Patch 0017-sudo-ldap-do-not-store-rules-without-sudoHost-attrib.patch
has been commented out as it caused some regressions on IPA tests.
In order to unblock IPA folks, let's revert this patch from Fedora till
we have a proper fix.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 29d69716ad)
(cherry picked from commit e56517d602)
(cherry picked from commit b67161cd28)
For some reason still unclear we're *not* able to build SSSD on koji's
buildroot for armv7hl. Some tests have been done and SSSD was built
successfully using real armv7hl hardware, which indicates that we're
facing https://bugzilla.redhat.com/show_bug.cgi?id=1576593
As soon as the bug is resolved, this patch could be safely reverted.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit bc3790f5a0)
(cherry picked from commit 38221da669)
(cherry picked from commit af12cc5788)
Fix a non harmful warning shown by recent versions of OpenSSL.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 0a2c83fbd0)
(cherry picked from commit b6ae123d6b)
(cherry picked from commit 8ad6fab779)
Patch 0018-sysdb-custom-completely-replace-old-object-instead-o.patch
caused a regression, caught by lslebodn and reported by a few users.
Let's comment out this patch for now and uncomment it when we have a fix
that do not cause a regression.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 5254cdcca5)
(cherry picked from commit c715b8d660)
(cherry picked from commit 35934cf3ef)
Also ...
Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data
Provider returned an error
[org.freedesktop.sssd.Error.DataProvider.Fatal]
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 90dd145c92)
(cherry picked from commit 99a84c4b16)
(cherry picked from commit ec7c43bb5d)
Related to: rhbz#1494843 - KCM Does not work
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 1c7376afc5)
(cherry picked from commit 7d773ed035)
(cherry picked from commit 97df14ee0f)
Related to: rhbz#1494843 - KCM Does not work
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 73735e9522)
(cherry picked from commit 0392642064)
(cherry picked from commit 26eab693bb)
Together with the patches backported from upstream, we're changing
the deskprofilepath permissions from 755 to 751, reflecting the
upstream spec file changes.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 4b1fe8a0ab)
Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in
setnetgrent_result_timeout
Resolves: upstream#3562 - Use-after free if more sudo requests run and one
of them fails, causing a fail-over to a next server
Resolves: upstream#3588 - sssd_nss consumes more memory until restarted
or machine swaps
Resolves: failure in glibc tests
https://sourceware.org/bugzilla/show_bug.cgi?id=22530
Resolves: upstream#3451 - When sssd is configured with id_provider proxy and
auth_provider ldap, login fails if the LDAP server
is not allowing anonymous binds
Resolves: upstream#3285 - SSSD needs restart after incorrect clock is
corrected with AD
Resolves: upstream#3586 - Give a more detailed debug and system-log message
if krb5_init_context() failed
Resolves: rhbz#1479283 - proxy to files does not work with
implicit_files_domain
Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet
in /etc/systemd/system
sssd: unsanitized input when searching in local cache database access on
the sock_file system_bus_socket
(cherry picked from commit 7069858231)
(cherry picked from commit 4a8ad4c174)
Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access
on the sock_file system_bus_socket
Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and
fails to download desktop profile data
Resolves: upstream#3485 - getsidbyid does not work with 1.15.3
Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after
applying ID Views for them in IPA server
Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping
is applied
(cherry picked from commit 8eda442b2e)
(cherry picked from commit e15fc49cbf)
The plugin for cifs-utils can be built on all supported versions of fedora.
Conditions are required only in upstream spec file for older
distributions. Definition of constant with_cifs_utils_plugin is still
in the beginning of spec file for simpler comparison of changes
between upstream and fedora.
(cherry picked from commit 5ce8ae1166)
(cherry picked from commit 601bb9f4eb)