New upstream release 1.11.5.1

- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5

.gitignore

@@ -41,3 +41,16 @@ sssd-1.2.91.tar.gz
 /sssd-1.9.2.tar.gz
 /sssd-1.9.3.tar.gz
 /sssd-1.9.4.tar.gz
+/sssd-1.10.0alpha1.tar.gz
+/sssd-1.10.0beta1.tar.gz
+/sssd-1.10.0beta2.tar.gz
+/sssd-1.10.0.tar.gz
+/sssd-1.10.1.tar.gz
+/sssd-1.11.0beta2.tar.gz
+/sssd-1.11.0.tar.gz
+/sssd-1.11.1.tar.gz
+/sssd-1.11.2.tar.gz
+/sssd-1.11.3.tar.gz
+/sssd-1.11.4.tar.gz
+/sssd-1.11.5.tar.gz
+/sssd-1.11.5.1.tar.gz

0001-krb-recreate-ccache-if-it-was-deleted.patch

@@ -1,39 +0,0 @@
-From cae3bf6af22855adc8dd7b270e11207f0a33c385 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Wed, 30 Jan 2013 13:45:27 +0100
-Subject: [PATCH] krb: recreate ccache if it was deleted
-
-https://fedorahosted.org/sssd/ticket/1512
-
-If directory where a ccache file was stored was missing and user
-was still logged in, we erroneously considered the ccache file
-still active. Thus the ccache file was not recreated and user was
-unable to login.
----
- src/providers/krb5/krb5_utils.c | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
-
-diff --git a/src/providers/krb5/krb5_utils.c b/src/providers/krb5/krb5_utils.c
-index b770714be030076203b6578f90ef726226cb72f8..7b56be52497ae66fa536b76ca0561ec3cc3208ce 100644
---- a/src/providers/krb5/krb5_utils.c
-+++ b/src/providers/krb5/krb5_utils.c
-@@ -770,8 +770,15 @@ cc_residual_is_used(uid_t uid, const char *ccname,
- 
-     ret = lstat(ccname, &stat_buf);
- 
--    if (ret == -1 && errno != ENOENT) {
-+    if (ret == -1) {
-         ret = errno;
-+        if (ret == ENOENT) {
-+            DEBUG(SSSDBG_FUNC_DATA, ("Cache file [%s] does not exists, "
-+                                     "it will be recreated\n", ccname));
-+            *result = false;
-+            return EOK;
-+        }
-+
-         DEBUG(SSSDBG_OP_FAILURE,
-               ("stat failed [%d][%s].\n", ret, strerror(ret)));
-         return ret;
--- 
-1.7.11.7
-

0002-Don-t-use-srcdir-with-tests.patch

@@ -1,30 +0,0 @@
-From 2cdcd10751f2e3f152124f698ae35d7947ca4771 Mon Sep 17 00:00:00 2001
-From: Jakub Hrozek <jhrozek@redhat.com>
-Date: Thu, 31 Jan 2013 18:52:08 +0100
-Subject: [PATCH] Don't use srcdir with tests
-
-Fixes build with automake 1.13 or newer.
----
- Makefile.am | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/Makefile.am b/Makefile.am
-index 8a47af8ddb4eb274d390ec0bf3010736cb23b992..64708216103e48facf780f246de5668c8e0b26a7 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -146,9 +146,9 @@ check_PROGRAMS = \
- PYTHON_TESTS =
- 
- if BUILD_PYTHON_BINDINGS
--PYTHON_TESTS += $(srcdir)/src/config/SSSDConfigTest.py \
--                $(srcdir)/src/tests/pyhbac-test.py \
--                $(srcdir)/src/tests/pysss_murmur-test.py
-+PYTHON_TESTS += src/config/SSSDConfigTest.py \
-+                src/tests/pyhbac-test.py \
-+                src/tests/pysss_murmur-test.py
- endif
- 
- TESTS = \
--- 
-1.8.1
-

