| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
A race condition flaw was found in sssd where the GPO policy is
not consistently applied for authenticated users. This may lead
to improper authorization issues, granting or denying access to
resources inappropriately.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-3758
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
CVE-2018-16838 is patched in our version of sssd but it doesn't have
a vulnerable version range in the NVD database,
that's why it needs to be ignored.
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
WARNING: selinux-sandbox-3.3-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2+ [obsolete-license] \
WARNING: selinux-gui-3.3-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2+ [obsolete-license] \
WARNING: semodule-utils-3.3-r0.1 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2+ [obsolete-license] \
WARNING: selinux-dbus-3.3-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2+ [obsolete-license] \
WARNING: libwhisker2-perl-2.5-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPL-1.0+ [obsolete-license] \
WARNING: lib-perl-0.63-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPL-1.0+ [obsolete-license] \
WARNING: libhtp-0.5.39-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2 [obsolete-license] \
...
Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
/var/log is normally a link to /var/volatile/log and /var/volatile is a
tmpfs mount. So anything created in /var/log will not be available when
the tmpfs is mounted.
[Thanks to Peter Kjellerstedt for example]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It packages all file in ${libdir} to package sssd, including the .so
symlink files. Then it causes QA issues:
| ERROR: QA Issue: sssd rdepends on dbus-dev [dev-deps]
| ERROR: QA Issue: sssd rdepends on ding-libs-dev [dev-deps]
So re-package sssd then the .so symlink files and .pc files are packaged
to sssd-dev which should be.
File ${libdir}/libsss_sudo.so is not a symlink file but packaged to
sssd-dev too. Then causes another QA issue:
| ERROR: sssd-2.5.2-r0 do_package_qa: QA Issue:
-dev package sssd-dev contains non-symlink .so '/usr/lib/libsss_sudo.so' [dev-elf]
So create a new sub-package libsss-sudo to package file libsss_sudo.so
and make sssd rdepends on it.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SSSD 2.5.2 Highlights
* General information
- originalADgidNumber attribute in the SSSD cache is now indexed
* New features
- Debug messages in data provider include a unique request ID that can
be used to track the request from its start to its end (requires
libtevent >= 0.11.0)
* Important fixes
- Update large files in the files provider in batches to avoid timeouts
* Configuration changes
- Add new config option fallback_to_nss
Full release notes:
* https://sssd.io/release-notes/sssd-2.5.2.html
And backport patch to fix CVE-2021-3621.
CVE: CVE-2021-3621
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
See full change log: https://sssd.io/release-notes/sssd-2.5.1.html
Including a musl build work around
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
The patch fix-ldblibdir.patch has been dropped when update sssd to
2.5.0. But it fails to start sssd without this patch. So add it back.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
/var/run is deprecated and set pid path with /run to store pid files for
the SSSD.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add new depends
Drop obsolete patches
Signed-off-by: Armin Kuster <akuster808@gmail.com>
----
v2]
Fix issue with nsupdate check
don't use host bind
|
| |
|
|
|
|
| |
fix musl support
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
Currently sssd's do_patch task fails. Update the patch to fix this problem.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
glibc 2.32 will define these varibles [1] which results in conflicts
with these static function names, backport a fix from upstream
[1] https://sourceware.org/git/?p=glibc.git;a=commit;h=499a92df8b9fc64a054cf3b7f728f8967fc1da7d
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
Some XML related fixes are needed to make the sssd manpages buildable
Signed-off-by: Jonatan Pålsson <jonatan.p@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It requires http_parser.h to build secrets:
| configure: error:
| You must have the header file http_parser.h installed to build sssd
| with secrets responder. If you want to build sssd without secret responder
| then specify --without-secrets when running configure.
The header file is from package http-parser[1] rather than apache2. But
there is no recipe http-parser in openembedded. So disable build secrets
for sssd and remove related systemd service and socket files.
Reference:
1. https://github.com/nodejs/http-parser
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
infopipe was previously on by default, so add it to the default
PACKAGECONFIG.
