From 12009674a95e1dce1dc0c3e3f1fbf4d0a98edfa65da6a9b319aa33780024d547 Mon Sep 17 00:00:00 2001 From: Peter Varkoly Date: Wed, 20 Jun 2018 08:48:06 +0000 Subject: [PATCH] =?UTF-8?q?-=20Update=20to=20new=20minor=20upstream=20rele?= =?UTF-8?q?ase=201.16.2=20New=20Features:=20=20=20*=20The=20smart=20card?= =?UTF-8?q?=20authentication,=20or=20in=20more=20general=20certificate=20?= =?UTF-8?q?=20=20=20=20authentication=20code=20now=20supports=20OpenSSL=20?= =?UTF-8?q?in=20addition=20to=20previously=20=20=20=20=20supported=20NSS?= =?UTF-8?q?=20(#3489).=20In=20addition,=20the=20SSH=20responder=20can=20no?= =?UTF-8?q?w=20=20=20=20=20return=20public=20SSH=20keys=20derived=20from?= =?UTF-8?q?=20the=20public=20keys=20stored=20in=20a=20=20=20=20=20X.509=20?= =?UTF-8?q?certificate.=20Please=20refer=20to=20the=20ssh=5Fuse=5Fcertific?= =?UTF-8?q?ate=5Fkeys=20=20=20=20=20option=20in=20the=20man=20pages.=20=20?= =?UTF-8?q?=20*=20The=20files=20provider=20now=20supports=20mirroring=20mu?= =?UTF-8?q?ltiple=20passwd=20or=20=20=20=20=20group=20files.=20This=20enha?= =?UTF-8?q?ncement=20can=20be=20used=20to=20use=20the=20SSSD=20files=20=20?= =?UTF-8?q?=20=20=20provider=20instead=20of=20the=20nss=5Faltfiles=20modul?= =?UTF-8?q?e=20Bugfixes:=20=20=20*=20A=20memory=20handling=20issue=20in=20?= =?UTF-8?q?the=20nss=5Fex=20interface=20was=20fixed.=20This=20=20=20=20=20?= =?UTF-8?q?bug=20would=20manifest=20in=20IPA=20environments=20with=20a=20t?= =?UTF-8?q?rusted=20AD=20domain=20=20=20=20=20as=20a=20crash=20of=20the=20?= =?UTF-8?q?ns-slapd=20process,=20because=20a=20ns-slapd=20plugin=20=20=20?= =?UTF-8?q?=20=20loads=20the=20nss=5Fex=20interface=20(#3715)=20=20=20*=20?= =?UTF-8?q?Several=20fixes=20for=20the=20KCM=20deamon=20were=20merged=20(s?= =?UTF-8?q?ee=20#3687,=20#3671,=20#3633)=20=20=20*=20The=20ad=5Fsite=20ove?= =?UTF-8?q?rride=20is=20now=20honored=20in=20GPO=20code=20as=20well=20(#36?= =?UTF-8?q?46)=20=20=20*=20Several=20potential=20crashes=20in=20the=20NSS?= =?UTF-8?q?=20responder=E2=80=99s=20netgroup=20code=20=20=20=20=20were=20f?= =?UTF-8?q?ixed=20(#3679,=20#3731)=20=20=20*=20A=20potential=20crash=20in?= =?UTF-8?q?=20the=20autofs=20responder=E2=80=99s=20code=20was=20fixed=20(#?= =?UTF-8?q?3752)=20=20=20*=20The=20LDAP=20provider=20now=20supports=20grou?= =?UTF-8?q?p=20renaming=20(#2653)=20=20=20*=20The=20GPO=20access=20control?= =?UTF-8?q?=20code=20no=20longer=20returns=20an=20error=20if=20one=20=20?= =?UTF-8?q?=20=20=20of=20the=20relevant=20GPO=20rules=20contained=20no=20S?= =?UTF-8?q?IDs=20at=20all=20(#3680)=20=20=20*=20A=20memory=20leak=20in=20t?= =?UTF-8?q?he=20IPA=20provider=20related=20to=20resolving=20external=20=20?= =?UTF-8?q?=20=20=20AD=20groups=20was=20fixed=20(#3719)=20=20=20*=20Setups?= =?UTF-8?q?=20that=20used=20multiple=20domains=20where=20one=20of=20the=20?= =?UTF-8?q?domains=20had=20=20=20=20=20its=20ID=20space=20limited=20using?= =?UTF-8?q?=20the=20min=5Fid/max=5Fid=20options=20did=20not=20=20=20=20=20?= =?UTF-8?q?resolve=20requests=20by=20ID=20properly=20(#3728)=20=20=20*=20O?= =?UTF-8?q?verriding=20IDs=20or=20names=20did=20not=20work=20correctly=20w?= =?UTF-8?q?hen=20the=20domain?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=197 --- sssd.changes | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/sssd.changes b/sssd.changes index 35bf822..5432c56 100644 --- a/sssd.changes +++ b/sssd.changes @@ -1,3 +1,52 @@ +------------------------------------------------------------------- +Wed Jun 20 08:38:53 UTC 2018 - varkoly@suse.com + +- Update to new minor upstream release 1.16.2 +New Features: + * The smart card authentication, or in more general certificate + authentication code now supports OpenSSL in addition to previously + supported NSS (#3489). In addition, the SSH responder can now + return public SSH keys derived from the public keys stored in a + X.509 certificate. Please refer to the ssh_use_certificate_keys + option in the man pages. + * The files provider now supports mirroring multiple passwd or + group files. This enhancement can be used to use the SSSD files + provider instead of the nss_altfiles module +Bugfixes: + * A memory handling issue in the nss_ex interface was fixed. This + bug would manifest in IPA environments with a trusted AD domain + as a crash of the ns-slapd process, because a ns-slapd plugin + loads the nss_ex interface (#3715) + * Several fixes for the KCM deamon were merged (see #3687, #3671, #3633) + * The ad_site override is now honored in GPO code as well (#3646) + * Several potential crashes in the NSS responder’s netgroup code + were fixed (#3679, #3731) + * A potential crash in the autofs responder’s code was fixed (#3752) + * The LDAP provider now supports group renaming (#2653) + * The GPO access control code no longer returns an error if one + of the relevant GPO rules contained no SIDs at all (#3680) + * A memory leak in the IPA provider related to resolving external + AD groups was fixed (#3719) + * Setups that used multiple domains where one of the domains had + its ID space limited using the min_id/max_id options did not + resolve requests by ID properly (#3728) + * Overriding IDs or names did not work correctly when the domain + resolution order was set as well (#3595) + * A version mismatch between certain newer Samba versions (e.g. + those shipped in RHEL-7.5) and the Winbind interface provided + by SSSD was fixed. To further prevent issues like this in the + future, the correct interface is now detected at build time (#3741) + * The files provider no longer returns a qualified name in case + domain resolution order is used (#3743) + * A race condition between evaluating IPA group memberships and + AD group memberships in setups with IPA-AD trusts that would + have manifested as randomly losing IPA group memberships assigned + to an AD user was fixed (#3744) + * Setting an SELinux login label was broken in setups where the + domain resolution order was used (#3740) + * SSSD start up issue on systems that use the libldb library + with version 1.4.0 or newer was fixed. + ------------------------------------------------------------------- Fri Apr 27 14:43:58 UTC 2018 - ckowalczyk@suse.com