From fb25d602fcfcfd6345bd489161c9ffbecf65b0da7cb14a3aa02db72324230960 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Wed, 15 Mar 2017 23:57:39 +0000 Subject: [PATCH 1/3] Accepting request 479818 from home:stroeder:branches:network:ldap update to 1.15.2 OBS-URL: https://build.opensuse.org/request/show/479818 OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=185 --- sssd-1.15.1.tar.gz | 3 --- sssd-1.15.1.tar.gz.asc | 6 ------ sssd-1.15.2.tar.gz | 3 +++ sssd-1.15.2.tar.gz.asc | 6 ++++++ sssd.changes | 32 ++++++++++++++++++++++++++++++++ sssd.spec | 3 +-- 6 files changed, 42 insertions(+), 11 deletions(-) delete mode 100644 sssd-1.15.1.tar.gz delete mode 100644 sssd-1.15.1.tar.gz.asc create mode 100644 sssd-1.15.2.tar.gz create mode 100644 sssd-1.15.2.tar.gz.asc diff --git a/sssd-1.15.1.tar.gz b/sssd-1.15.1.tar.gz deleted file mode 100644 index 296bfcf..0000000 --- a/sssd-1.15.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:0a64a15c1e344fdfd1904872133d558b4fbbc6cb1ac748b66819f941d5c804fb -size 5244029 diff --git a/sssd-1.15.1.tar.gz.asc b/sssd-1.15.1.tar.gz.asc deleted file mode 100644 index 6d8a29c..0000000 --- a/sssd-1.15.1.tar.gz.asc +++ /dev/null @@ -1,6 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iEYEABECAAYFAli53WwACgkQHsardTLnvCUIBQCguPYgc+o1n1+bl3fnrqs/QJh9 -LXQAnj6hXHbfhvAJy23otBTKi3Xs2+9h -=S3bq ------END PGP SIGNATURE----- diff --git a/sssd-1.15.2.tar.gz b/sssd-1.15.2.tar.gz new file mode 100644 index 0000000..a63a517 --- /dev/null +++ b/sssd-1.15.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4cd5fcb314d77a58029a216b7e6001c6cb41c5b784cf570c5761c97d1c12d264 +size 5248134 diff --git a/sssd-1.15.2.tar.gz.asc b/sssd-1.15.2.tar.gz.asc new file mode 100644 index 0000000..e5f29b8 --- /dev/null +++ b/sssd-1.15.2.tar.gz.asc @@ -0,0 +1,6 @@ +-----BEGIN PGP SIGNATURE----- + +iEYEABECAAYFAljJcscACgkQHsardTLnvCVCdwCgj0g3CSbz/gIS37W553d0QI7i +waoAnRN8+lQjwHQS+76q5nz2eSdRLnIG +=4tQo +-----END PGP SIGNATURE----- diff --git a/sssd.changes b/sssd.changes index bd1dfa5..657ca3e 100644 --- a/sssd.changes +++ b/sssd.changes @@ -1,3 +1,35 @@ +------------------------------------------------------------------- +Wed Mar 15 22:18:03 UTC 2017 - michael@stroeder.com + +- Update to new upstream release 1.15.2 + * It is now possible to configure certain parameters of a trusted domain + in a configuration file sub-section. + * Several issues related to socket-activating the NSS service, especially + if SSSD was configured to use a non-privileged userm were fixed. + The NSS service now doesn't change the ownership of its log files to + avoid triggering a name-service lookup while the NSS service is not + running yet. Additionally, the NSS service is started before any other + service to make sure username resolution works and the other service + can resolve the SSSD user correctly. + * A new option "cache_first" allows the administrator to change the way + multiple domains are searched. When this option is enabled, SSSD will + first try to "pin" the requested name or ID to a domain by searching + the entries that are already cached and contact the domain that contains + the cached entry first. Previously, SSSD would check the cache and the + remote server for each domain. This option brings performance benefit + for setups that use multiple domains (even auto-discovered trusted + domains), especially for ID lookups that would previously iterate over + all domains. Please note that this option must be enabled with care as the + administrator must ensure that the ID space of domains does not overlap. + * The SSSD D-Bus interface gained two new methods: + "FindByNameAndCertificate" and "ListByCertificate". These methods + will be used primarily by IPA and + `mod_lookup_identity + to correctly match multple users who use the same certificate for Smart + Card login. + * A bug where SSSD did not properly sanitize a username with a newline + character in it was fixed. + ------------------------------------------------------------------- Sat Mar 11 22:34:41 UTC 2017 - jengelh@inai.de diff --git a/sssd.spec b/sssd.spec index fc2c9cf..b826715 100644 --- a/sssd.spec +++ b/sssd.spec @@ -17,7 +17,7 @@ Name: sssd -Version: 1.15.1 +Version: 1.15.2 Release: 0 Summary: System Security Services Daemon License: GPL-3.0+ and LGPL-3.0+ @@ -563,7 +563,6 @@ rm -f /var/lib/sss/db/*.ldb %_mandir/man5/sssd-ad.5* %dir %_mandir/??/ %dir %_mandir/??/man5/ -%_mandir/??/man5/sssd-ad.5* %files dbus %defattr(-,root,root) From e0d45ad549e62257aaebfc70d20b47aa0d854d239d1b29d3a2746e2a55fd0111 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Thu, 16 Mar 2017 00:13:21 +0000 Subject: [PATCH 2/3] wrap to 66 cols as wiki demands OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=186 --- sssd.changes | 57 ++++++++++++++++++++++++++++------------------------ 1 file changed, 31 insertions(+), 26 deletions(-) diff --git a/sssd.changes b/sssd.changes index 657ca3e..c2be64d 100644 --- a/sssd.changes +++ b/sssd.changes @@ -2,33 +2,38 @@ Wed Mar 15 22:18:03 UTC 2017 - michael@stroeder.com - Update to new upstream release 1.15.2 - * It is now possible to configure certain parameters of a trusted domain - in a configuration file sub-section. - * Several issues related to socket-activating the NSS service, especially - if SSSD was configured to use a non-privileged userm were fixed. - The NSS service now doesn't change the ownership of its log files to - avoid triggering a name-service lookup while the NSS service is not - running yet. Additionally, the NSS service is started before any other - service to make sure username resolution works and the other service - can resolve the SSSD user correctly. - * A new option "cache_first" allows the administrator to change the way - multiple domains are searched. When this option is enabled, SSSD will - first try to "pin" the requested name or ID to a domain by searching - the entries that are already cached and contact the domain that contains - the cached entry first. Previously, SSSD would check the cache and the - remote server for each domain. This option brings performance benefit - for setups that use multiple domains (even auto-discovered trusted - domains), especially for ID lookups that would previously iterate over - all domains. Please note that this option must be enabled with care as the - administrator must ensure that the ID space of domains does not overlap. + * It is now possible to configure certain parameters of a + trusted domain in a configuration file sub-section. + * Several issues related to socket-activating the NSS service, + especially if SSSD was configured to use a non-privileged + userm were fixed. The NSS service now does not change the + ownership of its log files to avoid triggering a name-service + lookup while the NSS service is not running yet. + Additionally, the NSS service is started before any other + service to make sure username resolution works and the other + service can resolve the SSSD user correctly. + * A new option "cache_first" allows the administrator to change + the way multiple domains are searched. When this option is + enabled, SSSD will first try to "pin" the requested name or + ID to a domain by searching the entries that are already + cached and contact the domain that contains the cached entry + first. Previously, SSSD would check the cache and the remote + server for each domain. This option brings performance + benefit for setups that use multiple domains (even + auto-discovered trusted domains), especially for ID lookups + that would previously iterate over all domains. Please note + that this option must be enabled with care as the + administrator must ensure that the ID space of domains does + not overlap. * The SSSD D-Bus interface gained two new methods: - "FindByNameAndCertificate" and "ListByCertificate". These methods - will be used primarily by IPA and - `mod_lookup_identity - to correctly match multple users who use the same certificate for Smart - Card login. - * A bug where SSSD did not properly sanitize a username with a newline - character in it was fixed. + "FindByNameAndCertificate" and "ListByCertificate". These + methods will be used primarily by IPA and + `mod_lookup_identity + to + correctly match multple users who use the same certificate + for Smart Card login. + * A bug where SSSD did not properly sanitize a username with a + newline character in it was fixed. ------------------------------------------------------------------- Sat Mar 11 22:34:41 UTC 2017 - jengelh@inai.de From 63b85c3a82524535f59518bb8ad591a28696308d740d6f78e33d129a5e54f94e Mon Sep 17 00:00:00 2001 From: Howard Guo Date: Thu, 16 Mar 2017 13:36:38 +0000 Subject: [PATCH 3/3] - Introduce mandatory runtime requirement "cyrus-sasl-gssapi" to krb5-common sub-package. Address bsc#1024836. OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=187 --- sssd.changes | 6 ++++++ sssd.spec | 1 + 2 files changed, 7 insertions(+) diff --git a/sssd.changes b/sssd.changes index c2be64d..bb9a6ee 100644 --- a/sssd.changes +++ b/sssd.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Mar 16 13:32:12 UTC 2017 - hguo@suse.com + +- Introduce mandatory runtime requirement "cyrus-sasl-gssapi" to + krb5-common sub-package. Address bsc#1024836. + ------------------------------------------------------------------- Wed Mar 15 22:18:03 UTC 2017 - michael@stroeder.com diff --git a/sssd.spec b/sssd.spec index b826715..0131435 100644 --- a/sssd.spec +++ b/sssd.spec @@ -143,6 +143,7 @@ against a Kerberos server. Summary: SSSD helpers needed for Kerberos and GSSAPI authentication License: GPL-3.0+ Group: System/Daemons +Requires: cyrus-sasl-gssapi %description krb5-common Provides helper processes that the LDAP and Kerberos back ends can