The SSSD team is proud to announce the bugfix release of the System
Security Services Daemon version 1.8.2.
As usual, the source can be downloaded at
https://fedorahosted.org/sssd
== Highlights ==
* Several fixes to case-insensitive domain functions
* Fix for GSSAPI binds when the keytab contains unrelated
principals
* Fixed several segfaults
* Workarounds added for LDAP servers with unreadable RootDSE
* SSH knownhostproxy will no longer enter an infinite loop
preventing login
* The provided SYSV init script now starts SSSD earlier at startup
and stops it later during shutdown
* Assorted minor fixes for issues discovered by static analysis
tools
== Tickets fixed ==
https://fedorahosted.org/sssd/ticket/1237
only free if sure data has been allocated
https://fedorahosted.org/sssd/ticket/1245
"Error looking up public keys" while ssh to replica using IP
address.
https://fedorahosted.org/sssd/ticket/1251
SSSD memory usage continuously growing
https://fedorahosted.org/sssd/ticket/1253
Service lookup shows case sensitive names twice with
case_sensitive=false
https://fedorahosted.org/sssd/ticket/1257
Unable to bind to IPA server when minssf set
https://fedorahosted.org/sssd/ticket/1259
Initial service lookups having name with uppercase alphabets
doesn't work.
https://fedorahosted.org/sssd/ticket/1260
RFE: support case-insensitive service lookups by port including
protocols
https://fedorahosted.org/sssd/ticket/1268
sss_ssh_knownhostproxy infinite loop hangs SSH login
https://fedorahosted.org/sssd/ticket/1269
sssd: Uses the wrong key for GSSAPI when there a multiple realms
in a single keytab.
https://fedorahosted.org/sssd/ticket/1270
sssd_nss crashes on request when no back end is running
https://fedorahosted.org/sssd/ticket/1272
Unable to lookup user, group, netgroup aliases with
case_sensitive=false.
https://fedorahosted.org/sssd/ticket/1273
SSSD should start before NFS processes
https://fedorahosted.org/sssd/ticket/1274
Wrong resolv_status might cause crash when name resolution times
out
https://fedorahosted.org/sssd/ticket/1282
Wrong attribute counter causing crash during IPA service lookups
https://fedorahosted.org/sssd/ticket/1283
accessing an undefined variable in list_missing_attrs might
crash SSSD
https://fedorahosted.org/sssd/ticket/1288
Invalid keytab path logged when using the default keytab
https://fedorahosted.org/sssd/ticket/1293
Building manpages in a parallel build dir is broken
== Detailed Changelog ==
Jakub Hrozek (17):
* Fix uninitialized variable
* Free entry found in negative cache
* Make the string_equal() function public
* Save alias of the primary name, too
* NSS: Look for services with correct case when cache is updated
* AUTOFS: fix copy-and-paste bug in the autofs client
* LDAP services: Keep the protocol around
* Silence Coverity warning in the autofs test tool
* Return correct resolv_status on resolver timeout
* Add sss_get_cased_name_list utility function
* LDAP services: Save lowercased protocol names in
case-insensitive domains
* Proxy services: Save lowercased protocol names and aliases in
case-insensitive domains
* Fix off-by-one error in principal selection
* Catch cases where D-Bus connection is NULL
* Fix regression in SSSDConfig.py
* Use the correct options counter
* netlink integration: ensure that interface name is
NULL-terminated
Jan Cholasta (3):
* SSH: Allow clients to explicitly specify host alias
* SSH: Canonicalize host name and do reverse DNS lookup in
sss_ssh_knownhostsproxy
* SSH: Fix infinite loop in sss_ssh_knownhostsproxy
Stephen Gallagher (10):
* Bumping version to 1.8.2
* IPA: Allow service lookups
* SYSDB: Save only lowercased aliases in case-insensitive domains
* LDAP: Errors retrieving the RootDSE should not be fatal
* Start SSSD earlier and stop it later
* LDAP: Add better error logging when ldap_result() fails
* LDAP: Fix memory leaks in synchronous_tls_setup
* Fix building manpages in parallel build dirs
* Clean up log messages about keytab_name
* Updating translation files for 1.8.2 release
Sumit Bose (1):
* Always initialize the returned data in sss_krb5_princ_realm()
Valid signature (Stephen Gallagher <sgallagh(a)redhat.com>)