Accepting request 452863 from network:ldap

Update to 1.15.0 and tested it with Howard Guo's test suite on Tumbleweed x86_64.

OBS-URL: https://build.opensuse.org/request/show/452863
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sssd?expand=0&rev=79

0001-krb5-1.15-build-fix.patch

@@ -1,29 +0,0 @@
-From: Jan Engelhardt <jengelh@inai.de>
-Date: 2016-12-07 11:36:34.201377440 +0100
-Upstream: no
-
-build: unlock all krb5 versions
-
-The check is really stupid (like testing for "2.6.*" kernel was elsewhere), as
-it prevents using future versions. The check should have tested
-for {1.[0-9]:reject} instead.
-
-Anyway, unlock all versions. The minimum requirement is enforced
-in openSUSE by way of the spec file.
----
- src/external/pac_responder.m4 |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-Index: sssd-1.14.2/src/external/pac_responder.m4
-===================================================================
---- sssd-1.14.2.orig/src/external/pac_responder.m4
-+++ sssd-1.14.2/src/external/pac_responder.m4
-@@ -11,7 +11,7 @@ then
-     AC_MSG_CHECKING(for supported MIT krb5 version)
-     KRB5_VERSION="`$KRB5_CONFIG --version`"
-     case $KRB5_VERSION in
--        Kerberos\ 5\ release\ 1.9* | \
-+        Kerberos\ 5\ release\ 1.* | \
-         Kerberos\ 5\ release\ 1.10* | \
-         Kerberos\ 5\ release\ 1.11* | \
-         Kerberos\ 5\ release\ 1.12* | \

sssd-1.14.2.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:868660edcdf538e0c0a4889b6b9d600bfdd4036e67b417336a800794cdd7726d
-size 5086805

sssd-1.14.2.tar.gz.asc

@@ -1,6 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iEYEABECAAYFAlgHxxYACgkQHsardTLnvCVGpgCcDtDKl/ziIOtK3/vD2G7oIacG
-c2sAoIFLv+nACKc37h0SgaewmJkycRGv
-=UHJw
------END PGP SIGNATURE-----

sssd-1.15.0.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:729ed277ff99e4adec81291b6a3ec28147a2531b733f36f429940de01ec7b344
+size 5178779

sssd-1.15.0.tar.gz.asc

@@ -0,0 +1,6 @@
+-----BEGIN PGP SIGNATURE-----
+
+iEYEABECAAYFAliIx8gACgkQHsardTLnvCUx9gCggg/0GBat/nZT98+IjlSF9h1u
+BsIAoIhnoCAHFsbnF6Y3DfXN47ySyPbt
+=o/YH
+-----END PGP SIGNATURE-----

sssd.changes

@@ -1,3 +1,37 @@
+-------------------------------------------------------------------
+Wed Jan 25 19:25:09 UTC 2017 - michael@stroeder.com
+
+- Removed 0001-krb5-1.15-build-fix.patch obsoleted by upstream update
+- Update to new upstream release 1.15.0
+  * SSSD now allows the responders to be activated by the systemd service
+    manager and exit when idle. This means the services line in sssd.conf is
+    optional and the responders can be started on-demand, simplifying the sssd
+    configuration. Please note that this change is backwards-compatible and
+    the responders listed explicitly in sssd.conf's services line are managed
+    by sssd in the same manner as in previous releases. Please refer to man
+    sssd.conf(5) for more information
+  * The sudo provider is no longer disabled for configurations that do not
+    explicitly include the sudo responder in the services list. In order to
+    disable the sudo-related back end code that executes the periodic LDAP
+    queries, set the sudo_provider to none explicitly
+  * The watchdog signal handler no longer uses signal-unsafe functions. This
+    bug was causing a deadlock in case the watchdog was about to kill a
+    stuck process
+  * A bug that prevented TLS to be set up correctly on systems where libldap
+    links with GnuTLS was fixed
+  * The functionality to alter SSSD configuration through the D-Bus interface
+    provided by the IFP responder was removed. This functionality was not used to
+    the best of our knowledge, had no tests and prevented the InfoPipe responder
+    from running as a non-privileged user.
+  * A bug that prevented statically-linked applications from using libnss_sss
+    was fixed by removing dependency on -lpthreads from the libnss_sss library
+    (please see https://sourceware.org/bugzilla/show_bug.cgi?id=20500 for
+    an example on why linking with -lpthread from an NSS modules is problematic)
+  * Previously, SSSD did not ignore GPOs that were missing the
+    gPCFunctionalityVersion attribute and failed the whole GPO
+    processing. Starting with this version, the GPOs without the
+    gPCFunctionalityVersion are skipped.
+
 -------------------------------------------------------------------
 Mon Dec 12 13:36:18 UTC 2016 - dimstar@opensuse.org
 

sssd.spec

@@ -17,7 +17,7 @@
 
 
 Name:           sssd
-Version:        1.14.2
+Version:        1.15.0
 Release:        0
 Summary:        System Security Services Daemon
 License:        GPL-3.0+ and LGPL-3.0+
@@ -32,9 +32,6 @@ Source4:        sssd.service
 Source5:        %name.keyring
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
-# see https://build.opensuse.org/request/show/443977
-Patch1:         0001-krb5-1.15-build-fix.patch
-
 %define servicename	sssd
 %define sssdstatedir	%_localstatedir/lib/sss
 %define dbpath		%sssdstatedir/db
@@ -381,7 +378,6 @@ Security Services Daemon (sssd).
 
 %prep
 %setup -q
-%patch -P 1 -p1
 
 %build
 %if 0%{?suse_version} < 1210
@@ -571,7 +567,6 @@ rm -f /var/lib/sss/db/*.ldb
 %dir %_libexecdir/sssd/
 %_libexecdir/sssd/sssd_ifp
 %dir %_libdir/sssd/
-%_libdir/sssd/libsss_config.so
 %_mandir/man5/sssd-ifp.5*
 %dir %_mandir/??/
 %dir %_mandir/??/man5/