog Cache */ @@ -2124,7 +2125,7 @@ } /* directory does not exist - try to create */ - strncpy (buff, dirName, MAXPATHLEN); + PL_strncpyz (buff, dirName, sizeof(buff)-1); t = strchr (buff, '/'); /* skip first slash */ Index: repl.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/repl.h,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- repl.h 19 Apr 2005 22:07:32 -0000 1.5 +++ repl.h 11 Apr 2006 02:14:42 -0000 1.6 @@ -61,10 +61,9 @@ } schedule_item; /* XXXggood - copied from slap.h - bad */ -#if defined( XP_WIN32 ) +/* XXXrichm - copied to match definition in slap.h - 20060406 */ +#ifndef NO_TIME #define NO_TIME (time_t)0 /* cannot be -1, NT's localtime( -1 ) returns NULL */ -#else -#define NO_TIME (time_t)-1 /* a value that time() does not return */ #endif /* Index: repl5_inc_protocol.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/repl5_inc_protocol.c,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- repl5_inc_protocol.c 4 May 2005 23:58:51 -0000 1.8 +++ repl5_inc_protocol.c 11 Apr 2006 02:14:42 -0000 1.9 @@ -242,6 +242,7 @@ return conres; } +#if NEEDED_FOR_DEBUGGING static void repl5_inc_log_operation_failure(int operation_code, int ldap_error, char* ldap_error_string, const char *agreement_name) { @@ -253,12 +254,12 @@ ldap_error, ldap_error_string ? ldap_error_string : "NULL", op_string ? op_string : "NULL"); } +#endif /* Thread that collects results from async operations sent to the consumer */ static void repl5_inc_result_threadmain(void *param) { result_data *rd = (result_data*) param; - int res = 0; ConnResult conres = 0; Repl_Connection *conn = rd->prp->conn; int finished = 0; @@ -384,7 +385,6 @@ static void repl5_inc_rd_list_destroy(repl5_inc_operation *op) { - repl5_inc_operation *cur = op; while (op) { repl5_inc_operation *next = op->next; repl5_inc_op_free(op); @@ -689,7 +689,7 @@ /* just ignore it and go to sleep */ protocol_sleep(prp, PR_INTERVAL_NO_TIMEOUT); } - else if (e1 = event_occurred(prp, EVENT_WINDOW_CLOSED) || + else if ((e1 = event_occurred(prp, EVENT_WINDOW_CLOSED)) || event_occurred(prp, EVENT_BACKOFF_EXPIRED)) { /* this events - should not occur - log a warning and go to sleep */ @@ -748,7 +748,7 @@ next_state = STATE_READY_TO_ACQUIRE; wait_change_timer_set = 0; } - else if (e1 = event_occurred(prp, EVENT_WINDOW_OPENED) || + else if ((e1 = event_occurred(prp, EVENT_WINDOW_OPENED)) || event_occurred(prp, EVENT_BACKOFF_EXPIRED)) { /* this events - should not occur - log a warning and clear the event */ @@ -849,7 +849,7 @@ { /* consume and ignore */ } - else if (e1 = event_occurred (prp, EVENT_WINDOW_OPENED) || + else if ((e1 = event_occurred (prp, EVENT_WINDOW_OPENED)) || event_occurred (prp, EVENT_BACKOFF_EXPIRED)) { /* This should never happen */ Index: repl5_replica.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/repl5_replica.c,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- repl5_replica.c 15 Feb 2006 22:54:07 -0000 1.12 +++ repl5_replica.c 11 Apr 2006 02:14:43 -0000 1.13 @@ -1539,7 +1539,7 @@ PR_ASSERT (r); if (r->repl_root == NULL || r->repl_type == 0 || r->repl_rid == 0 || - r->repl_rid > MAX_REPLICA_ID || r->repl_csngen == NULL || r->repl_name == NULL) + r->repl_csngen == NULL || r->repl_name == NULL) { return -1; } Index: repl5_tot_protocol.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/repl5_tot_protocol.c,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- repl5_tot_protocol.c 19 Apr 2005 22:07:32 -0000 1.7 +++ repl5_tot_protocol.c 11 Apr 2006 02:14:43 -0000 1.8 @@ -125,7 +125,6 @@ static void repl5_tot_result_threadmain(void *param) { callback_data *cb = (callback_data*) param; - int res = 0; ConnResult conres = 0; Repl_Connection *conn = cb->prp->conn; int finished = 0; Index: windows_connection.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/windows_connection.c,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- windows_connection.c 20 Feb 2006 19:36:24 -0000 1.13 +++ windows_connection.c 11 Apr 2006 02:14:43 -0000 1.14 @@ -665,8 +665,6 @@ const char* old_dn = NULL; char* dn = NULL; - int i=0; - int num_comp=0; LDAPDebug( LDAP_DEBUG_TRACE, "=> send_dirsync_search\n", 0, 0, 0 ); @@ -810,13 +808,10 @@ Slapi_Entry * windows_conn_get_search_result(Repl_Connection *conn) { int rc=0; - int matches=0; LDAPMessage *res = NULL; Slapi_Entry *e = NULL; LDAPMessage *lm = NULL; - char *a = ""; char *dn = ""; - BerElement *ber = NULL; LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_conn_get_search_result\n", 0, 0, 0 ); Index: windows_inc_protocol.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/windows_inc_protocol.c,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- windows_inc_protocol.c 6 May 2005 03:33:36 -0000 1.11 +++ windows_inc_protocol.c 11 Apr 2006 02:14:43 -0000 1.12 @@ -386,7 +386,7 @@ /* just ignore it and go to sleep */ protocol_sleep(prp, PR_INTERVAL_NO_TIMEOUT); } - else if (e1 = event_occurred(prp, EVENT_WINDOW_CLOSED) || + else if ((e1 = event_occurred(prp, EVENT_WINDOW_CLOSED)) || event_occurred(prp, EVENT_BACKOFF_EXPIRED)) { /* this events - should not occur - log a warning and go to sleep */ @@ -458,7 +458,7 @@ next_state = STATE_READY_TO_ACQUIRE; wait_change_timer_set = 0; } - else if (e1 = event_occurred(prp, EVENT_WINDOW_OPENED) || + else if ((e1 = event_occurred(prp, EVENT_WINDOW_OPENED)) || event_occurred(prp, EVENT_BACKOFF_EXPIRED)) { /* this events - should not occur - log a warning and clear the event */ @@ -570,7 +570,7 @@ { /* consume and ignore */ } - else if (e1 = event_occurred (prp, EVENT_WINDOW_OPENED) || + else if ((e1 = event_occurred (prp, EVENT_WINDOW_OPENED)) || event_occurred (prp, EVENT_BACKOFF_EXPIRED)) { /* This should never happen */ Index: windows_private.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/windows_private.c,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- windows_private.c 16 May 2005 22:26:25 -0000 1.10 +++ windows_private.c 11 Apr 2006 02:14:43 -0000 1.11 @@ -423,7 +423,6 @@ { LDAPControl *control = NULL; - LDAPControl **lc = &control ; BerElement *ber; Dirsync_Private *dp; @@ -498,7 +497,7 @@ goto choke; } - slapi_ch_free(&dp->dirsync_cookie); + slapi_ch_free_string(&dp->dirsync_cookie); dp->dirsync_cookie = ( char* ) slapi_ch_malloc(serverCookie->bv_len + 1); memcpy(dp->dirsync_cookie, serverCookie->bv_val, serverCookie->bv_len); @@ -548,7 +547,7 @@ PR_ASSERT (dp); dp->dirsync_cookie_len = 0; - slapi_ch_free(&dp->dirsync_cookie); + slapi_ch_free_string(&dp->dirsync_cookie); dp->dirsync_cookie = NULL; LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_private_null_dirsync_control\n", 0, 0, 0 ); @@ -630,7 +629,6 @@ Slapi_DN* sdn = NULL; int rc = 0; Slapi_Entry *entry = NULL; - char* cookie = NULL; Slapi_Attr *attr = NULL; LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_private_load_dirsync_cookie\n", 0, 0, 0 ); @@ -658,7 +656,7 @@ if (vals) { dp->dirsync_cookie_len = (int) (vals[0])->bv_len; - slapi_ch_free(&dp->dirsync_cookie); + slapi_ch_free_string(&dp->dirsync_cookie); dp->dirsync_cookie = ( char* ) slapi_ch_malloc(dp->dirsync_cookie_len + 1); memcpy(dp->dirsync_cookie,(vals[0]->bv_val), (vals[0])->bv_len+1); Index: windows_protocol_util.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/windows_protocol_util.c,v retrieving revision 1.25 retrieving revision 1.26 diff -u -r1.25 -r1.26 --- windows_protocol_util.c 20 Mar 2006 17:47:16 -0000 1.25 +++ windows_protocol_util.c 11 Apr 2006 02:14:43 -0000 1.26 @@ -64,12 +64,12 @@ static int windows_create_remote_entry(Private_Repl_Protocol *prp,Slapi_Entry *original_entry, Slapi_DN *remote_sdn, Slapi_Entry **remote_entry, char** password); static int windows_get_local_entry(const Slapi_DN* local_dn,Slapi_Entry **local_entry); static int windows_get_local_entry_by_uniqueid(Private_Repl_Protocol *prp,const char* uniqueid,Slapi_Entry **local_entry); -static int map_entry_dn_outbound(Slapi_Entry *e, const Slapi_DN **dn, Private_Repl_Protocol *prp, int *missing_entry, int want_guid); +static int map_entry_dn_outbound(Slapi_Entry *e, Slapi_DN **dn, Private_Repl_Protocol *prp, int *missing_entry, int want_guid); static char* extract_ntuserdomainid_from_entry(Slapi_Entry *e); static int windows_get_remote_entry (Private_Repl_Protocol *prp, const Slapi_DN* remote_dn,Slapi_Entry **remote_entry); static const char* op2string (int op); static int is_subject_of_agreemeent_remote(Slapi_Entry *e, const Repl_Agmt *ra); -static int map_entry_dn_inbound(Slapi_Entry *e, const Slapi_DN **dn, const Repl_Agmt *ra); +static int map_entry_dn_inbound(Slapi_Entry *e, Slapi_DN **dn, const Repl_Agmt *ra); static int windows_update_remote_entry(Private_Repl_Protocol *prp,Slapi_Entry *remote_entry,Slapi_Entry *local_entry); @@ -678,12 +678,6 @@ void windows_release_replica(Private_Repl_Protocol *prp) { - - struct berval *retdata = NULL; - char *retoid = NULL; - struct berval *payload = NULL; - Slapi_DN *replarea_sdn = NULL; - LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_release_replica\n", 0, 0, 0 ); PR_ASSERT(NULL != prp); @@ -1248,14 +1242,12 @@ int retval = 0; char *entry_string = NULL; Slapi_Entry *new_entry = NULL; - Slapi_PBlock* pb = NULL; int rc = 0; int is_user = 0; int is_group = 0; Slapi_Attr *attr = NULL; char *username = NULL; const char *dn_string = NULL; - char *remote_entry_template = NULL; char *fqusername = NULL; const char *domain_name = windows_private_get_windows_domain(prp->agmt); int is_nt4 = windows_private_get_isnt4(prp->agmt); @@ -1309,7 +1301,6 @@ for (rc = slapi_entry_first_attr(original_entry, &attr); rc == 0; rc = slapi_entry_next_attr(original_entry, attr, &attr)) { - Slapi_Value *value = NULL; char *type = NULL; Slapi_ValueSet *vs = NULL; int mapdn = 0; @@ -1449,7 +1440,6 @@ Slapi_Mods smods = {0}; Slapi_Mods mapped_smods = {0}; LDAPMod *mod = NULL; - int i=0; int is_nt4 = windows_private_get_isnt4(prp->agmt); LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_map_mods_for_replay\n", 0, 0, 0 ); @@ -1944,7 +1934,7 @@ /* Given a non-tombstone entry, return the DN of its peer in AD (whether present or not) */ static int -map_entry_dn_outbound(Slapi_Entry *e, const Slapi_DN **dn, Private_Repl_Protocol *prp, int *missing_entry, int guid_form) +map_entry_dn_outbound(Slapi_Entry *e, Slapi_DN **dn, Private_Repl_Protocol *prp, int *missing_entry, int guid_form) { int retval = 0; char *guid = NULL; @@ -2048,7 +2038,7 @@ /* Given a tombstone entry, return the DN of its peer in this server (if present) */ static int -map_tombstone_dn_inbound(Slapi_Entry *e, const Slapi_DN **dn, const Repl_Agmt *ra) +map_tombstone_dn_inbound(Slapi_Entry *e, Slapi_DN **dn, const Repl_Agmt *ra) { int retval = 0; Slapi_DN *new_dn = NULL; @@ -2106,7 +2096,7 @@ /* Given a non-tombstone entry, return the DN of its peer in this server (whether present or not) */ static int -map_entry_dn_inbound(Slapi_Entry *e, const Slapi_DN **dn, const Repl_Agmt *ra) +map_entry_dn_inbound(Slapi_Entry *e, Slapi_DN **dn, const Repl_Agmt *ra) { int retval = 0; Slapi_DN *new_dn = NULL; @@ -2366,7 +2356,6 @@ for (rc = slapi_entry_first_attr(remote_entry, &attr); rc == 0; rc = slapi_entry_next_attr(remote_entry, attr, &attr)) { - Slapi_Value *value = NULL; char *type = NULL; Slapi_ValueSet *vs = NULL; int mapdn = 0; @@ -2517,7 +2506,6 @@ rc = slapi_entry_next_attr(remote_entry, attr, &attr)) { int is_present_local = 0; - Slapi_Value *value = NULL; char *type = NULL; Slapi_ValueSet *vs = NULL; char *local_type = NULL; @@ -2723,7 +2711,6 @@ { Slapi_Mods smods = {0}; int retval = 0; - int rc = 0; Slapi_PBlock *pb = NULL; int do_modify = 0; From fedora-directory-commits at redhat.com Tue Apr 11 02:14:46 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Mon, 10 Apr 2006 19:14:46 -0700 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/syntaxes dllmain.c, 1.4, 1.5 Message-ID: <200604110215.k3B2FGvJ008658@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/syntaxes In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8136/ldapserver/ldap/servers/plugins/syntaxes Modified Files: dllmain.c Log Message: Bug(s) fixed: 186280 Bug Description: ldapserver: Close potential security vulnerabilities in CGI code Reviewed by: Nathan, Noriko, and Pete (Thanks!) Fix Description: Clean up usage of sprintf, strcpy, fgets instead of gets, fixed buffer usage, etc., mostly in the CGI code and other user facing code (i.e. setup). Also, Steve Grubb told me about a GCC trick to force it to check printf style varargs functions, to check the format string against the argument string, for type mismatches, missing arguments, and too many arguments. In the CGI form argument parsing code, we needed to be more careful about checking for bad input - good input is supposed to look like this: name=value&name=value&..... &name=value. I don't think the original code was checking properly for something like name&name=value. There was another place where we were not checking to see if a buffer had enough room before appending a string to it. I had to change a couple of functions to allow passing in the size of the buffer. Fixed some issues raised by Noriko and Nathan. Platforms tested: RHEL4 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: dllmain.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/syntaxes/dllmain.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- dllmain.c 19 Apr 2005 22:07:35 -0000 1.4 +++ dllmain.c 11 Apr 2006 02:14:43 -0000 1.5 @@ -141,6 +141,7 @@ va_list ap; va_start (ap, fmt); _snprintf (debugBuf, sizeof(debugBuf), fmt, ap); + debugBuf[sizeof(debugBuf)-1] = 0; va_end (ap); OutputDebugString (debugBuf); From fedora-directory-commits at redhat.com Tue Apr 11 02:14:47 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Mon, 10 Apr 2006 19:14:47 -0700 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd abandon.c, 1.4, 1.5 auth.c, 1.5, 1.6 csn.c, 1.4, 1.5 csngen.c, 1.5, 1.6 daemon.c, 1.7, 1.8 eventq.c, 1.4, 1.5 filter.c, 1.6, 1.7 log.c, 1.12, 1.13 proto-slap.h, 1.17, 1.18 resourcelimit.c, 1.4, 1.5 result.c, 1.6, 1.7 schema.c, 1.7, 1.8 slapi-plugin.h, 1.9, 1.10 slapi-private.h, 1.9, 1.10 Message-ID: <200604110215.k3B2FHj0008665@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8136/ldapserver/ldap/servers/slapd Modified Files: abandon.c auth.c csn.c csngen.c daemon.c eventq.c filter.c log.c proto-slap.h resourcelimit.c result.c schema.c slapi-plugin.h slapi-private.h Log Message: Bug(s) fixed: 186280 Bug Description: ldapserver: Close potential security vulnerabilities in CGI code Reviewed by: Nathan, Noriko, and Pete (Thanks!) Fix Description: Clean up usage of sprintf, strcpy, fgets instead of gets, fixed buffer usage, etc., mostly in the CGI code and other user facing code (i.e. setup). Also, Steve Grubb told me about a GCC trick to force it to check printf style varargs functions, to check the format string against the argument string, for type mismatches, missing arguments, and too many arguments. In the CGI form argument parsing code, we needed to be more careful about checking for bad input - good input is supposed to look like this: name=value&name=value&..... &name=value. I don't think the original code was checking properly for something like name&name=value. There was another place where we were not checking to see if a buffer had enough room before appending a string to it. I had to change a couple of functions to allow passing in the size of the buffer. Fixed some issues raised by Noriko and Nathan. Platforms tested: RHEL4 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: abandon.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/abandon.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- abandon.c 19 Apr 2005 22:07:36 -0000 1.4 +++ abandon.c 11 Apr 2006 02:14:44 -0000 1.5 @@ -158,7 +158,7 @@ pb->pb_conn->c_connid, pb->pb_op->o_opid, id ); } else { slapi_log_access( LDAP_DEBUG_STATS, "conn=%d op=%d ABANDON" - " targetop=%d msgid=%d nentries=%d etime=%d\n", + " targetop=%d msgid=%d nentries=%d etime=%ld\n", pb->pb_conn->c_connid, pb->pb_op->o_opid, o->o_opid, id, o->o_results.r.r_search.nentries, current_time() - o->o_time ); Index: auth.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/auth.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- auth.c 19 Apr 2005 22:07:36 -0000 1.5 +++ auth.c 11 Apr 2006 02:14:44 -0000 1.6 @@ -445,7 +445,7 @@ != SECSuccess) { PRErrorCode errorCode = PR_GetError(); slapi_log_access (LDAP_DEBUG_STATS, - "conn=%d SSL failed to obtain cipher info; ", + "conn=%d SSL failed to obtain cipher info; " SLAPI_COMPONENT_NAME_NSPR " error %i (%s)\n", conn->c_connid, errorCode, slapd_pr_strerror(errorCode)); return; Index: csn.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/csn.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- csn.c 19 Apr 2005 22:07:36 -0000 1.4 +++ csn.c 11 Apr 2006 02:14:44 -0000 1.5 @@ -372,11 +372,12 @@ int csn_increment_subsequence (CSN *csn) { + PRUint16 maxsubseq = (PRUint16)0xFFFFFFFF; if (csn == NULL) { return -1; } - else if (csn->subseqnum == 0xFFFFFFFF) + else if (csn->subseqnum == maxsubseq) { slapi_log_error(SLAPI_LOG_FATAL, NULL, "csn_increment_subsequence: subsequence overflow\n"); Index: csngen.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/csngen.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- csngen.c 19 Apr 2005 22:07:36 -0000 1.5 +++ csngen.c 11 Apr 2006 02:14:44 -0000 1.6 @@ -338,8 +338,8 @@ else /* remote_offset > CSN_MAX_TIME_ADJUST */ { slapi_log_error (SLAPI_LOG_FATAL, NULL, "csngen_adjust_time: " - "adjustment limit exceeded; value - %d, limit - %d\n", - remote_offset, CSN_MAX_TIME_ADJUST); + "adjustment limit exceeded; value - %ld, limit - %ld\n", + remote_offset, (long)CSN_MAX_TIME_ADJUST); PR_RWLock_Unlock (gen->lock); return CSN_LIMIT_EXCEEDED; } @@ -427,9 +427,9 @@ PR_RWLock_Rlock (gen->lock); slapi_log_error(SLAPI_LOG_FATAL, NULL, "CSN generator's state:\n"); slapi_log_error(SLAPI_LOG_FATAL, NULL, "\treplica id: %d\n", gen->state.rid); - slapi_log_error(SLAPI_LOG_FATAL, NULL, "\tsampled time: %d\n", gen->state.sampled_time); - slapi_log_error(SLAPI_LOG_FATAL, NULL, "\tlocal offset: %d\n", gen->state.local_offset); - slapi_log_error(SLAPI_LOG_FATAL, NULL, "\tremote offset: %d\n", gen->state.remote_offset); + slapi_log_error(SLAPI_LOG_FATAL, NULL, "\tsampled time: %ld\n", gen->state.sampled_time); + slapi_log_error(SLAPI_LOG_FATAL, NULL, "\tlocal offset: %ld\n", gen->state.local_offset); + slapi_log_error(SLAPI_LOG_FATAL, NULL, "\tremote offset: %ld\n", gen->state.remote_offset); slapi_log_error(SLAPI_LOG_FATAL, NULL, "\tsequence number: %d\n", gen->state.seq_num); PR_RWLock_Unlock (gen->lock); } Index: daemon.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/daemon.c,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- daemon.c 18 Nov 2005 21:07:38 -0000 1.7 +++ daemon.c 11 Apr 2006 02:14:44 -0000 1.8 @@ -2588,7 +2588,7 @@ if ( NULL == nspr_layer_fd ) { slapi_log_error( SLAPI_LOG_FATAL, "configure_pr_socket", "Unable to move socket file descriptor %d above %d:" - " PR_GetIdentitiesLayer( 0x%x, PR_NSPR_IO_LAYER )" + " PR_GetIdentitiesLayer( %p, PR_NSPR_IO_LAYER )" " failed\n", ns, reservedescriptors, *pr_socket ); close( newfd ); /* can't fix things up in NSPR -- close copy */ } else { Index: eventq.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/eventq.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- eventq.c 19 Apr 2005 22:07:36 -0000 1.4 +++ eventq.c 11 Apr 2006 02:14:44 -0000 1.5 @@ -143,7 +143,7 @@ /* scheduling. Too bad */ slapi_log_error(SLAPI_LOG_HOUSE, NULL, - "added one-time event id 0x%x at time %u\n", + "added one-time event id %p at time %ld\n", id, when); return(id); } @@ -175,7 +175,7 @@ tmp = eq_new(fn, arg, when, interval); eq_enqueue(tmp); slapi_log_error(SLAPI_LOG_HOUSE, NULL, - "added repeating event id 0x%x at time %u, interval %u\n", + "added repeating event id %p at time %ld, interval %lu\n", tmp->ec_id, when, interval); return(tmp->ec_id); } @@ -212,7 +212,7 @@ PR_Unlock(eq->eq_lock); } slapi_log_error(SLAPI_LOG_HOUSE, NULL, - "cancellation of event id 0x%x requested: %s\n", + "cancellation of event id %p requested: %s\n", ctx, found ? "cancellation succeeded" : "event not found"); return found; } @@ -306,7 +306,7 @@ /* Call the scheduled function */ p->ec_fn(p->ec_when, p->ec_arg); slapi_log_error(SLAPI_LOG_HOUSE, NULL, - "Event id 0x%x called at %u (scheduled for %u)\n", + "Event id %p called at %ld (scheduled for %ld)\n", p->ec_id, current_time(), p->ec_when); if (0UL != p->ec_interval) { /* This is a repeating event. Requeue it. */ Index: filter.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/filter.c,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- filter.c 23 Feb 2006 20:45:16 -0000 1.6 +++ filter.c 11 Apr 2006 02:14:44 -0000 1.7 @@ -100,14 +100,14 @@ logbuf = slapi_ch_malloc(logbufsize); *logbuf = '\0'; slapi_log_error( SLAPI_LOG_FATAL, "get_filter", "before optimize: %s\n", - slapi_filter_to_string(*filt, logbuf, logbufsize), 0, 0 ); + slapi_filter_to_string(*filt, logbuf, logbufsize)); } filter_optimize(*filt); if (NULL != logbuf) { slapi_log_error( SLAPI_LOG_FATAL, "get_filter", " after optimize: %s\n", - slapi_filter_to_string(*filt, logbuf, logbufsize), 0, 0 ); + slapi_filter_to_string(*filt, logbuf, logbufsize)); slapi_ch_free_string( &logbuf ); } Index: log.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/log.c,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- log.c 19 Mar 2006 18:36:40 -0000 1.12 +++ log.c 11 Apr 2006 02:14:44 -0000 1.13 @@ -2269,7 +2269,7 @@ "LOGINFO:End of Log because size exceeded(Max:%d bytes) (Is:%d bytes)\n", maxlogsize, f_size, 0); } else if ( type == LOG_EXPIRED) { LDAPDebug(LDAP_DEBUG_TRACE, - "LOGINFO:End of Log because time exceeded(Max:%d secs) (Is:%d secs)\n", + "LOGINFO:End of Log because time exceeded(Max:%d secs) (Is:%ld secs)\n", rotationtime_secs, curr_time - log_createtime,0); } } Index: proto-slap.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/proto-slap.h,v retrieving revision 1.17 retrieving revision 1.18 diff -u -r1.17 -r1.18 --- proto-slap.h 18 Mar 2006 17:57:39 -0000 1.17 +++ proto-slap.h 11 Apr 2006 02:14:44 -0000 1.18 @@ -557,7 +557,13 @@ * log.c */ int slapd_log_error_proc( char *subsystem, char *fmt, ... ); -int slapi_log_access( int level, char *fmt, ... ); + +int slapi_log_access( int level, char *fmt, ... ) +#ifdef __GNUC__ + __attribute__ ((format (printf, 2, 3))); +#else + ; +#endif int slapd_log_audit_proc(char *buffer, int buf_len); void log_access_flush(); Index: resourcelimit.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/resourcelimit.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- resourcelimit.c 19 Apr 2005 22:07:37 -0000 1.4 +++ resourcelimit.c 11 Apr 2006 02:14:44 -0000 1.5 @@ -474,7 +474,7 @@ if ( slapi_valueset_next_value( vs, index, &v ) != -1 ) { char ebuf[ BUFSIZ ]; slapi_log_error( SLAPI_LOG_FATAL, SLAPI_RESLIMIT_MODULE, - "%s: ignoring multiple values for %s in entry \n", + "%s: ignoring multiple values for %s in entry %s\n", fnname, reslimit_map[ i ].rlmap_at, escape_string( slapi_entry_get_dn_const( e ), ebuf )); Index: result.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/result.c,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- result.c 19 Apr 2005 22:07:37 -0000 1.6 +++ result.c 11 Apr 2006 02:14:44 -0000 1.7 @@ -1696,7 +1696,7 @@ { slapi_log_access( LDAP_DEBUG_STATS, "conn=%d op=%d RESULT err=%d" - " tag=%d nentries=%d etime=%s%s%s" + " tag=%lu nentries=%d etime=%s%s%s" ", SASL bind in progress\n", op->o_connid, op->o_opid, @@ -1708,7 +1708,7 @@ { slapi_log_access( LDAP_DEBUG_ARGS, "conn=%s op=%d RESULT err=%d" - " tag=%d nentries=%d etime=%s%s%s" + " tag=%lu nentries=%d etime=%s%s%s" ", SASL bind in progress\n", LOG_INTERNAL_OP_CON_ID, LOG_INTERNAL_OP_OP_ID, @@ -1728,7 +1728,7 @@ { slapi_log_access( LDAP_DEBUG_STATS, "conn=%d op=%d RESULT err=%d" - " tag=%d nentries=%d etime=%s%s%s" + " tag=%lu nentries=%d etime=%s%s%s" " dn=\"%s\"\n", op->o_connid, op->o_opid, @@ -1740,7 +1740,7 @@ { slapi_log_access( LDAP_DEBUG_ARGS, "conn=%s op=%d RESULT err=%d" - " tag=%d nentries=%d etime=%s%s%s" + " tag=%lu nentries=%d etime=%s%s%s" " dn=\"%s\"\n", LOG_INTERNAL_OP_CON_ID, LOG_INTERNAL_OP_OP_ID, @@ -1754,7 +1754,7 @@ { slapi_log_access( LDAP_DEBUG_STATS, "conn=%d op=%d RESULT err=%d" - " tag=%d nentries=%d etime=%s%s%s\n", + " tag=%lu nentries=%d etime=%s%s%s\n", op->o_connid, op->o_opid, err, tag, nentries, @@ -1765,7 +1765,7 @@ { slapi_log_access( LDAP_DEBUG_ARGS, "conn=%s op=%d RESULT err=%d" - " tag=%d nentries=%d etime=%s%s%s\n", + " tag=%lu nentries=%d etime=%s%s%s\n", LOG_INTERNAL_OP_CON_ID, LOG_INTERNAL_OP_OP_ID, err, tag, nentries, Index: schema.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/schema.c,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- schema.c 19 Apr 2005 22:07:37 -0000 1.7 +++ schema.c 11 Apr 2006 02:14:44 -0000 1.8 @@ -151,7 +151,13 @@ const char *ignorestr ); static PRBool schema_type_is_interesting( const char *type ); static void schema_create_errormsg( char *errorbuf, size_t errorbufsize, - const char *prefix, const char *name, const char *fmt, ... ); + const char *prefix, const char *name, const char *fmt, ... ) +#ifdef __GNUC__ + __attribute__ ((format (printf, 5, 6))); +#else + ; +#endif + /* Some utility functions for dealing with a dynamic buffer */ @@ -4066,7 +4072,7 @@ { slapi_log_error(SLAPI_LOG_FATAL, "schema", "Could not add" " attribute type \"objectClass\" to the schema: %s\n", - errorbuf, 0, 0); + errorbuf); } rc = dse_read_file(pschemadse, &pb); Index: slapi-plugin.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/slapi-plugin.h,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- slapi-plugin.h 23 Feb 2006 20:47:59 -0000 1.9 +++ slapi-plugin.h 11 Apr 2006 02:14:44 -0000 1.10 @@ -850,7 +850,12 @@ struct berval* slapi_ch_bvdup(const struct berval*); struct berval** slapi_ch_bvecdup(struct berval**); void slapi_ch_bvfree(struct berval** v); -char * slapi_ch_smprintf(const char *fmt, ...); +char * slapi_ch_smprintf(const char *fmt, ...) +#ifdef __GNUC__ + __attribute__ ((format (printf, 1, 2))); +#else + ; +#endif /* * syntax plugin routines Index: slapi-private.