From 7d719753b571fdae0a3d2b975a30fe0ee763c3deb5b4d4fee3094e02d01ce73b Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Thu, 14 Apr 2022 23:20:29 +0000 Subject: [PATCH 1/6] - Update to release 2.7.0 OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=262 --- sssd-2.6.3.tar.gz | 3 --- sssd-2.6.3.tar.gz.asc | 11 ----------- sssd-2.7.0.tar.gz | 3 +++ sssd-2.7.0.tar.gz.asc | 16 +++++++++++++++ sssd.changes | 12 ++++++++++++ sssd.spec | 45 +++++++++++++++++++++++-------------------- 6 files changed, 55 insertions(+), 35 deletions(-) delete mode 100644 sssd-2.6.3.tar.gz delete mode 100644 sssd-2.6.3.tar.gz.asc create mode 100644 sssd-2.7.0.tar.gz create mode 100644 sssd-2.7.0.tar.gz.asc diff --git a/sssd-2.6.3.tar.gz b/sssd-2.6.3.tar.gz deleted file mode 100644 index 05ccbda..0000000 --- a/sssd-2.6.3.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:3dd820b3da90cddbcb1041ef3c16102d78aad9d8c9ab25630e0c14a2f8992b18 -size 7510020 diff --git a/sssd-2.6.3.tar.gz.asc b/sssd-2.6.3.tar.gz.asc deleted file mode 100644 index 753fb43..0000000 --- a/sssd-2.6.3.tar.gz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCAAdFiEEGkHcZ1BfiaMwgotmr/513ehQjhIFAmHv2rIACgkQr/513ehQ -jhK34ggAwKpJotxYdcCMbNVqj7oEFyjedbU8zvFuoV5c3E2L062wBEQnW4TcRs2B -A0NNJrl9mwJc92+7mywhL/GCLlm/sefltvQGM+QS2GVaaMBgRcZmyg9Qi6v2BDzp -hhpx3PxKmcOKbHstSnwAjUaqsKfwCJaPBT/43rR+WskWt6BJy0SiOPGNiTO7yZ/U -uh90qrUBLsoWmRICldRdOVbdWV08AJBkng09uMiCAhMhAj/xk1mPCw2fwslBpJtg -m5KaZZuRrzZC3qQqBzWUSDRx6EyljZkGFZW1qTgBaEQhopOz6K6h6xS7NqHGJO8k -cLCtAysTxFkTaJBsuV7a/BL8c64rZg== -=tt82 ------END PGP SIGNATURE----- diff --git a/sssd-2.7.0.tar.gz b/sssd-2.7.0.tar.gz new file mode 100644 index 0000000..5f3ff8b --- /dev/null +++ b/sssd-2.7.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:74acbcac1d98da486734a746e516e9bd8e9641a4b5a1a666b1900e9203d2e921 +size 7556843 diff --git a/sssd-2.7.0.tar.gz.asc b/sssd-2.7.0.tar.gz.asc new file mode 100644 index 0000000..a3086df --- /dev/null +++ b/sssd-2.7.0.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEwTzQf/stsUCORXo809IbKRDPZ1kFAmJYInwACgkQ09IbKRDP +Z1ljfg//Vqw4Vcj6fSq9/75GyGcK+Ss26ysi0JVkp+GKVYOxUn2hVyJrOiTxSCL1 +vQaIrHLsaeZRRzpfnrCJYwsi06l+gbn6p15u05a9T15ryR5GIKYcdAohYwqqh0KE +GU8k4r1SoEcPtnFBjMhaF+hQgVkNJc+YaPnJg+CVgWpBaf6yWYzciBdX8f/HSsG6 +LlPVcKPAClt3lHCdIPjy8bIXhcBRQpZdZxvfnUnwed41QjQMJf1QHaPU+gxsX65d +d4W0QYPjuUM/2lPKN/tRSDmwnC1FTlotci2C1oBbAWleYImFb6OOODyeX7HDDOcc +Te9w/Dn5vO6og+ybhDH9wARfKgnhi37roT5mpl0AizgSIRl3lYqY0zGCYnS80uhO +zewW+2Dtpi+1PeAUuJ3iR3LkrQ8jZnNVBv+h9vkn1KeW7UYK0eiiGVHODyYwkw/8 +TAQeQaV3tzrK1xo0VM7cxUIXvrWcAeCifSoa/WDoA/WEnJrtN6emWd0qKSulQmvI +CN4QX1DO+W9a22pf3ZInQL6otoJ4NyW+YxsaCLvQ363OfHcI29tVvcUOIFZJuebY +n03PguhWFNOhSuEXPJ+jXyO/KyuowPyJEFjkZgLIrldKiQyKicTsL8P2ADgc998S +bF7b8pi2Y60otOA6s0LWvR8RSnBRVIPJgplMNERjOv0AdbnjOwk= +=GJ8P +-----END PGP SIGNATURE----- diff --git a/sssd.changes b/sssd.changes index 4f61493..ca1f827 100644 --- a/sssd.changes +++ b/sssd.