[Freeipa-interest] Announcing the release of SSSD 1.5.1

Thu Jan 27 18:12:17 UTC 2011

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The SSSD team is proud to announce the latest bugfix release of the
System Security Services Daemon.

The source tarball is available at https://fedorahosted.org/sssd

== Highlights ==
 * Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins
 * Vast performance improvements when {{{enumerate = true}}}
 * All PAM actions will now perform a forced initgroups lookup instead
of just a user information lookup
  * This guarantees that all group information is available to other
providers, such as the simple provider.
 * For backwards-compatibility, DNS lookups will also fall back to
trying the SSSD domain name as a DNS discovery domain.
 * Support for more password expiration policies in LDAP
  * 389 Directory Server
  * FreeIPA
  * ActiveDirectory
 * Support for ldap_tls_{cert,key,cipher_suite} config options
  * Provided by community member Tyson Whitehead
 * Assorted bugfixes

== Detailed Changelog ==
Jakub Hrozek (1):
 * NSS obfuscation code cleanup

Piotr Drąg (2):
 * Updating pl translation
 * Updating pl translation

Stephen Gallagher (27):
 * Bumping version to 1.5.1
 * Remove unnecessary po4a BuildRequires
 * Fix boolean comparison against string
 * Work around libldb bug
 * Add missing sysdb transaction to group enumerations
 * Do not throw a DP error when a netgroup is not found
 * Fix missing hash table bug
 * Regenerate manpage po[t] files
 * Update manpage translations for ldap_enumeration_search_timeout
 * Fix usability of sss_obfuscate command
 * Do not force a default for debug_level
 * Clarify nscd warning
 * Remove support for pre-1.1 netlink
 * Don't double-sanitize member DNs
 * Fix incorrect example file
 * Add the user's primary group to the initgroups lookup
 * Perform initgroups lookup for PAM
 * Add missing include file to sdap_async_accounts.c
 * Allow fallback to SSSD domain
 * Rename dns_domain to discovery domain for fo_add_srv_server()
 * Delete attributes that are removed from LDAP
 * Updating translation files for string freeze
 * Update translation files for string freeze
 * Add uk translation to specfile
 * Add missing gettext BuildRequires
 * Update man.stamp when the potfile or po4a.cfg is updated
 * Add option to disable TLS for LDAP auth

Sumit Bose (22):
 * Build and install translated man pages by default
 * Use the right status when resetting service discovery
 * Rename SRV_NOT_RESOLVED to SRV_RESOLVE_ERROR
 * Return groups and users from all domains during enumeration
 * Post enumeration tevent request if needed
 * Remove unused enumeration cache timeout checks
 * Convert obfuscated password once at startup
 * Add syslog message to shadow access check
 * Add syslog messages to authorized service access check
 * Validate user supplied size of data items
 * Add overflow check to SAFEALIGN_COPY_*_CHECK macros
 * Add timeout parameter to sdap_get_generic_send()
 * Add ldap_search_enumeration_timeout config option
 * Add LDAP expire policy based on AD attributes
 * Add LDAP expire policy base RHDS/IPA attribute
 * Add ipa_hbac_search_base config option
 * Add pam_pwd_expiration_warning config option
 * Use DEFAULT_PAM_VERBOSITY if config value cannot be retrieved
 * Fix return value check
 * Fix uninitialized value error
 * Fix nested group handling during enumeration
 * Do not fail if attributes are empty

Tyson Whitehead (1):
 * Add ldap_tls_{cert,key,cipher_suite} config options

Yuri Chornoivan (6):
 * Updating uk translation
 * Add uk translation for manpages
 * Fix manpage typos
 * Updating uk manpage translation
 * Updating uk translation
 * Updating uk translation

- -- 
Stephen Gallagher
RHCE 804006346421761

Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk1BtYEACgkQeiVVYja6o6OWlgCZAb+GngLtgogIi1Xi7XArx3q+
DvAAn1EwGpD/wDqTtXKUyAxZadaEaNSh
=NsXl
-----END PGP SIGNATURE-----