There are 5 open security issues in buster.
commit 44da1a91519f74f0b691b988a8faac832f9c06e2 Author: Sam Morris <sam@robots.org.uk> Date: Thu Jan 12 13:03:45 2023 +0000 Ship libsubid_sss.so in sssd-common package commit b6953e55729ee21e8caaa6cbf45494815026c896 Author: Timo Aaltonen <tjaalton@debian.org> Date: Tue Jan 10 16:43:44 2023 +0200 version bump commit ffcadcd184ef06a3ac69656ec3415a00f5659335 Merge: edc62ebea 796b6daee Author: Timo Aaltonen <tjaalton@debian.org> Date: Tue Jan 10 16:43:04 2023 +0200 Merge branch 'upstream' commit 796b6daee338bc600e5757d4804a17687106a7e1 Author: Pavel Březina <pbrezina@redhat.com> Date: Fri Dec 9 13:39:40 2022 +0100 Release sssd-2.8.2 commit 37f934f2762b9bd67b286a1ada2cb5d8d7c451ee Author: Pavel Březina <pbrezina@redhat.com> Date: Fri Dec 9 13:38:26 2022 +0100 pot: update pot files commit 5d4f9dfd6c3d0e7285414b9e006f1799dfee7e5a Author: Weblate <noreply@weblate.org> Date: Fri Dec 9 13:27:56 2022 +0100 po: update translations (Chinese (Simplified) (zh_CN)) currently translated at 100.0% (704 of 704 strings) Translation: SSSD/SSSD-2-8 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-8/zh_CN/ po: update translations (Ukrainian) currently translated at 100.0% (704 of 704 strings) Translation: SSSD/SSSD-2-8 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-8/uk/ po: update translations (Korean) currently translated at 100.0% (704 of 704 strings) Translation: SSSD/SSSD-2-8 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-8/ko/ po: update translations (Korean) currently translated at 100.0% (704 of 704 strings) Translation: SSSD/SSSD-2-8 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-8/ko/ po: update translations (Japanese) currently translated at 100.0% (704 of 704 strings) Translation: SSSD/SSSD-2-8 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-8/ja/ po: update translations (French) currently translated at 100.0% (704 of 704 strings) Translation: SSSD/SSSD-2-8 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-8/fr/ po: update translations (Ukrainian) currently translated at 100.0% (704 of 704 strings) Translation: SSSD/SSSD-2-8 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-8/uk/ po: update translations (Korean) currently translated at 96.4% (679 of 704 strings) Translation: SSSD/SSSD-2-8 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-8/ko/ commit 16c814adecb97b41dd8d0c5022c1037adf9bd633 Author: aborah-sudo <aborah@redhat.com> Date: Mon Sep 26 13:43:22 2022 +0530 Tests: port proxy_provider/rfc2307bis https://gitlab.cee.redhat.com/sssd/sssd-qe/-/tree/RHEL8.6/client/proxy_provider/rfc2307bis Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 4a658e6ccf7a3b2cd5fb9d1827d0caec6b8dc961) commit 5b7a4b4fef47edfc1658dfac5df12d027e6cd60b Author: Madhuri Upadhye <mupadhye@redhat.com> Date: Thu Dec 8 13:26:30 2022 +0530 Tests: Minor fixes for alltests Enable files domain. Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com> Reviewed-by: Anuj Borah <aborah@redhat.com> (cherry picked from commit 81eb0606d5ea1ce79c0fdd1d71784bb01a682e03) commit 98412a4ec5f86cd20f3b508465462612abc4a7ff Author: Alejandro López <allopez@redhat.com> Date: Thu Dec 8 10:33:57 2022 +0100 BACKEND: Reload resolv.conf after initialization Once the backend initialization is finished, in particular after D-Bus is initialized, reload the resolv.conf file to retrieve any change signaled through D-Bus before its initialization. Resolves: https://github.com/SSSD/sssd/issues/6383 Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit 34d55884c6349d2c576a625bfbfcbfbc4f3c146f) commit 20037ae5354a874f04802844c930c6b52704c5c7 Author: Sumit Bose <sbose@redhat.com> Date: Mon Dec 5 17:46:52 2022 +0100 p11: fix size of argument array Currently 19 options can be set for p11_child and the a NULL at the end the array must have 20 elements. Resolves: https://github.com/SSSD/sssd/issues/6479 Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> (cherry picked from commit aac303e84b71325d3c45fa7a22f83f7f54d4b7a2) commit a8b6be403cf7af10effcba6433a6bd98f9138955 Author: Dan Lavu <dlavu@redhat.com> Date: Mon Oct 31 15:53:26 2022 -0400 Adding Ported DynDNS Testcases This is merged branch of two following PRs, 6363 and 6344 which are now closed. 