Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package sssd for openSUSE:Factory checked in
at 2021-03-12 13:30:40
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/sssd (Old)
and /work/SRC/openSUSE:Factory/.sssd.new.2401 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sssd"
Fri Mar 12 13:30:40 2021 rev:107 rq:875513 version:2.4.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/sssd/sssd.changes 2020-10-23
12:19:35.096566520 +0200
+++ /work/SRC/openSUSE:Factory/.sssd.new.2401/sssd.changes 2021-03-12
13:30:56.410125581 +0100
@@ -1,0 +2,38 @@
+Fri Feb 19 17:30:58 UTC 2021 - Jan Engelhardt <jeng...@inai.de>
+
+- Update to release 2.4.2
+ * Default value of "user" config option was fixed into
+ accordance with man page, i.e. default is "root".
+ * pam_sss_gss now support authentication indicators to further
+ harden the authentication.
+
+-------------------------------------------------------------------
+Fri Feb 12 15:55:37 UTC 2021 - Dominique Leuenberger <dims...@opensuse.org>
+
+- Pass --with-pid-path=%{_rundir} to configure: adjust rundir
+ according the distro settings, i.e. /run on modern systems.
+ Eliminates a systemd warning like this one in the journal:
+ Feb 12 12:33:32 zeus systemd[1]: /usr/lib/systemd/system/sssd.service:13:
+ PIDFile= references a path below legacy directory /var/run/,
+ updating /var/run/sssd.pid ??? /run/sssd.pid; please update the unit file
accordingly.
+
+-------------------------------------------------------------------
+Fri Feb 5 12:56:44 UTC 2021 - Jan Engelhardt <jeng...@inai.de>
+
+- Update to release 2.4.1
+ * New PAM module pam_sss_gss for authentication using GSSAPI.
+ * case_sensitive=Preserving can now be set for trusted domains
+ with AD and IPA providers.
+ * krb5_use_subdomain_realm=True can now be used when sub-domain
+ user principal names have upnSuffixes which are not known in
+ the parent domain. SSSD will try to send the Kerberos request
+ directly to a KDC of the sub-domain.
+ * SYSLOG_IDENTIFIER was renamed to SSSD_PRG_NAME in journald
+ output, to avoid issues with PID parsing in rsyslog
+ (BSD-style forwarder) output.
+ * Added pam_gssapi_check_upn to enforce authentication only
+ with principal that can be associated with target user.
+ * Added pam_gssapi_services to list PAM services that can
+ authenticate using GSSAPI.
+
+-------------------------------------------------------------------
Old:
----
sssd-2.4.0.tar.gz
sssd-2.4.0.tar.gz.asc
New:
----
sssd-2.4.2.tar.gz
sssd-2.4.2.tar.gz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ sssd.spec ++++++
--- /var/tmp/diff_new_pack.fetlrW/_old 2021-03-12 13:30:57.610127264 +0100
+++ /var/tmp/diff_new_pack.fetlrW/_new 2021-03-12 13:30:57.614127270 +0100
@@ -15,18 +15,17 @@
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
-%define _buildshell /bin/bash
Name: sssd
-Version: 2.4.0
+Version: 2.4.2
Release: 0
Summary: System Security Services Daemon
