Merge ~sergiodj/ubuntu/+source/sssd:merge-2.9.2-1-noble into ubuntu/+source/sssd:debian/sid
- Git
- lp:~sergiodj/ubuntu/+source/sssd
- merge-2.9.2-1-noble
- Merge into debian/sid
Status: | Merged | ||||||||
---|---|---|---|---|---|---|---|---|---|
Approved by: | git-ubuntu bot | ||||||||
Approved revision: | not available | ||||||||
Merge reported by: | git-ubuntu bot | ||||||||
Merged at revision: | 0d7b6da181912f2b630378428d801078757e7330 | ||||||||
Proposed branch: | ~sergiodj/ubuntu/+source/sssd:merge-2.9.2-1-noble | ||||||||
Merge into: | ubuntu/+source/sssd:debian/sid | ||||||||
Diff against target: |
581 lines (+377/-10) 6 files modified
debian/apparmor-profile (+4/-1) debian/changelog (+353/-0) debian/control (+4/-3) debian/tests/control (+4/-6) debian/tests/sssd-smart-card-pam-auth-configs-tester.sh (+6/-0) debian/tests/sssd-softhism2-certificates-tests.sh (+6/-0) |
||||||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
git-ubuntu bot | Approve | ||
Andreas Hasenack | Approve | ||
Canonical Server Reporter | Pending | ||
Review via email: mp+457904@code.launchpad.net |
Commit message
Description of the change
This is the merge of sssd 2.9.2-1 from Debian unstable.
Another trivial merge. The only manual thing I did was to edit one commit message to make it easier to run "git ubuntu merge finish".
PPA: https:/
dep8 results pending.
Sergio Durigan Junior (sergiodj) wrote : | # |
Andreas Hasenack (ahasenack) wrote : | # |
I'll take it
Andreas Hasenack (ahasenack) wrote : | # |
- delta ok
- tags ok
- debian changes ok (smart card updates, including dep8 tests, and build-time tests re-enabled)
- new upstream changes ok
The new DEP8 tests are using a restriction unknown to the ubuntu test runners, though:
597s sssd-softhism2-
597s sssd-smart-
We might want to add a delta for that. Let them run as root, and see where in the code they should run as non-root and make changes if necessary. Given that sssd is subject to some complex SRUs sometimes, I think we should get these tests running in Ubuntu.
Sergio Durigan Junior (sergiodj) wrote : | # |
That's a good catch, thanks. I will work on the delta.
- d1fd884... by Sergio Durigan Junior
-
* Add changes:
- d/t/control: Remove "needs-sudo" restriction from smartcard tests,
replace with "needs-root". This is needed because Ubuntu's
autopkgtest infrastructure doesn't support "needs-sudo".
- d/t/sssd-smart-card- pam-auth- configs- tester. sh,
d/t/sssd- softhism2- certificates- tests.sh: Add code to handle
${AUTOPKGTEST_ NORMAL_ USER}.
Sergio Durigan Junior (sergiodj) wrote : | # |
I've analysed the script and noticed that they don't actually invoke sudo; instead, it seems to me that they're using "needs-sudo" because it's easier than using "needs-root" and having to handle AUTOPKGTEST_
I'm going to submit this change to Debian, and I'm also building a new version of the package so that I can run the dep8 tests again. Meanwhile, feel free to review what I did.
Thanks.
Andreas Hasenack (ahasenack) wrote : | # |
Thanks, looks good. I would just add something to the commit (and/or changelog) saying why we are switching to needs-root (because ubuntu's dep8 infra does not support needs-sudo yet).
If the tests pass, +1
git-ubuntu bot (git-ubuntu-bot) wrote : | # |
Approvers: sergiodj, ahasenack
Uploaders: sergiodj, ahasenack
MP auto-approved
Sergio Durigan Junior (sergiodj) wrote : | # |
On Wednesday, January 17 2024, Andreas Hasenack wrote:
> Review: Approve
>
> Thanks, looks good. I would just add something to the commit (and/or changelog) saying why we are switching to needs-root (because ubuntu's dep8 infra does not support needs-sudo yet).
>
> If the tests pass, +1
Thanks, Andreas.
Commit message adjusted. dep8 tests passed:
Results: (from http://
sssd @ amd64:
http://
18.01.24 01:34:12 ✅ Triggers: sssd/2.
sssd @ arm64:
http://
18.01.24 01:33:52 ✅ Triggers: sssd/2.
sssd @ armhf:
http://
18.01.24 01:24:20 ✅ Triggers: sssd/2.
sssd @ ppc64el:
http://
18.01.24 01:33:35 ✅ Triggers: sssd/2.
sssd @ s390x:
http://
18.01.24 01:40:23 ✅ Triggers: sssd/2.
