import authselect-1.2.5-1.el9

.authselect.metadata

@@ -1 +1 @@
-3f004c30e9f07c0dd259403f1cd9f13c5ec297ce SOURCES/authselect-1.2.3.tar.gz
+4eb7fbb53b31d92f0fae17d6fd5e5da46bc8b434 SOURCES/authselect-1.2.5.tar.gz

.gitignore

@@ -1 +1 @@
-SOURCES/authselect-1.2.3.tar.gz
+SOURCES/authselect-1.2.5.tar.gz

SOURCES/0001-lib-avoid-freeing-uninitialized-variable-in-authsele.patch

@@ -1,31 +0,0 @@
-From 6924b8f8d82ecd32e897cf5f441e5c87f8816859 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Thu, 22 Jul 2021 11:29:20 +0200
-Subject: [PATCH] lib: avoid freeing uninitialized variable in
- authselect_apply_changes()
-
-If authselect_profile() fails, we goto done and try to free uninitialized
-variable.
-
-Resolves:
-https://github.com/authselect/authselect/issues/265
----
- src/lib/authselect.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/lib/authselect.c b/src/lib/authselect.c
-index 0f43e12202c16769dfc6ac7dee41812159cc1d3a..a901e02719713bd13d5a4fab606ee713b3d6ddca 100644
---- a/src/lib/authselect.c
-+++ b/src/lib/authselect.c
-@@ -163,7 +163,7 @@ authselect_uninstall(void)
- _PUBLIC_ int
- authselect_apply_changes(void)
- {
--    struct authselect_profile *profile;
-+    struct authselect_profile *profile = NULL;
-     char **supported = NULL;
-     char *profile_id;
-     char **features;
--- 
-2.31.1
-

SOURCES/0901-rhel9-remove-mention-of-Fedora-Change-page-in-compat.patch

@@ -1,7 +1,7 @@
-From 2e2a7143cbfa719905cb130a5e67313c65bf3b65 Mon Sep 17 00:00:00 2001
+From c3c2c3b7ffe04dc2e810c9fffdd82689543a94df Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
 Date: Tue, 30 Oct 2018 14:08:12 +0100
-Subject: [PATCH 1/3] rhel9: remove mention of Fedora Change page in compat
+Subject: [PATCH 1/4] rhel9: remove mention of Fedora Change page in compat
  tool
 
 ---
@@ -9,10 +9,10 @@ Subject: [PATCH 1/3] rhel9: remove mention of Fedora Change page in compat
  1 file changed, 1 deletion(-)
 
 diff --git a/src/compat/authcompat.py.in.in b/src/compat/authcompat.py.in.in
-index f879e08eb94e9620dfc28f245b0ea5815df7e4f2..e4b8c05c6a11a215529ba66f8b36b72a6ac18448 100755
+index 1a68d95c71b51beabe80e9b07c084ea9c2f3580d..8334293911d1d4c2d98a6d233b91fc348cf06575 100755
 --- a/src/compat/authcompat.py.in.in
 +++ b/src/compat/authcompat.py.in.in
-@@ -468,7 +468,6 @@ class AuthCompat:
+@@ -471,7 +471,6 @@ class AuthCompat:
                  "It does not provide all capabilities of authconfig.\n"))
          print(_("IMPORTANT: authconfig is replaced by authselect, "
                  "please update your scripts."))
@@ -21,5 +21,5 @@ index f879e08eb94e9620dfc28f245b0ea5815df7e4f2..e4b8c05c6a11a215529ba66f8b36b72a
  
          options = self.options.getSetButUnsupported()
 -- 
-2.29.2
+2.34.1
 

SOURCES/0902-rhel9-remove-ecryptfs-support.patch

@@ -1,7 +1,7 @@
-From 6de7d2e033d67f23b33620a2b80f5a6c106bd6f5 Mon Sep 17 00:00:00 2001
+From 9da7355f1e2c8a148d4730fec4c4707c56e6dfa1 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
 Date: Mon, 10 Jun 2019 10:53:15 +0200
-Subject: [PATCH 2/3] rhel9: remove ecryptfs support
+Subject: [PATCH 2/4] rhel9: remove ecryptfs support
 
 ---
  profiles/nis/README                 | 3 ---
@@ -26,7 +26,7 @@ Subject: [PATCH 2/3] rhel9: remove ecryptfs support
  19 files changed, 3 insertions(+), 36 deletions(-)
 
 diff --git a/profiles/nis/README b/profiles/nis/README
-index 5dbb9b49fb7708ef3b073aff7e1883e3f9a0bd06..cac3428bf844b0a9d251015988583f4c1b15c3c9 100644
+index 895e8fa8650c04d41bf8bc8d6e3cda18db9bf814..71e23d61a8c1ea773c98524256a5eaad5a75d197 100644
 --- a/profiles/nis/README
 +++ b/profiles/nis/README
 @@ -21,9 +21,6 @@ with-mkhomedir::
@@ -40,10 +40,10 @@ index 5dbb9b49fb7708ef3b073aff7e1883e3f9a0bd06..cac3428bf844b0a9d251015988583f4c
      Enable authentication with fingerprint reader through *pam_fprintd*.
  
 diff --git a/profiles/nis/fingerprint-auth b/profiles/nis/fingerprint-auth
-index 756993cf1b2095f505208df19dd739dcaed1af31..eebec6d0d6edeae6a3eb224f0ff284016b0fc642 100644
+index 3a2609df4ca29cdfcbff84b37576bb7b840d72b2..0b2f583a2fcf164647f7de387e9be2982bdf36cb 100644
 --- a/profiles/nis/fingerprint-auth
 +++ b/profiles/nis/fingerprint-auth
-@@ -13,7 +13,6 @@ password    required                                     pam_deny.so
+@@ -15,7 +15,6 @@ password    required                                     pam_deny.so
  
  session     optional                                     pam_keyinit.so revoke
  session     required                                     pam_limits.so
@@ -52,10 +52,10 @@ index 756993cf1b2095f505208df19dd739dcaed1af31..eebec6d0d6edeae6a3eb224f0ff28401
  session     optional                                     pam_oddjob_mkhomedir.so                               {include if "with-mkhomedir"}
  session     [success=1 default=ignore]                   pam_succeed_if.so service in crond quiet use_uid
 diff --git a/profiles/nis/password-auth b/profiles/nis/password-auth
-index 7997ea8de61ad6392ed01c39727f70253b5cc0ca..9a8ae9cde644a4ac981f4b9553af2f0f428bfebb 100644
+index f181a58ab7792c7e1a4234e677cbb7e3d0a6548d..79fb521eb5dff4978203166491b185887d1ec744 100644
 --- a/profiles/nis/password-auth
 +++ b/profiles/nis/password-auth
-@@ -17,7 +17,6 @@ password    required                                     pam_deny.so
+@@ -18,7 +18,6 @@ password    required                                     pam_deny.so
  
  session     optional                                     pam_keyinit.so revoke
  session     required                                     pam_limits.so
@@ -76,10 +76,10 @@ index 137cd00dc65ee9ea83123f1d3a6f7ba04f0aea04..04a11f049bc1e220c9064fba7b46eb24
  session     [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet
  session     [default=1]                pam_lastlog.so nowtmp {if "with-silent-lastlog":silent|showfailed}
 diff --git a/profiles/nis/system-auth b/profiles/nis/system-auth
-index 057b31e074f29c46b492fa310a954e281631800e..2e7462983d35e4a2f5cef8151ed53baaf7e5c790 100644
+index bc3f402435aafb5294dbae94096b184af51cf914..38c10c1afcf936c1d24d8edef941ae849d1186fc 100644
 --- a/profiles/nis/system-auth
 +++ b/profiles/nis/system-auth
-@@ -18,7 +18,6 @@ password    required                                     pam_deny.so
+@@ -19,7 +19,6 @@ password    required                                     pam_deny.so
  
  session     optional                                     pam_keyinit.so revoke
  session     required                                     pam_limits.so
@@ -88,7 +88,7 @@ index 057b31e074f29c46b492fa310a954e281631800e..2e7462983d35e4a2f5cef8151ed53baa
  session     optional                                     pam_oddjob_mkhomedir.so                               {include if "with-mkhomedir"}
  session     [success=1 default=ignore]                   pam_succeed_if.so service in crond quiet use_uid
 diff --git a/profiles/sssd/README b/profiles/sssd/README
-index 95ef5dc785ed0530122837b5e08d03590ed1ada5..ac063e8d065d0488279dc2381bdd7f8ac361bfcb 100644
+index 61d5aedf65b2351cf23cea0a6b6b0932e32f0e48..ab9af237442089ded86b63942dd856397108ccf0 100644
 --- a/profiles/sssd/README
 +++ b/profiles/sssd/README
 @@ -40,9 +40,6 @@ with-mkhomedir::
@@ -102,10 +102,10 @@ index 95ef5dc785ed0530122837b5e08d03590ed1ada5..ac063e8d065d0488279dc2381bdd7f8a
      Enable authentication with smartcards through SSSD. Please note that
      smartcard support must be also explicitly enabled within
 diff --git a/profiles/sssd/fingerprint-auth b/profiles/sssd/fingerprint-auth
-index fe3cac7a976845017d034ac1158a38f889926ce8..ad0a95440ebd006ff88264177598c77afc472dda 100644
+index 20ad3613e66ec85c7d2462d0449854e522383b3a..dc7befe7a4839a1ae5a4d21f4e5232126df55564 100644
 --- a/profiles/sssd/fingerprint-auth
 +++ b/profiles/sssd/fingerprint-auth
-@@ -18,7 +18,6 @@ password    required                                     pam_deny.so
+@@ -20,7 +20,6 @@ password    required                                     pam_deny.so
  
  session     optional                                     pam_keyinit.so revoke
  session     required                                     pam_limits.so
@@ -114,10 +114,10 @@ index fe3cac7a976845017d034ac1158a38f889926ce8..ad0a95440ebd006ff88264177598c77a
  session     optional                                     pam_oddjob_mkhomedir.so                               {include if "with-mkhomedir"}
  session     [success=1 default=ignore]                   pam_succeed_if.so service in crond quiet use_uid
 diff --git a/profiles/sssd/password-auth b/profiles/sssd/password-auth
-index d6953428cca7d6518f63c3fdbaabc4746c35f91b..6d87cbe0a805bf5d3ab2a6192d570b9e5c6dc143 100644
+index 3e33dcc09f68055f2f87709e638005929bd577b3..858c6db357d07dc554806f4807f9b0858a649f44 100644
 --- a/profiles/sssd/password-auth
 +++ b/profiles/sssd/password-auth
-@@ -27,7 +27,6 @@ password    required                                     pam_deny.so
+@@ -28,7 +28,6 @@ password    required                                     pam_deny.so
  
  session     optional                                     pam_keyinit.so revoke
  session     required                                     pam_limits.so
@@ -138,10 +138,10 @@ index 137cd00dc65ee9ea83123f1d3a6f7ba04f0aea04..04a11f049bc1e220c9064fba7b46eb24
  session     [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet
  session     [default=1]                pam_lastlog.so nowtmp {if "with-silent-lastlog":silent|showfailed}
 diff --git a/profiles/sssd/smartcard-auth b/profiles/sssd/smartcard-auth
-index 230269c42508a50ad5b4677ab6514b9afe4d5fbf..874ffaca1b2c15c81adc4ca130c15834154bdc0e 100644
+index 0d8bcab250633b09bce0232a5747f3a7e740d5d7..754847f2d8885ff35cbc57ec2364d82b963caa3b 100644
 --- a/profiles/sssd/smartcard-auth
 +++ b/profiles/sssd/smartcard-auth
-@@ -16,7 +16,6 @@ account     required                                     pam_permit.so
+@@ -18,7 +18,6 @@ account     required                                     pam_permit.so
  
  session     optional                                     pam_keyinit.so revoke
  session     required                                     pam_limits.so
@@ -150,10 +150,10 @@ index 230269c42508a50ad5b4677ab6514b9afe4d5fbf..874ffaca1b2c15c81adc4ca130c15834
  session     optional                                     pam_oddjob_mkhomedir.so                                {include if "with-mkhomedir"}
  session     [success=1 default=ignore]                   pam_succeed_if.so service in crond quiet use_uid
 diff --git a/profiles/sssd/system-auth b/profiles/sssd/system-auth
-index 6f914ea91eb7782d60959ced56112f9cc1365347..dfc53b4ce55a0d575dc4fe68004a846f43360ccc 100644
+index a43341120f55bad3fb07dfea1c04453d0a278329..88c49e2dd5b60847d1d19154622a8614a21e5e1f 100644
 --- a/profiles/sssd/system-auth
 +++ b/profiles/sssd/system-auth
-@@ -32,7 +32,6 @@ password    required                                     pam_deny.so
+@@ -35,7 +35,6 @@ password    required                                     pam_deny.so
  
  session     optional                                     pam_keyinit.so revoke
  session     required                                     pam_limits.so
@@ -162,7 +162,7 @@ index 6f914ea91eb7782d60959ced56112f9cc1365347..dfc53b4ce55a0d575dc4fe68004a846f
  session     optional                                     pam_oddjob_mkhomedir.so                               {include if "with-mkhomedir"}
  session     [success=1 default=ignore]                   pam_succeed_if.so service in crond quiet use_uid
 diff --git a/profiles/winbind/README b/profiles/winbind/README
-index 40a1a459355d2ee8ab98e31d2868cb24261e2c17..0e80bb697f8050ac8eb3c78d4f41945b9bcbba29 100644
+index 0048c29256f5d4064edfb84a2f4b761fd09e90f6..6f7a7cab1efc768c4c82791d6a8f00def1771d37 100644
 --- a/profiles/winbind/README
 +++ b/profiles/winbind/README
 @@ -33,9 +33,6 @@ with-mkhomedir::
@@ -176,10 +176,10 @@ index 40a1a459355d2ee8ab98e31d2868cb24261e2c17..0e80bb697f8050ac8eb3c78d4f41945b
      Enable authentication with fingerprint reader through *pam_fprintd*.
  
 diff --git a/profiles/winbind/fingerprint-auth b/profiles/winbind/fingerprint-auth
-index c4b8261ca45d4f6b9eda03ea96850bb32d605d30..6262549af2ca8aed540e7a7e1d97e0ba3b2ef088 100644
+index e8997c6c78ce7305fa7068fb169c05c68167880d..c5485ab848989a252e4ff4b1376a41202d21fd67 100644
 --- a/profiles/winbind/fingerprint-auth
 +++ b/profiles/winbind/fingerprint-auth
-@@ -17,7 +17,6 @@ password    required                                     pam_deny.so
+@@ -19,7 +19,6 @@ password    required                                     pam_deny.so
  
  session     optional                                     pam_keyinit.so revoke
  session     required                                     pam_limits.so
@@ -188,10 +188,10 @@ index c4b8261ca45d4f6b9eda03ea96850bb32d605d30..6262549af2ca8aed540e7a7e1d97e0ba
  session     optional                                     pam_oddjob_mkhomedir.so                               {include if "with-mkhomedir"}
  session     [success=1 default=ignore]                   pam_succeed_if.so service in crond quiet use_uid
 diff --git a/profiles/winbind/password-auth b/profiles/winbind/password-auth
-index bbeca057d49102889e3eeee040ea256dbd751eef..aef4d5ce6a6ec9496deabc1010cde0370a3ecba7 100644
+index 58705f3b15165c8d8bd4938889e3fb4d89c1a528..e84e2fcbb2bad9af6156e6e6db23f089f2b5d210 100644
 --- a/profiles/winbind/password-auth
 +++ b/profiles/winbind/password-auth
-@@ -24,7 +24,6 @@ password    required                                     pam_deny.so
+@@ -25,7 +25,6 @@ password    required                                     pam_deny.so
  
  session     optional                                     pam_keyinit.so revoke
  session     required                                     pam_limits.so
@@ -212,10 +212,10 @@ index 137cd00dc65ee9ea83123f1d3a6f7ba04f0aea04..04a11f049bc1e220c9064fba7b46eb24
  session     [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet
  session     [default=1]                pam_lastlog.so nowtmp {if "with-silent-lastlog":silent|showfailed}
 diff --git a/profiles/winbind/system-auth b/profiles/winbind/system-auth
-index 8e6026b782f8bd7e64632a9acedf304bd95f29e1..e4bdd0bf1c315c86cc8064625b80161baa5c455f 100644
+index 994c342441a0ed2738765a9fa7f6cc84f692d1d8..b5c5cfaa964a31b1cd8ac4cb62998c0a0a53a03e 100644
 --- a/profiles/winbind/system-auth
 +++ b/profiles/winbind/system-auth
-@@ -25,7 +25,6 @@ password    required                                     pam_deny.so
+@@ -26,7 +26,6 @@ password    required                                     pam_deny.so
  
  session     optional                                     pam_keyinit.so revoke
  session     required                                     pam_limits.so
@@ -224,39 +224,39 @@ index 8e6026b782f8bd7e64632a9acedf304bd95f29e1..e4bdd0bf1c315c86cc8064625b80161b
  session     optional                                     pam_oddjob_mkhomedir.so                               {include if "with-mkhomedir"}
  session     [success=1 default=ignore]                   pam_succeed_if.so service in crond quiet use_uid
 diff --git a/src/compat/authcompat.py.in.in b/src/compat/authcompat.py.in.in
-index e4b8c05c6a11a215529ba66f8b36b72a6ac18448..4e39b7ec66d0e2ba911c7280467ba78fd29c196c 100755
+index 8334293911d1d4c2d98a6d233b91fc348cf06575..55e205bae2c0b1f7892f8b286c288dfeaa26a60d 100755
 --- a/src/compat/authcompat.py.in.in
 +++ b/src/compat/authcompat.py.in.in
-@@ -520,7 +520,6 @@ class AuthCompat:
+@@ -523,7 +523,6 @@ class AuthCompat:
-             'smartcard'        : 'with-smartcard',
+             'smartcard': 'with-smartcard',
-             'requiresmartcard' : 'with-smartcard-required',
+             'requiresmartcard': 'with-smartcard-required',
-             'fingerprint'      : 'with-fingerprint',
+             'fingerprint': 'with-fingerprint',
--            'ecryptfs'         : 'with-ecryptfs',
+-            'ecryptfs': 'with-ecryptfs',
-             'mkhomedir'        : 'with-mkhomedir',
+             'mkhomedir': 'with-mkhomedir',
-             'faillock'         : 'with-faillock',
+             'faillock': 'with-faillock',
-             'pamaccess'        : 'with-pamaccess',
+             'pamaccess': 'with-pamaccess',
 diff --git a/src/compat/authcompat_Options.py b/src/compat/authcompat_Options.py
-index c8f52ab6773c4cd5371f32121dba8053f3443261..433a3340bac29739174e78928701214c08ec6f3c 100644
+index d26dedabdfb9519861076b58cddd0dd0eb04b7cb..5c8b21b55014198d6d9dfc98bd807c3c922b06f4 100644
 --- a/src/compat/authcompat_Options.py
 +++ b/src/compat/authcompat_Options.py
 @@ -93,7 +93,6 @@ class Options:
-         Option.Valued ("smartcardaction", _("<0=Lock|1=Ignore>"), _("action to be taken on smart card removal")),
+         Option.Valued("smartcardaction", _("<0=Lock|1=Ignore>"), _("action to be taken on smart card removal")),
-         Option.Feature("requiresmartcard",_("require smart card for authentication by default")),
+         Option.Feature("requiresmartcard", _("require smart card for authentication by default")),
-         Option.Feature("fingerprint",     _("authentication with fingerprint readers by default")),
+         Option.Feature("fingerprint", _("authentication with fingerprint readers by default")),
--        Option.Feature("ecryptfs",        _("automatic per-user ecryptfs")),
+-        Option.Feature("ecryptfs", _("automatic per-user ecryptfs")),
-         Option.Feature("krb5",            _("Kerberos authentication by default")),
+         Option.Feature("krb5", _("Kerberos authentication by default")),
-         Option.Valued ("krb5kdc",         _("<server>"), _("default Kerberos KDC")),
+         Option.Valued("krb5kdc", _("<server>"), _("default Kerberos KDC")),
-         Option.Valued ("krb5adminserver", _("<server>"), _("default Kerberos admin server")),
+         Option.Valued("krb5adminserver", _("<server>"), _("default Kerberos admin server")),
 @@ -141,6 +140,7 @@ class Options:
          # layers and will produce warning when used. They will not affect
          # the system.
          Option.UnsupportedFeature("cache"),
 +        Option.UnsupportedFeature("ecryptfs"),
          Option.UnsupportedFeature("shadow"),
-         Option.UnsupportedSwitch ("useshadow"),
+         Option.UnsupportedSwitch("useshadow"),
          Option.UnsupportedFeature("md5"),
 diff --git a/src/man/authselect-migration.7.adoc b/src/man/authselect-migration.7.adoc
-index 35ba484d576ab8a3d923a124f6b1577085deedd4..a27af036738274d8d392f7fe1f7d59c89e9c4ffb 100644
+index 3513a7e7cd3d7cc0045167e8224248c5be90ab2c..888cd4e5a0750d4e1aa5898887f5f7fd42472741 100644
 --- a/src/man/authselect-migration.7.adoc
 +++ b/src/man/authselect-migration.7.adoc
 @@ -80,7 +80,6 @@ configuration file for required services.
@@ -267,7 +267,7 @@ index 35ba484d576ab8a3d923a124f6b1577085deedd4..a27af036738274d8d392f7fe1f7d59c8
  |--enablemkhomedir    |with-mkhomedir
  |--enablefaillock     |with-faillock
  |--enablepamaccess    |with-pamaccess
-@@ -95,8 +94,8 @@ authselect select sssd with-faillock
+@@ -103,8 +102,8 @@ authselect select sssd with-faillock
  authconfig --enablesssd --enablesssdauth --enablesmartcard --smartcardmodule=sssd --updateall
  authselect select sssd with-smartcard
  
@@ -279,5 +279,5 @@ index 35ba484d576ab8a3d923a124f6b1577085deedd4..a27af036738274d8d392f7fe1f7d59c8
  authconfig --enablewinbind --enablewinbindauth --winbindjoin=Administrator --updateall
  realm join -U Administrator --client-software=winbind WINBINDDOMAIN
 -- 
-2.29.2
+2.34.1
 

SOURCES/0903-rhel9-Revert-profiles-add-support-for-resolved.patch

@@ -1,11 +1,9 @@
-From 259e4e50a97a5196436e3d7ed42d2ecf0be3203f Mon Sep 17 00:00:00 2001
+From 6381b49e90b3850fade68c8af03b17d0cc016d3c Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Mon, 31 May 2021 15:42:49 +0200
+Date: Wed, 25 Nov 2020 14:05:00 +0100
-Subject: [PATCH] rhel9: remove support for for resolved
+Subject: [PATCH 3/4] rhel9: Revert "profiles: add support for resolved"
 
-systemd-resolved is an experimental feature at this point and it
+systemd-resolved should not be enabled by default on rhel8.
-should not be enabled by default. Steps to switch this feature on
-will be documented in RHEL guide.
 
 This reverts commit c5294c508a940291440eb32d5d750f33baf1ae54.
 ---
@@ -40,5 +38,5 @@ index 50a3ffb7431a91b88b4bfef4c09df19310fac7e7..9bee7d839f84ff39d54cb6ead9dea38e
  netgroup:   files nis                   {exclude if "with-custom-netgroup"}
  networks:   files nis                   {exclude if "with-custom-networks"}
 -- 
-2.31.1
+2.34.1
 

SOURCES/0904-rhel9-remove-nis-support.patch

@@ -1,34 +1,30 @@
-From 7236f7a303215805de7195a8fdef7567543e8b0b Mon Sep 17 00:00:00 2001
+From fde1c60f1e87383596ee7060f4d748675b2efae9 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
 Date: Wed, 9 Jun 2021 13:59:01 +0200
-Subject: [PATCH] rhel9: remove nis support
+Subject: [PATCH 4/4] rhel9: remove nis support
 
