Blame SPECS/sssd.spec

583677
# we don't want to provide private python extension libs
583677
%define __provides_exclude_from %{python3_sitearch}/.*\.so$|%{_libdir}/%{name}/modules/libwbclient.so.*$
583677
583677
# SSSD fails to build with -Wl,-z,defs
583677
%undefine _strict_symbol_defs_build
583677
583677
%define _hardened_build 1
583677
583677
%global install_pcscd_polkit_rule 1
583677
8aada9
%global samba_package_version %(rpm -q samba-devel --queryformat %{version}-%{release})
8aada9
583677
# Determine the location of the LDB modules directory
583677
%global ldb_modulesdir %(pkg-config --variable=modulesdir ldb)
583677
%global ldb_version 1.2.0
583677
583677
%global enable_systemtap 1
8aada9
%global enable_systemtap_opt --enable-systemtap
583677
583677
%global libwbc_alternatives_version 0.14
583677
%global libwbc_lib_version %{libwbc_alternatives_version}.0
583677
%global libwbc_alternatives_suffix %nil
583677
%if 0%{?__isa_bits} == 64
583677
%global libwbc_alternatives_suffix -64
583677
%endif
583677
583677
Name: sssd
2e3f64
Version: 2.4.0
2e3f64
Release: 2%{?dist}
583677
Group: Applications/System
583677
Summary: System Security Services Daemon
583677
License: GPLv3+
583677
URL: https://pagure.io/SSSD/sssd/
583677
Source0: https://releases.pagure.org/SSSD/sssd/%{name}-%{version}.tar.gz
583677
583677
### Patches ###
583677
583677
### Downstream Patches ###
583677
583677
#This patch should not be removed in RHEL-8
583677
Patch999: 0999-NOUPSTREAM-Default-to-root-if-sssd-user-is-not-spec
583677
583677
### Dependencies ###
583677
583677
Requires: sssd-common = %{version}-%{release}
583677
Requires: sssd-ldap = %{version}-%{release}
583677
Requires: sssd-krb5 = %{version}-%{release}
583677
Requires: sssd-ipa = %{version}-%{release}
583677
Requires: sssd-ad = %{version}-%{release}
583677
Recommends: sssd-proxy = %{version}-%{release}
583677
Requires: python3-sssdconfig = %{version}-%{release}
583677
Suggests: sssd-dbus = %{version}-%{release}
583677
583677
%global servicename sssd
583677
%global sssdstatedir %{_localstatedir}/lib/sss
583677
%global dbpath %{sssdstatedir}/db
583677
%global keytabdir %{sssdstatedir}/keytabs
583677
%global pipepath %{sssdstatedir}/pipes
583677
%global mcpath %{sssdstatedir}/mc
583677
%global pubconfpath %{sssdstatedir}/pubconf
583677
%global gpocachepath %{sssdstatedir}/gpo_cache
583677
%global secdbpath %{sssdstatedir}/secrets
583677
%global deskprofilepath %{sssdstatedir}/deskprofile
583677
583677
### Build Dependencies ###
583677
213fc2
BuildRequires: make
583677
BuildRequires: autoconf
583677
BuildRequires: automake
583677
BuildRequires: libtool
583677
BuildRequires: m4
583677
BuildRequires: gcc
583677
BuildRequires: popt-devel
583677
BuildRequires: libtalloc-devel
583677
BuildRequires: libtevent-devel
583677
BuildRequires: libtdb-devel
583677
BuildRequires: libldb-devel >= %{ldb_version}
583677
BuildRequires: libdhash-devel >= 0.4.2
583677
BuildRequires: libcollection-devel
583677
BuildRequires: libini_config-devel >= 1.1
583677
BuildRequires: dbus-devel
583677
BuildRequires: dbus-libs
583677
BuildRequires: openldap-devel
583677
BuildRequires: pam-devel
583677
BuildRequires: nss-devel
583677
BuildRequires: nspr-devel
583677
BuildRequires: pcre-devel
583677
BuildRequires: libxslt
583677
BuildRequires: libxml2
583677
BuildRequires: docbook-style-xsl
583677
BuildRequires: krb5-devel
583677
BuildRequires: c-ares-devel
583677
BuildRequires: python3-devel
583677
BuildRequires: check-devel
583677
BuildRequires: doxygen
583677
BuildRequires: libselinux-devel
583677
BuildRequires: libsemanage-devel
583677
BuildRequires: bind-utils
583677
BuildRequires: keyutils-libs-devel
583677
BuildRequires: gettext-devel
583677
BuildRequires: pkgconfig
583677
BuildRequires: diffstat
583677
BuildRequires: findutils
583677
BuildRequires: glib2-devel
583677
BuildRequires: selinux-policy-targeted
583677
BuildRequires: libcmocka-devel >= 1.0.0
583677
BuildRequires: uid_wrapper
583677
BuildRequires: nss_wrapper
583677
BuildRequires: pam_wrapper
583677
BuildRequires: p11-kit-devel
583677
BuildRequires: openssl-devel
583677
BuildRequires: gnutls-utils
583677
BuildRequires: softhsm >= 2.1.0
583677
BuildRequires: openssl
583677
BuildRequires: openssh
583677
BuildRequires: libnl3-devel
583677
BuildRequires: systemd-devel
583677
BuildRequires: systemd
583677
BuildRequires: cifs-utils-devel
583677
BuildRequires: libnfsidmap-devel
8aada9
BuildRequires: samba-devel
583677
BuildRequires: libsmbclient-devel
583677
BuildRequires: samba-winbind
583677
BuildRequires: systemtap-sdt-devel
583677
BuildRequires: libuuid-devel
583677
BuildRequires: jansson-devel
583677
BuildRequires: gdm-pam-extensions-devel
583677
583677
%description
583677
Provides a set of daemons to manage access to remote directories and
583677
authentication mechanisms. It provides an NSS and PAM interface toward
583677
the system and a plug-gable back-end system to connect to multiple different
583677
account sources. It is also the basis to provide client auditing and policy
583677
services for projects like FreeIPA.
583677
583677
The sssd sub-package is a meta-package that contains the daemon as well as all
583677
the existing back ends.
583677
583677
%package common
583677
Summary: Common files for the SSSD
583677
Group: Applications/System
583677
License: GPLv3+
583677
# Conflicts
583677
Conflicts: selinux-policy < 3.10.0-46
583677
Conflicts: sssd < 1.10.0-8%{?dist}.beta2
583677
# Requires
583677
# Explicitly require RHEL-8.0 versions of the Samba libraries
583677
# in order to prevent untested combinations of a new SSSD and
583677
# older libraries. See e.g. rhbz#1593756
583677
Requires: libtalloc >= 2.1.14-1
583677
Requires: libtevent >= 0.9.37-1
583677
Requires: libldb >= 1.4.2-1
583677
Requires: libtdb >= 1.3.16-1
583677
# due to ABI changes in 1.1.30/1.2.0
583677
Requires: libldb >= %{ldb_version}
583677
Requires: sssd-client%{?_isa} = %{version}-%{release}
583677
Recommends: libsss_sudo = %{version}-%{release}
583677
Recommends: libsss_autofs%{?_isa} = %{version}-%{release}
583677
Recommends: sssd-nfs-idmap = %{version}-%{release}
583677
Requires: libsss_idmap = %{version}-%{release}
583677
Requires(pre): shadow-utils
583677
%{?systemd_requires}
583677
583677
### Provides ###
583677
Provides: libsss_sudo-devel = %{version}-%{release}
583677
Obsoletes: libsss_sudo-devel <= 1.10.0-7%{?dist}.beta1
583677
583677
%description common
583677
Common files for the SSSD. The common package includes all the files needed
583677
to run a particular back end, however, the back ends are packaged in separate
583677
sub-packages such as sssd-ldap.
583677
583677
%package client
583677
Summary: SSSD Client libraries for NSS and PAM
583677
Group: Applications/System
583677
License: LGPLv3+
0ff280
Requires: libsss_nss_idmap = %{version}-%{release}
0ff280
Requires: libsss_idmap = %{version}-%{release}
583677
Requires(post): /sbin/ldconfig
583677
Requires(postun): /sbin/ldconfig
583677
Requires(post):  /usr/sbin/alternatives
583677
Requires(preun): /usr/sbin/alternatives
583677
583677
%description client
583677
Provides the libraries needed by the PAM and NSS stacks to connect to the SSSD
583677
service.
583677
583677
%package -n libsss_sudo
583677
Summary: A library to allow communication between SUDO and SSSD
583677
Group: Development/Libraries
583677
License: LGPLv3+
583677
Requires(post): /sbin/ldconfig
583677
Requires(postun): /sbin/ldconfig
583677
Conflicts: sssd-common < %{version}-%{release}
583677
583677
%description -n libsss_sudo
583677
A utility library to allow communication between SUDO and SSSD
583677
583677
%package -n libsss_autofs
583677
Summary: A library to allow communication between Autofs and SSSD
583677
Group: Development/Libraries
583677
License: LGPLv3+
583677
Conflicts: sssd-common < %{version}-%{release}
583677
583677
%description -n libsss_autofs
583677
A utility library to allow communication between Autofs and SSSD
583677
583677
%package tools
583677
Summary: Userspace tools for use with the SSSD
583677
Group: Applications/System
583677
License: GPLv3+
583677
Requires: sssd-common = %{version}-%{release}
0ff280
Requires: libsss_simpleifp = %{version}-%{release}
583677
# required by sss_obfuscate
583677
Requires: python3-sss = %{version}-%{release}
583677
Requires: python3-sssdconfig = %{version}-%{release}
0d441c
Recommends: sssd-dbus
583677
583677
%description tools
583677
Provides userspace tools for manipulating users, groups, and nested groups in
583677
SSSD when using id_provider = local in /etc/sssd/sssd.conf.
583677
583677
Also provides several other administrative tools:
583677
    * sss_debuglevel to change the debug level on the fly
583677
    * sss_seed which pre-creates a user entry for use in kickstarts
583677
    * sss_obfuscate for generating an obfuscated LDAP password
583677
    * sssctl -- an sssd status and control utility
583677
583677
%package -n python3-sssdconfig
583677
Summary: SSSD and IPA configuration file manipulation classes and functions
583677
Group: Applications/System
583677
License: GPLv3+
583677
BuildArch: noarch
583677
%{?python_provide:%python_provide python3-sssdconfig}
583677
583677
%description -n python3-sssdconfig
583677
Provides python3 files for manipulation SSSD and IPA configuration files.
583677
583677
%package -n python3-sss
583677
Summary: Python3 bindings for sssd
583677
Group: Development/Libraries
583677
License: LGPLv3+
583677
Requires: sssd-common = %{version}-%{release}
583677
%{?python_provide:%python_provide python3-sss}
583677
583677
%description -n python3-sss
583677
Provides python3 module for manipulating users, groups, and nested groups in
583677
SSSD when using id_provider = local in /etc/sssd/sssd.conf.
583677
583677
Also provides several other useful python3 bindings:
583677
    * function for retrieving list of groups user belongs to.
583677
    * class for obfuscation of passwords
583677
583677
%package -n python3-sss-murmur
583677
Summary: Python3 bindings for murmur hash function
583677
Group: Development/Libraries
583677
License: LGPLv3+
583677
%{?python_provide:%python_provide python3-sss-murmur}
583677
583677
%description -n python3-sss-murmur
583677
Provides python3 module for calculating the murmur hash version 3
583677
583677
%package ldap
583677
Summary: The LDAP back end of the SSSD
583677
Group: Applications/System
583677
License: GPLv3+
583677
Conflicts: sssd < 1.10.0-8.beta2
583677
Requires: sssd-common = %{version}-%{release}
583677
Requires: sssd-krb5-common = %{version}-%{release}
0ff280
Requires: libsss_idmap = %{version}-%{release}
583677
583677
%description ldap
583677
Provides the LDAP back end that the SSSD can utilize to fetch identity data
583677
from and authenticate against an LDAP server.
583677
583677
%package krb5-common
583677
Summary: SSSD helpers needed for Kerberos and GSSAPI authentication
583677
Group: Applications/System
583677
License: GPLv3+
583677
Conflicts: sssd < 1.10.0-8.beta2
583677
Requires: cyrus-sasl-gssapi%{?_isa}
583677
Requires: sssd-common = %{version}-%{release}
583677
Requires(pre): shadow-utils
583677
583677
%description krb5-common
583677
Provides helper processes that the LDAP and Kerberos back ends can use for
583677
Kerberos user or host authentication.
583677
583677
%package krb5
583677
Summary: The Kerberos authentication back end for the SSSD
583677
Group: Applications/System
583677
License: GPLv3+
583677
Conflicts: sssd < 1.10.0-8.beta2
583677
Requires: sssd-common = %{version}-%{release}
583677
Requires: sssd-krb5-common = %{version}-%{release}
583677
583677
%description krb5
583677
Provides the Kerberos back end that the SSSD can utilize authenticate
583677
against a Kerberos server.
583677
583677
%package common-pac
583677
Summary: Common files needed for supporting PAC processing
583677
Group: Applications/System
583677
License: GPLv3+
583677
Requires: sssd-common = %{version}-%{release}
0ff280
Requires: libsss_idmap = %{version}-%{release}
583677
583677
%description common-pac
583677
Provides common files needed by SSSD providers such as IPA and Active Directory
583677
for handling Kerberos PACs.
583677
583677
%package ipa
583677
Summary: The IPA back end of the SSSD
583677
Group: Applications/System
583677
License: GPLv3+
583677
Conflicts: sssd < 1.10.0-8.beta2
8aada9
Requires: samba-client-libs >= %{samba_package_version}
583677
Requires: sssd-common = %{version}-%{release}
583677
Requires: sssd-krb5-common = %{version}-%{release}
583677
Requires: libipa_hbac%{?_isa} = %{version}-%{release}
583677
Recommends: bind-utils
583677
Requires: sssd-common-pac = %{version}-%{release}
0ff280
Requires: libsss_idmap = %{version}-%{release}
583677
Requires(pre): shadow-utils
583677
583677
%description ipa
583677
Provides the IPA back end that the SSSD can utilize to fetch identity data
583677
from and authenticate against an IPA server.
583677
583677
%package ad
583677
Summary: The AD back end of the SSSD
583677
Group: Applications/System
583677
License: GPLv3+
583677
Conflicts: sssd < 1.10.0-8.beta2
8aada9
Requires: samba-client-libs >= %{samba_package_version}
583677
Requires: sssd-common = %{version}-%{release}
583677
Requires: sssd-krb5-common = %{version}-%{release}
583677
Requires: sssd-common-pac = %{version}-%{release}
0ff280
Requires: libsss_idmap = %{version}-%{release}
583677
Recommends: bind-utils
583677
Recommends: adcli
583677
Suggests: sssd-libwbclient = %{version}-%{release}
583677
Suggests: sssd-winbind-idmap = %{version}-%{release}
583677
583677
%description ad
583677
Provides the Active Directory back end that the SSSD can utilize to fetch
583677
identity data from and authenticate against an Active Directory server.
583677
583677
%package proxy
583677
Summary: The proxy back end of the SSSD
583677
Group: Applications/System
583677
License: GPLv3+
583677
Conflicts: sssd < 1.10.0-8.beta2
583677
Requires: sssd-common = %{version}-%{release}
583677
Requires(pre): shadow-utils
583677
583677
%description proxy
583677
Provides the proxy back end which can be used to wrap an existing NSS and/or
583677
PAM modules to leverage SSSD caching.
583677
583677
%package -n libsss_idmap
583677
Summary: FreeIPA Idmap library
583677
Group: Development/Libraries
583677
License: LGPLv3+
583677
Requires(post): /sbin/ldconfig
583677
Requires(postun): /sbin/ldconfig
583677
583677
%description -n libsss_idmap
583677
Utility library to convert SIDs to Unix uids and gids
583677
583677
%package -n libsss_idmap-devel
583677
Summary: FreeIPA Idmap library
583677
Group: Development/Libraries
583677
License: LGPLv3+
583677
Requires: libsss_idmap = %{version}-%{release}
583677
583677
%description -n libsss_idmap-devel
583677
Utility library to SIDs to Unix uids and gids
583677
583677
%package -n libipa_hbac
583677
Summary: FreeIPA HBAC Evaluator library
583677
Group: Development/Libraries
583677
License: LGPLv3+
583677
Requires(post): /sbin/ldconfig
583677
Requires(postun): /sbin/ldconfig
583677
583677
%description -n libipa_hbac
583677
Utility library to validate FreeIPA HBAC rules for authorization requests
583677
583677
%package -n libipa_hbac-devel
583677
Summary: FreeIPA HBAC Evaluator library
583677
Group: Development/Libraries
583677
License: LGPLv3+
583677
Requires: libipa_hbac = %{version}-%{release}
583677
583677
%description -n libipa_hbac-devel
583677
Utility library to validate FreeIPA HBAC rules for authorization requests
583677
583677
%package -n python3-libipa_hbac
583677
Summary: Python3 bindings for the FreeIPA HBAC Evaluator library
583677
Group: Development/Libraries
583677
License: LGPLv3+
583677
Requires: libipa_hbac = %{version}-%{release}
583677
%{?python_provide:%python_provide python3-libipa_hbac}
583677
583677
%description -n python3-libipa_hbac
583677
The python3-libipa_hbac contains the bindings so that libipa_hbac can be
583677
used by Python applications.
583677
583677
%package -n libsss_nss_idmap
583677
Summary: Library for SID and certificate based lookups
583677
Group: Development/Libraries
583677
License: LGPLv3+
583677
Requires(post): /sbin/ldconfig
583677
Requires(postun): /sbin/ldconfig
583677
583677
%description -n libsss_nss_idmap
583677
Utility library for SID and certificate based lookups
583677
583677
%package -n libsss_nss_idmap-devel
583677
Summary: Library for SID and certificate based lookups
583677
Group: Development/Libraries
583677
License: LGPLv3+
583677
Requires: libsss_nss_idmap = %{version}-%{release}
583677
583677
%description -n libsss_nss_idmap-devel
583677
Utility library for SID and certificate based lookups
583677
583677
%package -n python3-libsss_nss_idmap
583677
Summary: Python3 bindings for libsss_nss_idmap
583677
Group: Development/Libraries
583677
License: LGPLv3+
583677
Requires: libsss_nss_idmap = %{version}-%{release}
583677
%{?python_provide:%python_provide python3-libsss_nss_idmap}
583677
583677
%description -n python3-libsss_nss_idmap
583677
The python3-libsss_nss_idmap contains the bindings so that libsss_nss_idmap can
583677
be used by Python applications.
583677
583677
%package dbus
583677
Summary: The D-Bus responder of the SSSD
583677
Group: Applications/System
583677
License: GPLv3+
583677
Requires: sssd-common = %{version}-%{release}
583677
%{?systemd_requires}
583677
583677
%description dbus
583677
Provides the D-Bus responder of the SSSD, called the InfoPipe, that allows
583677
the information from the SSSD to be transmitted over the system bus.
583677
583677
%if (0%{?install_pcscd_polkit_rule} == 1)
583677
%package polkit-rules
583677
Summary: Rules for polkit integration for SSSD
583677
Group: Applications/System
583677
License: GPLv3+
583677
Requires: polkit >= 0.106
583677
Requires: sssd-common = %{version}-%{release}
583677
583677
%description polkit-rules
583677
Provides rules for polkit integration with SSSD. This is required
583677
for smartcard support.
583677
%endif
583677
583677
%package -n libsss_simpleifp
583677
Summary: The SSSD D-Bus responder helper library
583677
Group: Development/Libraries
583677
License: GPLv3+
583677
Requires: sssd-dbus = %{version}-%{release}
583677
Requires(post): /sbin/ldconfig
583677
Requires(postun): /sbin/ldconfig
583677
583677
%description -n libsss_simpleifp
583677
Provides library that simplifies D-Bus API for the SSSD InfoPipe responder.
583677
583677
%package -n libsss_simpleifp-devel
583677
Summary: The SSSD D-Bus responder helper library
583677
Group: Development/Libraries
583677
License: GPLv3+
583677
Requires: dbus-devel
583677
Requires: libsss_simpleifp = %{version}-%{release}
583677
583677
%description -n libsss_simpleifp-devel
583677
Provides library that simplifies D-Bus API for the SSSD InfoPipe responder.
583677
583677
%package libwbclient
583677
Summary: The SSSD libwbclient implementation
583677
Group: Applications/System
583677
License: GPLv3+ and LGPLv3+
0ff280
Requires: libsss_nss_idmap = %{version}-%{release}
583677
Conflicts: libwbclient < 4.2.0-0.2.rc2
583677
Conflicts: sssd-common < %{version}-%{release}
583677
583677
%description libwbclient
583677
The SSSD libwbclient implementation.
583677
583677
%package libwbclient-devel
583677
Summary: Development libraries for the SSSD libwbclient implementation
583677
Group:  Development/Libraries
583677
License: GPLv3+ and LGPLv3+
583677
Requires: sssd-libwbclient = %{version}-%{release}
583677
Conflicts: libwbclient-devel < 4.2.0-0.2.rc2
583677
583677
%description libwbclient-devel
583677
Development libraries for the SSSD libwbclient implementation.
583677
583677
%package winbind-idmap
583677
Summary: SSSD's idmap_sss Backend for Winbind
583677
Group:  Applications/System
583677
License: GPLv3+ and LGPLv3+
583677
Conflicts: sssd-common < %{version}-%{release}
0ff280
Requires: libsss_nss_idmap = %{version}-%{release}
0ff280
Requires: libsss_idmap = %{version}-%{release}
583677
583677
%description winbind-idmap
583677
The idmap_sss module provides a way for Winbind to call SSSD to map UIDs/GIDs
583677
and SIDs.
583677
583677
%package nfs-idmap
583677
Summary: SSSD plug-in for NFSv4 rpc.idmapd
583677
Group:  Applications/System
583677
License: GPLv3+
583677
Conflicts: sssd-common < %{version}-%{release}
583677
583677
%description nfs-idmap
583677
The libnfsidmap sssd module provides a way for rpc.idmapd to call SSSD to map
583677
UIDs/GIDs to names and vice versa. It can be also used for mapping principal
583677
(user) name to IDs(UID or GID) or to obtain groups which user are member of.
583677
583677
%package -n libsss_certmap
583677
Summary: SSSD Certificate Mapping Library
583677
Group: Development/Libraries
583677
License: LGPLv3+
583677
Requires(post): /sbin/ldconfig
583677
Requires(postun): /sbin/ldconfig
583677
Conflicts: sssd-common < %{version}-%{release}
583677
583677
%description -n libsss_certmap
583677
Library to map certificates to users based on rules
583677
583677
%package -n libsss_certmap-devel
583677
Summary: SSSD Certificate Mapping Library
583677
Group: Development/Libraries
583677
License: LGPLv3+
583677
Requires: libsss_certmap = %{version}-%{release}
583677
583677
%description -n libsss_certmap-devel
583677
Library to map certificates to users based on rules
583677
583677
%package kcm
583677
Summary: An implementation of a Kerberos KCM server
583677
Group:  Applications/System
583677
License: GPLv3+
583677
Requires: sssd-common = %{version}-%{release}
583677
%{?systemd_requires}
583677
583677
%description kcm
583677
An implementation of a Kerberos KCM server. Use this package if you want to
583677
use the KCM: Kerberos credentials cache.
583677
583677
%prep
583677
# Update timestamps on the files touched by a patch, to avoid non-equal
583677
# .pyc/.pyo files across the multilib peers within a build, where "Level"
583677
# is the patch prefix option (e.g. -p1)
583677
# Taken from specfile for python-simplejson
583677
UpdateTimestamps() {
583677
  Level=$1
583677
  PatchFile=$2
583677
583677
  # Locate the affected files:
583677
  for f in $(diffstat $Level -l $PatchFile); do
583677
    # Set the files to have the same timestamp as that of the patch:
583677
    touch -r $PatchFile $f
583677
  done
583677
}
583677
583677
%setup -q
583677
583677
for p in %patches ; do
583677
    %__patch -p1 -i $p
583677
    UpdateTimestamps -p1 $p
583677
done
583677
583677
%build
583677
autoreconf -ivf
583677
583677
%configure \
583677
    --with-test-dir=/dev/shm \
583677
    --with-db-path=%{dbpath} \
583677
    --with-mcache-path=%{mcpath} \
583677
    --with-pipe-path=%{pipepath} \
583677
    --with-pubconf-path=%{pubconfpath} \
583677
    --with-gpo-cache-path=%{gpocachepath} \
583677
    --with-init-dir=%{_initrddir} \
583677
    --with-krb5-rcache-dir=%{_localstatedir}/cache/krb5rcache \
583677
    --enable-nsslibdir=%{_libdir} \
583677
    --enable-pammoddir=%{_libdir}/security \
583677
    --enable-nfsidmaplibdir=%{_libdir}/libnfsidmap \
583677
    --disable-static \
583677
    --with-crypto=libcrypto \
2e3f64
    --with-libwbclient \
583677
    --disable-rpath \
583677
    --with-initscript=systemd \
583677
    --with-syslog=journald \
583677
    --enable-sss-default-nss-plugin \
583677
    --enable-files-domain \
583677
    --without-python2-bindings \
583677
    --with-sssd-user=sssd \
583677
    %{?with_cifs_utils_plugin_option} \
583677
    %{?enable_systemtap_opt} \
583677
583677
583677
make %{?_smp_mflags} all docs
0d441c
make -C po ja.gmo
0d441c
make -C po fr.gmo
0ff280
make -C po zh_CN.po
583677
583677
%check
583677
export CK_TIMEOUT_MULTIPLIER=10
583677
make %{?_smp_mflags} check VERBOSE=yes
583677
unset CK_TIMEOUT_MULTIPLIER
583677
583677
%install
583677
583677
sed -i -e 's:/usr/bin/python:%{__python3}:' src/tools/sss_obfuscate
583677
583677
make install DESTDIR=$RPM_BUILD_ROOT
583677
583677
if [ ! -f $RPM_BUILD_ROOT/%{_libdir}/%{name}/modules/libwbclient.so.%{libwbc_lib_version} ]
583677
then
583677
    echo "Expected libwbclient version not found, please check if version has changed."
583677
    exit -1
583677
fi
583677
583677
# Prepare language files
583677
/usr/lib/rpm/find-lang.sh $RPM_BUILD_ROOT sssd
583677
583677
# Copy default logrotate file
583677
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d
583677
install -m644 src/examples/logrotate $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/sssd
583677
583677
# Make sure SSSD is able to run on read-only root
583677
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/rwtab.d
583677
install -m644 src/examples/rwtab $RPM_BUILD_ROOT%{_sysconfdir}/rwtab.d/sssd
583677
583677
# Kerberos KCM credential cache by default
583677
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d
583677
cp $RPM_BUILD_ROOT/%{_datadir}/sssd-kcm/kcm_default_ccache \
583677
   $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/kcm_default_ccache
583677
583677
# Create directory for cifs-idmap alternative
583677
# Otherwise this directory could not be owned by sssd-client
583677
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/cifs-utils
583677
583677
# Remove .la files created by libtool
583677
find $RPM_BUILD_ROOT -name "*.la" -exec rm -f {} \;
583677
583677
# Suppress developer-only documentation
583677
rm -Rf ${RPM_BUILD_ROOT}/%{_docdir}/%{name}
583677
583677
# Older versions of rpmbuild can only handle one -f option
583677
# So we need to append to the sssd*.lang file
583677
for file in `ls $RPM_BUILD_ROOT/%{python3_sitelib}/*.egg-info 2> /dev/null`
583677
do
583677
    echo %{python3_sitelib}/`basename $file` >> python3_sssdconfig.lang
583677
done
583677
583677
touch sssd.lang
583677
for subpackage in sssd_ldap sssd_krb5 sssd_ipa sssd_ad sssd_proxy sssd_tools \
583677
                  sssd_client sssd_dbus sssd_nfs_idmap sssd_winbind_idmap \
583677
                  libsss_certmap sssd_kcm
583677
do
583677
    touch $subpackage.lang
583677
done
583677
583677
for man in `find $RPM_BUILD_ROOT/%{_mandir}/??/man?/ -type f | sed -e "s#$RPM_BUILD_ROOT/%{_mandir}/##"`
583677
do
583677
    lang=`echo $man | cut -c 1-2`
583677
    case `basename $man` in
583677
        sss_cache*)
583677
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang
583677
            ;;
583677
        sss_ssh*)
583677
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang
583677
            ;;
583677
        sss_rpcidmapd*)
583677
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_nfs_idmap.lang
583677
            ;;
583677
        sss_*)
583677
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_tools.lang
583677
            ;;
583677
        sssctl*)
583677
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_tools.lang
583677
            ;;
583677
        sssd_krb5_*)
583677
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_client.lang
583677
            ;;
583677
        pam_sss*)
583677
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_client.lang
583677
            ;;
583677
        sssd-ldap*)
583677
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ldap.lang
583677
            ;;
583677
        sssd-krb5*)
583677
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_krb5.lang
583677
            ;;
583677
        sssd-ipa*)
583677
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ipa.lang
583677
            ;;
583677
        sssd-ad*)
583677
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ad.lang
583677
            ;;
583677
        sssd-proxy*)
583677
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_proxy.lang
583677
            ;;
583677
        sssd-ifp*)
583677
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_dbus.lang
583677
            ;;
583677
        sssd-kcm*)
583677
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_kcm.lang
583677
            ;;
583677
        idmap_sss*)
583677
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_winbind_idmap.lang
583677
            ;;
583677
        sss-certmap*)
583677
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> libsss_certmap.lang
583677
            ;;
583677
        *)
583677
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang
583677
            ;;
583677
    esac
583677
done
583677
583677
# Print these to the rpmbuild log
583677
echo "sssd.lang:"
583677
cat sssd.lang
583677
583677
echo "python3_sssdconfig.lang:"
583677
cat python3_sssdconfig.lang
583677
583677
for subpackage in sssd_ldap sssd_krb5 sssd_ipa sssd_ad sssd_proxy sssd_tools \
583677
                  sssd_client sssd_dbus sssd_nfs_idmap sssd_winbind_idmap \
583677
                  libsss_certmap sssd_kcm
583677
do
583677
    echo "$subpackage.lang:"
583677
    cat $subpackage.lang
583677
done
583677
583677
%files
583677
%defattr(-,root,root,-)
583677
%license COPYING
583677
583677
%files common -f sssd.lang
583677
%defattr(-,root,root,-)
583677
%license COPYING
583677
%doc src/examples/sssd-example.conf
583677
%{_sbindir}/sssd
583677
%{_unitdir}/sssd.service
583677
%{_unitdir}/sssd-autofs.socket
583677
%{_unitdir}/sssd-autofs.service
583677
%{_unitdir}/sssd-nss.socket
583677
%{_unitdir}/sssd-nss.service
583677
%{_unitdir}/sssd-pac.socket
583677
%{_unitdir}/sssd-pac.service
583677
%{_unitdir}/sssd-pam.socket
583677
%{_unitdir}/sssd-pam-priv.socket
583677
%{_unitdir}/sssd-pam.service
583677
%{_unitdir}/sssd-ssh.socket
583677
%{_unitdir}/sssd-ssh.service
583677
%{_unitdir}/sssd-sudo.socket
583677
%{_unitdir}/sssd-sudo.service
583677
583677
%dir %{_libexecdir}/%{servicename}
583677
%{_libexecdir}/%{servicename}/sssd_be
583677
%{_libexecdir}/%{servicename}/sssd_nss
583677
%{_libexecdir}/%{servicename}/sssd_pam
583677
%{_libexecdir}/%{servicename}/sssd_autofs
583677
%{_libexecdir}/%{servicename}/sssd_ssh
583677
%{_libexecdir}/%{servicename}/sssd_sudo
583677
%{_libexecdir}/%{servicename}/p11_child
583677
%{_libexecdir}/%{servicename}/sssd_check_socket_activated_responders
583677
583677
%dir %{_libdir}/%{name}
583677
# The files provider is intentionally packaged in -common
583677
%{_libdir}/%{name}/libsss_files.so
583677
%{_libdir}/%{name}/libsss_simple.so
583677
583677
#Internal shared libraries
583677
%{_libdir}/%{name}/libsss_child.so
583677
%{_libdir}/%{name}/libsss_crypt.so
583677
%{_libdir}/%{name}/libsss_cert.so
583677
%{_libdir}/%{name}/libsss_debug.so
583677
%{_libdir}/%{name}/libsss_krb5_common.so
583677
%{_libdir}/%{name}/libsss_ldap_common.so
583677
%{_libdir}/%{name}/libsss_util.so
583677
%{_libdir}/%{name}/libsss_semanage.so
583677
%{_libdir}/%{name}/libifp_iface.so
583677
%{_libdir}/%{name}/libifp_iface_sync.so
583677
%{_libdir}/%{name}/libsss_iface.so
583677
%{_libdir}/%{name}/libsss_iface_sync.so
583677
%{_libdir}/%{name}/libsss_sbus.so
583677
%{_libdir}/%{name}/libsss_sbus_sync.so
583677
583677
%{ldb_modulesdir}/memberof.so
583677
%{_bindir}/sss_ssh_authorizedkeys
583677
%{_bindir}/sss_ssh_knownhostsproxy
583677
%{_sbindir}/sss_cache
583677
%{_libexecdir}/%{servicename}/sss_signal
583677
583677
%dir %{sssdstatedir}
583677
%dir %{_localstatedir}/cache/krb5rcache
583677
%attr(700,sssd,sssd) %dir %{dbpath}
583677
%attr(775,sssd,sssd) %dir %{mcpath}
583677
%attr(700,root,root) %dir %{secdbpath}
583677
%attr(751,root,root) %dir %{deskprofilepath}
583677
%ghost %attr(0664,sssd,sssd) %verify(not md5 size mtime) %{mcpath}/passwd
583677
%ghost %attr(0664,sssd,sssd) %verify(not md5 size mtime) %{mcpath}/group
583677
%ghost %attr(0664,sssd,sssd) %verify(not md5 size mtime) %{mcpath}/initgroups
583677
%attr(755,sssd,sssd) %dir %{pipepath}
583677
%attr(750,sssd,root) %dir %{pipepath}/private
583677
%attr(755,sssd,sssd) %dir %{pubconfpath}
583677
%attr(755,sssd,sssd) %dir %{gpocachepath}
583677
%attr(750,sssd,sssd) %dir %{_var}/log/%{name}
583677
%attr(700,sssd,sssd) %dir %{_sysconfdir}/sssd
583677
%attr(711,sssd,sssd) %dir %{_sysconfdir}/sssd/conf.d
583677
%attr(711,root,root) %dir %{_sysconfdir}/sssd/pki
583677
%ghost %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/sssd/sssd.conf
583677
%dir %{_sysconfdir}/logrotate.d
583677
%config(noreplace) %{_sysconfdir}/logrotate.d/sssd
583677
%dir %{_sysconfdir}/rwtab.d
583677
%config(noreplace) %{_sysconfdir}/rwtab.d/sssd
583677
%dir %{_datadir}/sssd
583677
%{_sysconfdir}/pam.d/sssd-shadowutils
583677
%dir %{_libdir}/%{name}/conf
583677
%{_libdir}/%{name}/conf/sssd.conf
583677
583677
%{_datadir}/sssd/cfg_rules.ini
583677
%{_mandir}/man1/sss_ssh_authorizedkeys.1*
583677
%{_mandir}/man1/sss_ssh_knownhostsproxy.1*
583677
%{_mandir}/man5/sssd.conf.5*
583677
%{_mandir}/man5/sssd-files.5*
583677
%{_mandir}/man5/sssd-simple.5*
583677
%{_mandir}/man5/sssd-sudo.5*
583677
%{_mandir}/man5/sssd-session-recording.5*
583677
%{_mandir}/man8/sssd.8*
583677
%{_mandir}/man8/sss_cache.8*
583677
%dir %{_datadir}/sssd/systemtap
583677
%{_datadir}/sssd/systemtap/id_perf.stp
583677
%{_datadir}/sssd/systemtap/nested_group_perf.stp
583677
%{_datadir}/sssd/systemtap/dp_request.stp
213fc2
%{_datadir}/sssd/systemtap/ldap_perf.stp
583677
%dir %{_datadir}/systemtap
583677
%dir %{_datadir}/systemtap/tapset
583677
%{_datadir}/systemtap/tapset/sssd.stp
583677
%{_datadir}/systemtap/tapset/sssd_functions.stp
583677
%{_mandir}/man5/sssd-systemtap.5*
583677
583677
%if (0%{?install_pcscd_polkit_rule} == 1)
583677
%files polkit-rules
583677
%{_datadir}/polkit-1/rules.d/*
583677
%endif
583677
583677
%files ldap -f sssd_ldap.lang
583677
%defattr(-,root,root,-)
583677
%license COPYING
583677
%{_libdir}/%{name}/libsss_ldap.so
583677
%{_mandir}/man5/sssd-ldap.5*
213fc2
%{_mandir}/man5/sssd-ldap-attributes.5*
583677
583677
%files krb5-common
583677
%defattr(-,root,root,-)
583677
%license COPYING
583677
%attr(755,sssd,sssd) %dir %{pubconfpath}/krb5.include.d
583677
%attr(4750,root,sssd) %{_libexecdir}/%{servicename}/ldap_child
583677
%attr(4750,root,sssd) %{_libexecdir}/%{servicename}/krb5_child
583677
583677
%files krb5 -f sssd_krb5.lang
583677
%defattr(-,root,root,-)
583677
%license COPYING
583677
%{_libdir}/%{name}/libsss_krb5.so
583677
%{_mandir}/man5/sssd-krb5.5*
583677
583677
%files common-pac
583677
%defattr(-,root,root,-)
583677
%license COPYING
583677
%{_libexecdir}/%{servicename}/sssd_pac
583677
583677
%files ipa -f sssd_ipa.lang
583677
%defattr(-,root,root,-)
583677
%license COPYING
583677
%attr(700,sssd,sssd) %dir %{keytabdir}
583677
%{_libdir}/%{name}/libsss_ipa.so
583677
%attr(4750,root,sssd) %{_libexecdir}/%{servicename}/selinux_child
583677
%{_mandir}/man5/sssd-ipa.5*
583677
583677
%files ad -f sssd_ad.lang
583677
%defattr(-,root,root,-)
583677
%license COPYING
583677
%{_libdir}/%{name}/libsss_ad.so
583677
%{_libexecdir}/%{servicename}/gpo_child
583677
%{_mandir}/man5/sssd-ad.5*
583677
583677
%files proxy
583677
%defattr(-,root,root,-)
583677
%license COPYING
583677
%attr(4750,root,sssd) %{_libexecdir}/%{servicename}/proxy_child
583677
%{_libdir}/%{name}/libsss_proxy.so
583677
583677
%files dbus -f sssd_dbus.lang
583677
%defattr(-,root,root,-)
583677
%license COPYING
583677
%{_libexecdir}/%{servicename}/sssd_ifp
583677
%{_mandir}/man5/sssd-ifp.5*
583677
%{_unitdir}/sssd-ifp.service
583677
# InfoPipe DBus plumbing
583677
%{_sysconfdir}/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
583677
%{_datadir}/dbus-1/system-services/org.freedesktop.sssd.infopipe.service
583677
583677
%files -n libsss_simpleifp
583677
%defattr(-,root,root,-)
583677
%{_libdir}/libsss_simpleifp.so.*
583677
583677
%files -n libsss_simpleifp-devel
583677
%defattr(-,root,root,-)
583677
%doc sss_simpleifp_doc/html
583677
%{_includedir}/sss_sifp.h
583677
%{_includedir}/sss_sifp_dbus.h
583677
%{_libdir}/libsss_simpleifp.so
583677
%{_libdir}/pkgconfig/sss_simpleifp.pc
583677
583677
%files client -f sssd_client.lang
583677
%defattr(-,root,root,-)
583677
%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
583677
%{_libdir}/libnss_sss.so.2
583677
%{_libdir}/security/pam_sss.so
583677
%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so
583677
%{_libdir}/krb5/plugins/authdata/sssd_pac_plugin.so
583677
%dir %{_libdir}/cifs-utils
583677
%{_libdir}/cifs-utils/cifs_idmap_sss.so
583677
%dir %{_sysconfdir}/cifs-utils
583677
%ghost %{_sysconfdir}/cifs-utils/idmap-plugin
583677
%dir %{_libdir}/%{name}
583677
%dir %{_libdir}/%{name}/modules
583677
%{_libdir}/%{name}/modules/sssd_krb5_localauth_plugin.so
583677
%{_mandir}/man8/pam_sss.8*
583677
%{_mandir}/man8/sssd_krb5_locator_plugin.8*
583677
583677
%files -n libsss_sudo
583677
%defattr(-,root,root,-)
583677
%license src/sss_client/COPYING
583677
%{_libdir}/libsss_sudo.so*
583677
583677
%files -n libsss_autofs
583677
%defattr(-,root,root,-)
583677
%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
583677
%dir %{_libdir}/%{name}/modules
583677
%{_libdir}/%{name}/modules/libsss_autofs.so
583677
583677
%files tools -f sssd_tools.lang
583677
%defattr(-,root,root,-)
583677
%license COPYING
583677
%{_sbindir}/sss_obfuscate
583677
%{_sbindir}/sss_override
583677
%{_sbindir}/sss_debuglevel
583677
%{_sbindir}/sss_seed
583677
%{_sbindir}/sssctl
583677
%{_mandir}/man8/sss_obfuscate.8*
583677
%{_mandir}/man8/sss_override.8*
583677
%{_mandir}/man8/sss_debuglevel.8*
583677
%{_mandir}/man8/sss_seed.8*
583677
%{_mandir}/man8/sssctl.8*
583677
583677
%files -n python3-sssdconfig -f python3_sssdconfig.lang
583677
%defattr(-,root,root,-)
583677
%dir %{python3_sitelib}/SSSDConfig
583677
%{python3_sitelib}/SSSDConfig/*.py*
583677
%dir %{python3_sitelib}/SSSDConfig/__pycache__
583677
%{python3_sitelib}/SSSDConfig/__pycache__/*.py*
8aada9
%dir %{_datadir}/sssd
8aada9
%{_datadir}/sssd/sssd.api.conf
8aada9
%{_datadir}/sssd/sssd.api.d
583677
583677
%files -n python3-sss
583677
%defattr(-,root,root,-)
583677
%{python3_sitearch}/pysss.so
583677
583677
%files -n python3-sss-murmur
583677
%defattr(-,root,root,-)
583677
%{python3_sitearch}/pysss_murmur.so
583677
583677
%files -n libsss_idmap
583677
%defattr(-,root,root,-)
583677
%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
583677
%{_libdir}/libsss_idmap.so.*
583677
583677
%files -n libsss_idmap-devel
583677
%defattr(-,root,root,-)
583677
%doc idmap_doc/html
583677
%{_includedir}/sss_idmap.h
583677
%{_libdir}/libsss_idmap.so
583677
%{_libdir}/pkgconfig/sss_idmap.pc
583677
583677
%files -n libipa_hbac
583677
%defattr(-,root,root,-)
583677
%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
583677
%{_libdir}/libipa_hbac.so.*
583677
583677
%files -n libipa_hbac-devel
583677
%defattr(-,root,root,-)
583677
%doc hbac_doc/html
583677
%{_includedir}/ipa_hbac.h
583677
%{_libdir}/libipa_hbac.so
583677
%{_libdir}/pkgconfig/ipa_hbac.pc
583677
583677
%files -n libsss_nss_idmap
583677
%defattr(-,root,root,-)
583677
%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
583677
%{_libdir}/libsss_nss_idmap.so.*
583677
583677
%files -n libsss_nss_idmap-devel
583677
%defattr(-,root,root,-)
583677
%doc nss_idmap_doc/html
583677
%{_includedir}/sss_nss_idmap.h
583677
%{_libdir}/libsss_nss_idmap.so
583677
%{_libdir}/pkgconfig/sss_nss_idmap.pc
583677
583677
%files -n python3-libsss_nss_idmap
583677
%defattr(-,root,root,-)
583677
%{python3_sitearch}/pysss_nss_idmap.so
583677
583677
%files -n python3-libipa_hbac
583677
%defattr(-,root,root,-)
583677
%{python3_sitearch}/pyhbac.so
583677
583677
%files libwbclient
583677
%defattr(-,root,root,-)
583677
%dir %{_libdir}/%{name}
583677
%dir %{_libdir}/%{name}/modules
583677
%{_libdir}/%{name}/modules/libwbclient.so.*
583677
583677
%files libwbclient-devel
583677
%defattr(-,root,root,-)
583677
%{_includedir}/wbclient_sssd.h
583677
%{_libdir}/%{name}/modules/libwbclient.so
583677
%{_libdir}/pkgconfig/wbclient_sssd.pc
583677
583677
%files winbind-idmap -f sssd_winbind_idmap.lang
583677
%dir %{_libdir}/samba/idmap
583677
%{_libdir}/samba/idmap/sss.so
583677
%{_mandir}/man8/idmap_sss.8*
583677
583677
%files nfs-idmap -f sssd_nfs_idmap.lang
583677
%{_mandir}/man5/sss_rpcidmapd.5*
583677
%{_libdir}/libnfsidmap/sss.so
583677
583677
%files -n libsss_certmap -f libsss_certmap.lang
583677
%defattr(-,root,root,-)
583677
%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
583677
%{_libdir}/libsss_certmap.so.*
583677
%{_mandir}/man5/sss-certmap.5*
583677
583677
%files -n libsss_certmap-devel
583677
%defattr(-,root,root,-)
583677
%doc certmap_doc/html
583677
%{_includedir}/sss_certmap.h
583677
%{_libdir}/libsss_certmap.so
583677
%{_libdir}/pkgconfig/sss_certmap.pc
583677
583677
%files kcm -f sssd_kcm.lang
583677
%{_libexecdir}/%{servicename}/sssd_kcm
583677
%config(noreplace) %{_sysconfdir}/krb5.conf.d/kcm_default_ccache
583677
%dir %{_datadir}/sssd-kcm
583677
%{_datadir}/sssd-kcm/kcm_default_ccache
583677
%{_unitdir}/sssd-kcm.socket
583677
%{_unitdir}/sssd-kcm.service
583677
%{_mandir}/man8/sssd-kcm.8*
583677
%{_libdir}/%{name}/libsss_secrets.so
583677
583677
%pre ipa
583677
getent group sssd >/dev/null || groupadd -r sssd
583677
getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssd
583677
583677
%pre krb5-common
583677
getent group sssd >/dev/null || groupadd -r sssd
583677
getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssd
583677
583677
%pre common
583677
getent group sssd >/dev/null || groupadd -r sssd
583677
getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssd
583677
583677
%pre proxy
583677
getent group sssd >/dev/null || groupadd -r sssd
583677
getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssd
583677
583677
%post common
583677
%systemd_post sssd.service
583677
%systemd_post sssd-autofs.socket
583677
%systemd_post sssd-nss.socket
583677
%systemd_post sssd-pac.socket
583677
%systemd_post sssd-pam.socket
583677
%systemd_post sssd-pam-priv.socket
583677
%systemd_post sssd-ssh.socket
583677
%systemd_post sssd-sudo.socket
583677
583677
%preun common
583677
%systemd_preun sssd.service
583677
%systemd_preun sssd-autofs.socket
583677
%systemd_preun sssd-nss.socket
583677
%systemd_preun sssd-pac.socket
583677
%systemd_preun sssd-pam.socket
583677
%systemd_preun sssd-pam-priv.socket
583677
%systemd_preun sssd-ssh.socket
583677
%systemd_preun sssd-sudo.socket
583677
583677
%postun common
583677
%systemd_postun_with_restart sssd-autofs.socket
583677
%systemd_postun_with_restart sssd-autofs.service
583677
%systemd_postun_with_restart sssd-nss.socket
583677
%systemd_postun_with_restart sssd-nss.service
583677
%systemd_postun_with_restart sssd-pac.socket
583677
%systemd_postun_with_restart sssd-pac.service
583677
%systemd_postun_with_restart sssd-pam.socket
583677
%systemd_postun_with_restart sssd-pam-priv.socket
583677
%systemd_postun_with_restart sssd-pam.service
583677
%systemd_postun_with_restart sssd-ssh.socket
583677
%systemd_postun_with_restart sssd-ssh.service
583677
%systemd_postun_with_restart sssd-sudo.socket
583677
%systemd_postun_with_restart sssd-sudo.service
583677
583677
%post dbus
583677
%systemd_post sssd-ifp.service
583677
583677
%preun dbus
583677
%systemd_preun sssd-ifp.service
583677
583677
%postun dbus
583677
%systemd_postun_with_restart sssd-ifp.service
583677
583677
%post kcm
583677
%systemd_post sssd-kcm.socket
583677
583677
%preun kcm
583677
%systemd_preun sssd-kcm.socket
583677
583677
%postun kcm
583677
%systemd_postun_with_restart sssd-kcm.socket
583677
%systemd_postun_with_restart sssd-kcm.service
583677
583677
%post client
583677
/sbin/ldconfig
583677
/usr/sbin/alternatives --install /etc/cifs-utils/idmap-plugin cifs-idmap-plugin %{_libdir}/cifs-utils/cifs_idmap_sss.so 20
583677
583677
%preun client
583677
if [ $1 -eq 0 ] ; then
583677
        /usr/sbin/alternatives --remove cifs-idmap-plugin %{_libdir}/cifs-utils/cifs_idmap_sss.so
583677
fi
583677
583677
%postun client -p /sbin/ldconfig
583677
583677
%post -n libsss_sudo -p /sbin/ldconfig
583677
583677
%postun -n libsss_sudo -p /sbin/ldconfig
583677
583677
%post -n libipa_hbac -p /sbin/ldconfig
583677
583677
%postun -n libipa_hbac -p /sbin/ldconfig
583677
583677
%post -n libsss_idmap -p /sbin/ldconfig
583677
583677
%postun -n libsss_idmap -p /sbin/ldconfig
583677
583677
%post -n libsss_nss_idmap -p /sbin/ldconfig
583677
583677
%postun -n libsss_nss_idmap -p /sbin/ldconfig
583677
583677
%post -n libsss_simpleifp -p /sbin/ldconfig
583677
583677
%postun -n libsss_simpleifp -p /sbin/ldconfig
583677
583677
%post -n libsss_certmap -p /sbin/ldconfig
583677
583677
%postun -n libsss_certmap -p /sbin/ldconfig
583677
583677
%posttrans common
583677
%systemd_postun_with_restart sssd.service
583677
583677
%posttrans libwbclient
583677
%{_sbindir}/update-alternatives \
583677
    --install %{_libdir}/libwbclient.so.%{libwbc_alternatives_version} \
583677
              libwbclient.so.%{libwbc_alternatives_version}%{libwbc_alternatives_suffix} \
583677
              %{_libdir}/%{name}/modules/libwbclient.so.%{libwbc_lib_version} 5
583677
/sbin/ldconfig
583677
583677
%preun libwbclient
583677
%{_sbindir}/update-alternatives \
583677
    --remove libwbclient.so.%{libwbc_alternatives_version}%{libwbc_alternatives_suffix} \
583677
             %{_libdir}/%{name}/modules/libwbclient.so.%{libwbc_lib_version}
583677
/sbin/ldconfig
583677
583677
%posttrans libwbclient-devel
583677
%{_sbindir}/update-alternatives --install %{_libdir}/libwbclient.so \
583677
                                libwbclient.so%{libwbc_alternatives_suffix} \
583677
                                %{_libdir}/%{name}/modules/libwbclient.so 5
583677
583677
%preun libwbclient-devel
583677
%{_sbindir}/update-alternatives --remove \
583677
                                libwbclient.so%{libwbc_alternatives_suffix} \
583677
                                %{_libdir}/%{name}/modules/libwbclient.so
583677
583677
%changelog
2e3f64
* Thu Nov 12 2020 Alexey Tikhonov <atikhono@redhat.com> - 2.4.0-2
2e3f64
- This is to bump version to allow rebuild against rebased libldb.
2e3f64
2e3f64
* Fri Oct 23 2020 Alexey Tikhonov <atikhono@redhat.com> - 2.4.0-1
2e3f64
- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4
2e3f64
- Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI
2e3f64
- Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search()
2e3f64
- Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording
2e3f64
- Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x
2e3f64
- Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD.
2e3f64
- Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process
2e3f64
- Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL
2e3f64
- Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase)
2e3f64
- Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page
2e3f64
- Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals"
2e3f64
- Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains
2e3f64
- Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file
2e3f64
- Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes
2e3f64
- Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level
2e3f64
- Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff
2e3f64
- Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command
2e3f64
- Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate
2e3f64
c7aae4
* Mon Sep 14 2020 Alexey Tikhonov <atikhono@redhat.com> - 2.3.0-9
c7aae4
- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied
c7aae4
57f72f
* Fri Aug 21 2020 Alexey Tikhonov <atikhono@redhat.com> - 2.3.0-8
57f72f
- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working
57f72f
- Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema
57f72f
- Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf
57f72f
- Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1
57f72f
377657
* Fri Aug 07 2020 Alexey Tikhonov <atikhono@redhat.com> - 2.3.0-7
377657
- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.
377657
- Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter
377657
0ff280
* Fri Jul 24 2020 Alexey Tikhonov <atikhono@redhat.com> - 2.3.0-6
0ff280
- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization
0ff280
0ff280
* Mon Jul 20 2020 Alexey Tikhonov <atikhono@redhat.com> - 2.3.0-5
0ff280
- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache
0ff280
- Fixed "requires/provides" rpmdiff warning
0ff280
8aada9
* Thu Jul 02 2020 Alexey Tikhonov <atikhono@redhat.com> - 2.3.0-4
8aada9
- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication
8aada9
- Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider
8aada9
- Resolves: rhbz#1803134 - Improve "unlock" time when user session already active
8aada9
8aada9
* Fri Jun 26 2020 Alexey Tikhonov <atikhono@redhat.com> - 2.3.0-3
8aada9
- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package
8aada9
- Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP
8aada9
- Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache
8aada9
- Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for
8aada9
                           inotify events, and no updates are triggered
8aada9
- Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card"
8aada9
                           on GDM login with smart-card
8aada9
- Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat
8aada9
- Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network.
8aada9
- Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management
8aada9
- Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest
8aada9
                           if LDAP entries do not contain AD forest root information
8aada9
- Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories
8aada9
                           in SSSD-AD direct integration.
8aada9
- Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card
8aada9
- Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False
8aada9
- Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma
8aada9
8aada9
* Thu Jun 11 2020 Alexey Tikhonov <atikhono@redhat.com> - 2.3.0-2
8aada9
- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.
8aada9
8aada9
* Mon Jun 08 2020 Alexey Tikhonov <atikhono@redhat.com> - 2.3.0-1
8aada9
- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3
8aada9
- Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure
8aada9
- Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working
8aada9
0d441c
* Mon Mar 16 2020 Alexey Tikhonov <atikhono@redhat.com> - 2.2.3-19
0d441c
- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard
0d441c
                           certificate EKU and perform an action based
0d441c
                           on value when generating SSH key from a certificate
0d441c
                           (additional patch)
0d441c
0d441c
* Fri Mar 13 2020 Alexey Tikhonov <atikhono@redhat.com> - 2.2.3-19
0d441c
- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user
0d441c
                           information
0d441c
0d441c
* Fri Feb 28 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-18
0d441c
- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard
0d441c
                           certificate EKU and perform an action based
0d441c
                           on value when generating SSH key from a certificate
0d441c
0d441c
* Mon Feb 24 2020 Alexey Tikhonov <atikhono@redhat.com> - 2.2.3-17
0d441c
- Resolves: rhbz#1718193 - p11_child should have an option to skip
0d441c
                           C_WaitForSlotEvent if the PKCS#11 module
0d441c
                           does not implement it properly
0d441c
0d441c
* Mon Feb 17 2020 Alexey Tikhonov <atikhono@redhat.com> - 2.2.3-16
0d441c
- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is
0d441c
                           omitted and auth_provider is krb5
0d441c
0d441c
* Wed Feb 12 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-15
0d441c
- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization
0d441c
0d441c
* Tue Jan 28 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-14
0d441c
- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be
0d441c
                           specified up to the seconds
0d441c
0d441c
* Tue Jan 28 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-13
0d441c
- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools
0d441c
0d441c
* Tue Jan 28 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-12
0d441c
* Resolves: rhbz#1794016 - sssd_be frequent crash
0d441c
0d441c
* Tue Jan 14 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-11
0d441c
* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider
0d441c
0d441c
* Tue Jan 14 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-10
0d441c
* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap
0d441c
                           connection timeout
0d441c
0d441c
* Tue Jan 14 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-9
0d441c
* Resolves: rhbz#1783190 - [abrt] [faf] sssd:
0d441c
                           raise(): /usr/libexec/sssd/sssd_autofs killed by 6
0d441c
0d441c
0d441c
* Thu Dec 19 2019 Michal Židek <mzidek@redhat.com> - 2.2.3-8
0d441c
* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect 
0d441c
0d441c
* Thu Dec 19 2019 Michal Židek <mzidek@redhat.com> - 2.2.3-7
0d441c
* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect 
0d441c
213fc2
* Sun Dec 15 2019 Michal Židek <mzidek@redhat.com> - 2.2.3-6
213fc2
* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized
213fc2
213fc2
* Sun Dec 15 2019 Michal Židek <mzidek@redhat.com> - 2.2.3-5
213fc2
* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character
213fc2
                           for match rules sss-certmap
213fc2
213fc2
* Thu Dec 12 2019 Michal Židek <mzidek@redhat.com> - 2.2.3-4
213fc2
* Resolves: rhbz#1781728 - sssctl config-check command does not give proper
213fc2
                           error messages with line numbers
213fc2
213fc2
* Mon Dec 2 2019 Michal Židek <mzidek@redhat.com> - 2.2.3-3
213fc2
* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release
213fc2
            Increasing version number to pick latest libldb
213fc2
213fc2
* Sat Nov 30 2019 Michal Židek <mzidek@redhat.com> - 2.2.3-2
213fc2
* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release
213fc2
            PART2: Fix gating issue.
213fc2
213fc2
* Sat Nov 30 2019 Michal Židek <mzidek@redhat.com> - 2.2.3-1
213fc2
* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release
213fc2
213fc2
* Thu Nov 21 2019 Michal Židek <mzidek@redhat.com> - 2.2.2-1
213fc2
* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release
213fc2
213fc2
* Wed Sep 4 2019 Michal Židek <mzidek@redhat.com> - 2.2.0-19
213fc2
- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid
213fc2
                           new ones (kcm)
213fc2
213fc2
* Sun Sep 1 2019 Michal Židek <mzidek@redhat.com> - 2.2.0-18
213fc2
- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8
213fc2
- Also sync. kcm multihost tests with master
213fc2
213fc2
* Sun Sep 1 2019 Michal Židek <mzidek@redhat.com> - 2.2.0-17
213fc2
- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome
213fc2
                           keyring
213fc2
- Also apply a patch to fix gating tests issue
213fc2
213fc2
* Sun Aug 18 2019 Michal Židek <mzidek@redhat.com> - 2.2.0-16
213fc2
- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get
213fc2
                           the IP address of the machine updated in IPA upon
213fc2
                           sssd.service startup
213fc2
213fc2
* Sun Aug 18 2019 Michal Židek <mzidek@redhat.com> - 2.2.0-15
213fc2
- Resolves: rhbz#1736265 - Smart Card auth of local user: endless
213fc2
                           loop if wrong PIN was provided
213fc2
213fc2
* Sun Aug 18 2019 Michal Židek <mzidek@redhat.com> - 2.2.0-14
213fc2
- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix"
213fc2
                           should not cause files domain entries to be
213fc2
                           qualified, this can break sudo access
213fc2
213fc2
* Sun Aug 18 2019 Michal Židek <mzidek@redhat.com> - 2.2.0-13
213fc2
- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the
213fc2
            systemd-user service in the account phase in RHEL-8 
213fc2
213fc2
* Sun Aug 18 2019 Michal Židek <mzidek@redhat.com> - 2.2.0-12
213fc2
- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets
213fc2
213fc2
* Fri Aug 9 2019 Michal Židek <mzidek@redhat.com> - 2.2.0-11
213fc2
- Resolves: rhbz#1733372 - permission denied on logs when running sssd as
213fc2
                           non-root user
213fc2
213fc2
* Fri Aug 9 2019 Michal Židek <mzidek@redhat.com> - 2.2.0-10
213fc2
- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing
213fc2
                           the trailing colon
213fc2
213fc2
* Fri Aug 9 2019 Michal Židek <mzidek@redhat.com> - 2.2.0-9
213fc2
- Resolves: rhbz#1382750 - Conflicting default timeout values
213fc2
213fc2
* Fri Aug 2 2019 Michal Židek <mzidek@redhat.com> - 2.2.0-8
213fc2
- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder
213fc2
                           repository
213fc2
                         - This just required a raise in release number
213fc2
                           and changelog for the record.
213fc2
213fc2
* Fri Aug 2 2019 Michal Židek <mzidek@redhat.com> - 2.2.0-7
213fc2
- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is
213fc2
                           not FIPS140 compliant
213fc2
213fc2
* Fri Aug 2 2019 Michal Židek <mzidek@redhat.com> - 2.2.0-6
213fc2
- Resolves: rhbz#1726945 - negative cache does not use values from
213fc2
                           'filter_users' config option for known domains
213fc2
213fc2
* Thu Jul 25 2019 Jakub Hrozek <jhrozek@redhat.com> - 2.2.0-5
213fc2
- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo
213fc2
213fc2
* Thu Jul 25 2019 Jakub Hrozek <jhrozek@redhat.com> - 2.2.0-4
213fc2
- Resolves: rhbz#1283798 - sssd failover does not work on connecting to
213fc2
                           non-responsive ldaps:// server
213fc2
213fc2
* Wed Jul  3 2019 Jakub Hrozek <jhrozek@redhat.com> - 2.2.0-3
213fc2
- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with
213fc2
                           no members
213fc2
213fc2
* Wed Jul  3 2019 Jakub Hrozek <jhrozek@redhat.com> - 2.2.0-2
213fc2
- Resolves: rhbz#1673443 - sssd man pages: The default value of
213fc2
                           "ldap_user_home_directory" is not mentioned
213fc2
                           with AD server configuration
213fc2
583677
* Fri Jun 14 2019 Michal Židek <mzidek@redhat.com> - 2.2.0-1
583677
- Resolves: rhbz#1687281
583677
  Rebase sssd in RHEL-8.1 to the latest upstream release 
583677
583677
* Wed Jun 12 2019 Michal Židek <mzidek@redhat.com> - 2.1.0-1
583677
- Resolves: rhbz#1687281
583677
  Rebase sssd in RHEL-8.1 to the latest upstream release 
583677
583677
* Thu May 30 2019 Michal Židek <mzidek@redhat.com> - 2.0.0-45
583677
- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is
583677
  done here in order to unblock gating changes before rebase.
583677
- Related: rhbz#1682305
583677
583677
* Sun Feb 10 2019 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-43
583677
- Resolves: rhbz#1672780 - gdm login not prompting for username when smart
583677
                           card maps to multiple users
583677
583677
* Fri Feb 08 2019 Michal Židek <mzidek@redhat.com> - 2.0.0-42
583677
- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part
583677
                           of gen_new to avoid a subsequent switch call
583677
                           failure
583677
583677
* Thu Feb 07 2019 Michal Židek <mzidek@redhat.com> - 2.0.0-41
583677
-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong
583677
                          subdomain service name being used
583677
583677
* Thu Feb 07 2019 Michal Židek <mzidek@redhat.com> - 2.0.0-40
583677
-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error.
583677
                          UnknownProperty: Unknown property
583677
583677
* Thu Feb 07 2019 Michal Židek <mzidek@redhat.com> - 2.0.0-39
583677
- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than
583677
                           1.x, this can result in time outs
583677
583677
* Mon Jan 14 2019 Michal Židek <mzidek@redhat.com> - 2.0.0-38
583677
- Resolves: rhbz#1578014 - sssd does not work under non-root user
583677
- Note: Actually the patches were in the 2.0.0-37, this one just adds this
583677
        changelog because it was missing.
583677
583677
* Fri Jan 11 2019 Michal Židek <mzidek@redhat.com> - 2.0.0-36
583677
- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss
583677
                           suggests using * for backend sss
583677
583677
* Fri Jan 11 2019 Michal Židek <mzidek@redhat.com> - 2.0.0-35
583677
- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist
583677
583677
* Thu Jan 10 2019 Michal Židek <mzidek@redhat.com> - 2.0.0-34
583677
- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls
583677
                           kdestroy caused by KCM returning a wrong error
583677
                           code during the delete operation
583677
583677
* Wed Jan 09 2019 Michal Židek <mzidek@redhat.com> - 2.0.0-33
583677
- Resolves: rhbz#1646113 - Missing concise documentation about valid options
583677
                           for sssd-files-provider
583677
583677
* Mon Dec 17 2018 Michal Židek <mzidek@redhat.com> - 2.0.0-32
583677
- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc
583677
            and libtevent to avoid an issue in GPO processing 
583677
583677
* Sun Dec 16 2018 Michal Židek <mzidek@redhat.com> - 2.0.0-31
583677
- Resolves: 1658813 - PKINIT with KCM does not work
583677
583677
* Sun Dec 16 2018 Michal Židek <mzidek@redhat.com> - 2.0.0-30
583677
- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to
583677
                      retrieve AD users through IPA Trust 
583677
583677
* Sun Dec 16 2018 Michal Židek <mzidek@redhat.com> - 2.0.0-29
583677
- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise():
583677
                           /usr/libexec/sssd/proxy_child killed by 6
583677
583677
* Sun Dec 16 2018 Michal Židek <mzidek@redhat.com> - 2.0.0-28
583677
- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories
583677
583677
* Tue Dec 11 2018 Michal Židek <mzidek@redhat.com> - 2.0.0-27
583677
- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work
583677
                           if ID provider is authenticated with GSSAPI
583677
583677
* Tue Dec 11 2018 Michal Židek <mzidek@redhat.com> - 2.0.0-26
583677
- Resolves: rhbz#1657980 - sssd_nss memory leak
583677
583677
* Tue Dec 11 2018 Michal Židek <mzidek@redhat.com> - 2.0.0-25
583677
- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly
583677
                           for D-bus, resulting in a crash
583677
583677
* Tue Dec 04 2018 Michal Židek <mzidek@redhat.com> - 2.0.0-24
583677
- Resolves: rhbz#1646168 - sssctl access-report always prints an error message
583677
- Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the
583677
                           configuration without having to restart the whole
583677
                           sssd
583677
- Resolves: rhbz#1640576 - sssctl reports incorrect information about local
583677
                           user's cache entry expiration time
583677
- Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user
583677
- Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys
583677
583677
* Thu Oct 25 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-23
583677
- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui
583677
                           with smart card
583677
583677
* Wed Oct 24 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-22
583677
- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA
583677
583677
* Tue Oct 16 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-21
583677
- Related: rhbz#1638150 - session not recording for local user when groups defined
583677
- Also add silence a Coverity warning, which is related to rhbz#1637131
583677
583677
* Mon Oct 15 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-20
583677
- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules
583677
583677
* Mon Oct 15 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-19
583677
- Add OSCP checks for p11_child
583677
- Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local
583677
                          users
583677
583677
* Mon Oct 15 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-18
583677
- Related: rhbz#1638006 - Files: The files provider always enumerates
583677
                          which causes duplicate when running getent passwd
583677
583677
* Thu Oct 11 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-17
583677
- Related: rhbz#1637131 - pam_unix unable to match fully qualified username
583677
                          provided by sssd during smartcard auth using gdm
583677
583677
* Thu Oct 11 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-16
583677
- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a
583677
                          PKCS#11 URI
583677
583677
* Thu Oct 11 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-15
583677
- Related: rhbz#1611011 - Support for "require smartcard for login option"
583677
583677
* Thu Oct 11 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-14
583677
- Related: rhbz#1635595 - Cant login with smartcard with multiple certs
583677
583677
* Thu Oct 11 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-13
583677
- Backport more sbus2 fixes
583677
- Related: rhbz#1623878 - crash related to sbus_router_destructor()
583677
583677
* Wed Oct 10 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-12
583677
- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD
583677
583677
* Wed Oct  3 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-11
583677
- Resolves: rhbz#1628122 - Printing incorrect information about domain
583677
                           with sssctl utility
583677
583677
* Wed Oct  3 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-10
583677
- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not
583677
                           started due to a misconfiguration
583677
583677
* Wed Oct  3 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-9
583677
- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del
583677
                           commands in man pages since local provider
583677
                           is deprecated
583677
583677
* Wed Oct  3 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-8
583677
- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function():
583677
                            /usr/libexec/sssd/sssd_be killed by 11 crash
583677
                            func _dbus_list_unlink
583677
583677
* Wed Oct  3 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-7
583677
- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it
583677
                           differs from the default
583677
583677
* Wed Sep 26 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-6
583677
- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup
583677
583677
* Tue Sep 25 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-5
583677
- Resolves: rhbz#1615590 - Do not rely on "python" for el8
583677
583677
* Tue Sep 25 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-4
583677
- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local
583677
                           users
583677
583677
* Tue Sep 11 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-3
583677
- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()
583677
583677
* Thu Aug 30 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-2
583677
- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication
583677
                           fails with the KCM ccache
583677
583677
* Mon Aug 13 2018 Fabiano Fidêncio <fidencio@redhat.com> - 2.0.0-1
583677
- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version
583677
583677
* Tue Jul 03 2018 Tomas Orsava <torsava@redhat.com> - 1.16.2-2
583677
- Switch hardcoded python3 shebangs into the %%{__python3} macro
583677
583677
* Thu Jun 14 2018 Fabiano Fidêncio <fidencio@redhat.com> - 1.16.2-1
583677
- Update to 1.16.2 release
583677
- Cleanup unused global definitions
583677
- Remove python2 references from the spec file
583677
- Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x
583677
583677
* Fri Apr 27 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-3
583677
- Resolves: upstream#3684 - A group is not updated if its member is removed
583677
                            with the cleanup task, but the group does not
583677
                            change
583677
- Resolves: upstream#3558 - sudo: report error when two rules share cn
583677
- Tone down shutdown messages for socket activated responders
583677
- IPA: Qualify the externalUser sudo attribute
583677
- Resolves: upstream#3550 - refresh_expired_interval does not work with
583677
                            netgrous in 1.15
583677
- Resolves: upstream#3402 - Support alternative sources for the files provider
583677
- Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option
583677
- Resolves: upstream#3679 - Make nss netgroup requests more robust
583677
- Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not
583677
                            configured
583677
- Resolves: upstream#3469 - extend sss-certmap man page regarding priority
583677
                            processing
583677
- Improve docs/debug message about GC detection
583677
- Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes
583677
                            list out of bound?
583677
- Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is
583677
                            set.
583677
- Document which principal does the AD provider use
583677
- Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is
583677
                            defined, but contains no SIDs
583677
- Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM
583677
- Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data
583677
                           Provider returned an error
583677
                           [org.freedesktop.sssd.Error.DataProvider.Fatal]
583677
583677
* Fri Mar 30 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-2
583677
- Resolves: upstream#3573 - sssd won't show netgroups with blank domain
583677
- Resolves: upstream#3660 - confdb_expand_app_domains() always fails
583677
- Resolves: upstream#3658 - Application domain is not interpreted correctly
583677
- Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to
583677
                            json_loads()
583677
- Resolves: upstream#3386 - KCM: Payload buffer is too small
583677
- Resolves: upstream#3666 - Fix usage of str.decode() in our tests
583677
- A few KCM misc fixes
583677
583677
* Fri Mar  9 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-1
583677
- New upstream release 1.16.1
583677
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html
583677
583677
* Tue Feb 20 2018 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-13
583677
- Resolves: upstream#3621 - backport bug found by static analyzers
583677
583677
* Wed Feb 14 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.0-12
583677
- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile
583677
                           with no specific host/hostgroup set
583677
- Resolves: upstream#3621 - FleetCommander integration must not require
583677
                            capability DAC_OVERRIDE
583677
583677
* Wed Feb 07 2018 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-11
583677
- Resolves: upstream#3618 - selinux_child segfaults in a docker container
583677
583677
* Tue Feb 06 2018 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-10
583677
- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl
583677
583677
* Thu Jan 25 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.16.0-9
583677
- Fix systemd executions/requirements
583677
583677
* Thu Jan 25 2018 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-8
583677
- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS
583677
583677
* Thu Jan 11 2018 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-7
583677
- Fix building of sssd-nfs-idmap with libnfsidmap.so.1
583677
583677
* Thu Jan 11 2018 Björn Esser <besser82@fedoraproject.org> - 1.16.0-6
583677
- Rebuilt for libnfsidmap.so.1
583677
583677
* Mon Dec 04 2017 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-5
583677
- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in
583677
                            setnetgrent_result_timeout
583677
- Resolves: upstream#3588 - sssd_nss consumes more memory until restarted
583677
                            or machine swaps
583677
- Resolves: failure in glibc tests
583677
            https://sourceware.org/bugzilla/show_bug.cgi?id=22530
583677
- Resolves: upstream#3451 - When sssd is configured with id_provider proxy and
583677
                            auth_provider ldap, login fails if the LDAP server
583677
                            is not allowing anonymous binds
583677
- Resolves: upstream#3285 - SSSD needs restart after incorrect clock is
583677
                            corrected with AD
583677
- Resolves: upstream#3586 - Give a more detailed debug and system-log message
583677
                            if krb5_init_context() failed
583677
- Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet
583677
                           in /etc/systemd/system
583677
- Backport few upstream features from 1.16.1
583677
583677
* Tue Nov 21 2017 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-4
583677
- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next
583677
583677
* Fri Nov 17 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.16.0-3
583677
- Backport extended NSS API from upstream master branch
583677
583677
* Fri Nov 03 2017 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-2
583677
- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade
583677
583677
* Fri Oct 20 2017 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-1
583677
- New upstream release 1.16.0
583677
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html
583677
583677
* Wed Oct 11 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-5
583677
- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when
583677
                           searching in local cache database access on
583677
                           the sock_file system_bus_socket
583677
583677
* Mon Sep 11 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-4
583677
- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write
583677
                           access on the sock_file system_bus_socket
583677
- Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and
583677
                           fails to download desktop profile data
583677
- Resolves: upstream#3485 - getsidbyid does not work with 1.15.3
583677
- Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients
583677
                            after applying ID Views for them in IPA server
583677
- Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id
583677
                            mapping is applied
583677
583677
* Fri Sep 01 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-3
583677
- Backport few upstream patches/fixes
583677
583677
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.15.3-2
583677
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
583677
583677
* Tue Jul 25 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-1
583677
- New upstream release 1.15.3
583677
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html
583677
583677
* Tue Jun 27 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-0.beta.5
583677
- Rebuild with libldb-1.2.0
583677
583677
* Tue Jun 27 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-0.beta.4
583677
- Fix build issues: Update expided certificate in unit tests
583677
583677
* Sat Apr 29 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-0.beta.3
583677
- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication
583677
- Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with
583677
                           file from package sssd-common-1.15.1-1.fc25.x86_64
583677
- Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4
583677
583677
* Thu Apr 06 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-0.beta.2
583677
- Fix issue with IPA + SELinux in containers
583677
- Resolves: upstream https://fedorahosted.org/sssd/ticket/3297
583677
583677
* Tue Apr 04 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-0.beta.1
583677
- Backport upstream patches for 1.15.3 pre-release
583677
- required for building freeipa-4.5.x in rawhide
583677
583677
* Thu Mar 16 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.2-1
583677
- New upstream release 1.15.2
583677
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html
583677
583677
* Mon Mar 06 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.1-1
583677
- New upstream release 1.15.1
583677
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html
583677
583677
* Wed Feb 22 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.0-4
583677
- Cherry-pick patches from upstream that enable the files provider
583677
- Enable the files domain
583677
- Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch
583677
  which is superseded by the files domain autoconfiguration
583677
- Related: rhbz#1357418 - SSSD fast cache for local users
583677
583677
* Tue Feb 14 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.0-3
583677
- Add missing %%license macro
583677
583677
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.15.0-2
583677
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
583677
583677
* Fri Jan 27 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.0-1
583677
- New upstream release 1.15.0
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0
583677
583677
* Mon Dec 19 2016 Miro Hrončok <mhroncok@redhat.com> - 1.14.2-3
583677
- Rebuild for Python 3.6
583677
583677
* Tue Dec 13 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.2-2
583677
- Resolves: rhbz#1369130 - nss_sss should not link against libpthread
583677
- Resolves: rhbz#1392916 - sssd failes to start after update
583677
- Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses
583677
                           on the directory /etc/sssd
583677
583677
* Thu Oct 20 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.2-1
583677
- New upstream release 1.14.2
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2
583677
583677
* Fri Oct 14 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.1-4
583677
- libwbclient-sssd: update interface to version 0.13
583677
583677
* Thu Sep 22 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.1-3
583677
- Fix regression with krb5_map_user
583677
- Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore
583677
- Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError:
583677
                           default if nonexistent domain is mentioned
583677
583677
* Thu Sep 01 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.1-2
583677
- Backport important patches from upstream 1.14.2 prerelease
583677
- Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after
583677
                             boot
583677
- Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14
583677
583677
* Fri Aug 19 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.1-1
583677
- New upstream release 1.14.0
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1
583677
583677
* Mon Aug 15 2016 Stephen Gallagher <sgallagh@redhat.com> - 1.14.0-5
583677
- Add workaround patch for RHBZ #1366403
583677
583677
* Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.14.0-4
583677
- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
583677
583677
* Fri Jul 08 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.0-3
583677
- New upstream release 1.14.0
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0
583677
583677
* Fri Jul 01 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.0-2.beta
583677
- New upstream release 1.14 beta
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta
583677
583677
* Tue Jun 21 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.0-1.alpha
583677
- New upstream release 1.14 alpha
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha
583677
583677
* Fri May 13 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.4-3
583677
- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element():
583677
                           sssd_ifp killed by SIGSEGV
583677
583677
* Fri Apr 22 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.4-2
583677
- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6
583677
583677
* Thu Apr 14 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.4-1
583677
- New upstream release 1.13.4
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4
583677
583677
* Tue Mar 22 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.3-6
583677
- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password
583677
                           prompts (e.g. Password + Token)
583677
- Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed
583677
                           by remote host" if locale not available
583677
583677
* Thu Feb 25 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.3-5
583677
- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA
583677
                           groups during getgrnam and getgrgid
583677
- Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses
583677
                           in call to 'print'
583677
583677
* Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.13.3-4
583677
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
583677
583677
* Wed Jan 20 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.3-3
583677
- Additional upstream fixes
583677
583677
* Tue Jan 19 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.3-2
583677
- Resolves: rhbz#1256849 - SUDO: Support the IPA schema
583677
583677
* Wed Dec 16 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.3-1
583677
- New upstream release 1.13.3
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3
583677
583677
* Fri Nov 20 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.2-1
583677
- New upstream release 1.13.2
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2
583677
583677
* Fri Nov 06 2015 Robert Kuska <rkuska@redhat.com> - 1.13.1-5
583677
- Rebuilt for Python3.5 rebuild
583677
583677
* Tue Oct 27 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.1-4
583677
- Fix building pac responder with the krb5-1.14
583677
583677
* Mon Oct 19 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.1-3
583677
- python-sssdconfig: Fix parssing sssd.conf without config_file_version
583677
- Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed
583677
583677
* Wed Oct 07 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.1-2
583677
- Fix few segfaults
583677
- Resolves: upstream #2811 - PAM responder crashed if user was not set
583677
- Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step
583677
583677
* Thu Oct 01 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.1-1
583677
- New upstream release 1.13.1
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1
583677
583677
* Thu Sep 10 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.0-6
583677
- Fix OTP bug
583677
- Resolves: upstream #2729 - Do not send SSS_OTP if both factors were
583677
                             entered separately
583677
583677
* Mon Sep 07 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.0-5
583677
- Backport upstream patches required by FreeIPA 4.2.1
583677
583677
* Tue Jul 21 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.0-4
583677
- Fix ipa-migration bug
583677
- Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled
583677
                             migration mode
583677
583677
* Wed Jul 08 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.0-3
583677
- New upstream release 1.13.0
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0
583677
583677
* Tue Jun 30 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.0-2.alpha
583677
- Unify return type of list_active_domains for python{2,3}
583677
583677
* Mon Jun 22 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.0-1.alpha
583677
- New upstream release 1.13 alpha
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha
583677
583677
* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.12.5-4
583677
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
583677
583677
* Fri Jun 12 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.5-3
583677
- Fix libwbclient alternatives
583677
583677
* Fri Jun 12 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.5-2
583677
- Backport important patches from upstream 1.13 prerelease
583677
583677
* Fri Jun 12 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.5-1
583677
- New upstream release 1.12.5
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5
583677
583677
* Fri May 08 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.4-8
583677
- Backport important patches from upstream 1.13 prerelease
583677
- Resolves: rhbz#1060325 - Does sssd-ad use the most suitable
583677
                           attribute for group name
583677
- Resolves: upstream #2335 - Investigate using the krb5 responder
583677
                             for driving the PAM conversation with OTPs
583677
- Enable cmocka tests for secondary architectures
583677
583677
* Fri May 08 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.4-7
583677
- Backport patches from upstream 1.12.5 prerelease - contains many fixes
583677
583677
* Wed Apr 15 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.4-6
583677
- Fix slow login with ipa and SELinux
583677
- Resolves: upstream #2624 - Only set the selinux context if the context
583677
                             differs from the local one
583677
583677
* Mon Mar 23 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.4-5
583677
- Fix regressions with ipa and SELinux
583677
- Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security
583677
                             context on client is staff_u
583677
583677
* Fri Mar  6 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.12.4-4
583677
- Also relax libldb Requires
583677
- Remove --enable-ldb-version-check
583677
583677
* Fri Mar  6 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.12.4-3
583677
- Relax libldb BuildRequires to be greater-or-equal
583677
583677
* Wed Feb 25 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.4-2
583677
- Add support for python3 bindings
583677
- Add requirement to python3 or python3 bindings
583677
- Resolves: rhbz#1014594 - sssd: Support Python 3
583677
583677
* Wed Feb 18 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.4-1
583677
- New upstream release 1.12.4
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4
583677
583677
* Sat Feb 14 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.3-7
583677
- Backport patches with Python3 support from upstream
583677
583677
* Thu Feb 12 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.3-6
583677
- Fix double free in monitor
583677
- Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort():
583677
                        sssd killed by SIGABRT
583677
583677
* Wed Jan 28 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.12.3-5
583677
- Rebuild for new libldb
583677
583677
* Thu Jan 22 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.3-4
583677
- Decrease priority of sssd-libwbclient 20 -> 5
583677
- It should be lower than priority of samba veriosn of libwbclient.
583677
- https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18
583677
583677
* Mon Jan 19 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.3-3
583677
- Apply a number of patches from upstream to fix issues found 1.12.3
583677
- Resolves: rhbz#1176373 - dyndns_iface does not accept multiple
583677
                           interfaces, or isn't documented to be able to
583677
- Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is
583677
                          not running
583677
- Resolves: upstream #2557  authentication failure with user from AD
583677
583677
* Fri Jan 09 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.3-2
583677
- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus
583677
- Resolves: rhbz#1179379 - gzip: stdin: file size changed while
583677
                           zipping when rotating logfile
583677
583677
* Thu Jan 08 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.3-1
583677
- New upstream release 1.12.3
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3
583677
- Fix spelling errors in description (fedpkg lint)
583677
583677
* Tue Jan  6 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.2-8
583677
- Rebuild for libldb 1.1.19
583677
583677
* Fri Dec 19 2014 Sumit Bose <sbose@redhat.com> - 1.12.2-7
583677
- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes
583677
                           crash in wbinfo
583677
                           - in addition to the patch libwbclient.so is
583677
                             filtered out of the Provides list of the package
583677
583677
* Wed Dec 17 2014 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.2-6
583677
- Fix regressions and bugs in sssd upstream 1.12.2
583677
- https://fedorahosted.org/sssd/ticket/{id}
583677
- Regressions: #2471, #2475, #2483, #2487, #2529, #2535
583677
- Bugs: #2287, #2445
583677
583677
* Sun Dec  7 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-5
583677
- Rebuild for libldb 1.1.18
583677
583677
* Wed Nov 26 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-4
583677
- Fix typo in libwbclient-devel %%preun
583677
583677
* Tue Nov 25 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-3
583677
- Use alternatives for libwbclient
583677
583677
* Wed Oct 22 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-2
583677
- Backport several patches from upstream.
583677
- Fix a potential crash against old (pre-4.0) IPA servers
583677
583677
* Mon Oct 20 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-1
583677
- New upstream release 1.12.2
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2
583677
583677
* Mon Sep 15 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.1-2
583677
- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user
583677
                           private group from server
583677
583677
* Mon Sep  8 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.1-1
583677
- New upstream release 1.12.1
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1
583677
583677
* Fri Aug 22 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.0-7
583677
- Do not crash on resolving a group SID in IPA server mode
583677
583677
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.12.0-6
583677
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
583677
583677
* Thu Jul 10 2014 Stephen Gallagher <sgallagh@redhat.com> 1.12.0-5
583677
- Fix release version for upgrades
583677
583677
* Wed Jul 09 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.0-1
583677
- New upstream release 1.12.0
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0
583677
583677
* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.12.0-4.beta2
583677
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
583677
583677
* Wed Jun 04 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.0-1.beta2
583677
- New upstream release 1.12 beta2
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2
583677
583677
* Mon Jun 02 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.0-2.beta1
583677
- Fix tests on big-endian
583677
- Fix previous changelog entry
583677
583677
* Fri May 30 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.0-1.beta1
583677
- New upstream release 1.12 beta1
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1
583677
583677
* Thu May 29 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.5.1-4
583677
- Rebuild against new ding-libs
583677
583677
* Thu May 08 2014 Stephen Gallagher <sgallagh@redhat.com> - 1.11.5.1-3
583677
- Make LDB dependency a strict equivalency
583677
583677
* Thu May 08 2014 Stephen Gallagher <sgallagh@redhat.com> - 1.11.5.1-2
583677
- Rebuild against new libldb
583677
583677
* Fri Apr 11 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.5.1-1
583677
- New upstream release 1.11.5.1
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1
583677
583677
* Thu Apr 10 2014 Stephen Gallagher <sgallagh@redhat.com> 1.11.5-2
583677
- Fix bug in generation of systemd unit file
583677
583677
* Tue Apr 08 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.5-1
583677
- New upstream release 1.11.5
583677
- Remove upstreamed patch
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5
583677
583677
* Thu Mar 13 2014 Sumit Bose <sbose@redhat.com> - 1.11.4-3
583677
- Handle new error code for IPA password migration
583677
583677
* Tue Mar 11 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.4-2
583677
- Include couple of patches from upstream 1.11 branch
583677
583677
* Mon Feb 17 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.4-1
583677
- New upstream release 1.11.4
583677
- Remove upstreamed patch
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4
583677
583677
* Tue Feb 11 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.3-2
583677
- Handle OTP response from FreeIPA server gracefully
583677
583677
* Wed Oct 30 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.3-1
583677
- New upstream release 1.11.3
583677
- Remove upstreamed patches
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3
583677
583677
* Wed Oct 30 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-1
583677
- New upstream release 1.11.2
583677
- Remove upstreamed patches
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2
583677
583677
* Wed Oct 16 2013 Sumit Bose <sbose@redhat.com> - 1.11.1-5
583677
- Fix potential crash with external groups in trusted IPA-AD setup
583677
583677
* Mon Oct 14 2013 Sumit Bose <sbose@redhat.com> - 1.11.1-4
583677
- Add plugin for cifs-utils
583677
- Resolves: rhbz#998544
583677
583677
* Tue Oct 08 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.1-3
583677
- Fix failover from Global Catalog to LDAP in case GC is not available
583677
583677
* Fri Oct 04 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.1-2
583677
- Remove the ability to create public ccachedir (#1015089)
583677
583677
* Fri Sep 27 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.1-1
583677
- New upstream release 1.11.1
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1
583677
583677
* Thu Sep 26 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0-3
583677
- Fix multicast checks in the SSSD
583677
- Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source
583677
                           code getting the host info
583677
583677
* Wed Aug 28 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0-2
583677
- Backport simplification of ccache management from 1.11.1
583677
- Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login
583677
583677
* Wed Aug 28 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0-1
583677
- New upstream release 1.11.0
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0
583677
583677
* Fri Aug 23 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0-0.4.beta2
583677
- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid:
583677
                      Process /usr/libexec/sssd/sssd_nss was killed by
583677
                      signal 11 (SIGSEGV)
583677
- Resolves: #996214 - sssd proxy_child segfault
583677
583677
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.11.0-0.3.beta2
583677
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
583677
583677
* Wed Jul 31 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0.2beta2
583677
- Resolves: #906427 - Do not use %%{_lib} in specfile for the nss and
583677
                      pam libraries
583677
583677
* Wed Jul 24 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0.1beta2
583677
- New upstream release 1.11 beta 2
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2
583677
583677
* Thu Jul 18 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.1-1
583677
- New upstream release 1.10.1
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1
583677
583677
* Mon Jul 08 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-17
583677
- sssd-tools should require sssd-common, not sssd
583677
583677
* Tue Jul 02 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.10.0-16
583677
- Move sssd_pac to the sssd-ipa and sssd-ad subpackages
583677
- Trim out RHEL5-specific macros since we don't build on RHEL 5
583677
- Trim out macros for Fedora older than F18
583677
- Update libldb requirement to 1.1.16
583677
- Trim RPM changelog down to the last year
583677
583677
* Tue Jul 02 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.10.0-15
583677
- Move sssd_pac to the sssd-krb5 subpackage
583677
583677
* Mon Jul 01 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.10.0-14
583677
- Fix Obsoletes: to account for dist tag
583677
- Convert post and pre scripts to run on the sssd-common subpackage
583677
- Remove old conversion from SYSV
583677
583677
* Thu Jun 27 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-13
583677
- New upstream release 1.10
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0
583677
583677
* Mon Jun 17 2013 Dan Horák <dan[at]danny.cz> - 1.10.0-12.beta2
583677
- the cmocka toolkit exists only on selected arches
583677
583677
* Sun Jun 16 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-11.beta2
583677
- Apply a number of patches from upstream to fix issues found post-beta,
583677
  in particular:
583677
  -- segfault with a high DEBUG level
583677
  -- Fix IPA password migration (upstream #1873)
583677
  -- Fix fail over when retrying SRV resolution (upstream #1886)
583677
583677
* Thu Jun 13 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-10.beta2
583677
- Only BuildRequire libcmocka on Fedora
583677
583677
* Thu Jun 13 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-9.beta2
583677
- Fix typo in Requires that prevented an upgrade (#973916)
583677
- Use a hardcoded version in Conflicts, not less-than-current
583677
583677
* Wed Jun 12 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-8.beta1
583677
- Enable hardened build for RHEL7
583677
583677
* Wed Jun 12 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-8.beta2
583677
- New upstream release 1.10 beta2
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2
583677
- BuildRequire libcmocka-devel in order to run all upstream tests during build
583677
- BuildRequire libnl3 instead of libnl1
583677
- No longer BuildRequire initscripts, we no longer use /sbin/service
583677
- Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any
583677
  older krb5-libs version
583677
583677
* Fri May 24 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-7.beta1
583677
- Apply a couple of patches from upstream git that resolve crashes when
583677
  ID mapping object was not initialized properly but needed later
583677
583677
* Tue May 14 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-6.beta1
583677
- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during
583677
                          realm join
583677
- Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by
583677
                          default for AD Provider
583677
- Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file
583677
                          parent directory when logging in
583677
583677
* Tue May  7 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-5.beta1
583677
- BuildRequire recent libini_config to ensure consistent behaviour
583677
583677
* Tue May  7 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-4.beta1
583677
- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug
583677
  in ding-libs
583677
- Fix SSH integration with fully-qualified domains
583677
- Add the ability to dynamically discover the NetBIOS name
583677
583677
* Fri May  3 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-3.beta1
583677
- New upstream release 1.10 beta1
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1
583677
583677
* Wed Apr 17 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-2.alpha1
583677
- Add a patch to fix krb5 ccache creation issue with krb5 1.11
583677
583677
* Tue Apr  2 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-1.alpha1
583677
- New upstream release 1.10 alpha1
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1
583677
583677
* Fri Mar 29 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.5-10
583677
- Add a patch to fix krb5 unit tests
583677
583677
* Fri Mar 01 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.9.4-9
583677
- Split internal helper libraries into a shared object
583677
- Significantly reduce disk-space usage
583677
583677
* Thu Feb 14 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-8
583677
- Fix the Kerberos password expiration warning (#912223)
583677
583677
* Thu Feb 14 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-7
583677
- Do not write out dots in the domain-realm mapping file (#905650)
583677
583677
* Mon Feb 11 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-6
583677
- Include upstream patch to build with krb5-1.11
583677
583677
* Thu Feb 07 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-5
583677
- Rebuild against new libldb
583677
583677
* Mon Feb 04 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-4
583677
- Fix build with new automake versions
583677
583677
* Wed Jan 30 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-3
583677
- Recreate Kerberos ccache directory if it's missing
583677
- Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache
583677
                          directory /run/user/UID/ccdir does not exist
583677
583677
* Tue Jan 29 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-2
583677
- Fix changelog dates to make F19 rpmbuild happy
583677
583677
* Mon Jan 28 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-1
583677
- New upstream release 1.9.4
583677
583677
* Thu Dec 06 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.3-1
583677
- New upstream release 1.9.3
583677
583677
* Tue Oct 30 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-5
583677
- Resolve groups from AD correctly
583677
583677
* Tue Oct 30 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-4
583677
- Check the validity of naming context
583677
583677
* Thu Oct 18 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-3
583677
- Move the sss_cache tool to the main package
583677
583677
* Sun Oct 14 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-2
583677
- Include the 1.9.2 tarball
583677
583677
* Sun Oct 14 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-1
583677
- New upstream release 1.9.2
583677
583677
* Sun Oct 07 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.1-1
583677
- New upstream release 1.9.1
583677
583677
* Wed Oct 03 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-24
583677
- require the latest libldb
583677
583677
* Tue Sep 25 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-24
583677
- Use mcpath insted of mcachepath macro to be consistent with
583677
  upsteam spec file
583677
583677
* Tue Sep 25 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-23
583677
- New upstream release 1.9.0
583677
583677
* Fri Sep 14 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-22.rc1
583677
- New upstream release 1.9.0 rc1
583677
583677
* Thu Sep 06 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-21.beta7
583677
- New upstream release 1.9.0 beta7
583677
- obsoletes patches #1-#3
583677
583677
* Mon Sep 03 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-20.beta6
583677
- Rebuild against libldb 1.12
583677
583677
* Tue Aug 28 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-19.beta6
583677
- Rebuild against libldb 1.11
583677
583677
* Fri Aug 24 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-18.beta6
583677
- Change the default ccache location to DIR:/run/user/${UID}/krb5cc
583677
  and patch man page accordingly
583677
- Resolves: rhbz#851304
583677
583677
* Mon Aug 20 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-17.beta6
583677
- Rebuild against libldb 1.10
583677
583677
* Fri Aug 17 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-16.beta6
583677
- Only create the SELinux login file if there are SELinux mappings on
583677
  the IPA server
583677
583677
* Fri Aug 10 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-14.beta6
583677
- Don't discard HBAC rule processing result if SELinux is on
583677
  Resolves: rhbz#846792 (CVE-2012-3462)
583677
583677
* Thu Aug 02 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-13.beta6
583677
- New upstream release 1.9.0 beta 6
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6
583677
- A new option, override_shell was added. If this option is set, all users
583677
  managed by SSSD will have their shell set to its value.
583677
- Fixes for the support for setting default SELinux user context from FreeIPA.
583677
- Fixed a regression introduced in beta 5 that broke LDAP SASL binds
583677
- The SSSD supports the concept of a Primary Server and a Back Up Server in
583677
  failover
583677
- A new command-line tool sss_seed is available to help prime the cache with
583677
  a user record when deploying a new machine
583677
- SSSD is now able to discover and save the domain-realm mappings
583677
  between an IPA server and a trusted Active Directory server.
583677
- Packaging changes to fix ldconfig usage in subpackages (#843995)
583677
- Rebuild against libldb 1.1.9
583677
583677
* Fri Jul 27 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.9.0-13.beta5
583677
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
583677
583677
* Thu Jul 19 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-12.beta5
583677
- New upstream release 1.9.0 beta 5
583677
- Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5
583677
- Many fixes for the support for setting default SELinux user context from
583677
  FreeIPA, most notably fixed the specificity evaluation
583677
- Fixed an incorrect default in the krb5_canonicalize option of the AD
583677
  provider which was preventing password change operation
583677
- The shadowLastChange attribute value is now correctly updated with the
583677
  number of days since the Epoch, not seconds
583677
583677
* Mon Jul 16 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-11.beta4
583677
- Fix broken ARM build
583677
- Add missing DP_OPTION_TERMINATOR in AD provider options
583677
583677
* Wed Jul 11 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-10.beta4
583677
- Own several directories create during make install (#839782)
583677
583677
* Wed Jul 11 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-9.beta4
583677
- New upstream release 1.9.0 beta 4
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4
583677
- Add a new AD provider to improve integration with Active Directory 2008 R2
583677
  or later servers
583677
- SUDO integration was completely rewritten. The new implementation works
583677
  with multiple domains and uses an improved refresh mechanism to download
583677
  only the necessary rules
583677
- The IPA authentication provider now supports subdomains
583677
- Fixed regression for setups that were setting default_tkt_enctypes
583677
  manually by reverting a previous workaround.
583677
583677
* Mon Jun 25 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-8.beta3
583677
- New upstream release 1.9.0 beta 3
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3
583677
- Add a new PAC responder for dealing with cross-realm Kerberos trusts
583677
- Terminate idle connections to the NSS and PAM responders
583677
583677
* Wed Jun 20 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-7.beta2
583677
- Switch unicode library from libunistring to Glib
583677
- Drop unnecessary explicit Requires on keyutils
583677
- Guarantee that versioned Requires include the correct architecture
583677
583677
* Mon Jun 18 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-6.beta2
583677
- Fix accidental disabling of the DIR cache support
583677
583677
* Fri Jun 15 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-5.beta2
583677
- New upstream release 1.9.0 beta 2
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2
583677
- Add support for the Kerberos DIR cache for storing multiple TGTs
583677
  automatically
583677
- Major performance enhancement when storing large groups in the cache
583677
- Major performance enhancement when performing initgroups() against Active
583677
  Directory
583677
- SSSDConfig data file default locations can now be set during configure for
583677
  easier packaging
583677
583677
* Tue May 29 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-4.beta1
583677
- Fix regression in endianness patch
583677
583677
* Tue May 29 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-3.beta1
583677
- Rebuild SSSD against ding-libs 0.3.0beta1
583677
- Fix endianness bug in service map protocol
583677
583677
* Thu May 24 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-2.beta1
583677
- Fix several regressions since 1.5.x
583677
- Ensure that the RPM creates the /var/lib/sss/mc directory
583677
- Add support for Netscape password warning expiration control
583677
- Rebuild against libldb 1.1.6
583677
583677
* Fri May 11 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-1.beta1
583677
- New upstream release 1.9.0 beta 1
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1
583677
- Add native support for autofs to the IPA provider
583677
- Support for ID-mapping when connecting to Active Directory
583677
- Support for handling very large (> 1500 users) groups in Active Directory
583677
- Support for sub-domains (will be used for dealing with trust relationships)
583677
- Add a new fast in-memory cache to speed up lookups of cached data on
583677
  repeated requests
583677
583677
* Thu May 03 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.3-11
583677
- New upstream release 1.8.3
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3
583677
- Numerous manpage and translation updates
583677
- LDAP: Handle situations where the RootDSE isn't available anonymously
583677
- LDAP: Fix regression for users using non-standard LDAP attributes for user
583677
  information
583677
583677
* Mon Apr 09 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.2-10
583677
- New upstream release 1.8.2
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2
583677
- Several fixes to case-insensitive domain functions
583677
- Fix for GSSAPI binds when the keytab contains unrelated principals
583677
- Fixed several segfaults
583677
- Workarounds added for LDAP servers with unreadable RootDSE
583677
- SSH knownhostproxy will no longer enter an infinite loop preventing login
583677
- The provided SYSV init script now starts SSSD earlier at startup and stops
583677
  it later during shutdown
583677
- Assorted minor fixes for issues discovered by static analysis tools
583677
583677
* Mon Mar 26 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.1-9
583677
- Don't duplicate libsss_autofs.so in two packages
583677
- Set explicit package contents instead of globbing
583677
583677
* Wed Mar 21 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.1-8
583677
- Fix uninitialized value bug causing crashes throughout the code
583677
- Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup
583677
583677
* Mon Mar 12 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.1-7
583677
- New upstream release 1.8.1
583677
- Resolve issue where we could enter an infinite loop trying to connect to an
583677
  auth server
583677
- Fix serious issue with complex (3+ levels) nested groups
583677
- Fix netgroup support for case-insensitivity and aliases
583677
- Fix serious issue with lookup bundling resulting in requests never
583677
  completing
583677
- IPA provider will now check the value of nsAccountLock during pam_acct_mgmt
583677
  in addition to pam_authenticate
583677
- Fix several regressions in the proxy provider
583677
- Resolves: rhbz#743133 - Performance regression with Kerberos authentication
583677
                          against AD
583677
- Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work
583677
583677
* Tue Feb 28 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-6
583677
- New upstream release 1.8.0
583677
- Support for the service map in NSS
583677
- Support for setting default SELinux user context from FreeIPA
583677
- Support for retrieving SSH user and host keys from LDAP (Experimental)
583677
- Support for caching autofs LDAP requests (Experimental)
583677
- Support for caching SUDO rules (Experimental)
583677
- Include the IPA AutoFS provider
583677
- Fixed several memory-corruption bugs
583677
- Fixed a regression in group enumeration since 1.7.0
583677
- Fixed a regression in the proxy provider
583677
- Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD
583677
- Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is
583677
                          logged at each login
583677
- Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process
583677
                          /usr/sbin/sssd was killed by signal 11 (SIGSEGV)
583677
- Resolves: rhbz#743133 - Performance regression with Kerberos authentication
583677
                          against AD
583677
- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for
583677
                          new LDAP features
583677
- Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc
583677
583677
* Wed Feb 22 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-5.beta3
583677
- Change default kerberos credential cache location to /run/user/<username>
583677
583677
* Wed Feb 15 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-4.beta3
583677
- New upstream release 1.8.0 beta 3
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3
583677
- Fixed a regression in group enumeration since 1.7.0
583677
- Fixed several memory-corruption bugs
583677
- Finalized the ABI for the autofs support
583677
- Fixed a regression in the proxy provider
583677
583677
* Fri Feb 10 2012 Petr Pisar <ppisar@redhat.com> - 1.8.0-3.beta2
583677
- Rebuild against PCRE 8.30
583677
583677
* Mon Feb 06 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-1.beta2
583677
- New upstream release
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2
583677
- Fix two minor manpage bugs
583677
- Include the IPA AutoFS provider
583677
583677
* Mon Feb 06 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-1.beta1
583677
- New upstream release
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1
583677
- Support for the service map in NSS
583677
- Support for setting default SELinux user context from FreeIPA
583677
- Support for retrieving SSH user and host keys from LDAP (Experimental)
583677
- Support for caching autofs LDAP requests (Experimental)
583677
- Support for caching SUDO rules (Experimental)
583677
583677
* Wed Feb 01 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.7.0-5
583677
- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for
583677
                          new LDAP features - fix netgroups and sudo as well
583677
583677
* Wed Feb 01 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.7.0-4
583677
- Fixes a serious memory hierarchy bug causing unpredictable behavior in the
583677
  LDAP provider.
583677
583677
* Wed Feb 01 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.7.0-3
583677
- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for
583677
                          new LDAP features
583677
583677
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.7.0-2
583677
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
583677
583677
* Thu Dec 22 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.7.0-1
583677
- New upstream release 1.7.0
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0
583677
- Support for case-insensitive domains
583677
- Support for multiple search bases in the LDAP provider
583677
- Support for the native FreeIPA netgroup implementation
583677
- Reliability improvements to the process monitor
583677
- New DEBUG facility with more consistent log levels
583677
- New tool to change debug log levels without restarting SSSD
583677
- SSSD will now disconnect from LDAP server when idle
583677
- FreeIPA HBAC rules can choose to ignore srchost options for significant
583677
  performance gains
583677
- Assorted performance improvements in the LDAP provider
583677
583677
* Mon Dec 19 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.4-1
583677
- New upstream release 1.6.4
583677
- Rolls up previous patches applied to the 1.6.3 tarball
583677
- Fixes a rare issue causing crashes in the failover logic
583677
- Fixes an issue where SSSD would return the wrong PAM error code for users
583677
  that it does not recognize.
583677
583677
* Wed Dec 07 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.3-5
583677
- Rebuild against libldb 1.1.4
583677
583677
* Tue Nov 29 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.3-4
583677
- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the
583677
                          username in getpwnam()
583677
- Resolves: rhbz#758425 - LDAP failover not working if server refuses
583677
                          connections
583677
583677
* Thu Nov 24 2011 Jakub Hrozek <jhrozek@redhat.com> - 1.6.3-3
583677
- Rebuild for libldb 1.1.3
583677
583677
* Thu Nov 10 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.3-2
583677
- Resolves: rhbz#752495 - Crash when apply settings
583677
583677
* Fri Nov 04 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.3-1
583677
- New upstream release 1.6.3
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3
583677
- Fixes a major cache performance issue introduced in 1.6.2
583677
- Fixes a potential infinite-loop with certain LDAP layouts
583677
583677
* Wed Oct 26 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.6.2-5
583677
- Rebuilt for glibc bug#747377
583677
583677
* Sun Oct 23 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.2-4
583677
- Change selinux policy requirement to Conflicts: with the old version,
583677
  rather than Requires: the supported version.
583677
583677
* Fri Oct 21 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.2-3
583677
- Add explicit requirement on selinux-policy version to address new SBUS
583677
  symlinks.
583677
583677
* Wed Oct 19 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.2-2
583677
- Remove %%files reference to sss_debuglevel copied from wrong upstreeam
583677
  spec file.
583677
583677
* Tue Oct 18 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.2-1
583677
- Improved handling of users and groups with multi-valued name attributes
583677
  (aliases)
583677
- Performance enhancements
583677
    Initgroups on RFC2307bis/FreeIPA
583677
    HBAC rule processing
583677
- Improved process-hang detection and restarting
583677
- Enabled the midpoint cache refresh by default (fewer cache misses on
583677
  commonly-used entries)
583677
- Cleaned up the example configuration
583677
- New tool to change debug level on the fly
583677
583677
* Mon Aug 29 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.1-1
583677
- New upstream release 1.6.1
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1
583677
- Fixes a serious issue with LDAP connections when the communication is
583677
  dropped (e.g. VPN disconnection, waking from sleep)
583677
- SSSD is now less strict when dealing with users/groups with multiple names
583677
  when a definitive primary name cannot be determined
583677
- The LDAP provider will no longer attempt to canonicalize by default when
583677
  using SASL. An option to re-enable this has been provided.
583677
- Fixes for non-standard LDAP attribute names (e.g. those used by Active
583677
  Directory)
583677
- Three HBAC regressions have been fixed.
583677
- Fix for an infinite loop in the deref code
583677
583677
* Wed Aug 03 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.0-2
583677
- Build with _hardened_build macro
583677
583677
* Wed Aug 03 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.0-1
583677
- New upstream release 1.6.0
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0
583677
- Add host access control support for LDAP (similar to pam_host_attr)
583677
- Finer-grained control on principals used with Kerberos (such as for FAST or
583677
- validation)
583677
- Added a new tool sss_cache to allow selective expiring of cached entries
583677
- Added support for LDAP DEREF and ASQ controls
583677
- Added access control features for Novell Directory Server
583677
- FreeIPA dynamic DNS update now checks first to see if an update is needed
583677
- Complete rewrite of the HBAC library
583677
- New libraries: libipa_hbac and libipa_hbac-python
583677
583677
* Tue Jul 05 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.11-2
583677
- New upstream release 1.5.11
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11
583677
- Fix a serious regression that prevented SSSD from working with ldaps:// URIs
583677
- IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6
583677
- address being saved to the AAAA record
583677
583677
* Fri Jul 01 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.10-1
583677
- New upstream release 1.5.10
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10
583677
- Fixed a regression introduced in 1.5.9 that could result in blocking calls
583677
- to LDAP
583677
583677
* Thu Jun 30 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.9-1
583677
- New upstream release 1.5.9
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9
583677
- Support for overriding home directory, shell and primary GID locally
583677
- Properly honor TTL values from SRV record lookups
583677
- Support non-POSIX groups in nested group chains (for RFC2307bis LDAP
583677
- servers)
583677
- Properly escape IPv6 addresses in the failover code
583677
- Do not crash if inotify fails (e.g. resource exhaustion)
583677
- Don't add multiple TGT renewal callbacks (too many log messages)
583677
583677
* Fri May 27 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.8-1
583677
- New upstream release 1.5.8
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8
583677
- Support for the LDAP paging control
583677
- Support for multiple DNS servers for name resolution
583677
- Fixes for several group membership bugs
583677
- Fixes for rare crash bugs
583677
583677
* Mon May 23 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.7-3
583677
- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d
583677
- Make sure to properly convert to systemd if upgrading from newer
583677
- updates for Fedora 14
583677
583677
* Mon May 02 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.7-2
583677
- Fix segfault in TGT renewal
583677
583677
* Fri Apr 29 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.7-1
583677
- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites
583677
-                         cached password with predicatable filename
583677
583677
* Wed Apr 20 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.6.1-1
583677
- Re-add manpage translations
583677
583677
* Wed Apr 20 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.6-1
583677
- New upstream release 1.5.6
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6
583677
- Fixed a serious memory leak in the memberOf plugin
583677
- Fixed a regression with the negative cache that caused it to be essentially
583677
- nonfunctional
583677
- Fixed an issue where the user's full name would sometimes be removed from
583677
- the cache
583677
- Fixed an issue with password changes in the kerberos provider not working
583677
- with kpasswd
583677
583677
* Wed Apr 20 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.5-5
583677
- Resolves: rhbz#697057 - kpasswd fails when using sssd and
583677
-                         kadmin server != kdc server
583677
- Upgrades from SysV should now maintain enabled/disabled status
583677
583677
* Mon Apr 18 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.5-4
583677
- Fix %%postun
583677
583677
* Thu Apr 14 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.5-3
583677
- Fix systemd conversion. Upgrades from SysV to systemd weren't properly
583677
- enabling the systemd service.
583677
- Fix a serious memory leak in the memberOf plugin
583677
- Fix an issue where the user's full name would sometimes be removed
583677
- from the cache
583677
583677
* Tue Apr 12 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.5-2
583677
- Install systemd unit file instead of sysv init script
583677
583677
* Tue Apr 12 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.5-1
583677
- New upstream release 1.5.5
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5
583677
- Fixes for several crash bugs
583677
- LDAP group lookups will no longer abort if there is a zero-length member
583677
- attribute
583677
- Add automatic fallback to 'cn' if the 'gecos' attribute does not exist
583677
583677
* Thu Mar 24 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.4-1
583677
- New upstream release 1.5.4
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4
583677
- Fixes for Active Directory when not all users and groups have POSIX attributes
583677
- Fixes for handling users and groups that have name aliases (aliases are ignored)
583677
- Fix group memberships after initgroups in the IPA provider
583677
583677
* Thu Mar 17 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.3-2
583677
- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication
583677
583677
* Fri Mar 11 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.3-1
583677
- New upstream release 1.5.3
583677
- Support for libldb >= 1.0.0
583677
583677
* Thu Mar 10 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.2-1
583677
- New upstream release 1.5.2
583677
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2
583677
- Fixes for support of FreeIPA v2
583677
- Fixes for failover if DNS entries change
583677
- Improved sss_obfuscate tool with better interactive mode
583677
- Fix several crash bugs
583677
- Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this
583677
- Delete users from the local cache if initgroups calls return 'no such user'
583677
- (previously only worked for getpwnam/getpwuid)
583677
- Use new Transifex.net translations
583677
- Better support for automatic TGT renewal (now survives restart)
583677
- Netgroup fixes
583677
583677
* Sun Feb 27 2011 Simo Sorce <ssorce@redhat.com> - 1.5.1-9
583677
- Rebuild sssd against libldb 1.0.2 so the memberof module loads again.
583677
- Related: rhbz#677425
583677
583677
* Mon Feb 21 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-8
583677
- Resolves: rhbz#677768 - name service caches names, so id command shows
583677
-                         recently deleted users
583677
583677
* Fri Feb 11 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-7
583677
- Ensure that SSSD builds against libldb-1.0.0 on F15 and later
583677
- Remove .la for memberOf
583677
583677
* Fri Feb 11 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-6
583677
- Fix memberOf install path
583677
583677
* Fri Feb 11 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-5
583677
- Add support for libldb 1.0.0
583677
583677
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.5.1-4
583677
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
583677
583677
* Tue Feb 01 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-3
583677
- Fix nested group member filter sanitization for RFC2307bis
583677
- Put translated tool manpages into the sssd-tools subpackage
583677
583677
* Thu Jan 27 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-2
583677
- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during
583677
- rpmbuild
583677
583677
* Thu Jan 27 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-1
583677
- New upstream release 1.5.1
583677
- Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins
583677
- Vast performance improvements when enumerate = true
583677
- All PAM actions will now perform a forced initgroups lookup instead of just
583677
- a user information lookup
583677
-   This guarantees that all group information is available to other
583677
-   providers, such as the simple provider.
583677
- For backwards-compatibility, DNS lookups will also fall back to trying the
583677
- SSSD domain name as a DNS discovery domain.
583677
- Support for more password expiration policies in LDAP
583677
-    389 Directory Server
583677
-    FreeIPA
583677
-    ActiveDirectory
583677
- Support for ldap_tls_{cert,key,cipher_suite} config options
583677
-Assorted bugfixes
583677
583677
* Tue Jan 11 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.0-2
583677
- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins
583677
583677
* Wed Dec 22 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.5.0-1
583677
- New upstream release 1.5.0
583677
- Fixed issues with LDAP search filters that needed to be escaped
583677
- Add Kerberos FAST support on platforms that support it
583677
- Reduced verbosity of PAM_TEXT_INFO messages for cached credentials
583677
- Added a Kerberos access provider to honor .k5login
583677
- Addressed several thread-safety issues in the sss_client code
583677
- Improved support for delayed online Kerberos auth
583677
- Significantly reduced time between connecting to the network/VPN and
583677
- acquiring a TGT
583677
- Added feature for automatic Kerberos ticket renewal
583677
- Provides the kerberos ticket for long-lived processes or cron jobs
583677
- even when the user logs out
583677
- Added several new features to the LDAP access provider
583677
- Support for 'shadow' access control
583677
- Support for authorizedService access control
583677
- Ability to mix-and-match LDAP access control features
583677
- Added an option for a separate password-change LDAP server for those
583677
- platforms where LDAP referrals are not supported
583677
- Added support for manpage translations
583677
583677
583677
* Thu Nov 18 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.1-3
583677
- Solve a shutdown race-condition that sometimes left processes running
583677
- Resolves: rhbz#606887 - SSSD stops on upgrade
583677
583677
* Tue Nov 16 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.1-2
583677
- Log startup errors to the syslog
583677
- Allow cache cleanup to be disabled in sssd.conf
583677
583677
* Mon Nov 01 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.1-1
583677
- New upstream release 1.4.1
583677
- Add support for netgroups to the proxy provider
583677
- Fixes a minor bug with UIDs/GIDs >= 2^31
583677
- Fixes a segfault in the kerberos provider
583677
- Fixes a segfault in the NSS responder if a data provider crashes
583677
- Correctly use sdap_netgroup_search_base
583677
583677
* Mon Oct 18 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.0-2
583677
- Fix incorrect tarball URL
583677
583677
* Mon Oct 18 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.0-1
583677
- New upstream release 1.4.0
583677
- Added support for netgroups to the LDAP provider
583677
- Performance improvements made to group processing of RFC2307 LDAP servers
583677
- Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin
583677
- Build-system improvements to support Gentoo
583677
- Split out several libraries into the ding-libs tarball
583677
- Manpage reviewed and updated
583677
583677
* Mon Oct 04 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.3.0-35
583677
- Fix pre and post script requirements
583677
583677
* Mon Oct 04 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.3.0-34
583677
- Resolves: rhbz#606887 - sssd stops on upgrade
583677
583677
* Fri Oct 01 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.3.0-33
583677
- Resolves: rhbz#626205 - Unable to unlock screen
583677
583677
* Tue Sep 28 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.3.0-32
583677
- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but
583677
-                         doesn't require it
583677
583677
* Thu Sep 16 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.3.0-31
583677
- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib
583677
583677
* Tue Aug 24 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.3.0-30
583677
- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate
583677
-                           against LDAP
583677
583677
* Thu Jul 22 2010 David Malcolm <dmalcolm@redhat.com> - 1.2.91-21
583677
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
583677
583677
* Fri Jul 09 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.91-20
583677
- New upstream version 1.2.91 (1.3.0rc1)
583677
- Improved LDAP failover
583677
- Synchronous sysdb API (provides performance enhancements)
583677
- Better online reconnection detection
583677
583677
* Mon Jun 21 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-15
583677
- New stable upstream version 1.2.1
583677
- Resolves: rhbz#595529 - spec file should eschew %%define in favor of
583677
-                         %%global
583677
- Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service
583677
-                         to fail while restart.
583677
- Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel
583677
-                         keyring
583677
- Resolves: rhbz#599724 - sssd is broken on Rawhide
583677
583677
* Mon May 24 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.0-12
583677
- New stable upstream version 1.2.0
583677
- Support ServiceGroups for FreeIPA v2 HBAC rules
583677
- Fix long-standing issue with auth_provider = proxy
583677
- Better logging for TLS issues in LDAP
583677
583677
* Tue May 18 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.92-11
583677
- New LDAP access provider allows for filtering user access by LDAP attribute
583677
- Reduced default timeout for detecting offline status with LDAP
583677
- GSSAPI ticket lifetime made configurable
583677
- Better offline->online transition support in Kerberos
583677
583677
* Fri May 07 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.91-10
583677
- Release new upstream version 1.1.91
583677
- Enhancements when using SSSD with FreeIPA v2
583677
- Support for deferred kinit
583677
- Support for DNS SRV records for failover
583677
583677
* Fri Apr 02 2010 Simo Sorce <ssorce@redhat.com> - 1.1.1-3
583677
- Bump up release number to avoid library sub-packages version issues with
583677
  previous releases.
583677
583677
* Thu Apr 01 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.1-1
583677
- New upstream release 1.1.1
583677
- Fixed the IPA provider (which was segfaulting at start)
583677
- Fixed a bug in the SSSDConfig API causing some options to revert to
583677
- their defaults
583677
- This impacted the Authconfig UI
583677
- Ensure that SASL binds to LDAP auto-retry when interrupted by a signal
583677
583677
* Tue Mar 23 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.0-2
583677
- Release SSSD 1.1.0 final
583677
- Fix two potential segfaults
583677
- Fix memory leak in monitor
583677
- Better error message for unusable confdb
583677
583677
* Wed Mar 17 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.0-1.pre20100317git0ea7f19
583677
- Release candidate for SSSD 1.1
583677
- Add simple access provider
583677
- Create subpackages for libcollection, libini_config, libdhash and librefarray
583677
- Support IPv6
583677
- Support LDAP referrals
583677
- Fix cache issues
583677
- Better feedback from PAM when offline
583677
583677
* Wed Feb 24 2010 Stephen Gallagehr <sgallagh@redhat.com> - 1.0.5-2
583677
- Rebuild against new libtevent
583677
583677
* Fri Feb 19 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.5-1
583677
- Fix licenses in sources and on RPMs
583677
583677
* Mon Jan 25 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.4-1
583677
- Fix regression on 64-bit platforms
583677
583677
* Fri Jan 22 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.3-1
583677
- Fixes link error on platforms that do not do implicit linking
583677
- Fixes double-free segfault in PAM
583677
- Fixes double-free error in async resolver
583677
- Fixes support for TCP-based DNS lookups in async resolver
583677
- Fixes memory alignment issues on ARM processors
583677
- Manpage fixes
583677
583677
* Thu Jan 14 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.2-1
583677
- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online
583677
- Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests
583677
- Several segfault bugfixes
583677
583677
* Mon Jan 11 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.1-1
583677
- Fix CVE-2010-0014
583677
583677
* Mon Dec 21 2009 Stephen Gallagher <sgallagh@redhat.com> - 1.0.0-2
583677
- Patch SSSDConfig API to address
583677
- https://bugzilla.redhat.com/show_bug.cgi?id=549482
583677
583677
* Fri Dec 18 2009 Stephen Gallagher <sgallagh@redhat.com> - 1.0.0-1
583677
- New upstream stable release 1.0.0
583677
583677
* Fri Dec 11 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.99.1-1
583677
- New upstream bugfix release 0.99.1
583677
583677
* Mon Nov 30 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.99.0-1
583677
- New upstream release 0.99.0
583677
583677
* Tue Oct 27 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.7.1-1
583677
- Fix segfault in sssd_pam when cache_credentials was enabled
583677
- Update the sample configuration
583677
- Fix upgrade issues caused by data provider service removal
583677
583677
* Mon Oct 26 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.7.0-2
583677
- Fix upgrade issues from old (pre-0.5.0) releases of SSSD
583677
583677
* Fri Oct 23 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.7.0-1
583677
- New upstream release 0.7.0
583677
583677
* Thu Oct 15 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.6.1-2
583677
- Fix missing file permissions for sssd-clients
583677
583677
* Tue Oct 13 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.6.1-1
583677
- Add SSSDConfig API
583677
- Update polish translation for 0.6.0
583677
- Fix long timeout on ldap operation
583677
- Make dp requests more robust
583677
583677
* Tue Sep 29 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.6.0-1
583677
- Ensure that the configuration upgrade script always writes the config
583677
  file with 0600 permissions
583677
- Eliminate an infinite loop in group enumerations
583677
583677
* Mon Sep 28 2009 Sumit Bose <sbose@redhat.com> - 0.6.0-0
583677
- New upstream release 0.6.0
583677
583677
* Mon Aug 24 2009 Simo Sorce <ssorce@redhat.com> - 0.5.0-0
583677
- New upstream release 0.5.0
583677
583677
* Wed Jul 29 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.4.1-4
583677
- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in
583677
  without a password. (Patch by Stephen Gallagher)
583677
583677
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4.1-3
583677
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
583677
583677
* Mon Jun 22 2009 Simo Sorce <ssorce@redhat.com> - 0.4.1-2
583677
- Fix a couple of segfaults that may happen on reload
583677
583677
* Thu Jun 11 2009 Simo Sorce <ssorce@redhat.com> - 0.4.1-1
583677
- add missing configure check that broke stopping the daemon
583677
- also fix default config to add a missing required option
583677
583677
* Mon Jun  8 2009 Simo Sorce <ssorce@redhat.com> - 0.4.1-0
583677
- latest upstream release.
583677
- also add a patch that fixes debugging output (potential segfault)
583677
583677
* Mon Apr 20 2009 Simo Sorce <ssorce@redhat.com> - 0.3.2-2
583677
- release out of the official 0.3.2 tarball
583677
583677
* Mon Apr 20 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.3.2-1
583677
- bugfix release 0.3.2
583677
- includes previous release patches
583677
- change permissions of the /etc/sssd/sssd.conf to 0600
583677
583677
* Tue Apr 14 2009 Simo Sorce <ssorce@redhat.com> - 0.3.1-2
583677
- Add last minute bug fixes, found in testing the package
583677
583677
* Mon Apr 13 2009 Simo Sorce <ssorce@redhat.com> - 0.3.1-1
583677
- Version 0.3.1
583677
- includes previous release patches
583677
583677
* Mon Apr 13 2009 Simo Sorce <ssorce@redhat.com> - 0.3.0-2
583677
- Try to fix build adding automake as an explicit BuildRequire
583677
- Add also a couple of last minute patches from upstream
583677
583677
* Mon Apr 13 2009 Simo Sorce <ssorce@redhat.com> - 0.3.0-1
583677
- Version 0.3.0
583677
- Provides file based configuration and lots of improvements
583677
583677
* Tue Mar 10 2009 Simo Sorce <ssorce@redhat.com> - 0.2.1-1
583677
- Version 0.2.1
583677
583677
* Tue Mar 10 2009 Simo Sorce <ssorce@redhat.com> - 0.2.0-1
583677
- Version 0.2.0
583677
583677
* Sun Mar 08 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.1.0-5.20090309git691c9b3
583677
- package git snapshot
583677
583677
* Fri Mar 06 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.1.0-4
583677
- fixed items found during review
583677
- added initscript
583677
583677
* Thu Mar 05 2009 Sumit Bose <sbose@redhat.com> - 0.1.0-3
583677
- added sss_client
583677
583677
* Mon Feb 23 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.1.0-2
583677
- Small cleanup and fixes in the spec file
583677
583677
* Thu Feb 12 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.1.0-1
583677
- Initial release (based on version 0.1.0 upstream code)