Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package sssd 1.15.2 bugfix release has been in unstable for roughly two months now without any new bugs filed against it. While it also adds new features, we do not enable any of the new stuff by default, so the actual diff (bugfixes) is much smaller. Snippets from upstream release notes: SSSD 1.15.1 =========== Tickets Fixed ------------- * https://pagure.io/SSSD/sssd/issue/3112 - When sssd.conf is missing, create one with id_provider=files * https://pagure.io/SSSD/sssd/issue/3220 - Improve successful Dynamic DNS update log messages * https://pagure.io/SSSD/sssd/issue/3227 - sssd doesn't update PTR records if A/PTR zones are configured as non-secure and secure * https://pagure.io/SSSD/sssd/issue/3230 - Use the same logic for matching GC results in initgroups and user lookups * https://pagure.io/SSSD/sssd/issue/3260 - handle default_domain_suffix for ssh requests with default_domain_suffix * https://pagure.io/SSSD/sssd/issue/3262 - Implement a files provider to mirror the contents of /etc/passwd and /etc/groups * https://pagure.io/SSSD/sssd/issue/3270 - [RFE] Add PKINIT support to SSSD Kerberos proivder * https://pagure.io/SSSD/sssd/issue/3298 - Socket activation of SSSD doesn't work and leads to chaos * https://pagure.io/SSSD/sssd/issue/3299 - SSSD does not start if using only the local provider and services line is empty * https://pagure.io/SSSD/sssd/issue/3300 - Avoid running two instances of the same service * https://pagure.io/SSSD/sssd/issue/3309 - Coverity warns about an unused value in IPA sudo code * https://pagure.io/SSSD/sssd/issue/3313 - cache_req should use an negative cache entry for UPN based lookups * https://pagure.io/SSSD/sssd/issue/2984 - Don't prompt for password if there is already one on the stack * https://pagure.io/SSSD/sssd/issue/1126 - Reuse cache_req() in responder code SSSD 1.15.2 =========== Tickets Fixed ------------- * <https://pagure.io/SSSD/sssd/issue/3317> - Newline characters (\n) must be sanitized before LDAP requests take place * <https://pagure.io/SSSD/sssd/issue/3316> - sssd-secrets doesn't exit on idle * <https://pagure.io/SSSD/sssd/issue/3314> - sssd ignores entire groups from proxy provider if one member is listed twice * <https://pagure.io/SSSD/sssd/issue/3164> - when group is invalidated using sss_cache dataExpireTimestamp entry in the domain and timestamps cache are inconsistent * <https://pagure.io/SSSD/sssd/issue/2668> - [RFE] Add more flexible templating for override_homedir config option * <https://pagure.io/SSSD/sssd/issue/2599> - Make it possible to configure AD subdomain in the server mode * <https://pagure.io/SSSD/sssd/issue/3322> - chown in ExecStartPre of sssd-nss.service hangs forever * <https://pagure.io/SSSD/sssd/issue/843> - Login time increases strongly if more than one domain is configured * <https://pagure.io/SSSD/sssd/issue/2320> - use the sss_parse_inp request in other responders than dbus packaging debdiff explained: - adcli got added to Recommends to work around a bug, which has since been fixed upstream, so can be demoted to Suggests https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1590471 - krb5 locator plugin path was wrong, oops https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1664566 - upstream switched to pagure.io - add packaging for the new stuff, still not enabled by default so is risk-free to add diff --git a/debian/changelog b/debian/changelog index 4ac67c9..8bc5099 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,14 @@ +sssd (1.15.2-1) unstable; urgency=medium + + * New upstream release. + * control: Demote adcli to sssd-ad suggests. + * rules, common.install: Fix sssd_krb5_locator_plugin install path. + (LP: #1664566) + * control, copyright, watch: Update upstream URLs. + * common.install: Add libsss_files and socket activation helper. + + -- Timo Aaltonen <tjaal...@debian.org> Mon, 20 Mar 2017 15:17:19 +0200 + sssd (1.15.0-3) unstable; urgency=medium * rules, install: Remove responder service and socket files for now, the diff --git a/debian/control b/debian/control index ea5f673..cf628d9 100644 --- a/debian/control +++ b/debian/control @@ -66,7 +66,7 @@ X-Python3-Version: >= 3.3 Standards-Version: 3.9.6 Vcs-Git: git://anonscm.debian.org/pkg-sssd/sssd.git Vcs-Browser: http://anonscm.debian.org/cgit/pkg-sssd/sssd.git -Homepage: https://fedorahosted.org/sssd/ +Homepage: https://pagure.io/SSSD/sssd/ Package: sssd Section: metapackages @@ -121,7 +121,7 @@ Depends: sssd-krb5-common (= ${binary:Version}), ${misc:Depends}, ${shlibs:Depends} -Recommends: +Suggests: adcli, Breaks: sssd (<< 1.10.0~beta2-1) Replaces: sssd (<< 1.10.0~beta2-1) diff --git a/debian/copyright b/debian/copyright index aba62b8..4a80961 100644 --- a/debian/copyright +++ b/debian/copyright @@ -1,7 +1,7 @@ This package was debianized by Mathias Gug <math...@ubuntu.com> on Wed, 05 Aug 2009 08:58:56 +0100. -It was downloaded from https://fedorahosted.org/sssd/ +It was downloaded from https://pagure.io/SSSD/sssd/ Upstream Authors: Dmitri Pal <d...@redhat.com> diff --git a/debian/rules b/debian/rules index f0945d3..81b2619 100755 --- a/debian/rules +++ b/debian/rules @@ -28,7 +28,7 @@ override_dh_auto_configure: --datadir=/usr/share/ \ --with-environment-file=/etc/default/sssd \ --with-ldb-lib-dir=/usr/lib/$(DEB_HOST_MULTIARCH)/ldb/modules/ldb \ - --with-krb5-plugin-path=/usr/lib/$(DEB_HOST_MULTIARCH)/krb5/plugins/krb5 \ + --with-krb5-plugin-path=/usr/lib/$(DEB_HOST_MULTIARCH)/krb5/plugins/libkrb5 \ --enable-nsslibdir=/lib/$(DEB_HOST_MULTIARCH) \ --enable-pammoddir=/lib/$(DEB_HOST_MULTIARCH)/security \ --disable-static \ diff --git a/debian/sssd-common.install b/debian/sssd-common.install index 7ac7d89..03488db 100644 --- a/debian/sssd-common.install +++ b/debian/sssd-common.install @@ -16,7 +16,7 @@ usr/bin/sss_ssh_authorizedkeys usr/bin/sss_ssh_knownhostsproxy usr/lib/*/cifs-utils/cifs_idmap_sss.so usr/lib/*/krb5/plugins/authdata/sssd_pac_plugin.so -usr/lib/*/krb5/plugins/krb5/sssd_krb5_locator_plugin.so +usr/lib/*/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so usr/lib/*/ldb/modules/ldb/memberof.so usr/lib/*/libnfsidmap/sss.so usr/lib/*/samba/idmap/sss.so @@ -24,6 +24,7 @@ usr/lib/*/sssd/libsss_cert.so usr/lib/*/sssd/libsss_child.so usr/lib/*/sssd/libsss_crypt.so usr/lib/*/sssd/libsss_debug.so +usr/lib/*/sssd/libsss_files.so usr/lib/*/sssd/libsss_krb5_common.so usr/lib/*/sssd/libsss_ldap_common.so usr/lib/*/sssd/libsss_semanage.so @@ -35,6 +36,7 @@ usr/lib/*/sssd/p11_child usr/lib/*/sssd/sss_signal usr/lib/*/sssd/sssd_autofs usr/lib/*/sssd/sssd_be +usr/lib/*/sssd/sssd_check_socket_activated_responders usr/lib/*/sssd/sssd_nss usr/lib/*/sssd/sssd_pam usr/lib/*/sssd/sssd_secrets @@ -45,6 +47,7 @@ usr/share/locale/*/LC_MESSAGES/* usr/share/man/man1/sss_ssh_authorizedkeys.1* usr/share/man/man1/sss_ssh_knownhostsproxy.1* usr/share/man/man5/sss_rpcidmapd.5* +usr/share/man/man5/sssd-files.5* usr/share/man/man5/sssd-secrets.5* usr/share/man/man5/sssd-simple.5* usr/share/man/man5/sssd-sudo.5* diff --git a/debian/watch b/debian/watch index 63db586..fb8387e 100644 --- a/debian/watch +++ b/debian/watch @@ -1,4 +1,4 @@ -#git=git://git.fedorahosted.org/sssd.git +#git=git://pagure.io/SSSD/sssd.git version=3 opts="uversionmangle=s/alpha/~alpha/;s/beta/~beta/,pgpsigurlmangle=s/$/.asc/" \ -https://fedorahosted.org/released/sssd/sssd-(.*)\.tar\.gz +https://releases.pagure.org/SSSD/sssd/sssd-(.*)\.tar\.gz Diffstat to 1.15.0-3. We don't use the responder/files stuff or enable the split systemd services/socket files, so those can be ignored here: README | 43 b/.git-commit-template | 2 b/Makefile.am | 172 + b/README.md | 28 b/configure.ac | 25 b/contrib/ci/deps.sh | 2 b/contrib/sssd.spec.in | 9 b/contrib/suse/sssd.spec.in | 2 b/debian/changelog | 11 b/debian/control | 4 b/debian/copyright | 2 b/debian/rules | 2 b/debian/sssd-common.install | 5 b/debian/watch | 4 b/po/bg.po | 798 ++--- b/po/ca.po | 798 ++--- b/po/de.po | 798 ++--- b/po/es.po | 798 ++--- b/po/eu.po | 798 ++--- b/po/fr.po | 798 ++--- b/po/hu.po | 798 ++--- b/po/id.po | 798 ++--- b/po/it.po | 798 ++--- b/po/ja.po | 798 ++--- b/po/nb.po | 798 ++--- b/po/nl.po | 798 ++--- b/po/pl.po | 798 ++--- b/po/pt.po | 798 ++--- b/po/pt_BR.po | 798 ++--- b/po/ru.po | 798 ++--- b/po/sssd.pot | 798 ++--- b/po/sv.po | 798 ++--- b/po/tg.po | 798 ++--- b/po/tr.po | 798 ++--- b/po/uk.po | 798 ++--- b/po/zh_CN.po | 798 ++--- b/po/zh_TW.po | 798 ++--- b/src/conf_macros.m4 | 13 b/src/confdb/confdb.c | 212 + b/src/confdb/confdb.h | 11 b/src/confdb/confdb_setup.c | 208 - b/src/config/SSSDConfig/__init__.py.in | 2 b/src/config/SSSDConfigTest.py | 4 b/src/config/cfg_rules.ini | 9 b/src/config/etc/sssd.api.conf | 2 b/src/config/setup.py.in | 2 b/src/db/sysdb.h | 18 b/src/db/sysdb_ops.c | 93 b/src/db/sysdb_private.h | 1 b/src/db/sysdb_search.c | 7 b/src/db/sysdb_subdomains.c | 343 -- b/src/db/sysdb_sudo.c | 17 b/src/examples/sssd.conf | 4 b/src/external/inotify.m4 | 2 b/src/external/libcurl.m4 | 38 b/src/lib/idmap/sss_idmap.pc.in | 2 b/src/lib/ipa_hbac/ipa_hbac.pc.in | 2 b/src/lib/sifp/sss_simpleifp.pc.in | 2 b/src/man/Makefile.am | 11 b/src/man/include/experimental.xml | 2 b/src/man/include/override_homedir.xml | 4 b/src/man/include/upstream.xml | 2 b/src/man/pam_sss.8.xml | 24 b/src/man/po/br.po | 1392 +++++---- b/src/man/po/ca.po | 1472 +++++---- b/src/man/po/cs.po | 1398 +++++---- b/src/man/po/de.po | 1475 +++++---- b/src/man/po/es.po | 1472 +++++---- b/src/man/po/eu.po | 1388 +++++---- b/src/man/po/fr.po | 1475 +++++---- b/src/man/po/ja.po | 1470 +++++---- b/src/man/po/lv.po | 1394 +++++---- b/src/man/po/nl.po | 1390 +++++---- b/src/man/po/po4a.cfg | 1 b/src/man/po/pt.po | 1410 +++++---- b/src/man/po/pt_BR.po | 1410 +++++---- b/src/man/po/ru.po | 1390 +++++---- b/src/man/po/sssd-docs.pot | 1346 +++++---- b/src/man/po/tg.po | 1390 +++++---- b/src/man/po/uk.po | 1478 +++++----- b/src/man/po/zh_CN.po | 1390 +++++---- b/src/man/sssd-ad.5.xml | 15 b/src/man/sssd-files.5.xml | 88 b/src/man/sssd-ipa.5.xml | 15 b/src/man/sssd.conf.5.xml | 68 b/src/monitor/monitor.c | 540 +-- b/src/monitor/monitor.h | 3 b/src/p11_child/p11_child_nss.c | 55 b/src/providers/ad/ad_common.c | 274 + b/src/providers/ad/ad_common.h | 22 b/src/providers/ad/ad_id.c | 1 b/src/providers/ad/ad_pac.c | 4 b/src/providers/ad/ad_subdomains.c | 33 b/src/providers/be_dyndns.c | 6 b/src/providers/data_provider.h | 6 b/src/providers/data_provider/dp.h | 14 b/src/providers/data_provider/dp_resp_client.c | 191 + b/src/providers/data_provider_be.c | 4 b/src/providers/fail_over.c | 12 b/src/providers/files/files_id.c | 179 + b/src/providers/files/files_init.c | 92 b/src/providers/files/files_ops.c | 806 +++++ b/src/providers/files/files_private.h | 74 b/src/providers/ipa/ipa_id.c | 160 - b/src/providers/ipa/ipa_subdomains_id.c | 8 b/src/providers/ipa/ipa_subdomains_server.c | 46 b/src/providers/ipa/ipa_sudo_conversion.c | 54 b/src/providers/krb5/krb5_auth.c | 19 b/src/providers/krb5/krb5_child.c | 290 + b/src/providers/krb5/krb5_child_handler.c | 8 b/src/providers/ldap/ldap_auth.c | 11 b/src/providers/ldap/ldap_child.c | 26 b/src/providers/ldap/ldap_id.c | 2 b/src/providers/ldap/sdap.c | 15 b/src/providers/ldap/sdap.h | 25 b/src/providers/ldap/sdap_async_initgroups.c | 28 b/src/providers/ldap/sdap_dyndns.c | 3 b/src/providers/ldap/sdap_idmap.c | 1 b/src/providers/proxy/proxy_auth.c | 8 b/src/providers/proxy/proxy_id.c | 154 + b/src/python/pyhbac.c | 1 b/src/responder/common/cache_req/cache_req.c | 702 ++-- b/src/responder/common/cache_req/cache_req.h | 39 b/src/responder/common/cache_req/cache_req_data.c | 51 b/src/responder/common/cache_req/cache_req_plugin.h | 45 b/src/responder/common/cache_req/cache_req_private.h | 37 b/src/responder/common/cache_req/cache_req_result.c | 239 + b/src/responder/common/cache_req/cache_req_search.c | 129 b/src/responder/common/cache_req/plugins/cache_req_common.c | 40 b/src/responder/common/cache_req/plugins/cache_req_enum_groups.c | 25 b/src/responder/common/cache_req/plugins/cache_req_enum_svc.c | 25 b/src/responder/common/cache_req/plugins/cache_req_enum_users.c | 25 b/src/responder/common/cache_req/plugins/cache_req_group_by_filter.c | 26 b/src/responder/common/cache_req/plugins/cache_req_group_by_id.c | 27 b/src/responder/common/cache_req/plugins/cache_req_group_by_name.c | 27 b/src/responder/common/cache_req/plugins/cache_req_host_by_name.c | 121 b/src/responder/common/cache_req/plugins/cache_req_initgroups_by_name.c | 27 b/src/responder/common/cache_req/plugins/cache_req_initgroups_by_upn.c | 26 b/src/responder/common/cache_req/plugins/cache_req_netgroup_by_name.c | 26 b/src/responder/common/cache_req/plugins/cache_req_object_by_id.c | 26 b/src/responder/common/cache_req/plugins/cache_req_object_by_name.c | 26 b/src/responder/common/cache_req/plugins/cache_req_object_by_sid.c | 25 b/src/responder/common/cache_req/plugins/cache_req_svc_by_name.c | 26 b/src/responder/common/cache_req/plugins/cache_req_svc_by_port.c | 26 b/src/responder/common/cache_req/plugins/cache_req_user_by_cert.c | 29 b/src/responder/common/cache_req/plugins/cache_req_user_by_filter.c | 26 b/src/responder/common/cache_req/plugins/cache_req_user_by_id.c | 27 b/src/responder/common/cache_req/plugins/cache_req_user_by_name.c | 58 b/src/responder/common/cache_req/plugins/cache_req_user_by_upn.c | 37 b/src/responder/common/iface/responder_domain.c | 73 b/src/responder/common/iface/responder_iface.c | 43 b/src/responder/common/iface/responder_iface.h | 42 b/src/responder/common/iface/responder_iface.xml | 19 b/src/responder/common/iface/responder_iface_generated.c | 118 b/src/responder/common/iface/responder_iface_generated.h | 84 b/src/responder/common/iface/responder_ncache.c | 41 b/src/responder/common/negcache.c | 92 b/src/responder/common/negcache.h | 6 b/src/responder/common/responder.h | 32 b/src/responder/common/responder_common.c | 111 b/src/responder/common/responder_dp.c | 81 b/src/responder/common/responder_dp_ssh.c | 155 + b/src/responder/common/responder_get_domains.c | 30 b/src/responder/ifp/ifp_iface.c | 2 b/src/responder/ifp/ifp_iface.xml | 10 b/src/responder/ifp/ifp_iface_generated.c | 83 b/src/responder/ifp/ifp_iface_generated.h | 10 b/src/responder/ifp/ifp_users.c | 417 ++ b/src/responder/ifp/ifp_users.h | 10 b/src/responder/ifp/ifpsrv_cmd.c | 2 b/src/responder/nss/nss_cmd.c | 2 b/src/responder/nss/nss_iface.c | 44 b/src/responder/nss/nss_iface.xml | 6 b/src/responder/nss/nss_iface_generated.c | 39 b/src/responder/nss/nss_iface_generated.h | 15 b/src/responder/nss/nss_private.h | 4 b/src/responder/nss/nss_protocol.h | 6 b/src/responder/nss/nss_protocol_grent.c | 6 b/src/responder/nss/nss_protocol_pwent.c | 6 b/src/responder/nss/nss_protocol_sid.c | 15 b/src/responder/nss/nss_utils.c | 12 b/src/responder/pam/pamsrv.h | 13 b/src/responder/pam/pamsrv_cmd.c | 661 +--- b/src/responder/pam/pamsrv_p11.c | 86 b/src/responder/secrets/secsrv.c | 5 b/src/responder/ssh/ssh_cmd.c | 256 + b/src/responder/ssh/ssh_known_hosts.c | 329 ++ b/src/responder/ssh/ssh_private.h | 71 b/src/responder/ssh/ssh_protocol.c | 217 + b/src/responder/ssh/ssh_reply.c | 333 ++ b/src/responder/ssh/sshsrv.c | 2 b/src/sbus/sssd_dbus.h | 2 b/src/sbus/sssd_dbus_connection.c | 21 b/src/sbus/sssd_dbus_interface.c | 166 - b/src/sbus/sssd_dbus_private.h | 16 b/src/sbus/sssd_dbus_signals.c | 58 b/src/sbus/sssd_dbus_utils.h | 7 b/src/sss_client/idmap/sss_nss_idmap.pc.in | 2 b/src/sss_client/libwbclient/wbclient_sssd.pc.in | 2 b/src/sss_client/pam_message.h | 2 b/src/sss_client/pam_sss.c | 126 b/src/sss_client/sss_cli.h | 6 b/src/sysv/systemd/journal.conf.in | 2 b/src/sysv/systemd/sssd-autofs.service.in | 1 b/src/sysv/systemd/sssd-autofs.socket.in | 4 b/src/sysv/systemd/sssd-nss.service.in | 2 b/src/sysv/systemd/sssd-nss.socket.in | 7 b/src/sysv/systemd/sssd-pac.service.in | 1 b/src/sysv/systemd/sssd-pac.socket.in | 4 b/src/sysv/systemd/sssd-pam-priv.socket.in | 4 b/src/sysv/systemd/sssd-pam.service.in | 1 b/src/sysv/systemd/sssd-pam.socket.in | 4 b/src/sysv/systemd/sssd-ssh.service.in | 1 b/src/sysv/systemd/sssd-ssh.socket.in | 4 b/src/sysv/systemd/sssd-sudo.service.in | 1 b/src/sysv/systemd/sssd-sudo.socket.in | 4 b/src/tests/cmocka/common_mock_resp_dp.c | 68 b/src/tests/cmocka/test_ad_common.c | 57 b/src/tests/cmocka/test_authtok.c | 107 b/src/tests/cmocka/test_fqnames.c | 2 b/src/tests/cmocka/test_inotify.c | 582 +++ b/src/tests/cmocka/test_iobuf.c | 195 + b/src/tests/cmocka/test_ipa_dn.c | 7 b/src/tests/cmocka/test_negcache.c | 70 b/src/tests/cmocka/test_nss_srv.c | 51 b/src/tests/cmocka/test_pam_srv.c | 213 + b/src/tests/cmocka/test_responder_cache_req.c | 34 b/src/tests/cmocka/test_responder_common.c | 12 b/src/tests/cmocka/test_sdap_initgr.c | 540 +++ b/src/tests/cmocka/test_sysdb_subdomains.c | 109 b/src/tests/cmocka/test_sysdb_sudo.c | 5 b/src/tests/cmocka/test_sysdb_ts_cache.c | 11 b/src/tests/cmocka/test_utils.c | 11 b/src/tests/common.h | 2 b/src/tests/common_dom.c | 6 b/src/tests/cwrap/Makefile.am | 17 b/src/tests/dlopen-tests.c | 2 b/src/tests/intg/Makefile.am | 8 b/src/tests/intg/config.py.m4 | 1 b/src/tests/intg/ent_test.py | 14 b/src/tests/intg/files_ops.py | 159 + b/src/tests/intg/sssd_group.py | 90 b/src/tests/intg/sssd_id.py | 14 b/src/tests/intg/sssd_ldb.py | 11 b/src/tests/intg/sssd_netgroup.py | 25 b/src/tests/intg/sssd_nss.py | 46 b/src/tests/intg/sssd_passwd.py | 168 + b/src/tests/intg/test_enumeration.py | 10 b/src/tests/intg/test_files_ops.py | 84 b/src/tests/intg/test_files_provider.py | 850 +++++ b/src/tests/intg/test_secrets.py | 174 + b/src/tests/intg/test_ts_cache.py | 71 b/src/tests/intg/util.py | 14 b/src/tests/ipa_ldap_opt-tests.c | 32 b/src/tests/sysdb-tests.c | 55 b/src/tests/tcurl_test_tool.c | 230 + b/src/tests/util-tests.c | 18 b/src/tools/sss_cache.c | 26 b/src/tools/sss_groupshow.c | 4 b/src/tools/sssctl/sssctl_cache.c | 4 b/src/tools/sssd_check_socket_activated_responders.c | 197 + b/src/util/authtok-utils.c | 91 b/src/util/authtok-utils.h | 56 b/src/util/authtok.c | 320 ++ b/src/util/authtok.h | 84 b/src/util/domain_info_utils.c | 19 b/src/util/inotify.c | 562 +++ b/src/util/inotify.h | 61 b/src/util/murmurhash3.c | 3 b/src/util/sss_iobuf.c | 205 + b/src/util/sss_iobuf.h | 118 b/src/util/sss_nss.c | 17 b/src/util/tev_curl.c | 933 ++++++ b/src/util/tev_curl.h | 111 b/src/util/util.c | 10 b/src/util/util_errors.c | 2 b/src/util/util_errors.h | 2 b/src/util/util_safealign.h | 6 b/version.m4 | 2 src/responder/ssh/sshsrv_cmd.c | 1211 -------- src/responder/ssh/sshsrv_dp.c | 156 - src/responder/ssh/sshsrv_private.h | 69 282 files changed, 38223 insertions(+), 23403 deletions(-) unblock sssd/1.15.2-1
