diff --git a/0002-IPA-SAM-Fix-build-with-samba-4.4.patch b/0002-IPA-SAM-Fix-build-with-samba-4.4.patch new file mode 100644 index 0000000..bb97546 --- /dev/null +++ b/0002-IPA-SAM-Fix-build-with-samba-4.4.patch @@ -0,0 +1,54 @@ +>From f9057ca98557094a4db84ac072ee9efd02a4ff79 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik +Date: Fri, 29 Jan 2016 10:40:18 +0100 +Subject: [PATCH 1/3] IPA-SAM: Fix build with samba 4.4 + +samba_util.h is not shipped with samba-4.4 +and it was indirectly included by "ndr.h" + +Some functions have prototypes in different header file +"util/talloc_stack.h" and other does not have declarations +in other header file. But they are still part of libsamba-util.so + +sh$ objdump -T /usr/lib64/libsamba-util.so.0.0.1 | grep -E "trim_s|xstrdup" +0000000000022200 g DF .text 000000000000001f SAMBA_UTIL_0.0.1 smb_xstrdup +00000000000223b0 g DF .text 000000000000019d SAMBA_UTIL_0.0.1 trim_string + +ipa_sam.c: In function 'ldapsam_uid_to_sid': +ipa_sam.c:836:24: warning: implicit declaration of function 'talloc_stackframe' + [-Wimplicit-function-declaration] + TALLOC_CTX *tmp_ctx = talloc_stackframe(); + ^ +ipa_sam.c: In function 'pdb_init_ipasam': +ipa_sam.c:4493:2: warning: implicit declaration of function 'trim_string' + [-Wimplicit-function-declaration] + trim_string( uri, "\"", "\"" ); + ^ +ipa_sam.c:4580:26: warning: implicit declaration of function 'smb_xstrdup' + [-Wimplicit-function-declaration] + ldap_state->domain_dn = smb_xstrdup(dn); + ^ +--- + daemons/ipa-sam/ipa_sam.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/daemons/ipa-sam/ipa_sam.c b/daemons/ipa-sam/ipa_sam.c +index 7274d600b532f1066661e8a614a47eea7632ed70..871775b0a19e9c273652ff7a0b497d86bb866aa6 100644 +--- a/daemons/ipa-sam/ipa_sam.c ++++ b/daemons/ipa-sam/ipa_sam.c +@@ -19,6 +19,12 @@ + #include + #include + #include ++#include ++ ++#ifndef _SAMBA_UTIL_H_ ++bool trim_string(char *s, const char *front, const char *back); ++char *smb_xstrdup(const char *s); ++#endif + + #include + #include +-- +2.5.0 + diff --git a/0003-replica-promotion-fix-AVC-denials-in-remote-connecti.patch b/0003-replica-promotion-fix-AVC-denials-in-remote-connecti.patch new file mode 100644 index 0000000..33c2a75 --- /dev/null +++ b/0003-replica-promotion-fix-AVC-denials-in-remote-connecti.patch @@ -0,0 +1,61 @@ +From af50dbca408aa83be2356f81b0e531f5cf8ca4b2 Mon Sep 17 00:00:00 2001 +From: Jan Cholasta +Date: Fri, 15 Jan 2016 08:07:21 +0100 +Subject: [PATCH] replica promotion: fix AVC denials in remote connection check + +Also move com.redhat.idm.trust-fetch-domains to /usr/libexec/ipa/oddjob. + +https://fedorahosted.org/freeipa/ticket/5550 +--- + freeipa.spec.in | 7 ++----- + install/oddjob/etc/oddjobd.conf.d/oddjobd-ipa-trust.conf | 2 +- + 2 files changed, 3 insertions(+), 6 deletions(-) + +diff --git a/freeipa.spec.in b/freeipa.spec.in +index c8a5216..54a11bf 100644 +--- a/freeipa.spec.in ++++ b/freeipa.spec.in +@@ -14,7 +14,7 @@ + %global selinux_policy_version 3.12.1-153 + %else + %global samba_version 2:4.0.5-1 +-%global selinux_policy_version 3.13.1-128.6 ++%global selinux_policy_version 3.13.1-158.4 + %endif + + %define krb5_base_version %(LC_ALL=C rpm -q --qf '%%{VERSION}' krb5-devel | grep -Eo '^[^.]+\.[^.]+') +@@ -698,9 +698,6 @@ make client-install DESTDIR=%{buildroot} + mkdir -p %{buildroot}%{_usr}/share/ipa + + %if ! %{ONLY_CLIENT} +-# FIXME: https://bugzilla.redhat.com/show_bug.cgi?id=1289930 +-mv %{buildroot}%{_libexecdir}/ipa/oddjob/com.redhat.idm.trust-fetch-domains %{buildroot}%{_libexecdir}/ipa/com.redhat.idm.trust-fetch-domains +- + # Remove .la files from libtool - we don't want to package + # these files + rm %{buildroot}/%{plugin_dir}/libipa_pwd_extop.la +@@ -1224,7 +1221,7 @@ fi + %ghost %{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so + %{_sysconfdir}/dbus-1/system.d/oddjob-ipa-trust.conf + %{_sysconfdir}/oddjobd.conf.d/oddjobd-ipa-trust.conf +-%%attr(755,root,root) %{_libexecdir}/ipa/com.redhat.idm.trust-fetch-domains ++%%attr(755,root,root) %{_libexecdir}/ipa/oddjob/com.redhat.idm.trust-fetch-domains + + %endif # ONLY_CLIENT + +diff --git a/install/oddjob/etc/oddjobd.conf.d/oddjobd-ipa-trust.conf b/install/oddjob/etc/oddjobd.conf.d/oddjobd-ipa-trust.conf +index 17817de..bc2e8d1 100644 +--- a/install/oddjob/etc/oddjobd.conf.d/oddjobd-ipa-trust.conf ++++ b/install/oddjob/etc/oddjobd.conf.d/oddjobd-ipa-trust.conf +@@ -10,7 +10,7 @@ + + + +- +-- +2.5.0 + diff --git a/freeipa.spec b/freeipa.spec index 107f7d9..85ffe5b 100644 --- a/freeipa.spec +++ b/freeipa.spec @@ -16,7 +16,7 @@ %else %global samba_version 2:4.3.1-1 %global samba_build_version 2:4.2.1 -%global selinux_policy_version 3.13.1-128.6 +%global selinux_policy_version 3.13.1-158.4 %endif %define krb5_base_version %(LC_ALL=C rpm -q --qf '%%{VERSION}' krb5-devel | grep -Eo '^[^.]+\.[^.]+') @@ -36,7 +36,7 @@ Name: freeipa Version: %{VERSION} -Release: 2%{?dist} +Release: 3%{?dist} Summary: The Identity, Policy and Audit system Group: System Environment/Base @@ -46,6 +46,8 @@ Source0: http://www.freeipa.org/downloads/src/freeipa-%{VERSION}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Patch0001: 0001-Workarounds-for-SELinux-execmem-violations-in-crypto.patch +Patch0002: 0002-IPA-SAM-Fix-build-with-samba-4.4.patch +Patch0003: 0003-replica-promotion-fix-AVC-denials-in-remote-connecti.patch %if ! %{ONLY_CLIENT} BuildRequires: 389-ds-base-devel >= 1.3.4.4 @@ -619,7 +621,29 @@ This package contains tests that verify IPA functionality under Python 3. %prep -%setup -n freeipa-%{version} -q +# Fedora spec file only: START +# Update timestamps on the files touched by a patch, to avoid non-equal +# .pyc/.pyo files across the multilib peers within a build, where "Level" +# is the patch prefix option (e.g. -p1) +# Taken from specfile for sssd and python-simplejson +UpdateTimestamps() { + Level=$1 + PatchFile=$2 + + # Locate the affected files: + for f in $(diffstat $Level -l $PatchFile); do + # Set the files to have the same timestamp as that of the patch: + touch -r $PatchFile $f + done +} + +%setup -n freeipa-%{VERSION} -q + +for p in %patches ; do + %__patch -p1 -i $p + UpdateTimestamps -p1 $p +done +# Fedora spec file only: END %build @@ -709,9 +733,6 @@ make client-install DESTDIR=%{buildroot} mkdir -p %{buildroot}%{_usr}/share/ipa %if ! %{ONLY_CLIENT} -# FIXME: https://bugzilla.redhat.com/show_bug.cgi?id=1289930 -mv %{buildroot}%{_libexecdir}/ipa/oddjob/com.redhat.idm.trust-fetch-domains %{buildroot}%{_libexecdir}/ipa/com.redhat.idm.trust-fetch-domains - # Remove .la files from libtool - we don't want to package # these files rm %{buildroot}/%{plugin_dir}/libipa_pwd_extop.la @@ -1235,7 +1256,7 @@ fi %ghost %{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so %{_sysconfdir}/dbus-1/system.d/oddjob-ipa-trust.conf %{_sysconfdir}/oddjobd.conf.d/oddjobd-ipa-trust.conf -%%attr(755,root,root) %{_libexecdir}/ipa/com.redhat.idm.trust-fetch-domains +%%attr(755,root,root) %{_libexecdir}/ipa/oddjob/com.redhat.idm.trust-fetch-domains %endif # ONLY_CLIENT @@ -1403,6 +1424,10 @@ fi %endif # ONLY_CLIENT %changelog +* Thu Feb 04 2016 Petr Vobornik - 4.3.0-3 +- Fix build with Samba 4.4 +- Update SELinux requires to fix connection check during installation + * Wed Feb 03 2016 Fedora Release Engineering - 4.3.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild