Merge sssd from Debian unstable for 22.04

Upstream: tbd
Debian: 2.5.2-4
Ubuntu: 2.4.1-2ubuntu4

Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle.

### New Debian Changes ###

sssd (2.5.2-4) unstable; urgency=medium

  * control: Promote libnss-sss and libpam-sss to sssd-common Depends.
    (Closes: #995730)
  * common: Drop old Breaks/Replaces.

 -- Timo Aaltonen <email address hidden> Mon, 11 Oct 2021 17:46:04 +0300

sssd (2.5.2-3) unstable; urgency=medium

  * rules: Explicitly set sssd-user as root.
  * install: Add sssd-pcsc.rules to -common.
  * postinst: Correct file/dir permissions and ownership when the daemon
    is run as root. (Closes: #994807)
  * 0001-ad-fallback-to-ldap-if-cldap-is-not-available-in-lib.patch: Our
    libldap is built without LDAP_CONNECTIONLESS, cope with that.
    (Closes: #994879)

 -- Timo Aaltonen <email address hidden> Wed, 22 Sep 2021 18:54:07 +0300

sssd (2.5.2-2) unstable; urgency=medium

  * rules: Disable tests for now. (Closes: #994479)

 -- Timo Aaltonen <email address hidden> Mon, 20 Sep 2021 17:38:19 +0300

sssd (2.5.2-1) unstable; urgency=medium

  [ Sergio Durigan Junior ]
  * d/apparmor-profile: Update profile:
    - Extend read permissions to /etc/sssd/conf.d/* and /etc/gss/mech.d/*.
    - Add read/execute permission to /usr/libexec/sssd/*.

  [ Timo Aaltonen ]
  * New upstream release. (Closes: #978904, #992815, #983795)
  * fix-whitespace-test.diff: Refreshed.
  * control, rules: Drop libwbclient-sssd-*, support for it was dropped upstream.
  * fix_newer_autoconf.patch: Don't unset python prefix/exec-prefix.
  * patches: Fix CVE-2021-3621. (Closes: #992710)

 -- Timo Aaltonen <email address hidden> Thu, 16 Sep 2021 14:51:42 +0300

sssd (2.4.1-2) unstable; urgency=medium

  [ Marco Trevisan (Treviño) ]
  * debian/control: Mark test packages as <!nocheck>
    - Add missing test dependencies
    - Enable libcmocka (and so unit tests) all the archs
  * debian/rules:
    - Don't run tests if nocheck is set
    - Enable tests again
  * debian/patches:
    - Get libsofthsm2 from right path for each architecture

  [ Timo Aaltonen ]
  * test_ca-Look-for-libsofthsm2-in-libdir-before-falling-bac.patch:
    Dropped, upstream.

 -- Timo Aaltonen <email address hidden> Wed, 10 Feb 2021 13:49:04 +0200

sssd (2.4.1-1) unstable; urgency=medium

  * New upstream release.
  * libpam-sss.install: Add pam_sss_gss.

 -- Timo Aaltonen <email address hidden> Wed, 10 Feb 2021 11:32:35 +0200

sssd (2.4.0-1) unstable; urgency=medium

  * New upstream release.
  * source: Update diff-ignore.

 -- Timo Aaltonen <email address hidden> Tue, 08 Dec 2020 22:36:54 +0200

sssd (2.3.1-3) unstable; urgency=medium

  * control: Move libsss-sudo to sssd-common Suggests. (LP: #1249777)

 -- Timo Aaltonen <email address hidden> Tue, 06 Oct 2020 15:56:19 +0300

sssd (2.3.1-2) unstable; urgency=medium

  * control: Add sssd-dbus to sssd-tools Recommends. (LP: #1895645)

 -- Timo Aaltonen <email address hidden> Thu, 17 Sep 2020 14:15:03 +0300

sssd (2.3.1-1) unstable; urgency=medium

  * New upstream release. (Closes: #965307, #965143)
  * source: Extend diff-ignore.
  * rules: Set --with-libwbclient.
  * control: Add libsofthsm2 to build-depends for tests.

 -- Timo Aaltonen <email address hidden> Tue, 28 Jul 2020 17:14:55 +0300

sssd (2.3.0-2) unstable; urgency=medium

  * rules: Drop quilt, autoreconf from dh.

 -- Timo Aaltonen <email address hidden> Mon, 13 Jul 2020 15:49:20 +0300

### Old Ubuntu Delta ###

sssd (2.4.1-2ubuntu4) impish; urgency=medium

  * Fix FTBFS with newer autoconf
    - debian/patches/fix_newer_autoconf.patch: do not unset PYTHON_PREFIX
      and PYTHON_EXEC_PREFIX in src/external/python.m4.

 -- Marc Deslauriers <email address hidden> Wed, 08 Sep 2021 11:39:53 -0400

sssd (2.4.1-2ubuntu3) impish; urgency=medium

  * SECURITY UPDATE: shell command injection in sssctl comment
    - debian/patches/CVE-2021-3621.patch: replace system() with execvp() to
      avoid execution of user supplied command in
      src/tools/sssctl/sssctl.c, src/tools/sssctl/sssctl.h,
      src/tools/sssctl/sssctl_data.c, src/tools/sssctl/sssctl_logs.c.
    - CVE-2021-3621

 -- Marc Deslauriers <email address hidden> Wed, 18 Aug 2021 08:13:38 -0400

sssd (2.4.1-2ubuntu2) impish; urgency=medium

  * No-change rebuild due to OpenLDAP soname bump.

 -- Sergio Durigan Junior <email address hidden> Mon, 21 Jun 2021 18:09:16 -0400

sssd (2.4.1-2ubuntu1) impish; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - d/apparmor-profile: Update profile. (LP #1910611)
      + Extend read permissions to /etc/sssd/** and /etc/gss/**.
      + Add read/execute permission to /usr/libexec/sssd/*.
    - Disable lto, not ready upstream.
    - d/control: Drop libgdm-dev Build-Depend on i386.
  * Dropped changes:
    - d/p/condition-path-exists-sssd-conf.patch: Only start
      sssd.service if there is a configuration file present.
      (LP: #1900642)
      [ Included in 2.4.1-2 ]
    - d/p/0003-Only-start-sssd.service-if-there-s-a-configuration-f.patch:
      Upstream patch to make sssd.service only able to start when there
      is a configuration file present. (LP #1900642)
    - d/p/condition-path-exists-sssd-conf.patch: Remove.
      [ Included in 2.4.1-2 ]
    - Avoid sending malformed SYSLOG_IDENTIFIER to journald (LP #1908065):
      + d/p/lp-1908065-01-syslog_identifier-format.patch:
        Upstream patch to include 'sssd[]' identifier in program names.
      + d/p/lp-1908065-02-remove-syslog_identifier.patch:
        Upstream patch to remove custom SYSLOG_IDENTIFIER from Journald.
      [ Included in 2.4.1-2 ]
  * Added changes:
    - d/p/fix-python-tests.patch: Fix Python tests by making them
      assert Python module paths by using full pathnames.
    - d/p/disable-fail_over-tests.patch: Disable fail_over-tests,
      which is failing when running inside sbuild.

 -- Sergio Durigan Junior <email address hidden> Tue, 18 May 2021 17:29:58 -0400