Package sssd

2.6.3-alt1 built March 15, 2022 Evgeny Sinelnikov in task #293575
2.6.3-alt1 built Feb. 22, 2022 Evgeny Sinelnikov in task #295055
Jan. 27, 2022 Evgeny Sinelnikov
- AD Domain in the AD Forest Missing after sssd latest update
- sdap_idmap.c/sssd_idmap.c incorrectly calculates rangesize from upper/lower
- Regression on rawhide with ssh auth using password
- sssd-ad broken in 2.6.2, 389 used as kerberos port
- sssd error triggers backtrace: write_krb5info_file_from_fo_server
Jan. 12, 2022 Evgeny Sinelnikov 2.6.2-alt1
- Update to latest release:
  + Lookup with fully-qualified name does not work with cache_first is True.
  + sssd_be segfault due to empty forest root name.
  + Groups are missing while performing id lookup as SSSD switching to offline
    mode due to the wrong domain name in the ldap-pings(netlogon).
  + LDAP sp_expire policy does not match other libraries.
  + Passwordless (GSSAPI) SSH not working due to missing
    includedir  /var/lib/sss/pubconf/krb5.include.d directive in /etc/krb5.conf.
  + pam responder does not call initgroups to refresh the user entry.
  + FindByValidCertificate() treats unconfigured CA as Invalid certificate provide.
  + sssd does not use kerberos port that is set.
Dec. 13, 2021 Evgeny Sinelnikov 2.6.1-alt3
- Update with latest libldb-2.3.2-alt2 fixes.
- Backport newest fixes from upstream:
  + utils: ignore systemd and sd-pam process in get_active_uid_linux()
  + cldap: use dns_resolver_server_timeout timeout for cldap ping
  + ad: only send cldap-ping to our local domain
  + ad: make ad_srv_plugin_ctx_switch_site() public
  + ad: use already discovered forest name
2.6.1-alt2 built Nov. 23, 2021 Evgeny Sinelnikov in task #288704
Nov. 15, 2021 Evgeny Sinelnikov
- Revert reverted patch with change owner/permissions of user deskprofile path
  due it still needed.
Nov. 10, 2021 Evgeny Sinelnikov 2.6.1-alt1
- Update to 2.6.1 stable release.
- Revert "Don't change owner/permissions of user deskprofile path" patch
  due CAP_DAC_OVERRIDE was added to systemd configs in 2.4.2 release.
Nov. 7, 2021 Evgeny Sinelnikov 2.6.0-alt1
- Update to 2.6.0 (with upstream fixes from master - 7bfdd3db8e4c).
- Security issue in the sssctl command - shell command injection via the
  logs-fetch and cache-expire subcommands (fixes: CVE-2021-3621).
- pam_sss: Allow offline authentication against non-ipa-desktopprofiles aware DC
- Add filter for Active Directory trusted domains which are not trusted (one-way
  trust) or are from a different forest (direct trust). Both should be ignored
  because they are not trusted or can currently not be handled properly.
Oct. 29, 2021 Andrew A. Vasilyev 2.5.2-alt2
- FTBFS: disable LTO
2.5.2-alt1 built July 30, 2021 Evgeny Sinelnikov in task #281319
July 29, 2021 Evgeny Sinelnikov
- Update to 2.5.2:
  + auto_private_groups option can be set centrally through ID range setting
    in IPA (see ipa idrange commands family).
  + Default value of ldap_sudo_random_offset changed to 0 (disabled).
  + originalADgidNumber attribute in the SSSD cache is now indexed.
  + Add new config option fallback_to_nss.
May 14, 2021 Evgeny Sinelnikov 2.5.0-alt1
- Update to 2.5.0:
  + Deprecated support of secrets, local-provider, libwbclient, pcre1.
  + Added support for automatic renewal of renewable TGTs stored in KCM cache.
  + Backround sudo periodic tasks (smart and full refresh) periods are now
    extended by a random offset.
  + Completing a sudo full refresh now postpones the smart refresh by
    ldap_sudo_smart_refresh_interval value.
  + Besides trusted domains known by the forest root, trusted domains known by
    the local domain are used as well.
  + New configuration option offline_timeout_random_offset to control random
    factor in backend probing interval when SSSD is in offline mode.
