Trim changelog by smart grammatical reordering

OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=149

sssd.changes

@@ -2,62 +2,40 @@
 Sun Jun 14 17:44:20 UTC 2015 - michael@stroeder.com
 
 - Update to new upstream release 1.12.5
-
+* The background refresh tasks now supports refreshing users and
-== Highlights ==
+  groups as well. See the "refresh_expired_interval" parameter in
- * This release adds several new enhancements and fixes many bugs
+  the sssd.conf manpage.
- * Notable new enhancements:
+* A new option subdomain_inherit was added.
-    * The background refresh tasks now supports refreshing users and groups
+* When an expired account attempts to log in, a configurable
-      as well. Please see the description of the `refresh_expired_interval`
+  error message can be displayed with sufficient pam_verbosity
-      parameter in the `sssd.conf` man page.
+  setting. See the "pam_account_expired_message" option.
-    * A new option subdomain_inherit was added. Options included in
+* OpenLDAP ppolicy can be honored even when an alternate login
-      the subdomain_inherit option also apply for trusted domains, if
+  method (such as SSH key) is used. See the "ldap_access_order"
-      supported. This release supports inheriting ignore_group_members,
+  option.
-      ldap_purge_cache_timeout, ldap_use_tokengroups and
+* A new option :krb5_map_user" was added, allowing the admin to
-      ldap_user_principal.
+  map UNIX usernames to Kerberos principals.
-    * When an expired account attempts to log in, a configurable error
+* BUG FIXES:
-      message can be displayed with sufficient pam_verbosity setting. Please
+* Fixed AD-specific bugs that resulted in the incorrect set of
-      see the description of the pam_account_expired_message option for
+  groups being displayed after the initgroups operation.
-      more information.
+* Fixes related to the IPA ID views feature. Setups using this
-    * OpenLDAP ppolicy can be honored even when an alternate login method
+  should update sssd on both IPA servers and clients.
-      (such as SSH key) is used. Please see the description of the new
+* The AD provider now handles binary GUIDs correctly.
-      ppolicy value of the ldap_access_order option.
+* A bug that prevented the `ignore_group_members` parameter to be
-    * A new option krb5_map_user was added. This option allows the admin
+  used with the AD provider was fixed.
-      to map UNIX usernames to Kerberos principals. The option would be
+* The failover code now reads and honors TTL value for SRV
-      mostly useful for setups that wish to continue using UNIX file-based
+  queries as well.
-      identities together with SSSD Kerberos authentication
+* Race condition between setting the timeout in the back ends and
- * The important bug fixes include:
+  reading it in the front end during initgroup operation was
-    * Several AD-specific bugs that resulted in the incorrect set of groups
+  fixed. This bug affected applications that perform the
-      being displayed after the initgroups operation were fixed
+  initgroups(3) operation in multiple processes simultaneously.
-    * Many fixes related to the IPA ID views feature are included. Setups
+* Setups that only want to use the domain SSSD is connected to,
-      using the ID views feature should update the SSSD instance on both
+  but not the autodiscovered trusted domains by setting
-      IPA servers and clients.
+  `subdomains_provider=none` now work correctly as long as the
-    * The AD provider now handles binary GUIDs correctly. This bug was
+  domain SID is set manually in the config file.
-      manifested with an error message saying ldb_modify failed: Invalid
+* In case only "allow" rules are used, the simple access provider
-      attribute syntax.
+  is now able to skip unresolvable groups.
-    * The AD provider no longer downloads full group objects during
+* The GPO access control code now handles situations where user
-      initgroups request if POSIX attributes are used. This fix may speed
+  and computer objects were in different domains.
-      up the login times significantly.
-    * A bug that prevented the `ignore_group_members` parameter to be used
-      with the AD provider was fixed
-    * The fail over code now reads and honors TTL value for SRV queries
-      as well. Previously, SRV queries used a hardcoded timeout
-    * The SELinux context set up during login with an IPA provider is only
-      called if the context had changed. This fixes a performance regression
-      with the IPA provider.
-    * Race condition between setting the timeout in the back ends and
-      reading it in the front end during initgroup operation was fixed. This
-      bug affected applications that perform the `initgroups(3)` operation
-      in multiple processes simultaneously.
-    * Setups that only want to use the domain SSSD is connected to, but not
-      the autodiscovered trusted domains by setting `subdomains_provider=none`
-      now work correctly as long as the domain SID is set manually in the
-      config file
-    * In case only allow rules are used, the simple access provider is
-      now able to skip unresolvable groups.
-    * The GPO access control code now handles situations where user and
-      computer objects were in different domains. Previously, an attempt to
-      log in as user from a different domain than computer always resulted
-      in login failure.
 
 -------------------------------------------------------------------
 Thu Feb 19 10:51:22 UTC 2015 - hguo@suse.com

sssd.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package sssd
 #
-# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed