Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package sssd for openSUSE:Factory checked in at 2025-08-03 13:36:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/sssd (Old) and /work/SRC/openSUSE:Factory/.sssd.new.1085 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sssd" Sun Aug 3 13:36:06 2025 rev:144 rq:1296905 version:2.11.1 Changes: -------- --- /work/SRC/openSUSE:Factory/sssd/sssd.changes 2025-02-05 21:55:46.386218661 +0100 +++ /work/SRC/openSUSE:Factory/.sssd.new.1085/sssd.changes 2025-08-03 13:36:40.169606499 +0200 @@ -1,0 +2,37 @@ +Thu Jul 31 16:15:46 UTC 2025 - Jan Engelhardt <jeng...@inai.de> + +- Update to release 2.11.1 + * Fixed AD users in external groups not being cleared once the + cache expires. + * Fixed `cache_credentials=true` not having any effect. + * Fixed socket activation not having an effect for sssd_pam. + +------------------------------------------------------------------- +Fri Jul 18 09:03:19 UTC 2025 - Jan Engelhardt <jeng...@inai.de> + +- Add logrotate.patch [boo#1246537] + +------------------------------------------------------------------- +Wed Jun 11 14:53:26 UTC 2025 - Samuel Cabrero <scabr...@suse.de> + +- Install file in krb5.conf.d to include sssd krb5 config snippets; + (bsc#1244325); + +------------------------------------------------------------------- +Thu Jun 5 12:14:03 UTC 2025 - Jan Engelhardt <jeng...@inai.de> + +- Update to release 2.11 + * The deprecated tool `sss_ssh_knownhostsproxy` was finally + removed. + * Support for `id_provider = files` was removed. + * SSSD doesn't create any more missing path components of + DIR:/FILE: ccache types while acquiring user's TGT. + * New generic id and auth provider for Identity Providers (IdPs) + for Keycloak/EntraID. [Not enabled in openSUSE for now.] + +------------------------------------------------------------------- +Tue Mar 11 21:35:32 UTC 2025 - Jan Engelhardt <jeng...@inai.de> + +- Run mkdir/rm with verbose mode for the build log + +------------------------------------------------------------------- @@ -1895 +1931,0 @@ - Old: ---- sssd-2.10.2.tar.gz sssd-2.10.2.tar.gz.asc sssd-krb5-common-rpmlintrc New: ---- logrotate.patch sssd-2.11.1.tar.gz sssd-2.11.1.tar.gz.asc sssd-rpmlintrc ----------(New B)---------- New: - Add logrotate.patch [boo#1246537] ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sssd.spec ++++++ --- /var/tmp/diff_new_pack.ey3flG/_old 2025-08-03 13:36:41.261651794 +0200 +++ /var/tmp/diff_new_pack.ey3flG/_new 2025-08-03 13:36:41.261651794 +0200 @@ -17,7 +17,7 @@ Name: sssd -Version: 2.10.2 +Version: 2.11.1 Release: 0 Summary: System Security Services Daemon License: GPL-3.0-or-later AND LGPL-3.0-or-later @@ -28,11 +28,13 @@ Source2: https://github.com/SSSD/sssd/releases/download/%version/%name-%version.tar.gz.asc Source3: baselibs.conf Source5: %name.keyring +Source6: %name-rpmlintrc Patch1: 0001-TOOL-Fix-build-parameter-name-omitted.patch Patch11: krb-noversion.diff Patch12: harden_sssd-ifp.service.patch Patch13: harden_sssd-kcm.service.patch Patch14: symvers.patch +Patch15: logrotate.patch BuildRequires: autoconf >= 2.59 BuildRequires: automake BuildRequires: bind-utils @@ -88,6 +90,7 @@ BuildRequires: pkgconfig(popt) BuildRequires: pkgconfig(python3) BuildRequires: pkgconfig(smbclient) +BuildRequires: pkgconfig(systemd) BuildRequires: pkgconfig(talloc) BuildRequires: pkgconfig(tdb) >= 1.1.3 BuildRequires: pkgconfig(tevent) @@ -438,8 +441,7 @@ --with-subid %else --with-selinux=no \ - --with-libsifp \ - --with-files-provider + --with-libsifp %endif %make_build all @@ -451,26 +453,26 @@ # Copy some defaults %if "%{?