diff --git a/sssd.changes b/sssd.changes index 67f7eaf..c30e9f7 100644 --- a/sssd.changes +++ b/sssd.changes @@ -3,6 +3,7 @@ Wed Dec 21 19:29:45 UTC 2022 - Jan Engelhardt - Take systemd units off the restart list that have RefuseManualStart=yes [boo#1206592] +- Add symvers.patch [boo#1206592] ------------------------------------------------------------------- Sun Dec 11 14:17:23 UTC 2022 - Jan Engelhardt diff --git a/sssd.spec b/sssd.spec index 7e7f554..9fc843a 100644 --- a/sssd.spec +++ b/sssd.spec @@ -31,6 +31,7 @@ Source5: %name.keyring Patch1: krb-noversion.diff Patch2: harden_sssd-ifp.service.patch Patch3: harden_sssd-kcm.service.patch +Patch4: symvers.patch BuildRequires: autoconf >= 2.59 BuildRequires: automake BuildRequires: bind-utils diff --git a/symvers.patch b/symvers.patch new file mode 100644 index 0000000..a80d511 --- /dev/null +++ b/symvers.patch @@ -0,0 +1,181 @@ +From: Jan Engelhardt +Date: 2022-12-22 00:09:20.375896408 +0100 +References: https://bugzilla.suse.com/show_bug.cgi?id=1206592 + +The theory for this sssd crash is that during rpm upgrading it, +sssd-2.8.2 gets installed, %post runs to restart it, but oh no, +sssd-ldap-2.7.4 is still in the system. sssd_be(-2.8.2) then falls +over its feet when it loads 2.7.4 .so files. Addin symvers like below +should prevent this and pin the modules to another: sssd_be's attempt +to dlopen libsss_ldap.so(-2.7.4) will fail because +libsss_ldap.so(-2.7.4) cannot find a libsss_util.so(-2.7.4), since +the system only has libsss_util.so(-2.8.2) at this point. + +--- + Makefile.am | 47 ++++++++++++++++++++++++++++++++--------------- + 1 file changed, 32 insertions(+), 15 deletions(-) + +Index: sssd-2.8.2/Makefile.am +=================================================================== +--- sssd-2.8.2.orig/Makefile.am ++++ sssd-2.8.2/Makefile.am +@@ -941,7 +941,11 @@ libsss_debug_la_SOURCES = \ + libsss_debug_la_LIBADD = \ + $(SYSLOG_LIBS) + libsss_debug_la_LDFLAGS = \ +- -avoid-version ++ -avoid-version ${symv} ++EXTRA_libsss_debug_la_DEPENDENCIES = x.sym ++symv = -Wl,--version-script=${builddir}/x.sym ++x.sym: ${top_builddir}/config.status ++ echo "V_${PACKAGE_VERSION} { global: *; };" >$@ + + pkglib_LTLIBRARIES += libsss_child.la + libsss_child_la_SOURCES = src/util/child_common.c +@@ -951,7 +955,8 @@ libsss_child_la_LIBADD = \ + $(DHASH_LIBS) \ + libsss_debug.la \ + $(NULL) +-libsss_child_la_LDFLAGS = -avoid-version ++libsss_child_la_LDFLAGS = -avoid-version ${symv} ++EXTRA_libsss_child_la_DEPENDENCIES = x.sym + + pkglib_LTLIBRARIES += libsss_crypt.la + +@@ -990,7 +995,8 @@ libsss_crypt_la_LIBADD = \ + libsss_debug.la \ + $(NULL) + libsss_crypt_la_LDFLAGS = \ +- -avoid-version ++ -avoid-version ${symv} ++EXTRA_libsss_crypt_la_DEPENDENCIES = x.sym + + pkglib_LTLIBRARIES += libsss_cert.la + +@@ -1015,8 +1021,9 @@ libsss_cert_la_LIBADD = \ + libsss_debug.la \ + $(NULL) + libsss_cert_la_LDFLAGS = \ +- -avoid-version \ ++ -avoid-version ${symv} \ + $(NULL) ++EXTRA_libsss_cert_la_DEPENDENCIES = x.sym + + generate-sbus-code: + $(builddir)/sbus_generate.sh $(abs_srcdir) +@@ -1117,8 +1124,9 @@ libsss_sbus_la_CFLAGS = \ + $(DBUS_CFLAGS) \ + $(NULL) + libsss_sbus_la_LDFLAGS = \ +- -avoid-version \ ++ -avoid-version ${symv} \ + $(NULL) ++EXTRA_libsss_sbus_la_DEPENDENCIES = x.sym + + pkglib_LTLIBRARIES += libsss_sbus_sync.la + libsss_sbus_sync_la_SOURCES = \ +@@ -1153,8 +1161,9 @@ libsss_sbus_sync_la_CFLAGS = \ + $(UNICODE_LIBS) \ + $(NULL) + libsss_sbus_sync_la_LDFLAGS = \ +- -avoid-version \ ++ -avoid-version ${symv} \ + $(NULL) ++EXTRA_libsss_sbus_sync_la_DEPENDENCIES = x.sym + + pkglib_LTLIBRARIES += libsss_iface.la + libsss_iface_la_SOURCES = \ +@@ -1183,8 +1192,9 @@ libsss_iface_la_CFLAGS = \ + $(DBUS_CFLAGS) \ + $(NULL) + libsss_iface_la_LDFLAGS = \ +- -avoid-version \ ++ -avoid-version ${symv} \ + $(NULL) ++EXTRA_libsss_iface_la_DEPENDENCIES = x.sym + + pkglib_LTLIBRARIES += libsss_iface_sync.la + libsss_iface_sync_la_SOURCES = \ +@@ -1211,8 +1221,9 @@ libsss_iface_sync_la_CFLAGS = \ + $(DBUS_CFLAGS) \ + $(NULL) + libsss_iface_sync_la_LDFLAGS = \ +- -avoid-version \ ++ -avoid-version ${symv} \ + $(NULL) ++EXTRA_libsss_iface_sync_la_DEPENDENCIES = x.sym + + pkglib_LTLIBRARIES += libsss_util.la + libsss_util_la_SOURCES = \ +@@ -1303,7 +1314,8 @@ endif + if BUILD_SYSTEMTAP + libsss_util_la_LIBADD += stap_generated_probes.lo + endif +-libsss_util_la_LDFLAGS = -avoid-version ++libsss_util_la_LDFLAGS = -avoid-version ${symv} ++EXTRA_libsss_util_la_DEPENDENCIES = x.sym + + pkglib_LTLIBRARIES += libsss_semanage.la + libsss_semanage_la_CFLAGS = \ +@@ -1322,7 +1334,8 @@ libsss_semanage_la_LIBADD += $(SEMANAGE_ + endif + + libsss_semanage_la_LDFLAGS = \ +- -avoid-version ++ -avoid-version ${symv} ++EXTRA_libsss_semanage_la_DEPENDENCIES = x.sym + + SSSD_INTERNAL_LTLIBS = \ + libsss_util.la \ +@@ -1338,7 +1351,7 @@ lib_LTLIBRARIES = libipa_hbac.la \ + $(NULL) + + pkgconfig_DATA += src/lib/ipa_hbac/ipa_hbac.pc +-libipa_hbac_la_DEPENDENCIES = src/lib/ipa_hbac/ipa_hbac.exports ++EXTRA_libipa_hbac_la_DEPENDENCIES = src/lib/ipa_hbac/ipa_hbac.exports + libipa_hbac_la_SOURCES = \ + src/lib/ipa_hbac/hbac_evaluator.c \ + src/util/sss_utf8.c +@@ -1664,8 +1677,9 @@ libifp_iface_la_CFLAGS = \ + $(DBUS_CFLAGS) \ + $(NULL) + libifp_iface_la_LDFLAGS = \ +- -avoid-version \ ++ -avoid-version ${symv} \ + $(NULL) ++EXTRA_libifp_iface_la_DEPENDENCIES = x.sym + + pkglib_LTLIBRARIES += libifp_iface_sync.la + libifp_iface_sync_la_SOURCES = \ +@@ -1690,8 +1704,9 @@ libifp_iface_sync_la_CFLAGS = \ + $(DBUS_CFLAGS) \ + $(NULL) + libifp_iface_sync_la_LDFLAGS = \ +- -avoid-version \ ++ -avoid-version ${symv} \ + $(NULL) ++EXTRA_libifp_iface_sync_la_DEPENDENCIES = x.sym + + sssd_ifp_SOURCES = \ + src/responder/ifp/ifpsrv.c \ +@@ -4196,8 +4211,9 @@ libsss_ldap_common_la_LIBADD = \ + $(SSSD_INTERNAL_LTLIBS) \ + $(NULL) + libsss_ldap_common_la_LDFLAGS = \ +- -avoid-version \ ++ -avoid-version ${symv} \ + $(NULL) ++EXTRA_libsss_ldap_common_la_DEPENDENCIES = x.sym + if BUILD_SYSTEMTAP + libsss_ldap_common_la_LIBADD += stap_generated_probes.lo + endif +@@ -4254,7 +4270,8 @@ libsss_krb5_common_la_LIBADD = \ + $(SSSD_INTERNAL_LTLIBS) \ + $(NULL) + libsss_krb5_common_la_LDFLAGS = \ +- -avoid-version ++ -avoid-version ${symv} ++EXTRA_libsss_krb5_common_la_DEPENDENCIES = x.sym + + libsss_ldap_la_SOURCES = \ + src/providers/ldap/ldap_init.c \