rpms / sssd

Clone
Source Code
GIT

Blame SPECS/sssd.spec

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   5e7e84b9657f78fd549f8af232a5beca86135ce0
  2.   SPECS
  3.   sssd.spec
Blob History Raw
6ee0df 
# SSSD SPEC file for Fedora 34+ and RHEL-9+
6ee0df
6ee0df 
# define SSSD user
6ee0df 
%if 0%{?rhel}
6ee0df 
%global sssd_user sssd
6ee0df 
%else
6ee0df 
%global sssd_user root
6ee0df 
%endif
6ee0df
6ee0df 
# Set setuid bit on child helpers if we support non-root user.
6ee0df 
%if "%{sssd_user}" == "root"
6ee0df 
%global child_attrs 0750
6ee0df 
%else
6ee0df 
%global child_attrs 4750
6ee0df 
%endif
6ee0df
6ee0df 
# we don't want to provide private python extension libs
6ee0df 
%define __provides_exclude_from %{python3_sitearch}/.*\.so$
6ee0df
6ee0df 
%define _hardened_build 1
6ee0df
6ee0df 
# Determine the location of the LDB modules directory
6ee0df 
%global ldb_modulesdir %(pkg-config --variable=modulesdir ldb)
6ee0df 
%global ldb_version 1.2.0
6ee0df
6ee0df 
%global samba_package_version %(rpm -q samba-devel --queryformat %{version}-%{release})
6ee0df
6ee0df 
Name: sssd
6ee0df 
Version: 2.6.2
5e7e84 
Release: 4%{?dist}.1
6ee0df 
Summary: System Security Services Daemon
6ee0df 
License: GPLv3+
6ee0df 
URL: https://github.com/SSSD/sssd/
6ee0df 
Source0: https://github.com/SSSD/sssd/releases/download/%{version}/sssd-%{version}.tar.gz
6ee0df
6ee0df 
### Patches ###
6ee0df 
Patch0001: 0001-ipa-fix-reply-socket-of-selinux_child.patch
6ee0df 
Patch0002: 0002-po-update-translations.patch
6ee0df 
Patch0003: 0003-ad-add-required-cn-attribute-to-subdomain-object.patch
6ee0df 
Patch0004: 0004-krb5-AD-and-IPA-don-t-change-Kerberos-port.patch
7c2775 
Patch0005: 0005-Revert-usertools-force-local-user-for-sssd-process-u.patch
7c2775 
Patch0006: 0006-Revert-man-sssd.conf-and-sssd-ifp-clarify-user-optio.patch
5e7e84 
Patch0007: 0007-ad-use-right-sdap_domain-in-ad_domain_info_send.patch
5e7e84 
Patch0008: 0008-ad-add-fallback-in-ad_domain_info_send.patch
5e7e84 
Patch0009: 0009-pam_sss_gss-KRB5CCNAME-may-be-NULL.patch
6ee0df
6ee0df 
### Dependencies ###
6ee0df
6ee0df 
Requires: sssd-ad = %{version}-%{release}
6ee0df 
Requires: sssd-common = %{version}-%{release}
6ee0df 
Requires: sssd-ipa = %{version}-%{release}
6ee0df 
Requires: sssd-krb5 = %{version}-%{release}
6ee0df 
Requires: sssd-ldap = %{version}-%{release}
6ee0df 
Requires: sssd-proxy = %{version}-%{release}
6ee0df 
Suggests: logrotate
6ee0df 
Suggests: python3-sssdconfig = %{version}-%{release}
6ee0df 
Suggests: sssd-dbus = %{version}-%{release}
6ee0df
6ee0df 
%global servicename sssd
6ee0df 
%global sssdstatedir %{_localstatedir}/lib/sss
6ee0df 
%global dbpath %{sssdstatedir}/db
6ee0df 
%global keytabdir %{sssdstatedir}/keytabs
6ee0df 
%global pipepath %{sssdstatedir}/pipes
6ee0df 
%global mcpath %{sssdstatedir}/mc
6ee0df 
%global pubconfpath %{sssdstatedir}/pubconf
6ee0df 
%global gpocachepath %{sssdstatedir}/gpo_cache
6ee0df 
%global secdbpath %{sssdstatedir}/secrets
6ee0df 
%global deskprofilepath %{sssdstatedir}/deskprofile
6ee0df
6ee0df 
### Build Dependencies ###
6ee0df
6ee0df 
BuildRequires: autoconf
6ee0df 
BuildRequires: automake
6ee0df 
BuildRequires: bind-utils
6ee0df 
BuildRequires: c-ares-devel
6ee0df 
BuildRequires: check-devel
6ee0df 
BuildRequires: cifs-utils-devel
6ee0df 
BuildRequires: dbus-devel
6ee0df 
BuildRequires: docbook-style-xsl
6ee0df 
BuildRequires: doxygen
6ee0df 
BuildRequires: findutils
6ee0df 
BuildRequires: gcc
6ee0df 
BuildRequires: gdm-pam-extensions-devel
6ee0df 
BuildRequires: gettext-devel
6ee0df 
# required for p11_child smartcard tests
6ee0df 
BuildRequires: gnutls-utils
6ee0df 
BuildRequires: keyutils-libs-devel
6ee0df 
BuildRequires: krb5-devel
6ee0df 
BuildRequires: krb5-libs >= 1.18.2-11
6ee0df 
BuildRequires: libcmocka-devel >= 1.0.0
6ee0df 
BuildRequires: libdhash-devel >= 0.4.2
6ee0df 
BuildRequires: libini_config-devel >= 1.1
6ee0df 
BuildRequires: libldb-devel >= %{ldb_version}
6ee0df 
BuildRequires: libnfsidmap-devel
6ee0df 
BuildRequires: libnl3-devel
6ee0df 
BuildRequires: libselinux-devel
6ee0df 
BuildRequires: libsemanage-devel
6ee0df 
BuildRequires: libsmbclient-devel
6ee0df 
BuildRequires: libtalloc-devel
6ee0df 
BuildRequires: libtdb-devel
6ee0df 
BuildRequires: libtevent-devel
6ee0df 
BuildRequires: libtool
6ee0df 
BuildRequires: libuuid-devel
6ee0df 
BuildRequires: libxml2
6ee0df 
BuildRequires: libxslt
6ee0df 
BuildRequires: m4
6ee0df 
BuildRequires: make
6ee0df 
BuildRequires: nss_wrapper
6ee0df 
BuildRequires: openldap-devel
6ee0df 
BuildRequires: openssh
6ee0df 
BuildRequires: openssl
6ee0df 
BuildRequires: openssl-devel
6ee0df 
BuildRequires: p11-kit-devel
6ee0df 
BuildRequires: pam_wrapper
6ee0df 
BuildRequires: pam-devel
6ee0df 
BuildRequires: pcre2-devel
6ee0df 
BuildRequires: pkgconfig
6ee0df 
BuildRequires: popt-devel
6ee0df 
BuildRequires: python3-devel
6ee0df 
BuildRequires: samba-devel
6ee0df 
# required for idmap_sss.so
6ee0df 
BuildRequires: samba-winbind
6ee0df 
BuildRequires: selinux-policy-targeted
6ee0df 
# required for p11_child smartcard tests
6ee0df 
BuildRequires: softhsm >= 2.1.0
6ee0df 
BuildRequires: systemd-devel
6ee0df 
BuildRequires: systemtap-sdt-devel
6ee0df 
BuildRequires: uid_wrapper
6ee0df 
BuildRequires: po4a
6ee0df 
BuildRequires: libunistring-devel
6ee0df 
BuildRequires: shadow-utils-subid-devel
6ee0df
6ee0df 
%description
6ee0df 
Provides a set of daemons to manage access to remote directories and
6ee0df 
authentication mechanisms. It provides an NSS and PAM interface toward
6ee0df 
the system and a pluggable back end system to connect to multiple different
6ee0df 
account sources. It is also the basis to provide client auditing and policy
6ee0df 
services for projects like FreeIPA.
6ee0df
6ee0df 
The sssd subpackage is a meta-package that contains the daemon as well as all
6ee0df 
the existing back ends.
6ee0df
6ee0df 
%package common
6ee0df 
Summary: Common files for the SSSD
6ee0df 
License: GPLv3+
6ee0df 
# Requires
6ee0df 
# due to ABI changes in 1.1.30/1.2.0
6ee0df 
Requires: libldb >= %{ldb_version}
6ee0df 
Requires: libtevent >= 0.11.0
6ee0df 
Requires: sssd-client%{?_isa} = %{version}-%{release}
6ee0df 
Requires: (libsss_sudo = %{version}-%{release} if sudo)
6ee0df 
Requires: (libsss_autofs%{?_isa} = %{version}-%{release} if autofs)
6ee0df 
Requires: (sssd-nfs-idmap = %{version}-%{release} if libnfsidmap)
6ee0df 
Requires: libsss_idmap = %{version}-%{release}
6ee0df 
Requires: libsss_certmap = %{version}-%{release}
6ee0df 
%if 0%{?rhel}
6ee0df 
Requires(pre): shadow-utils
6ee0df 
%endif
6ee0df 
%{?systemd_requires}
6ee0df
6ee0df 
### Provides ###
6ee0df 
Provides: libsss_sudo-devel = %{version}-%{release}
6ee0df 
Obsoletes: libsss_sudo-devel <= 1.10.0-7%{?dist}.beta1
6ee0df
6ee0df 
%description common
6ee0df 
Common files for the SSSD. The common package includes all the files needed
6ee0df 
to run a particular back end, however, the back ends are packaged in separate
6ee0df 
subpackages such as sssd-ldap.
6ee0df
6ee0df 
%package client
6ee0df 
Summary: SSSD Client libraries for NSS and PAM
6ee0df 
License: LGPLv3+
6ee0df 
Requires: libsss_nss_idmap = %{version}-%{release}
6ee0df 
Requires: libsss_idmap = %{version}-%{release}
6ee0df 
Requires(post): /sbin/ldconfig
6ee0df 
Requires(post):  /usr/sbin/alternatives
6ee0df 
Requires(preun): /usr/sbin/alternatives
6ee0df
6ee0df 
%description client
6ee0df 
Provides the libraries needed by the PAM and NSS stacks to connect to the SSSD
6ee0df 
service.
6ee0df
6ee0df 
%package -n libsss_sudo
6ee0df 
Summary: A library to allow communication between SUDO and SSSD
6ee0df 
License: LGPLv3+
6ee0df 
Conflicts: sssd-common < %{version}-%{release}
6ee0df
6ee0df 
%description -n libsss_sudo
6ee0df 
A utility library to allow communication between SUDO and SSSD
6ee0df
6ee0df 
%package -n libsss_autofs
6ee0df 
Summary: A library to allow communication between Autofs and SSSD
6ee0df 
License: LGPLv3+
6ee0df 
Conflicts: sssd-common < %{version}-%{release}
6ee0df
6ee0df 
%description -n libsss_autofs
6ee0df 
A utility library to allow communication between Autofs and SSSD
6ee0df
6ee0df 
%package tools
6ee0df 
Summary: Userspace tools for use with the SSSD
6ee0df 
License: GPLv3+
6ee0df 
Requires: sssd-common = %{version}-%{release}
6ee0df 
# required by sss_obfuscate
6ee0df 
Requires: python3-sss = %{version}-%{release}
6ee0df 
Requires: python3-sssdconfig = %{version}-%{release}
6ee0df 
Requires: libsss_certmap = %{version}-%{release}
6ee0df 
# for logger=journald support with sss_analyze
6ee0df 
Requires: python3-systemd
6ee0df 
Requires: sssd-dbus
6ee0df
6ee0df 
%description tools
6ee0df 
Provides userspace tools for manipulating users, groups, and nested groups in
6ee0df 
SSSD when using id_provider = local in /etc/sssd/sssd.conf.
6ee0df
6ee0df 
Also provides several other administrative tools:
6ee0df 
    * sss_debuglevel to change the debug level on the fly
6ee0df 
    * sss_seed which pre-creates a user entry for use in kickstarts
6ee0df 
    * sss_obfuscate for generating an obfuscated LDAP password
6ee0df 
    * sssctl -- an sssd status and control utility
6ee0df
6ee0df 
%package -n python3-sssdconfig
6ee0df 
Summary: SSSD and IPA configuration file manipulation classes and functions
6ee0df 
License: GPLv3+
6ee0df 
BuildArch: noarch
6ee0df 
%{?python_provide:%python_provide python3-sssdconfig}
6ee0df
6ee0df 
%description -n python3-sssdconfig
6ee0df 
Provides python3 files for manipulation SSSD and IPA configuration files.
6ee0df
6ee0df 
%package -n python3-sss
6ee0df 
Summary: Python3 bindings for sssd
6ee0df 
License: LGPLv3+
6ee0df 
Requires: sssd-common = %{version}-%{release}
6ee0df 
%{?python_provide:%python_provide python3-sss}
6ee0df
6ee0df 
%description -n python3-sss
6ee0df 
Provides python3 module for manipulating users, groups, and nested groups in
6ee0df 
SSSD when using id_provider = local in /etc/sssd/sssd.conf.
6ee0df
6ee0df 
Also provides several other useful python3 bindings:
6ee0df 
    * function for retrieving list of groups user belongs to.
6ee0df 
    * class for obfuscation of passwords
6ee0df
6ee0df 
%package -n python3-sss-murmur
6ee0df 
Summary: Python3 bindings for murmur hash function
6ee0df 
License: LGPLv3+
6ee0df 
%{?python_provide:%python_provide python3-sss-murmur}
6ee0df
6ee0df 
%description -n python3-sss-murmur
6ee0df 
Provides python3 module for calculating the murmur hash version 3
6ee0df
6ee0df 
%package ldap
6ee0df 
Summary: The LDAP back end of the SSSD
6ee0df 
License: GPLv3+
6ee0df 
Requires: sssd-common = %{version}-%{release}
6ee0df 
Requires: sssd-krb5-common = %{version}-%{release}
6ee0df 
Requires: libsss_idmap = %{version}-%{release}
6ee0df 
Requires: libsss_certmap = %{version}-%{release}
6ee0df
6ee0df 
%description ldap
6ee0df 
Provides the LDAP back end that the SSSD can utilize to fetch identity data
6ee0df 
from and authenticate against an LDAP server.
6ee0df
6ee0df 
%package krb5-common
6ee0df 
Summary: SSSD helpers needed for Kerberos and GSSAPI authentication
6ee0df 
License: GPLv3+
6ee0df 
Requires: cyrus-sasl-gssapi%{?_isa}
6ee0df 
Requires: sssd-common = %{version}-%{release}
6ee0df
6ee0df 
%description krb5-common
6ee0df 
Provides helper processes that the LDAP and Kerberos back ends can use for
6ee0df 
Kerberos user or host authentication.
6ee0df
6ee0df 
%package krb5
6ee0df 
Summary: The Kerberos authentication back end for the SSSD
6ee0df 
License: GPLv3+
6ee0df 
Requires: sssd-common = %{version}-%{release}
6ee0df 
Requires: sssd-krb5-common = %{version}-%{release}
6ee0df
6ee0df 
%description krb5
6ee0df 
Provides the Kerberos back end that the SSSD can utilize authenticate
6ee0df 
against a Kerberos server.
6ee0df
6ee0df 
%package common-pac
6ee0df 
Summary: Common files needed for supporting PAC processing
6ee0df 
License: GPLv3+
6ee0df 
Requires: sssd-common = %{version}-%{release}
6ee0df 
Requires: libsss_idmap = %{version}-%{release}
6ee0df
6ee0df 
%description common-pac
6ee0df 
Provides common files needed by SSSD providers such as IPA and Active Directory
6ee0df 
for handling Kerberos PACs.
6ee0df
6ee0df 
%package ipa
6ee0df 
Summary: The IPA back end of the SSSD
6ee0df 
License: GPLv3+
6ee0df 
Requires: samba-client-libs >= %{samba_package_version}
6ee0df 
Requires: sssd-common = %{version}-%{release}
6ee0df 
Requires: sssd-krb5-common = %{version}-%{release}
6ee0df 
Requires: libipa_hbac%{?_isa} = %{version}-%{release}
6ee0df 
Requires: libsss_certmap = %{version}-%{release}
6ee0df 
Recommends: bind-utils
6ee0df 
Requires: sssd-common-pac = %{version}-%{release}
6ee0df 
Requires: libsss_idmap = %{version}-%{release}
6ee0df
6ee0df 
%description ipa
6ee0df 
Provides the IPA back end that the SSSD can utilize to fetch identity data
6ee0df 
from and authenticate against an IPA server.
6ee0df
6ee0df 
%package ad
6ee0df 
Summary: The AD back end of the SSSD
6ee0df 
License: GPLv3+
6ee0df 
Requires: samba-client-libs >= %{samba_package_version}
6ee0df 
Requires: sssd-common = %{version}-%{release}
6ee0df 
Requires: sssd-krb5-common = %{version}-%{release}
6ee0df 
Requires: sssd-common-pac = %{version}-%{release}
6ee0df 
Requires: libsss_idmap = %{version}-%{release}
6ee0df 
Requires: libsss_certmap = %{version}-%{release}
6ee0df 
Recommends: bind-utils
6ee0df 
Recommends: adcli
6ee0df 
Suggests: sssd-winbind-idmap = %{version}-%{release}
6ee0df
6ee0df 
%description ad
6ee0df 
Provides the Active Directory back end that the SSSD can utilize to fetch
6ee0df 
identity data from and authenticate against an Active Directory server.
6ee0df
6ee0df 
%package proxy
6ee0df 
Summary: The proxy back end of the SSSD
6ee0df 
License: GPLv3+
6ee0df 
Requires: sssd-common = %{version}-%{release}
6ee0df
6ee0df 
%description proxy
6ee0df 
Provides the proxy back end which can be used to wrap an existing NSS and/or
6ee0df 
PAM modules to leverage SSSD caching.