 NIS is no longer supported in RHEL9.
 ---
- profiles/Makefile.am                |  13 ----
+ profiles/Makefile.am                | 14 -----
- profiles/nis/README                 | 111 ----------------------------
+ profiles/nis/dconf-db               |  3 -
- profiles/nis/REQUIREMENTS           |  13 ----
+ profiles/nis/dconf-locks            |  2 -
- profiles/nis/dconf-db               |   3 -
+ profiles/nis/nsswitch.conf          | 14 -----
- profiles/nis/dconf-locks            |   2 -
+ profiles/nis/postlogin              |  4 --
- profiles/nis/nsswitch.conf          |  14 ----
+ rpm/authselect.spec.in              | 11 ----
- profiles/nis/postlogin              |   4 -
+ src/compat/authcompat.py.in.in      | 95 -----------------------------
- rpm/authselect.spec.in              |  10 ---
+ src/compat/authcompat_Options.py    |  8 ++-
- src/compat/authcompat.py.in.in      |  95 ------------------------
+ src/man/authselect-migration.7.adoc |  2 +-
- src/compat/authcompat_Options.py    |   8 +-
+ 9 files changed, 6 insertions(+), 147 deletions(-)
- src/man/authselect-migration.7.adoc |   2 +-
- 11 files changed, 6 insertions(+), 269 deletions(-)
- delete mode 100644 profiles/nis/README
- delete mode 100644 profiles/nis/REQUIREMENTS
  delete mode 100644 profiles/nis/dconf-db
  delete mode 100644 profiles/nis/dconf-locks
  delete mode 100644 profiles/nis/nsswitch.conf
  delete mode 100644 profiles/nis/postlogin
 
 diff --git a/profiles/Makefile.am b/profiles/Makefile.am
-index 95e27147b2b0a229a76a293884d605484d3fa841..c658521de01130f19f669fe0a6cb86c11043a406 100644
+index 7191b2604ca2c9ebaba3a4f1beb950e7d0e03970..4ab613f42a581df02c427636a0070092b58ec418 100644
 --- a/profiles/Makefile.am
 +++ b/profiles/Makefile.am
-@@ -13,19 +13,6 @@ dist_profile_minimal_DATA = \
+@@ -15,20 +15,6 @@ dist_profile_minimal_DATA = \
      $(top_srcdir)/profiles/minimal/dconf-locks \
      $(NULL)
  
@@ -39,6 +35,7 @@ index 95e27147b2b0a229a76a293884d605484d3fa841..c658521de01130f19f669fe0a6cb86c1
 -    $(top_srcdir)/profiles/nis/postlogin \
 -    $(top_srcdir)/profiles/nis/README \
 -    $(top_srcdir)/profiles/nis/REQUIREMENTS \
+-    $(top_srcdir)/profiles/nis/smartcard-auth \
 -    $(top_srcdir)/profiles/nis/system-auth \
 -    $(top_srcdir)/profiles/nis/fingerprint-auth \
 -    $(top_srcdir)/profiles/nis/dconf-db \
@@ -48,142 +45,6 @@ index 95e27147b2b0a229a76a293884d605484d3fa841..c658521de01130f19f669fe0a6cb86c1
  profile_sssddir = $(authselect_profile_dir)/sssd
  dist_profile_sssd_DATA = \
      $(top_srcdir)/profiles/sssd/nsswitch.conf \
-diff --git a/profiles/nis/README b/profiles/nis/README
-deleted file mode 100644
-index cac3428bf844b0a9d251015988583f4c1b15c3c9..0000000000000000000000000000000000000000
---- a/profiles/nis/README
-+++ /dev/null
-@@ -1,111 +0,0 @@
--Enable NIS for system authentication
--====================================
--
--Selecting this profile will enable Network Information Services as the source
--of identity and authentication providers.
--
--NIS CONFIGURATION
-------------------
--
--Authselect does not touch NIS configuration. Please, read NIS' documentation
--to see how to configure it manually.
--
--AVAILABLE OPTIONAL FEATURES
-----------------------------
--
--with-faillock::
--    Enable account locking in case of too many consecutive
--    authentication failures.
--
--with-mkhomedir::
--    Enable automatic creation of home directories for users on their
--    first login.
--
--with-fingerprint::
--    Enable authentication with fingerprint reader through *pam_fprintd*.
--
--with-pam-u2f::
--    Enable authentication via u2f dongle through *pam_u2f*.
--
--with-pam-u2f-2fa::
--    Enable 2nd factor authentication via u2f dongle through *pam_u2f*.
--
--without-pam-u2f-nouserok::
--    Module argument nouserok is omitted if also with-pam-u2f-2fa is used.
--    *WARNING*: Omitting nouserok argument means that users without pam-u2f
--    authentication configured will not be able to log in *INCLUDING* root.
--    Make sure you are able to log in before losing root privileges.
--
--with-silent-lastlog::
--    Do not produce pam_lastlog message during login.
--
--with-pamaccess::
--    Check access.conf during account authorization.
--
--with-nispwquality::
--    If this option is set pam_pwquality module will check password quality
--    for NIS users as well as local users during password change. Without this
--    option only local users passwords are checked.
--
--without-nullok::
--    Do not add nullok parameter to pam_unix.
--
--DISABLE SPECIFIC NSSWITCH DATABASES
-------------------------------------
--
--Normally, nsswitch databases set by the profile overwrites values set in
--user-nsswitch.conf. The following options can force authselect to
--ignore value set by the profile and use the one set in user-nsswitch.conf
--instead.
--
--with-custom-aliases::
--Ignore "aliases" map set by the profile.
--
--with-custom-automount::
--Ignore "automount" map set by the profile.
--
--with-custom-ethers::
--Ignore "ethers" map set by the profile.
--
--with-custom-group::
--Ignore "group" map set by the profile.
--
--with-custom-hosts::
--Ignore "hosts" map set by the profile.
--
--with-custom-initgroups::
--Ignore "initgroups" map set by the profile.
--
--with-custom-netgroup::
--Ignore "netgroup" map set by the profile.
--
--with-custom-networks::
--Ignore "networks" map set by the profile.
--
--with-custom-passwd::
--Ignore "passwd" map set by the profile.
--
--with-custom-protocols::
--Ignore "protocols" map set by the profile.
--
--with-custom-publickey::
--Ignore "publickey" map set by the profile.
--
--with-custom-rpc::
--Ignore "rpc" map set by the profile.
--
--with-custom-services::
--Ignore "services" map set by the profile.
--
--with-custom-shadow::
--Ignore "shadow" map set by the profile.
--
--EXAMPLES
----------
--* Enable NIS with no additional modules
--
--  authselect select nis
--
--* Enable NIS and create home directories for users on their first login
--
--  authselect select nis with-mkhomedir
-diff --git a/profiles/nis/REQUIREMENTS b/profiles/nis/REQUIREMENTS
-deleted file mode 100644
-index c58aa2789f4ef064b7904cacf4fc3158dce7ad41..0000000000000000000000000000000000000000
---- a/profiles/nis/REQUIREMENTS
-+++ /dev/null
-@@ -1,13 +0,0 @@
--Make sure that NIS service is configured and enabled. See NIS documentation for more information.
--                                                                                          {include if "with-fingerprint"}
--- with-fingerprint is selected, make sure fprintd service is configured and enabled       {include if "with-fingerprint"}
--                                                                                          {include if "with-pam-u2f"}
--- with-pam-u2f is selected, make sure that the pam u2f module is installed                {include if "with-pam-u2f"}
--  - users can then configure keys using the pamu2fcfg tool                                {include if "with-pam-u2f"}
--                                                                                          {include if "with-pam-u2f-2fa"}
--- with-pam-u2f-2fa is selected, make sure that the pam u2f module is installed            {include if "with-pam-u2f-2fa"}
--  - users can then configure keys using the pamu2fcfg tool                                {include if "with-pam-u2f-2fa"}
--                                                                                          {include if "with-mkhomedir"}
--- with-mkhomedir is selected, make sure pam_oddjob_mkhomedir module                       {include if "with-mkhomedir"}
--  is present and oddjobd service is enabled and active                                    {include if "with-mkhomedir"}
--  - systemctl enable --now oddjobd.service                                                {include if "with-mkhomedir"}
 diff --git a/profiles/nis/dconf-db b/profiles/nis/dconf-db
 deleted file mode 100644
 index bd32b2819f66acdc75ab0fc522ec85673d10ed72..0000000000000000000000000000000000000000
@@ -232,20 +93,20 @@ index 04a11f049bc1e220c9064fba7b46eb243ddd4996..00000000000000000000000000000000
 -session     [default=1]                pam_lastlog.so nowtmp {if "with-silent-lastlog":silent|showfailed}
 -session     optional                   pam_lastlog.so silent noupdate showfailed
 diff --git a/rpm/authselect.spec.in b/rpm/authselect.spec.in
-index 628d6c91e9b3b4448787915fc1f9ac42f445bfc6..a0d508a716603771878781a62168fe0a71207f66 100644
+index f8539d5a028da1a7184b47609a8efdb5ce0be14e..95da183a41a29f7913a0a255a94070908ed9a66c 100644
 --- a/rpm/authselect.spec.in
 +++ b/rpm/authselect.spec.in
-@@ -155,7 +155,6 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \;
+@@ -165,7 +165,6 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \;
  %dir %{_datadir}/authselect/vendor
  %dir %{_datadir}/authselect/default
  %dir %{_datadir}/authselect/default/minimal/
 -%dir %{_datadir}/authselect/default/nis/
  %dir %{_datadir}/authselect/default/sssd/
  %dir %{_datadir}/authselect/default/winbind/
- %{_datadir}/authselect/default/minimal/nsswitch.conf
+ %{_datadir}/authselect/default/minimal/dconf-db
-@@ -164,15 +163,6 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \;
+@@ -178,16 +177,6 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \;
- %{_datadir}/authselect/default/minimal/README
  %{_datadir}/authselect/default/minimal/REQUIREMENTS
+ %{_datadir}/authselect/default/minimal/smartcard-auth
  %{_datadir}/authselect/default/minimal/system-auth
 -%{_datadir}/authselect/default/nis/dconf-db
 -%{_datadir}/authselect/default/nis/dconf-locks
@@ -255,15 +116,16 @@ index 628d6c91e9b3b4448787915fc1f9ac42f445bfc6..a0d508a716603771878781a62168fe0a
 -%{_datadir}/authselect/default/nis/postlogin
 -%{_datadir}/authselect/default/nis/README
 -%{_datadir}/authselect/default/nis/REQUIREMENTS
+-%{_datadir}/authselect/default/nis/smartcard-auth
 -%{_datadir}/authselect/default/nis/system-auth
  %{_datadir}/authselect/default/sssd/dconf-db
  %{_datadir}/authselect/default/sssd/dconf-locks
  %{_datadir}/authselect/default/sssd/fingerprint-auth
 diff --git a/src/compat/authcompat.py.in.in b/src/compat/authcompat.py.in.in
-index 4e39b7ec66d0e2ba911c7280467ba78fd29c196c..7c0fdf341212250f03dc14ddf6680e90da8e217e 100755
+index 55e205bae2c0b1f7892f8b286c288dfeaa26a60d..c6d1f2786c233f7ebdbfe5f2503aa0016012aee0 100755
 --- a/src/compat/authcompat.py.in.in
 +++ b/src/compat/authcompat.py.in.in
-@@ -240,20 +240,6 @@ class Configuration:
+@@ -243,20 +243,6 @@ class Configuration:
  
              config.write(keys)
  
@@ -284,7 +146,7 @@ index 4e39b7ec66d0e2ba911c7280467ba78fd29c196c..7c0fdf341212250f03dc14ddf6680e90
      class SSSD(Base):
          def __init__(self, options):
              super(Configuration.SSSD, self).__init__(options, ServiceName="sssd")
-@@ -375,83 +361,6 @@ class Configuration:
+@@ -378,83 +364,6 @@ class Configuration:
              # other applications may depend on it.
              return
  
