diff --git a/0005-implicit-decl.diff b/0005-implicit-decl.diff index 01ebb41..88cf672 100644 --- a/0005-implicit-decl.diff +++ b/0005-implicit-decl.diff @@ -14,13 +14,13 @@ crypto_sha512crypt.c:221:14: warning: incompatible implicit src/util/crypto/libcrypto/crypto_sha512crypt.c | 1 + 1 file changed, 1 insertion(+) -Index: sssd-1.8.0/src/util/crypto/libcrypto/crypto_sha512crypt.c +Index: sssd-1.9.2/src/util/crypto/libcrypto/crypto_sha512crypt.c =================================================================== ---- sssd-1.8.0.orig/src/util/crypto/libcrypto/crypto_sha512crypt.c -+++ sssd-1.8.0/src/util/crypto/libcrypto/crypto_sha512crypt.c -@@ -10,6 +10,7 @@ - /* SHA512-based Unix crypt implementation. - Released into the Public Domain by Ulrich Drepper . */ +--- sssd-1.9.2.orig/src/util/crypto/libcrypto/crypto_sha512crypt.c ++++ sssd-1.9.2/src/util/crypto/libcrypto/crypto_sha512crypt.c +@@ -12,6 +12,7 @@ + + #include "config.h" +#define _GNU_SOURCE 1 /* mempcpy */ #include diff --git a/sssd-1.8.93.tar.xz b/sssd-1.8.93.tar.xz deleted file mode 100644 index df18eaf..0000000 --- a/sssd-1.8.93.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d0577b6f27ea68ba164b701d84628c380bc82275b546fd20a624cfb752fd3e40 -size 1141600 diff --git a/sssd-1.9.2.tar.xz b/sssd-1.9.2.tar.xz new file mode 100644 index 0000000..8cbde6f --- /dev/null +++ b/sssd-1.9.2.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f1a597b8e26b083968199aff93c7768ca9aed6ded67cb394734377beb4b085fe +size 1224284 diff --git a/sssd-ldflags.diff b/sssd-ldflags.diff new file mode 100644 index 0000000..1ba81f7 --- /dev/null +++ b/sssd-ldflags.diff @@ -0,0 +1,115 @@ +From: Jan Engelhardt +Date: 2012-11-10 01:36:37.022064770 +0100 + +build: fix link failure because of wrong use of LDFLAGS + + ld: src/sss_client/sss_ssh_authorizedkeys-common.o: undefined + reference to symbol 'pthread_mutexattr_setrobust@@GLIBC_2.12' + +For the i'th time, +http://stackoverflow.com/questions/4241683/linker-flags-in-wrong-place + +The patch fixes the location of library names, and also adds them +to two program which need them. + +--- + Makefile.am | 23 +++++++++++++++-------- + 1 file changed, 15 insertions(+), 8 deletions(-) + +Index: sssd-1.9.2/Makefile.am +=================================================================== +--- sssd-1.9.2.orig/Makefile.am ++++ sssd-1.9.2/Makefile.am +@@ -746,8 +746,8 @@ sss_sudo_cli_SOURCES = \ + src/sss_client/common.c \ + src/sss_client/sudo_testcli/sudo_testcli.c + sss_sudo_cli_CFLAGS = $(AM_CFLAGS) +-sss_sudo_cli_LDFLAGS = $(CLIENT_LIBS) + sss_sudo_cli_LDADD = \ ++ $(CLIENT_LIBS) \ + libsss_sudo.la + endif + +@@ -758,6 +758,7 @@ sss_ssh_authorizedkeys_SOURCES = \ + src/sss_client/ssh/sss_ssh_authorizedkeys.c + sss_ssh_authorizedkeys_CFLAGS = $(AM_CFLAGS) + sss_ssh_authorizedkeys_LDADD = \ ++ $(CLIENT_LIBS) \ + libsss_util.la + + sss_ssh_knownhostsproxy_SOURCES = \ +@@ -766,6 +767,7 @@ sss_ssh_knownhostsproxy_SOURCES = \ + src/sss_client/ssh/sss_ssh_knownhostsproxy.c + sss_ssh_knownhostsproxy_CFLAGS = $(AM_CFLAGS) + sss_ssh_knownhostsproxy_LDADD = \ ++ $(CLIENT_LIBS) \ + libsss_util.la + endif + +@@ -1152,10 +1154,11 @@ libnss_sss_la_SOURCES = \ + src/sss_client/nss_mc_group.c \ + src/sss_client/nss_mc.h + libnss_sss_la_LDFLAGS = \ +- $(CLIENT_LIBS) \ + -module \ + -version-info 2:0:0 \ + -Wl,--version-script,$(srcdir)/src/sss_client/sss_nss.exports ++libnss_sss_la_LIBADD = \ ++ $(CLIENT_LIBS) + + pamlib_LTLIBRARIES = pam_sss.la + pam_sss_la_SOURCES = \ +@@ -1166,11 +1169,12 @@ pam_sss_la_SOURCES = \ + src/sss_client/sss_pam_macros.h + + pam_sss_la_LDFLAGS = \ +- $(CLIENT_LIBS) \ +- -lpam \ + -module \ + -avoid-version \ + -Wl,--version-script,$(srcdir)/src/sss_client/sss_pam.exports ++pam_sss_la_LIBADD = \ ++ $(CLIENT_LIBS) \ ++ -lpam + + if BUILD_SUDO + +@@ -1182,9 +1186,10 @@ libsss_sudo_la_SOURCES = \ + src/sss_client/sudo/sss_sudo.h \ + src/sss_client/sudo/sss_sudo_private.h + libsss_sudo_la_LDFLAGS = \ +- $(CLIENT_LIBS) \ + -Wl,--version-script,$(srcdir)/src/sss_client/sss_sudo.exports \ + -version-info 2:0:1 ++libsss_sudo_la_LIBADD = \ ++ $(CLIENT_LIBS) + + sudolib_LTLIBRARIES = libsss_sudo.la + +@@ -1201,10 +1206,11 @@ libsss_autofs_la_SOURCES = \ + src/sss_client/autofs/sss_autofs_private.h + + libsss_autofs_la_LDFLAGS = \ +- $(CLIENT_LIBS) \ + -module \ + -avoid-version \ + -Wl,--version-script,$(srcdir)/src/sss_client/autofs/sss_autofs.exports ++libsss_autofs_la_LIBADD = \ ++ $(CLIENT_LIBS) + endif + + dist_noinst_DATA += \ +@@ -1521,10 +1527,11 @@ sssd_pac_plugin_la_CFLAGS = \ + $(AM_CFLAGS) \ + $(KRB5_CFLAGS) + sssd_pac_plugin_la_LDFLAGS = \ +- $(CLIENT_LIBS) \ +- -lkrb5 \ + -avoid-version \ + -module ++sssd_pac_plugin_la_LIBADD = \ ++ $(CLIENT_LIBS) \ ++ -lkrb5 + + if BUILD_PYTHON_BINDINGS + pysss_la_SOURCES = \ diff --git a/sssd.changes b/sssd.changes index 0c9366d..09ddde0 100644 --- a/sssd.changes +++ b/sssd.changes @@ -1,3 +1,23 @@ +------------------------------------------------------------------- +Sat Nov 10 00:27:06 UTC 2012 - jengelh@inai.de + +- Update to new upstream release 1.9.2 +* Users or groups from trusted domains can be retrieved by UID or + GID as well +* Several fixes that mitigate file descriptor leak during logins +* SSH host keys are also removed from the cache after being + removed from the server +* Fix intermittent crash in responders if the responder was + shutting down while requests were still pending +* Catch an error condition that might have caused a tight loop in + the sssd_nss process while refreshing expired enumeration request +* Fixed memory hierarchy of subdomains discovery requests that + caused use-after-free access bugs +* The krb5_child and ldap_child processes can print libkrb5 tracing + information in the debug logs +- Split sssd into sssd and sssd-client. Since sssd requires the + client, no extra action is needed for upgrade. + ------------------------------------------------------------------- Wed