=== SSSD 1.9.6 ===

The SSSD team is proud to announce the release of version 1.9.6 of
the System Security Services Daemon.

As always, the source is available from https://fedorahosted.org/sssd

This is mostly a bugfix release with minor feature enhancements -- see
the changelog below for details.

RPM packages will be made available for Fedora 18 shortly.

== Feedback ==

Please provide comments, bugs and other feedback via the sssd-devel or
sssd-users mailing lists:

== Highlights ==

* This release focused primarily on bug fixing and stabilization. Only
  minor features were added
* A new ignore_group_members option was added. This option can be used to
  suppress downloading group members on group lookups, making the group lookups
  much faster for environments that do not need to know the group members.
* A new option ldap_rfc2307_fallback_to_local_users was added. If this
  option is set to true, SSSD is be able to resolve local group members of
  LDAP groups.
* A new option ldap_disable_range_retrieval was added. Switching this
  option to True skips large Active Directory groups that might otherwise
  take a long time to download and process.
* A new option refresh_expired_interval was added. This option allows
  to configure a background task that would automatically refresh entries
  that are nearing their expiration time. In this release, only refreshing
  netgroups is implemented.
* Multiple crasher bugs in the fast in-memory cache were fixed
* Several commits improved portability of SSSD's build system, allowing
  for easier builds on non-Linux platforms

== Tickets Fixed ==

    Enabling enumeration causes sssd_be process to utilize 100% of the CPU
    SSSD doesn't display warning for last grace login.
    [RFE] support autoconfiguring SUDO with ipa provider and compat tree
    SUDO is not working for users from trusted AD domain
    getgrnam / getgrgid for large user groups is too slow due to range
    retrieval functionality
    [RFE] Add support for suppressing group members
    If previous SRV query failed, the next try might not be retried in
    some cases
    [abrt] sssd-1.10.0-4.fc19.beta1: get_server_status: Process
    /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV)
    sssd_be goes to 99% CPU and causes significant login delays when client
    is under load
    sudoHost mismatch response is incorrect sometimes
    sssd fails to resolve hosts/services once the network is up
    cyclic group memberships may not work depending on order of operations
    sssd fails instead of skipping when a sudo ldap filter returns entries
    with multiple CNs
    sssd_be crashing with nested ldap groups contain a dangling member
    sss_cache -N/-n should invalidate the hash table in sssd_nss
    SSSD filter out ldap user/group if uid/gid is zero
    SSSD service randomly dies
    SYSV init script should use @sbindir@
    Enhance sssd init script so that it would source a configuration
    SSSD failover doesn't work if the first DNS server in resolv.conf
    is unavailable
    resolv-tests failing with memory leak
    sssd_nss terminated with segmentation fault
    unite periodic refresh API
    [RFE] Add a task to the SSSD to periodically refresh cached entries
    passwd returns "Authentication token manipulation error" when entering
    wrong current password
    Cannot change expired password of an AD user
    Invalid assignment to enum
    sss_packet_grow: wrong use of module to pad data
    sssd_nss core dumps under load
    Data provider endianess bug
    AD dyndns update crashed after attempting to update a standalone DNS server
    In IPA AD trust setup, the sssd logs throws 'sysdb_search_user_by_name
    failed' error when AD user tries to login via ipa client.
    sssd_be segfault when authenticating against active directory 

== Detailed Changelog ==

Jakub Hrozek (10):
    * Bump the version for the 1.9.6 release
    * Only try to relink ghost users if we're not enumerating
    * Display the last grace warning, too
    * IPA: Do not download or store the member attribute of host groups
    * LDAP: Fix crash when processing nested groups
    * MAN: Clarify the min_id/max_id limits further
    * Set default DNS resolution timeout to 6 seconds.
    * DP: Use the correct type for DBus boolean
    * Make IPA SELinux provider aware of subdomain users
    * Updating Transifex URL
    * Updating translations for the 1.9.6 release 

Lukas Slebodnik (31):
    * SUDO: IPA provider
    * Removing unused functions.
    * Adding option to disable retrieving large AD groups.
    * Every time use permissive control in function memberof_mod.
    * NSS: allow removing entries from netgroup hash table
    * NSS: Clear cached netgroups if a request comes in from the sss_cache
    * Do not call sss_cmd_done in function check_cache.
    * Handle too many results from getnetgr.
    * Removing unused parameter type from sudosrv_get_sudorules_query_cache()
    * mmap_cache: Skip records which doesn't have same hash
    * mmap_cache: Use stricter check for hash keys.
    * UTIL: Create new wraper header file sss_endian.h
    * CLIENT: Fix non gnu sss_strnlen implementation
    * MONITOR: Move function declaration out of conditional build
    * UTIL: Explicitly include header file sys/socket.h
    * MEMBEROF: Remove temporary workaround
    * IPA_HBAC: Explicitelly include header file time.h
    * CONFIGURE: Get rid of bashism
    * Include sys/types.h for types id_t and uid_t
    * UTIL: Use standard maximum value of type size_t
    * mmap_cache: Do not remove record from chain twice
    * AUTOTOOLS: Add missing AC_MSG_RESULT
    * AUTOMAKE: Use portable way to link with dlopen
    * AUTOMAKE: Use portable way to link with gettext
    * AUTOTOOLS: Add directories for searching ldap headers and libs
    * AUTOTOOLS: Refactor unicode library detection
    * AUTOTOOLS: add check for type intptr_t
    * AUTOTOOLS: Use pkg-config to detect libraries.
    * AUTOTOOLS: More robust detection of inotify.
    * AUTOTOOLS: Fix warnings: macro xyz not found in library 

Michal Zidek (13):
    * Always set port status to neutral when resetting service.
    * Lower timeout to contact DNS server
    * resolv-tests failing with memory leak
    * mmap_cache: Check if slot and name_ptr are not invalid.
    * ldap, krb5: More descriptive msg on chpass failure.
    * mmap_cache: Check data->name value in client code
    * mmap_cache: Remove triple checks in client code.
    * mmap_cache: Off by one error.
    * mmap_cache: Use better checks for corrupted mc in responder
    * mmap_cache: Store corrupted mmap cache before reset
    * Rename _SSS_MC_SPECIAL
    * man sssd: Add note about SSS_NSS_USE_MEMCACHE
    * Check slot validity before MC_SLOT_TO_PTR. 

Paul B. Henson (1):
    * Add ignore_group_members option. 

Pavel Březina (16):
    * sudo responder: use fully qualified name for subdomain users
    * failover: set state->out when meta server remains in SRV_RESOLVE_ERROR
    * collapse_srv_lookup may free the server, make it clear from the API
    * failover: if expanded server is marked as neutral, invoke srv collapse
    * sudo responder: use different callback for oob refresh
    * sudo: skip rule on error instead of failing completely
    * sudo: print better debug message when a rule has multiple cn values
    * init script: source /etc/sysconfig/sssd
    * back end: periodic task API
    * back end: periodical refresh of expired records API
    * back end: add refresh expired records periodic task
    * providers: refresh expired netgroups
    * print hint about password complexity when new password is rejected
    * sss_packet_grow: correctly pad packet length to 512B
    * SIGCHLD handler: do not call callback when pvt data was freed
    * is_dn(): free dn 

Simo Sorce (1):
    * Add a commit template 

Stephen Gallagher (1):
    * Configure SYSV init scripts properly 

Sumit Bose (2):
    * sdap_get_generic_ext_send: check if we a re still connected
    * be_spy_create: free be_req and not the long living data 

Freeipa-interest mailing list

Reply via email to