<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-security.git/recipes-security/sssd, branch hardknott</title>
<subtitle>Mirror of git.yoctoproject.org/meta-security.git</subtitle>
<id>https://git.enea.com/cgit/linux/meta-security.git/atom?h=hardknott</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-security.git/atom?h=hardknott'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/'/>
<updated>2021-12-03T22:15:13+00:00</updated>
<entry>
<title>sssd: re-package to fix QA issues</title>
<updated>2021-12-03T22:15:13+00:00</updated>
<author>
<name>Jeremy A. Puhlman</name>
<email>jpuhlman@mvista.com</email>
</author>
<published>2021-11-16T18:28:29+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=c40e1e84da9624b9096a463dbed3b301c01c268e'/>
<id>urn:sha1:c40e1e84da9624b9096a463dbed3b301c01c268e</id>
<content type='text'>
It packages all file in ${libdir} to package sssd, including the .so
symlink files. Then it causes QA issues:

| ERROR: QA Issue: sssd rdepends on dbus-dev [dev-deps]
| ERROR: QA Issue: sssd rdepends on ding-libs-dev [dev-deps]

So re-package sssd then the .so symlink files and .pc files are packaged
to sssd-dev which should be.

File ${libdir}/libsss_sudo.so is not a symlink file but packaged to
sssd-dev too. Then causes another QA issue:

| ERROR: sssd-2.5.2-r0 do_package_qa: QA Issue:
    -dev package sssd-dev contains non-symlink .so '/usr/lib/libsss_sudo.so' [dev-elf]

So create a new sub-package libsss-sudo to package file libsss_sudo.so
and make sssd rdepends on it.

JP: Updated for version differences.

Signed-off-by: Kai Kang &lt;kai.kang@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
(cherry picked from commit e81c15f851ca5396c78c8737967ee38db0ebe0cd)
Signed-off-by: Jeremy A. Puhlman &lt;jpuhlman@mvista.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>sssd: fix CVE-2021-3621</title>
<updated>2021-09-10T14:23:59+00:00</updated>
<author>
<name>Kai Kang</name>
<email>kai.kang@windriver.com</email>
</author>
<published>2021-09-10T08:36:46+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=16c68aae0fdfc20c7ce5cf4da0a9fff8bdd75769'/>
<id>urn:sha1:16c68aae0fdfc20c7ce5cf4da0a9fff8bdd75769</id>
<content type='text'>
Backport patch to fix CVE-2021-3621.

CVE: CVE-2021-3621

Signed-off-by: Kai Kang &lt;kai.kang@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>sssd: update to latest ltm 1.16.5</title>
<updated>2020-10-10T23:21:48+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2020-10-08T14:05:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=c0e801f1e08e43eaf44a52eb2364293ad3229ad0'/>
<id>urn:sha1:c0e801f1e08e43eaf44a52eb2364293ad3229ad0</id>
<content type='text'>
fix musl support

Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>nss: update patch to fix do_patch error</title>
<updated>2020-09-12T15:55:28+00:00</updated>
<author>
<name>Qi.Chen@windriver.com</name>
<email>Qi.Chen@windriver.com</email>
</author>
<published>2020-09-08T08:20:22+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=4599a3c6d324abf57245facbb58c658ab6d48768'/>
<id>urn:sha1:4599a3c6d324abf57245facbb58c658ab6d48768</id>
<content type='text'>
Currently sssd's do_patch task fails. Update the patch to fix this problem.

Signed-off-by: Chen Qi &lt;Qi.Chen@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>sssd: Avoid nss function conflicts with glibc nss.h</title>
<updated>2020-09-05T18:01:47+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2020-08-29T21:02:36+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=ad55fbb67c2ab99e18661945409b67dd197cc674'/>
<id>urn:sha1:ad55fbb67c2ab99e18661945409b67dd197cc674</id>
<content type='text'>
glibc 2.32 will define these varibles [1] which results in conflicts
with these static function names, backport a fix from upstream

[1] https://sourceware.org/git/?p=glibc.git;a=commit;h=499a92df8b9fc64a054cf3b7f728f8967fc1da7d

