forked from jengelh/sssd
Accepting request 536521 from network:ldap
- Update to new upstream release 1.16.0 OBS-URL: https://build.opensuse.org/request/show/536521 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sssd?expand=0&rev=84
This commit is contained in:
commit
348391ee50
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:4cd5fcb314d77a58029a216b7e6001c6cb41c5b784cf570c5761c97d1c12d264
|
|
||||||
size 5248134
|
|
@ -1,6 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iEYEABECAAYFAljJcscACgkQHsardTLnvCVCdwCgj0g3CSbz/gIS37W553d0QI7i
|
|
||||||
waoAnRN8+lQjwHQS+76q5nz2eSdRLnIG
|
|
||||||
=4tQo
|
|
||||||
-----END PGP SIGNATURE-----
|
|
3
sssd-1.16.0.tar.gz
Normal file
3
sssd-1.16.0.tar.gz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:c581a6e5365cef87fca419c0c9563cf15eadbb682863d648d85ffcded7a3940f
|
||||||
|
size 5899127
|
6
sssd-1.16.0.tar.gz.asc
Normal file
6
sssd-1.16.0.tar.gz.asc
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iEYEABECAAYFAlnqDFQACgkQHsardTLnvCU79wCg3b6eA8KEVLV8WECtUpTuFOb4
|
||||||
|
WtAAoIQpjJYhg/z0wNqa2wh5v7CLpZdP
|
||||||
|
=MMlI
|
||||||
|
-----END PGP SIGNATURE-----
|
70
sssd.changes
70
sssd.changes
@ -1,3 +1,73 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Oct 23 16:31:54 UTC 2017 - michael@stroeder.com
|
||||||
|
|
||||||
|
- Update to new upstream release 1.16.0
|
||||||
|
|
||||||
|
Security fixes
|
||||||
|
* This release fixes CVE-2017-12173: Unsanitized input when searching in
|
||||||
|
local cache database. SSSD stores its cached data in an LDAP like local
|
||||||
|
database file using libldb. To lookup cached data LDAP search filters
|
||||||
|
like (objectClass=user)(name=user_name) are used. However, in
|
||||||
|
sysdb_search_user_by_upn_res(), the input was not sanitized and
|
||||||
|
allowed to manipulate the search filter for cache lookups. This would
|
||||||
|
allow a logged in user to discover the password hash of a different user.
|
||||||
|
|
||||||
|
New Features
|
||||||
|
* SSSD now supports session recording configuration through tlog. This
|
||||||
|
feature enables recording of everything specific users see or type
|
||||||
|
during their sessions on a text terminal. For more information, see
|
||||||
|
the sssd-session-recording(5) manual page.
|
||||||
|
* SSSD can act as a client agent to deliver
|
||||||
|
Fleet Commander <https://wiki.gnome.org/Projects/FleetCommander>
|
||||||
|
policies defined on an IPA server. Fleet Commander provides a
|
||||||
|
configuration management interface that is controlled centrally and
|
||||||
|
that covers desktop, applications and network configuration.
|
||||||
|
* Several new systemtap <https://sourceware.org/systemtap/> probes
|
||||||
|
were added into various locations in SSSD code to assist in
|
||||||
|
troubleshooting and analyzing performance related issues. Please see the
|
||||||
|
sssd-systemtap(5) manual page for more information.
|
||||||
|
* A new LDAP provide access control mechanism that allows to restrict
|
||||||
|
access based on PAM's rhost data field was added. For more details,
|
||||||
|
please consult the sssd-ldap(5) manual page, in particular the
|
||||||
|
options ldap_user_authorized_rhost and the rhost value of
|
||||||
|
ldap_access_filter.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Jul 25 15:46:23 UTC 2017 - michael@stroeder.com
|
||||||
|
|
||||||
|
- Update to new upstream release 1.15.3 (KCM disabled)
|
||||||
|
|
||||||
|
New Features
|
||||||
|
* In a setup where an IPA domain trusts an Active Directory domain,
|
||||||
|
it is now possible to define the domain resolution order
|
||||||
|
(see http://www.freeipa.org/page/Releases/4.5.0#AD_User_Short_Names).
|
||||||
|
* Design page - Shortnames in trusted domains <https://docs.pagure.org/SSSD.sssd/design_pages/shortnames.html>
|
||||||
|
* SSSD ships with a new service called KCM. This service acts as a
|
||||||
|
storage for Kerberos tickets when "libkrb5" is configured to use
|
||||||
|
"KCM:" in "krb5.conf".
|
||||||
|
* Design page - KCM server for SSSD <https://docs.pagure.org/SSSD.sssd/design_pages/kcm.html>
|
||||||
|
* NOTE: There are several known issues in the "KCM" responder that
|
||||||
|
will be handled in the next release.