Jun 27 12:32:05 UTC 2012 - jengelh@inai.de diff --git a/sssd.spec b/sssd.spec index 3585e30..c74e671 100644 --- a/sssd.spec +++ b/sssd.spec @@ -17,7 +17,7 @@ Name: sssd -Version: 1.8.93 +Version: 1.9.2 Release: 0 Summary: System Security Services Daemon License: GPL-3.0+ and LGPL-3.0+ @@ -27,15 +27,15 @@ Url: https://fedorahosted.org/sssd/ #Git-Clone: git://git.fedorahosted.org/sssd Source: %name-%version.tar.xz Source3: baselibs.conf -Patch5: 0005-implicit-decl.diff +Patch1: 0005-implicit-decl.diff +Patch2: sssd-ldflags.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildRequires: xz %define servicename sssd -%define sssdstatedir %{_localstatedir}/lib/sss -%define dbpath %{sssdstatedir}/db -%define pipepath %{sssdstatedir}/pipes -%define pubconfpath %{sssdstatedir}/pubconf +%define sssdstatedir %_localstatedir/lib/sss +%define dbpath %sssdstatedir/db +%define pipepath %sssdstatedir/pipes +%define pubconfpath %sssdstatedir/pubconf # SLES11 doesn't know the python_* macros %if %suse_version <= 1110 @@ -43,10 +43,12 @@ BuildRequires: xz %define python_sitearch %py_sitedir %endif -#BuildRequires: autoconf >= 2.59, automake, libtool +BuildRequires: autoconf >= 2.59 +BuildRequires: automake BuildRequires: bind-utils BuildRequires: docbook-xsl-stylesheets BuildRequires: krb5-devel +BuildRequires: libtool BuildRequires: pkgconfig >= 0.21 %if 0%{?suse_version} >= 1210 BuildRequires: pkgconfig(collection) >= 0.5.1 @@ -96,6 +98,8 @@ BuildRequires: pkg-config BuildRequires: systemd %{?systemd_requires} %endif +BuildRequires: xz +Requires: %name-client = %version %description Provides a set of daemons to manage access to remote directories and @@ -104,11 +108,20 @@ the system and a pluggable backend system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects like FreeIPA. +%package client +Summary: SSSD client libraries for NSS and PAM +License: LGPL-3.0+ +Group: Applications/System + +%description client +Provides the libraries needed by the PAM and NSS stacks to connect to +the SSSD service. + %package ipa-provider Summary: FreeIPA provider plugin for sssd License: GPL-3.0+ and LGPL-3.0+ Group: System/Daemons -Requires: sssd = %{version} +Requires: sssd = %version %description ipa-provider This package provide the FreeIPA provider plugin for the System Security @@ -118,7 +131,7 @@ Services Daemon (sssd). Summary: Commandline tools for sssd License: GPL-3.0+ and LGPL-3.0+ Group: System/Management -Requires: sssd = %{version} +Requires: sssd = %version %description tools The packages contains commandline tools for managing users and groups using @@ -160,6 +173,23 @@ Requires: libsss_idmap0 = %version %description -n libsss_idmap-devel A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs. +%package -n libsss_sudo1 +Summary: A library to allow communication between sudo and SSSD +License: LGPL-3.0+ +Group: System/Libraries + +%description -n libsss_sudo1 +A utility library to allow communication between sudo and