rpms / sssd

Clone
Source Code
GIT

Blame SPECS/sssd.spec

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   41a6e7c2b60a7046b06beb22cd00ddfadd8e6fc8
  2.   SPECS
  3.   sssd.spec
Blob History Raw
a49733 
# SSSD SPEC file for Fedora 34+ and RHEL-9+
a49733
a49733 
# define SSSD user
a49733 
%if 0%{?rhel}
a49733 
%global sssd_user sssd
a49733 
%else
a49733 
%global sssd_user root
a49733 
%endif
a49733
a49733 
# Set setuid bit on child helpers if we support non-root user.
a49733 
%if "%{sssd_user}" == "root"
a49733 
%global child_attrs 0750
a49733 
%else
a49733 
%global child_attrs 4750
a49733 
%endif
a49733
a49733 
# we don't want to provide private python extension libs
a49733 
%define __provides_exclude_from %{python3_sitearch}/.*\.so$
a49733
a49733 
%define _hardened_build 1
a49733
a49733 
# Determine the location of the LDB modules directory
a49733 
%global ldb_modulesdir %(pkg-config --variable=modulesdir ldb)
a49733 
%global ldb_version 1.2.0
a49733
a49733 
%global samba_package_version %(rpm -q samba-devel --queryformat %{version}-%{release})
a49733
a49733 
Name: sssd
41a6e7 
Version: 2.6.1
41a6e7 
Release: 1%{?dist}
a49733 
Summary: System Security Services Daemon
a49733 
License: GPLv3+
a49733 
URL: https://github.com/SSSD/sssd/
41a6e7 
Source0: https://github.com/SSSD/sssd/releases/download/%{version}/sssd-%{version}.tar.gz
a49733
a49733 
### Patches ###
41a6e7 
#Patch0001:
a49733
a49733 
### Dependencies ###
a49733
a49733 
Requires: sssd-ad = %{version}-%{release}
a49733 
Requires: sssd-common = %{version}-%{release}
a49733 
Requires: sssd-ipa = %{version}-%{release}
a49733 
Requires: sssd-krb5 = %{version}-%{release}
a49733 
Requires: sssd-ldap = %{version}-%{release}
41a6e7 
Suggests: sssd-proxy = %{version}-%{release}
41a6e7 
Suggests: logrotate
a49733 
Suggests: python3-sssdconfig = %{version}-%{release}
a49733 
Suggests: sssd-dbus = %{version}-%{release}
a49733
a49733 
%global servicename sssd
a49733 
%global sssdstatedir %{_localstatedir}/lib/sss
a49733 
%global dbpath %{sssdstatedir}/db
a49733 
%global keytabdir %{sssdstatedir}/keytabs
a49733 
%global pipepath %{sssdstatedir}/pipes
a49733 
%global mcpath %{sssdstatedir}/mc
a49733 
%global pubconfpath %{sssdstatedir}/pubconf
a49733 
%global gpocachepath %{sssdstatedir}/gpo_cache
a49733 
%global secdbpath %{sssdstatedir}/secrets
a49733 
%global deskprofilepath %{sssdstatedir}/deskprofile
a49733
a49733 
### Build Dependencies ###
a49733
a49733 
BuildRequires: autoconf
a49733 
BuildRequires: automake
a49733 
BuildRequires: bind-utils
a49733 
BuildRequires: c-ares-devel
a49733 
BuildRequires: check-devel
a49733 
BuildRequires: cifs-utils-devel
a49733 
BuildRequires: dbus-devel
a49733 
BuildRequires: docbook-style-xsl
a49733 
BuildRequires: doxygen
a49733 
BuildRequires: findutils
a49733 
BuildRequires: gcc
a49733 
BuildRequires: gdm-pam-extensions-devel
a49733 
BuildRequires: gettext-devel
a49733 
# required for p11_child smartcard tests
a49733 
BuildRequires: gnutls-utils
a49733 
BuildRequires: keyutils-libs-devel
a49733 
BuildRequires: krb5-devel
a49733 
BuildRequires: libcmocka-devel >= 1.0.0
a49733 
BuildRequires: libdhash-devel >= 0.4.2
a49733 
BuildRequires: libini_config-devel >= 1.1
a49733 
BuildRequires: libldb-devel >= %{ldb_version}
a49733 
BuildRequires: libnfsidmap-devel
a49733 
BuildRequires: libnl3-devel
a49733 
BuildRequires: libselinux-devel
a49733 
BuildRequires: libsemanage-devel
a49733 
BuildRequires: libsmbclient-devel
a49733 
BuildRequires: libtalloc-devel
a49733 
BuildRequires: libtdb-devel
a49733 
BuildRequires: libtevent-devel
a49733 
BuildRequires: libtool
a49733 
BuildRequires: libuuid-devel
a49733 
BuildRequires: libxml2
a49733 
BuildRequires: libxslt
a49733 
BuildRequires: m4
a49733 
BuildRequires: make
a49733 
BuildRequires: nss_wrapper
a49733 
BuildRequires: openldap-devel
a49733 
BuildRequires: openssh
a49733 
BuildRequires: openssl
a49733 
BuildRequires: openssl-devel
a49733 
BuildRequires: p11-kit-devel
a49733 
BuildRequires: pam_wrapper
a49733 
BuildRequires: pam-devel
41a6e7 
BuildRequires: pcre2-devel
a49733 
BuildRequires: pkgconfig
a49733 
BuildRequires: popt-devel
a49733 
BuildRequires: python3-devel
a49733 
BuildRequires: samba-devel
a49733 
# required for idmap_sss.so
a49733 
BuildRequires: samba-winbind
a49733 
BuildRequires: selinux-policy-targeted
a49733 
# required for p11_child smartcard tests
a49733 
BuildRequires: softhsm >= 2.1.0
a49733 
BuildRequires: systemd-devel
a49733 
BuildRequires: systemtap-sdt-devel
a49733 
BuildRequires: uid_wrapper
a49733 
BuildRequires: po4a
41a6e7 
BuildRequires: libunistring-devel
a49733 
BuildRequires: shadow-utils-subid-devel
a49733
a49733 
%description
a49733 
Provides a set of daemons to manage access to remote directories and
a49733 
authentication mechanisms. It provides an NSS and PAM interface toward
a49733 
the system and a pluggable back end system to connect to multiple different
a49733 
account sources. It is also the basis to provide client auditing and policy
a49733 
services for projects like FreeIPA.
a49733
a49733 
The sssd subpackage is a meta-package that contains the daemon as well as all
a49733 
the existing back ends.
a49733
a49733 
%package common
a49733 
Summary: Common files for the SSSD
a49733 
License: GPLv3+
a49733 
# Requires
a49733 
# due to ABI changes in 1.1.30/1.2.0
a49733 
Requires: libldb >= %{ldb_version}
a49733 
Requires: sssd-client%{?_isa} = %{version}-%{release}
41a6e7 
Requires: (libsss_sudo = %{version}-%{release} if sudo)
41a6e7 
Requires: (libsss_autofs%{?_isa} = %{version}-%{release} if autofs)
41a6e7 
Requires: (sssd-nfs-idmap = %{version}-%{release} if libnfsidmap)
a49733 
Requires: libsss_idmap = %{version}-%{release}
a49733 
Requires: libsss_certmap = %{version}-%{release}
a49733 
%if 0%{?rhel}
a49733 
Requires(pre): shadow-utils
a49733 
%endif
a49733 
%{?systemd_requires}
a49733
a49733 
### Provides ###
a49733 
Provides: libsss_sudo-devel = %{version}-%{release}
a49733 
Obsoletes: libsss_sudo-devel <= 1.10.0-7%{?dist}.beta1
a49733
a49733 
%description common
a49733 
Common files for the SSSD. The common package includes all the files needed
a49733 
to run a particular back end, however, the back ends are packaged in separate
a49733 
subpackages such as sssd-ldap.
a49733
a49733 
%package client
a49733 
Summary: SSSD Client libraries for NSS and PAM
a49733 
License: LGPLv3+
a49733 
Requires: libsss_nss_idmap = %{version}-%{release}
a49733 
Requires: libsss_idmap = %{version}-%{release}
a49733 
Requires(post): /sbin/ldconfig
a49733 
Requires(post):  /usr/sbin/alternatives
a49733 
Requires(preun): /usr/sbin/alternatives
a49733
a49733 
%description client
a49733 
Provides the libraries needed by the PAM and NSS stacks to connect to the SSSD
a49733 
service.
a49733
a49733 
%package -n libsss_sudo
a49733 
Summary: A library to allow communication between SUDO and SSSD
a49733 
License: LGPLv3+
a49733 
Conflicts: sssd-common < %{version}-%{release}
a49733
a49733 
%description -n libsss_sudo
a49733 
A utility library to allow communication between SUDO and SSSD
a49733
a49733 
%package -n libsss_autofs
a49733 
Summary: A library to allow communication between Autofs and SSSD
a49733 
License: LGPLv3+
a49733 
Conflicts: sssd-common < %{version}-%{release}
a49733
a49733 
%description -n libsss_autofs
a49733 
A utility library to allow communication between Autofs and SSSD
a49733
a49733 
%package tools
a49733 
Summary: Userspace tools for use with the SSSD
a49733 
License: GPLv3+
a49733 
Requires: sssd-common = %{version}-%{release}
a49733 
# required by sss_obfuscate
a49733 
Requires: python3-sss = %{version}-%{release}
a49733 
Requires: python3-sssdconfig = %{version}-%{release}
a49733 
Requires: libsss_certmap = %{version}-%{release}
41a6e7 
Requires: python3-systemd
41a6e7 
Suggests: sssd-dbus
a49733
a49733 
%description tools
a49733 
Provides userspace tools for manipulating users, groups, and nested groups in
a49733 
SSSD when using id_provider = local in /etc/sssd/sssd.conf.
a49733
a49733 
Also provides several other administrative tools:
a49733 
    * sss_debuglevel to change the debug level on the fly
a49733 
    * sss_seed which pre-creates a user entry for use in kickstarts
a49733 
    * sss_obfuscate for generating an obfuscated LDAP password
a49733 
    * sssctl -- an sssd status and control utility
a49733
a49733 
%package -n python3-sssdconfig
a49733 
Summary: SSSD and IPA configuration file manipulation classes and functions
a49733 
License: GPLv3+
a49733 
BuildArch: noarch
a49733 
%{?python_provide:%python_provide python3-sssdconfig}
a49733
a49733 
%description -n python3-sssdconfig
a49733 
Provides python3 files for manipulation SSSD and IPA configuration files.
a49733
a49733 
%package -n python3-sss
a49733 
Summary: Python3 bindings for sssd
a49733 
License: LGPLv3+
a49733 
Requires: sssd-common = %{version}-%{release}
a49733 
%{?python_provide:%python_provide python3-sss}
a49733
a49733 
%description -n python3-sss
a49733 
Provides python3 module for manipulating users, groups, and nested groups in
a49733 
SSSD when using id_provider = local in /etc/sssd/sssd.conf.
a49733
a49733 
Also provides several other useful python3 bindings:
a49733 
    * function for retrieving list of groups user belongs to.
a49733 
    * class for obfuscation of passwords
a49733
a49733 
%package -n python3-sss-murmur
a49733 
Summary: Python3 bindings for murmur hash function
a49733 
License: LGPLv3+
a49733 
%{?python_provide:%python_provide python3-sss-murmur}
a49733
a49733 
%description -n python3-sss-murmur
a49733 
Provides python3 module for calculating the murmur hash version 3
a49733
a49733 
%package ldap
a49733 
Summary: The LDAP back end of the SSSD
a49733 
License: GPLv3+
a49733 
Requires: sssd-common = %{version}-%{release}
a49733 
Requires: sssd-krb5-common = %{version}-%{release}
a49733 
Requires: libsss_idmap = %{version}-%{release}
a49733 
Requires: libsss_certmap = %{version}-%{release}
a49733
a49733 
%description ldap
a49733 
Provides the LDAP back end that the SSSD can utilize to fetch identity data
a49733 
from and authenticate against an LDAP server.
a49733
a49733 
%package krb5-common
a49733 
Summary: SSSD helpers needed for Kerberos and GSSAPI authentication
a49733 
License: GPLv3+
a49733 
Requires: cyrus-sasl-gssapi%{?_isa}
a49733 
Requires: sssd-common = %{version}-%{release}
a49733
a49733 
%description krb5-common
a49733 
Provides helper processes that the LDAP and Kerberos back ends can use for
a49733 
Kerberos user or host authentication.
a49733
a49733 
%package krb5
a49733 
Summary: The Kerberos authentication back end for the SSSD
a49733 
License: GPLv3+
a49733 
Requires: sssd-common = %{version}-%{release}
a49733 
Requires: sssd-krb5-common = %{version}-%{release}
a49733
a49733 
%description krb5
a49733 
Provides the Kerberos back end that the SSSD can utilize authenticate
a49733 
against a Kerberos server.
a49733
a49733 
%package common-pac
a49733 
Summary: Common files needed for supporting PAC processing
a49733 
License: GPLv3+
a49733 
Requires: sssd-common = %{version}-%{release}
a49733 
Requires: libsss_idmap = %{version}-%{release}
a49733
a49733 
%description common-pac
a49733 
Provides common files needed by SSSD providers such as IPA and Active Directory
a49733 
for handling Kerberos PACs.
a49733
a49733 
%package ipa
a49733 
Summary: The IPA back end of the SSSD
a49733 
License: GPLv3+
a49733 
Requires: samba-client-libs >= %{samba_package_version}
a49733 
Requires: sssd-common = %{version}-%{release}
a49733 
Requires: sssd-krb5-common = %{version}-%{release}
a49733 
Requires: libipa_hbac%{?_isa} = %{version}-%{release}
a49733 
Requires: libsss_certmap = %{version}-%{release}
a49733 
Recommends: bind-utils
a49733 
Requires: sssd-common-pac = %{version}-%{release}
a49733 
Requires: libsss_idmap = %{version}-%{release}
a49733
a49733 
%description ipa
a49733 
Provides the IPA back end that the SSSD can utilize to fetch identity data
a49733 
from and authenticate against an IPA server.
a49733
a49733 
%package ad
a49733 
Summary: The AD back end of the SSSD
a49733 
License: GPLv3+
a49733 
Requires: samba-client-libs >= %{samba_package_version}
a49733 
Requires: sssd-common = %{version}-%{release}
a49733 
Requires: sssd-krb5-common = %{version}-%{release}
a49733 
Requires: sssd-common-pac = %{version}-%{release}
a49733 
Requires: libsss_idmap = %{version}-%{release}
a49733 
Requires: libsss_certmap = %{version}-%{release}
a49733 
Recommends: bind-utils
a49733 
Recommends: adcli
a49733 
Suggests: sssd-winbind-idmap = %{version}-%{release}
a49733
a49733 
%description ad
a49733 
Provides the Active Directory back end that the SSSD can utilize to fetch
a49733 
identity data from and authenticate against an Active Directory server.
a49733
a49733 
%package proxy
a49733 
Summary: The proxy back end of the SSSD
a49733 
License: GPLv3+
a49733 
Requires: sssd-common = %{version}-%{release}
a49733
a49733 
%description proxy
a49733 
Provides the proxy back end which can be used to wrap an existing NSS and/or
a49733 
PAM modules to leverage SSSD caching.
a49733
a49733 
%package -n libsss_idmap
a49733 
Summary: FreeIPA Idmap library
a49733 
License: LGPLv3+
a49733
a49733 
%description -n libsss_idmap
a49733 
Utility library to convert SIDs to Unix uids and gids
a49733
a49733 
%package -n libsss_idmap-devel
a49733 
Summary: FreeIPA Idmap library
a49733 
License: LGPLv3+
a49733 
Requires: libsss_idmap = %{version}-%{release}
a49733
a49733 
%description -n libsss_idmap-devel
a49733 
Utility library to SIDs to Unix uids and gids
a49733
a49733 
%package -n libipa_hbac
a49733 
Summary: FreeIPA HBAC Evaluator library
a49733 
License: LGPLv3+
a49733
a49733 
%description -n libipa_hbac
a49733 
Utility library to validate FreeIPA HBAC rules for authorization requests
a49733
a49733 
%package -n libipa_hbac-devel
a49733 
Summary: FreeIPA HBAC Evaluator library
a49733 
License: LGPLv3+
a49733 
Requires: libipa_hbac = %{version}-%{release}
a49733
a49733 
%description -n libipa_hbac-devel
a49733 
Utility library to validate FreeIPA HBAC rules for authorization requests
a49733
a49733 
%package -n python3-libipa_hbac
a49733 
Summary: Python3 bindings for the FreeIPA HBAC Evaluator library
a49733 
License: LGPLv3+
a49733 
Requires: libipa_hbac = %{version}-%{release}
a49733 
%{?python_provide:%python_provide python3-libipa_hbac}
a49733
a49733 
%description -n python3-libipa_hbac
a49733 
The python3-libipa_hbac contains the bindings so that libipa_hbac can be
a49733 
used by Python applications.