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/slapi-private.h,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- slapi-private.h 12 Aug 2005 05:49:54 -0000 1.9 +++ slapi-private.h 11 Apr 2006 02:14:44 -0000 1.10 @@ -1211,8 +1211,19 @@ int slapi_task_register_handler(const char *name, dseCallbackFn func); void slapi_task_status_changed(Slapi_Task *task); -void slapi_task_log_status(Slapi_Task *task, char *format, ...); -void slapi_task_log_notice(Slapi_Task *task, char *format, ...); +void slapi_task_log_status(Slapi_Task *task, char *format, ...) +#ifdef __GNUC__ + __attribute__ ((format (printf, 2, 3))); +#else + ; +#endif + +void slapi_task_log_notice(Slapi_Task *task, char *format, ...) +#ifdef __GNUC__ + __attribute__ ((format (printf, 2, 3))); +#else + ; +#endif /* End of interface to support online tasks **********************************/ From fedora-directory-commits at redhat.com Tue Apr 11 02:14:47 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Mon, 10 Apr 2006 19:14:47 -0700 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm archive.c, 1.8, 1.9 dbhelp.c, 1.4, 1.5 dllmain.c, 1.4, 1.5 import-merge.c, 1.5, 1.6 import.h, 1.5, 1.6 ldbm_attrcrypt.c, 1.7, 1.8 ldbm_config.c, 1.5, 1.6 ldif2ldbm.c, 1.8, 1.9 Message-ID: <200604110215.k3B2FHQ1008682@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8136/ldapserver/ldap/servers/slapd/back-ldbm Modified Files: archive.c dbhelp.c dllmain.c import-merge.c import.h ldbm_attrcrypt.c ldbm_config.c ldif2ldbm.c Log Message: Bug(s) fixed: 186280 Bug Description: ldapserver: Close potential security vulnerabilities in CGI code Reviewed by: Nathan, Noriko, and Pete (Thanks!) Fix Description: Clean up usage of sprintf, strcpy, fgets instead of gets, fixed buffer usage, etc., mostly in the CGI code and other user facing code (i.e. setup). Also, Steve Grubb told me about a GCC trick to force it to check printf style varargs functions, to check the format string against the argument string, for type mismatches, missing arguments, and too many arguments. In the CGI form argument parsing code, we needed to be more careful about checking for bad input - good input is supposed to look like this: name=value&name=value&..... &name=value. I don't think the original code was checking properly for something like name&name=value. There was another place where we were not checking to see if a buffer had enough room before appending a string to it. I had to change a couple of functions to allow passing in the size of the buffer. Fixed some issues raised by Noriko and Nathan. Platforms tested: RHEL4 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: archive.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/archive.c,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- archive.c 12 Jan 2006 00:29:04 -0000 1.8 +++ archive.c 11 Apr 2006 02:14:45 -0000 1.9 @@ -207,7 +207,7 @@ c = *p; *p = '\0'; } - bakup_dir = slapi_ch_smprintf("%s%ctmp_%010d", directory, c, time(0)); + bakup_dir = slapi_ch_smprintf("%s%ctmp_%010ld", directory, c, time(0)); LDAPDebug( LDAP_DEBUG_ANY, "archive2db: backup dir: %s\n", bakup_dir, 0, 0); *p = c; @@ -315,10 +315,10 @@ if (task) { slapi_task_log_notice(task, "Failed to rename \"%s\" to \"%s\".", - directory, dir_bak, 0); + directory, dir_bak); slapi_task_log_notice(task, SLAPI_COMPONENT_NAME_NSPR " error %d (%s)", - prerr, slapd_pr_strerror(prerr), 0); + prerr, slapd_pr_strerror(prerr)); } return_value = -1; goto out; Index: dbhelp.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/dbhelp.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- dbhelp.c 19 Apr 2005 22:07:37 -0000 1.4 +++ dbhelp.c 11 Apr 2006 02:14:45 -0000 1.5 @@ -51,7 +51,7 @@ DB *source_file = NULL; DB *destination_file = NULL; DBC *source_cursor = NULL; - int dbtype = 0; + DBTYPE dbtype = 0; int dbflags = 0; int dbpagesize = 0; int cursor_flag = 0; Index: dllmain.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/dllmain.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- dllmain.c 19 Apr 2005 22:07:38 -0000 1.4 +++ dllmain.c 11 Apr 2006 02:14:45 -0000 1.5 @@ -136,6 +136,7 @@ va_list ap; va_start (ap, fmt); _snprintf (debugBuf, sizeof(debugBuf), fmt, ap); + debugBuf[sizeof(debugBuf)-1] = 0; va_end (ap); OutputDebugString (debugBuf); Index: import-merge.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/import-merge.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- import-merge.c 19 Apr 2005 22:07:38 -0000 1.5 +++ import-merge.c 11 Apr 2006 02:14:45 -0000 1.6 @@ -654,8 +654,7 @@ int passes = job->current_pass; if (1 == job->number_indexers) { - import_log_notice(job, "Beginning %d-way merge of one file...", passes, - job->number_indexers); + import_log_notice(job, "Beginning %d-way merge of one file...", passes); } else { import_log_notice(job, "Beginning %d-way merge of up to %lu files...", passes, job->number_indexers); Index: import.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/import.h,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- import.h 6 Dec 2005 18:28:14 -0000 1.5 +++ import.h 11 Apr 2006 02:14:45 -0000 1.6 @@ -203,7 +203,13 @@ /* import.c */ FifoItem *import_fifo_fetch(ImportJob *job, ID id, int worker, int shift); void import_free_job(ImportJob *job); -void import_log_notice(ImportJob *job, char *format, ...); +void import_log_notice(ImportJob *job, char *format, ...) +#ifdef __GNUC__ + __attribute__ ((format (printf, 2, 3))); +#else + ; +#endif + void import_abort_all(ImportJob *job, int wait_for_them); int import_entry_belongs_here(Slapi_Entry *e, backend *be); int import_make_merge_filenames(char *directory, char *indexname, int pass, Index: ldbm_attrcrypt.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- ldbm_attrcrypt.c 19 Apr 2005 22:07:38 -0000 1.7 +++ ldbm_attrcrypt.c 11 Apr 2006 02:14:45 -0000 1.8 @@ -199,7 +199,7 @@ key_as_berval.bv_len = wrapped_symmetric_key.len; key_value = slapi_value_new_berval(&key_as_berval); /* key_value is now a copy of key_as_berval - free wrapped_symmetric_key */ - slapi_ch_free(&wrapped_symmetric_key.data); + slapi_ch_free_string((char **)&wrapped_symmetric_key.data); slapi_entry_add_value(e, KEY_ATTRIBUTE_NAME, key_value); slapi_value_free(&key_value); /* Store the entry */ Index: ldbm_config.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/ldbm_config.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- ldbm_config.c 19 Apr 2005 22:07:38 -0000 1.5 +++ ldbm_config.c 11 Apr 2006 02:14:45 -0000 1.6 @@ -1371,6 +1371,7 @@ void ldbm_config_get(void *arg, config_info *config, char *buf) { char *tmp_string; + size_t val = 0; if (config == NULL) { buf[0] = '\0'; @@ -1387,7 +1388,8 @@ sprintf(buf, "%ld", (long) config->config_get_fn(arg)); break; case CONFIG_TYPE_SIZE_T: - sprintf(buf, "%lu", (size_t) config->config_get_fn(arg)); + val = (size_t) config->config_get_fn(arg); + sprintf(buf, "%lu", val); break; case CONFIG_TYPE_STRING: /* Remember the get function for strings returns memory Index: ldif2ldbm.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/ldif2ldbm.c,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- ldif2ldbm.c 16 Mar 2006 03:02:33 -0000 1.8 +++ ldif2ldbm.c 11 Apr 2006 02:14:45 -0000 1.9 @@ -1307,7 +1307,7 @@ if (NULL == inst) { if (task) { slapi_task_log_notice(task, "Unknown ldbm instance %s", - instance_name, 0, 0); + instance_name); } LDAPDebug(LDAP_DEBUG_ANY, "Unknown ldbm instance %s\n", instance_name, 0, 0); @@ -2081,7 +2081,7 @@ { time_t tm = time(0); /* long */ - char *tmpname = slapi_ch_smprintf("%s/%d", dest_dir, tm); + char *tmpname = slapi_ch_smprintf("%s/%ld", dest_dir, tm); dest_dir = tmpname; } else /* not a directory */ From fedora-directory-commits at redhat.com Tue Apr 11 02:14:43 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Mon, 10 Apr 2006 19:14:43 -0700 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/pam_passthru pam_ptdllmain.c, 1.4, 1.5 Message-ID: <200604110215.k3B2FDFT008640@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/pam_passthru In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8136/ldapserver/ldap/servers/plugins/pam_passthru Modified Files: pam_ptdllmain.c Log Message: Bug(s) fixed: 186280 Bug Description: ldapserver: Close potential security vulnerabilities in CGI code Reviewed by: Nathan, Noriko, and Pete (Thanks!) Fix Description: Clean up usage of sprintf, strcpy, fgets instead of gets, fixed buffer usage, etc., mostly in the CGI code and other user facing code (i.e. setup). Also, Steve Grubb told me about a GCC trick to force it to check printf style varargs functions, to check the format string against the argument string, for type mismatches, missing arguments, and too many arguments. In the CGI form argument parsing code, we needed to be more careful about checking for bad input - good input is supposed to look like this: name=value&name=value&..... &name=value. I don't think the original code was checking properly for something like name&name=value. There was another place where we were not checking to see if a buffer had enough room before appending a string to it. I had to change a couple of functions to allow passing in the size of the buffer. Fixed some issues raised by Noriko and Nathan. Platforms tested: RHEL4 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: pam_ptdllmain.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/pam_passthru/pam_ptdllmain.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- pam_ptdllmain.c 19 Apr 2005 22:07:30 -0000 1.4 +++ pam_ptdllmain.c 11 Apr 2006 02:14:41 -0000 1.5 @@ -138,6 +138,7 @@ va_list ap; va_start (ap, fmt); _snprintf (debugBuf, sizeof(debugBuf), fmt, ap); + debugBuf[sizeof(debugBuf)-1] = 0; va_end (ap); OutputDebugString (debugBuf); From fedora-directory-commits at redhat.com Tue Apr 11 02:14:44 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Mon, 10 Apr 2006 19:14:44 -0700 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/presence presence.c, 1.4, 1.5 Message-ID: <200604110215.k3B2FFO9008646@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/presence In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8136/ldapserver/ldap/servers/plugins/presence Modified Files: presence.c Log Message: Bug(s) fixed: 186280 Bug Description: ldapserver: Close potential security vulnerabilities in CGI code Reviewed by: Nathan, Noriko, and Pete (Thanks!) Fix Description: Clean up usage of sprintf, strcpy, fgets instead of gets, fixed buffer usage, etc., mostly in the CGI code and other user facing code (i.e. setup). Also, Steve Grubb told me about a GCC trick to force it to check printf style varargs functions, to check the format string against the argument string, for type mismatches, missing arguments, and too many arguments. In the CGI form argument parsing code, we needed to be more careful about checking for bad input - good input is supposed to look like this: name=value&name=value&..... &name=value. I don't think the original code was checking properly for something like name&name=value. There was another place where we were not checking to see if a buffer had enough room before appending a string to it. I had to change a couple of functions to allow passing in the size of the buffer. Fixed some issues raised by Noriko and Nathan. Platforms tested: RHEL4 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: presence.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/presence/presence.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- presence.c 19 Apr 2005 22:07:31 -0000 1.4 +++ presence.c 11 Apr 2006 02:14:42 -0000 1.5 @@ -61,7 +61,13 @@ /*** from proto-slap.h ***/ -int slapd_log_error_proc( char *subsystem, char *fmt, ... ); +int slapd_log_error_proc( char *subsystem, char *fmt, ... ) +#ifdef __GNUC__ + __attribute__ ((format (printf, 2, 3))); +#else + ; +#endif + /*** from ldaplog.h ***/ From fedora-directory-commits at redhat.com Tue Apr 11 02:14:53 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Mon, 10 Apr 2006 19:14:53 -0700 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldif dllmain.c, 1.4, 1.5 Message-ID: <200604110215.k3B2FNkB008691@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldif In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8136/ldapserver/ldap/servers/slapd/back-ldif Modified Files: dllmain.c Log Message: Bug(s) fixed: 186280 Bug Description: ldapserver: Close potential security vulnerabilities in CGI code Reviewed by: Nathan, Noriko, and Pete (Thanks!) Fix Description: Clean up usage of sprintf, strcpy, fgets instead of gets, fixed buffer usage, etc., mostly in the CGI code and other user facing code (i.e. setup). Also, Steve Grubb told me about a GCC trick to force it to check printf style varargs functions, to check the format string against the argument string, for type mismatches, missing arguments, and too many arguments. In the CGI form argument parsing code, we needed to be more careful about checking for bad input - good input is supposed to look like this: name=value&name=value&..... &name=value. I don't think the original code was checking properly for something like name&name=value. There was another place where we were not checking to see if a buffer had enough room before appending a string to it. I had to change a couple of functions to allow passing in the size of the buffer. Fixed some issues raised by Noriko and Nathan. Platforms tested: RHEL4 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: dllmain.