Resolves: rhbz#2011224 - Rebase SSSD for RHEL 9.0-GA
Resolves: rhbz#2017390 - [sssd] RHEL 9.0 GA Tier 0 Localization Resolves: rhbz#2013263 - [RHEL9] Add ability to parse child log files Resolves: rhbz#2013262 - [RHEL9] Add tevent chain ID logic into responders Resolves: rhbz#1992432 - Add client certificate validation D-Bus API Resolves: rhbz#1940517 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs
This commit is contained in:
parent
5309d21cac
commit
6a5a87a373
1
.gitignore
vendored
1
.gitignore
vendored
@ -94,3 +94,4 @@ sssd-1.2.91.tar.gz
|
||||
/sssd-2.5.1.tar.gz
|
||||
/sssd-2.5.2.tar.gz
|
||||
/sssd-2.6.1.tar.gz
|
||||
/sssd-2.6.2.tar.gz
|
||||
|
33
0001-ipa-fix-reply-socket-of-selinux_child.patch
Normal file
33
0001-ipa-fix-reply-socket-of-selinux_child.patch
Normal file
@ -0,0 +1,33 @@
|
||||
From 5a2e0ebe83913e317f66478daeff35987c278e27 Mon Sep 17 00:00:00 2001
|
||||
From: Sumit Bose <sbose@redhat.com>
|
||||
Date: Tue, 4 Jan 2022 10:11:49 +0100
|
||||
Subject: [PATCH] ipa: fix reply socket of selinux_child
|
||||
|
||||
Commit c92d39a30fa0162d4efdfbe5883c8ea9911a2249 accidentally switched
|
||||
the reply socket of selinux_child from stdout to stderr while switching
|
||||
from exec_child to exec_child_ex. This patch returns the original
|
||||
behavior.
|
||||
|
||||
Resolves: https://github.com/SSSD/sssd/issues/5939
|
||||
|
||||
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
|
||||
---
|
||||
src/providers/ipa/ipa_selinux.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/providers/ipa/ipa_selinux.c b/src/providers/ipa/ipa_selinux.c
|
||||
index 6f885c0fd..2e0593dd7 100644
|
||||
--- a/src/providers/ipa/ipa_selinux.c
|
||||
+++ b/src/providers/ipa/ipa_selinux.c
|
||||
@@ -714,7 +714,7 @@ static errno_t selinux_fork_child(struct selinux_child_state *state)
|
||||
if (pid == 0) { /* child */
|
||||
exec_child_ex(state, pipefd_to_child, pipefd_from_child,
|
||||
SELINUX_CHILD, SELINUX_CHILD_LOG_FILE, extra_args,
|
||||
- false, STDIN_FILENO, STDERR_FILENO);
|
||||
+ false, STDIN_FILENO, STDOUT_FILENO);
|
||||
DEBUG(SSSDBG_CRIT_FAILURE, "Could not exec selinux_child: [%d][%s].\n",
|
||||
ret, sss_strerror(ret));
|
||||
return ret;
|
||||
--
|
||||
2.26.3
|
||||
|
1249
0002-po-update-translations.patch
Normal file
1249
0002-po-update-translations.patch
Normal file
File diff suppressed because it is too large
Load Diff
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (sssd-2.6.1.tar.gz) = 5b35a66c37593de738f52d5ad2f7860067af4061bd11b2f5c4b701177ef1bc3091d3c3df573d751339e9c9bb07476988b0b030b91b6a33adcb663df16be80d81
|
||||
SHA512 (sssd-2.6.2.tar.gz) = 56a10d96be828790b3278fd2f2476f0f1d97cf0ce6a7d6bad6e8797ed3863098889c3b12b4ebf63883a44886a548c4ee082d3dd8d373553b38dd39e29bc7339d
|
||||
|
35
sssd.spec
35
sssd.spec
@ -26,7 +26,7 @@
|
||||
%global samba_package_version %(rpm -q samba-devel --queryformat %{version}-%{release})
|
||||
|
||||
Name: sssd
|
||||
Version: 2.6.1
|
||||
Version: 2.6.2
|
||||
Release: 1%{?dist}
|
||||
Summary: System Security Services Daemon
|
||||
License: GPLv3+
|
||||
@ -34,7 +34,8 @@ URL: https://github.com/SSSD/sssd/
|
||||
Source0: https://github.com/SSSD/sssd/releases/download/%{version}/sssd-%{version}.tar.gz
|
||||
|
||||
### Patches ###
|
||||
#Patch0001:
|
||||
Patch0001: 0001-ipa-fix-reply-socket-of-selinux_child.patch
|
||||
Patch0002: 0002-po-update-translations.patch
|
||||
|
||||
### Dependencies ###
|
||||
|
||||
@ -43,7 +44,7 @@ Requires: sssd-common = %{version}-%{release}
|
||||
Requires: sssd-ipa = %{version}-%{release}
|
||||
Requires: sssd-krb5 = %{version}-%{release}
|
||||
Requires: sssd-ldap = %{version}-%{release}
|
||||
Suggests: sssd-proxy = %{version}-%{release}
|
||||
Requires: sssd-proxy = %{version}-%{release}
|
||||
Suggests: logrotate
|
||||
Suggests: python3-sssdconfig = %{version}-%{release}
|
||||
Suggests: sssd-dbus = %{version}-%{release}
|
||||
@ -78,6 +79,7 @@ BuildRequires: gettext-devel
|
||||
BuildRequires: gnutls-utils
|
||||
BuildRequires: keyutils-libs-devel
|
||||
BuildRequires: krb5-devel
|
||||
BuildRequires: krb5-libs >= 1.18.2
|
||||
BuildRequires: libcmocka-devel >= 1.0.0
|
||||
BuildRequires: libdhash-devel >= 0.4.2
|
||||
BuildRequires: libini_config-devel >= 1.1
|
||||
@ -137,6 +139,7 @@ License: GPLv3+
|
||||
# Requires
|
||||
# due to ABI changes in 1.1.30/1.2.0
|
||||
Requires: libldb >= %{ldb_version}
|
||||
Requires: libtevent >= 0.11.0
|
||||
Requires: sssd-client%{?_isa} = %{version}-%{release}
|
||||
Requires: (libsss_sudo = %{version}-%{release} if sudo)
|
||||
Requires: (libsss_autofs%{?_isa} = %{version}-%{release} if autofs)
|
||||
@ -194,8 +197,9 @@ Requires: sssd-common = %{version}-%{release}
|
||||
Requires: python3-sss = %{version}-%{release}
|
||||
Requires: python3-sssdconfig = %{version}-%{release}
|
||||
Requires: libsss_certmap = %{version}-%{release}
|
||||
# for logger=journald support with sss_analyze
|
||||
Requires: python3-systemd
|
||||
Suggests: sssd-dbus
|
||||
Requires: sssd-dbus
|
||||
|
||||
%description tools
|
||||
Provides userspace tools for manipulating users, groups, and nested groups in
|
||||
@ -468,6 +472,7 @@ Library to map certificates to users based on rules
|
||||
Summary: An implementation of a Kerberos KCM server
|
||||
License: GPLv3+
|
||||
Requires: sssd-common = %{version}-%{release}
|
||||
Requires: krb5-libs >= 1.18.2
|
||||
%{?systemd_requires}
|
||||
|
||||
%description kcm
|
||||
@ -510,6 +515,10 @@ autoreconf -ivf
|
||||
%{nil}
|
||||
|
||||
%make_build all docs runstatedir=%{_rundir}
|
||||
make -C po ja.gmo
|
||||
make -C po fr.gmo
|
||||
make -C po ko.gmo
|
||||
make -C po zh_CN.gmo
|
||||
|
||||
sed -i -e 's:/usr/bin/python:/usr/bin/python3:' src/tools/sss_obfuscate
|
||||
|
||||
@ -520,7 +529,7 @@ unset CK_TIMEOUT_MULTIPLIER
|
||||
|
||||
%install
|
||||
|
||||
%py3_shebang_fix src/tools/analyzer/sss_analyze.py
|
||||
%py3_shebang_fix src/tools/analyzer/sss_analyze
|
||||
|
||||
%make_install
|
||||
|
||||
@ -540,6 +549,10 @@ mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d
|
||||
cp $RPM_BUILD_ROOT/%{_datadir}/sssd-kcm/kcm_default_ccache \
|
||||
$RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/kcm_default_ccache
|
||||
|
||||
# krb5 configuration snippet
|
||||
cp $RPM_BUILD_ROOT/%{_datadir}/sssd/krb5-snippets/enable_sssd_conf_dir \
|
||||
$RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/enable_sssd_conf_dir
|
||||
|
||||
# Create directory for cifs-idmap alternative
|
||||
# Otherwise this directory could not be owned by sssd-client
|
||||
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/cifs-utils
|
||||
@ -766,6 +779,9 @@ done
|
||||
%license COPYING
|
||||
%{_libdir}/%{name}/libsss_krb5.so
|
||||
%{_mandir}/man5/sssd-krb5.5*
|
||||
%config(noreplace) %{_sysconfdir}/krb5.conf.d/enable_sssd_conf_dir
|
||||
%dir %{_datadir}/sssd/krb5-snippets
|
||||
%{_datadir}/sssd/krb5-snippets/enable_sssd_conf_dir
|
||||
|
||||
%files common-pac
|
||||
%license COPYING
|
||||
@ -843,6 +859,7 @@ done
|
||||
%{_sbindir}/sss_debuglevel
|
||||
%{_sbindir}/sss_seed
|
||||
%{_sbindir}/sssctl
|
||||
%{_libexecdir}/%{servicename}/sss_analyze
|
||||
%{python3_sitelib}/sssd/
|
||||
%{_mandir}/man8/sss_obfuscate.8*
|
||||
%{_mandir}/man8/sss_override.8*
|
||||
@ -1019,6 +1036,14 @@ fi
|
||||
%systemd_postun_with_restart sssd.service
|
||||
|
||||
%changelog
|
||||
* Mon Jan 03 2022 Alexey Tikhonov <atikhono@redhat.com> - 2.6.2-1
|
||||
- Resolves: rhbz#2011224 - Rebase SSSD for RHEL 9.0-GA
|
||||
- Resolves: rhbz#2017390 - [sssd] RHEL 9.0 GA Tier 0 Localization
|
||||
- Resolves: rhbz#2013263 - [RHEL9] Add ability to parse child log files
|
||||
- Resolves: rhbz#2013262 - [RHEL9] Add tevent chain ID logic into responders
|
||||
- Resolves: rhbz#1992432 - Add client certificate validation D-Bus API
|
||||
- Resolves: rhbz#1940517 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs
|
||||
|
||||
* Mon Dec 06 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.6.1-1
|
||||
- Resolves: rhbz#2011224 - Rebase SSSD for RHEL 9.0-GA
|
||||
- Resolves: rhbz#1966201 - sssd: incorrect checks on length values during packet decoding in unpack_authtok()
|
||||
|
Loading…
Reference in New Issue
Block a user