SSSD. + +%package -n libsss_sudo-devel +Summary: Development files for the sss_sudo library +License: LGPL-3.0+ +Group: Development/Libraries/C and C++ +Requires: libsss_sudo1 = %version + +%description -n libsss_sudo-devel +A utility library to allow communication between sudo and SSSD. + %package -n python-ipa_hbac Summary: Python bindings for the FreeIPA HBAC Evaluator library License: GPL-3.0+ and LGPL-3.0+ @@ -174,7 +204,7 @@ can be used by Python applications. Summary: Python API for configuring sssd License: GPL-3.0+ and LGPL-3.0+ Group: Development/Libraries/Python -%{py_requires} +%py_requires %description -n python-sssd-config Provide python module to access and manage configuration of the System @@ -182,7 +212,7 @@ Security Services Daemon (sssd). %prep %setup -q -%patch -P 5 -p1 +%patch -P 1 -P 2 -p1 %build %if 0%{?suse_version} < 1210 @@ -197,13 +227,14 @@ export LDB_DIR="$(pkg-config ldb --variable=modulesdir)" # help configure find nscd export PATH="$PATH:/usr/sbin" +autoreconf -fi; %configure \ - --with-db-path=%{dbpath} \ - --with-pipe-path=%{pipepath} \ - --with-pubconf-path=%{pubconfpath} \ - --with-init-dir=%{_initrddir} \ - --enable-nsslibdir=/%{_lib} \ - --enable-pammoddir=/%{_lib}/security \ + --with-db-path="%dbpath" \ + --with-pipe-path="%pipepath" \ + --with-pubconf-path="%pubconfpath" \ + --with-init-dir="%_initrddir" \ + --enable-nsslibdir="/%_lib" \ + --enable-pammoddir="/%_lib/security" \ --with-ldb-lib-dir="$LDB_DIR" \ --with-selinux=no \ --with-os=suse \ @@ -212,43 +243,30 @@ export PATH="$PATH:/usr/sbin" make %{?_smp_mflags} all %install -make install DESTDIR="%buildroot" +b="%buildroot"; +make install DESTDIR="$b" # Copy default sssd.conf file -install -d %{buildroot}%{_mandir}/cs -install -d %{buildroot}%{_mandir}/cs/man8 -install -d %{buildroot}%{_mandir}/nl -install -d %{buildroot}%{_mandir}/nl/man8 -install -d %{buildroot}%{_mandir}/pt -install -d %{buildroot}%{_mandir}/pt/man8 -install -d %{buildroot}%{_mandir}/uk -install -d %{buildroot}%{_mandir}/uk/man1 -install -d %{buildroot}%{_mandir}/uk/man5 -install -d %{buildroot}%{_mandir}/uk/man8 -install -d $RPM_BUILD_ROOT/%{_sysconfdir}/sssd -install -m600 src/examples/sssd-example.conf $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.conf -install src/sysv/SUSE/sssd $RPM_BUILD_ROOT%{_sysconfdir}/init.d/sssd +install -d "$b/%_mandir"/{cs,cs/man8,nl,nl/man8,pt,pt/man8,uk,uk/man1} \ + "$b/%_mandir"/{uk/man5,uk/man8}; +install -d "$b/%_sysconfdir/sssd"; +install -m600 src/examples/sssd-example.conf "$b/%_sysconfdir/sssd/sssd.conf"; +install src/sysv/SUSE/sssd "$b/%_sysconfdir/init.d/sssd"; %if 0%{?_unitdir:1} -install -d $RPM_BUILD_ROOT/%{_unitdir} -install src/sysv/systemd/sssd.service $RPM_BUILD_ROOT/%{_unitdir}/sssd.service +install -d "$b/%_unitdir"; +install src/sysv/systemd/sssd.service "$b/%_unitdir/sssd.service"; %endif -ln -sf ../../etc/init.d/sssd $RPM_BUILD_ROOT/usr/sbin/rcsssd +ln -sf ../../etc/init.d/sssd $b/usr/sbin/rcsssd -# Remove .la files created by libtool -find "%buildroot" -type f -name "*.la" -delete; +find "$b" -type f -name "*.la" -delete; %if %suse_version <= 1110 # remove some unsupported languages, sssd does not contain # translations for these anyway -rm -rf \ - $RPM_BUILD_ROOT/usr/share/locale/fa_IR \ - $RPM_BUILD_ROOT/usr/share/locale/ja_JP \ - $RPM_BUILD_ROOT/usr/share/locale/lt_LT \ - $RPM_BUILD_ROOT/usr/share/locale/ta_IN \ - $RPM_BUILD_ROOT/usr/share/locale/vi_VN +rm -Rf "$b/usr/share/locale"/{fa_IR,ja_JP,lt_LT,ta_IN,vi_VN} %endif -%find_lang %{name} --all-name +%find_lang %name --all-name %if 0%{?_unitdir:1} %pre @@ -275,90 +293,107 @@ rm -rf \ %service_del_postun sssd.service %endif -%post -n libipa_hbac0 -p /sbin/ldconfig - +%post client -p /sbin/ldconfig +%postun client -p /sbin/ldconfig +%post -n libipa_hbac0 -p /sbin/ldconfig %postun -n libipa_hbac0 -p /sbin/ldconfig +%post -n libsss_idmap0 -p /sbin/ldconfig +%postun -n libsss_idmap0 -p /sbin/ldconfig +%post -n libsss_sudo1 -p /sbin/ldconfig +%postun -n libsss_sudo1 -p /sbin/ldconfig %files -f sssd.lang -%defattr(-,root,root,-) +%defattr(-,root,root) %doc COPYING -%{_initrddir}/%{name} +%_initrddir/%name %if 0%{?_unitdir:1} -%{_unitdir}/sssd.service +%_unitdir %endif -%{_sbindir}/sssd -%{_sbindir}/rcsssd -%dir %{_libdir}/%{name} -%dir %{_libexecdir}/%{name} -%dir %{_mandir}/cs -%dir %{_mandir}/cs/man8 -%dir %{_mandir}/nl -%dir %{_mandir}/nl/man8 -%dir %{_mandir}/pt -%dir %{_mandir}/pt/man8 -%dir %{_mandir}/uk -%dir %{_mandir}/uk/man1 -%dir %{_mandir}/uk/man5 -%dir %{_mandir}/uk/man8 -%{_mandir}/??/man?/* -%{_mandir}/man5/sssd-krb5.5* -%{_mandir}/man5/sssd-ldap.5* -%{_mandir}/man5/sssd-simple.5* -%{_mandir}/man8/sssd.8* -%{_mandir}/man5/sssd.conf.5.gz -%{_mandir}/man8/pam_sss.8.gz -%{_mandir}/man8/sssd_krb5_locator_plugin.8.gz -%{_libexecdir}/%{name}/sss* -%{_libexecdir}/%{name}/*_child -%{_libdir}/%{name}/libsss_krb5* -%{_libdir}/%{name}/libsss_ldap* -%{_libdir}/%{name}/libsss_proxy* -%{_libdir}/%{name}/libsss_simple* -%{_libdir}/ldb/memberof.so -%{_libdir}/krb5/plugins/libkrb5/* -%dir %{sssdstatedir} -%attr(700,root,root) %dir %{dbpath} -%attr(755,root,root) %dir %{pipepath} -%attr(700,root,root) %dir %{pipepath}/private -%attr(755,root,root) %dir %{pubconfpath} -%attr(750,root,root) %dir %{_var}/log/%{name} -%dir %{_sysconfdir}/sssd -%config(noreplace) %{_sysconfdir}/sssd/sssd.conf -/%{_lib}/libnss_sss.so.2 -/%{_lib}/security/pam_sss.so +%_bindir/sss_ssh_* +%_sbindir/sssd +%_sbindir/rcsssd +%dir %_libdir/%name +%dir %_libexecdir/%name +%dir %_mandir/cs +%dir %_mandir/cs/man8 +%dir %_mandir/nl +%dir %_mandir/nl/man8 +%dir %_mandir/pt +%dir %_mandir/pt/man8 +%dir %_mandir/uk +%dir %_mandir/uk/man1 +%dir %_mandir/uk/man5 +%dir %_mandir/uk/man8 +%_mandir/??/man?