diff --git a/.gitignore b/.gitignore
index 98f0466..db1c834 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/realmd-0.14.6.tar.gz
+SOURCES/realmd-0.16.1.tar.gz
diff --git a/.realmd.metadata b/.realmd.metadata
index 898de2f..1a53878 100644
--- a/.realmd.metadata
+++ b/.realmd.metadata
@@ -1 +1 @@
-e007cb2c50898b5d5415141b269cc7523e60d257 SOURCES/realmd-0.14.6.tar.gz
+f761e3a1b1c9843e195581c77b0c0bbf6263ce17 SOURCES/realmd-0.16.1.tar.gz
diff --git a/SOURCES/dns-domain-name-liberal.patch b/SOURCES/dns-domain-name-liberal.patch
new file mode 100644
index 0000000..b7a2a3e
--- /dev/null
+++ b/SOURCES/dns-domain-name-liberal.patch
@@ -0,0 +1,196 @@
+From e368c5a42656a687e6b726978752eb4abf6503d0 Mon Sep 17 00:00:00 2001
+From: Stef Walter <stefw@redhat.com>
+Date: Fri, 31 Jul 2015 12:53:04 +0200
+Subject: [PATCH 1/3] Be more liberal on what we accept as a domain name
+
+Make the checks on what we accept as a domain name more liberal
+for values coming in from the network.
+
+DNS Domain names are pretty liberal (internet domain names
+are more restrictive) See RFC 2181 section 11
+
+http://www.ietf.org/rfc/rfc2181.txt
+
+However we cannot consume names with whitespace and problematic
+punctuation, due to the various programs that parse the
+configuration files we set up.
+---
+ service/realm-disco-mscldap.c | 9 +++------
+ service/realm-disco-rootdse.c | 15 +++++++--------
+ service/realm-options.c | 31 +++++++++++++++++++++++++++++++
+ service/realm-options.h | 2 ++
+ 4 files changed, 43 insertions(+), 14 deletions(-)
+
+diff --git a/service/realm-disco-mscldap.c b/service/realm-disco-mscldap.c
+index 1ed4063..d3d3c10 100644
+--- a/service/realm-disco-mscldap.c
++++ b/service/realm-disco-mscldap.c
+@@ -17,6 +17,7 @@
+ #include "realm-dbus-constants.h"
+ #include "realm-disco-mscldap.h"
+ #include "realm-ldap.h"
++#include "realm-options.h"
+
+ #include <glib/gi18n.h>
+
+@@ -40,8 +41,6 @@ typedef struct {
+ #define HOST_NAME_MAX 255
+ #endif
+
+-#define DOMAIN_NAME_VALID "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-."
+-
+ static void
+ closure_free (gpointer data)
+ {
+@@ -100,21 +99,19 @@ get_string (guchar *beg,
+ guchar **at)
+ {
+ gchar buffer[HOST_NAME_MAX];
+- gsize len;
+ int n;
+
+ n = dn_expand (beg, end, *at, buffer, sizeof (buffer));
+ if (n < 0)
+ return NULL;
+
+- len = strlen (buffer);
+- if (strspn (buffer, DOMAIN_NAME_VALID) != len) {
++ if (!realm_options_check_domain_name (buffer)) {
+ g_message ("received invalid NetLogon string characters");
+ return NULL;
+ }
+
+ (*at) += n;
+- return g_strndup (buffer, len);
++ return g_strdup (buffer);
+ }
+
+ static gboolean
+diff --git a/service/realm-disco-rootdse.c b/service/realm-disco-rootdse.c
+index 1a80d98..3100650 100644
+--- a/service/realm-disco-rootdse.c
++++ b/service/realm-disco-rootdse.c
+@@ -19,13 +19,12 @@
+ #include "realm-disco-mscldap.h"
+ #include "realm-disco-rootdse.h"
+ #include "realm-ldap.h"
++#include "realm-options.h"
+
+ #include <glib/gi18n.h>
+
+ #include <resolv.h>
+
+-#define DOMAIN_NAME_VALID "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-."
+-
+ typedef struct _Closure Closure;
+
+ struct _Closure {
+@@ -92,7 +91,7 @@ static gchar *
+ entry_get_attribute (LDAP *ldap,
+ LDAPMessage *entry,
+ const gchar *field,
+- const gchar *valid)
++ gboolean domain_name)
+ {
+ struct berval **bvs = NULL;
+ gchar *value = NULL;
+@@ -102,8 +101,8 @@ entry_get_attribute (LDAP *ldap,
+
+ if (bvs && bvs[0]) {
+ value = g_strndup (bvs[0]->bv_val, bvs[0]->bv_len);
+- if (valid) {
+- if (strspn (value, valid) != bvs[0]->bv_len) {
++ if (domain_name) {
++ if (!realm_options_check_domain_name (value)) {
+ g_free (value);
+ g_message ("Invalid value in LDAP %s field", field);
+ value = NULL;
+@@ -155,7 +154,7 @@ result_krb_realm (GTask *task,
+ entry = ldap_first_entry (ldap, message);
+
+ g_free (clo->disco->kerberos_realm);
+- clo->disco->kerberos_realm = entry_get_attribute (ldap, entry, "cn", DOMAIN_NAME_VALID);
++ clo->disco->kerberos_realm = entry_get_attribute (ldap, entry, "cn", TRUE);
+
+ g_debug ("Found realm: %s", clo->disco->kerberos_realm);
+
+@@ -211,7 +210,7 @@ result_domain_info (GTask *task,
+
+ /* What is the domain name? */
+ g_free (clo->disco->domain_name);
+- clo->disco->domain_name = entry_get_attribute (ldap, entry, "associatedDomain", DOMAIN_NAME_VALID);
++ clo->disco->domain_name = entry_get_attribute (ldap, entry, "associatedDomain", TRUE);
+
+ g_debug ("Got associatedDomain: %s", clo->disco->domain_name);
+
+@@ -310,7 +309,7 @@ result_root_dse (GTask *task,
+ entry = ldap_first_entry (ldap, message);
+
+ /* Parse out the default naming context */
+- clo->default_naming_context = entry_get_attribute (ldap, entry, "defaultNamingContext", NULL);
++ clo->default_naming_context = entry_get_attribute (ldap, entry, "defaultNamingContext", FALSE);
+
+ g_debug ("Got defaultNamingContext: %s", clo->default_naming_context);
+
+diff --git a/service/realm-options.c b/service/realm-options.c
+index 53266f6..bba3ee4 100644
+--- a/service/realm-options.c
++++ b/service/realm-options.c
+@@ -18,6 +18,8 @@
+ #include "realm-options.h"
+ #include "realm-settings.h"
+
++#include <string.h>
++
+ gboolean
+ realm_options_automatic_install (void)
+ {
+@@ -128,3 +130,32 @@ realm_options_qualify_names (const gchar *realm_name)
+
+ return qualify;
+ }
++
++gboolean
++realm_options_check_domain_name (const gchar *name)
++{
++ /*
++ * DNS Domain names are pretty liberal (internet domain names
++ * are more restrictive) See RFC 2181 section 11
++ *
++ * http://www.ietf.org/rfc/rfc2181.txt
++ *
++ * However we cannot consume names with whitespace and problematic
++ * punctuation, due to the various programs that parse the
++ * configuration files we set up.
++ */
++
++ gsize i, len;
++ static const gchar *invalid = "=[]:";
++
++ g_return_val_if_fail (name != NULL, FALSE);
++
++ for (i = 0, len = strlen (name); i < len; i++) {
++ if (name[i] <= ' ')
++ return FALSE;
++ if (strchr (invalid, name[i]))
++ return FALSE;
++ }
++
++ return TRUE;
++}
+diff --git a/service/realm-options.h b/service/realm-options.h
+index 52dc6ff..4890cba 100644
+--- a/service/realm-options.h
++++ b/service/realm-options.h
+@@ -39,6 +39,8 @@ gboolean realm_options_automatic_mapping (GVariant *options,
+
+ gboolean realm_options_qualify_names (const gchar *realm_name);
+
++gboolean realm_options_check_domain_name (const gchar *domain_name);
++
+ G_END_DECLS
+
+ #endif /* __REALM_OPTIONS_H__ */
+--
+2.4.3
+
diff --git a/SOURCES/duplicate-test-path.patch b/SOURCES/duplicate-test-path.patch
new file mode 100644
index 0000000..5d62837
--- /dev/null
+++ b/SOURCES/duplicate-test-path.patch
@@ -0,0 +1,26 @@
+From ab41e2830d2f7540d58370b5f35f85c2808c1871 Mon Sep 17 00:00:00 2001
+From: Stef Walter <stefw@redhat.com>
+Date: Fri, 11 Sep 2015 12:32:36 +0200
+Subject: [PATCH] tests: Fix duplicate test case path
+
+GLib is now stricter about this
+---
+ tests/test-safe-format.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tests/test-safe-format.c b/tests/test-safe-format.c
+index 02aa5f1..204e10d 100644
+--- a/tests/test-safe-format.c
++++ b/tests/test-safe-format.c
+@@ -194,7 +194,7 @@ main (int argc,
+ else
+ escaped = g_strdup (fixtures[i].format);
+ g_strdelimit (escaped, " =\\/", '_');
+- name = g_strdup_printf ("/realmd/safe-format/%s", escaped);
++ name = g_strdup_printf ("/realmd/safe-format/%d-%s", i, escaped);
+ g_free (escaped);
+
+ g_test_add_data_func (name, fixtures + i, test_safe_format_string_cb);
+--
+2.4.3
+
diff --git a/SOURCES/increase-packagekit-timeout.patch b/SOURCES/increase-packagekit-timeout.patch
new file mode 100644
index 0000000..6bd1f86
--- /dev/null
+++ b/SOURCES/increase-packagekit-timeout.patch
@@ -0,0 +1,54 @@
+From f2ed12faa4ecb5468f6396f1695a3ca5e2e13b84 Mon Sep 17 00:00:00 2001
+From: Stef Walter <stefw@redhat.com>
+Date: Fri, 24 Jul 2015 17:25:32 +0200
+Subject: [PATCH] service: Increase timeout when calling PackageKit
+
+Use a timeout of a day ... PackageKit should return from a call
+sooner than that. If it crashes we'll get a response right away.
+---
+ service/realm-packages.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/service/realm-packages.c b/service/realm-packages.c
+index c32da44..9da852c 100644
+--- a/service/realm-packages.c
++++ b/service/realm-packages.c
+@@ -24,6 +24,8 @@
+
+ #include <glib/gi18n.h>
+
++#define CALL_TIMEOUT (24 * 60 * 60 * 1000)
++
+ static gboolean
+ packages_check_paths (const gchar **paths,
+ GDBusMethodInvocation *invocation)
+@@ -226,7 +228,7 @@ on_set_hints (GObject *source,
+ transaction->parameters,
+ G_VARIANT_TYPE ("()"),
+ G_DBUS_CALL_FLAGS_NO_AUTO_START,
+- -1, g_task_get_cancellable (task),
++ CALL_TIMEOUT, g_task_get_cancellable (task),
+ on_method_done, g_object_ref (task));
+ }
+
+@@ -276,7 +278,7 @@ on_create_transaction (GObject *source,
+ g_variant_new ("(^as)", hints),
+ G_VARIANT_TYPE ("()"),
+ G_DBUS_CALL_FLAGS_NO_AUTO_START,
+- -1, g_task_get_cancellable (task),
++ CALL_TIMEOUT, g_task_get_cancellable (task),
+ on_set_hints, g_object_ref (task));
+ }
+
+@@ -310,7 +312,7 @@ package_transaction_create (const gchar *method,
+ g_variant_new ("()"),
+ G_VARIANT_TYPE ("(o)"),
+ G_DBUS_CALL_FLAGS_NONE,
+- -1, cancellable,
++ CALL_TIMEOUT, cancellable,
+ on_create_transaction, g_object_ref (task));
+ }
+
+--
+2.4.3
+
diff --git a/SOURCES/ipa-packages.patch b/SOURCES/ipa-packages.patch
index 3bcbc80..633bd95 100644
--- a/SOURCES/ipa-packages.patch
+++ b/SOURCES/ipa-packages.patch
@@ -10,4 +10,4 @@ index da2de55..856b36d 100644
+ipa-client = /usr/sbin/ipa-client-install
[commands]
- winbind-enable-logins = /usr/bin/sh -c "/usr/sbin/authconfig --update --enablewinbind --enablewinbindauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service"
+ winbind-enable-logins = /usr/bin/sh -c "/usr/sbin/authconfig --update --enablewinbind --enablewinbindauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service"
diff --git a/SOURCES/missing-fqname.patch b/SOURCES/missing-fqname.patch
deleted file mode 100644
index e4d4ed4..0000000
--- a/SOURCES/missing-fqname.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 761fc873a5089ecd9e95fc77511fa07338d05b44 Mon Sep 17 00:00:00 2001
-From: Stef Walter <stefw@redhat.com>
-Date: Fri, 10 Jan 2014 15:20:24 +0100
-Subject: [PATCH] service: Don't crash if missing full_name_format in sssd.conf
-
-Use the same default full_name_format as sssd.
-
-We would like to retrieve this information from sssd, perhaps soon
-we'll be able to do that via DBus.
----
- service/realm-sssd.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/service/realm-sssd.c b/service/realm-sssd.c
-index 3fdd390..3b2678c 100644
---- a/service/realm-sssd.c
-+++ b/service/realm-sssd.c
-@@ -350,6 +350,10 @@ update_login_formats (RealmSssd *self)
-
- /* Setup the login formats */
- format = realm_ini_config_get (self->pv->config, self->pv->section, "full_name_format");
-+ if (format == NULL)
-+ format = realm_ini_config_get (self->pv->config, "sssd", "full_name_format");
-+ if (format == NULL)
-+ format = g_strdup ("%1$s@%2$s");
-
- /* The full domain name */
- domain_name = calc_domain (self);
---
-1.8.4.2
-
diff --git a/SOURCES/net-in-samba-common.patch b/SOURCES/net-in-samba-common.patch
new file mode 100644
index 0000000..6903373
--- /dev/null
+++ b/SOURCES/net-in-samba-common.patch
@@ -0,0 +1,27 @@
+From 3d510c6a42ce2fa8e00b6e36487a6e7c7047b0d6 Mon Sep 17 00:00:00 2001
+From: Stef Walter <stefw@redhat.com>
+Date: Tue, 14 Jul 2015 20:40:04 +0200
+Subject: [PATCH] Revert "service: /usr/bin/net is provided by
+ samba-common-tools"
+
+This reverts commit ccb21883a515f17e8a4f6076a585450e20bcd933.
+---
+ service/realmd-redhat.conf | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/service/realmd-redhat.conf b/service/realmd-redhat.conf
+index e39fad5..e0bfbf5 100644
+--- a/service/realmd-redhat.conf
++++ b/service/realmd-redhat.conf
+@@ -3,7 +3,7 @@
+ smb.conf = /etc/samba/smb.conf
+
+ [samba-packages]
+-samba-common-tools = /usr/bin/net
++samba-common = /usr/bin/net
+
+ [winbind-packages]
+ samba-winbind = /usr/sbin/winbindd
+--
+2.4.3
+
diff --git a/SOURCES/oddjob-start.patch b/SOURCES/oddjob-start.patch
deleted file mode 100644
index 207ae78..0000000
--- a/SOURCES/oddjob-start.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-diff --git a/service/realmd-redhat.conf b/service/realmd-redhat.conf
-index da2de55..5198c37 100644
---- a/service/realmd-redhat.conf
-+++ b/service/realmd-redhat.conf
-@@ -23,7 +23,7 @@ adcli = /usr/sbin/adcli
- ipa-client = /usr/sbin/ipa-client-install
-
- [commands]
--winbind-enable-logins = /usr/bin/sh -c "/usr/sbin/authconfig --update --enablewinbind --enablewinbindauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service"
-+winbind-enable-logins = /usr/bin/sh -c "/usr/sbin/authconfig --update --enablewinbind --enablewinbindauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service"
- winbind-disable-logins = /usr/sbin/authconfig --update --disablewinbind --disablewinbindauth --nostart
- winbind-enable-service = /usr/bin/systemctl enable winbind.service
- winbind-disable-service = /usr/bin/systemctl disable winbind.service
-@@ -30,7 +30,7 @@ winbind-disable-service = /usr/bin/systemctl disable winbind.service
- winbind-restart-service = /usr/bin/systemctl restart winbind.service
- winbind-stop-service = /usr/bin/systemctl stop winbind.service
-
--sssd-enable-logins = /usr/bin/sh -c "/usr/sbin/authconfig --update --enablesssd --enablesssdauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service"
-+sssd-enable-logins = /usr/bin/sh -c "/usr/sbin/authconfig --update --enablesssd --enablesssdauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service"
- sssd-disable-logins = /usr/sbin/authconfig --update --disablesssdauth --nostart
- sssd-enable-service = /usr/bin/systemctl enable sssd.service
- sssd-disable-service = /usr/bin/systemctl disable sssd.service
-
diff --git a/SOURCES/remove-spurious-print.patch b/SOURCES/remove-spurious-print.patch
new file mode 100644
index 0000000..ade8a8b
--- /dev/null
+++ b/SOURCES/remove-spurious-print.patch
@@ -0,0 +1,24 @@
+From f46ba61d7df33d63c1e904c5559017a57a7e8228 Mon Sep 17 00:00:00 2001
+From: Stef Walter <stefw@redhat.com>
+Date: Fri, 24 Jul 2015 17:03:25 +0200
+Subject: [PATCH] tools: Remove spurious print output
+
+---
+ tools/realm-join.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/tools/realm-join.c b/tools/realm-join.c
+index e5760b2..feb6edc 100644
+--- a/tools/realm-join.c
++++ b/tools/realm-join.c
+@@ -237,7 +237,6 @@ perform_join (RealmClient *client,
+ return 1;
+ }
+
+-g_printerr ("id mapping %d %d\n", args->automatic_id_mapping_set, args->automatic_id_mapping);
+ options = realm_build_options (REALM_DBUS_OPTION_COMPUTER_OU, args->computer_ou,
+ REALM_DBUS_OPTION_MEMBERSHIP_SOFTWARE, args->membership_software,
+ REALM_DBUS_OPTION_USER_PRINCIPAL, args->user_principal,
+--
+2.4.3
+
diff --git a/SOURCES/safe-printf.patch b/SOURCES/safe-printf.patch
deleted file mode 100644
index 1efb2e3..0000000
--- a/SOURCES/safe-printf.patch
+++ /dev/null
@@ -1,793 +0,0 @@
-From 05d657339a80405900f8a066e41f08c121755cbf Mon Sep 17 00:00:00 2001
-From: Stef Walter <stefw@redhat.com>
-Date: Fri, 3 Jan 2014 16:37:12 +0100
-Subject: [PATCH] sssd: Use safe printf when formatting full_name_format
- strings
-
-Since sssd.conf uses such printf formats in its code, and it's
-completely bogus to be passing user provided input to printf
-directly...