May 7, 2021 Evgeny Sinelnikov 2.4.2-alt2
- Apply internal, domain and service fixes from upstream.
- Add compatibility support of unprivileged mode with "user = _sssd"
  due from sssd-2.4.2 default user is set to root.
Feb. 23, 2021 Evgeny Sinelnikov 2.4.2-alt1
- Update to 2.4.2
- Add CapabilityBoundingSet option as a security hardening measure
  for systemd service configs
Feb. 16, 2021 Evgeny Sinelnikov 2.4.1-alt3
- Update authentication features:
  + pam_sss: Don't fail on deskprofiles phase for AD users
  + pam_sss_gss: support authentication indicators
Feb. 9, 2021 Evgeny Sinelnikov 2.4.1-alt2
- Fixate that upstream fixed the memory leak in the
  simple access provider (fixes: OVE-20210209-0001)
Feb. 5, 2021 Evgeny Sinelnikov 2.4.1-alt1
- Update to 2.4.1
- Add PAM module pam_sss_gss for authentication using GSSAPI
Feb. 2, 2021 Evgeny Sinelnikov 2.4.0-alt3
- Add krb5_use_subdomain_realm=True to support upnSuffixes for trusted domains
- Allow to set case_sensitive=Preserving in subdomain section
- Add auto_private_groups to subdomain_inherit
- Add /var/lib/sss/.cache directory for gencache.tdb using samba gpo libraries
Nov. 12, 2020 Evgeny Sinelnikov 2.4.0-alt2
- Reapply patch with ignore GPO if SecEdit/GptTmpl.inf is missing
Oct. 15, 2020 Evgeny Sinelnikov 2.4.0-alt1
- Update to 2.4.0
Aug. 1, 2020 Evgeny Sinelnikov 2.3.1-alt1
- Update to 2.3.1
- Remove derecated libwbclient-sssd
July 23, 2020 Evgeny Sinelnikov 2.3.0-alt3
- Rebuild with libldb-2.0.12
June 30, 2020 Evgeny Sinelnikov 2.3.0-alt2
- Rebuild with libldb-2.0.11
June 10, 2020 Evgeny Sinelnikov 2.3.0-alt1
- Update to 2.3.0
May 17, 2020 Evgeny Sinelnikov 2.2.3-alt3
- Rewrite PAM rules for sss system-auth method with new pam-config-1.9.0 scheme
  using pam_localuser.so to separate configuration for local and remote users.
- Added dependency sssd-client to pam-config-1.9.0 supported configurable
  session substack system-policy.
- Added dependency sssd-ad to winbind-idmap for compatibility installation.
April 29, 2020 Evgeny Sinelnikov 2.2.3-alt2
- Updated sss system-auth method with pam_auth_common substack
- Added requires to pam-config-1.8.0 supported pam_auth_common substack
April 28, 2020 Evgeny Sinelnikov 2.2.3-alt1.1
- Rebuild with libldb-2.0.10
March 19, 2020 Evgeny Sinelnikov 2.2.3-alt1
- Update to 2.2.3
March 10, 2020 Evgeny Sinelnikov 2.2.2-alt4
- Rebuild with libldb-2.0.9
Nov. 1, 2019 Evgeny Sinelnikov 2.2.2-alt3
- Rebuild with latest version on libldb-2.0.8 with release of Samba 4.11
Oct. 19, 2019 Evgeny Sinelnikov 2.2.2-alt2
- Rebuild with latest version libldb-1.5.6
Sept. 22, 2019 Evgeny Sinelnikov 2.2.2-alt1
- Update to 2.2.2
Aug. 30, 2019 Evgeny Sinelnikov 2.2.1-alt1
- Update to 2.2.1
Aug. 12, 2019 Evgeny Sinelnikov 2.2.0-alt3
- Rebuild with latest version libldb-1.5.5
July 2, 2019 Evgeny Sinelnikov 2.2.0-alt2
- Fix sssd-ad System error during access deny to sysvol when it not replicated
  or not configured with 'samba-tool ntacl sysvolreset' command
- Clean spec compatibility base on ubt macroses
June 28, 2019 Evgeny Sinelnikov 2.2.0-alt1
- Update to 2.2.0
June 28, 2019 Evgeny Sinelnikov 2.1.0-alt2
- Update libwbclient-sssd interface to version 0.15 (Closes: 36750)
March 26, 2019 Evgeny Sinelnikov 2.1.0-alt1
- Update to 2.1.0 for samba-4.10.0
March 17, 2019 Evgeny Sinelnikov 2.0.0-alt5.gitf0603645f
- Rebuild with latest version libldb
- Revert strict requirement to version of libldb
Feb. 21, 2019 Stanislav Levin 2.0.0-alt4.gitf0603645f
- Fixed FleetCommander integration.
- Stopped build Python2 bindings.
Dec. 7, 2018 Evgeny Sinelnikov 2.0.0-alt3.gitf0603645f
- Remove build requires for selinux-policy-targeted
Oct. 25, 2018 Stanislav Levin 2.0.0-alt2.gitf0603645f
- Applied an upstream snapshot due to a huge amount of issues in 2.0.0.
- Fixed start under a non-privileged user (Closes: #35545).
Oct. 19, 2018 Alexey Shabalin 2.0.0-alt1
- 2.0.0
Aug. 14, 2018 Alexey Sheplyakov 1.16.3-alt1
- New upstream version 1.16.3
  + Dropped patch `nss: skip incomplete groups instead of bailing out',
    included by upstream
  + Refreshed become_user patch (unit test passes now)
July 19, 2018 Stanislav Levin 1.16.2-alt2
- build with Python3 bindings
July 4, 2018 Alexey Sheplyakov 1.16.2-alt1
- New upstream release 1.16.2
June 8, 2018 Evgeny Sinelnikov 1.16.1-alt7
- Rebuild with latest version on libldb-1.3.3
- Disable strict requirement to version of libldb
May 25, 2018 Alexey Sheplyakov 1.16.1-alt6
- Applied patches fixing AD and generic issues from Fedora 1.16.2 pre-release
  (https://src.fedoraproject.org/rpms/sssd/tree/5f75f7e4f25f4844)
  + 0001-IPA-Handle-empty-nisDomainName.patch
  + 0002-intg-enhance-netgroups-test.patch
  + 0003-CONFDB-Start-a-ldb-transaction-from-sss_ldb_modify_p.patch
  + 0004-TOOLS-Take-into-consideration-app-domains.patch
  + 0005-TESTS-Move-get_call_output-to-util.py.patch
  + 0006-TESTS-Make-get_call_output-more-flexible-about-the-s.patch
  + 0007-TESTS-Add-a-basic-test-of-sssctl-domain-list.patch
  + 0008-KCM-Use-json_loadb-when-dealing-with-sss_iobuf-data.patch
  + 0009-KCM-Remove-mem_ctx-from-kcm_new_req.patch
  + 0010-KCM-Introduce-kcm_input_get_payload_len.patch
  + 0011-KCM-Do-not-use-2048-as-fixed-size-for-the-payload.patch
  + 0012-KCM-Adjust-REPLY_MAX-to-the-one-used-in-krb5.patch
  + 0014-KCM-Fix-typo-in-ccdb_sec_delete_list_done.patch
  + 0015-KCM-Only-print-the-number-of-found-items-after-we-ha.patch
  + 0016-SYSDB-When-marking-an-entry-as-expired-also-set-the-.patch
  + 0019-SERVER-Tone-down-shutdown-messages-for-socket-activa.patch
  + 0025-AD-Missing-header-in-ad_access.h.patch
  + 0026-GPO-Add-ad_options-to-ad_gpo_process_som_state.patch
  + 0027-GPO-Use-AD-site-override-if-set.patch
  + 0030-sssctl-Showing-help-even-when-sssd-not-configured.patch
  + 0031-sssctl-move-check-for-version-error-to-correct-place.patch
  + 0032-MAN-Add-sss-certmap-man-page-regarding-priority-proc.patch
  + 0033-SDAP-Improve-a-DEBUG-message-about-GC-detection.patch
  + 0034-MAN-Improve-docs-about-GC-detection.patch
  + 0035-nss-idmap-do-not-set-a-limit.patch
  + 0036-nss-idmap-use-right-group-list-pointer-after-sss_get.patch
  + 0037-NSS-Add-InvalidateGroupById-handler.patch
  + 0038-DP-Add-dp_sbus_invalidate_group_memcache.patch
  + 0039-ERRORS-Add-ERR_GID_DUPLICATED.patch
