gentoo resync : 18.12.2017

author: V3n3RiX <venerix@redcorelinux.org> 2017-12-18 15:11:02 +0000
committer: V3n3RiX <venerix@redcorelinux.org> 2017-12-18 15:11:02 +0000
commit: 0fb71e0215ed52863e462cccef73c01aff44d43d (patch)
tree: 428fc3fa92f9c69ed02878e9b6151a9fb810e651 /sys-auth/nss_ldap/files
parent: 9bd54251864651f49e673a08aec9ef79cfe08f04 (diff)
3 files changed, 0 insertions, 333 deletions
diff --git a/sys-auth/nss_ldap/files/nss_ldap-239-tls-security-bug.patch b/sys-auth/nss_ldap/files/nss_ldap-239-tls-security-bug.patch
deleted file mode 100644
index 1dbd8dc889a1..000000000000
--- a/sys-auth/nss_ldap/files/nss_ldap-239-tls-security-bug.patch
+++ /dev/null
@@ -1,42 +0,0 @@
---- ldap-nss.c	2004-09-28 03:20:11.000000000 +0100
-+++ ldap-nss.c.new	2005-07-04 01:32:12.000000000 +0100
-@@ -330,6 +330,39 @@
- 
-   timelimit = __session.ls_config->ldc_bind_timelimit;
- 
-+#ifdef HAVE_LDAP_START_TLS_S
-+  if (__session.ls_config->ldc_ssl_on == SSL_START_TLS)
-+    {
-+      int version;
-+
-+      if (ldap_get_option
-+	  (__session.ls_conn, LDAP_OPT_PROTOCOL_VERSION,
-+	   &version) == LDAP_OPT_SUCCESS)
-+	{
-+	  if (version < LDAP_VERSION3)
-+	    {
-+	      version = LDAP_VERSION3;
-+	      ldap_set_option (__session.ls_conn, LDAP_OPT_PROTOCOL_VERSION,
-+			       &version);
-+	    }
-+	}
-+
-+      debug ("==> start_tls");
-+      if (ldap_start_tls_s (__session.ls_conn, NULL, NULL) == LDAP_SUCCESS)
-+	{
-+	  debug ("TLS startup succeeded");
-+	}
-+      else
-+	{
-+	  debug ("TLS startup failed");
-+	  do_close ();
-+	  debug ("<== do_open");
-+	  return NSS_UNAVAIL;
-+	}
-+      debug ("<== start_tls");
-+    }
-+#endif /* HAVE_LDAP_START_TLS_S */
-+
-   return do_bind (ld, timelimit, who, cred, with_sasl);
- }
- #else
diff --git a/sys-auth/nss_ldap/files/nss_ldap-252-reconnect-timeouts.patch b/sys-auth/nss_ldap/files/nss_ldap-252-reconnect-timeouts.patch
deleted file mode 100644
index 285a34e3df4b..000000000000
--- a/sys-auth/nss_ldap/files/nss_ldap-252-reconnect-timeouts.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-This patch changes the default timeouts, so that they are much lower, and do
-not cause major delays when booting a system. This is a workaround until the
-core /etc/{passwd,group} contain all of the data needed for a system boot.
-
-Also add a note that 'ssl on' is broken and TLS should be used instead.
-
-Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
-
-diff -Nuar --exclude '*~' nss_ldap-250.orig/ldap-nss.h nss_ldap-250/ldap-nss.h
---- nss_ldap-250.orig/ldap-nss.h	2006-04-26 18:19:00.000000000 -0700
-+++ nss_ldap-250/ldap-nss.h	2006-06-14 01:58:01.933005492 -0700
-@@ -96,9 +96,9 @@
-  * unacceptable, in which case you may wish to adjust
-  * the constants below.
-  */
--#define LDAP_NSS_TRIES           5	/* number of sleeping reconnect attempts */
--#define LDAP_NSS_SLEEPTIME       4	/* seconds to sleep; doubled until max */
--#define LDAP_NSS_MAXSLEEPTIME    64	/* maximum seconds to sleep */
-+#define LDAP_NSS_TRIES           4	/* number of sleeping reconnect attempts */
-+#define LDAP_NSS_SLEEPTIME       1	/* seconds to sleep; doubled until max */
-+#define LDAP_NSS_MAXSLEEPTIME    16	/* maximum seconds to sleep */
- #define LDAP_NSS_MAXCONNTRIES    2	/* reconnect attempts before sleeping */
- 
- #if defined(HAVE_NSSWITCH_H) || defined(HAVE_IRS_H)
-diff -Nuar --exclude '*~' nss_ldap-250.orig/ldap.conf nss_ldap-250/ldap.conf
---- nss_ldap-250.orig/ldap.conf	2006-04-26 18:19:00.000000000 -0700
-+++ nss_ldap-250/ldap.conf	2006-06-14 02:12:02.008444745 -0700
-@@ -283,7 +283,8 @@
- # OpenLDAP SSL mechanism
- # start_tls mechanism uses the normal LDAP port, LDAPS typically 636
- #ssl start_tls
--#ssl on
-+###ssl on
-+# Gentoo note: Don't use 'ssl on' in 249/250. They are broken in some cases! Use start_tls instead.
- 
- # OpenLDAP SSL options
- # Require and verify server certificate (yes/no)
-@@ -315,3 +316,27 @@
- # Override the default Kerberos ticket cache location.
- #krb5_ccname FILE:/etc/.ldapcache
- 
-+# Timeout behavior
-+# Upstream nss_ldap hard-codes these values:
-+#nss_reconnect_tries 5			# number of times to double the sleep time
-+#nss_reconnect_sleeptime 4		# initial sleep value
-+#nss_reconnect_maxsleeptime 64	# max sleep value to cap at
-+#nss_reconnect_maxconntries 2	# how many tries before sleeping
-+# This leads to a delay of 124 seconds (4+8+16+32+64=124) per lookup if the
-+# server is not available.
-+
-+# For Gentoo's distribution of nss_ldap, as of 250-r1, we use these values
-+# (The hardwired constants in the code are changed to them as well):
-+nss_reconnect_tries 4			# number of times to double the sleep time
-+nss_reconnect_sleeptime 1		# initial sleep value
-+nss_reconnect_maxsleeptime 16	# max sleep value to cap at
-+nss_reconnect_maxconntries 2	# how many tries before sleeping
-+# This leads to a delay of 15 seconds (1+2+4+8=15)
-+
-+# If you are impatient, and know your LDAP server is reliable, fast or local,
-+# you may wish to use these values instead:
-+#nss_reconnect_tries 1			# number of times to double the sleep time
-+#nss_reconnect_sleeptime 1		# initial sleep value
-+#nss_reconnect_maxsleeptime 1	# max sleep value to cap at
-+#nss_reconnect_maxconntries 3	# how many tries before sleeping
-+# This leads to a delay of 1 second.
diff --git a/sys-auth/nss_ldap/files/nss_ldap-254-nss_getgrent_skipmembers.patch b/sys-auth/nss_ldap/files/nss_ldap-254-nss_getgrent_skipmembers.patch
deleted file mode 100644
index 68809bcf1b1b..000000000000
--- a/sys-auth/nss_ldap/files/nss_ldap-254-nss_getgrent_skipmembers.patch
+++ /dev/null
@@ -1,226 +0,0 @@
-diff -c -r nss_ldap-250/ChangeLog nss_ldap-250.1/ChangeLog
-*** nss_ldap-250/ChangeLog	Wed Apr 26 18:19:00 2006
---- nss_ldap-250.1/ChangeLog	Wed Aug 16 16:58:57 2006
-***************
-*** 1,6 ****
---- 1,13 ----
-  $Id$
-  ===============================================================
-  
-+ 250.1   Paul B. Henson <henson@acm.org>
-+ 
-+ 	* add nss_getgrent_skipmembers parameter to ldap.conf,
-+ 	  if enabled will not request member attributes for
-+ 	  group lookups, greatly increasing performance in the
-+ 	  face of large groups
-+ 
-  250	Luke Howard <lukeh@padl.com>
-  
-  	* don't use static _nss_ldap_no_members buffer,
-diff -c -r nss_ldap-250/ldap-nss.c nss_ldap-250.1/ldap-nss.c
-*** nss_ldap-250/ldap-nss.c	Wed Apr 26 18:19:00 2006
---- nss_ldap-250.1/ldap-nss.c	Wed Aug 16 16:51:49 2006
-***************
-*** 1258,1264 ****
-  
-    cfg = __config;
-  
-!   _nss_ldap_init_attributes (cfg->ldc_attrtab);
-    _nss_ldap_init_filters ();
-  
-  #ifdef HAVE_LDAP_SET_OPTION
---- 1258,1264 ----
-  
-    cfg = __config;
-  
-!   _nss_ldap_init_attributes (cfg->ldc_attrtab, cfg->ldc_getgrent_skipmembers);
-    _nss_ldap_init_filters ();
-  
-  #ifdef HAVE_LDAP_SET_OPTION
-diff -c -r nss_ldap-250/ldap-nss.h nss_ldap-250.1/ldap-nss.h
-*** nss_ldap-250/ldap-nss.h	Wed Apr 26 18:19:00 2006
---- nss_ldap-250.1/ldap-nss.h	Wed Aug 16 16:51:59 2006
-***************
-*** 390,395 ****
---- 390,396 ----
-    time_t ldc_mtime;
-  
-    char **ldc_initgroups_ignoreusers;
-+   int ldc_getgrent_skipmembers;
-  };
-  
-  typedef struct ldap_config ldap_config_t;
-diff -c -r nss_ldap-250/ldap-schema.c nss_ldap-250.1/ldap-schema.c
