From 242b37bf2686eb2a4e2e5ebc11e3ab45b6b31cddda10d7e2c6d0a6bc35ae1daf Mon Sep 17 00:00:00 2001 From: Howard Guo Date: Wed, 30 Sep 2015 13:29:05 +0000 Subject: [PATCH] Accepting request 334998 from home:stroeder:branches:network:ldap update to 1.13.1, successfully tested on openSUSE 13.2 with sssd-ldap OBS-URL: https://build.opensuse.org/request/show/334998 OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=160 --- sssd-1.13.0.tar.gz | 3 - sssd-1.13.0.tar.gz.asc | 7 -- sssd-1.13.1.tar.gz | 3 + sssd-1.13.1.tar.gz.asc | 7 ++ sssd.changes | 196 +++++++++++++++++++++++++++++++++++++++++ sssd.spec | 4 +- 6 files changed, 208 insertions(+), 12 deletions(-) delete mode 100644 sssd-1.13.0.tar.gz delete mode 100644 sssd-1.13.0.tar.gz.asc create mode 100644 sssd-1.13.1.tar.gz create mode 100644 sssd-1.13.1.tar.gz.asc diff --git a/sssd-1.13.0.tar.gz b/sssd-1.13.0.tar.gz deleted file mode 100644 index b1b9e61..0000000 --- a/sssd-1.13.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:bd1dd95165bca02a08fbd0ea8ac6aa296bc339798d6c6566aee823c536718a5a -size 4417697 diff --git a/sssd-1.13.0.tar.gz.asc b/sssd-1.13.0.tar.gz.asc deleted file mode 100644 index 141d253..0000000 --- a/sssd-1.13.0.tar.gz.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iEYEABECAAYFAlWa1YEACgkQHsardTLnvCXJQACgtx+37IBGO6/nBGqBCx5Y/Eye -Su4AoIqcfMtZZnEPC/0D0TMwAGDBhv4i -=N/oh ------END PGP SIGNATURE----- diff --git a/sssd-1.13.1.tar.gz b/sssd-1.13.1.tar.gz new file mode 100644 index 0000000..74803ec --- /dev/null +++ b/sssd-1.13.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ff6425d455a5cae2359e32c8627832e67b5cc0bbec4081a16d926b6e1b431ae7 +size 4517171 diff --git a/sssd-1.13.1.tar.gz.asc b/sssd-1.13.1.tar.gz.asc new file mode 100644 index 0000000..8be2d3d --- /dev/null +++ b/sssd-1.13.1.tar.gz.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iEYEABECAAYFAlYLta0ACgkQHsardTLnvCX0lwCgzMl3DT9BbTgcXGcM0Q2AGLUf ++8QAoK5LZJdWZ+HcXC7ZIOTJ0vv9a9FB +=z5ez +-----END PGP SIGNATURE----- diff --git a/sssd.changes b/sssd.changes index a49b998..bedd0c3 100644 --- a/sssd.changes +++ b/sssd.changes @@ -1,3 +1,199 @@ +------------------------------------------------------------------- +Wed Sep 30 11:44:21 UTC 2015 - michael@stroeder.com + +- Update to new upstream release 1.13.1 +- libsss_ad_common.so not installed anymore + +== Highlights == + * Initial support for Smart Card authentication was added. The feature + can be activated with the new pam_cert_auth option + * The PAM prompting was enhanced so that when Two-Factor Authentication + is used, both factors (password and token) can be entered separately + on separate prompts. At the same time, only the long-term password is + cached, so offline access would still work using the long term password + * A new command line tool sss_override is present in this release. The + tools allows to override attributes on the SSSD side. It's helpful in + environment where e.g. some hosts need to have a different view of POSIX + attributes than others. Please note that the overrides are stored in + the cache as well, so removing the cache will also remove the overrides + * New methods were added to the SSSD D-Bus interface. Notably support + for looking up a user by certificate and looking up multiple users + using a wildcard was added. Please see the interface introspection or + the design pages for full details + * Several enhancements to the dynamic DNS update code. Notably, clients + that update multiple interfaces work better with this release + * This release supports authenticating againt a KDC proxy + * The fail over code was enhanced so that if a trusted domain is not + reachable, only that domain will be marked as inactive but the backed + would stay in online mode + * Several fixes to the GPO access control code are present + +== Packaging Changes == + * The Smart Card authentication feature requires a helper process + p11_child that needs to be marked as setgid if SSSD needs to be able + to. Please note the p11_child requires the NSS crypto library at the moment + * The sss_override tool was added along with its own manpage + * The upstream RPM can