[sssd] - New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent login
Stephen Gallagher
sgallagh at fedoraproject.org
Thu Jan 27 18:50:59 UTC 2011
commit f151b0669b95bfeb7e0812e0fad79285779d750c
Author: Stephen Gallagher <sgallagh at redhat.com>
Date: Thu Jan 27 13:50:21 2011 -0500
- New upstream release 1.5.1
- Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins
- Vast performance improvements when enumerate = true
- All PAM actions will now perform a forced initgroups lookup instead of just
- a user information lookup
- This guarantees that all group information is available to other
- providers, such as the simple provider.
- For backwards-compatibility, DNS lookups will also fall back to trying the
- SSSD domain name as a DNS discovery domain.
- Support for more password expiration policies in LDAP
- 389 Directory Server
- FreeIPA
- ActiveDirectory
- Support for ldap_tls_{cert,key,cipher_suite} config options
-Assorted bugfixes
.gitignore | 1 +
...Validate-user-supplied-size-of-data-items.patch | 294 --------------------
sources | 2 +-
sssd.spec | 31 ++-
4 files changed, 24 insertions(+), 304 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index c61d659..003ec59 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,4 @@ sssd-1.2.91.tar.gz
/sssd-1.4.0.tar.gz
/sssd-1.4.1.tar.gz
/sssd-1.5.0.tar.gz
+/sssd-1.5.1.tar.gz
diff --git a/sources b/sources
index e9297c4..d6a8b0f 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-a06468f7d540fa4d5e3de2644d933744 sssd-1.5.0.tar.gz
+770729f6f94f75b7acd403b0da6c06e0 sssd-1.5.1.tar.gz
diff --git a/sssd.spec b/sssd.spec
index 2bc65c3..4b37b37 100644
--- a/sssd.spec
+++ b/sssd.spec
@@ -4,8 +4,8 @@
%endif
Name: sssd
-Version: 1.5.0
-Release: 2%{?dist}
+Version: 1.5.1
+Release: 1%{?dist}
Group: Applications/System
Summary: System Security Services Daemon
License: GPLv3+
@@ -14,15 +14,13 @@ Source0: https://fedorahosted.org/released/sssd/%{name}-%{version}.tar.gz
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
### Patches ###
-Patch0001: 0001-Validate-user-supplied-size-of-data-items.patch
### Dependencies ###
Requires: libldb >= 0.9.3
Requires: libtdb >= 1.1.3
Requires: sssd-client = %{version}-%{release}
-Requires: cyrus-sasl-gssapi
-Requires: keyutils-libs
+Requires: krb5-libs >= 1.9
Requires(post): initscripts chkconfig /sbin/ldconfig
Requires(preun): initscripts chkconfig
Requires(postun): initscripts chkconfig /sbin/ldconfig
@@ -63,7 +61,7 @@ BuildRequires: pcre-devel
BuildRequires: libxslt
BuildRequires: libxml2
BuildRequires: docbook-style-xsl
-BuildRequires: krb5-devel
+BuildRequires: krb5-devel >= 1.9
BuildRequires: c-ares-devel
BuildRequires: python-devel
BuildRequires: check-devel
@@ -74,7 +72,6 @@ BuildRequires: bind-utils
BuildRequires: keyutils-libs-devel
BuildRequires: libnl-devel
BuildRequires: nscd
-BuildRequires: po4a
%description
Provides a set of daemons to manage access to remote directories and
@@ -107,7 +104,6 @@ use with ldap_default_authtok_type = obfuscated_password.
%prep
%setup -q
-%patch0001 -p1
%build
%configure \
@@ -122,7 +118,6 @@ use with ldap_default_authtok_type = obfuscated_password.
--with-test-dir=/dev/shm
make %{?_smp_mflags}
-make translated-manpages
%check
export CK_TIMEOUT_MULTIPLIER=10
@@ -205,6 +200,7 @@ rm -rf $RPM_BUILD_ROOT
%{python_sitelib}/*.py*
%lang(cs) %{_mandir}/cs/man[58]/*
+%lang(uk) %{_mandir}/uk/man[58]/*
%files client
%defattr(-,root,root,-)
@@ -256,6 +252,23 @@ fi
%postun client -p /sbin/ldconfig
%changelog
+* Thu Jan 27 2011 Stephen Gallagher <sgallagh at redhat.com> - 1.5.1-1
+- New upstream release 1.5.1
+- Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins
+- Vast performance improvements when enumerate = true
+- All PAM actions will now perform a forced initgroups lookup instead of just
+- a user information lookup
+- This guarantees that all group information is available to other
+- providers, such as the simple provider.
+- For backwards-compatibility, DNS lookups will also fall back to trying the
+- SSSD domain name as a DNS discovery domain.
+- Support for more password expiration policies in LDAP
+- 389 Directory Server
+- FreeIPA
+- ActiveDirectory
+- Support for ldap_tls_{cert,key,cipher_suite} config options
+-Assorted bugfixes
+
* Tue Jan 11 2011 Stephen Gallagher <sgallagh at redhat.com> - 1.5.0-2
- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins
More information about the scm-commits
mailing list