import authselect-1.2.5-1.el9

2022-11-15 01:53:41 -05:00 · 2022-11-15 01:53:41 -05:00 · 244df81de1
commit 244df81de1
parent 77518afb47
9 changed files with 115 additions and 341 deletions
--- a/.authselect.metadata
+++ b/.authselect.metadata
@ -1 +1 @@
-3f004c30e9f07c0dd259403f1cd9f13c5ec297ce SOURCES/authselect-1.2.3.tar.gz
+4eb7fbb53b31d92f0fae17d6fd5e5da46bc8b434 SOURCES/authselect-1.2.5.tar.gz
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/authselect-1.2.3.tar.gz
+SOURCES/authselect-1.2.5.tar.gz
--- a/SOURCES/0001-lib-avoid-freeing-uninitialized-variable-in-authsele.patch
+++ b/SOURCES/0001-lib-avoid-freeing-uninitialized-variable-in-authsele.patch
@ -1,31 +0,0 @@
 From 6924b8f8d82ecd32e897cf5f441e5c87f8816859 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
 Date: Thu, 22 Jul 2021 11:29:20 +0200
 Subject: [PATCH] lib: avoid freeing uninitialized variable in
 authselect_apply_changes()
 If authselect_profile() fails, we goto done and try to free uninitialized
 variable.
 Resolves:
 https://github.com/authselect/authselect/issues/265
 ---
 src/lib/authselect.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/src/lib/authselect.c b/src/lib/authselect.c
 index 0f43e12202c16769dfc6ac7dee41812159cc1d3a..a901e02719713bd13d5a4fab606ee713b3d6ddca 100644
 --- a/src/lib/authselect.c
 +++ b/src/lib/authselect.c
@@ -163,7 +163,7 @@ authselect_uninstall(void)
 _PUBLIC_ int
 authselect_apply_changes(void)
 {
 -    struct authselect_profile *profile;
 +    struct authselect_profile *profile = NULL;
     char **supported = NULL;
     char *profile_id;
     char **features;
 -- 
 2.31.1
--- a/SOURCES/0901-rhel9-remove-mention-of-Fedora-Change-page-in-compat.patch
+++ b/SOURCES/0901-rhel9-remove-mention-of-Fedora-Change-page-in-compat.patch
@ -1,7 +1,7 @@
-From 2e2a7143cbfa719905cb130a5e67313c65bf3b65 Mon Sep 17 00:00:00 2001
+From c3c2c3b7ffe04dc2e810c9fffdd82689543a94df Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
 Date: Tue, 30 Oct 2018 14:08:12 +0100
-Subject: [PATCH 1/3] rhel9: remove mention of Fedora Change page in compat
+Subject: [PATCH 1/4] rhel9: remove mention of Fedora Change page in compat
 tool
 ---
@ -9,10 +9,10 @@ Subject: [PATCH 1/3] rhel9: remove mention of Fedora Change page in compat
 1 file changed, 1 deletion(-)
 diff --git a/src/compat/authcompat.py.in.in b/src/compat/authcompat.py.in.in
-index f879e08eb94e9620dfc28f245b0ea5815df7e4f2..e4b8c05c6a11a215529ba66f8b36b72a6ac18448 100755
+index 1a68d95c71b51beabe80e9b07c084ea9c2f3580d..8334293911d1d4c2d98a6d233b91fc348cf06575 100755
 --- a/src/compat/authcompat.py.in.in
 +++ b/src/compat/authcompat.py.in.in
-@@ -468,7 +468,6 @@ class AuthCompat:
+@@ -471,7 +471,6 @@ class AuthCompat:
                 "It does not provide all capabilities of authconfig.\n"))
         print(_("IMPORTANT: authconfig is replaced by authselect, "
                 "please update your scripts."))
@ -21,5 +21,5 @@ index f879e08eb94e9620dfc28f245b0ea5815df7e4f2..e4b8c05c6a11a215529ba66f8b36b72a
         options = self.options.getSetButUnsupported()
 -- 
-2.29.2
+2.34.1
--- a/SOURCES/0902-rhel9-remove-ecryptfs-support.patch
+++ b/SOURCES/0902-rhel9-remove-ecryptfs-support.patch
@ -1,7 +1,7 @@
-From 6de7d2e033d67f23b33620a2b80f5a6c106bd6f5 Mon Sep 17 00:00:00 2001
+From 9da7355f1e2c8a148d4730fec4c4707c56e6dfa1 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
 Date: Mon, 10 Jun 2019 10:53:15 +0200
-Subject: [PATCH 2/3] rhel9: remove ecryptfs support
+Subject: [PATCH 2/4] rhel9: remove ecryptfs support
 ---
 profiles/nis/README                 | 3 ---
@ -26,7 +26,7 @@ Subject: [PATCH 2/3] rhel9: remove ecryptfs support
 19 files changed, 3 insertions(+), 36 deletions(-)
 diff --git a/profiles/nis/README b/profiles/nis/README
-index 5dbb9b49fb7708ef3b073aff7e1883e3f9a0bd06..cac3428bf844b0a9d251015988583f4c1b15c3c9 100644
+index 895e8fa8650c04d41bf8bc8d6e3cda18db9bf814..71e23d61a8c1ea773c98524256a5eaad5a75d197 100644
 --- a/profiles/nis/README
 +++ b/profiles/nis/README
@@ -21,9 +21,6 @@ with-mkhomedir::
@ -40,10 +40,10 @@ index 5dbb9b49fb7708ef3b073aff7e1883e3f9a0bd06..cac3428bf844b0a9d251015988583f4c
     Enable authentication with fingerprint reader through *pam_fprintd*.
