From f7191ee1832b72a3207c5826820b9559e549e0487b80aad721649ad737c8bcef Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Thu, 30 Jan 2025 14:54:36 +0000 Subject: [PATCH 1/2] [info=28a3ba978ae4540af4c492a58e999467d0c02d55c52fe8115b623c28f983efd4] OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=339 --- _scmsync.obsinfo | 4 ++-- build.specials.obscpio | 2 +- harden_sssd-kcm.service.patch | 10 +++++----- sssd-2.10.1.tar.gz | 3 --- sssd-2.10.1.tar.gz.asc | 16 ---------------- sssd-2.10.2.tar.gz | 3 +++ sssd-2.10.2.tar.gz.asc | 16 ++++++++++++++++ sssd.changes | 12 ++++++++++++ sssd.spec | 2 +- 9 files changed, 40 insertions(+), 28 deletions(-) delete mode 100644 sssd-2.10.1.tar.gz delete mode 100644 sssd-2.10.1.tar.gz.asc create mode 100644 sssd-2.10.2.tar.gz create mode 100644 sssd-2.10.2.tar.gz.asc diff --git a/_scmsync.obsinfo b/_scmsync.obsinfo index 2ffe7ed..6e277a9 100644 --- a/_scmsync.obsinfo +++ b/_scmsync.obsinfo @@ -1,4 +1,4 @@ -mtime: 1737540774 -commit: 24b0354b14a71a7f013d2f8aed5051f5418b44f1879804a1f4fd45fd4d790c6e +mtime: 1738248861 +commit: 28a3ba978ae4540af4c492a58e999467d0c02d55c52fe8115b623c28f983efd4 url: https://src.opensuse.org/jengelh/sssd revision: master diff --git a/build.specials.obscpio b/build.specials.obscpio index ead51b9..f219e3a 100644 --- a/build.specials.obscpio +++ b/build.specials.obscpio @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:c06fc81ad2d5d68d2f6ad068570e2430ae05ca786714d5abdfb7df9db9fc5d40 +oid sha256:a483f9ca5cf14ace0801364df25bb34500f03f3fbb86aafdbe454719277a0770 size 256 diff --git a/harden_sssd-kcm.service.patch b/harden_sssd-kcm.service.patch index 5ff85b4..dd475a7 100644 --- a/harden_sssd-kcm.service.patch +++ b/harden_sssd-kcm.service.patch @@ -2,10 +2,10 @@ src/sysv/systemd/sssd-kcm.service.in | 13 +++++++++++++ 1 file changed, 13 insertions(+) -Index: sssd-2.10.0/src/sysv/systemd/sssd-kcm.service.in +Index: sssd-2.10.2/src/sysv/systemd/sssd-kcm.service.in =================================================================== ---- sssd-2.10.0.orig/src/sysv/systemd/sssd-kcm.service.in -+++ sssd-2.10.0/src/sysv/systemd/sssd-kcm.service.in +--- sssd-2.10.2.orig/src/sysv/systemd/sssd-kcm.service.in ++++ sssd-2.10.2/src/sysv/systemd/sssd-kcm.service.in @@ -8,6 +8,19 @@ After=sssd-kcm.socket Also=sssd-kcm.socket @@ -24,5 +24,5 @@ Index: sssd-2.10.0/src/sysv/systemd/sssd-kcm.service.in +RestrictRealtime=true +# end of automatic additions Environment=DEBUG_LOGGER=--logger=files - ExecStartPre=+-/bin/chown -f -R root:@SSSD_USER@ @sssdconfdir@ - ExecStartPre=+-/bin/chmod -f -R g+r @sssdconfdir@ + # '-H' is used with @sssdconfdir@ to support use case where /etc/sssd is a symlink. + # '-H' only allows following a command line argument itself, everything else encountered due to '-R' isn't followed. diff --git a/sssd-2.10.1.tar.gz b/sssd-2.10.1.tar.gz deleted file mode 100644 index 03c5c14..0000000 --- a/sssd-2.10.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ea6a690047cea1ecd50016aa30946f9348da37b46daa984f34bc72ddb767539f -size 9196848 diff --git a/sssd-2.10.1.tar.gz.asc b/sssd-2.10.1.tar.gz.asc deleted file mode 100644 index f720242..0000000 --- a/sssd-2.10.1.tar.gz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEwTzQf/stsUCORXo809IbKRDPZ1kFAmdYSb4ACgkQ09IbKRDP -Z1kRyRAAmkKhCUcBs4h2mDg7uzz7DfYFkHXEiY8EMoVP5Iw6ZsNL/V9fwF9xhj49 -XbnCfxj2zFfVWZd5VYnTpl86Hg3NrxuPehgM+iMAXS6U/55TvRPunCtTiRwoTZ4t -zSgiBaSg3I2hmSN2cnSU8PpilEDCIeSP3uafmGXI1KUxEQltVbp0EeJ5CL5GP3xU -rFgI1pKdTySlw6jZ3vjkAaHwdsJGB0MKtjiBJYtqvHmIzbUdSNN/iE5Wf5xsdtez -KKLUrnKeQFuNyYWpjipJvbs7i9+E5VKFvCfrqFb6vQbp+Rgd98epVjp2VKovNy8p -gZQmgfbi5GCWKuBx+dbaRSFa8hWemEwnBNboV6JKq4+CoPsMkI367utZV5gd58V5 -RHgLsrZfjahAXgG4ytwPhgKDV+sX+sSn4aXIdaSgc+vP7+ykLMxyzyR2GXyG+y11 -WrnovdR0HywHfzvlUnKQmcLUjCkXKVwIMw0oBRa8+YLTD08EeYgu+oXXDpGD0oL1 -YJLLBdr6ycR9Rk/sUqbZgEnzQZPYXazIraUrd71Ry8CaNvqi86Of7sX6SgSQQeg/ -ZPLNcPWPadG/9jpMNJNsXXEZicNJXznQczlXKvRXINOJzknJYwwgH+/55otbzNzq -EjlOmFEn07bGAHCsHTfydlCeYqD9x+WV/X8CReMFjcaaBH4TDms= -=S0c5 ------END PGP SIGNATURE----- diff --git a/sssd-2.10.2.tar.gz b/sssd-2.10.2.tar.gz new file mode 100644 index 0000000..937f396 --- /dev/null +++ b/sssd-2.10.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e8aa5e6b48ae465bea7064048715ce7e9c53b50ec6a9c69304f59e0d35be40ff +size 9200497 diff --git a/sssd-2.10.2.tar.gz.asc b/sssd-2.10.2.tar.gz.asc new file mode 100644 index 0000000..83f4adb --- /dev/null +++ b/sssd-2.10.2.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEwTzQf/stsUCORXo809IbKRDPZ1kFAmeaLD8ACgkQ09IbKRDP +Z1nLAxAAm9zM2u1XR3FBK6iy2xC+PoDWdu8Kh+oU0B6NgFK5LEJk9TWBdHlLpYcS +HugTfQb5wPfUejZTk9u8TIoVIa7pTYl3kGH8RuLnEUr5lBKdYaDf5BUb8uM7YaBP +NZQDqCFshNMMF8Z44HfRQltmqblJWj7TdFXJ8dCkRupbXjrbqiBrH5XjooLUK0dX +/7m63at6BZFjuuFt/QvA2QbwK3fa2wUxuX0vMrD6f2zZuWptcE3zhXaa/BtPm5ZD +8S5oC+RkKMGfLWNfIc1noXOZQIT+sGNyeUhq/QRFybcHZ+tXqJrNmfz/OWf5HZ/U +vsJDIWv4db83asTtU3j5+ec4+fRwv7BK8X2V2UnpPOrAhN0r+zWp98BwUfSCqHlR +E8dBlbAU3pRL1qDZG71tpIgHeDNtB42MM0UmmBY4w18nNBbp8Be6vtEbD6ktoa0P +2uZRO9v/RgeKQTs0hfuzsbHcpd1hQmhtfwGAlxTWuGkoSjZyk2xUiV3JZ/3/kWH5 +dCU26txrtgWFqLbUhanatFrdmdKwn5hp5eP/Px330zJVTjuILlqTZ1CLAW2B5Gal +JJT17j8ecqVedyHCkVnN9wD26ivwl8POBnrD3FfB6zKszcZewNRuKW24RyVamo6e +k4JVMTDzjOwr31Tt6eLhU0BsPA8G8wCntl3wj36T7VWh47ncsX8= +=vuNl +-----END PGP SIGNATURE----- diff --git a/sssd.changes b/sssd.changes index a087d1e..82714e4 100644 --- a/sssd.changes +++ b/sssd.