=== SSSD 1.9.7 ===
The SSSD team is proud to announce the release of version 1.9.7 of the System Security Services Daemon.
Most importantly, SSSD 1.9.7 is the last planned release of the LTM sssd-1-9 branch. User of SSSD 1.9.x are advised to upgrade to SSSD 1.11.x which will become the next LTM version. Another 1.9.x tarball would only be released in case of a critical security issue or a regression caused by the patches in 1.9.7.
As always, the source is available from https://fedorahosted.org/sssd
This is a bugfix release with a minor feature enhancement -- see the changelog below for details.
== Feedback ==
Please provide comments, bugs and other feedback via the sssd-devel or sssd-users mailing lists: https://lists.fedorahosted.org/mailman/listinfo/sssd-devel https://lists.fedorahosted.org/mailman/listinfo/sssd-users
== Highlights ==
* This release is the last supported upstream release in the 1.9.x series. Users of sssd-1.9 are advised to upgrade to sssd-1.11 * A memory leak in the netgroup code of the NSS responder was fixed * Subdomains inherit min_id/max_id limits of parent domains. The user-visible effect of this bug was that adding system users or groups with shadow-utils took too long. * The default_domain_suffix is ignored in the autofs responder, making it possible to use default_domain_suffix along with autofs integration * Several fixes related to Kerberos DIR cache support were backported from later releases
== Tickets Fixed ==
https://fedorahosted.org/sssd/ticket/1936 GSSAPI working only on first login
https://fedorahosted.org/sssd/ticket/2153 If both IPA and LDAP are set up with enumeration on, two enum tasks are running
https://fedorahosted.org/sssd/ticket/2170 sssd_nss grows memory footprint when netgroups are requested
https://fedorahosted.org/sssd/ticket/2157 sssd_be segfaults if empty grop is resolved using ad_matching_rule
https://fedorahosted.org/sssd/ticket/2077 [RFE] If originalDN is not available during LDAP auth, the SSSD should look it up
https://fedorahosted.org/sssd/ticket/2051 Do not fail if initgroups returns NOT_FOUND
https://fedorahosted.org/sssd/ticket/2123 Creating system accounts on a IdM client takes up to 10 minutes when AD trust is configured in the IdM.
== Detailed Changelog ==
Aron Parsons (1): * do not use default_domain_suffix with autofs
Jakub Hrozek (7): * Bumping the version for 1.9.7 * Inherit ID limits of parent domains if set * PROXY: Handle empty GECOS * LDAP: Split out a request to search for a user w/o saving * LDAP: Search for original DN during auth if it's missing * LDAP: Initialize user count for AD matching rule * Updating translations for the 1.9.7 release
Lukas Slebodnik (6): * NSS: Fix memory leak in sss_setnetgrent * AUTOTOOLS: krb5 1.12 is also supported krb5 libs * LDAP: Setup periodic task only once. * Fix wrong detection of krb5 ccname * Every time return directory for krb5 cache collection. * Do not switch to credentials everytime.
Simo Sorce (1): * proxy: Allow initgroup to return NOTFOUND
There is a typo in the *subject*. The correct version we released is *1.9.7*
----- Original Message ----- From: "Jakub Hrozek" jhrozek@redhat.com To: sssd-devel@lists.fedorahosted.org, sssd-users@lists.fedorahosted.org, freeipa-interest@redhat.com Sent: Friday, December 5, 2014 2:10:45 PM Subject: Announcing SSSD 1.9.6 - SSSD 1.9.x goes EOL
=== SSSD 1.9.7 ===
The SSSD team is proud to announce the release of version 1.9.7 of the System Security Services Daemon.
Most importantly, SSSD 1.9.7 is the last planned release of the LTM sssd-1-9 branch. User of SSSD 1.9.x are advised to upgrade to SSSD 1.11.x which will become the next LTM version. Another 1.9.x tarball would only be released in case of a critical security issue or a regression caused by the patches in 1.9.7.
As always, the source is available from https://fedorahosted.org/sssd
This is a bugfix release with a minor feature enhancement -- see the changelog below for details.
== Feedback ==
Please provide comments, bugs and other feedback via the sssd-devel or sssd-users mailing lists: https://lists.fedorahosted.org/mailman/listinfo/sssd-devel https://lists.fedorahosted.org/mailman/listinfo/sssd-users
== Highlights ==
* This release is the last supported upstream release in the 1.9.x series. Users of sssd-1.9 are advised to upgrade to sssd-1.11 * A memory leak in the netgroup code of the NSS responder was fixed * Subdomains inherit min_id/max_id limits of parent domains. The user-visible effect of this bug was that adding system users or groups with shadow-utils took too long. * The default_domain_suffix is ignored in the autofs responder, making it possible to use default_domain_suffix along with autofs integration * Several fixes related to Kerberos DIR cache support were backported from later releases
== Tickets Fixed ==
https://fedorahosted.org/sssd/ticket/1936 GSSAPI working only on first login
https://fedorahosted.org/sssd/ticket/2153 If both IPA and LDAP are set up with enumeration on, two enum tasks are running
https://fedorahosted.org/sssd/ticket/2170 sssd_nss grows memory footprint when netgroups are requested
https://fedorahosted.org/sssd/ticket/2157 sssd_be segfaults if empty grop is resolved using ad_matching_rule
https://fedorahosted.org/sssd/ticket/2077 [RFE] If originalDN is not available during LDAP auth, the SSSD should look it up
https://fedorahosted.org/sssd/ticket/2051 Do not fail if initgroups returns NOT_FOUND
https://fedorahosted.org/sssd/ticket/2123 Creating system accounts on a IdM client takes up to 10 minutes when AD trust is configured in the IdM.
== Detailed Changelog ==
Aron Parsons (1): * do not use default_domain_suffix with autofs
Jakub Hrozek (7): * Bumping the version for 1.9.7 * Inherit ID limits of parent domains if set * PROXY: Handle empty GECOS * LDAP: Split out a request to search for a user w/o saving * LDAP: Search for original DN during auth if it's missing * LDAP: Initialize user count for AD matching rule * Updating translations for the 1.9.7 release
Lukas Slebodnik (6): * NSS: Fix memory leak in sss_setnetgrent * AUTOTOOLS: krb5 1.12 is also supported krb5 libs * LDAP: Setup periodic task only once. * Fix wrong detection of krb5 ccname * Every time return directory for krb5 cache collection. * Do not switch to credentials everytime.
Simo Sorce (1): * proxy: Allow initgroup to return NOTFOUND
Hi, Just curious, when 1.9.7 and 1.11. branch will make its way into the upstream?
Thank you.
On Fri, Dec 5, 2014 at 5:24 AM, Jakub Hrozek jhrozek@redhat.com wrote:
There is a typo in the *subject*. The correct version we released is *1.9.7*
----- Original Message ----- From: "Jakub Hrozek" jhrozek@redhat.com To: sssd-devel@lists.fedorahosted.org, sssd-users@lists.fedorahosted.org, freeipa-interest@redhat.com Sent: Friday, December 5, 2014 2:10:45 PM Subject: Announcing SSSD 1.9.6 - SSSD 1.9.x goes EOL
=== SSSD 1.9.7 ===The SSSD team is proud to announce the release of version 1.9.7 of the System Security Services Daemon.
Most importantly, SSSD 1.9.7 is the last planned release of the LTM sssd-1-9 branch. User of SSSD 1.9.x are advised to upgrade to SSSD 1.11.x which will become the next LTM version. Another 1.9.x tarball would only be released in case of a critical security issue or a regression caused by the patches in 1.9.7.
As always, the source is available from https://fedorahosted.org/sssd
This is a bugfix release with a minor feature enhancement -- see the changelog below for details.
== Feedback ==
Please provide comments, bugs and other feedback via the sssd-devel or sssd-users mailing lists: https://lists.fedorahosted.org/mailman/listinfo/sssd-devel https://lists.fedorahosted.org/mailman/listinfo/sssd-users
== Highlights ==
- This release is the last supported upstream release in the 1.9.x series. Users of sssd-1.9 are advised to upgrade to sssd-1.11
- A memory leak in the netgroup code of the NSS responder was fixed
- Subdomains inherit min_id/max_id limits of parent domains. The
user-visible effect of this bug was that adding system users or groups with shadow-utils took too long.
- The default_domain_suffix is ignored in the autofs responder, making it possible to use default_domain_suffix along with autofs integration
- Several fixes related to Kerberos DIR cache support were backported from later releases
== Tickets Fixed ==
https://fedorahosted.org/sssd/ticket/1936 GSSAPI working only on first login
https://fedorahosted.org/sssd/ticket/2153 If both IPA and LDAP are set up with enumeration on, two enum tasks are running
https://fedorahosted.org/sssd/ticket/2170 sssd_nss grows memory footprint when netgroups are requested
https://fedorahosted.org/sssd/ticket/2157 sssd_be segfaults if empty grop is resolved using ad_matching_rule
https://fedorahosted.org/sssd/ticket/2077 [RFE] If originalDN is not available during LDAP auth, the SSSD should look it up
https://fedorahosted.org/sssd/ticket/2051 Do not fail if initgroups returns NOT_FOUND
https://fedorahosted.org/sssd/ticket/2123 Creating system accounts on a IdM client takes up to 10 minutes when AD trust is configured in the IdM.
== Detailed Changelog ==
Aron Parsons (1): * do not use default_domain_suffix with autofs
Jakub Hrozek (7): * Bumping the version for 1.9.7 * Inherit ID limits of parent domains if set * PROXY: Handle empty GECOS * LDAP: Split out a request to search for a user w/o saving * LDAP: Search for original DN during auth if it's missing * LDAP: Initialize user count for AD matching rule * Updating translations for the 1.9.7 release
Lukas Slebodnik (6): * NSS: Fix memory leak in sss_setnetgrent * AUTOTOOLS: krb5 1.12 is also supported krb5 libs * LDAP: Setup periodic task only once. * Fix wrong detection of krb5 ccname * Every time return directory for krb5 cache collection. * Do not switch to credentials everytime.
Simo Sorce (1): * proxy: Allow initgroup to return NOTFOUND _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
On (09/12/14 14:53), Daniel Jung wrote:
Hi, Just curious, when 1.9.7 and 1.11. branch will make its way into the upstream?
What do you mean by upstream? sssd - 1.9.7 is tagged in git
sh$ git tag | grep sssd-1_9_7 sssd-1_9_7
And tarball is on upstream page https://fedorahosted.org/sssd/
LS
Sorry my bad, I meant to ask if there will be backport/version update to 1.9.7 from 1.9.2 in redhat. -
On Tue, Dec 9, 2014 at 3:00 PM, Lukas Slebodnik lslebodn@redhat.com wrote:
On (09/12/14 14:53), Daniel Jung wrote:
Hi, Just curious, when 1.9.7 and 1.11. branch will make its way into the upstream?
What do you mean by upstream? sssd - 1.9.7 is tagged in git
sh$ git tag | grep sssd-1_9_7 sssd-1_9_7
And tarball is on upstream page https://fedorahosted.org/sssd/
LS _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
On 12/09/2014 08:21 PM, Daniel Jung wrote:
Sorry my bad, I meant to ask if there will be backport/version update to 1.9.7 from 1.9.2 in redhat. -
You mean into RHEL 6.x? AFAIK there is already 1.11 in 6.6 Am I wrong?
On Tue, Dec 9, 2014 at 3:00 PM, Lukas Slebodnik <lslebodn@redhat.com mailto:lslebodn@redhat.com> wrote:
On (09/12/14 14:53), Daniel Jung wrote: >Hi, >Just curious, when 1.9.7 and 1.11. branch will make its way into the >upstream? What do you mean by upstream? sssd - 1.9.7 is tagged in git sh$ git tag | grep sssd-1_9_7 sssd-1_9_7 And tarball is on upstream page https://fedorahosted.org/sssd/ LS _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org <mailto:sssd-users@lists.fedorahosted.org> https://lists.fedorahosted.org/mailman/listinfo/sssd-users
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
you are correct. it is in for 6.6. thanks. On Dec 9, 2014 6:29 PM, "Dmitri Pal" dpal@redhat.com wrote:
On 12/09/2014 08:21 PM, Daniel Jung wrote:
Sorry my bad, I meant to ask if there will be backport/version update to 1.9.7 from 1.9.2 in redhat. -
You mean into RHEL 6.x? AFAIK there is already 1.11 in 6.6 Am I wrong?
On Tue, Dec 9, 2014 at 3:00 PM, Lukas Slebodnik lslebodn@redhat.com wrote:
On (09/12/14 14:53), Daniel Jung wrote:
Hi, Just curious, when 1.9.7 and 1.11. branch will make its way into the upstream?
What do you mean by upstream? sssd - 1.9.7 is tagged in git
sh$ git tag | grep sssd-1_9_7 sssd-1_9_7
And tarball is on upstream page https://fedorahosted.org/sssd/
LS _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
sssd-users mailing listsssd-users@lists.fedorahosted.orghttps://lists.fedorahosted.org/mailman/listinfo/sssd-users
-- Thank you, Dmitri Pal
Sr. Engineering Manager IdM portfolio Red Hat, Inc.
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
On Tue, Dec 09, 2014 at 06:55:20PM -0800, Daniel Jung wrote:
you are correct. it is in for 6.6. thanks.
The fact that RHEL rebased was a contributing factor in us marking the 1.9 branch as EOL.
As a side note -- release numbers in RHEL often bear little resemblance to what the code really is. You need to also take into account all the patches applied on top of the tarball. At the end of 6.5 lifetime the release number of SSSD was -129.6 and there were 294 patches applied on top of the patch.
This has to do more with how RHEL is released from the procedural side rather than technical -- at one point, the tarballs are 'frozen' and only patches can be applied so the changes in code can be controlled better.
On Dec 9, 2014 6:29 PM, "Dmitri Pal" dpal@redhat.com wrote:
On 12/09/2014 08:21 PM, Daniel Jung wrote:
Sorry my bad, I meant to ask if there will be backport/version update to 1.9.7 from 1.9.2 in redhat. -
You mean into RHEL 6.x? AFAIK there is already 1.11 in 6.6 Am I wrong?
On Tue, Dec 9, 2014 at 3:00 PM, Lukas Slebodnik lslebodn@redhat.com wrote:
On (09/12/14 14:53), Daniel Jung wrote:
Hi, Just curious, when 1.9.7 and 1.11. branch will make its way into the upstream?
What do you mean by upstream? sssd - 1.9.7 is tagged in git
sh$ git tag | grep sssd-1_9_7 sssd-1_9_7
And tarball is on upstream page https://fedorahosted.org/sssd/
LS _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
sssd-users mailing listsssd-users@lists.fedorahosted.orghttps://lists.fedorahosted.org/mailman/listinfo/sssd-users
-- Thank you, Dmitri Pal
Sr. Engineering Manager IdM portfolio Red Hat, Inc.
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
sssd-users@lists.fedorahosted.org
-
Daniel Jung -
Dmitri Pal -
Jakub Hrozek -
Lukas Slebodnik