Fabiano Fidêncio
bf6526be6c
Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound?
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 209701ef7f
)
2018-04-27 22:23:28 +02:00
Fabiano Fidêncio
8ac548e27d
Improve docs/debug message about GC detection
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 3115154117
)
2018-04-27 22:23:23 +02:00
Fabiano Fidêncio
94dacbcff1
Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit f47c82bc8d
)
2018-04-27 22:23:15 +02:00
Fabiano Fidêncio
d5953555e4
Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 64b69ec813
)
2018-04-27 22:23:08 +02:00
Fabiano Fidêncio
f585ce79e5
Resolves: upstream#3679 - Make nss netgroup requests more robust
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 8d67726a47
)
2018-04-27 22:23:03 +02:00
Fabiano Fidêncio
d4cc9f09a9
Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 8565df471c
)
2018-04-27 22:22:49 +02:00
Fabiano Fidêncio
69dd3e36eb
Resolves: upstream#3402 - Support alternative sources for the files provider
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 9709b73a3f
)
2018-04-27 22:22:43 +02:00
Fabiano Fidêncio
1ec14767eb
Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit a7d4f0b3f4
)
2018-04-27 22:22:38 +02:00
Fabiano Fidêncio
ff80480d02
IPA: Qualify the externalUser sudo attribute
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit ab53ba849a
)
2018-04-27 22:22:31 +02:00
Fabiano Fidêncio
11342ddfab
Tone down shutdown messages for socket activated responders
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit ef1d48a0c2
)
2018-04-27 22:22:16 +02:00
Fabiano Fidêncio
b1ddb6443b
Resolves: upstream#3558 - sudo: report error when two rules share cn
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit fcff118bbf
)
2018-04-27 22:22:09 +02:00
Fabiano Fidêncio
7809e6eedd
Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit f3d06df50d
)
2018-04-27 22:22:04 +02:00
Fabiano Fidêncio
2540bf426d
A few KCM misc fixes
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 32f2c81e59
)
2018-03-30 15:02:55 +02:00
Fabiano Fidêncio
4d8a2ac870
Resolves: upstream#3666 - Fix usage of str.decode() in our test
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 99da72db23
)
2018-03-30 15:02:49 +02:00
Fabiano Fidêncio
7d773ed035
Resolves: upstream#3386 - KCM: Payload buffer is too small
...
Related to: rhbz#1494843 - KCM Does not work
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 1c7376afc5
)
2018-03-30 15:02:43 +02:00
Fabiano Fidêncio
0392642064
Resolves: usptream#3687 - KCM: Don't pass a non null terminated string to json_loads()
...
Related to: rhbz#1494843 - KCM Does not work
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 73735e9522
)
2018-03-30 15:02:27 +02:00
Fabiano Fidêncio
4d2103b723
Resolves: upstream#3658 - Application domain is not interpreted correctly
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 563dd33f72
)
2018-03-30 15:02:19 +02:00
Fabiano Fidêncio
c126b3174c
Resolves: upstream#3660 - confdb_expand_app_domains() always fails
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 2c812f3cba
)
2018-03-30 15:02:08 +02:00
Fabiano Fidêncio
928c3e94ab
Resolves: upstream#3573 - sssd won't show netgroups with blank domai
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 40fe76feb8
)
2018-03-30 15:01:59 +02:00
Fabiano Fidêncio
d11cfce2ff
New upstream release 1.16.1
...
https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 62a3258629
)
2018-03-09 16:12:14 +01:00
Lukas Slebodnik
5eba7a8f1f
Resolves: upstream#3621 - backport bug found by static analyzers
2018-02-20 15:12:59 +01:00
Fabiano Fidêncio
4b1fe8a0ab
Resolves: upstream#3621: FleetCommander integration must not require capability DAC_OVERRIDE
...
Together with the patches backported from upstream, we're changing
the deskprofilepath permissions from 755 to 751, reflecting the
upstream spec file changes.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-02-14 23:03:25 +01:00
Fabiano Fidêncio
199a72e62a
Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-02-14 22:15:04 +01:00
Igor Gnatenko
11c6ee78b8
Remove BuildRoot definition
...
None of currently supported distributions need that.
It was needed last for EL5 which is EOL now
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-02-14 00:40:17 +01:00
Lukas Slebodnik
18ae44bc79
Resolves: upstream#3618 - selinux_child segfaults in a docker container
2018-02-07 22:04:27 +01:00
Lukas Slebodnik
f55e235d75
Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl
2018-02-06 13:11:55 +01:00
Lukas Slebodnik
e242e8ef93
Fix systemd executions/requirements
...
systemd was added to BuildRequires because it provides rpm macros
/usr/lib/rpm/macros.d/macros.systemd and it is unreliable to rely
on indirect dependency between systemd-devel and systemd
Related to: https://src.fedoraproject.org/rpms/sssd/pull-request/1
2018-02-06 13:04:26 +01:00
Lukas Slebodnik
6d370601d4
Revert "Workaround for BZ1537183"
...
This reverts commit 0a5a392684
.
nsupdate is fixed on rawhide.i686
2018-02-06 12:57:05 +01:00
Igor Gnatenko
a3b937064c
Fix systemd executions/requirements
...
Merges: https://src.fedoraproject.org/rpms/sssd/pull-request/1
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-01-25 20:42:01 +01:00
Lukas Slebodnik
ebdebbe467
Do not try to link with -Wl,-z,defs
...
https://bugzilla.redhat.com/show_bug.cgi?id=1535422
https://fedoraproject.org/wiki/Changes/BINUTILS2291
https://src.fedoraproject.org/rpms/redhat-rpm-config/blob/master/f/buildflags.md#strict-symbol-checks-in-the-link-editor-ld
sssd cannot be linked with -Wl,-z,defs atm.
2018-01-25 20:23:09 +01:00
Lukas Slebodnik
27d7dcb5bb
Revert "Override linker flags done in redhat-rpm-config-84-1.fc28"
...
This reverts commit 7cda4fbc6f
.
2018-01-25 20:18:39 +01:00
Lukas Slebodnik
b4343b24b6
Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS
2018-01-25 11:39:00 +01:00
Lukas Slebodnik
0a5a392684
Workaround for BZ1537183
...
unit test will pass but sssd will not be able to use nsupdate with realm
on i686
2018-01-23 15:11:46 +01:00
Lukas Slebodnik
7cda4fbc6f
Override linker flags done in redhat-rpm-config-84-1.fc28
...
https://bugzilla.redhat.com/show_bug.cgi?id=1535422
https://fedoraproject.org/wiki/Changes/BINUTILS2291
sssd cannot be linked with -Wl,-z,defs atm.
2018-01-23 14:37:32 +01:00
Lukas Slebodnik
b390855a98
Fix building of sssd-nfs-idmap with libnfsidmap.so.1
2018-01-11 16:53:36 +01:00
Björn Esser
f9e6094ac5
Rebuilt for libnfsidmap.so.1
2018-01-11 12:01:37 +01:00
Lukas Slebodnik
1dedfbb334
Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout
...
Resolves: upstream#3588 - sssd_nss consumes more memory until restarted
or machine swaps
Resolves: failure in glibc tests
https://sourceware.org/bugzilla/show_bug.cgi?id=22530
Resolves: upstream#3451 - When sssd is configured with id_provider proxy and
auth_provider ldap, login fails if the LDAP server
is not allowing anonymous binds
Resolves: upstream#3285 - SSSD needs restart after incorrect clock is
corrected with AD
Resolves: upstream#3586 - Give a more detailed debug and system-log message
if krb5_init_context() failed
Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet
in /etc/systemd/system
Backport few upstream features from 1.16.1
2017-12-04 21:42:37 +01:00
Lukas Slebodnik
ce65f7d9ee
Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next
2017-11-21 17:57:44 +01:00
Lukas Slebodnik
87763840cd
Revert "Disable nfsplugin due to bug rhbz#1509063"
...
This reverts commit b5c435b10b
.
nfs-utils are fixed
2017-11-21 17:56:54 +01:00
Jakub Hrozek
7781c9e992
Backport extended NSS API from upstream master branch
2017-11-17 18:06:26 +01:00
Lukas Slebodnik
b5c435b10b
Disable nfsplugin due to bug rhbz#1509063
2017-11-03 22:58:37 +01:00
Lukas Slebodnik
7ac8b3c4b5
Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade
2017-11-03 16:20:10 +01:00
Lukas Slebodnik
7667bd7429
Fix unit tests with libldb-1.3.0
2017-10-21 16:19:39 +02:00
Lukas Slebodnik
f2e72c8931
There are not empty lang files in 1.16.0
2017-10-20 23:18:12 +02:00
Lukas Slebodnik
4f58854911
New upstream release 1.16.0
...
https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html
2017-10-20 18:02:02 +02:00
Lukas Slebodnik
1aff49b48c
Fix build with krb5 1.16
2017-10-11 18:06:00 +02:00
Lukas Slebodnik
7069858231
Resolves: rhbz#1499354 - CVE-2017-12173
...
sssd: unsanitized input when searching in local cache database access on
the sock_file system_bus_socket
2017-10-11 17:48:41 +02:00
Lukas Slebodnik
8eda442b2e
Fix few bugs/regressions
...
Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access
on the sock_file system_bus_socket
Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and
fails to download desktop profile data
Resolves: upstream#3485 - getsidbyid does not work with 1.15.3
Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after
applying ID Views for them in IPA server
Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping
is applied
2017-09-12 09:22:07 +02:00
Lukas Slebodnik
fa4807ec45
Backport few upstream patches/fixes
2017-09-01 21:34:35 +02:00
Lukas Slebodnik
11cd64de1c
Add krb5 conf snippet for default KCM
...
http://fedoraproject.org/wiki/Releases/27/ChangeSet#Kerberos_KCM_credential_cache_by_default
https://bugzilla.redhat.com/show_bug.cgi?id=1421604
2017-09-01 21:34:20 +02:00