Fabiano Fidêncio
1dad4d1fac
Resolves: rhbz#1591804 - something keeps /lib/libnss_systemd.so.2 open on minimal appliance image, breaking composes
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 192e845618
)
2018-06-25 09:55:43 +02:00
Fabiano Fidêncio
f14161ac08
New upstream release 1.16.2
...
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_2.html
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit a36f5fea4b
)
2018-06-11 15:05:24 +02:00
Fabiano Fidêncio
e56517d602
Related: upstream#3742 - Change of: User may not run sudo --> a password is required
...
Patch 0017-sudo-ldap-do-not-store-rules-without-sudoHost-attrib.patch
has been commented out as it caused some regressions on IPA tests.
In order to unblock IPA folks, let's revert this patch from Fedora till
we have a proper fix.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 29d69716ad
)
2018-05-28 10:12:29 +02:00
Fabiano Fidêncio
e428c4af45
Revert "Add: "ExcludeArch: armv7hl""
...
This reverts commit bc3790f5a0
.
(cherry picked from commit 4979898a6e
)
2018-05-17 17:55:54 +02:00
Fabiano Fidêncio
38221da669
Add: "ExcludeArch: armv7hl"
...
For some reason still unclear we're *not* able to build SSSD on koji's
buildroot for armv7hl. Some tests have been done and SSSD was built
successfully using real armv7hl hardware, which indicates that we're
facing https://bugzilla.redhat.com/show_bug.cgi?id=1576593
As soon as the bug is resolved, this patch could be safely reverted.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit bc3790f5a0
)
2018-05-16 22:25:57 +02:00
Fabiano Fidêncio
b6ae123d6b
Related: upstream#3436 - Certificates used in unit tests have limited lifetime
...
Fix a non harmful warning shown by recent versions of OpenSSL.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 0a2c83fbd0
)
2018-05-16 22:25:33 +02:00
Fabiano Fidêncio
0302f3db88
Related: upstream#3436 - Add openssl, openssh and nss-tools as BuildRequires
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit c4f0508af1
)
2018-05-14 11:49:48 +02:00
Fabiano Fidêncio
b2d97e727b
Resolves: upstream#3595 - ID override GID from Default Trust View is not properly resolved in case domain resolution order is set
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 5f75f7e4f2
)
2018-05-14 11:49:48 +02:00
Fabiano Fidêncio
43d49c871d
Resolves: upstream#3731 - nss_clear_netgroup_hash_table(): only remove entries from the hash table, do not free them
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 1511bcd8b2
)
2018-05-14 11:49:48 +02:00
Fabiano Fidêncio
b2bfd972c9
Resolves: upstream#3728 - Request by ID outside the min_id/max_id limit of a first domain does not reach the second domain
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 3ad9e211eb
)
2018-05-14 11:49:48 +02:00
Fabiano Fidêncio
8530c8b24d
Resolves: upstream#3719 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit ed238e28ff
)
2018-05-14 11:49:48 +02:00
Fabiano Fidêncio
d212c95076
Related: upstream#2653 - Group renaming issue when "id_provider = ldap" is set.
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 97a62b83f1
)
2018-05-14 11:49:48 +02:00
Fabiano Fidêncio
681d87c2ae
Resolves: upstream#3726 - SSSD with ID provider 'ad' should give a warning in case the ldap schema is manually changed to something different than 'ad'.
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 163543f40b
)
2018-05-14 11:49:48 +02:00
Fabiano Fidêncio
e4e9316ad9
Resolves: upstream#3725 - sssd not honoring dyndns_server if the DNS update process is terminated with a signal
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 510134aa02
)
2018-05-14 11:49:48 +02:00
Fabiano Fidêncio
7dc8777d56
Related: upstream#3436 - Certificates used in unit tests have limited lifetime
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 5e1db8fc3e
)
2018-05-14 11:49:48 +02:00
Fabiano Fidêncio
c715b8d660
Resolves: rhbz#1574778 - sssd fails to download known_hosts from freeipa
...
Patch 0018-sysdb-custom-completely-replace-old-object-instead-o.patch
caused a regression, caught by lslebodn and reported by a few users.
Let's comment out this patch for now and uncomment it when we have a fix
that do not cause a regression.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 5254cdcca5
)
2018-05-05 21:58:05 +02:00
Fabiano Fidêncio
99a84c4b16
Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM
...
Also ...
Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data
Provider returned an error
[org.freedesktop.sssd.Error.DataProvider.Fatal]
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 90dd145c92
)
2018-04-27 22:23:57 +02:00
Fabiano Fidêncio
e45d803139
Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit a305fc11b7
)
2018-04-27 22:23:49 +02:00
Fabiano Fidêncio
15af9187cf
Document which principal does the AD provider use
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit b6696d97c4
)
2018-04-27 22:23:43 +02:00
Fabiano Fidêncio
e9424464d1
Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set.
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 2dd8451396
)
2018-04-27 22:23:34 +02:00
Fabiano Fidêncio
bf6526be6c
Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound?
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 209701ef7f
)
2018-04-27 22:23:28 +02:00
Fabiano Fidêncio
8ac548e27d
Improve docs/debug message about GC detection
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 3115154117
)
2018-04-27 22:23:23 +02:00
Fabiano Fidêncio
94dacbcff1
Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit f47c82bc8d
)
2018-04-27 22:23:15 +02:00
Fabiano Fidêncio
d5953555e4
Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 64b69ec813
)
2018-04-27 22:23:08 +02:00
Fabiano Fidêncio
f585ce79e5
Resolves: upstream#3679 - Make nss netgroup requests more robust
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 8d67726a47
)
2018-04-27 22:23:03 +02:00
Fabiano Fidêncio
d4cc9f09a9
Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 8565df471c
)
2018-04-27 22:22:49 +02:00
Fabiano Fidêncio
69dd3e36eb
Resolves: upstream#3402 - Support alternative sources for the files provider
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 9709b73a3f
)
2018-04-27 22:22:43 +02:00
Fabiano Fidêncio
1ec14767eb
Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit a7d4f0b3f4
)
2018-04-27 22:22:38 +02:00
Fabiano Fidêncio
ff80480d02
IPA: Qualify the externalUser sudo attribute
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit ab53ba849a
)
2018-04-27 22:22:31 +02:00
Fabiano Fidêncio
11342ddfab
Tone down shutdown messages for socket activated responders
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit ef1d48a0c2
)
2018-04-27 22:22:16 +02:00
Fabiano Fidêncio
b1ddb6443b
Resolves: upstream#3558 - sudo: report error when two rules share cn
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit fcff118bbf
)
2018-04-27 22:22:09 +02:00
Fabiano Fidêncio
7809e6eedd
Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit f3d06df50d
)
2018-04-27 22:22:04 +02:00
Fabiano Fidêncio
2540bf426d
A few KCM misc fixes
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 32f2c81e59
)
2018-03-30 15:02:55 +02:00
Fabiano Fidêncio
4d8a2ac870
Resolves: upstream#3666 - Fix usage of str.decode() in our test
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 99da72db23
)
2018-03-30 15:02:49 +02:00
Fabiano Fidêncio
7d773ed035
Resolves: upstream#3386 - KCM: Payload buffer is too small
...
Related to: rhbz#1494843 - KCM Does not work
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 1c7376afc5
)
2018-03-30 15:02:43 +02:00
Fabiano Fidêncio
0392642064
Resolves: usptream#3687 - KCM: Don't pass a non null terminated string to json_loads()
...
Related to: rhbz#1494843 - KCM Does not work
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 73735e9522
)
2018-03-30 15:02:27 +02:00
Fabiano Fidêncio
4d2103b723
Resolves: upstream#3658 - Application domain is not interpreted correctly
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 563dd33f72
)
2018-03-30 15:02:19 +02:00
Fabiano Fidêncio
c126b3174c
Resolves: upstream#3660 - confdb_expand_app_domains() always fails
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 2c812f3cba
)
2018-03-30 15:02:08 +02:00
Fabiano Fidêncio
928c3e94ab
Resolves: upstream#3573 - sssd won't show netgroups with blank domai
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 40fe76feb8
)
2018-03-30 15:01:59 +02:00
Fabiano Fidêncio
d11cfce2ff
New upstream release 1.16.1
...
https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 62a3258629
)
2018-03-09 16:12:14 +01:00
Lukas Slebodnik
5eba7a8f1f
Resolves: upstream#3621 - backport bug found by static analyzers
2018-02-20 15:12:59 +01:00
Fabiano Fidêncio
4b1fe8a0ab
Resolves: upstream#3621: FleetCommander integration must not require capability DAC_OVERRIDE
...
Together with the patches backported from upstream, we're changing
the deskprofilepath permissions from 755 to 751, reflecting the
upstream spec file changes.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-02-14 23:03:25 +01:00
Fabiano Fidêncio
199a72e62a
Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-02-14 22:15:04 +01:00
Igor Gnatenko
11c6ee78b8
Remove BuildRoot definition
...
None of currently supported distributions need that.
It was needed last for EL5 which is EOL now
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-02-14 00:40:17 +01:00
Lukas Slebodnik
18ae44bc79
Resolves: upstream#3618 - selinux_child segfaults in a docker container
2018-02-07 22:04:27 +01:00
Lukas Slebodnik
f55e235d75
Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl
2018-02-06 13:11:55 +01:00
Lukas Slebodnik
e242e8ef93
Fix systemd executions/requirements
...
systemd was added to BuildRequires because it provides rpm macros
/usr/lib/rpm/macros.d/macros.systemd and it is unreliable to rely
on indirect dependency between systemd-devel and systemd
Related to: https://src.fedoraproject.org/rpms/sssd/pull-request/1
2018-02-06 13:04:26 +01:00
Lukas Slebodnik
6d370601d4
Revert "Workaround for BZ1537183"
...
This reverts commit 0a5a392684
.
nsupdate is fixed on rawhide.i686
2018-02-06 12:57:05 +01:00
Igor Gnatenko
a3b937064c
Fix systemd executions/requirements
...
Merges: https://src.fedoraproject.org/rpms/sssd/pull-request/1
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-01-25 20:42:01 +01:00
Lukas Slebodnik
ebdebbe467
Do not try to link with -Wl,-z,defs
...
https://bugzilla.redhat.com/show_bug.cgi?id=1535422
https://fedoraproject.org/wiki/Changes/BINUTILS2291
https://src.fedoraproject.org/rpms/redhat-rpm-config/blob/master/f/buildflags.md#strict-symbol-checks-in-the-link-editor-ld
sssd cannot be linked with -Wl,-z,defs atm.
2018-01-25 20:23:09 +01:00