What's Changed
- removing netgroup intg test by @danlavu in #8356
- Update version in version.m4 to track the next release by @pbrezina in #8359
- Tests: Handle SELinux in proxy provider tests by @aborah-sudo in #8348
- SPEC: since Fedora 44 Samba provides dedicated 'samba-ndr-libs' package by @alexey-tikhonov in #8372
- SBUS: increase SBUS_MESSAGE_TIMEOUT to 5 mins by @alexey-tikhonov in #8367
- tests: python black 26.1.0 style changes by @justin-stephenson in #8379
- Add GDM Smartcard tests by @spoore1 in #8216
- Makefile cleanup by @alexey-tikhonov in #8354
- FreeBSD CI: Switch to 15.0-RELEASE and enable testing by @arrowd in #8306
- scripts: fetch branch before checkout in release script by @pbrezina in #8394
- Add OAuth2 prompting config by @eisenmann-b1 in #8251
- krb5_child: fix enterprise principal parsing in keep-alive sessions by @ikerexxe in #8351
- Config rules: allow 'ldap_subuid_*' attrs by @alexey-tikhonov in #8403
- krb5: check for PIN locked in error message by @sumit-bose in #8398
- RESPONDER: fix
responder_set_fd_limit()by @alexey-tikhonov in #8371 - platform.m4: Fix case when we have to source /etc/os-release by @arrowd in #8397
- PO: remove stray from translation by @alexey-tikhonov in #8413
- Fix libini_config related includes. by @alexey-tikhonov in #8409
- Refactor sdap_cli_connect by @pbrezina in #8282
- Test: Update misc ipa tests to work correctly on stig by @jakub-vavra-cz in #8421
- CHILD HELPERS: use less severe debug level by @alexey-tikhonov in #8416
- man: add details about 'an2ln' by @sumit-bose in #8396
- updating subid test case to test provider_ldap config by @danlavu in #8400
- sdap: do not require GID for non-POSIX group by @sumit-bose in #8442
- Bunch of assorted perf improvements of hot path functions by @alexey-tikhonov in #8447
- tests: reorganize infopipe tests by interface by @aborah-sudo in #8451
- systemd: relaunch sssd after unclean exit by @Squiddim in #8407
- ci: Skip GPG checks when installing sssd build by @justin-stephenson in #8465
- Fix compilation errors by @alexey-tikhonov in #8469
- sdap: eliminate O(N^2) loop in
sdap_add_incomplete_groups()by @alexey-tikhonov in #8454 - tests: Fix test_sudo__case_sensitive_false: use /bin/ls and /bin/cat instead of less/more by @madhuriupadhye in #8449
- FreeBSD CI: Pass correct paths to adcli and realm programs by @arrowd in #8472
- sdap_select_principal_from_keytab_sync: waitpid() synchronously by @arrowd in #8473
- get_client_cred: Pass correct option level value on FreeBSD by @arrowd in #8471
- LDAP: free tmp var within the loop by @alexey-tikhonov in #8484
- adding sss_ssh_knownhosts test case by @danlavu in #8448
- ci: load kernel module for passkey testing with vfido by @ikerexxe in #8489
- src/sss_client/common.c: Use getpwnam_r to avoid clobbering struct passwd by @salahcoronya in #8487
- ci: bump actions/upload-artifact from 6 to 7 by @dependabot[bot] in #8486
- memberOf plugin :: mbof_add_operation() optimizations by @alexey-tikhonov in #8464
- Add support for Plasma Login Manager as a supported PAM service by @Conan-Kudo in #8506
- updated kcm flaky test by @danlavu in #8508
- Use macro rather than shell expansion for string processing in spec file by @nforro in #8511
- Generalize combined user and group lookup by @sumit-bose in #8127
- Tests: Fix ipa multihost test_authentication_indicators by @aborah-sudo in #8525
- KRB5: fix mem leak in
authenticate_stored_users()by @alexey-tikhonov in #8517 - SDAP: reduce logger load in the hot paths by @alexey-tikhonov in #8540
- KRB5: log level adjusted by @alexey-tikhonov in #8548
- Test: combine gdm tests into one file by @spoore1 in #8543
- Honor ldap filters by @ondrejv2 in #8534
- krb5: improve reporting failure on reading keytab by @257 in #8530
- Improve the performance when using enumeration by @aplopez in #8395
- memberOf plugin: avoid
ldb_dn_compare()inmbof_append_addop()by @alexey-tikhonov in #8546 - memberOf plugin:
mbof_append_muop()optimization by @alexey-tikhonov in #8551 - Tests: Add integration tests validating SSSD socket by @aborah-sudo in #8481
- parameterize entra_idp url by @ezrizhu in #8491
- ci: bump crazy-max/ghaction-import-gpg from 6.3.0 to 7.0.0 by @dependabot[bot] in #8572
- Tests: Clean sweep in logging suite by @jakub-vavra-cz in #8512
- rewriting memcache tests by @danlavu in #8485
- Fix spelling in AD provider code comments by @striker314 in #8565
- Fix contents of release tarball by @pbrezina in #8582
- KCM: fix use-after-free in
kcm_read_options()by @alexey-tikhonov in #8592 - krb5: make sure keytab is a FILE before checking for access by @257 in #8556
- idp: do not update cache timeout if member is added by @sumit-bose in #8545
- Automatically generate release notes when creating new release by @pbrezina in #8568
- More trivial spelling/grammatical fixes by @striker314 in #8591
- Refresh OAuth2 tokens automatically by @eisenmann-b1 in #8355
- Add missing include by @alexey-tikhonov in #8602
- tests: port LDAP+Kerberos tests to pytest by @madhuriupadhye in #8544
- pam: apply SIDs from PAC to authentication indicators by @sumit-bose in #8571
- pam: fix out-of-bounds read in pam_passkey_child_read_data by @xuraoqing in #8622
- removing unstable topologies from memecache tests by @danlavu in #8624
- oidc_child: add new option return-tokens by @sumit-bose in #8617
- dp_target_id.c: Fix typo "lenght" -> "length" by @arrowd in #8621
- pam: gate PAC indicator code on BUILD_SAMBA by @padelsbach in #8620
- PAM/PASSKEY: avoid unnecessary memcpy by @alexey-tikhonov in #8630
- Translations update from Fedora Weblate by @weblate in #8361
New Contributors
- @eisenmann-b1 made their first contribution in #8251
- @Squiddim made their first contribution in #8407
- @salahcoronya made their first contribution in #8487
- @Conan-Kudo made their first contribution in #8506
- @nforro made their first contribution in #8511
- @ondrejv2 made their first contribution in #8534
- @257 made their first contribution in #8530
- @aplopez made their first contribution in #8395
- @ezrizhu made their first contribution in #8491
- @striker314 made their first contribution in #8565
- @xuraoqing made their first contribution in #8622
- @padelsbach made their first contribution in #8620
Full Changelog: 2.12.0...2.13.0