The SSSD team is proud to announce the bugfix release of the System
Security Services Daemon version 1.8.2.

As usual, the source can be downloaded at

== Highlights ==
      * Several fixes to case-insensitive domain functions
      * Fix for GSSAPI binds when the keytab contains unrelated
      * Fixed several segfaults
      * Workarounds added for LDAP servers with unreadable RootDSE
      * SSH knownhostproxy will no longer enter an infinite loop
        preventing login
      * The provided SYSV init script now starts SSSD earlier at startup
        and stops it later during shutdown
      * Assorted minor fixes for issues discovered by static analysis

== Tickets fixed ==
        only free if sure data has been allocated
        "Error looking up public keys" while ssh to replica using IP
        SSSD memory usage continuously growing
        Service lookup shows case sensitive names twice with
        Unable to bind to IPA server when minssf set
        Initial service lookups having name with uppercase alphabets
        doesn't work.
        RFE: support case-insensitive service lookups by port including
        sss_ssh_knownhostproxy infinite loop hangs SSH login
        sssd: Uses the wrong key for GSSAPI when there a multiple realms
        in a single keytab.
        sssd_nss crashes on request when no back end is running
        Unable to lookup user, group, netgroup aliases with
        SSSD should start before NFS processes
        Wrong resolv_status might cause crash when name resolution times
        Wrong attribute counter causing crash during IPA service lookups
        accessing an undefined variable in list_missing_attrs might
        crash SSSD
        Invalid keytab path logged when using the default keytab
        Building manpages in a parallel build dir is broken

== Detailed Changelog ==

Jakub Hrozek (17):
      * Fix uninitialized variable
      * Free entry found in negative cache
      * Make the string_equal() function public
      * Save alias of the primary name, too
      * NSS: Look for services with correct case when cache is updated
      * AUTOFS: fix copy-and-paste bug in the autofs client
      * LDAP services: Keep the protocol around
      * Silence Coverity warning in the autofs test tool
      * Return correct resolv_status on resolver timeout
      * Add sss_get_cased_name_list utility function
      * LDAP services: Save lowercased protocol names in
        case-insensitive domains
      * Proxy services: Save lowercased protocol names and aliases in
        case-insensitive domains
      * Fix off-by-one error in principal selection
      * Catch cases where D-Bus connection is NULL
      * Fix regression in
      * Use the correct options counter
      * netlink integration: ensure that interface name is

Jan Cholasta (3):
      * SSH: Allow clients to explicitly specify host alias
      * SSH: Canonicalize host name and do reverse DNS lookup in
      * SSH: Fix infinite loop in sss_ssh_knownhostsproxy

Stephen Gallagher (10):
      * Bumping version to 1.8.2
      * IPA: Allow service lookups
      * SYSDB: Save only lowercased aliases in case-insensitive domains
      * LDAP: Errors retrieving the RootDSE should not be fatal
      * Start SSSD earlier and stop it later
      * LDAP: Add better error logging when ldap_result() fails
      * LDAP: Fix memory leaks in synchronous_tls_setup
      * Fix building manpages in parallel build dirs
      * Clean up log messages about keytab_name
      * Updating translation files for 1.8.2 release

Sumit Bose (1):
      * Always initialize the returned data in sss_krb5_princ_realm()

        Valid signature (Stephen Gallagher <>)

Attachment: signature.asc
Description: This is a digitally signed message part

Freeipa-interest mailing list

Reply via email to