-*** nss_ldap-250/ldap-schema.c	Wed Apr 26 18:19:00 2006
---- nss_ldap-250.1/ldap-schema.c	Wed Aug 16 16:54:52 2006
-***************
-*** 273,279 ****
-  
-  static void init_pwd_attributes (const char ***pwd_attrs);
-  static void init_sp_attributes (const char ***sp_attrs);
-! static void init_grp_attributes (const char ***grp_attrs);
-  static void init_hosts_attributes (const char ***hosts_attrs);
-  static void init_services_attributes (const char ***services_attrs);
-  static void init_network_attributes (const char ***network_attrs);
---- 273,279 ----
-  
-  static void init_pwd_attributes (const char ***pwd_attrs);
-  static void init_sp_attributes (const char ***sp_attrs);
-! static void init_grp_attributes (const char ***grp_attrs, int ldc_getgrent_skipmembers);
-  static void init_hosts_attributes (const char ***hosts_attrs);
-  static void init_services_attributes (const char ***services_attrs);
-  static void init_network_attributes (const char ***network_attrs);
-***************
-*** 289,299 ****
-   * attribute table initialization routines
-   */
-  void
-! _nss_ldap_init_attributes (const char ***attrtab)
-  {
-    init_pwd_attributes (&attrtab[LM_PASSWD]);
-    init_sp_attributes (&attrtab[LM_SHADOW]);
-!   init_grp_attributes (&attrtab[LM_GROUP]);
-    init_hosts_attributes (&attrtab[LM_HOSTS]);
-    init_services_attributes (&attrtab[LM_SERVICES]);
-    init_network_attributes (&attrtab[LM_NETWORKS]);
---- 289,299 ----
-   * attribute table initialization routines
-   */
-  void
-! _nss_ldap_init_attributes (const char ***attrtab, int ldc_getgrent_skipmembers)
-  {
-    init_pwd_attributes (&attrtab[LM_PASSWD]);
-    init_sp_attributes (&attrtab[LM_SHADOW]);
-!   init_grp_attributes (&attrtab[LM_GROUP], ldc_getgrent_skipmembers);
-    init_hosts_attributes (&attrtab[LM_HOSTS]);
-    init_services_attributes (&attrtab[LM_SERVICES]);
-    init_network_attributes (&attrtab[LM_NETWORKS]);
-***************
-*** 357,363 ****
-  }
-  
-  static void
-! init_grp_attributes (const char ***grp_attrs)
-  {
-    int i = 0;
-    static const char *__grp_attrs[ATTRTAB_SIZE + 1];
---- 357,363 ----
-  }
-  
-  static void
-! init_grp_attributes (const char ***grp_attrs, int ldc_getgrent_skipmembers)
-  {
-    int i = 0;
-    static const char *__grp_attrs[ATTRTAB_SIZE + 1];
-***************
-*** 366,374 ****
-  
-    (*grp_attrs)[i++] = (char *) ATM (LM_GROUP, cn);
-    (*grp_attrs)[i++] = (char *) ATM (LM_GROUP, userPassword);
-!   (*grp_attrs)[i++] = (char *) AT (memberUid);
-!   if (_nss_ldap_test_config_flag (NSS_LDAP_FLAGS_RFC2307BIS))
-!     (*grp_attrs)[i++] = (char *) AT (uniqueMember);
-    (*grp_attrs)[i++] = (char *) ATM (LM_GROUP, gidNumber);
-    (*grp_attrs)[i] = NULL;
-  }
---- 366,377 ----
-  
-    (*grp_attrs)[i++] = (char *) ATM (LM_GROUP, cn);
-    (*grp_attrs)[i++] = (char *) ATM (LM_GROUP, userPassword);
-!   if (!ldc_getgrent_skipmembers)
-!     {
-!       (*grp_attrs)[i++] = (char *) AT (memberUid);
-!       if (_nss_ldap_test_config_flag (NSS_LDAP_FLAGS_RFC2307BIS))
-!         (*grp_attrs)[i++] = (char *) AT (uniqueMember);
-!     }
-    (*grp_attrs)[i++] = (char *) ATM (LM_GROUP, gidNumber);
-    (*grp_attrs)[i] = NULL;
-  }
-diff -c -r nss_ldap-250/ldap-schema.h nss_ldap-250.1/ldap-schema.h
-*** nss_ldap-250/ldap-schema.h	Wed Apr 26 18:19:00 2006
---- nss_ldap-250.1/ldap-schema.h	Wed Aug 16 16:54:07 2006
-***************
-*** 30,36 ****
-   * function to initialize global lookup filters.
