From e06b741024aa546679a41dc6ef8716edcc778831 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Mar 28 2023 13:08:20 +0000
Subject: import slapi-nis-0.60.0-1.module+el8.8.0+17159+ac558a8b


---

diff --git a/.gitignore b/.gitignore
index 708c42f..14d5db2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/slapi-nis-0.56.6.tar.gz
+SOURCES/slapi-nis-0.60.0.tar.gz
diff --git a/.slapi-nis.metadata b/.slapi-nis.metadata
index 90d7c84..c8db1e4 100644
--- a/.slapi-nis.metadata
+++ b/.slapi-nis.metadata
@@ -1 +1 @@
-c32d869856123cbecd7b3786bc2bd880d01c47ed SOURCES/slapi-nis-0.56.6.tar.gz
+e5a84cf93b13b174c6d865de2f735cbfbc950917 SOURCES/slapi-nis-0.60.0.tar.gz
diff --git a/SOURCES/cve-2021-3480-fix.patch b/SOURCES/cve-2021-3480-fix.patch
deleted file mode 100644
index 592c2d3..0000000
--- a/SOURCES/cve-2021-3480-fix.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 2f2b7ecd9d6a0f5044c24e4f96464942a1d873db Mon Sep 17 00:00:00 2001
-From: Alexander Bokovoy <abokovoy@redhat.com>
-Date: Wed, 7 Apr 2021 14:40:52 +0300
-Subject: [PATCH] CVE-2021-3480: invalid bind DN crash
-
-For certain LDAP bind operations 389-ds would pass unvalidated bind DN
-to bind plugins. A first attempt to normalize the DN would find that out
-and should reject the request.
-
-Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
----
- src/back-sch.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/src/back-sch.c b/src/back-sch.c
-index a5e4c04..d806627 100644
---- a/src/back-sch.c
-+++ b/src/back-sch.c
-@@ -1988,6 +1988,11 @@ backend_locate_cb(const char *group, const char *set, bool_t flag,
- 		rdn = slapi_rdn_new_sdn(cbdata->target_dn);
- 		if (rdn != NULL) {
- 			rdnstr = slapi_rdn_get_nrdn(rdn);
-+			if (rdnstr == NULL) {
-+				/* normalizing RDN failed, break the search */
-+				slapi_rdn_free(&rdn);
-+				return FALSE;
-+			}
- 			if (map_match(cbdata->state, group, set, &flag,
- 				      strlen(rdnstr), rdnstr,
- 				      &ndnlen, &ndn,
--- 
-2.31.1
-
diff --git a/SOURCES/slapi-nis-0.56.6.tar.gz.asc b/SOURCES/slapi-nis-0.56.6.tar.gz.asc
deleted file mode 100644
index bd7d686..0000000
--- a/SOURCES/slapi-nis-0.56.6.tar.gz.asc
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEhAodHH8+xLL+UwQ1RxniuKu/YhoFAl/KPI0ACgkQRxniuKu/
-Yhp7KA//aI0HHAGWn56NjsbLCdk98tpt3YekptGwKpaDiFan7An2JtnJe3CvC71q
-pAWtj1VduHLx+cAxRaRPKSheMkqv9qKrIvhtDHKEgTs9zkxZ02AYa8Emof9x8v6h
-KsnRYMpy5TmKlvT8urnNbrkQXcxGvfjkaBYdaLegT87tSuLsB5vmZpfDbcdMuZ6V
-mfU7JOoKpq0aXg/cYfSc3Br8njZujQXjdUipwKQMBQivNdFzkUk/ly6v8eWXP0O5
-TlD0Rg8QMcSVgqG8hcLVzka078AHzAlOK1B2hGRuFXfRrnd88mDxPps7UEbEfSy3
-oULXpXdQGVet7kujo8JfUyS5D4yiJOS2q/KmES8IGpIUeiwrV+383/pU2UY+lCUU
-Cjv62t4YAwsFOOo+2z0thmzvpEc6FtP9mMx88JRX01OkSCapThgPaGKMfr8wM5Ez
-/3YK4RC14FybOF6jruoTkvlW0b4d6wsZwPHOKs+IeflO8UzncwfxY8L7GiSwTmC/
-40QYCNrXmo79dyg9MGvXtBhUOnfZ41zSVdpzN3EZ5ulMZvdnsBeRK2ixImgQKLSf
-80uZV0k/+koInWYnUQYMbTpKP1843KxZWnLmfd82w1ju5fAsSoDvu9MnomswiRhp
-PzQdcWBSjcQxWjVxwN4RKXqcLCxm99xywTHYIP1xSCuN22KNOLk=
-=EOmw
------END PGP SIGNATURE-----
diff --git a/SOURCES/slapi-nis-0.60.0.tar.gz.asc b/SOURCES/slapi-nis-0.60.0.tar.gz.asc
new file mode 100644
index 0000000..a708ec9
--- /dev/null
+++ b/SOURCES/slapi-nis-0.60.0.tar.gz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEhAodHH8+xLL+UwQ1RxniuKu/YhoFAmMAimgACgkQRxniuKu/
+YhorRw/8D0typYdDLGlalL7nMo57rjSApgy6gA4FKxMsNg/KiN1/7rMoCbu13iG0
+sP6wpeZLjBNI/nWGYLRuQOyi7DSxgXYlNp+8xzJDMKjnNjRSaK+/EjqIcWhdWoEq
+Q1JDjTdJ3hDCWCMQFrA/EBqb/WgQAhdmPdVzMoy6L2GBvX7W+UlCWaSMfpq5hnqg
+9SZe4NpC7i6BVhHrnWUMsQRcApnjdHlC8tQmzqdD0+iNer0asXmJcQGCI9W7EwAs
+MT4be/C2hfLfWgBdaMCZGgefGFYGI1ec+hfM9jyGsJcBsRXQ8Rq+VOLEI7lkD+wc
+nQwq1VVVcAwFkbziQ5JBZqOKdem8lo9Mucn/sQ297EIfIi8NVhlDDZFtkgsYAglT
+gaEeK4+d0QNz2+ViwJxGp2l0mG2inV8GjiyINpntbw8dh+qwI8xLI6/6B7R6wP30
+Kj/90EehX0vFXX2ylrkrvg3d7UGp6PBgsiqeaJT5bL2ItVKJl8FyD0N9JsEL766/
+SKqNHGZjEJv1rzPf2MMqutLHe1aSyTBjq4JBYPJKHAXPdvZluyALLM94erZqA/tJ
+17PCLAf3P+OvixcnyzsUTP9U7SNlLPiMqwyvUB26ul0+CqEqKzZxiTOfpbKQ8p/j
+3QpkrKLn0JbofZN1K7H6x/Mdwe5scdeTP0T8YPJm+ofZq+fBdnI=
+=ZUV6
+-----END PGP SIGNATURE-----
diff --git a/SOURCES/slapi-nis-bz1958909.patch b/SOURCES/slapi-nis-bz1958909.patch
deleted file mode 100644
index 07c2282..0000000
--- a/SOURCES/slapi-nis-bz1958909.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From d18b1d105c928363eddec87af37fda0757cfb440 Mon Sep 17 00:00:00 2001
