Bug#390241: diff for 251-5.2 NMU

Steinar H. Gunderson Fri, 29 Sep 2006 16:56:01 -0700

Package: libnss-ldap
Version: 251-5.1
Severity: normal
Tags: patch

Hi,


Attached is the diff for my libnss-ldap 251-5.2 NMU.

-- 
Homepage: http://www.sesse.net/

diff -Nru /tmp/r3dco3LwXw/libnss-ldap-251/debian/changelog 
/tmp/4X2xPacO3V/libnss-ldap-251/debian/changelog
--- /tmp/r3dco3LwXw/libnss-ldap-251/debian/changelog    2006-09-30 
01:28:55.000000000 +0200
+++ /tmp/4X2xPacO3V/libnss-ldap-251/debian/changelog    2006-09-30 
01:28:56.000000000 +0200
@@ -1,3 +1,26 @@
+libnss-ldap (251-5.2) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * When doing substitutions in libnss-ldap.conf, pass the values to the Perl
+    program as environment variables instead of directly to the program;
+    should eliminate the problems with having to escape them.
+    (Closes: #376684, #386141)
+  * Change the init script policy. Instead of stopping libnss-ldap.init on
+    clean shutdown (touching a file) and starting it after networking (rm-ing
+    it), we touch the file in /lib/init/rw as soon as possible (right before
+    udev is started, touching a file) and stop it after initial system bootup.
+    This fixes both issues with /var being on a separate partition, and
+    unclean shutdown where the file would not be created. (To make sure we
+    don't get similar problems during shutdown, we create it in runlevels 0
+    and 6 as before, but we don't assume it's still there when we boot, since
+    it's on a tmpfs now.) (Closes: #375077)
+  * Block SIGPIPE in do_atfork_child(), as some versions of libldap2 in some
+    circumstances (notably with TLS enabled) write data onto our dummy socket
+    during close, which raises a SIGPIPE that should not be delivered on to the
+    application. (Closes: #376426, #388574)
+
+ -- Steinar H. Gunderson <[EMAIL PROTECTED]>  Fri, 29 Sep 2006 12:29:33 +0200
+
 libnss-ldap (251-5.1) unstable; urgency=low
 
   * Fixed regexp in postinstall script as described by
diff -Nru /tmp/r3dco3LwXw/libnss-ldap-251/debian/libnss-ldap.dirs 
/tmp/4X2xPacO3V/libnss-ldap-251/debian/libnss-ldap.dirs
--- /tmp/r3dco3LwXw/libnss-ldap-251/debian/libnss-ldap.dirs     2006-09-30 
01:28:55.000000000 +0200
+++ /tmp/4X2xPacO3V/libnss-ldap-251/debian/libnss-ldap.dirs     2006-09-30 
01:28:56.000000000 +0200
@@ -1,3 +1,2 @@
 usr/share/libnss-ldap
 usr/share/doc/libnss-ldap
-var/lib/libnss-ldap
diff -Nru /tmp/r3dco3LwXw/libnss-ldap-251/debian/libnss-ldap.init 
/tmp/4X2xPacO3V/libnss-ldap-251/debian/libnss-ldap.init
--- /tmp/r3dco3LwXw/libnss-ldap-251/debian/libnss-ldap.init     2006-09-30 
01:28:55.000000000 +0200
+++ /tmp/4X2xPacO3V/libnss-ldap-251/debian/libnss-ldap.init     2006-09-30 
01:28:56.000000000 +0200
@@ -2,9 +2,9 @@
 
 case "$1" in
   start|restart|force-reload)
-       rm -f /var/lib/libnss-ldap/bind_policy_soft ;;
+       touch /lib/init/rw/libnss-ldap.bind_policy_soft ;;
   stop)
-       touch /var/lib/libnss-ldap/bind_policy_soft ;;
+       rm -f /lib/init/rw/libnss-ldap.bind_policy_soft ;;
   *)
        echo "Usage: $0 {start|stop|restart|force-reload}"
        exit 1
diff -Nru /tmp/r3dco3LwXw/libnss-ldap-251/debian/libnss-ldap.postinst 
/tmp/4X2xPacO3V/libnss-ldap-251/debian/libnss-ldap.postinst
--- /tmp/r3dco3LwXw/libnss-ldap-251/debian/libnss-ldap.postinst 2006-09-30 
01:28:55.000000000 +0200
+++ /tmp/4X2xPacO3V/libnss-ldap-251/debian/libnss-ldap.postinst 2006-09-30 
01:28:56.000000000 +0200
@@ -19,14 +19,6 @@
        value=$2
        commented=0 ; notthere=0
 
