* Merge with Debian unstable (LP: #1946904). Remaining changes:
- Disable lto, not ready upstream.
- d/control: Drop libgdm-dev Build-Depend on i386.
- d/p/fix-python-tests.patch: Fix Python tests by making them
assert Python module paths by using full pathnames.
* Dropped changes:
- d/apparmor-profile: Update profile. (LP #1910611)
+ Extend read permissions to /etc/sssd/** and /etc/gss/**.
+ Add read/execute permission to /usr/libexec/sssd/*.
[ Incorporated by Debian. ]
- Fix FTBFS with newer autoconf
+ debian/patches/fix_newer_autoconf.patch: do not unset PYTHON_PREFIX
and PYTHON_EXEC_PREFIX in src/external/python.m4.
[ Incorporated by Debian. ]
- SECURITY UPDATE: shell command injection in sssctl comment
+ debian/patches/CVE-2021-3621.patch: replace system() with execvp() to
avoid execution of user supplied command in src/tools/sssctl/sssctl.c, src/tools/sssctl/sssctl.h, src/tools/sssctl/sssctl_data.c, src/tools/sssctl/sssctl_logs.c.
+ CVE-2021-3621
[ Incorporated by Debian. ]
- d/p/disable-fail_over-tests.patch: Disable fail_over-tests,
which is failing when running inside sbuild.
[ Not needed anymore; issue does not reproduce on Jammy. ]
This bug was fixed in the package sssd - 2.5.2-4ubuntu1
---------------
sssd (2.5.2-4ubuntu1) jammy; urgency=medium
* Merge with Debian unstable (LP: #1946904). Remaining changes: python- tests.patch: Fix Python tests by making them sssd/*. patches/ fix_newer_ autoconf. patch: do not unset PYTHON_PREFIX python. m4. patches/ CVE-2021- 3621.patch: replace system() with execvp() to
src/tools/ sssctl/ sssctl. c, src/tools/ sssctl/ sssctl. h,
src/tools/ sssctl/ sssctl_ data.c, src/tools/ sssctl/ sssctl_ logs.c. fail_over- tests.patch: Disable fail_over-tests,
- Disable lto, not ready upstream.
- d/control: Drop libgdm-dev Build-Depend on i386.
- d/p/fix-
assert Python module paths by using full pathnames.
* Dropped changes:
- d/apparmor-profile: Update profile. (LP #1910611)
+ Extend read permissions to /etc/sssd/** and /etc/gss/**.
+ Add read/execute permission to /usr/libexec/
[ Incorporated by Debian. ]
- Fix FTBFS with newer autoconf
+ debian/
and PYTHON_EXEC_PREFIX in src/external/
[ Incorporated by Debian. ]
- SECURITY UPDATE: shell command injection in sssctl comment
+ debian/
avoid execution of user supplied command in
+ CVE-2021-3621
[ Incorporated by Debian. ]
- d/p/disable-
which is failing when running inside sbuild.
[ Not needed anymore; issue does not reproduce on Jammy. ]
-- Sergio Durigan Junior <email address hidden> Wed, 27 Oct 2021 20:16:31 -0400