openldap: update to 2.6.6

[klarasm]

The 2.4 branch is not maintained anymore and I don't know if there's much advantage to going to 2.5 instead of 2.6

Some shared libraries have changed name so this updates common/shlibs.

As this is a major update the ldap database should be backed up and recreated as per https://www.openldap.org/doc/admin26/maintenance.html

Testing the changes

• I tested the changes in this PR: YES (mainly openldap, mit-krb5 and cyrus-sasl)
• I haven't tested the revbumped packages that much, other than building with their test suite

I have upgraded my ldap setup to this version. It's not very complicated so may not be great for coverage.
Basically:

• two nodes, with normal syncrepl and gssapi/kerberos for authentication
• the ldap directory is used as database backend for my kerberos setup
• I have a few machines setup with kerberos for authentication and ldap as id provider (some with sssd and some with nslcd)

This PR should not be merged before:

• log4cxx-1.0.0 log4cxx: update to 1.0.0 #42632
• mit-krb5 1.20.1 mit-krb5: update to 1.20.1 #42633
• python3-ldap-3.4.3 python3-ldap: update to 3.4.3 #42634
• apr-util-1.6.3 apr-util: update to 1.6.3 #42636 (change in libtool resulted in cross-compilation failure)
• virtuoso-7.2.9 virtuoso: update to 7.2.10 #42666 (probably not critical, tests are already failing on master branch)
• apache-2.4.56 apache: Update to 2.4.56 #43108 (same failure as in apr-util)

[ci skip] again.

Local build testing

(updated 2023-08-23)

I built this PR locally for my native architecture, (x86_64-glibc):

• Build failures:
  • alpine (already failing on master branch)
• Test suite errors:
  • anjuta (already failing on master branch)

I built this PR locally for my native architecture, (x86_64-musl):

• Build failures:
  • sssd (does not support musl)
  • alpine (already failing on master branch)
• Test suite errors:
  • anjuta (already failing on master branch)
  • audit (already failing on master branch)
  • dovecot (already failing on master branch)
  • nss-pam-ldapd (musl does not support nsswitch)

Crossbuilds

• aarch64-musl, build failures:
  • alpine (already failing on master branch)
  • sssd (does not support musl)
  • packages not supporting cross-compilation:
    • FreeRADIUS
    • libreoffice
    • virtuoso
    • x2goclient
• armv7l, build failures:
  • alpine (already failing on master branch)
  • packages not supporting cross-compilation:
    • FreeRADIUS
    • libreoffice
    • virtuoso
    • x2goclient
• armv6l-musl, build-failures:
  • alpine (already failing on master branch)
  • sssd (does not support musl)
  • packages not supporting cross-compilation:
    • FreeRADIUS
    • libreoffice
    • virtuoso
    • x2goclient

[klarasm]

Turns out test079 fails because arguments after the filter for ldapsearch seem to be ignored on musl. Added a patch that moves the filter last.

[klarasm]

The test suite for mit-krb5 seems to fail now instead. That package is out of date as well. May try to update it and see if it solves the problem.

[klarasm]

Still lacking a few revbumps. Will look into them later.

[klarasm]

That should be most revbumps. Now to see about build testing.

[klarasm]

Fix some build issues. Still have failures in anjuta, log4cxx and virtuoso.

[klarasm]

Fix log4cxx build issue.

[klarasm]

Fixed anjuta build issue.

[klarasm]

Managed to get newest version of virtuoso to build but it still fails the test suite.

[klarasm]

The test suite for vitruoso was failing due to missing checkdepends...
That was probably the cause on the previous version as well.

All revbumped or updated packages now complete their test suite if they have one on x86_64-glibc. I'm going to run this on x86_64-musl as well but it will take longer as that machine is a lot less powerful.

[klarasm]

On x86_64-musl tests fail for audit, dovecot-plugin-pigeonhole, dovecot, evolution-data-server, evolution and nss-pam-ldapd.
Additionally sssd fails to build.

nss-pam-ldapd and sssd are expected as musl lacks support for nsswitch.

On dovecot and dovecot-plugin-pigeonhole a single test fails:

test-common.c:245: Assert failed: suppress == TRUE
Error: mmap_anon(.test_file_cache, 4096) failed: Out of memory
test-common.c:245: Assert failed: suppress == TRUE
Error: mremap_anon(.test_file_cache, 8192) failed: Out of memory
file_cache_errors .................................................... : FAILED

audit fails in auparse test:

make[4]: Entering directory '/builddir/audit-3.0.3/auparse/test'
test "../.." = "../.." || \
                cp ../../auparse/test/test*.log .
LC_ALL=C \
./auparse_test > auparse_test.cur
Config file /etc/audit/auditd.conf doesn't exist, skipping
make[4]: *** [Makefile:709: check-local] Error 1
make[4]: Leaving directory '/builddir/audit-3.0.3/auparse/test'
make[3]: *** [Makefile:580: check-am] Error 2
make[3]: Leaving directory '/builddir/audit-3.0.3/auparse/test'
make[2]: *** [Makefile:2040: check-recursive] Error 1
make[2]: Leaving directory '/builddir/audit-3.0.3/auparse'
make[1]: *** [Makefile:2192: check] Error 2
make[1]: Leaving directory '/builddir/audit-3.0.3/auparse'
make: *** [Makefile:467: check-recursive] Error 1
=> ERROR: audit-3.0.3_5: do_check: '${make_check_pre} ${make_cmd} ${makejobs} ${make_check_args} ${make_check_target}' exited with 2
=> ERROR:   in do_check() at common/build-style/gnu-configure.sh:33

For evolution and evolution-data-server a bunch of tests fail with similar output to:

      Start  2: test-ebook-get-contact                                                                                                                         
 2/90 Test  #2: test-ebook-get-contact ....................SIGTRAP***Exception:   2.58 sec                                                                     
# random seed: R02Sd090595520940fe58d9ab8434502e157                                                                                                            
1..2                                                                                                                                                           
# Start of EBook tests                                                                                                                                         
# Start of GetContact tests                                                                                                                                    
# GLib-GIO-DEBUG: _g_io_module_get_default: Found default implementation memory (GMemorySettingsBackend) for *gsettings-backend*                               
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)                                               
dbus-daemon[30863]: [session uid=1000 pid=30863] Activating service name='org.gnome.evolution.dataserver.Sources5' requested by ':1.0' (uid=1000 pid=30861 comm
="/builddir/evolution-data-server-3.46.3/build/tests")                                                                                                         
dbus-daemon[30863]: [session uid=1000 pid=30863] Successfully activated service 'org.gnome.evolution.dataserver.Sources5'                                      
dbus-daemon[30863]: [session uid=1000 pid=30863] Activating service name='org.gnome.evolution.dataserver.AddressBook10' requested by ':1.0' (uid=1000 pid=30861
 comm="/builddir/evolution-data-server-3.46.3/build/tests")                                                                                                    
dbus-daemon[30863]: [session uid=1000 pid=30863] Successfully activated service 'org.gnome.evolution.dataserver.AddressBook10'                                 
Bail out! e-test-server-utils-FATAL-ERROR: Unable to create the test book: Message recipient disconnected from message bus without replying                    
                                                                                                                                                               
(/builddir/evolution-data-server-3.46.3/build/tests/libebook/test-ebook-get-contact:30861): e-test-server-utils-ERROR **: 10:03:46.504: Unable to create the te
st book: Message recipient disconnected from message bus without replying                                                                                      
cleaning up pid 30863                                                                                                                                          

audit.log
dovecot.log
dovecot-plugin-pigeonhole.log
evolution.log
evolution-data-server.log

[klarasm]

Did some tests on the master branch and x86_64-musl.
audit, dovecot and evloution-data-server already fails so those may not be related to this PR.
evolution did not find any test for some reason and thus passed.

When I looked closer on dovecot-plugin-pigeonhole it fails in this PR because it couldn't build dovecot as the test suite is failing. If I build dovecot first without checks dovecot-plugin-pigeonhole it succeeds with the commits in this PR.

Updated log for dovecot pigeonhole in this PR:
dovecot-plugin-pigeonhole.log

Logs from builds on master branch:
audit.log
dovecot.log
dovecot-plugin-pigeonhole.log
evolution.log
evolution-data-server.log

So from what I can see there are no new failures caused by this PR. I'll do some more crossbuilds but I think after that this PR is starting to be ready.

Regarding the backup/restore of the ldap database, should that be notified on upgrade? Skipping this step can potentially corrupt the database but I guess anyone using openldap in server mode should be aware of that and have periodic backups anyway but I don't know if that's something we can depend on.

[klarasm]

I feel confident enough about the changes that I will mark this as ready. Please tell me if there's any other testing or changes that should be done.

[dkwo]

Do you mind checking that these build with openssl 3?
If not, I can do it, but I think squid may need update to 5.7 to work.
#37681

[dkwo]

See #42054
I'll close it if you prefer to do it here.

[klarasm]

I'll give openssl 3 a go. I don't mind you updating squid in the separate PR, but will pull in that as well in my testing. This will probably take longer to merge than your PR.

[ghost]

sssd is already faulty as is.

I was trying to update it in #40846, but I have no means to test it since I have nothing to set it up for.

[klarasm]

sssd is already faulty as is.

I was trying to update it in #40846, but I have no means to test it since I have nothing to set it up for.

sssd will probably not work on musl as musl lacks native support for nsswitch. There is musl-nscd that implements this via nscd but I haven't been able to get that to work when I tried it earlier.
Maybe sssd could be patched so only the pam portion gets built but that would limit the functionality of it. At that point it's probably better to use them pam portion of nss-pam-ldapd or pam-krb5.

I could spin up a void linux machine with glibc to test sssd though.

[klarasm]

Seems I somehow dropped evolution-data-server when rebasing, sorry about that.