rpms
/
slapi-nis
21
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: rpms:c9
Branches Tags
rpms:i10-beta
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i8c-stream-DL1
rpms:c8-stream-DL1
rpms:i8-beta-stream-DL1
rpms:i8-beta-stream-client
rpms:i8c-beta-stream-client
rpms:c8-beta-stream-client
rpms:i8c-beta-stream-DL1
rpms:c8-beta-stream-DL1
rpms:i8-stream-DL1
rpms:i8c-stream-client
rpms:c8-stream-client
rpms:i9
rpms:i9c
rpms:c9
..
compare: rpms:i8-stream-DL1
Branches Tags
rpms:i10-beta
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i8c-stream-DL1
rpms:c8-stream-DL1
rpms:i8-beta-stream-DL1
rpms:i8-beta-stream-client
rpms:i8c-beta-stream-client
rpms:c8-beta-stream-client
rpms:i8c-beta-stream-DL1
rpms:c8-beta-stream-DL1
rpms:i8-stream-DL1
rpms:i8c-stream-client
rpms:c8-stream-client
rpms:i9
rpms:i9c
rpms:c9

No commits in common. 'c9' and 'i8-stream-DL1' have entirely different histories.
c9 ... i8-stream-

3 changed files with 46 additions and 168 deletions
Show Stats

102
SOURCES/slapi-nis-RHEL-5134.patch
Unescape View File

@ -1,102 +0,0 @@
From ee94788e63d9f35daca7c0d1e80a488f738a9c52 Mon Sep 17 00:00:00 2001
From: Thierry Bordaz <tbordaz@redhat.com>
Date: Fri, 1 Sep 2023 11:02:08 +0200
Subject: [PATCH 1/2] BZ 2124214 - schema compat plugin deadlock on delete post
op
Bug description:
backends locks (SC map and retroCL) are acquired in
the opposite order
(https://bugzilla.redhat.com/show_bug.cgi?id=2124214#c17)
Fix description:
Credits of the fix are to Pierre Rogier who found
a reproducible testcase, did the fix and verified it.
In specific condition of retroCL trimming the DEL
callback of the SC should check if the backend should
be ignored
relates: 2124214
---
src/back-shr.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/src/back-shr.c b/src/back-shr.c
index ce2b1f3..1792bef 100644
--- a/src/back-shr.c
+++ b/src/back-shr.c
@@ -2811,6 +2811,18 @@ backend_shr_delete_cb(Slapi_PBlock *pb)
if (wrap_get_call_level() > 0) {
return 0;
}
+ /* especially important to test if we want to prevent frequent
+ * deadlocks when backends are accesses in opposite order.
+ * i.e. "regular" update on domain map+retroCL and retroCL trimming
+ * retroCL+domain map
+ */
+ if (backend_shr_write_ignore(pb)) {
+#if DEBUG_MAP_LOCK
+ slapi_log_error(SLAPI_LOG_FATAL, "schema-compat",
+ "backend_shr_delete_cb: (%p) operation is not impacting schema compat\n", PR_MyThreadId(), 1);
+#endif
+ return 0;
+ }
/* Read parameters from the pblock. */
slapi_pblock_get(pb, SLAPI_PLUGIN_PRIVATE, &cbdata.state);
--
2.41.0
From 61fcf534c3da767788e27641f3ebfe4d6a6c0b25 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Mon, 9 Oct 2023 13:53:28 +0300
Subject: [PATCH 2/2] Add more ignores to modrdn and modify cases
BZ 2124214 - schema compat plugin deadlock on delete post op
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
---
src/back-shr.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/src/back-shr.c b/src/back-shr.c
index 1792bef..4cbc39b 100644
--- a/src/back-shr.c
+++ b/src/back-shr.c
@@ -2463,6 +2463,15 @@ backend_shr_modify_cb(Slapi_PBlock *pb)
/* No data yet, ignore */
return 0;
}
+
+ if (backend_shr_write_ignore(pb)) {
+#if DEBUG_MAP_LOCK
+ slapi_log_error(SLAPI_LOG_FATAL, "schema-compat",
+ "backend_shr_modify_cb: (%p) operation is not impacting schema compat\n", PR_MyThreadId(), 1);
+#endif
+ return 0;
+ }
+
slapi_pblock_get(pb, SLAPI_MODIFY_TARGET, &dn);
slapi_pblock_get(pb, SLAPI_MODIFY_MODS, &cbdata.mods);
slapi_pblock_get(pb, SLAPI_ENTRY_PRE_OP, &cbdata.e_pre);
@@ -2669,6 +2678,15 @@ backend_shr_modrdn_cb(Slapi_PBlock *pb)
/* No data yet, ignore */
return 0;
}
+
+ if (backend_shr_write_ignore(pb)) {
+#if DEBUG_MAP_LOCK
+ slapi_log_error(SLAPI_LOG_FATAL, "schema-compat",
+ "backend_shr_modrdn_cb: (%p) operation is not impacting schema compat\n", PR_MyThreadId(), 1);
+#endif
+ return 0;
+ }
+
slapi_pblock_get(pb, SLAPI_ENTRY_PRE_OP, &cbdata.e_pre);
slapi_pblock_get(pb, SLAPI_ENTRY_POST_OP, &cbdata.e_post);
--
2.41.0