 diff --git a/profiles/nis/fingerprint-auth b/profiles/nis/fingerprint-auth
-index 756993cf1b2095f505208df19dd739dcaed1af31..eebec6d0d6edeae6a3eb224f0ff284016b0fc642 100644
+index 3a2609df4ca29cdfcbff84b37576bb7b840d72b2..0b2f583a2fcf164647f7de387e9be2982bdf36cb 100644
 --- a/profiles/nis/fingerprint-auth
 +++ b/profiles/nis/fingerprint-auth
-@@ -13,7 +13,6 @@ password    required                                     pam_deny.so
+@@ -15,7 +15,6 @@ password    required                                     pam_deny.so
 session     optional                                     pam_keyinit.so revoke
 session     required                                     pam_limits.so
@ -52,10 +52,10 @@ index 756993cf1b2095f505208df19dd739dcaed1af31..eebec6d0d6edeae6a3eb224f0ff28401
 session     optional                                     pam_oddjob_mkhomedir.so                               {include if "with-mkhomedir"}
 session     [success=1 default=ignore]                   pam_succeed_if.so service in crond quiet use_uid
 diff --git a/profiles/nis/password-auth b/profiles/nis/password-auth
-index 7997ea8de61ad6392ed01c39727f70253b5cc0ca..9a8ae9cde644a4ac981f4b9553af2f0f428bfebb 100644
+index f181a58ab7792c7e1a4234e677cbb7e3d0a6548d..79fb521eb5dff4978203166491b185887d1ec744 100644
 --- a/profiles/nis/password-auth
 +++ b/profiles/nis/password-auth
-@@ -17,7 +17,6 @@ password    required                                     pam_deny.so
+@@ -18,7 +18,6 @@ password    required                                     pam_deny.so
 session     optional                                     pam_keyinit.so revoke
 session     required                                     pam_limits.so
@ -76,10 +76,10 @@ index 137cd00dc65ee9ea83123f1d3a6f7ba04f0aea04..04a11f049bc1e220c9064fba7b46eb24
 session     [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet
 session     [default=1]                pam_lastlog.so nowtmp {if "with-silent-lastlog":silent|showfailed}
 diff --git a/profiles/nis/system-auth b/profiles/nis/system-auth
-index 057b31e074f29c46b492fa310a954e281631800e..2e7462983d35e4a2f5cef8151ed53baaf7e5c790 100644
+index bc3f402435aafb5294dbae94096b184af51cf914..38c10c1afcf936c1d24d8edef941ae849d1186fc 100644
 --- a/profiles/nis/system-auth
 +++ b/profiles/nis/system-auth
-@@ -18,7 +18,6 @@ password    required                                     pam_deny.so
+@@ -19,7 +19,6 @@ password    required                                     pam_deny.so
 session     optional                                     pam_keyinit.so revoke
 session     required                                     pam_limits.so
@ -88,7 +88,7 @@ index 057b31e074f29c46b492fa310a954e281631800e..2e7462983d35e4a2f5cef8151ed53baa
 session     optional                                     pam_oddjob_mkhomedir.so                               {include if "with-mkhomedir"}
 session     [success=1 default=ignore]                   pam_succeed_if.so service in crond quiet use_uid
 diff --git a/profiles/sssd/README b/profiles/sssd/README
-index 95ef5dc785ed0530122837b5e08d03590ed1ada5..ac063e8d065d0488279dc2381bdd7f8ac361bfcb 100644
+index 61d5aedf65b2351cf23cea0a6b6b0932e32f0e48..ab9af237442089ded86b63942dd856397108ccf0 100644
 --- a/profiles/sssd/README
 +++ b/profiles/sssd/README
@@ -40,9 +40,6 @@ with-mkhomedir::
@ -102,10 +102,10 @@ index 95ef5dc785ed0530122837b5e08d03590ed1ada5..ac063e8d065d0488279dc2381bdd7f8a
     Enable authentication with smartcards through SSSD. Please note that
     smartcard support must be also explicitly enabled within
 diff --git a/profiles/sssd/fingerprint-auth b/profiles/sssd/fingerprint-auth
-index fe3cac7a976845017d034ac1158a38f889926ce8..ad0a95440ebd006ff88264177598c77afc472dda 100644
+index 20ad3613e66ec85c7d2462d0449854e522383b3a..dc7befe7a4839a1ae5a4d21f4e5232126df55564 100644
 --- a/profiles/sssd/fingerprint-auth
 +++ b/profiles/sssd/fingerprint-auth
-@@ -18,7 +18,6 @@ password    required                                     pam_deny.so
+@@ -20,7 +20,6 @@ password    required                                     pam_deny.so
 session     optional                                     pam_keyinit.so revoke
 session     required                                     pam_limits.so
@ -114,10 +114,10 @@ index fe3cac7a976845017d034ac1158a38f889926ce8..ad0a95440ebd006ff88264177598c77a
 session     optional                                     pam_oddjob_mkhomedir.so                               {include if "with-mkhomedir"}
 session     [success=1 default=ignore]                   pam_succeed_if.so service in crond quiet use_uid
 diff --git a/profiles/sssd/password-auth b/profiles/sssd/password-auth
-index d6953428cca7d6518f63c3fdbaabc4746c35f91b..6d87cbe0a805bf5d3ab2a6192d570b9e5c6dc143 100644
+index 3e33dcc09f68055f2f87709e638005929bd577b3..858c6db357d07dc554806f4807f9b0858a649f44 100644
 --- a/profiles/sssd/password-auth
 +++ b/profiles/sssd/password-auth
-@@ -27,7 +27,6 @@ password    required                                     pam_deny.so
+@@ -28,7 +28,6 @@ password    required                                     pam_deny.so
 session     optional                                     pam_keyinit.so revoke
 session     required                                     pam_limits.so
@ -138,10 +138,10 @@ index 137cd00dc65ee9ea83123f1d3a6f7ba04f0aea04..04a11f049bc1e220c9064fba7b46eb24
 session     [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet
 session     [default=1]                pam_lastlog.so nowtmp {if "with-silent-lastlog":silent|showfailed}
 diff --git a/profiles/sssd/smartcard-auth b/profiles/sssd/smartcard-auth
-index 230269c42508a50ad5b4677ab6514b9afe4d5fbf..874ffaca1b2c15c81adc4ca130c15834154bdc0e 100644
+index 0d8bcab250633b09bce0232a5747f3a7e740d5d7..754847f2d8885ff35cbc57ec2364d82b963caa3b 100644
 --- a/profiles/sssd/smartcard-auth
 +++ b/profiles/sssd/smartcard-auth
-@@ -16,7 +16,6 @@ account     required                                     pam_permit.so
+@@ -18,7 +18,6 @@ account     required                                     pam_permit.so
 session     optional                                     pam_keyinit.so revoke
 session     required                                     pam_limits.so
@ -150,10 +150,10 @@ index 230269c42508a50ad5b4677ab6514b9afe4d5fbf..874ffaca1b2c15c81adc4ca130c15834
 session     optional                                     pam_oddjob_mkhomedir.so                                {include if "with-mkhomedir"}
 session     [success=1 default=ignore]                   pam_succeed_if.so service in crond quiet use_uid
 diff --git a/profiles/sssd/system-auth b/profiles/sssd/system-auth
-index 6f914ea91eb7782d60959ced56112f9cc1365347..dfc53b4ce55a0d575dc4fe68004a846f43360ccc 100644
+index a43341120f55bad3fb07dfea1c04453d0a278329..88c49e2dd5b60847d1d19154622a8614a21e5e1f 100644
 --- a/profiles/sssd/system-auth
 +++ b/profiles/sssd/system-auth
-@@ -32,7 +32,6 @@ password    required                                     pam_deny.so
+@@ -35,7 +35,6 @@ password    required                                     pam_deny.so
 session     optional                                     pam_keyinit.so revoke
 session     required                                     pam_limits.so
@ -162,7 +162,7 @@ index 6f914ea91eb7782d60959ced56112f9cc1365347..dfc53b4ce55a0d575dc4fe68004a846f
 session     optional                                     pam_oddjob_mkhomedir.so                               {include if "with-mkhomedir"}
 session     [success=1 default=ignore]                   pam_succeed_if.so service in crond quiet use_uid
 diff --git a/profiles/winbind/README b/profiles/winbind/README
-index 40a1a459355d2ee8ab98e31d2868cb24261e2c17..0e80bb697f8050ac8eb3c78d4f41945b9bcbba29 100644
+index 0048c29256f5d4064edfb84a2f4b761fd09e90f6..6f7a7cab1efc768c4c82791d6a8f00def1771d37 100644
 --- a/profiles/winbind/README
 +++ b/profiles/winbind/README
@@ -33,9 +33,6 @@ with-mkhomedir::
@ -176,10 +176,10 @@ index 40a1a459355d2ee8ab98e31d2868cb24261e2c17..0e80bb697f8050ac8eb3c78d4f41945b
     Enable authentication with fingerprint reader through *pam_fprintd*.
 diff --git a/profiles/winbind/fingerprint-auth b/profiles/winbind/fingerprint-auth
-index c4b8261ca45d4f6b9eda03ea96850bb32d605d30..6262549af2ca8aed540e7a7e1d97e0ba3b2ef088 100644
+index e8997c6c78ce7305fa7068fb169c05c68167880d..c5485ab848989a252e4ff4b1376a41202d21fd67 100644
 --- a/profiles/winbind/fingerprint-auth
 +++ b/profiles/winbind/fingerprint-auth
-@@ -17,7 +17,6 @@ password    required                                     pam_deny.so
+@@ -19,7 +19,6 @@ password    required                                     pam_deny.so
 session     optional                                     pam_keyinit.so revoke
 session     required                                     pam_limits.so
@ -188,10 +188,10 @@ index c4b8261ca45d4f6b9eda03ea96850bb32d605d30..6262549af2ca8aed540e7a7e1d97e0ba
 session     optional                                     pam_oddjob_mkhomedir.so                               {include if "with-mkhomedir"}
 session     [success=1 default=ignore]                   pam_succeed_if.so service in crond quiet use_uid
 diff --git a/profiles/winbind/password-auth b/profiles/winbind/password-auth
-index bbeca057d49102889e3eeee040ea256dbd751eef..aef4d5ce6a6ec9496deabc1010cde0370a3ecba7 100644
+index 58705f3b15165c8d8bd4938889e3fb4d89c1a528..e84e2fcbb2bad9af6156e6e6db23f089f2b5d210 100644
 --- a/profiles/winbind/password-auth
 +++ b/profiles/winbind/password-auth
-@@ -24,7 +24,6 @@ password    required                                     pam_deny.so
+@@ -25,7 +25,6 @@ password    required                                     pam_deny.so
 session     optional                                     pam_keyinit.so revoke
 session     required                                     pam_limits.so
@ -212,10 +212,10 @@ index 137cd00dc65ee9ea83123f1d3a6f7ba04f0aea04..04a11f049bc1e220c9064fba7b46eb24
 session     [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet
 session     [default=1]                pam_lastlog.so nowtmp {if "with-silent-lastlog":silent|showfailed}
 diff --git a/profiles/winbind/system-auth b/profiles/winbind/system-auth
-index 8e6026b782f8bd7e64632a9acedf304bd95f29e1..e4bdd0bf1c315c86cc8064625b80161baa5c455f 100644
+index 994c342441a0ed2738765a9fa7f6cc84f692d1d8..b5c5cfaa964a31b1cd8ac4cb62998c0a0a53a03e 100644
 --- a/profiles/winbind/system-auth
 +++ b/profiles/winbind/system-auth
-@@ -25,7 +25,6 @@ password    required                                     pam_deny.so
+@@ -26,7 +26,6 @@ password    required                                     pam_deny.so
 session     optional                                     pam_keyinit.so revoke
 session     required                                     pam_limits.so
@ -224,39 +224,39 @@ index 8e6026b782f8bd7e64632a9acedf304bd95f29e1..e4bdd0bf1c315c86cc8064625b80161b
 session     optional                                     pam_oddjob_mkhomedir.so                               {include if "with-mkhomedir"}
 session     [success=1 default=ignore]                   pam_succeed_if.so service in crond quiet use_uid
 diff --git a/src/compat/authcompat.py.in.in b/src/compat/authcompat.py.in.in
-index e4b8c05c6a11a215529ba66f8b36b72a6ac18448..4e39b7ec66d0e2ba911c7280467ba78fd29c196c 100755
+index 8334293911d1d4c2d98a6d233b91fc348cf06575..55e205bae2c0b1f7892f8b286c288dfeaa26a60d 100755
 --- a/src/compat/authcompat.py.in.in
 +++ b/src/compat/authcompat.py.in.in
-@@ -520,7 +520,6 @@ class AuthCompat:
+@@ -523,7 +523,6 @@ class AuthCompat:
-             'smartcard'        : 'with-smartcard',
+             'smartcard': 'with-smartcard',
-             'requiresmartcard' : 'with-smartcard-required',
+             'requiresmartcard': 'with-smartcard-required',
-             'fingerprint'      : 'with-fingerprint',
+             'fingerprint': 'with-fingerprint',
-            'ecryptfs'         : 'with-ecryptfs',
+-            'ecryptfs': 'with-ecryptfs',
-             'mkhomedir'        : 'with-mkhomedir',
+             'mkhomedir': 'with-mkhomedir',
-             'faillock'         : 'with-faillock',
+             'faillock': 'with-faillock',
-             'pamaccess'        : 'with-pamaccess',
+             'pamaccess': 'with-pamaccess',
 diff --git a/src/compat/authcompat_Options.py b/src/compat/authcompat_Options.py
-index c8f52ab6773c4cd5371f32121dba8053f3443261..433a3340bac29739174e78928701214c08ec6f3c 100644
+index d26dedabdfb9519861076b58cddd0dd0eb04b7cb..5c8b21b55014198d6d9dfc98bd807c3c922b06f4 100644
 --- a/src/compat/authcompat_Options.py
 +++ b/src/compat/authcompat_Options.py
@@ -93,7 +93,6 @@ class Options:
-         Option.Valued ("smartcardaction", _("<0=Lock|1=Ignore>"), _("action to be taken on smart card removal")),
+         Option.Valued("smartcardaction", _("<0=Lock|1=Ignore>"), _("action to be taken on smart card removal")),
-         Option.Feature("requiresmartcard",_("require smart card for authentication by default")),
+         Option.Feature("requiresmartcard", _("require smart card for authentication by default")),
         Option.Feature("fingerprint", _("authentication with fingerprint readers by default")),
 -        Option.Feature("ecryptfs", _("automatic per-user ecryptfs")),
         Option.Feature("krb5", _("Kerberos authentication by default")),
-         Option.Valued ("krb5kdc",         _("<server>"), _("default Kerberos KDC")),
+         Option.Valued("krb5kdc", _("<server>"), _("default Kerberos KDC")),
-         Option.Valued ("krb5adminserver", _("<server>"), _("default Kerberos admin server")),
+         Option.Valued("krb5adminserver", _("<server>"), _("default Kerberos admin server")),
@@ -141,6 +140,7 @@ class Options:
         # layers and will produce warning when used. They will not affect
         # the system.
         Option.UnsupportedFeature("cache"),
 +        Option.UnsupportedFeature("ecryptfs"),
         Option.UnsupportedFeature("shadow"),
-         Option.UnsupportedSwitch ("useshadow"),
+         Option.UnsupportedSwitch("useshadow"),
         Option.UnsupportedFeature("md5"),
 diff --git a/src/man/authselect-migration.7.adoc b/src/man/authselect-migration.7.adoc
-index 35ba484d576ab8a3d923a124f6b1577085deedd4..a27af036738274d8d392f7fe1f7d59c89e9c4ffb 100644
+index 3513a7e7cd3d7cc0045167e8224248c5be90ab2c..888cd4e5a0750d4e1aa5898887f5f7fd42472741 100644
 --- a/src/man/authselect-migration.7.adoc
 +++ b/src/man/authselect-migration.7.adoc
@@ -80,7 +80,6 @@ configuration file for required services.
@ -267,7 +267,7 @@ index 35ba484d576ab8a3d923a124f6b1577085deedd4..a27af036738274d8d392f7fe1f7d59c8
 |--enablemkhomedir    |with-mkhomedir
 |--enablefaillock     |with-faillock
 |--enablepamaccess    |with-pamaccess
-@@ -95,8 +94,8 @@ authselect select sssd with-faillock
+@@ -103,8 +102,8 @@ authselect select sssd with-faillock
 authconfig --enablesssd --enablesssdauth --enablesmartcard --smartcardmodule=sssd --updateall
 authselect select sssd with-smartcard
@ -279,5 +279,5 @@ index 35ba484d576ab8a3d923a124f6b1577085deedd4..a27af036738274d8d392f7fe1f7d59c8
 authconfig --enablewinbind --enablewinbindauth --winbindjoin=Administrator --updateall
 realm join -U Administrator --client-software=winbind WINBINDDOMAIN
 -- 
-2.29.2
+2.34.1
--- a/SOURCES/0903-rhel9-Revert-profiles-add-support-for-resolved.patch
+++ b/SOURCES/0903-rhel9-Revert-profiles-add-support-for-resolved.patch
@ -1,11 +1,9 @@
-From 259e4e50a97a5196436e3d7ed42d2ecf0be3203f Mon Sep 17 00:00:00 2001
+From 6381b49e90b3850fade68c8af03b17d0cc016d3c Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Mon, 31 May 2021 15:42:49 +0200
+Date: Wed, 25 Nov 2020 14:05:00 +0100
-Subject: [PATCH] rhel9: remove support for for resolved
+Subject: [PATCH 3/4] rhel9: Revert "profiles: add support for resolved"
-systemd-resolved is an experimental feature at this point and it
+systemd-resolved should not be enabled by default on rhel8.
 should not be enabled by default. Steps to switch this feature on
 will be documented in RHEL guide.
 This reverts commit c5294c508a940291440eb32d5d750f33baf1ae54.
 ---
@ -40,5 +38,5 @@ index 50a3ffb7431a91b88b4bfef4c09df19310fac7e7..9bee7d839f84ff39d54cb6ead9dea38e
 netgroup:   files nis                   {exclude if "with-custom-netgroup"}
 networks:   files nis                   {exclude if "with-custom-networks"}
 -- 
-2.31.1
+2.34.1
--- a/SOURCES/0904-rhel9-remove-nis-support.patch
+++ b/SOURCES/0904-rhel9-remove-nis-support.patch
@ -1,34 +1,30 @@
-From 7236f7a303215805de7195a8fdef7567543e8b0b Mon Sep 17 00:00:00 2001
+From fde1c60f1e87383596ee7060f4d748675b2efae9 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
 Date: Wed, 9 Jun 2021 13:59:01 +0200
-Subject: [PATCH] rhel9: remove nis support
+Subject: [PATCH 4/4] rhel9: remove nis support
 NIS is no longer supported in RHEL9.
