Hello community, here is the log from the commit of package nss_ldap for openSUSE:Factory checked in at 2016-08-29 15:40:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/nss_ldap (Old) and /work/SRC/openSUSE:Factory/.nss_ldap.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nss_ldap" Changes: -------- --- /work/SRC/openSUSE:Factory/nss_ldap/nss_ldap.changes 2015-09-08 17:44:06.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.nss_ldap.new/nss_ldap.changes 2016-08-29 15:43:03.000000000 +0200 @@ -1,0 +2,23 @@ +Fri Aug 26 09:49:48 UTC 2016 - [email protected] + +- Relabel patches: + nss_ldap.dif -> 0000-nss_ldap.dif + group-utf8.dif -> 0001-group-utf8.dif + nss_ldap-ldapconn-leak-bug418.dif -> + 0002-nss_ldap-ldapconn-leak-bug418.dif + nss_ldap-getent-retry.dif -> 0003-nss_ldap-getent-retry.dif + nss_ldap-getent-skip-invalid-uidgidnumber.dif -> + 0004-nss_ldap-getent-skip-invalid-uidgidnumber.dif + nss_ldap-265-glibc-2.16.patch -> 0005-nss_ldap-265-glibc-2.16.patch + nss_ldap-265-pthread.patch -> 0006-nss_ldap-265-pthread.patch + bnc#842120.dif -> 0007-bnc#842120.dif + bnc#866763.dif -> 0008-bnc#866763.dif +- Add patches: + * Resolve a connection management issue in oneshot operation mode & + Fix bad variable initialisation (bsc#934444) + 0009-fix-for-BUG-412-don-t-close-nested-contexts.patch + 0010-initialize-context-in-_nss_ldap_getbyname.patch + * Fix buffer management issue between glibc and LDAP (bsc#986858) + 0011-When-invoked-via-glibc-the-input-buffer-is-enlarged.patch + +------------------------------------------------------------------- Old: ---- bnc#842120.dif bnc#866763.dif group-utf8.dif nss_ldap-265-glibc-2.16.patch nss_ldap-265-pthread.patch nss_ldap-getent-retry.dif nss_ldap-getent-skip-invalid-uidgidnumber.dif nss_ldap-ldapconn-leak-bug418.dif nss_ldap.dif New: ---- 0000-nss_ldap.dif 0001-group-utf8.dif 0002-nss_ldap-ldapconn-leak-bug418.dif 0003-nss_ldap-getent-retry.dif 0004-nss_ldap-getent-skip-invalid-uidgidnumber.dif 0005-nss_ldap-265-glibc-2.16.patch 0006-nss_ldap-265-pthread.patch 0007-bnc#842120.dif 0008-bnc#866763.dif 0009-fix-for-BUG-412-don-t-close-nested-contexts.patch 0010-initialize-context-in-_nss_ldap_getbyname.patch 0011-When-invoked-via-glibc-the-input-buffer-is-enlarged.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nss_ldap.spec ++++++ --- /var/tmp/diff_new_pack.AfjDmS/_old 2016-08-29 15:43:07.000000000 +0200 +++ /var/tmp/diff_new_pack.AfjDmS/_new 2016-08-29 15:43:07.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package nss_ldap # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -27,19 +27,22 @@ Source1: README.SUSE Source2: baselibs.conf Source3: ldap.conf -Patch0: nss_ldap.dif -Patch1: group-utf8.dif -Patch2: nss_ldap-ldapconn-leak-bug418.dif -Patch3: nss_ldap-getent-retry.dif -Patch4: nss_ldap-getent-skip-invalid-uidgidnumber.dif +Patch0: 0000-nss_ldap.dif +Patch1: 0001-group-utf8.dif +Patch2: 0002-nss_ldap-ldapconn-leak-bug418.dif +Patch3: 0003-nss_ldap-getent-retry.dif +Patch4: 0004-nss_ldap-getent-skip-invalid-uidgidnumber.dif # Upstream issue with glibc-2.16 http://bugzilla.padl.com/show_bug.cgi?id=445 -Patch5: nss_ldap-265-glibc-2.16.patch +Patch5: 0005-nss_ldap-265-glibc-2.16.patch # Fix also issue with threads on glibc-2.16 http://bugzilla.padl.com/show_bug.cgi?id=446 -Patch6: nss_ldap-265-pthread.patch +Patch6: 0006-nss_ldap-265-pthread.patch # SIGPIPE handling atfork -Patch7: bnc#842120.dif +Patch7: 0007-bnc#842120.dif # reverse ipv6 host lookups fail when ldap is used -Patch8: bnc#866763.dif +Patch8: 0008-bnc#866763.dif +Patch9: 0009-fix-for-BUG-412-don-t-close-nested-contexts.patch +Patch10: 0010-initialize-context-in-_nss_ldap_getbyname.patch +Patch11: 0011-When-invoked-via-glibc-the-input-buffer-is-enlarged.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: db-devel @@ -69,6 +72,9 @@ %patch6 %patch7 -p1 %patch8 -p1 +%patch9 -p1 +%patch10 -p1 +%patch11 -p1 cp -v %{SOURCE1} . %build ++++++ 0000-nss_ldap.dif ++++++ Index: nss_ldap-265/ldap-nss.c =================================================================== --- nss_ldap-265.orig/ldap-nss.c +++ nss_ldap-265/ldap-nss.c @@ -2640,7 +2640,8 @@ do_with_reconnect (const char *base, int * If a soft reconnect policy is specified, then do not * try to reconnect to the LDAP server if it is down. */ - if (__session.ls_config->ldc_reconnect_pol == LP_RECONNECT_SOFT) + if ( (__session.ls_config->ldc_reconnect_pol == LP_RECONNECT_SOFT) && + ( tries > 0 ) ) hard = 0; ++tries; Index: nss_ldap-265/Makefile.am =================================================================== --- nss_ldap-265.orig/Makefile.am +++ nss_ldap-265/Makefile.am @@ -109,5 +109,5 @@ uninstall-local: @$(NORMAL_UNINSTALL) vers.c: $(top_srcdir)/CVSVersionInfo.txt - CVSVERSIONDIR=$(top_srcdir) vers_string -v + CVSVERSIONDIR=$(top_srcdir) ./vers_string -v ++++++ 0001-group-utf8.dif ++++++ Index: nss_ldap-265/ldap-grp.c =================================================================== --- nss_ldap-265.orig/ldap-grp.c +++ nss_ldap-265/ldap-grp.c @@ -591,8 +591,9 @@ _nss_ldap_parse_gr (LDAPMessage * e, 10); stat = - _nss_ldap_getrdnvalue (e, ATM (LM_GROUP, cn), &gr->gr_name, &buffer, + _nss_ldap_assign_attrval (e, ATM (LM_GROUP, cn), &gr->gr_name, &buffer, &buflen); + if (stat != NSS_SUCCESS) return stat; ++++++ 0002-nss_ldap-ldapconn-leak-bug418.dif ++++++ bnc#659100, PADL#418 Index: nss_ldap-265/ldap-nss.c =================================================================== --- nss_ldap-265.orig/ldap-nss.c +++ nss_ldap-265/ldap-nss.c @@ -1234,9 +1234,14 @@ do_init (void) } } - __session.ls_conn = NULL; + /* looks like a problem. could be initialized, but not connected */ + if (__session.ls_state != LS_UNINITIALIZED) + { + debug ("<== do_init (already initialized)"); + goto initialized; + } + __session.ls_timestamp = 0; - __session.ls_state = LS_UNINITIALIZED; #if defined(HAVE_PTHREAD_ONCE) && defined(HAVE_PTHREAD_ATFORK) if (pthread_once (&__once, do_atfork_setup) != 0) @@ -1356,6 +1361,7 @@ do_init (void) debug ("<== do_init (initialized session)"); +initialized: return NSS_SUCCESS; } @@ -1575,6 +1581,7 @@ do_open (void) } else { + syslog(LOG_ERR, "nss-ldap: do_open: do_start_tls failed:stat=%d", stat); do_close (); debug ("<== do_open (TLS startup failed)"); return stat; ++++++ 0003-nss_ldap-getent-retry.dif ++++++ bnc#662752, PADL#215 Index: nss_ldap-265/ldap-nss.c =================================================================== --- nss_ldap-265.orig/ldap-nss.c +++ nss_ldap-265/ldap-nss.c @@ -2033,6 +2033,7 @@ _nss_ldap_ent_context_init_locked (ent_c ctx->ec_msgid = -1; ctx->ec_sd = NULL; ctx->ec_eof = 0; + ctx->ec_ldaprc = 0; LS_INIT (ctx->ec_state); @@ -2067,6 +2068,7 @@ do_context_release (ent_context_t * ctx, ctx->ec_sd = NULL; ctx->ec_eof = 0; + ctx->ec_ldaprc = 0; LS_INIT (ctx->ec_state); @@ -2491,6 +2493,7 @@ do_result (ent_context_t * ctx, int all) syslog (LOG_ERR, "nss_ldap: could not get LDAP result - %s", ldap_err2string (rc)); do_close(); + ctx->ec_ldaprc = rc; stat = NSS_UNAVAIL; break; case LDAP_RES_SEARCH_ENTRY: @@ -3395,6 +3398,9 @@ _nss_ldap_getent_ex (ldap_args_t * args, const char **user_attrs, parser_t parser) { NSS_STATUS stat = NSS_SUCCESS; + int retry; + + retry = (__session.ls_state == LS_CONNECTED_TO_DSA ) ? 1 : 0; debug ("==> _nss_ldap_getent_ex"); @@ -3437,6 +3443,18 @@ next: stat = do_parse (*ctx, result, buffer, buflen, errnop, parser); + if (stat == NSS_UNAVAIL && retry && + ( ((*ctx)->ec_ldaprc == LDAP_UNAVAILABLE) || + ((*ctx)->ec_ldaprc == LDAP_SERVER_DOWN) ) + ) + { + retry = 0; + (*ctx)->ec_msgid = -1; + syslog (LOG_ERR, "nss_ldap: Server might have closed connection. Retrying."); + goto next; + } + + retry = 0; #ifdef HAVE_LDAP_SEARCH_EXT if (stat == NSS_NOTFOUND) { Index: nss_ldap-265/ldap-nss.h =================================================================== --- nss_ldap-265.orig/ldap-nss.h +++ nss_ldap-265/ldap-nss.h @@ -570,6 +570,7 @@ struct ent_context { ldap_state_t ec_state; /* eg. for services */ int ec_msgid; /* message ID */ + int ec_ldaprc; /* LDAP error code */ LDAPMessage *ec_res; /* result chain */ ldap_service_search_descriptor_t *ec_sd; /* current sd */ struct berval *ec_cookie; /* cookie for paged searches */ ++++++ 0004-nss_ldap-getent-skip-invalid-uidgidnumber.dif ++++++ Index: nss_ldap-265/ldap-pwd.c =================================================================== --- nss_ldap-265.orig/ldap-pwd.c +++ nss_ldap-265/ldap-pwd.c @@ -121,7 +121,17 @@ _nss_ldap_parse_pw (LDAPMessage * e, stat = _nss_ldap_assign_attrval (e, AT (uidNumber), &uid, &tmp, &tmplen); if (stat != NSS_SUCCESS) - return