From e459464ec19fc78b397d8a92eb184d2d5bf0f1ec Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Llu=C3=ADs=20Batlle=20i=20Rossell?= <viric@viric.name>
Date: Fri, 17 May 2013 10:19:02 +0200
Subject: [PATCH] nss_ldap: fixing crash with glibc >= 2.16

I update it to the latest version, 265. Then I use some patches:

The nss_ldap-265-glibc-2.16.patch is the one that fixes the crash.
The crashes.patch is another one that I took from RH that said to fixes somes
crashes, but it didn't fix the crash I was seeing. But I guess it fixes
something.
---
 pkgs/os-specific/linux/nss_ldap/crashes.patch | 104 +++++++++++++
 pkgs/os-specific/linux/nss_ldap/default.nix   |  21 ++-
 .../nss_ldap/nss_ldap-265-glibc-2.16.patch    | 139 ++++++++++++++++++
 3 files changed, 259 insertions(+), 5 deletions(-)
 create mode 100644 pkgs/os-specific/linux/nss_ldap/crashes.patch
 create mode 100644 pkgs/os-specific/linux/nss_ldap/nss_ldap-265-glibc-2.16.patch

diff --git a/pkgs/os-specific/linux/nss_ldap/crashes.patch b/pkgs/os-specific/linux/nss_ldap/crashes.patch
new file mode 100644
index 00000000000000..48250141e82af9
--- /dev/null
+++ b/pkgs/os-specific/linux/nss_ldap/crashes.patch
@@ -0,0 +1,104 @@
+https://bugzilla.redhat.com/show_bug.cgi?id=488857
+
+
+Distinguish between contexts that are somewhat persistent and one-offs
+which are used to fulfill part of a larger request.
+
+diff -up nss_ldap-253/ldap-grp.c nss_ldap-253/ldap-grp.c
+--- nss_ldap-253/ldap-grp.c	2009-05-08 13:30:43.000000000 -0400
++++ nss_ldap-253/ldap-grp.c	2009-05-08 13:34:41.000000000 -0400
+@@ -857,7 +857,7 @@ ng_chase (const char *dn, ldap_initgroup
+   LA_STRING (a) = dn;
+   LA_TYPE (a) = LA_TYPE_STRING;
+ 
+-  if (_nss_ldap_ent_context_init_locked (&ctx) == NULL)
++  if (_nss_ldap_ent_context_init_internal_locked (&ctx) == NULL)
+     {
+       return NSS_UNAVAIL;
+     }
+@@ -930,7 +930,7 @@ ng_chase_backlink (const char ** members
+   LA_STRING_LIST (a) = filteredMembersOf;
+   LA_TYPE (a) = LA_TYPE_STRING_LIST_OR;
+ 
+-  if (_nss_ldap_ent_context_init_locked (&ctx) == NULL)
++  if (_nss_ldap_ent_context_init_internal_locked (&ctx) == NULL)
+     {
+       free (filteredMembersOf);
+       return NSS_UNAVAIL;
+diff -up nss_ldap-253/ldap-netgrp.c nss_ldap-253/ldap-netgrp.c
+--- nss_ldap-253/ldap-netgrp.c	2009-05-08 13:31:35.000000000 -0400
++++ nss_ldap-253/ldap-netgrp.c	2009-05-08 13:33:14.000000000 -0400
+@@ -691,7 +691,7 @@ do_innetgr_nested (ldap_innetgr_args_t *
+   LA_TYPE (a) = LA_TYPE_STRING;
+   LA_STRING (a) = nested;	/* memberNisNetgroup */
+ 
+-  if (_nss_ldap_ent_context_init_locked (&ctx) == NULL)
++  if (_nss_ldap_ent_context_init_internal_locked (&ctx) == NULL)
+     {
+       debug ("<== do_innetgr_nested: failed to initialize context");
+       return NSS_UNAVAIL;
+diff -up nss_ldap-253/ldap-nss.c nss_ldap-253/ldap-nss.c
+--- nss_ldap-253/ldap-nss.c	2009-05-08 13:27:17.000000000 -0400