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldif/dllmain.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- dllmain.c 19 Apr 2005 22:07:39 -0000 1.4 +++ dllmain.c 11 Apr 2006 02:14:45 -0000 1.5 @@ -140,6 +140,7 @@ va_list ap; va_start (ap, fmt); _snprintf (debugBuf, sizeof(debugBuf), fmt, ap); + debugBuf[sizeof(debugBuf)-1] = 0; va_end (ap); OutputDebugString (debugBuf); From fedora-directory-commits at redhat.com Tue Apr 11 02:14:53 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Mon, 10 Apr 2006 19:14:53 -0700 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd/tools migratecred.c, 1.5, 1.6 pwenc.c, 1.5, 1.6 Message-ID: <200604110215.k3B2FNqU008695@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/tools In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8136/ldapserver/ldap/servers/slapd/tools Modified Files: migratecred.c pwenc.c Log Message: Bug(s) fixed: 186280 Bug Description: ldapserver: Close potential security vulnerabilities in CGI code Reviewed by: Nathan, Noriko, and Pete (Thanks!) Fix Description: Clean up usage of sprintf, strcpy, fgets instead of gets, fixed buffer usage, etc., mostly in the CGI code and other user facing code (i.e. setup). Also, Steve Grubb told me about a GCC trick to force it to check printf style varargs functions, to check the format string against the argument string, for type mismatches, missing arguments, and too many arguments. In the CGI form argument parsing code, we needed to be more careful about checking for bad input - good input is supposed to look like this: name=value&name=value&..... &name=value. I don't think the original code was checking properly for something like name&name=value. There was another place where we were not checking to see if a buffer had enough room before appending a string to it. I had to change a couple of functions to allow passing in the size of the buffer. Fixed some issues raised by Noriko and Nathan. Platforms tested: RHEL4 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: migratecred.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/tools/migratecred.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- migratecred.c 19 Apr 2005 22:07:42 -0000 1.5 +++ migratecred.c 11 Apr 2006 02:14:51 -0000 1.6 @@ -172,7 +172,8 @@ #endif #endif - sprintf(libpath, "%s/../lib/des-plugin%s", newpath, shared_lib); + snprintf(libpath, sizeof(libpath), "%s/../lib/des-plugin%s", newpath, shared_lib); + libpath[sizeof(libpath)-1] = 0; fct = (migrate_fn_type)sym_load(libpath, "migrateCredentials", "DES Plugin", 1 /* report errors */ ); Index: pwenc.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/tools/pwenc.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- pwenc.c 19 Apr 2005 22:07:42 -0000 1.5 +++ pwenc.c 11 Apr 2006 02:14:51 -0000 1.6 @@ -129,7 +129,7 @@ struct pw_scheme *pwsp, *cmppwsp; extern int optind; char *cpwd = NULL; /* candidate password for comparison */ - char errorbuf[BUFSIZ]; + char errorbuf[SLAPI_DSE_RETURNTEXT_SIZE]; slapdFrontendConfig_t *slapdFrontendConfig = NULL; char *opts = "Hs:c:D:"; From fedora-directory-commits at redhat.com Tue Apr 11 02:14:55 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Mon, 10 Apr 2006 19:14:55 -0700 Subject: [Fedora-directory-commits] ldapserver/lib/base dns.cpp, 1.5, 1.6 dnsdmain.cpp, 1.6, 1.7 file.cpp, 1.5, 1.6 plist.cpp, 1.4, 1.5 pool.cpp, 1.5, 1.6 Message-ID: <200604110215.k3B2FPFR008707@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/lib/base In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8136/ldapserver/lib/base Modified Files: dns.cpp dnsdmain.cpp file.cpp plist.cpp pool.cpp Log Message: Bug(s) fixed: 186280 Bug Description: ldapserver: Close potential security vulnerabilities in CGI code Reviewed by: Nathan, Noriko, and Pete (Thanks!) Fix Description: Clean up usage of sprintf, strcpy, fgets instead of gets, fixed buffer usage, etc., mostly in the CGI code and other user facing code (i.e. setup). Also, Steve Grubb told me about a GCC trick to force it to check printf style varargs functions, to check the format string against the argument string, for type mismatches, missing arguments, and too many arguments. In the CGI form argument parsing code, we needed to be more careful about checking for bad input - good input is supposed to look like this: name=value&name=value&..... &name=value. I don't think the original code was checking properly for something like name&name=value. There was another place where we were not checking to see if a buffer had enough room before appending a string to it. I had to change a couple of functions to allow passing in the size of the buffer. Fixed some issues raised by Noriko and Nathan. Platforms tested: RHEL4 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: dns.cpp =================================================================== RCS file: /cvs/dirsec/ldapserver/lib/base/dns.cpp,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- dns.cpp 19 Apr 2005 22:07:45 -0000 1.5 +++ dns.cpp 11 Apr 2006 02:14:52 -0000 1.6 @@ -109,7 +109,9 @@ err = PR_InitializeNetAddr(PR_IpAddrNull, 0, &iaddr); - if((iaddr.inet.ip = inet_addr(ip)) == -1) + /* richm: ipv6 cleanup - use inet_aton or other more appropriate function + instead of inet_addr */ + if((iaddr.inet.ip = inet_addr(ip)) == (in_addr_t)-1) goto bong; /* Index: dnsdmain.cpp =================================================================== RCS file: /cvs/dirsec/ldapserver/lib/base/dnsdmain.cpp,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- dnsdmain.cpp 10 May 2005 23:17:04 -0000 1.6 +++ dnsdmain.cpp 11 Apr 2006 02:14:52 -0000 1.7 @@ -177,7 +177,7 @@ if (domain != 0) { hnlen = strlen(hname); - if ((hnlen + dnlen + 2) <= sizeof(line)) { + if ((size_t)(hnlen + dnlen + 2) <= sizeof(line)) { strcpy(line, hname); line[hnlen] = '.'; strcpy(&line[hnlen+1], domain); Index: file.cpp =================================================================== RCS file: /cvs/dirsec/ldapserver/lib/base/file.cpp,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- file.cpp 19 Apr 2005 22:07:45 -0000 1.5 +++ file.cpp 11 Apr 2006 02:14:52 -0000 1.6 @@ -543,23 +543,6 @@ #include "util.h" -static char *_errmsg_new(int code) -{ - char *ret; -#ifdef THREAD_ANY - if(!(ret = (char *) systhread_getdata(errmsg_key))) { - ret = (char *) PERM_MALLOC(256); - systhread_setdata(errmsg_key, (void *)ret); - } -#else - ret = errmsg; -#endif - util_snprintf(ret, ERRMSG_SIZE, "libsec code %d", code); -#ifndef MCC_BATMAN - PR_SetError(0,0); -#endif - return ret; -} #endif @@ -611,7 +594,7 @@ PR_SetError(0, 0); lmsg = nscp_error_msg; } else { - util_snprintf(static_error, ERRMSG_SIZE, "unknown error %d", nscp_error); + util_snprintf(static_error, sizeof(static_error), "unknown error %d", nscp_error); lmsg = static_error; } } else { Index: plist.cpp =================================================================== RCS file: /cvs/dirsec/ldapserver/lib/base/plist.cpp,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- plist.cpp 19 Apr 2005 22:07:45 -0000 1.4 +++ plist.cpp 11 Apr 2006 02:14:52 -0000 1.5 @@ -818,7 +818,7 @@ /* Is it time to grow the hash table? */ i = PLSIZENDX(pt->pt_sizendx); - if ((pt->pt_sizendx < PLMAXSIZENDX) && + if (((size_t)pt->pt_sizendx < PLMAXSIZENDX) && pt->pt_nsyms >= (i + i)) { PLSymbolTable_t *npt; Index: pool.cpp =================================================================== RCS file: /cvs/dirsec/ldapserver/lib/base/pool.cpp,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- pool.cpp 19 Apr 2005 22:07:45 -0000 1.5 +++ pool.cpp 11 Apr 2006 02:14:52 -0000 1.6 @@ -195,7 +195,7 @@ memset(block->data, 0xa, block->end-block->data); #endif /* POOL_ZERO_DEBUG */ - if ((freelist_size + block->end - block->data) > freelist_max) { + if ((unsigned long)(freelist_size + block->end - block->data) > freelist_max) { /* Just have to delete the whole block! */ crit_enter(freelist_lock); @@ -452,7 +452,7 @@ pool_t *pool = (pool_t *)pool_handle; void *newptr; block_t *block_ptr; - int oldsize; + size_t oldsize; if (pool_handle == NULL || pool_disable) return PERM_REALLOC(ptr, size); From fedora-directory-commits at redhat.com Tue Apr 11 02:14:54 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Mon, 10 Apr 2006 19:14:54 -0700 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd/tools/ldclt ldclt.c, 1.1, 1.2 repcheck.c, 1.1, 1.2 repslave.c, 1.1, 1.2 Message-ID: <200604110215.k3B2FOq5008700@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/tools/ldclt In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8136/ldapserver/ldap/servers/slapd/tools/ldclt Modified Files: ldclt.c repcheck.c repslave.c Log Message: Bug(s) fixed: 186280 Bug Description: ldapserver: Close potential security vulnerabilities in CGI code Reviewed by: Nathan, Noriko, and Pete (Thanks!) Fix Description: Clean up usage of sprintf, strcpy, fgets instead of gets, fixed buffer usage, etc., mostly in the CGI code and other user facing code (i.e. setup). Also, Steve Grubb told me about a GCC trick to force it to check printf style varargs functions, to check the format string against the argument string, for type mismatches, missing arguments, and too many arguments. In the CGI form argument parsing code, we needed to be more careful about checking for bad input - good input is supposed to look like this: name=value&name=value&..... &name=value. I don't think the original code was checking properly for something like name&name=value. There was another place where we were not checking to see if a buffer had enough room before appending a string to it. I had to change a couple of functions to allow passing in the size of the buffer. Fixed some issues raised by Noriko and Nathan. Platforms tested: RHEL4 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: ldclt.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/tools/ldclt/ldclt.c,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- ldclt.c 11 Jan 2006 01:54:30 -0000 1.1 +++ ldclt.c 11 Apr 2006 02:14:51 -0000 1.2 @@ -3060,6 +3060,8 @@ ldcltExit (EXIT_OTHER); /*JLS 25-08-00*/ ldcltExit (mctx.exitStatus); /*JLS 25-08-00*/ + + return mctx.exitStatus; } Index: repcheck.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/tools/ldclt/repcheck.c,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- repcheck.c 11 Jan 2006 01:54:30 -0000 1.1 +++ repcheck.c 11 Apr 2006 02:14:51 -0000 1.2 @@ -111,6 +111,7 @@ char **tmp; struct hostent *serveraddr; struct sockaddr_in srvsaddr; + char *p; while((i=getopt(argc,argv,"p:"))!=EOF){ switch(i){ @@ -125,7 +126,10 @@ maxop=npend=0; pendops=(Optype*)malloc(sizeof(Optype)*20); sigset(SIGPIPE,SIG_IGN); - while(gets(logline)){ + while(fgets(logline, sizeof(logline), stdin)){ + if (p = strchr(logline, '\n')) { + *p = 0; + } if(!connected){ if((sockfd=socket(AF_INET,SOCK_STREAM,0))==-1){ perror(argv[0]); Index: repslave.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/tools/ldclt/repslave.c,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- repslave.c 11 Jan 2006 01:54:30 -0000 1.1 +++ repslave.c 11 Apr 2006 02:14:51 -0000 1.2 @@ -314,8 +314,11 @@ * Ignore SIGPIPE during write() */ sigset(SIGPIPE,SIG_IGN); - while(gets(logline)) + while(fgets(logline, sizeof(logline), stdin)) { + if (p = strchr(logline, '\n')) { + *p = 0; + } if(log) puts(logline); for(tmp=ldap_ops,i=0;tmp[i];i++) From fedora-directory-commits at redhat.com Wed Apr 12 22:11:49 2006 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Wed, 12 Apr 2006 15:11:49 -0700 Subject: [Fedora-directory-commits] dsbuild gar.conf.mk, 1.1.1.1, 1.2 gar.conf.mk.in, 1.1.1.1, 1.2 gar.lib.mk, 1.3, 1.4 gar.mk, 1.1.1.1, 1.2 Message-ID: <200604122211.k3CMBnJx032371@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/dsbuild In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv32350 Modified Files: gar.conf.mk gar.conf.mk.in gar.lib.mk gar.mk Log Message: fix USE_CVS issue - remove all of the install stuff - should make use on Solaris et. al. easier Index: gar.conf.mk =================================================================== RCS file: /cvs/dirsec/dsbuild/gar.conf.mk,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- gar.conf.mk 10 Feb 2006 15:28:53 -0000 1.1.1.1 +++ gar.conf.mk 12 Apr 2006 22:11:47 -0000 1.2 @@ -23,101 +23,9 @@ GARCHIVEDIR = $(HOME)/ds-sources -# Set this variable if you want to compile KDE for a 64bit target (x86_64) - -#HAVE_64BIT_TARGET = true - -# Several variables depend on the target architecture - -ifdef HAVE_64BIT_TARGET - ENABLE_LIBSUFFIX="--enable-libsuffix=64" - TARGET_LIBNAME = lib64 - TARGET_PLATFORM = linux-g++-64 - TARGET_PKG_CONFIG_PATH = /usr/lib64/pkgconfig:/usr/local/lib64/pkgconfig - - # *Mandatory* compiler options on x86_64 - OWN_CFLAGS = -m64 -fPIC - - # Compiler options (optional) - OWN_CFLAGS += -O2 -pipe - - # Optional compiler options for gcc >= 3.4.0 -# OWN_CFLAGS += -march=opteron -O3 -pipe - -else - ENABLE_LIBSUFFIX= - TARGET_LIBNAME = lib - TARGET_PLATFORM = linux-g++ - TARGET_PKG_CONFIG_PATH = /usr/lib/pkgconfig:/usr/local/lib/pkgconfig - - # Compiler options (optional) - OWN_CFLAGS = -O2 -pipe - -endif - -# These are the standard directory name variables from all GNU -# makefiles. They're also used by autoconf, and can be adapted -# for a variety of build systems. -# -# TODO: set $(SYSCONFDIR) and $(LOCALSTATEDIR) to never use -# /usr/etc or /usr/var -prefix ?= /tmp/fedora-ds-build -exec_prefix = $(prefix) -bindir = $(exec_prefix)/bin -sbindir = $(exec_prefix)/sbin -libexecdir = $(exec_prefix)/libexec -datadir = $(prefix)/share -sysconfdir = $(prefix)/etc -sharedstatedir = $(prefix)/share -localstatedir = $(prefix)/var -libdir = $(exec_prefix)/$(TARGET_LIBNAME) -infodir = $(BUILD_PREFIX)/info -lispdir = $(prefix)/share/emacs/site-lisp -includedir = $(BUILD_PREFIX)/include -mandir = $(BUILD_PREFIX)/man -docdir = $(BUILD_PREFIX)/share/doc -sourcedir = $(BUILD_PREFIX)/src - -# the DESTDIR is used at INSTALL TIME ONLY to determine what the -# filesystem root should be. The BUILD_PREFIX is the prefix that -# usurps the DESTDIR. It should be considered relative to -# $(DESTDIR). Thus, if includedir were set to -# $(BUILD_PREFIX)/include, it would expand out at install time -# (BUT NO SOONER) to /tmp/gar/../../tmp/build. The /../../ at -# the front should be harmless, as .. for / is just / itself. -DESTDIR ?= -BUILD_PREFIX ?= $(prefix) -#BUILD_PREFIX ?= $(ROOTFROMDEST)/tmp/build - -# allow us to link to libraries we installed -CPPFLAGS += -I$(DESTDIR)$(includedir) -CFLAGS += -I$(DESTDIR)$(includedir) -L$(DESTDIR)$(libdir) -LDFLAGS += -L$(DESTDIR)$(libdir) -# allow us to use programs we just built -PATH := $(DESTDIR)$(bindir):$(DESTDIR)$(sbindir):$(DESTDIR)$(BUILD_PREFIX)/bin:$(DESTDIR)$(BUILD_PREFIX)/sbin:$(PATH) -LD_LIBRARY_PATH := $(DESTDIR)$(libdir):$(DESTDIR)$(BUILD_PREFIX)/$(TARGET_LIBNAME):$(LD_LIBRARY_PATH) - -# This is for foo-config chaos -PKG_CONFIG_PATH:=$(DESTDIR)$(libdir)/pkgconfig:$(TARGET_PKG_CONFIG_PATH):$(PKG_CONFIG_PATH) - -# Now add own flags to CFLAGS -CFLAGS += $(OWN_CFLAGS) - -# Equalise CFLAGS and CXXFLAGS -CXXFLAGS := $(CFLAGS) - # If you have no following GNU tools installed change these lines TAR = tar MD5 = md5sum -# make these variables available to configure and build scripts -# outside of make's realm. -export DESTDIR prefix exec_prefix bindir sbindir libexecdir datadir sysconfdir -export sharedstatedir localstatedir libdir infodir lispdir includedir mandir -export docdir sourcedir -export CC CXX -export CPPFLAGS CFLAGS CXXFLAGS LDFLAGS PATH LD_LIBRARY_PATH LD_PRELOAD -export PKG_CONFIG_PATH BUILD_CLEAN - # prepend the local file listing FILE_SITES = file://$(FILEDIR)/ file://$(GARCHIVEDIR)/ Index: gar.conf.mk.in =================================================================== RCS file: /cvs/dirsec/dsbuild/gar.conf.mk.in,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- gar.conf.mk.in 10 Feb 2006 15:28:53 -0000 1.1.1.1 +++ gar.conf.mk.in 12 Apr 2006 22:11:47 -0000 1.2 @@ -23,101 +23,9 @@ GARCHIVEDIR = $(HOME)/ds-sources -# Set this variable if you want to compile KDE for a 64bit target (x86_64) - -#HAVE_64BIT_TARGET = true - -# Several variables depend on the target architecture - -ifdef HAVE_64BIT_TARGET - ENABLE_LIBSUFFIX="--enable-libsuffix=64" - TARGET_LIBNAME = lib64 - TARGET_PLATFORM = linux-g++-64 - TARGET_PKG_CONFIG_PATH = /usr/lib64/pkgconfig:/usr/local/lib64/pkgconfig - - # *Mandatory* compiler options on x86_64 - OWN_CFLAGS = -m64 -fPIC - - # Compiler options (optional) - OWN_CFLAGS += -O2 -pipe - - # Optional compiler options for gcc >= 3.4.0 -# OWN_CFLAGS += -march=opteron -O3 -pipe - -else - ENABLE_LIBSUFFIX= - TARGET_LIBNAME = lib - TARGET_PLATFORM = linux-g++ - TARGET_PKG_CONFIG_PATH = /usr/lib/pkgconfig:/usr/local/lib/pkgconfig - - # Compiler options (optional) - OWN_CFLAGS = -O2 -pipe - -endif - -# These are the standard directory name variables from all GNU -# makefiles. They're also used by autoconf, and can be adapted -# for a variety of build systems. -# -# TODO: set $(SYSCONFDIR) and $(LOCALSTATEDIR) to never use -# /usr/etc or /usr/var -prefix ?= /tmp/fedora-ds-build -exec_prefix = $(prefix) -bindir = $(exec_prefix)/bin -sbindir = $(exec_prefix)/sbin -libexecdir = $(exec_prefix)/libexec -datadir = $(prefix)/share -sysconfdir = $(prefix)/etc -sharedstatedir = $(prefix)/share -localstatedir = $(prefix)/var -libdir = $(exec_prefix)/$(TARGET_LIBNAME) -infodir = $(BUILD_PREFIX)/info -lispdir = $(prefix)/share/emacs/site-lisp -includedir = $(BUILD_PREFIX)/include -mandir = $(BUILD_PREFIX)/man -docdir = $(BUILD_PREFIX)/share/doc -sourcedir = $(BUILD_PREFIX)/src - -# the DESTDIR is used at INSTALL TIME ONLY to determine what the -# filesystem root should be. The BUILD_PREFIX is the prefix that -# usurps the DESTDIR. It should be considered relative to -# $(DESTDIR). Thus, if includedir were set to -# $(BUILD_PREFIX)/include, it would expand out at install time -# (BUT NO SOONER) to /tmp/gar/../../tmp/build. The /../../ at -# the front should be harmless, as .. for / is just / itself. -DESTDIR ?= -BUILD_PREFIX ?= $(prefix) -#BUILD_PREFIX ?= $(ROOTFROMDEST)/tmp/build - -# allow us to link to libraries we installed -CPPFLAGS += -I$(DESTDIR)$(includedir) -CFLAGS += -I$(DESTDIR)$(includedir) -L$(DESTDIR)$(libdir) -LDFLAGS += -L$(DESTDIR)$(libdir) -# allow us to use programs we just built -PATH := $(DESTDIR)$(bindir):$(DESTDIR)$(sbindir):$(DESTDIR)$(BUILD_PREFIX)/bin:$(DESTDIR)$(BUILD_PREFIX)/sbin:$(PATH) -LD_LIBRARY_PATH := $(DESTDIR)$(libdir):$(DESTDIR)$(BUILD_PREFIX)/$(TARGET_LIBNAME):$(LD_LIBRARY_PATH) - -# This is for foo-config chaos -PKG_CONFIG_PATH:=$(DESTDIR)$(libdir)/pkgconfig:$(TARGET_PKG_CONFIG_PATH):$(PKG_CONFIG_PATH) - -# Now add own flags to CFLAGS -CFLAGS += $(OWN_CFLAGS) - -# Equalise CFLAGS and CXXFLAGS -CXXFLAGS := $(CFLAGS) - # If you have no following GNU tools installed change these lines TAR = tar MD5 = md5sum -# make these variables available to configure and build scripts -# outside of make's realm. -export DESTDIR prefix exec_prefix bindir sbindir libexecdir datadir sysconfdir -export sharedstatedir localstatedir libdir infodir lispdir includedir mandir -export docdir sourcedir -export CC CXX -export CPPFLAGS CFLAGS CXXFLAGS LDFLAGS PATH LD_LIBRARY_PATH LD_PRELOAD -export PKG_CONFIG_PATH BUILD_CLEAN - # prepend the local file listing FILE_SITES = file://$(FILEDIR)/ file://$(GARCHIVEDIR)/ Index: gar.lib.mk =================================================================== RCS file: /cvs/dirsec/dsbuild/gar.lib.mk,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- gar.lib.mk 8 Apr 2006 19:26:49 -0000 1.3 +++ gar.lib.mk 12 Apr 2006 22:11:47 -0000 1.4 @@ -46,7 +46,7 @@ # get one that doesn't return an error code. $(DOWNLOADDIR)/%: # no download with cvs - we "extract" the files from CVS instead -ifndef USE_CVS +ifdef DISTFILES @if test -f $(COOKIEDIR)/checksum-$*; then : ; else \ echo " ==> Grabbing $(call TMSG_ID,$@)"; \ for i in $(filter %/$*,$(URLS)); do \ @@ -106,7 +106,7 @@ # error out if it mentions the file without an "OK". checksum-%: $(CHECKSUM_FILE) # no checksum with cvs - we "extract" the files from CVS instead -ifndef USE_CVS +ifdef DISTFILES @echo " ==> Running checksum on $(call TMSG_ID,$*)" @if grep -- '$*' $(CHECKSUM_FILE); then \ if LC_ALL="C" LANG="C" $(MD5) -c $(CHECKSUM_FILE) 2>&1 | grep -- '$*' | grep -v ':[ ]\+OK'; then \ @@ -290,17 +290,6 @@ #################### CONFIGURE RULES #################### -ifdef HAVE_QT_3_3_INSTALLED - TMP_DIRPATHS = --prefix=$(prefix) --exec_prefix=$(exec_prefix) --bindir=$(bindir) --sbindir=$(sbindir) --libexecdir=$(libexecdir) --datadir=$(datadir) --sysconfdir=$(sysconfdir) --sharedstatedir=$(sharedstatedir) --localstatedir=$(localstatedir) --libdir=$(libdir) --infodir=$(infodir) --lispdir=$(lispdir) --includedir=$(includedir) --mandir=$(mandir) --with-qt-dir=$(QTDIR) -else - TMP_DIRPATHS = --prefix=$(prefix) --exec_prefix=$(exec_prefix) --bindir=$(bindir) --sbindir=$(sbindir) --libexecdir=$(libexecdir) --datadir=$(datadir) --sysconfdir=$(sysconfdir) --sharedstatedir=$(sharedstatedir) --localstatedir=$(localstatedir) --libdir=$(libdir) --infodir=$(infodir) --lispdir=$(lispdir) --includedir=$(includedir) --mandir=$(mandir) --with-qt-dir=$(prefix) - QTDIR = $(prefix) -endif - -NODIRPATHS += --lispdir - -DIRPATHS = $(filter-out $(addsuffix %,$(NODIRPATHS)), $(TMP_DIRPATHS)) - # configure a package that has an autoconf-style configure # script. configure-%/configure: Index: gar.mk =================================================================== RCS file: /cvs/dirsec/dsbuild/gar.mk,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- gar.mk 10 Feb 2006 15:28:52 -0000 1.1.1.1 +++ gar.mk 12 Apr 2006 22:11:47 -0000 1.2 @@ -38,13 +38,6 @@ ALLFILES ?= $(DISTFILES) $(PATCHFILES) -INSTALL_DIRS = $(addprefix $(DESTDIR),$(BUILD_PREFIX) $(prefix) $(exec_prefix) $(bindir) $(sbindir) $(libexecdir) $(datadir) $(sysconfdir) $(sharedstatedir) $(localstatedir) $(libdir) $(infodir) $(lispdir) $(includedir) $(mandir) $(foreach NUM,1 2 3 4 5 6 7 8, $(mandir)/man$(NUM)) $(sourcedir)) - -# These are bad, since exporting them mucks up the dep rules! -# WORKSRC is added in manually for the manifest rule. -#export GARDIR FILEDIR DOWNLOADDIR COOKIEDIR WORKDIR WORKSRC EXTRACTDIR -#export SCRATCHDIR CHECKSUM_FILE MANIFEST_FILE - # For rules that do nothing, display what dependencies they # successfully completed DONADA = @echo " [$(call TMSG_ACTION,$@)] complete for $(call TMSG_ID,$(GARNAME))." From fedora-directory-commits at redhat.com Thu Apr 13 05:26:53 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Wed, 12 Apr 2006 22:26:53 -0700 Subject: [Fedora-directory-commits] ldapserver buildpaths.mk, 1.14, 1.15 components.mk, 1.47, 1.48 internal_buildpaths.mk, 1.9, 1.10 internal_comp_deps.mk, 1.39, 1.40 nsconfig.mk, 1.21, 1.22 Message-ID: <200604130526.k3D5Qr79017723@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17688 Modified Files: buildpaths.mk components.mk internal_buildpaths.mk internal_comp_deps.mk nsconfig.mk Log Message: [186642] Directory Server Makefile updates for Internal build Package 32-bit LDAPSDK, NSPR, and NSS libraries in shared32/lib for perldap (Solaris and PA-RISC only). Index: buildpaths.mk =================================================================== RCS file: /cvs/dirsec/ldapserver/buildpaths.mk,v retrieving revision 1.14 retrieving revision 1.15 diff -u -r1.14 -r1.15 --- buildpaths.mk 8 Apr 2006 19:29:35 -0000 1.14 +++ buildpaths.mk 13 Apr 2006 05:26:51 -0000 1.15 @@ -73,14 +73,18 @@ # ours - we need to map ours to theirs ifneq (,$(findstring RHEL3,$(NSOBJDIR_NAME))) MOZ_OBJDIR_NAME = $(subst _gcc3_,_glibc_PTH$(NS64TAG)_,$(subst RHEL3,Linux2.4,$(NSOBJDIR_NAME))) + MOZ_OBJDIR_NAME_32 = $(subst _gcc3_,_glibc_PTH_,$(subst RHEL3,Linux2.4,$(NSOBJDIR_NAME))) else ifneq (,$(findstring RHEL4,$(NSOBJDIR_NAME))) MOZ_OBJDIR_NAME = $(subst _gcc3_,_glibc_PTH$(NS64TAG)_,$(subst RHEL4,Linux2.6,$(NSOBJDIR_NAME))) + MOZ_OBJDIR_NAME_32 = $(subst _gcc3_,_glibc_PTH_,$(subst RHEL4,Linux2.6,$(NSOBJDIR_NAME))) else ifneq (,$(findstring Linux,$(NSOBJDIR_NAME))) MOZ_OBJDIR_NAME = $(subst _glibc_PTH_,_glibc_PTH$(NS64TAG)_,$(NSOBJDIR_NAME)) + MOZ_OBJDIR_NAME_32 = $(subst _glibc_PTH_,_glibc_PTH_,$(NSOBJDIR_NAME)) else MOZ_OBJDIR_NAME = $(NSOBJDIR_NAME) + MOZ_OBJDIR_NAME_32 = $(NSOBJDIR_NAME_32) endif endif endif Index: components.mk =================================================================== RCS file: /cvs/dirsec/ldapserver/components.mk,v retrieving revision 1.47 retrieving revision 1.48 diff -u -r1.47 -r1.48 --- components.mk 8 Apr 2006 19:29:35 -0000 1.47 +++ components.mk 13 Apr 2006 05:26:51 -0000 1.48 @@ -152,12 +152,16 @@ ifdef NSPR_SOURCE_ROOT NSPR_LIBPATH = $(NSPR_SOURCE_ROOT)/dist/$(MOZ_OBJDIR_NAME)/lib NSPR_INCDIR = $(NSPR_SOURCE_ROOT)/dist/$(MOZ_OBJDIR_NAME)/include + NSPR_LIBPATH_32 = $(NSPR_SOURCE_ROOT)/dist/$(MOZ_OBJDIR_NAME_32)/lib + NSPR_INCDIR_32 = $(NSPR_SOURCE_ROOT)/dist/$(MOZ_OBJDIR_NAME_32)/include else NSPR_LIBPATH = $(NSPR_BUILD_DIR)/lib NSPR_INCDIR = $(NSPR_BUILD_DIR)/include + NSPR_LIBPATH_32 = $(NSPR_BUILD_DIR_32)/lib + NSPR_INCDIR_32 = $(NSPR_BUILD_DIR_32)/include endif NSPR_INCLUDE = -I$(NSPR_INCDIR) -NSPR_LIBS_TO_PKG = $(addsuffix .$(DLL_SUFFIX),$(addprefix $(NSPR_LIBPATH)/lib,$(NSPR_LIBNAMES))) +NSPR_LIBS_TO_PKG = $(addsuffix .