From dd12613bf1df1920162e6751f7250ffdf644ed1033532a4476b4efb0e0575f68 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 25 Jan 2022 12:17:13 +0000 Subject: [PATCH 1/3] - Update to release 2.6.3 OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=258 --- sssd-2.6.2.tar.gz | 3 --- sssd-2.6.2.tar.gz.asc | 16 ---------------- sssd-2.6.3.tar.gz | 3 +++ sssd-2.6.3.tar.gz.asc | 2 ++ sssd.changes | 19 +++++++++++++++++++ sssd.spec | 2 +- 6 files changed, 25 insertions(+), 20 deletions(-) delete mode 100644 sssd-2.6.2.tar.gz delete mode 100644 sssd-2.6.2.tar.gz.asc create mode 100644 sssd-2.6.3.tar.gz create mode 100644 sssd-2.6.3.tar.gz.asc diff --git a/sssd-2.6.2.tar.gz b/sssd-2.6.2.tar.gz deleted file mode 100644 index 76f44ec..0000000 --- a/sssd-2.6.2.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5f6b45d853b41aa30b851914c7b6a4a4d6d59f270081ef583bdb3a47c4a78bfd -size 7598580 diff --git a/sssd-2.6.2.tar.gz.asc b/sssd-2.6.2.tar.gz.asc deleted file mode 100644 index 04a7796..0000000 --- a/sssd-2.6.2.tar.gz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEkwIBqrQt0ZRyELeDjXMmNRpyYhEFAmHEk+QACgkQjXMmNRpy -YhHUoxAAr1W4aal74uK3bQrJR4eBOxNCqTlAllRs51nH2okBghmfgkHc40ylARmY -KpNO/h0hohpQiz3gzcUiC0vpYvgcKSAAmv2MCYlnEQqZtGJDKJVYj/RKjvKCI1vx -V85oTpp61hDm53P+KGrSx10QmCXvnOiD2TDxvuJ6ZLn5C/YGZroX4dg85QSsEyxQ -ID1kHcclpgBU7RSmT1HDOUAW/2x/63kITK5YBnacgEt+sudj0LESVhsEJleIqq/y -12gOazeQRMfW3lTxEvu7uqTmzNoxERgYeiQDsezA+5bhJHqeM5go+FN2jICdRnYg -yby+F38TXtwfVqNqJATiHinudRO5dcW/GLdD7zQ0pJltrUOS1UxWqqUkpHEi5hpj -9Je2Byd64c3Pg6xXbg4rkswszcP6J4wrzJEEGMvTdCMnezGFk9mUUF6ztZ8QSwr9 -1bSrQqHdAGfXDnthaZeF2ZZnAPTMtQl0Df/9/kwNpi8Cgir1U1AJGLM23TC47Bbl -+VOiwj22GigEJWgvj1odjo+JjjLDgi+hIS3jaCHRadDovXBIdAhaUf+P84gx4uFE -86gD65DrAXDlKV82xdDZJKHoiu6xE+krNseg5cpOFQzqFHFjM7ylFcqAQQbGAM0j -LHpdxvgOda4efIGbG+AM5lChEzmJg1PpQ4G+0C0/t0TbR+34lIg= -=lH57 ------END PGP SIGNATURE----- diff --git a/sssd-2.6.3.tar.gz b/sssd-2.6.3.tar.gz new file mode 100644 index 0000000..05ccbda --- /dev/null +++ b/sssd-2.6.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3dd820b3da90cddbcb1041ef3c16102d78aad9d8c9ab25630e0c14a2f8992b18 +size 7510020 diff --git a/sssd-2.6.3.tar.gz.asc b/sssd-2.6.3.tar.gz.asc new file mode 100644 index 0000000..d1f623f --- /dev/null +++ b/sssd-2.6.3.tar.gz.asc @@ -0,0 +1,2 @@ + +AccessDeniedRequest has expired3002022-01-25T11:30:00Z2022-01-25T11:30:00Z15TZKG3G72XDESAVy09aoL821sznwwaNbpvyaIav/P38pXhVlQisMYdJsjRH2tblwzFdcz+bZmYO9CqM1Z6B1nMR9Jw= \ No newline at end of file