diff --git a/.gitignore b/.gitignore index ba972dc..8a41f90 100644 --- a/.gitignore +++ b/.gitignore @@ -83,3 +83,5 @@ sssd-1.2.91.tar.gz /sssd-2.0.0.tar.gz /sssd-2.1.0.tar.gz /sssd-2.2.0.tar.gz +/sssd-2.2.1.tar.gz +/sssd-2.2.2.tar.gz diff --git a/0001-PROXY-Return-data-in-output-parameter-if-everything-.patch b/0001-PROXY-Return-data-in-output-parameter-if-everything-.patch deleted file mode 100644 index b80e629..0000000 --- a/0001-PROXY-Return-data-in-output-parameter-if-everything-.patch +++ /dev/null @@ -1,133 +0,0 @@ -From e1b678c0cce73494d986610920b03956c1dbb62a Mon Sep 17 00:00:00 2001 -From: Lukas Slebodnik -Date: Fri, 28 Jun 2019 16:27:21 +0200 -Subject: [PATCH] PROXY: Return data in output parameter if everything is OK - -The function remove_duplicate_group_members might return EOK also in the middle -of function but return parameter was not set with right data. -Processing continued in the function save_group but there was a -dereference of NULL pointer. - -Introduced in: https://pagure.io/SSSD/sssd/issue/3931 - -Crash: - (gdb) bt - #0 0x00007fb4ce4a9ac5 in save_group (sysdb=sysdb@entry=0x55c9a0efb230, dom=dom@entry=0x55c9a0efb420, grp=grp@entry=0x55c9a0f370f0, real_name=0x55c9a0f47340 "nobody@ldap", - alias=alias@entry=0x0) at src/providers/proxy/proxy_id.c:748 - #1 0x00007fb4ce4aa600 in get_gr_gid (mem_ctx=mem_ctx@entry=0x55c9a0f38be0, sysdb=sysdb@entry=0x55c9a0efb230, dom=dom@entry=0x55c9a0efb420, gid=99, now=, - ctx=) at src/providers/proxy/proxy_id.c:1160 - #2 0x00007fb4ce4ac9e5 in get_initgr_groups_process (pwd=0x55c9a0f384a0, pwd=0x55c9a0f384a0, dom=0x55c9a0efb420, sysdb=0x55c9a0efb230, ctx=0x55c9a0f048e0, memctx=0x55c9a0f38be0) - at src/providers/proxy/proxy_id.c:1553 - #3 get_initgr (i_name=, dom=0x55c9a0efb420, sysdb=, ctx=0x55c9a0f048e0, mem_ctx=0x55c9a0f38b70) at src/providers/proxy/proxy_id.c:1461 - #4 proxy_account_info (domain=0x55c9a0efb420, be_ctx=, data=, ctx=0x55c9a0f048e0, mem_ctx=0x55c9a0f38b70) at src/providers/proxy/proxy_id.c:1659 - #5 proxy_account_info_handler_send (mem_ctx=, id_ctx=0x55c9a0f048e0, data=, params=0x55c9a0f39790) at src/providers/proxy/proxy_id.c:1758 - #6 0x000055c99fc67677 in file_dp_request (_dp_req=, req=0x55c9a0f39470, request_data=, dp_flags=1, method=DPM_ACCOUNT_HANDLER, target=DPT_ID, - name=, domainname=0x55c9a0f39190 "LDAP", provider=0x55c9a0efe0e0, mem_ctx=) at src/providers/data_provider/dp_request.c:250 - #7 dp_req_send (mem_ctx=0x55c9a0f37b60, provider=provider@entry=0x55c9a0efe0e0, domain=domain@entry=0x55c9a0f39190 "LDAP", name=, target=target@entry=DPT_ID, - method=method@entry=DPM_ACCOUNT_HANDLER, dp_flags=dp_flags@entry=1, request_data=0x55c9a0f37c00, _request_name=0x55c9a0f37b60) at src/providers/data_provider/dp_request.c:295 - #8 0x000055c99fc6a132 in dp_get_account_info_send (mem_ctx=, ev=0x55c9a0eddbc0, sbus_req=, provider=0x55c9a0efe0e0, dp_flags=1, - entry_type=, filter=0x55c9a0f358d0 "name=nobody@ldap", domain=0x55c9a0f39190 "LDAP", extra=0x55c9a0f354a0 "") at src/providers/data_provider/dp_target_id.c:528 - #9 0x00007fb4da35265b in _sbus_sss_invoke_in_uusss_out_qus_step (ev=0x55c9a0eddbc0, te=, tv=..., private_data=) at src/sss_iface/sbus_sss_invokers.c:2847 - #10 0x00007fb4d9cfb1cf in tevent_common_invoke_timer_handler () from /lib64/libtevent.so.0 - #11 0x00007fb4d9cfb339 in tevent_common_loop_timer_delay () from /lib64/libtevent.so.0 - #12 0x00007fb4d9cfc2f9 in epoll_event_loop_once () from /lib64/libtevent.so.0 - #13 0x00007fb4d9cfa7b7 in std_event_loop_once () from /lib64/libtevent.so.0 - #14 0x00007fb4d9cf5b5d in _tevent_loop_once () from /lib64/libtevent.so.0 - #15 0x00007fb4d9cf5d8b in tevent_common_loop_wait () from /lib64/libtevent.so.0 - #16 0x00007fb4d9cfa757 in std_event_loop_wait () from /lib64/libtevent.so.0 - #17 0x00007fb4dd955ac3 in server_loop (main_ctx=0x55c9a0edf090) at src/util/server.c:724 - #18 0x000055c99fc59760 in main (argc=8, argv=) at src/providers/data_provider_be.c:747 - (gdb) l - (gdb) bt - #0 0x00007fb4ce4a9ac5 in save_group (sysdb=sysdb@entry=0x55c9a0efb230, dom=dom@entry=0x55c9a0efb420, grp=grp@entry=0x55c9a0f370f0, real_name=0x55c9a0f47340 "nobody@ldap", - alias=alias@entry=0x0) at src/providers/proxy/proxy_id.c:748 - #1 0x00007fb4ce4aa600 in get_gr_gid (mem_ctx=mem_ctx@entry=0x55c9a0f38be0, sysdb=sysdb@entry=0x55c9a0efb230, dom=dom@entry=0x55c9a0efb420, gid=99, now=, - ctx=) at src/providers/proxy/proxy_id.c:1160 - #2 0x00007fb4ce4ac9e5 in get_initgr_groups_process (pwd=0x55c9a0f384a0, pwd=0x55c9a0f384a0, dom=0x55c9a0efb420, sysdb=0x55c9a0efb230, ctx=0x55c9a0f048e0, memctx=0x55c9a0f38be0) - at src/providers/proxy/proxy_id.c:1553 - #3 get_initgr (i_name=, dom=0x55c9a0efb420, sysdb=, ctx=0x55c9a0f048e0, mem_ctx=0x55c9a0f38b70) at src/providers/proxy/proxy_id.c:1461 - #4 proxy_account_info (domain=0x55c9a0efb420, be_ctx=, data=, ctx=0x55c9a0f048e0, mem_ctx=0x55c9a0f38b70) at src/providers/proxy/proxy_id.c:1659 - #5 proxy_account_info_handler_send (mem_ctx=, id_ctx=0x55c9a0f048e0, data=, params=0x55c9a0f39790) at src/providers/proxy/proxy_id.c:1758 - #6 0x000055c99fc67677 in file_dp_request (_dp_req=, req=0x55c9a0f39470, request_data=, dp_flags=1, method=DPM_ACCOUNT_HANDLER, target=DPT_ID, - name=, domainname=0x55c9a0f39190 "LDAP", provider=0x55c9a0efe0e0, mem_ctx=) at src/providers/data_provider/dp_request.c:250 - #7 dp_req_send (mem_ctx=0x55c9a0f37b60, provider=provider@entry=0x55c9a0efe0e0, domain=domain@entry=0x55c9a0f39190 "LDAP", name=, target=target@entry=DPT_ID, - method=method@entry=DPM_ACCOUNT_HANDLER, dp_flags=dp_flags@entry=1, request_data=0x55c9a0f37c00, _request_name=0x55c9a0f37b60) at src/providers/data_provider/dp_request.c:295 - #8 0x000055c99fc6a132 in dp_get_account_info_send (mem_ctx=, ev=0x55c9a0eddbc0, sbus_req=, provider=0x55c9a0efe0e0, dp_flags=1, - entry_type=, filter=0x55c9a0f358d0 "name=nobody@ldap", domain=0x55c9a0f39190 "LDAP", extra=0x55c9a0f354a0 "") at src/providers/data_provider/dp_target_id.c:528 - #9 0x00007fb4da35265b in _sbus_sss_invoke_in_uusss_out_qus_step (ev=0x55c9a0eddbc0, te=, tv=..., private_data=) at src/sss_iface/sbus_sss_invokers.c:2847 - #10 0x00007fb4d9cfb1cf in tevent_common_invoke_timer_handler () from /lib64/libtevent.so.0 - #11 0x00007fb4d9cfb339 in tevent_common_loop_timer_delay () from /lib64/libtevent.so.0 - #12 0x00007fb4d9cfc2f9 in epoll_event_loop_once () from /lib64/libtevent.so.0 - #13 0x00007fb4d9cfa7b7 in std_event_loop_once () from /lib64/libtevent.so.0 - #14 0x00007fb4d9cf5b5d in _tevent_loop_once () from /lib64/libtevent.so.0 - #15 0x00007fb4d9cf5d8b in tevent_common_loop_wait () from /lib64/libtevent.so.0 - #16 0x00007fb4d9cfa757 in std_event_loop_wait () from /lib64/libtevent.so.0 - #17 0x00007fb4dd955ac3 in server_loop (main_ctx=0x55c9a0edf090) at src/util/server.c:724 - #18 0x000055c99fc59760 in main (argc=8, argv=) at src/providers/data_provider_be.c:747 - (gdb) l - 733 ret = remove_duplicate_group_members(tmp_ctx, grp, &ngroup); - 734 if (ret != EOK) { - 735 DEBUG(SSSDBG_CRIT_FAILURE, "Failed to remove duplicate group member s\n"); - 736 goto done; - 737 } - 738 - 739 DEBUG_GR_MEM(SSSDBG_TRACE_LIBS, ngroup); - 740 - 741 ret = sysdb_transaction_start(sysdb); - 742 if (ret != EOK) { - 743 DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n"); - 744 goto done; - 745 } - 746 in_transaction = true; - 747 - 748 if (ngroup->gr_mem && ngroup->gr_mem[0]) { - 749 attrs = sysdb_new_attrs(tmp_ctx); - 750 if (!attrs) { - 751 DEBUG(SSSDBG_CRIT_FAILURE, "Allocation error?!\n"); - 752 ret = ENOMEM; - (gdb) p ngroup - $1 = (struct group *) 0x0 - 743 DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n"); - 744 goto done; - 745 } - 746 in_transaction = true; - 747 - 748 if (ngroup->gr_mem && ngroup->gr_mem[0]) { - 749 attrs = sysdb_new_attrs(tmp_ctx); - 750 if (!attrs) { - 751 DEBUG(SSSDBG_CRIT_FAILURE, "Allocation error?!\n"); - 752 ret = ENOMEM; - (gdb) p ngroup - $1 = (struct group *) 0x0 - -Merges: https://pagure.io/SSSD/sssd/pull-request/4036 - -Resolves: -https://pagure.io/SSSD/sssd/issue/4037 - -Reviewed-by: Jakub Hrozek ---- - src/providers/proxy/proxy_id.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/providers/proxy/proxy_id.c b/src/providers/proxy/proxy_id.c -index e1be29076..91105ce5a 100644 ---- a/src/providers/proxy/proxy_id.c -+++ b/src/providers/proxy/proxy_id.c -@@ -698,10 +698,12 @@ static errno_t remove_duplicate_group_members(TALLOC_CTX *mem_ctx, - } - grp->gr_mem[i] = NULL; - -- *_grp = talloc_steal(mem_ctx, grp); - ret = EOK; - - done: -+ if (ret == EOK) { -+ *_grp = talloc_steal(mem_ctx, grp); -+ } - talloc_zfree(tmp_ctx); - - return ret; --- -2.20.1 - diff --git a/0002-MONITOR-Don-t-check-for-the-nscd-socket-while-regene.patch b/0002-MONITOR-Don-t-check-for-the-nscd-socket-while-regene.patch deleted file mode 100644 index b62a41d..0000000 --- a/0002-MONITOR-Don-t-check-for-the-nscd-socket-while-regene.patch +++ /dev/null @@ -1,106 +0,0 @@ -From 0a10d863f4186a18d4622e72065c8aa66b6bfa17 Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek -Date: Tue, 18 Jun 2019 21:21:08 +0200 -Subject: [PATCH] MONITOR: Don't check for the nscd socket while regenerating - configuration - -https://pagure.io/SSSD/sssd/issue/4028 - -In setups where only sssd-kcm is used and not the rest of SSSD, seeing -the nscd warning might be irritating. - -Reviewed-by: Alexey Tikhonov ---- - src/monitor/monitor.c | 69 ++++++++++++++++++++++--------------------- - 1 file changed, 35 insertions(+), 34 deletions(-) - -diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c -index 33a28a09f..d3f8c8878 100644 ---- a/src/monitor/monitor.c -+++ b/src/monitor/monitor.c -@@ -2480,40 +2480,8 @@ int main(int argc, const char *argv[]) - } - #endif - -- /* Warn if nscd seems to be running */ -- ret = check_file(NSCD_SOCKET_PATH, -- -1, -1, S_IFSOCK, S_IFMT, NULL, false); -- if (ret == EOK) { -- ret = sss_nscd_parse_conf(NSCD_CONF_PATH); -- -- switch (ret) { -- case ENOENT: -- sss_log(SSS_LOG_NOTICE, -- "NSCD socket was detected. NSCD caching capabilities " -- "may conflict with SSSD for users and groups. It is " -- "recommended not to run NSCD in parallel with SSSD, " -- "unless NSCD is configured not to cache the passwd, " -- "group, netgroup and services nsswitch maps."); -- break; -- -- case EEXIST: -- sss_log(SSS_LOG_NOTICE, -- "NSCD socket was detected and seems to be configured " -- "to cache some of the databases controlled by " -- "SSSD [passwd,group,netgroup,services]. It is " -- "recommended not to run NSCD in parallel with SSSD, " -- "unless NSCD is configured not to cache these."); -- break; -- -- case EOK: -- DEBUG(SSSDBG_TRACE_FUNC, "NSCD socket was detected and it " -- "seems to be configured not to interfere with " -- "SSSD's caching capabilities\n"); -- } -- } -- -- /* Check if the SSSD is already running unless we're only interested -- * in re-reading the configuration -+ /* Check if the SSSD is already running and for nscd conflicts unless we're -+ * only interested in re-reading the configuration - */ - if (opt_genconf == 0) { - ret = check_file(SSSD_PIDFILE, 0, 0, S_IFREG|0600, 0, NULL, false); -@@ -2523,6 +2491,39 @@ int main(int argc, const char *argv[]) - ERROR("SSSD is already running\n"); - return 2; - } -+ -+ /* Warn if nscd seems to be running */ -+ ret = check_file(NSCD_SOCKET_PATH, -+ -1, -1, S_IFSOCK, S_IFMT, NULL, false); -+ if (ret == EOK) { -+ ret = sss_nscd_parse_conf(NSCD_CONF_PATH); -+ -+ switch (ret) { -+ case ENOENT: -+ sss_log(SSS_LOG_NOTICE, -+ "NSCD