== SSSD 1.13.2 ===

The SSSD team is proud to announce the release of version 1.13.2 of
the System Security Services Daemon.

As always, the source is available from https://fedorahosted.org/sssd

RPM packages will be made available for Fedora shortly.

== Feedback ==

Please provide comments, bugs and other feedback via the sssd-devel
or sssd-users mailing lists:

== Highlights ==

  * This is primarily a bugfix release, with minor features added to the
    local overrides feature
  * The sss_override tool gained new user-show, user-find, group-show and
    group-find commands
  * The PAM responder was crashing if PAM_USER was set to an empty
    string. This bug was fixed
  * The sssd_be process could crash when looking up groups in setups with
    IPA-AD trusts that use POSIX attributes but do not replicate them to
    the Global Catalog
  * A socket leak in case SSSD couldn't establish a connection to an LDAP
    server was fixed
  * SSSD's memory cache now behaves better when used by long-running
    applications such as system deamons and the administrator invalidates
    the cache
  * The SSSDConfig Python API no longer throws an exception when
    config_file_version is missing
  * The InfoPipe D-Bus interface is able to retrieve user groups correctly
    if the user is a member of non-POSIX groups like ipausers as well
  * Lookups by certificate now work correctly in multi-domain environment
  * The lookup of POSIX attributes after startup was relaxed to only
    check attribute presence, not validity. The POSIX check was also made
    less verbose
  * A bug when looking up a subdomain user by UPN users was fixed 

== Packaging Changes ==

  * The memory cache for initgroups results was previously not packaged. This
    bug was fixed.
  * Python 2/3 packaging in the RPM specfile was improved 

== Tickets Fixed ==

    warn if memcache_timeout is greater than entry_cache_timeout
    Check chown_debug_file() usage
    Consider also disabled domains when link_forest_roots() is called
    extend PAM responder unit test
    Contribute and DevelTips are duplicate
    Long living applicantion can use removed memory cache.
    responder_cache_req-tests failed
    sss_override: add find and show commands
    sbus_codegen_tests leaves a process running
    Review and update wiki pages for 1.13.2
    Create a wiki page that lists security-sensitive options
    SSSD is not closing sockets properly
    Relax POSIX check
    sss_override segfaults when accidentally adding --help flag to some
    Size limit exceeded too loud during POSIX check
    CI: configure script failed on CentOS {6,7}
    sssd_be crashed
    PAM responder crashed if user was not set
    avoid symlinks witih python modules
    CI: test_ipa_subdomains_server failed on rhel6 + --coverage (FAIL:
    sss_override: memory violation
    bug in UPN lookups for subdomain users
    local overrides: don't contact server with overriden name/id
    REGRESSION: ipa-client-automout failed
    sssd crashes if non-UTF-8 locale is used
    IFP: ifp_users_user_get_groups doesn't handle non-POSIX groups

== Detailed Changelog ==

Dan Lavu (1):
    * sss_override: Add restart requirements to man page 

Jakub Hrozek (10):
    * Bump the version for the 1.13.2 development
    * AD: Provide common connection list construction functions
    * AD: Consolidate connection list construction on ad_common.c
    * tests: Fix compilation warning
    * tools: Don't shadow 'exit'
    * IFP: Skip non-POSIX groups properly
    * DP: Drop dp_pam_err_to_string
    * DP: Check callback messages for valid UTF-8
    * sbus: Check string arguments for valid UTF-8 strings
    * Updating translations for the 1.13.2 release 

Lukas Slebodnik (33):
    * CI: Fix configure script arguments for CentOS
    * CI: Don't depend on user input with apt-get
    * CI: Add missing dependency for debian
    * CI: Run integration tests on debian testing
    * BUILD: Link just libsss_crypto with crypto libraries
    * BUILD: Link crypto_tests with existing library
    * BUILD: Remove unused variable TEST_MOCK_OBJ
    * BUILD: Avoid symlinks with python modules
    * SSSDConfigTest: Try load saved config
    * SSSDConfigTest: Test real config without config_file_version
    * intg_tests: Fix PEP8 warnings
    * BUILD: Accept krb5 1.14 for building the PAC plugin
    * BUILD: Fix detection of pthread with strict CFLAGS
    * BUILD: Fix doc directory for sss_simpleifp
    * LDAP: Fix leak of file descriptors
    * CI: Workaroung for code coverage with old gcc
    * cache_req: Fix warning -Wshadow
    * SBUS: Fix warnings -Wshadow
    * TESTS: Fix warnings -Wshadow
    * INIT: Drop syslog.target from service file
    * sbus_codegen_tests: Suppress warning Wmaybe-uninitialized
    * DP_PTASK: Fix warning may be used uninitialized
    * UTIL: Fix memory leak in switch_creds
    * TESTS: Initialize leak check
    * TESTS: Check return value of check_leaks_pop
    * TESTS: Make check_leaks static function
    * TESTS: Add warning for unused result of leak check functions
    * sss_client: Fix underflow of active_threads
    * sssd_client: Do not use removed memory cache
    * test_memory_cache: Test removing mc without invalidation
    * Revert "intg: Invalidate memory cache before removing files"
    * test_sysdb_subdomains: Do not use assignment in assertions 

Michal Židek (7):
    * SSSDConfig: Do not raise exception if config_file_version is missing
    * spec: Missing initgroups mmap file
    * util: Update get_next_domain's interface
    * tests: Add get_next_domain_flags test
    * sysdb: Include disabled domains in link_forest_roots
    * sysdb: Use get_next_domain instead of dom->next
    * Refactor some conditions 

Nikolai Kondrashov (13):
    * CI: Update reason blocking move to DNF
    * CI: Exclude whitespace_test from Valgrind checks
    * intg: Get base DN from LDAP connection object
    * intg: Add support for specifying all user attrs
    * intg: Split LDAP test fixtures for flexibility
    * intg: Reduce sssd.conf duplication in test_ldap.py
    * intg: Fix RFC2307bis group member creation
    * intg: Do not use non-existent pre-increment
    * CI: Do not skip tests not checked with Valgrind
    * CI: Handle dashes in valgrind-condense
    * intg: Fix all PEP8 issues
    * CI: Enforce coverage make check failures
    * intg: Add more LDAP tests 

Pavel Březina (23):
    * sss tools: improve option handling
    * sbus codegen tests: free ctx
    * cache_req: provide extra flag for oob request
    * cache_req: add support for UPN
    * cache_req tests: reduce code duplication
    * cache_req: remove raw_name and do not touch orig_name
    * sss_override: fix comment describing format
    * sss_override: explicitly set ret = EOK
    * sss_override: steal msgs string to objs
    * nss: send original name and id with local views if possible
    * sudo: search with view even if user is found
    * sudo: send original name and id with local views if possible
    * sss_tools: always show common and help options
    * sss_override: fix exporting multiple domains
    * sss_override: add user-find
    * sss_override: add group-find
    * sss_override: add user-show
    * sss_override: add group-show
    * sss_override: do not free ldb_dn in get_object_dn()
    * sss_override: use more generic help text
    * sss_tools: do not allow unexpected free argument
    * BE: Add IFP to known clients
    * AD: remove annoying debug message 

Pavel Reichl (12):
    * AD: add debug messages for netlogon get info
    * confdb: warn if memcache_timeout > than entry_cache
    * SDAP: Relax POSIX check
    * SDAP: optional warning - sizelimit exceeded in POSIX check
    * SDAP: allow_paging in sdap_get_generic_ext_send()
    * SDAP: change type of attrsonly in sdap_get_generic_ext_state
    * SDAP: pass params in sdap_get_and_parse_generic_send
    * sss_override: amend man page - overrides do not stack
    * sss_override: Removed overrides might be in memcache
    * pam-srv-tests: split pam_test_setup() so it can be reused
    * pam-srv-tests: Add UT for cached 'online' auth.
    * intg: Add test for user and group local overrides 

Petr Cech (9):
    * DEBUG: Preventing chown_debug_file if journald on
    * TEST: Add test_user_by_recent_filter_valid
    * TEST: Refactor of test_responder_cache_req.c
    * TEST: Refactor of test_responder_cache_req.c
    * TEST: Add common function are_values_in_array()
    * TEST: Add test_users_by_recent_filter_valid
    * TEST: Add test_group_by_recent_filter_valid
    * TEST: Refactor of test_responder_cache_req.c
    * TEST: Add test_groups_by_recent_filter_valid 

Stephen Gallagher (2):
    * LDAP: Inform about small range size
    * Monitor: Show service pings at debug level 8 

Sumit Bose (5):
    * PAM: only allow missing user name for certificate authentication
    * fix ldb_search usage
    * fix upn cache_req for sub-domain users
    * nss: fix UPN lookups for sub-domain users
    * cache_req: check all domains for lookups by certificate 

Freeipa-interest mailing list

Reply via email to