Accepting request 953255 from network:ldap

OBS-URL: https://build.opensuse.org/request/show/953255 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sssd?expand=0&rev=116
2022-02-11 22:06:59 +00:00 · 2022-02-11 22:06:59 +00:00 · abb0a0c14e
commit abb0a0c14e
parent 3f96c3189f f58a6368cb
7 changed files with 77 additions and 74 deletions
--- a/sssd-2.6.2.tar.gz
+++ b/sssd-2.6.2.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:5f6b45d853b41aa30b851914c7b6a4a4d6d59f270081ef583bdb3a47c4a78bfd
-size 7598580
--- a/sssd-2.6.2.tar.gz.asc
+++ b/sssd-2.6.2.tar.gz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEkwIBqrQt0ZRyELeDjXMmNRpyYhEFAmHEk+QACgkQjXMmNRpy
-YhHUoxAAr1W4aal74uK3bQrJR4eBOxNCqTlAllRs51nH2okBghmfgkHc40ylARmY
-KpNO/h0hohpQiz3gzcUiC0vpYvgcKSAAmv2MCYlnEQqZtGJDKJVYj/RKjvKCI1vx
-V85oTpp61hDm53P+KGrSx10QmCXvnOiD2TDxvuJ6ZLn5C/YGZroX4dg85QSsEyxQ
-ID1kHcclpgBU7RSmT1HDOUAW/2x/63kITK5YBnacgEt+sudj0LESVhsEJleIqq/y
-12gOazeQRMfW3lTxEvu7uqTmzNoxERgYeiQDsezA+5bhJHqeM5go+FN2jICdRnYg
-yby+F38TXtwfVqNqJATiHinudRO5dcW/GLdD7zQ0pJltrUOS1UxWqqUkpHEi5hpj
-9Je2Byd64c3Pg6xXbg4rkswszcP6J4wrzJEEGMvTdCMnezGFk9mUUF6ztZ8QSwr9
-1bSrQqHdAGfXDnthaZeF2ZZnAPTMtQl0Df/9/kwNpi8Cgir1U1AJGLM23TC47Bbl
-+VOiwj22GigEJWgvj1odjo+JjjLDgi+hIS3jaCHRadDovXBIdAhaUf+P84gx4uFE
-86gD65DrAXDlKV82xdDZJKHoiu6xE+krNseg5cpOFQzqFHFjM7ylFcqAQQbGAM0j
-LHpdxvgOda4efIGbG+AM5lChEzmJg1PpQ4G+0C0/t0TbR+34lIg=
-=lH57
-----END PGP SIGNATURE-----
--- a/sssd-2.6.3.tar.gz
+++ b/sssd-2.6.3.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3dd820b3da90cddbcb1041ef3c16102d78aad9d8c9ab25630e0c14a2f8992b18
+size 7510020
--- a/sssd-2.6.3.tar.gz.asc
+++ b/sssd-2.6.3.tar.gz.asc
@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCAAdFiEEGkHcZ1BfiaMwgotmr/513ehQjhIFAmHv2rIACgkQr/513ehQ
+jhK34ggAwKpJotxYdcCMbNVqj7oEFyjedbU8zvFuoV5c3E2L062wBEQnW4TcRs2B
+A0NNJrl9mwJc92+7mywhL/GCLlm/sefltvQGM+QS2GVaaMBgRcZmyg9Qi6v2BDzp
+hhpx3PxKmcOKbHstSnwAjUaqsKfwCJaPBT/43rR+WskWt6BJy0SiOPGNiTO7yZ/U
+uh90qrUBLsoWmRICldRdOVbdWV08AJBkng09uMiCAhMhAj/xk1mPCw2fwslBpJtg
+m5KaZZuRrzZC3qQqBzWUSDRx6EyljZkGFZW1qTgBaEQhopOz6K6h6xS7NqHGJO8k
+cLCtAysTxFkTaJBsuV7a/BL8c64rZg==
+=tt82
+-----END PGP SIGNATURE-----
--- a/sssd.changes
+++ b/sssd.changes
@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Wed Feb  9 13:17:30 UTC 2022 - Samuel Cabrero <scabrero@suse.de>
+
+- Remove caches only when performing a package downgrade. The sssd
+  daemon takes care of upgrading the database format when necessary
+  (bsc#1195552)
+
+-------------------------------------------------------------------
+Tue Jan 25 11:32:10 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 2.6.3
+  * A regression introduced in sssd-2.6.2 in the IPA provider
+    that prevented users from login was fixed. Access control
+    always denied access because the selinux_child returned an
+    unexpected reply.