----
- service/Makefile.am | 1 +
- service/realm-sssd.c | 52 ++++---
- service/safe-printf.c | 348 +++++++++++++++++++++++++++++++++++++++++++++++
- service/safe-printf.h | 45 ++++++
- tests/Makefile.am | 6 +
- tests/test-safe-printf.c | 238 ++++++++++++++++++++++++++++++++
- 7 files changed, 662 insertions(+), 29 deletions(-)
- create mode 100644 service/safe-printf.c
- create mode 100644 service/safe-printf.h
- create mode 100644 tests/test-safe-printf.c
-
-diff --git a/service/Makefile.am b/service/Makefile.am
-index 37743a7..603ccbe 100644
---- a/service/Makefile.am
-+++ b/service/Makefile.am
-@@ -59,6 +59,7 @@ realmd_SOURCES = \
- realm-sssd-config.c realm-sssd-config.h \
- realm-sssd-ipa.c realm-sssd-ipa.h \
- realm-usleep-async.c realm-usleep-async.h \
-+ safe-printf.c safe-printf.h \
- $(NULL)
-
- realmd_CFLAGS = \
-diff --git a/service/realm-sssd.c b/service/realm-sssd.c
-index b904514..a4863d4 100644
---- a/service/realm-sssd.c
-+++ b/service/realm-sssd.c
-@@ -25,6 +25,7 @@
- #include "realm-service.h"
- #include "realm-sssd.h"
- #include "realm-sssd-config.h"
-+#include "safe-printf.h"
-
- #include <glib/gstdio.h>
- #include <glib/gi18n.h>
-@@ -315,38 +316,13 @@ update_domain (RealmSssd *self)
- g_free (domain);
- }
-
--static gchar *
--build_login_format (const gchar *format,
-- ...) G_GNUC_PRINTF (1, 2);
--
--static gchar *
--build_login_format (const gchar *format,
-- ...)
--{
-- gchar *result;
-- va_list va;
--
-- /* This function exists mostly to get around gcc warnings */
--
-- if (format == NULL)
-- format = "%1$s@%2$s";
--
-- va_start (va, format);
-- result = g_strdup_vprintf (format, va);
-- va_end (va);
--
-- return result;
--}
--
--#pragma GCC diagnostic push
--#pragma GCC diagnostic ignored "-Wformat-nonliteral"
--
- static void
- update_login_formats (RealmSssd *self)
- {
- RealmKerberos *kerberos = REALM_KERBEROS (self);
- gchar *login_formats[2] = { NULL, NULL };
- gchar *format = NULL;
-+ gchar *domain_name;
- gboolean qualify;
-
- if (self->pv->section == NULL) {
-@@ -366,10 +342,28 @@ update_login_formats (RealmSssd *self)
- /* Setup the login formats */
- format = realm_ini_config_get (self->pv->config, self->pv->section, "full_name_format");
-
-- /* Here we place a '%s' in the place of the user in the format */
-- login_formats[0] = build_login_format (format, "%U", self->pv->domain);
-- realm_kerberos_set_login_formats (kerberos, (const gchar **)login_formats);
-+ /* The full domain name */
-+ domain_name = calc_domain (self);
-+
-+ /*
-+ * In theory we should be discovering the short name or flat name as sssd
-+ * calls it. We configured it as the sssd.conf 'domains' name, so we just
-+ * use that. Eventually we want to have a way to query sssd for that.
-+ */
-+
-+ /*
-+ * Here we place a '%U' in the place of the user in the format, and
-+ * fill in the domain appropriately. sssd uses snprintf for this, which
-+ * is risky and very compex to do right with positional arguments.
-+ *
-+ * We only replace the arguments documented in sssd.conf, as well as
-+ * other non-field printf replacements.
-+ */
-+
-+ if (safe_asprintf (login_formats, format, "%U", domain_name ? domain_name : "", self->pv->domain, NULL) >= 0)
-+ realm_kerberos_set_login_formats (kerberos, (const gchar **)login_formats);
- g_free (login_formats[0]);
-+ g_free (domain_name);
- g_free (format);
- }
-
-diff --git a/service/safe-printf.c b/service/safe-printf.c
-new file mode 100644
-index 0000000..069c915
---- /dev/null
-+++ b/service/safe-printf.c
-@@ -0,0 +1,348 @@
-+/* realmd -- Realm configuration service
-+ *
-+ * Copyright 2013 Red Hat Inc
-+ *
-+ * This program is free software: you can redistribute it and/or modify
-+ * it under the terms of the GNU Lesser General Public License as published
-+ * by the Free Software Foundation; either version 2 of the licence or (at
-+ * your option) any later version.
-+ *
-+ * See the included COPYING file for more information.
