From 1155a5a59ba6724f24b410c9a9aac1455870d946 Mon Sep 17 00:00:00 2001 From: DistroBaker Date: Fri, 19 Feb 2021 16:41:53 +0000 Subject: [PATCH] Merged update from upstream sources This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/sssd.git#3fb1cb9aa3f275dec5da1680aa7599efaef6be1b --- .gitignore | 1 + ...-BUILD-fixes-gpo_child-linking-issue.patch | 49 ------------------- 0502-SYSTEMD-Use-capabilities.patch | 25 ---------- sources | 2 +- sssd.spec | 20 +++++--- 5 files changed, 15 insertions(+), 82 deletions(-) delete mode 100644 0001-BUILD-fixes-gpo_child-linking-issue.patch delete mode 100644 0502-SYSTEMD-Use-capabilities.patch diff --git a/.gitignore b/.gitignore index c06b2bb..d899c47 100644 --- a/.gitignore +++ b/.gitignore @@ -90,3 +90,4 @@ sssd-1.2.91.tar.gz /sssd-2.3.1.tar.gz /sssd-2.4.0.tar.gz /sssd-2.4.1.tar.gz +/sssd-2.4.2.tar.gz diff --git a/0001-BUILD-fixes-gpo_child-linking-issue.patch b/0001-BUILD-fixes-gpo_child-linking-issue.patch deleted file mode 100644 index b365cf5..0000000 --- a/0001-BUILD-fixes-gpo_child-linking-issue.patch +++ /dev/null @@ -1,49 +0,0 @@ -From cf308d6c0e763336526b2e6295f1a075b217900f Mon Sep 17 00:00:00 2001 -From: Alexey Tikhonov -Date: Fri, 5 Feb 2021 14:51:26 +0100 -Subject: [PATCH] BUILD: fixes gpo_child linking issue - -/usr/bin/ld: src/util/gpo_child-signal.o (symbol from plugin): undefined reference to symbol 'BlockSignals@@SAMBA_UTIL_0.0.1' - -Resolves: https://github.com/SSSD/sssd/issues/5385 ---- - Makefile.am | 3 ++- - src/external/samba.m4 | 8 ++++++++ - 2 files changed, 10 insertions(+), 1 deletion(-) - -diff --git a/Makefile.am b/Makefile.am -index f0083ffd7aaec01d87d9e38569b4714b3dbb2caa..41fc6517beec348daf58ce4d41f03a444901c81c 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -4738,7 +4738,8 @@ gpo_child_LDADD = \ - $(POPT_LIBS) \ - $(DHASH_LIBS) \ - $(INI_CONFIG_LIBS) \ -- $(SMBCLIENT_LIBS) -+ $(SMBCLIENT_LIBS) \ -+ $(SAMBA_UTIL_LIBS) - - proxy_child_SOURCES = \ - src/providers/proxy/proxy_child.c \ -diff --git a/src/external/samba.m4 b/src/external/samba.m4 -index 0bc573a0f28d8b0aecd8953f7485944b8bc71baa..bbfa996048ab5e773b686836cfbb4378d412d1b0 100644 ---- a/src/external/samba.m4 -+++ b/src/external/samba.m4 -@@ -30,6 +30,14 @@ without them. In this case, you will need to execute configure script - with argument --without-samba - ]])) - -+ PKG_CHECK_MODULES(SAMBA_UTIL, samba-util, , -+ AC_MSG_ERROR([[Please install libsamba-util development libraries. -+libsamba-util libraries are necessary for building ad and ipa provider. -+If you do not want to build these providers it is possible to build SSSD -+without them. In this case, you will need to execute configure script -+with argument --without-samba -+ ]])) -+ - if test x"$HAVE_LIBINI_CONFIG_V1_1" != x1; then - AC_MSG_ERROR([[Please install libini_config development libraries - v1.1.0, or newer. libini_config libraries are necessary for building ipa --- -2.25.4 - diff --git a/0502-SYSTEMD-Use-capabilities.patch b/0502-SYSTEMD-Use-capabilities.patch deleted file mode 100644 index 1961dd5..0000000 --- a/0502-SYSTEMD-Use-capabilities.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 565ef3ffcaaef69a768b6a341777c339217bbbab Mon Sep 17 00:00:00 2001 -From: Lukas Slebodnik -Date: Mon, 12 Dec 2016 21:56:16 +0100 -Subject: [PATCH] SYSTEMD: Use capabilities - -copied from selinux policy ---- - src/sysv/systemd/sssd.service.in | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/sysv/systemd/sssd.service.in b/src/sysv/systemd/sssd.service.in -index 0c515d34caaa3ea397c4c7e95eef0188df170840..252889dbb2b7b1e651966258e7b76eab38357e76 100644 ---- a/src/sysv/systemd/sssd.service.in -+++ b/src/sysv/systemd/sssd.service.in -@@ -11,6 +11,7 @@ ExecStart=@sbindir@/sssd -i ${DEBUG_LOGGER} - Type=notify - NotifyAccess=main - PIDFile=@pidpath@/sssd.pid -+CapabilityBoundingSet=CAP_IPC_LOCK CAP_CHOWN CAP_DAC_READ_SEARCH CAP_KILL CAP_NET_ADMIN CAP_SYS_NICE CAP_FOWNER CAP_SETGID CAP_SETUID CAP_SYS_ADMIN CAP_SYS_RESOURCE CAP_BLOCK_SUSPEND - Restart=on-failure - - [Install] --- -2.15.1 - diff --git a/sources b/sources index dbd8cba..ff1f27b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (sssd-2.4.1.tar.gz) = 27b53585c43ee8387fda85afd894bcbd2aa037e8b7e05ffb68a17232fcc6a8b4aaf5f83eda65b91f656de3f040372ddfa49d0a905ff37b1064b6e22544025669 +SHA512 (sssd-2.4.2.tar.gz) = 871435cd82db38eef36988bae84a6d28220839ee16b600c3dab17523c18b295e65ff62e86c095ea67e652be661248b45720a5106e01179190ff3852b1c0e7a33 diff --git a/sssd.spec b/sssd.spec index 3c4fc38..861a34c 100644 --- a/sssd.spec +++ b/sssd.spec @@ -7,6 +7,13 @@ %global sssd_user root %endif +# Set setuid bit on child helpers if we support non-root user. +%if "%{sssd_user}" == "root" +%global child_attrs 0750 +%else +%global child_attrs 4750 +%endif + # we don't want to provide private python extension libs %define __provides_exclude_from %{python3_sitearch}/.*\.so$ @@ -19,18 +26,14 @@ %global samba_package_version %(rpm -q samba-devel --queryformat %{version}-%{release}) Name: sssd -Version: 2.4.1 +Version: 2.4.2 Release: 1%{?dist} Summary: System Security Services Daemon License: GPLv3+ URL: https://github.com/SSSD/sssd/ -Source0: https://github.com/SSSD/sssd/releases/download/2.4.1/sssd-2.4.1.tar.gz +Source0: https://github.com/SSSD/sssd/releases/download/2.4.2/sssd-2.4.2.tar.gz ### Patches ### -Patch0001: 0001-BUILD-fixes-gpo_child-linking-issue.patch - -### Downstream only patches ### -Patch0502: 0502-SYSTEMD-Use-capabilities.patch ### Dependencies ### @@ -477,7 +480,6 @@ autoreconf -ivf %configure \ --disable-rpath \ --disable-static \ - --enable-files-domain \ --enable-gss-spnego-for-zero-maxssf \ --enable-nfsidmaplibdir=%{_libdir}/libnfsidmap \ --enable-nsslibdir=%{_libdir} \ @@ -497,6 +499,7 @@ autoreconf -ivf --with-syslog=journald \ --with-test-dir=/dev/shm \ %if 0%{?fedora} + --enable-files-domain \ --disable-polkit-rules-path \ %endif %{nil} @@ -1006,6 +1009,9 @@ fi %systemd_postun_with_restart sssd.service %changelog +* Fri Feb 19 2021 Pavel Březina - 2.4.2-1 +- Rebase to SSSD 2.4.2 + * Fri Feb 5 2021 Pavel Březina - 2.4.1-1 - Rebase to SSSD 2.4.1