commit e459464ec19fc78b397d8a92eb184d2d5bf0f1ec · tjh.dev/nixpkgs

tjh.dev / nixpkgs

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)

nss_ldap: fixing crash with glibc >= 2.16

I update it to the latest version, 265. Then I use some patches:

The nss_ldap-265-glibc-2.16.patch is the one that fixes the crash.
The crashes.patch is another one that I took from RH that said to fixes somes
crashes, but it didn't fix the crash I was seeing. But I guess it fixes
something.

Lluís Batlle i Rossell 12 years ago e459464e 80d3f6c4

+259 -5

3 changed files

expand all

unified split

pkgs

os-specific

linux

nss_ldap

crashes.patch

default.nix

nss_ldap-265-glibc-2.16.patch

+104

pkgs/os-specific/linux/nss_ldap/crashes.patch

··· 1 + https://bugzilla.redhat.com/show_bug.cgi?id=488857 2 + 3 + 4 + Distinguish between contexts that are somewhat persistent and one-offs 5 + which are used to fulfill part of a larger request. 6 + 7 + diff -up nss_ldap-253/ldap-grp.c nss_ldap-253/ldap-grp.c 8 + --- nss_ldap-253/ldap-grp.c 2009-05-08 13:30:43.000000000 -0400 9 + +++ nss_ldap-253/ldap-grp.c 2009-05-08 13:34:41.000000000 -0400 10 + @@ -857,7 +857,7 @@ ng_chase (const char *dn, ldap_initgroup 11 + LA_STRING (a) = dn; 12 + LA_TYPE (a) = LA_TYPE_STRING; 13 + 14 + - if (_nss_ldap_ent_context_init_locked (&ctx) == NULL) 15 + + if (_nss_ldap_ent_context_init_internal_locked (&ctx) == NULL) 16 + { 17 + return NSS_UNAVAIL; 18 + } 19 + @@ -930,7 +930,7 @@ ng_chase_backlink (const char ** members 20 + LA_STRING_LIST (a) = filteredMembersOf; 21 + LA_TYPE (a) = LA_TYPE_STRING_LIST_OR; 22 + 23 + - if (_nss_ldap_ent_context_init_locked (&ctx) == NULL) 24 + + if (_nss_ldap_ent_context_init_internal_locked (&ctx) == NULL) 25 + { 26 + free (filteredMembersOf); 27 + return NSS_UNAVAIL; 28 + diff -up nss_ldap-253/ldap-netgrp.c nss_ldap-253/ldap-netgrp.c 29 + --- nss_ldap-253/ldap-netgrp.c 2009-05-08 13:31:35.000000000 -0400 30 + +++ nss_ldap-253/ldap-netgrp.c 2009-05-08 13:33:14.000000000 -0400 31 + @@ -691,7 +691,7 @@ do_innetgr_nested (ldap_innetgr_args_t * 32 + LA_TYPE (a) = LA_TYPE_STRING; 33 + LA_STRING (a) = nested; /* memberNisNetgroup */ 34 + 35 + - if (_nss_ldap_ent_context_init_locked (&ctx) == NULL) 36 + + if (_nss_ldap_ent_context_init_internal_locked (&ctx) == NULL) 37 + { 38 + debug ("<== do_innetgr_nested: failed to initialize context"); 39 + return NSS_UNAVAIL; 40 + diff -up nss_ldap-253/ldap-nss.c nss_ldap-253/ldap-nss.c 41 + --- nss_ldap-253/ldap-nss.c 2009-05-08 13:27:17.000000000 -0400 42 + +++ nss_ldap-253/ldap-nss.c 2009-05-08 14:05:51.000000000 -0400 43 + @@ -1961,6 +1961,7 @@ _nss_ldap_ent_context_init_locked (ent_c 44 + debug ("<== _nss_ldap_ent_context_init_locked"); 45 + return NULL; 46 + } 47 + + ctx->ec_internal = 0; 48 + *pctx = ctx; 49 + } 50 + else 51 + @@ -1990,6 +1991,15 @@ _nss_ldap_ent_context_init_locked (ent_c 52 + 53 + return ctx; 54 + } 55 + +ent_context_t * 56 + +_nss_ldap_ent_context_init_internal_locked (ent_context_t ** pctx) 57 + +{ 58 + + ent_context_t *ctx; 59 + + ctx = _nss_ldap_ent_context_init_locked (pctx); 60 + + if (ctx != NULL) 61 + + ctx->ec_internal = 1; 62 + + return ctx; 63 + +} 64 + 65 + /* 66 + * Clears a given context; we require the caller 67 + @@ -2031,7 +2041,8 @@ _nss_ldap_ent_context_release (ent_conte 68 + 69 + LS_INIT (ctx->ec_state); 70 + 71 + - if (_nss_ldap_test_config_flag (NSS_LDAP_FLAGS_CONNECT_POLICY_ONESHOT)) 72 + + if (!ctx->ec_internal && 73 + + _nss_ldap_test_config_flag (NSS_LDAP_FLAGS_CONNECT_POLICY_ONESHOT)) 74 + { 75 + do_close (); 76 + } 77 + diff -up nss_ldap-253/ldap-nss.h nss_ldap-253/ldap-nss.h 78 + --- nss_ldap-253/ldap-nss.h 2009-05-08 13:35:47.000000000 -0400 79 + +++ nss_ldap-253/ldap-nss.h 2009-05-08 13:52:25.000000000 -0400 80 + @@ -560,6 +560,8 @@ struct ent_context 81 + ldap_state_t ec_state; /* eg. for services */ 82 + int ec_msgid; /* message ID */ 83 + LDAPMessage *ec_res; /* result chain */ 84 + + int ec_internal; /* this context is just a part of a larger 85 + + * query for information */ 86 + ldap_service_search_descriptor_t *ec_sd; /* current sd */ 87 + struct berval *ec_cookie; /* cookie for paged searches */ 88 + }; 89 + @@ -744,6 +746,15 @@ ent_context_t *_nss_ldap_ent_context_ini 90 + ent_context_t *_nss_ldap_ent_context_init_locked (ent_context_t **); 91 + 92 + /* 93 + + * _nss_ldap_ent_context_init_internal_locked() has the same 94 + + * behaviour, except it marks the context as one that's being 95 + + * used to fetch additional data used in answering a request, i.e. 96 + + * that this isn't the "main" context 97 + + */ 98 + + 99 + +ent_context_t *_nss_ldap_ent_context_init_internal_locked (ent_context_t **); 100 + + 101 + +/* 102 + * _nss_ldap_ent_context_release() is used to manually free a context 103 + */ 104 + void _nss_ldap_ent_context_release (ent_context_t *);

