Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package sssd for openSUSE:Factory checked in at 2026-04-29 19:17:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/sssd (Old) and /work/SRC/openSUSE:Factory/.sssd.new.30200 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sssd" Wed Apr 29 19:17:49 2026 rev:148 rq:1349824 version:2.13.0 Changes: -------- --- /work/SRC/openSUSE:Factory/sssd/sssd.changes 2026-04-01 19:55:16.412701984 +0200 +++ /work/SRC/openSUSE:Factory/.sssd.new.30200/sssd.changes 2026-04-29 19:18:37.687009002 +0200 @@ -1,0 +2,33 @@ +Tue Apr 28 11:21:49 UTC 2026 - Jan Engelhardt <[email protected]> + +- Update to release 2.13 + * Fixed CVE-2026-6245, an out-of-bounds read in the PAM + passkey responder. + * During the processing of the `pam_sss_gss` request, SSSD will + read the SID from the PAC of the Kerberos ticket and might add + authentication indicators based on the value of the new option + `pam_gssapi_indicators_apply`. The primary use case is to + handle SIDs added by Active Directory’s Authentication + Mechanism Assurance (AMA). + * Active Directory’s Foreign Security Principals (FSP) are now + properly detected and ignored when reading nested group + members. The `ldap_ignore_unreadable_references` option is only + needed to ignore member objects which are really not + accessible. + * A number of cache performance optimizations for large + deployments. + * Tokens acquired from the IdP are now stored in the domain + cache, and are automatically refreshed if the new option + `idp_auto_refresh` is enabled. + * The `idp_type` option allows `entra_idp` url to be specified if + user is using a different Microsoft Entra endpoint. + * Support for the KDE Plasma Login Manager. + * New option `avoid_by_id_lookups` to tell the SSSD responders to + use a lookup by name instead of by id where possible. + * New options to customize the OAuth2 prompting behavior: + `interactive` and `interactive_prompt`. +- Delete 0001-Fix-libini_config-related-includes.patch, + 0001-INI-get-rid-of-useless-macros.patch, + 0001-INI-use-proper-deallocators.patch (obsolete) + +------------------------------------------------------------------- Old: ---- 0001-Fix-libini_config-related-includes.patch 0001-INI-get-rid-of-useless-macros.patch 0001-INI-use-proper-deallocators.patch sssd-2.12.0.tar.gz sssd-2.12.0.tar.gz.asc New: ---- sssd-2.13.0.tar.gz sssd-2.13.0.tar.gz.asc ----------(Old B)---------- Old: `interactive` and `interactive_prompt`. - Delete 0001-Fix-libini_config-related-includes.patch, 0001-INI-get-rid-of-useless-macros.patch, Old:- Delete 0001-Fix-libini_config-related-includes.patch, 0001-INI-get-rid-of-useless-macros.patch, 0001-INI-use-proper-deallocators.patch (obsolete) Old: 0001-INI-get-rid-of-useless-macros.patch, 0001-INI-use-proper-deallocators.patch (obsolete) ----------(Old E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sssd.spec ++++++ --- /var/tmp/diff_new_pack.M16Kcz/_old 2026-04-29 19:18:38.435039647 +0200 +++ /var/tmp/diff_new_pack.M16Kcz/_new 2026-04-29 19:18:38.435039647 +0200 @@ -17,23 +17,20 @@ Name: sssd -Version: 2.12.0 +Version: 2.13.0 Release: 0 Summary: System Security Services Daemon License: GPL-3.0-or-later AND LGPL-3.0-or-later Group: System/Daemons URL: https://github.com/SSSD/sssd #Git-Clone: https://github.com/SSSD/sssd -#Changelog: https://sssd.io/release-notes/sssd-2.12.0.html +#Changelog: https://sssd.io/release-notes/sssd-2.13.0.html # prefer over github.com/SSSD/sssd/releases/tag/2.13.0 Source: https://github.com/SSSD/sssd/releases/download/%version/%name-%version.tar.gz Source2: https://github.com/SSSD/sssd/releases/download/%version/%name-%version.tar.gz.asc Source3: baselibs.conf Source5: %name.keyring Source6: %name-rpmlintrc Patch1: 0001-TOOL-Fix-build-parameter-name-omitted.patch -Patch2: 0001-Fix-libini_config-related-includes.patch -Patch3: 0001-INI-get-rid-of-useless-macros.patch -Patch4: 0001-INI-use-proper-deallocators.patch Patch11: krb-noversion.diff Patch12: harden_sssd-ifp.service.patch Patch13: harden_sssd-kcm.service.patch @@ -745,7 +742,6 @@ %_mandir/man8/pam_sss.8* %_mandir/man8/pam_sss_gss.8* %_mandir/man8/sssd_krb5_localauth_plugin.8* -%_mandir/??