Hello community,
here is the log from the commit of package sssd for openSUSE:Factory checked in
at 2014-11-04 17:27:34
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/sssd (Old)
and /work/SRC/openSUSE:Factory/.sssd.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sssd"
Changes:
--------
--- /work/SRC/openSUSE:Factory/sssd/sssd.changes 2014-08-25
11:54:27.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.sssd.new/sssd.changes 2014-11-04
17:27:55.000000000 +0100
@@ -1,0 +2,64 @@
+Thu Oct 30 12:22:06 UTC 2014 - jeng...@inai.de
+
+- Update to new upstream release 1.12.2 (bugfix release, bnc#900159)
+* Fixed a regression where the IPA provider did not fetch User
+ Private Groups correctly
+* An important bug in the GPO access control which resulted in a
+ wrong principal being used, was fixed.
+* Several new options are available for deployments that need to
+ restrict a certain PAM service from connecting to a certain SSSD
+ domain. For more details, see the description of
+ pam_trusted_users and pam_public_domains options in the
+ sssd.conf(5) man page and the domains option in the pam_sss(8)
+ man page.
+* When SSSD is acting as an IPA client in setup with trusted AD
+ domains, it is able to return group members or full group
+ memberships for users from trusted AD domains.
+* Support for the "views" feature of IPA.
+- Remove 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch
+ (merged upstream)
+
+-------------------------------------------------------------------
+Sat Oct 11 13:36:48 UTC 2014 - jeng...@inai.de
+
+- Add 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch
+ to workaround bad autoconf invocation
+
+-------------------------------------------------------------------
+Sat Oct 11 00:16:15 UTC 2014 - crrodrig...@opensuse.org
+
+- 0001-build-detect-endianness-at-configure-time.patch
+ Correct defective endianness test.
+
+-------------------------------------------------------------------
+Mon Oct 6 13:25:23 UTC 2014 - jeng...@inai.de
+
+- Update to new upstream release 1.12.1
+* The GPO access control was further enhanced to allow the access
+ control decisions while offline and map the Windows logon
+ rights onto Linux PAM services.
+* The SSSD now ships a plugin for the rpc.idmapd daemon,
+ sss_rpcidmapd(5).
+* A MIT Kerberos localauth plugin was added to SSSD. This plugin
+ helps translating principals to user names in IPA-AD trust
+ scenarios, allowing the krb5.conf configuration to be less
+ complex.
+* A libwbclient plugin implementation is now part of the SSSD.
+ The main purpose is to map Active Directory users and groups
+ identified by their SID to POSIX users and groups for the
+ file-server use-case.
+* Active Directory users ca nnow use their User Logon Name to log
+ in.
+* The sss_cache tool was enhanced to allow invalidating the SSH
+ host keys.
+* Groups without full POSIX information can now be used to enroll
+ group membership (CVE-2014-0249).
+* Detection of transition from offline to online state was
+ improved, resulting in fewer timeouts when SSSD is offline.
+* The Active Directory provider now correctly detects Windows
+ Server 2012 R2. Previous versions would fall back to the slower
+ non-AD path with 2012 R2.
+* Several other bugs related to deployments where SSSD is acting
+ as an AD client were fixed.
+
+-------------------------------------------------------------------
Old:
----
sssd-1.12.0.tar.gz
sssd-1.12.0.tar.gz.asc
New:
----
sssd-1.12.2.tar.gz
sssd-1.12.2.tar.gz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ sssd.spec ++++++
--- /var/tmp/diff_new_pack.qfWRhq/_old 2014-11-04 17:27:58.000000000 +0100
+++ /var/tmp/diff_new_pack.qfWRhq/_new 2014-11-04 17:27:58.000000000 +0100
@@ -17,7 +17,7 @@
Name: sssd
-Version: 1.12.0
+Version: 1.12.2
Release: 0
Summary: System Security Services Daemon
License: GPL-3.0+ and LGPL-3.0+
@@ -39,23 +39,29 @@
%define pipepath %sssdstatedir/pipes
%define pubconfpath %sssdstatedir/pubconf
-%if %suse_version <= 1110
-# SLES11 doesn't know the python_* macros
-%define python_sitelib %py_sitedir
-%define python_sitearch %py_sitedir
-%endif
-
BuildRequires: autoconf >= 2.59
BuildRequires: automake
BuildRequires: bind-utils
BuildRequires: cifs-utils-devel
BuildRequires: cyrus-sasl-devel
BuildRequires: docbook-xsl-stylesheets
+%if 0%{?suse_version} >= 1320
+BuildRequires: krb5-devel >= 1.12
+%define have_localauth 1
+%else
BuildRequires: krb5-devel
+%define have_localauth 0
+%endif
BuildRequires: libsmbclient-devel
BuildRequires: libtool
+BuildRequires: libxml2-tools
+BuildRequires: libxslt-tools
+BuildRequires: nscd
+BuildRequires: openldap2-devel
+BuildRequires: pam-devel
+BuildRequires: pkg-config
BuildRequires: pkgconfig >= 0.21
-%if 0%{?suse_version} >= 1210
+BuildRequires: systemd-rpm-macros
BuildRequires: pkgconfig(augeas) >= 1.0.0
BuildRequires: pkgconfig(collection) >= 0.5.1
BuildRequires: pkgconfig(dbus-1) >= 1.0.0
@@ -64,54 +70,22 @@
BuildRequires: pkgconfig(ini_config) >= 1.1.0
BuildRequires: pkgconfig(ldb) >= 0.9.2
BuildRequires: pkgconfig(libcares)
+BuildRequires: pkgconfig(libcrypto)
+BuildRequires: pkgconfig(libnfsidmap)
BuildRequires: pkgconfig(libnl-3.0) >= 3.0
BuildRequires: pkgconfig(libnl-route-3.0) >= 3.0
BuildRequires: pkgconfig(libpcre) >= 7
+BuildRequires: pkgconfig(libsystemd-login)
BuildRequires: pkgconfig(ndr_nbt)
-BuildRequires: pkgconfig(openssl)
BuildRequires: pkgconfig(popt)
BuildRequires: pkgconfig(python)
BuildRequires: pkgconfig(talloc)
BuildRequires: pkgconfig(tdb) >= 1.1.3
BuildRequires: pkgconfig(tevent)
-%else
-BuildRequires: augeas-devel
-BuildRequires: dbus-1-devel >= 1.0.0
-BuildRequires: glib2-devel
-BuildRequires: libcares-devel
-BuildRequires: libcollection-devel >= 0.5.1
-BuildRequires: libdhash-devel >= 0.4.2
-BuildRequires: libini_config-devel >= 1.1.0
-BuildRequires: libldb-devel >= 0.9.2
-BuildRequires: libnl-devel >= 1.1
-BuildRequires: libopenssl-devel
-BuildRequires: libtalloc-devel
-BuildRequires: libtdb-devel >= 1.1.3
-BuildRequires: libtevent-devel
-BuildRequires: pcre-devel >= 7
-BuildRequires: popt-devel
-BuildRequires: python-devel
-BuildRequires: samba-devel >= 4
-%endif
-BuildRequires: samba-libs >= 4
-%if 0%{?suse_version} >= 1220
-BuildRequires: libxml2-tools
-BuildRequires: libxslt-tools
-%else
-BuildRequires: libxml2
-BuildRequires: libxslt
-%endif
-BuildRequires: nscd
-BuildRequires: openldap2-devel
-BuildRequires: pam-devel
-BuildRequires: pkg-config
-%if %suse_version >= 1210
-BuildRequires: systemd-rpm-macros
-BuildRequires: pkgconfig(libsystemd-login)
%{?systemd_requires}
-%endif
Requires: sssd-ldap = %version-%release
Requires(postun): pam-config
+Provides: sssd-client = %version-%release
%description
Provides a set of daemons to manage access to remote directories and
@@ -203,6 +177,32 @@
The packages contains commandline tools for managing users and groups using
the "local" id provider of the System Security Services Daemon (sssd).
+%package wbclient
+Summary: SSSD's implementation of the Winbind pipe protocol
+License: LGPL-3.0+
+Group: System/Libraries
+
+%description wbclient
+libwbclient is a plugin for the Samba client, though it has been
+implemented as a regular shared library requested via DT_NEEDED.
+
+sssd-wbclient implements the libwbclient API for Samba daemons and
+utilities. The main purpose is to map Active Directory users and
+groups identified by their SID to POSIX users and groups identified
+by their POSIX UIDs and GIDs respectively.
