Compare commits

...

14 Commits
rawhide ... f35

Author SHA1 Message Date
Pavel Březina adaf48077d sssd-2.7.4-1: Rebase to latest upstream release 2022-08-26 23:14:26 +02:00
Pavel Březina d4e9bb77c7 Fix bogus date in changelog 2022-08-26 23:14:24 +02:00
Pavel Březina a6bd748810 sssd-2.7.3-1: Rebase to latest upstream release 2022-07-18 11:28:29 +02:00
Pavel Březina 27aeda066a sssd-2.7.1-2: fix regression in IPA provider
Resolves: rhbz#2094685
(cherry picked from commit ec123cd550)
2022-06-09 10:52:58 +02:00
Pavel Březina ead475bdc9 sssd-2.7.1-1: Rebase to latest upstream release
(cherry picked from commit 562c0b9a10)
2022-06-02 13:40:13 +02:00
Pavel Březina cc487be535 sssd-2.7.0-1: Rebase to latest upstream release 2022-04-14 20:54:36 +02:00
Pavel Březina f866020248 sssd-2.6.3-1: Rebase to latest upstream release 2022-01-25 12:41:28 +01:00
Iker Pedrosa 6abb9247b9 Fix IPA reply socket of selinux_child
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2022-01-25 12:39:33 +01:00
Iker Pedrosa fb7e3914c8 sssd-2.6.2-1: Rebase to latest upstream release
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2022-01-25 12:39:30 +01:00
Pavel Březina 3fe7e4133f sssd-2.6.1-1: Rebase to latest upstream release 2021-11-09 16:36:21 +01:00
Pavel Březina 441a4fbedb sssd-2.6.0-2: pull latest upstream code 2021-11-01 19:10:43 +01:00
Pavel Březina cd66015704 sssd-2.6.0-1: Commit new sources 2021-10-14 13:24:34 +02:00
Pavel Březina 721a66ff38 sssd-2.6.0-1: Rebase to latest upstream release 2021-10-14 12:26:24 +02:00
Pavel Březina 339a1fb07b sssd-2.5.2-5: Fix CVE-2021-3621 2021-08-16 15:07:44 +02:00
4 changed files with 128 additions and 1841 deletions

8
.gitignore vendored
View File

@ -94,3 +94,11 @@ sssd-1.2.91.tar.gz
/sssd-2.5.0.tar.gz
/sssd-2.5.1.tar.gz
/sssd-2.5.2.tar.gz
/sssd-2.6.0.tar.gz
/sssd-2.6.1.tar.gz
/sssd-2.6.2.tar.gz
/sssd-2.6.3.tar.gz
/sssd-2.7.0.tar.gz
/sssd-2.7.1.tar.gz
/sssd-2.7.3.tar.gz
/sssd-2.7.4.tar.gz

File diff suppressed because it is too large Load Diff

View File

@ -1 +1 @@
SHA512 (sssd-2.5.2.tar.gz) = a9bac7b2cc23022dce3bcda314c9c26a0a0914c448f6d5a51c5ba18670f04c1fd1a94cb20173235b6285df1dcc9251cb6b3f3e71a220037b4eb66668e6f33c48
SHA512 (sssd-2.7.4.tar.gz) = 2c211f7fdc4325c77e2bf61c5c6981a9a7809d6e02f43b564ed3bb63390f91461f4c48910d4bf111484e00f428ce827f2a5b960930c6b95f2662c7e1207af53b

142
sssd.spec
View File

@ -14,6 +14,22 @@
%global child_attrs 4750
%endif
%if 0%{?fedora} >= 35 || 0%{?rhel} >= 9
%global build_subid 1
%else
%global build_subid 0
%endif
%if 0%{?fedora} >= 34
%global build_kcm_renewals 1
%global krb5_version 1.19.1
%elif 0%{?rhel} >= 8
%global build_kcm_renewals 1
%global krb5_version 1.18.2
%else
%global build_kcm_renewals 0
%endif
# we don't want to provide private python extension libs
%define __provides_exclude_from %{python3_sitearch}/.*\.so$
@ -26,15 +42,14 @@
%global samba_package_version %(rpm -q samba-devel --queryformat %{version}-%{release})
Name: sssd
Version: 2.5.2
Release: 4%{?dist}
Version: 2.7.4
Release: 1%{?dist}
Summary: System Security Services Daemon
License: GPLv3+
URL: https://github.com/SSSD/sssd/
Source0: https://github.com/SSSD/sssd/releases/download/2.5.2/sssd-2.5.2.tar.gz
Source0: https://github.com/SSSD/sssd/releases/download/2.7.4/sssd-2.7.4.tar.gz
### Patches ###
Patch0001: 0001-Basics-of-subid-ranges-support-for-IPA-provider.patch
### Dependencies ###
@ -43,8 +58,8 @@ Requires: sssd-common = %{version}-%{release}
Requires: sssd-ipa = %{version}-%{release}
Requires: sssd-krb5 = %{version}-%{release}
Requires: sssd-ldap = %{version}-%{release}
Recommends: sssd-proxy = %{version}-%{release}
Recommends: logrotate
Requires: sssd-proxy = %{version}-%{release}
Suggests: logrotate
Suggests: python3-sssdconfig = %{version}-%{release}
Suggests: sssd-dbus = %{version}-%{release}
@ -74,10 +89,11 @@ BuildRequires: findutils
BuildRequires: gcc
BuildRequires: gdm-pam-extensions-devel
BuildRequires: gettext-devel
BuildRequires: glib2-devel
# required for p11_child smartcard tests
BuildRequires: gnutls-utils
BuildRequires: jansson-devel
BuildRequires: libcurl-devel
BuildRequires: libjose-devel
BuildRequires: keyutils-libs-devel
BuildRequires: krb5-devel
BuildRequires: libcmocka-devel >= 1.0.0
@ -93,6 +109,8 @@ BuildRequires: libtalloc-devel
BuildRequires: libtdb-devel
BuildRequires: libtevent-devel
BuildRequires: libtool
BuildRequires: libunistring
BuildRequires: libunistring-devel
BuildRequires: libuuid-devel
BuildRequires: libxml2
BuildRequires: libxslt
@ -121,6 +139,12 @@ BuildRequires: systemd-devel
BuildRequires: systemtap-sdt-devel
BuildRequires: uid_wrapper
BuildRequires: po4a
%if %{build_subid}
BuildRequires: shadow-utils-subid-devel
%endif
%if %{build_kcm_renewals}
BuildRequires: krb5-libs >= %{krb5_version}
%endif
%description
Provides a set of daemons to manage access to remote directories and
@ -140,9 +164,9 @@ License: GPLv3+
Requires: libldb >= %{ldb_version}
Requires: libtevent >= 0.11.0
Requires: sssd-client%{?_isa} = %{version}-%{release}
Recommends: libsss_sudo = %{version}-%{release}
Recommends: libsss_autofs%{?_isa} = %{version}-%{release}
Recommends: sssd-nfs-idmap = %{version}-%{release}
Requires: (libsss_sudo = %{version}-%{release} if sudo)
Requires: (libsss_autofs%{?_isa} = %{version}-%{release} if autofs)
Requires: (sssd-nfs-idmap = %{version}-%{release} if libnfsidmap)
Requires: libsss_idmap = %{version}-%{release}
Requires: libsss_certmap = %{version}-%{release}
%if 0%{?rhel}
@ -195,13 +219,12 @@ Requires: sssd-common = %{version}-%{release}
Requires: python3-sss = %{version}-%{release}
