[Pkg-sssd-devel] sssd: Changes to 'refs/tags/debian/1.12.5-1'
Timo Aaltonen
tjaalton at moszumanska.debian.org
Fri Jun 12 20:04:09 UTC 2015
Tag 'debian/1.12.5-1' created by Timo Aaltonen <tjaalton at debian.org> at 2015-06-12 19:37 +0000
tagging package sssd version debian/1.12.5-1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJVezTiAAoJEMtwMWWoiYTcCQEP/R8BwTyln0X+NNHUcV1GEYni
Doug9/lGYIrGSFbEn/og1+/PMRnq6FMCd7JqvOr7DF9MFWZmdvf29aiTJQuU2mKO
132JnwhUbDgl74DRKo2vnXfBWHg9q7kqc+JMvMa84rnDjN/gyQ/sFfj1UQ2UwhDG
JmDgZclnRSddVcBg2tSn42p+Gd88OtdZmXohyiiwSfHS4SXrmlVQUnPJEJVWyjfc
/x2bAf70eJFMTFjlI97WnOncs+rk1uFnPjaRLKHqnJV8wTBA/EKxwkmeRt/qEnSS
3P7UiwXuyV2JSxkboFhU9wrMc7OiktPhGpd3YUL2XlnN4jmcGkKRntlnGqad0Llz
syGHlJFoDT52E+u7VWjQIPb3NZaCKrlp/LLvMw/bvf0IcS4OAGDudeeCt9c570HU
wO0Zf7v2nxEJuD5304716tUs+qVvTHi33uvxIUEz3DnNS3dMsUEUnegqS6GcKKtL
e80SuWPlLKrN4mbgAWXHdNfFptZ+c0h5IFrGZDXR2yiAYq64l3JYtlf4TcSBUdhX
W9EMjHu5KJScPFGg/PY+AdSKAgPX5tuqgmacPqxlK/2KvfURzUSKHDJmglAm97/Z
vg0ehTOo7gYABYZImUBJWrWjgLAaRgS67iMjsKZHC07iYIPxWqSUQb4KiyimV07i
f84KkqBJTVzk+DD33vsn
=cYaC
-----END PGP SIGNATURE-----
Changes since debian/1.12.4-1:
Adam Tkac (1):
Option filter_users had no effect for retrieving sudo rules
Aron Parsons (2):
IPA: fix segfault in ipa_s2n_exop
autofs: fix 'Cannot allocate memory' with FQDNs
Daniel Hjorth (1):
LDAP: unlink ccname_file_dummy if there is an error
Jakub Hrozek (34):
Updating the version for the 1.12.5 release
resolv: Use the same default timeout for SRV queries as previously
FO: Use SRV TTL in fail over code
selinux: Delete existing user mapping on empty default
NSS: Handle ENOENT when doing initgroups by UPN
selinux: Handle setup with empty default and no configured rules
tests: convert all unit tests to cmocka 1.0 or later
RPM: BuildRequire libcmocka >= 1.0
build: Only run cmocka tests if cmocka 1.0 or newer is available
Resolv: re-read SRV query every time if its TTL is 0
IPA: Use custom error codes when validating HBAC rules
IPA: Drop useless sysdb parameter
IPA: Only treat malformed HBAC rules as fatal if deny rules are enabled
IPA: Deprecate the ipa_hbac_treat_deny_as option
selinux: Disconnect before closing the handle
selinux: Begin and end the transaction on the same nesting level
selinux: Only call semanage if the context actually changes
tests: Use cmocka-1.0+ API in test_sysdb_utils
sysdb: Add cache_expire to the default sysdb_search_object_by_str_attr set
SELINUX: Avoid disconnecting disconnected handle
LDAP: return after tevent_req_error
MAN: refresh_expired_interval also supports users and groups
tests: ncache_hit must be an int to test UPNs
tests: Add a getpwnam-by-UPN test
Add unit tests for initgroups
Download complete groups if ignore_group_members is set with tokengroups
DP: Set extra_value to NULL for enum requests
Skip enumeration requests in IPA and AD providers as well
confdb: Add new option subdomain_inherit
DP: Add a function to inherit DP options, if set
SDAP: Add sdap_copy_map_entry
UTIL: Inherit ignore_group_members
subdomains: Inherit cleanup period and tokengroup settings from parent domain
Updating translations for the 1.12.5 release
Lukas Slebodnik (19):
Log reason in debug message why ldb_modify failed
ipa_selinux: Fix warning may be used uninitialized
memberof: Do not create request with 0 attribute values
CLIENT: Clear errno with enabled sss-default-nss-plugin
