The SSSD team is proud to announce the bugfix release of the System
Security Services Daemon version 1.8.4.

As usual, the source can be downloaded from

== Highlights ==

    Fix a bug causing AD servers not to fail over properly when the KDC
    on the primary server is down
    Fix an endianness bug on big-endian systems when looking up services
    Fix a segfault dealing with nested groups
    Make the nowait cache updates work for netgroups
    Fix a regression that broke domains with
    use_fully_qualified_names = True 

== Tickets Fixed ==
    RHEL5 detection in does not work
    Warning in debug log about nscd
    Special-case LDAP_SIZELIMIT_EXCEEDED when handling ldap return codes
    LDAP provider needs to use all available servers for GSSAPI if the
    child times out
    heimdal: configure: Kerberos locator plugin cannot be build
    Group enumeration fails in proxy provider
    Potential NULL dereference in proxy provider
    sss_groupadd no longer detects duplicate GID numbers
    sssd does not provide maps for automounter when custom schema is
    being used
    SSSD netgroups do not honor entry_cache_nowait_percentage
    sssd_be crashed with SIGSEGV in _tevent_schedule_immediate()
    Loading of selinux user maps broken
    Service lookups by port number doesn't work on s390x/ppc64 arches

== Detailed Changelog ==

Ariel Barria (2):

    Potential NULL dereference in proxy provider
    Warn to syslog when dereference requests fail 

Jakub Hrozek (11):

    Kerberos locator: Include the correct krb5.h header file
    krb5 locator: Do not leak addrinfo
    Try all KDCs when getting TGT for LDAP
    Send the correct enumeration request
    SYSDB: Handle user and group renames better
    Use the sysdb attribute name, not LDAP attribute name
    LDAP nested groups: Do not process callback with _post deep in the
    nested structure
    Use sized_string correctly in FQDN domains
    Send 16bit protocol numbers from the sss_client
    Revert the client packet length, too, after reverting the packet

Jan Engelhardt (1):

    build: resolve link failure 

Jan Zeleny (1):

    Fixed issue in SELinux user maps 

Stef Walter (3):

    Limit krb5_get_init_creds_keytab() to etypes in keytab
    If canon'ing principals, write ccache with updated default principal
    Remove erroneous failure message in find_principal_in_keytab 

Stephen Gallagher (7):

    Bump version to 1.8.4
    murmurhash: Relax inline requirement
    RPM: Allow running 'make rpms' on RHEL 5 machines
    NSS: Expire in-memory netgroup cache before the nowait timeout
    KRB5: Avoid NULL-dereference with empty keytab
    NSS: Restore original protocol for getservbyport
    Updating translations for 1.8.4 release 

Attachment: signature.asc
Description: This is a digitally signed message part

Freeipa-interest mailing list

Reply via email to