++++ nss_ldap-253/ldap-nss.c	2009-05-08 14:05:51.000000000 -0400
+@@ -1961,6 +1961,7 @@ _nss_ldap_ent_context_init_locked (ent_c
+ 	  debug ("<== _nss_ldap_ent_context_init_locked");
+ 	  return NULL;
+ 	}
++      ctx->ec_internal = 0;
+       *pctx = ctx;
+     }
+   else
+@@ -1990,6 +1991,15 @@ _nss_ldap_ent_context_init_locked (ent_c
+ 
+   return ctx;
+ }
++ent_context_t *
++_nss_ldap_ent_context_init_internal_locked (ent_context_t ** pctx)
++{
++  ent_context_t *ctx;
++  ctx = _nss_ldap_ent_context_init_locked (pctx);
++  if (ctx != NULL)
++    ctx->ec_internal = 1;
++  return ctx;
++}
+ 
+ /*
+  * Clears a given context; we require the caller
+@@ -2031,7 +2041,8 @@ _nss_ldap_ent_context_release (ent_conte
+ 
+   LS_INIT (ctx->ec_state);
+ 
+-  if (_nss_ldap_test_config_flag (NSS_LDAP_FLAGS_CONNECT_POLICY_ONESHOT))
++  if (!ctx->ec_internal &&
++      _nss_ldap_test_config_flag (NSS_LDAP_FLAGS_CONNECT_POLICY_ONESHOT))
+     {
+       do_close ();
+     }
+diff -up nss_ldap-253/ldap-nss.h nss_ldap-253/ldap-nss.h
+--- nss_ldap-253/ldap-nss.h	2009-05-08 13:35:47.000000000 -0400
++++ nss_ldap-253/ldap-nss.h	2009-05-08 13:52:25.000000000 -0400
+@@ -560,6 +560,8 @@ struct ent_context
+   ldap_state_t ec_state;	/* eg. for services */
+   int ec_msgid;			/* message ID */
+   LDAPMessage *ec_res;		/* result chain */
++  int ec_internal;		/* this context is just a part of a larger
++				 * query for information */
+   ldap_service_search_descriptor_t *ec_sd;	/* current sd */
+   struct berval *ec_cookie;     /* cookie for paged searches */
+ };
+@@ -744,6 +746,15 @@ ent_context_t *_nss_ldap_ent_context_ini
+ ent_context_t *_nss_ldap_ent_context_init_locked (ent_context_t **);
+ 
+ /*
++ * _nss_ldap_ent_context_init_internal_locked() has the same
++ * behaviour, except it marks the context as one that's being
++ * used to fetch additional data used in answering a request, i.e.
++ * that this isn't the "main" context
++ */
++
++ent_context_t *_nss_ldap_ent_context_init_internal_locked (ent_context_t **);
++
++/*
+  * _nss_ldap_ent_context_release() is used to manually free a context 
+  */
+ void _nss_ldap_ent_context_release (ent_context_t *);
diff --git a/pkgs/os-specific/linux/nss_ldap/default.nix b/pkgs/os-specific/linux/nss_ldap/default.nix
index 7c8b526b4c3785..cc0382b58f4ec1 100644
--- a/pkgs/os-specific/linux/nss_ldap/default.nix
+++ b/pkgs/os-specific/linux/nss_ldap/default.nix
@@ -1,13 +1,24 @@
-{stdenv, fetchurl, openldap}:
+{stdenv, fetchurl, openldap, perl}:
    
 stdenv.mkDerivation {
-  name = "nss_ldap-260";
+  name = "nss_ldap-265";
    
   src = fetchurl {
-    url = http://www.padl.com/download/nss_ldap-260.tar.gz;
-    sha256 = "0kn022js39mqmy7g5ba911q46223vk7vcf51x28rbl86lp32zv4v";
+    url = http://www.padl.com/download/nss_ldap-265.tar.gz;
+    sha256 = "1a16q9p97d2blrj0h6vl1xr7dg7i4s8x8namipr79mshby84vdbp";
   };
 
+  preConfigure = ''
+    patchShebangs ./vers_string
+    sed -i s,vers_string,./vers_string, Makefile*
+  '';
+
+  patches = [ ./crashes.patch ];
+
+  postPatch = ''
+    patch -p0 < ${./nss_ldap-265-glibc-2.16.patch}
+  '';
+
   preInstall = ''
     installFlagsArray=(INST_UID=$(id -u) INST_GID=$(id -g) LIBC_VERS=2.5 NSS_VERS=2 NSS_LDAP_PATH_CONF=$out/etc/ldap.conf)
     substituteInPlace Makefile \
@@ -16,5 +27,5 @@ stdenv.mkDerivation {
     mkdir -p $out/etc
   '';
 
-  buildInputs = [openldap];
+  buildInputs = [ openldap perl ];
 }
diff --git a/pkgs/os-specific/linux/nss_ldap/nss_ldap-265-glibc-2.16.patch b/pkgs/os-specific/linux/nss_ldap/nss_ldap-265-glibc-2.16.patch
new file mode 100644
index 00000000000000..8b0b9289327adc
--- /dev/null
+++ b/pkgs/os-specific/linux/nss_ldap/nss_ldap-265-glibc-2.16.patch
@@ -0,0 +1,139 @@
+https://github.com/archlinuxarm/PKGBUILDs/issues/296
+
+Fixes the bug causing a segfault on nscd and sshd:
+symbol lookup error: /usr/lib/libnss_ldap.so.2: undefined symbol: __libc_lock_lock
+
+--- ldap-nss.c.orig	2012-10-17 12:32:03.908730283 +0000
++++ ldap-nss.c	2012-10-17 12:38:10.906767283 +0000
+@@ -148,7 +148,7 @@
+  */
+ static ldap_session_t __session = { NULL, NULL, 0, LS_UNINITIALIZED };
+ 
+-#if defined(HAVE_PTHREAD_ATFORK) || defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H)
++#if defined(HAVE_PTHREAD_ATFORK) || defined(HAVE___LIBC_ONCE)
+ static pthread_once_t __once = PTHREAD_ONCE_INIT;
+ #endif
+ 
+@@ -168,7 +168,7 @@
+ static int __ssl_initialized = 0;
+ #endif /* HAVE_LDAPSSL_CLIENT_INIT */
+ 
+-#if defined(HAVE_PTHREAD_ATFORK) || defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H)
++#if defined(HAVE_PTHREAD_ATFORK) || defined(HAVE___LIBC_ONCE)
+ /*
+  * Prepare for fork(); lock mutex.
+  */
+@@ -519,7 +519,7 @@
+ }
+ #endif /* HAVE_NSSWITCH_H */
+ 
+-#if defined(HAVE_PTHREAD_ATFORK) || defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H)
++#if defined(HAVE_PTHREAD_ATFORK) || defined(HAVE___LIBC_ONCE)
+ static void
+ do_atfork_prepare (void)
+ {
+@@ -553,7 +553,7 @@
+ #ifdef HAVE_PTHREAD_ATFORK
+   (void) pthread_atfork (do_atfork_prepare, do_atfork_parent,
+ 			 do_atfork_child);
+-#elif defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H)
++#elif defined(HAVE___LIBC_ATFORK)
+   (void) __libc_atfork (do_atfork_prepare, do_atfork_parent, do_atfork_child);
+ #endif
+ 
+@@ -1119,7 +1119,7 @@
+     }
+ 
+ #ifndef HAVE_PTHREAD_ATFORK
+-#if defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H)
++#if defined(HAVE___LIBC_ONCE)
+   /*
+    * This bogosity is necessary because Linux uses different
+    * PIDs for different threads (like IRIX, which we don't
+@@ -1151,7 +1151,7 @@
+     pid = -1;			/* linked against libpthreads, don't care */
+ #else
+   pid = getpid ();
+-#endif /* HAVE_LIBC_LOCK_H || HAVE_BITS_LIBC_LOCK_H */
++#endif /* HAVE___LIBC_ONCE */
+ #endif /* HAVE_PTHREAD_ATFORK */
+ 
+   euid = geteuid ();
+@@ -1161,7 +1161,7 @@
+   syslog (LOG_DEBUG,
+ 	  "nss_ldap: __session.ls_state=%d, __session.ls_conn=%p, __euid=%i, euid=%i",
+ 	  __session.ls_state, __session.ls_conn, __euid, euid);
+-#elif defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H)
++#elif defined(HAVE___LIBC_ONCE)
+   syslog (LOG_DEBUG,
+ 	  "nss_ldap: libpthreads=%s, __session.ls_state=%d, __session.ls_conn=%p, __pid=%i, pid=%i, __euid=%i, euid=%i",
+  	  ((__pthread_once == NULL || __pthread_atfork == NULL) ? "FALSE" : "TRUE"),
+@@ -1185,11 +1185,11 @@
+     }
+   else
+ #ifndef HAVE_PTHREAD_ATFORK
+-#if defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H)
++#if defined(HAVE___LIBC_ONCE)
+   if ((__pthread_once == NULL || __pthread_atfork == NULL) && __pid != pid)
+ #else
+   if (__pid != pid)
+-#endif /* HAVE_LIBC_LOCK_H || HAVE_BITS_LIBC_LOCK_H */
++#endif /* HAVE___LIBC_ONCE */
+     {
+       do_close_no_unbind ();
+     }
+@@ -1250,9 +1250,9 @@
+       debug ("<== do_init (pthread_once failed)");
+       return NSS_UNAVAIL;
+     }
+-#elif defined(HAVE_PTHREAD_ATFORK) && ( defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H) )
++#elif defined(HAVE_PTHREAD_ATFORK) && defined(HAVE___LIBC_ONCE)
+   __libc_once (__once, do_atfork_setup);
+-#elif defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H)
++#elif defined(HAVE___LIBC_ONCE)
+   /*
+    * Only install the pthread_atfork() handlers i
+    * we are linked against libpthreads. Otherwise,
+--- ldap-nss.h.orig	2012-10-17 12:33:05.681379283 +0000
++++ ldap-nss.h	2012-10-17 12:34:06.337050753 +0000
+@@ -671,7 +671,7 @@
+ #define NSS_LDAP_LOCK(m)		mutex_lock(&m)
+ #define NSS_LDAP_UNLOCK(m)		mutex_unlock(&m)
+ #define NSS_LDAP_DEFINE_LOCK(m)		static mutex_t m = DEFAULTMUTEX
+-#elif defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H)
++#elif defined(HAVE___LIBC_LOCK_LOCK) && defined(HAVE___LIBC_LOCK_UNLOCK)
+ #define NSS_LDAP_LOCK(m)		__libc_lock_lock(m)
+ #define NSS_LDAP_UNLOCK(m)		__libc_lock_unlock(m)
+ #define NSS_LDAP_DEFINE_LOCK(m)		static pthread_mutex_t m = PTHREAD_MUTEX_INITIALIZER
+--- ldap-nss.c.orig	2012-10-17 12:58:20.270783283 +0000
++++ ldap-nss.c	2012-10-17 12:58:43.699267283 +0000
+@@ -156,7 +156,7 @@
+ static FILE *__debugfile;
+ #endif /* LBER_OPT_LOG_PRINT_FILE */
+ 
+-#ifndef HAVE_PTHREAD_ATFORK
++#if !defined(HAVE_PTHREAD_ATFORK) || !defined(HAVE___LIBC_ONCE)
+ /* 
+  * Process ID that opened the session.
+  */
+--- configure.in.orig	2012-10-17 12:59:31.707235283 +0000
++++ configure.in	2012-10-17 13:00:15.854289283 +0000
+@@ -255,6 +255,7 @@
+ AC_CHECK_FUNCS(pthread_once)
+ AC_CHECK_FUNCS(ether_aton)
+ AC_CHECK_FUNCS(ether_ntoa)
++AC_CHECK_FUNCS(__libc_once __libc_atfork __libc_lock_lock __libc_lock_unlock)
+ 
+ AC_MSG_CHECKING(for struct ether_addr)
+ AC_TRY_COMPILE([#include <sys/types.h>
+--- ldap-nss.c.orig	2012-10-17 13:02:01.418010283 +0000
++++ ldap-nss.c	2012-10-17 13:03:25.017240283 +0000
+@@ -1102,7 +1102,7 @@
+ do_init (void)
+ {
+   ldap_config_t *cfg;
+-#ifndef HAVE_PTHREAD_ATFORK
++#if !defined(HAVE_PTHREAD_ATFORK) || !defined(HAVE___LIBC_ONCE)
+   pid_t pid;
+ #endif
+   uid_t euid;