sssd-2.3.0-1: Rebase to latest upstream release

Signed-off-by: Mohan Boddu <mboddu@bhujji.com>

.gitignore

@@ -83,3 +83,7 @@ sssd-1.2.91.tar.gz
 /sssd-2.0.0.tar.gz
 /sssd-2.1.0.tar.gz
 /sssd-2.2.0.tar.gz
+/sssd-2.2.1.tar.gz
+/sssd-2.2.2.tar.gz
+/sssd-2.2.3.tar.gz
+/sssd-2.3.0.tar.gz

0001-PROXY-Return-data-in-output-parameter-if-everything-.patch

@@ -1,133 +0,0 @@
-From e1b678c0cce73494d986610920b03956c1dbb62a Mon Sep 17 00:00:00 2001
-From: Lukas Slebodnik <lslebodn@redhat.com>
-Date: Fri, 28 Jun 2019 16:27:21 +0200
-Subject: [PATCH] PROXY: Return data in output parameter if everything is OK
-
-The function remove_duplicate_group_members might return EOK also in the middle
-of function but return parameter was not set with right data.
-Processing continued in the function save_group but there was a
-dereference of NULL pointer.
-
-Introduced in: https://pagure.io/SSSD/sssd/issue/3931
-
-Crash:
-  (gdb) bt
-  #0  0x00007fb4ce4a9ac5 in save_group (sysdb=sysdb@entry=0x55c9a0efb230, dom=dom@entry=0x55c9a0efb420, grp=grp@entry=0x55c9a0f370f0, real_name=0x55c9a0f47340 "nobody@ldap",
-      alias=alias@entry=0x0) at src/providers/proxy/proxy_id.c:748
-  #1  0x00007fb4ce4aa600 in get_gr_gid (mem_ctx=mem_ctx@entry=0x55c9a0f38be0, sysdb=sysdb@entry=0x55c9a0efb230, dom=dom@entry=0x55c9a0efb420, gid=99, now=<optimized out>,
-      ctx=<optimized out>) at src/providers/proxy/proxy_id.c:1160
-  #2  0x00007fb4ce4ac9e5 in get_initgr_groups_process (pwd=0x55c9a0f384a0, pwd=0x55c9a0f384a0, dom=0x55c9a0efb420, sysdb=0x55c9a0efb230, ctx=0x55c9a0f048e0, memctx=0x55c9a0f38be0)
-      at src/providers/proxy/proxy_id.c:1553
-  #3  get_initgr (i_name=<optimized out>, dom=0x55c9a0efb420, sysdb=<optimized out>, ctx=0x55c9a0f048e0, mem_ctx=0x55c9a0f38b70) at src/providers/proxy/proxy_id.c:1461
-  #4  proxy_account_info (domain=0x55c9a0efb420, be_ctx=<optimized out>, data=<optimized out>, ctx=0x55c9a0f048e0, mem_ctx=0x55c9a0f38b70) at src/providers/proxy/proxy_id.c:1659
-  #5  proxy_account_info_handler_send (mem_ctx=<optimized out>, id_ctx=0x55c9a0f048e0, data=<optimized out>, params=0x55c9a0f39790) at src/providers/proxy/proxy_id.c:1758
-  #6  0x000055c99fc67677 in file_dp_request (_dp_req=<synthetic pointer>, req=0x55c9a0f39470, request_data=<optimized out>, dp_flags=1, method=DPM_ACCOUNT_HANDLER, target=DPT_ID,
-      name=<optimized out>, domainname=0x55c9a0f39190 "LDAP", provider=0x55c9a0efe0e0, mem_ctx=<optimized out>) at src/providers/data_provider/dp_request.c:250
-  #7  dp_req_send (mem_ctx=0x55c9a0f37b60, provider=provider@entry=0x55c9a0efe0e0, domain=domain@entry=0x55c9a0f39190 "LDAP", name=<optimized out>, target=target@entry=DPT_ID,
-      method=method@entry=DPM_ACCOUNT_HANDLER, dp_flags=dp_flags@entry=1, request_data=0x55c9a0f37c00, _request_name=0x55c9a0f37b60) at src/providers/data_provider/dp_request.c:295
-  #8  0x000055c99fc6a132 in dp_get_account_info_send (mem_ctx=<optimized out>, ev=0x55c9a0eddbc0, sbus_req=<optimized out>, provider=0x55c9a0efe0e0, dp_flags=1,
-      entry_type=<optimized out>, filter=0x55c9a0f358d0 "name=nobody@ldap", domain=0x55c9a0f39190 "LDAP", extra=0x55c9a0f354a0 "") at src/providers/data_provider/dp_target_id.c:528
