From d8b693a7a20bfccc0cc439b96fcc627e7043ce562e8d0b0dfb736c23e6b8cd94 Mon Sep 17 00:00:00 2001 From: Peter Varkoly Date: Tue, 29 Apr 2014 10:03:23 +0000 Subject: [PATCH] - Update to new upstream release 1.11.5.1 * sssd crashes after upgrade from 1.11.4 to 1.11.5 when using a samba4 domain * SSSD pam module accepts usernames with leading spaces * [RFE] Expose the list of trusted domains to IPA * If both IPA and LDAP are set up with enumeration on, two enum tasks are running * sssd.conf man pages don't list a configuration option. * Make SSSD compilable on systems with non-standard paths to krb5 includes * [freebsd] pam_sss: add ignore_unknown_user option * MAN: Remove misleading memberof example from ldap_access_filter example * not retrieving homedirs of AD users with posix attributes * Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes * Check IPA idranges before saving them to the cache * Evaluate usage of sudo LDAP provider together with the AD provider * Setting int option to 0 yields the default value * ipa-server-mode: Use lower-case user name component in home dir path * SSSD Does not cache SELinux map from FreeIPA correctly * IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in * sssd fails to handle expired passwords when OTP is used * Add another Kerberos error code to trigger IPA password migration * Double OK when starting the service * SSSD should create the SELinux mapping file with format expected by pam_selinux * Valgrind: Invalid read of int while processing netgroup * other subdomains are unavailable when joined to a subdomain in the ad forest * Error during password change * configure time variables not expanded when running ./configure * RHEL7 IPA selinuxusermap hbac rule not always matching * AD Enumeration reads data from LDAP while regular lookups connect to GC * Implement heuristics to detect if POSIX attributes have been replicated to the Global Catalog or not * sssd_be crashes when ad_access_filter uses FOREST keyword. * "System Error" when invalid ad_access_filter is used OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=111 --- sssd-1.11.4.tar.gz | 3 --- sssd-1.11.4.tar.gz.asc | 7 ------- sssd-1.11.5.1.tar.gz | 3 +++ sssd-1.11.5.1.tar.gz.asc | 7 +++++++ sssd.changes | 30 ++++++++++++++++++++++++++++++ sssd.service | 15 +++++++++++++++ sssd.spec | 7 +++++-- 7 files changed, 60 insertions(+), 12 deletions(-) delete mode 100644 sssd-1.11.4.tar.gz delete mode 100644 sssd-1.11.4.tar.gz.asc create mode 100644 sssd-1.11.5.1.tar.gz create mode 100644 sssd-1.11.5.1.tar.gz.asc create mode 100644 sssd.service diff --git a/sssd-1.11.4.tar.gz b/sssd-1.11.4.tar.gz deleted file mode 100644 index 3ea066f..0000000 --- a/sssd-1.11.4.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5bd2642f9f9cdca8eb9243e59bfdfcf7d7d6a60dac01eea7926450b1d59e09f3 -size 3480248 diff --git a/sssd-1.11.4.tar.gz.asc b/sssd-1.11.4.tar.gz.asc deleted file mode 100644 index 8b846c5..0000000 --- a/sssd-1.11.4.tar.gz.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iEYEABECAAYFAlMCXHcACgkQHsardTLnvCUEnACgxms5JRV+CxPPHvvNxiMaIy/r -sG0AnRKzG0wnYODqVziXRpKF11Hx2aM6 -=4fOu ------END PGP SIGNATURE----- diff --git a/sssd-1.11.5.1.tar.gz b/sssd-1.11.5.1.tar.gz new file mode 100644 index 0000000..f6e93f2 --- /dev/null +++ b/sssd-1.11.5.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5bf0d564de5193df0fc28df5e156109b32a7a66bc68f0366e06c00bcd68fea1b +size 3511029 diff --git a/sssd-1.11.5.1.tar.gz.asc b/sssd-1.11.5.1.tar.gz.asc new file mode 100644 index 0000000..f6b8a73 --- /dev/null +++ b/sssd-1.11.5.1.tar.gz.