This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 7138d1747ced95690e0acd76f7370d34ae3a399b (commit) via ca98d29a86a6eb9734d60eb7fb334395be0a29bd (commit) via 0a1d567ce82a6e8f1d103d9481ebf67088b8591c (commit) via c4f3bb4b08f5ee743cf984770d5f205cd75a7ec3 (commit) via 174778b20266c2c24f15784e090e7e8d10118642 (commit) via 8596273dca625444ef1b28a7a7e61a1354c23c47 (commit) via 94e680c36d2f16577e16dc7748721c990efde492 (commit) via ca0458ce1577f5793acaec9e25167b329fec43a3 (commit) via 4b113aa68ebc522686c4c70155d6c69507d4d7d1 (commit) via 9ee219315c2eb419126afd621e6664c6aefc36cb (commit) via b4294a6a0959127003f4c2cb99887f3e64dc8c09 (commit) via 4b502cf0c2d4388d5b29c5656a35e75e34b4fafe (commit) via ff76241b271dc7fdceb7431c95cee299678c90f8 (commit) via 843314ba98e0d6b8ab3d1760f49f256ff5cebb61 (commit) from 9a39b090cc292ac815c912c198935a20e742959f (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 7138d1747ced95690e0acd76f7370d34ae3a399b Author: Peter Müller peter.mueller@ipfire.org Date: Fri Apr 29 19:01:46 2022 +0000
Core Update 168: Ship openjpeg
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit ca98d29a86a6eb9734d60eb7fb334395be0a29bd Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Apr 25 14:41:29 2022 +0200
openjpeg: Update to version 2.4.0
- Update from version 2.3.1 to 2.4.0 - Update of rootfile - Changelog 2.4.0 **Closed issues:** - OPENJPEG_INSTALL_DOC_DIR does not control a destination directory where HTML docs would be installed. [#1309](https://github.com/uclouvain/openjpeg/issues/1309) - Heap-buffer-overflow in lib/openjp2/pi.c:312 [#1302](https://github.com/uclouvain/openjpeg/issues/1302) - Heap-buffer-overflow in lib/openjp2/t2.c:973 [#1299](https://github.com/uclouvain/openjpeg/issues/1299) - Heap-buffer-overflow in lib/openjp2/pi.c:623 [#1293](https://github.com/uclouvain/openjpeg/issues/1293) - Global-buffer-overflow in lib/openjp2/dwt.c:1980 [#1286](https://github.com/uclouvain/openjpeg/issues/1286) - Heap-buffer-overflow in lib/openjp2/tcd.c:2417 [#1284](https://github.com/uclouvain/openjpeg/issues/1284) - Heap-buffer-overflow in lib/openjp2/mqc.c:499 [#1283](https://github.com/uclouvain/openjpeg/issues/1283) - Openjpeg could not encode 32bit RGB float image [#1281](https://github.com/uclouvain/openjpeg/issues/1281) - Openjpeg could not encode 32bit RGB float image [#1280](https://github.com/uclouvain/openjpeg/issues/1280) - ISO/IEC 15444-1:2019 (E) compared with 'cio.h' [#1277](https://github.com/uclouvain/openjpeg/issues/1277) - Test-suite failure due to hash mismatch [#1264](https://github.com/uclouvain/openjpeg/issues/1264) - Heap use-after-free [#1261](https://github.com/uclouvain/openjpeg/issues/1261) - Memory leak when failing to allocate object... [#1259](https://github.com/uclouvain/openjpeg/issues/1259) - Memory leak of Tier 1 handle when OpenJPEG fails to set it as TLS... [#1257](https://github.com/uclouvain/openjpeg/issues/1257) - Any plan to build release for CVE-2020-8112/CVE-2020-6851 [#1247](https://github.com/uclouvain/openjpeg/issues/1247) - failing to convert 16-bit file: opj_t2_encode_packet(): only 5251 bytes remaining in output buffer. 5621 needed. [#1243](https://github.com/uclouvain/openjpeg/issues/1243) - CMake+VS2017 Compile OK, thirdparty Compile OK, but thirdparty not install [#1239](https://github.com/uclouvain/openjpeg/issues/1239) - New release to solve CVE-2019-6988 ? [#1238](https://github.com/uclouvain/openjpeg/issues/1238) - Many tests fail to pass after the update of libtiff to version 4.1.0 [#1233](https://github.com/uclouvain/openjpeg/issues/1233) - Another heap buffer overflow in libopenjp2 [#1231](https://github.com/uclouvain/openjpeg/issues/1231) - Heap buffer overflow in libopenjp2 [#1228](https://github.com/uclouvain/openjpeg/issues/1228) - Endianness of binary volume (JP3D) [#1224](https://github.com/uclouvain/openjpeg/issues/1224) - New release to resolve CVE-2019-12973 [#1222](https://github.com/uclouvain/openjpeg/issues/1222) - how to set the block size,like 128,256 ? [#1216](https://github.com/uclouvain/openjpeg/issues/1216) - compress YUV files to motion jpeg2000 standard [#1213](https://github.com/uclouvain/openjpeg/issues/1213) - Repair/update Java wrapper, and include in release [#1208](https://github.com/uclouvain/openjpeg/issues/1208) - abc [#1206](https://github.com/uclouvain/openjpeg/issues/1206) - Slow decoding [#1202](https://github.com/uclouvain/openjpeg/issues/1202) - Installation question [#1201](https://github.com/uclouvain/openjpeg/issues/1201) - Typo in test_decode_area - *ptilew is assigned instead of *ptileh [#1195](https://github.com/uclouvain/openjpeg/issues/1195) - Creating a J2K file with one POC is broken [#1191](https://github.com/uclouvain/openjpeg/issues/1191) - Make fails on Arch Linux [#1174](https://github.com/uclouvain/openjpeg/issues/1174) - Heap buffer overflow in opj_t1_clbl_decode_processor() triggered with Ghostscript [#1158](https://github.com/uclouvain/openjpeg/issues/1158) - opj_stream_get_number_byte_left: Assertion `p_stream->m_byte_offset >= 0' failed. [#1151](https://github.com/uclouvain/openjpeg/issues/1151) - The fuzzer ignores too many inputs [#1079](https://github.com/uclouvain/openjpeg/issues/1079) - out of bounds read [#1068](https://github.com/uclouvain/openjpeg/issues/1068) **Merged pull requests:** - Change defined WIN32 [#1310](https://github.com/uclouvain/openjpeg/pull/1310) ([Jamaika1](https://github.com/Jamaika1)) - docs: fix simple typo, producted -> produced [#1308](https://github.com/uclouvain/openjpeg/pull/1308) ([timgates42](https://github.com/timgates42)) - Set ${OPENJPEG_INSTALL_DOC_DIR} to DESTINATION of HTMLs [#1307](https://github.com/uclouvain/openjpeg/pull/1307) ([lemniscati](https://github.com/lemniscati)) - Use INC_DIR for OPENJPEG_INCLUDE_DIRS (fixes uclouvain#1174) [#1306](https://github.com/uclouvain/openjpeg/pull/1306) ([matthew-sharp](https://github.com/matthew-sharp)) - pi.c: avoid out of bounds access with POC (fixes #1302) [#1304](https://github.com/uclouvain/openjpeg/pull/1304) ([rouault](https://github.com/rouault)) - Encoder: grow again buffer size [#1303](https://github.com/uclouvain/openjpeg/pull/1303) ([zodf0055980](https://github.com/zodf0055980)) - opj_j2k_write_sod(): avoid potential heap buffer overflow (fixes #1299) (probably master only) [#1301](https://github.com/uclouvain/openjpeg/pull/1301) ([rouault](https://github.com/rouault)) - pi.c: avoid out of bounds access with POC (refs https://github.com/uclouvain/openjpeg/issues/1293%5C#issuecomment-737122836%...) [#1300](https://github.com/uclouvain/openjpeg/pull/1300) ([rouault](https://github.com/rouault)) - opj_t2_encode_packet(): avoid out of bound access of #1297, but likely not the proper fix [#1298](https://github.com/uclouvain/openjpeg/pull/1298) ([rouault](https://github.com/rouault)) - opj_t2_encode_packet(): avoid out of bound access of #1294, but likely not the proper fix [#1296](https://github.com/uclouvain/openjpeg/pull/1296) ([rouault](https://github.com/rouault)) - opj_j2k_setup_encoder(): validate POC compno0 and compno1 (fixes #1293) [#1295](https://github.com/uclouvain/openjpeg/pull/1295) ([rouault](https://github.com/rouault)) - Encoder: avoid global buffer overflow on irreversible conversion when… [#1292](https://github.com/uclouvain/openjpeg/pull/1292) ([rouault](https://github.com/rouault)) - Decoding: deal with some SPOT6 images that have tiles with a single tile-part with TPsot == 0 and TNsot == 0, and with missing EOC [#1291](https://github.com/uclouvain/openjpeg/pull/1291) ([rouault](https://github.com/rouault)) - Free p_tcd_marker_info to avoid memory leak [#1288](https://github.com/uclouvain/openjpeg/pull/1288) ([zodf0055980](https://github.com/zodf0055980)) - Encoder: grow again buffer size [#1287](https://github.com/uclouvain/openjpeg/pull/1287) ([zodf0055980](https://github.com/zodf0055980)) - Encoder: avoid uint32 overflow when allocating memory for codestream buffer (fixes #1243) [#1276](https://github.com/uclouvain/openjpeg/pull/1276) ([rouault](https://github.com/rouault)) - Java compatibility from 1.5 to 1.6 [#1263](https://github.com/uclouvain/openjpeg/pull/1263) ([jiapei100](https://github.com/jiapei100)) - opj_decompress: fix double-free on input directory with mix of valid and invalid images [#1262](https://github.com/uclouvain/openjpeg/pull/1262) ([rouault](https://github.com/rouault)) - openjp2: Plug image leak when failing to allocate codestream index. [#1260](https://github.com/uclouvain/openjpeg/pull/1260) ([sebras](https://github.com/sebras)) - openjp2: Plug memory leak when setting data as TLS fails. [#1258](https://github.com/uclouvain/openjpeg/pull/1258) ([sebras](https://github.com/sebras)) - openjp2: Error out if failing to create Tier 1 handle. [#1256](https://github.com/uclouvain/openjpeg/pull/1256) ([sebras](https://github.com/sebras)) - Testing for invalid values of width, height, numcomps [#1254](https://github.com/uclouvain/openjpeg/pull/1254) ([szukw000](https://github.com/szukw000)) - Single-threaded performance improvements in forward DWT for 5-3 and 9-7 (and other improvements) [#1253](https://github.com/uclouvain/openjpeg/pull/1253) ([rouault](https://github.com/rouault)) - Add support for multithreading in encoder [#1248](https://github.com/uclouvain/openjpeg/pull/1248) ([rouault](https://github.com/rouault)) - Add support for generation of PLT markers in encoder [#1246](https://github.com/uclouvain/openjpeg/pull/1246) ([rouault](https://github.com/rouault)) - Fix warnings about signed/unsigned casts in pi.c [#1244](https://github.com/uclouvain/openjpeg/pull/1244) ([rouault](https://github.com/rouault)) - opj_decompress: add sanity checks to avoid segfault in case of decoding error [#1240](https://github.com/uclouvain/openjpeg/pull/1240) ([rouault](https://github.com/rouault)) - ignore wrong icc [#1236](https://github.com/uclouvain/openjpeg/pull/1236) ([szukw000](https://github.com/szukw000)) - Implement writing of IMF profiles [#1235](https://github.com/uclouvain/openjpeg/pull/1235) ([rouault](https://github.com/rouault)) - tests: add alternate checksums for libtiff 4.1 [#1234](https://github.com/uclouvain/openjpeg/pull/1234) ([rouault](https://github.com/rouault)) - opj_tcd_init_tile(): avoid integer overflow [#1232](https://github.com/uclouvain/openjpeg/pull/1232) ([rouault](https://github.com/rouault)) - tests/fuzzers: link fuzz binaries using $LIB_FUZZING_ENGINE. [#1230](https://github.com/uclouvain/openjpeg/pull/1230) ([Dor1s](https://github.com/Dor1s)) - opj_j2k_update_image_dimensions(): reject images whose coordinates are beyond INT_MAX (fixes #1228) [#1229](https://github.com/uclouvain/openjpeg/pull/1229) ([rouault](https://github.com/rouault)) - Fix resource leaks [#1226](https://github.com/uclouvain/openjpeg/pull/1226) ([dodys](https://github.com/dodys)) - abi-check.sh: fix false postive ABI error, and display output error log [#1218](https://github.com/uclouvain/openjpeg/pull/1218) ([rouault](https://github.com/rouault)) - pi.c: avoid integer overflow, resulting in later invalid access to memory in opj_t2_decode_packets() [#1217](https://github.com/uclouvain/openjpeg/pull/1217) ([rouault](https://github.com/rouault)) - Add check to validate SGcod/SPcoc/SPcod parameter values. [#1211](https://github.com/uclouvain/openjpeg/pull/1211) ([sebras](https://github.com/sebras)) - Fix buffer overflow reading an image file less than four characters [#1196](https://github.com/uclouvain/openjpeg/pull/1196) ([robert-ancell](https://github.com/robert-ancell)) - compression: emit POC marker when only one single POC is requested (f… [#1192](https://github.com/uclouvain/openjpeg/pull/1192) ([rouault](https://github.com/rouault)) - Fix several potential vulnerabilities [#1185](https://github.com/uclouvain/openjpeg/pull/1185) ([Young-X](https://github.com/Young-X)) - openjp2/j2k: Report error if all wanted components are not decoded. [#1164](https://github.com/uclouvain/openjpeg/pull/1164) ([sebras](https://github.com/sebras))
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit 0a1d567ce82a6e8f1d103d9481ebf67088b8591c Author: Peter Müller peter.mueller@ipfire.org Date: Fri Apr 29 19:01:10 2022 +0000
Core Update 168: Ship openldap
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit c4f3bb4b08f5ee743cf984770d5f205cd75a7ec3 Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Apr 25 14:41:41 2022 +0200
openldap: Update to version 2.6.1
- Update from version 2.4.49 to 2.6.1 - Update of rootfile - Update of consolidated patch to 2.6.1 - Removal of old patches - Changelog OpenLDAP 2.6.1 Release (2022/01/20) Fixed libldap to init client socket port (ITS#9743) Fixed libldap with referrals (ITS#9781) Added slapd config keyword for logfile format (ITS#9745) Fixed slapd to allow objectClass edits with no net change (ITS#9772) Fixed slapd configtable population (ITS#9576) Fixed slapd to only set loglevel in server mode (ITS#9715) Fixed slapd logfile-rotate use of uninitialized variable (ITS#9730) Fixed slapd passwd scheme handling with slapd.conf (ITS#9750) Fixed slapd postread support for modrdn (ITS#7080) Fixed slapd syncrepl recreation of deleted entries (ITS#9282) Fixed slapd syncrepl replication with ODSEE (ITS#9707) Fixed slapd syncrepl to properly replicate glue entries (ITS#9647) Fixed slapd syncrepl to reject REFRESH for precise resync (ITS#9742) Fixed slapd syncrepl to avoid busy loop during refresh (ITS#9584) Fixed slapd syncrepl when X-ORDERED is specified (ITS#9761) Fixed slapd syncrepl to better handle out of order delete ops (ITS#9751) Fixed slapd syncrepl to correctly close connections when config is deleted (ITS#9776) Fixed slapd-mdb to update indices correctly on replace ops (ITS#9753) Fixed slapd-wt to set correct flags (ITS#9760) Fixed slapo-accesslog to fix assertion due to deprecated code (ITS#9738) Fixed slapo-accesslog to fix inconsistently normalized minCSN (ITS#9752) Fixed slapo-accesslog delete handling of multi-valued config attrs (ITS#9493) Fixed slapo-autogroup to maintain values in insertion order (ITS#9766) Fixed slapo-constraint to maintain values in insertion order (ITS#9770) Fixed slapo-dyngroup to maintain values in insertion order (ITS#9762) Fixed slapo-dynlist compare operation for static groups (ITS#9747) Fixed slapo-dynlist static group filter with multiple members (ITS#9779) Fixed slapo-ppolicy when not built modularly (ITS#9733) Fixed slapo-refint to maintain values in insertion order (ITS#9763) Fixed slapo-retcode to honor requested insert position (ITS#9759) Fixed slapo-sock cn=config support (ITS#9758) Fixed slapo-syncprov memory leak (ITS#8039) Fixed slapo-syncprov to generate a more accurate accesslog query (ITS#9756) Fixed slapo-syncprov to allow empty DB to host persistent syncrepl connections (ITS#9691) Fixed slapo-syncprov to consider all deletes for sycnInfo messages (ITS#5972) Fixed slapo-translucent to warn on invalid config (ITS#9768) Fixed slapo-unique to warn on invalid config (ITS#9767) Fixed slapo-valsort to maintain values in insertion order (ITS#9764) Build Environment Fix test022 to preserve DELAY search output (ITS#9718) Fix slapd-watcher to allow startup when servers are down (ITS#9727) Contrib Fixed slapo-lastbind to work with 2.6 lastbind-precision configuration (ITS#9725) Documentation Fixed slapd.conf(5)/slapd-config(5) documentation on lastbind-precision (ITS#9728) Fixed slapo-accesslog(5) to clarify logoldattr usage (ITS#9749) OpenLDAP 2.6.0 Release (2021/10/25) Initial release for "general use". OpenLDAP 2.5.7 Release (2021/08/18) Fixed lloadd client state tracking (ITS#9624) Fixed slapd bconfig to canonicalize structuralObjectclass (ITS#9611) Fixed slapd-ldif duplicate controls response (ITS#9497) Fixed slapd-mdb multival crash when attribute is missing an equality matchingrule (ITS#9621) Fixed slapd-mdb compatibility with OpenLDAP 2.4 MDB databases (ITS#8958) Fixed slapd-mdb idlexp maximum size handling (ITS#9637) Fixed slapd-monitor number of ops executing with asynchronous backends (ITS#9628) Fixed slapd-sql to add support for ppolicy attributes (ITS#9629) Fixed slapd-sql to close transactions after bind and search (ITS#9630) Fixed slapo-accesslog to make reqMod optional (ITS#9569) Fixed slapo-ppolicy logging when pwdChangedTime attribute is not present (ITS#9625) Documentation slapd-mdb(5) note max idlexp size is 30, not 31 (ITS#9637) slapo-accesslog(5) note that reqMod is optional (ITS#9569) Add ldapvc(1) man page (ITS#9549) Add guide section on load balancer (ITS#9443) Updated guide to document multiprovider as replacement for mirrormode (ITS#9200) Updated guide to clarify slapd-mdb upgrade requirements (ITS#9200) Updated guide to document removal of deprecated options from client tools (ITS#9200) OpenLDAP 2.5.6 Release (2021/07/27) Fixed libldap buffer overflow (ITS#9578) Fixed libldap missing mutex unlock on connection alloc failure (ITS#9590) Fixed lloadd cn=config olcBkLloadClientMaxPending setting (ITS#8747) Fixed slapd multiple config defaults (ITS#9363) Fixed slapd ipv6 addresses to work with tcp wrappers (ITS#9603) Fixed slapo-syncprov delete of nonexistent sessionlog (ITS#9608) Build Fixed library symbol versioning on Solaris (ITS#9591) Fixed compile warning in libldap/tpool.c (ITS#9601) Fixed compile warning in libldap/tls_o.c (ITS#9602) Contrib Fixed ppm module for sysconfdir (ITS#7832) Documentation Updated guide to document multival, idlexp, and maxentrysize (ITS#9613, ITS#9614) OpenLDAP 2.5.5 Release (2021/06/03) Added libldap LDAP_OPT_TCP_USER_TIMEOUT support (ITS#9502) Added lloadd tcp-user-timeout support (ITS#9502) Added slapd-asyncmeta tcp-user-timeout support (ITS#9502) Added slapd-ldap tcp-user-timeout support (ITS#9502) Added slapd-meta tcp-user-timeout support (ITS#9502) Fixed incorrect control OIDs for AuthZ Identity (ITS#9542) Fixed libldap typo in util-int.c (ITS#9541) Fixed libldap double free of LDAP_OPT_DEFBASE (ITS#9530) Fixed libldap better TLS1.3 cipher suite handling (ITS#9521, ITS#9546) Fixed lloadd multiple issues (ITS#8747) Fixed slapd slap_op_time to avoid duplicates across restarts (ITS#9537) Fixed slapd typo in daemon.c (ITS#9541) Fixed slapd slapi compilation (ITS#9544) Fixed slapd to handle empty DN in extended filters (ITS#9551) Fixed slapd syncrepl searches with empty base (ITS#6467) Fixed slapd syncrepl refresh on startup (ITS#9324, ITS#9534) Fixed slapd abort due to typo (ITS#9561) Fixed slapd-asyncmeta quarantine handling (ITS#8721) Fixed slapd-asyncmeta to have a default operations timeout (ITS#9555) Fixed slapd-ldap quarantine handling (ITS#8721) Fixed slapd-mdb deletion of context entry (ITS#9531) Fixed slapd-mdb off-by-one affecting search scope (ITS#9557) Fixed slapd-meta quarantine handling (ITS#8721) Fixed slapo-accesslog to record reqNewDN for modRDN ops (ITS#9552) Fixed slapo-pcache locking during expiration (ITS#9529) Build Fixed slappw-argon2 module installation (ITS#9548) Contrib Update ldapc++/ldaptcl to use configure.ac (ITS#9554) Documentation ldap_first_attribute(3) - Document ldap_get_attribute_ber (ITS#8820) ldap_modify(3) - Delete non-existent mod_next parameter (ITS#9559) OpenLDAP 2.5.4 Release (2021/04/29) Initial release for "general use". OpenLDAP 2.4.57 Release (2021/01/18) Fixed ldapexop to use correct return code (ITS#9417) Fixed slapd to remove asserts in UUIDNormalize (ITS#9391) Fixed slapd to remove assert in csnValidate (ITS#9410) Fixed slapd validity checks for issuerAndThisUpdateCheck (ITS#9411, ITS#9427) Fixed slapd validity checks for serialNumberAndIssuerCheck (ITS#9404, ITS#9424) Fixed slapd AVA sort with invalid RDN (ITS#9412) Fixed slapd ldap_X509dn2bv to check for invalid BER after RDN count (ITS#9423, ITS#9425) Fixed slapd saslauthz to remove asserts in validation (ITS#9406, ITS#9407) Fixed slapd saslauthz to use slap_sl_free on normalized DN (ITS#9409) Fixed slapd saslauthz SEGV in slap_parse_user (ITS#9413) Fixed slapd modrdn memory leak (ITS#9420) Fixed slapd double-free in vrfilter (ITS#9408) Fixed slapd cancel operation to correctly terminate (ITS#9428) Fixed slapd-ldap fix binds on retry with closed connection (ITS#9400) Fixed slapo-syncprov to ignore duplicate sessionlog entries (ITS#9394) OpenLDAP 2.4.56 Release (2020/11/10) Fixed slapd to remove assert in certificateListValidate (ITS#9383) Fixed slapd to remove assert in csnNormalize23 (ITS#9384) Fixed slapd to better parse ldapi listener URIs (ITS#9379) OpenLDAP 2.4.55 Release (2020/10/26) Fixed slapd normalization handling with modrdn (ITS#9370) Fixed slapd-meta to check ldap_install_tls return code (ITS#9366) Contrib Fixed nssov misplaced semicolon (ITS#8731, ITS#9368) OpenLDAP 2.4.54 Release (2020/10/12) Fixed slapd delta-syncrepl to ignore delete ops on deleted entry (ITS#9342) Fixed slapd delta-syncrepl to be fully serialized (ITS#9330) Fixed slapd delta-syncrepl MOD on zero-length context entry (ITS#9352) Fixed slapd syncrepl to be fully serialized (ITS#8102) Fixed slapd syncrepl to call check_syncprov on fresh consumer (ITS#9345) Fixed slapd syncrepl to propagate errors from overlay_entry_get_ov (ITS#9355) Fixed slapd syncrepl to not create empty ADD ops (ITS#9359) Fixed slapd syncrepl replace usage on single valued attrs (ITS#9295) Fixed slapd-monitor fix monitor_back_register_database for empty suffix DB (ITS#9353) Fixed slapo-accesslog normalizer for reqStart (ITS#9358) Fixed slapo-accesslog to not generate new contextCSN on purge (ITS#9361) Fixed slapo-syncprov contextCSN generation with empty suffix (ITS#9015) Fixed slapo-syncprov sessionlog to use a TAVL tree (ITS#8486) OpenLDAP 2.4.53 Release (2020/09/07) Added slapd syncrepl additional SYNC logging (ITS#9043) Fixed slapd syncrepl segfault on NULL cookie on REFRESH (ITS#9282) Fixed slapd syncrepl to use fresh connection on REFRESH fallback (ITS#9338) Fixed slapo-ppolicy race condition for pwdFailureTime (ITS#9302,ITS#9334) Build Require OpenSSL 1.0.2 or later (ITS#9323) Fixed libldap compilation issue with broken C compilers (ITS#9332) OpenLDAP 2.4.52 Release (2020/08/28) Added libldap LDAP_OPT_X_TLS_REQUIRE_SAN option (ITS#9318) Added libldap OpenSSL support for multiple EECDH curves (ITS#9054) Added slapd OpenSSL support for multiple EECDH curves (ITS#9054) Fixed librewrite malloc/free corruption (ITS#9249) Fixed libldap hang when using UDP and server down (ITS#9328) Fixed slapd syncrepl rare deadlock due to network issues (ITS#9324) Fixed slapd syncrepl regression that could trigger an assert (ITS#9329) Fixed slapd-mdb index error with collapsed range (ITS#9135) OpenLDAP 2.4.51 Release (2020/08/11) Added slapo-ppolicy implement Netscape password policy controls (ITS#9279) Fixed libldap retry loop in ldap_int_tls_connect (ITS#8650) Fixed libldap to use getaddrinfo in ldap_pvt_get_fqdn (ITS#9287) Fixed slapd to enforce singular existence of some overlays (ITS#9309) Fixed slapd syncrepl to not delete non-replicated attrs (ITS#9227) Fixed slapd syncrepl to correctly delete entries on resync (ITS#9282) Fixed slapd syncrepl to use replace on single valued attrs (ITS#9294, ITS#9295) Fixed slapd-perl dynamic config with threaded slapd (ITS#7573) Fixed slapo-ppolicy to expose the ppolicy control (ITS#9285) Fixed slapo-ppolicy race condition for pwdFailureTime (ITS#9302) Fixed slapo-ppolicy so it can only exist once per DB (ITS#9309) Fixed slapo-chain to check referral (ITS#9262) Build Environment Fix test064 so it no longer uses bashisms (ITS#9263) Contrib Fix default prefix value for pw-argon2, pw-pbkdf2 modules (ITS#9248) slapo-allowed - Fix usage of unitialized variable (ITS#9308) Documentation ldap_parse_result(3) - Document ldap_parse_intermediate (ITS#9271) OpenLDAP 2.4.50 Release (2020/04/28) Fixed client benign typos (ITS#8890) Fixed libldap type cast (ITS#9175) Fixed libldap retry loop in ldap_int_tls_connect (ITS#8650) Fixed libldap_r race on Windows mutex initialization (ITS#9181) Fixed liblunicode memory leak (ITS#9198) Fixed slapd benign typos (ITS#8890) Fixed slapd to limit depth of nested filters (ITS#9202) Fixed slapd-mdb memory leak in dnSuperiorMatch (ITS#9214) Fixed slapo-pcache database initialization (ITS#9182) Fixed slapo-ppolicy callback (ITS#9171) Build Fix olcDatabaseDummy initialization for windows (ITS#7074) Fix detection for ws2tcpip.h for windows (ITS#8383) Fix back-mdb types for windows (ITS#7878) Contrib Update ldapc++ config.guess and config.sub to support newer architectures (ITS#7855) Added pw-argon2 module (ITS#9233, ITS#8575, ITS#9203, ITS#9206) Documentation slapd-ldap(5) - Clarify idassert-authzfrom behavior (ITS#9003) slapd-meta(5) - Remove client-pr option (ITS#8683) slapindex(8) - Fix truncate option information for back-mdb (ITS#9230)
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit 174778b20266c2c24f15784e090e7e8d10118642 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Apr 29 18:59:21 2022 +0000
Core Update 168: Ship sqlite
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 8596273dca625444ef1b28a7a7e61a1354c23c47 Author: Adolf Belka adolf.belka@ipfire.org Date: Thu Apr 28 13:14:25 2022 +0200
sqlite: Update to version 3380300
- Update from version 3380000 to 3380300 - Update of rootfile not required - Changelog 3.38.3 (2022-04-27): Fix a case of the query planner be overly aggressive with optimizing automatic-index and Bloom-filter construction, using inappropriate ON clause terms to restrict the size of the automatic-index or Bloom filter, and resulting in missing rows in the output. Forum thread 0d3200f4f3bcd3a3. Other minor patches. See the timeline for details. 3.38.2 (2022-03-26): Fix a user-discovered problem with the new Bloom filter optimization that might cause an incorrect answer when doing a LEFT JOIN with a WHERE clause constraint that says that one of the columns on the right table of the LEFT JOIN is NULL. See forum thread 031e262a89b6a9d2. Other minor patches. See the timeline for details. 3.38.1 (2022-03-12): Fix problems with the new Bloom filter optimization that might cause some obscure queries to get an incorrect answer. Fix the localtime modifier of the date and time functions so that it preserves fractional seconds. Fix the sqlite_offset SQL function so that it works correctly even in corner cases such as when the argument is a virtual column or the column of a view. Fix row value IN operator constraints on virtual tables so that they work correctly even if the virtual table implementation relies on bytecode to filter rows that do not satisfy the constraint. Other minor fixes to assert() statements, test cases, and documentation. See the source code timeline for details.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit 94e680c36d2f16577e16dc7748721c990efde492 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Apr 29 18:58:43 2022 +0000
Core Update 168: Ship mpfr
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit ca0458ce1577f5793acaec9e25167b329fec43a3 Author: Adolf Belka adolf.belka@ipfire.org Date: Thu Apr 28 23:24:34 2022 +0200
mpfr: Update to version 4.1.0 plus patches 1 to 13
- Update from version 4.1.0 to 4.1.0 plus patches 1 to 13 - Version 4.1.0 was released on 10-07-2020. However patches have been progressively issued to fix various bugs that have been identified. - Currently 13 patches have been issued and mpfr provide a cumulative patches file to use to patch the source file. - Update of rootfile - Patch changelog 1 With GCC (the only tested compiler with software _Decimal128), conversions of double to _Decimal128 yield an increase of 2 to 3 MB for the generated library code when the decimal encoding is BID (designed for software implementations), even though the conversions done in MPFR are very simple. Details about this GCC issue. The decimal128-conv patch avoids these conversions by directly using _Decimal128 constants. Note that fixing the issue entirely would require to get rid of all the decimal128 operations; in the mean time, decimal support (i.e. mpfr_get_decimal128 and mpfr_set_decimal128 functions) could be disabled at configure time. Corresponding changeset in the 4.1 branch: 14094. 2 The random_deviate.c file contains non-portable code. This is fixed by the random_deviate patch. Corresponding changeset in the 4.1 branch: 14126. 3 In the mpfr_set_z_2exp function, a huge mpz_t value can yield an integer overflow. This is fixed by the set_z_2exp-overflow patch (with testcases). Note that in practice, an integer overflow may occur only with a 32-bit ABI. Moreover, with a usual compilation, an integer overflow should here not yield any particular issue, assuming that the processor does signed addition and multiplication modulo 2^32 (as usual). However, UBsan would detect the overflow, and LTO might have unpredictable effects. Corresponding changesets in the 4.1 branch: 14147, 14151. 4 Some function prototypes are slightly inconsistent. This is valid C code, but these inconsistencies are unintended and possibly confusing, and they trigger diagnostics with the -Warray-parameter option of the future GCC 11 (included in -Wall). This causes issues when testing MPFR. And since mpfr.h is concerned, this might also affect user code. This is fixed by the prototypes patch. Corresponding changeset in the 4.1 branch: 14411. 5 In uncommon cases, the mpfr_digamma function needs to use an intermediate precision equal to the exponent of the input value, which may be huge. This is inefficient, and the code can request more memory than available, yielding a crash. The digamma-hugemem patch improves the implementation by making such a need much rarer; it also provides testcases showing a crash on 64-bit machines (at least). Corresponding changeset in the 4.1 branch: 14424. 6 The mpfr_digamma function may have an erratic behavior in some cases (an assertion failure in debug mode). This is fixed by the digamma-interm-zero patch (with testcase). Corresponding changeset in the 4.1 branch: 14425. 7 The Bessel functions (mpfr_j0, mpfr_j1, mpfr_jn, mpfr_y0, mpfr_y1, mpfr_yn) may have an erratic behavior in some cases (an assertion failure in debug mode). This is fixed by the jn-interm-zero patch (with testcase). Corresponding changeset in the 4.1 branch: 14426. 8 The mpfr_digamma function may have an erratic behavior in some cases (an assertion failure in debug mode) when the reflection formula is used, i.e. when x < 1/2. This is fixed by the digamma-interm-zero2 patch (with testcase). Corresponding changeset in the 4.1 branch: 14435. 9 The Bessel functions (mpfr_j0, mpfr_j1, mpfr_jn, mpfr_y0, mpfr_y1, mpfr_yn) may have an erratic behavior in some cases (an assertion failure in debug mode) when the asymptotic expansion is needed. This is fixed by the jyn_asympt-interm-zero patch (with testcase). Corresponding changeset in the 4.1 branch: 14436. 10 Some functions are also implemented as macros, and such a macro should behave exactly like the corresponding function (if the code is valid for the function call). However, the following macros do not behave as if their argument were implicitly converted to the type from the function prototype: mpfr_nan_p, mpfr_inf_p, mpfr_zero_p, mpfr_regular_p, mpfr_get_prec, mpfr_get_exp, mpfr_copysign (third argument), mpfr_signbit and mpfr_set (second argument). For instance, providing an argument of type void * instead of mpfr_ptr or mpfr_srcptr will yield a compilation failure. Note that this issue does not exist in C++, which does not support such implicit conversions. Moreover, the mpfr_set macro evaluates its second argument twice (reported by David McCooey), which is incorrect if this evaluation has side effects. This is fixed by the macros patch (with testcases). Macros for the custom interface, which are explicitly documented as provided, do not follow these rules; the patch clarifies this point in the MPFR manual. Corresponding changesets in the 4.1 branch: 14468, 14469. 11 The test programs tset_si and tset_sj fail if MPFR_USE_NO_MACRO is defined (e.g., via -DMPFR_USE_NO_MACRO in CFLAGS). This is fixed by the tset_sij patch. Corresponding changeset in the 4.1 branch: 14470. 12 The mpfr_get_str_ndigits function may raise the inexact flag. In a very reduced exponent range (e.g. in which the result would not be representable as a MPFR number), it has undefined behavior: it may return an incorrect value, crash, or loop, taking more and more memory. This is fixed by the get_str_ndigits patch, which also updates the tests to check these issues. Corresponding changeset in the 4.1 branch: 14490. 13 The code for the formatted output functions (mpfr_printf, etc.) contains an incorrect assertion, checked only in debug mode, i.e. when MPFR has been configured with --enable-assert; this assertion failure occurs when the integer 0 (of either a native type or mpfr_prec_t with the length specifier P) is output with the precision field equal to 0, i.e. when the corresponding string to output is empty. Otherwise, there should be no side effects since the code is actually valid in this case; but since the code incorrectly instructs the compiler that some variable cannot be 0, there might be an issue with some optimizations (very unlikely, though). This bug is fixed by the vasprintf-prec-zero patch, which also provides testcases. Corresponding changesets in the 4.1 branch: 14524, 14525.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit 4b113aa68ebc522686c4c70155d6c69507d4d7d1 Author: Adolf Belka adolf.belka@ipfire.org Date: Thu Apr 28 23:25:00 2022 +0200
mtr: Update to version 0.95
- Update from version 0.94 to 0.95 - Update of rootfile not required - Changelog V0.95 Aaron Lipinski (27): move net_send_batch call to its caller addr -> hostent for consistency re-init source too additional call from net_reopen refactor - group local, remote inits reset ctl address family at net_reopen accept only value used in structure tell dns process if we want 4 or 6 resolve ipv6 only if we have ipv6 remove wrapper only function init structures correctly wired up prepare host with h_addr_list remove temporaries extract convert_addrinfo_to_hostent function move conversion call to caller use addrinfo remove conversion function switch gui to addrinfo export DEFAULT_AF reset addr family before searching again freeaddrinfo export get_hostent_from_name make Hostname as const rename function dont show json option if not available Egor Panov (1): Updated Readme R.E. Wolff (2): Slight cleanup, but no fix for code that came up in a bugreport. increased max length suggested by YVS2014 Roger Wolff (12): Rogier Wolff (2): Code formatting for Zenithal pull added clarification to readme suggested by Zenithal Sergei Trofimovich (1): ui/curses: always use "%s"-style format for printf()-style functions Vincent Bernat (3): ui: don't cast to void* when calling display_rawhost() net: fix MPLS display for curses and report report: fix display of MPLS labels when using --report Zenithal (1): Add display of destination with resolved addr under curses mode a1346054 (5): fix wrong bash completion flag fix shellcheck warnings unify codestyle fix spelling trim trailing whitespace gaamox@tutanota.com (1): Report secondary servers when CSV + wide report is enabled
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit 9ee219315c2eb419126afd621e6664c6aefc36cb Author: Adolf Belka adolf.belka@ipfire.org Date: Thu Apr 28 23:25:13 2022 +0200
multipath-tools: Update to version 0.8.9
- Update from commit 386d288, bumped to version 0.7.7 (May 2018) to version 0.8.9 (Feb 2022) - Update of rootfile - Changelog No changelog file in the source tarball or on website. Changelog is the commit tree see https://github.com/opensvc/multipath-tools/commits/master for more details
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit b4294a6a0959127003f4c2cb99887f3e64dc8c09 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Apr 29 18:56:38 2022 +0000
Core Update 168: Ship nano
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 4b502cf0c2d4388d5b29c5656a35e75e34b4fafe Author: Adolf Belka adolf.belka@ipfire.org Date: Thu Apr 28 23:25:28 2022 +0200
nano: Update to version 6.3
- Update from version 6.2 to 6.3 - Update of rootfile not required - Changelog Changes between v6.2 and v6.3: Benno Schulenberg (41): build: add the --disable-maintainer-mode option to ./configure build: fix compilation for --enable-{tiny,nanorc,color} build: fix compilation when configured with --disable-color build: remove an obsolete check -- the dependent code was deleted bump version numbers and add a news item for the 6.3 release display: suppress spotlight yellow and error red when NO_COLOR is set docs: add an example binding for copying text to the system clipboard execute: clear an anchor only when the whole buffer gets filtered execute: don't crash when an empty buffer is piped through a command execute: stay on the same line number when filtering the whole buffer feedback: show extra warning when writing failed due to "No space left" files: do not change to a higher directory when the working one is gone files: show a warning when the working directory is gone (when used) files: when the working directory exists, still check its accessibility filtering: close all output descriptors, so that 'xsel' will terminate formatting: change cursor position only after saving it in the undo item gnulib: pull in the workaround for a build problem on NetBSD gnulib: update to its current upstream state justify: stay at the same line number when doing a full justification painting: colorize text also after an unterminated start match painting: look for another start match only after the actual end match painting: recalculate the multidata when making large strides or changes painting: stop coloring an extremely long line after 2000 bytes painting: tighten the check for a lacking end match on a colored line syntax: xml: colorize /> properly, and colorize prolog tags differently syntax: xml: colorize user-defined entities differently tweaks: avoid a function call when two plain assignments will do tweaks: change the indentation of a list, to match other indentations tweaks: don't leave an orphaned temporary file behind when writing fails tweaks: elide an unneeded call of strlen() tweaks: exclude the extra truncation warning from the tiny version tweaks: make the triggering of the recalculation of multidata less eager tweaks: move the saving and restoring of flags to where it is needed tweaks: normalize the indentation after the previous change tweaks: prevent the adding of an unwanted newline in a different way tweaks: remove redundant braces, and add two translator hints tweaks: remove some stray spaces before a comma tweaks: simplify a bit of code, eliding two labels and three gotos tweaks: simplify a fragment of code, and fold two lines together tweaks: trim a few comments, rename a function, and reshuffle some code verbatim: with --zero, keep cursor in viewport when it was on bottom row Mike Frysinger (1): general: fix building for Windows
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit ff76241b271dc7fdceb7431c95cee299678c90f8 Author: Adolf Belka adolf.belka@ipfire.org Date: Thu Apr 28 23:25:55 2022 +0200
ncdu: Update to version 1.17
- Update from version 1.16 to 1.17 - Update of rootfile not required - Changelog 1.17 - 2022-04-28 - ncdu-1.17.tar.gz Add ‘dark-bg’ color scheme and use that by default Use natural sort order when sorting by file name Improve compatibility with C89 environments Fix wrong assumption about errno not being set by realloc()
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit 843314ba98e0d6b8ab3d1760f49f256ff5cebb61 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Apr 23 23:25:34 2022 +0200
parted: Update to version 3.5
- Update from 3.4 to 3.5 - Update of rootfile - Changelog * Noteworthy changes in release 3.5 (2022-04-18) [stable] ** New Features Update to latest gnulib for 3.5 release * Noteworthy changes in release 3.4.64.2 (2022-04-05) [alpha] ** Bug Fixes usage: remove the mention of "a particular partition" * Noteworthy changes in release 3.4.64 (2022-03-30) [alpha] ** New Features Add --fix to --script mode to automatically fix problems like the backup GPT header not being at the end of a disk. Add use of the swap partition flag to msdos disk labeled disks. Allow the partition name to be an empty string when set in script mode. Add --json command line switch to output the details of the disk as JSON. Add support for the Linux home GUID using the linux-home flag. ** Bug Fixes Decrease disk sizes used in tests to make it easier to run the test suite on systems with less memory. Largest filesystem is now 267MB (fat32). The rest are only 10MB. Add aarch64 and mips64 as valid machines for testing. Escape colons and backslashes in the machine output. Device path, model, and partition name could all include these. They are now escaped with a backslash. Use libdevmapper's retry remove option when the device is BUSY. This prevents libdevmapper from printing confusin output when trying to remove a busy partition. Keep GUID specific attributes when writing the GPT header. Previously they were set to 0.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/common/multipath-tools | 6 +- config/rootfiles/common/openjpeg | 18 +- config/rootfiles/common/openldap | 33 +- config/rootfiles/common/parted | 4 +- .../{oldcore/101 => core/168}/filelists/mpfr | 0 .../{oldcore/167 => core/168}/filelists/nano | 0 .../{oldcore/151 => core/168}/filelists/openjpeg | 0 .../{oldcore/128 => core/168}/filelists/openldap | 0 .../{oldcore/125 => core/168}/filelists/sqlite | 0 config/rootfiles/core/168/update.sh | 1 + lfs/mpfr | 1 + lfs/mtr | 7 +- lfs/multipath-tools | 4 +- lfs/nano | 4 +- lfs/ncdu | 6 +- lfs/openjpeg | 4 +- lfs/openldap | 6 +- lfs/parted | 6 +- lfs/sqlite | 4 +- .../mpfr-4.1.0-cumulative-patches-1-to-13.patch | 2976 +++++++++++++ src/patches/openldap-2.4.49-consolidated-1.patch | 371 -- src/patches/openldap-2.6.1-consolidated-2.patch | 4689 ++++++++++++++++++++ src/patches/openldap-gcc44-fixes.patch | 31 - 23 files changed, 7725 insertions(+), 446 deletions(-) copy config/rootfiles/{oldcore/101 => core/168}/filelists/mpfr (100%) copy config/rootfiles/{oldcore/167 => core/168}/filelists/nano (100%) copy config/rootfiles/{oldcore/151 => core/168}/filelists/openjpeg (100%) copy config/rootfiles/{oldcore/128 => core/168}/filelists/openldap (100%) copy config/rootfiles/{oldcore/125 => core/168}/filelists/sqlite (100%) create mode 100644 src/patches/mpfr-4.1.0-cumulative-patches-1-to-13.patch delete mode 100644 src/patches/openldap-2.4.49-consolidated-1.patch create mode 100644 src/patches/openldap-2.6.1-consolidated-2.patch delete mode 100644 src/patches/openldap-gcc44-fixes.patch
