-
sssd (1.8.6-0ubuntu0.3) precise-proposed; urgency=low
* Revert the pam password stack change, there's no way to fix it
properly for every use case without adding new dependencies.
(LP: #1159983)
-- Timo Aaltonen <email address hidden> Fri, 13 Sep 2013 11:36:12 +0300
-
sssd (1.8.6-0ubuntu0.2) precise-proposed; urgency=low
* rules: Really install the new pam-auth-update file for password
changes. (LP: #1086272)
* rules: Pass --datadir, so the path in autogenerated python files is
correctly substituted. (LP: #1079938)
-- Timo Aaltonen <email address hidden> Wed, 06 Feb 2013 01:07:09 +0200
-
sssd (1.8.6-0ubuntu0.1) precise-proposed; urgency=low
* New upstream bugfix release from the Long Term Maintenance branch.
(LP: #1086304)
- Move SELinux processing from session to account PAM stack
(LP: #1012900)
- LDAP nested groups: Do not process callback with _post deep in the
nested structure (LP: #981125)
- Don't corrupt the credential cache when canonizing principals
(LP: #985031)
- Fix race conditions when creating or removing home directories for
users in local domain. (LP: #1105893)
- Fix out-of-bounds reads in autofs and ssh responder. (LP: #1105898)
* sssd.upstart.in: Delete an invisible control character from the pre-start
script. (LP: #1003845)
* Replace perl snippet from libnss-sss.post* with sed, drop perl from
Depends. (LP: #692727)
* libpam-sss.pam-auth-update*: Add a separate file for the password stack,
and drop it from the main file. It needs to have a higher priority
from the rest so that password changes work with both the default install
and when pam_cracklib is installed.
(LP: #1086272)
* rules: Drop remnants of cdbs, use proper paths for configure.
(LP: #1079938)
-- Timo Aaltonen <email address hidden> Wed, 30 Jan 2013 10:47:46 +0200
-
sssd (1.8.2-0ubuntu1) precise; urgency=low
* Merge from Debian git, remaining changes:
- control, rules: Drop libsemanage-dev from build-depends, it's not
in main and will not be for precise. Configure --with-semanage=no.
sssd (1.8.2-1) UNRELEASED; urgency=low
* New upstream bugfix release 1.8.2.
- Several fixes to case-insensitive domain functions
- Fix for GSSAPI binds when the keytab contains unrelated
principals
- Fixed several segfaults
- Workarounds added for LDAP servers with unreadable RootDSE
- SSH knownhostproxy will no longer enter an infinite loop
preventing login
- The provided SYSV init script now starts SSSD earlier at startup
and stops it later during shutdown
- Assorted minor fixes for issues discovered by static analysis
tools
* control: Move the dependency of libsasl2-modules-gssapi-mit to
Recommends.
* control: sssd works with Heimdal gssapi modules too, add
libsasl2-modules-gssapi-mit as an option for the Recommends.
(LP: #966146)
* libpam-sss.pam-auth-update: Drop the dependency to 128, since pam_sss
should always be below pam_unix. (LP: #957486)
* sssd.postrm: Try to remove /etc/sssd only if it exists.
(Closes: #666226)
-- Timo Aaltonen <email address hidden> Wed, 11 Apr 2012 11:48:56 +0300
-
sssd (1.8.1-0ubuntu1) precise; urgency=low
* Merge from debian git.
* New upstream bugfix release
- Resolve issue where we could enter an infinite loop trying to
connect to an auth server.
- Fix serious issue with complex (3+ levels) nested groups.
- Fix netgroup support for case-insensitivity and aliases.
- Fix serious issue with lookup bundling resulting in requests never
completing.
- IPA provider will now check the value of nsAccountLock during.
pam_acct_mgmt in addition to pam_authenticate.
- Fix several regressions in the proxy provider.
-- Timo Aaltonen <email address hidden> Tue, 13 Mar 2012 14:08:02 +0200
-
sssd (1.8.0-0ubuntu1) precise; urgency=low
* Merge from debian git.
- update to 1.8.0 LTM release (Long Term Maintenance).
-- Timo Aaltonen <email address hidden> Thu, 01 Mar 2012 10:38:52 +0200
-
sssd (1.8.0~beta3-0ubuntu1) precise; urgency=low
* Merge from debian git.
* control: lower the Breaks/Replaces to match this upload.
* control,rules : Drop libsemanage-dev from build-depends, it's not in main
and will not be for precise. Configure --with-semanage=no.
sssd (1.8.0~beta3-1) UNRELEASED; urgency=low
* New upstream prerelease:
- Support for the service map in NSS
- Support for setting default SELinux user context from FreeIPA
- Support for retrieving SSH user and host keys from LDAP (Experimental)
- Support for caching autofs LDAP requests (Experimental)
- Support for caching SUDO rules (Experimental)
* rules: Add configure flags
- Disable RPATH
- Disable building static libs
- Enable ssh user and host key retrieval, autofs request
and sudo rules caching. The respective packages need to add support
for these to be useful.
* Drop fix-python-api-path.patch, included upstream.
* sssd.examples: Install the renamed example config.
* rules: Drop special handling of the sssd.api.d, upstream uses
the proper path now.
* rules: Add --fail-missing to dh_install.
* Add packages for libsss-sudo0, libsss-sudo-dev.
* Split sssd-tools from the main package
- add Breaks/Replaces sssd (<< 1.8.0~beta3-1)
- add to sssd Suggests
* sssd.install: Add new files.
* libpam-sss.install, control: Move pam_sss.8 to the correct package,
add Breaks/Replaces.
* rules: Remove some files we don't want to install, to make dh_install
happy.
* rules: Clean *.gmo and *.pyc.
* Install lintian overrides using dh_lintian.
* {sssd,libnss-sss}.lintian-overrides: Update.
-- Timo Aaltonen <email address hidden> Thu, 16 Feb 2012 17:57:51 +0200
-
sssd (1.5.16-0ubuntu1) precise; urgency=low
* Merge from debian git:
- new upstream release
- bump the pam-auth config priority again, to allow password
changes. Side-effect is that pam_sss is on top of the auth
stack, which might cause issues if the daemon is misbehaving.
-- Timo Aaltonen <email address hidden> Tue, 07 Feb 2012 17:14:52 +0200
-
sssd (1.5.15-0ubuntu7) precise; urgency=low
* Rebuild for libdhash and libini-config transition
-- Andreas Moog <email address hidden> Sun, 05 Feb 2012 14:32:36 +0100
-
sssd (1.5.15-0ubuntu6) precise; urgency=low
* Merge from debian git:
- Fix upstart job to pass options to the daemon. (LP: #914436)
-- Timo Aaltonen <email address hidden> Wed, 11 Jan 2012 02:08:27 +0200
-
sssd (1.5.15-0ubuntu5) precise; urgency=low
* Merge changes from debian git:
- control: Add libsasl2-modules-gssapi-mit and libsasl2-modules-ldap
to Recommends for sssd. (LP: #902902)
- rules: Move the rule for purging .la files before dh_install.
- sssd.install: Fix the wildcard for plugins to include .so symlinks.
-- Timo Aaltonen <email address hidden> Mon, 02 Jan 2012 14:34:44 +0200
-
sssd (1.5.15-0ubuntu4) precise; urgency=low
* Fix prerm invoke_failure hook to simply return as empty functions
are invalid shell syntax.
* Drop auto-generated debian changes as they have most likely been
generated by mistake (changelog indicated a no change rebuild)
-- Stephane Graber <email address hidden> Sat, 31 Dec 2011 17:56:57 +0100
-
sssd (1.5.15-0ubuntu3) precise; urgency=low
* Rebuild for new libldb1 (1.1.4)
-- Stephane Graber <email address hidden> Sat, 31 Dec 2011 17:30:54 +0100
-
sssd (1.5.15-0ubuntu2) precise; urgency=low
* Merged changes from debian git:
- sssd.upstart.in: Test if the config file exists, and exit if not.
- Fail gracefully if invoke-rc.d returns an error on postinst/prerm,
like when the daemon fails to start when there is no config file.
-- Timo Aaltonen <email address hidden> Fri, 25 Nov 2011 00:29:51 +0200
-
sssd (1.5.15-0ubuntu1) precise; urgency=low
* Merge from Debian git, remaining changes: none.
* Rebuild against current ldb (LP: #893043).
sssd (1.5.15-1) UNRELEASED; urgency=low
[ Petter Reinholdtsen ]
* New upstream version 1.2.4:
- Resolves long-standing issues related to group processing with
RFC2307bis LDAP servers.
- Fixed bugs in RFC2307bis group memberships related to initgroups
(Closes: #595564).
- Fix tight-loop bug on systems with older OpenLDAP client
libraries (such as Red Hat Enterprise Linux 5)
* New Upstream Version 1.2.3:
- Resolves CVE-2010-2940.
* New Upstream Version 1.2.2:
- The LDAP provider no longer requires access to the LDAP
RootDSE. If it is unavailable, we will continue on with our best
guess.
- The LDAP provider will now log issues with TLS and GSSAPI to the
syslog.
- Significant performance improvement when performing initgroups
on users who are members of large groups in LDAP.
- The sss_client will now reconnect properly to the SSSD if the
daemon is restarted.
* This resolves an issue causing GDM to crash when logging out
of a user after the SSSD had been restarted.
* Correct package description for python-sss (Closes: #596215).
* Update Standards-Version from 3.8.4 to 3.9.1. No changes needed.
[ Timo Aaltonen ]
* New upstream release (1.5.15) (Closes: #595564, #624194, #640678).
- Add libunistring-dev to build-deps.
* Drop patch to ensure LDAP authentication never accept a zero
length password, which is now included upstream.
* sssd.upstart.ubuntu:
- Don't start before net-device-up. (LP: 812943)
- Source /etc/default/sssd. (LP: 812943)
* sssd.default: Added a file to include the sssd daemon defaults,
currently has '-D -f'.
* sssd.init: Drop separate OPTIONS, '-D' comes from /etc/default/sssd
now..
* rules: Install the Python API files to /usr/share/sssd, as discussed
with upstream. (LP: 859611)
* fix-python-api-path.dpatch: Use the new location for the API files.
(LP: 859611)
* libpam-sss.pam-auth-update:
- Add 'forward_pass' to auth stack to fix ecryptfs mounts. (LP: 826643)
- Add pam_localuser.so to account stack to allow local users to log in.
(LP: 860488)
- Drop the priority so that pam_unix is always before pam_sss.
* control: sssd now Recommends libpam-sss and libnss-sss, since sssd is
mostly useless without them. (LP: 767337)
* sssd.prerm: Remove empty script.
* control, compat: Bump debhelper build-dep and compat level to 8.
* Switch to source format 3.0 (quilt).
* Do not install a working config file by default. The local domain
definition was broken (upstream #1014). The daemon will need to be
configured by other means before it's usable.
* Add fix-format-security.diff (Closes: #643806)
* Add support for Multi-Arch.
* Migrate to dh, drop cdbs build-dep, add quilt, dh-autoreconf and
autopoint to build-deps.
* Remove unnecessary libnss-sss.links.
* Add libdhash-dev, libcollection-dev and libini-config-dev to build-deps.
* Drop cvs from build-depends.
* Add new packages: libipa-hbac0, libipa-hbac-dev, python-libipa-hbac.
* libnss-sss.overrides: Add an override for
"package-name-doesnt-match-sonames".
* Determine the used init system during build, add lsb-release to
build-deps. Default to sysvinit, use upstart if Ubuntu.
* Add ensure-all-input-valid-utf8.diff from upsream: Ensure that all
input strings are valid UTF-8.
-- Timo Aaltonen <email address hidden> Thu, 24 Nov 2011 19:57:41 +0200
-
sssd (1.5.13-0ubuntu1) oneiric; urgency=low
* FFE: New upstream release. (LP: #860297)
- control: Add libunistring-dev to build-depends.
- sssd.install: Include libipa_hbac.so*.
* Rebuild against current libldb1, and use the multiarch path
for libldb modules. (LP: #746981)
* sssd.default:
- Move the option to run as daemon here.
- Add option that makes the daemon to use logfiles. (LP: #859602)
* sssd.upstart:
- Don't start before net-device-up. (LP: #812943)
- Source /etc/default/sssd. (LP: #812943)
* rules: Install the Python API files to /usr/share/sssd, as discussed
with upstream. (LP: #859611)
* fix-python-api-path.dpatch: Use the new location for the API files.
(LP: #859611)
* libpam-sss.pam-auth-update:
- Add 'forward_pass' to auth stack to fix ecryptfs mounts. (LP: #826643)
- Add pam_localuser.so to account stack to allow local users to log in.
(LP: #860488)
* control: sssd now Recommends libpam-sss and libnss-sss, since sssd is
mostly useless without them. (LP: #767337)
-- Timo Aaltonen <email address hidden> Tue, 27 Sep 2011 06:03:41 +0300