-+ *
-+ * Author: Stef Walter <stefw@redhat.com>
-+ */
-+
-+#include "config.h"
-+
-+#include "safe-printf.h"
-+
-+#include <stdarg.h>
-+#include <string.h>
-+
-+#ifndef MIN
-+#define MIN(a, b) (((a) < (b)) ? (a) : (b))
-+#endif
-+
-+#ifndef MAX
-+#define MAX(a, b) (((a) > (b)) ? (a) : (b))
-+#endif
-+
-+static void
-+safe_padding (int count,
-+ int *total,
-+ void (* callback) (void *, const char *, size_t),
-+ void *data)
-+{
-+ char eight[] = " ";
-+ int num;
-+
-+ while (count > 0) {
-+ num = MIN (count, 8);
-+ callback (data, eight, num);
-+ count -= num;
-+ *total += num;
-+ }
-+}
-+
-+static void
-+dummy_callback (void *data,
-+ const char *piece,
-+ size_t len)
-+{
-+
-+}
-+
-+int
-+safe_printf_cb (void (* callback) (void *, const char *, size_t),
-+ void *data,
-+ const char *format,
-+ const char * const args[],
-+ int num_args)
-+{
-+ int at_arg = 0;
-+ const char *cp;
-+ int precision;
-+ int width;
-+ int len;
-+ const char *value;
-+ int total;
-+ int left;
-+
-+ if (!callback)
-+ callback = dummy_callback;
-+
-+ total = 0;
-+ cp = format;
-+
-+ while (*cp) {
-+
-+ /* Piece of raw string */
-+ if (*cp != '%') {
-+ len = strcspn (cp, "%");
-+ callback (data, cp, len);
-+ total += len;
-+ cp += len;
-+ continue;
-+ }
-+
-+ cp++;
-+
-+ /* An literal percent sign? */
-+ if (*cp == '%') {
-+ callback (data, "%", 1);
-+ total++;
-+ cp++;
-+ continue;
-+ }
-+
-+ value = NULL;
-+ left = 0;
-+ precision = -1;
-+ width = -1;
-+
-+ /* Test for positional argument. */
-+ if (*cp >= '0' && *cp <= '9') {
-+ /* Look-ahead parsing, otherwise skipped */
-+ if (cp[strspn (cp, "0123456789")] == '$') {
-+ unsigned int n = 0;
-+ for (; *cp >= '0' && *cp <= '9'; cp++)
-+ n = 10 * n + (*cp - '0');
-+ /* Positional argument 0 is invalid. */
-+ if (n == 0)
-+ return -1;
-+ /* Positional argument N too high */
-+ if (n > num_args)
-+ return -1;
-+ value = args[n - 1];
-+ cp++; /* $ */
-+ }
-+ }
-+
-+ /* Read the supported flags. */
-+ for (; ; cp++) {
-+ if (*cp == '-')
-+ left = 1;
-+ /* Supported but ignored */
-+ else if (*cp != ' ')
-+ break;
-+ }
-+
-+ /* Parse the width. */
-+ if (*cp >= '0' && *cp <= '9') {
-+ width = 0;
-+ for (; *cp >= '0' && *cp <= '9'; cp++)
-+ width = 10 * width + (*cp - '0');
-+ }
-+
-+ /* Parse the precision. */
-+ if (*cp == '.') {
-+ precision = 0;
-+ for (cp++; *cp >= '0' && *cp <= '9'; cp++)
-+ precision = 10 * precision + (*cp - '0');
-+ }
-+
-+ /* Read the conversion character. */
-+ switch (*cp++) {
-+ case 's':
-+ /* Non-positional argument */
-+ if (value == NULL) {
-+ /* Too many arguments used */
-+ if (at_arg == num_args)
-+ return -1;
-+ value = args[at_arg++];
-+ }
-+ break;
-+
-+ /* No other conversion characters are supported */
-+ default:
-+ return -1;
-+ }
-+
-+ /* How many characters are we printing? */
-+ len = strlen (value);
-+ if (precision >= 0)
-+ len = MIN (precision, len);
-+
-+ /* Do we need padding? */
-+ safe_padding (left ? 0 : width - len, &total, callback, data);
-+
-+ /* The actual data */;
-+ callback (data, value, len);
-+ total += len;
-+
-+ /* Do we need padding? */
-+ safe_padding (left ? width - len : 0, &total, callback, data);
-+ }
-+
-+ return total;
-+}
-+
-+struct sprintf_ctx {
-+ char *data;
-+ size_t length;
-+ size_t alloc;
-+};
-+
-+static void
-+asprintf_callback (void *data,
-+ const char *piece,
-+ size_t length)
-+{
-+ struct sprintf_ctx *cx = data;
-+ void *mem;
-+
-+ if (!cx->data)
-+ return;
-+
-+ /* Reallocate if necessary */
-+ if (cx->length + length + 1 > cx->alloc) {
-+ cx->alloc += MAX (length + 1, 1024);
-+ mem = realloc (cx->data, cx->alloc);
-+ if (mem == NULL) {
-+ free (cx->data);
-+ cx->data = NULL;
-+ return;
-+ }
-+ cx->data = mem;
-+ }
-+
-+ memcpy (cx->data + cx->length, piece, length);
-+ cx->length += length;
-+ cx->data[cx->length] = 0;
-+}
-+
-+static const char **
-+valist_to_args (va_list va,
-+ int *num_args)
-+{
-+ int alo_args;
-+ const char **args;
-+ const char *arg;
-+ void *mem;
-+
-+ *num_args = alo_args = 0;
-+ args = NULL;
-+
-+ for (;;) {
-+ arg = va_arg (va, const char *);
-+ if (arg == NULL)
-+ break;
-+ if (*num_args == alo_args) {
-+ alo_args += 8;
-+ mem = realloc (args, sizeof (const char *) * alo_args);
-+ if (!mem) {
-+ free (args);
-+ return NULL;
-+ }
-+ args = mem;
-+ }
-+ args[(*num_args)++] = arg;
-+ }
-+
-+ return args;
-+}
-+
-+int
-+safe_asprintf (char **strp,
-+ const char *format,
-+ ...)
-+{
-+ struct sprintf_ctx cx;
-+ const char **args;
-+ int num_args;
-+ va_list va;
-+ int ret;
-+ int i;
-+
-+ va_start (va, format);
-+ args = valist_to_args (va, &num_args);
-+ va_end (va);
-+
-+ if (args == NULL)
-+ return -1;
-+
-+ /* Preallocate a pretty good guess */
-+ cx.alloc = strlen (format) + 1;
-+ for (i = 0; i < num_args; i++)
-+ cx.alloc += strlen (args[i]);
-+
-+ cx.data = malloc (cx.alloc);
-+ if (!cx.data) {
-+ free (args);
-+ return -1;
-+ }
-+
-+ cx.data[0] = '\0';
-+ cx.length = 0;
-+
-+ ret = safe_printf_cb (asprintf_callback, &cx, format, args, num_args);
-+ if (cx.data == NULL)
-+ ret = -1;
-+ if (ret < 0)
-+ free (cx.data);
-+ else
-+ *strp = cx.data;
-+
-+ free (args);
-+ return ret;
-+}
-+
-+static void
-+snprintf_callback (void *data,
-+ const char *piece,
-+ size_t length)
-+{
-+ struct sprintf_ctx *cx = data;
-+
-+ /* Don't copy if too much data */
-+ if (cx->length > cx->alloc)
-+ length = 0;
-+ else if (cx->length + length > cx->alloc)
-+ length = cx->alloc - cx->length;
-+ else
-+ length = length;
-+
-+ if (length > 0)
-+ memcpy (cx->data + cx->length, piece, length);
-+
-+ /* Null termination happens later */
-+ cx->length += length;
-+}
-+
-+int
-+safe_snprintf (char *str,
-+ size_t len,
-+ const char *format,
-+ ...)