$(DLL_SUFFIX),$(addprefix $(NSPR_LIBPATH)/$(LIB_PREFIX),$(NSPR_LIBNAMES))) LIBS_TO_PKG += $(NSPR_LIBS_TO_PKG) LIBS_TO_PKG_SHARED += $(NSPR_LIBS_TO_PKG) # needed for cmd line tools @@ -186,10 +190,14 @@ SECURITY_LIBPATH = $(SECURITY_SOURCE_ROOT)/dist/$(MOZ_OBJDIR_NAME)/lib SECURITY_BINPATH = $(SECURITY_SOURCE_ROOT)/dist/$(MOZ_OBJDIR_NAME)/bin SECURITY_INCDIR = $(SECURITY_SOURCE_ROOT)/dist/public/nss + SECURITY_LIBPATH_32 = $(SECURITY_SOURCE_ROOT)/dist/$(MOZ_OBJDIR_NAME_32)/lib + SECURITY_BINPATH_32 = $(SECURITY_SOURCE_ROOT)/dist/$(MOZ_OBJDIR_NAME_32)/bin else SECURITY_LIBPATH = $(SECURITY_BUILD_DIR)/lib SECURITY_BINPATH = $(SECURITY_BUILD_DIR)/bin SECURITY_INCDIR = $(SECURITY_BUILD_DIR)/include + SECURITY_LIBPATH_32 = $(SECURITY_BUILD_DIR_32)/lib + SECURITY_BINPATH_32 = $(SECURITY_BUILD_DIR_32)/bin endif SECURITY_INCLUDE = -I$(SECURITY_INCDIR) # add crlutil and ocspclnt when we support CRL and OCSP cert checking in DS @@ -227,6 +235,7 @@ SECURITY_LIBS_TO_PKG += $(addsuffix .chk,$(addprefix $(SECURITY_LIBPATH)/$(LIB_PREFIX),$(SECURITY_NEED_CHK))) LIBS_TO_PKG += $(SECURITY_LIBS_TO_PKG) LIBS_TO_PKG_SHARED += $(SECURITY_LIBS_TO_PKG) # for cmd line tools + ifeq ($(USE_SETUPUTIL), 1) PACKAGE_SETUP_LIBS += $(SECURITY_LIBS_TO_PKG) # for the setup programs endif @@ -285,10 +294,17 @@ LDAPSDK_LIBPATH = $(LDAPSDK_SOURCE_ROOT)/dist/lib LDAPSDK_INCDIR = $(LDAPSDK_SOURCE_ROOT)/dist/public/ldap LDAPSDK_BINPATH = $(LDAPSDK_SOURCE_ROOT)/dist/bin +# need to build in another source root ... + LDAPSDK_LIBPATH_32 = $(LDAPSDK_SOURCE_ROOT_32)/dist/lib + LDAPSDK_INCDIR_32 = $(LDAPSDK_SOURCE_ROOT_32)/dist/public/ldap + LDAPSDK_BINPATH_32 = $(LDAPSDK_SOURCE_ROOT_32)/dist/bin else LDAPSDK_LIBPATH = $(LDAP_ROOT)/lib LDAPSDK_INCDIR = $(LDAP_ROOT)/include LDAPSDK_BINPATH = $(LDAP_ROOT)/bin + LDAPSDK_LIBPATH_32 = $(LDAP_ROOT_32)/lib + LDAPSDK_INCDIR_32 = $(LDAP_ROOT_32)/include + LDAPSDK_BINPATH_32 = $(LDAP_ROOT_32)/bin endif LDAPSDK_INCLUDE = -I$(LDAPSDK_INCDIR) @@ -601,11 +617,48 @@ PACKAGE_SRC_DEST += $(PERLDAP_LIB_DIR) lib/perl PACKAGE_SRC_DEST += $(PERLDAP_AUTOLIB_DIR) lib/perl +# 32-bit perldap is packaged in 64-bit DS on Solaris and HP-UX PA-RISC. +# It requires 32-bit LDAPSDK, NSPR, NSS. +ifeq ($(USE_64), 1) + ifeq ($(BUILD_ARCH), SOLARIS) + PACKAGE_LIB32:=1 + endif + ifeq ($(BUILD_ARCH), HPUX) + HPUX_ARCH := $(shell uname -m) + ifneq ($(HPUX_ARCH), ia64) + PACKAGE_LIB32:=1 + endif + endif +endif + + # must define dependencies last because they depend on the definitions above ifeq ($(INTERNAL_BUILD), 1) include $(BUILD_ROOT)/internal_comp_deps.mk endif +ifeq ($(PACKAGE_LIB32), 1) + NSS32_LIBNAMES = $(SECURITY_LIBNAMES) smime3 + NSS32_NEED_CHK = softokn3 + ifeq ($(ARCH), SOLARIS) + NSS32_LIBNAMES += freebl_32fpu_3 freebl_32int64_3 freebl_32int_3 +# these libs have a corresponding .chk file + NSS32_NEED_CHK += freebl_32fpu_3 freebl_32int64_3 freebl_32int_3 + endif + ifeq ($(ARCH), HPUX) + NSS32_LIBNAMES += freebl_32fpu_3 freebl_32int_3 +# these libs have a corresponding .chk file + NSS32_NEED_CHK += freebl_32fpu_3 freebl_32int_3 + endif + NSSCKBI_FILE = $(LIB_PREFIX)nssckbi.$(DLL_SUFFIX) + NSSCKBI32_FILE = $(LIB_PREFIX)nssckbi32.$(DLL_SUFFIX) + SECURITY_FILES_32_TMP = $(NSSCKBI_FILE) $(addprefix $(LIB_PREFIX),$(addsuffix .$(DLL_SUFFIX),$(NSS32_LIBNAMES))) $(addprefix $(LIB_PREFIX),$(addsuffix .chk,$(NSS32_NEED_CHK))) + + LIBS_TO_PKG_SHARED_32 = $(addprefix $(SECURITY_LIBPATH_32)/,$(SECURITY_FILES_32_TMP)) + LIBS_TO_PKG_SHARED_32 += $(addsuffix .$(DLL_SUFFIX),$(addprefix $(NSPR_LIBPATH_32)/$(LIB_PREFIX),$(NSPR_LIBNAMES))) + LIBS_TO_PKG_SHARED_32 += $(addprefix $(LDAPSDK_LIBPATH_32)/,$(LDAP_SOLIBS)) +endif # PACKAGE_LIB32 + ################################################# # User Sync Components ################################################# Index: internal_buildpaths.mk =================================================================== RCS file: /cvs/dirsec/ldapserver/internal_buildpaths.mk,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- internal_buildpaths.mk 7 Apr 2006 01:33:30 -0000 1.9 +++ internal_buildpaths.mk 13 Apr 2006 05:26:51 -0000 1.10 @@ -77,6 +77,7 @@ #NSPR_SOURCE_ROOT = $(MOZILLA_SOURCE_ROOT) ifndef NSPR_SOURCE_ROOT NSPR_BUILD_DIR = $(NSCP_DISTDIR_FULL_RTL)/nspr +NSPR_BUILD_DIR_32 = $(NSCP_DISTDIR_FULL_RTL_32)/nspr # NSPR also needs a build dir with a full, absolute path for some reason NSPR_ABS_BUILD_DIR = $(NSCP_ABS_DISTDIR_FULL_RTL)/nspr endif # NSPR_SOURCE_ROOT @@ -89,6 +90,7 @@ #SECURITY_SOURCE_ROOT = $(MOZILLA_SOURCE_ROOT) ifndef SECURITY_SOURCE_ROOT SECURITY_BUILD_DIR = $(NSCP_DISTDIR_FULL_RTL)/nss +SECURITY_BUILD_DIR_32 = $(NSCP_DISTDIR_FULL_RTL_32)/nss endif # SECURITY_SOURCE_ROOT #SVRCORE_SOURCE_ROOT = $(MOZILLA_SOURCE_ROOT) @@ -99,6 +101,7 @@ #LDAPSDK_SOURCE_ROOT = $(MOZILLA_SOURCE_ROOT) ifndef LDAPSDK_SOURCE_ROOT LDAP_ROOT = $(NSCP_DISTDIR_FULL_RTL)/ldapsdk +LDAP_ROOT_32 = $(NSCP_DISTDIR_FULL_RTL_32)/ldapsdk endif # LDAPSDK_SOURCE_ROOT #SASL_SOURCE_ROOT = $(BUILD_ROOT)/../cyrus-sasl-2.1.20 Index: internal_comp_deps.mk =================================================================== RCS file: /cvs/dirsec/ldapserver/internal_comp_deps.mk,v retrieving revision 1.39 retrieving revision 1.40 diff -u -r1.39 -r1.40 --- internal_comp_deps.mk 7 Apr 2006 01:33:30 -0000 1.39 +++ internal_comp_deps.mk 13 Apr 2006 05:26:51 -0000 1.40 @@ -53,7 +53,7 @@ endif # BUILD_PUMPKIN ifndef NSPR_SOURCE_ROOT -NSPR_IMPORT = $(COMPONENTS_DIR)/nspr20/$(NSPR_RELDATE)/$(FULL_RTL_OBJDIR) +NSPR_IMPORT = $(COMPONENTS_DIR)/nspr/$(NSPR_RELDATE)/$(FULL_RTL_OBJDIR) NSPR_DEP = $(NSPR_LIBPATH)/libnspr4.$(LIB_SUFFIX) ifndef NSPR_PULL_METHOD @@ -158,6 +158,15 @@ LDAPSDK_PULL_LIBS = lib/libssldap$(LDAP_SUF)$(LDAP_DLL_PRESUF).$(LDAP_DLL_SUFFIX),lib/libldap$(LDAP_SUF)$(LDAP_DLL_PRESUF).$(LDAP_DLL_SUFFIX),lib/libprldap$(LDAP_SUF)$(LDAP_DLL_PRESUF).$(LDAP_DLL_SUFFIX) endif +# Solaris and HP-UX PA-RISC only ######################################### +# if building 64 bit version, also need the 32 bit version of NSS and NSPR +ifeq ($(PACKAGE_LIB32), 1) + NSPR_IMPORT_32 = $(COMPONENTS_DIR)/nspr/$(NSPR_RELDATE)/$(FULL_RTL_OBJDIR_32) + SECURITY_IMPORT_32 = $(COMPONENTS_DIR)/nss/$(SECURITY_RELDATE)/$(FULL_RTL_OBJDIR_32) + LDAP_RELEASE_32 = $(LDAP_SBC)/$(LDAPCOMP_DIR)/$(LDAP_VERSION)/$(FULL_RTL_OBJDIR_32) + SECURITY_FILES_32 = $(subst $(SPACE),$(COMMA),$(SECURITY_FILES_32_TMP)) +endif + ifndef LDAPSDK_PULL_METHOD LDAPSDK_PULL_METHOD = $(COMPONENT_PULL_METHOD) endif @@ -172,6 +181,21 @@ - at if [ ! -f $@ ] ; \ then echo "Error: could not get component LDAPSDK file $@" ; \ fi + +ifeq ($(PACKAGE_LIB32), 1) + $(FTP_PULL) -method $(SECURITY_PULL_METHOD) \ + -objdir $(NSPR_BUILD_DIR_32) -componentdir $(NSPR_IMPORT_32) \ + -files lib + mkdir -p $(SECURITY_BUILD_DIR_32)/lib + $(FTP_PULL) -method $(SECURITY_PULL_METHOD) \ + -objdir $(SECURITY_BUILD_DIR_32)/lib -componentdir $(SECURITY_IMPORT_32)/lib \ + -files $(SECURITY_FILES_32) + $(FTP_PULL) -method $(LDAPSDK_PULL_METHOD) \ + -objdir $(LDAP_ROOT_32) -componentdir $(LDAP_RELEASE_32) \ + -files lib + mv -f $(SECURITY_BUILD_DIR_32)/lib/$(NSSCKBI_FILE) $(SECURITY_BUILD_DIR_32)/lib/$(NSSCKBI32_FILE) +endif # PACKAGE_LIB32 +## endif # LDAPSDK_SOURCE_ROOT ifndef SASL_SOURCE_ROOT Index: nsconfig.mk =================================================================== RCS file: /cvs/dirsec/ldapserver/nsconfig.mk,v retrieving revision 1.21 retrieving revision 1.22 diff -u -r1.21 -r1.22 --- nsconfig.mk 7 Apr 2006 22:22:17 -0000 1.21 +++ nsconfig.mk 13 Apr 2006 05:26:51 -0000 1.22 @@ -1335,6 +1335,10 @@ NSCP_DISTDIR_FULL_RTL = $(NSCP_DISTDIR) NSCP_ABS_DISTDIR_FULL_RTL = $(ABS_ROOT_PARENT)/dist/$(FULL_RTL_OBJDIR) +FULL_RTL_OBJDIR_32 = $(NSOBJDIR_NAME_32) +NSCP_DISTDIR_FULL_RTL_32 = $(BUILD_ROOT)/../dist/$(NSOBJDIR_NAME_32) +NSCP_ABS_DISTDIR_FULL_RTL_32 = $(ABS_ROOT_PARENT)/dist/$(FULL_RTL_OBJDIR_32) + # these components may have additional RTL debugging support built in on NT # adminutil, dbm, ldapsdk, NLS, NSPR, NSS (security) # we cannot simply redefine NSOBJDIR_NAME and NSCP_DISTDIR because other From fedora-directory-commits at redhat.com Thu Apr 13 05:26:54 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Wed, 12 Apr 2006 22:26:54 -0700 Subject: [Fedora-directory-commits] ldapserver/ldap/cm Makefile,1.55,1.56 Message-ID: <200604130526.k3D5Qs7a017731@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/cm In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17688/ldap/cm Modified Files: Makefile Log Message: [186642] Directory Server Makefile updates for Internal build Package 32-bit LDAPSDK, NSPR, and NSS libraries in shared32/lib for perldap (Solaris and PA-RISC only). Index: Makefile =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/cm/Makefile,v retrieving revision 1.55 retrieving revision 1.56 diff -u -r1.55 -r1.56 --- Makefile 7 Apr 2006 01:33:36 -0000 1.55 +++ Makefile 13 Apr 2006 05:26:51 -0000 1.56 @@ -333,6 +333,14 @@ fi ; \ done endif +ifeq ($(PACKAGE_LIB32), 1) +# these are files to copy to the shared32/lib directory - nspr, nss, ldapsdk lib + for file in $(LIBS_TO_PKG_SHARED_32); \ + do if [ -f $$file ] ; \ + then $(INSTALL) -m 755 $$file $(RELDIR)/shared32/lib ; \ + fi ; \ + done +endif endif # PACKAGE_SRC_DEST is defined in components.mk - these are component files and directories to install @@ -641,6 +649,7 @@ endif ifeq ($(USE_PERLDAP), 1) + - at rm -rf $(INSTDIR)/perldap mkdir $(INSTDIR)/perldap cp -R $(PERLDAP_BUILT_DIR)/* $(INSTDIR)/perldap $(PERL) genPerlDAPInf.pl $(INSTDIR)/perldap/perldap.inf 1.5 "Fedora Project" From fedora-directory-commits at redhat.com Thu Apr 13 23:12:18 2006 From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder)) Date: Thu, 13 Apr 2006 16:12:18 -0700 Subject: [Fedora-directory-commits] ldapserver components.mk, 1.48, 1.49 internal_comp_deps.mk, 1.40, 1.41 Message-ID: <200604132312.k3DNCJOv024632@cvs-int.fedora.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24599 Modified Files: components.mk internal_comp_deps.mk Log Message: 188931 - Use system Net-SNMP libraries on Linux systems Index: components.mk =================================================================== RCS file: /cvs/dirsec/ldapserver/components.mk,v retrieving revision 1.48 retrieving revision 1.49 diff -u -r1.48 -r1.49 --- components.mk 13 Apr 2006 05:26:51 -0000 1.48 +++ components.mk 13 Apr 2006 23:12:13 -0000 1.49 @@ -406,27 +406,39 @@ ########################################################### ### Net-SNMP package ###################################### -ifdef NETSNMP_SOURCE_ROOT - NETSNMP_LIBPATH = $(NETSNMP_SOURCE_ROOT)/built/lib - NETSNMP_INCDIR = $(NETSNMP_SOURCE_ROOT)/built/include - NETSNMP_BINDIR = $(NETSNMP_SOURCE_ROOT)/built/bin -else - NETSNMP_LIBPATH = $(NETSNMP_BUILD_DIR)/lib - NETSNMP_INCDIR = $(NETSNMP_BUILD_DIR)/include - NETSNMP_BINDIR = $(NETSNMP_BUILD_DIR)/bin -endif +ifeq ($(ARCH), Linux) + ifeq ($(USE_64), 1) + NETSNMP_LIBPATH = /usr/lib64 + else + NETSNMP_LIBPATH = /usr/lib + endif + NETSNMP_INCDIR = /usr/include/net-snmp + NETSNMP_BINDIR = /usr/bin +else + ifdef NETSNMP_SOURCE_ROOT + NETSNMP_LIBPATH = $(NETSNMP_SOURCE_ROOT)/built/lib + NETSNMP_INCDIR = $(NETSNMP_SOURCE_ROOT)/built/include + NETSNMP_BINDIR = $(NETSNMP_SOURCE_ROOT)/built/bin + else + NETSNMP_LIBPATH = $(NETSNMP_BUILD_DIR)/lib + NETSNMP_INCDIR = $(NETSNMP_BUILD_DIR)/include + NETSNMP_BINDIR = $(NETSNMP_BUILD_DIR)/bin + endif +endif # Linux NETSNMP_INCLUDE = -I$(NETSNMP_INCDIR) NETSNMP_LIBNAMES = netsnmp netsnmpagent netsnmpmibs netsnmphelpers NETSNMP_LINK = -L$(NETSNMP_LIBPATH) $(addprefix -l, $(NETSNMP_LIBNAMES)) ifneq ($(ARCH), WINNT) - ifeq ($(ARCH), HPUX) - NETSNMP_SOLIBS = $(addsuffix .$(DLL_SUFFIX).7, $(addprefix $(LIB_PREFIX), $(NETSNMP_LIBNAMES))) - else - NETSNMP_SOLIBS = $(addsuffix .$(DLL_SUFFIX).5, $(addprefix $(LIB_PREFIX), $(NETSNMP_LIBNAMES))) - endif - LIBS_TO_PKG += $(addprefix $(NETSNMP_LIBPATH)/,$(NETSNMP_SOLIBS)) -endif + ifneq ($(ARCH), Linux) + ifeq ($(ARCH), HPUX) + NETSNMP_SOLIBS = $(addsuffix .$(DLL_SUFFIX).7, $(addprefix $(LIB_PREFIX), $(NETSNMP_LIBNAMES))) + else + NETSNMP_SOLIBS = $(addsuffix .$(DLL_SUFFIX).5, $(addprefix $(LIB_PREFIX), $(NETSNMP_LIBNAMES))) + endif + LIBS_TO_PKG += $(addprefix $(NETSNMP_LIBPATH)/,$(NETSNMP_SOLIBS)) + endif # Linux +endif # WINNT ########################################################### ### ICU package ########################################## Index: internal_comp_deps.mk =================================================================== RCS file: /cvs/dirsec/ldapserver/internal_comp_deps.mk,v retrieving revision 1.40 retrieving revision 1.41 diff -u -r1.40 -r1.41 --- internal_comp_deps.mk 13 Apr 2006 05:26:51 -0000 1.40 +++ internal_comp_deps.mk 13 Apr 2006 23:12:13 -0000 1.41 @@ -311,6 +311,7 @@ # Net-SNMP ifndef NETSNMP_SOURCE_ROOT +ifneq ($(ARCH), Linux) #NETSNMP_RELEASE = $(COMPONENTS_DIR_DEV)/net-snmp/$(NETSNMP_VER)/$(NSOBJDIR_NAME) NETSNMP_RELEASE = $(COMPONENTS_DIR)/net-snmp/$(NETSNMP_VER)/$(NSOBJDIR_NAME) NETSNMP_DEP = $(NETSNMP_INCDIR)/net-snmp/net-snmp-includes.h @@ -329,6 +330,7 @@ - at if [ ! -f $@ ] ; \ then echo "Error: could not get component NETSNMP file $@" ; \ fi +endif # Linux endif # NETSNMP_SOURCE_ROOT ########################################################### From fedora-directory-commits at redhat.com Thu Apr 13 23:12:19 2006 From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder)) Date: Thu, 13 Apr 2006 16:12:19 -0700 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/snmp ldap-agent.c, 1.9, 1.10 ldap-agent.h, 1.7, 1.8 main.c, 1.7, 1.8 Message-ID: <200604132312.k3DNCJQr024640@cvs-int.fedora.