SHA256
1
0
forked from pool/sssd

Accepting request 676599 from network:ldap

- Add krb-noversion.diff so sssd_pac builds even with newer krb.

OBS-URL: https://build.opensuse.org/request/show/676599
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sssd?expand=0&rev=92
This commit is contained in:
Yuchen Lin 2019-02-19 12:55:03 +00:00 committed by Git OBS Bridge
commit 113f2ca0fa
3 changed files with 57 additions and 32 deletions

20
krb-noversion.diff Normal file
View File

@ -0,0 +1,20 @@
From: Jan Engelhardt <jengelh@inai.de>
Date: 2019-02-15 17:20:47.842813210 +0100
Remove versions checks that need updating every iteration.
---
src/external/pac_responder.m4 | 1 +
1 file changed, 1 insertion(+)
Index: sssd-2.0.0/src/external/pac_responder.m4
===================================================================
--- sssd-2.0.0.orig/src/external/pac_responder.m4
+++ sssd-2.0.0/src/external/pac_responder.m4
@@ -11,6 +11,7 @@ then
AC_MSG_CHECKING(for supported MIT krb5 version)
KRB5_VERSION="`$KRB5_CONFIG --version`"
case $KRB5_VERSION in
+ *|\
Kerberos\ 5\ release\ 1.9* | \
Kerberos\ 5\ release\ 1.10* | \
Kerberos\ 5\ release\ 1.11* | \

View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Fri Feb 15 17:36:22 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
- Add krb-noversion.diff so sssd_pac builds even with newer krb.
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Oct 1 13:34:56 UTC 2018 - ckowalczyk@suse.com Mon Oct 1 13:34:56 UTC 2018 - ckowalczyk@suse.com
@ -65,7 +70,7 @@ Fri Aug 31 07:14:39 UTC 2018 - kbabioch@suse.com
------------------------------------------------------------------- -------------------------------------------------------------------
Sun Jul 1 12:44:00 UTC 2018 - ckowalczyk@suse.com Sun Jul 1 12:44:00 UTC 2018 - ckowalczyk@suse.com
- Fixed patch name. - Fixed patch name.
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Jun 20 10:46:34 UTC 2018 - ckowalczyk@suse.com Wed Jun 20 10:46:34 UTC 2018 - ckowalczyk@suse.com
@ -76,7 +81,7 @@ Wed Jun 20 10:46:34 UTC 2018 - ckowalczyk@suse.com
(bsc#1098377, CVE-2018-10852) (bsc#1098377, CVE-2018-10852)
* Fix for sssd upstream integration tests * Fix for sssd upstream integration tests
0002-intg-Do-not-hardcode-nsslibdir.patch 0002-intg-Do-not-hardcode-nsslibdir.patch
(bsc#1098163) (bsc#1098163)
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Jun 20 08:38:53 UTC 2018 - varkoly@suse.com Wed Jun 20 08:38:53 UTC 2018 - varkoly@suse.com
@ -223,7 +228,7 @@ New Features
sssd-systemtap(5) manual page for more information. sssd-systemtap(5) manual page for more information.
* A new LDAP provide access control mechanism that allows to restrict * A new LDAP provide access control mechanism that allows to restrict
access based on PAM's rhost data field was added. For more details, access based on PAM's rhost data field was added. For more details,
please consult the sssd-ldap(5) manual page, in particular the please consult the sssd-ldap(5) manual page, in particular the
options ldap_user_authorized_rhost and the rhost value of options ldap_user_authorized_rhost and the rhost value of
ldap_access_filter. ldap_access_filter.
@ -398,30 +403,30 @@ Wed Dec 7 10:39:30 UTC 2016 - jengelh@inai.de
Wed Oct 19 22:21:30 UTC 2016 - michael@stroeder.com Wed Oct 19 22:21:30 UTC 2016 - michael@stroeder.com
- Update to new upstream release 1.14.2 - Update to new upstream release 1.14.2
* Several more regressions caused by cache refactoring to use qualified * Several more regressions caused by cache refactoring to use qualified
names internally were fixed, including a regression that prevented the names internally were fixed, including a regression that prevented the
krb5_map_user option from working correctly. krb5_map_user option from working correctly.
* A regression when logging in with a smart card using the GDM login manager * A regression when logging in with a smart card using the GDM login manager
was fixed was fixed
* SSSD now removes the internal timestamp on startup cache when the * SSSD now removes the internal timestamp on startup cache when the
persistent cache is removed. This enables admins to follow their existing persistent cache is removed. This enables admins to follow their existing
workflow of just removing the persistent cache and start from a fresh slate workflow of just removing the persistent cache and start from a fresh slate
* Several fixes to the sssd-secrets responder are present in this release * Several fixes to the sssd-secrets responder are present in this release
* A bug in the autofs responder that prevented automounter maps from being * A bug in the autofs responder that prevented automounter maps from being
returned when sssd_be was offline was fixed returned when sssd_be was offline was fixed
* A similar bug in the NSS responder that prevented netgroups from being * A similar bug in the NSS responder that prevented netgroups from being
returned when sssd_be was offline was fixed returned when sssd_be was offline was fixed
* Disabling the netlink integration can now be done with a new option * Disabling the netlink integration can now be done with a new option
disable_netlink. Previously, the netlink integration could be disabled with disable_netlink. Previously, the netlink integration could be disabled with
a sssd command line switch, which is being deprecated in this release. a sssd command line switch, which is being deprecated in this release.
* The internal watchdog no longer kills sssd processes in case time shifts * The internal watchdog no longer kills sssd processes in case time shifts
during sssd runtime during sssd runtime
* The fail over code is able to cope with concurrent SRV resolution * The fail over code is able to cope with concurrent SRV resolution
requests better in this release requests better in this release
* The proxy provider gained a new option proxy_max_children that allows the * The proxy provider gained a new option proxy_max_children that allows the
administrator to control the maximum number of child helper processes that administrator to control the maximum number of child helper processes that
authenticate users with auth_provider=proxy authenticate users with auth_provider=proxy
* The InfoPipe D-Bus responder exports the UUIDs of user and group objects * The InfoPipe D-Bus responder exports the UUIDs of user and group objects
through a uniqueID property through a uniqueID property
------------------------------------------------------------------- -------------------------------------------------------------------
@ -766,7 +771,7 @@ Sat Oct 11 13:36:48 UTC 2014 - jengelh@inai.de
------------------------------------------------------------------- -------------------------------------------------------------------
Sat Oct 11 00:16:15 UTC 2014 - crrodriguez@opensuse.org Sat Oct 11 00:16:15 UTC 2014 - crrodriguez@opensuse.org
- 0001-build-detect-endianness-at-configure-time.patch - 0001-build-detect-endianness-at-configure-time.patch
Correct defective endianness test. Correct defective endianness test.
------------------------------------------------------------------- -------------------------------------------------------------------
@ -830,7 +835,7 @@ Sun Aug 10 12:20:50 UTC 2014 - jengelh@inai.de
logon rights onto Linux PAM services. logon rights onto Linux PAM services.
* Added a new library called sss_sifp that provides a simple * Added a new library called sss_sifp that provides a simple
synchronous API for communication with our new InfoPipe responder synchronous API for communication with our new InfoPipe responder
over the system bus. over the system bus.
- Remove 0001-BUILD-Link-libsss_ldap_common.so-to-libsss_idmap.so.patch - Remove 0001-BUILD-Link-libsss_ldap_common.so-to-libsss_idmap.so.patch
(merged upstream) (merged upstream)