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Thu Apr 14 22:43:03 UTC 2022 - Jan Engelhardt + +- Update to release 2.7.0 + * Better default for IPA/AD re_expression. Tunning for group + names containing '@' is no longer needed. + * A new debug level is added to show statistical and + performance data. + * Added support for anonymous PKINIT to get FAST credentials. + * SSSD now correctly falls back to UPN search if the user was + not found even with `cache_first = true`. + ------------------------------------------------------------------- Mon Feb 21 14:50:38 UTC 2022 - Callum Farmer diff --git a/sssd.spec b/sssd.spec index c6a29c0..81901a1 100644 --- a/sssd.spec +++ b/sssd.spec @@ -1,7 +1,7 @@ # # spec file for package sssd # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,13 +17,13 @@ Name: sssd -Version: 2.6.3 +Version: 2.7.0 Release: 0 Summary: System Security Services Daemon License: GPL-3.0-or-later and LGPL-3.0-or-later Group: System/Daemons -URL: https://pagure.io/SSSD/sssd -#Git-Clone: https://pagure.io/SSSD/sssd +URL: https://github.com/SSSD/sssd +#Git-Clone: https://github.com/SSSD/sssd Source: https://github.com/SSSD/sssd/releases/download/%version/%name-%version.tar.gz Source2: https://github.com/SSSD/sssd/releases/download/%version/%name-%version.tar.gz.asc Source3: baselibs.conf @@ -61,6 +61,7 @@ BuildRequires: pkgconfig(jansson) BuildRequires: pkgconfig(ldb) >= 0.9.2 BuildRequires: pkgconfig(libcares) BuildRequires: pkgconfig(libcrypto) +BuildRequires: pkgconfig(libcurl) BuildRequires: pkgconfig(libnfsidmap) BuildRequires: pkgconfig(libnl-3.0) >= 3.0 BuildRequires: pkgconfig(libnl-route-3.0) >= 3.0 @@ -371,23 +372,24 @@ export PATH="$PATH:/usr/sbin" autoreconf -fiv %configure \ - --with-db-path="%dbpath" \ - --with-pipe-path="%pipepath" \ - --with-pubconf-path="%pubconfpath" \ - --with-gpo-cache-path="%gpocachepath" \ - --with-init-dir="%_initrddir" \ - --with-environment-file="%_sysconfdir/sysconfig/sssd" \ - --with-initscript=systemd \ - --with-syslog=journald \ - --with-pid-path="%_rundir" \ - --enable-nsslibdir="/%_lib" \ - --enable-pammoddir="/%_lib/security" \ - --with-ldb-lib-dir="%ldbdir" \ - --with-selinux=yes \ - --with-os=suse \ - --disable-ldb-version-check \ - --without-secrets \ - --without-python2-bindings + --with-db-path="%dbpath" \ + --with-pipe-path="%pipepath" \ + --with-pubconf-path="%pubconfpath" \ + --with-gpo-cache-path="%gpocachepath" \ + --with-init-dir="%_initrddir" \ + --with-environment-file="%_sysconfdir/sysconfig/sssd" \ + --with-initscript=systemd \ + --with-syslog=journald \ + --with-pid-path="%_rundir" \ + --enable-nsslibdir="/%_lib" \ + --enable-pammoddir="/%_lib/security" \ + --with-ldb-lib-dir="%ldbdir" \ + --with-selinux=yes \ + --with-os=suse \ + --disable-ldb-version-check \ + --without-secrets \ + --without-python2-bindings \ + --without-oidc-child %make_build all %install @@ -588,6 +590,7 @@ fi /%_lib/security/pam_sss_gss.so %_libdir/krb5/ %_libdir/%name/modules/sssd_krb5_localauth_plugin.so +%_libdir/%name/modules/sssd_krb5_idp_plugin.so %_mandir/??/man8/sssd_krb5_locator_plugin.8* %_mandir/??/man8/pam_sss.8* %_mandir/??/man8/pam_sss_gss.8* From ec78c6fe44a54ad6afdcb14a7bcde24e0f27665e35bee7db79a088dbc9cbab48 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Mon, 16 May 2022 21:49:53 +0000 Subject: [PATCH 2/6] - Enable subid_sss OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=263 --- sssd.changes | 5 +++++ sssd.spec | 8 +++++++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/sssd.changes b/sssd.changes index ca1f827..9a2948e 100644 --- a/sssd.changes +++ b/sssd.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon May 16 21:49:38 UTC 2022 - Jan Engelhardt + +- Enable subid_sss + ------------------------------------------------------------------- Thu Apr 14 22:43:03 UTC 2022 - Jan Engelhardt diff --git a/sssd.spec b/sssd.spec index 81901a1..b4bfe61 100644 --- a/sssd.spec +++ b/sssd.spec @@ -78,6 +78,9 @@ BuildRequires: pkgconfig(tdb) >= 1.1.3 BuildRequires: pkgconfig(tevent) BuildRequires: pkgconfig(uuid) BuildRequires: pkgconfig(libsemanage) +%if 0%{?suse_version} >= 1550 +BuildRequires: libsubid-devel +%endif %{?systemd_ordering} Requires: sssd-ldap = %version-%release Requires(postun): pam-config @@ -385,6 +388,9 @@ autoreconf -fiv --enable-pammoddir="/%_lib/security" \ --with-ldb-lib-dir="%ldbdir" \ --with-selinux=yes \ +%if 0%{?suse_version} >= 1550 + --with-subid \ +%endif --with-os=suse \ --disable-ldb-version-check \ --without-secrets \ @@ -591,13 +597,13 @@ fi %_libdir/krb5/ %_libdir/%name/modules/sssd_krb5_localauth_plugin.so %_libdir/%name/modules/sssd_krb5_idp_plugin.so +%_libdir/libsubid_sss.so %_mandir/??/man8/sssd_krb5_locator_plugin.8* %_mandir/??/man8/pam_sss.8* %_mandir/??/man8/pam_sss_gss.8* %_mandir/man8/pam_sss.8* %_mandir/man8/pam_sss_gss.8* %_mandir/man8/sssd_krb5_locator_plugin.8* -%_mandir/uk/man8/pam_sss_gss.8* # cifs idmap plugin %dir %_sysconfdir/cifs-utils %cifs_idmap_plugin From d571ac484c808de0d81d266bdc8c5034ed8eadb3c586706bae2e51d64ab1bfa8 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Mon, 16 May 2022 22:01:31 +0000 Subject: [PATCH 3/6] remove 1550 condition; the package builds on TW only anyway OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=264 --- sssd.spec | 4 ---- 1 file changed, 4 deletions(-) diff --git a/sssd.spec b/sssd.spec index b4bfe61..bbbbbc0 100644 --- a/sssd.spec +++ b/sssd.spec @@ -78,9 +78,7 @@ BuildRequires: pkgconfig(tdb) >= 1.1.3 BuildRequires: pkgconfig(tevent) BuildRequires: pkgconfig(uuid) BuildRequires: pkgconfig(libsemanage) -%if 0%{?suse_version} >= 1550 BuildRequires: libsubid-devel -%endif %{?systemd_ordering} Requires: sssd-ldap = %version-%release Requires(postun): pam-config @@ -388,9 +386,7 @@ autoreconf -fiv --enable-pammoddir="/%_lib/security" \ --with-ldb-lib-dir="%ldbdir" \ --with-selinux=yes \ -%if 0%{?suse_version} >= 1550 --with-subid \ -%endif --with-os=suse \ --disable-ldb-version-check \ --without-secrets \ From e0bab6257e4372419624c927bdfffc725ea16ea11a88b401be55d83eaeaa397f Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Thu, 2 Jun 2022 15:32:20 +0000 Subject: [PATCH 4/6] - Update to release 2.7.1 OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=265 --- sssd-2.7.0.tar.gz | 3 --- sssd-2.7.0.tar.gz.asc | 16 ---------------- sssd-2.7.1.tar.gz | 3 +++ sssd-2.7.1.tar.gz.asc | 16 ++++++++++++++++ sssd.changes | 16 ++++++++++++++++ sssd.spec | 3 ++- 6 files changed, 37 insertions(+), 20 deletions(-) delete mode 100644 sssd-2.7.0.tar.gz delete mode 100644 sssd-2.7.0.tar.gz.asc create mode 100644 sssd-2.7.1.tar.gz create mode 100644 sssd-2.7.1.tar.gz.asc diff --git a/sssd-2.7.0.tar.gz b/sssd-2.7.0.tar.gz deleted file mode 100644 index 5f3ff8b..0000000 --- a/sssd-2.7.