-  #9  0x00007fb4da35265b in _sbus_sss_invoke_in_uusss_out_qus_step (ev=0x55c9a0eddbc0, te=<optimized out>, tv=..., private_data=<optimized out>) at src/sss_iface/sbus_sss_invokers.c:2847
-  #10 0x00007fb4d9cfb1cf in tevent_common_invoke_timer_handler () from /lib64/libtevent.so.0
-  #11 0x00007fb4d9cfb339 in tevent_common_loop_timer_delay () from /lib64/libtevent.so.0
-  #12 0x00007fb4d9cfc2f9 in epoll_event_loop_once () from /lib64/libtevent.so.0
-  #13 0x00007fb4d9cfa7b7 in std_event_loop_once () from /lib64/libtevent.so.0
-  #14 0x00007fb4d9cf5b5d in _tevent_loop_once () from /lib64/libtevent.so.0
-  #15 0x00007fb4d9cf5d8b in tevent_common_loop_wait () from /lib64/libtevent.so.0
-  #16 0x00007fb4d9cfa757 in std_event_loop_wait () from /lib64/libtevent.so.0
-  #17 0x00007fb4dd955ac3 in server_loop (main_ctx=0x55c9a0edf090) at src/util/server.c:724
-  #18 0x000055c99fc59760 in main (argc=8, argv=<optimized out>) at src/providers/data_provider_be.c:747
-  (gdb) l
-  (gdb) bt
-  #0  0x00007fb4ce4a9ac5 in save_group (sysdb=sysdb@entry=0x55c9a0efb230, dom=dom@entry=0x55c9a0efb420, grp=grp@entry=0x55c9a0f370f0, real_name=0x55c9a0f47340 "nobody@ldap",
-      alias=alias@entry=0x0) at src/providers/proxy/proxy_id.c:748
-  #1  0x00007fb4ce4aa600 in get_gr_gid (mem_ctx=mem_ctx@entry=0x55c9a0f38be0, sysdb=sysdb@entry=0x55c9a0efb230, dom=dom@entry=0x55c9a0efb420, gid=99, now=<optimized out>,
-      ctx=<optimized out>) at src/providers/proxy/proxy_id.c:1160
-  #2  0x00007fb4ce4ac9e5 in get_initgr_groups_process (pwd=0x55c9a0f384a0, pwd=0x55c9a0f384a0, dom=0x55c9a0efb420, sysdb=0x55c9a0efb230, ctx=0x55c9a0f048e0, memctx=0x55c9a0f38be0)
-      at src/providers/proxy/proxy_id.c:1553
-  #3  get_initgr (i_name=<optimized out>, dom=0x55c9a0efb420, sysdb=<optimized out>, ctx=0x55c9a0f048e0, mem_ctx=0x55c9a0f38b70) at src/providers/proxy/proxy_id.c:1461
-  #4  proxy_account_info (domain=0x55c9a0efb420, be_ctx=<optimized out>, data=<optimized out>, ctx=0x55c9a0f048e0, mem_ctx=0x55c9a0f38b70) at src/providers/proxy/proxy_id.c:1659
-  #5  proxy_account_info_handler_send (mem_ctx=<optimized out>, id_ctx=0x55c9a0f048e0, data=<optimized out>, params=0x55c9a0f39790) at src/providers/proxy/proxy_id.c:1758
-  #6  0x000055c99fc67677 in file_dp_request (_dp_req=<synthetic pointer>, req=0x55c9a0f39470, request_data=<optimized out>, dp_flags=1, method=DPM_ACCOUNT_HANDLER, target=DPT_ID,
-      name=<optimized out>, domainname=0x55c9a0f39190 "LDAP", provider=0x55c9a0efe0e0, mem_ctx=<optimized out>) at src/providers/data_provider/dp_request.c:250
-  #7  dp_req_send (mem_ctx=0x55c9a0f37b60, provider=provider@entry=0x55c9a0efe0e0, domain=domain@entry=0x55c9a0f39190 "LDAP", name=<optimized out>, target=target@entry=DPT_ID,
-      method=method@entry=DPM_ACCOUNT_HANDLER, dp_flags=dp_flags@entry=1, request_data=0x55c9a0f37c00, _request_name=0x55c9a0f37b60) at src/providers/data_provider/dp_request.c:295
-  #8  0x000055c99fc6a132 in dp_get_account_info_send (mem_ctx=<optimized out>, ev=0x55c9a0eddbc0, sbus_req=<optimized out>, provider=0x55c9a0efe0e0, dp_flags=1,
-      entry_type=<optimized out>, filter=0x55c9a0f358d0 "name=nobody@ldap", domain=0x55c9a0f39190 "LDAP", extra=0x55c9a0f354a0 "") at src/providers/data_provider/dp_target_id.c:528
-  #9  0x00007fb4da35265b in _sbus_sss_invoke_in_uusss_out_qus_step (ev=0x55c9a0eddbc0, te=<optimized out>, tv=..., private_data=<optimized out>) at src/sss_iface/sbus_sss_invokers.c:2847
-  #10 0x00007fb4d9cfb1cf in tevent_common_invoke_timer_handler () from /lib64/libtevent.so.0
-  #11 0x00007fb4d9cfb339 in tevent_common_loop_timer_delay () from /lib64/libtevent.so.0
-  #12 0x00007fb4d9cfc2f9 in epoll_event_loop_once () from /lib64/libtevent.so.0
-  #13 0x00007fb4d9cfa7b7 in std_event_loop_once () from /lib64/libtevent.so.0
-  #14 0x00007fb4d9cf5b5d in _tevent_loop_once () from /lib64/libtevent.so.0
-  #15 0x00007fb4d9cf5d8b in tevent_common_loop_wait () from /lib64/libtevent.so.0
-  #16 0x00007fb4d9cfa757 in std_event_loop_wait () from /lib64/libtevent.so.0
-  #17 0x00007fb4dd955ac3 in server_loop (main_ctx=0x55c9a0edf090) at src/util/server.c:724
-  #18 0x000055c99fc59760 in main (argc=8, argv=<optimized out>) at src/providers/data_provider_be.c:747
-  (gdb) l
-  733         ret = remove_duplicate_group_members(tmp_ctx, grp, &ngroup);
-  734         if (ret != EOK) {
-  735             DEBUG(SSSDBG_CRIT_FAILURE, "Failed to remove duplicate group member     s\n");
-  736             goto done;
-  737         }
-  738
-  739         DEBUG_GR_MEM(SSSDBG_TRACE_LIBS, ngroup);
-  740
-  741         ret = sysdb_transaction_start(sysdb);
-  742         if (ret != EOK) {
-  743             DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n");
-  744             goto done;
-  745         }
-  746         in_transaction = true;
-  747
-  748         if (ngroup->gr_mem && ngroup->gr_mem[0]) {
-  749             attrs = sysdb_new_attrs(tmp_ctx);
-  750             if (!attrs) {
-  751                 DEBUG(SSSDBG_CRIT_FAILURE, "Allocation error?!\n");
-  752                 ret = ENOMEM;
-  (gdb) p ngroup
-  $1 = (struct group *) 0x0
-  743             DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n");
-  744             goto done;
-  745         }
-  746         in_transaction = true;
-  747
-  748         if (ngroup->gr_mem && ngroup->gr_mem[0]) {
-  749             attrs = sysdb_new_attrs(tmp_ctx);
-  750             if (!attrs) {
-  751                 DEBUG(SSSDBG_CRIT_FAILURE, "Allocation error?!\n");
-  752                 ret = ENOMEM;
-  (gdb) p ngroup
-  $1 = (struct group *) 0x0
-
-Merges: https://pagure.io/SSSD/sssd/pull-request/4036
-
-Resolves:
-https://pagure.io/SSSD/sssd/issue/4037
-
-Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
----
- src/providers/proxy/proxy_id.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/src/providers/proxy/proxy_id.c b/src/providers/proxy/proxy_id.c
-index e1be29076..91105ce5a 100644
---- a/src/providers/proxy/proxy_id.c
-+++ b/src/providers/proxy/proxy_id.c
-@@ -698,10 +698,12 @@ static errno_t remove_duplicate_group_members(TALLOC_CTX *mem_ctx,
-     }
-     grp->gr_mem[i] = NULL;
- 
--    *_grp = talloc_steal(mem_ctx, grp);
-     ret = EOK;
- 
- done:
-+    if (ret == EOK) {
-+        *_grp = talloc_steal(mem_ctx, grp);
-+    }
-     talloc_zfree(tmp_ctx);
- 
-     return ret;
--- 
-2.20.1
-

