rpms/sssd
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to latest released upstream version 2.2.3

Browse Source
This commit is contained in:
Michal Židek 2020-02-27 01:18:17 +01:00
parent 8078a58a14
commit 54f0db91d3
7 changed files with 50 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -85,3 +85,4 @@ sssd-1.2.91.tar.gz
/sssd-2.2.0.tar.gz /sssd-2.2.0.tar.gz
/sssd-2.2.1.tar.gz /sssd-2.2.1.tar.gz
/sssd-2.2.2.tar.gz /sssd-2.2.2.tar.gz
/sssd-2.2.3.tar.gz

11
0001-Fix-build-failure-against-samba-4.12.0rc1.patch
View File

@ -1,19 +1,24 @@
From 391dc02eafed23892c5752834b18174b6cd54e20 Mon Sep 17 00:00:00 2001 From bc56b10aea999284458dcc293b54cf65288e325d Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com> From: Stephen Gallagher <sgallagh@redhat.com>
Date: Fri, 24 Jan 2020 15:17:39 +0100 Date: Fri, 24 Jan 2020 15:17:39 +0100
Subject: [PATCH] Fix build failure against samba 4.12.0rc1 Subject: [PATCH] Fix build failure against samba 4.12.0rc1
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The ndr_pull_get_switch() function was dropped, but it was just a wrapper The ndr_pull_get_switch() function was dropped, but it was just a wrapper
around the ndr_token_peek() function, so we can use this approach on both around the ndr_token_peek() function, so we can use this approach on both
old and new versions of libndr. old and new versions of libndr.
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com> Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
--- ---
src/providers/ad/ad_gpo_ndr.c | 6 +++--- src/providers/ad/ad_gpo_ndr.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-) 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/providers/ad/ad_gpo_ndr.c b/src/providers/ad/ad_gpo_ndr.c diff --git a/src/providers/ad/ad_gpo_ndr.c b/src/providers/ad/ad_gpo_ndr.c
index d573033494bc5aa3b56bd698a6860261834e58fd..8f405aa62b1b65a5ab9e4e9131c37fda84c5ffba 100644 index d57303349..8f405aa62 100644
--- a/src/providers/ad/ad_gpo_ndr.c --- a/src/providers/ad/ad_gpo_ndr.c
+++ b/src/providers/ad/ad_gpo_ndr.c +++ b/src/providers/ad/ad_gpo_ndr.c
@@ -105,7 +105,7 @@ ndr_pull_security_ace_object_type(struct ndr_pull *ndr, @@ -105,7 +105,7 @@ ndr_pull_security_ace_object_type(struct ndr_pull *ndr,
@ -44,5 +49,5 @@ index d573033494bc5aa3b56bd698a6860261834e58fd..8f405aa62b1b65a5ab9e4e9131c37fda
if (ndr_flags & NDR_SCALARS) { if (ndr_flags & NDR_SCALARS) {
NDR_CHECK(ndr_pull_union_align(ndr, 4)); NDR_CHECK(ndr_pull_union_align(ndr, 4));
-- --
2.24.1 2.20.1

41
0001-KCM-Set-kdc_offset-to-zero-initially.patch
View File

@ -1,41 +0,0 @@
From 2c9bdcf579e430fa8f7e5595a17cf7242adb5216 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Fri, 11 Oct 2019 09:20:20 +0200
Subject: [PATCH] KCM: Set kdc_offset to zero initially
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Resolves: https://pagure.io/SSSD/sssd/issue/4100
KCM assumed that the client library would always set the KDC offset, but
that's not always the case, especially when using multiple krb contexts
from the client application:
https://bugzilla.redhat.com/show_bug.cgi?id=1757224#c64
Heimdal also creates ccaches with zero kdc_offset:
https://github.com/heimdal/heimdal/commit/9f58896af958ae5e6e3ebde8c48dad4eda841986
so we should do the same..
Reviewed-by: Michal Židek <mzidek@redhat.com>
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
---
src/responder/kcm/kcmsrv_ccache.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/responder/kcm/kcmsrv_ccache.c b/src/responder/kcm/kcmsrv_ccache.c
index e24da9aa2..66e2752ba 100644
--- a/src/responder/kcm/kcmsrv_ccache.c
+++ b/src/responder/kcm/kcmsrv_ccache.c
@@ -82,7 +82,7 @@ errno_t kcm_cc_new(TALLOC_CTX *mem_ctx,
cc->owner.uid = cli_creds_get_uid(owner);
cc->owner.gid = cli_creds_get_gid(owner);
- cc->kdc_offset = INT32_MAX;
+ cc->kdc_offset = 0;
talloc_set_destructor(cc, kcm_cc_destructor);
*_cc = cc;
--
2.23.0

