1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
|
sssd (2.9.4-2~progress7.99u1) graograman-backports; urgency=medium
* Uploading to graograman-backports, remaining changes:
- Updating maintainer field.
- Updating uploaders field.
- Updating bugs field.
- Updating vcs fields.
- Reverting t64 migration for backports.
* Merging debian version 2.9.4-2.
-- Daniel Baumann <daniel.baumann@progress-linux.org> Fri, 19 Apr 2024 07:35:25 +0200
sssd (2.9.4-2) unstable; urgency=medium
[ Michael Biebl ]
* Install PAM and NSS modules into /usr. (Closes: #1061350)
[ Timo Aaltonen ]
* tests: Drop -extensions from openssl command if there is no -x509.
Thanks, Sebastian Andrzej Siewior! (Closes: #1061869)
-- Timo Aaltonen <tjaalton@debian.org> Wed, 10 Apr 2024 15:56:46 +0300
sssd (2.9.4-1.1~progress7.99u1) graograman-backports; urgency=medium
* Uploading to graograman-backports, remaining changes:
- Updating maintainer field.
- Updating uploaders field.
- Updating bugs field.
- Updating vcs fields.
* Merging debian version 2.9.4-1.1.
* Reverting t64 migration for backports.
-- Daniel Baumann <daniel.baumann@progress-linux.org> Fri, 19 Apr 2024 07:34:58 +0200
sssd (2.9.4-1.1) unstable; urgency=medium
* Non-maintainer upload.
* Rename libraries for 64-bit time_t transition. Closes: #1063074
-- Benjamin Drung <bdrung@debian.org> Thu, 29 Feb 2024 17:27:43 +0000
sssd (2.9.4-1~progress7.99u1) graograman-backports; urgency=medium
* Initial reupload to graograman-backports.
* Updating maintainer field.
* Updating uploaders field.
* Updating bugs field.
* Updating vcs fields.
-- Daniel Baumann <daniel.baumann@progress-linux.org> Fri, 19 Apr 2024 07:32:49 +0200
sssd (2.9.4-1) unstable; urgency=medium
[ Sergio Durigan Junior ]
* Improve certificate/smartcard dep8 tests.
- d/t/control: Don't depend on "needs-sudo" restriction, since the
tests don't really use "sudo" selectively but rather rely on a normal
user being setup as a side effect of "needs-sudo". Instead, we can
use "needs-root".
- d/t/sssd-smart-card-pam-auth-configs-tester.sh,
d/t/sssd-softhism2-certificates-tests.sh: Use
"${AUTOPKGTEST_NORMAL_USER}" instead of "$SUDO_USER".
[ Timo Aaltonen ]
* New upstream release.
* control: Migrate to systemd-dev. (Closes: #1060512)
* rules, install: Use systemdsystemunitdir.
-- Timo Aaltonen <tjaalton@debian.org> Thu, 18 Jan 2024 12:04:33 +0200
sssd (2.9.2-1) unstable; urgency=medium
[ Timo Aaltonen ]
* New upstream release.
* control, rules: Add bc to build-depends, enable tests again.
[ Marco Trevisan (Treviño) ]
* debian: Add pam-auth-update SSSD Smart card configurations
* debian/tests: Add tests for smart card verification
-- Timo Aaltonen <tjaalton@debian.org> Fri, 15 Sep 2023 11:18:38 +0300
sssd (2.9.1-2) unstable; urgency=medium
[ Sergio Durigan Junior ]
* Enable files provider.
SSSD 2.9.0 has deprecated "id_provider = files", but that's still
needed for smartcard authentication of local users.
- d/rules: Build with "--with-files-provider".
- d/sssd-common.install: Install libsss_files.so and sssd-files.5.
(Closes: #1041438) (LP: #2028084)
* d/rules: Remove deprecated options "--disable-files-domain".
-- Timo Aaltonen <tjaalton@debian.org> Tue, 25 Jul 2023 15:01:14 +0300
sssd (2.9.1-1) unstable; urgency=medium
* New upstream release.
* libnss-sss.postinst: Migrate to use 'case' like the other postinsts.
* patches: Drop an upstreamed patch.
* Drop deprecated simple-ifp library and files provider.
* control, rules: Add sssd-passkey, and libfido2-dev to build-depends.
* ci: Allow piuparts to fail, because handling of nsswitch.conf ownership
is broken.
-- Timo Aaltonen <tjaalton@debian.org> Tue, 04 Jul 2023 08:48:49 +0300
sssd (2.8.2-4) unstable; urgency=medium
[ Sam Morris ]
* Don't add subid to /etc/nsswitch.conf (Closes: #1032990)
-- Timo Aaltonen <tjaalton@debian.org> Tue, 11 Apr 2023 15:19:36 +0300
sssd (2.8.2-3) unstable; urgency=medium
[ Gioele Barabucci ]
* d/libnss-sss.nss: Update to `database-add`
* d/libsss-sudo.nss: Install `sss` service for sudoers via dh-nss (Closes: #783889)
* d/libsss-sudo.post{inst,rm}: Remove now that the services are installed via dh-nss
* d/sssd-common.nss: Use new directive name `database-add`
* Install dbus policy in /usr instead of /etc (Closes: #1031547)
[ Sam Morris ]
* sssd-common: add lintian overrides for libsubid_sss.so
-- Timo Aaltonen <tjaalton@debian.org> Sun, 26 Feb 2023 16:35:48 +0200
sssd (2.8.2-2) unstable; urgency=medium
[ Sam Morris ]
* Ship libsubid_sss.so in sssd-common package
-- Timo Aaltonen <tjaalton@debian.org> Tue, 14 Feb 2023 17:48:19 +0200
sssd (2.8.2-1) unstable; urgency=medium
* New upstream release.
-- Timo Aaltonen <tjaalton@debian.org> Tue, 14 Feb 2023 17:40:37 +0200
sssd (2.8.1-2) unstable; urgency=medium
* d/rules: Fix 'find' syntax to remove '*.egg-info' files/directories.
(Closes: #1026490)
-- Sergio Durigan Junior <sergiodj@debian.org> Tue, 03 Jan 2023 16:36:00 -0500
sssd (2.8.1-1) unstable; urgency=medium
* New upstream release.
* watch: Updated for current github behaviour.
* support-krb5-1.20.diff: Dropped, upstream.
-- Timo Aaltonen <tjaalton@debian.org> Wed, 23 Nov 2022 10:10:41 +0200
sssd (2.7.4-1) unstable; urgency=medium
[ Timo Aaltonen ]
* New upstream release.
* control: Add bind9-dnsutils to sssd-common Recommends, and rename
dnsutils build-dep. (Closes: #1018144)
[ Sergio Durigan Junior ]
* Simplify logic to add "automount" database into nsswitch.
- d/libnss-sss.nss: Add "automount database" directive.
- d/libnss-sss.postinst: Remove logic to insert "automount" database
into nsswitch; not necessary anymore now that the package uses dh-nss.
-- Timo Aaltonen <tjaalton@debian.org> Thu, 22 Sep 2022 15:34:06 +0300
sssd (2.7.3-2) unstable; urgency=medium
[ Timo Aaltonen ]
* patches: Allow building the pac_responder with krb5 1.20. (Closes:
#1016220)
[ Gioele Barabucci ]
* d/libnss-sss.post{inst,rm}: Add DPKG_ROOT support
* d/libnss-sss.postinst: Fix use of outdated `automounter` instead of `automount`
* d/libnss-sss.nss: Install NSS service `sss` via dh_installnss
-- Timo Aaltonen <tjaalton@debian.org> Wed, 17 Aug 2022 16:46:47 +0300
sssd (2.7.3-1) unstable; urgency=medium
* New upstream release.
-- Timo Aaltonen <tjaalton@debian.org> Wed, 06 Jul 2022 08:52:58 +0300
sssd (2.7.2-3) unstable; urgency=medium
* d/p/fix-shebang-on-sss_analyze.patch: Fix shebang on sss_analyze.
-- Sergio Durigan Junior <sergiodj@debian.org> Wed, 22 Jun 2022 11:00:11 -0400
sssd (2.7.2-2) unstable; urgency=medium
* rules, install: Fix python install directory. (LP: #1979453)
-- Timo Aaltonen <tjaalton@debian.org> Wed, 22 Jun 2022 16:54:42 +0300
sssd (2.7.2-1) unstable; urgency=medium
* New upstream release.
* pac-relax-default-for-pac_check-option.diff: Dropped, upstream.
-- Timo Aaltonen <tjaalton@debian.org> Wed, 22 Jun 2022 13:19:27 +0300
sssd (2.7.1-2) unstable; urgency=medium
* pac-relax-default-for-pac_check-option.diff: Drop pac_present from
default PAC check. (Closes: #1012502)
-- Timo Aaltonen <tjaalton@debian.org> Thu, 09 Jun 2022 10:19:37 +0300
sssd (2.7.1-1) unstable; urgency=medium
* New upstream release.
* control: Drop sssd-ipd from sssd-ipa depends.
* sssd-common.install: Add a new manpage.
-- Timo Aaltonen <tjaalton@debian.org> Mon, 06 Jun 2022 16:32:34 +0300
sssd (2.7.0-1) unstable; urgency=medium
* New upstream release.
* Update signing-key.asc.
* source: Update diff-ignores.
* control, rules: Add sssd-idp package, which includes plugins for
external identity providers.
* control, rules: Enable krb5 config snippets by default.
-- Timo Aaltonen <tjaalton@debian.org> Wed, 25 May 2022 12:59:05 +0300
sssd (2.6.3-3) unstable; urgency=medium
* tests: Dump the daemon status after restart, hoping to see what the
error is if it fails to start.
* rules: Drop --with-ldb-dir, use the default value from the pkgconfig
file. (Closes: #1009223)
-- Timo Aaltonen <tjaalton@debian.org> Sun, 10 Apr 2022 10:57:30 +0300
sssd (2.6.3-2) unstable; urgency=medium
* rules: Disable lto.
* Rebuild against current python-defaults. (Closes: #1008583)
-- Timo Aaltonen <tjaalton@debian.org> Tue, 29 Mar 2022 10:04:50 +0300
sssd (2.6.3-1) unstable; urgency=medium
* New upstream release.
* control: Migrate to PCRE2. (Closes: #999951)
* Update signing-key.asc.
* control: Drop python3-click from sssd-tools depends.
* sssd-tools.install: Updated.
* tests: Drop RANDFILE from tests/util. (Closes: #1001476)
-- Timo Aaltonen <tjaalton@debian.org> Fri, 11 Feb 2022 09:35:43 +0200
sssd (2.6.1-1) unstable; urgency=medium
* New upstream release.
* patches: Dropped upstream patches.
* control: Add libunistring-dev to build-depends.
* sssd-common.install: Drop libsss_secrets, removed upstream.
* tools: Add sss_analyze.
-- Timo Aaltonen <tjaalton@debian.org> Wed, 17 Nov 2021 20:33:29 +0200
sssd (2.5.2-5) unstable; urgency=medium
* control: Fix libsemanage-dev build-dep. (Closes: #998634)
-- Timo Aaltonen <tjaalton@debian.org> Mon, 08 Nov 2021 21:17:29 +0200
sssd (2.5.2-4) unstable; urgency=medium
* control: Promote libnss-sss and libpam-sss to sssd-common Depends.
(Closes: #995730)
* common: Drop old Breaks/Replaces.
-- Timo Aaltonen <tjaalton@debian.org> Mon, 11 Oct 2021 17:46:04 +0300
sssd (2.5.2-3) unstable; urgency=medium
* rules: Explicitly set sssd-user as root.
* install: Add sssd-pcsc.rules to -common.
* postinst: Correct file/dir permissions and ownership when the daemon
is run as root. (Closes: #994807)
* 0001-ad-fallback-to-ldap-if-cldap-is-not-available-in-lib.patch: Our
libldap is built without LDAP_CONNECTIONLESS, cope with that.
(Closes: #994879)
-- Timo Aaltonen <tjaalton@debian.org> Wed, 22 Sep 2021 18:54:07 +0300
sssd (2.5.2-2) unstable; urgency=medium
* rules: Disable tests for now. (Closes: #994479)
-- Timo Aaltonen <tjaalton@debian.org> Mon, 20 Sep 2021 17:38:19 +0300
sssd (2.5.2-1) unstable; urgency=medium
[ Sergio Durigan Junior ]
* d/apparmor-profile: Update profile:
- Extend read permissions to /etc/sssd/conf.d/* and /etc/gss/mech.d/*.
- Add read/execute permission to /usr/libexec/sssd/*.
[ Timo Aaltonen ]
* New upstream release. (Closes: #978904, #992815, #983795)
* fix-whitespace-test.diff: Refreshed.
* control, rules: Drop libwbclient-sssd-*, support for it was dropped upstream.
* fix_newer_autoconf.patch: Don't unset python prefix/exec-prefix.
* patches: Fix CVE-2021-3621. (Closes: #992710)
-- Timo Aaltonen <tjaalton@debian.org> Thu, 16 Sep 2021 14:51:42 +0300
sssd (2.4.1-2) unstable; urgency=medium
[ Marco Trevisan (Treviño) ]
* debian/control: Mark test packages as <!nocheck>
- Add missing test dependencies
- Enable libcmocka (and so unit tests) all the archs
* debian/rules:
- Don't run tests if nocheck is set
- Enable tests again
* debian/patches:
- Get libsofthsm2 from right path for each architecture
[ Timo Aaltonen ]
* test_ca-Look-for-libsofthsm2-in-libdir-before-falling-bac.patch:
Dropped, upstream.
-- Timo Aaltonen <tjaalton@debian.org> Wed, 10 Feb 2021 13:49:04 +0200
sssd (2.4.1-1) unstable; urgency=medium
* New upstream release.
* libpam-sss.install: Add pam_sss_gss.
-- Timo Aaltonen <tjaalton@debian.org> Wed, 10 Feb 2021 11:32:35 +0200
sssd (2.4.0-1) unstable; urgency=medium
* New upstream release.
* source: Update diff-ignore.
-- Timo Aaltonen <tjaalton@debian.org> Tue, 08 Dec 2020 22:36:54 +0200
sssd (2.3.1-3) unstable; urgency=medium
* control: Move libsss-sudo to sssd-common Suggests. (LP: #1249777)
-- Timo Aaltonen <tjaalton@debian.org> Tue, 06 Oct 2020 15:56:19 +0300
sssd (2.3.1-2) unstable; urgency=medium
* control: Add sssd-dbus to sssd-tools Recommends. (LP: #1895645)
-- Timo Aaltonen <tjaalton@debian.org> Thu, 17 Sep 2020 14:15:03 +0300
sssd (2.3.1-1) unstable; urgency=medium
* New upstream release. (Closes: #965307, #965143)
* source: Extend diff-ignore.
* rules: Set --with-libwbclient.
* control: Add libsofthsm2 to build-depends for tests.
-- Timo Aaltonen <tjaalton@debian.org> Tue, 28 Jul 2020 17:14:55 +0300
sssd (2.3.0-2) unstable; urgency=medium
* rules: Drop quilt, autoreconf from dh.
-- Timo Aaltonen <tjaalton@debian.org> Mon, 13 Jul 2020 15:49:20 +0300
sssd (2.3.0-1) unstable; urgency=medium
* New upstream release. (Closes: #964701, #964240)
* source: Migrate to 3.0 (quilt).
* source/local-options: Add files not found on upstream tarball to
extend-diff-ignore.
* rules: Use journald for logging. (Closes: #960673)
* rules: Use /run for pid-path.
* sssd-common.sssd.default: Add DEBUG_LOGGER but commented out.
* watch: Update url to github.
* Add signing-key from Pavel Březina.
* fix-946847.diff, fix-python3.8-ftbfs.diff: Dropped, upstream.
* control: Use debhelper-compat.
* control, rules: Build with openssl.
* rules: Disable tests until a failing pam upn test is sorted out.
* control: Drop quilt from build-depends.
-- Timo Aaltonen <tjaalton@debian.org> Mon, 13 Jul 2020 11:35:33 +0300
sssd (2.2.3-3) unstable; urgency=medium
* libnss-sss: Fix a typo in adding the NSS entry for automount.
(LP: #1873752)
* control, watch: Update upstream url to github.
-- Timo Aaltonen <tjaalton@debian.org> Mon, 20 Apr 2020 17:52:18 +0300
sssd (2.2.3-2) unstable; urgency=medium
* libnss-sss: Add an entry for automounter to nsswitch.conf. This is
needed by ipa-client-automount.
* Added gitlab-ci.yml.
* fix-python3.8-ftbfs.diff: Fix build against python3.8.
-- Timo Aaltonen <tjaalton@debian.org> Fri, 06 Mar 2020 21:58:28 +0200
sssd (2.2.3-1.1) unstable; urgency=medium
* Non-maintainer upload with maintainer permission.
* Fix sssd_be busy-looping when LDAP connection flickers.
(Closes: #946847)
-- Thorsten Glaser <tg@mirbsd.de> Fri, 21 Feb 2020 14:04:25 +0100
sssd (2.2.3-1) unstable; urgency=medium
* New upstream release.
* default-to-socket-activated-services.diff: Refreshed.
* sssd-ldap.install: Updated.
-- Timo Aaltonen <tjaalton@debian.org> Thu, 20 Feb 2020 13:06:35 +0200
sssd (2.2.2-1) unstable; urgency=medium
* New upstream release.
* default-to-socket-activated-services.diff: Don't enable any
services when run without a conffile.
* fix-have-systemd.diff: Dropped, upstream.
* default-to-socket-activated-services.diff: Refreshed.
* signing-key: Add key from Michal Židek.
* Get rid of all old pre/postinst file removal fluff, since that's all
obsolete by now.
* Drop python2 support. (Closes: #938566)
-- Timo Aaltonen <tjaalton@debian.org> Wed, 18 Sep 2019 15:27:44 +0300
sssd (2.2.0-4) unstable; urgency=medium
[ Sam Morris ]
* fix-have-systemd.patch: correct detection of systemd.pc
(Closes: #932080)
* default-to-socket-activated-services.diff: rely on socket activation
to spawn nss and pam responders
-- Timo Aaltonen <tjaalton@debian.org> Fri, 19 Jul 2019 18:15:41 +0300
sssd (2.2.0-3) unstable; urgency=medium
* common/ipa/krb5-common/proxy.postinst: Use libexec path. (Closes:
#931859)
-- Timo Aaltonen <tjaalton@debian.org> Fri, 12 Jul 2019 10:01:06 +0300
sssd (2.2.0-2) unstable; urgency=medium
* rules: Override dh_installman, let dh_install handle installing
manpages too.
-- Timo Aaltonen <tjaalton@debian.org> Thu, 11 Jul 2019 00:53:36 +0300
sssd (2.2.0-1) unstable; urgency=medium
* New upstream release.
* control: Bump policy to 4.4.0.
* control, compat, rules: Bump debhelper to 12.
* *.install: Updated, some files moved to /usr/libexec.
-- Timo Aaltonen <tjaalton@debian.org> Wed, 10 Jul 2019 10:14:09 +0300
sssd (2.1.0-1) experimental; urgency=medium
* New upstream release.
* sssd-tools.install: Local domain support is deprecated and not
built by default anymore, so drop the files.
* control, sssd-common.install: Secrets responder is dropped, deprecated.
* control: Add ldap-utils to build-depends, tests need it.
* sssd-common.install: Add new internal libs for iface/sbus.
* fix-whitespace-test.diff: Fix ignoring the debian dir.
* rules: Update the clean target.
-- Timo Aaltonen <tjaalton@debian.org> Mon, 27 May 2019 13:55:38 +0300
sssd (1.16.4-1~exp1) experimental; urgency=medium
[ Timo Aaltonen ]
* New upstream release. (LP: #1572908)
* Drop patches, all upstream.
* Enable systemd responders. (Closes: #925026, #923882)
[ Dominik George ]
* Acknowledge NMU.
* Add myself to Uploaders.
-- Timo Aaltonen <tjaalton@debian.org> Wed, 03 Apr 2019 09:56:33 +0300
sssd (1.16.3-3.1) unstable; urgency=high
* Non-maintainer upload.
* Fix copy_ccache test broken by recent krb5 changes. (Closes: #921761)
* Fix PAC responder build with krb5 1.17. (Closes: #923125)
-- Dominik George <natureshadow@debian.org> Sun, 24 Feb 2019 11:05:55 +0100
sssd (1.16.3-3) unstable; urgency=medium
* fix-curl-ftbfs.diff: Fix build with current curl. (Closes: #913403)
* Rebuild with python3.7. (Closes: #915199, #915168)
-- Timo Aaltonen <tjaalton@debian.org> Sun, 02 Dec 2018 11:16:57 +0200
sssd (1.16.3-2) unstable; urgency=medium
[ Jeremy Bicha ]
* Don't require libgdm-dev on s390x or non-Linux architectures
(Closes: #913030)
[ Andreas Hasenack ]
* d/t/{ldap-user-group-ldap-auth,control,login.exp,util,common-tests}: add
LDAP DEP8 test
* d/t/{util,login.exp,ldap-user-group-krb5-auth,control}: add krb5 DEP8 test
-- Timo Aaltonen <tjaalton@debian.org> Tue, 06 Nov 2018 16:55:34 +0200
sssd (1.16.3-1) unstable; urgency=medium
* New upstream release.
* control: Add python-sss to sssd-tools depends. (Closes: #905220)
* libsss-sudo: Add sss entry to nsswitch only on initial install.
(Closes: #903917)
* control: Update list address.
* disable-tests.diff: Dropped, all tests pass on a proper buildd setup
which should have /etc/{hosts,networks} populated.
-- Timo Aaltonen <tjaalton@debian.org> Wed, 22 Aug 2018 16:34:01 +0300
sssd (1.16.2-1) unstable; urgency=medium
* New upstream release. (LP: #1778554)
* control: Enable tests, add check and libcmocka-dev to build-depends.
* rules: Use samba idmap version 6.
* disable-tests.diff: Disable three tests that are known to fail in
sbuild.
* control: Drop obsolete build-depends.
* control: Update VCS urls.
* control: Drop specifying python versions.
* control: Change priority to optional.
* libsss-sudo.post*: Don't call ldconfig.
-- Timo Aaltonen <tjaalton@debian.org> Wed, 27 Jun 2018 14:07:55 +0300
sssd (1.16.1-1) unstable; urgency=medium
* New upstream release.
* common.dirs, common.postinst: Add dir for secrets with correct
permissions. (Closes: #892315)
* common: Add support for Fleet Commander, create deskprofile dir with
correct permissions.
* control: Add libgdm-dev to build-depends to support multiple
certificates.
* control, rules, common.install: Add support for systemtap.
* control: Bump policy to 4.1.3, no changes.
-- Timo Aaltonen <tjaalton@debian.org> Tue, 13 Mar 2018 11:25:00 +0200
sssd (1.16.0-5) unstable; urgency=medium
* rules: Disable files domain, it's not useful in Debian. (Closes:
#888207)
-- Timo Aaltonen <tjaalton@debian.org> Fri, 26 Jan 2018 10:42:17 +0200
sssd (1.16.0-4) unstable; urgency=medium
* Revert installing responder service/socket files again.
(Closes: #886483)
-- Timo Aaltonen <tjaalton@debian.org> Mon, 22 Jan 2018 16:50:14 +0200
sssd (1.16.0-3) unstable; urgency=medium
* Install responder service and socket files again.
-- Timo Aaltonen <tjaalton@debian.org> Thu, 04 Jan 2018 09:55:41 +0200
sssd (1.16.0-2) unstable; urgency=medium
* Enable default config. (Closes: #858968)
* Enable files domain.
-- Timo Aaltonen <tjaalton@debian.org> Mon, 25 Dec 2017 21:38:26 +0200
sssd (1.16.0-1) unstable; urgency=medium
* New upstream release.
* sysdb-sanitize-search-filter-input.diff: Dropped, upstream.
* sssd-common.install: Add sssd-session-recording.5.
* control: Depend on python3 pkgs by default. (Closes: #883178)
-- Timo Aaltonen <tjaalton@debian.org> Wed, 20 Dec 2017 11:58:50 +0200
sssd (1.15.3-3) unstable; urgency=medium
* Rebuild against new libldb. (Closes: #880013)
-- Timo Aaltonen <tjaalton@debian.org> Sun, 29 Oct 2017 09:13:42 +0200
sssd (1.15.3-2) unstable; urgency=medium
* control: Fix libipa-hbac-dev short description.
* generate-config: Update the config template. (Closes: #872787)
* sysdb-sanitize-search-filter-input.diff: Fix CVE-2017-12173.
(Closes: #877885)
-- Timo Aaltonen <tjaalton@debian.org> Thu, 12 Oct 2017 08:24:51 +0300
sssd (1.15.3-1) unstable; urgency=medium
* New upstream release.
* apparmor-profile: Add chown capability, allow one to notify systemd.
* control: Add libcurl4-gnutls-dev and uuid-dev to build depends.
* Add libsss-certmap{0,-dev} packages.
* Add sssd-kcm.
* rules: Migrate to dh_missing.
* control: Bump policy to 4.0.0, no changes.
* compat, control, rules: Bump debhelper compat to 10, drop --parallel
as it's the default now.
-- Timo Aaltonen <tjaalton@debian.org> Sat, 29 Jul 2017 11:50:41 +0300
sssd (1.15.2-1) unstable; urgency=medium
* New upstream release.
* control: Demote adcli to sssd-ad suggests.
* rules, common.install: Fix sssd_krb5_locator_plugin install path.
(LP: #1664566)
* control, copyright, watch: Update upstream URLs.
* common.install: Add libsss_files and socket activation helper.
-- Timo Aaltonen <tjaalton@debian.org> Mon, 20 Mar 2017 15:17:19 +0200
sssd (1.15.0-3) unstable; urgency=medium
* rules, install: Remove responder service and socket files for now, the
sockets weren't supposed to be enabled anyway and can cause issues.
(Closes: #854048)
-- Timo Aaltonen <tjaalton@debian.org> Sat, 04 Feb 2017 18:34:06 +0200
sssd (1.15.0-2) unstable; urgency=medium
* import-daemon-opts.diff, sssd.default: Drop the patch modifying sssd
service file, and revert the daemon options for sysvinit.
/etc/default/sssd is now only for the initscript (Closes: #852719)
-- Timo Aaltonen <tjaalton@debian.org> Thu, 26 Jan 2017 21:29:58 +0200
sssd (1.15.0-1) unstable; urgency=medium
* New upstream release. (Closes: #852450) (LP: #1566508)
* Drop upstreamed patches.
* sssd-common.sssd.default, import-daemon-opts.diff: Change default
daemon options to match current upstream.
* sssd-dbus.install: Drop libsss_config, which was removed.
* sssd-{ad,common,dbus}.install: Add systemd service and socket files
for pac, sudo, ssh, autofs, pam, nss and ifp responders.
-- Timo Aaltonen <tjaalton@debian.org> Wed, 25 Jan 2017 22:46:02 +0200
sssd (1.14.2-2.1) unstable; urgency=low
* Non-maintainer upload with maintainer approval.
* ldap-blocking.diff: Fix ldaps connections by removing NON_BLOCKING from
socket options (Closes: 849756). Patch from upstream pull request #67.
-- Petter Reinholdtsen <pere@debian.org> Tue, 24 Jan 2017 22:26:17 +0000
sssd (1.14.2-2) unstable; urgency=medium
* fix-prefix-substitution.diff: Fix IFP service file path substitution.
(LP: #1652629)
-- Timo Aaltonen <tjaalton@debian.org> Tue, 17 Jan 2017 16:39:14 +0200
sssd (1.14.2-1) unstable; urgency=medium
* New upstream release.
* control: Add adcli to sssd-ad Recommends. (LP: #1590471)
* accept-krb5-1.15.diff: Allow building PAC responder with MIT krb5
1.15. (Closes: #843385)
* common.install: Add sssd-secrets manpage.
-- Timo Aaltonen <tjaalton@debian.org> Wed, 16 Nov 2016 10:47:15 +0200
sssd (1.14.1-1) unstable; urgency=medium
* New upstream release.
* ipa-terminate-if-view-name-fails.diff,
gpo-add-unity-to-ad-gpo-map-interactive.diff:
Dropped, upstream.
* sssd-common.dirs: Add etc/sssd/conf.d for config snippets.
* control: Add libhttp-parser-dev and libjansson-dev to build-deps.
* sssd-tools.install: Add sssctl.
* sssd-common.install: Add sssd-secrets and winbind idmap plugin.
* Drop the upstart job, it was only shipped on Ubuntu which has
switched to systemd.
* rules, default, import-daemon-opts.diff: Import daemon options from
default/sssd also with systemd. (LP: #1587395)
* rules: Don't install a default config file.
-- Timo Aaltonen <tjaalton@debian.org> Wed, 05 Oct 2016 14:20:37 +0300
sssd (1.13.4-3) unstable; urgency=medium
* common: Add /var/lib/sss/gpo_cache. (LP: #1579092)
* gpo-add-unity-to-ad-gpo-map-interactive.diff: Allow logging in from
unity lockscreen. (LP: #1578415)
-- Timo Aaltonen <tjaalton@debian.org> Tue, 10 May 2016 10:39:46 +0300
sssd (1.13.4-2) unstable; urgency=medium
* ipa-terminate-if-view-name-fails.diff: Fix support for older IPA
servers. (LP: #1572582)
-- Timo Aaltonen <tjaalton@debian.org> Wed, 20 Apr 2016 16:55:24 +0300
sssd (1.13.4-1) unstable; urgency=medium
* New upstream release.
* apparmor-profile: Fixed and tidied.
-- Timo Aaltonen <tjaalton@debian.org> Wed, 30 Mar 2016 19:31:33 +0300
sssd (1.13.3-1) unstable; urgency=medium
* New upstream release.
-- Timo Aaltonen <tjaalton@debian.org> Thu, 17 Dec 2015 13:27:11 +0200
sssd (1.13.2-1) unstable; urgency=medium
* New upstream release.
* patches: Removed fix-obsolete-target.diff, fix-python-modules.diff,
both upstream now.
-- Timo Aaltonen <tjaalton@debian.org> Thu, 03 Dec 2015 21:14:29 +0200
sssd (1.13.1-2) unstable; urgency=medium
* apparmor: Fix access to krb5.include.d. (LP: #1489378)
* {krb5-common,proxy}.postinst: Chmod the correct files. (Closes:
#801537, #801538)
-- Timo Aaltonen <tjaalton@debian.org> Tue, 13 Oct 2015 16:55:47 +0300
sssd (1.13.1-1) unstable; urgency=medium
* New upstream release.
* {common,ipa,krb5,proxy}.postinst: Create a sssd system user & group,
and migrate various bits to their ownership.
* Add sssd-dbus to libsss-simpleifp0 Depends.
* ipa: Add /var/lib/sss/keytabs.
* common: Add PEM/DER conversion library.
* Add support for python3 modules.
* tools: Add sss_override.
* common: Add p11_child.
* ad: Drop libsss_ad_common, it was for tests only and not shipped
anymore.
* common: Move libsss_krb5_common here from sssd-krb5-common to satisfy
libsss_ldap_common depending on it.
* libsystemd.diff: Dropped, fixed upstream.
* fix-python-modules.diff: Don't add symlinks to python modules,
rename the built modules instead.
* rules, postinst: Avoid running dpkg-architecture in postinst and
instead mangle them in post-dh_installdeb.
* common: Add depends on adduser.
-- Timo Aaltonen <tjaalton@debian.org> Sat, 03 Oct 2015 08:38:29 +0300
sssd (1.12.5-3) unstable; urgency=medium
* sssd-common.postinst: Drop removing the old logrotate file, handle
it in sssd.maintscript instead. (Closes: #794332)
-- Timo Aaltonen <tjaalton@debian.org> Tue, 08 Sep 2015 22:47:08 +0300
sssd (1.12.5-2) unstable; urgency=medium
* sssd-common.postinst: Remove duplicate logrotate file on update.
(LP: #1249772)
* control, libsystemd.diff: Transition to libsystemd, thanks Michael
Biebl! (Closes: #791909)
-- Timo Aaltonen <tjaalton@debian.org> Tue, 21 Jul 2015 15:04:25 +0300
sssd (1.12.5-1) unstable; urgency=medium
* New upstream release.
* Let uscan verify upstream tarballs.
* control: Bump policy to 3.9.6, no changes.
-- Timo Aaltonen <tjaalton@debian.org> Fri, 12 Jun 2015 22:36:52 +0300
sssd (1.12.4-1) experimental; urgency=medium
* New upstream release.
* apparmor-profile: Updated. (LP: #1421110)
* control: Add new build-depends; cifs-utils, libaugeas-dev,
libnfsidmap-dev, libsmbclient-dev, systemd.
* control, .install: Add libwbclient-sssd{,-dev}.
* control, .install: Add libsss-simpleifp{0,-dev}.
* fix-automake-compat.diff, fix-catchchild.diff: Dropped, upstream.
* rules: Use max-parallel=1 for dh_auto_install.
* sssd-common.install: Add files for NFS v4 client.
* sssd-ad.install: Add new files.
* sssd-ipa.install: Add selinux_child.
* sssd-dbus: Add libsss_config.so.
* sssd-common: Add cifs idmap plugin, semanage library and krb5
localauth plugin.
* rules: Add a placeholder to not modify permissions of
{krb5,ldap,selinux}_child.
* control: Add libsystemd-login-dev to build-depends.
* control: Add libnss-wrapper and libuid-wrapper to build-depends.
* rules: Use automake native verbosity for tests, and bump
CK_TIMEOUT_MULTIPLIER.
-- Timo Aaltonen <tjaalton@debian.org> Thu, 09 Apr 2015 23:56:01 +0300
sssd (1.11.7-3) unstable; urgency=medium
* libsss-sudo.postrm: Delete sudoers line from nsswitch.conf, if only
files source left. (Closes: #749722)
* libsss-sudo.postinst: Fix comments.
* libsss-sudo.postinst: Check nsswitch sudoers entry unconditionally,
so that it is added on upgrade too if missing.
-- Timo Aaltonen <tjaalton@debian.org> Fri, 16 Jan 2015 13:53:22 +0200
sssd (1.11.7-2) unstable; urgency=medium
* default, upstart.in: Upstream ticket #2312 is fixed now, so drop the
workaround to run the daemon in the foreground. (Closes: #760353)
* fix-automake-compat.diff: Added an upstream commit to fix configure
with new automake.
* fix-catchchild.diff: Fix build failure with samba 4.1.13, bump
samba-dev build-dependency to match.
-- Timo Aaltonen <tjaalton@debian.org> Thu, 30 Oct 2014 14:49:05 +0200
sssd (1.11.7-1) unstable; urgency=medium
* New upstream release.
* sssd-common.install, sssd-dbus.install: Add new sss_signal helper
and the dbus service using it.
* fix-obsolete-target.diff: Drop syslog.target from the service file.
* libnss-sss.post*: Add sss entry to shadow and services on
nsswitch.conf. (Closes: #761173)
-- Timo Aaltonen <tjaalton@debian.org> Wed, 24 Sep 2014 07:08:04 +0300
sssd (1.11.6-1) unstable; urgency=medium
* New upstream release.
* control: Update my email.
* control: Update vcs urls.
* libnss-sss.postrm: Check DPKG_MAINTSCRIPT_PACKAGE_REFCOUNT before
removing sss entry from nsswitch.conf. (Closes: #748671)
* libpam-sss.prerm: Check DPKG_MAINTSCRIPT_PACKAGE_REFCOUNT before
running pam-auth-update --remove.
* control: Mark libkeyutils-dev, libselinux-dev, libsemanage-dev,
libnl*-dev build-deps as linux-any, as a preliminary step to build
on kfreebsd-*.
* Run wrap-and-sort.
* sssd-dbus: Add a new subpackage for the D-Bus responder.
* control: Demote libsasl2-modules-ldap to Suggests for sssd-ldap.
* generate-config: Bring it back for convenience, but don't run it on
postinst.
* sssd-common.postinst: Remove obsolete config upgrade.
-- Timo Aaltonen <tjaalton@debian.org> Tue, 19 Aug 2014 09:15:13 +0300
sssd (1.11.5.1-2) unstable; urgency=medium
* control: Drop libcmocka-dev and check from build-depends again so
that the package will build on every arch. Test failures will be
fixed in a future upload.
-- Timo Aaltonen <tjaalton@debian.org> Thu, 14 Aug 2014 02:22:57 +0300
sssd (1.11.5.1-1) unstable; urgency=medium
[ Stéphane Graber ]
* Fix upstart job to provide a proper stdin for sssd.
* Update defaults to always pass -i.
[ Timo Aaltonen ]
* New upstream release. (Closes: #745664)
* control: Bump libkrb5-dev build-dependency to 1.12 due to the OTP
features.
-- Timo Aaltonen <tjaalton@ubuntu.com> Fri, 09 May 2014 14:50:12 +0300
sssd (1.11.5-1) unstable; urgency=medium
* New upstream bugfix release. (Closes: #729982)
* upstart: Run the daemon in foreground and drop expect fork from the
job, should fix issues with upstart getting confused when a backend
fails to start.
-- Timo Aaltonen <tjaalton@ubuntu.com> Tue, 08 Apr 2014 23:39:20 +0300
sssd (1.11.4-1) unstable; urgency=low
* New upstream release.
* control, rules: Add libcmocka-dev and re-add check to build-depends.
Override dh_auto_test so that it shows the test error log if they fail.
* rules: Fix the manpage date handling with a bigger hammer, and
enable it for all manpages not just pam_sss.8. (Closes: #734083)
* Drop an obsolete lintian override from libsss-sudo.
-- Timo Aaltonen <tjaalton@ubuntu.com> Fri, 21 Mar 2014 13:28:38 +0200
sssd (1.11.3-1) unstable; urgency=low
* New upstream release.
* control: Update policy to 3.9.5, no changes.
-- Timo Aaltonen <tjaalton@ubuntu.com> Fri, 03 Jan 2014 00:01:29 +0200
sssd (1.11.2-1) unstable; urgency=low
* New upstream release.
* rules, sssd-common.install: Use the correct path for the systemd
service file.
* control: Build depend on libpam0g-dev | libpam-dev.
-- Timo Aaltonen <tjaalton@ubuntu.com> Tue, 19 Nov 2013 15:22:27 +0200
sssd (1.11.1-1) unstable; urgency=low
* New upstream release.
* sssd-common.postinst, generate-config: Don't create a config on install,
drop generate-config. (Closes: #717587)
* sssd-common.postrm: Remove /etc/apparmor.d too, if empty.
* control, rules, sssd-common.install: Install the systemd service
file provided by upstream.
* control: Drop M-A: foreign from sssd-* and add back to sssd instead.
* control: Don't hardcode 'multiarch-support'.
* control: Drop unnecessary multiarch declarations.
* control: Drop obsolete Breaks/Conflicts.
* rules: Enable parallel build.
* control: Add libltdl-dev to build-depends.
* control: Prepare for new unified samba package, adjust build-
dependencies. Thanks, Ivo De Decker! (Closes: #725992)
-- Timo Aaltonen <tjaalton@ubuntu.com> Tue, 06 Aug 2013 17:04:28 +0300
sssd (1.10.0-1) unstable; urgency=low
[ Timo Aaltonen ]
* New upstream release (Closes: #693054, #705357, #711101)
* Update the packaging for the new version, thanks Esko Järnfors!
- Add libsss-idmap0, libsss-idmap-dev packages
- Add sssd Depends on libsss-idmap0
- Add /var/lib/sss/mc directory for the new mmap cache
* Split authentication providers to separate packages and make sssd
a metapackage.
* control: Drop libunistring-dev from build-depends and add libglib2.0-dev
for unicode support.
* sssd-*.install: Install new manpages.
* python-sss.install: py-files got moved under SSSDConfig.
* control, rules: Use default build flags, bump dpkg-dev build-dep to
1.16.1~.
* rules: Install the apparmor profile with -m644.
* python-sss: Add pysss_murmur.so.
* rules, control, sssd-ad-common.install: PAC responder support.
- Add libndr-dev, libndr-standard-dev, libsamba-util-dev, samba4-dev,
libdcerpc-dev to build-depends
- Add -I/usr/include/samba-4.0 to CFLAGS
* control: Mark sssd-common as Multi-Arch: foreign.
* watch: Add a comment about the upstream git tree.
* Replace perl snippet from libnss-sss.post* with sed, drop perl from
Depends. (Closes: #686237)
* compat: Bump compat to 9.
* rules: Set DEB_HOST_MULTIARCH, drop --libdir and remnants of cdbs.
* sssd-common.install: Install the support binaries under the multiarch path.
* rules,sssd-common.postinst: Move generate-config to /usr/share/sssd.
* rules, sssd-common.install: Use the correct install path for the
krb5_locator plugin.
* libnss-sss.postinst: SSSD doesn't handle shadow maps, so don't pretend
that it would.
* libsss-sudo*, control: Remove the soname from the library, move .so to
the libsss-sudo, drop -dev package.
* rules: Pass --datadir, so the path in autogenerated python files is
correctly substituted. (LP: #1079938)
* sssd-krb5-common.dirs: Add krb5 include dir.
* fix-cve-2013-0219*.diff, -0220.diff: Dropped, included upstream.
* libsss-sudo.postrm: Run ldconfig on remove/purge.
* apparmor-profile: Fix the profile to use the multiarch path for it's
helper location (LP: #1175317).
* Add packaging for libsss-nss-idmap0, libsss-nss-idmap-dev,
python-libsss-nss-idmap.
* watch: Updated to work with alpha/beta releases.
* control: Migrate to libnl-3 now that it's supported. (Closes: #688174)
* sssd-common.{preinst,postrm}: Install the apparmor profile in force-complain
mode on install, and remove the profile directory on purge (if empty). Also
migrate from previous setup which installed it as disabled.
(Closes: #676140)
* control: Bump policy to 3.9.4, no changes.
* control: Add libpam-pwquality (>= 1.2.2-1) to libpam-sss depends, which
makes the password stack work in all cases. (LP: #1159983)
* control: Drop check from build-depends for now, to work around a linking bug
in check (#712140) that makes the tests fail on (at least) i386.
[ Stéphane Graber ]
* Add postinst/postrm script for libsss-sudo. Those will add a "sudoers"
entry to /etc/nsswitch.conf upon first installation of the package and
will then take care of adding/removing sss from the stack as required.
* Set CK_DEFAULT_TIMEOUT to 30 so that slower buildds (armhf at least) can
run the tests without hitting the default 4s timeout.
-- Timo Aaltonen <tjaalton@ubuntu.com> Fri, 05 Jul 2013 14:53:06 +0300
sssd (1.8.4-2) unstable; urgency=low
* fix-cve-2013-0219-1.diff, fix-cve-2013-0219-2.diff,
fix-cve-2013-0220.diff: Upstream commits from the stable tree to fix
recent CVE reports. (Closes: #698871)
-- Timo Aaltonen <tjaalton@ubuntu.com> Wed, 27 Feb 2013 23:38:28 +0200
sssd (1.8.4-1) unstable; urgency=low
* New upstream bugfix release 1.8.2.
- Several fixes to case-insensitive domain functions
- Fix for GSSAPI binds when the keytab contains unrelated
principals
- Fixed several segfaults
- Workarounds added for LDAP servers with unreadable RootDSE
- SSH knownhostproxy will no longer enter an infinite loop
preventing login
- The provided SYSV init script now starts SSSD earlier at startup
and stops it later during shutdown
- Assorted minor fixes for issues discovered by static analysis
tools
* New upstream bugfix release 1.8.3.
- Numerous manpage and translation updates
- LDAP: Handle situations where the RootDSE isn't available anonymously
- LDAP: Fix regression for users using non-standard LDAP attributes for
user information
* New upstream bugfix release 1.8.4. (LP: #981125, #985031)
- Fix a bug causing AD servers not to fail over properly when the KDC
on the primary server is down
- Fix an endianness bug on big-endian systems when looking up services
- Fix a segfault dealing with nested groups (LP: #981125)
- Make the nowait cache updates work for netgroups
- Fix a regression that broke domains with use_fully_qualified_names = True
(LP: #985031)
* control: Move the dependency of libsasl2-modules-gssapi-mit to
Recommends.
* control: sssd works with Heimdal gssapi modules too, add
libsasl2-modules-gssapi-mit as an option for the Recommends.
(LP: #966146)
* libpam-sss.pam-auth-update:
- Drop the dependency to 128, since pam_sss should always be below
pam_unix. (LP: #957486)
- Drop 'use_authtok' from the password stack, since it only works when
pam_cracklib is installed. This will allow password changes on the
default install.
* sssd.postrm: Try to remove /etc/sssd only if it exists.
(Closes: #666226)
* Add disabled by default Apparmor profile (LP: #933342)
- debian/sssd.upstart.in: load the profile during pre-start
- add debian/apparmor-profile, install to /etc/apparmor.d
- debian/rules: use dh_apparmor to install profile before sssd is
restarted
- debian/control: sssd Suggests apparmor (>= 2.3)
- debian/control: Add dh-apparmor to build-depends
- debian/sssd.preinst: disable profile on clean install or upgrades
from earlier than when we shipped the profile
* rules: Mangle the date stamp on pam_sss.8 so that the compressed file is
identical across all archs. (Closes: #670019)
* control: Add build-depends on libnl-dev to enable Netlink support.
* control: Add build-depends on libkeyutil-dev to enable support for
kernel keyring manipulation.
* sssd.logrotate: Rotate logs weekly, keep four previous rotations.
(Closes: #672984)
* sssd.upstart.in: Delete an invisible control character from the pre-start
script. (LP: #1003845)
-- Timo Aaltonen <tjaalton@ubuntu.com> Fri, 01 Jun 2012 11:43:42 +0300
sssd (1.8.1-1) unstable; urgency=low
* New maintainer, Debian SSSD Team. (Closes: #660985)
[ Timo Aaltonen ]
* New upstream release (1.8.1) (Closes: #647980, #624194, #639965)
- Support for the service map in NSS
- Support for setting default SELinux user context from FreeIPA
- Support for retrieving SSH user and host keys from LDAP (Experimental)
- Support for caching autofs LDAP requests (Experimental)
- Support for caching SUDO rules (Experimental)
* Update build-deps:
- Add libunistring-dev, libdhash-dev, libcollection-dev and
libini-config-dev.
- Add check for unit tests.
- Drop cvs and python-central.
- Migrate to dh, drop cdbs build-dep, add quilt, dh-autoreconf and
autopoint to build-deps.
* Add new packages:
- libipa-hbac0, libipa-hbac-dev, libsss-sudo0, libsss-sudo-dev,
and python-libipa-hbac.
- Split sssd-tools: add Breaks/Replaces sssd (<< 1.8.0~beta3-1) and
add to sssd Suggests
* Drop patch to ensure LDAP authentication never accept a zero
length password, which is now included upstream.
* sssd.upstart.ubuntu:
- Don't start before net-device-up. (LP: 812943)
- Source /etc/default/sssd. (LP: 812943)
* sssd.default: Added a file to include the sssd daemon defaults,
currently has '-D -f'.
* sssd.init: Drop separate OPTIONS, '-D' comes from /etc/default/sssd
now..
* rules: Install the Python API files to /usr/share/sssd, as discussed
with upstream. (LP: 859611)
* fix-python-api-path.dpatch: Use the new location for the API files.
(LP: 859611)
* libpam-sss.pam-auth-update:
- Add 'forward_pass' to auth stack to fix ecryptfs mounts. (LP: 826643)
- Add pam_localuser.so to account stack to allow local users to log in.
(LP: 860488)
* control: sssd now Recommends libpam-sss and libnss-sss, since sssd is
mostly useless without them. (LP: 767337)
* control, compat: Bump debhelper build-dep and compat level to 8.
* Switch patch-system to quilt.
* Do not install a working config file by default. The local domain
definition was broken (upstream #1014). The daemon will need to be
configured by other means before it's usable.
* Add support for Multi-Arch (Closes: #634123).
* Remove unnecessary libnss-sss.links.
* libnss-sss.overrides: Add an override for
"package-name-doesnt-match-sonames".
* Determine the used init system during build, add lsb-release to
build-deps. Default to sysvinit, use upstart if Ubuntu.
* sssd.upstart.in: Test if the config file exists, and exit if not.
* Fail gracefully if invoke-rc.d returns an error on postinst/prerm, like
when the daemon fails to start when there is no config file.
* sssd.init.in: Check that /etc/default/sssd is a real file before sourcing
it (Closes: #587895).
* control: Add libsasl2-modules-gssapi-mit and libsasl2-modules-ldap to
Recommends for sssd.
* rules: Move the rule for purging .la files before dh_install
(Closes: #633206).
* sssd.install: Fix the wildcard for plugins to include .so symlinks.
* rules: Add configure flags
- Disable RPATH
- Disable building static libs
- Enable ssh user and host key retrieval, autofs request
and sudo rules caching. The respective packages need to add support
for these to be useful.
* Drop fix-python-api-path.patch, included upstream.
* sssd.examples: Install the renamed example config.
* rules: Drop special handling of the sssd.api.d, upstream uses
the proper path now.
* rules: Add --fail-missing to dh_install.
* sssd.install: Add new files.
* libpam-sss.install, control: Move pam_sss.8 to the correct package,
add Breaks/Replaces.
* rules: Remove some files we don't want to install, to make dh_install
happy.
* rules: Clean po/*.gmo, po/stamp-po and *.pyc.
* Install lintian overrides using dh_lintian.
* {sssd,libnss-sss}.lintian-overrides: Update.
* Move libsasl2-modules-gssapi to sssd Depends to make sure it gets
installed, as it's needed in most cases.
* control: Update maintainer address and repo location.
* control: Bump the Standards-Version to 3.9.3, no changes.
* control: Bump the debhelper build-dep to 9.
* control: Add ${misc:Depends} to libipa-hbac*, libsss-sudo*.
* control, rules: Migrate to dh_python2 (Closes: #617071).
* control: Add myself to uploaders.
[ Petter Reinholdtsen ]
* New upstream version 1.2.4:
- Resolves long-standing issues related to group processing with
RFC2307bis LDAP servers.
- Fixed bugs in RFC2307bis group memberships related to initgroups
(Closes: #595564).
- Fix tight-loop bug on systems with older OpenLDAP client
libraries (such as Red Hat Enterprise Linux 5)
* New Upstream Version 1.2.3:
- Resolves CVE-2010-2940.
* New Upstream Version 1.2.2:
- The LDAP provider no longer requires access to the LDAP
RootDSE. If it is unavailable, we will continue on with our best
guess.
- The LDAP provider will now log issues with TLS and GSSAPI to the
syslog.
- Significant performance improvement when performing initgroups
on users who are members of large groups in LDAP.
- The sss_client will now reconnect properly to the SSSD if the
daemon is restarted.
* This resolves an issue causing GDM to crash when logging out
of a user after the SSSD had been restarted.
* Correct package description for python-sss (Closes: #596215).
* Update Standards-Version from 3.8.4 to 3.9.1. No changes needed.
[ Stéphane Graber ]
* Fix prerm invoke_failure hook to simply return as empty functions
are invalid shell syntax.
-- Timo Aaltonen <tjaalton@ubuntu.com> Thu, 22 Mar 2012 13:28:27 +0200
sssd (1.2.1-4.4) unstable; urgency=low
* Non-maintainer upload.
* Fix FTBFS with -Werror=format-security. Thanks Philippe De Swert for patch.
(Closes: #643806).
-- Hector Oron <zumbi@debian.org> Sun, 19 Feb 2012 19:33:04 +0000
sssd (1.2.1-4.3) unstable; urgency=medium
* Non-maintainer upload.
* Adjust install path to consider GNU triplet (Closes: #640626).
-- Luca Falavigna <dktrkranz@debian.org> Tue, 20 Sep 2011 20:02:34 +0200
sssd (1.2.1-4.2) unstable; urgency=low
* Non-maintainer upload.
* debian/sssd.install
- updated location for ldb modules; Closes: #618159
-- Sandro Tosi <morph@debian.org> Fri, 03 Jun 2011 23:53:59 +0200
sssd (1.2.1-4.1) unstable; urgency=medium
* Non-maintainer upload by the Security Team
* Fix CVE-2010-4341 (Closes: #610032)
-- Moritz Muehlenhoff <jmm@debian.org> Tue, 25 Jan 2011 22:09:21 +0100
sssd (1.2.1-4) unstable; urgency=low
* Add patch from Stephen Gallagher to ensure LDAP authentication
never accept a zero length password (Closes: #594413). Solves
CVE-2010-2940.
-- Petter Reinholdtsen <pere@debian.org> Wed, 25 Aug 2010 22:33:40 +0200
sssd (1.2.1-3) unstable; urgency=low
[ Petter Reinholdtsen ]
* Look for /etc/default/sssd, not /etc/defaults/sssd in init.d
script (Closes: #588252).
* Make sssd.conf generation more robust, and make sure missing SRV
records are ignored and not handled as host names.
* Add code in generate-config to look up Kerberos realm using
_kerberos TXT record in DNS if it exist.
* Recommend bind9-host used by generate-config for SRV and TXT
lookups.
[ Morten Werner Forsbring ]
* Check if /etc/default/sssd is a file and executable, not a directory,
before sourcing in init-script. Thanks to lintian.
-- Morten Werner Forsbring <werner@debian.org> Thu, 12 Aug 2010 16:31:14 +0200
sssd (1.2.1-2) unstable; urgency=low
* Make sure init.d script sources /etc/default/sssd (Closes: #588252).
* Drop /etc/default/sssd from package, to avoid conffile question
from dpkg during upgrades.
* Make sure to only remove obsolete sssd conffiles on upgrades, not
on first time installation.
* Add new script generate-config and call it from the sssd postinst
during first time installation to try to generate the sssd.conf
file dynamically for LDAP and Kerberos using DNS entries, and fall
back to the static example configuration if this fail.
* Let sssd suggest libnss-sss and libpam-sss, to make those
installing sssd aware of the other packages.
* Add netgroup to nsswitch.conf entries added at first time
installation, to make sure those installing now get working
netgroups when sssd get netgroup support
* Let sssd recommend ldap-utils as ldapsearch is used for generating
the configuration.
-- Petter Reinholdtsen <pere@debian.org> Fri, 06 Aug 2010 23:44:26 +0200
sssd (1.2.1-1) unstable; urgency=low
[ Petter Reinholdtsen ]
* Move calls to pam-auth-update from the package scripts in sssd to
libpam-sss, and correct prerm call to remove the correct pam config.
Add versioned dependency on libpam-runtime to make sure
pam-auth-update is available.
* Add code to the postinst and postrm of libnss-sss to update
passwd, group and shadow entries in /etc/nsswitch.conf.
* Make sure init.d/sssd start after $named, to ensure it can look up
in DNS also when the DNS server is on the local machine.
[ Morten Werner Forsbring ]
* New upstream release.
-- Morten Werner Forsbring <werner@debian.org> Thu, 24 Jun 2010 14:16:30 +0200
sssd (1.2.0-1) unstable; urgency=low
[ Petter Reinholdtsen ]
* New upstream release.
- Add libsemanage1-dev as build dependency, as it is now required.
- Drop python-build-with-deb-layout.dpatch, now handled upstream.
- Adjust provide-default-working-sssd-config-file.dpatch to
work with new package source layout and config file content.
- Adjust build rules to cope with server/ changing to src/ in the
source tarball.
- Add --enable-krb5-locator-plugin to keep building the plugin.
* Change the pam-auth-update configuration to make the session
script optional instead of sufficient, to make sure the other
session modules are executed too.
* Change initial pam password entry from requisite to sufficient,
to make sure local users can have their password set even if
sssd is enabled.
* Rename pam-configs/sssd to pam-configs/sss, to have a name that
is consistent with the package name libpam-sss.
* Add VCS links to the GIT repository.
* Move configuration API documentation from /etc/sssd/ to
/usr/share/doc/sssd/. It is not configuration and do not belong
in /etc/.
* Drop autoconf, automake, libtool, m4 and autotools-dev from
build-depends. There is no need to regenerate the build files any
more.
[ Morten Werner Forsbring ]
* Add dnsutils as build-dependency.
-- Morten Werner Forsbring <werner@debian.org> Tue, 01 Jun 2010 20:41:59 +0200
sssd (1.0.5-1) unstable; urgency=low
* Initial upload based on package from Ubuntu (Closes: #579593).
* Update standards-version from 3.8.3 to 3.8.4. No changes needed.
* Add init.d script and rename sssd.upstart to sssd.upstart.ubuntu
to make sure init.d script is installed instead of upstart job.
* Add draft pam-auth-update configuration based on proposals in
Launcepad bug #557398.
* Update address to FSF in copyright file. Thanks lintian.
* Set section for python-sss to python after advice from lintian.
* Rewrite python-build-with-deb-layout.dpatch to patch Makefile.in
instead of Makefile.am, to avoid having to run autoreconf.
* Make sssd depend on python for its upgrade script.
* Extend clean rule to remove generated file server/config/.files.
* Make sure sssd.api.conf is installed into the sssd package, and
put it in /etc/sssd/sssd.api.conf. Fixes typo in Ubuntu package.
-- Petter Reinholdtsen <pere@debian.org> Wed, 05 May 2010 21:53:29 +0200
sssd (1.0.5-0ubuntu1) lucid; urgency=low
* New upstream bugfix release. (LP: #510290)
* sssd.dirs: Add /var/lib/sss/pubconf (LP: #557394)
-- Timo Aaltonen <tjaalton@ubuntu.com> Fri, 16 Apr 2010 11:37:16 +0300
sssd (1.0.2-0ubuntu2) lucid; urgency=low
* No change rebuild due to libldb downgrade
-- Scott Kitterman <scott@kitterman.com> Fri, 02 Apr 2010 17:48:19 -0400
sssd (1.0.2-0ubuntu1) lucid; urgency=low
* New upstream release (LP: #473262):
- python API for managing sssd daemon configuration and
native SSSD users.
- support for asynchronous cache refreshes.
- support password changing in LDAP and Kerberos providers.
- support for server failover.
* debian/control:
- update tdb build dependency to use libtdb-dev.
- add libselinux1-dev and libsasl2-dev build dependencies.
* debian/sssd.upstart: replace init script with an upstart job.
* Turn sssd.conf into a configuration file.
* Create sssd log directory.
-- Mathias Gug <mathiaz@ubuntu.com> Tue, 19 Jan 2010 15:17:13 -0500
sssd (0.5.0-0ubuntu2) karmic; urgency=low
* debian/libnss-sss.overrides, debian/sssd.overrides:
+ Fix linitian errors and warnings (LP: #425697):
sssd ships an nss library - these are false-positives.
* debian/fix-dbus-watch.dpatch: Update dbus-patch to final
upstream version.
* debian/fix-proxy-segfault.dpatch: Fix proxy enumeration.
-- Mathias Gug <mathiaz@ubuntu.com> Wed, 09 Sep 2009 20:21:04 -0400
sssd (0.5.0-0ubuntu1) karmic; urgency=low
* Initial release.
-- Mathias Gug <mathiaz@ubuntu.com> Mon, 24 Aug 2009 16:35:11 -0400
|