Therefore, uploaded:
$ dput sssd_2.
Trying to upload package to ubuntu
Checking signature on .changes
gpg: /home/sergio/
Checking signature on .dsc
gpg: /home/sergio/
Package includes an .orig.tar.gz file although the debian revision suggests
that it might not be required. Multiple uploads of the .orig.tar.gz may be
rejected by the upload queue management software.
Uploading to ubuntu (via ftp to upload.ubuntu.com):
Uploading sssd_2.
Uploading sssd_2.
Uploading sssd_2.
Uploading sssd_2.
Uploading sssd_2.
Uploading sssd_2.
Successfully uploaded packages.
--
Sergio
GPG key ID: E92F D0B3 6B14 F1F4 D8E0 EB2F 106D A1C8 C3CB BF14
Preview Diff
1 | diff --git a/debian/apparmor-profile b/debian/apparmor-profile |
2 | index fadfa6c..7491662 100644 |
3 | --- a/debian/apparmor-profile |
4 | +++ b/debian/apparmor-profile |
5 | @@ -4,6 +4,7 @@ |
6 | #include <abstractions/base> |
7 | #include <abstractions/kerberosclient> |
8 | #include <abstractions/nameservice> |
9 | + #include <abstractions/openssl> |
10 | #include <abstractions/user-tmp> |
11 | |
12 | capability chown, |
13 | @@ -16,6 +17,7 @@ |
14 | capability sys_resource, |
15 | |
16 | @{PROC} r, |
17 | + @{PROC}/[0-9]*/cmdline r, |
18 | @{PROC}/[0-9]*/net/psched r, |
19 | @{PROC}/[0-9]*/status r, |
20 | |
21 | @@ -42,7 +44,7 @@ |
22 | /var/lib/sss/* rw, |
23 | /var/lib/sss/db/* rwk, |
24 | /var/lib/sss/gpo_cache/* rw, |
25 | - /var/lib/sss/mc/* rw, |
26 | + /var/lib/sss/mc/* rwk, |
27 | /var/lib/sss/pipes/* rw, |
28 | /var/lib/sss/pipes/private/* rw, |
29 | /var/lib/sss/pubconf/* rw, |
30 | @@ -53,6 +55,7 @@ |
31 | |
32 | /{,var/}run/sssd.pid rw, |
33 | /{,var/}run/systemd/notify w, |
34 | + /{,var/}run/systemd/users/* r, |
35 | |
36 | # Site-specific additions and overrides. See local/README for details. |
37 | #include <local/usr.sbin.sssd> |
38 | diff --git a/debian/changelog b/debian/changelog |
39 | index 52a5d97..ab3ba9b 100644 |
40 | --- a/debian/changelog |
41 | +++ b/debian/changelog |
42 | @@ -1,3 +1,22 @@ |
43 | +sssd (2.9.2-1ubuntu1) noble; urgency=medium |
44 | + |
45 | + * Merge with Debian unstable (LP: #2040429). Remaining changes: |
46 | + - d/control: Drop libgdm-dev Build-Depend on i386. |
47 | + - d/control: Don't build sssd-tools on i386, now uninstallable due |
48 | + to added python3-{click,systemd} dependencies. |
49 | + - d/apparmor-profile: Add some entries to apparmor-profile file |
50 | + to get rid of the extraneous ALLOWED messages visible in the |
51 | + /var/log/syslog. (LP #1999190) |
52 | + * Add changes: |
53 | + - d/t/control: Remove "needs-sudo" restriction from smartcard tests, |
54 | + replace with "needs-root". This is needed because Ubuntu's |
55 | + autopkgtest infrastructure doesn't support "needs-sudo". |
56 | + - d/t/sssd-smart-card-pam-auth-configs-tester.sh, |
57 | + d/t/sssd-softhism2-certificates-tests.sh: Add code to handle |
58 | + ${AUTOPKGTEST_NORMAL_USER}. |
59 | + |
60 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Wed, 03 Jan 2024 11:20:10 -0500 |
61 | + |
62 | sssd (2.9.2-1) unstable; urgency=medium |
63 | |
64 | [ Timo Aaltonen ] |
65 | @@ -10,6 +29,29 @@ sssd (2.9.2-1) unstable; urgency=medium |
66 | |
67 | -- Timo Aaltonen <tjaalton@debian.org> Fri, 15 Sep 2023 11:18:38 +0300 |
68 | |
69 | +sssd (2.9.1-2ubuntu3) noble; urgency=medium |
70 | + |
71 | + * Rebuild against latest libunistring |
72 | + |
73 | + -- Jeremy Bícha <jbicha@ubuntu.com> Fri, 27 Oct 2023 11:05:49 -0400 |
74 | + |
75 | +sssd (2.9.1-2ubuntu2) mantic; urgency=medium |
76 | + |
77 | + * d/apparmor-profile: Add some entries to apparmor-profile file |
78 | + to get rid of the extraneous ALLOWED messages visible in the |
79 | + /var/log/syslog. (LP: #1999190) |
80 | + |
81 | + -- Michal Maloszewski <michal.maloszewski@canonical.com> Wed, 04 Oct 2023 16:58:26 +0200 |
82 | + |
83 | +sssd (2.9.1-2ubuntu1) mantic; urgency=medium |
84 | + |
85 | + * Merge with Debian unstable (LP: #2028722). Remaining changes: |
86 | + - d/control: Drop libgdm-dev Build-Depend on i386. |
87 | + - d/control: Don't build sssd-tools on i386, now uninstallable due |
88 | + to added python3-{click,systemd} dependencies. |
89 | + |
90 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Wed, 26 Jul 2023 16:04:29 -0400 |
91 | + |
92 | sssd (2.9.1-2) unstable; urgency=medium |
93 | |
94 | [ Sergio Durigan Junior ] |
95 | @@ -23,6 +65,19 @@ sssd (2.9.1-2) unstable; urgency=medium |
96 | |
97 | -- Timo Aaltonen <tjaalton@debian.org> Tue, 25 Jul 2023 15:01:14 +0300 |
98 | |
99 | +sssd (2.9.1-1ubuntu1) mantic; urgency=medium |
100 | + |
101 | + * Merge with Debian unstable (LP: #2018112). Remaining changes: |
102 | + - d/control: Drop libgdm-dev Build-Depend on i386. |
103 | + - d/control: Don't build sssd-tools on i386, now uninstallable due |
104 | + to added python3-{click,systemd} dependencies. |
105 | + * Drop change: |
106 | + - d/rules: Fix 'find' syntax to remove '*.egg-info' |
107 | + files/directories. |
108 | + [ Incorporated by Debian. ] |
109 | + |
110 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 11 Jul 2023 14:48:14 -0400 |
111 | + |
112 | sssd (2.9.1-1) unstable; urgency=medium |
113 | |
114 | * New upstream release. |
115 | @@ -76,6 +131,30 @@ sssd (2.8.1-2) unstable; urgency=medium |
116 | |
117 | -- Sergio Durigan Junior <sergiodj@debian.org> Tue, 03 Jan 2023 16:36:00 -0500 |
118 | |
119 | +sssd (2.8.1-1ubuntu1) lunar; urgency=medium |
120 | + |
121 | + * Merge with Debian unstable (LP: #1993448). Remaining changes: |
122 | + - d/control: Drop libgdm-dev Build-Depend on i386. |
123 | + - d/control: Don't build sssd-tools on i386, now uninstallable due |
124 | + to added python3-{click,systemd} dependencies. |
125 | + * Drop changes: |
126 | + - Revert dh_nss usage; the feature is still being polished. |
127 | + + d/control: Don't Build-Depend on dh-sequence-installnss. |
128 | + + d/libnss-sss.nss: Remove file. |
129 | + + d/libnss-sss.postinst: Revert changes to use dh-nss. |
130 | + + d/libnss-sss.postrm: Likewise. |
131 | + [ Fixed in Debian. ] |
132 | + - d/p/initialize-uid-gid-main-functions.patch: Initialize UID/GID |
133 | + variables in "main" functions, preventing inadvertent changes in |
134 | + p11_child.log file permissions. (LP #1989356) |
135 | + [ Incorporated by upstream. ] |
136 | + * Add changes: |
137 | + - d/rules: Fix 'find' syntax to remove '*.egg-info' |
138 | + files/directories. |
139 | + [ Submitted to Debian. ] |
140 | + |
141 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 03 Jan 2023 16:42:10 -0500 |
142 | + |
143 | sssd (2.8.1-1) unstable; urgency=medium |
144 | |
145 | * New upstream release. |
146 | @@ -99,6 +178,41 @@ sssd (2.7.4-1) unstable; urgency=medium |
147 | |
148 | -- Timo Aaltonen <tjaalton@debian.org> Thu, 22 Sep 2022 15:34:06 +0300 |
149 | |
150 | +sssd (2.7.3-2ubuntu4) lunar; urgency=medium |
151 | + |
152 | + * No-change rebuild with Python 3.11 as default |
153 | + |
154 | + -- Graham Inggs <ginggs@ubuntu.com> Tue, 27 Dec 2022 03:42:49 +0000 |
155 | + |
156 | +sssd (2.7.3-2ubuntu3) lunar; urgency=medium |
157 | + |
158 | + * No-change rebuild against libldap-2 |
159 | + |
160 | + -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 15 Dec 2022 19:56:34 +0000 |
161 | + |
162 | +sssd (2.7.3-2ubuntu2) kinetic; urgency=medium |
163 | + |
164 | + * d/p/initialize-uid-gid-main-functions.patch: Initialize UID/GID |
