* Merge from Debian git, remaining changes:
- control, rules: Drop libsemanage-dev from build-depends, it's not
in main. Configure --with-semanage=no.
sssd (1.8.3-1) UNRELEASED; urgency=low
* New upstream bugfix release 1.8.2.
- Several fixes to case-insensitive domain functions
- Fix for GSSAPI binds when the keytab contains unrelated
principals
- Fixed several segfaults
- Workarounds added for LDAP servers with unreadable RootDSE
- SSH knownhostproxy will no longer enter an infinite loop
preventing login
- The provided SYSV init script now starts SSSD earlier at startup
and stops it later during shutdown
- Assorted minor fixes for issues discovered by static analysis
tools
* New upstream bugfix release 1.8.3.
- Numerous manpage and translation updates
- LDAP: Handle situations where the RootDSE isn't available anonymously
- LDAP: Fix regression for users using non-standard LDAP attributes for
user information
* control: Move the dependency of libsasl2-modules-gssapi-mit to
Recommends.
* control: sssd works with Heimdal gssapi modules too, add
libsasl2-modules-gssapi-mit as an option for the Recommends.
(LP: #966146)
* libpam-sss.pam-auth-update:
- Drop the dependency to 128, since pam_sss should always be below
pam_unix. (LP: #957486)
- Drop 'use_authtok' from the password stack, since it only works when
pam_cracklib is installed. This will allow password changes on the
default install.
* sssd.postrm: Try to remove /etc/sssd only if it exists.
(Closes: #666226)
* Add disabled by default Apparmor profile (LP: #933342)
- debian/sssd.upstart.in: load the profile during pre-start
- add debian/apparmor-profile, install to /etc/apparmor.d
- debian/rules: use dh_apparmor to install profile before sssd is
restarted
- debian/control: sssd Suggests apparmor (>= 2.3)
- debian/control: Add dh-apparmor to build-depends
- debian/sssd.preinst: disable profile on clean install or upgrades
from earlier than when we shipped the profile
* rules: Mangle the date stamp on pam_sss.8 so that the compressed file is
identical across all archs. (Closes: #670019)
* control: Add build-depends on libnl-dev to enable Netlink support.
* control: Add build-depends on libkeyutil-dev to enable support for
kernel keyring manipulation.
* sssd.logrotate: Rotate logs weekly, keep four previous rotations.
(Closes: #672984)
* Pull patches from the stable branch to fix an issue that results in broken
credential cache (LP: #985031)
- patches/fix-upstream-1298.diff
If canon'ing principals, write ccache with updated default principal
- patches/fix-upstream-1297.diff
Limit krb5_get_init_creds_keytab() to etypes in keytab
- patches/fix-upstream-1330.diff
KRB5: Avoid NULL-dereference with empty keytab
* patches/fix-upstream-1343.diff
- LDAP nested groups: Do not process callback with _post deep in the nested
structure (LP: #981125)
* sssd.upstart.in: Delete an invisible control character from the pre-start
script. (LP: #1003845)
-- Timo Aaltonen <email address hidden> Thu, 24 May 2012 14:02:36 +0300
This bug was fixed in the package sssd - 1.8.3-0ubuntu1
---------------
sssd (1.8.3-0ubuntu1) quantal; urgency=low
* Merge from Debian git, remaining changes:
- control, rules: Drop libsemanage-dev from build-depends, it's not
in main. Configure --with-semanage=no.
sssd (1.8.3-1) UNRELEASED; urgency=low
* New upstream bugfix release 1.8.2. modules- gssapi- mit to modules- gssapi- mit as an option for the Recommends. sss.pam- auth-update: sssd.upstart. in: load the profile during pre-start apparmor- profile, install to /etc/apparmor.d sssd.preinst: disable profile on clean install or upgrades fix-upstream- 1298.diff fix-upstream- 1297.diff init_creds_ keytab( ) to etypes in keytab fix-upstream- 1330.diff fix-upstream- 1343.diff
- Several fixes to case-insensitive domain functions
- Fix for GSSAPI binds when the keytab contains unrelated
principals
- Fixed several segfaults
- Workarounds added for LDAP servers with unreadable RootDSE
- SSH knownhostproxy will no longer enter an infinite loop
preventing login
- The provided SYSV init script now starts SSSD earlier at startup
and stops it later during shutdown
- Assorted minor fixes for issues discovered by static analysis
tools
* New upstream bugfix release 1.8.3.
- Numerous manpage and translation updates
- LDAP: Handle situations where the RootDSE isn't available anonymously
- LDAP: Fix regression for users using non-standard LDAP attributes for
user information
* control: Move the dependency of libsasl2-
Recommends.
* control: sssd works with Heimdal gssapi modules too, add
libsasl2-
(LP: #966146)
* libpam-
- Drop the dependency to 128, since pam_sss should always be below
pam_unix. (LP: #957486)
- Drop 'use_authtok' from the password stack, since it only works when
pam_cracklib is installed. This will allow password changes on the
default install.
* sssd.postrm: Try to remove /etc/sssd only if it exists.
(Closes: #666226)
* Add disabled by default Apparmor profile (LP: #933342)
- debian/
- add debian/
- debian/rules: use dh_apparmor to install profile before sssd is
restarted
- debian/control: sssd Suggests apparmor (>= 2.3)
- debian/control: Add dh-apparmor to build-depends
- debian/
from earlier than when we shipped the profile
* rules: Mangle the date stamp on pam_sss.8 so that the compressed file is
identical across all archs. (Closes: #670019)
* control: Add build-depends on libnl-dev to enable Netlink support.
* control: Add build-depends on libkeyutil-dev to enable support for
kernel keyring manipulation.
* sssd.logrotate: Rotate logs weekly, keep four previous rotations.
(Closes: #672984)
* Pull patches from the stable branch to fix an issue that results in broken
credential cache (LP: #985031)
- patches/
If canon'ing principals, write ccache with updated default principal
- patches/
Limit krb5_get_
- patches/
KRB5: Avoid NULL-dereference with empty keytab
* patches/
- LDAP nested groups: Do not process callback with _post deep in the nested
structure (LP: #981125)
* sssd.upstart.in: Delete an invisible control character from the pre-start
script. (LP: #1003845)
-- Timo Aaltonen <email address hidden> Thu, 24 May 2012 14:02:36 +0300