=== SSSD 1.9.5 ===

The SSSD team is proud to announce the release of version 1.9.5 of
the System Security Services Daemon.

As always, the source is available from https://fedorahosted.org/sssd

This is mostly a bugfix release with minor feature enhancements -- see
the changelog below for details. In addition to fixing functionality,
this release also includes one security patch.

Our focus is now on developing new features for the upcoming 1.10
release. That said, fixes for important bugs will be added to the 1.9.6
bucket and released when appropriate. The 1.9.6 release has no due date yet,
although we would release it to be aligned with RHEL-6.5 at the latest.

RPM packages will be made available for Fedora shortly, initially for
F-18 and later also backported to F-17, which has moved to the 1.9 series
recently.

== Feedback ==

Please provide comments, bugs and other feedback via the sssd-devel or
sssd-users mailing lists:
    https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
    https://lists.fedorahosted.org/mailman/listinfo/sssd-users

== Highlights ==

* This release focused mainly on fixing regressions compared to the 1.8
  series and bugfixes for features introduced in the 1.9 release cycle. The
  release also includes one security fix
* Includes a fix for CVE-2013-0287: A simple access provider flaw prevents
  intended ACL use when SSSD is configured as an Active Directory client
* Fixed spurious password expiration warning that was printed on login
  with the Kerberos back end
* A new option ldap_rfc2307_fallback_to_local_users was added. If this
  option is set to true, SSSD is be able to resolve local group members of
  LDAP groups.
* Fixed an indexing bug that prevented the contents of autofs maps from
  being returned to the automounter deamon in case the map contained a large
  number of entries
* Several fixes for safer handling of Kerberos credential caches for cases
  where the ccache is set to be stored in a DIR: type

== Tickets Fixed ==

https://fedorahosted.org/sssd/ticket/1020
    SSSD does not list local user's group membership defined in LDAP
https://fedorahosted.org/sssd/ticket/1512
    [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir 
does not exist
https://fedorahosted.org/sssd/ticket/1737
    Misleading example in the man page
https://fedorahosted.org/sssd/ticket/1739
    sssd is not serving large automount maps reliably
https://fedorahosted.org/sssd/ticket/1755
    Saving dereferenced groups fails if a nested group member is outside 
nesting limit
https://fedorahosted.org/sssd/ticket/1791
    Unchecked return value in files.c
https://fedorahosted.org/sssd/ticket/1795
    names of domain_realm mapping files in SSSD contain dots
https://fedorahosted.org/sssd/ticket/1799
    sssd_be crashes sometimes
https://fedorahosted.org/sssd/ticket/1808
    pwd_expiration_warning has wrong default for Kerberos
https://fedorahosted.org/sssd/ticket/1817
    sssd pam write_selinux_login_file creating the temp file for SELinux data 
failed
https://fedorahosted.org/sssd/ticket/1818
    LDAP provider doesn't save binary attributes correctly
https://fedorahosted.org/sssd/ticket/1822
    krbcc dir creation issue with MIT krb5 1.11
https://fedorahosted.org/sssd/ticket/1826
    sssd etas 99% CPU and runs out of file descriptors when clearing cache
https://fedorahosted.org/sssd/ticket/1841
    document what does access_provider=ad do
https://fedorahosted.org/sssd/ticket/1868
    sssd fails with readonly /etc/selinux/targeted/logins
https://fedorahosted.org/sssd/ticket/1869
    pam responder segfaults if the client disconnects before the operation 
finishes
https://fedorahosted.org/sssd/ticket/1880
    Simple access control always denies uppercased users in case insensitive 
domain

== Detailed Changelog ==

Jakub Hrozek (16):
    * Bump the version to 1.9.5, reset release in RPMs to 0
    * Don't use srcdir with tests
    * Fix the krb5 password expiration warning
    * Remove enumerate=true from man sssd-ldap
    * Don't treat 0 as default for pam_pwd_expiration warning
    * Provide a be_get_account_info_send function
    * Add unit tests for simple access test by groups
    * Do not compile main() in DP if UNIT_TESTING is defined
    * Resolve GIDs in the simple access provider
    * Document what does access_provider=ad do
    * Allocate PAM DP request data on responder context
    * krb5: include backwards compatible declaration of krb5_trace_info
    * Fix simple access group control in case-insensitive domains
    * LDAP: do not invalidate pointer with realloc while processing ghost users
    * tests: Link the simple access tests with -ldl
    * Updating the translations for the 1.9.5 release 

Jan Engelhardt (1):
    * sysdb: try dealing with binary-content attributes 

Kamil Dudka (1):
    * sssd-1.8.0: work around a bug in cov-build from Coverity 

Lukas Slebodnik (1):
    * Fix krbcc dir creation issue with MIT krb5 1.11 

Michal Zidek (4):
    * Unchecked return value in files.c
    * File descriptor leak in nss responder.
    * Debug message in sss_mc_create_file.
    * sssd fails with readonly SELinux login files 

Pavel Březina (6):
    * krb: recreate ccache if it was deleted
    * subdomains: replace invalid characters with underscore in krb5 mapping 
file name
    * sdap_fill_memberships: continue if a member is not foud in sysdb
    * autofs: fix invalid header 'number of entries' in packet
    * if selinux is disabled, ignore that selogin dir is missing
    * krb5-utils-tests: remove invalid condition 

Simo Sorce (1):
    * ldap: Fallback option for rfc2307 schema 

Stephen Gallagher (2):
    * Fix minor grammar error in log
    * NSS: Add original homedir to home directory template options 

_______________________________________________
Freeipa-interest mailing list
Freeipa-interest@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-interest

Reply via email to