Merge sssd from Debian unstable for oracular

Upstream: tbd
Debian: 2.9.4-2 2.9.4-1.1~exp1
Ubuntu: 2.9.4-1.1ubuntu6

Debian new has 2.9.4-1.1~exp1, which may be available for merge soon.

If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired.

If this merge pulls in a new upstream version, also consider adding an entry to the Oracular Release Notes: https://discourse.ubuntu.com/c/release/38

### New Debian Changes ###

sssd (2.9.4-2) unstable; urgency=medium

  [ Michael Biebl ]
  * Install PAM and NSS modules into /usr. (Closes: #1061350)

  [ Timo Aaltonen ]
  * tests: Drop -extensions from openssl command if there is no -x509.
    Thanks, Sebastian Andrzej Siewior! (Closes: #1061869)

 -- Timo Aaltonen <email address hidden> Wed, 10 Apr 2024 15:56:46 +0300

sssd (2.9.4-1.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Rename libraries for 64-bit time_t transition. Closes: #1063074

 -- Benjamin Drung <email address hidden> Thu, 29 Feb 2024 17:27:43 +0000

sssd (2.9.4-1) unstable; urgency=medium

  [ Sergio Durigan Junior ]
  * Improve certificate/smartcard dep8 tests.
    - d/t/control: Don't depend on 'needs-sudo' restriction, since the
      tests don't really use 'sudo' selectively but rather rely on a normal
      user being setup as a side effect of 'needs-sudo'. Instead, we can
      use 'needs-root'.
    - d/t/sssd-smart-card-pam-auth-configs-tester.sh,
      d/t/sssd-softhism2-certificates-tests.sh: Use
      '${AUTOPKGTEST_NORMAL_USER}' instead of '$SUDO_USER'.

  [ Timo Aaltonen ]
  * New upstream release.
  * control: Migrate to systemd-dev. (Closes: #1060512)
  * rules, install: Use systemdsystemunitdir.

 -- Timo Aaltonen <email address hidden> Thu, 18 Jan 2024 12:04:33 +0200

sssd (2.9.2-1) unstable; urgency=medium

  [ Timo Aaltonen ]
  * New upstream release.
  * control, rules: Add bc to build-depends, enable tests again.

  [ Marco Trevisan (Treviño) ]
  * debian: Add pam-auth-update SSSD Smart card configurations
  * debian/tests: Add tests for smart card verification

 -- Timo Aaltonen <email address hidden> Fri, 15 Sep 2023 11:18:38 +0300

sssd (2.9.1-2) unstable; urgency=medium

  [ Sergio Durigan Junior ]
  * Enable files provider.
    SSSD 2.9.0 has deprecated 'id_provider = files', but that's still
    needed for smartcard authentication of local users.
    - d/rules: Build with '--with-files-provider'.
    - d/sssd-common.install: Install libsss_files.so and sssd-files.5.
    (Closes: #1041438) (LP: #2028084)
  * d/rules: Remove deprecated options '--disable-files-domain'.

 -- Timo Aaltonen <email address hidden> Tue, 25 Jul 2023 15:01:14 +0300

sssd (2.9.1-1) unstable; urgency=medium

  * New upstream release.
  * libnss-sss.postinst: Migrate to use 'case' like the other postinsts.
  * patches: Drop an upstreamed patch.
  * Drop deprecated simple-ifp library and files provider.
  * control, rules: Add sssd-passkey, and libfido2-dev to build-depends.
  * ci: Allow piuparts to fail, because handling of nsswitch.conf ownership
    is broken.

 -- Timo Aaltonen <email address hidden> Tue, 04 Jul 2023 08:48:49 +0300

sssd (2.8.2-4) unstable; urgency=medium

  [ Sam Morris ]
  * Don't add subid to /etc/nsswitch.conf (Closes: #1032990)

 -- Timo Aaltonen <email address hidden> Tue, 11 Apr 2023 15:19:36 +0300

sssd (2.8.2-3) unstable; urgency=medium

  [ Gioele Barabucci ]
  * d/libnss-sss.nss: Update to `database-add`
  * d/libsss-sudo.nss: Install `sss` service for sudoers via dh-nss (Closes: #783889)
  * d/libsss-sudo.post{inst,rm}: Remove now that the services are installed via dh-nss
  * d/sssd-common.nss: Use new directive name `database-add`
  * Install dbus policy in /usr instead of /etc (Closes: #1031547)

  [ Sam Morris ]
  * sssd-common: add lintian overrides for libsubid_sss.so

 -- Timo Aaltonen <email address hidden> Sun, 26 Feb 2023 16:35:48 +0200

sssd (2.8.2-2) unstable; urgency=medium

  [ Sam Morris ]
  * Ship libsubid_sss.so in sssd-common package

### Old Ubuntu Delta ###

sssd (2.9.4-1.1ubuntu6) noble; urgency=medium

  * No-change rebuild for c-ares t64.

 -- Matthias Klose <email address hidden> Tue, 16 Apr 2024 11:55:56 +0200

sssd (2.9.4-1.1ubuntu5) noble; urgency=medium

  * Fix build-time tests (LP: #2058576):
    - d/p/fix-format-string-time64.patch: fix format string used for a
      timestamp filter string. Thanks to Sergio Durigan Junior
      <email address hidden> for the troubleshooting session.
    - d/control: faketime is used for tests, and is currently not
      working on armhf with a 64bit time_t (see LP #2059078)

 -- Andreas Hasenack <email address hidden> Fri, 05 Apr 2024 10:23:52 -0300

sssd (2.9.4-1.1ubuntu4) noble; urgency=medium

  * No-change rebuild for CVE-2024-3094

 -- Steve Langasek <email address hidden> Sun, 31 Mar 2024 08:25:06 +0000

sssd (2.9.4-1.1ubuntu3) noble; urgency=medium

  * No-change rebuild against libcurl4t64

 -- Steve Langasek <email address hidden> Sat, 16 Mar 2024 07:03:24 +0000

sssd (2.9.4-1.1ubuntu2) noble; urgency=medium

  * No-change rebuild against libcom-err2

 -- Steve Langasek <email address hidden> Tue, 12 Mar 2024 20:34:29 +0000

sssd (2.9.4-1.1ubuntu1) noble; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - d/control: Drop libgdm-dev Build-Depend on i386.
    - d/control: Don't build sssd-tools on i386, now uninstallable due
      to added python3-{click,systemd} dependencies.
    - d/apparmor-profile: Add some entries to apparmor-profile file
      to get rid of the extraneous ALLOWED messages visible in the
      /var/log/syslog. (LP #1999190)

 -- Sergio Durigan Junior <email address hidden> Fri, 08 Mar 2024 11:22:58 -0500