From c13be84ef8ca6624ac72a0051633510438b470c9 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Sun, 7 Oct 2012 22:21:46 +0200
Subject: [PATCH] New upstream release 1.8.5

---
 .gitignore                                    |   1 +
 0001-Assorted-SSH-fixes.patch                 | 246 ------------------
 ...MP-instead-of-HTML_FOOTER_DESCRIPTIO.patch |  75 ------
 sources                                       |   2 +-
 sssd.spec                                     |  10 +-
 5 files changed, 7 insertions(+), 327 deletions(-)
 delete mode 100644 0001-Assorted-SSH-fixes.patch
 delete mode 100644 0002-Use-HTML_TIMESTAMP-instead-of-HTML_FOOTER_DESCRIPTIO.patch

diff --git a/.gitignore b/.gitignore
index 987a25d..a5a5c1b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -29,3 +29,4 @@ sssd-1.2.91.tar.gz
 /sssd-1.8.2.tar.gz
 /sssd-1.8.3.tar.gz
 /sssd-1.8.4.tar.gz
+/sssd-1.8.5.tar.gz
diff --git a/0001-Assorted-SSH-fixes.patch b/0001-Assorted-SSH-fixes.patch
deleted file mode 100644
index c2d6ab7..0000000
--- a/0001-Assorted-SSH-fixes.patch
+++ /dev/null
@@ -1,246 +0,0 @@
-From cb79e6cad17849be94dff05309a5ca0b9ea62613 Mon Sep 17 00:00:00 2001
-From: Jan Cholasta <jcholast@redhat.com>
-Date: Wed, 30 May 2012 09:40:13 -0400
-Subject: [PATCH 1/2] Assorted SSH fixes
-
-SSH: Update sss_ssh_knownhostsproxy manual page
-
-Don't use GlobalKnownHostsFile2 in ssh_config, as it has been deprecated in
-OpenSSH 5.9.
-
-SSH: Supress error message output in sss_ssh_knownhostsproxy
-
-SSH: Don't abort connection in sss_ssh_knownhostsproxy when DNS records are missing
-
-https://fedorahosted.org/sssd/ticket/1356
----
- src/man/sss_ssh_knownhostsproxy.1.xml        |    2 +-
- src/sss_client/ssh/sss_ssh_client.c          |    8 +--
- src/sss_client/ssh/sss_ssh_knownhostsproxy.c |   94 ++++++++++++++------------
- 3 files changed, 55 insertions(+), 49 deletions(-)
-
-diff --git a/src/man/sss_ssh_knownhostsproxy.1.xml b/src/man/sss_ssh_knownhostsproxy.1.xml
-index 241e8a7ffbef102f367ba108b2f5fe3e6e68103c..5767e8426da34fb0124c927162aae6448ed8f89e 100644
---- a/src/man/sss_ssh_knownhostsproxy.1.xml
-+++ b/src/man/sss_ssh_knownhostsproxy.1.xml
-@@ -53,7 +53,7 @@
-             <manvolnum>1</manvolnum></citerefentry> configuration:
- <programlisting>
- ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h
--GlobalKnownHostsFile2 /var/lib/sss/pubconf/known_hosts
-+GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts
- </programlisting>
-         </para>
-         <para>
-diff --git a/src/sss_client/ssh/sss_ssh_client.c b/src/sss_client/ssh/sss_ssh_client.c
-index 8520cd1b1704f1387a105a854ea72a9fcd2c85fc..645f2928985637f26213ab7a0d48a626b088ad58 100644
---- a/src/sss_client/ssh/sss_ssh_client.c
-+++ b/src/sss_client/ssh/sss_ssh_client.c
-@@ -146,14 +146,14 @@ sss_ssh_get_ent(TALLOC_CTX *mem_ctx,
-     rd.len = req_len;
- 
-     req_ret = sss_ssh_make_request(command, &rd, &rep, &rep_len, &req_errno);