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iEYEABECAAYFAlNIGEUACgkQHsardTLnvCU6hwCg0pveLQy2nicOicGbNg1d7ANp +4PEAn0v0uCRsJLsuANezjLMM2C/uaf6Z +=HFIZ +-----END PGP SIGNATURE----- diff --git a/sssd.changes b/sssd.changes index 06960ad..5a9f55c 100644 --- a/sssd.changes +++ b/sssd.changes @@ -1,3 +1,33 @@ +------------------------------------------------------------------- +Tue Apr 29 10:00:57 UTC 2014 - varkoly@suse.com + +- Update to new upstream release 1.11.5.1 + * sssd crashes after upgrade from 1.11.4 to 1.11.5 when using a samba4 domain + * SSSD pam module accepts usernames with leading spaces + * [RFE] Expose the list of trusted domains to IPA + * If both IPA and LDAP are set up with enumeration on, two enum tasks are running + * sssd.conf man pages don't list a configuration option. + * Make SSSD compilable on systems with non-standard paths to krb5 includes + * [freebsd] pam_sss: add ignore_unknown_user option + * MAN: Remove misleading memberof example from ldap_access_filter example + * not retrieving homedirs of AD users with posix attributes + * Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes + * Check IPA idranges before saving them to the cache + * Evaluate usage of sudo LDAP provider together with the AD provider + * Setting int option to 0 yields the default value + * ipa-server-mode: Use lower-case user name component in home dir path + * SSSD Does not cache SELinux map from FreeIPA correctly + * IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in + * sssd fails to handle expired passwords when OTP is used + * Add another Kerberos error code to trigger IPA password migration + * Double OK when starting the service + * SSSD should create the SELinux mapping file with format expected by pam_selinux + * Valgrind: Invalid read of int while processing netgroup + * other subdomains are unavailable when joined to a subdomain in the ad forest + * Error during password change + * configure time variables not expanded when running ./configure + * RHEL7 IPA selinuxusermap hbac rule not always matching + ------------------------------------------------------------------- Fri Mar 7 15:18:34 UTC 2014 - jengelh@inai.de diff --git a/sssd.service b/sssd.service new file mode 100644 index 0000000..ef3c8f4 --- /dev/null +++ b/sssd.service @@ -0,0 +1,15 @@ +[Unit] +Description=System Security Services Daemon +# SSSD will not be started until syslog is +After=syslog.target + +[Service] +EnvironmentFile=-/etc/sysconfig/sssd +ExecStart=/usr/sbin/sssd -D -f +# These two should be used with traditional UNIX forking daemons +# consult systemd.service(5) for more details +Type=forking +PIDFile=/var/run/sssd.pid + +[Install] +WantedBy=multi-user.target diff --git a/sssd.spec b/sssd.spec index 2452c4e..795e11b 100644 --- a/sssd.spec +++ b/sssd.spec @@ -17,7 +17,7 @@ Name: sssd -Version: 1.11.4 +Version: 1.11.5.1 Release: 0 Summary: System Security Services Daemon License: GPL-3.0+ and LGPL-3.0+ @@ -28,6 +28,7 @@ Url: https://fedorahosted.org/sssd/ Source: https://fedorahosted.org/released/sssd/sssd-%version.tar.gz Source2: https://fedorahosted.org/released/sssd/sssd-%version.tar.gz.asc Source3: baselibs.conf +Source4: sssd.service BuildRoot: %{_tmppath}/%{name}-%{version}-build %define servicename sssd @@ -327,7 +328,9 @@ install -d "$b/%_sysconfdir/sssd"; install -m600 src/examples/sssd-example.conf "$b/%_sysconfdir/sssd/sssd.conf"; %if 0%{?_unitdir:1} install -d "$b/%_unitdir"; -install src/sysv/systemd/sssd.service "$b/%_unitdir/sssd.service"; +# Missing service file in 1.11.5.1 +#install src/sysv/systemd/sssd.service "$b/%_unitdir/sssd.service"; +install %{S:4} "$b/%_unitdir/sssd.service"; rm -Rf "$b/%_initddir" %else install src/sysv/SUSE/sssd "$b/%_sysconfdir/init.d/sssd";