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:74acbcac1d98da486734a746e516e9bd8e9641a4b5a1a666b1900e9203d2e921 -size 7556843 diff --git a/sssd-2.7.0.tar.gz.asc b/sssd-2.7.0.tar.gz.asc deleted file mode 100644 index a3086df..0000000 --- a/sssd-2.7.0.tar.gz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEwTzQf/stsUCORXo809IbKRDPZ1kFAmJYInwACgkQ09IbKRDP -Z1ljfg//Vqw4Vcj6fSq9/75GyGcK+Ss26ysi0JVkp+GKVYOxUn2hVyJrOiTxSCL1 -vQaIrHLsaeZRRzpfnrCJYwsi06l+gbn6p15u05a9T15ryR5GIKYcdAohYwqqh0KE -GU8k4r1SoEcPtnFBjMhaF+hQgVkNJc+YaPnJg+CVgWpBaf6yWYzciBdX8f/HSsG6 -LlPVcKPAClt3lHCdIPjy8bIXhcBRQpZdZxvfnUnwed41QjQMJf1QHaPU+gxsX65d -d4W0QYPjuUM/2lPKN/tRSDmwnC1FTlotci2C1oBbAWleYImFb6OOODyeX7HDDOcc -Te9w/Dn5vO6og+ybhDH9wARfKgnhi37roT5mpl0AizgSIRl3lYqY0zGCYnS80uhO -zewW+2Dtpi+1PeAUuJ3iR3LkrQ8jZnNVBv+h9vkn1KeW7UYK0eiiGVHODyYwkw/8 -TAQeQaV3tzrK1xo0VM7cxUIXvrWcAeCifSoa/WDoA/WEnJrtN6emWd0qKSulQmvI -CN4QX1DO+W9a22pf3ZInQL6otoJ4NyW+YxsaCLvQ363OfHcI29tVvcUOIFZJuebY -n03PguhWFNOhSuEXPJ+jXyO/KyuowPyJEFjkZgLIrldKiQyKicTsL8P2ADgc998S -bF7b8pi2Y60otOA6s0LWvR8RSnBRVIPJgplMNERjOv0AdbnjOwk= -=GJ8P ------END PGP SIGNATURE----- diff --git a/sssd-2.7.1.tar.gz b/sssd-2.7.1.tar.gz new file mode 100644 index 0000000..58d259b --- /dev/null +++ b/sssd-2.7.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8eebd541a640aec95ed4b2da89713f0cbe8e4edf96895fbb972c0b9d570635c3 +size 7600254 diff --git a/sssd-2.7.1.tar.gz.asc b/sssd-2.7.1.tar.gz.asc new file mode 100644 index 0000000..24ec09a --- /dev/null +++ b/sssd-2.7.1.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEwTzQf/stsUCORXo809IbKRDPZ1kFAmKYnLAACgkQ09IbKRDP +Z1k+/Q/+Ilj74nVV0jAshsU7NHJ1z4aGBgHthSkVHiY8asnvo4sbwZmaIZe1p+Vj ++X39TYD/tYAI+uX5oC+ePF5Z14buMPl34vok0rWCUlbLpQ7wdPufxM3ekPv7gY1E +bbdHnt+2NTn067ijNNO7jfUoMaF352z8ZDkcwp4+0jdbg8d1RrvZoIZ1Sm7cts4f +tJGRns+Fx7BsPT80B0MzC8IcyHU1BzPtHiOXaok93TJzsJaiFNEL5OQQ9TEtVWto +YLx4qde+V2Uo7ZwfPiwZDGo7fAhEH+8ejPRQq/kuuo1rJHbKffeQF8Ofa4JtdZEo +lbgXClLRQqllew8os+IIy5aU1ndVU/IyxXHsFggTTwXh6j2H883Xfs7iO0AWe9HU +4aUzQ1fRaxhajUyAtiq/ETQM7k6vVu8BoTTfrzoFVusZPKPEpeKHmOM4v98RbXiO +3wq7oTyrRSNswBCrgVPsvXAQv3sgU96NG4tFVZHdKQB+5rSzeaNlhUoonwg69hi2 +XKnQDU1Mww36Yg0KXXTIF+go2MCI9TxghKGM3nn72BJLbzWpiW6yDCWGWKN2R1mm +fd8EJfy3XJ8de5jc9wdOBPHCL66gWTz9kYgUx0Ynm63TIi0uUswk0UJOkNr9mdJD +Ofa9PU8XyPZnY9ermX7BEwV5P6gd4YWS1xto7oyjKARVKRQeBxU= +=ZgNC +-----END PGP SIGNATURE----- diff --git a/sssd.changes b/sssd.changes index 9a2948e..0b6d74b 100644 --- a/sssd.changes +++ b/sssd.changes @@ -1,3 +1,19 @@ +------------------------------------------------------------------- +Thu Jun 2 15:24:57 UTC 2022 - Jan Engelhardt + +- Update to release 2.7.1 + * SSSD can now handle multi-valued RDNs if a unique name must + be determined with the help of the RDN. + * A regression in pam_sss_gss module causing a failure if + KRB5CCNAME environment variable was not set was fixed. + * New option `implicit_pac_responder` to control if the PAC + responder is started for the IPA and AD providers; the + default is true. + * New option `krb5_check_pac` to control the PAC validation + behavior. + * Multiple `crl_file` arguments can be used in the + `certificate_verification` option. + ------------------------------------------------------------------- Mon May 16 21:49:38 UTC 2022 - Jan Engelhardt diff --git a/sssd.spec b/sssd.spec index bbbbbc0..87fe9ed 100644 --- a/sssd.spec +++ b/sssd.spec @@ -17,7 +17,7 @@ Name: sssd -Version: 2.7.0 +Version: 2.7.1 Release: 0 Summary: System Security Services Daemon License: GPL-3.0-or-later and LGPL-3.0-or-later @@ -599,6 +599,7 @@ fi %_mandir/??/man8/pam_sss_gss.8* %_mandir/man8/pam_sss.8* %_mandir/man8/pam_sss_gss.8* +%_mandir/man8/sssd_krb5_localauth_plugin.8* %_mandir/man8/sssd_krb5_locator_plugin.8* # cifs idmap plugin %dir %_sysconfdir/cifs-utils From 6cd61d4c3d56725b930e7d5595d8497ef012328917b4c4196aa952dd5be0f1d9 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Mon, 13 Jun 2022 14:50:26 +0000 Subject: [PATCH 5/6] sssd-2.7.2 OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=266 --- sssd-2.7.1.tar.gz | 3 -- sssd-2.7.1.tar.gz.asc | 16 ------- sssd-2.7.2.tar.gz | 3 ++ sssd-2.7.2.tar.gz.asc | 16 +++++++ sssd.changes | 9 ++++ sssd.keyring | 99 +++++++++++++++++++++++++++++++------------ sssd.spec | 2 +- 7 files changed, 101 insertions(+), 47 deletions(-) delete mode 100644 sssd-2.7.1.tar.gz delete mode 100644 sssd-2.7.1.tar.gz.asc create mode 100644 sssd-2.7.2.tar.gz create mode 100644 sssd-2.7.2.tar.gz.asc diff --git a/sssd-2.7.1.tar.gz b/sssd-2.7.1.tar.gz deleted file mode 100644 index 58d259b..0000000 --- a/sssd-2.7.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:8eebd541a640aec95ed4b2da89713f0cbe8e4edf96895fbb972c0b9d570635c3 -size 7600254 diff --git a/sssd-2.7.1.tar.gz.asc b/sssd-2.7.1.tar.gz.asc deleted file mode 100644 index 24ec09a..0000000 --- a/sssd-2.7.1.tar.gz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEwTzQf/stsUCORXo809IbKRDPZ1kFAmKYnLAACgkQ09IbKRDP -Z1k+/Q/+Ilj74nVV0jAshsU7NHJ1z4aGBgHthSkVHiY8asnvo4sbwZmaIZe1p+Vj -+X39TYD/tYAI+uX5oC+ePF5Z14buMPl34vok0rWCUlbLpQ7wdPufxM3ekPv7gY1E -bbdHnt+2NTn067ijNNO7jfUoMaF352z8ZDkcwp4+0jdbg8d1RrvZoIZ1Sm7cts4f -tJGRns+Fx7BsPT80B0MzC8IcyHU1BzPtHiOXaok93TJzsJaiFNEL5OQQ9TEtVWto -YLx4qde+V2Uo7ZwfPiwZDGo7fAhEH+8ejPRQq/kuuo1rJHbKffeQF8Ofa4JtdZEo -lbgXClLRQqllew8os+IIy5aU1ndVU/IyxXHsFggTTwXh6j2H883Xfs7iO0AWe9HU -4aUzQ1fRaxhajUyAtiq/ETQM7k6vVu8BoTTfrzoFVusZPKPEpeKHmOM4v98RbXiO -3wq7oTyrRSNswBCrgVPsvXAQv3sgU96NG4tFVZHdKQB+5rSzeaNlhUoonwg69hi2 -XKnQDU1Mww36Yg0KXXTIF+go2MCI9TxghKGM3nn72BJLbzWpiW6yDCWGWKN2R1mm -fd8EJfy3XJ8de5jc9wdOBPHCL66gWTz9kYgUx0Ynm63TIi0uUswk0UJOkNr9mdJD -Ofa9PU8XyPZnY9ermX7BEwV5P6gd4YWS1xto7oyjKARVKRQeBxU= -=ZgNC ------END PGP SIGNATURE----- diff --git a/sssd-2.7.2.tar.gz b/sssd-2.7.2.tar.gz new file mode 100644 index 0000000..8ebeb75 --- /dev/null +++ b/sssd-2.7.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c982947e940c59579c429e5afb83e21713bf00ed75ee002966b9cd32236ce051 +size 7606911 diff --git a/sssd-2.7.2.tar.gz.asc b/sssd-2.7.2.tar.gz.asc new file mode 100644 index 0000000..215a159 --- /dev/null +++ b/sssd-2.7.2.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEwTzQf/stsUCORXo809IbKRDPZ1kFAmKnRXAACgkQ09IbKRDP +Z1kImQ/7BkalFk/OSbTyQNk7qeFQYTsLKJQ1lehyuqPXbBiOpSCBMoBd6n73Gq4U +Fgz2Wes5vg1cS73XxTz+e2ERroPnfCLUP3xSvxjsomdCmLij5gld3gJAu6EF95BU +Ew1a/xD18G2dEhkhsum2BL6ERM4yQ4X90HSr+Dajq7uoSZiHrgHedPHhcnvDVXQk +vkiWdBthXmD12e2MpTsJUaEg8GgdJAvHkWIv3c8URg1z1J2rHnX7tSIF7Z2MIEwB +PpgEXZKtKlAZaLqa/iOON9I1FG4ZSrrO+l03XZEc+1yO8s8DHkhl+JBbvK9Eauui +1svJk9kTscsSbu2GzWple3tYMRGMiFMiHbyxq3AfNVQRj+0xSyRGDSnK7MU1kNvp +nFCURQdshnZKwAdGGjw0eBCDBFqO8axn3wfSMXEbExLjOcC6Z364HNZZTBVLMwgp +PtpK4AJi2DIci+o0XIjYLLbzcrro48UOxNc45gURW/gfjqGCqBr8U+ikWUGiwMQe +pNEtLt58IV9Siy1kBgHrnGeQgsVyzMRIskA/X0FhXl9Mkhs2p7QWxr7LPTvyfBB1 +4I1ooxnW6a6SmmyAgCzekVtPpst8YdCUfT3+LZIy2PIrEWPoOlO3NTUDxSXaQYTl +VtAEfJCQcFpfJI2Mu0NC7eN2Os+XXJ8kEMPosbt9dP0vitutPXQ= +=Zi4I +-----END PGP SIGNATURE----- diff --git a/sssd.changes b/sssd.changes index 0b6d74b..38479d4 100644 --- a/sssd.changes +++ b/sssd.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Mon Jun 13 14:48:28 UTC 2022 - Jan Engelhardt + +- Update to release 2.7.2 + * A sssd-2.7.1 regression preventing successful authentication of + IPA users was fixed. + * Default value of pac_check changed to check_upn, + check_upn_dns_info_ex (for AD and IPA provider). + ------------------------------------------------------------------- Thu Jun 2 15:24:57 UTC 2022 - Jan Engelhardt diff --git a/sssd.keyring b/sssd.keyring index 4204a76..5cd9c37 100644 --- a/sssd.keyring +++ b/sssd.keyring @@ -1,30 +1,75 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -mQENBF65FqQBCADQQUcPSux/eX7fpP05HOW1HE32tBPWs5MPktMdzErrG7DTOaUo -XxMhorPSHgt2Q5mX/LV4Yk2cRHk2uStWTtIVhtC62DPqstqfr0aC3TJ36LrsAr/s -YaG2ktD26xADA5j67oP4lHN4+rjSbKfRLiLpSsABb4fx85SS066MsDQOQFEs1bsG -UAqavdlRGUYXSA5uwwbJRRfI5ryeWyOpfpIIdJeyNDx6ZSuc8kgLm/PhNpwChiY2 -h7Qs4nekVT1c9ujyPTUQ+x8lnGblP8Kwb+ZtOp+aWMWZlxk2ifwFr+u1pKTr8we5 -DarQxMTjBwrRRuBk7RwYKXdj91jwMGSx6ZaRABEBAAG0JFBhdmVsIELFmWV6aW5h -IDxwYnJlemluYUByZWRoYXQuY29tPokBTgQTAQgAOBYhBBpB3GdQX4mjMIKLZq/+ -dd3oUI4SBQJeuRakAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEK/+dd3o -UI4SupUH/RRKqwHSYSIf37pFz6tsE5+7ASiCdVVdtOPtaXu43sRNLrCSu4CjisBu -rdFPmd57jwQneyh5RUEXbY5jq4KK4nuHZppjlaGqs/8LIVl13x01zD+V/hlDZXfr -BEDaE2PjUtacP+NvJWtYO/tHlTqxfFssFh7btO9EOYSfc7IhQ+hReKkX9K1dNLJM -SYCDaDQRSxJeAnYX7E3mXoaIC7JXH0ZF1NS0a3SP/q7u+WsQ+j58Z0xMdP6lBd1M -7ntNQ+BHz4+jlEgN9GXRTn7PIucpvVCEwTYysklIKbWJHi7J+C6ZV+4nDnaA0Z6J -m+XGsbvc7/P1b4FpU9YAmBd7VqQG8Ve5AQ0EXrkWpAEIAKVIiPI6sZXhnrpKxYO0 -nNAazIkA0WtqTVeSPE0AkNXAW4wtbhluwfBEsYr6wU8ieDGU/KdIpwZprsKf4x3r -kFgRRwnNpB9AhGNex4tzoHlNoAX601OOjhy44DaRrJKY1Zg+V2ljx6cySsX2zsQp -/pKA5uN7Y4mWfZMPmlpljqYRXMIAZWf7F0dJTdh+Vv646ZBYg7mBfaVs3E5AKRZ+ -xNnxna7Se+OihyOcmMwtotMF8tlU8/yGyWTCoNu/86+eAVXWIpu358f1Q1Ez9bXI -/neav857DTCGTXY5NNigunscMPje5MLEp9T1ozZl0ZK3LUcfh7w8IMLCB2YK/7zF -NpcAEQEAAYkBNgQYAQgAIBYhBBpB3GdQX4mjMIKLZq/+dd3oUI4SBQJeuRakAhsM -AAoJEK/+dd3oUI4S8FAH/0bHCGi6+sWnJqOqYwJIHPeYR33zb3D09jQYXWzadNGX -F6nuGzNgqCUZ3+GK73hDXq/v9WyUhaLLvd7XGryQ5DGGO0ZkHD3Td+YMeoSdDVbQ -PiTZS3DyQB0qHp6pKgjvDlbMYeqSVoletsa6ruSvFtE2kb+W6fRn6K8QeTyMA8Rn -NIUOSaSwQjcETaexMuD2oyRmzDmdWTUOS/Q/Tn3HE7Yz8670CLM1yN70MfAHpeUt -dIkFm9g3ZPTING+gC98iylLAFR1QKqz4HRWd8ofmnHemPpzAPGMITztwnZsLIPDj -nZ/57dk9LQVekGFjWm5GYThUwrHWYRyzjGz/xOmjJoM= -=b5K7 +mQINBGI9m7YBEACjfmpZrW6wpmz+QRfnx1UuOABpTmsBi6ElTqx+ZzLU2R3N4KLl +PDycp6Pm5PqnLRLoC0TzHh1MjpVWiCfrnlTm6yD2Y6A37c6/elFjiZlbY93zUJi9 +mE3OXyxe3RQHVjEYiQZ+DCcgQe5r2mFL8prK2OBIIoJJK2t46EjcjsJJkOIgT9H0 +7FaLWfT2MHhO0mg6EqwqOsSKI392sVhJ0GTDULiI1ZlRULZwn3oWdXglO5O9KAhu +jSAIrKuX6QsIxXfVDG1wmOR99yyuiXpJhlKbgdw3Y37IcHRD9DLbqCnp//3WkW9W +k5Mn/bYK1TIed92U4CWNqz557lGnQxwPyyaNkJW9L1kNWO6P9Kl8RgxuX0689Zb0 +sqooxTK//O+BBOso1iSRsdyqo2KSIBF06Fe9x5i+jwX2N3hHbzODfT0rHOokPj5p +jT/o6NFQ0lMqYQJxQA7/71Dk/6EkkxE3kHTkFNHBii1pt0msyQij8URmTTN39V1f +n+HlxDOrzDSccrs5x0b+cT5wuB1tSp9JhkmmAk5rb8vsHL+iPRM4ZDIOJNm/Qlg6 +pQ+V4FEamntO9undQro0hSShEq69JDbBhT+fmHcAH2a03buTdyu3aqok3OSdxMj/ +aprl84eFxE3cwlCXzsu0qf8ue9UjFWynmwsDQgR4EMMbVDwInd/rrV+wOwARAQAB +tElTU1NEIFByb2plY3QgKGh0dHBzOi8vc3NzZC5pbykgPHNzc2QtbWFpbnRhaW5l +cnNAbGlzdHMuZmVkb3JhcHJvamVjdC5vcmc+iQJOBBMBCAA4FiEEwTzQf/stsUCO +RXo809IbKRDPZ1kFAmI9m7YCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ +09IbKRDPZ1nmShAAlEZD+l7OSTb8uOQDj9wHXjkJbrz2vp3vfHiUo69NIssEQRUE +WRpygejjCsc3XlS8XivWwLIqrDOczenyCVVNSSWfaQpBc2ZR+XXBKMpxa1PlFduQ +wax2cbPXVdo47t3gVWAzicO0zxeAQVEZHUKyoWmaKtuFdN1ZJpNCvFJcr6yEFY5k +vQy5Caf6G1oDS9XYsx4YZZT0YhMo3d/8awJLJuVfnqsC/mTOaC7Khms31c2SC+50 ++i+gE9HOVkLqanYkQcmdWIMN/oOljAd3zCFBNw5cXXuNmjp32URcm4khLKuxgV12 +RetW63SAMydavCp8jMpjuE1pBo6s+/ZcvHe0IhS5fcAbXnIuxqhB2FfeJVg3Udx8 +u+zZjwtndUZ9NCETomHa77Beq3h/0A/hiEmNl6xAYttNRvF/bbNg9k3o6lZydDYM +zhdmGh+VfZhuyyGJXWsrK0ZzJ0zXjorIKPlCi32cMrOPlYd94N4aWZaHC+uDZSMW +Xwjl79Tt92psOIiQwSSm1vaRvXV9w3HzyZtOIlK+Nc7T6qTOIHGgCuQI5zXNorNb +sdmzOR+ZrnYBk/E6hiaU8b4hQS2HJyr9YqERi2LjB9VICC+KHhsjba/hxIoVZR/v +Hg+WM/NBpOoaiScxLaqWNuoxY84SNJCgupWlCmBEDxWG+Q0ku/xgyRARCt2JATME +EAEIAB0WIQQaQdxnUF+JozCCi2av/nXd6FCOEgUCYj2dVAAKCRCv/nXd6FCOEihw +CACcbB3JuIeSGZbtVOvepRSjoaWRzC97V7Lj2lz9nIc610W0WfzHCePi+I9leuup +R/eV3Hhhx04QU9Zisc0CWVUC4mpgqzSgB1o4DYu1vPVPXZdfZkGVGtSiW+5rfjZo +iqGBGX8JalieI0wNYHQz660f21w08niecpnpFyadZh8/8oH3or0xvtCbPXOM+YH3 +CpsBGS0aP2sf+uhvbGHoEygmLqr5rkkkC8XmEa8GxFFFpYVc1nzys7zVFoMWZ9Ta +UnyNwyo1JZHgVEbyCL3lK8OS9xXoPyOAqFT6Ux+Odj36hqamAsGAHL9O/DoEaUKI +fuGGvRb6Dlebrt3KDTiXbR9DiHUEEBYKAB0WIQQoeTnfBirYxTh2pTXC17mKk07s +FwUCYj2umAAKCRDC17mKk07sFyBsAQCAL84Bwe4BA8DEhGYhrl9Eb38LQ2hbNeJX +nLtjKqQlnwEA0BC1FR+bBm5NunMYbKtKcMLIAHtzSBbBrNqQzTO8XguJAjMEEAEI +AB0WIQSTAgGqtC3RlHIQt4ONcyY1GnJiEQUCYj28PgAKCRCNcyY1GnJiEZHdD/95 +sK4SFrSb1fJYcvk6OQMW2hW7VCohuqDOYWob2Tm7RWP9CxJ7I3PilEUizbp76AoX +V6UvXiBtY2q6omXMv2qBeEja7OWd3HWl0SXA5XLyRSF7hwirP2CqQZM8+zSyiYKf +TNw3rWTJjjarUnv6GYdoH55jEfk7sCIrbp5xEzvWu+9w/5pnIsSsFhYwJOD5ic+h +or3LHRN5Jn+jm6ec6H4Ums5zA4rnvTdxfcHKx1sX1KDez2d0k1BYONHGh5tTJSrx +3F5xxOqXHzPt7obiVOCYbE3NU2LswcHz2XNpdoXTyO/LLmvRVvoG1O6LGRrw5Tkg +lnres9gWMccHna4AnDGpXtXzyhlMlzIY5LNrROsg462tIWJcIopSmRct+IQxnOyW +te7k4BAVA/vO6FGnzfLPdH6Lwnos5OMfBew2j2b8yddM8qkBQxR7NUVhYMei7jLh +MiN1FTwtrtuAeMUddbIo/lZYMqUlNyl7Kiwqxse7EFGUvZwq5qhlaKfMZ48qVSYM +QQb6NILl9t5f/UrAkOSrgTF3uWQbcAOMQWusfDuBmHOolFVPTujQP7N5Asob9Nw0 ++oL2zY0MuG41xAf1tej25i8iYctJuB2L1uJULhw3i3iswPSuTJIKtYpKoES81jxG +Tit45gyS7XYpYdvAnYPTOPwF3sezy3uwmsob3geYR4h1BBAWCgAdFiEEf4f7DbyL +UMrqkdmCWuS5aYPSAzAFAmJDI/4ACgkQWuS5aYPSAzCznAD8DpzDOP5ILp2FbUGh +ROWM5T6cOppAOXDX2VN8hViDDmsA/24jLp5ga8cUwy7QVHduC9f8LLwN3O7q7XYz +BdBNnRMCuQINBGI9m7YBEACyE5/YORGMmYqKksDPFZNUW7unejUW7XTuLSMXrI9m +u8sFXT8tqPQJetYxaKiZqXxiS652u1XnLZf3ps4t6OINHSuT61Xw1Z6Svhn+o+Wz +Tmnfneahk1Czjlzs59qv3YXwLKffws7H5vGuOTnesgTyWJJG1A0wpehcZsI+rUzC +6mDwip1rSxocuFET6HK2eMpAo1B4V7XLC6srh3HzCNr5AB5UkjMWAuQqjUrqIt6O +dfPO9mqYf/w+CoI2HhVebwDjIXtoO5nVjPUncb0lUEsVWiA9C3xWi/pk2pd3nfkW +s+P0iJNYut+CQwGaHV8+gmwSLUUw/fraMASY5FVxLdSHKZ402Q6aSyuk93k7UQ7i +VIuZpOdjWASWgkATM5KEQHRVrt2enurn6oYBY2tSjzXmbTiCaaCG0p8CBtDvCIxT +Pz4Y0uaWcbIHLz3k0Tr4+zko/PEdh7qLCO83BJPf7/bVxGBMynxkAKXXgBlfjlFt +q7KMpbiM+qndP3SJpjlb0AnI7nCV1KvEeW+oIO+uQ2PwAlyFyV0pf8IYOeI0SN/R +3QSKL8CjlzSIwraUoCk79h3hJgBPG9D4ASwxeSPmriY9tbhNtsVUCT9YZgfxrJg8 +bzZvObeng+2IknKbxDzs/hnkNQ7uWx2GGeq7BYZ1eTwctWsw3V8VejiPByJEjQve +PQARAQABiQI2BBgBCAAgFiEEwTzQf/stsUCORXo809IbKRDPZ1kFAmI9m7YCGwwA +CgkQ09IbKRDPZ1mbeA//YYPvboEUjp/qqXK8XEgcEL33M+uWJJQucuhtBEjfwAlQ +m29NqO6I3n9cbuINXRtNMUawk86LMouEkhexqUmSg7NNDu1Nqp32yHn8MMJjOPsy +u6AZQinQoT8UKnUMqvmqMFJiotvDb2j2aP9yL0PjCiEeyYkk3bl2oGSdMD4A4o4D +0PUpLWt+w+3YbG58iBazPD/FwiGhe8TO7EAm3I7dYZ4ErALdmT6ptCW90IG9AHfK +CZTvaMB0NX/IksfJ9DEwMgsF0Hwlx5dmTin9ufFKfhKFcwV5aDXlEsYDMqT2o7z9 +l/7UTNXnk6VG/QXFhRjBDPtQNkgZoze1VV5itGmBsVE+c9lRtr+6YPJ04CDDv9dX +DI0eGdPxVmfDTR2tHOt+LOYIw4umsID3/qQzYluoUx5Cpud45qaBRjq7/iE+KJgS +IqxgBTXkV39C8T4gXrDRRjlBsOcIc7P6yUVqyClExynQ1BAJSEueO95CtxXV2btK +xSkZ2CyhVtjRxW5TOfQdvrFPueoxC17syQTslM/mKk6DBRHJrullqPLbSieKEJyc +SMkza3BVIhi0hdPfVfBRnSYe8jRFmBIR+cXnyAOkDkPqWK7q/icGVDpJPuunteH3 +1vXu/KcDrL7GVRj2LD136Xla1sgGUEbYmLfIHvYmqh1DXJQvnoAyUFKaBWEpSBg= +=E0Gq -----END PGP PUBLIC KEY BLOCK----- diff --git a/sssd.spec b/sssd.spec index 87fe9ed..420de02 100644 --- a/sssd.spec +++ b/sssd.spec @@ -17,7 +17,7 @@ Name: sssd -Version: 2.7.1 +Version: 2.7.2 Release: 0 Summary: System Security Services Daemon License: GPL-3.0-or-later and LGPL-3.0-or-later From 3bf976bbd14eecbbc403781e83e786b5eec637f5487d32810148f75366416e7d Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Wed, 15 Jun 2022 12:27:00 +0000 Subject: [PATCH 6/6] Accepting request 982791 from home:scabrero:branches:network:ldap - Use pam rpm macros to avoid hardcoding the directory names; (bsc#1191047); - Do not take ownership of %_pam_confdir directory, it is owned by pam package OBS-URL: https://build.opensuse.org/request/show/982791 OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=267 --- sssd.changes | 8 ++++++++ sssd.spec | 9 ++++----- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/sssd.changes b/sssd.changes index 38479d4..fb3629c 100644 --- a/sssd.changes +++ b/sssd.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Wed Jun 15 11:28:35 UTC 2022 - Samuel Cabrero + +- Use pam rpm macros to avoid hardcoding the directory names; + (bsc#1191047); +- Do not take ownership of %_pam_confdir directory, it is owned by + pam package + ------------------------------------------------------------------- Mon Jun 13 14:48:28 UTC 2022 - Jan Engelhardt diff --git a/sssd.spec b/sssd.spec index 420de02..9fb3446 100644 --- a/sssd.spec +++ b/sssd.spec @@ -383,7 +383,7 @@ autoreconf -fiv --with-syslog=journald \ --with-pid-path="%_rundir" \ --enable-nsslibdir="/%_lib" \ - --enable-pammoddir="/%_lib/security" \ + --enable-pammoddir="%_pam_moduledir" \ --with-ldb-lib-dir="%ldbdir" \ --with-selinux=yes \ --with-subid \ @@ -576,8 +576,7 @@ fi %config(noreplace) %_sysconfdir/sssd/sssd.conf %config(noreplace) %_sysconfdir/logrotate.d/sssd %dir %_sysconfdir/sssd/conf.d -%dir %_sysconfdir/pam.d/ -%config(noreplace) %_sysconfdir/pam.d/sssd-shadowutils +%config(noreplace) %_pam_confdir/sssd-shadowutils %dir %_datadir/%name/ %_datadir/%name/cfg_rules.ini %_datadir/%name/sssd.api.conf @@ -588,8 +587,8 @@ fi # sssd-client # /%_lib/libnss_sss.so.2 -/%_lib/security/pam_sss.so -/%_lib/security/pam_sss_gss.so +%_pam_moduledir/pam_sss.so +%_pam_moduledir/pam_sss_gss.so %_libdir/krb5/ %_libdir/%name/modules/sssd_krb5_localauth_plugin.so %_libdir/%name/modules/sssd_krb5_idp_plugin.so