openldap: version update and new build parameters

This patch updates OpenLDAP to 2.4.47, introduces new build
parameters and places openldap-server, openldap-utils and
libopenldap under a separate menu item in Network.

OpenLDAP is difficult to find in menuconfig at present. Making
a separate menu item for OpenLDAP for selection of packages and
enabling or disabling build parameters makes better sense.

To have access to the loglevel directive, OpenLDAP must be built
with debugging information. Having access to the loglevel directive
is essential during the initial configuration of OpenLDAP server.

International users may want to enable ICU support to have access
to international characters.

Signed-off-by: Val Kulkov <val.kulkov@gmail.com>

libs/openldap/Makefile

@@ -8,44 +8,72 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openldap
-PKG_VERSION:=2.4.46
-PKG_RELEASE:=2
+PKG_VERSION:=2.4.47
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tgz
 PKG_SOURCE_URL:=https://gpl.savoirfairelinux.net/pub/mirrors/openldap/openldap-release/ \
 	http://mirror.eu.oneandone.net/software/openldap/openldap-release/ \
 	http://mirror.switch.ch/ftp/software/mirror/OpenLDAP/openldap-release/ \
 	https://www.openldap.org/software/download/OpenLDAP/openldap-release/
-PKG_HASH:=9a90dcb86b99ae790ccab93b7585a31fbcbeec8c94bf0f7ab0ca0a87ea0c4b2d
+PKG_HASH:=f54c5877865233d9ada77c60c0f69b3e0bfd8b1b55889504c650047cc305520b
 PKG_LICENSE:=OLDAP-2.8
 PKG_LICENSE_FILES:=LICENSE
 
 PKG_FIXUP:=autoreconf
 
+PKG_CONFIG_DEPENDS := \
+        CONFIG_OPENLDAP_DEBUG \
+        CONFIG_OPENLDAP_MONITOR \
+        CONFIG_OPENLDAP_DB47 \
+        CONFIG_OPENLDAP_ICU
+
 include $(INCLUDE_DIR)/package.mk
 
-define Package/openldap/Default
-  TITLE:=LDAP implementation
+define Package/libopenldap/Default
+  SECTION:=net
+  CATEGORY:=Network
+  SUBMENU:=OpenLDAP
+  TITLE:=LDAP directory suite
   URL:=http://www.openldap.org/
   MAINTAINER:=W. Michael Petullo <mike@flyn.org>
 endef
 
-define Package/openldap/Default/description
-	OpenLDAP Software is an open source implementation of the
-	Lightweight Directory Access Protocol (LDAP).
-endef
-
 define Package/libopenldap
-  $(call Package/openldap/Default)
-  SECTION:=libs
-  CATEGORY:=Libraries
-  DEPENDS:=+libopenssl +libsasl2 +libpthread
+  $(call Package/libopenldap/Default)
+  MENU:=1
+  DEPENDS:=+libopenssl +libsasl2 +libpthread +OPENLDAP_DB47:libdb47 +OPENLDAP_ICU:icu
   TITLE+= (libraries)
 endef
 
+define Package/libopenldap/config
+  config OPENLDAP_DEBUG
+	bool "Enable debugging information"
+	default y
+	help
+		Enable debugging information. This option must be enabled
+		for the loglevel directive to work.
+  config OPENLDAP_MONITOR
+	bool "Enable monitor backend"
+	default n
+	help
+		Enable monitor backend to obtain information about the running
+		status of the daemon. See OpenLDAP documentation for more
+		information.
+  config OPENLDAP_DB47
+	bool "Berkeley DB support"
+	default n
+	help
+		Enable Berkeley DB support (BDB).
+  config OPENLDAP_ICU
+	bool "ICU support"
+	default n
+	help
+		Enable ICU (International Components for Unicode) support.
+endef
+
 define Package/libopenldap/description
-	$(call Package/openldap/Default/description)
-	This package contains the shared LDAP client libraries, needed by other programs.
+OpenLDAP Software is an open source implementation of the Lightweight Directory Access Protocol (LDAP). This package contains the shared LDAP client libraries, needed by other programs.
 endef
 
 define Package/libopenldap/conffiles
@@ -53,33 +81,28 @@ define Package/libopenldap/conffiles
 endef
 
 define Package/openldap-utils
-  $(call Package/openldap/Default)
-  SECTION:=utils
-  CATEGORY:=Utilities
+  $(call Package/libopenldap/Default)
   DEPENDS:=+libopenldap
   TITLE+= (utilities)
 endef
 
 define Package/openldap-utils/description
-	$(call Package/openldap/Default/description)
-	This package contains client programs required to access LDAP servers.
+This package contains client programs required to access LDAP servers.
 endef
 
 define Package/openldap-server
-  $(call Package/openldap/Default)
-  SECTION:=net
-  CATEGORY:=Network
+  $(call Package/libopenldap/Default)
   DEPENDS:=+libopenldap +libuuid
   TITLE+= (server)
 endef
 
 define Package/openldap-server/description
-	$(call Package/openldap/Default/description)
-	This package contains server programs required to provide LDAP services.
+This package contains server programs required to provide LDAP services.
 endef
 
 define Package/openldap-server/conffiles
 /etc/openldap/slapd.conf
+/etc/init.d/ldap
 endef
 
 TARGET_CFLAGS += $(FPIC) -lpthread \
@@ -88,44 +111,60 @@ TARGET_CFLAGS += $(FPIC) -lpthread \
 CONFIGURE_ARGS += \
 	--enable-shared \
 	--enable-static \
-	--disable-debug \
 	--enable-dynamic \
 	--enable-syslog \
-	--disable-local \
-	--disable-slurpd \
 	--with-cyrus-sasl \
-	--without-fetch \
 	--with-threads \
 	--with-tls \
 	--with-yielding_select="yes" \
-	--without-threads \
 	--enable-null \
-	--disable-bdb \
-	--disable-hdb \
-	--disable-monitor \
 	--disable-relay
 
-CONFIGURE_VARS += \
-	ol_cv_lib_icu="no"
+
+ifdef CONFIG_OPENLDAP_MONITOR
+	CONFIGURE_ARGS+= --enable-monitor
+else
+	CONFIGURE_ARGS+= --disable-monitor
+endif
+
+ifdef CONFIG_OPENLDAP_DEBUG
+	CONFIGURE_ARGS+= --enable-debug
+else
+	CONFIGURE_ARGS+= --disable-debug
+endif
+
+ifdef CONFIG_OPENLDAP_DB47
+	CONFIGURE_ARGS+= \
+		--enable-bdb \
+		--enable-hdb
+else
+	CONFIGURE_ARGS+= \
+		--disable-bdb \
+		--disable-hdb
+endif
+
+ifndef CONFIG_OPENLDAP_ICU
+	CONFIGURE_VARS += \
+		ol_cv_lib_icu="no"
+endif
 
 define Build/Compile
 	$(MAKE) -C $(PKG_BUILD_DIR) \
 		DESTDIR="$(PKG_INSTALL_DIR)" \
 		HOSTCC="$(HOSTCC)" \
 		depend all install
+	cd $(PKG_BUILD_DIR)/libraries/liblmdb && $(MAKE) $(CONFIGURE_VARS)
 endef
 
 define Build/InstallDev
-	$(INSTALL_DIR) $(1)/usr/include
-	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/include/{lber,ldap}*.h $(1)/usr/include/
-	$(INSTALL_DIR) $(1)/usr/lib/
+	$(INSTALL_DIR) $(1)/usr/include $(1)/usr/lib
+	$(CP) $(PKG_INSTALL_DIR)/usr/include/{lber,ldap}*.h $(1)/usr/include/
 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/lib{lber,ldap}*.{a,so*} $(1)/usr/lib/
 endef
 
 define Package/libopenldap/install
-	$(INSTALL_DIR) $(1)/etc/openldap
-	$(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/openldap/ldap.conf $(1)/etc/openldap/
-	$(INSTALL_DIR) $(1)/usr/lib
+	$(INSTALL_DIR) $(1)/etc/openldap $(1)/usr/lib
+	$(CP) $(PKG_INSTALL_DIR)/etc/openldap/ldap.conf $(1)/etc/openldap/
 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/lib{lber,ldap}*.so.* $(1)/usr/lib/
 endef
 
@@ -138,15 +177,15 @@ define Package/openldap-server/install
 	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_BIN) ./files/ldap.init $(1)/etc/init.d/ldap
 	$(INSTALL_DIR) $(1)/etc/openldap/schema
-	$(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/openldap/schema/* $(1)/etc/openldap/schema/
+	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/openldap/schema/* $(1)/etc/openldap/schema/
 	$(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/openldap/slapd.conf $(1)/etc/openldap/
 	$(INSTALL_DIR) $(1)/usr/sbin
-	# XXX: OpenLDAP installs slapd into libexecdir, not sbindir:
+	# NB: OpenLDAP installs slapd into libexecdir, not sbindir
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/slapd $(1)/usr/sbin/
-	# XXX: switch default backend to ldif, since bdb is disabled
-	$(SED) 's|^\(database\)\([ \t]\+\)bdb|\1\2ldif|g' \
-	    -e 's|^\(index\)|#\1|g' \
-	    $(1)/etc/openldap/slapd.conf
+	$(eval SLAPTOOLS := slapadd slapcat slapdn slapindex slappasswd slaptest slapauth slapacl slapschema)
+	for i in $(SLAPTOOLS); do \
+		$(LN) ./slapd $(1)/usr/sbin/$$$$i; \
+	done
 endef
 
 $(eval $(call BuildPackage,libopenldap))

libs/openldap/patches/001-automake-compat.patch

@@ -286,7 +286,7 @@
 +SHELL = @SHELL@
 +
  SRCS	= init.c config.c opensock.c search.c bind.c unbind.c add.c \
- 		delete.c modify.c modrdn.c compare.c result.c
+ 		delete.c modify.c modrdn.c compare.c result.c extended.c
  OBJS	= init.lo config.lo opensock.lo search.lo bind.lo unbind.lo add.lo \
 --- a/servers/slapd/back-sql/Makefile.in
 +++ b/servers/slapd/back-sql/Makefile.in

libs/openldap/patches/110-reproducible-builds.patch

@@ -1,16 +1,19 @@
-Index: openldap-2.4.45/build/mkversion
-===================================================================
---- openldap-2.4.45.orig/build/mkversion
-+++ openldap-2.4.45/build/mkversion
-@@ -50,7 +50,6 @@ if test $# != 1 ; then
+--- a/build/mkversion
++++ b/build/mkversion
+@@ -50,12 +50,6 @@ if test $# != 1 ; then
  fi
  
  APPLICATION=$1
--WHOWHERE="$USER@`uname -n`:`pwd`"
+-# Reproducible builds set SOURCE_DATE_EPOCH, want constant strings
+-if [ -n "${SOURCE_DATE_EPOCH}" ]; then
+-   WHOWHERE="openldap"
+-else
+-   WHOWHERE="$USER@$(uname -n):$(pwd)"
+-fi
  
  cat << __EOF__
  /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
-@@ -72,7 +71,6 @@ static const char copyright[] =
+@@ -77,7 +71,6 @@ static const char copyright[] =
  "COPYING RESTRICTIONS APPLY\n";
  
  $static $const char $SYMBOL[] =

libs/openldap/patches/800-openssl-deprecated.patch

@@ -1,26 +0,0 @@
-From d7a778004b0e0c7453075f1c7d429537162df436 Mon Sep 17 00:00:00 2001
-From: Howard Chu <hyc@openldap.org>
-Date: Fri, 21 Sep 2018 18:41:20 +0100
-Subject: [PATCH] ITS#8809 add missing includes
-
----
- libraries/libldap/tls_o.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/libraries/libldap/tls_o.c b/libraries/libldap/tls_o.c
-index 010f311d7..99626ec15 100644
---- a/libraries/libldap/tls_o.c
-+++ b/libraries/libldap/tls_o.c
-@@ -43,6 +43,9 @@
- #include <openssl/err.h>
- #include <openssl/rand.h>
- #include <openssl/safestack.h>
-+#include <openssl/bn.h>
-+#include <openssl/rsa.h>
-+#include <openssl/dh.h>
- #elif defined( HAVE_SSL_H )
- #include <ssl.h>
- #endif
--- 
-2.19.1
-

libs/openldap/patches/901-reduce-slapd-default-mem-usage.patch

@@ -0,0 +1,11 @@
+--- a/servers/slapd/slapd.conf
++++ b/servers/slapd/slapd.conf
+@@ -50,7 +50,7 @@ argsfile	%LOCALSTATEDIR%/run/slapd.args
+ #######################################################################
+ 
+ database	mdb
+-maxsize		1073741824
++maxsize		8388608
+ suffix		"dc=my-domain,dc=com"
+ rootdn		"cn=Manager,dc=my-domain,dc=com"
+ # Cleartext passwords, especially for the rootdn, should