+  * A critical regression that prevented authentication of users
+    via AD and IPA providers was fixed. LDAP port was reused for
+    Kerberos communication and this provider would send
+    incomprehensible information to this port.
+  * When authenticating AD users, backtrace was triggered even
+    though everything was working correctly. This was caused by a
+    search in the global catalog. Servers from the global catalog
+    are filtered out of the list before writing the KDC info
+    file. With this fix, SSSD does not attempt to write to the
+    KDC info file when performing a GC lookup.
+
 -------------------------------------------------------------------
 Mon Jan 17 17:27:40 UTC 2022 - Jan Engelhardt <jengelh@inai.de>

--- a/sssd.keyring
+++ b/sssd.keyring
@ -1,54 +1,30 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
-Comment: 9302 01AA B42D D194 7210  B783 8D73 2635 1A72 6211
-Comment: Alexey Tikhonov <atikhono@redhat.com>

-xsFNBF677TsBEAC6lxykcx6Ao4J0D6KiQ0+fi+NrsJkHgBT+4IRsVwanSOtVhGOb
-wkQqEeFlOgTExHE1A6THiMb0D4LVsuvjSIwwSOusdbPokp7iX2QyFIUJGfeFq6/V
-FEm3pAn+Rx2453uLqYtf6eISbHC6sWZxJ0+32rT173nQCbOKkWgcsClvjiLu7frA
-LweDaygWCjHwNrkm4brV7O3GHIgOYo6E/+0oxG4kcCvQw9IFlM8lf+eCw1Fn60Jt
-TVTos9tdlwF1kK/VQJvfPYsIgtA4QnDGjI6DvPflPIzL9vVzuGarjAYP1B+Wtjif
-JmHam2bYMk8u3hgkSh+fQTQ5SnmznIH6bqFfnwQRq2JL60JUaM3hcogSxA0RTsTO
-j9fBU+zJJuaX9RnfS9qlOfMY3sE3lEGNOAGtLRbeyOnfUttNQa9e0tKXJnXECmTL
-gKo8AD4Ulv9Y7i4Ap/WsDAJHLlH9K7AVGNB4OrL4gk/soQ54J60WuAUDsy3o2oby
-vNmy4FeKEVgHmOINe9jRVWgv4ao1w3AwNPtwznLcxLc7CXQwfDrlG63NMCFpWJ5p
-ih7rVODCuwOBzVJiD3aMEVyKud0gFpJbPFSqYJ29iiD0iPkvkKf17Iaf1iUsFdU9
-UpvPdoJYTm/CVf8rRueXgcOvaoDMhES0dlSD3Yoxz+eFHm4qpru6exWWMwARAQAB
-zSVBbGV4ZXkgVGlraG9ub3YgPGF0aWtob25vQHJlZGhhdC5jb20+wsGOBBMBCAA4
-FiEEkwIBqrQt0ZRyELeDjXMmNRpyYhEFAl677TsCGwMFCwkIBwIGFQoJCAsCBBYC
-AwECHgECF4AACgkQjXMmNRpyYhGL2A/8DBY1zfi+LL2bU6mnuI1ZGJURKD9WPstg
-tRv41sEQHphKQo6etiuUZ1p5q2yAkBNu7nl7MK3KfS1OGGaXf2dvTWI/MfHvfL7E
-WswbaHkGAnuZ2q2VET4EoXa5txp/reGpzas08anAaEjO+Xdax35Etv+KbfWCPNrZ
-/3Uu0L+kxWRrg0SBto9/1n76+8Hj3uyPMTQ9iPRc1wP55zRjhkvI5QLfO/7sf6zs
-iBt6mwVBbmQG0Yd7UvnNJvjVtVsxBb+y/jb5iPj6FGECbm60zy6yPcdO5oNnoW53
-d90figFAp2CRsbnO0n/HG6LFl68QJ0rhmZlK9NQXJKzuJTV6E0XRPGy53W904Rvy
-9ohPw7JKCrpHZ883A8BrSkmkLFkan4ZB2t2wjcbTMGy/+GyS4hYVKB8A6NEcLX/C
-WXTz7j2mUFJw18JwEB76YYalBmqDltYzuQN/cp0etkAjLYHXqrimlGd0nj/Y4yjU