+
+%package wbclient-devel
+Summary: Development files for SSSD winbind
+License: LGPL-3.0+
+Group: Development/Libraries/C and C++
+Requires: %name-wbclient = %version
+
+%description wbclient-devel
+sssd-wbclient implements the libwbclient API for Samba daemons and
+utilities. The main purpose is to map Active Directory users and
+groups identified by their SID to POSIX users and groups identified
+by their POSIX UIDs and GIDs respectively.
+
%package -n libipa_hbac0
Summary: FreeIPA HBAC Evaluator library
License: LGPL-3.0+
@@ -222,6 +222,15 @@
Utility library to validate FreeIPA HBAC rules for authorization
requests.
+%package -n libnfsidmap-sss
+Summary: Library to allow communication between libnfsidmap and SSSD
+License: GPL-3.0+
+Group: System/Libraries
+Supplements: packageand(nfsidmap:sssd-client)
+
+%description -n libnfsidmap-sss
+A utility library to allow communication between libnfsidmap and SSSD.
+
%package -n libsss_idmap0
Summary: FreeIPA ID mapping library
License: LGPL-3.0+
@@ -284,6 +293,7 @@
Obsoletes: libsss_sudo-devel < %version-%release
# No provides: true obsolete.
Obsoletes: libsss_sudo1
+Supplements: packageand(sudo:sssd-client)
%description -n libsss_sudo
A utility library to allow communication between sudo and SSSD.
@@ -335,7 +345,7 @@
# help configure find nscd
export PATH="$PATH:/usr/sbin"
-autoreconf -fi;
+autoreconf -fiv;
%configure \
--with-crypto=libcrypto \
--with-db-path="%dbpath" \
@@ -374,6 +384,10 @@
ln -sf ../../etc/init.d/sssd "$b/usr/sbin/rcsssd"
%endif
+mkdir -p "$b/%_sysconfdir/ld.so.conf.d"
+cat >"$b/%_sysconfdir/ld.so.conf.d/sssd-wbclient.conf" <<-EOF
+ %_libdir/%name/modules
+EOF
find "$b" -type f -name "*.la" -delete;
%if %suse_version <= 1110
@@ -441,7 +455,7 @@
%_sbindir/sssd
%_sbindir/rcsssd
%dir %_mandir/??/
-%dir %_mandir/??/man?/
+%dir %_mandir/??/man[158]/
%_mandir/??/man1/sss_ssh_*
%_mandir/??/man5/sssd-simple.5*
%_mandir/??/man5/sssd-sudo.5*
@@ -458,7 +472,8 @@
%_libdir/%name/libsss_debug*
%_libdir/%name/libsss_simple*
%_libdir/%name/libsss_util*
-%_libdir/%name/modules/
+%dir %_libdir/%name/modules/
+%_libdir/%name/modules/libsss_autofs.so
%dir %_libdir/ldb/
%_libdir/ldb/memberof.so
%dir %_libexecdir/%name/
@@ -489,6 +504,9 @@
/%_lib/security/pam_sss.so
%_libdir/cifs-utils/
%_libdir/krb5/
+%if %have_localauth
+%_libdir/%name/modules/sssd_krb5_localauth_plugin.so
+%endif
%_mandir/??/man8/pam_sss.8*
%_mandir/??/man8/sssd_krb5_locator_plugin.8*
%_mandir/man8/pam_sss.8*
@@ -504,9 +522,7 @@
%dir %_datadir/%name/
%dir %_datadir/%name/sssd.api.d/
%_datadir/%name/sssd.api.d/sssd-ad.conf
-%dir %_mandir/??/man5/
%_mandir/man5/sssd-ad.5*
-%_mandir/??/man5/sssd-ad.5*
%files dbus
%defattr(-,root,root)
@@ -515,6 +531,8 @@
%dir %_libdir/sssd/
%_libdir/sssd/libsss_config.so
%_mandir/man5/sssd-ifp.5*
+%dir %_mandir/??/
+%dir %_mandir/??/man5/
%_mandir/??/man5/sssd-ifp.5*
#%_sysconfdir/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
#%_datadir/dbus-1/system-services/org.freedesktop.sssd.infopipe.service
@@ -526,9 +544,7 @@
%dir %_datadir/%name/
%dir %_datadir/%name/sssd.api.d
%_datadir/%name/sssd.api.d/sssd-ipa.conf
-%dir %_mandir/??/man5/
%_mandir/man5/sssd-ipa.5*
-%_mandir/??/man5/sssd-ipa.5*
%files krb5
%defattr(-,root,root)
@@ -537,6 +553,7 @@
%dir %_datadir/%name/
%dir %_datadir/%name/sssd.api.d/
%_datadir/%name/sssd.api.d/sssd-krb5.conf
+%dir %_mandir/??/
%dir %_mandir/??/man5/
%_mandir/man5/sssd-krb5.5*
%_mandir/??/man5/sssd-krb5.5*
@@ -556,9 +573,10 @@
%dir %_datadir/%name/
%dir %_datadir/%name/sssd.api.d/
%_datadir/%name/sssd.api.d/sssd-ldap.conf
+%_mandir/man5/sssd-ldap.5*
+%dir %_mandir/??/
%dir %_mandir/??/man5/
%_mandir/??/man5/sssd-ldap.5*
-%_mandir/man5/sssd-ldap.5*
%files proxy
%defattr(-,root,root)
@@ -587,6 +605,21 @@
%_mandir/??/man8/sss_*.8*
%_mandir/man8/sss_*.8*
+%files wbclient
+%defattr(-,root,root)
+%_sysconfdir/ld.so.conf.d/sssd-wbclient.conf
+%dir %_libdir/sssd/
+%dir %_libdir/sssd/modules/
+%_libdir/sssd/modules/libwbclient.so.*
+
+%files wbclient-devel
+%defattr(-,root,root)
+%_includedir/wbclient_sssd.h
+%dir %_libdir/sssd/
+%dir %_libdir/sssd/modules/
+%_libdir/sssd/modules/libwbclient.so
+%_libdir/pkgconfig/wbclient_sssd.pc
+
%files -n libipa_hbac0
%defattr(-,root,root)
%_libdir/libipa_hbac.so.0*
@@ -597,6 +630,11 @@
%_libdir/libipa_hbac.so
%_libdir/pkgconfig/ipa_hbac.pc
+%files -n libnfsidmap-sss
+%defattr(-,root,root)
+%_libdir/libnfsidmap/
+%_mandir/man5/sss_rpcidmapd.5*
+
%files -n libsss_idmap0
%defattr(-,root,root)
%_libdir/libsss_idmap.so.0*
++++++ 0001-build-detect-endianness-at-configure-time.patch ++++++
--- /var/tmp/diff_new_pack.qfWRhq/_old 2014-11-04 17:27:58.000000000 +0100
+++ /var/tmp/diff_new_pack.qfWRhq/_new 2014-11-04 17:27:58.000000000 +0100
@@ -11,20 +11,14 @@
configure.ac | 7 +++++++
1 file changed, 7 insertions(+)
-Index: sssd-1.11.5.1/configure.ac
-===================================================================
---- sssd-1.11.5.1.orig/configure.ac
-+++ sssd-1.11.5.1/configure.ac
-@@ -301,6 +301,13 @@ AM_CHECK_CMOCKA
+--- sssd-1.12.1.orig/configure.ac
++++ sssd-1.12.1/configure.ac
+@@ -322,6 +322,9 @@ AM_CHECK_CMOCKA
AM_CONDITIONAL([HAVE_DEVSHM], [test -d /dev/shm])
-+AC_C_BIGENDIAN
-+if test x$WORDS_BIGENDIAN != x; then
-+ AC_DEFINE(HAVE_BIG_ENDIAN, 1, [whether platform is big endian])
-+else
-+ AC_DEFINE(HAVE_LITTLE_ENDIAN, 1, [whether platform is little endian])
-+fi
++AC_C_BIGENDIAN([AC_DEFINE(HAVE_BIG_ENDIAN, [1], [whether platform is big
endian])],
++ [AC_DEFINE(HAVE_LITTLE_ENDIAN, [1], [whether platform is
little endian])])
+
abs_build_dir=`pwd`
AC_DEFINE_UNQUOTED([ABS_BUILD_DIR], ["$abs_build_dir"], [Absolute path to the
build directory])
++++++ sssd-1.12.0.tar.gz -> sssd-1.12.2.tar.gz ++++++
++++ 196216 lines of diff (skipped)
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
