Accepting request 1245183 from network:idm

OBS-URL: https://build.opensuse.org/request/show/1245183
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/kanidm?expand=0&rev=44

_service

@@ -3,7 +3,7 @@
     <param name="url">https://github.com/kanidm/kanidm.git</param>
     <param name="versionformat">@PARENT_TAG@~git@TAG_OFFSET@.%h</param>
     <param name="scm">git</param>
-    <param name="revision">1.4.0</param>
+    <param name="revision">1.5.0</param>
     <param name="match-tag">v*</param>
     <param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
     <param name="versionrewrite-replacement">\1</param>

_servicedata

@@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/kanidm/kanidm.git</param>
-              <param name="changesrevision">3ce4e0ff87632ed6e549bc2ae174ebb0dd02809c</param></service></servicedata>
+              <param name="changesrevision">0fa57fcf49a5e3cff55d10f84cbf77c89ce971ce</param></service></servicedata>

kanidm-1.4.6~git0.3ce4e0f.tar.zst

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:93a94da8a2f7e82cf12bf3f5d5584ff5b8645e23923b5baa2c539bfc796412bc
-size 6833256

kanidm-1.5.0~git1.0fa57fc.tar.zst

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0f88596a5b14dd93fa51ac05f0d56519c6f2473dfe2977c1fca535a760112391
+size 6864273

kanidm.changes

@@ -1,3 +1,150 @@
+-------------------------------------------------------------------
+Tue Feb 11 06:37:21 UTC 2025 - william.brown@suse.com
+
+- Update to version 1.5.0~git1.0fa57fc:
+  * Update makefile for docker
+  * Release 1.5.0
+  * 20250209 pre release (#3409)
+  * 20250206 freebsd ports (#3404)
+  * Resolve kanidm-unix auth-test bug (#3405)
+  * chore: Remove empty scopemaps (#3170)
+  * Feat: Allowing spn query with non-spn structured data in LDAP (#3400)
+  * SSH Keys in Credentials Update (#3027)
+  * 20250205 3369 firefox pin (#3403)
+  * Correctly return that uuid2spn changed on domain rename (#3402)
+  * Fix the password reset form and possible resolver issue (#3398)
+  * Add handle_group_error to cli client (#3399)
+  * Improve spans in unixd (#3397)
+  * Allow OAuth2 with empty state parameter (#3396)
+  * #3387 - RADIUS Startup fixin's (#3388)
+  * Allow POST on oauth userinfo (#3395)
+  * OpenBSD support (#3381)
+  * Bump openssl from 0.10.69 to 0.10.70 in the cargo group (#3391)
+  * Add /.well-known/change-password endpoint (#3382)
+  * Bump the all group across 1 directory with 7 updates (#3385)
+  * extend oauth2 examples with gitea (#3351)
+  * Bump the all group with 22 updates (#3376)
+  * Book: Added small section on primary cred fallback (#3365)
+  * Added shell.nix to create dev environment (#3362)
+  * fix(ci): Add setup-oras step to include ORAS CLI for container builds on ubuntu-24.04. (#3368)
+  * 20250114 3325 SCIM access control (#3359)
+  * Small UI updates. (#3361)
+  * Bump the all group in /pykanidm with 2 updates (#3366)
+  * Repair systemd reload notifications (#3355)
+  * fix: unrecoverable error page doesn't include logo or domain name (#3352)
+  * Bump jinja2 from 3.1.4 to 3.1.5 in /pykanidm in the pip group (#3358)
+  * Bump the all group in /pykanidm with 4 updates (#3356)
+  * 20250110 eo fixes (#3353)
+  * fix(server/config): reduce string allocations (#3350)
+  * Add ssh_publickeys as a claim for oauth2 (#3346)
+  * Allow modification of password minimum length (#3345)
+  * Add OAuth2 `response_mode=fragment` (#3335)
+  * Resolve passkey regression (#3343)
+  * Renaming "TOTP" in the login flow (#3338)
+  * Bump the all group in /pykanidm with 3 updates (#3339)
+  * Bump actions/checkout from 2 to 4 in the all group (#3341)
+  * Add support for prefers-color-scheme using Bootstrap classes. (#3327)
+  * Fix /var/run/kanidm-unixd permission (#3342)
+  * Javascript linting (#3329)
+  * Ignore anonymous in oauth2 read allow access (#3336)
+  * cookies don't clear unless you set domain (#3332)
+  * 20250102 freebsd client (#3333)
+  * fix: PAM on Debian, enable use_first_pass by default (#3326)
+  * Bump the all group with 6 updates (#3324)
+  * Bump the all group in /pykanidm with 2 updates (#3323)
+  * Bump the all group with 3 updates (#3317)
+  * Bump the all group in /pykanidm with 7 updates (#3316)
+  * nss/pam resolver should reauth faster (#3309)
+  * Update to latest webauthn-rs/time (#3315)
+  * kanidm-unixd example config enfixening (#3314)
+  * Further SCIM sync testing, minor fixes (#3305)
+  * book: explain how to use fido-mds-tool (#3231)
+  * client: read attestation CA list JSON from file (#3232)
+  * Automatically trigger passkeys on login view (#3307)
+  * Re-add enrol another device flow
+  * Improved Cookie Removal
+  * Allow opt-in of easter eggs (#3308)
+  * Allow reseting account policy values to defaults (#3306)
+  * Incorrect member name in groups (#3302)
+  * SCIM Sync Missing Annotation (#3300)
+  * Ignore system users for UPG synthesiseation (#3297)
+  * Limit OAuth2 resumption to session (#3296)
+  * Use specific errors for intent token revoked (#3291)
+  * Autocomplete password during reauth with TOTP (#3290)
+  * Bump the all group with 6 updates (#3294)
+  * Bump mozilla-actions/sccache-action from 0.0.6 to 0.0.7 in the all group (#3295)
+  * Bump the all group in /pykanidm with 2 updates (#3293)
+  * remove unused webauthn features. (#3286)
+  * Add CORS headers to jwks and userinfo (#3283)
+  * Cleanup webauthn features (#3285)
+  * Minor tweaks to cred reset ui (#3284)
+  * Bump the all group across 1 directory with 6 updates (#3280)
+  * Allow group managers to modify entry-managed-by (#3272)
+  * pykanidm: Make a little dry. (#3281)
+  * Bump the all group with 5 updates (#3278)
+  * pykanidm: Add retrieving credential reset token for a person. (#3279)
+  * Cleanup of println and other outputs (#3266)
+  * Canonicalize path for user shell check (#3265)
+  * Check DNS on replication loop start not at task start (#3243)
+  * Work around systemd race condition (#3262)
+  * fix(docstrings): minor lack of formatting breaking things (#3260)
+  * Devcontainertainertainer (#3251)
+  * grafana: update example to work with strict redirect uri checking (#3259)
+  * Bump the all group in /pykanidm with 5 updates (#3257)
+  * Bump the all group with 6 updates (#3258)
+  * 20240927 SCIM put (#3151)
+  * Clear invalid tokens from unix resolver (#3256)
+  * Clippy Lints (#3255)
+  * Allow OAuth2 loopback redirects if the path matches (#3252)
+  * Correctly display domain name on login (#3254)
+  * Display account_id during success/deny paths in unixd (#3253)
+  * s/idm_people_self_write_mail/idm_people_self_mail_write/g (#3250)
+  * handle missing map_group setting in config (#3242)
+  * owncloud: Add SameSite=Lax config for cross-domain auth (#3245)
+  * Bump the all group across 1 directory with 7 updates (#3238)
+  * Yaleman/issue3229 (#3239)
+  * Bump the all group across 1 directory with 12 updates (#3235)
+  * Update to latest fido-mds-tool (#3230)
+  * Warn when v2 options are used in v1 unixd config (#3228)
+  * Bump aiohttp from 3.10.10 to 3.10.11 in /pykanidm in the pip group (#3223)
+  * Resolve UI Auth Loop with OAuth2 (#3226)
+  * Harden transport in pam unixd (#3227)
+  * Improve warning around invalid JWT deserialisation (#3224)
+  * Update and fix server config files in examples. (#3225)
+  * Change CLI oauth2 command from set-display-name to set-displayname for consistency. (#3212)
+  * Add docs on customising Kanidm. (#3209)
+  * Correct spelling of occurred (#3222)
+  * Bump the all group across 1 directory with 13 updates (#3202)
+  * UI/Feature polish (#3191)
+  * Prevent Invalid MFA Reg States (#3194)
+  * Change CSS for applications so SVG scales nicely in Firefox. (#3200)
+  * 20241109 3185 max age (#3196)
+  * Hoist max_age to prevent incorrect deserialisation (#3190)
+  * Use correct oauth2 manage acp (#3186)
+  * Re-migrate all acps to force updating (#3184)
+  * Bump the all group across 1 directory with 2 updates (#3180)
+  * security - low - fault in migrations (#3182)
+  * fix(kanidmd): Print replication cert to stdout (#3179)
+  * Correct missing CSP header (#3177)
+  * Resolve pam services not always having a tty (#3176)
+  * Resolve incorrect handling of rhost in pam (#3171)
+  * chore: Made oauth2 scopes required in CLI (#3165)
+  * More "choosing a domain" revision (#3161)
+  * Bump jsonschema from 0.21.0 to 0.26.0 in the all group (#3157)
+  * Update missing inputmode numeric when adding a new TOTP. (#3160)
+  * Improve OAuth2 authorisation ux (#3158)
+  * Fix attribute scim sync attribute naming (#3159)
+  * Change to text input and use numeric mode for TOTP prompts. (#3154)
+  * Bump the all group in /pykanidm with 3 updates (#3156)
+  * Fix release note date and typos (#3153)
+  * Begin 1.5.0 Development Cycle (#3150)
+
+-------------------------------------------------------------------
+Tue Feb 11 06:35:23 UTC 2025 - william.brown@suse.com
+
+- Update to version 1.4.6~git1.3f47d7f:
+  * fix: PAM on Debian, enable use_first_pass by default (#3326)
+
 -------------------------------------------------------------------
 Thu Jan 23 23:42:52 UTC 2025 - william.brown@suse.com
 

kanidm.spec

@@ -20,7 +20,7 @@
 %define configdir %{_sysconfdir}/kanidm
 
 Name:           kanidm
-Version:        1.4.6~git0.3ce4e0f
+Version:        1.5.0~git1.0fa57fc
 Release:        0
 Summary:        A identity management service and clients.
 License:        ( Apache-2.0 OR BSL-1.0 ) AND ( Apache-2.0 OR ISC OR MIT ) AND ( Apache-2.0 OR MIT ) AND ( Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT ) AND ( CC0-1.0 OR Apache-2.0 ) AND ( MIT OR Apache-2.0 OR Zlib ) AND ( Unlicense OR MIT ) AND ( Zlib OR Apache-2.0 OR MIT ) AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND ISC AND MIT AND MPL-2.0 AND MPL-2.0+

vendor.tar.zst

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:2a546aeeebbf670cb0002c33fdf2d03c4f1d6734d7b500dc81aab64d297517d2
+oid sha256:05428f574f79d690fd606394ec17e25c96ae9cf66e6233893f62e9b7b53a9e97
-size 68810823
+size 68777550