Debian Package Tracker

general

source: sssd (main)
version: 2.2.3-1.1
maintainer: Debian SSSD Team (archive) (DMD)
uploaders: Timo Aaltonen [DMD] – Dominik George [DMD]
arch: any
std-ver: 4.4.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.11.7-3
o-o-sec: 1.11.7-3+deb8u2
oldstable: 1.15.0-3+deb9u1
stable: 1.16.3-3.1
testing: 2.2.3-1.1
unstable: 2.2.3-1.1

versioned links

1.11.7-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.11.7-3+deb8u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.15.0-3+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.16.3-3.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.2.3-1.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libipa-hbac-dev
libipa-hbac0
libnss-sss (1 bugs: 0, 1, 0, 0)
libpam-sss (2 bugs: 0, 2, 0, 0)
libsss-certmap-dev
libsss-certmap0
libsss-idmap-dev
libsss-idmap0
libsss-nss-idmap-dev
libsss-nss-idmap0
libsss-simpleifp-dev
libsss-simpleifp0
libsss-sudo (3 bugs: 0, 3, 0, 0)
libwbclient-sssd
libwbclient-sssd-dev
python3-libipa-hbac
python3-libsss-nss-idmap
python3-sss
sssd (23 bugs: 0, 22, 1, 0)
sssd-ad (1 bugs: 0, 1, 0, 0)
sssd-ad-common
sssd-common (2 bugs: 0, 2, 0, 0)
sssd-dbus
sssd-ipa
sssd-kcm (1 bugs: 0, 1, 0, 0)
sssd-krb5 (1 bugs: 0, 1, 0, 0)
sssd-krb5-common
sssd-ldap (1 bugs: 0, 1, 0, 0)
sssd-proxy
sssd-tools

action needed

Depends on packages which need a new maintainer normal

The packages that sssd depends on which need a new maintainer are:

docbook-xml (#802368)
- Build-Depends: docbook-xml
docbook-xsl (#802370)
- Build-Depends: docbook-xsl
libnfsidmap (#925022)
- Build-Depends: libnfsidmap-dev
- Depends: libnfsidmap2

Created: 2019-11-22 Last update: 2020-02-29 06:40

2 bugs tagged patch in the BTS normal

The BTS contains patches fixing 2 bugs, consider including or untagging them.

Created: 2020-02-26 Last update: 2020-02-29 06:34

Multiarch hinter reports 16 issue(s) normal

There are issues with the multiarch metadata for this package.

libipa-hbac-dev could be marked Multi-Arch: same
libipa-hbac0 could be marked Multi-Arch: same
libsss-certmap-dev could be marked Multi-Arch: same
libsss-certmap0 could be marked Multi-Arch: same
libsss-idmap-dev could be marked Multi-Arch: same
libsss-idmap0 could be marked Multi-Arch: same
libsss-nss-idmap-dev could be marked Multi-Arch: same
libsss-nss-idmap0 could be marked Multi-Arch: same
libsss-simpleifp-dev could be marked Multi-Arch: same
libsss-simpleifp0 could be marked Multi-Arch: same
libwbclient-sssd could be marked Multi-Arch: same
libwbclient-sssd-dev could be marked Multi-Arch: same
python3-libipa-hbac could be marked Multi-Arch: same
python3-libsss-nss-idmap could be marked Multi-Arch: same
sssd-krb5 could be marked Multi-Arch: same
sssd-ldap could be marked Multi-Arch: same

Created: 2020-02-11 Last update: 2020-02-29 02:08

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2020-02-28 Last update: 2020-02-29 02:07

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 2.2.3-2, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 008cd9074a96c7ed4ce83022b6884010ec55bf07
Author: Timo Aaltonen <tjaalton@debian.org>
Date:   Thu Feb 27 21:10:28 2020 +0200

    Added gitlab-ci.yml.

commit 882ccd06fb7b70dc200da51da5bb8e32969fd887
Author: Timo Aaltonen <tjaalton@debian.org>
Date:   Thu Feb 27 21:09:50 2020 +0200

    libnss-sss: Add an entry for automounter to nsswitch.conf. This is needed by ipa-client-automount.

commit 8e5aa82d8e8c77be208b3489d87cf8556af445e6
Author: Timo Aaltonen <tjaalton@debian.org>
Date:   Thu Feb 27 21:07:12 2020 +0200

    Fix sssd_be busy-looping when LDAP connection flickers. (Closes: #946847)

Created: 2020-02-21 Last update: 2020-02-28 14:04

Issues found with some translations low

Automatic checks made by the Debian l10n team found some issues with the translations contained in this package. You should check the l10n status report for more information.

Issues can be things such as missing translations, problematic translated strings, outdated PO files, unknown languages, etc.

Created: 2020-02-26 Last update: 2020-02-26 10:49

3 ignored security issues in buster low

There are 3 open security issues in buster.

3 issues skipped by the security teams:

CVE-2019-3811: A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable.
CVE-2018-16838: A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.
CVE-2018-16883: sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers.

Please fix them.

Created: 2018-06-26 Last update: 2020-02-23 06:36

1 ignored security issue in jessie low

There is 1 open security issue in jessie.

1 issue skipped by the security teams:

CVE-2015-5292: Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blobs during Kerberos authentication.

Please fix it.

Created: 2015-10-05 Last update: 2020-02-23 06:36

4 ignored security issues in stretch low

There are 4 open security issues in stretch.

4 issues skipped by the security teams:

CVE-2019-3811: A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable.
CVE-2018-10852: The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3.
CVE-2018-16838: A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.
CVE-2018-16883: sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers.

Please fix them.

Created: 2017-10-05 Last update: 2020-02-23 06:36

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.0 instead of 4.4.0).

Created: 2019-09-29 Last update: 2020-02-21 18:41

news

[rss feed]

[2020-02-23] sssd 2.2.3-1.1 MIGRATED to testing (Debian testing watch)
[2020-02-21] Accepted sssd 2.2.3-1.1 (source) into unstable (Thorsten Glaser)
[2020-02-20] Accepted sssd 2.2.3-1 (source) into unstable (Timo Aaltonen)
[2020-01-12] Accepted sssd 1.15.0-3+deb9u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Salvatore Bonaccorso)
[2019-10-07] sssd 2.2.2-1 MIGRATED to testing (Debian testing watch)
[2019-09-18] Accepted sssd 2.2.2-1 (source) into unstable (Timo Aaltonen)
[2019-07-23] sssd 2.2.0-4 MIGRATED to testing (Debian testing watch)
[2019-07-19] Accepted sssd 2.2.0-4 (source) into unstable (Timo Aaltonen)
[2019-07-12] Accepted sssd 2.2.0-3 (source) into unstable (Timo Aaltonen)
[2019-07-10] Accepted sssd 2.2.0-2 (source) into unstable (Timo Aaltonen)
[2019-07-10] Accepted sssd 2.2.0-1 (source) into unstable (Timo Aaltonen)
[2019-05-27] Accepted sssd 2.1.0-1 (source) into experimental (Timo Aaltonen)
[2019-04-03] Accepted sssd 1.16.4-1~exp1 (source) into experimental (Timo Aaltonen)
[2019-03-06] sssd 1.16.3-3.1 MIGRATED to testing (Debian testing watch)
[2019-02-24] Accepted sssd 1.16.3-3.1 (source amd64) into unstable (Dominik George)
[2019-01-17] Accepted sssd 1.11.7-3+deb8u2 (source amd64) into oldstable (Mike Gabriel)
[2018-12-19] sssd 1.16.3-3 MIGRATED to testing (Debian testing watch)
[2018-12-02] Accepted sssd 1.16.3-3 (source) into unstable (Timo Aaltonen)
[2018-11-06] Accepted sssd 1.16.3-2 (source) into unstable (Timo Aaltonen)
[2018-08-27] sssd 1.16.3-1 MIGRATED to testing (Debian testing watch)
[2018-08-22] Accepted sssd 1.16.3-1 (source) into unstable (Timo Aaltonen)
[2018-07-16] Accepted sssd 1.11.7-3+deb8u1 (source) into oldstable (Brian May)
[2018-07-02] sssd 1.16.2-1 MIGRATED to testing (Debian testing watch)
[2018-06-27] Accepted sssd 1.16.2-1 (source) into unstable (Timo Aaltonen)
[2018-03-18] sssd 1.16.1-1 MIGRATED to testing (Debian testing watch)
[2018-03-13] Accepted sssd 1.16.1-1 (source) into unstable (Timo Aaltonen)
[2018-01-31] sssd 1.16.0-5 MIGRATED to testing (Debian testing watch)
[2018-01-26] Accepted sssd 1.16.0-5 (source) into unstable (Timo Aaltonen)
[2018-01-26] Accepted sssd 1.16.0-4 (source) into unstable (Timo Aaltonen)
[2018-01-04] Accepted sssd 1.16.0-3 (source) into unstable (Timo Aaltonen)

bugs [bug history graph]

all: 38
RC: 0
I&N: 36
M&W: 2
F&P: 0
patch: 2

links

homepage
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
screenshots
l10n (26, 44)
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.2.3-1.1ubuntu1
19 bugs
patches for 2.2.3-1.1ubuntu1