Difference in files: diff --git a/config/rootfiles/common/multipath-tools b/config/rootfiles/common/multipath-tools index aa3f9d138..1f87feb0d 100644 --- a/config/rootfiles/common/multipath-tools +++ b/config/rootfiles/common/multipath-tools @@ -1,4 +1,8 @@ #sbin/kpartx +#usr/lib/udev +#usr/lib/udev/kpartx_id +#usr/lib/udev/rules.d #usr/lib/udev/rules.d/11-dm-parts.rules +#usr/lib/udev/rules.d/66-kpartx.rules #usr/lib/udev/rules.d/68-del-part-nodes.rules -#usr/share/man/man8/kpartx.8.gz +#usr/share/man/man8/kpartx.8 diff --git a/config/rootfiles/common/openjpeg b/config/rootfiles/common/openjpeg index bafa62afc..3540d2297 100644 --- a/config/rootfiles/common/openjpeg +++ b/config/rootfiles/common/openjpeg @@ -1,15 +1,15 @@ usr/bin/opj_compress usr/bin/opj_decompress usr/bin/opj_dump -#usr/include/openjpeg-2.3 -#usr/include/openjpeg-2.3/openjpeg.h -#usr/include/openjpeg-2.3/opj_config.h -#usr/include/openjpeg-2.3/opj_stdint.h +#usr/include/openjpeg-2.4 +#usr/include/openjpeg-2.4/openjpeg.h +#usr/include/openjpeg-2.4/opj_config.h +#usr/include/openjpeg-2.4/opj_stdint.h #usr/lib/libopenjp2.so -usr/lib/libopenjp2.so.2.3.1 +usr/lib/libopenjp2.so.2.4.0 usr/lib/libopenjp2.so.7 -#usr/lib/openjpeg-2.3 -#usr/lib/openjpeg-2.3/OpenJPEGConfig.cmake -#usr/lib/openjpeg-2.3/OpenJPEGTargets-release.cmake -#usr/lib/openjpeg-2.3/OpenJPEGTargets.cmake +#usr/lib/openjpeg-2.4 +#usr/lib/openjpeg-2.4/OpenJPEGConfig.cmake +#usr/lib/openjpeg-2.4/OpenJPEGTargets-release.cmake +#usr/lib/openjpeg-2.4/OpenJPEGTargets.cmake #usr/lib/pkgconfig/libopenjp2.pc diff --git a/config/rootfiles/common/openldap b/config/rootfiles/common/openldap index 8d42b8880..45e731ee4 100644 --- a/config/rootfiles/common/openldap +++ b/config/rootfiles/common/openldap @@ -10,6 +10,7 @@ #usr/bin/ldappasswd #usr/bin/ldapsearch #usr/bin/ldapurl +#usr/bin/ldapvc #usr/bin/ldapwhoami #usr/include/lber.h #usr/include/lber_types.h @@ -21,18 +22,16 @@ #usr/include/ldif.h #usr/include/openldap.h #usr/include/slapi-plugin.h -usr/lib/liblber-2.4.so.2 -usr/lib/liblber-2.4.so.2.10.12 #usr/lib/liblber.la #usr/lib/liblber.so -usr/lib/libldap-2.4.so.2 -usr/lib/libldap-2.4.so.2.10.12 +usr/lib/liblber.so.2 +usr/lib/liblber.so.2.0.200 #usr/lib/libldap.la #usr/lib/libldap.so -usr/lib/libldap_r-2.4.so.2 -usr/lib/libldap_r-2.4.so.2.10.12 -#usr/lib/libldap_r.la -#usr/lib/libldap_r.so +usr/lib/libldap.so.2 +usr/lib/libldap.so.2.0.200 +#usr/lib/pkgconfig/lber.pc +#usr/lib/pkgconfig/ldap.pc #usr/share/man/man1/ldapadd.1 #usr/share/man/man1/ldapcompare.1 #usr/share/man/man1/ldapdelete.1 @@ -42,6 +41,7 @@ usr/lib/libldap_r-2.4.so.2.10.12 #usr/share/man/man1/ldappasswd.1 #usr/share/man/man1/ldapsearch.1 #usr/share/man/man1/ldapurl.1 +#usr/share/man/man1/ldapvc.1 #usr/share/man/man1/ldapwhoami.1 #usr/share/man/man3/ber_alloc_t.3 #usr/share/man/man3/ber_bvarray_add.3 @@ -136,6 +136,7 @@ usr/lib/libldap_r-2.4.so.2.10.12 #usr/share/man/man3/ldap_first_message.3 #usr/share/man/man3/ldap_first_reference.3 #usr/share/man/man3/ldap_free_urldesc.3 +#usr/share/man/man3/ldap_get_attribute_ber.3 #usr/share/man/man3/ldap_get_dn.3 #usr/share/man/man3/ldap_get_option.3 #usr/share/man/man3/ldap_get_values.3 @@ -175,6 +176,7 @@ usr/lib/libldap_r-2.4.so.2.10.12 #usr/share/man/man3/ldap_objectclass_free.3 #usr/share/man/man3/ldap_open.3 #usr/share/man/man3/ldap_parse_extended_result.3 +#usr/share/man/man3/ldap_parse_intermediate.3 #usr/share/man/man3/ldap_parse_reference.3 #usr/share/man/man3/ldap_parse_result.3 #usr/share/man/man3/ldap_parse_sasl_bind_result.3 @@ -227,23 +229,22 @@ usr/lib/libldap_r-2.4.so.2.10.12 #usr/share/man/man3/ldap_value_free_len.3 #usr/share/man/man5/ldap.conf.5 #usr/share/man/man5/ldif.5 -#usr/share/man/man5/slapd-bdb.5 +#usr/share/man/man5/lloadd.conf.5 +#usr/share/man/man5/slapd-asyncmeta.5 #usr/share/man/man5/slapd-config.5 #usr/share/man/man5/slapd-dnssrv.5 -#usr/share/man/man5/slapd-hdb.5 #usr/share/man/man5/slapd-ldap.5 #usr/share/man/man5/slapd-ldif.5 #usr/share/man/man5/slapd-mdb.5 #usr/share/man/man5/slapd-meta.5 #usr/share/man/man5/slapd-monitor.5 -#usr/share/man/man5/slapd-ndb.5 #usr/share/man/man5/slapd-null.5 #usr/share/man/man5/slapd-passwd.5 #usr/share/man/man5/slapd-perl.5 #usr/share/man/man5/slapd-relay.5 -#usr/share/man/man5/slapd-shell.5 #usr/share/man/man5/slapd-sock.5 #usr/share/man/man5/slapd-sql.5 +#usr/share/man/man5/slapd-wt.5 #usr/share/man/man5/slapd.access.5 #usr/share/man/man5/slapd.backends.5 #usr/share/man/man5/slapd.conf.5 @@ -251,17 +252,22 @@ usr/lib/libldap_r-2.4.so.2.10.12 #usr/share/man/man5/slapd.plugin.5 #usr/share/man/man5/slapo-accesslog.5 #usr/share/man/man5/slapo-auditlog.5 +#usr/share/man/man5/slapo-autoca.5 #usr/share/man/man5/slapo-chain.5 #usr/share/man/man5/slapo-collect.5 #usr/share/man/man5/slapo-constraint.5 #usr/share/man/man5/slapo-dds.5 +#usr/share/man/man5/slapo-deref.5 #usr/share/man/man5/slapo-dyngroup.5 #usr/share/man/man5/slapo-dynlist.5 +#usr/share/man/man5/slapo-homedir.5 #usr/share/man/man5/slapo-memberof.5 +#usr/share/man/man5/slapo-otp.5 #usr/share/man/man5/slapo-pbind.5 #usr/share/man/man5/slapo-pcache.5 #usr/share/man/man5/slapo-ppolicy.5 #usr/share/man/man5/slapo-refint.5 +#usr/share/man/man5/slapo-remoteauth.5 #usr/share/man/man5/slapo-retcode.5 #usr/share/man/man5/slapo-rwm.5 #usr/share/man/man5/slapo-sock.5 @@ -270,6 +276,8 @@ usr/lib/libldap_r-2.4.so.2.10.12 #usr/share/man/man5/slapo-translucent.5 #usr/share/man/man5/slapo-unique.5 #usr/share/man/man5/slapo-valsort.5 +#usr/share/man/man5/slappw-argon2.5 +#usr/share/man/man8/lloadd.8 #usr/share/man/man8/slapacl.8 #usr/share/man/man8/slapadd.8 #usr/share/man/man8/slapauth.8 @@ -277,6 +285,7 @@ usr/lib/libldap_r-2.4.so.2.10.12 #usr/share/man/man8/slapd.8 #usr/share/man/man8/slapdn.8 #usr/share/man/man8/slapindex.8 +#usr/share/man/man8/slapmodify.8 #usr/share/man/man8/slappasswd.8 #usr/share/man/man8/slapschema.8 #usr/share/man/man8/slaptest.8 diff --git a/config/rootfiles/common/parted b/config/rootfiles/common/parted index 0dab6ae3b..d88a506c5 100644 --- a/config/rootfiles/common/parted +++ b/config/rootfiles/common/parted @@ -14,12 +14,12 @@ #usr/lib/libparted-fs-resize.la #usr/lib/libparted-fs-resize.so usr/lib/libparted-fs-resize.so.0 -usr/lib/libparted-fs-resize.so.0.0.3 +usr/lib/libparted-fs-resize.so.0.0.4 #usr/lib/libparted.a #usr/lib/libparted.la #usr/lib/libparted.so usr/lib/libparted.so.2 -usr/lib/libparted.so.2.0.3 +usr/lib/libparted.so.2.0.4 #usr/lib/pkgconfig/libparted-fs-resize.pc #usr/lib/pkgconfig/libparted.pc usr/sbin/parted diff --git a/config/rootfiles/core/168/filelists/mpfr b/config/rootfiles/core/168/filelists/mpfr new file mode 120000 index 000000000..c8468bf42 --- /dev/null +++ b/config/rootfiles/core/168/filelists/mpfr @@ -0,0 +1 @@ +../../../common/mpfr \ No newline at end of file diff --git a/config/rootfiles/core/168/filelists/nano b/config/rootfiles/core/168/filelists/nano new file mode 120000 index 000000000..2f07279c0 --- /dev/null +++ b/config/rootfiles/core/168/filelists/nano @@ -0,0 +1 @@ +../../../common/nano \ No newline at end of file diff --git a/config/rootfiles/core/168/filelists/openjpeg b/config/rootfiles/core/168/filelists/openjpeg new file mode 120000 index 000000000..5b71a3c93 --- /dev/null +++ b/config/rootfiles/core/168/filelists/openjpeg @@ -0,0 +1 @@ +../../../common/openjpeg \ No newline at end of file diff --git a/config/rootfiles/core/168/filelists/openldap b/config/rootfiles/core/168/filelists/openldap new file mode 120000 index 000000000..80c324f76 --- /dev/null +++ b/config/rootfiles/core/168/filelists/openldap @@ -0,0 +1 @@ +../../../common/openldap \ No newline at end of file diff --git a/config/rootfiles/core/168/filelists/sqlite b/config/rootfiles/core/168/filelists/sqlite new file mode 120000 index 000000000..4ea569766 --- /dev/null +++ b/config/rootfiles/core/168/filelists/sqlite @@ -0,0 +1 @@ +../../../common/sqlite \ No newline at end of file diff --git a/config/rootfiles/core/168/update.sh b/config/rootfiles/core/168/update.sh index bcf253137..460d6b808 100644 --- a/config/rootfiles/core/168/update.sh +++ b/config/rootfiles/core/168/update.sh @@ -42,6 +42,7 @@ rm -rvf \ /usr/lib/libevent-1.4.so* \ /usr/lib/libevent_core-1.4.so* \ /usr/lib/libevent_extra-1.4.so* \ + /usr/lib/liblber-2.4.so* \ /usr/lib/libnl.so* \ /usr/lib/libpri.so* \ /usr/lib/libsolv.so* \ diff --git a/lfs/mpfr b/lfs/mpfr index b1c04afeb..221c9c527 100644 --- a/lfs/mpfr +++ b/lfs/mpfr @@ -70,6 +70,7 @@ $(subst %,%_BLAKE2,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/mpfr-4.1.0-cumulative-patches-1-to-13.patch cd $(DIR_APP) && $(CONFIGURE_ARGS) ./configure --prefix=/usr \ --enable-thread-safe cd $(DIR_APP) && make $(MAKETUNING) diff --git a/lfs/mtr b/lfs/mtr index aadb71d5b..dd190a90f 100644 --- a/lfs/mtr +++ b/lfs/mtr @@ -26,7 +26,7 @@ include Config
SUMMARY = Ping and Traceroute Network Diagnostic Tool
-VER = 0.94 +VER = 0.95
THISAPP = mtr-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = mtr -PAK_VER = 5 +PAK_VER = 6
DEPS =
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 08f646774eaa323861863f08aa6f91995135923f1597d26790d3dce9d617700b41120686f71105054fb7f75b558c8753119dc5431c4584d88f8bef5629e0ebfa +$(DL_FILE)_BLAKE2 = 3c972675b97945b96562802c5d0f10de963160682c93c0ea2991b72eca33d136d18948c5e746ca3dfb280ebc9c3ab154e7774f8409ed4e5f7470a8feb128e71b
install : $(TARGET)
@@ -82,6 +82,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) $(UPDATE_AUTOMAKE) + cd $(DIR_APP) && ./bootstrap.sh cd $(DIR_APP) && ./configure --prefix=/usr cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install diff --git a/lfs/multipath-tools b/lfs/multipath-tools index 3dcf1e906..61b6183f0 100644 --- a/lfs/multipath-tools +++ b/lfs/multipath-tools @@ -24,7 +24,7 @@
include Config
-VER = 386d288 +VER = 0.8.9
THISAPP = multipath-tools-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = b1cfde006416359f008c80f13f457a8eb79e4f5fd1c4dc222e8d5719f15e898e94527174c9ba28c736cb0b51870f5c4b690ed4b6ee1427673ac7d1746b79fadc +$(DL_FILE)_BLAKE2 = b5ebf3c393f6b60e85678ac07378ae07056b6777409fc1bc4f4133cdd3f8c75a3d76f6e9342208df7fed8fe7812b089eba8f6b769e47e1dd6c8b7fd321bdbd30
install : $(TARGET)
diff --git a/lfs/nano b/lfs/nano index 1d684d0b1..05e63528c 100644 --- a/lfs/nano +++ b/lfs/nano @@ -24,7 +24,7 @@
include Config
-VER = 6.2 +VER = 6.3
THISAPP = nano-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 89e75fdd222a4d5e5eceb164a3b4eaf8ad24622fae95dd142556e110a63ad1202d489b7881fc063ecc716d9a409021cd7184c70116f68aa7e188012c2510ecde +$(DL_FILE)_BLAKE2 = 92ef2acac0dacebc0bf8364bfee928a8394d8e4323e622ad6ba9d35bebd18d3976ab0ca747f7c9b5597874775b44ba4b5560e7392606aa68736158c2bda62b92
install : $(TARGET)
diff --git a/lfs/ncdu b/lfs/ncdu index 1e63a45aa..f1338f033 100644 --- a/lfs/ncdu +++ b/lfs/ncdu @@ -27,7 +27,7 @@ include Config
SUMMARY = NCurses Disk Usage
-VER = 1.16 +VER = 1.17
THISAPP = ncdu-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -35,7 +35,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = ncdu -PAK_VER = 2 +PAK_VER = 3
DEPS =
@@ -49,7 +49,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 61d004581bdcf1885bec24d0a1de4fc890fe91bba511abbdbc507a48f31946caf5c7324979e8410e53cfca8ada1b20342b737dc4e8b1f034f2fca5aea84e4369 +$(DL_FILE)_BLAKE2 = 7d36a648b8fb0a26d3b6bcc533ed8f510e7f37b3084cb585a0c785d73fd82f537e0f2f9493c3b56173eae1324255e7acf7617a1cd1614c92a3b7bf0d53b7d77f
install : $(TARGET)
diff --git a/lfs/openjpeg b/lfs/openjpeg index 0b8dec349..54fa69339 100644 --- a/lfs/openjpeg +++ b/lfs/openjpeg @@ -24,7 +24,7 @@
include Config
-VER = 2.3.1 +VER = 2.4.0
THISAPP = openjpeg-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = ecc7e573592a5302dcdbade791f6aa6e48f6791c7412fdd44976f3619c8fc0cca7d904fa42013f33ab17dd0f569a76d3c49a73eccaf0a749d34f305362367af9 +$(DL_FILE)_BLAKE2 = ab8907638ac041ce7dcbcbcd9624ea5e4b7542c9ec38a850e363c071c27c4bc8b16e207700b12e67d8d32bdd9b0838735bede27084090ce95105d32c539b09cf
install : $(TARGET)
diff --git a/lfs/openldap b/lfs/openldap index 60d46a249..195aa4af2 100644 --- a/lfs/openldap +++ b/lfs/openldap @@ -24,7 +24,7 @@
include Config
-VER = 2.4.49 +VER = 2.6.1
THISAPP = openldap-$(VER) DL_FILE = $(THISAPP).tgz @@ -42,7 +42,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = ee777588d758f6704b0d38b90feb85b27e2307510a05d1d147324e9958a6f6fc5bc7dd521a1462971c3f707429ad38fab734f508d71fd88b447770e112e844a2 +$(DL_FILE)_BLAKE2 = 08bb7ec0354d689b65673d6c4c05a3299ba4f1655cbcccb710b6c9ca66fd636d6b2d89faa8d32278d253a1647deae8b1e86e8e275b890208bfac4ca663a40523
install : $(TARGET)
@@ -72,7 +72,7 @@ $(subst %,%_BLAKE2,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openldap-2.4.49-consolidated-1.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openldap-2.6.1-consolidated-2.patch cd $(DIR_APP) && autoconf cd $(DIR_APP) && ./configure \ --prefix=/usr \ diff --git a/lfs/parted b/lfs/parted index 09a6423a9..78914aa98 100644 --- a/lfs/parted +++ b/lfs/parted @@ -26,7 +26,7 @@ include Config
SUMMARY = GNU partitioner
-VER = 3.4 +VER = 3.5
THISAPP = parted-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -35,7 +35,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP)
PROG = parted -PAK_VER = 4 +PAK_VER = 5
DEPS =
@@ -49,7 +49,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = c724d3d1490c62d440b9e5dc359fef7ff623bc77ae5f867d8905245cb279ec391fa07a1a774488ad3bf7a2c477007264d7bab2635a544be8f94dc706a654a711 +$(DL_FILE)_BLAKE2 = 5a63987f4d2c0bfd28f36112c2354f8dce7f87e962f4772bb0db34c070dd773b280959c6c33128422e8d60efe454c825401551c3c88541839b9a859a3d207f55
install : $(TARGET)
diff --git a/lfs/sqlite b/lfs/sqlite index 7986b2ce5..076943280 100644 --- a/lfs/sqlite +++ b/lfs/sqlite @@ -24,7 +24,7 @@
include Config
-VER = 3380000 +VER = 3380300
THISAPP = sqlite-autoconf-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 0b4eff73e9a7b317d080439c9e74b47a09e8809d4629a2ee31d410df2ce626d6bd6e9c5bdc5d0d4f104d981ee7b3a8a31bf2d7153932ad866f5e876c1608f6da +$(DL_FILE)_BLAKE2 = 35271246a27597ce88b4eaa1ff483b42421371737b5fe357eb6d2ad1d9c543b2d60341f7ee63f7dc95e374f61c539a607472b53881027c843b0da07704dd200f
install : $(TARGET)
diff --git a/src/patches/mpfr-4.1.0-cumulative-patches-1-to-13.patch b/src/patches/mpfr-4.1.0-cumulative-patches-1-to-13.patch new file mode 100644 index 000000000..3ecb16f1b --- /dev/null +++ b/src/patches/mpfr-4.1.0-cumulative-patches-1-to-13.patch @@ -0,0 +1,2976 @@ +diff -Naurd mpfr-4.1.0-a/PATCHES mpfr-4.1.0-b/PATCHES +--- mpfr-4.1.0-a/PATCHES 2021-02-11 12:40:40.079363480 +0000 ++++ mpfr-4.1.0-b/PATCHES 2021-02-11 12:40:40.119363040 +0000 +@@ -0,0 +1 @@ ++decimal128-conv +diff -Naurd mpfr-4.1.0-a/VERSION mpfr-4.1.0-b/VERSION +--- mpfr-4.1.0-a/VERSION 2020-07-10 11:52:33.000000000 +0000 ++++ mpfr-4.1.0-b/VERSION 2021-02-11 12:40:40.119363040 +0000 +@@ -1 +1 @@ +-4.1.0 ++4.1.0-p1 +diff -Naurd mpfr-4.1.0-a/src/get_d128.c mpfr-4.1.0-b/src/get_d128.c +--- mpfr-4.1.0-a/src/get_d128.c 2020-04-08 22:39:35.000000000 +0000 ++++ mpfr-4.1.0-b/src/get_d128.c 2021-02-11 12:40:40.103363216 +0000 +@@ -40,22 +40,21 @@ + static _Decimal128 + get_decimal128_nan (void) + { +- return (_Decimal128) MPFR_DBL_NAN; ++ return 0.0dl / 0.0dl; + } + + /* construct the decimal128 Inf with given sign */ + static _Decimal128 + get_decimal128_inf (int negative) + { +- return (_Decimal128) (negative ? MPFR_DBL_INFM : MPFR_DBL_INFP); ++ return negative ? - 1.0dl / 0.0dl : 1.0dl / 0.0dl; + } + + /* construct the decimal128 zero with given sign */ + static _Decimal128 + get_decimal128_zero (int negative) + { +- _Decimal128 zero = 0; +- return (_Decimal128) (negative ? -zero : zero); ++ return negative ? - 0.0dl : 0.0dl; + } + + /* construct the decimal128 smallest non-zero with given sign: +diff -Naurd mpfr-4.1.0-a/src/mpfr.h mpfr-4.1.0-b/src/mpfr.h +--- mpfr-4.1.0-a/src/mpfr.h 2020-07-10 11:52:33.000000000 +0000 ++++ mpfr-4.1.0-b/src/mpfr.h 2021-02-11 12:40:40.115363084 +0000 +@@ -27,7 +27,7 @@ + #define MPFR_VERSION_MAJOR 4 + #define MPFR_VERSION_MINOR 1 + #define MPFR_VERSION_PATCHLEVEL 0 +-#define MPFR_VERSION_STRING "4.1.0" ++#define MPFR_VERSION_STRING "4.1.0-p1" + + /* User macros: + MPFR_USE_FILE: Define it to make MPFR define functions dealing +diff -Naurd mpfr-4.1.0-a/src/version.c mpfr-4.1.0-b/src/version.c +--- mpfr-4.1.0-a/src/version.c 2020-07-10 11:52:33.000000000 +0000 ++++ mpfr-4.1.0-b/src/version.c 2021-02-11 12:40:40.119363040 +0000 +@@ -25,5 +25,5 @@ + const char * + mpfr_get_version (void) + { +- return "4.1.0"; ++ return "4.1.0-p1"; + } +diff -Naurd mpfr-4.1.0-a/PATCHES mpfr-4.1.0-b/PATCHES +--- mpfr-4.1.0-a/PATCHES 2021-02-11 12:43:51.761257868 +0000 ++++ mpfr-4.1.0-b/PATCHES 2021-02-11 12:43:51.801257430 +0000 +@@ -0,0 +1 @@ ++random_deviate +diff -Naurd mpfr-4.1.0-a/VERSION mpfr-4.1.0-b/VERSION +--- mpfr-4.1.0-a/VERSION 2021-02-11 12:40:40.119363040 +0000 ++++ mpfr-4.1.0-b/VERSION 2021-02-11 12:43:51.801257430 +0000 +@@ -1 +1 @@ +-4.1.0-p1 ++4.1.0-p2 +diff -Naurd mpfr-4.1.0-a/src/mpfr.h mpfr-4.1.0-b/src/mpfr.h +--- mpfr-4.1.0-a/src/mpfr.h 2021-02-11 12:40:40.115363084 +0000 ++++ mpfr-4.1.0-b/src/mpfr.h 2021-02-11 12:43:51.801257430 +0000 +@@ -27,7 +27,7 @@ + #define MPFR_VERSION_MAJOR 4 + #define MPFR_VERSION_MINOR 1 + #define MPFR_VERSION_PATCHLEVEL 0 +-#define MPFR_VERSION_STRING "4.1.0-p1" ++#define MPFR_VERSION_STRING "4.1.0-p2" + + /* User macros: + MPFR_USE_FILE: Define it to make MPFR define functions dealing +diff -Naurd mpfr-4.1.0-a/src/random_deviate.c mpfr-4.1.0-b/src/random_deviate.c +--- mpfr-4.1.0-a/src/random_deviate.c 2020-01-08 18:11:13.000000000 +0000 ++++ mpfr-4.1.0-b/src/random_deviate.c 2021-02-11 12:43:51.789257562 +0000 +@@ -289,6 +289,7 @@ + mpfr_random_size_t p = mpfr_get_prec (z); /* Number of bits in result */ + mpz_t t; + int inex; ++ mpfr_exp_t negxe; + + if (n == 0) + { +@@ -370,14 +371,22 @@ + mpz_setbit (t, 0); /* Set the trailing bit so result is always inexact */ + if (neg) + mpz_neg (t, t); +- /* Is -x->e representable as a mpfr_exp_t? */ +- MPFR_ASSERTN (x->e <= (mpfr_uexp_t)(-1) >> 1); ++ /* Portable version of the negation of x->e, with a check of overflow. */ ++ if (MPFR_UNLIKELY (x->e > MPFR_EXP_MAX)) ++ { ++ /* Overflow, except when x->e = MPFR_EXP_MAX + 1 = - MPFR_EXP_MIN. */ ++ MPFR_ASSERTN (MPFR_EXP_MIN + MPFR_EXP_MAX == -1 && ++ x->e == (mpfr_random_size_t) MPFR_EXP_MAX + 1); ++ negxe = MPFR_EXP_MIN; ++ } ++ else ++ negxe = - (mpfr_exp_t) x->e; + /* + * Let mpfr_set_z_2exp do all the work of rounding to the requested + * precision, setting overflow/underflow flags, and returning the right + * inexact value. + */ +- inex = mpfr_set_z_2exp (z, t, -x->e, rnd); ++ inex = mpfr_set_z_2exp (z, t, negxe, rnd); + mpz_clear (t); + return inex; + } +diff -Naurd mpfr-4.1.0-a/src/version.c mpfr-4.1.0-b/src/version.c +--- mpfr-4.1.0-a/src/version.c 2021-02-11 12:40:40.119363040 +0000 ++++ mpfr-4.1.0-b/src/version.c 2021-02-11 12:43:51.801257430 +0000 +@@ -25,5 +25,5 @@ + const char * + mpfr_get_version (void) + { +- return "4.1.0-p1"; ++ return "4.1.0-p2"; + } +diff -Naurd mpfr-4.1.0-a/PATCHES mpfr-4.1.0-b/PATCHES +--- mpfr-4.1.0-a/PATCHES 2021-02-11 12:46:49.075316772 +0000 ++++ mpfr-4.1.0-b/PATCHES 2021-02-11 12:46:49.115316335 +0000 +@@ -0,0 +1 @@ ++set_z_2exp-overflow +diff -Naurd mpfr-4.1.0-a/VERSION mpfr-4.1.0-b/VERSION +--- mpfr-4.1.0-a/VERSION 2021-02-11 12:43:51.801257430 +0000 ++++ mpfr-4.1.0-b/VERSION 2021-02-11 12:46:49.115316335 +0000 +@@ -1 +1 @@ +-4.1.0-p2 ++4.1.0-p3 +diff -Naurd mpfr-4.1.0-a/src/mpfr.h mpfr-4.1.0-b/src/mpfr.h +--- mpfr-4.1.0-a/src/mpfr.h 2021-02-11 12:43:51.801257430 +0000 ++++ mpfr-4.1.0-b/src/mpfr.h 2021-02-11 12:46:49.115316335 +0000 +@@ -27,7 +27,7 @@ + #define MPFR_VERSION_MAJOR 4 + #define MPFR_VERSION_MINOR 1 + #define MPFR_VERSION_PATCHLEVEL 0 +-#define MPFR_VERSION_STRING "4.1.0-p2" ++#define MPFR_VERSION_STRING "4.1.0-p3" + + /* User macros: + MPFR_USE_FILE: Define it to make MPFR define functions dealing +diff -Naurd mpfr-4.1.0-a/src/set_z_exp.c mpfr-4.1.0-b/src/set_z_exp.c +--- mpfr-4.1.0-a/src/set_z_exp.c 2020-01-08 18:11:13.000000000 +0000 ++++ mpfr-4.1.0-b/src/set_z_exp.c 2021-02-11 12:46:49.103316466 +0000 +@@ -28,10 +28,11 @@ + int + mpfr_set_z_2exp (mpfr_ptr f, mpz_srcptr z, mpfr_exp_t e, mpfr_rnd_t rnd_mode) + { +- mp_size_t fn, zn, dif, en; ++ mp_size_t fn, zn, dif; + int k, sign_z, inex; + mp_limb_t *fp, *zp; +- mpfr_exp_t exp; ++ mpfr_exp_t exp, nmax; ++ mpfr_uexp_t uexp; + + sign_z = mpz_sgn (z); + if (MPFR_UNLIKELY (sign_z == 0)) /* ignore the exponent for 0 */ +@@ -43,10 +44,15 @@ + MPFR_ASSERTD (sign_z == MPFR_SIGN_POS || sign_z == MPFR_SIGN_NEG); + + zn = ABSIZ(z); /* limb size of z */ +- /* compute en = floor(e/GMP_NUMB_BITS) */ +- en = (e >= 0) ? e / GMP_NUMB_BITS : (e + 1) / GMP_NUMB_BITS - 1; + MPFR_ASSERTD (zn >= 1); +- if (MPFR_UNLIKELY (zn + en > MPFR_EMAX_MAX / GMP_NUMB_BITS + 1)) ++ nmax = MPFR_EMAX_MAX / GMP_NUMB_BITS + 1; ++ /* Detect early overflow with zn + en > nmax, ++ where en = floor(e / GMP_NUMB_BITS). ++ This is checked without an integer overflow (even assuming some ++ future version of GMP, where limitations may be removed). */ ++ if (MPFR_UNLIKELY (e >= 0 ? ++ zn > nmax - e / GMP_NUMB_BITS : ++ zn + (e + 1) / GMP_NUMB_BITS - 1 > nmax)) + return mpfr_overflow (f, rnd_mode, sign_z); + /* because zn + en >= MPFR_EMAX_MAX / GMP_NUMB_BITS + 2 + implies (zn + en) * GMP_NUMB_BITS >= MPFR_EMAX_MAX + GMP_NUMB_BITS + 1 +@@ -64,8 +70,21 @@ + and exp = zn * GMP_NUMB_BITS + e - k + <= (zn + en) * GMP_NUMB_BITS - k + GMP_NUMB_BITS - 1 + <= MPFR_EMAX_MAX + 2 * GMP_NUMB_BITS - 1 */ +- exp = (mpfr_prec_t) zn * GMP_NUMB_BITS + e - k; ++ /* We need to compute exp = zn * GMP_NUMB_BITS + e - k with well-defined ++ operations (no integer overflows / no implementation-defined results). ++ The mathematical result of zn * GMP_NUMB_BITS may be larger than ++ the largest value of mpfr_exp_t while exp could still be less than ++ __gmpfr_emax. Thanks to early overflow detection, we can compute the ++ result in modular arithmetic, using mpfr_uexp_t, and convert it to ++ mpfr_exp_t. */ ++ uexp = (mpfr_uexp_t) zn * GMP_NUMB_BITS + (mpfr_uexp_t) e - k; ++ ++ /* Convert to signed in a portable way (see doc/README.dev). ++ On most platforms, this can be optimized to identity (no-op). */ ++ exp = uexp > MPFR_EXP_MAX ? -1 - (mpfr_exp_t) ~uexp : (mpfr_exp_t) uexp; ++ + /* The exponent will be exp or exp + 1 (due to rounding) */ ++ + if (MPFR_UNLIKELY (exp > __gmpfr_emax)) + return mpfr_overflow (f, rnd_mode, sign_z); + if (MPFR_UNLIKELY (exp + 1 < __gmpfr_emin)) +diff -Naurd mpfr-4.1.0-a/src/version.c mpfr-4.1.0-b/src/version.c +--- mpfr-4.1.0-a/src/version.c 2021-02-11 12:43:51.801257430 +0000 ++++ mpfr-4.1.0-b/src/version.c 2021-02-11 12:46:49.115316335 +0000 +@@ -25,5 +25,5 @@ + const char * + mpfr_get_version (void) + { +- return "4.1.0-p2"; ++ return "4.1.0-p3"; + } +diff -Naurd mpfr-4.1.0-a/tests/tset_z_exp.c mpfr-4.1.0-b/tests/tset_z_exp.c +--- mpfr-4.1.0-a/tests/tset_z_exp.c 2020-01-08 18:11:13.000000000 +0000 ++++ mpfr-4.1.0-b/tests/tset_z_exp.c 2021-02-11 12:46:49.103316466 +0000 +@@ -97,49 +97,149 @@ + mpfr_get_si is a rather indirect test of a low level routine. */ + + static void +-check (long i, mpfr_rnd_t rnd) ++check (long i, mpfr_rnd_t rnd, int reduced) + { +- mpfr_t f; ++ mpfr_t f1, f2, f3; + mpz_t z; +- mpfr_exp_t e; ++ mpfr_exp_t e, old_emin, old_emax; + int inex; ++ mpfr_flags_t flags; ++ ++ old_emin = mpfr_get_emin (); ++ old_emax = mpfr_get_emax (); + + /* using CHAR_BIT * sizeof(long) bits of precision ensures that + mpfr_set_z_2exp is exact below */ +- mpfr_init2 (f, CHAR_BIT * sizeof(long)); ++ mpfr_inits2 (CHAR_BIT * sizeof(long), f1, f2, f3, (mpfr_ptr) 0); + mpz_init (z); + mpz_set_ui (z, i); + /* the following loop ensures that no overflow occurs */ + do + e = randexp (); + while (e > mpfr_get_emax () - CHAR_BIT * sizeof(long)); +- inex = mpfr_set_z_2exp (f, z, e, rnd); +- if (inex != 0) ++ ++ mpfr_clear_flags (); ++ inex = mpfr_set_z_2exp (f1, z, e, rnd); ++ flags = __gmpfr_flags; ++ ++ if (inex != 0 || flags != 0 || ++ (mpfr_div_2si (f2, f1, e, rnd), mpfr_get_si (f2, MPFR_RNDZ) != i)) + { +- printf ("Error in mpfr_set_z_2exp for i=%ld, e=%ld," +- " wrong ternary value\n", i, (long) e); +- printf ("expected 0, got %d\n", inex); ++ printf ("Error in mpfr_set_z_2exp for i=%ld e=%" MPFR_EXP_FSPEC ++ "d rnd_mode=%d\n", i, (mpfr_eexp_t) e, rnd); ++ mpfr_set_si_2exp (f2, i, e, MPFR_RNDN); ++ printf ("expected "); mpfr_dump (f2); ++ printf ("with inex = %d and flags =", 0); ++ flags_out (0); ++ printf ("got "); mpfr_dump (f1); ++ printf ("with inex = %d and flags =", inex); ++ flags_out (flags); + exit (1); + } +- mpfr_div_2si (f, f, e, rnd); +- if (mpfr_get_si (f, MPFR_RNDZ) != i) ++ ++ if (reduced) + { +- printf ("Error in mpfr_set_z_2exp for i=%ld e=", i); +- if (e < LONG_MIN) +- printf ("(<LONG_MIN)"); +- else if (e > LONG_MAX) +- printf ("(>LONG_MAX)"); +- else +- printf ("%ld", (long) e); +- printf (" rnd_mode=%d\n", rnd); +- printf ("expected %ld\n", i); +- printf ("got "); mpfr_dump (f); +- exit (1); ++ mpfr_exp_t ef, emin, emax; ++ int inex2, inex3; ++ mpfr_flags_t flags2, flags3; ++ ++ ef = i == 0 ? 0 : mpfr_get_exp (f1); ++ for (emin = ef - 2; emin <= ef + 2; emin++) ++ for (emax = emin; emax <= ef + 2; emax++) ++ { ++ inex3 = mpfr_set (f3, f1, rnd); ++ MPFR_ASSERTN (inex3 == 0); ++ mpfr_set_emin (emin); ++ mpfr_set_emax (emax); ++ mpfr_clear_flags (); ++ inex2 = mpfr_set_z_2exp (f2, z, e, rnd); ++ flags2 = __gmpfr_flags; ++ mpfr_clear_flags (); ++ inex3 = mpfr_check_range (f3, 0, rnd); ++ flags3 = __gmpfr_flags; ++ if (!(mpfr_equal_p (f2, f3) && ++ SAME_SIGN (inex2, inex3) && ++ flags2 == flags3)) ++ { ++ printf ("Error in mpfr_set_z_2exp for i=%ld e=%" ++ MPFR_EXP_FSPEC "d rnd_mode=%d\nand emin=%" ++ MPFR_EXP_FSPEC "d emax=%" MPFR_EXP_FSPEC ++ "d\n", i, (mpfr_eexp_t) e, rnd, ++ (mpfr_eexp_t) emin, (mpfr_eexp_t) emax); ++ printf ("expected "); mpfr_dump (f3); ++ printf ("with inex = %d and flags =", inex3); ++ flags_out (flags3); ++ printf ("got "); mpfr_dump (f2); ++ printf ("with inex = %d and flags =", inex2); ++ flags_out (flags2); ++ exit (1); ++ } ++ } ++ mpfr_set_emin (old_emin); ++ mpfr_set_emax (old_emax); + } +- mpfr_clear (f); ++ ++ mpfr_clears (f1, f2, f3, (mpfr_ptr) 0); + mpz_clear (z); + } + ++static void ++check_huge (void) ++{ ++ if (getenv ("MPFR_CHECK_LARGEMEM") != NULL) ++ { ++ mpfr_t x; ++ mpz_t z; ++ long e; ++ ++ /* Increase tests_memory_limit to the maximum in order to avoid ++ an obvious failure due to insufficient memory. */ ++ tests_memory_limit = (size_t) -1; /* no memory limit */ ++ ++ mpfr_init2 (x, 32); ++ ++ /* In r14140, with a 32-bit ABI (GCC's -m32): ++ - With UBsan (-fsanitize=undefined -fno-sanitize-recover), ++ this fails with: ++ set_z_2exp.c:71:26: runtime error: signed integer overflow: ++ 67108864 * 32 cannot be represented in type 'long int' ++ - With -D_MPFR_EXP_FORMAT=4, this fails with: ++ Expected 0.10001000000000000000000000000000E5 ++ Got 0 ++ */ ++ mpz_init_set_ui (z, 17); ++ e = 0x7ffffff0; ++ mpz_mul_2exp (z, z, e); ++ mpz_add_ui (z, z, 1); ++ mpfr_set_z_2exp (x, z, -e, MPFR_RNDN); ++ if (mpfr_cmp_ui0 (x, 17) != 0) ++ { ++ printf ("Error 1 in check_huge\n"); ++ printf ("Expected 0.10001000000000000000000000000000E5\n"); ++ printf ("Got "); ++ mpfr_dump (x); ++ exit (1); ++ } ++ mpz_clear (z); ++ ++ mpz_init_set_ui (z, 17); ++ mpz_mul_2exp (z, z, 0xffffffb0); ++ mpz_add_ui (z, z, 1); ++ mpfr_set_z_2exp (x, z, -1, MPFR_RNDN); ++ if (! MPFR_IS_INF (x) || MPFR_IS_NEG (x)) ++ { ++ printf ("Error 2 in check_huge\n"); ++ printf ("Expected @Inf@\n"); ++ printf ("Got "); ++ mpfr_dump (x); ++ exit (1); ++ } ++ mpz_clear (z); ++ ++ mpfr_clear (x); ++ } ++} ++ + int + main (int argc, char *argv[]) + { +@@ -147,11 +247,13 @@ + + tests_start_mpfr (); + +- check (0, MPFR_RNDN); ++ check (0, MPFR_RNDN, 0); + for (j = 0; j < 200000; j++) +- check (randlimb () & LONG_MAX, RND_RAND ()); ++ check (randlimb () & LONG_MAX, RND_RAND (), j < 200); + check0 (); + ++ check_huge (); ++ + tests_end_mpfr (); + + return 0; +diff -Naurd mpfr-4.1.0-a/PATCHES mpfr-4.1.0-b/PATCHES +--- mpfr-4.1.0-a/PATCHES 2021-02-11 12:48:27.322243271 +0000 ++++ mpfr-4.1.0-b/PATCHES 2021-02-11 12:48:27.370242746 +0000 +@@ -0,0 +1 @@ ++prototypes +diff -Naurd mpfr-4.1.0-a/VERSION mpfr-4.1.0-b/VERSION +--- mpfr-4.1.0-a/VERSION 2021-02-11 12:46:49.115316335 +0000 ++++ mpfr-4.1.0-b/VERSION 2021-02-11 12:48:27.370242746 +0000 +@@ -1 +1 @@ +-4.1.0-p3 ++4.1.0-p4 +diff -Naurd mpfr-4.1.0-a/src/atan.c mpfr-4.1.0-b/src/atan.c +--- mpfr-4.1.0-a/src/atan.c 2020-04-22 15:27:07.000000000 +0000 ++++ mpfr-4.1.0-b/src/atan.c 2021-02-11 12:48:27.354242922 +0000 +@@ -56,7 +56,7 @@ + }; + + static void +-set_table (mpfr_t y, const mp_limb_t x[3]) ++set_table (mpfr_ptr y, const mp_limb_t x[3]) + { + mpfr_prec_t p = MPFR_PREC(y); + mp_size_t n = MPFR_PREC2LIMBS(p); +diff -Naurd mpfr-4.1.0-a/src/const_euler.c mpfr-4.1.0-b/src/const_euler.c +--- mpfr-4.1.0-a/src/const_euler.c 2020-01-08 18:11:13.000000000 +0000 ++++ mpfr-4.1.0-b/src/const_euler.c 2021-02-11 12:48:27.354242922 +0000 +@@ -181,7 +181,7 @@ + } + + int +-mpfr_const_euler_internal (mpfr_t x, mpfr_rnd_t rnd) ++mpfr_const_euler_internal (mpfr_ptr x, mpfr_rnd_t rnd) + { + mpfr_const_euler_bs_t sum; + mpz_t t, u, v; +diff -Naurd mpfr-4.1.0-a/src/eint.c mpfr-4.1.0-b/src/eint.c +--- mpfr-4.1.0-a/src/eint.c 2020-03-09 15:31:45.000000000 +0000 ++++ mpfr-4.1.0-b/src/eint.c 2021-02-11 12:48:27.354242922 +0000 +@@ -36,7 +36,7 @@ + Return PREC(y) when the truncated series does not converge. + */ + static mpfr_exp_t +-mpfr_eint_aux (mpfr_t y, mpfr_srcptr x) ++mpfr_eint_aux (mpfr_ptr y, mpfr_srcptr x) + { + mpfr_t eps; /* dynamic (absolute) error bound on t */ + mpfr_t erru, errs; +diff -Naurd mpfr-4.1.0-a/src/erandom.c mpfr-4.1.0-b/src/erandom.c +--- mpfr-4.1.0-a/src/erandom.c 2020-01-08 18:11:13.000000000 +0000 ++++ mpfr-4.1.0-b/src/erandom.c 2021-02-11 12:48:27.354242922 +0000 +@@ -80,7 +80,7 @@ + + /* return an exponential random deviate with mean 1 as a MPFR */ + int +-mpfr_erandom (mpfr_t z, gmp_randstate_t r, mpfr_rnd_t rnd) ++mpfr_erandom (mpfr_ptr z, gmp_randstate_t r, mpfr_rnd_t rnd) + { + mpfr_random_deviate_t x, p, q; + int inex; +diff -Naurd mpfr-4.1.0-a/src/fpif.c mpfr-4.1.0-b/src/fpif.c +--- mpfr-4.1.0-a/src/fpif.c 2020-01-08 18:11:13.000000000 +0000 ++++ mpfr-4.1.0-b/src/fpif.c 2021-02-11 12:48:27.354242922 +0000 +@@ -291,7 +291,8 @@ + * until one has integer types larger than 128 bits). + */ + static unsigned char* +-mpfr_fpif_store_exponent (unsigned char *buffer, size_t *buffer_size, mpfr_t x) ++mpfr_fpif_store_exponent (unsigned char *buffer, size_t *buffer_size, ++ mpfr_ptr x) + { + unsigned char *result; + mpfr_uexp_t uexp; +@@ -372,7 +373,7 @@ + * than 128 bits). + */ + static int +-mpfr_fpif_read_exponent_from_file (mpfr_t x, FILE * fh) ++mpfr_fpif_read_exponent_from_file (mpfr_ptr x, FILE * fh) + { + mpfr_exp_t exponent; + mpfr_uexp_t uexp; +@@ -456,7 +457,7 @@ + * format + */ + static unsigned char* +-mpfr_fpif_store_limbs (unsigned char *buffer, size_t *buffer_size, mpfr_t x) ++mpfr_fpif_store_limbs (unsigned char *buffer, size_t *buffer_size, mpfr_ptr x) + { + unsigned char *result; + mpfr_prec_t precision; +@@ -492,7 +493,7 @@ + * Assume buffer is not NULL. + */ + static void +-mpfr_fpif_read_limbs (mpfr_t x, unsigned char *buffer, size_t nb_byte) ++mpfr_fpif_read_limbs (mpfr_ptr x, unsigned char *buffer, size_t nb_byte) + { + size_t mp_bytes_per_limb; + size_t nb_partial_byte; +@@ -522,7 +523,7 @@ + * return 0 if successful + */ + int +-mpfr_fpif_export (FILE *fh, mpfr_t x) ++mpfr_fpif_export (FILE *fh, mpfr_ptr x) + { + int status; + unsigned char *buf; +@@ -582,7 +583,7 @@ + * Return 0 if the import was successful. + */ + int +-mpfr_fpif_import (mpfr_t x, FILE *fh) ++mpfr_fpif_import (mpfr_ptr x, FILE *fh) + { + int status; + mpfr_prec_t precision; +diff -Naurd mpfr-4.1.0-a/src/li2.c mpfr-4.1.0-b/src/li2.c +--- mpfr-4.1.0-a/src/li2.c 2020-01-08 18:11:13.000000000 +0000 ++++ mpfr-4.1.0-b/src/li2.c 2021-02-11 12:48:27.354242922 +0000 +@@ -31,7 +31,7 @@ + for determinating the relative error. + */ + static int +-li2_series (mpfr_t sum, mpfr_srcptr z, mpfr_rnd_t rnd_mode) ++li2_series (mpfr_ptr sum, mpfr_srcptr z, mpfr_rnd_t rnd_mode) + { + int i; + mpfr_t s, u, v, w; +diff -Naurd mpfr-4.1.0-a/src/lngamma.c mpfr-4.1.0-b/src/lngamma.c +--- mpfr-4.1.0-a/src/lngamma.c 2020-01-08 18:11:13.000000000 +0000 ++++ mpfr-4.1.0-b/src/lngamma.c 2021-02-11 12:48:27.354242922 +0000 +@@ -31,7 +31,7 @@ + precision should be >= 4. + */ + static void +-mpfr_gamma_alpha (mpfr_t s, mpfr_prec_t p) ++mpfr_gamma_alpha (mpfr_ptr s, mpfr_prec_t p) + { + MPFR_LOG_FUNC + (("p=%Pu", p), +diff -Naurd mpfr-4.1.0-a/src/mpfr-impl.h mpfr-4.1.0-b/src/mpfr-impl.h +--- mpfr-4.1.0-a/src/mpfr-impl.h 2020-06-10 21:50:12.000000000 +0000 ++++ mpfr-4.1.0-b/src/mpfr-impl.h 2021-02-11 12:48:27.354242922 +0000 +@@ -2474,7 +2474,8 @@ + __MPFR_DECLSPEC mpz_srcptr mpfr_bernoulli_cache (unsigned long); + __MPFR_DECLSPEC void mpfr_bernoulli_freecache (void); + +-__MPFR_DECLSPEC int mpfr_sincos_fast (mpfr_t, mpfr_t, mpfr_srcptr, mpfr_rnd_t); ++__MPFR_DECLSPEC int mpfr_sincos_fast (mpfr_ptr, mpfr_ptr, mpfr_srcptr, ++ mpfr_rnd_t); + + __MPFR_DECLSPEC double mpfr_scale2 (double, int); + +@@ -2485,7 +2486,7 @@ + mpfr_prec_t); + + __MPFR_DECLSPEC void mpfr_mpz_init (mpz_ptr); +-__MPFR_DECLSPEC void mpfr_mpz_init2 (mpz_t, mp_bitcnt_t); ++__MPFR_DECLSPEC void mpfr_mpz_init2 (mpz_ptr, mp_bitcnt_t); + __MPFR_DECLSPEC void mpfr_mpz_clear (mpz_ptr); + + __MPFR_DECLSPEC int mpfr_odd_p (mpfr_srcptr); +diff -Naurd mpfr-4.1.0-a/src/mpfr.h mpfr-4.1.0-b/src/mpfr.h +--- mpfr-4.1.0-a/src/mpfr.h 2021-02-11 12:46:49.115316335 +0000 ++++ mpfr-4.1.0-b/src/mpfr.h 2021-02-11 12:48:27.366242791 +0000 +@@ -27,7 +27,7 @@ + #define MPFR_VERSION_MAJOR 4 + #define MPFR_VERSION_MINOR 1 + #define MPFR_VERSION_PATCHLEVEL 0 +-#define MPFR_VERSION_STRING "4.1.0-p3" ++#define MPFR_VERSION_STRING "4.1.0-p4" + + /* User macros: + MPFR_USE_FILE: Define it to make MPFR define functions dealing +@@ -781,8 +781,8 @@ + __MPFR_DECLSPEC int mpfr_strtofr (mpfr_ptr, const char *, char **, int, + mpfr_rnd_t); + +-__MPFR_DECLSPEC void mpfr_round_nearest_away_begin (mpfr_t); +-__MPFR_DECLSPEC int mpfr_round_nearest_away_end (mpfr_t, int); ++__MPFR_DECLSPEC void mpfr_round_nearest_away_begin (mpfr_ptr); ++__MPFR_DECLSPEC int mpfr_round_nearest_away_end (mpfr_ptr, int); + + __MPFR_DECLSPEC size_t mpfr_custom_get_size (mpfr_prec_t); + __MPFR_DECLSPEC void mpfr_custom_init (void *, mpfr_prec_t); +@@ -1080,10 +1080,12 @@ + #define mpfr_set_uj_2exp __gmpfr_set_uj_2exp + #define mpfr_get_sj __gmpfr_mpfr_get_sj + #define mpfr_get_uj __gmpfr_mpfr_get_uj +-__MPFR_DECLSPEC int mpfr_set_sj (mpfr_t, intmax_t, mpfr_rnd_t); +-__MPFR_DECLSPEC int mpfr_set_sj_2exp (mpfr_t, intmax_t, intmax_t, mpfr_rnd_t); +-__MPFR_DECLSPEC int mpfr_set_uj (mpfr_t, uintmax_t, mpfr_rnd_t); +-__MPFR_DECLSPEC int mpfr_set_uj_2exp (mpfr_t, uintmax_t, intmax_t, mpfr_rnd_t); ++__MPFR_DECLSPEC int mpfr_set_sj (mpfr_ptr, intmax_t, mpfr_rnd_t); ++__MPFR_DECLSPEC int mpfr_set_sj_2exp (mpfr_ptr, intmax_t, intmax_t, ++ mpfr_rnd_t); ++__MPFR_DECLSPEC int mpfr_set_uj (mpfr_ptr, uintmax_t, mpfr_rnd_t); ++__MPFR_DECLSPEC int mpfr_set_uj_2exp (mpfr_ptr, uintmax_t, intmax_t, ++ mpfr_rnd_t); + __MPFR_DECLSPEC intmax_t mpfr_get_sj (mpfr_srcptr, mpfr_rnd_t); + __MPFR_DECLSPEC uintmax_t mpfr_get_uj (mpfr_srcptr, mpfr_rnd_t); + +diff -Naurd mpfr-4.1.0-a/src/nrandom.c mpfr-4.1.0-b/src/nrandom.c +--- mpfr-4.1.0-a/src/nrandom.c 2020-01-08 18:11:13.000000000 +0000 ++++ mpfr-4.1.0-b/src/nrandom.c 2021-02-11 12:48:27.354242922 +0000 +@@ -155,7 +155,7 @@ + + /* return a normal random deviate with mean 0 and variance 1 as a MPFR */ + int +-mpfr_nrandom (mpfr_t z, gmp_randstate_t r, mpfr_rnd_t rnd) ++mpfr_nrandom (mpfr_ptr z, gmp_randstate_t r, mpfr_rnd_t rnd) + { + mpfr_random_deviate_t x, p, q; + int inex; +diff -Naurd mpfr-4.1.0-a/src/pool.c mpfr-4.1.0-b/src/pool.c +--- mpfr-4.1.0-a/src/pool.c 2020-01-08 18:11:13.000000000 +0000 ++++ mpfr-4.1.0-b/src/pool.c 2021-02-11 12:48:27.354242922 +0000 +@@ -35,7 +35,7 @@ + static MPFR_THREAD_ATTR __mpz_struct mpz_tab[MPFR_POOL_NENTRIES]; + + MPFR_HOT_FUNCTION_ATTR void +-mpfr_mpz_init (mpz_t z) ++mpfr_mpz_init (mpz_ptr z) + { + if (MPFR_LIKELY (n_alloc > 0)) + { +@@ -54,7 +54,7 @@ + } + + MPFR_HOT_FUNCTION_ATTR void +-mpfr_mpz_init2 (mpz_t z, mp_bitcnt_t n) ++mpfr_mpz_init2 (mpz_ptr z, mp_bitcnt_t n) + { + /* The condition on n is used below as the argument n will be ignored if + the mpz_t is obtained from the MPFR stack of previously used mpz_t. +@@ -82,7 +82,7 @@ + + + MPFR_HOT_FUNCTION_ATTR void +-mpfr_mpz_clear (mpz_t z) ++mpfr_mpz_clear (mpz_ptr z) + { + /* We only put objects with at most MPFR_POOL_MAX_SIZE in the mpz_t pool, + to avoid it takes too much memory (and anyway the speedup is mainly +diff -Naurd mpfr-4.1.0-a/src/random_deviate.c mpfr-4.1.0-b/src/random_deviate.c +--- mpfr-4.1.0-a/src/random_deviate.c 2021-02-11 12:43:51.789257562 +0000 ++++ mpfr-4.1.0-b/src/random_deviate.c 2021-02-11 12:48:27.354242922 +0000 +@@ -64,7 +64,7 @@ + + /* allocate and set to (0,1) */ + void +-mpfr_random_deviate_init (mpfr_random_deviate_t x) ++mpfr_random_deviate_init (mpfr_random_deviate_ptr x) + { + mpz_init (x->f); + x->e = 0; +@@ -72,21 +72,22 @@ + + /* reset to (0,1) */ + void +-mpfr_random_deviate_reset (mpfr_random_deviate_t x) ++mpfr_random_deviate_reset (mpfr_random_deviate_ptr x) + { + x->e = 0; + } + + /* deallocate */ + void +-mpfr_random_deviate_clear (mpfr_random_deviate_t x) ++mpfr_random_deviate_clear (mpfr_random_deviate_ptr x) + { + mpz_clear (x->f); + } + + /* swap two random deviates */ + void +-mpfr_random_deviate_swap (mpfr_random_deviate_t x, mpfr_random_deviate_t y) ++mpfr_random_deviate_swap (mpfr_random_deviate_ptr x, ++ mpfr_random_deviate_ptr y) + { + mpfr_random_size_t s; + unsigned long t; +@@ -107,7 +108,7 @@ + + /* ensure x has at least k bits */ + static void +-random_deviate_generate (mpfr_random_deviate_t x, mpfr_random_size_t k, ++random_deviate_generate (mpfr_random_deviate_ptr x, mpfr_random_size_t k, + gmp_randstate_t r, mpz_t t) + { + /* Various compile time checks on mpfr_random_deviate_t */ +@@ -223,7 +224,7 @@ + + /* return position of leading bit, counting from 1 */ + static mpfr_random_size_t +-random_deviate_leading_bit (mpfr_random_deviate_t x, gmp_randstate_t r) ++random_deviate_leading_bit (mpfr_random_deviate_ptr x, gmp_randstate_t r) + { + mpfr_random_size_t l; + random_deviate_generate (x, W, r, 0); +@@ -243,7 +244,7 @@ + + /* return kth bit of fraction, representing 2^-k */ + int +-mpfr_random_deviate_tstbit (mpfr_random_deviate_t x, mpfr_random_size_t k, ++mpfr_random_deviate_tstbit (mpfr_random_deviate_ptr x, mpfr_random_size_t k, + gmp_randstate_t r) + { + if (k == 0) +@@ -256,7 +257,8 @@ + + /* compare two random deviates, x < y */ + int +-mpfr_random_deviate_less (mpfr_random_deviate_t x, mpfr_random_deviate_t y, ++mpfr_random_deviate_less (mpfr_random_deviate_ptr x, ++ mpfr_random_deviate_ptr y, + gmp_randstate_t r) + { + mpfr_random_size_t k = 1; +@@ -280,7 +282,7 @@ + /* set mpfr_t z = (neg ? -1 : 1) * (n + x) */ + int + mpfr_random_deviate_value (int neg, unsigned long n, +- mpfr_random_deviate_t x, mpfr_t z, ++ mpfr_random_deviate_ptr x, mpfr_ptr z, + gmp_randstate_t r, mpfr_rnd_t rnd) + { + /* r is used to add as many bits as necessary to match the precision of z */ +diff -Naurd mpfr-4.1.0-a/src/random_deviate.h mpfr-4.1.0-b/src/random_deviate.h +--- mpfr-4.1.0-a/src/random_deviate.h 2020-01-08 18:11:13.000000000 +0000 ++++ mpfr-4.1.0-b/src/random_deviate.h 2021-02-11 12:48:27.354242922 +0000 +@@ -76,7 +76,7 @@ + /* set mpfr_t z = (neg ? -1 : 1) * (n + x) */ + __MPFR_DECLSPEC int + mpfr_random_deviate_value (int, unsigned long, +- mpfr_random_deviate_ptr, mpfr_t, ++ mpfr_random_deviate_ptr, mpfr_ptr, + gmp_randstate_t, mpfr_rnd_t); + + #if defined(__cplusplus) +diff -Naurd mpfr-4.1.0-a/src/rndna.c mpfr-4.1.0-b/src/rndna.c +--- mpfr-4.1.0-a/src/rndna.c 2020-01-08 18:11:13.000000000 +0000 ++++ mpfr-4.1.0-b/src/rndna.c 2021-02-11 12:48:27.354242922 +0000 +@@ -61,7 +61,7 @@ + and prepares rop to give it one more bit of precision + and to save its old value within it. */ + void +-mpfr_round_nearest_away_begin (mpfr_t rop) ++mpfr_round_nearest_away_begin (mpfr_ptr rop) + { + mpfr_t tmp; + mp_size_t xsize; +@@ -129,7 +129,7 @@ + copying it back the result of the applied function + and performing additional roundings. */ + int +-mpfr_round_nearest_away_end (mpfr_t rop, int inex) ++mpfr_round_nearest_away_end (mpfr_ptr rop, int inex) + { + mpfr_t tmp; + mp_size_t xsize; +diff -Naurd mpfr-4.1.0-a/src/set_sj.c mpfr-4.1.0-b/src/set_sj.c +--- mpfr-4.1.0-a/src/set_sj.c 2020-06-01 10:39:52.000000000 +0000 ++++ mpfr-4.1.0-b/src/set_sj.c 2021-02-11 12:48:27.354242922 +0000 +@@ -26,13 +26,13 @@ + #ifdef _MPFR_H_HAVE_INTMAX_T + + int +-mpfr_set_sj (mpfr_t x, intmax_t j, mpfr_rnd_t rnd) ++mpfr_set_sj (mpfr_ptr