URL: https://github.com/SSSD/sssd/pull/837
Author: sumit-bose
Title: #837: p11_child: make OCSP digest configurable
Action: opened
PR body:
"""
Currently sha1 is used to create the certid for an OCSP request. Since sha1
is not recommend for new applications anymore and not FIPS compliant this
patch changes the default to sha256 and makes the digest function
configurable as well.
Related to https://pagure.io/SSSD/sssd/issue/4032
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/837/head:pr837
git checkout pr837
URL: https://github.com/SSSD/sssd/pull/5266
Author: alexey-tikhonov
Title: #5266: BE_REFRESH: Do not try to refresh domains from other backends (1-16)
Action: opened
PR body:
"""
We cannot refresh domains from different sssd_be processes.
We can refresh just subdomains
Resolves:
https://pagure.io/SSSD/sssd/issue/4142
Merges: https://pagure.io/SSSD/sssd/pull-request/4139
Reviewed-by: Sumit Bose <sbose(a)redhat.com>
(cherry picked from commit 007d5b79b7aef67dd843ed9a3b65095faaeb580f)
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5266/head:pr5266
git checkout pr5266
URL: https://github.com/SSSD/sssd/pull/578
Author: amitkumar50
Title: #578: proxy: proxy_child hardening
Action: opened
PR body:
"""
proxy_child will call chdir("/"), umask(022)
and reset the environment with clearenv().
The --domain argument to be sanitized.
Resolves: https://pagure.io/SSSD/sssd/issue/2689
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/578/head:pr578
git checkout pr578