49
0001-SSS_CLIENT-got-rid-of-using-PRNG.patch
View File

@ -1,49 +0,0 @@
From e47f143bcb86d04aa053c17373f9d9991fc63913 Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Mon, 14 Oct 2019 11:38:06 +0200
Subject: [PATCH] SSS_CLIENT: got rid of using PRNG
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
1) no reason to expect "thundering herd issue"
2) randomization as it was done (strictly 1 or 2 secs)
would not help much anyway
3) usage of PRNG might break app that depends on deterministic
PRNG behaviour
Resolves: https://pagure.io/SSSD/sssd/issue/4094
Reviewed-by: Michal Židek <mzidek@redhat.com>
---
src/sss_client/common.c | 7 +------
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/src/sss_client/common.c b/src/sss_client/common.c
index 930efe4a1..270ca8b54 100644
--- a/src/sss_client/common.c
+++ b/src/sss_client/common.c
@@ -566,11 +566,6 @@ static int sss_cli_open_socket(int *errnop, const char *socket_name, int timeout
/* this piece is adapted from winbind client code */
wait_time = 0;
sleep_time = 0;
- /* This is not security relevant functionality and
- * it is undesirable to pull unnecessary dependency (util/crypto)
- * so plain srand() & rand() are used here.
- */
- srand(time(NULL) * getpid());
while (inprogress) {
int connect_errno = 0;
socklen_t errnosize;
@@ -605,7 +600,7 @@ static int sss_cli_open_socket(int *errnop, const char *socket_name, int timeout
break;
case EAGAIN:
if (wait_time < timeout) {
- sleep_time = rand() % 2 + 1;
+ sleep_time = 1;
sleep(sleep_time);
}
break;
--
2.23.0

29
0002-BUILD-Accept-krb5-1.18-for-building-the-PAC-plugin.patch Normal file
View File

@ -0,0 +1,29 @@
From 399ee9d1af9cca4026ce50c58ce25c45a30c85c2 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lslebodn@redhat.com>
Date: Sat, 1 Feb 2020 17:39:07 +0000
Subject: [PATCH] BUILD: Accept krb5 1.18 for building the PAC plugin
Merges: https://pagure.io/SSSD/sssd/pull-request/4152
Reviewed-by: Sumit Bose <sbose@redhat.com>
---
src/external/pac_responder.m4 | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/external/pac_responder.m4 b/src/external/pac_responder.m4
index dc986a1b8..114d8470f 100644
--- a/src/external/pac_responder.m4
+++ b/src/external/pac_responder.m4
@@ -19,7 +19,8 @@ then
Kerberos\ 5\ release\ 1.14* | \
Kerberos\ 5\ release\ 1.15* | \
Kerberos\ 5\ release\ 1.16* | \
- Kerberos\ 5\ release\ 1.17*)
+ Kerberos\ 5\ release\ 1.17* | \
+ Kerberos\ 5\ release\ 1.18*)
krb5_version_ok=yes
AC_MSG_RESULT([yes])
;;
--
2.20.1

2
sources
View File

@ -1 +1 @@
SHA512 (sssd-2.2.2.tar.gz) = 4cce8fdbcc05d1469dad5ba987cb0f9bc33702b37f85e8e248975461bb50b0740fec92ff213bdb640b506405be7ead936ff253ab02d4a27205ddf20cc0e54801 SHA512 (sssd-2.2.3.tar.gz) = b61d52a53e26e8efa9cb799fc6efc2314bf9d174d3cacfe591a4ca77530637591eacc0dc70c0555252e04a9617e8b134b1ab2d9b0f7351b4228e7b61499e6a10

27
sssd.spec
View File

@ -35,28 +35,16 @@
%endif %endif
Name: sssd Name: sssd
Version: 2.2.2 Version: 2.2.3
Release: 6%{?dist} Release: 1%{?dist}
Summary: System Security Services Daemon Summary: System Security Services Daemon
License: GPLv3+ License: GPLv3+
URL: https://pagure.io/SSSD/sssd/ URL: https://pagure.io/SSSD/sssd/
Source0: https://releases.pagure.org/SSSD/sssd/%{name}-%{version}.tar.gz Source0: https://releases.pagure.org/SSSD/sssd/%{name}-%{version}.tar.gz
### Patches ### ### Patches ###
Patch0001: 0001-Fix-build-failure-against-samba-4.12.0rc1.patch
# Fix KCM cached tickets behaving as if expired shortly after issue Patch0002: 0002-BUILD-Accept-krb5-1.18-for-building-the-PAC-plugin.patch
# https://github.com/SSSD/sssd/pull/904
# https://bugzilla.redhat.com/show_bug.cgi?id=1757224
Patch0: 0001-KCM-Set-kdc_offset-to-zero-initially.patch
# Workaround a problem setting up replica in containers
# https://github.com/SSSD/sssd/pull/900
# https://bugzilla.redhat.com/show_bug.cgi?id=1755643
Patch1: 0001-SSS_CLIENT-got-rid-of-using-PRNG.patch
# Work around samba 4.12.0rc1 dropping a function we use
Patch2: 0001-Fix-build-failure-against-samba-4.12.0rc1.patch
### Downstream only patches ### ### Downstream only patches ###
Patch0502: 0502-SYSTEMD-Use-capabilities.patch Patch0502: 0502-SYSTEMD-Use-capabilities.patch
@ -86,6 +74,7 @@ Suggests: sssd-dbus = %{version}-%{release}
### Build Dependencies ### ### Build Dependencies ###
BuildRequires: make
BuildRequires: autoconf BuildRequires: autoconf
BuildRequires: automake BuildRequires: automake
BuildRequires: libtool BuildRequires: libtool
@ -788,6 +777,7 @@ done
%{_datadir}/sssd/systemtap/id_perf.stp %{_datadir}/sssd/systemtap/id_perf.stp
%{_datadir}/sssd/systemtap/nested_group_perf.stp %{_datadir}/sssd/systemtap/nested_group_perf.stp
%{_datadir}/sssd/systemtap/dp_request.stp %{_datadir}/sssd/systemtap/dp_request.stp
%{_datadir}/sssd/systemtap/ldap_perf.stp
%dir %{_datadir}/systemtap %dir %{_datadir}/systemtap
%dir %{_datadir}/systemtap/tapset %dir %{_datadir}/systemtap/tapset
%{_datadir}/systemtap/tapset/sssd.stp %{_datadir}/systemtap/tapset/sssd.stp
@ -799,6 +789,7 @@ done
%license COPYING %license COPYING
%{_libdir}/%{name}/libsss_ldap.so %{_libdir}/%{name}/libsss_ldap.so
%{_mandir}/man5/sssd-ldap.5* %{_mandir}/man5/sssd-ldap.5*
%{_mandir}/man5/sssd-ldap-attributes.5*
%files krb5-common %files krb5-common
%license COPYING %license COPYING
@ -1082,6 +1073,10 @@ fi
%{_libdir}/%{name}/modules/libwbclient.so %{_libdir}/%{name}/modules/libwbclient.so
%changelog %changelog
* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-1
- Update to latest released upstream version
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_2_2_3.htm
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.2-6 * Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.2-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild