From 03cfa0ca67c32d9aa59b740572efe4b06c350b3529fdc9dd7d46e7501d8cd398 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 15 Oct 2024 15:33:24 +0200 Subject: [PATCH] sssd 2.10.0 --- harden_sssd-kcm.service.patch | 14 +++++++++----- sssd-2.10.0.tar.gz | 3 +++ sssd-2.10.0.tar.gz.asc | 16 ++++++++++++++++ sssd-2.9.5.tar.gz | 3 --- sssd-2.9.5.tar.gz.asc | 16 ---------------- sssd.changes | 18 ++++++++++++++++++ sssd.spec | 11 ++++++----- 7 files changed, 52 insertions(+), 29 deletions(-) create mode 100644 sssd-2.10.0.tar.gz create mode 100644 sssd-2.10.0.tar.gz.asc delete mode 100644 sssd-2.9.5.tar.gz delete mode 100644 sssd-2.9.5.tar.gz.asc diff --git a/harden_sssd-kcm.service.patch b/harden_sssd-kcm.service.patch index 183e0b0..6526831 100644 --- a/harden_sssd-kcm.service.patch +++ b/harden_sssd-kcm.service.patch @@ -1,7 +1,11 @@ -Index: sssd-2.5.2/src/sysv/systemd/sssd-kcm.service.in +--- + src/sysv/systemd/sssd-kcm.service.in | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +Index: sssd-2.10.0/src/sysv/systemd/sssd-kcm.service.in =================================================================== ---- sssd-2.5.2.orig/src/sysv/systemd/sssd-kcm.service.in -+++ sssd-2.5.2/src/sysv/systemd/sssd-kcm.service.in +--- sssd-2.10.0.orig/src/sysv/systemd/sssd-kcm.service.in ++++ sssd-2.10.0/src/sysv/systemd/sssd-kcm.service.in @@ -8,6 +8,19 @@ After=sssd-kcm.socket Also=sssd-kcm.socket @@ -20,5 +24,5 @@ Index: sssd-2.5.2/src/sysv/systemd/sssd-kcm.service.in +RestrictRealtime=true +# end of automatic additions Environment=DEBUG_LOGGER=--logger=files - ExecStartPre=-@sbindir@/sssd --genconf-section=kcm - ExecStart=@libexecdir@/sssd/sssd_kcm --uid 0 --gid 0 ${DEBUG_LOGGER} + ExecStartPre=+-/bin/chown -f @SSSD_USER@:@SSSD_USER@ @sssdconfdir@ + ExecStartPre=+-/bin/chown -f @SSSD_USER@:@SSSD_USER@ @sssdconfdir@/sssd.conf diff --git a/sssd-2.10.0.tar.gz b/sssd-2.10.0.tar.gz new file mode 100644 index 0000000..38e2605 --- /dev/null +++ b/sssd-2.10.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0b1167e8017209ec25b9683e0006947eaa0cfd7a8161bfea120bd8511006db0d +size 9177851 diff --git a/sssd-2.10.0.tar.gz.asc b/sssd-2.10.0.tar.gz.asc new file mode 100644 index 0000000..3783730 --- /dev/null +++ b/sssd-2.10.0.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEwTzQf/stsUCORXo809IbKRDPZ1kFAmcOPUoACgkQ09IbKRDP +Z1myuA//anDvdZcQp0EUia2NsiWt2MFE8esmsEIN6QmEYjUxvEeXI9q4YJQimMi8 +wdt0zqZE1PLrTcroWaeGcgt2+CJWUbVanZtNn3oo7lUVYrLKemrUzavM7dXTaA43 +cdKAFyEO+nHJQ2yBNUt6sRXc3tM0H27yZs0iL+CcYu6YshUTbMnZuwdpz7DqDTN8 +nbG+LWa+U0en5mI3waP8Ionwmdv9AJAuCHQZLlZDpM0+YfGumcIUJdbxU/I8pqP8 +MQaulPv3e+BNwdbUiLlk0cXRjuEfSd0bmMa3MqB4IqMvvjACU0GuSgK3FDhutZJe +HfmzYSo/Zntmr7F/eYLz6zy/GU3VewEilOyRV08oz+EVJRbGyo2t4k6PUYbn+I4V +kJ/maed5jnBzIZGf6o+P1r+3mavJg7k2LDV4s48MsZ4Y5ED4X0c+boT1L5FZbquW +gp99Di0RG4VoWiYOfVfszLzeDWOLbOrKMyA6PTqlmjGYAdV9SBwZP5WEdwXyPovo +D7uual7Eqdd+Y/lt+8O4Wd+Y+a9xI2kwVFo8KYmHc8PhgLpPIKTWbBTEI+0nw3fJ +qqyyA7JWA81bt4WKVuJaeS87S/9F4yn8ps2dzSgHjZ2Tzr7Eu1a3RWLjKYsjKZrT +PPd2d/02rQAZPwLYHN5qM3Xjh0DD7IiXav1QuIPxmUQA9z8ZiuA= +=mJVY +-----END PGP SIGNATURE----- diff --git a/sssd-2.9.5.tar.gz b/sssd-2.9.5.tar.gz deleted file mode 100644 index 09b8ff1..0000000 --- a/sssd-2.9.5.