diff --git a/0001-SSS_CLIENT-got-rid-of-using-PRNG.patch b/0001-SSS_CLIENT-got-rid-of-using-PRNG.patch new file mode 100644 index 0000000..51868fd --- /dev/null +++ b/0001-SSS_CLIENT-got-rid-of-using-PRNG.patch @@ -0,0 +1,49 @@ +From e47f143bcb86d04aa053c17373f9d9991fc63913 Mon Sep 17 00:00:00 2001 +From: Alexey Tikhonov +Date: Mon, 14 Oct 2019 11:38:06 +0200 +Subject: [PATCH] SSS_CLIENT: got rid of using PRNG +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +1) no reason to expect "thundering herd issue" +2) randomization as it was done (strictly 1 or 2 secs) + would not help much anyway +3) usage of PRNG might break app that depends on deterministic + PRNG behaviour + +Resolves: https://pagure.io/SSSD/sssd/issue/4094 + +Reviewed-by: Michal Židek +--- + src/sss_client/common.c | 7 +------ + 1 file changed, 1 insertion(+), 6 deletions(-) + +diff --git a/src/sss_client/common.c b/src/sss_client/common.c +index 930efe4a1..270ca8b54 100644 +--- a/src/sss_client/common.c ++++ b/src/sss_client/common.c +@@ -566,11 +566,6 @@ static int sss_cli_open_socket(int *errnop, const char *socket_name, int timeout + /* this piece is adapted from winbind client code */ + wait_time = 0; + sleep_time = 0; +- /* This is not security relevant functionality and +- * it is undesirable to pull unnecessary dependency (util/crypto) +- * so plain srand() & rand() are used here. +- */ +- srand(time(NULL) * getpid()); + while (inprogress) { + int connect_errno = 0; + socklen_t errnosize; +@@ -605,7 +600,7 @@ static int sss_cli_open_socket(int *errnop, const char *socket_name, int timeout + break; + case EAGAIN: + if (wait_time < timeout) { +- sleep_time = rand() % 2 + 1; ++ sleep_time = 1; + sleep(sleep_time); + } + break; +-- +2.23.0 + diff --git a/sssd.spec b/sssd.spec index e220eff..5968402 100644 --- a/sssd.spec +++ b/sssd.spec @@ -36,7 +36,7 @@ Name: sssd Version: 2.2.2 -Release: 2%{?dist} +Release: 3%{?dist} Summary: System Security Services Daemon License: GPLv3+ URL: https://pagure.io/SSSD/sssd/ @@ -48,6 +48,10 @@ Source0: https://releases.pagure.org/SSSD/sssd/%{name}-%{version}.tar.gz # https://github.com/SSSD/sssd/pull/904 # https://bugzilla.redhat.com/show_bug.cgi?id=1757224 Patch0: 0001-KCM-Set-kdc_offset-to-zero-initially.patch +# Workaround a problem setting up replica in containers +# https://github.com/SSSD/sssd/pull/900 +# https://bugzilla.redhat.com/show_bug.cgi?id=1755643 +Patch1: 0001-SSS_CLIENT-got-rid-of-using-PRNG.patch ### Downstream only patches ### Patch0502: 0502-SYSTEMD-Use-capabilities.patch @@ -1072,6 +1076,10 @@ fi %{_libdir}/%{name}/modules/libwbclient.so %changelog +* Tue Oct 22 2019 Adam Williamson - 2.2.2-3 +- Resolves: rhbz#1755643 - Upgrade to sssd 2.2.2-1.fc30 breaks setting + up FreeIPA replica in containers + * Tue Oct 22 2019 Adam Williamson - 2.2.2-2 - Resolves: rhbz#1757224 - Tickets act like they're expiring prematurely when using KCM cache