diff --git a/.gitignore b/.gitignore index d899c47..10e88cc 100644 --- a/.gitignore +++ b/.gitignore @@ -91,3 +91,4 @@ sssd-1.2.91.tar.gz /sssd-2.4.0.tar.gz /sssd-2.4.1.tar.gz /sssd-2.4.2.tar.gz +/sssd-2.5.0.tar.gz diff --git a/0001-systemd-configs-add-CAP_DAC_OVERRIDE-for-ifp-in-certain-case.patch b/0001-systemd-configs-add-CAP_DAC_OVERRIDE-for-ifp-in-certain-case.patch deleted file mode 100644 index 7178cc9..0000000 --- a/0001-systemd-configs-add-CAP_DAC_OVERRIDE-for-ifp-in-certain-case.patch +++ /dev/null @@ -1,23 +0,0 @@ -From 2a512fdf57055a2ce4ae02256dfabb5b74d2abd6 Mon Sep 17 00:00:00 2001 -From: Alexey Tikhonov -Date: Mon, 22 Mar 2021 15:18:57 +0100 -Subject: [PATCH] systemd configs: add CAP_DAC_OVERRIDE for ifp in certain case - -Commit fd7ce7b3de9647eb6de75c3dd3974b44d860078e missed ifp. - -Reviewed-by: Sumit Bose ---- - src/sysv/systemd/sssd-ifp.service.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/sysv/systemd/sssd-ifp.service.in b/src/sysv/systemd/sssd-ifp.service.in -index 551c6711cf..9095da3534 100644 ---- a/src/sysv/systemd/sssd-ifp.service.in -+++ b/src/sysv/systemd/sssd-ifp.service.in -@@ -10,5 +10,5 @@ EnvironmentFile=-@environment_file@ - Type=dbus - BusName=org.freedesktop.sssd.infopipe - ExecStart=@ifp_exec_cmd@ ${DEBUG_LOGGER} --CapabilityBoundingSet=CAP_IPC_LOCK CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETGID CAP_SETUID -+CapabilityBoundingSet= @additional_caps@ CAP_IPC_LOCK CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETGID CAP_SETUID - @ifp_restart@ diff --git a/0002-configure-new-autoconf.patch b/0002-configure-new-autoconf.patch deleted file mode 100644 index dd8afac..0000000 --- a/0002-configure-new-autoconf.patch +++ /dev/null @@ -1,290 +0,0 @@ -From 49010b16ed90eb743dc7c47d2ba7b6ae84c049cd Mon Sep 17 00:00:00 2001 -From: Iker Pedrosa -Date: Wed, 7 Apr 2021 17:25:28 +0200 -Subject: [PATCH 1/2] configure: set CPP macro with AC_PROG_CPP - -sssd build with an autoconf version greater than 2.70 fails because CPP -macro is empty. This change fixes this problem by setting the macro with -AC_PROG_CPP at the beginning of the configuration. - -Resolves: https://github.com/SSSD/sssd/issues/5563 - -Reviewed-by: Sumit Bose ---- - configure.ac | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/configure.ac b/configure.ac -index c591410fd..0999235cf 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -20,6 +20,7 @@ AM_PROG_CC_C_O - m4_ifdef([AM_PROG_AR], [AM_PROG_AR]) - AC_DISABLE_STATIC - AC_PROG_INSTALL -+AC_PROG_CPP - LT_INIT - m4_ifdef([AC_PROG_MKDIR_P], - [AC_PROG_MKDIR_P], --- -2.30.2 - - -From cd843dafe63589d0a77145445c454f6fc19dabae Mon Sep 17 00:00:00 2001 -From: Massimiliano Torromeo -Date: Wed, 31 Mar 2021 13:31:58 +0200 -Subject: [PATCH 2/2] configure: Fix python headers detection with recent - autoconf Resolves: https://github.com/SSSD/sssd/issues/5336 - -Reviewed-by: Iker Pedrosa ---- - configure.ac | 96 ++++++++++++++++++++++++++-------------------------- - 1 file changed, 48 insertions(+), 48 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 0999235cf..ef4bc39fb 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -214,20 +214,20 @@ m4_include([src/external/service.m4]) - m4_include([src/external/test_ca.m4]) - m4_include([src/external/ax_valgrind_check.m4]) - --if test x$with_secrets = xyes; then -+AS_IF([test x$with_secrets = xyes], [ - m4_include([src/external/libhttp_parser.m4]) - m4_include([src/external/libcurl.m4]) --fi -+]) - --if test x$with_kcm = xyes; then -+AS_IF([test x$with_kcm = xyes], [ - m4_include([src/external/libuuid.m4]) --fi -+]) - --if test x$with_kcm = xyes -o x$with_secrets = xyes; then -+AS_IF([test x$with_kcm = xyes -o x$with_secrets = xyes], [ - BUILD_WITH_LIBSECRET=1 - AC_DEFINE_UNQUOTED(BUILD_WITH_LIBSECRET, 1, [libsecret will be built]) - m4_include([src/external/libjansson.m4]) --fi -+]) - - AM_CONDITIONAL([BUILD_WITH_LIBSECRET], - [test x"$BUILD_WITH_LIBSECRET" != "x"]) -@@ -238,39 +238,39 @@ AM_CONDITIONAL([BUILD_WITH_LIBCURL], - [test x"$have_curlopt_unix_sockpath" = xyes]) - - WITH_UNICODE_LIB --if test x$unicode_lib = xlibunistring; then -+AS_IF([test x$unicode_lib = xlibunistring], [ - m4_include([src/external/libunistring.m4]) - AC_DEFINE_UNQUOTED(HAVE_LIBUNISTRING, 1, [Using libunistring for unicode]) - UNICODE_LIBS=$UNISTRING_LIBS --else -+], [ - m4_include([src/external/glib.m4]) - AC_DEFINE_UNQUOTED(HAVE_GLIB2, 1, [Using glib2 for unicode]) - UNICODE_LIBS=$GLIB2_LIBS --fi -+]) - AC_SUBST(UNICODE_LIBS) - - WITH_LIBNL - --if test x$HAVE_NSCD; then -+AS_IF([test x$HAVE_NSCD], [ - WITH_NSCD_CONF --fi -+]) - - WITH_INITSCRIPT --if test x$initscript = xsystemd; then -+AS_IF([test x$initscript = xsystemd], [ - WITH_SYSTEMD_UNIT_DIR - WITH_SYSTEMD_CONF_DIR --else -+], [ - CHECK_SERVICE_EXECUTABLE --fi -+]) - - PKG_CHECK_MODULES([DBUS],[dbus-1]) - dnl if test -n "`$PKG_CONFIG --modversion dbus-1 | grep '^0\.'`" ; then --if ! $PKG_CONFIG --atleast-version 1.0.0 dbus-1; then -+AS_IF([! $PKG_CONFIG --atleast-version 1.0.0 dbus-1], [ - DBUS_CFLAGS="$DBUS_CFLAGS -DDBUS_API_SUBJECT_TO_CHANGE" - AC_MSG_RESULT([setting -DDBUS_API_SUBJECT_TO_CHANGE]) --fi -+]) - --if test x$has_dbus != xno; then -+AS_IF([test x$has_dbus != xno], [ - SAFE_LIBS="$LIBS" - LIBS="$DBUS_LIBS" - SAFE_CFLAGS=$CFLAGS -@@ -286,12 +286,12 @@ if test x$has_dbus != xno; then - - LIBS="$SAFE_LIBS" - CFLAGS=$SAFE_CFLAGS --fi -+]) - - # work around a bug in cov-build from Coverity - test -n "$XML_CATALOG_FILES" || unset XML_CATALOG_FILES - --if test x$HAVE_MANPAGES != x; then -+AS_IF([test x$HAVE_MANPAGES != x], [ - CHECK_XML_TOOLS - - DOCBOOK_XSLT=http://docbook.sourceforge.net/release/xsl/current/manpages/profile-docbook.xsl -@@ -301,18 +301,18 @@ if test x$HAVE_MANPAGES != x; then - [HAVE_PROFILE_CATALOGS=1], - [AC_MSG_WARN([Man pages might contain documentation for experimental features])]) - -- if test x$HAVE_PROFILE_CATALOGS = x; then -+ AS_IF([test x$HAVE_PROFILE_CATALOGS = x], [ - DOCBOOK_XSLT=http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl - CHECK_STYLESHEET([$SGML_CATALOG_FILES], - [$DOCBOOK_XSLT], - [Docbook XSL templates], - [], - [AC_MSG_ERROR([could not find the docbook xsl catalog])]) -- fi -+ ]) - - AC_CHECK_PROG([PO4A],[po4a],[po4a],[no]) - AC_SUBST(DOCBOOK_XSLT) --fi -+]) - AM_CONDITIONAL([HAVE_PROFILE_CATALOGS], [test "x$HAVE_PROFILE_CATALOGS" != "x"]) - AM_CONDITIONAL([HAVE_MANPAGES], [test "x$HAVE_MANPAGES" != "x"]) - AM_CONDITIONAL([HAVE_PO4A], [test "x$PO4A" != "xno"]) -@@ -325,9 +325,9 @@ AC_CHECK_PROG(HAVE_PYTHON3, python3, yes, no) - AS_IF([test x$HAVE_PYTHON3 = xyes], - [AC_PATH_PROG(PYTHON3, python3)]) - --if test x$HAVE_PYTHON2_BINDINGS = xyes; then -- AS_IF([test x$HAVE_PYTHON2 != xyes], -- [AC_MSG_ERROR([ -+AS_IF([test x$HAVE_PYTHON2_BINDINGS = xyes], -+ [AS_IF([test x$HAVE_PYTHON2 != xyes], -+ [AC_MSG_ERROR([ - The program python2 was not found in search path. - Please ensure that it is installed and its directory is included in the search - path. It is required for building python2 bindings. If you do not want to build -@@ -349,11 +349,11 @@ them please use argument --without-python2-bindings when running configure.])]) - AC_SUBST([PYTHON2_EXEC_PREFIX], [$PYTHON_EXEC_PREFIX]) - - SSS_CLEAN_PYTHON_VARIABLES --fi -+]) - --if test x$HAVE_PYTHON3_BINDINGS = xyes; then -- AS_IF([test x$HAVE_PYTHON3 != xyes], -- [AC_MSG_ERROR([ -+AS_IF([test x$HAVE_PYTHON3_BINDINGS = xyes], -+ [AS_IF([test x$HAVE_PYTHON3 != xyes], -+ [AC_MSG_ERROR([ - The program python3 was not found in search path. - Please ensure that it is installed and its directory is included in the search - path. It is required for building python3 bindings. If you do not want to build -@@ -375,31 +375,31 @@ them please use argument --without-python3-bindings when running configure.])]) - AC_SUBST([PYTHON3_EXEC_PREFIX], [$PYTHON_EXEC_PREFIX]) - - SSS_CLEAN_PYTHON_VARIABLES --fi -+]) - --if test x$HAVE_PYTHON3 = xyes; then -+AS_IF([test x$HAVE_PYTHON3 = xyes], [ - PYTHON_EXEC=$PYTHON3 --else -+], [ - PYTHON_EXEC=$PYTHON2 --fi -+]) - AC_SUBST(PYTHON_EXEC) - - AM_CONDITIONAL([BUILD_PYTHON_BINDINGS], - [test x"$with_python2_bindings" = xyes \ - -o x"$with_python3_bindings" = xyes]) - --if test x$HAVE_SELINUX != x; then -+AS_IF([test x$HAVE_SELINUX != x], [ - AM_CHECK_SELINUX --fi -+]) - --if test x$HAVE_SEMANAGE != x -a x$HAVE_SELINUX != x; then -+AS_IF([test x$HAVE_SEMANAGE != x -a x$HAVE_SELINUX != x], [ - AM_CHECK_SEMANAGE --fi -+]) - - dnl If journald was selected for logging, configure journald --if test x$syslog = xjournald; then -+AS_IF([test x$syslog = xjournald], [ - AM_CHECK_JOURNALD --fi -+]) - - AM_CHECK_LIBCRYPTO - m4_include([src/external/p11-kit.m4]) -@@ -413,10 +413,10 @@ AC_CACHE_CHECK([whether compiler supports __attribute__((destructor))], - sss_client_cv_attribute_destructor=yes) - ]) - --if test x"$sss_client_cv_attribute_destructor" = xyes ; then -+AS_IF([test x"$sss_client_cv_attribute_destructor" = xyes], [ - AC_DEFINE(HAVE_FUNCTION_ATTRIBUTE_DESTRUCTOR, 1, - [whether compiler supports __attribute__((destructor))]) --fi -+]) - - AC_CACHE_CHECK([whether compiler supports __attribute__((format))], - sss_cv_attribute_format, -@@ -431,10 +431,10 @@ AC_CACHE_CHECK([whether compiler supports __attribute__((format))], - ]) - ]) - --if test x"$sss_cv_attribute_format" = xyes ; then -+AS_IF([test x"$sss_cv_attribute_format" = xyes], [ - AC_DEFINE(HAVE_FUNCTION_ATTRIBUTE_FORMAT, 1, - [whether compiler supports __attribute__((format))]) --fi -+]) - - AC_CACHE_CHECK([whether compiler supports __attribute__((warn_unused_result))], - sss_cv_attribute_warn_unused_result, -@@ -448,10 +448,10 @@ AC_CACHE_CHECK([whether compiler supports __attribute__((warn_unused_result))], - AC_MSG_WARN([compiler does NOT support __attribute__((warn_unused_result))]) - ]) - ]) --if test x"$sss_cv_attribute_warn_unused_result" = xyes ; then -+AS_IF([test x"$sss_cv_attribute_warn_unused_result" = xyes], [ - AC_DEFINE(HAVE_FUNCTION_ATTRIBUTE_WARN_UNUSED_RESULT, 1, - [whether compiler supports __attribute__((warn_unused_result))]) --fi -+]) - - SAFE_CFLAGS=$CFLAGS - CFLAGS="-Werror" -@@ -488,11 +488,11 @@ AC_DEFINE_UNQUOTED( - - - PKG_CHECK_MODULES([CHECK], [check >= 0.9.5], [have_check=1], [have_check=]) --if test x$have_check = x; then -+AS_IF([test x$have_check = x], [ - AC_MSG_WARN([Without the 'CHECK' libraries, you will be unable to run all tests in the 'make check' suite]) --else -+], [ - AC_CHECK_HEADERS([check.h],,AC_MSG_ERROR([Could not find CHECK headers])) --fi -+]) - - AC_PATH_PROG([DOXYGEN], [doxygen], [false]) - AM_CONDITIONAL([HAVE_DOXYGEN], [test x$DOXYGEN != xfalse ]) --- -2.30.2 - diff --git a/sources b/sources index ff1f27b..1911b5e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (sssd-2.4.2.tar.gz) = 871435cd82db38eef36988bae84a6d28220839ee16b600c3dab17523c18b295e65ff62e86c095ea67e652be661248b45720a5106e01179190ff3852b1c0e7a33 +SHA512 (sssd-2.5.0.tar.gz) = 80b5e81cedacdf0bbe724af20d69b918bb6cc353976c6c65421afcd5809d1723f523bc3c1be294b9e01cfda9617c2df5c6ceb007837f195eb1abc2abdab9858c diff --git a/sssd.spec b/sssd.spec index d0a38bc..5edc6e2 100644 --- a/sssd.spec +++ b/sssd.spec @@ -26,18 +26,15 @@ %global samba_package_version %(rpm -q samba-devel --queryformat %{version}-%{release}) Name: sssd -Version: 2.4.2 -Release: 5%{?dist} +Version: 2.5.0 +Release: 1%{?dist} Summary: System Security Services Daemon License: GPLv3+ URL: https://github.com/SSSD/sssd/ -Source0: https://github.com/SSSD/sssd/releases/download/2.4.2/sssd-2.4.2.tar.gz +Source0: https://github.com/SSSD/sssd/releases/download/2.5.0/sssd-2.5.0.tar.gz ### Patches ### -Patch0001: 0001-systemd-configs-add-CAP_DAC_OVERRIDE-for-ifp-in-certain-case.patch -Patch0002: 0002-configure-new-autoconf.patch - ### Dependencies ### Requires: sssd-ad = %{version}-%{release} @@ -103,12 +100,13 @@ BuildRequires: make BuildRequires: nss_wrapper BuildRequires: openldap-devel BuildRequires: openssh +# required for p11_child smartcard tests BuildRequires: openssl BuildRequires: openssl-devel BuildRequires: p11-kit-devel BuildRequires: pam_wrapper BuildRequires: pam-devel -BuildRequires: pcre-devel +BuildRequires: pcre2-devel BuildRequires: pkgconfig BuildRequires: popt-devel BuildRequires: python3-devel @@ -164,7 +162,6 @@ Summary: SSSD Client libraries for NSS and PAM License: LGPLv3+ Requires: libsss_nss_idmap = %{version}-%{release} Requires: libsss_idmap = %{version}-%{release} -Requires(post): /sbin/ldconfig Requires(post): /usr/sbin/alternatives Requires(preun): /usr/sbin/alternatives @@ -990,7 +987,6 @@ getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "Us %systemd_postun_with_restart sssd-kcm.service %post client -%{?ldconfig} /usr/sbin/alternatives --install /etc/cifs-utils/idmap-plugin cifs-idmap-plugin %{_libdir}/cifs-utils/cifs_idmap_sss.so 20 %preun client @@ -998,24 +994,13 @@ if [ $1 -eq 0 ] ; then /usr/sbin/alternatives --remove cifs-idmap-plugin %{_libdir}/cifs-utils/cifs_idmap_sss.so fi -%ldconfig_postun client - -%ldconfig_scriptlets -n libsss_sudo - -%ldconfig_scriptlets -n libipa_hbac - -%ldconfig_scriptlets -n libsss_idmap - -%ldconfig_scriptlets -n libsss_nss_idmap - -%ldconfig_scriptlets -n libsss_simpleifp - -%ldconfig_scriptlets -n libsss_certmap - %posttrans common %systemd_postun_with_restart sssd.service %changelog +* Mon May 10 2021 Pavel Březina - 2.5.0-1 +- Rebase to SSSD 2.5.0 + * Thu Apr 8 2021 Iker Pedrosa - 2.4.2-5 - Change configure to avoid errors with new autoconf version (rhbz#1943130)