SOURCES/slapi-nis-RHEL-5134.patch

@@ -1,102 +0,0 @@
-From ee94788e63d9f35daca7c0d1e80a488f738a9c52 Mon Sep 17 00:00:00 2001
-From: Thierry Bordaz <tbordaz@redhat.com>
-Date: Fri, 1 Sep 2023 11:02:08 +0200
-Subject: [PATCH 1/2] BZ 2124214 - schema compat plugin deadlock on delete post
- op
-
-Bug description:
-	backends locks (SC map and retroCL) are acquired in
-	the opposite order
-	(https://bugzilla.redhat.com/show_bug.cgi?id=2124214#c17)
-
-Fix description:
-	Credits of the fix are to Pierre Rogier who found
-	a reproducible testcase, did the fix and verified it.
-
-	In specific condition of retroCL trimming the DEL
-	callback of the SC should check if the backend should
-	be ignored
-
-relates: 2124214
----
- src/back-shr.c | 12 ++++++++++++
- 1 file changed, 12 insertions(+)
-
-diff --git a/src/back-shr.c b/src/back-shr.c
-index ce2b1f3..1792bef 100644
---- a/src/back-shr.c
-+++ b/src/back-shr.c
-@@ -2811,6 +2811,18 @@ backend_shr_delete_cb(Slapi_PBlock *pb)
- 	if (wrap_get_call_level() > 0) {
- 		return 0;
- 	}
-+        /* especially important to test if we want to prevent frequent
-+         * deadlocks when backends are accesses in opposite order.
-+         * i.e. "regular" update on domain map+retroCL and retroCL trimming
-+         * retroCL+domain map
-+         */
-+        if (backend_shr_write_ignore(pb)) {
-+#if DEBUG_MAP_LOCK
-+        slapi_log_error(SLAPI_LOG_FATAL, "schema-compat",
-+                "backend_shr_delete_cb: (%p) operation is not impacting schema compat\n", PR_MyThreadId(), 1);
-+#endif
-+		return 0;
-+	}
- 
- 	/* Read parameters from the pblock. */
- 	slapi_pblock_get(pb, SLAPI_PLUGIN_PRIVATE, &cbdata.state);
--- 
-2.41.0
-
-
-From 61fcf534c3da767788e27641f3ebfe4d6a6c0b25 Mon Sep 17 00:00:00 2001
-From: Alexander Bokovoy <abokovoy@redhat.com>
-Date: Mon, 9 Oct 2023 13:53:28 +0300
-Subject: [PATCH 2/2] Add more ignores to modrdn and modify cases
-
-BZ 2124214 - schema compat plugin deadlock on delete post op
-
-Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
----
- src/back-shr.c | 18 ++++++++++++++++++
- 1 file changed, 18 insertions(+)
-
-diff --git a/src/back-shr.c b/src/back-shr.c
-index 1792bef..4cbc39b 100644
---- a/src/back-shr.c
-+++ b/src/back-shr.c
-@@ -2463,6 +2463,15 @@ backend_shr_modify_cb(Slapi_PBlock *pb)
- 		/* No data yet, ignore */
- 		return 0;
- 	}
-+
-+	if (backend_shr_write_ignore(pb)) {
-+#if DEBUG_MAP_LOCK
-+        slapi_log_error(SLAPI_LOG_FATAL, "schema-compat",
-+                "backend_shr_modify_cb: (%p) operation is not impacting schema compat\n", PR_MyThreadId(), 1);
-+#endif
-+		return 0;
-+	}
-+
- 	slapi_pblock_get(pb, SLAPI_MODIFY_TARGET, &dn);
- 	slapi_pblock_get(pb, SLAPI_MODIFY_MODS, &cbdata.mods);
- 	slapi_pblock_get(pb, SLAPI_ENTRY_PRE_OP, &cbdata.e_pre);
-@@ -2669,6 +2678,15 @@ backend_shr_modrdn_cb(Slapi_PBlock *pb)
- 		/* No data yet, ignore */
- 		return 0;
- 	}
-+
-+	if (backend_shr_write_ignore(pb)) {
-+#if DEBUG_MAP_LOCK
-+        slapi_log_error(SLAPI_LOG_FATAL, "schema-compat",
-+                "backend_shr_modrdn_cb: (%p) operation is not impacting schema compat\n", PR_MyThreadId(), 1);
-+#endif
-+		return 0;
-+	}
-+
- 	slapi_pblock_get(pb, SLAPI_ENTRY_PRE_OP, &cbdata.e_pre);
- 	slapi_pblock_get(pb, SLAPI_ENTRY_POST_OP, &cbdata.e_post);
- 
--- 
-2.41.0
-

SOURCES/slapi-nis-bz2183469.patch

@@ -1,78 +0,0 @@
-From 24eeccd408d9627299231d7843ca9e65e71af3de Mon Sep 17 00:00:00 2001
-From: Alexander Bokovoy <abokovoy@redhat.com>
-Date: Tue, 21 Mar 2023 17:32:47 +0200
-Subject: [PATCH 1/2] Test the case when container is a child of the target DN
-
-We can have target DN both inside or outside of a container.
-Previously, the code did not look into the latter one. When container is
-a child of the target DN (like using IPA's base DN instead of
-cn=compat,$BASE_DN) and a search was done with a subtree scope, the
-check failed.
-
-With this change a subtree scope search which starts with a base DN
-that includes a compat tree's container would be considered for the
-search.
-
-Fixes: rhbz#2168893
-
-Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
----
- src/back-sch.c | 9 +++++----
- 1 file changed, 5 insertions(+), 4 deletions(-)
-
-diff --git a/src/back-sch.c b/src/back-sch.c
-index 93746b1..e447bda 100644
---- a/src/back-sch.c
-+++ b/src/back-sch.c
-@@ -1340,11 +1340,12 @@ backend_search_find_set_dn_in_group_cb(const char *group, const char *set, bool_
- 
- 	if (slapi_sdn_scope_test(cbdata->target_dn,
- 				 set_data->container_sdn,
--				 cbdata->scope) == 1) {
-+				 cbdata->scope) != 0) {
- 		cbdata->answer = TRUE;
--	}
--
--	if (slapi_sdn_issuffix(cbdata->target_dn, set_data->container_sdn) == 1) {
-+	} else if ((cbdata->scope == LDAP_SCOPE_SUBTREE) &&
-+		   slapi_sdn_scope_test(set_data->container_sdn,
-+					cbdata->target_dn,
-+					cbdata->scope) != 0) {
- 		cbdata->answer = TRUE;
- 	}
- 
--- 
-2.40.0
-
-
-From 73058645eac86b40913deec01807854e0a8bda0d Mon Sep 17 00:00:00 2001
-From: Alexander Bokovoy <abokovoy@redhat.com>
-Date: Mon, 24 Apr 2023 12:19:10 +0300
-Subject: [PATCH 2/2] Identify the container without search base check
-
-Ignore the actual search base when identifying whether a target DN is
-within a known data container. The reason is that we need to know
-whether a search would have to descent into a particular container. The
-scope validation will happen later.
-
-Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
----
- src/back-sch.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/back-sch.c b/src/back-sch.c
-index e447bda..a79f61b 100644
---- a/src/back-sch.c
-+++ b/src/back-sch.c
-@@ -1340,7 +1340,7 @@ backend_search_find_set_dn_in_group_cb(const char *group, const char *set, bool_
- 
- 	if (slapi_sdn_scope_test(cbdata->target_dn,
- 				 set_data->container_sdn,
--				 cbdata->scope) != 0) {
-+				 LDAP_SCOPE_SUBTREE) != 0) {
- 		cbdata->answer = TRUE;
- 	} else if ((cbdata->scope == LDAP_SCOPE_SUBTREE) &&
- 		   slapi_sdn_scope_test(set_data->container_sdn,
--- 
-2.40.0
-

SPECS/slapi-nis.spec

@@ -11,20 +11,14 @@
 
 Name:		slapi-nis
 Version:	0.60.0
-Release:	4%{?dist}.alma.1
+Release:	1%{?dist}
 Summary:	NIS Server and Schema Compatibility plugins for Directory Server
 Group:		System Environment/Daemons
 License:	GPLv3
 URL:		http://pagure.io/slapi-nis/
 Source0:	https://releases.pagure.org/slapi-nis/slapi-nis-%{version}.tar.gz
 Source1:	https://releases.pagure.org/slapi-nis/slapi-nis-%{version}.tar.gz.asc
-Patch0:         slapi-nis-bz2183469.patch
 
-# Patches were taken from:
-# https://gitlab.com/redhat/centos-stream/rpms/slapi-nis/-/commit/0c099f8456d77e063b51c39fac7c70105816855a
-Patch1:         slapi-nis-RHEL-5134.patch
-
-BuildRequires:  make
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  libtool
@@ -62,8 +56,6 @@ for attributes from multiple entries in the tree.
 
 %prep
 %setup -q
-%patch0 -p1
-%patch1 -p1
 
 %build
 autoconf --force
@@ -92,19 +84,6 @@ make check
 %{_sbindir}/nisserver-plugin-defs
 
 %changelog
-* Wed Nov 15 2023 Eduard Abdullin <eabdullin@almalinux.org> - 0.60.0-4.alma.1
-- Ignore updates from non-tracked subtrees during modify/modrdn/update
-  to avoid deadlocks with retro changelog
-
-
-* Mon Apr 24 2023 Alexander Bokovoy <abokovoy@redhat.com> - 0.60.0-3
-- Also handle base searches within the compat tree
-- Related: rhbz#2183469
-
-* Wed Apr 12 2023 Alexander Bokovoy <abokovoy@redhat.com> - 0.60.0-2
-- Fix base DN searches outside the compat tree
-- Resolves: rhbz#2183469
-
 * Sat Aug 20 2022 Alexander Bokovoy <abokovoy@redhat.com> - 0.60.0-1
 - upstream release 0.60.0
 - Change license from GPLv2 to GPLv3+ to follow 389-ds licensing