Attachment 613868 Details for Bug 709632 – 0001-sys-auth-sssd-1.16.4-version-bump.patch

[patch] 0001-sys-auth-sssd-1.16.4-version-bump.patch

0001-sys-auth-sssd-1.16.4-version-bump.patch (text/plain), 6.71 KB, created by Adam Purkrt on 2020-02-14 21:48:05 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Adam Purkrt

Created: 2020-02-14 21:48:05 UTC

Size: 6.71 KB

patch

obsolete

>From 4561365279aebd6698a7c35119648d4b60826cfc Mon Sep 17 00:00:00 2001
>From: Adam Purkrt <adam@purkrt.net>
>Date: Fri, 14 Feb 2020 22:28:56 +0100
>Subject: [PATCH] sys-auth/sssd-1.16.4 version bump
>
>Simple version bump. Fix for CVE-2019-3811 is now already in the code.
>Curl macros patch does not seem to be needed anymore.
>---
> sys-auth/sssd/files/sssd-curl-macros.patch    | 34 -------
> .../sssd/files/sssd-fix-CVE-2019-3811.patch   | 96 -------------------
> ...sd-1.16.3-r3.ebuild => sssd-1.16.4.ebuild} |  3 -
> 3 files changed, 133 deletions(-)
> delete mode 100644 sys-auth/sssd/files/sssd-curl-macros.patch
> delete mode 100644 sys-auth/sssd/files/sssd-fix-CVE-2019-3811.patch
> rename sys-auth/sssd/{sssd-1.16.3-r3.ebuild => sssd-1.16.4.ebuild} (98%)
>
>diff --git a/sys-auth/sssd/files/sssd-curl-macros.patch b/sys-auth/sssd/files/sssd-curl-macros.patch
>deleted file mode 100644
>index 91e71e83787..00000000000
>--- a/sys-auth/sssd/files/sssd-curl-macros.patch
>+++ /dev/null
>@@ -1,34 +0,0 @@
>-From d3cdf9cbfbace4874c6e5c96f1e5ef5b342c813e Mon Sep 17 00:00:00 2001
>-From: Mikle Kolyada <zlogene@gentoo.org>
>-Date: Sun, 16 Dec 2018 20:42:39 +0300
>-Subject: [PATCH] tev_curl.c: remove case duplication
>-
>-CURLE_SSL_CACERT and CURLE_PEER_FAILED_VERIFICATION macros are provided
>-by net-misc/curl-7.62.0 and older
>----
>- tev_curl.c | 3 ---
>- 1 file changed, 3 deletions(-)
>-
>-diff --git a/tev_curl.c b/tev_curl.c
>-index 6a7a580..ce6fdba 100644
>---- a/src/util/tev_curl.c
>-+++ b/src/util/tev_curl.c
>-@@ -97,7 +97,6 @@ static errno_t curl_code2errno(CURLcode crv)
>-         return ETIMEDOUT;
>-     case CURLE_SSL_ISSUER_ERROR:
>-     case CURLE_SSL_CACERT_BADFILE:
>--    case CURLE_SSL_CACERT:
>-     case CURLE_SSL_CERTPROBLEM:
>-         return ERR_INVALID_CERT;
>- 
>-@@ -110,8 +109,6 @@ static errno_t curl_code2errno(CURLcode crv)
>-     case CURLE_SSL_ENGINE_NOTFOUND:
>-     case CURLE_SSL_CONNECT_ERROR:
>-         return ERR_SSL_FAILURE;
>--    case CURLE_PEER_FAILED_VERIFICATION:
>--        return ERR_UNABLE_TO_VERIFY_PEER;
>-     case CURLE_COULDNT_RESOLVE_HOST:
>-         return ERR_UNABLE_TO_RESOLVE_HOST;
>-     default:
>--- 
>-2.19.2
>\ No newline at end of file
>diff --git a/sys-auth/sssd/files/sssd-fix-CVE-2019-3811.patch b/sys-auth/sssd/files/sssd-fix-CVE-2019-3811.patch
>deleted file mode 100644
>index 87db45fd24b..00000000000
>--- a/sys-auth/sssd/files/sssd-fix-CVE-2019-3811.patch
>+++ /dev/null
>@@ -1,96 +0,0 @@
>-From 28792523a01a7d21bcc8931794164f253e691a68 Mon Sep 17 00:00:00 2001
>-From: Tomas Halman <thalman@redhat.com>
>-Date: Mon, 3 Dec 2018 14:11:31 +0100
>-Subject: [PATCH] nss: sssd returns '/' for emtpy home directories
>-
>-For empty home directory in passwd file sssd returns "/". Sssd
>-should respect system behaviour and return the same as nsswitch
>-"files" module - return empty string.
>-
>-Resolves:
>-https://pagure.io/SSSD/sssd/issue/3901
>-
>-Reviewed-by: Simo Sorce <simo@redhat.com>
>-Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
>-(cherry picked from commit 90f32399b4100ce39cf665649fde82d215e5eb49)
>----
>- src/confdb/confdb.c                      |  9 +++++++++
>- src/man/include/ad_modified_defaults.xml | 19 +++++++++++++++++++
>- src/responder/nss/nss_protocol_pwent.c   |  2 +-
>- src/tests/intg/test_files_provider.py    |  2 +-
