diff --git a/backport-fix-Missing-dns_update_per_family-option.patch b/backport-fix-Missing-dns_update_per_family-option.patch deleted file mode 100644 index 1366ebc9b6c19a0b30e6625308e9962ef868b2b3..0000000000000000000000000000000000000000 --- a/backport-fix-Missing-dns_update_per_family-option.patch +++ /dev/null @@ -1,73 +0,0 @@ -From a822206c7859b5f39af2b2ea1b117850a0589e3c Mon Sep 17 00:00:00 2001 -From: Tomas Halman -Date: Mon, 21 Oct 2024 16:31:38 +0200 -Subject: [PATCH] Missing 'dns_update_per_family' option - -This update fixes missing 'dns_update_per_family' option in python code -and config files. - -Reviewed-by: Alexey Tikhonov ---- - src/config/SSSDConfig/sssdoptions.py | 2 ++ - src/config/SSSDConfigTest.py | 2 ++ - src/config/cfg_rules.ini | 1 + - src/config/etc/sssd.api.conf | 1 + - 4 files changed, 6 insertions(+) - -diff --git a/src/config/SSSDConfig/sssdoptions.py b/src/config/SSSDConfig/sssdoptions.py -index affe2e52918..7eed403e4bd 100644 ---- a/src/config/SSSDConfig/sssdoptions.py -+++ b/src/config/SSSDConfig/sssdoptions.py -@@ -197,6 +197,8 @@ def __init__(self): - 'refresh_expired_interval': _('How often should expired entries be refreshed in background'), - 'refresh_expired_interval_offset': _("Maximum period deviation when refreshing expired entries in background"), - 'dyndns_update': _("Whether to automatically update the client's DNS entry"), -+ 'dyndns_update_per_family': _('Whether DNS update of A and AAAA record should be performed ' -+ 'in one update or in two separate updates'), - 'dyndns_ttl': _("The TTL to apply to the client's DNS entry after updating it"), - 'dyndns_iface': _("The interface whose IP should be used for dynamic DNS updates"), - 'dyndns_refresh_interval': _("How often to periodically update the client's DNS entry"), -diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py -index bc398cc8b8e..1ce4637eda7 100755 ---- a/src/config/SSSDConfigTest.py -+++ b/src/config/SSSDConfigTest.py -@@ -558,6 +558,7 @@ def testListOptions(self): - 'dns_discovery_domain', - 'failover_primary_timeout', - 'dyndns_update', -+ 'dyndns_update_per_family', - 'dyndns_ttl', - 'dyndns_iface', - 'dyndns_refresh_interval', -@@ -919,6 +920,7 @@ def testRemoveProvider(self): - 'dns_discovery_domain', - 'failover_primary_timeout', - 'dyndns_update', -+ 'dyndns_update_per_family', - 'dyndns_ttl', - 'dyndns_iface', - 'dyndns_refresh_interval', -diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini -index b33cd876b95..950eae630fb 100644 ---- a/src/config/cfg_rules.ini -+++ b/src/config/cfg_rules.ini -@@ -433,6 +433,7 @@ option = refresh_expired_interval_offset - - # Dynamic DNS updates - option = dyndns_update -+option = dyndns_update_per_family - option = dyndns_ttl - option = dyndns_iface - option = dyndns_refresh_interval -diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf -index b5d42afbb1e..4377a1fc571 100644 ---- a/src/config/etc/sssd.api.conf -+++ b/src/config/etc/sssd.api.conf -@@ -207,6 +207,7 @@ refresh_expired_interval_offset = int, None, false - - # Dynamic DNS updates - dyndns_update = bool, None, false -+dyndns_update_per_family = bool, None, false - dyndns_ttl = int, None, false - dyndns_iface = str, None, false - dyndns_refresh_interval = int, None, false diff --git a/backport-honor-ad_use_ldaps-setting-with-ad_machine_pw_renewal.patch b/backport-honor-ad_use_ldaps-setting-with-ad_machine_pw_renewal.patch deleted file mode 100644 index bb15c7cca8587277979dd5e94577882eff9a9ff1..0000000000000000000000000000000000000000 --- a/backport-honor-ad_use_ldaps-setting-with-ad_machine_pw_renewal.patch +++ /dev/null @@ -1,58 +0,0 @@ -From d004e7b4b977da3dd9f1d3de910c28c093a6fb26 Mon Sep 17 00:00:00 2001 -From: santeri3700 -Date: Tue, 15 Oct 2024 20:13:20 +0300 -Subject: [PATCH] ad: honor ad_use_ldaps setting with ad_machine_pw_renewal - -The value of ad_use_ldaps was not passed as `--use-ldaps` -argument to the adcli update command which handles -the automatic renewal of AD machine account password. - -Resolves: https://github.com/SSSD/sssd/issues/7642 - -Signed-off-by: santeri3700 - -Reviewed-by: Alexey Tikhonov -Reviewed-by: Sumit Bose ---- - src/providers/ad/ad_machine_pw_renewal.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/src/providers/ad/ad_machine_pw_renewal.c b/src/providers/ad/ad_machine_pw_renewal.c -index 56b64a2a955..2e54e9bff0d 100644 ---- a/src/providers/ad/ad_machine_pw_renewal.c -+++ b/src/providers/ad/ad_machine_pw_renewal.c -@@ -39,6 +39,7 @@ struct renewal_data { - static errno_t get_adcli_extra_args(const char *ad_domain, - const char *ad_hostname, - const char *ad_keytab, -+ bool ad_use_ldaps, - size_t pw_lifetime_in_days, - bool add_samba_data, - size_t period, -@@ -59,7 +60,7 @@ static errno_t get_adcli_extra_args(const char *ad_domain, - return ENOMEM; - } - -- args = talloc_array(renewal_data, const char *, 9); -+ args = talloc_array(renewal_data, const char *, 10); - if (args == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "talloc_array failed.\n"); - return ENOMEM; -@@ -79,6 +80,9 @@ static errno_t get_adcli_extra_args(const char *ad_domain, - args[c++] = talloc_asprintf(args, "--host-keytab=%s", ad_keytab); - } - args[c++] = talloc_asprintf(args, "--domain=%s", ad_domain); -+ if (ad_use_ldaps) { -+ args[c++] = talloc_strdup(args, "--use-ldaps"); -+ } - if (DEBUG_IS_SET(SSSDBG_TRACE_LIBS)) { - args[c++] = talloc_strdup(args, "--verbose"); - } -@@ -390,6 +394,7 @@ errno_t ad_machine_account_password_renewal_init(struct be_ctx *be_ctx, - dp_opt_get_cstring(ad_opts->basic, AD_HOSTNAME), - dp_opt_get_cstring(ad_opts->id_ctx->sdap_id_ctx->opts->basic, - SDAP_KRB5_KEYTAB), -+ dp_opt_get_bool(ad_opts->basic, AD_USE_LDAPS), - lifetime, - dp_opt_get_bool(ad_opts->basic, - AD_UPDATE_SAMBA_MACHINE_ACCOUNT_PASSWORD), diff --git a/backport-mistype-fix.patch b/backport-mistype-fix.patch deleted file mode 100644 index d56bdf11808f2a7fd3c5f9de8e0f6ff665d7aaf7..0000000000000000000000000000000000000000 --- a/backport-mistype-fix.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 3621a587a32589e8404ed1f2356fcbfebc128efc Mon Sep 17 00:00:00 2001 -From: Alexey Tikhonov -Date: Mon, 2 Sep 2024 21:04:34 +0200 -Subject: [PATCH] TOOLS: mistype fix -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Reviewed-by: Iker Pedrosa -Reviewed-by: Tomáš Halman ---- - src/tools/sssctl/sssctl_data.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/tools/sssctl/sssctl_data.c b/src/tools/sssctl/sssctl_data.c -index 79e12078e4b..43b9814eaf0 100644 ---- a/src/tools/sssctl/sssctl_data.c -+++ b/src/tools/sssctl/sssctl_data.c -@@ -168,7 +168,7 @@ static errno_t sssctl_restore(bool force_start, bool force_restart) - } - } - -- if (sssctl_backup_file_exists(SSS_BACKUP_USER_OVERRIDES)) { -+ if (sssctl_backup_file_exists(SSS_BACKUP_GROUP_OVERRIDES)) { - ret = sssctl_run_command((const char *[]){"sss_override", "group-import", - SSS_BACKUP_GROUP_OVERRIDES, NULL}); - if (ret != EOK) { diff --git a/sssd.spec b/sssd.spec index f48c304b1e8e88aaa95b8c15becbe1cc27fe4cf5..f8a42e30ed184d6b2cbfbbda86c78bd0da13bf19 100644 --- a/sssd.spec +++ b/sssd.spec @@ -8,7 +8,7 @@ Name: sssd Version: 2.9.5 -Release: 3 +Release: 2 Summary: System Security Services Daemon License: GPL-3.0-or-later URL: https://github.com/SSSD/sssd/ @@ -914,9 +914,6 @@ fi %systemd_postun_with_restart sssd.service %changelog -* Mon Dec 02 2024 Majianhan - 2.9.5-3 -- backport upstream patches - * Fri Nov 22 2024 Majianhan - 2.9.5-2 - backport make sure invalid krb5 context is not used