Hello community,
here is the log from the commit of package sssd for openSUSE:Factory checked in
at 2018-09-26 14:53:01
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/sssd (Old)
and /work/SRC/openSUSE:Factory/.sssd.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sssd"
Wed Sep 26 14:53:01 2018 rev:90 rq:634696 version:2.0.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/sssd/sssd.changes 2018-07-02
23:29:02.297577514 +0200
+++ /work/SRC/openSUSE:Factory/.sssd.new/sssd.changes 2018-09-26
14:53:03.867140001 +0200
@@ -1,0 +2,57 @@
+Fri Sep 7 18:52:18 UTC 2018 - Jan Engelhardt <jeng...@inai.de>
+
+- Update to new upstream release 2.0.0
+ * The Python API for managing users and groups in local domains
+ (id_provider=local) was removed completely. The local
+ provider (id_provider=local) and the command line tools to
+ manage users and groups in the local domains, such as
+ sss_useradd is not built anymore.
+ * The LDAP provider had a special-case branch for evaluating
+ group memberships with the RFC2307bis schema when group
+ nesting was explicitly disabled. This codepath is removed.
+ * The "ldap_sudo_include_regexp" option changed its default
+ value from true to false. Wildcards in the sudoHost LDAP
+ attribute are no longer evaluated. This was costly to
+ evaluate on the LDAP server side and at the same time rarely
+ used.
+ * The list of PAM services which are allowed to authenticate
+ using a Smart Card is now configurable using a new option
+ pam_p11_allowed_services.
+
+-------------------------------------------------------------------
+Fri Aug 31 07:14:39 UTC 2018 - kbabi...@suse.com
+
+- Update to upstream release 1.16.3
+ * New Features:
+ * kdcinfo files for informing krb5 about discovered KDCs are
+ now also generated for trusted domains in setups that use
+ id_provider=ad and IPA masters in a trust relationship with
+ an AD domain.
+ * The Kerberlos locator plugin can now process multiple
+ address if SSSD generates more than one. A
+ * Bug fixes:
+ * Fixed information leak due to incorrect permissions on
+ /var/lib/sss/pipes/sudo [CVE-2018-10852, bsc#1098377]
+ * Cached password are now stored with a salt. Old ones will be
+ regenerated on next authentication, and the auth server needs
+ to be reachable for that.
+ * The sss_ssh proces leaked file descriptors when converting
+ more than one X.509 certificate to an SSH public key.
+ * The PAC responder is now able to process Domain Local in case
+ the PAC uses SID compression (Windows Server 2012+).
+ * Address the issue that some versions of OpenSSH would close
+ the pipe towards sss_ssh_authorizedkeys when the matching key
+ is found before the rest of the output is read.
+ * User lookups no longer fail if user's e-mail address
+ conflicts with another user's fully qualified name.
+ * The override_shell and override_homedir options are no longer
+ applied to entries from the files domain.
+ * The grace logins with an expired password when authenticating
+ against certain newer versions of the 389DS/RHDS LDAP server
+ did not work.
+- Removed patches that are included upstream now:
+ 0001-SUDO-Create-the-socket-with-stricter-permissions.patch,
+ 0002-intg-Do-not-hardcode-nsslibdir.patch,
+ 0003-Fix-build-for-1-16-2-version.patch
+
+-------------------------------------------------------------------
Old:
----
0001-SUDO-Create-the-socket-with-stricter-permissions.patch
0002-intg-Do-not-hardcode-nsslibdir.patch
0003-Fix-build-for-1-16-2-version.patch
sssd-1.16.2.tar.gz
sssd-1.16.2.tar.gz.asc
New:
----
sssd-2.0.0.tar.gz
sssd-2.0.0.tar.gz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ sssd.spec ++++++
--- /var/tmp/diff_new_pack.d07hW8/_old 2018-09-26 14:53:05.863136939 +0200
+++ /var/tmp/diff_new_pack.d07hW8/_new 2018-09-26 14:53:05.867136933 +0200
@@ -1,7 +1,7 @@
#
# spec file for package sssd
#
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
Name: sssd
-Version: 1.16.2
+Version: 2.0.0
Release: 0
Summary: System Security Services Daemon
License: GPL-3.0+ and LGPL-3.0+
@@ -31,9 +31,6 @@
Source4: sssd.service
Source5: %name.keyring
BuildRoot: %_tmppath/%name-%version-build
-Patch1: 0001-SUDO-Create-the-socket-with-stricter-permissions.patch
-Patch2: 0002-intg-Do-not-hardcode-nsslibdir.patch
-Patch3: 0003-Fix-build-for-1-16-2-version.patch
%define servicename sssd
%define sssdstatedir %_localstatedir/lib/sss
@@ -62,6 +59,8 @@
BuildRequires: nss_wrapper
BuildRequires: uid_wrapper
BuildRequires: check-devel
+BuildRequires: python
+BuildRequires: python-xml
BuildRequires: pkgconfig(augeas) >= 1.0.0
BuildRequires: pkgconfig(collection) >= 0.5.1
BuildRequires: pkgconfig(dbus-1) >= 1.0.0
@@ -367,9 +366,6 @@
%prep
%setup -q
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
%build
%if 0%{?suse_version} < 1210
@@ -483,7 +479,6 @@
%dir %_mandir/??/
%dir %_mandir/??/man[158]/
%_mandir/??/man1/sss_ssh_*
-%_mandir/??/man5/sssd-simple.5*
%_mandir/??/man5/sssd-sudo.5*
%_mandir/??/man8/sssd.8*
%_mandir/??/man5/sss-certmap.5.gz
@@ -507,12 +502,15 @@
%_mandir/man8/sssd.8*
%dir %_libdir/%name/
%_libdir/%name/conf/
+%_libdir/%name/libifp_iface*
%_libdir/%name/libsss_child*
%_libdir/%name/libsss_cert*
%_libdir/%name/libsss_crypt*
%_libdir/%name/libsss_debug*
%_libdir/%name/libsss_files*
+%_libdir/%name/libsss_iface*
%_libdir/%name/libsss_semanage*
+%_libdir/%name/libsss_sbus*
%_libdir/%name/libsss_simple*
%_libdir/%name/libsss_util*
%dir %_libdir/%name/modules/
@@ -644,16 +642,9 @@
%defattr(-,root,root)
%_sbindir/sss_cache
%_sbindir/sss_debuglevel
-%_sbindir/sss_groupadd
-%_sbindir/sss_groupdel
-%_sbindir/sss_groupmod
-%_sbindir/sss_groupshow
%_sbindir/sss_seed
%_sbindir/sss_obfuscate
%_sbindir/sss_override
-%_sbindir/sss_useradd
-%_sbindir/sss_userdel
-%_sbindir/sss_usermod
%dir %_mandir/??/man8/
%_mandir/??/man8/sss_*.8*
%_mandir/man8/sss_*.8*
++++++ sssd-1.16.2.tar.gz -> sssd-2.0.0.tar.gz ++++++
++++ 240337 lines of diff (skipped)
++++++ sssd.keyring ++++++
--- /var/tmp/diff_new_pack.d07hW8/_old 2018-09-26 14:53:07.523134393 +0200
+++ /var/tmp/diff_new_pack.d07hW8/_new 2018-09-26 14:53:07.527134386 +0200
@@ -1,34 +1,29 @@
-pub 1024D/32E7BC25 2007-02-02
-uid Jakub Hrozek <jhro...@redhat.com>
-sub 2048g/132DCA21 2007-02-02
-
+pub 2048R/2250BDFA 2018-08-12 Jakub Hrozek <jhro...@redhat.com>
-----BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v2.0.19 (GNU/Linux)
+Version: SKS 1.1.6
+Comment: Hostname: pgp.mit.edu
-mQGiBEXDdfURBACLDLdnY7LeLJ7fh3HQWojKuMtJGV3tmTRtt58XnEf/FPJae0MU
-XQDAKJM7MDYf0yDNT6Nq6WMQDAIHznFdGRTTSaD97kMeYO11i60FfZ9nM88XJCv0
-R+OiWh8d7ChCG6riv/AUeNtg++casIQNB8xK9HKLFBS1e+q3b+rXTS9crwCg7FWX
-qZoZrm4lPlBZQltfhzdmvn8D/3CyvgtW5hwr7w+ScQcYnBxdVCtMPSEo541Ealjg
-q9Knn4sE9lnGjtG4RCYMT2Sideognk9Ah5nWOGynwta6cluCEqlF6ORJPKpAeqG1
-a2zpn3iSPbUiyRF+udta9sbwL0hsJTcPTGzvDZO/XtMoHSSyPi/Xum6R+jwISv7n
-TMQpA/0efY/Gy/SZrulBgQqKBMbaW2phvgRThph4n31IYrlSB6tAqN0G7VL6AFcs
-iOJZPhu0TNqEOSYE6Mh5/YBwRPnrKMHZYXiKOeUrfjvURVq+l5dTX7KNtbnCrhS+
-Rlgq1uin5L7g8QbAKMns32Mo1MxB5aN0YUL5pTbJuWL0Sb2Kb7QhSmFrdWIgSHJv
-emVrIDxqaHJvemVrQHJlZGhhdC5jb20+iF8EExECACAFAkXDdfUCGwMGCwkIBwMC
-BBUCCAMEFgIDAQIeAQIXgAAKCRAexqt1Mue8JSHBAKCjYF/HshYkJ8pSZTilLO0y
-bMWOFwCYlOqF7icGVDFT42W3CoqLfgajCrkCDQRFw3YAEAgAuqo0FxH1XtdOi/qW
-6v+tWdqYHLj/f0Voqj1cbpS+cODNTaX1/Xf4Jnv6vm4lOG5gIkqD1e5UCpG5pDJv
-MkrpY0lYRr5RGoC29tHZYXfEBVEkdhuU7ZTSQRaoitK5TSwjOj5aKvFSHEjMrCWc
-GSUajECQkRHwZb3HK2wqqBWrJjjjPtj+5cQg+sKp7Zp6xU3iZlMoVfdYi/zGenum
-Cp5SMm8CZZ5gcsNZhjItkTww5K//N6Kz41oMYyHlgh029JD0LHPgKacP3KeEEDzS
-DEx/SSEF4zD/EfLDHehga/n0ZisNmxdxue/BI2Lm7qqGNDtV+qa17pIJ6fPfafbS
-AKYatwAECwf/SuMkZN36UDsoOn06qIrYi5JBss3sOfheJEnqUIEO0JCpyb+fqisd
-qoTJM0G5gFpCvuZOACpzzVv0WjhlMIyPl/7UuP4KYI6LGqAARqNxsHT7FNxT0Uv6
-QR8fGPQqVdFLFBd66EBL9PnOt3RDYwtJlD9cMNUNpzWEXjJ3RCk0lZF2eljpPlu0
-Or53OuiommnhmcmjxR5gvMf4pLqURhEZ2U0ylRiTiTIk0YyIASsDnAf0BClFXz4i
-4qSD6jJloKorRC7Mu87xi1DG4ML+FYC/2d53I8OqHBRhtNUt/GbcthsHDxFq5iVp
-NxwDAX1vr65PWv98pvTMnJmjIDhfgwJMdIhJBBgRAgAJBQJFw3YAAhsMAAoJEB7G
-q3Uy57wllOcAoKkHB3lDFWlUNcSLdRCQxfsCCy7zAJ9GLSU2G0HR+hQVMi2ONorE
-i/EyTA==
-=nO6v
+mQENBFtwK6cBCADYyh4mnEJ7DTKIHsONfEYBJM+OTaRG4DeRIyApnEjxxTLugUBUBUQ/lDAI
+BPDqoB661AAj0b0G2aI6JHlZaxE+npHtxKzulJHPfLs7IbIi7xdHutT3CKEBSKkKabSwgKWz
+wd1B91HXBttAzGKBBPxTE63UeZKSAlpvuO69K9WM5J1qZmkEiwxtJssLoyeZjFiOVK4aRq8F
+qm2O8n56Kz0r8TEkb3bNLr1N1Uq3KlAklX3run0uInjjZAw0V3rTBMHBrE/wsjccnBYp5eDE
+6Ff8NxhD28BqIPQp6NMjsZPVJODo03HdN+y7p+p/ca3XV8X7hG2eF0SNGkuhb7I1D+KPABEB
+AAG0IUpha3ViIEhyb3playA8amhyb3pla0ByZWRoYXQuY29tPokBOAQTAQIAIgUCW3ArpwIb
+AwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQcMFGBiJQvfop3AgAtSyZmkDq5mZm0aw2
+IPboKXLlbaihofsOEewvkc6BjaDNgrSZKwBrdlFv5SVYvue7e/Jl985/bAqbSyM+LWdk77of
+/SVfGQJAWya+nmQegP2GQm9FNFdTcOHpUGUJbxEw0uLOo7r1RDnp7GdwmprzF8XMptI5mRWS
+pxo3c9oFZ8Y1HI2Uz8jyvMN4DD/X9HGNvxGeLv7D3Jz3oDy3O5kLpqH6rDQOiVSCUdw3mjZc
+iqT3QLcT8PZo49/20NqcTgRekWc4mZIuUrqABlzDNzPAr28is2dZ7k0cyOM6p/o7nU6TdDdT
+h7fdRfUp4GWVsXng7r6TKIYqMbKjbnsdi85qm7kBDQRbcCunAQgAzsipKSdm6+/T0Lms24vK
+2j4xxeBn/CfIAu0HGdeJxUhumSLW5pb8/QjxDp6ooDnxODbagSTYlBb5DQIVu4OkRPspdtPs
+qI6ZX92NdeIHbSTAHyj1M7me9TZ/Y1CqcvxYRnjLbI4CH9Kvi5BuMLMk+MirRjDivJgph1Gr
+rwL7NwLXMWX1bm/252ytal4Fw4ZN0CnDmwCCu2TxWvwfYxtNZ5XgDW5qY62594+nPoCmZR+F
+8UuDlRS2tnKC7nyiWilb4+6iNbKL7yWqZt/l0WChIRAbxBzTR4uxk5Mfe3yhhujEgid3PZwK
+OE67YQ5qaYfUOIaWs8nlgf19twL1hfKggwARAQABiQEfBBgBAgAJBQJbcCunAhsMAAoJEHDB
+RgYiUL36HYwH/1j8b6ZMymcxe3DLvcXy7PJWJL5Tn2xhHaUlWONcXYY922gDH+qk12SjHDES
+sEXGU/4nt9ktoiFeRX4KiFHi84znHBF3PqacriMApCueX/HZHOL45VxoUNEqYK33t8MfPsXc
+qaJa2FQznHaSgpMP27DmsJYlANEcMeDEM4jZKYc9L7l7Jz8WlsyYHR8aqfu4NLXXSsUSUNyQ
+PfiUH91djow08X65Rwv+sAABDGQH66oPf45UWIwn54K7iigK+s2j60H68mqYymb1CerDrw6b
+4K3BCsHqalllAeLCsTqn6nVsHF7V6I99dSG3Ij6DK/AYsuWjrJZ1AMpNHgU63CtybUo=
+=uiHO
-----END PGP PUBLIC KEY BLOCK-----
