Hello community, here is the log from the commit of package sssd for openSUSE:Factory checked in at 2014-11-04 17:27:34 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/sssd (Old) and /work/SRC/openSUSE:Factory/.sssd.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "sssd" Changes: -------- --- /work/SRC/openSUSE:Factory/sssd/sssd.changes 2014-08-25 11:54:27.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.sssd.new/sssd.changes 2014-11-04 17:27:55.000000000 +0100 @@ -1,0 +2,64 @@ +Thu Oct 30 12:22:06 UTC 2014 - jengelh@inai.de + +- Update to new upstream release 1.12.2 (bugfix release, bnc#900159) +* Fixed a regression where the IPA provider did not fetch User + Private Groups correctly +* An important bug in the GPO access control which resulted in a + wrong principal being used, was fixed. +* Several new options are available for deployments that need to + restrict a certain PAM service from connecting to a certain SSSD + domain. For more details, see the description of + pam_trusted_users and pam_public_domains options in the + sssd.conf(5) man page and the domains option in the pam_sss(8) + man page. +* When SSSD is acting as an IPA client in setup with trusted AD + domains, it is able to return group members or full group + memberships for users from trusted AD domains. +* Support for the "views" feature of IPA. +- Remove 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch + (merged upstream) + +------------------------------------------------------------------- +Sat Oct 11 13:36:48 UTC 2014 - jengelh@inai.de + +- Add 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch + to workaround bad autoconf invocation + +------------------------------------------------------------------- +Sat Oct 11 00:16:15 UTC 2014 - crrodriguez@opensuse.org + +- 0001-build-detect-endianness-at-configure-time.patch + Correct defective endianness test. + +------------------------------------------------------------------- +Mon Oct 6 13:25:23 UTC 2014 - jengelh@inai.de + +- Update to new upstream release 1.12.1 +* The GPO access control was further enhanced to allow the access + control decisions while offline and map the Windows logon + rights onto Linux PAM services. +* The SSSD now ships a plugin for the rpc.idmapd daemon, + sss_rpcidmapd(5). +* A MIT Kerberos localauth plugin was added to SSSD. This plugin + helps translating principals to user names in IPA-AD trust + scenarios, allowing the krb5.conf configuration to be less + complex. +* A libwbclient plugin implementation is now part of the SSSD. + The main purpose is to map Active Directory users and groups + identified by their SID to POSIX users and groups for the + file-server use-case. +* Active Directory users ca nnow use their User Logon Name to log + in. +* The sss_cache tool was enhanced to allow invalidating the SSH + host keys. +* Groups without full POSIX information can now be used to enroll + group membership (CVE-2014-0249). +* Detection of transition from offline to online state was + improved, resulting in fewer timeouts when SSSD is offline. +* The Active Directory provider now correctly detects Windows + Server 2012 R2. Previous versions would fall back to the slower + non-AD path with 2012 R2. +* Several other bugs related to deployments where SSSD is acting + as an AD client were fixed. + +------------------------------------------------------------------- Old: ---- sssd-1.12.0.tar.gz sssd-1.12.0.tar.gz.asc New: ---- sssd-1.12.2.tar.gz sssd-1.12.2.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sssd.spec ++++++ --- /var/tmp/diff_new_pack.qfWRhq/_old 2014-11-04 17:27:58.000000000 +0100 +++ /var/tmp/diff_new_pack.qfWRhq/_new 2014-11-04 17:27:58.000000000 +0100 @@ -17,7 +17,7 @@ Name: sssd -Version: 1.12.0 +Version: 1.12.2 Release: 0 Summary: System Security Services Daemon License: GPL-3.0+ and LGPL-3.0+ @@ -39,23 +39,29 @@ %define pipepath %sssdstatedir/pipes %define pubconfpath %sssdstatedir/pubconf -%if %suse_version <= 1110 -# SLES11 doesn't know the python_* macros -%define python_sitelib %py_sitedir -%define python_sitearch %py_sitedir -%endif - BuildRequires: autoconf >= 2.59 BuildRequires: automake BuildRequires: bind-utils BuildRequires: cifs-utils-devel BuildRequires: cyrus-sasl-devel BuildRequires: docbook-xsl-stylesheets +%if 0%{?suse_version} >= 1320 +BuildRequires: krb5-devel >= 1.12 +%define have_localauth 1 +%else BuildRequires: krb5-devel +%define have_localauth 0 +%endif BuildRequires: libsmbclient-devel BuildRequires: libtool +BuildRequires: libxml2-tools +BuildRequires: libxslt-tools +BuildRequires: nscd +BuildRequires: openldap2-devel +BuildRequires: pam-devel +BuildRequires: pkg-config BuildRequires: pkgconfig >= 0.21 -%if 0%{?suse_version} >= 1210 +BuildRequires: systemd-rpm-macros BuildRequires: pkgconfig(augeas) >= 1.0.0 BuildRequires: pkgconfig(collection) >= 0.5.1 BuildRequires: pkgconfig(dbus-1) >= 1.0.0 @@ -64,54 +70,22 @@ BuildRequires: pkgconfig(ini_config) >= 1.1.0 BuildRequires: pkgconfig(ldb) >= 0.9.2 BuildRequires: pkgconfig(libcares) +BuildRequires: pkgconfig(libcrypto) +BuildRequires: pkgconfig(libnfsidmap) BuildRequires: pkgconfig(libnl-3.0) >= 3.0 BuildRequires: pkgconfig(libnl-route-3.0) >= 3.0 BuildRequires: pkgconfig(libpcre) >= 7 +BuildRequires: pkgconfig(libsystemd-login) BuildRequires: pkgconfig(ndr_nbt) -BuildRequires: pkgconfig(openssl) BuildRequires: pkgconfig(popt) BuildRequires: pkgconfig(python) BuildRequires: pkgconfig(talloc) BuildRequires: pkgconfig(tdb) >= 1.1.3 BuildRequires: pkgconfig(tevent) -%else -BuildRequires: augeas-devel -BuildRequires: dbus-1-devel >= 1.0.0 -BuildRequires: glib2-devel -BuildRequires: libcares-devel -BuildRequires: libcollection-devel >= 0.5.1 -BuildRequires: libdhash-devel >= 0.4.2 -BuildRequires: libini_config-devel >= 1.1.0 -BuildRequires: libldb-devel >= 0.9.2 -BuildRequires: libnl-devel >= 1.1 -BuildRequires: libopenssl-devel -BuildRequires: libtalloc-devel -BuildRequires: libtdb-devel >= 1.1.3 -BuildRequires: libtevent-devel -BuildRequires: pcre-devel >= 7 -BuildRequires: popt-devel -BuildRequires: python-devel -BuildRequires: samba-devel >= 4 -%endif -BuildRequires: samba-libs >= 4 -%if 0%{?suse_version} >= 1220 -BuildRequires: libxml2-tools -BuildRequires: libxslt-tools -%else -BuildRequires: libxml2 -BuildRequires: libxslt -%endif -BuildRequires: nscd -BuildRequires: openldap2-devel -BuildRequires: pam-devel -BuildRequires: pkg-config -%if %suse_version >= 1210 -BuildRequires: systemd-rpm-macros -BuildRequires: pkgconfig(libsystemd-login) %{?systemd_requires} -%endif Requires: sssd-ldap = %version-%release Requires(postun): pam-config +Provides: sssd-client = %version-%release %description Provides a set of daemons to manage access to remote directories and @@ -203,6 +177,32 @@ The packages contains commandline tools for managing users and groups using the "local" id provider of the System Security Services Daemon (sssd). +%package wbclient +Summary: SSSD's implementation of the Winbind pipe protocol +License: LGPL-3.0+ +Group: System/Libraries + +%description wbclient +libwbclient is a plugin for the Samba client, though it has been +implemented as a regular shared library requested via DT_NEEDED. + +sssd-wbclient implements the libwbclient API for Samba daemons and +utilities. The main purpose is to map Active Directory users and +groups identified by their SID to POSIX users and groups identified +by their POSIX UIDs and GIDs respectively. + +%package wbclient-devel +Summary: Development files for SSSD winbind +License: LGPL-3.0+ +Group: Development/Libraries/C and C++ +Requires: %name-wbclient = %version + +%description wbclient-devel +sssd-wbclient implements the libwbclient API for Samba daemons and +utilities. The main purpose is to map Active Directory users and +groups identified by their SID to POSIX users and groups identified +by their POSIX UIDs and GIDs respectively. + %package -n libipa_hbac0 Summary: FreeIPA HBAC Evaluator library License: LGPL-3.0+ @@ -222,6 +222,15 @@ Utility library to validate FreeIPA HBAC rules for authorization requests. +%package -n libnfsidmap-sss +Summary: Library to allow communication between libnfsidmap and SSSD +License: GPL-3.0+ +Group: System/Libraries +Supplements: packageand(nfsidmap:sssd-client) + +%description -n libnfsidmap-sss +A utility library to allow communication between libnfsidmap and SSSD. + %package -n libsss_idmap0 Summary: FreeIPA ID mapping library License: LGPL-3.0+ @@ -284,6 +293,7 @@ Obsoletes: libsss_sudo-devel < %version-%release # No provides: true obsolete. Obsoletes: libsss_sudo1 +Supplements: packageand(sudo:sssd-client) %description -n libsss_sudo A utility library to allow communication between sudo and SSSD. @@ -335,7 +345,7 @@ # help configure find nscd export PATH="$PATH:/usr/sbin" -autoreconf -fi; +autoreconf -fiv; %configure \ --with-crypto=libcrypto \ --with-db-path="%dbpath" \ @@ -374,6 +384,10 @@ ln -sf ../../etc/init.d/sssd "$b/usr/sbin/rcsssd" %endif +mkdir -p "$b/%_sysconfdir/ld.so.conf.d" +cat >"$b/%_sysconfdir/ld.so.conf.d/sssd-wbclient.conf" <<-EOF + %_libdir/%name/modules +EOF find "$b" -type f -name "*.la" -delete; %if %suse_version <= 1110 @@ -441,7 +455,7 @@ %_sbindir/sssd %_sbindir/rcsssd %dir %_mandir/??/ -%dir %_mandir/??/man?/ +%dir %_mandir/??/man[158]/ %_mandir/??/man1/sss_ssh_* %_mandir/??/man5/sssd-simple.5* %_mandir/??/man5/sssd-sudo.5* @@ -458,7 +472,8 @@ %_libdir/%name/libsss_debug* %_libdir/%name/libsss_simple* %_libdir/%name/libsss_util* -%_libdir/%name/modules/ +%dir %_libdir/%name/modules/ +%_libdir/%name/modules/libsss_autofs.so %dir %_libdir/ldb/ %_libdir/ldb/memberof.so %dir %_libexecdir/%name/ @@ -489,6 +504,9 @@ /%_lib/security/pam_sss.so %_libdir/cifs-utils/ %_libdir/krb5/ +%if %have_localauth +%_libdir/%name/modules/sssd_krb5_localauth_plugin.so +%endif %_mandir/??/man8/pam_sss.8* %_mandir/??/man8/sssd_krb5_locator_plugin.8* %_mandir/man8/pam_sss.8* @@ -504,9 +522,7 @@ %dir %_datadir/%name/ %dir %_datadir/%name/sssd.api.d/ %_datadir/%name/sssd.api.d/sssd-ad.conf -%dir %_mandir/??/man5/ %_mandir/man5/sssd-ad.5* -%_mandir/??/man5/sssd-ad.5* %files dbus %defattr(-,root,root) @@ -515,6 +531,8 @@ %dir %_libdir/sssd/ %_libdir/sssd/libsss_config.so %_mandir/man5/sssd-ifp.5* +%dir %_mandir/??/ +%dir %_mandir/??/man5/ %_mandir/??/man5/sssd-ifp.5* #%_sysconfdir/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf #%_datadir/dbus-1/system-services/org.freedesktop.sssd.infopipe.service @@ -526,9 +544,7 @@ %dir %_datadir/%name/ %dir %_datadir/%name/sssd.api.d %_datadir/%name/sssd.api.d/sssd-ipa.conf -%dir %_mandir/??/man5/ %_mandir/man5/sssd-ipa.5* -%_mandir/??/man5/sssd-ipa.5* %files krb5 %defattr(-,root,root) @@ -537,6 +553,7 @@ %dir %_datadir/%name/ %dir %_datadir/%name/sssd.api.d/ %_datadir/%name/sssd.api.d/sssd-krb5.conf +%dir %_mandir/??/ %dir %_mandir/??/man5/ %_mandir/man5/sssd-krb5.5* %_mandir/??/man5/sssd-krb5.5* @@ -556,9 +573,10 @@ %dir %_datadir/%name/ %dir %_datadir/%name/sssd.api.d/ %_datadir/%name/sssd.api.d/sssd-ldap.conf +%_mandir/man5/sssd-ldap.5* +%dir %_mandir/??/ %dir %_mandir/??/man5/ %_mandir/??/man5/sssd-ldap.5* -%_mandir/man5/sssd-ldap.5* %files proxy %defattr(-,root,root) @@ -587,6 +605,21 @@ %_mandir/??/man8/sss_*.8* %_mandir/man8/sss_*.8* +%files wbclient +%defattr(-,root,root) +%_sysconfdir/ld.so.conf.d/sssd-wbclient.conf +%dir %_libdir/sssd/ +%dir %_libdir/sssd/modules/ +%_libdir/sssd/modules/libwbclient.so.* + +%files wbclient-devel +%defattr(-,root,root) +%_includedir/wbclient_sssd.h +%dir %_libdir/sssd/ +%dir %_libdir/sssd/modules/ +%_libdir/sssd/modules/libwbclient.so +%_libdir/pkgconfig/wbclient_sssd.pc + %files -n libipa_hbac0 %defattr(-,root,root) %_libdir/libipa_hbac.so.0* @@ -597,6 +630,11 @@ %_libdir/libipa_hbac.so %_libdir/pkgconfig/ipa_hbac.pc +%files -n libnfsidmap-sss +%defattr(-,root,root) +%_libdir/libnfsidmap/ +%_mandir/man5/sss_rpcidmapd.5* + %files -n libsss_idmap0 %defattr(-,root,root) %_libdir/libsss_idmap.so.0* ++++++ 0001-build-detect-endianness-at-configure-time.patch ++++++ --- /var/tmp/diff_new_pack.qfWRhq/_old 2014-11-04 17:27:58.000000000 +0100 +++ /var/tmp/diff_new_pack.qfWRhq/_new 2014-11-04 17:27:58.000000000 +0100 @@ -11,20 +11,14 @@ configure.ac | 7 +++++++ 1 file changed, 7 insertions(+) -Index: sssd-1.11.5.1/configure.ac -=================================================================== ---- sssd-1.11.5.1.orig/configure.ac -+++ sssd-1.11.5.1/configure.ac -@@ -301,6 +301,13 @@ AM_CHECK_CMOCKA +--- sssd-1.12.1.orig/configure.ac ++++ sssd-1.12.1/configure.ac +@@ -322,6 +322,9 @@ AM_CHECK_CMOCKA AM_CONDITIONAL([HAVE_DEVSHM], [test -d /dev/shm]) -+AC_C_BIGENDIAN -+if test x$WORDS_BIGENDIAN != x; then -+ AC_DEFINE(HAVE_BIG_ENDIAN, 1, [whether platform is big endian]) -+else -+ AC_DEFINE(HAVE_LITTLE_ENDIAN, 1, [whether platform is little endian]) -+fi ++AC_C_BIGENDIAN([AC_DEFINE(HAVE_BIG_ENDIAN, [1], [whether platform is big endian])], ++ [AC_DEFINE(HAVE_LITTLE_ENDIAN, [1], [whether platform is little endian])]) + abs_build_dir=`pwd` AC_DEFINE_UNQUOTED([ABS_BUILD_DIR], ["$abs_build_dir"], [Absolute path to the build directory]) ++++++ sssd-1.12.0.tar.gz -> sssd-1.12.2.tar.gz ++++++ ++++ 196216 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org