stat; + { + /* + * uidNumber is to large to fit into the fixed size tmpbuf buffer, + * handle this as if it was a Schema violation to skip this entry, + * such large ids aren't valid + */ + if ( stat == NSS_TRYAGAIN ) + stat = NSS_NOTFOUND; + return stat; + } + if (*uid == '\0') pw->pw_uid = UID_NOBODY; else @@ -138,7 +148,16 @@ _nss_ldap_parse_pw (LDAPMessage * e, _nss_ldap_assign_attrval (e, ATM (LM_PASSWD, gidNumber), &gid, &tmp, &tmplen); if (stat != NSS_SUCCESS) - return stat; + { + /* + * gidNumber is to large to fit into the fixed size tmpbuf buffer, + * handle this as if it was a Schema violation to skip this entry, + * such large ids aren't valid + */ + if ( stat == NSS_TRYAGAIN ) + stat = NSS_NOTFOUND; + return stat; + } if (*gid == '\0') pw->pw_gid = GID_NOBODY; else ++++++ 0005-nss_ldap-265-glibc-2.16.patch ++++++ --- ldap-nss.c.orig 2012-10-17 12:32:03.908730283 +0000 +++ ldap-nss.c 2012-10-17 12:38:10.906767283 +0000 @@ -148,7 +148,7 @@ */ static ldap_session_t __session = { NULL, NULL, 0, LS_UNINITIALIZED }; -#if defined(HAVE_PTHREAD_ATFORK) || defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H) +#if defined(HAVE_PTHREAD_ATFORK) || defined(HAVE___LIBC_ONCE) static pthread_once_t __once = PTHREAD_ONCE_INIT; #endif @@ -168,7 +168,7 @@ static int __ssl_initialized = 0; #endif /* HAVE_LDAPSSL_CLIENT_INIT */ -#if defined(HAVE_PTHREAD_ATFORK) || defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H) +#if defined(HAVE_PTHREAD_ATFORK) || defined(HAVE___LIBC_ONCE) /* * Prepare for fork(); lock mutex. */ @@ -519,7 +519,7 @@ } #endif /* HAVE_NSSWITCH_H */ -#if defined(HAVE_PTHREAD_ATFORK) || defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H) +#if defined(HAVE_PTHREAD_ATFORK) || defined(HAVE___LIBC_ONCE) static void do_atfork_prepare (void) { @@ -553,7 +553,7 @@ #ifdef HAVE_PTHREAD_ATFORK (void) pthread_atfork (do_atfork_prepare, do_atfork_parent, do_atfork_child); -#elif defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H) +#elif defined(HAVE___LIBC_ATFORK) (void) __libc_atfork (do_atfork_prepare, do_atfork_parent, do_atfork_child); #endif @@ -1119,7 +1119,7 @@ } #ifndef HAVE_PTHREAD_ATFORK -#if defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H) +#if defined(HAVE___LIBC_ONCE) /* * This bogosity is necessary because Linux uses different * PIDs for different threads (like IRIX, which we don't @@ -1151,7 +1151,7 @@ pid = -1; /* linked against libpthreads, don't care */ #else pid = getpid (); -#endif /* HAVE_LIBC_LOCK_H || HAVE_BITS_LIBC_LOCK_H */ +#endif /* HAVE___LIBC_ONCE */ #endif /* HAVE_PTHREAD_ATFORK */ euid = geteuid (); @@ -1161,7 +1161,7 @@ syslog (LOG_DEBUG, "nss_ldap: __session.ls_state=%d, __session.ls_conn=%p, __euid=%i, euid=%i", __session.ls_state, __session.ls_conn, __euid, euid); -#elif defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H) +#elif defined(HAVE___LIBC_ONCE) syslog (LOG_DEBUG, "nss_ldap: libpthreads=%s, __session.ls_state=%d, __session.ls_conn=%p, __pid=%i, pid=%i, __euid=%i, euid=%i", ((__pthread_once == NULL || __pthread_atfork == NULL) ? "FALSE" : "TRUE"), @@ -1185,11 +1185,11 @@ } else #ifndef HAVE_PTHREAD_ATFORK -#if defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H) +#if defined(HAVE___LIBC_ONCE) if ((__pthread_once == NULL || __pthread_atfork == NULL) && __pid != pid) #else if (__pid != pid) -#endif /* HAVE_LIBC_LOCK_H || HAVE_BITS_LIBC_LOCK_H */ +#endif /* HAVE___LIBC_ONCE */ { do_close_no_unbind (); } @@ -1250,9 +1250,9 @@ debug ("<== do_init (pthread_once failed)"); return NSS_UNAVAIL; } -#elif defined(HAVE_PTHREAD_ATFORK) && ( defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H) ) +#elif defined(HAVE_PTHREAD_ATFORK) && defined(HAVE___LIBC_ONCE) __libc_once (__once, do_atfork_setup); -#elif defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H) +#elif defined(HAVE___LIBC_ONCE) /* * Only install the pthread_atfork() handlers i * we are linked against libpthreads. Otherwise, --- ldap-nss.h.orig 2012-10-17 12:33:05.681379283 +0000 +++ ldap-nss.h 2012-10-17 12:34:06.337050753 +0000 @@ -671,7 +671,7 @@ #define NSS_LDAP_LOCK(m) mutex_lock(&m) #define NSS_LDAP_UNLOCK(m) mutex_unlock(&m) #define NSS_LDAP_DEFINE_LOCK(m) static mutex_t m = DEFAULTMUTEX -#elif defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H) +#elif defined(HAVE___LIBC_LOCK_LOCK) && defined(HAVE___LIBC_LOCK_UNLOCK) #define NSS_LDAP_LOCK(m) __libc_lock_lock(m) #define NSS_LDAP_UNLOCK(m) __libc_lock_unlock(m) #define NSS_LDAP_DEFINE_LOCK(m) static pthread_mutex_t m = PTHREAD_MUTEX_INITIALIZER --- ldap-nss.c.orig 2012-10-17 12:58:20.270783283 +0000 +++ ldap-nss.c 2012-10-17 12:58:43.699267283 +0000 @@ -156,7 +156,7 @@ static FILE *__debugfile; #endif /* LBER_OPT_LOG_PRINT_FILE */ -#ifndef HAVE_PTHREAD_ATFORK +#if !defined(HAVE_PTHREAD_ATFORK) || !defined(HAVE___LIBC_ONCE) /* * Process ID that opened the session. */ --- configure.in.orig 2012-10-17 12:59:31.707235283 +0000 +++ configure.in 2012-10-17 13:00:15.854289283 +0000 @@ -255,6 +255,7 @@ AC_CHECK_FUNCS(pthread_once) AC_CHECK_FUNCS(ether_aton) AC_CHECK_FUNCS(ether_ntoa) +AC_CHECK_FUNCS(__libc_once __libc_atfork __libc_lock_lock __libc_lock_unlock) AC_MSG_CHECKING(for struct ether_addr) AC_TRY_COMPILE([#include <sys/types.h> --- ldap-nss.c.orig 2012-10-17 13:02:01.418010283 +0000 +++ ldap-nss.c 2012-10-17 13:03:25.017240283 +0000 @@ -1102,7 +1102,7 @@ do_init (void) { ldap_config_t *cfg; -#ifndef HAVE_PTHREAD_ATFORK +#if !defined(HAVE_PTHREAD_ATFORK) || !defined(HAVE___LIBC_ONCE) pid_t pid; #endif uid_t euid; ++++++ 0006-nss_ldap-265-pthread.patch ++++++ --- configure.in.orig 2012-10-17 13:32:35.894846283 +0000 +++ configure.in 2012-10-17 13:35:29.334105697 +0000 @@ -1,6 +1,7 @@ AC_INIT(ldap-nss.c) AC_CANONICAL_SYSTEM AC_PREFIX_DEFAULT() +AC_CONFIG_MACRO_DIR([m4]) AM_INIT_AUTOMAKE(nss_ldap, 265) AM_CONFIG_HEADER(config.h) @@ -250,11 +251,17 @@ AC_CHECK_FUNCS(snprintf) AC_CHECK_FUNCS(gethostbyname) AC_CHECK_FUNCS(nsdispatch) +AC_CHECK_FUNCS(ether_aton) +AC_CHECK_FUNCS(ether_ntoa) + +AX_PTHREAD +LIBS="$PTHREAD_LIBS $LIBS" +CFLAGS="$CFLAGS $PTHREAD_CFLAGS" +CC="$PTHREAD_CC" + AC_CHECK_LIB(pthread_nonshared, main) AC_CHECK_FUNCS(pthread_atfork) AC_CHECK_FUNCS(pthread_once) -AC_CHECK_FUNCS(ether_aton) -AC_CHECK_FUNCS(ether_ntoa) AC_CHECK_FUNCS(__libc_once __libc_atfork __libc_lock_lock __libc_lock_unlock) AC_MSG_CHECKING(for struct ether_addr) --- /dev/null 2012-10-15 13:43:01.683577607 +0000 +++ m4/ax_pthread.m4 2012-10-17 13:34:51.918922283 +0000 @@ -0,0 +1,309 @@ +# =========================================================================== +# http://www.gnu.org/software/autoconf-archive/ax_pthread.html +# =========================================================================== +# +# SYNOPSIS +# +# AX_PTHREAD([ACTION-IF-FOUND[, ACTION-IF-NOT-FOUND]]) +# +# DESCRIPTION +# +# This macro figures out how to build C programs using POSIX threads. It +# sets the PTHREAD_LIBS output variable to the threads library and linker +# flags, and the PTHREAD_CFLAGS output variable to any special C compiler +# flags that are needed. (The user can also force certain compiler +# flags/libs to be tested by setting these environment variables.) +# +# Also sets PTHREAD_CC to any special C compiler that is needed for +# multi-threaded programs (defaults to the value of CC otherwise). (This +# is necessary on AIX to use the special cc_r compiler alias.) +# +# NOTE: You are assumed to not only compile your program with these flags, +# but also link it with them as well. e.g. you should link with +# $PTHREAD_CC $CFLAGS $PTHREAD_CFLAGS $LDFLAGS ... $PTHREAD_LIBS $LIBS +# +# If you are only building threads programs, you may wish to use these +# variables in your default LIBS, CFLAGS, and CC: +# +# LIBS="$PTHREAD_LIBS $LIBS" +# CFLAGS="$CFLAGS $PTHREAD_CFLAGS" +# CC="$PTHREAD_CC" +# +# In addition, if the PTHREAD_CREATE_JOINABLE thread-attribute constant +# has a nonstandard name, defines PTHREAD_CREATE_JOINABLE to that name +# (e.g. PTHREAD_CREATE_UNDETACHED on AIX). +# +# Also HAVE_PTHREAD_PRIO_INHERIT is defined if pthread is found and the +# PTHREAD_PRIO_INHERIT symbol is defined when compiling with +# PTHREAD_CFLAGS. +# +# ACTION-IF-FOUND is a list of shell commands to run if a threads library +# is found, and ACTION-IF-NOT-FOUND is a list of commands to run it if it +# is not found. If ACTION-IF-FOUND is not specified, the default action +# will define HAVE_PTHREAD. +# +# Please let the authors know if this macro fails on any platform, or if +# you have any other suggestions or comments. This macro was based on work +# by SGJ on autoconf scripts for FFTW (http://www.fftw.org/) (with help +# from M. Frigo), as well as ac_pthread and hb_pthread macros posted by +# Alejandro Forero Cuervo to the autoconf macro repository. We are also +# grateful for the helpful feedback of numerous users. +# +# Updated for Autoconf 2.68 by Daniel Richard G. +# +# LICENSE +# +# Copyright (c) 2008 Steven G. Johnson <[email protected]> +# Copyright (c) 2011 Daniel Richard G. <[email protected]> +# +# This program is free software: you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation, either version 3 of the License, or (at your +# option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General +# Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program. If not, see <http://www.gnu.org/licenses/>. +# +# As a special exception, the respective Autoconf Macro's copyright owner +# gives unlimited permission to copy, distribute and modify the configure +# scripts that are the output of Autoconf when processing the Macro. You +# need not follow the terms of the GNU General Public License when using +# or distributing such scripts, even though portions of the text of the +# Macro appear in them. The GNU General Public License (GPL) does govern +# all other use of the material that constitutes the Autoconf Macro. +# +# This special exception to the GPL applies to versions of the Autoconf +# Macro released by the Autoconf Archive. When you make and distribute a +# modified version of the Autoconf Macro, you may extend this special +# exception to the GPL to apply to your modified version as well. + +#serial 18 + +AU_ALIAS([ACX_PTHREAD], [AX_PTHREAD]) +AC_DEFUN([AX_PTHREAD], [ +AC_REQUIRE([AC_CANONICAL_HOST]) +AC_LANG_PUSH([C]) +ax_pthread_ok=no + +# We used to check for pthread.h first, but this fails if pthread.h +# requires special compiler flags (e.g. on True64 or Sequent). +# It gets checked for in the link test anyway. + +# First of all, check if the user has set any of the PTHREAD_LIBS, +# etcetera environment variables, and if threads linking works using +# them: +if test x"$PTHREAD_LIBS$PTHREAD_CFLAGS" != x; then + save_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $PTHREAD_CFLAGS" + save_LIBS="$LIBS" + LIBS="$PTHREAD_LIBS $LIBS" + AC_MSG_CHECKING([for pthread_join in LIBS=$PTHREAD_LIBS with CFLAGS=$PTHREAD_CFLAGS]) + AC_TRY_LINK_FUNC(pthread_join, ax_pthread_ok=yes) + AC_MSG_RESULT($ax_pthread_ok) + if test x"$ax_pthread_ok" = xno; then + PTHREAD_LIBS="" + PTHREAD_CFLAGS="" + fi + LIBS="$save_LIBS" + CFLAGS="$save_CFLAGS" +fi + +# We must check for the threads library under a number of different +# names; the ordering is very important because some systems +# (e.g. DEC) have both -lpthread and -lpthreads, where one of the +# libraries is broken (non-POSIX). + +# Create a list of thread flags to try. Items starting with a "-" are +# C compiler flags, and other items are library names, except for "none" +# which indicates that we try without any flags at all, and "pthread-config" +# which is a program returning the flags for the Pth emulation library. + +ax_pthread_flags="pthreads none -Kthread -kthread lthread -pthread -pthreads -mthreads pthread --thread-safe -mt pthread-config" + +# The ordering *is* (sometimes) important. Some notes on the +# individual items follow: + +# pthreads: AIX (must check this before -lpthread) +# none: in case threads are in libc; should be tried before -Kthread and +# other compiler flags to prevent continual compiler warnings +# -Kthread: Sequent (threads in libc, but -Kthread needed for pthread.h) +# -kthread: FreeBSD kernel threads (preferred to -pthread since SMP-able) +# lthread: LinuxThreads port on FreeBSD (also preferred to -pthread) +# -pthread: Linux/gcc (kernel threads), BSD/gcc (userland threads) +# -pthreads: Solaris/gcc +# -mthreads: Mingw32/gcc, Lynx/gcc +# -mt: Sun Workshop C (may only link SunOS threads [-lthread], but it +# doesn't hurt to check since this sometimes defines pthreads too; +# also defines -D_REENTRANT) +# ... -mt is also the pthreads flag for HP/aCC +# pthread: Linux, etcetera +# --thread-safe: KAI C++ +# pthread-config: use pthread-config program (for GNU Pth library) + +case ${host_os} in + solaris*) + + # On Solaris (at least, for some versions), libc contains stubbed + # (non-functional) versions of the pthreads routines, so