From e91bd6575670dafa4d82396b6606332e0d7e97b10e61aa076004a8b7ec5a3bf4 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Fri, 15 Feb 2019 17:36:42 +0000 Subject: [PATCH 1/2] - Add krb-noversion.diff so sssd_pac builds even with newer krb. OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=211 --- krb-noversion.diff | 20 ++++++++++++++++++++ sssd.changes | 5 +++++ sssd.spec | 3 ++- 3 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 krb-noversion.diff diff --git a/krb-noversion.diff b/krb-noversion.diff new file mode 100644 index 0000000..3dea2c2 --- /dev/null +++ b/krb-noversion.diff @@ -0,0 +1,20 @@ +From: Jan Engelhardt +Date: 2019-02-15 17:20:47.842813210 +0100 + +Remove versions checks that need updating every iteration. +--- + src/external/pac_responder.m4 | 1 + + 1 file changed, 1 insertion(+) + +Index: sssd-2.0.0/src/external/pac_responder.m4 +=================================================================== +--- sssd-2.0.0.orig/src/external/pac_responder.m4 ++++ sssd-2.0.0/src/external/pac_responder.m4 +@@ -11,6 +11,7 @@ then + AC_MSG_CHECKING(for supported MIT krb5 version) + KRB5_VERSION="`$KRB5_CONFIG --version`" + case $KRB5_VERSION in ++ *|\ + Kerberos\ 5\ release\ 1.9* | \ + Kerberos\ 5\ release\ 1.10* | \ + Kerberos\ 5\ release\ 1.11* | \ diff --git a/sssd.changes b/sssd.changes index 73a92ad..4cfcf04 100644 --- a/sssd.changes +++ b/sssd.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Feb 15 17:36:22 UTC 2019 - Jan Engelhardt + +- Add krb-noversion.diff so sssd_pac builds even with newer krb. + ------------------------------------------------------------------- Mon Oct 1 13:34:56 UTC 2018 - ckowalczyk@suse.com diff --git a/sssd.spec b/sssd.spec index 968ff3c..972de34 100644 --- a/sssd.spec +++ b/sssd.spec @@ -30,6 +30,7 @@ Source2: http://releases.pagure.org/SSSD/sssd/%name-%version.tar.gz.asc Source3: baselibs.conf Source4: sssd.service Source5: %name.keyring +Patch1: krb-noversion.diff BuildRoot: %_tmppath/%name-%version-build %define servicename sssd @@ -366,7 +367,7 @@ Provide python module to access and manage configuration of the System Security Services Daemon (sssd). %prep -%setup -q +%autosetup -p1 %build %if 0%{?suse_version} < 1210 From ffca9a8b0e34c30037d9ad6c1f5b95c5c825818e8c636e6ed9c61e712407bddf Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Fri, 15 Feb 2019 20:56:08 +0000 Subject: [PATCH 2/2] trim spaces OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=212 --- sssd.changes | 59 ++++++++++++++++++++++++++-------------------------- sssd.spec | 2 +- 2 files changed, 30 insertions(+), 31 deletions(-) diff --git a/sssd.changes b/sssd.changes index 4cfcf04..fa6dfc4 100644 --- a/sssd.changes +++ b/sssd.changes @@ -70,7 +70,7 @@ Fri Aug 31 07:14:39 UTC 2018 - kbabioch@suse.com ------------------------------------------------------------------- Sun Jul 1 12:44:00 UTC 2018 - ckowalczyk@suse.com -- Fixed patch name. +- Fixed patch name. ------------------------------------------------------------------- Wed Jun 20 10:46:34 UTC 2018 - ckowalczyk@suse.com @@ -81,7 +81,7 @@ Wed Jun 20 10:46:34 UTC 2018 - ckowalczyk@suse.com (bsc#1098377, CVE-2018-10852) * Fix for sssd upstream integration tests 0002-intg-Do-not-hardcode-nsslibdir.patch - (bsc#1098163) + (bsc#1098163) ------------------------------------------------------------------- Wed Jun 20 08:38:53 UTC 2018 - varkoly@suse.com @@ -228,7 +228,7 @@ New Features sssd-systemtap(5) manual page for more information. * A new LDAP provide access control mechanism that allows to restrict access based on PAM's rhost data field was added. For more details, - please consult the sssd-ldap(5) manual page, in particular the + please consult the sssd-ldap(5) manual page, in particular the options ldap_user_authorized_rhost and the rhost value of ldap_access_filter. @@ -403,30 +403,30 @@ Wed Dec 7 10:39:30 UTC 2016 - jengelh@inai.de Wed Oct 19 22:21:30 UTC 2016 - michael@stroeder.com - Update to new upstream