Ubuntu
sssd package

Merge ~sergiodj/ubuntu/+source/sssd:merge-2.9.2-1-noble into ubuntu/+source/sssd:debian/sid

  1. Git
  2. lp:~sergiodj/ubuntu/+source/sssd
  3. merge-2.9.2-1-noble
  4. Merge into debian/sid
Proposed by Sergio Durigan Junior
Status: Merged
Approved by: git-ubuntu bot
Approved revision: not available
Merge reported by: git-ubuntu bot
Merged at revision: 0d7b6da181912f2b630378428d801078757e7330
Proposed branch: ~sergiodj/ubuntu/+source/sssd:merge-2.9.2-1-noble
Merge into: ubuntu/+source/sssd:debian/sid
Diff against target: 581 lines (+377/-10)
6 files modified
debian/apparmor-profile (+4/-1)
debian/changelog (+353/-0)
debian/control (+4/-3)
debian/tests/control (+4/-6)
debian/tests/sssd-smart-card-pam-auth-configs-tester.sh (+6/-0)
debian/tests/sssd-softhism2-certificates-tests.sh (+6/-0)
Reviewer Review Type Date Requested Status
git-ubuntu bot Approve
Andreas Hasenack Approve
Canonical Server Reporter Pending
Review via email: mp+457904@code.launchpad.net

Description of the change

This is the merge of sssd 2.9.2-1 from Debian unstable.

Another trivial merge. The only manual thing I did was to edit one commit message to make it easier to run "git ubuntu merge finish".

PPA: https://launchpad.net/~sergiodj/+archive/ubuntu/sssd-merge

dep8 results pending.

To post a comment you must log in.
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

This is now ready to be reviewed.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

I'll take it

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

- delta ok
- tags ok
- debian changes ok (smart card updates, including dep8 tests, and build-time tests re-enabled)
- new upstream changes ok

The new DEP8 tests are using a restriction unknown to the ubuntu test runners, though:

597s sssd-softhism2-certificates-tests SKIP unknown restriction needs-sudo
597s sssd-smart-card-pam-auth-configs SKIP unknown restriction needs-sudo

We might want to add a delta for that. Let them run as root, and see where in the code they should run as non-root and make changes if necessary. Given that sssd is subject to some complex SRUs sometimes, I think we should get these tests running in Ubuntu.

review: Needs Fixing
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

That's a good catch, thanks. I will work on the delta.

~sergiodj/ubuntu/+source/sssd:merge-2.9.2-1-noble updated
d1fd884... by Sergio Durigan Junior

  * Add changes:
    - d/t/control: Remove "needs-sudo" restriction from smartcard tests,
      replace with "needs-root". This is needed because Ubuntu's
      autopkgtest infrastructure doesn't support "needs-sudo".
    - d/t/sssd-smart-card-pam-auth-configs-tester.sh,
      d/t/sssd-softhism2-certificates-tests.sh: Add code to handle
      ${AUTOPKGTEST_NORMAL_USER}.

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

I've analysed the script and noticed that they don't actually invoke sudo; instead, it seems to me that they're using "needs-sudo" because it's easier than using "needs-root" and having to handle AUTOPKGTEST_NORMAL_USER. So I've adjusted them to use needs-root instead, and they're passing.

I'm going to submit this change to Debian, and I'm also building a new version of the package so that I can run the dep8 tests again. Meanwhile, feel free to review what I did.

Thanks.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Thanks, looks good. I would just add something to the commit (and/or changelog) saying why we are switching to needs-root (because ubuntu's dep8 infra does not support needs-sudo yet).

If the tests pass, +1

review: Approve
Revision history for this message
git-ubuntu bot (git-ubuntu-bot) wrote :

Approvers: sergiodj, ahasenack
Uploaders: sergiodj, ahasenack
MP auto-approved

review: Approve
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

On Wednesday, January 17 2024, Andreas Hasenack wrote:

> Review: Approve
>
> Thanks, looks good. I would just add something to the commit (and/or changelog) saying why we are switching to needs-root (because ubuntu's dep8 infra does not support needs-sudo yet).
>
> If the tests pass, +1

Thanks, Andreas.

Commit message adjusted. dep8 tests passed:

Results: (from http://autopkgtest.ubuntu.com/results/autopkgtest-noble-sergiodj-sssd-merge/?format=plain)
  sssd @ amd64:
    http://autopkgtest.ubuntu.com/results/autopkgtest-noble-sergiodj-sssd-merge/noble/amd64/s/sssd/20240118_013412_75d9a@/log.gz
    18.01.24 01:34:12 ✅ Triggers: sssd/2.9.2-1ubuntu1~ppa2
  sssd @ arm64:
    http://autopkgtest.ubuntu.com/results/autopkgtest-noble-sergiodj-sssd-merge/noble/arm64/s/sssd/20240118_013352_b1e90@/log.gz
    18.01.24 01:33:52 ✅ Triggers: sssd/2.9.2-1ubuntu1~ppa2
  sssd @ armhf:
    http://autopkgtest.ubuntu.com/results/autopkgtest-noble-sergiodj-sssd-merge/noble/armhf/s/sssd/20240118_012420_26483@/log.gz
    18.01.24 01:24:20 ✅ Triggers: sssd/2.9.2-1ubuntu1~ppa2
  sssd @ ppc64el:
    http://autopkgtest.ubuntu.com/results/autopkgtest-noble-sergiodj-sssd-merge/noble/ppc64el/s/sssd/20240118_013335_b1e90@/log.gz
    18.01.24 01:33:35 ✅ Triggers: sssd/2.9.2-1ubuntu1~ppa2
  sssd @ s390x:
    http://autopkgtest.ubuntu.com/results/autopkgtest-noble-sergiodj-sssd-merge/noble/s390x/s/sssd/20240118_014023_75d9a@/log.gz
    18.01.24 01:40:23 ✅ Triggers: sssd/2.9.2-1ubuntu1~ppa2

Therefore, uploaded:

$ dput sssd_2.9.2-1ubuntu1_source.changes
Trying to upload package to ubuntu
Checking signature on .changes
gpg: /home/sergio/work/sssd/sssd_2.9.2-1ubuntu1_source.changes: Valid signature from 106DA1C8C3CBBF14
Checking signature on .dsc
gpg: /home/sergio/work/sssd/sssd_2.9.2-1ubuntu1.dsc: Valid signature from 106DA1C8C3CBBF14
Package includes an .orig.tar.gz file although the debian revision suggests
that it might not be required. Multiple uploads of the .orig.tar.gz may be
rejected by the upload queue management software.
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading sssd_2.9.2-1ubuntu1.dsc: done.
  Uploading sssd_2.9.2.orig.tar.gz: done.
  Uploading sssd_2.9.2.orig.tar.gz.asc: done.
  Uploading sssd_2.9.2-1ubuntu1.debian.tar.xz: done.
  Uploading sssd_2.9.2-1ubuntu1_source.buildinfo: done.
  Uploading sssd_2.9.2-1ubuntu1_source.changes: done.
Successfully uploaded packages.