GPO: Check return value of ad_gpo_store_policy_settings
SDAP: Do not set gid 0 twice
SDAP: Extract filtering AD group to function
SDAP: Filter ad groups in initgroups
GPO: Do not ignore missing attrs for GPOs
sss_nss_idmap-tests: Use different prepared buffers for big endian
SDAP: Fix id mapping with disabled subdomains
SPEC: Fix cyclic dependencies between sssd-{krb5,}-common
negcache: Soften condition for expired entries
test_nss_srv: Use right function for storing time_t
nss: Do not ignore default vaue of SYSDB_INITGR_EXPIRE
SDAP: Set initgroups expire attribute at the end
SDAP: Remove unnecessary argument from sdap_save_user
PROXY: proxy_child should work in non-root mode
PROXY: Do not register signal with SA_SIGINFO
Michal Zidek (2):
DEBUG: Add missing strings for error messages
test: Check ERR_LAST
Pavel Březina (8):
be_refresh: refresh all domains in backend
sdap_handle_acct_req_send: remove be_req
be_refresh: refactor netgroups refresh
be_refresh: add sdap_refresh_init
be_refresh: support users
be_refresh: support groups
enumeration: fix talloc context
sudo: sanitize filter values
Pavel Reichl (18):
PAM: do not reject abruptly
PAM: new option pam_account_expired_message
PAM: warn all services about account expiration
PAM: check return value of confdb_get_string
SDAP: refactor pwexpire policy
SDAP: enable change phase of pw expire policy check
UTIL: convert GeneralizedTime to unix time
SDAP: Lock out ssh keys when account naturally expires
SDAP: fix minor neglect in is_account_locked()
ldap_child: fix coverity warning
MAN: libkrb5 and SSSD use different expansions
IPA: set EINVAL if dn can't be linearized
LDAP: remove unused code
LDAP: fix a typo in debug message
MAN: Update ppolicy description
simple-access-provider: make user grp res more robust
LDAP: warn about lockout option being deprecated
krb5: new option krb5_map_user
Stephen Gallagher (3):
AD: Clean up ad_access_gpo
AD: Always get domain-specific ID connection
AD GPO: Always look up GPOs from machine domain
Sumit Bose (25):
ldap_child: initialized ccname_file_dummy
PAM: use the logon_name as the key for the PAM initgr cache
pam_initgr_check_timeout: add debug output
ipa: do not treat missing sub-domain users as error
ipa: make sure extdom expo data is available
LDAP/AD: do not resolve group members during tokenGroups request
IPA idviews: check if view name is set
IPA: make sure output variable is set
GPO: error out instead of leaving array element uninitialized
sdap: properly handle binary objectGuid attribute
IPA: do not try to save override data for the default view
IPA: use sysdb_attrs_add_string_safe to add group member
IPA: check ghosts in groups found by uuid as well
IPA: allow initgroups by SID for AD users
IPA: do initgroups if extdom exop supports it
IPA: update initgr expire timestamp conditionally
IPA: enhance ipa_initgr_get_overrides_send()
IPA: search for overrides during initgroups in sever mode
IPA: do not add domain name unconditionally
NSS: check for overrides before calling backend
IPA: allow initgroups by UUID for FreeIPA users
SDAP: use DN to update entry
IPA: do not fail if view name lookup failed on older versions
libwbclient-sssd: update interface to version 0.12
ldap: use proper sysdb name in groups_by_user_done()
Timo Aaltonen (4):
Merge branch 'upstream-next' into master-next
Let uscan verify upstream tarballs.
control: Bump policy to 3.9.6, no changes.
releasing package sssd version 1.12.5-1
---
Makefile.am | 85
contrib/sssd.spec.in | 6
debian/changelog | 8
debian/control | 2
debian/upstream/signing-key.asc | 52
debian/watch | 2
po/bg.po | 591 -
po/ca.po | 104
po/de.po | 591 -
po/es.po | 591 -
po/eu.po | 591 -
po/fr.po | 622 -
po/hu.po | 591 -
po/id.po | 591 -
po/it.po | 591 -
po/ja.po | 591 -
po/nb.po | 591 -
po/nl.po | 591 -
po/pl.po | 591 -
po/pt.po | 591 -
po/ru.po | 591 -
po/sssd.pot | 589 -
po/sv.po | 591 -
po/tg.po | 591 -
po/tr.po | 591 -
po/uk.po | 639 -
po/zh-CN.po | 1899 ++++
po/zh-TW.po | 1898 ++++
po/zh_CN.po | 591 -
po/zh_TW.po | 591 -
src/conf_macros.m4 | 6
src/confdb/confdb.c | 19
src/confdb/confdb.h | 3
src/config/SSSDConfig/__init__.py.in | 3
src/config/SSSDConfigTest.py | 15
src/config/etc/sssd.api.conf | 2
src/config/etc/sssd.api.d/sssd-ad.conf | 1
src/config/etc/sssd.api.d/sssd-ipa.conf | 1
src/config/etc/sssd.api.d/sssd-krb5.conf | 1
src/db/sysdb.c | 20
src/db/sysdb.h | 10
src/db/sysdb_gpo.c | 6
src/db/sysdb_idmap.c | 4
src/db/sysdb_ops.c | 83
src/db/sysdb_search.c | 28
src/db/sysdb_services.c | 10
src/db/sysdb_sudo.c | 20
src/db/sysdb_views.c | 19
src/external/libcmocka.m4 | 4
src/ldb_modules/memberof.c | 6
src/man/po/br.po | 1187 +-
src/man/po/ca.po | 1215 +-
src/man/po/cs.po | 1187 +-
src/man/po/de.po | 1223 +-
src/man/po/es.po | 1216 +-
src/man/po/eu.po | 1187 +-
src/man/po/fr.po | 1223 +-
src/man/po/ja.po | 1216 +-
src/man/po/lv.po | 1187 +-
src/man/po/nl.po | 1187 +-
src/man/po/pt.po | 1201 +-
src/man/po/ru.po | 1187 +-
src/man/po/sssd-docs.pot | 1155 +-
src/man/po/tg.po | 1187 +-
src/man/po/uk.po | 1697 ++--
src/man/po/zh-CN.po |10227 +++++++++++++++++++++++++
src/man/po/zh_CN.po | 1187 +-
src/man/sssd-krb5.5.xml | 45
src/man/sssd-ldap.5.xml | 51
src/man/sssd.conf.5.xml | 58
src/providers/ad/ad_common.c | 18
src/providers/ad/ad_gpo.c | 89
src/providers/ad/ad_id.c | 7
src/providers/ad/ad_init.c | 7
src/providers/ad/ad_opts.h | 1
src/providers/ad/ad_srv.c | 8
src/providers/ad/ad_srv.h | 1
src/providers/ad/ad_subdomains.c | 4
src/providers/data_provider.h | 5
src/providers/data_provider_be.c | 3
src/providers/data_provider_fo.c | 1
src/providers/data_provider_opts.c | 57
src/providers/dp_refresh.c | 132
src/providers/dp_refresh.h | 3
src/providers/fail_over.c | 10
src/providers/fail_over.h | 1
src/providers/fail_over_srv.c | 27
src/providers/fail_over_srv.h | 4
src/providers/ipa/ipa_access.c | 4
src/providers/ipa/ipa_hbac_common.c | 90
src/providers/ipa/ipa_hbac_hosts.c | 16
src/providers/ipa/ipa_hbac_services.c | 16
src/providers/ipa/ipa_hbac_users.c | 16
src/providers/ipa/ipa_id.c | 106
src/providers/ipa/ipa_id.h | 10
src/providers/ipa/ipa_init.c | 7
src/providers/ipa/ipa_opts.h | 1
src/providers/ipa/ipa_s2n_exop.c | 69
src/providers/ipa/ipa_selinux.c | 20
src/providers/ipa/ipa_srv.c | 6
src/providers/ipa/ipa_srv.h | 1
src/providers/ipa/ipa_subdomains.c | 13
src/providers/ipa/ipa_subdomains.h | 4
src/providers/ipa/ipa_subdomains_ext_groups.c | 2
src/providers/ipa/ipa_subdomains_id.c | 106
src/providers/ipa/selinux_child.c | 55
src/providers/krb5/krb5_access.c | 8
src/providers/krb5/krb5_auth.c | 76
src/providers/krb5/krb5_auth.h | 5
src/providers/krb5/krb5_common.h | 8
src/providers/krb5/krb5_init_shared.c | 11
src/providers/krb5/krb5_opts.h | 1
src/providers/krb5/krb5_utils.c | 114
src/providers/krb5/krb5_utils.h | 5
src/providers/ldap/ldap_access.c | 12
src/providers/ldap/ldap_auth.c | 77
src/providers/ldap/ldap_auth.h | 46
src/providers/ldap/ldap_child.c | 28
src/providers/ldap/ldap_common.h | 17
src/providers/ldap/ldap_id.c | 150
src/providers/ldap/ldap_id_enum.c | 2
src/providers/ldap/ldap_init.c | 18
src/providers/ldap/sdap.c | 75
src/providers/ldap/sdap.h | 8
src/providers/ldap/sdap_access.c | 387
src/providers/ldap/sdap_access.h | 9
src/providers/ldap/sdap_ad_groups.c | 68
src/providers/ldap/sdap_async.h | 4
src/providers/ldap/sdap_async_connection.c | 1
src/providers/ldap/sdap_async_enum.c | 4
src/providers/ldap/sdap_async_groups.c | 107
src/providers/ldap/sdap_async_initgroups.c | 47
src/providers/ldap/sdap_async_initgroups_ad.c | 19
src/providers/ldap/sdap_async_nested_groups.c | 31
src/providers/ldap/sdap_async_private.h | 13
src/providers/ldap/sdap_async_users.c | 36
src/providers/ldap/sdap_idmap.c | 7
src/providers/ldap/sdap_refresh.c | 196
src/providers/ldap/sdap_users.h | 1
src/providers/proxy/proxy_auth.c | 4
src/providers/proxy/proxy_init.c | 2
src/providers/simple/simple_access_check.c | 26
src/resolv/async_resolv.c | 4
src/resolv/async_resolv.h | 4
src/responder/autofs/autofssrv_cmd.c | 9
src/responder/common/negcache.c | 2
src/responder/nss/nsssrv_cmd.c | 76
src/responder/pam/pam_helpers.c | 4
src/responder/pam/pamsrv_cmd.c | 98
src/responder/sudo/sudosrv.c | 24
src/responder/sudo/sudosrv_cmd.c | 12
src/responder/sudo/sudosrv_private.h | 3
src/sss_client/common.c | 2
src/sss_client/libwbclient/wbc_ctx_sssd.c | 396
src/sss_client/libwbclient/wbclient.exports | 62
src/sss_client/libwbclient/wbclient_sssd.h | 853 +-
src/sss_client/libwbclient/wbclient_sssd.pc.in | 2
src/sss_client/pam_sss.c | 64
src/sss_client/sss_cli.h | 18
src/tests/cmocka/sbus_internal_tests.c | 22
src/tests/cmocka/sss_nss_idmap-tests.c | 20
src/tests/cmocka/test_ad_access_filter.c | 70
src/tests/cmocka/test_ad_common.c | 23
src/tests/cmocka/test_ad_gpo.c | 58
src/tests/cmocka/test_authtok.c | 29
src/tests/cmocka/test_be_ptask.c | 12
src/tests/cmocka/test_child_common.c | 22
src/tests/cmocka/test_copy_ccache.c | 14
src/tests/cmocka/test_copy_keytab.c | 22
src/tests/cmocka/test_dp_opts.c | 167
src/tests/cmocka/test_dyndns.c | 45
src/tests/cmocka/test_find_uid.c | 10
src/tests/cmocka/test_fo_srv.c | 622 +
src/tests/cmocka/test_fqnames.c | 84
src/tests/cmocka/test_ifp.c | 38
src/tests/cmocka/test_io.c | 32
src/tests/cmocka/test_ipa_idmap.c | 16
src/tests/cmocka/test_negcache.c | 39
src/tests/cmocka/test_nested_groups.c | 16
src/tests/cmocka/test_nss_srv.c | 721 +
src/tests/cmocka/test_resolv_fake.c | 16
src/tests/cmocka/test_responder_common.c | 34
src/tests/cmocka/test_sdap.c | 319
src/tests/cmocka/test_search_bases.c | 14
src/tests/cmocka/test_sss_idmap.c | 67
src/tests/cmocka/test_sss_sifp.c | 199
src/tests/cmocka/test_string_utils.c | 59
src/tests/cmocka/test_sysdb_utils.c | 134
src/tests/cmocka/test_sysdb_views.c | 30
src/tests/cmocka/test_utils.c | 114
src/tests/cmocka/test_utils.h | 1
src/tests/cwrap/Makefile.am | 2
src/tests/cwrap/test_become_user.c | 8
src/tests/cwrap/test_responder_common.c | 22
src/tests/cwrap/test_server.c | 10
src/tests/cwrap/test_usertools.c | 10
src/tests/krb5_utils-tests.c | 111
src/tests/sysdb-tests.c | 21
src/tests/util-tests.c | 67
src/util/domain_info_utils.c | 11
src/util/sss_semanage.c | 109
src/util/string_utils.c | 25
src/util/util.c | 53
src/util/util.h | 12
src/util/util_errors.c | 8
src/util/util_errors.h | 11
version.m4 | 2
207 files changed, 38686 insertions(+), 15869 deletions(-)
---
More information about the Pkg-sssd-devel
mailing list