165 | + variables in "main" functions, preventing inadvertent changes in |
166 | + p11_child.log file permissions. (LP: #1989356) |
167 | + |
168 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 04 Oct 2022 19:00:49 -0400 |
169 | + |
170 | +sssd (2.7.3-2ubuntu1) kinetic; urgency=medium |
171 | + |
172 | + * Merge with Debian unstable (LP: #1987348, #1988615). Remaining changes: |
173 | + - d/control: Drop libgdm-dev Build-Depend on i386. |
174 | + - d/control: Don't build sssd-tools on i386, now uninstallable due |
175 | + to added python3-{click,systemd} dependencies. |
176 | + * Add changes: |
177 | + - Revert dh_nss usage; the feature is still being polished. |
178 | + + d/control: Don't Build-Depend on dh-sequence-installnss. |
179 | + + d/libnss-sss.nss: Remove file. |
180 | + + d/libnss-sss.postinst: Revert changes to use dh-nss. |
181 | + + d/libnss-sss.postrm: Likewise. |
182 | + |
183 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 06 Sep 2022 13:56:06 -0400 |
184 | + |
185 | sssd (2.7.3-2) unstable; urgency=medium |
186 | |
187 | [ Timo Aaltonen ] |
188 | @@ -118,6 +232,15 @@ sssd (2.7.3-1) unstable; urgency=medium |
189 | |
190 | -- Timo Aaltonen <tjaalton@debian.org> Wed, 06 Jul 2022 08:52:58 +0300 |
191 | |
192 | +sssd (2.7.2-3ubuntu1) kinetic; urgency=medium |
193 | + |
194 | + * Merge with Debian unstable. Remaining changes: |
195 | + - d/control: Drop libgdm-dev Build-Depend on i386. |
196 | + - d/control: Don't build sssd-tools on i386, now uninstallable due |
197 | + to added python3-{click,systemd} dependencies. |
198 | + |
199 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Thu, 23 Jun 2022 14:03:54 -0400 |
200 | + |
201 | sssd (2.7.2-3) unstable; urgency=medium |
202 | |
203 | * d/p/fix-shebang-on-sss_analyze.patch: Fix shebang on sss_analyze. |
204 | @@ -137,6 +260,18 @@ sssd (2.7.2-1) unstable; urgency=medium |
205 | |
206 | -- Timo Aaltonen <tjaalton@debian.org> Wed, 22 Jun 2022 13:19:27 +0300 |
207 | |
208 | +sssd (2.7.1-2ubuntu1) kinetic; urgency=medium |
209 | + |
210 | + * Merge with Debian unstable (LP: #1971327, #1934997). Remaining changes: |
211 | + - d/control: Drop libgdm-dev Build-Depend on i386. |
212 | + - d/control: Don't build sssd-tools on i386, now uninstallable due |
213 | + to added python3-{click,systemd} dependencies. |
214 | + * Dropped changes: |
215 | + - d/rules: Disable lto, not ready upstream. |
216 | + [ Incorporated by Debian ] |
217 | + |
218 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 14 Jun 2022 16:59:20 -0400 |
219 | + |
220 | sssd (2.7.1-2) unstable; urgency=medium |
221 | |
222 | * pac-relax-default-for-pac_check-option.diff: Drop pac_present from |
223 | @@ -179,6 +314,31 @@ sssd (2.6.3-2) unstable; urgency=medium |
224 | |
225 | -- Timo Aaltonen <tjaalton@debian.org> Tue, 29 Mar 2022 10:04:50 +0300 |
226 | |
227 | +sssd (2.6.3-1ubuntu3) jammy; urgency=medium |
228 | + |
229 | + * No-change rebuild with new samba 4.15.5 |
230 | + |
231 | + -- Andreas Hasenack <andreas@canonical.com> Thu, 24 Feb 2022 08:55:08 -0300 |
232 | + |
233 | +sssd (2.6.3-1ubuntu2) jammy; urgency=medium |
234 | + |
235 | + * No-change rebuild with new libnfsidmap from src:nfs-utils |
236 | + |
237 | + -- Andreas Hasenack <andreas@canonical.com> Thu, 17 Feb 2022 10:57:41 -0300 |
238 | + |
239 | +sssd (2.6.3-1ubuntu1) jammy; urgency=medium |
240 | + |
241 | + * Merge with Debian unstable (LP: #1946904). Remaining changes: |
242 | + - d/rules: Disable lto, not ready upstream. |
243 | + - d/control: Drop libgdm-dev Build-Depend on i386. |
244 | + - d/control: Don't build sssd-tools on i386, now uninstallable due |
245 | + to added python3-{click,systemd} dependencies. |
246 | + * Dropped changes, picked by Debian: |
247 | + - Remove RANDFILE from the config template. It's no longer necessary and |
248 | + breaks with openssl 3.0. |
249 | + |
250 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 14 Feb 2022 16:21:21 -0500 |
251 | + |
252 | sssd (2.6.3-1) unstable; urgency=medium |
253 | |
254 | * New upstream release. |
255 | @@ -190,6 +350,40 @@ sssd (2.6.3-1) unstable; urgency=medium |
256 | |
257 | -- Timo Aaltonen <tjaalton@debian.org> Fri, 11 Feb 2022 09:35:43 +0200 |
258 | |
259 | +sssd (2.6.1-1ubuntu4) jammy; urgency=medium |
260 | + |
261 | + * No-change rebuild with Python 3.10 as default version |
262 | + |
263 | + -- Graham Inggs <ginggs@ubuntu.com> Sun, 16 Jan 2022 15:13:06 +0000 |
264 | + |
265 | +sssd (2.6.1-1ubuntu3) jammy; urgency=medium |
266 | + |
267 | + * Remember how architecture lists in debian/control work. |
268 | + |
269 | + -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 17 Dec 2021 23:12:51 +0000 |
270 | + |
271 | +sssd (2.6.1-1ubuntu2) jammy; urgency=medium |
272 | + |
273 | + * Don't build sssd-tools on i386, now uninstallable due to added |
274 | + python3-{click,systemd} dependencies. |
275 | + |
276 | + -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 17 Dec 2021 21:50:00 +0000 |
277 | + |
278 | +sssd (2.6.1-1ubuntu1) jammy; urgency=low |
279 | + |
280 | + * Merge from Debian unstable. Remaining changes: |
281 | + - Disable lto, not ready upstream. |
282 | + - d/control: Drop libgdm-dev Build-Depend on i386. |
283 | + - Remove RANDFILE from the config template. It's no longer necessary and |
284 | + breaks with openssl 3.0. |
285 | + * Dropped changes, included upstream: |
286 | + - d/p/fix-python-tests.patch: Fix Python tests by making them |
287 | + assert Python module paths by using full pathnames. |
288 | + * Dropped changes, included in Debian: |
289 | + - debian/control: Switch to libsemanage-dev from libsemanage1-dev |
290 | + |
291 | + -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 10 Dec 2021 10:29:16 -0800 |
292 | + |
293 | sssd (2.6.1-1) unstable; urgency=medium |
294 | |
295 | * New upstream release. |
296 | @@ -206,6 +400,54 @@ sssd (2.5.2-5) unstable; urgency=medium |
297 | |
298 | -- Timo Aaltonen <tjaalton@debian.org> Mon, 08 Nov 2021 21:17:29 +0200 |
299 | |
300 | +sssd (2.5.2-4ubuntu4) jammy; urgency=medium |
301 | + |
302 | + * No-change rebuild against libssl3 |
303 | + |
304 | + -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 09 Dec 2021 00:19:23 +0000 |
305 | + |
306 | +sssd (2.5.2-4ubuntu3) jammy; urgency=medium |
307 | + |
308 | + * Remove RANDFILE from the config template. It's no longer necessary and |
309 | + breaks with openssl 3.0. |
310 | + |
311 | + -- Rico Tzschichholz <ricotz@ubuntu.com> Tue, 23 Nov 2021 20:19:07 +0100 |
312 | + |
313 | +sssd (2.5.2-4ubuntu2) jammy; urgency=medium |
314 | + |
315 | + * debian/control: Switch to libsemanage-dev from libsemanage1-dev |
316 | + |
317 | + -- Rico Tzschichholz <ricotz@ubuntu.com> Mon, 22 Nov 2021 20:51:36 +0100 |
318 | + |
319 | +sssd (2.5.2-4ubuntu1) jammy; urgency=medium |
320 | + |
321 | + * Merge with Debian unstable (LP: #1946904). Remaining changes: |
322 | + - Disable lto, not ready upstream. |
323 | + - d/control: Drop libgdm-dev Build-Depend on i386. |
324 | + - d/p/fix-python-tests.patch: Fix Python tests by making them |
325 | + assert Python module paths by using full pathnames. |
326 | + * Dropped changes: |
327 | + - d/apparmor-profile: Update profile. (LP #1910611) |
328 | + + Extend read permissions to /etc/sssd/** and /etc/gss/**. |
329 | + + Add read/execute permission to /usr/libexec/sssd/*. |
330 | + [ Incorporated by Debian. ] |
331 | + - Fix FTBFS with newer autoconf |
332 | + + debian/patches/fix_newer_autoconf.patch: do not unset PYTHON_PREFIX |
333 | + and PYTHON_EXEC_PREFIX in src/external/python.m4. |
334 | + [ Incorporated by Debian. ] |
335 | + - SECURITY UPDATE: shell command injection in sssctl comment |
336 | + + debian/patches/CVE-2021-3621.patch: replace system() with execvp() to |
337 | + avoid execution of user supplied command in |
338 | + src/tools/sssctl/sssctl.c, src/tools/sssctl/sssctl.h, |
339 | + src/tools/sssctl/sssctl_data.c, src/tools/sssctl/sssctl_logs.c. |
340 | + + CVE-2021-3621 |
341 | + [ Incorporated by Debian. ] |
342 | + - d/p/disable-fail_over-tests.patch: Disable fail_over-tests, |
343 | + which is failing when running inside sbuild. |
344 | + [ Not needed anymore; issue does not reproduce on Jammy. ] |
345 | + |
346 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Wed, 27 Oct 2021 20:16:31 -0400 |
347 | + |
348 | sssd (2.5.2-4) unstable; urgency=medium |
349 | |
350 | * control: Promote libnss-sss and libpam-sss to sssd-common Depends. |
351 | @@ -248,6 +490,63 @@ sssd (2.5.2-1) unstable; urgency=medium |
352 | |
353 | -- Timo Aaltonen <tjaalton@debian.org> Thu, 16 Sep 2021 14:51:42 +0300 |
354 | |
355 | +sssd (2.4.1-2ubuntu4) impish; urgency=medium |
356 | + |
357 | + * Fix FTBFS with newer autoconf |
358 | + - debian/patches/fix_newer_autoconf.patch: do not unset PYTHON_PREFIX |
359 | + and PYTHON_EXEC_PREFIX in src/external/python.m4. |
360 | + |
361 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 08 Sep 2021 11:39:53 -0400 |
362 | + |
363 | +sssd (2.4.1-2ubuntu3) impish; urgency=medium |
364 | + |
365 | + * SECURITY UPDATE: shell command injection in sssctl comment |
366 | + - debian/patches/CVE-2021-3621.patch: replace system() with execvp() to |
367 | + avoid execution of user supplied command in |
368 | + src/tools/sssctl/sssctl.c, src/tools/sssctl/sssctl.h, |
369 | + src/tools/sssctl/sssctl_data.c, src/tools/sssctl/sssctl_logs.c. |
370 | + - CVE-2021-3621 |
371 | + |
372 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 18 Aug 2021 08:13:38 -0400 |
373 | + |
374 | +sssd (2.4.1-2ubuntu2) impish; urgency=medium |
375 | + |
376 | + * No-change rebuild due to OpenLDAP soname bump. |
377 | + |
378 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 21 Jun 2021 18:09:16 -0400 |
379 | + |
380 | +sssd (2.4.1-2ubuntu1) impish; urgency=medium |
381 | + |
382 | + * Merge with Debian unstable. Remaining changes: |
383 | + - d/apparmor-profile: Update profile. (LP #1910611) |
384 | + + Extend read permissions to /etc/sssd/** and /etc/gss/**. |
385 | + + Add read/execute permission to /usr/libexec/sssd/*. |
386 | + - Disable lto, not ready upstream. |
387 | + - d/control: Drop libgdm-dev Build-Depend on i386. |
388 | + * Dropped changes: |
389 | + - d/p/condition-path-exists-sssd-conf.patch: Only start |
390 | + sssd.service if there is a configuration file present. |
391 | + (LP: #1900642) |
392 | + [ Included in 2.4.1-2 ] |
393 | + - d/p/0003-Only-start-sssd.service-if-there-s-a-configuration-f.patch: |
394 | + Upstream patch to make sssd.service only able to start when there |
395 | + is a configuration file present. (LP #1900642) |
396 | + - d/p/condition-path-exists-sssd-conf.patch: Remove. |
397 | + [ Included in 2.4.1-2 ] |
398 | + - Avoid sending malformed SYSLOG_IDENTIFIER to journald (LP #1908065): |
399 | + + d/p/lp-1908065-01-syslog_identifier-format.patch: |
400 | + Upstream patch to include "sssd[]" identifier in program names. |
401 | + + d/p/lp-1908065-02-remove-syslog_identifier.patch: |
402 | + Upstream patch to remove custom SYSLOG_IDENTIFIER from Journald. |
403 | + [ Included in 2.4.1-2 ] |
404 | + * Added changes: |
405 | + - d/p/fix-python-tests.patch: Fix Python tests by making them |
406 | + assert Python module paths by using full pathnames. |
407 | + - d/p/disable-fail_over-tests.patch: Disable fail_over-tests, |
408 | + which is failing when running inside sbuild. |
409 | + |
410 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 18 May 2021 17:29:58 -0400 |
411 | + |
412 | sssd (2.4.1-2) unstable; urgency=medium |
413 | |
414 | [ Marco Trevisan (Treviño) ] |
415 | @@ -273,6 +572,59 @@ sssd (2.4.1-1) unstable; urgency=medium |
416 | |
417 | -- Timo Aaltonen <tjaalton@debian.org> Wed, 10 Feb 2021 11:32:35 +0200 |
418 | |
419 | +sssd (2.4.0-1ubuntu7) impish; urgency=medium |
420 | + |
421 | + * d/control: Drop libgdm-dev Build-Depend on i386. |
422 | + |
423 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 11 May 2021 16:22:31 -0400 |
424 | + |
425 | +sssd (2.4.0-1ubuntu6) hirsute; urgency=medium |
426 | + |
427 | + * Disable lto, not ready upstream. |
428 | + |
429 | + -- Matthias Klose <doko@ubuntu.com> Tue, 23 Mar 2021 13:18:53 +0100 |
430 | + |
431 | +sssd (2.4.0-1ubuntu5) hirsute; urgency=medium |
432 | + |
433 | + * No change rebuild with fixed ownership. |
434 | + |
435 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 16 Feb 2021 15:22:14 +0000 |
436 | + |
437 | +sssd (2.4.0-1ubuntu4) hirsute; urgency=medium |
438 | + |
439 | + * Avoid sending malformed SYSLOG_IDENTIFIER to journald (LP: #1908065): |
440 | + - d/p/lp-1908065-01-syslog_identifier-format.patch: |
441 | + Upstream patch to include "sssd[]" identifier in program names. |
442 | + - d/p/lp-1908065-02-remove-syslog_identifier.patch: |
443 | + Upstream patch to remove custom SYSLOG_IDENTIFIER from Journald. |
444 | + |
445 | + -- Valters Jansons <valter.jansons@gmail.com> Fri, 05 Feb 2021 20:51:32 +0000 |
446 | + |
447 | +sssd (2.4.0-1ubuntu3) hirsute; urgency=medium |
448 | + |
449 | + * d/apparmor-profile: Update profile. (LP: #1910611) |
450 | + - Extend read permissions to /etc/sssd/conf.d/* and /etc/gss/mech.d/*. |
451 | + - Add read/execute permission to /usr/libexec/sssd/*. |
452 | + |
453 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 18 Jan 2021 16:57:21 -0500 |
454 | + |
455 | +sssd (2.4.0-1ubuntu2) hirsute; urgency=medium |
456 | + |
457 | + * d/p/0003-Only-start-sssd.service-if-there-s-a-configuration-f.patch: |
458 | + Upstream patch to make sssd.service only able to start when there |
459 | + is a configuration file present. (LP: #1900642) |
460 | + * d/p/condition-path-exists-sssd-conf.patch: Remove. |
461 | + |
462 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 12 Jan 2021 16:17:38 -0500 |
463 | + |
464 | +sssd (2.4.0-1ubuntu1) hirsute; urgency=medium |
465 | + |
466 | + * d/p/condition-path-exists-sssd-conf.patch: Only start |
467 | + sssd.service if there is a configuration file present. |
468 | + (LP: #1900642) |
469 | + |
470 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Thu, 10 Dec 2020 14:20:24 -0500 |
471 | + |
472 | sssd (2.4.0-1) unstable; urgency=medium |
473 | |
474 | * New upstream release. |
475 | @@ -1342,3 +1694,4 @@ sssd (0.5.0-0ubuntu1) karmic; urgency=low |
476 | * Initial release. |
477 | |
478 | -- Mathias Gug <mathiaz@ubuntu.com> Mon, 24 Aug 2009 16:35:11 -0400 |
479 | + |
480 | diff --git a/debian/control b/debian/control |
481 | index 3b3a54c..3fa7133 100644 |
482 | --- a/debian/control |
483 | +++ b/debian/control |
484 | @@ -1,7 +1,8 @@ |
485 | Source: sssd |
486 | Section: utils |
487 | Priority: optional |
488 | -Maintainer: Debian SSSD Team <pkg-sssd-devel@alioth-lists.debian.net> |
489 | +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> |
490 | +XSBC-Original-Maintainer: Debian SSSD Team <pkg-sssd-devel@alioth-lists.debian.net> |
491 | Uploaders: Timo Aaltonen <tjaalton@debian.org>, |
492 | Dominik George <natureshadow@debian.org> |
493 | Build-Depends: |
494 | @@ -29,7 +30,7 @@ Build-Depends: |
495 | libdbus-1-dev, |
496 | libdhash-dev, |
497 | libfido2-dev, |
498 | - libgdm-dev [!s390x !kfreebsd-any !hurd-any], |
499 | + libgdm-dev [!s390x !kfreebsd-any !hurd-any !i386], |
500 | libglib2.0-dev, |
501 | libini-config-dev, |
502 | libjansson-dev, |
503 | @@ -240,7 +241,7 @@ Description: System Security Services Daemon -- proxy back end |
504 | PAM modules to leverage SSSD caching. |
505 | |
506 | Package: sssd-tools |
507 | -Architecture: any |
508 | +Architecture: amd64 arm64 armhf ppc64el riscv64 s390x |
509 | Depends: |
510 | python3, |
511 | python3-sss, |
512 | diff --git a/debian/tests/control b/debian/tests/control |
513 | index 601165e..0d94a73 100644 |
514 | --- a/debian/tests/control |
515 | +++ b/debian/tests/control |
516 | @@ -6,9 +6,7 @@ Tests: ldap-user-group-krb5-auth |
517 | Depends: @, slapd, ldap-utils, openssl, expect, lsb-release, krb5-user, krb5-admin-server, krb5-kdc |
518 | Restrictions: isolation-container, needs-root, allow-stderr |
519 | |
520 | -Test-Command: sudo |
521 | - bash debian/tests/sssd-softhism2-certificates-tests.sh |
522 | -Features: test-name=sssd-softhism2-certificates-tests |
523 | +Tests: sssd-softhism2-certificates-tests.sh |
524 | Depends: bash, |
525 | gnutls-bin, |
526 | openssl, |
527 | @@ -16,10 +14,10 @@ Depends: bash, |
528 | softhsm2, |
529 | sssd, |
530 | util-linux |
531 | -Restrictions: needs-sudo, |
532 | +Restrictions: needs-root, |
533 | allow-stderr |
534 | |
535 | -Test-Command: sudo env |
536 | +Test-Command: env |
537 | OFFLINE_MODE=1 |
538 | bash debian/tests/sssd-smart-card-pam-auth-configs-tester.sh |
539 | Features: test-name=sssd-smart-card-pam-auth-configs |
540 | @@ -34,6 +32,6 @@ Depends: bash, |
541 | util-linux |
542 | Restrictions: breaks-testbed, |
543 | isolation-container, |
544 | - needs-sudo, |
545 | + needs-root, |
546 | allow-stderr |
547 | |
548 | diff --git a/debian/tests/sssd-smart-card-pam-auth-configs-tester.sh b/debian/tests/sssd-smart-card-pam-auth-configs-tester.sh |
549 | index fde2e2b..12351cf 100644 |
550 | --- a/debian/tests/sssd-smart-card-pam-auth-configs-tester.sh |
551 | +++ b/debian/tests/sssd-smart-card-pam-auth-configs-tester.sh |
552 | @@ -13,6 +13,12 @@ set -xe |
553 | |
554 | export DEBIAN_FRONTEND=noninteractive |
555 | |
556 | +if [ -z "${AUTOPKGTEST_NORMAL_USER}" ]; then |
557 | + adduser --quiet --disable-password _sssduser |
558 | + AUTOPKGTEST_NORMAL_USER="_sssduser" |
559 | +fi |
560 | +SUDO_USER="${AUTOPKGTEST_NORMAL_USER}" |
561 | + |
562 | required_tools=( |
563 | pamtester # debian package: pamtester |
564 | softhsm2-util # debian package: softhsm2 |
565 | diff --git a/debian/tests/sssd-softhism2-certificates-tests.sh b/debian/tests/sssd-softhism2-certificates-tests.sh |
566 | index 2f37167..df61c44 100644 |
567 | --- a/debian/tests/sssd-softhism2-certificates-tests.sh |
568 | +++ b/debian/tests/sssd-softhism2-certificates-tests.sh |
569 | @@ -7,6 +7,12 @@ |
570 | # Used to verify p11_child usage in SSSD. |
571 | set -xe |
572 | |
573 | +if [ -z "${AUTOPKGTEST_NORMAL_USER}" ]; then |
574 | + adduser --quiet --disable-password _sssduser |
575 | + AUTOPKGTEST_NORMAL_USER="_sssduser" |
576 | +fi |
577 | +SUDO_USER="${AUTOPKGTEST_NORMAL_USER}" |
578 | + |
579 | required_tools=( |
580 | p11tool # debian package: gnutls-bin |
581 | openssl # debian package: openssl |
This is now ready to be reviewed.