new file mode 100644
@@ -0,0 +1,44 @@
+From 0205e83f4670d10ad3c6ae4b8fc5ec1d0c7020c0 Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Sat, 7 Sep 2013 09:39:24 -0700
+Subject: [PATCH] ITS#7430 GnuTLS: Avoid use of deprecated function
+
+Upstream-status: Backport
+
+---
+ libraries/libldap/tls_g.c | 12 ++++++++++++
+ 1 files changed, 12 insertions(+), 0 deletions(-)
+
+diff --git a/libraries/libldap/tls_g.c b/libraries/libldap/tls_g.c
+index 9acffaf..c793828 100644
+--- a/libraries/libldap/tls_g.c
++++ b/libraries/libldap/tls_g.c
+@@ -368,6 +368,17 @@ tlsg_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
+ * then we have to build the cert chain.
+ */
+ if ( max == 1 && !gnutls_x509_crt_check_issuer( certs[0], certs[0] )) {
++#if GNUTLS_VERSION_NUMBER >= 0x020c00
++ unsigned int i;
++ for ( i = 1; i<VERIFY_DEPTH; i++ ) {
++ if ( gnutls_certificate_get_issuer( ctx->cred, certs[i-1], &certs[i], 0 ))
++ break;
++ max++;
++ /* If this CA is self-signed, we're done */
++ if ( gnutls_x509_crt_check_issuer( certs[i], certs[i] ))
++ break;
++ }
++#else
+ gnutls_x509_crt_t *cas;
+ unsigned int i, j, ncas;
+
+@@ -387,6 +398,7 @@ tlsg_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
+ if ( j == ncas )
+ break;
+ }
++#endif
+ }
+ rc = gnutls_certificate_set_x509_key( ctx->cred, certs, max, key );
+ if ( rc ) return -1;
+--
+1.7.4.2
+
new file mode 100644
@@ -0,0 +1,17 @@
+From http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/net-nds/openldap/files/
+
+Upstream-status: Unknown
+
+--
+
+--- openldap-2.4.28/configure.in.orig 2012-02-11 22:40:36.004360795 +0000
++++ openldap-2.4.28/configure.in 2012-02-11 22:40:13.410986851 +0000
+@@ -1214,7 +1214,7 @@
+ ol_with_tls=gnutls
+ ol_link_tls=yes
+
+- TLS_LIBS="-lgnutls"
++ TLS_LIBS="-lgnutls -lgcrypt"
+
+ AC_DEFINE(HAVE_GNUTLS, 1,
+ [define if you have GNUtls])
@@ -16,6 +16,8 @@ LDAP_VER = "${@'.'.join(d.getVar('PV',1).split('.')[0:2])}"
SRC_URI = "ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz \
file://openldap-m4-pthread.patch \
file://kill-icu.patch \
+ file://0205e83f4670d10ad3c6ae4b8fc5ec1d0c7020c0.patch \
+ file://openldap-2.4.28-gnutls-gcrypt.patch \
file://initscript \
"
SRC_URI[md5sum] = "90150b8c0d0192e10b30157e68844ddf"
@@ -48,7 +50,7 @@ PACKAGECONFIG ??= "gnutls modules \
ldap meta monitor null passwd shell proxycache dnssrv \
"
#--with-tls with TLS/SSL support auto|openssl|gnutls [auto]
-PACKAGECONFIG[gnutls] = "--with-tls=gnutls,,gnutls"
+PACKAGECONFIG[gnutls] = "--with-tls=gnutls,,gnutls libgcrypt"
PACKAGECONFIG[openssl] = "--with-tls=openssl,,openssl"
PACKAGECONFIG[sasl] = "--with-cyrus-sasl,--without-cyrus-sasl,cyrus-sasl"
OE-core update from gnutls2 to gnutls3, openldap needs patches to cope with that. Also add libgcrypt to DEPENDS since openldap links against it directly now instead of through gnutls. Signed-off-by: Koen Kooi <koen.kooi@linaro.org> --- .../0205e83f4670d10ad3c6ae4b8fc5ec1d0c7020c0.patch | 44 ++++++++++++++++++++++ .../openldap-2.4.28-gnutls-gcrypt.patch | 17 +++++++++ .../recipes-support/openldap/openldap_2.4.23.bb | 4 +- 3 files changed, 64 insertions(+), 1 deletion(-) create mode 100644 meta-oe/recipes-support/openldap/openldap-2.4.23/0205e83f4670d10ad3c6ae4b8fc5ec1d0c7020c0.patch create mode 100644 meta-oe/recipes-support/openldap/openldap-2.4.23/openldap-2.4.28-gnutls-gcrypt.patch