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/servers/snmp In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24599/ldap/servers/snmp Modified Files: ldap-agent.c ldap-agent.h main.c Log Message: 188931 - Use system Net-SNMP libraries on Linux systems Index: ldap-agent.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/snmp/ldap-agent.c,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- ldap-agent.c 19 Apr 2005 22:07:42 -0000 1.9 +++ ldap-agent.c 13 Apr 2006 23:12:16 -0000 1.10 @@ -115,7 +115,10 @@ netsnmp_table_registration_info *ops_table_info = NULL; netsnmp_table_registration_info *entries_table_info = NULL; netsnmp_table_registration_info *entity_table_info = NULL; + /* This is a hacky way of figuring out if we are on Net-SNMP 5.2 or later */ +#ifdef NETSNMP_CACHE_AUTO_RELOAD netsnmp_cache *stats_table_cache = NULL; +#endif if (ops_handler || entries_handler || entity_handler) { snmp_log(LOG_ERR, "initialize_stats_table called more than once.\n"); @@ -188,12 +191,19 @@ entity_cb.container, 1); /* Setup cache for auto reloading of stats */ +#ifdef NETSNMP_CACHE_AUTO_RELOAD + /* This is new api as of Net-SNMP 5.2 */ stats_table_cache = netsnmp_cache_create(CACHE_REFRESH_INTERVAL, load_stats_table, NULL, dsOpsTable_oid, dsOpsTable_oid_len); stats_table_cache->flags |= NETSNMP_CACHE_DONT_FREE_EXPIRED; stats_table_cache->flags |= NETSNMP_CACHE_DONT_AUTO_RELEASE; stats_table_cache->flags |= NETSNMP_CACHE_AUTO_RELOAD; netsnmp_inject_handler(ops_handler, netsnmp_cache_handler_get(stats_table_cache)); +#else + /* Do things the old way. This is only needed for Net-SNMP 5.1 and earlier. */ + netsnmp_inject_handler(ops_handler, netsnmp_get_cache_handler(CACHE_REFRESH_INTERVAL, load_stats_table, + free_stats_table, dsOpsTable_oid, dsOpsTable_oid_len)); +#endif } /************************************************************ @@ -264,7 +274,7 @@ int stats_hdl = -1; int err; - snmp_log(LOG_DEBUG, "Reloading stats.\n"); + snmp_log(LOG_INFO, "Reloading stats.\n"); /* Initialize data for each server in conf file */ for (serv_p = server_head; serv_p != NULL; serv_p = serv_p->next) { @@ -274,7 +284,7 @@ previous_state = serv_p->server_state; previous_start = ctx->hdr_tbl.startTime; - snmp_log(LOG_DEBUG, "Opening stats file (%s) for server: %d\n", + snmp_log(LOG_INFO, "Opening stats file (%s) for server: %d\n", serv_p->stats_file, serv_p->port); /* Open the stats file */ @@ -342,6 +352,20 @@ } /************************************************************ + * free_stats_table + * + * This function doesn't need to free anything since the + * load_stats_table function doesn't allocate any memory + * itself. The cache handler requires us to have a callback + * function for freeing the cache, so here it is. + */ +void +free_stats_table(netsnmp_cache *cache, void *foo) +{ + return; +} + +/************************************************************ * dsOpsTable_get_value * * This routine is called for get requests to copy the data Index: ldap-agent.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/snmp/ldap-agent.h,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- ldap-agent.h 19 Apr 2005 22:07:42 -0000 1.7 +++ ldap-agent.h 13 Apr 2006 23:12:16 -0000 1.8 @@ -90,6 +90,7 @@ void init_ldap_agent(void); void initialize_stats_table(void); int load_stats_table(netsnmp_cache *, void *); + void free_stats_table(netsnmp_cache *, void *); stats_table_context *stats_table_create_row(unsigned long); stats_table_context *stats_table_find_row(unsigned long); int dsOpsTable_get_value(netsnmp_request_info *, Index: main.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/snmp/main.c,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- main.c 19 Apr 2005 22:07:42 -0000 1.7 +++ main.c 13 Apr 2006 23:12:16 -0000 1.8 @@ -53,9 +53,9 @@ RETSIGTYPE stop_server(int signum) { if (signum == SIGUSR1) { - snmp_log(LOG_INFO, "Detected attempt to start ldap-agent again.\n"); + snmp_log(LOG_WARNING, "Detected attempt to start ldap-agent again.\n"); } else { - snmp_log(LOG_INFO, "Received stop signal. Stopping ldap-agent...\n"); + snmp_log(LOG_WARNING, "Received stop signal. Stopping ldap-agent...\n"); keep_running = 0; } } @@ -64,7 +64,7 @@ main (int argc, char *argv[]) { char *config_file = NULL; netsnmp_log_handler *log_hdl = NULL; - int c, log_level = LOG_INFO; + int c, log_level = LOG_WARNING; struct stat logdir_s; pid_t child_pid; FILE *pid_fp; @@ -149,13 +149,13 @@ exit(1); } - netsnmp_enable_filelog(log_hdl, 1); + snmp_enable_filelog((char*)log_hdl->token, 1); } else { printf("Error starting logging."); exit(1); } - snmp_log(LOG_INFO, "Starting ldap-agent...\n"); + snmp_log(LOG_WARNING, "Starting ldap-agent...\n"); /* setup agentx master */ netsnmp_ds_set_boolean(NETSNMP_DS_APPLICATION_ID, @@ -204,7 +204,7 @@ } /* we're up and running! */ - snmp_log(LOG_INFO, "Started ldap-agent as pid %d\n", child_pid); + snmp_log(LOG_WARNING, "Started ldap-agent as pid %d\n", child_pid); /* loop here until asked to stop */ while(keep_running) { @@ -213,7 +213,7 @@ /* say goodbye */ snmp_shutdown("ldap-agent"); - snmp_log(LOG_INFO, "ldap-agent stopped.\n"); + snmp_log(LOG_WARNING, "ldap-agent stopped.\n"); /* remove pidfile */ remove(pidfile); From fedora-directory-commits at redhat.com Mon Apr 17 23:12:57 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Mon, 17 Apr 2006 16:12:57 -0700 Subject: [Fedora-directory-commits] ldapserver internal_buildpaths.mk, 1.10, 1.11 internal_comp_deps.mk, 1.41, 1.42 Message-ID: <200604172312.k3HNCv4M004946@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4910 Modified Files: internal_buildpaths.mk internal_comp_deps.mk Log Message: Should keep all the components packaged in the 64-bit build in dist/_64_DBG.OBJ Index: internal_buildpaths.mk =================================================================== RCS file: /cvs/dirsec/ldapserver/internal_buildpaths.mk,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- internal_buildpaths.mk 13 Apr 2006 05:26:51 -0000 1.10 +++ internal_buildpaths.mk 17 Apr 2006 23:12:55 -0000 1.11 @@ -77,7 +77,7 @@ #NSPR_SOURCE_ROOT = $(MOZILLA_SOURCE_ROOT) ifndef NSPR_SOURCE_ROOT NSPR_BUILD_DIR = $(NSCP_DISTDIR_FULL_RTL)/nspr -NSPR_BUILD_DIR_32 = $(NSCP_DISTDIR_FULL_RTL_32)/nspr +NSPR_BUILD_DIR_32 = $(NSCP_DISTDIR_FULL_RTL)/nspr32 # NSPR also needs a build dir with a full, absolute path for some reason NSPR_ABS_BUILD_DIR = $(NSCP_ABS_DISTDIR_FULL_RTL)/nspr endif # NSPR_SOURCE_ROOT @@ -90,7 +90,7 @@ #SECURITY_SOURCE_ROOT = $(MOZILLA_SOURCE_ROOT) ifndef SECURITY_SOURCE_ROOT SECURITY_BUILD_DIR = $(NSCP_DISTDIR_FULL_RTL)/nss -SECURITY_BUILD_DIR_32 = $(NSCP_DISTDIR_FULL_RTL_32)/nss +SECURITY_BUILD_DIR_32 = $(NSCP_DISTDIR_FULL_RTL)/nss32 endif # SECURITY_SOURCE_ROOT #SVRCORE_SOURCE_ROOT = $(MOZILLA_SOURCE_ROOT) @@ -101,7 +101,7 @@ #LDAPSDK_SOURCE_ROOT = $(MOZILLA_SOURCE_ROOT) ifndef LDAPSDK_SOURCE_ROOT LDAP_ROOT = $(NSCP_DISTDIR_FULL_RTL)/ldapsdk -LDAP_ROOT_32 = $(NSCP_DISTDIR_FULL_RTL_32)/ldapsdk +LDAP_ROOT_32 = $(NSCP_DISTDIR_FULL_RTL)/ldapsdk32 endif # LDAPSDK_SOURCE_ROOT #SASL_SOURCE_ROOT = $(BUILD_ROOT)/../cyrus-sasl-2.1.20 Index: internal_comp_deps.mk =================================================================== RCS file: /cvs/dirsec/ldapserver/internal_comp_deps.mk,v retrieving revision 1.41 retrieving revision 1.42 diff -u -r1.41 -r1.42 --- internal_comp_deps.mk 13 Apr 2006 23:12:13 -0000 1.41 +++ internal_comp_deps.mk 17 Apr 2006 23:12:55 -0000 1.42 @@ -91,6 +91,7 @@ $(SECURITY_DEP): $(NSCP_DISTDIR_FULL_RTL) ifdef COMPONENT_DEPS + $(RM) -rf $(SECURITY_BINPATH) mkdir -p $(SECURITY_BINPATH) $(FTP_PULL) -method $(SECURITY_PULL_METHOD) \ -objdir $(SECURITY_BUILD_DIR) -componentdir $(SECURITY_IMPORT) \ @@ -186,6 +187,7 @@ $(FTP_PULL) -method $(SECURITY_PULL_METHOD) \ -objdir $(NSPR_BUILD_DIR_32) -componentdir $(NSPR_IMPORT_32) \ -files lib + $(RM) -rf $(SECURITY_BUILD_DIR_32)/lib mkdir -p $(SECURITY_BUILD_DIR_32)/lib $(FTP_PULL) -method $(SECURITY_PULL_METHOD) \ -objdir $(SECURITY_BUILD_DIR_32)/lib -componentdir $(SECURITY_IMPORT_32)/lib \ @@ -193,7 +195,9 @@ $(FTP_PULL) -method $(LDAPSDK_PULL_METHOD) \ -objdir $(LDAP_ROOT_32) -componentdir $(LDAP_RELEASE_32) \ -files lib - mv -f $(SECURITY_BUILD_DIR_32)/lib/$(NSSCKBI_FILE) $(SECURITY_BUILD_DIR_32)/lib/$(NSSCKBI32_FILE) + - at if [ -f $(SECURITY_BUILD_DIR_32)/lib/$(NSSCKBI_FILE) ] ; then \ + mv -f $(SECURITY_BUILD_DIR_32)/lib/$(NSSCKBI_FILE) $(SECURITY_BUILD_DIR_32)/lib/$(NSSCKBI32_FILE) ; \ + fi endif # PACKAGE_LIB32 ## endif # LDAPSDK_SOURCE_ROOT From fedora-directory-commits at redhat.com Tue Apr 18 17:40:00 2006 From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder)) Date: Tue, 18 Apr 2006 10:40:00 -0700 Subject: [Fedora-directory-commits] ldapserver/ldap/ldif template.ldif, 1.4, 1.5 Message-ID: <200604181740.k3IHe0x0017020@cvs-int.fedora.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/ldif In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17003 Modified Files: template.ldif Log Message: 189176 - Fixed aci for directory administrators group. Index: template.ldif =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/ldif/template.ldif,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- template.ldif 19 Apr 2005 22:07:26 -0000 1.4 +++ template.ldif 18 Apr 2006 17:39:57 -0000 1.5 @@ -44,7 +44,7 @@ cn=Configuration Administrators, ou=Groups, ou=TopologyManagement, o=NetscapeRoot");) aci: (targetattr ="*")(version 3.0; acl "Directory Administrators Group";allow (all) (groupdn = "ldap:/// - ou=Directory Administrators, %%%SUFFIX%%%");) + cn=Directory Administrators, %%%SUFFIX%%%");) dn: cn=Directory Administrators, %%%SUFFIX%%% objectClass: top From fedora-directory-commits at redhat.com Tue Apr 18 18:20:35 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Tue, 18 Apr 2006 11:20:35 -0700 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm dblayer.c, 1.8, 1.8.2.1 Message-ID: <200604181820.k3IIKZLX019514@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19493 Modified Files: Tag: Directory71RtmBranch dblayer.c Log Message: [189264] 6.11->6.21 upgrade, no db housekeeping threads The problem was check_db_version finds the existing DBVERSION is old and set dblayer_private->blayer_recovery_required = 1. If it's set, DBLAYER_CLEAN_RECOVER_MODE is processed properly. Unfortunately, it was "reinitialized" in the function read_metadata, which is called after check_db_version. Index: dblayer.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/dblayer.c,v retrieving revision 1.8 retrieving revision 1.8.2.1 diff -u -r1.8 -r1.8.2.1 --- dblayer.c 25 Apr 2005 16:24:23 -0000 1.8 +++ dblayer.c 18 Apr 2006 18:20:33 -0000 1.8.2.1 @@ -3833,6 +3833,10 @@ int number = 0; dblayer_private *priv = (dblayer_private *)li->li_dblayer_private; + /* dblayer_recovery_required is initialized in dblayer_init; + * and might be set 1 in check_db_version; + * we don't want to override it + * priv->dblayer_recovery_required = 0; */ priv->dblayer_previous_cachesize = 0; priv->dblayer_previous_ncache = 0; /* Open the guard file and read stuff, then delete it */ @@ -3841,12 +3845,10 @@ memset(&prfinfo, '\0', sizeof(PRFileInfo)); (void)PR_GetFileInfo(filename, &prfinfo); - priv->dblayer_recovery_required = 0; prfd = PR_Open(filename,PR_RDONLY,priv->dblayer_file_mode); if (NULL == prfd || 0 == prfinfo.size) { /* file empty or not present--means the database needs recovered */ int count = 0; - priv->dblayer_recovery_required = 0; for (dirp = priv->dblayer_data_directories; dirp && *dirp; dirp++) { count_dbfiles_in_dir(*dirp, &count, 1 /* recurse */); @@ -3880,10 +3882,6 @@ } return 0; /* no files found; no need to run recover start */ } - /* dblayer_recovery_required is initialized in dblayer_init; - * and might be set 1 in check_db_version; - * we don't want to override it - * priv->dblayer_recovery_required = 0; */ /* So, we opened the file, now let's read the cache size and version stuff */ buf = slapi_ch_calloc(1, prfinfo.size + 1); From fedora-directory-commits at redhat.com Tue Apr 18 18:25:05 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Tue, 18 Apr 2006 11:25:05 -0700 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm dblayer.c, 1.10, 1.11 Message-ID: <200604181825.k3IIP54i019575@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19558 Modified Files: dblayer.c Log Message: [189264] 6.11->6.21 upgrade, no db housekeeping threads The problem was check_db_version finds the existing DBVERSION is old and set dblayer_private->blayer_recovery_required = 1. If it's set, DBLAYER_CLEAN_RECOVER_MODE is processed properly. Unfortunately, it was "reinitialized" in the function read_metadata, which is called after check_db_version. Index: dblayer.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/dblayer.c,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- dblayer.c 13 Jan 2006 19:31:11 -0000 1.10 +++ dblayer.c 18 Apr 2006 18:25:02 -0000 1.11 @@ -3830,6 +3830,10 @@ int number = 0; dblayer_private *priv = (dblayer_private *)li->li_dblayer_private; + /* dblayer_recovery_required is initialized in dblayer_init; + * and might be set 1 in check_db_version; + * we don't want to override it + * priv->dblayer_recovery_required = 0; */ priv->dblayer_previous_cachesize = 0; priv->dblayer_previous_ncache = 0; /* Open the guard file and read stuff, then delete it */ @@ -3838,12 +3842,10 @@ memset(&prfinfo, '\0', sizeof(PRFileInfo)); (void)PR_GetFileInfo(filename, &prfinfo); - priv->dblayer_recovery_required = 0; prfd = PR_Open(filename,PR_RDONLY,priv->dblayer_file_mode); if (NULL == prfd || 0 == prfinfo.size) { /* file empty or not present--means the database needs recovered */ int count = 0; - priv->dblayer_recovery_required = 0; for (dirp = priv->dblayer_data_directories; dirp && *dirp; dirp++) { count_dbfiles_in_dir(*dirp, &count, 1 /* recurse */); @@ -3877,10 +3879,6 @@ } return 0; /* no files found; no need to run recover start */ } - /* dblayer_recovery_required is initialized in dblayer_init; - * and might be set 1 in check_db_version; - * we don't want to override it - * priv->dblayer_recovery_required = 0; */ /* So, we opened the file, now let's read the cache size and version stuff */ buf = slapi_ch_calloc(1, prfinfo.size + 1); From fedora-directory-commits at redhat.com Tue Apr 18 18:57:47 2006 From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder)) Date: Tue, 18 Apr 2006 11:57:47 -0700 Subject: [Fedora-directory-commits] ldapserver/ldap/admin/src logconv.pl, 1.5, 1.6 Message-ID: <200604181857.k3IIvlhi020274@cvs-int.fedora.redhat.com> Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/admin/src In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20255 Modified Files: logconv.pl Log Message: 16578 - Fixed off by one error in month in logconv.pl Index: logconv.pl =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/logconv.pl,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- logconv.pl 19 Apr 2005 22:06:55 -0000 1.5 +++ logconv.pl 18 Apr 2006 18:57:44 -0000 1.6 @@ -275,18 +275,18 @@ $connmsg{"U1"} = "Cleanly Closed Connections"; %monthname = ( - "Jan" => 1, - "Feb" => 2, - "Mar" => 3, - "Apr" => 4, - "May" => 5, - "Jun" => 6, - "Jul" => 7, - "Aug" => 8, - "Sep" => 9, - "Oct" => 10, - "Nov" => 11, - "Dec" => 12, + "Jan" => 0, + "Feb" => 1, + "Mar" => 2, + "Apr" => 3, + "May" => 4, + "Jun" => 5, + "Jul" => 6, + "Aug" => 7, + "Sep" => 8, + "Oct" => 9, + "Nov" => 10, + "Dec" => 11, ); From fedora-directory-commits at redhat.com Thu Apr 20 00:20:35 2006 From: fedora-directory-commits at redhat.com (Anthony Foxworth (foxworth)) Date: Wed, 19 Apr 2006 17:20:35 -0700 Subject: [Fedora-directory-commits] CVSROOT dolog.pl,NONE,1.1 Message-ID: <200604200020.k3K0KZZv010345@cvs-int.fedora.redhat.com> Author: foxworth Update of /cvs/dirsec/CVSROOT In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10329 Added Files: dolog.pl Log Message: Add bonsai log filter to admin directory --- NEW FILE dolog.pl --- #! /webtools/tools/perl5/bin/perl # -*- Mode: perl; indent-tabs-mode: nil -*- # # The contents of this file are subject to the Netscape Public # License Version 1.1 (the "License"); you may not use this file # except in compliance with the License. You may obtain a copy of # the License at http://www.mozilla.org/NPL/ # # Software distributed under the License is distributed on an "AS # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or # implied. See the License for the specific language governing # rights and limitations under the License. # # The Original Code is the Bonsai CVS tool. # # The Initial Developer of the Original Code is Netscape Communications # Corporation. Portions created by Netscape are # Copyright (C) 1998 Netscape Communications Corporation. All # Rights Reserved. # # Contributor(s): # You need to put this in your CVSROOT directory, and check it in. (Change the # first line above to point to a real live perl5.) Add "dolog.pl" to # CVSROOT/checkoutlist, and check it in. Then, add a line to your # CVSROOT/loginfo file that says something like: # # ALL $CVSROOT/CVSROOT/dolog.pl -r /cvsroot bonsai-checkin-daemon at my.bonsai.machine # # or if you do not want to use SMTP at all, add: # # ALL ( $CVSROOT/CVSROOT/dolog.pl -r /cvsroot -n | /bonsai/handleCheckinMail.pl ) # # Replace "/cvsroot" with the name of the CVS root directory, and # "my.bonsai.machine" with the name of the machine Bonsai runs on. # Now, on my.bonsai.machine, add a mail alias so that mail sent to # "bonsai-checkin-daemon" will get piped to handleCheckinMail.pl. use bytes; use Mail::Mailer; $username = $ENV{"CVS_USER"} || getlogin || (getpwuid($<))[0] || "nobody"; $envcvsroot = $ENV{'CVSROOT'}; $cvsroot = $envcvsroot; $flag_debug = 0; $flag_tagcmd = 0; $repository = ''; $repository_tag = ''; $mailhost = 'localhost'; $rlogcommand = '/usr/bin/rlog'; $output2mail = 1; @mailto = (); @changed_files = (); @added_files = (); @removed_files = (); @log_lines = (); @outlist = (); $STATE_NONE = 0; $STATE_CHANGED = 1; $STATE_ADDED = 2; $STATE_REMOVED = 3; $STATE_LOG = 4; &process_args; if ($flag_debug) { print STDERR "----------------------------------------------\n"; print STDERR "LOGINFO:\n"; print STDERR " pwd:" . `pwd` . "\n"; print STDERR " Args @ARGV\n"; print STDERR " CVSROOT: $cvsroot\n"; print STDERR " who: $username\n"; print STDERR " Repository: $repository\n"; print STDERR " mailto: @mailto\n"; print STDERR "----------------------------------------------\n"; } if ($flag_tagcmd) { &process_tag_command; } else { &get_loginfo; &process_cvs_info; } if ($flag_debug) { print STDERR "----------------------------------------------\n"; print STDERR @outlist; print STDERR "----------------------------------------------\n"; } if ($output2mail) { &mail_notification; } else { &stdout_notification; } 0; sub process_args { while (@ARGV) { $arg = shift @ARGV; if ($arg eq '-d') { $flag_debug = 1; print STDERR "Debug turned on...\n"; } elsif ($arg eq '-r') { $cvsroot = shift @ARGV; } elsif ($arg eq '-t') { $flag_tagcmd = 1; last; # Keep the rest in ARGV; they're handled later. } elsif ($arg eq '-h') { $mailhost = shift @ARGV; } elsif ($arg eq '-n') { $output2mail = 0; } else { push(@mailto, $arg); } } if ($repository eq '') { open(REP, "; chop($repository); close(REP); } $repository =~ s:^$cvsroot/::; $repository =~ s:^$envcvsroot/::; if (!$flag_tagcmd) { if (open(REP, "; chop($repository_tag); close(REP); } } } sub get_loginfo { if ($flag_debug) { print STDERR "----------------------------------------------\n"; } # Iterate over the body of the message collecting information. # while () { chop; # Drop the newline if ($flag_debug) { print STDERR "$_\n"; } if (/^In directory/) { next; } if (/^Modified Files/) { $state = $STATE_CHANGED; next; } if (/^Added Files/) { $state = $STATE_ADDED; next; } if (/^Removed Files/) { $state = $STATE_REMOVED; next; } if (/^Log Message/) { $state = $STATE_LOG; next; } s/^[ \t\n]+//; # delete leading whitespace s/[ \t\n]+$//; # delete trailing whitespace if ($state == $STATE_CHANGED && !(/^Tag:/)) { push(@changed_files, split); } if ($state == $STATE_ADDED && !(/^Tag:/)) { push(@added_files, split); } if ($state == $STATE_REMOVED && !(/^Tag:/)) { push(@removed_files, split); } if ($state == $STATE_LOG) { push(@log_lines, $_); } } # If any of the filenames in the arrays below contain spaces, # things get broken later on in the code. # fix the filename array by using the get_filename sub. @fixed_changed_files = @{&get_filename("C", @changed_files)}; @fixed_added_files = @{&get_filename("A", @added_files)}; @fixed_removed_files = @{&get_filename("R", @removed_files)}; # now replace the old broken arrays with the new fixed arrays and # carry on. @changed_files = @fixed_changed_files; @added_files = @fixed_added_files; @removed_files = @fixed_removed_files; if ($flag_debug) { print STDERR "----------------------------------------------\n" . "changed files: @changed_files\n" . "added files: @added_files\n" . "removed files: @removed_files\n"; print STDERR "----------------------------------------------\n"; } } sub get_filename { my ($state, @files) = @_; my @fixed_files; my $FILE_EXIST = 0; my $FILE_CHECKED = 0; my $file; my $partial_file; my $path; if ($flag_debug) { print STDERR "\n-- get_filename ------------------------\n"; } foreach my $scalar (@files) { if ($FILE_CHECKED && ! $FILE_EXISTS) { $file = "$partial_file $scalar"; } else{ $file = $scalar; } if ($state eq "R") { $path = "$envcvsroot/$repository/Attic/$file"; } else { $path = "$envcvsroot/$repository/$file"; } if ($flag_debug) { print STDERR "changed file: $file\n"; print STDERR "path: $path\n"; } if (-r "$path,v") { push(@fixed_files, $file); $FILE_EXISTS = 1; $FILE_CHECKED = 1; if ($flag_debug){ print STDERR "file exists\n"; } } else { $partial_file = $file; $FILE_EXISTS = 0; $FILE_CHECKED = 1; if ($flag_debug) { print STDERR "file does not exist\n"; } } } if ($flag_debug) { print STDERR "\@fixed_files: @fixed_files\n"; print STDERR "-------------------------------------------\n\n"; } return \@fixed_files; } sub process_cvs_info { local($d,$fn,$rev,$mod_time,$sticky,$tag,$stat, at d,$l,$rcsfile); if (!open(ENT, ") { chop; ($d,$fn,$rev,$mod_time,$sticky,$tag) = split(/\//); $stat = 'C'; for $i (@changed_files, "BEATME.NOW", @added_files) { if ($i eq "BEATME.NOW") { $stat = 'A'; } if ($i eq $fn) { $rcsfile = "$envcvsroot/$repository/$fn,v"; if (! -r $rcsfile) { $rcsfile = "$envcvsroot/$repository/Attic/$fn,v"; } $rlogcmd = "$rlogcommand -N -r$rev " . shell_escape($rcsfile); open(LOG, "$rlogcmd |") || print STDERR "dolog.pl: Couldn't run rlog\n"; while () { if (/^date:.* author: ([^;]*);.*/) { $username = $1; if (/lines: \+([0-9]*) -([0-9]*)/) { $lines_added = $1; $lines_removed = $2; } } } close(LOG); push(@outlist, ("$stat|$time|$username|$cvsroot|$repository|$fn|$rev|$sticky|$tag|$lines_added|$lines_removed\n")); } } } close(ENT); for $i (@removed_files) { push(@outlist, ("R|$time|$username|$cvsroot|$repository|$i|||$repository_tag\n")); } # make sure dolog has something to parse when it sends its load off if (!scalar(@log_lines)) { push @log_lines, "EMPTY LOG MESSAGE"; } push(@outlist, "LOGCOMMENT\n"); push(@outlist, join("\n", at log_lines)); push(@outlist, "\n:ENDLOGCOMMENT\n"); } sub process_tag_command { local($str,$part,$time); $time = time; $str = "Tag|$cvsroot|$time"; while (@ARGV) { $part = shift @ARGV; $str .= "|" . $part; } push(@outlist, ("$str\n")); } sub do_commitinfo { } sub mail_notification { chop(my $hostname = `hostname`); my $mailer = Mail::Mailer->new("smtp", Server => $mailhost) || die("Failed to send mail notification\n"); my %headers; $headers{'From'} = "bonsai-daemon\@$hostname"; $headers{'To'} = \@mailto; if ($flag_tagcmd) { $headers{'Subject'} = "cvs tag in $repository"; } else { $headers{'Subject'} = "cvs commit to $repository"; } $mailer->open(\%headers); print $mailer @outlist; $mailer->close; } sub stdout_notification { chop(my $hostname = `hostname`); print "MAIL FROM: bonsai-daemon\@$hostname\n"; print "RCPT TO: root\@localhost\n"; print "DATA\n"; if ($flag_tagcmd) { print "Subject: cvs tag in $repository\n"; } else { print "Subject: cvs commit to $repository\n"; } print "\n"; print @outlist, "\n"; print ".\n"; } # Quotify a string, suitable for invoking a shell process sub shell_escape { my ($file) = @_; $file =~ s/([ \"\'\?\$\&\|\!<>\(\)\[\]\;\:])/\\$1/g; return $file; } From fedora-directory-commits at redhat.com Thu Apr 20 00:26:03 2006 From: fedora-directory-commits at redhat.com (Anthony Foxworth (foxworth)) Date: Wed, 19 Apr 2006 17:26:03 -0700 Subject: [Fedora-directory-commits] CVSROOT loginfo,1.9,1.10 Message-ID: <200604200026.k3K0Q3SD010375@cvs-int.fedora.redhat.com> Author: foxworth Update of /cvs/dirsec/CVSROOT In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10358 Modified Files: loginfo Log Message: Add bonsai log filter to for ldapserver project Index: loginfo =================================================================== RCS file: /cvs/dirsec/CVSROOT/loginfo,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- loginfo 8 Dec 2005 20:18:40 -0000 1.9 +++ loginfo 20 Apr 2006 00:26:00 -0000 1.10 @@ -26,5 +26,6 @@ # or #DEFAULT (echo ""; id; echo %{sVv}; date; cat) >> $CVSROOT/CVSROOT/commitlog DEFAULT $CVSROOT/CVSROOT/syncmail %{sVv} cvsdirsec at fedora.redhat.com +^ldapserver $CVSROOT/CVSROOT/dolog.pl -r /cvs/dirsec foxworth at redhat.com ALL /cvs/extras/CVSROOT/dolog.pl -r /cvs/dirsec localdelivery at cvs-int.fedora.redhat.com ALL $CVSROOT/CVSROOT/syncmail --require-keyword='*docs*' %{sVv} relnotes at fedoraproject.org
" + PR_snprintf(outstr, sizeof(outstr), "" "" "" + PR_snprintf(outstr, sizeof(outstr), "" "