Jan Engelhardt 2012-11-15 02:31:26 +00:00 committed by Git OBS Bridge
parent 44a1157cc4
commit fabe9c50d7
6 changed files with 302 additions and 122 deletions

View File

@ -14,13 +14,13 @@ crypto_sha512crypt.c:221:14: warning: incompatible implicit
src/util/crypto/libcrypto/crypto_sha512crypt.c | 1 +
1 file changed, 1 insertion(+)
Index: sssd-1.8.0/src/util/crypto/libcrypto/crypto_sha512crypt.c
Index: sssd-1.9.2/src/util/crypto/libcrypto/crypto_sha512crypt.c
===================================================================
--- sssd-1.8.0.orig/src/util/crypto/libcrypto/crypto_sha512crypt.c
+++ sssd-1.8.0/src/util/crypto/libcrypto/crypto_sha512crypt.c
@@ -10,6 +10,7 @@
/* SHA512-based Unix crypt implementation.
Released into the Public Domain by Ulrich Drepper <drepper@redhat.com>. */
--- sssd-1.9.2.orig/src/util/crypto/libcrypto/crypto_sha512crypt.c
+++ sssd-1.9.2/src/util/crypto/libcrypto/crypto_sha512crypt.c
@@ -12,6 +12,7 @@
#include "config.h"
+#define _GNU_SOURCE 1 /* mempcpy */
#include <endian.h>

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d0577b6f27ea68ba164b701d84628c380bc82275b546fd20a624cfb752fd3e40
size 1141600

3
sssd-1.9.2.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:f1a597b8e26b083968199aff93c7768ca9aed6ded67cb394734377beb4b085fe
size 1224284

115
sssd-ldflags.diff Normal file
View File

@ -0,0 +1,115 @@
From: Jan Engelhardt <jengelh@inai.de>
Date: 2012-11-10 01:36:37.022064770 +0100
build: fix link failure because of wrong use of LDFLAGS
ld: src/sss_client/sss_ssh_authorizedkeys-common.o: undefined
reference to symbol 'pthread_mutexattr_setrobust@@GLIBC_2.12'
For the i'th time,
http://stackoverflow.com/questions/4241683/linker-flags-in-wrong-place
The patch fixes the location of library names, and also adds them
to two program which need them.
---
Makefile.am | 23 +++++++++++++++--------
1 file changed, 15 insertions(+), 8 deletions(-)
Index: sssd-1.9.2/Makefile.am
===================================================================
--- sssd-1.9.2.orig/Makefile.am
+++ sssd-1.9.2/Makefile.am
@@ -746,8 +746,8 @@ sss_sudo_cli_SOURCES = \
src/sss_client/common.c \
src/sss_client/sudo_testcli/sudo_testcli.c
sss_sudo_cli_CFLAGS = $(AM_CFLAGS)
-sss_sudo_cli_LDFLAGS = $(CLIENT_LIBS)
sss_sudo_cli_LDADD = \
+ $(CLIENT_LIBS) \
libsss_sudo.la
endif
@@ -758,6 +758,7 @@ sss_ssh_authorizedkeys_SOURCES = \
src/sss_client/ssh/sss_ssh_authorizedkeys.c
sss_ssh_authorizedkeys_CFLAGS = $(AM_CFLAGS)
sss_ssh_authorizedkeys_LDADD = \
+ $(CLIENT_LIBS) \
libsss_util.la
sss_ssh_knownhostsproxy_SOURCES = \
@@ -766,6 +767,7 @@ sss_ssh_knownhostsproxy_SOURCES = \
src/sss_client/ssh/sss_ssh_knownhostsproxy.c
sss_ssh_knownhostsproxy_CFLAGS = $(AM_CFLAGS)
sss_ssh_knownhostsproxy_LDADD = \
+ $(CLIENT_LIBS) \
libsss_util.la
endif
@@ -1152,10 +1154,11 @@ libnss_sss_la_SOURCES = \
src/sss_client/nss_mc_group.c \
src/sss_client/nss_mc.h
libnss_sss_la_LDFLAGS = \
- $(CLIENT_LIBS) \
-module \
-version-info 2:0:0 \
-Wl,--version-script,$(srcdir)/src/sss_client/sss_nss.exports
+libnss_sss_la_LIBADD = \
+ $(CLIENT_LIBS)
pamlib_LTLIBRARIES = pam_sss.la
pam_sss_la_SOURCES = \
@@ -1166,11 +1169,12 @@ pam_sss_la_SOURCES = \
src/sss_client/sss_pam_macros.h
pam_sss_la_LDFLAGS = \
- $(CLIENT_LIBS) \
- -lpam \
-module \
-avoid-version \
-Wl,--version-script,$(srcdir)/src/sss_client/sss_pam.exports
+pam_sss_la_LIBADD = \
+ $(CLIENT_LIBS) \
+ -lpam
if BUILD_SUDO
@@ -1182,9 +1186,10 @@ libsss_sudo_la_SOURCES = \
src/sss_client/sudo/sss_sudo.h \
src/sss_client/sudo/sss_sudo_private.h
libsss_sudo_la_LDFLAGS = \
- $(CLIENT_LIBS) \
-Wl,--version-script,$(srcdir)/src/sss_client/sss_sudo.exports \
-version-info 2:0:1
+libsss_sudo_la_LIBADD = \
+ $(CLIENT_LIBS)
sudolib_LTLIBRARIES = libsss_sudo.la
@@ -1201,10 +1206,11 @@ libsss_autofs_la_SOURCES = \
src/sss_client/autofs/sss_autofs_private.h
libsss_autofs_la_LDFLAGS = \
- $(CLIENT_LIBS) \
-module \
-avoid-version \
-Wl,--version-script,$(srcdir)/src/sss_client/autofs/sss_autofs.exports
+libsss_autofs_la_LIBADD = \
+ $(CLIENT_LIBS)
endif
dist_noinst_DATA += \
@@ -1521,10 +1527,11 @@ sssd_pac_plugin_la_CFLAGS = \
$(AM_CFLAGS) \
$(KRB5_CFLAGS)
sssd_pac_plugin_la_LDFLAGS = \
- $(CLIENT_LIBS) \
- -lkrb5 \
-avoid-version \
-module
+sssd_pac_plugin_la_LIBADD = \
+ $(CLIENT_LIBS) \
+ -lkrb5
if BUILD_PYTHON_BINDINGS
pysss_la_SOURCES = \

View File

@ -1,3 +1,23 @@
-------------------------------------------------------------------
Sat Nov 10 00:27:06 UTC 2012 - jengelh@inai.de
- Update to new upstream release 1.9.2
* Users or groups from trusted domains can be retrieved by UID or
GID as well
* Several fixes that mitigate file descriptor leak during logins
* SSH host keys are also removed from the cache after being
removed from the server
* Fix intermittent crash in responders if the responder was
shutting down while requests were still pending
* Catch an error condition that might have caused a tight loop in
the sssd_nss process while refreshing expired enumeration request
* Fixed memory hierarchy of subdomains discovery requests that
caused use-after-free access bugs
* The krb5_child and ldap_child processes can print libkrb5 tracing
information in the debug logs
- Split sssd into sssd and sssd-client. Since sssd requires the
client, no extra action is needed for upgrade.
