[ol5_u10_base] sssd-1.5.1-70.el5.i386

Name:	sssd
Version:	1.5.1
Release:	70.el5
Architecture:	i386
Group:	Applications/System
Size:	3795359
License:	GPLv3+
RPM:	sssd-1.5.1-70.el5.i386.rpm
Source RPM:	sssd-1.5.1-70.el5.src.rpm
Build Date:	Fri Jul 19 2013
Build Host:	ca-build10.us.oracle.com
Vendor:	Oracle America
URL:	http://fedorahosted.org/sssd/
Summary:	System Security Services Daemon
Description:	Provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects like FreeIPA.

Changelog (Show File list) (Show related packages)

Fri Jun 28 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.5.1-70

- Fix IPA provider performance issue when storing large host groups
- Resolves: rhbz#979047 - sssd_be goes to 99% CPU and causes significant
                          login delays when client is under load

Wed Jun 26 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.5.1-69

- Fix startup with a broken configuration
- Resolves: rhbz#974036 - sssd core process keeps running after backends quit

Fri May 17 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.5.1-68

- Add a forgotten break in a switch statement
- Related: rhbz#886165 - sssd will stop functioning correctly if sssd_be
                         hangs for a while

Fri May 17 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.5.1-67

- Fix initialization of the paging control
- Related: rhbz#886165 - sssd segfaults (sssd_be & sssd_pam) and corrupts
                         cache repeatedly

Fri May 17 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.5.1-66

- Resolves: rhbz#961680 - sssd components seem to mishandle sighup

Fri May 17 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.5.1-65

- Resolves: rhbz#959838 - CVE-2013-0219 sssd: TOCTOU race conditions by
                          copying and removing directory trees

Fri Apr 26 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.5.1-64

- Free the LDAP control when following referrals
- Resolves: rhbz#820908 - SSSD stops working due to memory problems

Fri Apr 26 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.5.1-63

- Restart services with a timeout in case they are restarted too often
- Resolves: rhbz#950156 - sssd dead but pid file exists after heavy load
                          presented

Thu Apr 25 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.5.1-62

- Use the LDAP paging control more sparingly
- Related: rhbz#886165 - sssd segfaults (sssd_be & sssd_pam) and corrupts
                         cache repeatedly

Sun Apr 14 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.5.1-61

- Resolves: rhbz#886165 - sssd segfaults (sssd_be & sssd_pam) and corrupts
                          cache repeatedly

Wed Feb 27 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.5.1-60

- Resolves: rhbz#886165 - sssd will stop functioning correctly if sssd_be
                          hangs for a while

Sat Feb 02 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.5.1-59

- Process pending requests on PAM reconnect
- Resolves: rhbz#882414 - sssd will stop perform LDAP requests for user
                          lookup (nss), authorization, and authentication

Thu Aug 23 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.5.1-58
```
- Initialize hbac_ctx to NULL
- Resolves: rhbz#850722
```

Sat Aug 18 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.5.1-57

- Process all groups from a single nesting level
- Resolves: rhbz#846664
- Backport the option to disable srchost processing
- Resolves: rhbz#841677

Fri Aug 03 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.5.1-56

- Require libgssapiv2.so to pull in cyrus-sasl-gssapi
- Resolves: rhbz#786443

Sat Jul 07 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-55

- Rebuild against newer libtdb
- Related: rhbz#838130 - SSSD needs to be rebuilt against newer libtdb

Sat Jun 23 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-54

- Resolves: rhbz#797272 - sssd-1.5.1-37.el5 needs a dependency to dbus >= 1.1
- Resolves: rhbz#797300 - Logging in with ssh pub key should consult
                          authentication authority policies
- Resolves: rhbz#833169 - Add support for terminating idle connections in
                          sssd_nss
- Resolves: rhbz#783081 - sssd_be crashes during auth when there exists UTF
                          source host group in an hbacrule
- Resolves: rhbz#786443 - sssd on ppc64 doesn't pull cyrus-sasl-gssapi.ppc as
                          a dependancy
- Resolves: rhbz#827469 - Unable to lookup user, group, netgroup aliases with
                          case_sensitive=false

Fri Jun 15 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-53
```
- Resolves: rhbz#826237 - sssd_be segfaulting with IPA backend
```

Tue Jun 05 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-52

- Resolves: rhbz#817073 - sssd fails to use the last AD server if other AD
                          servers are not reachable
- Resolves: rhbz#828190 - Infinite loop checking Kerberos credentials

Thu Apr 26 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-51

- Resolves: rhbz#815154 - Raise limits for max num of files sssd_nss/sssd_pam
                          can use

Fri Mar 23 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-50

- Add the ability to disable the LDAP simple paging control
- Resolves: rhbz#782221 - Intermittent LDAP paging errors

Sat Jan 14 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-49

- Resolves: rhbz#680443 - Detect support for the nsupdate realm directive
- Resolves: rhbz#773327 - The full dyndns update message should be logged
                          into debug logs

Wed Dec 14 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-47
```
- Resolves: rhbz#767168 Offline actions take a very long time
```

Sat Dec 10 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-46

- Related:  rhbz#758168 - sssd_nss crashes when passed invalid UTF-8 for the
                          username in getpwnam()

Tue Dec 06 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-45

- Resolves: rhbz#760106 - cannot install sssd or sssd-tools
- Resolves: rhbz#758168 - sssd_nss crashes when passed invalid UTF-8 for the
                          username in getpwnam()
- Resolves: rhbz#758163 - LDAP failover not working if server refuses
                          connections
- Resolves: rhbz#760166 - HBAC rule evaluation does not support extended
                          UTF-8 languages

Tue Dec 06 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-44

- Related:  rhbz#748844 - sssd.$arch should require sssd-client.$arch

Tue Nov 29 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-43

- Resolves: rhbz#757810 - SSSD needs to build with -fno-strict-aliasing

Thu Nov 24 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-41

- Resolves: rhbz#748844 - sssd.$arch should require sssd-client.$arch

Thu Nov 03 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-40

- Resolves: rhbz#750373 - Major cached entry performance regression

Tue Nov 01 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-39

- Resolves: rhbz#750229 - SSSD may go into infinite loop during RFC2307bis
                          initgroups when groups appear in multiple nesting
                          levels

Wed Oct 26 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-38

- Resolves: rhbz#692455 - rfc2307bis groups are being enumerated even when the gidNumber is out of the range of min_id,max_id.
- Resolves: rhbz#700168 - Users with a local group as their primary GID are denied access by the simple access provider
- Resolves: rhbz#707975 - Unable to authenticate users when username contains "\0"
- Resolves: rhbz#707999 - The IPA provider does not work with IPv6
- Resolves: rhbz#708104 - "renew_all_tgts" and "renew_handlers" messages are being logged multiple times when the provider comes back online.
- Resolves: rhbz#748818 - SSSD not functional after "self" reboot
- Resolves: rhbz#748820 - RFC2307bis initgroups calls are slow
- Resolves: rhbz#748822 - SSSD is not populating nested groups in Active Directory
- Resolves: rhbz#748834 - IPA provider fails initgroups() if user is not a member of any group
- Resolves: rhbz#748836 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV) when ldap_uri is misconfigured.
- Resolves: rhbz#748837 - RFE: SSSD should support paged LDAP lookups
- Resolves: rhbz#748842 - Include valid "ldap_uri" formats in sssd-ldap man page
- Resolves: rhbz#748846 - During the change password operation the ccache is not replaced by a new one if the old one isn't active anymore.
- Resolves: rhbz#748856 - sssd doesn't honor ldap supportedControls
- Resolves: rhbz#748860 - LDAP+GSSAPI needs explicit Kerberos realm
- Resolves: rhbz#748862 - Resolve RPMDiff errors in SSSD
- Resolves: rhbz#748864 - SSSD taking 5 minutes to log in
- Resolves: rhbz#748869 - "System error" appears in log during change password operation of a user in openldap server with ppolicy enabled.
- Resolves: rhbz#748870 - sssd crashes during auth while there exists multiple external hosts along with managed host.
- Resolves: rhbz#748871 - sssd blocks login of   ipa-users
- Resolves: rhbz#748872 - Authentication fails when there exists an empty hbacsvcgroup.
- Resolves: rhbz#748873 - Improve password policy error message
- Resolves: rhbz#748874 - Unable to enumerate rfc2307bis group with non-default attribute names.
- Resolves: rhbz#748875 - SSSD should pick a user/group name when there are multi-valued names
- Resolves: rhbz#748877 - Group lookups doesn't return it's member for sometime when the member has multi-valued uid.
- Resolves: rhbz#748878 - Lookup fails for non-primary usernames with multi-valued uid.
- Resolves: rhbz#748879 - "Unknown (private extension) error(21853), (null)" messages are logged during change password operation of a user in openldap server with ppolicy enabled.
- Resolves: rhbz#748882 - Rework the example config
- Resolves: rhbz#748897 - HBAC processing is very slow when dealing with FreeIPA deployments with large numbers of hosts.
- Resolves: rhbz#749255 - SSSD can crash due to dbus server removing a UNIX socket
- Resolves: rhbz#748833 - latest sssd fails if ldap_default_authtok_type is not mentioned
- Resolves: rhbz#748835 - SSSD's async resolver only tries the first nameserver in /etc/resolv.conf
- Resolves: rhbz#748847 - sssd shuts down if inotify crashes
- Resolves: rhbz#748848 - libsss_ldap segfault at login against OpenLDAP
- Resolves: rhbz#748849 - Certificate validation fails with message "Connection error: TLS: hostname does not match CN in peer certificate"
- Resolves: rhbz#748855 - sssd_pam leaks file descriptors.
- Resolves: rhbz#748883 - HBAC rule evaluation does not properly handle host groups
- Resolves: rhbz#748899 - HBAC: Hostname comparisons should be case-insensitive
- Resolves: rhbz#748854 - Remove DENY rules from the HBAC access provider
- Resolves: rhbz#748857 - "groups user" and "finger gecos" fails
- Resolves: rhbz#748893 - SSSD backend gets killed on slow systems
- Resolves: rhbz#748895 - Only access sssd_nss internal hash table if it was initialized
- Resolves: rhbz#748896 - sssd_pam segfaults on sssd restart
- Resolves: rhbz#748853 - IPA dynamic DNS update mangles AAAA records
- Resolves: rhbz#748858 - sssd does not handle kerberos server IP change
- Resolves: rhbz#748861 - Provide a mechanism for vetoing the use of certain shells
- Resolves: rhbz#748865 - When non-posix groups are skipped, initgroups returns random GID
- Resolves: rhbz#748866 - Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON
- Resolves: rhbz#748867 - [RFE] Have SSSD cache properly with krb5_validate = True and SElinux enabled
- Resolves: rhbz#748881 - Use an explicit base 10 when converting uidNumber to integer
- Resolves: rhbz#748821 - [RFE] Support overriding attribute value
- Resolves: rhbz#698724 - kpasswd fails when using sssd and kadmin server != kdc server
- Resolves: rhbz#680443 - Dynamic DNS update fails if multiple servers are given in ipa_server config option
- Resolves: rhbz#694580 - SSSD's man pages are missing information
- Resolves: rhbz#709352 - Typo in negative cache notification for initgroups()
- Resolves: rhbz#748898 - SSSD can crash due to dbus server removing a UNIX socket

Fri Jun 10 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-37

- Reverts:  rhbz#680443 - Dynamic DNS update fails if multiple servers are
-                         given in ipa_server config option

Wed Jun 01 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-36

- Resolves: rhbz#709333 - sssd.$arch should require sssd-client.$arch

Thu May 26 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-35

- Resolves: rhbz#707340 - latest sssd fails if ldap_default_authtok_type is
-                         not mentioned
- Resolves: rhbz#707574 - SSSD's async resolver only tries the first
-                         nameserver in /etc/resolv.conf

Wed May 04 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-34

- Resolves: rhbz#701702 - sssd client libraries use select() but should use
-                         poll() instead

Tue May 03 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-33

- Related:  rhbz#700858 - Automatic TGT renewal overwrites cached password
- Fix segfault in TGT renewal

Sat Apr 30 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-32

- Resolves: rhbz#700858 - Automatic TGT renewal overwrites cached password

Sat Apr 16 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-30

- Resolves: rhbz#696979 - Filters not honoured against fully-qualified users

Fri Apr 15 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-29

- Resolves: rhbz#694149 - SSSD consumes GBs of RAM, possible memory leak

Wed Apr 13 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-28

- Related:  rhbz#691900 - SSSD needs to fall back to 'cn' for GECOS
-                         information

