The SSSD team is proud to announce the bugfix release of the System
Security Services Daemon version 1.8.4.
As usual, the source can be downloaded from
https://fedorahosted.org/sssd/
== Highlights ==
Fix a bug causing AD servers not to fail over properly when the KDC
on the primary server is down
Fix an endianness bug on big-endian systems when looking up services
Fix a segfault dealing with nested groups
Make the nowait cache updates work for netgroups
Fix a regression that broke domains with
use_fully_qualified_names = True
== Tickets Fixed ==
https://fedorahosted.org/sssd/ticket/1206
RHEL5 detection in sssd.spec.in does not work
https://fedorahosted.org/sssd/ticket/1321
Warning in debug log about nscd
https://fedorahosted.org/sssd/ticket/1322
Special-case LDAP_SIZELIMIT_EXCEEDED when handling ldap return codes
https://fedorahosted.org/sssd/ticket/1324
LDAP provider needs to use all available servers for GSSAPI if the
child times out
https://fedorahosted.org/sssd/ticket/1325
heimdal: configure: Kerberos locator plugin cannot be build
https://fedorahosted.org/sssd/ticket/1329
Group enumeration fails in proxy provider
https://fedorahosted.org/sssd/ticket/1333
Potential NULL dereference in proxy provider
https://fedorahosted.org/sssd/ticket/1335
sss_groupadd no longer detects duplicate GID numbers
https://fedorahosted.org/sssd/ticket/1338
sssd does not provide maps for automounter when custom schema is
being used
https://fedorahosted.org/sssd/ticket/1340
SSSD netgroups do not honor entry_cache_nowait_percentage
https://fedorahosted.org/sssd/ticket/1343
sssd_be crashed with SIGSEGV in _tevent_schedule_immediate()
https://fedorahosted.org/sssd/ticket/1344
Loading of selinux user maps broken
https://fedorahosted.org/sssd/ticket/1348
Service lookups by port number doesn't work on s390x/ppc64 arches
== Detailed Changelog ==
Ariel Barria (2):
Potential NULL dereference in proxy provider
Warn to syslog when dereference requests fail
Jakub Hrozek (11):
Special-case LDAP_SIZELIMIT_EXCEEDED
Kerberos locator: Include the correct krb5.h header file
krb5 locator: Do not leak addrinfo
Try all KDCs when getting TGT for LDAP
Send the correct enumeration request
SYSDB: Handle user and group renames better
Use the sysdb attribute name, not LDAP attribute name
LDAP nested groups: Do not process callback with _post deep in the
nested structure
Use sized_string correctly in FQDN domains
Send 16bit protocol numbers from the sss_client
Revert the client packet length, too, after reverting the packet
protocol
Jan Engelhardt (1):
build: resolve link failure
Jan Zeleny (1):
Fixed issue in SELinux user maps
Stef Walter (3):
Limit krb5_get_init_creds_keytab() to etypes in keytab
If canon'ing principals, write ccache with updated default principal
Remove erroneous failure message in find_principal_in_keytab
Stephen Gallagher (7):
Bump version to 1.8.4
murmurhash: Relax inline requirement
RPM: Allow running 'make rpms' on RHEL 5 machines
NSS: Expire in-memory netgroup cache before the nowait timeout
KRB5: Avoid NULL-dereference with empty keytab
NSS: Restore original protocol for getservbyport
Updating translations for 1.8.4 release