diff options
Diffstat (limited to '')
-rw-r--r-- | debian/changelog | 11 | ||||
-rw-r--r-- | debian/libnss-sss.install | 2 | ||||
-rw-r--r-- | debian/libpam-sss.install | 4 | ||||
-rw-r--r-- | debian/patches/series | 1 | ||||
-rw-r--r-- | debian/patches/tests-Drop-extensions-from-openssl-command-if-there-.patch | 45 | ||||
-rwxr-xr-x | debian/rules | 4 | ||||
-rw-r--r-- | debian/tests/sssd-softhism2-certificates-tests.sh | 2 |
7 files changed, 62 insertions, 7 deletions
diff --git a/debian/changelog b/debian/changelog index 785ce0a..581ae88 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,14 @@ +sssd (2.9.4-2) unstable; urgency=medium + + [ Michael Biebl ] + * Install PAM and NSS modules into /usr. (Closes: #1061350) + + [ Timo Aaltonen ] + * tests: Drop -extensions from openssl command if there is no -x509. + Thanks, Sebastian Andrzej Siewior! (Closes: #1061869) + + -- Timo Aaltonen <tjaalton@debian.org> Wed, 10 Apr 2024 15:56:46 +0300 + sssd (2.9.4-1.1~progress7.99u1) graograman-backports; urgency=medium * Uploading to graograman-backports, remaining changes: diff --git a/debian/libnss-sss.install b/debian/libnss-sss.install index 655f705..1f712e1 100644 --- a/debian/libnss-sss.install +++ b/debian/libnss-sss.install @@ -1 +1 @@ -lib/*/libnss_sss.so.2 +usr/lib/*/libnss_sss.so.2 diff --git a/debian/libpam-sss.install b/debian/libpam-sss.install index 907b29c..07ccba3 100644 --- a/debian/libpam-sss.install +++ b/debian/libpam-sss.install @@ -1,4 +1,4 @@ -lib/*/security/pam_sss.so -lib/*/security/pam_sss_gss.so +usr/lib/*/security/pam_sss.so +usr/lib/*/security/pam_sss_gss.so usr/share/man/man8/pam_sss.8* usr/share/man/man8/pam_sss_gss.8* diff --git a/debian/patches/series b/debian/patches/series index cf4c5c2..566ab08 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,3 +1,4 @@ fix-whitespace-test.diff default-to-socket-activated-services.diff fix-shebang-on-sss_analyze.patch +tests-Drop-extensions-from-openssl-command-if-there-.patch diff --git a/debian/patches/tests-Drop-extensions-from-openssl-command-if-there-.patch b/debian/patches/tests-Drop-extensions-from-openssl-command-if-there-.patch new file mode 100644 index 0000000..407c9d5 --- /dev/null +++ b/debian/patches/tests-Drop-extensions-from-openssl-command-if-there-.patch @@ -0,0 +1,45 @@ +From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> +Date: Wed, 24 Jan 2024 23:03:04 +0100 +Subject: [PATCH] tests: Drop -extensions from openssl command if there is no + -x509 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The 'openssl req' ignores the '-extensions' option without '-x509'. +OpenSSL versions prior 3.2 simply ignored it. Starting with version 3.2 +an error is generated: + +| /usr/bin/openssl req -batch -config +| ../../../../../src/tests/test_CA/intermediate_CA/SSSD_test_intermediate_CA.config +| -new -nodes -key +| …/build/../src/tests/test_CA/intermediate_CA/SSSD_test_intermediate_CA_key.pem +-sha256 -extensions v3_ca -out SSSD_test_intermediate_CA_req.pem +| Error adding request extensions from section v3_ca +| 003163BAB27F0000:error:11000079:X509 V3 routines:v2i_AUTHORITY_KEYID:no issuer certificate:../crypto/x509/v3_akid.c:156: +| 003163BAB27F0000:error:11000080:X509 V3 routines:X509V3_EXT_nconf_int:error in extension:../crypto/x509/v3_conf.c:48:section=v3_ca, name=authorityKeyIdentifier, value=keyid:always,issuer:always +| + +Remove the '-extensions' option. + +Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> +--- + src/tests/test_CA/intermediate_CA/Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/tests/test_CA/intermediate_CA/Makefile.am b/src/tests/test_CA/intermediate_CA/Makefile.am +index b439f82cb03e5..50fcddb8d2221 100644 +--- a/src/tests/test_CA/intermediate_CA/Makefile.am ++++ b/src/tests/test_CA/intermediate_CA/Makefile.am +@@ -33,7 +33,7 @@ ca_all: clean SSSD_test_intermediate_CA.pem SSSD_test_intermediate_CA_full_db.pe + ln -s $(builddir)/../$@ + + SSSD_test_intermediate_CA_req.pem: $(openssl_intermediate_ca_key) $(openssl_intermediate_ca_config) SSSD_test_CA.pem +- $(OPENSSL) req -batch -config ${openssl_intermediate_ca_config} -new -nodes -key $< -sha256 -extensions v3_ca -out $@ ++ $(OPENSSL) req -batch -config ${openssl_intermediate_ca_config} -new -nodes -key $< -sha256 -out $@ + + SSSD_test_intermediate_CA.pem: SSSD_test_intermediate_CA_req.pem $(openssl_root_ca_config) $(openssl_root_ca_key) + cd .. && $(OPENSSL) ca -config ${openssl_root_ca_config} -batch -notext -keyfile $(openssl_root_ca_key) -in $(abs_builddir)/$< -days 200 -extensions v3_intermediate_ca -out $(abs_builddir)/$@ +-- +2.43.0 + diff --git a/debian/rules b/debian/rules index d6c2e79..cff6d75 100755 --- a/debian/rules +++ b/debian/rules @@ -31,8 +31,8 @@ override_dh_auto_configure: --datadir=/usr/share/ \ --with-environment-file=/etc/default/sssd \ --with-krb5-plugin-path=/usr/lib/$(DEB_HOST_MULTIARCH)/krb5/plugins/libkrb5 \ - --enable-nsslibdir=/lib/$(DEB_HOST_MULTIARCH) \ - --enable-pammoddir=/lib/$(DEB_HOST_MULTIARCH)/security \ + --enable-nsslibdir=/usr/lib/$(DEB_HOST_MULTIARCH) \ + --enable-pammoddir=/usr/lib/$(DEB_HOST_MULTIARCH)/security \ --enable-systemtap \ --disable-static \ --disable-rpath \ diff --git a/debian/tests/sssd-softhism2-certificates-tests.sh b/debian/tests/sssd-softhism2-certificates-tests.sh index a067674..2c3d167 100644 --- a/debian/tests/sssd-softhism2-certificates-tests.sh +++ b/debian/tests/sssd-softhism2-certificates-tests.sh @@ -222,7 +222,6 @@ openssl req \ -key "$tmpdir/test-intermediate-CA-key.pem" \ -passout "$root_ca_key_pass" \ -sha256 \ - -extensions v3_ca \ -out "$tmpdir/test-intermediate-CA-certificate-request.pem" openssl req -text -noout -in "$tmpdir/test-intermediate-CA-certificate-request.pem" @@ -311,7 +310,6 @@ openssl req \ -key "$tmpdir/test-sub-intermediate-CA-key.pem" \ -passout "$intermediate_ca_key_pass" \ -sha256 \ - -extensions v3_ca \ -out "$tmpdir/test-sub-intermediate-CA-certificate-request.pem" openssl req -text -noout -in "$tmpdir/test-sub-intermediate-CA-certificate-request.pem" |