SHA256
1
0
forked from jengelh/sssd

Accepting request 334998 from home:stroeder:branches:network:ldap

update to 1.13.1, successfully tested on openSUSE 13.2 with sssd-ldap

OBS-URL: https://build.opensuse.org/request/show/334998
OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=160
This commit is contained in:
Howard Guo 2015-09-30 13:29:05 +00:00 committed by Git OBS Bridge
parent 828ab1693b
commit 242b37bf26
6 changed files with 208 additions and 12 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:bd1dd95165bca02a08fbd0ea8ac6aa296bc339798d6c6566aee823c536718a5a
size 4417697

View File

@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEABECAAYFAlWa1YEACgkQHsardTLnvCXJQACgtx+37IBGO6/nBGqBCx5Y/Eye
Su4AoIqcfMtZZnEPC/0D0TMwAGDBhv4i
=N/oh
-----END PGP SIGNATURE-----

3
sssd-1.13.1.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ff6425d455a5cae2359e32c8627832e67b5cc0bbec4081a16d926b6e1b431ae7
size 4517171

7
sssd-1.13.1.tar.gz.asc Normal file
View File

@ -0,0 +1,7 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEABECAAYFAlYLta0ACgkQHsardTLnvCX0lwCgzMl3DT9BbTgcXGcM0Q2AGLUf
+8QAoK5LZJdWZ+HcXC7ZIOTJ0vv9a9FB
=z5ez
-----END PGP SIGNATURE-----

