Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package sssd for openSUSE:Factory checked in at 2022-12-24 14:50:50 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/sssd (Old) and /work/SRC/openSUSE:Factory/.sssd.new.1563 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "sssd" Sat Dec 24 14:50:50 2022 rev:124 rq:1044142 version:2.8.2 Changes: -------- --- /work/SRC/openSUSE:Factory/sssd/sssd.changes 2022-12-12 17:37:20.960468718 +0100 +++ /work/SRC/openSUSE:Factory/.sssd.new.1563/sssd.changes 2022-12-24 14:50:52.463135486 +0100 @@ -1,0 +2,7 @@ +Wed Dec 21 19:29:45 UTC 2022 - Jan Engelhardt <jengelh@inai.de> + +- Take systemd units off the restart list that have + RefuseManualStart=yes [boo#1206592] +- Add symvers.patch [boo#1206592] + +------------------------------------------------------------------- New: ---- symvers.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sssd.spec ++++++ --- /var/tmp/diff_new_pack.KTkWkQ/_old 2022-12-24 14:50:54.551147670 +0100 +++ /var/tmp/diff_new_pack.KTkWkQ/_new 2022-12-24 14:50:54.555147693 +0100 @@ -20,7 +20,7 @@ Version: 2.8.2 Release: 0 Summary: System Security Services Daemon -License: GPL-3.0-or-later and LGPL-3.0-or-later +License: GPL-3.0-or-later AND LGPL-3.0-or-later Group: System/Daemons URL: https://github.com/SSSD/sssd #Git-Clone: https://github.com/SSSD/sssd @@ -31,6 +31,7 @@ Patch1: krb-noversion.diff Patch2: harden_sssd-ifp.service.patch Patch3: harden_sssd-kcm.service.patch +Patch4: symvers.patch BuildRequires: autoconf >= 2.59 BuildRequires: automake BuildRequires: bind-utils @@ -40,6 +41,7 @@ BuildRequires: docbook-xsl-stylesheets BuildRequires: krb5-devel >= 1.12 BuildRequires: libcmocka-devel +BuildRequires: libsubid-devel BuildRequires: libtool BuildRequires: libunistring-devel BuildRequires: libxml2-tools @@ -66,6 +68,7 @@ BuildRequires: pkgconfig(libnl-3.0) >= 3.0 BuildRequires: pkgconfig(libnl-route-3.0) >= 3.0 BuildRequires: pkgconfig(libpcre2-8) +BuildRequires: pkgconfig(libsemanage) BuildRequires: pkgconfig(libsystemd) BuildRequires: pkgconfig(ndr_krb5pac) BuildRequires: pkgconfig(ndr_nbt) @@ -77,11 +80,9 @@ BuildRequires: pkgconfig(tdb) >= 1.1.3 BuildRequires: pkgconfig(tevent) BuildRequires: pkgconfig(uuid) -BuildRequires: pkgconfig(libsemanage) -BuildRequires: libsubid-devel %{?systemd_ordering} Requires: sssd-ldap = %version-%release -Requires(postun): pam-config +Requires(postun):pam-config Provides: libsss_sudo = %version-%release Provides: sssd-client = %version-%release Obsoletes: libsss_sudo < %version-%release @@ -103,7 +104,7 @@ %define cifs_idmap_name cifs-idmap-plugin %define cifs_idmap_priority 10 Requires(post): update-alternatives -Requires(postun): update-alternatives +Requires(postun):update-alternatives %description Provides a set of daemons to manage access to remote directories and @@ -199,7 +200,7 @@ %package tools Summary: Commandline tools for sssd -License: GPL-3.0-or-later and LGPL-3.0-or-later +License: GPL-3.0-or-later AND LGPL-3.0-or-later Group: System/Management Requires: python3-sssd-config = %version Requires: sssd = %version @@ -356,7 +357,7 @@ %package -n python3-sssd-config Summary: Python API for configuring sssd -License: GPL-3.0-or-later and LGPL-3.0-or-later +License: GPL-3.0-or-later AND LGPL-3.0-or-later Group: Development/Libraries/Python Requires: python3 @@ -426,20 +427,19 @@ %make_build check || : %pre -%global services sssd.service sssd-autofs.service sssd-autofs.socket sssd-nss.service sssd-nss.socket sssd-pac.service sssd-pac.socket sssd-pam-priv.socket sssd-pam.service sssd-pam.socket sssd-ssh.service sssd-ssh.socket sssd-sudo.service sssd-sudo.socket -%service_add_pre %services +%service_add_pre sssd.service %post /sbin/ldconfig # migrate config variable krb5_kdcip to krb5_server (bnc#851048) /bin/sed -i -e 's,^krb5_kdcip =,krb5_server =,g' %_sysconfdir/sssd/sssd.conf -%service_add_post %services +%service_add_post sssd.service # install SSSD cifs-idmap plugin as an alternative update-alternatives --install %cifs_idmap_plugin %cifs_idmap_name %cifs_idmap_lib %cifs_idmap_priority %preun -%service_del_preun %services +%service_del_preun sssd.service %postun /sbin/ldconfig @@ -447,7 +447,7 @@ "%_sbindir/pam-config" -d --sss || : fi # del_postun includes a try-restart -%service_del_postun %services +%service_del_postun sssd.service if [ ! -f "%cifs_idmap_lib" ]; then update-alternatives --remove %cifs_idmap_name %cifs_idmap_lib ++++++ symvers.patch ++++++ From: Jan Engelhardt <jengelh@inai.de> Date: 2022-12-22 00:09:20.375896408 +0100 References: https://bugzilla.suse.com/show_bug.cgi?id=1206592 The theory for this sssd crash is that during rpm upgrading it, sssd-2.8.2 gets installed, %post runs to restart it, but oh no, sssd-ldap-2.7.4 is still in the system. sssd_be(-2.8.2) then falls over its feet when it loads 2.7.4 .so files. Addin symvers like below should prevent this and pin the modules to another: sssd_be's attempt to dlopen libsss_ldap.so(-2.7.4) will fail because libsss_ldap.so(-2.7.4) cannot find a libsss_util.so(-2.7.4), since the system only has libsss_util.so(-2.8.2) at this point. --- Makefile.am | 47 ++++++++++++++++++++++++++++++++--------------- 1 file changed, 32 insertions(+), 15 deletions(-) Index: sssd-2.8.2/Makefile.am =================================================================== --- sssd-2.8.2.orig/Makefile.am +++ sssd-2.8.2/Makefile.am @@ -941,7 +941,11 @@ libsss_debug_la_SOURCES = \ libsss_debug_la_LIBADD = \ $(SYSLOG_LIBS) libsss_debug_la_LDFLAGS = \ - -avoid-version + -avoid-version ${symv} +EXTRA_libsss_debug_la_DEPENDENCIES = x.sym +symv = -Wl,--version-script=${builddir}/x.sym +x.sym: ${top_builddir}/config.status + echo "V_${PACKAGE_VERSION} { global: *; };" >$@ pkglib_LTLIBRARIES += libsss_child.la libsss_child_la_SOURCES = src/util/child_common.c @@ -951,7 +955,8 @@ libsss_child_la_LIBADD = \ $(DHASH_LIBS) \ libsss_debug.la \ $(NULL) -libsss_child_la_LDFLAGS = -avoid-version +libsss_child_la_LDFLAGS = -avoid-version ${symv} +EXTRA_libsss_child_la_DEPENDENCIES = x.sym pkglib_LTLIBRARIES += libsss_crypt.la @@ -990,7 +995,8 @@ libsss_crypt_la_LIBADD = \ libsss_debug.la \ $(NULL) libsss_crypt_la_LDFLAGS = \ - -avoid-version + -avoid-version ${symv} +EXTRA_libsss_crypt_la_DEPENDENCIES = x.sym pkglib_LTLIBRARIES += libsss_cert.la @@ -1015,8 +1021,9 @@ libsss_cert_la_LIBADD = \ libsss_debug.la \ $(NULL) libsss_cert_la_LDFLAGS = \ - -avoid-version \ + -avoid-version ${symv} \ $(NULL) +EXTRA_libsss_cert_la_DEPENDENCIES = x.sym generate-sbus-code: $(builddir)/sbus_generate.sh $(abs_srcdir) @@ -1117,8 +1124,9 @@ libsss_sbus_la_CFLAGS = \ $(DBUS_CFLAGS) \ $(NULL) libsss_sbus_la_LDFLAGS = \ - -avoid-version \ + -avoid-version ${symv} \ $(NULL) +EXTRA_libsss_sbus_la_DEPENDENCIES = x.sym pkglib_LTLIBRARIES += libsss_sbus_sync.la libsss_sbus_sync_la_SOURCES = \ @@ -1153,8 +1161,9 @@ libsss_sbus_sync_la_CFLAGS = \ $(UNICODE_LIBS) \ $(NULL) libsss_sbus_sync_la_LDFLAGS = \ - -avoid-version \ + -avoid-version ${symv} \ $(NULL) +EXTRA_libsss_sbus_sync_la_DEPENDENCIES = x.sym pkglib_LTLIBRARIES += libsss_iface.la libsss_iface_la_SOURCES = \ @@ -1183,8 +1192,9 @@ libsss_iface_la_CFLAGS = \ $(DBUS_CFLAGS) \ $(NULL) libsss_iface_la_LDFLAGS = \ - -avoid-version \ + -avoid-version ${symv} \ $(NULL) +EXTRA_libsss_iface_la_DEPENDENCIES = x.sym pkglib_LTLIBRARIES += libsss_iface_sync.la libsss_iface_sync_la_SOURCES = \ @@ -1211,8 +1221,9 @@ libsss_iface_sync_la_CFLAGS = \ $(DBUS_CFLAGS) \ $(NULL) libsss_iface_sync_la_LDFLAGS = \ - -avoid-version \ + -avoid-version ${symv} \ $(NULL) +EXTRA_libsss_iface_sync_la_DEPENDENCIES = x.sym pkglib_LTLIBRARIES += libsss_util.la libsss_util_la_SOURCES = \ @@ -1303,7 +1314,8 @@ endif if BUILD_SYSTEMTAP libsss_util_la_LIBADD += stap_generated_probes.lo endif -libsss_util_la_LDFLAGS = -avoid-version +libsss_util_la_LDFLAGS = -avoid-version ${symv} +EXTRA_libsss_util_la_DEPENDENCIES = x.sym pkglib_LTLIBRARIES += libsss_semanage.la libsss_semanage_la_CFLAGS = \ @@ -1322,7 +1334,8 @@ libsss_semanage_la_LIBADD += $(SEMANAGE_ endif libsss_semanage_la_LDFLAGS = \ - -avoid-version + -avoid-version ${symv} +EXTRA_libsss_semanage_la_DEPENDENCIES = x.sym SSSD_INTERNAL_LTLIBS = \ libsss_util.la \ @@ -1338,7 +1351,7 @@ lib_LTLIBRARIES = libipa_hbac.la \ $(NULL) pkgconfig_DATA += src/lib/ipa_hbac/ipa_hbac.pc -libipa_hbac_la_DEPENDENCIES = src/lib/ipa_hbac/ipa_hbac.exports +EXTRA_libipa_hbac_la_DEPENDENCIES = src/lib/ipa_hbac/ipa_hbac.exports libipa_hbac_la_SOURCES = \ src/lib/ipa_hbac/hbac_evaluator.c \ src/util/sss_utf8.c @@ -1664,8 +1677,9 @@ libifp_iface_la_CFLAGS = \ $(DBUS_CFLAGS) \ $(NULL) libifp_iface_la_LDFLAGS = \ - -avoid-version \ + -avoid-version ${symv} \ $(NULL) +EXTRA_libifp_iface_la_DEPENDENCIES = x.sym pkglib_LTLIBRARIES += libifp_iface_sync.la libifp_iface_sync_la_SOURCES = \ @@ -1690,8 +1704,9 @@ libifp_iface_sync_la_CFLAGS = \ $(DBUS_CFLAGS) \ $(NULL) libifp_iface_sync_la_LDFLAGS = \ - -avoid-version \ + -avoid-version ${symv} \ $(NULL) +EXTRA_libifp_iface_sync_la_DEPENDENCIES = x.sym sssd_ifp_SOURCES = \ src/responder/ifp/ifpsrv.c \ @@ -4196,8 +4211,9 @@ libsss_ldap_common_la_LIBADD = \ $(SSSD_INTERNAL_LTLIBS) \ $(NULL) libsss_ldap_common_la_LDFLAGS = \ - -avoid-version \ + -avoid-version ${symv} \ $(NULL) +EXTRA_libsss_ldap_common_la_DEPENDENCIES = x.sym if BUILD_SYSTEMTAP libsss_ldap_common_la_LIBADD += stap_generated_probes.lo endif @@ -4254,7 +4270,8 @@ libsss_krb5_common_la_LIBADD = \ $(SSSD_INTERNAL_LTLIBS) \ $(NULL) libsss_krb5_common_la_LDFLAGS = \ - -avoid-version + -avoid-version ${symv} +EXTRA_libsss_krb5_common_la_DEPENDENCIES = x.sym libsss_ldap_la_SOURCES = \ src/providers/ldap/ldap_init.c \