x, intmax_t j, mpfr_rnd_t rnd) + { + return mpfr_set_sj_2exp (x, j, 0, rnd); + } + + int +-mpfr_set_sj_2exp (mpfr_t x, intmax_t j, intmax_t e, mpfr_rnd_t rnd) ++mpfr_set_sj_2exp (mpfr_ptr x, intmax_t j, intmax_t e, mpfr_rnd_t rnd) + { + if (j >= 0) + return mpfr_set_uj_2exp (x, j, e, rnd); +diff -Naurd mpfr-4.1.0-a/src/set_str.c mpfr-4.1.0-b/src/set_str.c +--- mpfr-4.1.0-a/src/set_str.c 2020-01-08 18:11:13.000000000 +0000 ++++ mpfr-4.1.0-b/src/set_str.c 2021-02-11 12:48:27.354242922 +0000 +@@ -23,7 +23,7 @@ + #include "mpfr-impl.h" + + int +-mpfr_set_str (mpfr_t x, const char *str, int base, mpfr_rnd_t rnd) ++mpfr_set_str (mpfr_ptr x, const char *str, int base, mpfr_rnd_t rnd) + { + char *p; + +diff -Naurd mpfr-4.1.0-a/src/set_uj.c mpfr-4.1.0-b/src/set_uj.c +--- mpfr-4.1.0-a/src/set_uj.c 2020-06-01 10:39:52.000000000 +0000 ++++ mpfr-4.1.0-b/src/set_uj.c 2021-02-11 12:48:27.354242922 +0000 +@@ -29,13 +29,13 @@ + #define uintmaxpml (sizeof(uintmax_t) / sizeof(mp_limb_t)) + + int +-mpfr_set_uj (mpfr_t x, uintmax_t j, mpfr_rnd_t rnd) ++mpfr_set_uj (mpfr_ptr x, uintmax_t j, mpfr_rnd_t rnd) + { + return mpfr_set_uj_2exp (x, j, 0, rnd); + } + + int +-mpfr_set_uj_2exp (mpfr_t x, uintmax_t j, intmax_t e, mpfr_rnd_t rnd) ++mpfr_set_uj_2exp (mpfr_ptr x, uintmax_t j, intmax_t e, mpfr_rnd_t rnd) + { + int cnt, inex; + mp_size_t i, k; +diff -Naurd mpfr-4.1.0-a/src/sin_cos.c mpfr-4.1.0-b/src/sin_cos.c +--- mpfr-4.1.0-a/src/sin_cos.c 2020-01-08 18:11:13.000000000 +0000 ++++ mpfr-4.1.0-b/src/sin_cos.c 2021-02-11 12:48:27.354242922 +0000 +@@ -463,7 +463,7 @@ + Return err such that the relative error is bounded by 2^err ulps. + */ + static int +-sincos_aux (mpfr_t s, mpfr_t c, mpfr_srcptr x, mpfr_rnd_t rnd_mode) ++sincos_aux (mpfr_ptr s, mpfr_ptr c, mpfr_srcptr x, mpfr_rnd_t rnd_mode) + { + mpfr_prec_t prec_s, sh; + mpz_t Q, S, C, Q2, S2, C2, y; +@@ -577,7 +577,7 @@ + Assumes s differs from c. + */ + int +-mpfr_sincos_fast (mpfr_t s, mpfr_t c, mpfr_srcptr x, mpfr_rnd_t rnd) ++mpfr_sincos_fast (mpfr_ptr s, mpfr_ptr c, mpfr_srcptr x, mpfr_rnd_t rnd) + { + int inexs, inexc; + mpfr_t x_red, ts, tc; +diff -Naurd mpfr-4.1.0-a/src/strtofr.c mpfr-4.1.0-b/src/strtofr.c +--- mpfr-4.1.0-a/src/strtofr.c 2020-01-08 18:11:13.000000000 +0000 ++++ mpfr-4.1.0-b/src/strtofr.c 2021-02-11 12:48:27.354242922 +0000 +@@ -226,7 +226,7 @@ + BUT if it returns 0 (NAN or INF), the ternary value is also '0' + (ie NAN and INF are exact) */ + static int +-parse_string (mpfr_t x, struct parsed_string *pstr, ++parse_string (mpfr_ptr x, struct parsed_string *pstr, + const char **string, int base) + { + const char *str = *string; +@@ -451,7 +451,7 @@ + and the precision of x. + Returns the ternary value. */ + static int +-parsed_string_to_mpfr (mpfr_t x, struct parsed_string *pstr, mpfr_rnd_t rnd) ++parsed_string_to_mpfr (mpfr_ptr x, struct parsed_string *pstr, mpfr_rnd_t rnd) + { + mpfr_prec_t precx, prec, ysize_bits, pstr_size; + mpfr_exp_t exp; +@@ -934,7 +934,7 @@ + } + + int +-mpfr_strtofr (mpfr_t x, const char *string, char **end, int base, ++mpfr_strtofr (mpfr_ptr x, const char *string, char **end, int base, + mpfr_rnd_t rnd) + { + int res; +diff -Naurd mpfr-4.1.0-a/src/vasprintf.c mpfr-4.1.0-b/src/vasprintf.c +--- mpfr-4.1.0-a/src/vasprintf.c 2020-06-01 10:39:52.000000000 +0000 ++++ mpfr-4.1.0-b/src/vasprintf.c 2021-02-11 12:48:27.354242922 +0000 +@@ -963,7 +963,7 @@ + #define NDIGITS 8 + + MPFR_RETURNS_NONNULL static char * +-mpfr_get_str_wrapper (mpfr_exp_t *exp, int base, size_t n, const mpfr_t op, ++mpfr_get_str_wrapper (mpfr_exp_t *exp, int base, size_t n, mpfr_srcptr op, + const struct printf_spec spec) + { + size_t ndigits; +diff -Naurd mpfr-4.1.0-a/src/version.c mpfr-4.1.0-b/src/version.c +--- mpfr-4.1.0-a/src/version.c 2021-02-11 12:46:49.115316335 +0000 ++++ mpfr-4.1.0-b/src/version.c 2021-02-11 12:48:27.370242746 +0000 +@@ -25,5 +25,5 @@ + const char * + mpfr_get_version (void) + { +- return "4.1.0-p3"; ++ return "4.1.0-p4"; + } +diff -Naurd mpfr-4.1.0-a/src/zeta.c mpfr-4.1.0-b/src/zeta.c +--- mpfr-4.1.0-a/src/zeta.c 2020-01-08 18:11:13.000000000 +0000 ++++ mpfr-4.1.0-b/src/zeta.c 2021-02-11 12:48:27.354242922 +0000 +@@ -35,7 +35,7 @@ + sum(tc[i]*product((s+2j)*(s+2j-1)/n^2,j=1..i-1), i=1..p)*s*n^(-s-1) + */ + static void +-mpfr_zeta_part_b (mpfr_t b, mpfr_srcptr s, int n, int p, mpfr_t *tc) ++mpfr_zeta_part_b (mpfr_ptr b, mpfr_srcptr s, int n, int p, mpfr_t *tc) + { + mpfr_t s1, d, u; + unsigned long n2; +@@ -130,7 +130,7 @@ + n - an integer + Output: sum - a floating-point number approximating sum(1/i^s, i=1..n-1) */ + static void +-mpfr_zeta_part_a (mpfr_t sum, mpfr_srcptr s, int n) ++mpfr_zeta_part_a (mpfr_ptr sum, mpfr_srcptr s, int n) + { + mpfr_t u, s1; + int i; +@@ -158,7 +158,7 @@ + Output: z - Zeta(s) rounded to the precision of z with direction rnd_mode + */ + static int +-mpfr_zeta_pos (mpfr_t z, mpfr_srcptr s, mpfr_rnd_t rnd_mode) ++mpfr_zeta_pos (mpfr_ptr z, mpfr_srcptr s, mpfr_rnd_t rnd_mode) + { + mpfr_t b, c, z_pre, f, s1; + double beta, sd, dnep; +@@ -356,8 +356,8 @@ + At input, p is Pi rounded down. + The comments in the code are for rnd = RNDD. */ + static void +-mpfr_reflection_overflow (mpfr_t z, mpfr_t s1, const mpfr_t s, mpfr_t y, +- mpfr_t p, mpfr_rnd_t rnd) ++mpfr_reflection_overflow (mpfr_ptr z, mpfr_ptr s1, mpfr_srcptr s, mpfr_ptr y, ++ mpfr_ptr p, mpfr_rnd_t rnd) + { + mpz_t sint; + +@@ -432,7 +432,7 @@ + } + + int +-mpfr_zeta (mpfr_t z, mpfr_srcptr s, mpfr_rnd_t rnd_mode) ++mpfr_zeta (mpfr_ptr z, mpfr_srcptr s, mpfr_rnd_t rnd_mode) + { + mpfr_t z_pre, s1, y, p; + long add; +diff -Naurd mpfr-4.1.0-a/tests/tcmp2.c mpfr-4.1.0-b/tests/tcmp2.c +--- mpfr-4.1.0-a/tests/tcmp2.c 2020-01-08 18:11:13.000000000 +0000 ++++ mpfr-4.1.0-b/tests/tcmp2.c 2021-02-11 12:48:27.350242965 +0000 +@@ -24,7 +24,7 @@ + + /* set bit n of x to b, where bit 0 is the most significant one */ + static void +-set_bit (mpfr_t x, unsigned int n, int b) ++set_bit (mpfr_ptr x, unsigned int n, int b) + { + unsigned l; + mp_size_t xn; +diff -Naurd mpfr-4.1.0-a/tests/tdiv.c mpfr-4.1.0-b/tests/tdiv.c +--- mpfr-4.1.0-a/tests/tdiv.c 2020-01-08 18:11:13.000000000 +0000 ++++ mpfr-4.1.0-b/tests/tdiv.c 2021-02-11 12:48:27.350242965 +0000 +@@ -369,7 +369,7 @@ + /* given y = o(x/u), x, u, find the inexact flag by + multiplying y by u */ + static int +-get_inexact (mpfr_t y, mpfr_t x, mpfr_t u) ++get_inexact (mpfr_ptr y, mpfr_ptr x, mpfr_ptr u) + { + mpfr_t xx; + int inex; +diff -Naurd mpfr-4.1.0-a/tests/teq.c mpfr-4.1.0-b/tests/teq.c +--- mpfr-4.1.0-a/tests/teq.c 2020-01-08 18:11:13.000000000 +0000 ++++ mpfr-4.1.0-b/tests/teq.c 2021-02-11 12:48:27.350242965 +0000 +@@ -23,7 +23,7 @@ + #include "mpfr-test.h" + + static void +-teq (mpfr_t x) ++teq (mpfr_ptr x) + { + mpfr_t y; + unsigned long k, px, mx; +diff -Naurd mpfr-4.1.0-a/tests/terandom_chisq.c mpfr-4.1.0-b/tests/terandom_chisq.c +--- mpfr-4.1.0-a/tests/terandom_chisq.c 2020-01-08 18:11:13.000000000 +0000 ++++ mpfr-4.1.0-b/tests/terandom_chisq.c 2021-02-11 12:48:27.350242965 +0000 +@@ -26,7 +26,7 @@ + * exponential distribution. We only take differences of this function so the + * offset doesn't matter; here Phi(0) = 0. */ + static void +-exponential_cumulative (mpfr_t z, mpfr_t x, mpfr_rnd_t rnd) ++exponential_cumulative (mpfr_ptr z, mpfr_ptr x, mpfr_rnd_t rnd) + { + mpfr_neg (z, x, rnd); + mpfr_expm1 (z, z, rnd); +@@ -43,7 +43,7 @@ + * TAOCP, Vol 2, 3.3.1, Table 1. It more accurate than the similar formula, + * DLMF 8.11.10. */ + static void +-chisq_prob (mpfr_t q, long nu, mpfr_t chisqp) ++chisq_prob (mpfr_ptr q, long nu, mpfr_ptr chisqp) + { + mpfr_t t; + mpfr_rnd_t rnd; +@@ -170,7 +170,7 @@ + * this function. low precision means prec = 2, 3, or 4. High values of + * precision will result in integer overflow. */ + static long +-sequential (mpfr_t x) ++sequential (mpfr_ptr x) + { + long expt, prec; + +diff -Naurd mpfr-4.1.0-a/tests/tfmma.c mpfr-4.1.0-b/tests/tfmma.c +--- mpfr-4.1.0-a/tests/tfmma.c 2020-03-24 13:47:38.000000000 +0000 ++++ mpfr-4.1.0-b/tests/tfmma.c 2021-02-11 12:48:27.350242965 +0000 +@@ -24,7 +24,7 @@ + + /* check both mpfr_fmma and mpfr_fmms */ + static void +-random_test (mpfr_t a, mpfr_t b, mpfr_t c, mpfr_t d, mpfr_rnd_t rnd) ++random_test (mpfr_ptr a, mpfr_ptr b, mpfr_ptr c, mpfr_ptr d, mpfr_rnd_t rnd) + { + mpfr_t ref, res, ab, cd; + int inex_ref, inex_res; +diff -Naurd mpfr-4.1.0-a/tests/tfmod.c mpfr-4.1.0-b/tests/tfmod.c +--- mpfr-4.1.0-a/tests/tfmod.c 2020-01-08 18:11:13.000000000 +0000 ++++ mpfr-4.1.0-b/tests/tfmod.c 2021-02-11 12:48:27.350242965 +0000 +@@ -62,8 +62,8 @@ + } + + static void +-test_failed (mpfr_t erem, mpfr_t grem, int eret, int gret, mpfr_t x, mpfr_t y, +- mpfr_rnd_t rnd) ++test_failed (mpfr_ptr erem, mpfr_ptr grem, int eret, int gret, ++ mpfr_ptr x, mpfr_ptr y, mpfr_rnd_t rnd) + { + printf ("error: mpfr_fmod (r, x, y, rnd)\n x = "); + mpfr_out_str (stdout, 10, 0, x, MPFR_RNDD); +@@ -83,7 +83,7 @@ + } + + static void +-check (mpfr_t r0, mpfr_t x, mpfr_t y, mpfr_rnd_t rnd) ++check (mpfr_ptr r0, mpfr_ptr x, mpfr_ptr y, mpfr_rnd_t rnd) + { + int inex0, inex1; + mpfr_t r1; +diff -Naurd mpfr-4.1.0-a/tests/tfprintf.c mpfr-4.1.0-b/tests/tfprintf.c +--- mpfr-4.1.0-a/tests/tfprintf.c 2020-06-01 10:39:52.000000000 +0000 ++++ mpfr-4.1.0-b/tests/tfprintf.c 2021-02-11 12:48:27.350242965 +0000 +@@ -65,7 +65,7 @@ + const int prec_max_printf = 5000; + + static void +-check (FILE *fout, const char *fmt, mpfr_t x) ++check (FILE *fout, const char *fmt, mpfr_ptr x) + { + if (mpfr_fprintf (fout, fmt, x) == -1) + { +diff -Naurd mpfr-4.1.0-a/tests/tgamma.c mpfr-4.1.0-b/tests/tgamma.c +--- mpfr-4.1.0-a/tests/tgamma.c 2020-06-01 00:15:37.000000000 +0000 ++++ mpfr-4.1.0-b/tests/tgamma.c 2021-02-11 12:48:27.350242965 +0000 +@@ -890,7 +890,7 @@ + computing with a working precision p2. Assume that x is not an + integer <= 2. */ + static void +-exp_lgamma (mpfr_t x, mpfr_prec_t p1, mpfr_prec_t p2) ++exp_lgamma (mpfr_ptr x, mpfr_prec_t p1, mpfr_prec_t p2) + { + mpfr_t yd, yu, zd, zu; + int inexd, inexu, sign; +diff -Naurd mpfr-4.1.0-a/tests/tnrandom_chisq.c mpfr-4.1.0-b/tests/tnrandom_chisq.c +--- mpfr-4.1.0-a/tests/tnrandom_chisq.c 2020-01-08 18:11:13.000000000 +0000 ++++ mpfr-4.1.0-b/tests/tnrandom_chisq.c 2021-02-11 12:48:27.350242965 +0000 +@@ -26,7 +26,7 @@ + * for the normal distribution. We only take differences of this function so + * the offset doesn't matter; here Phi(0) = 0. */ + static void +-normal_cumulative (mpfr_t z, mpfr_t x, mpfr_rnd_t rnd) ++normal_cumulative (mpfr_ptr z, mpfr_ptr x, mpfr_rnd_t rnd) + { + mpfr_sqrt_ui (z, 2, rnd); + mpfr_div (z, x, z, rnd); +@@ -44,7 +44,7 @@ + * TAOCP, Vol 2, 3.3.1, Table 1. It more accurate than the similar formula, + * DLMF 8.11.10. */ + static void +-chisq_prob (mpfr_t q, long nu, mpfr_t chisqp) ++chisq_prob (mpfr_ptr q, long nu, mpfr_ptr chisqp) + { + mpfr_t t; + mpfr_rnd_t rnd; +@@ -166,7 +166,7 @@ + * this function. low precision means prec = 2, 3, or 4. High values of + * precision will result in integer overflow. */ + static long +-sequential (mpfr_t x) ++sequential (mpfr_ptr x) + { + long expt, prec; + +diff -Naurd mpfr-4.1.0-a/tests/tprintf.c mpfr-4.1.0-b/tests/tprintf.c +--- mpfr-4.1.0-a/tests/tprintf.c 2020-06-01 10:39:52.000000000 +0000 ++++ mpfr-4.1.0-b/tests/tprintf.c 2021-02-11 12:48:27.350242965 +0000 +@@ -74,7 +74,7 @@ + int stdout_redirect; + + static void +-check (const char *fmt, mpfr_t x) ++check (const char *fmt, mpfr_ptr x) + { + if (mpfr_printf (fmt, x) == -1) + { +diff -Naurd mpfr-4.1.0-a/tests/trint.c mpfr-4.1.0-b/tests/trint.c +--- mpfr-4.1.0-a/tests/trint.c 2020-02-12 13:04:50.000000000 +0000 ++++ mpfr-4.1.0-b/tests/trint.c 2021-02-11 12:48:27.350242965 +0000 +@@ -367,7 +367,7 @@ + #endif + + static void +-err (const char *str, mp_size_t s, mpfr_t x, mpfr_t y, mpfr_prec_t p, ++err (const char *str, mp_size_t s, mpfr_ptr x, mpfr_ptr y, mpfr_prec_t p, + mpfr_rnd_t r, int trint, int inexact) + { + printf ("Error: %s\ns = %u, p = %u, r = %s, trint = %d, inexact = %d\nx = ", +diff -Naurd mpfr-4.1.0-a/tests/tsinh_cosh.c mpfr-4.1.0-b/tests/tsinh_cosh.c +--- mpfr-4.1.0-a/tests/tsinh_cosh.c 2020-01-08 18:11:13.000000000 +0000 ++++ mpfr-4.1.0-b/tests/tsinh_cosh.c 2021-02-11 12:48:27.350242965 +0000 +@@ -23,7 +23,7 @@ + #include "mpfr-test.h" + + static void +-failed (mpfr_t x, mpfr_t esh, mpfr_t gsh, mpfr_t ech, mpfr_t gch) ++failed (mpfr_ptr x, mpfr_ptr esh, mpfr_ptr gsh, mpfr_ptr ech, mpfr_ptr gch) + { + printf ("error : mpfr_sinh_cosh (x) x = "); + mpfr_out_str (stdout, 10, 0, x, MPFR_RNDD); +@@ -43,7 +43,7 @@ + + /* check against sinh, cosh */ + static void +-check (mpfr_t x, mpfr_rnd_t rnd) ++check (mpfr_ptr x, mpfr_rnd_t rnd) + { + mpfr_t s, c, sx, cx; + int isc, is, ic; +diff -Naurd mpfr-4.1.0-a/tests/tsqr.c mpfr-4.1.0-b/tests/tsqr.c +--- mpfr-4.1.0-a/tests/tsqr.c 2020-01-08 18:11:13.000000000 +0000 ++++ mpfr-4.1.0-b/tests/tsqr.c 2021-02-11 12:48:27.350242965 +0000 +@@ -33,7 +33,7 @@ + + static void + error1 (mpfr_rnd_t rnd, mpfr_prec_t prec, +- mpfr_t in, mpfr_t outmul, mpfr_t outsqr) ++ mpfr_t in, mpfr_ptr outmul, mpfr_ptr outsqr) + { + printf("ERROR: for %s and prec=%lu\nINPUT=", mpfr_print_rnd_mode(rnd), + (unsigned long) prec); +@@ -44,7 +44,7 @@ + } + + static void +-error2 (mpfr_rnd_t rnd, mpfr_prec_t prec, mpfr_t in, mpfr_t out, ++error2 (mpfr_rnd_t rnd, mpfr_prec_t prec, mpfr_ptr in, mpfr_ptr out, + int inexactmul, int inexactsqr) + { + printf("ERROR: for %s and prec=%lu\nINPUT=", mpfr_print_rnd_mode(rnd), +diff -Naurd mpfr-4.1.0-a/tests/tsum.c mpfr-4.1.0-b/tests/tsum.c +--- mpfr-4.1.0-a/tests/tsum.c 2020-01-08 18:11:13.000000000 +0000 ++++ mpfr-4.1.0-b/tests/tsum.c 2021-02-11 12:48:27.350242965 +0000 +@@ -59,7 +59,7 @@ + } + + static void +-get_exact_sum (mpfr_t sum, mpfr_t *tab, int n) ++get_exact_sum (mpfr_ptr sum, mpfr_t *tab, int n) + { + int i; + +@@ -1198,7 +1198,7 @@ + } + + static int +-mpfr_sum_naive (mpfr_t s, mpfr_t *x, int n, mpfr_rnd_t rnd) ++mpfr_sum_naive (mpfr_ptr s, mpfr_t *x, int n, mpfr_rnd_t rnd) + { + int ret, i; + switch (n) +diff -Naurd mpfr-4.1.0-a/PATCHES mpfr-4.1.0-b/PATCHES +--- mpfr-4.1.0-a/PATCHES 2021-02-11 12:50:22.384987438 +0000 ++++ mpfr-4.1.0-b/PATCHES 2021-02-11 12:50:22.424987002 +0000 +@@ -0,0 +1 @@ ++digamma-hugemem +diff -Naurd mpfr-4.1.0-a/VERSION mpfr-4.1.0-b/VERSION +--- mpfr-4.1.0-a/VERSION 2021-02-11 12:48:27.370242746 +0000 ++++ mpfr-4.1.0-b/VERSION 2021-02-11 12:50:22.424987002 +0000 +@@ -1 +1 @@ +-4.1.0-p4 ++4.1.0-p5 +diff -Naurd mpfr-4.1.0-a/src/digamma.c mpfr-4.1.0-b/src/digamma.c +--- mpfr-4.1.0-a/src/digamma.c 2020-06-18 17:17:18.000000000 +0000 ++++ mpfr-4.1.0-b/src/digamma.c 2021-02-11 12:50:22.412987133 +0000 +@@ -214,19 +214,27 @@ + (("x[%Pu]=%.*Rg rnd=%d", mpfr_get_prec(x), mpfr_log_prec, x, rnd_mode), + ("y[%Pu]=%.*Rg inexact=%d", mpfr_get_prec(y), mpfr_log_prec, y, inex)); + +- /* compute a precision q such that x+1 is exact */ +- if (MPFR_PREC(x) < MPFR_GET_EXP(x)) +- q = MPFR_EXP(x); +- else +- q = MPFR_PREC(x) + 1; +- +- /* for very large x, use |digamma(x) - log(x)| < 1/x < 2^(1-EXP(x)) */ +- if (MPFR_PREC(y) + 10 < MPFR_EXP(x)) ++ /* For very large x, use |digamma(x) - log(x)| < 1/x < 2^(1-EXP(x)). ++ However, for a fixed value of GUARD, MPFR_CAN_ROUND() might fail ++ with probability 1/2^GUARD, in which case the default code will ++ fail since it requires x+1 to be exact, thus a huge precision if ++ x is huge. There are two workarounds: ++ * either perform a Ziv's loop, by increasing GUARD at each step. ++ However, this might fail if x is moderately large, in which case ++ more terms of the asymptotic expansion would be needed. ++ * implement a full asymptotic expansion (with Ziv's loop). */ ++#define GUARD 30 ++ if (MPFR_PREC(y) + GUARD < MPFR_EXP(x)) + { + /* this ensures EXP(x) >= 3, thus x >= 4, thus log(x) > 1 */ +- mpfr_init2 (t, MPFR_PREC(y) + 10); +- mpfr_log (t, x, MPFR_RNDZ); +- if (MPFR_CAN_ROUND (t, MPFR_PREC(y) + 10, MPFR_PREC(y), rnd_mode)) ++ mpfr_init2 (t, MPFR_PREC(y) + GUARD); ++ mpfr_log (t, x, MPFR_RNDN); ++ /* |t - digamma(x)| <= 1/2*ulp(t) + |digamma(x) - log(x)| ++ <= 1/2*ulp(t) + 2^(1-EXP(x)) ++ <= 1/2*ulp(t) + 2^(-PREC(y)-GUARD) ++ <= ulp(t) ++ since |t| >= 1 thus ulp(t) >= 2^(1-PREC(y)-GUARD) */ ++ if (MPFR_CAN_ROUND (t, MPFR_PREC(y) + GUARD, MPFR_PREC(y), rnd_mode)) + { + inex = mpfr_set (y, t, rnd_mode); + mpfr_clear (t); +@@ -235,6 +243,21 @@ + mpfr_clear (t); + } + ++ /* compute a precision q such that x+1 is exact */ ++ if (MPFR_PREC(x) < MPFR_GET_EXP(x)) ++ { ++ /* The goal of the first assertion is to let the compiler ignore ++ the second one when MPFR_EMAX_MAX <= MPFR_PREC_MAX. */ ++ MPFR_ASSERTD (MPFR_EXP(x) <= MPFR_EMAX_MAX); ++ MPFR_ASSERTN (MPFR_EXP(x) <= MPFR_PREC_MAX); ++ q = MPFR_EXP(x); ++ } ++ else ++ q = MPFR_PREC(x) + 1; ++ ++ /* FIXME: q can be much too large, e.g. equal to the maximum exponent! */ ++ MPFR_LOG_MSG (("q=%Pu\n", q)); ++ + mpfr_init2 (x_plus_j, q); + + mpfr_init2 (t, p); +diff -Naurd mpfr-4.1.0-a/src/mpfr.h mpfr-4.1.0-b/src/mpfr.h +--- mpfr-4.1.0-a/src/mpfr.h 2021-02-11 12:48:27.366242791 +0000 ++++ mpfr-4.1.0-b/src/mpfr.h 2021-02-11 12:50:22.424987002 +0000 +@@ -27,7 +27,7 @@ + #define MPFR_VERSION_MAJOR 4 + #define MPFR_VERSION_MINOR 1 + #define MPFR_VERSION_PATCHLEVEL 0 +-#define MPFR_VERSION_STRING "4.1.0-p4" ++#define MPFR_VERSION_STRING "4.1.0-p5" + + /* User macros: + MPFR_USE_FILE: Define it to make MPFR define functions dealing +diff -Naurd mpfr-4.1.0-a/src/version.c mpfr-4.1.0-b/src/version.c +--- mpfr-4.1.0-a/src/version.c 2021-02-11 12:48:27.370242746 +0000 ++++ mpfr-4.1.0-b/src/version.c 2021-02-11 12:50:22.424987002 +0000 +@@ -25,5 +25,5 @@ + const char * + mpfr_get_version (void) + { +- return "4.1.0-p4"; ++ return "4.1.0-p5"; + } +diff -Naurd mpfr-4.1.0-a/tests/tdigamma.c mpfr-4.1.0-b/tests/tdigamma.c +--- mpfr-4.1.0-a/tests/tdigamma.c 2020-06-18 17:17:18.000000000 +0000 ++++ mpfr-4.1.0-b/tests/tdigamma.c 2021-02-11 12:50:22.412987133 +0000 +@@ -49,12 +49,54 @@ + mpfr_clear (y); + } + ++/* With some GMP_CHECK_RANDOMIZE values, test_generic triggers an error ++ tests_addsize(): too much memory (576460752303432776 bytes) ++ Each time on prec = 200, n = 3, xprec = 140. ++ The following test is a more general testcase. ++*/ ++static void ++bug20210206 (void) ++{ ++#define NPREC 4 ++ mpfr_t x, y[NPREC], z; ++ mpfr_exp_t emin, emax; ++ int i, precx, precy[NPREC] = { 200, 400, 520, 1416 }; ++ ++ emin = mpfr_get_emin (); ++ emax = mpfr_get_emax (); ++ set_emin (MPFR_EMIN_MIN); ++ set_emax (MPFR_EMAX_MAX); ++ ++ for (i = 0; i < NPREC; i++) ++ mpfr_init2 (y[i], precy[i]); ++ mpfr_init2 (z, precy[0]); ++ ++ for (precx = MPFR_PREC_MIN; precx < 150; precx++) ++ { ++ mpfr_init2 (x, precx); ++ mpfr_setmax (x, __gmpfr_emax); ++ for (i = 0; i < NPREC; i++) ++ mpfr_digamma (y[i], x, MPFR_RNDA); ++ mpfr_set (z, y[1], MPFR_RNDA); ++ MPFR_ASSERTN (mpfr_equal_p (y[0], z)); ++ mpfr_clear (x); ++ } ++ ++ for (i = 0; i < NPREC; i++) ++ mpfr_clear (y[i]); ++ mpfr_clear (z); ++ ++ set_emin (emin); ++ set_emax (emax); ++} ++ + int + main (int argc, char *argv[]) + { + tests_start_mpfr (); + + special (); ++ bug20210206 (); + + test_generic (MPFR_PREC_MIN, 200, 20); + +diff -Naurd mpfr-4.1.0-a/PATCHES mpfr-4.1.0-b/PATCHES +--- mpfr-4.1.0-a/PATCHES 2021-02-11 12:52:52.519350662 +0000 ++++ mpfr-4.1.0-b/PATCHES 2021-02-11 12:52:52.563350183 +0000 +@@ -0,0 +1 @@ ++digamma-interm-zero +diff -Naurd mpfr-4.1.0-a/VERSION mpfr-4.1.0-b/VERSION +--- mpfr-4.1.0-a/VERSION 2021-02-11 12:50:22.424987002 +0000 ++++ mpfr-4.1.0-b/VERSION 2021-02-11 12:52:52.563350183 +0000 +@@ -1 +1 @@ +-4.1.0-p5 ++4.1.0-p6 +diff -Naurd mpfr-4.1.0-a/src/digamma.c mpfr-4.1.0-b/src/digamma.c +--- mpfr-4.1.0-a/src/digamma.c 2021-02-11 12:50:22.412987133 +0000 ++++ mpfr-4.1.0-b/src/digamma.c 2021-02-11 12:52:52.547350357 +0000 +@@ -296,21 +296,26 @@ + errt = mpfr_digamma_approx (t, x_plus_j); + expt = MPFR_GET_EXP (t); + mpfr_sub (t, t, u, MPFR_RNDN); +- if (MPFR_GET_EXP (t) < expt) +- errt += expt - MPFR_EXP(t); +- /* Warning: if u is zero (which happens when x_plus_j >= min at the +- beginning of the while loop above), EXP(u) is not defined. +- In this case we have no error from u. */ +- if (MPFR_NOTZERO(u) && MPFR_GET_EXP (t) < MPFR_GET_EXP (u)) +- erru += MPFR_EXP(u) - MPFR_EXP(t); +- if (errt > erru) +- errt = errt + 1; +- else if (errt == erru) +- errt = errt + 2; +- else +- errt = erru + 1; +- if (MPFR_CAN_ROUND (t, p - errt, MPFR_PREC(y), rnd_mode)) +- break; ++ /* Warning! t may be zero (more likely in small precision). Note ++ that in this case, this is an exact zero, not an underflow. */ ++ if (MPFR_NOTZERO(t)) ++ { ++ if (MPFR_GET_EXP (t) < expt) ++ errt += expt - MPFR_EXP(t); ++ /* Warning: if u is zero (which happens when x_plus_j >= min at the ++ beginning of the while loop above), EXP(u) is not defined. ++ In this case we have no error from u. */ ++ if (MPFR_NOTZERO(u) && MPFR_GET_EXP (t) < MPFR_GET_EXP (u)) ++ erru += MPFR_EXP(u) - MPFR_EXP(t); ++ if (errt > erru) ++ errt = errt + 1; ++ else if (errt == erru) ++ errt = errt + 2; ++ else ++ errt = erru + 1; ++ if (MPFR_CAN_ROUND (t, p - errt, MPFR_PREC(y), rnd_mode)) ++ break; ++ } + MPFR_ZIV_NEXT (loop, p); + mpfr_set_prec (t, p); + mpfr_set_prec (u, p); +diff -Naurd mpfr-4.1.0-a/src/mpfr.h mpfr-4.1.0-b/src/mpfr.h +--- mpfr-4.1.0-a/src/mpfr.h 2021-02-11 12:50:22.424987002 +0000 ++++ mpfr-4.1.0-b/src/mpfr.h 2021-02-11 12:52:52.559350226 +0000 +@@ -27,7 +27,7 @@ + #define MPFR_VERSION_MAJOR 4 + #define MPFR_VERSION_MINOR 1 + #define MPFR_VERSION_PATCHLEVEL 0 +-#define MPFR_VERSION_STRING "4.1.0-p5" ++#define MPFR_VERSION_STRING "4.1.0-p6" + + /* User macros: + MPFR_USE_FILE: Define it to make MPFR define functions dealing +diff -Naurd mpfr-4.1.0-a/src/version.c mpfr-4.1.0-b/src/version.c +--- mpfr-4.1.0-a/src/version.c 2021-02-11 12:50:22.424987002 +0000 ++++ mpfr-4.1.0-b/src/version.c 2021-02-11 12:52:52.559350226 +0000 +@@ -25,5 +25,5 @@ + const char * + mpfr_get_version (void) + { +- return "4.1.0-p5"; ++ return "4.1.0-p6"; + } +diff -Naurd mpfr-4.1.0-a/tests/tdigamma.c mpfr-4.1.0-b/tests/tdigamma.c +--- mpfr-4.1.0-a/tests/tdigamma.c 2021-02-11 12:50:22.412987133 +0000 ++++ mpfr-4.1.0-b/tests/tdigamma.c 2021-02-11 12:52:52.547350357 +0000 +@@ -90,6 +90,26 @@ + set_emax (emax); + } + ++/* another test that fails with GMP_CHECK_RANDOMIZE=1612741376857003 ++ on revision 14398 */ ++static void ++bug20210208 (void) ++{ ++ mpfr_t x, y; ++ int inex; ++ ++ mpfr_init2 (x, 73); ++ mpfr_init2 (y, 1); ++ mpfr_set_str (x, "1.4613470547060071827450", 10, MPFR_RNDN); ++ mpfr_clear_flags (); ++ inex = mpfr_digamma (y, x, MPFR_RNDU); ++ MPFR_ASSERTN (mpfr_cmp_si_2exp (y, -1, -12) == 0); ++ MPFR_ASSERTN (inex > 0); ++ MPFR_ASSERTN (__gmpfr_flags == MPFR_FLAGS_INEXACT); ++ mpfr_clear (x); ++ mpfr_clear (y); ++} ++ + int + main (int argc, char *argv[]) + { +@@ -97,6 +117,7 @@ + + special (); + bug20210206 (); ++ bug20210208 (); + + test_generic (MPFR_PREC_MIN, 200, 20); + +diff -Naurd mpfr-4.1.0-a/PATCHES mpfr-4.1.0-b/PATCHES +--- mpfr-4.1.0-a/PATCHES 2021-02-11 12:53:38.382850990 +0000 ++++ mpfr-4.1.0-b/PATCHES 2021-02-11 12:53:38.426850512 +0000 +@@ -0,0 +1 @@ ++jn-interm-zero +diff -Naurd mpfr-4.1.0-a/VERSION mpfr-4.1.0-b/VERSION +--- mpfr-4.1.0-a/VERSION 2021-02-11 12:52:52.563350183 +0000 ++++ mpfr-4.1.0-b/VERSION 2021-02-11 12:53:38.426850512 +0000 +@@ -1 +1 @@ +-4.1.0-p6 ++4.1.0-p7 +diff -Naurd mpfr-4.1.0-a/src/jyn_asympt.c mpfr-4.1.0-b/src/jyn_asympt.c +--- mpfr-4.1.0-a/src/jyn_asympt.c 2020-07-10 10:33:32.000000000 +0000 ++++ mpfr-4.1.0-b/src/jyn_asympt.c 2021-02-11 12:53:38.410850685 +0000 +@@ -69,6 +69,8 @@ + MPFR_ZIV_INIT (loop, w); + for (;;) + { ++ int ok = 1; ++ + mpfr_set_prec (c, w); + mpfr_init2 (s, w); + mpfr_init2 (P, w); +@@ -92,6 +94,13 @@ + /* now s approximates sin(z)+cos(z), and c approximates sin(z)-cos(z), + with total absolute error bounded by 2^(1-w). */ + ++ /* if s or c is zero, MPFR_GET_EXP will fail below */ ++ if (MPFR_IS_ZERO(s) || MPFR_IS_ZERO(c)) ++ { ++ ok = 0; ++ goto clear; ++ } ++ + /* precompute 1/(8|z|) */ + mpfr_si_div (iz, MPFR_IS_POS(z) ? 1 : -1, z, MPFR_RNDN); /* err <= 1 */ + mpfr_div_2ui (iz, iz, 3, MPFR_RNDN); +@@ -257,6 +266,9 @@ + err = (err >= err2) ? err + 1 : err2 + 1; + /* the absolute error on c is bounded by 2^(err - w) */ + ++ err -= MPFR_GET_EXP (c); ++ ++ clear: + mpfr_clear (s); + mpfr_clear (P); + mpfr_clear (Q); +@@ -266,8 +278,7 @@ + mpfr_clear (err_s); + mpfr_clear (err_u); + +- err -= MPFR_GET_EXP (c); +- if (MPFR_LIKELY (MPFR_CAN_ROUND (c, w - err, MPFR_PREC(res), r))) ++ if (ok && MPFR_LIKELY (MPFR_CAN_ROUND (c, w - err, MPFR_PREC(res), r))) + break; + if (diverge != 0) + { +diff -Naurd mpfr-4.1.0-a/src/mpfr.h mpfr-4.1.0-b/src/mpfr.h +--- mpfr-4.1.0-a/src/mpfr.h 2021-02-11 12:52:52.559350226 +0000 ++++ mpfr-4.1.0-b/src/mpfr.h 2021-02-11 12:53:38.422850555 +0000 +@@ -27,7 +27,7 @@ + #define MPFR_VERSION_MAJOR 4 + #define MPFR_VERSION_MINOR 1 + #define MPFR_VERSION_PATCHLEVEL 0 +-#define MPFR_VERSION_STRING "4.1.0-p6" ++#define MPFR_VERSION_STRING "4.1.0-p7" + + /* User macros: + MPFR_USE_FILE: Define it to make MPFR define functions dealing +diff -Naurd mpfr-4.1.0-a/src/version.c mpfr-4.1.0-b/src/version.c +--- mpfr-4.1.0-a/src/version.c 2021-02-11 12:52:52.559350226 +0000 ++++ mpfr-4.1.0-b/src/version.c 2021-02-11 12:53:38.426850512 +0000 +@@ -25,5 +25,5 @@ + const char * + mpfr_get_version (void) + { +- return "4.1.0-p6"; ++ return "4.1.0-p7"; + } +diff -Naurd mpfr-4.1.0-a/tests/tj0.c mpfr-4.1.0-b/tests/tj0.c +--- mpfr-4.1.0-a/tests/tj0.c 2020-01-08 18:11:13.000000000 +0000 ++++ mpfr-4.1.0-b/tests/tj0.c 2021-02-11 12:53:38.410850685 +0000 +@@ -27,6 +27,25 @@ + #define REDUCE_EMAX 262143 /* otherwise arg. reduction is too expensive */ + #include "tgeneric.c" + ++/* bug found in revision 14399 with GMP_CHECK_RANDOMIZE=1612721106588971 */ ++static void ++bug20210208 (void) ++{ ++ mpfr_t x, y; ++ int inex; ++ ++ mpfr_init2 (x, 79); ++ mpfr_init2 (y, 1); ++ mpfr_set_str (x, "2.552495117262005805960565e+02", 10, MPFR_RNDN); ++ mpfr_clear_flags (); ++ inex = mpfr_j0 (y, x, MPFR_RNDZ); ++ MPFR_ASSERTN (mpfr_cmp_si_2exp (y, -1, -5) == 0); ++ MPFR_ASSERTN (inex > 0); ++ MPFR_ASSERTN (__gmpfr_flags == MPFR_FLAGS_INEXACT); ++ mpfr_clear (x); ++ mpfr_clear (y); ++} ++ + int + main (int argc, char *argv[]) + { +@@ -35,6 +54,8 @@ + + tests_start_mpfr (); + ++ bug20210208 (); ++ + mpfr_init (x); + mpfr_init (y); + +diff -Naurd mpfr-4.1.0-a/PATCHES mpfr-4.1.0-b/PATCHES +--- mpfr-4.1.0-a/PATCHES 2021-02-17 17:22:34.594973310 +0000 ++++ mpfr-4.1.0-b/PATCHES 2021-02-17 17:22:34.702972090 +0000 +@@ -0,0 +1 @@ ++digamma-interm-zero2 +diff -Naurd mpfr-4.1.0-a/VERSION mpfr-4.1.0-b/VERSION +--- mpfr-4.1.0-a/VERSION 2021-02-11 12:53:38.426850512 +0000 ++++ mpfr-4.1.0-b/VERSION 2021-02-17 17:22:34.702972090 +0000 +@@ -1 +1 @@ +-4.1.0-p7 ++4.1.0-p8 +diff -Naurd mpfr-4.1.0-a/src/digamma.c mpfr-4.1.0-b/src/digamma.c +--- mpfr-4.1.0-a/src/digamma.c 2021-02-11 12:52:52.547350357 +0000 ++++ mpfr-4.1.0-b/src/digamma.c 2021-02-17 17:22:34.690972226 +0000 +@@ -173,16 +173,19 @@ + mpfr_digamma (v, u, MPFR_RNDN); /* error <= 1/2 ulp */ + expv = MPFR_GET_EXP (v); + mpfr_sub (v, v, t, MPFR_RNDN); +- if (MPFR_GET_EXP (v) < MPFR_GET_EXP (t)) +- e1 += MPFR_EXP(t) - MPFR_EXP(v); /* scale error for t wrt new v */ +- /* now take into account the 1/2 ulp error for v */ +- if (expv - MPFR_EXP(v) - 1 > e1) +- e1 = expv - MPFR_EXP(v) - 1; +- else +- e1 ++; +- e1 ++; /* rounding error for mpfr_sub */ +- if (MPFR_CAN_ROUND (v, p - e1, MPFR_PREC(y), rnd_mode)) +- break; ++ if (MPFR_NOTZERO(v)) ++ { ++ if (MPFR_GET_EXP (v) < MPFR_GET_EXP (t)) ++ e1 += MPFR_EXP(t) - MPFR_EXP(v); /* scale error for t wrt new v */ ++ /* now take into account the 1/2 ulp error for v */ ++ if (expv - MPFR_EXP(v) - 1 > e1) ++ e1 = expv - MPFR_EXP(v) - 1; ++ else ++ e1 ++; ++ e1 ++; /* rounding error for mpfr_sub */ ++ if (MPFR_CAN_ROUND (v, p - e1, MPFR_PREC(y), rnd_mode)) ++ break; ++ } + MPFR_ZIV_NEXT (loop, p); + mpfr_set_prec (t, p); + mpfr_set_prec (v, p); +@@ -416,10 +419,8 @@ + } + } + +- if (MPFR_IS_NEG(x)) +- inex = mpfr_digamma_reflection (y, x, rnd_mode); + /* if x < 1/2 we use the reflection formula */ +- else if (MPFR_EXP(x) < 0) ++ if (MPFR_IS_NEG(x) || MPFR_EXP(x) < 0) + inex = mpfr_digamma_reflection (y, x, rnd_mode); + else + inex = mpfr_digamma_positive (y, x, rnd_mode); +diff -Naurd mpfr-4.1.0-a/src/mpfr.h mpfr-4.1.0-b/src/mpfr.h +--- mpfr-4.1.0-a/src/mpfr.h 2021-02-11 12:53:38.422850555 +0000 ++++ mpfr-4.1.0-b/src/mpfr.h 2021-02-17 17:22:34.702972090 +0000 +@@ -27,7 +27,7 @@ + #define MPFR_VERSION_MAJOR 4 + #define MPFR_VERSION_MINOR 1 + #define MPFR_VERSION_PATCHLEVEL 0 +-#define MPFR_VERSION_STRING "4.1.0-p7" ++#define MPFR_VERSION_STRING "4.1.0-p8" + + /* User macros: + MPFR_USE_FILE: Define it to make MPFR define functions dealing +diff -Naurd mpfr-4.1.0-a/src/version.c mpfr-4.1.0-b/src/version.c +--- mpfr-4.1.0-a/src/version.c 2021-02-11 12:53:38.426850512 +0000 ++++ mpfr-4.1.0-b/src/version.c 2021-02-17 17:22:34.702972090 +0000 +@@ -25,5 +25,5 @@ + const char * + mpfr_get_version (void) + { +- return "4.1.0-p7"; ++ return "4.1.0-p8"; + } +diff -Naurd mpfr-4.1.0-a/tests/tdigamma.c mpfr-4.1.0-b/tests/tdigamma.c +--- mpfr-4.1.0-a/tests/tdigamma.c 2021-02-11 12:52:52.547350357 +0000 ++++ mpfr-4.1.0-b/tests/tdigamma.c 2021-02-17 17:22:34.690972226 +0000 +@@ -110,6 +110,26 @@ + mpfr_clear (y); + } + ++/* another test that fails with GMP_CHECK_RANDOMIZE=1613197421465830 ++ on revision 14429 */ ++static void ++bug20210215 (void) ++{ ++ mpfr_t x, y; ++ int inex; ++ ++ mpfr_init2 (x, 510); ++ mpfr_init2 (y, 4); ++ mpfr_set_str (x, "-8.2923051438433494998166335341807999322052669984208422481227138906096000469898717007386115912802685588348601663465077353194268894939972221117314512518182580e+35", 10, MPFR_RNDN); ++ mpfr_clear_flags (); ++ inex = mpfr_digamma (y, x, MPFR_RNDU); ++ MPFR_ASSERTN (mpfr_cmp_ui0 (y, 88) == 0); ++ MPFR_ASSERTN (inex > 0); ++ MPFR_ASSERTN (__gmpfr_flags == MPFR_FLAGS_INEXACT); ++ mpfr_clear (x); ++ mpfr_clear (y); ++} ++ + int + main (int argc, char *argv[]) + { +@@ -118,6 +138,7 @@ + special (); + bug20210206 (); + bug20210208 (); ++ bug20210215 (); + + test_generic (MPFR_PREC_MIN, 200, 20); + +diff -Naurd mpfr-4.1.0-a/PATCHES mpfr-4.1.0-b/PATCHES +--- mpfr-4.1.0-a/PATCHES 2021-02-17 17:25:46.396981483 +0000 ++++ mpfr-4.1.0-b/PATCHES 2021-02-17 17:25:46.440981068 +0000 +@@ -0,0 +1 @@ ++jyn_asympt-interm-zero +diff -Naurd mpfr-4.1.0-a/VERSION mpfr-4.1.0-b/VERSION +--- mpfr-4.1.0-a/VERSION 2021-02-17 17:22:34.702972090 +0000 ++++ mpfr-4.1.0-b/VERSION 2021-02-17 17:25:46.440981068 +0000 +@@ -1 +1 @@ +-4.1.0-p8 ++4.1.0-p9 +diff -Naurd mpfr-4.1.0-a/src/jyn_asympt.c mpfr-4.1.0-b/src/jyn_asympt.c +--- mpfr-4.1.0-a/src/jyn_asympt.c 2021-02-11 12:53:38.410850685 +0000 ++++ mpfr-4.1.0-b/src/jyn_asympt.c 2021-02-17 17:25:46.424981219 +0000 +@@ -69,7 +69,7 @@ + MPFR_ZIV_INIT (loop, w); + for (;;) + { +- int ok = 1; ++ int ok = 0; + + mpfr_set_prec (c, w); + mpfr_init2 (s, w); +@@ -96,10 +96,7 @@ + + /* if s or c is zero, MPFR_GET_EXP will fail below */ + if (MPFR_IS_ZERO(s) || MPFR_IS_ZERO(c)) +- { +- ok = 0; +- goto clear; +- } ++ goto clear; /* with ok=0 */ + + /* precompute 1/(8|z|) */ + mpfr_si_div (iz, MPFR_IS_POS(z) ? 1 : -1, z, MPFR_RNDN); /* err <= 1 */ +@@ -227,6 +224,9 @@ + mpfr_sub (s, c, s, MPFR_RNDN); + #endif + } ++ if (MPFR_IS_ZERO(s)) ++ goto clear; /* with ok=0 */ ++ ok = 1; + if ((n & 2) != 0) + mpfr_neg (s, s, MPFR_RNDN); + if (MPFR_GET_EXP (s) > err) +diff -Naurd mpfr-4.1.0-a/src/mpfr.h mpfr-4.1.0-b/src/mpfr.h +--- mpfr-4.1.0-a/src/mpfr.h 2021-02-17 17:22:34.702972090 +0000 ++++ mpfr-4.1.0-b/src/mpfr.h 2021-02-17 17:25:46.436981105 +0000 +@@ -27,7 +27,7 @@ + #define MPFR_VERSION_MAJOR 4 + #define MPFR_VERSION_MINOR 1 + #define MPFR_VERSION_PATCHLEVEL 0 +-#define MPFR_VERSION_STRING "4.1.0-p8" ++#define MPFR_VERSION_STRING "4.1.0-p9" + + /* User macros: + MPFR_USE_FILE: Define it to make MPFR define functions dealing +diff -Naurd mpfr-4.1.0-a/src/version.c mpfr-4.1.0-b/src/version.c +--- mpfr-4.1.0-a/src/version.c 2021-02-17 17:22:34.702972090 +0000 ++++ mpfr-4.1.0-b/src/version.c 2021-02-17 17:25:46.440981068 +0000 +@@ -25,5 +25,5 @@ + const char * + mpfr_get_version (void) + { +- return "4.1.0-p8"; ++ return "4.1.0-p9"; + } +diff -Naurd mpfr-4.1.0-a/tests/mpfr-test.h mpfr-4.1.0-b/tests/mpfr-test.h +--- mpfr-4.1.0-a/tests/mpfr-test.h 2020-06-29 13:57:32.000000000 +0000 ++++ mpfr-4.1.0-b/tests/mpfr-test.h 2021-02-17 17:25:46.424981219 +0000 +@@ -191,6 +191,8 @@ + + #define mpfr_cmp0(x,y) (MPFR_ASSERTN (!MPFR_IS_NAN (x) && !MPFR_IS_NAN (y)), mpfr_cmp (x,y)) + #define mpfr_cmp_ui0(x,i) (MPFR_ASSERTN (!MPFR_IS_NAN (x)), mpfr_cmp_ui (x,i)) ++#define mpfr_cmp_si_2exp0(x,i,e) (MPFR_ASSERTN (!MPFR_IS_NAN (x)), \ ++ mpfr_cmp_si_2exp (x,i,e)) + + /* define CHECK_EXTERNAL if you want to check mpfr against another library + with correct rounding. You'll probably have to modify mpfr_print_raw() +diff -Naurd mpfr-4.1.0-a/tests/tj1.c mpfr-4.1.0-b/tests/tj1.c +--- mpfr-4.1.0-a/tests/tj1.c 2020-01-08 18:11:13.000000000 +0000 ++++ mpfr-4.1.0-b/tests/tj1.c 2021-02-17 17:25:46.424981219 +0000 +@@ -55,14 +55,14 @@ + /* since |x| is just above 2^e, |j1(x)| is just above 2^(e-1), + thus y should be 2^(e-1) and the inexact flag should be + of opposite sign of x */ +- MPFR_ASSERTN(mpfr_cmp_si_2exp (y, sign, e - 1) == 0); ++ MPFR_ASSERTN(mpfr_cmp_si_2exp0 (y, sign, e - 1) == 0); + MPFR_ASSERTN(VSIGN (inex) * sign < 0); + } + else + { + /* here |y| should be 0.5*2^emin and the inexact flag should + have the sign of x */ +- MPFR_ASSERTN(mpfr_cmp_si_2exp (y, sign, e) == 0); ++ MPFR_ASSERTN(mpfr_cmp_si_2exp0 (y, sign, e) == 0); + MPFR_ASSERTN(VSIGN (inex) * sign > 0); + } + } +@@ -72,6 +72,26 @@ + mpfr_clear (y); + } + ++/* a test that fails with GMP_CHECK_RANDOMIZE=1613146232984428 ++ on revision 14429 */ ++static void ++bug20210215 (void) ++{ ++ mpfr_t x, y; ++ int inex; ++ ++ mpfr_init2 (x, 221); ++ mpfr_init2 (y, 1); ++ mpfr_set_str (x, "1.6484611511696130037307738844228498447763863563070374544054791168614e+01", 10, MPFR_RNDN); ++ mpfr_clear_flags (); ++ inex = mpfr_j1 (y, x, MPFR_RNDZ); ++ MPFR_ASSERTN (mpfr_cmp_si_2exp0 (y, -1, -9) == 0); ++ MPFR_ASSERTN (inex > 0); ++ MPFR_ASSERTN (__gmpfr_flags == MPFR_FLAGS_INEXACT); ++ mpfr_clear (x); ++ mpfr_clear (y); ++} ++ + int + main (int argc, char *argv[]) + { +@@ -79,6 +99,8 @@ + + tests_start_mpfr (); + ++ bug20210215 (); ++ + test_small (); + + mpfr_init (x); +diff -Naurd mpfr-4.1.0-a/PATCHES mpfr-4.1.0-b/PATCHES +--- mpfr-4.1.0-a/PATCHES 2021-03-09 13:55:43.183158946 +0000 ++++ mpfr-4.1.0-b/PATCHES 2021-03-09 13:55:43.223158508 +0000 +@@ -0,0 +1 @@ ++macros +diff -Naurd mpfr-4.1.0-a/VERSION mpfr-4.1.0-b/VERSION +--- mpfr-4.1.0-a/VERSION 2021-02-17 17:25:46.440981068 +0000 ++++ mpfr-4.1.0-b/VERSION 2021-03-09 13:55:43.223158508 +0000 +@@ -1 +1 @@ +-4.1.0-p9 ++4.1.0-p10 +diff -Naurd mpfr-4.1.0-a/doc/mpfr.info mpfr-4.1.0-b/doc/mpfr.info +--- mpfr-4.1.0-a/doc/mpfr.info 2020-07-10 11:59:13.000000000 +0000 ++++ mpfr-4.1.0-b/doc/mpfr.info 2021-03-09 13:55:51.167071327 +0000 +@@ -3217,7 +3217,11 @@ + + Each function in this interface is also implemented as a macro for + efficiency reasons: for example ‘mpfr_custom_init (s, p)’ uses the +-macro, while ‘(mpfr_custom_init) (s, p)’ uses the function. ++macro, while ‘(mpfr_custom_init) (s, p)’ uses the function. Note that ++the macro may evaluate arguments multiple times (or none). Moreover, ++macros implementing functions with the ‘void’ return type may not be ++used in contexts where an expression is expected, e.g., inside ++‘for(...)’ or before a comma operator. + + Note 1: MPFR functions may still initialize temporary floating-point + numbers using ‘mpfr_init’ and similar functions. See Custom Allocation +@@ -4579,13 +4583,13 @@ + (line 115) + * mpfr_csch: Transcendental Functions. + (line 180) +-* mpfr_custom_get_exp: Custom Interface. (line 76) +-* mpfr_custom_get_kind: Custom Interface. (line 66) +-* mpfr_custom_get_significand: Custom Interface. (line 71) +-* mpfr_custom_get_size: Custom Interface. (line 37) +-* mpfr_custom_init: Custom Interface. (line 41) +-* mpfr_custom_init_set: Custom Interface. (line 48) +-* mpfr_custom_move: Custom Interface. (line 85) ++* mpfr_custom_get_exp: Custom Interface. (line 80) ++* mpfr_custom_get_kind: Custom Interface. (line 70) ++* mpfr_custom_get_significand: Custom Interface. (line 75) ++* mpfr_custom_get_size: Custom Interface. (line 41) ++* mpfr_custom_init: Custom Interface. (line 45) ++* mpfr_custom_init_set: Custom Interface. (line 52) ++* mpfr_custom_move: Custom Interface. (line 89) + * MPFR_DECL_INIT: Initialization Functions. + (line 77) + * mpfr_digamma: Transcendental Functions. +@@ -5165,19 +5169,19 @@ + Node: Memory Handling Functions155904 + Node: Compatibility with MPF157792 + Node: Custom Interface160961 +-Node: Internals165592 +-Node: API Compatibility167136 +-Node: Type and Macro Changes169084 +-Node: Added Functions172267 +-Node: Changed Functions177074 +-Node: Removed Functions184433 +-Node: Other Changes185163 +-Node: MPFR and the IEEE 754 Standard186864 +-Node: Contributors189481 +-Node: References192620 +-Node: GNU Free Documentation License194501 +-Node: Concept Index217095 +-Node: Function and Type Index223168 ++Node: Internals165852 ++Node: API Compatibility167396 ++Node: Type and Macro Changes169344 ++Node: Added Functions172527 ++Node: Changed Functions177334 ++Node: Removed Functions184693 ++Node: Other Changes185423 ++Node: MPFR and the IEEE 754 Standard187124 ++Node: Contributors189741 ++Node: References192880 ++Node: GNU Free Documentation License194761 ++Node: Concept Index217355 ++Node: Function and Type Index223428 + + End Tag Table + +diff -Naurd mpfr-4.1.0-a/doc/mpfr.texi mpfr-4.1.0-b/doc/mpfr.texi +--- mpfr-4.1.0-a/doc/mpfr.texi 2020-07-10 11:52:33.000000000 +0000 ++++ mpfr-4.1.0-b/doc/mpfr.texi 2021-03-09 13:55:43.211158639 +0000 +@@ -3817,6 +3817,12 @@ + Each function in this interface is also implemented as a macro for + efficiency reasons: for example @code{mpfr_custom_init (s, p)} + uses the macro, while @code{(mpfr_custom_init) (s, p)} uses the function. ++Note that the macro may evaluate arguments multiple times (or none). ++Moreover, macros implementing functions with the @code{void} return type ++may not be used in contexts where an expression is expected, e.g., inside ++@code{for(...)} or before a comma operator. ++@c These limitations with macros cannot be avoided in a C90 compatible way. ++@c In the future, inline functions could be used. + + Note 1: MPFR functions may still initialize temporary floating-point numbers + using @code{mpfr_init} and similar functions. See Custom Allocation (GNU MP)@. +diff -Naurd mpfr-4.1.0-a/src/mpfr.h mpfr-4.1.0-b/src/mpfr.h +--- mpfr-4.1.0-a/src/mpfr.h 2021-02-17 17:25:46.436981105 +0000 ++++ mpfr-4.1.0-b/src/mpfr.h 2021-03-09 13:55:43.223158508 +0000 +@@ -27,7 +27,7 @@ + #define MPFR_VERSION_MAJOR 4 + #define MPFR_VERSION_MINOR 1 + #define MPFR_VERSION_PATCHLEVEL 0 +-#define MPFR_VERSION_STRING "4.1.0-p9" ++#define MPFR_VERSION_STRING "4.1.0-p10" + + /* User macros: + MPFR_USE_FILE: Define it to make MPFR define functions dealing +@@ -833,23 +833,39 @@ + even if it produces faster and smaller code. */ + #ifndef MPFR_USE_NO_MACRO + +-/* Inlining these functions is both faster and smaller */ +-#define mpfr_nan_p(_x) ((_x)->_mpfr_exp == __MPFR_EXP_NAN) +-#define mpfr_inf_p(_x) ((_x)->_mpfr_exp == __MPFR_EXP_INF) +-#define mpfr_zero_p(_x) ((_x)->_mpfr_exp == __MPFR_EXP_ZERO) +-#define mpfr_regular_p(_x) ((_x)->_mpfr_exp > __MPFR_EXP_INF) ++/* In the implementation of these macros, we need to make sure that the ++ arguments are evaluated one time exactly and that type conversion is ++ done as it would be with a function. Tests should be added to ensure ++ that. ++ Note that the macros for the custom interface are not concerned; the ++ MPFR manual has been clarified. */ ++ ++/* Prevent x from being used as an lvalue. ++ Thanks to Wojtek Lerch and Tim Rentsch for the idea. */ ++#define MPFR_VALUE_OF(x) (0 ? (x) : (x)) ++ ++/* The following macro converts the argument to mpfr_srcptr, as in type ++ conversion for function parameters. But it will detect disallowed ++ implicit conversions, e.g. when the argument has an integer type. */ ++#define MPFR_SRCPTR(x) ((mpfr_srcptr) (0 ? (x) : (mpfr_srcptr) (x))) ++#define MPFR_GET_SIGN(_x) MPFR_VALUE_OF(MPFR_SIGN(MPFR_SRCPTR(_x))) ++ ++#define mpfr_nan_p(_x) (MPFR_SRCPTR(_x)->_mpfr_exp == __MPFR_EXP_NAN) ++#define mpfr_inf_p(_x) (MPFR_SRCPTR(_x)->_mpfr_exp == __MPFR_EXP_INF) ++#define mpfr_zero_p(_x) (MPFR_SRCPTR(_x)->_mpfr_exp == __MPFR_EXP_ZERO) ++#define mpfr_regular_p(_x) (MPFR_SRCPTR(_x)->_mpfr_exp > __MPFR_EXP_INF) ++ ++/* mpfr_sgn is documented as a macro, thus the following code is fine. ++ But it would be safer to regard it as a function in some future ++ MPFR version. */ + #define mpfr_sgn(_x) \ + ((_x)->_mpfr_exp < __MPFR_EXP_INF ? \ + (mpfr_nan_p (_x) ? mpfr_set_erangeflag () : (mpfr_void) 0), 0 : \ + MPFR_SIGN (_x)) + +-/* Prevent them from using as lvalues */ +-#define MPFR_VALUE_OF(x) (0 ? (x) : (x)) +-#define mpfr_get_prec(_x) MPFR_VALUE_OF((_x)->_mpfr_prec) +-#define mpfr_get_exp(_x) MPFR_VALUE_OF((_x)->_mpfr_exp) +-/* Note 1: If need be, the MPFR_VALUE_OF can be used for other expressions +- (of any type). Thanks to Wojtek Lerch and Tim Rentsch for the idea. +- Note 2: Defining mpfr_get_exp() as a macro has the effect to disable ++#define mpfr_get_prec(_x) MPFR_VALUE_OF(MPFR_SRCPTR(_x)->_mpfr_prec) ++#define mpfr_get_exp(_x) MPFR_VALUE_OF(MPFR_SRCPTR(_x)->_mpfr_exp) ++/* Note: Defining mpfr_get_exp() as a macro has the effect to disable + the check that the argument is a pure FP number (done in the function); + this increases the risk of undetected error and makes debugging more + complex. Is it really worth in practice? (Potential FIXME) */ +@@ -861,11 +877,17 @@ + + #define mpfr_cmp_ui(b,i) mpfr_cmp_ui_2exp((b),(i),0) + #define mpfr_cmp_si(b,i) mpfr_cmp_si_2exp((b),(i),0) +-#define mpfr_set(a,b,r) mpfr_set4(a,b,r,MPFR_SIGN(b)) ++#if __GNUC__ > 2 || __GNUC_MINOR__ >= 95 ++#define mpfr_set(a,b,r) \ ++ __extension__ ({ \ ++ mpfr_srcptr _p = (b); \ ++ mpfr_set4(a,_p,r,MPFR_SIGN(_p)); \ ++ }) ++#endif + #define mpfr_abs(a,b,r) mpfr_set4(a,b,r,1) +-#define mpfr_copysign(a,b,c,r) mpfr_set4(a,b,r,MPFR_SIGN(c)) ++#define mpfr_copysign(a,b,c,r) mpfr_set4(a,b,r,MPFR_GET_SIGN(c)) + #define mpfr_setsign(a,b,s,r) mpfr_set4(a,b,r,(s) ? -1 : 1) +-#define mpfr_signbit(x) (MPFR_SIGN(x) < 0) ++#define mpfr_signbit(x) (MPFR_GET_SIGN(x) < 0) + #define mpfr_cmp(b, c) mpfr_cmp3(b, c, 1) + #define mpfr_mul_2exp(y,x,n,r) mpfr_mul_2ui((y),(x),(n),(r)) + #define mpfr_div_2exp(y,x,n,r) mpfr_div_2ui((y),(x),(n),(r)) +diff -Naurd mpfr-4.1.0-a/src/ubf.c mpfr-4.1.0-b/src/ubf.c +--- mpfr-4.1.0-a/src/ubf.c 2020-02-12 01:38:57.000000000 +0000 ++++ mpfr-4.1.0-b/src/ubf.c 2021-03-09 13:55:43.211158639 +0000 +@@ -78,7 +78,7 @@ + mpfr_get_prec (b), mpfr_log_prec, b, + mpfr_get_prec (c), mpfr_log_prec, c), + ("a[%Pu]=%.