SHA256
1
0
forked from pool/glibc

Accepting request 519891 from home:Andreas_Schwab:Factory

- Disable obsolete libnsl and NIS support
- remove-nss-nis-compat.patch: remove nis and compat from default NSS
  configs
- nsswitch.conf: Likewise

OBS-URL: https://build.opensuse.org/request/show/519891
OBS-URL: https://build.opensuse.org/package/show/Base:System/glibc?expand=0&rev=473
This commit is contained in:
Andreas Schwab 2017-08-31 09:37:22 +00:00 committed by Git OBS Bridge
parent f869647ca8
commit 657e98f770
8 changed files with 257 additions and 55 deletions

View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Thu Aug 31 07:06:20 UTC 2017 - schwab@suse.de
- Disable obsolete libnsl and NIS support
- remove-nss-nis-compat.patch: remove nis and compat from default NSS
configs
- nsswitch.conf: Likewise
-------------------------------------------------------------------
Tue Aug 29 07:13:42 UTC 2017 - schwab@suse.de

View File

@ -277,6 +277,8 @@ Patch1001: dl-runtime-resolve-opt-avx512f.patch
Patch1002: libpthread-compat-wrappers.patch
# PATCH-FIX-UPSTREAM Do not use __builtin_types_compatible_p in C++ mode (BZ #21930)
Patch1003: math-c++-compat.patch
# PATCH-FIX-UPSTREAM Remove nis and compat from default NSS configs
Patch1004: remove-nss-nis-compat.patch
###
# Patches awaiting upstream approval
@ -510,6 +512,7 @@ rm nscd/s-stamp
%patch1001 -p1
%patch1002 -p1
%patch1003 -p1
%patch1004 -p1
%patch2000 -p1
%patch2001 -p1
@ -677,7 +680,7 @@ configure_and_build_glibc() {
--enable-kernel=%{enablekernel} \
--with-bugurl=http://bugs.opensuse.org \
--enable-bind-now \
--enable-obsolete-rpc --enable-obsolete-nsl \
--enable-obsolete-rpc \
--disable-timezone-tools
# Should we enable --enable-systemtap?
# Should we enable --enable-nss-crypt to build use freebl3 hash functions?
@ -769,12 +772,6 @@ pushd crypt_blowfish-%{crypt_bf_version}
make man
popd
#######################################################################
###
### CHECK
###
#######################################################################
%check
%if %{build_testsuite}
# The testsuite will fail if asneeded is used
@ -916,6 +913,9 @@ export RPM_BUILD_ROOT
mkdir -p %{buildroot}/%{_lib}/obsolete
%endif
# remove nsl compat library
rm -f %{buildroot}%{_libdir}/libnsl*
# Miscelanna:
install -m 0700 glibc_post_upgrade %{buildroot}%{_sbindir}
@ -1192,8 +1192,6 @@ exit 0
%endif
/%{_lib}/libnsl-%{libversion}.so
/%{_lib}/libnsl.so.1
/%{_lib}/libnss_compat-%{libversion}.so
/%{_lib}/libnss_compat.so.2
/%{_lib}/libnss_db-%{libversion}.so
/%{_lib}/libnss_db.so.2
/%{_lib}/libnss_dns-%{libversion}.so
@ -1202,10 +1200,6 @@ exit 0
/%{_lib}/libnss_files.so.2
/%{_lib}/libnss_hesiod-%{libversion}.so
/%{_lib}/libnss_hesiod.so.2
/%{_lib}/libnss_nis-%{libversion}.so
/%{_lib}/libnss_nis.so.2
/%{_lib}/libnss_nisplus-%{libversion}.so
/%{_lib}/libnss_nisplus.so.2
/%{_lib}/libpthread-%{libversion}.so
/%{_lib}/libpthread.so.0
/%{_lib}/libresolv-%{libversion}.so
@ -1318,7 +1312,6 @@ exit 0
%{_libdir}/libm-%{libversion}.a
%{_libdir}/libmvec.a
%endif
%{_libdir}/libnsl.a
%{_libdir}/libpthread.a
%{_libdir}/libresolv.a
%{_libdir}/librt.a
@ -1374,7 +1367,6 @@ exit 0
%{_libdir}/libowcrypt_p.a
%{_libdir}/libpthread_p.a
%{_libdir}/libresolv_p.a
%{_libdir}/libnsl_p.a
%{_libdir}/librt_p.a
%{_libdir}/librpcsvc_p.a
%{_libdir}/libutil_p.a

