The SSSD team is proud to announce the bugfix release of the System
Security Services Daemon version 1.8.1
As usual, the source can be downloaded at
https://fedorahosted.org/sssd
Packages for Fedora will be built later today and should appear in
updates-testing within two days.
== Highlights ==
* Resolve issue where we could enter an infinite loop trying to connect
to an auth server
* Fix serious issue with complex (3+ levels) nested groups
* Fix netgroup support for case-insensitivity and aliases
* Fix serious issue with lookup bundling resulting in requests never
completing
* IPA provider will now check the value of nsAccountLock during
pam_acct_mgmt in addition to pam_authenticate
* Fix several regressions in the proxy provider
== Detailed Changelog ==
Jakub Hrozek (12):
* Use proper errno code
* Only do one cycle when resolving a server
* krb5_child: set debugging sooner
* Search netgroups by alias, too
* Detect cycle in the fail over on subsequent resolve requests only
* Autofs: operate on contents of double-pointer, not address
* Only free returned values on success
* Save original name into the in-memory cache
* Handle errors from lookup_netgr_step gracefully
* Fix nested groups processing
* Fix netgroup error handling
* Handle empty elements in proxy netgroups:
Jan Cholasta (1):
* Include missing source files to the list of source files which
contain translatable strings
Jan Zeleny (5):
* Fix the script path
* Fixed uninitialized pointer in SSH known host proxy
* Fixed uninitialized pointer in SSH authorized keys client
* Add umask before mkstemp() call in SSH responder
* Fixed resource leak in ssh client code
Pavel Březina (6):
* Hide --debug option in sss_debuglevel
* Two memory leaks in sss_sudo_get_values
* Missing debug message if sdap_sudo_refresh_set_timer fails
* Use of unininitialized value in sudosrv_cache_set_entry and
sudosrv_cache_lookup_internal
* Use of unininitialized value in sss_sudo_parse_response
* Potential NULL-dereference in sudosrv_cmd_get_sudorules
Simo Sorce (1):
* Use the correct hash table for pending requests
Stephen Gallagher (20):
* Bump version to 1.8.1
* Fix typo in autofs option description
* Include the debug_level upgrade tool in the tarball
* Include new manpages in translations
* Updating translations for SSSD 1.8.1
* Fix typo in script name
* Handle cases where UID is -1
* IPA: Set the DNS discovery domain to match ipa_domain
* IPA: Fix segfault with srchost functionality enabled
* DP: Reorganize memory hierarchy of requests
* Prune python provides correctly
* Make RPM spec more explicit
* Build experimental features by default in RPMs
* Properly terminate GIT_CHECKOUT
* LDAP: Make sdap_access_send/recv public
* IPA: Check nsAccountLock during PAM_ACCT_MGMT
* PROXY: Create fake user entries for group lookups
* SSH: Fix missing semicolon
* IPA: Initialize hbac_ctx to NULL
* i18n: Remove empty translations
Yuri Chornoivan (1):
* fix typos in manual