<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>
<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">
<h3>
Timo Aaltonen pushed to branch master
at <a href="https://salsa.debian.org/sssd-team/sssd">Debian SSSD packaging / sssd</a>
</h3>
<h4>
Commits:
</h4>
<ul>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a2fc3a3adf994df334f07484937055e1ef6773ae">a2fc3a3a</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2021-07-12T21:39:48+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update version in version.m4 to track the next release
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/1dae17bf93a74b62b2a563f3dc2aa98f9536958f">1dae17bf</a></strong>
<div>
<span>by Justin Stephenson</span>
<i>at 2021-07-14T11:42:34+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">TESTS: Make test_kcm_renewals idempotent
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/dab4448debf6791d0541308b514006b5231195f7">dab4448d</a></strong>
<div>
<span>by Jakub Jelen</span>
<i>at 2021-07-19T14:29:12+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">p11_child: Add missing newline after log message
Reviewed-by: Michal Židek <mzidek@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/3e7aa1071990f1777c2aea7253e685104dab9889">3e7aa107</a></strong>
<div>
<span>by Yuri Chornoivan</span>
<i>at 2021-07-19T14:30:21+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix minor typo: indicated -> indicate
Reviewed-by: Michal Židek <mzidek@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b6fe76e7ec5e4dedfc6a056aa313807e34abeacb">b6fe76e7</a></strong>
<div>
<span>by Anuj Borah</span>
<i>at 2021-07-19T15:03:38+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Tests: SSSD is generating lot of LDAP queries in a very large environment Issue: https://github.com/SSSD/sssd/issues/5121 Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1772513
Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/861e226b5f8588d491a20b14aa9536f63746a723">861e226b</a></strong>
<div>
<span>by Weblate</span>
<i>at 2021-07-20T12:27:30+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">po: update translations
(Russian) currently translated at 47.2% (1333 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ru/
po: update translations
(Japanese) currently translated at 36.5% (1030 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ja/
po: update translations
(Chinese (Simplified) (zh_CN)) currently translated at 100.0% (730 of 730 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/zh_CN/
po: update translations
(French) currently translated at 100.0% (730 of 730 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/fr/
po: update translations
(Japanese) currently translated at 100.0% (730 of 730 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ja/
po: update translations
(Japanese) currently translated at 100.0% (730 of 730 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ja/
po: update translations
(Korean) currently translated at 3.5% (26 of 730 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/
po: update translations
(Ukrainian) currently translated at 100.0% (2821 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/uk/
po: update translations
(Russian) currently translated at 41.1% (1160 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ru/
Added translation using Weblate (Korean)
po: update translations
(Ukrainian) currently translated at 99.8% (2816 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/uk/
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/cdc75c539da591c8cb6ed57edfba194f148981ea">cdc75c53</a></strong>
<div>
<span>by Sumit Bose</span>
<i>at 2021-07-20T13:37:28+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">tests: do not use libcheck include file in cmocka tests
The common_check.h header file adds libcheck related macros which are
not needed by cmocka test, using common.h is sufficient here.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7fdff741a7acaf016390988e5795df6bf03e7605">7fdff741</a></strong>
<div>
<span>by Sumit Bose</span>
<i>at 2021-07-20T13:37:28+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">test: replace deprecated libcheck macros
The fail* macros are deprecated by libcheck some time ago. Recently a
fix for a different issue in those macros cause a 'too many arguments
for format' compiler warning which won't be fixed on the libckeck side
since the macros are deprecated.
This patch replaces the deprecated macros with the new ones:
- fail -> ck_abort_msg
- fail_unless -> ck_assert_msg
- fail_if -> sss_ck_fail_if_msg
The fail_if macro does not have a corresponding new version and I added
a local replacement sss_ck_fail_if_msg which is based on ck_assert_msg.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9b24b8db24f0e6fb93f8e16991d7a98ff0c5d9e7">9b24b8db</a></strong>
<div>
<span>by Anuj Borah</span>
<i>at 2021-07-28T15:17:44+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Tests: Add support to verify authentication indicators in pam_sss_gss
Error code of '[pam_cmd_gssapi_sec_ctx] (0x0400): Check if
acquired service ticket has req. indicators:'.
'2' is 'not applied' (ENOENT)
Verifies: https://github.com/SSSD/sssd/issues/5482
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1926622
Reviewed-by: Steeve Goveas <sgoveas@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/85723a7b88e22da15964f1432743825310916434">85723a7b</a></strong>
<div>
<span>by Anuj Borah</span>
<i>at 2021-07-28T15:18:01+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Tests: fix sss_cache to also reset cached timestamp
Issue: https://github.com/SSSD/sssd/issues/5596
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1902280
Reviewed-by: Steeve Goveas <sgoveas@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6f1188a0619cbc52103361f89e6c3102afca51d2">6f1188a0</a></strong>
<div>
<span>by Steeve Goveas</span>
<i>at 2021-07-29T12:03:53+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">TEST: Add id and fix indentation in docstrings
Reviewed-by: Anuj Borah <aborah@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f546088226872f24722bdd94388816792bd5891a">f5460882</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2021-07-29T14:19:01+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Basics of 'subid ranges' support for IPA provider.
:feature: Basic support of user's 'subuid and subgid ranges' for IPA
provider and corresponding plugin for shadow-utils were introduced.
Limitations:
- single subid interval pair (subuid+subgid) per user
- idviews aren't supported
- only forward lookup (user -> subid ranges)
Take a note, this is MVP of experimental feature. Significant changes
might be required later, after initial feedback.
Corresponding support in shadow-utils was merged upstream, but since there
is no upstream release available yet, SSSD feature isn't built by default..
Build can be enabled with `--with-subid` configure option.
Plugin's install path can be configured with `--with-subid-lib-path=`
("${libdir}" by default)
For additional details about support in shadow-utils please see discussion
in https://github.com/shadow-maint/shadow/issues/154 and in related PRs.
:config: New IPA provider's option `ipa_subid_ranges_search_base` allows
configuration of search base for user's subid ranges.
Default: `cn=subids,%basedn`
Resolves: https://github.com/SSSD/sssd/issues/5197
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/44525a9995c775ac284a6203d0e505dc4bf0d459">44525a99</a></strong>
<div>
<span>by Paweł Poławski</span>
<i>at 2021-08-09T11:22:27+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">General: Hardeninig getenv() usage
Pointer returned by getenv() should be cached locally before
it is passed down to sub functions.
This PR fixes this for:
* pam_sm_authenticate()
* sysdb_ldb_connect()
* files_init_file_sources()
Reviewed-by: Michal Židek <mzidek@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/365cd676c9fbeed8246c4e0c017dcac0c72a2526">365cd676</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2021-08-11T14:52:56+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">NSS: don't treat absent 'CLEAR_MC_FLAG' as an error (This is expected in case of SIGHUP sent for log rotation.)
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7ab83f97e1cbefb78ece17232185bdd2985f0bbe">7ab83f97</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2021-08-16T16:35:49+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">TOOLS: replace system() with execvp() to avoid execution of user supplied command
:relnote: A flaw was found in SSSD, where the sssctl command was
vulnerable to shell command injection via the logs-fetch and
cache-expire subcommands. This flaw allows an attacker to trick
the root user into running a specially crafted sssctl command,
such as via sudo, to gain root access. The highest threat from this
vulnerability is to confidentiality, integrity, as well as system
availability.
This patch fixes a flaw by replacing system() with execvp().
:fixes: CVE-2021-3621
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c1dd121142fb22648793a38e45257b348d658460">c1dd1211</a></strong>
<div>
<span>by Paweł Poławski</span>
<i>at 2021-08-16T16:36:10+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">general: Fix compilation warnings
Commit 44525a9 introduced compilation warnings related to type casting.
This commit fixes this by removing "const" qualifier where it is
optional.
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/26654d3e5f5882dd1681116cb49228d108351d48">26654d3e</a></strong>
<div>
<span>by Sumit Bose</span>
<i>at 2021-08-16T16:36:26+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">cache_req: cache_first fix for fully-qualified names
With commit b572871236a7f9059d375a5ab1bff8cbfd519956 "cache_req:
introduce cache_behavior enumeration" the processing of cache and
backend lookups was refactored. Unfortunately this introduce an issue
when looking up users or groups with a fully-qualified name and the
'cache_first = True' option is set.
In the old code the case when a domain name is available was handle
before the cache_first first option was evaluated and cache_req was
instructed to first look in the cache and then call the backend if the
object is not available or expired, i.e. the default behavior. Since
only a single domain is involved this is in agreement with 'cache_first
= True' and only a single iteration is needed.
In the new code the cache_first option is evaluated before the presence
of a domain name is checked and as a result even for single domain
searches the first cache_req iteration is only looking at the cache and
will not call the backend. This means the now for searches with a
fully-qualified name a second iteration is needed if the object was not
found in the cache.
Unfortunately the old exit condition that if a domain name is present
only a single iteration is needed is still present in the new code which
effectively makes requests with fully-qualified named only search the
cache and never call the backends. This patch removes the exit condition
and does a second iteration for fully-qualified names as well if
'cache_first = True' is set.
Resolves: https://github.com/SSSD/sssd/issues/5744
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b9f8c2f99d04da6d75bdde5111f2a389e1faff8b">b9f8c2f9</a></strong>
<div>
<span>by Assaf Morami</span>
<i>at 2021-08-23T12:27:48+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">p11_child: do_card partially fix loop exit condition when searching for token
This commit fixes the exit condition when searching for a token in p11_child/do_card,
specifically in case a token is present in a slot, but there are empty slots before it.
This commit partially fixes issue #5025,
thanks to this comment by @sumit-bose: https://github.com/SSSD/sssd/issues/5025#issuecomment-801842175
:relnote: p11_child does not stop at the first empty slot when searching for tokens
Co-Authored-By: Sumit Bose <sbose@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d41e956c6e67be2fe9d1f1f96b0e170c746bfd44">d41e956c</a></strong>
<div>
<span>by Justin Stephenson</span>
<i>at 2021-08-23T12:28:15+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">MONITOR: Return success from genconf with no config
Resolves: https://github.com/SSSD/sssd/issues/5729
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/bd2ccbf69af8e5836f6f6e09a893d54428d903c5">bd2ccbf6</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2021-08-25T11:41:28+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">file utils: reduce log level in remove_tree_with_ctx() Users of this function are responsible to decide if fail is critical.
Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a1f7035b39d3cdc7980c2c9478f8edb12828c4b6">a1f7035b</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2021-08-25T11:41:51+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">remove deprecated talloc_autofree_context()
```
/home/pbrezina/workspace/sssd/src/util/server.c: In function ‘server_setup’:
/home/pbrezina/workspace/sssd/src/util/server.c:545:5: error: ‘talloc_autofree_context’ is deprecated [-Werror=deprecated-declarations]
545 | event_ctx = tevent_context_init(talloc_autofree_context());
| ^~~~~~~~~
In file included from /usr/include/ldb.h:50,
from /home/pbrezina/workspace/sssd/src/util/server.c:33:
/usr/include/talloc.h:1071:16: note: declared here
1071 | _PUBLIC_ void *talloc_autofree_context(void) _DEPRECATED_;
| ^~~~~~~~~~~~~~~~~~~~~~~
```
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/575e1899edbf3418c79aecb5e4feda868c119d53">575e1899</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2021-08-25T11:41:51+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">fix warnings around sss_getenv()
Introduced in
- 44525a9995c775ac284a6203d0e505dc4bf0d459
- c1dd121142fb22648793a38e45257b348d658460
```
/home/pbrezina/workspace/sssd/src/db/sysdb_init.c: In function ‘sysdb_ldb_connect’:
/home/pbrezina/workspace/sssd/src/db/sysdb_init.c:82:49: error: passing argument 3 of ‘sss_getenv’ from incompatible pointer type [-Werror=incompatible-pointer-types]
82 | ret = sss_getenv(tmp_ctx, LDB_MODULES_PATH, &mod_path);
| ^~~~~~~~~
| |
| const char **
In file included from /home/pbrezina/workspace/sssd/src/db/sysdb_init.c:23:
/home/pbrezina/workspace/sssd/src/util/util.h:806:75: note: expected ‘char **’ but argument is of type ‘const char **’
806 | errno_t sss_getenv(TALLOC_CTX *mem_ctx, const char *variable_name, char **_value);
/home/pbrezina/workspace/sssd/src/providers/files/files_init.c: In function ‘files_init_file_sources’:
/home/pbrezina/workspace/sssd/src/providers/files/files_init.c:61:26: error: assignment discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
61 | dfl_passwd_files = DEFAULT_PASSWD_FILE;
| ^
/home/pbrezina/workspace/sssd/src/providers/files/files_init.c:77:25: error: assignment discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
77 | env_group_files = DEFAULT_GROUP_FILE;
| ^
```
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9f58bef3e2161e529fa1b35f7698837eea10ee51">9f58bef3</a></strong>
<div>
<span>by Justin Stephenson</span>
<i>at 2021-08-30T10:57:36+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CI: unset DEBUGINFOD_URLS
Fedora 35 adds support to automatically fetch debuginfo, this
causes slowness in valgrind and leads to timeouts/systemd-oomd
invoked on the CI make check valgrind step.
https://fedoraproject.org/wiki/Changes/DebuginfodByDefault
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a67d3bc80810cd9769e5345ea44fb37a909f9b88">a67d3bc8</a></strong>
<div>
<span>by Anuj Borah</span>
<i>at 2021-08-30T10:57:50+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Test: Fix RHEL9.0 Regression - alltests-tier1
There is no "implicit" 'files provider' enabled
by default on RHEL9, SSSD doesn't serve local
users if you didn't configure this in `domains`
list explicitly. So adding a domain with
id_provider = files.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Anuj Borah <aborah@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/818e4f92526cbd117ef91a31261fbd92d4a84110">818e4f92</a></strong>
<div>
<span>by Shridhar Gadekar</span>
<i>at 2021-09-02T11:34:46+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Tests: Randomize sudo refresh timeouts
Veifies: #5609
Bugzilla: @pytest.fixture(scope='function')
Signed-off-by: Shridhar Gadekar <sgadekar@sgadekar.pnq.csb>
Reviewed-by: Anuj Borah <aborah@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c037432c3a606dce83e1a03a7db12c80294f67a7">c037432c</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2021-09-02T11:35:05+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">BUILD: get rid of PCRE support
:relnote: This release removes pcre1 support. pcre2 is used
unconditionally.
Resolves: https://github.com/SSSD/sssd/issues/5768
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6acb1d635af4d9113bd42e14cbda0612b796d157">6acb1d63</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2021-09-02T11:35:05+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">UNICODE: drop support of glib2 for Unicode processing
:relnote: This release drops support of `--with-unicode-lib` configure option.
`libunistring` will be used unconditionally for Unicode processing.
Resolves: https://github.com/SSSD/sssd/issues/5767
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/3e94b64daa7638fb53e3f527d4308d9d1875c517">3e94b64d</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2021-09-03T14:50:56+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Got rid of 'local' provider.
:relnote: Support of long time deprecated 'local' provider was dropped.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a9218fbe0b36ec2b1ffba70ba6028aabfcfe4ef8">a9218fbe</a></strong>
<div>
<span>by David Ward</span>
<i>at 2021-09-06T13:57:07+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">p11_child: Restore functionality of --wait_for_card
Previously, the loop in do_card() would find the first PKCS#11 slot with
support for removable tokens, whether or not a token was present. If one
was not, and --wait_for_card was specified, then it would wait for a token
to be inserted in this slot (or any slot in the same PKCS#11 module).
Commit b9f8c2f99d04 ("p11_child: do_card partially fix loop exit condition
when searching for token") changed the loop so it finds the first PKCS#11
slot that has a removable token present. Adjust this to allow the existing
handling of --wait_for_card to work when no token is found. Fixes #5746.
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f3aa4b47a2f896c251802868583e8b6a499b21f4">f3aa4b47</a></strong>
<div>
<span>by David Ward</span>
<i>at 2021-09-06T13:57:07+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">p11_child: Ensure OpenSSL cleanup is performed
OpenSSL is initialized during init_p11_ctx(), which also sets a destructor
that will perform OpenSSL cleanup when p11_ctx is freed.
During init_verification(), the destructor for p11_ctx is replaced, and as
a result OpenSSL cleanup will no longer occur. Merge these destructors into
one which works correctly whether or not init_verification() was called.
Additionally, OpenSSL cleanup does not occur if the memory allocation for
p11_ctx fails. Re-order the steps in init_p11_ctx() so this is not needed..
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/3f1d03fc6cc6179a52f31e96802f322e9e3ac0a9">3f1d03fc</a></strong>
<div>
<span>by David Ward</span>
<i>at 2021-09-06T13:57:07+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">p11_child: Handle failure from p11_kit_uri_new()
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f5a9d8141b4af2ba05d6ef12e990aadea59c878c">f5a9d814</a></strong>
<div>
<span>by David Ward</span>
<i>at 2021-09-06T13:57:07+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">p11_child: Return updated CK_SLOT_INFO from wait_for_card()
When a token has been inserted, wait_for_card() returns the corresponding
slot ID. Update the slot info as well.
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a036fc871588372a75c2111cf2075453f4a3eb7f">a036fc87</a></strong>
<div>
<span>by David Ward</span>
<i>at 2021-09-06T13:57:07+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">p11_child: Fix printing of non-null-terminated strings in do_card()
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ccebfc9cfbb082e2998f89f7dc1cbdccd0472ec3">ccebfc9c</a></strong>
<div>
<span>by Jakub Vavra</span>
<i>at 2021-09-07T08:17:03+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Tests: Add test_nss_get_by_name_with_private_group.
Verifies
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1837090
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e8055b8a2addf9cd0c1d76509a66fcc29aa89195">e8055b8a</a></strong>
<div>
<span>by Weblate</span>
<i>at 2021-09-07T15:52:32+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">po: update translations
(Korean) currently translated at 9.1% (258 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/
po: update translations
(Korean) currently translated at 6.5% (48 of 730 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/
po: update translations
(Finnish) currently translated at 3.2% (92 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/fi/
po: update translations
(Swedish) currently translated at 100.0% (2821 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/sv/
po: update translations
(Korean) currently translated at 6.4% (47 of 730 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/
po: update translations
(Swedish) currently translated at 98.9% (2791 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/sv/
po: update translations
(Korean) currently translated at 8.1% (230 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/
po: update translations
(Finnish) currently translated at 5.6% (41 of 730 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/fi/
po: update translations
(Swedish) currently translated at 98.2% (2771 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/sv/
po: update translations
(Swedish) currently translated at 97.2% (2743 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/sv/
po: update translations
(Swedish) currently translated at 97.1% (2741 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/sv/
po: update translations
(Swedish) currently translated at 95.7% (2701 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/sv/
po: update translations
(Russian) currently translated at 100.0% (2821 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ru/
po: update translations
(Russian) currently translated at 100.0% (730 of 730 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ru/
po: update translations
(Russian) currently translated at 100.0% (2821 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ru/
po: update translations
(Korean) currently translated at 3.5% (99 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/
po: update translations
(Swedish) currently translated at 95.5% (2696 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/sv/
po: update translations
(Russian) currently translated at 98.0% (2766 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ru/
po: update translations
(Russian) currently translated at 100.0% (730 of 730 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ru/
po: update translations
(Swedish) currently translated at 93.2% (2631 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/sv/
po: update translations
(Turkish) currently translated at 10.9% (80 of 730 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/tr/
po: update translations
(Swedish) currently translated at 100.0% (730 of 730 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/sv/
po: update translations
(Russian) currently translated at 92.9% (2623 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ru/
po: update translations
(Russian) currently translated at 100.0% (730 of 730 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ru/
po: update translations
(Russian) currently translated at 85.8% (2422 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ru/
po: update translations
(Turkish) currently translated at 7.3% (54 of 730 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/tr/
po: update translations
(Korean) currently translated at 2.3% (67 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/
po: update translations
(Korean) currently translated at 6.1% (45 of 730 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/
po: update translations
(Russian) currently translated at 82.4% (2327 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ru/
po: update translations
(Korean) currently translated at 2.3% (66 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/
po: update translations
(Korean) currently translated at 5.7% (42 of 730 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/
po: update translations
(Russian) currently translated at 78.6% (2219 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ru/
po: update translations
(Russian) currently translated at 76.6% (2162 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ru/
po: update translations
(Korean) currently translated at 2.2% (64 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/
po: update translations
(Russian) currently translated at 75.1% (2119 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ru/
po: update translations
(Spanish) currently translated at 67.2% (1898 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/es/
po: update translations
(Russian) currently translated at 100.0% (730 of 730 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ru/
po: update translations
(Korean) currently translated at 1.2% (35 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/
po: update translations
(Korean) currently translated at 4.6% (34 of 730 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/
Added translation using Weblate (Korean)
po: update translations
(Russian) currently translated at 61.2% (1729 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ru/
po: update translations
(Russian) currently translated at 52.8% (1490 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ru/
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9e47b63e4fe5c17b1fb308ce98a5f04ce5b5624b">9e47b63e</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2021-09-08T10:36:23+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">configure: do not unset PYTHON_PREFIX and PYTHON_EXEC_PREFIX
Recent changes in autoconf changed location of directories from:
```
checking for /usr/bin/python3 script directory... ${prefix}/lib/python3.9/site-packages
checking for /usr/bin/python3 extension module directory... ${exec_prefix}/lib64/python3.9/site-packages
```
to
```
checking for /usr/bin/python3 script directory... ${PYTHON_PREFIX}/lib/python3.10/site-packages
checking for /usr/bin/python3 extension module directory... ${PYTHON_EXEC_PREFIX}/lib64/python3.10/site-packages
```
However, we unset these variables in SSS_CLEAN_PYTHON_VARIABLES and
therefore the correct prefix is not applied anymore during installation.
Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/1d4095fbbd5f05db9b1861fca57671d258c73b85">1d4095fb</a></strong>
<div>
<span>by Steeve Goveas</span>
<i>at 2021-09-08T10:36:40+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">TEST: usermod -d needs absolute path
usermod -d failed when it was given an empty string to update. This was
noticed in #5754. Updating test to check for modified home dir
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4b7b6fa70399654b8a6d2f691be832c0680ee1fb">4b7b6fa7</a></strong>
<div>
<span>by Justin Stephenson</span>
<i>at 2021-09-08T10:36:55+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">KCM: Add krb5-libs dependency in spec
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b606eb62c73176c2df7863ffc99ae1a8024b4676">b606eb62</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2021-09-09T10:23:53+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">spec: fix invalid condition
This was introduced in 4b7b6fa70399654b8a6d2f691be832c0680ee1fb
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/dfb6594e3ce98c6bd543ceebf739eef70955950d">dfb6594e</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2021-09-13T12:03:35+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">ad: fallback to ldap if cldap is not available in libldap
Some distributions do not have cldap support available in libldap. Now
we fallback to ad ping over ldap conditionally during build time.
Resolves: https://github.com/SSSD/sssd/issues/5720
:fixes: AD ping is now sent over `ldap` if `cldap` support is not available
during build. This helps to build SSSD on distributions without `cldap`
support in `libldap`.
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/bd422ccdf74f2a0b0107be7937af165b343b1371">bd422ccd</a></strong>
<div>
<span>by Anuj Borah</span>
<i>at 2021-09-16T11:17:33+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Tests: Suppress log message
Suppress log message "[sssd] [service_signal_done]
(0x0010): Unable to signal service [2]:
No such file or directory" during logrote
bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1909755
Reviewed-by: Steeve Goveas <sgoveas@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c3a8aad2b5f39b87664c0a9588c8077898f6e2b3">c3a8aad2</a></strong>
<div>
<span>by Anuj Borah</span>
<i>at 2021-09-16T11:18:16+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Tests: RHEL9.0 Regression - alltests-tier1_2
1. 'files provider' enabled
2. nss-pam-ldapd has been removed from rhel9.
Reviewed-by: Steeve Goveas <sgoveas@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ef6aa9e440c89a4076ce69c393780130680b1b89">ef6aa9e4</a></strong>
<div>
<span>by Sumit Bose</span>
<i>at 2021-09-20T13:00:51+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">krb5: fix ccache ownership for offline Smartcard authentication
During Smartcard authentication/PKINIT the krb5_child process is running
as privileged user for some time to make sure pcscd allows access to the
Smartcard. If SSSD is offline those privileges are currently not dropped
before creating an empty ccache and as a result file based ccaches might
have a wrong ownership. With the patch the privileges are dropped is
SSSD is offline and the ccache is created with the expected ownership.
Resolves: https://github.com/SSSD/sssd/issues/5785
:fixes: ccache files are created with the right ownership during offline
Smartcard authentication
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a5716cd74a7c8bdf7a64a4862cccc5380884b483">a5716cd7</a></strong>
<div>
<span>by Jakub Vavra</span>
<i>at 2021-09-20T13:07:48+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Tests: Add AD Parameters tests ported from bash.
Reviewed-by: Dan Lavu <dlavu@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e92988a627b8be3dd5d4f875861b511fa11586ab">e92988a6</a></strong>
<div>
<span>by Sumit Bose</span>
<i>at 2021-09-24T14:24:10+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">debug: reduce logging of GetAccountDomain() in the frontends
The return code ERR_GET_ACCT_DOM_NOT_SUPPORTED is an expected return
code if the backend does not support the GetAccountDomain() request and
there is no need to have a log message for this on the default log level
or to trigger a backtrace in the logs in this case.
For all other error a log message at the default log level make sense to
indicate an issue in the backend but a backtrace in the frontend logs is
not needed as well.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ca8b655fb676dde48eb72cfa6a520c696ada362c">ca8b655f</a></strong>
<div>
<span>by Sumit Bose</span>
<i>at 2021-09-24T14:24:10+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">debug: suppress backtrace for backend errors
Only log a message in the frontend without a backtrace if the backend
returns an error.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2a617c0efc07d10efc0688652bfe7ab2d8d6f477">2a617c0e</a></strong>
<div>
<span>by Sumit Bose</span>
<i>at 2021-09-24T14:24:21+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">sdap: always create sdap object for a forest root
Even if the forest root is disabled for user and group lookups a sdap
object is needed to lookup trusted domains.
This already works if the forest root is discovered for the first time
at runtime. But if SSSD is restarted only the domain object but not the
sdap object is created.
Resolves: https://github.com/SSSD/sssd/issues/5770
:fixes: Even if the forest root is disabled for lookups all required
internal data is initialized to be able to refresh the list of trusted
domains in the forest from a DC of the forest root.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/aab4fe9cf3c40af6c39785f4d9a44960344ddff7">aab4fe9c</a></strong>
<div>
<span>by Anuj Borah</span>
<i>at 2021-09-24T14:24:41+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Tests: SSSD logs improvements: clarify which config option applies to each timeout in the logs
issue: https://github.com/SSSD/sssd/issues/5514
bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1928648
Reviewed-by: Anuj Borah <aborah@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4be5fcd9afd62b1094eb27970627d327ac770127">4be5fcd9</a></strong>
<div>
<span>by Sumit Bose</span>
<i>at 2021-09-24T14:26:11+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">sysdb: more specific mpg search filter
Originally all user of an mpg domain had an automatically created
user-private group and as a result the ID space was unified in the sense
that a given ID either belongs to a group or to a user with a
user-private group.
With the introduction of id-overrides and the auto_private_groups option
this assumption is not true anymore and as a result the search filter
for GIDs must be more specific with respect to the user objects.
Resolves: https://github.com/SSSD/sssd/issues/5790
:fixes: Improve mpg search filter to be more reliable with id-overrides
and the new auto_private_groups options.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/10d33986caa0c2e0e0f6e0282afc0c02039b3e97">10d33986</a></strong>
<div>
<span>by Anuj Borah</span>
<i>at 2021-10-01T12:51:14+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Tests: Fix RHEL8.5 failures for IDM-CI
Fix test case: test_009_maps_after_coming_online
Fix some code errors in utils.py
Reviewed-by: Steeve Goveas <sgoveas@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f0925489a4d1f03cd4879670926dc6e54efc5187">f0925489</a></strong>
<div>
<span>by Steeve Goveas</span>
<i>at 2021-10-01T12:51:41+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Tests: Add firewalld package install on clients
Reviewed-by: Anuj Borah <aborah@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b22f6195c5552c1ef4389bab061c686039869c88">b22f6195</a></strong>
<div>
<span>by Anuj Borah</span>
<i>at 2021-10-01T12:51:53+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Tests: sss_cache prints spurious error messages
verifies: https://github.com/SSSD/sssd/issues/4904
bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1661182
Reviewed-by: Steeve Goveas <sgoveas@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/fd3e397cfcaff06fc0789960942e48251764555c">fd3e397c</a></strong>
<div>
<span>by Justin Stephenson</span>
<i>at 2021-10-05T11:21:44+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">KCM: Remove unneeded allocation
Memory is allocated later for the individual ccache when retrieved
with secdb_get_cc()
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e0d85ab6894493dab8832bffdafed52ca2e7d893">e0d85ab6</a></strong>
<div>
<span>by Shridhar Gadekar</span>
<i>at 2021-10-05T11:21:57+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Tests: improve sssd refresh timers for sudo queries
verifies:#5604
bugzilla:https://github.com/shridhargadekar/sssd/pull/new/sssd-3162
Reviewed-by: Steeve Goveas <sgoveas@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/aca2e08ba7546b043865e132ac55a034c0e82092">aca2e08b</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2021-10-05T11:22:08+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">krb5: remove unused mem_ctx from get_krb5_data_from_cred()
Also don't return value since it is useless.
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/55c5de2d5c84721ca733e2b593894ffe904cdfb4">55c5de2d</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2021-10-05T11:22:08+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">kcm: replace existing credentials to avoid unnecessary ccache growth
Currently, we just append input credential to the ccache. This however
make the ccache grow over time as credentials expires and more control
credentials are stored.
Now we remove or credentials that are the same and overwrite them with
the input credential.
Resolves: https://github.com/SSSD/sssd/issues/5775
:fixes: KCM now replace the old credential with new one when storing
an update credential that is however already present in the ccache
to avoid unnecessary growth of the ccache.
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/57247096b309a9e916dd8a1c712004d08b6ee9c5">57247096</a></strong>
<div>
<span>by Massimiliano Torromeo</span>
<i>at 2021-10-05T11:22:21+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">TEST: Use absolute path for the MODPATH assertions in python tests
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/efd155f0abebd2aae3f1a910fced1326bf3fa6a6">efd155f0</a></strong>
<div>
<span>by Sergio Durigan Junior</span>
<i>at 2021-10-05T11:22:32+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Improve assertion when verifying paths for Python modules
In Ubuntu we're facing a problem where the 3 Python tests under
src/tests/*-test.py are failing due to cosmetical differences between
what the '.__file__' method returns and what 'MODPATH' ends up being.
I have not been able to pinpoint exactly what is causing this issue;
it only happens when SSSD is built inside a chroot environment (with
sbuild, for example). The logs look like this:
F
======================================================================
FAIL: testImport (__main__.PyHbacImport)
Import the module and assert it comes from tree
----------------------------------------------------------------------
Traceback (most recent call last):
File "/<<PKGBUILDDIR>>/src/tests/pyhbac-test.py", line 91, in testImport
self.assertEqual(pyhbac.__file__, MODPATH + "/pyhbac.so")
AssertionError: '/<<PKGBUILDDIR>>/build/./tp_pyhbac_xw2omut2/pyhbac.so' != './tp_pyhbac_xw2omut2/pyhbac.so'
- /<<PKGBUILDDIR>>/build/./tp_pyhbac_xw2omut2/pyhbac.so
+ ./tp_pyhbac_xw2omut2/pyhbac.so
Given that the intention of the test is to verify that the two paths
are equal, I suggest that we do this slight improvement and call
'os.path.realpath' before comparing both paths. This way we guarantee
that they're both properly canonicalized.
I have verified that the tests still pass with this change.
Signed-off-by: Sergio Durigan Junior <sergio.durigan@canonical.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9121fbf9df34f5bc8d71d2fddb29b0b38c16c086">9121fbf9</a></strong>
<div>
<span>by Anuj Borah</span>
<i>at 2021-10-06T12:56:47+05:30</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Tests: Remove shadow-utils test cases from sssd repo
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/51eaed9d0627465ee90142dd092816abb84db3e9">51eaed9d</a></strong>
<div>
<span>by Anuj Borah</span>
<i>at 2021-10-06T11:06:54+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Tests: Fix Failure of sssctl_local test
Reviewed-by: Steeve Goveas <sgoveas@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/3d8dd1282ffb7d0188e36d0109340ce622745717">3d8dd128</a></strong>
<div>
<span>by Justin Stephenson</span>
<i>at 2021-10-06T11:07:05+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">debug: Add chain ID support for journald logger
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/1a1e914b95c6415533f318f32da58a04015fa912">1a1e914b</a></strong>
<div>
<span>by Mantas Mikulėnas</span>
<i>at 2021-10-06T11:07:17+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">NSS client: avoid using NETDB_INTERNAL if daemon is not available
It seems that returning NETDB_INTERNAL as h_errno will cause glibc's
getaddrinfo() to immediately return EAI_SYSTEM *without* falling through
to other configured NSS modules.
This means that if /etc/nsswitch.conf has 'sss' listed before 'dns' (for
example), hostname resolution will be completely broken whenever SSSD is
not running.
(Even hostname lookups done by SSSD itself will fail, as the _SSS_LOOPS
environment variable merely forces errno=0 but the getaddrinfo() call as
a whole still returns EAI_SYSTEM.)
This commit makes the NSS client return h_errno=NO_RECOVERY, as that's
what systemd's nss-resolve and nss-mymachines seem to be doing.
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/770c7ce9c8b92dff2196caa0b28bcbc55ebcf3d7">770c7ce9</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2021-10-07T12:39:10+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">debug: fix unused variable warnings
```
/home/pbrezina/workspace/sssd/src/util/debug.c: In function ‘sss_vdebug_fn’:
/home/pbrezina/workspace/sssd/src/util/debug.c:274:11: error: unused variable ‘result_fmt’ [-Werror=unused-variable]
274 | char *result_fmt;
| ^~~~~~~~~~
/home/pbrezina/workspace/sssd/src/util/debug.c:273:11: error: unused variable ‘chain_id_fmt_dyn’ [-Werror=unused-variable]
273 | char *chain_id_fmt_dyn = NULL;
| ^~~~~~~~~~~~~~~~
/home/pbrezina/workspace/sssd/src/util/debug.c:272:10: error: unused variable ‘chain_id_fmt_fixed’ [-Werror=unused-variable]
272 | char chain_id_fmt_fixed[256];
```
Introduced in: 3d8dd1282ffb7d0188e36d0109340ce622745717
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c4c0fd690d82f9a8a714784ad4e036a39e1017fc">c4c0fd69</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2021-10-07T12:40:35+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CONF: removed unused 'sbus_timeout' option
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8ed53d2841b919bc64081bc268fd3c36b1e89248">8ed53d28</a></strong>
<div>
<span>by Timotej Lazar</span>
<i>at 2021-10-07T12:41:40+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Include sys/types.h in debug.h
The chown_debug_file function has uid_t and gid_t arguments, defined
in types.h.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/bb6d9d9cf67666582288212c108060fd5e777ff1">bb6d9d9c</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2021-10-11T14:28:46+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">monitor: fix unused variable warning
```
src/monitor/monitor.c: In function ‘get_monitor_config’:
src/monitor/monitor.c:898:9: error: unused variable ‘timeout_seconds’ [-Werror=unused-variable]
898 | int timeout_seconds;
```
Introduced in c4c0fd690d82f9a8a714784ad4e036a39e1017fc.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/10069b1d39e671b7502c5211883c94ceaa91aebb">10069b1d</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2021-10-11T14:28:57+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Got rid of 'secrets' responder and it's support in KCM
:relnote: Support of long time deprecated 'secrets' responder was dropped..
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5bb5380cbf8cccf080906d1ca3c84ffae2da48da">5bb5380c</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2021-10-11T14:28:58+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">libsecrets was disbanded and merged into KCM responder as this is the only its user now.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9466aa4d94a4d926e13db6b5a51f7f80cd46ef46">9466aa4d</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2021-10-11T14:28:58+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">KCM: secrets db: got rid of legacy json format support
sssd_kcm doesn't use this format to store ccaches since 2.4.1
:relnote: Support of legacy json format for ccaches was dropped
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f5431c3a74c7bdfe1b86ea1c10c627c574fe0217">f5431c3a</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2021-10-11T14:28:58+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">KCM: secrets db: got rid of legacy encrypted payload format
sssd_kcm doesn't use this format to store ccaches since 2.4.1
Additionally, some leftovers of 'secrets' responder support were removed.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/dfb97f071803218c1e5678bd79b7fd6d5a21e0df">dfb97f07</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2021-10-11T14:28:58+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">crypto: removed sss_encrypt()/sss_decrypt() helpers as those aren't used anymore.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/29f8a795f67db651e95842cddf153975f97d9b3f">29f8a795</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2021-10-11T14:28:58+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">TESTS: avoid cross-test tainting of os.environ
Operations on `os.environ` reference were leaking settings from one test
to another (in particular `KRB5CCNAME` from `test_kcm.py` to
`test_pam_responder.py`)
Discovered by Pavel Březina.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/1e64a762fded96aa6f25cf3927f6ad8f44bb25f2">1e64a762</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2021-10-11T14:28:58+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">KCM: secdb: treat secdb_get_cc() == ENOENT the same way as corresponding key_by_*() == ENOENT (mostly)
Everywhere secdb_get_cc() is used there is a corresponding
key_by_*() executed first to create a `secdb_key`.
There is special handling in place already for a case when
key_by_*() returns ENOENT (return NULL cc, ERR_NO_CREDS).
And this seems to be properly handled further down the code paths.
Hence it makes sense to use the same logic if secdb_get_cc(secdn_key)
returns ENOENT - from user of those functions point of view there should
be no difference.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/629f149eb61e79d3da13f96e453f3f730bb881bb">629f149e</a></strong>
<div>
<span>by Weblate</span>
<i>at 2021-10-11T14:43:33+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">po: update translations
(Korean) currently translated at 12.3% (349 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/
po: update translations
(Korean) currently translated at 28.0% (205 of 730 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/
po: update translations
(Korean) currently translated at 12.2% (345 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/
po: update translations
(Korean) currently translated at 27.1% (198 of 730 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/
po: update translations
(Korean) currently translated at 11.5% (326 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/
po: update translations
(Turkish) currently translated at 13.5% (99 of 730 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/tr/
po: update translations
(Korean) currently translated at 10.3% (291 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/
po: update translations
(Korean) currently translated at 26.9% (197 of 730 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/
po: update translations
(Spanish) currently translated at 66.2% (1804 of 2724 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/es/
po: update translations
(Spanish) currently translated at 88.7% (648 of 730 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/es/
po: update translations
(Czech) currently translated at 4.0% (111 of 2724 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/cs/
po: update translations
(Czech) currently translated at 87.3% (638 of 730 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/cs/
po: update translations
(Korean) currently translated at 10.3% (291 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/
po: update translations
(Korean) currently translated at 26.3% (192 of 730 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/
po: update translations
(Korean) currently translated at 10.3% (291 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/
po: update translations
(Korean) currently translated at 10.3% (291 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/
po: update translations
(Korean) currently translated at 26.3% (192 of 730 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/
po: update translations
(Korean) currently translated at 26.3% (192 of 730 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/
po: update translations
(Korean) currently translated at 9.8% (278 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/
po: update translations
(Swedish) currently translated at 100.0% (2724 of 2724 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/sv/
po: update translations
(Finnish) currently translated at 5.7% (42 of 730 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/fi/
po: update translations
(Finnish) currently translated at 3.3% (91 of 2724 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/fi/
po: update translations
(Korean) currently translated at 9.6% (271 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/
po: update translations
(Korean) currently translated at 11.6% (85 of 730 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/
po: update translations
(Ukrainian) currently translated at 100.0% (2724 of 2724 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/uk/
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/11c7f6a65da28e8802d992d4d07682a500dc6350">11c7f6a6</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2021-10-11T14:55:53+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">pot: update pot files
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/794127106627e01e4ab9d242b8087bb5cccb9524">79412710</a></strong>
<div>
<span>by Sumit Bose</span>
<i>at 2021-10-13T19:29:35+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">krb5: use hidden file when creating config snippets
When creating config snippets fir libkrb5 SSSD first creates a temporary
file with a random suffix and renames this file after all content is
written. If this temporary file is not properly removed or renamed dur
to an error it might confuse libkrb5.
To avoid this confusion with this patch the temporary files are created
as hidden files, the name will start with a '.', which are ignored by
libkrb5.
Resolves: https://github.com/SSSD/sssd/issues/5824
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/03f6ef367d6907784dc358b75813098138c1b160">03f6ef36</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2021-10-13T19:29:48+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">krb5_child: fixed incorrect checks on length value
It is safer to isolate the checked (unknown/untrusted) value on
the left hand side in the conditions to avoid overflows/underflows.
(addition to 9f0bffebd070115ab47a92eadc6890a721c7b78d)
Resolves: https://github.com/SSSD/sssd/issues/2739
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/01ff8155baea989c42664985ea939cb93beb31e7">01ff8155</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2021-10-13T19:30:02+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">MONITOR: reduce logs severity around signalling and termination of services to avoid useless in those cases backtraces
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8e22258c1d7ba8ee04e397ddf562f5efa21c3d06">8e22258c</a></strong>
<div>
<span>by Anuj Borah</span>
<i>at 2021-10-13T19:30:13+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Tests: support subid ranges managed by FreeIPA
issue: https://github.com/SSSD/sssd/issues/5197
bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1803943
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Steeve Goveas <sgoveas@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/3343b5a8111368c03ed36b965995fc255cd8530d">3343b5a8</a></strong>
<div>
<span>by Justin Stephenson</span>
<i>at 2021-10-14T11:28:41+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">DP: Log offline warning for REQ_TRACE tracking
This allows the sssctl analyze parsing tool to report if the
backend was offline when the request came in to the data
provider.
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/26086212a986f1485e0e52771d7aa9c31c92d8a7">26086212</a></strong>
<div>
<span>by Justin Stephenson</span>
<i>at 2021-10-14T11:28:41+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Responder: Log client uid that started a request
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/82e051e1f15060554ecacc07107c82675369e0bb">82e051e1</a></strong>
<div>
<span>by Justin Stephenson</span>
<i>at 2021-10-14T11:28:41+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">TOOLS: Add sss_analyze utility
Add log parsing tool which can be used to track requests across
responder and backend logs.
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/097feb329c77f4d693beec05343baa4385b0d62b">097feb32</a></strong>
<div>
<span>by Justin Stephenson</span>
<i>at 2021-10-14T11:28:41+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">SSSCTL: Add analyze command
Wrapper for sss_analyze
Print a message about limited functionality when tevent chain ID
support is not built.
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/bd71ae53fc0b4bf58633bfd957f7eb1745814dfa">bd71ae53</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2021-10-14T11:43:05+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Release sssd-2.6.0
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/625274738b5f68418608be99b68d35c43079e2a1">62527473</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2021-10-18T12:37:03+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">DEBUG: fix missing "va_end"
Fixes following warning:
```
Error: VARARGS (CWE-237):
sssd-2.6.0/src/util/debug.c:294: va_init: Initializing va_list "ap_fallback".
sssd-2.6.0/src/util/debug.c:305: missing_va_end: "va_end" was not called for "ap_fallback".
# 303| debug_chain_id, format);
# 304| if (ret < 0) {
# 305|-> return;
# 306| }
# 307| result_fmt = chain_id_fmt_dyn;
```
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/305120b9ad7c9a9ce39420f474d9c8a4a3e77897">305120b9</a></strong>
<div>
<span>by Anuj Borah</span>
<i>at 2021-10-21T14:51:50+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Tests: Regression 8.5 - sssd-ipa
Changing sys_hostname to ip helps in testing in internal CI systems
Reviewed-by: Anuj Borah <aborah@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/92e1679943fd2a2a50c9e0e176a10a875cb3ac56">92e16799</a></strong>
<div>
<span>by Tomas Halman</span>
<i>at 2021-10-21T14:52:01+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CONFDB: Change ownership of config.ldb
Config database is owned by root. This prevents our socket
activated services to start because they are started under
the sssd user. Changing the ownership to sssd fixes the issue.
Resolves: https://github.com/SSSD/sssd/issues/5781
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7db6cfd0674d45a4e769b0beeb551c89cc89f92f">7db6cfd0</a></strong>
<div>
<span>by Tomas Halman</span>
<i>at 2021-10-21T14:52:01+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CONFDB: Change ownership before dropping privileges
>From previous SSSD version, config file can exist and can be
owned by root. To allow smooth transition we can change
the ownership.
This commit can be reverted later.
Resolves: https://github.com/SSSD/sssd/issues/5781
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/766fe6235083d38bc25ae5562cd67113262af015">766fe623</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2021-10-21T15:15:57+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">GPO: fixed compilation warning
Fixes following compilation warning:
```
../src/providers/ad/ad_gpo.c: In function ‘ad_gpo_access_send’:
../src/util/debug.h:138:5: warning: ‘%s’ directive argument is null [-Wformat-overflow=]
138 | sss_debug_fn(__FILE__, __LINE__, __FUNCTION__, \
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
139 | level, \
| ~~~~~~~~
140 | format, ##__VA_ARGS__); \
| ~~~~~~~~~~~~~~~~~~~~~~
../src/providers/ad/ad_gpo.c:1847:5: note: in expansion of macro ‘DEBUG’
1847 | DEBUG(SSSDBG_TRACE_FUNC, "service %s maps to %s\n", service,
| ^~~~~
```
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/84a4230b195f578c43d6e221b4a04f546fd998f9">84a4230b</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2021-10-21T15:15:57+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">KCM: fixed uninitialized value
Fixes following warnings:
```
Error: UNINIT (CWE-457):
sssd-2.6.0/src/responder/kcm/kcmsrv_ccache.c:285: var_decl: Declaring variable "ret" without initializer.
sssd-2.6.0/src/responder/kcm/kcmsrv_ccache.c:323: uninit_use: Using uninitialized value "ret".
# 321| krb5_free_context(kctx);
# 322|
# 323|-> return ret;
# 324| #else
# 325| return EOK;
Error: CLANG_WARNING:
sssd-2.6.0/src/responder/kcm/kcmsrv_ccache.c:323:5: warning[core.uninitialized.UndefReturn]: Undefined or garbage value returned to caller
# 321| krb5_free_context(kctx);
# 322|
# 323|-> return ret;
# 324| #else
# 325| return EOK;
```
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/bb94a18f0f0cba1e9fb5abf78b995d69e5f3c559">bb94a18f</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2021-10-25T14:30:18+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">cache_req: return success for autofs when ENOENT is returned from provider
The receive function should return true if data provider lookup was
successfull and false if there was an error. "Not found" result is
considered a successful lookup, only failure to perform a search
should result in false return code.
Resolves: https://github.com/SSSD/sssd/issues/5832
Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8db2485cd28e0af74bd008251ba49b6d6e3a73a6">8db2485c</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2021-10-25T14:30:39+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">sbus: maintain correct refcount before sending a reply
sbus_reply decreases the refcount of @reply. This usuall means that
refcount drops to zero and the message is freed. However, under
special circumstances the refcount is increased inside libdbus,
the refcount will be 1 when we leave the function and we drop it
to zero in talloc_free(state) later in this function. This will
leave an invalid message to be send inside dbus connection and
eventually crash.
Increasing the refcount here makes sure that the refcount is always
correct.
Resolves: https://github.com/SSSD/sssd/issues/5672
Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/de6eba31eaf19e7d8c87cc84aee140e29438336f">de6eba31</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2021-10-25T14:30:57+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed excessive includes around 'strtonum'
Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a2cc7daef2a1378aa12a21cd37a6369946e27bfc">a2cc7dae</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2021-10-25T14:30:57+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">'strtonum' helpers: usage sanitization
To properly check for an error during string to number conversion
one needs to:
- check `errno`
- check that something was really converted (i.e. start != end)
- (if this is expected) check that entire string was consumed
Some of those error conditions weren't checked in various locations
over the code.
Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/3c17a57e7cb30263b73e7b9456b896503be6bd45">3c17a57e</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2021-10-25T14:30:57+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">'strto*()': usage sanitization
To properly check for an error during string to number conversion
one needs to:
- check `errno`
- check that something was really converted (i.e. start != end)
- (if this is expected) check that entire string was consumed
Some of those error conditions weren't checked in various locations
over the code.
Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a664e9ce08ca6c0f9eb2e260b25463eea9c7829b">a664e9ce</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2021-10-25T14:30:57+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">TESTS: fixed a bug in define->string conversion
Previously result of `AS_STR(OFFLINE_TIMEOUT)` was "OFFLINE_TIMEOUT"
instead of expected integer value.
Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/48234ed8e4a06e78dcbaf57f09d540d484a79c0e">48234ed8</a></strong>
<div>
<span>by Anuj Borah</span>
<i>at 2021-10-25T15:14:57+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Tests: sss_override does not take precedence over override_homedir directive
bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1919942
Reviewed-by: Anuj Borah <aborah@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/86413e5f01339ce54bcece2d1d8b1b88d8823c1e">86413e5f</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2021-10-27T13:43:02+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">SUDO: decrease log level in case object wasn't found
It is expected sudo responder can be requested to lookup unknown entry.
One of typical examples is lookup for a local user.
Resolves: https://github.com/SSSD/sssd/issues/5839
Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/bd521abe254eb347069a59eda2f16263da7ee1d0">bd521abe</a></strong>
<div>
<span>by Shridhar Gadekar</span>
<i>at 2021-11-01T11:10:44+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Tests: pam_sss_gss.so doesn't work with large kerberos tickets #5815
Verifies: #5568
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1948657
Reviewed-by: Anuj Borah <aborah@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7cba8ed6ae965ffcae9c14269cde02ddc24eaa53">7cba8ed6</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2021-11-01T11:10:56+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">KCM: delete malformed 'cn=default' entries
This is needed to cleanup outdated entries in old (encrypted)
format that are no longer supported.
Steps to reproduce:
With an old SSSD version that still writes encrypted content in secrets db:
- obtain any ticket (even one ticket is enough)
- `kswitch -c ...` to any cache (any successful execution of `kswitch`
will use `SET_DEFAULT_CACHE` KCM op and create
'cn=default,cn=$uid,cn=persistent,cn=kcm' entry)
Then update SSSD and try `klist`:
- 2.6.0 version will fail with "[ccdb_secdb_get_default_send] (0x0040): Unexpected UUID size ..."
- 2.6.0 + this patch will remove this entry:
```
[ccdb_secdb_get_default_send] (0x0040): Unexpected UUID size 152, deleting this entry
[sss_sec_delete] (0x0400): Removing a secret from [persistent/1000/default]
```
and continue as if default isn't set (since all encrypted entries will be purged,
cache will appear empty)
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/301659a662a7a7aac11096fd0409f83b45cb41d1">301659a6</a></strong>
<div>
<span>by Iker Pedrosa</span>
<i>at 2021-11-01T11:11:09+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">proxy: allow removing group members
The proxy provider doesn't allow to remove group members once they have
been added. This patch allows to do it by looping the member list from
the cache and comparing it with the actual membership list. If a member
is missing then it's removed from the cache.
Resolves: https://github.com/SSSD/sssd/issues/5783
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4c48c4a7792961cf8a228c76975ac370d32904e1">4c48c4a7</a></strong>
<div>
<span>by Sumit Bose</span>
<i>at 2021-11-02T13:09:28+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">ad: filter trusted domains
The fix for https://github.com/SSSD/sssd/issues/5528 might discover
domains which are not trusted (one-way trust) or are from a different
forest (direct trust). Both should be ignored because they are not
trusted or can currently not be handled properly. This patch filters out
those domains.
Resolves: https://github.com/SSSD/sssd/issues/5819
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4292f9fdd83d374d595977aafb578e4734ac2fac">4292f9fd</a></strong>
<div>
<span>by Fernando Apesteguia</span>
<i>at 2021-11-04T12:12:58+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix untranslated string
Promote format string to gettext's PRIu64 instead of using SSSD's
SPRIuid which is not recognized. This caused the original string to be
truncated in the translation files.
How to test:
Apply patch and run:
make -C po/ update-pot
Translations should contain the full string now:
msgid "Running under %, must be root\n"
Resolves: #5738
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e8b43cc82339c6ff19b8e6bf19d7d7c39ea481f7">e8b43cc8</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2021-11-04T12:13:12+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">SSH: changed default value of `ssh_hash_known_hosts` to false
:config: Default value of `ssh_hash_known_hosts` setting was changed
to false for the sake of consistency with OpenSSH that does not hash
host names by default.
Typical use case of this feature in general is FreeIPA where this is
configured and automatically used. Since by default any IPA user can
read the list of all hosts and the public host keys from LDAP directly,
the content of the file can be considered as public information anyway.
Resolves: https://github.com/SSSD/sssd/issues/5848
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/60353300d547f114ca1261e8c130ea72459b572a">60353300</a></strong>
<div>
<span>by Justin Stephenson</span>
<i>at 2021-11-04T12:13:25+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Tests: Fix warning about deprecated res_randomid()
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b30861d86cc0ad2590c88503b3d17195c4dba598">b30861d8</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2021-11-05T12:42:47+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">SPEC: enabled build of 'subid ranges' support
Since feature support in shadow-utils is available since
upstream release version 4.9, support in SSSD can also be
enabled by default.
:packaging: 'subid ranges' support was enabled by default.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d469a8105113fb8e74f1e9855492ccca189e7e67">d469a810</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2021-11-05T12:42:47+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">SPEC: disable running files provider by default
This is to sync Fedora and upstream spec-files.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7121e56d7d97e79c38482dea31b43818e02ec2a7">7121e56d</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2021-11-05T12:42:47+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">INTG-TESTS: enable build of 'subid ranges' support
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7bfdd3db8e4cce2d88da4028c63b7987b92449b8">7bfdd3db</a></strong>
<div>
<span>by Stanislav Levin</span>
<i>at 2021-11-05T12:42:58+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">pam_sss: Allow offline authentication against non-ipa-desktopprofiles aware DC
IPA domain controller may not support desktop profiles since this
functionality is optional and distributed as the IPA plugin:
- in case of online authentication ipa_session detects such DC properly
and returns PAM_SUCCESS for ENOENT, nothing is cached on sysdb (see
ipa_deskprofile_get_config_send/ipa_deskprofile_get_config_done and
ipa_pam_session_handler_done for details).
- in case of offline authentication ipa_session falls back to cache and
receives ENOENT (since nothing was cached previously). But *any* error
is treated as actual error and overall result is PAM_SESSION_ERR (see
ipa_pam_session_handler_save_deskprofile_rules and
ipa_pam_session_handler_done for details). Note: actually, only
deskprofile_get_cached_priority breaks PAM session since
ipa_common_get_cached_rules successfully handles ENOENT.
- in either case sssd tries to send dbus notification to fleet
commander even if there are no desktop profile rules to apply.
With this change ENOENT result of cache query is treated similarly
to ENOENT result of actual backend query (PAM_SUCCESS).
Resolves: https://github.com/SSSD/sssd/issues/5846
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/bb8da4303851642318b626aad507ab7c39f6a80d">bb8da430</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2021-11-08T11:33:29+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">DEBUG: avoid backtrace dups.
In case the same error(s) is repeated again and again repeating the same
backtrace doesn't add much value. In this case let's add just a note.
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/bd9038657e88ebc021f749833ed8be73c8e7dbda">bd903865</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2021-11-08T11:33:48+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">P11: refactoring of get_preferred_rsa_mechanism()
Flattened code structure and more accurate errors handling.
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/71b6d548ce2788267f657f2c1a922b9ca86daaff">71b6d548</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2021-11-08T11:33:48+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">P11: add support of 'CKM_RSA_PKCS' mechanism
Resolves: https://github.com/SSSD/sssd/issues/5854
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b5073394d652cec7c99d85eb71958234dc29f585">b5073394</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2021-11-08T11:33:48+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">TESTS: added two tests to check cert auth with specific RSA mechanisms: CKM_RSA_PKCS and CKM_SHA384_RSA_PKCS. (CKM_SHA384_RSA_PKCS is arbitrary chosen as one of CKM_SHA*_RSA_PKCS family)
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/cf75d897b8ef03fdc471059214e86824f19b1bd1">cf75d897</a></strong>
<div>
<span>by Iker Pedrosa</span>
<i>at 2021-11-09T11:08:23+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">ifp: new interface to validate a certificate
New interface to validate a certificate. The input is the certificate to
validate and the output the user path.
:feature: New infopipe method FindByValidCertificate() which accepts the
certificate as input, validates it against configured CAs, and outputs
the user path on success. This is similar to the existing
FindByCertificate(), but that does not do any trust validation.
Resolves: https://github.com/SSSD/sssd/issues/5224
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/50e6070e4784e4a9a01ce26bd08229a07557948a">50e6070e</a></strong>
<div>
<span>by Iker Pedrosa</span>
<i>at 2021-11-09T11:08:23+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Tests: ifp interface to validate certificate
Integration test to check the interface that validates the user
certificate.
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/232ba7f0dcc2ee104c881bc3406f4dda3de86216">232ba7f0</a></strong>
<div>
<span>by Justin Stephenson</span>
<i>at 2021-11-09T15:57:33+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">DP: Resolve intermediate groups prior to SR overlay
SSSD SR exclude_groups checking can fail when only intermediate
groups are fetched during the login process. Add a step to
resolve these groups during Initgroups processing to ensure
the exclude groups check matches against the group name correctly.
This logic exists already similarly in the simple access provider.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8406af3550dfeb1a1d11a9d574dce3b4fb04694a">8406af35</a></strong>
<div>
<span>by Weblate</span>
<i>at 2021-11-09T15:58:26+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">po: update translations
(Korean) currently translated at 12.6% (331 of 2615 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/
po: update translations
(Korean) currently translated at 30.6% (189 of 617 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/
po: update translations
(Korean) currently translated at 29.6% (183 of 617 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/
po: update translations
(Spanish) currently translated at 68.8% (1804 of 2621 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/es/
po: update translations
(Spanish) currently translated at 93.3% (576 of 617 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/es/
po: update translations
(Finnish) currently translated at 6.1% (38 of 617 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/fi/
po: update translations
(Korean) currently translated at 12.4% (326 of 2615 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/
po: update translations
(Ukrainian) currently translated at 100.0% (2621 of 2621 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/uk/
po: update translations
(Ukrainian) currently translated at 100.0% (617 of 617 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/uk/
po: update translations
(Polish) currently translated at 100.0% (617 of 617 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/pl/
Update translation files
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/19a902a16afe4b2c14d92b380e2265107da7e327">19a902a1</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2021-11-09T16:03:44+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">pot: update pot files
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/02183611c3c94744de31ca8817ab11d022a26062">02183611</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2021-11-09T16:05:41+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Release sssd-2.6.1
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/282cdde3a3072ed513570a5380a530e73963d814">282cdde3</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2021-11-12T13:31:29+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Merge branch 'upstream'
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c48b62af1bd0c5ce5f2934c3c09bc3b944790271">c48b62af</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2021-11-17T19:08:07+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">patches: Dropped upstream patches.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f4ecffd6db3b5fce4f68e586753cdb37a5d52914">f4ecffd6</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2021-11-17T19:19:56+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">control: Add libunistring-dev to build-depends.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9b7a3f9ac80b43408b7e613a9a0a836afb66654e">9b7a3f9a</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2021-11-17T19:20:37+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">sssd-common.install: Drop libsss_secrets, removed upstream.
</pre>
</li>
</ul>
<h4>18 changed files:</h4>
<ul>
<li class="file-stats">
<a href="#d5b4de16d947214ec306bd57bed1bd23a939b5f9">
Makefile.am
</a>
</li>
<li class="file-stats">
<a href="#87db583be5c13c1f7b3c958b10e03d67b6a2ca06">
configure.ac
</a>
</li>
<li class="file-stats">
<a href="#4fd746b72d7a3976d4c1ae84db34f6173b62a1e8">
contrib/ci/configure.sh
</a>
</li>
<li class="file-stats">
<a href="#49d80aa598751b3e8c23a3bbb4e7e9c03aa770b6">
contrib/ci/deps.sh
</a>
</li>
<li class="file-stats">
<a href="#3ead13c99a6fdcbcc0a23d3846e2a8837cc2f3e7">
contrib/ci/run
</a>
</li>
<li class="file-stats">
<a href="#d348d65f630a357f2aeaa78fc64043f57caa4cb0">
contrib/ci/sssd.supp
</a>
</li>
<li class="file-stats">
<a href="#b8d57aa4a09effcbac8deeffe8aea9131499424f">
contrib/sssd.spec.in
</a>
</li>
<li class="file-stats">
<a href="#9c96da0e9f91d7d8937b69b524702c106258f0d1">
debian/changelog
</a>
</li>
<li class="file-stats">
<a href="#58ef006ab62b83b4bec5d81fe5b32c3b4c2d1cc2">
debian/control
</a>
</li>
<li class="file-stats">
<a href="#dd7fefcab224746eed0feaf46fc0f6dc7f5ed219">
<span class="deleted-file">
−
debian/patches/0001-TOOLS-replace-system-with-execvp-to-avoid-execution-.patch
</span>
</a>
</li>
<li class="file-stats">
<a href="#f718485d97b9785e89b217bfd8fc31c7b681333f">
<span class="deleted-file">
−
debian/patches/0001-ad-fallback-to-ldap-if-cldap-is-not-available-in-lib.patch
</span>
</a>
</li>
<li class="file-stats">
<a href="#cbdc1ff7216375ecd2a4ff498c8e581440b15d12">
debian/patches/default-to-socket-activated-services.diff
</a>
</li>
<li class="file-stats">
<a href="#d4d4e1d6a401158e7f728045eeb5a74bf7b34958">
<span class="deleted-file">
−
debian/patches/fix_newer_autoconf.patch
</span>
</a>
</li>
<li class="file-stats">
<a href="#bc34014ab4b9a49dd7a27bdd8d352912607c3a96">
debian/patches/series
</a>
</li>
<li class="file-stats">
<a href="#888968d8696ab3370bf567424c1013cb2ad00c45">
debian/sssd-common.install
</a>
</li>
<li class="file-stats">
<a href="#54d6c31c823e250ebb67120d8dd489a69a02213c">
po/LINGUAS
</a>
</li>
<li class="file-stats">
<a href="#1f35254eafd260ef7262c1165537916497a1d165">
po/POTFILES.in
</a>
</li>
<li class="file-stats">
<a href="#4e573a66c66b45b45a1e180cad791738ed22cdd2">
po/bg.po
</a>
</li>
</ul>
<h5>The diff was not included because it is too large.</h5>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #666;">
—
<br>
<a href="https://salsa.debian.org/sssd-team/sssd/-/compare/14adef9a882c45e413e4fd93ac4594285d9f4092...9b7a3f9ac80b43408b7e613a9a0a836afb66654e">View it on GitLab</a>.
<br>
You're receiving this email because of your account on salsa.debian.org.
If you'd like to receive fewer emails, you can
adjust your notification settings.
</p>
</div>
</body>
</html>