View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Thu Aug 31 07:06:20 UTC 2017 - schwab@suse.de
- Disable obsolete libnsl and NIS support
- remove-nss-nis-compat.patch: remove nis and compat from default NSS
configs
- nsswitch.conf: Likewise
-------------------------------------------------------------------
Tue Aug 29 07:13:42 UTC 2017 - schwab@suse.de

View File

@ -277,6 +277,8 @@ Patch1001: dl-runtime-resolve-opt-avx512f.patch
Patch1002: libpthread-compat-wrappers.patch
# PATCH-FIX-UPSTREAM Do not use __builtin_types_compatible_p in C++ mode (BZ #21930)
Patch1003: math-c++-compat.patch
# PATCH-FIX-UPSTREAM Remove nis and compat from default NSS configs
Patch1004: remove-nss-nis-compat.patch
###
# Patches awaiting upstream approval
@ -510,6 +512,7 @@ rm nscd/s-stamp
%patch1001 -p1
%patch1002 -p1
%patch1003 -p1
%patch1004 -p1
%patch2000 -p1
%patch2001 -p1
@ -677,7 +680,7 @@ configure_and_build_glibc() {
--enable-kernel=%{enablekernel} \
--with-bugurl=http://bugs.opensuse.org \
--enable-bind-now \
--enable-obsolete-rpc --enable-obsolete-nsl \
--enable-obsolete-rpc \
--disable-timezone-tools
# Should we enable --enable-systemtap?
# Should we enable --enable-nss-crypt to build use freebl3 hash functions?
@ -769,12 +772,6 @@ pushd crypt_blowfish-%{crypt_bf_version}
make man
popd
#######################################################################
###
### CHECK
###
#######################################################################
%check
%if %{build_testsuite}
# The testsuite will fail if asneeded is used
@ -916,6 +913,9 @@ export RPM_BUILD_ROOT
mkdir -p %{buildroot}/%{_lib}/obsolete
%endif
# remove nsl compat library
rm -f %{buildroot}%{_libdir}/libnsl*
# Miscelanna:
install -m 0700 glibc_post_upgrade %{buildroot}%{_sbindir}
@ -1192,8 +1192,6 @@ exit 0
%endif
/%{_lib}/libnsl-%{libversion}.so
/%{_lib}/libnsl.so.1
/%{_lib}/libnss_compat-%{libversion}.so
/%{_lib}/libnss_compat.so.2
/%{_lib}/libnss_db-%{libversion}.so
/%{_lib}/libnss_db.so.2
/%{_lib}/libnss_dns-%{libversion}.so
@ -1202,10 +1200,6 @@ exit 0
/%{_lib}/libnss_files.so.2
/%{_lib}/libnss_hesiod-%{libversion}.so
/%{_lib}/libnss_hesiod.so.2
/%{_lib}/libnss_nis-%{libversion}.so
/%{_lib}/libnss_nis.so.2
/%{_lib}/libnss_nisplus-%{libversion}.so
/%{_lib}/libnss_nisplus.so.2
/%{_lib}/libpthread-%{libversion}.so
/%{_lib}/libpthread.so.0
/%{_lib}/libresolv-%{libversion}.so
@ -1318,7 +1312,6 @@ exit 0
%{_libdir}/libm-%{libversion}.a
%{_libdir}/libmvec.a
%endif
%{_libdir}/libnsl.a
%{_libdir}/libpthread.a
%{_libdir}/libresolv.a
%{_libdir}/librt.a
@ -1374,7 +1367,6 @@ exit 0
%{_libdir}/libowcrypt_p.a
%{_libdir}/libpthread_p.a
%{_libdir}/libresolv_p.a
%{_libdir}/libnsl_p.a
%{_libdir}/librt_p.a
%{_libdir}/librpcsvc_p.a
%{_libdir}/libutil_p.a

View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Thu Aug 31 07:06:20 UTC 2017 - schwab@suse.de
- Disable obsolete libnsl and NIS support
- remove-nss-nis-compat.patch: remove nis and compat from default NSS
configs
- nsswitch.conf: Likewise
-------------------------------------------------------------------
Tue Aug 29 07:13:42 UTC 2017 - schwab@suse.de

View File

@ -283,6 +283,8 @@ Patch1001: dl-runtime-resolve-opt-avx512f.patch
Patch1002: libpthread-compat-wrappers.patch
# PATCH-FIX-UPSTREAM Do not use __builtin_types_compatible_p in C++ mode (BZ #21930)
Patch1003: math-c++-compat.patch
# PATCH-FIX-UPSTREAM Remove nis and compat from default NSS configs
Patch1004: remove-nss-nis-compat.patch
###
# Patches awaiting upstream approval
@ -516,6 +518,7 @@ rm nscd/s-stamp
%patch1001 -p1
%patch1002 -p1
%patch1003 -p1
%patch1004 -p1
%patch2000 -p1
%patch2001 -p1
@ -683,7 +686,7 @@ configure_and_build_glibc() {
--enable-kernel=%{enablekernel} \
--with-bugurl=http://bugs.opensuse.org \
--enable-bind-now \
--enable-obsolete-rpc --enable-obsolete-nsl \
--enable-obsolete-rpc \
--disable-timezone-tools
# Should we enable --enable-systemtap?
# Should we enable --enable-nss-crypt to build use freebl3 hash functions?
@ -775,12 +778,6 @@ pushd crypt_blowfish-%{crypt_bf_version}
make man
popd
#######################################################################
###
### CHECK
###
#######################################################################
%check
%if %{build_testsuite}
# The testsuite will fail if asneeded is used
@ -922,6 +919,9 @@ export RPM_BUILD_ROOT
mkdir -p %{buildroot}/%{_lib}/obsolete
%endif
# remove nsl compat library
rm -f %{buildroot}%{_libdir}/libnsl*
# Miscelanna:
install -m 0700 glibc_post_upgrade %{buildroot}%{_sbindir}
@ -1198,8 +1198,6 @@ exit 0
%endif
/%{_lib}/libnsl-%{libversion}.so
/%{_lib}/libnsl.so.1
/%{_lib}/libnss_compat-%{libversion}.so
/%{_lib}/libnss_compat.so.2
/%{_lib}/libnss_db-%{libversion}.so
/%{_lib}/libnss_db.so.2
/%{_lib}/libnss_dns-%{libversion}.so
@ -1208,10 +1206,6 @@ exit 0
/%{_lib}/libnss_files.so.2
/%{_lib}/libnss_hesiod-%{libversion}.so
/%{_lib}/libnss_hesiod.so.2
/%{_lib}/libnss_nis-%{libversion}.so
/%{_lib}/libnss_nis.so.2
/%{_lib}/libnss_nisplus-%{libversion}.so
/%{_lib}/libnss_nisplus.so.2
/%{_lib}/libpthread-%{libversion}.so
/%{_lib}/libpthread.so.0
/%{_lib}/libresolv-%{libversion}.so
@ -1324,7 +1318,6 @@ exit 0
%{_libdir}/libm-%{libversion}.a
%{_libdir}/libmvec.a
%endif
%{_libdir}/libnsl.a
%{_libdir}/libpthread.a
%{_libdir}/libresolv.a
%{_libdir}/librt.a
@ -1380,7 +1373,6 @@ exit 0
%{_libdir}/libowcrypt_p.a
%{_libdir}/libpthread_p.a
%{_libdir}/libresolv_p.a
%{_libdir}/libnsl_p.a
%{_libdir}/librt_p.a
%{_libdir}/librpcsvc_p.a
%{_libdir}/libutil_p.a

View File

@ -22,12 +22,9 @@
# For more information, please read the nsswitch.conf.5 manual page.
#
# passwd: files nis
# shadow: files nis
# group: files nis
passwd: compat [NOTFOUND=return] files
group: compat [NOTFOUND=return] files
passwd: files
group: files
shadow: files
hosts: files dns
networks: files dns
@ -37,11 +34,9 @@ protocols: files
rpc: files
ethers: files
netmasks: files
netgroup: files nis
netgroup: files
publickey: files
bootparams: files
automount: files nis
automount: files
aliases: files

207
remove-nss-nis-compat.patch Normal file
View File

@ -0,0 +1,207 @@
2017-08-29 Steve Ellcey <sellcey@cavium.com>
* grp/initgroups.c: Include config.h.
(DEFAULT_CONFIG): New macro.
(internal_getgrouplist): Use DEFAULT_CONFIG.
* nscd/initgrcache.c (addinitgroupsX): Likewise.
* nss/nsswitch.c (__nss_disable_nscd): Likewise.
(DEFAULT_DEFCONFIG): New macro.
(__nss_database_lookup): Use DEFAULT_DEFCONFIG.
* nss/grp-lookup.c: Include config.h
(DEFAULT_CONFIG): Set definition based on LINK_OBSOLETE_NSL.
* nss/pwd-lookup.c (DEFAULT_CONFIG): Likewise.
* nss/spwd-lookup.c (DEFAULT_CONFIG): Likewise.
* manual/nss.texi: Update default values section.
Index: glibc-2.26/grp/initgroups.c
===================================================================
--- glibc-2.26.orig/grp/initgroups.c
+++ glibc-2.26/grp/initgroups.c
@@ -26,10 +26,16 @@
#include <sys/types.h>
#include <nsswitch.h>
#include <scratch_buffer.h>
+#include <config.h>
#include "../nscd/nscd-client.h"
#include "../nscd/nscd_proto.h"
+#ifdef LINK_OBSOLETE_NSL
+# define DEFAULT_CONFIG "compat [NOTFOUND=return] files"
+#else
+# define DEFAULT_CONFIG "files"
+#endif
/* Type of the lookup function. */
typedef enum nss_status (*initgroups_dyn_function) (const char *, gid_t,
@@ -84,7 +90,7 @@ internal_getgrouplist (const char *user,
&__nss_initgroups_database) < 0)
{
if (__nss_group_database == NULL)
- no_more = __nss_database_lookup ("group", NULL, "compat files",
+ no_more = __nss_database_lookup ("group", NULL, DEFAULT_CONFIG,
&__nss_group_database);
__nss_initgroups_database = __nss_group_database;
Index: glibc-2.26/manual/nss.texi
===================================================================
--- glibc-2.26.orig/manual/nss.texi
+++ glibc-2.26/manual/nss.texi
@@ -318,13 +318,17 @@ The @code{passwd}, @code{group}, and @co
traditionally handled in a special way. The appropriate files in the
@file{/etc} directory are read but if an entry with a name starting
with a @code{+} character is found NIS is used. This kind of lookup
-remains possible by using the special lookup service @code{compat}
-and the default value for the three databases above is
-@code{compat [NOTFOUND=return] files}.
+remains possible if @theglibc{} was configured with the
+@code{--enable-obsolete-nsl} option and the special lookup service
+@code{compat} is used. If @theglibc{} was configured with the
+@code{--enable-obsolete-nsl} option the default value for the three
+databases above is @code{compat [NOTFOUND=return] files}. If the
+@code{--enable-obsolete-nsl} option was not used the default value
+for the services is @code{files}.
-For all other databases the default value is
-@code{nis [NOTFOUND=return] files}. This solution gives the best
-chance to be correct since NIS and file based lookups are used.
+For all other databases the default value is @code{files} unless
+@theglibc{} was configured with @code{--enable-obsolete-rpc} option, in
+which case it the default value is @code{nis [NOTFOUND=return] files}.
@cindex optimizing NSS
A second point is that the user should try to optimize the lookup
Index: glibc-2.26/nscd/initgrcache.c
===================================================================
--- glibc-2.26.orig/nscd/initgrcache.c
+++ glibc-2.26/nscd/initgrcache.c
@@ -25,6 +25,7 @@
#include <unistd.h>
#include <sys/mman.h>
#include <scratch_buffer.h>
+#include <config.h>
#include "dbg_log.h"
#include "nscd.h"
@@ -34,6 +35,11 @@
#include "../nss/nsswitch.h"
+#ifdef LINK_OBSOLETE_NSL
+# define DEFAULT_CONFIG "compat [NOTFOUND=return] files"
+#else
