[Freeipa-interest] Announcing SSSD 1.13.2
Jakub Hrozek
jhrozek at redhat.com
Thu Nov 19 15:51:47 UTC 2015
== SSSD 1.13.2 ===
The SSSD team is proud to announce the release of version 1.13.2 of
the System Security Services Daemon.
As always, the source is available from https://fedorahosted.org/sssd
RPM packages will be made available for Fedora shortly.
== Feedback ==
Please provide comments, bugs and other feedback via the sssd-devel
or sssd-users mailing lists:
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
== Highlights ==
* This is primarily a bugfix release, with minor features added to the
local overrides feature
* The sss_override tool gained new user-show, user-find, group-show and
group-find commands
* The PAM responder was crashing if PAM_USER was set to an empty
string. This bug was fixed
* The sssd_be process could crash when looking up groups in setups with
IPA-AD trusts that use POSIX attributes but do not replicate them to
the Global Catalog
* A socket leak in case SSSD couldn't establish a connection to an LDAP
server was fixed
* SSSD's memory cache now behaves better when used by long-running
applications such as system deamons and the administrator invalidates
the cache
* The SSSDConfig Python API no longer throws an exception when
config_file_version is missing
* The InfoPipe D-Bus interface is able to retrieve user groups correctly
if the user is a member of non-POSIX groups like ipausers as well
* Lookups by certificate now work correctly in multi-domain environment
* The lookup of POSIX attributes after startup was relaxed to only
check attribute presence, not validity. The POSIX check was also made
less verbose
* A bug when looking up a subdomain user by UPN users was fixed
== Packaging Changes ==
* The memory cache for initgroups results was previously not packaged. This
bug was fixed.
* Python 2/3 packaging in the RPM specfile was improved
== Tickets Fixed ==
https://fedorahosted.org/sssd/ticket/2176
warn if memcache_timeout is greater than entry_cache_timeout
https://fedorahosted.org/sssd/ticket/2493
Check chown_debug_file() usage
https://fedorahosted.org/sssd/ticket/2673
Consider also disabled domains when link_forest_roots() is called
https://fedorahosted.org/sssd/ticket/2697
extend PAM responder unit test
https://fedorahosted.org/sssd/ticket/2706
Contribute and DevelTips are duplicate
https://fedorahosted.org/sssd/ticket/2726
Long living applicantion can use removed memory cache.
https://fedorahosted.org/sssd/ticket/2730
responder_cache_req-tests failed
https://fedorahosted.org/sssd/ticket/2736
sss_override: add find and show commands
https://fedorahosted.org/sssd/ticket/2759
sbus_codegen_tests leaves a process running
https://fedorahosted.org/sssd/ticket/2779
Review and update wiki pages for 1.13.2
https://fedorahosted.org/sssd/ticket/2786
Create a wiki page that lists security-sensitive options
https://fedorahosted.org/sssd/ticket/2792
SSSD is not closing sockets properly
https://fedorahosted.org/sssd/ticket/2800
Relax POSIX check
https://fedorahosted.org/sssd/ticket/2802
sss_override segfaults when accidentally adding --help flag to some
commands
https://fedorahosted.org/sssd/ticket/2804
Size limit exceeded too loud during POSIX check
https://fedorahosted.org/sssd/ticket/2807
CI: configure script failed on CentOS {6,7}
https://fedorahosted.org/sssd/ticket/2810
sssd_be crashed
https://fedorahosted.org/sssd/ticket/2811
PAM responder crashed if user was not set
https://fedorahosted.org/sssd/ticket/2814
avoid symlinks witih python modules
https://fedorahosted.org/sssd/ticket/2819
CI: test_ipa_subdomains_server failed on rhel6 + --coverage (FAIL:
test_ipa_subdom_server)
https://fedorahosted.org/sssd/ticket/2826
sss_override: memory violation
https://fedorahosted.org/sssd/ticket/2827
bug in UPN lookups for subdomain users
https://fedorahosted.org/sssd/ticket/2833
local overrides: don't contact server with overriden name/id
https://fedorahosted.org/sssd/ticket/2837
REGRESSION: ipa-client-automout failed
https://fedorahosted.org/sssd/ticket/2861
sssd crashes if non-UTF-8 locale is used
https://fedorahosted.org/sssd/ticket/2863
IFP: ifp_users_user_get_groups doesn't handle non-POSIX groups
== Detailed Changelog ==
Dan Lavu (1):
* sss_override: Add restart requirements to man page
Jakub Hrozek (10):
* Bump the version for the 1.13.2 development
* AD: Provide common connection list construction functions
* AD: Consolidate connection list construction on ad_common.c
* tests: Fix compilation warning
* tools: Don't shadow 'exit'
* IFP: Skip non-POSIX groups properly
* DP: Drop dp_pam_err_to_string
* DP: Check callback messages for valid UTF-8
* sbus: Check string arguments for valid UTF-8 strings
* Updating translations for the 1.13.2 release
Lukas Slebodnik (33):
* CI: Fix configure script arguments for CentOS
* CI: Don't depend on user input with apt-get
* CI: Add missing dependency for debian
* CI: Run integration tests on debian testing
* BUILD: Link just libsss_crypto with crypto libraries
* BUILD: Link crypto_tests with existing library
* BUILD: Remove unused variable TEST_MOCK_OBJ
* BUILD: Avoid symlinks with python modules
* SSSDConfigTest: Try load saved config
* SSSDConfigTest: Test real config without config_file_version
* intg_tests: Fix PEP8 warnings
* BUILD: Accept krb5 1.14 for building the PAC plugin
* BUILD: Fix detection of pthread with strict CFLAGS
* BUILD: Fix doc directory for sss_simpleifp
* LDAP: Fix leak of file descriptors
* CI: Workaroung for code coverage with old gcc
* cache_req: Fix warning -Wshadow
* SBUS: Fix warnings -Wshadow
* TESTS: Fix warnings -Wshadow
* INIT: Drop syslog.target from service file
* sbus_codegen_tests: Suppress warning Wmaybe-uninitialized
* DP_PTASK: Fix warning may be used uninitialized
* UTIL: Fix memory leak in switch_creds
* TESTS: Initialize leak check
* TESTS: Check return value of check_leaks_pop
* TESTS: Make check_leaks static function
* TESTS: Add warning for unused result of leak check functions
* sss_client: Fix underflow of active_threads
* sssd_client: Do not use removed memory cache
* test_memory_cache: Test removing mc without invalidation
* Revert "intg: Invalidate memory cache before removing files"
* CONFIGURE: Bump AM_GNU_GETTEXT_VERSION
* test_sysdb_subdomains: Do not use assignment in assertions
Michal Židek (7):
* SSSDConfig: Do not raise exception if config_file_version is missing
* spec: Missing initgroups mmap file
* util: Update get_next_domain's interface
* tests: Add get_next_domain_flags test
* sysdb: Include disabled domains in link_forest_roots
* sysdb: Use get_next_domain instead of dom->next
* Refactor some conditions
Nikolai Kondrashov (13):
* CI: Update reason blocking move to DNF
* CI: Exclude whitespace_test from Valgrind checks
* intg: Get base DN from LDAP connection object
* intg: Add support for specifying all user attrs
* intg: Split LDAP test fixtures for flexibility
* intg: Reduce sssd.conf duplication in test_ldap.py
* intg: Fix RFC2307bis group member creation
* intg: Do not use non-existent pre-increment
* CI: Do not skip tests not checked with Valgrind
* CI: Handle dashes in valgrind-condense
* intg: Fix all PEP8 issues
* CI: Enforce coverage make check failures
* intg: Add more LDAP tests
Pavel Březina (23):
* sss tools: improve option handling
* sbus codegen tests: free ctx
* cache_req: provide extra flag for oob request
* cache_req: add support for UPN
* cache_req tests: reduce code duplication
* cache_req: remove raw_name and do not touch orig_name
* sss_override: fix comment describing format
* sss_override: explicitly set ret = EOK
* sss_override: steal msgs string to objs
* nss: send original name and id with local views if possible
* sudo: search with view even if user is found
* sudo: send original name and id with local views if possible
* sss_tools: always show common and help options
* sss_override: fix exporting multiple domains
* sss_override: add user-find
* sss_override: add group-find
* sss_override: add user-show
* sss_override: add group-show
* sss_override: do not free ldb_dn in get_object_dn()
* sss_override: use more generic help text
* sss_tools: do not allow unexpected free argument
* BE: Add IFP to known clients
* AD: remove annoying debug message
Pavel Reichl (12):
* AD: add debug messages for netlogon get info
* confdb: warn if memcache_timeout > than entry_cache
* SDAP: Relax POSIX check
* SDAP: optional warning - sizelimit exceeded in POSIX check
* SDAP: allow_paging in sdap_get_generic_ext_send()
* SDAP: change type of attrsonly in sdap_get_generic_ext_state
* SDAP: pass params in sdap_get_and_parse_generic_send
* sss_override: amend man page - overrides do not stack
* sss_override: Removed overrides might be in memcache
* pam-srv-tests: split pam_test_setup() so it can be reused
* pam-srv-tests: Add UT for cached 'online' auth.
* intg: Add test for user and group local overrides
Petr Cech (9):
* DEBUG: Preventing chown_debug_file if journald on
* TEST: Add test_user_by_recent_filter_valid
* TEST: Refactor of test_responder_cache_req.c
* TEST: Refactor of test_responder_cache_req.c
* TEST: Add common function are_values_in_array()
* TEST: Add test_users_by_recent_filter_valid
* TEST: Add test_group_by_recent_filter_valid
* TEST: Refactor of test_responder_cache_req.c
* TEST: Add test_groups_by_recent_filter_valid
Stephen Gallagher (2):
* LDAP: Inform about small range size
* Monitor: Show service pings at debug level 8
Sumit Bose (5):
* PAM: only allow missing user name for certificate authentication
* fix ldb_search usage
* fix upn cache_req for sub-domain users
* nss: fix UPN lookups for sub-domain users
* cache_req: check all domains for lookups by certificate
More information about the Freeipa-interest
mailing list