The SSSD team is proud to announce the version 1.5.12 enhancement and
bugfix release of the System Security Services Daemon.

As always, it can be downloaded from

== Highlights ==
 * Fixes a regression introduced in 1.5.11 with hostname resolution
 * Fixes an issue where sssd_pam would leak file descriptors until
resource exhaustion
 * Complete rewrite of the FreeIPA Host-Based Access Control (HBAC)
 * New shared library for HBAC access-control
 * Fixes for password expiration handling with LDAP auth
 * New option to veto certain centrally-managed shells (Patch by John

== Detailed Changelog ==
Jakub Hrozek (18):
 * Use ares_search instead of ares_query for hostname resolution
 * Do not add a NULL host parsed from LDAP URI
 * Only print server address if one is available
 * Fix indexing of skipped groups
 * Set gidNumber of non-posix groups to 0 even on updates
 * Explicitly ignore groups with gidNumber=0
 * Wrong paramater to sysdb_attrs_add_uint32
 * Change the default value of ldap_tls_cacert in IPA provider
 * Provide python bindings for the HBAC evaluator library
 * Fixes for python HBAC bindings
 * Fix python HBAC bindings for python <= 2.4
 * Remove dead code from python HBAC bindings
 * Handle allocation error in python HBAC bindings
 * UTF8 HBAC test
 * HBAC rule validation Python bindings
 * Request password control unconditionally during bind
 * pyhbac: Do not convert int to bool
 * Fix returning groups when gidNumber attribute is not ordered

John Hodrien (1):
 * Add vetoed_shells option

Simo Sorce (1):
 * sss_client: avoid leaking file descriptors

Stephen Gallagher (19):
 * Bumping version to 1.5.12
 * Remove incorrect private variable
 * Add helper function msgs2attrs_array
 * Add HBAC evaluator and tests
 * Add helper functions for looking up HBAC rule components
 * Remove old HBAC implementation
 * Add new HBAC lookup and evaluation routines
 * Add ipa_hbac_refresh option
 * Add ipa_hbac_treat_deny_as option
 * Treat NULL or empty rhost as unknown
 * libipa_hbac: Support case-insensitive comparisons with UTF8
 * Fix memory leak in ipa_hbac_evaluate_rules
 * Fix incorrect NULL check in ipa_hbac_common.c
 * Require matched version and release for libipa_hbac
 * Add rule validator to libipa_hbac
 * Allow LDAP to decide when an expiration warning is warranted
 * Update translation files for SSSD 1.5.12 release
 * Revert "Allow LDAP to decide when an expiration warning is warranted"
 * Updating translations for SSSD 1.5.12 release

Attachment: signature.asc
Description: This is a digitally signed message part

Freeipa-interest mailing list

Reply via email to