Version bump per bug #173383. Fixes SIGPIPE issue from bugs #166519, #162355. Includes bug #155492: nss_max_group_depth patch.

(Portage version: 2.1.3.7)

4 files changed, 175 insertions, 1 deletions

diff --git a/sys-auth/nss_ldap/ChangeLog b/sys-auth/nss_ldap/ChangeLog
index ca5a729a3257..5c15226cc0a6 100644
--- a/sys-auth/nss_ldap/ChangeLog
+++ b/sys-auth/nss_ldap/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for sys-auth/nss_ldap
 # Copyright 2002-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-auth/nss_ldap/ChangeLog,v 1.40 2007/02/08 07:14:04 robbat2 Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/nss_ldap/ChangeLog,v 1.41 2007/09/18 23:18:35 robbat2 Exp $
+
+*nss_ldap-257 (18 Sep 2007)
+
+  18 Sep 2007; Robin H. Johnson <robbat2@gentoo.org>
+  +files/nss_ldap-257-nss_max_group_depth.patch, +nss_ldap-257.ebuild:
+  Version bump per bug #173383. Fixes SIGPIPE issue from bugs #166519,
+  #162355. Includes bug #155492: nss_max_group_depth patch.
 
   08 Feb 2007; Robin H. Johnson <robbat2@gentoo.org> metadata.xml:
   Note ldap-bugs mail alias.
diff --git a/sys-auth/nss_ldap/files/digest-nss_ldap-257 b/sys-auth/nss_ldap/files/digest-nss_ldap-257
new file mode 100644
index 000000000000..e2b688c86184
--- /dev/null
+++ b/sys-auth/nss_ldap/files/digest-nss_ldap-257
@@ -0,0 +1,3 @@
+MD5 5e4ad4aa9ed2514927a23bf94b9fc5a3 nss_ldap-257.tar.gz 229242
+RMD160 b7260a768217901c701c52a5f2446894f6dc7aef nss_ldap-257.tar.gz 229242
+SHA256 22a0e3b0ebffc5d8f252144a422ef5eaef2ad1255aa7c0953691c990a44e267b nss_ldap-257.tar.gz 229242
diff --git a/sys-auth/nss_ldap/files/nss_ldap-257-nss_max_group_depth.patch b/sys-auth/nss_ldap/files/nss_ldap-257-nss_max_group_depth.patch
new file mode 100644
index 000000000000..d2f8efeec751
--- /dev/null
+++ b/sys-auth/nss_ldap/files/nss_ldap-257-nss_max_group_depth.patch
@@ -0,0 +1,92 @@
+Gentoo-Bug: 155492
+Original-Author: Heath Caldwell <hncaldwell@csupomona.edu>
+Rediffed-by: Robin H. Johnson <robbat2@gentoo.org>
+
+--- nss_ldap-257.orig/ChangeLog	2007-09-18 15:02:59.997686000 -0700
++++ nss_ldap-257/ChangeLog	2007-09-18 15:04:07.925113592 -0700
+@@ -3,2 +3,7 @@
+ 
++257.1	Heath Caldwell <hncaldwell@csupomona.edu>
++
++	* add configurable maximum group depth with new
++	  configuration file option called nss_max_group_depth
++
+ 257	Luke Howard <lukeh@padl.com>
+--- nss_ldap-257.orig/ldap-grp.c	2007-08-02 21:51:09.000000000 -0700
++++ nss_ldap-257/ldap-grp.c	2007-09-18 15:03:23.734619150 -0700
+@@ -308,7 +308,7 @@
+   uniquemember_attrs[0] = uniquemember_attr;
+   uniquemember_attrs[1] = NULL;
+ 
+-  if (*depth > LDAP_NSS_MAXGR_DEPTH)
++  if (*depth > _nss_ldap_max_group_depth)
+     {
+       return NSS_NOTFOUND;
+     }
+@@ -844,7 +844,7 @@
+   const char *gidnumber_attrs[2];
+   int erange;
+ 
+-  if (lia->depth > LDAP_NSS_MAXGR_DEPTH)
++  if (lia->depth > _nss_ldap_max_group_depth)
+     return NSS_NOTFOUND;
+ 
+   if (_nss_ldap_namelist_find (lia->known_groups, dn))
+@@ -890,7 +890,7 @@
+   size_t memberCount, i;
+   int erange;
+ 
+-  if (lia->depth > LDAP_NSS_MAXGR_DEPTH)
++  if (lia->depth > _nss_ldap_max_group_depth)
+     return NSS_NOTFOUND;
+ 
+   for (memberCount = 0; membersOf[memberCount] != NULL; memberCount++)
+--- nss_ldap-257.orig/ldap-nss.h	2007-09-18 15:02:59.997686000 -0700
++++ nss_ldap-257/ldap-nss.h	2007-09-18 15:03:23.734619150 -0700
+@@ -105,7 +105,8 @@
+ #define LDAP_NSS_MAXNETGR_DEPTH  16	/* maximum depth of netgroup nesting for innetgr() */
+ #endif /* HAVE_NSSWITCH_H */
+ 
+-#define LDAP_NSS_MAXGR_DEPTH     16     /* maximum depth of group nesting for getgrent()/initgroups() */
++#define LDAP_NSS_MAXGR_DEPTH     16	/* default maximum depth of group nesting for getgrent()/initgroups() */
++extern int _nss_ldap_max_group_depth;	/* global variable to hold maximum group depth */
+ 
+ #if LDAP_NSS_NGROUPS > 64
+ #define LDAP_NSS_BUFLEN_GROUP	(NSS_BUFSIZ + (LDAP_NSS_NGROUPS * (sizeof (char *) + LOGNAME_MAX))) 
