diff options
Diffstat (limited to 'debian/changelog')
| -rw-r--r-- | debian/changelog | 1363 |
1 files changed, 1363 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..1d30ec2 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,1363 @@ +sssd (2.9.4-1) unstable; urgency=medium + + [ Sergio Durigan Junior ] + * Improve certificate/smartcard dep8 tests. + - d/t/control: Don't depend on "needs-sudo" restriction, since the + tests don't really use "sudo" selectively but rather rely on a normal + user being setup as a side effect of "needs-sudo". Instead, we can + use "needs-root". + - d/t/sssd-smart-card-pam-auth-configs-tester.sh, + d/t/sssd-softhism2-certificates-tests.sh: Use + "${AUTOPKGTEST_NORMAL_USER}" instead of "$SUDO_USER". + + [ Timo Aaltonen ] + * New upstream release. + * control: Migrate to systemd-dev. (Closes: #1060512) + * rules, install: Use systemdsystemunitdir. + + -- Timo Aaltonen <tjaalton@debian.org> Thu, 18 Jan 2024 12:04:33 +0200 + +sssd (2.9.2-1) unstable; urgency=medium + + [ Timo Aaltonen ] + * New upstream release. + * control, rules: Add bc to build-depends, enable tests again. + + [ Marco Trevisan (Treviño) ] + * debian: Add pam-auth-update SSSD Smart card configurations + * debian/tests: Add tests for smart card verification + + -- Timo Aaltonen <tjaalton@debian.org> Fri, 15 Sep 2023 11:18:38 +0300 + +sssd (2.9.1-2) unstable; urgency=medium + + [ Sergio Durigan Junior ] + * Enable files provider. + SSSD 2.9.0 has deprecated "id_provider = files", but that's still + needed for smartcard authentication of local users. + - d/rules: Build with "--with-files-provider". + - d/sssd-common.install: Install libsss_files.so and sssd-files.5. + (Closes: #1041438) (LP: #2028084) + * d/rules: Remove deprecated options "--disable-files-domain". + + -- Timo Aaltonen <tjaalton@debian.org> Tue, 25 Jul 2023 15:01:14 +0300 + +sssd (2.9.1-1) unstable; urgency=medium + + * New upstream release. + * libnss-sss.postinst: Migrate to use 'case' like the other postinsts. + * patches: Drop an upstreamed patch. + * Drop deprecated simple-ifp library and files provider. + * control, rules: Add sssd-passkey, and libfido2-dev to build-depends. + * ci: Allow piuparts to fail, because handling of nsswitch.conf ownership + is broken. + + -- Timo Aaltonen <tjaalton@debian.org> Tue, 04 Jul 2023 08:48:49 +0300 + +sssd (2.8.2-4) unstable; urgency=medium + + [ Sam Morris ] + * Don't add subid to /etc/nsswitch.conf (Closes: #1032990) + + -- Timo Aaltonen <tjaalton@debian.org> Tue, 11 Apr 2023 15:19:36 +0300 + +sssd (2.8.2-3) unstable; urgency=medium + + [ Gioele Barabucci ] + * d/libnss-sss.nss: Update to `database-add` + * d/libsss-sudo.nss: Install `sss` service for sudoers via dh-nss (Closes: #783889) + * d/libsss-sudo.post{inst,rm}: Remove now that the services are installed via dh-nss + * d/sssd-common.nss: Use new directive name `database-add` + * Install dbus policy in /usr instead of /etc (Closes: #1031547) + + [ Sam Morris ] + * sssd-common: add lintian overrides for libsubid_sss.so + + -- Timo Aaltonen <tjaalton@debian.org> Sun, 26 Feb 2023 16:35:48 +0200 + +sssd (2.8.2-2) unstable; urgency=medium + + [ Sam Morris ] + * Ship libsubid_sss.so in sssd-common package + + -- Timo Aaltonen <tjaalton@debian.org> Tue, 14 Feb 2023 17:48:19 +0200 + +sssd (2.8.2-1) unstable; urgency=medium + + * New upstream release. + + -- Timo Aaltonen <tjaalton@debian.org> Tue, 14 Feb 2023 17:40:37 +0200 + +sssd (2.8.1-2) unstable; urgency=medium + + * d/rules: Fix 'find' syntax to remove '*.egg-info' files/directories. + (Closes: #1026490) + + -- Sergio Durigan Junior <sergiodj@debian.org> Tue, 03 Jan 2023 16:36:00 -0500 + +sssd (2.8.1-1) unstable; urgency=medium + + * New upstream release. + * watch: Updated for current github behaviour. + * support-krb5-1.20.diff: Dropped, upstream. + + -- Timo Aaltonen <tjaalton@debian.org> Wed, 23 Nov 2022 10:10:41 +0200 + +sssd (2.7.4-1) unstable; urgency=medium + + [ Timo Aaltonen ] + * New upstream release. + * control: Add bind9-dnsutils to sssd-common Recommends, and rename + dnsutils build-dep. (Closes: #1018144) + + [ Sergio Durigan Junior ] + * Simplify logic to add "automount" database into nsswitch. + - d/libnss-sss.nss: Add "automount database" directive. + - d/libnss-sss.postinst: Remove logic to insert "automount" database + into nsswitch; not necessary anymore now that the package uses dh-nss. + + -- Timo Aaltonen <tjaalton@debian.org> Thu, 22 Sep 2022 15:34:06 +0300 + +sssd (2.7.3-2) unstable; urgency=medium + + [ Timo Aaltonen ] + * patches: Allow building the pac_responder with krb5 1.20. (Closes: + #1016220) + + [ Gioele Barabucci ] + * d/libnss-sss.post{inst,rm}: Add DPKG_ROOT support + * d/libnss-sss.postinst: Fix use of outdated `automounter` instead of `automount` + * d/libnss-sss.nss: Install NSS service `sss` via dh_installnss + + -- Timo Aaltonen <tjaalton@debian.org> Wed, 17 Aug 2022 16:46:47 +0300 + +sssd (2.7.3-1) unstable; urgency=medium + + * New upstream release. + + -- Timo Aaltonen <tjaalton@debian.org> Wed, 06 Jul 2022 08:52:58 +0300 + +sssd (2.7.2-3) unstable; urgency=medium + + * d/p/fix-shebang-on-sss_analyze.patch: Fix shebang on sss_analyze. + + -- Sergio Durigan Junior <sergiodj@debian.org> Wed, 22 Jun 2022 11:00:11 -0400 + +sssd (2.7.2-2) unstable; urgency=medium + + * rules, install: Fix python install directory. (LP: #1979453) + + -- Timo Aaltonen <tjaalton@debian.org> Wed, 22 Jun 2022 16:54:42 +0300 + +sssd (2.7.2-1) unstable; urgency=medium + + * New upstream release. + * pac-relax-default-for-pac_check-option.diff: Dropped, upstream. + + -- Timo Aaltonen <tjaalton@debian.org> Wed, 22 Jun 2022 13:19:27 +0300 + +sssd (2.7.1-2) unstable; urgency=medium + + * pac-relax-default-for-pac_check-option.diff: Drop pac_present from + default PAC check. (Closes: #1012502) + + -- Timo Aaltonen <tjaalton@debian.org> Thu, 09 Jun 2022 10:19:37 +0300 + +sssd (2.7.1-1) unstable; urgency=medium + + * New upstream release. + * control: Drop sssd-ipd from sssd-ipa depends. + * sssd-common.install: Add a new manpage. + + -- Timo Aaltonen <tjaalton@debian.org> Mon, 06 Jun 2022 16:32:34 +0300 + +sssd (2.7.0-1) unstable; urgency=medium + + * New upstream release. + * Update signing-key.asc. + * source: Update diff-ignores. + * control, rules: Add sssd-idp package, which includes plugins for + external identity providers. + * control, rules: Enable krb5 config snippets by default. + + -- Timo Aaltonen <tjaalton@debian.org> Wed, 25 May 2022 12:59:05 +0300 + +sssd (2.6.3-3) unstable; urgency=medium + + * tests: Dump the daemon status after restart, hoping to see what the + error is if it fails to start. + * rules: Drop --with-ldb-dir, use the default value from the pkgconfig + file. (Closes: #1009223) + + -- Timo Aaltonen <tjaalton@debian.org> Sun, 10 Apr 2022 10:57:30 +0300 + +sssd (2.6.3-2) unstable; urgency=medium + + * rules: Disable lto. + * Rebuild against current python-defaults. (Closes: #1008583) + + -- Timo Aaltonen <tjaalton@debian.org> Tue, 29 Mar 2022 10:04:50 +0300 + +sssd (2.6.3-1) unstable; urgency=medium + + * New upstream release. + * control: Migrate to PCRE2. (Closes: #999951) + * Update signing-key.asc. + * control: Drop python3-click from sssd-tools depends. + * sssd-tools.install: Updated. + * tests: Drop RANDFILE from tests/util. (Closes: #1001476) + + -- Timo Aaltonen <tjaalton@debian.org> Fri, 11 Feb 2022 09:35:43 +0200 + +sssd (2.6.1-1) unstable; urgency=medium + + * New upstream release. + * patches: Dropped upstream patches. + * control: Add libunistring-dev to build-depends. + * sssd-common.install: Drop libsss_secrets, removed upstream. + * tools: Add sss_analyze. + + -- Timo Aaltonen <tjaalton@debian.org> Wed, 17 Nov 2021 20:33:29 +0200 + +sssd (2.5.2-5) unstable; urgency=medium + + * control: Fix libsemanage-dev build-dep. (Closes: #998634) + + -- Timo Aaltonen <tjaalton@debian.org> Mon, 08 Nov 2021 21:17:29 +0200 + +sssd (2.5.2-4) unstable; urgency=medium + + * control: Promote libnss-sss and libpam-sss to sssd-common Depends. + (Closes: #995730) + * common: Drop old Breaks/Replaces. + + -- Timo Aaltonen <tjaalton@debian.org> Mon, 11 Oct 2021 17:46:04 +0300 + +sssd (2.5.2-3) unstable; urgency=medium + + * rules: Explicitly set sssd-user as root. + * install: Add sssd-pcsc.rules to -common. + * postinst: Correct file/dir permissions and ownership when the daemon + is run as root. (Closes: #994807) + * 0001-ad-fallback-to-ldap-if-cldap-is-not-available-in-lib.patch: Our + libldap is built without LDAP_CONNECTIONLESS, cope with that. + (Closes: #994879) + + -- Timo Aaltonen <tjaalton@debian.org> Wed, 22 Sep 2021 18:54:07 +0300 + +sssd (2.5.2-2) unstable; urgency=medium + + * rules: Disable tests for now. (Closes: #994479) + + -- Timo Aaltonen <tjaalton@debian.org> Mon, 20 Sep 2021 17:38:19 +0300 + +sssd (2.5.2-1) unstable; urgency=medium + + [ Sergio Durigan Junior ] + * d/apparmor-profile: Update profile: + - Extend read permissions to /etc/sssd/conf.d/* and /etc/gss/mech.d/*. + - Add read/execute permission to /usr/libexec/sssd/*. + + [ Timo Aaltonen ] + * New upstream release. (Closes: #978904, #992815, #983795) + * fix-whitespace-test.diff: Refreshed. + * control, rules: Drop libwbclient-sssd-*, support for it was dropped upstream. + * fix_newer_autoconf.patch: Don't unset python prefix/exec-prefix. + * patches: Fix CVE-2021-3621. (Closes: #992710) + + -- Timo Aaltonen <tjaalton@debian.org> Thu, 16 Sep 2021 14:51:42 +0300 + +sssd (2.4.1-2) unstable; urgency=medium + + [ Marco Trevisan (Treviño) ] + * debian/control: Mark test packages as <!nocheck> + - Add missing test dependencies + - Enable libcmocka (and so unit tests) all the archs + * debian/rules: + - Don't run tests if nocheck is set + - Enable tests again + * debian/patches: + - Get libsofthsm2 from right path for each architecture + + [ Timo Aaltonen ] + * test_ca-Look-for-libsofthsm2-in-libdir-before-falling-bac.patch: + Dropped, upstream. + + -- Timo Aaltonen <tjaalton@debian.org> Wed, 10 Feb 2021 13:49:04 +0200 + +sssd (2.4.1-1) unstable; urgency=medium + + * New upstream release. + * libpam-sss.install: Add pam_sss_gss. + + -- Timo Aaltonen <tjaalton@debian.org> Wed, 10 Feb 2021 11:32:35 +0200 + +sssd (2.4.0-1) unstable; urgency=medium + + * New upstream release. + * source: Update diff-ignore. + + -- Timo Aaltonen <tjaalton@debian.org> Tue, 08 Dec 2020 22:36:54 +0200 + +sssd (2.3.1-3) unstable; urgency=medium + + * control: Move libsss-sudo to sssd-common Suggests. (LP: #1249777) + + -- Timo Aaltonen <tjaalton@debian.org> Tue, 06 Oct 2020 15:56:19 +0300 + +sssd (2.3.1-2) unstable; urgency=medium + + * control: Add sssd-dbus to sssd-tools Recommends. (LP: #1895645) + + -- Timo Aaltonen <tjaalton@debian.org> Thu, 17 Sep 2020 14:15:03 +0300 + +sssd (2.3.1-1) unstable; urgency=medium + + * New upstream release. (Closes: #965307, #965143) + * source: Extend diff-ignore. + * rules: Set --with-libwbclient. + * control: Add libsofthsm2 to build-depends for tests. + + -- Timo Aaltonen <tjaalton@debian.org> Tue, 28 Jul 2020 17:14:55 +0300 + +sssd (2.3.0-2) unstable; urgency=medium + + * rules: Drop quilt, autoreconf from dh. + + -- Timo Aaltonen <tjaalton@debian.org> Mon, 13 Jul 2020 15:49:20 +0300 + +sssd (2.3.0-1) unstable; urgency=medium + + * New upstream release. (Closes: #964701, #964240) + * source: Migrate to 3.0 (quilt). + * source/local-options: Add files not found on upstream tarball to + extend-diff-ignore. + * rules: Use journald for logging. (Closes: #960673) + * rules: Use /run for pid-path. + * sssd-common.sssd.default: Add DEBUG_LOGGER but commented out. + * watch: Update url to github. + * Add signing-key from Pavel Březina. + * fix-946847.diff, fix-python3.8-ftbfs.diff: Dropped, upstream. + * control: Use debhelper-compat. + * control, rules: Build with openssl. + * rules: Disable tests until a failing pam upn test is sorted out. + * control: Drop quilt from build-depends. + + -- Timo Aaltonen <tjaalton@debian.org> Mon, 13 Jul 2020 11:35:33 +0300 + +sssd (2.2.3-3) unstable; urgency=medium + + * libnss-sss: Fix a typo in adding the NSS entry for automount. + (LP: #1873752) + * control, watch: Update upstream url to github. + + -- Timo Aaltonen <tjaalton@debian.org> Mon, 20 Apr 2020 17:52:18 +0300 + +sssd (2.2.3-2) unstable; urgency=medium + + * libnss-sss: Add an entry for automounter to nsswitch.conf. This is + needed by ipa-client-automount. + * Added gitlab-ci.yml. + * fix-python3.8-ftbfs.diff: Fix build against python3.8. + + -- Timo Aaltonen <tjaalton@debian.org> Fri, 06 Mar 2020 21:58:28 +0200 + +sssd (2.2.3-1.1) unstable; urgency=medium + + * Non-maintainer upload with maintainer permission. + * Fix sssd_be busy-looping when LDAP connection flickers. + (Closes: #946847) + + -- Thorsten Glaser <tg@mirbsd.de> Fri, 21 Feb 2020 14:04:25 +0100 + +sssd (2.2.3-1) unstable; urgency=medium + + * New upstream release. + * default-to-socket-activated-services.diff: Refreshed. + * sssd-ldap.install: Updated. + + -- Timo Aaltonen <tjaalton@debian.org> Thu, 20 Feb 2020 13:06:35 +0200 + +sssd (2.2.2-1) unstable; urgency=medium + + * New upstream release. + * default-to-socket-activated-services.diff: Don't enable any + services when run without a conffile. + * fix-have-systemd.diff: Dropped, upstream. + * default-to-socket-activated-services.diff: Refreshed. + * signing-key: Add key from Michal Židek. + * Get rid of all old pre/postinst file removal fluff, since that's all + obsolete by now. + * Drop python2 support. (Closes: #938566) + + -- Timo Aaltonen <tjaalton@debian.org> Wed, 18 Sep 2019 15:27:44 +0300 + +sssd (2.2.0-4) unstable; urgency=medium + + [ Sam Morris ] + * fix-have-systemd.patch: correct detection of systemd.pc + (Closes: #932080) + * default-to-socket-activated-services.diff: rely on socket activation + to spawn nss and pam responders + + -- Timo Aaltonen <tjaalton@debian.org> Fri, 19 Jul 2019 18:15:41 +0300 + +sssd (2.2.0-3) unstable; urgency=medium + + * common/ipa/krb5-common/proxy.postinst: Use libexec path. (Closes: + #931859) + + -- Timo Aaltonen <tjaalton@debian.org> Fri, 12 Jul 2019 10:01:06 +0300 + +sssd (2.2.0-2) unstable; urgency=medium + + * rules: Override dh_installman, let dh_install handle installing + manpages too. + + -- Timo Aaltonen <tjaalton@debian.org> Thu, 11 Jul 2019 00:53:36 +0300 + +sssd (2.2.0-1) unstable; urgency=medium + + * New upstream release. + * control: Bump policy to 4.4.0. + * control, compat, rules: Bump debhelper to 12. + * *.install: Updated, some files moved to /usr/libexec. + + -- Timo Aaltonen <tjaalton@debian.org> Wed, 10 Jul 2019 10:14:09 +0300 + +sssd (2.1.0-1) experimental; urgency=medium + + * New upstream release. + * sssd-tools.install: Local domain support is deprecated and not + built by default anymore, so drop the files. + * control, sssd-common.install: Secrets responder is dropped, deprecated. + * control: Add ldap-utils to build-depends, tests need it. + * sssd-common.install: Add new internal libs for iface/sbus. + * fix-whitespace-test.diff: Fix ignoring the debian dir. + * rules: Update the clean target. + + -- Timo Aaltonen <tjaalton@debian.org> Mon, 27 May 2019 13:55:38 +0300 + +sssd (1.16.4-1~exp1) experimental; urgency=medium + + [ Timo Aaltonen ] + * New upstream release. (LP: #1572908) + * Drop patches, all upstream. + * Enable systemd responders. (Closes: #925026, #923882) + + [ Dominik George ] + * Acknowledge NMU. + * Add myself to Uploaders. + + -- Timo Aaltonen <tjaalton@debian.org> Wed, 03 Apr 2019 09:56:33 +0300 + +sssd (1.16.3-3.1) unstable; urgency=high + + * Non-maintainer upload. + * Fix copy_ccache test broken by recent krb5 changes. (Closes: #921761) + * Fix PAC responder build with krb5 1.17. (Closes: #923125) + + -- Dominik George <natureshadow@debian.org> Sun, 24 Feb 2019 11:05:55 +0100 + +sssd (1.16.3-3) unstable; urgency=medium + + * fix-curl-ftbfs.diff: Fix build with current curl. (Closes: #913403) + * Rebuild with python3.7. (Closes: #915199, #915168) + + -- Timo Aaltonen <tjaalton@debian.org> Sun, 02 Dec 2018 11:16:57 +0200 + +sssd (1.16.3-2) unstable; urgency=medium + + [ Jeremy Bicha ] + * Don't require libgdm-dev on s390x or non-Linux architectures + (Closes: #913030) + + [ Andreas Hasenack ] + * d/t/{ldap-user-group-ldap-auth,control,login.exp,util,common-tests}: add + LDAP DEP8 test + * d/t/{util,login.exp,ldap-user-group-krb5-auth,control}: add krb5 DEP8 test + + -- Timo Aaltonen <tjaalton@debian.org> Tue, 06 Nov 2018 16:55:34 +0200 + +sssd (1.16.3-1) unstable; urgency=medium + + * New upstream release. + * control: Add python-sss to sssd-tools depends. (Closes: #905220) + * libsss-sudo: Add sss entry to nsswitch only on initial install. + (Closes: #903917) + * control: Update list address. + * disable-tests.diff: Dropped, all tests pass on a proper buildd setup + which should have /etc/{hosts,networks} populated. + + -- Timo Aaltonen <tjaalton@debian.org> Wed, 22 Aug 2018 16:34:01 +0300 + +sssd (1.16.2-1) unstable; urgency=medium + + * New upstream release. (LP: #1778554) + * control: Enable tests, add check and libcmocka-dev to build-depends. + * rules: Use samba idmap version 6. + * disable-tests.diff: Disable three tests that are known to fail in + sbuild. + * control: Drop obsolete build-depends. + * control: Update VCS urls. + * control: Drop specifying python versions. + * control: Change priority to optional. + * libsss-sudo.post*: Don't call ldconfig. + + -- Timo Aaltonen <tjaalton@debian.org> Wed, 27 Jun 2018 14:07:55 +0300 + +sssd (1.16.1-1) unstable; urgency=medium + + * New upstream release. + * common.dirs, common.postinst: Add dir for secrets with correct + permissions. (Closes: #892315) + * common: Add support for Fleet Commander, create deskprofile dir with + correct permissions. + * control: Add libgdm-dev to build-depends to support multiple + certificates. + * control, rules, common.install: Add support for systemtap. + * control: Bump policy to 4.1.3, no changes. + + -- Timo Aaltonen <tjaalton@debian.org> Tue, 13 Mar 2018 11:25:00 +0200 + +sssd (1.16.0-5) unstable; urgency=medium + + * rules: Disable files domain, it's not useful in Debian. (Closes: + #888207) + + -- Timo Aaltonen <tjaalton@debian.org> Fri, 26 Jan 2018 10:42:17 +0200 + +sssd (1.16.0-4) unstable; urgency=medium + + * Revert installing responder service/socket files again. + (Closes: #886483) + + -- Timo Aaltonen <tjaalton@debian.org> Mon, 22 Jan 2018 16:50:14 +0200 + +sssd (1.16.0-3) unstable; urgency=medium + + * Install responder service and socket files again. + + -- Timo Aaltonen <tjaalton@debian.org> Thu, 04 Jan 2018 09:55:41 +0200 + +sssd (1.16.0-2) unstable; urgency=medium + + * Enable default config. (Closes: #858968) + * Enable files domain. + + -- Timo Aaltonen <tjaalton@debian.org> Mon, 25 Dec 2017 21:38:26 +0200 + +sssd (1.16.0-1) unstable; urgency=medium + + * New upstream release. + * sysdb-sanitize-search-filter-input.diff: Dropped, upstream. + * sssd-common.install: Add sssd-session-recording.5. + * control: Depend on python3 pkgs by default. (Closes: #883178) + + -- Timo Aaltonen <tjaalton@debian.org> Wed, 20 Dec 2017 11:58:50 +0200 + +sssd (1.15.3-3) unstable; urgency=medium + + * Rebuild against new libldb. (Closes: #880013) + + -- Timo Aaltonen <tjaalton@debian.org> Sun, 29 Oct 2017 09:13:42 +0200 + +sssd (1.15.3-2) unstable; urgency=medium + + * control: Fix libipa-hbac-dev short description. + * generate-config: Update the config template. (Closes: #872787) + * sysdb-sanitize-search-filter-input.diff: Fix CVE-2017-12173. + (Closes: #877885) + + -- Timo Aaltonen <tjaalton@debian.org> Thu, 12 Oct 2017 08:24:51 +0300 + +sssd (1.15.3-1) unstable; urgency=medium + + * New upstream release. + * apparmor-profile: Add chown capability, allow one to notify systemd. + * control: Add libcurl4-gnutls-dev and uuid-dev to build depends. + * Add libsss-certmap{0,-dev} packages. + * Add sssd-kcm. + * rules: Migrate to dh_missing. + * control: Bump policy to 4.0.0, no changes. + * compat, control, rules: Bump debhelper compat to 10, drop --parallel + as it's the default now. + + -- Timo Aaltonen <tjaalton@debian.org> Sat, 29 Jul 2017 11:50:41 +0300 + +sssd (1.15.2-1) unstable; urgency=medium + + * New upstream release. + * control: Demote adcli to sssd-ad suggests. + * rules, common.install: Fix sssd_krb5_locator_plugin install path. + (LP: #1664566) + * control, copyright, watch: Update upstream URLs. + * common.install: Add libsss_files and socket activation helper. + + -- Timo Aaltonen <tjaalton@debian.org> Mon, 20 Mar 2017 15:17:19 +0200 + +sssd (1.15.0-3) unstable; urgency=medium + + * rules, install: Remove responder service and socket files for now, the + sockets weren't supposed to be enabled anyway and can cause issues. + (Closes: #854048) + + -- Timo Aaltonen <tjaalton@debian.org> Sat, 04 Feb 2017 18:34:06 +0200 + +sssd (1.15.0-2) unstable; urgency=medium + + * import-daemon-opts.diff, sssd.default: Drop the patch modifying sssd + service file, and revert the daemon options for sysvinit. + /etc/default/sssd is now only for the initscript (Closes: #852719) + + -- Timo Aaltonen <tjaalton@debian.org> Thu, 26 Jan 2017 21:29:58 +0200 + +sssd (1.15.0-1) unstable; urgency=medium + + * New upstream release. (Closes: #852450) (LP: #1566508) + * Drop upstreamed patches. + * sssd-common.sssd.default, import-daemon-opts.diff: Change default + daemon options to match current upstream. + * sssd-dbus.install: Drop libsss_config, which was removed. + * sssd-{ad,common,dbus}.install: Add systemd service and socket files + for pac, sudo, ssh, autofs, pam, nss and ifp responders. + + -- Timo Aaltonen <tjaalton@debian.org> Wed, 25 Jan 2017 22:46:02 +0200 + +sssd (1.14.2-2.1) unstable; urgency=low + + * Non-maintainer upload with maintainer approval. + * ldap-blocking.diff: Fix ldaps connections by removing NON_BLOCKING from + socket options (Closes: 849756). Patch from upstream pull request #67. + + -- Petter Reinholdtsen <pere@debian.org> Tue, 24 Jan 2017 22:26:17 +0000 + +sssd (1.14.2-2) unstable; urgency=medium + + * fix-prefix-substitution.diff: Fix IFP service file path substitution. + (LP: #1652629) + + -- Timo Aaltonen <tjaalton@debian.org> Tue, 17 Jan 2017 16:39:14 +0200 + +sssd (1.14.2-1) unstable; urgency=medium + + * New upstream release. + * control: Add adcli to sssd-ad Recommends. (LP: #1590471) + * accept-krb5-1.15.diff: Allow building PAC responder with MIT krb5 + 1.15. (Closes: #843385) + * common.install: Add sssd-secrets manpage. + + -- Timo Aaltonen <tjaalton@debian.org> Wed, 16 Nov 2016 10:47:15 +0200 + +sssd (1.14.1-1) unstable; urgency=medium + + * New upstream release. + * ipa-terminate-if-view-name-fails.diff, + gpo-add-unity-to-ad-gpo-map-interactive.diff: + Dropped, upstream. + * sssd-common.dirs: Add etc/sssd/conf.d for config snippets. + * control: Add libhttp-parser-dev and libjansson-dev to build-deps. + * sssd-tools.install: Add sssctl. + * sssd-common.install: Add sssd-secrets and winbind idmap plugin. + * Drop the upstart job, it was only shipped on Ubuntu which has + switched to systemd. + * rules, default, import-daemon-opts.diff: Import daemon options from + default/sssd also with systemd. (LP: #1587395) + * rules: Don't install a default config file. + + -- Timo Aaltonen <tjaalton@debian.org> Wed, 05 Oct 2016 14:20:37 +0300 + +sssd (1.13.4-3) unstable; urgency=medium + + * common: Add /var/lib/sss/gpo_cache. (LP: #1579092) + * gpo-add-unity-to-ad-gpo-map-interactive.diff: Allow logging in from + unity lockscreen. (LP: #1578415) + + -- Timo Aaltonen <tjaalton@debian.org> Tue, 10 May 2016 10:39:46 +0300 + +sssd (1.13.4-2) unstable; urgency=medium + + * ipa-terminate-if-view-name-fails.diff: Fix support for older IPA + servers. (LP: #1572582) + + -- Timo Aaltonen <tjaalton@debian.org> Wed, 20 Apr 2016 16:55:24 +0300 + +sssd (1.13.4-1) unstable; urgency=medium + + * New upstream release. + * apparmor-profile: Fixed and tidied. + + -- Timo Aaltonen <tjaalton@debian.org> Wed, 30 Mar 2016 19:31:33 +0300 + +sssd (1.13.3-1) unstable; urgency=medium + + * New upstream release. + + -- Timo Aaltonen <tjaalton@debian.org> Thu, 17 Dec 2015 13:27:11 +0200 + +sssd (1.13.2-1) unstable; urgency=medium + + * New upstream release. + * patches: Removed fix-obsolete-target.diff, fix-python-modules.diff, + both upstream now. + + -- Timo Aaltonen <tjaalton@debian.org> Thu, 03 Dec 2015 21:14:29 +0200 + +sssd (1.13.1-2) unstable; urgency=medium + + * apparmor: Fix access to krb5.include.d. (LP: #1489378) + * {krb5-common,proxy}.postinst: Chmod the correct files. (Closes: + #801537, #801538) + + -- Timo Aaltonen <tjaalton@debian.org> Tue, 13 Oct 2015 16:55:47 +0300 + +sssd (1.13.1-1) unstable; urgency=medium + + * New upstream release. + * {common,ipa,krb5,proxy}.postinst: Create a sssd system user & group, + and migrate various bits to their ownership. + * Add sssd-dbus to libsss-simpleifp0 Depends. + * ipa: Add /var/lib/sss/keytabs. + * common: Add PEM/DER conversion library. + * Add support for python3 modules. + * tools: Add sss_override. + * common: Add p11_child. + * ad: Drop libsss_ad_common, it was for tests only and not shipped + anymore. + * common: Move libsss_krb5_common here from sssd-krb5-common to satisfy + libsss_ldap_common depending on it. + * libsystemd.diff: Dropped, fixed upstream. + * fix-python-modules.diff: Don't add symlinks to python modules, + rename the built modules instead. + * rules, postinst: Avoid running dpkg-architecture in postinst and + instead mangle them in post-dh_installdeb. + * common: Add depends on adduser. + + -- Timo Aaltonen <tjaalton@debian.org> Sat, 03 Oct 2015 08:38:29 +0300 + +sssd (1.12.5-3) unstable; urgency=medium + + * sssd-common.postinst: Drop removing the old logrotate file, handle + it in sssd.maintscript instead. (Closes: #794332) + + -- Timo Aaltonen <tjaalton@debian.org> Tue, 08 Sep 2015 22:47:08 +0300 + +sssd (1.12.5-2) unstable; urgency=medium + + * sssd-common.postinst: Remove duplicate logrotate file on update. + (LP: #1249772) + * control, libsystemd.diff: Transition to libsystemd, thanks Michael + Biebl! (Closes: #791909) + + -- Timo Aaltonen <tjaalton@debian.org> Tue, 21 Jul 2015 15:04:25 +0300 + +sssd (1.12.5-1) unstable; urgency=medium + + * New upstream release. + * Let uscan verify upstream tarballs. + * control: Bump policy to 3.9.6, no changes. + + -- Timo Aaltonen <tjaalton@debian.org> Fri, 12 Jun 2015 22:36:52 +0300 + +sssd (1.12.4-1) experimental; urgency=medium + + * New upstream release. + * apparmor-profile: Updated. (LP: #1421110) + * control: Add new build-depends; cifs-utils, libaugeas-dev, + libnfsidmap-dev, libsmbclient-dev, systemd. + * control, .install: Add libwbclient-sssd{,-dev}. + * control, .install: Add libsss-simpleifp{0,-dev}. + * fix-automake-compat.diff, fix-catchchild.diff: Dropped, upstream. + * rules: Use max-parallel=1 for dh_auto_install. + * sssd-common.install: Add files for NFS v4 client. + * sssd-ad.install: Add new files. + * sssd-ipa.install: Add selinux_child. + * sssd-dbus: Add libsss_config.so. + * sssd-common: Add cifs idmap plugin, semanage library and krb5 + localauth plugin. + * rules: Add a placeholder to not modify permissions of + {krb5,ldap,selinux}_child. + * control: Add libsystemd-login-dev to build-depends. + * control: Add libnss-wrapper and libuid-wrapper to build-depends. + * rules: Use automake native verbosity for tests, and bump + CK_TIMEOUT_MULTIPLIER. + + -- Timo Aaltonen <tjaalton@debian.org> Thu, 09 Apr 2015 23:56:01 +0300 + +sssd (1.11.7-3) unstable; urgency=medium + + * libsss-sudo.postrm: Delete sudoers line from nsswitch.conf, if only + files source left. (Closes: #749722) + * libsss-sudo.postinst: Fix comments. + * libsss-sudo.postinst: Check nsswitch sudoers entry unconditionally, + so that it is added on upgrade too if missing. + + -- Timo Aaltonen <tjaalton@debian.org> Fri, 16 Jan 2015 13:53:22 +0200 + +sssd (1.11.7-2) unstable; urgency=medium + + * default, upstart.in: Upstream ticket #2312 is fixed now, so drop the + workaround to run the daemon in the foreground. (Closes: #760353) + * fix-automake-compat.diff: Added an upstream commit to fix configure + with new automake. + * fix-catchchild.diff: Fix build failure with samba 4.1.13, bump + samba-dev build-dependency to match. + + -- Timo Aaltonen <tjaalton@debian.org> Thu, 30 Oct 2014 14:49:05 +0200 + +sssd (1.11.7-1) unstable; urgency=medium + + * New upstream release. + * sssd-common.install, sssd-dbus.install: Add new sss_signal helper + and the dbus service using it. + * fix-obsolete-target.diff: Drop syslog.target from the service file. + * libnss-sss.post*: Add sss entry to shadow and services on + nsswitch.conf. (Closes: #761173) + + -- Timo Aaltonen <tjaalton@debian.org> Wed, 24 Sep 2014 07:08:04 +0300 + +sssd (1.11.6-1) unstable; urgency=medium + + * New upstream release. + * control: Update my email. + * control: Update vcs urls. + * libnss-sss.postrm: Check DPKG_MAINTSCRIPT_PACKAGE_REFCOUNT before + removing sss entry from nsswitch.conf. (Closes: #748671) + * libpam-sss.prerm: Check DPKG_MAINTSCRIPT_PACKAGE_REFCOUNT before + running pam-auth-update --remove. + * control: Mark libkeyutils-dev, libselinux-dev, libsemanage-dev, + libnl*-dev build-deps as linux-any, as a preliminary step to build + on kfreebsd-*. + * Run wrap-and-sort. + * sssd-dbus: Add a new subpackage for the D-Bus responder. + * control: Demote libsasl2-modules-ldap to Suggests for sssd-ldap. + * generate-config: Bring it back for convenience, but don't run it on + postinst. + * sssd-common.postinst: Remove obsolete config upgrade. + + -- Timo Aaltonen <tjaalton@debian.org> Tue, 19 Aug 2014 09:15:13 +0300 + +sssd (1.11.5.1-2) unstable; urgency=medium + + * control: Drop libcmocka-dev and check from build-depends again so + that the package will build on every arch. Test failures will be + fixed in a future upload. + + -- Timo Aaltonen <tjaalton@debian.org> Thu, 14 Aug 2014 02:22:57 +0300 + +sssd (1.11.5.1-1) unstable; urgency=medium + + [ Stéphane Graber ] + * Fix upstart job to provide a proper stdin for sssd. + * Update defaults to always pass -i. + + [ Timo Aaltonen ] + * New upstream release. (Closes: #745664) + * control: Bump libkrb5-dev build-dependency to 1.12 due to the OTP + features. + + -- Timo Aaltonen <tjaalton@ubuntu.com> Fri, 09 May 2014 14:50:12 +0300 + +sssd (1.11.5-1) unstable; urgency=medium + + * New upstream bugfix release. (Closes: #729982) + * upstart: Run the daemon in foreground and drop expect fork from the + job, should fix issues with upstart getting confused when a backend + fails to start. + + -- Timo Aaltonen <tjaalton@ubuntu.com> Tue, 08 Apr 2014 23:39:20 +0300 + +sssd (1.11.4-1) unstable; urgency=low + + * New upstream release. + * control, rules: Add libcmocka-dev and re-add check to build-depends. + Override dh_auto_test so that it shows the test error log if they fail. + * rules: Fix the manpage date handling with a bigger hammer, and + enable it for all manpages not just pam_sss.8. (Closes: #734083) + * Drop an obsolete lintian override from libsss-sudo. + + -- Timo Aaltonen <tjaalton@ubuntu.com> Fri, 21 Mar 2014 13:28:38 +0200 + +sssd (1.11.3-1) unstable; urgency=low + + * New upstream release. + * control: Update policy to 3.9.5, no changes. + + -- Timo Aaltonen <tjaalton@ubuntu.com> Fri, 03 Jan 2014 00:01:29 +0200 + +sssd (1.11.2-1) unstable; urgency=low + + * New upstream release. + * rules, sssd-common.install: Use the correct path for the systemd + service file. + * control: Build depend on libpam0g-dev | libpam-dev. + + -- Timo Aaltonen <tjaalton@ubuntu.com> Tue, 19 Nov 2013 15:22:27 +0200 + +sssd (1.11.1-1) unstable; urgency=low + + * New upstream release. + * sssd-common.postinst, generate-config: Don't create a config on install, + drop generate-config. (Closes: #717587) + * sssd-common.postrm: Remove /etc/apparmor.d too, if empty. + * control, rules, sssd-common.install: Install the systemd service + file provided by upstream. + * control: Drop M-A: foreign from sssd-* and add back to sssd instead. + * control: Don't hardcode 'multiarch-support'. + * control: Drop unnecessary multiarch declarations. + * control: Drop obsolete Breaks/Conflicts. + * rules: Enable parallel build. + * control: Add libltdl-dev to build-depends. + * control: Prepare for new unified samba package, adjust build- + dependencies. Thanks, Ivo De Decker! (Closes: #725992) + + -- Timo Aaltonen <tjaalton@ubuntu.com> Tue, 06 Aug 2013 17:04:28 +0300 + +sssd (1.10.0-1) unstable; urgency=low + + [ Timo Aaltonen ] + * New upstream release (Closes: #693054, #705357, #711101) + * Update the packaging for the new version, thanks Esko Järnfors! + - Add libsss-idmap0, libsss-idmap-dev packages + - Add sssd Depends on libsss-idmap0 + - Add /var/lib/sss/mc directory for the new mmap cache + * Split authentication providers to separate packages and make sssd + a metapackage. + * control: Drop libunistring-dev from build-depends and add libglib2.0-dev + for unicode support. + * sssd-*.install: Install new manpages. + * python-sss.install: py-files got moved under SSSDConfig. + * control, rules: Use default build flags, bump dpkg-dev build-dep to + 1.16.1~. + * rules: Install the apparmor profile with -m644. + * python-sss: Add pysss_murmur.so. + * rules, control, sssd-ad-common.install: PAC responder support. + - Add libndr-dev, libndr-standard-dev, libsamba-util-dev, samba4-dev, + libdcerpc-dev to build-depends + - Add -I/usr/include/samba-4.0 to CFLAGS + * control: Mark sssd-common as Multi-Arch: foreign. + * watch: Add a comment about the upstream git tree. + * Replace perl snippet from libnss-sss.post* with sed, drop perl from + Depends. (Closes: #686237) + * compat: Bump compat to 9. + * rules: Set DEB_HOST_MULTIARCH, drop --libdir and remnants of cdbs. + * sssd-common.install: Install the support binaries under the multiarch path. + * rules,sssd-common.postinst: Move generate-config to /usr/share/sssd. + * rules, sssd-common.install: Use the correct install path for the + krb5_locator plugin. + * libnss-sss.postinst: SSSD doesn't handle shadow maps, so don't pretend + that it would. + * libsss-sudo*, control: Remove the soname from the library, move .so to + the libsss-sudo, drop -dev package. + * rules: Pass --datadir, so the path in autogenerated python files is + correctly substituted. (LP: #1079938) + * sssd-krb5-common.dirs: Add krb5 include dir. + * fix-cve-2013-0219*.diff, -0220.diff: Dropped, included upstream. + * libsss-sudo.postrm: Run ldconfig on remove/purge. + * apparmor-profile: Fix the profile to use the multiarch path for it's + helper location (LP: #1175317). + * Add packaging for libsss-nss-idmap0, libsss-nss-idmap-dev, + python-libsss-nss-idmap. + * watch: Updated to work with alpha/beta releases. + * control: Migrate to libnl-3 now that it's supported. (Closes: #688174) + * sssd-common.{preinst,postrm}: Install the apparmor profile in force-complain + mode on install, and remove the profile directory on purge (if empty). Also + migrate from previous setup which installed it as disabled. + (Closes: #676140) + * control: Bump policy to 3.9.4, no changes. + * control: Add libpam-pwquality (>= 1.2.2-1) to libpam-sss depends, which + makes the password stack work in all cases. (LP: #1159983) + * control: Drop check from build-depends for now, to work around a linking bug + in check (#712140) that makes the tests fail on (at least) i386. + + [ Stéphane Graber ] + * Add postinst/postrm script for libsss-sudo. Those will add a "sudoers" + entry to /etc/nsswitch.conf upon first installation of the package and + will then take care of adding/removing sss from the stack as required. + * Set CK_DEFAULT_TIMEOUT to 30 so that slower buildds (armhf at least) can + run the tests without hitting the default 4s timeout. + + -- Timo Aaltonen <tjaalton@ubuntu.com> Fri, 05 Jul 2013 14:53:06 +0300 + +sssd (1.8.4-2) unstable; urgency=low + + * fix-cve-2013-0219-1.diff, fix-cve-2013-0219-2.diff, + fix-cve-2013-0220.diff: Upstream commits from the stable tree to fix + recent CVE reports. (Closes: #698871) + + -- Timo Aaltonen <tjaalton@ubuntu.com> Wed, 27 Feb 2013 23:38:28 +0200 + +sssd (1.8.4-1) unstable; urgency=low + + * New upstream bugfix release 1.8.2. + - Several fixes to case-insensitive domain functions + - Fix for GSSAPI binds when the keytab contains unrelated + principals + - Fixed several segfaults + - Workarounds added for LDAP servers with unreadable RootDSE + - SSH knownhostproxy will no longer enter an infinite loop + preventing login + - The provided SYSV init script now starts SSSD earlier at startup + and stops it later during shutdown + - Assorted minor fixes for issues discovered by static analysis + tools + * New upstream bugfix release 1.8.3. + - Numerous manpage and translation updates + - LDAP: Handle situations where the RootDSE isn't available anonymously + - LDAP: Fix regression for users using non-standard LDAP attributes for + user information + * New upstream bugfix release 1.8.4. (LP: #981125, #985031) + - Fix a bug causing AD servers not to fail over properly when the KDC + on the primary server is down + - Fix an endianness bug on big-endian systems when looking up services + - Fix a segfault dealing with nested groups (LP: #981125) + - Make the nowait cache updates work for netgroups + - Fix a regression that broke domains with use_fully_qualified_names = True + (LP: #985031) + * control: Move the dependency of libsasl2-modules-gssapi-mit to + Recommends. + * control: sssd works with Heimdal gssapi modules too, add + libsasl2-modules-gssapi-mit as an option for the Recommends. + (LP: #966146) + * libpam-sss.pam-auth-update: + - Drop the dependency to 128, since pam_sss should always be below + pam_unix. (LP: #957486) + - Drop 'use_authtok' from the password stack, since it only works when + pam_cracklib is installed. This will allow password changes on the + default install. + * sssd.postrm: Try to remove /etc/sssd only if it exists. + (Closes: #666226) + * Add disabled by default Apparmor profile (LP: #933342) + - debian/sssd.upstart.in: load the profile during pre-start + - add debian/apparmor-profile, install to /etc/apparmor.d + - debian/rules: use dh_apparmor to install profile before sssd is + restarted + - debian/control: sssd Suggests apparmor (>= 2.3) + - debian/control: Add dh-apparmor to build-depends + - debian/sssd.preinst: disable profile on clean install or upgrades + from earlier than when we shipped the profile + * rules: Mangle the date stamp on pam_sss.8 so that the compressed file is + identical across all archs. (Closes: #670019) + * control: Add build-depends on libnl-dev to enable Netlink support. + * control: Add build-depends on libkeyutil-dev to enable support for + kernel keyring manipulation. + * sssd.logrotate: Rotate logs weekly, keep four previous rotations. + (Closes: #672984) + * sssd.upstart.in: Delete an invisible control character from the pre-start + script. (LP: #1003845) + + -- Timo Aaltonen <tjaalton@ubuntu.com> Fri, 01 Jun 2012 11:43:42 +0300 + +sssd (1.8.1-1) unstable; urgency=low + + * New maintainer, Debian SSSD Team. (Closes: #660985) + + [ Timo Aaltonen ] + * New upstream release (1.8.1) (Closes: #647980, #624194, #639965) + - Support for the service map in NSS + - Support for setting default SELinux user context from FreeIPA + - Support for retrieving SSH user and host keys from LDAP (Experimental) + - Support for caching autofs LDAP requests (Experimental) + - Support for caching SUDO rules (Experimental) + * Update build-deps: + - Add libunistring-dev, libdhash-dev, libcollection-dev and + libini-config-dev. + - Add check for unit tests. + - Drop cvs and python-central. + - Migrate to dh, drop cdbs build-dep, add quilt, dh-autoreconf and + autopoint to build-deps. + * Add new packages: + - libipa-hbac0, libipa-hbac-dev, libsss-sudo0, libsss-sudo-dev, + and python-libipa-hbac. + - Split sssd-tools: add Breaks/Replaces sssd (<< 1.8.0~beta3-1) and + add to sssd Suggests + * Drop patch to ensure LDAP authentication never accept a zero + length password, which is now included upstream. + * sssd.upstart.ubuntu: + - Don't start before net-device-up. (LP: 812943) + - Source /etc/default/sssd. (LP: 812943) + * sssd.default: Added a file to include the sssd daemon defaults, + currently has '-D -f'. + * sssd.init: Drop separate OPTIONS, '-D' comes from /etc/default/sssd + now.. + * rules: Install the Python API files to /usr/share/sssd, as discussed + with upstream. (LP: 859611) + * fix-python-api-path.dpatch: Use the new location for the API files. + (LP: 859611) + * libpam-sss.pam-auth-update: + - Add 'forward_pass' to auth stack to fix ecryptfs mounts. (LP: 826643) + - Add pam_localuser.so to account stack to allow local users to log in. + (LP: 860488) + * control: sssd now Recommends libpam-sss and libnss-sss, since sssd is + mostly useless without them. (LP: 767337) + * control, compat: Bump debhelper build-dep and compat level to 8. + * Switch patch-system to quilt. + * Do not install a working config file by default. The local domain + definition was broken (upstream #1014). The daemon will need to be + configured by other means before it's usable. + * Add support for Multi-Arch (Closes: #634123). + * Remove unnecessary libnss-sss.links. + * libnss-sss.overrides: Add an override for + "package-name-doesnt-match-sonames". + * Determine the used init system during build, add lsb-release to + build-deps. Default to sysvinit, use upstart if Ubuntu. + * sssd.upstart.in: Test if the config file exists, and exit if not. + * Fail gracefully if invoke-rc.d returns an error on postinst/prerm, like + when the daemon fails to start when there is no config file. + * sssd.init.in: Check that /etc/default/sssd is a real file before sourcing + it (Closes: #587895). + * control: Add libsasl2-modules-gssapi-mit and libsasl2-modules-ldap to + Recommends for sssd. + * rules: Move the rule for purging .la files before dh_install + (Closes: #633206). + * sssd.install: Fix the wildcard for plugins to include .so symlinks. + * rules: Add configure flags + - Disable RPATH + - Disable building static libs + - Enable ssh user and host key retrieval, autofs request + and sudo rules caching. The respective packages need to add support + for these to be useful. + * Drop fix-python-api-path.patch, included upstream. + * sssd.examples: Install the renamed example config. + * rules: Drop special handling of the sssd.api.d, upstream uses + the proper path now. + * rules: Add --fail-missing to dh_install. + * sssd.install: Add new files. + * libpam-sss.install, control: Move pam_sss.8 to the correct package, + add Breaks/Replaces. + * rules: Remove some files we don't want to install, to make dh_install + happy. + * rules: Clean po/*.gmo, po/stamp-po and *.pyc. + * Install lintian overrides using dh_lintian. + * {sssd,libnss-sss}.lintian-overrides: Update. + * Move libsasl2-modules-gssapi to sssd Depends to make sure it gets + installed, as it's needed in most cases. + * control: Update maintainer address and repo location. + * control: Bump the Standards-Version to 3.9.3, no changes. + * control: Bump the debhelper build-dep to 9. + * control: Add ${misc:Depends} to libipa-hbac*, libsss-sudo*. + * control, rules: Migrate to dh_python2 (Closes: #617071). + * control: Add myself to uploaders. + + [ Petter Reinholdtsen ] + * New upstream version 1.2.4: + - Resolves long-standing issues related to group processing with + RFC2307bis LDAP servers. + - Fixed bugs in RFC2307bis group memberships related to initgroups + (Closes: #595564). + - Fix tight-loop bug on systems with older OpenLDAP client + libraries (such as Red Hat Enterprise Linux 5) + * New Upstream Version 1.2.3: + - Resolves CVE-2010-2940. + * New Upstream Version 1.2.2: + - The LDAP provider no longer requires access to the LDAP + RootDSE. If it is unavailable, we will continue on with our best + guess. + - The LDAP provider will now log issues with TLS and GSSAPI to the + syslog. + - Significant performance improvement when performing initgroups + on users who are members of large groups in LDAP. + - The sss_client will now reconnect properly to the SSSD if the + daemon is restarted. + * This resolves an issue causing GDM to crash when logging out + of a user after the SSSD had been restarted. + * Correct package description for python-sss (Closes: #596215). + * Update Standards-Version from 3.8.4 to 3.9.1. No changes needed. + + [ Stéphane Graber ] + * Fix prerm invoke_failure hook to simply return as empty functions + are invalid shell syntax. + + -- Timo Aaltonen <tjaalton@ubuntu.com> Thu, 22 Mar 2012 13:28:27 +0200 + +sssd (1.2.1-4.4) unstable; urgency=low + + * Non-maintainer upload. + * Fix FTBFS with -Werror=format-security. Thanks Philippe De Swert for patch. + (Closes: #643806). + + -- Hector Oron <zumbi@debian.org> Sun, 19 Feb 2012 19:33:04 +0000 + +sssd (1.2.1-4.3) unstable; urgency=medium + + * Non-maintainer upload. + * Adjust install path to consider GNU triplet (Closes: #640626). + + -- Luca Falavigna <dktrkranz@debian.org> Tue, 20 Sep 2011 20:02:34 +0200 + +sssd (1.2.1-4.2) unstable; urgency=low + + * Non-maintainer upload. + * debian/sssd.install + - updated location for ldb modules; Closes: #618159 + + -- Sandro Tosi <morph@debian.org> Fri, 03 Jun 2011 23:53:59 +0200 + +sssd (1.2.1-4.1) unstable; urgency=medium + + * Non-maintainer upload by the Security Team + * Fix CVE-2010-4341 (Closes: #610032) + + -- Moritz Muehlenhoff <jmm@debian.org> Tue, 25 Jan 2011 22:09:21 +0100 + +sssd (1.2.1-4) unstable; urgency=low + + * Add patch from Stephen Gallagher to ensure LDAP authentication + never accept a zero length password (Closes: #594413). Solves + CVE-2010-2940. + + -- Petter Reinholdtsen <pere@debian.org> Wed, 25 Aug 2010 22:33:40 +0200 + +sssd (1.2.1-3) unstable; urgency=low + + [ Petter Reinholdtsen ] + * Look for /etc/default/sssd, not /etc/defaults/sssd in init.d + script (Closes: #588252). + * Make sssd.conf generation more robust, and make sure missing SRV + records are ignored and not handled as host names. + * Add code in generate-config to look up Kerberos realm using + _kerberos TXT record in DNS if it exist. + * Recommend bind9-host used by generate-config for SRV and TXT + lookups. + + [ Morten Werner Forsbring ] + * Check if /etc/default/sssd is a file and executable, not a directory, + before sourcing in init-script. Thanks to lintian. + + -- Morten Werner Forsbring <werner@debian.org> Thu, 12 Aug 2010 16:31:14 +0200 + +sssd (1.2.1-2) unstable; urgency=low + + * Make sure init.d script sources /etc/default/sssd (Closes: #588252). + * Drop /etc/default/sssd from package, to avoid conffile question + from dpkg during upgrades. + * Make sure to only remove obsolete sssd conffiles on upgrades, not + on first time installation. + * Add new script generate-config and call it from the sssd postinst + during first time installation to try to generate the sssd.conf + file dynamically for LDAP and Kerberos using DNS entries, and fall + back to the static example configuration if this fail. + * Let sssd suggest libnss-sss and libpam-sss, to make those + installing sssd aware of the other packages. + * Add netgroup to nsswitch.conf entries added at first time + installation, to make sure those installing now get working + netgroups when sssd get netgroup support + * Let sssd recommend ldap-utils as ldapsearch is used for generating + the configuration. + + -- Petter Reinholdtsen <pere@debian.org> Fri, 06 Aug 2010 23:44:26 +0200 + +sssd (1.2.1-1) unstable; urgency=low + + [ Petter Reinholdtsen ] + * Move calls to pam-auth-update from the package scripts in sssd to + libpam-sss, and correct prerm call to remove the correct pam config. + Add versioned dependency on libpam-runtime to make sure + pam-auth-update is available. + * Add code to the postinst and postrm of libnss-sss to update + passwd, group and shadow entries in /etc/nsswitch.conf. + * Make sure init.d/sssd start after $named, to ensure it can look up + in DNS also when the DNS server is on the local machine. + + [ Morten Werner Forsbring ] + * New upstream release. + + -- Morten Werner Forsbring <werner@debian.org> Thu, 24 Jun 2010 14:16:30 +0200 + +sssd (1.2.0-1) unstable; urgency=low + + [ Petter Reinholdtsen ] + * New upstream release. + - Add libsemanage1-dev as build dependency, as it is now required. + - Drop python-build-with-deb-layout.dpatch, now handled upstream. + - Adjust provide-default-working-sssd-config-file.dpatch to + work with new package source layout and config file content. + - Adjust build rules to cope with server/ changing to src/ in the + source tarball. + - Add --enable-krb5-locator-plugin to keep building the plugin. + * Change the pam-auth-update configuration to make the session + script optional instead of sufficient, to make sure the other + session modules are executed too. + * Change initial pam password entry from requisite to sufficient, + to make sure local users can have their password set even if + sssd is enabled. + * Rename pam-configs/sssd to pam-configs/sss, to have a name that + is consistent with the package name libpam-sss. + * Add VCS links to the GIT repository. + * Move configuration API documentation from /etc/sssd/ to + /usr/share/doc/sssd/. It is not configuration and do not belong + in /etc/. + * Drop autoconf, automake, libtool, m4 and autotools-dev from + build-depends. There is no need to regenerate the build files any + more. + + [ Morten Werner Forsbring ] + * Add dnsutils as build-dependency. + + -- Morten Werner Forsbring <werner@debian.org> Tue, 01 Jun 2010 20:41:59 +0200 + +sssd (1.0.5-1) unstable; urgency=low + + * Initial upload based on package from Ubuntu (Closes: #579593). + * Update standards-version from 3.8.3 to 3.8.4. No changes needed. + * Add init.d script and rename sssd.upstart to sssd.upstart.ubuntu + to make sure init.d script is installed instead of upstart job. + * Add draft pam-auth-update configuration based on proposals in + Launcepad bug #557398. + * Update address to FSF in copyright file. Thanks lintian. + * Set section for python-sss to python after advice from lintian. + * Rewrite python-build-with-deb-layout.dpatch to patch Makefile.in + instead of Makefile.am, to avoid having to run autoreconf. + * Make sssd depend on python for its upgrade script. + * Extend clean rule to remove generated file server/config/.files. + * Make sure sssd.api.conf is installed into the sssd package, and + put it in /etc/sssd/sssd.api.conf. Fixes typo in Ubuntu package. + + -- Petter Reinholdtsen <pere@debian.org> Wed, 05 May 2010 21:53:29 +0200 + +sssd (1.0.5-0ubuntu1) lucid; urgency=low + + * New upstream bugfix release. (LP: #510290) + * sssd.dirs: Add /var/lib/sss/pubconf (LP: #557394) + + -- Timo Aaltonen <tjaalton@ubuntu.com> Fri, 16 Apr 2010 11:37:16 +0300 + +sssd (1.0.2-0ubuntu2) lucid; urgency=low + + * No change rebuild due to libldb downgrade + + -- Scott Kitterman <scott@kitterman.com> Fri, 02 Apr 2010 17:48:19 -0400 + +sssd (1.0.2-0ubuntu1) lucid; urgency=low + + * New upstream release (LP: #473262): + - python API for managing sssd daemon configuration and + native SSSD users. + - support for asynchronous cache refreshes. + - support password changing in LDAP and Kerberos providers. + - support for server failover. + * debian/control: + - update tdb build dependency to use libtdb-dev. + - add libselinux1-dev and libsasl2-dev build dependencies. + * debian/sssd.upstart: replace init script with an upstart job. + * Turn sssd.conf into a configuration file. + * Create sssd log directory. + + -- Mathias Gug <mathiaz@ubuntu.com> Tue, 19 Jan 2010 15:17:13 -0500 + +sssd (0.5.0-0ubuntu2) karmic; urgency=low + + * debian/libnss-sss.overrides, debian/sssd.overrides: + + Fix linitian errors and warnings (LP: #425697): + sssd ships an nss library - these are false-positives. + * debian/fix-dbus-watch.dpatch: Update dbus-patch to final + upstream version. + * debian/fix-proxy-segfault.dpatch: Fix proxy enumeration. + + -- Mathias Gug <mathiaz@ubuntu.com> Wed, 09 Sep 2009 20:21:04 -0400 + +sssd (0.5.0-0ubuntu1) karmic; urgency=low + + * Initial release. + + -- Mathias Gug <mathiaz@ubuntu.com> Mon, 24 Aug 2009 16:35:11 -0400 |