link-based + # tests will erroneously succeed. (We need to link with -pthreads/-mt/ + # -lpthread.) (The stubs are missing pthread_cleanup_push, or rather + # a function called by this macro, so we could check for that, but + # who knows whether they'll stub that too in a future libc.) So, + # we'll just look for -pthreads and -lpthread first: + + ax_pthread_flags="-pthreads pthread -mt -pthread $ax_pthread_flags" + ;; + + darwin*) + ax_pthread_flags="-pthread $ax_pthread_flags" + ;; +esac + +if test x"$ax_pthread_ok" = xno; then +for flag in $ax_pthread_flags; do + + case $flag in + none) + AC_MSG_CHECKING([whether pthreads work without any flags]) + ;; + + -*) + AC_MSG_CHECKING([whether pthreads work with $flag]) + PTHREAD_CFLAGS="$flag" + ;; + + pthread-config) + AC_CHECK_PROG(ax_pthread_config, pthread-config, yes, no) + if test x"$ax_pthread_config" = xno; then continue; fi + PTHREAD_CFLAGS="`pthread-config --cflags`" + PTHREAD_LIBS="`pthread-config --ldflags` `pthread-config --libs`" + ;; + + *) + AC_MSG_CHECKING([for the pthreads library -l$flag]) + PTHREAD_LIBS="-l$flag" + ;; + esac + + save_LIBS="$LIBS" + save_CFLAGS="$CFLAGS" + LIBS="$PTHREAD_LIBS $LIBS" + CFLAGS="$CFLAGS $PTHREAD_CFLAGS" + + # Check for various functions. We must include pthread.h, + # since some functions may be macros. (On the Sequent, we + # need a special flag -Kthread to make this header compile.) + # We check for pthread_join because it is in -lpthread on IRIX + # while pthread_create is in libc. We check for pthread_attr_init + # due to DEC craziness with -lpthreads. We check for + # pthread_cleanup_push because it is one of the few pthread + # functions on Solaris that doesn't have a non-functional libc stub. + # We try pthread_create on general principles. + AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <pthread.h> + static void routine(void *a) { a = 0; } + static void *start_routine(void *a) { return a; }], + [pthread_t th; pthread_attr_t attr; + pthread_create(&th, 0, start_routine, 0); + pthread_join(th, 0); + pthread_attr_init(&attr); + pthread_cleanup_push(routine, 0); + pthread_cleanup_pop(0) /* ; */])], + [ax_pthread_ok=yes], + []) + + LIBS="$save_LIBS" + CFLAGS="$save_CFLAGS" + + AC_MSG_RESULT($ax_pthread_ok) + if test "x$ax_pthread_ok" = xyes; then + break; + fi + + PTHREAD_LIBS="" + PTHREAD_CFLAGS="" +done +fi + +# Various other checks: +if test "x$ax_pthread_ok" = xyes; then + save_LIBS="$LIBS" + LIBS="$PTHREAD_LIBS $LIBS" + save_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $PTHREAD_CFLAGS" + + # Detect AIX lossage: JOINABLE attribute is called UNDETACHED. + AC_MSG_CHECKING([for joinable pthread attribute]) + attr_name=unknown + for attr in PTHREAD_CREATE_JOINABLE PTHREAD_CREATE_UNDETACHED; do + AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <pthread.h>], + [int attr = $attr; return attr /* ; */])], + [attr_name=$attr; break], + []) + done + AC_MSG_RESULT($attr_name) + if test "$attr_name" != PTHREAD_CREATE_JOINABLE; then + AC_DEFINE_UNQUOTED(PTHREAD_CREATE_JOINABLE, $attr_name, + [Define to necessary symbol if this constant + uses a non-standard name on your system.]) + fi + + AC_MSG_CHECKING([if more special flags are required for pthreads]) + flag=no + case ${host_os} in + aix* | freebsd* | darwin*) flag="-D_THREAD_SAFE";; + osf* | hpux*) flag="-D_REENTRANT";; + solaris*) + if test "$GCC" = "yes"; then + flag="-D_REENTRANT" + else + flag="-mt -D_REENTRANT" + fi + ;; + esac + AC_MSG_RESULT(${flag}) + if test "x$flag" != xno; then + PTHREAD_CFLAGS="$flag $PTHREAD_CFLAGS" + fi + + AC_CACHE_CHECK([for PTHREAD_PRIO_INHERIT], + ax_cv_PTHREAD_PRIO_INHERIT, [ + AC_LINK_IFELSE([ + AC_LANG_PROGRAM([[#include <pthread.h>]], [[int i = PTHREAD_PRIO_INHERIT;]])], + [ax_cv_PTHREAD_PRIO_INHERIT=yes], + [ax_cv_PTHREAD_PRIO_INHERIT=no]) + ]) + AS_IF([test "x$ax_cv_PTHREAD_PRIO_INHERIT" = "xyes"], + AC_DEFINE([HAVE_PTHREAD_PRIO_INHERIT], 1, [Have PTHREAD_PRIO_INHERIT.])) + + LIBS="$save_LIBS" + CFLAGS="$save_CFLAGS" + + # More AIX lossage: must compile with xlc_r or cc_r + if test x"$GCC" != xyes; then + AC_CHECK_PROGS(PTHREAD_CC, xlc_r cc_r, ${CC}) + else + PTHREAD_CC=$CC + fi +else + PTHREAD_CC="$CC" +fi + +AC_SUBST(PTHREAD_LIBS) +AC_SUBST(PTHREAD_CFLAGS) +AC_SUBST(PTHREAD_CC) + +# Finally, execute ACTION-IF-FOUND/ACTION-IF-NOT-FOUND: +if test x"$ax_pthread_ok" = xyes; then + ifelse([$1],,AC_DEFINE(HAVE_PTHREAD,1,[Define if you have POSIX threads libraries and header files.]),[$1]) + : +else + ax_pthread_ok=no + $2 +fi +AC_LANG_POP +])dnl AX_PTHREAD --- Makefile.am.orig 2012-10-17 13:36:27.310869710 +0000 +++ Makefile.am 2012-10-17 13:36:43.355515255 +0000 @@ -1,3 +1,5 @@ +ACLOCAL_AMFLAGS = -I m4 + if AIX authmod = NSS_LDAP else ++++++ 0007-bnc#842120.dif ++++++ Index: nss_ldap-262/ldap-nss.c =================================================================== --- nss_ldap-262.orig/ldap-nss.c +++ nss_ldap-262/ldap-nss.c @@ -121,6 +121,7 @@ extern int ldap_ld_free (LDAP * ld, int #endif /* HAVE_LDAP_LD_FREE */ NSS_LDAP_DEFINE_LOCK (__lock); +NSS_LDAP_DEFINE_LOCK (__child_atfork_lock); /* * the configuration is read by the first call to do_open(). @@ -532,11 +533,35 @@ do_atfork_parent (void) debug ("<== do_atfork_parent"); } +static int +_nss_ldap_need_deferred_close_no_unbind; + +static void +do_deferred_close_no_unbind (void) +{ + sigset_t unblock, mask; + debug ("==> do_deferred_close_no_unbind"); + + sigemptyset(&unblock); + sigaddset(&unblock, SIGPIPE); + sigprocmask(SIG_UNBLOCK, &unblock, &mask); + do_close_no_unbind (); + sigprocmask(SIG_SETMASK, &mask, NULL); + debug ("<== do_deferred_close_no_unbind"); +} + static void do_atfork_child (void) { + int sd = -1; + debug ("==> do_atfork_child"); - do_close_no_unbind (); + + NSS_LDAP_LOCK (__child_atfork_lock); + _nss_ldap_need_deferred_close_no_unbind = 1; + if (do_get_our_socket (&sd)) + fcntl (sd, F_SETFD, FD_CLOEXEC); + NSS_LDAP_UNLOCK (__child_atfork_lock); _nss_ldap_leave (); debug ("<== do_atfork_child"); } @@ -600,6 +625,14 @@ _nss_ldap_enter (void) __sigpipe_handler = signal (SIGPIPE, SIG_IGN); #endif /* HAVE_SIGSET */ + NSS_LDAP_LOCK (__child_atfork_lock); + if (_nss_ldap_need_deferred_close_no_unbind) + { + do_deferred_close_no_unbind (); + _nss_ldap_need_deferred_close_no_unbind = 0; + } + NSS_LDAP_UNLOCK (__child_atfork_lock); + debug ("<== _nss_ldap_enter"); } @@ -823,6 +856,8 @@ do_get_our_socket(int *sd) peernamelen); } } + else + isOurSocket = 0; #endif /* HAVE_LDAPSSL_CLIENT_INIT */ return isOurSocket; } ++++++ 0008-bnc#866763.dif ++++++ diff -Naur nss_ldap-265/ldap-hosts.c nss_ldap-265-new/ldap-hosts.c --- nss_ldap-265/ldap-hosts.c 2009-11-06 11:28:08.000000000 +0100 +++ nss_ldap-265-new/ldap-hosts.c 2014-03-05 19:28:43.377519356 +0100 @@ -354,14 +357,26 @@ { NSS_STATUS status; ldap_args_t a; +#ifdef INET6 + char address[INET6_ADDRSTRLEN]; +#else + char address[INET_ADDRSTRLEN]; +#endif /* if querying by IPv6 address, make sure the address is "normalized" -- * it should contain no leading zeros and all components of the address. * still we can't fit an IPv6 address in an int, so who cares for now. */ +#ifdef INET6 + if (type == AF_INET6) + inet_ntop (AF_INET6, addr, address, INET6_ADDRSTRLEN); + else +#endif + inet_ntop (AF_INET, addr, address, INET_ADDRSTRLEN); + LA_INIT (a); - LA_STRING (a) = inet_ntoa (*addr); + LA_STRING (a) = address; LA_TYPE (a) = LA_TYPE_STRING; status = _nss_ldap_getbyname (&a, ++++++ 0009-fix-for-BUG-412-don-t-close-nested-contexts.patch ++++++ >From 2dbece566df68ce1f48fa066509e7dc4added676 Mon Sep 17 00:00:00 2001 From: Luke Howard <[email protected]> Date: Wed, 24 Feb 2010 11:28:53 +0000 Subject: [PATCH] fix for BUG#412: don't close nested contexts diff --git a/ldap-grp.c b/ldap-grp.c index b4770c1..810bb60 100644 --- a/ldap-grp.c +++ b/ldap-grp.c @@ -859,7 +859,7 @@ ng_chase (const char *dn, ldap_initgroups_args_t * lia) LA_STRING (a) = dn; LA_TYPE (a) = LA_TYPE_STRING; - if (_nss_ldap_ent_context_init_locked (&ctx) == NULL) + if (_nss_ldap_ent_context_init_internal_locked (&ctx) == NULL) { return NSS_UNAVAIL; } @@ -931,7 +931,7 @@ ng_chase_backlink (const char ** membersOf, ldap_initgroups_args_t * lia) LA_STRING_LIST (a) = filteredMembersOf; LA_TYPE (a) = LA_TYPE_STRING_LIST_OR; - if (_nss_ldap_ent_context_init_locked (&ctx) == NULL) + if (_nss_ldap_ent_context_init_internal_locked (&ctx) == NULL) { free (filteredMembersOf); return NSS_UNAVAIL; diff --git a/ldap-netgrp.c b/ldap-netgrp.c index 092efc2..b495ad5 100644 --- a/ldap-netgrp.c +++ b/ldap-netgrp.c @@ -691,7 +691,7 @@ do_innetgr_nested (ldap_innetgr_args_t * li_args, const char *nested) LA_TYPE (a) = LA_TYPE_STRING; LA_STRING (a) = nested; /* memberNisNetgroup */ - if (_nss_ldap_ent_context_init_locked (&ctx) == NULL) + if (_nss_ldap_ent_context_init_internal_locked (&ctx) == NULL) { debug ("<== do_innetgr_nested: failed to initialize context"); return NSS_UNAVAIL; diff --git a/ldap-nss.c b/ldap-nss.c index 28c6b3e..2105157 100644 --- a/ldap-nss.c +++ b/ldap-nss.c @@ -2029,7 +2029,7 @@ _nss_ldap_ent_context_init_locked (ent_context_t ** pctx) if (ctx == NULL) { - ctx = (ent_context_t *) malloc (sizeof (*ctx)); + ctx = (ent_context_t *) calloc (1, sizeof (*ctx)); if (ctx == NULL) { debug ("<== _nss_ldap_ent_context_init_locked"); @@ -2067,6 +2067,20 @@ _nss_ldap_ent_context_init_locked (ent_context_t ** pctx) return ctx; } +ent_context_t * +_nss_ldap_ent_context_init_internal_locked (ent_context_t ** pctx) +{ + ent_context_t *ctx; + + ctx = _nss_ldap_ent_context_init_locked (pctx); + if (ctx == NULL) + return NULL; + + ctx->ec_internal = 1; + + return ctx; +} + static void do_context_release (ent_context_t * ctx, int free_context) { @@ -2096,7 +2110,8 @@ do_context_release (ent_context_t * ctx, int free_context) LS_INIT (ctx->ec_state); - if (_nss_ldap_test_config_flag (NSS_LDAP_FLAGS_CONNECT_POLICY_ONESHOT)) + if (!ctx->ec_internal && + _nss_ldap_test_config_flag (NSS_LDAP_FLAGS_CONNECT_POLICY_ONESHOT)) { do_close (); } diff --git a/ldap-nss.h b/ldap-nss.h index b58f28b..1e96005 100644 --- a/ldap-nss.h +++ b/ldap-nss.h @@ -573,7 +573,9 @@ struct ent_context LDAPMessage *ec_res; /* result chain */ ldap_service_search_descriptor_t *ec_sd; /* current sd */ struct berval *ec_cookie; /* cookie for paged searches */ - int ec_eof; /* reached notional end of file */ + int ec_eof : 1; /* reached notional end of file */ + int ec_internal : 1; /* this context is just a part of a larger + * query for information */ }; typedef struct ent_context ent_context_t; @@ -766,6 +768,15 @@ ent_context_t *_nss_ldap_ent_context_init (ent_context_t **); ent_context_t *_nss_ldap_ent_context_init_locked (ent_context_t **); /* + * _nss_ldap_ent_context_init_internal_locked() has the same + * behaviour, except it marks the context as one that's being + * used to fetch additional data used in answering a request, i.e. + * that this isn't the "main" context + */ + +ent_context_t *_nss_ldap_ent_context_init_internal_locked (ent_context_t **); + +/* * _nss_ldap_ent_context_release() is used to manually free a context */ void _nss_ldap_ent_context_release (ent_context_t **); -- 2.4.3 ++++++ 0010-initialize-context-in-_nss_ldap_getbyname.patch ++++++ >From e71be5f00337ae890fa219e0cb4459aa435a6437 Mon Sep 17 00:00:00 2001 From: Luke Howard <[email protected]> Date: Fri, 19 Mar 2010 16:42:20 +0000 Subject: [PATCH] initialize context in _nss_ldap_getbyname() The patch was slightly adjusted by Howard Guo <[email protected]> to fit into this older release of nss_ldap. diff -rupN nss_ldap-265/ldap-nss.c nss_ldap-265-patched/ldap-nss.c --- nss_ldap-265/ldap-nss.c 2016-03-23 15:12:53.348695960 +0100 +++ nss_ldap-265-patched/ldap-nss.c 2016-03-23 16:24:31.440525358 +0100 @@ -3563,9 +3563,8 @@ _nss_ldap_getbyname (ldap_args_t * args, debug ("==> _nss_ldap_getbyname"); + memset (&ctx, 0, sizeof(ctx)); ctx.ec_msgid = -1; - ctx.ec_cookie = NULL; - ctx.ec_eof = 0; stat = _nss_ldap_search_s (args, filterprot, sel, NULL, 1, &ctx.ec_res); if (stat != NSS_SUCCESS) ++++++ 0011-When-invoked-via-glibc-the-input-buffer-is-enlarged.patch ++++++ >From a12feab75b33a6fc09233794eff203416ca6ebd8 Mon Sep 17 00:00:00 2001 From: HouzuoGuo <[email protected]> Date: Fri, 26 Aug 2016 11:07:15 +0200 Subject: [PATCH] When invoked via glibc, the input buffer is enlarged only if errnop is set to ERANGE, so set it that way to comply with glibc's expectation. Authored by William Preston <[email protected]> on 2016-08-25. diff --git a/ldap-netgrp.c b/ldap-netgrp.c index ff70dba..bc7d711 100644 --- a/ldap-netgrp.c +++ b/ldap-netgrp.c @@ -382,7 +382,9 @@ NSS_STATUS _nss_ldap_getnetgrent_r (struct __netgrent *result, char *buffer, size_t buflen, int *errnop) { - return _nss_ldap_parse_netgr (result, buffer, buflen); + NSS_STATUS status = _nss_ldap_parse_netgr (result, buffer, buflen); + if (status == NSS_TRYAGAIN) *errnop = ERANGE; + return status; } #endif /* HAVE_NSS_H */ -- 2.6.6