The systemd files are only installed when --with-infopipe is passed to
configure, so conditionally add them to SYSTEMD_SERVICE.
Signed-off-by: Jonatan Pålsson <jonatan.p@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When building with the curl PACKAGECONFIG, sssd will depend on the
jansson library.
Fixes the following error:
| checking for JANSSON... no
| checking jansson.h usability... no
| checking jansson.h presence... no
| checking for jansson.h... no
| configure: error:
| You must have the header file jansson.h installed to build sssd
| with secrets and KCM responder. If you want to build sssd without
these
| responders then specify --without-secrets --without-kcm when running
configure.
Signed-off-by: Jonatan Pålsson <jonatan.p@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These files are installed when the ssh or curl PACKAGECONFIGs are enabled.
Fixes the following error:
ERROR: sssd-1.16.4-r0 do_package: QA Issue: sssd: Files/directories were
installed but not shipped in any package:
/lib/systemd/system/sssd-kcm.socket
/lib/systemd/system/sssd-kcm.service
/lib/systemd/system/sssd-ssh.socket
/lib/systemd/system/sssd-ssh.service
Signed-off-by: Jonatan Pålsson <jonatan.p@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
sudo was previously on by default, so add it to the default
PACKAGECONFIG.
The systemd files are only installed when --with-sudo is passed to
configure, so conditionally add them to SYSTEMD_SERVICE.
Signed-off-by: Jonatan Pålsson <jonatan.p@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
autofs was previously on by default, so add it to the default
PACKAGECONFIG.
The systemd files are only installed when --with-autofs is passed to
configure, so conditionally add them to SYSTEMD_SERVICE.
Signed-off-by: Jonatan Pålsson <jonatan.p@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Jonatan Pålsson <jonatan.p@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
sssd will attempt to build against nss if no crypto is selected. If a
bbappend sets PACKAGECONFIG = <list without nss or crypto>, the
appropriate DEPEND is not established.
Fixes the following configure error:
... snip ...
| checking for NSS... configure: error: Package requirements (nss) were not met:
|
| No package 'nss' found
|
| Consider adjusting the PKG_CONFIG_PATH environment variable if you
| installed software in a non-standard prefix.
|
| Alternatively, you may set the environment variables NSS_CFLAGS
| and NSS_LIBS to avoid the need to call pkg-config.
| See the pkg-config man page for more details.
|
| WARNING: exit code 1 from a shell command.
Signed-off-by: Jonatan Pålsson <jonatan.p@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Jonatan Pålsson <jonatan.p@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes the following build error:
.. snip ..
| checking for python2... no
| checking for python3... (cached) python3.8
| configure: error:
| The program python2 was not found in search path.
| Please ensure that it is installed and its directory is included in the search
| path. It is required for building python2 bindings. If you do not want to build
| them please use argument --without-python2-bindings when running configure.
| WARNING: exit code 1 from a shell command.
Signed-off-by: Jonatan Pålsson <jonatan.p@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Fix sssd issue for ldblibdir, systemd, pam etc.
* fix ldblibdir which is not calculated right for cross compile
* create directory /var/log/sssd which is required by sssd daemon
* disable building python2 binding
* fix pam module path
* update systemd configure options and service files
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
distro_features_check has been deprecated in OE.
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add systemd pkgconf via DISTRO_FEATURE
Fix uid/gid of sssd.conf
[v2]
drop non update related changes
also, this includes CVE-2019-3811
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
include a few more RDEPEND packages. remove init script as there really
isn't one yet.
[v2]
Squish build tweeking done in pkg update into this changeset
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
This reverts commit 2488c965d6b1b440734f43326fb33ac642ac7b82.
This corrects an incorrect fix as pointed out by Adrian Bunk.
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Includes:
CVE-2018-10852
see:
https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_3.html
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
update some PACKAGECONFIG changes
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
build fixes too
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
NOTE:meta-security/recipes-security/sssd/sssd_1.13.3.bb: base_contains is deprecated, please use bb.utils.contains instead.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
