Updated to upstream 0.16.3 plus patches from git master

2016-11-30 16:01:35 +01:00 · 2016-11-30 16:01:35 +01:00 · 374b135fda
commit 374b135fda
parent c369c40836
5 changed files with 149 additions and 11 deletions
--- a/.gitignore
+++ b/.gitignore
@ -5,3 +5,4 @@
 /realmd-0.16.0.tar.gz
 /realmd-0.16.1.tar.gz
 /realmd-0.16.2.tar.gz
+/realmd-0.16.3.tar.gz
--- a/0001-LDAP-don-t-close-LDAP-socket-twice.patch
+++ b/0001-LDAP-don-t-close-LDAP-socket-twice.patch
@ -0,0 +1,41 @@
+From 895e5b37d14090541480cebcb297846cbd3662ce Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Fri, 25 Nov 2016 17:35:11 +0100
+Subject: [PATCH] LDAP: don't close LDAP socket twice
+
+ldap_destroy() will call close() on the LDAP socket so with an explicit
+close() before the file descriptor will be closed twice. Even worse,
+since the file descriptor can be reused after the explicit call of
+close() by any other thread the close() called from ldap_destroy() might
+close a file descriptor used by a different thread as seen e.g. in
+https://bugzilla.redhat.com/show_bug.cgi?id=1398522.
+
+Additionally the patch makes sure that the closed connection cannot be
+used again.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1398522
+---
+ service/realm-ldap.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/service/realm-ldap.c b/service/realm-ldap.c
+index 061ed61..59817fb 100644
+--- a/service/realm-ldap.c
+++ b/service/realm-ldap.c
+@@ -159,10 +159,11 @@ ldap_source_finalize (GSource *source)
+ {
+ 	LdapSource *ls = (LdapSource *)source;
+ 
+-	/* Yeah, this is pretty rough, but we don't want blocking here */
+-	close (ls->sock);
+ 	ldap_destroy (ls->ldap);
+ 
+	ls->sock = -1;
+	ls->ldap = NULL;
+
+ 	if (ls->cancellable) {
+ 		g_cancellable_release_fd (ls->cancellable);
+ 		g_object_unref (ls->cancellable);
+-- 
+2.9.3
+
--- a/0001-service-Add-nss-and-pam-sssd.conf-services-after-joi.patch
+++ b/0001-service-Add-nss-and-pam-sssd.conf-services-after-joi.patch
@ -0,0 +1,96 @@
+From 402cbab6e8267fcd959bcfa84a47f4871b59944d Mon Sep 17 00:00:00 2001
+From: Stef Walter <stefw@redhat.com>
+Date: Fri, 28 Oct 2016 20:27:48 +0200
+Subject: [PATCH] service: Add nss and pam sssd.conf services after joining
+
+After adding a domain to sssd.conf add the nss and pam services
+to the [sssd] block.
+
+https://bugs.freedesktop.org/show_bug.cgi?id=98479
+---
+ service/realm-sssd-ad.c     | 3 +++
+ service/realm-sssd-config.c | 2 --
+ service/realm-sssd-ipa.c    | 3 +++
+ tests/test-sssd-config.c    | 4 ++--
+ 4 files changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/service/realm-sssd-ad.c b/service/realm-sssd-ad.c
+index 5ed384d..5fa81ce 100644
+--- a/service/realm-sssd-ad.c
+++ b/service/realm-sssd-ad.c
+@@ -160,6 +160,7 @@ configure_sssd_for_domain (RealmIniConfig *config,
+                            gboolean use_adcli,
+                            GError **error)
+ {
+	const gchar *services[] = { "nss", "pam", NULL };
+ 	GString *realmd_tags;
+ 	const gchar *access_provider;
+ 	const gchar *shell;
+@@ -206,6 +207,8 @@ configure_sssd_for_domain (RealmIniConfig *config,
+ 	                                    "ldap_sasl_authid", authid,
+ 	                                    NULL);
+ 
+	realm_ini_config_set_list_diff (config, "sssd", "services", ", ", services, NULL);
+
+ 	g_free (authid);
+ 	g_string_free (realmd_tags, TRUE);
+ 
+diff --git a/service/realm-sssd-config.c b/service/realm-sssd-config.c
+index 2096afd..d4398b9 100644
+--- a/service/realm-sssd-config.c
+++ b/service/realm-sssd-config.c
+@@ -154,8 +154,6 @@ realm_sssd_config_add_domain (RealmIniConfig *config,
+ 	g_strfreev (already);
+ 
+ 	/* Setup a default sssd section */
+-	if (!realm_ini_config_have (config, "section", "services"))
+-		realm_ini_config_set (config, "sssd", "services", "nss, pam", NULL);
+ 	if (!realm_ini_config_have (config, "sssd", "config_file_version"))
+ 		realm_ini_config_set (config, "sssd", "config_file_version", "2", NULL);
+ 
+diff --git a/service/realm-sssd-ipa.c b/service/realm-sssd-ipa.c
+index b12136e..001870d 100644
+--- a/service/realm-sssd-ipa.c
+++ b/service/realm-sssd-ipa.c
+@@ -156,6 +156,7 @@ on_ipa_client_do_restart (GObject *source,
+                           GAsyncResult *result,
+                           gpointer user_data)
+ {
+	const gchar *services[] = { "nss", "pam", NULL };
+ 	GTask *task = G_TASK (user_data);
+ 	EnrollClosure *enroll = g_task_get_task_data (task);
+ 	RealmSssd *sssd = g_task_get_source_object (task);
+@@ -207,6 +208,8 @@ on_ipa_client_do_restart (GObject *source,
+ 		                                 "realmd_tags", realmd_tags,
+ 		                                 NULL);
+ 
+		realm_ini_config_set_list_diff (config, "sssd", "services", ", ", services, NULL);
+
+ 		g_free (home);
+ 	}
+ 
+diff --git a/tests/test-sssd-config.c b/tests/test-sssd-config.c
+index 59eab75..892b9d5 100644
+--- a/tests/test-sssd-config.c
+++ b/tests/test-sssd-config.c
+@@ -90,7 +90,7 @@ test_add_domain (Test *test,
+                  gconstpointer unused)
+ {
+ 	const gchar *data = "[domain/one]\nval=1\n[sssd]\ndomains=one";
+-	const gchar *check = "[domain/one]\nval=1\n[sssd]\ndomains = one, two\nconfig_file_version = 2\nservices = nss, pam\n\n[domain/two]\ndos = 2\n";
+	const gchar *check = "[domain/one]\nval=1\n[sssd]\ndomains = one, two\nconfig_file_version = 2\n\n[domain/two]\ndos = 2\n";
+ 	GError *error = NULL;
+ 	gchar *output;
+ 	gboolean ret;
+@@ -140,7 +140,7 @@ static void
+ test_add_domain_only (Test *test,
+                       gconstpointer unused)
+ {
+-	const gchar *check = "\n[sssd]\ndomains = two\nconfig_file_version = 2\nservices = nss, pam\n\n[domain/two]\ndos = 2\n";
+	const gchar *check = "\n[sssd]\ndomains = two\nconfig_file_version = 2\n\n[domain/two]\ndos = 2\n";
+ 	GError *error = NULL;
+ 	gchar *output;
+ 	gboolean ret;
+-- 
+2.9.3
+
--- a/realmd.spec
+++ b/realmd.spec
@ -1,18 +1,17 @@
 Name:		realmd
-Version:	0.16.2
-Release:	5%{?dist}
+Version:	0.16.3
+Release:	1%{?dist}
 Summary:	Kerberos realm enrollment service
 License:	LGPLv2+
 URL:		http://cgit.freedesktop.org/realmd/realmd/
 Source0:	http://www.freedesktop.org/software/realmd/releases/realmd-%{version}.tar.gz

-Patch1:         install-diagnostic.patch
-Patch2:         computer-ou.patch
-Patch3:         duplicate-test-path.patch
-Patch4:         0001-Fix-invalid-unrefs-on-realm_invocation_get_cancellab.patch
+Patch1:		0001-LDAP-don-t-close-LDAP-socket-twice.patch
+Patch2:		0001-service-Add-nss-and-pam-sssd.conf-services-after-joi.patch

-BuildRequires:  automake
-BuildRequires:  autoconf
+
+BuildRequires:	automake
+BuildRequires:	autoconf
 BuildRequires:	intltool pkgconfig
 BuildRequires:	gettext-devel
 BuildRequires:	glib2-devel >= 2.32.0
@ -43,8 +42,6 @@ applications that use %{name}.
 %setup -q
 %patch1 -p1
 %patch2 -p1
-%patch3 -p1
-%patch4 -p1

 %build
 automake --add-missing
@ -80,6 +77,9 @@ make install DESTDIR=%{buildroot}
 %doc ChangeLog

 %changelog
+* Wed Nov 30 2016 Sumit Bose <sbose@redhat.com> - 0.16.3-1
+- Updated to upstream 0.16.3 plus patches from git master
+
 * Fri Jun 03 2016 Sumit Bose <sbose@redhat.com> - 0.16.2-5
 - properly apply patch for rhbz#1330766
 - Resolves: rhbz#1330766
--- a/2
+++ b/2
@ -1 +1 @@
-cc9134b25f29a0acba6bc7dfdfbd702a  realmd-0.16.2.tar.gz
+a8b3bf5692c4255298ae962a0c8813fa  realmd-0.16.3.tar.gz