diff --git a/sssd.changes b/sssd.changes index 76a0854..d7b6439 100644 --- a/sssd.changes +++ b/sssd.changes @@ -1,3 +1,22 @@ +------------------------------------------------------------------- +Tue Jan 25 11:32:10 UTC 2022 - Jan Engelhardt + +- Update to release 2.6.3 + * A regression introduced in sssd-2.6.2 in the IPA provider + that prevented users from login was fixed. Access control + always denied access because the selinux_child returned an + unexpected reply. + * A critical regression that prevented authentication of users + via AD and IPA providers was fixed. LDAP port was reused for + Kerberos communication and this provider would send + incomprehensible information to this port. + * When authenticating AD users, backtrace was triggered even + though everything was working correctly. This was caused by a + search in the global catalog. Servers from the global catalog + are filtered out of the list before writing the KDC info + file. With this fix, SSSD does not attempt to write to the + KDC info file when performing a GC lookup. + ------------------------------------------------------------------- Mon Jan 17 17:27:40 UTC 2022 - Jan Engelhardt diff --git a/sssd.spec b/sssd.spec index edf9044..12b9f21 100644 --- a/sssd.spec +++ b/sssd.spec @@ -17,7 +17,7 @@ Name: sssd -Version: 2.6.2 +Version: 2.6.3 Release: 0 Summary: System Security Services Daemon License: GPL-3.0-or-later and LGPL-3.0-or-later From 05c07b1b1ec58e9ecfc60b7dc07ceb8e911c1559ca8efaaa407f326811dee9c5 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 8 Feb 2022 16:23:07 +0000 Subject: [PATCH 2/3] new signature again OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=259 --- sssd-2.6.3.tar.gz.asc | 13 ++++++-- sssd.keyring | 78 +++++++++++++++---------------------------- 2 files changed, 38 insertions(+), 53 deletions(-) diff --git a/sssd-2.6.3.tar.gz.asc b/sssd-2.6.3.tar.gz.asc index d1f623f..753fb43 100644 --- a/sssd-2.6.3.tar.gz.asc +++ b/sssd-2.6.3.tar.gz.asc @@ -1,2 +1,11 @@ - -AccessDeniedRequest has expired3002022-01-25T11:30:00Z2022-01-25T11:30:00Z15TZKG3G72XDESAVy09aoL821sznwwaNbpvyaIav/P38pXhVlQisMYdJsjRH2tblwzFdcz+bZmYO9CqM1Z6B1nMR9Jw= \ No newline at end of file +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCAAdFiEEGkHcZ1BfiaMwgotmr/513ehQjhIFAmHv2rIACgkQr/513ehQ +jhK34ggAwKpJotxYdcCMbNVqj7oEFyjedbU8zvFuoV5c3E2L062wBEQnW4TcRs2B +A0NNJrl9mwJc92+7mywhL/GCLlm/sefltvQGM+QS2GVaaMBgRcZmyg9Qi6v2BDzp +hhpx3PxKmcOKbHstSnwAjUaqsKfwCJaPBT/43rR+WskWt6BJy0SiOPGNiTO7yZ/U +uh90qrUBLsoWmRICldRdOVbdWV08AJBkng09uMiCAhMhAj/xk1mPCw2fwslBpJtg +m5KaZZuRrzZC3qQqBzWUSDRx6EyljZkGFZW1qTgBaEQhopOz6K6h6xS7NqHGJO8k +cLCtAysTxFkTaJBsuV7a/BL8c64rZg== +=tt82 +-----END PGP SIGNATURE----- diff --git a/sssd.keyring b/sssd.keyring index b2b597d..4204a76 100644 --- a/sssd.keyring +++ b/sssd.keyring @@ -1,54 +1,30 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -Comment: 9302 01AA B42D D194 7210 B783 8D73 2635 1A72 6211 -Comment: Alexey Tikhonov -xsFNBF677TsBEAC6lxykcx6Ao4J0D6KiQ0+fi+NrsJkHgBT+4IRsVwanSOtVhGOb -wkQqEeFlOgTExHE1A6THiMb0D4LVsuvjSIwwSOusdbPokp7iX2QyFIUJGfeFq6/V -FEm3pAn+Rx2453uLqYtf6eISbHC6sWZxJ0+32rT173nQCbOKkWgcsClvjiLu7frA -LweDaygWCjHwNrkm4brV7O3GHIgOYo6E/+0oxG4kcCvQw9IFlM8lf+eCw1Fn60Jt -TVTos9tdlwF1kK/VQJvfPYsIgtA4QnDGjI6DvPflPIzL9vVzuGarjAYP1B+Wtjif -JmHam2bYMk8u3hgkSh+fQTQ5SnmznIH6bqFfnwQRq2JL60JUaM3hcogSxA0RTsTO -j9fBU+zJJuaX9RnfS9qlOfMY3sE3lEGNOAGtLRbeyOnfUttNQa9e0tKXJnXECmTL -gKo8AD4Ulv9Y7i4Ap/WsDAJHLlH9K7AVGNB4OrL4gk/soQ54J60WuAUDsy3o2oby -vNmy4FeKEVgHmOINe9jRVWgv4ao1w3AwNPtwznLcxLc7CXQwfDrlG63NMCFpWJ5p -ih7rVODCuwOBzVJiD3aMEVyKud0gFpJbPFSqYJ29iiD0iPkvkKf17Iaf1iUsFdU9 -UpvPdoJYTm/CVf8rRueXgcOvaoDMhES0dlSD3Yoxz+eFHm4qpru6exWWMwARAQAB -zSVBbGV4ZXkgVGlraG9ub3YgPGF0aWtob25vQHJlZGhhdC5jb20+wsGOBBMBCAA4 -FiEEkwIBqrQt0ZRyELeDjXMmNRpyYhEFAl677TsCGwMFCwkIBwIGFQoJCAsCBBYC -AwECHgECF4AACgkQjXMmNRpyYhGL2A/8DBY1zfi+LL2bU6mnuI1ZGJURKD9WPstg -tRv41sEQHphKQo6etiuUZ1p5q2yAkBNu7nl7MK3KfS1OGGaXf2dvTWI/MfHvfL7E -WswbaHkGAnuZ2q2VET4EoXa5txp/reGpzas08anAaEjO+Xdax35Etv+KbfWCPNrZ -/3Uu0L+kxWRrg0SBto9/1n76+8Hj3uyPMTQ9iPRc1wP55zRjhkvI5QLfO/7sf6zs -iBt6mwVBbmQG0Yd7UvnNJvjVtVsxBb+y/jb5iPj6FGECbm60zy6yPcdO5oNnoW53 -d90figFAp2CRsbnO0n/HG6LFl68QJ0rhmZlK9NQXJKzuJTV6E0XRPGy53W904Rvy -9ohPw7JKCrpHZ883A8BrSkmkLFkan4ZB2t2wjcbTMGy/+GyS4hYVKB8A6NEcLX/C -WXTz7j2mUFJw18JwEB76YYalBmqDltYzuQN/cp0etkAjLYHXqrimlGd0nj/Y4yjU -5hXMir8fyhUj73K737l2WD46SwNdAJFCZbux8rdQkoU1+qPFwsnExiUN1T6hhyb4 -FIirxtegzGqK4YALDewOUZuiGV1eOtBEldqmVG/AccMG9Pc2/ndHJKA3IsMhxE51 -9jRJ/83MxUM93bimd+iDSbJ7BArpPZI+E5xaaBkJGLmCRTTOCAfN7H0zgNyysjSy -+ezwINWq6F/OwU0EXrvtOwEQANR5ZaGw75+6AyG42nBV+rKeJJPZYSnM+YWtkfbo -Hk2ZF7qPWN5ZvanoyCrKKZl+tb00dGgjD19aKkpXX/P/erzG0iERhI+GthVZEEmU -7Z0TQRGOA2CazwSNF7r4HApO47B2IE0xhHu0ceqmO0c0oObvOeuETXZHoynfa0Ge -6IRX1exirc81PffFn1yNSc57BBwXCrx6ET9ZCEZyrm0tMpFoEquORZv2V2HBU8Sa -cyrO3dsmg1O3+7Gc5wTec7SnHBQpi9Gnf40Q3AqC8D+ktjKnFXknK4ByTUb1G6tl -KeWTYjvixBxUAfH25GDmGj/zyNabkRNrHGFECVBoSEY2TDMp7KSdIOQuOxQIOjl9 -L2Btt4bi1CLFu6jSZP8wWVhs7P6kez/K6RokXM+7zf3iGaF6EshDvtKKagq66J3Q -WM3Hf6X4BhfaGO+/c+wdcUsIR+6dpOewq/vh4rZUxducWAQP+EQGmO7EqDNmuzYt -MigIxPEJ4SToYLOr9O4nT3Ebdp6k+Kvncoszya/e8ZjURQqQK+7GlSp4g7YkxoPb -cpkvHCK7UBWBVIqk3o7nTgAtcJbMwDKVGWC8F9gAJyMy5JVUMC2NU7C1FaJZIX13 -C1nP0MERxMFBj5IF37xY8jTtQeNastimiYcm3yVDDKayo8BN5PGZ3wRu2r+K7V9J -kM0pABEBAAHCwXYEGAEIACAWIQSTAgGqtC3RlHIQt4ONcyY1GnJiEQUCXrvtOwIb -DAAKCRCNcyY1GnJiEfd3D/49oGcBAelVx1pHEhwpg7P9anTvkNr9WndJf3P+jBNX -aZk9pqo4MdxZ0kizW4Kww8+zXelMMD+zXt5igKwh/Yf0o/DIfsVWT4HAdZCYLrPT -vU9sFDoIWUNQrQSNSxSAldz8xrd6DUjTo4lJowZToS4HFmUxwyWz9sAOnlDhO0bz -mfQ/RmaCRFn9JaYQt6IaiKBQVzC2ZJbPJfJPZnSkr/qfgvT+o07V69Qk7DMEMEkU -1th0T0USH6gFwLrSsHKN/P5+8V3xyP2BnQy6J/dOi8W5aEAptb2FIEroFsZHysz3 -25FAAkdxTS8IT9Da7XFtxRgTnBYGT5Fh5zSRHC45H+h4Krv1+Qs0eLXit74dC509 -xdqAqNFwniOUJvGIjZFPnWeiqU20/hW7TTaEr3xcEWdsvKXP+0GVLagq7YMDPgos -W/GDajWT78l3nq6qkkU/vLlj81YMF5tnFP3oIsDPJTKEnqdommZNNf0yBvM4uhyK -djlL2k2JFJfdPJ05BSXBD+TKsftZfxkAT+zSbK060nuIk2EGfH+0QIGcdUUYZtOw -2o22jImdLfC6t8DEp4w5OlGC3K7i6K+5brfqYtzu8vNSbrBZaBf1yp6s8wg69dx/ -zqWpv28ZZ2lzjuHncw+QuHhA53EJs5McrCu6f0+kehBpOu7SNeDTnqjytZP/rE1N -nQ== -=p63T +mQENBF65FqQBCADQQUcPSux/eX7fpP05HOW1HE32tBPWs5MPktMdzErrG7DTOaUo +XxMhorPSHgt2Q5mX/LV4Yk2cRHk2uStWTtIVhtC62DPqstqfr0aC3TJ36LrsAr/s +YaG2ktD26xADA5j67oP4lHN4+rjSbKfRLiLpSsABb4fx85SS066MsDQOQFEs1bsG +UAqavdlRGUYXSA5uwwbJRRfI5ryeWyOpfpIIdJeyNDx6ZSuc8kgLm/PhNpwChiY2 +h7Qs4nekVT1c9ujyPTUQ+x8lnGblP8Kwb+ZtOp+aWMWZlxk2ifwFr+u1pKTr8we5 +DarQxMTjBwrRRuBk7RwYKXdj91jwMGSx6ZaRABEBAAG0JFBhdmVsIELFmWV6aW5h +IDxwYnJlemluYUByZWRoYXQuY29tPokBTgQTAQgAOBYhBBpB3GdQX4mjMIKLZq/+ +dd3oUI4SBQJeuRakAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEK/+dd3o +UI4SupUH/RRKqwHSYSIf37pFz6tsE5+7ASiCdVVdtOPtaXu43sRNLrCSu4CjisBu +rdFPmd57jwQneyh5RUEXbY5jq4KK4nuHZppjlaGqs/8LIVl13x01zD+V/hlDZXfr +BEDaE2PjUtacP+NvJWtYO/tHlTqxfFssFh7btO9EOYSfc7IhQ+hReKkX9K1dNLJM +SYCDaDQRSxJeAnYX7E3mXoaIC7JXH0ZF1NS0a3SP/q7u+WsQ+j58Z0xMdP6lBd1M +7ntNQ+BHz4+jlEgN9GXRTn7PIucpvVCEwTYysklIKbWJHi7J+C6ZV+4nDnaA0Z6J +m+XGsbvc7/P1b4FpU9YAmBd7VqQG8Ve5AQ0EXrkWpAEIAKVIiPI6sZXhnrpKxYO0 +nNAazIkA0WtqTVeSPE0AkNXAW4wtbhluwfBEsYr6wU8ieDGU/KdIpwZprsKf4x3r +kFgRRwnNpB9AhGNex4tzoHlNoAX601OOjhy44DaRrJKY1Zg+V2ljx6cySsX2zsQp +/pKA5uN7Y4mWfZMPmlpljqYRXMIAZWf7F0dJTdh+Vv646ZBYg7mBfaVs3E5AKRZ+ +xNnxna7Se+OihyOcmMwtotMF8tlU8/yGyWTCoNu/86+eAVXWIpu358f1Q1Ez9bXI +/neav857DTCGTXY5NNigunscMPje5MLEp9T1ozZl0ZK3LUcfh7w8IMLCB2YK/7zF +NpcAEQEAAYkBNgQYAQgAIBYhBBpB3GdQX4mjMIKLZq/+dd3oUI4SBQJeuRakAhsM +AAoJEK/+dd3oUI4S8FAH/0bHCGi6+sWnJqOqYwJIHPeYR33zb3D09jQYXWzadNGX +F6nuGzNgqCUZ3+GK73hDXq/v9WyUhaLLvd7XGryQ5DGGO0ZkHD3Td+YMeoSdDVbQ +PiTZS3DyQB0qHp6pKgjvDlbMYeqSVoletsa6ruSvFtE2kb+W6fRn6K8QeTyMA8Rn +NIUOSaSwQjcETaexMuD2oyRmzDmdWTUOS/Q/Tn3HE7Yz8670CLM1yN70MfAHpeUt +dIkFm9g3ZPTING+gC98iylLAFR1QKqz4HRWd8ofmnHemPpzAPGMITztwnZsLIPDj +nZ/57dk9LQVekGFjWm5GYThUwrHWYRyzjGz/xOmjJoM= +=b5K7 -----END PGP PUBLIC KEY BLOCK----- From f58a6368cb3f5c754583fd614562681c6194b827022ea849915b2928f8cb7900 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Thu, 10 Feb 2022 16:12:31 +0000 Subject: [PATCH 3/3] Accepting request 953024 from home:scabrero:branches:network:ldap - Remove caches only when performing a package downgrade. The sssd daemon takes care of upgrading the database format when necessary (bsc#1195552) OBS-URL: https://build.opensuse.org/request/show/953024 OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=260 --- sssd.changes | 7 +++++++ sssd.spec | 12 +++++++++--- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/sssd.changes b/sssd.changes index d7b6439..db85d7c 100644 --- a/sssd.changes +++ b/sssd.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Wed Feb 9 13:17:30 UTC 2022 - Samuel Cabrero + +- Remove caches only when performing a package downgrade. The sssd + daemon takes care of upgrading the database format when necessary + (bsc#1195552) + ------------------------------------------------------------------- Tue Jan 25 11:32:10 UTC 2022 - Jan Engelhardt diff --git a/sssd.spec b/sssd.spec index 12b9f21..e9baf4c 100644 --- a/sssd.spec +++ b/sssd.spec @@ -437,9 +437,6 @@ update-alternatives --install %cifs_idmap_plugin %cifs_idmap_name %cifs_idmap_li if [ "$1" = "0" -a -x "%_sbindir/pam-config" ]; then "%_sbindir/pam-config" -d --sss || : fi -# Clear caches, which may have an incompatible format afterwards -# (especially, downgrades) -rm -f /var/lib/sss/db/*.ldb # del_postun includes a try-restart %service_del_postun %services @@ -458,6 +455,15 @@ fi %post -n libsss_simpleifp0 -p /sbin/ldconfig %postun -n libsss_simpleifp0 -p /sbin/ldconfig +%triggerun -- %{name} < %{version}-%{release} +# sssd takes care of upgrading the database but it doesn't handle downgrades. +# Clear caches when downgrading the package, which may have an +# incompatible format afterwards preventing the daemon from startup. +if [ "$1" = "1" ] && [ "$2" = "2" ]; then + echo "Package downgrade detected, removing cache files which may have an incompatible format." + rm -f /var/lib/sss/db/*.ldb +fi + %pre dbus %service_add_pre sssd-ifp.service