From 28a3ba978ae4540af4c492a58e999467d0c02d55c52fe8115b623c28f983efd4 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Thu, 30 Jan 2025 15:54:21 +0100 Subject: [PATCH] sssd 2.10.2 --- harden_sssd-kcm.service.patch | 10 +++++----- sssd-2.10.1.tar.gz | 3 --- sssd-2.10.1.tar.gz.asc | 16 ---------------- sssd-2.10.2.tar.gz | 3 +++ sssd-2.10.2.tar.gz.asc | 16 ++++++++++++++++ sssd.changes | 12 ++++++++++++ sssd.spec | 2 +- 7 files changed, 37 insertions(+), 25 deletions(-) delete mode 100644 sssd-2.10.1.tar.gz delete mode 100644 sssd-2.10.1.tar.gz.asc create mode 100644 sssd-2.10.2.tar.gz create mode 100644 sssd-2.10.2.tar.gz.asc diff --git a/harden_sssd-kcm.service.patch b/harden_sssd-kcm.service.patch index 5ff85b4..dd475a7 100644 --- a/harden_sssd-kcm.service.patch +++ b/harden_sssd-kcm.service.patch @@ -2,10 +2,10 @@ src/sysv/systemd/sssd-kcm.service.in | 13 +++++++++++++ 1 file changed, 13 insertions(+) -Index: sssd-2.10.0/src/sysv/systemd/sssd-kcm.service.in +Index: sssd-2.10.2/src/sysv/systemd/sssd-kcm.service.in =================================================================== ---- sssd-2.10.0.orig/src/sysv/systemd/sssd-kcm.service.in -+++ sssd-2.10.0/src/sysv/systemd/sssd-kcm.service.in +--- sssd-2.10.2.orig/src/sysv/systemd/sssd-kcm.service.in ++++ sssd-2.10.2/src/sysv/systemd/sssd-kcm.service.in @@ -8,6 +8,19 @@ After=sssd-kcm.socket Also=sssd-kcm.socket @@ -24,5 +24,5 @@ Index: sssd-2.10.0/src/sysv/systemd/sssd-kcm.service.in +RestrictRealtime=true +# end of automatic additions Environment=DEBUG_LOGGER=--logger=files - ExecStartPre=+-/bin/chown -f -R root:@SSSD_USER@ @sssdconfdir@ - ExecStartPre=+-/bin/chmod -f -R g+r @sssdconfdir@ + # '-H' is used with @sssdconfdir@ to support use case where /etc/sssd is a symlink. + # '-H' only allows following a command line argument itself, everything else encountered due to '-R' isn't followed. diff --git a/sssd-2.10.1.tar.gz b/sssd-2.10.1.tar.gz deleted file mode 100644 index 03c5c14..0000000 --- a/sssd-2.10.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ea6a690047cea1ecd50016aa30946f9348da37b46daa984f34bc72ddb767539f -size 9196848 diff --git a/sssd-2.10.1.tar.gz.asc b/sssd-2.10.1.tar.gz.asc deleted file mode 100644 index f720242..0000000 --- a/sssd-2.10.1.tar.gz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEwTzQf/stsUCORXo809IbKRDPZ1kFAmdYSb4ACgkQ09IbKRDP -Z1kRyRAAmkKhCUcBs4h2mDg7uzz7DfYFkHXEiY8EMoVP5Iw6ZsNL/V9fwF9xhj49 -XbnCfxj2zFfVWZd5VYnTpl86Hg3NrxuPehgM+iMAXS6U/55TvRPunCtTiRwoTZ4t -zSgiBaSg3I2hmSN2cnSU8PpilEDCIeSP3uafmGXI1KUxEQltVbp0EeJ5CL5GP3xU -rFgI1pKdTySlw6jZ3vjkAaHwdsJGB0MKtjiBJYtqvHmIzbUdSNN/iE5Wf5xsdtez -KKLUrnKeQFuNyYWpjipJvbs7i9+E5VKFvCfrqFb6vQbp+Rgd98epVjp2VKovNy8p -gZQmgfbi5GCWKuBx+dbaRSFa8hWemEwnBNboV6JKq4+CoPsMkI367utZV5gd58V5 -RHgLsrZfjahAXgG4ytwPhgKDV+sX+sSn4aXIdaSgc+vP7+ykLMxyzyR2GXyG+y11 -WrnovdR0HywHfzvlUnKQmcLUjCkXKVwIMw0oBRa8+YLTD08EeYgu+oXXDpGD0oL1 -YJLLBdr6ycR9Rk/sUqbZgEnzQZPYXazIraUrd71Ry8CaNvqi86Of7sX6SgSQQeg/ -ZPLNcPWPadG/9jpMNJNsXXEZicNJXznQczlXKvRXINOJzknJYwwgH+/55otbzNzq -EjlOmFEn07bGAHCsHTfydlCeYqD9x+WV/X8CReMFjcaaBH4TDms= -=S0c5 ------END PGP SIGNATURE----- diff --git a/sssd-2.10.2.tar.gz b/sssd-2.10.2.tar.gz new file mode 100644 index 0000000..937f396 --- /dev/null +++ b/sssd-2.10.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e8aa5e6b48ae465bea7064048715ce7e9c53b50ec6a9c69304f59e0d35be40ff +size 9200497 diff --git a/sssd-2.10.2.tar.gz.asc b/sssd-2.10.2.tar.gz.asc new file mode 100644 index 0000000..83f4adb --- /dev/null +++ b/sssd-2.10.2.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEwTzQf/stsUCORXo809IbKRDPZ1kFAmeaLD8ACgkQ09IbKRDP +Z1nLAxAAm9zM2u1XR3FBK6iy2xC+PoDWdu8Kh+oU0B6NgFK5LEJk9TWBdHlLpYcS +HugTfQb5wPfUejZTk9u8TIoVIa7pTYl3kGH8RuLnEUr5lBKdYaDf5BUb8uM7YaBP +NZQDqCFshNMMF8Z44HfRQltmqblJWj7TdFXJ8dCkRupbXjrbqiBrH5XjooLUK0dX +/7m63at6BZFjuuFt/QvA2QbwK3fa2wUxuX0vMrD6f2zZuWptcE3zhXaa/BtPm5ZD +8S5oC+RkKMGfLWNfIc1noXOZQIT+sGNyeUhq/QRFybcHZ+tXqJrNmfz/OWf5HZ/U +vsJDIWv4db83asTtU3j5+ec4+fRwv7BK8X2V2UnpPOrAhN0r+zWp98BwUfSCqHlR +E8dBlbAU3pRL1qDZG71tpIgHeDNtB42MM0UmmBY4w18nNBbp8Be6vtEbD6ktoa0P +2uZRO9v/RgeKQTs0hfuzsbHcpd1hQmhtfwGAlxTWuGkoSjZyk2xUiV3JZ/3/kWH5 +dCU26txrtgWFqLbUhanatFrdmdKwn5hp5eP/Px330zJVTjuILlqTZ1CLAW2B5Gal +JJT17j8ecqVedyHCkVnN9wD26ivwl8POBnrD3FfB6zKszcZewNRuKW24RyVamo6e +k4JVMTDzjOwr31Tt6eLhU0BsPA8G8wCntl3wj36T7VWh47ncsX8= +=vuNl +-----END PGP SIGNATURE----- diff --git a/sssd.changes b/sssd.changes index a087d1e..82714e4 100644 --- a/sssd.changes +++ b/sssd.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Thu Jan 30 14:24:04 UTC 2025 - Jan Engelhardt + +- Update to release 2.10.2 + * If the ssh responder is not running, sss_ssh_knownhosts will + not fail (but it will not return the keys). + * SSSD is now capable of handling multiple services associated + with the same port. + * sssd_pam, being a privileged binary, now clears the + environment and does not allow configuration of the + PR_SET_DUMPABLE flag as a precaution. + ------------------------------------------------------------------- Wed Jan 22 09:21:43 UTC 2025 - Dominique Leuenberger diff --git a/sssd.spec b/sssd.spec index ea82e01..fabc2c9 100644 --- a/sssd.spec +++ b/sssd.spec @@ -17,7 +17,7 @@ Name: sssd -Version: 2.10.1 +Version: 2.10.2 Release: 0 Summary: System Security Services Daemon License: GPL-3.0-or-later AND LGPL-3.0-or-later