License: GPL-3.0-or-later and LGPL-3.0-or-later
Group: System/Daemons
URL: https://pagure.io/SSSD/sssd
#Git-Clone: https://pagure.io/SSSD/sssd
-Source:
https://github.com/SSSD/sssd/releases/download/sssd-2_4_0/%name-%version.tar.gz
-Source2:
https://github.com/SSSD/sssd/releases/download/sssd-2_4_0/%name-%version.tar.gz.asc
+Source:
https://github.com/SSSD/sssd/releases/download/%version/%name-%version.tar.gz
+Source2:
https://github.com/SSSD/sssd/releases/download/%version/%name-%version.tar.gz.asc
Source3: baselibs.conf
Source5: %name.keyring
Patch1: krb-noversion.diff
@@ -377,6 +376,7 @@
--with-environment-file="%_sysconfdir/sysconfig/sssd" \
--with-initscript=systemd \
--with-syslog=journald \
+ --with-pid-path="%_rundir" \
--enable-nsslibdir="/%_lib" \
--enable-pammoddir="/%_lib/security" \
--with-ldb-lib-dir="$LDB_DIR" \
@@ -386,7 +386,7 @@
--disable-ldb-version-check \
--without-secrets \
--without-python2-bindings
-make %{?_smp_mflags} all
+%make_build all
%install
# sss_obfuscate is compatible with both python 2 and 3
@@ -395,48 +395,37 @@
%make_install
b="%buildroot"
-# Copy default sssd.conf file
-install -d "$b/%_mandir"/{cs,cs/man8,nl,nl/man8,pt,pt/man8,uk,uk/man1} \
- "$b/%_mandir"/{uk/man5,uk/man8}
-install -d "$b/%_sysconfdir/sssd"
+#for i in cs cs/man8 nl nl/man8 pt pt/man8 uk uk/man1 uk/man5 uk/man8; do
+# mkdir -p "$b/%_mandir/$i"
+#done
+# Copy some defaults
+mkdir -p "$b/%_sysconfdir/sssd" "$b/%_sysconfdir/sssd/conf.d"
install -m600 src/examples/sssd-example.conf "$b/%_sysconfdir/sssd/sssd.conf"
-install -d "$b/%_sysconfdir/sssd/conf.d"
install -d "$b/%_unitdir"
-
-# Copy default logrotate file
install -d "$b/%_sysconfdir/logrotate.d"
install -m644 src/examples/logrotate "$b/%_sysconfdir/logrotate.d/sssd"
rm -Rfv "$b/%_initddir"
-ln -sfv service "$b/%_sbindir/rcsssd"
-ln -sfv service "$b/%_sbindir/rcsssd-autofs"
-ln -sfv service "$b/%_sbindir/rcsssd-ifp"
-ln -sfv service "$b/%_sbindir/rcsssd-nss"
-ln -sfv service "$b/%_sbindir/rcsssd-pac"
-ln -sfv service "$b/%_sbindir/rcsssd-pam"
-ln -sfv service "$b/%_sbindir/rcsssd-ssh"
-ln -sfv service "$b/%_sbindir/rcsssd-sudo"
-
mkdir -pv "$b/%sssdstatedir/mc"
find "$b" -type f -name "*.la" -print -delete
-rm -Rfv "$b/usr/lib/debug/usr/lib/sssd/p11_child-1.16.2-0.x86_64.debug"
%find_lang %name --all-name
%check
# sss_config-tests fails
-make %{?_smp_mflags} check || :
+%make_build check || :
%pre
-%service_add_pre sssd.service sssd-autofs.service sssd-autofs.socket
sssd-nss.service sssd-nss.socket sssd-pac.service sssd-pac.socket
sssd-pam-priv.socket sssd-pam.service sssd-pam.socket sssd-ssh.service
sssd-ssh.socket sssd-sudo.service sssd-sudo.socket
+%global services sssd.service sssd-autofs.service sssd-autofs.socket
sssd-nss.service sssd-nss.socket sssd-pac.service sssd-pac.socket
sssd-pam-priv.socket sssd-pam.service sssd-pam.socket sssd-ssh.service
sssd-ssh.socket sssd-sudo.service sssd-sudo.socket
+%service_add_pre %services
%post
/sbin/ldconfig