/* +%_mandir/man1/sss_ssh_* +%_mandir/man1/sss_ssh_* +%_mandir/man5/sssd-ad.5* +%_mandir/man5/sssd-krb5.5* +%_mandir/man5/sssd-ldap.5* +%_mandir/man5/sssd-simple.5* +%_mandir/man5/sssd-sudo.5* +%_mandir/man8/sssd.8* +%_mandir/man5/sssd.conf.5.gz +%_libexecdir/%name/sss* +%_libexecdir/%name/*_child +%_libdir/%name/libsss_ad.so +%_libdir/%name/libsss_krb5* +%_libdir/%name/libsss_ldap* +%_libdir/%name/libsss_proxy* +%_libdir/%name/libsss_simple* +%_libdir/%name/modules +%_libdir/ldb/memberof.so +%dir %sssdstatedir +%attr(700,root,root) %dir %dbpath +%attr(755,root,root) %dir %pipepath +%attr(700,root,root) %dir %pipepath/private +%attr(755,root,root) %dir %pubconfpath +%attr(750,root,root) %dir %_localstatedir/log/%name +%dir %_sysconfdir/sssd +%config(noreplace) %_sysconfdir/sssd/sssd.conf %_datadir/sssd %exclude %_datadir/sssd/sssd.api.d/sssd-ipa.conf +%files client +%defattr(-,root,root) +/%_lib/libnss_sss.so.2 +/%_lib/security/pam_sss.so +%_libdir/krb5/plugins/libkrb5/* +%_mandir/man8/pam_sss.8.gz +%_mandir/man8/sssd_krb5_locator_plugin.8.gz + %files tools -%defattr(-,root,root,-) -%{_sbindir}/sss_cache -%{_sbindir}/sss_debuglevel -%{_sbindir}/sss_useradd -%{_sbindir}/sss_userdel -%{_sbindir}/sss_usermod -%{_sbindir}/sss_groupadd -%{_sbindir}/sss_groupdel -%{_sbindir}/sss_groupmod -%{_sbindir}/sss_groupshow -%{_mandir}/man8/sss_groupadd.8* -%{_mandir}/man8/sss_groupdel.8* -%{_mandir}/man8/sss_groupmod.8* -%{_mandir}/man8/sss_groupshow.8* -%{_mandir}/man8/sss_useradd.8* -%{_mandir}/man8/sss_userdel.8* -%{_mandir}/man8/sss_usermod.8* -%{_mandir}/man8/sss_obfuscate.8* -%{_mandir}/man8/sss_cache.8* -%{_mandir}/man8/sss_debuglevel.8* -%attr(0755,root,root) %{_sbindir}/sss_obfuscate +%defattr(-,root,root) +%_sbindir/sss_cache +%_sbindir/sss_debuglevel +%_sbindir/sss_groupadd +%_sbindir/sss_groupdel +%_sbindir/sss_groupmod +%_sbindir/sss_groupshow +%_sbindir/sss_seed +%_sbindir/sss_useradd +%_sbindir/sss_userdel +%_sbindir/sss_usermod +%_mandir/man8/sss_groupadd.8* +%_mandir/man8/sss_groupdel.8* +%_mandir/man8/sss_groupmod.8* +%_mandir/man8/sss_groupshow.8* +%_mandir/man8/sss_seed.8* +%_mandir/man8/sss_useradd.8* +%_mandir/man8/sss_userdel.8* +%_mandir/man8/sss_usermod.8* +%_mandir/man8/sss_obfuscate.8* +%_mandir/man8/sss_cache.8* +%_mandir/man8/sss_debuglevel.8* +%attr(0755,root,root) %_sbindir/sss_obfuscate %files ipa-provider -%defattr(-,root,root,-) +%defattr(-,root,root) %dir %_datadir/sssd %dir %_datadir/sssd/sssd.api.d %_datadir/sssd/sssd.api.d/sssd-ipa.conf -%{_libdir}/sssd/libsss_ipa* -%{_mandir}/man5/sssd-ipa.* +%_libdir/sssd/libsss_ipa* +%_mandir/man5/sssd-ipa.* %files -n libipa_hbac0 %defattr(-,root,root) @@ -380,6 +415,15 @@ rm -rf \ %_libdir/libsss_idmap.so %_libdir/pkgconfig/sss_idmap.pc +%files -n libsss_sudo1 +%defattr(-,root,root) +%_libdir/libsss_sudo.so.1* + +%files -n libsss_sudo-devel +%defattr(-,root,root) +%_includedir/sss_sudo.h +%_libdir/libsss_sudo.so + %files -n python-ipa_hbac %defattr(-,root,root) %python_sitearch/pyhbac.so @@ -387,6 +431,7 @@ rm -rf \ %files -n python-sssd-config %defattr(-,root,root) %python_sitearch/pysss.so +%python_sitearch/pysss_murmur.so %python_sitelib/SSSDConfig* %changelog