websms/freeipa
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
freeipa/debian/patches/Make-name-of-nobody-group-configurable-and-use-nogro.patch
Timo Aaltonen 7a3070709b Import Debian changes 4.12.4-1 
freeipa (4.12.4-1) unstable; urgency=medium
.
  * New upstream release.
    - CVE-2024-11029 (Closes: #1093383)
    - CVE-2025-4404 (Closes: #1108050)
  * control: Demote libnss-myhostname to Suggests. (ref. #1006829)
  * patches: Fix samba lock directory location. (Closes: #1012593)
  * patches: Map nobody group to nogroup on Debian. (Closes: #1012592)
.
freeipa (4.12.2-3) unstable; urgency=medium
.
  * control: Add libnss-myhostname to client depends. (Closes: #1006829)
  * control: Add python3-ifaddr to ipalib depends. (Closes: #1089716)
  * control: Add python3-sphinx to build-depends. (Closes: #1003179,
    #1044642, #1049799)
.
freeipa (4.12.2-2) unstable; urgency=medium
.
  * control: Migrate to bind9-dnsutils. (Closes: #1094939)
.
freeipa (4.12.2-1) unstable; urgency=medium
.
  * New upstream release.
    - CVE-2024-2698 (Closes: #1077682)
    - CVE-2024-3183 (Closes: #1077683)
  * control: Drop conflicts on systemd-timesyncd as upstream recognizes
    it now. (Closes: #1072168)
  * use-raw-strings.diff: Dropped, upstream.
  * rules: Fix installing bash-completions. (Closes: #1089329)
  * control: Drop python3-nose from build-depends, unused. (Closes:
    #1018359)
.
freeipa (4.11.1-2.1) unstable; urgency=medium
.
  * Non-maintainer upload.
  * Replace systemd Build-Depends with systemd-dev for systemd.pc.
    (Closes: #1060469)
.
freeipa (4.11.1-2) unstable; urgency=medium
.
  * use-raw-strings.diff: Import patch from upstream to fix noise when
    installing. (LP: #2060298)
  * map-ssh-service.diff: Map sshd service to use ssh.service. (LP:
    #2061055)
.
freeipa (4.11.1-1) unstable; urgency=medium
.
  * New upstream release.
  * control: Add sssd-passkey to freeipa-client Recommends.
  * control.server: Drop python3-paste from python3-ipatests depends,
    obsolete.
  * control, rules: Replace hardcoded librpm9 depends. (Closes:
    #1067570)
.
freeipa (4.10.2-2) unstable; urgency=medium
.
  [ Timo Aaltonen ]
  * control: Bump certmonger dependency.
.
  [ Helmut Grohne ]
  * Fix FTBFS when systemd.pc changes systemdsystemunitdir. (Closes:
    #1052641)
.
freeipa (4.10.2-1) unstable; urgency=medium
.
  * New upstream release.
  * control: Bump sssd, bind9 depends.
  * source: Update extend-diff-ignore.
  * copyright, source: Fix some lintian issues/overrides.
  * server-trust-ad: Add a lintian override for the samba plugin rpath.
  * source: Add a lintian override for client-only build; empty-debian-
    tests-control.
.
freeipa (4.9.11-1) unstable; urgency=medium
.
  * New upstream release. (Closes: #1029070)
  * control: Add systemd-timesyncd to freeipa-client Conflicts. (Closes:
    #1008195)
  * patches: Drop upstreamed patches.
  * source: Extend diff-ignore.
  * server.install: Updated.
.
freeipa (4.9.8-1) unstable; urgency=medium
.
  * New upstream release.
  * patches: Drop upstreamed patch.
  * server.install: Updated.
  * Build only the client in order to be able to backport to bullseye.
    (Closes: #996946)
  * control: Depend on librpm9 instead of librpm8.
  * tests: Disabled for a client-only build.
.
freeipa (4.9.7-3) unstable; urgency=medium
.
  * tests: Set KRB5_TRACE to use stderr.
  * patches: Fix apache group properly.
  * client: Move .tmpfile -> .tmpfiles.
  * control: Bump debhelper to 13, gain dh_installtmpfiles being run.
  * control, rules: Add --without-ipa-join-xml and drop libxmlrpc from depends.
  * server.postinst: Drop creating old ccaches for mod_auth_gssapi, obsolete.
  * server.postinst: Drop old upgrade rules.
  * patches: Fix named keytab name.
.
freeipa (4.9.7-2) unstable; urgency=medium
.
  * lintian: Drop override on python-script-but-no-python-dep, which doesn't
    exist anymore.
  * rules: Add fortify flag to CFLAGS, as CPPFLAGS isn't used by the project.
  * ci: Drop allowed failure for blhc, it passes now.
  * control: Build-depend on libcurl4-openssl-dev.
  * fix-paths.diff: Fix some paths in ipaplatform/base.
  * fix-apache-group.diff: Fix apache group name in ipa.conf tmpfile.
  * control: Depend on gpg instead of gnupg.
  * control: Drop libwbclient-sssd from freeipa-client-samba Depends.
  * patches: Import a patch to fix ipa cert-find. (Closes: #997952)
.
freeipa (4.9.7-1) unstable; urgency=medium
.
  * New upstream release.
  * control: Drop obsolete depends on python3-nss.
  * pkcs11-openssl-for-bind.diff,
    migrate-to-gpg.diff,
    use-bind9.16.diff,
    fix-chrony-service-name.diff:
    - Dropped, upstream.
  * watch: Fixed to find upstream rc's.
  * source: Update extend-diff-ignore.
  * control: Add libcurl-dev, libjansson-dev and libpwquality-dev to
    build-depends.
  * install: Added new files.
  * rules: Drop ipasphinx files for now.
  * control: Drop dependency on custodia, not needed.
  * control: Bump 389-ds-base depends.
  * control: Drop python3-coverage depends, it's not used.
  * control: Bump dogtag depends.
2025-08-12 22:28:57 +02:00

61 lines
2.2 KiB
Diff
Raw Blame History

From 8a9c5629214cd71e88a5ac9c1b639faad9fc4ec1 Mon Sep 17 00:00:00 2001
From: Frederik Himpe <frederik@frehi.be>
Date: Tue, 25 Feb 2025 13:49:23 +0100
Subject: [PATCH] Make name of nobody group configurable and use nogroup on
Debian
Fixes: https://pagure.io/freeipa/issue/9753
Signed-off-by: Frederik Himpe <frederik@frehi.be>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
---
ipaplatform/base/constants.py | 1 +
ipaplatform/debian/constants.py | 1 +
ipaserver/install/adtrustinstance.py | 6 ++++--
3 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/ipaplatform/base/constants.py b/ipaplatform/base/constants.py
index f1ef7efff..4c8038a84 100644
--- a/ipaplatform/base/constants.py
+++ b/ipaplatform/base/constants.py
@@ -124,6 +124,7 @@ class BaseConstantsNamespace:
NAMED_OPTIONS_VAR = "OPTIONS"
NAMED_OPENSSL_ENGINE = None
NAMED_ZONE_COMMENT = ""
+ NOBODY_GROUP = Group("nobody")
PKI_USER = User("pkiuser")
PKI_GROUP = Group("pkiuser")
# ntpd init variable used for daemon options
diff --git a/ipaplatform/debian/constants.py b/ipaplatform/debian/constants.py
index 7216694ad..f8ee8cf9f 100644
--- a/ipaplatform/debian/constants.py
+++ b/ipaplatform/debian/constants.py
@@ -29,5 +29,6 @@ class DebianConstantsNamespace(BaseConstantsNamespace):
ODS_USER = User("opendnssec")
ODS_GROUP = Group("opendnssec")
SECURE_NFS_VAR = "NEED_GSSD"
+ NOBODY_GROUP = Group("nogroup")
constants = DebianConstantsNamespace()
diff --git a/ipaserver/install/adtrustinstance.py b/ipaserver/install/adtrustinstance.py
index fd5a5a282..df2586ef1 100644
--- a/ipaserver/install/adtrustinstance.py
+++ b/ipaserver/install/adtrustinstance.py
@@ -123,9 +123,11 @@ def make_netbios_name(s):
def map_Guests_to_nobody():
env = {'LC_ALL': 'C'}
args = [paths.NET, '-s', '/dev/null', 'groupmap', 'add',
- 'sid=S-1-5-32-546', 'unixgroup=nobody', 'type=builtin']
+ 'sid=S-1-5-32-546',
+ 'unixgroup="' + constants.NOBODY_GROUP + '"', 'type=builtin']
- logger.debug("Map BUILTIN\\Guests to a group 'nobody'")
+ logger.debug("Map BUILTIN\\Guests to a group '%s'",
+ constants.NOBODY_GROUP)
ipautil.run(args, env=env, raiseonerr=False, capture_error=True)
--
2.48.1
Reference in New Issue View Git Blame Copy Permalink