release 1.14.2 - * Several more regressions caused by cache refactoring to use qualified - names internally were fixed, including a regression that prevented the + * Several more regressions caused by cache refactoring to use qualified + names internally were fixed, including a regression that prevented the krb5_map_user option from working correctly. * A regression when logging in with a smart card using the GDM login manager was fixed - * SSSD now removes the internal timestamp on startup cache when the - persistent cache is removed. This enables admins to follow their existing + * SSSD now removes the internal timestamp on startup cache when the + persistent cache is removed. This enables admins to follow their existing workflow of just removing the persistent cache and start from a fresh slate * Several fixes to the sssd-secrets responder are present in this release - * A bug in the autofs responder that prevented automounter maps from being + * A bug in the autofs responder that prevented automounter maps from being returned when sssd_be was offline was fixed - * A similar bug in the NSS responder that prevented netgroups from being + * A similar bug in the NSS responder that prevented netgroups from being returned when sssd_be was offline was fixed - * Disabling the netlink integration can now be done with a new option - disable_netlink. Previously, the netlink integration could be disabled with + * Disabling the netlink integration can now be done with a new option + disable_netlink. Previously, the netlink integration could be disabled with a sssd command line switch, which is being deprecated in this release. - * The internal watchdog no longer kills sssd processes in case time shifts + * The internal watchdog no longer kills sssd processes in case time shifts during sssd runtime - * The fail over code is able to cope with concurrent SRV resolution + * The fail over code is able to cope with concurrent SRV resolution requests better in this release - * The proxy provider gained a new option proxy_max_children that allows the - administrator to control the maximum number of child helper processes that + * The proxy provider gained a new option proxy_max_children that allows the + administrator to control the maximum number of child helper processes that authenticate users with auth_provider=proxy - * The InfoPipe D-Bus responder exports the UUIDs of user and group objects + * The InfoPipe D-Bus responder exports the UUIDs of user and group objects through a uniqueID property ------------------------------------------------------------------- @@ -771,7 +771,7 @@ Sat Oct 11 13:36:48 UTC 2014 - jengelh@inai.de ------------------------------------------------------------------- Sat Oct 11 00:16:15 UTC 2014 - crrodriguez@opensuse.org -- 0001-build-detect-endianness-at-configure-time.patch +- 0001-build-detect-endianness-at-configure-time.patch Correct defective endianness test. ------------------------------------------------------------------- @@ -835,7 +835,7 @@ Sun Aug 10 12:20:50 UTC 2014 - jengelh@inai.de logon rights onto Linux PAM services. * Added a new library called sss_sifp that provides a simple synchronous API for communication with our new InfoPipe responder - over the system bus. + over the system bus. - Remove 0001-BUILD-Link-libsss_ldap_common.so-to-libsss_idmap.so.patch (merged upstream) - Provide "rcsssd" in systemd environments @@ -851,7 +851,7 @@ Thu Jun 12 14:18:30 UTC 2014 - ckornacker@suse.com ------------------------------------------------------------------- Tue May 27 16:56:42 UTC 2014 - crrodriguez@opensuse.org -- Switch to libnl-3 so we can get rid of libnl-1. +- Switch to libnl-3 so we can get rid of libnl-1. ------------------------------------------------------------------- Sat May 24 14:36:43 UTC 2014 - jengelh@inai.de @@ -941,7 +941,7 @@ Fri Dec 20 21:54:58 UTC 2013 - jengelh@inai.de ------------------------------------------------------------------- Thu Nov 28 16:51:39 UTC 2013 - ckornacker@suse.com -- Migrate deprecated krb5_kdcip variable to krb5_server (bnc#851048) +- Migrate deprecated krb5_kdcip variable to krb5_server (bnc#851048) ------------------------------------------------------------------- Fri Nov 1 22:12:03 UTC 2013 - jengelh@inai.de @@ -1103,7 +1103,7 @@ Sat Nov 10 00:27:06 UTC 2012 - jengelh@inai.de * Fixed memory hierarchy of subdomains discovery requests that caused use-after-free access bugs * The krb5_child and ldap_child processes can print libkrb5 tracing - information in the debug logs + information in the debug logs ------------------------------------------------------------------- Wed Jun 27 12:32:05 UTC 2012 - jengelh@inai.de @@ -1141,7 +1141,7 @@ Fri Apr 13 13:03:44 PDT 2012 - ben.kevan@gmail.com Mon Apr 9 21:45:45 PDT 2012 - ben.kevan@gmail.com - Add suse_version condition for glib over libunistring for - SLES 11 SP2. + SLES 11 SP2. - Update to new upstream release 1.8.2 * Fix for GSSAPI binds when the keytab contains unrelated principals @@ -1321,7 +1321,7 @@ Sun Dec 19 13:37:32 UTC 2010 - aj@suse.de ------------------------------------------------------------------- Thu Nov 25 16:30:40 UTC 2010 - rhafer@novell.com -- install systemd service file +- install systemd service file ------------------------------------------------------------------- Tue Nov 16 11:06:02 UTC 2010 - rhafer@novell.com @@ -1371,7 +1371,7 @@ Mon Aug 30 12:57:47 UTC 2010 - rhafer@novell.com * Support for netlink now allows us to more quickly detect situations where we may have come online * New option "dns_discovery_domain" allows better configuration for - using SRV records for failover + using SRV records for failover - New subpackages: libpath_utils1, libpath_utils-devel, libref_array1 and libref_array-devel @@ -1385,7 +1385,7 @@ Wed Mar 31 14:02:43 UTC 2010 - rhafer@novell.com ------------------------------------------------------------------- Wed Mar 31 07:57:25 UTC 2010 - rhafer@novell.com -- Updated to 1.1.0 +- Updated to 1.1.0 * Support for IPv6 * Support for LDAP referrals * Offline failed login counter @@ -1398,7 +1398,7 @@ Wed Mar 31 07:57:25 UTC 2010 - rhafer@novell.com * Native local backend now has a utility to show nested memberships (sss_groupshow) * New "simple" access provider for easy restriction of users -- Backported libcrypto support from master to avoid Mozilla NSS +- Backported libcrypto support from master to avoid Mozilla NSS dependency - Backported password policy improvments for LDAP provider from master @@ -1406,7 +1406,7 @@ Wed Mar 31 07:57:25 UTC 2010 - rhafer@novell.com ------------------------------------------------------------------- Mon Mar 8 14:06:29 UTC 2010 - rhafer@novell.com -- use logfiles for debug messages by default +- use logfiles for debug messages by default ------------------------------------------------------------------- Fri Mar 5 12:57:25 UTC 2010 - rhafer@novell.com @@ -1424,12 +1424,12 @@ Fri Feb 26 14:48:50 UTC 2010 - rhafer@novell.com ------------------------------------------------------------------- Thu Feb 4 17:04:01 UTC 2010 - rhafer@novell.com -- Updated to 1.0.4 +- Updated to 1.0.4 ------------------------------------------------------------------- Thu Oct 8 15:10:47 UTC 2009 - rhafer@novell.com -- Update to 0.6.0 +- Update to 0.6.0 ------------------------------------------------------------------- Fri Sep 4 08:59:21 UTC 2009 - rhafer@novell.com @@ -1440,4 +1440,3 @@ Fri Sep 4 08:59:21 UTC 2009 - rhafer@novell.com Tue Sep 1 08:58:37 UTC 2009 - rhafer@novell.com - initial package submission - diff --git a/sssd.spec b/sssd.spec index 972de34..98e4932 100644 --- a/sssd.spec +++ b/sssd.spec @@ -363,7 +363,7 @@ Group: Development/Libraries/Python Requires: python3 %description -n python3-sssd-config -Provide python module to access and manage configuration of the System +Provide python module to access and manage configuration of the System Security Services Daemon (sssd). %prep