/man8/sssd_krb5_localauth_plugin.8* %_mandir/man8/sssd_krb5_locator_plugin.8* # # %%files sssd-idp ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.M16Kcz/_old 2026-04-29 19:18:38.479041450 +0200 +++ /var/tmp/diff_new_pack.M16Kcz/_new 2026-04-29 19:18:38.483041614 +0200 @@ -1,5 +1,5 @@ -mtime: 1774953118 -commit: bf84d5158f55cc0c3633490730e0a501855167ae65e996c25746aa7035de05da +mtime: 1777385407 +commit: 81fca6509a353cd563568a519056fe04e1a38e432670f9eeb5e5d44a7ac32673 url: https://src.opensuse.org/jengelh/sssd revision: master ++++++ build.specials.obscpio ++++++ ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2026-04-28 16:10:07.000000000 +0200 @@ -0,0 +1 @@ +.osc ++++++ logrotate.patch ++++++ --- /var/tmp/diff_new_pack.M16Kcz/_old 2026-04-29 19:18:38.687049971 +0200 +++ /var/tmp/diff_new_pack.M16Kcz/_new 2026-04-29 19:18:38.695050299 +0200 @@ -9,10 +9,10 @@ src/sysv/systemd/sssd.service.in | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) -Index: sssd-2.11.1/src/examples/logrotate.in +Index: sssd-2.13.0/src/examples/logrotate.in =================================================================== ---- sssd-2.11.1.orig/src/examples/logrotate.in -+++ sssd-2.11.1/src/examples/logrotate.in +--- sssd-2.13.0.orig/src/examples/logrotate.in ++++ sssd-2.13.0/src/examples/logrotate.in @@ -8,7 +8,6 @@ delaycompress su @SSSD_USER@ @SSSD_USER@ @@ -22,10 +22,10 @@ + /usr/bin/systemctl try-reload-or-restart sssd sssd_kcm endscript } -Index: sssd-2.11.1/src/sysv/systemd/sssd-kcm.service.in +Index: sssd-2.13.0/src/sysv/systemd/sssd-kcm.service.in =================================================================== ---- sssd-2.11.1.orig/src/sysv/systemd/sssd-kcm.service.in -+++ sssd-2.11.1/src/sysv/systemd/sssd-kcm.service.in +--- sssd-2.13.0.orig/src/sysv/systemd/sssd-kcm.service.in ++++ sssd-2.13.0/src/sysv/systemd/sssd-kcm.service.in @@ -32,6 +32,7 @@ ExecStartPre=+-/bin/chmod -f g+x @sssdco ExecStartPre=+-/bin/sh -c "/bin/chown -f -h @SSSD_USER@:@SSSD_USER@ @secdbpath@/*.ldb" ExecStartPre=+-/bin/sh -c "/bin/chown -f -h @SSSD_USER@:@SSSD_USER@ @logpath@/sssd_kcm.log*" @@ -34,10 +34,10 @@ CapabilityBoundingSet= CAP_DAC_READ_SEARCH CAP_SETGID CAP_SETUID SecureBits=noroot noroot-locked User=@SSSD_USER@ -Index: sssd-2.11.1/src/sysv/systemd/sssd.service.in +Index: sssd-2.13.0/src/sysv/systemd/sssd.service.in =================================================================== ---- sssd-2.11.1.orig/src/sysv/systemd/sssd.service.in -+++ sssd-2.11.1/src/sysv/systemd/sssd.service.in +--- sssd-2.13.0.orig/src/sysv/systemd/sssd.service.in ++++ sssd-2.13.0/src/sysv/systemd/sssd.service.in @@ -21,6 +21,7 @@ ExecStartPre=+-/bin/sh -c "/bin/chown -f ExecStartPre=+-/bin/chown -f -R -h @SSSD_USER@:@SSSD_USER@ @gpocachepath@ ExecStartPre=+-/bin/sh -c "/bin/chown -f -h @SSSD_USER@:@SSSD_USER@ @logpath@/*.log*" @@ -45,5 +45,5 @@ +ExecReload=kill -HUP $MAINPID Type=notify NotifyAccess=main - Restart=on-abnormal + Restart=on-failure ++++++ sssd-2.12.0.tar.gz -> sssd-2.13.0.tar.gz ++++++ /work/SRC/openSUSE:Factory/sssd/sssd-2.12.0.tar.gz /work/SRC/openSUSE:Factory/.sssd.new.30200/sssd-2.13.0.tar.gz differ: char 12, line 1