+16 -5

pkgs/os-specific/linux/nss_ldap/default.nix

··· 1 - {stdenv, fetchurl, openldap}: 1 + {stdenv, fetchurl, openldap, perl}: 2 2 3 3 stdenv.mkDerivation { 4 - name = "nss_ldap-260"; 4 + name = "nss_ldap-265"; 5 5 6 6 src = fetchurl { 7 - url = http://www.padl.com/download/nss_ldap-260.tar.gz; 8 - sha256 = "0kn022js39mqmy7g5ba911q46223vk7vcf51x28rbl86lp32zv4v"; 7 + url = http://www.padl.com/download/nss_ldap-265.tar.gz; 8 + sha256 = "1a16q9p97d2blrj0h6vl1xr7dg7i4s8x8namipr79mshby84vdbp"; 9 9 }; 10 10 11 + preConfigure = '' 12 + patchShebangs ./vers_string 13 + sed -i s,vers_string,./vers_string, Makefile* 14 + ''; 15 + 16 + patches = [ ./crashes.patch ]; 17 + 18 + postPatch = '' 19 + patch -p0 < ${./nss_ldap-265-glibc-2.16.patch} 20 + ''; 21 + 11 22 preInstall = '' 12 23 installFlagsArray=(INST_UID=$(id -u) INST_GID=$(id -g) LIBC_VERS=2.5 NSS_VERS=2 NSS_LDAP_PATH_CONF=$out/etc/ldap.conf) 13 24 substituteInPlace Makefile \ ··· 16 27 mkdir -p $out/etc 17 28 ''; 18 29 19 - buildInputs = [openldap]; 30 + buildInputs = [ openldap perl ]; 20 31 }

+139

pkgs/os-specific/linux/nss_ldap/nss_ldap-265-glibc-2.16.patch

··· 1 + https://github.com/archlinuxarm/PKGBUILDs/issues/296 2 + 3 + Fixes the bug causing a segfault on nscd and sshd: 4 + symbol lookup error: /usr/lib/libnss_ldap.so.2: undefined symbol: __libc_lock_lock 5 + 6 + --- ldap-nss.c.orig 2012-10-17 12:32:03.908730283 +0000 7 + +++ ldap-nss.c 2012-10-17 12:38:10.906767283 +0000 8 + @@ -148,7 +148,7 @@ 9 + */ 10 + static ldap_session_t __session = { NULL, NULL, 0, LS_UNINITIALIZED }; 11 + 12 + -#if defined(HAVE_PTHREAD_ATFORK) || defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H) 13 + +#if defined(HAVE_PTHREAD_ATFORK) || defined(HAVE___LIBC_ONCE) 14 + static pthread_once_t __once = PTHREAD_ONCE_INIT; 15 + #endif 16 + 17 + @@ -168,7 +168,7 @@ 18 + static int __ssl_initialized = 0; 19 + #endif /* HAVE_LDAPSSL_CLIENT_INIT */ 20 + 21 + -#if defined(HAVE_PTHREAD_ATFORK) || defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H) 22 + +#if defined(HAVE_PTHREAD_ATFORK) || defined(HAVE___LIBC_ONCE) 23 + /* 24 + * Prepare for fork(); lock mutex. 25 + */ 26 + @@ -519,7 +519,7 @@ 27 + } 28 + #endif /* HAVE_NSSWITCH_H */ 29 + 30 + -#if defined(HAVE_PTHREAD_ATFORK) || defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H) 31 + +#if defined(HAVE_PTHREAD_ATFORK) || defined(HAVE___LIBC_ONCE) 32 + static void 33 + do_atfork_prepare (void) 34 + { 35 + @@ -553,7 +553,7 @@ 36 + #ifdef HAVE_PTHREAD_ATFORK 37 + (void) pthread_atfork (do_atfork_prepare, do_atfork_parent, 38 + do_atfork_child); 39 + -#elif defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H) 40 + +#elif defined(HAVE___LIBC_ATFORK) 41 + (void) __libc_atfork (do_atfork_prepare, do_atfork_parent, do_atfork_child); 42 + #endif 43 + 44 + @@ -1119,7 +1119,7 @@ 45 + } 46 + 47 + #ifndef HAVE_PTHREAD_ATFORK 48 + -#if defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H) 49 + +#if defined(HAVE___LIBC_ONCE) 50 + /* 51 + * This bogosity is necessary because Linux uses different 52 + * PIDs for different threads (like IRIX, which we don't 53 + @@ -1151,7 +1151,7 @@ 54 + pid = -1; /* linked against libpthreads, don't care */ 55 + #else 56 + pid = getpid (); 57 + -#endif /* HAVE_LIBC_LOCK_H || HAVE_BITS_LIBC_LOCK_H */ 58 + +#endif /* HAVE___LIBC_ONCE */ 59 + #endif /* HAVE_PTHREAD_ATFORK */ 60 + 61 + euid = geteuid (); 62 + @@ -1161,7 +1161,7 @@ 63 + syslog (LOG_DEBUG, 64 + "nss_ldap: __session.ls_state=%d, __session.ls_conn=%p, __euid=%i, euid=%i", 65 + __session.ls_state, __session.ls_conn, __euid, euid); 66 + -#elif defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H) 67 + +#elif defined(HAVE___LIBC_ONCE) 68 + syslog (LOG_DEBUG, 69 + "nss_ldap: libpthreads=%s, __session.ls_state=%d, __session.ls_conn=%p, __pid=%i, pid=%i, __euid=%i, euid=%i", 70 + ((__pthread_once == NULL || __pthread_atfork == NULL) ? "FALSE" : "TRUE"), 