|
||||||
|
* Support for user and group resolution through the D-Bus interface and
|
||||||
|
authentication and/or authorization through the PAM interface even
|
||||||
|
for setups without UIDs or Windows SIDs present on the LDAP directory
|
||||||
|
side. This enhancement allows SSSD to be used together with apache
|
||||||
|
modules <https://github.com/adelton/mod_lookup_identity> to provide
|
||||||
|
identities for applications
|
||||||
|
* Design page - Support for non-POSIX users and groups <https://docs.pagure.org/SSSD.sssd/design_pages/non_posix_support.html>
|
||||||
|
* SSSD ships a new public library called "libsss_certmap" that allows
|
||||||
|
a flexible and configurable way of mapping a certificate to a user
|
||||||
|
identity.
|
||||||
|
* Design page - Matching and Mapping Certificates <https://docs.pagure.org/SSSD.sssd/design_pages/matching_and_mapping_certificates.html>
|
||||||
|
* The Kerberos locator plugin can be disabled using an environment variable
|
||||||
|
"SSSD_KRB5_LOCATOR_DISABLE". Please refer to the
|
||||||
|
"sssd_krb5_locator_plugin" manual page for mode details.
|
||||||
|
* The "sssctl" command line tool supports a new command "user-checks"
|
||||||
|
that enables the administrator to check whether a certain user should be
|
||||||
|
allowed or denied access to a certain PAM service.
|
||||||
|
* The "secrets" responder now forwards requests to a proxy Custodia
|
||||||
|
back end over a secure channel.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Mar 16 13:32:12 UTC 2017 - hguo@suse.com
|
Thu Mar 16 13:32:12 UTC 2017 - hguo@suse.com
|
||||||
|
|
||||||
|
47
sssd.spec
47
sssd.spec
@ -17,7 +17,7 @@
|
|||||||
|
|
||||||
|
|
||||||
Name: sssd
|
Name: sssd
|
||||||
Version: 1.15.2
|
Version: 1.16.0
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: System Security Services Daemon
|
Summary: System Security Services Daemon
|
||||||
License: GPL-3.0+ and LGPL-3.0+
|
License: GPL-3.0+ and LGPL-3.0+
|
||||||
@ -30,7 +30,7 @@ Source2: http://releases.pagure.org/SSSD/sssd/%name-%version.tar.gz.asc
|
|||||||
Source3: baselibs.conf
|
Source3: baselibs.conf
|
||||||
Source4: sssd.service
|
Source4: sssd.service
|
||||||
Source5: %name.keyring
|
Source5: %name.keyring
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %_tmppath/%name-%version-build
|
||||||
|
|
||||||
%define servicename sssd
|
%define servicename sssd
|
||||||
%define sssdstatedir %_localstatedir/lib/sss
|
%define sssdstatedir %_localstatedir/lib/sss
|
||||||
@ -214,6 +214,23 @@ Group: System/Libraries
|
|||||||
The idmap_sss module provides a way for Winbind to call SSSD to map
|
The idmap_sss module provides a way for Winbind to call SSSD to map
|
||||||
UIDs/GIDs and SIDs.
|
UIDs/GIDs and SIDs.
|
||||||
|
|
||||||
|
%package -n libsss_certmap0
|
||||||
|
Summary: FreeIPA ID mapping library
|
||||||
|
License: LGPL-3.0+
|
||||||
|
Group: System/Libraries
|
||||||
|
|
||||||
|
%description -n libsss_certmap0
|
||||||
|
A utility library for FreeIPA to map certs.
|
||||||
|
|
||||||
|
%package -n libsss_certmap-devel
|
||||||
|
Summary: Development files for the FreeIPA certmap library
|
||||||
|
License: LGPL-3.0+
|
||||||
|
Group: Development/Libraries/C and C++
|
||||||
|
Requires: libsss_certmap0 = %version
|
||||||
|
|
||||||
|
%description -n libsss_certmap-devel
|
||||||
|
A utility library for FreeIPA to map certs.
|
||||||
|
|
||||||
%package -n libipa_hbac0
|
%package -n libipa_hbac0
|
||||||
Summary: FreeIPA HBAC Evaluator library
|
Summary: FreeIPA HBAC Evaluator library
|
||||||
License: LGPL-3.0+
|
License: LGPL-3.0+
|
||||||
@ -409,6 +426,7 @@ export LDFLAGS="-pie"
|
|||||||
--with-os=suse \
|
--with-os=suse \
|
||||||
--with-semanage=no \
|
--with-semanage=no \
|
||||||
--disable-ldb-version-check \
|
--disable-ldb-version-check \
|
||||||
|
--without-kcm \
|
||||||
--without-secrets
|
--without-secrets
|
||||||
make %{?_smp_mflags} all
|
make %{?_smp_mflags} all
|
||||||
|
|
||||||
@ -487,14 +505,25 @@ rm -f /var/lib/sss/db/*.ldb
|
|||||||
%_mandir/??/man1/sss_ssh_*
|
%_mandir/??/man1/sss_ssh_*
|
||||||
%_mandir/??/man5/sssd-simple.5*
|
%_mandir/??/man5/sssd-simple.5*
|
||||||
%_mandir/??/man5/sssd-sudo.5*
|
%_mandir/??/man5/sssd-sudo.5*
|
||||||
%_mandir/??/man5/sssd.conf.5*
|
#%_mandir/??/man5/sssd.conf.5*
|
||||||
%_mandir/??/man8/sssd.8*
|
%_mandir/??/man8/sssd.8*
|
||||||
|
%_mandir/??/man5/sss-certmap.5.gz
|
||||||
|
%_mandir/??/man5/sssd-ad.5.gz
|
||||||
|
%_mandir/??/man5/sssd-files.5.gz
|
||||||
|
%_mandir/??/man5/sssd-secrets.5.gz
|
||||||
|
%_mandir/??/man5/sssd.conf.5.gz
|
||||||
|
%_mandir/??/man8/idmap_sss.8.gz
|
||||||
|
%_mandir/??/man8/sssctl.8.gz
|
||||||
|
%_mandir/??/man8/sssd-kcm.8.gz
|
||||||
|
%_mandir/??/man5/sssd-simple.5*
|
||||||
%_mandir/man1/sss_ssh_*
|
%_mandir/man1/sss_ssh_*
|
||||||
%_mandir/man8/sssctl.8*
|
%_mandir/man8/sssctl.8*
|
||||||
%_mandir/man5/sssd-files.5*
|
%_mandir/man5/sssd-files.5*
|
||||||
%_mandir/man5/sssd-simple.5*
|
%_mandir/man5/sssd-simple.5*
|
||||||
%_mandir/man5/sssd-sudo.5*
|
%_mandir/man5/sssd-sudo.5*
|
||||||
%_mandir/man5/sssd.conf.5*
|
%_mandir/man5/sssd.conf.5*
|
||||||
|
%_mandir/man5/sss-certmap.5.gz
|
||||||
|
%_mandir/man5/sssd-session-recording.5.gz
|
||||||
%_mandir/man8/sssd.8*
|
%_mandir/man8/sssd.8*
|
||||||
%dir %_libdir/%name/
|
%dir %_libdir/%name/
|
||||||
%_libdir/%name/conf/
|
%_libdir/%name/conf/
|
||||||
@ -643,7 +672,6 @@ rm -f /var/lib/sss/db/*.ldb
|
|||||||
%_sbindir/sss_useradd
|
%_sbindir/sss_useradd
|
||||||
%_sbindir/sss_userdel
|
%_sbindir/sss_userdel
|
||||||
%_sbindir/sss_usermod
|
%_sbindir/sss_usermod
|
||||||
%_sbindir/sss_override
|
|
||||||
%dir %_mandir/??/man8/
|
%dir %_mandir/??/man8/
|
||||||
%_mandir/??/man8/sss_*.8*
|
%_mandir/??/man8/sss_*.8*
|
||||||
%_mandir/man8/sss_*.8*
|
%_mandir/man8/sss_*.8*
|
||||||
@ -678,6 +706,17 @@ rm -f /var/lib/sss/db/*.ldb
|
|||||||
%_libdir/libipa_hbac.so
|
%_libdir/libipa_hbac.so
|
||||||
%_libdir/pkgconfig/ipa_hbac.pc
|
%_libdir/pkgconfig/ipa_hbac.pc
|
||||||
|
|
||||||
|
%files -n libsss_certmap0
|
||||||
|
%defattr(-,root,root)
|
||||||
|
%_libdir/libsss_certmap.so
|
||||||
|
%_libdir/libsss_certmap.so.0*
|
||||||
|
|
||||||
|
%files -n libsss_certmap-devel
|
||||||
|
%defattr(-,root,root)
|
||||||
|
%_includedir/sss_certmap.h
|
||||||
|
%_libdir/libsss_certmap.so
|
||||||
|
%_libdir/pkgconfig/sss_certmap.pc
|
||||||
|
|
||||||
%files -n libnfsidmap-sss
|
%files -n libnfsidmap-sss
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
%_libdir/libnfsidmap/
|
%_libdir/libnfsidmap/
|
||||||
|
Loading…
Reference in New Issue
Block a user