# migrate config variable krb5_kdcip to krb5_server (bnc#851048)
/bin/sed -i -e 's,^krb5_kdcip =,krb5_server =,g' %_sysconfdir/sssd/sssd.conf
-%service_add_post sssd.service sssd-autofs.service sssd-autofs.socket
sssd-nss.service sssd-nss.socket sssd-pac.service sssd-pac.socket
sssd-pam-priv.socket sssd-pam.service sssd-pam.socket sssd-ssh.service
sssd-ssh.socket sssd-sudo.service sssd-sudo.socket
+%service_add_post %services
%preun
-%service_del_preun sssd.service sssd-autofs.service sssd-autofs.socket
sssd-nss.service sssd-nss.socket sssd-pac.service sssd-pac.socket
sssd-pam-priv.socket sssd-pam.service sssd-pam.socket sssd-ssh.service
sssd-ssh.socket sssd-sudo.service sssd-sudo.socket
+%service_del_preun %services
%postun
/sbin/ldconfig
@@ -447,7 +436,7 @@
# (especially, downgrades)
rm -f /var/lib/sss/db/*.ldb
# del_postun includes a try-restart
-%service_del_postun sssd.service sssd-autofs.service sssd-autofs.socket
sssd-nss.service sssd-nss.socket sssd-pac.service sssd-pac.socket
sssd-pam-priv.socket sssd-pam.service sssd-pam.socket sssd-ssh.service
sssd-ssh.socket sssd-sudo.service sssd-sudo.socket
+%service_del_postun %services
%post -n libsss_certmap0 -p /sbin/ldconfig
%postun -n libsss_certmap0 -p /sbin/ldconfig
@@ -472,6 +461,18 @@
%postun dbus
%service_del_postun sssd-ifp.service
+%pre kcm
+%service_add_pre sssd-kcm.service sssd-kcm.socket
+
+%post kcm
+%service_add_post sssd-kcm.service sssd-kcm.socket
+
+%preun kcm
+%service_del_preun sssd-kcm.service sssd-kcm.socket
+
+%postun kcm
+%service_del_postun sssd-kcm.service sssd-kcm.socket
+
%files -f sssd.lang
%license COPYING
%_unitdir/sssd.service
@@ -491,13 +492,13 @@
%_bindir/sss_ssh_*
%_sbindir/sssctl
%_sbindir/sssd
-%_sbindir/rcsssd
-%_sbindir/rcsssd-autofs
-%_sbindir/rcsssd-nss
-%_sbindir/rcsssd-pac
-%_sbindir/rcsssd-pam
-%_sbindir/rcsssd-ssh
-%_sbindir/rcsssd-sudo
+#%_sbindir/rcsssd
+#%_sbindir/rcsssd-autofs
+#%_sbindir/rcsssd-nss
+#%_sbindir/rcsssd-pac
+#%_sbindir/rcsssd-pam
+#%_sbindir/rcsssd-ssh
+#%_sbindir/rcsssd-sudo
%dir %_mandir/??/
%dir %_mandir/??/man[158]/
%_mandir/??/man1/sss_ssh_*
@@ -579,12 +580,14 @@
#
/%_lib/libnss_sss.so.2
/%_lib/security/pam_sss.so
+/%_lib/security/pam_sss_gss.so
%_libdir/cifs-utils/
%_libdir/krb5/
%_libdir/%name/modules/sssd_krb5_localauth_plugin.so
%_mandir/??/man8/sssd_krb5_locator_plugin.8*
%_mandir/??/man8/pam_sss.8*
%_mandir/man8/pam_sss.8*
+%_mandir/man8/pam_sss_gss.8*
%_mandir/man8/sssd_krb5_locator_plugin.8*
%files ad
@@ -609,7 +612,7 @@
%dir %_mandir/??/man5/
%_mandir/??/man5/sssd-ifp.5*
%_unitdir/sssd-ifp.service
-%_sbindir/rcsssd-ifp
+#%_sbindir/rcsssd-ifp
%config %_sysconfdir/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
%_datadir/dbus-1/system-services/org.freedesktop.sssd.infopipe.service
++++++ sssd-2.4.0.tar.gz -> sssd-2.4.2.tar.gz ++++++
/work/SRC/openSUSE:Factory/sssd/sssd-2.4.0.tar.gz
/work/SRC/openSUSE:Factory/.sssd.new.2401/sssd-2.4.2.tar.gz differ: char 14,
line 1
