=== SSSD 1.8.5 === The SSSD team is proud to announce the bugfix release of the System Security Services Daemon version 1.8.5.
As always, the source is available from https://fedorahosted.org/sssd RPM packages will be made available for Fedora shortly, this time for F-16 and F-17. == Feedback == Please provide comments, bugs and other feedback via the sssd-devel or sssd-users mailing lists: https://lists.fedorahosted.org/mailman/listinfo/sssd-devel https://lists.fedorahosted.org/mailman/listinfo/sssd-users == Highlights == * Fixed a potential segfault when SRV records are used to discover services * The client libraries now use robust mutexes to avoid a potential deadlock if a thread was cancelled while holding a mutex * Do not return an error when the SELinux support is not configured * Fixed returning an error to the PAM stack when the SSSD was performing authentication but the kpasswd server was unreachable * The SSSD used to skip a whole nesting level instead of a single already processed group when loading nested group membership structure * Added support for terminating idle connections and make the idle timeout configurable * The sss_ssh_knownostsproxy command no longer aborts when processing a host without DNS records * The shadowLastChange attribute is noe correctly updated with days since the Epoch, not seconds == Tickets Fixed == * https://fedorahosted.org/sssd/ticket/1356 SSH: Don't abort connection in sss_ssh_knownhostsproxy when DNS records are missing * https://fedorahosted.org/sssd/ticket/1271 Use HTML_TIMESTAMP instead of HTML_FOOTER_DESCRIPTION * https://fedorahosted.org/sssd/ticket/1360 Provide "service filter" for SELinux context * https://fedorahosted.org/sssd/ticket/1354 Add support for terminating idle connections * https://fedorahosted.org/sssd/ticket/1452 KRB5: Only return PAM error for unreachable kpasswd when performing chpass * https://fedorahosted.org/sssd/ticket/1419 Fixed wrong number in shadowLastChange * https://fedorahosted.org/sssd/ticket/1460 Use PTHREAD_MUTEX_ROBUST to avoid deadlock in the client * https://fedorahosted.org/sssd/ticket/1515 KRB5: Return PAM_AUTH_ERR on incorrect password * https://fedorahosted.org/sssd/ticket/1364 FO: Check server validity before setting status == Detailed Changelog == Jakub Hrozek (8): * Use HTML_TIMESTAMP instead of HTML_FOOTER_DESCRIPTION * Send the correct enumeration request * Process all groups from a single nesting level * SYSDB: Make sysdb_attrs_get_el_int() public * KRB5: Only return PAM error for unreachable kpasswd when performing chpass * Use PTHREAD_MUTEX_ROBUST to avoid deadlock in the client * KRB5: Return PAM_AUTH_ERR on incorrect password * FO: Check server validity before setting status Jan Cholasta (3): * SSH: Update sss_ssh_knownhostsproxy manual page * SSH: Supress error message output in sss_ssh_knownhostsproxy * SSH: Don't abort connection in sss_ssh_knownhostsproxy when DNS records are missing Jan Zeleny (2): * Provide "service filter" for SELinux context * Fixed wrong number in shadowLastChange Shantanu Goel (4): * Set return errno to the value prior to calling close(). * Log message if close() fails in destructor. * Do not send SIGPIPE on disconnection * Add support for terminating idle connections Stephen Gallagher (2): * Bumping version to 1.8.5 * Make the client idle timeout configurable Timo Aaltonen (1): * Move SELinux processing from session to account PAM stack _______________________________________________ Freeipa-interest mailing list Freeipa-interest@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-interest