Upgrade to the latest upstream release 0.9.9
- Disable the python utilities - Don't bother with failing pylint test as we don't ship the python utilities - Drop unused validname and exitcode patches, port strtoid overflow patch
This commit is contained in:
parent
224e63f170
commit
ce40dd2fde
|
@ -33,3 +33,5 @@ nss-pam-ldapd-0.7.7.tar.gz.sig
|
|||
/nss-pam-ldapd-0.8.13.tar.gz.sig
|
||||
/nss-pam-ldapd-0.8.14.tar.gz
|
||||
/nss-pam-ldapd-0.8.14.tar.gz.sig
|
||||
/nss-pam-ldapd-0.9.9.tar.gz
|
||||
/nss-pam-ldapd-0.9.9.tar.gz.sig
|
||||
|
|
|
@ -0,0 +1,31 @@
|
|||
From 5e4ef70a1fda792d7ca32311ecc29302c7b13ca5 Mon Sep 17 00:00:00 2001
|
||||
From: Jakub Hrozek <jakub.hrozek@posteo.se>
|
||||
Date: Sun, 1 Apr 2018 10:40:13 +0200
|
||||
Subject: [PATCH 1/2] Disable pylint tests
|
||||
|
||||
---
|
||||
tests/Makefile.am | 8 +++++---
|
||||
1 file changed, 5 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/tests/Makefile.am b/tests/Makefile.am
|
||||
index 0a7854eec62520014919ad3983db70c78be483e2..8c742a78e3ce8e822fbd7bd9d5735a010e2f0f80 100644
|
||||
--- a/tests/Makefile.am
|
||||
+++ b/tests/Makefile.am
|
||||
@@ -22,9 +22,11 @@ TESTS = test_dict test_set test_tio test_expr test_getpeercred test_cfg \
|
||||
test_attmap test_myldap.sh test_common test_nsscmds.sh \
|
||||
test_pamcmds.sh test_manpages.sh test_clock \
|
||||
test_tio_timeout
|
||||
-if HAVE_PYTHON
|
||||
- TESTS += test_pycompile.sh test_pylint.sh
|
||||
-endif
|
||||
+
|
||||
+#if HAVE_PYTHON
|
||||
+# TESTS += test_pycompile.sh test_pylint.sh
|
||||
+#endif
|
||||
+
|
||||
if ENABLE_PYNSLCD
|
||||
TESTS += test_pynslcd_cache.py test_doctest.sh
|
||||
endif
|
||||
--
|
||||
2.14.3
|
||||
|
|
@ -1,30 +1,44 @@
|
|||
From ae0a9312c562985838fdd9845ef95fe61e8aa3de Mon Sep 17 00:00:00 2001
|
||||
From: Jakub Hrozek <jakub.hrozek@posteo.se>
|
||||
Date: Sun, 1 Apr 2018 10:57:22 +0200
|
||||
Subject: [PATCH 2/2] Watch for uint32_t overflows
|
||||
|
||||
Always use a function that we know will catch out-of-range values for UIDs and
|
||||
GIDs, which are currently unsigned 32-bit numbers everywhere, and which won't
|
||||
produce a result that'll silently be truncated if we store the result in a
|
||||
uid_t or gid_t.
|
||||
--- nss-pam-ldapd/nslcd/common.c
|
||||
+++ nss-pam-ldapd/nslcd/common.c
|
||||
@@ -273,19 +273,23 @@ long int binsid2id(const char *binsid)
|
||||
((((long int)binsid[i+2])&0xff)<<16)|((((long int)binsid[i+3])&0xff)<<24);
|
||||
---
|
||||
nslcd/common.c | 28 ++++++++++++++++------------
|
||||
nslcd/common.h | 27 +++------------------------
|
||||
2 files changed, 19 insertions(+), 36 deletions(-)
|
||||
|
||||
diff --git a/nslcd/common.c b/nslcd/common.c
|
||||
index 60be7773d2c809f3177744ced0dd0ba90c86e820..de640b47806757e0bb2e704b3b79f1ecb18bbc45 100644
|
||||
--- a/nslcd/common.c
|
||||
+++ b/nslcd/common.c
|
||||
@@ -338,19 +338,23 @@ unsigned long int binsid2id(const char *binsid)
|
||||
((((unsigned long int)binsid[i + 3]) & 0xff) << 24);
|
||||
}
|
||||
|
||||
-#ifdef WANT_STRTOUI
|
||||
-/* provide a strtoui() implementation, similar to strtoul() but returning
|
||||
- an range-checked unsigned int instead */
|
||||
-unsigned int strtoui(const char *nptr, char **endptr, int base)
|
||||
+/* provide a strtoid() implementation, similar to strtoul() but returning
|
||||
an range-checked unsigned int instead */
|
||||
-unsigned int strtoui(const char *nptr,char **endptr,int base)
|
||||
+ an range-checked uint32_t instead */
|
||||
+unsigned int strtoid(const char *nptr,char **endptr,int base)
|
||||
{
|
||||
- unsigned long val;
|
||||
- val=strtoul(nptr,endptr,base);
|
||||
- if (val>UINT_MAX)
|
||||
- val = strtoul(nptr, endptr, base);
|
||||
- if (val > UINT_MAX)
|
||||
+ long long val;
|
||||
+ /* use the fact that long long is 64-bit, even on 32-bit systems */
|
||||
+ val=strtoll(nptr,endptr,base);
|
||||
+ if (val>UINT32_MAX)
|
||||
{
|
||||
errno=ERANGE;
|
||||
- errno = ERANGE;
|
||||
- return UINT_MAX;
|
||||
+ errno=ERANGE;
|
||||
+ return UINT32_MAX;
|
||||
}
|
||||
- /* If errno was set by strtoul, we'll pass it back as-is */
|
||||
|
@ -38,11 +52,13 @@ uid_t or gid_t.
|
|||
+ return (uint32_t)val;
|
||||
}
|
||||
-#endif /* WANT_STRTOUI */
|
||||
--- nss-pam-ldapd/nslcd/common.h
|
||||
+++ nss-pam-ldapd/nslcd/common.h
|
||||
@@ -139,31 +139,9 @@ int nsswitch_db_uses_ldap(const char *fi
|
||||
#endif /* _POSIX_HOST_NAME_MAX */
|
||||
#endif /* not HOST_NAME_MAX */
|
||||
diff --git a/nslcd/common.h b/nslcd/common.h
|
||||
index 26fcf48ae2a6dc50bc97fab238ecc9a1879342ce..97d386eaf1f6881182729c5d8e46ce30d2d28eba 100644
|
||||
--- a/nslcd/common.h
|
||||
+++ b/nslcd/common.h
|
||||
@@ -161,31 +161,10 @@ void invalidator_do(enum ldap_map_selector map);
|
||||
#define BUFLEN_HOSTNAME 256 /* host names or FQDN (and safe version) */
|
||||
#define BUFLEN_MESSAGE 1024 /* message strings */
|
||||
|
||||
-/* provide strtouid() function alias */
|
||||
-#if SIZEOF_UID_T == SIZEOF_UNSIGNED_LONG_INT
|
||||
|
@ -55,8 +71,8 @@ uid_t or gid_t.
|
|||
-#else
|
||||
-#error unable to find implementation for strtouid()
|
||||
-#endif
|
||||
-
|
||||
-/* provide strtouid() function alias */
|
||||
|
||||
-/* provide strtogid() function alias */
|
||||
-#if SIZEOF_GID_T == SIZEOF_UNSIGNED_LONG_INT
|
||||
-#define strtogid (gid_t)strtoul
|
||||
-#elif SIZEOF_GID_T == SIZEOF_UNSIGNED_LONG_LONG_INT
|
||||
|
@ -65,7 +81,7 @@ uid_t or gid_t.
|
|||
-#ifndef WANT_STRTOUI
|
||||
-#define WANT_STRTOUI 1
|
||||
-#endif
|
||||
-#define strtogid (uid_t)strtoui
|
||||
-#define strtogid (gid_t)strtoui
|
||||
-#else
|
||||
-#error unable to find implementation for strtogid()
|
||||
-#endif
|
||||
|
@ -75,3 +91,6 @@ uid_t or gid_t.
|
|||
|
||||
#ifdef WANT_STRTOUI
|
||||
/* provide a strtoui() if it is needed */
|
||||
--
|
||||
2.14.3
|
||||
|
|
@ -1,36 +0,0 @@
|
|||
Defaults changed to allow opening and closing parentheses everywhere. Defaults
|
||||
changed again to make characters after the first optional, and again to go back
|
||||
to disallowing names which end with "\".
|
||||
--- man/nslcd.conf.5.xml
|
||||
+++ man/nslcd.conf.5.xml
|
||||
@@ -712,7 +712,7 @@
|
||||
characters and the 'i' flag may be appended at the end to indicate
|
||||
that the match should be case-insensetive.
