diff --git a/sssd-1.12.4.tar.gz b/sssd-1.12.4.tar.gz
deleted file mode 100644
index 4396546..0000000
--- a/sssd-1.12.4.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ea3be3a40b20284bd3126481dd0747cd07e39d5ef7ef7026d4902d96fc3e9edf
-size 4226841
diff --git a/sssd-1.12.4.tar.gz.asc b/sssd-1.12.4.tar.gz.asc
deleted file mode 100644
index cea6482..0000000
--- a/sssd-1.12.4.tar.gz.asc
+++ /dev/null
@@ -1,7 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iEYEABECAAYFAlTk1dAACgkQHsardTLnvCWfnwCg4JrLxP6Jjm9GYlTAqQS5N5cb
-ufYAniGjhC+1IBPQVJYiYiCkzjoYDpq3
-=XPd1
------END PGP SIGNATURE-----
diff --git a/sssd-1.12.5.tar.gz b/sssd-1.12.5.tar.gz
new file mode 100644
index 0000000..edd0deb
--- /dev/null
+++ b/sssd-1.12.5.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:243d8db7c72ecb21aa9db8a09fe9f9b10049dbdb35a1cc2f55e214f21e3ce256
+size 4300869
diff --git a/sssd-1.12.5.tar.gz.asc b/sssd-1.12.5.tar.gz.asc
new file mode 100644
index 0000000..7841619
--- /dev/null
+++ b/sssd-1.12.5.tar.gz.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iEYEABECAAYFAlV6uQEACgkQHsardTLnvCWZCwCdEWMU5ry/swLp5y/DGPXp6GkH
+4U4AnjTVtz1Vj1R7hyzVKKL6uqsR6kdR
+=dk0K
+-----END PGP SIGNATURE-----
diff --git a/sssd.changes b/sssd.changes
index 0add0b0..3612026 100644
--- a/sssd.changes
+++ b/sssd.changes
@@ -1,3 +1,64 @@
+-------------------------------------------------------------------
+Sun Jun 14 17:44:20 UTC 2015 - michael@stroeder.com
+
+- Update to new upstream release 1.12.5
+
+== Highlights ==
+ * This release adds several new enhancements and fixes many bugs
+ * Notable new enhancements:
+    * The background refresh tasks now supports refreshing users and groups
+      as well. Please see the description of the `refresh_expired_interval`
+      parameter in the `sssd.conf` man page.
+    * A new option subdomain_inherit was added. Options included in
+      the subdomain_inherit option also apply for trusted domains, if
+      supported. This release supports inheriting ignore_group_members,
+      ldap_purge_cache_timeout, ldap_use_tokengroups and
+      ldap_user_principal.
+    * When an expired account attempts to log in, a configurable error
+      message can be displayed with sufficient pam_verbosity setting. Please
+      see the description of the pam_account_expired_message option for
+      more information.
+    * OpenLDAP ppolicy can be honored even when an alternate login method
+      (such as SSH key) is used. Please see the description of the new
+      ppolicy value of the ldap_access_order option.
+    * A new option krb5_map_user was added. This option allows the admin
+      to map UNIX usernames to Kerberos principals. The option would be
+      mostly useful for setups that wish to continue using UNIX file-based
+      identities together with SSSD Kerberos authentication
+ * The important bug fixes include:
+    * Several AD-specific bugs that resulted in the incorrect set of groups
+      being displayed after the initgroups operation were fixed
+    * Many fixes related to the IPA ID views feature are included. Setups
+      using the ID views feature should update the SSSD instance on both
+      IPA servers and clients.
+    * The AD provider now handles binary GUIDs correctly. This bug was
+      manifested with an error message saying ldb_modify failed: Invalid
+      attribute syntax.
+    * The AD provider no longer downloads full group objects during
+      initgroups request if POSIX attributes are used. This fix may speed
+      up the login times significantly.
+    * A bug that prevented the `ignore_group_members` parameter to be used
+      with the AD provider was fixed
+    * The fail over code now reads and honors TTL value for SRV queries
+      as well. Previously, SRV queries used a hardcoded timeout
+    * The SELinux context set up during login with an IPA provider is only
+      called if the context had changed. This fixes a performance regression
+      with the IPA provider.
+    * Race condition between setting the timeout in the back ends and
+      reading it in the front end during initgroup operation was fixed. This
+      bug affected applications that perform the `initgroups(3)` operation
+      in multiple processes simultaneously.
+    * Setups that only want to use the domain SSSD is connected to, but not
+      the autodiscovered trusted domains by setting `subdomains_provider=none`
+      now work correctly as long as the domain SID is set manually in the
+      config file
+    * In case only allow rules are used, the simple access provider is
+      now able to skip unresolvable groups.
+    * The GPO access control code now handles situations where user and
+      computer objects were in different domains. Previously, an attempt to
+      log in as user from a different domain than computer always resulted
+      in login failure.
+
 -------------------------------------------------------------------
 Thu Feb 19 10:51:22 UTC 2015 - hguo@suse.com
 
diff --git a/sssd.spec b/sssd.spec
index ac3af7f..342166c 100644
--- a/sssd.spec
+++ b/sssd.spec
@@ -17,7 +17,7 @@
 
 
 Name:           sssd
-Version:        1.12.4
+Version:        1.12.5
 Release:        0
 Summary:        System Security Services Daemon
 License:        GPL-3.0+ and LGPL-3.0+