-------------------------------------------------------------------
Wed Jun 27 12:32:05 UTC 2012 - jengelh@inai.de

269
sssd.spec
View File

@ -17,7 +17,7 @@
Name: sssd
Version: 1.8.93
Version: 1.9.2
Release: 0
Summary: System Security Services Daemon
License: GPL-3.0+ and LGPL-3.0+
@ -27,15 +27,15 @@ Url: https://fedorahosted.org/sssd/
#Git-Clone: git://git.fedorahosted.org/sssd
Source: %name-%version.tar.xz
Source3: baselibs.conf
Patch5: 0005-implicit-decl.diff
Patch1: 0005-implicit-decl.diff
Patch2: sssd-ldflags.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: xz
%define servicename sssd
%define sssdstatedir %{_localstatedir}/lib/sss
%define dbpath %{sssdstatedir}/db
%define pipepath %{sssdstatedir}/pipes
%define pubconfpath %{sssdstatedir}/pubconf
%define sssdstatedir %_localstatedir/lib/sss
%define dbpath %sssdstatedir/db
%define pipepath %sssdstatedir/pipes
%define pubconfpath %sssdstatedir/pubconf
# SLES11 doesn't know the python_* macros
%if %suse_version <= 1110
@ -43,10 +43,12 @@ BuildRequires: xz
%define python_sitearch %py_sitedir
%endif
#BuildRequires: autoconf >= 2.59, automake, libtool
BuildRequires: autoconf >= 2.59
BuildRequires: automake
BuildRequires: bind-utils
BuildRequires: docbook-xsl-stylesheets
BuildRequires: krb5-devel
BuildRequires: libtool
BuildRequires: pkgconfig >= 0.21
%if 0%{?suse_version} >= 1210
BuildRequires: pkgconfig(collection) >= 0.5.1
@ -96,6 +98,8 @@ BuildRequires: pkg-config
BuildRequires: systemd
%{?systemd_requires}
%endif
BuildRequires: xz
Requires: %name-client = %version
%description
Provides a set of daemons to manage access to remote directories and
@ -104,11 +108,20 @@ the system and a pluggable backend system to connect to multiple different
account sources. It is also the basis to provide client auditing and policy
services for projects like FreeIPA.
%package client
Summary: SSSD client libraries for NSS and PAM
License: LGPL-3.0+
Group: Applications/System
%description client
Provides the libraries needed by the PAM and NSS stacks to connect to
the SSSD service.
%package ipa-provider
Summary: FreeIPA provider plugin for sssd
License: GPL-3.0+ and LGPL-3.0+
Group: System/Daemons
Requires: sssd = %{version}
Requires: sssd = %version
%description ipa-provider
This package provide the FreeIPA provider plugin for the System Security
@ -118,7 +131,7 @@ Services Daemon (sssd).
Summary: Commandline tools for sssd
License: GPL-3.0+ and LGPL-3.0+
Group: System/Management
Requires: sssd = %{version}
Requires: sssd = %version
%description tools
The packages contains commandline tools for managing users and groups using
@ -160,6 +173,23 @@ Requires: libsss_idmap0 = %version
%description -n libsss_idmap-devel
A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs.
%package -n libsss_sudo1
Summary: A library to allow communication between sudo and SSSD
License: LGPL-3.0+
Group: System/Libraries
%description -n libsss_sudo1
A utility library to allow communication between sudo and SSSD.
%package -n libsss_sudo-devel
Summary: Development files for the sss_sudo library
License: LGPL-3.0+
Group: Development/Libraries/C and C++
Requires: libsss_sudo1 = %version
%description -n libsss_sudo-devel
A utility library to allow communication between sudo and SSSD.
%package -n python-ipa_hbac
Summary: Python bindings for the FreeIPA HBAC Evaluator library
License: GPL-3.0+ and LGPL-3.0+
@ -174,7 +204,7 @@ can be used by Python applications.
Summary: Python API for configuring sssd
License: GPL-3.0+ and LGPL-3.0+
Group: Development/Libraries/Python
%{py_requires}
%py_requires
%description -n python-sssd-config
Provide python module to access and manage configuration of the System
@ -182,7 +212,7 @@ Security Services Daemon (sssd).
%prep
%setup -q
%patch -P 5 -p1
%patch -P 1 -P 2 -p1
%build
%if 0%{?suse_version} < 1210
@ -197,13 +227,14 @@ export LDB_DIR="$(pkg-config ldb --variable=modulesdir)"
# help configure find nscd
export PATH="$PATH:/usr/sbin"
autoreconf -fi;
%configure \
--with-db-path=%{dbpath} \
--with-pipe-path=%{pipepath} \
--with-pubconf-path=%{pubconfpath} \
--with-init-dir=%{_initrddir} \
--enable-nsslibdir=/%{_lib} \
--enable-pammoddir=/%{_lib}/security \
--with-db-path="%dbpath" \
--with-pipe-path="%pipepath" \
--with-pubconf-path="%pubconfpath" \
--with-init-dir="%_initrddir" \
--enable-nsslibdir="/%_lib" \
--enable-pammoddir="/%_lib/security" \
--with-ldb-lib-dir="$LDB_DIR" \
--with-selinux=no \
--with-os=suse \
@ -212,43 +243,30 @@ export PATH="$PATH:/usr/sbin"
make %{?_smp_mflags} all
%install
make install DESTDIR="%buildroot"
b="%buildroot";
make install DESTDIR="$b"
# Copy default sssd.conf file
install -d %{buildroot}%{_mandir}/cs
install -d %{buildroot}%{_mandir}/cs/man8
install -d %{buildroot}%{_mandir}/nl
install -d %{buildroot}%{_mandir}/nl/man8
install -d %{buildroot}%{_mandir}/pt
install -d %{buildroot}%{_mandir}/pt/man8
install -d %{buildroot}%{_mandir}/uk
install -d %{buildroot}%{_mandir}/uk/man1
install -d %{buildroot}%{_mandir}/uk/man5
install -d %{buildroot}%{_mandir}/uk/man8
install -d $RPM_BUILD_ROOT/%{_sysconfdir}/sssd
install -m600 src/examples/sssd-example.conf $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.conf
install src/sysv/SUSE/sssd $RPM_BUILD_ROOT%{_sysconfdir}/init.d/sssd
install -d "$b/%_mandir"/{cs,cs/man8,nl,nl/man8,pt,pt/man8,uk,uk/man1} \
"$b/%_mandir"/{uk/man5,uk/man8};
install -d "$b/%_sysconfdir/sssd";
install -m600 src/examples/sssd-example.conf "$b/%_sysconfdir/sssd/sssd.conf";
install src/sysv/SUSE/sssd "$b/%_sysconfdir/init.d/sssd";
%if 0%{?_unitdir:1}
install -d $RPM_BUILD_ROOT/%{_unitdir}
install src/sysv/systemd/sssd.service $RPM_BUILD_ROOT/%{_unitdir}/sssd.service
install -d "$b/%_unitdir";
install src/sysv/systemd/sssd.service "$b/%_unitdir/sssd.service";
%endif
ln -sf ../../etc/init.d/sssd $RPM_BUILD_ROOT/usr/sbin/rcsssd
ln -sf ../../etc/init.d/sssd $b/usr/sbin/rcsssd
# Remove .la files created by libtool
find "%buildroot" -type f -name "*.la" -delete;
find "$b" -type f -name "*.la" -delete;
%if %suse_version <= 1110
# remove some unsupported languages, sssd does not contain
# translations for these anyway
rm -rf \
$RPM_BUILD_ROOT/usr/share/locale/fa_IR \
$RPM_BUILD_ROOT/usr/share/locale/ja_JP \
$RPM_BUILD_ROOT/usr/share/locale/lt_LT \
$RPM_BUILD_ROOT/usr/share/locale/ta_IN \
$RPM_BUILD_ROOT/usr/share/locale/vi_VN
rm -Rf "$b/usr/share/locale"/{fa_IR,ja_JP,lt_LT,ta_IN,vi_VN}
%endif
%find_lang %{name} --all-name
%find_lang %name --all-name
%if 0%{?_unitdir:1}
%pre
@ -275,90 +293,107 @@ rm -rf \
%service_del_postun sssd.service
%endif
%post client -p /sbin/ldconfig
%postun client -p /sbin/ldconfig
%post -n libipa_hbac0 -p /sbin/ldconfig
%postun -n libipa_hbac0 -p /sbin/ldconfig
%post -n libsss_idmap0 -p /sbin/ldconfig
%postun -n libsss_idmap0 -p /sbin/ldconfig
%post -n libsss_sudo1 -p /sbin/ldconfig
%postun -n libsss_sudo1 -p /sbin/ldconfig
%files -f sssd.lang
%defattr(-,root,root,-)
%defattr(-,root,root)
%doc COPYING
%{_initrddir}/%{name}
%_initrddir/%name
%if 0%{?_unitdir:1}
%{_unitdir}/sssd.service
%_unitdir
%endif
%{_sbindir}/sssd
%{_sbindir}/rcsssd
%dir %{_libdir}/%{name}
%dir %{_libexecdir}/%{name}
%dir %{_mandir}/cs
%dir %{_mandir}/cs/man8
%dir %{_mandir}/nl
%dir %{_mandir}/nl/man8
%dir %{_mandir}/pt
%dir %{_mandir}/pt/man8
%dir %{_mandir}/uk
%dir %{_mandir}/uk/man1
%dir %{_mandir}/uk/man5
%dir %{_mandir}/uk/man8
%{_mandir}/??/man?/*
%{_mandir}/man5/sssd-krb5.5*
%{_mandir}/man5/sssd-ldap.5*
%{_mandir}/man5/sssd-simple.5*
%{_mandir}/man8/sssd.8*
%{_mandir}/man5/sssd.conf.5.gz
%{_mandir}/man8/pam_sss.8.gz
%{_mandir}/man8/sssd_krb5_locator_plugin.8.gz
%{_libexecdir}/%{name}/sss*
%{_libexecdir}/%{name}/*_child
%{_libdir}/%{name}/libsss_krb5*
%{_libdir}/%{name}/libsss_ldap*
%{_libdir}/%{name}/libsss_proxy*
%{_libdir}/%{name}/libsss_simple*
%{_libdir}/ldb/memberof.so
%{_libdir}/krb5/plugins/libkrb5/*
%dir %{sssdstatedir}
%attr(700,root,root) %dir %{dbpath}
%attr(755,root,root) %dir %{pipepath}
%attr(700,root,root) %dir %{pipepath}/private
%attr(755,root,root) %dir %{pubconfpath}
%attr(750,root,root) %dir %{_var}/log/%{name}
%dir %{_sysconfdir}/sssd
%config(noreplace) %{_sysconfdir}/sssd/sssd.conf
/%{_lib}/libnss_sss.so.2
/%{_lib}/security/pam_sss.so
%_bindir/sss_ssh_*
%_sbindir/sssd
%_sbindir/rcsssd
%dir %_libdir/%name
%dir %_libexecdir/%name
%dir %_mandir/cs
%dir %_mandir/cs/man8
%dir %_mandir/nl
%dir %_mandir/nl/man8
%dir %_mandir/pt
%dir %_mandir/pt/man8
%dir %_mandir/uk
%dir %_mandir/uk/man1
%dir %_mandir/uk/man5
%dir %_mandir/uk/man8
%_mandir/??/man?/*
%_mandir/man1/sss_ssh_*
%_mandir/man1/sss_ssh_*
%_mandir/man5/sssd-ad.5*
%_mandir/man5/sssd-krb5.5*
%_mandir/man5/sssd-ldap.5*
%_mandir/man5/sssd-simple.5*
%_mandir/man5/sssd-sudo.5*
%_mandir/man8/sssd.8*
%_mandir/man5/sssd.conf.5.gz
%_libexecdir/%name/sss*
%_libexecdir/%name/*_child
%_libdir/%name/libsss_ad.so
%_libdir/%name/libsss_krb5*
%_libdir/%name/libsss_ldap*
%_libdir/%name/libsss_proxy*
%_libdir/%name/libsss_simple*
%_libdir/%name/modules
%_libdir/ldb/memberof.so
%dir %sssdstatedir
%attr(700,root,root) %dir %dbpath
%attr(755,root,root) %dir %pipepath
%attr(700,root,root) %dir %pipepath/private
%attr(755,root,root) %dir %pubconfpath
%attr(750,root,root) %dir %_localstatedir/log/%name
%dir %_sysconfdir/sssd
%config(noreplace) %_sysconfdir/sssd/sssd.conf
%_datadir/sssd
%exclude %_datadir/sssd/sssd.api.d/sssd-ipa.conf
%files client
%defattr(-,root,root)
/%_lib/libnss_sss.so.2
/%_lib/security/pam_sss.so
%_libdir/krb5/plugins/libkrb5/*
%_mandir/man8/pam_sss.8.gz
%_mandir/man8/sssd_krb5_locator_plugin.8.gz
%files tools
%defattr(-,root,root,-)
%{_sbindir}/sss_cache
%{_sbindir}/sss_debuglevel
%{_sbindir}/sss_useradd
%{_sbindir}/sss_userdel
%{_sbindir}/sss_usermod
%{_sbindir}/sss_groupadd
%{_sbindir}/sss_groupdel
%{_sbindir}/sss_groupmod
%{_sbindir}/sss_groupshow
%{_mandir}/man8/sss_groupadd.8*
%{_mandir}/man8/sss_groupdel.8*
%{_mandir}/man8/sss_groupmod.8*
%{_mandir}/man8/sss_groupshow.8*
%{_mandir}/man8/sss_useradd.8*
%{_mandir}/man8/sss_userdel.8*
%{_mandir}/man8/sss_usermod.8*
%{_mandir}/man8/sss_obfuscate.8*
%{_mandir}/man8/sss_cache.8*
%{_mandir}/man8/sss_debuglevel.8*
%attr(0755,root,root) %{_sbindir}/sss_obfuscate
%defattr(-,root,root)
%_sbindir/sss_cache
%_sbindir/sss_debuglevel
%_sbindir/sss_groupadd
%_sbindir/sss_groupdel
%_sbindir/sss_groupmod
%_sbindir/sss_groupshow
%_sbindir/sss_seed
%_sbindir/sss_useradd
%_sbindir/sss_userdel
%_sbindir/sss_usermod
%_mandir/man8/sss_groupadd.8*
%_mandir/man8/sss_groupdel.8*
%_mandir/man8/sss_groupmod.8*
%_mandir/man8/sss_groupshow.8*
%_mandir/man8/sss_seed.8*
%_mandir/man8/sss_useradd.8*
%_mandir/man8/sss_userdel.8*
%_mandir/man8/sss_usermod.8*
%_mandir/man8/sss_obfuscate.8*
%_mandir/man8/sss_cache.8*
%_mandir/man8/sss_debuglevel.8*
%attr(0755,root,root) %_sbindir/sss_obfuscate
%files ipa-provider
%defattr(-,root,root,-)
%defattr(-,root,root)
%dir %_datadir/sssd
%dir %_datadir/sssd/sssd.api.d
%_datadir/sssd/sssd.api.d/sssd-ipa.conf
%{_libdir}/sssd/libsss_ipa*
%{_mandir}/man5/sssd-ipa.*
%_libdir/sssd/libsss_ipa*
%_mandir/man5/sssd-ipa.*
%files -n libipa_hbac0
%defattr(-,root,root)
@ -380,6 +415,15 @@ rm -rf \
%_libdir/libsss_idmap.so
%_libdir/pkgconfig/sss_idmap.pc
%files -n libsss_sudo1
%defattr(-,root,root)
%_libdir/libsss_sudo.so.1*
%files -n libsss_sudo-devel
%defattr(-,root,root)
%_includedir/sss_sudo.h
%_libdir/libsss_sudo.so
%files -n python-ipa_hbac
%defattr(-,root,root)
%python_sitearch/pyhbac.so
@ -387,6 +431,7 @@ rm -rf \
%files -n python-sssd-config
%defattr(-,root,root)
%python_sitearch/pysss.so
%python_sitearch/pysss_murmur.so
%python_sitelib/SSSDConfig*
%changelog