a49733
a49733 
%package -n libsss_nss_idmap
a49733 
Summary: Library for SID and certificate based lookups
a49733 
License: LGPLv3+
a49733
a49733 
%description -n libsss_nss_idmap
a49733 
Utility library for SID and certificate based lookups
a49733
a49733 
%package -n libsss_nss_idmap-devel
a49733 
Summary: Library for SID and certificate based lookups
a49733 
License: LGPLv3+
a49733 
Requires: libsss_nss_idmap = %{version}-%{release}
a49733
a49733 
%description -n libsss_nss_idmap-devel
a49733 
Utility library for SID and certificate based lookups
a49733
a49733 
%package -n python3-libsss_nss_idmap
a49733 
Summary: Python3 bindings for libsss_nss_idmap
a49733 
License: LGPLv3+
a49733 
Requires: libsss_nss_idmap = %{version}-%{release}
a49733 
%{?python_provide:%python_provide python3-libsss_nss_idmap}
a49733
a49733 
%description -n python3-libsss_nss_idmap
a49733 
The python3-libsss_nss_idmap contains the bindings so that libsss_nss_idmap can
a49733 
be used by Python applications.
a49733
a49733 
%package dbus
a49733 
Summary: The D-Bus responder of the SSSD
a49733 
License: GPLv3+
a49733 
Requires: sssd-common = %{version}-%{release}
a49733 
%{?systemd_requires}
a49733
a49733 
%description dbus
a49733 
Provides the D-Bus responder of the SSSD, called the InfoPipe, that allows
a49733 
the information from the SSSD to be transmitted over the system bus.
a49733
a49733 
%if 0%{?rhel}
a49733 
%package polkit-rules
a49733 
Summary: Rules for polkit integration for SSSD
a49733 
Group: Applications/System
a49733 
License: GPLv3+
a49733 
Requires: polkit >= 0.106
a49733 
Requires: sssd-common = %{version}-%{release}
a49733
a49733 
%description polkit-rules
a49733 
Provides rules for polkit integration with SSSD. This is required
a49733 
for smartcard support.
a49733 
%endif
a49733
a49733 
%package -n libsss_simpleifp
a49733 
Summary: The SSSD D-Bus responder helper library
a49733 
License: GPLv3+
a49733 
Requires: sssd-dbus = %{version}-%{release}
a49733
a49733 
%description -n libsss_simpleifp
a49733 
Provides library that simplifies D-Bus API for the SSSD InfoPipe responder.
a49733
a49733 
%package -n libsss_simpleifp-devel
a49733 
Summary: The SSSD D-Bus responder helper library
a49733 
License: GPLv3+
a49733 
Requires: dbus-devel
a49733 
Requires: libsss_simpleifp = %{version}-%{release}
a49733
a49733 
%description -n libsss_simpleifp-devel
a49733 
Provides library that simplifies D-Bus API for the SSSD InfoPipe responder.
a49733
a49733 
%package winbind-idmap
a49733 
Summary: SSSD's idmap_sss Backend for Winbind
a49733 
License: GPLv3+ and LGPLv3+
a49733 
Requires: libsss_nss_idmap = %{version}-%{release}
a49733 
Requires: libsss_idmap = %{version}-%{release}
a49733 
Conflicts: sssd-common < %{version}-%{release}
a49733
a49733 
%description winbind-idmap
a49733 
The idmap_sss module provides a way for Winbind to call SSSD to map UIDs/GIDs
a49733 
and SIDs.
a49733
a49733 
%package nfs-idmap
a49733 
Summary: SSSD plug-in for NFSv4 rpc.idmapd
a49733 
License: GPLv3+
a49733 
Conflicts: sssd-common < %{version}-%{release}
a49733
a49733 
%description nfs-idmap
a49733 
The libnfsidmap sssd module provides a way for rpc.idmapd to call SSSD to map
a49733 
UIDs/GIDs to names and vice versa. It can be also used for mapping principal
a49733 
(user) name to IDs(UID or GID) or to obtain groups which user are member of.
a49733
a49733 
%package -n libsss_certmap
a49733 
Summary: SSSD Certificate Mapping Library
a49733 
License: LGPLv3+
a49733 
Conflicts: sssd-common < %{version}-%{release}
a49733
a49733 
%description -n libsss_certmap
a49733 
Library to map certificates to users based on rules
a49733
a49733 
%package -n libsss_certmap-devel
a49733 
Summary: SSSD Certificate Mapping Library
a49733 
License: LGPLv3+
a49733 
Requires: libsss_certmap = %{version}-%{release}
a49733
a49733 
%description -n libsss_certmap-devel
a49733 
Library to map certificates to users based on rules
a49733
a49733 
%package kcm
a49733 
Summary: An implementation of a Kerberos KCM server
a49733 
License: GPLv3+
a49733 
Requires: sssd-common = %{version}-%{release}
a49733 
%{?systemd_requires}
a49733
a49733 
%description kcm
a49733 
An implementation of a Kerberos KCM server. Use this package if you want to
a49733 
use the KCM: Kerberos credentials cache.
a49733
a49733 
%prep
a49733 
%autosetup -p1
a49733
a49733 
%build
a49733
a49733 
autoreconf -ivf
a49733
a49733 
%configure \
a49733 
    --disable-rpath \
a49733 
    --disable-static \
a49733 
    --enable-gss-spnego-for-zero-maxssf \
a49733 
    --enable-nfsidmaplibdir=%{_libdir}/libnfsidmap \
a49733 
    --enable-nsslibdir=%{_libdir} \
a49733 
    --enable-pammoddir=%{_libdir}/security \
a49733 
    --enable-sss-default-nss-plugin \
a49733 
    --enable-systemtap \
a49733 
    --with-db-path=%{dbpath} \
a49733 
    --with-gpo-cache-path=%{gpocachepath} \
a49733 
    --with-init-dir=%{_initrddir} \
a49733 
    --with-initscript=systemd \
a49733 
    --with-krb5-rcache-dir=%{_localstatedir}/cache/krb5rcache \
a49733 
    --with-mcache-path=%{mcpath} \
a49733 
    --with-pid-path=%{_rundir} \
a49733 
    --with-pipe-path=%{pipepath} \
a49733 
    --with-pubconf-path=%{pubconfpath} \
a49733 
    --with-sssd-user=%{sssd_user} \
a49733 
    --with-syslog=journald \
a49733 
    --with-test-dir=/dev/shm \
a49733 
    --with-subid \
a49733 
%if 0%{?fedora}
a49733 
    --enable-files-domain \
a49733 
    --disable-polkit-rules-path \
a49733 
%endif
a49733 
    %{nil}
a49733
a49733 
%make_build all docs runstatedir=%{_rundir}
a49733
a49733 
sed -i -e 's:/usr/bin/python:/usr/bin/python3:' src/tools/sss_obfuscate
a49733
a49733 
%check
a49733 
export CK_TIMEOUT_MULTIPLIER=10
a49733 
%make_build check VERBOSE=yes
a49733 
unset CK_TIMEOUT_MULTIPLIER
a49733
a49733 
%install
a49733
41a6e7 
%py3_shebang_fix src/tools/analyzer/sss_analyze.py
41a6e7
a49733 
%make_install
a49733
a49733 
# Prepare language files
a49733 
/usr/lib/rpm/find-lang.sh $RPM_BUILD_ROOT sssd
a49733
a49733 
# Copy default logrotate file
a49733 
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d
a49733 
install -m644 src/examples/logrotate $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/sssd
a49733
a49733 
# Make sure SSSD is able to run on read-only root
a49733 
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/rwtab.d
a49733 
install -m644 src/examples/rwtab $RPM_BUILD_ROOT%{_sysconfdir}/rwtab.d/sssd
a49733
a49733 
# Kerberos KCM credential cache by default
a49733 
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d
a49733 
cp $RPM_BUILD_ROOT/%{_datadir}/sssd-kcm/kcm_default_ccache \
a49733 
   $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/kcm_default_ccache
a49733
a49733 
# Create directory for cifs-idmap alternative
a49733 
# Otherwise this directory could not be owned by sssd-client
a49733 
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/cifs-utils
a49733
a49733 
# Remove .la files created by libtool
a49733 
find $RPM_BUILD_ROOT -name "*.la" -exec rm -f {} \;
a49733
a49733 
# Suppress developer-only documentation
a49733 
rm -Rf ${RPM_BUILD_ROOT}/%{_docdir}/%{name}
a49733
a49733 
# Older versions of rpmbuild can only handle one -f option
a49733 
# So we need to append to the sssd*.lang file
a49733 
for file in `ls $RPM_BUILD_ROOT/%{python3_sitelib}/*.egg-info 2> /dev/null`
a49733 
do
a49733 
    echo %{python3_sitelib}/`basename $file` >> python3_sssdconfig.lang
a49733 
done
a49733
a49733 
touch sssd.lang
a49733 
for subpackage in sssd_ldap sssd_krb5 sssd_ipa sssd_ad sssd_proxy sssd_tools \
a49733 
                  sssd_client sssd_dbus sssd_nfs_idmap sssd_winbind_idmap \
a49733 
                  libsss_certmap sssd_kcm
a49733 
do
a49733 
    touch $subpackage.lang
a49733 
done
a49733
a49733 
for man in `find $RPM_BUILD_ROOT/%{_mandir}/??/man?/ -type f | sed -e "s#$RPM_BUILD_ROOT/%{_mandir}/##"`
a49733 
do
a49733 
    lang=`echo $man | cut -c 1-2`
a49733 
    case `basename $man` in
a49733 
        sss_cache*)
a49733 
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang
a49733 
            ;;
a49733 
        sss_ssh*)
a49733 
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang
a49733 
            ;;
a49733 
        sss_rpcidmapd*)
a49733 
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_nfs_idmap.lang
a49733 
            ;;
a49733 
        sss_*)
a49733 
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_tools.lang
a49733 
            ;;
a49733 
        sssctl*)
a49733 
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_tools.lang
a49733 
            ;;
a49733 
        sssd_krb5_*)
a49733 
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_client.lang
a49733 
            ;;
a49733 
        pam_sss*)
a49733 
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_client.lang
a49733 
            ;;
a49733 
        sssd-ldap*)
a49733 
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ldap.lang
a49733 
            ;;
a49733 
        sssd-krb5*)
a49733 
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_krb5.lang
a49733 
            ;;
a49733 
        sssd-ipa*)
a49733 
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ipa.lang
a49733 
            ;;
a49733 
        sssd-ad*)
a49733 
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ad.lang
a49733 
            ;;
a49733 
        sssd-proxy*)
a49733 
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_proxy.lang
a49733 
            ;;
a49733 
        sssd-ifp*)
a49733 
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_dbus.lang
a49733 
            ;;
a49733 
        sssd-kcm*)
a49733 
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_kcm.lang
a49733 
            ;;
a49733 
        idmap_sss*)
a49733 
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_winbind_idmap.lang
a49733 
            ;;
a49733 
        sss-certmap*)
a49733 
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> libsss_certmap.lang
a49733 
            ;;
a49733 
        *)
a49733 
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang
a49733 
            ;;
a49733 
    esac
a49733 
done
a49733
a49733 
# Print these to the rpmbuild log
a49733 
echo "sssd.lang:"
a49733 
cat sssd.lang
a49733
a49733 
echo "python3_sssdconfig.lang:"
a49733 
cat python3_sssdconfig.lang
a49733
a49733 
for subpackage in sssd_ldap sssd_krb5 sssd_ipa sssd_ad sssd_proxy sssd_tools \
a49733 
                  sssd_client sssd_dbus sssd_nfs_idmap sssd_winbind_idmap \
a49733 
                  libsss_certmap sssd_kcm
a49733 
do
a49733 
    echo "$subpackage.lang:"
a49733 
    cat $subpackage.lang
a49733 
done
a49733
a49733 
%files
a49733 
%license COPYING
a49733
a49733 
%files common -f sssd.lang
a49733 
%license COPYING
a49733 
%doc src/examples/sssd-example.conf
a49733 
%{_sbindir}/sssd
a49733 
%{_unitdir}/sssd.service
a49733 
%{_unitdir}/sssd-autofs.socket
a49733 
%{_unitdir}/sssd-autofs.service
a49733 
%{_unitdir}/sssd-nss.socket
a49733 
%{_unitdir}/sssd-nss.service
a49733 
%{_unitdir}/sssd-pac.socket
a49733 
%{_unitdir}/sssd-pac.service
a49733 
%{_unitdir}/sssd-pam.socket
a49733 
%{_unitdir}/sssd-pam-priv.socket
a49733 
%{_unitdir}/sssd-pam.service
a49733 
%{_unitdir}/sssd-ssh.socket
a49733 
%{_unitdir}/sssd-ssh.service
a49733 
%{_unitdir}/sssd-sudo.socket
a49733 
%{_unitdir}/sssd-sudo.service
a49733
a49733 
%dir %{_libexecdir}/%{servicename}
a49733 
%{_libexecdir}/%{servicename}/sssd_be
a49733 
%{_libexecdir}/%{servicename}/sssd_nss
a49733 
%{_libexecdir}/%{servicename}/sssd_pam
a49733 
%{_libexecdir}/%{servicename}/sssd_autofs
a49733 
%{_libexecdir}/%{servicename}/sssd_ssh
a49733 
%{_libexecdir}/%{servicename}/sssd_sudo
a49733 
%{_libexecdir}/%{servicename}/p11_child
a49733 
%{_libexecdir}/%{servicename}/sssd_check_socket_activated_responders
a49733
a49733 
%dir %{_libdir}/%{name}
a49733 
# The files provider is intentionally packaged in -common
a49733 
%{_libdir}/%{name}/libsss_files.so
a49733 
%{_libdir}/%{name}/libsss_simple.so
a49733
a49733 
#Internal shared libraries
a49733 
%{_libdir}/%{name}/libsss_child.so
a49733 
%{_libdir}/%{name}/libsss_crypt.so
a49733 
%{_libdir}/%{name}/libsss_cert.so
a49733 
%{_libdir}/%{name}/libsss_debug.so
a49733 
%{_libdir}/%{name}/libsss_krb5_common.so
a49733 
%{_libdir}/%{name}/libsss_ldap_common.so
a49733 
%{_libdir}/%{name}/libsss_util.so
a49733 
%{_libdir}/%{name}/libsss_semanage.so
a49733 
%{_libdir}/%{name}/libifp_iface.so
a49733 
%{_libdir}/%{name}/libifp_iface_sync.so
a49733 
%{_libdir}/%{name}/libsss_iface.so
a49733 
%{_libdir}/%{name}/libsss_iface_sync.so
a49733 
%{_libdir}/%{name}/libsss_sbus.so
a49733 
%{_libdir}/%{name}/libsss_sbus_sync.so
a49733
a49733 
%{ldb_modulesdir}/memberof.so
a49733 
%{_bindir}/sss_ssh_authorizedkeys
a49733 
%{_bindir}/sss_ssh_knownhostsproxy
a49733 
%{_sbindir}/sss_cache
a49733 
%{_libexecdir}/%{servicename}/sss_signal
a49733
a49733 
%dir %{sssdstatedir}
a49733 
%dir %{_localstatedir}/cache/krb5rcache
a49733 
%attr(700,%{sssd_user},%{sssd_user}) %dir %{dbpath}
a49733 
%attr(775,%{sssd_user},%{sssd_user}) %dir %{mcpath}
a49733 
%attr(700,root,root) %dir %{secdbpath}
a49733 
%attr(751,root,root) %dir %{deskprofilepath}
a49733 
%ghost %attr(0664,%{sssd_user},%{sssd_user}) %verify(not md5 size mtime) %{mcpath}/passwd
a49733 
%ghost %attr(0664,%{sssd_user},%{sssd_user}) %verify(not md5 size mtime) %{mcpath}/group
a49733 
%ghost %attr(0664,%{sssd_user},%{sssd_user}) %verify(not md5 size mtime) %{mcpath}/initgroups
a49733 
%attr(755,%{sssd_user},%{sssd_user}) %dir %{pipepath}
a49733 
%attr(750,%{sssd_user},root) %dir %{pipepath}/private
a49733 
%attr(755,%{sssd_user},%{sssd_user}) %dir %{pubconfpath}
a49733 
%attr(755,%{sssd_user},%{sssd_user}) %dir %{gpocachepath}
a49733 
%attr(750,%{sssd_user},%{sssd_user}) %dir %{_var}/log/%{name}
a49733 
%attr(700,%{sssd_user},%{sssd_user}) %dir %{_sysconfdir}/sssd
a49733 
%attr(711,%{sssd_user},%{sssd_user}) %dir %{_sysconfdir}/sssd/conf.d
a49733 
%attr(711,root,root) %dir %{_sysconfdir}/sssd/pki
a49733 
%ghost %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/sssd/sssd.conf
a49733 
%dir %{_sysconfdir}/logrotate.d
a49733 
%config(noreplace) %{_sysconfdir}/logrotate.d/sssd
a49733 
%dir %{_sysconfdir}/rwtab.d
a49733 
%config(noreplace) %{_sysconfdir}/rwtab.d/sssd
a49733 
%dir %{_datadir}/sssd
a49733 
%config(noreplace) %{_sysconfdir}/pam.d/sssd-shadowutils
a49733 
%dir %{_libdir}/%{name}/conf
a49733 
%{_libdir}/%{name}/conf/sssd.conf
a49733
a49733 
%{_datadir}/sssd/cfg_rules.ini
a49733 
%{_mandir}/man1/sss_ssh_authorizedkeys.1*
a49733 
%{_mandir}/man1/sss_ssh_knownhostsproxy.1*
a49733 
%{_mandir}/man5/sssd.conf.5*
a49733 
%{_mandir}/man5/sssd-files.5*
a49733 
%{_mandir}/man5/sssd-simple.5*
a49733 
%{_mandir}/man5/sssd-sudo.5*
a49733 
%{_mandir}/man5/sssd-session-recording.5*
a49733 
%{_mandir}/man8/sssd.8*
a49733 
%{_mandir}/man8/sss_cache.8*
a49733 
%dir %{_datadir}/sssd/systemtap
a49733 
%{_datadir}/sssd/systemtap/id_perf.stp
a49733 
%{_datadir}/sssd/systemtap/nested_group_perf.stp
a49733 
%{_datadir}/sssd/systemtap/dp_request.stp
a49733 
%{_datadir}/sssd/systemtap/ldap_perf.stp
a49733 
%dir %{_datadir}/systemtap
a49733 
%dir %{_datadir}/systemtap/tapset
a49733 
%{_datadir}/systemtap/tapset/sssd.stp
a49733 
%{_datadir}/systemtap/tapset/sssd_functions.stp
a49733 
%{_mandir}/man5/sssd-systemtap.5*
a49733
a49733 
%if 0%{?rhel}
a49733 
%files polkit-rules
a49733 
%{_datadir}/polkit-1/rules.d/*
a49733 
%endif
a49733
a49733 
%files ldap -f sssd_ldap.lang
a49733 
%license COPYING
a49733 
%{_libdir}/%{name}/libsss_ldap.so
a49733 
%{_mandir}/man5/sssd-ldap.5*
a49733 
%{_mandir}/man5/sssd-ldap-attributes.5*
a49733
a49733 
%files krb5-common
a49733 
%license COPYING
a49733 
%attr(755,%{sssd_user},%{sssd_user}) %dir %{pubconfpath}/krb5.include.d
a49733 
%attr(%{child_attrs},root,%{sssd_user}) %{_libexecdir}/%{servicename}/ldap_child
a49733 
%attr(%{child_attrs},root,%{sssd_user}) %{_libexecdir}/%{servicename}/krb5_child
a49733
a49733 
%files krb5 -f sssd_krb5.lang
a49733 
%license COPYING
a49733 
%{_libdir}/%{name}/libsss_krb5.so
a49733 
%{_mandir}/man5/sssd-krb5.5*
a49733
a49733 
%files common-pac
a49733 
%license COPYING
a49733 
%{_libexecdir}/%{servicename}/sssd_pac
a49733
a49733 
%files ipa -f sssd_ipa.lang
a49733 
%license COPYING
a49733 
%attr(700,%{sssd_user},%{sssd_user}) %dir %{keytabdir}
a49733 
%{_libdir}/%{name}/libsss_ipa.so
a49733 
%attr(%{child_attrs},root,%{sssd_user}) %{_libexecdir}/%{servicename}/selinux_child
a49733 
%{_mandir}/man5/sssd-ipa.5*
a49733
a49733 
%files ad -f sssd_ad.lang
a49733 
%license COPYING
a49733 
%{_libdir}/%{name}/libsss_ad.so
a49733 
%{_libexecdir}/%{servicename}/gpo_child
a49733 
%{_mandir}/man5/sssd-ad.5*
a49733
a49733 
%files proxy
a49733 
%license COPYING
a49733 
%attr(%{child_attrs},root,%{sssd_user}) %{_libexecdir}/%{servicename}/proxy_child
a49733 
%{_libdir}/%{name}/libsss_proxy.so
a49733
a49733 
%files dbus -f sssd_dbus.lang
a49733 
%license COPYING
a49733 
%{_libexecdir}/%{servicename}/sssd_ifp
a49733 
%{_mandir}/man5/sssd-ifp.5*
a49733 
%{_unitdir}/sssd-ifp.service
a49733 
# InfoPipe DBus plumbing
a49733 
%{_sysconfdir}/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
a49733 
%{_datadir}/dbus-1/system-services/org.freedesktop.sssd.infopipe.service
a49733
a49733 
%files -n libsss_simpleifp
a49733 
%{_libdir}/libsss_simpleifp.so.*
a49733
a49733 
%files -n libsss_simpleifp-devel
a49733 
%doc sss_simpleifp_doc/html
a49733 
%{_includedir}/sss_sifp.h
a49733 
%{_includedir}/sss_sifp_dbus.h
a49733 
%{_libdir}/libsss_simpleifp.so
a49733 
%{_libdir}/pkgconfig/sss_simpleifp.pc
a49733
a49733 
%files client -f sssd_client.lang
a49733 
%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
a49733 
%{_libdir}/libnss_sss.so.2
a49733 
%{_libdir}/libsubid_sss.so
a49733 
%{_libdir}/security/pam_sss.so
a49733 
%{_libdir}/security/pam_sss_gss.so
a49733 
%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so
a49733 
%{_libdir}/krb5/plugins/authdata/sssd_pac_plugin.so
a49733 
%dir %{_libdir}/cifs-utils
a49733 
%{_libdir}/cifs-utils/cifs_idmap_sss.so
a49733 
%dir %{_sysconfdir}/cifs-utils
a49733 
%ghost %{_sysconfdir}/cifs-utils/idmap-plugin
a49733 
%dir %{_libdir}/%{name}
a49733 
%dir %{_libdir}/%{name}/modules
a49733 
%{_libdir}/%{name}/modules/sssd_krb5_localauth_plugin.so
a49733 
%{_mandir}/man8/pam_sss.8*
a49733 
%{_mandir}/man8/pam_sss_gss.8*
a49733 
%{_mandir}/man8/sssd_krb5_locator_plugin.8*
a49733
a49733 
%files -n libsss_sudo
a49733 
%license src/sss_client/COPYING
a49733 
%{_libdir}/libsss_sudo.so*
a49733
a49733 
%files -n libsss_autofs
a49733 
%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
a49733 
%dir %{_libdir}/%{name}/modules
a49733 
%{_libdir}/%{name}/modules/libsss_autofs.so
a49733
a49733 
%files tools -f sssd_tools.lang
a49733 
%license COPYING
a49733 
%{_sbindir}/sss_obfuscate
a49733 
%{_sbindir}/sss_override
a49733 
%{_sbindir}/sss_debuglevel
a49733 
%{_sbindir}/sss_seed
a49733 
%{_sbindir}/sssctl
41a6e7 
%{python3_sitelib}/sssd/
a49733 
%{_mandir}/man8/sss_obfuscate.8*
a49733 
%{_mandir}/man8/sss_override.8*
a49733 
%{_mandir}/man8/sss_debuglevel.8*
a49733 
%{_mandir}/man8/sss_seed.8*
a49733 
%{_mandir}/man8/sssctl.8*
a49733
a49733 
%files -n python3-sssdconfig -f python3_sssdconfig.lang
a49733 
%dir %{python3_sitelib}/SSSDConfig
a49733 
%{python3_sitelib}/SSSDConfig/*.py*
a49733 
%dir %{python3_sitelib}/SSSDConfig/__pycache__
a49733 
%{python3_sitelib}/SSSDConfig/__pycache__/*.py*
a49733 
%dir %{_datadir}/sssd
a49733 
%{_datadir}/sssd/sssd.api.conf
a49733 
%{_datadir}/sssd/sssd.api.d
a49733
a49733 
%files -n python3-sss
a49733 
%{python3_sitearch}/pysss.so
a49733
a49733 
%files -n python3-sss-murmur
a49733 
%{python3_sitearch}/pysss_murmur.so
a49733
a49733 
%files -n libsss_idmap
a49733 
%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
a49733 
%{_libdir}/libsss_idmap.so.*
a49733
a49733 
%files -n libsss_idmap-devel
a49733 
%doc idmap_doc/html
a49733 
%{_includedir}/sss_idmap.h
a49733 
%{_libdir}/libsss_idmap.so
a49733 
%{_libdir}/pkgconfig/sss_idmap.pc
a49733
a49733 
%files -n libipa_hbac
a49733 
%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
a49733 
%{_libdir}/libipa_hbac.so.*
a49733
a49733 
%files -n libipa_hbac-devel
a49733 
%doc hbac_doc/html
a49733 
%{_includedir}/ipa_hbac.h
a49733 
%{_libdir}/libipa_hbac.so
a49733 
%{_libdir}/pkgconfig/ipa_hbac.pc
a49733
a49733 
%files -n libsss_nss_idmap
a49733 
%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
a49733 
%{_libdir}/libsss_nss_idmap.so.*
a49733
a49733 
%files -n libsss_nss_idmap-devel
a49733 
%doc nss_idmap_doc/html
a49733 
%{_includedir}/sss_nss_idmap.h
a49733 
%{_libdir}/libsss_nss_idmap.so
a49733 
%{_libdir}/pkgconfig/sss_nss_idmap.pc
a49733
a49733 
%files -n python3-libsss_nss_idmap
a49733 
%{python3_sitearch}/pysss_nss_idmap.so
a49733
a49733 
%files -n python3-libipa_hbac
a49733 
%{python3_sitearch}/pyhbac.so
a49733
a49733 
%files winbind-idmap -f sssd_winbind_idmap.lang
a49733 
%dir %{_libdir}/samba/idmap
a49733 
%{_libdir}/samba/idmap/sss.so
a49733 
%{_mandir}/man8/idmap_sss.8*
a49733
a49733 
%files nfs-idmap -f sssd_nfs_idmap.lang
a49733 
%{_mandir}/man5/sss_rpcidmapd.5*
a49733 
%{_libdir}/libnfsidmap/sss.so
a49733
a49733 
%files -n libsss_certmap -f libsss_certmap.lang
a49733 
%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
a49733 
%{_libdir}/libsss_certmap.so.*
a49733 
%{_mandir}/man5/sss-certmap.5*
a49733
a49733 
%files -n libsss_certmap-devel
a49733 
%doc certmap_doc/html
a49733 
%{_includedir}/sss_certmap.h
a49733 
%{_libdir}/libsss_certmap.so
a49733 
%{_libdir}/pkgconfig/sss_certmap.pc
a49733
a49733 
%files kcm -f sssd_kcm.lang
a49733 
%{_libexecdir}/%{servicename}/sssd_kcm
a49733 
%config(noreplace) %{_sysconfdir}/krb5.conf.d/kcm_default_ccache
a49733 
%dir %{_datadir}/sssd-kcm
a49733 
%{_datadir}/sssd-kcm/kcm_default_ccache
a49733 
%{_unitdir}/sssd-kcm.socket
a49733 
%{_unitdir}/sssd-kcm.service
a49733 
%{_mandir}/man8/sssd-kcm.8*
a49733
a49733 
%if 0%{?rhel}
a49733 
%pre common
a49733 
getent group sssd >/dev/null || groupadd -r sssd
a49733 
getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssd
a49733 
%endif
a49733
a49733 
%post common
a49733 
%systemd_post sssd.service
a49733 
%systemd_post sssd-autofs.socket
a49733 
%systemd_post sssd-nss.socket
a49733 
%systemd_post sssd-pac.socket
a49733 
%systemd_post sssd-pam.socket
a49733 
%systemd_post sssd-pam-priv.socket
a49733 
%systemd_post sssd-ssh.socket
a49733 
%systemd_post sssd-sudo.socket
a49733
a49733 
%preun common
a49733 
%systemd_preun sssd.service
a49733 
%systemd_preun sssd-autofs.socket
a49733 
%systemd_preun sssd-nss.socket
a49733 
%systemd_preun sssd-pac.socket
a49733 
%systemd_preun sssd-pam.socket
a49733 
%systemd_preun sssd-pam-priv.socket
a49733 
%systemd_preun sssd-ssh.socket
a49733 
%systemd_preun sssd-sudo.socket
a49733
a49733 
%postun common
a49733 
%systemd_postun_with_restart sssd-autofs.socket
a49733 
%systemd_postun_with_restart sssd-nss.socket
a49733 
%systemd_postun_with_restart sssd-pac.socket
a49733 
%systemd_postun_with_restart sssd-pam.socket
a49733 
%systemd_postun_with_restart sssd-pam-priv.socket
a49733 
%systemd_postun_with_restart sssd-ssh.socket
a49733 
%systemd_postun_with_restart sssd-sudo.socket
a49733
a49733 
# Services have RefuseManualStart=true, therefore we can't request restart.
a49733 
%systemd_postun sssd-autofs.service
a49733 
%systemd_postun sssd-nss.service
a49733 
%systemd_postun sssd-pac.service
a49733 
%systemd_postun sssd-pam.service
a49733 
%systemd_postun sssd-ssh.service
a49733 
%systemd_postun sssd-sudo.service
a49733
a49733 
%post dbus
a49733 
%systemd_post sssd-ifp.service
a49733
a49733 
%preun dbus
a49733 
%systemd_preun sssd-ifp.service
a49733
a49733 
%postun dbus
a49733 
%systemd_postun_with_restart sssd-ifp.service
a49733
a49733 
%post kcm
a49733 
%systemd_post sssd-kcm.socket
a49733
a49733 
%preun kcm
a49733 
%systemd_preun sssd-kcm.socket
a49733
a49733 
%postun kcm
a49733 
%systemd_postun_with_restart sssd-kcm.socket
a49733 
%systemd_postun_with_restart sssd-kcm.service
a49733
a49733 
%post client
a49733 
%{?ldconfig}
a49733 
/usr/sbin/alternatives --install /etc/cifs-utils/idmap-plugin cifs-idmap-plugin %{_libdir}/cifs-utils/cifs_idmap_sss.so 20
a49733
a49733 
%preun client
a49733 
if [ $1 -eq 0 ] ; then
a49733 
        /usr/sbin/alternatives --remove cifs-idmap-plugin %{_libdir}/cifs-utils/cifs_idmap_sss.so
a49733 
fi
a49733
a49733 
%ldconfig_postun client
a49733
a49733 
%ldconfig_scriptlets -n libsss_sudo
a49733
a49733 
%ldconfig_scriptlets -n libipa_hbac
a49733
a49733 
%ldconfig_scriptlets -n libsss_idmap
a49733
a49733 
%ldconfig_scriptlets -n libsss_nss_idmap
a49733
a49733 
%ldconfig_scriptlets -n libsss_simpleifp
a49733
a49733 
%ldconfig_scriptlets -n libsss_certmap
a49733
a49733 
%posttrans common
a49733 
%systemd_postun_with_restart sssd.service
a49733
a49733 
%changelog
41a6e7 
* Mon Dec 06 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.6.1-1
41a6e7 
- Resolves: rhbz#2011224 - Rebase SSSD for RHEL 9.0-GA
41a6e7 
- Resolves: rhbz#1966201 - sssd: incorrect checks on length values during packet decoding in unpack_authtok()
41a6e7 
- Resolves: rhbz#977803 - incorrect checks of `strto*()` string to number convertion functions
41a6e7 
- Resolves: rhbz#1992432 - Add client certificate validation D-Bus API
41a6e7 
- Resolves: rhbz#1992973 - Lookup with fully-qualified name does not work with 'cache_first = True'
41a6e7 
- Resolves: rhbz#1996151 - Add support for CKM_RSA_PKCS in smart card authentication.
