From 4d4fe7434de8b257e8c0be12642ad0175c96d767 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Tue, 11 Feb 2014 15:44:57 +0100 Subject: [PATCH] New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4 --- .gitignore | 1 + ...g-krb5_child-response-make-sure-to-n.patch | 46 ------------------- ...ID-requests-if-noexist_delete-is-set.patch | 41 ----------------- sources | 2 +- sssd.spec | 10 ++-- 5 files changed, 9 insertions(+), 91 deletions(-) delete mode 100644 0001-FAST-when-parsing-krb5_child-response-make-sure-to-n.patch delete mode 100644 0601-FEDORA-LDAP-handle-SID-requests-if-noexist_delete-is-set.patch diff --git a/.gitignore b/.gitignore index 51ad3f2..50bfe8c 100644 --- a/.gitignore +++ b/.gitignore @@ -51,3 +51,4 @@ sssd-1.2.91.tar.gz /sssd-1.11.1.tar.gz /sssd-1.11.2.tar.gz /sssd-1.11.3.tar.gz +/sssd-1.11.4.tar.gz diff --git a/0001-FAST-when-parsing-krb5_child-response-make-sure-to-n.patch b/0001-FAST-when-parsing-krb5_child-response-make-sure-to-n.patch deleted file mode 100644 index 2fc86ab..0000000 --- a/0001-FAST-when-parsing-krb5_child-response-make-sure-to-n.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 153efc74ff188c12c03e9578c6fb1d39c69ef5d7 Mon Sep 17 00:00:00 2001 -From: Alexander Bokovoy -Date: Tue, 24 Dec 2013 13:01:46 +0200 -Subject: [PATCH] FAST: when parsing krb5_child response, make sure to not miss - OTP message if it was last one - -The last message in the stream might be with empty payload which means we get -only message type and message length (0) returned, i.e. 8 bytes left remaining -in the stream after processing preceding message. This makes our calculation at -the end of a message processing loop incorrect -- p+2*sizeof(int32_t) can be -equal to len, after all. - -Fixes FAST processing for FreeIPA native OTP case: -https://fedorahosted.org/sssd/ticket/2186 ---- - src/providers/krb5/krb5_child_handler.c | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/src/providers/krb5/krb5_child_handler.c b/src/providers/krb5/krb5_child_handler.c -index 92dec0d2afb1627b61c3dd1037e91546a7ee08d6..d6c1dc1f9707444a82e433a375839cadf73f1259 100644 ---- a/src/providers/krb5/krb5_child_handler.c -+++ b/src/providers/krb5/krb5_child_handler.c -@@ -548,8 +548,9 @@ parse_krb5_child_response(TALLOC_CTX *mem_ctx, uint8_t *buf, ssize_t len, - * CCACHE_ENV_NAME"=". pref_len also counts the trailing '=' because - * sizeof() counts the trailing '\0' of a string. */ - pref_len = sizeof(CCACHE_ENV_NAME); -- if (msg_len > pref_len && -- strncmp((const char *) &buf[p], CCACHE_ENV_NAME"=", pref_len) == 0) { -+ if ((msg_type == SSS_PAM_ENV_ITEM) && -+ (msg_len > pref_len) && -+ (strncmp((const char *) &buf[p], CCACHE_ENV_NAME"=", pref_len) == 0)) { - ccname = (char *) &buf[p+pref_len]; - ccname_len = msg_len-pref_len; - } -@@ -600,7 +601,7 @@ parse_krb5_child_response(TALLOC_CTX *mem_ctx, uint8_t *buf, ssize_t len, - - p += msg_len; - -- if ((p < len) && (p + 2*sizeof(int32_t) >= len)) { -+ if ((p < len) && (p + 2*sizeof(int32_t) > len)) { - DEBUG(SSSDBG_CRIT_FAILURE, - ("The remainder of the message is too short.\n")); - return EINVAL; --- -1.8.5.3 - diff --git a/0601-FEDORA-LDAP-handle-SID-requests-if-noexist_delete-is-set.patch b/0601-FEDORA-LDAP-handle-SID-requests-if-noexist_delete-is-set.patch deleted file mode 100644 index e088d0d..0000000 --- a/0601-FEDORA-LDAP-handle-SID-requests-if-noexist_delete-is-set.patch +++ /dev/null @@ -1,41 +0,0 @@ -From f244195582ec804f1022341e2e3394754e31b36a Mon Sep 17 00:00:00 2001 -From: Sumit Bose -Date: Wed, 9 Oct 2013 18:19:08 +0200 -Subject: [PATCH] LDAP: handle SID requests if noexist_delete is set - -Fixes https://fedorahosted.org/sssd/ticket/2116 ---- - src/providers/ldap/ldap_id.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c -index 162d987..59dfd0a 100644 ---- a/src/providers/ldap/ldap_id.c -+++ b/src/providers/ldap/ldap_id.c -@@ -365,6 +365,11 @@ static void users_get_done(struct tevent_req *subreq) - } - break; - -+ case BE_FILTER_SECID: -+ /* Since it is not clear if the SID belongs to a user or a group -+ * we have nothing to do here. */ -+ break; -+ - default: - tevent_req_error(req, EINVAL); - return; -@@ -694,6 +699,11 @@ static void groups_get_done(struct tevent_req *subreq) - } - break; - -+ case BE_FILTER_SECID: -+ /* Since it is not clear if the SID belongs to a user or a group -+ * we have nothing to do here. */ -+ break; -+ - default: - tevent_req_error(req, EINVAL); - return; --- -1.8.3.1 - diff --git a/sources b/sources index 88e6b3f..6dfa58e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -46af96f609768a88ef8e5868e9526ab8 sssd-1.11.3.tar.gz +6b52a62fd6f6b170553d032deb7b0bc8 sssd-1.11.4.tar.gz diff --git a/sssd.spec b/sssd.spec index c2241b0..13e022f 100644 --- a/sssd.spec +++ b/sssd.spec @@ -13,8 +13,8 @@ %global ldb_version 1.1.16 Name: sssd -Version: 1.11.3 -Release: 2%{?dist} +Version: 1.11.4 +Release: 1%{?dist} Group: Applications/System Summary: System Security Services Daemon License: GPLv3+ @@ -23,7 +23,6 @@ Source0: https://fedorahosted.org/released/sssd/%{name}-%{version}.tar.gz BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) ### Patches ### -Patch0001: 0001-FAST-when-parsing-krb5_child-response-make-sure-to-n.patch Patch0602: 0602-FEDORA-Add-CIFS-idmap-plugin.patch ### Dependencies ### @@ -731,6 +730,11 @@ fi %postun -n libsss_idmap -p /sbin/ldconfig %changelog +* Mon Feb 17 2014 Jakub Hrozek - 1.11.4-1 +- New upstream release 1.11.4 +- Remove upstreamed patch +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4 + * Tue Feb 11 2014 Jakub Hrozek - 1.11.3-2 - Handle OTP response from FreeIPA server gracefully