Sync sssd 1.2.1-4 (universe) from Debian unstable (main)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sssd (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
Please sync sssd 1.2.1-4 (universe) from Debian unstable (main)
Changelog entries since current maverick version 1.2.1-1:
sssd (1.2.1-4) unstable; urgency=low
* Add patch from Stephen Gallagher to ensure LDAP authentication
never accept a zero length password (Closes: #594413). Solves
CVE-2010-2940.
-- Petter Reinholdtsen <email address hidden> Wed, 25 Aug 2010 22:33:40 +0200
sssd (1.2.1-3) unstable; urgency=low
[ Petter Reinholdtsen ]
* Look for /etc/default/sssd, not /etc/defaults/sssd in init.d
script (Closes: #588252).
* Make sssd.conf generation more robust, and make sure missing SRV
records are ignored and not handled as host names.
* Add code in generate-config to look up Kerberos realm using
_kerberos TXT record in DNS if it exist.
* Recommend bind9-host used by generate-config for SRV and TXT
lookups.
[ Morten Werner Forsbring ]
* Check if /etc/default/sssd is a file and executable, not a directory,
before sourcing in init-script. Thanks to lintian.
-- Morten Werner Forsbring <email address hidden> Thu, 12 Aug 2010 16:31:14 +0200
sssd (1.2.1-2) unstable; urgency=low
* Make sure init.d script sources /etc/default/sssd (Closes: #588252).
* Drop /etc/default/sssd from package, to avoid conffile question
from dpkg during upgrades.
* Make sure to only remove obsolete sssd conffiles on upgrades, not
on first time installation.
* Add new script generate-config and call it from the sssd postinst
during first time installation to try to generate the sssd.conf
file dynamically for LDAP and Kerberos using DNS entries, and fall
back to the static example configuration if this fail.
* Let sssd suggest libnss-sss and libpam-sss, to make those
installing sssd aware of the other packages.
* Add netgroup to nsswitch.conf entries added at first time
installation, to make sure those installing now get working
netgroups when sssd get netgroup support
* Let sssd recommend ldap-utils as ldapsearch is used for generating
the configuration.
-- Petter Reinholdtsen <email address hidden> Fri, 06 Aug 2010 23:44:26 +0200
CVE References
Changed in sssd (Ubuntu): | |
importance: | Undecided → Wishlist |
status: | New → Confirmed |
Changed in sssd (Ubuntu): | |
status: | Confirmed → Fix Committed |
This bug was fixed in the package sssd - 1.2.1-4
---------------
sssd (1.2.1-4) unstable; urgency=low
* Add patch from Stephen Gallagher to ensure LDAP authentication
never accept a zero length password (Closes: #594413). Solves
CVE-2010-2940.
sssd (1.2.1-3) unstable; urgency=low
[ Petter Reinholdtsen ]
* Look for /etc/default/sssd, not /etc/defaults/sssd in init.d
script (Closes: #588252).
* Make sssd.conf generation more robust, and make sure missing SRV
records are ignored and not handled as host names.
* Add code in generate-config to look up Kerberos realm using
_kerberos TXT record in DNS if it exist.
* Recommend bind9-host used by generate-config for SRV and TXT
lookups.
[ Morten Werner Forsbring ]
* Check if /etc/default/sssd is a file and executable, not a directory,
before sourcing in init-script. Thanks to lintian.
sssd (1.2.1-2) unstable; urgency=low
* Make sure init.d script sources /etc/default/sssd (Closes: #588252).
* Drop /etc/default/sssd from package, to avoid conffile question
from dpkg during upgrades.
* Make sure to only remove obsolete sssd conffiles on upgrades, not
on first time installation.
* Add new script generate-config and call it from the sssd postinst
during first time installation to try to generate the sssd.conf
file dynamically for LDAP and Kerberos using DNS entries, and fall
back to the static example configuration if this fail.
* Let sssd suggest libnss-sss and libpam-sss, to make those
installing sssd aware of the other packages.
* Add netgroup to nsswitch.conf entries added at first time
installation, to make sure those installing now get working
netgroups when sssd get netgroup support
* Let sssd recommend ldap-utils as ldapsearch is used for generating
the configuration.
-- Michael Bienia <email address hidden> Wed, 25 Aug 2010 22:33:40 +0200