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:bf955cc26b6d215bbb9083eadb613f78d7b727fb023f39987aec37680ae40ae3 -size 8001964 diff --git a/sssd-2.9.5.tar.gz.asc b/sssd-2.9.5.tar.gz.asc deleted file mode 100644 index 05b00fc..0000000 --- a/sssd-2.9.5.tar.gz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEwTzQf/stsUCORXo809IbKRDPZ1kFAmZF8CMACgkQ09IbKRDP -Z1lSVQ/9EPVvWUX1z/pHfbvDjRpfD+LDbDceYB4YBh0caYpMVFm/2wHhFIjTYEpf -SmIR+SQp50NkRSK6tE/u+Swu+YUkiCqnEWv2y9wd4Uh2NKiukyiqBC1k2cn9URNu -oRreBM1KIRvTkdoyZwteELJ7vMLVr0UT2iIXZQFIIZX+LM3FNZJ5vFcj5fF0Hz1f -v8zR0VTB7xY/6U+4KikvMyM3fOPeTOJvEtMp4xDWyquRjCADjZasOQcKRQzXp1er -zs/qLcQ8eCODXhKelGqmppVIElW+72f1FNbMpBnlQ7VtFn6pn4sPazO0Hr7eNfZJ -Vc6GXN8zZ/oF5U4x7XSMVqeOHLQoLeb2HxgUzS+1Ig19FHOs6Xoj0dO5l/TOEFav -l61qytYnj3DNZjrMVLsMvOx3qGYK7PmyaWNoIJlLO2GbWKMP/8yBm35Ugd0jybSi -T7VWX+isQHfVhSZ9wD4/yYOBAU3lABORAjXkCWQp/vMR/KiHbfaajCAbl56KiijQ -eKYaq57EH3N+qKd1sqCrPfSw3HSqm3rngG1CsMasBQgLFs2aW+Mwo3UvQ1U/ykED -mOo2D9uhOQluv4AUSpKK6E8EXoPSxDFZI4WX37depO2VGXDO90JNfVamJXjy1+bH -d/RnoZfC7h7Vb1P1bPgGdsAFQBOP0FinbEjehpw0P0U2xAZQWek= -=pY7t ------END PGP SIGNATURE----- diff --git a/sssd.changes b/sssd.changes index 473f4d7..9e67996 100644 --- a/sssd.changes +++ b/sssd.changes @@ -1,3 +1,21 @@ +------------------------------------------------------------------- +Tue Oct 15 12:59:51 UTC 2024 - Jan Engelhardt + +- Update to release 2.10.0 + * The ``sssctl cache-upgrade`` command was removed. SSSD + performs automatic upgrades at startup when needed. + * Support of ``enumeration`` feature (i.e. ability to list all + users/groups using ``getent passwd/group`` without argument) + for AD/IPA providers is deprecated and might be removed in + further releases. + * The new tool ``sss_ssh_knownhosts`` can be used with ssh's + ``KnownHostsCommand`` configuration option to retrieve the + host's public keys from a remote server (FreeIPA, LDAP, + etc.). It replaces ```sss_ssh_knownhostsproxy``. + * The default value for ``ldap_id_use_start_tls`` changed from + false to true for improved security. + * https://github.com/SSSD/sssd/releases/tag/2.10.0 + ------------------------------------------------------------------- Tue Oct 1 10:15:07 UTC 2024 - Jan Engelhardt diff --git a/sssd.spec b/sssd.spec index 354fd6e..158b0a0 100644 --- a/sssd.spec +++ b/sssd.spec @@ -17,7 +17,7 @@ Name: sssd -Version: 2.9.5 +Version: 2.10.0 Release: 0 Summary: System Security Services Daemon License: GPL-3.0-or-later AND LGPL-3.0-or-later @@ -60,11 +60,12 @@ BuildRequires: pkgconfig(collection) >= 0.5.1 BuildRequires: pkgconfig(dbus-1) >= 1.0.0 BuildRequires: pkgconfig(dhash) >= 0.4.2 BuildRequires: pkgconfig(glib-2.0) -BuildRequires: pkgconfig(ini_config) >= 1.1.0 +BuildRequires: pkgconfig(ini_config) >= 1.3 BuildRequires: pkgconfig(jansson) BuildRequires: pkgconfig(ldb) >= 0.9.2 +BuildRequires: pkgconfig(libcap) BuildRequires: pkgconfig(libcares) -BuildRequires: pkgconfig(libcrypto) +BuildRequires: pkgconfig(libcrypto) >= 1.0.1 %if 0%{?suse_version} >= 1600 BuildRequires: pkgconfig(libcurl) %endif @@ -86,6 +87,8 @@ BuildRequires: pkgconfig(talloc) BuildRequires: pkgconfig(tdb) >= 1.1.3 BuildRequires: pkgconfig(tevent) BuildRequires: pkgconfig(uuid) +BuildRequires: python3-wheel +BuildRequires: python3-setuptools %if 0%{?suse_version} && 0%{?suse_version} < 1600 # samba-client-devel pulls samba-client-libs pulls libldap-2_4-2 wants libldap-data(-2.4); # this conflicts with @@ -414,7 +417,6 @@ autoreconf -fiv --with-subid %else --with-selinux=no \ - --with-semanage=no \ --with-libsifp \ --with-files-provider %endif @@ -598,7 +600,6 @@ fi %_unitdir/sssd-pac.socket %_unitdir/sssd-pac.service %_unitdir/sssd-pam.socket -%_unitdir/sssd-pam-priv.socket %_unitdir/sssd-pam.service %_unitdir/sssd-ssh.socket %_unitdir/sssd-ssh.service