Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/sys-auth/sssd/files
diff options
context:
space:
mode:
authorMikle Kolyada <zlogene@gentoo.org>2020-10-10 14:41:13 +0300
committerMikle Kolyada <zlogene@gentoo.org>2020-10-10 14:41:13 +0300
commit193c6fc3382f200c33f4ab840768c6578b4e94b3 (patch)
tree22ecc3094a297fdab8e53ab5e79052829a28e743 /sys-auth/sssd/files
parentsys-auth/sssd: Stabilize 2.2.0-r1 x86, #699864 (diff)
downloadgentoo-193c6fc3382f200c33f4ab840768c6578b4e94b3.tar.gz
gentoo-193c6fc3382f200c33f4ab840768c6578b4e94b3.tar.bz2
gentoo-193c6fc3382f200c33f4ab840768c6578b4e94b3.zip
sys-auth/sssd: Drop old (Security cleanup)
Package-Manager: Portage-3.0.4, Repoman-3.0.1 Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
Diffstat (limited to 'sys-auth/sssd/files')
-rw-r--r--sys-auth/sssd/files/sssd-curl-macros.patch34
-rw-r--r--sys-auth/sssd/files/sssd-fix-CVE-2019-3811.patch96
2 files changed, 0 insertions, 130 deletions
diff --git a/sys-auth/sssd/files/sssd-curl-macros.patch b/sys-auth/sssd/files/sssd-curl-macros.patch
deleted file mode 100644
index 91e71e837875..000000000000
--- a/sys-auth/sssd/files/sssd-curl-macros.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From d3cdf9cbfbace4874c6e5c96f1e5ef5b342c813e Mon Sep 17 00:00:00 2001
-From: Mikle Kolyada <zlogene@gentoo.org>
-Date: Sun, 16 Dec 2018 20:42:39 +0300
-Subject: [PATCH] tev_curl.c: remove case duplication
-
-CURLE_SSL_CACERT and CURLE_PEER_FAILED_VERIFICATION macros are provided
-by net-misc/curl-7.62.0 and older
----
- tev_curl.c | 3 ---
- 1 file changed, 3 deletions(-)
-
-diff --git a/tev_curl.c b/tev_curl.c
-index 6a7a580..ce6fdba 100644
---- a/src/util/tev_curl.c
-+++ b/src/util/tev_curl.c
-@@ -97,7 +97,6 @@ static errno_t curl_code2errno(CURLcode crv)
- return ETIMEDOUT;
- case CURLE_SSL_ISSUER_ERROR:
- case CURLE_SSL_CACERT_BADFILE:
-- case CURLE_SSL_CACERT:
- case CURLE_SSL_CERTPROBLEM:
- return ERR_INVALID_CERT;
-
-@@ -110,8 +109,6 @@ static errno_t curl_code2errno(CURLcode crv)
- case CURLE_SSL_ENGINE_NOTFOUND:
- case CURLE_SSL_CONNECT_ERROR:
- return ERR_SSL_FAILURE;
-- case CURLE_PEER_FAILED_VERIFICATION:
-- return ERR_UNABLE_TO_VERIFY_PEER;
- case CURLE_COULDNT_RESOLVE_HOST:
- return ERR_UNABLE_TO_RESOLVE_HOST;
- default:
---
-2.19.2 \ No newline at end of file
diff --git a/sys-auth/sssd/files/sssd-fix-CVE-2019-3811.patch b/sys-auth/sssd/files/sssd-fix-CVE-2019-3811.patch
deleted file mode 100644
index 87db45fd24bb..000000000000
--- a/sys-auth/sssd/files/sssd-fix-CVE-2019-3811.patch
+++ /dev/null
@@ -1,96 +0,0 @@
-From 28792523a01a7d21bcc8931794164f253e691a68 Mon Sep 17 00:00:00 2001
-From: Tomas Halman <thalman@redhat.com>
-Date: Mon, 3 Dec 2018 14:11:31 +0100
-Subject: [PATCH] nss: sssd returns '/' for emtpy home directories
-
-For empty home directory in passwd file sssd returns "/". Sssd
-should respect system behaviour and return the same as nsswitch
-"files" module - return empty string.