>- 4 files changed, 30 insertions(+), 2 deletions(-)
>-
>-diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
>-index a3eb9c66d9..17bb4f8274 100644
>---- a/src/confdb/confdb.c
>-+++ b/src/confdb/confdb.c
>-@@ -1301,6 +1301,15 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
>-             ret = ENOMEM;
>-             goto done;
>-         }
>-+    } else {
>-+        if (strcasecmp(domain->provider, "ad") == 0) {
>-+            /* ad provider default */
>-+            domain->fallback_homedir = talloc_strdup(domain, "/home/%d/%u");
>-+            if (!domain->fallback_homedir) {
>-+                ret = ENOMEM;
>-+                goto done;
>-+            }
>-+        }
>-     }
>- 
>-     tmp = ldb_msg_find_attr_as_string(res->msgs[0],
>-diff --git a/src/man/include/ad_modified_defaults.xml b/src/man/include/ad_modified_defaults.xml
>-index 818a2bf787..425b7e8ee0 100644
>---- a/src/man/include/ad_modified_defaults.xml
>-+++ b/src/man/include/ad_modified_defaults.xml
>-@@ -76,4 +76,23 @@
>-             </listitem>
>-         </itemizedlist>
>-     </refsect2>
>-+    <refsect2 id='nss_modifications'>
>-+        <title>NSS configuration</title>
>-+        <itemizedlist>
>-+            <listitem>
>-+                <para>
>-+                    fallback_homedir = /home/%d/%u
>-+                </para>
>-+                <para>
>-+                    The AD provider automatically sets
>-+                    "fallback_homedir = /home/%d/%u" to provide personal
>-+                    home directories for users without the homeDirectory
>-+                    attribute. If your AD Domain is properly
>-+                    populated with Posix attributes, and you want to avoid
>-+                    this fallback behavior, you can explicitly
>-+                    set "fallback_homedir = %o".
>-+                </para>
>-+            </listitem>
>-+        </itemizedlist>
>-+    </refsect2>
>- </refsect1>
>-diff --git a/src/responder/nss/nss_protocol_pwent.c b/src/responder/nss/nss_protocol_pwent.c
>-index af9e74fc86..86fa4ec465 100644
>---- a/src/responder/nss/nss_protocol_pwent.c
>-+++ b/src/responder/nss/nss_protocol_pwent.c
>-@@ -118,7 +118,7 @@ nss_get_homedir(TALLOC_CTX *mem_ctx,
>- 
>-     homedir = nss_get_homedir_override(mem_ctx, msg, nss_ctx, domain, &hd_ctx);
>-     if (homedir == NULL) {
>--        return "/";
>-+        return "";
>-     }
>- 
>-     return homedir;
>-diff --git a/src/tests/intg/test_files_provider.py b/src/tests/intg/test_files_provider.py
>-index ead1cc4c34..4761f1bd15 100644
>---- a/src/tests/intg/test_files_provider.py
>-+++ b/src/tests/intg/test_files_provider.py
>-@@ -678,7 +678,7 @@ def test_user_no_dir(setup_pw_with_canary, files_domain_only):
>-     Test that resolving a user without a homedir defined works and returns
>-     a fallback value
>-     """
>--    check_user(incomplete_user_setup(setup_pw_with_canary, 'dir', '/'))
>-+    check_user(incomplete_user_setup(setup_pw_with_canary, 'dir', ''))
>- 
>- 
>- def test_user_no_gecos(setup_pw_with_canary, files_domain_only):
>diff --git a/sys-auth/sssd/sssd-1.16.3-r3.ebuild b/sys-auth/sssd/sssd-1.16.4.ebuild
>similarity index 98%
>rename from sys-auth/sssd/sssd-1.16.3-r3.ebuild
>rename to sys-auth/sssd/sssd-1.16.4.ebuild
>index cc419dffd97..f39fa5ea952 100644
>--- a/sys-auth/sssd/sssd-1.16.3-r3.ebuild
>+++ b/sys-auth/sssd/sssd-1.16.4.ebuild
>@@ -85,9 +85,6 @@ src_prepare() {
> 	sed -i 's:#!/sbin/runscript:#!/sbin/openrc-run:' \
> 		"${S}"/src/sysv/gentoo/sssd.in || die "sed sssd.in"
> 
>-	eapply "${FILESDIR}"/${PN}-curl-macros.patch
>-	eapply "${FILESDIR}"/${PN}-fix-CVE-2019-3811.patch
>-
> 	default
> 	eautoreconf
> 	multilib_copy_sources
>-- 
>2.25.0
>

Actions: View | Diff

Attachments on bug 709632: 613768 | 613868