[Freeipa-interest] Announcing SSSD 1.8.6

Jakub Hrozek jhrozek at redhat.com
Tue Jan 29 17:11:21 UTC 2013 

                    === SSSD 1.8.6 ===

The SSSD team is proud to announce the bugfix release of the System
Security Services Daemon version 1.8.6.

As always, the source is available from https://fedorahosted.org/sssd

RPM packages will be made available for Fedora shortly, this time for
F-16 and F-17 (before F-17 rebases to 1.9.4)

== Feedback ==

Please provide comments, bugs and other feedback via the sssd-devel
or sssd-users mailing lists:
    https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
    https://lists.fedorahosted.org/mailman/listinfo/sssd-users

== Highlights ==
* A security bug assigned CVE-2013-0219 was fixed - TOCTOU race conditions
  when creating or removing home directories for users in local domain
* A security bug assigned CVE-2013-0220 was fixed - out-of-bounds reads
  in autofs and ssh responder
* Handle servers that return an empty string as the value of namingContext,
  in particular Novell eDirectory
* The netgroup midpoint cache refresh works as documented in the manual page
* The sssd_pam responder processes pending requests after reconnect 

== Tickets Fixed ==
* https://fedorahosted.org/sssd/ticket/1542 
  User authentication using LDAP doesn't work
* https://fedorahosted.org/sssd/ticket/1581
  sssd_be crashes while looking up users
* https://fedorahosted.org/sssd/ticket/1717
  Limit requests coalescing in time
* https://fedorahosted.org/sssd/ticket/1683
  arithmetic bug in the SSSD causes netgroup midpoint refresh to be always
  set to 10 seconds
* https://fedorahosted.org/sssd/ticket/1655
  Login fails - sssd_be module polling fd indefinitely and gets killed
* https://fedorahosted.org/sssd/ticket/1781
  sssd: Out-of-bounds read flaws in autofs and ssh services responders
* https://fedorahosted.org/sssd/ticket/1528
  SSSD_NSS failure to gracefully restart after sbus failure
* https://fedorahosted.org/sssd/ticket/1783
  Group lookup fails and takes ~60s to return to shell if member dn is
  incorrect
* https://fedorahosted.org/sssd/ticket/1782
  TOCTOU race conditions by copying and removing directory trees

== Detailed Changelog ==
Jakub Hrozek (9):
 * Updating the version for the 1.8.6 release
 * Initialize Kerberos ticket renewal in the IPA provider
 * LDAP: Check validity of naming_context
 * Free the internal DP request
 * Do not always return PAM_SYSTEM_ERR when offline krb5 authentication fails
 * NSS: Fix netgroup midpoint cache refresh
 * TOOLS: Use openat/unlinkat when removing the homedir
 * TOOLS: Compile on old platforms such as RHEL5
 * Include the auth_utils.h header in the distribution

Jan Cholasta (1):
 * Check that strings do not go beyond the end of the packet body in
   autofs and SSH requests.

Ondrej Kos (2):
 * Restart services with a delay in case they are restarted too often
 * TOOLS: Use file descriptor to avoid races when creating a home directory

Pavel Březina (1):
 * nested groups: fix group lookup hangs if member dn is incorrect

Simo Sorce (2):
 * responder_dp: Add timeout to side requets
 * sssd_pam: Cleanup requests cache on sbus reconect

Stephen Gallagher (1):
 * LDAP: Handle empty namingContexts values safely

Timo Aaltonen (1):
 * link sss_ssh_authorizedkeys and sss_ssh_knownhostsproxy with -lpthread

More information about the Freeipa-interest mailing list