Last modified 4 years ago Last modified on 01/29/13 16:41:45


  • A security bug assigned CVE-2013-0219 was fixed - TOCTOU race conditions when creating or removing home directories for users in local domain
  • A security bug assigned CVE-2013-0220 was fixed - out-of-bounds reads in autofs and ssh responder
  • Handle servers that return an empty string as the value of namingContext, in particular Novell eDirectory
  • The netgroup midpoint cache refresh works as documented in the manual page
  • The sssd_pam responder processes pending requests after reconnect

Tickets Fixed

Detailed Changelog

Jakub Hrozek (9):

  • Updating the version for the 1.8.6 release
  • Initialize Kerberos ticket renewal in the IPA provider
  • LDAP: Check validity of naming_context
  • Free the internal DP request
  • Do not always return PAM_SYSTEM_ERR when offline krb5 authentication fails
  • NSS: Fix netgroup midpoint cache refresh
  • TOOLS: Use openat/unlinkat when removing the homedir
  • TOOLS: Compile on old platforms such as RHEL5
  • Include the auth_utils.h header in the distribution

Jan Cholasta (1):

  • Check that strings do not go beyond the end of the packet body in autofs and SSH requests.

Ondrej Kos (2):

  • Restart services with a delay in case they are restarted too often
  • TOOLS: Use file descriptor to avoid races when creating a home directory

Pavel Březina (1):

  • nested groups: fix group lookup hangs if member dn is incorrect

Simo Sorce (2):

  • responder_dp: Add timeout to side requets
  • sssd_pam: Cleanup requests cache on sbus reconect

Stephen Gallagher (1):

  • LDAP: Handle empty namingContexts values safely

Timo Aaltonen (1):

  • link sss_ssh_authorizedkeys and sss_ssh_knownhostsproxy with -lpthread