From ce40dd2fde59d8a3b574b9e0d477abe55734e4bb Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jakub.hrozek@posteo.se>
Date: Sun, 1 Apr 2018 11:08:49 +0200
Subject: [PATCH] Upgrade to the latest upstream release 0.9.9

- Disable the python utilities
- Don't bother with failing pylint test as we don't ship the python utilities
- Drop unused validname and exitcode patches, port strtoid overflow patch
---
 .gitignore                                    |  2 +
 0001-Disable-pylint-tests.patch               | 31 +++++++++++
 ...=> 0002-Watch-for-uint32_t-overflows.patch | 53 +++++++++++++------
 nss-pam-ldapd-0.8.12-validname.patch          | 36 -------------
 nss-pam-ldapd-exitcode.patch                  | 10 ----
 nss-pam-ldapd.spec                            | 25 +++++----
 sources                                       |  3 +-
 7 files changed, 86 insertions(+), 74 deletions(-)
 create mode 100644 0001-Disable-pylint-tests.patch
 rename nss-pam-ldapd-0.8.12-uid-overflow.patch => 0002-Watch-for-uint32_t-overflows.patch (57%)
 delete mode 100644 nss-pam-ldapd-0.8.12-validname.patch
 delete mode 100644 nss-pam-ldapd-exitcode.patch

diff --git a/.gitignore b/.gitignore
index 8ad2eae..9ac349f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -33,3 +33,5 @@ nss-pam-ldapd-0.7.7.tar.gz.sig
 /nss-pam-ldapd-0.8.13.tar.gz.sig
 /nss-pam-ldapd-0.8.14.tar.gz
 /nss-pam-ldapd-0.8.14.tar.gz.sig
+/nss-pam-ldapd-0.9.9.tar.gz
+/nss-pam-ldapd-0.9.9.tar.gz.sig
diff --git a/0001-Disable-pylint-tests.patch b/0001-Disable-pylint-tests.patch
new file mode 100644
index 0000000..dd1c390
--- /dev/null
+++ b/0001-Disable-pylint-tests.patch
@@ -0,0 +1,31 @@
+From 5e4ef70a1fda792d7ca32311ecc29302c7b13ca5 Mon Sep 17 00:00:00 2001
+From: Jakub Hrozek <jakub.hrozek@posteo.se>
+Date: Sun, 1 Apr 2018 10:40:13 +0200
+Subject: [PATCH 1/2] Disable pylint tests
+
+---
+ tests/Makefile.am | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index 0a7854eec62520014919ad3983db70c78be483e2..8c742a78e3ce8e822fbd7bd9d5735a010e2f0f80 100644
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -22,9 +22,11 @@ TESTS = test_dict test_set test_tio test_expr test_getpeercred test_cfg \
+         test_attmap test_myldap.sh test_common test_nsscmds.sh \
+         test_pamcmds.sh test_manpages.sh test_clock \
+         test_tio_timeout
+-if HAVE_PYTHON
+-  TESTS += test_pycompile.sh test_pylint.sh
+-endif
++
++#if HAVE_PYTHON
++#  TESTS += test_pycompile.sh test_pylint.sh
++#endif
++
+ if ENABLE_PYNSLCD
+   TESTS += test_pynslcd_cache.py test_doctest.sh
+ endif
+-- 
+2.14.3
+
diff --git a/nss-pam-ldapd-0.8.12-uid-overflow.patch b/0002-Watch-for-uint32_t-overflows.patch
similarity index 57%
rename from nss-pam-ldapd-0.8.12-uid-overflow.patch
rename to 0002-Watch-for-uint32_t-overflows.patch
index 815e82d..8ae83a1 100644
--- a/nss-pam-ldapd-0.8.12-uid-overflow.patch
+++ b/0002-Watch-for-uint32_t-overflows.patch
@@ -1,30 +1,44 @@
+From ae0a9312c562985838fdd9845ef95fe61e8aa3de Mon Sep 17 00:00:00 2001
+From: Jakub Hrozek <jakub.hrozek@posteo.se>
+Date: Sun, 1 Apr 2018 10:57:22 +0200
+Subject: [PATCH 2/2] Watch for uint32_t overflows
+
 Always use a function that we know will catch out-of-range values for UIDs and
 GIDs, which are currently unsigned 32-bit numbers everywhere, and which won't
 produce a result that'll silently be truncated if we store the result in a
 uid_t or gid_t.
---- nss-pam-ldapd/nslcd/common.c
-+++ nss-pam-ldapd/nslcd/common.c
-@@ -273,19 +273,23 @@ long int binsid2id(const char *binsid)
-          ((((long int)binsid[i+2])&0xff)<<16)|((((long int)binsid[i+3])&0xff)<<24);
+---
+ nslcd/common.c | 28 ++++++++++++++++------------
+ nslcd/common.h | 27 +++------------------------
+ 2 files changed, 19 insertions(+), 36 deletions(-)
+
+diff --git a/nslcd/common.c b/nslcd/common.c
+index 60be7773d2c809f3177744ced0dd0ba90c86e820..de640b47806757e0bb2e704b3b79f1ecb18bbc45 100644
+--- a/nslcd/common.c
++++ b/nslcd/common.c
+@@ -338,19 +338,23 @@ unsigned long int binsid2id(const char *binsid)
+          ((((unsigned long int)binsid[i + 3]) & 0xff) << 24);
  }
  
 -#ifdef WANT_STRTOUI
 -/* provide a strtoui() implementation, similar to strtoul() but returning
+-   an range-checked unsigned int instead */
+-unsigned int strtoui(const char *nptr, char **endptr, int base)
 +/* provide a strtoid() implementation, similar to strtoul() but returning
-    an range-checked unsigned int instead */
--unsigned int strtoui(const char *nptr,char **endptr,int base)
++   an range-checked uint32_t instead */
 +unsigned int strtoid(const char *nptr,char **endptr,int base)
  {
 -  unsigned long val;
--  val=strtoul(nptr,endptr,base);
--  if (val>UINT_MAX)
+-  val = strtoul(nptr, endptr, base);
+-  if (val > UINT_MAX)
 +  long long val;
 +  /* use the fact that long long is 64-bit, even on 32-bit systems */
 +  val=strtoll(nptr,endptr,base);
 +  if (val>UINT32_MAX)
    {
-     errno=ERANGE;
+-    errno = ERANGE;
 -    return UINT_MAX;
++    errno=ERANGE;
 +    return UINT32_MAX;
    }
 -  /* If errno was set by strtoul, we'll pass it back as-is */
@@ -38,11 +52,13 @@ uid_t or gid_t.
 +  return (uint32_t)val;
  }
 -#endif /* WANT_STRTOUI */
---- nss-pam-ldapd/nslcd/common.h
-+++ nss-pam-ldapd/nslcd/common.h
-@@ -139,31 +139,9 @@ int nsswitch_db_uses_ldap(const char *fi
- #endif /* _POSIX_HOST_NAME_MAX */
- #endif /* not HOST_NAME_MAX */
+diff --git a/nslcd/common.h b/nslcd/common.h
+index 26fcf48ae2a6dc50bc97fab238ecc9a1879342ce..97d386eaf1f6881182729c5d8e46ce30d2d28eba 100644
+--- a/nslcd/common.h
++++ b/nslcd/common.h
+@@ -161,31 +161,10 @@ void invalidator_do(enum ldap_map_selector map);
+ #define BUFLEN_HOSTNAME     256  /* host names or FQDN (and safe version) */
+ #define BUFLEN_MESSAGE     1024  /* message strings */
  
 -/* provide strtouid() function alias */
 -#if SIZEOF_UID_T == SIZEOF_UNSIGNED_LONG_INT
@@ -55,8 +71,8 @@ uid_t or gid_t.
 -#else
 -#error unable to find implementation for strtouid()
 -#endif
--
--/* provide strtouid() function alias */
+ 
+-/* provide strtogid() function alias */
 -#if SIZEOF_GID_T == SIZEOF_UNSIGNED_LONG_INT
 -#define strtogid (gid_t)strtoul
 -#elif SIZEOF_GID_T == SIZEOF_UNSIGNED_LONG_LONG_INT
@@ -65,7 +81,7 @@ uid_t or gid_t.
 -#ifndef WANT_STRTOUI
 -#define WANT_STRTOUI 1
 -#endif
--#define strtogid (uid_t)strtoui
+-#define strtogid (gid_t)strtoui
 -#else
 -#error unable to find implementation for strtogid()
 -#endif
@@ -75,3 +91,6 @@ uid_t or gid_t.
  
