[Freeipa-interest] Announcing SSSD 1.5.12
Stephen Gallagher
sgallagh at redhat.com
Fri Aug 5 12:18:56 UTC 2011
The SSSD team is proud to announce the version 1.5.12 enhancement and
bugfix release of the System Security Services Daemon.
As always, it can be downloaded from https://fedorahosted.org/sssd/
== Highlights ==
* Fixes a regression introduced in 1.5.11 with hostname resolution
* Fixes an issue where sssd_pam would leak file descriptors until
resource exhaustion
* Complete rewrite of the FreeIPA Host-Based Access Control (HBAC)
resolver
* New shared library for HBAC access-control
* Fixes for password expiration handling with LDAP auth
* New option to veto certain centrally-managed shells (Patch by John
Hodrien)
== Detailed Changelog ==
Jakub Hrozek (18):
* Use ares_search instead of ares_query for hostname resolution
* Do not add a NULL host parsed from LDAP URI
* Only print server address if one is available
* Fix indexing of skipped groups
* Set gidNumber of non-posix groups to 0 even on updates
* Explicitly ignore groups with gidNumber=0
* Wrong paramater to sysdb_attrs_add_uint32
* Change the default value of ldap_tls_cacert in IPA provider
* Provide python bindings for the HBAC evaluator library
* Fixes for python HBAC bindings
* Fix python HBAC bindings for python <= 2.4
* Remove dead code from python HBAC bindings
* Handle allocation error in python HBAC bindings
* UTF8 HBAC test
* HBAC rule validation Python bindings
* Request password control unconditionally during bind
* pyhbac: Do not convert int to bool
* Fix returning groups when gidNumber attribute is not ordered
John Hodrien (1):
* Add vetoed_shells option
Simo Sorce (1):
* sss_client: avoid leaking file descriptors
Stephen Gallagher (19):
* Bumping version to 1.5.12
* Remove incorrect private variable
* Add helper function msgs2attrs_array
* Add HBAC evaluator and tests
* Add helper functions for looking up HBAC rule components
* Remove old HBAC implementation
* Add new HBAC lookup and evaluation routines
* Add ipa_hbac_refresh option
* Add ipa_hbac_treat_deny_as option
* Treat NULL or empty rhost as unknown
* libipa_hbac: Support case-insensitive comparisons with UTF8
* Fix memory leak in ipa_hbac_evaluate_rules
* Fix incorrect NULL check in ipa_hbac_common.c
* Require matched version and release for libipa_hbac
* Add rule validator to libipa_hbac
* Allow LDAP to decide when an expiration warning is warranted
* Update translation files for SSSD 1.5.12 release
* Revert "Allow LDAP to decide when an expiration warning is warranted"
* Updating translations for SSSD 1.5.12 release
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/freeipa-interest/attachments/20110805/261719f6/attachment.sig>
More information about the Freeipa-interest
mailing list