Fedora 15 Update: sssd-1.5.15-1.fc15

Tue Nov 29 00:18:33 UTC 2011

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-15485
2011-11-05 23:37:56
--------------------------------------------------------------------------------

Name        : sssd
Product     : Fedora 15
Version     : 1.5.15
Release     : 1.fc15
URL         : http://fedorahosted.org/sssd/
Summary     : System Security Services Daemon
Description :
Provides a set of daemons to manage access to remote directories and
authentication mechanisms. It provides an NSS and PAM interface toward
the system and a pluggable backend system to connect to multiple different
account sources. It is also the basis to provide client auditing and policy
services for projects like FreeIPA.

--------------------------------------------------------------------------------
Update Information:

 * Fixes a major cache performance issue introduced in 1.5.14

 * Fixes a potential infinite-loop with certain LDAP layouts
--------------------------------------------------------------------------------
ChangeLog:

* Fri Nov  4 2011 Stephen Gallagher <sgallagh at redhat.com> - 1.5.15-1
- New upstream release 1.5.15
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.15
- Fixes a major cache performance issue introduced in 1.5.14
- Fixes a potential infinite-loop with certain LDAP layouts
* Sun Oct 23 2011 Stephen Gallagher <sgallagh at redhat.com> - 1.5.14-3
- Change selinux policy requirement to Conflicts: with the old version,
  rather than Requires: the supported version.
* Fri Oct 21 2011 Stephen Gallagher <sgallagh at redhat.com> - 1.5.14-2
- Add explicit requirement on selinux-policy version to address new SBUS
  symlinks.
* Wed Oct 19 2011 Stephen Gallagher <sgallagh at redhat.com> - 1.5.14-1
- New upstream release 1.5.14
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.14
- Improved handling of users and groups with multi-valued name attributes
  (aliases)
- Performance enhancements
  * Initgroups on RFC2307bis/FreeIPA
  * HBAC rule processing
- Improved process-hang detection and restarting
- Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries)
- Cleaned up the example configuration
* Fri Sep  2 2011 Stephen Gallagher <sgallagh at redhat.com> - 1.5.13-1.2
- Rebuild with explicit dependency on libldb
* Mon Aug 29 2011 Stephen Gallagher <sgallagh at redhat.com> - 1.5.13-1.1
- Rebuild against fixed libtevent version
* Mon Aug 29 2011 Stephen Gallagher <sgallagh at redhat.com> - 1.5.13-1
- New upstream release 1.5.13
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.13
- Fixes a serious issue with LDAP connections when the communication is
  dropped (e.g. VPN disconnection, waking from sleep)
- SSSD is now less strict when dealing with users/groups with multiple names
  when a definitive primary name cannot be determined
- The LDAP provider will no longer attempt to canonicalize by default when
  using SASL. An option to re-enable this has been provided
- Fixes for non-standard LDAP attribute names (e.g. those used by Active
  Directory)
- Three HBAC regressions have been fixed
* Fri Aug  5 2011 Stephen Gallagher <sgallagh at redhat.com> - 1.5.12-1
- New upstream release 1.5.12
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.12
- Fixes a regression introduced in 1.5.11 with hostname resolution
- Fixes an issue where sssd_pam would leak file descriptors until resource
  exhaustion
- Complete rewrite of the FreeIPA Host-Based Access Control (HBAC) resolver
- New shared library for HBAC access-control
- Fixes for password expiration handling with LDAP auth
- New option to veto certain centrally-managed shells (Patch by John Hodrien)
* Tue Jul  5 2011 Stephen Gallagher <sgallagh at redhat.com> - 1.5.11-2
- New upstream release 1.5.11
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11
- Fix a serious regression that prevented SSSD from working with ldaps:// URIs
- IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6
- address being saved to the AAAA record
* Fri Jul  1 2011 Stephen Gallagher <sgallagh at redhat.com> - 1.5.10-1
- New upstream release 1.5.10
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10
- Fixed a regression introduced in 1.5.9 that could result in blocking calls
- to LDAP
* Thu Jun 30 2011 Stephen Gallagher <sgallagh at redhat.com> - 1.5.9-1
- New upstream release 1.5.9
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9
- Support for overriding home directory, shell and primary GID locally
- Properly honor TTL values from SRV record lookups
- Support non-POSIX groups in nested group chains (for RFC2307bis LDAP
- servers)
- Properly escape IPv6 addresses in the failover code
- Do not crash if inotify fails (e.g. resource exhaustion)
- Don't add multiple TGT renewal callbacks (too many log messages)
* Fri May 27 2011 Stephen Gallagher <sgallagh at redhat.com> - 1.5.8-1
- New upstream release 1.5.8
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8
- Support for the LDAP paging control
- Support for multiple DNS servers for name resolution
- Fixes for several group membership bugs
- Fixes for rare crash bugs
* Mon May 23 2011 Stephen Gallagher <sgallagh at redhat.com> - 1.5.7-3
- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d
- Make sure to properly convert to systemd if upgrading from newer
- updates for Fedora 14
* Mon May  2 2011 Stephen Gallagher <sgallagh at redhat.com> - 1.5.7-2
- Fix segfault in TGT renewal
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update sssd' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------