6d19541da0
Update to 1.5.7 (bnc#691135) (forwarded request 69546 from rhafer) OBS-URL: https://build.opensuse.org/request/show/69547 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sssd?expand=0&rev=25
225 lines
8.5 KiB
Plaintext
225 lines
8.5 KiB
Plaintext
-------------------------------------------------------------------
|
|
Wed May 4 09:22:20 UTC 2011 - rhafer@suse.de
|
|
|
|
- Update to 1.5.7
|
|
* A flaw was found in the handling of cached passwords when
|
|
kerberos renewal tickets is enabled. Due to a bug, the cached
|
|
password was overwritten with a (moderately) predictable
|
|
filename, which could allow a user to authenticate as someone
|
|
else if they knew the name of the cache file (bnc#691135,
|
|
CVE-2011-1758)
|
|
- Changes in 1.5.6:
|
|
* Fixed a serious memory leak in the memberOf plugin
|
|
* Fixed a regression with the negative cache that caused it to be
|
|
essentially nonfunctional
|
|
* Fixed an issue where the user's full name would sometimes be
|
|
removed from the cache
|
|
* Fixed an issue with password changes in the kerberos provider
|
|
not working with kpasswd
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Apr 14 11:31:38 UTC 2011 - rhafer@suse.de
|
|
|
|
- Update to 1.5.5
|
|
* Fixes for several crash bugs
|
|
* LDAP group lookups will no longer abort if there is a
|
|
zero-length member attribute
|
|
* Add automatic fallback to 'cn' if the 'gecos' attribute does not
|
|
exist
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Mar 30 09:47:23 UTC 2011 - rhafer@suse.de
|
|
|
|
- Should build in SLE-11-SP1 now
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 29 13:23:57 UTC 2011 - rhafer@suse.de
|
|
|
|
- Updated to 1.5.4
|
|
* Fixes for Active Directory when not all users and groups have
|
|
POSIX attributes
|
|
* Fixes for handling users and groups that have name aliases
|
|
(aliases are ignored)
|
|
* Fix group memberships after initgroups in the IPA provider
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 24 15:42:02 UTC 2011 - rhafer@suse.de
|
|
|
|
- Updated to 1.5.3
|
|
* Support for libldb >= 1.0.0
|
|
* Proper detection of manpage translations
|
|
* Changes between 1.5.1 and 1.5.2
|
|
* Fixes for support of FreeIPA v2
|
|
* Fixes for failover if DNS entries change
|
|
* Improved sss_obfuscate tool with better interactive mode
|
|
* Fix several crash bugs
|
|
* Don't attempt to use START_TLS over SSL. Some LDAP servers
|
|
can't handle this
|
|
* Delete users from the local cache if initgroups calls return
|
|
'no such user' (previously only worked for getpwnam/getpwuid)
|
|
* Use new Transifex.net translations
|
|
* Better support for automatic TGT renewal (now survives
|
|
restart)
|
|
* Netgroup fixes
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 8 13:22:58 UTC 2011 - rhafer@suse.de
|
|
|
|
- Updated to 1.5.1
|
|
* Vast performance improvements when enumerate = true
|
|
* All PAM actions will now perform a forced initgroups lookup
|
|
instead of just a user information lookup This guarantees that
|
|
all group information is available to other providers, such as
|
|
the simple provider.
|
|
* For backwards-compatibility, DNS lookups will also fall back to
|
|
trying the SSSD domain name as a DNS discovery domain.
|
|
* Support for more password expiration policies in LDAP
|
|
- 389 Directory Server
|
|
- FreeIPA
|
|
- ActiveDirectory
|
|
* Support for ldap_tls_{cert,key,cipher_suite} config options
|
|
* Assorted bugfixes
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 19 09:32:35 UTC 2011 - rhafer@suse.de
|
|
|
|
- /var/lib/sss/pubconf was missing (bnc#665442)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jan 18 09:08:35 UTC 2011 - rhafer@suse.de
|
|
|
|
- It was possible to make sssd hang forever inside a loop in the
|
|
PAM responder by sending a carefully crafted packet to sssd.
|
|
This could be exploited by a local attacker to crash sssd and
|
|
prevent other legitimate users from logging into the system.
|
|
(bnc#660481, CVE-2010-4341)
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Dec 19 13:37:32 UTC 2010 - aj@suse.de
|
|
|
|
- Own /etc/systemd directories to fix build.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 25 16:30:40 UTC 2010 - rhafer@novell.com
|
|
|
|
- install systemd service file
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 16 11:06:02 UTC 2010 - rhafer@novell.com
|
|
|
|
- Updated to 1.4.1
|
|
* Add support for netgroups to the LDAP and proxy providers
|
|
* Fixes a minor bug with UIDs/GIDs >= 2^31
|
|
* Fixes a segfault in the kerberos provider
|
|
* Fixes a segfault in the NSS responder if a data provider crashes
|
|
* Correctly use sdap_netgroup_search_base
|
|
* the utility libraries libpath_utils1, libpath_utils-devel,
|
|
libref_array1 and libref_array-devel moved to their own
|
|
separate upstream project (ding-libs)
|
|
* Performance improvements made to group processing of RFC2307
|
|
LDAP servers
|
|
* Fixed nested group issues with RFC2307bis LDAP servers without
|
|
a memberOf plugin
|
|
* Manpage reviewed and updated
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 13 12:23:47 UTC 2010 - coolo@novell.com
|
|
|
|
- remove hard coded python version
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Sep 3 13:17:48 UTC 2010 - rhafer@novell.com
|
|
|
|
- No dependencies on %{release}
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 30 12:57:47 UTC 2010 - rhafer@novell.com
|
|
|
|
- Updated to 1.3.1
|
|
* Fixes to the HBAC backend for obsolete or removed HBAC entries
|
|
* Improvements to log messages around TLS and GSSAPI for LDAP
|
|
* Support for building in environments using --as-needed LDFLAGS
|
|
* Vast performance improvement for initgroups on RFC2307 LDAP servers
|
|
* Long-running SSSD clients (e.g. GDM) will now reconnect properly to the
|
|
daemon if SSSD is restarted
|
|
* Rewrote the internal LDB cache API. As a synchronous API it is now faster
|
|
to access and easier to work with
|
|
* Eugene Indenbom contributed a sizeable amount of code to the LDAP provider
|
|
- We now handle failover situations much more reliably than we did
|
|
previously
|
|
- We also will now monitor the GSSAPI kerberos ticket and automatically
|
|
renew it when appropriate, instead of waiting for a connection to fail
|
|
* Support for netlink now allows us to more quickly detect situations
|
|
where we may have come online
|
|
* New option "dns_discovery_domain" allows better configuration for
|
|
using SRV records for failover
|
|
- New subpackages: libpath_utils1, libpath_utils-devel, libref_array1
|
|
and libref_array-devel
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Mar 31 14:02:43 UTC 2010 - rhafer@novell.com
|
|
|
|
- Package pam- and nss-Modules as baselibs
|
|
- cleaned up file list and dependencies
|
|
- fixed init script dependencies
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Mar 31 07:57:25 UTC 2010 - rhafer@novell.com
|
|
|
|
- Updated to 1.1.0
|
|
* Support for IPv6
|
|
* Support for LDAP referrals
|
|
* Offline failed login counter
|
|
* Fix for the long-standing cache cleanup performance issues
|
|
* libini_config, libcollection, libdhash, libref_array and
|
|
libpath_utils are now built as shared libraries for general
|
|
consumption (libref_array and libpath_utils are currently not
|
|
packaged, as no component in sssd links against them)
|
|
* Users get feedback from PAM if they authenticated offline
|
|
* Native local backend now has a utility to show nested memberships
|
|
(sss_groupshow)
|
|
* New "simple" access provider for easy restriction of users
|
|
- Backported libcrypto support from master to avoid Mozilla NSS
|
|
dependency
|
|
- Backported password policy improvments for LDAP provider from
|
|
master
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 8 14:06:29 UTC 2010 - rhafer@novell.com
|
|
|
|
- use logfiles for debug messages by default
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Mar 5 12:57:25 UTC 2010 - rhafer@novell.com
|
|
|
|
- subpackages for commandline tools, ipa-provider plugin and
|
|
python API
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 26 14:48:50 UTC 2010 - rhafer@novell.com
|
|
|
|
- Updated to 1.0.5. Highlights:
|
|
* Removed some dead code (libreplace
|
|
* Clarify licenses throughout the code
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 4 17:04:01 UTC 2010 - rhafer@novell.com
|
|
|
|
- Updated to 1.0.4
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 8 15:10:47 UTC 2009 - rhafer@novell.com
|
|
|
|
- Update to 0.6.0
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Sep 4 08:59:21 UTC 2009 - rhafer@novell.com
|
|
|
|
- fix LDAP filter for initgroups() with rfc2307bis setups
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 1 08:58:37 UTC 2009 - rhafer@novell.com
|
|
|
|
- initial package submission
|
|
|