Wed Apr 13 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-27

- Related:  rhbz#694853 - SSSD crashes during getent when anonymous bind is
-                         disabled

Tue Apr 12 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-26

- Resolves: rhbz#695476 - Unable to resolve SRV record when called with
-                         _srv_,<fixed ldap uri> in ldap_uri
- Related:  rhbz#694853 - SSSD crashes during getent when anonymous bind is
-                         disabled

Sat Apr 09 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-25

- Resolves: rhbz#694853 - SSSD crashes during getent when anonymous bind is
-                         disabled

Sat Apr 02 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-24

- Resolves: rhbz#692960 - Process /usr/libexec/sssd/sssd_be was killed by
-                         signal 11 (SIGSEGV)
-                         Fix is to not attempt to resolve nameless servers

Thu Mar 31 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-23

- Resolves: rhbz#691900 - SSSD needs to fall back to 'cn' for GECOS
-                         information

Tue Mar 29 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-21

- Resolves: rhbz#690867 - Groups with a zero-length memberuid attribute can
-                         cause SSSD to stop caching and responding to
-                         requests

Sat Mar 26 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-20

- Resolves: rhbz#690287 - Traceback messages seen while interrupting
-                         sss_obfuscate using ctrl+d
- Resolves: rhbz#690814 - [abrt] sssd-1.2.1-28.el6_0.4: _talloc_free: Process
-                         /usr/libexec/sssd/sssd_be was killed by signal 11
-                         (SIGSEGV)

Thu Mar 24 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-19

- Related: rhbz#690096 - SSSD should skip over groups with multiple names

Thu Mar 24 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-18

- Resolves: rhbz#690093 - SSSD breaks on RDNs with a comma in them
- Resolves: rhbz#690096 - SSSD should skip over groups with multiple names
- Resolves: rhbz#689887 - group memberships are not populated correctly during
-                         IPA provider initgroups
- Resolves: rhbz#688697 - Skip users and groups that have incomplete contents
- Resolves: rhbz#688694 - authconfig fails when access_provider is set as krb5
-                         in sssd.conf

Fri Mar 11 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-17

- Resolves: rhbz#688677 - Build SSSD in RHEL 5.7 against openldap24-libs
- Adds support for following LDAP referrals and using Mozilla NSS for crypto
- support

Thu Mar 10 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-16

- Resolves: rhbz#683260 - sudo/ldap lookup via sssd gets stuck for 5min
-                         waiting on netgroup
- Resolves: rhbz#683585 - sssd consumes 100% CPU
- Related: rhbz#680441  - sssd does not handle kerberos server IP change

Wed Mar 09 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-15

- Related: rhbz#680441 - sssd does not handle kerberos server IP change
-   SSSD was staying with the old server if it was still online

Tue Mar 08 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-14

- Resolves: rhbz#682853 - IPA provider should use realm instead of ipa_domain
-                         for base DN

Tue Mar 08 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-13

- Resolves: rhbz#682803 - sssd-be segmentation fault - ipa-client on
-                         ipa-server
- Resolves: rhbz#680441 - sssd does not handle kerberos server IP change
- Resolves: rhbz#680443 - Dynamic DNS update fails if multiple servers are
-                         given in ipa_server config option
- Resolves: rhbz#680933 - Do not delete sysdb memberOf if there is no memberOf
-                         attribute on the server
- Resolves: rhbz#682808 - sssd_nss core dumps with certain lookups

Wed Feb 23 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-12

- Related: rhbz#679087 - SSSD IPA provider should honor the krb5_realm option
- Related: rhbz#678615 - SSSD needs to look at IPA's compat tree for netgroups

Wed Feb 23 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-11

- Resolves: rhbz#679087 - SSSD IPA provider should honor the krb5_realm option
- Resolves: rhbz#679097 - Does not read renewable ccache at startup

Tue Feb 22 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-10

- Resolves: rhbz#678606 - User information not updated on login for secondary
-                         domains
- Resolves: rhbz#678778 - IPA provider does not update removed group
-                         memberships on initgroups

Sun Feb 20 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-9

- Resolves: rhbz#678780 - sssd crashes at the next tgt renewals it tries
- Resolves: rhbz#678412 - name service caches names, so id command shows
-                         recently deleted users
- Resolves: rhbz#678615 - SSSD needs to look at IPA's compat tree for
-                         netgroups

Fri Feb 18 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-8

- Related: rhbz#665314 - Rebase SSSD to 1.5 in RHEL 5.7
- Fix generation of translated manpages

Thu Feb 17 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-7

- Resolves: rhbz#665314 - Rebase SSSD to 1.5 in RHEL 5.7
- Resolves: rhbz#676027 - sssd segfault when first entry of ldap_uri is
-                         unreachable
- Resolves: rhbz#678032 - Remove HBAC time rules from SSSD
- Resolves: rhbz#675007 - sssd corrupts group cache
- Resolves: rhbz#608864 - [RFE] Support obfuscated passwords in the SSSD
-                         configuration

Fri Dec 03 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-39
```
- Resolves: rhbz#659136 - SSSD shutdown sometimes hangs
```
Thu Nov 25 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-38
```
- Resolves: rhbz#638241 - sssd stops on upgrade
```

Sat Nov 06 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-37

- Resolves: rhbz#649037 - Unable to set SELinux user for the user´s login

Thu Nov 04 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-36

- Resolves: rhbz#649285 - SSSD will sometimes lose groups from the cache

Wed Nov 03 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-35

- Resolves: rhbz#645437 - NSS responder dies if DP dies during a request

Wed Oct 27 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-34

- Resolves: rhbz#645515 - 'getent passwd <username>' returns nothing if its
-                         uidNumber gt 2147483647

Sat Oct 23 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-33

- Resolves: rhbz#645515 - 'getent passwd <username>' returns nothing if its
-                         uidNumber gt 2147483647

Sat Oct 09 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-32

- Resolves: rhbz#636055 - SSSD initgroups does not behave as expected
- Resolves: rhbz#634918 - multilib conflicts in libpath_utils-devel and
-                         libini_config-devel

Sat Oct 09 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-31

- Resolves: rhbz#633863 - SSSD log fills up the disk
- Resolves: rhbz#634918 - multilib conflicts in libpath_utils-devel and
-                         libini_config-devel
- Resolves: rhbz#636823 - the krb5 locator plugin isn't packaged for multilib
- Resolves: rhbz#638241 - sssd stops on upgrade

Wed Sep 29 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-30

- Resolves: rhbz#634861 - error: %post(sssd-1.2.1-28.1.el5.s390x) scriptlet
-                         failed, exit status 127

Fri Sep 24 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-29

- Resolves: rhbz#636823 - the krb5 locator plugin isn't packaged for multilib

Wed Aug 25 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-28.1

- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate
-                           against LDAP
- Patch was included but not applied in previous version

Wed Aug 25 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-27.1

- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate
-                           against LDAP

Thu Aug 05 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-26
```
- Resolves: rhbz#621307 - Password changes are broken on LDAP
```
Thu Aug 05 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-23.1
```
- Initial release for Red Hat Enterprise Linux 5
```

Sat Jul 31 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-23

- Resolves: rhbz#617623 - SSSD suffers from serious performance issues on
-                         initgroups calls

Sat Jul 24 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-21

- Resolves: rhbz#607233 - SSSD users cannot log in through GDM
-                       - Real issue was that long-running services
-                       - do not reconnect if sssd is restarted

Sat Jul 10 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-20

- Resolves: rhbz#591715 - sssd should emit warnings if there are problems with
-                         /etc/krb5.keytab file

Tue Jun 29 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-19

- Resolves: rhbz#606836 - libcollection needs an soname bump before RHEL 6
-                         final
- Resolves: rhbz#608661 - SASL with OpenLDAP server fails
- Resolves: rhbz#608688 - SSSD doesn't properly request RootDSE attributes

Sat Jun 19 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-15

- New upstream bugfix release 1.2.1
- Resolves: rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity
-                         bugs.
- Resolves: rhbz#603041 - Remove unnecessary option krb5_changepw_principal
- Resolves: rhbz#604704 - authconfig should provide error with no trace back
-                         if disabling sssd when sssd is not enabled
- Resolves: rhbz#591873 - Connecting to the network after an offline kerberos
-                         auth logs continuous error messages to sssd_ldap.log
- Resolves: rhbz#596295 - Authentication fails for user from the second domain
-                         when the same user name is filtered out from the
-                         first domain
- Related:  rhbz#598559 - Update translation files for SSSD before RHEL 6
-                         final

