=== SSSD 1.8.6 ===
The SSSD team is proud to announce the bugfix release of the System Security Services Daemon version 1.8.6.
As always, the source is available from https://fedorahosted.org/sssd
RPM packages will be made available for Fedora shortly, this time for F-16 and F-17 (before F-17 rebases to 1.9.4)
== Feedback ==
Please provide comments, bugs and other feedback via the sssd-devel or sssd-users mailing lists: https://lists.fedorahosted.org/mailman/listinfo/sssd-devel https://lists.fedorahosted.org/mailman/listinfo/sssd-users
== Highlights == * A security bug assigned CVE-2013-0219 was fixed - TOCTOU race conditions when creating or removing home directories for users in local domain * A security bug assigned CVE-2013-0220 was fixed - out-of-bounds reads in autofs and ssh responder * Handle servers that return an empty string as the value of namingContext, in particular Novell eDirectory * The netgroup midpoint cache refresh works as documented in the manual page * The sssd_pam responder processes pending requests after reconnect
== Tickets Fixed == * https://fedorahosted.org/sssd/ticket/1542 User authentication using LDAP doesn't work * https://fedorahosted.org/sssd/ticket/1581 sssd_be crashes while looking up users * https://fedorahosted.org/sssd/ticket/1717 Limit requests coalescing in time * https://fedorahosted.org/sssd/ticket/1683 arithmetic bug in the SSSD causes netgroup midpoint refresh to be always set to 10 seconds * https://fedorahosted.org/sssd/ticket/1655 Login fails - sssd_be module polling fd indefinitely and gets killed * https://fedorahosted.org/sssd/ticket/1781 sssd: Out-of-bounds read flaws in autofs and ssh services responders * https://fedorahosted.org/sssd/ticket/1528 SSSD_NSS failure to gracefully restart after sbus failure * https://fedorahosted.org/sssd/ticket/1783 Group lookup fails and takes ~60s to return to shell if member dn is incorrect * https://fedorahosted.org/sssd/ticket/1782 TOCTOU race conditions by copying and removing directory trees
== Detailed Changelog == Jakub Hrozek (9): * Updating the version for the 1.8.6 release * Initialize Kerberos ticket renewal in the IPA provider * LDAP: Check validity of naming_context * Free the internal DP request * Do not always return PAM_SYSTEM_ERR when offline krb5 authentication fails * NSS: Fix netgroup midpoint cache refresh * TOOLS: Use openat/unlinkat when removing the homedir * TOOLS: Compile on old platforms such as RHEL5 * Include the auth_utils.h header in the distribution
Jan Cholasta (1): * Check that strings do not go beyond the end of the packet body in autofs and SSH requests.
Ondrej Kos (2): * Restart services with a delay in case they are restarted too often * TOOLS: Use file descriptor to avoid races when creating a home directory
Pavel Březina (1): * nested groups: fix group lookup hangs if member dn is incorrect
Simo Sorce (2): * responder_dp: Add timeout to side requets * sssd_pam: Cleanup requests cache on sbus reconect
Stephen Gallagher (1): * LDAP: Handle empty namingContexts values safely
Timo Aaltonen (1): * link sss_ssh_authorizedkeys and sss_ssh_knownhostsproxy with -lpthread
sssd-users@lists.fedorahosted.org