Signed-off-by: Hongxu Jia &lt;hongxu.jia@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>sssd: Make manpages buildable</title>
<updated>2020-08-29T14:25:35+00:00</updated>
<author>
<name>Jonatan Pålsson</name>
<email>jonatan.p@gmail.com</email>
</author>
<published>2020-08-25T12:01:18+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=5efa53b2b2bab6f2d8589624c1700d1e66f29683'/>
<id>urn:sha1:5efa53b2b2bab6f2d8589624c1700d1e66f29683</id>
<content type='text'>
Some XML related fixes are needed to make the sssd manpages buildable

Signed-off-by: Jonatan Pålsson &lt;jonatan.p@gmail.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>sssd: disable build secrets</title>
<updated>2020-06-23T15:00:52+00:00</updated>
<author>
<name>Kai Kang</name>
<email>kai.kang@windriver.com</email>
</author>
<published>2020-06-17T03:41:00+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=7831969f8caa399d88d49833800fafe7324b8a59'/>
<id>urn:sha1:7831969f8caa399d88d49833800fafe7324b8a59</id>
<content type='text'>
It requires http_parser.h to build secrets:

| configure: error:
| You must have the header file http_parser.h installed to build sssd
| with secrets responder. If you want to build sssd without secret responder
| then specify --without-secrets when running configure.

The header file is from package http-parser[1] rather than apache2. But
there is no recipe http-parser in openembedded. So disable build secrets
for sssd and remove related systemd service and socket files.

Reference:
1. https://github.com/nodejs/http-parser

Signed-off-by: Kai Kang &lt;kai.kang@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>sssd: Add infopipe PACKAGECONFIG</title>
<updated>2020-03-27T23:53:25+00:00</updated>
<author>
<name>Jonatan Pålsson</name>
<email>jonatan.p@gmail.com</email>
</author>
<published>2020-03-25T11:43:19+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=47de50efdbd9b86951d90a7ac290aff385e37cad'/>
<id>urn:sha1:47de50efdbd9b86951d90a7ac290aff385e37cad</id>
<content type='text'>
infopipe was previously on by default, so add it to the default
PACKAGECONFIG.

The systemd files are only installed when --with-infopipe is passed to
configure, so conditionally add them to SYSTEMD_SERVICE.

Signed-off-by: Jonatan Pålsson &lt;jonatan.p@gmail.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>sssd: Add missing DEPENDS on jansson</title>
<updated>2020-03-27T23:53:25+00:00</updated>
<author>
<name>Jonatan Pålsson</name>
<email>jonatan.p@gmail.com</email>
</author>
<published>2020-03-25T11:43:18+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=e54b07c3d4be6d3475920f0edf80e4bcf1093ad3'/>
<id>urn:sha1:e54b07c3d4be6d3475920f0edf80e4bcf1093ad3</id>
<content type='text'>
When building with the curl PACKAGECONFIG, sssd will depend on the
jansson library.

Fixes the following error:
    | checking for JANSSON... no
    | checking jansson.h usability... no
    | checking jansson.h presence... no
    | checking for jansson.h... no
    | configure: error:
    | You must have the header file jansson.h installed to build sssd
    | with secrets and KCM responder. If you want to build sssd without
    these
    | responders then specify --without-secrets --without-kcm when running
    configure.

Signed-off-by: Jonatan Pålsson &lt;jonatan.p@gmail.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>sssd: Add missing files to SYSTEMD_SERVICE</title>
<updated>2020-03-27T23:53:25+00:00</updated>
<author>
<name>Jonatan Pålsson</name>
<email>jonatan.p@gmail.com</email>
</author>
<published>2020-03-25T11:43:17+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=cf423c05bf9c76568e6a908e0782d43ef8a108e0'/>
<id>urn:sha1:cf423c05bf9c76568e6a908e0782d43ef8a108e0</id>
<content type='text'>
These files are installed when the ssh or curl PACKAGECONFIGs are enabled.

Fixes the following error:

    ERROR: sssd-1.16.4-r0 do_package: QA Issue: sssd: Files/directories were
      installed but not shipped in any package:
        /lib/systemd/system/sssd-kcm.socket
        /lib/systemd/system/sssd-kcm.service
        /lib/systemd/system/sssd-ssh.socket
        /lib/systemd/system/sssd-ssh.service

Signed-off-by: Jonatan Pålsson &lt;jonatan.p@gmail.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
</feed>
