diff --git a/.gitignore b/.gitignore index c06b2bb..d899c47 100644 --- a/.gitignore +++ b/.gitignore @@ -90,3 +90,4 @@ sssd-1.2.91.tar.gz /sssd-2.3.1.tar.gz /sssd-2.4.0.tar.gz /sssd-2.4.1.tar.gz +/sssd-2.4.2.tar.gz diff --git a/0001-BUILD-fixes-gpo_child-linking-issue.patch b/0001-BUILD-fixes-gpo_child-linking-issue.patch deleted file mode 100644 index b365cf5..0000000 --- a/0001-BUILD-fixes-gpo_child-linking-issue.patch +++ /dev/null @@ -1,49 +0,0 @@ -From cf308d6c0e763336526b2e6295f1a075b217900f Mon Sep 17 00:00:00 2001 -From: Alexey Tikhonov -Date: Fri, 5 Feb 2021 14:51:26 +0100 -Subject: [PATCH] BUILD: fixes gpo_child linking issue - -/usr/bin/ld: src/util/gpo_child-signal.o (symbol from plugin): undefined reference to symbol 'BlockSignals@@SAMBA_UTIL_0.0.1' - -Resolves: https://github.com/SSSD/sssd/issues/5385 ---- - Makefile.am | 3 ++- - src/external/samba.m4 | 8 ++++++++ - 2 files changed, 10 insertions(+), 1 deletion(-) - -diff --git a/Makefile.am b/Makefile.am -index f0083ffd7aaec01d87d9e38569b4714b3dbb2caa..41fc6517beec348daf58ce4d41f03a444901c81c 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -4738,7 +4738,8 @@ gpo_child_LDADD = \ - $(POPT_LIBS) \ - $(DHASH_LIBS) \ - $(INI_CONFIG_LIBS) \ -- $(SMBCLIENT_LIBS) -+ $(SMBCLIENT_LIBS) \ -+ $(SAMBA_UTIL_LIBS) - - proxy_child_SOURCES = \ - src/providers/proxy/proxy_child.c \ -diff --git a/src/external/samba.m4 b/src/external/samba.m4 -index 0bc573a0f28d8b0aecd8953f7485944b8bc71baa..bbfa996048ab5e773b686836cfbb4378d412d1b0 100644 ---- a/src/external/samba.m4 -+++ b/src/external/samba.m4 -@@ -30,6 +30,14 @@ without them. In this case, you will need to execute configure script - with argument --without-samba - ]])) - -+ PKG_CHECK_MODULES(SAMBA_UTIL, samba-util, , -+ AC_MSG_ERROR([[Please install libsamba-util development libraries. -+libsamba-util libraries are necessary for building ad and ipa provider. -+If you do not want to build these providers it is possible to build SSSD -+without them. In this case, you will need to execute configure script -+with argument --without-samba -+ ]])) -+ - if test x"$HAVE_LIBINI_CONFIG_V1_1" != x1; then - AC_MSG_ERROR([[Please install libini_config development libraries - v1.1.0, or newer. libini_config libraries are necessary for building ipa --- -2.25.4 - diff --git a/0502-SYSTEMD-Use-capabilities.patch b/0502-SYSTEMD-Use-capabilities.patch deleted file mode 100644 index 1961dd5..0000000 --- a/0502-SYSTEMD-Use-capabilities.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 565ef3ffcaaef69a768b6a341777c339217bbbab Mon Sep 17 00:00:00 2001 -From: Lukas Slebodnik -Date: Mon, 12 Dec 2016 21:56:16 +0100 -Subject: [PATCH] SYSTEMD: Use capabilities - -copied from selinux policy ---- - src/sysv/systemd/sssd.service.in | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/sysv/systemd/sssd.service.in b/src/sysv/systemd/sssd.service.in -index 0c515d34caaa3ea397c4c7e95eef0188df170840..252889dbb2b7b1e651966258e7b76eab38357e76 100644 ---- a/src/sysv/systemd/sssd.service.in -+++ b/src/sysv/systemd/sssd.service.in -@@ -11,6 +11,7 @@ ExecStart=@sbindir@/sssd -i ${DEBUG_LOGGER} - Type=notify - NotifyAccess=main - PIDFile=@pidpath@/sssd.pid -+CapabilityBoundingSet=CAP_IPC_LOCK CAP_CHOWN CAP_DAC_READ_SEARCH CAP_KILL CAP_NET_ADMIN CAP_SYS_NICE CAP_FOWNER CAP_SETGID CAP_SETUID CAP_SYS_ADMIN CAP_SYS_RESOURCE CAP_BLOCK_SUSPEND - Restart=on-failure - - [Install] --- -2.15.1 - diff --git a/sources b/sources index dbd8cba..ff1f27b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (sssd-2.4.1.tar.gz) = 27b53585c43ee8387fda85afd894bcbd2aa037e8b7e05ffb68a17232fcc6a8b4aaf5f83eda65b91f656de3f040372ddfa49d0a905ff37b1064b6e22544025669 +SHA512 (sssd-2.4.2.tar.gz) = 871435cd82db38eef36988bae84a6d28220839ee16b600c3dab17523c18b295e65ff62e86c095ea67e652be661248b45720a5106e01179190ff3852b1c0e7a33 diff --git a/sssd.spec b/sssd.spec index 3c4fc38..861a34c 100644 --- a/sssd.spec +++ b/sssd.spec @@ -7,6 +7,13 @@ %global sssd_user root %endif +# Set setuid bit on child helpers if we support non-root user. +%if "%{sssd_user}" == "root" +%global child_attrs 0750 +%else +%global child_attrs 4750 +%endif + # we don't want to provide private python extension libs %define __provides_exclude_from %{python3_sitearch}/.*\.so$ @@ -19,18 +26,14 @@ %global samba_package_version %(rpm -q samba-devel --queryformat %{version}-%{release}) Name: sssd -Version: 2.4.1 +Version: 2.4.2 Release: 1%{?dist} Summary: System Security Services Daemon License: GPLv3+ URL: https://github.com/SSSD/sssd/ -Source0: https://github.com/SSSD/sssd/releases/download/2.4.1/sssd-2.4.1.tar.gz +Source0: https://github.com/SSSD/sssd/releases/download/2.4.2/sssd-2.4.2.tar.gz ### Patches ### -Patch0001: 0001-BUILD-fixes-gpo_child-linking-issue.patch - -### Downstream only patches ### -Patch0502: 0502-SYSTEMD-Use-capabilities.patch ### Dependencies ### @@ -477,7 +480,6 @@ autoreconf -ivf %configure \ --disable-rpath \ --disable-static \ - --enable-files-domain \ --enable-gss-spnego-for-zero-maxssf \ --enable-nfsidmaplibdir=%{_libdir}/libnfsidmap \ --enable-nsslibdir=%{_libdir} \ @@ -497,6 +499,7 @@ autoreconf -ivf --with-syslog=journald \ --with-test-dir=/dev/shm \ %if 0%{?fedora} + --enable-files-domain \ --disable-polkit-rules-path \ %endif %{nil} @@ -1006,6 +1009,9 @@ fi %systemd_postun_with_restart sssd.service %changelog +* Fri Feb 19 2021 Pavel Březina - 2.4.2-1 +- Rebase to SSSD 2.4.2 + * Fri Feb 5 2021 Pavel Březina - 2.4.1-1 - Rebase to SSSD 2.4.1