  + 0040-LDAP-Augment-the-sdap_opts-structure-with-a-data-pro.patch
  + 0041-SDAP-Add-sdap_handle_id_collision_for_incomplete_gro.patch
  + 0042-SDAP-Properly-handle-group-id-collision-when-renamin.patch
  + 0043-SYSDB_OPS-Error-out-on-id-collision-when-adding-an-i.patch
  + 0044-TESTS-Add-an-integration-test-for-renaming-incomplet.patch
  + 0045-SYSDB-sysdb_add_incomplete_group-now-returns-EEXIST-.patch
  + 0046-MAN-Document-which-principal-does-the-AD-provider-us.patch
  + 0047-GPO-Fix-bug-with-empty-GPO-rules.patch
  + 0057-AD-Warn-if-the-LDAP-schema-is-overriden-with-the-AD-.patch
  + 0058-SYSDB-Only-check-non-POSIX-groups-for-GID-conflicts.patch
  + 0060-CACHE_REQ-Do-not-fail-the-domain-locator-plugin-if-I.patch
  + 0061-NSS-nss_clear_netgroup_hash_table-do-not-free-data.patch
  + 0062-SYSDB-Properly-handle-name-gid-override-when-using-d.patch
April 20, 2018 Evgeny Sinelnikov 1.16.1-alt5
- Set ownership of sssd.ldb even if local provider is not used
April 6, 2018 Evgeny Sinelnikov 1.16.1-alt4
- Build for e2k without selinux-policy-targeted
March 27, 2018 Sergey Bolshakov 1.16.1-alt3
- libnfsidmap soname bump
March 24, 2018 Evgeny Sinelnikov 1.16.1-alt2
- Revert libwbclient-sssd interface to version 0.14 for samba-4.7
March 12, 2018 Evgeny Sinelnikov 1.16.1-alt1
- Update to latest stable release
- Revert libwbclient-sssd interface to version 0.13 for samba-4.6
March 2, 2018 Evgeny Sinelnikov 1.15.3-alt7
- Rebuild with fixes from p8
Feb. 27, 2018 Alexey Shabalin 1.15.3-alt6
- Rebuild with http-parser-2.8.0
- backport fix for building the PAC plugin with krb5 1.16
Dec. 22, 2017 Evgeny Sinelnikov 1.15.3-alt5
- Fix logrotate insecure parent directory permissions (closes: 34335)
- Fix trouble with incomplete group object found during initgroups
Nov. 23, 2017 Evgeny Sinelnikov 1.15.3-alt5
- Backport sssd to legacy stable branches
- Fix trouble with ubt macros id on branch c8
Nov. 21, 2017 Evgeny Sinelnikov 1.15.3-alt5
- Backport sssd to stable branches
Nov. 21, 2017 Evgeny Sinelnikov 1.15.3-alt5
- Don't restart sssd services until reboot or manual restart (ALT #34054)
Nov. 3, 2017 Sergey Bolshakov 1.15.3-alt4
- relocate nfs-idmap plugin back under %_libdir
Sept. 21, 2017 Evgeny Sinelnikov 1.15.3-alt3
- Avoid build another trouble with ubt macros id on branch c8
Sept. 20, 2017 Evgeny Sinelnikov 1.15.3-alt2
- Avoid build trouble with ubt macros id on branch c8
Aug. 17, 2017 Evgeny Sinelnikov 1.15.3-alt1
- Update to latest release with:
 + SSSD Kerberos credentials manager (sssd-kcm)
 + SSSD Certficate Mapping Library (libsss_certmap)
July 15, 2017 Evgeny Sinelnikov 1.15.2-alt7
- Rebuild new version with latest fixes for p7 and c7
June 17, 2017 Evgeny Sinelnikov 1.15.2-alt6
- Fix PAM config with pam_localuser.so