0001-test-avoid-endian-issues-in-network-tests.patch

@@ -0,0 +1,38 @@
+From 88a0c39b341098f92725458b2055faaaf2bbad5b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
+Date: Wed, 20 May 2020 12:07:13 +0200
+Subject: [PATCH] test: avoid endian issues in network tests
+
+---
+ src/tests/cmocka/test_nss_srv.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/src/tests/cmocka/test_nss_srv.c b/src/tests/cmocka/test_nss_srv.c
+index 2c91d0a23fe4ce6e66fee70da7501b0ec5f0feb8..3cd7809cf001f5f8ac68fcd191e05660b40cd267 100644
+--- a/src/tests/cmocka/test_nss_srv.c
++++ b/src/tests/cmocka/test_nss_srv.c
+@@ -35,6 +35,7 @@
+ #include "util/util_sss_idmap.h"
+ #include "util/crypto/sss_crypto.h"
+ #include "util/crypto/nss/nss_util.h"
++#include "util/sss_endian.h"
+ #include "db/sysdb_private.h"   /* new_subdomain() */
+ #include "db/sysdb_iphosts.h"
+ #include "db/sysdb_ipnetworks.h"
+@@ -5308,7 +5309,13 @@ struct netent test_netent = {
+     .n_name = discard_const("test_network"),
+     .n_aliases = discard_const(test_netent_aliases),
+     .n_addrtype = AF_INET,
++#if (__BYTE_ORDER == __LITTLE_ENDIAN)
+     .n_net = 0x04030201 /* 1.2.3.4 */
++#elif (__BYTE_ORDER == __BIG_ENDIAN)
++    .n_net = 0x01020304 /* 1.2.3.4 */
++#else
++ #error "unknow endianess"
++#endif
+ };
+ 
+ static void mock_input_netbyname(const char *name)
+-- 
+2.20.1
+

0002-MONITOR-Don-t-check-for-the-nscd-socket-while-regene.patch

@@ -1,106 +0,0 @@
-From 0a10d863f4186a18d4622e72065c8aa66b6bfa17 Mon Sep 17 00:00:00 2001
-From: Jakub Hrozek <jhrozek@redhat.com>
-Date: Tue, 18 Jun 2019 21:21:08 +0200
-Subject: [PATCH] MONITOR: Don't check for the nscd socket while regenerating
- configuration
-
-https://pagure.io/SSSD/sssd/issue/4028
-
-In setups where only sssd-kcm is used and not the rest of SSSD, seeing
-the nscd warning might be irritating.
-
-Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
----
- src/monitor/monitor.c | 69 ++++++++++++++++++++++---------------------
- 1 file changed, 35 insertions(+), 34 deletions(-)
-
-diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c
-index 33a28a09f..d3f8c8878 100644
---- a/src/monitor/monitor.c
-+++ b/src/monitor/monitor.c
-@@ -2480,40 +2480,8 @@ int main(int argc, const char *argv[])
-     }
- #endif
- 
--    /* Warn if nscd seems to be running */
--    ret = check_file(NSCD_SOCKET_PATH,
--                     -1, -1, S_IFSOCK, S_IFMT, NULL, false);
--    if (ret == EOK) {
--        ret = sss_nscd_parse_conf(NSCD_CONF_PATH);
--
--        switch (ret) {
--            case ENOENT:
--                sss_log(SSS_LOG_NOTICE,
--                        "NSCD socket was detected. NSCD caching capabilities "
--                        "may conflict with SSSD for users and groups. It is "
--                        "recommended not to run NSCD in parallel with SSSD, "
--                        "unless NSCD is configured not to cache the passwd, "
--                        "group, netgroup and services nsswitch maps.");
--                break;
--
--            case EEXIST:
--                sss_log(SSS_LOG_NOTICE,
--                        "NSCD socket was detected and seems to be configured "
--                        "to cache some of the databases controlled by "
--                        "SSSD [passwd,group,netgroup,services]. It is "
--                        "recommended not to run NSCD in parallel with SSSD, "
--                        "unless NSCD is configured not to cache these.");
--                break;
--
--            case EOK:
--                DEBUG(SSSDBG_TRACE_FUNC, "NSCD socket was detected and it "
--                            "seems to be configured not to interfere with "
--                            "SSSD's caching capabilities\n");
--        }
--    }
--
--    /* Check if the SSSD is already running unless we're only interested
--     * in re-reading the configuration
-+    /* Check if the SSSD is already running and for nscd conflicts unless we're
-+     * only interested in re-reading the configuration
-      */
-     if (opt_genconf == 0) {
-         ret = check_file(SSSD_PIDFILE, 0, 0, S_IFREG|0600, 0, NULL, false);
-@@ -2523,6 +2491,39 @@ int main(int argc, const char *argv[])
-             ERROR("SSSD is already running\n");
-             return 2;
-         }
-+
-+        /* Warn if nscd seems to be running */
-+        ret = check_file(NSCD_SOCKET_PATH,
-+                         -1, -1, S_IFSOCK, S_IFMT, NULL, false);
-+        if (ret == EOK) {
-+            ret = sss_nscd_parse_conf(NSCD_CONF_PATH);
-+
-+            switch (ret) {
-+                case ENOENT:
-+                    sss_log(SSS_LOG_NOTICE,
-+                            "NSCD socket was detected. NSCD caching capabilities "
-+                            "may conflict with SSSD for users and groups. It is "
-+                            "recommended not to run NSCD in parallel with SSSD, "
-+                            "unless NSCD is configured not to cache the passwd, "
-+                            "group, netgroup and services nsswitch maps.");
-+                    break;
-+
-+                case EEXIST:
-+                    sss_log(SSS_LOG_NOTICE,
-+                            "NSCD socket was detected and seems to be configured "
-+                            "to cache some of the databases controlled by "
-+                            "SSSD [passwd,group,netgroup,services]. It is "
-+                            "recommended not to run NSCD in parallel with SSSD, "
-+                            "unless NSCD is configured not to cache these.");
-+                    break;
-+
-+                case EOK:
-+                    DEBUG(SSSDBG_TRACE_FUNC, "NSCD socket was detected and it "
-+                                "seems to be configured not to interfere with "
-+                                "SSSD's caching capabilities\n");
-+            }
-+        }
-+
-     }
- 
-     /* Parse config file, fail if cannot be done */
--- 
-2.20.1
-

0502-SYSTEMD-Use-capabilities.patch

@@ -17,9 +17,9 @@ index 0c515d34caaa3ea397c4c7e95eef0188df170840..252889dbb2b7b1e651966258e7b76eab
  NotifyAccess=main
  PIDFile=@pidpath@/sssd.pid
 +CapabilityBoundingSet=CAP_IPC_LOCK CAP_CHOWN CAP_DAC_READ_SEARCH CAP_KILL CAP_NET_ADMIN CAP_SYS_NICE CAP_FOWNER CAP_SETGID CAP_SETUID CAP_SYS_ADMIN CAP_SYS_RESOURCE CAP_BLOCK_SUSPEND
+ Restart=on-failure
  
  [Install]
- WantedBy=multi-user.target
 -- 
 2.15.1
 

sources

@@ -1 +1 @@
-SHA512 (sssd-2.2.0.tar.gz) = 9ebd8784e1f0c72cb808bbc153c0b0aa9bf507938f78336a260073a89b49350dc2c6172653509738ea7a50bb9da596725e1d6c92f99c7a03308aa42f6378dbbb
+SHA512 (sssd-2.3.0.tar.gz) = 72fc69018c4b8a71198f4a82e89d49d7a5c513e9291deff2f8e0e132cbd67341a8fa89598d28fcc1d785497526c9eeffe9b261c751524ee0e553badf0f748d59

sssd.spec

@@ -35,16 +35,15 @@
 %endif
 
 Name: sssd
-Version: 2.2.0
-Release: 4%{?dist}
+Version: 2.3.0
+Release: 1%{?dist}
 Summary: System Security Services Daemon
 License: GPLv3+
-URL: https://pagure.io/SSSD/sssd/
-Source0: https://releases.pagure.org/SSSD/sssd/%{name}-%{version}.tar.gz
+URL: https://gihub.com/SSSD/sssd/
+Source0: https://github.com/SSSD/sssd/releases/download/sssd-2_3_0/sssd-2.3.0.tar.gz
 
 ### Patches ###
-Patch0001: 0001-PROXY-Return-data-in-output-parameter-if-everything-.patch
-Patch0002: 0002-MONITOR-Don-t-check-for-the-nscd-socket-while-regene.patch
+Patch0001: 0001-test-avoid-endian-issues-in-network-tests.patch
 
 ### Downstream only patches ###
 Patch0502: 0502-SYSTEMD-Use-capabilities.patch
@@ -73,6 +72,7 @@ Suggests: sssd-dbus = %{version}-%{release}
 
 ### Build Dependencies ###
 
+BuildRequires: make
 BuildRequires: autoconf
 BuildRequires: automake
 BuildRequires: libtool
@@ -208,6 +208,7 @@ Requires: sssd-common = %{version}-%{release}
 # required by sss_obfuscate
 Requires: python3-sss = %{version}-%{release}
 Requires: python3-sssdconfig = %{version}-%{release}
+Recommends: sssd-dbus
 
 %description tools
 Provides userspace tools for manipulating users, groups, and nested groups in
@@ -775,6 +776,7 @@ done
 %{_datadir}/sssd/systemtap/id_perf.stp
 %{_datadir}/sssd/systemtap/nested_group_perf.stp
 %{_datadir}/sssd/systemtap/dp_request.stp
+%{_datadir}/sssd/systemtap/ldap_perf.stp
 %dir %{_datadir}/systemtap
 %dir %{_datadir}/systemtap/tapset
 %{_datadir}/systemtap/tapset/sssd.stp
@@ -786,6 +788,7 @@ done
 %license COPYING
 %{_libdir}/%{name}/libsss_ldap.so
 %{_mandir}/man5/sssd-ldap.5*
+%{_mandir}/man5/sssd-ldap-attributes.5*
 
 %files krb5-common
 %license COPYING
@@ -1069,6 +1072,75 @@ fi
                                 %{_libdir}/%{name}/modules/libwbclient.so
 
 %changelog
+* Wed May 20 2020 Pavel Březina <pbrezina@redhat.com> - 2.3.0-1
+- Rebase to SSSD 2.3.0
+
+* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-13
+- Resolves: upstream#4159 - p11_child should have an option to skip
+                            C_WaitForSlotEvent if the PKCS#11 module does not
+                            implement it properly
+
+* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-12
+- Resolves: upstream#4135 - util/sss_ptr_hash.c: potential double free in
+                            `sss_ptr_hash_delete_cb()`
+
+* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-11
+- Resolves: upstream#4118 - sssd requires timed sudoers ldap entries to be
+  specified up to the seconds
+
+* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-11
+- Add sssd-dbus package as a dependency of sssd-tools
+
+* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-10
+- Resolves: upstream#4142 - sssd_be frequent crash
+
+* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-9
+- Resolves: upstream#4131 Force LDAPS over 636 with AD Provider
+
+* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-8
+- Resolves: upstream#3630 - Randomize ldap_connection_expire_timeout either
+                            by default or w/ a configure option
+
+* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-7
+- Resolves: upstream#4135 - util/sss_ptr_hash.c: potential double free in
+                            `sss_ptr_hash_delete_cb()`
+* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-6
+- Resolves: upstream#4088 - server/be: SIGTERM handling is incorrect
+
+* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-5
+- Resolves: upstream##4089 Watchdog implementation or usage is incorrect
+
+* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-4
+- Resolves: upstream#4126 pcscd rejecting sssd ldap_child as unauthorized
+
+* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-3
+- Resolves: upstream#4127 - [Doc]Provide explanation on escape character for
+                            match rules sss-certmap
+
+* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-2
+- Resolves: upstream#4129 - sssctl config-check command does not give proper
+                            error messages with line numbers
+
+* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-1
+- Update to latest released upstream version
+- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_2_2_3.htm
+
+* Tue Oct 22 2019 Adam Williamson <awilliam@redhat.com> - 2.2.2-3
+- Resolves: rhbz#1755643 - Upgrade to sssd 2.2.2-1.fc30 breaks setting
+                           up FreeIPA replica in containers
+
+* Tue Oct 22 2019 Adam Williamson <awilliam@redhat.com> - 2.2.2-2
+- Resolves: rhbz#1757224 - Tickets act like they're expiring prematurely
+                           when using KCM cache
+
+* Wed Sep 11 2019 Michal Židek <mzidek@redhat.com> - 2.2.2-1
+- Update to latest released upstream version
+- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_2_2_2.html
+- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_2_2_1.html
+
+* Tue Aug 27 2019 Mohan Boddu <mboddu@bhujji.com> - 2.2.0-5
+- Rebuilding for libldb 2.0.5
+
 * Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.0-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild