[ol8_baseos_latest] libsss_autofs-2.5.2-2.0.1.el8_5.3.x86_64

Name:	libsss_autofs
Version:	2.5.2
Release:	2.0.1.el8_5.3
Architecture:	x86_64
Group:	Development/Libraries
Size:	63870
License:	LGPLv3+
RPM:	libsss_autofs-2.5.2-2.0.1.el8_5.3.x86_64.rpm
Source RPM:	sssd-2.5.2-2.0.1.el8_5.3.src.rpm
Build Date:	Tue Dec 21 2021
Build Host:	build-ol8-x86_64.oracle.com
Vendor:	Oracle America
URL:	https://github.com/SSSD/sssd
Summary:	A library to allow communication between Autofs and SSSD
Description:	A utility library to allow communication between Autofs and SSSD

Changelog (Show File list) (Show related packages)

Tue Dec 21 2021 EL Errata <el-errata_ww@oracle.com> - 2.5.2-2.0.1

- Restore default debug level for sss_cache [Orabug: 32810448]
- Restore default debug level for shadow-utils tools [Orabug: 32810448]
- Revert Redhat's change of disallowing duplicated incomplete gid
  when "id_provider=ldap" is used, which caused regression in AD
  environment. [Orabug: 29286774] [Doc ID 2605732.1]

Tue Dec 07 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.5.2-2.3

- Resolves: rhbz#2028828 - pam responder does not call initgroups to refresh the user entry [rhel-8.5.0.z]

Mon Nov 29 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.5.2-2.2

- Resolves: rhbz#2018440 - 2.5.x based SSSD adds more AD domains than it should based on the configuration file (not trusted and from a different forest) [rhel-8.5.0.z]
- Resolves: rhbz#2016923 - autofs lookups for unknown mounts are delayed for 50s [rhel-8.5.0.z]
- Resolves: rhbz#2021499 - Make backtrace less "chatty" (avoid duplicate backtraces) [rhel-8.5.0.z]
- Resolves: rhbz#2013379 - Lookup with fully-qualified name does not work with 'cache_first = True' [rhel-8.5.0.z]

Mon Oct 18 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.5.2-2.1

- Resolves: rhbz#2014460 - tps tests fail with cross dependency on sssd debuginfo package: removal of 'sssd-libwbclient-debuginfo' is missing [rhel-8.5.0.z]

Mon Aug 02 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.5.2-2

- Resolves: rhbz#1975169 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-8]
- Resolves: rhbz#1962042 - [sssd] RHEL 8.5 Tier 0 Localization

Mon Jul 12 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.5.2-1

- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5
- Resolves: rhbz#1693379 - sssd_be and sss_cache too heavy on CPU
- Resolves: rhbz#1909373 - Missing search index for `originalADgidNumber`
- Resolves: rhbz#1954630 - [RFE] Improve debug messages by adding a unique tag for each request the backend is handling
- Resolves: rhbz#1936891 - SSSD Error Msg Improvement: Bad address
- Resolves: rhbz#1364596 - sssd still showing ipa user after removed from last group
- Resolves: rhbz#1979404 - Changes made to /etc/pam.d/sssd-shadowutils are overwritten back to default on sssd-common package upgrade

Mon Jun 21 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.5.1-2

- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken
- Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument
- Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm (additional patches and rebuild)

Tue Jun 08 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.5.1-1

- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5
- Resolves: rhbz#1942387 - Wrong default debug level of sssd tools
- Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory
- Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file
- Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout
- Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests
- Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust
- Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection
- Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found
- Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group
- Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable
- Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory.
- Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf

Mon May 10 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.5.0-1

- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5
- Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11
- Resolves: rhbz#1942387 - Wrong default debug level of sssd tools
- Resolves: rhbz#1945888 - Inconsistant debug level for connection logging
- Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets
- Resolves: rhbz#1949149 - [RFE] Poor man's backtrace
- Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR
- Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail.
- Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs
- Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path
- Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm
- Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries
- Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection
- Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries
- Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries
- Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains.
- Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable
- Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used
- Resolves: rhbz#1703436 - sssd not thread-safe in innetgr()
- Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen
- Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page
- Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page
- Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp
- Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3)
- Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7
- Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login
- Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive

Fri Feb 12 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.4.0-8

- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss
- Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0.
- Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)