bb0cc30393
Backport extended NSS API from upstream master branch
2017-11-17 19:41:03 +01:00
f206fae248
Disable nfsplugin due to bug rhbz#1509063
...
(cherry picked from commit b5c435b10b
2017-11-03 23:07:25 +01:00
da41c905c0
Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade
...
(cherry picked from commit 7ac8b3c4b5
2017-11-03 16:27:54 +01:00
71b7ed1da0
Add workaround for unit test failures with libldb-1.3
2017-11-03 16:27:27 +01:00
ea632499ff
New upstream release 1.16.0
...
https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html
(cherry picked from commit 4f58854911
2017-10-20 18:05:32 +02:00
4a8ad4c174
Resolves: rhbz#1499354 - CVE-2017-12173
...
sssd: unsanitized input when searching in local cache database access on
the sock_file system_bus_socket
(cherry picked from commit 7069858231
2017-10-11 17:50:14 +02:00
e15fc49cbf
Fix few bugs/regressions
...
Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access
on the sock_file system_bus_socket
Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and
fails to download desktop profile data
Resolves: upstream#3485 - getsidbyid does not work with 1.15.3
Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after
applying ID Views for them in IPA server
Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping
is applied
(cherry picked from commit 8eda442b2e
2017-09-12 09:28:42 +02:00
323dbdee02
Backport few upstream patches/fixes
...
(cherry picked from commit fa4807ec45
2017-09-01 21:40:30 +02:00
2aa9f3bb10
Add krb5 conf snippet for default KCM
...
http://fedoraproject.org/wiki/Releases/27/ChangeSet#Kerberos_KCM_credential_cache_by_default
https://bugzilla.redhat.com/show_bug.cgi?id=1421604
(cherry picked from commit 11cd64de1c
2017-09-01 21:40:30 +02:00
601bb9f4eb
Simplify spec file a little bit
...
The plugin for cifs-utils can be built on all supported versions of fedora.
Conditions are required only in upstream spec file for older
distributions. Definition of constant with_cifs_utils_plugin is still
in the beginning of spec file for simpler comparison of changes
between upstream and fedora.
(cherry picked from commit 5ce8ae1166
2017-09-01 21:40:30 +02:00
e89cb59c68
Remove unused if condition krb5 localauth plugin
...
The plugin can be built on all supported versions of fedora.
And it was removed also from upstream spec file.
(cherry picked from commit 088151887a
2017-09-01 21:40:30 +02:00
3b8c6ea1d5
Own the %{_libdir}/%{name}/conf dir
...
https://bugzilla.redhat.com/show_bug.cgi?id=1483517
(cherry picked from commit 308a55f49d
2017-09-01 21:40:30 +02:00
df69f6e551
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
2017-07-27 19:16:38 +00:00
1f58bd8dc4
Make fedora automated tests happy
...
dist.python-versions failed
dist.python-versions.requires_naming_scheme failed
These RPMs use `python-` prefix without Python version in *Requires:
sssd-1.15.3-1.fc26 BuildRequires:
* python-devel (python2-devel is available)
This is strongly discouraged and should be avoided. Please check
the required packages, and use names with either `python2-` or
`python3-` prefix.
2017-07-25 17:53:21 +02:00
6302a22355
New upstream release 1.15.3
...
https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html
2017-07-25 13:58:52 +02:00
ca67484fda
Rebuild with libldb-1.2.0
...
sssd buill with older version of libldb will crash
(gdb) bt
#0 0x0000000000000001 in ?? ()
#1 0x00007fcb39ce28dc in ldb_db_lock_destructor () from /lib64/libldb.so.1
#2 0x00007fcb3a103f31 in _tc_free_internal (location=0x7fcb39ce9303 "../common/ldb.c:1026", tc=<optimized out>) at ../talloc.c:1078
#3 _talloc_free_internal (location=0x7fcb39ce9303 "../common/ldb.c:1026", ptr=0x55e267aebef0) at ../talloc.c:1174
#4 _talloc_free (ptr=0x55e267aebef0, location=0x7fcb39ce9303 "../common/ldb.c:1026") at ../talloc.c:1716
#5 0x00007fcb39ce02f2 in ldb_lock_backend_callback () from /lib64/libldb.so.1
#6 0x00007fcb31b172ae in ltdb_callback () from /usr/lib64/ldb/modules/ldb/tdb.so
#7 0x00007fcb3a31e8c1 in tevent_common_loop_timer_delay () from /lib64/libtevent.so.0
2017-07-07 12:44:33 +02:00
538f424e10
Disable unit tests with expired certificates
2017-06-27 16:02:20 +02:00
7be3dab725
Fix build issues: Update expided certificate in unit tests
2017-06-27 14:22:05 +02:00
af87992184
Reduce diff between rhel and fedora
2017-05-03 15:41:35 +02:00
c580b695b0
Do not patch README.md
...
README.md is not part of tarball
2017-05-01 09:00:54 +02:00
7bddea6c90
Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication
...
Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with
file from package sssd-common-1.15.1-1.fc25.x86_64
Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4
2017-04-29 23:49:52 +02:00
576a19ee5a
Fix issue with IPA + SELinux in containers
...
Resolves: upstream https://fedorahosted.org/sssd/ticket/3297
2017-04-06 15:54:38 +02:00
387014f928
Backport upstream patches for 1.15.3 pre-release
...
required for building freeipa-4.5.x in rawhide
2017-04-04 16:22:51 +02:00
d663bd4a22
New upstream release 1.15.2
...
https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html
2017-03-16 10:48:31 +01:00
6a912ecf5d
Add missing file
2017-03-06 11:41:21 +01:00
831e9fa984
New upstream release 1.15.1
...
https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html
2017-03-06 10:48:38 +01:00
396c651083
Cherry-pick patches from upstream that enable the files provider
...
Required for:
https://bugzilla.redhat.com/show_bug.cgi?id=1357418 - SSSD fast cache for local users
2017-02-28 16:54:33 +01:00
3e94aee54c
Add missing %license macro
2017-02-14 19:47:29 +01:00
b5653d93c3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
2017-02-11 13:57:49 +00:00
850071336e
New upstream release 1.15.0
...
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0
2017-01-27 20:07:00 +01:00
4b9dd7c77c
Rebuild for Python 3.6
2016-12-19 18:20:38 +01:00
eb6c560542
Resolves: rhbz#1369130 - nss_sss should not link against libpthread
...
Resolves: rhbz#1392916 - sssd failes to start after update
Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses
on the directory /etc/sssd
2016-12-13 20:10:27 +01:00
85427c072c
New upstream release 1.14.2
...
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2
2016-10-20 16:20:34 +02:00
856526f769
libwbclient-sssd: update interface to version 0.13
2016-10-14 19:06:17 +02:00
8dd054482d
Revert "Do no use python_provide conditionally"
...
The macro python_provide is defined in /usr/lib/rpm/macros.d/macros.python
in the package python-rpm-macros. But this package is not part
of build root and therefore rpm cannot parse spec file.
This reverts commit 22c180263a
2016-09-22 23:40:41 +02:00
75bb1ff2e0
Fix failing test
2016-09-22 22:55:43 +02:00
640e44ca24
Fix regression with krb5_map_user
...
- Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore
- Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError:
default if nonexistent domain is mentioned
2016-09-22 22:28:47 +02:00
0fe5246e1a
Use weak dependencies
2016-09-21 12:47:08 +02:00
22c180263a
Do no use python_provide conditionally
2016-09-15 17:53:58 +02:00
2b61bbee11
Backport important patches from upstream 1.14.2 prerelease
...
- Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after
boot
- Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14
2016-09-01 18:13:49 +02:00
6bce0a242d
New upstream release 1.14.0
...
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1
2016-08-19 18:02:03 +02:00
0e7292f369
Add workaround patch for RHBZ #1366403
2016-08-15 14:15:18 -04:00
8a68f197ec
- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
2016-07-19 12:41:42 +00:00
08625190c5
New upstream release 1.14.0
...
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0
2016-07-08 08:47:25 +02:00
a100349631
Fix few mistakes
...
note: fedpkg lint is your best friend
2016-07-01 10:45:16 +02:00
f9539d7319
New upstream release 1.14 beta
...
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta
2016-07-01 10:11:33 +02:00
966fddcfba
New upstream release 1.14 alpha
...
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha
2016-06-21 10:58:04 +02:00
e3bb60bcdb
Rename python packages + using macro %python_provide
2016-05-13 11:09:38 +02:00
9aeb640f15
Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element():
...
sssd_ifp killed by SIGSEGV
2016-05-13 11:09:38 +02:00
18bea94912
Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6
2016-04-22 20:50:56 +02:00
d9dece9b71
Backport netlink patch for link-local addresses
2016-04-14 13:05:33 +02:00
19237d03ed
New upstream release 1.13.4
...
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4
2016-04-14 12:59:47 +02:00
6b01857bc5
Bump release
2016-03-22 09:07:32 +01:00
e37379577b
Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password
...
prompts (e.g. Password + Token)
- Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed
by remote host" if locale not available
2016-03-22 09:06:29 +01:00
e32d50862e
Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA
...
groups during getgrnam and getgrgid
- Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses
in call to 'print'
2016-02-25 13:58:00 +01:00
00dde99057
Move libsss_autofs.so outside sssd-common
...
It will reduce dependency chain in container world.
libsss_autofs.so depends only on libc and requires
sssd unix sockets. And sssd-common has many requirements.
2016-02-19 09:27:27 +01:00
584e0c3964
Remove unnecessary requirements
...
We do not need to requires specific version of libldb
or libtdb because it is automatically detected from
binary/library dependencies. We also need never version
of that libraries as it was specified in spec file.
e.g.
sh$ rpm -q --requires sssd-common | grep -E "TDB|LDB"
libldb.so.1(LDB_0.9.10)(64bit)
libtdb.so.1(TDB_1.2.1)(64bit)
There is also redundant dependency on sssd-common-pac
sssd -> sssd-ipa -> sssd-common-pac
-> sssd-ad -> sssd-common-pac
-> sssd-common-pac
sh$ rpm -q --whatrequires sssd-common-pac
sssd-ipa-1.13.3-1.fc23.x86_64
sssd-ad-1.13.3-1.fc23.x86_64
sssd-1.13.3-1.fc23.x86_64
2016-02-17 16:30:01 +01:00
0a5378a924
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
2016-02-05 00:37:31 +00:00
c38b881d88
Package uses only $RPM_BUILD_ROOT
...
Note: Using both %{buildroot} and $RPM_BUILD_ROOT
See: http://fedoraproject.org/wiki/Packaging/Guidelines#macros
2016-02-02 21:45:47 +01:00
5719fdd6f8
Fix rpmlint issue for libsss_simpleifp
...
Patch removes unnecessary requires of dbus-libs
because it's already detected from library.
However we forgot to call ldconfig after (un)installation.
sh$ rpm -q -p --requires libsss_simpleifp-1.13.90-0.fc23.x86_64.rpm | grep dbus
libdbus-1.so.3()(64bit)
libdbus-1.so.3(LIBDBUS_1_3)(64bit)
sssd-dbus = 1.13.90-0.fc23
sh$ rpm -q --whatprovides "libdbus-1.so.3()(64bit)"
dbus-libs-1.10.6-1.fc23.x86_64
2016-02-02 18:07:45 +01:00
fb84da9380
Remove unnecessary clean-up of buildroot
...
rhel5 required to clean buildroot in install section.
The %clean section is not required for F-13 and above, and EPEL 6 and
above. EPEL 5 MUST have a %clean section that cleans the buildroot:
https://fedoraproject.org/wiki/EPEL:Packaging#Prepping_BuildRoot_For_.25install
2016-02-02 18:06:09 +01:00
d384e14059
Fix rpmlint warnings
...
fedpkg/sssd/sssd.spec:1232: W: macro-in-%changelog %preun
fedpkg/sssd/sssd.spec:1366: W: macro-in-%changelog %{_lib}
fedpkg/sssd/sssd.spec:1366: W: macro-in-comment %{_lib}
2016-02-02 11:59:36 +01:00
6d11a34b89
Additional upstream fixes
2016-01-20 18:40:57 +01:00
9bfc8ef4de
Resolves: rhbz#1256849 - SUDO: Support the IPA schema
2016-01-19 18:23:34 +01:00
94f4c4dd6d
Use macros and don't call systemctl directly
...
- Resolves: rhbz#850328 - Introduce new systemd-rpm macros in sssd spec file
2016-01-19 15:26:15 +01:00
9f85549912
Fix unowned directories
...
- https://fedoraproject.org/wiki/Packaging:UnownedDirectories
- Resolves: rhbz#1266940 - sssd-client.i686 on x86_64 has unowned directories
2016-01-19 15:15:32 +01:00
f50233afd2
Move libsss_sudo.so outside sssd-common
...
The module ${libdir}/libsss_sudo.so is used only by /usr/bin/sudo.
If libsss_sudo.so was part of sssd-client then 32 bit version would
never be used on 64 bit machine and files in sssd-client can be used
by multilib applications e.g. libnss_sss.so can be indirectly "dlopened"
by 64 bit applications and 32 bit application.
(32-bit web browser; ordinary 64bit applications ...)
2016-01-19 15:06:17 +01:00
aa27da2e1f
Change package ownership of %{pubconfpath}/krb5.include.d
...
krb5 domain mapping files are stored to the directory
%{pubconfpath}/krb5.include.d. It can be stored by ipa or ad provider.
However this directory was owned by sub-package sssd-ipa. And ad provider
can be installed without this package. Therefore %{pubconfpath}/krb5.include.d
should be owned by common dependency.
The owner of this directory was also fixed to sssd.
It's already done by make install. It was changed only in spec file.
2016-01-19 15:02:47 +01:00
a89ed4b83f
Additional patch for upstream #2829
2015-12-16 08:51:17 +01:00
5df019d5aa
New upstream release 1.13.3
...
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3
2015-12-16 08:47:07 +01:00
31ed44fa55
Backport patches from sssd master #2829
...
Use after free in failover
2015-11-20 09:47:17 +01:00
bdedaaad52
New upstream release 1.13.2
...
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2
2015-11-20 09:47:17 +01:00
2b3b752656
Rebuilt for Python3.5 rebuild
2015-11-06 15:40:37 +01:00
9f8eeed0c9
Fix building pac responder with the krb5-1.14
2015-10-27 09:41:14 +01:00
c08e64289b
python-sssdconfig: Fix parssing sssd.conf without config_file_version
...
- Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed
2015-10-19 15:04:51 +02:00
4bdb4e48cd
Revert "Temporary disable tests due to broken krb5"
...
This reverts commit 1bedb06db6
2015-10-07 13:42:42 +02:00
69b9d3f518
Fix few segfaults
...
- Resolves: upstream #2811 - PAM responder crashed if user was not set
- Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step
2015-10-07 13:42:03 +02:00
1bedb06db6
Temporary disable tests due to broken krb5
...
Should be fixed with krb5 >= 1.14-2.fc24
2015-10-01 08:16:23 +02:00
00d900ad6f
Remove unnecessary requirement
...
libini-config-1.1 already provides version definition
which substitute this requirement.
sh$ objdump -p /usr/lib64/libini_config.so | grep -A4 definition
Version definitions:
1 0x01 0x05f25695 libini_config.so.5
2 0x00 0x00acdc20 INI_CONFIG_1.1.0
3 0x00 0x00acdd20 INI_CONFIG_1.2.0
INI_CONFIG_1.1.0
2015-10-01 08:16:23 +02:00
05c3b14125
New upstream release 1.13.1
...
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1
2015-10-01 08:16:16 +02:00
996f9ec8f7
Fix OTP bug
...
- Resolves: upstream #2729 - Do not send SSS_OTP if both factors were
entered separately
2015-09-10 14:26:47 +02:00
cc6c9ff159
Backport upstream patches required by FreeIPA 4.2.1
2015-09-07 18:37:40 +02:00
cc1ba0d674
Fix ipa-migration bug
...
- Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled
migration mode
2015-07-21 09:11:06 +02:00
b46d3ce3db
New upstream release 1.13.0
...
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0
2015-07-08 19:15:17 +02:00
aa1a6b1ea9
Unify return type of list_active_domains for python{2,3}
2015-06-30 16:54:06 +02:00
3fa3e7c22a
New upstream release 1.13 alpha
...
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha
2015-06-22 13:52:08 +02:00
b4d3da407f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
2015-06-19 01:41:15 +00:00
89ed4ffc3c
Fix libwbclient alternatives
2015-06-12 20:50:06 +02:00
aac3cde5be
New upstream release 1.12.5
...
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5
- backport important patches from upstream 1.13 prerelease
2015-06-12 14:49:22 +02:00
70e9980ac6
Backport important patches from upstream 1.13 prerelease
...
- Resolves: rhbz#1060325 - Does sssd-ad use the most suitable
attribute for group name
- Resolves: upstream #2335 - Investigate using the krb5 responder
for driving the PAM conversation with OTPs
- Enable cmocka tests for secondary architectures
2015-05-08 14:53:58 +02:00
a0e4fecc9c
Fix cyclic dependencies between sssd-{krb5,}-common
...
The upstream ticket #2507 is prerequisite for BZ1212503
Patch also enables cmocka tests with secondary architectures.
2015-05-08 14:32:52 +02:00
40a97f0f88
Backport patches from upstream 1.12.5 prerelease - contains many fixes
2015-05-08 14:13:58 +02:00
6cfd9704c1
Bump version for patches related to #2624
2015-04-15 14:19:39 +02:00
c4cf951d60
Fix slow login with ipa and SELinux
...
- Resolves: upstream #2624 - Only set the selinux context if the context
differs from the local one
2015-04-15 14:17:32 +02:00
9a0389188d
Small spec file clean-up
...
* remove workaround for old rpmbuild (rhel5)
* remove conversion sysv scripts to systemd
* small code style update in bash scripts
2015-04-09 18:06:13 +02:00
36805df397
Fix regressions with ipa and SELinux
...
- Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security
context on client is staff_u
2015-03-23 17:17:30 +01:00
9f97bec3b0
Also relax libldb Requires and remove --enable-ldb-version-check
2015-03-06 11:45:13 +01:00
9c5af4ac2d
Relax libldb BuildRequires
...
Originally, we tried to stay on the safe side with libldb since it never
really commited to stable ABI or API, but since there were never any
issues in many years, it's safe to relax the requirement.
This change will benefit especially the storage developers who often
need a different (typically newer) libldb version and would like to
avoid to rebuild sssd for no reason.
2015-03-06 10:50:45 +01:00
ed82d05320
Add support for python3 bindings
...
- Add requirement to python3 or python3 bindings
- Resolves: rhbz#1014594 - sssd: Support Python 3
2015-02-25 14:21:45 +01:00
16372c2465
Replace python_* rpm macros with python2_*
2015-02-25 13:34:08 +01:00
Jakub Hrozek
Lukas Slebodnik
Lukas Slebodnik
Ville Skyttä
Fedora Release Engineering
Miro Hrončok
Stephen Gallagher
Michal Sekletar
Robert Kuska
Dennis Gilmore
Jakub Hrozek