Requires: python3-sssdconfig = %{version}-%{release}
Requires: libsss_certmap = %{version}-%{release}
Recommends: sssd-dbus
# for logger=journald support with sss_analyze
Requires: python3-systemd
Requires: sssd-dbus
%description tools
Provides userspace tools for manipulating users, groups, and nested groups in
SSSD when using id_provider = local in /etc/sssd/sssd.conf.
Also provides several other administrative tools:
Provides several administrative tools:
* sss_debuglevel to change the debug level on the fly
* sss_seed which pre-creates a user entry for use in kickstarts
* sss_obfuscate for generating an obfuscated LDAP password
@ -223,11 +246,8 @@ Requires: sssd-common = %{version}-%{release}
%{?python_provide:%python_provide python3-sss}
%description -n python3-sss
Provides python3 module for manipulating users, groups, and nested groups in
SSSD when using id_provider = local in /etc/sssd/sssd.conf.
Also provides several other useful python3 bindings:
* function for retrieving list of groups user belongs to.
Provides python3 bindings:
* function for retrieving list of groups user belongs to
* class for obfuscation of passwords
%package -n python3-sss-murmur
@ -468,13 +488,25 @@ Library to map certificates to users based on rules
Summary: An implementation of a Kerberos KCM server
License: GPLv3+
Requires: sssd-common = %{version}-%{release}
Requires: krb5-libs >= 1.19.1
%if %{build_kcm_renewals}
Requires: krb5-libs >= %{krb5_version}
%endif
%{?systemd_requires}
%description kcm
An implementation of a Kerberos KCM server. Use this package if you want to
use the KCM: Kerberos credentials cache.
%package idp
Summary: Kerberos plugins and OIDC helper for external identity providers.
License: GPLv3+
Requires: sssd-common = %{version}-%{release}
%description idp
This package provides Kerberos plugins that are required to enable
authentication against external identity providers. Additionally a helper
program to handle the OAuth 2.0 Device Authorization Grant is provided.
%prep
%autosetup -p1
@ -503,6 +535,9 @@ autoreconf -ivf
--with-sssd-user=%{sssd_user} \
--with-syslog=journald \
--with-test-dir=/dev/shm \
%if %{build_subid}
--with-subid \
%endif
%if 0%{?fedora}
--disable-polkit-rules-path \
%endif
@ -510,6 +545,7 @@ autoreconf -ivf
%make_build all docs runstatedir=%{_rundir}
%py3_shebang_fix src/tools/analyzer/sss_analyze
sed -i -e 's:/usr/bin/python:/usr/bin/python3:' src/tools/sss_obfuscate
%check
@ -537,6 +573,14 @@ mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d
cp $RPM_BUILD_ROOT/%{_datadir}/sssd-kcm/kcm_default_ccache \
$RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/kcm_default_ccache
# Enable krb5 idp plugins by default (when sssd-idp package is installed)
cp $RPM_BUILD_ROOT/%{_datadir}/sssd/krb5-snippets/sssd_enable_idp \
$RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/sssd_enable_idp
# krb5 configuration snippet
cp $RPM_BUILD_ROOT/%{_datadir}/sssd/krb5-snippets/enable_sssd_conf_dir \
$RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/enable_sssd_conf_dir
# Create directory for cifs-idmap alternative
# Otherwise this directory could not be owned by sssd-client
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/cifs-utils
@ -549,7 +593,7 @@ rm -Rf ${RPM_BUILD_ROOT}/%{_docdir}/%{name}