now build on RHEL/CentOS 6.7 + +== Documentation Changes == + * The config_file_version configuration option now defaults to 2. As + an effect, this option doesn't have to be set anymore unless the config + file format is changed again by SSSD upstream + * It is now possible to specify a comma-separated list of interfaces in + the dyndns_iface option + * The InfoPipe responder and the LDAP provider gained a new option + wildcard_lookup that specifies an upper limit on the number of entries + that can be returned with a wildcard lookup + * A new option dyndns_server was added. This option allows to attempt + a fallback DNS update against a specific DNS server. Please note this + option only works as a fallback, the first attempt will always be + performed against autodiscovered servers. + * The PAM responder gained a new option ca_db that allows the storage + of trusted CA certificates to be specified + * The time the p11_child is allowed to operate can be specified using + a new option p11_child_timeout + +== Tickets Fixed == + +https://fedorahosted.org/sssd/ticket/546 + [RFE] Support for smart cards +https://fedorahosted.org/sssd/ticket/1697 + sssd: incorrect checks on length values during packet decoding +https://fedorahosted.org/sssd/ticket/1926 + [RFE] Start the dynamic DNS update after the SSSD has been setup for + the first time +https://fedorahosted.org/sssd/ticket/1994 + Complain loudly if backend doesn't start due to missing or invalid keytab +https://fedorahosted.org/sssd/ticket/2275 + nested netgroups do not work in IPA provider +https://fedorahosted.org/sssd/ticket/2283 + test dyndns failed. +https://fedorahosted.org/sssd/ticket/2335 + Investigate using the krb5 responder for driving the PAM conversation + with OTPs +https://fedorahosted.org/sssd/ticket/2463 + Pass error messages via the extdom plugin +https://fedorahosted.org/sssd/ticket/2495 + [RFE]Allow sssd to add a new option that would specify which server + to update DNS with +https://fedorahosted.org/sssd/ticket/2549 + RFE: Support multiple interfaces with the dyndns_iface option +https://fedorahosted.org/sssd/ticket/2553 + RFE: Add support for wildcard-based cache updates +https://fedorahosted.org/sssd/ticket/2558 + Add dualstack and multihomed support +https://fedorahosted.org/sssd/ticket/2561 + Too much logging +https://fedorahosted.org/sssd/ticket/2579 + TRACKER: Support one-way trusts for IPA +https://fedorahosted.org/sssd/ticket/2581 + Re-check memcache after acquiring the lock in the client code +https://fedorahosted.org/sssd/ticket/2584 + RFE: Support client-side overrides +https://fedorahosted.org/sssd/ticket/2597 + Add index for 'objectSIDString' and maybe to other cache attributes +https://fedorahosted.org/sssd/ticket/2637 + RFE: Don't mark the main domain as offline if SSSD can't connect to + a subdomain +https://fedorahosted.org/sssd/ticket/2639 + RFE: Detect re-established trusts in the IPA subdomain code +https://fedorahosted.org/sssd/ticket/2652 + KDC proxy not working with SSSD krb5_use_kdcinfo enabled +https://fedorahosted.org/sssd/ticket/2676 + Group members are not turned into ghost entries when the user is purged + from the SSSD cache +https://fedorahosted.org/sssd/ticket/2682 + sudoOrder not honored as expected +https://fedorahosted.org/sssd/ticket/2688 + Default to config_file_version=2 +https://fedorahosted.org/sssd/ticket/2691 + GPO: PAM system error returned for PAM_ACCT_MGMT and offline mode +https://fedorahosted.org/sssd/ticket/2692 + GPO: Access denied due to using wrong sam_account_name +https://fedorahosted.org/sssd/ticket/2694 + CI: Fix ramshackle test_ipa_subdomains_server (FAIL: + test_ipa_subdom_server) +https://fedorahosted.org/sssd/ticket/2699 + SSSDConfig: wrong return type returned on python3 +https://fedorahosted.org/sssd/ticket/2700 + krb5_child should always consider online state to allow use of + MS-KKDC proxy +https://fedorahosted.org/sssd/ticket/2708 + Logging messages from user point of view +https://fedorahosted.org/sssd/ticket/2711 + [RFE] Provide interface for SSH to fetch user certificate +https://fedorahosted.org/sssd/ticket/2712 + Initgroups memory cache does not work with fq names +https://fedorahosted.org/sssd/ticket/2716 + Initgroups mmap cache needs update after db changes +https://fedorahosted.org/sssd/ticket/2717 + well-known SID check is broken for NetBIOS prefixes +https://fedorahosted.org/sssd/ticket/2718 + SSSD keytab validation check expects root ownership +https://fedorahosted.org/sssd/ticket/2719 + IPA: returned unknown dp error code with disabled migration mode +https://fedorahosted.org/sssd/ticket/2722 + Missing config options in gentoo init script +https://fedorahosted.org/sssd/ticket/2723 + Could not resolve AD user from root domain +https://fedorahosted.org/sssd/ticket/2724 + getgrgid for user's UID on a trust client prevents getpw* +https://fedorahosted.org/sssd/ticket/2725 + If AD site detection fails, not even ad_site override skipped +https://fedorahosted.org/sssd/ticket/2729 + Do not send SSS_OTP if both factors were entered separately +https://fedorahosted.org/sssd/ticket/2731 + searching SID by ID always checks all domains +https://fedorahosted.org/sssd/ticket/2733 + Don't use deprecated libraries (libsystemd-*) +https://fedorahosted.org/sssd/ticket/2737 + sss_override: add import and export commands +https://fedorahosted.org/sssd/ticket/2738 + Cannot build rpms from upstream spec file on rawhide +https://fedorahosted.org/sssd/ticket/2742 + When certificate is added via user-add-cert, it cannot be looked up + via org.freedesktop.sssd.infopipe.Users.FindByCertificate +https://fedorahosted.org/sssd/ticket/2743 + memory cache can work intermittently +https://fedorahosted.org/sssd/ticket/2744 + cleanup_groups should sanitize dn of groups +https://fedorahosted.org/sssd/ticket/2746 + the PAM srv test often fails on RHEL-7 +https://fedorahosted.org/sssd/ticket/2748 + test_memory_cache failed in invalidation cache before stop +https://fedorahosted.org/sssd/ticket/2749 + Fix crash in nss responder +https://fedorahosted.org/sssd/ticket/2754 + Clear environment and set restrictive umask in p11_child +https://fedorahosted.org/sssd/ticket/2757 + sss_override does not work correctly when 'use_fully_qualified_names + = True' +https://fedorahosted.org/sssd/ticket/2758 + sss_override contains an extra parameter --debug but is not listed in + the man page or in the arguments help +https://fedorahosted.org/sssd/ticket/2762 + [RFE] sssd: better feedback form constraint password change +https://fedorahosted.org/sssd/ticket/2768 + Test 'test_id_cleanup_exp_group' failed +https://fedorahosted.org/sssd/ticket/2772 + sssd cannot resolve user names containing backslash with ldap provider +https://fedorahosted.org/sssd/ticket/2773 + Make p11_child timeout configurable +https://fedorahosted.org/sssd/ticket/2777 + Fix memory leak in GPO +https://fedorahosted.org/sssd/ticket/2782 + sss_override : The local override user is not found +https://fedorahosted.org/sssd/ticket/2783 + REGRESSION: Dyndns soes not update reverse DNS records +https://fedorahosted.org/sssd/ticket/2790 + sss_override --name doesn't work with RFC2307 and ghost users +https://fedorahosted.org/sssd/ticket/2799 + unit tests do not link correctly on Debian +https://fedorahosted.org/sssd/ticket/2803 + Memory leak / possible DoS with krb auth. +https://fedorahosted.org/sssd/ticket/2805 + AD: Conditional jump or move depends on uninitialised value + ------------------------------------------------------------------- Thu Aug 20 08:34:44 UTC 2015 - jengelh@inai.de diff --git a/sssd.spec b/sssd.spec index 4b3b5af..98dfc99 100644 --- a/sssd.spec +++ b/sssd.spec @@ -17,7 +17,7 @@ Name: sssd -Version: 1.13.0 +Version: 1.13.1 Release: 0 Summary: System Security Services Daemon License: GPL-3.0+ and LGPL-3.0+ @@ -531,7 +531,6 @@ rm -f /var/lib/sss/db/*.ldb %defattr(-,root,root) %dir %_libdir/%name/ %_libdir/%name/libsss_ad.so -%_libdir/%name/libsss_ad_common.so %dir %_libexecdir/%name/ %_libexecdir/%name/gpo_child %dir %_datadir/%name/ @@ -620,6 +619,7 @@ rm -f /var/lib/sss/db/*.ldb %_sbindir/sss_useradd %_sbindir/sss_userdel %_sbindir/sss_usermod +%_sbindir/sss_override %dir %_mandir/??/man8/ %_mandir/??/man8/sss_*.8* %_mandir/man8/sss_*.8*