-       # escape slash and backslash for later regex compat
-       # the order is important, first the backslashes
-       value=`echo $value | sed -s 's#\\\#\\\\\\\#g'`
-       # then the slashes
-       value=`echo $value | sed -s 's#/#\\\/#g'`
-       # escape hyphen in domainnames for later regex compat (ex. 
example-city.net)
-       value=`echo $value | sed -s 's#-#\\\-#g'`
-
        egrep -i -q "^$parameter " $CONFFILE || notthere=1
        if [ "$notthere" = "1" ]; then
                if ( egrep -i -q "^# *$parameter" $CONFFILE ); then
@@ -45,8 +37,8 @@
                # i really need a better way to do this...
                # currently we replace only the first match, we need a better
                # way of dealing with multiple hits.
-               perl -i -p -e "s-$replacestring-$parameter $value-i 
-                       and \$match=1 if (\$match != 1)" $CONFFILE
+               value=$value parameter=$parameter perl -i -p -e 's/^# 
*\Q$ENV{"parameter"}\E .*/$ENV{"parameter"} $ENV{"value"}/i
+                       and $match=1 unless ($match)' $CONFFILE
        fi
 }
 
@@ -184,13 +176,10 @@
        fi
 fi
 
-# The /var/lib/libnss-ldap directory is used for one purpose:
-# to provide a place to store the 'bind_policy_soft' flag file
-# which is created on system shutdown and removed once the system
-# has restarted.  The existance of this file changes the bind_policy
-# to 'soft', which means that NSS lookups fail immediately when no
-# LDAP server is available.  This is sensible during the boot process
-# since networking might not be available.
-chmod 755 /var/lib/libnss-ldap
+# This directory was used earlier, and should no longer have any
+# function (we use /lib/init/rw instead).
+if [ -d /var/lib/libnss-ldap ]; then
+       rm -rf /var/lib/libnss-ldap
+fi
 
 #DEBHELPER#
diff -Nru /tmp/r3dco3LwXw/libnss-ldap-251/debian/rules 
/tmp/4X2xPacO3V/libnss-ldap-251/debian/rules
--- /tmp/r3dco3LwXw/libnss-ldap-251/debian/rules        2006-09-30 
01:28:55.000000000 +0200
+++ /tmp/4X2xPacO3V/libnss-ldap-251/debian/rules        2006-09-30 
01:28:56.000000000 +0200
@@ -9,7 +9,7 @@
 DEB_CONFIGURE_EXTRA_FLAGS += --enable-rfc2307bis --with-ldap-lib=openldap 
--with-ldap-conf-file=/etc/libnss-ldap.conf 
--with-ldap-secret-file=/etc/libnss-ldap.secret --enable-schema-mapping 
--enable-paged-results --enable-configurable-krb5-ccname-gssapi
 DEB_DESTDIR = $(CURDIR)/debian/tmp
 DEB_OPT_FLAG += -fPIC
-DEB_DH_INSTALLINIT_ARGS = -- defaults 99 01
+DEB_DH_INSTALLINIT_ARGS = --no-start -- start 03 S . start 01 0 . stop 01 2 . 
stop 01 3 . stop 01 4 . stop 01 5 . start 01 6 .
 
 MY_INST_DIR = $(CURDIR)/debian/libnss-ldap/usr/share
 
diff -Nru /tmp/r3dco3LwXw/libnss-ldap-251/ldap-nss.c 
/tmp/4X2xPacO3V/libnss-ldap-251/ldap-nss.c
--- /tmp/r3dco3LwXw/libnss-ldap-251/ldap-nss.c  2006-09-30 01:28:55.000000000 
+0200
+++ /tmp/4X2xPacO3V/libnss-ldap-251/ldap-nss.c  2006-09-30 01:28:56.000000000 
+0200
@@ -533,7 +533,9 @@
 do_atfork_child (void)
 {
   debug ("==> do_atfork_child");
+  _nss_ldap_block_sigpipe();
   do_close_no_unbind ();
+  _nss_ldap_unblock_sigpipe();
   NSS_LDAP_UNLOCK (__lock);
   debug ("<== do_atfork_child");
 }
@@ -554,13 +556,9 @@
 }
 #endif
 
