-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2011-1426 2011-02-14 19:47:44 --------------------------------------------------------------------------------
Name : sssd Product : Fedora 14 Version : 1.5.1 Release : 3.fc14 URL : http://fedorahosted.org/sssd/ Summary : System Security Services Daemon Description : Provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects like FreeIPA. -------------------------------------------------------------------------------- Update Information: * Properly sanitize LDB searches in nested groups: * https://fedorahosted.org/sssd/ticket/785 * Put manpage translations in the correct subpackages -------------------------------------------------------------------------------- ChangeLog: * Tue Feb 1 2011 Stephen Gallagher <[email protected]> - 1.5.1-3 - Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage * Thu Jan 27 2011 Stephen Gallagher <[email protected]> - 1.5.1-2.1 - Remove requirement on krb5-devel 1.9 * Thu Jan 27 2011 Stephen Gallagher <[email protected]> - 1.5.1-2 - Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild * Thu Jan 27 2011 Stephen Gallagher <[email protected]> - 1.5.1-1 - New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes * Tue Jan 11 2011 Stephen Gallagher <[email protected]> - 1.5.0-2 - CVE-2010-4341 - DoS in sssd PAM responder can prevent logins * Wed Dec 22 2010 Stephen Gallagher <[email protected]> - 1.5.0-1 - New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations * Thu Nov 18 2010 Stephen Gallagher <[email protected]> - 1.4.1-3 - Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade * Tue Nov 16 2010 Stephen Gallagher <[email protected]> - 1.4.1-2 - Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf * Mon Nov 1 2010 Stephen Gallagher <[email protected]> - 1.4.1-1 - New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base * Mon Oct 18 2010 Stephen Gallagher <[email protected]> - 1.4.0-2 - Fix incorrect tarball URL * Mon Oct 18 2010 Stephen Gallagher <[email protected]> - 1.4.0-1 - New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update sssd' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
