=== SSSD 1.9.2 ===
The SSSD team is proud to announce the release of version 1.9.2 of
the System Security Services Daemon.
This is mostly a bugfix release again. I am going to branch off the 1.9
branch from master so that we can start including the 1.10 features in
master.
As always, the source is available from
https://fedorahosted.org/sssd
RPM packages will be made available for Fedora shortly, initially for F-18
and rawhide and later also backported to F-17.
== Feedback ==
Please provide comments, bugs and other feedback via the sssd-devel or
sssd-users mailing lists:
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
== Highlights ==
* Users or groups from trusted domains can be retrieved by UID or GID as well
* Several fixes that mitigate file descriptor leak during logins
* SSH host keys are also removed from the cache after being removed
from the server
* Fix intermittent crash in responders if the responder was shutting
down while requests were still pending
* Catch an error condition that might have caused a tight loop in the
sssd_nss process while refreshing expired enumeration request
* Fixed memory hierarchy of subdomains discovery requests that caused
use-after-free access bugs
* The krb5_child and ldap_child processes can print libkrb5 tracing
information in the debug logs
== Tickets Fixed ==
https://fedorahosted.org/sssd/ticket/1008
Make sssd api conf file location configurable
https://fedorahosted.org/sssd/ticket/1319
group lookups optimizations for IPA
https://fedorahosted.org/sssd/ticket/1499
Add details about TGT validation to sssd-krb5 man page
https://fedorahosted.org/sssd/ticket/1512
[sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not
exist
https://fedorahosted.org/sssd/ticket/1514
[abrt] sssd-1.8.4-13.fc16: __GI_exit: Process /usr/libexec/sssd/sssd_pam was killed by
signal 6 (SIGABRT)
https://fedorahosted.org/sssd/ticket/1539
Collect Krb5 Trace on High Debug Levels
https://fedorahosted.org/sssd/ticket/1551
sssd_nss process hangs, stuck in loop; "self restart" does recover, but old
process hangs around using 100% CPU
https://fedorahosted.org/sssd/ticket/1561
getting user/group entry by uid/gid sometimes fails
https://fedorahosted.org/sssd/ticket/1569
Use pam_set_data to close the fd in the pam module
https://fedorahosted.org/sssd/ticket/1571
sssd_nss intermittent crash
https://fedorahosted.org/sssd/ticket/1574
SSH host keys are not being removed from the cache
== Packaging Changes ==
* The libsss_sudo-devel package no longer contains the package-config
file. The libsss_sudo-devel shared object has been moved to the
libsss_sudo package.
== Detailed Changelog ==
E Deon Lackey (1):
* Fix language errors in the sssd-krb5.conf man page
Jakub Hrozek (14):
* Bumping the version to 1.9.1 release
* Fix uninitialized pointer read in ssh_host_pubkeys_update_known_hosts
* Fix segfault when ID-mapping an entry without a SID
* Fix memory hierarchy in subdomains discovery
* PAM: close socket fd with pam_set_data
* Couple of specfile fixes
* Remove libsss_sudo.pc and move libsss_sudo.so to libsss_sudo
* Two fixes to child processes
* Collect krb5 trace on high debug levels
* PAM: fix handling the client fd in pam destructor
* Create ghost users when a user DN is encountered in IPA
* Only call krb5_set_trace_callback on platforms that support it
* MAN: improve wording of default_domain parameter
* Updating the translations for the 1.9.2 release
Jan Cholasta (1):
* SSH: When host keys are removed from LDAP, remove them from the
cache as well
Ondrej Kos (1):
* Add more info about ticket validation
Pavel Březina (3):
* do not fail if POLLHUP occurs while reading data
* do not call dp callbacks when responder is shutting down
* nss_cmd_retpwent(): do not go into infinite loop if n < 0
Sumit Bose (3):
* Save time of last get_domains request
* Check for subdomains if getpwuid or getgrgid are the first requests
* Allow extdom exop to return flat domain name as well
Thorsten Scherf (1):
* Fixed: translation bug
Yuri Chornoivan (1):
* Fix typos