-5hXMir8fyhUj73K737l2WD46SwNdAJFCZbux8rdQkoU1+qPFwsnExiUN1T6hhyb4
-FIirxtegzGqK4YALDewOUZuiGV1eOtBEldqmVG/AccMG9Pc2/ndHJKA3IsMhxE51
-9jRJ/83MxUM93bimd+iDSbJ7BArpPZI+E5xaaBkJGLmCRTTOCAfN7H0zgNyysjSy
-+ezwINWq6F/OwU0EXrvtOwEQANR5ZaGw75+6AyG42nBV+rKeJJPZYSnM+YWtkfbo
-Hk2ZF7qPWN5ZvanoyCrKKZl+tb00dGgjD19aKkpXX/P/erzG0iERhI+GthVZEEmU
-7Z0TQRGOA2CazwSNF7r4HApO47B2IE0xhHu0ceqmO0c0oObvOeuETXZHoynfa0Ge
-6IRX1exirc81PffFn1yNSc57BBwXCrx6ET9ZCEZyrm0tMpFoEquORZv2V2HBU8Sa
-cyrO3dsmg1O3+7Gc5wTec7SnHBQpi9Gnf40Q3AqC8D+ktjKnFXknK4ByTUb1G6tl
-KeWTYjvixBxUAfH25GDmGj/zyNabkRNrHGFECVBoSEY2TDMp7KSdIOQuOxQIOjl9
-L2Btt4bi1CLFu6jSZP8wWVhs7P6kez/K6RokXM+7zf3iGaF6EshDvtKKagq66J3Q
-WM3Hf6X4BhfaGO+/c+wdcUsIR+6dpOewq/vh4rZUxducWAQP+EQGmO7EqDNmuzYt
-MigIxPEJ4SToYLOr9O4nT3Ebdp6k+Kvncoszya/e8ZjURQqQK+7GlSp4g7YkxoPb
-cpkvHCK7UBWBVIqk3o7nTgAtcJbMwDKVGWC8F9gAJyMy5JVUMC2NU7C1FaJZIX13
-C1nP0MERxMFBj5IF37xY8jTtQeNastimiYcm3yVDDKayo8BN5PGZ3wRu2r+K7V9J
-kM0pABEBAAHCwXYEGAEIACAWIQSTAgGqtC3RlHIQt4ONcyY1GnJiEQUCXrvtOwIb
-DAAKCRCNcyY1GnJiEfd3D/49oGcBAelVx1pHEhwpg7P9anTvkNr9WndJf3P+jBNX
-aZk9pqo4MdxZ0kizW4Kww8+zXelMMD+zXt5igKwh/Yf0o/DIfsVWT4HAdZCYLrPT
-vU9sFDoIWUNQrQSNSxSAldz8xrd6DUjTo4lJowZToS4HFmUxwyWz9sAOnlDhO0bz
-mfQ/RmaCRFn9JaYQt6IaiKBQVzC2ZJbPJfJPZnSkr/qfgvT+o07V69Qk7DMEMEkU
-1th0T0USH6gFwLrSsHKN/P5+8V3xyP2BnQy6J/dOi8W5aEAptb2FIEroFsZHysz3
-25FAAkdxTS8IT9Da7XFtxRgTnBYGT5Fh5zSRHC45H+h4Krv1+Qs0eLXit74dC509
-xdqAqNFwniOUJvGIjZFPnWeiqU20/hW7TTaEr3xcEWdsvKXP+0GVLagq7YMDPgos
-W/GDajWT78l3nq6qkkU/vLlj81YMF5tnFP3oIsDPJTKEnqdommZNNf0yBvM4uhyK
-djlL2k2JFJfdPJ05BSXBD+TKsftZfxkAT+zSbK060nuIk2EGfH+0QIGcdUUYZtOw
-2o22jImdLfC6t8DEp4w5OlGC3K7i6K+5brfqYtzu8vNSbrBZaBf1yp6s8wg69dx/
-zqWpv28ZZ2lzjuHncw+QuHhA53EJs5McrCu6f0+kehBpOu7SNeDTnqjytZP/rE1N
-nQ==
-=p63T
+mQENBF65FqQBCADQQUcPSux/eX7fpP05HOW1HE32tBPWs5MPktMdzErrG7DTOaUo
+XxMhorPSHgt2Q5mX/LV4Yk2cRHk2uStWTtIVhtC62DPqstqfr0aC3TJ36LrsAr/s
+YaG2ktD26xADA5j67oP4lHN4+rjSbKfRLiLpSsABb4fx85SS066MsDQOQFEs1bsG
+UAqavdlRGUYXSA5uwwbJRRfI5ryeWyOpfpIIdJeyNDx6ZSuc8kgLm/PhNpwChiY2
+h7Qs4nekVT1c9ujyPTUQ+x8lnGblP8Kwb+ZtOp+aWMWZlxk2ifwFr+u1pKTr8we5
+DarQxMTjBwrRRuBk7RwYKXdj91jwMGSx6ZaRABEBAAG0JFBhdmVsIELFmWV6aW5h
+IDxwYnJlemluYUByZWRoYXQuY29tPokBTgQTAQgAOBYhBBpB3GdQX4mjMIKLZq/+
+dd3oUI4SBQJeuRakAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEK/+dd3o
+UI4SupUH/RRKqwHSYSIf37pFz6tsE5+7ASiCdVVdtOPtaXu43sRNLrCSu4CjisBu
+rdFPmd57jwQneyh5RUEXbY5jq4KK4nuHZppjlaGqs/8LIVl13x01zD+V/hlDZXfr
+BEDaE2PjUtacP+NvJWtYO/tHlTqxfFssFh7btO9EOYSfc7IhQ+hReKkX9K1dNLJM
+SYCDaDQRSxJeAnYX7E3mXoaIC7JXH0ZF1NS0a3SP/q7u+WsQ+j58Z0xMdP6lBd1M
+7ntNQ+BHz4+jlEgN9GXRTn7PIucpvVCEwTYysklIKbWJHi7J+C6ZV+4nDnaA0Z6J
+m+XGsbvc7/P1b4FpU9YAmBd7VqQG8Ve5AQ0EXrkWpAEIAKVIiPI6sZXhnrpKxYO0
+nNAazIkA0WtqTVeSPE0AkNXAW4wtbhluwfBEsYr6wU8ieDGU/KdIpwZprsKf4x3r
+kFgRRwnNpB9AhGNex4tzoHlNoAX601OOjhy44DaRrJKY1Zg+V2ljx6cySsX2zsQp
+/pKA5uN7Y4mWfZMPmlpljqYRXMIAZWf7F0dJTdh+Vv646ZBYg7mBfaVs3E5AKRZ+
+xNnxna7Se+OihyOcmMwtotMF8tlU8/yGyWTCoNu/86+eAVXWIpu358f1Q1Ez9bXI
+/neav857DTCGTXY5NNigunscMPje5MLEp9T1ozZl0ZK3LUcfh7w8IMLCB2YK/7zF
+NpcAEQEAAYkBNgQYAQgAIBYhBBpB3GdQX4mjMIKLZq/+dd3oUI4SBQJeuRakAhsM
+AAoJEK/+dd3oUI4S8FAH/0bHCGi6+sWnJqOqYwJIHPeYR33zb3D09jQYXWzadNGX
+F6nuGzNgqCUZ3+GK73hDXq/v9WyUhaLLvd7XGryQ5DGGO0ZkHD3Td+YMeoSdDVbQ
+PiTZS3DyQB0qHp6pKgjvDlbMYeqSVoletsa6ruSvFtE2kb+W6fRn6K8QeTyMA8Rn
+NIUOSaSwQjcETaexMuD2oyRmzDmdWTUOS/Q/Tn3HE7Yz8670CLM1yN70MfAHpeUt
+dIkFm9g3ZPTING+gC98iylLAFR1QKqz4HRWd8ofmnHemPpzAPGMITztwnZsLIPDj
+nZ/57dk9LQVekGFjWm5GYThUwrHWYRyzjGz/xOmjJoM=
+=b5K7
 -----END PGP PUBLIC KEY BLOCK-----
--- a/sssd.spec
+++ b/sssd.spec
@ -17,7 +17,7 @@


 Name:           sssd
-Version:        2.6.2
+Version:        2.6.3
 Release:        0
 Summary:        System Security Services Daemon
 License:        GPL-3.0-or-later and LGPL-3.0-or-later
@ -437,9 +437,6 @@ update-alternatives --install %cifs_idmap_plugin %cifs_idmap_name %cifs_idmap_li
 if [ "$1" = "0" -a -x "%_sbindir/pam-config" ]; then
 	"%_sbindir/pam-config" -d --sss || :
 fi
-# Clear caches, which may have an incompatible format afterwards
-# (especially, downgrades)
-rm -f /var/lib/sss/db/*.ldb
 # del_postun includes a try-restart
 %service_del_postun %services

@ -458,6 +455,15 @@ fi
 %post   -n libsss_simpleifp0 -p /sbin/ldconfig
 %postun -n libsss_simpleifp0 -p /sbin/ldconfig

+%triggerun -- %{name} < %{version}-%{release}
+# sssd takes care of upgrading the database but it doesn't handle downgrades.
+# Clear caches when downgrading the package, which may have an
+# incompatible format afterwards preventing the daemon from startup.
+if [ "$1" = "1" ] && [ "$2" = "2" ]; then
+	echo "Package downgrade detected, removing cache files which may have an incompatible format."
+	rm -f /var/lib/sss/db/*.ldb
+fi
+
 %pre dbus
 %service_add_pre sssd-ifp.service