Update sssd to 1.5.15

Bug #893043 reported by Krzysztof Klimonda on 2011-11-21
This bug affects 1 person
Affects Status Importance Assigned to Milestone
sssd (Ubuntu)
Timo Aaltonen

Bug Description

sssd 1.5.13 doesn't start on precise due to ABI mismatch between memberof.so module and the libldb installed (ldb: module version mismatch in src/ldb_modules/memberof.c : ldb_version=1.1.3 module_version=1.1.2). The newest 1.5.x release doesn't have this issue.

CVE References

Krzysztof Klimonda (kklimonda) wrote :

A patch for sssd FTBFS due to -Werror=format-security flag enabled by default.

I haven't reported the bug yet on sssd trac as I have a small problem getting access to my fedora account.

Timo Aaltonen (tjaalton) wrote :

Oh, right, libldb.. It's actually just a matter of rebuilding it against the available libldb, and fixing the dependency so that it requires the version it was built against, unlike it is now.

Changed in sssd (Ubuntu):
assignee: nobody → Timo Aaltonen (tjaalton)
importance: Undecided → Medium
status: New → In Progress

The attachment "sssd.patch" of this bug report has been identified as being a patch. The ubuntu-reviewers team has been subscribed to the bug report so that they can review the patch. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-sponsors please also unsubscribe the team from this bug report.

[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]

tags: added: patch

The patch attached to this bug is irrelevant to this issue. However, it is definitely correct, and I will be pushing it upstream later today. Thanks, Krzysztof!

Krzysztof Klimonda (kklimonda) wrote :

ah, sorry about that - I've already forwarded the patch (https://fedorahosted.org/sssd/ticket/1094), just didn't link to the bug report here as it is indeed irrelevant if nochange rebuild is enough to fix it (on the other hand we should still update to 1.5.15 as it's fixing some bugs).

I've pushed your patch (as well as porting it forward to the master and 1.6.x branches).

Timo Aaltonen (tjaalton) wrote :

I'll upload the fixed package shortly, it turned out to be a bit more work than I thought :)

Launchpad Janitor (janitor) wrote :
Download full text (3.6 KiB)

This bug was fixed in the package sssd - 1.5.15-0ubuntu1

sssd (1.5.15-0ubuntu1) precise; urgency=low

  * Merge from Debian git, remaining changes: none.
  * Rebuild against current ldb (LP: #893043).

sssd (1.5.15-1) UNRELEASED; urgency=low

  [ Petter Reinholdtsen ]
  * New upstream version 1.2.4:
    - Resolves long-standing issues related to group processing with
      RFC2307bis LDAP servers.
    - Fixed bugs in RFC2307bis group memberships related to initgroups
      (Closes: #595564).
    - Fix tight-loop bug on systems with older OpenLDAP client
      libraries (such as Red Hat Enterprise Linux 5)
  * New Upstream Version 1.2.3:
    - Resolves CVE-2010-2940.
  * New Upstream Version 1.2.2:
    - The LDAP provider no longer requires access to the LDAP
      RootDSE. If it is unavailable, we will continue on with our best
    - The LDAP provider will now log issues with TLS and GSSAPI to the
    - Significant performance improvement when performing initgroups
      on users who are members of large groups in LDAP.
    - The sss_client will now reconnect properly to the SSSD if the
      daemon is restarted.
      * This resolves an issue causing GDM to crash when logging out
        of a user after the SSSD had been restarted.
  * Correct package description for python-sss (Closes: #596215).
  * Update Standards-Version from 3.8.4 to 3.9.1. No changes needed.

  [ Timo Aaltonen ]
  * New upstream release (1.5.15) (Closes: #595564, #624194, #640678).
    - Add libunistring-dev to build-deps.
  * Drop patch to ensure LDAP authentication never accept a zero
    length password, which is now included upstream.
  * sssd.upstart.ubuntu:
    - Don't start before net-device-up. (LP: 812943)
    - Source /etc/default/sssd. (LP: 812943)
  * sssd.default: Added a file to include the sssd daemon defaults,
    currently has '-D -f'.
  * sssd.init: Drop separate OPTIONS, '-D' comes from /etc/default/sssd
  * rules: Install the Python API files to /usr/share/sssd, as discussed
    with upstream. (LP: 859611)
  * fix-python-api-path.dpatch: Use the new location for the API files.
    (LP: 859611)
  * libpam-sss.pam-auth-update:
    - Add 'forward_pass' to auth stack to fix ecryptfs mounts. (LP: 826643)
    - Add pam_localuser.so to account stack to allow local users to log in.
      (LP: 860488)
    - Drop the priority so that pam_unix is always before pam_sss.
  * control: sssd now Recommends libpam-sss and libnss-sss, since sssd is
    mostly useless without them. (LP: 767337)
  * sssd.prerm: Remove empty script.
  * control, compat: Bump debhelper build-dep and compat level to 8.
  * Switch to source format 3.0 (quilt).
  * Do not install a working config file by default. The local domain
    definition was broken (upstream #1014). The daemon will need to be
    configured by other means before it's usable.
  * Add fix-format-security.diff (Closes: #643806)
  * Add support for Multi-Arch.
  * Migrate to dh, drop cdbs build-dep, add quilt, dh-autoreconf and
    autopoint to build-deps.
  * Remove unnecessary libnss-sss.links.
  * Add libdhash-dev, libcollection-dev and libini-config-dev to build-...


Changed in sssd (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.