=== SSSD 1.8.5 ===
The SSSD team is proud to announce the bugfix release of the System
Security Services Daemon version 1.8.5.
As always, the source is available from
https://fedorahosted.org/sssd
RPM packages will be made available for Fedora shortly, this time for
F-16 and F-17.
== Feedback ==
Please provide comments, bugs and other feedback via the sssd-devel
or sssd-users mailing lists:
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
== Highlights ==
* Fixed a potential segfault when SRV records are used to discover services
* The client libraries now use robust mutexes to avoid a potential deadlock
if a thread was cancelled while holding a mutex
* Do not return an error when the SELinux support is not configured
* Fixed returning an error to the PAM stack when the SSSD was performing
authentication but the kpasswd server was unreachable
* The SSSD used to skip a whole nesting level instead of a single already
processed group when loading nested group membership structure
* Added support for terminating idle connections and make the idle
timeout configurable
* The sss_ssh_knownostsproxy command no longer aborts when processing a
host without DNS records
* The shadowLastChange attribute is noe correctly updated with days since
the Epoch, not seconds
== Tickets Fixed ==
*
https://fedorahosted.org/sssd/ticket/1356
SSH: Don't abort connection in sss_ssh_knownhostsproxy when DNS records are
missing
*
https://fedorahosted.org/sssd/ticket/1271
Use HTML_TIMESTAMP instead of HTML_FOOTER_DESCRIPTION
*
https://fedorahosted.org/sssd/ticket/1360
Provide "service filter" for SELinux context
*
https://fedorahosted.org/sssd/ticket/1354
Add support for terminating idle connections
*
https://fedorahosted.org/sssd/ticket/1452
KRB5: Only return PAM error for unreachable kpasswd when performing chpass
*
https://fedorahosted.org/sssd/ticket/1419
Fixed wrong number in shadowLastChange
*
https://fedorahosted.org/sssd/ticket/1460
Use PTHREAD_MUTEX_ROBUST to avoid deadlock in the client
*
https://fedorahosted.org/sssd/ticket/1515
KRB5: Return PAM_AUTH_ERR on incorrect password
*
https://fedorahosted.org/sssd/ticket/1364
FO: Check server validity before setting status
== Detailed Changelog ==
Jakub Hrozek (8):
* Use HTML_TIMESTAMP instead of HTML_FOOTER_DESCRIPTION
* Send the correct enumeration request
* Process all groups from a single nesting level
* SYSDB: Make sysdb_attrs_get_el_int() public
* KRB5: Only return PAM error for unreachable kpasswd when performing chpass
* Use PTHREAD_MUTEX_ROBUST to avoid deadlock in the client
* KRB5: Return PAM_AUTH_ERR on incorrect password
* FO: Check server validity before setting status
Jan Cholasta (3):
* SSH: Update sss_ssh_knownhostsproxy manual page
* SSH: Supress error message output in sss_ssh_knownhostsproxy
* SSH: Don't abort connection in sss_ssh_knownhostsproxy when DNS records are
missing
Jan Zeleny (2):
* Provide "service filter" for SELinux context
* Fixed wrong number in shadowLastChange
Shantanu Goel (4):
* Set return errno to the value prior to calling close().
* Log message if close() fails in destructor.
* Do not send SIGPIPE on disconnection
* Add support for terminating idle connections
Stephen Gallagher (2):
* Bumping version to 1.8.5
* Make the client idle timeout configurable
Timo Aaltonen (1):
* Move SELinux processing from session to account PAM stack