=== SSSD 1.9.2 === The SSSD team is proud to announce the release of version 1.9.2 of the System Security Services Daemon.
This is mostly a bugfix release again. I am going to branch off the 1.9 branch from master so that we can start including the 1.10 features in master. As always, the source is available from https://fedorahosted.org/sssd RPM packages will be made available for Fedora shortly, initially for F-18 and rawhide and later also backported to F-17. == Feedback == Please provide comments, bugs and other feedback via the sssd-devel or sssd-users mailing lists: https://lists.fedorahosted.org/mailman/listinfo/sssd-devel https://lists.fedorahosted.org/mailman/listinfo/sssd-users == Highlights == * Users or groups from trusted domains can be retrieved by UID or GID as well * Several fixes that mitigate file descriptor leak during logins * SSH host keys are also removed from the cache after being removed from the server * Fix intermittent crash in responders if the responder was shutting down while requests were still pending * Catch an error condition that might have caused a tight loop in the sssd_nss process while refreshing expired enumeration request * Fixed memory hierarchy of subdomains discovery requests that caused use-after-free access bugs * The krb5_child and ldap_child processes can print libkrb5 tracing information in the debug logs == Tickets Fixed == https://fedorahosted.org/sssd/ticket/1008 Make sssd api conf file location configurable https://fedorahosted.org/sssd/ticket/1319 group lookups optimizations for IPA https://fedorahosted.org/sssd/ticket/1499 Add details about TGT validation to sssd-krb5 man page https://fedorahosted.org/sssd/ticket/1512 [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist https://fedorahosted.org/sssd/ticket/1514 [abrt] sssd-1.8.4-13.fc16: __GI_exit: Process /usr/libexec/sssd/sssd_pam was killed by signal 6 (SIGABRT) https://fedorahosted.org/sssd/ticket/1539 Collect Krb5 Trace on High Debug Levels https://fedorahosted.org/sssd/ticket/1551 sssd_nss process hangs, stuck in loop; "self restart" does recover, but old process hangs around using 100% CPU https://fedorahosted.org/sssd/ticket/1561 getting user/group entry by uid/gid sometimes fails https://fedorahosted.org/sssd/ticket/1569 Use pam_set_data to close the fd in the pam module https://fedorahosted.org/sssd/ticket/1571 sssd_nss intermittent crash https://fedorahosted.org/sssd/ticket/1574 SSH host keys are not being removed from the cache == Packaging Changes == * The libsss_sudo-devel package no longer contains the package-config file. The libsss_sudo-devel shared object has been moved to the libsss_sudo package. == Detailed Changelog == E Deon Lackey (1): * Fix language errors in the sssd-krb5.conf man page Jakub Hrozek (14): * Bumping the version to 1.9.1 release * Fix uninitialized pointer read in ssh_host_pubkeys_update_known_hosts * Fix segfault when ID-mapping an entry without a SID * Fix memory hierarchy in subdomains discovery * PAM: close socket fd with pam_set_data * Couple of specfile fixes * Remove libsss_sudo.pc and move libsss_sudo.so to libsss_sudo * Two fixes to child processes * Collect krb5 trace on high debug levels * PAM: fix handling the client fd in pam destructor * Create ghost users when a user DN is encountered in IPA * Only call krb5_set_trace_callback on platforms that support it * MAN: improve wording of default_domain parameter * Updating the translations for the 1.9.2 release Jan Cholasta (1): * SSH: When host keys are removed from LDAP, remove them from the cache as well Ondrej Kos (1): * Add more info about ticket validation Pavel Březina (3): * do not fail if POLLHUP occurs while reading data * do not call dp callbacks when responder is shutting down * nss_cmd_retpwent(): do not go into infinite loop if n < 0 Sumit Bose (3): * Save time of last get_domains request * Check for subdomains if getpwuid or getgrgid are the first requests * Allow extdom exop to return flat domain name as well Thorsten Scherf (1): * Fixed: translation bug Yuri Chornoivan (1): * Fix typos _______________________________________________ Freeipa-interest mailing list Freeipa-interest@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-interest