-From: Alexander Bokovoy <abokovoy@redhat.com>
-Date: Thu, 1 Jul 2021 11:37:38 +0300
-Subject: [PATCH] back-sch: reuse backend_should_descend
-
-When backend_search_find_set_dn_cb() is called, use the same logic as in
-other callbacks -- identify whether we should descend into the group by
-using backend_should_descend().
-
-The issue was introduced in 2015 with ID Views support but was masked
-until 61ea8f6a104da25329e301a8f56944f860de8177 as we always felt through
-to the full scan of the groups anyway. with the latter change the
-fell-through part was removed.
-
-Resolves: rhbz#1958909
-
-Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
-Signed-off-by: Thierry Bordaz <tbordaz@redhat.com>
----
- src/back-sch.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/src/back-sch.c b/src/back-sch.c
-index d806627..0ed06fb 100644
---- a/src/back-sch.c
-+++ b/src/back-sch.c
-@@ -1369,8 +1369,9 @@ backend_search_find_set_dn_cb(const char *group, void *cb_data)
- 
- 	/* Check the group itself. */
- 	group_dn = slapi_sdn_new_dn_byval(group);
--	if (slapi_sdn_scope_test(group_dn, cbdata->target_dn,
--				 cbdata->scope) == 1) {
-+	if (backend_should_descend(group_dn,
-+				   cbdata->target_dn,
-+				   cbdata->scope)) {
- 		cbdata->answer = TRUE;
- 		slapi_sdn_free(&group_dn);
- 		return TRUE;
--- 
-2.31.1
-
diff --git a/SOURCES/slapi-nis-bz1978189.patch b/SOURCES/slapi-nis-bz1978189.patch
deleted file mode 100644
index 93762b4..0000000
--- a/SOURCES/slapi-nis-bz1978189.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 0f700cf71f5531fb6c863990216aa1eb88970dc8 Mon Sep 17 00:00:00 2001
-From: Alexander Bokovoy <abokovoy@redhat.com>
-Date: Wed, 16 Jun 2021 11:08:21 +0300
-Subject: [PATCH] back-sch-nss: only loop if asked to try again
-
-slapi-nis uses sss-idmap library to discover user group membership.  Its
-sss_nss_getgrouplist_timeout() function can return timeout errors as
-well which might cause a busy looping.  sss_nss_getgrouplist_timeout()
-will return ERANGE which is translated by slapi-nis to NSS_STATUS_TRYAGAIN.
-
-Fixes: rhbz#1967179
-
-Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
----
- src/back-sch-nss.c | 13 ++++++++-----
- 1 file changed, 8 insertions(+), 5 deletions(-)
-
-diff --git a/src/back-sch-nss.c b/src/back-sch-nss.c
-index df04a96..b595f3b 100644
---- a/src/back-sch-nss.c
-+++ b/src/back-sch-nss.c
-@@ -589,19 +589,22 @@ repeat:
- 		return NULL;
- 	}
- 
--	do {
-+	for(rc = NSS_STATUS_TRYAGAIN; rc == NSS_STATUS_TRYAGAIN;) {
- 		rc = backend_nss_getgrouplist(ctx, user_name, pwd.pw_gid,
- 					      grouplist, &ngroups,
- 					      &lerrno);
--		if ((rc != NSS_STATUS_SUCCESS)) {
--			tmp_list = realloc(grouplist, ngroups * sizeof(gid_t));
--			if (tmp_list == NULL) {
-+		if (rc == NSS_STATUS_TRYAGAIN) {
-+			tmp_list = NULL;
-+			if (lerrno == ERANGE) {
-+				tmp_list = realloc(grouplist, ngroups * sizeof(gid_t));
-+			}
-+			if ((tmp_list == NULL) || (lerrno == ENOMEM)) {
- 				free(grouplist);
- 				return NULL;
- 			}
- 			grouplist = tmp_list;
- 		}
--	} while (rc != NSS_STATUS_SUCCESS);
-+	}
- 
- 	entries = calloc(ngroups + 1, sizeof(entries[0]));
- 	if (entries == NULL) {
--- 
-2.31.1
-
diff --git a/SOURCES/slapi-nis-bz2000919.patch b/SOURCES/slapi-nis-bz2000919.patch
deleted file mode 100644
index af220f9..0000000
--- a/SOURCES/slapi-nis-bz2000919.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 02a9cb46ece79d6205a847e6941a772febe47cff Mon Sep 17 00:00:00 2001
-From: Viktor Ashirov <vashirov@redhat.com>
-Date: Thu, 5 Aug 2021 16:04:49 +0200
-Subject: [PATCH] back-sch: fix memory leak in backend_search_cb()
-
-Resolves: rhbz#1967906
-
-Signed-off-by: Viktor Ashirov <vashirov@redhat.com>
----
- src/back-sch.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/back-sch.c b/src/back-sch.c
-index 0ed06fb..172d619 100644
---- a/src/back-sch.c
-+++ b/src/back-sch.c
-@@ -1793,6 +1793,7 @@ backend_search_cb(Slapi_PBlock *pb)
- 		slapi_ch_free_string(&target);
- 		if (cbdata.answer == FALSE) {
- 			/* None of the configured trees in the sets matched the target at all, ignore search */
-+			slapi_sdn_free(&cbdata.target_dn);
- 			return 0;
- 		}
- 	}
--- 
-2.31.1
-
diff --git a/SPECS/slapi-nis.spec b/SPECS/slapi-nis.spec
index bcd68e9..83d60cd 100644
--- a/SPECS/slapi-nis.spec
+++ b/SPECS/slapi-nis.spec
@@ -10,18 +10,14 @@
 %endif
 