6ee0df
6ee0df 
%package -n libsss_idmap
6ee0df 
Summary: FreeIPA Idmap library
6ee0df 
License: LGPLv3+
6ee0df
6ee0df 
%description -n libsss_idmap
6ee0df 
Utility library to convert SIDs to Unix uids and gids
6ee0df
6ee0df 
%package -n libsss_idmap-devel
6ee0df 
Summary: FreeIPA Idmap library
6ee0df 
License: LGPLv3+
6ee0df 
Requires: libsss_idmap = %{version}-%{release}
6ee0df
6ee0df 
%description -n libsss_idmap-devel
6ee0df 
Utility library to SIDs to Unix uids and gids
6ee0df
6ee0df 
%package -n libipa_hbac
6ee0df 
Summary: FreeIPA HBAC Evaluator library
6ee0df 
License: LGPLv3+
6ee0df
6ee0df 
%description -n libipa_hbac
6ee0df 
Utility library to validate FreeIPA HBAC rules for authorization requests
6ee0df
6ee0df 
%package -n libipa_hbac-devel
6ee0df 
Summary: FreeIPA HBAC Evaluator library
6ee0df 
License: LGPLv3+
6ee0df 
Requires: libipa_hbac = %{version}-%{release}
6ee0df
6ee0df 
%description -n libipa_hbac-devel
6ee0df 
Utility library to validate FreeIPA HBAC rules for authorization requests
6ee0df
6ee0df 
%package -n python3-libipa_hbac
6ee0df 
Summary: Python3 bindings for the FreeIPA HBAC Evaluator library
6ee0df 
License: LGPLv3+
6ee0df 
Requires: libipa_hbac = %{version}-%{release}
6ee0df 
%{?python_provide:%python_provide python3-libipa_hbac}
6ee0df
6ee0df 
%description -n python3-libipa_hbac
6ee0df 
The python3-libipa_hbac contains the bindings so that libipa_hbac can be
6ee0df 
used by Python applications.
6ee0df
6ee0df 
%package -n libsss_nss_idmap
6ee0df 
Summary: Library for SID and certificate based lookups
6ee0df 
License: LGPLv3+
6ee0df
6ee0df 
%description -n libsss_nss_idmap
6ee0df 
Utility library for SID and certificate based lookups
6ee0df
6ee0df 
%package -n libsss_nss_idmap-devel
6ee0df 
Summary: Library for SID and certificate based lookups
6ee0df 
License: LGPLv3+
6ee0df 
Requires: libsss_nss_idmap = %{version}-%{release}
6ee0df
6ee0df 
%description -n libsss_nss_idmap-devel
6ee0df 
Utility library for SID and certificate based lookups
6ee0df
6ee0df 
%package -n python3-libsss_nss_idmap
6ee0df 
Summary: Python3 bindings for libsss_nss_idmap
6ee0df 
License: LGPLv3+
6ee0df 
Requires: libsss_nss_idmap = %{version}-%{release}
6ee0df 
%{?python_provide:%python_provide python3-libsss_nss_idmap}
6ee0df
6ee0df 
%description -n python3-libsss_nss_idmap
6ee0df 
The python3-libsss_nss_idmap contains the bindings so that libsss_nss_idmap can
6ee0df 
be used by Python applications.
6ee0df
6ee0df 
%package dbus
6ee0df 
Summary: The D-Bus responder of the SSSD
6ee0df 
License: GPLv3+
6ee0df 
Requires: sssd-common = %{version}-%{release}
6ee0df 
%{?systemd_requires}
6ee0df
6ee0df 
%description dbus
6ee0df 
Provides the D-Bus responder of the SSSD, called the InfoPipe, that allows
6ee0df 
the information from the SSSD to be transmitted over the system bus.
6ee0df
6ee0df 
%if 0%{?rhel}
6ee0df 
%package polkit-rules
6ee0df 
Summary: Rules for polkit integration for SSSD
6ee0df 
Group: Applications/System
6ee0df 
License: GPLv3+
6ee0df 
Requires: polkit >= 0.106
6ee0df 
Requires: sssd-common = %{version}-%{release}
6ee0df
6ee0df 
%description polkit-rules
6ee0df 
Provides rules for polkit integration with SSSD. This is required
6ee0df 
for smartcard support.
6ee0df 
%endif
6ee0df
6ee0df 
%package -n libsss_simpleifp
6ee0df 
Summary: The SSSD D-Bus responder helper library
6ee0df 
License: GPLv3+
6ee0df 
Requires: sssd-dbus = %{version}-%{release}
6ee0df
6ee0df 
%description -n libsss_simpleifp
6ee0df 
Provides library that simplifies D-Bus API for the SSSD InfoPipe responder.
6ee0df
6ee0df 
%package -n libsss_simpleifp-devel
6ee0df 
Summary: The SSSD D-Bus responder helper library
6ee0df 
License: GPLv3+
6ee0df 
Requires: dbus-devel
6ee0df 
Requires: libsss_simpleifp = %{version}-%{release}
6ee0df
6ee0df 
%description -n libsss_simpleifp-devel
6ee0df 
Provides library that simplifies D-Bus API for the SSSD InfoPipe responder.
6ee0df
6ee0df 
%package winbind-idmap
6ee0df 
Summary: SSSD's idmap_sss Backend for Winbind
6ee0df 
License: GPLv3+ and LGPLv3+
6ee0df 
Requires: libsss_nss_idmap = %{version}-%{release}
6ee0df 
Requires: libsss_idmap = %{version}-%{release}
6ee0df 
Conflicts: sssd-common < %{version}-%{release}
6ee0df
6ee0df 
%description winbind-idmap
6ee0df 
The idmap_sss module provides a way for Winbind to call SSSD to map UIDs/GIDs
6ee0df 
and SIDs.
6ee0df
6ee0df 
%package nfs-idmap
6ee0df 
Summary: SSSD plug-in for NFSv4 rpc.idmapd
6ee0df 
License: GPLv3+
6ee0df 
Conflicts: sssd-common < %{version}-%{release}
6ee0df
6ee0df 
%description nfs-idmap
6ee0df 
The libnfsidmap sssd module provides a way for rpc.idmapd to call SSSD to map
6ee0df 
UIDs/GIDs to names and vice versa. It can be also used for mapping principal
6ee0df 
(user) name to IDs(UID or GID) or to obtain groups which user are member of.
6ee0df
6ee0df 
%package -n libsss_certmap
6ee0df 
Summary: SSSD Certificate Mapping Library
6ee0df 
License: LGPLv3+
6ee0df 
Conflicts: sssd-common < %{version}-%{release}
6ee0df
6ee0df 
%description -n libsss_certmap
6ee0df 
Library to map certificates to users based on rules
6ee0df
6ee0df 
%package -n libsss_certmap-devel
6ee0df 
Summary: SSSD Certificate Mapping Library
6ee0df 
License: LGPLv3+
6ee0df 
Requires: libsss_certmap = %{version}-%{release}
6ee0df
6ee0df 
%description -n libsss_certmap-devel
6ee0df 
Library to map certificates to users based on rules
6ee0df
6ee0df 
%package kcm
6ee0df 
Summary: An implementation of a Kerberos KCM server
6ee0df 
License: GPLv3+
6ee0df 
Requires: sssd-common = %{version}-%{release}
6ee0df 
Requires: krb5-libs >= 1.18.2-11
6ee0df 
%{?systemd_requires}
6ee0df
6ee0df 
%description kcm
6ee0df 
An implementation of a Kerberos KCM server. Use this package if you want to
6ee0df 
use the KCM: Kerberos credentials cache.
6ee0df
6ee0df 
%prep
6ee0df 
%autosetup -p1
6ee0df
6ee0df 
%build
6ee0df
6ee0df 
autoreconf -ivf
6ee0df
6ee0df 
%configure \
6ee0df 
    --disable-rpath \
6ee0df 
    --disable-static \
6ee0df 
    --enable-gss-spnego-for-zero-maxssf \
6ee0df 
    --enable-nfsidmaplibdir=%{_libdir}/libnfsidmap \
6ee0df 
    --enable-nsslibdir=%{_libdir} \
6ee0df 
    --enable-pammoddir=%{_libdir}/security \
6ee0df 
    --enable-sss-default-nss-plugin \
6ee0df 
    --enable-systemtap \
6ee0df 
    --with-db-path=%{dbpath} \
6ee0df 
    --with-gpo-cache-path=%{gpocachepath} \
6ee0df 
    --with-init-dir=%{_initrddir} \
6ee0df 
    --with-initscript=systemd \
6ee0df 
    --with-krb5-rcache-dir=%{_localstatedir}/cache/krb5rcache \
6ee0df 
    --with-mcache-path=%{mcpath} \
6ee0df 
    --with-pid-path=%{_rundir} \
6ee0df 
    --with-pipe-path=%{pipepath} \
6ee0df 
    --with-pubconf-path=%{pubconfpath} \
6ee0df 
    --with-sssd-user=%{sssd_user} \
6ee0df 
    --with-syslog=journald \
6ee0df 
    --with-test-dir=/dev/shm \
6ee0df 
    --with-subid \
6ee0df 
%if 0%{?fedora}
6ee0df 
    --enable-files-domain \
6ee0df 
    --disable-polkit-rules-path \
6ee0df 
%endif
6ee0df 
    %{nil}
6ee0df
6ee0df 
%make_build all docs runstatedir=%{_rundir}
6ee0df 
make -C po ja.gmo
6ee0df 
make -C po fr.gmo
6ee0df 
make -C po ko.gmo
6ee0df 
make -C po zh_CN.gmo
6ee0df
6ee0df 
sed -i -e 's:/usr/bin/python:/usr/bin/python3:' src/tools/sss_obfuscate
6ee0df
6ee0df 
%check
6ee0df 
export CK_TIMEOUT_MULTIPLIER=10
6ee0df 
%make_build check VERBOSE=yes
6ee0df 
unset CK_TIMEOUT_MULTIPLIER
6ee0df
6ee0df 
%install
6ee0df
6ee0df 
%py3_shebang_fix src/tools/analyzer/sss_analyze
6ee0df
6ee0df 
%make_install
6ee0df
6ee0df 
# Prepare language files
6ee0df 
/usr/lib/rpm/find-lang.sh $RPM_BUILD_ROOT sssd
6ee0df
6ee0df 
# Copy default logrotate file
6ee0df 
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d
6ee0df 
install -m644 src/examples/logrotate $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/sssd
6ee0df
6ee0df 
# Make sure SSSD is able to run on read-only root
6ee0df 
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/rwtab.d
6ee0df 
install -m644 src/examples/rwtab $RPM_BUILD_ROOT%{_sysconfdir}/rwtab.d/sssd
6ee0df
6ee0df 
# Kerberos KCM credential cache by default
6ee0df 
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d
6ee0df 
cp $RPM_BUILD_ROOT/%{_datadir}/sssd-kcm/kcm_default_ccache \
6ee0df 
   $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/kcm_default_ccache
6ee0df
6ee0df 
# krb5 configuration snippet
6ee0df 
cp $RPM_BUILD_ROOT/%{_datadir}/sssd/krb5-snippets/enable_sssd_conf_dir \
6ee0df 
   $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/enable_sssd_conf_dir
6ee0df
6ee0df 
# Create directory for cifs-idmap alternative
6ee0df 
# Otherwise this directory could not be owned by sssd-client
6ee0df 
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/cifs-utils
6ee0df
6ee0df 
# Remove .la files created by libtool
6ee0df 
find $RPM_BUILD_ROOT -name "*.la" -exec rm -f {} \;
6ee0df
6ee0df 
# Suppress developer-only documentation
6ee0df 
rm -Rf ${RPM_BUILD_ROOT}/%{_docdir}/%{name}
6ee0df
6ee0df 
# Older versions of rpmbuild can only handle one -f option
6ee0df 
# So we need to append to the sssd*.lang file
6ee0df 
for file in `ls $RPM_BUILD_ROOT/%{python3_sitelib}/*.egg-info 2> /dev/null`
6ee0df 
do
6ee0df 
    echo %{python3_sitelib}/`basename $file` >> python3_sssdconfig.lang
6ee0df 
done
6ee0df
6ee0df 
touch sssd.lang
6ee0df 
for subpackage in sssd_ldap sssd_krb5 sssd_ipa sssd_ad sssd_proxy sssd_tools \
6ee0df 
                  sssd_client sssd_dbus sssd_nfs_idmap sssd_winbind_idmap \
6ee0df 
                  libsss_certmap sssd_kcm
6ee0df 
do
6ee0df 
    touch $subpackage.lang
6ee0df 
done
6ee0df
6ee0df 
for man in `find $RPM_BUILD_ROOT/%{_mandir}/??/man?/ -type f | sed -e "s#$RPM_BUILD_ROOT/%{_mandir}/##"`
6ee0df 
do
6ee0df 
    lang=`echo $man | cut -c 1-2`
6ee0df 
    case `basename $man` in
6ee0df 
        sss_cache*)
6ee0df 
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang
6ee0df 
            ;;
6ee0df 
        sss_ssh*)
6ee0df 
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang
6ee0df 
            ;;
6ee0df 
        sss_rpcidmapd*)
6ee0df 
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_nfs_idmap.lang
6ee0df 
            ;;
6ee0df 
        sss_*)
6ee0df 
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_tools.lang
6ee0df 
            ;;
6ee0df 
        sssctl*)
6ee0df 
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_tools.lang
6ee0df 
            ;;
6ee0df 
        sssd_krb5_*)
6ee0df 
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_client.lang
6ee0df 
            ;;
6ee0df 
        pam_sss*)
6ee0df 
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_client.lang
6ee0df 
            ;;
6ee0df 
        sssd-ldap*)
6ee0df 
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ldap.lang
6ee0df 
            ;;
6ee0df 
        sssd-krb5*)
6ee0df 
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_krb5.lang
6ee0df 
            ;;
6ee0df 
        sssd-ipa*)
6ee0df 
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ipa.lang
6ee0df 
            ;;
6ee0df 
        sssd-ad*)
6ee0df 
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ad.lang
6ee0df 
            ;;
6ee0df 
        sssd-proxy*)
6ee0df 
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_proxy.lang
6ee0df 
            ;;
6ee0df 
        sssd-ifp*)
6ee0df 
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_dbus.lang
6ee0df 
            ;;
6ee0df 
        sssd-kcm*)
6ee0df 
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_kcm.lang
6ee0df 
            ;;
6ee0df 
        idmap_sss*)
6ee0df 
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_winbind_idmap.lang
6ee0df 
            ;;
6ee0df 
        sss-certmap*)
6ee0df 
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> libsss_certmap.lang
6ee0df 
            ;;
6ee0df 
        *)
6ee0df 
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang
6ee0df 
            ;;
6ee0df 
    esac
6ee0df 
done
6ee0df
6ee0df 
# Print these to the rpmbuild log
6ee0df 
echo "sssd.lang:"
6ee0df 
cat sssd.lang
6ee0df
6ee0df 
echo "python3_sssdconfig.lang:"
6ee0df 
cat python3_sssdconfig.lang
6ee0df
6ee0df 
for subpackage in sssd_ldap sssd_krb5 sssd_ipa sssd_ad sssd_proxy sssd_tools \
6ee0df 
                  sssd_client sssd_dbus sssd_nfs_idmap sssd_winbind_idmap \
6ee0df 
                  libsss_certmap sssd_kcm
6ee0df 
do
6ee0df 
    echo "$subpackage.lang:"
6ee0df 
    cat $subpackage.lang
6ee0df 
done
6ee0df
6ee0df 
%files
6ee0df 
%license COPYING
6ee0df
6ee0df 
%files common -f sssd.lang
6ee0df 
%license COPYING
6ee0df 
%doc src/examples/sssd-example.conf
6ee0df 
%{_sbindir}/sssd
6ee0df 
%{_unitdir}/sssd.service
6ee0df 
%{_unitdir}/sssd-autofs.socket
6ee0df 
%{_unitdir}/sssd-autofs.service
6ee0df 
%{_unitdir}/sssd-nss.socket
6ee0df 
%{_unitdir}/sssd-nss.service
6ee0df 
%{_unitdir}/sssd-pac.socket
6ee0df 
%{_unitdir}/sssd-pac.service
6ee0df 
%{_unitdir}/sssd-pam.socket
6ee0df 
%{_unitdir}/sssd-pam-priv.socket
6ee0df 
%{_unitdir}/sssd-pam.service
6ee0df 
%{_unitdir}/sssd-ssh.socket
6ee0df 
%{_unitdir}/sssd-ssh.service
6ee0df 
%{_unitdir}/sssd-sudo.socket
6ee0df 
%{_unitdir}/sssd-sudo.service
6ee0df
6ee0df 
%dir %{_libexecdir}/%{servicename}
6ee0df 
%{_libexecdir}/%{servicename}/sssd_be
6ee0df 
%{_libexecdir}/%{servicename}/sssd_nss
6ee0df 
%{_libexecdir}/%{servicename}/sssd_pam
6ee0df 
%{_libexecdir}/%{servicename}/sssd_autofs
6ee0df 
%{_libexecdir}/%{servicename}/sssd_ssh
6ee0df 
%{_libexecdir}/%{servicename}/sssd_sudo
6ee0df 
%{_libexecdir}/%{servicename}/p11_child
6ee0df 
%{_libexecdir}/%{servicename}/sssd_check_socket_activated_responders
6ee0df
6ee0df 
%dir %{_libdir}/%{name}
6ee0df 
# The files provider is intentionally packaged in -common
6ee0df 
%{_libdir}/%{name}/libsss_files.so
6ee0df 
%{_libdir}/%{name}/libsss_simple.so
6ee0df
6ee0df 
#Internal shared libraries
6ee0df 
%{_libdir}/%{name}/libsss_child.so
