[ubuntu/jammy-security] adsys 0.14.2~22.04ubuntu0.1 (Accepted)

Evan Caville evan.caville at canonical.com
Mon Oct 28 09:57:27 UTC 2024


adsys (0.14.2~22.04ubuntu0.1) jammy-security; urgency=medium

  * No change rebuild due to golang-1.22 update

adsys (0.14.2~22.04) jammy; urgency=medium

  * Fix DCONF policy manager removing user DB on empty policy (LP: #2078245)
  * Ignore casing in domain/ section of sssd.conf (LP: #2078246)
  * Fix parsing of slash usernames (i.e. domain\user) (LP: #2078247)
  * Fix errno in get_ticket_path() (LP: #2078473)

adsys (0.14.1~22.04) jammy; urgency=medium

  * Backport 0.14.1 to jammy (LP: #2059756)
    - Build with Go 1.22
    - Disable dh_dwz on account of go >= 1.19 compressing symbols itself
      (fixed in newer dh_golang)
    - Revert incorrect prerm purge stanza

adsys (0.14.1build1) noble; urgency=medium

  * No-change rebuild for CVE-2024-3094

adsys (0.14.1) noble; urgency=medium

  * Pin Go toolchain to 1.22.1 to fix the following security vulnerabilities:
    - GO-2024-2598
    - GO-2024-2599
  * Update apport hook to include journal errors and package logs
  * CI and quality of life changes not impacting package functionality:
    - Enable end-to-end tests in GitHub Actions
    - Remove stale AD resources on test finish
    - Add developer documentation for running end-to-end tests
    - Collect and upload end-to-end test logs on failure
    - Report test coverage in Cobertura XML format
    - Silence gosec warnings using nolint and remove deprecated ifshort linter
    - Use an environment variable to update golden files
    - Bump github actions to latest:
      - azure/login
      - softprops/action-gh-release
  * Update dependencies to latest:
    - github.com/charmbracelet/lipgloss
    - github.com/golangci/golangci-lint
    - github.com/golang/protobuf
    - github.com/stretchr/testify
    - golang.org/x/crypto
    - golang.org/x/net
    - google.golang.org/grpc
    - google.golang.org/protobuf

adsys (0.14.0) noble; urgency=medium

  * Infer user KRB5CCNAME path via the libkrb5 API (LP: #2049061)
    - This functionality is opt-in and activated if the detect_cached_ticket
      setting is set to true
    - If the AD backend (e.g. sssd) doesn't export the KRB5CCNAME variable, adsys
      will now determine the path to the default ticket cache and use it during
      authentication (when adsys is executed through the PAM module) and runs of
      adsysctl update for the current user.
  * Allow sssd backend to work without ad_domain being set (LP: #2054445)
  * Upgrade to Go 1.22
  * CI and quality of life changes not impacting package functionality:
    - Pass token explicitly to Codecov action
    - Fix require outside of main goroutine
    - Mark function arguments as unused where applicable
      Thanks to Edu Gómez Escandell
    - End to end test VM template creation updates
    - Bump github actions to latest:
      - codecov/codecov-action
      - peter-evans/create-pull-request
  * Update dependencies to latest:
    - github.com/charmbracelet/bubbles
    - github.com/golangci/golangci-lint
    - golang.org/x/crypto
    - golang.org/x/net
    - google.golang.org/grpc

adsys (0.13.3) noble; urgency=medium

  * Fix cert auto-enroll without NDES (LP: #2051363)
  * Refresh policy definition files (remove Lunar support)
  * CI and quality of life changes not impacting package functionality:
    - Bump github actions to latest:
      - actions/download-artifact
      - actions/setup-go
      - actions/upload-artifact
  * Update dependencies to latest:
    - github.com/charmbracelet/bubbles
    - github.com/charmbracelet/bubbletea
    - github.com/google/uuid
    - github.com/spf13/viper
    - golang.org/x/crypto
    - golang.org/x/net
    - golang.org/x/sync
    - golang.org/x/sys
    - google.golang.org/grpc
    - google.golang.org/protobuf

adsys (0.13.2) noble; urgency=medium

  [ Denison Barbosa ]
  [ Didier Roche ]
  [ Gabriel Nagy ]
  [ Jean-Baptiste Lallement ]
  * Ensure GPO URLs contain the FQDN of the domain controller (LP: #2024377)
  * Add runtime dependency on nfs-common (LP: #2044112)
  * Documentation changes:
    - Switch to Read the Docs for project documentation
    - Generate documentation from policy definitions
    - Fix installation path of adwatchd
  * CI and quality of life changes not impacting package functionality:
    - Bump go version to 1.21.4
    - Fix docker stop behavior on integration tests
    - Add e2e tests provisioning workflow
    - Reduce the amount of workflows to be run
    - Remove scopes from dependabot config
  * Update dependencies to latest:
    - github.com/charmbracelet/lipgloss
    - github.com/fatih/color
    - github.com/fsnotify/fsnotify
    - github.com/golangci/golangci-lint
    - github.com/google/uuid
    - github.com/maruel/natural
    - github.com/pkg/sftp
    - github.com/spf13/cobra
    - github.com/spf13/viper
    - golang.org/x/crypto
    - golang.org/x/net
    - golang.org/x/sync
    - golang.org/x/sys
    - golang.org/x/text
    - google.golang.org/grpc

adsys (0.13.1) mantic; urgency=medium

  [ Denison Barbosa ]
  [ Didier Roche ]
  [ Gabriel Nagy ]
  * Fix pam_adsys build (LP: #2037270)
  * Switch to upstream gotext version and align go-i18n (LP: #2037271)
  * Add documentation for certificate policy manager
  * CI and quality of life changes not impacting package functionality:
    - Workflow to auto-patch vendored Samba code
    - Fix typo on build command for the admxgen package
    - Switch to reusable code quality action in CI
    - Apply issue template changes
    - Open issue when ADMX/L builds fail
  * Update dependencies to latest:
    - github.com/charmbracelet/lipgloss
    - github.com/golangci/golangci-lint
    - github.com/gomarkdown/markdown
    - golang.org/x/net
    - golang.org/x/sys
    - golang.org/x/text
    - google.golang.org/grpc

adsys (0.13.0) mantic; urgency=medium

  [ Denison Barbosa ]
  [ Didier Roche ]
  [ Gabriel Nagy ]
  * Add certificate policy manager for machines
    - a new Pro-only policy manager that leverages Samba functionality in order
      to enroll the machine for certificates from AD Certificate Services
  * Migrate translation support to native approach using go-i18n + gotext
  * Update policy definitions to include dconf key for dark mode background
  * Update dependencies to latest:
    - github.com/charmbracelet/bubbles
    - github.com/charmbracelet/bubbletea
    - github.com/golangci/golangci-lint
    - github.com/muesli/termenv
    - github.com/sirupsen/logrus
    - golang.org/x/net
    - golang.org/x/sync
    - golang.org/x/sys
    - golang.org/x/text
    - google.golang.org/grpc
    - google.golang.org/protobuf
  * CI and quality of life changes not impacting package functionality:
    - Address a few issues in smbsafe_test.go
    - Fix typo on build command for the admxgen package
    - Switch to reusable code quality action in CI
    - Apply issue template changes
    - Open issue when ADMX/L builds fail

adsys (0.12.0) mantic; urgency=medium

  [ Denison Barbosa ]
  [ Didier Roche ]
  [ Gabriel Nagy ]
  [ Jean-Baptiste Lallement ]
  * Release 0.12.0 (LP: #2020682)
    - Fix DCONF_PROFILE not considering default_domain_suffix on sssd.conf
    - Go implementation for the user mount handler
    - Remove Rust source code from adsys
    - Rework Kerberos ticket handling logic:
      - to satisfy the Heimdal implementation of Kerberos, we now store and use
        a root-owned copy of the cached ticket
      - the ticket lifetime is still handled via a symlink, and the copy is
        kept up to date based on the original ticket timestamp
    - Ensure empty state for dconf policy
    - Handle case mismatches in GPT.INI file name
    - Refactor ListActiveUsers gRPC function
    - Add adsysctl policy purge command to purge applied policies
    - Rework policy application sync strategy
    - Print logs when policies are up to date
    - Bump Go version to 1.20
    - Update dependencies to latest:
      - github.com/charmbracelet/bubbles
      - github.com/charmbracelet/bubbletea
      - github.com/sirupsen/logrus
      - github.com/spf13/cobra
      - github.com/stretchr/testify
      - golang.org/x/net
      - golang.org/x/sync
      - golang.org/x/sys
      - google.golang.org/grpc
    - CI and quality of life changes not affecting package functionality:
      - peter-evans/create-pull-request
      - Apply clang-format to C source files
      - Remove Rust related code from CI and tests
      - Improve test consistency
      - Fix documentation example images

adsys (0.11.0) lunar; urgency=medium

  [ Denison Barbosa ]
  [ Gabriel Nagy ]
  * List Pro policy types in service status output
  * Warn when Pro-only rules are configured
  * Use systemd via D-Bus instead of systemctl commands
  * Add placeholder notes for entry types
  * Add guideline docs to the policy managers
  * Change Ubuntu Advantage to Ubuntu Pro in docs
  * Add system proxy policy manager (LP: #2012371)
  * Update dependencies to latest:
    - github.com/charmbracelet/lipgloss
    - github.com/coreos/go-systemd/v22
    - github.com/fatih/color
    - github.com/golangci/golangci-lint
    - github.com/golang/protobuf
    - golang.org/x/net
    - google.golang.org/grpc
    - google.golang.org/grpc/cmd/protoc-gen-go-grpc
    - google.golang.org/protobuf
  * CI and quality of life changes not impacting package functionality:
    - Bump github actions to latest:
      - actions/setup-go
    - Update Rust related auto update jobs
    - Replace testutils.Setenv with t.Setenv
    - Set up more tests to run in parallel
    - Various test refactors and improvements

