File sssd.changes of Package sssd

-------------------------------------------------------------------
Thu May 10 04:22:47 UTC 2012 - jengelh@inai.de

- Update to new upstream release 1.8.3
* LDAP: Handle situations where the RootDSE is not available
  anonymously
* LDAP: Fix regression for users using non-standard LDAP attributes
  for user information
- Switch from openssl to mozilla-nss, as this is the officially
  supported crypto integration

-------------------------------------------------------------------
Fri Apr 13 13:03:44 PDT 2012 - ben.kevan@gmail.com

- Fix build error on SLES 11 builds

-------------------------------------------------------------------
Mon Apr  9 21:45:45 PDT 2012 - ben.kevan@gmail.com

- Add suse_version condition for glib over libunistring for
  SLES 11 SP2. 
- Update to new upstream release 1.8.2
* Fix for GSSAPI binds when the keytab contains unrelated
  principals
* Workarounds added for LDAP servers with unreadable RootDSE

-------------------------------------------------------------------
Wed Apr  4 16:13:33 PDT 2012 - ben.kevan@gmail.com

- Update to new upstream release 1.8.1
* Resolve issue where we could enter an infinite loop trying to
  connect to an auth server

-------------------------------------------------------------------

Sun Mar 11 18:36:44 UTC 2012 - jengelh@medozas.de

- Update to new upstream release 1.8.0
* Support for the service map in NSS
* Support for setting default SELinux user context from FreeIPA
* Support for retrieving SSH user and host keys from LDAP
* Support for caching autofs LDAP requests
* Support for caching SUDO rules
* Include the IPA AutoFS provider
* Fixed several memory-corruption bugs
* Fixed a regression in the proxy provider

-------------------------------------------------------------------
Wed Oct 19 13:56:57 UTC 2011 - rhafer@suse.de

- Fixed systemd related packaging issues (bnc#724157)
- fixed build on older openSUSE releases

-------------------------------------------------------------------
Mon Sep 19 17:07:24 UTC 2011 - jengelh@medozas.de

- Resolve "have choice for libnl-devel:
  libnl-1_1-devel libnl3-devel"

-------------------------------------------------------------------
Tue Aug  2 08:46:53 UTC 2011 - rhafer@suse.de

- Fixed typos in configure args
- Cherry-picked password policy fixes from 1.5 branch (bnc#705768)
- switched to fd-leak fix cherry-picked from 1.5 branch
- Add /usr/sbin to the search path to make configure find nscd
  (bnc#709747)

-------------------------------------------------------------------
Fri Jul 29 10:39:51 UTC 2011 - jengelh@medozas.de

- Add patches to fix an fd leak in sssd_pam

-------------------------------------------------------------------
Thu Jul 28 10:03:32 UTC 2011 - jengelh@medozas.de

- Update to new upstream release 1.5.11
* Support for overriding home directory, shell and primary GID
  locally
* Properly honor TTL values from SRV record lookups
* Support non-POSIX groups in nested group chains (for RFC2307bis
  LDAP servers)
* Properly escape IPv6 addresses in the failover code
* Do not crash if inotify fails (e.g. resource exhaustion)
- Remove redundant %clean section; delete .la files more
  efficiently

-------------------------------------------------------------------
Tue Jun  7 08:59:04 UTC 2011 - rhafer@suse.de

- Update to 1.5.8:
  * Support for the LDAP paging control
  * Support for multiple DNS servers for name resolution
  * Fixes for several group membership bugs
  * Fixes for rare crash bugs

-------------------------------------------------------------------
Wed May  4 09:22:20 UTC 2011 - rhafer@suse.de

- Update to 1.5.7
  * A flaw was found in the handling of cached passwords when
    kerberos renewal tickets is enabled.  Due to a bug, the cached
    password was overwritten with a (moderately) predictable
    filename, which could allow a user to authenticate as someone
    else if they knew the name of the cache file (bnc#691135,
    CVE-2011-1758)
- Changes in 1.5.6:
  * Fixed a serious memory leak in the memberOf plugin
  * Fixed a regression with the negative cache that caused it to be
    essentially nonfunctional
  * Fixed an issue where the user's full name would sometimes be
    removed from the cache
  * Fixed an issue with password changes in the kerberos provider
    not working with kpasswd

-------------------------------------------------------------------
Thu Apr 14 11:31:38 UTC 2011 - rhafer@suse.de

- Update to 1.5.5
 * Fixes for several crash bugs
 * LDAP group lookups will no longer abort if there is a
   zero-length member attribute
 * Add automatic fallback to 'cn' if the 'gecos' attribute does not
   exist

-------------------------------------------------------------------
Wed Mar 30 09:47:23 UTC 2011 - rhafer@suse.de

- Should build in SLE-11-SP1 now

-------------------------------------------------------------------
Tue Mar 29 13:23:57 UTC 2011 - rhafer@suse.de

- Updated to 1.5.4
  * Fixes for Active Directory when not all users and groups have
    POSIX attributes
  * Fixes for handling users and groups that have name aliases
    (aliases are ignored)
  * Fix group memberships after initgroups in the IPA provider

-------------------------------------------------------------------
Thu Mar 24 15:42:02 UTC 2011 - rhafer@suse.de

- Updated to 1.5.3
  * Support for libldb >= 1.0.0
  * Proper detection of manpage translations
  * Changes between 1.5.1 and 1.5.2
    * Fixes for support of FreeIPA v2
    * Fixes for failover if DNS entries change
    * Improved sss_obfuscate tool with better interactive mode
    * Fix several crash bugs
    * Don't attempt to use START_TLS over SSL. Some LDAP servers
      can't handle this
    * Delete users from the local cache if initgroups calls return
      'no such user' (previously only worked for getpwnam/getpwuid)
    * Use new Transifex.net translations
    * Better support for automatic TGT renewal (now survives
      restart)
    * Netgroup fixes

-------------------------------------------------------------------
Tue Mar  8 13:22:58 UTC 2011 - rhafer@suse.de

- Updated to 1.5.1
  * Vast performance improvements when enumerate = true
  * All PAM actions will now perform a forced initgroups lookup
    instead of just a user information lookup This guarantees that
    all group information is available to other providers, such as
    the simple provider.
  * For backwards-compatibility, DNS lookups will also fall back to
    trying the SSSD domain name as a DNS discovery domain.
  * Support for more password expiration policies in LDAP
    - 389 Directory Server
    - FreeIPA
    - ActiveDirectory
  * Support for ldap_tls_{cert,key,cipher_suite} config options
  * Assorted bugfixes

-------------------------------------------------------------------
Wed Jan 19 09:32:35 UTC 2011 - rhafer@suse.de

- /var/lib/sss/pubconf was missing (bnc#665442)

-------------------------------------------------------------------
Tue Jan 18 09:08:35 UTC 2011 - rhafer@suse.de

- It was possible to make sssd hang forever inside a loop in the
  PAM responder by sending a carefully crafted packet to sssd.
  This could be exploited by a local attacker to crash sssd and
  prevent other legitimate users from logging into the system.
  (bnc#660481, CVE-2010-4341)

-------------------------------------------------------------------
Sun Dec 19 13:37:32 UTC 2010 - aj@suse.de

- Own /etc/systemd directories to fix build.

-------------------------------------------------------------------
Thu Nov 25 16:30:40 UTC 2010 - rhafer@novell.com

- install systemd service file 

-------------------------------------------------------------------
Tue Nov 16 11:06:02 UTC 2010 - rhafer@novell.com

- Updated to 1.4.1
  * Add support for netgroups to the LDAP and proxy providers
  * Fixes a minor bug with UIDs/GIDs >= 2^31
  * Fixes a segfault in the kerberos provider
  * Fixes a segfault in the NSS responder if a data provider crashes
  * Correctly use sdap_netgroup_search_base
  * the utility libraries libpath_utils1, libpath_utils-devel,
    libref_array1 and libref_array-devel moved to their own
    separate upstream project (ding-libs)
  * Performance improvements made to group processing of RFC2307
    LDAP servers
  * Fixed nested group issues with RFC2307bis LDAP servers without
    a memberOf plugin
  * Manpage reviewed and updated

-------------------------------------------------------------------
Mon Sep 13 12:23:47 UTC 2010 - coolo@novell.com

- remove hard coded python version

-------------------------------------------------------------------
Fri Sep  3 13:17:48 UTC 2010 - rhafer@novell.com

- No dependencies on %{release}

-------------------------------------------------------------------
Mon Aug 30 12:57:47 UTC 2010 - rhafer@novell.com

- Updated to 1.3.1
 * Fixes to the HBAC backend for obsolete or removed HBAC entries
 * Improvements to log messages around TLS and GSSAPI for LDAP
 * Support for building in environments using --as-needed LDFLAGS
 * Vast performance improvement for initgroups on RFC2307 LDAP servers
 * Long-running SSSD clients (e.g. GDM) will now reconnect properly to the
   daemon if SSSD is restarted
 * Rewrote the internal LDB cache API. As a synchronous API it is now faster
   to access and easier to work with
 * Eugene Indenbom contributed a sizeable amount of code to the LDAP provider
   - We now handle failover situations much more reliably than we did
     previously
   - We also will now monitor the GSSAPI kerberos ticket and automatically
     renew it when appropriate, instead of waiting for a connection to fail
 * Support for netlink now allows us to more quickly detect situations
   where we may have come online
 * New option "dns_discovery_domain" allows better configuration for
   using SRV records for failover 
- New subpackages: libpath_utils1, libpath_utils-devel, libref_array1
  and libref_array-devel

-------------------------------------------------------------------
Wed Mar 31 14:02:43 UTC 2010 - rhafer@novell.com

- Package pam- and nss-Modules as baselibs
- cleaned up file list and dependencies
- fixed init script dependencies

-------------------------------------------------------------------
Wed Mar 31 07:57:25 UTC 2010 - rhafer@novell.com

- Updated to 1.1.0 
  * Support for IPv6
  * Support for LDAP referrals
  * Offline failed login counter
  * Fix for the long-standing cache cleanup performance issues
  * libini_config, libcollection, libdhash, libref_array and
    libpath_utils are now built as shared libraries for general
    consumption (libref_array and libpath_utils are currently not
    packaged, as no component in sssd links against them)
  * Users get feedback from PAM if they authenticated offline
  * Native local backend now has a utility to show nested memberships
    (sss_groupshow)
  * New "simple" access provider for easy restriction of users
- Backported libcrypto support from master to avoid Mozilla NSS 
  dependency
- Backported password policy improvments for LDAP provider from
  master

-------------------------------------------------------------------
Mon Mar  8 14:06:29 UTC 2010 - rhafer@novell.com

- use logfiles for debug messages by default 

-------------------------------------------------------------------
Fri Mar  5 12:57:25 UTC 2010 - rhafer@novell.com

- subpackages for commandline tools, ipa-provider plugin and
  python API

-------------------------------------------------------------------
Fri Feb 26 14:48:50 UTC 2010 - rhafer@novell.com

- Updated to 1.0.5. Highlights:
  * Removed some dead code (libreplace
  * Clarify licenses throughout the code

-------------------------------------------------------------------
Thu Feb  4 17:04:01 UTC 2010 - rhafer@novell.com

- Updated to 1.0.4 

-------------------------------------------------------------------
Thu Oct  8 15:10:47 UTC 2009 - rhafer@novell.com

- Update to 0.6.0 

-------------------------------------------------------------------
Fri Sep  4 08:59:21 UTC 2009 - rhafer@novell.com

- fix LDAP filter for initgroups() with  rfc2307bis setups

-------------------------------------------------------------------
Tue Sep  1 08:58:37 UTC 2009 - rhafer@novell.com

- initial package submission