*Rg", +- mpfr_get_prec (a), mpfr_log_prec, a)); ++ mpfr_get_prec ((mpfr_ptr) a), mpfr_log_prec, a)); + + MPFR_ASSERTD ((mpfr_ptr) a != b); + MPFR_ASSERTD ((mpfr_ptr) a != c); +diff -Naurd mpfr-4.1.0-a/src/version.c mpfr-4.1.0-b/src/version.c +--- mpfr-4.1.0-a/src/version.c 2021-02-17 17:25:46.440981068 +0000 ++++ mpfr-4.1.0-b/src/version.c 2021-03-09 13:55:43.223158508 +0000 +@@ -25,5 +25,5 @@ + const char * + mpfr_get_version (void) + { +- return "4.1.0-p9"; ++ return "4.1.0-p10"; + } +diff -Naurd mpfr-4.1.0-a/tests/mpfr-test.h mpfr-4.1.0-b/tests/mpfr-test.h +--- mpfr-4.1.0-a/tests/mpfr-test.h 2021-02-17 17:25:46.424981219 +0000 ++++ mpfr-4.1.0-b/tests/mpfr-test.h 2021-03-09 13:55:43.211158639 +0000 +@@ -92,6 +92,32 @@ + #define STRINGIZE(S) #S + #define MAKE_STR(S) STRINGIZE(S) + ++/* In C (but not C++), mpfr_ptr and mpfr_srcptr arguments can be provided ++ in a different pointer type, such as void *. For functions implemented ++ as macros, the type conversion for the function parameters will not be ++ done by the compiler, which means potential bugs in these implementations ++ if we forget to take these unusual cases into account. So we need to test ++ such arguments, in order to make sure that the arguments are converted to ++ the expected type when needed. ++ ++ However, at least when the function is not implemented as a macro (which ++ is the case when MPFR_USE_NO_MACRO is defined), such tests with void * ++ arguments are not valid in C++; therefore, we will not do the cast to ++ void * if the __cplusplus macro is defined. And with GCC compilers (and ++ compatible), we will ignore the -Wc++-compat option around these tests. ++ ++ Note: in the future, inline functions could be used instead of macros, ++ and such tests would become useless (except to detect compiler bugs). ++*/ ++#if defined (__cplusplus) ++#define VOIDP_CAST(X) (X) ++#else ++#define VOIDP_CAST(X) ((void *) (X)) ++#if defined (__GNUC__) ++#define IGNORE_CPP_COMPAT ++#endif ++#endif ++ + #if defined (__cplusplus) + extern "C" { + #endif +diff -Naurd mpfr-4.1.0-a/tests/tcopysign.c mpfr-4.1.0-b/tests/tcopysign.c +--- mpfr-4.1.0-a/tests/tcopysign.c 2020-01-08 18:11:13.000000000 +0000 ++++ mpfr-4.1.0-b/tests/tcopysign.c 2021-03-09 13:55:43.211158639 +0000 +@@ -26,26 +26,72 @@ + copysign_variant (mpfr_ptr z, mpfr_srcptr x, mpfr_srcptr y, + mpfr_rnd_t rnd_mode, int k) + { ++ mpfr_srcptr p; ++ int a = 0, b = 0, c = 0; ++ ++ /* invalid sign, to test that the sign is always correctly set */ ++ MPFR_SIGN (z) = 0; ++ ++ if (k >= 8) ++ { ++ MPFR_ASSERTN (MPFR_PREC (z) >= MPFR_PREC (x)); ++ mpfr_set (z, x, MPFR_RNDN); ++ p = z; ++ k -= 8; ++ } ++ else ++ p = x; ++ + mpfr_clear_flags (); + switch (k) + { + case 0: +- mpfr_copysign (z, x, y, MPFR_RNDN); ++ mpfr_copysign (z, p, y, rnd_mode); + return; + case 1: +- (mpfr_copysign) (z, x, y, MPFR_RNDN); ++ (mpfr_copysign) (z, p, y, rnd_mode); + return; + case 2: +- mpfr_setsign (z, x, mpfr_signbit (y), MPFR_RNDN); ++#ifdef IGNORE_CPP_COMPAT ++#pragma GCC diagnostic push ++#pragma GCC diagnostic ignored "-Wc++-compat" ++#endif ++ mpfr_copysign ((a++, VOIDP_CAST(z)), ++ (b++, VOIDP_CAST(p)), ++ (c++, VOIDP_CAST(y)), rnd_mode); ++#ifdef IGNORE_CPP_COMPAT ++#pragma GCC diagnostic pop ++#endif ++ MPFR_ASSERTN (a == 1); ++ MPFR_ASSERTN (b == 1); ++ MPFR_ASSERTN (c == 1); + return; + case 3: +- mpfr_setsign (z, x, (mpfr_signbit) (y), MPFR_RNDN); ++ mpfr_setsign (z, p, mpfr_signbit (y), rnd_mode); + return; + case 4: +- (mpfr_setsign) (z, x, mpfr_signbit (y), MPFR_RNDN); ++ mpfr_setsign (z, p, (mpfr_signbit) (y), rnd_mode); + return; + case 5: +- (mpfr_setsign) (z, x, (mpfr_signbit) (y), MPFR_RNDN); ++ (mpfr_setsign) (z, p, mpfr_signbit (y), rnd_mode); ++ return; ++ case 6: ++ (mpfr_setsign) (z, p, (mpfr_signbit) (y), rnd_mode); ++ return; ++ case 7: ++#ifdef IGNORE_CPP_COMPAT ++#pragma GCC diagnostic push ++#pragma GCC diagnostic ignored "-Wc++-compat" ++#endif ++ mpfr_setsign ((a++, VOIDP_CAST(z)), ++ (b++, VOIDP_CAST(p)), ++ mpfr_signbit ((c++, VOIDP_CAST(y))), rnd_mode); ++#ifdef IGNORE_CPP_COMPAT ++#pragma GCC diagnostic pop ++#endif ++ MPFR_ASSERTN (a == 1); ++ MPFR_ASSERTN (b == 1); ++ MPFR_ASSERTN (c == 1); + return; + } + } +@@ -64,7 +110,7 @@ + + for (i = 0; i <= 1; i++) + for (j = 0; j <= 1; j++) +- for (k = 0; k <= 5; k++) ++ for (k = 0; k < 16; k++) + { + mpfr_set_nan (x); + i ? MPFR_SET_NEG (x) : MPFR_SET_POS (x); +diff -Naurd mpfr-4.1.0-a/tests/texceptions.c mpfr-4.1.0-b/tests/texceptions.c +--- mpfr-4.1.0-a/tests/texceptions.c 2020-01-08 18:11:13.000000000 +0000 ++++ mpfr-4.1.0-b/tests/texceptions.c 2021-03-09 13:55:43.211158639 +0000 +@@ -103,10 +103,26 @@ + check_get_prec (void) + { + mpfr_t x; ++ int i = 0; + + mpfr_init2 (x, 17); +- if (mpfr_get_prec (x) != 17 || (mpfr_get_prec)(x) != 17) ++ ++ if (mpfr_get_prec (x) != 17 || (mpfr_get_prec) (x) != 17) + PRINT_ERROR ("mpfr_get_prec"); ++ ++#ifdef IGNORE_CPP_COMPAT ++#pragma GCC diagnostic push ++#pragma GCC diagnostic ignored "-Wc++-compat" ++#endif ++ ++ if (mpfr_get_prec ((i++, VOIDP_CAST(x))) != 17) ++ PRINT_ERROR ("mpfr_get_prec (2)"); ++ ++#ifdef IGNORE_CPP_COMPAT ++#pragma GCC diagnostic pop ++#endif ++ ++ MPFR_ASSERTN (i == 1); + mpfr_clear (x); + } + +diff -Naurd mpfr-4.1.0-a/tests/tisnan.c mpfr-4.1.0-b/tests/tisnan.c +--- mpfr-4.1.0-a/tests/tisnan.c 2020-01-08 18:11:13.000000000 +0000 ++++ mpfr-4.1.0-b/tests/tisnan.c 2021-03-09 13:55:43.211158639 +0000 +@@ -27,180 +27,235 @@ + main (void) + { + mpfr_t x; ++ int i = 0, j = 0; ++ ++ /* We need to check that when the function is implemented by a macro, ++ it behaves correctly. */ ++#define ARG (i++, VOIDP_CAST(x)) ++#define CHECK MPFR_ASSERTN (i == ++j) + + tests_start_mpfr (); + + mpfr_init (x); + ++#if 0 ++ /* The following should yield a compilation error when the functions ++ are implemented as macros. Change 0 to 1 above in order to test. */ ++ (void) (mpfr_nan_p (1L)); ++ (void) (mpfr_inf_p (1L)); ++ (void) (mpfr_number_p (1L)); ++ (void) (mpfr_zero_p (1L)); ++ (void) (mpfr_regular_p (1L)); ++#endif ++ ++#ifdef IGNORE_CPP_COMPAT ++#pragma GCC diagnostic push ++#pragma GCC diagnostic ignored "-Wc++-compat" ++#endif ++ + /* check +infinity gives non-zero for mpfr_inf_p only */ + mpfr_set_ui (x, 1L, MPFR_RNDZ); + mpfr_div_ui (x, x, 0L, MPFR_RNDZ); +- if (mpfr_nan_p (x) || (mpfr_nan_p) (x) ) ++ if (mpfr_nan_p (x) || (mpfr_nan_p) (x) || mpfr_nan_p (ARG)) + { + printf ("Error: mpfr_nan_p(+Inf) gives non-zero\n"); + exit (1); + } +- if (mpfr_inf_p (x) == 0) ++ CHECK; ++ if (!mpfr_inf_p (x) || !(mpfr_inf_p) (x) || !mpfr_inf_p (ARG)) + { + printf ("Error: mpfr_inf_p(+Inf) gives zero\n"); + exit (1); + } +- if (mpfr_number_p (x) || (mpfr_number_p) (x) ) ++ CHECK; ++ if (mpfr_number_p (x) || (mpfr_number_p) (x) || mpfr_number_p (ARG)) + { + printf ("Error: mpfr_number_p(+Inf) gives non-zero\n"); + exit (1); + } +- if (mpfr_zero_p (x) || (mpfr_zero_p) (x) ) ++ CHECK; ++ if (mpfr_zero_p (x) || (mpfr_zero_p) (x) || mpfr_zero_p (ARG)) + { + printf ("Error: mpfr_zero_p(+Inf) gives non-zero\n"); + exit (1); + } +- if (mpfr_regular_p (x) || (mpfr_regular_p) (x) ) ++ CHECK; ++ if (mpfr_regular_p (x) || (mpfr_regular_p) (x) || mpfr_regular_p (ARG)) + { + printf ("Error: mpfr_regular_p(+Inf) gives non-zero\n"); + exit (1); + } ++ CHECK; + + /* same for -Inf */ + mpfr_neg (x, x, MPFR_RNDN); +- if (mpfr_nan_p (x) || (mpfr_nan_p(x))) ++ if (mpfr_nan_p (x) || (mpfr_nan_p) (x) || mpfr_nan_p (ARG)) + { + printf ("Error: mpfr_nan_p(-Inf) gives non-zero\n"); + exit (1); + } +- if (mpfr_inf_p (x) == 0) ++ CHECK; ++ if (!mpfr_inf_p (x) || !(mpfr_inf_p) (x) || !mpfr_inf_p (ARG)) + { + printf ("Error: mpfr_inf_p(-Inf) gives zero\n"); + exit (1); + } +- if (mpfr_number_p (x) || (mpfr_number_p)(x) ) ++ CHECK; ++ if (mpfr_number_p (x) || (mpfr_number_p) (x) || mpfr_number_p (ARG)) + { + printf ("Error: mpfr_number_p(-Inf) gives non-zero\n"); + exit (1); + } +- if (mpfr_zero_p (x) || (mpfr_zero_p)(x) ) ++ CHECK; ++ if (mpfr_zero_p (x) || (mpfr_zero_p) (x) || mpfr_zero_p (ARG)) + { + printf ("Error: mpfr_zero_p(-Inf) gives non-zero\n"); + exit (1); + } +- if (mpfr_regular_p (x) || (mpfr_regular_p) (x) ) ++ CHECK; ++ if (mpfr_regular_p (x) || (mpfr_regular_p) (x) || mpfr_regular_p (ARG)) + { + printf ("Error: mpfr_regular_p(-Inf) gives non-zero\n"); + exit (1); + } ++ CHECK; + + /* same for NaN */ + mpfr_sub (x, x, x, MPFR_RNDN); +- if (mpfr_nan_p (x) == 0) ++ if (!mpfr_nan_p (x) || !(mpfr_nan_p) (x) || !mpfr_nan_p (ARG)) + { + printf ("Error: mpfr_nan_p(NaN) gives zero\n"); + exit (1); + } +- if (mpfr_inf_p (x) || (mpfr_inf_p)(x) ) ++ CHECK; ++ if (mpfr_inf_p (x) || (mpfr_inf_p) (x) || mpfr_inf_p (ARG)) + { + printf ("Error: mpfr_inf_p(NaN) gives non-zero\n"); + exit (1); + } +- if (mpfr_number_p (x) || (mpfr_number_p) (x) ) ++ CHECK; ++ if (mpfr_number_p (x) || (mpfr_number_p) (x) || mpfr_number_p (ARG)) + { + printf ("Error: mpfr_number_p(NaN) gives non-zero\n"); + exit (1); + } +- if (mpfr_zero_p (x) || (mpfr_zero_p)(x) ) ++ CHECK; ++ if (mpfr_zero_p (x) || (mpfr_zero_p) (x) || mpfr_zero_p (ARG)) + { + printf ("Error: mpfr_number_p(NaN) gives non-zero\n"); + exit (1); + } +- if (mpfr_regular_p (x) || (mpfr_regular_p) (x) ) ++ CHECK; ++ if (mpfr_regular_p (x) || (mpfr_regular_p) (x) || mpfr_regular_p (ARG)) + { + printf ("Error: mpfr_regular_p(NaN) gives non-zero\n"); + exit (1); + } ++ CHECK; + + /* same for a regular number */ + mpfr_set_ui (x, 1, MPFR_RNDN); +- if (mpfr_nan_p (x) || (mpfr_nan_p)(x)) ++ if (mpfr_nan_p (x) || (mpfr_nan_p) (x) || mpfr_nan_p (ARG)) + { + printf ("Error: mpfr_nan_p(1) gives non-zero\n"); + exit (1); + } +- if (mpfr_inf_p (x) || (mpfr_inf_p)(x) ) ++ CHECK; ++ if (mpfr_inf_p (x) || (mpfr_inf_p) (x) || mpfr_inf_p (ARG)) + { + printf ("Error: mpfr_inf_p(1) gives non-zero\n"); + exit (1); + } +- if (mpfr_number_p (x) == 0) ++ CHECK; ++ if (!mpfr_number_p (x) || !(mpfr_number_p) (x) || !mpfr_number_p (ARG)) + { + printf ("Error: mpfr_number_p(1) gives zero\n"); + exit (1); + } +- if (mpfr_zero_p (x) || (mpfr_zero_p) (x) ) ++ CHECK; ++ if (mpfr_zero_p (x) || (mpfr_zero_p) (x) || mpfr_zero_p (ARG)) + { + printf ("Error: mpfr_zero_p(1) gives non-zero\n"); + exit (1); + } +- if (mpfr_regular_p (x) == 0 || (mpfr_regular_p) (x) == 0) ++ CHECK; ++ if (!mpfr_regular_p (x) || !(mpfr_regular_p) (x) || !mpfr_regular_p (ARG)) + { + printf ("Error: mpfr_regular_p(1) gives zero\n"); + exit (1); + } ++ CHECK; + + /* Same for +0 */ + mpfr_set_ui (x, 0, MPFR_RNDN); +- if (mpfr_nan_p (x) || (mpfr_nan_p)(x)) ++ if (mpfr_nan_p (x) || (mpfr_nan_p) (x) || mpfr_nan_p (ARG)) + { + printf ("Error: mpfr_nan_p(+0) gives non-zero\n"); + exit (1); + } +- if (mpfr_inf_p (x) || (mpfr_inf_p)(x) ) ++ CHECK; ++ if (mpfr_inf_p (x) || (mpfr_inf_p) (x) || mpfr_inf_p (ARG)) + { + printf ("Error: mpfr_inf_p(+0) gives non-zero\n"); + exit (1); + } +- if (mpfr_number_p (x) == 0) ++ CHECK; ++ if (!mpfr_number_p (x) || !(mpfr_number_p) (x) || !mpfr_number_p (ARG)) + { + printf ("Error: mpfr_number_p(+0) gives zero\n"); + exit (1); + } +- if (mpfr_zero_p (x) == 0 ) ++ CHECK; ++ if (!mpfr_zero_p (x) || !(mpfr_zero_p) (x) || !mpfr_zero_p (ARG)) + { + printf ("Error: mpfr_zero_p(+0) gives zero\n"); + exit (1); + } +- if (mpfr_regular_p (x) || (mpfr_regular_p) (x) ) ++ CHECK; ++ if (mpfr_regular_p (x) || (mpfr_regular_p) (x) || mpfr_regular_p (ARG)) + { + printf ("Error: mpfr_regular_p(+0) gives non-zero\n"); + exit (1); + } ++ CHECK; + + /* Same for -0 */ + mpfr_set_ui (x, 0, MPFR_RNDN); + mpfr_neg (x, x, MPFR_RNDN); +- if (mpfr_nan_p (x) || (mpfr_nan_p)(x)) ++ if (mpfr_nan_p (x) || (mpfr_nan_p) (x) || mpfr_nan_p (ARG)) + { + printf ("Error: mpfr_nan_p(-0) gives non-zero\n"); + exit (1); + } +- if (mpfr_inf_p (x) || (mpfr_inf_p)(x) ) ++ CHECK; ++ if (mpfr_inf_p (x) || (mpfr_inf_p) (x) || mpfr_inf_p (ARG)) + { + printf ("Error: mpfr_inf_p(-0) gives non-zero\n"); + exit (1); + } +- if (mpfr_number_p (x) == 0) ++ CHECK; ++ if (!mpfr_number_p (x) || !(mpfr_number_p) (x) || !mpfr_number_p (ARG)) + { + printf ("Error: mpfr_number_p(-0) gives zero\n"); + exit (1); + } +- if (mpfr_zero_p (x) == 0 ) ++ CHECK; ++ if (!mpfr_zero_p (x) || !(mpfr_zero_p) (x) || !mpfr_zero_p (ARG)) + { + printf ("Error: mpfr_zero_p(-0) gives zero\n"); + exit (1); + } +- if (mpfr_regular_p (x) || (mpfr_regular_p) (x) ) ++ CHECK; ++ if (mpfr_regular_p (x) || (mpfr_regular_p) (x) || mpfr_regular_p (ARG)) + { + printf ("Error: mpfr_regular_p(-0) gives non-zero\n"); + exit (1); + } ++ CHECK; ++ ++#ifdef IGNORE_CPP_COMPAT ++#pragma GCC diagnostic pop ++#endif + + mpfr_clear (x); + +diff -Naurd mpfr-4.1.0-a/tests/tset.c mpfr-4.1.0-b/tests/tset.c +--- mpfr-4.1.0-a/tests/tset.c 2020-01-08 18:11:13.000000000 +0000 ++++ mpfr-4.1.0-b/tests/tset.c 2021-03-09 13:55:43.207158683 +0000 +@@ -207,7 +207,7 @@ + static void + check_ternary_value (void) + { +- int p, q, rnd; ++ int k, p, q, rnd; + int inexact, cmp; + mpfr_t x, y; + +@@ -226,28 +226,45 @@ + { + if (rnd == MPFR_RNDF) /* the test below makes no sense */ + continue; +- inexact = mpfr_set (y, x, (mpfr_rnd_t) rnd); +- cmp = mpfr_cmp (y, x); +- if (((inexact == 0) && (cmp != 0)) || +- ((inexact > 0) && (cmp <= 0)) || +- ((inexact < 0) && (cmp >= 0))) +- { +- printf ("Wrong ternary value in mpfr_set for %s: expected" +- " %d, got %d\n", +- mpfr_print_rnd_mode ((mpfr_rnd_t) rnd), cmp, +- inexact); +- exit (1); +- } +- /* Test mpfr_set function too */ +- inexact = (mpfr_set) (y, x, (mpfr_rnd_t) rnd); +- cmp = mpfr_cmp (y, x); +- if (((inexact == 0) && (cmp != 0)) || +- ((inexact > 0) && (cmp <= 0)) || +- ((inexact < 0) && (cmp >= 0))) ++ for (k = 0; k < 3; k++) + { +- printf ("Wrong ternary value in mpfr_set(2): expected %d," +- " got %d\n", cmp, inexact); +- exit (1); ++ int a = 0, b = 0, c = 0; ++ ++ switch (k) ++ { ++ case 0: ++ inexact = mpfr_set (y, x, (mpfr_rnd_t) rnd); ++ break; ++ case 1: ++ inexact = (mpfr_set) (y, x, (mpfr_rnd_t) rnd); ++ break; ++ case 2: ++#ifdef IGNORE_CPP_COMPAT ++#pragma GCC diagnostic push ++#pragma GCC diagnostic ignored "-Wc++-compat" ++#endif ++ inexact = mpfr_set ((a++, VOIDP_CAST(y)), ++ (b++, VOIDP_CAST(x)), ++ (c++, (mpfr_rnd_t) rnd)); ++#ifdef IGNORE_CPP_COMPAT ++#pragma GCC diagnostic pop ++#endif ++ MPFR_ASSERTN (a == 1); ++ MPFR_ASSERTN (b == 1); ++ MPFR_ASSERTN (c == 1); ++ break; ++ } ++ cmp = mpfr_cmp (y, x); ++ if (((inexact == 0) && (cmp != 0)) || ++ ((inexact > 0) && (cmp <= 0)) || ++ ((inexact < 0) && (cmp >= 0))) ++ { ++ printf ("Wrong ternary value in mpfr_set for %s (%d):" ++ " expected %d, got %d\n", ++ mpfr_print_rnd_mode ((mpfr_rnd_t) rnd), ++ k, cmp, inexact); ++ exit (1); ++ } + } + } + } +diff -Naurd mpfr-4.1.0-a/tests/tset_exp.c mpfr-4.1.0-b/tests/tset_exp.c +--- mpfr-4.1.0-a/tests/tset_exp.c 2020-01-08 18:11:13.000000000 +0000 ++++ mpfr-4.1.0-b/tests/tset_exp.c 2021-03-09 13:55:43.211158639 +0000 +@@ -28,6 +28,7 @@ + mpfr_t x; + int ret; + mpfr_exp_t emin, emax, e; ++ int i = 0; + + tests_start_mpfr (); + +@@ -63,6 +64,17 @@ + e = (mpfr_get_exp) (x); + MPFR_ASSERTN (e == emin); + ++#ifdef IGNORE_CPP_COMPAT ++#pragma GCC diagnostic push ++#pragma GCC diagnostic ignored "-Wc++-compat" ++#endif ++ e = mpfr_get_exp ((i++, VOIDP_CAST(x))); ++#ifdef IGNORE_CPP_COMPAT ++#pragma GCC diagnostic pop ++#endif ++ MPFR_ASSERTN (e == emin); ++ MPFR_ASSERTN (i == 1); ++ + ret = mpfr_set_exp (x, -1); + MPFR_ASSERTN (ret == 0 && mpfr_cmp_ui_2exp (x, 1, -2) == 0); + +diff -Naurd mpfr-4.1.0-a/PATCHES mpfr-4.1.0-b/PATCHES +--- mpfr-4.1.0-a/PATCHES 2021-03-09 13:58:00.889650773 +0000 ++++ mpfr-4.1.0-b/PATCHES 2021-03-09 13:58:00.937650249 +0000 +@@ -0,0 +1 @@ ++tset_sij +diff -Naurd mpfr-4.1.0-a/VERSION mpfr-4.1.0-b/VERSION +--- mpfr-4.1.0-a/VERSION 2021-03-09 13:55:43.223158508 +0000 ++++ mpfr-4.1.0-b/VERSION 2021-03-09 13:58:00.937650249 +0000 +@@ -1 +1 @@ +-4.1.0-p10 ++4.1.0-p11 +diff -Naurd mpfr-4.1.0-a/src/mpfr.h mpfr-4.1.0-b/src/mpfr.h +--- mpfr-4.1.0-a/src/mpfr.h 2021-03-09 13:55:43.223158508 +0000 ++++ mpfr-4.1.0-b/src/mpfr.h 2021-03-09 13:58:00.933650293 +0000 +@@ -27,7 +27,7 @@ + #define MPFR_VERSION_MAJOR 4 + #define MPFR_VERSION_MINOR 1 + #define MPFR_VERSION_PATCHLEVEL 0 +-#define MPFR_VERSION_STRING "4.1.0-p10" ++#define MPFR_VERSION_STRING "4.1.0-p11" + + /* User macros: + MPFR_USE_FILE: Define it to make MPFR define functions dealing +diff -Naurd mpfr-4.1.0-a/src/version.c mpfr-4.1.0-b/src/version.c +--- mpfr-4.1.0-a/src/version.c 2021-03-09 13:55:43.223158508 +0000 ++++ mpfr-4.1.0-b/src/version.c 2021-03-09 13:58:00.933650293 +0000 +@@ -25,5 +25,5 @@ + const char * + mpfr_get_version (void) + { +- return "4.1.0-p10"; ++ return "4.1.0-p11"; + } +diff -Naurd mpfr-4.1.0-a/tests/tset_si.c mpfr-4.1.0-b/tests/tset_si.c +--- mpfr-4.1.0-a/tests/tset_si.c 2020-03-26 11:51:33.000000000 +0000 ++++ mpfr-4.1.0-b/tests/tset_si.c 2021-03-09 13:58:00.917650467 +0000 +@@ -127,27 +127,29 @@ + power of 2 is exact, unless underflow/overflow occurs. + The tests on the exponent below avoid integer overflows + (ep[i] may take extreme values). */ +- e = mpfr_get_exp (x1); + mpfr_clear_flags (); +- if (j != 0 && ep[i] < __gmpfr_emin - e) /* underflow */ ++ if (j == 0) ++ goto zero; ++ e = MPFR_GET_EXP (x1); ++ if (ep[i] < __gmpfr_emin - e) /* underflow */ + { + mpfr_rnd_t r = + (rnd == MPFR_RNDN && +- (ep[i] < __gmpfr_emin - mpfr_get_exp (y) - 1 || ++ (ep[i] < __gmpfr_emin - MPFR_GET_EXP (y) - 1 || + IS_POW2 (sign * j))) ? + MPFR_RNDZ : (mpfr_rnd_t) rnd; + inex1 = mpfr_underflow (x1, r, sign); + flags1 = __gmpfr_flags; + } +- else if (j != 0 && ep[i] > __gmpfr_emax - e) /* overflow */ ++ else if (ep[i] > __gmpfr_emax - e) /* overflow */ + { + inex1 = mpfr_overflow (x1, (mpfr_rnd_t) rnd, sign); + flags1 = __gmpfr_flags; + } + else + { +- if (j != 0) +- mpfr_set_exp (x1, ep[i] + e); ++ mpfr_set_exp (x1, ep[i] + e); ++ zero: + flags1 = inex1 != 0 ? MPFR_FLAGS_INEXACT : 0; + } + +diff -Naurd mpfr-4.1.0-a/tests/tset_sj.c mpfr-4.1.0-b/tests/tset_sj.c +--- mpfr-4.1.0-a/tests/tset_sj.c 2020-06-01 10:39:52.000000000 +0000 ++++ mpfr-4.1.0-b/tests/tset_sj.c 2021-03-09 13:58:00.917650467 +0000 +@@ -225,27 +225,29 @@ + power of 2 is exact, unless underflow/overflow occurs. + The tests on the exponent below avoid integer overflows + (ep[i] may take extreme values). */ +- e = mpfr_get_exp (x1); + mpfr_clear_flags (); +- if (j != 0 && ep[i] < __gmpfr_emin - e) /* underflow */ ++ if (j == 0) ++ goto zero; ++ e = MPFR_GET_EXP (x1); ++ if (ep[i] < __gmpfr_emin - e) /* underflow */ + { + mpfr_rnd_t r = + (rnd == MPFR_RNDN && +- (ep[i] < __gmpfr_emin - mpfr_get_exp (y) - 1 || ++ (ep[i] < __gmpfr_emin - MPFR_GET_EXP (y) - 1 || + IS_POW2 (sign * j))) ? + MPFR_RNDZ : (mpfr_rnd_t) rnd; + inex1 = mpfr_underflow (x1, r, sign); + flags1 = __gmpfr_flags; + } +- else if (j != 0 && ep[i] > __gmpfr_emax - e) /* overflow */ ++ else if (ep[i] > __gmpfr_emax - e) /* overflow */ + { + inex1 = mpfr_overflow (x1, (mpfr_rnd_t) rnd, sign); + flags1 = __gmpfr_flags; + } + else + { +- if (j != 0) +- mpfr_set_exp (x1, ep[i] + e); ++ mpfr_set_exp (x1, ep[i] + e); ++ zero: + flags1 = inex1 != 0 ? MPFR_FLAGS_INEXACT : 0; + } + } +diff -Naurd mpfr-4.1.0-a/PATCHES mpfr-4.1.0-b/PATCHES +--- mpfr-4.1.0-a/PATCHES 2021-04-23 09:49:34.648281897 +0000 ++++ mpfr-4.1.0-b/PATCHES 2021-04-23 09:49:34.696281616 +0000 +@@ -0,0 +1 @@ ++get_str_ndigits +diff -Naurd mpfr-4.1.0-a/VERSION mpfr-4.1.0-b/VERSION +--- mpfr-4.1.0-a/VERSION 2021-03-09 13:58:00.937650249 +0000 ++++ mpfr-4.1.0-b/VERSION 2021-04-23 09:49:34.696281616 +0000 +@@ -1 +1 @@ +-4.1.0-p11 ++4.1.0-p12 +diff -Naurd mpfr-4.1.0-a/src/get_str.c mpfr-4.1.0-b/src/get_str.c +--- mpfr-4.1.0-a/src/get_str.c 2020-06-18 17:17:18.000000000 +0000 ++++ mpfr-4.1.0-b/src/get_str.c 2021-04-23 09:49:34.680281710 +0000 +@@ -2484,6 +2484,8 @@ + size_t + mpfr_get_str_ndigits (int b, mpfr_prec_t p) + { ++ MPFR_SAVE_EXPO_DECL (expo); ++ + MPFR_ASSERTN (2 <= b && b <= 62); + + /* deal first with power of two bases, since even for those, mpfr_ceil_mul +@@ -2497,17 +2499,26 @@ + return 1 + (p + k - 2) / k; + } + ++ MPFR_SAVE_EXPO_MARK (expo); ++ + /* the value returned by mpfr_ceil_mul is guaranteed to be + 1 + ceil(p*log(2)/log(b)) for p < 186564318007 (it returns one more + for p=186564318007 and b=7 or 49) */ + MPFR_STAT_STATIC_ASSERT (MPFR_PREC_BITS >= 64 || MPFR_PREC_BITS <= 32); ++ if + #if MPFR_PREC_BITS >= 64 + /* 64-bit numbers are supported by the C implementation, so that we can + use the large constant below. If MPFR_PREC_BITS <= 32, the condition + is always satisfied, so that we do not need any test. */ +- if (MPFR_LIKELY (p < 186564318007)) ++ (MPFR_LIKELY (p < 186564318007)) ++#else ++ (1) + #endif +- return 1 + mpfr_ceil_mul (IS_POW2(b) ? p - 1 : p, b, 1); ++ { ++ size_t ret = 1 + mpfr_ceil_mul (IS_POW2(b) ? p - 1 : p, b, 1); ++ MPFR_SAVE_EXPO_FREE (expo); ++ return ret; ++ } + + /* Now p is large and b is not a power of two. The code below works for any + value of p and b, as long as b is not a power of two. Indeed, in such a +@@ -2541,6 +2552,8 @@ + mpfr_clear (d); + mpfr_clear (u); + } ++ ++ MPFR_SAVE_EXPO_FREE (expo); + return 1 + ret; + } + } +diff -Naurd mpfr-4.1.0-a/src/mpfr.h mpfr-4.1.0-b/src/mpfr.h +--- mpfr-4.1.0-a/src/mpfr.h 2021-03-09 13:58:00.933650293 +0000 ++++ mpfr-4.1.0-b/src/mpfr.h 2021-04-23 09:49:34.692281639 +0000 +@@ -27,7 +27,7 @@ + #define MPFR_VERSION_MAJOR 4 + #define MPFR_VERSION_MINOR 1 + #define MPFR_VERSION_PATCHLEVEL 0 +-#define MPFR_VERSION_STRING "4.1.0-p11" ++#define MPFR_VERSION_STRING "4.1.0-p12" + + /* User macros: + MPFR_USE_FILE: Define it to make MPFR define functions dealing +diff -Naurd mpfr-4.1.0-a/src/version.c mpfr-4.1.0-b/src/version.c +--- mpfr-4.1.0-a/src/version.c 2021-03-09 13:58:00.933650293 +0000 ++++ mpfr-4.1.0-b/src/version.c 2021-04-23 09:49:34.696281616 +0000 +@@ -25,5 +25,5 @@ + const char * + mpfr_get_version (void) + { +- return "4.1.0-p11"; ++ return "4.1.0-p12"; + } +diff -Naurd mpfr-4.1.0-a/tests/tget_str.c mpfr-4.1.0-b/tests/tget_str.c +--- mpfr-4.1.0-a/tests/tget_str.c 2020-01-08 18:11:13.000000000 +0000 ++++ mpfr-4.1.0-b/tests/tget_str.c 2021-04-23 09:49:34.680281710 +0000 +@@ -1311,6 +1311,33 @@ + mpfr_clear (x); + } + ++static void ++test_ndigits_aux (int b, mpfr_prec_t p, size_t expected_m) ++{ ++ size_t m; ++ mpfr_exp_t old_emin, old_emax, e[] = { MPFR_EMIN_MIN, 0, MPFR_EMAX_MAX }; ++ mpfr_flags_t flags; ++ int i; ++ ++ old_emin = mpfr_get_emin (); ++ old_emax = mpfr_get_emax (); ++ ++ i = randlimb () % (numberof (e) + 1); ++ if (i < numberof (e)) ++ { ++ set_emin (e[i]); ++ set_emax (e[i]); ++ } ++ ++ __gmpfr_flags = flags = randlimb () & MPFR_FLAGS_ALL; ++ m = mpfr_get_str_ndigits (b, p); ++ MPFR_ASSERTN (m == expected_m); ++ MPFR_ASSERTN (__gmpfr_flags == flags); ++ ++ set_emin (old_emin); ++ set_emax (old_emax); ++} ++ + /* test of mpfr_get_str_ndigits */ + static void + test_ndigits (void) +@@ -1319,61 +1346,61 @@ + + /* for b=2, we have 1 + ceil((p-1)*log(2)/log(b)) = p */ + for (p = MPFR_PREC_MIN; p <= 1024; p++) +- MPFR_ASSERTN(mpfr_get_str_ndigits (2, p) == p); ++ test_ndigits_aux (2, p, p); + + /* for b=4, we have 1 + ceil((p-1)*log(2)/log(b)) = 1 + ceil((p-1)/2) + = 1 + floor(p/2) */ + for (p = MPFR_PREC_MIN; p <= 1024; p++) +- MPFR_ASSERTN(mpfr_get_str_ndigits (4, p) == 1 + (p / 2)); ++ test_ndigits_aux (4, p, 1 + (p / 2)); + + /* for b=8, we have 1 + ceil((p-1)*log(2)/log(b)) = 1 + ceil((p-1)/3) + = 1 + floor((p+1)/3) */ + for (p = MPFR_PREC_MIN; p <= 1024; p++) +- MPFR_ASSERTN(mpfr_get_str_ndigits (8, p) == 1 + ((p + 1) / 3)); ++ test_ndigits_aux (8, p, 1 + ((p + 1) / 3)); + + /* for b=16, we have 1 + ceil((p-1)*log(2)/log(b)) = 1 + ceil((p-1)/4) + = 1 + floor((p+2)/4) */ + for (p = MPFR_PREC_MIN; p <= 1024; p++) +- MPFR_ASSERTN(mpfr_get_str_ndigits (16, p) == 1 + ((p + 2) / 4)); ++ test_ndigits_aux (16, p, 1 + ((p + 2) / 4)); + + /* for b=32, we have 1 + ceil((p-1)*log(2)/log(b)) = 1 + ceil((p-1)/5) + = 1 + floor((p+3)/5) */ + for (p = MPFR_PREC_MIN; p <= 1024; p++) +- MPFR_ASSERTN(mpfr_get_str_ndigits (32, p) == 1 + ((p + 3) / 5)); ++ test_ndigits_aux (32, p, 1 + ((p + 3) / 5)); + + /* error < 1e-3 */ +- MPFR_ASSERTN(mpfr_get_str_ndigits (57, 35) == 8); ++ test_ndigits_aux (57, 35, 8); + + /* error < 1e-4 */ +- MPFR_ASSERTN(mpfr_get_str_ndigits (31, 649) == 133); ++ test_ndigits_aux (31, 649, 133); + + /* error < 1e-5 */ +- MPFR_ASSERTN(mpfr_get_str_ndigits (43, 5041) == 931); ++ test_ndigits_aux (43, 5041, 931); + + /* error < 1e-6 */ +- MPFR_ASSERTN(mpfr_get_str_ndigits (41, 17771) == 3319); ++ test_ndigits_aux (41, 17771, 3319); + + /* 20th convergent of log(2)/log(3) */ +- MPFR_ASSERTN(mpfr_get_str_ndigits (3, 630138897) == 397573381); ++ test_ndigits_aux (3, 630138897, 397573381); + + #if MPFR_PREC_BITS >= 64 + /* 21st convergent of log(2)/log(3) */ +- MPFR_ASSERTN(mpfr_get_str_ndigits (3, 9809721694) == 6189245292); ++ test_ndigits_aux (3, 9809721694, 6189245292); + + /* 22nd convergent of log(2)/log(3) */ +- MPFR_ASSERTN(mpfr_get_str_ndigits (3, 10439860591) == 6586818672); ++ test_ndigits_aux (3, 10439860591, 6586818672); + + /* 23rd convergent of log(2)/log(3) */ +- MPFR_ASSERTN(mpfr_get_str_ndigits (3, 103768467013) == 65470613322); ++ test_ndigits_aux (3, 103768467013, 65470613322); + + /* 24th convergent of log(2)/log(3) */ +- MPFR_ASSERTN(mpfr_get_str_ndigits (3, 217976794617) == 137528045314); ++ test_ndigits_aux (3, 217976794617, 137528045314); + +- MPFR_ASSERTN(mpfr_get_str_ndigits (3, 1193652440098) == 753110839882); ++ test_ndigits_aux (3, 1193652440098, 753110839882); + +- MPFR_ASSERTN(mpfr_get_str_ndigits (3, 683381996816440) == 431166034846569); ++ test_ndigits_aux (3, 683381996816440, 431166034846569); + +- MPFR_ASSERTN(mpfr_get_str_ndigits (7, 186564318007) == 66455550933); ++ test_ndigits_aux (7, 186564318007, 66455550933); + #endif + } + +diff -Naurd mpfr-4.1.0-a/PATCHES mpfr-4.1.0-b/PATCHES +--- mpfr-4.1.0-a/PATCHES 2021-05-17 16:09:00.574477185 +0000 ++++ mpfr-4.1.0-b/PATCHES 2021-05-17 16:09:00.754476587 +0000 +@@ -0,0 +1 @@ ++vasprintf-prec-zero +diff -Naurd mpfr-4.1.0-a/VERSION mpfr-4.1.0-b/VERSION +--- mpfr-4.1.0-a/VERSION 2021-04-23 09:49:34.696281616 +0000 ++++ mpfr-4.1.0-b/VERSION 2021-05-17 16:09:00.754476587 +0000 +@@ -1 +1 @@ +-4.1.0-p12 ++4.1.0-p13 +diff -Naurd mpfr-4.1.0-a/src/mpfr.h mpfr-4.1.0-b/src/mpfr.h +--- mpfr-4.1.0-a/src/mpfr.h 2021-04-23 09:49:34.692281639 +0000 ++++ mpfr-4.1.0-b/src/mpfr.h 2021-05-17 16:09:00.754476587 +0000 +@@ -27,7 +27,7 @@ + #define MPFR_VERSION_MAJOR 4 + #define MPFR_VERSION_MINOR 1 + #define MPFR_VERSION_PATCHLEVEL 0 +-#define MPFR_VERSION_STRING "4.1.0-p12" ++#define MPFR_VERSION_STRING "4.1.0-p13" + + /* User macros: + MPFR_USE_FILE: Define it to make MPFR define functions dealing +diff -Naurd mpfr-4.1.0-a/src/vasprintf.c mpfr-4.1.0-b/src/vasprintf.c +--- mpfr-4.1.0-a/src/vasprintf.c 2021-02-11 12:48:27.354242922 +0000 ++++ mpfr-4.1.0-b/src/vasprintf.c 2021-05-17 16:09:00.598477107 +0000 +@@ -635,7 +635,13 @@ + static int + buffer_cat (struct string_buffer *b, const char *s, size_t len) + { +- MPFR_ASSERTD (len > 0); ++ /* If len == 0, which is possible when outputting an integer 0 ++ (either a native one or mpfr_prec_t) with precision field = 0, ++ do nothing. This test is not necessary since the code below is ++ valid for len == 0, but this is safer, just in case. */ ++ if (len == 0) ++ return 0; ++ + MPFR_ASSERTD (len <= strlen (s)); + + if (buffer_incr_len (b, len)) +diff -Naurd mpfr-4.1.0-a/src/version.c mpfr-4.1.0-b/src/version.c +--- mpfr-4.1.0-a/src/version.c 2021-04-23 09:49:34.696281616 +0000 ++++ mpfr-4.1.0-b/src/version.c 2021-05-17 16:09:00.754476587 +0000 +@@ -25,5 +25,5 @@ + const char * + mpfr_get_version (void) + { +- return "4.1.0-p12"; ++ return "4.1.0-p13"; + } +diff -Naurd mpfr-4.1.0-a/tests/tsprintf.c mpfr-4.1.0-b/tests/tsprintf.c +--- mpfr-4.1.0-a/tests/tsprintf.c 2020-04-08 22:39:35.000000000 +0000 ++++ mpfr-4.1.0-b/tests/tsprintf.c 2021-05-17 16:09:00.598477107 +0000 +@@ -193,6 +193,10 @@ + sprintf (buf, "%d", i); + check_vsprintf (buf, "%d", i); + ++ check_vsprintf ("0", "%d", 0); ++ check_vsprintf ("", "%.d", 0); ++ check_vsprintf ("", "%.0d", 0); ++ + sprintf (buf, "%e", d); + check_vsprintf (buf, "%e", d); + +@@ -227,9 +231,6 @@ + mpfr_prec_t p = 128; + mpfr_t x, y, z; + +- mpfr_init (z); +- mpfr_init2 (x, p); +- + /* specifier 'P' for precision */ + check_vsprintf ("128", "%Pu", p); + check_vsprintf ("00128", "%.5Pu", p); +@@ -247,9 +248,19 @@ + check_vsprintf ("0200:", "%0#+ -Po:", p); + check_vsprintf ("+0000128 :", "%0+ *.*Pd:", -9, 7, p); + check_vsprintf ("+12345 :", "%0+ -*.*Pd:", -9, -3, (mpfr_prec_t) 12345); ++ check_vsprintf ("0", "%Pu", (mpfr_prec_t) 0); + /* Do not add a test like "%05.1Pd" as MS Windows is buggy: when + a precision is given, the '0' flag must be ignored. */ + ++ /* specifier 'P' with precision field 0 */ ++ check_vsprintf ("128", "%.Pu", p); ++ check_vsprintf ("128", "%.0Pd", p); ++ /* check_vsprintf ("", "%.Pu", (mpfr_prec_t) 0); */ ++ check_vsprintf ("", "%.0Pd", (mpfr_prec_t) 0); ++ ++ mpfr_init (z); ++ mpfr_init2 (x, 128); ++ + /* special numbers */ + mpfr_set_inf (x, 1); + check_sprintf (pinf_str, "%Re", x); diff --git a/src/patches/openldap-2.4.49-consolidated-1.patch b/src/patches/openldap-2.4.49-consolidated-1.patch deleted file mode 100644 index 8cd2656e3..000000000 --- a/src/patches/openldap-2.4.49-consolidated-1.patch +++ /dev/null @@ -1,371 +0,0 @@ -Submitted by: Bruce Dubbs <bdubbs at linuxfromscratch.org> -Date: 2012-03-26 -Initial Package Version: 2.4.40 -Upstream Status: BLFS Specific -Origin: Armin K. <krejzi at email dot com> and Debian -Comment: Rediffed by Fernando de Oliveira <famobr at yahoo dot - com dot br> for version 2.4.44 - 2016.02.06 - Rediffed by Pierre Labastie <pierre dot labastie at - neuf dot fr> to add mdb backend and slapd.ldif. See - ticket #7394 - 2016.02.24 -Description: Consolidate earlier patches to: - 1. Update various installation options, such as ldap database path, - configuration file options, slapd install location, etc. - 2. Remove reference to bdb module - 3. Enables symbol versioning in ldap libraries. Without these changes - some applications might generate a warning about missing symbol versions. - -diff -Naur openldap-2.4.40.orig/build/openldap.m4 openldap-2.4.40/build/openldap.m4 ---- openldap-2.4.40.orig/build/openldap.m4 2014-09-18 20:48:49.000000000 -0500 -+++ openldap-2.4.40/build/openldap.m4 2015-03-26 15:37:39.801077750 -0500 -@@ -1142,3 +1142,54 @@ - #endif - ], [ol_cv_ssl_crl_compat=yes], [ol_cv_ssl_crl_compat=no])]) - ]) -+ -+dnl ==================================================================== -+dnl check for symbol versioning support -+AC_DEFUN([OL_SYMBOL_VERSIONING], -+[AC_CACHE_CHECK([for .symver assembler directive], -+ [ol_cv_asm_symver_directive],[ -+cat > conftest.s <<EOF -+${libc_cv_dot_text} -+_sym: -+.symver _sym,sym@VERS -+EOF -+if ${CC-cc} -c $ASFLAGS conftest.s 1>&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD; then -+ ol_cv_asm_symver_directive=yes -+else -+ ol_cv_asm_symver_directive=no -+fi -+rm -f conftest*]) -+AC_CACHE_CHECK([for ld --version-script], -+ [ol_cv_ld_version_script_option],[ -+if test $ol_cv_asm_symver_directive = yes; then -+ cat > conftest.s <<EOF -+${libc_cv_dot_text} -+_sym: -+.symver _sym,sym@VERS -+EOF -+ cat > conftest.map <<EOF -+VERS_1 { -+ global: sym; -+}; -+ -+VERS_2 { -+ global: sym; -+} VERS_1; -+EOF -+ if ${CC-cc} -c $ASFLAGS conftest.s 1>&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD; then -+ if AC_TRY_COMMAND([${CC-cc} $CFLAGS $LDFLAGS -shared -+ -o conftest.so conftest.o -+ -Wl,--version-script,conftest.map -+ 1>&AS_MESSAGE_LOG_FD]); -+ then -+ ol_cv_ld_version_script_option=yes -+ else -+ ol_cv_ld_version_script_option=no -+ fi -+ else -+ ol_cv_ld_version_script_option=no -+ fi -+else -+ ol_cv_ld_version_script_option=no -+fi -+rm -f conftest*])]) -diff -Naur openldap-2.4.40.orig/build/top.mk openldap-2.4.40/build/top.mk ---- openldap-2.4.40.orig/build/top.mk 2014-09-18 20:48:49.000000000 -0500 -+++ openldap-2.4.40/build/top.mk 2015-03-26 15:37:39.801077750 -0500 -@@ -104,6 +104,9 @@ - # LINK_LIBS referenced in library and module link commands. - LINK_LIBS = $(MOD_LIBS) $(@PLAT@_LINK_LIBS) - -+# option to pass to $(CC) to support library symbol versioning, if any -+VERSION_OPTION = @VERSION_OPTION@ -+ - LTSTATIC = @LTSTATIC@ - - LTLINK = $(LIBTOOL) --mode=link \ -@@ -113,7 +116,7 @@ - $(CC) $(LT_CFLAGS) $(LT_CPPFLAGS) $(LIB_DEFS) -c - - LTLINK_LIB = $(LIBTOOL) $(LTONLY_LIB) --mode=link \ -- $(CC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS_LIB) -+ $(CC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS_LIB) $(VERSION_FLAGS) - - LTCOMPILE_MOD = $(LIBTOOL) $(LTONLY_MOD) --mode=compile \ - $(CC) $(LT_CFLAGS) $(LT_CPPFLAGS) $(MOD_DEFS) -c -diff -Naur openldap-2.4.40.orig/configure.in openldap-2.4.40/configure.in ---- openldap-2.4.40.orig/configure.in 2014-09-18 20:48:49.000000000 -0500 -+++ openldap-2.4.40/configure.in 2015-03-26 15:37:39.801077750 -0500 -@@ -1916,6 +1916,13 @@ - fi - AC_SUBST(LTSTATIC)dnl - -+VERSION_OPTION="" -+OL_SYMBOL_VERSIONING -+if test $ol_cv_ld_version_script_option = yes ; then -+ VERSION_OPTION="-Wl,--version-script=" -+fi -+AC_SUBST(VERSION_OPTION) -+ - dnl ---------------------------------------------------------------- - if test $ol_enable_wrappers != no ; then - AC_CHECK_HEADERS(tcpd.h,[ -diff -Naur openldap-2.4.40.orig/doc/man/man5/slapd-bdb.5 openldap-2.4.40/doc/man/man5/slapd-bdb.5 ---- openldap-2.4.40.orig/doc/man/man5/slapd-bdb.5 2014-09-18 20:48:49.000000000 -0500 -+++ openldap-2.4.40/doc/man/man5/slapd-bdb.5 2015-03-26 15:36:59.637464038 -0500 -@@ -135,7 +135,7 @@ - associated indexes live. - A separate directory must be specified for each database. - The default is --.BR LOCALSTATEDIR/openldap-data . -+.BR LOCALSTATEDIR/lib/openldap . - .TP - .B dirtyread - Allow reads of modified but not yet committed data. -diff -Naur openldap-2.4.40.orig/doc/man/man5/slapd-config.5 openldap-2.4.40/doc/man/man5/slapd-config.5 ---- openldap-2.4.40.orig/doc/man/man5/slapd-config.5 2014-09-18 20:48:49.000000000 -0500 -+++ openldap-2.4.40/doc/man/man5/slapd-config.5 2015-03-26 15:36:59.638464004 -0500 -@@ -2051,7 +2051,7 @@ - # The database directory MUST exist prior to - # running slapd AND should only be accessible - # by the slapd/tools. Mode 0700 recommended. --olcDbDirectory: LOCALSTATEDIR/openldap-data -+olcDbDirectory: LOCALSTATEDIR/lib/openldap - # Indices to maintain - olcDbIndex: objectClass eq - olcDbIndex: cn,sn,mail pres,eq,approx,sub -diff -Naur openldap-2.4.40.orig/doc/man/man5/slapd.conf.5 openldap-2.4.40/doc/man/man5/slapd.conf.5 ---- openldap-2.4.40.orig/doc/man/man5/slapd.conf.5 2014-09-18 20:48:49.000000000 -0500 -+++ openldap-2.4.40/doc/man/man5/slapd.conf.5 2015-03-26 15:36:59.638464004 -0500 -@@ -2021,7 +2021,7 @@ - # The database directory MUST exist prior to - # running slapd AND should only be accessible - # by the slapd/tools. Mode 0700 recommended. --directory LOCALSTATEDIR/openldap-data -+directory LOCALSTATEDIR/lib/openldap - # Indices to maintain - index objectClass eq - index cn,sn,mail pres,eq,approx,sub -diff -Naur openldap-2.4.40.orig/include/ldap_defaults.h openldap-2.4.40/include/ldap_defaults.h ---- openldap-2.4.40.orig/include/ldap_defaults.h 2014-09-18 20:48:49.000000000 -0500 -+++ openldap-2.4.40/include/ldap_defaults.h 2015-03-26 15:36:59.638464004 -0500 -@@ -39,7 +39,7 @@ - #define LDAP_ENV_PREFIX "LDAP" - - /* default ldapi:// socket */ --#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "run" LDAP_DIRSEP "ldapi" -+#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "run" LDAP_DIRSEP "openldap" LDAP_DIRSEP "ldapi" - - /* - * SLAPD DEFINITIONS -@@ -47,7 +47,7 @@ - /* location of the default slapd config file */ - #define SLAPD_DEFAULT_CONFIGFILE LDAP_SYSCONFDIR LDAP_DIRSEP "slapd.conf" - #define SLAPD_DEFAULT_CONFIGDIR LDAP_SYSCONFDIR LDAP_DIRSEP "slapd.d" --#define SLAPD_DEFAULT_DB_DIR LDAP_RUNDIR LDAP_DIRSEP "openldap-data" -+#define SLAPD_DEFAULT_DB_DIR LDAP_RUNDIR LDAP_DIRSEP "lib" LDAP_DIRSEP "openldap" - #define SLAPD_DEFAULT_DB_MODE 0600 - #define SLAPD_DEFAULT_UCDATA LDAP_DATADIR LDAP_DIRSEP "ucdata" - /* default max deref depth for aliases */ -diff -Naur openldap-2.4.40.orig/libraries/liblber/Makefile.in openldap-2.4.40/libraries/liblber/Makefile.in ---- openldap-2.4.40.orig/libraries/liblber/Makefile.in 2014-09-18 20:48:49.000000000 -0500 -+++ openldap-2.4.40/libraries/liblber/Makefile.in 2015-03-26 15:37:39.801077750 -0500 -@@ -38,6 +38,9 @@ - XXLIBS = - NT_LINK_LIBS = $(AC_LIBS) - UNIX_LINK_LIBS = $(AC_LIBS) -+ifneq (,$(VERSION_OPTION)) -+ VERSION_FLAGS = "$(VERSION_OPTION)$(srcdir)/liblber.map" -+endif - - dtest: $(XLIBS) dtest.o - $(LTLINK) -o $@ dtest.o $(LIBS) -@@ -48,6 +51,6 @@ - - install-local: FORCE - -$(MKDIR) $(DESTDIR)$(libdir) -- $(LTINSTALL) $(INSTALLFLAGS) -m 644 $(LIBRARY) $(DESTDIR)$(libdir) -+ $(LTINSTALL) $(INSTALLFLAGS) -m 755 $(LIBRARY) $(DESTDIR)$(libdir) - $(LTFINISH) $(DESTDIR)$(libdir) - -diff -Naur openldap-2.4.40.orig/libraries/liblber/liblber.map openldap-2.4.40/libraries/liblber/liblber.map ---- openldap-2.4.40.orig/libraries/liblber/liblber.map 1969-12-31 18:00:00.000000000 -0600 -+++ openldap-2.4.40/libraries/liblber/liblber.map 2015-03-26 15:37:39.801077750 -0500 -@@ -0,0 +1,8 @@ -+OPENLDAP_2.4_2 { -+ global: -+ ber_*; -+ der_alloc; -+ lutil_*; -+ local: -+ *; -+}; -diff -Naur openldap-2.4.40.orig/libraries/libldap/Makefile.in openldap-2.4.40/libraries/libldap/Makefile.in ---- openldap-2.4.40.orig/libraries/libldap/Makefile.in 2014-09-18 20:48:49.000000000 -0500 -+++ openldap-2.4.40/libraries/libldap/Makefile.in 2015-03-26 15:37:39.802077716 -0500 -@@ -52,6 +52,9 @@ - XXLIBS = $(SECURITY_LIBS) $(LUTIL_LIBS) - NT_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) - UNIX_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) -+ifneq (,$(VERSION_OPTION)) -+ VERSION_FLAGS = $(VERSION_OPTION)$(srcdir)/libldap.map -+endif - - apitest: $(XLIBS) apitest.o - $(LTLINK) -o $@ apitest.o $(LIBS) -@@ -68,7 +71,7 @@ - - install-local: $(CFFILES) FORCE - -$(MKDIR) $(DESTDIR)$(libdir) -- $(LTINSTALL) $(INSTALLFLAGS) -m 644 $(LIBRARY) $(DESTDIR)$(libdir) -+ $(LTINSTALL) $(INSTALLFLAGS) -m 755 $(LIBRARY) $(DESTDIR)$(libdir) - $(LTFINISH) $(DESTDIR)$(libdir) - -$(MKDIR) $(DESTDIR)$(sysconfdir) - @for i in $(CFFILES); do \ -diff -Naur openldap-2.4.40.orig/libraries/libldap/libldap.map openldap-2.4.40/libraries/libldap/libldap.map ---- openldap-2.4.40.orig/libraries/libldap/libldap.map 1969-12-31 18:00:00.000000000 -0600 -+++ openldap-2.4.40/libraries/libldap/libldap.map 2015-03-26 15:37:39.802077716 -0500 -@@ -0,0 +1,7 @@ -+OPENLDAP_2.4_2 { -+ global: -+ ldap_*; -+ ldif_*; -+ local: -+ *; -+}; -diff -Naur openldap-2.4.40.orig/libraries/libldap_r/Makefile.in openldap-2.4.40/libraries/libldap_r/Makefile.in ---- openldap-2.4.40.orig/libraries/libldap_r/Makefile.in 2014-09-18 20:48:49.000000000 -0500 -+++ openldap-2.4.40/libraries/libldap_r/Makefile.in 2015-03-26 15:37:39.802077716 -0500 -@@ -61,6 +61,9 @@ - XXXLIBS = $(LTHREAD_LIBS) - NT_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) - UNIX_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) $(LTHREAD_LIBS) -+ifneq (,$(VERSION_OPTION)) -+ VERSION_FLAGS = "$(VERSION_OPTION)$(XXDIR)/libldap.map" -+endif - - .links : Makefile - @for i in $(XXSRCS); do \ -@@ -83,6 +86,6 @@ - - install-local: $(CFFILES) FORCE - -$(MKDIR) $(DESTDIR)$(libdir) -- $(LTINSTALL) $(INSTALLFLAGS) -m 644 $(LIBRARY) $(DESTDIR)$(libdir) -+ $(LTINSTALL) $(INSTALLFLAGS) -m 755 $(LIBRARY) $(DESTDIR)$(libdir) - $(LTFINISH) $(DESTDIR)$(libdir) - -diff -Naur openldap-2.4.40.orig/servers/slapd/Makefile.in openldap-2.4.40/servers/slapd/Makefile.in ---- openldap-2.4.40.orig/servers/slapd/Makefile.in 2014-09-18 20:48:49.000000000 -0500 -+++ openldap-2.4.40/servers/slapd/Makefile.in 2015-03-26 15:36:59.639463969 -0500 -@@ -376,10 +376,10 @@ - install-conf install-dbc-maybe install-schema install-tools - - install-slapd: FORCE -- -$(MKDIR) $(DESTDIR)$(libexecdir) -+ -$(MKDIR) $(DESTDIR)$(sbindir) - -$(MKDIR) $(DESTDIR)$(localstatedir)/run - $(LTINSTALL) $(INSTALLFLAGS) $(STRIP) -m 755 \ -- slapd$(EXEEXT) $(DESTDIR)$(libexecdir) -+ slapd$(EXEEXT) $(DESTDIR)$(sbindir) - @for i in $(SUBDIRS); do \ - if test -d $$i && test -f $$i/Makefile ; then \ - echo; echo " cd $$i; $(MAKE) $(MFLAGS) install"; \ -@@ -445,9 +445,9 @@ - - install-db-config: FORCE - @-$(MKDIR) $(DESTDIR)$(localstatedir) $(DESTDIR)$(sysconfdir) -- @-$(INSTALL) -m 700 -d $(DESTDIR)$(localstatedir)/openldap-data -+ @-$(INSTALL) -m 700 -d $(DESTDIR)$(localstatedir)/lib/openldap - $(INSTALL) $(INSTALLFLAGS) -m 600 $(srcdir)/DB_CONFIG \ -- $(DESTDIR)$(localstatedir)/openldap-data/DB_CONFIG.example -+ $(DESTDIR)$(localstatedir)/lib/openldap/DB_CONFIG.example - $(INSTALL) $(INSTALLFLAGS) -m 600 $(srcdir)/DB_CONFIG \ - $(DESTDIR)$(sysconfdir)/DB_CONFIG.example - -@@ -455,6 +455,6 @@ - -$(MKDIR) $(DESTDIR)$(sbindir) - for i in $(SLAPTOOLS); do \ - $(RM) $(DESTDIR)$(sbindir)/$$i$(EXEEXT); \ -- $(LN_S) -f $(DESTDIR)$(libexecdir)/slapd$(EXEEXT) $(DESTDIR)$(sbindir)/$$i$(EXEEXT); \ -+ $(LN_S) -f $(DESTDIR)$(sbindir)/slapd$(EXEEXT) $(DESTDIR)$(sbindir)/$$i$(EXEEXT); \ - done - -diff -Naur openldap-2.4.44.orig/servers/slapd/slapd.conf openldap-2.4.44/servers/slapd/slapd.conf ---- openldap-2.4.44.orig/servers/slapd/slapd.conf 2016-02-06 00:57:45.000000000 +0100 -+++ openldap-2.4.44/servers/slapd/slapd.conf 2016-02-22 23:01:47.681372594 +0100 -@@ -10,12 +10,12 @@ - # service AND an understanding of referrals. - #referral ldap://root.openldap.org - --pidfile %LOCALSTATEDIR%/run/slapd.pid --argsfile %LOCALSTATEDIR%/run/slapd.args -+pidfile %LOCALSTATEDIR%/run/openldap/slapd.pid -+argsfile %LOCALSTATEDIR%/run/openldap/slapd.args - - # Load dynamic backend modules: --# modulepath %MODULEDIR% --# moduleload back_mdb.la -+modulepath %MODULEDIR% -+moduleload back_mdb.la - # moduleload back_ldap.la - - # Sample security restrictions -@@ -60,6 +60,6 @@ - # The database directory MUST exist prior to running slapd AND - # should only be accessible by the slapd and slap tools. - # Mode 700 recommended. --directory %LOCALSTATEDIR%/openldap-data -+directory %LOCALSTATEDIR%/lib/openldap - # Indices to maintain - index objectClass eq -diff -Naur openldap-2.4.44.orig/servers/slapd/slapd.ldif openldap-2.4.44/servers/slapd/slapd.ldif ---- openldap-2.4.44.orig/servers/slapd/slapd.ldif 2016-02-06 00:57:45.000000000 +0100 -+++ openldap-2.4.44/servers/slapd/slapd.ldif 2016-02-22 22:59:57.824364446 +0100 -@@ -9,8 +9,8 @@ - # - # Define global ACLs to disable default read access. - # --olcArgsFile: %LOCALSTATEDIR%/run/slapd.args --olcPidFile: %LOCALSTATEDIR%/run/slapd.pid -+olcArgsFile: %LOCALSTATEDIR%/run/openldap/slapd.args -+olcPidFile: %LOCALSTATEDIR%/run/openldap/slapd.pid - # - # Do not enable referrals until AFTER you have a working directory - # service AND an understanding of referrals. -@@ -26,10 +26,11 @@ - # - # Load dynamic backend modules: - # --#dn: cn=module,cn=config --#objectClass: olcModuleList --#cn: module --#olcModulepath: %MODULEDIR% -+dn: cn=module,cn=config -+objectClass: olcModuleList -+cn: module -+olcModulepath: %MODULEDIR% -+olcModuleload: back_mdb.la - #olcModuleload: back_bdb.la - #olcModuleload: back_hdb.la - #olcModuleload: back_ldap.la -@@ -90,6 +91,6 @@ - # The database directory MUST exist prior to running slapd AND - # should only be accessible by the slapd and slap tools. - # Mode 700 recommended. --olcDbDirectory: %LOCALSTATEDIR%/openldap-data -+olcDbDirectory: %LOCALSTATEDIR%/lib/openldap - # Indices to maintain - olcDbIndex: objectClass eq -diff -Naur openldap-2.4.40.orig/servers/slapd/slapi/Makefile.in openldap-2.4.40/servers/slapd/slapi/Makefile.in ---- openldap-2.4.40.orig/servers/slapd/slapi/Makefile.in 2014-09-18 20:48:49.000000000 -0500 -+++ openldap-2.4.40/servers/slapd/slapi/Makefile.in 2015-03-26 15:36:59.639463969 -0500 -@@ -46,6 +46,6 @@ - install-local: FORCE - if test "$(BUILD_MOD)" = "yes"; then \ - $(MKDIR) $(DESTDIR)$(libdir); \ -- $(LTINSTALL) $(INSTALLFLAGS) -m 644 $(LIBRARY) $(DESTDIR)$(libdir); \ -+ $(LTINSTALL) $(INSTALLFLAGS) -m 755 $(LIBRARY) $(DESTDIR)$(libdir); \ - fi - diff --git a/src/patches/openldap-2.6.1-consolidated-2.patch b/src/patches/openldap-2.6.1-consolidated-2.patch new file mode 100644 index 000000000..eb7396ad6 --- /dev/null +++ b/src/patches/openldap-2.6.1-consolidated-2.patch @@ -0,0 +1,4689 @@ +Submitted by: Bruce Dubbs <bdubbs at linuxfromscratch.org> +Date: 2012-03-26 +Initial Package Version: 2.4.40 +Upstream Status: BLFS Specific +Origin: Armin K. <krejzi at email dot com> and Debian +Comment: Rediffed by Fernando de Oliveira <famobr at yahoo dot + com dot br> for version 2.4.44 - 2016.02.06 + Rediffed by Pierre Labastie <pierre dot labastie at + neuf dot fr> to add mdb backend and slapd.ldif. See + ticket #7394 - 2016.02.24 + Rediffed by Douglas R. Reno <renodr at linuxfromscratch + dot org> to function on 2.4.51. - 2020-08-13 + Fixed the rediff to use a .c file instead of a .s, fixing + the test by Douglas R. Reno - 2020-08-13 + Rediffed by Tim Tassonis <stuff at decentral.ch> to + remove now integrated symbol versioning stuff and + remove changes to now non-existent slapd-bdb.5 file - 2021-05-03 + Rediffed by Douglas R. Reno - 2022-02-13 - updated man + pages for lloadd.8 and slapd.8 to use the proper path. +Description: Consolidate earlier patches to: + 1. Update various installation options, such as ldap database path, + configuration file options, slapd install location, etc. + 2. Remove reference to bdb module + + +diff -Naurp openldap-2.6.1.orig/doc/man/man5/slapd.conf.5 openldap-2.6.1/doc/man/man5/slapd.conf.5 +--- openldap-2.6.1.orig/doc/man/man5/slapd.conf.5 2022-01-19 12:32:34.000000000 -0600 ++++ openldap-2.6.1/doc/man/man5/slapd.conf.5 2022-02-13 15:54:13.654979570 -0600 +@@ -2123,7 +2123,7 @@ suffix "dc=our-domain,dc=com" + # The database directory MUST exist prior to + # running slapd AND should only be accessible + # by the slapd/tools. Mode 0700 recommended. +-directory LOCALSTATEDIR/openldap-data ++directory LOCALSTATEDIR/lib/openldap + # Indices to maintain + index objectClass eq + index cn,sn,mail pres,eq,approx,sub +diff -Naurp openldap-2.6.1.orig/doc/man/man5/slapd.conf.5.orig openldap-2.6.1/doc/man/man5/slapd.conf.5.orig +--- openldap-2.6.1.orig/doc/man/man5/slapd.conf.5.orig 1969-12-31 18:00:00.000000000 -0600 ++++ openldap-2.6.1/doc/man/man5/slapd.conf.5.orig 2022-01-19 12:32:34.000000000 -0600 +@@ -0,0 +1,2168 @@ ++.TH SLAPD.CONF 5 "RELEASEDATE" "OpenLDAP LDVERSION" ++." Copyright 1998-2022 The OpenLDAP Foundation All Rights Reserved. ++." Copying restrictions apply. See COPYRIGHT/LICENSE. ++." $OpenLDAP$ ++.SH NAME ++slapd.conf - configuration file for slapd, the stand-alone LDAP daemon ++.SH SYNOPSIS ++ETCDIR/slapd.conf ++.SH DESCRIPTION ++The file ++.B ETCDIR/slapd.conf ++contains configuration information for the ++.BR slapd (8) ++daemon. This configuration file is also used by the SLAPD tools ++.BR slapacl (8), ++.BR slapadd (8), ++.BR slapauth (8), ++.BR slapcat (8), ++.BR slapdn (8), ++.BR slapindex (8), ++.BR slapmodify (8), ++and ++.BR slaptest (8). ++.LP ++The ++.B slapd.conf ++file consists of a series of global configuration options that apply to ++.B slapd ++as a whole (including all backends), followed by zero or more database ++backend definitions that contain information specific to a backend ++instance. ++The configuration options are case-insensitive; ++their value, on a case by case basis, may be case-sensitive. ++.LP ++The general format of ++.B slapd.conf ++is as follows: ++.LP ++.nf ++ # comment - these options apply to every database ++ <global configuration options> ++ # first database definition & configuration options ++ database <backend 1 type> ++ <configuration options specific to backend 1> ++ # subsequent database definitions & configuration options ++ ... ++.fi ++.LP ++As many backend-specific sections as desired may be included. Global ++options can be overridden in a backend (for options that appear more ++than once, the last appearance in the ++.B slapd.conf ++file is used). ++.LP ++If a line begins with white space, it is considered a continuation ++of the previous line. No physical line should be over 2000 bytes ++long. ++.LP ++Blank lines and comment lines beginning with ++a `#' character are ignored. Note: continuation lines are unwrapped ++before comment processing is applied. ++.LP ++Arguments on configuration lines are separated by white space. If an ++argument contains white space, the argument should be enclosed in ++double quotes. If an argument contains a double quote (`"') or a ++backslash character (`\'), the character should be preceded by a ++backslash character. ++.LP ++The specific configuration options available are discussed below in the ++Global Configuration Options, General Backend Options, and General Database ++Options. Backend-specific options are discussed in the ++.B slapd-<backend>(5) ++manual pages. Refer to the "OpenLDAP Administrator's Guide" for more ++details on the slapd configuration file. ++.SH GLOBAL CONFIGURATION OPTIONS ++Options described in this section apply to all backends, unless specifically ++overridden in a backend definition. Arguments that should be replaced by ++actual text are shown in brackets <>. ++.TP ++.B access to <what> "[ by <who> <access> <control> ]+" ++Grant access (specified by <access>) to a set of entries and/or ++attributes (specified by <what>) by one or more requestors (specified ++by <who>). ++If no access controls are present, the default policy ++allows anyone and everyone to read anything but restricts ++updates to rootdn. (e.g., "access to * by * read"). ++The rootdn can always read and write EVERYTHING! ++See ++.BR slapd.access (5) ++and the "OpenLDAP's Administrator's Guide" for details. ++.TP ++.B allow <features> ++Specify a set of features (separated by white space) to ++allow (default none). ++.B bind_v2 ++allows acceptance of LDAPv2 bind requests. Note that ++.BR slapd (8) ++does not truly implement LDAPv2 (RFC 1777), now Historic (RFC 3494). ++.B bind_anon_cred ++allows anonymous bind when credentials are not empty (e.g. ++when DN is empty). ++.B bind_anon_dn ++allows unauthenticated (anonymous) bind when DN is not empty. ++.B update_anon ++allows unauthenticated (anonymous) update operations to be processed ++(subject to access controls and other administrative limits). ++.B proxy_authz_anon ++allows unauthenticated (anonymous) proxy authorization control to be processed ++(subject to access controls, authorization and other administrative limits). ++.TP ++.B argsfile <filename> ++The (absolute) name of a file that will hold the ++.B slapd ++server's command line (program name and options). ++.TP ++.B attributeoptions [option-name]... ++Define tagging attribute options or option tag/range prefixes. ++Options must not end with `-', prefixes must end with `-'. ++The `lang-' prefix is predefined. ++If you use the ++.B attributeoptions ++directive, `lang-' will no longer be defined and you must specify it ++explicitly if you want it defined. ++ ++An attribute description with a tagging option is a subtype of that ++attribute description without the option. ++Except for that, options defined this way have no special semantics. ++Prefixes defined this way work like the `lang-' options: ++They define a prefix for tagging options starting with the prefix. ++That is, if you define the prefix `x-foo-', you can use the option ++`x-foo-bar'. ++Furthermore, in a search or compare, a prefix or range name (with ++a trailing `-') matches all options starting with that name, as well ++as the option with the range name sans the trailing `-'. ++That is, `x-foo-bar-' matches `x-foo-bar' and `x-foo-bar-baz'. ++ ++RFC 4520 reserves options beginning with `x-' for private experiments. ++Other options should be registered with IANA, see RFC 4520 section 3.5. ++OpenLDAP also has the `binary' option built in, but this is a transfer ++option, not a tagging option. ++.HP ++.hy 0 ++.B attributetype "(\ <oid>\ ++ [NAME\ <name>]\ ++ [DESC\ <description>]\ ++ [OBSOLETE]\ ++ [SUP\ <oid>]\ ++ [EQUALITY\ <oid>]\ ++ [ORDERING\ <oid>]\ ++ [SUBSTR\ <oid>]\ ++ [SYNTAX\ <oidlen>]\ ++ [SINGLE-VALUE]\ ++ [COLLECTIVE]\ ++ [NO-USER-MODIFICATION]\ ++ [USAGE\ <attributeUsage>]\ )" ++.RS ++Specify an attribute type using the LDAPv3 syntax defined in RFC 4512. ++The slapd parser extends the RFC 4512 definition by allowing string ++forms as well as numeric OIDs to be used for the attribute OID and ++attribute syntax OID. ++(See the ++.B objectidentifier ++description.) ++.RE ++.TP ++.B authid-rewrite<cmd> <args> ++Used by the authentication framework to convert simple user names ++to an LDAP DN used for authorization purposes. ++Its purpose is analogous to that of ++.BR authz-regexp ++(see below). ++The prefix \fIauthid-\fP is followed by a set of rules analogous ++to those described in ++.BR slapo-rwm (5) ++for data rewriting (replace the \fIrwm-\fP prefix with \fIauthid-\fP). ++.B authid-rewrite<cmd> ++and ++.B authz-regexp ++rules should not be intermixed. ++.TP ++.B authz-policy <policy> ++Used to specify which rules to use for Proxy Authorization. Proxy ++authorization allows a client to authenticate to the server using one ++user's credentials, but specify a different identity to use for authorization ++and access control purposes. It essentially allows user A to login as user ++B, using user A's password. ++The ++.B none ++flag disables proxy authorization. This is the default setting. ++The ++.B from ++flag will use rules in the ++.I authzFrom ++attribute of the authorization DN. ++The ++.B to ++flag will use rules in the ++.I authzTo ++attribute of the authentication DN. ++The ++.B any ++flag, an alias for the deprecated value of ++.BR both , ++will allow any of the above, whatever succeeds first (checked in ++.BR to , ++.B from ++sequence. ++The ++.B all ++flag requires both authorizations to succeed. ++.LP ++.RS ++The rules are mechanisms to specify which identities are allowed ++to perform proxy authorization. ++The ++.I authzFrom ++attribute in an entry specifies which other users ++are allowed to proxy login to this entry. The ++.I authzTo ++attribute in ++an entry specifies which other users this user can authorize as. Use of ++.I authzTo ++rules can be easily ++abused if users are allowed to write arbitrary values to this attribute. ++In general the ++.I authzTo ++attribute must be protected with ACLs such that ++only privileged users can modify it. ++The value of ++.I authzFrom ++and ++.I authzTo ++describes an ++.B identity ++or a set of identities; it can take five forms: ++.RS ++.TP ++.B ldap:///<base>??[<scope>]?<filter> ++.RE ++.RS ++.B dn[.<dnstyle>]:<pattern> ++.RE ++.RS ++.B u[.<mech>[/<realm>]]:<pattern> ++.RE ++.RS ++.B group[/objectClass[/attributeType]]:<pattern> ++.RE ++.RS ++.B <pattern> ++.RE ++.RS ++ ++.B <dnstyle>:={exact|onelevel|children|subtree|regex} ++ ++.RE ++The first form is a valid LDAP ++.B URI ++where the ++.IR <host>:<port> , ++the ++.I <attrs> ++and the ++.I <extensions> ++portions must be absent, so that the search occurs locally on either ++.I authzFrom ++or ++.IR authzTo . ++ ++.LP ++The second form is a ++.BR DN . ++The optional ++.B dnstyle ++modifiers ++.IR exact , ++.IR onelevel , ++.IR children , ++and ++.I subtree ++provide exact, onelevel, children and subtree matches, which cause ++.I <pattern> ++to be normalized according to the DN normalization rules. ++The special ++.B dnstyle ++modifier ++.I regex ++causes the ++.I <pattern> ++to be treated as a POSIX (''extended'') regular expression, as ++discussed in ++.BR regex (7) ++and/or ++.BR re_format (7). ++A pattern of ++.I * ++means any non-anonymous DN. ++ ++.LP ++The third form is a SASL ++.BR id . ++The optional fields ++.I <mech> ++and ++.I <realm> ++allow specification of a SASL ++.BR mechanism , ++and eventually a SASL ++.BR realm , ++for those mechanisms that support one. ++The need to allow the specification of a mechanism is still debated, ++and users are strongly discouraged to rely on this possibility. ++ ++.LP ++The fourth form is a group specification. ++It consists of the keyword ++.BR group , ++optionally followed by the specification of the group ++.B objectClass ++and ++.BR attributeType . ++The ++.B objectClass ++defaults to ++.IR groupOfNames . ++The ++.B attributeType ++defaults to ++.IR member . ++The group with DN ++.B <pattern> ++is searched with base scope, filtered on the specified ++.BR objectClass . ++The values of the resulting ++.B attributeType ++are searched for the asserted DN. ++ ++.LP ++The fifth form is provided for backwards compatibility. If no identity ++type is provided, i.e. only ++.B <pattern> ++is present, an ++.I exact DN ++is assumed; as a consequence, ++.B <pattern> ++is subjected to DN normalization. ++ ++.LP ++Since the interpretation of ++.I authzFrom ++and ++.I authzTo ++can impact security, users are strongly encouraged ++to explicitly set the type of identity specification that is being used. ++A subset of these rules can be used as third arg in the ++.B authz-regexp ++statement (see below); significantly, the ++.IR URI , ++provided it results in exactly one entry, ++and the ++.I dn.exact:<dn> ++forms. ++.RE ++.TP ++.B authz-regexp <match> <replace> ++Used by the authentication framework to convert simple user names, ++such as provided by SASL subsystem, or extracted from certificates ++in case of cert-based SASL EXTERNAL, or provided within the RFC 4370 ++"proxied authorization" control, to an LDAP DN used for ++authorization purposes. Note that the resulting DN need not refer ++to an existing entry to be considered valid. When an authorization ++request is received from the SASL subsystem, the SASL ++.BR USERNAME , ++.BR REALM , ++and ++.B MECHANISM ++are taken, when available, and combined into a name of the form ++.RS ++.RS ++.TP ++.B UID=<username>[[,CN=<realm>],CN=<mechanism>],CN=auth ++ ++.RE ++This name is then compared against the ++.B match ++POSIX (''extended'') regular expression, and if the match is successful, ++the name is replaced with the ++.B replace ++string. If there are wildcard strings in the ++.B match ++regular expression that are enclosed in parenthesis, e.g. ++.RS ++.TP ++.B UID=([^,]*),CN=.* ++ ++.RE ++then the portion of the name that matched the wildcard will be stored ++in the numbered placeholder variable $1. If there are other wildcard strings ++in parenthesis, the matching strings will be in $2, $3, etc. up to $9. The ++placeholders can then be used in the ++.B replace ++string, e.g. ++.RS ++.TP ++.B UID=$1,OU=Accounts,DC=example,DC=com ++ ++.RE ++The replaced name can be either a DN, i.e. a string prefixed by "dn:", ++or an LDAP URI. ++If the latter, the server will use the URI to search its own database(s) ++and, if the search returns exactly one entry, the name is ++replaced by the DN of that entry. The LDAP URI must have no ++hostport, attrs, or extensions components, but the filter is mandatory, ++e.g. ++.RS ++.TP ++.B ldap:///OU=Accounts,DC=example,DC=com??one?(UID=$1) ++ ++.RE ++The protocol portion of the URI must be strictly ++.BR ldap . ++Note that this search is subject to access controls. Specifically, ++the authentication identity must have "auth" access in the subject. ++ ++Multiple ++.B authz-regexp ++options can be given in the configuration file to allow for multiple matching ++and replacement patterns. The matching patterns are checked in the order they ++appear in the file, stopping at the first successful match. ++ ++.".B Caution: ++."Because the plus sign + is a character recognized by the regular expression engine, ++."and it will appear in names that include a REALM, be careful to escape the ++."plus sign with a backslash \+ to remove the character's special meaning. ++.RE ++.TP ++.B concurrency <integer> ++Specify a desired level of concurrency. Provided to the underlying ++thread system as a hint. The default is not to provide any hint. This setting ++is only meaningful on some platforms where there is not a one to one ++correspondence between user threads and kernel threads. ++.TP ++.B conn_max_pending <integer> ++Specify the maximum number of pending requests for an anonymous session. ++If requests are submitted faster than the server can process them, they ++will be queued up to this limit. If the limit is exceeded, the session ++is closed. The default is 100. ++.TP ++.B conn_max_pending_auth <integer> ++Specify the maximum number of pending requests for an authenticated session. ++The default is 1000. ++.TP ++.B defaultsearchbase <dn> ++Specify a default search base to use when client submits a ++non-base search request with an empty base DN. ++Base scoped search requests with an empty base DN are not affected. ++.TP ++.B disallow <features> ++Specify a set of features (separated by white space) to ++disallow (default none). ++.B bind_anon ++disables acceptance of anonymous bind requests. Note that this setting ++does not prohibit anonymous directory access (See "require authc"). ++.B bind_simple ++disables simple (bind) authentication. ++.B tls_2_anon ++disables forcing session to anonymous status (see also ++.BR tls_authc ) ++upon StartTLS operation receipt. ++.B tls_authc ++disallows the StartTLS operation if authenticated (see also ++.BR tls_2_anon ). ++.B proxy_authz_non_critical ++disables acceptance of the proxied authorization control (RFC4370) ++with criticality set to FALSE. ++.B dontusecopy_non_critical ++disables acceptance of the dontUseCopy control (a work in progress) ++with criticality set to FALSE. ++.HP ++.hy 0 ++.B ditcontentrule "(\ <oid>\ ++ [NAME\ <name>]\ ++ [DESC\ <description>]\ ++ [OBSOLETE]\ ++ [AUX\ <oids>]\ ++ [MUST\ <oids>]\ ++ [MAY\ <oids>]\ ++ [NOT\ <oids>]\ )" ++.RS ++Specify an DIT Content Rule using the LDAPv3 syntax defined in RFC 4512. ++The slapd parser extends the RFC 4512 definition by allowing string ++forms as well as numeric OIDs to be used for the attribute OID and ++attribute syntax OID. ++(See the ++.B objectidentifier ++description.) ++.RE ++.TP ++.B gentlehup { on | off } ++A SIGHUP signal will only cause a 'gentle' shutdown-attempt: ++.B Slapd ++will stop listening for new connections, but will not close the ++connections to the current clients. Future write operations return ++unwilling-to-perform, though. Slapd terminates when all clients ++have closed their connections (if they ever do), or - as before - ++if it receives a SIGTERM signal. This can be useful if you wish to ++terminate the server and start a new ++.B slapd ++server ++.B with another database, ++without disrupting the currently active clients. ++The default is off. You may wish to use ++.B idletimeout ++along with this option. ++.TP ++.B idletimeout <integer> ++Specify the number of seconds to wait before forcibly closing ++an idle client connection. A setting of 0 disables this ++feature. The default is 0. You may also want to set the ++.B writetimeout ++option. ++.TP ++.B include <filename> ++Read additional configuration information from the given file before ++continuing with the next line of the current file. ++.TP ++.B index_hash64 { on | off } ++Use a 64 bit hash for indexing. The default is to use 32 bit hashes. ++These hashes are used for equality and substring indexing. The 64 bit ++version may be needed to avoid index collisions when the number of ++indexed values exceeds ~64 million. (Note that substring indexing ++generates multiple index values per actual attribute value.) ++Indices generated with 32 bit hashes are incompatible with the 64 bit ++version, and vice versa. Any existing databases must be fully reloaded ++when changing this setting. This directive is only supported on 64 bit CPUs. ++.TP ++.B index_intlen <integer> ++Specify the key length for ordered integer indices. The most significant ++bytes of the binary integer will be used for index keys. The default ++value is 4, which provides exact indexing for 31 bit values. ++A floating point representation is used to index too large values. ++.TP ++.B index_substr_if_maxlen <integer> ++Specify the maximum length for subinitial and subfinal indices. Only ++this many characters of an attribute value will be processed by the ++indexing functions; any excess characters are ignored. The default is 4. ++.TP ++.B index_substr_if_minlen <integer> ++Specify the minimum length for subinitial and subfinal indices. An ++attribute value must have at least this many characters in order to be ++processed by the indexing functions. The default is 2. ++.TP ++.B index_substr_any_len <integer> ++Specify the length used for subany indices. An attribute value must have ++at least this many characters in order to be processed. Attribute values ++longer than this length will be processed in segments of this length. The ++default is 4. The subany index will also be used in subinitial and ++subfinal index lookups when the filter string is longer than the ++.I index_substr_if_maxlen ++value. ++.TP ++.B index_substr_any_step <integer> ++Specify the steps used in subany index lookups. This value sets the offset ++for the segments of a filter string that are processed for a subany index ++lookup. The default is 2. For example, with the default values, a search ++using this filter "cn=*abcdefgh*" would generate index lookups for ++"abcd", "cdef", and "efgh". ++ ++.LP ++Note: Indexing support depends on the particular backend in use. Also, ++changing these settings will generally require deleting any indices that ++depend on these parameters and recreating them with ++.BR slapindex (8). ++ ++.HP ++.hy 0 ++.B ldapsyntax "(\ <oid>\ ++ [DESC\ <description>]\ ++ [X-SUBST <substitute-syntax>]\ )" ++.RS ++Specify an LDAP syntax using the LDAPv3 syntax defined in RFC 4512. ++The slapd parser extends the RFC 4512 definition by allowing string ++forms as well as numeric OIDs to be used for the syntax OID. ++(See the ++.B objectidentifier ++description.) ++The slapd parser also honors the ++.B X-SUBST ++extension (an OpenLDAP-specific extension), which allows one to use the ++.B ldapsyntax ++statement to define a non-implemented syntax along with another syntax, ++the extension value ++.IR substitute-syntax , ++as its temporary replacement. ++The ++.I substitute-syntax ++must be defined. ++This allows one to define attribute types that make use of non-implemented syntaxes ++using the correct syntax OID. ++Unless ++.B X-SUBST ++is used, this configuration statement would result in an error, ++since no handlers would be associated to the resulting syntax structure. ++.RE ++ ++.TP ++.B listener-threads <integer> ++Specify the number of threads to use for the connection manager. ++The default is 1 and this is typically adequate for up to 16 CPU cores. ++The value should be set to a power of 2. ++.TP ++.B localSSF <SSF> ++Specifies the Security Strength Factor (SSF) to be given local LDAP sessions, ++such as those to the ldapi:// listener. For a description of SSF values, ++see ++.BR sasl-secprops 's ++.B minssf ++option description. The default is 71. ++.TP ++.B logfile <filename> ++Specify a file for recording slapd debug messages. By default these messages ++only go to stderr, are not recorded anywhere else, and are unrelated to ++messages exposed by the ++.B loglevel ++configuration parameter. Specifying a logfile copies messages to both stderr ++and the logfile. ++.TP ++.B logfile-format debug | syslog-utc | syslog-localtime ++Specify the prefix format for messages written to the logfile. The debug ++format is the normal format used for slapd debug messages, with a timestamp ++in hexadecimal, followed by a thread ID. The other options are to ++use syslog(3) style prefixes, with timestamps either in UTC or in the ++local timezone. The default is debug format. ++.TP ++.B logfile-only on | off ++Specify that debug messages should only go to the configured logfile, and ++not to stderr. ++.TP ++.B logfile-rotate <max> <Mbytes> <hours> ++Specify automatic rotation for the configured logfile as the maximum ++number of old logfiles to retain, a maximum size in megabytes to allow a ++logfile to grow before rotation, and a maximum age in hours for a logfile ++to be used before rotation. The maximum number must be in the range 1-99. ++Setting Mbytes or hours to zero disables the size or age check, respectively. ++At least one of Mbytes or hours must be non-zero. By default no automatic ++rotation will be performed. ++.TP ++.B loglevel <integer> [...] ++Specify the level at which debugging statements and operation ++statistics should be syslogged (currently logged to the ++.BR syslogd (8) ++LOG_LOCAL4 facility). ++They must be considered subsystems rather than increasingly verbose ++log levels. ++Some messages with higher priority are logged regardless ++of the configured loglevel as soon as any logging is configured. ++Log levels are additive, and available levels are: ++.RS ++.RS ++.PD 0 ++.TP ++.B 1 ++.B (0x1 trace) ++trace function calls ++.TP ++.B 2 ++.B (0x2 packets) ++debug packet handling ++.TP ++.B 4 ++.B (0x4 args) ++heavy trace debugging (function args) ++.TP ++.B 8 ++.B (0x8 conns) ++connection management ++.TP ++.B 16 ++.B (0x10 BER) ++print out packets sent and received ++.TP ++.B 32 ++.B (0x20 filter) ++search filter processing ++.TP ++.B 64 ++.B (0x40 config) ++configuration file processing ++.TP ++.B 128 ++.B (0x80 ACL) ++access control list processing ++.TP ++.B 256 ++.B (0x100 stats) ++connections, LDAP operations, results (recommended) ++.TP ++.B 512 ++.B (0x200 stats2) ++stats2 log entries sent ++.TP ++.B 1024 ++.B (0x400 shell) ++print communication with shell backends ++.TP ++.B 2048 ++.B (0x800 parse) ++entry parsing ++".TP ++".B 4096 ++".B (0x1000 cache) ++"caching (unused) ++".TP ++".B 8192 ++".B (0x2000 index) ++"data indexing (unused) ++.TP ++.B 16384 ++.B (0x4000 sync) ++LDAPSync replication ++.TP ++.B 32768 ++.B (0x8000 none) ++only messages that get logged whatever log level is set ++.PD ++.RE ++The desired log level can be input as a single integer that combines ++the (ORed) desired levels, both in decimal or in hexadecimal notation, ++as a list of integers (that are ORed internally), ++or as a list of the names that are shown between parentheses, such that ++.LP ++.nf ++ loglevel 129 ++ loglevel 0x81 ++ loglevel 128 1 ++ loglevel 0x80 0x1 ++ loglevel acl trace ++.fi ++.LP ++are equivalent. ++The keyword ++.B any ++can be used as a shortcut to enable logging at all levels (equivalent to -1). ++The keyword ++.BR none , ++or the equivalent integer representation, causes those messages ++that are logged regardless of the configured loglevel to be logged. ++In fact, if loglevel is set to 0, no logging occurs, ++so at least the ++.B none ++level is required to have high priority messages logged. ++ ++Note that the ++.BR packets , ++.BR BER , ++and ++.B parse ++levels are only available as debug output on stderr, and are not ++sent to syslog. ++ ++The loglevel defaults to \fBstats\fP. ++This level should usually also be included when using other loglevels, to ++help analyze the logs. ++.RE ++.TP ++.B maxfilterdepth <integer> ++Specify the maximum depth of nested filters in search requests. ++The default is 1000. ++.TP ++.B moduleload <filename> [<arguments>...] ++Specify the name of a dynamically loadable module to load and any ++additional arguments if supported by the module. The filename ++may be an absolute path name or a simple filename. Non-absolute names ++are searched for in the directories specified by the ++.B modulepath ++option. This option and the ++.B modulepath ++option are only usable if slapd was compiled with --enable-modules. ++.TP ++.B modulepath <pathspec> ++Specify a list of directories to search for loadable modules. Typically ++the path is colon-separated but this depends on the operating system. ++The default is MODULEDIR, which is where the standard OpenLDAP install ++will place its modules. ++.HP ++.hy 0 ++.B objectclass "(\ <oid>\ ++ [NAME\ <name>]\ ++ [DESC\ <description>]\ ++ [OBSOLETE]\ ++ [SUP\ <oids>]\ ++ [{ ABSTRACT | STRUCTURAL | AUXILIARY }]\ ++ [MUST\ <oids>] [MAY\ <oids>] )" ++.RS ++Specify an objectclass using the LDAPv3 syntax defined in RFC 4512. ++The slapd parser extends the RFC 4512 definition by allowing string ++forms as well as numeric OIDs to be used for the object class OID. ++(See the ++.B ++objectidentifier ++description.) Object classes are "STRUCTURAL" by default. ++.RE ++.TP ++.B objectidentifier <name> "{ <oid> | <name>[:<suffix>] }" ++Define a string name that equates to the given OID. The string can be used ++in place of the numeric OID in objectclass and attribute definitions. The ++name can also be used with a suffix of the form ":xx" in which case the ++value "oid.xx" will be used. ++.TP ++.B password-hash <hash> [<hash>...] ++This option configures one or more hashes to be used in generation of user ++passwords stored in the userPassword attribute during processing of ++LDAP Password Modify Extended Operations (RFC 3062). ++The <hash> must be one of ++.BR {SSHA} , ++.BR {SHA} , ++.BR {SMD5} , ++.BR {MD5} , ++.BR {CRYPT} , ++and ++.BR {CLEARTEXT} . ++The default is ++.BR {SSHA} . ++ ++.B {SHA} ++and ++.B {SSHA} ++use the SHA-1 algorithm (FIPS 160-1), the latter with a seed. ++ ++.B {MD5} ++and ++.B {SMD5} ++use the MD5 algorithm (RFC 1321), the latter with a seed. ++ ++.B {CRYPT} ++uses the ++.BR crypt (3). ++ ++.B {CLEARTEXT} ++indicates that the new password should be ++added to userPassword as clear text. ++ ++Note that this option does not alter the normal user applications ++handling of userPassword during LDAP Add, Modify, or other LDAP operations. ++.TP ++.B password-crypt-salt-format <format> ++Specify the format of the salt passed to ++.BR crypt (3) ++when generating {CRYPT} passwords (see ++.BR password-hash ) ++during processing of LDAP Password Modify Extended Operations (RFC 3062). ++ ++This string needs to be in ++.BR sprintf (3) ++format and may include one (and only one) %s conversion. ++This conversion will be substituted with a string of random ++characters from [A-Za-z0-9./]. For example, "%.2s" ++provides a two character salt and "$1$%.8s" tells some ++versions of crypt(3) to use an MD5 algorithm and provides ++8 random characters of salt. The default is "%s", which ++provides 31 characters of salt. ++.TP ++.B pidfile <filename> ++The (absolute) name of a file that will hold the ++.B slapd ++server's process ID (see ++.BR getpid (2)). ++.TP ++.B pluginlog: <filename> ++The ( absolute ) name of a file that will contain log ++messages from ++.B SLAPI ++plugins. See ++.BR slapd.plugin (5) ++for details. ++.TP ++.B referral <url> ++Specify the referral to pass back when ++.BR slapd (8) ++cannot find a local database to handle a request. ++If specified multiple times, each url is provided. ++.TP ++.B require <conditions> ++Specify a set of conditions (separated by white space) to ++require (default none). ++The directive may be specified globally and/or per-database; ++databases inherit global conditions, so per-database specifications ++are additive. ++.B bind ++requires bind operation prior to directory operations. ++.B LDAPv3 ++requires session to be using LDAP version 3. ++.B authc ++requires authentication prior to directory operations. ++.B SASL ++requires SASL authentication prior to directory operations. ++.B strong ++requires strong authentication prior to directory operations. ++The strong keyword allows protected "simple" authentication ++as well as SASL authentication. ++.B none ++may be used to require no conditions (useful to clear out globally ++set conditions within a particular database); it must occur first ++in the list of conditions. ++.TP ++.B reverse-lookup on | off ++Enable/disable client name unverified reverse lookup (default is ++.BR off ++if compiled with --enable-rlookups). ++.TP ++.B rootDSE <file> ++Specify the name of an LDIF(5) file containing user defined attributes ++for the root DSE. These attributes are returned in addition to the ++attributes normally produced by slapd. ++ ++The root DSE is an entry with information about the server and its ++capabilities, in operational attributes. ++It has the empty DN, and can be read with e.g.: ++.ti +4 ++ldapsearch -x -b "" -s base "+" ++.br ++See RFC 4512 section 5.1 for details. ++.TP ++.B sasl-auxprops <plugin> [...] ++Specify which auxprop plugins to use for authentication lookups. The ++default is empty, which just uses slapd's internal support. Usually ++no other auxprop plugins are needed. ++.TP ++.B sasl-auxprops-dontusecopy <attr> [...] ++Specify which attribute(s) should be subject to the don't use copy control. This ++is necessary for some SASL mechanisms such as OTP to work in a replicated ++environment. The attribute "cmusaslsecretOTP" is the default value. ++.TP ++.B sasl-auxprops-dontusecopy-ignore on | off ++Used to disable replication of the attribute(s) defined by ++sasl-auxprops-dontusecopy and instead use a local value for the attribute. This ++allows the SASL mechanism to continue to work if the provider is offline. This can ++cause replication inconsistency. Defaults to off. ++.TP ++.B sasl-host <fqdn> ++Used to specify the fully qualified domain name used for SASL processing. ++.TP ++.B sasl-realm <realm> ++Specify SASL realm. Default is empty. ++.TP ++.B sasl-cbinding none | tls-unique | tls-endpoint ++Specify the channel-binding type, see also LDAP_OPT_X_SASL_CBINDING. ++Default is none. ++.TP ++.B sasl-secprops <properties> ++Used to specify Cyrus SASL security properties. ++The ++.B none ++flag (without any other properties) causes the flag properties ++default, "noanonymous,noplain", to be cleared. ++The ++.B noplain ++flag disables mechanisms susceptible to simple passive attacks. ++The ++.B noactive ++flag disables mechanisms susceptible to active attacks. ++The ++.B nodict ++flag disables mechanisms susceptible to passive dictionary attacks. ++The ++.B noanonymous ++flag disables mechanisms which support anonymous login. ++The ++.B forwardsec ++flag require forward secrecy between sessions. ++The ++.B passcred ++require mechanisms which pass client credentials (and allow ++mechanisms which can pass credentials to do so). ++The ++.B minssf=<factor> ++property specifies the minimum acceptable ++.I security strength factor ++as an integer approximate to effective key length used for ++encryption. 0 (zero) implies no protection, 1 implies integrity ++protection only, 128 allows RC4, Blowfish and other similar ciphers, ++256 will require modern ciphers. The default is 0. ++The ++.B maxssf=<factor> ++property specifies the maximum acceptable ++.I security strength factor ++as an integer (see minssf description). The default is INT_MAX. ++The ++.B maxbufsize=<size> ++property specifies the maximum security layer receive buffer ++size allowed. 0 disables security layers. The default is 65536. ++.TP ++.B schemadn <dn> ++Specify the distinguished name for the subschema subentry that ++controls the entries on this server. The default is "cn=Subschema". ++.TP ++.B security <factors> ++Specify a set of security strength factors (separated by white space) ++to require (see ++.BR sasl-secprops 's ++.B minssf ++option for a description of security strength factors). ++The directive may be specified globally and/or per-database. ++.B ssf=<n> ++specifies the overall security strength factor. ++.B transport=<n> ++specifies the transport security strength factor. ++.B tls=<n> ++specifies the TLS security strength factor. ++.B sasl=<n> ++specifies the SASL security strength factor. ++.B update_ssf=<n> ++specifies the overall security strength factor to require for ++directory updates. ++.B update_transport=<n> ++specifies the transport security strength factor to require for ++directory updates. ++.B update_tls=<n> ++specifies the TLS security strength factor to require for ++directory updates. ++.B update_sasl=<n> ++specifies the SASL security strength factor to require for ++directory updates. ++.B simple_bind=<n> ++specifies the security strength factor required for ++.I simple ++username/password authentication. ++Note that the ++.B transport ++factor is measure of security provided by the underlying transport, ++e.g. ldapi:// (and eventually IPSEC). It is not normally used. ++.TP ++.B serverID <integer> [<URL>] ++Specify an integer ID from 0 to 4095 for this server. The ID may also be ++specified as a hexadecimal ID by prefixing the value with "0x". ++Non-zero IDs are required when using multi-provider replication and each ++provider must have a unique non-zero ID. Note that this requirement also ++applies to separate providers contributing to a glued set of databases. ++If the URL is provided, this directive may be specified ++multiple times, providing a complete list of participating servers ++and their IDs. The fully qualified hostname of each server should be ++used in the supplied URLs. The IDs are used in the "replica id" field ++of all CSNs generated by the specified server. The default value is zero, which ++is only valid for single provider replication. ++Example: ++.LP ++.nf ++ serverID 1 ldap://ldap1.example.com ++ serverID 2 ldap://ldap2.example.com ++.fi ++.TP ++.B sizelimit {<integer>|unlimited} ++.TP ++.B sizelimit size[.{soft|hard}]=<integer> [...] ++Specify the maximum number of entries to return from a search operation. ++The default size limit is 500. ++Use ++.B unlimited ++to specify no limits. ++The second format allows a fine grain setting of the size limits. ++If no special qualifiers are specified, both soft and hard limits are set. ++Extra args can be added on the same line. ++Additional qualifiers are available; see ++.BR limits ++for an explanation of all of the different flags. ++.TP ++.B sockbuf_max_incoming <integer> ++Specify the maximum incoming LDAP PDU size for anonymous sessions. ++The default is 262143. ++.TP ++.B sockbuf_max_incoming_auth <integer> ++Specify the maximum incoming LDAP PDU size for authenticated sessions. ++The default is 4194303. ++.TP ++.B sortvals <attr> [...] ++Specify a list of multi-valued attributes whose values will always ++be maintained in sorted order. Using this option will allow Modify, ++Compare, and filter evaluations on these attributes to be performed ++more efficiently. The resulting sort order depends on the ++attributes' syntax and matching rules and may not correspond to ++lexical order or any other recognizable order. ++.TP ++.B tcp-buffer [listener=<URL>] [{read|write}=]<size> ++Specify the size of the TCP buffer. ++A global value for both read and write TCP buffers related to any listener ++is defined, unless the listener is explicitly specified, ++or either the read or write qualifiers are used. ++See ++.BR tcp (7) ++for details. ++Note that some OS-es implement automatic TCP buffer tuning. ++.TP ++.B threads <integer> ++Specify the maximum size of the primary thread pool. ++The default is 16; the minimum value is 2. ++.TP ++.B threadqueues <integer> ++Specify the number of work queues to use for the primary thread pool. ++The default is 1 and this is typically adequate for up to 8 CPU cores. ++The value should not exceed the number of CPUs in the system. ++.TP ++.B timelimit {<integer>|unlimited} ++.TP ++.B timelimit time[.{soft|hard}]=<integer> [...] ++Specify the maximum number of seconds (in real time) ++.B slapd ++will spend answering a search request. The default time limit is 3600. ++Use ++.B unlimited ++to specify no limits. ++The second format allows a fine grain setting of the time limits. ++Extra args can be added on the same line. See ++.BR limits ++for an explanation of the different flags. ++.TP ++.B tool-threads <integer> ++Specify the maximum number of threads to use in tool mode. ++This should not be greater than the number of CPUs in the system. ++The default is 1. ++.TP ++.B writetimeout <integer> ++Specify the number of seconds to wait before forcibly closing ++a connection with an outstanding write. This allows recovery from ++various network hang conditions. A writetimeout of 0 disables this ++feature. The default is 0. ++.SH TLS OPTIONS ++If ++.B slapd ++is built with support for Transport Layer Security, there are more options ++you can specify. ++.TP ++.B TLSCipherSuite <cipher-suite-spec> ++Permits configuring what ciphers will be accepted and the preference order. ++<cipher-suite-spec> should be a cipher specification for the TLS library ++in use (OpenSSL or GnuTLS). ++Example: ++.RS ++.RS ++.TP ++.I OpenSSL: ++TLSCipherSuite HIGH:MEDIUM:+SSLv2 ++.TP ++.I GnuTLS: ++TLSCiphersuite SECURE256:!AES-128-CBC ++.RE ++ ++To check what ciphers a given spec selects in OpenSSL, use: ++ ++.nf ++ openssl ciphers -v <cipher-suite-spec> ++.fi ++ ++With GnuTLS the available specs can be found in the manual page of ++.BR gnutls-cli (1) ++(see the description of the ++option ++.BR --priority ). ++ ++In older versions of GnuTLS, where gnutls-cli does not support the option ++--priority, you can obtain the (em more limited (em list of ciphers by calling: ++ ++.nf ++ gnutls-cli -l ++.fi ++.RE ++.TP ++.B TLSCACertificateFile <filename> ++Specifies the file that contains certificates for all of the Certificate ++Authorities that ++.B slapd ++will recognize. The certificate for ++the CA that signed the server certificate must(GnuTLS)/may(OpenSSL) be included among ++these certificates. If the signing CA was not a top-level (root) CA, ++certificates for the entire sequence of CA's from the signing CA to ++the top-level CA should be present. Multiple certificates are simply ++appended to the file; the order is not significant. ++.TP ++.B TLSCACertificatePath <path> ++Specifies the path of directories that contain Certificate Authority ++certificates in separate individual files. Usually only one of this ++or the TLSCACertificateFile is used. If both are specified, both ++locations will be used. Multiple directories may be specified, ++separated by a semi-colon. ++.TP ++.B TLSCertificateFile <filename> ++Specifies the file that contains the ++.B slapd ++server certificate. ++ ++When using OpenSSL that file may also contain any number of intermediate ++certificates after the server certificate. ++.TP ++.B TLSCertificateKeyFile <filename> ++Specifies the file that contains the ++.B slapd ++server private key that matches the certificate stored in the ++.B TLSCertificateFile ++file. Currently, the private key must not be protected with a password, so ++it is of critical importance that it is protected carefully. ++.TP ++.B TLSDHParamFile <filename> ++This directive specifies the file that contains parameters for Diffie-Hellman ++ephemeral key exchange. This is required in order to use a DSA certificate on ++the server, or an RSA certificate missing the "key encipherment" key usage. ++Note that setting this option may also enable ++Anonymous Diffie-Hellman key exchanges in certain non-default cipher suites. ++Anonymous key exchanges should generally be avoided since they provide no ++actual client or server authentication and provide no protection against ++man-in-the-middle attacks. ++You should append "!ADH" to your cipher suites to ensure that these suites ++are not used. ++.TP ++.B TLSECName <name> ++Specify the name of the curve(s) to use for Elliptic curve Diffie-Hellman ++ephemeral key exchange. This option is only used for OpenSSL. ++This option is not used with GnuTLS; the curves may be ++chosen in the GnuTLS ciphersuite specification. ++.TP ++.B TLSProtocolMin <major>[.<minor>] ++Specifies minimum SSL/TLS protocol version that will be negotiated. ++If the server doesn't support at least that version, ++the SSL handshake will fail. ++To require TLS 1.x or higher, set this option to 3.(x+1), ++e.g., ++ ++.nf ++ TLSProtocolMin 3.2 ++.fi ++ ++would require TLS 1.1. ++Specifying a minimum that is higher than that supported by the ++OpenLDAP implementation will result in it requiring the ++highest level that it does support. ++This directive is ignored with GnuTLS. ++.TP ++.B TLSRandFile <filename> ++Specifies the file to obtain random bits from when /dev/[u]random ++is not available. Generally set to the name of the EGD/PRNGD socket. ++The environment variable RANDFILE can also be used to specify the filename. ++This directive is ignored with GnuTLS. ++.TP ++.B TLSVerifyClient <level> ++Specifies what checks to perform on client certificates in an ++incoming TLS session, if any. ++The ++.B <level> ++can be specified as one of the following keywords: ++.RS ++.TP ++.B never ++This is the default. ++.B slapd ++will not ask the client for a certificate. ++.TP ++.B allow ++The client certificate is requested. If no certificate is provided, ++the session proceeds normally. If a bad certificate is provided, ++it will be ignored and the session proceeds normally. ++.TP ++.B try ++The client certificate is requested. If no certificate is provided, ++the session proceeds normally. If a bad certificate is provided, ++the session is immediately terminated. ++.TP ++.B demand | hard | true ++These keywords are all equivalent, for compatibility reasons. ++The client certificate is requested. If no certificate is provided, ++or a bad certificate is provided, the session is immediately terminated. ++ ++Note that a valid client certificate is required in order to use the ++SASL EXTERNAL authentication mechanism with a TLS session. As such, ++a non-default ++.B TLSVerifyClient ++setting must be chosen to enable SASL EXTERNAL authentication. ++.RE ++.TP ++.B TLSCRLCheck <level> ++Specifies if the Certificate Revocation List (CRL) of the CA should be ++used to verify if the client certificates have not been revoked. This ++requires ++.B TLSCACertificatePath ++parameter to be set. This directive is ignored with GnuTLS. ++.B <level> ++can be specified as one of the following keywords: ++.RS ++.TP ++.B none ++No CRL checks are performed ++.TP ++.B peer ++Check the CRL of the peer certificate ++.TP ++.B all ++Check the CRL for a whole certificate chain ++.RE ++.TP ++.B TLSCRLFile <filename> ++Specifies a file containing a Certificate Revocation List to be used ++for verifying that certificates have not been revoked. This directive is ++only valid when using GnuTLS. ++.SH GENERAL BACKEND OPTIONS ++Options in this section only apply to the configuration file section ++of all instances of the specified backend. All backends may support ++this class of options, but currently only back-mdb does. ++.TP ++.B backend <databasetype> ++Mark the beginning of a backend definition. <databasetype> ++should be one of ++.BR asyncmeta , ++.BR config , ++.BR dnssrv , ++.BR ldap , ++.BR ldif , ++.BR mdb , ++.BR meta , ++.BR monitor , ++.BR null , ++.BR passwd , ++.BR perl , ++.BR relay , ++.BR sock , ++.BR sql , ++or ++.BR wt . ++At present, only back-mdb implements any options of this type, so this ++setting is not needed for any other backends. ++ ++.SH GENERAL DATABASE OPTIONS ++Options in this section only apply to the configuration file section ++for the database in which they are defined. They are supported by every ++type of backend. Note that the ++.B database ++and at least one ++.B suffix ++option are mandatory for each database. ++.TP ++.B database <databasetype> ++Mark the beginning of a new database instance definition. <databasetype> ++should be one of ++.BR asyncmeta , ++.BR config , ++.BR dnssrv , ++.BR ldap , ++.BR ldif , ++.BR mdb , ++.BR meta , ++.BR monitor , ++.BR null , ++.BR passwd , ++.BR perl , ++.BR relay , ++.BR sock , ++.BR sql , ++or ++.BR wt , ++depending on which backend will serve the database. ++ ++LDAP operations, even subtree searches, normally access only one ++database. ++That can be changed by gluing databases together with the ++.B subordinate ++keyword. ++Access controls and some overlays can also involve multiple databases. ++.TP ++.B add_content_acl on | off ++Controls whether Add operations will perform ACL checks on ++the content of the entry being added. This check is off ++by default. See the ++.BR slapd.access (5) ++manual page for more details on ACL requirements for ++Add operations. ++.TP ++.B extra_attrs <attrlist> ++Lists what attributes need to be added to search requests. ++Local storage backends return the entire entry to the frontend. ++The frontend takes care of only returning the requested attributes ++that are allowed by ACLs. ++However, features like access checking and so may need specific ++attributes that are not automatically returned by remote storage ++backends, like proxy backends and so on. ++.B <attrlist> ++is a list of attributes that are needed for internal purposes ++and thus always need to be collected, even when not explicitly ++requested by clients. ++.TP ++.B hidden on | off ++Controls whether the database will be used to answer ++queries. A database that is hidden will never be ++selected to answer any queries, and any suffix configured ++on the database will be ignored in checks for conflicts ++with other databases. By default, hidden is off. ++.TP ++.B lastmod on | off ++Controls whether ++.B slapd ++will automatically maintain the ++modifiersName, modifyTimestamp, creatorsName, and ++createTimestamp attributes for entries. It also controls ++the entryCSN and entryUUID attributes, which are needed ++by the syncrepl provider. By default, lastmod is on. ++.TP ++.B lastbind on | off ++Controls whether ++.B slapd ++will automatically maintain the pwdLastSuccess attribute for ++entries. By default, lastbind is off. ++.TP ++.B lastbind-precision <integer> ++If lastbind is enabled, specifies how frequently pwdLastSuccess ++will be updated. More than ++.B integer ++seconds must have passed since the last successful bind. In a ++replicated environment with frequent bind activity it may be ++useful to set this to a large value. ++.TP ++.B limits <selector> <limit> [<limit> [...]] ++Specify time and size limits based on the operation's initiator or ++base DN. ++The argument ++.B <selector> ++can be any of ++.RS ++.RS ++.TP ++anonymous | users | [<dnspec>=]<pattern> | group[/oc[/at]]=<pattern> ++ ++.RE ++with ++.RS ++.TP ++<dnspec> ::= dn[.<type>][.<style>] ++.TP ++<type> ::= self | this ++.TP ++<style> ::= exact | base | onelevel | subtree | children | regex | anonymous ++ ++.RE ++DN type ++.B self ++is the default and means the bound user, while ++.B this ++means the base DN of the operation. ++The term ++.B anonymous ++matches all unauthenticated clients. ++The term ++.B users ++matches all authenticated clients; ++otherwise an ++.B exact ++dn pattern is assumed unless otherwise specified by qualifying ++the (optional) key string ++.B dn ++with ++.B exact ++or ++.B base ++(which are synonyms), to require an exact match; with ++.BR onelevel , ++to require exactly one level of depth match; with ++.BR subtree , ++to allow any level of depth match, including the exact match; with ++.BR children , ++to allow any level of depth match, not including the exact match; ++.BR regex ++explicitly requires the (default) match based on POSIX (''extended'') ++regular expression pattern. ++Finally, ++.B anonymous ++matches unbound operations; the ++.B pattern ++field is ignored. ++The same behavior is obtained by using the ++.B anonymous ++form of the ++.B <selector> ++clause. ++The term ++.BR group , ++with the optional objectClass ++.B oc ++and attributeType ++.B at ++fields, followed by ++.BR pattern , ++sets the limits for any DN listed in the values of the ++.B at ++attribute (default ++.BR member ) ++of the ++.B oc ++group objectClass (default ++.BR groupOfNames ) ++whose DN exactly matches ++.BR pattern . ++ ++The currently supported limits are ++.B size ++and ++.BR time . ++ ++The syntax for time limits is ++.BR time[.{soft|hard}]=<integer> , ++where ++.I integer ++is the number of seconds slapd will spend answering a search request. ++If no time limit is explicitly requested by the client, the ++.BR soft ++limit is used; if the requested time limit exceeds the ++.BR hard ++."limit, an ++.".I "Administrative limit exceeded" ++."error is returned. ++limit, the value of the limit is used instead. ++If the ++.BR hard ++limit is set to the keyword ++.IR soft , ++the soft limit is used in either case; if it is set to the keyword ++.IR unlimited , ++no hard limit is enforced. ++Explicit requests for time limits smaller or equal to the ++.BR hard ++limit are honored. ++If no limit specifier is set, the value is assigned to the ++.BR soft ++limit, and the ++.BR hard ++limit is set to ++.IR soft , ++to preserve the original behavior. ++ ++The syntax for size limits is ++.BR size[.{soft|hard|unchecked}]=<integer> , ++where ++.I integer ++is the maximum number of entries slapd will return answering a search ++request. ++If no size limit is explicitly requested by the client, the ++.BR soft ++limit is used; if the requested size limit exceeds the ++.BR hard ++."limit, an ++.".I "Administrative limit exceeded" ++."error is returned. ++limit, the value of the limit is used instead. ++If the ++.BR hard ++limit is set to the keyword ++.IR soft , ++the soft limit is used in either case; if it is set to the keyword ++.IR unlimited , ++no hard limit is enforced. ++Explicit requests for size limits smaller or equal to the ++.BR hard ++limit are honored. ++The ++.BR unchecked ++specifier sets a limit on the number of candidates a search request is allowed ++to examine. ++The rationale behind it is that searches for non-properly indexed ++attributes may result in large sets of candidates, which must be ++examined by ++.BR slapd (8) ++to determine whether they match the search filter or not. ++The ++.B unchecked ++limit provides a means to drop such operations before they are even ++started. ++If the selected candidates exceed the ++.BR unchecked ++limit, the search will abort with ++.IR "Unwilling to perform" . ++If it is set to the keyword ++.IR unlimited , ++no limit is applied (the default). ++If it is set to ++.IR disabled , ++the search is not even performed; this can be used to disallow searches ++for a specific set of users. ++If no limit specifier is set, the value is assigned to the ++.BR soft ++limit, and the ++.BR hard ++limit is set to ++.IR soft , ++to preserve the original behavior. ++ ++In case of no match, the global limits are used. ++The default values are the same as for ++.B sizelimit ++and ++.BR timelimit ; ++no limit is set on ++.BR unchecked . ++ ++If ++.B pagedResults ++control is requested, the ++.B hard ++size limit is used by default, because the request of a specific page size ++is considered an explicit request for a limitation on the number ++of entries to be returned. ++However, the size limit applies to the total count of entries returned within ++the search, and not to a single page. ++Additional size limits may be enforced; the syntax is ++.BR size.pr={<integer>|noEstimate|unlimited} , ++where ++.I integer ++is the max page size if no explicit limit is set; the keyword ++.I noEstimate ++inhibits the server from returning an estimate of the total number ++of entries that might be returned ++(note: the current implementation does not return any estimate). ++The keyword ++.I unlimited ++indicates that no limit is applied to the pagedResults control page size. ++The syntax ++.B size.prtotal={<integer>|hard|unlimited|disabled} ++allows one to set a limit on the total number of entries that the pagedResults ++control will return. ++By default it is set to the ++.B hard ++limit which will use the size.hard value. ++When set, ++.I integer ++is the max number of entries that the whole search with pagedResults control ++can return. ++Use ++.I unlimited ++to allow unlimited number of entries to be returned, e.g. to allow ++the use of the pagedResults control as a means to circumvent size ++limitations on regular searches; the keyword ++.I disabled ++disables the control, i.e. no paged results can be returned. ++Note that the total number of entries returned when the pagedResults control ++is requested cannot exceed the ++.B hard ++size limit of regular searches unless extended by the ++.B prtotal ++switch. ++ ++The \fBlimits\fP statement is typically used to let an unlimited ++number of entries be returned by searches performed ++with the identity used by the consumer for synchronization purposes ++by means of the RFC 4533 LDAP Content Synchronization protocol ++(see \fBsyncrepl\fP for details). ++ ++When using subordinate databases, it is necessary for any limits that ++are to be applied across the parent and its subordinates to be defined in ++both the parent and its subordinates. Otherwise the settings on the ++subordinate databases are not honored. ++.RE ++.TP ++.B maxderefdepth <depth> ++Specifies the maximum number of aliases to dereference when trying to ++resolve an entry, used to avoid infinite alias loops. The default is 15. ++.TP ++.B multiprovider on | off ++This option puts a consumer database into Multi-Provider mode. Update ++operations will be accepted from any user, not just the updatedn. The ++database must already be configured as a syncrepl consumer ++before this keyword may be set. This mode also requires a ++.B serverID ++(see above) to be configured. ++By default, multiprovider is off. ++.TP ++.B monitoring on | off ++This option enables database-specific monitoring in the entry related ++to the current database in the "cn=Databases,cn=Monitor" subtree ++of the monitor database, if the monitor database is enabled. ++Currently, only the MDB database provides database-specific monitoring. ++If monitoring is supported by the backend it defaults to on, otherwise ++off. ++.TP ++.B overlay <overlay-name> ++Add the specified overlay to this database. An overlay is a piece of ++code that intercepts database operations in order to extend or change ++them. Overlays are pushed onto ++a stack over the database, and so they will execute in the reverse ++of the order in which they were configured and the database itself ++will receive control last of all. See the ++.BR slapd.overlays (5) ++manual page for an overview of the available overlays. ++Note that all of the database's ++regular settings should be configured before any overlay settings. ++.TP ++.B readonly on | off ++This option puts the database into "read-only" mode. Any attempts to ++modify the database will return an "unwilling to perform" error. By ++default, readonly is off. ++.TP ++.B restrict <oplist> ++Specify a whitespace separated list of operations that are restricted. ++If defined inside a database specification, restrictions apply only ++to that database, otherwise they are global. ++Operations can be any of ++.BR add , ++.BR bind , ++.BR compare , ++.BR delete , ++.BR extended[=<OID>] , ++.BR modify , ++.BR rename , ++.BR search , ++or the special pseudo-operations ++.B read ++and ++.BR write , ++which respectively summarize read and write operations. ++The use of ++.I restrict write ++is equivalent to ++.I readonly on ++(see above). ++The ++.B extended ++keyword allows one to indicate the OID of the specific operation ++to be restricted. ++.TP ++.B rootdn <dn> ++Specify the distinguished name that is not subject to access control ++or administrative limit restrictions for operations on this database. ++This DN may or may not be associated with an entry. An empty root ++DN (the default) specifies no root access is to be granted. It is ++recommended that the rootdn only be specified when needed (such as ++when initially populating a database). If the rootdn is within ++a namingContext (suffix) of the database, a simple bind password ++may also be provided using the ++.B rootpw ++directive. Many optional features, including syncrepl, require the ++rootdn to be defined for the database. ++.TP ++.B rootpw <password> ++Specify a password (or hash of the password) for the rootdn. The ++password can only be set if the rootdn is within the namingContext ++(suffix) of the database. ++This option accepts all RFC 2307 userPassword formats known to ++the server (see ++.B password-hash ++description) as well as cleartext. ++.BR slappasswd (8) ++may be used to generate a hash of a password. Cleartext ++and \fB{CRYPT}\fP passwords are not recommended. If empty ++(the default), authentication of the root DN is by other means ++(e.g. SASL). Use of SASL is encouraged. ++.TP ++.B suffix <dn suffix> ++Specify the DN suffix of queries that will be passed to this ++backend database. Multiple suffix lines can be given and at least one is ++required for each database definition. ++ ++If the suffix of one database is "inside" that of another, the database ++with the inner suffix must come first in the configuration file. ++You may also want to glue such databases together with the ++.B subordinate ++keyword. ++.TP ++.B subordinate [advertise] ++Specify that the current backend database is a subordinate of another ++backend database. A subordinate database may have only one suffix. This ++option may be used to glue multiple databases into a single namingContext. ++If the suffix of the current database is within the namingContext of a ++superior database, searches against the superior database will be ++propagated to the subordinate as well. All of the databases ++associated with a single namingContext should have identical rootdns. ++Behavior of other LDAP operations is unaffected by this setting. In ++particular, it is not possible to use moddn to move an entry from ++one subordinate to another subordinate within the namingContext. ++ ++If the optional \fBadvertise\fP flag is supplied, the naming context of ++this database is advertised in the root DSE. The default is to hide this ++database context, so that only the superior context is visible. ++ ++If the slap tools ++.BR slapcat (8), ++.BR slapadd (8), ++.BR slapmodify (8), ++or ++.BR slapindex (8) ++are used on the superior database, any glued subordinates that support ++these tools are opened as well. ++ ++Databases that are glued together should usually be configured with the ++same indices (assuming they support indexing), even for attributes that ++only exist in some of these databases. In general, all of the glued ++databases should be configured as similarly as possible, since the intent ++is to provide the appearance of a single directory. ++ ++Note that the \fIsubordinate\fP functionality is implemented internally ++by the \fIglue\fP overlay and as such its behavior will interact with other ++overlays in use. By default, the glue overlay is automatically configured as ++the last overlay on the superior backend. Its position on the backend ++can be explicitly configured by setting an \fBoverlay glue\fP directive ++at the desired position. This explicit configuration is necessary e.g. ++when using the \fIsyncprov\fP overlay, which needs to follow \fIglue\fP ++in order to work over all of the glued databases. E.g. ++.RS ++.nf ++ database mdb ++ suffix dc=example,dc=com ++ ... ++ overlay glue ++ overlay syncprov ++.fi ++.RE ++.TP ++.B sync_use_subentry ++Store the syncrepl contextCSN in a subentry instead of the context entry ++of the database. The subentry's RDN will be "cn=ldapsync". By default ++the contextCSN is stored in the context entry. ++.HP ++.hy 0 ++.B syncrepl rid=<replica ID> ++.B provider=ldap[s]://<hostname>[:port] ++.B searchbase=<base DN> ++.B [type=refreshOnly|refreshAndPersist] ++.B [interval=dd:hh:mm:ss] ++.B [retry=[<retry interval> <# of retries>]+] ++.B [filter=<filter str>] ++.B [scope=sub|one|base|subord] ++.B [attrs=<attr list>] ++.B [exattrs=<attr list>] ++.B [attrsonly] ++.B [sizelimit=<limit>] ++.B [timelimit=<limit>] ++.B [schemachecking=on|off] ++.B [network-timeout=<seconds>] ++.B [timeout=<seconds>] ++.B [tcp-user-timeout=<milliseconds>] ++.B [bindmethod=simple|sasl] ++.B [binddn=<dn>] ++.B [saslmech=<mech>] ++.B [authcid=<identity>] ++.B [authzid=<identity>] ++.B [credentials=<passwd>] ++.B [realm=<realm>] ++.B [secprops=<properties>] ++.B [keepalive=<idle>:<probes>:<interval>] ++.B [starttls=yes|critical] ++.B [tls_cert=<file>] ++.B [tls_key=<file>] ++.B [tls_cacert=<file>] ++.B [tls_cacertdir=<path>] ++.B [tls_reqcert=never|allow|try|demand] ++.B [tls_reqsan=never|allow|try|demand] ++.B [tls_cipher_suite=<ciphers>] ++.B [tls_ecname=<names>] ++.B [tls_crlcheck=none|peer|all] ++.B [tls_protocol_min=<major>[.<minor>]] ++.B [suffixmassage=<real DN>] ++.B [logbase=<base DN>] ++.B [logfilter=<filter str>] ++.B [syncdata=default|accesslog|changelog] ++.B [lazycommit] ++.RS ++Specify the current database as a consumer which is kept up-to-date with the ++provider content by establishing the current ++.BR slapd (8) ++as a replication consumer site running a ++.B syncrepl ++replication engine. ++The consumer content is kept synchronized to the provider content using ++the LDAP Content Synchronization protocol. Refer to the ++"OpenLDAP Administrator's Guide" for detailed information on ++setting up a replicated ++.B slapd ++directory service using the ++.B syncrepl ++replication engine. ++ ++.B rid ++identifies the current ++.B syncrepl ++directive within the replication consumer site. ++It is a non-negative integer not greater than 999 (limited ++to three decimal digits). ++ ++.B provider ++specifies the replication provider site containing the provider content ++as an LDAP URI. If <port> is not given, the standard LDAP port number ++(389 or 636) is used. ++ ++The content of the ++.B syncrepl ++consumer is defined using a search ++specification as its result set. The consumer ++.B slapd ++will send search requests to the provider ++.B slapd ++according to the search specification. The search specification includes ++.BR searchbase ", " scope ", " filter ", " attrs ", " attrsonly ", " sizelimit ", " ++and ++.B timelimit ++parameters as in the normal search specification. The ++.B exattrs ++option may also be used to specify attributes that should be omitted ++from incoming entries. ++The \fBscope\fP defaults to \fBsub\fP, the \fBfilter\fP defaults to ++\fB(objectclass=*)\fP, and there is no default \fBsearchbase\fP. The ++\fBattrs\fP list defaults to \fB"*,+"\fP to return all user and operational ++attributes, and \fBattrsonly\fP and \fBexattrs\fP are unset by default. ++The \fBsizelimit\fP and \fBtimelimit\fP only ++accept "unlimited" and positive integers, and both default to "unlimited". ++The \fBsizelimit\fP and \fBtimelimit\fP parameters define ++a consumer requested limitation on the number of entries that can be returned ++by the LDAP Content Synchronization operation; as such, it is intended ++to implement partial replication based on the size of the replicated database ++and on the time required by the synchronization. ++Note, however, that any provider-side limits for the replication identity ++will be enforced by the provider regardless of the limits requested ++by the LDAP Content Synchronization operation, much like for any other ++search operation. ++ ++The LDAP Content Synchronization protocol has two operation types. ++In the ++.B refreshOnly ++operation, the next synchronization search operation ++is periodically rescheduled at an interval time (specified by ++.B interval ++parameter; 1 day by default) ++after each synchronization operation finishes. ++In the ++.B refreshAndPersist ++operation, a synchronization search remains persistent in the provider slapd. ++Further updates to the provider will generate ++.B searchResultEntry ++to the consumer slapd as the search responses to the persistent ++synchronization search. If the initial search fails due to an error, the ++next synchronization search operation is periodically rescheduled at an ++interval time (specified by ++.B interval ++parameter; 1 day by default) ++ ++If an error occurs during replication, the consumer will attempt to ++reconnect according to the ++.B retry ++parameter which is a list of the <retry interval> and <# of retries> pairs. ++For example, retry="60 10 300 3" lets the consumer retry every 60 seconds ++for the first 10 times and then retry every 300 seconds for the next 3 ++times before stop retrying. The `+' in <# of retries> means indefinite ++number of retries until success. ++If no ++.B retry ++is specified, by default syncrepl retries every hour forever. ++ ++The schema checking can be enforced at the LDAP Sync ++consumer site by turning on the ++.B schemachecking ++parameter. The default is \fBoff\fP. ++Schema checking \fBon\fP means that replicated entries must have ++a structural objectClass, must obey to objectClass requirements ++in terms of required/allowed attributes, and that naming attributes ++and distinguished values must be present. ++As a consequence, schema checking should be \fBoff\fP when partial ++replication is used. ++ ++The ++.B network-timeout ++parameter sets how long the consumer will wait to establish a ++network connection to the provider. Once a connection is ++established, the ++.B timeout ++parameter determines how long the consumer will wait for the initial ++Bind request to complete. The defaults for these parameters come ++from ++.BR ldap.conf (5). ++The ++.B tcp-user-timeout ++parameter, if non-zero, corresponds to the ++.B TCP_USER_TIMEOUT ++set on the target connections, overriding the operating system setting. ++Only some systems support the customization of this parameter, it is ++ignored otherwise and system-wide settings are used. ++ ++A ++.B bindmethod ++of ++.B simple ++requires the options ++.B binddn ++and ++.B credentials ++and should only be used when adequate security services ++(e.g. TLS or IPSEC) are in place. ++.B REMEMBER: simple bind credentials must be in cleartext! ++A ++.B bindmethod ++of ++.B sasl ++requires the option ++.B saslmech. ++Depending on the mechanism, an authentication identity and/or ++credentials can be specified using ++.B authcid ++and ++.B credentials. ++The ++.B authzid ++parameter may be used to specify an authorization identity. ++Specific security properties (as with the ++.B sasl-secprops ++keyword above) for a SASL bind can be set with the ++.B secprops ++option. A non default SASL realm can be set with the ++.B realm ++option. ++The identity used for synchronization by the consumer should be allowed ++to receive an unlimited number of entries in response to a search request. ++The provider, other than allowing authentication of the syncrepl identity, ++should grant that identity appropriate access privileges to the data ++that is being replicated (\fBaccess\fP directive), and appropriate time ++and size limits. ++This can be accomplished by either allowing unlimited \fBsizelimit\fP ++and \fBtimelimit\fP, or by setting an appropriate \fBlimits\fP statement ++in the consumer's configuration (see \fBsizelimit\fP and \fBlimits\fP ++for details). ++ ++The ++.B keepalive ++parameter sets the values of \fIidle\fP, \fIprobes\fP, and \fIinterval\fP ++used to check whether a socket is alive; ++.I idle ++is the number of seconds a connection needs to remain idle before TCP ++starts sending keepalive probes; ++.I probes ++is the maximum number of keepalive probes TCP should send before dropping ++the connection; ++.I interval ++is interval in seconds between individual keepalive probes. ++Only some systems support the customization of these values; ++the ++.B keepalive ++parameter is ignored otherwise, and system-wide settings are used. ++ ++The ++.B starttls ++parameter specifies use of the StartTLS extended operation ++to establish a TLS session before Binding to the provider. If the ++.B critical ++argument is supplied, the session will be aborted if the StartTLS request ++fails. Otherwise the syncrepl session continues without TLS. The ++.B tls_reqcert ++setting defaults to "demand", the ++.B tls_reqsan ++setting defaults to "allow", and the other TLS settings ++default to the same as the main slapd TLS settings. ++ ++The ++.B suffixmassage ++parameter allows the consumer to pull entries from a remote directory ++whose DN suffix differs from the local directory. The portion of the ++remote entries' DNs that matches the \fIsearchbase\fP will be replaced ++with the suffixmassage DN. ++ ++Rather than replicating whole entries, the consumer can query logs of ++data modifications. This mode of operation is referred to as \fIdelta ++syncrepl\fP. In addition to the above parameters, the ++.B logbase ++and ++.B logfilter ++parameters must be set appropriately for the log that will be used. The ++.B syncdata ++parameter must be set to either "accesslog" if the log conforms to the ++.BR slapo-accesslog (5) ++log format, or "changelog" if the log conforms ++to the obsolete \fIchangelog\fP format. If the ++.B syncdata ++parameter is omitted or set to "default" then the log parameters are ++ignored. ++ ++The ++.B lazycommit ++parameter tells the underlying database that it can store changes without ++performing a full flush after each change. This may improve performance ++for the consumer, while sacrificing safety or durability. ++.RE ++.TP ++.B updatedn <dn> ++This option is only applicable in a replica ++database. ++It specifies the DN permitted to update (subject to access controls) ++the replica. It is only needed in certain push-mode ++replication scenarios. Generally, this DN ++.I should not ++be the same as the ++.B rootdn ++used at the provider. ++.TP ++.B updateref <url> ++Specify the referral to pass back when ++.BR slapd (8) ++is asked to modify a replicated local database. ++If specified multiple times, each url is provided. ++ ++.SH DATABASE-SPECIFIC OPTIONS ++Each database may allow specific configuration options; they are ++documented separately in the backends' manual pages. See the ++.BR slapd.backends (5) ++manual page for an overview of available backends. ++.SH EXAMPLES ++.LP ++Here is a short example of a configuration file: ++.LP ++.RS ++.nf ++include SYSCONFDIR/schema/core.schema ++pidfile LOCALSTATEDIR/run/slapd.pid ++ ++# Subtypes of "name" (e.g. "cn" and "ou") with the ++# option ";x-hidden" can be searched for/compared, ++# but are not shown. See \fBslapd.access\fP(5). ++attributeoptions x-hidden lang- ++access to attrs=name;x-hidden by * =cs ++ ++# Protect passwords. See \fBslapd.access\fP(5). ++access to attrs=userPassword by * auth ++# Read access to other attributes and entries. ++access to * by * read ++ ++database mdb ++suffix "dc=our-domain,dc=com" ++# The database directory MUST exist prior to ++# running slapd AND should only be accessible ++# by the slapd/tools. Mode 0700 recommended. ++directory LOCALSTATEDIR/openldap-data ++# Indices to maintain ++index objectClass eq ++index cn,sn,mail pres,eq,approx,sub ++ ++# We serve small clients that do not handle referrals, ++# so handle remote lookups on their behalf. ++database ldap ++suffix "" ++uri ldap://ldap.some-server.com/ ++lastmod off ++.fi ++.RE ++.LP ++"OpenLDAP Administrator's Guide" contains a longer annotated ++example of a configuration file. ++The original ETCDIR/slapd.conf is another example. ++.SH FILES ++.TP ++ETCDIR/slapd.conf ++default slapd configuration file ++.SH SEE ALSO ++.BR ldap (3), ++.BR gnutls-cli (1), ++.BR slapd-config (5), ++.BR slapd.access (5), ++.BR slapd.backends (5), ++.BR slapd.overlays (5), ++.BR slapd.plugin (5), ++.BR slapd (8), ++.BR slapacl (8), ++.BR slapadd (8), ++.BR slapauth (8), ++.BR slapcat (8), ++.BR slapdn (8), ++.BR slapindex (8), ++.BR slapmodify (8), ++.BR slappasswd (8), ++.BR slaptest (8). ++.LP ++"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/) ++.SH ACKNOWLEDGEMENTS ++.so ../Project +diff -Naurp openldap-2.6.1.orig/doc/man/man5/slapd-config.5 openldap-2.6.1/doc/man/man5/slapd-config.5 +--- openldap-2.6.1.orig/doc/man/man5/slapd-config.5 2022-01-19 12:32:34.000000000 -0600 ++++ openldap-2.6.1/doc/man/man5/slapd-config.5 2022-02-13 15:54:13.654979570 -0600 +@@ -2234,7 +2234,7 @@ olcSuffix: "dc=our-domain,dc=com" + # The database directory MUST exist prior to + # running slapd AND should only be accessible + # by the slapd/tools. Mode 0700 recommended. +-olcDbDirectory: LOCALSTATEDIR/openldap-data ++olcDbDirectory: LOCALSTATEDIR/lib/openldap + # Indices to maintain + olcDbIndex: objectClass eq + olcDbIndex: cn,sn,mail pres,eq,approx,sub +diff -Naurp openldap-2.6.1.orig/doc/man/man5/slapd-config.5.orig openldap-2.6.1/doc/man/man5/slapd-config.5.orig +--- openldap-2.6.1.orig/doc/man/man5/slapd-config.5.orig 1969-12-31 18:00:00.000000000 -0600 ++++ openldap-2.6.1/doc/man/man5/slapd-config.5.orig 2022-01-19 12:32:34.000000000 -0600 +@@ -0,0 +1,2303 @@ ++.TH SLAPD-CONFIG 5 "RELEASEDATE" "OpenLDAP LDVERSION" ++." Copyright 1998-2022 The OpenLDAP Foundation All Rights Reserved. ++." Copying restrictions apply. See COPYRIGHT/LICENSE. ++." $OpenLDAP$ ++.SH NAME ++slapd-config - configuration backend to slapd ++.SH SYNOPSIS ++ETCDIR/slapd.d ++.SH DESCRIPTION ++The ++.B config ++backend manages all of the configuration information for the ++.BR slapd (8) ++daemon. This configuration information is also used by the SLAPD tools ++.BR slapacl (8), ++.BR slapadd (8), ++.BR slapauth (8), ++.BR slapcat (8), ++.BR slapdn (8), ++.BR slapindex (8), ++.BR slapmodify (8), ++and ++.BR slaptest (8). ++.LP ++The ++.B config ++backend is backward compatible with the older ++.BR slapd.conf (5) ++file but provides the ability to change the configuration dynamically ++at runtime. If slapd is run with only a ++.B slapd.conf ++file dynamic changes will be allowed but they will not persist across ++a server restart. Dynamic changes are only saved when slapd is running ++from a ++.B slapd.d ++configuration directory. ++.LP ++ ++Unlike other backends, there can only be one instance of the ++.B config ++backend, and most of its structure is predefined. The root of the ++database is hardcoded to ++.B "cn=config" ++and this root entry contains ++global settings for slapd. Multiple child entries underneath the ++root entry are used to carry various other settings: ++.RS ++.TP ++.B cn=Module ++dynamically loaded modules ++.TP ++.B cn=Schema ++schema definitions ++.TP ++.B olcBackend=xxx ++backend-specific settings ++.TP ++.B olcDatabase=xxx ++database-specific settings ++.RE ++ ++The ++.B cn=Module ++entries will only appear in configurations where slapd ++was built with support for dynamically loaded modules. There can be ++multiple entries, one for each configured module path. Within each ++entry there will be values recorded for each module loaded on a ++given path. These entries have no children. ++ ++The ++.B cn=Schema ++entry contains all of the hardcoded schema elements. ++The children of this entry contain all user-defined schema elements. ++In schema that were loaded from include files, the child entry will ++be named after the include file from which the schema was loaded. ++Typically the first child in this subtree will be ++.BR cn=core,cn=schema,cn=config . ++ ++.B olcBackend ++entries are for storing settings specific to a single ++backend type (and thus global to all database instances of that type). ++At present, only back-mdb implements any options of this type, so this ++setting is not needed for any other backends. ++ ++.B olcDatabase ++entries store settings specific to a single database ++instance. These entries may have ++.B olcOverlay ++child entries corresponding ++to any overlays configured on the database. The olcDatabase and ++olcOverlay entries may also have miscellaneous child entries for ++other settings as needed. There are two special database entries ++that are predefined - one is an entry for the config database itself, ++and the other is for the "frontend" database. Settings in the ++frontend database are inherited by the other databases, unless ++they are explicitly overridden in a specific database. ++.LP ++The specific configuration options available are discussed below in the ++Global Configuration Options, General Backend Options, and General Database ++Options. Options are set by defining LDAP attributes with specific values. ++In general the names of the LDAP attributes are the same as the corresponding ++.B slapd.conf ++keyword, with an "olc" prefix added on. ++ ++The parser for many of these attributes is the same as used for parsing ++the slapd.conf keywords. As such, slapd.conf keywords that allow multiple ++items to be specified on one line, separated by whitespace, will allow ++multiple items to be specified in one attribute value. However, when ++reading the attribute via LDAP, the items will be returned as individual ++attribute values. ++ ++Backend-specific options are discussed in the ++.B slapd-<backend>(5) ++manual pages. Refer to the "OpenLDAP Administrator's Guide" for more ++details on configuring slapd. ++.SH GLOBAL CONFIGURATION OPTIONS ++Options described in this section apply to the server as a whole. ++Arguments that should be replaced by ++actual text are shown in brackets <>. ++ ++These options may only be specified in the ++.B cn=config ++entry. This entry must have an objectClass of ++.BR olcGlobal . ++ ++.TP ++.B olcAllows: <features> ++Specify a set of features to allow (default none). ++.B bind_v2 ++allows acceptance of LDAPv2 bind requests. Note that ++.BR slapd (8) ++does not truly implement LDAPv2 (RFC 1777), now Historic (RFC 3494). ++.B bind_anon_cred ++allows anonymous bind when credentials are not empty (e.g. ++when DN is empty). ++.B bind_anon_dn ++allows unauthenticated (anonymous) bind when DN is not empty. ++.B update_anon ++allows unauthenticated (anonymous) update operations to be processed ++(subject to access controls and other administrative limits). ++.B proxy_authz_anon ++allows unauthenticated (anonymous) proxy authorization control to be processed ++(subject to access controls, authorization and other administrative limits). ++.TP ++.B olcArgsFile: <filename> ++The (absolute) name of a file that will hold the ++.B slapd ++server's command line (program name and options). ++.TP ++.B olcAttributeOptions: <option-name>... ++Define tagging attribute options or option tag/range prefixes. ++Options must not end with `-', prefixes must end with `-'. ++The `lang-' prefix is predefined. ++If you use the ++.B olcAttributeOptions ++directive, `lang-' will no longer be defined and you must specify it ++explicitly if you want it defined. ++ ++An attribute description with a tagging option is a subtype of that ++attribute description without the option. ++Except for that, options defined this way have no special semantics. ++Prefixes defined this way work like the `lang-' options: ++They define a prefix for tagging options starting with the prefix. ++That is, if you define the prefix `x-foo-', you can use the option ++`x-foo-bar'. ++Furthermore, in a search or compare, a prefix or range name (with ++a trailing `-') matches all options starting with that name, as well ++as the option with the range name sans the trailing `-'. ++That is, `x-foo-bar-' matches `x-foo-bar' and `x-foo-bar-baz'. ++ ++RFC 4520 reserves options beginning with `x-' for private experiments. ++Other options should be registered with IANA, see RFC 4520 section 3.5. ++OpenLDAP also has the `binary' option built in, but this is a transfer ++option, not a tagging option. ++.TP ++.B olcAuthIDRewrite: <rewrite-rule> ++Used by the authentication framework to convert simple user names ++to an LDAP DN used for authorization purposes. ++Its purpose is analogous to that of ++.BR olcAuthzRegexp ++(see below). ++The ++.B rewrite-rule ++is a set of rules analogous to those described in ++.BR slapo-rwm (5) ++for data rewriting (after stripping the \fIrwm-\fP prefix). ++.B olcAuthIDRewrite ++and ++.B olcAuthzRegexp ++should not be intermixed. ++.TP ++.B olcAuthzPolicy: <policy> ++Used to specify which rules to use for Proxy Authorization. Proxy ++authorization allows a client to authenticate to the server using one ++user's credentials, but specify a different identity to use for authorization ++and access control purposes. It essentially allows user A to login as user ++B, using user A's password. ++The ++.B none ++flag disables proxy authorization. This is the default setting. ++The ++.B from ++flag will use rules in the ++.I authzFrom ++attribute of the authorization DN. ++The ++.B to ++flag will use rules in the ++.I authzTo ++attribute of the authentication DN. ++The ++.B any ++flag, an alias for the deprecated value of ++.BR both , ++will allow any of the above, whatever succeeds first (checked in ++.BR to , ++.B from ++sequence. ++The ++.B all ++flag requires both authorizations to succeed. ++.LP ++.RS ++The rules are mechanisms to specify which identities are allowed ++to perform proxy authorization. ++The ++.I authzFrom ++attribute in an entry specifies which other users ++are allowed to proxy login to this entry. The ++.I authzTo ++attribute in ++an entry specifies which other users this user can authorize as. Use of ++.I authzTo ++rules can be easily ++abused if users are allowed to write arbitrary values to this attribute. ++In general the ++.I authzTo ++attribute must be protected with ACLs such that ++only privileged users can modify it. ++The value of ++.I authzFrom ++and ++.I authzTo ++describes an ++.B identity ++or a set of identities; it can take five forms: ++.RS ++.TP ++.B ldap:///<base>??[<scope>]?<filter> ++.RE ++.RS ++.B dn[.<dnstyle>]:<pattern> ++.RE ++.RS ++.B u[.<mech>[<realm>]]:<pattern> ++.RE ++.RS ++.B group[/objectClass[/attributeType]]:<pattern> ++.RE ++.RS ++.B <pattern> ++.RE ++.RS ++ ++.B <dnstyle>:={exact|onelevel|children|subtree|regex} ++ ++.RE ++The first form is a valid LDAP ++.B URI ++where the ++.IR <host>:<port> , ++the ++.I <attrs> ++and the ++.I <extensions> ++portions must be absent, so that the search occurs locally on either ++.I authzFrom ++or ++.IR authzTo . ++ ++.LP ++The second form is a ++.BR DN , ++with the optional style modifiers ++.IR exact , ++.IR onelevel , ++.IR children , ++and ++.I subtree ++for exact, onelevel, children and subtree matches, which cause ++.I <pattern> ++to be normalized according to the DN normalization rules, or the special ++.I regex ++style, which causes the ++.I <pattern> ++to be treated as a POSIX (''extended'') regular expression, as ++discussed in ++.BR regex (7) ++and/or ++.BR re_format (7). ++A pattern of ++.I * ++means any non-anonymous DN. ++ ++.LP ++The third form is a SASL ++.BR id , ++with the optional fields ++.I <mech> ++and ++.I <realm> ++that allow to specify a SASL ++.BR mechanism , ++and eventually a SASL ++.BR realm , ++for those mechanisms that support one. ++The need to allow the specification of a mechanism is still debated, ++and users are strongly discouraged to rely on this possibility. ++ ++.LP ++The fourth form is a group specification. ++It consists of the keyword ++.BR group , ++optionally followed by the specification of the group ++.B objectClass ++and ++.BR attributeType . ++The ++.B objectClass ++defaults to ++.IR groupOfNames . ++The ++.B attributeType ++defaults to ++.IR member . ++The group with DN ++.B <pattern> ++is searched with base scope, filtered on the specified ++.BR objectClass . ++The values of the resulting ++.B attributeType ++are searched for the asserted DN. ++ ++.LP ++The fifth form is provided for backwards compatibility. If no identity ++type is provided, i.e. only ++.B <pattern> ++is present, an ++.I exact DN ++is assumed; as a consequence, ++.B <pattern> ++is subjected to DN normalization. ++ ++.LP ++Since the interpretation of ++.I authzFrom ++and ++.I authzTo ++can impact security, users are strongly encouraged ++to explicitly set the type of identity specification that is being used. ++A subset of these rules can be used as third arg in the ++.B olcAuthzRegexp ++statement (see below); significantly, the ++.IR URI , ++provided it results in exactly one entry, ++and the ++.I dn.exact:<dn> ++forms. ++.RE ++.TP ++.B olcAuthzRegexp: <match> <replace> ++Used by the authentication framework to convert simple user names, ++such as provided by SASL subsystem, or extracted from certificates ++in case of cert-based SASL EXTERNAL, or provided within the RFC 4370 ++"proxied authorization" control, to an LDAP DN used for ++authorization purposes. Note that the resulting DN need not refer ++to an existing entry to be considered valid. When an authorization ++request is received from the SASL subsystem, the SASL ++.BR USERNAME , ++.BR REALM , ++and ++.B MECHANISM ++are taken, when available, and combined into a name of the form ++.RS ++.RS ++.TP ++.B UID=<username>[[,CN=<realm>],CN=<mechanism>],CN=auth ++ ++.RE ++This name is then compared against the ++.B match ++POSIX (''extended'') regular expression, and if the match is successful, ++the name is replaced with the ++.B replace ++string. If there are wildcard strings in the ++.B match ++regular expression that are enclosed in parenthesis, e.g. ++.RS ++.TP ++.B UID=([^,]*),CN=.* ++ ++.RE ++then the portion of the name that matched the wildcard will be stored ++in the numbered placeholder variable $1. If there are other wildcard strings ++in parenthesis, the matching strings will be in $2, $3, etc. up to $9. The ++placeholders can then be used in the ++.B replace ++string, e.g. ++.RS ++.TP ++.B UID=$1,OU=Accounts,DC=example,DC=com ++ ++.RE ++The replaced name can be either a DN, i.e. a string prefixed by "dn:", ++or an LDAP URI. ++If the latter, the server will use the URI to search its own database(s) ++and, if the search returns exactly one entry, the name is ++replaced by the DN of that entry. The LDAP URI must have no ++hostport, attrs, or extensions components, but the filter is mandatory, ++e.g. ++.RS ++.TP ++.B ldap:///OU=Accounts,DC=example,DC=com??one?(UID=$1) ++ ++.RE ++The protocol portion of the URI must be strictly ++.BR ldap . ++Note that this search is subject to access controls. Specifically, ++the authentication identity must have "auth" access in the subject. ++ ++Multiple ++.B olcAuthzRegexp ++values can be specified to allow for multiple matching ++and replacement patterns. The matching patterns are checked in the order they ++appear in the attribute, stopping at the first successful match. ++ ++.".B Caution: ++."Because the plus sign + is a character recognized by the regular expression engine, ++."and it will appear in names that include a REALM, be careful to escape the ++."plus sign with a backslash \+ to remove the character's special meaning. ++.RE ++.TP ++.B olcConcurrency: <integer> ++Specify a desired level of concurrency. Provided to the underlying ++thread system as a hint. The default is not to provide any hint. This setting ++is only meaningful on some platforms where there is not a one to one ++correspondence between user threads and kernel threads. ++.TP ++.B olcConnMaxPending: <integer> ++Specify the maximum number of pending requests for an anonymous session. ++If requests are submitted faster than the server can process them, they ++will be queued up to this limit. If the limit is exceeded, the session ++is closed. The default is 100. ++.TP ++.B olcConnMaxPendingAuth: <integer> ++Specify the maximum number of pending requests for an authenticated session. ++The default is 1000. ++.TP ++.B olcDisallows: <features> ++Specify a set of features to disallow (default none). ++.B bind_anon ++disables acceptance of anonymous bind requests. Note that this setting ++does not prohibit anonymous directory access (See "require authc"). ++.B bind_simple ++disables simple (bind) authentication. ++.B tls_2_anon ++disables forcing session to anonymous status (see also ++.BR tls_authc ) ++upon StartTLS operation receipt. ++.B tls_authc ++disallows the StartTLS operation if authenticated (see also ++.BR tls_2_anon ). ++.B proxy_authz_non_critical ++disables acceptance of the proxied authorization control (RFC4370) ++with criticality set to FALSE. ++.B dontusecopy_non_critical ++disables acceptance of the dontUseCopy control (a work in progress) ++with criticality set to FALSE. ++.TP ++.B olcGentleHUP: { TRUE | FALSE } ++A SIGHUP signal will only cause a 'gentle' shutdown-attempt: ++.B Slapd ++will stop listening for new connections, but will not close the ++connections to the current clients. Future write operations return ++unwilling-to-perform, though. Slapd terminates when all clients ++have closed their connections (if they ever do), or - as before - ++if it receives a SIGTERM signal. This can be useful if you wish to ++terminate the server and start a new ++.B slapd ++server ++.B with another database, ++without disrupting the currently active clients. ++The default is FALSE. You may wish to use ++.B olcIdleTimeout ++along with this option. ++.TP ++.B olcIdleTimeout: <integer> ++Specify the number of seconds to wait before forcibly closing ++an idle client connection. A setting of 0 disables this ++feature. The default is 0. You may also want to set the ++.B olcWriteTimeout ++option. ++.TP ++.B olcIndexHash64: { on | off } ++Use a 64 bit hash for indexing. The default is to use 32 bit hashes. ++These hashes are used for equality and substring indexing. The 64 bit ++version may be needed to avoid index collisions when the number of ++indexed values exceeds ~64 million. (Note that substring indexing ++generates multiple index values per actual attribute value.) ++Indices generated with 32 bit hashes are incompatible with the 64 bit ++version, and vice versa. Any existing databases must be fully reloaded ++when changing this setting. This directive is only supported on 64 bit CPUs. ++.TP ++.B olcIndexIntLen: <integer> ++Specify the key length for ordered integer indices. The most significant ++bytes of the binary integer will be used for index keys. The default ++value is 4, which provides exact indexing for 31 bit values. ++A floating point representation is used to index too large values. ++.TP ++.B olcIndexSubstrIfMaxlen: <integer> ++Specify the maximum length for subinitial and subfinal indices. Only ++this many characters of an attribute value will be processed by the ++indexing functions; any excess characters are ignored. The default is 4. ++.TP ++.B olcIndexSubstrIfMinlen: <integer> ++Specify the minimum length for subinitial and subfinal indices. An ++attribute value must have at least this many characters in order to be ++processed by the indexing functions. The default is 2. ++.TP ++.B olcIndexSubstrAnyLen: <integer> ++Specify the length used for subany indices. An attribute value must have ++at least this many characters in order to be processed. Attribute values ++longer than this length will be processed in segments of this length. The ++default is 4. The subany index will also be used in subinitial and ++subfinal index lookups when the filter string is longer than the ++.I olcIndexSubstrIfMaxlen ++value. ++.TP ++.B olcIndexSubstrAnyStep: <integer> ++Specify the steps used in subany index lookups. This value sets the offset ++for the segments of a filter string that are processed for a subany index ++lookup. The default is 2. For example, with the default values, a search ++using this filter "cn=*abcdefgh*" would generate index lookups for ++"abcd", "cdef", and "efgh". ++ ++.LP ++Note: Indexing support depends on the particular backend in use. Also, ++changing these settings will generally require deleting any indices that ++depend on these parameters and recreating them with ++.BR slapindex (8). ++ ++.TP ++.B olcListenerThreads: <integer> ++Specify the number of threads to use for the connection manager. ++The default is 1 and this is typically adequate for up to 16 CPU cores. ++The value should be set to a power of 2. ++.TP ++.B olcLocalSSF: <SSF> ++Specifies the Security Strength Factor (SSF) to be given local LDAP sessions, ++such as those to the ldapi:// listener. For a description of SSF values, ++see ++.BR olcSaslSecProps 's ++.B minssf ++option description. The default is 71. ++.TP ++.B olcLogFile: <filename> ++Specify a file for recording slapd debug messages. By default these messages ++only go to stderr, are not recorded anywhere else, and are unrelated to ++messages exposed by the ++.B olcLogLevel ++configuration parameter. Specifying a logfile copies messages to both stderr ++and the logfile. ++.TP ++.B olcLogFileFormat: debug | syslog-utc | syslog-localtime ++Specify the prefix format for messages written to the logfile. The debug ++format is the normal format used for slapd debug messages, with a timestamp ++in hexadecimal, followed by a thread ID. The other options are to ++use syslog(3) style prefixes, with timestamps either in UTC or in the ++local timezone. The default is debug format. ++.TP ++.B olcLogFileOnly: TRUE | FALSE ++Specify that debug messages should only go to the configured logfile, and ++not to stderr. ++.TP ++.B olcLogFileRotate: <max> <Mbytes> <hours> ++Specify automatic rotation for the configured logfile as the maximum ++number of old logfiles to retain, a maximum size in megabytes to allow a ++logfile to grow before rotation, and a maximum age in hours for a logfile ++to be used before rotation. The maximum number must be in the range 1-99. ++Setting Mbytes or hours to zero disables the size or age check, respectively. ++At least one of Mbytes or hours must be non-zero. By default no automatic ++rotation will be performed. ++.TP ++.B olcLogLevel: <integer> [...] ++Specify the level at which debugging statements and operation ++statistics should be syslogged (currently logged to the ++.BR syslogd (8) ++LOG_LOCAL4 facility). ++They must be considered subsystems rather than increasingly verbose ++log levels. ++Some messages with higher priority are logged regardless ++of the configured loglevel as soon as any logging is configured. ++Log levels are additive, and available levels are: ++.RS ++.RS ++.PD 0 ++.TP ++.B 1 ++.B (0x1 trace) ++trace function calls ++.TP ++.B 2 ++.B (0x2 packets) ++debug packet handling ++.TP ++.B 4 ++.B (0x4 args) ++heavy trace debugging (function args) ++.TP ++.B 8 ++.B (0x8 conns) ++connection management ++.TP ++.B 16 ++.B (0x10 BER) ++print out packets sent and received ++.TP ++.B 32 ++.B (0x20 filter) ++search filter processing ++.TP ++.B 64 ++.B (0x40 config) ++configuration file processing ++.TP ++.B 128 ++.B (0x80 ACL) ++access control list processing ++.TP ++.B 256 ++.B (0x100 stats) ++connections, LDAP operations, results (recommended) ++.TP ++.B 512 ++.B (0x200 stats2) ++stats2 log entries sent ++.TP ++.B 1024 ++.B (0x400 shell) ++print communication with shell backends ++.TP ++.B 2048 ++.B (0x800 parse) ++entry parsing ++".TP ++".B 4096 ++".B (0x1000 cache) ++"caching (unused) ++".TP ++".B 8192 ++".B (0x2000 index) ++"data indexing (unused) ++.TP ++.B 16384 ++.B (0x4000 sync) ++LDAPSync replication ++.TP ++.B 32768 ++.B (0x8000 none) ++only messages that get logged whatever log level is set ++.PD ++.RE ++The desired log level can be input as a single integer that combines ++the (ORed) desired levels, both in decimal or in hexadecimal notation, ++as a list of integers (that are ORed internally), ++or as a list of the names that are shown between parenthesis, such that ++.LP ++.nf ++ olcLogLevel: 129 ++ olcLogLevel: 0x81 ++ olcLogLevel: 128 1 ++ olcLogLevel: 0x80 0x1 ++ olcLogLevel: acl trace ++.fi ++.LP ++are equivalent. ++The keyword ++.B any ++can be used as a shortcut to enable logging at all levels (equivalent to -1). ++The keyword ++.BR none , ++or the equivalent integer representation, causes those messages ++that are logged regardless of the configured olcLogLevel to be logged. ++In fact, if no olcLogLevel (or a 0 level) is defined, no logging occurs, ++so at least the ++.B none ++level is required to have high priority messages logged. ++ ++Note that the ++.BR packets , ++.BR BER , ++and ++.B parse ++levels are only available as debug output on stderr, and are not ++sent to syslog. ++ ++This setting defaults to \fBstats\fP. ++This level should usually also be included when using other loglevels, to ++help analyze the logs. ++.RE ++.TP ++.B olcMaxFilterDepth: <integer> ++Specify the maximum depth of nested filters in search requests. ++The default is 1000. ++.TP ++.B olcPasswordCryptSaltFormat: <format> ++Specify the format of the salt passed to ++.BR crypt (3) ++when generating {CRYPT} passwords (see ++.BR olcPasswordHash ) ++during processing of LDAP Password Modify Extended Operations (RFC 3062). ++ ++This string needs to be in ++.BR sprintf (3) ++format and may include one (and only one) %s conversion. ++This conversion will be substituted with a string of random ++characters from [A-Za-z0-9./]. For example, "%.2s" ++provides a two character salt and "$1$%.8s" tells some ++versions of crypt(3) to use an MD5 algorithm and provides ++8 random characters of salt. The default is "%s", which ++provides 31 characters of salt. ++.TP ++.B olcPidFile: <filename> ++The (absolute) name of a file that will hold the ++.B slapd ++server's process ID (see ++.BR getpid (2)). ++.TP ++.B olcPluginLogFile: <filename> ++The ( absolute ) name of a file that will contain log ++messages from ++.B SLAPI ++plugins. See ++.BR slapd.plugin (5) ++for details. ++.TP ++.B olcReferral: <url> ++Specify the referral to pass back when ++.BR slapd (8) ++cannot find a local database to handle a request. ++If multiple values are specified, each url is provided. ++.TP ++.B olcReverseLookup: TRUE | FALSE ++Enable/disable client name unverified reverse lookup (default is ++.BR FALSE ++if compiled with --enable-rlookups). ++.TP ++.B olcRootDSE: <file> ++Specify the name of an LDIF(5) file containing user defined attributes ++for the root DSE. These attributes are returned in addition to the ++attributes normally produced by slapd. ++ ++The root DSE is an entry with information about the server and its ++capabilities, in operational attributes. ++It has the empty DN, and can be read with e.g.: ++.ti +4 ++ldapsearch -x -b "" -s base "+" ++.br ++See RFC 4512 section 5.1 for details. ++.TP ++.B olcSaslAuxprops: <plugin> [...] ++Specify which auxprop plugins to use for authentication lookups. The ++default is empty, which just uses slapd's internal support. Usually ++no other auxprop plugins are needed. ++.TP ++.B olcSaslAuxpropsDontUseCopy: <attr> [...] ++Specify which attribute(s) should be subject to the don't use copy control. This ++is necessary for some SASL mechanisms such as OTP to work in a replicated ++environment. The attribute "cmusaslsecretOTP" is the default value. ++.TP ++.B olcSaslAuxpropsDontUseCopyIgnore TRUE | FALSE ++Used to disable replication of the attribute(s) defined by ++olcSaslAuxpropsDontUseCopy and instead use a local value for the attribute. This ++allows the SASL mechanism to continue to work if the provider is offline. This can ++cause replication inconsistency. Defaults to FALSE. ++.TP ++.B olcSaslHost: <fqdn> ++Used to specify the fully qualified domain name used for SASL processing. ++.TP ++.B olcSaslRealm: <realm> ++Specify SASL realm. Default is empty. ++.TP ++.B olcSaslCbinding: none | tls-unique | tls-endpoint ++Specify the channel-binding type, see also LDAP_OPT_X_SASL_CBINDING. ++Default is none. ++.TP ++.B olcSaslSecProps: <properties> ++Used to specify Cyrus SASL security properties. ++The ++.B none ++flag (without any other properties) causes the flag properties ++default, "noanonymous,noplain", to be cleared. ++The ++.B noplain ++flag disables mechanisms susceptible to simple passive attacks. ++The ++.B noactive ++flag disables mechanisms susceptible to active attacks. ++The ++.B nodict ++flag disables mechanisms susceptible to passive dictionary attacks. ++The ++.B noanonymous ++flag disables mechanisms which support anonymous login. ++The ++.B forwardsec ++flag require forward secrecy between sessions. ++The ++.B passcred ++require mechanisms which pass client credentials (and allow ++mechanisms which can pass credentials to do so). ++The ++.B minssf=<factor> ++property specifies the minimum acceptable ++.I security strength factor ++as an integer approximate to effective key length used for ++encryption. 0 (zero) implies no protection, 1 implies integrity ++protection only, 128 allows RC4, Blowfish and other similar ciphers, ++256 will require modern ciphers. The default is 0. ++The ++.B maxssf=<factor> ++property specifies the maximum acceptable ++.I security strength factor ++as an integer (see minssf description). The default is INT_MAX. ++The ++.B maxbufsize=<size> ++property specifies the maximum security layer receive buffer ++size allowed. 0 disables security layers. The default is 65536. ++.TP ++.B olcServerID: <integer> [<URL>] ++Specify an integer ID from 0 to 4095 for this server. The ID may also be ++specified as a hexadecimal ID by prefixing the value with "0x". ++Non-zero IDs are required when using multi-provider replication and each ++provider must have a unique non-zero ID. Note that this requirement also ++applies to separate providers contributing to a glued set of databases. ++If the URL is provided, this directive may be specified ++multiple times, providing a complete list of participating servers ++and their IDs. The fully qualified hostname of each server should be ++used in the supplied URLs. The IDs are used in the "replica id" field ++of all CSNs generated by the specified server. The default value is zero, which ++is only valid for single provider replication. ++Example: ++.LP ++.nf ++ olcServerID: 1 ldap://ldap1.example.com ++ olcServerID: 2 ldap://ldap2.example.com ++.fi ++.TP ++.B olcSockbufMaxIncoming: <integer> ++Specify the maximum incoming LDAP PDU size for anonymous sessions. ++The default is 262143. ++.TP ++.B olcSockbufMaxIncomingAuth: <integer> ++Specify the maximum incoming LDAP PDU size for authenticated sessions. ++The default is 4194303. ++.TP ++.B olcTCPBuffer [listener=<URL>] [{read|write}=]<size> ++Specify the size of the TCP buffer. ++A global value for both read and write TCP buffers related to any listener ++is defined, unless the listener is explicitly specified, ++or either the read or write qualifiers are used. ++See ++.BR tcp (7) ++for details. ++Note that some OS-es implement automatic TCP buffer tuning. ++.TP ++.B olcThreads: <integer> ++Specify the maximum size of the primary thread pool. ++The default is 16; the minimum value is 2. ++.TP ++.B olcThreadQueues: <integer> ++Specify the number of work queues to use for the primary thread pool. ++The default is 1 and this is typically adequate for up to 8 CPU cores. ++The value should not exceed the number of CPUs in the system. ++.TP ++.B olcToolThreads: <integer> ++Specify the maximum number of threads to use in tool mode. ++This should not be greater than the number of CPUs in the system. ++The default is 1. ++.TP ++.B olcWriteTimeout: <integer> ++Specify the number of seconds to wait before forcibly closing ++a connection with an outstanding write. This allows recovery from ++various network hang conditions. A setting of 0 disables this ++feature. The default is 0. ++.SH TLS OPTIONS ++If ++.B slapd ++is built with support for Transport Layer Security, there are more options ++you can specify. ++.TP ++.B olcTLSCipherSuite: <cipher-suite-spec> ++Permits configuring what ciphers will be accepted and the preference order. ++<cipher-suite-spec> should be a cipher specification for the TLS library ++in use (OpenSSL or GnuTLS). ++Example: ++.RS ++.RS ++.TP ++.I OpenSSL: ++olcTLSCipherSuite: HIGH:MEDIUM:+SSLv2 ++.TP ++.I GnuTLS: ++olcTLSCiphersuite: SECURE256:!AES-128-CBC ++.RE ++ ++To check what ciphers a given spec selects in OpenSSL, use: ++ ++.nf ++ openssl ciphers -v <cipher-suite-spec> ++.fi ++ ++With GnuTLS the available specs can be found in the manual page of ++.BR gnutls-cli (1) ++(see the description of the ++option ++.BR --priority ). ++ ++In older versions of GnuTLS, where gnutls-cli does not support the option ++--priority, you can obtain the (em more limited (em list of ciphers by calling: ++ ++.nf ++ gnutls-cli -l ++.fi ++.RE ++.TP ++.B olcTLSCACertificateFile: <filename> ++Specifies the file that contains certificates for all of the Certificate ++Authorities that ++.B slapd ++will recognize. The certificate for ++the CA that signed the server certificate must be included among ++these certificates. If the signing CA was not a top-level (root) CA, ++certificates for the entire sequence of CA's from the signing CA to ++the top-level CA should be present. Multiple certificates are simply ++appended to the file; the order is not significant. ++.TP ++.B olcTLSCACertificatePath: <path> ++Specifies the path of directories that contain Certificate Authority ++certificates in separate individual files. Usually only one of this ++or the olcTLSCACertificateFile is defined. If both are specified, both ++locations will be used. Multiple directories may be specified, ++separated by a semi-colon. ++.TP ++.B olcTLSCertificateFile: <filename> ++Specifies the file that contains the ++.B slapd ++server certificate. ++ ++When using OpenSSL that file may also contain any number of intermediate ++certificates after the server certificate. ++.TP ++.B olcTLSCertificateKeyFile: <filename> ++Specifies the file that contains the ++.B slapd ++server private key that matches the certificate stored in the ++.B olcTLSCertificateFile ++file. If the private key is protected with a password, the password must ++be manually typed in when slapd starts. Usually the private key is not ++protected with a password, to allow slapd to start without manual ++intervention, so ++it is of critical importance that the file is protected carefully. ++.TP ++.B olcTLSDHParamFile: <filename> ++This directive specifies the file that contains parameters for Diffie-Hellman ++ephemeral key exchange. This is required in order to use a DSA certificate on ++the server, or an RSA certificate missing the "key encipherment" key usage. ++Note that setting this option may also enable ++Anonymous Diffie-Hellman key exchanges in certain non-default cipher suites. ++Anonymous key exchanges should generally be avoided since they provide no ++actual client or server authentication and provide no protection against ++man-in-the-middle attacks. ++You should append "!ADH" to your cipher suites to ensure that these suites ++are not used. ++.TP ++.B olcTLSECName: <name> ++Specify the name of the curve(s) to use for Elliptic curve Diffie-Hellman ++ephemeral key exchange. This option is only used for OpenSSL. ++This option is not used with GnuTLS; the curves may be ++chosen in the GnuTLS ciphersuite specification. ++.TP ++.B olcTLSProtocolMin: <major>[.<minor>] ++Specifies minimum SSL/TLS protocol version that will be negotiated. ++If the server doesn't support at least that version, ++the SSL handshake will fail. ++To require TLS 1.x or higher, set this option to 3.(x+1), ++e.g., ++ ++.nf ++ olcTLSProtocolMin: 3.2 ++.fi ++ ++would require TLS 1.1. ++Specifying a minimum that is higher than that supported by the ++OpenLDAP implementation will result in it requiring the ++highest level that it does support. ++This directive is ignored with GnuTLS. ++.TP ++.B olcTLSRandFile: <filename> ++Specifies the file to obtain random bits from when /dev/[u]random ++is not available. Generally set to the name of the EGD/PRNGD socket. ++The environment variable RANDFILE can also be used to specify the filename. ++This directive is ignored with GnuTLS. ++.TP ++.B olcTLSVerifyClient: <level> ++Specifies what checks to perform on client certificates in an ++incoming TLS session, if any. ++The ++.B <level> ++can be specified as one of the following keywords: ++.RS ++.TP ++.B never ++This is the default. ++.B slapd ++will not ask the client for a certificate. ++.TP ++.B allow ++The client certificate is requested. If no certificate is provided, ++the session proceeds normally. If a bad certificate is provided, ++it will be ignored and the session proceeds normally. ++.TP ++.B try ++The client certificate is requested. If no certificate is provided, ++the session proceeds normally. If a bad certificate is provided, ++the session is immediately terminated. ++.TP ++.B demand | hard | true ++These keywords are all equivalent, for compatibility reasons. ++The client certificate is requested. If no certificate is provided, ++or a bad certificate is provided, the session is immediately terminated. ++ ++Note that a valid client certificate is required in order to use the ++SASL EXTERNAL authentication mechanism with a TLS session. As such, ++a non-default ++.B olcTLSVerifyClient ++setting must be chosen to enable SASL EXTERNAL authentication. ++.RE ++.TP ++.B olcTLSCRLCheck: <level> ++Specifies if the Certificate Revocation List (CRL) of the CA should be ++used to verify if the client certificates have not been revoked. This ++requires ++.B olcTLSCACertificatePath ++parameter to be set. This parameter is ignored with GnuTLS. ++.B <level> ++can be specified as one of the following keywords: ++.RS ++.TP ++.B none ++No CRL checks are performed ++.TP ++.B peer ++Check the CRL of the peer certificate ++.TP ++.B all ++Check the CRL for a whole certificate chain ++.RE ++.TP ++.B olcTLSCRLFile: <filename> ++Specifies a file containing a Certificate Revocation List to be used ++for verifying that certificates have not been revoked. This parameter is ++only valid when using GnuTLS. ++.SH DYNAMIC MODULE OPTIONS ++If ++.B slapd ++is compiled with --enable-modules then the module-related entries will ++be available. These entries are named ++.B cn=module{x},cn=config ++and ++must have the olcModuleList objectClass. One entry should be created ++per ++.B olcModulePath. ++Normally the config engine generates the "{x}" index in the RDN ++automatically, so it can be omitted when initially loading these entries. ++.TP ++.B olcModuleLoad: <filename> [<arguments>...] ++Specify the name of a dynamically loadable module to load and any ++additional arguments if supported by the module. The filename ++may be an absolute path name or a simple filename. Non-absolute names ++are searched for in the directories specified by the ++.B olcModulePath ++option. ++.TP ++.B olcModulePath: <pathspec> ++Specify a list of directories to search for loadable modules. Typically ++the path is colon-separated but this depends on the operating system. ++The default is MODULEDIR, which is where the standard OpenLDAP install ++will place its modules. ++.SH SCHEMA OPTIONS ++Schema definitions are created as entries in the ++.B cn=schema,cn=config ++subtree. These entries must have the olcSchemaConfig objectClass. ++As noted above, the actual ++.B cn=schema,cn=config ++entry is predefined and any values specified for it are ignored. ++ ++.HP ++.hy 0 ++.B olcAttributetypes: "(\ <oid>\ ++ [NAME\ <name>]\ ++ [DESC\ <description>]\ ++ [OBSOLETE]\ ++ [SUP\ <oid>]\ ++ [EQUALITY\ <oid>]\ ++ [ORDERING\ <oid>]\ ++ [SUBSTR\ <oid>]\ ++ [SYNTAX\ <oidlen>]\ ++ [SINGLE-VALUE]\ ++ [COLLECTIVE]\ ++ [NO-USER-MODIFICATION]\ ++ [USAGE\ <attributeUsage>]\ )" ++.RS ++Specify an attribute type using the LDAPv3 syntax defined in RFC 4512. ++The slapd parser extends the RFC 4512 definition by allowing string ++forms as well as numeric OIDs to be used for the attribute OID and ++attribute syntax OID. ++(See the ++.B olcObjectIdentifier ++description.) ++.RE ++ ++.HP ++.hy 0 ++.B olcDitContentRules: "(\ <oid>\ ++ [NAME\ <name>]\ ++ [DESC\ <description>]\ ++ [OBSOLETE]\ ++ [AUX\ <oids>]\ ++ [MUST\ <oids>]\ ++ [MAY\ <oids>]\ ++ [NOT\ <oids>]\ )" ++.RS ++Specify an DIT Content Rule using the LDAPv3 syntax defined in RFC 4512. ++The slapd parser extends the RFC 4512 definition by allowing string ++forms as well as numeric OIDs to be used for the attribute OID and ++attribute syntax OID. ++(See the ++.B olcObjectIdentifier ++description.) ++.RE ++ ++.HP ++.hy 0 ++.B olcLdapSyntaxes "(\ <oid>\ ++ [DESC\ <description>]\ ++ [X-SUBST <substitute-syntax>]\ )" ++.RS ++Specify an LDAP syntax using the LDAPv3 syntax defined in RFC 4512. ++The slapd parser extends the RFC 4512 definition by allowing string ++forms as well as numeric OIDs to be used for the syntax OID. ++(See the ++.B objectidentifier ++description.) ++The slapd parser also honors the ++.B X-SUBST ++extension (an OpenLDAP-specific extension), which allows one to use the ++.B olcLdapSyntaxes ++attribute to define a non-implemented syntax along with another syntax, ++the extension value ++.IR substitute-syntax , ++as its temporary replacement. ++The ++.I substitute-syntax ++must be defined. ++This allows one to define attribute types that make use of non-implemented syntaxes ++using the correct syntax OID. ++Unless ++.B X-SUBST ++is used, this configuration statement would result in an error, ++since no handlers would be associated to the resulting syntax structure. ++.RE ++ ++.HP ++.hy 0 ++.B olcObjectClasses: "(\ <oid>\ ++ [NAME\ <name>]\ ++ [DESC\ <description>]\ ++ [OBSOLETE]\ ++ [SUP\ <oids>]\ ++ [{ ABSTRACT | STRUCTURAL | AUXILIARY }]\ ++ [MUST\ <oids>] [MAY\ <oids>] )" ++.RS ++Specify an objectclass using the LDAPv3 syntax defined in RFC 4512. ++The slapd parser extends the RFC 4512 definition by allowing string ++forms as well as numeric OIDs to be used for the object class OID. ++(See the ++.B ++olcObjectIdentifier ++description.) Object classes are "STRUCTURAL" by default. ++.RE ++.TP ++.B olcObjectIdentifier: <name> "{ <oid> | <name>[:<suffix>] }" ++Define a string name that equates to the given OID. The string can be used ++in place of the numeric OID in objectclass and attribute definitions. The ++name can also be used with a suffix of the form ":xx" in which case the ++value "oid.xx" will be used. ++ ++.SH GENERAL BACKEND OPTIONS ++Options in these entries only apply to the configuration of a single ++type of backend. All backends may support this class of options, but ++currently only back-mdb does. ++The entry must be named ++.B olcBackend=<databasetype>,cn=config ++and must have the olcBackendConfig objectClass. ++<databasetype> ++should be one of ++.BR asyncmeta , ++.BR config , ++.BR dnssrv , ++.BR ldap , ++.BR ldif , ++.BR mdb , ++.BR meta , ++.BR monitor , ++.BR null , ++.BR passwd , ++.BR perl , ++.BR relay , ++.BR sock , ++.BR sql , ++or ++.BR wt . ++At present, only back-mdb implements any options of this type, so this ++entry should not be used for any other backends. ++ ++.SH DATABASE OPTIONS ++Database options are set in entries named ++.B olcDatabase={x}<databasetype>,cn=config ++and must have the olcDatabaseConfig objectClass. Normally the config ++engine generates the "{x}" index in the RDN automatically, so it ++can be omitted when initially loading these entries. ++ ++The special frontend database is always numbered "{-1}" and the config ++database is always numbered "{0}". ++ ++.SH GLOBAL DATABASE OPTIONS ++Options in this section may be set in the special "frontend" database ++and inherited in all the other databases. These options may be altered ++by further settings in each specific database. The frontend entry must ++be named ++.B olcDatabase=frontend,cn=config ++and must have the olcFrontendConfig objectClass. ++.TP ++.B olcAccess: to <what> "[ by <who> <access> <control> ]+" ++Grant access (specified by <access>) to a set of entries and/or ++attributes (specified by <what>) by one or more requestors (specified ++by <who>). ++If no access controls are present, the default policy ++allows anyone and everyone to read anything but restricts ++updates to rootdn. (e.g., "olcAccess: to * by * read"). ++See ++.BR slapd.access (5) ++and the "OpenLDAP Administrator's Guide" for details. ++ ++Access controls set in the frontend are appended to any access ++controls set on the specific databases. ++The rootdn of a database can always read and write EVERYTHING ++in that database. ++ ++Extra special care must be taken with the access controls on the ++config database. Unlike other databases, the default policy for the ++config database is to only allow access to the rootdn. Regular users ++should not have read access, and write access should be granted very ++carefully to privileged administrators. ++ ++.TP ++.B olcDefaultSearchBase: <dn> ++Specify a default search base to use when client submits a ++non-base search request with an empty base DN. ++Base scoped search requests with an empty base DN are not affected. ++This setting is only allowed in the frontend entry. ++.TP ++.B olcExtraAttrs: <attr> ++Lists what attributes need to be added to search requests. ++Local storage backends return the entire entry to the frontend. ++The frontend takes care of only returning the requested attributes ++that are allowed by ACLs. ++However, features like access checking and so may need specific ++attributes that are not automatically returned by remote storage ++backends, like proxy backends and so on. ++.B <attr> ++is an attribute that is needed for internal purposes ++and thus always needs to be collected, even when not explicitly ++requested by clients. ++This attribute is multi-valued. ++.TP ++.B olcPasswordHash: <hash> [<hash>...] ++This option configures one or more hashes to be used in generation of user ++passwords stored in the userPassword attribute during processing of ++LDAP Password Modify Extended Operations (RFC 3062). ++The <hash> must be one of ++.BR {SSHA} , ++.BR {SHA} , ++.BR {SMD5} , ++.BR {MD5} , ++.BR {CRYPT} , ++and ++.BR {CLEARTEXT} . ++The default is ++.BR {SSHA} . ++ ++.B {SHA} ++and ++.B {SSHA} ++use the SHA-1 algorithm (FIPS 160-1), the latter with a seed. ++ ++.B {MD5} ++and ++.B {SMD5} ++use the MD5 algorithm (RFC 1321), the latter with a seed. ++ ++.B {CRYPT} ++uses the ++.BR crypt (3). ++ ++.B {CLEARTEXT} ++indicates that the new password should be ++added to userPassword as clear text. ++ ++Note that this option does not alter the normal user applications ++handling of userPassword during LDAP Add, Modify, or other LDAP operations. ++This setting is only allowed in the frontend entry. ++.TP ++.B olcReadOnly: TRUE | FALSE ++This option puts the database into "read-only" mode. Any attempts to ++modify the database will return an "unwilling to perform" error. By ++default, olcReadOnly is FALSE. Note that when this option is set ++TRUE on the frontend, it cannot be reset without restarting the ++server, since further writes to the config database will be rejected. ++.TP ++.B olcRequires: <conditions> ++Specify a set of conditions to require (default none). ++The directive may be specified globally and/or per-database; ++databases inherit global conditions, so per-database specifications ++are additive. ++.B bind ++requires bind operation prior to directory operations. ++.B LDAPv3 ++requires session to be using LDAP version 3. ++.B authc ++requires authentication prior to directory operations. ++.B SASL ++requires SASL authentication prior to directory operations. ++.B strong ++requires strong authentication prior to directory operations. ++The strong keyword allows protected "simple" authentication ++as well as SASL authentication. ++.B none ++may be used to require no conditions (useful to clear out globally ++set conditions within a particular database); it must occur first ++in the list of conditions. ++.TP ++.B olcRestrict: <oplist> ++Specify a list of operations that are restricted. ++Restrictions on a specific database override any frontend setting. ++Operations can be any of ++.BR add , ++.BR bind , ++.BR compare , ++.BR delete , ++.BR extended[=<OID>] , ++.BR modify , ++.BR rename , ++.BR search , ++or the special pseudo-operations ++.B read ++and ++.BR write , ++which respectively summarize read and write operations. ++The use of ++.I restrict write ++is equivalent to ++.I olcReadOnly: TRUE ++(see above). ++The ++.B extended ++keyword allows one to indicate the OID of the specific operation ++to be restricted. ++.TP ++.B olcSchemaDN: <dn> ++Specify the distinguished name for the subschema subentry that ++controls the entries on this server. The default is "cn=Subschema". ++.TP ++.B olcSecurity: <factors> ++Specify a set of security strength factors (separated by white space) ++to require (see ++.BR olcSaslSecprops 's ++.B minssf ++option for a description of security strength factors). ++The directive may be specified globally and/or per-database. ++.B ssf=<n> ++specifies the overall security strength factor. ++.B transport=<n> ++specifies the transport security strength factor. ++.B tls=<n> ++specifies the TLS security strength factor. ++.B sasl=<n> ++specifies the SASL security strength factor. ++.B update_ssf=<n> ++specifies the overall security strength factor to require for ++directory updates. ++.B update_transport=<n> ++specifies the transport security strength factor to require for ++directory updates. ++.B update_tls=<n> ++specifies the TLS security strength factor to require for ++directory updates. ++.B update_sasl=<n> ++specifies the SASL security strength factor to require for ++directory updates. ++.B simple_bind=<n> ++specifies the security strength factor required for ++.I simple ++username/password authentication. ++Note that the ++.B transport ++factor is measure of security provided by the underlying transport, ++e.g. ldapi:// (and eventually IPSEC). It is not normally used. ++.TP ++.B olcSizeLimit: {<integer>|unlimited} ++.TP ++.B olcSizeLimit: size[.{soft|hard}]=<integer> [...] ++Specify the maximum number of entries to return from a search operation. ++The default size limit is 500. ++Use ++.B unlimited ++to specify no limits. ++The second format allows a fine grain setting of the size limits. ++If no special qualifiers are specified, both soft and hard limits are set. ++Extra args can be added in the same value. ++Additional qualifiers are available; see ++.BR olcLimits ++for an explanation of all of the different flags. ++.TP ++.B olcSortVals: <attr> [...] ++Specify a list of multi-valued attributes whose values will always ++be maintained in sorted order. Using this option will allow Modify, ++Compare, and filter evaluations on these attributes to be performed ++more efficiently. The resulting sort order depends on the ++attributes' syntax and matching rules and may not correspond to ++lexical order or any other recognizable order. ++This setting is only allowed in the frontend entry. ++.TP ++.B olcTimeLimit: {<integer>|unlimited} ++.TP ++.B olcTimeLimit: time[.{soft|hard}]=<integer> [...] ++Specify the maximum number of seconds (in real time) ++.B slapd ++will spend answering a search request. The default time limit is 3600. ++Use ++.B unlimited ++to specify no limits. ++The second format allows a fine grain setting of the time limits. ++Extra args can be added in the same value. See ++.BR olcLimits ++for an explanation of the different flags. ++ ++.SH GENERAL DATABASE OPTIONS ++Options in this section only apply to the specific database for ++which they are defined. They are supported by every ++type of backend. All of the Global Database Options may also be ++used here. ++.TP ++.B olcAddContentAcl: TRUE | FALSE ++Controls whether Add operations will perform ACL checks on ++the content of the entry being added. This check is off ++by default. See the ++.BR slapd.access (5) ++manual page for more details on ACL requirements for ++Add operations. ++.TP ++.B olcHidden: TRUE | FALSE ++Controls whether the database will be used to answer ++queries. A database that is hidden will never be ++selected to answer any queries, and any suffix configured ++on the database will be ignored in checks for conflicts ++with other databases. By default, olcHidden is FALSE. ++.TP ++.B olcLastMod: TRUE | FALSE ++Controls whether ++.B slapd ++will automatically maintain the ++modifiersName, modifyTimestamp, creatorsName, and ++createTimestamp attributes for entries. It also controls ++the entryCSN and entryUUID attributes, which are needed ++by the syncrepl provider. By default, olcLastMod is TRUE. ++.TP ++.B olcLastBind: TRUE | FALSE ++Controls whether ++.B slapd ++will automatically maintain the pwdLastSuccess attribute for ++entries. By default, olcLastBind is FALSE. ++.TP ++.B olcLastBindPrecision: <integer> ++If olcLastBind is enabled, specifies how frequently pwdLastSuccess ++will be updated. More than ++.B integer ++seconds must have passed since the last successful bind. In a ++replicated environment with frequent bind activity it may be ++useful to set this to a large value. ++.TP ++.B olcLimits: <selector> <limit> [<limit> [...]] ++Specify time and size limits based on the operation's initiator or ++base DN. ++The argument ++.B <selector> ++can be any of ++.RS ++.RS ++.TP ++anonymous | users | [<dnspec>=]<pattern> | group[/oc[/at]]=<pattern> ++ ++.RE ++with ++.RS ++.TP ++<dnspec> ::= dn[.<type>][.<style>] ++.TP ++<type> ::= self | this ++.TP ++<style> ::= exact | base | onelevel | subtree | children | regex | anonymous ++ ++.RE ++DN type ++.B self ++is the default and means the bound user, while ++.B this ++means the base DN of the operation. ++The term ++.B anonymous ++matches all unauthenticated clients. ++The term ++.B users ++matches all authenticated clients; ++otherwise an ++.B exact ++dn pattern is assumed unless otherwise specified by qualifying ++the (optional) key string ++.B dn ++with ++.B exact ++or ++.B base ++(which are synonyms), to require an exact match; with ++.BR onelevel , ++to require exactly one level of depth match; with ++.BR subtree , ++to allow any level of depth match, including the exact match; with ++.BR children , ++to allow any level of depth match, not including the exact match; ++.BR regex ++explicitly requires the (default) match based on POSIX (''extended'') ++regular expression pattern. ++Finally, ++.B anonymous ++matches unbound operations; the ++.B pattern ++field is ignored. ++The same behavior is obtained by using the ++.B anonymous ++form of the ++.B <selector> ++clause. ++The term ++.BR group , ++with the optional objectClass ++.B oc ++and attributeType ++.B at ++fields, followed by ++.BR pattern , ++sets the limits for any DN listed in the values of the ++.B at ++attribute (default ++.BR member ) ++of the ++.B oc ++group objectClass (default ++.BR groupOfNames ) ++whose DN exactly matches ++.BR pattern . ++ ++The currently supported limits are ++.B size ++and ++.BR time . ++ ++The syntax for time limits is ++.BR time[.{soft|hard}]=<integer> , ++where ++.I integer ++is the number of seconds slapd will spend answering a search request. ++If no time limit is explicitly requested by the client, the ++.BR soft ++limit is used; if the requested time limit exceeds the ++.BR hard ++."limit, an ++.".I "Administrative limit exceeded" ++."error is returned. ++limit, the value of the limit is used instead. ++If the ++.BR hard ++limit is set to the keyword ++.IR soft , ++the soft limit is used in either case; if it is set to the keyword ++.IR unlimited , ++no hard limit is enforced. ++Explicit requests for time limits smaller or equal to the ++.BR hard ++limit are honored. ++If no limit specifier is set, the value is assigned to the ++.BR soft ++limit, and the ++.BR hard ++limit is set to ++.IR soft , ++to preserve the original behavior. ++ ++The syntax for size limits is ++.BR size[.{soft|hard|unchecked}]=<integer> , ++where ++.I integer ++is the maximum number of entries slapd will return answering a search ++request. ++If no size limit is explicitly requested by the client, the ++.BR soft ++limit is used; if the requested size limit exceeds the ++.BR hard ++."limit, an ++.".I "Administrative limit exceeded" ++."error is returned. ++limit, the value of the limit is used instead. ++If the ++.BR hard ++limit is set to the keyword ++.IR soft , ++the soft limit is used in either case; if it is set to the keyword ++.IR unlimited , ++no hard limit is enforced. ++Explicit requests for size limits smaller or equal to the ++.BR hard ++limit are honored. ++The ++.BR unchecked ++specifier sets a limit on the number of candidates a search request is allowed ++to examine. ++The rationale behind it is that searches for non-properly indexed ++attributes may result in large sets of candidates, which must be ++examined by ++.BR slapd (8) ++to determine whether they match the search filter or not. ++The ++.B unchecked ++limit provides a means to drop such operations before they are even ++started. ++If the selected candidates exceed the ++.BR unchecked ++limit, the search will abort with ++.IR "Unwilling to perform" . ++If it is set to the keyword ++.IR unlimited , ++no limit is applied (the default). ++If it is set to ++.IR disabled , ++the search is not even performed; this can be used to disallow searches ++for a specific set of users. ++If no limit specifier is set, the value is assigned to the ++.BR soft ++limit, and the ++.BR hard ++limit is set to ++.IR soft , ++to preserve the original behavior. ++ ++In case of no match, the global limits are used. ++The default values are the same as for ++.B olcSizeLimit ++and ++.BR olcTimeLimit ; ++no limit is set on ++.BR unchecked . ++ ++If ++.B pagedResults ++control is requested, the ++.B hard ++size limit is used by default, because the request of a specific page size ++is considered an explicit request for a limitation on the number ++of entries to be returned. ++However, the size limit applies to the total count of entries returned within ++the search, and not to a single page. ++Additional size limits may be enforced; the syntax is ++.BR size.pr={<integer>|noEstimate|unlimited} , ++where ++.I integer ++is the max page size if no explicit limit is set; the keyword ++.I noEstimate ++inhibits the server from returning an estimate of the total number ++of entries that might be returned ++(note: the current implementation does not return any estimate). ++The keyword ++.I unlimited ++indicates that no limit is applied to the pagedResults control page size. ++The syntax ++.B size.prtotal={<integer>|hard|unlimited|disabled} ++allows one to set a limit on the total number of entries that the pagedResults ++control will return. ++By default it is set to the ++.B hard ++limit which will use the size.hard value. ++When set, ++.I integer ++is the max number of entries that the whole search with pagedResults control ++can return. ++Use ++.I unlimited ++to allow unlimited number of entries to be returned, e.g. to allow ++the use of the pagedResults control as a means to circumvent size ++limitations on regular searches; the keyword ++.I disabled ++disables the control, i.e. no paged results can be returned. ++Note that the total number of entries returned when the pagedResults control ++is requested cannot exceed the ++.B hard ++size limit of regular searches unless extended by the ++.B prtotal ++switch. ++ ++The \fBolcLimits\fP statement is typically used to let an unlimited ++number of entries be returned by searches performed ++with the identity used by the consumer for synchronization purposes ++by means of the RFC 4533 LDAP Content Synchronization protocol ++(see \fBolcSyncrepl\fP for details). ++ ++When using subordinate databases, it is necessary for any limits that ++are to be applied across the parent and its subordinates to be defined in ++both the parent and its subordinates. Otherwise the settings on the ++subordinate databases are not honored. ++.RE ++.TP ++.B olcMaxDerefDepth: <depth> ++Specifies the maximum number of aliases to dereference when trying to ++resolve an entry, used to avoid infinite alias loops. The default is 15. ++.TP ++.B olcMultiProvider: TRUE | FALSE ++This option puts a consumer database into Multi-Provider mode. Update ++operations will be accepted from any user, not just the updatedn. The ++database must already be configured as a syncrepl consumer ++before this keyword may be set. This mode also requires a ++.B olcServerID ++(see above) to be configured. ++By default, this setting is FALSE. ++.TP ++.B olcMonitoring: TRUE | FALSE ++This option enables database-specific monitoring in the entry related ++to the current database in the "cn=Databases,cn=Monitor" subtree ++of the monitor database, if the monitor database is enabled. ++Currently, only the MDB database provides database-specific monitoring. ++If monitoring is supported by the backend it defaults to TRUE, otherwise ++FALSE. ++.TP ++.B olcPlugin: <plugin_type> <lib_path> <init_function> [<arguments>] ++Configure a SLAPI plugin. See the ++.BR slapd.plugin (5) ++manpage for more details. ++.TP ++.B olcRootDN: <dn> ++Specify the distinguished name that is not subject to access control ++or administrative limit restrictions for operations on this database. ++This DN may or may not be associated with an entry. An empty root ++DN (the default) specifies no root access is to be granted. It is ++recommended that the rootdn only be specified when needed (such as ++when initially populating a database). If the rootdn is within ++a namingContext (suffix) of the database, a simple bind password ++may also be provided using the ++.B olcRootPW ++directive. Many optional features, including syncrepl, require the ++rootdn to be defined for the database. ++The ++.B olcRootDN ++of the ++.B cn=config ++database defaults to ++.B cn=config ++itself. ++.TP ++.B olcRootPW: <password> ++Specify a password (or hash of the password) for the rootdn. The ++password can only be set if the rootdn is within the namingContext ++(suffix) of the database. ++This option accepts all RFC 2307 userPassword formats known to ++the server (see ++.B olcPasswordHash ++description) as well as cleartext. ++.BR slappasswd (8) ++may be used to generate a hash of a password. Cleartext ++and \fB{CRYPT}\fP passwords are not recommended. If empty ++(the default), authentication of the root DN is by other means ++(e.g. SASL). Use of SASL is encouraged. ++.TP ++.B olcSubordinate: [TRUE | FALSE | advertise] ++Specify that the current backend database is a subordinate of another ++backend database. A subordinate database may have only one suffix. This ++option may be used to glue multiple databases into a single namingContext. ++If the suffix of the current database is within the namingContext of a ++superior database, searches against the superior database will be ++propagated to the subordinate as well. All of the databases ++associated with a single namingContext should have identical rootdns. ++Behavior of other LDAP operations is unaffected by this setting. In ++particular, it is not possible to use moddn to move an entry from ++one subordinate to another subordinate within the namingContext. ++ ++If the optional \fBadvertise\fP flag is supplied, the naming context of ++this database is advertised in the root DSE. The default is to hide this ++database context, so that only the superior context is visible. ++ ++If the slap tools ++.BR slapcat (8), ++.BR slapadd (8), ++.BR slapmodify (8), ++or ++.BR slapindex (8) ++are used on the superior database, any glued subordinates that support ++these tools are opened as well. ++ ++Databases that are glued together should usually be configured with the ++same indices (assuming they support indexing), even for attributes that ++only exist in some of these databases. In general, all of the glued ++databases should be configured as similarly as possible, since the intent ++is to provide the appearance of a single directory. ++ ++Note that the subordinate functionality is implemented internally ++by the \fIglue\fP overlay and as such its behavior will interact with other ++overlays in use. By default, the glue overlay is automatically configured as ++the last overlay on the superior database. Its position on the database ++can be explicitly configured by setting an \fBoverlay glue\fP directive ++at the desired position. This explicit configuration is necessary e.g. ++when using the \fIsyncprov\fP overlay, which needs to follow \fIglue\fP ++in order to work over all of the glued databases. E.g. ++.RS ++.nf ++ dn: olcDatabase={1}mdb,cn=config ++ olcSuffix: dc=example,dc=com ++ ... ++ ++ dn: olcOverlay={0}glue,olcDatabase={1}mdb,cn=config ++ ... ++ ++ dn: olcOverlay={1}syncprov,olcDatabase={1}mdb,cn=config ++ ... ++.fi ++.RE ++See the Overlays section below for more details. ++.TP ++.B olcSuffix: <dn suffix> ++Specify the DN suffix of queries that will be passed to this ++backend database. Multiple suffix lines can be given and at least one is ++required for each database definition. ++ ++If the suffix of one database is "inside" that of another, the database ++with the inner suffix must come first in the configuration file. ++You may also want to glue such databases together with the ++.B olcSubordinate ++attribute. ++.TP ++.B olcSyncUseSubentry: TRUE | FALSE ++Store the syncrepl contextCSN in a subentry instead of the context entry ++of the database. The subentry's RDN will be "cn=ldapsync". The default is ++FALSE, meaning the contextCSN is stored in the context entry. ++.HP ++.hy 0 ++.B olcSyncrepl: rid=<replica ID> ++.B provider=ldap[s]://<hostname>[:port] ++.B searchbase=<base DN> ++.B [type=refreshOnly|refreshAndPersist] ++.B [interval=dd:hh:mm:ss] ++.B [retry=[<retry interval> <# of retries>]+] ++.B [filter=<filter str>] ++.B [scope=sub|one|base|subord] ++.B [attrs=<attr list>] ++.B [exattrs=<attr list>] ++.B [attrsonly] ++.B [sizelimit=<limit>] ++.B [timelimit=<limit>] ++.B [schemachecking=on|off] ++.B [network-timeout=<seconds>] ++.B [timeout=<seconds>] ++.B [tcp-user-timeout=<milliseconds>] ++.B [bindmethod=simple|sasl] ++.B [binddn=<dn>] ++.B [saslmech=<mech>] ++.B [authcid=<identity>] ++.B [authzid=<identity>] ++.B [credentials=<passwd>] ++.B [realm=<realm>] ++.B [secprops=<properties>] ++.B [keepalive=<idle>:<probes>:<interval>] ++.B [starttls=yes|critical] ++.B [tls_cert=<file>] ++.B [tls_key=<file>] ++.B [tls_cacert=<file>] ++.B [tls_cacertdir=<path>] ++.B [tls_reqcert=never|allow|try|demand] ++.B [tls_reqsan=never|allow|try|demand] ++.B [tls_cipher_suite=<ciphers>] ++.B [tls_ecname=<names>] ++.B [tls_crlcheck=none|peer|all] ++.B [tls_protocol_min=<major>[.<minor>]] ++.B [suffixmassage=<real DN>] ++.B [logbase=<base DN>] ++.B [logfilter=<filter str>] ++.B [syncdata=default|accesslog|changelog] ++.B [lazycommit] ++.RS ++Specify the current database as a consumer which is kept up-to-date with the ++provider content by establishing the current ++.BR slapd (8) ++as a replication consumer site running a ++.B syncrepl ++replication engine. ++The consumer content is kept synchronized to the provider content using ++the LDAP Content Synchronization protocol. Refer to the ++"OpenLDAP Administrator's Guide" for detailed information on ++setting up a replicated ++.B slapd ++directory service using the ++.B syncrepl ++replication engine. ++ ++.B rid ++identifies the current ++.B syncrepl ++directive within the replication consumer site. ++It is a non-negative integer not greater than 999 (limited ++to three decimal digits). ++ ++.B provider ++specifies the replication provider site containing the provider content ++as an LDAP URI. If <port> is not given, the standard LDAP port number ++(389 or 636) is used. ++ ++The content of the ++.B syncrepl ++consumer is defined using a search ++specification as its result set. The consumer ++.B slapd ++will send search requests to the provider ++.B slapd ++according to the search specification. The search specification includes ++.BR searchbase ", " scope ", " filter ", " attrs ", " attrsonly ", " sizelimit ", " ++and ++.B timelimit ++parameters as in the normal search specification. The ++.B exattrs ++option may also be used to specify attributes that should be omitted ++from incoming entries. ++The \fBscope\fP defaults to \fBsub\fP, the \fBfilter\fP defaults to ++\fB(objectclass=*)\fP, and there is no default \fBsearchbase\fP. The ++\fBattrs\fP list defaults to \fB"*,+"\fP to return all user and operational ++attributes, and \fBattrsonly\fP and \fBexattrs\fP are unset by default. ++The \fBsizelimit\fP and \fBtimelimit\fP only ++accept "unlimited" and positive integers, and both default to "unlimited". ++The \fBsizelimit\fP and \fBtimelimit\fP parameters define ++a consumer requested limitation on the number of entries that can be returned ++by the LDAP Content Synchronization operation; as such, it is intended ++to implement partial replication based on the size of the replicated database ++and on the time required by the synchronization. ++Note, however, that any provider-side limits for the replication identity ++will be enforced by the provider regardless of the limits requested ++by the LDAP Content Synchronization operation, much like for any other ++search operation. ++ ++The LDAP Content Synchronization protocol has two operation types. ++In the ++.B refreshOnly ++operation, the next synchronization search operation ++is periodically rescheduled at an interval time (specified by ++.B interval ++parameter; 1 day by default) ++after each synchronization operation finishes. ++In the ++.B refreshAndPersist ++operation, a synchronization search remains persistent in the provider slapd. ++Further updates to the provider will generate ++.B searchResultEntry ++to the consumer slapd as the search responses to the persistent ++synchronization search. If the initial search fails due to an error, the ++next synchronization search operation is periodically rescheduled at an ++interval time (specified by ++.B interval ++parameter; 1 day by default) ++ ++If an error occurs during replication, the consumer will attempt to ++reconnect according to the ++.B retry ++parameter which is a list of the <retry interval> and <# of retries> pairs. ++For example, retry="60 10 300 3" lets the consumer retry every 60 seconds ++for the first 10 times and then retry every 300 seconds for the next 3 ++times before stop retrying. The `+' in <# of retries> means indefinite ++number of retries until success. ++If no ++.B retry ++is specified, by default syncrepl retries every hour forever. ++ ++The schema checking can be enforced at the LDAP Sync ++consumer site by turning on the ++.B schemachecking ++parameter. The default is \fBoff\fP. ++Schema checking \fBon\fP means that replicated entries must have ++a structural objectClass, must obey to objectClass requirements ++in terms of required/allowed attributes, and that naming attributes ++and distinguished values must be present. ++As a consequence, schema checking should be \fBoff\fP when partial ++replication is used. ++ ++The ++.B network-timeout ++parameter sets how long the consumer will wait to establish a ++network connection to the provider. Once a connection is ++established, the ++.B timeout ++parameter determines how long the consumer will wait for the initial ++Bind request to complete. The defaults for these parameters come ++from ++.BR ldap.conf (5). ++The ++.B tcp-user-timeout ++parameter, if non-zero, corresponds to the ++.B TCP_USER_TIMEOUT ++set on the target connections, overriding the operating system setting. ++Only some systems support the customization of this parameter, it is ++ignored otherwise and system-wide settings are used. ++ ++A ++.B bindmethod ++of ++.B simple ++requires the options ++.B binddn ++and ++.B credentials ++and should only be used when adequate security services ++(e.g. TLS or IPSEC) are in place. ++.B REMEMBER: simple bind credentials must be in cleartext! ++A ++.B bindmethod ++of ++.B sasl ++requires the option ++.B saslmech. ++Depending on the mechanism, an authentication identity and/or ++credentials can be specified using ++.B authcid ++and ++.B credentials. ++The ++.B authzid ++parameter may be used to specify an authorization identity. ++Specific security properties (as with the ++.B sasl-secprops ++keyword above) for a SASL bind can be set with the ++.B secprops ++option. A non default SASL realm can be set with the ++.B realm ++option. ++The identity used for synchronization by the consumer should be allowed ++to receive an unlimited number of entries in response to a search request. ++The provider, other than allowing authentication of the syncrepl identity, ++should grant that identity appropriate access privileges to the data ++that is being replicated (\fBaccess\fP directive), and appropriate time ++and size limits. ++This can be accomplished by either allowing unlimited \fBsizelimit\fP ++and \fBtimelimit\fP, or by setting an appropriate \fBlimits\fP statement ++in the consumer's configuration (see \fBsizelimit\fP and \fBlimits\fP ++for details). ++ ++The ++.B keepalive ++parameter sets the values of \fIidle\fP, \fIprobes\fP, and \fIinterval\fP ++used to check whether a socket is alive; ++.I idle ++is the number of seconds a connection needs to remain idle before TCP ++starts sending keepalive probes; ++.I probes ++is the maximum number of keepalive probes TCP should send before dropping ++the connection; ++.I interval ++is interval in seconds between individual keepalive probes. ++Only some systems support the customization of these values; ++the ++.B keepalive ++parameter is ignored otherwise, and system-wide settings are used. ++ ++The ++.B starttls ++parameter specifies use of the StartTLS extended operation ++to establish a TLS session before Binding to the provider. If the ++.B critical ++argument is supplied, the session will be aborted if the StartTLS request ++fails. Otherwise the syncrepl session continues without TLS. The ++.B tls_reqcert ++setting defaults to "demand", the ++.B tls_reqsan ++setting defaults to "allow", and the other TLS settings ++default to the same as the main slapd TLS settings. ++ ++The ++.B suffixmassage ++parameter allows the consumer to pull entries from a remote directory ++whose DN suffix differs from the local directory. The portion of the ++remote entries' DNs that matches the \fIsearchbase\fP will be replaced ++with the suffixmassage DN. ++ ++Rather than replicating whole entries, the consumer can query logs of ++data modifications. This mode of operation is referred to as \fIdelta ++syncrepl\fP. In addition to the above parameters, the ++.B logbase ++and ++.B logfilter ++parameters must be set appropriately for the log that will be used. The ++.B syncdata ++parameter must be set to either "accesslog" if the log conforms to the ++.BR slapo-accesslog (5) ++log format, or "changelog" if the log conforms ++to the obsolete \fIchangelog\fP format. If the ++.B syncdata ++parameter is omitted or set to "default" then the log parameters are ++ignored. ++ ++The ++.B lazycommit ++parameter tells the underlying database that it can store changes without ++performing a full flush after each change. This may improve performance ++for the consumer, while sacrificing safety or durability. ++.RE ++.TP ++.B olcUpdateDN: <dn> ++This option is only applicable in a replica ++database. ++It specifies the DN permitted to update (subject to access controls) ++the replica. It is only needed in certain push-mode ++replication scenarios. Generally, this DN ++.I should not ++be the same as the ++.B rootdn ++used at the provider. ++.TP ++.B olcUpdateRef: <url> ++Specify the referral to pass back when ++.BR slapd (8) ++is asked to modify a replicated local database. ++If multiple values are specified, each url is provided. ++ ++.SH DATABASE-SPECIFIC OPTIONS ++Each database may allow specific configuration options; they are ++documented separately in the backends' manual pages. See the ++.BR slapd.backends (5) ++manual page for an overview of available backends. ++.SH OVERLAYS ++An overlay is a piece of ++code that intercepts database operations in order to extend or change ++them. Overlays are pushed onto ++a stack over the database, and so they will execute in the reverse ++of the order in which they were configured and the database itself ++will receive control last of all. ++ ++Overlays must be configured as child entries of a specific database. The ++entry's RDN must be of the form ++.B olcOverlay={x}<overlaytype> ++and the entry must have the olcOverlayConfig objectClass. Normally the ++config engine generates the "{x}" index in the RDN automatically, so ++it can be omitted when initially loading these entries. ++ ++See the ++.BR slapd.overlays (5) ++manual page for an overview of available overlays. ++.SH EXAMPLES ++.LP ++Here is a short example of a configuration in LDIF suitable for use with ++.BR slapadd (8) ++: ++.LP ++.RS ++.nf ++dn: cn=config ++objectClass: olcGlobal ++cn: config ++olcPidFile: LOCALSTATEDIR/run/slapd.pid ++olcAttributeOptions: x-hidden lang- ++ ++dn: cn=schema,cn=config ++objectClass: olcSchemaConfig ++cn: schema ++ ++include: file://SYSCONFDIR/schema/core.ldif ++ ++dn: olcDatabase=frontend,cn=config ++objectClass: olcDatabaseConfig ++objectClass: olcFrontendConfig ++olcDatabase: frontend ++# Subtypes of "name" (e.g. "cn" and "ou") with the ++# option ";x-hidden" can be searched for/compared, ++# but are not shown. See \fBslapd.access\fP(5). ++olcAccess: to attrs=name;x-hidden by * =cs ++# Protect passwords. See \fBslapd.access\fP(5). ++olcAccess: to attrs=userPassword by * auth ++# Read access to other attributes and entries. ++olcAccess: to * by * read ++ ++# set a rootpw for the config database so we can bind. ++# deny access to everyone else. ++dn: olcDatabase=config,cn=config ++objectClass: olcDatabaseConfig ++olcDatabase: config ++olcRootPW: {SSHA}XKYnrjvGT3wZFQrDD5040US592LxsdLy ++olcAccess: to * by * none ++ ++dn: olcDatabase=mdb,cn=config ++objectClass: olcDatabaseConfig ++objectClass: olcMdbConfig ++olcDatabase: mdb ++olcSuffix: "dc=our-domain,dc=com" ++# The database directory MUST exist prior to ++# running slapd AND should only be accessible ++# by the slapd/tools. Mode 0700 recommended. ++olcDbDirectory: LOCALSTATEDIR/openldap-data ++# Indices to maintain ++olcDbIndex: objectClass eq ++olcDbIndex: cn,sn,mail pres,eq,approx,sub ++ ++# We serve small clients that do not handle referrals, ++# so handle remote lookups on their behalf. ++dn: olcDatabase=ldap,cn=config ++objectClass: olcDatabaseConfig ++objectClass: olcLdapConfig ++olcDatabase: ldap ++olcSuffix: "" ++olcDbUri: ldap://ldap.some-server.com/ ++.fi ++.RE ++.LP ++Assuming the above data was saved in a file named "config.ldif" and the ++ETCDIR/slapd.d directory has been created, this command will initialize ++the configuration: ++.RS ++.nf ++slapadd -F ETCDIR/slapd.d -n 0 -l config.ldif ++.fi ++.RE ++ ++.LP ++"OpenLDAP Administrator's Guide" contains a longer annotated ++example of a slapd configuration. ++ ++Alternatively, an existing slapd.conf file can be converted to the new ++format using slapd or any of the slap tools: ++.RS ++.nf ++slaptest -f ETCDIR/slapd.conf -F ETCDIR/slapd.d ++.fi ++.RE ++ ++.SH FILES ++.TP ++ETCDIR/slapd.conf ++default slapd configuration file ++.TP ++ETCDIR/slapd.d ++default slapd configuration directory ++.SH SEE ALSO ++.BR ldap (3), ++.BR ldif (5), ++.BR gnutls-cli (1), ++.BR slapd.access (5), ++.BR slapd.backends (5), ++.BR slapd.conf (5), ++.BR slapd.overlays (5), ++.BR slapd.plugin (5), ++.BR slapd (8), ++.BR slapacl (8), ++.BR slapadd (8), ++.BR slapauth (8), ++.BR slapcat (8), ++.BR slapdn (8), ++.BR slapindex (8), ++.BR slapmodify (8), ++.BR slappasswd (8), ++.BR slaptest (8). ++.LP ++"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/) ++.SH ACKNOWLEDGEMENTS ++.so ../Project +diff -Naurp openldap-2.6.1.orig/doc/man/man8/lloadd.8 openldap-2.6.1/doc/man/man8/lloadd.8 +--- openldap-2.6.1.orig/doc/man/man8/lloadd.8 2022-01-19 12:32:34.000000000 -0600 ++++ openldap-2.6.1/doc/man/man8/lloadd.8 2022-02-13 15:55:12.222721830 -0600 +@@ -5,7 +5,7 @@ + .SH NAME + lloadd - LDAP Load Balancer Daemon + .SH SYNOPSIS +-.B LIBEXECDIR/lloadd ++.B SBINDIR/lloadd + [\c + .BR -4 | -6 ] + [\c +diff -Naurp openldap-2.6.1.orig/doc/man/man8/slapd.8 openldap-2.6.1/doc/man/man8/slapd.8 +--- openldap-2.6.1.orig/doc/man/man8/slapd.8 2022-01-19 12:32:34.000000000 -0600 ++++ openldap-2.6.1/doc/man/man8/slapd.8 2022-02-13 15:55:00.466773546 -0600 +@@ -5,7 +5,7 @@ + .SH NAME + slapd - Stand-alone LDAP Daemon + .SH SYNOPSIS +-.B LIBEXECDIR/slapd ++.B SBINDIR/slapd + [\c + .BR -V [ V [ V ]] + [\c +diff -Naurp openldap-2.6.1.orig/include/ldap_defaults.h openldap-2.6.1/include/ldap_defaults.h +--- openldap-2.6.1.orig/include/ldap_defaults.h 2022-01-19 12:32:34.000000000 -0600 ++++ openldap-2.6.1/include/ldap_defaults.h 2022-02-13 15:54:13.654979570 -0600 +@@ -39,7 +39,7 @@ + #define LDAP_ENV_PREFIX "LDAP" + + /* default ldapi:// socket */ +-#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "run" LDAP_DIRSEP "ldapi" ++#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "run" LDAP_DIRSEP "openldap" LDAP_DIRSEP "ldapi" + + /* + * SLAPD DEFINITIONS +@@ -47,7 +47,7 @@ + /* location of the default slapd config file */ + #define SLAPD_DEFAULT_CONFIGFILE LDAP_SYSCONFDIR LDAP_DIRSEP "slapd.conf" + #define SLAPD_DEFAULT_CONFIGDIR LDAP_SYSCONFDIR LDAP_DIRSEP "slapd.d" +-#define SLAPD_DEFAULT_DB_DIR LDAP_RUNDIR LDAP_DIRSEP "openldap-data" ++#define SLAPD_DEFAULT_DB_DIR LDAP_RUNDIR LDAP_DIRSEP "lib" LDAP_DIRSEP "openldap" + #define SLAPD_DEFAULT_DB_MODE 0600 + #define SLAPD_DEFAULT_UCDATA LDAP_DATADIR LDAP_DIRSEP "ucdata" + /* default max deref depth for aliases */ +diff -Naurp openldap-2.6.1.orig/libraries/liblber/Makefile.in openldap-2.6.1/libraries/liblber/Makefile.in +--- openldap-2.6.1.orig/libraries/liblber/Makefile.in 2022-01-19 12:32:34.000000000 -0600 ++++ openldap-2.6.1/libraries/liblber/Makefile.in 2022-02-13 15:54:13.654979570 -0600 +@@ -51,6 +51,6 @@ idtest: $(XLIBS) idtest.o + + install-local: FORCE + -$(MKDIR) $(DESTDIR)$(libdir) +- $(LTINSTALL) $(INSTALLFLAGS) -m 644 $(LIBRARY) $(DESTDIR)$(libdir) ++ $(LTINSTALL) $(INSTALLFLAGS) -m 755 $(LIBRARY) $(DESTDIR)$(libdir) + $(LTFINISH) $(DESTDIR)$(libdir) + +diff -Naurp openldap-2.6.1.orig/libraries/libldap/Makefile.in openldap-2.6.1/libraries/libldap/Makefile.in +--- openldap-2.6.1.orig/libraries/libldap/Makefile.in 2022-01-19 12:32:34.000000000 -0600 ++++ openldap-2.6.1/libraries/libldap/Makefile.in 2022-02-13 15:54:13.654979570 -0600 +@@ -82,7 +82,7 @@ CFFILES=ldap.conf + + install-local: $(CFFILES) FORCE + -$(MKDIR) $(DESTDIR)$(libdir) +- $(LTINSTALL) $(INSTALLFLAGS) -m 644 $(LIBRARY) $(DESTDIR)$(libdir) ++ $(LTINSTALL) $(INSTALLFLAGS) -m 755 $(LIBRARY) $(DESTDIR)$(libdir) + $(LTFINISH) $(DESTDIR)$(libdir) + -$(MKDIR) $(DESTDIR)$(sysconfdir) + @for i in $(CFFILES); do \ +diff -Naurp openldap-2.6.1.orig/servers/slapd/Makefile.in openldap-2.6.1/servers/slapd/Makefile.in +--- openldap-2.6.1.orig/servers/slapd/Makefile.in 2022-01-19 12:32:34.000000000 -0600 ++++ openldap-2.6.1/servers/slapd/Makefile.in 2022-02-13 15:54:13.655979565 -0600 +@@ -374,9 +374,10 @@ install-local-srv: install-slapd install + + install-slapd: FORCE + -$(MKDIR) $(DESTDIR)$(libexecdir) ++ -$(MKDIR) $(DESTDIR)$(sbindir) + -$(MKDIR) $(DESTDIR)$(localstatedir)/run + $(LTINSTALL) $(INSTALLFLAGS) $(STRIP_OPTS) -m 755 \ +- slapd$(EXEEXT) $(DESTDIR)$(libexecdir) ++ slapd$(EXEEXT) $(DESTDIR)$(sbindir) + @for i in $(SUBDIRS); do \ + if test -d $$i && test -f $$i/Makefile ; then \ + echo; echo " cd $$i && $(MAKE) $(MFLAGS) install"; \ +@@ -452,9 +453,9 @@ install-conf: FORCE + + install-db-config: FORCE + @-$(MKDIR) $(DESTDIR)$(localstatedir) $(DESTDIR)$(sysconfdir) +- @-$(INSTALL) -m 700 -d $(DESTDIR)$(localstatedir)/openldap-data ++ @-$(INSTALL) -m 700 -d $(DESTDIR)$(localstatedir)/lib/openldap + $(INSTALL) $(INSTALLFLAGS) -m 600 $(srcdir)/DB_CONFIG \ +- $(DESTDIR)$(localstatedir)/openldap-data/DB_CONFIG.example ++ $(DESTDIR)$(localstatedir)/lib/openldap/DB_CONFIG.example + $(INSTALL) $(INSTALLFLAGS) -m 600 $(srcdir)/DB_CONFIG \ + $(DESTDIR)$(sysconfdir)/DB_CONFIG.example + +@@ -462,6 +463,6 @@ install-tools: FORCE + -$(MKDIR) $(DESTDIR)$(sbindir) + for i in $(SLAPTOOLS); do \ + $(RM) $(DESTDIR)$(sbindir)/$$i$(EXEEXT); \ +- $(LN_S) -f $(DESTDIR)$(libexecdir)/slapd$(EXEEXT) $(DESTDIR)$(sbindir)/$$i$(EXEEXT); \ ++ $(LN_S) -f $(DESTDIR)$(sbindir)/slapd$(EXEEXT) $(DESTDIR)$(sbindir)/$$i$(EXEEXT); \ + done + +diff -Naurp openldap-2.6.1.orig/servers/slapd/slapd.conf openldap-2.6.1/servers/slapd/slapd.conf +--- openldap-2.6.1.orig/servers/slapd/slapd.conf 2022-01-19 12:32:34.000000000 -0600 ++++ openldap-2.6.1/servers/slapd/slapd.conf 2022-02-13 15:54:13.655979565 -0600 +@@ -10,8 +10,9 @@ include %SYSCONFDIR%/schema/core.schema + # service AND an understanding of referrals. + #referral ldap://root.openldap.org + +-pidfile %LOCALSTATEDIR%/run/slapd.pid +-argsfile %LOCALSTATEDIR%/run/slapd.args ++pidfile %LOCALSTATEDIR%/run/openldap/slapd.pid ++argsfile %LOCALSTATEDIR%/run/openldap/slapd.args ++ + + # Load dynamic backend modules: + modulepath %MODULEDIR% +@@ -69,7 +70,7 @@ rootpw secret + # The database directory MUST exist prior to running slapd AND + # should only be accessible by the slapd and slap tools. + # Mode 700 recommended. +-directory %LOCALSTATEDIR%/openldap-data ++directory %LOCALSTATEDIR%/lib/openldap + # Indices to maintain + index objectClass eq + +diff -Naurp openldap-2.6.1.orig/servers/slapd/slapd.ldif openldap-2.6.1/servers/slapd/slapd.ldif +--- openldap-2.6.1.orig/servers/slapd/slapd.ldif 2022-01-19 12:32:34.000000000 -0600 ++++ openldap-2.6.1/servers/slapd/slapd.ldif 2022-02-13 15:54:13.655979565 -0600 +@@ -9,8 +9,8 @@ cn: config + # + # Define global ACLs to disable default read access. + # +-olcArgsFile: %LOCALSTATEDIR%/run/slapd.args +-olcPidFile: %LOCALSTATEDIR%/run/slapd.pid ++olcArgsFile: %LOCALSTATEDIR%/run/openldap/slapd.args ++olcPidFile: %LOCALSTATEDIR%/run/openldap/slapd.pid + # + # Do not enable referrals until AFTER you have a working directory + # service AND an understanding of referrals. +@@ -88,7 +88,7 @@ olcRootPW: secret + # The database directory MUST exist prior to running slapd AND + # should only be accessible by the slapd and slap tools. + # Mode 700 recommended. +-olcDbDirectory: %LOCALSTATEDIR%/openldap-data ++olcDbDirectory: %LOCALSTATEDIR%/lib/openldap + # Indices to maintain + olcDbIndex: objectClass eq + +diff -Naurp openldap-2.6.1.orig/servers/slapd/slapi/Makefile.in openldap-2.6.1/servers/slapd/slapi/Makefile.in +--- openldap-2.6.1.orig/servers/slapd/slapi/Makefile.in 2022-01-19 12:32:34.000000000 -0600 ++++ openldap-2.6.1/servers/slapd/slapi/Makefile.in 2022-02-13 15:54:13.655979565 -0600 +@@ -46,6 +46,6 @@ BUILD_MOD = @BUILD_SLAPI@ + install-local: FORCE + if test "$(BUILD_MOD)" = "yes"; then \ + $(MKDIR) $(DESTDIR)$(libdir); \ +- $(LTINSTALL) $(INSTALLFLAGS) -m 644 $(LIBRARY) $(DESTDIR)$(libdir); \ ++ $(LTINSTALL) $(INSTALLFLAGS) -m 755 $(LIBRARY) $(DESTDIR)$(libdir); \ + fi + diff --git a/src/patches/openldap-gcc44-fixes.patch b/src/patches/openldap-gcc44-fixes.patch deleted file mode 100644 index 53b8ea047..000000000 --- a/src/patches/openldap-gcc44-fixes.patch +++ /dev/null @@ -1,31 +0,0 @@ ---- include/ldap_pvt_thread.h~ 2008-11-12 07:37:16.000000000 +0000 -+++ include/ldap_pvt_thread.h 2008-11-12 08:01:45.000000000 +0000 -@@ -59,12 +59,12 @@ - - #ifndef LDAP_PVT_THREAD_H_DONE - #define LDAP_PVT_THREAD_SET_STACK_SIZE --#ifndef LDAP_PVT_THREAD_STACK_SIZE -- /* LARGE stack. Will be twice as large on 64 bit machine. */ --#define LDAP_PVT_THREAD_STACK_SIZE ( 1 * 1024 * 1024 * sizeof(void *) ) - /* May be explicitly defined to zero to disable it */ --#elif LDAP_PVT_THREAD_STACK_SIZE == 0 -+#if LDAP_PVT_THREAD_STACK_SIZE == 0 - #undef LDAP_PVT_THREAD_SET_STACK_SIZE -+#elif !defined(LDAP_PVT_THREAD_STACK_SIZE) -+ /* LARGE stack. Will be twice as large on 64 bit machine. */ -+#define LDAP_PVT_THREAD_STACK_SIZE ( 1 * 1024 * 1024 * sizeof(void *) ) - #endif - #endif /* !LDAP_PVT_THREAD_H_DONE */ - ---- libraries/libldap/os-ip.c~ 2008-11-12 07:33:10.000000000 +0000 -+++ libraries/libldap/os-ip.c 2008-11-12 07:33:31.000000000 +0000 -@@ -690,7 +690,7 @@ - char *herr; - #ifdef NI_MAXHOST - char hbuf[NI_MAXHOST]; --#elif defined( MAXHOSTNAMELEN -+#elif defined( MAXHOSTNAMELEN ) - char hbuf[MAXHOSTNAMELEN]; - #else - char hbuf[256]; -
hooks/post-receive -- IPFire 2.x development tree