 Name:		slapi-nis
-Version:	0.56.6
-Release:	4%{?dist}
+Version:	0.60.0
+Release:	1%{?dist}
 Summary:	NIS Server and Schema Compatibility plugins for Directory Server
 Group:		System Environment/Daemons
-License:	GPLv2
+License:	GPLv3
 URL:		http://pagure.io/slapi-nis/
 Source0:	https://releases.pagure.org/slapi-nis/slapi-nis-%{version}.tar.gz
 Source1:	https://releases.pagure.org/slapi-nis/slapi-nis-%{version}.tar.gz.asc
-Patch1: 	cve-2021-3480-fix.patch
-Patch2:         slapi-nis-bz1978189.patch
-Patch3:         slapi-nis-bz1958909.patch
-Patch4:         slapi-nis-bz2000919.patch
 
 BuildRequires:  autoconf
 BuildRequires:  automake
@@ -60,10 +56,6 @@ for attributes from multiple entries in the tree.
 
 %prep
 %setup -q
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
-%patch4 -p1
 
 %build
 autoconf --force
@@ -92,6 +84,17 @@ make check
 %{_sbindir}/nisserver-plugin-defs
 
 %changelog
+* Sat Aug 20 2022 Alexander Bokovoy <abokovoy@redhat.com> - 0.60.0-1
+- upstream release 0.60.0
+- Change license from GPLv2 to GPLv3+ to follow 389-ds licensing
+- Resolves: rhbz#1984010
+  Fix ID views integration
+- Fix base scope lookups
+- Resolves: rhbz#1784172
+  Bump NIS max dgram size to 8KB by default instead of 1KB
+- Resolves: rhbz#2070575
+  Allow to rebuild the compat tree
+
 * Mon Sep 13 2021 Alexander Bokovoy <abokovoy@redhat.com> - 0.56.6-4
 - Resolves: rhbz#2000919 - memory leak in backend_search_cb