From 0398701bed6c094b9edab816b77d47f4cebe25ec Mon Sep 17 00:00:00 2001
From: Peridot Bot <rockyautomation@rockylinux.org>
Date: Fri, 2 Aug 2024 15:44:42 +0000
Subject: [PATCH] import sssd-2.10.0%7ebeta2-2.el10
---
...logrotate-to-work-with-non-root-grou.patch | 68 ++++++
...ever-try-to-upgrade-timestamps-cache.patch | 207 ++++++++++++++++++
...-remove-index-on-dataExpireTimestamp.patch | 146 ++++++++++++
...e-sssd-polkit-rules-into-sssd-common.patch | 70 ++++++
SPECS/sssd.spec | 15 +-
5 files changed, 503 insertions(+), 3 deletions(-)
create mode 100644 SOURCES/0001-BUILD-configure-logrotate-to-work-with-non-root-grou.patch
create mode 100644 SOURCES/0002-TS_CACHE-never-try-to-upgrade-timestamps-cache.patch
create mode 100644 SOURCES/0003-SYSDB-remove-index-on-dataExpireTimestamp.patch
create mode 100644 SOURCES/0004-SPEC-merge-sssd-polkit-rules-into-sssd-common.patch
diff --git a/SOURCES/0001-BUILD-configure-logrotate-to-work-with-non-root-grou.patch b/SOURCES/0001-BUILD-configure-logrotate-to-work-with-non-root-grou.patch
new file mode 100644
index 0000000..a401bc9
--- /dev/null
+++ b/SOURCES/0001-BUILD-configure-logrotate-to-work-with-non-root-grou.patch
@@ -0,0 +1,68 @@
+From e4ae4d6129e85fe99bbb82438ed90352400ecdf3 Mon Sep 17 00:00:00 2001
+From: Alexey Tikhonov <atikhono@redhat.com>
+Date: Fri, 26 Jul 2024 15:55:01 +0200
+Subject: [PATCH] BUILD: configure logrotate to work with non-root-group
+ writable folder
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Otherwise logrotate complains:
+```
+error: skipping "/var/log/sssd/sssd_kcm.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
+```
+
+See https://bugzilla.redhat.com/show_bug.cgi?id=2299733 for details
+
+Reviewed-by: Jakub Vávra <jvavra@redhat.com>
+Reviewed-by: Justin Stephenson <jstephen@redhat.com>
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+---
+ Makefile.am | 1 +
+ configure.ac | 1 +
+ src/examples/{logrotate => logrotate.in} | 1 +
+ 3 files changed, 3 insertions(+)
+ rename src/examples/{logrotate => logrotate.in} (90%)
+
+diff --git a/Makefile.am b/Makefile.am
+index f4cadee6f..82e0c5882 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -5706,6 +5706,7 @@ endif
+ rm -f $(builddir)/src/sysv/systemd/sssd-kcm.socket
+ rm -f $(builddir)/src/sysv/systemd/sssd-kcm.service
+ rm -f $(builddir)/src/tools/wrappers/sss_debuglevel
++ rm -Rf $(builddir)/src/examples
+ rm -Rf $(builddir)/contrib
+
+ CLEANFILES += *.X */*.X */*/*.X
+diff --git a/configure.ac b/configure.ac
+index 105d77a4d..380c16ba8 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -563,6 +563,7 @@ AC_DEFINE_UNQUOTED([ABS_SRC_DIR], ["$my_srcdir"], [Absolute path to the source d
+ AC_CONFIG_FILES([Makefile contrib/sssd.spec src/examples/rwtab src/doxy.config
+ contrib/sssd-pcsc.rules contrib/90-sssd-token-access.rules
+ contrib/sssd-tmpfiles.conf
++ src/examples/logrotate
+ src/sysv/sssd src/sysv/gentoo/sssd src/sysv/gentoo/sssd-kcm
+ po/Makefile.in src/man/Makefile src/tests/cwrap/Makefile
+ src/tests/intg/Makefile src/tests/test_CA/Makefile
+diff --git a/src/examples/logrotate b/src/examples/logrotate.in
+similarity index 90%
+rename from src/examples/logrotate
+rename to src/examples/logrotate.in
+index 6e769451c..0421946a2 100644
+--- a/src/examples/logrotate
++++ b/src/examples/logrotate.in
+@@ -6,6 +6,7 @@
+ rotate 2
+ compress
+ delaycompress
++ su @SSSD_USER@ @SSSD_USER@
+ postrotate
+ /bin/kill -HUP `cat /var/run/sssd.pid 2>/dev/null` 2> /dev/null || true
+ /bin/pkill -HUP sssd_kcm 2> /dev/null || true
+--
+2.45.2
+
diff --git a/SOURCES/0002-TS_CACHE-never-try-to-upgrade-timestamps-cache.patch b/SOURCES/0002-TS_CACHE-never-try-to-upgrade-timestamps-cache.patch
new file mode 100644
index 0000000..6910e76
--- /dev/null
+++ b/SOURCES/0002-TS_CACHE-never-try-to-upgrade-timestamps-cache.patch
@@ -0,0 +1,207 @@
+From fc2a26c306e51b66680aef85aa0d2c41d8049a7f Mon Sep 17 00:00:00 2001
+From: Alexey Tikhonov <atikhono@redhat.com>
+Date: Tue, 16 Jul 2024 13:08:02 +0200
+Subject: [PATCH 2/3] TS_CACHE: never try to upgrade timestamps cache
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+It's easier and more consistent to recreate it instead.
+
+This is a natural extension of 3b67fc6488ac10ca13561d9032f59951f82203e6
+
+Reviewed-by: Alejandro López <allopez@redhat.com>
+Reviewed-by: Sumit Bose <sbose@redhat.com>
+Reviewed-by: Tomáš Halman <thalman@redhat.com>
+---
+ src/db/sysdb_init.c | 103 +----------------------------------------
+ src/db/sysdb_upgrade.c | 45 ------------------
+ 2 files changed, 1 insertion(+), 147 deletions(-)
+
+diff --git a/src/db/sysdb_init.c b/src/db/sysdb_init.c
+index 85db5f9e1..ecf16fd11 100644
+--- a/src/db/sysdb_init.c
++++ b/src/db/sysdb_init.c
+@@ -348,57 +348,6 @@ static errno_t sysdb_cache_create_empty(struct ldb_context *ldb,
+ return EOK;
+ }
+
+-static errno_t sysdb_ts_cache_upgrade(TALLOC_CTX *mem_ctx,
+- struct sysdb_ctx *sysdb,
+- struct ldb_context *ldb,
+- struct sss_domain_info *domain,
+- const char *cur_version,
+- const char **_new_version)
+-{
+- errno_t ret;
+- TALLOC_CTX *tmp_ctx;
+- const char *version;
+- struct ldb_context *save_ldb;
+-
+- tmp_ctx = talloc_new(NULL);
+- if (tmp_ctx == NULL) {
+- return ENOMEM;
+- }
+-
+- /* The upgrade process depends on having ldb around, yet the upgrade
+- * function shouldn't set the ldb pointer, only the connect function
+- * should after it's successful. To avoid hard refactoring, save the
+- * ldb pointer here and restore in the 'done' handler
+- */
+- save_ldb = sysdb->ldb;
+- sysdb->ldb = ldb;
+-
+- version = talloc_strdup(tmp_ctx, cur_version);
+- if (version == NULL) {
+- ret = ENOMEM;
+- goto done;
+- }
+-
+- DEBUG(SSSDBG_CONF_SETTINGS,
+- "Upgrading timstamp cache of DB [%s] from version: %s\n",
+- domain->name, version);
+-
+- if (strcmp(version, SYSDB_TS_VERSION_0_1) == 0) {
+- ret = sysdb_ts_upgrade_01(sysdb, &version);
+- if (ret != EOK) {
+- goto done;
+- }
+- }
+-
+- ret = EOK;
+-
+-done:
+- sysdb->ldb = save_ldb;
+- *_new_version = version;
+- talloc_free(tmp_ctx);
+- return ret;
+-}
+-
+ static errno_t sysdb_domain_cache_upgrade(TALLOC_CTX *mem_ctx,
+ struct sysdb_ctx *sysdb,
+ struct sysdb_dom_upgrade_ctx *upgrade_ctx,
+@@ -856,56 +805,6 @@ static int sysdb_timestamp_cache_connect(struct sysdb_ctx *sysdb,
+ }
+
+ ret = sysdb_ts_cache_connect(tmp_ctx, sysdb, domain, &ldb, &version);
+- switch (ret) {
+- case ERR_SYSDB_VERSION_TOO_OLD:
+- if (upgrade_ctx == NULL) {
+- DEBUG(SSSDBG_FATAL_FAILURE,
+- "DB version too old [%s], expected [%s] for domain %s!\n",
+- version, SYSDB_VERSION, domain->name);
+- break;
+- }
+-
+- ret = sysdb_ts_cache_upgrade(tmp_ctx, sysdb, ldb, domain, version,
+- &version);
+- if (ret != EOK) {
+- DEBUG(SSSDBG_MINOR_FAILURE,
+- "Could not upgrade the timestamp ldb file (%d) (%s)\n",
+- ret, sss_strerror(ret));
+- break;
+- }
+-
+- /* The version should now match SYSDB_VERSION.
+- * If not, it means we didn't match any of the
+- * known older versions. The DB might be
+- * corrupt or generated by a newer version of
+- * SSSD.
+- */
+- ret = sysdb_version_check(SYSDB_TS_VERSION, version);
+- if (ret == EOK) {
+- /* The cache has been upgraded.
+- * We need to reopen the LDB to ensure that
+- * any changes made above take effect.
+- */
+- ret = sysdb_ldb_reconnect(tmp_ctx,
+- sysdb->ldb_ts_file,
+- LDB_FLG_NOSYNC,
+- &ldb);
+- if (ret != EOK) {
+- DEBUG(SSSDBG_MINOR_FAILURE,
+- "Could not reopen the timestamp ldb file (%d) (%s)\n",
+- ret, sss_strerror(ret));
+- }
+- }
+- break;
+- case ERR_SYSDB_VERSION_TOO_NEW:
+- DEBUG(SSSDBG_MINOR_FAILURE,
+- "DB version too new [%s], expected [%s] for domain %s!\n",
+- version, SYSDB_TS_VERSION, domain->name);
+- break;
+- default:
+- break;
+- }
+-
+ if (ret != EOK) {
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "The timestamps cache could not be opened. "
+@@ -925,7 +824,7 @@ static int sysdb_timestamp_cache_connect(struct sysdb_ctx *sysdb,
+ ret = sysdb_ts_cache_connect(tmp_ctx, sysdb, domain, &ldb, &version);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_MINOR_FAILURE,
+- "Could not delete the timestamp ldb file (%d) (%s)\n",
++ "sysdb_ts_cache_connect() failed after cache deletion [%d]: %s\n",
+ ret, sss_strerror(ret));
+ }
+ }
+diff --git a/src/db/sysdb_upgrade.c b/src/db/sysdb_upgrade.c
+index 8fb17c6bb..05142d972 100644
+--- a/src/db/sysdb_upgrade.c
++++ b/src/db/sysdb_upgrade.c
+@@ -2820,51 +2820,6 @@ done:
+ return ret;
+ }
+
+-int sysdb_ts_upgrade_01(struct sysdb_ctx *sysdb, const char **ver)
+-{
+- struct upgrade_ctx *ctx;
+- errno_t ret;
+- struct ldb_message *msg = NULL;
+-
+- ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_TS_VERSION_0_2, &ctx);
+- if (ret) {
+- return ret;
+- }
+-
+- /* Remove @IDXONE from index */
+- talloc_free(msg);
+- msg = ldb_msg_new(ctx);
+- if (msg == NULL) {
+- ret = ENOMEM;
+- goto done;
+- }
+-
+- msg->dn = ldb_dn_new(msg, sysdb->ldb, "@INDEXLIST");
+- if (msg->dn == NULL) {
+- ret = ENOMEM;
+- goto done;
+- }
+-
+- ret = ldb_msg_add_empty(msg, "@IDXONE", LDB_FLAG_MOD_DELETE, NULL);
+- if (ret != LDB_SUCCESS) {
+- ret = ENOMEM;
+- goto done;
+- }
+-
+- ret = ldb_modify(sysdb->ldb, msg);
+- if (ret != LDB_SUCCESS) {
+- ret = sysdb_error_to_errno(ret);
+- goto done;
+- }
+-
+- /* conversion done, update version number */
+- ret = update_version(ctx);
+-
+-done:
+- ret = finish_upgrade(ret, &ctx, ver);
+- return ret;
+-}
+-
+ /*
+ * Example template for future upgrades.
+ * Copy and change version numbers as appropriate.
+--
+2.45.2
+
diff --git a/SOURCES/0003-SYSDB-remove-index-on-dataExpireTimestamp.patch b/SOURCES/0003-SYSDB-remove-index-on-dataExpireTimestamp.patch
new file mode 100644
index 0000000..2cd2730
--- /dev/null
+++ b/SOURCES/0003-SYSDB-remove-index-on-dataExpireTimestamp.patch
@@ -0,0 +1,146 @@
+From f0d45464cee1d2a6a2719dbffe5bbf6189d0554a Mon Sep 17 00:00:00 2001
+From: Alexey Tikhonov <atikhono@redhat.com>
+Date: Fri, 21 Jun 2024 19:09:29 +0200
+Subject: [PATCH 3/3] SYSDB: remove index on `dataExpireTimestamp`
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This index was only used in cleanup tasks that don't run often.
+On the other hand, this index is huge and degrades performance of libldb
+in general.
+
+Reviewed-by: Alejandro López <allopez@redhat.com>
+Reviewed-by: Sumit Bose <sbose@redhat.com>
+Reviewed-by: Tomáš Halman <thalman@redhat.com>
+---
+ src/db/sysdb_init.c | 8 ++++++++
+ src/db/sysdb_private.h | 9 +++++----
+ src/db/sysdb_upgrade.c | 27 +++++++++++++++++++++++++++
+ 3 files changed, 40 insertions(+), 4 deletions(-)
+
+diff --git a/src/db/sysdb_init.c b/src/db/sysdb_init.c
+index ecf16fd11..507a97f63 100644
+--- a/src/db/sysdb_init.c
++++ b/src/db/sysdb_init.c
+@@ -531,6 +531,13 @@ static errno_t sysdb_domain_cache_upgrade(TALLOC_CTX *mem_ctx,
+ }
+ }
+
++ if (strcmp(version, SYSDB_VERSION_0_24) == 0) {
++ ret = sysdb_upgrade_24(sysdb, &version);
++ if (ret != EOK) {
++ goto done;
++ }
++ }
++
+ ret = EOK;
+ done:
+ sysdb->ldb = save_ldb;
+@@ -737,6 +744,7 @@ static int sysdb_domain_cache_connect(struct sysdb_ctx *sysdb,
+ ret = sysdb_domain_cache_upgrade(tmp_ctx, sysdb, upgrade_ctx,
+ ldb, domain, version, &version);
+ if (ret != EOK) {
++ DEBUG(SSSDBG_TRACE_FUNC, "sysdb_domain_cache_upgrade() failed\n");
+ goto done;
+ }
+
+diff --git a/src/db/sysdb_private.h b/src/db/sysdb_private.h
+index 2d7d6f62d..32d3f1c7e 100644
+--- a/src/db/sysdb_private.h
++++ b/src/db/sysdb_private.h
+@@ -23,6 +23,7 @@
+ #ifndef __INT_SYS_DB_H__
+ #define __INT_SYS_DB_H__
+
++#define SYSDB_VERSION_0_25 "0.25"
+ #define SYSDB_VERSION_0_24 "0.24"
+ #define SYSDB_VERSION_0_23 "0.23"
+ #define SYSDB_VERSION_0_22 "0.22"
+@@ -48,7 +49,7 @@
+ #define SYSDB_VERSION_0_2 "0.2"
+ #define SYSDB_VERSION_0_1 "0.1"
+
+-#define SYSDB_VERSION SYSDB_VERSION_0_24
++#define SYSDB_VERSION SYSDB_VERSION_0_25
+
+ #define SYSDB_BASE_LDIF \
+ "dn: @ATTRIBUTES\n" \
+@@ -73,7 +74,6 @@
+ "@IDXATTR: uidNumber\n" \
+ "@IDXATTR: gidNumber\n" \
+ "@IDXATTR: lastUpdate\n" \
+- "@IDXATTR: dataExpireTimestamp\n" \
+ "@IDXATTR: originalDN\n" \
+ "@IDXATTR: nameAlias\n" \
+ "@IDXATTR: servicePort\n" \
+@@ -106,10 +106,11 @@
+ "\n"
+
+ /* The timestamp cache has its own versioning */
++#define SYSDB_TS_VERSION_0_3 "0.3"
+ #define SYSDB_TS_VERSION_0_2 "0.2"
+ #define SYSDB_TS_VERSION_0_1 "0.1"
+
+-#define SYSDB_TS_VERSION SYSDB_TS_VERSION_0_2
++#define SYSDB_TS_VERSION SYSDB_TS_VERSION_0_3
+
+ #define SYSDB_TS_BASE_LDIF \
+ "dn: @ATTRIBUTES\n" \
+@@ -117,7 +118,6 @@
+ "\n" \
+ "dn: @INDEXLIST\n" \
+ "@IDXATTR: lastUpdate\n" \
+- "@IDXATTR: dataExpireTimestamp\n" \
+ "\n" \
+ "dn: cn=sysdb\n" \
+ "cn: sysdb\n" \
+@@ -196,6 +196,7 @@ int sysdb_upgrade_20(struct sysdb_ctx *sysdb, const char **ver);
+ int sysdb_upgrade_21(struct sysdb_ctx *sysdb, const char **ver);
+ int sysdb_upgrade_22(struct sysdb_ctx *sysdb, const char **ver);
+ int sysdb_upgrade_23(struct sysdb_ctx *sysdb, const char **ver);
++int sysdb_upgrade_24(struct sysdb_ctx *sysdb, const char **ver);
+
+ int sysdb_ts_upgrade_01(struct sysdb_ctx *sysdb, const char **ver);
+
+diff --git a/src/db/sysdb_upgrade.c b/src/db/sysdb_upgrade.c
+index 05142d972..c0c8e13ee 100644
+--- a/src/db/sysdb_upgrade.c
++++ b/src/db/sysdb_upgrade.c
+@@ -2820,6 +2820,33 @@ done:
+ return ret;
+ }
+
++int sysdb_upgrade_24(struct sysdb_ctx *sysdb, const char **ver)
++{
++ struct upgrade_ctx *ctx;
++ errno_t ret;
++
++ ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_25, &ctx);
++ if (ret) {
++ return ret;
++ }
++
++ ret = sysdb_ldb_mod_index(sysdb, SYSDB_IDX_DELETE, sysdb->ldb, "dataExpireTimestamp");
++ if (ret == ENOENT) { /*nothing to delete */
++ ret = EOK;
++ }
++ if (ret != EOK) {
++ DEBUG(SSSDBG_TRACE_FUNC, "sysdb_ldb_mod_index() failed [%d]: %s\n",
++ ret, sss_strerror(ret));
++ goto done;
++ }
++
++ ret = update_version(ctx);
++
++done:
++ ret = finish_upgrade(ret, &ctx, ver);
++ return ret;
++}
++
+ /*
+ * Example template for future upgrades.
+ * Copy and change version numbers as appropriate.
+--
+2.45.2
+
diff --git a/SOURCES/0004-SPEC-merge-sssd-polkit-rules-into-sssd-common.patch b/SOURCES/0004-SPEC-merge-sssd-polkit-rules-into-sssd-common.patch
new file mode 100644
index 0000000..c17c30b
--- /dev/null
+++ b/SOURCES/0004-SPEC-merge-sssd-polkit-rules-into-sssd-common.patch
@@ -0,0 +1,70 @@
+From a7d0bbeb5a8a41e80fec91d7d38b5dcb35eebe8f Mon Sep 17 00:00:00 2001
+From: Alexey Tikhonov <atikhono@redhat.com>
+Date: Tue, 23 Jul 2024 18:07:09 +0200
+Subject: [PATCH] SPEC: merge 'sssd-polkit-rules' into 'sssd-common'
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+'p11_child' runs under non-privileged user and thus requires
+polkit-rules by default.
