Debian Package Tracker

general

source: sssd (main)
version: 2.4.0-1
maintainer: Debian SSSD Team (archive) (DMD)
uploaders: Timo Aaltonen [DMD] – Dominik George [DMD]
arch: any
std-ver: 4.4.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.11.7-3
o-o-sec: 1.11.7-3+deb8u2
oldstable: 1.15.0-3+deb9u1
stable: 1.16.3-3.2
testing: 2.4.0-1
unstable: 2.4.0-1

versioned links

1.11.7-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.11.7-3+deb8u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.15.0-3+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.16.3-3.2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.4.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libipa-hbac-dev
libipa-hbac0
libnss-sss (1 bugs: 0, 1, 0, 0)
libpam-sss (1 bugs: 0, 1, 0, 0)
libsss-certmap-dev
libsss-certmap0
libsss-idmap-dev
libsss-idmap0
libsss-nss-idmap-dev
libsss-nss-idmap0
libsss-simpleifp-dev
libsss-simpleifp0
libsss-sudo (3 bugs: 0, 3, 0, 0)
libwbclient-sssd
libwbclient-sssd-dev
python3-libipa-hbac
python3-libsss-nss-idmap
python3-sss
sssd (24 bugs: 0, 24, 0, 0)
sssd-ad (1 bugs: 0, 1, 0, 0)
sssd-ad-common
sssd-common (2 bugs: 0, 2, 0, 0)
sssd-dbus
sssd-ipa
sssd-kcm (1 bugs: 0, 1, 0, 0)
sssd-krb5 (3 bugs: 0, 3, 0, 0)
sssd-krb5-common
sssd-ldap (1 bugs: 0, 1, 0, 0)
sssd-proxy
sssd-tools

action needed

3 bugs tagged patch in the BTS normal

The BTS contains patches fixing 3 bugs, consider including or untagging them.

Created: 2020-10-19 Last update: 2021-01-24 21:32

Depends on packages which need a new maintainer normal

The packages that sssd depends on which need a new maintainer are:

docbook-xml (#802368)
- Build-Depends: docbook-xml
docbook-xsl (#802370)
- Build-Depends: docbook-xsl
libnfsidmap (#925022)
- Build-Depends: libnfsidmap-dev
- Depends: libnfsidmap2
xml-core (#660687)
- Build-Depends: xml-core

Created: 2019-11-22 Last update: 2021-01-24 20:37

Multiarch hinter reports 16 issue(s) normal

There are issues with the multiarch metadata for this package.

libipa-hbac-dev could be marked Multi-Arch: same
libipa-hbac0 could be marked Multi-Arch: same
libsss-certmap-dev could be marked Multi-Arch: same
libsss-certmap0 could be marked Multi-Arch: same
libsss-idmap-dev could be marked Multi-Arch: same
libsss-idmap0 could be marked Multi-Arch: same
libsss-nss-idmap-dev could be marked Multi-Arch: same
libsss-nss-idmap0 could be marked Multi-Arch: same
libsss-simpleifp-dev could be marked Multi-Arch: same
libsss-simpleifp0 could be marked Multi-Arch: same
libwbclient-sssd could be marked Multi-Arch: same
libwbclient-sssd-dev could be marked Multi-Arch: same
python3-libipa-hbac could be marked Multi-Arch: same
python3-libsss-nss-idmap could be marked Multi-Arch: same
sssd-krb5 could be marked Multi-Arch: same
sssd-ldap could be marked Multi-Arch: same

Created: 2020-12-11 Last update: 2021-01-24 18:33

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 2.4.0-2, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 33e94cc5761b1448dcb027884dee03d65d29ea13
Author: Marco Trevisan (Treviño) <mail@3v1n0.net>
Date:   Wed Dec 16 17:52:02 2020 +0100

    debian/changelog: Update

commit c56c71f7f4bec23a14b67f348cd0941ab91a7761
Author: Marco Trevisan (Treviño) <mail@3v1n0.net>
Date:   Wed Dec 16 17:38:12 2020 +0100

    debian/control: Enable libcmocka (and so unit tests) all the archs

commit 997edf302a24d00d6917fc65fa7bd59da5867f42
Author: Marco Trevisan (Treviño) <mail@3v1n0.net>
Date:   Wed Dec 16 16:13:18 2020 +0100

    debian/rules: Enable tests again

commit 3b2ba3c2acf8acf8363bf9da701f14b695250165
Author: Marco Trevisan (Treviño) <mail@3v1n0.net>
Date:   Wed Dec 16 16:12:50 2020 +0100

    debian/patches: Get libsofthsm2 from right path for each architecture

commit 10969a2905ee0f95e7e7267900a7ac7bb274bfc1
Author: Marco Trevisan (Treviño) <mail@3v1n0.net>
Date:   Wed Dec 16 15:59:30 2020 +0100

    debian/control: Add missing test dependencies

commit 0c12c246ae5f4eefe31aee6c41051208695a0f78
Author: Marco Trevisan (Treviño) <mail@3v1n0.net>
Date:   Wed Dec 16 15:51:46 2020 +0100

    debian/rules: Don't run tests if nocheck is set

commit 3fb4a344ad3340409e27feff791863a342989e67
Author: Marco Trevisan (Treviño) <mail@3v1n0.net>
Date:   Wed Dec 16 15:49:30 2020 +0100

    debian/control: Mark test packages as <!nocheck>

Created: 2021-01-12 Last update: 2021-01-18 01:04

lintian reports 12 warnings normal

Lintian reports 12 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2020-07-29 Last update: 2020-09-21 06:04

4 ignored security issues in stretch low

There are 4 open security issues in stretch.

4 issues skipped by the security teams:

CVE-2018-10852: The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3.
CVE-2018-16838: A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.
CVE-2018-16883: sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers.
CVE-2019-3811: A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable.

Please fix them.

Created: 2017-10-05 Last update: 2020-12-11 05:34

3 ignored security issues in buster low

There are 3 open security issues in buster.

3 issues skipped by the security teams:

CVE-2018-16838: A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.
CVE-2018-16883: sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers.
CVE-2019-3811: A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable.

Please fix them.

Created: 2018-06-26 Last update: 2020-12-11 05:34

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.1 instead of 4.4.0).

Created: 2019-09-29 Last update: 2020-12-09 08:37

testing migrations

This package will soon be part of the auto-openssl transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2020-12-11] sssd 2.4.0-1 MIGRATED to testing (Debian testing watch)
[2020-12-08] Accepted sssd 2.4.0-1 (source) into unstable (Timo Aaltonen)
[2020-10-08] sssd 2.3.1-3 MIGRATED to testing (Debian testing watch)
[2020-10-06] Accepted sssd 2.3.1-3 (source) into unstable (Timo Aaltonen)
[2020-09-19] sssd 2.3.1-2 MIGRATED to testing (Debian testing watch)
[2020-09-17] Accepted sssd 2.3.1-2 (source) into unstable (Timo Aaltonen)
[2020-08-01] sssd 2.3.1-1 MIGRATED to testing (Debian testing watch)
[2020-07-28] Accepted sssd 2.3.1-1 (source) into unstable (Timo Aaltonen)
[2020-07-16] sssd 2.3.0-2 MIGRATED to testing (Debian testing watch)
[2020-07-13] Accepted sssd 2.3.0-2 (source) into unstable (Timo Aaltonen)
[2020-07-13] Accepted sssd 2.3.0-1 (source) into unstable (Timo Aaltonen)
[2020-04-23] sssd 2.2.3-3 MIGRATED to testing (Debian testing watch)
[2020-04-20] Accepted sssd 2.2.3-3 (source) into unstable (Timo Aaltonen)
[2020-03-28] sssd 2.2.3-2 MIGRATED to testing (Debian testing watch)
[2020-03-06] Accepted sssd 2.2.3-2 (source) into unstable (Timo Aaltonen)
[2020-03-05] Accepted sssd 1.16.3-3.2 (source amd64) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Thorsten Glaser)
[2020-02-23] sssd 2.2.3-1.1 MIGRATED to testing (Debian testing watch)
[2020-02-21] Accepted sssd 2.2.3-1.1 (source) into unstable (Thorsten Glaser)
[2020-02-20] Accepted sssd 2.2.3-1 (source) into unstable (Timo Aaltonen)
[2020-01-12] Accepted sssd 1.15.0-3+deb9u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Salvatore Bonaccorso)
[2019-10-07] sssd 2.2.2-1 MIGRATED to testing (Debian testing watch)
[2019-09-18] Accepted sssd 2.2.2-1 (source) into unstable (Timo Aaltonen)
[2019-07-23] sssd 2.2.0-4 MIGRATED to testing (Debian testing watch)
[2019-07-19] Accepted sssd 2.2.0-4 (source) into unstable (Timo Aaltonen)
[2019-07-12] Accepted sssd 2.2.0-3 (source) into unstable (Timo Aaltonen)
[2019-07-10] Accepted sssd 2.2.0-2 (source) into unstable (Timo Aaltonen)
[2019-07-10] Accepted sssd 2.2.0-1 (source) into unstable (Timo Aaltonen)
[2019-05-27] Accepted sssd 2.1.0-1 (source) into experimental (Timo Aaltonen)
[2019-04-03] Accepted sssd 1.16.4-1~exp1 (source) into experimental (Timo Aaltonen)
[2019-03-06] sssd 1.16.3-3.1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 41 42
RC: 0
I&N: 40
M&W: 1 2
F&P: 0
patch: 3

links

homepage
lintian (0, 12)
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
l10n (25, 47)
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.4.0-1ubuntu3
26 bugs (1 patch)
patches for 2.4.0-1ubuntu3