--    if (req_ret != SSS_STATUS_SUCCESS) {
--        ret = EFAULT;
--        goto done;
--    }
-     if (req_errno != EOK) {
-         ret = req_errno;
-         goto done;
-     }
-+    if (req_ret != SSS_STATUS_SUCCESS) {
-+        ret = EFAULT;
-+        goto done;
-+    }
- 
-     /* parse reply */
-     c = 0;
-diff --git a/src/sss_client/ssh/sss_ssh_knownhostsproxy.c b/src/sss_client/ssh/sss_ssh_knownhostsproxy.c
-index 6424d7b7c3c17375ad4ac8dc6ec2276786bf0560..cac8eb7ef47eb70591dfb274a01cfbb392eee8aa 100644
---- a/src/sss_client/ssh/sss_ssh_knownhostsproxy.c
-+++ b/src/sss_client/ssh/sss_ssh_knownhostsproxy.c
-@@ -73,7 +73,6 @@ connect_socket(int family, struct sockaddr *addr, size_t addr_len)
-         ret = errno;
-         DEBUG(SSSDBG_OP_FAILURE, ("socket() failed (%d): %s\n",
-                 ret, strerror(ret)));
--        ERROR("Failed to open a socket\n");
-         goto done;
-     }
- 
-@@ -83,7 +82,6 @@ connect_socket(int family, struct sockaddr *addr, size_t addr_len)
-         ret = errno;
-         DEBUG(SSSDBG_OP_FAILURE, ("connect() failed (%d): %s\n",
-                 ret, strerror(ret)));
--        ERROR("Failed to connect to the server\n");
-         goto done;
-     }
- 
-@@ -176,7 +174,6 @@ connect_proxy_command(char **args)
-     ret = errno;
-     DEBUG(SSSDBG_OP_FAILURE, ("execv() failed (%d): %s\n",
-             ret, strerror(ret)));
--    ERROR("Failed to execute proxy command\n");
- 
-     return ret;
- }
-@@ -185,7 +182,7 @@ int main(int argc, const char **argv)
- {
-     TALLOC_CTX *mem_ctx = NULL;
-     int pc_debug = SSSDBG_DEFAULT;
--    const char *pc_port = "22";
-+    int pc_port = 22;
-     const char *pc_domain = NULL;
-     const char *pc_host = NULL;
-     const char **pc_args = NULL;
-@@ -193,17 +190,18 @@ int main(int argc, const char **argv)
-         POPT_AUTOHELP
-         { "debug", '\0', POPT_ARG_INT | POPT_ARGFLAG_DOC_HIDDEN, &pc_debug, 0,
-           _("The debug level to run with"), NULL },
--        { "port", 'p', POPT_ARG_STRING, &pc_port, 0,
-+        { "port", 'p', POPT_ARG_INT, &pc_port, 0,
-           _("The port to use to connect to the host"), NULL },
-         { "domain", 'd', POPT_ARG_STRING, &pc_domain, 0,
-           _("The SSSD domain to use"), NULL },
-         POPT_TABLEEND
-     };
-     poptContext pc = NULL;
-+    char strport[6];
-     struct addrinfo ai_hint;
-     struct addrinfo *ai = NULL;
-     char canonhost[NI_MAXHOST];
--    const char *host;
-+    const char *host = NULL;
-     struct sss_ssh_ent *ent;
-     int ret;
- 
-@@ -213,14 +211,13 @@ int main(int argc, const char **argv)
-     if (ret != EOK) {
-         DEBUG(SSSDBG_CRIT_FAILURE,
-               ("set_locale() failed (%d): %s\n", ret, strerror(ret)));
--        ERROR("Error setting the locale\n");
-         ret = EXIT_FAILURE;
-         goto fini;
-     }
- 
-     mem_ctx = talloc_new(NULL);
-     if (!mem_ctx) {
--        ERROR("Not enough memory\n");
-+        DEBUG(SSSDBG_CRIT_FAILURE, ("Not enough memory\n"));
-         ret = EXIT_FAILURE;
-         goto fini;
-     }
-@@ -237,6 +234,10 @@ int main(int argc, const char **argv)
-         BAD_POPT_PARAMS(pc, poptStrerror(ret), ret, fini);
-     }
- 
-+    if (pc_port < 1 || pc_port > 65535) {
-+        BAD_POPT_PARAMS(pc, _("Invalid port\n"), ret, fini);
-+    }
-+
-     pc_host = poptGetArg(pc);
-     if (pc_host == NULL) {
-         BAD_POPT_PARAMS(pc, _("Host not specified\n"), ret, fini);
-@@ -249,59 +250,64 @@ int main(int argc, const char **argv)
-                 ret, fini);
-     }
- 
--    /* get IP addresses of the host */
-+    /* canonicalize hostname */
-+    snprintf(strport, 6, "%d", pc_port);
-+
-     memset(&ai_hint, 0, sizeof(struct addrinfo));
-     ai_hint.ai_family = AF_UNSPEC;
-     ai_hint.ai_socktype = SOCK_STREAM;
-     ai_hint.ai_protocol = IPPROTO_TCP;
--    ai_hint.ai_flags = AI_ADDRCONFIG | AI_NUMERICSERV;
-+    ai_hint.ai_flags = AI_ADDRCONFIG | AI_NUMERICHOST | AI_NUMERICSERV;
- 
--    ret = getaddrinfo(pc_host, pc_port, &ai_hint, &ai);
-+    ret = getaddrinfo(pc_host, strport, &ai_hint, &ai);
-     if (ret) {
--        DEBUG(SSSDBG_CRIT_FAILURE,
--              ("getaddrinfo() failed (%d): %s\n", ret, gai_strerror(ret)));
--        ERROR("Host name cannot be resolved\n");
--        ret = EXIT_FAILURE;
--        goto fini;
--    }
-+        ai_hint.ai_flags = AI_ADDRCONFIG | AI_CANONNAME | AI_NUMERICSERV;
- 
--    /* canonicalize hostname */
--    ret = getnameinfo(ai[0].ai_addr, ai[0].ai_addrlen,
--                      canonhost, NI_MAXHOST, NULL, 0, NI_NAMEREQD);
--    if (ret) {
--        DEBUG(SSSDBG_CRIT_FAILURE,
--              ("getaddrinfo() failed (%d): %s\n", ret, gai_strerror(ret)));
--        ERROR("Reverse lookup failed\n");
--        ret = EXIT_FAILURE;
--        goto fini;
--    }
--
--    /* append domain to hostname if domain is specified */
--    if (pc_domain) {
--        host = talloc_asprintf(mem_ctx, "%s@%s", canonhost, pc_domain);
--        if (!host) {
--            ERROR("Not enough memory\n");
--            ret = EXIT_FAILURE;
--            goto fini;
-+        ret = getaddrinfo(pc_host, strport, &ai_hint, &ai);
-+        if (ret) {
-+            DEBUG(SSSDBG_OP_FAILURE,
-+                  ("getaddrinfo() failed (%d): %s\n", ret, gai_strerror(ret)));
-+        } else {
-+            host = ai[0].ai_canonname;
-         }
-     } else {
--        host = canonhost;
-+        ret = getnameinfo(ai[0].ai_addr, ai[0].ai_addrlen,
-+                          canonhost, NI_MAXHOST, NULL, 0, NI_NAMEREQD);
-+        if (ret) {
-+            DEBUG(SSSDBG_OP_FAILURE,
-+                  ("getnameinfo() failed (%d): %s\n", ret, gai_strerror(ret)));
-+        } else {
-+            host = canonhost;
-+        }
-     }
- 
--    /* look up public keys */
--    ret = sss_ssh_get_ent(mem_ctx, SSS_SSH_GET_HOST_PUBKEYS,
--                          host, pc_host, &ent);
--    if (ret != EOK) {
--        DEBUG(SSSDBG_CRIT_FAILURE,
--              ("sss_ssh_get_ent() failed (%d): %s\n", ret, strerror(ret)));
--        ERROR("Error looking up public keys\n");
-+    if (host) {
-+        /* append domain to hostname if domain is specified */
-+        if (pc_domain) {
-+            host = talloc_asprintf(mem_ctx, "%s@%s", host, pc_domain);
-+            if (!host) {
-+                DEBUG(SSSDBG_CRIT_FAILURE, ("Not enough memory\n"));
-+                ret = EXIT_FAILURE;
-+                goto fini;
-+            }
-+        }
-+
-+        /* look up public keys */
-+        ret = sss_ssh_get_ent(mem_ctx, SSS_SSH_GET_HOST_PUBKEYS,
-+                              host, pc_host, &ent);
-+        if (ret != EOK) {
-+            DEBUG(SSSDBG_OP_FAILURE,
-+                  ("sss_ssh_get_ent() failed (%d): %s\n", ret, strerror(ret)));
-+        }
-     }
- 
-     /* connect to server */
-     if (pc_args) {
-         ret = connect_proxy_command(discard_const(pc_args));
--    } else {
-+    } else if (ai) {
-         ret = connect_socket(ai[0].ai_family, ai[0].ai_addr, ai[0].ai_addrlen);
-+    } else {
-+        ret = EFAULT;
-     }
-     ret = (ret == EOK) ? EXIT_SUCCESS : EXIT_FAILURE;
- 
--- 
-1.7.10.2
-
diff --git a/0002-Use-HTML_TIMESTAMP-instead-of-HTML_FOOTER_DESCRIPTIO.patch b/0002-Use-HTML_TIMESTAMP-instead-of-HTML_FOOTER_DESCRIPTIO.patch
deleted file mode 100644
index 702258a..0000000
--- a/0002-Use-HTML_TIMESTAMP-instead-of-HTML_FOOTER_DESCRIPTIO.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-From d3c702624e0e83b3f1b33ba31d3583dbfa5292c9 Mon Sep 17 00:00:00 2001
-From: Jakub Hrozek <jhrozek@redhat.com>
-Date: Mon, 2 Apr 2012 00:17:15 +0200
-Subject: [PATCH 2/2] Use HTML_TIMESTAMP instead of HTML_FOOTER_DESCRIPTION
-
-https://fedorahosted.org/sssd/ticket/1271
-
-Conflicts:
-	src/lib/idmap/sss_idmap.doxy.in
----
- src/doxy.config.in                   |    7 ++++---
- src/providers/ipa/ipa_hbac.doxy.in   |    7 ++++---
- src/sss_client/sudo/sss_sudo.doxy.in |    7 ++++---
- 3 files changed, 12 insertions(+), 9 deletions(-)
-
-diff --git a/src/doxy.config.in b/src/doxy.config.in
-index dc41b1fd156613808efa00cf9fe95bef4247c781..1f9b5a324f68aa189b309d5b7293d769c8ca5acf 100644
---- a/src/doxy.config.in
-+++ b/src/doxy.config.in
-@@ -784,10 +784,11 @@ IGNORE_PREFIX          =
- 
- GENERATE_HTML          = YES
- 
--# If the HTML_FOOTER_DESCRIPTION tag is set to YES, Doxygen will
--# add generated date, project name and doxygen version to HTML footer.
-+# If the HTML_TIMESTAMP tag is set to YES then the footer of each generated
-+# HTML page will contain the date and time when the page was generated. Setting
-+# this to NO can help when comparing the output of multiple runs.
- 
--HTML_FOOTER_DESCRIPTION= NO
-+HTML_TIMESTAMP = NO
- 
- # The HTML_OUTPUT tag is used to specify where the HTML docs will be put.
- # If a relative path is entered the value of OUTPUT_DIRECTORY will be
-diff --git a/src/providers/ipa/ipa_hbac.doxy.in b/src/providers/ipa/ipa_hbac.doxy.in
-index 3c9672f01c04c5f42cdfffee8603cf6fb181b25f..37528efc2a0d7849b09763a6a0a91c54451f2cf2 100644
---- a/src/providers/ipa/ipa_hbac.doxy.in
-+++ b/src/providers/ipa/ipa_hbac.doxy.in
-@@ -782,10 +782,11 @@ IGNORE_PREFIX          =
- 
- GENERATE_HTML          = YES
- 
--# If the HTML_FOOTER_DESCRIPTION tag is set to YES, Doxygen will
--# add generated date, project name and doxygen version to HTML footer.
-+# If the HTML_TIMESTAMP tag is set to YES then the footer of each generated
-+# HTML page will contain the date and time when the page was generated. Setting
-+# this to NO can help when comparing the output of multiple runs.
- 
--HTML_FOOTER_DESCRIPTION= NO
-+HTML_TIMESTAMP = NO
- 
- # The HTML_OUTPUT tag is used to specify where the HTML docs will be put.
- # If a relative path is entered the value of OUTPUT_DIRECTORY will be
-diff --git a/src/sss_client/sudo/sss_sudo.doxy.in b/src/sss_client/sudo/sss_sudo.doxy.in
-index ee4a03885ca844a9e7c556a8fd8c4d705f7d3e57..4e777f427823b33d0ca286ae0a032c0dceb5f803 100644
---- a/src/sss_client/sudo/sss_sudo.doxy.in
-+++ b/src/sss_client/sudo/sss_sudo.doxy.in
-@@ -782,10 +782,11 @@ IGNORE_PREFIX          =
- 
- GENERATE_HTML          = YES
- 
--# If the HTML_FOOTER_DESCRIPTION tag is set to YES, Doxygen will
--# add generated date, project name and doxygen version to HTML footer.
-+# If the HTML_TIMESTAMP tag is set to YES then the footer of each generated
-+# HTML page will contain the date and time when the page was generated. Setting
-+# this to NO can help when comparing the output of multiple runs.
- 
--HTML_FOOTER_DESCRIPTION= NO
-+HTML_TIMESTAMP = NO
- 
- # The HTML_OUTPUT tag is used to specify where the HTML docs will be put.
- # If a relative path is entered the value of OUTPUT_DIRECTORY will be
--- 
-1.7.10.2
-
diff --git a/sources b/sources
index 5450c98..c29e70b 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-196cc355f74a1a431f9bd5dcd2c6cc41  sssd-1.8.4.tar.gz
+385a5ecb6c9f69eadf93c863e1b7d6a4  sssd-1.8.5.tar.gz
diff --git a/sssd.spec b/sssd.spec
index 7a9b89b..231cf64 100644
--- a/sssd.spec
+++ b/sssd.spec
@@ -15,8 +15,8 @@
 %global ldb_version 1.1.6
 
 Name: sssd
-Version: 1.8.4
-Release: 14%{?dist}
+Version: 1.8.5
+Release: 1%{?dist}
 Group: Applications/System
 Summary: System Security Services Daemon
 License: GPLv3+
@@ -26,9 +26,6 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 
 ### Patches ###
 
-Patch0001: 0001-Assorted-SSH-fixes.patch
-Patch0002: 0002-Use-HTML_TIMESTAMP-instead-of-HTML_FOOTER_DESCRIPTIO.patch
-
 ### Dependencies ###
 
 Conflicts: selinux-policy < 3.10.0-46
@@ -457,6 +454,9 @@ fi
 %postun -n libipa_hbac -p /sbin/ldconfig
 
 %changelog
+* Sun Oct 07 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.8.5-1
+- New upstream release 1.8.5
+
 * Wed Jun 20 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.4-14
 - Switch unicode library from libunistring to Glib
 - Drop unnecessary explicit Requires on keyutils