--
Sergio
GPG key ID: E92F D0B3 6B14 F1F4 D8E0 EB2F 106D A1C8 C3CB BF14

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/apparmor-profile b/debian/apparmor-profile
2index fadfa6c..7491662 100644
3--- a/debian/apparmor-profile
4+++ b/debian/apparmor-profile
5@@ -4,6 +4,7 @@
6 #include <abstractions/base>
7 #include <abstractions/kerberosclient>
8 #include <abstractions/nameservice>
9+ #include <abstractions/openssl>
10 #include <abstractions/user-tmp>
11
12 capability chown,
13@@ -16,6 +17,7 @@
14 capability sys_resource,
15
16 @{PROC} r,
17+ @{PROC}/[0-9]*/cmdline r,
18 @{PROC}/[0-9]*/net/psched r,
19 @{PROC}/[0-9]*/status r,
20
21@@ -42,7 +44,7 @@
22 /var/lib/sss/* rw,
23 /var/lib/sss/db/* rwk,
24 /var/lib/sss/gpo_cache/* rw,
25- /var/lib/sss/mc/* rw,
26+ /var/lib/sss/mc/* rwk,
27 /var/lib/sss/pipes/* rw,
28 /var/lib/sss/pipes/private/* rw,
29 /var/lib/sss/pubconf/* rw,
30@@ -53,6 +55,7 @@
31
32 /{,var/}run/sssd.pid rw,
33 /{,var/}run/systemd/notify w,
34+ /{,var/}run/systemd/users/* r,
35
36 # Site-specific additions and overrides. See local/README for details.
37 #include <local/usr.sbin.sssd>
38diff --git a/debian/changelog b/debian/changelog
39index 52a5d97..ab3ba9b 100644
40--- a/debian/changelog
41+++ b/debian/changelog
42@@ -1,3 +1,22 @@
43+sssd (2.9.2-1ubuntu1) noble; urgency=medium
44+
45+ * Merge with Debian unstable (LP: #2040429). Remaining changes:
46+ - d/control: Drop libgdm-dev Build-Depend on i386.
47+ - d/control: Don't build sssd-tools on i386, now uninstallable due
48+ to added python3-{click,systemd} dependencies.
49+ - d/apparmor-profile: Add some entries to apparmor-profile file
50+ to get rid of the extraneous ALLOWED messages visible in the
51+ /var/log/syslog. (LP #1999190)
52+ * Add changes:
53+ - d/t/control: Remove "needs-sudo" restriction from smartcard tests,
54+ replace with "needs-root". This is needed because Ubuntu's
55+ autopkgtest infrastructure doesn't support "needs-sudo".
56+ - d/t/sssd-smart-card-pam-auth-configs-tester.sh,
57+ d/t/sssd-softhism2-certificates-tests.sh: Add code to handle
58+ ${AUTOPKGTEST_NORMAL_USER}.
59+
60+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Wed, 03 Jan 2024 11:20:10 -0500
61+
62 sssd (2.9.2-1) unstable; urgency=medium
63
64 [ Timo Aaltonen ]
65@@ -10,6 +29,29 @@ sssd (2.9.2-1) unstable; urgency=medium
66
67 -- Timo Aaltonen <tjaalton@debian.org> Fri, 15 Sep 2023 11:18:38 +0300
68
69+sssd (2.9.1-2ubuntu3) noble; urgency=medium
70+
71+ * Rebuild against latest libunistring
72+
73+ -- Jeremy Bícha <jbicha@ubuntu.com> Fri, 27 Oct 2023 11:05:49 -0400
74+
75+sssd (2.9.1-2ubuntu2) mantic; urgency=medium
76+
77+ * d/apparmor-profile: Add some entries to apparmor-profile file
78+ to get rid of the extraneous ALLOWED messages visible in the
79+ /var/log/syslog. (LP: #1999190)
80+
81+ -- Michal Maloszewski <michal.maloszewski@canonical.com> Wed, 04 Oct 2023 16:58:26 +0200
82+
83+sssd (2.9.1-2ubuntu1) mantic; urgency=medium
84+
85+ * Merge with Debian unstable (LP: #2028722). Remaining changes:
86+ - d/control: Drop libgdm-dev Build-Depend on i386.
87+ - d/control: Don't build sssd-tools on i386, now uninstallable due
88+ to added python3-{click,systemd} dependencies.
89+
90+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Wed, 26 Jul 2023 16:04:29 -0400
91+
92 sssd (2.9.1-2) unstable; urgency=medium
93
94 [ Sergio Durigan Junior ]
95@@ -23,6 +65,19 @@ sssd (2.9.1-2) unstable; urgency=medium
96
97 -- Timo Aaltonen <tjaalton@debian.org> Tue, 25 Jul 2023 15:01:14 +0300
98
99+sssd (2.9.1-1ubuntu1) mantic; urgency=medium
100+
101+ * Merge with Debian unstable (LP: #2018112). Remaining changes:
102+ - d/control: Drop libgdm-dev Build-Depend on i386.
103+ - d/control: Don't build sssd-tools on i386, now uninstallable due
104+ to added python3-{click,systemd} dependencies.
105+ * Drop change:
106+ - d/rules: Fix 'find' syntax to remove '*.egg-info'
107+ files/directories.
108+ [ Incorporated by Debian. ]
109+
110+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 11 Jul 2023 14:48:14 -0400
111+
112 sssd (2.9.1-1) unstable; urgency=medium
113
114 * New upstream release.
115@@ -76,6 +131,30 @@ sssd (2.8.1-2) unstable; urgency=medium
116
117 -- Sergio Durigan Junior <sergiodj@debian.org> Tue, 03 Jan 2023 16:36:00 -0500
118
119+sssd (2.8.1-1ubuntu1) lunar; urgency=medium
120+
121+ * Merge with Debian unstable (LP: #1993448). Remaining changes:
122+ - d/control: Drop libgdm-dev Build-Depend on i386.
123+ - d/control: Don't build sssd-tools on i386, now uninstallable due
124+ to added python3-{click,systemd} dependencies.
125+ * Drop changes:
126+ - Revert dh_nss usage; the feature is still being polished.
127+ + d/control: Don't Build-Depend on dh-sequence-installnss.
128+ + d/libnss-sss.nss: Remove file.
129+ + d/libnss-sss.postinst: Revert changes to use dh-nss.
130+ + d/libnss-sss.postrm: Likewise.
131+ [ Fixed in Debian. ]
132+ - d/p/initialize-uid-gid-main-functions.patch: Initialize UID/GID
133+ variables in "main" functions, preventing inadvertent changes in
134+ p11_child.log file permissions. (LP #1989356)
135+ [ Incorporated by upstream. ]
136+ * Add changes:
137+ - d/rules: Fix 'find' syntax to remove '*.egg-info'
138+ files/directories.
139+ [ Submitted to Debian. ]
140+
141+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 03 Jan 2023 16:42:10 -0500
142+
143 sssd (2.8.1-1) unstable; urgency=medium
144
145 * New upstream release.
146@@ -99,6 +178,41 @@ sssd (2.7.4-1) unstable; urgency=medium
147
148 -- Timo Aaltonen <tjaalton@debian.org> Thu, 22 Sep 2022 15:34:06 +0300
149
150+sssd (2.7.3-2ubuntu4) lunar; urgency=medium
151+
152+ * No-change rebuild with Python 3.11 as default
153+
154+ -- Graham Inggs <ginggs@ubuntu.com> Tue, 27 Dec 2022 03:42:49 +0000
155+
156+sssd (2.7.3-2ubuntu3) lunar; urgency=medium
157+
158+ * No-change rebuild against libldap-2
159+
160+ -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 15 Dec 2022 19:56:34 +0000
161+
162+sssd (2.7.3-2ubuntu2) kinetic; urgency=medium
163+
164+ * d/p/initialize-uid-gid-main-functions.patch: Initialize UID/GID
165+ variables in "main" functions, preventing inadvertent changes in
166+ p11_child.log file permissions. (LP: #1989356)
167+
168+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 04 Oct 2022 19:00:49 -0400
169+
170+sssd (2.7.3-2ubuntu1) kinetic; urgency=medium
171+
172+ * Merge with Debian unstable (LP: #1987348, #1988615). Remaining changes:
173+ - d/control: Drop libgdm-dev Build-Depend on i386.
174+ - d/control: Don't build sssd-tools on i386, now uninstallable due
175+ to added python3-{click,systemd} dependencies.
176+ * Add changes:
177+ - Revert dh_nss usage; the feature is still being polished.
178+ + d/control: Don't Build-Depend on dh-sequence-installnss.
179+ + d/libnss-sss.nss: Remove file.
180+ + d/libnss-sss.postinst: Revert changes to use dh-nss.
181+ + d/libnss-sss.postrm: Likewise.
182+
183+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 06 Sep 2022 13:56:06 -0400
184+
185 sssd (2.7.3-2) unstable; urgency=medium
186
187 [ Timo Aaltonen ]
188@@ -118,6 +232,15 @@ sssd (2.7.3-1) unstable; urgency=medium
189
190 -- Timo Aaltonen <tjaalton@debian.org> Wed, 06 Jul 2022 08:52:58 +0300
191
192+sssd (2.7.2-3ubuntu1) kinetic; urgency=medium
193+
194+ * Merge with Debian unstable. Remaining changes:
195+ - d/control: Drop libgdm-dev Build-Depend on i386.
196+ - d/control: Don't build sssd-tools on i386, now uninstallable due
197+ to added python3-{click,systemd} dependencies.
198+
199+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Thu, 23 Jun 2022 14:03:54 -0400
200+
201 sssd (2.7.2-3) unstable; urgency=medium
202
203 * d/p/fix-shebang-on-sss_analyze.patch: Fix shebang on sss_analyze.
204@@ -137,6 +260,18 @@ sssd (2.7.2-1) unstable; urgency=medium
205
206 -- Timo Aaltonen <tjaalton@debian.org> Wed, 22 Jun 2022 13:19:27 +0300
207
208+sssd (2.7.1-2ubuntu1) kinetic; urgency=medium
209+
210+ * Merge with Debian unstable (LP: #1971327, #1934997). Remaining changes:
211+ - d/control: Drop libgdm-dev Build-Depend on i386.
212+ - d/control: Don't build sssd-tools on i386, now uninstallable due
213+ to added python3-{click,systemd} dependencies.
214+ * Dropped changes:
215+ - d/rules: Disable lto, not ready upstream.
216+ [ Incorporated by Debian ]
217+
218+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 14 Jun 2022 16:59:20 -0400
219+
220 sssd (2.7.1-2) unstable; urgency=medium
221
222 * pac-relax-default-for-pac_check-option.diff: Drop pac_present from
223@@ -179,6 +314,31 @@ sssd (2.6.3-2) unstable; urgency=medium
224
225 -- Timo Aaltonen <tjaalton@debian.org> Tue, 29 Mar 2022 10:04:50 +0300
226
227+sssd (2.6.3-1ubuntu3) jammy; urgency=medium
228+
229+ * No-change rebuild with new samba 4.15.5
230+
231+ -- Andreas Hasenack <andreas@canonical.com> Thu, 24 Feb 2022 08:55:08 -0300
232+
233+sssd (2.6.3-1ubuntu2) jammy; urgency=medium
234+
235+ * No-change rebuild with new libnfsidmap from src:nfs-utils
236+
237+ -- Andreas Hasenack <andreas@canonical.com> Thu, 17 Feb 2022 10:57:41 -0300
238+
239+sssd (2.6.3-1ubuntu1) jammy; urgency=medium
240+
241+ * Merge with Debian unstable (LP: #1946904). Remaining changes:
242+ - d/rules: Disable lto, not ready upstream.
243+ - d/control: Drop libgdm-dev Build-Depend on i386.
244+ - d/control: Don't build sssd-tools on i386, now uninstallable due
245+ to added python3-{click,systemd} dependencies.
246+ * Dropped changes, picked by Debian:
247+ - Remove RANDFILE from the config template. It's no longer necessary and
248+ breaks with openssl 3.0.
249+
250+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 14 Feb 2022 16:21:21 -0500
251+
252 sssd (2.6.3-1) unstable; urgency=medium
253
254 * New upstream release.
255@@ -190,6 +350,40 @@ sssd (2.6.3-1) unstable; urgency=medium
256
257 -- Timo Aaltonen <tjaalton@debian.org> Fri, 11 Feb 2022 09:35:43 +0200
258
259+sssd (2.6.1-1ubuntu4) jammy; urgency=medium
260+
261+ * No-change rebuild with Python 3.10 as default version
262+
263+ -- Graham Inggs <ginggs@ubuntu.com> Sun, 16 Jan 2022 15:13:06 +0000
264+
265+sssd (2.6.1-1ubuntu3) jammy; urgency=medium
266+
267+ * Remember how architecture lists in debian/control work.
268+
269+ -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 17 Dec 2021 23:12:51 +0000
270+
271+sssd (2.6.1-1ubuntu2) jammy; urgency=medium
272+
273+ * Don't build sssd-tools on i386, now uninstallable due to added
274+ python3-{click,systemd} dependencies.
275+
276+ -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 17 Dec 2021 21:50:00 +0000
277+
278+sssd (2.6.1-1ubuntu1) jammy; urgency=low
279+
280+ * Merge from Debian unstable. Remaining changes:
281+ - Disable lto, not ready upstream.
282+ - d/control: Drop libgdm-dev Build-Depend on i386.
283+ - Remove RANDFILE from the config template. It's no longer necessary and
284+ breaks with openssl 3.0.
285+ * Dropped changes, included upstream:
286+ - d/p/fix-python-tests.patch: Fix Python tests by making them
287+ assert Python module paths by using full pathnames.
288+ * Dropped changes, included in Debian:
289+ - debian/control: Switch to libsemanage-dev from libsemanage1-dev
290+
291+ -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 10 Dec 2021 10:29:16 -0800
292+
293 sssd (2.6.1-1) unstable; urgency=medium
294
295 * New upstream release.
296@@ -206,6 +400,54 @@ sssd (2.5.2-5) unstable; urgency=medium
297
298 -- Timo Aaltonen <tjaalton@debian.org> Mon, 08 Nov 2021 21:17:29 +0200
299
300+sssd (2.5.2-4ubuntu4) jammy; urgency=medium
301+
302+ * No-change rebuild against libssl3
303+
304+ -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 09 Dec 2021 00:19:23 +0000
305+
306+sssd (2.5.2-4ubuntu3) jammy; urgency=medium
307+
308+ * Remove RANDFILE from the config template. It's no longer necessary and
309+ breaks with openssl 3.0.
310+
311+ -- Rico Tzschichholz <ricotz@ubuntu.com> Tue, 23 Nov 2021 20:19:07 +0100
312+
313+sssd (2.5.2-4ubuntu2) jammy; urgency=medium
314+
315+ * debian/control: Switch to libsemanage-dev from libsemanage1-dev
316+
317+ -- Rico Tzschichholz <ricotz@ubuntu.com> Mon, 22 Nov 2021 20:51:36 +0100
318+
319+sssd (2.5.2-4ubuntu1) jammy; urgency=medium
320+
321+ * Merge with Debian unstable (LP: #1946904). Remaining changes:
322+ - Disable lto, not ready upstream.
323+ - d/control: Drop libgdm-dev Build-Depend on i386.
324+ - d/p/fix-python-tests.patch: Fix Python tests by making them
325+ assert Python module paths by using full pathnames.
326+ * Dropped changes:
327+ - d/apparmor-profile: Update profile. (LP #1910611)
328+ + Extend read permissions to /etc/sssd/** and /etc/gss/**.
329+ + Add read/execute permission to /usr/libexec/sssd/*.
330+ [ Incorporated by Debian. ]
331+ - Fix FTBFS with newer autoconf
332+ + debian/patches/fix_newer_autoconf.patch: do not unset PYTHON_PREFIX
333+ and PYTHON_EXEC_PREFIX in src/external/python.m4.
334+ [ Incorporated by Debian. ]
335+ - SECURITY UPDATE: shell command injection in sssctl comment
336+ + debian/patches/CVE-2021-3621.patch: replace system() with execvp() to
337+ avoid execution of user supplied command in
338+ src/tools/sssctl/sssctl.c, src/tools/sssctl/sssctl.h,
339+ src/tools/sssctl/sssctl_data.c, src/tools/sssctl/sssctl_logs.c.
340+ + CVE-2021-3621
341+ [ Incorporated by Debian. ]
342+ - d/p/disable-fail_over-tests.patch: Disable fail_over-tests,
343+ which is failing when running inside sbuild.
344+ [ Not needed anymore; issue does not reproduce on Jammy. ]
345+
346+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Wed, 27 Oct 2021 20:16:31 -0400
347+
348 sssd (2.5.2-4) unstable; urgency=medium
349
350 * control: Promote libnss-sss and libpam-sss to sssd-common Depends.
351@@ -248,6 +490,63 @@ sssd (2.5.2-1) unstable; urgency=medium
352
353 -- Timo Aaltonen <tjaalton@debian.org> Thu, 16 Sep 2021 14:51:42 +0300
354
355+sssd (2.4.1-2ubuntu4) impish; urgency=medium
356+
357+ * Fix FTBFS with newer autoconf
358+ - debian/patches/fix_newer_autoconf.patch: do not unset PYTHON_PREFIX
359+ and PYTHON_EXEC_PREFIX in src/external/python.m4.
360+
361+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 08 Sep 2021 11:39:53 -0400
362+
363+sssd (2.4.1-2ubuntu3) impish; urgency=medium
364+
365+ * SECURITY UPDATE: shell command injection in sssctl comment
366+ - debian/patches/CVE-2021-3621.patch: replace system() with execvp() to
367+ avoid execution of user supplied command in
368+ src/tools/sssctl/sssctl.c, src/tools/sssctl/sssctl.h,
369+ src/tools/sssctl/sssctl_data.c, src/tools/sssctl/sssctl_logs.c.
370+ - CVE-2021-3621
371+
372+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 18 Aug 2021 08:13:38 -0400
373+
374+sssd (2.4.1-2ubuntu2) impish; urgency=medium
375+
376+ * No-change rebuild due to OpenLDAP soname bump.
377+
378+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 21 Jun 2021 18:09:16 -0400
379+
380+sssd (2.4.1-2ubuntu1) impish; urgency=medium
381+
382+ * Merge with Debian unstable. Remaining changes:
383+ - d/apparmor-profile: Update profile. (LP #1910611)
384+ + Extend read permissions to /etc/sssd/** and /etc/gss/**.
385+ + Add read/execute permission to /usr/libexec/sssd/*.
386+ - Disable lto, not ready upstream.
387+ - d/control: Drop libgdm-dev Build-Depend on i386.
388+ * Dropped changes:
389+ - d/p/condition-path-exists-sssd-conf.patch: Only start
390+ sssd.service if there is a configuration file present.
391+ (LP: #1900642)
392+ [ Included in 2.4.1-2 ]
393+ - d/p/0003-Only-start-sssd.service-if-there-s-a-configuration-f.patch:
394+ Upstream patch to make sssd.service only able to start when there
395+ is a configuration file present. (LP #1900642)
396+ - d/p/condition-path-exists-sssd-conf.patch: Remove.
397+ [ Included in 2.4.1-2 ]
398+ - Avoid sending malformed SYSLOG_IDENTIFIER to journald (LP #1908065):
399+ + d/p/lp-1908065-01-syslog_identifier-format.patch:
400+ Upstream patch to include "sssd[]" identifier in program names.
401+ + d/p/lp-1908065-02-remove-syslog_identifier.patch:
402+ Upstream patch to remove custom SYSLOG_IDENTIFIER from Journald.
403+ [ Included in 2.4.1-2 ]
404+ * Added changes:
405+ - d/p/fix-python-tests.patch: Fix Python tests by making them
406+ assert Python module paths by using full pathnames.
407+ - d/p/disable-fail_over-tests.patch: Disable fail_over-tests,
408+ which is failing when running inside sbuild.
409+
410+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 18 May 2021 17:29:58 -0400
411+
412 sssd (2.4.1-2) unstable; urgency=medium
413
414 [ Marco Trevisan (Treviño) ]
415@@ -273,6 +572,59 @@ sssd (2.4.1-1) unstable; urgency=medium
416
417 -- Timo Aaltonen <tjaalton@debian.org> Wed, 10 Feb 2021 11:32:35 +0200
418
419+sssd (2.4.0-1ubuntu7) impish; urgency=medium
420+
421+ * d/control: Drop libgdm-dev Build-Depend on i386.
422+
423+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 11 May 2021 16:22:31 -0400
424+
425+sssd (2.4.0-1ubuntu6) hirsute; urgency=medium
426+
427+ * Disable lto, not ready upstream.
428+
429+ -- Matthias Klose <doko@ubuntu.com> Tue, 23 Mar 2021 13:18:53 +0100
430+
431+sssd (2.4.0-1ubuntu5) hirsute; urgency=medium
432+
433+ * No change rebuild with fixed ownership.
434+
435+ -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 16 Feb 2021 15:22:14 +0000
436+
437+sssd (2.4.0-1ubuntu4) hirsute; urgency=medium
438+
439+ * Avoid sending malformed SYSLOG_IDENTIFIER to journald (LP: #1908065):
440+ - d/p/lp-1908065-01-syslog_identifier-format.patch:
441+ Upstream patch to include "sssd[]" identifier in program names.
442+ - d/p/lp-1908065-02-remove-syslog_identifier.patch:
443+ Upstream patch to remove custom SYSLOG_IDENTIFIER from Journald.
444+
445+ -- Valters Jansons <valter.jansons@gmail.com> Fri, 05 Feb 2021 20:51:32 +0000
446+
447+sssd (2.4.0-1ubuntu3) hirsute; urgency=medium
448+
449+ * d/apparmor-profile: Update profile. (LP: #1910611)
450+ - Extend read permissions to /etc/sssd/conf.d/* and /etc/gss/mech.d/*.
451+ - Add read/execute permission to /usr/libexec/sssd/*.
452+
453+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 18 Jan 2021 16:57:21 -0500
454+
455+sssd (2.4.0-1ubuntu2) hirsute; urgency=medium
456+
457+ * d/p/0003-Only-start-sssd.service-if-there-s-a-configuration-f.patch:
458+ Upstream patch to make sssd.service only able to start when there
459+ is a configuration file present. (LP: #1900642)
460+ * d/p/condition-path-exists-sssd-conf.patch: Remove.
461+
462+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 12 Jan 2021 16:17:38 -0500
463+
464+sssd (2.4.0-1ubuntu1) hirsute; urgency=medium
465+
466+ * d/p/condition-path-exists-sssd-conf.patch: Only start
467+ sssd.service if there is a configuration file present.
468+ (LP: #1900642)
469+
470+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Thu, 10 Dec 2020 14:20:24 -0500
471+
472 sssd (2.4.0-1) unstable; urgency=medium
473
474 * New upstream release.
475@@ -1342,3 +1694,4 @@ sssd (0.5.0-0ubuntu1) karmic; urgency=low
476 * Initial release.
477
478 -- Mathias Gug <mathiaz@ubuntu.com> Mon, 24 Aug 2009 16:35:11 -0400
479+
480diff --git a/debian/control b/debian/control
481index 3b3a54c..3fa7133 100644
482--- a/debian/control
483+++ b/debian/control
484@@ -1,7 +1,8 @@
485 Source: sssd
486 Section: utils
487 Priority: optional
488-Maintainer: Debian SSSD Team <pkg-sssd-devel@alioth-lists.debian.net>
489+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
490+XSBC-Original-Maintainer: Debian SSSD Team <pkg-sssd-devel@alioth-lists.debian.net>
491 Uploaders: Timo Aaltonen <tjaalton@debian.org>,
492 Dominik George <natureshadow@debian.org>
493 Build-Depends:
494@@ -29,7 +30,7 @@ Build-Depends:
495 libdbus-1-dev,
496 libdhash-dev,
497 libfido2-dev,
498- libgdm-dev [!s390x !kfreebsd-any !hurd-any],
499+ libgdm-dev [!s390x !kfreebsd-any !hurd-any !i386],
500 libglib2.0-dev,
501 libini-config-dev,
502 libjansson-dev,
503@@ -240,7 +241,7 @@ Description: System Security Services Daemon -- proxy back end
504 PAM modules to leverage SSSD caching.
505
506 Package: sssd-tools
507-Architecture: any
508+Architecture: amd64 arm64 armhf ppc64el riscv64 s390x
509 Depends:
510 python3,
511 python3-sss,
512diff --git a/debian/tests/control b/debian/tests/control
513index 601165e..0d94a73 100644
514--- a/debian/tests/control
515+++ b/debian/tests/control
516@@ -6,9 +6,7 @@ Tests: ldap-user-group-krb5-auth
517 Depends: @, slapd, ldap-utils, openssl, expect, lsb-release, krb5-user, krb5-admin-server, krb5-kdc
518 Restrictions: isolation-container, needs-root, allow-stderr
519
520-Test-Command: sudo
521- bash debian/tests/sssd-softhism2-certificates-tests.sh
522-Features: test-name=sssd-softhism2-certificates-tests
523+Tests: sssd-softhism2-certificates-tests.sh
524 Depends: bash,
525 gnutls-bin,
526 openssl,
527@@ -16,10 +14,10 @@ Depends: bash,
528 softhsm2,
529 sssd,
530 util-linux
531-Restrictions: needs-sudo,
532+Restrictions: needs-root,
533 allow-stderr
534
535-Test-Command: sudo env
536+Test-Command: env
537 OFFLINE_MODE=1
538 bash debian/tests/sssd-smart-card-pam-auth-configs-tester.sh
539 Features: test-name=sssd-smart-card-pam-auth-configs
540@@ -34,6 +32,6 @@ Depends: bash,
541 util-linux
542 Restrictions: breaks-testbed,
543 isolation-container,
544- needs-sudo,
545+ needs-root,
546 allow-stderr
547
548diff --git a/debian/tests/sssd-smart-card-pam-auth-configs-tester.sh b/debian/tests/sssd-smart-card-pam-auth-configs-tester.sh
549index fde2e2b..12351cf 100644
550--- a/debian/tests/sssd-smart-card-pam-auth-configs-tester.sh
551+++ b/debian/tests/sssd-smart-card-pam-auth-configs-tester.sh
552@@ -13,6 +13,12 @@ set -xe
553
554 export DEBIAN_FRONTEND=noninteractive
555
556+if [ -z "${AUTOPKGTEST_NORMAL_USER}" ]; then
557+ adduser --quiet --disable-password _sssduser
558+ AUTOPKGTEST_NORMAL_USER="_sssduser"
559+fi
560+SUDO_USER="${AUTOPKGTEST_NORMAL_USER}"
561+
562 required_tools=(
563 pamtester # debian package: pamtester
564 softhsm2-util # debian package: softhsm2
565diff --git a/debian/tests/sssd-softhism2-certificates-tests.sh b/debian/tests/sssd-softhism2-certificates-tests.sh
566index 2f37167..df61c44 100644
567--- a/debian/tests/sssd-softhism2-certificates-tests.sh
568+++ b/debian/tests/sssd-softhism2-certificates-tests.sh
569@@ -7,6 +7,12 @@
570 # Used to verify p11_child usage in SSSD.
571 set -xe
572
573+if [ -z "${AUTOPKGTEST_NORMAL_USER}" ]; then
574+ adduser --quiet --disable-password _sssduser
575+ AUTOPKGTEST_NORMAL_USER="_sssduser"
576+fi
577+SUDO_USER="${AUTOPKGTEST_NORMAL_USER}"
578+
579 required_tools=(
580 p11tool # debian package: gnutls-bin
581 openssl # debian package: openssl

Subscribers

People subscribed via source and target branches