=== SSSD 1.9.5 === The SSSD team is proud to announce the release of version 1.9.5 of the System Security Services Daemon.
As always, the source is available from https://fedorahosted.org/sssd This is mostly a bugfix release with minor feature enhancements -- see the changelog below for details. In addition to fixing functionality, this release also includes one security patch. Our focus is now on developing new features for the upcoming 1.10 release. That said, fixes for important bugs will be added to the 1.9.6 bucket and released when appropriate. The 1.9.6 release has no due date yet, although we would release it to be aligned with RHEL-6.5 at the latest. RPM packages will be made available for Fedora shortly, initially for F-18 and later also backported to F-17, which has moved to the 1.9 series recently. == Feedback == Please provide comments, bugs and other feedback via the sssd-devel or sssd-users mailing lists: https://lists.fedorahosted.org/mailman/listinfo/sssd-devel https://lists.fedorahosted.org/mailman/listinfo/sssd-users == Highlights == * This release focused mainly on fixing regressions compared to the 1.8 series and bugfixes for features introduced in the 1.9 release cycle. The release also includes one security fix * Includes a fix for CVE-2013-0287: A simple access provider flaw prevents intended ACL use when SSSD is configured as an Active Directory client * Fixed spurious password expiration warning that was printed on login with the Kerberos back end * A new option ldap_rfc2307_fallback_to_local_users was added. If this option is set to true, SSSD is be able to resolve local group members of LDAP groups. * Fixed an indexing bug that prevented the contents of autofs maps from being returned to the automounter deamon in case the map contained a large number of entries * Several fixes for safer handling of Kerberos credential caches for cases where the ccache is set to be stored in a DIR: type == Tickets Fixed == https://fedorahosted.org/sssd/ticket/1020 SSSD does not list local user's group membership defined in LDAP https://fedorahosted.org/sssd/ticket/1512 [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist https://fedorahosted.org/sssd/ticket/1737 Misleading example in the man page https://fedorahosted.org/sssd/ticket/1739 sssd is not serving large automount maps reliably https://fedorahosted.org/sssd/ticket/1755 Saving dereferenced groups fails if a nested group member is outside nesting limit https://fedorahosted.org/sssd/ticket/1791 Unchecked return value in files.c https://fedorahosted.org/sssd/ticket/1795 names of domain_realm mapping files in SSSD contain dots https://fedorahosted.org/sssd/ticket/1799 sssd_be crashes sometimes https://fedorahosted.org/sssd/ticket/1808 pwd_expiration_warning has wrong default for Kerberos https://fedorahosted.org/sssd/ticket/1817 sssd pam write_selinux_login_file creating the temp file for SELinux data failed https://fedorahosted.org/sssd/ticket/1818 LDAP provider doesn't save binary attributes correctly https://fedorahosted.org/sssd/ticket/1822 krbcc dir creation issue with MIT krb5 1.11 https://fedorahosted.org/sssd/ticket/1826 sssd etas 99% CPU and runs out of file descriptors when clearing cache https://fedorahosted.org/sssd/ticket/1841 document what does access_provider=ad do https://fedorahosted.org/sssd/ticket/1868 sssd fails with readonly /etc/selinux/targeted/logins https://fedorahosted.org/sssd/ticket/1869 pam responder segfaults if the client disconnects before the operation finishes https://fedorahosted.org/sssd/ticket/1880 Simple access control always denies uppercased users in case insensitive domain == Detailed Changelog == Jakub Hrozek (16): * Bump the version to 1.9.5, reset release in RPMs to 0 * Don't use srcdir with tests * Fix the krb5 password expiration warning * Remove enumerate=true from man sssd-ldap * Don't treat 0 as default for pam_pwd_expiration warning * Provide a be_get_account_info_send function * Add unit tests for simple access test by groups * Do not compile main() in DP if UNIT_TESTING is defined * Resolve GIDs in the simple access provider * Document what does access_provider=ad do * Allocate PAM DP request data on responder context * krb5: include backwards compatible declaration of krb5_trace_info * Fix simple access group control in case-insensitive domains * LDAP: do not invalidate pointer with realloc while processing ghost users * tests: Link the simple access tests with -ldl * Updating the translations for the 1.9.5 release Jan Engelhardt (1): * sysdb: try dealing with binary-content attributes Kamil Dudka (1): * sssd-1.8.0: work around a bug in cov-build from Coverity Lukas Slebodnik (1): * Fix krbcc dir creation issue with MIT krb5 1.11 Michal Zidek (4): * Unchecked return value in files.c * File descriptor leak in nss responder. * Debug message in sss_mc_create_file. * sssd fails with readonly SELinux login files Pavel Březina (6): * krb: recreate ccache if it was deleted * subdomains: replace invalid characters with underscore in krb5 mapping file name * sdap_fill_memberships: continue if a member is not foud in sysdb * autofs: fix invalid header 'number of entries' in packet * if selinux is disabled, ignore that selogin dir is missing * krb5-utils-tests: remove invalid condition Simo Sorce (1): * ldap: Fallback option for rfc2307 schema Stephen Gallagher (2): * Fix minor grammar error in log * NSS: Add original homedir to home directory template options _______________________________________________ Freeipa-interest mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-interest