The SSSD team is proud to announce the bugfix release of the System Security Services Daemon version 1.8.1

As usual, the source can be downloaded at https://fedorahosted.org/sssd

Packages for Fedora will be built later today and should appear in updates-testing within two days.

== Highlights == * Resolve issue where we could enter an infinite loop trying to connect to an auth server * Fix serious issue with complex (3+ levels) nested groups * Fix netgroup support for case-insensitivity and aliases * Fix serious issue with lookup bundling resulting in requests never completing * IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate * Fix several regressions in the proxy provider

== Detailed Changelog == Jakub Hrozek (12): * Use proper errno code * Only do one cycle when resolving a server * krb5_child: set debugging sooner * Search netgroups by alias, too * Detect cycle in the fail over on subsequent resolve requests only * Autofs: operate on contents of double-pointer, not address * Only free returned values on success * Save original name into the in-memory cache * Handle errors from lookup_netgr_step gracefully * Fix nested groups processing * Fix netgroup error handling * Handle empty elements in proxy netgroups:

Jan Cholasta (1): * Include missing source files to the list of source files which contain translatable strings

Jan Zeleny (5): * Fix the script path * Fixed uninitialized pointer in SSH known host proxy * Fixed uninitialized pointer in SSH authorized keys client * Add umask before mkstemp() call in SSH responder * Fixed resource leak in ssh client code

Pavel Březina (6): * Hide --debug option in sss_debuglevel * Two memory leaks in sss_sudo_get_values * Missing debug message if sdap_sudo_refresh_set_timer fails * Use of unininitialized value in sudosrv_cache_set_entry and sudosrv_cache_lookup_internal * Use of unininitialized value in sss_sudo_parse_response * Potential NULL-dereference in sudosrv_cmd_get_sudorules

Simo Sorce (1): * Use the correct hash table for pending requests

Stephen Gallagher (20): * Bump version to 1.8.1 * Fix typo in autofs option description * Include the debug_level upgrade tool in the tarball * Include new manpages in translations * Updating translations for SSSD 1.8.1 * Fix typo in script name * Handle cases where UID is -1 * IPA: Set the DNS discovery domain to match ipa_domain * IPA: Fix segfault with srchost functionality enabled * DP: Reorganize memory hierarchy of requests * Prune python provides correctly * Make RPM spec more explicit * Build experimental features by default in RPMs * Properly terminate GIT_CHECKOUT * LDAP: Make sdap_access_send/recv public * IPA: Check nsAccountLock during PAM_ACCT_MGMT * PROXY: Create fake user entries for group lookups * SSH: Fix missing semicolon * IPA: Initialize hbac_ctx to NULL * i18n: Remove empty translations

Yuri Chornoivan (1): * fix typos in manual