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Thu Jan 30 14:24:04 UTC 2025 - Jan Engelhardt + +- Update to release 2.10.2 + * If the ssh responder is not running, sss_ssh_knownhosts will + not fail (but it will not return the keys). + * SSSD is now capable of handling multiple services associated + with the same port. + * sssd_pam, being a privileged binary, now clears the + environment and does not allow configuration of the + PR_SET_DUMPABLE flag as a precaution. + ------------------------------------------------------------------- Wed Jan 22 09:21:43 UTC 2025 - Dominique Leuenberger diff --git a/sssd.spec b/sssd.spec index ea82e01..fabc2c9 100644 --- a/sssd.spec +++ b/sssd.spec @@ -17,7 +17,7 @@ Name: sssd -Version: 2.10.1 +Version: 2.10.2 Release: 0 Summary: System Security Services Daemon License: GPL-3.0-or-later AND LGPL-3.0-or-later From a71b435f42562ae2f75de0f606ec2d6ec607a4799819fa61087dd6db7868c4dd Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Tue, 4 Feb 2025 22:47:19 +0000 Subject: [PATCH 2/2] [info=0dd76c3fb1e8976e3f2203732d255929ddd4647604210f34bc9970c9c866a7c6] OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=340 --- _scmsync.obsinfo | 4 ++-- build.specials.obscpio | 2 +- sssd-krb5-common-rpmlintrc | 2 ++ 3 files changed, 5 insertions(+), 3 deletions(-) create mode 100644 sssd-krb5-common-rpmlintrc diff --git a/_scmsync.obsinfo b/_scmsync.obsinfo index 6e277a9..eba147b 100644 --- a/_scmsync.obsinfo +++ b/_scmsync.obsinfo @@ -1,4 +1,4 @@ -mtime: 1738248861 -commit: 28a3ba978ae4540af4c492a58e999467d0c02d55c52fe8115b623c28f983efd4 +mtime: 1738574756 +commit: 0dd76c3fb1e8976e3f2203732d255929ddd4647604210f34bc9970c9c866a7c6 url: https://src.opensuse.org/jengelh/sssd revision: master diff --git a/build.specials.obscpio b/build.specials.obscpio index f219e3a..549d979 100644 --- a/build.specials.obscpio +++ b/build.specials.obscpio @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:a483f9ca5cf14ace0801364df25bb34500f03f3fbb86aafdbe454719277a0770 +oid sha256:057383006ab62d4a1ca24c5a28ada9061ca2aacd5b4b70b4384ba1850e394e6f size 256 diff --git a/sssd-krb5-common-rpmlintrc b/sssd-krb5-common-rpmlintrc new file mode 100644 index 0000000..ff4c9da --- /dev/null +++ b/sssd-krb5-common-rpmlintrc @@ -0,0 +1,2 @@ +# See https://github.com/SSSD/sssd/pull/7794 for details +addFilter("E: missing-call-to-setgroups-before-setuid")