June 16, 2017 Evgeny Sinelnikov 1.15.2-alt5
- Update PAM config with pam_localuser.so
June 9, 2017 Evgeny Sinelnikov 1.15.2-alt4
- Add PAM auth config with pam_localuser.so
April 28, 2017 Evgeny Sinelnikov 1.15.2-alt3
- Fix PAM config with pam_localuser.so for separate configuration for local and global users
April 7, 2017 Evgeny Sinelnikov 1.15.2-alt2
- Rebuild with http-parser-2.7.1
March 23, 2017 Evgeny Sinelnikov 1.15.2-alt1
- Updated to last spring release
March 8, 2017 Evgeny Sinelnikov 1.14.2-alt6
- Rebuild with libldb-1.1.29
Feb. 28, 2017 Evgeny Sinelnikov 1.14.2-alt5
- Add _sssd user to _keytab group
- Set right group privileges: use initgroups() instead of setgroups()
Jan. 12, 2017 Evgeny Sinelnikov 1.14.2-alt4
- Set selinux provider none only if selinux disabled
Dec. 31, 2016 Evgeny Sinelnikov 1.14.2-alt3
- Set default selinux provider to none
Dec. 5, 2016 Evgeny Sinelnikov 1.14.2-alt2
- Set sssd.conf owner to root:root
  due it hardcoded in sss_ini_config_access_check()
Nov. 7, 2016 Alexey Shabalin 1.14.2-alt1
- 1.14.2
Sept. 13, 2016 Evgeny Sinelnikov 1.14.1-alt2
- Rebuild with libldb-1.1.27
Aug. 30, 2016 Alexey Shabalin 1.14.1-alt1
- 1.14.1
July 8, 2016 Alexey Shabalin 1.14.0-alt1
- 1.14.0
April 25, 2016 Alexey Shabalin 1.13.4-alt1
- 1.13.4
March 4, 2016 Andrey Cherepanov 1.13.3-alt1.2
- Rebuild with libldb-1.1.26
Jan. 12, 2016 Andrey Cherepanov 1.13.3-alt1.1
- Rebuild with libldb-1.1.25
Dec. 28, 2015 Alexey Shabalin 1.13.3-alt1
- 1.13.3
Dec. 17, 2015 Andrey Cherepanov 1.13.2-alt1.1
- Rebuild with libldb-1.1.24
Dec. 9, 2015 Alexey Shabalin 1.13.2-alt1
- 1.13.2
Nov. 16, 2015 Andrey Cherepanov 1.13.1-alt0.2
- Rebuild with libldb-1.1.23
Sept. 10, 2015 Alexey Shabalin 1.13.1-alt0.1
- upstram snapshot
July 20, 2015 Alexey Shabalin 1.13.0-alt1
- 1.13.0
- add alternatives for libwbclient
- add alternatives for cifs-idmap plugin
- use _sssd user for run services
April 20, 2015 Alexey Shabalin 1.12.4-alt2.git.bdb7e
- branch upstream/sssd-1-12 bdb7e7f514629696e73902b2af3a93839be3e8a4
March 23, 2015 Alexey Shabalin 1.12.4-alt1
- 1.12.4
Jan. 12, 2015 Alexey Shabalin 1.12.3-alt1
- 1.12.3
Dec. 16, 2014 Alexey Shabalin 1.12.2-alt2
- rebuild with libldb-1.1.18
Nov. 13, 2014 Alexey Shabalin 1.12.2-alt1
- 1.12.2
Sept. 10, 2014 Alexey Shabalin 1.12.1-alt1
- 1.12.1
- add libwbclient package
July 28, 2014 Alexey Shabalin 1.12.0-alt1
- 1.12.0
June 4, 2014 Alexey Shabalin 1.11.6-alt1
- 1.11.6
May 15, 2014 Alexey Shabalin 1.11.5.1-alt2
- rebuild with new libldb
April 28, 2014 Alexey Shabalin 1.11.5.1-alt1
- 1.11.5.1
March 12, 2014 Alexey Shabalin 1.11.4-alt2
- add pam config files
- add libsasl2-plugin-gssapi to Requires for krb5-common
Feb. 18, 2014 Alexey Shabalin 1.11.4-alt1
- 1.11.4
Feb. 4, 2014 Alexey Shabalin 1.11.3-alt1
- initial build
Back to Top