# Older versions of rpmbuild can only handle one -f option
# So we need to append to the sssd*.lang file
for file in `ls $RPM_BUILD_ROOT/%{python3_sitelib}/*.egg-info 2> /dev/null`
for file in `find $RPM_BUILD_ROOT/%{python3_sitelib} -maxdepth 1 -name "*.egg-info" 2> /dev/null`
do
echo %{python3_sitelib}/`basename $file` >> python3_sssdconfig.lang
done
@ -763,6 +807,9 @@ done
%license COPYING
%{_libdir}/%{name}/libsss_krb5.so
%{_mandir}/man5/sssd-krb5.5*
%config(noreplace) %{_sysconfdir}/krb5.conf.d/enable_sssd_conf_dir
%dir %{_datadir}/sssd/krb5-snippets
%{_datadir}/sssd/krb5-snippets/enable_sssd_conf_dir
%files common-pac
%license COPYING
@ -808,6 +855,9 @@ done
%files client -f sssd_client.lang
%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
%{_libdir}/libnss_sss.so.2
%if %{build_subid}
%{_libdir}/libsubid_sss.so
%endif
%{_libdir}/security/pam_sss.so
%{_libdir}/security/pam_sss_gss.so
%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so
@ -822,6 +872,7 @@ done
%{_mandir}/man8/pam_sss.8*
%{_mandir}/man8/pam_sss_gss.8*
%{_mandir}/man8/sssd_krb5_locator_plugin.8*
%{_mandir}/man8/sssd_krb5_localauth_plugin.8*
%files -n libsss_sudo
%license src/sss_client/COPYING
@ -839,6 +890,8 @@ done
%{_sbindir}/sss_debuglevel
%{_sbindir}/sss_seed
%{_sbindir}/sssctl
%{_libexecdir}/%{servicename}/sss_analyze
%{python3_sitelib}/sssd/
%{_mandir}/man8/sss_obfuscate.8*
%{_mandir}/man8/sss_override.8*
%{_mandir}/man8/sss_debuglevel.8*
@ -924,7 +977,12 @@ done
%{_unitdir}/sssd-kcm.socket
%{_unitdir}/sssd-kcm.service
%{_mandir}/man8/sssd-kcm.8*
%{_libdir}/%{name}/libsss_secrets.so
%files idp
%{_libexecdir}/%{servicename}/oidc_child
%{_libdir}/%{name}/modules/sssd_krb5_idp_plugin.so
%{_datadir}/sssd/krb5-snippets/sssd_enable_idp
%config(noreplace) %{_sysconfdir}/krb5.conf.d/sssd_enable_idp
%if 0%{?rhel}
%pre common
@ -1000,6 +1058,44 @@ fi
%systemd_postun_with_restart sssd.service
%changelog
* Fri Aug 26 2022 Pavel Březina <pbrezina@redhat.com> - 2.7.4-1
- Rebase to SSSD 2.7.4
* Mon Jul 4 2022 Pavel Březina <pbrezina@redhat.com> - 2.7.3-1
- Rebase to SSSD 2.7.3
* Thu Jun 9 2022 Pavel Březina <pbrezina@redhat.com> - 2.7.1-2
- Fix regression in IPA provider (#2094685)
* Thu Jun 2 2022 Pavel Březina <pbrezina@redhat.com> - 2.7.1-1
- Rebase to SSSD 2.7.1
* Thu Apr 14 2022 Pavel Březina <pbrezina@redhat.com> - 2.7.0-1
- Rebase to SSSD 2.7.0
* Tue Jan 25 2022 Pavel Březina <pbrezina@redhat.com> - 2.6.3-1
- Rebase to SSSD 2.6.3
* Tue Jan 04 2022 Iker Pedrosa <ipedrosa@redhat.com> - 2.6.2-2
- Fix IPA reply socket of selinux_child
* Thu Dec 23 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2.6.2-1
- Rebase to SSSD 2.6.2
* Tue Nov 09 2021 Pavel Březina <pbrezina@redhat.com> - 2.6.1-1
- Rebase to SSSD 2.6.1
* Mon Nov 01 2021 Pavel Březina <pbrezina@redhat.com> - 2.6.0-2
- Add additional patches on top of 2.6.0
- Fix KCM upgrade from older releases
- Enable subid ranges
* Thu Oct 14 2021 Pavel Březina <pbrezina@redhat.com> - 2.6.0-1
- Rebase to SSSD 2.6.0
* Mon Aug 16 2021 Pavel Březina <pbrezina@redhat.com> - 2.5.2-5
- Fix CVE-2021-3621
* Mon Aug 09 2021 Pavel Březina <pbrezina@redhat.com> - 2.5.2-4
- Disable running files provider by default
- Support subid ranges managed by FreeIPA