[Freeipa-interest] Announcing the release of SSSD 1.5.1
Stephen Gallagher
sgallagh at redhat.com
Thu Jan 27 18:12:17 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The SSSD team is proud to announce the latest bugfix release of the
System Security Services Daemon.
The source tarball is available at https://fedorahosted.org/sssd
== Highlights ==
* Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins
* Vast performance improvements when {{{enumerate = true}}}
* All PAM actions will now perform a forced initgroups lookup instead
of just a user information lookup
* This guarantees that all group information is available to other
providers, such as the simple provider.
* For backwards-compatibility, DNS lookups will also fall back to
trying the SSSD domain name as a DNS discovery domain.
* Support for more password expiration policies in LDAP
* 389 Directory Server
* FreeIPA
* ActiveDirectory
* Support for ldap_tls_{cert,key,cipher_suite} config options
* Provided by community member Tyson Whitehead
* Assorted bugfixes
== Detailed Changelog ==
Jakub Hrozek (1):
* NSS obfuscation code cleanup
Piotr Drąg (2):
* Updating pl translation
* Updating pl translation
Stephen Gallagher (27):
* Bumping version to 1.5.1
* Remove unnecessary po4a BuildRequires
* Fix boolean comparison against string
* Work around libldb bug
* Add missing sysdb transaction to group enumerations
* Do not throw a DP error when a netgroup is not found
* Fix missing hash table bug
* Regenerate manpage po[t] files
* Update manpage translations for ldap_enumeration_search_timeout
* Fix usability of sss_obfuscate command
* Do not force a default for debug_level
* Clarify nscd warning
* Remove support for pre-1.1 netlink
* Don't double-sanitize member DNs
* Fix incorrect example file
* Add the user's primary group to the initgroups lookup
* Perform initgroups lookup for PAM
* Add missing include file to sdap_async_accounts.c
* Allow fallback to SSSD domain
* Rename dns_domain to discovery domain for fo_add_srv_server()
* Delete attributes that are removed from LDAP
* Updating translation files for string freeze
* Update translation files for string freeze
* Add uk translation to specfile
* Add missing gettext BuildRequires
* Update man.stamp when the potfile or po4a.cfg is updated
* Add option to disable TLS for LDAP auth
Sumit Bose (22):
* Build and install translated man pages by default
* Use the right status when resetting service discovery
* Rename SRV_NOT_RESOLVED to SRV_RESOLVE_ERROR
* Return groups and users from all domains during enumeration
* Post enumeration tevent request if needed
* Remove unused enumeration cache timeout checks
* Convert obfuscated password once at startup
* Add syslog message to shadow access check
* Add syslog messages to authorized service access check
* Validate user supplied size of data items
* Add overflow check to SAFEALIGN_COPY_*_CHECK macros
* Add timeout parameter to sdap_get_generic_send()
* Add ldap_search_enumeration_timeout config option
* Add LDAP expire policy based on AD attributes
* Add LDAP expire policy base RHDS/IPA attribute
* Add ipa_hbac_search_base config option
* Add pam_pwd_expiration_warning config option
* Use DEFAULT_PAM_VERBOSITY if config value cannot be retrieved
* Fix return value check
* Fix uninitialized value error
* Fix nested group handling during enumeration
* Do not fail if attributes are empty
Tyson Whitehead (1):
* Add ldap_tls_{cert,key,cipher_suite} config options
Yuri Chornoivan (6):
* Updating uk translation
* Add uk translation for manpages
* Fix manpage typos
* Updating uk manpage translation
* Updating uk translation
* Updating uk translation
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk1BtYEACgkQeiVVYja6o6OWlgCZAb+GngLtgogIi1Xi7XArx3q+
DvAAn1EwGpD/wDqTtXKUyAxZadaEaNSh
=NsXl
-----END PGP SIGNATURE-----
More information about the Freeipa-interest
mailing list