  #ifdef WANT_STRTOUI
  /* provide a strtoui() if it is needed */
+-- 
+2.14.3
+
diff --git a/nss-pam-ldapd-0.8.12-validname.patch b/nss-pam-ldapd-0.8.12-validname.patch
deleted file mode 100644
index 6f5244f..0000000
--- a/nss-pam-ldapd-0.8.12-validname.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Defaults changed to allow opening and closing parentheses everywhere.  Defaults
-changed again to make characters after the first optional, and again to go back
-to disallowing names which end with "\".
---- man/nslcd.conf.5.xml
-+++ man/nslcd.conf.5.xml
-@@ -712,7 +712,7 @@
-        characters and the 'i' flag may be appended at the end to indicate
-        that the match should be case-insensetive.
-        The default value is
--       <literal>/^[a-z0-9._@$][a-z0-9._@$ \\~-]*[a-z0-9._@$~-]$/i</literal>
-+       <literal>/^[a-z0-9._@$()]([a-z0-9._@$() \\~-]*[a-z0-9._@$()~-])?$/i</literal>
-       </para>
-      </listitem>
-     </varlistentry>
---- nslcd/cfg.c
-+++ nslcd/cfg.c
-@@ -134,7 +134,7 @@ static void cfg_defaults(struct ldap_con
-     cfg->ldc_pam_authz_search[i]=NULL;
-   cfg->ldc_nss_min_uid=0;
-   parse_validnames_statement(__FILE__,__LINE__,"",
--                "/^[a-z0-9._@$][a-z0-9._@$ \\~-]*[a-z0-9._@$~-]$/i",cfg);
-+                "/^[a-z0-9._@$()]([a-z0-9._@$() \\~-]*[a-z0-9._@$()~-])?$/i",cfg);
-   cfg->pam_password_prohibit_message=NULL;
- }
- 
---- tests/test_common.c
-+++ tests/test_common.c
-@@ -39,6 +39,8 @@ static void test_isvalidname(void)
-   assert(!isvalidname("\\foo\\bar"));
-   assert(!isvalidname("foo\\bar\\"));
-   assert(isvalidname("me")); /* try short name */
-+  assert(isvalidname("f"));
-+  assert(isvalidname("(foo bar)"));
- }
- 
- /* the main program... */
diff --git a/nss-pam-ldapd-exitcode.patch b/nss-pam-ldapd-exitcode.patch
deleted file mode 100644
index 2b4f8fa..0000000
--- a/nss-pam-ldapd-exitcode.patch
+++ /dev/null
@@ -1,10 +0,0 @@
-diff -up nss-pam-ldapd-0.8.14/nslcd/nslcd.c.retcode nss-pam-ldapd-0.8.14/nslcd/nslcd.c
---- nss-pam-ldapd-0.8.14/nslcd/nslcd.c.retcode	2017-02-08 09:52:39.687834074 +0100
-+++ nss-pam-ldapd-0.8.14/nslcd/nslcd.c	2017-02-08 09:52:54.630891580 +0100
-@@ -866,5 +866,5 @@ int main(int argc,char *argv[])
-       log_log(LOG_ERR,"thread %d is still running, shutting down anyway",i);
-   }
-   /* we're done */
--  return EXIT_FAILURE;
-+  return EXIT_SUCCESS;
- }
diff --git a/nss-pam-ldapd.spec b/nss-pam-ldapd.spec
index dcdc138..fa134d0 100644
--- a/nss-pam-ldapd.spec
+++ b/nss-pam-ldapd.spec
@@ -4,8 +4,8 @@
 %define _hardened_build 1
 
 Name:           nss-pam-ldapd
-Version:        0.8.14
-Release:        12%{?dist}
+Version:        0.9.9
+Release:        1%{?dist}
 Summary:        An nsswitch module which uses directory servers
 License:        LGPLv2+
 URL:            http://arthurdejong.org/nss-pam-ldapd/
@@ -14,9 +14,10 @@ Source1:        http://arthurdejong.org/nss-pam-ldapd/nss-pam-ldapd-%{version}.t
 Source3:        nslcd.tmpfiles
 Source4:        nslcd.service
 
-Patch1:         nss-pam-ldapd-0.8.12-validname.patch
-Patch2:         nss-pam-ldapd-0.8.12-uid-overflow.patch
-Patch3:         nss-pam-ldapd-exitcode.patch
+# Pylint tests fail w/o certain imports and are not needed for nslcd anyway,
+# plus, we don't ship the python utilities
+Patch0001:      0001-Disable-pylint-tests.patch
+Patch0002:      0002-Watch-for-uint32_t-overflows.patch
 
 BuildRequires:  openldap-devel, krb5-devel
 BuildRequires:  autoconf, automake
@@ -44,14 +45,12 @@ service information (users, groups, etc.) on behalf of a lightweight
 nsswitch module.
 
 %prep
-%setup -q
-%patch1 -p0 -b .validname
-%patch2 -p1 -b .overflow
-%patch3 -p1 -b .returncode
+%autosetup -p1
 autoreconf -f -i
 
 %build
 %configure --libdir=%{nssdir} \
+           --disable-utils \
            --with-pam-seclib-dir=%{pamdir}
 %make_build
 
@@ -105,6 +104,14 @@ getent passwd nslcd > /dev/null || \
 %systemd_postun_with_restart nslcd.service
 
 %changelog
+* Sun Apr  1 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.9.9-1
+- Upgrade to the latest upstream
+  - Disable the python utilities
+  - Don't bother with failing pylint test as we don't ship the python
+    utilities
+- Drop unused validname and exitcode patches, port strtoid overflow
+  patch
+
 * Sat Mar 31 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.8.14-12
 - Get rid of all conditions that are always true for both EPEL-7 and Fedora
   as it's quite unlikely we'd use this specfile on EPEL-6
diff --git a/sources b/sources
index 3276281..c1581ed 100644
--- a/sources
+++ b/sources
@@ -1,2 +1 @@
-c6f8876c5d0c476fbf545a6eda80390a  nss-pam-ldapd-0.8.14.tar.gz
-c62928f673a03fa792e672cd0e438824  nss-pam-ldapd-0.8.14.tar.gz.sig
+SHA512 (nss-pam-ldapd-0.9.9.tar.gz.sig) = 1f9d4b788dec5ac41a5b60cc05755abc17172afdf5df17d852da383fa9fa995690378be453004bd96db8c1e0de52c9f2ffbee5e0654424f6e53f539c9cf0cb12