SOURCES/slapi-nis-RHEL-5134.patch

@@ -1,102 +0,0 @@
-From ee94788e63d9f35daca7c0d1e80a488f738a9c52 Mon Sep 17 00:00:00 2001
-From: Thierry Bordaz <tbordaz@redhat.com>
-Date: Fri, 1 Sep 2023 11:02:08 +0200
-Subject: [PATCH 1/2] BZ 2124214 - schema compat plugin deadlock on delete post
- op
-
-Bug description:
-	backends locks (SC map and retroCL) are acquired in
-	the opposite order
-	(https://bugzilla.redhat.com/show_bug.cgi?id=2124214#c17)
-
-Fix description:
-	Credits of the fix are to Pierre Rogier who found
-	a reproducible testcase, did the fix and verified it.
-
-	In specific condition of retroCL trimming the DEL
-	callback of the SC should check if the backend should
-	be ignored
-
-relates: 2124214
----
- src/back-shr.c | 12 ++++++++++++
- 1 file changed, 12 insertions(+)
-
-diff --git a/src/back-shr.c b/src/back-shr.c
-index ce2b1f3..1792bef 100644
---- a/src/back-shr.c
-+++ b/src/back-shr.c
-@@ -2811,6 +2811,18 @@ backend_shr_delete_cb(Slapi_PBlock *pb)
- 	if (wrap_get_call_level() > 0) {
- 		return 0;
- 	}
-+        /* especially important to test if we want to prevent frequent
-+         * deadlocks when backends are accesses in opposite order.
-+         * i.e. "regular" update on domain map+retroCL and retroCL trimming
-+         * retroCL+domain map
-+         */
-+        if (backend_shr_write_ignore(pb)) {
-+#if DEBUG_MAP_LOCK
-+        slapi_log_error(SLAPI_LOG_FATAL, "schema-compat",
-+                "backend_shr_delete_cb: (%p) operation is not impacting schema compat\n", PR_MyThreadId(), 1);
-+#endif
-+		return 0;
-+	}
- 
- 	/* Read parameters from the pblock. */
- 	slapi_pblock_get(pb, SLAPI_PLUGIN_PRIVATE, &cbdata.state);
--- 
-2.41.0
-
-
-From 61fcf534c3da767788e27641f3ebfe4d6a6c0b25 Mon Sep 17 00:00:00 2001
-From: Alexander Bokovoy <abokovoy@redhat.com>
-Date: Mon, 9 Oct 2023 13:53:28 +0300
-Subject: [PATCH 2/2] Add more ignores to modrdn and modify cases
-
-BZ 2124214 - schema compat plugin deadlock on delete post op
-
-Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
----
- src/back-shr.c | 18 ++++++++++++++++++
- 1 file changed, 18 insertions(+)
-
-diff --git a/src/back-shr.c b/src/back-shr.c
-index 1792bef..4cbc39b 100644
---- a/src/back-shr.c
-+++ b/src/back-shr.c
-@@ -2463,6 +2463,15 @@ backend_shr_modify_cb(Slapi_PBlock *pb)
- 		/* No data yet, ignore */
- 		return 0;
- 	}
-+
-+	if (backend_shr_write_ignore(pb)) {
-+#if DEBUG_MAP_LOCK
-+        slapi_log_error(SLAPI_LOG_FATAL, "schema-compat",
-+                "backend_shr_modify_cb: (%p) operation is not impacting schema compat\n", PR_MyThreadId(), 1);
-+#endif
-+		return 0;
-+	}
-+
- 	slapi_pblock_get(pb, SLAPI_MODIFY_TARGET, &dn);
- 	slapi_pblock_get(pb, SLAPI_MODIFY_MODS, &cbdata.mods);
- 	slapi_pblock_get(pb, SLAPI_ENTRY_PRE_OP, &cbdata.e_pre);
-@@ -2669,6 +2678,15 @@ backend_shr_modrdn_cb(Slapi_PBlock *pb)
- 		/* No data yet, ignore */
- 		return 0;
- 	}
-+
-+	if (backend_shr_write_ignore(pb)) {
-+#if DEBUG_MAP_LOCK
-+        slapi_log_error(SLAPI_LOG_FATAL, "schema-compat",
-+                "backend_shr_modrdn_cb: (%p) operation is not impacting schema compat\n", PR_MyThreadId(), 1);
-+#endif
-+		return 0;
-+	}
-+
- 	slapi_pblock_get(pb, SLAPI_ENTRY_PRE_OP, &cbdata.e_pre);
- 	slapi_pblock_get(pb, SLAPI_ENTRY_POST_OP, &cbdata.e_post);
- 
--- 
-2.41.0
-

SPECS/slapi-nis.spec

@@ -11,16 +11,16 @@
 
 Name:		slapi-nis
 Version:	0.60.0
-Release:	5%{?dist}
+Release:	3%{?dist}
 Summary:	NIS Server and Schema Compatibility plugins for Directory Server
+Group:		System Environment/Daemons
 License:	GPLv3
 URL:		http://pagure.io/slapi-nis/
 Source0:	https://releases.pagure.org/slapi-nis/slapi-nis-%{version}.tar.gz
 Source1:	https://releases.pagure.org/slapi-nis/slapi-nis-%{version}.tar.gz.asc
-Patch0:         slapi-nis-bz2183950.patch
-Patch1:         slapi-nis-RHEL-5134.patch
+Patch0:         slapi-nis-bz2183469.patch
 
-BuildRequires: make
+BuildRequires:  make
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  libtool
@@ -38,7 +38,7 @@ BuildRequires:	libtirpc-devel
 %else
 BuildRequires:  libnsl2-devel
 %endif
-%if 0%{?fedora} > 27 || 0%{?rhel} >= 9
+%if 0%{?fedora} > 27 || 0%{?rhel} > 7
 ExcludeArch: %{ix86}
 %endif
 Requires: 389-ds-base >= 1.3.5.6
@@ -59,7 +59,6 @@ for attributes from multiple entries in the tree.
 %prep
 %setup -q
 %patch0 -p1
-%patch1 -p1
 
 %build
 autoconf --force
@@ -81,97 +80,74 @@ make check
 %endif
 
 %files
+%defattr(-,root,root,-)
 %doc COPYING NEWS README STATUS doc/*.txt doc/examples/*.ldif doc/ipa
 %{_mandir}/man1/*
 %{_libdir}/dirsrv/plugins/*.so
 %{_sbindir}/nisserver-plugin-defs
 
 %changelog
-* Tue Oct 10 2023 Alexander Bokovoy <abokovoy@redhat.com> - 0.60.0-5
-- Ignore updates from non-tracked subtrees during modify/modrdn/update
-  to avoid deadlocks with retro changelog
-- Resolves: RHEL-11983
-
-* Mon Apr 24 2023 Alexander Bokovoy <abokovoy@redhat.com> - 0.60.0-4
+* Mon Apr 24 2023 Alexander Bokovoy <abokovoy@redhat.com> - 0.60.0-3
 - Also handle base searches within the compat tree
-- Related: rhbz#2183950
+- Related: rhbz#2183469
 
-* Wed Apr 12 2023 Alexander Bokovoy <abokovoy@redhat.com> - 0.60.0-3
+* Wed Apr 12 2023 Alexander Bokovoy <abokovoy@redhat.com> - 0.60.0-2
 - Fix base DN searches outside the compat tree
-- Resolves: rhbz#2183950
-
-* Sun Aug 21 2022 Alexander Bokovoy <abokovoy@redhat.com> - 0.60.0-2
-- Rebuild to fix changelog
-- Related: rhbz#2117299
+- Resolves: rhbz#2183469
 
 * Sat Aug 20 2022 Alexander Bokovoy <abokovoy@redhat.com> - 0.60.0-1
 - upstream release 0.60.0
 - Change license from GPLv2 to GPLv3+ to follow 389-ds licensing
-- Fix ID views integration
+- Resolves: rhbz#1984010
+  Fix ID views integration
 - Fix base scope lookups
-- Bump NIS max dgram size to 8KB by default instead of 1KB
-- Resolves: rhbz#2117299
+- Resolves: rhbz#1784172
+  Bump NIS max dgram size to 8KB by default instead of 1KB
+- Resolves: rhbz#2070575
   Allow to rebuild the compat tree
 
-* Fri Jan 21 2022 Alexander Bokovoy <abokovoy@redhat.com> - 0.56.7-4
-- Rebuild against libnsl 2.0.0
-- Related: rhbz#2039220
+* Mon Sep 13 2021 Alexander Bokovoy <abokovoy@redhat.com> - 0.56.6-4
+- Resolves: rhbz#2000919 - memory leak in backend_search_cb
 
-* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 0.56.7-3
-- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
-  Related: rhbz#1991688
+* Thu Jul 01 2021 Alexander Bokovoy <abokovoy@redhat.com> - 0.56.6-3
+- Resolves: rhbz#1958909 - fix regression for scoped searches in compat tree
+- Resolves: rhbz#1978189 - better handle error response from libsss_nss_idmap
 
-* Wed Jul 07 2021 Alexander Bokovoy <abokovoy@redhat.com> - 0.56.7-2
-- Resolves: rhbz#1979619
-  IPA: High CPU utilization (over 1000% plus) by ns-slapd process
-- Resolves: rhbz#1979623
-  With base object scope, ldapsearch against compat tree does not return any data on Rhel8 IPA servers.
-
-* Wed May 19 2021 Alexander Bokovoy <abokovoy@redhat.com> - 0.56.7-1
-- CVE-2021-3480: invalid bind DN crash
-- New upstream release
-- Resolves: rhbz#1947351
-
-* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.56.6-3
-- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
-
-* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.56.6-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+* Wed Apr 07 2021 Alexander Bokovoy <abokovoy@redhat.com> - 0.56.6-2
+- CVE 2021-3480:  idm:DL1/slapi-nis: NULL dereference (DoS) with specially crafted Binding DN
+- Resolves: rhbz#1944713
 
 * Fri Dec 04 2020 Alexander Bokovoy <abokovoy@redhat.com> - 0.56.6-1
-- New upstream release
-- Ignore searches which don't match any configured map
+- Upstream release 0.56.6
+- Resolves rhbz#1891741
 
-* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.56.5-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+* Mon Sep 14 2020 Alexander Bokovoy <abokovoy@redhat.com> - 0.56.5-4
+- Ignore unmatched searches
+- Resolves: rhbz#1874015
+
+* Thu Sep 10 2020 Alexander Bokovoy <abokovoy@redhat.com> - 0.56.5-3
+- Fix memory leaks in ID views processing
+- Resolves: rhbz#1875348
 
 * Wed May 06 2020 Alexander Bokovoy <abokovoy@redhat.com> - 0.56.5-2
-- Initialize map locks in NIS plugin to prevent crash
+- Initialize map lock in NIS plugin
+- Resolves: rhbz#1832331
 
 * Mon May 04 2020 Alexander Bokovoy <abokovoy@redhat.com> - 0.56.5-1
-- New upstream release
+- Upstream release 0.56.5
 - Resolves: rhbz#1751295: (2) When sync-repl is enabled, slapi-nis can deadlock during retrochanglog trimming
 - Resolves: rhbz#1768156: ERR - schemacompat - map rdlock: old way MAP_MONITOR_DISABLED
 
-* Fri Feb 07 2020 Alexander Bokovoy <abokovoy@redhat.com> - 0.56.4-1
+* Fri Aug 16 2019 Alexander Bokovoy <abokovoy@redhat.com> - 0.56.3-2
+- Resolves rhbz#1741881
+  ns-slapd is crashing intermittently
+
+* Wed Jun 05 2019 Alexander Bokovoy <abokovoy@redhat.com> - 0.56.3-1
 - New upstream release
-- Fix build with newer gcc versions
-- Resolves rhbz#1800097
+- Resolves rhbz#1684563
 
-* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.56.3-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
-
-* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.56.3-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
-* Thu Jun 06 2019 Alexander Bokovoy <abokovoy@redhat.com> - 0.56.3-1
-- New upstream release
-
-* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.56.2-8
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
-* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.56.2-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+* Mon Jul 23 2018 Alexander Bokovoy <abokovoy@redhat.com> - 0.56.2-7
+- 389-ds is not available on i686 architecture, don't build there
 
 * Wed May 02 2018 Alexander Bokovoy <abokovoy@redhat.com> - 0.56.2-6
 - Force rebuild of configure