Hello community, here is the log from the commit of package sssd for openSUSE:Factory checked in at 2017-03-18 20:49:28 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/sssd (Old) and /work/SRC/openSUSE:Factory/.sssd.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "sssd" Sat Mar 18 20:49:28 2017 rev:83 rq:480497 version:1.15.2 Changes: -------- --- /work/SRC/openSUSE:Factory/sssd/sssd.changes 2017-03-15 01:59:48.528457447 +0100 +++ /work/SRC/openSUSE:Factory/.sssd.new/sssd.changes 2017-03-18 20:49:30.170783904 +0100 @@ -1,0 +2,43 @@ +Thu Mar 16 13:32:12 UTC 2017 - hguo@suse.com + +- Introduce mandatory runtime requirement "cyrus-sasl-gssapi" to + krb5-common sub-package. Address bsc#1024836. + +------------------------------------------------------------------- +Wed Mar 15 22:18:03 UTC 2017 - michael@stroeder.com + +- Update to new upstream release 1.15.2 + * It is now possible to configure certain parameters of a + trusted domain in a configuration file sub-section. + * Several issues related to socket-activating the NSS service, + especially if SSSD was configured to use a non-privileged + userm were fixed. The NSS service now does not change the + ownership of its log files to avoid triggering a name-service + lookup while the NSS service is not running yet. + Additionally, the NSS service is started before any other + service to make sure username resolution works and the other + service can resolve the SSSD user correctly. + * A new option "cache_first" allows the administrator to change + the way multiple domains are searched. When this option is + enabled, SSSD will first try to "pin" the requested name or + ID to a domain by searching the entries that are already + cached and contact the domain that contains the cached entry + first. Previously, SSSD would check the cache and the remote + server for each domain. This option brings performance + benefit for setups that use multiple domains (even + auto-discovered trusted domains), especially for ID lookups + that would previously iterate over all domains. Please note + that this option must be enabled with care as the + administrator must ensure that the ID space of domains does + not overlap. + * The SSSD D-Bus interface gained two new methods: + "FindByNameAndCertificate" and "ListByCertificate". These + methods will be used primarily by IPA and + `mod_lookup_identity + https://github.com/adelton/mod_lookup_identity/ to + correctly match multple users who use the same certificate + for Smart Card login. + * A bug where SSSD did not properly sanitize a username with a + newline character in it was fixed. + +------------------------------------------------------------------- Old: ---- sssd-1.15.1.tar.gz sssd-1.15.1.tar.gz.asc New: ---- sssd-1.15.2.tar.gz sssd-1.15.2.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sssd.spec ++++++ --- /var/tmp/diff_new_pack.Ks84ew/_old 2017-03-18 20:49:30.902680218 +0100 +++ /var/tmp/diff_new_pack.Ks84ew/_new 2017-03-18 20:49:30.906679652 +0100 @@ -17,7 +17,7 @@ Name: sssd -Version: 1.15.1 +Version: 1.15.2 Release: 0 Summary: System Security Services Daemon License: GPL-3.0+ and LGPL-3.0+ @@ -143,6 +143,7 @@ Summary: SSSD helpers needed for Kerberos and GSSAPI authentication License: GPL-3.0+ Group: System/Daemons +Requires: cyrus-sasl-gssapi %description krb5-common Provides helper processes that the LDAP and Kerberos back ends can @@ -563,7 +564,6 @@ %_mandir/man5/sssd-ad.5* %dir %_mandir/??/ %dir %_mandir/??/man5/ -%_mandir/??/man5/sssd-ad.5* %files dbus %defattr(-,root,root) ++++++ sssd-1.15.1.tar.gz -> sssd-1.15.2.tar.gz ++++++ ++++ 118409 lines of diff (skipped)