socket was detected. NSCD caching capabilities " -+ "may conflict with SSSD for users and groups. It is " -+ "recommended not to run NSCD in parallel with SSSD, " -+ "unless NSCD is configured not to cache the passwd, " -+ "group, netgroup and services nsswitch maps."); -+ break; -+ -+ case EEXIST: -+ sss_log(SSS_LOG_NOTICE, -+ "NSCD socket was detected and seems to be configured " -+ "to cache some of the databases controlled by " -+ "SSSD [passwd,group,netgroup,services]. It is " -+ "recommended not to run NSCD in parallel with SSSD, " -+ "unless NSCD is configured not to cache these."); -+ break; -+ -+ case EOK: -+ DEBUG(SSSDBG_TRACE_FUNC, "NSCD socket was detected and it " -+ "seems to be configured not to interfere with " -+ "SSSD's caching capabilities\n"); -+ } -+ } -+ - } - - /* Parse config file, fail if cannot be done */ --- -2.20.1 - diff --git a/0502-SYSTEMD-Use-capabilities.patch b/0502-SYSTEMD-Use-capabilities.patch index 8e42fce..1961dd5 100644 --- a/0502-SYSTEMD-Use-capabilities.patch +++ b/0502-SYSTEMD-Use-capabilities.patch @@ -17,9 +17,9 @@ index 0c515d34caaa3ea397c4c7e95eef0188df170840..252889dbb2b7b1e651966258e7b76eab NotifyAccess=main PIDFile=@pidpath@/sssd.pid +CapabilityBoundingSet=CAP_IPC_LOCK CAP_CHOWN CAP_DAC_READ_SEARCH CAP_KILL CAP_NET_ADMIN CAP_SYS_NICE CAP_FOWNER CAP_SETGID CAP_SETUID CAP_SYS_ADMIN CAP_SYS_RESOURCE CAP_BLOCK_SUSPEND + Restart=on-failure [Install] - WantedBy=multi-user.target -- 2.15.1 diff --git a/sources b/sources index 7333855..c747929 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (sssd-2.2.0.tar.gz) = 9ebd8784e1f0c72cb808bbc153c0b0aa9bf507938f78336a260073a89b49350dc2c6172653509738ea7a50bb9da596725e1d6c92f99c7a03308aa42f6378dbbb +SHA512 (sssd-2.2.2.tar.gz) = 4cce8fdbcc05d1469dad5ba987cb0f9bc33702b37f85e8e248975461bb50b0740fec92ff213bdb640b506405be7ead936ff253ab02d4a27205ddf20cc0e54801 diff --git a/sssd.spec b/sssd.spec index 0e05eda..768b5ad 100644 --- a/sssd.spec +++ b/sssd.spec @@ -35,16 +35,14 @@ %endif Name: sssd -Version: 2.2.0 -Release: 6%{?dist} +Version: 2.2.2 +Release: 1%{?dist} Summary: System Security Services Daemon License: GPLv3+ URL: https://pagure.io/SSSD/sssd/ Source0: https://releases.pagure.org/SSSD/sssd/%{name}-%{version}.tar.gz ### Patches ### -Patch0001: 0001-PROXY-Return-data-in-output-parameter-if-everything-.patch -Patch0002: 0002-MONITOR-Don-t-check-for-the-nscd-socket-while-regene.patch ### Downstream only patches ### Patch0502: 0502-SYSTEMD-Use-capabilities.patch @@ -1069,6 +1067,11 @@ fi %{_libdir}/%{name}/modules/libwbclient.so %changelog +* Wed Sep 11 2019 Michal Židek - 2.2.2-1 +- Update to latest released upstream version +- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_2_2_2.html +- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_2_2_1.html + * Mon Aug 26 2019 Stephen Gallagher - 2.2.0-6 - Rebuilding for libldb 2.0.5