sssd: unsanitized input when searching in local cache database access on
the sock_file system_bus_socket
(cherry picked from commit 7069858231)
(cherry picked from commit 4a8ad4c174)
(cherry picked from commit 8fca7e629a)
Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access
on the sock_file system_bus_socket
Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and
fails to download desktop profile data
Resolves: upstream#3485 - getsidbyid does not work with 1.15.3
Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after
applying ID Views for them in IPA server
Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping
is applied
(cherry picked from commit 8eda442b2e)
(cherry picked from commit e15fc49cbf)
(cherry picked from commit bbb90ca68c)
The plugin for cifs-utils can be built on all supported versions of fedora.
Conditions are required only in upstream spec file for older
distributions. Definition of constant with_cifs_utils_plugin is still
in the beginning of spec file for simpler comparison of changes
between upstream and fedora.
(cherry picked from commit 5ce8ae1166)
(cherry picked from commit 601bb9f4eb)
(cherry picked from commit 7109e61605)
The plugin can be built on all supported versions of fedora.
And it was removed also from upstream spec file.
(cherry picked from commit 088151887a)
(cherry picked from commit e89cb59c68)
(cherry picked from commit 52d4a1e424)
Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with
file from package sssd-common-1.15.1-1.fc25.x86_64
Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4
(cherry picked from commit 9c949c17eb)
Resolves: upstream#3297 Fix issue with IPA + SELinux in containers
Resolves: upstream#3360 Do not leak selinux context on clients destruction
(cherry picked from commit 22e5820a7b)
Resolves: rhbz#1392916 - sssd failes to start after update
Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses
on the directory /etc/sssd
(cherry picked from commit eb6c560542)
The macro python_provide is defined in /usr/lib/rpm/macros.d/macros.python
in the package python-rpm-macros. But this package is not part
of build root and therefore rpm cannot parse spec file.
This reverts commit 22c180263a.
(cherry picked from commit 8dd054482d)
- Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after
boot
- Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14
(cherry picked from commit 2b61bbee11)
It will reduce dependency chain in container world.
libsss_autofs.so depends only on libc and requires
sssd unix sockets. And sssd-common has many requirements.
We do not need to requires specific version of libldb
or libtdb because it is automatically detected from
binary/library dependencies. We also need never version
of that libraries as it was specified in spec file.
e.g.
sh$ rpm -q --requires sssd-common | grep -E "TDB|LDB"
libldb.so.1(LDB_0.9.10)(64bit)
libtdb.so.1(TDB_1.2.1)(64bit)
There is also redundant dependency on sssd-common-pac
sssd -> sssd-ipa -> sssd-common-pac
-> sssd-ad -> sssd-common-pac
-> sssd-common-pac
sh$ rpm -q --whatrequires sssd-common-pac
sssd-ipa-1.13.3-1.fc23.x86_64
sssd-ad-1.13.3-1.fc23.x86_64
sssd-1.13.3-1.fc23.x86_64