The SSSD team is proud to announce the bugfix release of the System Security Services Daemon version 1.8.2.
As usual, the source can be downloaded at https://fedorahosted.org/sssd == Highlights == * Several fixes to case-insensitive domain functions * Fix for GSSAPI binds when the keytab contains unrelated principals * Fixed several segfaults * Workarounds added for LDAP servers with unreadable RootDSE * SSH knownhostproxy will no longer enter an infinite loop preventing login * The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown * Assorted minor fixes for issues discovered by static analysis tools == Tickets fixed == https://fedorahosted.org/sssd/ticket/1237 only free if sure data has been allocated https://fedorahosted.org/sssd/ticket/1245 "Error looking up public keys" while ssh to replica using IP address. https://fedorahosted.org/sssd/ticket/1251 SSSD memory usage continuously growing https://fedorahosted.org/sssd/ticket/1253 Service lookup shows case sensitive names twice with case_sensitive=false https://fedorahosted.org/sssd/ticket/1257 Unable to bind to IPA server when minssf set https://fedorahosted.org/sssd/ticket/1259 Initial service lookups having name with uppercase alphabets doesn't work. https://fedorahosted.org/sssd/ticket/1260 RFE: support case-insensitive service lookups by port including protocols https://fedorahosted.org/sssd/ticket/1268 sss_ssh_knownhostproxy infinite loop hangs SSH login https://fedorahosted.org/sssd/ticket/1269 sssd: Uses the wrong key for GSSAPI when there a multiple realms in a single keytab. https://fedorahosted.org/sssd/ticket/1270 sssd_nss crashes on request when no back end is running https://fedorahosted.org/sssd/ticket/1272 Unable to lookup user, group, netgroup aliases with case_sensitive=false. https://fedorahosted.org/sssd/ticket/1273 SSSD should start before NFS processes https://fedorahosted.org/sssd/ticket/1274 Wrong resolv_status might cause crash when name resolution times out https://fedorahosted.org/sssd/ticket/1282 Wrong attribute counter causing crash during IPA service lookups https://fedorahosted.org/sssd/ticket/1283 accessing an undefined variable in list_missing_attrs might crash SSSD https://fedorahosted.org/sssd/ticket/1288 Invalid keytab path logged when using the default keytab https://fedorahosted.org/sssd/ticket/1293 Building manpages in a parallel build dir is broken == Detailed Changelog == Jakub Hrozek (17): * Fix uninitialized variable * Free entry found in negative cache * Make the string_equal() function public * Save alias of the primary name, too * NSS: Look for services with correct case when cache is updated * AUTOFS: fix copy-and-paste bug in the autofs client * LDAP services: Keep the protocol around * Silence Coverity warning in the autofs test tool * Return correct resolv_status on resolver timeout * Add sss_get_cased_name_list utility function * LDAP services: Save lowercased protocol names in case-insensitive domains * Proxy services: Save lowercased protocol names and aliases in case-insensitive domains * Fix off-by-one error in principal selection * Catch cases where D-Bus connection is NULL * Fix regression in SSSDConfig.py * Use the correct options counter * netlink integration: ensure that interface name is NULL-terminated Jan Cholasta (3): * SSH: Allow clients to explicitly specify host alias * SSH: Canonicalize host name and do reverse DNS lookup in sss_ssh_knownhostsproxy * SSH: Fix infinite loop in sss_ssh_knownhostsproxy Stephen Gallagher (10): * Bumping version to 1.8.2 * IPA: Allow service lookups * SYSDB: Save only lowercased aliases in case-insensitive domains * LDAP: Errors retrieving the RootDSE should not be fatal * Start SSSD earlier and stop it later * LDAP: Add better error logging when ldap_result() fails * LDAP: Fix memory leaks in synchronous_tls_setup * Fix building manpages in parallel build dirs * Clean up log messages about keytab_name * Updating translation files for 1.8.2 release Sumit Bose (1): * Always initialize the returned data in sss_krb5_princ_realm() Valid signature (Stephen Gallagher <sgall...@redhat.com>)
Description: This is a digitally signed message part
_______________________________________________ Freeipa-interest mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-interest