6ee0df 
%{_libdir}/%{name}/libsss_crypt.so
6ee0df 
%{_libdir}/%{name}/libsss_cert.so
6ee0df 
%{_libdir}/%{name}/libsss_debug.so
6ee0df 
%{_libdir}/%{name}/libsss_krb5_common.so
6ee0df 
%{_libdir}/%{name}/libsss_ldap_common.so
6ee0df 
%{_libdir}/%{name}/libsss_util.so
6ee0df 
%{_libdir}/%{name}/libsss_semanage.so
6ee0df 
%{_libdir}/%{name}/libifp_iface.so
6ee0df 
%{_libdir}/%{name}/libifp_iface_sync.so
6ee0df 
%{_libdir}/%{name}/libsss_iface.so
6ee0df 
%{_libdir}/%{name}/libsss_iface_sync.so
6ee0df 
%{_libdir}/%{name}/libsss_sbus.so
6ee0df 
%{_libdir}/%{name}/libsss_sbus_sync.so
6ee0df
6ee0df 
%{ldb_modulesdir}/memberof.so
6ee0df 
%{_bindir}/sss_ssh_authorizedkeys
6ee0df 
%{_bindir}/sss_ssh_knownhostsproxy
6ee0df 
%{_sbindir}/sss_cache
6ee0df 
%{_libexecdir}/%{servicename}/sss_signal
6ee0df
6ee0df 
%dir %{sssdstatedir}
6ee0df 
%dir %{_localstatedir}/cache/krb5rcache
6ee0df 
%attr(700,%{sssd_user},%{sssd_user}) %dir %{dbpath}
6ee0df 
%attr(775,%{sssd_user},%{sssd_user}) %dir %{mcpath}
6ee0df 
%attr(700,root,root) %dir %{secdbpath}
6ee0df 
%attr(751,root,root) %dir %{deskprofilepath}
6ee0df 
%ghost %attr(0664,%{sssd_user},%{sssd_user}) %verify(not md5 size mtime) %{mcpath}/passwd
6ee0df 
%ghost %attr(0664,%{sssd_user},%{sssd_user}) %verify(not md5 size mtime) %{mcpath}/group
6ee0df 
%ghost %attr(0664,%{sssd_user},%{sssd_user}) %verify(not md5 size mtime) %{mcpath}/initgroups
6ee0df 
%attr(755,%{sssd_user},%{sssd_user}) %dir %{pipepath}
6ee0df 
%attr(750,%{sssd_user},root) %dir %{pipepath}/private
6ee0df 
%attr(755,%{sssd_user},%{sssd_user}) %dir %{pubconfpath}
6ee0df 
%attr(755,%{sssd_user},%{sssd_user}) %dir %{gpocachepath}
6ee0df 
%attr(750,%{sssd_user},%{sssd_user}) %dir %{_var}/log/%{name}
6ee0df 
%attr(700,%{sssd_user},%{sssd_user}) %dir %{_sysconfdir}/sssd
6ee0df 
%attr(711,%{sssd_user},%{sssd_user}) %dir %{_sysconfdir}/sssd/conf.d
6ee0df 
%attr(711,root,root) %dir %{_sysconfdir}/sssd/pki
6ee0df 
%ghost %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/sssd/sssd.conf
6ee0df 
%dir %{_sysconfdir}/logrotate.d
6ee0df 
%config(noreplace) %{_sysconfdir}/logrotate.d/sssd
6ee0df 
%dir %{_sysconfdir}/rwtab.d
6ee0df 
%config(noreplace) %{_sysconfdir}/rwtab.d/sssd
6ee0df 
%dir %{_datadir}/sssd
6ee0df 
%config(noreplace) %{_sysconfdir}/pam.d/sssd-shadowutils
6ee0df 
%dir %{_libdir}/%{name}/conf
6ee0df 
%{_libdir}/%{name}/conf/sssd.conf
6ee0df
6ee0df 
%{_datadir}/sssd/cfg_rules.ini
6ee0df 
%{_mandir}/man1/sss_ssh_authorizedkeys.1*
6ee0df 
%{_mandir}/man1/sss_ssh_knownhostsproxy.1*
6ee0df 
%{_mandir}/man5/sssd.conf.5*
6ee0df 
%{_mandir}/man5/sssd-files.5*
6ee0df 
%{_mandir}/man5/sssd-simple.5*
6ee0df 
%{_mandir}/man5/sssd-sudo.5*
6ee0df 
%{_mandir}/man5/sssd-session-recording.5*
6ee0df 
%{_mandir}/man8/sssd.8*
6ee0df 
%{_mandir}/man8/sss_cache.8*
6ee0df 
%dir %{_datadir}/sssd/systemtap
6ee0df 
%{_datadir}/sssd/systemtap/id_perf.stp
6ee0df 
%{_datadir}/sssd/systemtap/nested_group_perf.stp
6ee0df 
%{_datadir}/sssd/systemtap/dp_request.stp
6ee0df 
%{_datadir}/sssd/systemtap/ldap_perf.stp
6ee0df 
%dir %{_datadir}/systemtap
6ee0df 
%dir %{_datadir}/systemtap/tapset
6ee0df 
%{_datadir}/systemtap/tapset/sssd.stp
6ee0df 
%{_datadir}/systemtap/tapset/sssd_functions.stp
6ee0df 
%{_mandir}/man5/sssd-systemtap.5*
6ee0df
6ee0df 
%if 0%{?rhel}
6ee0df 
%files polkit-rules
6ee0df 
%{_datadir}/polkit-1/rules.d/*
6ee0df 
%endif
6ee0df
6ee0df 
%files ldap -f sssd_ldap.lang
6ee0df 
%license COPYING
6ee0df 
%{_libdir}/%{name}/libsss_ldap.so
6ee0df 
%{_mandir}/man5/sssd-ldap.5*
6ee0df 
%{_mandir}/man5/sssd-ldap-attributes.5*
6ee0df
6ee0df 
%files krb5-common
6ee0df 
%license COPYING
6ee0df 
%attr(755,%{sssd_user},%{sssd_user}) %dir %{pubconfpath}/krb5.include.d
6ee0df 
%attr(%{child_attrs},root,%{sssd_user}) %{_libexecdir}/%{servicename}/ldap_child
6ee0df 
%attr(%{child_attrs},root,%{sssd_user}) %{_libexecdir}/%{servicename}/krb5_child
6ee0df
6ee0df 
%files krb5 -f sssd_krb5.lang
6ee0df 
%license COPYING
6ee0df 
%{_libdir}/%{name}/libsss_krb5.so
6ee0df 
%{_mandir}/man5/sssd-krb5.5*
6ee0df 
%config(noreplace) %{_sysconfdir}/krb5.conf.d/enable_sssd_conf_dir
6ee0df 
%dir %{_datadir}/sssd/krb5-snippets
6ee0df 
%{_datadir}/sssd/krb5-snippets/enable_sssd_conf_dir
6ee0df
6ee0df 
%files common-pac
6ee0df 
%license COPYING
6ee0df 
%{_libexecdir}/%{servicename}/sssd_pac
6ee0df
6ee0df 
%files ipa -f sssd_ipa.lang
6ee0df 
%license COPYING
6ee0df 
%attr(700,%{sssd_user},%{sssd_user}) %dir %{keytabdir}
6ee0df 
%{_libdir}/%{name}/libsss_ipa.so
6ee0df 
%attr(%{child_attrs},root,%{sssd_user}) %{_libexecdir}/%{servicename}/selinux_child
6ee0df 
%{_mandir}/man5/sssd-ipa.5*
6ee0df
6ee0df 
%files ad -f sssd_ad.lang
6ee0df 
%license COPYING
6ee0df 
%{_libdir}/%{name}/libsss_ad.so
6ee0df 
%{_libexecdir}/%{servicename}/gpo_child
6ee0df 
%{_mandir}/man5/sssd-ad.5*
6ee0df
6ee0df 
%files proxy
6ee0df 
%license COPYING
6ee0df 
%attr(%{child_attrs},root,%{sssd_user}) %{_libexecdir}/%{servicename}/proxy_child
6ee0df 
%{_libdir}/%{name}/libsss_proxy.so
6ee0df
6ee0df 
%files dbus -f sssd_dbus.lang
6ee0df 
%license COPYING
6ee0df 
%{_libexecdir}/%{servicename}/sssd_ifp
6ee0df 
%{_mandir}/man5/sssd-ifp.5*
6ee0df 
%{_unitdir}/sssd-ifp.service
6ee0df 
# InfoPipe DBus plumbing
6ee0df 
%{_sysconfdir}/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
6ee0df 
%{_datadir}/dbus-1/system-services/org.freedesktop.sssd.infopipe.service
6ee0df
6ee0df 
%files -n libsss_simpleifp
6ee0df 
%{_libdir}/libsss_simpleifp.so.*
6ee0df
6ee0df 
%files -n libsss_simpleifp-devel
6ee0df 
%doc sss_simpleifp_doc/html
6ee0df 
%{_includedir}/sss_sifp.h
6ee0df 
%{_includedir}/sss_sifp_dbus.h
6ee0df 
%{_libdir}/libsss_simpleifp.so
6ee0df 
%{_libdir}/pkgconfig/sss_simpleifp.pc
6ee0df
6ee0df 
%files client -f sssd_client.lang
6ee0df 
%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
6ee0df 
%{_libdir}/libnss_sss.so.2
6ee0df 
%{_libdir}/libsubid_sss.so
6ee0df 
%{_libdir}/security/pam_sss.so
6ee0df 
%{_libdir}/security/pam_sss_gss.so
6ee0df 
%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so
6ee0df 
%{_libdir}/krb5/plugins/authdata/sssd_pac_plugin.so
6ee0df 
%dir %{_libdir}/cifs-utils
6ee0df 
%{_libdir}/cifs-utils/cifs_idmap_sss.so
6ee0df 
%dir %{_sysconfdir}/cifs-utils
6ee0df 
%ghost %{_sysconfdir}/cifs-utils/idmap-plugin
6ee0df 
%dir %{_libdir}/%{name}
6ee0df 
%dir %{_libdir}/%{name}/modules
6ee0df 
%{_libdir}/%{name}/modules/sssd_krb5_localauth_plugin.so
6ee0df 
%{_mandir}/man8/pam_sss.8*
6ee0df 
%{_mandir}/man8/pam_sss_gss.8*
6ee0df 
%{_mandir}/man8/sssd_krb5_locator_plugin.8*
6ee0df
6ee0df 
%files -n libsss_sudo
6ee0df 
%license src/sss_client/COPYING
6ee0df 
%{_libdir}/libsss_sudo.so*
6ee0df
6ee0df 
%files -n libsss_autofs
6ee0df 
%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
6ee0df 
%dir %{_libdir}/%{name}/modules
6ee0df 
%{_libdir}/%{name}/modules/libsss_autofs.so
6ee0df
6ee0df 
%files tools -f sssd_tools.lang
6ee0df 
%license COPYING
6ee0df 
%{_sbindir}/sss_obfuscate
6ee0df 
%{_sbindir}/sss_override
6ee0df 
%{_sbindir}/sss_debuglevel
6ee0df 
%{_sbindir}/sss_seed
6ee0df 
%{_sbindir}/sssctl
6ee0df 
%{_libexecdir}/%{servicename}/sss_analyze
6ee0df 
%{python3_sitelib}/sssd/
6ee0df 
%{_mandir}/man8/sss_obfuscate.8*
6ee0df 
%{_mandir}/man8/sss_override.8*
6ee0df 
%{_mandir}/man8/sss_debuglevel.8*
6ee0df 
%{_mandir}/man8/sss_seed.8*
6ee0df 
%{_mandir}/man8/sssctl.8*
6ee0df
6ee0df 
%files -n python3-sssdconfig -f python3_sssdconfig.lang
6ee0df 
%dir %{python3_sitelib}/SSSDConfig
6ee0df 
%{python3_sitelib}/SSSDConfig/*.py*
6ee0df 
%dir %{python3_sitelib}/SSSDConfig/__pycache__
6ee0df 
%{python3_sitelib}/SSSDConfig/__pycache__/*.py*
6ee0df 
%dir %{_datadir}/sssd
6ee0df 
%{_datadir}/sssd/sssd.api.conf
6ee0df 
%{_datadir}/sssd/sssd.api.d
6ee0df
6ee0df 
%files -n python3-sss
6ee0df 
%{python3_sitearch}/pysss.so
6ee0df
6ee0df 
%files -n python3-sss-murmur
6ee0df 
%{python3_sitearch}/pysss_murmur.so
6ee0df
6ee0df 
%files -n libsss_idmap
6ee0df 
%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
6ee0df 
%{_libdir}/libsss_idmap.so.*
6ee0df
6ee0df 
%files -n libsss_idmap-devel
6ee0df 
%doc idmap_doc/html
6ee0df 
%{_includedir}/sss_idmap.h
6ee0df 
%{_libdir}/libsss_idmap.so
6ee0df 
%{_libdir}/pkgconfig/sss_idmap.pc
6ee0df
6ee0df 
%files -n libipa_hbac
6ee0df 
%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
6ee0df 
%{_libdir}/libipa_hbac.so.*
6ee0df
6ee0df 
%files -n libipa_hbac-devel
6ee0df 
%doc hbac_doc/html
6ee0df 
%{_includedir}/ipa_hbac.h
6ee0df 
%{_libdir}/libipa_hbac.so
6ee0df 
%{_libdir}/pkgconfig/ipa_hbac.pc
6ee0df
6ee0df 
%files -n libsss_nss_idmap
6ee0df 
%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
6ee0df 
%{_libdir}/libsss_nss_idmap.so.*
6ee0df
6ee0df 
%files -n libsss_nss_idmap-devel
6ee0df 
%doc nss_idmap_doc/html
6ee0df 
%{_includedir}/sss_nss_idmap.h
6ee0df 
%{_libdir}/libsss_nss_idmap.so
6ee0df 
%{_libdir}/pkgconfig/sss_nss_idmap.pc
6ee0df
6ee0df 
%files -n python3-libsss_nss_idmap
6ee0df 
%{python3_sitearch}/pysss_nss_idmap.so
6ee0df
6ee0df 
%files -n python3-libipa_hbac
6ee0df 
%{python3_sitearch}/pyhbac.so
6ee0df
6ee0df 
%files winbind-idmap -f sssd_winbind_idmap.lang
6ee0df 
%dir %{_libdir}/samba/idmap
6ee0df 
%{_libdir}/samba/idmap/sss.so
6ee0df 
%{_mandir}/man8/idmap_sss.8*
6ee0df
6ee0df 
%files nfs-idmap -f sssd_nfs_idmap.lang
6ee0df 
%{_mandir}/man5/sss_rpcidmapd.5*
6ee0df 
%{_libdir}/libnfsidmap/sss.so
6ee0df
6ee0df 
%files -n libsss_certmap -f libsss_certmap.lang
6ee0df 
%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
6ee0df 
%{_libdir}/libsss_certmap.so.*
6ee0df 
%{_mandir}/man5/sss-certmap.5*
6ee0df
6ee0df 
%files -n libsss_certmap-devel
6ee0df 
%doc certmap_doc/html
6ee0df 
%{_includedir}/sss_certmap.h
6ee0df 
%{_libdir}/libsss_certmap.so
6ee0df 
%{_libdir}/pkgconfig/sss_certmap.pc
6ee0df
6ee0df 
%files kcm -f sssd_kcm.lang
6ee0df 
%{_libexecdir}/%{servicename}/sssd_kcm
6ee0df 
%config(noreplace) %{_sysconfdir}/krb5.conf.d/kcm_default_ccache
6ee0df 
%dir %{_datadir}/sssd-kcm
6ee0df 
%{_datadir}/sssd-kcm/kcm_default_ccache
6ee0df 
%{_unitdir}/sssd-kcm.socket
6ee0df 
%{_unitdir}/sssd-kcm.service
6ee0df 
%{_mandir}/man8/sssd-kcm.8*
6ee0df
6ee0df 
%if 0%{?rhel}
6ee0df 
%pre common
6ee0df 
getent group sssd >/dev/null || groupadd -r sssd
6ee0df 
getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssd
6ee0df 
%endif
6ee0df
6ee0df 
%post common
6ee0df 
%systemd_post sssd.service
6ee0df 
%systemd_post sssd-autofs.socket
6ee0df 
%systemd_post sssd-nss.socket
6ee0df 
%systemd_post sssd-pac.socket
6ee0df 
%systemd_post sssd-pam.socket
6ee0df 
%systemd_post sssd-pam-priv.socket
6ee0df 
%systemd_post sssd-ssh.socket
6ee0df 
%systemd_post sssd-sudo.socket
6ee0df
6ee0df 
%preun common
6ee0df 
%systemd_preun sssd.service
6ee0df 
%systemd_preun sssd-autofs.socket
6ee0df 
%systemd_preun sssd-nss.socket
6ee0df 
%systemd_preun sssd-pac.socket
6ee0df 
%systemd_preun sssd-pam.socket
6ee0df 
%systemd_preun sssd-pam-priv.socket
6ee0df 
%systemd_preun sssd-ssh.socket
6ee0df 
%systemd_preun sssd-sudo.socket
6ee0df
6ee0df 
%postun common
6ee0df 
%systemd_postun_with_restart sssd-autofs.socket
6ee0df 
%systemd_postun_with_restart sssd-nss.socket
6ee0df 
%systemd_postun_with_restart sssd-pac.socket
6ee0df 
%systemd_postun_with_restart sssd-pam.socket
6ee0df 
%systemd_postun_with_restart sssd-pam-priv.socket
6ee0df 
%systemd_postun_with_restart sssd-ssh.socket
6ee0df 
%systemd_postun_with_restart sssd-sudo.socket
6ee0df
6ee0df 
# Services have RefuseManualStart=true, therefore we can't request restart.
6ee0df 
%systemd_postun sssd-autofs.service
6ee0df 
%systemd_postun sssd-nss.service
6ee0df 
%systemd_postun sssd-pac.service
6ee0df 
%systemd_postun sssd-pam.service
6ee0df 
%systemd_postun sssd-ssh.service
6ee0df 
%systemd_postun sssd-sudo.service
6ee0df
6ee0df 
%post dbus
6ee0df 
%systemd_post sssd-ifp.service
6ee0df
6ee0df 
%preun dbus
6ee0df 
%systemd_preun sssd-ifp.service
6ee0df
6ee0df 
%postun dbus
6ee0df 
%systemd_postun_with_restart sssd-ifp.service
6ee0df
6ee0df 
%post kcm
6ee0df 
%systemd_post sssd-kcm.socket
6ee0df
6ee0df 
%preun kcm
6ee0df 
%systemd_preun sssd-kcm.socket
6ee0df
6ee0df 
%postun kcm
6ee0df 
%systemd_postun_with_restart sssd-kcm.socket
6ee0df 
%systemd_postun_with_restart sssd-kcm.service
6ee0df
6ee0df 
%post client
6ee0df 
%{?ldconfig}
6ee0df 
/usr/sbin/alternatives --install /etc/cifs-utils/idmap-plugin cifs-idmap-plugin %{_libdir}/cifs-utils/cifs_idmap_sss.so 20
6ee0df
6ee0df 
%preun client
6ee0df 
if [ $1 -eq 0 ] ; then
6ee0df 
        /usr/sbin/alternatives --remove cifs-idmap-plugin %{_libdir}/cifs-utils/cifs_idmap_sss.so
6ee0df 
fi
6ee0df
6ee0df 
%ldconfig_postun client
6ee0df
6ee0df 
%ldconfig_scriptlets -n libsss_sudo
6ee0df
6ee0df 
%ldconfig_scriptlets -n libipa_hbac
6ee0df
6ee0df 
%ldconfig_scriptlets -n libsss_idmap
6ee0df
6ee0df 
%ldconfig_scriptlets -n libsss_nss_idmap
6ee0df
6ee0df 
%ldconfig_scriptlets -n libsss_simpleifp
6ee0df
6ee0df 
%ldconfig_scriptlets -n libsss_certmap
6ee0df
6ee0df 
%posttrans common
6ee0df 
%systemd_postun_with_restart sssd.service
6ee0df
6ee0df 
%changelog
5e7e84 
* Thu Jun  2 2022 Alexey Tikhonov <atikhono@redhat.com> - 2.6.2-4.1
5e7e84 
- Resolves: rhbz#2072959 - Use right sdap_domain in ad_domain_info_send [rhel-9.0.0.z]
5e7e84 
- Resolves: rhbz#2089251 - pam_sss_gss ceased to work after upgrade to 8.6 [rhel-9.0.0.z]
5e7e84
7c2775 
* Mon Apr 25 2022 Alexey Tikhonov <atikhono@redhat.com> - 2.6.2-4
7c2775 
- Resolves: rhbz#2075539 - sssd_nss exiting (due to missing 'sssd' local user) making SSSD service to restart in a loop [rhel-9.0.0.z]
7c2775
6ee0df 
* Mon Jan 17 2022 Alexey Tikhonov <atikhono@redhat.com> - 2.6.2-2
6ee0df 
- Resolves: rhbz#2035244 - AD Domain in the AD Forest Missing after sssd latest update
6ee0df 
- Resolves: rhbz#2041560 - sssd does not use kerberos port that is set.
6ee0df
6ee0df 
* Mon Jan 03 2022 Alexey Tikhonov <atikhono@redhat.com> - 2.6.2-1
6ee0df 
- Resolves: rhbz#2011224 - Rebase SSSD for RHEL 9.0-GA
6ee0df 
- Resolves: rhbz#2017390 - [sssd] RHEL 9.0 GA Tier 0 Localization
6ee0df 
- Resolves: rhbz#2013263 - [RHEL9] Add ability to parse child log files
6ee0df 
- Resolves: rhbz#2013262 - [RHEL9] Add tevent chain ID logic into responders
6ee0df 
- Resolves: rhbz#1992432 - Add client certificate validation D-Bus API
6ee0df 
- Resolves: rhbz#1940517 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs
6ee0df
6ee0df 
* Mon Dec 06 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.6.1-1
6ee0df 
- Resolves: rhbz#2011224 - Rebase SSSD for RHEL 9.0-GA
6ee0df 
- Resolves: rhbz#1966201 - sssd: incorrect checks on length values during packet decoding in unpack_authtok()
6ee0df 
- Resolves: rhbz#977803 - incorrect checks of `strto*()` string to number convertion functions
6ee0df 
- Resolves: rhbz#1992432 - Add client certificate validation D-Bus API
6ee0df 
- Resolves: rhbz#1992973 - Lookup with fully-qualified name does not work with 'cache_first = True'
6ee0df 
- Resolves: rhbz#1996151 - Add support for CKM_RSA_PKCS in smart card authentication.
6ee0df 
- Resolves: rhbz#1998459 - 2.5.x based SSSD adds more AD domains than it should based on the configuration file (not trusted and from a different forest)
6ee0df 
- Resolves: rhbz#2000476 - disabled root ad domain causes subdomains to be marked offline
6ee0df 
- Resolves: rhbz#2014249 - Consistency in defaults between OpenSSH and SSSD
6ee0df 
- Resolves: rhbz#2029419 - 'exclude_groups' option provided in SSSD for session recording (tlog) doesn't work as expected
6ee0df
6ee0df 
* Mon Aug 16 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.5.2-5
6ee0df 
- Resolves: rhbz#1909755 - Suppress log message "[sssd] [service_signal_done] (0x0010): Unable to signal service [2]: No such file or directory" during logrote
6ee0df 
- Resolves: rhbz#1962123 - [sssd] RHEL 9.0 Beta Tier 0 Localization
6ee0df
6ee0df 
* Mon Aug 16 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.5.2-4
6ee0df 
- Resolves: rhbz#1973411 - CVE-2021-3621 sssd: shell command injection in sssctl [rhel-9]
6ee0df
6ee0df 
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 2.5.2-3
6ee0df 
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
6ee0df 
  Related: rhbz#1991688
6ee0df
6ee0df 
* Mon Aug 02 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.5.2-2
6ee0df 
- Resolves: rhbz#1803943 - [RFE] support subid ranges managed by FreeIPA
6ee0df
6ee0df 
* Fri Jul 16 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.5.2-1
6ee0df 
- Resolves: rhbz#1952922 - Rebase SSSD for RHEL 9-Beta
6ee0df 
- Resolves: rhbz#1975691 - covscan NULL pointer dereference cache_req_data_create()
6ee0df
6ee0df 
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.5.1-2
6ee0df 
- Rebuilt for RHEL 9 BETA for openssl 3.0
6ee0df 
  Related: rhbz#1971065
6ee0df
6ee0df 
* Mon Jun 14 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.5.1-1
6ee0df 
- Resolves: rhbz#1952922 - Rebase SSSD for RHEL 9-Beta
6ee0df 
- Resolves: rhbz#1938876 - review of important potential issues detected by static analyzers in sssd-2.4.1-1.el9
6ee0df 
- Resolves: rhbz#1942277 - Wrong default debug level of sssd tools
6ee0df
6ee0df 
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.4.2-4
6ee0df 
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
6ee0df
6ee0df 
* Wed Mar 31 2021 Pavel Březina <pbrezina@redhat.com> - 2.4.2-3
6ee0df 
- Add CAP_DAC_OVERRIDE to ifp service file if required by build configuration
6ee0df
6ee0df 
* Fri Feb 19 2021 Pavel Březina <pbrezina@redhat.com> - 2.4.2-2
6ee0df 
- Remove setuid from child binaries and relax requirement on python3-sssdconfig
6ee0df
6ee0df 
* Fri Feb 19 2021 Pavel Březina <pbrezina@redhat.com> - 2.4.2-1
6ee0df 
- Rebase to SSSD 2.4.2
6ee0df
6ee0df 
* Fri Feb 5 2021 Pavel Březina <pbrezina@redhat.com> - 2.4.1-1
6ee0df 
- Rebase to SSSD 2.4.1
6ee0df
6ee0df 
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.0-7
6ee0df 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
6ee0df
6ee0df 
* Fri Dec 11 2020 Pavel Březina <pbrezina@redhat.com> - 2.4.0-6
6ee0df 
- Improve sssd-kcm performance, fix upgrade with existing credentials (rhbz#1645624)
6ee0df
6ee0df 
* Mon Dec 7 2020 Pavel Březina <pbrezina@redhat.com> - 2.4.0-5
6ee0df 
- Improve sssd-kcm performance (rhbz#1645624)
6ee0df
6ee0df 
* Mon Nov 30 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.4.0-4
6ee0df 
- Rebuild for Fedora ELN
6ee0df
6ee0df 
* Tue Nov  3 2020 Petr Lautrbach <plautrba@redhat.com> - 2.4.0-3
6ee0df 
- Rebuild with libsemanage.so.2
6ee0df
6ee0df 
* Mon Oct 12 2020 Pavel Březina <pbrezina@redhat.com> - 2.4.0-2
6ee0df 
- Remove old patches
6ee0df
6ee0df 
* Mon Oct 12 2020 Pavel Březina <pbrezina@redhat.com> - 2.4.0-1
6ee0df 
- Rebase to SSSD 2.4.0
6ee0df
6ee0df 
* Tue Jul 28 2020 Pavel Březina <pbrezina@redhat.com> - 2.3.1-4
6ee0df 
- Actually include 2.3.1 source
6ee0df
6ee0df 
* Tue Jul 28 2020 Pavel Březina <pbrezina@redhat.com> - 2.3.1-3
6ee0df 
- Fix test compilation with check-0.15
6ee0df
6ee0df 
* Mon Jul 27 2020 Pavel Březina <pbrezina@redhat.com> - 2.3.1-2
6ee0df 
- Use correct run dir (RHBZ#1557622)
6ee0df
6ee0df 
* Fri Jul 24 2020 Pavel Březina <pbrezina@redhat.com> - 2.3.1-1
6ee0df 
- Rebase to SSSD 2.3.1
6ee0df
6ee0df 
* Fri Jul 24 2020 Merlin Mathesius <mmathesi@redhat.com> - 2.3.0-5
6ee0df 
- Minor ELN conditional fix
6ee0df
6ee0df 
* Tue Jul 14 2020 Tom Stellard <tstellar@redhat.com> - 2.3.0-4
6ee0df 
- Use make macros
6ee0df 
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
6ee0df
6ee0df 
* Wed Jul  1 2020 Jeff Law <law@redhat.com>
6ee0df 
- Disable LTO
6ee0df
6ee0df 
* Fri Jun 19 2020 Peter Jones <pjones@redhat.com>
6ee0df 
- Fix github url typo
6ee0df
6ee0df 
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 2.3.0-2
6ee0df 
- Rebuilt for Python 3.9
6ee0df
6ee0df 
* Wed May 20 2020 Pavel Březina <pbrezina@redhat.com> - 2.3.0-1
6ee0df 
- Rebase to SSSD 2.3.0
6ee0df
6ee0df 
* Fri Feb 28 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-14
6ee0df 
- Resolves: rhbz#1800567 - sssd fail to build in Fedora rawhide
6ee0df
6ee0df 
* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-13
6ee0df 
- Resolves: upstream#4159 - p11_child should have an option to skip
6ee0df 
                            C_WaitForSlotEvent if the PKCS#11 module does not
6ee0df 
                            implement it properly
6ee0df
6ee0df 
* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-12
6ee0df 
- Resolves: upstream#4135 - util/sss_ptr_hash.c: potential double free in
6ee0df 
                            `sss_ptr_hash_delete_cb()`
6ee0df
6ee0df 
* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-11
6ee0df 
- Resolves: upstream#4118 - sssd requires timed sudoers ldap entries to be
6ee0df 
  specified up to the seconds
6ee0df
6ee0df 
* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-11
6ee0df 
- Add sssd-dbus package as a dependency of sssd-tools
6ee0df
6ee0df 
* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-10
6ee0df 
- Resolves: upstream#4142 - sssd_be frequent crash
6ee0df
6ee0df 
* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-9
6ee0df 
- Resolves: upstream#4131 Force LDAPS over 636 with AD Provider
6ee0df
6ee0df 
* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-8
6ee0df 
- Resolves: upstream#3630 - Randomize ldap_connection_expire_timeout either
6ee0df 
                            by default or w/ a configure option
6ee0df
6ee0df 
* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-7
6ee0df 
- Resolves: upstream#4135 - util/sss_ptr_hash.c: potential double free in
6ee0df 
                            `sss_ptr_hash_delete_cb()`
6ee0df 
* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-6
6ee0df 
- Resolves: upstream#4088 - server/be: SIGTERM handling is incorrect
6ee0df
6ee0df 
* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-5
6ee0df 
- Resolves: upstream##4089 Watchdog implementation or usage is incorrect
6ee0df
6ee0df 
* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-4
6ee0df 
- Resolves: upstream#4126 pcscd rejecting sssd ldap_child as unauthorized
6ee0df
6ee0df 
* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-3
6ee0df 
- Resolves: upstream#4127 - [Doc]Provide explanation on escape character for
6ee0df 
                            match rules sss-certmap
6ee0df
6ee0df 
* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-2
6ee0df 
- Resolves: upstream#4129 - sssctl config-check command does not give proper
6ee0df 
                            error messages with line numbers
6ee0df
6ee0df 
* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-1
6ee0df 
- Update to latest released upstream version
6ee0df 
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_2_2_3.htm
6ee0df
6ee0df 
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.2-6
6ee0df 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
6ee0df
6ee0df 
* Fri Jan 24 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.2.2-5
6ee0df 
- Fix build against samba-4.12.0rc1
6ee0df
6ee0df 
* Fri Jan 24 2020 Mohan Boddu <mboddu@bhujji.com> - 2.2.2-4
6ee0df 
- Rebuild for samba-4.12.0rc1
6ee0df
6ee0df 
* Tue Oct 22 2019 Adam Williamson <awilliam@redhat.com> - 2.2.2-3
6ee0df 
- Resolves: rhbz#1755643 - Upgrade to sssd 2.2.2-1.fc30 breaks setting
6ee0df 
                           up FreeIPA replica in containers
6ee0df
6ee0df 
* Tue Oct 22 2019 Adam Williamson <awilliam@redhat.com> - 2.2.2-2
6ee0df 
- Resolves: rhbz#1757224 - Tickets act like they're expiring prematurely
6ee0df 
                           when using KCM cache
6ee0df
6ee0df 
* Wed Sep 11 2019 Michal Židek <mzidek@redhat.com> - 2.2.2-1
6ee0df 
- Update to latest released upstream version
6ee0df 
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_2_2_2.html
6ee0df 
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_2_2_1.html
6ee0df
6ee0df 
* Mon Aug 26 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.2.0-6
6ee0df 
- Rebuilding for libldb 2.0.5
6ee0df
6ee0df 
* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 2.2.0-5
6ee0df 
- Rebuilt for Python 3.8
6ee0df
6ee0df 
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.0-4
6ee0df 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
6ee0df
6ee0df 
* Fri Jul  5 2019 Jakub Hrozek <jhrozek@redhat.com> - 2.2.0-3
6ee0df 
- Resolves: rhbz#1721636 - sssd-kcm calls sssd-genconf which triggers
6ee0df 
                           nscd warning
6ee0df
6ee0df 
* Fri Jul  5 2019 Jakub Hrozek <jhrozek@redhat.com> - 2.2.0-2
6ee0df 
- Resolves: rhbz#1724717 - sssd-proxy crashes resolving groups with
6ee0df 
                           no members
6ee0df
6ee0df 
* Mon Jun 17 2019 Michal Židek <mzidek@redhat.com> - 2.2.0-1
6ee0df 
- Update to latest released upstream version
6ee0df 
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_2_2_0.html
6ee0df
6ee0df 
* Wed Mar 27 2019 Michal Židek <mzidek@redhat.com> - 2.1.0-2
6ee0df 
- Resolves: upstream#3867 - [RFE] Need an option in SSSD so that it will skip
6ee0df 
                             GPOs that have groupPolicyContainers unreadable
6ee0df 
                             by SSSD.
6ee0df 
- CVE-2018-16838
6ee0df
6ee0df 
* Wed Mar 27 2019 Michal Židek <mzidek@redhat.com> - 2.1.0-1
6ee0df 
- Update to latest released upstream version
6ee0df 
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_2_1_0.html
6ee0df
6ee0df 
* Wed Feb 13 2019 Sinny Kumari <skumari@redhat.com> - 2.0.0-9
6ee0df 
- Resolves: rhbz#1667444 -  sssd: make python3-sssdconfig as suggest
6ee0df
6ee0df 
* Wed Feb 13 2019 Adam Williamson <awilliam@redhat.com> - 2.0.0-8
6ee0df 
- Resolves: rhbz#1676946 - startup fail with status NOTIMPLEMENTED
6ee0df
6ee0df 
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.0-7
6ee0df 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
6ee0df
6ee0df 
* Wed Dec 12 2018 Adam Williamson <awilliam@redhat.com> - 2.0.0-6
6ee0df 
- Resolves: rhbz#1654537 - sbus: use 120 second default timeout
6ee0df 
- Backport two other patches from master to fix build with recent krb5
6ee0df
6ee0df 
* Wed Nov 07 2018 Michal Židek <mzidek@redhat.com> - 2.0.0-5
6ee0df 
- Resolves: rhbz#1629737 - sssd: Remove python2 (sub)packages from Fedora 30+
6ee0df
6ee0df 
* Wed Aug 29 2018 Michal Židek <mzidek@redhat.com> - 2.0.0-4
6ee0df 
- Resolves: upstream#3821 - crash related to sbus_router_destructor()
6ee0df 
- Resolves: upstream#3810 - sbus2: fix memory leak in sbus_message_bound_ref
6ee0df 
- Resolves: upstream#3819 - sssd only sets the SELinux login context if it
6ee0df 
                            differs from the default
6ee0df 
- Resolves: upstream#3807 - The sbus codegen script relies on "python" which
6ee0df 
                            might not be available on all distributions
6ee0df 
- Resolves: upstream#3820 - sudo: search with lower cased name for case
6ee0df 
                            insensitive domains
6ee0df 
- Resolves: upstream#3701 - [RFE] Allow changing default behavior of SSSD from
6ee0df 
                            an allow-any default to a deny-any default when it
6ee0df 
                            can't find any GPOs to apply to a user login.
6ee0df 
- Resolves: upstream#3828 - Invalid domain provider causes SSSD to abort
6ee0df 
                            startup
6ee0df 
- Resolves: upstream#3500 - Make sure sssd is a replacement for pam_pkcs11
6ee0df 
                            also for local account authentication
6ee0df 
- Resolves: upstream#3812 - sssd 2.0.0 segfaults on startup
6ee0df 
- Resolves: upstream#3826 - Remove references of sss_user/group/add/del
6ee0df 
                            commands in man pages since local provider is
6ee0df 
                            deprecated
6ee0df 
- Resolves: upstream#3827 - SSSD should log to syslog if a domain is not
6ee0df 
                            started due to a misconfiguration
6ee0df 
- Resolves: upstream#3830 - Printing incorrect information about domain with
6ee0df 
                            sssctl utility
6ee0df 
- Resolves: upstream#3489 - p11_child should work wit openssl1.0+
6ee0df 
- Resolves: upstream#3750 - [RFE] man 5 sssd-files should mention necessary
6ee0df 
                            changes in nsswitch.conf
6ee0df 
- Resovles: upstream#3650 - RFE: Require smartcard authentication
6ee0df 
- Resolves: upstream#3334 - sssctl config-check does not check any special
6ee0df 
                            characters in domain name of domain section
6ee0df 
- Resolves: upstream#3849 - Files: The files provider always enumerates
6ee0df 
                            which causes duplicate when running getent passwd
6ee0df 
- Related: upstream#3855 - session not recording for local user when groups
6ee0df 
                           defined
6ee0df 
- Resolves: upstream#3802 - Reuse sysdb_error_to_errno() outside sysdb
6ee0df 
- Related: upstream#3493 - Remove the pysss.local interface
6ee0df
6ee0df 
* Wed Aug 29 2018 Michal Židek <mzidek@redhat.com> - 2.0.0-3
6ee0df 
- Resolves: rhbz#1622760 - Console login as FreeIPA domain user fails in
6ee0df 
                           current Fedora Rawhide / 29
6ee0df
6ee0df 
* Wed Aug 29 2018 Michal Židek <mzidek@redhat.com> - 2.0.0-2
6ee0df 
- Fix linking issues
6ee0df
6ee0df 
* Tue Aug 14 2018 Michal Židek <mzidek@redhat.com> - 2.0.0-1
6ee0df 
- New upstream release 2.0.0
6ee0df
6ee0df 
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.16.2-6
6ee0df 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
6ee0df
6ee0df 
* Mon Jul 02 2018 Miro Hrončok <mhroncok@redhat.com> - 1.16.2-5
6ee0df 
- Rebuilt for Python 3.7
6ee0df
6ee0df 
* Mon Jun 25 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.2-4
6ee0df 
- Related: upstream#941 - return multiple server addresses to the Kerberos
6ee0df 
                          locator plugin
6ee0df 
- Related: upstream#3652 - kdcinfo doesn't get populated for other domains
6ee0df 
- Resolves: upstream#3747 - sss_ssh_authorizedkeys exits abruptly if SSHD
6ee0df 
                            closes its end of the pipe before reading all the
6ee0df 
                            SSH keys
6ee0df 
- Resolves: upstream#3607 - Handle conflicting e-mail addresses more gracefully
6ee0df 
- Resolves: upstream#3754 - SSSD AD uses LDAP filter to detect POSIX attributes
6ee0df 
                            stored in AD GC also for regular AD DC queries
6ee0df 
- Related: upstream#3219 - [RFE] Regular expression used in sssd.conf not being
6ee0df 
                           able to consume an @-sign in the user/group name.
6ee0df 
- Resolves: upstream#3766 - CVE-2018-10852: information leak from the sssd-sudo
6ee0df 
                            responder
6ee0df
6ee0df 
* Thu Jun 21 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.2-3
6ee0df 
- Resolves: rhbz#1591804 - something keeps /lib/libnss_systemd.so.2 open on
6ee0df 
                           minimal appliance image, breaking composes
6ee0df
6ee0df 
* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 1.16.2-2
6ee0df 
- Rebuilt for Python 3.7
6ee0df
6ee0df 
* Mon Jun 11 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.2-1
6ee0df 
- New upstream release 1.16.2
6ee0df 
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_2.html
6ee0df
6ee0df 
* Thu May 24 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-9
6ee0df 
- Related: upstream#3742 - Change of: User may not run sudo --> a password is
6ee0df 
                           required
6ee0df
6ee0df 
* Thu May 17 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-8
6ee0df 
- Revert 589d1a48 as the builders are back to f27
6ee0df
6ee0df 
* Wed May 16 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-7
6ee0df 
- Related: upstream#3436 - Certificates used in unit tests have limited
6ee0df 
                           lifetime
6ee0df 
- Add: "ExcludeArch: armv7hl"
6ee0df
6ee0df 
* Mon May 14 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-6
6ee0df 
- Related: upstream#3436 - Add openssl, openssh and nss-tools as BuildRequires
6ee0df
6ee0df 
* Mon May 14 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-5
6ee0df 
- Related: upstream#3436 - Certificates used in unit tests have limited
6ee0df 
                           lifetime
6ee0df 
- Resolves: upstream#3725 - sssd not honoring dyndns_server if the DNS update
6ee0df 
                            process is terminated with a signal
6ee0df 
- Resolves: upstream#3726 - SSSD with ID provider 'ad' should give a warning
6ee0df 
                            in case the ldap schema is manually changed to
6ee0df 
                            something different than 'ad'.
6ee0df 
- Related: upstream#2653 - Group renaming issue when "id_provider = ldap" is
6ee0df 
                           set.
6ee0df 
- Resolves: upstream#3719 - The SSSD IPA provider allocates information about
6ee0df 
                            external groups on a long lived memory context,
6ee0df 
                            causing memory growth of the sssd_be process
6ee0df 
- Resolves: upstream#3728 - Request by ID outside the min_id/max_id limit of a
6ee0df 
                            first domain does not reach the second domain
6ee0df 
- Resolves: upstream#3731 - nss_clear_netgroup_hash_table(): only remove
6ee0df 
                            entries from the hash table, do not free them
6ee0df 
- Resolves: upstream#3595 - ID override GID from Default Trust View is not
6ee0df 
                            properly resolved in case domain resolution order
6ee0df 
                            is set
6ee0df
6ee0df 
* Sat May 05 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-4
6ee0df 
- Resolves: rhbz#1574778 - sssd fails to download known_hosts from freeipa
6ee0df
6ee0df 
* Fri Apr 27 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-3
6ee0df 
- Resolves: upstream#3684 - A group is not updated if its member is removed
6ee0df 
                            with the cleanup task, but the group does not
6ee0df 
                            change
6ee0df 
- Resolves: upstream#3558 - sudo: report error when two rules share cn
6ee0df 
- Tone down shutdown messages for socket activated responders
6ee0df 
- IPA: Qualify the externalUser sudo attribute
6ee0df 
- Resolves: upstream#3550 - refresh_expired_interval does not work with
6ee0df 
                            netgrous in 1.15
6ee0df 
- Resolves: upstream#3402 - Support alternative sources for the files provider
6ee0df 
- Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option
6ee0df 
- Resolves: upstream#3679 - Make nss netgroup requests more robust
6ee0df 
- Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not
6ee0df 
                            configured
6ee0df 
- Resolves: upstream#3469 - extend sss-certmap man page regarding priority
6ee0df 
                            processing
6ee0df 
- Improve docs/debug message about GC detection
6ee0df 
- Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes
6ee0df 
                            list out of bound?
6ee0df 
- Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is
6ee0df 
                            set.
6ee0df 
- Document which principal does the AD provider use
6ee0df 
- Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is
6ee0df 
                            defined, but contains no SIDs
6ee0df 
- Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM
6ee0df 
- Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data
6ee0df 
                           Provider returned an error
6ee0df 
                           [org.freedesktop.sssd.Error.DataProvider.Fatal]
6ee0df 
- Add gcc to build dependencies
6ee0df
6ee0df 
* Fri Mar 30 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-2
6ee0df 
- Resolves: upstream#3573 - sssd won't show netgroups with blank domain
6ee0df 
- Resolves: upstream#3660 - confdb_expand_app_domains() always fails
6ee0df 
- Resolves: upstream#3658 - Application domain is not interpreted correctly
6ee0df 
- Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to
6ee0df 
                            json_loads()
6ee0df 
- Resolves: upstream#3386 - KCM: Payload buffer is too small
6ee0df 
- Resolves: upstream#3666 - Fix usage of str.decode() in our tests
6ee0df 
- A few KCM misc fixes
6ee0df
6ee0df 
* Fri Mar  9 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-1
6ee0df 
- New upstream release 1.16.1
6ee0df 
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html
6ee0df
6ee0df 
* Tue Feb 20 2018 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-13
6ee0df 
- Resolves: upstream#3621 - backport bug found by static analyzers
6ee0df
6ee0df 
* Wed Feb 14 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.0-12
6ee0df 
- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile
6ee0df 
                           with no specific host/hostgroup set
6ee0df 
- Resolves: upstream#3621 - FleetCommander integration must not require
6ee0df 
                            capability DAC_OVERRIDE
6ee0df
6ee0df 
* Wed Feb 07 2018 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-11
6ee0df 
- Resolves: upstream#3618 - selinux_child segfaults in a docker container
6ee0df
6ee0df 
* Tue Feb 06 2018 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-10
6ee0df 
- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl
6ee0df
6ee0df 
* Thu Jan 25 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.16.0-9
6ee0df 
- Fix systemd executions/requirements
6ee0df
6ee0df 
* Thu Jan 25 2018 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-8
6ee0df 
- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS
6ee0df
6ee0df 
* Thu Jan 11 2018 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-7
6ee0df 
- Fix building of sssd-nfs-idmap with libnfsidmap.so.1
6ee0df
6ee0df 
* Thu Jan 11 2018 Björn Esser <besser82@fedoraproject.org> - 1.16.0-6
6ee0df 
- Rebuilt for libnfsidmap.so.1
6ee0df
6ee0df 
* Mon Dec 04 2017 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-5
6ee0df 
- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in
6ee0df 
                            setnetgrent_result_timeout
6ee0df 
- Resolves: upstream#3588 - sssd_nss consumes more memory until restarted
6ee0df 
                            or machine swaps
6ee0df 
- Resolves: failure in glibc tests
6ee0df 
            https://sourceware.org/bugzilla/show_bug.cgi?id=22530
6ee0df 
- Resolves: upstream#3451 - When sssd is configured with id_provider proxy and
6ee0df 
                            auth_provider ldap, login fails if the LDAP server
6ee0df 
                            is not allowing anonymous binds
6ee0df 
- Resolves: upstream#3285 - SSSD needs restart after incorrect clock is
6ee0df 
                            corrected with AD
6ee0df 
- Resolves: upstream#3586 - Give a more detailed debug and system-log message
6ee0df 
                            if krb5_init_context() failed
6ee0df 
- Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet
6ee0df 
                           in /etc/systemd/system
6ee0df 
- Backport few upstream features from 1.16.1
6ee0df
6ee0df 
* Tue Nov 21 2017 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-4
6ee0df 
- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next
6ee0df
6ee0df 
* Fri Nov 17 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.16.0-3
6ee0df 
- Backport extended NSS API from upstream master branch
6ee0df
6ee0df 
* Fri Nov 03 2017 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-2
6ee0df 
- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade
6ee0df
6ee0df 
* Fri Oct 20 2017 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-1
6ee0df 
- New upstream release 1.16.0
6ee0df 
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html
6ee0df
6ee0df 
* Wed Oct 11 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-5
6ee0df 
- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when
6ee0df 
                           searching in local cache database access on
6ee0df 
                           the sock_file system_bus_socket
6ee0df
6ee0df 
* Mon Sep 11 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-4
6ee0df 
- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write
6ee0df 
                           access on the sock_file system_bus_socket
6ee0df 
- Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and
6ee0df 
                           fails to download desktop profile data
6ee0df 
- Resolves: upstream#3485 - getsidbyid does not work with 1.15.3
6ee0df 
- Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients
6ee0df 
                            after applying ID Views for them in IPA server
6ee0df 
- Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id
6ee0df 
                            mapping is applied
6ee0df
6ee0df 
* Fri Sep 01 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-3
6ee0df 
- Backport few upstream patches/fixes
6ee0df
6ee0df 
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.15.3-2
6ee0df 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
6ee0df
6ee0df 
* Tue Jul 25 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-1
6ee0df 
- New upstream release 1.15.3
6ee0df 
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html
6ee0df
6ee0df 
* Tue Jun 27 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-0.beta.5
6ee0df 
- Rebuild with libldb-1.2.0
6ee0df
6ee0df 
* Tue Jun 27 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-0.beta.4
6ee0df 
- Fix build issues: Update expided certificate in unit tests
6ee0df
6ee0df 
* Sat Apr 29 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-0.beta.3
6ee0df 
- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication
6ee0df 
- Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with
6ee0df 
                           file from package sssd-common-1.15.1-1.fc25.x86_64
6ee0df 
- Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4
6ee0df
6ee0df 
* Thu Apr 06 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-0.beta.2
6ee0df 
- Fix issue with IPA + SELinux in containers
6ee0df 
- Resolves: upstream https://fedorahosted.org/sssd/ticket/3297
6ee0df
6ee0df 
* Tue Apr 04 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-0.beta.1
6ee0df 
- Backport upstream patches for 1.15.3 pre-release
6ee0df 
- required for building freeipa-4.5.x in rawhide
6ee0df
6ee0df 
* Thu Mar 16 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.2-1
6ee0df 
- New upstream release 1.15.2
6ee0df 
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html
6ee0df
6ee0df 
* Mon Mar 06 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.1-1
6ee0df 
- New upstream release 1.15.1
6ee0df 
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html
6ee0df
6ee0df 
* Wed Feb 22 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.0-4
6ee0df 
- Cherry-pick patches from upstream that enable the files provider
6ee0df 
- Enable the files domain
6ee0df 
- Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch
6ee0df 
  which is superseded by the files domain autoconfiguration
6ee0df 
- Related: rhbz#1357418 - SSSD fast cache for local users
6ee0df
6ee0df 
* Tue Feb 14 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.0-3
6ee0df 
- Add missing %%license macro
6ee0df
6ee0df 
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.15.0-2
6ee0df 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
6ee0df
6ee0df 
* Fri Jan 27 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.0-1
6ee0df 
- New upstream release 1.15.0
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0
6ee0df
6ee0df 
* Mon Dec 19 2016 Miro Hrončok <mhroncok@redhat.com> - 1.14.2-3
6ee0df 
- Rebuild for Python 3.6
6ee0df
6ee0df 
* Tue Dec 13 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.2-2
6ee0df 
- Resolves: rhbz#1369130 - nss_sss should not link against libpthread
6ee0df 
- Resolves: rhbz#1392916 - sssd failes to start after update
6ee0df 
- Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses
6ee0df 
                           on the directory /etc/sssd
6ee0df
6ee0df 
* Thu Oct 20 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.2-1
6ee0df 
- New upstream release 1.14.2
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2
6ee0df
6ee0df 
* Fri Oct 14 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.1-4
6ee0df 
- libwbclient-sssd: update interface to version 0.13
6ee0df
6ee0df 
* Thu Sep 22 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.1-3
6ee0df 
- Fix regression with krb5_map_user
6ee0df 
- Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore
6ee0df 
- Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError:
6ee0df 
                           default if nonexistent domain is mentioned
6ee0df
6ee0df 
* Thu Sep 01 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.1-2
6ee0df 
- Backport important patches from upstream 1.14.2 prerelease
6ee0df 
- Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after
6ee0df 
                             boot
6ee0df 
- Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14
6ee0df
6ee0df 
* Fri Aug 19 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.1-1
6ee0df 
- New upstream release 1.14.0
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1
6ee0df
6ee0df 
* Mon Aug 15 2016 Stephen Gallagher <sgallagh@redhat.com> - 1.14.0-5
6ee0df 
- Add workaround patch for RHBZ #1366403
6ee0df
6ee0df 
* Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.14.0-4
6ee0df 
- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
6ee0df
6ee0df 
* Fri Jul 08 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.0-3
6ee0df 
- New upstream release 1.14.0
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0
6ee0df
6ee0df 
* Fri Jul 01 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.0-2.beta
6ee0df 
- New upstream release 1.14 beta
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta
6ee0df
6ee0df 
* Tue Jun 21 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.0-1.alpha
6ee0df 
- New upstream release 1.14 alpha
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha
6ee0df
6ee0df 
* Fri May 13 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.4-3
6ee0df 
- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element():
6ee0df 
                           sssd_ifp killed by SIGSEGV
6ee0df
6ee0df 
* Fri Apr 22 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.4-2
6ee0df 
- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6
6ee0df
6ee0df 
* Thu Apr 14 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.4-1
6ee0df 
- New upstream release 1.13.4
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4
6ee0df
6ee0df 
* Tue Mar 22 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.3-6
6ee0df 
- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password
6ee0df 
                           prompts (e.g. Password + Token)
6ee0df 
- Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed
6ee0df 
                           by remote host" if locale not available
6ee0df
6ee0df 
* Thu Feb 25 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.3-5
6ee0df 
- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA
6ee0df 
                           groups during getgrnam and getgrgid
6ee0df 
- Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses
6ee0df 
                           in call to 'print'
6ee0df
6ee0df 
* Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.13.3-4
6ee0df 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
6ee0df
6ee0df 
* Wed Jan 20 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.3-3
6ee0df 
- Additional upstream fixes
6ee0df
6ee0df 
* Tue Jan 19 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.3-2
6ee0df 
- Resolves: rhbz#1256849 - SUDO: Support the IPA schema
6ee0df
6ee0df 
* Wed Dec 16 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.3-1
6ee0df 
- New upstream release 1.13.3
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3
6ee0df
6ee0df 
* Fri Nov 20 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.2-1
6ee0df 
- New upstream release 1.13.2
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2
6ee0df
6ee0df 
* Fri Nov 06 2015 Robert Kuska <rkuska@redhat.com> - 1.13.1-5
6ee0df 
- Rebuilt for Python3.5 rebuild
6ee0df
6ee0df 
* Tue Oct 27 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.1-4
6ee0df 
- Fix building pac responder with the krb5-1.14
6ee0df
6ee0df 
* Mon Oct 19 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.1-3
6ee0df 
- python-sssdconfig: Fix parssing sssd.conf without config_file_version
6ee0df 
- Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed
6ee0df
6ee0df 
* Wed Oct 07 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.1-2
6ee0df 
- Fix few segfaults
6ee0df 
- Resolves: upstream #2811 - PAM responder crashed if user was not set
6ee0df 
- Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step
6ee0df
6ee0df 
* Thu Oct 01 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.1-1
6ee0df 
- New upstream release 1.13.1
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1
6ee0df
6ee0df 
* Thu Sep 10 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.0-6
6ee0df 
- Fix OTP bug
6ee0df 
- Resolves: upstream #2729 - Do not send SSS_OTP if both factors were
6ee0df 
                             entered separately
6ee0df
6ee0df 
* Mon Sep 07 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.0-5
6ee0df 
- Backport upstream patches required by FreeIPA 4.2.1
6ee0df
6ee0df 
* Tue Jul 21 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.0-4
6ee0df 
- Fix ipa-migration bug
6ee0df 
- Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled
6ee0df 
                             migration mode
6ee0df
6ee0df 
* Wed Jul 08 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.0-3
6ee0df 
- New upstream release 1.13.0
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0
6ee0df
6ee0df 
* Tue Jun 30 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.0-2.alpha
6ee0df 
- Unify return type of list_active_domains for python{2,3}
6ee0df
6ee0df 
* Mon Jun 22 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.0-1.alpha
6ee0df 
- New upstream release 1.13 alpha
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha
6ee0df
6ee0df 
* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.12.5-4
6ee0df 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
6ee0df
6ee0df 
* Fri Jun 12 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.5-3
6ee0df 
- Fix libwbclient alternatives
6ee0df
6ee0df 
* Fri Jun 12 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.5-2
6ee0df 
- Backport important patches from upstream 1.13 prerelease
6ee0df
6ee0df 
* Fri Jun 12 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.5-1
6ee0df 
- New upstream release 1.12.5
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5
6ee0df
6ee0df 
* Fri May 08 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.4-8
6ee0df 
- Backport important patches from upstream 1.13 prerelease
6ee0df 
- Resolves: rhbz#1060325 - Does sssd-ad use the most suitable
6ee0df 
                           attribute for group name
6ee0df 
- Resolves: upstream #2335 - Investigate using the krb5 responder
6ee0df 
                             for driving the PAM conversation with OTPs
6ee0df 
- Enable cmocka tests for secondary architectures
6ee0df
6ee0df 
* Fri May 08 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.4-7
6ee0df 
- Backport patches from upstream 1.12.5 prerelease - contains many fixes
6ee0df
6ee0df 
* Wed Apr 15 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.4-6
6ee0df 
- Fix slow login with ipa and SELinux
6ee0df 
- Resolves: upstream #2624 - Only set the selinux context if the context
6ee0df 
                             differs from the local one
6ee0df
6ee0df 
* Mon Mar 23 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.4-5
6ee0df 
- Fix regressions with ipa and SELinux
6ee0df 
- Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security
6ee0df 
                             context on client is staff_u
6ee0df
6ee0df 
* Fri Mar  6 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.12.4-4
6ee0df 
- Also relax libldb Requires
6ee0df 
- Remove --enable-ldb-version-check
6ee0df
6ee0df 
* Fri Mar  6 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.12.4-3
6ee0df 
- Relax libldb BuildRequires to be greater-or-equal
6ee0df
6ee0df 
* Wed Feb 25 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.4-2
6ee0df 
- Add support for python3 bindings
6ee0df 
- Add requirement to python3 or python3 bindings
6ee0df 
- Resolves: rhbz#1014594 - sssd: Support Python 3
6ee0df
6ee0df 
* Wed Feb 18 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.4-1
6ee0df 
- New upstream release 1.12.4
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4
6ee0df
6ee0df 
* Sat Feb 14 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.3-7
6ee0df 
- Backport patches with Python3 support from upstream
6ee0df
6ee0df 
* Thu Feb 12 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.3-6
6ee0df 
- Fix double free in monitor
6ee0df 
- Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort():
6ee0df 
                        sssd killed by SIGABRT
6ee0df
6ee0df 
* Wed Jan 28 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.12.3-5
6ee0df 
- Rebuild for new libldb
6ee0df
6ee0df 
* Thu Jan 22 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.3-4
6ee0df 
- Decrease priority of sssd-libwbclient 20 -> 5
6ee0df 
- It should be lower than priority of samba veriosn of libwbclient.
6ee0df 
- https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18
6ee0df
6ee0df 
* Mon Jan 19 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.3-3
6ee0df 
- Apply a number of patches from upstream to fix issues found 1.12.3
6ee0df 
- Resolves: rhbz#1176373 - dyndns_iface does not accept multiple
6ee0df 
                           interfaces, or isn't documented to be able to
6ee0df 
- Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is
6ee0df 
                          not running
6ee0df 
- Resolves: upstream #2557  authentication failure with user from AD
6ee0df
6ee0df 
* Fri Jan 09 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.3-2
6ee0df 
- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus
6ee0df 
- Resolves: rhbz#1179379 - gzip: stdin: file size changed while
6ee0df 
                           zipping when rotating logfile
6ee0df
6ee0df 
* Thu Jan 08 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.3-1
6ee0df 
- New upstream release 1.12.3
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3
6ee0df 
- Fix spelling errors in description (fedpkg lint)
6ee0df
6ee0df 
* Tue Jan  6 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.2-8
6ee0df 
- Rebuild for libldb 1.1.19
6ee0df
6ee0df 
* Fri Dec 19 2014 Sumit Bose <sbose@redhat.com> - 1.12.2-7
6ee0df 
- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes
6ee0df 
                           crash in wbinfo
6ee0df 
                           - in addition to the patch libwbclient.so is
6ee0df 
                             filtered out of the Provides list of the package
6ee0df
6ee0df 
* Wed Dec 17 2014 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.2-6
6ee0df 
- Fix regressions and bugs in sssd upstream 1.12.2
6ee0df 
- https://fedorahosted.org/sssd/ticket/{id}
6ee0df 
- Regressions: #2471, #2475, #2483, #2487, #2529, #2535
6ee0df 
- Bugs: #2287, #2445
6ee0df
6ee0df 
* Sun Dec  7 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-5
6ee0df 
- Rebuild for libldb 1.1.18
6ee0df
6ee0df 
* Wed Nov 26 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-4
6ee0df 
- Fix typo in libwbclient-devel %%preun
6ee0df
6ee0df 
* Tue Nov 25 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-3
6ee0df 
- Use alternatives for libwbclient
6ee0df
6ee0df 
* Wed Oct 22 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-2
6ee0df 
- Backport several patches from upstream.
6ee0df 
- Fix a potential crash against old (pre-4.0) IPA servers
6ee0df
6ee0df 
* Mon Oct 20 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-1
6ee0df 
- New upstream release 1.12.2
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2
6ee0df
6ee0df 
* Mon Sep 15 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.1-2
6ee0df 
- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user
6ee0df 
                           private group from server
6ee0df
6ee0df 
* Mon Sep  8 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.1-1
6ee0df 
- New upstream release 1.12.1
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1
6ee0df
6ee0df 
* Fri Aug 22 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.0-7
6ee0df 
- Do not crash on resolving a group SID in IPA server mode
6ee0df
6ee0df 
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.12.0-6
6ee0df 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
6ee0df
6ee0df 
* Thu Jul 10 2014 Stephen Gallagher <sgallagh@redhat.com> 1.12.0-5
6ee0df 
- Fix release version for upgrades
6ee0df
6ee0df 
* Wed Jul 09 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.0-1
6ee0df 
- New upstream release 1.12.0
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0
6ee0df
6ee0df 
* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.12.0-4.beta2
6ee0df 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
6ee0df
6ee0df 
* Wed Jun 04 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.0-1.beta2
6ee0df 
- New upstream release 1.12 beta2
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2
6ee0df
6ee0df 
* Mon Jun 02 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.0-2.beta1
6ee0df 
- Fix tests on big-endian
6ee0df 
- Fix previous changelog entry
6ee0df
6ee0df 
* Fri May 30 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.0-1.beta1
6ee0df 
- New upstream release 1.12 beta1
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1
6ee0df
6ee0df 
* Thu May 29 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.5.1-4
6ee0df 
- Rebuild against new ding-libs
6ee0df
6ee0df 
* Thu May 08 2014 Stephen Gallagher <sgallagh@redhat.com> - 1.11.5.1-3
6ee0df 
- Make LDB dependency a strict equivalency
6ee0df
6ee0df 
* Thu May 08 2014 Stephen Gallagher <sgallagh@redhat.com> - 1.11.5.1-2
6ee0df 
- Rebuild against new libldb
6ee0df
6ee0df 
* Fri Apr 11 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.5.1-1
6ee0df 
- New upstream release 1.11.5.1
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1
6ee0df
6ee0df 
* Thu Apr 10 2014 Stephen Gallagher <sgallagh@redhat.com> 1.11.5-2
6ee0df 
- Fix bug in generation of systemd unit file
6ee0df
6ee0df 
* Tue Apr 08 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.5-1
6ee0df 
- New upstream release 1.11.5
6ee0df 
- Remove upstreamed patch
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5
6ee0df
6ee0df 
* Thu Mar 13 2014 Sumit Bose <sbose@redhat.com> - 1.11.4-3
6ee0df 
- Handle new error code for IPA password migration
6ee0df
6ee0df 
* Tue Mar 11 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.4-2
6ee0df 
- Include couple of patches from upstream 1.11 branch
6ee0df
6ee0df 
* Mon Feb 17 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.4-1
6ee0df 
- New upstream release 1.11.4
6ee0df 
- Remove upstreamed patch
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4
6ee0df
6ee0df 
* Tue Feb 11 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.3-2
6ee0df 
- Handle OTP response from FreeIPA server gracefully
6ee0df
6ee0df 
* Wed Oct 30 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.3-1
6ee0df 
- New upstream release 1.11.3
6ee0df 
- Remove upstreamed patches
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3
6ee0df
6ee0df 
* Wed Oct 30 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-1
6ee0df 
- New upstream release 1.11.2
6ee0df 
- Remove upstreamed patches
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2
6ee0df
6ee0df 
* Wed Oct 16 2013 Sumit Bose <sbose@redhat.com> - 1.11.1-5
6ee0df 
- Fix potential crash with external groups in trusted IPA-AD setup
6ee0df
6ee0df 
* Mon Oct 14 2013 Sumit Bose <sbose@redhat.com> - 1.11.1-4
6ee0df 
- Add plugin for cifs-utils
6ee0df 
- Resolves: rhbz#998544
6ee0df
6ee0df 
* Tue Oct 08 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.1-3
6ee0df 
- Fix failover from Global Catalog to LDAP in case GC is not available
6ee0df
6ee0df 
* Fri Oct 04 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.1-2
6ee0df 
- Remove the ability to create public ccachedir (#1015089)
6ee0df
6ee0df 
* Fri Sep 27 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.1-1
6ee0df 
- New upstream release 1.11.1
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1
6ee0df
6ee0df 
* Thu Sep 26 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0-3
6ee0df 
- Fix multicast checks in the SSSD
6ee0df 
- Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source
6ee0df 
                           code getting the host info
6ee0df
6ee0df 
* Wed Aug 28 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0-2
6ee0df 
- Backport simplification of ccache management from 1.11.1
6ee0df 
- Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login
6ee0df
6ee0df 
* Wed Aug 28 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0-1
6ee0df 
- New upstream release 1.11.0
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0
6ee0df
6ee0df 
* Fri Aug 23 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0-0.4.beta2
6ee0df 
- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid:
6ee0df 
                      Process /usr/libexec/sssd/sssd_nss was killed by
6ee0df 
                      signal 11 (SIGSEGV)
6ee0df 
- Resolves: #996214 - sssd proxy_child segfault
6ee0df
6ee0df 
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.11.0-0.3.beta2
6ee0df 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
6ee0df
6ee0df 
* Wed Jul 31 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0.2beta2
6ee0df 
- Resolves: #906427 - Do not use %%{_lib} in specfile for the nss and
6ee0df 
                      pam libraries
6ee0df
6ee0df 
* Wed Jul 24 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0.1beta2
6ee0df 
- New upstream release 1.11 beta 2
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2
6ee0df
6ee0df 
* Thu Jul 18 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.1-1
6ee0df 
- New upstream release 1.10.1
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1
6ee0df
6ee0df 
* Mon Jul 08 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-17
6ee0df 
- sssd-tools should require sssd-common, not sssd
6ee0df
6ee0df 
* Tue Jul 02 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.10.0-16
6ee0df 
- Move sssd_pac to the sssd-ipa and sssd-ad subpackages
6ee0df 
- Trim out RHEL5-specific macros since we don't build on RHEL 5
6ee0df 
- Trim out macros for Fedora older than F18
6ee0df 
- Update libldb requirement to 1.1.16
6ee0df 
- Trim RPM changelog down to the last year
6ee0df
6ee0df 
* Tue Jul 02 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.10.0-15
6ee0df 
- Move sssd_pac to the sssd-krb5 subpackage
6ee0df
6ee0df 
* Mon Jul 01 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.10.0-14
6ee0df 
- Fix Obsoletes: to account for dist tag
6ee0df 
- Convert post and pre scripts to run on the sssd-common subpackage
6ee0df 
- Remove old conversion from SYSV
6ee0df
6ee0df 
* Thu Jun 27 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-13
6ee0df 
- New upstream release 1.10
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0
6ee0df
6ee0df 
* Mon Jun 17 2013 Dan Horák <dan[at]danny.cz> - 1.10.0-12.beta2
6ee0df 
- the cmocka toolkit exists only on selected arches
6ee0df
6ee0df 
* Sun Jun 16 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-11.beta2
6ee0df 
- Apply a number of patches from upstream to fix issues found post-beta,
6ee0df 
  in particular:
6ee0df 
  -- segfault with a high DEBUG level
6ee0df 
  -- Fix IPA password migration (upstream #1873)
6ee0df 
  -- Fix fail over when retrying SRV resolution (upstream #1886)
6ee0df
6ee0df 
* Thu Jun 13 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-10.beta2
6ee0df 
- Only BuildRequire libcmocka on Fedora
6ee0df
6ee0df 
* Thu Jun 13 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-9.beta2
6ee0df 
- Fix typo in Requires that prevented an upgrade (#973916)
6ee0df 
- Use a hardcoded version in Conflicts, not less-than-current
6ee0df
6ee0df 
* Wed Jun 12 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-8.beta1
6ee0df 
- Enable hardened build for RHEL7
6ee0df
6ee0df 
* Wed Jun 12 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-8.beta2
6ee0df 
- New upstream release 1.10 beta2
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2
6ee0df 
- BuildRequire libcmocka-devel in order to run all upstream tests during build
6ee0df 
- BuildRequire libnl3 instead of libnl1
6ee0df 
- No longer BuildRequire initscripts, we no longer use /sbin/service
6ee0df 
- Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any
6ee0df 
  older krb5-libs version
6ee0df
6ee0df 
* Fri May 24 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-7.beta1
6ee0df 
- Apply a couple of patches from upstream git that resolve crashes when
6ee0df 
  ID mapping object was not initialized properly but needed later
6ee0df
6ee0df 
* Tue May 14 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-6.beta1
6ee0df 
- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during
6ee0df 
                          realm join
6ee0df 
- Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by
6ee0df 
                          default for AD Provider
6ee0df 
- Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file
6ee0df 
                          parent directory when logging in
6ee0df
6ee0df 
* Tue May  7 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-5.beta1
6ee0df 
- BuildRequire recent libini_config to ensure consistent behaviour
6ee0df
6ee0df 
* Tue May  7 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-4.beta1
6ee0df 
- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug
6ee0df 
  in ding-libs
6ee0df 
- Fix SSH integration with fully-qualified domains
6ee0df 
- Add the ability to dynamically discover the NetBIOS name
6ee0df
6ee0df 
* Fri May  3 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-3.beta1
6ee0df 
- New upstream release 1.10 beta1
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1
6ee0df
6ee0df 
* Wed Apr 17 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-2.alpha1
6ee0df 
- Add a patch to fix krb5 ccache creation issue with krb5 1.11
6ee0df
6ee0df 
* Tue Apr  2 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-1.alpha1
6ee0df 
- New upstream release 1.10 alpha1
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1
6ee0df
6ee0df 
* Fri Mar 29 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.5-10
6ee0df 
- Add a patch to fix krb5 unit tests
6ee0df
6ee0df 
* Fri Mar 01 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.9.4-9
6ee0df 
- Split internal helper libraries into a shared object
6ee0df 
- Significantly reduce disk-space usage
6ee0df
6ee0df 
* Thu Feb 14 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-8
6ee0df 
- Fix the Kerberos password expiration warning (#912223)
6ee0df
6ee0df 
* Thu Feb 14 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-7
6ee0df 
- Do not write out dots in the domain-realm mapping file (#905650)
6ee0df
6ee0df 
* Mon Feb 11 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-6
6ee0df 
- Include upstream patch to build with krb5-1.11
6ee0df
6ee0df 
* Thu Feb 07 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-5
6ee0df 
- Rebuild against new libldb
6ee0df
6ee0df 
* Mon Feb 04 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-4
6ee0df 
- Fix build with new automake versions
6ee0df
6ee0df 
* Wed Jan 30 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-3
6ee0df 
- Recreate Kerberos ccache directory if it's missing
6ee0df 
- Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache
6ee0df 
                          directory /run/user/UID/ccdir does not exist
6ee0df
6ee0df 
* Tue Jan 29 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-2
6ee0df 
- Fix changelog dates to make F19 rpmbuild happy
6ee0df
6ee0df 
* Mon Jan 28 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-1
6ee0df 
- New upstream release 1.9.4
6ee0df
6ee0df 
* Thu Dec 06 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.3-1
6ee0df 
- New upstream release 1.9.3
6ee0df
6ee0df 
* Tue Oct 30 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-5
6ee0df 
- Resolve groups from AD correctly
6ee0df
6ee0df 
* Tue Oct 30 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-4
6ee0df 
- Check the validity of naming context
6ee0df
6ee0df 
* Thu Oct 18 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-3
6ee0df 
- Move the sss_cache tool to the main package
6ee0df
6ee0df 
* Sun Oct 14 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-2
6ee0df 
- Include the 1.9.2 tarball
6ee0df
6ee0df 
* Sun Oct 14 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-1
6ee0df 
- New upstream release 1.9.2
6ee0df
6ee0df 
* Sun Oct 07 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.1-1
6ee0df 
- New upstream release 1.9.1
6ee0df
6ee0df 
* Wed Oct 03 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-24
6ee0df 
- require the latest libldb
6ee0df
6ee0df 
* Tue Sep 25 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-24
6ee0df 
- Use mcpath insted of mcachepath macro to be consistent with
6ee0df 
  upsteam spec file
6ee0df
6ee0df 
* Tue Sep 25 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-23
6ee0df 
- New upstream release 1.9.0
6ee0df
6ee0df 
* Fri Sep 14 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-22.rc1
6ee0df 
- New upstream release 1.9.0 rc1
6ee0df
6ee0df 
* Thu Sep 06 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-21.beta7
6ee0df 
- New upstream release 1.9.0 beta7
6ee0df 
- obsoletes patches #1-#3
6ee0df
6ee0df 
* Mon Sep 03 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-20.beta6
6ee0df 
- Rebuild against libldb 1.12
6ee0df
6ee0df 
* Tue Aug 28 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-19.beta6
6ee0df 
- Rebuild against libldb 1.11
6ee0df
6ee0df 
* Fri Aug 24 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-18.beta6
6ee0df 
- Change the default ccache location to DIR:/run/user/${UID}/krb5cc
6ee0df 
  and patch man page accordingly
6ee0df 
- Resolves: rhbz#851304
6ee0df
6ee0df 
* Mon Aug 20 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-17.beta6
6ee0df 
- Rebuild against libldb 1.10
6ee0df
6ee0df 
* Fri Aug 17 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-16.beta6
6ee0df 
- Only create the SELinux login file if there are SELinux mappings on
6ee0df 
  the IPA server
6ee0df
6ee0df 
* Fri Aug 10 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-14.beta6
6ee0df 
- Don't discard HBAC rule processing result if SELinux is on
6ee0df 
  Resolves: rhbz#846792 (CVE-2012-3462)
6ee0df
6ee0df 
* Thu Aug 02 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-13.beta6
6ee0df 
- New upstream release 1.9.0 beta 6
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6
6ee0df 
- A new option, override_shell was added. If this option is set, all users
6ee0df 
  managed by SSSD will have their shell set to its value.
6ee0df 
- Fixes for the support for setting default SELinux user context from FreeIPA.
6ee0df 
- Fixed a regression introduced in beta 5 that broke LDAP SASL binds
6ee0df 
- The SSSD supports the concept of a Primary Server and a Back Up Server in
6ee0df 
  failover
6ee0df 
- A new command-line tool sss_seed is available to help prime the cache with
6ee0df 
  a user record when deploying a new machine
6ee0df 
- SSSD is now able to discover and save the domain-realm mappings
6ee0df 
  between an IPA server and a trusted Active Directory server.
6ee0df 
- Packaging changes to fix ldconfig usage in subpackages (#843995)
6ee0df 
- Rebuild against libldb 1.1.9
6ee0df
6ee0df 
* Fri Jul 27 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.9.0-13.beta5
6ee0df 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
6ee0df
6ee0df 
* Thu Jul 19 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-12.beta5
6ee0df 
- New upstream release 1.9.0 beta 5
6ee0df 
- Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5
6ee0df 
- Many fixes for the support for setting default SELinux user context from
6ee0df 
  FreeIPA, most notably fixed the specificity evaluation
6ee0df 
- Fixed an incorrect default in the krb5_canonicalize option of the AD
6ee0df 
  provider which was preventing password change operation
6ee0df 
- The shadowLastChange attribute value is now correctly updated with the
6ee0df 
  number of days since the Epoch, not seconds
6ee0df
6ee0df 
* Mon Jul 16 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-11.beta4
6ee0df 
- Fix broken ARM build
6ee0df 
- Add missing DP_OPTION_TERMINATOR in AD provider options
6ee0df
6ee0df 
* Wed Jul 11 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-10.beta4
6ee0df 
- Own several directories create during make install (#839782)
6ee0df
6ee0df 
* Wed Jul 11 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-9.beta4
6ee0df 
- New upstream release 1.9.0 beta 4
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4
6ee0df 
- Add a new AD provider to improve integration with Active Directory 2008 R2
6ee0df 
  or later servers
6ee0df 
- SUDO integration was completely rewritten. The new implementation works
6ee0df 
  with multiple domains and uses an improved refresh mechanism to download
6ee0df 
  only the necessary rules
6ee0df 
- The IPA authentication provider now supports subdomains
6ee0df 
- Fixed regression for setups that were setting default_tkt_enctypes
6ee0df 
  manually by reverting a previous workaround.
6ee0df
6ee0df 
* Mon Jun 25 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-8.beta3
6ee0df 
- New upstream release 1.9.0 beta 3
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3
6ee0df 
- Add a new PAC responder for dealing with cross-realm Kerberos trusts
6ee0df 
- Terminate idle connections to the NSS and PAM responders
6ee0df
6ee0df 
* Wed Jun 20 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-7.beta2
6ee0df 
- Switch unicode library from libunistring to Glib
6ee0df 
- Drop unnecessary explicit Requires on keyutils
6ee0df 
- Guarantee that versioned Requires include the correct architecture
6ee0df
6ee0df 
* Mon Jun 18 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-6.beta2
6ee0df 
- Fix accidental disabling of the DIR cache support
6ee0df
6ee0df 
* Fri Jun 15 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-5.beta2
6ee0df 
- New upstream release 1.9.0 beta 2
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2
6ee0df 
- Add support for the Kerberos DIR cache for storing multiple TGTs
6ee0df 
  automatically
6ee0df 
- Major performance enhancement when storing large groups in the cache
6ee0df 
- Major performance enhancement when performing initgroups() against Active
6ee0df 
  Directory
6ee0df 
- SSSDConfig data file default locations can now be set during configure for
6ee0df 
  easier packaging
6ee0df
6ee0df 
* Tue May 29 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-4.beta1
6ee0df 
- Fix regression in endianness patch
6ee0df
6ee0df 
* Tue May 29 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-3.beta1
6ee0df 
- Rebuild SSSD against ding-libs 0.3.0beta1
6ee0df 
- Fix endianness bug in service map protocol
6ee0df
6ee0df 
* Thu May 24 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-2.beta1
6ee0df 
- Fix several regressions since 1.5.x
6ee0df 
- Ensure that the RPM creates the /var/lib/sss/mc directory
6ee0df 
- Add support for Netscape password warning expiration control
6ee0df 
- Rebuild against libldb 1.1.6
6ee0df
6ee0df 
* Fri May 11 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-1.beta1
6ee0df 
- New upstream release 1.9.0 beta 1
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1
6ee0df 
- Add native support for autofs to the IPA provider
6ee0df 
- Support for ID-mapping when connecting to Active Directory
6ee0df 
- Support for handling very large (> 1500 users) groups in Active Directory
6ee0df 
- Support for sub-domains (will be used for dealing with trust relationships)
6ee0df 
- Add a new fast in-memory cache to speed up lookups of cached data on
6ee0df 
  repeated requests
6ee0df
6ee0df 
* Thu May 03 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.3-11
6ee0df 
- New upstream release 1.8.3
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3
6ee0df 
- Numerous manpage and translation updates
6ee0df 
- LDAP: Handle situations where the RootDSE isn't available anonymously
6ee0df 
- LDAP: Fix regression for users using non-standard LDAP attributes for user
6ee0df 
  information
6ee0df
6ee0df 
* Mon Apr 09 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.2-10
6ee0df 
- New upstream release 1.8.2
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2
6ee0df 
- Several fixes to case-insensitive domain functions
6ee0df 
- Fix for GSSAPI binds when the keytab contains unrelated principals
6ee0df 
- Fixed several segfaults
6ee0df 
- Workarounds added for LDAP servers with unreadable RootDSE
6ee0df 
- SSH knownhostproxy will no longer enter an infinite loop preventing login
6ee0df 
- The provided SYSV init script now starts SSSD earlier at startup and stops
6ee0df 
  it later during shutdown
6ee0df 
- Assorted minor fixes for issues discovered by static analysis tools
6ee0df
6ee0df 
* Mon Mar 26 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.1-9
6ee0df 
- Don't duplicate libsss_autofs.so in two packages
6ee0df 
- Set explicit package contents instead of globbing
6ee0df
6ee0df 
* Wed Mar 21 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.1-8
6ee0df 
- Fix uninitialized value bug causing crashes throughout the code
6ee0df 
- Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup
6ee0df
6ee0df 
* Mon Mar 12 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.1-7
6ee0df 
- New upstream release 1.8.1
6ee0df 
- Resolve issue where we could enter an infinite loop trying to connect to an
6ee0df 
  auth server
6ee0df 
- Fix serious issue with complex (3+ levels) nested groups
6ee0df 
- Fix netgroup support for case-insensitivity and aliases
6ee0df 
- Fix serious issue with lookup bundling resulting in requests never
6ee0df 
  completing
6ee0df 
- IPA provider will now check the value of nsAccountLock during pam_acct_mgmt
6ee0df 
  in addition to pam_authenticate
6ee0df 
- Fix several regressions in the proxy provider
6ee0df 
- Resolves: rhbz#743133 - Performance regression with Kerberos authentication
6ee0df 
                          against AD
6ee0df 
- Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work
6ee0df
6ee0df 
* Tue Feb 28 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-6
6ee0df 
- New upstream release 1.8.0
6ee0df 
- Support for the service map in NSS
6ee0df 
- Support for setting default SELinux user context from FreeIPA
6ee0df 
- Support for retrieving SSH user and host keys from LDAP (Experimental)
6ee0df 
- Support for caching autofs LDAP requests (Experimental)
6ee0df 
- Support for caching SUDO rules (Experimental)
6ee0df 
- Include the IPA AutoFS provider
6ee0df 
- Fixed several memory-corruption bugs
6ee0df 
- Fixed a regression in group enumeration since 1.7.0
6ee0df 
- Fixed a regression in the proxy provider
6ee0df 
- Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD
6ee0df 
- Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is
6ee0df 
                          logged at each login
6ee0df 
- Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process
6ee0df 
                          /usr/sbin/sssd was killed by signal 11 (SIGSEGV)
6ee0df 
- Resolves: rhbz#743133 - Performance regression with Kerberos authentication
6ee0df 
                          against AD
6ee0df 
- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for
6ee0df 
                          new LDAP features
6ee0df 
- Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc
6ee0df
6ee0df 
* Wed Feb 22 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-5.beta3
6ee0df 
- Change default kerberos credential cache location to /run/user/<username>
6ee0df
6ee0df 
* Wed Feb 15 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-4.beta3
6ee0df 
- New upstream release 1.8.0 beta 3
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3
6ee0df 
- Fixed a regression in group enumeration since 1.7.0
6ee0df 
- Fixed several memory-corruption bugs
6ee0df 
- Finalized the ABI for the autofs support
6ee0df 
- Fixed a regression in the proxy provider
6ee0df
6ee0df 
* Fri Feb 10 2012 Petr Pisar <ppisar@redhat.com> - 1.8.0-3.beta2
6ee0df 
- Rebuild against PCRE 8.30
6ee0df
6ee0df 
* Mon Feb 06 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-1.beta2
6ee0df 
- New upstream release
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2
6ee0df 
- Fix two minor manpage bugs
6ee0df 
- Include the IPA AutoFS provider
6ee0df
6ee0df 
* Mon Feb 06 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-1.beta1
6ee0df 
- New upstream release
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1
6ee0df 
- Support for the service map in NSS
6ee0df 
- Support for setting default SELinux user context from FreeIPA
6ee0df 
- Support for retrieving SSH user and host keys from LDAP (Experimental)
6ee0df 
- Support for caching autofs LDAP requests (Experimental)
6ee0df 
- Support for caching SUDO rules (Experimental)
6ee0df
6ee0df 
* Wed Feb 01 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.7.0-5
6ee0df 
- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for
6ee0df 
                          new LDAP features - fix netgroups and sudo as well
6ee0df
6ee0df 
* Wed Feb 01 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.7.0-4
6ee0df 
- Fixes a serious memory hierarchy bug causing unpredictable behavior in the
6ee0df 
  LDAP provider.
6ee0df
6ee0df 
* Wed Feb 01 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.7.0-3
6ee0df 
- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for
6ee0df 
                          new LDAP features
6ee0df
6ee0df 
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.7.0-2
6ee0df 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
6ee0df
6ee0df 
* Thu Dec 22 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.7.0-1
6ee0df 
- New upstream release 1.7.0
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0
6ee0df 
- Support for case-insensitive domains
6ee0df 
- Support for multiple search bases in the LDAP provider
6ee0df 
- Support for the native FreeIPA netgroup implementation
6ee0df 
- Reliability improvements to the process monitor
6ee0df 
- New DEBUG facility with more consistent log levels
6ee0df 
- New tool to change debug log levels without restarting SSSD
6ee0df 
- SSSD will now disconnect from LDAP server when idle
6ee0df 
- FreeIPA HBAC rules can choose to ignore srchost options for significant
6ee0df 
  performance gains
6ee0df 
- Assorted performance improvements in the LDAP provider
6ee0df
6ee0df 
* Mon Dec 19 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.4-1
6ee0df 
- New upstream release 1.6.4
6ee0df 
- Rolls up previous patches applied to the 1.6.3 tarball
6ee0df 
- Fixes a rare issue causing crashes in the failover logic
6ee0df 
- Fixes an issue where SSSD would return the wrong PAM error code for users
6ee0df 
  that it does not recognize.
6ee0df
6ee0df 
* Wed Dec 07 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.3-5
6ee0df 
- Rebuild against libldb 1.1.4
6ee0df
6ee0df 
* Tue Nov 29 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.3-4
6ee0df 
- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the
6ee0df 
                          username in getpwnam()
6ee0df 
- Resolves: rhbz#758425 - LDAP failover not working if server refuses
6ee0df 
                          connections
6ee0df
6ee0df 
* Thu Nov 24 2011 Jakub Hrozek <jhrozek@redhat.com> - 1.6.3-3
6ee0df 
- Rebuild for libldb 1.1.3
6ee0df
6ee0df 
* Thu Nov 10 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.3-2
6ee0df 
- Resolves: rhbz#752495 - Crash when apply settings
6ee0df
6ee0df 
* Fri Nov 04 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.3-1
6ee0df 
- New upstream release 1.6.3
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3
6ee0df 
- Fixes a major cache performance issue introduced in 1.6.2
6ee0df 
- Fixes a potential infinite-loop with certain LDAP layouts
6ee0df
6ee0df 
* Wed Oct 26 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.6.2-5
6ee0df 
- Rebuilt for glibc bug#747377
6ee0df
6ee0df 
* Sun Oct 23 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.2-4
6ee0df 
- Change selinux policy requirement to Conflicts: with the old version,
6ee0df 
  rather than Requires: the supported version.
6ee0df
6ee0df 
* Fri Oct 21 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.2-3
6ee0df 
- Add explicit requirement on selinux-policy version to address new SBUS
6ee0df 
  symlinks.
6ee0df
6ee0df 
* Wed Oct 19 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.2-2
6ee0df 
- Remove %%files reference to sss_debuglevel copied from wrong upstreeam
6ee0df 
  spec file.
6ee0df
6ee0df 
* Tue Oct 18 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.2-1
6ee0df 
- Improved handling of users and groups with multi-valued name attributes
6ee0df 
  (aliases)
6ee0df 
- Performance enhancements
6ee0df 
    Initgroups on RFC2307bis/FreeIPA
6ee0df 
    HBAC rule processing
6ee0df 
- Improved process-hang detection and restarting
6ee0df 
- Enabled the midpoint cache refresh by default (fewer cache misses on
6ee0df 
  commonly-used entries)
6ee0df 
- Cleaned up the example configuration
6ee0df 
- New tool to change debug level on the fly
6ee0df
6ee0df 
* Mon Aug 29 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.1-1
6ee0df 
- New upstream release 1.6.1
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1
6ee0df 
- Fixes a serious issue with LDAP connections when the communication is
6ee0df 
  dropped (e.g. VPN disconnection, waking from sleep)
6ee0df 
- SSSD is now less strict when dealing with users/groups with multiple names
6ee0df 
  when a definitive primary name cannot be determined
6ee0df 
- The LDAP provider will no longer attempt to canonicalize by default when
6ee0df 
  using SASL. An option to re-enable this has been provided.
6ee0df 
- Fixes for non-standard LDAP attribute names (e.g. those used by Active
6ee0df 
  Directory)
6ee0df 
- Three HBAC regressions have been fixed.
6ee0df 
- Fix for an infinite loop in the deref code
6ee0df
6ee0df 
* Wed Aug 03 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.0-2
6ee0df 
- Build with _hardened_build macro
6ee0df
6ee0df 
* Wed Aug 03 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.0-1
6ee0df 
- New upstream release 1.6.0
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0
6ee0df 
- Add host access control support for LDAP (similar to pam_host_attr)
6ee0df 
- Finer-grained control on principals used with Kerberos (such as for FAST or
6ee0df 
- validation)
6ee0df 
- Added a new tool sss_cache to allow selective expiring of cached entries
6ee0df 
- Added support for LDAP DEREF and ASQ controls
6ee0df 
- Added access control features for Novell Directory Server
6ee0df 
- FreeIPA dynamic DNS update now checks first to see if an update is needed
6ee0df 
- Complete rewrite of the HBAC library
6ee0df 
- New libraries: libipa_hbac and libipa_hbac-python
6ee0df
6ee0df 
* Tue Jul 05 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.11-2
6ee0df 
- New upstream release 1.5.11
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11
6ee0df 
- Fix a serious regression that prevented SSSD from working with ldaps:// URIs
6ee0df 
- IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6
6ee0df 
- address being saved to the AAAA record
6ee0df
6ee0df 
* Fri Jul 01 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.10-1
6ee0df 
- New upstream release 1.5.10
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10
6ee0df 
- Fixed a regression introduced in 1.5.9 that could result in blocking calls
6ee0df 
- to LDAP
6ee0df
6ee0df 
* Thu Jun 30 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.9-1
6ee0df 
- New upstream release 1.5.9
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9
6ee0df 
- Support for overriding home directory, shell and primary GID locally
6ee0df 
- Properly honor TTL values from SRV record lookups
6ee0df 
- Support non-POSIX groups in nested group chains (for RFC2307bis LDAP
6ee0df 
- servers)
6ee0df 
- Properly escape IPv6 addresses in the failover code
6ee0df 
- Do not crash if inotify fails (e.g. resource exhaustion)
6ee0df 
- Don't add multiple TGT renewal callbacks (too many log messages)
6ee0df
6ee0df 
* Fri May 27 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.8-1
6ee0df 
- New upstream release 1.5.8
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8
6ee0df 
- Support for the LDAP paging control
6ee0df 
- Support for multiple DNS servers for name resolution
6ee0df 
- Fixes for several group membership bugs
6ee0df 
- Fixes for rare crash bugs
6ee0df
6ee0df 
* Mon May 23 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.7-3
6ee0df 
- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d
6ee0df 
- Make sure to properly convert to systemd if upgrading from newer
6ee0df 
- updates for Fedora 14
6ee0df
6ee0df 
* Mon May 02 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.7-2
6ee0df 
- Fix segfault in TGT renewal
6ee0df
6ee0df 
* Fri Apr 29 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.7-1
6ee0df 
- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites
6ee0df 
-                         cached password with predicatable filename
6ee0df
6ee0df 
* Wed Apr 20 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.6.1-1
6ee0df 
- Re-add manpage translations
6ee0df
6ee0df 
* Wed Apr 20 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.6-1
6ee0df 
- New upstream release 1.5.6
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6
6ee0df 
- Fixed a serious memory leak in the memberOf plugin
6ee0df 
- Fixed a regression with the negative cache that caused it to be essentially
6ee0df 
- nonfunctional
6ee0df 
- Fixed an issue where the user's full name would sometimes be removed from
6ee0df 
- the cache
6ee0df 
- Fixed an issue with password changes in the kerberos provider not working
6ee0df 
- with kpasswd
6ee0df
6ee0df 
* Wed Apr 20 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.5-5
6ee0df 
- Resolves: rhbz#697057 - kpasswd fails when using sssd and
6ee0df 
-                         kadmin server != kdc server
6ee0df 
- Upgrades from SysV should now maintain enabled/disabled status
6ee0df
6ee0df 
* Mon Apr 18 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.5-4
6ee0df 
- Fix %%postun
6ee0df
6ee0df 
* Thu Apr 14 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.5-3
6ee0df 
- Fix systemd conversion. Upgrades from SysV to systemd weren't properly
6ee0df 
- enabling the systemd service.
6ee0df 
- Fix a serious memory leak in the memberOf plugin
6ee0df 
- Fix an issue where the user's full name would sometimes be removed
6ee0df 
- from the cache
6ee0df
6ee0df 
* Tue Apr 12 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.5-2
6ee0df 
- Install systemd unit file instead of sysv init script
6ee0df
6ee0df 
* Tue Apr 12 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.5-1
6ee0df 
- New upstream release 1.5.5
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5
6ee0df 
- Fixes for several crash bugs
6ee0df 
- LDAP group lookups will no longer abort if there is a zero-length member
6ee0df 
- attribute
6ee0df 
- Add automatic fallback to 'cn' if the 'gecos' attribute does not exist
6ee0df
6ee0df 
* Thu Mar 24 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.4-1
6ee0df 
- New upstream release 1.5.4
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4
6ee0df 
- Fixes for Active Directory when not all users and groups have POSIX attributes
6ee0df 
- Fixes for handling users and groups that have name aliases (aliases are ignored)
6ee0df 
- Fix group memberships after initgroups in the IPA provider
6ee0df
6ee0df 
* Thu Mar 17 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.3-2
6ee0df 
- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication
6ee0df
6ee0df 
* Fri Mar 11 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.3-1
6ee0df 
- New upstream release 1.5.3
6ee0df 
- Support for libldb >= 1.0.0
6ee0df
6ee0df 
* Thu Mar 10 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.2-1
6ee0df 
- New upstream release 1.5.2
6ee0df 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2
6ee0df 
- Fixes for support of FreeIPA v2
6ee0df 
- Fixes for failover if DNS entries change
6ee0df 
- Improved sss_obfuscate tool with better interactive mode
6ee0df 
- Fix several crash bugs
6ee0df 
- Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this
6ee0df 
- Delete users from the local cache if initgroups calls return 'no such user'
6ee0df 
- (previously only worked for getpwnam/getpwuid)
6ee0df 
- Use new Transifex.net translations
6ee0df 
- Better support for automatic TGT renewal (now survives restart)
6ee0df 
- Netgroup fixes
6ee0df
6ee0df 
* Sun Feb 27 2011 Simo Sorce <ssorce@redhat.com> - 1.5.1-9
6ee0df 
- Rebuild sssd against libldb 1.0.2 so the memberof module loads again.
6ee0df 
- Related: rhbz#677425
6ee0df
6ee0df 
* Mon Feb 21 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-8
6ee0df 
- Resolves: rhbz#677768 - name service caches names, so id command shows
6ee0df 
-                         recently deleted users
6ee0df
6ee0df 
* Fri Feb 11 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-7
6ee0df 
- Ensure that SSSD builds against libldb-1.0.0 on F15 and later
6ee0df 
- Remove .la for memberOf
6ee0df
6ee0df 
* Fri Feb 11 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-6
6ee0df 
- Fix memberOf install path
6ee0df
6ee0df 
* Fri Feb 11 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-5
6ee0df 
- Add support for libldb 1.0.0
6ee0df
6ee0df 
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.5.1-4
6ee0df 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
6ee0df
6ee0df 
* Tue Feb 01 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-3
6ee0df 
- Fix nested group member filter sanitization for RFC2307bis
6ee0df 
- Put translated tool manpages into the sssd-tools subpackage
6ee0df
6ee0df 
* Thu Jan 27 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-2
6ee0df 
- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during
6ee0df 
- rpmbuild
6ee0df
6ee0df 
* Thu Jan 27 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-1
6ee0df 
- New upstream release 1.5.1
6ee0df 
- Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins
6ee0df 
- Vast performance improvements when enumerate = true
6ee0df 
- All PAM actions will now perform a forced initgroups lookup instead of just
6ee0df 
- a user information lookup
6ee0df 
-   This guarantees that all group information is available to other
6ee0df 
-   providers, such as the simple provider.
6ee0df 
- For backwards-compatibility, DNS lookups will also fall back to trying the
6ee0df 
- SSSD domain name as a DNS discovery domain.
6ee0df 
- Support for more password expiration policies in LDAP
6ee0df 
-    389 Directory Server
6ee0df 
-    FreeIPA
6ee0df 
-    ActiveDirectory
6ee0df 
- Support for ldap_tls_{cert,key,cipher_suite} config options
6ee0df 
-Assorted bugfixes
6ee0df
6ee0df 
* Tue Jan 11 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.0-2
6ee0df 
- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins
6ee0df
6ee0df 
* Wed Dec 22 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.5.0-1
6ee0df 
- New upstream release 1.5.0
6ee0df 
- Fixed issues with LDAP search filters that needed to be escaped
6ee0df 
- Add Kerberos FAST support on platforms that support it
6ee0df 
- Reduced verbosity of PAM_TEXT_INFO messages for cached credentials
6ee0df 
- Added a Kerberos access provider to honor .k5login
6ee0df 
- Addressed several thread-safety issues in the sss_client code
6ee0df 
- Improved support for delayed online Kerberos auth
6ee0df 
- Significantly reduced time between connecting to the network/VPN and
6ee0df 
- acquiring a TGT
6ee0df 
- Added feature for automatic Kerberos ticket renewal
6ee0df 
- Provides the kerberos ticket for long-lived processes or cron jobs
6ee0df 
- even when the user logs out
6ee0df 
- Added several new features to the LDAP access provider
6ee0df 
- Support for 'shadow' access control
6ee0df 
- Support for authorizedService access control
6ee0df 
- Ability to mix-and-match LDAP access control features
6ee0df 
- Added an option for a separate password-change LDAP server for those
6ee0df 
- platforms where LDAP referrals are not supported
6ee0df 
- Added support for manpage translations
6ee0df
6ee0df
6ee0df 
* Thu Nov 18 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.1-3
6ee0df 
- Solve a shutdown race-condition that sometimes left processes running
6ee0df 
- Resolves: rhbz#606887 - SSSD stops on upgrade
6ee0df
6ee0df 
* Tue Nov 16 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.1-2
6ee0df 
- Log startup errors to the syslog
6ee0df 
- Allow cache cleanup to be disabled in sssd.conf
6ee0df
6ee0df 
* Mon Nov 01 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.1-1
6ee0df 
- New upstream release 1.4.1
6ee0df 
- Add support for netgroups to the proxy provider
6ee0df 
- Fixes a minor bug with UIDs/GIDs >= 2^31
6ee0df 
- Fixes a segfault in the kerberos provider
6ee0df 
- Fixes a segfault in the NSS responder if a data provider crashes
6ee0df 
- Correctly use sdap_netgroup_search_base
6ee0df
6ee0df 
* Mon Oct 18 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.0-2
6ee0df 
- Fix incorrect tarball URL
6ee0df
6ee0df 
* Mon Oct 18 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.0-1
6ee0df 
- New upstream release 1.4.0
6ee0df 
- Added support for netgroups to the LDAP provider
6ee0df 
- Performance improvements made to group processing of RFC2307 LDAP servers
6ee0df 
- Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin
6ee0df 
- Build-system improvements to support Gentoo
6ee0df 
- Split out several libraries into the ding-libs tarball
6ee0df 
- Manpage reviewed and updated
6ee0df
6ee0df 
* Mon Oct 04 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.3.0-35
6ee0df 
- Fix pre and post script requirements
6ee0df
6ee0df 
* Mon Oct 04 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.3.0-34
6ee0df 
- Resolves: rhbz#606887 - sssd stops on upgrade
6ee0df
6ee0df 
* Fri Oct 01 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.3.0-33
6ee0df 
- Resolves: rhbz#626205 - Unable to unlock screen
6ee0df
6ee0df 
* Tue Sep 28 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.3.0-32
6ee0df 
- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but
6ee0df 
-                         doesn't require it
6ee0df
6ee0df 
* Thu Sep 16 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.3.0-31
6ee0df 
- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib
6ee0df
6ee0df 
* Tue Aug 24 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.3.0-30
6ee0df 
- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate
6ee0df 
-                           against LDAP
6ee0df
6ee0df 
* Thu Jul 22 2010 David Malcolm <dmalcolm@redhat.com> - 1.2.91-21
6ee0df 
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
6ee0df
6ee0df 
* Fri Jul 09 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.91-20
6ee0df 
- New upstream version 1.2.91 (1.3.0rc1)
6ee0df 
- Improved LDAP failover
6ee0df 
- Synchronous sysdb API (provides performance enhancements)
6ee0df 
- Better online reconnection detection
6ee0df
6ee0df 
* Mon Jun 21 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-15
6ee0df 
- New stable upstream version 1.2.1
6ee0df 
- Resolves: rhbz#595529 - spec file should eschew %%define in favor of
6ee0df 
-                         %%global
6ee0df 
- Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service
6ee0df 
-                         to fail while restart.
6ee0df 
- Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel
6ee0df 
-                         keyring
6ee0df 
- Resolves: rhbz#599724 - sssd is broken on Rawhide
6ee0df
6ee0df 
* Mon May 24 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.0-12
6ee0df 
- New stable upstream version 1.2.0
6ee0df 
- Support ServiceGroups for FreeIPA v2 HBAC rules
6ee0df 
- Fix long-standing issue with auth_provider = proxy
6ee0df 
- Better logging for TLS issues in LDAP
6ee0df
6ee0df 
* Tue May 18 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.92-11
6ee0df 
- New LDAP access provider allows for filtering user access by LDAP attribute
6ee0df 
- Reduced default timeout for detecting offline status with LDAP
6ee0df 
- GSSAPI ticket lifetime made configurable
6ee0df 
- Better offline->online transition support in Kerberos
6ee0df
6ee0df 
* Fri May 07 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.91-10
6ee0df 
- Release new upstream version 1.1.91
6ee0df 
- Enhancements when using SSSD with FreeIPA v2
6ee0df 
- Support for deferred kinit
6ee0df 
- Support for DNS SRV records for failover
6ee0df
6ee0df 
* Fri Apr 02 2010 Simo Sorce <ssorce@redhat.com> - 1.1.1-3
6ee0df 
- Bump up release number to avoid library sub-packages version issues with
6ee0df 
  previous releases.
6ee0df
6ee0df 
* Thu Apr 01 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.1-1
6ee0df 
- New upstream release 1.1.1
6ee0df 
- Fixed the IPA provider (which was segfaulting at start)
6ee0df 
- Fixed a bug in the SSSDConfig API causing some options to revert to
6ee0df 
- their defaults
6ee0df 
- This impacted the Authconfig UI
6ee0df 
- Ensure that SASL binds to LDAP auto-retry when interrupted by a signal
6ee0df
6ee0df 
* Tue Mar 23 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.0-2
6ee0df 
- Release SSSD 1.1.0 final
6ee0df 
- Fix two potential segfaults
6ee0df 
- Fix memory leak in monitor
6ee0df 
- Better error message for unusable confdb
6ee0df
6ee0df 
* Wed Mar 17 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.0-1.pre20100317git0ea7f19
6ee0df 
- Release candidate for SSSD 1.1
6ee0df 
- Add simple access provider
6ee0df 
- Create subpackages for libcollection, libini_config, libdhash and librefarray
6ee0df 
- Support IPv6
6ee0df 
- Support LDAP referrals
6ee0df 
- Fix cache issues
6ee0df 
- Better feedback from PAM when offline
6ee0df
6ee0df 
* Wed Feb 24 2010 Stephen Gallagehr <sgallagh@redhat.com> - 1.0.5-2
6ee0df 
- Rebuild against new libtevent
6ee0df
6ee0df 
* Fri Feb 19 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.5-1
6ee0df 
- Fix licenses in sources and on RPMs
6ee0df
6ee0df 
* Mon Jan 25 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.4-1
6ee0df 
- Fix regression on 64-bit platforms
6ee0df
6ee0df 
* Fri Jan 22 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.3-1
6ee0df 
- Fixes link error on platforms that do not do implicit linking
6ee0df 
- Fixes double-free segfault in PAM
6ee0df 
- Fixes double-free error in async resolver
6ee0df 
- Fixes support for TCP-based DNS lookups in async resolver
6ee0df 
- Fixes memory alignment issues on ARM processors
6ee0df 
- Manpage fixes
6ee0df
6ee0df 
* Thu Jan 14 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.2-1
6ee0df 
- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online
6ee0df 
- Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests
6ee0df 
- Several segfault bugfixes
6ee0df
6ee0df 
* Mon Jan 11 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.1-1
6ee0df 
- Fix CVE-2010-0014
6ee0df
6ee0df 
* Mon Dec 21 2009 Stephen Gallagher <sgallagh@redhat.com> - 1.0.0-2
6ee0df 
- Patch SSSDConfig API to address
6ee0df 
- https://bugzilla.redhat.com/show_bug.cgi?id=549482
6ee0df
6ee0df 
* Fri Dec 18 2009 Stephen Gallagher <sgallagh@redhat.com> - 1.0.0-1
6ee0df 
- New upstream stable release 1.0.0
6ee0df
6ee0df 
* Fri Dec 11 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.99.1-1
6ee0df 
- New upstream bugfix release 0.99.1
6ee0df
6ee0df 
* Mon Nov 30 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.99.0-1
6ee0df 
- New upstream release 0.99.0
6ee0df
6ee0df 
* Tue Oct 27 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.7.1-1
6ee0df 
- Fix segfault in sssd_pam when cache_credentials was enabled
6ee0df 
- Update the sample configuration
6ee0df 
- Fix upgrade issues caused by data provider service removal
6ee0df
6ee0df 
* Mon Oct 26 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.7.0-2
6ee0df 
- Fix upgrade issues from old (pre-0.5.0) releases of SSSD
6ee0df
6ee0df 
* Fri Oct 23 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.7.0-1
6ee0df 
- New upstream release 0.7.0
6ee0df
6ee0df 
* Thu Oct 15 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.6.1-2
6ee0df 
- Fix missing file permissions for sssd-clients
6ee0df
6ee0df 
* Tue Oct 13 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.6.1-1
6ee0df 
- Add SSSDConfig API
6ee0df 
- Update polish translation for 0.6.0
6ee0df 
- Fix long timeout on ldap operation
6ee0df 
- Make dp requests more robust
6ee0df
6ee0df 
* Tue Sep 29 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.6.0-1
6ee0df 
- Ensure that the configuration upgrade script always writes the config
6ee0df 
  file with 0600 permissions
6ee0df 
- Eliminate an infinite loop in group enumerations
6ee0df
6ee0df 
* Mon Sep 28 2009 Sumit Bose <sbose@redhat.com> - 0.6.0-0
6ee0df 
- New upstream release 0.6.0
6ee0df
6ee0df 
* Mon Aug 24 2009 Simo Sorce <ssorce@redhat.com> - 0.5.0-0
6ee0df 
- New upstream release 0.5.0
6ee0df
6ee0df 
* Wed Jul 29 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.4.1-4
6ee0df 
- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in
6ee0df 
  without a password. (Patch by Stephen Gallagher)
6ee0df
6ee0df 
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4.1-3
6ee0df 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
6ee0df
6ee0df 
* Mon Jun 22 2009 Simo Sorce <ssorce@redhat.com> - 0.4.1-2
6ee0df 
- Fix a couple of segfaults that may happen on reload
6ee0df
6ee0df 
* Thu Jun 11 2009 Simo Sorce <ssorce@redhat.com> - 0.4.1-1
6ee0df 
- add missing configure check that broke stopping the daemon
6ee0df 
- also fix default config to add a missing required option
6ee0df
6ee0df 
* Mon Jun  8 2009 Simo Sorce <ssorce@redhat.com> - 0.4.1-0
6ee0df 
- latest upstream release.
6ee0df 
- also add a patch that fixes debugging output (potential segfault)
6ee0df
6ee0df 
* Mon Apr 20 2009 Simo Sorce <ssorce@redhat.com> - 0.3.2-2
6ee0df 
- release out of the official 0.3.2 tarball
6ee0df
6ee0df 
* Mon Apr 20 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.3.2-1
6ee0df 
- bugfix release 0.3.2
6ee0df 
- includes previous release patches
6ee0df 
- change permissions of the /etc/sssd/sssd.conf to 0600
6ee0df
6ee0df 
* Tue Apr 14 2009 Simo Sorce <ssorce@redhat.com> - 0.3.1-2
6ee0df 
- Add last minute bug fixes, found in testing the package
6ee0df
6ee0df 
* Mon Apr 13 2009 Simo Sorce <ssorce@redhat.com> - 0.3.1-1
6ee0df 
- Version 0.3.1
6ee0df 
- includes previous release patches
6ee0df
6ee0df 
* Mon Apr 13 2009 Simo Sorce <ssorce@redhat.com> - 0.3.0-2
6ee0df 
- Try to fix build adding automake as an explicit BuildRequire
6ee0df 
- Add also a couple of last minute patches from upstream
6ee0df
6ee0df 
* Mon Apr 13 2009 Simo Sorce <ssorce@redhat.com> - 0.3.0-1
6ee0df 
- Version 0.3.0
6ee0df 
- Provides file based configuration and lots of improvements
6ee0df
6ee0df 
* Tue Mar 10 2009 Simo Sorce <ssorce@redhat.com> - 0.2.1-1
6ee0df 
- Version 0.2.1
6ee0df
6ee0df 
* Tue Mar 10 2009 Simo Sorce <ssorce@redhat.com> - 0.2.0-1
6ee0df 
- Version 0.2.0
6ee0df
6ee0df 
* Sun Mar 08 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.1.0-5.20090309git691c9b3
6ee0df 
- package git snapshot
6ee0df
6ee0df 
* Fri Mar 06 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.1.0-4
6ee0df 
- fixed items found during review
6ee0df 
- added initscript
6ee0df
6ee0df 
* Thu Mar 05 2009 Sumit Bose <sbose@redhat.com> - 0.1.0-3
6ee0df 
- added sss_client
6ee0df
6ee0df 
* Mon Feb 23 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.1.0-2
6ee0df 
- Small cleanup and fixes in the spec file
6ee0df
6ee0df 
* Thu Feb 12 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.1.0-1
6ee0df 
- Initial release (based on version 0.1.0 upstream code)

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation