The SSSD team is proud to announce our latest stable release: SSSD 1.2.1. This release contains many bugfixes and is a recommended upgrade for any deployment currently running 1.2.0.

SSSD 1.2.1 is available as always from

== Highlights ==
* Eliminated many potential bugs identified by Coverity's Integrity manager
 * Improvements and bugfixes to the negative cache and filter_users/groups
 * Eliminated a serious tight-loop condition
* Changed default min_id value to 1 to avoid conflicts with many real-world deployments * Fix a bug with ldap_access_filter not being able to handle outer parentheses * Fix a bug in the SSSDConfig API that caused it to through unexpected exceptions if there were unknown entries in the configuration file
 * Properly handle the Kerberos credential cache when going offline
* Remove the krb5_changepw_principal option (there are no kerberos implementations that use anything other than kadmin/chang...@realm)

== Detailed Release Notes ==
Dmitri Pal (3):
 * Memory leak in case of empty value
 * Fixing NULL dereferencing in ini_config
 * Addressing initialization issues.

Göran Uddeborg (2):
 * Updating sv translation
 * Update sv translation

Jakub Hrozek (15):
 * Man page fixes
 * Skip empty attributes with warning
 * Fix realm_str dereference
 * Fix potential NULL dereference in sss_groupshow
 * Fix potential NULL dereference in fail_over.c
 * Fix Incorrect NULL check in get_server_common()
 * Add missing break to switch statement
 * Undocument the krb5_changepw_principal option
 * Remove the -g option from useradd
 * get_uid_from_pid should use fstat rather than lstat
 * Fix invalid talloc_move in groupshow
 * Fix potential resource leak in copy_tree_ctx()
 * Potential memory leak in _nss_sss_*_r()
 * Check closedir call in find_uid
 * Print correct return code

Stephen Gallagher (30):
 * Fix typo in Makefile
 * Fix broken build against older versions of OpenLDAP
 * Fix typo in
 * Disable connection callbacks when going online
 * Change default min_id to 1
 * Allow ldap_access_filter values wrapped in parentheses
 * Properly handle read() and write() throughout the SSSD
 * Fix misuse of errno in find_uid.c
 * Avoid potential NULL dereference
 * Properly handle missing originalMemberOf entry in initgroups
 * Don't leak directory access resources on errors in directory_list()
 * Check the correct variable for NULL after creating timer
 * Properly check that the timeout event was created for cleanup/enum
 * Check return code of hash_delete in proxy_child_destructor
 * Eliminate unused variable from pc_init_timeout()
 * Make sure to close varargs before returning from a function
 * Properly null-terminate socket path
 * Don't segfault if ldap_access_filter is unspecified
 * Add ldap_force_upper_case_realm to example AD config
 * Handle (ignore) unknown options in get_domain() and get_service()
 * Remove references to the DP service from the SSSDConfig API tests
 * Standardize on correct spelling of "principal" for krb5
 * Initialize len before looping to read the pidfile
 * Refactor the negative cache
 * Move setup of filter_users and filter_groups to negcache.c
 * Honor filter_users in PAM
 * Fix potential resource leak in remove_tree_with_ctx()
 * Fix return value from remove_connection_callback() destructor
 * Protect against segfault in remove_ldap_connection_callbacks
 * Releasing SSSD 1.2.1

Sumit Bose (10):
 * Fix handling of ccache file when going offline
 * Compare full service name
 * Add sysdb_attrs_get_string_array()
 * Use sysdb_attrs_get_string_array() instead of sysdb_attrs_get_el()
 * Initialize pam_data in Kerberos child.
 * Avoid a potential double-free
 * Add a missing return value
 * Add a missing initializer
 * Add a missing break
 * Add a missing free()

Stephen Gallagher
RHCE 804006346421761

Delivering value year after year.
Red Hat ranks #1 in value among software vendors.

Freeipa-interest mailing list

Reply via email to