- Update to new minor upstream release 1.16.2

New Features:
  * The smart card authentication, or in more general certificate
    authentication code now supports OpenSSL in addition to previously
    supported NSS (#3489). In addition, the SSH responder can now
    return public SSH keys derived from the public keys stored in a
    X.509 certificate. Please refer to the ssh_use_certificate_keys
    option in the man pages.
  * The files provider now supports mirroring multiple passwd or
    group files. This enhancement can be used to use the SSSD files
    provider instead of the nss_altfiles module
Bugfixes:
  * A memory handling issue in the nss_ex interface was fixed. This
    bug would manifest in IPA environments with a trusted AD domain
    as a crash of the ns-slapd process, because a ns-slapd plugin
    loads the nss_ex interface (#3715)
  * Several fixes for the KCM deamon were merged (see #3687, #3671, #3633)
  * The ad_site override is now honored in GPO code as well (#3646)
  * Several potential crashes in the NSS responder’s netgroup code
    were fixed (#3679, #3731)
  * A potential crash in the autofs responder’s code was fixed (#3752)
  * The LDAP provider now supports group renaming (#2653)
  * The GPO access control code no longer returns an error if one
    of the relevant GPO rules contained no SIDs at all (#3680)
  * A memory leak in the IPA provider related to resolving external
    AD groups was fixed (#3719)
  * Setups that used multiple domains where one of the domains had
    its ID space limited using the min_id/max_id options did not
    resolve requests by ID properly (#3728)
  * Overriding IDs or names did not work correctly when the domain

OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=197
This commit is contained in:
Peter Varkoly 2018-06-20 08:48:06 +00:00 committed by Git OBS Bridge
parent 98844f4892
commit 12009674a9

View File

@ -1,3 +1,52 @@
-------------------------------------------------------------------
Wed Jun 20 08:38:53 UTC 2018 - varkoly@suse.com
- Update to new minor upstream release 1.16.2
New Features:
* The smart card authentication, or in more general certificate
authentication code now supports OpenSSL in addition to previously
supported NSS (#3489). In addition, the SSH responder can now
return public SSH keys derived from the public keys stored in a
X.509 certificate. Please refer to the ssh_use_certificate_keys
option in the man pages.
* The files provider now supports mirroring multiple passwd or
group files. This enhancement can be used to use the SSSD files
provider instead of the nss_altfiles module
Bugfixes:
* A memory handling issue in the nss_ex interface was fixed. This
bug would manifest in IPA environments with a trusted AD domain
as a crash of the ns-slapd process, because a ns-slapd plugin
loads the nss_ex interface (#3715)
* Several fixes for the KCM deamon were merged (see #3687, #3671, #3633)
* The ad_site override is now honored in GPO code as well (#3646)
* Several potential crashes in the NSS responders netgroup code
were fixed (#3679, #3731)
* A potential crash in the autofs responders code was fixed (#3752)
* The LDAP provider now supports group renaming (#2653)
* The GPO access control code no longer returns an error if one
of the relevant GPO rules contained no SIDs at all (#3680)
* A memory leak in the IPA provider related to resolving external
AD groups was fixed (#3719)
* Setups that used multiple domains where one of the domains had
its ID space limited using the min_id/max_id options did not
resolve requests by ID properly (#3728)
* Overriding IDs or names did not work correctly when the domain
resolution order was set as well (#3595)
* A version mismatch between certain newer Samba versions (e.g.
those shipped in RHEL-7.5) and the Winbind interface provided
by SSSD was fixed. To further prevent issues like this in the
future, the correct interface is now detected at build time (#3741)
* The files provider no longer returns a qualified name in case
domain resolution order is used (#3743)
* A race condition between evaluating IPA group memberships and
AD group memberships in setups with IPA-AD trusts that would
have manifested as randomly losing IPA group memberships assigned
to an AD user was fixed (#3744)
* Setting an SELinux login label was broken in setups where the
domain resolution order was used (#3740)
* SSSD start up issue on systems that use the libldb library
with version 1.4.0 or newer was fixed.
-------------------------------------------------------------------
Fri Apr 27 14:43:58 UTC 2018 - ckowalczyk@suse.com