sssd/sssd.changes

262 lines
9.9 KiB
Plaintext
Raw Normal View History

-------------------------------------------------------------------
Tue Aug 2 08:46:53 UTC 2011 - rhafer@suse.de
- Fixed typos in configure args
- Cherry-picked password policy fixes from 1.5 branch (bnc#705768)
- switched to fd-leak fix cherry-picked from 1.5 branch
- Add /usr/sbin to the search path to make configure find nscd
(bnc#709747)
-------------------------------------------------------------------
Fri Jul 29 10:39:51 UTC 2011 - jengelh@medozas.de
- Add patches to fix an fd leak in sssd_pam
-------------------------------------------------------------------
Thu Jul 28 10:03:32 UTC 2011 - jengelh@medozas.de
- Update to new upstream release 1.5.11
* Support for overriding home directory, shell and primary GID
locally
* Properly honor TTL values from SRV record lookups
* Support non-POSIX groups in nested group chains (for RFC2307bis
LDAP servers)
* Properly escape IPv6 addresses in the failover code
* Do not crash if inotify fails (e.g. resource exhaustion)
- Remove redundant %clean section; delete .la files more
efficiently
-------------------------------------------------------------------
Tue Jun 7 08:59:04 UTC 2011 - rhafer@suse.de
- Update to 1.5.8:
* Support for the LDAP paging control
* Support for multiple DNS servers for name resolution
* Fixes for several group membership bugs
* Fixes for rare crash bugs
-------------------------------------------------------------------
Wed May 4 09:22:20 UTC 2011 - rhafer@suse.de
- Update to 1.5.7
* A flaw was found in the handling of cached passwords when
kerberos renewal tickets is enabled. Due to a bug, the cached
password was overwritten with a (moderately) predictable
filename, which could allow a user to authenticate as someone
else if they knew the name of the cache file (bnc#691135,
CVE-2011-1758)
- Changes in 1.5.6:
* Fixed a serious memory leak in the memberOf plugin
* Fixed a regression with the negative cache that caused it to be
essentially nonfunctional
* Fixed an issue where the user's full name would sometimes be
removed from the cache
* Fixed an issue with password changes in the kerberos provider
not working with kpasswd
-------------------------------------------------------------------
Thu Apr 14 11:31:38 UTC 2011 - rhafer@suse.de
- Update to 1.5.5
* Fixes for several crash bugs
* LDAP group lookups will no longer abort if there is a
zero-length member attribute
* Add automatic fallback to 'cn' if the 'gecos' attribute does not
exist
-------------------------------------------------------------------
Wed Mar 30 09:47:23 UTC 2011 - rhafer@suse.de
- Should build in SLE-11-SP1 now
-------------------------------------------------------------------
Tue Mar 29 13:23:57 UTC 2011 - rhafer@suse.de
- Updated to 1.5.4
* Fixes for Active Directory when not all users and groups have
POSIX attributes
* Fixes for handling users and groups that have name aliases
(aliases are ignored)
* Fix group memberships after initgroups in the IPA provider
-------------------------------------------------------------------
Thu Mar 24 15:42:02 UTC 2011 - rhafer@suse.de
- Updated to 1.5.3
* Support for libldb >= 1.0.0
* Proper detection of manpage translations
* Changes between 1.5.1 and 1.5.2
* Fixes for support of FreeIPA v2
* Fixes for failover if DNS entries change
* Improved sss_obfuscate tool with better interactive mode
* Fix several crash bugs
* Don't attempt to use START_TLS over SSL. Some LDAP servers
can't handle this
* Delete users from the local cache if initgroups calls return
'no such user' (previously only worked for getpwnam/getpwuid)
* Use new Transifex.net translations
* Better support for automatic TGT renewal (now survives
restart)
* Netgroup fixes
-------------------------------------------------------------------
Tue Mar 8 13:22:58 UTC 2011 - rhafer@suse.de
- Updated to 1.5.1
* Vast performance improvements when enumerate = true
* All PAM actions will now perform a forced initgroups lookup
instead of just a user information lookup This guarantees that
all group information is available to other providers, such as
the simple provider.
* For backwards-compatibility, DNS lookups will also fall back to
trying the SSSD domain name as a DNS discovery domain.
* Support for more password expiration policies in LDAP
- 389 Directory Server
- FreeIPA
- ActiveDirectory
* Support for ldap_tls_{cert,key,cipher_suite} config options
* Assorted bugfixes
-------------------------------------------------------------------
Wed Jan 19 09:32:35 UTC 2011 - rhafer@suse.de
- /var/lib/sss/pubconf was missing (bnc#665442)
-------------------------------------------------------------------
Tue Jan 18 09:08:35 UTC 2011 - rhafer@suse.de
- It was possible to make sssd hang forever inside a loop in the
PAM responder by sending a carefully crafted packet to sssd.
This could be exploited by a local attacker to crash sssd and
prevent other legitimate users from logging into the system.
(bnc#660481, CVE-2010-4341)
-------------------------------------------------------------------
Sun Dec 19 13:37:32 UTC 2010 - aj@suse.de
- Own /etc/systemd directories to fix build.
-------------------------------------------------------------------
Thu Nov 25 16:30:40 UTC 2010 - rhafer@novell.com
- install systemd service file
-------------------------------------------------------------------
Tue Nov 16 11:06:02 UTC 2010 - rhafer@novell.com
- Updated to 1.4.1
* Add support for netgroups to the LDAP and proxy providers
* Fixes a minor bug with UIDs/GIDs >= 2^31
* Fixes a segfault in the kerberos provider
* Fixes a segfault in the NSS responder if a data provider crashes
* Correctly use sdap_netgroup_search_base
* the utility libraries libpath_utils1, libpath_utils-devel,
libref_array1 and libref_array-devel moved to their own
separate upstream project (ding-libs)
* Performance improvements made to group processing of RFC2307
LDAP servers
* Fixed nested group issues with RFC2307bis LDAP servers without
a memberOf plugin
* Manpage reviewed and updated
-------------------------------------------------------------------
Mon Sep 13 12:23:47 UTC 2010 - coolo@novell.com
- remove hard coded python version
-------------------------------------------------------------------
Fri Sep 3 13:17:48 UTC 2010 - rhafer@novell.com
- No dependencies on %{release}
-------------------------------------------------------------------
Mon Aug 30 12:57:47 UTC 2010 - rhafer@novell.com
- Updated to 1.3.1
* Fixes to the HBAC backend for obsolete or removed HBAC entries
* Improvements to log messages around TLS and GSSAPI for LDAP
* Support for building in environments using --as-needed LDFLAGS
* Vast performance improvement for initgroups on RFC2307 LDAP servers
* Long-running SSSD clients (e.g. GDM) will now reconnect properly to the
daemon if SSSD is restarted
* Rewrote the internal LDB cache API. As a synchronous API it is now faster
to access and easier to work with
* Eugene Indenbom contributed a sizeable amount of code to the LDAP provider
- We now handle failover situations much more reliably than we did
previously
- We also will now monitor the GSSAPI kerberos ticket and automatically
renew it when appropriate, instead of waiting for a connection to fail
* Support for netlink now allows us to more quickly detect situations
where we may have come online
* New option "dns_discovery_domain" allows better configuration for
using SRV records for failover
- New subpackages: libpath_utils1, libpath_utils-devel, libref_array1
and libref_array-devel
-------------------------------------------------------------------
Wed Mar 31 14:02:43 UTC 2010 - rhafer@novell.com
- Package pam- and nss-Modules as baselibs
- cleaned up file list and dependencies
- fixed init script dependencies
-------------------------------------------------------------------
Wed Mar 31 07:57:25 UTC 2010 - rhafer@novell.com
- Updated to 1.1.0
* Support for IPv6
* Support for LDAP referrals
* Offline failed login counter
* Fix for the long-standing cache cleanup performance issues
* libini_config, libcollection, libdhash, libref_array and
libpath_utils are now built as shared libraries for general
consumption (libref_array and libpath_utils are currently not
packaged, as no component in sssd links against them)
* Users get feedback from PAM if they authenticated offline
* Native local backend now has a utility to show nested memberships
(sss_groupshow)
* New "simple" access provider for easy restriction of users
- Backported libcrypto support from master to avoid Mozilla NSS
dependency
- Backported password policy improvments for LDAP provider from
master
-------------------------------------------------------------------
Mon Mar 8 14:06:29 UTC 2010 - rhafer@novell.com
- use logfiles for debug messages by default
-------------------------------------------------------------------
Fri Mar 5 12:57:25 UTC 2010 - rhafer@novell.com
- subpackages for commandline tools, ipa-provider plugin and
python API
-------------------------------------------------------------------
Fri Feb 26 14:48:50 UTC 2010 - rhafer@novell.com
- Updated to 1.0.5. Highlights:
* Removed some dead code (libreplace
* Clarify licenses throughout the code
-------------------------------------------------------------------
Thu Feb 4 17:04:01 UTC 2010 - rhafer@novell.com
- Updated to 1.0.4
-------------------------------------------------------------------
Thu Oct 8 15:10:47 UTC 2009 - rhafer@novell.com
- Update to 0.6.0
-------------------------------------------------------------------
Fri Sep 4 08:59:21 UTC 2009 - rhafer@novell.com
- fix LDAP filter for initgroups() with rfc2307bis setups
-------------------------------------------------------------------
Tue Sep 1 08:58:37 UTC 2009 - rhafer@novell.com
- initial package submission