-   */
-  void _nss_ldap_init_filters ();
-! void _nss_ldap_init_attributes (const char ***attrtab);
-  
-  /**
-   * make filters formerly declared in ldap-*.h globally available.
---- 30,36 ----
-   * function to initialize global lookup filters.
-   */
-  void _nss_ldap_init_filters ();
-! void _nss_ldap_init_attributes (const char ***attrtab, int ldc_getgrent_skipmembers);
-  
-  /**
-   * make filters formerly declared in ldap-*.h globally available.
-diff -c -r nss_ldap-250/nss_ldap.5 nss_ldap-250.1/nss_ldap.5
-*** nss_ldap-250/nss_ldap.5	Wed Apr 26 18:19:00 2006
---- nss_ldap-250.1/nss_ldap.5	Wed Aug 16 17:07:19 2006
-***************
-*** 445,450 ****
---- 445,458 ----
-  to return NSS_STATUS_NOTFOUND if called with a listed users as
-  its argument.
-  .TP
-+ .B nss_getgrent_skipmembers <yes|no>
-+ Specifies whether or not to populate the members list in
-+ the group structure for group lookups. If very large groups
-+ are present, enabling this option will greatly increase
-+ perforance, at the cost of some lost functionality. You should
-+ verify no local applications rely on this information before
-+ enabling this on a production system.
-+ .TP
-  .B nss_srv_domain <domain>
-  This option determines the DNS domain used for performing SRV
-  lookups.
-diff -c -r nss_ldap-250/util.c nss_ldap-250.1/util.c
-*** nss_ldap-250/util.c	Wed Apr 26 18:19:00 2006
---- nss_ldap-250.1/util.c	Wed Aug 16 16:52:55 2006
-***************
-*** 660,665 ****
---- 660,666 ----
-    result->ldc_reconnect_maxsleeptime = LDAP_NSS_MAXSLEEPTIME;
-    result->ldc_reconnect_maxconntries = LDAP_NSS_MAXCONNTRIES;
-    result->ldc_initgroups_ignoreusers = NULL;
-+   result->ldc_getgrent_skipmembers = 0;
-  
-    for (i = 0; i <= LM_NONE; i++)
-      {
-***************
-*** 1137,1142 ****
---- 1138,1156 ----
-  	      break;
-  	    }
-  	}
-+       else if (!strcasecmp (k, NSS_LDAP_KEY_GETGRENT_SKIPMEMBERS))
-+ 	{
-+ 	  if (!strcasecmp (v, "on") || !strcasecmp (v, "yes")
-+ 	      || !strcasecmp (v, "true"))
-+ 	    {
-+ 	      result->ldc_getgrent_skipmembers = 1;
-+ 	    }
-+ 	  else if (!strcasecmp (v, "off") || !strcasecmp (v, "no")
-+ 		   || !strcasecmp (v, "false"))
-+ 	    {
-+ 	      result->ldc_getgrent_skipmembers = 0;
-+ 	    }
-+ 	}
-        else if (!strcasecmp (k, NSS_LDAP_KEY_CONNECT_POLICY))
-          {
-  	  if (!strcasecmp (v, "oneshot"))
-diff -c -r nss_ldap-250/util.h nss_ldap-250.1/util.h
-*** nss_ldap-250/util.h	Wed Apr 26 18:19:00 2006
---- nss_ldap-250.1/util.h	Wed Aug 16 16:49:52 2006
-***************
-*** 83,88 ****
---- 83,89 ----
-  #define NSS_LDAP_KEY_PAGESIZE		"pagesize"
-  #define NSS_LDAP_KEY_INITGROUPS		"nss_initgroups"
-  #define NSS_LDAP_KEY_INITGROUPS_IGNOREUSERS	"nss_initgroups_ignoreusers"
-+ #define NSS_LDAP_KEY_GETGRENT_SKIPMEMBERS	"nss_getgrent_skipmembers"
-  
-  /* more reconnect policy fine-tuning */
-  #define NSS_LDAP_KEY_RECONNECT_TRIES		"nss_reconnect_tries"
author	V3n3RiX <venerix@redcorelinux.org>	2017-12-18 15:11:02 +0000
committer	V3n3RiX <venerix@redcorelinux.org>	2017-12-18 15:11:02 +0000
commit	0fb71e0215ed52863e462cccef73c01aff44d43d (patch)
tree	428fc3fa92f9c69ed02878e9b6151a9fb810e651 /sys-auth/nss_ldap/files
parent	9bd54251864651f49e673a08aec9ef79cfe08f04 (diff)