 ---
- profiles/Makefile.am                |  13 ----
+ profiles/Makefile.am                | 14 -----
 profiles/nis/README                 | 111 ----------------------------
 profiles/nis/REQUIREMENTS           |  13 ----
 profiles/nis/dconf-db               |  3 -
 profiles/nis/dconf-locks            |  2 -
- profiles/nis/nsswitch.conf          |  14 ----
+ profiles/nis/nsswitch.conf          | 14 -----
- profiles/nis/postlogin              |   4 -
+ profiles/nis/postlogin              |  4 --
- rpm/authselect.spec.in              |  10 ---
+ rpm/authselect.spec.in              | 11 ----
- src/compat/authcompat.py.in.in      |  95 ------------------------
+ src/compat/authcompat.py.in.in      | 95 -----------------------------
- src/compat/authcompat_Options.py    |   8 +-
+ src/compat/authcompat_Options.py    |  8 ++-
 src/man/authselect-migration.7.adoc |  2 +-
- 11 files changed, 6 insertions(+), 269 deletions(-)
+ 9 files changed, 6 insertions(+), 147 deletions(-)
 delete mode 100644 profiles/nis/README
 delete mode 100644 profiles/nis/REQUIREMENTS
 delete mode 100644 profiles/nis/dconf-db
 delete mode 100644 profiles/nis/dconf-locks
 delete mode 100644 profiles/nis/nsswitch.conf
 delete mode 100644 profiles/nis/postlogin
 diff --git a/profiles/Makefile.am b/profiles/Makefile.am
-index 95e27147b2b0a229a76a293884d605484d3fa841..c658521de01130f19f669fe0a6cb86c11043a406 100644
+index 7191b2604ca2c9ebaba3a4f1beb950e7d0e03970..4ab613f42a581df02c427636a0070092b58ec418 100644
 --- a/profiles/Makefile.am
 +++ b/profiles/Makefile.am
-@@ -13,19 +13,6 @@ dist_profile_minimal_DATA = \
+@@ -15,20 +15,6 @@ dist_profile_minimal_DATA = \
     $(top_srcdir)/profiles/minimal/dconf-locks \
     $(NULL)
@ -39,6 +35,7 @@ index 95e27147b2b0a229a76a293884d605484d3fa841..c658521de01130f19f669fe0a6cb86c1
 -    $(top_srcdir)/profiles/nis/postlogin \
 -    $(top_srcdir)/profiles/nis/README \
 -    $(top_srcdir)/profiles/nis/REQUIREMENTS \
 -    $(top_srcdir)/profiles/nis/smartcard-auth \
 -    $(top_srcdir)/profiles/nis/system-auth \
 -    $(top_srcdir)/profiles/nis/fingerprint-auth \
 -    $(top_srcdir)/profiles/nis/dconf-db \
@ -48,142 +45,6 @@ index 95e27147b2b0a229a76a293884d605484d3fa841..c658521de01130f19f669fe0a6cb86c1
 profile_sssddir = $(authselect_profile_dir)/sssd
 dist_profile_sssd_DATA = \
     $(top_srcdir)/profiles/sssd/nsswitch.conf \
 diff --git a/profiles/nis/README b/profiles/nis/README
 deleted file mode 100644
 index cac3428bf844b0a9d251015988583f4c1b15c3c9..0000000000000000000000000000000000000000
 --- a/profiles/nis/README
 +++ /dev/null
@@ -1,111 +0,0 @@
 -Enable NIS for system authentication
 -====================================
 -
 -Selecting this profile will enable Network Information Services as the source
 -of identity and authentication providers.
 -
 -NIS CONFIGURATION
 ------------------
 -
 -Authselect does not touch NIS configuration. Please, read NIS' documentation
 -to see how to configure it manually.
 -
 -AVAILABLE OPTIONAL FEATURES
 ----------------------------
 -
 -with-faillock::
 -    Enable account locking in case of too many consecutive
 -    authentication failures.
 -
 -with-mkhomedir::
 -    Enable automatic creation of home directories for users on their
 -    first login.
 -
 -with-fingerprint::
 -    Enable authentication with fingerprint reader through *pam_fprintd*.
 -
 -with-pam-u2f::
 -    Enable authentication via u2f dongle through *pam_u2f*.
 -
 -with-pam-u2f-2fa::
 -    Enable 2nd factor authentication via u2f dongle through *pam_u2f*.
 -
 -without-pam-u2f-nouserok::
 -    Module argument nouserok is omitted if also with-pam-u2f-2fa is used.
 -    *WARNING*: Omitting nouserok argument means that users without pam-u2f
 -    authentication configured will not be able to log in *INCLUDING* root.
 -    Make sure you are able to log in before losing root privileges.
 -
 -with-silent-lastlog::
 -    Do not produce pam_lastlog message during login.
 -
 -with-pamaccess::
 -    Check access.conf during account authorization.
 -
 -with-nispwquality::
 -    If this option is set pam_pwquality module will check password quality
 -    for NIS users as well as local users during password change. Without this
 -    option only local users passwords are checked.
 -
 -without-nullok::
 -    Do not add nullok parameter to pam_unix.
 -
 -DISABLE SPECIFIC NSSWITCH DATABASES
 ------------------------------------
 -
 -Normally, nsswitch databases set by the profile overwrites values set in
 -user-nsswitch.conf. The following options can force authselect to
 -ignore value set by the profile and use the one set in user-nsswitch.conf
 -instead.
 -
 -with-custom-aliases::
 -Ignore "aliases" map set by the profile.
 -
 -with-custom-automount::
 -Ignore "automount" map set by the profile.
 -
 -with-custom-ethers::
 -Ignore "ethers" map set by the profile.
 -
 -with-custom-group::
 -Ignore "group" map set by the profile.
 -
 -with-custom-hosts::
 -Ignore "hosts" map set by the profile.
 -
 -with-custom-initgroups::
 -Ignore "initgroups" map set by the profile.
 -
 -with-custom-netgroup::
 -Ignore "netgroup" map set by the profile.
 -
 -with-custom-networks::
 -Ignore "networks" map set by the profile.
 -
 -with-custom-passwd::
 -Ignore "passwd" map set by the profile.
 -
 -with-custom-protocols::
 -Ignore "protocols" map set by the profile.
 -
 -with-custom-publickey::
 -Ignore "publickey" map set by the profile.
 -
 -with-custom-rpc::
 -Ignore "rpc" map set by the profile.
 -
 -with-custom-services::
 -Ignore "services" map set by the profile.
 -
 -with-custom-shadow::
 -Ignore "shadow" map set by the profile.
 -
 -EXAMPLES
 ---------
 -* Enable NIS with no additional modules
 -
 -  authselect select nis
 -
 -* Enable NIS and create home directories for users on their first login
 -
 -  authselect select nis with-mkhomedir
 diff --git a/profiles/nis/REQUIREMENTS b/profiles/nis/REQUIREMENTS
 deleted file mode 100644
 index c58aa2789f4ef064b7904cacf4fc3158dce7ad41..0000000000000000000000000000000000000000
 --- a/profiles/nis/REQUIREMENTS
 +++ /dev/null
@@ -1,13 +0,0 @@
 -Make sure that NIS service is configured and enabled. See NIS documentation for more information.
 -                                                                                          {include if "with-fingerprint"}
 -- with-fingerprint is selected, make sure fprintd service is configured and enabled       {include if "with-fingerprint"}
 -                                                                                          {include if "with-pam-u2f"}
 -- with-pam-u2f is selected, make sure that the pam u2f module is installed                {include if "with-pam-u2f"}
 -  - users can then configure keys using the pamu2fcfg tool                                {include if "with-pam-u2f"}
 -                                                                                          {include if "with-pam-u2f-2fa"}
 -- with-pam-u2f-2fa is selected, make sure that the pam u2f module is installed            {include if "with-pam-u2f-2fa"}
 -  - users can then configure keys using the pamu2fcfg tool                                {include if "with-pam-u2f-2fa"}
 -                                                                                          {include if "with-mkhomedir"}
 -- with-mkhomedir is selected, make sure pam_oddjob_mkhomedir module                       {include if "with-mkhomedir"}
 -  is present and oddjobd service is enabled and active                                    {include if "with-mkhomedir"}
 -  - systemctl enable --now oddjobd.service                                                {include if "with-mkhomedir"}
 diff --git a/profiles/nis/dconf-db b/profiles/nis/dconf-db
 deleted file mode 100644
 index bd32b2819f66acdc75ab0fc522ec85673d10ed72..0000000000000000000000000000000000000000
@ -232,20 +93,20 @@ index 04a11f049bc1e220c9064fba7b46eb243ddd4996..00000000000000000000000000000000
 -session     [default=1]                pam_lastlog.so nowtmp {if "with-silent-lastlog":silent|showfailed}
 -session     optional                   pam_lastlog.so silent noupdate showfailed
 diff --git a/rpm/authselect.spec.in b/rpm/authselect.spec.in
-index 628d6c91e9b3b4448787915fc1f9ac42f445bfc6..a0d508a716603771878781a62168fe0a71207f66 100644
+index f8539d5a028da1a7184b47609a8efdb5ce0be14e..95da183a41a29f7913a0a255a94070908ed9a66c 100644
 --- a/rpm/authselect.spec.in
 +++ b/rpm/authselect.spec.in
-@@ -155,7 +155,6 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \;
+@@ -165,7 +165,6 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \;
 %dir %{_datadir}/authselect/vendor
 %dir %{_datadir}/authselect/default
 %dir %{_datadir}/authselect/default/minimal/
 -%dir %{_datadir}/authselect/default/nis/
 %dir %{_datadir}/authselect/default/sssd/
 %dir %{_datadir}/authselect/default/winbind/
- %{_datadir}/authselect/default/minimal/nsswitch.conf
+ %{_datadir}/authselect/default/minimal/dconf-db
-@@ -164,15 +163,6 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \;
+@@ -178,16 +177,6 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \;
 %{_datadir}/authselect/default/minimal/README
 %{_datadir}/authselect/default/minimal/REQUIREMENTS
 %{_datadir}/authselect/default/minimal/smartcard-auth
 %{_datadir}/authselect/default/minimal/system-auth
 -%{_datadir}/authselect/default/nis/dconf-db
 -%{_datadir}/authselect/default/nis/dconf-locks
@ -255,15 +116,16 @@ index 628d6c91e9b3b4448787915fc1f9ac42f445bfc6..a0d508a716603771878781a62168fe0a
 -%{_datadir}/authselect/default/nis/postlogin
 -%{_datadir}/authselect/default/nis/README
 -%{_datadir}/authselect/default/nis/REQUIREMENTS
 -%{_datadir}/authselect/default/nis/smartcard-auth
 -%{_datadir}/authselect/default/nis/system-auth
 %{_datadir}/authselect/default/sssd/dconf-db
 %{_datadir}/authselect/default/sssd/dconf-locks
 %{_datadir}/authselect/default/sssd/fingerprint-auth
 diff --git a/src/compat/authcompat.py.in.in b/src/compat/authcompat.py.in.in
-index 4e39b7ec66d0e2ba911c7280467ba78fd29c196c..7c0fdf341212250f03dc14ddf6680e90da8e217e 100755
+index 55e205bae2c0b1f7892f8b286c288dfeaa26a60d..c6d1f2786c233f7ebdbfe5f2503aa0016012aee0 100755
 --- a/src/compat/authcompat.py.in.in
 +++ b/src/compat/authcompat.py.in.in
-@@ -240,20 +240,6 @@ class Configuration:
+@@ -243,20 +243,6 @@ class Configuration:
             config.write(keys)
@ -284,7 +146,7 @@ index 4e39b7ec66d0e2ba911c7280467ba78fd29c196c..7c0fdf341212250f03dc14ddf6680e90
     class SSSD(Base):
         def __init__(self, options):
             super(Configuration.SSSD, self).__init__(options, ServiceName="sssd")
-@@ -375,83 +361,6 @@ class Configuration:
+@@ -378,83 +364,6 @@ class Configuration:
             # other applications may depend on it.
             return
@ -368,16 +230,16 @@ index 4e39b7ec66d0e2ba911c7280467ba78fd29c196c..7c0fdf341212250f03dc14ddf6680e90
 class AuthCompat:
     def __init__(self):
         self.sysconfig = EnvironmentFile(Path.System('authconfig'))
-@@ -533,8 +442,6 @@ class AuthCompat:
+@@ -538,8 +447,6 @@ class AuthCompat:
-         if (self.options.getBool("ldap") or self.options.getBool("ldapauth") or
+                 or self.options.getBool("sssd")
-                 self.options.getBool("sssd") or self.options.getBool("sssdauth")):
+                 or self.options.getBool("sssdauth")):
             profile = "sssd"
 -        elif self.options.getBool("nis"):
 -            profile = "nis"
         elif self.options.getBool("winbind"):
             profile = "winbind"
-@@ -591,13 +498,11 @@ class AuthCompat:
+@@ -596,13 +503,11 @@ class AuthCompat:
     def writeConfiguration(self):
         configs = [
             Configuration.LDAP(self.options),
@ -392,7 +254,7 @@ index 4e39b7ec66d0e2ba911c7280467ba78fd29c196c..7c0fdf341212250f03dc14ddf6680e90
         for config in configs:
 diff --git a/src/compat/authcompat_Options.py b/src/compat/authcompat_Options.py
-index 433a3340bac29739174e78928701214c08ec6f3c..2712d85a377ee92c7816e3d2284302307084b0c4 100644
+index 5c8b21b55014198d6d9dfc98bd807c3c922b06f4..79ead60fa9edc1244227e3b69df025471b7c7991 100644
 --- a/src/compat/authcompat_Options.py
 +++ b/src/compat/authcompat_Options.py
@@ -79,9 +79,6 @@ class Options:
@ -400,25 +262,25 @@ index 433a3340bac29739174e78928701214c08ec6f3c..2712d85a377ee92c7816e3d228430230
         # expected service is working. They may not result in the exact same
         # configuration as authconfig would generate.
 -        Option.Feature("nis", _("NIS for user information by default")),
-        Option.Valued ("nisdomain",       _("<domain>"), _("default NIS domain")),
+-        Option.Valued("nisdomain", _("<domain>"), _("default NIS domain")),
-        Option.Valued ("nisserver",       _("<server>"), _("default NIS server")),
+-        Option.Valued("nisserver", _("<server>"), _("default NIS server")),
         Option.Feature("ldap", _("LDAP for user information by default")),
         Option.Feature("ldapauth", _("LDAP for authentication by default")),
-         Option.Valued ("ldapserver",      _("<server>"), _("default LDAP server hostname or URI")),
+         Option.Valued("ldapserver", _("<server>"), _("default LDAP server hostname or URI")),
@@ -164,6 +161,11 @@ class Options:
         Option.UnsupportedFeature("locauthorize"),
         Option.UnsupportedFeature("sysnetauth"),
-         Option.UnsupportedValued ("faillockargs", _("<options>")),
+         Option.UnsupportedValued("faillockargs", _("<options>")),
 +
 +        # NIS is no longer supported
 +        Option.UnsupportedFeature("nis"),
-+        Option.UnsupportedValued ("nisdomain", _("<domain>")),
+        Option.UnsupportedValued("nisdomain", _("<domain>")),
-+        Option.UnsupportedValued ("nisserver", _("<server>")),
+        Option.UnsupportedValued("nisserver", _("<server>")),
     ]
     Map = {
 diff --git a/src/man/authselect-migration.7.adoc b/src/man/authselect-migration.7.adoc
-index a27af036738274d8d392f7fe1f7d59c89e9c4ffb..515104b160d956d04b9ec8cacd25d166983e02d5 100644
+index 888cd4e5a0750d4e1aa5898887f5f7fd42472741..d9777b9b473859d7ec532f39f7e14bd81c4f1b90 100644
 --- a/src/man/authselect-migration.7.adoc
 +++ b/src/man/authselect-migration.7.adoc
@@ -72,7 +72,7 @@ configuration file for required services.
@ -431,5 +293,5 @@ index a27af036738274d8d392f7fe1f7d59c89e9c4ffb..515104b160d956d04b9ec8cacd25d166
 .Relation of authconfig options to authselect profile features
 -- 
-2.20.1
+2.34.1
--- a/SOURCES/9003-rhel9-sssd-default-to-files-first-for-users-and-grou.patch
+++ b/SOURCES/9003-rhel9-sssd-default-to-files-first-for-users-and-grou.patch
@ -1,58 +0,0 @@
 From 9fc2d8061c811c4522484f4cb62a2025fe9282b2 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
 Date: Thu, 18 Feb 2021 13:38:53 +0100
 Subject: [PATCH 3/3] rhel9: sssd: default to files first for users and groups
 The passwd and group databases will now default to files first.
 The order "sss files" can be enabled with "with-files-provider"
 feature.
 ---
 profiles/sssd/README        | 5 +++++
 profiles/sssd/REQUIREMENTS  | 4 ++++
 profiles/sssd/nsswitch.conf | 4 ++--
 3 files changed, 11 insertions(+), 2 deletions(-)
 diff --git a/profiles/sssd/README b/profiles/sssd/README
 index ac063e8d065d0488279dc2381bdd7f8ac361bfcb..699d490b90710a53c3959f196b9ef435149a4bd0 100644
 --- a/profiles/sssd/README
 +++ b/profiles/sssd/README
@@ -76,6 +76,11 @@ with-sudo::
 with-pamaccess::
     Check access.conf during account authorization.
 +with-files-domain::
 +    If set, SSSD will be contacted before "files" when resolving users and
 +    groups. The order in nsswitch.conf will be set to "sss files" instead of
 +    "files sss" for passwd and group maps.
 +
 with-files-access-provider::
     If set, account management for local users is handled also by pam_sss. This
     is needed if there is an explicitly configured domain with id_provider=files
 diff --git a/profiles/sssd/REQUIREMENTS b/profiles/sssd/REQUIREMENTS
 index cbffac54bbd2598c2a53cd3014ebeb271dad9c57..ba3b3bd0fa143c3cc74d00faaf6ff94a2b4aaf84 100644
 --- a/profiles/sssd/REQUIREMENTS
 +++ b/profiles/sssd/REQUIREMENTS
@@ -14,3 +14,7 @@ Make sure that SSSD service is configured and enabled. See SSSD documentation fo
 - with-mkhomedir is selected, make sure pam_oddjob_mkhomedir module                       {include if "with-mkhomedir"}
   is present and oddjobd service is enabled and active                                    {include if "with-mkhomedir"}
   - systemctl enable --now oddjobd.service                                                {include if "with-mkhomedir"}
 +                                                                                          {include if "with-files-domain"}
 +- with-files-domain is selected, make sure the files provider is enabled in SSSD          {include if "with-files-domain"}
 +  - set enable_files_domain=true in [sssd] section of /etc/sssd/sssd.conf                 {include if "with-files-domain"}
 +  - or create a custom domain with id_provider=files                                      {include if "with-files-domain"}
 \ No newline at end of file
 diff --git a/profiles/sssd/nsswitch.conf b/profiles/sssd/nsswitch.conf
 index 9734bbbe68e7cf73a4a560e3573162d353e551e8..91c9fe9ef60fde07d55269247c885db0f738c776 100644
 --- a/profiles/sssd/nsswitch.conf
 +++ b/profiles/sssd/nsswitch.conf
@@ -1,5 +1,5 @@
 -passwd:     sss files systemd   {exclude if "with-custom-passwd"}
 -group:      sss files systemd   {exclude if "with-custom-group"}
 +passwd:     {if "with-files-domain":sss files|files sss} systemd   {exclude if "with-custom-passwd"}
 +group:      {if "with-files-domain":sss files|files sss} systemd   {exclude if "with-custom-group"}
 netgroup:   sss files           {exclude if "with-custom-netgroup"}
 automount:  sss files           {exclude if "with-custom-automount"}
 services:   sss files           {exclude if "with-custom-services"}
 -- 
 2.29.2
--- a/SPECS/authselect.spec
+++ b/SPECS/authselect.spec
@ -2,24 +2,19 @@
 %define _empty_manifest_terminate_build 0
 Name:           authselect
-Version:        1.2.3
+Version:        1.2.5
-Release:        7%{?dist}
+Release:        1%{?dist}
 Summary:        Configures authentication and identity sources from supported profiles
 URL:            https://github.com/authselect/authselect
 License:        GPLv3+
 Source0:        %{url}/archive/%{version}/%{name}-%{version}.tar.gz
 Patch0001: 0001-lib-avoid-freeing-uninitialized-variable-in-authsele.patch
 ### Downstream Patches ###
-%if 0%{?rhel}
+Patch0901:  0901-rhel9-remove-mention-of-Fedora-Change-page-in-compat.patch
-Patch9001: 9001-rhel9-remove-mention-of-Fedora-Change-page-in-compat.patch
+Patch0902:  0902-rhel9-remove-ecryptfs-support.patch
-Patch9002: 9002-rhel9-remove-ecryptfs-support.patch
+Patch0903:  0903-rhel9-Revert-profiles-add-support-for-resolved.patch
-Patch9003: 9003-rhel9-sssd-default-to-files-first-for-users-and-grou.patch
+Patch0904:  0904-rhel9-remove-nis-support.patch
 Patch9004: 9004-rhel9-remove-support-for-for-resolved.patch
 Patch0005: 9005-rhel9-remove-nis-support.patch
 %endif
 %global makedir %{_builddir}/%{name}-%{version}
@ -36,6 +31,7 @@ BuildRequires:  po4a
 BuildRequires:  %{_bindir}/a2x
 BuildRequires:  libcmocka-devel >= 1.0.0
 BuildRequires:  libselinux-devel
 BuildRequires:  python3-devel
 Requires: authselect-libs%{?_isa} = %{version}-%{release}
 Suggests: sssd
 Suggests: samba-winbind
@ -70,8 +66,6 @@ command line tool and any other potential front-ends.
 Summary: Tool to provide minimum backwards compatibility with authconfig
 Obsoletes: authconfig < 7.0.1-6
 Provides: authconfig
 BuildRequires: python3-devel
 BuildRequires: make
 Requires: authselect%{?_isa} = %{version}-%{release}
 Recommends: oddjob-mkhomedir
 Suggests: sssd
@ -104,7 +98,7 @@ done
 %build
 autoreconf -if
-%configure --with-pythonbin="%{__python3}"
+%configure --with-pythonbin="%{__python3}" --with-compat
 %make_build
 %check
@ -160,11 +154,13 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \;
 %dir %{_datadir}/authselect/default/winbind/
 %{_datadir}/authselect/default/minimal/dconf-db
 %{_datadir}/authselect/default/minimal/dconf-locks
 %{_datadir}/authselect/default/minimal/fingerprint-auth
 %{_datadir}/authselect/default/minimal/nsswitch.conf
 %{_datadir}/authselect/default/minimal/password-auth
 %{_datadir}/authselect/default/minimal/postlogin
 %{_datadir}/authselect/default/minimal/README
 %{_datadir}/authselect/default/minimal/REQUIREMENTS
 %{_datadir}/authselect/default/minimal/smartcard-auth
 %{_datadir}/authselect/default/minimal/system-auth
 %{_datadir}/authselect/default/sssd/dconf-db
 %{_datadir}/authselect/default/sssd/dconf-locks
@ -184,6 +180,7 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \;
 %{_datadir}/authselect/default/winbind/postlogin
 %{_datadir}/authselect/default/winbind/README
 %{_datadir}/authselect/default/winbind/REQUIREMENTS
 %{_datadir}/authselect/default/winbind/smartcard-auth
 %{_datadir}/authselect/default/winbind/system-auth
 %{_libdir}/libauthselect.so.*
 %{_mandir}/man5/authselect-profiles.5*
@ -293,6 +290,12 @@ exit 0
 exit 0
 %changelog
 * Thu May 5 2022 Pavel Březina <pbrezina@redhat.com> - 1.2.5-1
 - Rebase to 1.2.5 (RHBZ #2080239)
 - backup-restore now works correctly (RHBZ #2070541)
 - add with-subid to sssd profile (RHBZ #2075192)
 - add with-gssapi to sssd profile (RHBZ #2077893)
 * Thu Aug 26 2021 Pavel Březina <pbrezina@redhat.com> - 1.2.3-7
 - Avoid freeing uninitialized variable in authselect_apply_changes (rhbz#1970871)
`@ -1 +1 @@`
	`3f004c30e9f07c0dd259403f1cd9f13c5ec297ce SOURCES/authselect-1.2.3.tar.gz`	`4eb7fbb53b31d92f0fae17d6fd5e5da46bc8b434 SOURCES/authselect-1.2.5.tar.gz`
`@ -1 +1 @@`
	`SOURCES/authselect-1.2.3.tar.gz`	`SOURCES/authselect-1.2.5.tar.gz`