Hello community, here is the log from the commit of package nss_ldap.1267 for openSUSE:12.3:Update checked in at 2013-01-31 16:10:59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.3:Update/nss_ldap.1267 (Old) and /work/SRC/openSUSE:12.3:Update/.nss_ldap.1267.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nss_ldap.1267", Maintainer is "" Changes: -------- New Changes file: --- /dev/null 2013-01-09 19:40:42.352580873 +0100 +++ /work/SRC/openSUSE:12.3:Update/.nss_ldap.1267.new/nss_ldap.changes 2013-01-31 16:11:01.000000000 +0100 @@ -0,0 +1,517 @@ +------------------------------------------------------------------- +Mon Jan 28 12:46:47 UTC 2013 - [email protected] + +- Fix segfault when using with glibc-2.16 and linking with pthread. + * adds patches: + nss_ldap-265-glibc-2.16.patch (PADL-Bug#445) + nss_ldap-265-pthread.patch (PADL-Bug#446) + +------------------------------------------------------------------- +Thu Oct 18 19:58:57 UTC 2012 - [email protected] + +- fix build with possix correctly set (added to nss_ldap.dif) + +------------------------------------------------------------------- +Wed Dec 21 10:31:41 UTC 2011 - [email protected] + +- remove call to suse_update_config (very old work around) + +------------------------------------------------------------------- +Fri Dec 2 15:56:43 UTC 2011 - [email protected] + +- add automake as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Fri Oct 28 10:19:49 UTC 2011 - [email protected] + +- Entries with invalid (or too large) uidNumber/gidNumber attributes + could crash nss_ldap (bnc#726393) + +------------------------------------------------------------------- +Mon Jan 17 16:45:05 UTC 2011 - [email protected] + +- A memory leak in nss_ldap could lead to processes (e.g. nscd) + growing extremely large (bnc#659100, PADL-Bug#418) +- nss_ldap didn't try to reconnect properly when the LDAP + connection was lost between two getXXent() calls + (bnc#662752, PADL-Bug#215) + +------------------------------------------------------------------- +Mon Feb 1 12:10:16 UTC 2010 - [email protected] + +- Package baselibs.conf + +------------------------------------------------------------------- +Tue Dec 15 16:02:26 UTC 2009 - [email protected] + +- Update to nss_ldap-265. From the changelog: + * fix for PADL-Bug#132: add versioning information to binary + * fix for PADL-Bug#403: add AM_MAINTAINER_MODE + * fix for PADL-Bug#388: bad LDAP query for ether lookups + * fix for PADL-Bug#391: clarify bind timelimit defaults + in ldap.conf + * fix for PADL-Bug#392: call do_close() if ldap_result() + or ldap_parse_result() fails (before returning + NSS_UNAVAIL) + * fix for PADL-Bug#409: deallocate context in + _nss_ldap_ent_context_release() to avoid bad usage + * fix for PADL-Bug#410: don't leak file descriptors in + _nss_ldap_readconfig + +------------------------------------------------------------------- +Thu Jun 25 12:53:32 CEST 2009 - [email protected] + +- Supplement glibc-32bit/glibc-64bit in baselibs.conf (bnc#354164). + +------------------------------------------------------------------- +Tue May 19 09:16:41 CEST 2009 - [email protected] + +- updated to nss_ldap-264. From the changelog: + * fix for PADL-Bug#378: MAP_H_ERRNO() should map NSS_TRYAGAIN + to NETDB_INTERNAL not TRY_AGAIN + * fix for PADL-Bug#379: ldaps:// URIs only work if "ssl on" + is set + * fix for PADL-Bug#248: nss_ldap exposes malformed entries to the + system + * fix for PADL-Bug#374: nss_ldap returns success from setnetgrent() + when the requested netgroup doesn't exist + * fix for PADL-Bug#376: getXXent() only returns NULL once before + implicitly calling setXXent(), whereas other backends continue + to return NULL + +------------------------------------------------------------------- +Wed Jan 7 12:34:56 CET 2009 - [email protected] + +- obsolete old -XXbit packages (bnc#437293) + +------------------------------------------------------------------- +Tue Oct 28 16:00:52 CET 2008 - [email protected] + +- Only set default port when "port" directive is present in + /etc/ldap.conf or when "ssl on" is set. (bnc#439449) +- Apply "tls_*" options when "ldaps" URI are used (bnc#439449) + +------------------------------------------------------------------- +Thu Aug 28 12:09:41 CEST 2008 - [email protected] + +- Update to nss_ldap-262, fixes a minor bug in the default + config file (PADL-Bug#371) and a build issue on Solaris + (PADL-Bug#370) + +------------------------------------------------------------------- +Thu Apr 10 12:54:45 CEST 2008 - [email protected] + +- added baselibs.conf file to build xxbit packages + for multilib support + +------------------------------------------------------------------- +Tue Mar 4 11:15:23 CET 2008 - [email protected] + +- Update to nss_ldap-260: + * only set errno for NSS_TRYAGAIN (bnc#366587) +- removed obsolete sigset.dif patch + +------------------------------------------------------------------- +Thu Nov 8 16:22:27 CET 2007 - [email protected] + +- Fixed pre-requires + +------------------------------------------------------------------- +Mon Oct 29 17:01:43 CET 2007 - [email protected] + +- Update to nss_ldap-259 + * fix for BUG#348: fix memory leak + * fix for BUG#349: nss_ldap crashes after START_TLS timeout + (assertion failure in libldap) + * fix for BUG#350: assertion failure in ldap_result (called + from do_result()) + * fix for BUG#351: double ldap_msgfree() + +------------------------------------------------------------------- +Thu Oct 18 14:21:33 CEST 2007 - [email protected] + +- Update to nss_ldap-258 + * fix for PADL-Bug#343: nss_srv_domain should take a domain + not a record + * fix for PADL-Bug#339: replacement code for Kerbeors + SASL operations + * fix for PADL-Bug#338: nss_ldap constructs LDAP URIs + incorrectly + * fix for PADL-Bug#337: configure fails to detect resolver + functions + * fix for PADL-Bug#332: --enable-schema-mapping incorrectly + maps pw_change + * fix for PADL-Bug#293: add nss_getgrent_skipmembers + parameter to ldap.conf, if enabled will not request + member attributes for group lookups, greatly increasing + performance for large groups + +------------------------------------------------------------------- +Fri Aug 3 09:11:05 CEST 2007 - [email protected] + +- Update to nss_ldap-257. (Just includes the fix for Bug #294456) + +------------------------------------------------------------------- +Mon Jul 30 12:23:10 CEST 2007 - [email protected] + +- Ignore SIGPIPE in atfork-Handlers (Bug #294456) +- Removed *.so link + +------------------------------------------------------------------- +Fri Jul 6 14:36:15 CEST 2007 - [email protected] + +- Fix URI generation when looking up LDAP Server via SRV records +- Update to nss_ldap-256 + * patch from Tomas Janousek <[email protected]> to check for + pthread_once(); __pthread_once does not imply __pthread_atfork + being non-NULL + * fix for BUG#315: memory corruption/crash in initgroups parsing +------------------------------------------------------------------- +Mon Mar 5 12:17:41 CET 2007 - [email protected] + +- Update to nss_ldap-255 + * fix for PADL-Bug#304: fd leak in do_close_no_unbind + * patch from Adrian Bridgett <[email protected]> + for Debian BUG#375533: Assertion failure in libnss-ldap + +------------------------------------------------------------------- +Thu Mar 1 15:00:54 CET 2007 - [email protected] + +- nss_ldap could crash when no host or uri is configured in + /etc/ldap.conf or DNS (Bug #248594) + +------------------------------------------------------------------- +Tue Jan 30 14:12:23 CET 2007 - [email protected] + +- Apply the "port" directive correctly if present in ldap.conf + (Bug #224879) + +------------------------------------------------------------------- +Mon Jan 15 14:35:57 CET 2007 - [email protected] + +- Update to nss_ldap-254 + * fix for BUG#292: array bounds check in ldap-network.c + * fix for BUG#296: fix stack buffer optimization + * fix for BUG#297: gethostbyname2 queried with AF_INET6 returns + OK with IPv4 address + * fix for Novell BUG#215911: crasher parsing nested groups ++++ 320 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.3:Update/.nss_ldap.1267.new/nss_ldap.changes New: ---- README.SuSE baselibs.conf group-utf8.dif nss_ldap-265-glibc-2.16.patch nss_ldap-265-pthread.patch nss_ldap-265.tar.bz2 nss_ldap-getent-retry.dif nss_ldap-getent-skip-invalid-uidgidnumber.dif nss_ldap-ldapconn-leak-bug418.dif nss_ldap.changes nss_ldap.dif nss_ldap.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nss_ldap.spec ++++++ # # spec file for package nss_ldap # # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: nss_ldap BuildRequires: automake BuildRequires: db-devel BuildRequires: krb5-devel BuildRequires: openldap2-devel PreReq: sed coreutils /usr/bin/grep /bin/mktemp # bug437293 %ifarch ppc64 Obsoletes: nss_ldap-64bit %endif # Version: 265 Release: 0 Summary: NSS LDAP Module License: LGPL-2.1+ Group: Productivity/Networking/LDAP/Clients Url: http://www.padl.com/OSS/nss_ldap.html Source: nss_ldap-%{version}.tar.bz2 Source1: README.SuSE Source2: baselibs.conf Patch: nss_ldap.dif Patch1: group-utf8.dif Patch2: nss_ldap-ldapconn-leak-bug418.dif Patch3: nss_ldap-getent-retry.dif Patch4: nss_ldap-getent-skip-invalid-uidgidnumber.dif # Upstream issue with glibc-2.16 http://bugzilla.padl.com/show_bug.cgi?id=445 Patch5: nss_ldap-265-glibc-2.16.patch # Fix also issue with threads on glibc-2.16 http://bugzilla.padl.com/show_bug.cgi?id=446 Patch6: nss_ldap-265-pthread.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description Nss_ldap is a glibc NSS module that allows X.500 and LDAP directory servers to be used as a primary source of aliases, ethers, groups, hosts, networks, protocol, users, RPCs, services, and shadow passwords (instead of or in addition to using flat files or NIS). %prep %setup -q %patch -p1 %patch1 -p1 %patch2 -p1 %patch3 -p1 %patch4 -p1 %patch5 %patch6 cp -v %{S:1} . %build autoreconf CFLAGS="$RPM_OPT_FLAGS" \ CPPFLAGS="-I/usr/include/sasl -DINET6" \ ./configure --prefix=/usr \ --mandir=%{_mandir} \ --enable-rfc2307bis \ --enable-schema-mapping \ --enable-xad \ --enable-paged-results \ --enable-configurable-krb5-ccname-gssapi \ --libdir=%{_libdir} \ --sysconfdir=/etc \ --x-libraries=/usr/X11R6/%{_lib} make %install mkdir -p $RPM_BUILD_ROOT/%{_lib} mkdir -p $RPM_BUILD_ROOT%{_libdir} install -m 755 nss_ldap.so $RPM_BUILD_ROOT/%{_lib}/libnss_ldap.so.2 make DESTDIR=$RPM_BUILD_ROOT install-man %clean rm -fr $RPM_BUILD_ROOT %post /sbin/ldconfig if [ ${1:-0} -gt 1 ] ; then if ! /usr/bin/grep -q ^bind_policy /etc/ldap.conf; then if grep -q -e ^#[[:space:]]\*bind_policy /etc/ldap.conf; then LDAP_ORIG=`mktemp /tmp/ldap.conf.XXXXXXXXXX` cp /etc/ldap.conf $LDAP_ORIG sed -e 's;^#[[:space:]]*bind_policy.*$;bind_policy soft;' \ $LDAP_ORIG > /etc/ldap.conf rm $LDAP_ORIG else echo -e "\n"\ "#Don't try forever if the LDAP server is not reacheable\n"\ "bind_policy soft" >> /etc/ldap.conf fi fi fi %postun -p /sbin/ldconfig %files %defattr(-,root,root) %doc ANNOUNCE AUTHORS COPYING ChangeLog NEWS README README.SuSE nsswitch.ldap ldap.conf doc/README.paged /%{_lib}/libnss_ldap.so.2 %doc %{_mandir}/man5/nss_ldap.5* %changelog ++++++ README.SuSE ++++++ To use the nss_ldap module, you need to do the following: Edit /etc/nsswitch.conf and add the ldap service, or copy /usr/share/doc/packages/nss_ldap/nsswitch.ldap to /etc/nsswitch.config and edit it. If you don't have an /etc/ldap.conf file from another packages, copy /usr/doc/packages/nss_ldap/ldap.conf into the /etc/ directory and edit this configuration file. You can also use the YaST2 ldap module to configure a LDAP client. ++++++ baselibs.conf ++++++ nss_ldap supplements "packageand(nss_ldap:glibc-<targettype>)" ++++++ group-utf8.dif ++++++ Index: nss_ldap-265/ldap-grp.c =================================================================== --- nss_ldap-265.orig/ldap-grp.c +++ nss_ldap-265/ldap-grp.c @@ -591,8 +591,9 @@ _nss_ldap_parse_gr (LDAPMessage * e, 10); stat = - _nss_ldap_getrdnvalue (e, ATM (LM_GROUP, cn), &gr->gr_name, &buffer, + _nss_ldap_assign_attrval (e, ATM (LM_GROUP, cn), &gr->gr_name, &buffer, &buflen); + if (stat != NSS_SUCCESS) return stat; ++++++ nss_ldap-265-glibc-2.16.patch ++++++ --- ldap-nss.c.orig 2012-10-17 12:32:03.908730283 +0000 +++ ldap-nss.c 2012-10-17 12:38:10.906767283 +0000 @@ -148,7 +148,7 @@ */ static ldap_session_t __session = { NULL, NULL, 0, LS_UNINITIALIZED }; -#if defined(HAVE_PTHREAD_ATFORK) || defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H) +#if defined(HAVE_PTHREAD_ATFORK) || defined(HAVE___LIBC_ONCE) static pthread_once_t __once = PTHREAD_ONCE_INIT; #endif @@ -168,7 +168,7 @@ static int __ssl_initialized = 0; #endif /* HAVE_LDAPSSL_CLIENT_INIT */ -#if defined(HAVE_PTHREAD_ATFORK) || defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H) +#if defined(HAVE_PTHREAD_ATFORK) || defined(HAVE___LIBC_ONCE) /* * Prepare for fork(); lock mutex. */ @@ -519,7 +519,7 @@ } #endif /* HAVE_NSSWITCH_H */ -#if defined(HAVE_PTHREAD_ATFORK) || defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H) +#if defined(HAVE_PTHREAD_ATFORK) || defined(HAVE___LIBC_ONCE) static void do_atfork_prepare (void) { @@ -553,7 +553,7 @@ #ifdef HAVE_PTHREAD_ATFORK (void) pthread_atfork (do_atfork_prepare, do_atfork_parent, do_atfork_child); -#elif defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H) +#elif defined(HAVE___LIBC_ATFORK) (void) __libc_atfork (do_atfork_prepare, do_atfork_parent, do_atfork_child); #endif @@ -1119,7 +1119,7 @@ } #ifndef HAVE_PTHREAD_ATFORK -#if defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H) +#if defined(HAVE___LIBC_ONCE) /* * This bogosity is necessary because Linux uses different * PIDs for different threads (like IRIX, which we don't @@ -1151,7 +1151,7 @@ pid = -1; /* linked against libpthreads, don't care */ #else pid = getpid (); -#endif /* HAVE_LIBC_LOCK_H || HAVE_BITS_LIBC_LOCK_H */ +#endif /* HAVE___LIBC_ONCE */ #endif /* HAVE_PTHREAD_ATFORK */ euid = geteuid (); @@ -1161,7 +1161,7 @@ syslog (LOG_DEBUG, "nss_ldap: __session.ls_state=%d, __session.ls_conn=%p, __euid=%i, euid=%i", __session.ls_state, __session.ls_conn, __euid, euid); -#elif defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H) +#elif defined(HAVE___LIBC_ONCE) syslog (LOG_DEBUG, "nss_ldap: libpthreads=%s, __session.ls_state=%d, __session.ls_conn=%p, __pid=%i, pid=%i, __euid=%i, euid=%i", ((__pthread_once == NULL || __pthread_atfork == NULL) ? "FALSE" : "TRUE"), @@ -1185,11 +1185,11 @@ } else #ifndef HAVE_PTHREAD_ATFORK -#if defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H) +#if defined(HAVE___LIBC_ONCE) if ((__pthread_once == NULL || __pthread_atfork == NULL) && __pid != pid) #else if (__pid != pid) -#endif /* HAVE_LIBC_LOCK_H || HAVE_BITS_LIBC_LOCK_H */ +#endif /* HAVE___LIBC_ONCE */ { do_close_no_unbind (); } @@ -1250,9 +1250,9 @@ debug ("<== do_init (pthread_once failed)"); return NSS_UNAVAIL; } -#elif defined(HAVE_PTHREAD_ATFORK) && ( defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H) ) +#elif defined(HAVE_PTHREAD_ATFORK) && defined(HAVE___LIBC_ONCE) __libc_once (__once, do_atfork_setup); -#elif defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H) +#elif defined(HAVE___LIBC_ONCE) /* * Only install the pthread_atfork() handlers i * we are linked against libpthreads. Otherwise, --- ldap-nss.h.orig 2012-10-17 12:33:05.681379283 +0000 +++ ldap-nss.h 2012-10-17 12:34:06.337050753 +0000 @@ -671,7 +671,7 @@ #define NSS_LDAP_LOCK(m) mutex_lock(&m) #define NSS_LDAP_UNLOCK(m) mutex_unlock(&m) #define NSS_LDAP_DEFINE_LOCK(m) static mutex_t m = DEFAULTMUTEX -#elif defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H) +#elif defined(HAVE___LIBC_LOCK_LOCK) && defined(HAVE___LIBC_LOCK_UNLOCK) #define NSS_LDAP_LOCK(m) __libc_lock_lock(m) #define NSS_LDAP_UNLOCK(m) __libc_lock_unlock(m) #define NSS_LDAP_DEFINE_LOCK(m) static pthread_mutex_t m = PTHREAD_MUTEX_INITIALIZER --- ldap-nss.c.orig 2012-10-17 12:58:20.270783283 +0000 +++ ldap-nss.c 2012-10-17 12:58:43.699267283 +0000 @@ -156,7 +156,7 @@ static FILE *__debugfile; #endif /* LBER_OPT_LOG_PRINT_FILE */ -#ifndef HAVE_PTHREAD_ATFORK +#if !defined(HAVE_PTHREAD_ATFORK) || !defined(HAVE___LIBC_ONCE) /* * Process ID that opened the session. */ --- configure.in.orig 2012-10-17 12:59:31.707235283 +0000 +++ configure.in 2012-10-17 13:00:15.854289283 +0000 @@ -255,6 +255,7 @@ AC_CHECK_FUNCS(pthread_once) AC_CHECK_FUNCS(ether_aton) AC_CHECK_FUNCS(ether_ntoa) +AC_CHECK_FUNCS(__libc_once __libc_atfork __libc_lock_lock __libc_lock_unlock) AC_MSG_CHECKING(for struct ether_addr) AC_TRY_COMPILE([#include <sys/types.h> --- ldap-nss.c.orig 2012-10-17 13:02:01.418010283 +0000 +++ ldap-nss.c 2012-10-17 13:03:25.017240283 +0000 @@ -1102,7 +1102,7 @@ do_init (void) { ldap_config_t *cfg; -#ifndef HAVE_PTHREAD_ATFORK +#if !defined(HAVE_PTHREAD_ATFORK) || !defined(HAVE___LIBC_ONCE) pid_t pid; #endif uid_t euid; ++++++ nss_ldap-265-pthread.patch ++++++ --- configure.in.orig 2012-10-17 13:32:35.894846283 +0000 +++ configure.in 2012-10-17 13:35:29.334105697 +0000 @@ -1,6 +1,7 @@ AC_INIT(ldap-nss.c) AC_CANONICAL_SYSTEM AC_PREFIX_DEFAULT() +AC_CONFIG_MACRO_DIR([m4]) AM_INIT_AUTOMAKE(nss_ldap, 265) AM_CONFIG_HEADER(config.h) @@ -250,11 +251,17 @@ AC_CHECK_FUNCS(snprintf) AC_CHECK_FUNCS(gethostbyname) AC_CHECK_FUNCS(nsdispatch) +AC_CHECK_FUNCS(ether_aton) +AC_CHECK_FUNCS(ether_ntoa) + +AX_PTHREAD +LIBS="$PTHREAD_LIBS $LIBS" +CFLAGS="$CFLAGS $PTHREAD_CFLAGS" +CC="$PTHREAD_CC" + AC_CHECK_LIB(pthread_nonshared, main) AC_CHECK_FUNCS(pthread_atfork) AC_CHECK_FUNCS(pthread_once) -AC_CHECK_FUNCS(ether_aton) -AC_CHECK_FUNCS(ether_ntoa) AC_CHECK_FUNCS(__libc_once __libc_atfork __libc_lock_lock __libc_lock_unlock) AC_MSG_CHECKING(for struct ether_addr) --- /dev/null 2012-10-15 13:43:01.683577607 +0000 +++ m4/ax_pthread.m4 2012-10-17 13:34:51.918922283 +0000 @@ -0,0 +1,309 @@ +# =========================================================================== +# http://www.gnu.org/software/autoconf-archive/ax_pthread.html +# =========================================================================== +# +# SYNOPSIS +# +# AX_PTHREAD([ACTION-IF-FOUND[, ACTION-IF-NOT-FOUND]]) +# +# DESCRIPTION +# +# This macro figures out how to build C programs using POSIX threads. It +# sets the PTHREAD_LIBS output variable to the threads library and linker +# flags, and the PTHREAD_CFLAGS output variable to any special C compiler +# flags that are needed. (The user can also force certain compiler +# flags/libs to be tested by setting these environment variables.) +# +# Also sets PTHREAD_CC to any special C compiler that is needed for +# multi-threaded programs (defaults to the value of CC otherwise). (This +# is necessary on AIX to use the special cc_r compiler alias.) +# +# NOTE: You are assumed to not only compile your program with these flags, +# but also link it with them as well. e.g. you should link with +# $PTHREAD_CC $CFLAGS $PTHREAD_CFLAGS $LDFLAGS ... $PTHREAD_LIBS $LIBS +# +# If you are only building threads programs, you may wish to use these +# variables in your default LIBS, CFLAGS, and CC: +# +# LIBS="$PTHREAD_LIBS $LIBS" +# CFLAGS="$CFLAGS $PTHREAD_CFLAGS" +# CC="$PTHREAD_CC" +# +# In addition, if the PTHREAD_CREATE_JOINABLE thread-attribute constant +# has a nonstandard name, defines PTHREAD_CREATE_JOINABLE to that name +# (e.g. PTHREAD_CREATE_UNDETACHED on AIX). +# +# Also HAVE_PTHREAD_PRIO_INHERIT is defined if pthread is found and the +# PTHREAD_PRIO_INHERIT symbol is defined when compiling with +# PTHREAD_CFLAGS. +# +# ACTION-IF-FOUND is a list of shell commands to run if a threads library +# is found, and ACTION-IF-NOT-FOUND is a list of commands to run it if it +# is not found. If ACTION-IF-FOUND is not specified, the default action +# will define HAVE_PTHREAD. +# +# Please let the authors know if this macro fails on any platform, or if +# you have any other suggestions or comments. This macro was based on work +# by SGJ on autoconf scripts for FFTW (http://www.fftw.org/) (with help +# from M. Frigo), as well as ac_pthread and hb_pthread macros posted by +# Alejandro Forero Cuervo to the autoconf macro repository. We are also +# grateful for the helpful feedback of numerous users. +# +# Updated for Autoconf 2.68 by Daniel Richard G. +# +# LICENSE +# +# Copyright (c) 2008 Steven G. Johnson <[email protected]> +# Copyright (c) 2011 Daniel Richard G. <[email protected]> +# +# This program is free software: you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation, either version 3 of the License, or (at your +# option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General +# Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program. If not, see <http://www.gnu.org/licenses/>. +# +# As a special exception, the respective Autoconf Macro's copyright owner +# gives unlimited permission to copy, distribute and modify the configure +# scripts that are the output of Autoconf when processing the Macro. You +# need not follow the terms of the GNU General Public License when using +# or distributing such scripts, even though portions of the text of the +# Macro appear in them. The GNU General Public License (GPL) does govern +# all other use of the material that constitutes the Autoconf Macro. +# +# This special exception to the GPL applies to versions of the Autoconf +# Macro released by the Autoconf Archive. When you make and distribute a +# modified version of the Autoconf Macro, you may extend this special +# exception to the GPL to apply to your modified version as well. + +#serial 18 + +AU_ALIAS([ACX_PTHREAD], [AX_PTHREAD]) +AC_DEFUN([AX_PTHREAD], [ +AC_REQUIRE([AC_CANONICAL_HOST]) +AC_LANG_PUSH([C]) +ax_pthread_ok=no + +# We used to check for pthread.h first, but this fails if pthread.h +# requires special compiler flags (e.g. on True64 or Sequent). +# It gets checked for in the link test anyway. + +# First of all, check if the user has set any of the PTHREAD_LIBS, +# etcetera environment variables, and if threads linking works using +# them: +if test x"$PTHREAD_LIBS$PTHREAD_CFLAGS" != x; then + save_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $PTHREAD_CFLAGS" + save_LIBS="$LIBS" + LIBS="$PTHREAD_LIBS $LIBS" + AC_MSG_CHECKING([for pthread_join in LIBS=$PTHREAD_LIBS with CFLAGS=$PTHREAD_CFLAGS]) + AC_TRY_LINK_FUNC(pthread_join, ax_pthread_ok=yes) + AC_MSG_RESULT($ax_pthread_ok) + if test x"$ax_pthread_ok" = xno; then + PTHREAD_LIBS="" + PTHREAD_CFLAGS="" + fi + LIBS="$save_LIBS" + CFLAGS="$save_CFLAGS" +fi + +# We must check for the threads library under a number of different +# names; the ordering is very important because some systems +# (e.g. DEC) have both -lpthread and -lpthreads, where one of the +# libraries is broken (non-POSIX). + +# Create a list of thread flags to try. Items starting with a "-" are +# C compiler flags, and other items are library names, except for "none" +# which indicates that we try without any flags at all, and "pthread-config" +# which is a program returning the flags for the Pth emulation library. + +ax_pthread_flags="pthreads none -Kthread -kthread lthread -pthread -pthreads -mthreads pthread --thread-safe -mt pthread-config" + +# The ordering *is* (sometimes) important. Some notes on the +# individual items follow: + +# pthreads: AIX (must check this before -lpthread) +# none: in case threads are in libc; should be tried before -Kthread and +# other compiler flags to prevent continual compiler warnings +# -Kthread: Sequent (threads in libc, but -Kthread needed for pthread.h) +# -kthread: FreeBSD kernel threads (preferred to -pthread since SMP-able) +# lthread: LinuxThreads port on FreeBSD (also preferred to -pthread) +# -pthread: Linux/gcc (kernel threads), BSD/gcc (userland threads) +# -pthreads: Solaris/gcc +# -mthreads: Mingw32/gcc, Lynx/gcc +# -mt: Sun Workshop C (may only link SunOS threads [-lthread], but it +# doesn't hurt to check since this sometimes defines pthreads too; +# also defines -D_REENTRANT) +# ... -mt is also the pthreads flag for HP/aCC +# pthread: Linux, etcetera +# --thread-safe: KAI C++ +# pthread-config: use pthread-config program (for GNU Pth library) + +case ${host_os} in + solaris*) + + # On Solaris (at least, for some versions), libc contains stubbed + # (non-functional) versions of the pthreads routines, so link-based + # tests will erroneously succeed. (We need to link with -pthreads/-mt/ + # -lpthread.) (The stubs are missing pthread_cleanup_push, or rather + # a function called by this macro, so we could check for that, but + # who knows whether they'll stub that too in a future libc.) So, + # we'll just look for -pthreads and -lpthread first: + + ax_pthread_flags="-pthreads pthread -mt -pthread $ax_pthread_flags" + ;; + + darwin*) + ax_pthread_flags="-pthread $ax_pthread_flags" + ;; +esac + +if test x"$ax_pthread_ok" = xno; then +for flag in $ax_pthread_flags; do + + case $flag in + none) + AC_MSG_CHECKING([whether pthreads work without any flags]) + ;; + + -*) + AC_MSG_CHECKING([whether pthreads work with $flag]) + PTHREAD_CFLAGS="$flag" + ;; + + pthread-config) + AC_CHECK_PROG(ax_pthread_config, pthread-config, yes, no) + if test x"$ax_pthread_config" = xno; then continue; fi + PTHREAD_CFLAGS="`pthread-config --cflags`" + PTHREAD_LIBS="`pthread-config --ldflags` `pthread-config --libs`" + ;; + + *) + AC_MSG_CHECKING([for the pthreads library -l$flag]) + PTHREAD_LIBS="-l$flag" + ;; + esac + + save_LIBS="$LIBS" + save_CFLAGS="$CFLAGS" + LIBS="$PTHREAD_LIBS $LIBS" + CFLAGS="$CFLAGS $PTHREAD_CFLAGS" + + # Check for various functions. We must include pthread.h, + # since some functions may be macros. (On the Sequent, we + # need a special flag -Kthread to make this header compile.) + # We check for pthread_join because it is in -lpthread on IRIX + # while pthread_create is in libc. We check for pthread_attr_init + # due to DEC craziness with -lpthreads. We check for + # pthread_cleanup_push because it is one of the few pthread + # functions on Solaris that doesn't have a non-functional libc stub. + # We try pthread_create on general principles. + AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <pthread.h> + static void routine(void *a) { a = 0; } + static void *start_routine(void *a) { return a; }], + [pthread_t th; pthread_attr_t attr; + pthread_create(&th, 0, start_routine, 0); + pthread_join(th, 0); + pthread_attr_init(&attr); + pthread_cleanup_push(routine, 0); + pthread_cleanup_pop(0) /* ; */])], + [ax_pthread_ok=yes], + []) + + LIBS="$save_LIBS" + CFLAGS="$save_CFLAGS" + + AC_MSG_RESULT($ax_pthread_ok) + if test "x$ax_pthread_ok" = xyes; then + break; + fi + + PTHREAD_LIBS="" + PTHREAD_CFLAGS="" +done +fi + +# Various other checks: +if test "x$ax_pthread_ok" = xyes; then + save_LIBS="$LIBS" + LIBS="$PTHREAD_LIBS $LIBS" + save_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $PTHREAD_CFLAGS" + + # Detect AIX lossage: JOINABLE attribute is called UNDETACHED. + AC_MSG_CHECKING([for joinable pthread attribute]) + attr_name=unknown + for attr in PTHREAD_CREATE_JOINABLE PTHREAD_CREATE_UNDETACHED; do + AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <pthread.h>], + [int attr = $attr; return attr /* ; */])], + [attr_name=$attr; break], + []) + done + AC_MSG_RESULT($attr_name) + if test "$attr_name" != PTHREAD_CREATE_JOINABLE; then + AC_DEFINE_UNQUOTED(PTHREAD_CREATE_JOINABLE, $attr_name, + [Define to necessary symbol if this constant + uses a non-standard name on your system.]) + fi + + AC_MSG_CHECKING([if more special flags are required for pthreads]) + flag=no + case ${host_os} in + aix* | freebsd* | darwin*) flag="-D_THREAD_SAFE";; + osf* | hpux*) flag="-D_REENTRANT";; + solaris*) + if test "$GCC" = "yes"; then + flag="-D_REENTRANT" + else + flag="-mt -D_REENTRANT" + fi + ;; + esac + AC_MSG_RESULT(${flag}) + if test "x$flag" != xno; then + PTHREAD_CFLAGS="$flag $PTHREAD_CFLAGS" + fi + + AC_CACHE_CHECK([for PTHREAD_PRIO_INHERIT], + ax_cv_PTHREAD_PRIO_INHERIT, [ + AC_LINK_IFELSE([ + AC_LANG_PROGRAM([[#include <pthread.h>]], [[int i = PTHREAD_PRIO_INHERIT;]])], + [ax_cv_PTHREAD_PRIO_INHERIT=yes], + [ax_cv_PTHREAD_PRIO_INHERIT=no]) + ]) + AS_IF([test "x$ax_cv_PTHREAD_PRIO_INHERIT" = "xyes"], + AC_DEFINE([HAVE_PTHREAD_PRIO_INHERIT], 1, [Have PTHREAD_PRIO_INHERIT.])) + + LIBS="$save_LIBS" + CFLAGS="$save_CFLAGS" + + # More AIX lossage: must compile with xlc_r or cc_r + if test x"$GCC" != xyes; then + AC_CHECK_PROGS(PTHREAD_CC, xlc_r cc_r, ${CC}) + else + PTHREAD_CC=$CC + fi +else + PTHREAD_CC="$CC" +fi + +AC_SUBST(PTHREAD_LIBS) +AC_SUBST(PTHREAD_CFLAGS) +AC_SUBST(PTHREAD_CC) + +# Finally, execute ACTION-IF-FOUND/ACTION-IF-NOT-FOUND: +if test x"$ax_pthread_ok" = xyes; then + ifelse([$1],,AC_DEFINE(HAVE_PTHREAD,1,[Define if you have POSIX threads libraries and header files.]),[$1]) + : +else + ax_pthread_ok=no + $2 +fi +AC_LANG_POP +])dnl AX_PTHREAD --- Makefile.am.orig 2012-10-17 13:36:27.310869710 +0000 +++ Makefile.am 2012-10-17 13:36:43.355515255 +0000 @@ -1,3 +1,5 @@ +ACLOCAL_AMFLAGS = -I m4 + if AIX authmod = NSS_LDAP else ++++++ nss_ldap-getent-retry.dif ++++++ bnc#662752, PADL#215 Index: nss_ldap-265/ldap-nss.c =================================================================== --- nss_ldap-265.orig/ldap-nss.c +++ nss_ldap-265/ldap-nss.c @@ -2033,6 +2033,7 @@ _nss_ldap_ent_context_init_locked (ent_c ctx->ec_msgid = -1; ctx->ec_sd = NULL; ctx->ec_eof = 0; + ctx->ec_ldaprc = 0; LS_INIT (ctx->ec_state); @@ -2067,6 +2068,7 @@ do_context_release (ent_context_t * ctx, ctx->ec_sd = NULL; ctx->ec_eof = 0; + ctx->ec_ldaprc = 0; LS_INIT (ctx->ec_state); @@ -2491,6 +2493,7 @@ do_result (ent_context_t * ctx, int all) syslog (LOG_ERR, "nss_ldap: could not get LDAP result - %s", ldap_err2string (rc)); do_close(); + ctx->ec_ldaprc = rc; stat = NSS_UNAVAIL; break; case LDAP_RES_SEARCH_ENTRY: @@ -3395,6 +3398,9 @@ _nss_ldap_getent_ex (ldap_args_t * args, const char **user_attrs, parser_t parser) { NSS_STATUS stat = NSS_SUCCESS; + int retry; + + retry = (__session.ls_state == LS_CONNECTED_TO_DSA ) ? 1 : 0; debug ("==> _nss_ldap_getent_ex"); @@ -3437,6 +3443,18 @@ next: stat = do_parse (*ctx, result, buffer, buflen, errnop, parser); + if (stat == NSS_UNAVAIL && retry && + ( ((*ctx)->ec_ldaprc == LDAP_UNAVAILABLE) || + ((*ctx)->ec_ldaprc == LDAP_SERVER_DOWN) ) + ) + { + retry = 0; + (*ctx)->ec_msgid = -1; + syslog (LOG_ERR, "nss_ldap: Server might have closed connection. Retrying."); + goto next; + } + + retry = 0; #ifdef HAVE_LDAP_SEARCH_EXT if (stat == NSS_NOTFOUND) { Index: nss_ldap-265/ldap-nss.h =================================================================== --- nss_ldap-265.orig/ldap-nss.h +++ nss_ldap-265/ldap-nss.h @@ -570,6 +570,7 @@ struct ent_context { ldap_state_t ec_state; /* eg. for services */ int ec_msgid; /* message ID */ + int ec_ldaprc; /* LDAP error code */ LDAPMessage *ec_res; /* result chain */ ldap_service_search_descriptor_t *ec_sd; /* current sd */ struct berval *ec_cookie; /* cookie for paged searches */ ++++++ nss_ldap-getent-skip-invalid-uidgidnumber.dif ++++++ Index: nss_ldap-265/ldap-pwd.c =================================================================== --- nss_ldap-265.orig/ldap-pwd.c +++ nss_ldap-265/ldap-pwd.c @@ -121,7 +121,17 @@ _nss_ldap_parse_pw (LDAPMessage * e, stat = _nss_ldap_assign_attrval (e, AT (uidNumber), &uid, &tmp, &tmplen); if (stat != NSS_SUCCESS) - return stat; + { + /* + * uidNumber is to large to fit into the fixed size tmpbuf buffer, + * handle this as if it was a Schema violation to skip this entry, + * such large ids aren't valid + */ + if ( stat == NSS_TRYAGAIN ) + stat = NSS_NOTFOUND; + return stat; + } + if (*uid == '\0') pw->pw_uid = UID_NOBODY; else @@ -138,7 +148,16 @@ _nss_ldap_parse_pw (LDAPMessage * e, _nss_ldap_assign_attrval (e, ATM (LM_PASSWD, gidNumber), &gid, &tmp, &tmplen); if (stat != NSS_SUCCESS) - return stat; + { + /* + * gidNumber is to large to fit into the fixed size tmpbuf buffer, + * handle this as if it was a Schema violation to skip this entry, + * such large ids aren't valid + */ + if ( stat == NSS_TRYAGAIN ) + stat = NSS_NOTFOUND; + return stat; + } if (*gid == '\0') pw->pw_gid = GID_NOBODY; else ++++++ nss_ldap-ldapconn-leak-bug418.dif ++++++ bnc#659100, PADL#418 Index: nss_ldap-265/ldap-nss.c =================================================================== --- nss_ldap-265.orig/ldap-nss.c +++ nss_ldap-265/ldap-nss.c @@ -1234,9 +1234,14 @@ do_init (void) } } - __session.ls_conn = NULL; + /* looks like a problem. could be initialized, but not connected */ + if (__session.ls_state != LS_UNINITIALIZED) + { + debug ("<== do_init (already initialized)"); + goto initialized; + } + __session.ls_timestamp = 0; - __session.ls_state = LS_UNINITIALIZED; #if defined(HAVE_PTHREAD_ONCE) && defined(HAVE_PTHREAD_ATFORK) if (pthread_once (&__once, do_atfork_setup) != 0) @@ -1356,6 +1361,7 @@ do_init (void) debug ("<== do_init (initialized session)"); +initialized: return NSS_SUCCESS; } @@ -1575,6 +1581,7 @@ do_open (void) } else { + syslog(LOG_ERR, "nss-ldap: do_open: do_start_tls failed:stat=%d", stat); do_close (); debug ("<== do_open (TLS startup failed)"); return stat; ++++++ nss_ldap.dif ++++++ Index: nss_ldap-265/ldap-nss.c =================================================================== --- nss_ldap-265.orig/ldap-nss.c +++ nss_ldap-265/ldap-nss.c @@ -2640,7 +2640,8 @@ do_with_reconnect (const char *base, int * If a soft reconnect policy is specified, then do not * try to reconnect to the LDAP server if it is down. */ - if (__session.ls_config->ldc_reconnect_pol == LP_RECONNECT_SOFT) + if ( (__session.ls_config->ldc_reconnect_pol == LP_RECONNECT_SOFT) && + ( tries > 0 ) ) hard = 0; ++tries; Index: nss_ldap-265/Makefile.am =================================================================== --- nss_ldap-265.orig/Makefile.am +++ nss_ldap-265/Makefile.am @@ -109,5 +109,5 @@ uninstall-local: @$(NORMAL_UNINSTALL) vers.c: $(top_srcdir)/CVSVersionInfo.txt - CVSVERSIONDIR=$(top_srcdir) vers_string -v + CVSVERSIONDIR=$(top_srcdir) ./vers_string -v -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