-
-Resolves:
-https://pagure.io/SSSD/sssd/issue/3901
-
-Reviewed-by: Simo Sorce <simo@redhat.com>
-Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
-(cherry picked from commit 90f32399b4100ce39cf665649fde82d215e5eb49)
----
- src/confdb/confdb.c | 9 +++++++++
- src/man/include/ad_modified_defaults.xml | 19 +++++++++++++++++++
- src/responder/nss/nss_protocol_pwent.c | 2 +-
- src/tests/intg/test_files_provider.py | 2 +-
- 4 files changed, 30 insertions(+), 2 deletions(-)
-
-diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
-index a3eb9c66d9..17bb4f8274 100644
---- a/src/confdb/confdb.c
-+++ b/src/confdb/confdb.c
-@@ -1301,6 +1301,15 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
- ret = ENOMEM;
- goto done;
- }
-+ } else {
-+ if (strcasecmp(domain->provider, "ad") == 0) {
-+ /* ad provider default */
-+ domain->fallback_homedir = talloc_strdup(domain, "/home/%d/%u");
-+ if (!domain->fallback_homedir) {
-+ ret = ENOMEM;
-+ goto done;
-+ }
-+ }
- }
-
- tmp = ldb_msg_find_attr_as_string(res->msgs[0],
-diff --git a/src/man/include/ad_modified_defaults.xml b/src/man/include/ad_modified_defaults.xml
-index 818a2bf787..425b7e8ee0 100644
---- a/src/man/include/ad_modified_defaults.xml
-+++ b/src/man/include/ad_modified_defaults.xml
-@@ -76,4 +76,23 @@
- </listitem>
- </itemizedlist>
- </refsect2>
-+ <refsect2 id='nss_modifications'>
-+ <title>NSS configuration</title>
-+ <itemizedlist>
-+ <listitem>
-+ <para>
-+ fallback_homedir = /home/%d/%u
-+ </para>
-+ <para>
-+ The AD provider automatically sets
-+ "fallback_homedir = /home/%d/%u" to provide personal
-+ home directories for users without the homeDirectory
-+ attribute. If your AD Domain is properly
-+ populated with Posix attributes, and you want to avoid
-+ this fallback behavior, you can explicitly
-+ set "fallback_homedir = %o".
-+ </para>
-+ </listitem>
-+ </itemizedlist>
-+ </refsect2>
- </refsect1>
-diff --git a/src/responder/nss/nss_protocol_pwent.c b/src/responder/nss/nss_protocol_pwent.c
-index af9e74fc86..86fa4ec465 100644
---- a/src/responder/nss/nss_protocol_pwent.c
-+++ b/src/responder/nss/nss_protocol_pwent.c
-@@ -118,7 +118,7 @@ nss_get_homedir(TALLOC_CTX *mem_ctx,
-
- homedir = nss_get_homedir_override(mem_ctx, msg, nss_ctx, domain, &hd_ctx);
- if (homedir == NULL) {
-- return "/";
-+ return "";
- }
-
- return homedir;
-diff --git a/src/tests/intg/test_files_provider.py b/src/tests/intg/test_files_provider.py
-index ead1cc4c34..4761f1bd15 100644
---- a/src/tests/intg/test_files_provider.py
-+++ b/src/tests/intg/test_files_provider.py
-@@ -678,7 +678,7 @@ def test_user_no_dir(setup_pw_with_canary, files_domain_only):
- Test that resolving a user without a homedir defined works and returns
- a fallback value
- """
-- check_user(incomplete_user_setup(setup_pw_with_canary, 'dir', '/'))
-+ check_user(incomplete_user_setup(setup_pw_with_canary, 'dir', ''))
-
-
- def test_user_no_gecos(setup_pw_with_canary, files_domain_only):