View File

@ -1,3 +1,199 @@
-------------------------------------------------------------------
Wed Sep 30 11:44:21 UTC 2015 - michael@stroeder.com
- Update to new upstream release 1.13.1
- libsss_ad_common.so not installed anymore
== Highlights ==
* Initial support for Smart Card authentication was added. The feature
can be activated with the new pam_cert_auth option
* The PAM prompting was enhanced so that when Two-Factor Authentication
is used, both factors (password and token) can be entered separately
on separate prompts. At the same time, only the long-term password is
cached, so offline access would still work using the long term password
* A new command line tool sss_override is present in this release. The
tools allows to override attributes on the SSSD side. It's helpful in
environment where e.g. some hosts need to have a different view of POSIX
attributes than others. Please note that the overrides are stored in
the cache as well, so removing the cache will also remove the overrides
* New methods were added to the SSSD D-Bus interface. Notably support
for looking up a user by certificate and looking up multiple users
using a wildcard was added. Please see the interface introspection or
the design pages for full details
* Several enhancements to the dynamic DNS update code. Notably, clients
that update multiple interfaces work better with this release
* This release supports authenticating againt a KDC proxy
* The fail over code was enhanced so that if a trusted domain is not
reachable, only that domain will be marked as inactive but the backed
would stay in online mode
* Several fixes to the GPO access control code are present
== Packaging Changes ==
* The Smart Card authentication feature requires a helper process
p11_child that needs to be marked as setgid if SSSD needs to be able
to. Please note the p11_child requires the NSS crypto library at the moment
* The sss_override tool was added along with its own manpage
* The upstream RPM can now build on RHEL/CentOS 6.7
== Documentation Changes ==
* The config_file_version configuration option now defaults to 2. As
an effect, this option doesn't have to be set anymore unless the config
file format is changed again by SSSD upstream
* It is now possible to specify a comma-separated list of interfaces in
the dyndns_iface option
* The InfoPipe responder and the LDAP provider gained a new option
wildcard_lookup that specifies an upper limit on the number of entries
that can be returned with a wildcard lookup
* A new option dyndns_server was added. This option allows to attempt
a fallback DNS update against a specific DNS server. Please note this
option only works as a fallback, the first attempt will always be
performed against autodiscovered servers.
* The PAM responder gained a new option ca_db that allows the storage
of trusted CA certificates to be specified
* The time the p11_child is allowed to operate can be specified using
a new option p11_child_timeout
== Tickets Fixed ==
https://fedorahosted.org/sssd/ticket/546
[RFE] Support for smart cards
https://fedorahosted.org/sssd/ticket/1697
sssd: incorrect checks on length values during packet decoding
https://fedorahosted.org/sssd/ticket/1926
[RFE] Start the dynamic DNS update after the SSSD has been setup for
the first time
https://fedorahosted.org/sssd/ticket/1994
Complain loudly if backend doesn't start due to missing or invalid keytab
https://fedorahosted.org/sssd/ticket/2275
nested netgroups do not work in IPA provider
https://fedorahosted.org/sssd/ticket/2283
test dyndns failed.
https://fedorahosted.org/sssd/ticket/2335
Investigate using the krb5 responder for driving the PAM conversation
with OTPs
https://fedorahosted.org/sssd/ticket/2463
Pass error messages via the extdom plugin
https://fedorahosted.org/sssd/ticket/2495
[RFE]Allow sssd to add a new option that would specify which server
to update DNS with
https://fedorahosted.org/sssd/ticket/2549
RFE: Support multiple interfaces with the dyndns_iface option
https://fedorahosted.org/sssd/ticket/2553
RFE: Add support for wildcard-based cache updates
https://fedorahosted.org/sssd/ticket/2558
Add dualstack and multihomed support
https://fedorahosted.org/sssd/ticket/2561
Too much logging
https://fedorahosted.org/sssd/ticket/2579
TRACKER: Support one-way trusts for IPA
https://fedorahosted.org/sssd/ticket/2581
Re-check memcache after acquiring the lock in the client code
https://fedorahosted.org/sssd/ticket/2584
RFE: Support client-side overrides
https://fedorahosted.org/sssd/ticket/2597
Add index for 'objectSIDString' and maybe to other cache attributes
https://fedorahosted.org/sssd/ticket/2637
RFE: Don't mark the main domain as offline if SSSD can't connect to
a subdomain
https://fedorahosted.org/sssd/ticket/2639
RFE: Detect re-established trusts in the IPA subdomain code
https://fedorahosted.org/sssd/ticket/2652
KDC proxy not working with SSSD krb5_use_kdcinfo enabled
https://fedorahosted.org/sssd/ticket/2676
Group members are not turned into ghost entries when the user is purged
from the SSSD cache
https://fedorahosted.org/sssd/ticket/2682
sudoOrder not honored as expected
https://fedorahosted.org/sssd/ticket/2688
Default to config_file_version=2
https://fedorahosted.org/sssd/ticket/2691
GPO: PAM system error returned for PAM_ACCT_MGMT and offline mode
https://fedorahosted.org/sssd/ticket/2692
GPO: Access denied due to using wrong sam_account_name
https://fedorahosted.org/sssd/ticket/2694
CI: Fix ramshackle test_ipa_subdomains_server (FAIL:
test_ipa_subdom_server)
https://fedorahosted.org/sssd/ticket/2699
SSSDConfig: wrong return type returned on python3
https://fedorahosted.org/sssd/ticket/2700
krb5_child should always consider online state to allow use of
MS-KKDC proxy
https://fedorahosted.org/sssd/ticket/2708
Logging messages from user point of view
https://fedorahosted.org/sssd/ticket/2711
[RFE] Provide interface for SSH to fetch user certificate
https://fedorahosted.org/sssd/ticket/2712
Initgroups memory cache does not work with fq names
https://fedorahosted.org/sssd/ticket/2716
Initgroups mmap cache needs update after db changes
https://fedorahosted.org/sssd/ticket/2717
well-known SID check is broken for NetBIOS prefixes
https://fedorahosted.org/sssd/ticket/2718
SSSD keytab validation check expects root ownership
https://fedorahosted.org/sssd/ticket/2719
IPA: returned unknown dp error code with disabled migration mode
https://fedorahosted.org/sssd/ticket/2722
Missing config options in gentoo init script
https://fedorahosted.org/sssd/ticket/2723
Could not resolve AD user from root domain
https://fedorahosted.org/sssd/ticket/2724
getgrgid for user's UID on a trust client prevents getpw*
https://fedorahosted.org/sssd/ticket/2725
If AD site detection fails, not even ad_site override skipped
https://fedorahosted.org/sssd/ticket/2729
Do not send SSS_OTP if both factors were entered separately
https://fedorahosted.org/sssd/ticket/2731
searching SID by ID always checks all domains
https://fedorahosted.org/sssd/ticket/2733
Don't use deprecated libraries (libsystemd-*)
https://fedorahosted.org/sssd/ticket/2737
sss_override: add import and export commands
https://fedorahosted.org/sssd/ticket/2738
Cannot build rpms from upstream spec file on rawhide
https://fedorahosted.org/sssd/ticket/2742
When certificate is added via user-add-cert, it cannot be looked up
via org.freedesktop.sssd.infopipe.Users.FindByCertificate
https://fedorahosted.org/sssd/ticket/2743
memory cache can work intermittently
https://fedorahosted.org/sssd/ticket/2744
cleanup_groups should sanitize dn of groups
https://fedorahosted.org/sssd/ticket/2746
the PAM srv test often fails on RHEL-7
https://fedorahosted.org/sssd/ticket/2748
test_memory_cache failed in invalidation cache before stop
https://fedorahosted.org/sssd/ticket/2749
Fix crash in nss responder
https://fedorahosted.org/sssd/ticket/2754
Clear environment and set restrictive umask in p11_child
https://fedorahosted.org/sssd/ticket/2757
sss_override does not work correctly when 'use_fully_qualified_names
= True'
https://fedorahosted.org/sssd/ticket/2758
sss_override contains an extra parameter --debug but is not listed in
the man page or in the arguments help
https://fedorahosted.org/sssd/ticket/2762
[RFE] sssd: better feedback form constraint password change
https://fedorahosted.org/sssd/ticket/2768
Test 'test_id_cleanup_exp_group' failed
https://fedorahosted.org/sssd/ticket/2772
sssd cannot resolve user names containing backslash with ldap provider
https://fedorahosted.org/sssd/ticket/2773
Make p11_child timeout configurable
https://fedorahosted.org/sssd/ticket/2777
Fix memory leak in GPO
https://fedorahosted.org/sssd/ticket/2782
sss_override : The local override user is not found
https://fedorahosted.org/sssd/ticket/2783
REGRESSION: Dyndns soes not update reverse DNS records
https://fedorahosted.org/sssd/ticket/2790
sss_override --name doesn't work with RFC2307 and ghost users
https://fedorahosted.org/sssd/ticket/2799
unit tests do not link correctly on Debian
https://fedorahosted.org/sssd/ticket/2803
Memory leak / possible DoS with krb auth.
https://fedorahosted.org/sssd/ticket/2805
AD: Conditional jump or move depends on uninitialised value
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Aug 20 08:34:44 UTC 2015 - jengelh@inai.de Thu Aug 20 08:34:44 UTC 2015 - jengelh@inai.de

View File

@ -17,7 +17,7 @@
Name: sssd Name: sssd
Version: 1.13.0 Version: 1.13.1
Release: 0 Release: 0
Summary: System Security Services Daemon Summary: System Security Services Daemon
License: GPL-3.0+ and LGPL-3.0+ License: GPL-3.0+ and LGPL-3.0+
@ -531,7 +531,6 @@ rm -f /var/lib/sss/db/*.ldb
%defattr(-,root,root) %defattr(-,root,root)
%dir %_libdir/%name/ %dir %_libdir/%name/
%_libdir/%name/libsss_ad.so %_libdir/%name/libsss_ad.so
%_libdir/%name/libsss_ad_common.so
%dir %_libexecdir/%name/ %dir %_libexecdir/%name/
%_libexecdir/%name/gpo_child %_libexecdir/%name/gpo_child
%dir %_datadir/%name/ %dir %_datadir/%name/
@ -620,6 +619,7 @@ rm -f /var/lib/sss/db/*.ldb
%_sbindir/sss_useradd %_sbindir/sss_useradd
%_sbindir/sss_userdel %_sbindir/sss_userdel
%_sbindir/sss_usermod %_sbindir/sss_usermod
%_sbindir/sss_override
%dir %_mandir/??/man8/ %dir %_mandir/??/man8/
%_mandir/??/man8/sss_*.8* %_mandir/??/man8/sss_*.8*
%_mandir/man8/sss_*.8* %_mandir/man8/sss_*.8*