From f2cb5e1fc3a9814999984f082ad7d1d83c9bde9d Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Nov 02 2022 16:07:01 +0000
Subject: import slapi-nis-0.60.0-1.el7_9


---

diff --git a/.gitignore b/.gitignore
index 811bcba..14d5db2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/slapi-nis-0.56.5.tar.gz
+SOURCES/slapi-nis-0.60.0.tar.gz
diff --git a/.slapi-nis.metadata b/.slapi-nis.metadata
index 8e1fbca..c8db1e4 100644
--- a/.slapi-nis.metadata
+++ b/.slapi-nis.metadata
@@ -1 +1 @@
-3766addae0581012e6f2429270f093c3862db68c SOURCES/slapi-nis-0.56.5.tar.gz
+e5a84cf93b13b174c6d865de2f735cbfbc950917 SOURCES/slapi-nis-0.60.0.tar.gz
diff --git a/SOURCES/cve-2021-3480-fix.patch b/SOURCES/cve-2021-3480-fix.patch
deleted file mode 100644
index 592c2d3..0000000
--- a/SOURCES/cve-2021-3480-fix.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 2f2b7ecd9d6a0f5044c24e4f96464942a1d873db Mon Sep 17 00:00:00 2001
-From: Alexander Bokovoy <abokovoy@redhat.com>
-Date: Wed, 7 Apr 2021 14:40:52 +0300
-Subject: [PATCH] CVE-2021-3480: invalid bind DN crash
-
-For certain LDAP bind operations 389-ds would pass unvalidated bind DN
-to bind plugins. A first attempt to normalize the DN would find that out
-and should reject the request.
-
-Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
----
- src/back-sch.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/src/back-sch.c b/src/back-sch.c
-index a5e4c04..d806627 100644
---- a/src/back-sch.c
-+++ b/src/back-sch.c
-@@ -1988,6 +1988,11 @@ backend_locate_cb(const char *group, const char *set, bool_t flag,
- 		rdn = slapi_rdn_new_sdn(cbdata->target_dn);
- 		if (rdn != NULL) {
- 			rdnstr = slapi_rdn_get_nrdn(rdn);
-+			if (rdnstr == NULL) {
-+				/* normalizing RDN failed, break the search */
-+				slapi_rdn_free(&rdn);
-+				return FALSE;
-+			}
- 			if (map_match(cbdata->state, group, set, &flag,
- 				      strlen(rdnstr), rdnstr,
- 				      &ndnlen, &ndn,
--- 
-2.31.1
-
diff --git a/SOURCES/slapi-nis-0.56.5.tar.gz.asc b/SOURCES/slapi-nis-0.56.5.tar.gz.asc
deleted file mode 100644
index 075609e..0000000
--- a/SOURCES/slapi-nis-0.56.5.tar.gz.asc
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCgAdFiEEEb9A7wQ1zA7rMdssD2m7b4Oa3L0FAl6v1FsACgkQD2m7b4Oa
-3L2MLwgAuQNbDTVFDLFBP2+tAXlPnvVL6q476BMffBDVA4U1L3F1OFABMmTRfOC8
-WM8m90YjkOwUIC1wvwn+Mbw2Y0YWJY3AwR2xM/3KTxd2YVqIN68nPOax0BAYMJfS
-drVV8asb8Cg4uQ+xUdcrGg0mpiYbC5slTX8p8zdAMylYgXxTKRBnqZItCkQ8zgtj
-+euh8gof7ORMaRVNhHFH2UsMGAHQf9JfCnnKIPWOU2NO1bKS/v7P9I5vb3dOB4gF
-/88GxWAMbME8/Y7syYQ314ROCqbQybBM0T7f6xixvHFF/tgI+V36wHN6XdpadbcU
-6TrOLdyrQUbSXltmFbF6N0Od5/VAXw==
-=rpl9
------END PGP SIGNATURE-----
diff --git a/SOURCES/slapi-nis-0.60.0.tar.gz.asc b/SOURCES/slapi-nis-0.60.0.tar.gz.asc
new file mode 100644
index 0000000..a708ec9
--- /dev/null
+++ b/SOURCES/slapi-nis-0.60.0.tar.gz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEhAodHH8+xLL+UwQ1RxniuKu/YhoFAmMAimgACgkQRxniuKu/
+YhorRw/8D0typYdDLGlalL7nMo57rjSApgy6gA4FKxMsNg/KiN1/7rMoCbu13iG0
+sP6wpeZLjBNI/nWGYLRuQOyi7DSxgXYlNp+8xzJDMKjnNjRSaK+/EjqIcWhdWoEq
+Q1JDjTdJ3hDCWCMQFrA/EBqb/WgQAhdmPdVzMoy6L2GBvX7W+UlCWaSMfpq5hnqg
+9SZe4NpC7i6BVhHrnWUMsQRcApnjdHlC8tQmzqdD0+iNer0asXmJcQGCI9W7EwAs
+MT4be/C2hfLfWgBdaMCZGgefGFYGI1ec+hfM9jyGsJcBsRXQ8Rq+VOLEI7lkD+wc
+nQwq1VVVcAwFkbziQ5JBZqOKdem8lo9Mucn/sQ297EIfIi8NVhlDDZFtkgsYAglT
+gaEeK4+d0QNz2+ViwJxGp2l0mG2inV8GjiyINpntbw8dh+qwI8xLI6/6B7R6wP30
+Kj/90EehX0vFXX2ylrkrvg3d7UGp6PBgsiqeaJT5bL2ItVKJl8FyD0N9JsEL766/
+SKqNHGZjEJv1rzPf2MMqutLHe1aSyTBjq4JBYPJKHAXPdvZluyALLM94erZqA/tJ
+17PCLAf3P+OvixcnyzsUTP9U7SNlLPiMqwyvUB26ul0+CqEqKzZxiTOfpbKQ8p/j
+3QpkrKLn0JbofZN1K7H6x/Mdwe5scdeTP0T8YPJm+ofZq+fBdnI=
+=ZUV6
+-----END PGP SIGNATURE-----
diff --git a/SOURCES/slapi-nis-bz1832190.patch b/SOURCES/slapi-nis-bz1832190.patch
deleted file mode 100644
index 570735b..0000000
--- a/SOURCES/slapi-nis-bz1832190.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From e8c3ed416a442f5a431ca48f7ea384a6abc1fa53 Mon Sep 17 00:00:00 2001
-From: Alexander Bokovoy <abokovoy@redhat.com>
-Date: Wed, 6 May 2020 14:08:41 +0300
-Subject: [PATCH] Initialize map lock in NIS plugin as well
-
-Also if ignored_containers_sdn is NULL, we don't really need to check
-whether a write could be ignored. It has to be processed, so bail out
-early with FALSE.
-
-Resolves: rhbz#1832190
-
-Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
----
- src/back-shr.c | 4 ++++
- src/plug-nis.c | 3 +++
- 2 files changed, 7 insertions(+)
-
-diff --git a/src/back-shr.c b/src/back-shr.c
-index e2b5dd3..c6a181e 100644
---- a/src/back-shr.c
-+++ b/src/back-shr.c
-@@ -2960,6 +2960,10 @@ backend_shr_write_ignore(Slapi_PBlock *pb)
-     int i = 0;
-     PRBool ignore = PR_FALSE;
- 
-+    if (ignored_containers_sdn == NULL) {
-+        return ignore;
-+    }
-+
-     /* Check if the target DN is a subordinates of
-      * on of the ignored containers
-      */
-diff --git a/src/plug-nis.c b/src/plug-nis.c
-index ee90c37..0ce4ae6 100644
---- a/src/plug-nis.c
-+++ b/src/plug-nis.c
-@@ -540,6 +540,9 @@ nis_plugin_init(Slapi_PBlock *pb)
- 				"error setting up plugin\n");
- 		return -1;
- 	}
-+
-+	init_map_lock();
-+
- 	/* Read global configuration. */
- 	if ((slapi_pblock_get(pb, SLAPI_PLUGIN_CONFIG_ENTRY,
- 			      &plugin_entry) == 0) &&
--- 
-2.25.4
-
diff --git a/SOURCES/slapi-nis-fix-valgrind-issues.patch b/SOURCES/slapi-nis-fix-valgrind-issues.patch
deleted file mode 100644
index d268f6e..0000000
--- a/SOURCES/slapi-nis-fix-valgrind-issues.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From dbe1e300171e04cc328a4f31d0bffcac056e7cfa Mon Sep 17 00:00:00 2001
-From: Alexander Bokovoy <abokovoy@redhat.com>
-Date: Mon, 31 Aug 2020 16:53:47 +0300
-Subject: [PATCH] idviews: clear intermediate target DN in all cases
-
-When processing a search request, slapi-nis attempts to detect an ID
-View lookup. A target DN is modified by extracting an ID view name. This
-temporary string is freed in the successful case but left unotouched if
-ID View wasn't requested. As a result, small leaks on each search
-request accumulate and a memory can get lost.
-
-Resolves: rhbz#1866113
-
-Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
----
- src/back-sch.c | 15 +++++++++------
- 1 file changed, 9 insertions(+), 6 deletions(-)
-
-diff --git a/src/back-sch.c b/src/back-sch.c
-index 03abbeb..f8b04a3 100644
---- a/src/back-sch.c
-+++ b/src/back-sch.c
-@@ -1767,6 +1767,7 @@ backend_search_cb(Slapi_PBlock *pb)
- 			/* Perform another check, now for rewritten DN */
- 			cbdata.target_dn = slapi_sdn_new_dn_byval(target);
- 			map_data_foreach_domain(cbdata.state, backend_search_find_set_dn_cb, &cbdata);
-+
- 			/* Rewritten DN might still be outside of our trees */
- 			if (cbdata.answer == TRUE) {
- 				slapi_log_error(SLAPI_LOG_PLUGIN, cbdata.state->plugin_desc->spd_id,
-@@ -1774,19 +1775,21 @@ backend_search_cb(Slapi_PBlock *pb)
- 						"for \"%s\" with scope %d%s. Filter may get overridden later.\n",
- 						cbdata.idview, target, cbdata.strfilter, cbdata.scope,
- 						backend_sch_scope_as_string(cbdata.scope));
--			} else {
--				slapi_sdn_free(&cbdata.target_dn);
--				slapi_ch_free_string(&target);
--				slapi_ch_free_string(&cbdata.idview);
-+			}
-+
-+			slapi_sdn_free(&cbdata.target_dn);
-+			slapi_ch_free_string(&cbdata.idview);
-+
-+			if (cbdata.answer == FALSE) {
- 				slapi_log_error(SLAPI_LOG_PLUGIN,
- 						cbdata.state->plugin_desc->spd_id,
- 						"The search base didn't match any of the containers, "
- 						"ignoring search\n");
-+				slapi_ch_free_string(&target);
- 				return 0;
- 			}
--		} else {
--			slapi_ch_free_string(&target);
- 		}
-+		slapi_ch_free_string(&target);
- 	}
- 	cbdata.answer = FALSE;
- #endif
--- 
-2.26.2
-
diff --git a/SPECS/slapi-nis.spec b/SPECS/slapi-nis.spec
index 8d64830..842c824 100644
--- a/SPECS/slapi-nis.spec
+++ b/SPECS/slapi-nis.spec
@@ -10,17 +10,14 @@
 %endif
 
 Name:		slapi-nis
-Version:	0.56.5
-Release:	4%{?dist}
+Version:	0.60.0
+Release:	1%{?dist}
 Summary:	NIS Server and Schema Compatibility plugins for Directory Server
 Group:		System Environment/Daemons
-License:	GPLv2
+License:	GPLv3
 URL:		http://pagure.io/slapi-nis/
 Source0:	https://releases.pagure.org/slapi-nis/slapi-nis-%{version}.tar.gz
 Source1:	https://releases.pagure.org/slapi-nis/slapi-nis-%{version}.tar.gz.asc
-Patch1:		slapi-nis-bz1832190.patch
-Patch2:		slapi-nis-fix-valgrind-issues.patch
-Patch3: 	cve-2021-3480-fix.patch
 
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:  autoconf
@@ -66,9 +63,6 @@ for attributes from multiple entries in the tree.
 
 %prep
 %setup -q
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
 
 %build
 libtoolize -f -c
@@ -104,6 +98,16 @@ rm -rf $RPM_BUILD_ROOT
 %{_sbindir}/nisserver-plugin-defs
 
 %changelog
+* Wed Sep 09 2022 Alexander Bokovoy <abokovoy@redhat.com> - 0.60.0-1
+- upstream release 0.60.0
+- Change license from GPLv2 to GPLv3+ to follow 389-ds licensing
+- Resolves: rhbz#1978748
+  Release adds following fixes:
+  - Fix ID views integration
+  - Fix base scope lookups
+  - Bump NIS max dgram size to 8KB by default instead of 1KB
+  - Allow to rebuild the compat tree
+
 * Wed Apr 07 2021 Alexander Bokovoy <abokovoy@redhat.com> - 0.56.5-4
 - CVE 2021-3480:  slapi-nis: NULL dereference (DoS) with specially crafted Binding DN
 - Resolves: rhbz#1942937