The SSSD team is proud to announce our latest stable release: SSSD
1.2.1. This release contains many bugfixes and is a recommended upgrade
for any deployment currently running 1.2.0.
SSSD 1.2.1 is available as always from https://fedorahosted.org/sssd
== Highlights ==
* Eliminated many potential bugs identified by Coverity's Integrity
manager
* Improvements and bugfixes to the negative cache and filter_users/groups
* Eliminated a serious tight-loop condition
* Changed default min_id value to 1 to avoid conflicts with many
real-world deployments
* Fix a bug with ldap_access_filter not being able to handle outer
parentheses
* Fix a bug in the SSSDConfig API that caused it to through unexpected
exceptions if there were unknown entries in the configuration file
* Properly handle the Kerberos credential cache when going offline
* Remove the krb5_changepw_principal option (there are no kerberos
implementations that use anything other than kadmin/chang...@realm)
== Detailed Release Notes ==
Dmitri Pal (3):
* Memory leak in case of empty value
* Fixing NULL dereferencing in ini_config
* Addressing initialization issues.
Göran Uddeborg (2):
* Updating sv translation
* Update sv translation
Jakub Hrozek (15):
* Man page fixes
* Skip empty attributes with warning
* Fix realm_str dereference
* Fix potential NULL dereference in sss_groupshow
* Fix potential NULL dereference in fail_over.c
* Fix Incorrect NULL check in get_server_common()
* Add missing break to switch statement
* Undocument the krb5_changepw_principal option
* Remove the -g option from useradd
* get_uid_from_pid should use fstat rather than lstat
* Fix invalid talloc_move in groupshow
* Fix potential resource leak in copy_tree_ctx()
* Potential memory leak in _nss_sss_*_r()
* Check closedir call in find_uid
* Print correct return code
Stephen Gallagher (30):
* Fix typo in Makefile
* Fix broken build against older versions of OpenLDAP
* Fix typo in Makefile.am
* Disable connection callbacks when going online
* Change default min_id to 1
* Allow ldap_access_filter values wrapped in parentheses
* Properly handle read() and write() throughout the SSSD
* Fix misuse of errno in find_uid.c
* Avoid potential NULL dereference
* Properly handle missing originalMemberOf entry in initgroups
* Don't leak directory access resources on errors in directory_list()
* Check the correct variable for NULL after creating timer
* Properly check that the timeout event was created for cleanup/enum
* Check return code of hash_delete in proxy_child_destructor
* Eliminate unused variable from pc_init_timeout()
* Make sure to close varargs before returning from a function
* Properly null-terminate socket path
* Don't segfault if ldap_access_filter is unspecified
* Add ldap_force_upper_case_realm to example AD config
* Handle (ignore) unknown options in get_domain() and get_service()
* Remove references to the DP service from the SSSDConfig API tests
* Standardize on correct spelling of "principal" for krb5
* Initialize len before looping to read the pidfile
* Refactor the negative cache
* Move setup of filter_users and filter_groups to negcache.c
* Honor filter_users in PAM
* Fix potential resource leak in remove_tree_with_ctx()
* Fix return value from remove_connection_callback() destructor
* Protect against segfault in remove_ldap_connection_callbacks
* Releasing SSSD 1.2.1
Sumit Bose (10):
* Fix handling of ccache file when going offline
* Compare full service name
* Add sysdb_attrs_get_string_array()
* Use sysdb_attrs_get_string_array() instead of sysdb_attrs_get_el()
* Initialize pam_data in Kerberos child.
* Avoid a potential double-free
* Add a missing return value
* Add a missing initializer
* Add a missing break
* Add a missing free()
--
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
_______________________________________________
Freeipa-interest mailing list
Freeipa-interest@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-interest