UbuntuUpdates.org

Package "python3-sss"

Name: python3-sss

Description:

Python3 module for the System Security Services Daemon

Latest version: 2.2.3-3ubuntu0.4
Release: focal (20.04)
Level: updates
Repository: main
Head package: sssd
Homepage: https://github.com/SSSD/sssd

Links


Download "python3-sss"


Other versions of "python3-sss" in Focal

Repository Area Version
base main 2.2.3-3
security main 2.2.3-3ubuntu0.1

Changelog

Version: 2.2.3-3ubuntu0.4 2021-03-01 13:06:24 UTC

  sssd (2.2.3-3ubuntu0.4) focal; urgency=medium

  [ Marco Trevisan ]
  * debian/control:
    - Add missing (test) dependencies as per libcrypto usage (LP: #1905790)
    - Update Maintainer to Ubuntu devs
  * debian/rules: Compile using libcrypto as crypto backend (LP: #1905790)
  * debian/nss-database-pem-exporter: Add to sssd-common and run on postinst.
    When upgrading from previous versions (that were compiled using the NSS
    crypto backend) we need to migrate the trusted CA certificates that the
    user may have added to the SSSD's NSS system database (that defaults to
    /etc/pki/nssdb).
    To do this, and not to introduce a new dependency on libnss3-tools
    (which is not shipped by default, other than making the parsing not
    working in some scenarios) I've added a small C tool that we compile and
    install as part of the sssd-common package which is able to get all the
    trusted CA certificates for a NSS database and export them in PEM
    format.
    The nss-database-pem-exporter is then used in the postinst script where
    we now:
     1. Read the SSSD settings
     2. Convert all the certificates in the configured NSS databases
     3. Store them all, appending them to the (new) default location
        (/etc/sssd/pki/sssd_auth_ca_db.pem)
     4. Disables the configured locations if pointing to NSS dbs (needed or
        we'll leave the configuration with broken values).
    At this point nss-database-pem-exporter is then the only binary in the
    package that still depends on NSS libraries. (LP: #1905790)
  * debian/patches:
    - Get libsofthsm2 from right path for each architecture, this is now used
      for real (wasn't before) to test p11k components with libcrypto and
      p11-kit, also avoids a test build failure on armhf (LP: #1905790)

  [ Valters Jansons ]
  * Avoid sending malformed SYSLOG_IDENTIFIER to journald (LP: #1908065):
    - d/rules: Set --with-syslog=journald in override_dh_auto_configure.
    - d/p/lp-1908065-01-debug_prg_name-format.patch:
      Upstream patch to clean up program names.
    - d/p/lp-1908065-02-syslog_identifier-format.patch:
      Upstream patch to include "sssd[]" identifier in program names.
    - d/p/lp-1908065-03-remove-syslog_identifier.patch:
      Upstream patch to remove custom SYSLOG_IDENTIFIER from Journald.

 -- Marco Trevisan (Treviño) <email address hidden> Thu, 11 Feb 2021 15:31:14 -0500

Source diff to previous version
1905790 Make SSSD in 20.04 using OpenSSL and p11-kit (instead of NSS) for p11_child
1908065 Invalid SYSLOG_PID for (systemd) journal messages

Version: 2.2.3-3ubuntu0.3 2021-02-08 11:06:18 UTC

  sssd (2.2.3-3ubuntu0.3) focal; urgency=medium

  * d/apparmor-profile: Update profile. (LP: #1910611)
    - Extend read permissions to /etc/sssd/** and /etc/gss/**.
    - Add read/execute permission to /usr/libexec/sssd/*.

 -- Sergio Durigan Junior <email address hidden> Mon, 18 Jan 2021 16:30:13 -0500

Source diff to previous version
1910611 sssd startup fails when apparmor in enforcing mode

Version: 2.2.3-3ubuntu0.2 2021-01-21 18:06:18 UTC

  sssd (2.2.3-3ubuntu0.2) focal; urgency=medium

  * d/p/0003-Only-start-sssd.service-if-there-s-a-configuration-f.patch:
    Upstream patch to make sssd.service only able to start when there
    is a configuration file present. (LP: #1900642)

 -- Sergio Durigan Junior <email address hidden> Mon, 11 Jan 2021 14:33:54 -0500

Source diff to previous version
1900642 sssd won't start

Version: 2.2.3-3ubuntu0.1 2020-12-01 19:06:30 UTC

  sssd (2.2.3-3ubuntu0.1) focal; urgency=medium

  * Enable support for "ad_use_ldaps" for new Active Directory
    requirement ADV190023 (LP: #1868703):
    - d/p/lp-1868703-01-ad-allow-booleans-for-ad_inherit_opts_if_needed.patch
    - d/p/lp-1868703-02-ad-add-ad_use_ldaps.patch
    - d/p/lp-1868703-03-ldap-add-new-option-ldap_sasl_maxssf.patch
    - d/p/lp-1868703-04-ad-set-min-and-max-ssf-for-ldaps.patch

 -- Matthew Ruffell <email address hidden> Tue, 10 Nov 2020 11:59:08 +1300




About   -   Send Feedback to @ubuntu_updates