From b75ea40b7074080b948c666392cbfab07915ba469d76b93014090a545666e684 Mon Sep 17 00:00:00 2001 From: Martin Pluskal Date: Thu, 14 Apr 2016 18:01:48 +0000 Subject: [PATCH 1/3] Accepting request 390020 from home:stroeder:branches:network:ldap update to 1.13.4 OBS-URL: https://build.opensuse.org/request/show/390020 OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=171 --- sssd-1.13.3.tar.gz | 3 --- sssd-1.13.3.tar.gz.asc | 7 ------- sssd-1.13.4.tar.gz | 3 +++ sssd-1.13.4.tar.gz.asc | 7 +++++++ sssd.changes | 40 ++++++++++++++++++++++++++++++++++++++++ sssd.spec | 2 +- 6 files changed, 51 insertions(+), 11 deletions(-) delete mode 100644 sssd-1.13.3.tar.gz delete mode 100644 sssd-1.13.3.tar.gz.asc create mode 100644 sssd-1.13.4.tar.gz create mode 100644 sssd-1.13.4.tar.gz.asc diff --git a/sssd-1.13.3.tar.gz b/sssd-1.13.3.tar.gz deleted file mode 100644 index f7cfd38..0000000 --- a/sssd-1.13.3.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:3fd8fe8e6ee9f50b33eecd1bcccfaa44791f30d4e5f3113ba91457ba5f411f85 -size 4661143 diff --git a/sssd-1.13.3.tar.gz.asc b/sssd-1.13.3.tar.gz.asc deleted file mode 100644 index e88c30a..0000000 --- a/sssd-1.13.3.tar.gz.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iEYEABECAAYFAlZwc5IACgkQHsardTLnvCXyOgCg20lBb2owmQRYRjPZClBcn9+y -GU4AnR/tg+KqvfA/djm5yoV4/Ys3LA2g -=zefD ------END PGP SIGNATURE----- diff --git a/sssd-1.13.4.tar.gz b/sssd-1.13.4.tar.gz new file mode 100644 index 0000000..8e16ee3 --- /dev/null +++ b/sssd-1.13.4.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0a7bba7697088734c5fa1844dbb6de4f1f11afd30df02f0c1dd2579114c0a194 +size 4730392 diff --git a/sssd-1.13.4.tar.gz.asc b/sssd-1.13.4.tar.gz.asc new file mode 100644 index 0000000..adc22cc --- /dev/null +++ b/sssd-1.13.4.tar.gz.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iEYEABECAAYFAlcPWC0ACgkQHsardTLnvCUN0ACfUaD9ymW6zqntaFMG+xYLChRj +3FUAoItHho7bSsdNziD98BhPQKLPAETj +=CSMb +-----END PGP SIGNATURE----- diff --git a/sssd.changes b/sssd.changes index 3c8c304..d90286a 100644 --- a/sssd.changes +++ b/sssd.changes @@ -1,3 +1,43 @@ +------------------------------------------------------------------- +Thu Apr 14 17:20:11 UTC 2016 - michael@stroeder.com + +- Update to new upstream release 1.13.4 + * The IPA sudo provider was reimplemented. The new version reads the + data from IPA's LDAP tree (as opposed to the compat tree populated by + the slapi-nis plugin that was used previously). The benefit is that + deployments which don't require the compat tree for other purposes, + such as support for non-SSSD clients can disable those autogenerated + LDAP trees to conserve resources that slapi-nis otherwise requires. There + should be no visible changes to the end user. + * SSSD now has the ability to renew the machine credentials (keytabs) + when the ad provider is used. Please note that a recent version of + the adcli (0.8 or newer) package is required for this feature to work. + * The automatic ID mapping feature was improved so that the administrator + is no longer required to manually set the range size in case a RID in + the AD domain is larger than the default range size + * A potential infinite loop in the NFS ID mapping plugin that was + resulting in an excessive memory usage was fixed + * Clients that are pinned to a particular AD site using the ad_site + option no longer communicate with DCs outside that site during service + discovery. + * The IPA identity provider is now able to resolve external + (typically coming from a trusted AD forest) group members during + get-group-information requests. Please note that resolving external + group memberships for AD users during the initgroup requests used to + work even prior to this update. This feature is mostly useful for cases + where an IPA client is using the compat tree to resolve AD trust users. + * The IPA ID views feature now works correctly even for deployments + without a trust relationship. Previously, the subdomains IPA provider + failed to read the views data if no master domain record was created + on the IPA server during trust establishment. + * A race condition in the client libraries between the SSSD closing + the socket as idle and the client application using the socket was + fixed. This bug manifested with a Broken Pipe error message on the + client. + * SSSD is now able to resolve users with the same usernames in different + OUs of an AD domain + * The smartcard authentication now works properly with gnome-screensaver + ------------------------------------------------------------------- Wed Feb 10 16:38:37 UTC 2016 - mpluskal@suse.com diff --git a/sssd.spec b/sssd.spec index 2a41add..012238e 100644 --- a/sssd.spec +++ b/sssd.spec @@ -17,7 +17,7 @@ Name: sssd -Version: 1.13.3 +Version: 1.13.4 Release: 0 Summary: System Security Services Daemon License: GPL-3.0+ and LGPL-3.0+ From 0320a60e675113cfd9ebbdf1042c95a4fcb2a054d96d2e100f65eafbdc220313 Mon Sep 17 00:00:00 2001 From: Howard Guo Date: Mon, 18 Apr 2016 12:29:12 +0000 Subject: [PATCH 2/3] - Enable PAC responder. PAC is an extension element returned by domain controller, to speed up resolution of authorisation data such as group memberships. OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=172 --- sssd.changes | 7 +++++++ sssd.spec | 4 +++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/sssd.changes b/sssd.changes index d90286a..741a3c2 100644 --- a/sssd.changes +++ b/sssd.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Mon Apr 18 12:24:29 UTC 2016 - hguo@suse.com + +- Enable PAC responder. + PAC is an extension element returned by domain controller, to speed + up resolution of authorisation data such as group memberships. + ------------------------------------------------------------------- Thu Apr 14 17:20:11 UTC 2016 - michael@stroeder.com diff --git a/sssd.spec b/sssd.spec index 012238e..d0ea641 100644 --- a/sssd.spec +++ b/sssd.spec @@ -81,6 +81,7 @@ BuildRequires: pkgconfig(python) BuildRequires: pkgconfig(talloc) BuildRequires: pkgconfig(tdb) >= 1.1.3 BuildRequires: pkgconfig(tevent) +BuildRequires: pkgconfig(ndr_krb5pac) %{?systemd_requires} Requires: sssd-ldap = %version-%release Requires(postun): pam-config @@ -100,6 +101,7 @@ Summary: The ActiveDirectory backend plugin for sssd License: GPL-3.0+ Group: System/Daemons Requires: %name-krb5-common = %version +Requires: libndr-krb5pac0 %description ad Provides the Active Directory back end that the SSSD can utilize to @@ -401,7 +403,6 @@ export LDFLAGS="-pie" --with-os=suse \ --with-semanage=no \ --disable-ldb-version-check \ - --disable-pac-responder make %{?_smp_mflags} all @@ -540,6 +541,7 @@ rm -f /var/lib/sss/db/*.ldb %dir %_libdir/%name/ %_libdir/%name/libsss_ad.so %dir %_libexecdir/%name/ +%_libexecdir/%name/sssd_pac %_libexecdir/%name/gpo_child %dir %_datadir/%name/ %dir %_datadir/%name/sssd.api.d/ From 86273c6d97b571f67971e943358f70fb3d6f98a55d02d7e42be14dcb9956869d Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Mon, 18 Apr 2016 12:48:53 +0000 Subject: [PATCH 3/3] kill stupid explicit requires OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=173 --- sssd.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/sssd.spec b/sssd.spec index d0ea641..1fdbe2a 100644 --- a/sssd.spec +++ b/sssd.spec @@ -101,7 +101,6 @@ Summary: The ActiveDirectory backend plugin for sssd License: GPL-3.0+ Group: System/Daemons Requires: %name-krb5-common = %version -Requires: libndr-krb5pac0 %description ad Provides the Active Directory back end that the SSSD can utilize to