Merge sssd from Debian unstable for 22.04
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sssd (Ubuntu) |
Fix Released
|
Undecided
|
Sergio Durigan Junior |
Bug Description
Upstream: tbd
Debian: 2.5.2-4
Ubuntu: 2.4.1-2ubuntu4
Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle.
### New Debian Changes ###
sssd (2.5.2-4) unstable; urgency=medium
* control: Promote libnss-sss and libpam-sss to sssd-common Depends.
(Closes: #995730)
* common: Drop old Breaks/Replaces.
-- Timo Aaltonen <email address hidden> Mon, 11 Oct 2021 17:46:04 +0300
sssd (2.5.2-3) unstable; urgency=medium
* rules: Explicitly set sssd-user as root.
* install: Add sssd-pcsc.rules to -common.
* postinst: Correct file/dir permissions and ownership when the daemon
is run as root. (Closes: #994807)
* 0001-ad-
libldap is built without LDAP_CONNECTION
(Closes: #994879)
-- Timo Aaltonen <email address hidden> Wed, 22 Sep 2021 18:54:07 +0300
sssd (2.5.2-2) unstable; urgency=medium
* rules: Disable tests for now. (Closes: #994479)
-- Timo Aaltonen <email address hidden> Mon, 20 Sep 2021 17:38:19 +0300
sssd (2.5.2-1) unstable; urgency=medium
[ Sergio Durigan Junior ]
* d/apparmor-profile: Update profile:
- Extend read permissions to /etc/sssd/conf.d/* and /etc/gss/mech.d/*.
- Add read/execute permission to /usr/libexec/
[ Timo Aaltonen ]
* New upstream release. (Closes: #978904, #992815, #983795)
* fix-whitespace-
* control, rules: Drop libwbclient-sssd-*, support for it was dropped upstream.
* fix_newer_
* patches: Fix CVE-2021-3621. (Closes: #992710)
-- Timo Aaltonen <email address hidden> Thu, 16 Sep 2021 14:51:42 +0300
sssd (2.4.1-2) unstable; urgency=medium
[ Marco Trevisan (Treviño) ]
* debian/control: Mark test packages as <!nocheck>
- Add missing test dependencies
- Enable libcmocka (and so unit tests) all the archs
* debian/rules:
- Don't run tests if nocheck is set
- Enable tests again
* debian/patches:
- Get libsofthsm2 from right path for each architecture
[ Timo Aaltonen ]
* test_ca-
Dropped, upstream.
-- Timo Aaltonen <email address hidden> Wed, 10 Feb 2021 13:49:04 +0200
sssd (2.4.1-1) unstable; urgency=medium
* New upstream release.
* libpam-sss.install: Add pam_sss_gss.
-- Timo Aaltonen <email address hidden> Wed, 10 Feb 2021 11:32:35 +0200
sssd (2.4.0-1) unstable; urgency=medium
* New upstream release.
* source: Update diff-ignore.
-- Timo Aaltonen <email address hidden> Tue, 08 Dec 2020 22:36:54 +0200
sssd (2.3.1-3) unstable; urgency=medium
* control: Move libsss-sudo to sssd-common Suggests. (LP: #1249777)
-- Timo Aaltonen <email address hidden> Tue, 06 Oct 2020 15:56:19 +0300
sssd (2.3.1-2) unstable; urgency=medium
* control: Add sssd-dbus to sssd-tools Recommends. (LP: #1895645)
-- Timo Aaltonen <email address hidden> Thu, 17 Sep 2020 14:15:03 +0300
sssd (2.3.1-1) unstable; urgency=medium
* New upstream release. (Closes: #965307, #965143)
* source: Extend diff-ignore.
* rules: Set --with-libwbclient.
* control: Add libsofthsm2 to build-depends for tests.
-- Timo Aaltonen <email address hidden> Tue, 28 Jul 2020 17:14:55 +0300
sssd (2.3.0-2) unstable; urgency=medium
* rules: Drop quilt, autoreconf from dh.
-- Timo Aaltonen <email address hidden> Mon, 13 Jul 2020 15:49:20 +0300
### Old Ubuntu Delta ###
sssd (2.4.1-2ubuntu4) impish; urgency=medium
* Fix FTBFS with newer autoconf
- debian/
and PYTHON_EXEC_PREFIX in src/external/
-- Marc Deslauriers <email address hidden> Wed, 08 Sep 2021 11:39:53 -0400
sssd (2.4.1-2ubuntu3) impish; urgency=medium
* SECURITY UPDATE: shell command injection in sssctl comment
- debian/
avoid execution of user supplied command in
src/
src/
- CVE-2021-3621
-- Marc Deslauriers <email address hidden> Wed, 18 Aug 2021 08:13:38 -0400
sssd (2.4.1-2ubuntu2) impish; urgency=medium
* No-change rebuild due to OpenLDAP soname bump.
-- Sergio Durigan Junior <email address hidden> Mon, 21 Jun 2021 18:09:16 -0400
sssd (2.4.1-2ubuntu1) impish; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/apparmor-profile: Update profile. (LP #1910611)
+ Extend read permissions to /etc/sssd/** and /etc/gss/**.
+ Add read/execute permission to /usr/libexec/
- Disable lto, not ready upstream.
- d/control: Drop libgdm-dev Build-Depend on i386.
* Dropped changes:
- d/p/condition-
sssd.service if there is a configuration file present.
(LP: #1900642)
[ Included in 2.4.1-2 ]
- d/p/0003-
Upstream patch to make sssd.service only able to start when there
is a configuration file present. (LP #1900642)
- d/p/condition-
[ Included in 2.4.1-2 ]
- Avoid sending malformed SYSLOG_IDENTIFIER to journald (LP #1908065):
+ d/p/lp-
Upstream patch to include 'sssd[]' identifier in program names.
+ d/p/lp-
Upstream patch to remove custom SYSLOG_IDENTIFIER from Journald.
[ Included in 2.4.1-2 ]
* Added changes:
- d/p/fix-
assert Python module paths by using full pathnames.
- d/p/disable-
which is failing when running inside sbuild.
-- Sergio Durigan Junior <email address hidden> Tue, 18 May 2021 17:29:58 -0400
CVE References
Changed in sssd (Ubuntu): | |
assignee: | nobody → Sergio Durigan Junior (sergiodj) |
description: | updated |
Changed in sssd (Ubuntu): | |
milestone: | none → ubuntu-22.01 |
Changed in sssd (Ubuntu): | |
status: | Incomplete → In Progress |
Changed in sssd (Ubuntu): | |
status: | In Progress → Fix Released |
This bug was fixed in the package sssd - 2.5.2-4ubuntu1
---------------
sssd (2.5.2-4ubuntu1) jammy; urgency=medium
* Merge with Debian unstable (LP: #1946904). Remaining changes: python- tests.patch: Fix Python tests by making them sssd/*. patches/ fix_newer_ autoconf. patch: do not unset PYTHON_PREFIX python. m4. patches/ CVE-2021- 3621.patch: replace system() with execvp() to
src/tools/ sssctl/ sssctl. c, src/tools/ sssctl/ sssctl. h,
src/tools/ sssctl/ sssctl_ data.c, src/tools/ sssctl/ sssctl_ logs.c. fail_over- tests.patch: Disable fail_over-tests,
- Disable lto, not ready upstream.
- d/control: Drop libgdm-dev Build-Depend on i386.
- d/p/fix-
assert Python module paths by using full pathnames.
* Dropped changes:
- d/apparmor-profile: Update profile. (LP #1910611)
+ Extend read permissions to /etc/sssd/** and /etc/gss/**.
+ Add read/execute permission to /usr/libexec/
[ Incorporated by Debian. ]
- Fix FTBFS with newer autoconf
+ debian/
and PYTHON_EXEC_PREFIX in src/external/
[ Incorporated by Debian. ]
- SECURITY UPDATE: shell command injection in sssctl comment
+ debian/
avoid execution of user supplied command in
+ CVE-2021-3621
[ Incorporated by Debian. ]
- d/p/disable-
which is failing when running inside sbuild.
[ Not needed anymore; issue does not reproduce on Jammy. ]
-- Sergio Durigan Junior <email address hidden> Wed, 27 Oct 2021 20:16:31 -0400