+--- nss_ldap-257.orig/nss_ldap.5	2007-09-18 15:03:00.001020000 -0700
++++ nss_ldap-257/nss_ldap.5	2007-09-18 15:05:42.779508238 -0700
+@@ -453,6 +453,10 @@
+ verify no local applications rely on this information before
+ enabling this on a production system.
+ .TP
++.B nss_max_group_depth <value>
++Specifies the maximum depth to which nested groups are queried.
++A value of 0 effectively disables querying for nested groups.
++.TP
+ .B nss_srv_domain <domain>
+ This option determines the DNS domain used for performing SRV
+ lookups.
+--- nss_ldap-257.orig/util.c	2007-09-18 15:03:00.001020000 -0700
++++ nss_ldap-257/util.c	2007-09-18 15:04:35.032083555 -0700
+@@ -62,2 +62,5 @@
+ 
++/* Initialize global maximum group depth to default. */
++int _nss_ldap_max_group_depth = LDAP_NSS_MAXGR_DEPTH;
++
+ static NSS_STATUS do_getrdnvalue (const char *dn,
+@@ -805,2 +808,5 @@
+ 
++  /* Reset global maximum group depth to default. */
++  _nss_ldap_max_group_depth = LDAP_NSS_MAXGR_DEPTH;
++
+   while (fgets (b, sizeof (b), fp) != NULL)
+--- nss_ldap-257.orig/util.h	2007-09-18 15:03:00.001020000 -0700
++++ nss_ldap-257/util.h	2007-09-18 15:05:11.295822638 -0700
+@@ -84,6 +84,7 @@
+ #define NSS_LDAP_KEY_INITGROUPS		"nss_initgroups"
+ #define NSS_LDAP_KEY_INITGROUPS_IGNOREUSERS	"nss_initgroups_ignoreusers"
+ #define NSS_LDAP_KEY_GETGRENT_SKIPMEMBERS	"nss_getgrent_skipmembers"
++#define NSS_LDAP_KEY_MAX_GROUP_DEPTH	"nss_max_group_depth"
+ 
+ /* more reconnect policy fine-tuning */
+ #define NSS_LDAP_KEY_RECONNECT_TRIES		"nss_reconnect_tries"
diff --git a/sys-auth/nss_ldap/nss_ldap-257.ebuild b/sys-auth/nss_ldap/nss_ldap-257.ebuild
new file mode 100644
index 000000000000..3eca16b06811
--- /dev/null
+++ b/sys-auth/nss_ldap/nss_ldap-257.ebuild
@@ -0,0 +1,72 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/nss_ldap/nss_ldap-257.ebuild,v 1.1 2007/09/18 23:18:35 robbat2 Exp $
+
+inherit fixheadtails eutils multilib
+
+IUSE="debug sasl kerberos"
+
+DESCRIPTION="NSS LDAP Module"
+HOMEPAGE="http://www.padl.com/OSS/nss_ldap.html"
+SRC_URI="http://www.padl.com/download/${P}.tar.gz"
+
+SLOT="0"
+LICENSE="LGPL-2"
+KEYWORDS="~alpha ~amd64 ~hppa ~mips ~ppc ~ppc64 ~sparc ~x86"
+
+DEPEND=">=net-nds/openldap-2.1.30-r5
+		sasl? ( dev-libs/cyrus-sasl )
+		kerberos? ( virtual/krb5 )"
+RDEPEND="${DEPEND}
+		!<net-fs/autofs-4.1.3"
+
+src_unpack() {
+	unpack ${A}
+	cd ${S}
+	epatch ${FILESDIR}/nsswitch.ldap.diff
+	# Applied by upstream
+	#epatch ${FILESDIR}/${PN}-239-tls-security-bug.patch
+	epatch ${FILESDIR}/${PN}-249-sasl-compile.patch
+	EPATCH_OPTS="-p1 -d ${S}" epatch ${FILESDIR}/${PN}-252-reconnect-timeouts.patch
+	EPATCH_OPTS="-p1 -d ${S}" epatch ${FILESDIR}/${PN}-254-nss_getgrent_skipmembers.patch
+	EPATCH_OPTS="-p1 -d ${S}" epatch ${FILESDIR}/${PN}-257-nss_max_group_depth.patch
+	sed -i.orig \
+		-e '/^ @(#)\$Id: ldap.conf,v/s,^,#,' \
+		${S}/ldap.conf || die "failed to clean up initial version marker"
+	# fix head/tail stuff
+	ht_fix_file ${S}/Makefile.am ${S}/Makefile.in ${S}/depcomp
+	# fix build borkage
+	for i in Makefile.{in,am}; do
+	  sed -i.orig \
+	    -e '/^install-exec-local: nss_ldap.so/s,nss_ldap.so,,g' \
+	    ${S}/$i
+	done
+}
+
+src_compile() {
+	local myconf=""
+	use debug && myconf="${myconf} --enable-debugging"
+	use kerberos && myconf="${myconf} --enable-configurable-krb5-ccname-gssapi"
+	econf \
+		--with-ldap-lib=openldap \
+		--libdir=/$(get_libdir) \
+		--enable-schema-mapping \
+		--enable-paged-results \
+		--enable-rfc2307bis \
+		${myconf} || die "configure failed"
+
+	emake || die "make failed"
+}
+
+src_install() {
+	dodir /$(get_libdir)
+
+	emake -j1 DESTDIR="${D}" install || die "make install failed"
+
+	insinto /etc
+	doins ldap.conf
+
+	dodoc ldap.conf ANNOUNCE NEWS ChangeLog AUTHORS \
+		COPYING CVSVersionInfo.txt README nsswitch.ldap certutil
+	docinto docs; dodoc doc/*
+}