[Pkg-sssd-devel] sssd: Changes to 'ubuntu-xenial'

Fri Mar 24 13:14:46 UTC 2017

debian/changelog                     |    8 +++++---
 debian/patches/pidfile-creation.diff |   10 ++++++++--
 debian/patches/sanitize_newline.diff |   31 +++++++++++++++++++++++++++++++
 debian/patches/series                |    3 ++-
 4 files changed, 46 insertions(+), 6 deletions(-)

New commits:
commit 539ba0b44e0c327f38ebd206c8c67eda534aab37
Author: Victor Tapia <victor.tapia at canonical.com>
Date:   Fri Mar 24 14:14:33 2017 +0100

    d/p/pidfile-creation.diff fix (LP#1566508); d/p/sanitize_newline.diff: sanitize newline characters (LP#1669712)

diff --git a/debian/changelog b/debian/changelog
index 8f77cdd..ff60a59 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,13 +1,15 @@
-sssd (1.13.4-1ubuntu1.3) xenial; urgency=medium
+sssd (1.13.4-1ubuntu1.4) xenial; urgency=medium
 
   * d/p/pidfile-creation.diff: Delay the pidfile creation until the
     responders are up (LP: #1566508)
+  * d/p/sanitize_newline.diff: Sanitize newline and carriage return
+    characters before LDAP queries. (LP: #1669712)
 
- -- Victor Tapia <victor.tapia at canonical.com>  Tue, 07 Mar 2017 11:20:32 +0100
+ -- Victor Tapia <victor.tapia at canonical.com>  Tue, 24 Mar 2017 11:20:32 +0100
 
 sssd (1.13.4-1ubuntu1.2) xenial; urgency=medium
 
-  * d/p/restart_providers_on_timeshift.diff: Implement watchdog and
+  * d/p/restart_providers_on_timeshift.patch: Implement watchdog and
     use SIGUSR2 after watchdog detects time shift to execute pending
     scheduled tasks that could be stuck (LP: #1641875)
 
diff --git a/debian/patches/pidfile-creation.diff b/debian/patches/pidfile-creation.diff
index 96c9dde..b974758 100644
--- a/debian/patches/pidfile-creation.diff
+++ b/debian/patches/pidfile-creation.diff
@@ -233,10 +233,16 @@ Last-Update: 2017-03-07
  
 --- a/src/sysv/systemd/sssd.service.in
 +++ b/src/sysv/systemd/sssd.service.in
-@@ -6,11 +6,9 @@
+@@ -1,16 +1,13 @@
+ [Unit]
+ Description=System Security Services Daemon
+ # SSSD must be running before we permit user sessions
+-Before=systemd-user-sessions.service nss-user-lookup.target
++Before=systemd-user-sessions.service nss-user-lookup.target autofs.service
+ Wants=nss-user-lookup.target
  
  [Service]
- EnvironmentFile=- at environment_file@
+-EnvironmentFile=- at environment_file@
 -ExecStart=@sbindir@/sssd -D -f
 -# These two should be used with traditional UNIX forking daemons
 -# consult systemd.service(5) for more details
diff --git a/debian/patches/sanitize_newline.diff b/debian/patches/sanitize_newline.diff
new file mode 100644
index 0000000..7119ba7
--- /dev/null
+++ b/debian/patches/sanitize_newline.diff
@@ -0,0 +1,31 @@
+Description: Sanitize newline and return carriage characters
+ Introducing valid usernames with trailing newline or return carriage
+ characters triggers the removal of valid LDB cache entries. This patch
+ sanitizes these characters in order to fix the LDAP query, addressing
+ the issue.
+
+Author: Victor Tapia <victor.tapia at canonical.com>
+Bug: https://pagure.io/SSSD/sssd/issue/3317
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1669712
+Last-Update: 2017-03-10
+
+--- sssd-1.13.4/src/util/util.c	2016-04-13 16:48:41.000000000 +0200
++++ sssd/src/util/util.c	2017-03-10 13:16:23.605399778 +0100
+@@ -586,6 +589,16 @@
+             output[j++] = '5';
+             output[j++] = 'c';
+             break;
++        case '\r':
++            output[j++] = '\\';
++            output[j++] = '0';
++            output[j++] = 'd';
++            break;
++        case '\n':
++            output[j++] = '\\';
++            output[j++] = '0';
++            output[j++] = 'a';
++            break;
+         default:
+             output[j++] = input[i];
+         }
+
diff --git a/debian/patches/series b/debian/patches/series
index 7b17a56..f1345c6 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,4 +1,5 @@
 ipa-terminate-if-view-name-fails.diff
 gpo-add-unity-to-ad-gpo-map-interactive.diff
-restart_providers_on_timeshift.diff
+restart_providers_on_timeshift.patch
 pidfile-creation.diff
+sanitize_newline.diff

