[ol6_latest_archive] libsss_idmap-devel-1.9.2-82.4.el6_4.i686

Name:	libsss_idmap-devel
Version:	1.9.2
Release:	82.4.el6_4
Architecture:	i686
Group:	Development/Libraries
Size:	146844
License:	LGPLv3+
RPM:	libsss_idmap-devel-1.9.2-82.4.el6_4.i686.rpm
Source RPM:	sssd-1.9.2-82.4.el6_4.src.rpm
Build Date:	Tue Mar 19 2013
Build Host:	ca-build44.us.oracle.com
Vendor:	Oracle America
URL:	http://fedorahosted.org/sssd/
Summary:	FreeIPA Idmap library
Description:	Utility library to SIDs to Unix uids and gids

Changelog (Show File list) (Show related packages)

Tue Mar 05 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-82.4

- Resolves: rhbz#911298 - sssd: simple access provider flaw prevents intended
                           ACL use when client to an AD provider

Fri Mar 01 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-82.3

- Fix pwd_expiration_warning=0
- Resolves: rhbz#914671 - pwd_expiration_warning has wrong default for
                          Kerberos

Fri Feb 22 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-82.2

- Resolves: rhbz#914671 - pwd_expiration_warning has wrong default for
                          Kerberos
- Fix the NVR

Wed Jan 30 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-82.1

- Resolves: rhbz#907362 - Serious performance regression in sssd

Wed Jan 23 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-82

- Resolves: rhbz#888614 - Failure in memberof can lead to failed
                          database update

Wed Jan 23 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-81

- Resolves: rhbz#903078 - TOCTOU race conditions by copying
                          and removing directory trees

Wed Jan 23 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-80

- Resolves: rhbz#903078 - Out-of-bounds read flaws in
                          autofs and ssh services responders

Tue Jan 22 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-79

- Resolves: rhbz#902716 - Rule mismatch isn't noticed before smart refresh
                          on ppc64 and s390x

Tue Jan 22 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-78

- Resolves: rhbz#896476 - SSSD should warn when pam_pwd_expiration_warning
                          value is higher than passwordWarning LDAP attribute.

Tue Jan 22 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-77

- Resolves: rhbz#902436 - possible segfault when backend callback is removed

Mon Jan 21 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-76

- Resolves: rhbz#895132 - Modifications using sss_usermod tool are not
                          reflected in memory cache

Wed Jan 16 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-75

- Resolves: rhbz#894302 - sssd fails to update to changes on autofs maps

Wed Jan 16 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-74

- Resolves: rhbz894381 - memory cache is not updated after user is deleted
                         from ldb cache

Wed Jan 16 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-73

- Resolves: rhbz895615 - ipa-client-automount: autofs failed in s390x and
                         ppc64 platform

Tue Jan 15 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-72

- Resolves: rhbz#894997 - sssd_be crashes looking up members with groups
                          outside the nesting limit

Tue Jan 15 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-71

- Resolves: rhbz#895132 - Modifications using sss_usermod tool are not
                          reflected in memory cache

Tue Jan 15 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-70

- Resolves: rhbz#894428 - wrong filter for autofs maps in sss_cache

Tue Jan 15 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-69

- Resolves: rhbz#894738 - Failover to ldap_chpass_backup_uri doesn't work

Wed Jan 09 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-68

- Resolves: rhbz#887961 - AD provider: getgrgid removes nested group
                          memberships

Mon Jan 07 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-67

- Resolves: rhbz#878583 - IPA Trust does not show secondary groups for AD
                          Users for commands like id and getent

Mon Jan 07 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-66

- Resolves: rhbz#874579 - sssd caching not working as expected for selinux
                          usermap contexts

Mon Jan 07 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-65

- Resolves: rhbz#892197 - Incorrect principal searched for in keytab

Mon Jan 07 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-64

- Resolves: rhbz#891356 - Smart refresh doesn't notice "defaults" addition
                          with OpenLDAP

Fri Jan 04 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-63

- Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory
                          cache

Fri Jan 04 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-62

- Resolves: rhbz#886848 - user id lookup fails for case sensitive users
                          using proxy provider

Fri Jan 04 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-61

- Resolves: rhbz#890520 - Failover to krb5_backup_kpasswd doesn't work

Fri Jan 04 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-60
```
- Resolves: rhbz#874618 - sss_cache: fqdn not accepted
```
Thu Dec 20 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-59
```
- Resolves: rhbz#889182 - crash in memory cache
```

Thu Dec 20 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-58

- Resolves: rhbz#889168 - krb5 ticket renewal does not read the renewable
                          tickets from cache

Thu Dec 20 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-57

- Resolves: rhbz#886091 - Disallow root SSH public key authentication
- Add default section to switch statement (Related: rhbz#884666)

Thu Dec 20 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-56

- Resolves: rhbz#886038 - sssd components seem to mishandle sighup

Thu Dec 20 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-55

- Resolves: rhbz#888800 - Memory leak in new memcache initgr cleanup function

Thu Dec 20 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-54

- Resolves: rhbz#888614 - Failure in memberof can lead to failed database
                          update

Thu Dec 20 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-53

- Resolves: rhbz#885078 - sssd_nss crashes during enumeration if the
                          enumeration is taking too long

Mon Dec 17 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-52

- Related: rhbz#875851 - sysdb upgrade failed converting db to 0.11
- Include more debugging during the sysdb upgrade

Mon Dec 17 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-51

- Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal

Mon Dec 17 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-50

- Resolves: rhbz#870045 - always reread the master map from LDAP
- Resolves: rhbz#876531 - sss_cache does not work for automount maps

Mon Dec 17 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-49

- Resolves: rhbz#884666 - sudo: if first full refresh fails, schedule
                          another first full refresh

Mon Dec 17 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-48

- Resolves: rhbz#880956 - Primary server status is not always reset after
                          failover to backup server happened
- Silence a compilation warning in the memberof plugin (Related: rhbz#877974)
- Do not steal resolv result on error (Related: rhbz#882076)

Mon Dec 17 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-47

- Resolves: rhbz#882923 - Negative cache timeout is not working for proxy
                          provider

Sat Dec 15 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-46

- Resolves: rhbz#884600 - ldap_chpass_uri failover fails on using same
                          hostname

Fri Dec 14 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-45

- Resolves: rhbz#858345 - pam_sss(crond:account): Request to sssd
                          failed. Timer expired

Fri Dec 14 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-44

- Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory
                          cache

Fri Dec 14 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-43

- Resolves: rhbz#880176 - memberUid required for primary groups to match
                          sudo rule

Fri Dec 14 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-42

- Resolves: rhbz#885105 - sudo denies access with disabled
                          ldap_sudo_use_host_filter

Tue Dec 11 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-41

- Resolves: rhbz#883408 - Option ldap_sudo_include_regexp named incorrectly

Tue Dec 11 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-40

- Resolves: rhbz#880546 - krb5_kpasswd failover doesn't work
- Fix the error handler in sss_mc_create_file (Related: #789507)

Tue Dec 11 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-39

- Resolves: rhbz#882221 - Offline sudo denies access with expired
                          entry_cache_timeout
- Fix several bugs found by Coverity and clang:
- Check the return value of diff_gid_lists (Related: #869071)
- Move misplaced sysdb assignment (Related: #827606)
- Remove dead assignment (Related: #827606)
- Fix copy-n-paste error in the memberof plugin (Related: #877974)

Tue Dec 11 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-38

- Resolves: rhbz#882923 - Negative cache timeout is not working for proxy
                          provider
- Link sss_ssh_authorizedkeys and sss_ssh_knowhostsproxy with the client
  libraries (Related: #870060)
- Move sss_ssh_knownhosts documentation to the correct section
  (Related: #870060)

Fri Dec 07 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-37

- Resolves: rhbz#884480 - user is not removed from group membership during
                          initgroups
- Fix incorrect synchronization in mmap cache (Related: #789507)

Fri Dec 07 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-36

- Resolves: rhbz#883336 - sssd crashes during start if id_provider is
                          not mentioned

Fri Dec 07 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-35

- Resolves: rhbz#882290 - arithmetic bug in the SSSD causes netgroup
                          midpoint refresh to be always set to 10 seconds

Thu Dec 06 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-34

- Resolves: rhbz#877974 - updating top-level group does not reflect ghost
                          members correctly
- Resolves: rhbz#880159 - delete operation is not implemented for ghost users

Thu Dec 06 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-33

- Resolves: rhbz#881773 - mmap cache needs update after db changes

Thu Dec 06 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-32

- Resolves: rhbz#875677 - password expiry warning message doesn't appear
                          during auth
- Fix potential NULL dereference when skipping built-in AD groups
  (Related: rhbz#874616)
- Add missing parameter to DEBUG message (Related: rhbz#829742)

Thu Dec 06 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-31

- Resolves: rhbz#882076 - SSSD crashes when c-ares returns success but an
                          empty hostent during the DNS update
- Do not version libsss_sudo, it's not supposed to be linked against, but
  dlopened (Related: rhbz#761573)

Wed Nov 28 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-30

- Resolves: rhbz#880140 - sssd hangs at startup with broken configurations

Wed Nov 28 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-29

- Resolves: rhbz#878420 - SIGSEGV in IPA provider when ldap_sasl_authid is not set

Wed Nov 28 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-28

- Resolves: rhbz#874616 - Silence the DEBUG messages when ID mapping code
                          skips a built-in group

Tue Nov 27 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-27

- Resolves: rhbz#824244 - sssd does not warn into sssd.log for broken
                          configurations

Tue Nov 27 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-26

- Resolves: rhbz#874673 - user id lookup fails using proxy provider
- Fix a possibly uninitialized variable in the LDAP provider
- Related: rhbz#877130

Wed Nov 21 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-25

- Resolves: rhbz#878262 - ipa password auth failing for user principal
                          name when shorter than IPA Realm name
- Resolves: rhbz#871843 - Nested groups are not retrieved appropriately
                          from cache

Tue Nov 20 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-24

- Resolves: rhbz#870238 - IPA client cannot change AD Trusted User password

Tue Nov 20 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-23

- Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal

Tue Nov 20 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-22

- Resolves: rhbz#861075 - SSSD_NSS failure to gracefully restart
                          after sbus failure

Mon Nov 19 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-21

- Resolves: rhbz#877354 - ldap_connection_expire_timeout doesn't expire
                          ldap connections

Mon Nov 19 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-20
```
- Related: rhbz#877126 - Bump the release tag
```

Mon Nov 19 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-20

- Resolves: rhbz#877126 - subdomains code does not save the proper
                          user/group name

Mon Nov 19 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-19

- Resolves: rhbz#877130 - LDAP provider fails to save empty groups
- Related: rhbz#869466 - check the return value of waitpid()

Mon Nov 19 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-18
```
- Resolves: rhbz#870039 - sss_cache says 'Wrong DB version'
```
Mon Nov 19 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-17
```
- Resolves: rhbz#875740 - "defaults" entry ignored
```

Mon Nov 19 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-16

- Resolves: rhbz#875738 - offline authentication failure always returns
                          System Error

Sun Nov 18 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-15

- Resolves: rhbz#875851 - sysdb upgrade failed converting db to 0.11

Thu Nov 15 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-14

- Resolves: rhbz#870278 -  ipa client setup should configure host properly
                           in a trust is in place

Wed Nov 14 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-13

- Resolves: rhbz#871160 - sudo failing for ad trusted user in IPA environment

Sun Nov 11 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-12

- Resolves: rhbz#870278 -  ipa client setup should configure host properly
                           in a trust is in place

Sun Nov 11 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-11

- Resolves: rhbz#869678 - sssd not granting access for AD trusted user in HBAC rule

Sun Nov 11 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-10

- Resolves: rhbz#872180 - subdomains: Invalid sub-domain request type
- Related: rhbz#867933 - invalidating the memcache with sss_cache doesn't work
                         if the sssd is not running

Sun Nov 11 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-9

- Resolves: rhbz#873988 - Man page issue to list 'force_timeout' as an
                          option for the [sssd] section

Sun Nov 11 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-8

- Resolves: rhbz#873032 - Move sss_cache to the main subpackage

Tue Nov 06 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-7

- Resolves: rhbz#873032 - Move sss_cache to the main subpackage
- Resolves: rhbz#829740 - Init script reports complete before sssd is actually
                          working
- Resolves: rhbz#869466 - SSSD starts multiple processes due to syntax error in
                          ldap_uri
- Resolves: rhbz#870505 - sss_cache: Multiple domains not handled properly
- Resolves: rhbz#867933 - invalidating the memcache with sss_cache doesn't work
                          if the sssd is not running
- Resolves: rhbz#872110 - User appears twice on looking up a nested group

Sun Nov 04 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-6

- Resolves: rhbz#871576 - sssd does not resolve group names from AD
- Resolves: rhbz#872324 - pam: fd leak when writing the selinux login file
                          in the pam responder
- Resolves: rhbz#871424 - authconfig chokes on sssd.conf with chpass_provider
                          directive

Fri Nov 02 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-5

- Do not send SIGKILL to service right after sending SIGTERM
- Resolves: #771975
- Fix the initial sudo smart refresh
- Resolves: #869013
- Implement password authentication for users from trusted domains
- Resolves: #869071
- LDAP child crashed with a wrong keytab
- Resolves: #869150
- The sssd_nss process grows the memory consumption over time
- Resolves: #869443

Mon Oct 15 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-4

- BuildRequire selinux-policy so that selinux login support is built in
- Resolves: #867932

Mon Oct 15 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-3

- Do not segfault if namingContexts contain no values or multiple values
- Resolves: rhbz#866542

Mon Oct 15 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-2

- Fix the "ca" translation of the sssd-simple manual page
- Related: rhbz#827606 - Rebase SSSD to 1.9 in 6.4

Sun Oct 14 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-1
```
- New upstream release 1.9.2
```
Sun Oct 07 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.1-1
```
- Rebase to 1.9.1
```
Wed Oct 03 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-3
```
- Require the latest libldb
```

Tue Sep 25 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-2

- Rebase to 1.9.0
- Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4

Mon Sep 24 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-1.rc1

- Rebase to 1.9.0 RC1
- Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4
- Bump the selinux-policy version number to pull in required fixes

Thu Aug 09 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.8.0-33

- Resolves: rhbz#840089 - Update the shadowLastChange attribute
                          with days since the Epoch, not seconds

Tue May 29 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-32

- Fix protocol break for services map
- Related:  rhbz#825028 - Service lookups by port number doesn't work on
                          s390x/ppc64 arches

Thu May 24 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-31

- Resolves: rhbz#825028 - Service lookups by port number doesn't work on
                          s390x/ppc64 arches

Thu May 24 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-30

- Resolves: rhbz#824616 - sssd_nss crashes when configured with
                          use_fully_qualified_names = true

Tue May 22 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-29

- Resolves: rhbz#824062 - sssd_be crashed with SIGSEGV in
                          _tevent_schedule_immediate()

Wed May 16 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-28

- Resolves: rhbz#822236 - SSSD netgroups do not honor
                          entry_cache_nowait_percentage

Fri May 11 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-27

- Resolves: rhbz#820759 - AVC denial seen on sssd upgrade during ipa-client
                          upgrade
- Resolves: rhbz#821044 - sss_groupadd no longer detects duplicate GID numbers

Thu May 10 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-26

- Resolves: rhbz#818642 - Auth fails for user with non-default attribute names
- Resolves: rhbz#819063 - sssd fails to provide partial data till paged search
                          returns "Size Limit Exceeded"
- Resolves: rhbz#820585 - Group enumeration fails in proxy provider

Mon Apr 30 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-25

- Resolves: rhbz#816616 - group members are now lowercased in case insensitive
                          domains

Wed Apr 25 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-24

- Resolves: rhbz#805431 - NFS files/folders are mapped to nobody user if NFS
                          top level directory is chowned by a SSSD user

Fri Apr 20 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-23

- Resolves: rhbz#805924 - SSSD should attempt to get the RootDSE after binding
- Resolves: rhbz#814237 - sdap_check_aliases must not error when detects the
                          same user
- Resolves: rhbz#812281 - autofs client: map name length used as key length
- Related:  rhbz#784870 - SSSD fails during autodetection of search bases for
                          new LDAP features
- Related:  rhbz#814269 - sssd-1.5.1-66.el6_2.3.x86_64 freezes

Mon Apr 09 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-22

- Fix typo in patch for SSH umask
- Related:  rhbz#808107 - Coverity revealed memory management defects

Mon Apr 09 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-21

- Resolves: rhbz#808458 - Authconfig crashes when sets krb realm
- Resolves: rhbz#808597 - sssd_nss crashes on request when no back end is
                          running
- Resolves: rhbz#808107 - Coverity revealed memory management defects

Fri Mar 30 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-20

- Related: rhbz#805452  - Unable to lookup user, group, netgroup aliases with
                          case_sensitive=false

Fri Mar 30 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-18

- Resolves: rhbz#804057 - Initial service lookups having name with uppercase
                          alphabets doesn't work
- Resolves: rhbz#804065 - Service lookup using case-sensitive protocol names
                          doesn't work when case_sensitive=false
- Resolves: rhbz#805281 - sssd: Uses the wrong key when there a multiple
                          realms in a single keytab
- Resolves: rhbz#805452 - Unable to lookup user, group, netgroup aliases with
                          case_sensitive=false
- Resolves: rhbz#805918 - Wrong resolv_status might cause crash when name
                          resolution times out
- Resolves: rhbz#805431 - NFS files/folders are mapped to nobody user if NFS
                          top level directory is chowned by a SSSD user

Fri Mar 16 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-17

- Related:  rhbz#802207 - getent netgroup hangs when
                          "use_fully_qualified_names = TRUE" in sssd
- Resolves: rhbz#801719 - "Error looking up public keys" while ssh to replica
                          using IP address
- Resolves: rhbz#803659 - Service lookup shows case sensitive names twice with
                          case_sensitive=false
- Resolves: rhbz#803842 - Unable to bind to LDAP server when minssf set
- Resolves: rhbz#805034 - accessing an undefined variable might cause crash
- Resolves: rhbz#805108 - sss_ssh_knownhostproxy infinite loop hangs SSH login

Mon Mar 12 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-15

- Update translations
- Resolves: rhbz#802372 - Pick up latest translation files for SSSD
- Resolves: rhbz#802207 - getent netgroup hangs when
                          "use_fully_qualified_names = TRUE" in sssd
- Related:  rhbz#801451 - Logging in with ssh pub key should consult
                          authentication authority policies

Fri Mar 09 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-12

- Resolves: rhbz#801407 - sssd_nss gets hung processing identical search
                          requests
- Resolves: rhbz#801451 - Logging in with ssh pub key should consult
                          authentication authority policies
- Resolves: rhbz#795562 - Infinite loop checking Kerberos credentials
- Resolves: rhbz#798317 - sssd crashes when ipa_hbac_support_srchost is set to
                          true
- Resolves: rhbz#799039 - --debug option for sss_debuglevel doesn't work
- Resolves: rhbz#799915 - Unable to lookup netgroups with case_sensitive=false
- Resolves: rhbz#799929 - Raise limits for max num of files sssd_nss/sssd_pam
                          can use
- Resolves: rhbz#799971 - sssd_be crashes on shutdown
- Resolves: rhbz#801533 - sssd_be crashes when resolving non-trivial nested
                          group structure
- Resolves: rhbz#801368 - Group lookups doesn't return members with proxy
                          provider configured
- Resolves: rhbz#801377 - getent returns non-existing netgroup name, when sssd
                          is configured as proxy provider

Thu Mar 01 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-11

- Do not auto-upgrade debug levels
- Tool still available for manual use
- Reverts:  rhbz#753763 - Provide logging configuration compatibility on
                          SSSD 1.5/1.6 upgrade
- Resolves: rhbz#798881 - Install-time warnings
- Resolves: rhbz#798774 - IPA provider should assume that ipa_domain is also
                          the dns_discovery_domain
- Resolves: rhbz#798655 - Password logins failing due to a process with high
                          UID

Wed Feb 29 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-10

- Fix explicit requires to use openldap instead of openldap-libs
- Related:  rhbz#797282 - sssd-1.5.1-66.el6.x86_64 needs
                          openldap >= openldap-2.4.23-20.el6.x86_64

Tue Feb 28 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-9

- Fix multilib-clean issue due to upgrade script
- Remove old copy from the spec file
- Related:  rhbz#753763 - Provide logging configuration compatibility on
                          SSSD 1.5/1.6 upgrade

Tue Feb 28 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-8

- Fix multilib-clean issue due to upgrade script
- Fix typo in the patch
- Related:  rhbz#753763 - Provide logging configuration compatibility on
                          SSSD 1.5/1.6 upgrade

Tue Feb 28 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-7

- Fix multilib-clean issue due to upgrade script
- Use a patch and install the script to python_sitelib
- Related:  rhbz#753763 - Provide logging configuration compatibility on
                          SSSD 1.5/1.6 upgrade

Tue Feb 28 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-6

- Fix multilib-clean issue due to upgrade script
- Related:  rhbz#753763 - Provide logging configuration compatibility on
                          SSSD 1.5/1.6 upgrade

Tue Feb 28 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-5

- Resolves: rhbz#753763 - Provide logging configuration compatibility on
                          SSSD 1.5/1.6 upgrade
- Resolves: rhbz#785871 - wrong build dependency on nscd
- Resolves: rhbz#785873 - IPA host search base cannot be set
- Resolves: rhbz#791208 - Entries lacking a POSIX username value break group
                          lookups
- Resolves: rhbz#796307 - Simple Paged Search control needs to be used more
                          sparingly
- Resolves: rhbz#797282 - sssd-1.5.1-66.el6.x86_64 needs
                          openldap >= openldap-2.4.23-20.el6.x86_64
- Resolves: rhbz#787035 - ipa - sssd slow response with thousands of user
                          entries
- Resolves: rhbz#742509 - [RFE] Add SSSD Tool to purge cache
- Resolves: rhbz#772297 - Fails to update if all nisNetgroupTriple or
                          memberNisNetgroup entries are deleted from a
                          netgroup
- Resolves: rhbz#783138 - Backend occasionally goes offline under heavy load
- Resolves: rhbz#797975 - sssd_be: The requested target is not configured is
                          logged at each login
- Resolves: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3

Wed Feb 15 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-4.beta3

- Resolves: rhbz#761570 - [RFE] support looking up autofs maps via SSSD
- Resolves: rhbz#788979 - sssd crashes during initgroups against a user
                          belonging to nested rfc2307bis group

Fri Feb 10 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-3.beta2

- Handle filtering python Provides in a safer way
- Related:  rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3

Tue Feb 07 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-2.beta2

- Related:  rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3
- Resolves: rhbz#786553 - sssd on ppc64 doesn't pull cyrus-sasl-gssapi.ppc as
                          a dependancy
- Resolves: rhbz#785909 - --debug-timestamps=1 is not passed to providers
- Resolves: rhbz#785908 - ldap_*_search_base doesn't fully limit the group and
                          netgroup search base correctly
- Resolves: rhbz#785907 - [RFE] Add support to request canonicalization on krb
                          AS requests
- Resolves: rhbz#785905 - [RFE] DEBUG timestamps should offer higher precision
- Resolves: rhbz#785904 - [RFE] SSSD should have --version option
- Resolves: rhbz#785902 - Errors with empty loginShell and proxy provider
- Resolves: rhbz#785898 - Enable midway cache refresh by default
- Resolves: rhbz#785888 - sssd returns empty netgroup at a second request for
                          a non-existing netgroup
- Resolves: rhbz#785884 - Honour TTL when resolving host names
- Resolves: rhbz#785883 - check DNS records before updates
- Resolves: rhbz#785881 - List the keytab to pick the princiapl to use instead
                          of guessing
- Resolves: rhbz#785880 - debug_level in sssd.conf overrides command-line
- Resolves: rhbz#785879 - sss_obfuscate/python config parser modifies config
                          file too much
- Resolves: rhbz#785877 - on reconnect we need to detect that a ipa/ds server
                          has been reinitialized
- Resolves: rhbz#785741 - sssd.api.conf and sssd.api.d should not be in /etc
- Resolves: rhbz#773660 - Kerberos errors should go to syslog
- Resolves: rhbz#772163 - Iterator loop reuse cases a tight loop in the native
                          IPA netgroups code
- Resolves: rhbz#771706 - sssd_be crashes during auth when there exists UTF
                          source host group in an hbacrule
- Resolves: rhbz#771702 - sssd_pam crashes during change password operation
                          against a IPA server
- Resolves: rhbz#771361 - case_sensitive function not working as intended for
                          ldap
- Resolves: rhbz#768935 - Crash when applying settings
- Resolves: rhbz#766941 - The full dyndns update message should be logged into
                          debug logs
- Resolves: rhbz#766930 - [RFE] Add a new option to override home directory
                          value
- Resolves: rhbz#766913 - [RFE] Add option to select validate and FAST keytab
                          principal name
- Resolves: rhbz#766907 - Use [...] for IPv6 addresses in kdc info files
- Resolves: rhbz#766904 - [RFE] Create a command line tool to change the debug
                          levels on the fly
- Resolves: rhbz#766876 - [RFE] Make HBAC srchost processing optional
- Resolves: rhbz#766141 - [RFE] SSSD should support FreeIPA's internal
                          netgroup representation
- Resolves: rhbz#761582 - [RFE] Add ldap_sasl_minssf option
- Resolves: rhbz#759186 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process
                          /usr/sbin/sssd was killed by signal 11 (SIGSEGV)
- Resolves: rhbz#755506 - [RFE] Add host-based (pam_host_attr) access control
- Resolves: rhbz#753876 - [RFE] Add support for the services map
- Resolves: rhbz#746181 - "getgrgid call returned more than one result" after
                          group name change in MSAD
- Resolves: rhbz#744197 - [RFE] close LDAP connection to the server when idle
                          for some (configurable) time
- Resolves: rhbz#742510 - [RFE] Separate Cache Timeouts for SSSD
- Related:  rhbz#742509 - [RFE] Add SSSD Tool to purge cache
- Resolves: rhbz#742052 - id -G group resolution takes extremely long
- Resolves: rhbz#739312 - [RFE] sssd does not set shadowLastChange
- Resolves: rhbz#736150 - [RFE] SSSD should support multiple search bases
- Resolves: rhbz#735827 - [RFE] Ability to set a domain as case sensitive or
                          insensitive
- Resolves: rhbz#735405 - [RFE] Option to disable warnings for unknown users
- Resolves: rhbz#728212 - [RFE] sssd does not handle when paging control
                          disabled for openldap
- Resolves: rhbz#726467 - SSSD takes 30+ seconds to login
- Resolves: rhbz#721289 - Process /usr/libexec/sssd/sssd_be was killed by
                          signal 11 during auth when password for the user is
                          not set

Tue Jan 17 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-68

- Resolves: rhbz#773655 - Race-condition bug in LDAP auth provider

Tue Nov 29 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-67

- Resolves: rhbz#753842 - sssd_nss crashes when passed invalid UTF-8 for the
                          username in getpwnam()
- Resolves: rhbz#758157 - LDAP failover not working if server refuses
                          connections

Mon Oct 31 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-66

- Related:  rhbz#750359 - Major cached entry performance regression

Mon Oct 31 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-65

- Resolves: rhbz#750359 - Major cached entry performance regression

Mon Oct 31 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-64

- Resolves: rhbz#749822 - SSSD may go into infinite loop during RFC2307bis
                          initgroups when groups appear in multiple nesting
                          levels

Wed Oct 26 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-63
```
- Resolves: rhbz#749256 - SELinux errors with SSSD Downgrade
```
Tue Oct 25 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-62
```
- Resolves: rhbz#748924 - RHEL6.1/sssd_pam segmentation fault
```

Tue Oct 25 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-61

- Resolves: rhbz#748412 - Memory leaks during the initgroups() operation

Tue Oct 18 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-60

- Related:  rhbz#743841 - SSSD can crash due to dbus server removing a UNIX
                          socket

Mon Oct 17 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-59

- Resolves: rhbz#742288 - RFC2307bis initgroups calls are slow
- Resolves: rhbz#746654 - SSSD backend gets killed on slow systems
- Related:  rhbz#743925 - HBAC processing is very slow when dealing with
                          FreeIPA deployments with large numbers of hosts
                          Fixes a crash introduced by the earlier patch.
- Related:  rhbz#733382 - SSSD should pick a user/group name when there are
                          multi-valued names
                          Fixes for internationalization

Fri Oct 14 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-58
```
- Related:  rhbz#742278 - Rework the example config
```

Fri Oct 14 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-57

- Resolves: rhbz#743925 - HBAC processing is very slow when dealing with
                          FreeIPA deployments with large numbers of hosts
- Resolves: rhbz#745966 - sssd_pam segfaults on sssd restart
- Related:  rhbz#743841 - SSSD can crash due to dbus server removing a UNIX
                          socket

Thu Oct 13 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-56

- Resolves: rhbz#742278 - Rework the example config
- Resolves: rhbz#746037 - Only access sssd_nss internal hash table if it was
                          initialized
- Resolves: rhbz#742526 - SSSD's man pages are missing information
- Resolves: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX
                          socket

Thu Oct 06 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-55

- Resolves: rhbz#738621 - Lookup fails for non-primary usernames with
                          multi-valued uid
- Resolves: rhbz#738629 - Group lookups doesn't return it's member for
                          sometime when the member has multi-valued uid
- Resolves: rhbz#742295 - Use an explicit base 10 when converting uidNumber
                          to integer
- Resolves: rhbz#733382 - SSSD should pick a user/group name when there are
                          multi-valued names

Fri Sep 30 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-53

- Resolves: rhbz#741751 - HBAC rule evaluation does not properly handle host
                          groups
- Resolves: rhbz#740501 - SSSD not functional after "self" reboot
- Resolves: rhbz#742539 - HBAC: Hostname comparisons should be
                          case-insensitive

Tue Sep 20 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-52

- Resolves: rhbz#728343 - SSSD taking 5 minutes to log in
- Resolves: rhbz#739850 - Coverity defects newly introduced in rhel 6.2

Mon Sep 12 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-51

- Resolves: rhbz#737157 - "System error" appears in log during change password
                          operation of a user in openldap server with ppolicy
                          enabled
- Resolves: rhbz#737172 - "Unknown (private extension) error(21853), (null)"
                          messages are logged during change password operation
                          of a user in openldap server with ppolicy enabled

Wed Sep 07 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-50

- Resolves: rhbz#736314 - sssd crashes during auth while there exists multiple
                          external hosts along with managed host
- Resolves: rhbz#732974 - [RFE] Have SSSD cache properly with
  krb5_validate = True and SElinux enabled

Mon Aug 29 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-49

- Resolves: rhbz#732010 - LDAP+GSSAPI needs explicit Kerberos realm
- Resolves: rhbz#733382 - SSSD should pick a user/group name when there are
                          multi-valued names
- Resolves: rhbz#733409 - Improve password policy error message
- Resolves: rhbz#733663 - Authentication fails when there exists an empty
                          hbacsvcgroup
- Resolves: rhbz#732935 - Add LDAP provider option to set
                          LDAP_OPT_X_SASL_NOCANON
- Resolves: rhbz#734101 - sssd blocks login of ipa-users

Wed Aug 24 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-48
```
- Related:  rhbz#728353 - Resolve RPMDiff errors in SSSD
```

Mon Aug 08 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-47

- Resolves: rhbz#728961 - Provide a mechanism for vetoing the use of certain
                          shells

Thu Aug 04 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-46

- Related:  rhbz#728267 - When non-posix groups are skipped, initgroups
                          returns random GID

Thu Aug 04 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-45

- Related:  rhbz#726466 - HBAC rule evaluation does not support extended
                          UTF-8 languages
- Related:  rhbz#718250 - Remove DENY rules from the HBAC access provider
- Fixes an issue on big endian platforms

Thu Aug 04 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-44

- Resolves: rhbz#700828 - Process /usr/libexec/sssd/sssd_be was killed by
                          signal 11 (SIGSEGV) when ldap_uri is misconfigured
- Resolves: rhbz#726438 - sssd doesn't honor ldap supportedControls 
- Resolves: rhbz#726466 - HBAC rule evaluation does not support extended
                          UTF-8 languages
- Resolves: rhbz#718250 - Remove DENY rules from the HBAC access provider
- Resolves: rhbz#728267 - When non-posix groups are skipped, initgroups
                          returns random GID
- Resolves: rhbz#726475 - sssd_pam leaks file descriptors
- Resolves: rhbz#725868 - Explicitly ignore groups with gidNumber = 0

Wed Jul 13 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-43

- Related:  rhbz#721052 - sssd does not handle kerberos server IP change
-                         Use ares_search instead of ares_query to honor
-                         search entries in /etc/resolv.conf

Wed Jul 13 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-42

- Resolves: rhbz#711416 - During the change password operation the ccache is
-                         not replaced by a new one if the old one isn't
-                         active anymore
- Resolves: rhbz#715609 - Certificate validation fails with message
-                         "Connection error: TLS: hostname does not match CN
-                         in peer certificate"
- Resolves: rhbz#719089 - IPA dynamic DNS update mangles AAAA records
- Resolves: rhbz#721052 - sssd does not handle kerberos server IP change
-                         Honor TTL values when resolving hostnames

Fri Jun 24 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-41

- Resolves: rhbz#713961 - libsss_ldap segfault at login against OpenLDAP
- Resolves: rhbz#713438 - sssd shuts down if inotify crashes

Thu Jun 02 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-40

- Resolves: rhbz#709081 - sssd.$arch should require sssd-client.$arch

Thu Jun 02 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-39

- Resolves: rhbz#709342 - Typo in negative cache notification for initgroups()
- Resolves: rhbz#708009 - "renew_all_tgts" and "renew_handlers" messages are
-                         being logged multiple times when the provider comes
-                         back online
- Resolves: rhbz#707997 - The IPA provider does not work with IPv6
- Resolves: rhbz#677327 - [RFE] Support overriding attribute value
- Resolves: rhbz#692090 - SSSD is not populating nested groups in
-                         Active Directory

Fri May 27 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-38

- Resolves: rhbz#707627 - Include valid "ldap_uri" formats in sssd-ldap man
-                         page

Wed May 25 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-37

- Resolves: rhbz#707513 - Unable to authenticate users when username
-                         contains "\0"

Tue May 24 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-36

- Resolves: rhbz#698723 - kpasswd fails when using sssd and
-                         kadmin server != kdc server

Tue May 24 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-35

- Resolves: rhbz#707282 - latest sssd fails if ldap_default_authtok_type is
-                         not mentioned
- Resolves: rhbz#692404 - rfc2307bis groups are being enumerated even when the
-                         gidNumber is out of the range of min_id,max_id.
- Resolves: rhbz#699530 - Users with a local group as their primary GID are
-                         denied access by the simple access provider
- Resolves: rhbz#700172 - RFE: SSSD should support paged LDAP lookups
- Resolves: rhbz#705434 - IPA provider fails initgroups() if user is not a
-                         member of any group
- Resolves: rhbz#703624 - SSSD's async resolver only tries the first
-                         nameserver in /etc/resolv.conf

Tue May 03 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-34

- Resolves: rhbz#701700 - sssd client libraries use select() but should use
-                         poll() instead

Mon May 02 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-33

- Related: rhbz#693818 - Automatic TGT renewal overwrites cached password
- Fix segfault in TGT renewal

Fri Apr 29 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-32

- Related: rhbz#693818 - Automatic TGT renewal overwrites cached password
- Fix typo causing build breakage

Fri Apr 29 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-31

- Resolves: rhbz#693818 - Automatic TGT renewal overwrites cached password

Fri Apr 15 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-30

- Resolves: rhbz#696972 - Filters not honoured against fully-qualified users

Thu Apr 14 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-29

- Resolves: rhbz#694146 - SSSD consumes GBs of RAM, possible memory leak

Tue Apr 12 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-28

- Related:  rhbz#691678 - SSSD needs to fall back to 'cn' for GECOS
-                         information

Tue Apr 12 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-27

- Related:  rhbz#694783 - SSSD crashes during getent when anonymous bind is
-                         disabled

Mon Apr 11 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-26

- Resolves: rhbz#694444 - Unable to resolve SRV record when called with
-                         _srv_,<fixed ldap uri> in ldap_uri
- Related:  rhbz#694783 - SSSD crashes during getent when anonymous bind is
-                         disabled

Fri Apr 08 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-25

- Resolves: rhbz#694783 - SSSD crashes during getent when anonymous bind is
-                         disabled

Fri Apr 01 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-24

- Resolves: rhbz#692472 - Process /usr/libexec/sssd/sssd_be was killed by
-                         signal 11 (SIGSEGV)
-                         Fix is to not attempt to resolve nameless servers

Wed Mar 30 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-23

- Resolves: rhbz#691678 - SSSD needs to fall back to 'cn' for GECOS
-                         information

Mon Mar 28 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-21

- Resolves: rhbz#690866 - Groups with a zero-length memberuid attribute can
-                         cause SSSD to stop caching and responding to
-                         requests

Fri Mar 25 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-20

- Resolves: rhbz#690131 - Traceback messages seen while interrupting
-                         sss_obfuscate using ctrl+d
- Resolves: rhbz#690421 - [abrt] sssd-1.2.1-28.el6_0.4: _talloc_free: Process
-                         /usr/libexec/sssd/sssd_be was killed by signal 11
-                         (SIGSEGV)

Mon Mar 21 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-17

- Related: rhbz#683885 - SSSD should skip over groups with multiple names

Mon Mar 21 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-16

- Resolves: rhbz#683158 - SSSD breaks on RDNs with a comma in them
- Resolves: rhbz#689886 - group memberships are not populated correctly during
-                         IPA provider initgroups
- Resolves: rhbz#683885 - SSSD should skip over groups with multiple names

Wed Mar 09 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-15

- Resolves: rhbz#683860 - Skip users and groups that have incomplete contents
- Resolves: rhbz#688491 - authconfig fails when access_provider is set as krb5
-                         in sssd.conf

Wed Mar 09 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-14

- Resolves: rhbz#683255 - sudo/ldap lookup via sssd gets stuck for 5min
-                         waiting on netgroup
- Resolves: rhbz#683431 - sssd consumes 100% CPU
- Related: rhbz#680440  - sssd does not handle kerberos server IP change

Tue Mar 08 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-13

- Related: rhbz#680440 - sssd does not handle kerberos server IP change
-   SSSD was staying with the old server if it was still online

Mon Mar 07 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-12

- Resolves: rhbz#682850 - IPA provider should use realm instead of ipa_domain
-                         for base DN

Mon Mar 07 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-11

- Resolves: rhbz#682340 - sssd-be segmentation fault - ipa-client on
-                         ipa-server
- Resolves: rhbz#680440 - sssd does not handle kerberos server IP change
- Resolves: rhbz#680442 - Dynamic DNS update fails if multiple servers are
-                         given in ipa_server config option
- Resolves: rhbz#680932 - Do not delete sysdb memberOf if there is no memberOf
-                         attribute on the server
- Resolves: rhbz#682807 - sssd_nss core dumps with certain lookups

Tue Feb 22 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-10

- Related: rhbz#678614 - SSSD needs to look at IPA's compat tree for netgroups
- Related: rhbz#679082 - SSSD IPA provider should honor the krb5_realm option

Tue Feb 22 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-9

- Resolves: rhbz#679082 - SSSD IPA provider should honor the krb5_realm option
- Resolves: rhbz#677318 - Does not read renewable ccache at startup

Mon Feb 21 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-8

- Resolves: rhbz#678593 - User information not updated on login for secondary
-                         domains
- Resolves: rhbz#678777 - IPA provider does not update removed group
-                         memberships on initgroups

Sat Feb 19 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-7

- Resolves: rhbz#677588 - sssd crashes at the next tgt renewals it tries
- Resolves: rhbz#678410 - name service caches names, so id command shows
-                         recently deleted users
- Resolves: rhbz#678614 - SSSD needs to look at IPA's compat tree for
-                         netgroups

Tue Feb 08 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-6

- Resolves: rhbz#670511 - SSSD and sftp-only jailed users with pubkey login
- Resolves: rhbz#675284 - "no matching rule" message logged on all successful
-                         requests
- Resolves: rhbz#676911 - SSSD attempts to use START_TLS over LDAPS for
-                         authentication

Thu Feb 03 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-5

- Resolves: rhbz#674164 - sss_obfuscate fails if there's no domain named
-                         "default"
- Resolves: rhbz#674515 - -p option always uses empty string to obfuscate
-                         password
- Resolves: rhbz#674141 - Traceback call messages displayed while
-                         "sss_obfuscate" command is executed as a non-root
-                         user

Tue Feb 01 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-4

- Resolves: rhbz#674172 - Group members are not sanitized in nested group
- processing
- Put translated tool manpages into the sssd-tools subpackage

Thu Jan 27 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-3

- Related:  rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1
- Also add the updated ding-libs to the BuildRequires

Thu Jan 27 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-2

- Related:  rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1
- Explicitly require updated ding-libs

Thu Jan 27 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-1

- Resolves: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1
- New upstream release 1.5.1
- Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins
- Vast performance improvements when enumerate = true
- All PAM actions will now perform a forced initgroups lookup instead of just
- a user information lookup
-   This guarantees that all group information is available to other
-   providers, such as the simple provider.
- For backwards-compatibility, DNS lookups will also fall back to trying the
- SSSD domain name as a DNS discovery domain.
- Support for more password expiration policies in LDAP
-    389 Directory Server
-    FreeIPA
-    ActiveDirectory
- Support for ldap_tls_{cert,key,cipher_suite} config options
- Assorted bugfixes

Thu Jan 13 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.0-2

- Add noverify to sssd.conf
- Resolves: rhbz#627165 - TPS VerifyTest failure

Thu Dec 23 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.5.0-1

- Related: rhbz#644072 - Rebase SSSD to 1.5
- New upstream release 1.5.0
- Fixed issues with LDAP search filters that needed to be escaped
- Add Kerberos FAST support on platforms that support it
- Reduced verbosity of PAM_TEXT_INFO messages for cached credentials
- Added a Kerberos access provider to honor .k5login
- Addressed several thread-safety issues in the sss_client code
- Improved support for delayed online Kerberos auth
- Significantly reduced time between connecting to the network/VPN and
- acquiring a TGT
- Added feature for automatic Kerberos ticket renewal
- Provides the kerberos ticket for long-lived processes or cron jobs
- even when the user logs out
- Added several new features to the LDAP access provider
- Support for 'shadow' access control
- Support for authorizedService access control
- Ability to mix-and-match LDAP access control features
- Added an option for a separate password-change LDAP server for those
- platforms where LDAP referrals are not supported
- Added support for manpage translations

Tue Dec 07 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-28.4

- Resolves: rhbz#660592 - SSSD shutdown sometimes hangs
- Resolves: rhbz#660585 - getent passwd <username>' returns nothing if its
-                         uidNumber gt 2147483647

Thu Dec 02 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-36
```
- Resolves: rhbz#659401 - SSSD shutdown sometimes hangs
```

Thu Dec 02 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-35

- Resolves: rhbz#645449 - 'getent passwd <username>' returns nothing if its
-                         uidNumber gt 2147483647

Tue Nov 30 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-28.3
```
- Resolves: rhbz#658374 - sssd stops on upgrade
```
Wed Nov 24 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-34
```
- Resolves: rhbz#658158 - sssd stops on upgrade
```

Wed Nov 03 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-28.2

- Resolves: rhbz#649312 - SSSD will sometimes lose groups from the cache

Wed Nov 03 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-33

- Resolves: rhbz#649286 - SSSD will sometimes lose groups from the cache

Mon Oct 11 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-28.1

- Resolves: rhbz#637070 - the krb5 locator plugin isn't packaged for multilib
- Resolves: rhbz#642412 - SSSD initgroups does not behave as expected

Mon Oct 11 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-32

- Resolves: rhbz#633406 - the krb5 locator plugin isn't packaged for multilib
- Resolves: rhbz#633487 - SSSD initgroups does not behave as expected

Thu Sep 23 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-29

- Resolves: rhbz#633406 - the krb5 locator plugin isn't packaged for multilib

Fri Sep 03 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-28
```
- Resolves: rhbz#629949 - sssd stops on upgrade
```

Wed Aug 18 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-27

- Resolves: rhbz#625122 - GNOME Lock Screen unocks without a password

Wed Aug 04 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-26
```
- Resolves: rhbz#621307 - Password changes are broken on LDAP
```

Fri Jul 30 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-23

- Resolves: rhbz#617623 - SSSD suffers from serious performance issues on
-                         initgroups calls

Fri Jul 23 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-21

- Resolves: rhbz#607233 - SSSD users cannot log in through GDM
-                       - Real issue was that long-running services
-                       - do not reconnect if sssd is restarted

Fri Jul 09 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-20

- Resolves: rhbz#591715 - sssd should emit warnings if there are problems with
-                         /etc/krb5.keytab file

Mon Jun 28 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-19

- Resolves: rhbz#606836 - libcollection needs an soname bump before RHEL 6
-                         final
- Resolves: rhbz#608661 - SASL with OpenLDAP server fails
- Resolves: rhbz#608688 - SSSD doesn't properly request RootDSE attributes

Fri Jun 18 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-15

- New upstream bugfix release 1.2.1
- Resolves: rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity
-                         bugs.
- Resolves: rhbz#603041 - Remove unnecessary option krb5_changepw_principal
- Resolves: rhbz#604704 - authconfig should provide error with no trace back
-                         if disabling sssd when sssd is not enabled
- Resolves: rhbz#591873 - Connecting to the network after an offline kerberos
-                         auth logs continuous error messages to sssd_ldap.log
- Resolves: rhbz#596295 - Authentication fails for user from the second domain
-                         when the same user name is filtered out from the
-                         first domain
- Related:  rhbz#598559 - Update translation files for SSSD before RHEL 6
-                         final

Thu Jun 10 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.0-14

- Resolves: rhbz#593696 - Empty list of simple_allow_users causes sssd service
-                         to fail while restart
- Resolves: rhbz#600352 - Wrapping the value for "ldap_access_filter" in
-                         parentheses causes ldap_search_ext to fail
- Resolves: rhbz#600468 - Segfault in krb5_child
- Related:  rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity
-                         bugs.

Wed Jun 02 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.0-13

- Resolves: rhbz#598670 - Ccache file of a user is removed too early
- Resolves: rhbz#599057 - Incomplete comparison of a service name in
-                         IPA access provider
- Resolves: rhbz#598496 - Failure with IPA access provider
- Resolves: rhbz#599027 - Makefile typo causes SSSD not to use the
-                         kernel keyring

Mon May 24 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.0-12

- New stable upstream version 1.2.0
- Support ServiceGroups for FreeIPA v2 HBAC rules
- Fix long-standing issue with auth_provider = proxy
- Better logging for TLS issues in LDAP
- Resolves: rhbz#584001 - Rebase sssd to 1.2
- Resolves: rhbz#584017 - Unconfiguring sssd leaves KDC locator file
- Resolves: rhbz#587384 - authconfig fails if krb5_kpasswd in sssd.conf
- Resolves: rhbz#587743 - Need to replicate pam_ldap's pam_filter in sssd.conf
- Resolves: rhbz#590134 - sssd: auth_provider = proxy regression
- Resolves: rhbz#591131 - Kerberos provider needs to rewrite kdcinfo file when
-                         going online
- Resolves: rhbz#591136 - Change SSSD ipa BE to handle new structure of the
-                         HBAC rule

Wed May 19 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.92-11.1
```
- Improve DEBUG logs for STARTTLS failures
```

Tue May 18 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.92-11

- New LDAP access provider allows for filtering user access by LDAP attribute
- Reduced default timeout for detecting offline status with LDAP
- GSSAPI ticket lifetime made configurable
- Better offline->online transition support in Kerberos

Fri May 07 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.91-10

- Release new upstream version 1.1.91
- Enhancements when using SSSD with FreeIPA v2
- Support for deferred kinit
- Support for DNS SRV records for failover

Fri Apr 02 2010 Simo Sorce <ssorce@redhat.com> - 1.1.1-3

- Bump up release number to avoid library sub-packages version issues with
  previous releases.

Thu Apr 01 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.1-1

- New upstream release 1.1.1
- Fixed the IPA provider (which was segfaulting at start)
- Fixed a bug in the SSSDConfig API causing some options to revert to
- their defaults
- This impacted the Authconfig UI
- Ensure that SASL binds to LDAP auto-retry when interrupted by a signal

Mon Mar 22 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.0-2

- Release SSSD 1.1.0 final
- Fix two potential segfaults
- Fix memory leak in monitor
- Better error message for unusable confdb

Wed Mar 17 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.0-1.pre20100317git0ea7f19

- Release candidate for SSSD 1.1
- Add simple access provider
- Create subpackages for libcollection, libini_config, libdhash and librefarray
- Support IPv6
- Support LDAP referrals
- Fix cache issues
- Better feedback from PAM when offline

Wed Feb 24 2010 Stephen Gallagehr <sgallagh@redhat.com> - 1.0.5-2
```
- Rebuild against new libtevent
```
Fri Feb 19 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.5-1
```
- Fix licenses in sources and on RPMs
```
Mon Jan 25 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.4-1
```
- Fix regression on 64-bit platforms
```

Fri Jan 22 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.3-1

- Fixes link error on platforms that do not do implicit linking
- Fixes double-free segfault in PAM
- Fixes double-free error in async resolver
- Fixes support for TCP-based DNS lookups in async resolver
- Fixes memory alignment issues on ARM processors
- Manpage fixes

Thu Jan 14 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.2-1

- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online
- Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests
- Several segfault bugfixes

Mon Jan 11 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.1-1
```
- Fix CVE-2010-0014
```

Mon Dec 21 2009 Stephen Gallagher <sgallagh@redhat.com> - 1.0.0-2

- Patch SSSDConfig API to address
- https://bugzilla.redhat.com/show_bug.cgi?id=549482

Fri Dec 18 2009 Stephen Gallagher <sgallagh@redhat.com> - 1.0.0-1
```
- New upstream stable release 1.0.0
```
Fri Dec 11 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.99.1-1
```
- New upstream bugfix release 0.99.1
```
Mon Nov 30 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.99.0-1
```
- New upstream release 0.99.0
```

Tue Oct 27 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.7.1-1

- Fix segfault in sssd_pam when cache_credentials was enabled
- Update the sample configuration
- Fix upgrade issues caused by data provider service removal

Mon Oct 26 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.7.0-2
```
- Fix upgrade issues from old (pre-0.5.0) releases of SSSD
```
Fri Oct 23 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.7.0-1
```
- New upstream release 0.7.0
```
Thu Oct 15 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.6.1-2
```
- Fix missing file permissions for sssd-clients
```

Tue Oct 13 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.6.1-1

- Add SSSDConfig API
- Update polish translation for 0.6.0
- Fix long timeout on ldap operation
- Make dp requests more robust

Tue Sep 29 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.6.0-1

- Ensure that the configuration upgrade script always writes the config
  file with 0600 permissions
- Eliminate an infinite loop in group enumerations

Mon Sep 28 2009 Sumit Bose <sbose@redhat.com> - 0.6.0-0
```
- New upstream release 0.6.0
```
Mon Aug 24 2009 Simo Sorce <ssorce@redhat.com> - 0.5.0-0
```
- New upstream release 0.5.0
```

Wed Jul 29 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.4.1-4

- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in
  without a password. (Patch by Stephen Gallagher)

Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4.1-3
```
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
```
Mon Jun 22 2009 Simo Sorce <ssorce@redhat.com> - 0.4.1-2
```
- Fix a couple of segfaults that may happen on reload
```

Thu Jun 11 2009 Simo Sorce <ssorce@redhat.com> - 0.4.1-1

- add missing configure check that broke stopping the daemon
- also fix default config to add a missing required option

Mon Jun 08 2009 Simo Sorce <ssorce@redhat.com> - 0.4.1-0

- latest upstream release.
- also add a patch that fixes debugging output (potential segfault)

Mon Apr 20 2009 Simo Sorce <ssorce@redhat.com> - 0.3.2-2
```
- release out of the official 0.3.2 tarball
```

Mon Apr 20 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.3.2-1

- bugfix release 0.3.2
- includes previous release patches
- change permissions of the /etc/sssd/sssd.conf to 0600

Tue Apr 14 2009 Simo Sorce <ssorce@redhat.com> - 0.3.1-2

- Add last minute bug fixes, found in testing the package

Mon Apr 13 2009 Simo Sorce <ssorce@redhat.com> - 0.3.1-1
```
- Version 0.3.1
- includes previous release patches
```

Mon Apr 13 2009 Simo Sorce <ssorce@redhat.com> - 0.3.0-2

- Try to fix build adding automake as an explicit BuildRequire
- Add also a couple of last minute patches from upstream

Mon Apr 13 2009 Simo Sorce <ssorce@redhat.com> - 0.3.0-1

- Version 0.3.0
- Provides file based configuration and lots of improvements

Tue Mar 10 2009 Simo Sorce <ssorce@redhat.com> - 0.2.1-1
```
- Version 0.2.1
```
Tue Mar 10 2009 Simo Sorce <ssorce@redhat.com> - 0.2.0-1
```
- Version 0.2.0
```
Sun Mar 08 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.1.0-5.20090309git691c9b3
```
- package git snapshot
```
Fri Mar 06 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.1.0-4
```
- fixed items found during review
- added initscript
```
Thu Mar 05 2009 Sumit Bose <sbose@redhat.com> - 0.1.0-3
```
- added sss_client
```
Mon Feb 23 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.1.0-2
```
- Small cleanup and fixes in the spec file
```
Thu Feb 12 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.1.0-1
```
- Initial release (based on version 0.1.0 upstream code)
```