Trim changelog by smart grammatical reordering

OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=149

sssd.changes

@@ -2,62 +2,40 @@
 Sun Jun 14 17:44:20 UTC 2015 - michael@stroeder.com
 
 - Update to new upstream release 1.12.5
-
-== Highlights ==
- * This release adds several new enhancements and fixes many bugs
- * Notable new enhancements:
-    * The background refresh tasks now supports refreshing users and groups
-      as well. Please see the description of the `refresh_expired_interval`
-      parameter in the `sssd.conf` man page.
-    * A new option subdomain_inherit was added. Options included in
-      the subdomain_inherit option also apply for trusted domains, if
-      supported. This release supports inheriting ignore_group_members,
-      ldap_purge_cache_timeout, ldap_use_tokengroups and
-      ldap_user_principal.
-    * When an expired account attempts to log in, a configurable error
-      message can be displayed with sufficient pam_verbosity setting. Please
-      see the description of the pam_account_expired_message option for
-      more information.
-    * OpenLDAP ppolicy can be honored even when an alternate login method
-      (such as SSH key) is used. Please see the description of the new
-      ppolicy value of the ldap_access_order option.
-    * A new option krb5_map_user was added. This option allows the admin
-      to map UNIX usernames to Kerberos principals. The option would be
-      mostly useful for setups that wish to continue using UNIX file-based
-      identities together with SSSD Kerberos authentication
- * The important bug fixes include:
-    * Several AD-specific bugs that resulted in the incorrect set of groups
-      being displayed after the initgroups operation were fixed
-    * Many fixes related to the IPA ID views feature are included. Setups
-      using the ID views feature should update the SSSD instance on both
-      IPA servers and clients.
-    * The AD provider now handles binary GUIDs correctly. This bug was
-      manifested with an error message saying ldb_modify failed: Invalid
-      attribute syntax.
-    * The AD provider no longer downloads full group objects during
-      initgroups request if POSIX attributes are used. This fix may speed
-      up the login times significantly.
-    * A bug that prevented the `ignore_group_members` parameter to be used
-      with the AD provider was fixed
-    * The fail over code now reads and honors TTL value for SRV queries
-      as well. Previously, SRV queries used a hardcoded timeout
-    * The SELinux context set up during login with an IPA provider is only
-      called if the context had changed. This fixes a performance regression
-      with the IPA provider.
-    * Race condition between setting the timeout in the back ends and
-      reading it in the front end during initgroup operation was fixed. This
-      bug affected applications that perform the `initgroups(3)` operation
-      in multiple processes simultaneously.
-    * Setups that only want to use the domain SSSD is connected to, but not
-      the autodiscovered trusted domains by setting `subdomains_provider=none`
-      now work correctly as long as the domain SID is set manually in the
-      config file
-    * In case only allow rules are used, the simple access provider is
-      now able to skip unresolvable groups.
-    * The GPO access control code now handles situations where user and
-      computer objects were in different domains. Previously, an attempt to
-      log in as user from a different domain than computer always resulted
-      in login failure.
+* The background refresh tasks now supports refreshing users and
+  groups as well. See the "refresh_expired_interval" parameter in
+  the sssd.conf manpage.
+* A new option subdomain_inherit was added.
+* When an expired account attempts to log in, a configurable
+  error message can be displayed with sufficient pam_verbosity
+  setting. See the "pam_account_expired_message" option.
+* OpenLDAP ppolicy can be honored even when an alternate login
+  method (such as SSH key) is used. See the "ldap_access_order"
+  option.
+* A new option :krb5_map_user" was added, allowing the admin to
+  map UNIX usernames to Kerberos principals.
+* BUG FIXES:
+* Fixed AD-specific bugs that resulted in the incorrect set of
+  groups being displayed after the initgroups operation.
+* Fixes related to the IPA ID views feature. Setups using this
+  should update sssd on both IPA servers and clients.
+* The AD provider now handles binary GUIDs correctly.
+* A bug that prevented the `ignore_group_members` parameter to be
+  used with the AD provider was fixed.
+* The failover code now reads and honors TTL value for SRV
+  queries as well.
+* Race condition between setting the timeout in the back ends and
+  reading it in the front end during initgroup operation was
+  fixed. This bug affected applications that perform the
+  initgroups(3) operation in multiple processes simultaneously.
+* Setups that only want to use the domain SSSD is connected to,
+  but not the autodiscovered trusted domains by setting
+  `subdomains_provider=none` now work correctly as long as the
+  domain SID is set manually in the config file.
+* In case only "allow" rules are used, the simple access provider
+  is now able to skip unresolvable groups.
+* The GPO access control code now handles situations where user
+  and computer objects were in different domains.
 
 -------------------------------------------------------------------
 Thu Feb 19 10:51:22 UTC 2015 - hguo@suse.com

sssd.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package sssd
 #
-# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed