sssd (2.3.1-3ubuntu2) groovy; urgency=medium * d/p/0003-Only-start-sssd.service-if-there-s-a-configuration-f.patch: Upstream patch to make sssd.service only able to start when there is a configuration file present. (LP: #1900642) * d/p/condition-path-exists-sssd-conf.patch: Remove. -- Sergio Durigan Junior Mon, 11 Jan 2021 14:30:55 -0500 sssd (2.3.1-3ubuntu1) groovy; urgency=medium * d/p/condition-path-exists-sssd-conf.patch: Only start sssd.service if there is a configuration file present. (LP: #1900642) -- Sergio Durigan Junior Thu, 10 Dec 2020 14:54:29 -0500 sssd (2.3.1-3) unstable; urgency=medium * control: Move libsss-sudo to sssd-common Suggests. (LP: #1249777) -- Timo Aaltonen Tue, 06 Oct 2020 15:56:19 +0300 sssd (2.3.1-2) unstable; urgency=medium * control: Add sssd-dbus to sssd-tools Recommends. (LP: #1895645) -- Timo Aaltonen Thu, 17 Sep 2020 14:15:03 +0300 sssd (2.3.1-1) unstable; urgency=medium * New upstream release. (Closes: #965307, #965143) * source: Extend diff-ignore. * rules: Set --with-libwbclient. * control: Add libsofthsm2 to build-depends for tests. -- Timo Aaltonen Tue, 28 Jul 2020 17:14:55 +0300 sssd (2.3.0-2) unstable; urgency=medium * rules: Drop quilt, autoreconf from dh. -- Timo Aaltonen Mon, 13 Jul 2020 15:49:20 +0300 sssd (2.3.0-1) unstable; urgency=medium * New upstream release. (Closes: #964701, #964240) * source: Migrate to 3.0 (quilt). * source/local-options: Add files not found on upstream tarball to extend-diff-ignore. * rules: Use journald for logging. (Closes: #960673) * rules: Use /run for pid-path. * sssd-common.sssd.default: Add DEBUG_LOGGER but commented out. * watch: Update url to github. * Add signing-key from Pavel Březina. * fix-946847.diff, fix-python3.8-ftbfs.diff: Dropped, upstream. * control: Use debhelper-compat. * control, rules: Build with openssl. * rules: Disable tests until a failing pam upn test is sorted out. * control: Drop quilt from build-depends. -- Timo Aaltonen Mon, 13 Jul 2020 11:35:33 +0300 sssd (2.2.3-3) unstable; urgency=medium * libnss-sss: Fix a typo in adding the NSS entry for automount. (LP: #1873752) * control, watch: Update upstream url to github. -- Timo Aaltonen Mon, 20 Apr 2020 17:52:18 +0300 sssd (2.2.3-2) unstable; urgency=medium * libnss-sss: Add an entry for automounter to nsswitch.conf. This is needed by ipa-client-automount. * Added gitlab-ci.yml. * fix-python3.8-ftbfs.diff: Fix build against python3.8. -- Timo Aaltonen Fri, 06 Mar 2020 21:58:28 +0200 sssd (2.2.3-1.1) unstable; urgency=medium * Non-maintainer upload with maintainer permission. * Fix sssd_be busy-looping when LDAP connection flickers. (Closes: #946847) -- Thorsten Glaser Fri, 21 Feb 2020 14:04:25 +0100 sssd (2.2.3-1) unstable; urgency=medium * New upstream release. * default-to-socket-activated-services.diff: Refreshed. * sssd-ldap.install: Updated. -- Timo Aaltonen Thu, 20 Feb 2020 13:06:35 +0200 sssd (2.2.2-1) unstable; urgency=medium * New upstream release. * default-to-socket-activated-services.diff: Don't enable any services when run without a conffile. * fix-have-systemd.diff: Dropped, upstream. * default-to-socket-activated-services.diff: Refreshed. * signing-key: Add key from Michal Židek. * Get rid of all old pre/postinst file removal fluff, since that's all obsolete by now. * Drop python2 support. (Closes: #938566) -- Timo Aaltonen Wed, 18 Sep 2019 15:27:44 +0300 sssd (2.2.0-4) unstable; urgency=medium [ Sam Morris ] * fix-have-systemd.patch: correct detection of systemd.pc (Closes: #932080) * default-to-socket-activated-services.diff: rely on socket activation to spawn nss and pam responders -- Timo Aaltonen Fri, 19 Jul 2019 18:15:41 +0300 sssd (2.2.0-3) unstable; urgency=medium * common/ipa/krb5-common/proxy.postinst: Use libexec path. (Closes: #931859) -- Timo Aaltonen Fri, 12 Jul 2019 10:01:06 +0300 sssd (2.2.0-2) unstable; urgency=medium * rules: Override dh_installman, let dh_install handle installing manpages too. -- Timo Aaltonen Thu, 11 Jul 2019 00:53:36 +0300 sssd (2.2.0-1) unstable; urgency=medium * New upstream release. * control: Bump policy to 4.4.0. * control, compat, rules: Bump debhelper to 12. * *.install: Updated, some files moved to /usr/libexec. -- Timo Aaltonen Wed, 10 Jul 2019 10:14:09 +0300 sssd (2.1.0-1) experimental; urgency=medium * New upstream release. * sssd-tools.install: Local domain support is deprecated and not built by default anymore, so drop the files. * control, sssd-common.install: Secrets responder is dropped, deprecated. * control: Add ldap-utils to build-depends, tests need it. * sssd-common.install: Add new internal libs for iface/sbus. * fix-whitespace-test.diff: Fix ignoring the debian dir. * rules: Update the clean target. -- Timo Aaltonen Mon, 27 May 2019 13:55:38 +0300 sssd (1.16.4-1~exp1) experimental; urgency=medium [ Timo Aaltonen ] * New upstream release. (LP: #1572908) * Drop patches, all upstream. * Enable systemd responders. (Closes: #925026, #923882) [ Dominik George ] * Acknowledge NMU. * Add myself to Uploaders. -- Timo Aaltonen Wed, 03 Apr 2019 09:56:33 +0300 sssd (1.16.3-3.1) unstable; urgency=high * Non-maintainer upload. * Fix copy_ccache test broken by recent krb5 changes. (Closes: #921761) * Fix PAC responder build with krb5 1.17. (Closes: #923125) -- Dominik George Sun, 24 Feb 2019 11:05:55 +0100 sssd (1.16.3-3) unstable; urgency=medium * fix-curl-ftbfs.diff: Fix build with current curl. (Closes: #913403) * Rebuild with python3.7. (Closes: #915199, #915168) -- Timo Aaltonen Sun, 02 Dec 2018 11:16:57 +0200 sssd (1.16.3-2) unstable; urgency=medium [ Jeremy Bicha ] * Don't require libgdm-dev on s390x or non-Linux architectures (Closes: #913030) [ Andreas Hasenack ] * d/t/{ldap-user-group-ldap-auth,control,login.exp,util,common-tests}: add LDAP DEP8 test * d/t/{util,login.exp,ldap-user-group-krb5-auth,control}: add krb5 DEP8 test -- Timo Aaltonen Tue, 06 Nov 2018 16:55:34 +0200 sssd (1.16.3-1) unstable; urgency=medium * New upstream release. * control: Add python-sss to sssd-tools depends. (Closes: #905220) * libsss-sudo: Add sss entry to nsswitch only on initial install. (Closes: #903917) * control: Update list address. * disable-tests.diff: Dropped, all tests pass on a proper buildd setup which should have /etc/{hosts,networks} populated. -- Timo Aaltonen Wed, 22 Aug 2018 16:34:01 +0300 sssd (1.16.2-1) unstable; urgency=medium * New upstream release. (LP: #1778554) * control: Enable tests, add check and libcmocka-dev to build-depends. * rules: Use samba idmap version 6. * disable-tests.diff: Disable three tests that are known to fail in sbuild. * control: Drop obsolete build-depends. * control: Update VCS urls. * control: Drop specifying python versions. * control: Change priority to optional. * libsss-sudo.post*: Don't call ldconfig. -- Timo Aaltonen Wed, 27 Jun 2018 14:07:55 +0300 sssd (1.16.1-1) unstable; urgency=medium * New upstream release. * common.dirs, common.postinst: Add dir for secrets with correct permissions. (Closes: #892315) * common: Add support for Fleet Commander, create deskprofile dir with correct permissions. * control: Add libgdm-dev to build-depends to support multiple certificates. * control, rules, common.install: Add support for systemtap. * control: Bump policy to 4.1.3, no changes. -- Timo Aaltonen Tue, 13 Mar 2018 11:25:00 +0200 sssd (1.16.0-5) unstable; urgency=medium * rules: Disable files domain, it's not useful in Debian. (Closes: #888207) -- Timo Aaltonen Fri, 26 Jan 2018 10:42:17 +0200 sssd (1.16.0-4) unstable; urgency=medium * Revert installing responder service/socket files again. (Closes: #886483) -- Timo Aaltonen Mon, 22 Jan 2018 16:50:14 +0200 sssd (1.16.0-3) unstable; urgency=medium * Install responder service and socket files again. -- Timo Aaltonen Thu, 04 Jan 2018 09:55:41 +0200 sssd (1.16.0-2) unstable; urgency=medium * Enable default config. (Closes: #858968) * Enable files domain. -- Timo Aaltonen Mon, 25 Dec 2017 21:38:26 +0200 sssd (1.16.0-1) unstable; urgency=medium * New upstream release. * sysdb-sanitize-search-filter-input.diff: Dropped, upstream. * sssd-common.install: Add sssd-session-recording.5. * control: Depend on python3 pkgs by default. (Closes: #883178) -- Timo Aaltonen Wed, 20 Dec 2017 11:58:50 +0200 sssd (1.15.3-3) unstable; urgency=medium * Rebuild against new libldb. (Closes: #880013) -- Timo Aaltonen Sun, 29 Oct 2017 09:13:42 +0200 sssd (1.15.3-2) unstable; urgency=medium * control: Fix libipa-hbac-dev short description. * generate-config: Update the config template. (Closes: #872787) * sysdb-sanitize-search-filter-input.diff: Fix CVE-2017-12173. (Closes: #877885) -- Timo Aaltonen Thu, 12 Oct 2017 08:24:51 +0300 sssd (1.15.3-1) unstable; urgency=medium * New upstream release. * apparmor-profile: Add chown capability, allow one to notify systemd. * control: Add libcurl4-gnutls-dev and uuid-dev to build depends. * Add libsss-certmap{0,-dev} packages. * Add sssd-kcm. * rules: Migrate to dh_missing. * control: Bump policy to 4.0.0, no changes. * compat, control, rules: Bump debhelper compat to 10, drop --parallel as it's the default now. -- Timo Aaltonen Sat, 29 Jul 2017 11:50:41 +0300 sssd (1.15.2-1) unstable; urgency=medium * New upstream release. * control: Demote adcli to sssd-ad suggests. * rules, common.install: Fix sssd_krb5_locator_plugin install path. (LP: #1664566) * control, copyright, watch: Update upstream URLs. * common.install: Add libsss_files and socket activation helper. -- Timo Aaltonen Mon, 20 Mar 2017 15:17:19 +0200 sssd (1.15.0-3) unstable; urgency=medium * rules, install: Remove responder service and socket files for now, the sockets weren't supposed to be enabled anyway and can cause issues. (Closes: #854048) -- Timo Aaltonen Sat, 04 Feb 2017 18:34:06 +0200 sssd (1.15.0-2) unstable; urgency=medium * import-daemon-opts.diff, sssd.default: Drop the patch modifying sssd service file, and revert the daemon options for sysvinit. /etc/default/sssd is now only for the initscript (Closes: #852719) -- Timo Aaltonen Thu, 26 Jan 2017 21:29:58 +0200 sssd (1.15.0-1) unstable; urgency=medium * New upstream release. (Closes: #852450) (LP: #1566508) * Drop upstreamed patches. * sssd-common.sssd.default, import-daemon-opts.diff: Change default daemon options to match current upstream. * sssd-dbus.install: Drop libsss_config, which was removed. * sssd-{ad,common,dbus}.install: Add systemd service and socket files for pac, sudo, ssh, autofs, pam, nss and ifp responders. -- Timo Aaltonen Wed, 25 Jan 2017 22:46:02 +0200 sssd (1.14.2-2.1) unstable; urgency=low * Non-maintainer upload with maintainer approval. * ldap-blocking.diff: Fix ldaps connections by removing NON_BLOCKING from socket options (Closes: 849756). Patch from upstream pull request #67. -- Petter Reinholdtsen Tue, 24 Jan 2017 22:26:17 +0000 sssd (1.14.2-2) unstable; urgency=medium * fix-prefix-substitution.diff: Fix IFP service file path substitution. (LP: #1652629) -- Timo Aaltonen Tue, 17 Jan 2017 16:39:14 +0200 sssd (1.14.2-1) unstable; urgency=medium * New upstream release. * control: Add adcli to sssd-ad Recommends. (LP: #1590471) * accept-krb5-1.15.diff: Allow building PAC responder with MIT krb5 1.15. (Closes: #843385) * common.install: Add sssd-secrets manpage. -- Timo Aaltonen Wed, 16 Nov 2016 10:47:15 +0200 sssd (1.14.1-1) unstable; urgency=medium * New upstream release. * ipa-terminate-if-view-name-fails.diff, gpo-add-unity-to-ad-gpo-map-interactive.diff: Dropped, upstream. * sssd-common.dirs: Add etc/sssd/conf.d for config snippets. * control: Add libhttp-parser-dev and libjansson-dev to build-deps. * sssd-tools.install: Add sssctl. * sssd-common.install: Add sssd-secrets and winbind idmap plugin. * Drop the upstart job, it was only shipped on Ubuntu which has switched to systemd. * rules, default, import-daemon-opts.diff: Import daemon options from default/sssd also with systemd. (LP: #1587395) * rules: Don't install a default config file. -- Timo Aaltonen Wed, 05 Oct 2016 14:20:37 +0300 sssd (1.13.4-3) unstable; urgency=medium * common: Add /var/lib/sss/gpo_cache. (LP: #1579092) * gpo-add-unity-to-ad-gpo-map-interactive.diff: Allow logging in from unity lockscreen. (LP: #1578415) -- Timo Aaltonen Tue, 10 May 2016 10:39:46 +0300 sssd (1.13.4-2) unstable; urgency=medium * ipa-terminate-if-view-name-fails.diff: Fix support for older IPA servers. (LP: #1572582) -- Timo Aaltonen Wed, 20 Apr 2016 16:55:24 +0300 sssd (1.13.4-1) unstable; urgency=medium * New upstream release. * apparmor-profile: Fixed and tidied. -- Timo Aaltonen Wed, 30 Mar 2016 19:31:33 +0300 sssd (1.13.3-1) unstable; urgency=medium * New upstream release. -- Timo Aaltonen Thu, 17 Dec 2015 13:27:11 +0200 sssd (1.13.2-1) unstable; urgency=medium * New upstream release. * patches: Removed fix-obsolete-target.diff, fix-python-modules.diff, both upstream now. -- Timo Aaltonen Thu, 03 Dec 2015 21:14:29 +0200 sssd (1.13.1-2) unstable; urgency=medium * apparmor: Fix access to krb5.include.d. (LP: #1489378) * {krb5-common,proxy}.postinst: Chmod the correct files. (Closes: #801537, #801538) -- Timo Aaltonen Tue, 13 Oct 2015 16:55:47 +0300 sssd (1.13.1-1) unstable; urgency=medium * New upstream release. * {common,ipa,krb5,proxy}.postinst: Create a sssd system user & group, and migrate various bits to their ownership. * Add sssd-dbus to libsss-simpleifp0 Depends. * ipa: Add /var/lib/sss/keytabs. * common: Add PEM/DER conversion library. * Add support for python3 modules. * tools: Add sss_override. * common: Add p11_child. * ad: Drop libsss_ad_common, it was for tests only and not shipped anymore. * common: Move libsss_krb5_common here from sssd-krb5-common to satisfy libsss_ldap_common depending on it. * libsystemd.diff: Dropped, fixed upstream. * fix-python-modules.diff: Don't add symlinks to python modules, rename the built modules instead. * rules, postinst: Avoid running dpkg-architecture in postinst and instead mangle them in post-dh_installdeb. * common: Add depends on adduser. -- Timo Aaltonen Sat, 03 Oct 2015 08:38:29 +0300 sssd (1.12.5-3) unstable; urgency=medium * sssd-common.postinst: Drop removing the old logrotate file, handle it in sssd.maintscript instead. (Closes: #794332) -- Timo Aaltonen Tue, 08 Sep 2015 22:47:08 +0300 sssd (1.12.5-2) unstable; urgency=medium * sssd-common.postinst: Remove duplicate logrotate file on update. (LP: #1249772) * control, libsystemd.diff: Transition to libsystemd, thanks Michael Biebl! (Closes: #791909) -- Timo Aaltonen Tue, 21 Jul 2015 15:04:25 +0300 sssd (1.12.5-1) unstable; urgency=medium * New upstream release. * Let uscan verify upstream tarballs. * control: Bump policy to 3.9.6, no changes. -- Timo Aaltonen Fri, 12 Jun 2015 22:36:52 +0300 sssd (1.12.4-1) experimental; urgency=medium * New upstream release. * apparmor-profile: Updated. (LP: #1421110) * control: Add new build-depends; cifs-utils, libaugeas-dev, libnfsidmap-dev, libsmbclient-dev, systemd. * control, .install: Add libwbclient-sssd{,-dev}. * control, .install: Add libsss-simpleifp{0,-dev}. * fix-automake-compat.diff, fix-catchchild.diff: Dropped, upstream. * rules: Use max-parallel=1 for dh_auto_install. * sssd-common.install: Add files for NFS v4 client. * sssd-ad.install: Add new files. * sssd-ipa.install: Add selinux_child. * sssd-dbus: Add libsss_config.so. * sssd-common: Add cifs idmap plugin, semanage library and krb5 localauth plugin. * rules: Add a placeholder to not modify permissions of {krb5,ldap,selinux}_child. * control: Add libsystemd-login-dev to build-depends. * control: Add libnss-wrapper and libuid-wrapper to build-depends. * rules: Use automake native verbosity for tests, and bump CK_TIMEOUT_MULTIPLIER. -- Timo Aaltonen Thu, 09 Apr 2015 23:56:01 +0300 sssd (1.11.7-3) unstable; urgency=medium * libsss-sudo.postrm: Delete sudoers line from nsswitch.conf, if only files source left. (Closes: #749722) * libsss-sudo.postinst: Fix comments. * libsss-sudo.postinst: Check nsswitch sudoers entry unconditionally, so that it is added on upgrade too if missing. -- Timo Aaltonen Fri, 16 Jan 2015 13:53:22 +0200 sssd (1.11.7-2) unstable; urgency=medium * default, upstart.in: Upstream ticket #2312 is fixed now, so drop the workaround to run the daemon in the foreground. (Closes: #760353) * fix-automake-compat.diff: Added an upstream commit to fix configure with new automake. * fix-catchchild.diff: Fix build failure with samba 4.1.13, bump samba-dev build-dependency to match. -- Timo Aaltonen Thu, 30 Oct 2014 14:49:05 +0200 sssd (1.11.7-1) unstable; urgency=medium * New upstream release. * sssd-common.install, sssd-dbus.install: Add new sss_signal helper and the dbus service using it. * fix-obsolete-target.diff: Drop syslog.target from the service file. * libnss-sss.post*: Add sss entry to shadow and services on nsswitch.conf. (Closes: #761173) -- Timo Aaltonen Wed, 24 Sep 2014 07:08:04 +0300 sssd (1.11.6-1) unstable; urgency=medium * New upstream release. * control: Update my email. * control: Update vcs urls. * libnss-sss.postrm: Check DPKG_MAINTSCRIPT_PACKAGE_REFCOUNT before removing sss entry from nsswitch.conf. (Closes: #748671) * libpam-sss.prerm: Check DPKG_MAINTSCRIPT_PACKAGE_REFCOUNT before running pam-auth-update --remove. * control: Mark libkeyutils-dev, libselinux-dev, libsemanage-dev, libnl*-dev build-deps as linux-any, as a preliminary step to build on kfreebsd-*. * Run wrap-and-sort. * sssd-dbus: Add a new subpackage for the D-Bus responder. * control: Demote libsasl2-modules-ldap to Suggests for sssd-ldap. * generate-config: Bring it back for convenience, but don't run it on postinst. * sssd-common.postinst: Remove obsolete config upgrade. -- Timo Aaltonen Tue, 19 Aug 2014 09:15:13 +0300 sssd (1.11.5.1-2) unstable; urgency=medium * control: Drop libcmocka-dev and check from build-depends again so that the package will build on every arch. Test failures will be fixed in a future upload. -- Timo Aaltonen Thu, 14 Aug 2014 02:22:57 +0300 sssd (1.11.5.1-1) unstable; urgency=medium [ Stéphane Graber ] * Fix upstart job to provide a proper stdin for sssd. * Update defaults to always pass -i. [ Timo Aaltonen ] * New upstream release. (Closes: #745664) * control: Bump libkrb5-dev build-dependency to 1.12 due to the OTP features. -- Timo Aaltonen Fri, 09 May 2014 14:50:12 +0300 sssd (1.11.5-1) unstable; urgency=medium * New upstream bugfix release. (Closes: #729982) * upstart: Run the daemon in foreground and drop expect fork from the job, should fix issues with upstart getting confused when a backend fails to start. -- Timo Aaltonen Tue, 08 Apr 2014 23:39:20 +0300 sssd (1.11.4-1) unstable; urgency=low * New upstream release. * control, rules: Add libcmocka-dev and re-add check to build-depends. Override dh_auto_test so that it shows the test error log if they fail. * rules: Fix the manpage date handling with a bigger hammer, and enable it for all manpages not just pam_sss.8. (Closes: #734083) * Drop an obsolete lintian override from libsss-sudo. -- Timo Aaltonen Fri, 21 Mar 2014 13:28:38 +0200 sssd (1.11.3-1) unstable; urgency=low * New upstream release. * control: Update policy to 3.9.5, no changes. -- Timo Aaltonen Fri, 03 Jan 2014 00:01:29 +0200 sssd (1.11.2-1) unstable; urgency=low * New upstream release. * rules, sssd-common.install: Use the correct path for the systemd service file. * control: Build depend on libpam0g-dev | libpam-dev. -- Timo Aaltonen Tue, 19 Nov 2013 15:22:27 +0200 sssd (1.11.1-1) unstable; urgency=low * New upstream release. * sssd-common.postinst, generate-config: Don't create a config on install, drop generate-config. (Closes: #717587) * sssd-common.postrm: Remove /etc/apparmor.d too, if empty. * control, rules, sssd-common.install: Install the systemd service file provided by upstream. * control: Drop M-A: foreign from sssd-* and add back to sssd instead. * control: Don't hardcode 'multiarch-support'. * control: Drop unnecessary multiarch declarations. * control: Drop obsolete Breaks/Conflicts. * rules: Enable parallel build. * control: Add libltdl-dev to build-depends. * control: Prepare for new unified samba package, adjust build- dependencies. Thanks, Ivo De Decker! (Closes: #725992) -- Timo Aaltonen Tue, 06 Aug 2013 17:04:28 +0300 sssd (1.10.0-1) unstable; urgency=low [ Timo Aaltonen ] * New upstream release (Closes: #693054, #705357, #711101) * Update the packaging for the new version, thanks Esko Järnfors! - Add libsss-idmap0, libsss-idmap-dev packages - Add sssd Depends on libsss-idmap0 - Add /var/lib/sss/mc directory for the new mmap cache * Split authentication providers to separate packages and make sssd a metapackage. * control: Drop libunistring-dev from build-depends and add libglib2.0-dev for unicode support. * sssd-*.install: Install new manpages. * python-sss.install: py-files got moved under SSSDConfig. * control, rules: Use default build flags, bump dpkg-dev build-dep to 1.16.1~. * rules: Install the apparmor profile with -m644. * python-sss: Add pysss_murmur.so. * rules, control, sssd-ad-common.install: PAC responder support. - Add libndr-dev, libndr-standard-dev, libsamba-util-dev, samba4-dev, libdcerpc-dev to build-depends - Add -I/usr/include/samba-4.0 to CFLAGS * control: Mark sssd-common as Multi-Arch: foreign. * watch: Add a comment about the upstream git tree. * Replace perl snippet from libnss-sss.post* with sed, drop perl from Depends. (Closes: #686237) * compat: Bump compat to 9. * rules: Set DEB_HOST_MULTIARCH, drop --libdir and remnants of cdbs. * sssd-common.install: Install the support binaries under the multiarch path. * rules,sssd-common.postinst: Move generate-config to /usr/share/sssd. * rules, sssd-common.install: Use the correct install path for the krb5_locator plugin. * libnss-sss.postinst: SSSD doesn't handle shadow maps, so don't pretend that it would. * libsss-sudo*, control: Remove the soname from the library, move .so to the libsss-sudo, drop -dev package. * rules: Pass --datadir, so the path in autogenerated python files is correctly substituted. (LP: #1079938) * sssd-krb5-common.dirs: Add krb5 include dir. * fix-cve-2013-0219*.diff, -0220.diff: Dropped, included upstream. * libsss-sudo.postrm: Run ldconfig on remove/purge. * apparmor-profile: Fix the profile to use the multiarch path for it's helper location (LP: #1175317). * Add packaging for libsss-nss-idmap0, libsss-nss-idmap-dev, python-libsss-nss-idmap. * watch: Updated to work with alpha/beta releases. * control: Migrate to libnl-3 now that it's supported. (Closes: #688174) * sssd-common.{preinst,postrm}: Install the apparmor profile in force-complain mode on install, and remove the profile directory on purge (if empty). Also migrate from previous setup which installed it as disabled. (Closes: #676140) * control: Bump policy to 3.9.4, no changes. * control: Add libpam-pwquality (>= 1.2.2-1) to libpam-sss depends, which makes the password stack work in all cases. (LP: #1159983) * control: Drop check from build-depends for now, to work around a linking bug in check (#712140) that makes the tests fail on (at least) i386. [ Stéphane Graber ] * Add postinst/postrm script for libsss-sudo. Those will add a "sudoers" entry to /etc/nsswitch.conf upon first installation of the package and will then take care of adding/removing sss from the stack as required. * Set CK_DEFAULT_TIMEOUT to 30 so that slower buildds (armhf at least) can run the tests without hitting the default 4s timeout. -- Timo Aaltonen Fri, 05 Jul 2013 14:53:06 +0300 sssd (1.8.4-2) unstable; urgency=low * fix-cve-2013-0219-1.diff, fix-cve-2013-0219-2.diff, fix-cve-2013-0220.diff: Upstream commits from the stable tree to fix recent CVE reports. (Closes: #698871) -- Timo Aaltonen Wed, 27 Feb 2013 23:38:28 +0200 sssd (1.8.4-1) unstable; urgency=low * New upstream bugfix release 1.8.2. - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools * New upstream bugfix release 1.8.3. - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information * New upstream bugfix release 1.8.4. (LP: #981125, #985031) - Fix a bug causing AD servers not to fail over properly when the KDC on the primary server is down - Fix an endianness bug on big-endian systems when looking up services - Fix a segfault dealing with nested groups (LP: #981125) - Make the nowait cache updates work for netgroups - Fix a regression that broke domains with use_fully_qualified_names = True (LP: #985031) * control: Move the dependency of libsasl2-modules-gssapi-mit to Recommends. * control: sssd works with Heimdal gssapi modules too, add libsasl2-modules-gssapi-mit as an option for the Recommends. (LP: #966146) * libpam-sss.pam-auth-update: - Drop the dependency to 128, since pam_sss should always be below pam_unix. (LP: #957486) - Drop 'use_authtok' from the password stack, since it only works when pam_cracklib is installed. This will allow password changes on the default install. * sssd.postrm: Try to remove /etc/sssd only if it exists. (Closes: #666226) * Add disabled by default Apparmor profile (LP: #933342) - debian/sssd.upstart.in: load the profile during pre-start - add debian/apparmor-profile, install to /etc/apparmor.d - debian/rules: use dh_apparmor to install profile before sssd is restarted - debian/control: sssd Suggests apparmor (>= 2.3) - debian/control: Add dh-apparmor to build-depends - debian/sssd.preinst: disable profile on clean install or upgrades from earlier than when we shipped the profile * rules: Mangle the date stamp on pam_sss.8 so that the compressed file is identical across all archs. (Closes: #670019) * control: Add build-depends on libnl-dev to enable Netlink support. * control: Add build-depends on libkeyutil-dev to enable support for kernel keyring manipulation. * sssd.logrotate: Rotate logs weekly, keep four previous rotations. (Closes: #672984) * sssd.upstart.in: Delete an invisible control character from the pre-start script. (LP: #1003845) -- Timo Aaltonen Fri, 01 Jun 2012 11:43:42 +0300 sssd (1.8.1-1) unstable; urgency=low * New maintainer, Debian SSSD Team. (Closes: #660985) [ Timo Aaltonen ] * New upstream release (1.8.1) (Closes: #647980, #624194, #639965) - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) * Update build-deps: - Add libunistring-dev, libdhash-dev, libcollection-dev and libini-config-dev. - Add check for unit tests. - Drop cvs and python-central. - Migrate to dh, drop cdbs build-dep, add quilt, dh-autoreconf and autopoint to build-deps. * Add new packages: - libipa-hbac0, libipa-hbac-dev, libsss-sudo0, libsss-sudo-dev, and python-libipa-hbac. - Split sssd-tools: add Breaks/Replaces sssd (<< 1.8.0~beta3-1) and add to sssd Suggests * Drop patch to ensure LDAP authentication never accept a zero length password, which is now included upstream. * sssd.upstart.ubuntu: - Don't start before net-device-up. (LP: 812943) - Source /etc/default/sssd. (LP: 812943) * sssd.default: Added a file to include the sssd daemon defaults, currently has '-D -f'. * sssd.init: Drop separate OPTIONS, '-D' comes from /etc/default/sssd now.. * rules: Install the Python API files to /usr/share/sssd, as discussed with upstream. (LP: 859611) * fix-python-api-path.dpatch: Use the new location for the API files. (LP: 859611) * libpam-sss.pam-auth-update: - Add 'forward_pass' to auth stack to fix ecryptfs mounts. (LP: 826643) - Add pam_localuser.so to account stack to allow local users to log in. (LP: 860488) * control: sssd now Recommends libpam-sss and libnss-sss, since sssd is mostly useless without them. (LP: 767337) * control, compat: Bump debhelper build-dep and compat level to 8. * Switch patch-system to quilt. * Do not install a working config file by default. The local domain definition was broken (upstream #1014). The daemon will need to be configured by other means before it's usable. * Add support for Multi-Arch (Closes: #634123). * Remove unnecessary libnss-sss.links. * libnss-sss.overrides: Add an override for "package-name-doesnt-match-sonames". * Determine the used init system during build, add lsb-release to build-deps. Default to sysvinit, use upstart if Ubuntu. * sssd.upstart.in: Test if the config file exists, and exit if not. * Fail gracefully if invoke-rc.d returns an error on postinst/prerm, like when the daemon fails to start when there is no config file. * sssd.init.in: Check that /etc/default/sssd is a real file before sourcing it (Closes: #587895). * control: Add libsasl2-modules-gssapi-mit and libsasl2-modules-ldap to Recommends for sssd. * rules: Move the rule for purging .la files before dh_install (Closes: #633206). * sssd.install: Fix the wildcard for plugins to include .so symlinks. * rules: Add configure flags - Disable RPATH - Disable building static libs - Enable ssh user and host key retrieval, autofs request and sudo rules caching. The respective packages need to add support for these to be useful. * Drop fix-python-api-path.patch, included upstream. * sssd.examples: Install the renamed example config. * rules: Drop special handling of the sssd.api.d, upstream uses the proper path now. * rules: Add --fail-missing to dh_install. * sssd.install: Add new files. * libpam-sss.install, control: Move pam_sss.8 to the correct package, add Breaks/Replaces. * rules: Remove some files we don't want to install, to make dh_install happy. * rules: Clean po/*.gmo, po/stamp-po and *.pyc. * Install lintian overrides using dh_lintian. * {sssd,libnss-sss}.lintian-overrides: Update. * Move libsasl2-modules-gssapi to sssd Depends to make sure it gets installed, as it's needed in most cases. * control: Update maintainer address and repo location. * control: Bump the Standards-Version to 3.9.3, no changes. * control: Bump the debhelper build-dep to 9. * control: Add ${misc:Depends} to libipa-hbac*, libsss-sudo*. * control, rules: Migrate to dh_python2 (Closes: #617071). * control: Add myself to uploaders. [ Petter Reinholdtsen ] * New upstream version 1.2.4: - Resolves long-standing issues related to group processing with RFC2307bis LDAP servers. - Fixed bugs in RFC2307bis group memberships related to initgroups (Closes: #595564). - Fix tight-loop bug on systems with older OpenLDAP client libraries (such as Red Hat Enterprise Linux 5) * New Upstream Version 1.2.3: - Resolves CVE-2010-2940. * New Upstream Version 1.2.2: - The LDAP provider no longer requires access to the LDAP RootDSE. If it is unavailable, we will continue on with our best guess. - The LDAP provider will now log issues with TLS and GSSAPI to the syslog. - Significant performance improvement when performing initgroups on users who are members of large groups in LDAP. - The sss_client will now reconnect properly to the SSSD if the daemon is restarted. * This resolves an issue causing GDM to crash when logging out of a user after the SSSD had been restarted. * Correct package description for python-sss (Closes: #596215). * Update Standards-Version from 3.8.4 to 3.9.1. No changes needed. [ Stéphane Graber ] * Fix prerm invoke_failure hook to simply return as empty functions are invalid shell syntax. -- Timo Aaltonen Thu, 22 Mar 2012 13:28:27 +0200 sssd (1.2.1-4.4) unstable; urgency=low * Non-maintainer upload. * Fix FTBFS with -Werror=format-security. Thanks Philippe De Swert for patch. (Closes: #643806). -- Hector Oron Sun, 19 Feb 2012 19:33:04 +0000 sssd (1.2.1-4.3) unstable; urgency=medium * Non-maintainer upload. * Adjust install path to consider GNU triplet (Closes: #640626). -- Luca Falavigna Tue, 20 Sep 2011 20:02:34 +0200 sssd (1.2.1-4.2) unstable; urgency=low * Non-maintainer upload. * debian/sssd.install - updated location for ldb modules; Closes: #618159 -- Sandro Tosi Fri, 03 Jun 2011 23:53:59 +0200 sssd (1.2.1-4.1) unstable; urgency=medium * Non-maintainer upload by the Security Team * Fix CVE-2010-4341 (Closes: #610032) -- Moritz Muehlenhoff Tue, 25 Jan 2011 22:09:21 +0100 sssd (1.2.1-4) unstable; urgency=low * Add patch from Stephen Gallagher to ensure LDAP authentication never accept a zero length password (Closes: #594413). Solves CVE-2010-2940. -- Petter Reinholdtsen Wed, 25 Aug 2010 22:33:40 +0200 sssd (1.2.1-3) unstable; urgency=low [ Petter Reinholdtsen ] * Look for /etc/default/sssd, not /etc/defaults/sssd in init.d script (Closes: #588252). * Make sssd.conf generation more robust, and make sure missing SRV records are ignored and not handled as host names. * Add code in generate-config to look up Kerberos realm using _kerberos TXT record in DNS if it exist. * Recommend bind9-host used by generate-config for SRV and TXT lookups. [ Morten Werner Forsbring ] * Check if /etc/default/sssd is a file and executable, not a directory, before sourcing in init-script. Thanks to lintian. -- Morten Werner Forsbring Thu, 12 Aug 2010 16:31:14 +0200 sssd (1.2.1-2) unstable; urgency=low * Make sure init.d script sources /etc/default/sssd (Closes: #588252). * Drop /etc/default/sssd from package, to avoid conffile question from dpkg during upgrades. * Make sure to only remove obsolete sssd conffiles on upgrades, not on first time installation. * Add new script generate-config and call it from the sssd postinst during first time installation to try to generate the sssd.conf file dynamically for LDAP and Kerberos using DNS entries, and fall back to the static example configuration if this fail. * Let sssd suggest libnss-sss and libpam-sss, to make those installing sssd aware of the other packages. * Add netgroup to nsswitch.conf entries added at first time installation, to make sure those installing now get working netgroups when sssd get netgroup support * Let sssd recommend ldap-utils as ldapsearch is used for generating the configuration. -- Petter Reinholdtsen Fri, 06 Aug 2010 23:44:26 +0200 sssd (1.2.1-1) unstable; urgency=low [ Petter Reinholdtsen ] * Move calls to pam-auth-update from the package scripts in sssd to libpam-sss, and correct prerm call to remove the correct pam config. Add versioned dependency on libpam-runtime to make sure pam-auth-update is available. * Add code to the postinst and postrm of libnss-sss to update passwd, group and shadow entries in /etc/nsswitch.conf. * Make sure init.d/sssd start after $named, to ensure it can look up in DNS also when the DNS server is on the local machine. [ Morten Werner Forsbring ] * New upstream release. -- Morten Werner Forsbring Thu, 24 Jun 2010 14:16:30 +0200 sssd (1.2.0-1) unstable; urgency=low [ Petter Reinholdtsen ] * New upstream release. - Add libsemanage1-dev as build dependency, as it is now required. - Drop python-build-with-deb-layout.dpatch, now handled upstream. - Adjust provide-default-working-sssd-config-file.dpatch to work with new package source layout and config file content. - Adjust build rules to cope with server/ changing to src/ in the source tarball. - Add --enable-krb5-locator-plugin to keep building the plugin. * Change the pam-auth-update configuration to make the session script optional instead of sufficient, to make sure the other session modules are executed too. * Change initial pam password entry from requisite to sufficient, to make sure local users can have their password set even if sssd is enabled. * Rename pam-configs/sssd to pam-configs/sss, to have a name that is consistent with the package name libpam-sss. * Add VCS links to the GIT repository. * Move configuration API documentation from /etc/sssd/ to /usr/share/doc/sssd/. It is not configuration and do not belong in /etc/. * Drop autoconf, automake, libtool, m4 and autotools-dev from build-depends. There is no need to regenerate the build files any more. [ Morten Werner Forsbring ] * Add dnsutils as build-dependency. -- Morten Werner Forsbring Tue, 01 Jun 2010 20:41:59 +0200 sssd (1.0.5-1) unstable; urgency=low * Initial upload based on package from Ubuntu (Closes: #579593). * Update standards-version from 3.8.3 to 3.8.4. No changes needed. * Add init.d script and rename sssd.upstart to sssd.upstart.ubuntu to make sure init.d script is installed instead of upstart job. * Add draft pam-auth-update configuration based on proposals in Launcepad bug #557398. * Update address to FSF in copyright file. Thanks lintian. * Set section for python-sss to python after advice from lintian. * Rewrite python-build-with-deb-layout.dpatch to patch Makefile.in instead of Makefile.am, to avoid having to run autoreconf. * Make sssd depend on python for its upgrade script. * Extend clean rule to remove generated file server/config/.files. * Make sure sssd.api.conf is installed into the sssd package, and put it in /etc/sssd/sssd.api.conf. Fixes typo in Ubuntu package. -- Petter Reinholdtsen Wed, 05 May 2010 21:53:29 +0200 sssd (1.0.5-0ubuntu1) lucid; urgency=low * New upstream bugfix release. (LP: #510290) * sssd.dirs: Add /var/lib/sss/pubconf (LP: #557394) -- Timo Aaltonen Fri, 16 Apr 2010 11:37:16 +0300 sssd (1.0.2-0ubuntu2) lucid; urgency=low * No change rebuild due to libldb downgrade -- Scott Kitterman Fri, 02 Apr 2010 17:48:19 -0400 sssd (1.0.2-0ubuntu1) lucid; urgency=low * New upstream release (LP: #473262): - python API for managing sssd daemon configuration and native SSSD users. - support for asynchronous cache refreshes. - support password changing in LDAP and Kerberos providers. - support for server failover. * debian/control: - update tdb build dependency to use libtdb-dev. - add libselinux1-dev and libsasl2-dev build dependencies. * debian/sssd.upstart: replace init script with an upstart job. * Turn sssd.conf into a configuration file. * Create sssd log directory. -- Mathias Gug Tue, 19 Jan 2010 15:17:13 -0500 sssd (0.5.0-0ubuntu2) karmic; urgency=low * debian/libnss-sss.overrides, debian/sssd.overrides: + Fix linitian errors and warnings (LP: #425697): sssd ships an nss library - these are false-positives. * debian/fix-dbus-watch.dpatch: Update dbus-patch to final upstream version. * debian/fix-proxy-segfault.dpatch: Fix proxy enumeration. -- Mathias Gug Wed, 09 Sep 2009 20:21:04 -0400 sssd (0.5.0-0ubuntu1) karmic; urgency=low * Initial release. -- Mathias Gug Mon, 24 Aug 2009 16:35:11 -0400