41a6e7 
- Resolves: rhbz#1998459 - 2.5.x based SSSD adds more AD domains than it should based on the configuration file (not trusted and from a different forest)
41a6e7 
- Resolves: rhbz#2000476 - disabled root ad domain causes subdomains to be marked offline
41a6e7 
- Resolves: rhbz#2014249 - Consistency in defaults between OpenSSH and SSSD
41a6e7 
- Resolves: rhbz#2029419 - 'exclude_groups' option provided in SSSD for session recording (tlog) doesn't work as expected
41a6e7
a49733 
* Mon Aug 16 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.5.2-5
a49733 
- Resolves: rhbz#1909755 - Suppress log message "[sssd] [service_signal_done] (0x0010): Unable to signal service [2]: No such file or directory" during logrote
a49733 
- Resolves: rhbz#1962123 - [sssd] RHEL 9.0 Beta Tier 0 Localization
a49733
a49733 
* Mon Aug 16 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.5.2-4
a49733 
- Resolves: rhbz#1973411 - CVE-2021-3621 sssd: shell command injection in sssctl [rhel-9]
a49733
a49733 
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 2.5.2-3
a49733 
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
a49733 
  Related: rhbz#1991688
a49733
a49733 
* Mon Aug 02 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.5.2-2
a49733 
- Resolves: rhbz#1803943 - [RFE] support subid ranges managed by FreeIPA
a49733
a49733 
* Fri Jul 16 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.5.2-1
a49733 
- Resolves: rhbz#1952922 - Rebase SSSD for RHEL 9-Beta
a49733 
- Resolves: rhbz#1975691 - covscan NULL pointer dereference cache_req_data_create()
a49733
a49733 
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.5.1-2
a49733 
- Rebuilt for RHEL 9 BETA for openssl 3.0
a49733 
  Related: rhbz#1971065
a49733
a49733 
* Mon Jun 14 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.5.1-1
a49733 
- Resolves: rhbz#1952922 - Rebase SSSD for RHEL 9-Beta
a49733 
- Resolves: rhbz#1938876 - review of important potential issues detected by static analyzers in sssd-2.4.1-1.el9
a49733 
- Resolves: rhbz#1942277 - Wrong default debug level of sssd tools
a49733
a49733 
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.4.2-4
a49733 
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
a49733
a49733 
* Wed Mar 31 2021 Pavel Březina <pbrezina@redhat.com> - 2.4.2-3
a49733 
- Add CAP_DAC_OVERRIDE to ifp service file if required by build configuration
a49733
a49733 
* Fri Feb 19 2021 Pavel Březina <pbrezina@redhat.com> - 2.4.2-2
a49733 
- Remove setuid from child binaries and relax requirement on python3-sssdconfig
a49733
a49733 
* Fri Feb 19 2021 Pavel Březina <pbrezina@redhat.com> - 2.4.2-1
a49733 
- Rebase to SSSD 2.4.2
a49733
a49733 
* Fri Feb 5 2021 Pavel Březina <pbrezina@redhat.com> - 2.4.1-1
a49733 
- Rebase to SSSD 2.4.1
a49733
a49733 
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.0-7
a49733 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
a49733
a49733 
* Fri Dec 11 2020 Pavel Březina <pbrezina@redhat.com> - 2.4.0-6
a49733 
- Improve sssd-kcm performance, fix upgrade with existing credentials (rhbz#1645624)
a49733
a49733 
* Mon Dec 7 2020 Pavel Březina <pbrezina@redhat.com> - 2.4.0-5
a49733 
- Improve sssd-kcm performance (rhbz#1645624)
a49733
a49733 
* Mon Nov 30 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.4.0-4
a49733 
- Rebuild for Fedora ELN
a49733
a49733 
* Tue Nov  3 2020 Petr Lautrbach <plautrba@redhat.com> - 2.4.0-3
a49733 
- Rebuild with libsemanage.so.2
a49733
a49733 
* Mon Oct 12 2020 Pavel Březina <pbrezina@redhat.com> - 2.4.0-2
a49733 
- Remove old patches
a49733
a49733 
* Mon Oct 12 2020 Pavel Březina <pbrezina@redhat.com> - 2.4.0-1
a49733 
- Rebase to SSSD 2.4.0
a49733
a49733 
* Tue Jul 28 2020 Pavel Březina <pbrezina@redhat.com> - 2.3.1-4
a49733 
- Actually include 2.3.1 source
a49733
a49733 
* Tue Jul 28 2020 Pavel Březina <pbrezina@redhat.com> - 2.3.1-3
a49733 
- Fix test compilation with check-0.15
a49733
a49733 
* Mon Jul 27 2020 Pavel Březina <pbrezina@redhat.com> - 2.3.1-2
a49733 
- Use correct run dir (RHBZ#1557622)
a49733
a49733 
* Fri Jul 24 2020 Pavel Březina <pbrezina@redhat.com> - 2.3.1-1
a49733 
- Rebase to SSSD 2.3.1
a49733
a49733 
* Fri Jul 24 2020 Merlin Mathesius <mmathesi@redhat.com> - 2.3.0-5
a49733 
- Minor ELN conditional fix
a49733
a49733 
* Tue Jul 14 2020 Tom Stellard <tstellar@redhat.com> - 2.3.0-4
a49733 
- Use make macros
a49733 
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
a49733
a49733 
* Wed Jul  1 2020 Jeff Law <law@redhat.com>
a49733 
- Disable LTO
a49733
a49733 
* Fri Jun 19 2020 Peter Jones <pjones@redhat.com>
a49733 
- Fix github url typo
a49733
a49733 
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 2.3.0-2
a49733 
- Rebuilt for Python 3.9
a49733
a49733 
* Wed May 20 2020 Pavel Březina <pbrezina@redhat.com> - 2.3.0-1
a49733 
- Rebase to SSSD 2.3.0
a49733
a49733 
* Fri Feb 28 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-14
a49733 
- Resolves: rhbz#1800567 - sssd fail to build in Fedora rawhide
a49733
a49733 
* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-13
a49733 
- Resolves: upstream#4159 - p11_child should have an option to skip
a49733 
                            C_WaitForSlotEvent if the PKCS#11 module does not
a49733 
                            implement it properly
a49733
a49733 
* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-12
a49733 
- Resolves: upstream#4135 - util/sss_ptr_hash.c: potential double free in
a49733 
                            `sss_ptr_hash_delete_cb()`
a49733
a49733 
* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-11
a49733 
- Resolves: upstream#4118 - sssd requires timed sudoers ldap entries to be
a49733 
  specified up to the seconds
a49733
a49733 
* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-11
a49733 
- Add sssd-dbus package as a dependency of sssd-tools
a49733
a49733 
* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-10
a49733 
- Resolves: upstream#4142 - sssd_be frequent crash
a49733
a49733 
* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-9
a49733 
- Resolves: upstream#4131 Force LDAPS over 636 with AD Provider
a49733
a49733 
* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-8
a49733 
- Resolves: upstream#3630 - Randomize ldap_connection_expire_timeout either
a49733 
                            by default or w/ a configure option
a49733
a49733 
* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-7
a49733 
- Resolves: upstream#4135 - util/sss_ptr_hash.c: potential double free in
a49733 
                            `sss_ptr_hash_delete_cb()`
a49733 
* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-6
a49733 
- Resolves: upstream#4088 - server/be: SIGTERM handling is incorrect
a49733
a49733 
* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-5
a49733 
- Resolves: upstream##4089 Watchdog implementation or usage is incorrect
a49733
a49733 
* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-4
a49733 
- Resolves: upstream#4126 pcscd rejecting sssd ldap_child as unauthorized
a49733
a49733 
* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-3
a49733 
- Resolves: upstream#4127 - [Doc]Provide explanation on escape character for
a49733 
                            match rules sss-certmap
a49733
a49733 
* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-2
a49733 
- Resolves: upstream#4129 - sssctl config-check command does not give proper
a49733 
                            error messages with line numbers
a49733
a49733 
* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-1
a49733 
- Update to latest released upstream version
a49733 
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_2_2_3.htm
a49733
a49733 
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.2-6
a49733 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
a49733
a49733 
* Fri Jan 24 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.2.2-5
a49733 
- Fix build against samba-4.12.0rc1
a49733
a49733 
* Fri Jan 24 2020 Mohan Boddu <mboddu@bhujji.com> - 2.2.2-4
a49733 
- Rebuild for samba-4.12.0rc1
a49733
a49733 
* Tue Oct 22 2019 Adam Williamson <awilliam@redhat.com> - 2.2.2-3
a49733 
- Resolves: rhbz#1755643 - Upgrade to sssd 2.2.2-1.fc30 breaks setting
a49733 
                           up FreeIPA replica in containers
a49733
a49733 
* Tue Oct 22 2019 Adam Williamson <awilliam@redhat.com> - 2.2.2-2
a49733 
- Resolves: rhbz#1757224 - Tickets act like they're expiring prematurely
a49733 
                           when using KCM cache
a49733
a49733 
* Wed Sep 11 2019 Michal Židek <mzidek@redhat.com> - 2.2.2-1
a49733 
- Update to latest released upstream version
a49733 
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_2_2_2.html
a49733 
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_2_2_1.html
a49733
a49733 
* Mon Aug 26 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.2.0-6
a49733 
- Rebuilding for libldb 2.0.5
a49733
a49733 
* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 2.2.0-5
a49733 
- Rebuilt for Python 3.8
a49733
a49733 
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.0-4
a49733 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
a49733
a49733 
* Fri Jul  5 2019 Jakub Hrozek <jhrozek@redhat.com> - 2.2.0-3
a49733 
- Resolves: rhbz#1721636 - sssd-kcm calls sssd-genconf which triggers
a49733 
                           nscd warning
a49733
a49733 
* Fri Jul  5 2019 Jakub Hrozek <jhrozek@redhat.com> - 2.2.0-2
a49733 
- Resolves: rhbz#1724717 - sssd-proxy crashes resolving groups with
a49733 
                           no members
a49733
a49733 
* Mon Jun 17 2019 Michal Židek <mzidek@redhat.com> - 2.2.0-1
a49733 
- Update to latest released upstream version
a49733 
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_2_2_0.html
a49733
a49733 
* Wed Mar 27 2019 Michal Židek <mzidek@redhat.com> - 2.1.0-2
a49733 
- Resolves: upstream#3867 - [RFE] Need an option in SSSD so that it will skip
a49733 
                             GPOs that have groupPolicyContainers unreadable
a49733 
                             by SSSD.
a49733 
- CVE-2018-16838
a49733
a49733 
* Wed Mar 27 2019 Michal Židek <mzidek@redhat.com> - 2.1.0-1
a49733 
- Update to latest released upstream version
a49733 
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_2_1_0.html
a49733
a49733 
* Wed Feb 13 2019 Sinny Kumari <skumari@redhat.com> - 2.0.0-9
a49733 
- Resolves: rhbz#1667444 -  sssd: make python3-sssdconfig as suggest
a49733
a49733 
* Wed Feb 13 2019 Adam Williamson <awilliam@redhat.com> - 2.0.0-8
a49733 
- Resolves: rhbz#1676946 - startup fail with status NOTIMPLEMENTED
a49733
a49733 
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.0-7
a49733 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
a49733
a49733 
* Wed Dec 12 2018 Adam Williamson <awilliam@redhat.com> - 2.0.0-6
a49733 
- Resolves: rhbz#1654537 - sbus: use 120 second default timeout
a49733 
- Backport two other patches from master to fix build with recent krb5
a49733
a49733 
* Wed Nov 07 2018 Michal Židek <mzidek@redhat.com> - 2.0.0-5
a49733 
- Resolves: rhbz#1629737 - sssd: Remove python2 (sub)packages from Fedora 30+
a49733
a49733 
* Wed Aug 29 2018 Michal Židek <mzidek@redhat.com> - 2.0.0-4
a49733 
- Resolves: upstream#3821 - crash related to sbus_router_destructor()
a49733 
- Resolves: upstream#3810 - sbus2: fix memory leak in sbus_message_bound_ref
a49733 
- Resolves: upstream#3819 - sssd only sets the SELinux login context if it
a49733 
                            differs from the default
a49733 
- Resolves: upstream#3807 - The sbus codegen script relies on "python" which
a49733 
                            might not be available on all distributions
a49733 
- Resolves: upstream#3820 - sudo: search with lower cased name for case
a49733 
                            insensitive domains
a49733 
- Resolves: upstream#3701 - [RFE] Allow changing default behavior of SSSD from
a49733 
                            an allow-any default to a deny-any default when it
a49733 
                            can't find any GPOs to apply to a user login.
a49733 
- Resolves: upstream#3828 - Invalid domain provider causes SSSD to abort
a49733 
                            startup
a49733 
- Resolves: upstream#3500 - Make sure sssd is a replacement for pam_pkcs11
a49733 
                            also for local account authentication
a49733 
- Resolves: upstream#3812 - sssd 2.0.0 segfaults on startup
a49733 
- Resolves: upstream#3826 - Remove references of sss_user/group/add/del
a49733 
                            commands in man pages since local provider is
a49733 
                            deprecated
a49733 
- Resolves: upstream#3827 - SSSD should log to syslog if a domain is not
a49733 
                            started due to a misconfiguration
a49733 
- Resolves: upstream#3830 - Printing incorrect information about domain with
a49733 
                            sssctl utility
a49733 
- Resolves: upstream#3489 - p11_child should work wit openssl1.0+
a49733 
- Resolves: upstream#3750 - [RFE] man 5 sssd-files should mention necessary
a49733 
                            changes in nsswitch.conf
a49733 
- Resovles: upstream#3650 - RFE: Require smartcard authentication
a49733 
- Resolves: upstream#3334 - sssctl config-check does not check any special
a49733 
                            characters in domain name of domain section
a49733 
- Resolves: upstream#3849 - Files: The files provider always enumerates
a49733 
                            which causes duplicate when running getent passwd
a49733 
- Related: upstream#3855 - session not recording for local user when groups
a49733 
                           defined
a49733 
- Resolves: upstream#3802 - Reuse sysdb_error_to_errno() outside sysdb
a49733 
- Related: upstream#3493 - Remove the pysss.local interface
a49733
a49733 
* Wed Aug 29 2018 Michal Židek <mzidek@redhat.com> - 2.0.0-3
a49733 
- Resolves: rhbz#1622760 - Console login as FreeIPA domain user fails in
a49733 
                           current Fedora Rawhide / 29
a49733
a49733 
* Wed Aug 29 2018 Michal Židek <mzidek@redhat.com> - 2.0.0-2
a49733 
- Fix linking issues
a49733
a49733 
* Tue Aug 14 2018 Michal Židek <mzidek@redhat.com> - 2.0.0-1
a49733 
- New upstream release 2.0.0
a49733
a49733 
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.16.2-6
a49733 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
a49733
a49733 
* Mon Jul 02 2018 Miro Hrončok <mhroncok@redhat.com> - 1.16.2-5
a49733 
- Rebuilt for Python 3.7
a49733
a49733 
* Mon Jun 25 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.2-4
a49733 
- Related: upstream#941 - return multiple server addresses to the Kerberos
a49733 
                          locator plugin
a49733 
- Related: upstream#3652 - kdcinfo doesn't get populated for other domains
a49733 
- Resolves: upstream#3747 - sss_ssh_authorizedkeys exits abruptly if SSHD
a49733 
                            closes its end of the pipe before reading all the
a49733 
                            SSH keys
a49733 
- Resolves: upstream#3607 - Handle conflicting e-mail addresses more gracefully
a49733 
- Resolves: upstream#3754 - SSSD AD uses LDAP filter to detect POSIX attributes
a49733 
                            stored in AD GC also for regular AD DC queries
a49733 
- Related: upstream#3219 - [RFE] Regular expression used in sssd.conf not being
a49733 
                           able to consume an @-sign in the user/group name.
a49733 
- Resolves: upstream#3766 - CVE-2018-10852: information leak from the sssd-sudo
a49733 
                            responder
a49733
a49733 
* Thu Jun 21 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.2-3
a49733 
- Resolves: rhbz#1591804 - something keeps /lib/libnss_systemd.so.2 open on
a49733 
                           minimal appliance image, breaking composes
a49733
a49733 
* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 1.16.2-2
a49733 
- Rebuilt for Python 3.7
a49733
a49733 
* Mon Jun 11 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.2-1
a49733 
- New upstream release 1.16.2
a49733 
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_2.html
a49733
a49733 
* Thu May 24 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-9
a49733 
- Related: upstream#3742 - Change of: User may not run sudo --> a password is
a49733 
                           required
a49733
a49733 
* Thu May 17 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-8
a49733 
- Revert 589d1a48 as the builders are back to f27
a49733
a49733 
* Wed May 16 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-7
a49733 
- Related: upstream#3436 - Certificates used in unit tests have limited
a49733 
                           lifetime
a49733 
- Add: "ExcludeArch: armv7hl"
a49733
a49733 
* Mon May 14 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-6
a49733 
- Related: upstream#3436 - Add openssl, openssh and nss-tools as BuildRequires
a49733
a49733 
* Mon May 14 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-5
a49733 
- Related: upstream#3436 - Certificates used in unit tests have limited
a49733 
                           lifetime
a49733 
- Resolves: upstream#3725 - sssd not honoring dyndns_server if the DNS update
a49733 
                            process is terminated with a signal
a49733 
- Resolves: upstream#3726 - SSSD with ID provider 'ad' should give a warning
a49733 
                            in case the ldap schema is manually changed to
a49733 
                            something different than 'ad'.
a49733 
- Related: upstream#2653 - Group renaming issue when "id_provider = ldap" is
a49733 
                           set.
a49733 
- Resolves: upstream#3719 - The SSSD IPA provider allocates information about
a49733 
                            external groups on a long lived memory context,
a49733 
                            causing memory growth of the sssd_be process
a49733 
- Resolves: upstream#3728 - Request by ID outside the min_id/max_id limit of a
a49733 
                            first domain does not reach the second domain
a49733 
- Resolves: upstream#3731 - nss_clear_netgroup_hash_table(): only remove
a49733 
                            entries from the hash table, do not free them
a49733 
- Resolves: upstream#3595 - ID override GID from Default Trust View is not
a49733 
                            properly resolved in case domain resolution order
a49733 
                            is set
a49733
a49733 
* Sat May 05 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-4
a49733 
- Resolves: rhbz#1574778 - sssd fails to download known_hosts from freeipa
a49733
a49733 
* Fri Apr 27 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-3
a49733 
- Resolves: upstream#3684 - A group is not updated if its member is removed
a49733 
                            with the cleanup task, but the group does not
a49733 
                            change
a49733 
- Resolves: upstream#3558 - sudo: report error when two rules share cn
a49733 
- Tone down shutdown messages for socket activated responders
a49733 
- IPA: Qualify the externalUser sudo attribute
a49733 
- Resolves: upstream#3550 - refresh_expired_interval does not work with
a49733 
                            netgrous in 1.15
a49733 
- Resolves: upstream#3402 - Support alternative sources for the files provider
a49733 
- Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option
a49733 
- Resolves: upstream#3679 - Make nss netgroup requests more robust
a49733 
- Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not
a49733 
                            configured
a49733 
- Resolves: upstream#3469 - extend sss-certmap man page regarding priority
a49733 
                            processing
a49733 
- Improve docs/debug message about GC detection
a49733 
- Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes
a49733 
                            list out of bound?
a49733 
- Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is
a49733 
                            set.
a49733 
- Document which principal does the AD provider use
a49733 
- Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is
a49733 
                            defined, but contains no SIDs
a49733 
- Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM
a49733 
- Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data
a49733 
                           Provider returned an error
a49733 
                           [org.freedesktop.sssd.Error.DataProvider.Fatal]
a49733 
- Add gcc to build dependencies
a49733
a49733 
* Fri Mar 30 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-2
a49733 
- Resolves: upstream#3573 - sssd won't show netgroups with blank domain
a49733 
- Resolves: upstream#3660 - confdb_expand_app_domains() always fails
a49733 
- Resolves: upstream#3658 - Application domain is not interpreted correctly
a49733 
- Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to
a49733 
                            json_loads()
a49733 
- Resolves: upstream#3386 - KCM: Payload buffer is too small
a49733 
- Resolves: upstream#3666 - Fix usage of str.decode() in our tests
a49733 
- A few KCM misc fixes
a49733
a49733 
* Fri Mar  9 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-1
a49733 
- New upstream release 1.16.1
a49733 
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html
a49733
a49733 
* Tue Feb 20 2018 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-13
a49733 
- Resolves: upstream#3621 - backport bug found by static analyzers
a49733
a49733 
* Wed Feb 14 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.0-12
a49733 
- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile
a49733 
                           with no specific host/hostgroup set
a49733 
- Resolves: upstream#3621 - FleetCommander integration must not require
a49733 
                            capability DAC_OVERRIDE
a49733
a49733 
* Wed Feb 07 2018 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-11
a49733 
- Resolves: upstream#3618 - selinux_child segfaults in a docker container
a49733
a49733 
* Tue Feb 06 2018 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-10
a49733 
- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl
a49733
a49733 
* Thu Jan 25 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.16.0-9
a49733 
- Fix systemd executions/requirements
a49733
a49733 
* Thu Jan 25 2018 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-8
a49733 
- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS
a49733
a49733 
* Thu Jan 11 2018 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-7
a49733 
- Fix building of sssd-nfs-idmap with libnfsidmap.so.1
a49733
a49733 
* Thu Jan 11 2018 Björn Esser <besser82@fedoraproject.org> - 1.16.0-6
a49733 
- Rebuilt for libnfsidmap.so.1
a49733
a49733 
* Mon Dec 04 2017 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-5
a49733 
- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in
a49733 
                            setnetgrent_result_timeout
a49733 
- Resolves: upstream#3588 - sssd_nss consumes more memory until restarted
a49733 
                            or machine swaps
a49733 
- Resolves: failure in glibc tests
a49733 
            https://sourceware.org/bugzilla/show_bug.cgi?id=22530
a49733 
- Resolves: upstream#3451 - When sssd is configured with id_provider proxy and
a49733 
                            auth_provider ldap, login fails if the LDAP server
a49733 
                            is not allowing anonymous binds
a49733 
- Resolves: upstream#3285 - SSSD needs restart after incorrect clock is
a49733 
                            corrected with AD
a49733 
- Resolves: upstream#3586 - Give a more detailed debug and system-log message
a49733 
                            if krb5_init_context() failed
a49733 
- Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet
a49733 
                           in /etc/systemd/system
a49733 
- Backport few upstream features from 1.16.1
a49733
a49733 
* Tue Nov 21 2017 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-4
a49733 
- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next
a49733
a49733 
* Fri Nov 17 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.16.0-3
a49733 
- Backport extended NSS API from upstream master branch
a49733
a49733 
* Fri Nov 03 2017 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-2
a49733 
- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade
a49733
a49733 
* Fri Oct 20 2017 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-1
a49733 
- New upstream release 1.16.0
a49733 
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html
a49733
a49733 
* Wed Oct 11 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-5
a49733 
- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when
a49733 
                           searching in local cache database access on
a49733 
                           the sock_file system_bus_socket
a49733
a49733 
* Mon Sep 11 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-4
a49733 
- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write
a49733 
                           access on the sock_file system_bus_socket
a49733 
- Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and
a49733 
                           fails to download desktop profile data
a49733 
- Resolves: upstream#3485 - getsidbyid does not work with 1.15.3
a49733 
- Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients
a49733 
                            after applying ID Views for them in IPA server
a49733 
- Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id
a49733 
                            mapping is applied
a49733
a49733 
* Fri Sep 01 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-3
a49733 
- Backport few upstream patches/fixes
a49733
a49733 
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.15.3-2
a49733 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
a49733
a49733 
* Tue Jul 25 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-1
a49733 
- New upstream release 1.15.3
a49733 
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html
a49733
a49733 
* Tue Jun 27 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-0.beta.5
a49733 
- Rebuild with libldb-1.2.0
a49733
a49733 
* Tue Jun 27 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-0.beta.4
a49733 
- Fix build issues: Update expided certificate in unit tests
a49733
a49733 
* Sat Apr 29 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-0.beta.3
a49733 
- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication
a49733 
- Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with
a49733 
                           file from package sssd-common-1.15.1-1.fc25.x86_64
a49733 
- Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4
a49733
a49733 
* Thu Apr 06 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-0.beta.2
a49733 
- Fix issue with IPA + SELinux in containers
a49733 
- Resolves: upstream https://fedorahosted.org/sssd/ticket/3297
a49733
a49733 
* Tue Apr 04 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-0.beta.1
a49733 
- Backport upstream patches for 1.15.3 pre-release
a49733 
- required for building freeipa-4.5.x in rawhide
a49733
a49733 
* Thu Mar 16 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.2-1
a49733 
- New upstream release 1.15.2
a49733 
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html
a49733
a49733 
* Mon Mar 06 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.1-1
a49733 
- New upstream release 1.15.1
a49733 
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html
a49733
a49733 
* Wed Feb 22 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.0-4
a49733 
- Cherry-pick patches from upstream that enable the files provider
a49733 
- Enable the files domain
a49733 
- Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch
a49733 
  which is superseded by the files domain autoconfiguration
a49733 
- Related: rhbz#1357418 - SSSD fast cache for local users
a49733
a49733 
* Tue Feb 14 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.0-3
a49733 
- Add missing %%license macro
a49733
a49733 
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.15.0-2
a49733 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
a49733
a49733 
* Fri Jan 27 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.0-1
a49733 
- New upstream release 1.15.0
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0
a49733
a49733 
* Mon Dec 19 2016 Miro Hrončok <mhroncok@redhat.com> - 1.14.2-3
a49733 
- Rebuild for Python 3.6
a49733
a49733 
* Tue Dec 13 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.2-2
a49733 
- Resolves: rhbz#1369130 - nss_sss should not link against libpthread
a49733 
- Resolves: rhbz#1392916 - sssd failes to start after update
a49733 
- Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses
a49733 
                           on the directory /etc/sssd
a49733
a49733 
* Thu Oct 20 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.2-1
a49733 
- New upstream release 1.14.2
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2
a49733
a49733 
* Fri Oct 14 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.1-4
a49733 
- libwbclient-sssd: update interface to version 0.13
a49733
a49733 
* Thu Sep 22 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.1-3
a49733 
- Fix regression with krb5_map_user
a49733 
- Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore
a49733 
- Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError:
a49733 
                           default if nonexistent domain is mentioned
a49733
a49733 
* Thu Sep 01 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.1-2
a49733 
- Backport important patches from upstream 1.14.2 prerelease
a49733 
- Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after
a49733 
                             boot
a49733 
- Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14
a49733
a49733 
* Fri Aug 19 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.1-1
a49733 
- New upstream release 1.14.0
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1
a49733
a49733 
* Mon Aug 15 2016 Stephen Gallagher <sgallagh@redhat.com> - 1.14.0-5
a49733 
- Add workaround patch for RHBZ #1366403
a49733
a49733 
* Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.14.0-4
a49733 
- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
a49733
a49733 
* Fri Jul 08 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.0-3
a49733 
- New upstream release 1.14.0
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0
a49733
a49733 
* Fri Jul 01 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.0-2.beta
a49733 
- New upstream release 1.14 beta
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta
a49733
a49733 
* Tue Jun 21 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.0-1.alpha
a49733 
- New upstream release 1.14 alpha
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha
a49733
a49733 
* Fri May 13 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.4-3
a49733 
- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element():
a49733 
                           sssd_ifp killed by SIGSEGV
a49733
a49733 
* Fri Apr 22 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.4-2
a49733 
- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6
a49733
a49733 
* Thu Apr 14 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.4-1
a49733 
- New upstream release 1.13.4
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4
a49733
a49733 
* Tue Mar 22 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.3-6
a49733 
- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password
a49733 
                           prompts (e.g. Password + Token)
a49733 
- Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed
a49733 
                           by remote host" if locale not available
a49733
a49733 
* Thu Feb 25 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.3-5
a49733 
- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA
a49733 
                           groups during getgrnam and getgrgid
a49733 
- Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses
a49733 
                           in call to 'print'
a49733
a49733 
* Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.13.3-4
a49733 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
a49733
a49733 
* Wed Jan 20 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.3-3
a49733 
- Additional upstream fixes
a49733
a49733 
* Tue Jan 19 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.3-2
a49733 
- Resolves: rhbz#1256849 - SUDO: Support the IPA schema
a49733
a49733 
* Wed Dec 16 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.3-1
a49733 
- New upstream release 1.13.3
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3
a49733
a49733 
* Fri Nov 20 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.2-1
a49733 
- New upstream release 1.13.2
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2
a49733
a49733 
* Fri Nov 06 2015 Robert Kuska <rkuska@redhat.com> - 1.13.1-5
a49733 
- Rebuilt for Python3.5 rebuild
a49733
a49733 
* Tue Oct 27 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.1-4
a49733 
- Fix building pac responder with the krb5-1.14
a49733
a49733 
* Mon Oct 19 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.1-3
a49733 
- python-sssdconfig: Fix parssing sssd.conf without config_file_version
a49733 
- Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed
a49733
a49733 
* Wed Oct 07 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.1-2
a49733 
- Fix few segfaults
a49733 
- Resolves: upstream #2811 - PAM responder crashed if user was not set
a49733 
- Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step
a49733
a49733 
* Thu Oct 01 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.1-1
a49733 
- New upstream release 1.13.1
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1
a49733
a49733 
* Thu Sep 10 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.0-6
a49733 
- Fix OTP bug
a49733 
- Resolves: upstream #2729 - Do not send SSS_OTP if both factors were
a49733 
                             entered separately
a49733
a49733 
* Mon Sep 07 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.0-5
a49733 
- Backport upstream patches required by FreeIPA 4.2.1
a49733
a49733 
* Tue Jul 21 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.0-4
a49733 
- Fix ipa-migration bug
a49733 
- Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled
a49733 
                             migration mode
a49733
a49733 
* Wed Jul 08 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.0-3
a49733 
- New upstream release 1.13.0
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0
a49733
a49733 
* Tue Jun 30 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.0-2.alpha
a49733 
- Unify return type of list_active_domains for python{2,3}
a49733
a49733 
* Mon Jun 22 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.0-1.alpha
a49733 
- New upstream release 1.13 alpha
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha
a49733
a49733 
* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.12.5-4
a49733 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
a49733
a49733 
* Fri Jun 12 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.5-3
a49733 
- Fix libwbclient alternatives
a49733
a49733 
* Fri Jun 12 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.5-2
a49733 
- Backport important patches from upstream 1.13 prerelease
a49733
a49733 
* Fri Jun 12 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.5-1
a49733 
- New upstream release 1.12.5
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5
a49733
a49733 
* Fri May 08 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.4-8
a49733 
- Backport important patches from upstream 1.13 prerelease
a49733 
- Resolves: rhbz#1060325 - Does sssd-ad use the most suitable
a49733 
                           attribute for group name
a49733 
- Resolves: upstream #2335 - Investigate using the krb5 responder
a49733 
                             for driving the PAM conversation with OTPs
a49733 
- Enable cmocka tests for secondary architectures
a49733
a49733 
* Fri May 08 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.4-7
a49733 
- Backport patches from upstream 1.12.5 prerelease - contains many fixes
a49733
a49733 
* Wed Apr 15 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.4-6
a49733 
- Fix slow login with ipa and SELinux
a49733 
- Resolves: upstream #2624 - Only set the selinux context if the context
a49733 
                             differs from the local one
a49733
a49733 
* Mon Mar 23 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.4-5
a49733 
- Fix regressions with ipa and SELinux
a49733 
- Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security
a49733 
                             context on client is staff_u
a49733
a49733 
* Fri Mar  6 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.12.4-4
a49733 
- Also relax libldb Requires
a49733 
- Remove --enable-ldb-version-check
a49733
a49733 
* Fri Mar  6 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.12.4-3
a49733 
- Relax libldb BuildRequires to be greater-or-equal
a49733
a49733 
* Wed Feb 25 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.4-2
a49733 
- Add support for python3 bindings
a49733 
- Add requirement to python3 or python3 bindings
a49733 
- Resolves: rhbz#1014594 - sssd: Support Python 3
a49733
a49733 
* Wed Feb 18 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.4-1
a49733 
- New upstream release 1.12.4
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4
a49733
a49733 
* Sat Feb 14 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.3-7
a49733 
- Backport patches with Python3 support from upstream
a49733
a49733 
* Thu Feb 12 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.3-6
a49733 
- Fix double free in monitor
a49733 
- Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort():
a49733 
                        sssd killed by SIGABRT
a49733
a49733 
* Wed Jan 28 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.12.3-5
a49733 
- Rebuild for new libldb
a49733
a49733 
* Thu Jan 22 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.3-4
a49733 
- Decrease priority of sssd-libwbclient 20 -> 5
a49733 
- It should be lower than priority of samba veriosn of libwbclient.
a49733 
- https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18
a49733
a49733 
* Mon Jan 19 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.3-3
a49733 
- Apply a number of patches from upstream to fix issues found 1.12.3
a49733 
- Resolves: rhbz#1176373 - dyndns_iface does not accept multiple
a49733 
                           interfaces, or isn't documented to be able to
a49733 
- Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is
a49733 
                          not running
a49733 
- Resolves: upstream #2557  authentication failure with user from AD
a49733
a49733 
* Fri Jan 09 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.3-2
a49733 
- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus
a49733 
- Resolves: rhbz#1179379 - gzip: stdin: file size changed while
a49733 
                           zipping when rotating logfile
a49733
a49733 
* Thu Jan 08 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.3-1
a49733 
- New upstream release 1.12.3
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3
a49733 
- Fix spelling errors in description (fedpkg lint)
a49733
a49733 
* Tue Jan  6 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.2-8
a49733 
- Rebuild for libldb 1.1.19
a49733
a49733 
* Fri Dec 19 2014 Sumit Bose <sbose@redhat.com> - 1.12.2-7
a49733 
- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes
a49733 
                           crash in wbinfo
a49733 
                           - in addition to the patch libwbclient.so is
a49733 
                             filtered out of the Provides list of the package
a49733
a49733 
* Wed Dec 17 2014 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.2-6
a49733 
- Fix regressions and bugs in sssd upstream 1.12.2
a49733 
- https://fedorahosted.org/sssd/ticket/{id}
a49733 
- Regressions: #2471, #2475, #2483, #2487, #2529, #2535
a49733 
- Bugs: #2287, #2445
a49733
a49733 
* Sun Dec  7 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-5
a49733 
- Rebuild for libldb 1.1.18
a49733
a49733 
* Wed Nov 26 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-4
a49733 
- Fix typo in libwbclient-devel %%preun
a49733
a49733 
* Tue Nov 25 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-3
a49733 
- Use alternatives for libwbclient
a49733
a49733 
* Wed Oct 22 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-2
a49733 
- Backport several patches from upstream.
a49733 
- Fix a potential crash against old (pre-4.0) IPA servers
a49733
a49733 
* Mon Oct 20 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-1
a49733 
- New upstream release 1.12.2
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2
a49733
a49733 
* Mon Sep 15 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.1-2
a49733 
- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user
a49733 
                           private group from server
a49733
a49733 
* Mon Sep  8 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.1-1
a49733 
- New upstream release 1.12.1
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1
a49733
a49733 
* Fri Aug 22 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.0-7
a49733 
- Do not crash on resolving a group SID in IPA server mode
a49733
a49733 
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.12.0-6
a49733 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
a49733
a49733 
* Thu Jul 10 2014 Stephen Gallagher <sgallagh@redhat.com> 1.12.0-5
a49733 
- Fix release version for upgrades
a49733
a49733 
* Wed Jul 09 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.0-1
a49733 
- New upstream release 1.12.0
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0
a49733
a49733 
* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.12.0-4.beta2
a49733 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
a49733
a49733 
* Wed Jun 04 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.0-1.beta2
a49733 
- New upstream release 1.12 beta2
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2
a49733
a49733 
* Mon Jun 02 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.0-2.beta1
a49733 
- Fix tests on big-endian
a49733 
- Fix previous changelog entry
a49733
a49733 
* Fri May 30 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.0-1.beta1
a49733 
- New upstream release 1.12 beta1
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1
a49733
a49733 
* Thu May 29 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.5.1-4
a49733 
- Rebuild against new ding-libs
a49733
a49733 
* Thu May 08 2014 Stephen Gallagher <sgallagh@redhat.com> - 1.11.5.1-3
a49733 
- Make LDB dependency a strict equivalency
a49733
a49733 
* Thu May 08 2014 Stephen Gallagher <sgallagh@redhat.com> - 1.11.5.1-2
a49733 
- Rebuild against new libldb
a49733
a49733 
* Fri Apr 11 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.5.1-1
a49733 
- New upstream release 1.11.5.1
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1
a49733
a49733 
* Thu Apr 10 2014 Stephen Gallagher <sgallagh@redhat.com> 1.11.5-2
a49733 
- Fix bug in generation of systemd unit file
a49733
a49733 
* Tue Apr 08 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.5-1
a49733 
- New upstream release 1.11.5
a49733 
- Remove upstreamed patch
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5
a49733
a49733 
* Thu Mar 13 2014 Sumit Bose <sbose@redhat.com> - 1.11.4-3
a49733 
- Handle new error code for IPA password migration
a49733
a49733 
* Tue Mar 11 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.4-2
a49733 
- Include couple of patches from upstream 1.11 branch
a49733
a49733 
* Mon Feb 17 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.4-1
a49733 
- New upstream release 1.11.4
a49733 
- Remove upstreamed patch
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4
a49733
a49733 
* Tue Feb 11 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.3-2
a49733 
- Handle OTP response from FreeIPA server gracefully
a49733
a49733 
* Wed Oct 30 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.3-1
a49733 
- New upstream release 1.11.3
a49733 
- Remove upstreamed patches
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3
a49733
a49733 
* Wed Oct 30 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-1
a49733 
- New upstream release 1.11.2
a49733 
- Remove upstreamed patches
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2
a49733
a49733 
* Wed Oct 16 2013 Sumit Bose <sbose@redhat.com> - 1.11.1-5
a49733 
- Fix potential crash with external groups in trusted IPA-AD setup
a49733
a49733 
* Mon Oct 14 2013 Sumit Bose <sbose@redhat.com> - 1.11.1-4
a49733 
- Add plugin for cifs-utils
a49733 
- Resolves: rhbz#998544
a49733
a49733 
* Tue Oct 08 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.1-3
a49733 
- Fix failover from Global Catalog to LDAP in case GC is not available
a49733
a49733 
* Fri Oct 04 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.1-2
a49733 
- Remove the ability to create public ccachedir (#1015089)
a49733
a49733 
* Fri Sep 27 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.1-1
a49733 
- New upstream release 1.11.1
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1
a49733
a49733 
* Thu Sep 26 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0-3
a49733 
- Fix multicast checks in the SSSD
a49733 
- Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source
a49733 
                           code getting the host info
a49733
a49733 
* Wed Aug 28 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0-2
a49733 
- Backport simplification of ccache management from 1.11.1
a49733 
- Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login
a49733
a49733 
* Wed Aug 28 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0-1
a49733 
- New upstream release 1.11.0
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0
a49733
a49733 
* Fri Aug 23 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0-0.4.beta2
a49733 
- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid:
a49733 
                      Process /usr/libexec/sssd/sssd_nss was killed by
a49733 
                      signal 11 (SIGSEGV)
a49733 
- Resolves: #996214 - sssd proxy_child segfault
a49733
a49733 
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.11.0-0.3.beta2
a49733 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
a49733
a49733 
* Wed Jul 31 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0.2beta2
a49733 
- Resolves: #906427 - Do not use %%{_lib} in specfile for the nss and
a49733 
                      pam libraries
a49733
a49733 
* Wed Jul 24 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0.1beta2
a49733 
- New upstream release 1.11 beta 2
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2
a49733
a49733 
* Thu Jul 18 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.1-1
a49733 
- New upstream release 1.10.1
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1
a49733
a49733 
* Mon Jul 08 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-17
a49733 
- sssd-tools should require sssd-common, not sssd
a49733
a49733 
* Tue Jul 02 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.10.0-16
a49733 
- Move sssd_pac to the sssd-ipa and sssd-ad subpackages
a49733 
- Trim out RHEL5-specific macros since we don't build on RHEL 5
a49733 
- Trim out macros for Fedora older than F18
a49733 
- Update libldb requirement to 1.1.16
a49733 
- Trim RPM changelog down to the last year
a49733
a49733 
* Tue Jul 02 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.10.0-15
a49733 
- Move sssd_pac to the sssd-krb5 subpackage
a49733
a49733 
* Mon Jul 01 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.10.0-14
a49733 
- Fix Obsoletes: to account for dist tag
a49733 
- Convert post and pre scripts to run on the sssd-common subpackage
a49733 
- Remove old conversion from SYSV
a49733
a49733 
* Thu Jun 27 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-13
a49733 
- New upstream release 1.10
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0
a49733
a49733 
* Mon Jun 17 2013 Dan Horák <dan[at]danny.cz> - 1.10.0-12.beta2
a49733 
- the cmocka toolkit exists only on selected arches
a49733
a49733 
* Sun Jun 16 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-11.beta2
a49733 
- Apply a number of patches from upstream to fix issues found post-beta,
a49733 
  in particular:
a49733 
  -- segfault with a high DEBUG level
a49733 
  -- Fix IPA password migration (upstream #1873)
a49733 
  -- Fix fail over when retrying SRV resolution (upstream #1886)
a49733
a49733 
* Thu Jun 13 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-10.beta2
a49733 
- Only BuildRequire libcmocka on Fedora
a49733
a49733 
* Thu Jun 13 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-9.beta2
a49733 
- Fix typo in Requires that prevented an upgrade (#973916)
a49733 
- Use a hardcoded version in Conflicts, not less-than-current
a49733
a49733 
* Wed Jun 12 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-8.beta1
a49733 
- Enable hardened build for RHEL7
a49733
a49733 
* Wed Jun 12 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-8.beta2
a49733 
- New upstream release 1.10 beta2
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2
a49733 
- BuildRequire libcmocka-devel in order to run all upstream tests during build
a49733 
- BuildRequire libnl3 instead of libnl1
a49733 
- No longer BuildRequire initscripts, we no longer use /sbin/service
a49733 
- Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any
a49733 
  older krb5-libs version
a49733
a49733 
* Fri May 24 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-7.beta1
a49733 
- Apply a couple of patches from upstream git that resolve crashes when
a49733 
  ID mapping object was not initialized properly but needed later
a49733
a49733 
* Tue May 14 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-6.beta1
a49733 
- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during
a49733 
                          realm join
a49733 
- Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by
a49733 
                          default for AD Provider
a49733 
- Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file
a49733 
                          parent directory when logging in
a49733
a49733 
* Tue May  7 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-5.beta1
a49733 
- BuildRequire recent libini_config to ensure consistent behaviour
a49733
a49733 
* Tue May  7 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-4.beta1
a49733 
- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug
a49733 
  in ding-libs
a49733 
- Fix SSH integration with fully-qualified domains
a49733 
- Add the ability to dynamically discover the NetBIOS name
a49733
a49733 
* Fri May  3 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-3.beta1
a49733 
- New upstream release 1.10 beta1
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1
a49733
a49733 
* Wed Apr 17 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-2.alpha1
a49733 
- Add a patch to fix krb5 ccache creation issue with krb5 1.11
a49733
a49733 
* Tue Apr  2 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-1.alpha1
a49733 
- New upstream release 1.10 alpha1
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1
a49733
a49733 
* Fri Mar 29 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.5-10
a49733 
- Add a patch to fix krb5 unit tests
a49733
a49733 
* Fri Mar 01 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.9.4-9
a49733 
- Split internal helper libraries into a shared object
a49733 
- Significantly reduce disk-space usage
a49733
a49733 
* Thu Feb 14 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-8
a49733 
- Fix the Kerberos password expiration warning (#912223)
a49733
a49733 
* Thu Feb 14 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-7
a49733 
- Do not write out dots in the domain-realm mapping file (#905650)
a49733
a49733 
* Mon Feb 11 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-6
a49733 
- Include upstream patch to build with krb5-1.11
a49733
a49733 
* Thu Feb 07 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-5
a49733 
- Rebuild against new libldb
a49733
a49733 
* Mon Feb 04 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-4
a49733 
- Fix build with new automake versions
a49733
a49733 
* Wed Jan 30 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-3
a49733 
- Recreate Kerberos ccache directory if it's missing
a49733 
- Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache
a49733 
                          directory /run/user/UID/ccdir does not exist
a49733
a49733 
* Tue Jan 29 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-2
a49733 
- Fix changelog dates to make F19 rpmbuild happy
a49733
a49733 
* Mon Jan 28 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-1
a49733 
- New upstream release 1.9.4
a49733
a49733 
* Thu Dec 06 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.3-1
a49733 
- New upstream release 1.9.3
a49733
a49733 
* Tue Oct 30 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-5
a49733 
- Resolve groups from AD correctly
a49733
a49733 
* Tue Oct 30 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-4
a49733 
- Check the validity of naming context
a49733
a49733 
* Thu Oct 18 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-3
a49733 
- Move the sss_cache tool to the main package
a49733
a49733 
* Sun Oct 14 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-2
a49733 
- Include the 1.9.2 tarball
a49733
a49733 
* Sun Oct 14 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-1
a49733 
- New upstream release 1.9.2
a49733
a49733 
* Sun Oct 07 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.1-1
a49733 
- New upstream release 1.9.1
a49733
a49733 
* Wed Oct 03 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-24
a49733 
- require the latest libldb
a49733
a49733 
* Tue Sep 25 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-24
a49733 
- Use mcpath insted of mcachepath macro to be consistent with
a49733 
  upsteam spec file
a49733
a49733 
* Tue Sep 25 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-23
a49733 
- New upstream release 1.9.0
a49733
a49733 
* Fri Sep 14 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-22.rc1
a49733 
- New upstream release 1.9.0 rc1
a49733
a49733 
* Thu Sep 06 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-21.beta7
a49733 
- New upstream release 1.9.0 beta7
a49733 
- obsoletes patches #1-#3
a49733
a49733 
* Mon Sep 03 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-20.beta6
a49733 
- Rebuild against libldb 1.12
a49733
a49733 
* Tue Aug 28 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-19.beta6
a49733 
- Rebuild against libldb 1.11
a49733
a49733 
* Fri Aug 24 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-18.beta6
a49733 
- Change the default ccache location to DIR:/run/user/${UID}/krb5cc
a49733 
  and patch man page accordingly
a49733 
- Resolves: rhbz#851304
a49733
a49733 
* Mon Aug 20 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-17.beta6
a49733 
- Rebuild against libldb 1.10
a49733
a49733 
* Fri Aug 17 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-16.beta6
a49733 
- Only create the SELinux login file if there are SELinux mappings on
a49733 
  the IPA server
a49733
a49733 
* Fri Aug 10 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-14.beta6
a49733 
- Don't discard HBAC rule processing result if SELinux is on
a49733 
  Resolves: rhbz#846792 (CVE-2012-3462)
a49733
a49733 
* Thu Aug 02 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-13.beta6
a49733 
- New upstream release 1.9.0 beta 6
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6
a49733 
- A new option, override_shell was added. If this option is set, all users
a49733 
  managed by SSSD will have their shell set to its value.
a49733 
- Fixes for the support for setting default SELinux user context from FreeIPA.
a49733 
- Fixed a regression introduced in beta 5 that broke LDAP SASL binds
a49733 
- The SSSD supports the concept of a Primary Server and a Back Up Server in
a49733 
  failover
a49733 
- A new command-line tool sss_seed is available to help prime the cache with
a49733 
  a user record when deploying a new machine
a49733 
- SSSD is now able to discover and save the domain-realm mappings
a49733 
  between an IPA server and a trusted Active Directory server.
a49733 
- Packaging changes to fix ldconfig usage in subpackages (#843995)
a49733 
- Rebuild against libldb 1.1.9
a49733
a49733 
* Fri Jul 27 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.9.0-13.beta5
a49733 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
a49733
a49733 
* Thu Jul 19 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-12.beta5
a49733 
- New upstream release 1.9.0 beta 5
a49733 
- Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5
a49733 
- Many fixes for the support for setting default SELinux user context from
a49733 
  FreeIPA, most notably fixed the specificity evaluation
a49733 
- Fixed an incorrect default in the krb5_canonicalize option of the AD
a49733 
  provider which was preventing password change operation
a49733 
- The shadowLastChange attribute value is now correctly updated with the
a49733 
  number of days since the Epoch, not seconds
a49733
a49733 
* Mon Jul 16 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-11.beta4
a49733 
- Fix broken ARM build
a49733 
- Add missing DP_OPTION_TERMINATOR in AD provider options
a49733
a49733 
* Wed Jul 11 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-10.beta4
a49733 
- Own several directories create during make install (#839782)
a49733
a49733 
* Wed Jul 11 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-9.beta4
a49733 
- New upstream release 1.9.0 beta 4
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4
a49733 
- Add a new AD provider to improve integration with Active Directory 2008 R2
a49733 
  or later servers
a49733 
- SUDO integration was completely rewritten. The new implementation works
a49733 
  with multiple domains and uses an improved refresh mechanism to download
a49733 
  only the necessary rules
a49733 
- The IPA authentication provider now supports subdomains
a49733 
- Fixed regression for setups that were setting default_tkt_enctypes
a49733 
  manually by reverting a previous workaround.
a49733
a49733 
* Mon Jun 25 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-8.beta3
a49733 
- New upstream release 1.9.0 beta 3
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3
a49733 
- Add a new PAC responder for dealing with cross-realm Kerberos trusts
a49733 
- Terminate idle connections to the NSS and PAM responders
a49733
a49733 
* Wed Jun 20 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-7.beta2
a49733 
- Switch unicode library from libunistring to Glib
a49733 
- Drop unnecessary explicit Requires on keyutils
a49733 
- Guarantee that versioned Requires include the correct architecture
a49733
a49733 
* Mon Jun 18 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-6.beta2
a49733 
- Fix accidental disabling of the DIR cache support
a49733
a49733 
* Fri Jun 15 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-5.beta2
a49733 
- New upstream release 1.9.0 beta 2
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2
a49733 
- Add support for the Kerberos DIR cache for storing multiple TGTs
a49733 
  automatically
a49733 
- Major performance enhancement when storing large groups in the cache
a49733 
- Major performance enhancement when performing initgroups() against Active
a49733 
  Directory
a49733 
- SSSDConfig data file default locations can now be set during configure for
a49733 
  easier packaging
a49733
a49733 
* Tue May 29 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-4.beta1
a49733 
- Fix regression in endianness patch
a49733
a49733 
* Tue May 29 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-3.beta1
a49733 
- Rebuild SSSD against ding-libs 0.3.0beta1
a49733 
- Fix endianness bug in service map protocol
a49733
a49733 
* Thu May 24 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-2.beta1
a49733 
- Fix several regressions since 1.5.x
a49733 
- Ensure that the RPM creates the /var/lib/sss/mc directory
a49733 
- Add support for Netscape password warning expiration control
a49733 
- Rebuild against libldb 1.1.6
a49733
a49733 
* Fri May 11 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-1.beta1
a49733 
- New upstream release 1.9.0 beta 1
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1
a49733 
- Add native support for autofs to the IPA provider
a49733 
- Support for ID-mapping when connecting to Active Directory
a49733 
- Support for handling very large (> 1500 users) groups in Active Directory
a49733 
- Support for sub-domains (will be used for dealing with trust relationships)
a49733 
- Add a new fast in-memory cache to speed up lookups of cached data on
a49733 
  repeated requests
a49733
a49733 
* Thu May 03 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.3-11
a49733 
- New upstream release 1.8.3
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3
a49733 
- Numerous manpage and translation updates
a49733 
- LDAP: Handle situations where the RootDSE isn't available anonymously
a49733 
- LDAP: Fix regression for users using non-standard LDAP attributes for user
a49733 
  information
a49733
a49733 
* Mon Apr 09 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.2-10
a49733 
- New upstream release 1.8.2
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2
a49733 
- Several fixes to case-insensitive domain functions
a49733 
- Fix for GSSAPI binds when the keytab contains unrelated principals
a49733 
- Fixed several segfaults
a49733 
- Workarounds added for LDAP servers with unreadable RootDSE
a49733 
- SSH knownhostproxy will no longer enter an infinite loop preventing login
a49733 
- The provided SYSV init script now starts SSSD earlier at startup and stops
a49733 
  it later during shutdown
a49733 
- Assorted minor fixes for issues discovered by static analysis tools
a49733
a49733 
* Mon Mar 26 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.1-9
a49733 
- Don't duplicate libsss_autofs.so in two packages
a49733 
- Set explicit package contents instead of globbing
a49733
a49733 
* Wed Mar 21 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.1-8
a49733 
- Fix uninitialized value bug causing crashes throughout the code
a49733 
- Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup
a49733
a49733 
* Mon Mar 12 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.1-7
a49733 
- New upstream release 1.8.1
a49733 
- Resolve issue where we could enter an infinite loop trying to connect to an
a49733 
  auth server
a49733 
- Fix serious issue with complex (3+ levels) nested groups
a49733 
- Fix netgroup support for case-insensitivity and aliases
a49733 
- Fix serious issue with lookup bundling resulting in requests never
a49733 
  completing
a49733 
- IPA provider will now check the value of nsAccountLock during pam_acct_mgmt
a49733 
  in addition to pam_authenticate
a49733 
- Fix several regressions in the proxy provider
a49733 
- Resolves: rhbz#743133 - Performance regression with Kerberos authentication
a49733 
                          against AD
a49733 
- Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work
a49733
a49733 
* Tue Feb 28 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-6
a49733 
- New upstream release 1.8.0
a49733 
- Support for the service map in NSS
a49733 
- Support for setting default SELinux user context from FreeIPA
a49733 
- Support for retrieving SSH user and host keys from LDAP (Experimental)
a49733 
- Support for caching autofs LDAP requests (Experimental)
a49733 
- Support for caching SUDO rules (Experimental)
a49733 
- Include the IPA AutoFS provider
a49733 
- Fixed several memory-corruption bugs
a49733 
- Fixed a regression in group enumeration since 1.7.0
a49733 
- Fixed a regression in the proxy provider
a49733 
- Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD
a49733 
- Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is
a49733 
                          logged at each login
a49733 
- Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process
a49733 
                          /usr/sbin/sssd was killed by signal 11 (SIGSEGV)
a49733 
- Resolves: rhbz#743133 - Performance regression with Kerberos authentication
a49733 
                          against AD
a49733 
- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for
a49733 
                          new LDAP features
a49733 
- Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc
a49733
a49733 
* Wed Feb 22 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-5.beta3
a49733 
- Change default kerberos credential cache location to /run/user/<username>
a49733
a49733 
* Wed Feb 15 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-4.beta3
a49733 
- New upstream release 1.8.0 beta 3
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3
a49733 
- Fixed a regression in group enumeration since 1.7.0
a49733 
- Fixed several memory-corruption bugs
a49733 
- Finalized the ABI for the autofs support
a49733 
- Fixed a regression in the proxy provider
a49733
a49733 
* Fri Feb 10 2012 Petr Pisar <ppisar@redhat.com> - 1.8.0-3.beta2
a49733 
- Rebuild against PCRE 8.30
a49733
a49733 
* Mon Feb 06 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-1.beta2
a49733 
- New upstream release
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2
a49733 
- Fix two minor manpage bugs
a49733 
- Include the IPA AutoFS provider
a49733
a49733 
* Mon Feb 06 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-1.beta1
a49733 
- New upstream release
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1
a49733 
- Support for the service map in NSS
a49733 
- Support for setting default SELinux user context from FreeIPA
a49733 
- Support for retrieving SSH user and host keys from LDAP (Experimental)
a49733 
- Support for caching autofs LDAP requests (Experimental)
a49733 
- Support for caching SUDO rules (Experimental)
a49733
a49733 
* Wed Feb 01 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.7.0-5
a49733 
- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for
a49733 
                          new LDAP features - fix netgroups and sudo as well
a49733
a49733 
* Wed Feb 01 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.7.0-4
a49733 
- Fixes a serious memory hierarchy bug causing unpredictable behavior in the
a49733 
  LDAP provider.
a49733
a49733 
* Wed Feb 01 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.7.0-3
a49733 
- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for
a49733 
                          new LDAP features
a49733
a49733 
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.7.0-2
a49733 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
a49733
a49733 
* Thu Dec 22 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.7.0-1
a49733 
- New upstream release 1.7.0
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0
a49733 
- Support for case-insensitive domains
a49733 
- Support for multiple search bases in the LDAP provider
a49733 
- Support for the native FreeIPA netgroup implementation
a49733 
- Reliability improvements to the process monitor
a49733 
- New DEBUG facility with more consistent log levels
a49733 
- New tool to change debug log levels without restarting SSSD
a49733 
- SSSD will now disconnect from LDAP server when idle
a49733 
- FreeIPA HBAC rules can choose to ignore srchost options for significant
a49733 
  performance gains
a49733 
- Assorted performance improvements in the LDAP provider
a49733
a49733 
* Mon Dec 19 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.4-1
a49733 
- New upstream release 1.6.4
a49733 
- Rolls up previous patches applied to the 1.6.3 tarball
a49733 
- Fixes a rare issue causing crashes in the failover logic
a49733 
- Fixes an issue where SSSD would return the wrong PAM error code for users
a49733 
  that it does not recognize.
a49733
a49733 
* Wed Dec 07 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.3-5
a49733 
- Rebuild against libldb 1.1.4
a49733
a49733 
* Tue Nov 29 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.3-4
a49733 
- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the
a49733 
                          username in getpwnam()
a49733 
- Resolves: rhbz#758425 - LDAP failover not working if server refuses
a49733 
                          connections
a49733
a49733 
* Thu Nov 24 2011 Jakub Hrozek <jhrozek@redhat.com> - 1.6.3-3
a49733 
- Rebuild for libldb 1.1.3
a49733
a49733 
* Thu Nov 10 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.3-2
a49733 
- Resolves: rhbz#752495 - Crash when apply settings
a49733
a49733 
* Fri Nov 04 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.3-1
a49733 
- New upstream release 1.6.3
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3
a49733 
- Fixes a major cache performance issue introduced in 1.6.2
a49733 
- Fixes a potential infinite-loop with certain LDAP layouts
a49733
a49733 
* Wed Oct 26 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.6.2-5
a49733 
- Rebuilt for glibc bug#747377
a49733
a49733 
* Sun Oct 23 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.2-4
a49733 
- Change selinux policy requirement to Conflicts: with the old version,
a49733 
  rather than Requires: the supported version.
a49733
a49733 
* Fri Oct 21 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.2-3
a49733 
- Add explicit requirement on selinux-policy version to address new SBUS
a49733 
  symlinks.
a49733
a49733 
* Wed Oct 19 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.2-2
a49733 
- Remove %%files reference to sss_debuglevel copied from wrong upstreeam
a49733 
  spec file.
a49733
a49733 
* Tue Oct 18 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.2-1
a49733 
- Improved handling of users and groups with multi-valued name attributes
a49733 
  (aliases)
a49733 
- Performance enhancements
a49733 
    Initgroups on RFC2307bis/FreeIPA
a49733 
    HBAC rule processing
a49733 
- Improved process-hang detection and restarting
a49733 
- Enabled the midpoint cache refresh by default (fewer cache misses on
a49733 
  commonly-used entries)
a49733 
- Cleaned up the example configuration
a49733 
- New tool to change debug level on the fly
a49733
a49733 
* Mon Aug 29 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.1-1
a49733 
- New upstream release 1.6.1
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1
a49733 
- Fixes a serious issue with LDAP connections when the communication is
a49733 
  dropped (e.g. VPN disconnection, waking from sleep)
a49733 
- SSSD is now less strict when dealing with users/groups with multiple names
a49733 
  when a definitive primary name cannot be determined
a49733 
- The LDAP provider will no longer attempt to canonicalize by default when
a49733 
  using SASL. An option to re-enable this has been provided.
a49733 
- Fixes for non-standard LDAP attribute names (e.g. those used by Active
a49733 
  Directory)
a49733 
- Three HBAC regressions have been fixed.
a49733 
- Fix for an infinite loop in the deref code
a49733
a49733 
* Wed Aug 03 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.0-2
a49733 
- Build with _hardened_build macro
a49733
a49733 
* Wed Aug 03 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.0-1
a49733 
- New upstream release 1.6.0
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0
a49733 
- Add host access control support for LDAP (similar to pam_host_attr)
a49733 
- Finer-grained control on principals used with Kerberos (such as for FAST or
a49733 
- validation)
a49733 
- Added a new tool sss_cache to allow selective expiring of cached entries
a49733 
- Added support for LDAP DEREF and ASQ controls
a49733 
- Added access control features for Novell Directory Server
a49733 
- FreeIPA dynamic DNS update now checks first to see if an update is needed
a49733 
- Complete rewrite of the HBAC library
a49733 
- New libraries: libipa_hbac and libipa_hbac-python
a49733
a49733 
* Tue Jul 05 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.11-2
a49733 
- New upstream release 1.5.11
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11
a49733 
- Fix a serious regression that prevented SSSD from working with ldaps:// URIs
a49733 
- IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6
a49733 
- address being saved to the AAAA record
a49733
a49733 
* Fri Jul 01 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.10-1
a49733 
- New upstream release 1.5.10
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10
a49733 
- Fixed a regression introduced in 1.5.9 that could result in blocking calls
a49733 
- to LDAP
a49733
a49733 
* Thu Jun 30 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.9-1
a49733 
- New upstream release 1.5.9
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9
a49733 
- Support for overriding home directory, shell and primary GID locally
a49733 
- Properly honor TTL values from SRV record lookups
a49733 
- Support non-POSIX groups in nested group chains (for RFC2307bis LDAP
a49733 
- servers)
a49733 
- Properly escape IPv6 addresses in the failover code
a49733 
- Do not crash if inotify fails (e.g. resource exhaustion)
a49733 
- Don't add multiple TGT renewal callbacks (too many log messages)
a49733
a49733 
* Fri May 27 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.8-1
a49733 
- New upstream release 1.5.8
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8
a49733 
- Support for the LDAP paging control
a49733 
- Support for multiple DNS servers for name resolution
a49733 
- Fixes for several group membership bugs
a49733 
- Fixes for rare crash bugs
a49733
a49733 
* Mon May 23 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.7-3
a49733 
- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d
a49733 
- Make sure to properly convert to systemd if upgrading from newer
a49733 
- updates for Fedora 14
a49733
a49733 
* Mon May 02 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.7-2
a49733 
- Fix segfault in TGT renewal
a49733
a49733 
* Fri Apr 29 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.7-1
a49733 
- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites
a49733 
-                         cached password with predicatable filename
a49733
a49733 
* Wed Apr 20 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.6.1-1
a49733 
- Re-add manpage translations
a49733
a49733 
* Wed Apr 20 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.6-1
a49733 
- New upstream release 1.5.6
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6
a49733 
- Fixed a serious memory leak in the memberOf plugin
a49733 
- Fixed a regression with the negative cache that caused it to be essentially
a49733 
- nonfunctional
a49733 
- Fixed an issue where the user's full name would sometimes be removed from
a49733 
- the cache
a49733 
- Fixed an issue with password changes in the kerberos provider not working
a49733 
- with kpasswd
a49733
a49733 
* Wed Apr 20 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.5-5
a49733 
- Resolves: rhbz#697057 - kpasswd fails when using sssd and
a49733 
-                         kadmin server != kdc server
a49733 
- Upgrades from SysV should now maintain enabled/disabled status
a49733
a49733 
* Mon Apr 18 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.5-4
a49733 
- Fix %%postun
a49733
a49733 
* Thu Apr 14 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.5-3
a49733 
- Fix systemd conversion. Upgrades from SysV to systemd weren't properly
a49733 
- enabling the systemd service.
a49733 
- Fix a serious memory leak in the memberOf plugin
a49733 
- Fix an issue where the user's full name would sometimes be removed
a49733 
- from the cache
a49733
a49733 
* Tue Apr 12 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.5-2
a49733 
- Install systemd unit file instead of sysv init script
a49733
a49733 
* Tue Apr 12 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.5-1
a49733 
- New upstream release 1.5.5
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5
a49733 
- Fixes for several crash bugs
a49733 
- LDAP group lookups will no longer abort if there is a zero-length member
a49733 
- attribute
a49733 
- Add automatic fallback to 'cn' if the 'gecos' attribute does not exist
a49733
a49733 
* Thu Mar 24 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.4-1
a49733 
- New upstream release 1.5.4
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4
a49733 
- Fixes for Active Directory when not all users and groups have POSIX attributes
a49733 
- Fixes for handling users and groups that have name aliases (aliases are ignored)
a49733 
- Fix group memberships after initgroups in the IPA provider
a49733
a49733 
* Thu Mar 17 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.3-2
a49733 
- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication
a49733
a49733 
* Fri Mar 11 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.3-1
a49733 
- New upstream release 1.5.3
a49733 
- Support for libldb >= 1.0.0
a49733
a49733 
* Thu Mar 10 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.2-1
a49733 
- New upstream release 1.5.2
a49733 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2
a49733 
- Fixes for support of FreeIPA v2
a49733 
- Fixes for failover if DNS entries change
a49733 
- Improved sss_obfuscate tool with better interactive mode
a49733 
- Fix several crash bugs
a49733 
- Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this
a49733 
- Delete users from the local cache if initgroups calls return 'no such user'
a49733 
- (previously only worked for getpwnam/getpwuid)
a49733 
- Use new Transifex.net translations
a49733 
- Better support for automatic TGT renewal (now survives restart)
a49733 
- Netgroup fixes
a49733
a49733 
* Sun Feb 27 2011 Simo Sorce <ssorce@redhat.com> - 1.5.1-9
a49733 
- Rebuild sssd against libldb 1.0.2 so the memberof module loads again.
a49733 
- Related: rhbz#677425
a49733
a49733 
* Mon Feb 21 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-8
a49733 
- Resolves: rhbz#677768 - name service caches names, so id command shows
a49733 
-                         recently deleted users
a49733
a49733 
* Fri Feb 11 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-7
a49733 
- Ensure that SSSD builds against libldb-1.0.0 on F15 and later
a49733 
- Remove .la for memberOf
a49733
a49733 
* Fri Feb 11 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-6
a49733 
- Fix memberOf install path
a49733
a49733 
* Fri Feb 11 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-5
a49733 
- Add support for libldb 1.0.0
a49733
a49733 
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.5.1-4
a49733 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
a49733
a49733 
* Tue Feb 01 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-3
a49733 
- Fix nested group member filter sanitization for RFC2307bis
a49733 
- Put translated tool manpages into the sssd-tools subpackage
a49733
a49733 
* Thu Jan 27 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-2
a49733 
- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during
a49733 
- rpmbuild
a49733
a49733 
* Thu Jan 27 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-1
a49733 
- New upstream release 1.5.1
a49733 
- Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins
a49733 
- Vast performance improvements when enumerate = true
a49733 
- All PAM actions will now perform a forced initgroups lookup instead of just
a49733 
- a user information lookup
a49733 
-   This guarantees that all group information is available to other
a49733 
-   providers, such as the simple provider.
a49733 
- For backwards-compatibility, DNS lookups will also fall back to trying the
a49733 
- SSSD domain name as a DNS discovery domain.
a49733 
- Support for more password expiration policies in LDAP
a49733 
-    389 Directory Server
a49733 
-    FreeIPA
a49733 
-    ActiveDirectory
a49733 
- Support for ldap_tls_{cert,key,cipher_suite} config options
a49733 
-Assorted bugfixes
a49733
a49733 
* Tue Jan 11 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.0-2
a49733 
- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins
a49733
a49733 
* Wed Dec 22 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.5.0-1
a49733 
- New upstream release 1.5.0
a49733 
- Fixed issues with LDAP search filters that needed to be escaped
a49733 
- Add Kerberos FAST support on platforms that support it
a49733 
- Reduced verbosity of PAM_TEXT_INFO messages for cached credentials
a49733 
- Added a Kerberos access provider to honor .k5login
a49733 
- Addressed several thread-safety issues in the sss_client code
a49733 
- Improved support for delayed online Kerberos auth
a49733 
- Significantly reduced time between connecting to the network/VPN and
a49733 
- acquiring a TGT
a49733 
- Added feature for automatic Kerberos ticket renewal
a49733 
- Provides the kerberos ticket for long-lived processes or cron jobs
a49733 
- even when the user logs out
a49733 
- Added several new features to the LDAP access provider
a49733 
- Support for 'shadow' access control
a49733 
- Support for authorizedService access control
a49733 
- Ability to mix-and-match LDAP access control features
a49733 
- Added an option for a separate password-change LDAP server for those
a49733 
- platforms where LDAP referrals are not supported
a49733 
- Added support for manpage translations
a49733
a49733
a49733 
* Thu Nov 18 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.1-3
a49733 
- Solve a shutdown race-condition that sometimes left processes running
a49733 
- Resolves: rhbz#606887 - SSSD stops on upgrade
a49733
a49733 
* Tue Nov 16 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.1-2
a49733 
- Log startup errors to the syslog
a49733 
- Allow cache cleanup to be disabled in sssd.conf
a49733
a49733 
* Mon Nov 01 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.1-1
a49733 
- New upstream release 1.4.1
a49733 
- Add support for netgroups to the proxy provider
a49733 
- Fixes a minor bug with UIDs/GIDs >= 2^31
a49733 
- Fixes a segfault in the kerberos provider
a49733 
- Fixes a segfault in the NSS responder if a data provider crashes
a49733 
- Correctly use sdap_netgroup_search_base
a49733
a49733 
* Mon Oct 18 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.0-2
a49733 
- Fix incorrect tarball URL
a49733
a49733 
* Mon Oct 18 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.0-1
a49733 
- New upstream release 1.4.0
a49733 
- Added support for netgroups to the LDAP provider
a49733 
- Performance improvements made to group processing of RFC2307 LDAP servers
a49733 
- Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin
a49733 
- Build-system improvements to support Gentoo
a49733 
- Split out several libraries into the ding-libs tarball
a49733 
- Manpage reviewed and updated
a49733
a49733 
* Mon Oct 04 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.3.0-35
a49733 
- Fix pre and post script requirements
a49733
a49733 
* Mon Oct 04 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.3.0-34
a49733 
- Resolves: rhbz#606887 - sssd stops on upgrade
a49733
a49733 
* Fri Oct 01 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.3.0-33
a49733 
- Resolves: rhbz#626205 - Unable to unlock screen
a49733
a49733 
* Tue Sep 28 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.3.0-32
a49733 
- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but
a49733 
-                         doesn't require it
a49733
a49733 
* Thu Sep 16 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.3.0-31
a49733 
- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib
a49733
a49733 
* Tue Aug 24 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.3.0-30
a49733 
- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate
a49733 
-                           against LDAP
a49733
a49733 
* Thu Jul 22 2010 David Malcolm <dmalcolm@redhat.com> - 1.2.91-21
a49733 
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
a49733
a49733 
* Fri Jul 09 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.91-20
a49733 
- New upstream version 1.2.91 (1.3.0rc1)
a49733 
- Improved LDAP failover
a49733 
- Synchronous sysdb API (provides performance enhancements)
a49733 
- Better online reconnection detection
a49733
a49733 
* Mon Jun 21 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-15
a49733 
- New stable upstream version 1.2.1
a49733 
- Resolves: rhbz#595529 - spec file should eschew %%define in favor of
a49733 
-                         %%global
a49733 
- Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service
a49733 
-                         to fail while restart.
a49733 
- Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel
a49733 
-                         keyring
a49733 
- Resolves: rhbz#599724 - sssd is broken on Rawhide
a49733
a49733 
* Mon May 24 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.0-12
a49733 
- New stable upstream version 1.2.0
a49733 
- Support ServiceGroups for FreeIPA v2 HBAC rules
a49733 
- Fix long-standing issue with auth_provider = proxy
a49733 
- Better logging for TLS issues in LDAP
a49733
a49733 
* Tue May 18 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.92-11
a49733 
- New LDAP access provider allows for filtering user access by LDAP attribute
a49733 
- Reduced default timeout for detecting offline status with LDAP
a49733 
- GSSAPI ticket lifetime made configurable
a49733 
- Better offline->online transition support in Kerberos
a49733
a49733 
* Fri May 07 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.91-10
a49733 
- Release new upstream version 1.1.91
a49733 
- Enhancements when using SSSD with FreeIPA v2
a49733 
- Support for deferred kinit
a49733 
- Support for DNS SRV records for failover
a49733
a49733 
* Fri Apr 02 2010 Simo Sorce <ssorce@redhat.com> - 1.1.1-3
a49733 
- Bump up release number to avoid library sub-packages version issues with
a49733 
  previous releases.
a49733
a49733 
* Thu Apr 01 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.1-1
a49733 
- New upstream release 1.1.1
a49733 
- Fixed the IPA provider (which was segfaulting at start)
a49733 
- Fixed a bug in the SSSDConfig API causing some options to revert to
a49733 
- their defaults
a49733 
- This impacted the Authconfig UI
a49733 
- Ensure that SASL binds to LDAP auto-retry when interrupted by a signal
a49733
a49733 
* Tue Mar 23 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.0-2
a49733 
- Release SSSD 1.1.0 final
a49733 
- Fix two potential segfaults
a49733 
- Fix memory leak in monitor
a49733 
- Better error message for unusable confdb
a49733
a49733 
* Wed Mar 17 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.0-1.pre20100317git0ea7f19
a49733 
- Release candidate for SSSD 1.1
a49733 
- Add simple access provider
a49733 
- Create subpackages for libcollection, libini_config, libdhash and librefarray
a49733 
- Support IPv6
a49733 
- Support LDAP referrals
a49733 
- Fix cache issues
a49733 
- Better feedback from PAM when offline
a49733
a49733 
* Wed Feb 24 2010 Stephen Gallagehr <sgallagh@redhat.com> - 1.0.5-2
a49733 
- Rebuild against new libtevent
a49733
a49733 
* Fri Feb 19 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.5-1
a49733 
- Fix licenses in sources and on RPMs
a49733
a49733 
* Mon Jan 25 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.4-1
a49733 
- Fix regression on 64-bit platforms
a49733
a49733 
* Fri Jan 22 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.3-1
a49733 
- Fixes link error on platforms that do not do implicit linking
a49733 
- Fixes double-free segfault in PAM
a49733 
- Fixes double-free error in async resolver
a49733 
- Fixes support for TCP-based DNS lookups in async resolver
a49733 
- Fixes memory alignment issues on ARM processors
a49733 
- Manpage fixes
a49733
a49733 
* Thu Jan 14 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.2-1
a49733 
- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online
a49733 
- Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests
a49733 
- Several segfault bugfixes
a49733
a49733 
* Mon Jan 11 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.1-1
a49733 
- Fix CVE-2010-0014
a49733
a49733 
* Mon Dec 21 2009 Stephen Gallagher <sgallagh@redhat.com> - 1.0.0-2
a49733 
- Patch SSSDConfig API to address
a49733 
- https://bugzilla.redhat.com/show_bug.cgi?id=549482
a49733
a49733 
* Fri Dec 18 2009 Stephen Gallagher <sgallagh@redhat.com> - 1.0.0-1
a49733 
- New upstream stable release 1.0.0
a49733
a49733 
* Fri Dec 11 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.99.1-1
a49733 
- New upstream bugfix release 0.99.1
a49733
a49733 
* Mon Nov 30 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.99.0-1
a49733 
- New upstream release 0.99.0
a49733
a49733 
* Tue Oct 27 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.7.1-1
a49733 
- Fix segfault in sssd_pam when cache_credentials was enabled
a49733 
- Update the sample configuration
a49733 
- Fix upgrade issues caused by data provider service removal
a49733
a49733 
* Mon Oct 26 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.7.0-2
a49733 
- Fix upgrade issues from old (pre-0.5.0) releases of SSSD
a49733
a49733 
* Fri Oct 23 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.7.0-1
a49733 
- New upstream release 0.7.0
a49733
a49733 
* Thu Oct 15 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.6.1-2
a49733 
- Fix missing file permissions for sssd-clients
a49733
a49733 
* Tue Oct 13 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.6.1-1
a49733 
- Add SSSDConfig API
a49733 
- Update polish translation for 0.6.0
a49733 
- Fix long timeout on ldap operation
a49733 
- Make dp requests more robust
a49733
a49733 
* Tue Sep 29 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.6.0-1
a49733 
- Ensure that the configuration upgrade script always writes the config
a49733 
  file with 0600 permissions
a49733 
- Eliminate an infinite loop in group enumerations
a49733
a49733 
* Mon Sep 28 2009 Sumit Bose <sbose@redhat.com> - 0.6.0-0
a49733 
- New upstream release 0.6.0
a49733
a49733 
* Mon Aug 24 2009 Simo Sorce <ssorce@redhat.com> - 0.5.0-0
a49733 
- New upstream release 0.5.0
a49733
a49733 
* Wed Jul 29 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.4.1-4
a49733 
- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in
a49733 
  without a password. (Patch by Stephen Gallagher)
a49733
a49733 
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4.1-3
a49733 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
a49733
a49733 
* Mon Jun 22 2009 Simo Sorce <ssorce@redhat.com> - 0.4.1-2
a49733 
- Fix a couple of segfaults that may happen on reload
a49733
a49733 
* Thu Jun 11 2009 Simo Sorce <ssorce@redhat.com> - 0.4.1-1
a49733 
- add missing configure check that broke stopping the daemon
a49733 
- also fix default config to add a missing required option
a49733
a49733 
* Mon Jun  8 2009 Simo Sorce <ssorce@redhat.com> - 0.4.1-0
a49733 
- latest upstream release.
a49733 
- also add a patch that fixes debugging output (potential segfault)
a49733
a49733 
* Mon Apr 20 2009 Simo Sorce <ssorce@redhat.com> - 0.3.2-2
a49733 
- release out of the official 0.3.2 tarball
a49733
a49733 
* Mon Apr 20 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.3.2-1
a49733 
- bugfix release 0.3.2
a49733 
- includes previous release patches
a49733 
- change permissions of the /etc/sssd/sssd.conf to 0600
a49733
a49733 
* Tue Apr 14 2009 Simo Sorce <ssorce@redhat.com> - 0.3.1-2
a49733 
- Add last minute bug fixes, found in testing the package
a49733
a49733 
* Mon Apr 13 2009 Simo Sorce <ssorce@redhat.com> - 0.3.1-1
a49733 
- Version 0.3.1
a49733 
- includes previous release patches
a49733
a49733 
* Mon Apr 13 2009 Simo Sorce <ssorce@redhat.com> - 0.3.0-2
a49733 
- Try to fix build adding automake as an explicit BuildRequire
a49733 
- Add also a couple of last minute patches from upstream
a49733
a49733 
* Mon Apr 13 2009 Simo Sorce <ssorce@redhat.com> - 0.3.0-1
a49733 
- Version 0.3.0
a49733 
- Provides file based configuration and lots of improvements
a49733
a49733 
* Tue Mar 10 2009 Simo Sorce <ssorce@redhat.com> - 0.2.1-1
a49733 
- Version 0.2.1
a49733
a49733 
* Tue Mar 10 2009 Simo Sorce <ssorce@redhat.com> - 0.2.0-1
a49733 
- Version 0.2.0
a49733
a49733 
* Sun Mar 08 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.1.0-5.20090309git691c9b3
a49733 
- package git snapshot
a49733
a49733 
* Fri Mar 06 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.1.0-4
a49733 
- fixed items found during review
a49733 
- added initscript
a49733
a49733 
* Thu Mar 05 2009 Sumit Bose <sbose@redhat.com> - 0.1.0-3
a49733 
- added sss_client
a49733
a49733 
* Mon Feb 23 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.1.0-2
a49733 
- Small cleanup and fixes in the spec file
a49733
a49733 
* Thu Feb 12 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.1.0-1
a49733 
- Initial release (based on version 0.1.0 upstream code)

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation