From 602a75f5be28adc6fe962d87bd4456629c54db68 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: May 12 2020 12:36:21 +0000
Subject: import nss-pam-ldapd-0.8.13-22.el7_8.1


---

diff --git a/SOURCES/0028-increase-password-buffer-size.patch b/SOURCES/0028-increase-password-buffer-size.patch
new file mode 100644
index 0000000..0360559
--- /dev/null
+++ b/SOURCES/0028-increase-password-buffer-size.patch
@@ -0,0 +1,64 @@
+From 4c7656e6d140f199546347e87849a2d11cef4b60 Mon Sep 17 00:00:00 2001
+From: Arthur de Jong <arthur@arthurdejong.org>
+Date: Sat, 7 Dec 2013 22:04:30 +0000
+Subject: increase password buffer size (thanks Bersl) (7140d21 from 0.9)
+
+git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd-0.8@2056 ef36b2f9-881f-0410-afb5-c4e39611909c
+---
+ AUTHORS        | 1 +
+ nslcd/group.c  | 2 +-
+ nslcd/passwd.c | 2 +-
+ nslcd/shadow.c | 2 +-
+ 4 files changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/AUTHORS b/AUTHORS
+index 65ee078..418c1a4 100644
+--- a/AUTHORS
++++ b/AUTHORS
+@@ -120,3 +120,4 @@ Matthew L. Dailey <matthew.l.dailey@dartmouth.edu>
+ Chris Hiestand <chiestand@salk.edu>
+ Jon Severinsson <jon@severinsson.net>
+ John Sullivan <jsrhbz@kanargh.force9.co.uk>
++Bersl <bersl2@bersl2.info>
+diff --git a/nslcd/group.c b/nslcd/group.c
+index ebf52dd..dd72d8a 100644
+--- a/nslcd/group.c
++++ b/nslcd/group.c
+@@ -254,7 +254,7 @@ static int write_group(TFILE *fp,MYLDAP_ENTRY *entry,const char *reqname,
+   gid_t gids[MAXGIDS_PER_ENTRY];
+   int numgids;
+   char *tmp;
+-  char passbuffer[64];
++  char passbuffer[256];
+   int rc;
+   /* get group name (cn) */
+   names=myldap_get_values(entry,attmap_group_cn);
+diff --git a/nslcd/passwd.c b/nslcd/passwd.c
+index bf05fac..e940268 100644
+--- a/nslcd/passwd.c
++++ b/nslcd/passwd.c
+@@ -464,7 +464,7 @@ static int write_passwd(TFILE *fp,MYLDAP_ENTRY *entry,const char *requser,
+   char gecos[1024];
+   char homedir[256];
+   char shell[64];
+-  char passbuffer[64];
++  char passbuffer[256];
+   int i,j;
+   /* get the usernames for this entry */
+   usernames=myldap_get_values(entry,attmap_passwd_uid);
+diff --git a/nslcd/shadow.c b/nslcd/shadow.c
+index f7dee7d..87ef1f2 100644
+--- a/nslcd/shadow.c
++++ b/nslcd/shadow.c
+@@ -294,7 +294,7 @@ static int write_shadow(TFILE *fp,MYLDAP_ENTRY *entry,const char *requser)
+   long expiredate;
+   unsigned long flag;
+   int i;
+-  char passbuffer[64];
++  char passbuffer[256];
+   /* get username */
+   usernames=myldap_get_values(entry,attmap_shadow_uid);
+   if ((usernames==NULL)||(usernames[0]==NULL))
+-- 
+cgit v1.2.1
+
diff --git a/SPECS/nss-pam-ldapd.spec b/SPECS/nss-pam-ldapd.spec
index 5f445d9..4983093 100644
--- a/SPECS/nss-pam-ldapd.spec
+++ b/SPECS/nss-pam-ldapd.spec
@@ -39,7 +39,7 @@
 
 Name:		nss-pam-ldapd
 Version:	0.8.13
-Release:	22%{?dist}
+Release:	22%{?dist}.1
 Summary:	An nsswitch module which uses directory servers
 Group:		System Environment/Base
 License:	LGPLv2+
@@ -64,7 +64,7 @@ Patch12:        nss-pam-ldapd-0.8.13-password-longer-than-64-chars.patch
 Patch13:        nss-pam-ldapd-0.8.13-uri-man-fix.patch
 Patch14:        nss-pam-ldapd-0.8.13-uid_formatting.patch
 Patch15:        nss-pam-ldapd-bz1676861-Increase-size-of-config-file-token.patch
-# rhbz#1612543 - Password expiration notification is not sent if the LDAP user doesn't have the objectClass shadowAccount. 
+# rhbz#1612543 - Password expiration notification is not sent if the LDAP user doesn't have the objectClass shadowAccount.
 Patch16:        0016-Backport-of-request-and-parse-password-policy-contro.patch
 Patch17:        0017-Backport-of-passing-expiration-controls-back-to-PAM-.patch
 Patch18:        0018-Also-extract-policy-controls-on-BIND-failure.patch
@@ -76,9 +76,10 @@ Patch23:        0023-Backport-typo-fixes-in-password-expiration-warnings.patch
 Patch24:        0024-Allow-logging-longer-lines.patch
 # rhbz#1618558 - AD authentication on RHEL using nslcd fails with error "pwdLastSet: password changed in the future"
 Patch25:        0025-Backport-of-Update-shadow.c-to-resolve-pwdLastSet-is.patch
-# rhbz#1612543 - Password expiration notification is not sent if the LDAP user doesn't have the objectClass shadowAccount. 
+# rhbz#1612543 - Password expiration notification is not sent if the LDAP user doesn't have the objectClass shadowAccount.
 Patch26:        0026-RHEL-specific-Disable-the-password-policies-unless-e.patch
 Patch27:        0027-RHEL-specific-document-the-ppolicy-option-default.patch
+Patch28:        0028-increase-password-buffer-size.patch
 
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:	openldap-devel, krb5-devel
@@ -153,6 +154,7 @@ nsswitch module.
 %patch25 -p1 -b .pwd_last_set
 %patch26 -p1 -b .ppolicy_default
 %patch27 -p1 -b .ppolicy_default_man
+%patch28 -p1 -b .password_buffer_length
 autoreconf -f -i
 
 %build
@@ -389,6 +391,10 @@ exit 0
 %endif
 
 %changelog
+* Tue Mar 31 2020 Tomas Halman <thalman@redhat.com> - 0.8.13-22.1
+- Extend password buffer length to allow modern hashes
+- Resolves: rhbz#1819648 - Truncated shadowPasswords in nslcd 0.8.13
+
 * Tue Sep 17 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.8.13-22
 - Do not enable the password expiration controls by default
 - Document the option and its default
@@ -651,7 +657,7 @@ exit 0
 * Thu Sep 24 2009 Nalin Dahyabhai <nalin@redhat.com> 0.6.11-2
 - rebuild
 
-* Wed Sep 16 2009 Nalin Dahyabhai <nalin@redhat.com> 
+* Wed Sep 16 2009 Nalin Dahyabhai <nalin@redhat.com>
 - apply Mitchell Berger's patch to clean up the init script, use %%{_initddir},
   and correct the %%post so that it only thinks about turning on nslcd when
   we're first being installed (#522947)