- Provide "rcsssd" in systemd environments - Provide "rcsssd" in systemd environments
@ -846,7 +851,7 @@ Thu Jun 12 14:18:30 UTC 2014 - ckornacker@suse.com
------------------------------------------------------------------- -------------------------------------------------------------------
Tue May 27 16:56:42 UTC 2014 - crrodriguez@opensuse.org Tue May 27 16:56:42 UTC 2014 - crrodriguez@opensuse.org
- Switch to libnl-3 so we can get rid of libnl-1. - Switch to libnl-3 so we can get rid of libnl-1.
------------------------------------------------------------------- -------------------------------------------------------------------
Sat May 24 14:36:43 UTC 2014 - jengelh@inai.de Sat May 24 14:36:43 UTC 2014 - jengelh@inai.de
@ -936,7 +941,7 @@ Fri Dec 20 21:54:58 UTC 2013 - jengelh@inai.de
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Nov 28 16:51:39 UTC 2013 - ckornacker@suse.com Thu Nov 28 16:51:39 UTC 2013 - ckornacker@suse.com
- Migrate deprecated krb5_kdcip variable to krb5_server (bnc#851048) - Migrate deprecated krb5_kdcip variable to krb5_server (bnc#851048)
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Nov 1 22:12:03 UTC 2013 - jengelh@inai.de Fri Nov 1 22:12:03 UTC 2013 - jengelh@inai.de
@ -1098,7 +1103,7 @@ Sat Nov 10 00:27:06 UTC 2012 - jengelh@inai.de
* Fixed memory hierarchy of subdomains discovery requests that * Fixed memory hierarchy of subdomains discovery requests that
caused use-after-free access bugs caused use-after-free access bugs
* The krb5_child and ldap_child processes can print libkrb5 tracing * The krb5_child and ldap_child processes can print libkrb5 tracing
information in the debug logs information in the debug logs
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Jun 27 12:32:05 UTC 2012 - jengelh@inai.de Wed Jun 27 12:32:05 UTC 2012 - jengelh@inai.de
@ -1136,7 +1141,7 @@ Fri Apr 13 13:03:44 PDT 2012 - ben.kevan@gmail.com
Mon Apr 9 21:45:45 PDT 2012 - ben.kevan@gmail.com Mon Apr 9 21:45:45 PDT 2012 - ben.kevan@gmail.com
- Add suse_version condition for glib over libunistring for - Add suse_version condition for glib over libunistring for
SLES 11 SP2. SLES 11 SP2.
- Update to new upstream release 1.8.2 - Update to new upstream release 1.8.2
* Fix for GSSAPI binds when the keytab contains unrelated * Fix for GSSAPI binds when the keytab contains unrelated
principals principals
@ -1316,7 +1321,7 @@ Sun Dec 19 13:37:32 UTC 2010 - aj@suse.de
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Nov 25 16:30:40 UTC 2010 - rhafer@novell.com Thu Nov 25 16:30:40 UTC 2010 - rhafer@novell.com
- install systemd service file - install systemd service file
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Nov 16 11:06:02 UTC 2010 - rhafer@novell.com Tue Nov 16 11:06:02 UTC 2010 - rhafer@novell.com
@ -1366,7 +1371,7 @@ Mon Aug 30 12:57:47 UTC 2010 - rhafer@novell.com
* Support for netlink now allows us to more quickly detect situations * Support for netlink now allows us to more quickly detect situations
where we may have come online where we may have come online
* New option "dns_discovery_domain" allows better configuration for * New option "dns_discovery_domain" allows better configuration for
using SRV records for failover using SRV records for failover
- New subpackages: libpath_utils1, libpath_utils-devel, libref_array1 - New subpackages: libpath_utils1, libpath_utils-devel, libref_array1
and libref_array-devel and libref_array-devel
@ -1380,7 +1385,7 @@ Wed Mar 31 14:02:43 UTC 2010 - rhafer@novell.com
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Mar 31 07:57:25 UTC 2010 - rhafer@novell.com Wed Mar 31 07:57:25 UTC 2010 - rhafer@novell.com
- Updated to 1.1.0 - Updated to 1.1.0
* Support for IPv6 * Support for IPv6
* Support for LDAP referrals * Support for LDAP referrals
* Offline failed login counter * Offline failed login counter
@ -1393,7 +1398,7 @@ Wed Mar 31 07:57:25 UTC 2010 - rhafer@novell.com
* Native local backend now has a utility to show nested memberships * Native local backend now has a utility to show nested memberships
(sss_groupshow) (sss_groupshow)
* New "simple" access provider for easy restriction of users * New "simple" access provider for easy restriction of users
- Backported libcrypto support from master to avoid Mozilla NSS - Backported libcrypto support from master to avoid Mozilla NSS
dependency dependency
- Backported password policy improvments for LDAP provider from - Backported password policy improvments for LDAP provider from
master master
@ -1401,7 +1406,7 @@ Wed Mar 31 07:57:25 UTC 2010 - rhafer@novell.com
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Mar 8 14:06:29 UTC 2010 - rhafer@novell.com Mon Mar 8 14:06:29 UTC 2010 - rhafer@novell.com
- use logfiles for debug messages by default - use logfiles for debug messages by default
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Mar 5 12:57:25 UTC 2010 - rhafer@novell.com Fri Mar 5 12:57:25 UTC 2010 - rhafer@novell.com
@ -1419,12 +1424,12 @@ Fri Feb 26 14:48:50 UTC 2010 - rhafer@novell.com
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Feb 4 17:04:01 UTC 2010 - rhafer@novell.com Thu Feb 4 17:04:01 UTC 2010 - rhafer@novell.com
- Updated to 1.0.4 - Updated to 1.0.4
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Oct 8 15:10:47 UTC 2009 - rhafer@novell.com Thu Oct 8 15:10:47 UTC 2009 - rhafer@novell.com
- Update to 0.6.0 - Update to 0.6.0
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Sep 4 08:59:21 UTC 2009 - rhafer@novell.com Fri Sep 4 08:59:21 UTC 2009 - rhafer@novell.com
@ -1435,4 +1440,3 @@ Fri Sep 4 08:59:21 UTC 2009 - rhafer@novell.com
Tue Sep 1 08:58:37 UTC 2009 - rhafer@novell.com Tue Sep 1 08:58:37 UTC 2009 - rhafer@novell.com
- initial package submission - initial package submission

View File

@ -30,6 +30,7 @@ Source2: http://releases.pagure.org/SSSD/sssd/%name-%version.tar.gz.asc
Source3: baselibs.conf Source3: baselibs.conf
Source4: sssd.service Source4: sssd.service
Source5: %name.keyring Source5: %name.keyring
Patch1: krb-noversion.diff
BuildRoot: %_tmppath/%name-%version-build BuildRoot: %_tmppath/%name-%version-build
%define servicename sssd %define servicename sssd
@ -362,11 +363,11 @@ Group: Development/Libraries/Python
Requires: python3 Requires: python3
%description -n python3-sssd-config %description -n python3-sssd-config
Provide python module to access and manage configuration of the System Provide python module to access and manage configuration of the System
Security Services Daemon (sssd). Security Services Daemon (sssd).
%prep %prep
%setup -q %autosetup -p1
%build %build
%if 0%{?suse_version} < 1210 %if 0%{?suse_version} < 1210