%define _hardened_build 1 Name: nss-pam-ldapd Version: 0.9.12 Release: 6 Summary: NSS and PAM libraries for name lookups and authentication using LDAP License: LGPLv2+ URL: http://arthurdejong.org/nss-pam-ldapd/ Source0: http://arthurdejong.org/%{name}/%{name}-%{version}.tar.gz Source1: http://arthurdejong.org/%{name}/%{name}-%{version}.tar.gz.sig Source3: nslcd.tmpfiles Source4: nslcd.service Patch0: 0001-Disable-pylint-tests.patch Patch1: 0002-Watch-for-uint32_t-overflows.patch Patch2: backport-Fix-off-by-one-error-in-closing-file-descriptors.patch Patch3: backport-Fix-memory-leak-in-config-parsing.patch Patch4: backport-Fix-NULL-pointer-deref-on-memory-allocation-failure.patch BuildRequires: gcc, openldap-devel, krb5-devel, autoconf, automake, pam-devel, systemd-units %{?systemd_requires} Recommends: nscd Provides: nss-ldapd = %{version}-%{release} Provides: nss_ldap = 265-12 Provides: pam_ldap = 185-15 Obsoletes: nss-ldapd < 0.7 Obsoletes: nss_ldap < 265-11 Obsoletes: pam_ldap < 185-15 %description The nss-pam-ldapd package provides a Name Service Switch (NSS, nsswitch) module that allows your LDAP server to provide user account, group, host name, alias, netgroup, and basically any other information that you would normally get from /etc flat files or NIS. It also provides a Pluggable Authentication Module (PAM) to do identity and authentication management with an LDAP server on unix systems. %package help Summary: The help package for nss-pam-ldapd %description help This is the help package of nss-pam-ldapd which includes the man docs. %prep %autosetup -p1 autoreconf -f -i %build %configure --libdir=/%{_lib} \ --disable-utils \ --with-pam-seclib-dir=/%{_lib}/security %make_build %check make check %install rm -rf $RPM_BUILD_ROOT %make_install mkdir -p $RPM_BUILD_ROOT/{%{_libdir},%{_unitdir}} install -p -m644 %{SOURCE4} $RPM_BUILD_ROOT/%{_unitdir}/ ln -s libnss_ldap.so.2 $RPM_BUILD_ROOT/%{_lib}/libnss_ldap.so sed -i -e 's,^uid.*,uid nslcd,g' -e 's,^gid.*,gid ldap,g' \ $RPM_BUILD_ROOT/%{_sysconfdir}/nslcd.conf touch -r nslcd.conf $RPM_BUILD_ROOT/%{_sysconfdir}/nslcd.conf mkdir -p -m 0755 $RPM_BUILD_ROOT/run/nslcd mkdir -p -m 0755 $RPM_BUILD_ROOT/%{_tmpfilesdir} install -p -m 0644 %{SOURCE3} $RPM_BUILD_ROOT/%{_tmpfilesdir}/%{name}.conf %pre getent group ldap > /dev/null || \ /usr/sbin/groupadd -r -g 55 ldap getent passwd nslcd > /dev/null || \ /usr/sbin/useradd -r -g ldap -c 'LDAP Client User' \ -u 65 -d / -s /sbin/nologin nslcd 2> /dev/null || : %post /sbin/ldconfig %systemd_post nslcd.service %preun %systemd_preun nslcd.service %postun /sbin/ldconfig %systemd_postun_with_restart nslcd.service %files %doc AUTHORS ChangeLog COPYING HACKING NEWS README TODO %{_sbindir}/* /%{_lib}/*.so* /%{_lib}/security/pam_ldap.so %attr(0600,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/nslcd.conf %attr(0644,root,root) %config(noreplace) %{_tmpfilesdir}/%{name}.conf %config(noreplace) %{_unitdir}/nslcd.service %attr(0775,nslcd,root) /run/nslcd %files help %{_mandir}/*/* %changelog * Wed Mar 5 2025 yixiangzhike - 0.9.12-6 - Type:bugfix - CVE:NA - SUG:NA - DESC:Move temporary files from /var/run to /run to delete warning in installing * Thu Oct 24 2024 yixiangzhike - 0.9.12-5 - Type:bugfix - CVE:NA - SUG:NA - DESC:Fix NULL pointer deref on memory allocation failure * Wed Oct 09 2024 yixiangzhike - 0.9.12-4 - Type:bugfix - CVE:NA - SUG:NA - DESC:fix memory leak in config parsing * Wed May 08 2024 lifeifei - 0.9.12-3 - Type:requirement - CVE:NA - SUG:NA - DESC:add noreplace to /usr/lib/systemd/system/nslcd.service * Wed Oct 19 2022 yixiangzhike - 0.9.12-2 - Type:bugfix - ID:NA - SUG:restart - DESC:fix off-by one error in closing file descriptors * Mon Feb 21 2022 yixiangzhike - 0.9.12-1 - Type:bugfix - ID:NA - SUG:restart - DESC:update to 0.9.12 * Mon Jul 27 2020 Liquor - 0.9.11-1 - Type:bugfix - ID:NA - SUG:restart - DESC:update to 0.9.11 * Mon Apr 08 2019 yanghua - 0.9.9-5 - Type:bugfix - ID:NA - SUG:restart - DESC:Create /var/run/nslcd/socket after dropping privileges Fix crash in chsh.ldap * Fri Mar 01 2019 openEuler Buildteam - 0.9.9-4 - Package init