commit nss_ldap for openSUSE:Factory
Hello community, here is the log from the commit of package nss_ldap for openSUSE:Factory checked in at 2014-09-06 12:18:38 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/nss_ldap (Old) and /work/SRC/openSUSE:Factory/.nss_ldap.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "nss_ldap" Changes: -------- --- /work/SRC/openSUSE:Factory/nss_ldap/nss_ldap.changes 2014-08-05 21:11:29.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.nss_ldap.new/nss_ldap.changes 2014-09-06 16:59:50.000000000 +0200 @@ -2 +2,17 @@ -Fri Aug 1 20:13:18 UTC 2014 - varkoly@suse.com +Fri Aug 15 11:28:44 CEST 2014 - kukuk@suse.de + +- Save old ldap.conf from pwdutils to not lose ldap configuration + [bnc#891585] + +------------------------------------------------------------------- +Fri Aug 8 09:49:19 UTC 2014 - varkoly@suse.com + +- added bnc#842120.dif bnc#866763.dif +- bnc#879368 - Bug in ldap_nss prevents Nomachine NX server to start +- bnc#866763 - reverse ipv6 host lookups fail when ldap is used + * bnc#866763.dif +- bnc#842120 - nss_ldap crashes when running atfork() hooks + * bnc#842120.dif + +------------------------------------------------------------------- +Fri Aug 1 20:10:52 UTC 2014 - varkoly@suse.com New: ---- bnc#842120.dif bnc#866763.dif ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nss_ldap.spec ++++++ --- /var/tmp/diff_new_pack.FGzntK/_old 2014-09-06 16:59:51.000000000 +0200 +++ /var/tmp/diff_new_pack.FGzntK/_new 2014-09-06 16:59:51.000000000 +0200 @@ -46,6 +46,10 @@ Patch5: nss_ldap-265-glibc-2.16.patch # Fix also issue with threads on glibc-2.16 http://bugzilla.padl.com/show_bug.cgi?id=446 Patch6: nss_ldap-265-pthread.patch +# SIGPIPE handling atfork +Patch7: bnc#842120.dif +# reverse ipv6 host lookups fail when ldap is used +Patch8: bnc#866763.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -63,6 +67,8 @@ %patch4 -p1 %patch5 %patch6 +%patch7 -p1 +%patch8 -p1 cp -v %{S:1} . %build @@ -92,8 +98,19 @@ %clean rm -fr $RPM_BUILD_ROOT +%pre +# If we have a /etc/ldap.conf.rpmsave, and no /etc/ldap.conf, +# backup the rpmsave file and use that later instead of our +# own version. This fixes the problem that the file was moved +# from pwdutils to nss_ldap and else the changes would go lost. +if [ ! -e /etc/ldap.conf -a -f /etc/ldap.conf.rpmsave ]; then + cp -p /etc/ldap.conf.rpmsave /etc/...ldap.conf.pwdutils +fi + %post /sbin/ldconfig +# If we backuped ldap.conf, move now the backup in place +test -f /etc/...ldap.conf.pwdutils && mv /etc/...ldap.conf.pwdutils /etc/ldap.conf ||: %postun -p /sbin/ldconfig ++++++ bnc#842120.dif ++++++ Index: nss_ldap-262/ldap-nss.c =================================================================== --- nss_ldap-262.orig/ldap-nss.c +++ nss_ldap-262/ldap-nss.c @@ -121,6 +121,7 @@ extern int ldap_ld_free (LDAP * ld, int #endif /* HAVE_LDAP_LD_FREE */ NSS_LDAP_DEFINE_LOCK (__lock); +NSS_LDAP_DEFINE_LOCK (__child_atfork_lock); /* * the configuration is read by the first call to do_open(). @@ -532,11 +533,35 @@ do_atfork_parent (void) debug ("<== do_atfork_parent"); } +static int +_nss_ldap_need_deferred_close_no_unbind; + +static void +do_deferred_close_no_unbind (void) +{ + sigset_t unblock, mask; + debug ("==> do_deferred_close_no_unbind"); + + sigemptyset(&unblock); + sigaddset(&unblock, SIGPIPE); + sigprocmask(SIG_UNBLOCK, &unblock, &mask); + do_close_no_unbind (); + sigprocmask(SIG_SETMASK, &mask, NULL); + debug ("<== do_deferred_close_no_unbind"); +} + static void do_atfork_child (void) { + int sd = -1; + debug ("==> do_atfork_child"); - do_close_no_unbind (); + + NSS_LDAP_LOCK (__child_atfork_lock); + _nss_ldap_need_deferred_close_no_unbind = 1; + if (do_get_our_socket (&sd)) + fcntl (sd, F_SETFD, FD_CLOEXEC); + NSS_LDAP_UNLOCK (__child_atfork_lock); _nss_ldap_leave (); debug ("<== do_atfork_child"); } @@ -600,6 +625,14 @@ _nss_ldap_enter (void) __sigpipe_handler = signal (SIGPIPE, SIG_IGN); #endif /* HAVE_SIGSET */ + NSS_LDAP_LOCK (__child_atfork_lock); + if (_nss_ldap_need_deferred_close_no_unbind) + { + do_deferred_close_no_unbind (); + _nss_ldap_need_deferred_close_no_unbind = 0; + } + NSS_LDAP_UNLOCK (__child_atfork_lock); + debug ("<== _nss_ldap_enter"); } @@ -823,6 +856,8 @@ do_get_our_socket(int *sd) peernamelen); } } + else + isOurSocket = 0; #endif /* HAVE_LDAPSSL_CLIENT_INIT */ return isOurSocket; } ++++++ bnc#866763.dif ++++++ diff -Naur nss_ldap-265/ldap-hosts.c nss_ldap-265-new/ldap-hosts.c --- nss_ldap-265/ldap-hosts.c 2009-11-06 11:28:08.000000000 +0100 +++ nss_ldap-265-new/ldap-hosts.c 2014-03-05 19:28:43.377519356 +0100 @@ -354,14 +357,26 @@ { NSS_STATUS status; ldap_args_t a; +#ifdef INET6 + char address[INET6_ADDRSTRLEN]; +#else + char address[INET_ADDRSTRLEN]; +#endif /* if querying by IPv6 address, make sure the address is "normalized" -- * it should contain no leading zeros and all components of the address. * still we can't fit an IPv6 address in an int, so who cares for now. */ +#ifdef INET6 + if (type == AF_INET6) + inet_ntop (AF_INET6, addr, address, INET6_ADDRSTRLEN); + else +#endif + inet_ntop (AF_INET, addr, address, INET_ADDRSTRLEN); + LA_INIT (a); - LA_STRING (a) = inet_ntoa (*addr); + LA_STRING (a) = address; LA_TYPE (a) = LA_TYPE_STRING; status = _nss_ldap_getbyname (&a, -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@hilbert.suse.de