+# define DEFAULT_CONFIG "files"
+#endif
/* Type of the lookup function. */
typedef enum nss_status (*initgroups_dyn_function) (const char *, gid_t,
@@ -85,8 +91,7 @@ addinitgroupsX (struct database_dyn *db,
int no_more;
if (group_database == NULL)
- no_more = __nss_database_lookup ("group", NULL,
- "compat [NOTFOUND=return] files",
+ no_more = __nss_database_lookup ("group", NULL, DEFAULT_CONFIG,
&group_database);
else
no_more = 0;
Index: glibc-2.26/nss/grp-lookup.c
===================================================================
--- glibc-2.26.orig/nss/grp-lookup.c
+++ glibc-2.26/nss/grp-lookup.c
@@ -16,7 +16,13 @@
License along with the GNU C Library; if not, see
<http://www.gnu.org/licenses/>. */
+#include <config.h>
+
#define DATABASE_NAME group
-#define DEFAULT_CONFIG "compat [NOTFOUND=return] files"
+#ifdef LINK_OBSOLETE_NSL
+# define DEFAULT_CONFIG "compat [NOTFOUND=return] files"
+#else
+# define DEFAULT_CONFIG "files"
+#endif
#include "XXX-lookup.c"
Index: glibc-2.26/nss/nsswitch.c
===================================================================
--- glibc-2.26.orig/nss/nsswitch.c
+++ glibc-2.26/nss/nsswitch.c
@@ -40,6 +40,15 @@
#include "nsswitch.h"
#include "../nscd/nscd_proto.h"
#include <sysdep.h>
+#include <config.h>
+
+#ifdef LINK_OBSOLETE_NSL
+# define DEFAULT_CONFIG "compat [NOTFOUND=return] files"
+# define DEFAULT_DEFCONFIG "nis [NOTFOUND=return] files"
+#else
+# define DEFAULT_CONFIG "files"
+# define DEFAULT_DEFCONFIG "files"
+#endif
/* Prototypes for the local functions. */
static name_database *nss_parse_file (const char *fname) internal_function;
@@ -151,8 +160,7 @@ __nss_database_lookup (const char *datab
or null to use the most common default. */
if (*ni == NULL)
{
- *ni = nss_parse_service_list (defconfig
- ?: "nis [NOTFOUND=return] files");
+ *ni = nss_parse_service_list (defconfig ?: DEFAULT_DEFCONFIG);
if (*ni != NULL)
{
/* Record the memory we've just allocated in defconfig_entries list,
@@ -848,8 +856,8 @@ __nss_disable_nscd (void (*cb) (size_t,
is_nscd = true;
/* Find all the relevant modules so that the init functions are called. */
- nss_load_all_libraries ("passwd", "compat [NOTFOUND=return] files");
- nss_load_all_libraries ("group", "compat [NOTFOUND=return] files");
+ nss_load_all_libraries ("passwd", DEFAULT_CONFIG);
+ nss_load_all_libraries ("group", DEFAULT_CONFIG);
nss_load_all_libraries ("hosts", "dns [!UNAVAIL=return] files");
nss_load_all_libraries ("services", NULL);
Index: glibc-2.26/nss/pwd-lookup.c
===================================================================
--- glibc-2.26.orig/nss/pwd-lookup.c
+++ glibc-2.26/nss/pwd-lookup.c
@@ -16,7 +16,13 @@
License along with the GNU C Library; if not, see
<http://www.gnu.org/licenses/>. */
+#include <config.h>
+
#define DATABASE_NAME passwd
-#define DEFAULT_CONFIG "compat [NOTFOUND=return] files"
+#ifdef LINK_OBSOLETE_NSL
+# define DEFAULT_CONFIG "compat [NOTFOUND=return] files"
+#else
+# define DEFAULT_CONFIG "files"
+#endif
#include "XXX-lookup.c"
Index: glibc-2.26/nss/spwd-lookup.c
===================================================================
--- glibc-2.26.orig/nss/spwd-lookup.c
+++ glibc-2.26/nss/spwd-lookup.c
@@ -16,8 +16,14 @@
License along with the GNU C Library; if not, see
<http://www.gnu.org/licenses/>. */
+#include <config.h>
+
#define DATABASE_NAME shadow
#define ALTERNATE_NAME passwd
-#define DEFAULT_CONFIG "compat [NOTFOUND=return] files"
+#ifdef LINK_OBSOLETE_NSL
+# define DEFAULT_CONFIG "compat [NOTFOUND=return] files"
+#else
+# define DEFAULT_CONFIG "files"
+#endif
#include "XXX-lookup.c"