+
+Reviewed-by: Scott Poore <spoore@redhat.com>
+Reviewed-by: Sumit Bose <sbose@redhat.com>
+Reviewed-by: Tomáš Halman <thalman@redhat.com>
+---
+ contrib/sssd.spec.in | 20 ++++----------------
+ 1 file changed, 4 insertions(+), 16 deletions(-)
+
+diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
+index c65be0d27..4edabce56 100644
+--- a/contrib/sssd.spec.in
++++ b/contrib/sssd.spec.in
+@@ -210,6 +210,9 @@ License: GPL-3.0-or-later
+ Obsoletes: libsss_simpleifp < 2.9.0
+ Obsoletes: libsss_simpleifp-debuginfo < 2.9.0
+ %endif
++%if %{use_sssd_user}
++Obsoletes: sssd-polkit-rules < 2.10.0
++%endif
+ # Requires
+ # due to ABI changes in 1.1.30/1.2.0
+ Requires: libldb >= %{ldb_version}
+@@ -470,19 +473,6 @@ Requires: sssd-common = %{version}-%{release}
+ Provides the D-Bus responder of the SSSD, called the InfoPipe, that allows
+ the information from the SSSD to be transmitted over the system bus.
+
+-%if %{use_sssd_user}
+-%package polkit-rules
+-Summary: Rules for polkit integration for SSSD
+-Group: Applications/System
+-License: GPL-3.0-or-later
+-Requires: polkit >= 0.106
+-Requires: sssd-common = %{version}-%{release}
+-
+-%description polkit-rules
+-Provides rules for polkit integration with SSSD. This is required
+-for smartcard support.
+-%endif
+-
+ %if 0%{?rhel} == 9
+ %package -n libsss_simpleifp
+ Summary: The SSSD D-Bus responder helper library
+@@ -885,13 +875,11 @@ install -D -p -m 0644 %{SOURCE1} %{buildroot}%{_sysusersdir}/sssd.conf
+ %if %{use_sysusers}
+ %{_sysusersdir}/sssd.conf
+ %endif
+-
+-
+ %if %{use_sssd_user}
+-%files polkit-rules
+ %{_datadir}/polkit-1/rules.d/*
+ %endif
+
++
+ %files ldap -f sssd_ldap.lang
+ %license COPYING
+ %{_libdir}/%{name}/libsss_ldap.so
+--
+2.45.2
+
diff --git a/SPECS/sssd.spec b/SPECS/sssd.spec
index c76dace..307d179 100644
--- a/SPECS/sssd.spec
+++ b/SPECS/sssd.spec
@@ -61,7 +61,7 @@
Name: sssd
Version: 2.10.0~beta2
# Using '.el10' directly is a work around RHEL-38900
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: System Security Services Daemon
License: GPL-3.0-or-later
URL: https://github.com/SSSD/sssd/
@@ -69,6 +69,10 @@ Source0: https://github.com/SSSD/sssd/releases/download/2.10.0-beta2/sssd-2.10.0
Source1: sssd.sysusers
### Patches ###
+Patch0001: 0001-BUILD-configure-logrotate-to-work-with-non-root-grou.patch
+Patch0002: 0002-TS_CACHE-never-try-to-upgrade-timestamps-cache.patch
+Patch0003: 0003-SYSDB-remove-index-on-dataExpireTimestamp.patch
+Patch0004: 0004-SPEC-merge-sssd-polkit-rules-into-sssd-common.patch
### Dependencies ###
@@ -1135,11 +1139,16 @@ fi
%systemd_postun_with_restart sssd.service
%changelog
-* Wed Jun 26 2024 Alexey Tikhonov <atikhono@redhat.com> - 2.10.0~beta1-2
+* Fri Aug 2 2024 Alexey Tikhonov <atikhono@redhat.com> - 2.10.0~beta2-2
+- Resolves: RHEL-51891 - [RHEL-10]logrotate.service fails to start because /var/log/sssd has insecure permission
+- Resolves: RHEL-52400 - SYSDB: remove index on dataExpireTimestamp [rhel-10]
+- Resolves: RHEL-50243 - Please install sssd-polkit-rules by default
+
+* Wed Jun 26 2024 Alexey Tikhonov <atikhono@redhat.com> - 2.10.0~beta2-1
- Resolves: RHEL-40253 - Rebase SSSD for RHEL 10-beta
- Resolves: RHEL-43259 - sudo does not work any more with krb ticket
-* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 2.10.0~beta1-2.el10
+* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 2.10.0~beta1-2
- Bump release for June 2024 mass rebuild
* Thu Jun 6 2024 Alexey Tikhonov <atikhono@redhat.com> - 2.10.0~beta1-1
--
GitLab