|
||||
The default value is
|
||||
- <literal>/^[a-z0-9._@$][a-z0-9._@$ \\~-]*[a-z0-9._@$~-]$/i</literal>
|
||||
+ <literal>/^[a-z0-9._@$()]([a-z0-9._@$() \\~-]*[a-z0-9._@$()~-])?$/i</literal>
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
--- nslcd/cfg.c
|
||||
+++ nslcd/cfg.c
|
||||
@@ -134,7 +134,7 @@ static void cfg_defaults(struct ldap_con
|
||||
cfg->ldc_pam_authz_search[i]=NULL;
|
||||
cfg->ldc_nss_min_uid=0;
|
||||
parse_validnames_statement(__FILE__,__LINE__,"",
|
||||
- "/^[a-z0-9._@$][a-z0-9._@$ \\~-]*[a-z0-9._@$~-]$/i",cfg);
|
||||
+ "/^[a-z0-9._@$()]([a-z0-9._@$() \\~-]*[a-z0-9._@$()~-])?$/i",cfg);
|
||||
cfg->pam_password_prohibit_message=NULL;
|
||||
}
|
||||
|
||||
--- tests/test_common.c
|
||||
+++ tests/test_common.c
|
||||
@@ -39,6 +39,8 @@ static void test_isvalidname(void)
|
||||
assert(!isvalidname("\\foo\\bar"));
|
||||
assert(!isvalidname("foo\\bar\\"));
|
||||
assert(isvalidname("me")); /* try short name */
|
||||
+ assert(isvalidname("f"));
|
||||
+ assert(isvalidname("(foo bar)"));
|
||||
}
|
||||
|
||||
/* the main program... */
|
|
@ -1,10 +0,0 @@
|
|||
diff -up nss-pam-ldapd-0.8.14/nslcd/nslcd.c.retcode nss-pam-ldapd-0.8.14/nslcd/nslcd.c
|
||||
--- nss-pam-ldapd-0.8.14/nslcd/nslcd.c.retcode 2017-02-08 09:52:39.687834074 +0100
|
||||
+++ nss-pam-ldapd-0.8.14/nslcd/nslcd.c 2017-02-08 09:52:54.630891580 +0100
|
||||
@@ -866,5 +866,5 @@ int main(int argc,char *argv[])
|
||||
log_log(LOG_ERR,"thread %d is still running, shutting down anyway",i);
|
||||
}
|
||||
/* we're done */
|
||||
- return EXIT_FAILURE;
|
||||
+ return EXIT_SUCCESS;
|
||||
}
|
|
@ -4,8 +4,8 @@
|
|||
%define _hardened_build 1
|
||||
|
||||
Name: nss-pam-ldapd
|
||||
Version: 0.8.14
|
||||
Release: 12%{?dist}
|
||||
Version: 0.9.9
|
||||
Release: 1%{?dist}
|
||||
Summary: An nsswitch module which uses directory servers
|
||||
License: LGPLv2+
|
||||
URL: http://arthurdejong.org/nss-pam-ldapd/
|
||||
|
@ -14,9 +14,10 @@ Source1: http://arthurdejong.org/nss-pam-ldapd/nss-pam-ldapd-%{version}.t
|
|||
Source3: nslcd.tmpfiles
|
||||
Source4: nslcd.service
|
||||
|
||||
Patch1: nss-pam-ldapd-0.8.12-validname.patch
|
||||
Patch2: nss-pam-ldapd-0.8.12-uid-overflow.patch
|
||||
Patch3: nss-pam-ldapd-exitcode.patch
|
||||
# Pylint tests fail w/o certain imports and are not needed for nslcd anyway,
|
||||
# plus, we don't ship the python utilities
|
||||
Patch0001: 0001-Disable-pylint-tests.patch
|
||||
Patch0002: 0002-Watch-for-uint32_t-overflows.patch
|
||||
|
||||
BuildRequires: openldap-devel, krb5-devel
|
||||
BuildRequires: autoconf, automake
|
||||
|
@ -44,14 +45,12 @@ service information (users, groups, etc.) on behalf of a lightweight
|
|||
nsswitch module.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch1 -p0 -b .validname
|
||||
%patch2 -p1 -b .overflow
|
||||
%patch3 -p1 -b .returncode
|
||||
%autosetup -p1
|
||||
autoreconf -f -i
|
||||
|
||||
%build
|
||||
%configure --libdir=%{nssdir} \
|
||||
--disable-utils \
|
||||
--with-pam-seclib-dir=%{pamdir}
|
||||
%make_build
|
||||
|
||||
|
@ -105,6 +104,14 @@ getent passwd nslcd > /dev/null || \
|
|||
%systemd_postun_with_restart nslcd.service
|
||||
|
||||
%changelog
|
||||
* Sun Apr 1 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.9.9-1
|
||||
- Upgrade to the latest upstream
|
||||
- Disable the python utilities
|
||||
- Don't bother with failing pylint test as we don't ship the python
|
||||
utilities
|
||||
- Drop unused validname and exitcode patches, port strtoid overflow
|
||||
patch
|
||||
|
||||
* Sat Mar 31 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.8.14-12
|
||||
- Get rid of all conditions that are always true for both EPEL-7 and Fedora
|
||||
as it's quite unlikely we'd use this specfile on EPEL-6
|
||||
|
|
3
sources
3
sources
|
@ -1,2 +1 @@
|
|||
c6f8876c5d0c476fbf545a6eda80390a nss-pam-ldapd-0.8.14.tar.gz
|
||||
c62928f673a03fa792e672cd0e438824 nss-pam-ldapd-0.8.14.tar.gz.sig
|
||||
SHA512 (nss-pam-ldapd-0.9.9.tar.gz.sig) = 1f9d4b788dec5ac41a5b60cc05755abc17172afdf5df17d852da383fa9fa995690378be453004bd96db8c1e0de52c9f2ffbee5e0654424f6e53f539c9cf0cb12
|
||||
|
|
Loading…
Reference in New Issue