Fedora Release Engineering
0a06c01711
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-07-14 06:42:21 +00:00
Jason Tibbitts
8a13e36b6a
Remove needless use of %defattr
2018-07-10 01:27:54 -05:00
Miro Hrončok
633afe1b94
Rebuilt for Python 3.7
2018-07-02 18:24:19 +02:00
Fabiano Fidêncio
68ef824a5f
Resolves: upstream#3766 - CVE-2018-10852: information leak from the sssd-sudo responder
...
And also ...
- Related: upstream#941 - return multiple server addresses to the Kerberos
locator plugin
- Related: upstream#3652 - kdcinfo doesn't get populated for other domains
- Resolves: upstream#3747 - sss_ssh_authorizedkeys exits abruptly if SSHD
closes its end of the pipe before reading all the
SSH keys
- Resolves: upstream#3607 - Handle conflicting e-mail addresses more gracefully
- Resolves: upstream#3754 - SSSD AD uses LDAP filter to detect POSIX attributes
stored in AD GC also for regular AD DC queries
- Related: upstream#3219 - [RFE] Regular expression used in sssd.conf not being
able to consume an @-sign in the user/group name.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-06-25 09:38:16 +02:00
Fabiano Fidêncio
192e845618
Resolves: rhbz#1591804 - something keeps /lib/libnss_systemd.so.2 open on minimal appliance image, breaking composes
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-06-21 21:38:33 +02:00
Miro Hrončok
d8abd616d9
Rebuilt for Python 3.7
2018-06-19 11:27:58 +02:00
Fabiano Fidêncio
a36f5fea4b
New upstream release 1.16.2
...
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_2.html
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-06-11 13:32:07 +02:00
Fabiano Fidêncio
29d69716ad
Related: upstream#3742 - Change of: User may not run sudo --> a password is required
...
Patch 0017-sudo-ldap-do-not-store-rules-without-sudoHost-attrib.patch
has been commented out as it caused some regressions on IPA tests.
In order to unblock IPA folks, let's revert this patch from Fedora till
we have a proper fix.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-05-28 10:01:23 +02:00
Fabiano Fidêncio
4979898a6e
Revert "Add: "ExcludeArch: armv7hl""
...
This reverts commit bc3790f5a0
.
2018-05-17 17:53:56 +02:00
Fabiano Fidêncio
bc3790f5a0
Add: "ExcludeArch: armv7hl"
...
For some reason still unclear we're *not* able to build SSSD on koji's
buildroot for armv7hl. Some tests have been done and SSSD was built
successfully using real armv7hl hardware, which indicates that we're
facing https://bugzilla.redhat.com/show_bug.cgi?id=1576593
As soon as the bug is resolved, this patch could be safely reverted.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-05-16 21:54:59 +02:00
Fabiano Fidêncio
0a2c83fbd0
Related: upstream#3436 - Certificates used in unit tests have limited lifetime
...
Fix a non harmful warning shown by recent versions of OpenSSL.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-05-16 21:53:46 +02:00
Fabiano Fidêncio
c4f0508af1
Related: upstream#3436 - Add openssl, openssh and nss-tools as BuildRequires
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-05-14 11:36:56 +02:00
Fabiano Fidêncio
5f75f7e4f2
Resolves: upstream#3595 - ID override GID from Default Trust View is not properly resolved in case domain resolution order is set
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-05-14 09:59:20 +02:00
Fabiano Fidêncio
1511bcd8b2
Resolves: upstream#3731 - nss_clear_netgroup_hash_table(): only remove entries from the hash table, do not free them
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-05-14 09:58:02 +02:00
Fabiano Fidêncio
3ad9e211eb
Resolves: upstream#3728 - Request by ID outside the min_id/max_id limit of a first domain does not reach the second domain
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-05-14 09:57:11 +02:00
Fabiano Fidêncio
ed238e28ff
Resolves: upstream#3719 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-05-14 09:56:23 +02:00
Fabiano Fidêncio
97a62b83f1
Related: upstream#2653 - Group renaming issue when "id_provider = ldap" is set.
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-05-14 09:55:43 +02:00
Fabiano Fidêncio
163543f40b
Resolves: upstream#3726 - SSSD with ID provider 'ad' should give a warning in case the ldap schema is manually changed to something different than 'ad'.
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-05-14 09:55:01 +02:00
Fabiano Fidêncio
510134aa02
Resolves: upstream#3725 - sssd not honoring dyndns_server if the DNS update process is terminated with a signal
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-05-14 09:54:10 +02:00
Fabiano Fidêncio
5e1db8fc3e
Related: upstream#3436 - Certificates used in unit tests have limited lifetime
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-05-14 09:53:04 +02:00
Fabiano Fidêncio
5254cdcca5
Resolves: rhbz#1574778 - sssd fails to download known_hosts from freeipa
...
Patch 0018-sysdb-custom-completely-replace-old-object-instead-o.patch
caused a regression, caught by lslebodn and reported by a few users.
Let's comment out this patch for now and uncomment it when we have a fix
that do not cause a regression.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-05-05 21:42:38 +02:00
Fabiano Fidêncio
767645dca2
Add gcc to build dependencies
...
gcc will be revomed from buildroot in fedora 29
http://fedoraproject.org/wiki/Changes/Remove_GCC_from_BuildRoot
Upstream patch from Lukáš Slebodnik <lslebodn@redhat.com>
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-04-27 22:12:12 +02:00
Fabiano Fidêncio
90dd145c92
Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM
...
Also ...
Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data
Provider returned an error
[org.freedesktop.sssd.Error.DataProvider.Fatal]
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-04-27 22:12:12 +02:00
Fabiano Fidêncio
a305fc11b7
Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-04-27 22:12:12 +02:00
Fabiano Fidêncio
b6696d97c4
Document which principal does the AD provider use
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-04-27 22:12:12 +02:00
Fabiano Fidêncio
2dd8451396
Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set.
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-04-27 22:12:12 +02:00
Fabiano Fidêncio
209701ef7f
Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound?
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-04-27 22:12:11 +02:00
Fabiano Fidêncio
3115154117
Improve docs/debug message about GC detection
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-04-27 22:12:11 +02:00
Fabiano Fidêncio
f47c82bc8d
Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-04-27 22:12:11 +02:00
Fabiano Fidêncio
64b69ec813
Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-04-27 22:12:11 +02:00
Fabiano Fidêncio
8d67726a47
Resolves: upstream#3679 - Make nss netgroup requests more robust
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-04-27 22:12:11 +02:00
Fabiano Fidêncio
8565df471c
Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-04-27 22:12:11 +02:00
Fabiano Fidêncio
9709b73a3f
Resolves: upstream#3402 - Support alternative sources for the files provider
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-04-27 22:12:11 +02:00
Fabiano Fidêncio
a7d4f0b3f4
Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-04-27 22:12:11 +02:00
Fabiano Fidêncio
ab53ba849a
IPA: Qualify the externalUser sudo attribute
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-04-27 22:12:11 +02:00
Fabiano Fidêncio
ef1d48a0c2
Tone down shutdown messages for socket activated responders
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-04-27 22:12:11 +02:00
Fabiano Fidêncio
fcff118bbf
Resolves: upstream#3558 - sudo: report error when two rules share cn
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-04-27 22:12:11 +02:00
Fabiano Fidêncio
f3d06df50d
Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-04-27 22:12:10 +02:00
Fabiano Fidêncio
32f2c81e59
A few KCM misc fixes
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-03-30 14:47:05 +02:00
Fabiano Fidêncio
99da72db23
Resolves: upstream#3666 - Fix usage of str.decode() in our test
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-03-30 14:45:42 +02:00
Fabiano Fidêncio
1c7376afc5
Resolves: upstream#3386 - KCM: Payload buffer is too small
...
Related to: rhbz#1494843 - KCM Does not work
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-03-30 14:43:19 +02:00
Fabiano Fidêncio
73735e9522
Resolves: usptream#3687 - KCM: Don't pass a non null terminated string to json_loads()
...
Related to: rhbz#1494843 - KCM Does not work
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-03-30 14:38:32 +02:00
Fabiano Fidêncio
563dd33f72
Resolves: upstream#3658 - Application domain is not interpreted correctly
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-03-30 14:35:59 +02:00
Fabiano Fidêncio
2c812f3cba
Resolves: upstream#3660 - confdb_expand_app_domains() always fails
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-03-30 14:33:25 +02:00
Fabiano Fidêncio
40fe76feb8
Resolves: upstream#3573 - sssd won't show netgroups with blank domai
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-03-30 14:30:01 +02:00
Fabiano Fidêncio
62a3258629
New upstream release 1.16.1
...
https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-03-09 15:42:19 +01:00
Lukas Slebodnik
5eba7a8f1f
Resolves: upstream#3621 - backport bug found by static analyzers
2018-02-20 15:12:59 +01:00
Fabiano Fidêncio
4b1fe8a0ab
Resolves: upstream#3621: FleetCommander integration must not require capability DAC_OVERRIDE
...
Together with the patches backported from upstream, we're changing
the deskprofilepath permissions from 755 to 751, reflecting the
upstream spec file changes.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-02-14 23:03:25 +01:00
Fabiano Fidêncio
199a72e62a
Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-02-14 22:15:04 +01:00
Igor Gnatenko
11c6ee78b8
Remove BuildRoot definition
...
None of currently supported distributions need that.
It was needed last for EL5 which is EOL now
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-02-14 00:40:17 +01:00