Accepting request 480497 from network:ldap

OBS-URL: https://build.opensuse.org/request/show/480497
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sssd?expand=0&rev=83

sssd-1.15.1.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:0a64a15c1e344fdfd1904872133d558b4fbbc6cb1ac748b66819f941d5c804fb
-size 5244029

sssd-1.15.1.tar.gz.asc

@@ -1,6 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iEYEABECAAYFAli53WwACgkQHsardTLnvCUIBQCguPYgc+o1n1+bl3fnrqs/QJh9
-LXQAnj6hXHbfhvAJy23otBTKi3Xs2+9h
-=S3bq
------END PGP SIGNATURE-----

sssd-1.15.2.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4cd5fcb314d77a58029a216b7e6001c6cb41c5b784cf570c5761c97d1c12d264
+size 5248134

sssd-1.15.2.tar.gz.asc

@@ -0,0 +1,6 @@
+-----BEGIN PGP SIGNATURE-----
+
+iEYEABECAAYFAljJcscACgkQHsardTLnvCVCdwCgj0g3CSbz/gIS37W553d0QI7i
+waoAnRN8+lQjwHQS+76q5nz2eSdRLnIG
+=4tQo
+-----END PGP SIGNATURE-----

sssd.changes

@@ -1,3 +1,46 @@
+-------------------------------------------------------------------
+Thu Mar 16 13:32:12 UTC 2017 - hguo@suse.com
+
+- Introduce mandatory runtime requirement "cyrus-sasl-gssapi" to
+  krb5-common sub-package. Address bsc#1024836.
+
+-------------------------------------------------------------------
+Wed Mar 15 22:18:03 UTC 2017 - michael@stroeder.com
+
+- Update to new upstream release 1.15.2
+  * It is now possible to configure certain parameters of a
+    trusted domain in a configuration file sub-section.
+  * Several issues related to socket-activating the NSS service,
+    especially if SSSD was configured to use a non-privileged
+    userm were fixed. The NSS service now does not change the
+    ownership of its log files to avoid triggering a name-service
+    lookup while the NSS service is not running yet.
+    Additionally, the NSS service is started before any other
+    service to make sure username resolution works and the other
+    service can resolve the SSSD user correctly.
+  * A new option "cache_first" allows the administrator to change
+    the way multiple domains are searched. When this option is
+    enabled, SSSD will first try to "pin" the requested name or
+    ID to a domain by searching the entries that are already
+    cached and contact the domain that contains the cached entry
+    first. Previously, SSSD would check the cache and the remote
+    server for each domain. This option brings performance
+    benefit for setups that use multiple domains (even
+    auto-discovered trusted domains), especially for ID lookups
+    that would previously iterate over all domains. Please note
+    that this option must be enabled with care as the
+    administrator must ensure that the ID space of domains does
+    not overlap.
+  * The SSSD D-Bus interface gained two new methods:
+    "FindByNameAndCertificate" and "ListByCertificate". These
+    methods will be used primarily by IPA and
+    `mod_lookup_identity
+    <https://github.com/adelton/mod_lookup_identity/> to
+    correctly match multple users who use the same certificate
+    for Smart Card login.
+  * A bug where SSSD did not properly sanitize a username with a
+    newline character in it was fixed.
+
 -------------------------------------------------------------------
 Sat Mar 11 22:34:41 UTC 2017 - jengelh@inai.de
 

sssd.spec

@@ -17,7 +17,7 @@
 
 
 Name:           sssd
-Version:        1.15.1
+Version:        1.15.2
 Release:        0
 Summary:        System Security Services Daemon
 License:        GPL-3.0+ and LGPL-3.0+
@@ -143,6 +143,7 @@ against a Kerberos server.
 Summary:        SSSD helpers needed for Kerberos and GSSAPI authentication
 License:        GPL-3.0+
 Group:          System/Daemons
+Requires:       cyrus-sasl-gssapi
 
 %description krb5-common
 Provides helper processes that the LDAP and Kerberos back ends can
@@ -563,7 +564,6 @@ rm -f /var/lib/sss/db/*.ldb
 %_mandir/man5/sssd-ad.5*
 %dir %_mandir/??/
 %dir %_mandir/??/man5/
-%_mandir/??/man5/sssd-ad.5*
 
 %files dbus
 %defattr(-,root,root)