-/*
- * Acquires global lock, blocks SIGPIPE.
- */
 void
-_nss_ldap_enter (void)
+_nss_ldap_block_sigpipe (void)
 {
-
 #ifdef HAVE_SIGACTION
   struct sigaction new_handler;
 
@@ -574,10 +572,6 @@
   new_handler.sa_flags = 0;
 #endif /* HAVE_SIGACTION */
 
-  debug ("==> _nss_ldap_enter");
-
-  NSS_LDAP_LOCK (__lock);
-
   /*
    * Patch for Debian Bug 130006:
    * ignore SIGPIPE for all LDAP operations.
@@ -596,18 +590,11 @@
 #else
   __sigpipe_handler = signal (SIGPIPE, SIG_IGN);
 #endif /* HAVE_SIGSET */
-
-  debug ("<== _nss_ldap_enter");
 }
 
-/*
- * Releases global mutex, releases SIGPIPE.
- */
 void
-_nss_ldap_leave (void)
+_nss_ldap_unblock_sigpipe (void)
 {
-  debug ("==> _nss_ldap_leave");
-
 #ifdef HAVE_SIGACTION
   if (__sigaction_retval == 0)
     (void) sigaction (SIGPIPE, &__stored_handler, NULL);
@@ -621,7 +608,31 @@
 # endif        /* HAVE_SIGSET */
     }
 #endif /* HAVE_SIGACTION */
+}
+
+/*
+ * Acquires global lock, blocks SIGPIPE.
+ */
+void
+_nss_ldap_enter (void)
+{
+  debug ("==> _nss_ldap_enter");
+
+  NSS_LDAP_LOCK (__lock);
+  _nss_ldap_block_sigpipe();
+
+  debug ("<== _nss_ldap_enter");
+}
+
+/*
+ * Releases global mutex, releases SIGPIPE.
+ */
+void
+_nss_ldap_leave (void)
+{
+  debug ("==> _nss_ldap_leave");
 
+  _nss_ldap_unblock_sigpipe();
   NSS_LDAP_UNLOCK (__lock);
 
   debug ("<== _nss_ldap_leave");
@@ -2558,17 +2569,13 @@
            hard = 0;
 
          /*
-          * If the file /var/lib/libnss-ldap/bind_policy_soft exists,
+          * If the file /lib/init/rw/libnss-ldap.bind_policy_soft exists,
           * then ignore the actual bind_policy definition and use the
           * soft semantics.  This file should only exist during early
           * boot and late shutdown, points at which the networking or
           * the LDAP server itself are likely to be unavailable anyway.
-          *
-          * NOTE: If /var/lib doesn't exist then /var must not be mounted
-          * yet and so we're still early in the boot process.
           */
-         if (access("/var/lib",R_OK) == -1 ||
-                         access("/var/lib/libnss-ldap/bind_policy_soft",R_OK) 
== 0)
+         if (access("/lib/init/rw/libnss-ldap.bind_policy_soft",R_OK) == 0)
              hard = 0;
 
          ++tries;
diff -Nru /tmp/r3dco3LwXw/libnss-ldap-251/ldap-nss.h 
/tmp/4X2xPacO3V/libnss-ldap-251/ldap-nss.h
--- /tmp/r3dco3LwXw/libnss-ldap-251/ldap-nss.h  2006-09-30 01:28:55.000000000 
+0200
+++ /tmp/4X2xPacO3V/libnss-ldap-251/ldap-nss.h  2006-09-30 01:28:56.000000000 
+0200
@@ -688,6 +688,9 @@
 #define NSS_LDAP_DEFINE_LOCK(m)
 #endif
 
+void _nss_ldap_block_sigpipe (void);
+void _nss_ldap_unblock_sigpipe (void);
+
 /*
  * Acquire global nss_ldap lock and blocks SIGPIPE.
  * Generally this should only be done within ldap-nss.c.

Bug#390241: diff for 251-5.2 NMU

Reply via email to