=== SSSD 1.9.5 ===

The SSSD team is proud to announce the release of version 1.9.5 of
the System Security Services Daemon.

As always, the source is available from https://fedorahosted.org/sssd

This is mostly a bugfix release with minor feature enhancements -- see
the changelog below for details. In addition to fixing functionality,
this release also includes one security patch.

Our focus is now on developing new features for the upcoming 1.10
release. That said, fixes for important bugs will be added to the 1.9.6
bucket and released when appropriate. The 1.9.6 release has no due date yet,
although we would release it to be aligned with RHEL-6.5 at the latest.

RPM packages will be made available for Fedora shortly, initially for
F-18 and later also backported to F-17, which has moved to the 1.9 series

== Feedback ==

Please provide comments, bugs and other feedback via the sssd-devel or
sssd-users mailing lists:

== Highlights ==

* This release focused mainly on fixing regressions compared to the 1.8
  series and bugfixes for features introduced in the 1.9 release cycle. The
  release also includes one security fix
* Includes a fix for CVE-2013-0287: A simple access provider flaw prevents
  intended ACL use when SSSD is configured as an Active Directory client
* Fixed spurious password expiration warning that was printed on login
  with the Kerberos back end
* A new option ldap_rfc2307_fallback_to_local_users was added. If this
  option is set to true, SSSD is be able to resolve local group members of
  LDAP groups.
* Fixed an indexing bug that prevented the contents of autofs maps from
  being returned to the automounter deamon in case the map contained a large
  number of entries
* Several fixes for safer handling of Kerberos credential caches for cases
  where the ccache is set to be stored in a DIR: type

== Tickets Fixed ==

    SSSD does not list local user's group membership defined in LDAP
    [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir 
does not exist
    Misleading example in the man page
    sssd is not serving large automount maps reliably
    Saving dereferenced groups fails if a nested group member is outside 
nesting limit
    Unchecked return value in files.c
    names of domain_realm mapping files in SSSD contain dots
    sssd_be crashes sometimes
    pwd_expiration_warning has wrong default for Kerberos
    sssd pam write_selinux_login_file creating the temp file for SELinux data 
    LDAP provider doesn't save binary attributes correctly
    krbcc dir creation issue with MIT krb5 1.11
    sssd etas 99% CPU and runs out of file descriptors when clearing cache
    document what does access_provider=ad do
    sssd fails with readonly /etc/selinux/targeted/logins
    pam responder segfaults if the client disconnects before the operation 
    Simple access control always denies uppercased users in case insensitive 

== Detailed Changelog ==

Jakub Hrozek (16):
    * Bump the version to 1.9.5, reset release in RPMs to 0
    * Don't use srcdir with tests
    * Fix the krb5 password expiration warning
    * Remove enumerate=true from man sssd-ldap
    * Don't treat 0 as default for pam_pwd_expiration warning
    * Provide a be_get_account_info_send function
    * Add unit tests for simple access test by groups
    * Do not compile main() in DP if UNIT_TESTING is defined
    * Resolve GIDs in the simple access provider
    * Document what does access_provider=ad do
    * Allocate PAM DP request data on responder context
    * krb5: include backwards compatible declaration of krb5_trace_info
    * Fix simple access group control in case-insensitive domains
    * LDAP: do not invalidate pointer with realloc while processing ghost users
    * tests: Link the simple access tests with -ldl
    * Updating the translations for the 1.9.5 release 

Jan Engelhardt (1):
    * sysdb: try dealing with binary-content attributes 

Kamil Dudka (1):
    * sssd-1.8.0: work around a bug in cov-build from Coverity 

Lukas Slebodnik (1):
    * Fix krbcc dir creation issue with MIT krb5 1.11 

Michal Zidek (4):
    * Unchecked return value in files.c
    * File descriptor leak in nss responder.
    * Debug message in sss_mc_create_file.
    * sssd fails with readonly SELinux login files 

Pavel Březina (6):
    * krb: recreate ccache if it was deleted
    * subdomains: replace invalid characters with underscore in krb5 mapping 
file name
    * sdap_fill_memberships: continue if a member is not foud in sysdb
    * autofs: fix invalid header 'number of entries' in packet
    * if selinux is disabled, ignore that selogin dir is missing
    * krb5-utils-tests: remove invalid condition 

Simo Sorce (1):
    * ldap: Fallback option for rfc2307 schema 

Stephen Gallagher (2):
    * Fix minor grammar error in log
    * NSS: Add original homedir to home directory template options 

Freeipa-interest mailing list

Reply via email to