@@ -368,16 +230,16 @@ index 4e39b7ec66d0e2ba911c7280467ba78fd29c196c..7c0fdf341212250f03dc14ddf6680e90
  class AuthCompat:
      def __init__(self):
          self.sysconfig = EnvironmentFile(Path.System('authconfig'))
-@@ -533,8 +442,6 @@ class AuthCompat:
+@@ -538,8 +447,6 @@ class AuthCompat:
-         if (self.options.getBool("ldap") or self.options.getBool("ldapauth") or
+                 or self.options.getBool("sssd")
-                 self.options.getBool("sssd") or self.options.getBool("sssdauth")):
+                 or self.options.getBool("sssdauth")):
              profile = "sssd"
 -        elif self.options.getBool("nis"):
 -            profile = "nis"
          elif self.options.getBool("winbind"):
              profile = "winbind"
  
-@@ -591,13 +498,11 @@ class AuthCompat:
+@@ -596,13 +503,11 @@ class AuthCompat:
      def writeConfiguration(self):
          configs = [
              Configuration.LDAP(self.options),
@@ -392,33 +254,33 @@ index 4e39b7ec66d0e2ba911c7280467ba78fd29c196c..7c0fdf341212250f03dc14ddf6680e90
  
          for config in configs:
 diff --git a/src/compat/authcompat_Options.py b/src/compat/authcompat_Options.py
-index 433a3340bac29739174e78928701214c08ec6f3c..2712d85a377ee92c7816e3d2284302307084b0c4 100644
+index 5c8b21b55014198d6d9dfc98bd807c3c922b06f4..79ead60fa9edc1244227e3b69df025471b7c7991 100644
 --- a/src/compat/authcompat_Options.py
 +++ b/src/compat/authcompat_Options.py
 @@ -79,9 +79,6 @@ class Options:
          # However, they will just make sure that an authentication against
          # expected service is working. They may not result in the exact same
          # configuration as authconfig would generate.
--        Option.Feature("nis",             _("NIS for user information by default")),
+-        Option.Feature("nis", _("NIS for user information by default")),
--        Option.Valued ("nisdomain",       _("<domain>"), _("default NIS domain")),
+-        Option.Valued("nisdomain", _("<domain>"), _("default NIS domain")),
--        Option.Valued ("nisserver",       _("<server>"), _("default NIS server")),
+-        Option.Valued("nisserver", _("<server>"), _("default NIS server")),
-         Option.Feature("ldap",            _("LDAP for user information by default")),
+         Option.Feature("ldap", _("LDAP for user information by default")),
-         Option.Feature("ldapauth",        _("LDAP for authentication by default")),
+         Option.Feature("ldapauth", _("LDAP for authentication by default")),
-         Option.Valued ("ldapserver",      _("<server>"), _("default LDAP server hostname or URI")),
+         Option.Valued("ldapserver", _("<server>"), _("default LDAP server hostname or URI")),
 @@ -164,6 +161,11 @@ class Options:
          Option.UnsupportedFeature("locauthorize"),
          Option.UnsupportedFeature("sysnetauth"),
-         Option.UnsupportedValued ("faillockargs", _("<options>")),
+         Option.UnsupportedValued("faillockargs", _("<options>")),
 +
 +        # NIS is no longer supported
 +        Option.UnsupportedFeature("nis"),
-+        Option.UnsupportedValued ("nisdomain", _("<domain>")),
++        Option.UnsupportedValued("nisdomain", _("<domain>")),
-+        Option.UnsupportedValued ("nisserver", _("<server>")),
++        Option.UnsupportedValued("nisserver", _("<server>")),
      ]
  
      Map = {
 diff --git a/src/man/authselect-migration.7.adoc b/src/man/authselect-migration.7.adoc
-index a27af036738274d8d392f7fe1f7d59c89e9c4ffb..515104b160d956d04b9ec8cacd25d166983e02d5 100644
+index 888cd4e5a0750d4e1aa5898887f5f7fd42472741..d9777b9b473859d7ec532f39f7e14bd81c4f1b90 100644
 --- a/src/man/authselect-migration.7.adoc
 +++ b/src/man/authselect-migration.7.adoc
 @@ -72,7 +72,7 @@ configuration file for required services.
@@ -431,5 +293,5 @@ index a27af036738274d8d392f7fe1f7d59c89e9c4ffb..515104b160d956d04b9ec8cacd25d166
  
  .Relation of authconfig options to authselect profile features
 -- 
-2.20.1
+2.34.1
 

SOURCES/9003-rhel9-sssd-default-to-files-first-for-users-and-grou.patch

@@ -1,58 +0,0 @@
-From 9fc2d8061c811c4522484f4cb62a2025fe9282b2 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Thu, 18 Feb 2021 13:38:53 +0100
-Subject: [PATCH 3/3] rhel9: sssd: default to files first for users and groups
-
-The passwd and group databases will now default to files first.
-The order "sss files" can be enabled with "with-files-provider"
-feature.
----
- profiles/sssd/README        | 5 +++++
- profiles/sssd/REQUIREMENTS  | 4 ++++
- profiles/sssd/nsswitch.conf | 4 ++--
- 3 files changed, 11 insertions(+), 2 deletions(-)
-
-diff --git a/profiles/sssd/README b/profiles/sssd/README
-index ac063e8d065d0488279dc2381bdd7f8ac361bfcb..699d490b90710a53c3959f196b9ef435149a4bd0 100644
---- a/profiles/sssd/README
-+++ b/profiles/sssd/README
-@@ -76,6 +76,11 @@ with-sudo::
- with-pamaccess::
-     Check access.conf during account authorization.
- 
-+with-files-domain::
-+    If set, SSSD will be contacted before "files" when resolving users and
-+    groups. The order in nsswitch.conf will be set to "sss files" instead of
-+    "files sss" for passwd and group maps.
-+
- with-files-access-provider::
-     If set, account management for local users is handled also by pam_sss. This
-     is needed if there is an explicitly configured domain with id_provider=files
-diff --git a/profiles/sssd/REQUIREMENTS b/profiles/sssd/REQUIREMENTS
-index cbffac54bbd2598c2a53cd3014ebeb271dad9c57..ba3b3bd0fa143c3cc74d00faaf6ff94a2b4aaf84 100644
---- a/profiles/sssd/REQUIREMENTS
-+++ b/profiles/sssd/REQUIREMENTS
-@@ -14,3 +14,7 @@ Make sure that SSSD service is configured and enabled. See SSSD documentation fo
- - with-mkhomedir is selected, make sure pam_oddjob_mkhomedir module                       {include if "with-mkhomedir"}
-   is present and oddjobd service is enabled and active                                    {include if "with-mkhomedir"}
-   - systemctl enable --now oddjobd.service                                                {include if "with-mkhomedir"}
-+                                                                                          {include if "with-files-domain"}
-+- with-files-domain is selected, make sure the files provider is enabled in SSSD          {include if "with-files-domain"}
-+  - set enable_files_domain=true in [sssd] section of /etc/sssd/sssd.conf                 {include if "with-files-domain"}
-+  - or create a custom domain with id_provider=files                                      {include if "with-files-domain"}
-\ No newline at end of file
-diff --git a/profiles/sssd/nsswitch.conf b/profiles/sssd/nsswitch.conf
-index 9734bbbe68e7cf73a4a560e3573162d353e551e8..91c9fe9ef60fde07d55269247c885db0f738c776 100644
---- a/profiles/sssd/nsswitch.conf
-+++ b/profiles/sssd/nsswitch.conf
-@@ -1,5 +1,5 @@
--passwd:     sss files systemd   {exclude if "with-custom-passwd"}
--group:      sss files systemd   {exclude if "with-custom-group"}
-+passwd:     {if "with-files-domain":sss files|files sss} systemd   {exclude if "with-custom-passwd"}
-+group:      {if "with-files-domain":sss files|files sss} systemd   {exclude if "with-custom-group"}
- netgroup:   sss files           {exclude if "with-custom-netgroup"}
- automount:  sss files           {exclude if "with-custom-automount"}
- services:   sss files           {exclude if "with-custom-services"}
--- 
-2.29.2
-

SPECS/authselect.spec

@@ -2,24 +2,19 @@
 %define _empty_manifest_terminate_build 0
 
 Name:           authselect
-Version:        1.2.3
+Version:        1.2.5
-Release:        7%{?dist}
+Release:        1%{?dist}
 Summary:        Configures authentication and identity sources from supported profiles
 URL:            https://github.com/authselect/authselect
 
 License:        GPLv3+
 Source0:        %{url}/archive/%{version}/%{name}-%{version}.tar.gz
 
-Patch0001: 0001-lib-avoid-freeing-uninitialized-variable-in-authsele.patch
-
 ### Downstream Patches ###
-%if 0%{?rhel}
+Patch0901:  0901-rhel9-remove-mention-of-Fedora-Change-page-in-compat.patch
-Patch9001: 9001-rhel9-remove-mention-of-Fedora-Change-page-in-compat.patch
+Patch0902:  0902-rhel9-remove-ecryptfs-support.patch
-Patch9002: 9002-rhel9-remove-ecryptfs-support.patch
+Patch0903:  0903-rhel9-Revert-profiles-add-support-for-resolved.patch
-Patch9003: 9003-rhel9-sssd-default-to-files-first-for-users-and-grou.patch
+Patch0904:  0904-rhel9-remove-nis-support.patch
-Patch9004: 9004-rhel9-remove-support-for-for-resolved.patch
-Patch0005: 9005-rhel9-remove-nis-support.patch
-%endif
 
 %global makedir %{_builddir}/%{name}-%{version}
 
@@ -36,6 +31,7 @@ BuildRequires:  po4a
 BuildRequires:  %{_bindir}/a2x
 BuildRequires:  libcmocka-devel >= 1.0.0
 BuildRequires:  libselinux-devel
+BuildRequires:  python3-devel
 Requires: authselect-libs%{?_isa} = %{version}-%{release}
 Suggests: sssd
 Suggests: samba-winbind
@@ -70,8 +66,6 @@ command line tool and any other potential front-ends.
 Summary: Tool to provide minimum backwards compatibility with authconfig
 Obsoletes: authconfig < 7.0.1-6
 Provides: authconfig
-BuildRequires: python3-devel
-BuildRequires: make
 Requires: authselect%{?_isa} = %{version}-%{release}
 Recommends: oddjob-mkhomedir
 Suggests: sssd
@@ -104,7 +98,7 @@ done
 
 %build
 autoreconf -if
-%configure --with-pythonbin="%{__python3}"
+%configure --with-pythonbin="%{__python3}" --with-compat
 %make_build
 
 %check
@@ -160,11 +154,13 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \;
 %dir %{_datadir}/authselect/default/winbind/
 %{_datadir}/authselect/default/minimal/dconf-db
 %{_datadir}/authselect/default/minimal/dconf-locks
+%{_datadir}/authselect/default/minimal/fingerprint-auth
 %{_datadir}/authselect/default/minimal/nsswitch.conf
 %{_datadir}/authselect/default/minimal/password-auth
 %{_datadir}/authselect/default/minimal/postlogin
 %{_datadir}/authselect/default/minimal/README
 %{_datadir}/authselect/default/minimal/REQUIREMENTS
+%{_datadir}/authselect/default/minimal/smartcard-auth
 %{_datadir}/authselect/default/minimal/system-auth
 %{_datadir}/authselect/default/sssd/dconf-db
 %{_datadir}/authselect/default/sssd/dconf-locks
@@ -184,6 +180,7 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \;
 %{_datadir}/authselect/default/winbind/postlogin
 %{_datadir}/authselect/default/winbind/README
 %{_datadir}/authselect/default/winbind/REQUIREMENTS
+%{_datadir}/authselect/default/winbind/smartcard-auth
 %{_datadir}/authselect/default/winbind/system-auth
 %{_libdir}/libauthselect.so.*
 %{_mandir}/man5/authselect-profiles.5*
@@ -293,6 +290,12 @@ exit 0
 exit 0
 
 %changelog
+* Thu May 5 2022 Pavel Březina <pbrezina@redhat.com> - 1.2.5-1
+- Rebase to 1.2.5 (RHBZ #2080239)
+- backup-restore now works correctly (RHBZ #2070541)
+- add with-subid to sssd profile (RHBZ #2075192)
+- add with-gssapi to sssd profile (RHBZ #2077893)
+
 * Thu Aug 26 2021 Pavel Březina <pbrezina@redhat.com> - 1.2.3-7
 - Avoid freeing uninitialized variable in authselect_apply_changes (rhbz#1970871)