[Freeipa-interest] Announcing SSSD 1.5.17
Jakub Hrozek
jhrozek at redhat.com
Wed Feb 13 15:41:51 UTC 2013
=== SSSD 1.5.17 ===
The SSSD team is proud to announce the bugfix release of the System
Security Services Daemon version 1.5.17
As always, the source is available from https://fedorahosted.org/sssd
According to our current plan, this would be the last release done on
the 1.5 LTM branch upstream. When the next 1.9 release is out, it will
be proclamed LTM and the 1.5 branch would go completely EOL upstream,
with the exception of serious security issues or serious regressions
caused by this release.
== Feedback ==
Please provide comments, bugs and other feedback via the sssd-devel
or sssd-users mailing lists:
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
== Highlights ==
* A security bug assigned CVE-2013-0219 was fixed - TOCTOU race
conditions when creating or removing home directories for users in
local domain
* Monitoring and restarting child processes was made more robust
* The ipa_hbac_support_srchost option was backported, defaulting
to false.
* The limit of file descriptors a responder is allowed to open is
configurable using the fd_limit option
* Idle client connections are terminated in the responder
== Tickets fixed ==
* https://fedorahosted.org/sssd/ticket/1139
* https://fedorahosted.org/sssd/ticket/1214
* https://fedorahosted.org/sssd/ticket/1324
* https://fedorahosted.org/sssd/ticket/1226
* https://fedorahosted.org/sssd/ticket/1227
* https://fedorahosted.org/sssd/ticket/1130
* https://fedorahosted.org/sssd/ticket/1197
* https://fedorahosted.org/sssd/ticket/1078
* https://fedorahosted.org/sssd/ticket/1782
== Detailed Changelog ==
Jakub Hrozek (8):
* Rename fo_get_server_name to fo_get_server_str_name
* fo_get_server_name() getter for a server name
* Only do one cycle when resolving a server
* Detect cycle in the fail over on subsequent resolve requests only
* Try all KDCs when getting TGT for LDAP
* HBAC: create empty groups with one NULL element
* Process all groups from a single nesting level
* TOOLS: Use openat/unlinkat when removing the homedir
Jan Zeleny (1):
* Add ipa_hbac_support_srchost option to IPA provider
Ondrej Kos (7):
* Add common SIGCHLD handling for providers
* Cancel ping-check if service goes away
* MONITOR: use sigchld handler for monitoring SSSD services
* Add new debug level macros
* UTIL: Add function for atomic I/O
* TOOLS: Use file descriptor to avoid races when creating a home directory
* TOOLS: Compile on old platforms such as RHEL5
Shantanu Goel (4):
* Set return errno to the value prior to calling close().
* Log message if close() fails in destructor.
* Do not send SIGPIPE on disconnection
* Add support for terminating idle connections
Stephen Gallagher (14):
* Bumping version to 1.5.17
* Fix potential resource leak in backup_file.c
* Log fixes for sdap_call_conn_cb
* LDAP: Copy URI instead of pointing at failover service record
* IPA: Detect nsupdate support for the realm directive
* DP: Reorganize memory hierarchy of requests
* Make the client idle timeout configurable
* LDAP: Make sdap_access_send/recv public
* IPA: Check nsAccountLock during PAM_ACCT_MGMT
* Also expire connections on the privileged pipe
* RESPONDERS: Allow increasing the file-descriptor limit
* RESPONDERS: Make the fd_limit setting configurable
* Converge accept_fd_handler and accept_priv_fd_handler
* SYSDB: Make sysdb_attrs_get_el_int() public
More information about the Freeipa-interest
mailing list