6344 Add the tests but are unreliable. 6363 contains the following changes, rewriting the suite. * change_hostname fixture would revert back to the hostname in /etc/hostname, updated fixture * disabled DNS recursion, lookups were being forwarded to authoritative servers resulting in false passing tests * removed ipv6 address about part of the del_record, would result in passing but the wrong thing be searched * created a DNSAD object to search for records directly on the DNS server, stabling results and skipping any cache * cleaned up the functions and code for readability Signed-off-by: Dan Lavu <dlavu@redhat.com> commit 99d46b2fa33754d3c35e32f1f842b1fc4f1644a4 Author: Tomas Halman <thalman@redhat.com> Date: Wed Nov 2 17:35:57 2022 +0100 RESOLV: Configuration option for DNS search DNS search may increase the time of name resolution significantly. Particularly when SSSD is misconfigured or the DNS server is unreachable. With this patch SSSD can avoid DNS search and the list of domains from resolv.conf is ignored. To avoid DNS search in kerberos library SSSD appends the dot to the server names before they are written into KDC info file. :relnote: SSSD can be configured not to perform a DNS search during DNS name resolution. This behavior is governed by the new dns_resolver_use_search_list. This parameter can be used in the domain section. Default value is true - that means that SSSD follows the system settings. Resolves: https://github.com/SSSD/sssd/issues/5390 Reviewed-by: Alejandro Lopez <allopez@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 2fda8e7b7e71dd5ebdc7297449d3afc52ac9eb03) commit f17bb003c85dbf962c2b868a969a14302ec464bc Author: Alexey Tikhonov <atikhono@redhat.com> Date: Thu Dec 1 21:22:54 2022 +0100 BUILD: deprecate `--enable-files-domain` build option :relnote:`--enable-files-domain` configure option is deprecated and will be removed in one of the next versions of SSSD. Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 714ababe8c96cd3a43d3c114cf853ce4a259fd0f) commit be569b0cb393582e428e606518824f5368834188 Author: Alexey Tikhonov <atikhono@redhat.com> Date: Mon Dec 5 11:25:36 2022 +0100 Updated .pot/.po files commit 64c9905533811cbf5d193690d85220a9a8df38aa Author: Alexey Tikhonov <atikhono@redhat.com> Date: Fri Dec 2 18:28:50 2022 +0100 Translations: add missing `tools/sssctl/sssctl_cert.c` and macros Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 8b09c9387e55b177d6b1ec65afe65e354e19b96b) commit 464c78beb529e29368412805f5b12b650d4f100b Author: Shridhar Gadekar <sgadekar@redhat.com> Date: Fri Dec 2 01:40:03 2022 +0530 Test: gssapi test fix minor flake8 fixes Reviewed-by: Jakub Vávra <jvavra@redhat.com> Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com> (cherry picked from commit 664a436e9ce758554938183d1475e7353020e495) commit 0b4679616d63a854548cb8bc2bf871e0b531e2de Author: 김인수 <simmon@nplob.com> Date: Sun Nov 20 17:19:54 2022 +0000 po: update translations (Korean) currently translated at 100.0% (663 of 663 strings) Translation: SSSD/SSSD-2-8 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-8/ko/ commit f1dc6cddecb14d4385899e0951b593fef2bd66cb Author: Temuri Doghonadze <temuri.doghonadze@gmail.com> Date: Sat Nov 12 09:08:36 2022 +0000 po: update translations (Georgian) currently translated at 7.8% (52 of 663 strings) Translation: SSSD/SSSD-2-8 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-8/ka/ commit 0909e8a15bfc6af1ebebccb8188364ea1a0e08d7 Author: Yuri Chornoivan <yurchor@ukr.net> Date: Sun Oct 9 10:54:32 2022 +0000 po: update translations (Ukrainian) currently translated at 100.0% (663 of 663 strings) Translation: SSSD/SSSD-2-8 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-8/uk/ commit 8290b0e7e69bd15a9b5f82b4e97327a3d9556d39 Author: Elena Mishina <lepata@basealt.ru> Date: Mon Oct 10 10:56:09 2022 +0000 po: update translations (Russian) currently translated at 100.0% (663 of 663 strings) Translation: SSSD/SSSD-2-8 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-8/ru/ commit 5bd2aa9b8b7f654dd8c170cb84f094b633da9cf2 Author: Piotr Drąg <piotrdrag@gmail.com> Date: Sun Oct 9 10:52:10 2022 +0000 po: update translations (Polish) currently translated at 100.0% (663 of 663 strings) Translation: SSSD/SSSD-2-8 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-8/pl/ commit 72eed034953843a66db485c153a5208e1b0fceba Author: 김인수 <simmon@nplob.com> Date: Sun Oct 9 12:40:09 2022 +0000 po: update translations (Korean) currently translated at 100.0% (663 of 663 strings) Translation: SSSD/SSSD-2-8 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-8/ko/ commit 12e39a45613a5b5d1236d911386cf28edd96f147 Author: Sumit Bose <sbose@redhat.com> Date: Thu Nov 24 18:22:05 2022 +0100 certmap: Add documentation for some internal functions Resolves: https://github.com/SSSD/sssd/issues/6403 (cherry picked from commit b0bdf712eb632f94e9925d32fb703bdfd574e11d) Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> commit 925d8a9f1281f984ebfacc5d00ba561de54366b6 Author: Sumit Bose <sbose@redhat.com> Date: Mon Oct 24 13:21:08 2022 +0200 certmap: add LDAPU1 rules to man page This patch adds the new LDAPU1 mapping rule templates to the sss-certmap man page. Resolves: https://github.com/SSSD/sssd/issues/6403 (cherry picked from commit 882f560e68a881a95d7f66745a3530176bdd0a66) Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> commit 17142068c58255b2809a4cdb3c8feb43d5393cdb Author: Sumit Bose <sbose@redhat.com> Date: Mon Oct 24 13:20:13 2022 +0200 certmap: add tests for new attributes and LDAPU1 rules Resolves: https://github.com/SSSD/sssd/issues/6403 (cherry picked from commit 4ac53fb5ef95cd2c94f076299aa4d3213c3c9be6) Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> commit 698d56882477753de37e078f7b1647aea6016f65 Author: Sumit Bose <sbose@redhat.com> Date: Mon Oct 24 13:19:21 2022 +0200 certmap: add LDAPU1 mapping rules Add mapping rule templates for the new discovered attributes, templates for certificate hashes and templates to select individual DN components. To avoid issues with older versions of the library the new templates must use the prefix LDAPU1. :feature: New mapping template for serial number, subject key id, SID, certificate hashes and DN components are added to libsss_certmap. Resolves: https://github.com/SSSD/sssd/issues/6403 (cherry picked from commit 1303c6241bb27ef902787dcd526aeaae3417063a) Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> commit 8a6a874ba4cb3d245160dba967aa32173041a3d8 Author: Sumit Bose <sbose@redhat.com> Date: Mon Oct 24 13:15:59 2022 +0200 certmap: dump new attributes in sss_cert_dump_content() Add the newly discovered certificate values, i.e. serial number, subject key id and SID to the output of sss_cert_dump_content() which is used e.g. by 'sssctl cert-show'. Resolves: https://github.com/SSSD/sssd/issues/6403 (cherry picked from commit 0a906107322fffc17757480f9e540796f9f181ce) Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> commit 3f336da42d87fa86749264343f5933485c4bd973 Author: Sumit Bose <sbose@redhat.com> Date: Mon Oct 24 13:11:59 2022 +0200 certmap: add get_digest_list() and get_hash() Add support to calculate hash/digest values of binary data, e.g. of a certificate. Resolves: https://github.com/SSSD/sssd/issues/6404 (cherry picked from commit 3676a4fba473b93df2b32fb143ef0b261d04d9f6) Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> commit 9a45e6162760c6d6b1e94644e5eb51d87b0d49c6 Author: Sumit Bose <sbose@redhat.com> Date: Mon Oct 24 13:03:51 2022 +0200 sssctl: add cert-eval-rule sub-command The new 'cert-eval-rule' sub-command of sssctl show the results of given matching and mapping rules on a given certificate. This should help to find suitable mapping and matching rules and to understand why given certificate is matched or not. Resolves: https://github.com/SSSD/sssd/issues/6403 (cherry picked from commit 11483f1ec046f1062df68f1544e49fd59473084e) Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> commit 6ad29f9999324b951d4ae7b214558cc8e26636a9 Author: Sumit Bose <sbose@redhat.com> Date: Mon Oct 24 12:55:12 2022 +0200 certmap: add bin_to_hex() helper function This patch adds a helper function to format hexadecimal strings of binary data. Resolves: https://github.com/SSSD/sssd/issues/6403 (cherry picked from commit c4085c9a7d1ec54c1b830583128148a0c7b807d8) Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> commit 8d8e3c7c616a347e2de8d7a1117e5a4ebd996a2d Author: Sumit Bose <sbose@redhat.com> Date: Mon Oct 24 12:49:34 2022 +0200 certmap: fix for SAN URI The URI was not added to the list of subject alternative names. (cherry picked from commit f293507d9f6efda9908a3ec971ce7f4eac284ae1) Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> commit 47f3408e9ea122fab7c1f847b5ffcd1839f5b4b1 Author: Sumit Bose <sbose@redhat.com> Date: Mon Oct 24 12:46:45 2022 +0200 certmap: add support for SID extension Check if the SID extension is available, read the SID and make it available. Resolves: https://github.com/SSSD/sssd/issues/6403 (cherry picked from commit 9e1b711b2611e7390bcbcd4a9682dd18e71c3d72) Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> commit a2bca35c7f7b0d7b1f5a633284d54be15ed4858b Author: Sumit Bose <sbose@redhat.com> Date: Mon Oct 24 12:45:02 2022 +0200 certamp: add support for subject key id Read the subject key id from the certificate and make it available. Resolves: https://github.com/SSSD/sssd/issues/6403 (cherry picked from commit 10d977a3675a8145314edea0bebd7b9ac01eda89) Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> commit cca0233ef16fd7be5ebc931b0f673486a52130fd Author: Sumit Bose <sbose@redhat.com> Date: Mon Oct 24 12:41:59 2022 +0200 certmap: add support for serial number Read the serial number of the certificate and make it available. Resolves: https://github.com/SSSD/sssd/issues/6403 (cherry picked from commit 3f8bc8720ff871490c6a6233b1a21bc1d2018cf1) Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> commit cd1a94e58f64770d40bb995f35a8cab8c6f44ae9 Author: Alexey Tikhonov <atikhono@redhat.com> Date: Wed Nov 16 21:22:12 2022 +0100 SYSDB: pre-existence of MPG group in the cache isn't an error Addition to 71466a8dbdb1d755ace15680cc2b4b11b68a0573 Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit e4dd11f2c2cd59031f904a1e30ed5b67edbdd54f) commit 65e944bd577a1ea5772135db583725ca4e73c8cc Author: aborah-sudo <aborah@redhat.com> Date: Fri Nov 25 08:58:53 2022 +0530 Tests: fix test_sssctl_local.py::Testsssctl::test_0002_bz1599207 test_sssctl_local.py::Testsssctl::test_0002_bz1599207 is affcted by disable "implicit files provider" Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com> Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com> (cherry picked from commit ad0a8c6a33ea5bbad8058112b95bef00bb76d5c9) commit 35a28524e407bf4b05a17c7c7f0b48799a18e8bf Author: Sumit Bose <sbose@redhat.com> Date: Tue Nov 22 14:43:21 2022 +0100 pac: relax default check To avoid issues with the UPN check during PAC validation when 'ldap_user_principal' is set to a not existing attribute to skip reading user principals a new 'pac_check' option, 'check_upn_allow_missing' is added to the default options. With this option only a log message is shown but the check will not fail. Resolves: https://github.com/SSSD/sssd/issues/6451 Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit 51b11db8b99a77ba5ccf6f850c2e81b5a6ee9f79) commit a3304cc6b27b2f0678d0dcb4130865aa09442f5d Author: Sumit Bose <sbose@redhat.com> Date: Tue Nov 22 13:39:26 2022 +0100 ipa: do not add guessed principal to the cache Currently on IPA clients a calculated principal based on the user name and the Kerberos realm is added to the cached user object. This code is quite old and might have been necessary at times when sub-domain support was added to SSSD. But since quite some time SSSD is capable of generating the principal on the fly during authentication if nothing is stored in the cache. Removing the code makes the cache more consistent with other use-cases, e.g. with the IPA server where this attribute is empty, and allows to properly detect a missing UPN, e.g. during the PAC validation. Resolves: https://github.com/SSSD/sssd/issues/6451 Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit b3d7a4f6d4e1d4fa1bd33b296cd4301973f1860c) commit b00c72d29b172a91b3eac5bc7b8ed275b883ec61 Author: Sumit Bose <sbose@redhat.com> Date: Wed Nov 16 09:28:54 2022 +0100 PAC: allow to disable UPN check Currently it was not possible to skip the UPN check which checks if the UPN in the PAC and the one stored in SSSD's cache are different. Additionally the related debug message will show both principals if they differ. Resolves: https://github.com/SSSD/sssd/issues/6451 Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit 91789449b7a8b20056e1edfedd8f8cf92f7a0a2a) commit ece9434865a1b0a5c782f6bfb622f261920a155e Author: Cole Robinson <crobinso@redhat.com> Date: Sun Nov 27 10:29:18 2022 -0500 MAN: Fix option typo on sssd-kcm.8 The option is called krb5_renewable_lifetime, not krb5_renew_lifetime Signed-off-by: Cole Robinson <crobinso@redhat.com> Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> (cherry picked from commit 340691fae95a2fc66c85d5da8db14f227b2c88a8) commit 765fe3de67e3c27665f90fd0df626bf801f8a31c Author: Jakub Vavra <jvavra@redhat.com> Date: Thu Nov 24 20:58:26 2022 +0100 Tests: Fix automount OU removal from AD. Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com> (cherry picked from commit fc3fad982e39d560a80c1a8b922455a190718cb7) commit 0253f7c3f5433f1853bc14af5b736a6382e945f5 Author: Justin Stephenson <jstephen@redhat.com> Date: Fri Nov 18 11:21:24 2022 -0500 CI: Update core github actions Update dependent actions to address: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/ Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit 4a6eb258c33c8adeb78c053aa8401729f0f6bbec) commit 77ef7b256d2fd0d4565c01462dc12f0acfda91a9 Author: Iker Pedrosa <ipedrosa@redhat.com> Date: Thu Nov 24 13:20:38 2022 +0100 ci: fix codeql libsemanage1-dev renamed to libsemanage-dev in debian and its derivatives. Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit 336b1facdc043f21aab7e67e46c3c736fa64d303) commit 8c4da49374d0f94c8d8d0600ec50a0bab2a07aa6 Author: Pavel Březina <pbrezina@redhat.com> Date: Fri Nov 25 11:15:52 2022 +0100 ci: install correct python development package The package name has changed on new Ubuntu. Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> (cherry picked from commit ae614c17b3874862200b78e57c158554b62a8273) commit dc71321f72ab9962259660f52001319ea6724fb7 Author: Pavel Březina <pbrezina@redhat.com> Date: Thu Nov 24 18:41:02 2022 +0100 ci: make /dev/shm writable We build SSSD in /dev/shm which is mounted on read-only file system on new podman version. We need to mount it as tmpfs to make it writable. Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> (cherry picked from commit f5c0e7b391879782b0e93fe02265c3bef7cb9edf) commit 49b107175e817ec38d8ffbc7fea4052327bb3cae Author: Justin Stephenson <jstephen@redhat.com> Date: Mon Nov 14 11:08:23 2022 -0500 SSSCTL: Add debug option to help message Reviewed-by: Alejandro López <allopez@redhat.com> Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> (cherry picked from commit 2f99cd31bc43406a9d400129260654ebd6bccc15) commit e3be45977f34ab34de6734388cdc0217ea55c8c3 Author: Jakub Vavra <jvavra@redhat.com> Date: Tue Nov 22 10:58:51 2022 +0100 Tests: Update fixture using adcli to handle password from stdin. Adcli changed handling password dialog for bz2124030 so the automation needs to be updated to work properly. Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 14748ff981ac5825a55c06350db05dce23732299) commit a34b4f5e87a9c9a66c72eb6d5a1c1813f530bd52 Author: Steeve Goveas <sgoveas@redhat.com> Date: Mon Oct 17 11:39:00 2022 +0530 Tests: Cannot SSH with AD user to ipa-client with invalid keytab `krb5_validate` and `pac_check` settings conflict. Setting krb5_validate to false skips the pac_check enabling the login Verifies: #6355 https://bugzilla.redhat.com/show_bug.cgi?id=2127822 https://bugzilla.redhat.com/show_bug.cgi?id=2128902 Reviewed-by: Anuj Borah <aborah@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 790e7a779f4385b8ad95878ee79a44fdaac46325) commit 581617c099ae9df3ac9920955887908b3b9dd404 Author: Alexey Tikhonov <atikhono@redhat.com> Date: Thu Nov 10 22:18:06 2022 +0100 SSSCTL: don't require 'root' for "analyze" cmd :relnote: `sssctl analyze` tool doesn't require anymore to be run under root. Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit 99791400bec1054cf0081884e013a3cbed75fe8a) Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com>
There is 1 open security issue in bullseye.
You can find information about how to handle this issue in the security team's documentation.