[Freeipa-interest] Announcing SSSD 1.9.5
Jakub Hrozek
jhrozek at redhat.com
Tue Apr 23 15:00:12 UTC 2013
=== SSSD 1.9.5 ===
The SSSD team is proud to announce the release of version 1.9.5 of
the System Security Services Daemon.
As always, the source is available from https://fedorahosted.org/sssd
This is mostly a bugfix release with minor feature enhancements -- see
the changelog below for details. In addition to fixing functionality,
this release also includes one security patch.
Our focus is now on developing new features for the upcoming 1.10
release. That said, fixes for important bugs will be added to the 1.9.6
bucket and released when appropriate. The 1.9.6 release has no due date yet,
although we would release it to be aligned with RHEL-6.5 at the latest.
RPM packages will be made available for Fedora shortly, initially for
F-18 and later also backported to F-17, which has moved to the 1.9 series
recently.
== Feedback ==
Please provide comments, bugs and other feedback via the sssd-devel or
sssd-users mailing lists:
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
== Highlights ==
* This release focused mainly on fixing regressions compared to the 1.8
series and bugfixes for features introduced in the 1.9 release cycle. The
release also includes one security fix
* Includes a fix for CVE-2013-0287: A simple access provider flaw prevents
intended ACL use when SSSD is configured as an Active Directory client
* Fixed spurious password expiration warning that was printed on login
with the Kerberos back end
* A new option ldap_rfc2307_fallback_to_local_users was added. If this
option is set to true, SSSD is be able to resolve local group members of
LDAP groups.
* Fixed an indexing bug that prevented the contents of autofs maps from
being returned to the automounter deamon in case the map contained a large
number of entries
* Several fixes for safer handling of Kerberos credential caches for cases
where the ccache is set to be stored in a DIR: type
== Tickets Fixed ==
https://fedorahosted.org/sssd/ticket/1020
SSSD does not list local user's group membership defined in LDAP
https://fedorahosted.org/sssd/ticket/1512
[sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist
https://fedorahosted.org/sssd/ticket/1737
Misleading example in the man page
https://fedorahosted.org/sssd/ticket/1739
sssd is not serving large automount maps reliably
https://fedorahosted.org/sssd/ticket/1755
Saving dereferenced groups fails if a nested group member is outside nesting limit
https://fedorahosted.org/sssd/ticket/1791
Unchecked return value in files.c
https://fedorahosted.org/sssd/ticket/1795
names of domain_realm mapping files in SSSD contain dots
https://fedorahosted.org/sssd/ticket/1799
sssd_be crashes sometimes
https://fedorahosted.org/sssd/ticket/1808
pwd_expiration_warning has wrong default for Kerberos
https://fedorahosted.org/sssd/ticket/1817
sssd pam write_selinux_login_file creating the temp file for SELinux data failed
https://fedorahosted.org/sssd/ticket/1818
LDAP provider doesn't save binary attributes correctly
https://fedorahosted.org/sssd/ticket/1822
krbcc dir creation issue with MIT krb5 1.11
https://fedorahosted.org/sssd/ticket/1826
sssd etas 99% CPU and runs out of file descriptors when clearing cache
https://fedorahosted.org/sssd/ticket/1841
document what does access_provider=ad do
https://fedorahosted.org/sssd/ticket/1868
sssd fails with readonly /etc/selinux/targeted/logins
https://fedorahosted.org/sssd/ticket/1869
pam responder segfaults if the client disconnects before the operation finishes
https://fedorahosted.org/sssd/ticket/1880
Simple access control always denies uppercased users in case insensitive domain
== Detailed Changelog ==
Jakub Hrozek (16):
* Bump the version to 1.9.5, reset release in RPMs to 0
* Don't use srcdir with tests
* Fix the krb5 password expiration warning
* Remove enumerate=true from man sssd-ldap
* Don't treat 0 as default for pam_pwd_expiration warning
* Provide a be_get_account_info_send function
* Add unit tests for simple access test by groups
* Do not compile main() in DP if UNIT_TESTING is defined
* Resolve GIDs in the simple access provider
* Document what does access_provider=ad do
* Allocate PAM DP request data on responder context
* krb5: include backwards compatible declaration of krb5_trace_info
* Fix simple access group control in case-insensitive domains
* LDAP: do not invalidate pointer with realloc while processing ghost users
* tests: Link the simple access tests with -ldl
* Updating the translations for the 1.9.5 release
Jan Engelhardt (1):
* sysdb: try dealing with binary-content attributes
Kamil Dudka (1):
* sssd-1.8.0: work around a bug in cov-build from Coverity
Lukas Slebodnik (1):
* Fix krbcc dir creation issue with MIT krb5 1.11
Michal Zidek (4):
* Unchecked return value in files.c
* File descriptor leak in nss responder.
* Debug message in sss_mc_create_file.
* sssd fails with readonly SELinux login files
Pavel Březina (6):
* krb: recreate ccache if it was deleted
* subdomains: replace invalid characters with underscore in krb5 mapping file name
* sdap_fill_memberships: continue if a member is not foud in sysdb
* autofs: fix invalid header 'number of entries' in packet
* if selinux is disabled, ignore that selogin dir is missing
* krb5-utils-tests: remove invalid condition
Simo Sorce (1):
* ldap: Fallback option for rfc2307 schema
Stephen Gallagher (2):
* Fix minor grammar error in log
* NSS: Add original homedir to home directory template options
More information about the Freeipa-interest
mailing list