-+{
-+ struct sprintf_ctx cx;
-+ int num_args;
-+ va_list va;
-+ const char **args;
-+ int ret;
-+
-+ cx.data = str;
-+ cx.length = 0;
-+ cx.alloc = len;
-+
-+ va_start (va, format);
-+ args = valist_to_args (va, &num_args);
-+ va_end (va);
-+
-+ if (args == NULL)
-+ return -1;
-+
-+ if (len)
-+ cx.data[0] = '\0';
-+
-+ ret = safe_printf_cb (snprintf_callback, &cx, format, args, num_args);
-+ if (ret < 0)
-+ return ret;
-+
-+ /* Null terminate appropriately */
-+ if (len > 0)
-+ cx.data[MIN(cx.length, len - 1)] = '\0';
-+
-+ free (args);
-+ return ret;
-+}
-diff --git a/service/safe-printf.h b/service/safe-printf.h
-new file mode 100644
-index 0000000..8881b91
---- /dev/null
-+++ b/service/safe-printf.h
-@@ -0,0 +1,45 @@
-+/* realmd -- Realm configuration service
-+ *
-+ * Copyright 2013 Red Hat Inc
-+ *
-+ * This program is free software: you can redistribute it and/or modify
-+ * it under the terms of the GNU Lesser General Public License as published
-+ * by the Free Software Foundation; either version 2 of the licence or (at
-+ * your option) any later version.
-+ *
-+ * See the included COPYING file for more information.
-+ *
-+ * Author: Stef Walter <stefw@redhat.com>
-+ */
-+
-+#include "config.h"
-+
-+#ifndef __SAFE_PRINTF_H__
-+#define __SAFE_PRINTF_H__
-+
-+#include <stdlib.h>
-+
-+#ifndef GNUC_NULL_TERMINATED
-+#if __GNUC__ >= 4
-+#define GNUC_NULL_TERMINATED __attribute__((__sentinel__))
-+#else
-+#define GNUC_NULL_TERMINATED
-+#endif
-+#endif
-+
-+int safe_asprintf (char **strp,
-+ const char *format,
-+ ...) GNUC_NULL_TERMINATED;
-+
-+int safe_snprintf (char *str,
-+ size_t len,
-+ const char *format,
-+ ...) GNUC_NULL_TERMINATED;
-+
-+int safe_printf_cb (void (* callback) (void *data, const char *piece, size_t len),
-+ void *data,
-+ const char *format,
-+ const char * const args[],
-+ int num_args);
-+
-+#endif /* __SAFE_PRINTF_H__ */
-diff --git a/tests/Makefile.am b/tests/Makefile.am
-index f6d400b..d26c762 100644
---- a/tests/Makefile.am
-+++ b/tests/Makefile.am
-@@ -17,6 +17,7 @@ LDADD = \
- TEST_PROGS = \
- test-ini-config \
- test-sssd-config \
-+ test-safe-printf \
- test-login-name \
- test-samba-ou-format \
- test-settings \
-@@ -43,6 +44,11 @@ test_sssd_config_SOURCES = \
- $(top_srcdir)/service/realm-settings.c \
- $(NULL)
-
-+test_safe_printf_SOURCES = \
-+ test-safe-printf.c \
-+ $(top_srcdir)/service/safe-printf.c \
-+ $(NULL)
-+
- test_login_name_SOURCES = \
- test-login-name.c \
- $(top_srcdir)/service/realm-login-name.c \
-diff --git a/tests/test-safe-printf.c b/tests/test-safe-printf.c
-new file mode 100644
-index 0000000..fa337ac
---- /dev/null
-+++ b/tests/test-safe-printf.c
-@@ -0,0 +1,238 @@
-+/* realmd -- Realm configuration service
-+ *
-+ * Copyright 2012 Red Hat Inc
-+ *
-+ * This program is free software: you can redistribute it and/or modify
-+ * it under the terms of the GNU Lesser General Public License as published
-+ * by the Free Software Foundation; either version 2 of the licence or (at
-+ * your option) any later version.
-+ *
-+ * See the included COPYING file for more information.
-+ *
-+ * Author: Stef Walter <stefw@gnome.org>
-+ */
-+
-+#include "config.h"
-+
-+#include "service/safe-printf.h"
-+
-+#include <glib.h>
-+
-+#include <string.h>
-+
-+typedef struct {
-+ const gchar *format;
-+ const gchar *args[8];
-+ const gchar *result;
-+} Fixture;
-+
-+static void
-+callback (void *data,
-+ const char *piece,
-+ size_t len)
-+{
-+ g_string_append_len (data, piece, len);
-+}
-+
-+static void
-+test_safe_printf (gconstpointer user_data)
-+{
-+ const Fixture *fixture = user_data;
-+ GString *out;
-+ int num_args;
-+ int ret;
-+
-+ for (num_args = 0; fixture->args[num_args] != NULL; )
-+ num_args++;
-+
-+ out = g_string_new ("");
-+ ret = safe_printf_cb (callback, out, fixture->format, (const gchar **)fixture->args, num_args);
-+ if (fixture->result) {
-+ g_assert_cmpint (ret, >=, 0);
-+ g_assert_cmpstr (out->str, ==, fixture->result);
-+ g_assert_cmpint (ret, ==, out->len);
-+ } else {
-+ g_assert_cmpint (ret, <, 0);
-+ }
-+
-+ g_string_free (out, TRUE);
-+}
-+
-+static const Fixture fixtures[] = {
-+ {
-+ /* Just a bog standard string */
-+ "%s", { "blah", NULL, },
-+ "blah"
-+ },
-+ {
-+ /* Empty to print */
-+ "%s", { "", NULL, },
-+ ""
-+ },
-+ {
-+ /* Nothing to print */
-+ "", { "blah", NULL, },
-+ ""
-+ },
-+ {
-+ /* Width right aligned */
-+ "%8s", { "blah", NULL, },
-+ " blah"
-+ },
-+ {
-+ /* Width left aligned */
-+ "whoop %-8s doo", { "dee", NULL, },
-+ "whoop dee doo"
-+ },
-+ {
-+ /* Width space aligned (ignored) */
-+ "whoop % 8s doo", { "dee", NULL, },
-+ "whoop dee doo"
-+ },
-+ {
-+ /* Width left space aligned (ignored) */
-+ "whoop % -8s doo", { "dee", NULL, },
-+ "whoop dee doo"
-+ },
-+ {
-+ /* Precision 1 digit */
-+ "whoop %.3s doo", { "deedle-dee", NULL, },
-+ "whoop dee doo"
-+ },
-+ {
-+ /* Precision, N digits */
-+ "whoop %.10s doo", { "deedle-dee-deedle-do-deedle-dum", NULL, },
-+ "whoop deedle-dee doo"
-+ },
-+ {
-+ /* Precision, zero digits */
-+ "whoop %.s doo", { "deedle", NULL, },
-+ "whoop doo"
-+ },
-+ {
-+ /* Multiple simple arguments */
-+ "space %s %s", { "man", "dances", NULL, },
-+ "space man dances"
-+ },
-+ {
-+ /* Literal percent */
-+ "100%% of space folk dance", { NULL, },
-+ "100% of space folk dance"
-+ },
-+ {
-+ /* Multiple simple arguments */
-+ "space %2$s %1$s", { "dances", "man", NULL, },
-+ "space man dances"
-+ },
-+ {
-+ /* Skipping an argument (not supported by standard printf) */
-+ "space %2$s dances", { "dances", "man", NULL, },
-+ "space man dances"
-+ },
-+
-+ /* Failures start here */
-+
-+ {
-+ /* Unsupported conversion */
-+ "%x", { "blah", NULL, },
-+ NULL
-+ },
-+ {
-+ /* Bad positional argument */
-+ "space %55$s dances", { "dances", "man", NULL, },
-+ NULL
-+ },
-+ {
-+ /* Zero positional argument */
-+ "space %0$s dances", { "dances", "man", NULL, },
-+ NULL
-+ },
-+ {
-+ /* Too many args used */
-+ "%s %s dances", { "space", NULL, },
-+ NULL
-+ },
-+
-+};
-+
-+static void
-+test_safe_snprintf (void)
-+{
-+ char buffer[8];
-+ int ret;
-+
-+ ret = safe_snprintf (buffer, 8, "%s", "space", "man", NULL);
-+ g_assert_cmpint (ret, ==, 5);
-+ g_assert_cmpstr (buffer, ==, "space");
-+
-+ ret = safe_snprintf (buffer, 8, "", "space", "man", NULL);
-+ g_assert_cmpint (ret, ==, 0);
-+ g_assert_cmpstr (buffer, ==, "");
-+
-+ ret = safe_snprintf (buffer, 8, "the %s %s dances away", "space", "man", NULL);
-+ g_assert_cmpint (ret, ==, 25);
-+ g_assert_cmpstr (buffer, ==, "the spa");
-+
-+ ret = safe_snprintf (buffer, 8, "%5$s", NULL);
-+ g_assert_cmpint (ret, <, 0);
-+}
-+
-+static void
-+test_safe_asprintf (void)
-+{
-+ char *buffer;
-+ int ret;
-+
-+ ret = safe_asprintf (&buffer, "%s", "space", "man", NULL);
-+ g_assert_cmpint (ret, ==, 5);
-+ g_assert_cmpstr (buffer, ==, "space");
-+ free (buffer);
-+
-+ ret = safe_asprintf (&buffer, "", "space", "man", NULL);
-+ g_assert_cmpint (ret, ==, 0);
-+ g_assert_cmpstr (buffer, ==, "");
-+ free (buffer);
-+
-+ ret = safe_asprintf (&buffer, "the %s %s dances away", "space", "man", NULL);
-+ g_assert_cmpint (ret, ==, 25);
-+ g_assert_cmpstr (buffer, ==, "the space man dances away");
-+ free (buffer);
-+
-+ ret = safe_asprintf (&buffer, "%1$s %1$s %1$s %1$s %1$s %1$s", "space man", NULL);
-+ g_assert_cmpint (ret, ==, 59);
-+ g_assert_cmpstr (buffer, ==, "space man space man space man space man space man space man");
-+ free (buffer);
-+
-+ ret = safe_asprintf (&buffer, "%5$s", NULL);
-+ g_assert_cmpint (ret, <, 0);
-+}
-+
-+int
-+main (int argc,
-+ char **argv)
-+{
-+ gchar *escaped;
-+ gchar *name;
-+ gint i;
-+
-+ g_test_init (&argc, &argv, NULL);
-+ g_set_prgname ("test-safe-printf");
-+
-+ for (i = 0; i < G_N_ELEMENTS (fixtures); i++) {
-+ if (g_str_equal (fixtures[i].format, ""))
-+ escaped = g_strdup ("_empty_");
-+ else
-+ escaped = g_strdup (fixtures[i].format);
-+ g_strdelimit (escaped, " =\\/", '_');
-+ name = g_strdup_printf ("/realmd/safe-printf/%s", escaped);
-+ g_free (escaped);
-+
-+ g_test_add_data_func (name, fixtures + i, test_safe_printf);
-+ g_free (name);
-+ }
-+
-+ g_test_add_func ("/realmd/safe-snprintf", test_safe_snprintf);
-+ g_test_add_func ("/realmd/safe-asprintf", test_safe_asprintf);
-+
-+ return g_test_run ();
-+}
---
-1.8.4.2
-
diff --git a/SOURCES/samba-by-default.patch b/SOURCES/samba-by-default.patch
new file mode 100644
index 0000000..0a10de0
--- /dev/null
+++ b/SOURCES/samba-by-default.patch
@@ -0,0 +1,48 @@
+From 36e35c860cebc5e3f3d2199742c7f46d5ef7b778 Mon Sep 17 00:00:00 2001
+From: Stef Walter <stefw@redhat.com>
+Date: Fri, 16 Oct 2015 11:41:14 +0200
+Subject: [PATCH] Revert "service: Prefer adcli over samba for most credential
+ types"
+
+This reverts commit 70878dec6e23226ab25f731654ab53cc0e7b11c3.
+---
+ service/realm-sssd-ad.c | 19 ++++++++++++++++---
+ 1 file changed, 16 insertions(+), 3 deletions(-)
+
+diff --git a/service/realm-sssd-ad.c b/service/realm-sssd-ad.c
+index c7ffe8a..39fcf81 100644
+--- a/service/realm-sssd-ad.c
++++ b/service/realm-sssd-ad.c
+@@ -343,13 +343,26 @@ parse_join_options (JoinClosure *join,
+ }
+
+ /*
+- * For other valid types of credentials we prefer adcli.
++ * If we are enrolling with a ccache, then prefer to use adcli over samba.
++ * There have been some strange corner case problems when using samba with
++ * a ccache.
+ */
+- } else if (cred->type == REALM_CREDENTIAL_CCACHE ||
+- (cred->type == REALM_CREDENTIAL_PASSWORD && cred->owner == REALM_CREDENTIAL_OWNER_ADMIN)) {
++ } else if (cred->type == REALM_CREDENTIAL_CCACHE) {
+ if (!software)
+ software = REALM_DBUS_IDENTIFIER_ADCLI;
+
++ /*
++ * For other supported enrolling credentials, we support either adcli or
++ * samba. But since adcli is pretty immature at this point, we use samba
++ * by default. Samba falls over with hostnames that are not perfectly
++ * specified, so use adcli there.
++ */
++ } else if (cred->type == REALM_CREDENTIAL_PASSWORD && cred->owner == REALM_CREDENTIAL_OWNER_ADMIN) {
++ if (!software && join->disco->explicit_server)
++ software = REALM_DBUS_IDENTIFIER_ADCLI;
++ else if (!software)
++ software = REALM_DBUS_IDENTIFIER_SAMBA;
++
+ /* It would be odd to get here */
+ } else {
+ g_set_error (error, G_DBUS_ERROR, G_DBUS_ERROR_INVALID_ARGS,
+--
+2.5.0
+
diff --git a/SPECS/realmd.spec b/SPECS/realmd.spec
index 6dbbe17..0a9df5a 100644
--- a/SPECS/realmd.spec
+++ b/SPECS/realmd.spec
@@ -1,20 +1,27 @@
Name: realmd
-Version: 0.14.6
-Release: 6%{?dist}
+Version: 0.16.1
+Release: 5%{?dist}
Summary: Kerberos realm enrollment service
License: LGPLv2+
URL: http://cgit.freedesktop.org/realmd/realmd/
Source0: http://www.freedesktop.org/software/realmd/releases/realmd-%{version}.tar.gz
-Patch0: ipa-packages.patch
-Patch1: oddjob-start.patch
-Patch2: safe-printf.patch
-Patch3: missing-fqname.patch
+Patch0: ipa-packages.patch
+Patch1: net-in-samba-common.patch
+Patch2: remove-spurious-print.patch
+Patch3: increase-packagekit-timeout.patch
+Patch4: dns-domain-name-liberal.patch
+
+Patch13: duplicate-test-path.patch
+
+Patch20: samba-by-default.patch
+
+BuildRequires: automake
+BuildRequires: autoconf
BuildRequires: intltool pkgconfig
BuildRequires: gettext-devel
BuildRequires: glib2-devel >= 2.32.0
BuildRequires: openldap-devel
-BuildRequires: PackageKit-glib-devel
BuildRequires: polkit-devel
BuildRequires: krb5-devel
BuildRequires: systemd-devel
@@ -45,8 +52,14 @@ applications that use %{name}.
%patch1 -p1
%patch2 -p1
%patch3 -p1
+%patch4 -p1
+%patch13 -p1
+%patch20 -p1
%build
+aclocal
+automake --add-missing
+autoconf
%configure --disable-silent-rules
make %{?_smp_mflags}
@@ -58,9 +71,8 @@ make install DESTDIR=%{buildroot}
%find_lang realmd
-%clean
-
%files -f realmd.lang
+%doc AUTHORS COPYING NEWS README
%{_sysconfdir}/dbus-1/system.d/org.freedesktop.realmd.conf
%{_sbindir}/realm
%dir %{_libdir}/realmd
@@ -70,17 +82,42 @@ make install DESTDIR=%{buildroot}
%{_unitdir}/realmd.service
%{_datadir}/dbus-1/system-services/org.freedesktop.realmd.service
%{_datadir}/polkit-1/actions/org.freedesktop.realmd.policy
-%doc AUTHORS COPYING ChangeLog NEWS README
%{_mandir}/man8/realm.8.gz
%{_mandir}/man5/realmd.conf.5.gz
%{_localstatedir}/cache/realmd/
%files devel-docs
%doc %{_datadir}/doc/realmd/
+%doc ChangeLog
%changelog
-* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 0.14.6-6
-- Mass rebuild 2014-01-24
+* Fri Oct 16 2015 Stef Walter <stefw@redhat.com> - 0.16.1-5
+- Revert 0.16.1-4
+- Use samba by default
+- Resolves: rhbz#1271618
+
+* Fri Sep 11 2015 Stef Walter <stefw@redhat.com> - 0.16.1-4
+- Fix regressions in 0.16.x releases
+- Resolves: rhbz#1258745
+- Resolves: rhbz#1258488
+
+* Fri Jul 31 2015 Stef Walter <stefw@redhat.com> - 0.16.1-3
+- Fix regression accepting DNS domain names
+- Resolves: rhbz#1243771
+
+* Fri Jul 24 2015 Stef Walter <stefw@redhat.com> - 0.16.1-2
+- Fix discarded patch: ipa-packages.patch
+
+* Tue Jul 14 2015 Stef Walter <stefw@redhat.com> - 0.16.1-1
+- Updated to upstream 0.16.1
+- Resolves: rhbz#1241832
+- Resolves: rhbz#1230941
+
+* Tue Apr 14 2015 Stef Walter <stefw@redhat.com> - 0.16.0-1
+- Updated to upstream 0.16.0
+- Resolves: rhbz#1174911
+- Resolves: rhbz#1142191
+- Resolves: rhbz#1142148
* Fri Jan 10 2014 Stef Walter <stefw@redhat.com> - 0.14.6-5
- Don't crash when full_name_format is not in sssd.conf [#1051033]