71 + @@ -1185,11 +1185,11 @@ 72 + } 73 + else 74 + #ifndef HAVE_PTHREAD_ATFORK 75 + -#if defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H) 76 + +#if defined(HAVE___LIBC_ONCE) 77 + if ((__pthread_once == NULL || __pthread_atfork == NULL) && __pid != pid) 78 + #else 79 + if (__pid != pid) 80 + -#endif /* HAVE_LIBC_LOCK_H || HAVE_BITS_LIBC_LOCK_H */ 81 + +#endif /* HAVE___LIBC_ONCE */ 82 + { 83 + do_close_no_unbind (); 84 + } 85 + @@ -1250,9 +1250,9 @@ 86 + debug ("<== do_init (pthread_once failed)"); 87 + return NSS_UNAVAIL; 88 + } 89 + -#elif defined(HAVE_PTHREAD_ATFORK) && ( defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H) ) 90 + +#elif defined(HAVE_PTHREAD_ATFORK) && defined(HAVE___LIBC_ONCE) 91 + __libc_once (__once, do_atfork_setup); 92 + -#elif defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H) 93 + +#elif defined(HAVE___LIBC_ONCE) 94 + /* 95 + * Only install the pthread_atfork() handlers i 96 + * we are linked against libpthreads. Otherwise, 97 + --- ldap-nss.h.orig 2012-10-17 12:33:05.681379283 +0000 98 + +++ ldap-nss.h 2012-10-17 12:34:06.337050753 +0000 99 + @@ -671,7 +671,7 @@ 100 + #define NSS_LDAP_LOCK(m) mutex_lock(&m) 101 + #define NSS_LDAP_UNLOCK(m) mutex_unlock(&m) 102 + #define NSS_LDAP_DEFINE_LOCK(m) static mutex_t m = DEFAULTMUTEX 103 + -#elif defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H) 104 + +#elif defined(HAVE___LIBC_LOCK_LOCK) && defined(HAVE___LIBC_LOCK_UNLOCK) 105 + #define NSS_LDAP_LOCK(m) __libc_lock_lock(m) 106 + #define NSS_LDAP_UNLOCK(m) __libc_lock_unlock(m) 107 + #define NSS_LDAP_DEFINE_LOCK(m) static pthread_mutex_t m = PTHREAD_MUTEX_INITIALIZER 108 + --- ldap-nss.c.orig 2012-10-17 12:58:20.270783283 +0000 109 + +++ ldap-nss.c 2012-10-17 12:58:43.699267283 +0000 110 + @@ -156,7 +156,7 @@ 111 + static FILE *__debugfile; 112 + #endif /* LBER_OPT_LOG_PRINT_FILE */ 113 + 114 + -#ifndef HAVE_PTHREAD_ATFORK 115 + +#if !defined(HAVE_PTHREAD_ATFORK) || !defined(HAVE___LIBC_ONCE) 116 + /* 117 + * Process ID that opened the session. 118 + */ 119 + --- configure.in.orig 2012-10-17 12:59:31.707235283 +0000 120 + +++ configure.in 2012-10-17 13:00:15.854289283 +0000 121 + @@ -255,6 +255,7 @@ 122 + AC_CHECK_FUNCS(pthread_once) 123 + AC_CHECK_FUNCS(ether_aton) 124 + AC_CHECK_FUNCS(ether_ntoa) 125 + +AC_CHECK_FUNCS(__libc_once __libc_atfork __libc_lock_lock __libc_lock_unlock) 126 + 127 + AC_MSG_CHECKING(for struct ether_addr) 128 + AC_TRY_COMPILE([#include <sys/types.h> 129 + --- ldap-nss.c.orig 2012-10-17 13:02:01.418010283 +0000 130 + +++ ldap-nss.c 2012-10-17 13:03:25.017240283 +0000 131 + @@ -1102,7 +1102,7 @@ 132 + do_init (void) 133 + { 134 + ldap_config_t *cfg; 135 + -#ifndef HAVE_PTHREAD_ATFORK 136 + +#if !defined(HAVE_PTHREAD_ATFORK) || !defined(HAVE___LIBC_ONCE) 137 + pid_t pid; 138 + #endif 139 + uid_t euid;