0
SOURCES/slapi-nis-bz2183950.patch → SOURCES/slapi-nis-bz2183469.patch
Unescape View File

112
SPECS/slapi-nis.spec
Unescape View File

@ -11,16 +11,16 @@
Name: slapi-nis
Version: 0.60.0
Release: 5%{?dist}
Release: 3%{?dist}.inferit
Summary: NIS Server and Schema Compatibility plugins for Directory Server
Group: System Environment/Daemons
License: GPLv3
URL: http://pagure.io/slapi-nis/
Source0: https://releases.pagure.org/slapi-nis/slapi-nis-%{version}.tar.gz
Source1: https://releases.pagure.org/slapi-nis/slapi-nis-%{version}.tar.gz.asc
Patch0: slapi-nis-bz2183950.patch
Patch1: slapi-nis-RHEL-5134.patch
Patch0: slapi-nis-bz2183469.patch
BuildRequires: make
BuildRequires: make
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
@ -38,13 +38,13 @@ BuildRequires: libtirpc-devel
%else
BuildRequires: libnsl2-devel
%endif
%if 0%{?fedora} > 27 || 0%{?rhel} >= 9
%if 0%{?fedora} > 27 || 0%{?rhel} > 7
ExcludeArch: %{ix86}
%endif
Requires: 389-ds-base >= 1.3.5.6
%description
This package provides two plugins for Red Hat and 389 Directory Server.
This package provides two plugins for MSVSphere and 389 Directory Server.
The NIS Server plugin allows the directory server to act as a NIS server
for clients, dynamically generating and updating NIS maps according to
@ -59,7 +59,6 @@ for attributes from multiple entries in the tree.
%prep
%setup -q
%patch0 -p1
%patch1 -p1
%build
autoconf --force
@ -81,97 +80,78 @@ make check
%endif
%files
%defattr(-,root,root,-)
%doc COPYING NEWS README STATUS doc/*.txt doc/examples/*.ldif doc/ipa
%{_mandir}/man1/*
%{_libdir}/dirsrv/plugins/*.so
%{_sbindir}/nisserver-plugin-defs
%changelog
* Tue Oct 10 2023 Alexander Bokovoy <abokovoy@redhat.com> - 0.60.0-5
- Ignore updates from non-tracked subtrees during modify/modrdn/update
to avoid deadlocks with retro changelog
- Resolves: RHEL-11983
* Thu Dec 21 2023 Sergey Cherevko <s.cherevko@msvsphere-os.ru> - 0.60.0-3.inferit
- MSVSphere debranding
- Rebuilt for MSVSphere 8.9
* Mon Apr 24 2023 Alexander Bokovoy <abokovoy@redhat.com> - 0.60.0-4
* Mon Apr 24 2023 Alexander Bokovoy <abokovoy@redhat.com> - 0.60.0-3
- Also handle base searches within the compat tree
- Related: rhbz#2183950
- Related: rhbz#2183469
* Wed Apr 12 2023 Alexander Bokovoy <abokovoy@redhat.com> - 0.60.0-3
* Wed Apr 12 2023 Alexander Bokovoy <abokovoy@redhat.com> - 0.60.0-2
- Fix base DN searches outside the compat tree
- Resolves: rhbz#2183950
* Sun Aug 21 2022 Alexander Bokovoy <abokovoy@redhat.com> - 0.60.0-2
- Rebuild to fix changelog
- Related: rhbz#2117299
- Resolves: rhbz#2183469
* Sat Aug 20 2022 Alexander Bokovoy <abokovoy@redhat.com> - 0.60.0-1
- upstream release 0.60.0
- Change license from GPLv2 to GPLv3+ to follow 389-ds licensing
- Fix ID views integration
- Resolves: rhbz#1984010
Fix ID views integration
- Fix base scope lookups
- Bump NIS max dgram size to 8KB by default instead of 1KB
- Resolves: rhbz#2117299
- Resolves: rhbz#1784172
Bump NIS max dgram size to 8KB by default instead of 1KB
- Resolves: rhbz#2070575
Allow to rebuild the compat tree
* Fri Jan 21 2022 Alexander Bokovoy <abokovoy@redhat.com> - 0.56.7-4
- Rebuild against libnsl 2.0.0
- Related: rhbz#2039220
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 0.56.7-3
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Wed Jul 07 2021 Alexander Bokovoy <abokovoy@redhat.com> - 0.56.7-2
- Resolves: rhbz#1979619
IPA: High CPU utilization (over 1000% plus) by ns-slapd process
- Resolves: rhbz#1979623
With base object scope, ldapsearch against compat tree does not return any data on Rhel8 IPA servers.
* Mon Sep 13 2021 Alexander Bokovoy <abokovoy@redhat.com> - 0.56.6-4
- Resolves: rhbz#2000919 - memory leak in backend_search_cb
* Wed May 19 2021 Alexander Bokovoy <abokovoy@redhat.com> - 0.56.7-1
- CVE-2021-3480: invalid bind DN crash
- New upstream release
- Resolves: rhbz#1947351
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.56.6-3
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Thu Jul 01 2021 Alexander Bokovoy <abokovoy@redhat.com> - 0.56.6-3
- Resolves: rhbz#1958909 - fix regression for scoped searches in compat tree
- Resolves: rhbz#1978189 - better handle error response from libsss_nss_idmap
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.56.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Apr 07 2021 Alexander Bokovoy <abokovoy@redhat.com> - 0.56.6-2
- CVE 2021-3480: idm:DL1/slapi-nis: NULL dereference (DoS) with specially crafted Binding DN
- Resolves: rhbz#1944713
* Fri Dec 04 2020 Alexander Bokovoy <abokovoy@redhat.com> - 0.56.6-1
- New upstream release
- Ignore searches which don't match any configured map
- Upstream release 0.56.6
- Resolves rhbz#1891741
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.56.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Sep 14 2020 Alexander Bokovoy <abokovoy@redhat.com> - 0.56.5-4
- Ignore unmatched searches
- Resolves: rhbz#1874015
* Thu Sep 10 2020 Alexander Bokovoy <abokovoy@redhat.com> - 0.56.5-3
- Fix memory leaks in ID views processing
- Resolves: rhbz#1875348
* Wed May 06 2020 Alexander Bokovoy <abokovoy@redhat.com> - 0.56.5-2
- Initialize map locks in NIS plugin to prevent crash
- Initialize map lock in NIS plugin
- Resolves: rhbz#1832331
* Mon May 04 2020 Alexander Bokovoy <abokovoy@redhat.com> - 0.56.5-1
- New upstream release
- Upstream release 0.56.5
- Resolves: rhbz#1751295: (2) When sync-repl is enabled, slapi-nis can deadlock during retrochanglog trimming
- Resolves: rhbz#1768156: ERR - schemacompat - map rdlock: old way MAP_MONITOR_DISABLED
* Fri Feb 07 2020 Alexander Bokovoy <abokovoy@redhat.com> - 0.56.4-1
- New upstream release
- Fix build with newer gcc versions
- Resolves rhbz#1800097
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.56.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.56.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Aug 16 2019 Alexander Bokovoy <abokovoy@redhat.com> - 0.56.3-2
- Resolves rhbz#1741881
ns-slapd is crashing intermittently
* Thu Jun 06 2019 Alexander Bokovoy <abokovoy@redhat.com> - 0.56.3-1
* Wed Jun 05 2019 Alexander Bokovoy <abokovoy@redhat.com> - 0.56.3-1
- New upstream release
- Resolves rhbz#1684563
* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.56.2-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.56.2-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Mon Jul 23 2018 Alexander Bokovoy <abokovoy@redhat.com> - 0.56.2-7
- 389-ds is not available on i686 architecture, don't build there
* Wed May 02 2018 Alexander Bokovoy <abokovoy@redhat.com> - 0.56.2-6
- Force rebuild of configure

Write Preview
Loading…
Cancel
Save