adsys (0.10.1) lunar; urgency=medium

  [ Denison Barbosa ]
  [ Jean-Baptiste Lallement ]
  [ Gabriel Nagy ]
  [ Didier Roche ]
  * Fix erroneous non alternative dependency on package krb5-user
  * Fix a bug in internal/config tests that was causing the autopkgtests to fail
  * Update internal/config to also trigger a reload when config file is
    overwritten
  * Update dependencies to latest:
    - github.com/golangci/golangci-lint
    - github.com/stretchr/testify
  * CI and quality of life changes not impacting package functionality:
    - Bump github actions to latest:
      - peter-evans/create-pull-request
      - actions/download-artifact
    - Addressing some linter issues pointed out by new golangci-lint version

adsys (0.10.0) lunar; urgency=medium

  [ Denison Barbosa ]
  [ Jean-Baptiste Lallement ]
  [ Gabriel Nagy ]
  [ Didier Roche ]
  * Add mount / network shares policy manager
    - this is an Ubuntu Pro feature that allows mounting network shares at a
      user or machine level
    - supported mount types: smb, nfs, and ftp (after installing curlftpfs)
    - supported authentication: anonymous (default), krb5
    - user mounts are handled at login by a Rust binary now shipped with adsys
      Thanks to schopin for the packaging guidance and contributions
    - computer mounts are handled by systemd mount units requiring root
      privileges
  * Add AppArmor policy manager
    - this is an Ubuntu Pro feature that allows enforcing application
      confinement at a user or machine level using AppArmor
    - user policies rely on the libpam-apparmor package which must be
      installed manually
  * Support multiple AD backends and implement Winbind support
    - sssd is still the default backend, but winbind can be opted into through
      the adsys.yaml configuration file
  * Add a --machine / -m flag to adsysctl applied, indicating the policies
    applied to the current machine
  * Expose Ubuntu Pro status in the "status" command
    - status is now fetched dynamically instead of relying on a possibly
      outdated state when updating policies
  * Update scripts manager creation
    - scripts manager now creates both an users and machine directory on
      initialization
  * Fix policy update failing when GPT.INI contains no version key
  * Fix object lookup for users having a FQDN as their hostname
  * Support special characters in domains when parsing sssd configuration
  * Reduce dependencies by excluding CI tools from go.mod
    - tooling-related packages are now vendored in a separate go.mod file,
      allowing for a smaller source package
  * Replace gopkg.in/yaml.v2 with gopkg.in/yaml.v3
    Thanks to Juneezee for the contribution
  * Clean-up packaging scripts related to the user mount handler
    Thanks to liushuyu for the contribution
  * CI and quality of life changes not impacting package functionality:
    - Add golden functionality to testutils
    - Switch to new fsnotify event check syntax
    - Move adsysgpotests to golden generated by testutils
    - Fix test helper permission when making directory RO
    - Rework skipping integration tests
    - Compare golden tree executable permissions
    - Allow running mount_handler tests as part of go test
    - Fix python coverage in integration tests
    - Factorize some coverage testutils functions
    - Refactor tracking and generating coverage files
    - Implement session dbus mock
    - Stabilize integration test coverage
    - Fix set-output GitHub Actions deprecation warning
    - Reuse our utility function for comparing trees
    - Install missing packages for auto-updates workflow
    - Update d/copyright to account for the new Rust dependencies
    - Fix FTBFS on Launchpad introduced by the latest unreleased work
    - Standardize on test case naming and use the previously added testutils
      functions for golden file comparison
  * Update dependencies to latest:
    - github.com/charmbracelet/bubbles
    - github.com/charmbracelet/bubbletea
    - github.com/charmbracelet/glamour
    - github.com/charmbracelet/lipgloss
    - github.com/fatih/color
    - github.com/fsnotify/fsnotify
    - github.com/golangci/golangci-lint
    - github.com/kardianos/service
    - github.com/muesli/termenv
    - github.com/spf13/cobra
    - github.com/spf13/viper
    - github.com/stretchr/testify
    - golang.org/x/net
    - golang.org/x/sys
    - golang.org/x/text
    - google.golang.org/grpc
    - gopkg.in/ini.v1

adsys (0.9.2) kinetic; urgency=medium

  * Update generators to fix FTBFS
    - shell out to mkdir instead of go's os.Mkdir which can bypass fakeroot's
      filesystem hijacking and cause unexpected behavior
  * Update dependencies to latest:
    - github.com/golangci/golangci-lint
    - google.golang.org/protobuf

Date: 2024-10-25 05:44:10.255566+00:00
Changed-By: Evan Caville <evan.caville at canonical.com>
https://launchpad.net/ubuntu/+source/adsys/0.14.2~22.04ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the jammy-changes mailing list