_distconfdir}" != "" -install -D -p -m 0600 src/examples/sssd-example.conf "$b/%_distconfdir/sssd/sssd.conf" -install -d -m 0755 "$b/%_distconfdir/sssd/conf.d" +install -Dpvm 0600 src/examples/sssd-example.conf "$b/%_distconfdir/sssd/sssd.conf" +install -dvm 0755 "$b/%_distconfdir/sssd/conf.d" %else -install -D -p -m 0600 src/examples/sssd-example.conf "$b/%_sysconfdir/sssd/sssd.conf" -install -d -m 0755 "$b/%_sysconfdir/sssd/conf.d" +install -Dpm 0600 src/examples/sssd-example.conf "$b/%_sysconfdir/sssd/sssd.conf" +install -dvm 0755 "$b/%_sysconfdir/sssd/conf.d" %endif -install -d "$b/%_unitdir" +install -dv "$b/%_unitdir" %if 0%{?suse_version} > 1500 -install -d "$b/%_distconfdir/logrotate.d" -install -m644 src/examples/logrotate "$b/%_distconfdir/logrotate.d/sssd" -install -d "$b/%_pam_vendordir" +install -dv "$b/%_distconfdir/logrotate.d" +install -vm644 src/examples/logrotate "$b/%_distconfdir/logrotate.d/sssd" +install -dv "$b/%_pam_vendordir" mv "$b/%_pam_confdir/sssd-shadowutils" "$b/%_pam_vendordir" %else -install -d "$b/%_sysconfdir/logrotate.d" -install -m644 src/examples/logrotate "$b/%_sysconfdir/logrotate.d/sssd" +install -dv "$b/%_sysconfdir/logrotate.d" +install -vm644 src/examples/logrotate "$b/%_sysconfdir/logrotate.d/sssd" %endif rm -Rfv "$b/%_initddir" %if 0%{?suse_version} < 1600 -ln -s service "$b/%_sbindir/rcsssd" +ln -sv service "$b/%_sbindir/rcsssd" %endif mkdir -pv "$b/%sssdstatedir/mc" @@ -478,8 +480,8 @@ %find_lang %name --all-name # dummy target for cifs-idmap-plugin -mkdir -p %{buildroot}%{_sysconfdir}/cifs-utils -ln -s -f %{cifs_idmap_lib} %{buildroot}%{cifs_idmap_plugin} +mkdir -pv %buildroot/%_sysconfdir/cifs-utils +ln -sfv %cifs_idmap_lib %buildroot/%cifs_idmap_plugin %python3_fix_shebang %if 0%{?suse_version} > 1600 @@ -490,16 +492,16 @@ %endif echo 'u sssd - "System Security Services Daemon" /run/sssd /sbin/nologin' >system-user-sssd.conf -mkdir -p "$b/%_sysusersdir" -cp -a system-user-sssd.conf "$b/%_sysusersdir/" +mkdir -pv "$b/%_sysusersdir" +cp -av system-user-sssd.conf "$b/%_sysusersdir/" %sysusers_generate_pre system-user-sssd.conf random system-user-sssd.conf -install -Dpm 0644 contrib/sssd-tmpfiles.conf "%buildroot/%_tmpfilesdir/%name.conf" +install -Dpvm 0644 contrib/sssd-tmpfiles.conf "%buildroot/%_tmpfilesdir/%name.conf" # # Security considerations for capabilities, chown and stuff: # https://www.openwall.com/lists/oss-security/2024/12/19/1 # # should match entry from %%files list -mkdir -p "$b/%permissions_path" +mkdir -pv "$b/%permissions_path" cat >"$b/%permissions_path/sssd" <<-EOF %_libexecdir/sssd/sssd_pam root:sssd 0750 +capabilities cap_dac_read_search=p @@ -511,6 +513,10 @@ +capabilities cap_dac_read_search=p EOF +mkdir -pv "$b/%_sysconfdir/krb5.conf.d" +ln -sv %_datadir/%name/krb5-snippets/enable_sssd_conf_dir \ + "$b/%_sysconfdir/krb5.conf.d/enable_sssd_conf_dir" + %check # sss_config-tests fails %make_build check || : @@ -669,12 +675,8 @@ %_mandir/??/man1/sss_ssh_* %_mandir/??/man5/sss-certmap.5* %_mandir/??/man5/sssd-ad.5* -%if 0%{?suse_version} < 1600 -%_mandir/??/man5/sssd-files.5* -%endif %_mandir/??/man5/sssd-ldap-attributes.5* %_mandir/??/man5/sssd-session-recording.5* -%_mandir/??/man5/sssd-simple.5* %_mandir/??/man5/sssd-sudo.5* %_mandir/??/man5/sssd-systemtap.5* %_mandir/??/man5/sssd.conf.5* @@ -682,9 +684,6 @@ %_mandir/??/man8/sssd.8* %_mandir/man1/sss_ssh_* %_mandir/man5/sss-certmap.5* -%if 0%{?suse_version} < 1600 -%_mandir/man5/sssd-files.5* -%endif %_mandir/man5/sssd-ldap-attributes.5* %_mandir/man5/sssd-session-recording.5* %_mandir/man5/sssd-simple.5* @@ -698,9 +697,6 @@ %_libdir/%name/libsss_cert* %_libdir/%name/libsss_crypt* %_libdir/%name/libsss_debug* -%if 0%{?suse_version} < 1600 -%_libdir/%name/libsss_files* -%endif %_libdir/%name/libsss_iface* %_libdir/%name/libsss_sbus* %_libdir/%name/libsss_simple* @@ -727,7 +723,6 @@ %attr(755,%sssd_user,%sssd_user) %dir %pipepath/ %attr(700,%sssd_user,%sssd_user) %dir %pipepath/private/ %attr(755,%sssd_user,%sssd_user) %dir %pubconfpath/ -%attr(755,%sssd_user,%sssd_user) %dir %pubconfpath/krb5.include.d %attr(755,%sssd_user,%sssd_user) %dir %gpocachepath/ %attr(755,%sssd_user,%sssd_user) %dir %mcpath/ %attr(700,%sssd_user,%sssd_user) %dir %keytabdir/ @@ -754,22 +749,16 @@ %_datadir/%name/sssd.api.conf %dir %_datadir/%name/sssd.api.d/ %_datadir/%name/sssd.api.d/sssd-simple.conf -%if 0%{?suse_version} < 1600 -%_datadir/%name/sssd.api.d/sssd-files.conf -%else -%exclude %_mandir/*/*/sssd-files.5.gz -%endif %attr(775,%sssd_user,%sssd_user) %ghost %dir %_rundir/sssd %doc src/examples/sssd.conf # -# sssd-client +# %%files sssd-client # %_libdir/libnss_sss.so.2 %_pam_moduledir/pam_sss.so %_pam_moduledir/pam_sss_gss.so %_libdir/krb5/ %_libdir/%name/modules/sssd_krb5_localauth_plugin.so -%exclude %_libdir/%name/modules/sssd_krb5_idp_plugin.so %if 0%{?suse_version} >= 1600 %_libdir/libsubid_sss.so %endif @@ -781,7 +770,12 @@ %_mandir/man8/sssd_krb5_localauth_plugin.8* %_mandir/??/man8/sssd_krb5_localauth_plugin.8* %_mandir/man8/sssd_krb5_locator_plugin.8* - +# +# %%files sssd-idp +# +%exclude %_libdir/sssd/libsss_idp.so +%exclude %_libdir/%name/modules/sssd_krb5_idp_plugin.so +%exclude %_mandir/man5/sssd-idp* %files ad %dir %_libdir/%name/ @@ -832,7 +826,6 @@ %dir %_libdir/%name/ %_libdir/%name/libsss_krb5.so %dir %_datadir/%name/ -%exclude %_datadir/%name/krb5-snippets/ %dir %_datadir/%name/sssd.api.d/ %_datadir/%name/sssd.api.d/sssd-krb5.conf %dir %_mandir/??/ @@ -841,11 +834,16 @@ %_mandir/??/man5/sssd-krb5.5* %files krb5-common +%attr(755,root,root) %dir %pubconfpath/krb5.include.d +%config(noreplace,missingok) %{_sysconfdir}/krb5.conf.d/enable_sssd_conf_dir %dir %_libdir/%name/ %_libdir/%name/libsss_krb5_common.so %dir %_libexecdir/%name/ %attr(750,root,%sssd_user) %caps(cap_dac_read_search,cap_setgid,cap_setuid=p) %_libexecdir/%name/krb5_child %attr(750,root,%sssd_user) %caps(cap_dac_read_search=p) %_libexecdir/%name/ldap_child +%dir %{_datadir}/sssd/krb5-snippets +%_datadir/%name/krb5-snippets/enable_sssd_conf_dir +%_datadir/%name/krb5-snippets/sssd_enable_idp %files ldap %dir %_libdir/%name/ @@ -931,16 +929,6 @@ %_libdir/libsss_nss_idmap.so %_libdir/pkgconfig/sss_nss_idmap.pc -%if 0%{?suse_version} < 1600 -%files -n libsss_simpleifp0 -%_libdir/libsss_simpleifp.so.0* - -%files -n libsss_simpleifp-devel -%_includedir/sss_sifp*.h -%_libdir/libsss_simpleifp.so -%_libdir/pkgconfig/sss_simpleifp.pc -%endif - %files -n python3-ipa_hbac %dir %python3_sitearch %python3_sitearch/pyhbac.so ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.ey3flG/_old 2025-08-03 13:36:41.301653453 +0200 +++ /var/tmp/diff_new_pack.ey3flG/_new 2025-08-03 13:36:41.305653619 +0200 @@ -1,5 +1,5 @@ -mtime: 1738574756 -commit: 0dd76c3fb1e8976e3f2203732d255929ddd4647604210f34bc9970c9c866a7c6 +mtime: 1753994117 +commit: 0e0d1361c8452d81d3f95f3e2e6ee1170e16356d1e2c4145af472ea204b6b873 url: https://src.opensuse.org/jengelh/sssd revision: master ++++++ build.specials.obscpio ++++++ ++++++ logrotate.patch ++++++ From: Jan Engelhardt <e...@inai.de> Date: 2025-07-18 11:02:24.078457348 +0200 References: https://bugzilla.suse.com/show_bug.cgi?id=1246537 References: https://github.com/SSSD/sssd/issues/8041 --- src/examples/logrotate.in | 3 +-- src/sysv/systemd/sssd-kcm.service.in | 1 + src/sysv/systemd/sssd.service.in | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) Index: sssd-2.11.1/src/examples/logrotate.in =================================================================== --- sssd-2.11.1.orig/src/examples/logrotate.in +++ sssd-2.11.1/src/examples/logrotate.in @@ -8,7 +8,6 @@ delaycompress su @SSSD_USER@ @SSSD_USER@ postrotate - /bin/kill -HUP `cat @pidpath@/sssd.pid 2>/dev/null` 2> /dev/null || true - /bin/pkill -HUP sssd_kcm 2> /dev/null || true + /usr/bin/systemctl try-reload-or-restart sssd sssd_kcm endscript } Index: sssd-2.11.1/src/sysv/systemd/sssd-kcm.service.in =================================================================== --- sssd-2.11.1.orig/src/sysv/systemd/sssd-kcm.service.in +++ sssd-2.11.1/src/sysv/systemd/sssd-kcm.service.in @@ -32,6 +32,7 @@ ExecStartPre=+-/bin/chmod -f g+x @sssdco ExecStartPre=+-/bin/sh -c "/bin/chown -f -h @SSSD_USER@:@SSSD_USER@ @secdbpath@/*.ldb" ExecStartPre=+-/bin/sh -c "/bin/chown -f -h @SSSD_USER@:@SSSD_USER@ @logpath@/sssd_kcm.log*" ExecStart=@libexecdir@/sssd/sssd_kcm ${DEBUG_LOGGER} +ExecReload=kill -HUP $MAINPID CapabilityBoundingSet= CAP_DAC_READ_SEARCH CAP_SETGID CAP_SETUID SecureBits=noroot noroot-locked User=@SSSD_USER@ Index: sssd-2.11.1/src/sysv/systemd/sssd.service.in =================================================================== --- sssd-2.11.1.orig/src/sysv/systemd/sssd.service.in +++ sssd-2.11.1/src/sysv/systemd/sssd.service.in @@ -21,6 +21,7 @@ ExecStartPre=+-/bin/sh -c "/bin/chown -f ExecStartPre=+-/bin/chown -f -R -h @SSSD_USER@:@SSSD_USER@ @gpocachepath@ ExecStartPre=+-/bin/sh -c "/bin/chown -f -h @SSSD_USER@:@SSSD_USER@ @logpath@/*.log*" ExecStart=@sbindir@/sssd -i ${DEBUG_LOGGER} +ExecReload=kill -HUP $MAINPID Type=notify NotifyAccess=main Restart=on-abnormal ++++++ sssd-2.10.2.tar.gz -> sssd-2.11.1.tar.gz ++++++ /work/SRC/openSUSE:Factory/sssd/sssd-2.10.2.tar.gz /work/SRC/openSUSE:Factory/.sssd.new.1085/sssd-2.11.1.tar.gz differ: char 28, line 1 ++++++ sssd-rpmlintrc ++++++ # See https://github.com/SSSD/sssd/pull/7794 for details addFilter("E: missing-call-to-setgroups-before-setuid")