Fri Jun 11 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.0-14

- Resolves: rhbz#593696 - Empty list of simple_allow_users causes sssd service
-                         to fail while restart
- Resolves: rhbz#600352 - Wrapping the value for "ldap_access_filter" in
-                         parentheses causes ldap_search_ext to fail
- Resolves: rhbz#600468 - Segfault in krb5_child
- Related:  rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity
-                         bugs.

Thu Jun 03 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.0-13

- Resolves: rhbz#598670 - Ccache file of a user is removed too early
- Resolves: rhbz#599057 - Incomplete comparison of a service name in
-                         IPA access provider
- Resolves: rhbz#598496 - Failure with IPA access provider
- Resolves: rhbz#599027 - Makefile typo causes SSSD not to use the
-                         kernel keyring

Tue May 25 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.0-12

- New stable upstream version 1.2.0
- Support ServiceGroups for FreeIPA v2 HBAC rules
- Fix long-standing issue with auth_provider = proxy
- Better logging for TLS issues in LDAP
- Resolves: rhbz#584001 - Rebase sssd to 1.2
- Resolves: rhbz#584017 - Unconfiguring sssd leaves KDC locator file
- Resolves: rhbz#587384 - authconfig fails if krb5_kpasswd in sssd.conf
- Resolves: rhbz#587743 - Need to replicate pam_ldap's pam_filter in sssd.conf
- Resolves: rhbz#590134 - sssd: auth_provider = proxy regression
- Resolves: rhbz#591131 - Kerberos provider needs to rewrite kdcinfo file when
-                         going online
- Resolves: rhbz#591136 - Change SSSD ipa BE to handle new structure of the
-                         HBAC rule

Thu May 20 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.92-11.1
```
- Improve DEBUG logs for STARTTLS failures
```

Wed May 19 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.92-11

- New LDAP access provider allows for filtering user access by LDAP attribute
- Reduced default timeout for detecting offline status with LDAP
- GSSAPI ticket lifetime made configurable
- Better offline->online transition support in Kerberos

Sat May 08 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.91-10

- Release new upstream version 1.1.91
- Enhancements when using SSSD with FreeIPA v2
- Support for deferred kinit
- Support for DNS SRV records for failover

Sat Apr 03 2010 Simo Sorce <ssorce@redhat.com> - 1.1.1-3

- Bump up release number to avoid library sub-packages version issues with
  previous releases.

Fri Apr 02 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.1-1

- New upstream release 1.1.1
- Fixed the IPA provider (which was segfaulting at start)
- Fixed a bug in the SSSDConfig API causing some options to revert to
- their defaults
- This impacted the Authconfig UI
- Ensure that SASL binds to LDAP auto-retry when interrupted by a signal

Tue Mar 23 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.0-2

- Release SSSD 1.1.0 final
- Fix two potential segfaults
- Fix memory leak in monitor
- Better error message for unusable confdb

Thu Mar 18 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.0-1.pre20100317git0ea7f19

- Release candidate for SSSD 1.1
- Add simple access provider
- Create subpackages for libcollection, libini_config, libdhash and librefarray
- Support IPv6
- Support LDAP referrals
- Fix cache issues
- Better feedback from PAM when offline

Thu Feb 25 2010 Stephen Gallagehr <sgallagh@redhat.com> - 1.0.5-2
```
- Rebuild against new libtevent
```
Sat Feb 20 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.5-1
```
- Fix licenses in sources and on RPMs
```
Tue Jan 26 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.4-1
```
- Fix regression on 64-bit platforms
```

Sat Jan 23 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.3-1

- Fixes link error on platforms that do not do implicit linking
- Fixes double-free segfault in PAM
- Fixes double-free error in async resolver
- Fixes support for TCP-based DNS lookups in async resolver
- Fixes memory alignment issues on ARM processors
- Manpage fixes

Fri Jan 15 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.2-1

- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online
- Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests
- Several segfault bugfixes

Tue Jan 12 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.1-1
```
- Fix CVE-2010-0014
```

Tue Dec 22 2009 Stephen Gallagher <sgallagh@redhat.com> - 1.0.0-2

- Patch SSSDConfig API to address
- https://bugzilla.redhat.com/show_bug.cgi?id=549482

Sat Dec 19 2009 Stephen Gallagher <sgallagh@redhat.com> - 1.0.0-1
```
- New upstream stable release 1.0.0
```
Sat Dec 12 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.99.1-1
```
- New upstream bugfix release 0.99.1
```
Tue Dec 01 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.99.0-1
```
- New upstream release 0.99.0
```

Wed Oct 28 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.7.1-1

- Fix segfault in sssd_pam when cache_credentials was enabled
- Update the sample configuration
- Fix upgrade issues caused by data provider service removal

Tue Oct 27 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.7.0-2
```
- Fix upgrade issues from old (pre-0.5.0) releases of SSSD
```
Sat Oct 24 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.7.0-1
```
- New upstream release 0.7.0
```
Fri Oct 16 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.6.1-2
```
- Fix missing file permissions for sssd-clients
```

Wed Oct 14 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.6.1-1

- Add SSSDConfig API
- Update polish translation for 0.6.0
- Fix long timeout on ldap operation
- Make dp requests more robust

Wed Sep 30 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.6.0-1

- Ensure that the configuration upgrade script always writes the config
  file with 0600 permissions
- Eliminate an infinite loop in group enumerations

Tue Sep 29 2009 Sumit Bose <sbose@redhat.com> - 0.6.0-0
```
- New upstream release 0.6.0
```
Tue Aug 25 2009 Simo Sorce <ssorce@redhat.com> - 0.5.0-0
```
- New upstream release 0.5.0
```

Thu Jul 30 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.4.1-4

- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in
  without a password. (Patch by Stephen Gallagher)

Mon Jul 27 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4.1-3
```
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
```
Tue Jun 23 2009 Simo Sorce <ssorce@redhat.com> - 0.4.1-2
```
- Fix a couple of segfaults that may happen on reload
```

Fri Jun 12 2009 Simo Sorce <ssorce@redhat.com> - 0.4.1-1

- add missing configure check that broke stopping the daemon
- also fix default config to add a missing required option

Tue Jun 09 2009 Simo Sorce <ssorce@redhat.com> - 0.4.1-0

- latest upstream release.
- also add a patch that fixes debugging output (potential segfault)

Tue Apr 21 2009 Simo Sorce <ssorce@redhat.com> - 0.3.2-2
```
- release out of the official 0.3.2 tarball
```

Tue Apr 21 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.3.2-1

- bugfix release 0.3.2
- includes previous release patches
- change permissions of the /etc/sssd/sssd.conf to 0600

Wed Apr 15 2009 Simo Sorce <ssorce@redhat.com> - 0.3.1-2

- Add last minute bug fixes, found in testing the package

Tue Apr 14 2009 Simo Sorce <ssorce@redhat.com> - 0.3.1-1
```
- Version 0.3.1
- includes previous release patches
```

Tue Apr 14 2009 Simo Sorce <ssorce@redhat.com> - 0.3.0-2

- Try to fix build adding automake as an explicit BuildRequire
- Add also a couple of last minute patches from upstream

Tue Apr 14 2009 Simo Sorce <ssorce@redhat.com> - 0.3.0-1

- Version 0.3.0
- Provides file based configuration and lots of improvements

Wed Mar 11 2009 Simo Sorce <ssorce@redhat.com> - 0.2.1-1
```
- Version 0.2.1
```
Wed Mar 11 2009 Simo Sorce <ssorce@redhat.com> - 0.2.0-1
```
- Version 0.2.0
```
Mon Mar 09 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.1.0-5.20090309git691c9b3
```
- package git snapshot
```
Sat Mar 07 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.1.0-4
```
- fixed items found during review
- added initscript
```
Fri Mar 06 2009 Sumit Bose <sbose@redhat.com> - 0.1.0-3
```
- added sss_client
```
Tue Feb 24 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.1.0-2
```
- Small cleanup and fixes in the spec file
```
Fri Feb 13 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.1.0-1
```
- Initial release (based on version 0.1.0 upstream code)
```