rpms/sssd
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Resolves: rhbz#2011224 - Rebase SSSD for RHEL 9.0-GA

Browse Source 
Resolves: rhbz#2017390 - [sssd] RHEL 9.0 GA Tier 0 Localization
Resolves: rhbz#2013263 - [RHEL9] Add ability to parse child log files
Resolves: rhbz#2013262 - [RHEL9] Add tevent chain ID logic into responders
Resolves: rhbz#1992432 - Add client certificate validation D-Bus API
Resolves: rhbz#1940517 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs
This commit is contained in:
Alexey Tikhonov 2022-01-03 21:21:29 +01:00
parent 5309d21cac
commit 6a5a87a373
5 changed files with 1314 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -94,3 +94,4 @@ sssd-1.2.91.tar.gz
/sssd-2.5.1.tar.gz /sssd-2.5.1.tar.gz
/sssd-2.5.2.tar.gz /sssd-2.5.2.tar.gz
/sssd-2.6.1.tar.gz /sssd-2.6.1.tar.gz
/sssd-2.6.2.tar.gz

33
0001-ipa-fix-reply-socket-of-selinux_child.patch Normal file
View File

@ -0,0 +1,33 @@
From 5a2e0ebe83913e317f66478daeff35987c278e27 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Tue, 4 Jan 2022 10:11:49 +0100
Subject: [PATCH] ipa: fix reply socket of selinux_child
Commit c92d39a30fa0162d4efdfbe5883c8ea9911a2249 accidentally switched
the reply socket of selinux_child from stdout to stderr while switching
from exec_child to exec_child_ex. This patch returns the original
behavior.
Resolves: https://github.com/SSSD/sssd/issues/5939
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
---
src/providers/ipa/ipa_selinux.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/providers/ipa/ipa_selinux.c b/src/providers/ipa/ipa_selinux.c
index 6f885c0fd..2e0593dd7 100644
--- a/src/providers/ipa/ipa_selinux.c
+++ b/src/providers/ipa/ipa_selinux.c
@@ -714,7 +714,7 @@ static errno_t selinux_fork_child(struct selinux_child_state *state)
if (pid == 0) { /* child */
exec_child_ex(state, pipefd_to_child, pipefd_from_child,
SELINUX_CHILD, SELINUX_CHILD_LOG_FILE, extra_args,
- false, STDIN_FILENO, STDERR_FILENO);
+ false, STDIN_FILENO, STDOUT_FILENO);
DEBUG(SSSDBG_CRIT_FAILURE, "Could not exec selinux_child: [%d][%s].\n",
ret, sss_strerror(ret));
return ret;
--
2.26.3

1249
0002-po-update-translations.patch Normal file
View File

File diff suppressed because it is too large Load Diff

2
sources
View File

@ -1 +1 @@
SHA512 (sssd-2.6.1.tar.gz) = 5b35a66c37593de738f52d5ad2f7860067af4061bd11b2f5c4b701177ef1bc3091d3c3df573d751339e9c9bb07476988b0b030b91b6a33adcb663df16be80d81 SHA512 (sssd-2.6.2.tar.gz) = 56a10d96be828790b3278fd2f2476f0f1d97cf0ce6a7d6bad6e8797ed3863098889c3b12b4ebf63883a44886a548c4ee082d3dd8d373553b38dd39e29bc7339d

