New upstream release 1.11.4

- Remove upstreamed patch
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4
This commit is contained in:
Jakub Hrozek 2014-02-11 15:44:57 +01:00
parent 4b219e485d
commit 4d4fe7434d
5 changed files with 9 additions and 91 deletions

1
.gitignore vendored
View File

@ -51,3 +51,4 @@ sssd-1.2.91.tar.gz
/sssd-1.11.1.tar.gz
/sssd-1.11.2.tar.gz
/sssd-1.11.3.tar.gz
/sssd-1.11.4.tar.gz

View File

@ -1,46 +0,0 @@
From 153efc74ff188c12c03e9578c6fb1d39c69ef5d7 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <ab@samba.org>
Date: Tue, 24 Dec 2013 13:01:46 +0200
Subject: [PATCH] FAST: when parsing krb5_child response, make sure to not miss
OTP message if it was last one
The last message in the stream might be with empty payload which means we get
only message type and message length (0) returned, i.e. 8 bytes left remaining
in the stream after processing preceding message. This makes our calculation at
the end of a message processing loop incorrect -- p+2*sizeof(int32_t) can be
equal to len, after all.
Fixes FAST processing for FreeIPA native OTP case:
https://fedorahosted.org/sssd/ticket/2186
---
src/providers/krb5/krb5_child_handler.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/providers/krb5/krb5_child_handler.c b/src/providers/krb5/krb5_child_handler.c
index 92dec0d2afb1627b61c3dd1037e91546a7ee08d6..d6c1dc1f9707444a82e433a375839cadf73f1259 100644
--- a/src/providers/krb5/krb5_child_handler.c
+++ b/src/providers/krb5/krb5_child_handler.c
@@ -548,8 +548,9 @@ parse_krb5_child_response(TALLOC_CTX *mem_ctx, uint8_t *buf, ssize_t len,
* CCACHE_ENV_NAME"=". pref_len also counts the trailing '=' because
* sizeof() counts the trailing '\0' of a string. */
pref_len = sizeof(CCACHE_ENV_NAME);
- if (msg_len > pref_len &&
- strncmp((const char *) &buf[p], CCACHE_ENV_NAME"=", pref_len) == 0) {
+ if ((msg_type == SSS_PAM_ENV_ITEM) &&
+ (msg_len > pref_len) &&
+ (strncmp((const char *) &buf[p], CCACHE_ENV_NAME"=", pref_len) == 0)) {
ccname = (char *) &buf[p+pref_len];
ccname_len = msg_len-pref_len;
}
@@ -600,7 +601,7 @@ parse_krb5_child_response(TALLOC_CTX *mem_ctx, uint8_t *buf, ssize_t len,
p += msg_len;
- if ((p < len) && (p + 2*sizeof(int32_t) >= len)) {
+ if ((p < len) && (p + 2*sizeof(int32_t) > len)) {
DEBUG(SSSDBG_CRIT_FAILURE,
("The remainder of the message is too short.\n"));
return EINVAL;
--
1.8.5.3

View File

@ -1,41 +0,0 @@
From f244195582ec804f1022341e2e3394754e31b36a Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Wed, 9 Oct 2013 18:19:08 +0200
Subject: [PATCH] LDAP: handle SID requests if noexist_delete is set
Fixes https://fedorahosted.org/sssd/ticket/2116
---
src/providers/ldap/ldap_id.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
index 162d987..59dfd0a 100644
--- a/src/providers/ldap/ldap_id.c
+++ b/src/providers/ldap/ldap_id.c
@@ -365,6 +365,11 @@ static void users_get_done(struct tevent_req *subreq)
}
break;
+ case BE_FILTER_SECID:
+ /* Since it is not clear if the SID belongs to a user or a group
+ * we have nothing to do here. */
+ break;
+
default:
tevent_req_error(req, EINVAL);
return;
@@ -694,6 +699,11 @@ static void groups_get_done(struct tevent_req *subreq)
}
break;
+ case BE_FILTER_SECID:
+ /* Since it is not clear if the SID belongs to a user or a group
+ * we have nothing to do here. */
+ break;
+
default:
tevent_req_error(req, EINVAL);
return;
--
1.8.3.1

View File

@ -1 +1 @@
46af96f609768a88ef8e5868e9526ab8 sssd-1.11.3.tar.gz
6b52a62fd6f6b170553d032deb7b0bc8 sssd-1.11.4.tar.gz

View File

@ -13,8 +13,8 @@
%global ldb_version 1.1.16
Name: sssd
Version: 1.11.3
Release: 2%{?dist}
Version: 1.11.4
Release: 1%{?dist}
Group: Applications/System
Summary: System Security Services Daemon
License: GPLv3+
@ -23,7 +23,6 @@ Source0: https://fedorahosted.org/released/sssd/%{name}-%{version}.tar.gz
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
### Patches ###
Patch0001: 0001-FAST-when-parsing-krb5_child-response-make-sure-to-n.patch
Patch0602: 0602-FEDORA-Add-CIFS-idmap-plugin.patch
### Dependencies ###
@ -731,6 +730,11 @@ fi
%postun -n libsss_idmap -p /sbin/ldconfig
%changelog
* Mon Feb 17 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.4-1
- New upstream release 1.11.4
- Remove upstreamed patch
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4
* Tue Feb 11 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.3-2
- Handle OTP response from FreeIPA server gracefully