35
sssd.spec
View File

@ -26,7 +26,7 @@
%global samba_package_version %(rpm -q samba-devel --queryformat %{version}-%{release}) %global samba_package_version %(rpm -q samba-devel --queryformat %{version}-%{release})
Name: sssd Name: sssd
Version: 2.6.1 Version: 2.6.2
Release: 1%{?dist} Release: 1%{?dist}
Summary: System Security Services Daemon Summary: System Security Services Daemon
License: GPLv3+ License: GPLv3+
@ -34,7 +34,8 @@ URL: https://github.com/SSSD/sssd/
Source0: https://github.com/SSSD/sssd/releases/download/%{version}/sssd-%{version}.tar.gz Source0: https://github.com/SSSD/sssd/releases/download/%{version}/sssd-%{version}.tar.gz
### Patches ### ### Patches ###
#Patch0001: Patch0001: 0001-ipa-fix-reply-socket-of-selinux_child.patch
Patch0002: 0002-po-update-translations.patch
### Dependencies ### ### Dependencies ###
@ -43,7 +44,7 @@ Requires: sssd-common = %{version}-%{release}
Requires: sssd-ipa = %{version}-%{release} Requires: sssd-ipa = %{version}-%{release}
Requires: sssd-krb5 = %{version}-%{release} Requires: sssd-krb5 = %{version}-%{release}
Requires: sssd-ldap = %{version}-%{release} Requires: sssd-ldap = %{version}-%{release}
Suggests: sssd-proxy = %{version}-%{release} Requires: sssd-proxy = %{version}-%{release}
Suggests: logrotate Suggests: logrotate
Suggests: python3-sssdconfig = %{version}-%{release} Suggests: python3-sssdconfig = %{version}-%{release}
Suggests: sssd-dbus = %{version}-%{release} Suggests: sssd-dbus = %{version}-%{release}
@ -78,6 +79,7 @@ BuildRequires: gettext-devel
BuildRequires: gnutls-utils BuildRequires: gnutls-utils
BuildRequires: keyutils-libs-devel BuildRequires: keyutils-libs-devel
BuildRequires: krb5-devel BuildRequires: krb5-devel
BuildRequires: krb5-libs >= 1.18.2
BuildRequires: libcmocka-devel >= 1.0.0 BuildRequires: libcmocka-devel >= 1.0.0
BuildRequires: libdhash-devel >= 0.4.2 BuildRequires: libdhash-devel >= 0.4.2
BuildRequires: libini_config-devel >= 1.1 BuildRequires: libini_config-devel >= 1.1
@ -137,6 +139,7 @@ License: GPLv3+
# Requires # Requires
# due to ABI changes in 1.1.30/1.2.0 # due to ABI changes in 1.1.30/1.2.0
Requires: libldb >= %{ldb_version} Requires: libldb >= %{ldb_version}
Requires: libtevent >= 0.11.0
Requires: sssd-client%{?_isa} = %{version}-%{release} Requires: sssd-client%{?_isa} = %{version}-%{release}
Requires: (libsss_sudo = %{version}-%{release} if sudo) Requires: (libsss_sudo = %{version}-%{release} if sudo)
Requires: (libsss_autofs%{?_isa} = %{version}-%{release} if autofs) Requires: (libsss_autofs%{?_isa} = %{version}-%{release} if autofs)
@ -194,8 +197,9 @@ Requires: sssd-common = %{version}-%{release}
Requires: python3-sss = %{version}-%{release} Requires: python3-sss = %{version}-%{release}
Requires: python3-sssdconfig = %{version}-%{release} Requires: python3-sssdconfig = %{version}-%{release}
Requires: libsss_certmap = %{version}-%{release} Requires: libsss_certmap = %{version}-%{release}
# for logger=journald support with sss_analyze
Requires: python3-systemd Requires: python3-systemd
Suggests: sssd-dbus Requires: sssd-dbus
%description tools %description tools
Provides userspace tools for manipulating users, groups, and nested groups in Provides userspace tools for manipulating users, groups, and nested groups in
@ -468,6 +472,7 @@ Library to map certificates to users based on rules
Summary: An implementation of a Kerberos KCM server Summary: An implementation of a Kerberos KCM server
License: GPLv3+ License: GPLv3+
Requires: sssd-common = %{version}-%{release} Requires: sssd-common = %{version}-%{release}
Requires: krb5-libs >= 1.18.2
%{?systemd_requires} %{?systemd_requires}
%description kcm %description kcm
@ -510,6 +515,10 @@ autoreconf -ivf
%{nil} %{nil}
%make_build all docs runstatedir=%{_rundir} %make_build all docs runstatedir=%{_rundir}
make -C po ja.gmo
make -C po fr.gmo
make -C po ko.gmo
make -C po zh_CN.gmo
sed -i -e 's:/usr/bin/python:/usr/bin/python3:' src/tools/sss_obfuscate sed -i -e 's:/usr/bin/python:/usr/bin/python3:' src/tools/sss_obfuscate
@ -520,7 +529,7 @@ unset CK_TIMEOUT_MULTIPLIER
%install %install
%py3_shebang_fix src/tools/analyzer/sss_analyze.py %py3_shebang_fix src/tools/analyzer/sss_analyze
%make_install %make_install
@ -540,6 +549,10 @@ mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d
cp $RPM_BUILD_ROOT/%{_datadir}/sssd-kcm/kcm_default_ccache \ cp $RPM_BUILD_ROOT/%{_datadir}/sssd-kcm/kcm_default_ccache \
$RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/kcm_default_ccache $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/kcm_default_ccache
# krb5 configuration snippet
cp $RPM_BUILD_ROOT/%{_datadir}/sssd/krb5-snippets/enable_sssd_conf_dir \
$RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/enable_sssd_conf_dir
# Create directory for cifs-idmap alternative # Create directory for cifs-idmap alternative
# Otherwise this directory could not be owned by sssd-client # Otherwise this directory could not be owned by sssd-client
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/cifs-utils mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/cifs-utils
@ -766,6 +779,9 @@ done
%license COPYING %license COPYING
%{_libdir}/%{name}/libsss_krb5.so %{_libdir}/%{name}/libsss_krb5.so
%{_mandir}/man5/sssd-krb5.5* %{_mandir}/man5/sssd-krb5.5*
%config(noreplace) %{_sysconfdir}/krb5.conf.d/enable_sssd_conf_dir
%dir %{_datadir}/sssd/krb5-snippets
%{_datadir}/sssd/krb5-snippets/enable_sssd_conf_dir
%files common-pac %files common-pac
%license COPYING %license COPYING
@ -843,6 +859,7 @@ done
%{_sbindir}/sss_debuglevel %{_sbindir}/sss_debuglevel
%{_sbindir}/sss_seed %{_sbindir}/sss_seed
%{_sbindir}/sssctl %{_sbindir}/sssctl
%{_libexecdir}/%{servicename}/sss_analyze
%{python3_sitelib}/sssd/ %{python3_sitelib}/sssd/
%{_mandir}/man8/sss_obfuscate.8* %{_mandir}/man8/sss_obfuscate.8*
%{_mandir}/man8/sss_override.8* %{_mandir}/man8/sss_override.8*
@ -1019,6 +1036,14 @@ fi
%systemd_postun_with_restart sssd.service %systemd_postun_with_restart sssd.service
%changelog %changelog
* Mon Jan 03 2022 Alexey Tikhonov <atikhono@redhat.com> - 2.6.2-1
- Resolves: rhbz#2011224 - Rebase SSSD for RHEL 9.0-GA
- Resolves: rhbz#2017390 - [sssd] RHEL 9.0 GA Tier 0 Localization
- Resolves: rhbz#2013263 - [RHEL9] Add ability to parse child log files
- Resolves: rhbz#2013262 - [RHEL9] Add tevent chain ID logic into responders
- Resolves: rhbz#1992432 - Add client certificate validation D-Bus API
- Resolves: rhbz#1940517 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs
* Mon Dec 06 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.6.1-1 * Mon Dec 06 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.6.1-1
- Resolves: rhbz#2011224 - Rebase SSSD for RHEL 9.0-GA - Resolves: rhbz#2011224 - Rebase SSSD for RHEL 9.0-GA
- Resolves: rhbz#1966201 - sssd: incorrect checks on length values during packet decoding in unpack_authtok() - Resolves: rhbz#1966201 - sssd: incorrect checks on length values during packet decoding in unpack_authtok()