0003-krb5-include-backwards-compatible-declaration-of-krb.patch

@@ -1,52 +0,0 @@
-From 4e78fab6a1b2e9653a7959cbdb7d54bb750041d0 Mon Sep 17 00:00:00 2001
-From: Jakub Hrozek <jhrozek@redhat.com>
-Date: Mon, 4 Feb 2013 11:30:48 -0500
-Subject: [PATCH] krb5: include backwards compatible declaration of
- krb5_trace_info
-
-krb5-1.10 used to include "struct krb5_trace_info", now krb5-1.11
-includes a "krb5_trace_info" typedefed from "struct _krb5_trace_info".
-
-Do the same in the SSSD to allow compiling with both 1.10 and 1.11.
----
- src/external/krb5.m4 | 2 +-
- src/util/sss_krb5.c  | 8 +++++++-
- 2 files changed, 8 insertions(+), 2 deletions(-)
-
-diff --git a/src/external/krb5.m4 b/src/external/krb5.m4
-index 5bc871128193e19038c7325b7dbab40e94128171..f1679a151b613b3f685953453a314f734419fa41 100644
---- a/src/external/krb5.m4
-+++ b/src/external/krb5.m4
-@@ -37,7 +37,7 @@ SAVE_LIBS=$LIBS
- CFLAGS="$CFLAGS $KRB5_CFLAGS"
- LIBS="$LIBS $KRB5_LIBS"
- AC_CHECK_HEADERS([krb5.h krb5/krb5.h])
--AC_CHECK_TYPES([krb5_ticket_times, krb5_times], [], [],
-+AC_CHECK_TYPES([krb5_ticket_times, krb5_times, krb5_trace_info], [], [],
-                [ #ifdef HAVE_KRB5_KRB5_H
-                  #include <krb5/krb5.h>
-                  #else
-diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c
-index bb61d10938a74d768c31869cae79fa1e348d3693..ab0344c8048523e08dbe29a05aefbc45e2f7668e 100644
---- a/src/util/sss_krb5.c
-+++ b/src/util/sss_krb5.c
-@@ -1001,9 +1001,15 @@ sss_krb5_residual_check_type(const char *full_location,
- }
- 
- #ifdef HAVE_KRB5_SET_TRACE_CALLBACK
-+
-+#ifndef HAVE_KRB5_TRACE_INFO
-+/* krb5-1.10 had struct krb5_trace_info, 1.11 has type named krb5_trace_info */
-+typedef struct krb5_trace_info krb5_trace_info;
-+#endif  /* HAVE_KRB5_TRACE_INFO */
-+
- static void
- sss_child_krb5_trace_cb(krb5_context context,
--                        const struct krb5_trace_info *info, void *data)
-+                        const krb5_trace_info *info, void *data)
- {
-     if (info == NULL) {
-         /* Null info means destroy the callback data. */
--- 
-1.8.1.2
-

0004-subdomains-replace-invalid-characters-with-underscor.patch

@@ -1,69 +0,0 @@
-From a0388dc52f5461f72f8221c9bb7c92008e1fe2c5 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Fri, 1 Feb 2013 12:17:47 +0100
-Subject: [PATCH] subdomains: replace invalid characters with underscore in
- krb5 mapping file name
-
-https://fedorahosted.org/sssd/ticket/1795
-
-Only alpha-numeric chars, dashes and underscores are allowed in
-krb5 include directory.
----
- src/providers/ipa/ipa_subdomains.c | 26 +++++++++++++++++++++++++-
- 1 file changed, 25 insertions(+), 1 deletion(-)
-
-diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
-index ef6195d19de72be7fd2b12a309b33fcf20e0e3a1..f959c4e6eb1d830e3990f552c9f4cf962298ef48 100644
---- a/src/providers/ipa/ipa_subdomains.c
-+++ b/src/providers/ipa/ipa_subdomains.c
-@@ -287,22 +287,46 @@ ipa_subdomains_write_mappings(struct sss_domain_info *domain,
-     errno_t err;
-     TALLOC_CTX *tmp_ctx;
-     const char *mapping_file;
-+    char *sanitized_domain;
-     char *tmp_file = NULL;
-     int fd = -1;
-     mode_t old_mode;
-     FILE *fstream = NULL;
-     size_t i;
- 
-+    if (domain == NULL || domain->name == NULL) {
-+        DEBUG(SSSDBG_CRIT_FAILURE, ("No domain name provided\n"));
-+        return EINVAL;
-+    }
-+
-     tmp_ctx = talloc_new(NULL);
-     if (!tmp_ctx) return ENOMEM;
- 
-+    sanitized_domain = talloc_strdup(tmp_ctx, domain->name);
-+    if (sanitized_domain == NULL) {
-+        DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strdup() failed\n"));
-+        return ENOMEM;
-+    }
-+
-+    /* only alpha-numeric chars, dashes and underscores are allowed in
-+     * krb5 include directory */
-+    for (i = 0; sanitized_domain[i] != '\0'; i++) {
-+        if (!isalnum(sanitized_domain[i])
-+                && sanitized_domain[i] != '-' && sanitized_domain[i] != '_') {
-+            sanitized_domain[i] = '_';
-+        }
-+    }
-+
-     mapping_file = talloc_asprintf(tmp_ctx, "%s/domain_realm_%s",
--                                   IPA_SUBDOMAIN_MAPPING_DIR, domain->name);
-+                                   IPA_SUBDOMAIN_MAPPING_DIR, sanitized_domain);
-     if (!mapping_file) {
-         ret = ENOMEM;
-         goto done;
-     }
- 
-+    DEBUG(SSSDBG_FUNC_DATA, ("Mapping file for domain [%s] is [%s]\n",
-+                             domain->name, mapping_file));
-+
-     tmp_file = talloc_asprintf(tmp_ctx, "%sXXXXXX", mapping_file);
-     if (tmp_file == NULL) {
-         ret = ENOMEM;
--- 
-1.7.11.7
-

0005-Fix-the-krb5-password-expiration-warning.patch

@@ -1,39 +0,0 @@
-From e354a96bbca5da8525ee51f91907e75af897b856 Mon Sep 17 00:00:00 2001
-From: Jakub Hrozek <jhrozek@redhat.com>
-Date: Thu, 14 Feb 2013 10:13:59 +0100
-Subject: [PATCH] Fix the krb5 password expiration warning
-
-https://fedorahosted.org/sssd/ticket/1808
----
- src/confdb/confdb.c | 8 +++++++-
- 1 file changed, 7 insertions(+), 1 deletion(-)
-
-diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
-index 31efd9443be8490715961c8a45f9352bd1ade653..31c48bd28aee37008687e7e255ebf2ef2d79798a 100644
---- a/src/confdb/confdb.c
-+++ b/src/confdb/confdb.c
-@@ -1020,7 +1020,11 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
-         goto done;
-     }
- 
--    /* Set the PAM warning time, if specified */
-+    /* Set the PAM warning time, if specified. If not specified, pass on
-+     * the "not set" value of "-1" which means "use provider default". The
-+     * value 0 means "always display the warning if server sends one" */
-+    domain->pwd_expiration_warning = -1;
-+
-     val = ldb_msg_find_attr_as_int(res->msgs[0],
-                                    CONFDB_DOMAIN_PWD_EXPIRATION_WARNING,
-                                    -1);
-@@ -1035,6 +1039,8 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
-     }
- 
-     if (val > 0) {
-+        DEBUG(SSSDBG_CONF_SETTINGS,
-+              ("Setting domain password expiration warning to %d days\n", val));
-         /* The value is in days, transform it to seconds */
-         domain->pwd_expiration_warning = val * 24 * 3600;
-     }
--- 
-1.8.1.2
-

0006-BUILD-Build-shared-components-as-an-internal-shared-.patch

@@ -1,134 +0,0 @@
-From 96453f402831275a39d5fb89c33c9776e148d03f Mon Sep 17 00:00:00 2001
-From: Stephen Gallagher <sgallagh@redhat.com>
-Date: Fri, 22 Feb 2013 15:58:52 +0100
-Subject: [PATCH] BUILD: Build shared components as an internal shared library
-
-There is a large amount of duplicated code being linked into multiple
-SSSD binaries. Instead of statically linking this code throughout the
-SSSD, we should instead create private shared libraries for them and
-drop this code on the system only once.
----
- Makefile.am          | 25 +++++++++++++++++++------
- contrib/sssd.spec.in |  8 ++++++++
- 2 files changed, 27 insertions(+), 6 deletions(-)
-
-diff --git a/Makefile.am b/Makefile.am
-index 64708216103e48facf780f246de5668c8e0b26a7..4ff02b8e7f65876c6d42217e955053f420111132 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -176,7 +176,9 @@ krb5authdata_plugin_LTLIBRARIES = \
-     sssd_pac_plugin.la
- endif
- 
--noinst_LTLIBRARIES = \
-+noinst_LTLIBRARIES =
-+
-+pkglib_LTLIBRARIES = \
-     libsss_crypt.la
- 
- if HAVE_NSS
-@@ -203,6 +205,8 @@ libsss_crypt_la_CFLAGS = \
-     $(DHASH_CFLAGS)
- libsss_crypt_la_LIBADD = \
-     $(SSS_CRYPT_LIBS)
-+libsss_crypt_la_LDFLAGS = \
-+    -avoid-version
- 
- if BUILD_PYTHON_BINDINGS
- pyexec_LTLIBRARIES = \
-@@ -471,15 +475,18 @@ endif
- #####################
- # Utility libraries #
- #####################
--noinst_LTLIBRARIES += libsss_debug.la
-+pkglib_LTLIBRARIES += libsss_debug.la
- libsss_debug_la_SOURCES = \
-     src/util/debug.c \
-     src/util/sss_log.c
-+libsss_debug_la_LDFLAGS = \
-+    -avoid-version
- 
--noinst_LTLIBRARIES += libsss_child.la
-+pkglib_LTLIBRARIES += libsss_child.la
- libsss_child_la_SOURCES = src/util/child_common.c
-+libsss_child_la_LDFLAGS = -avoid-version
- 
--noinst_LTLIBRARIES += libsss_util.la
-+pkglib_LTLIBRARIES += libsss_util.la
- libsss_util_la_SOURCES = \
-     src/confdb/confdb.c \
-     src/db/sysdb.c \
-@@ -532,6 +539,7 @@ libsss_util_la_SOURCES += \
-     src/db/sysdb_ssh.c \
-     src/util/sss_ssh.c
- endif
-+libsss_util_la_LDFLAGS = -avoid-version
- 
- lib_LTLIBRARIES = libipa_hbac.la libsss_idmap.la
- dist_pkgconfig_DATA += src/providers/ipa/ipa_hbac.pc
-@@ -1251,7 +1259,7 @@ endif
- # Plugin Libraries #
- ####################
- 
--noinst_LTLIBRARIES += libsss_ldap_common.la
-+pkglib_LTLIBRARIES += libsss_ldap_common.la
- libsss_ldap_common_la_SOURCES = \
-     src/providers/ldap/ldap_id.c \
-     src/providers/ldap/ldap_id_enum.c \
-@@ -1278,6 +1286,8 @@ libsss_ldap_common_la_SOURCES = \
-     src/providers/ldap/sdap_range.c \
-     src/providers/ldap/sdap_reinit.c \
-     src/providers/ldap/sdap.c
-+libsss_ldap_common_la_LDFLAGS = \
-+    -avoid-version
- 
- if BUILD_SUDO
- libsss_ldap_common_la_SOURCES += \
-@@ -1295,7 +1305,7 @@ libsss_ldap_common_la_SOURCES += \
- endif
- 
- 
--noinst_LTLIBRARIES += libsss_krb5_common.la
-+pkglib_LTLIBRARIES += libsss_krb5_common.la
- libsss_krb5_common_la_SOURCES = \
-     src/providers/krb5/krb5_utils.c \
-     src/providers/krb5/krb5_become_user.c \
-@@ -1307,6 +1317,8 @@ libsss_krb5_common_la_SOURCES = \
-     src/providers/krb5/krb5_access.c \
-     src/providers/krb5/krb5_child_handler.c \
-     src/providers/krb5/krb5_init_shared.c
-+libsss_krb5_common_la_LDFLAGS = \
-+    -avoid-version
- 
- libsss_ldap_la_SOURCES = \
-     src/util/find_uid.c \
-@@ -1658,6 +1670,7 @@ installsssddirs::
-     $(DESTDIR)$(dbusintrospectdir) \
-     $(DESTDIR)$(pipepath)/private \
-     $(DESTDIR)$(sssdlibdir) \
-+    $(DESTDIR)$(pkglibdir) \
-     $(DESTDIR)$(sssdconfdir) \
-     $(DESTDIR)$(sssddatadir) \
-     $(DESTDIR)$(dbpath) \
-diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
-index 2a0401d1b8bb538fe596b2c762f7e0bbeb1abef9..7f124f5cd9dc602481cb5f4ae7a5a9418b6c8bf9 100644
---- a/contrib/sssd.spec.in
-+++ b/contrib/sssd.spec.in
-@@ -385,6 +385,14 @@ rm -rf $RPM_BUILD_ROOT
- %{_libdir}/%{name}/libsss_proxy.so
- %{_libdir}/%{name}/libsss_simple.so
- 
-+#Internal shared libraries
-+%{_libdir}/%{name}/libsss_child.so
-+%{_libdir}/%{name}/libsss_crypt.so
-+%{_libdir}/%{name}/libsss_debug.so
-+%{_libdir}/%{name}/libsss_krb5_common.so
-+%{_libdir}/%{name}/libsss_ldap_common.so
-+%{_libdir}/%{name}/libsss_util.so
-+
- %{ldb_modulesdir}/memberof.so
- %{_bindir}/sss_ssh_authorizedkeys
- %{_bindir}/sss_ssh_knownhostsproxy
--- 
-1.8.1.2
-

0501-FEDORA-Switch-the-default-ccache-location.patch

@@ -1,21 +0,0 @@
-diff -up sssd-1.8.96/src/man/sssd-krb5.5.xml.ccache sssd-1.8.96/src/man/sssd-krb5.5.xml
---- sssd-1.8.96/src/man/sssd-krb5.5.xml.ccache	2012-08-24 17:08:01.619610422 +0200
-+++ sssd-1.8.96/src/man/sssd-krb5.5.xml	2012-08-24 17:09:15.447826123 +0200
-@@ -148,7 +148,7 @@
-                             </citerefentry> for details) is created.
-                         </para>
-                         <para>
--                            Default: /tmp
-+                            Default: /run/user/%U
-                         </para>
-                     </listitem>
-                 </varlistentry>
-@@ -208,7 +208,7 @@
-                             used to create a unique filename in a safe way.
-                         </para>
-                         <para>
--                            Default: FILE:%d/krb5cc_%U_XXXXXX
-+                            Default: DIR:%d/krb5cc
-                         </para>
-                     </listitem>
-                 </varlistentry>

sources

@@ -1 +1 @@
-a72cda079a287e62a4beaa4d4f48fa89  sssd-1.9.4.tar.gz
+1aa92011bf08adaf66199c28a2973c9a  sssd-1.11.5.1.tar.gz

sssd.spec

@@ -1,22 +1,14 @@
-%if ! (0%{?fedora} > 12 || 0%{?rhel} > 5)
-%{!?python_sitelib: %global python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib())")}
-%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
-%endif
-
 # we don't want to provide private python extension libs
 %define __provides_exclude_from %{python_sitearch}/.*\.so$
-
-%if (0%{?fedora} > 15)
 %define _hardened_build 1
-%endif
 
 # Determine the location of the LDB modules directory
 %global ldb_modulesdir %(pkg-config --variable=modulesdir ldb)
-%global ldb_version 1.1.15
+%global ldb_version 1.1.16
 
 Name: sssd
-Version: 1.9.4
-Release: 9%{?dist}
+Version: 1.11.5.1
+Release: 1%{?dist}
 Group: Applications/System
 Summary: System Security Services Daemon
 License: GPLv3+
@@ -25,28 +17,16 @@ Source0: https://fedorahosted.org/released/sssd/%{name}-%{version}.tar.gz
 BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 
 ### Patches ###
-Patch0001:  0001-krb-recreate-ccache-if-it-was-deleted.patch
-Patch0002:  0002-Don-t-use-srcdir-with-tests.patch
-Patch0003:  0003-krb5-include-backwards-compatible-declaration-of-krb.patch
-Patch0004:  0004-subdomains-replace-invalid-characters-with-underscor.patch
-Patch0005:  0005-Fix-the-krb5-password-expiration-warning.patch
-Patch0006:  0006-BUILD-Build-shared-components-as-an-internal-shared-.patch
-
-Patch0501:  0501-FEDORA-Switch-the-default-ccache-location.patch
 
 ### Dependencies ###
-
-Conflicts: selinux-policy < 3.10.0-46
-Requires: libldb%{?_isa} = %{ldb_version}
-Requires: libtdb%{?_isa} >= 1.1.3
-Requires: sssd-client%{?_isa} = %{version}-%{release}
-Requires: cyrus-sasl-gssapi%{?_isa}
-Requires: libipa_hbac%{?_isa} = %{version}-%{release}
-Requires: libsss_idmap%{?_isa} = %{version}-%{release}
-Requires: krb5-libs%{?_isa} >= 1.10
-Requires(post): systemd-units initscripts chkconfig
-Requires(preun): systemd-units initscripts chkconfig
-Requires(postun): systemd-units initscripts chkconfig
+Requires: sssd-common = %{version}-%{release}
+Requires: sssd-ldap = %{version}-%{release}
+Requires: sssd-krb5 = %{version}-%{release}
+Requires: sssd-ipa = %{version}-%{release}
+Requires: sssd-common-pac = %{version}-%{release}
+Requires: sssd-ad = %{version}-%{release}
+Requires: sssd-proxy = %{version}-%{release}
+Requires: python-sssdconfig = %{version}-%{release}
 
 %global servicename sssd
 %global sssdstatedir %{_localstatedir}/lib/sss
@@ -61,20 +41,14 @@ BuildRequires: autoconf
 BuildRequires: automake
 BuildRequires: libtool
 BuildRequires: m4
-%{?fedora:BuildRequires: popt-devel}
-%if 0%{?rhel} <= 5
-BuildRequires: popt
-%endif
-%if 0%{?rhel} >= 6
 BuildRequires: popt-devel
-%endif
 BuildRequires: libtalloc-devel
 BuildRequires: libtevent-devel
 BuildRequires: libtdb-devel
 BuildRequires: libldb-devel = %{ldb_version}
 BuildRequires: libdhash-devel >= 0.4.2
 BuildRequires: libcollection-devel
-BuildRequires: libini_config-devel
+BuildRequires: libini_config-devel >= 1.0.0.1
 BuildRequires: dbus-devel
 BuildRequires: dbus-libs
 BuildRequires: openldap-devel
@@ -94,7 +68,7 @@ BuildRequires: libselinux-devel
 BuildRequires: libsemanage-devel
 BuildRequires: bind-utils
 BuildRequires: keyutils-libs-devel
-BuildRequires: libnl-devel
+BuildRequires: libnl3-devel
 BuildRequires: gettext-devel
 BuildRequires: pkgconfig
 BuildRequires: glib2-devel
@@ -102,6 +76,9 @@ BuildRequires: diffstat
 BuildRequires: findutils
 BuildRequires: samba4-devel >= samba4-4.0.0-59beta2
 BuildRequires: selinux-policy-targeted
+%ifarch %{ix86} x86_64 %{arm}
+BuildRequires: libcmocka-devel
+%endif
 
 %description
 Provides a set of daemons to manage access to remote directories and
@@ -110,6 +87,40 @@ the system and a pluggable backend system to connect to multiple different
 account sources. It is also the basis to provide client auditing and policy
 services for projects like FreeIPA.
 
+The sssd subpackage is a meta-package that contains the deamon as well as all
+the existing back ends.
+
+%package common
+Summary: Common files for the SSSD
+Group: Applications/System
+License: GPLv3+
+# Conflicts
+Conflicts: selinux-policy < 3.10.0-46
+Conflicts: sssd < 1.10.0-8%{?dist}.beta2
+# Requires
+Requires: libldb%{?_isa} = %{ldb_version}
+Requires: libtdb%{?_isa} >= 1.1.3
+Requires: sssd-client%{?_isa} = %{version}-%{release}
+Requires: libsss_idmap%{?_isa} = %{version}-%{release}
+Requires: libini_config >= 1.0.0.1
+Requires(post): systemd-units chkconfig
+Requires(preun): systemd-units chkconfig
+Requires(postun): systemd-units chkconfig
+
+
+### Provides ###
+Provides: libsss_sudo = %{version}-%{release}
+Obsoletes: libsss_sudo <= 1.10.0-7%{?dist}.beta1
+Provides: libsss_sudo-devel = %{version}-%{release}
+Obsoletes: libsss_sudo-devel <= 1.10.0-7%{?dist}.beta1
+Provides: libsss_autofs = %{version}-%{release}
+Obsoletes: libsss_autofs <= 1.10.0-7%{?dist}.beta1
+
+%description common
+Common files for the SSSD. The common package includes all the files needed
+to run a particular back end, however, the back ends are packaged in separate
+subpackages such as sssd-ldap.
+
 %package client
 Summary: SSSD Client libraries for NSS and PAM
 Group: Applications/System
@@ -125,7 +136,7 @@ service.
 Summary: Userspace tools for use with the SSSD
 Group: Applications/System
 License: GPLv3+
-Requires: sssd = %{version}-%{release}
+Requires: sssd-common = %{version}-%{release}
 
 %description tools
 Provides userspace tools for manipulating users, groups, and nested groups in
@@ -136,6 +147,110 @@ Also provides several other administrative tools:
     * sss_seed which pre-creates a user entry for use in kickstarts
     * sss_obfuscate for generating an obfuscated LDAP password
 
+%package -n python-sssdconfig
+Summary: SSSD and IPA configuration file manipulation classes and functions
+Group: Applications/System
+License: GPLv3+
+BuildArch: noarch
+
+%description -n python-sssdconfig
+Provides python files for manipulation SSSD and IPA configuration files.
+
+%package ldap
+Summary: The LDAP back end of the SSSD
+Group: Applications/System
+License: GPLv3+
+Conflicts: sssd < 1.10.0-8.beta2
+Requires: sssd-common = %{version}-%{release}
+Requires: sssd-krb5-common = %{version}-%{release}
+
+%description ldap
+Provides the LDAP back end that the SSSD can utilize to fetch identity data
+from and authenticate against an LDAP server.
+
+%package krb5-common
+Summary: SSSD helpers needed for Kerberos and GSSAPI authentication
+Group: Applications/System
+License: GPLv3+
+Conflicts: sssd < 1.10.0-8.beta2
+Requires: cyrus-sasl-gssapi%{?_isa}
+Requires: sssd-common = %{version}-%{release}
+
+%description krb5-common
+Provides helper processes that the LDAP and Kerberos back ends can use for
+Kerberos user or host authentication.
+
+%package krb5
+Summary: The Kerberos authentication back end for the SSSD
+Group: Applications/System
+License: GPLv3+
+Conflicts: sssd < 1.10.0-8.beta2
+Requires: sssd-common = %{version}-%{release}
+Requires: sssd-krb5-common = %{version}-%{release}
+
+%description krb5
+Provides the Kerberos back end that the SSSD can utilize authenticate
+against a Kerberos server.
+
+# RHEL 5 is too old to support the PAC responder
+%if !0%{?is_rhel5}
+%package common-pac
+Summary: Common files needed for supporting PAC processing
+Group: Applications/System
+License: GPLv3+
+Requires: sssd-common = %{version}-%{release}
+
+%description common-pac
+Provides common files needed by SSSD providers such as IPA and Active Directory
+for handling Kerberos PACs.
+%endif #is_rhel5
+
+%package ipa
+Summary: The IPA back end of the SSSD
+Group: Applications/System
+License: GPLv3+
+Conflicts: sssd < 1.10.0-8.beta2
+Requires: sssd-common = %{version}-%{release}
+Requires: sssd-krb5-common = %{version}-%{release}
+Requires: libipa_hbac%{?_isa} = %{version}-%{release}
+Requires: bind-utils
+# RHEL 5 is too old to support the PAC responder
+%if !0%{?is_rhel5}
+Requires: sssd-common-pac = %{version}-%{release}
+%endif
+
+%description ipa
+Provides the IPA back end that the SSSD can utilize to fetch identity data
+from and authenticate against an IPA server.
+
+%package ad
+Summary: The AD back end of the SSSD
+Group: Applications/System
+License: GPLv3+
+Conflicts: sssd < 1.10.0-8.beta2
+Requires: sssd-common = %{version}-%{release}
+Requires: sssd-krb5-common = %{version}-%{release}
+Requires: bind-utils
+# RHEL 5 is too old to support the PAC responder
+%if !0%{?is_rhel5}
+Requires: sssd-common-pac = %{version}-%{release}
+%endif
+
+%description ad
+Provides the Active Directory back end that the SSSD can utilize to fetch
+identity data from and authenticate against an Active Directory server.
+
+%package proxy
+Summary: The proxy back end of the SSSD
+Group: Applications/System
+License: GPLv3+
+Conflicts: sssd < 1.10.0-8.beta2
+Requires: sssd-common = %{version}-%{release}
+
+%description proxy
+Provides the proxy back end which can be used to wrap an existing NSS and/or
+PAM modules to leverage SSSD caching.
+
 %package -n libsss_idmap
 Summary: FreeIPA Idmap library
 Group: Development/Libraries
@@ -184,25 +299,34 @@ Requires: libipa_hbac = %{version}-%{release}
 The libipa_hbac-python contains the bindings so that libipa_hbac can be
 used by Python applications.
 
-%package -n libsss_sudo
-Summary: A library to allow communication between SUDO and SSSD
+%package -n libsss_nss_idmap
+Summary: Library for SID based lookups
 Group: Development/Libraries
 License: LGPLv3+
 Requires(post): /sbin/ldconfig
 Requires(postun): /sbin/ldconfig
-Requires: sssd = %{version}-%{release}
 
-%description -n libsss_sudo
-A utility library to allow communication between SUDO and SSSD
+%description -n libsss_nss_idmap
+Utility library for SID based lookups
 
-%package -n libsss_sudo-devel
-Summary: A library to allow communication between SUDO and SSSD
+%package -n libsss_nss_idmap-devel
+Summary: Library for SID based lookups
 Group: Development/Libraries
 License: LGPLv3+
-Requires: libsss_sudo = %{version}-%{release}
+Requires: libsss_nss_idmap = %{version}-%{release}
 
-%description -n libsss_sudo-devel
-A utility library to allow communication between SUDO and SSSD
+%description -n libsss_nss_idmap-devel
+Utility library for SID based lookups
+
+%package -n libsss_nss_idmap-python
+Summary: Python bindings for libsss_nss_idmap
+Group: Development/Libraries
+License: LGPLv3+
+Requires: libsss_nss_idmap = %{version}-%{release}
+
+%description -n libsss_nss_idmap-python
+The libsss_nss_idmap-python contains the bindings so that libsss_nss_idmap can
+be used by Python applications.
 
 %prep
 # Update timestamps on the files touched by a patch, to avoid non-equal
@@ -236,12 +360,12 @@ autoreconf -ivf
     --with-mcache-path=%{mcpath} \
     --with-init-dir=%{_initrddir} \
     --with-krb5-rcache-dir=%{_localstatedir}/cache/krb5rcache \
-    --with-default-ccache-dir=/run/user/%U \
-    --with-default-ccname-template=DIR:%d/krb5cc \
-    --enable-nsslibdir=/%{_lib} \
-    --enable-pammoddir=/%{_lib}/security \
+    --enable-nsslibdir=%{_libdir} \
+    --enable-pammoddir=%{_libdir}/security \
+    --enable-ldb-version-check \
     --disable-static \
     --disable-rpath \
+    --with-initscript=systemd \
     --with-test-dir=/dev/shm
 
 make %{?_smp_mflags} all docs
@@ -283,14 +407,19 @@ find $RPM_BUILD_ROOT -name "*.la" -exec rm -f {} \;
 rm -Rf ${RPM_BUILD_ROOT}/%{_docdir}/%{name}
 
 # Older versions of rpmbuild can only handle one -f option
-# So we need to append to the sssd.lang file
+# So we need to append to the sssd*.lang file
 for file in `ls $RPM_BUILD_ROOT/%{python_sitelib}/*.egg-info 2> /dev/null`
 do
-    echo %{python_sitelib}/`basename $file` >> sssd.lang
+    echo %{python_sitelib}/`basename $file` >> python_sssdconfig.lang
 done
 
 touch sssd_tools.lang
 touch sssd_client.lang
+for provider in ldap krb5 ipa ad proxy
+do
+    touch sssd_$provider.lang
+done
+
 for man in `find $RPM_BUILD_ROOT/%{_mandir}/??/man?/ -type f | sed -e "s#$RPM_BUILD_ROOT/%{_mandir}/##"`
 do
     lang=`echo $man | cut -c 1-2`
@@ -307,8 +436,20 @@ do
         pam_sss*)
             echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_client.lang
             ;;
-        sssd_krb5_locator_plugin*)
-            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_client.lang
+        sssd-ldap*)
+            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ldap.lang
+            ;;
+        sssd-krb5*)
+            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_krb5.lang
+            ;;
+        sssd-ipa*)
+            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ipa.lang
+            ;;
+        sssd-ad*)
+            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ad.lang
+            ;;
+        sssd-proxy*)
+            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_proxy.lang
             ;;
         *)
             echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang
@@ -326,11 +467,21 @@ cat sssd_client.lang
 echo "sssd_tools.lang:"
 cat sssd_tools.lang
 
+for provider in ldap krb5 ipa ad proxy
+do
+    echo "sssd_$provider.lang:"
+    cat sssd_$provider.lang
+done
+
 
 %clean
 rm -rf $RPM_BUILD_ROOT
 
-%files -f sssd.lang
+%files
+%defattr(-,root,root,-)
+%doc COPYING
+
+%files common -f sssd.lang
 %defattr(-,root,root,-)
 %doc COPYING
 %doc src/examples/sssd-example.conf
@@ -338,33 +489,27 @@ rm -rf $RPM_BUILD_ROOT
 %{_sbindir}/sssd
 
 %dir %{_libexecdir}/%{servicename}
-%{_libexecdir}/%{servicename}/krb5_child
-%{_libexecdir}/%{servicename}/ldap_child
-%{_libexecdir}/%{servicename}/proxy_child
 %{_libexecdir}/%{servicename}/sssd_be
 %{_libexecdir}/%{servicename}/sssd_nss
 %{_libexecdir}/%{servicename}/sssd_pam
 %{_libexecdir}/%{servicename}/sssd_autofs
 %{_libexecdir}/%{servicename}/sssd_ssh
 %{_libexecdir}/%{servicename}/sssd_sudo
-%{_libexecdir}/%{servicename}/sssd_pac
 
 %dir %{_libdir}/%{name}
-%{_libdir}/%{name}/libsss_ipa.so
-%{_libdir}/%{name}/libsss_krb5.so
-%{_libdir}/%{name}/libsss_ldap.so
-%{_libdir}/%{name}/libsss_proxy.so
 %{_libdir}/%{name}/libsss_simple.so
-%{_libdir}/%{name}/libsss_ad.so
 
 #Internal shared libraries
 %{_libdir}/%{name}/libsss_child.so
 %{_libdir}/%{name}/libsss_crypt.so
 %{_libdir}/%{name}/libsss_debug.so
-%{_libdir}/%{name}/libsss_krb5_common.so
 %{_libdir}/%{name}/libsss_ldap_common.so
 %{_libdir}/%{name}/libsss_util.so
 
+# 3rd party application libraries
+%{_libdir}/sssd/modules/libsss_autofs.so
+%{_libdir}/libsss_sudo.so
+
 %{ldb_modulesdir}/memberof.so
 %{_bindir}/sss_ssh_authorizedkeys
 %{_bindir}/sss_ssh_knownhostsproxy
@@ -378,7 +523,6 @@ rm -rf $RPM_BUILD_ROOT
 %ghost %attr(0644,root,root) %verify(not md5 size mtime) %{mcpath}/group
 %attr(755,root,root) %dir %{pipepath}
 %attr(755,root,root) %dir %{pubconfpath}
-%attr(755,root,root) %dir %{pubconfpath}/krb5.include.d
 %attr(700,root,root) %dir %{pipepath}/private
 %attr(750,root,root) %dir %{_var}/log/%{name}
 %attr(700,root,root) %dir %{_sysconfdir}/sssd
@@ -391,25 +535,64 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man1/sss_ssh_authorizedkeys.1*
 %{_mandir}/man1/sss_ssh_knownhostsproxy.1*
 %{_mandir}/man5/sssd.conf.5*
-%{_mandir}/man5/sssd-ipa.5*
-%{_mandir}/man5/sssd-krb5.5*
-%{_mandir}/man5/sssd-ldap.5*
 %{_mandir}/man5/sssd-simple.5*
-%{_mandir}/man5/sssd-ad.5*
 %{_mandir}/man5/sssd-sudo.5*
 %{_mandir}/man8/sssd.8*
 %{_mandir}/man8/sss_cache.8*
-
 %{python_sitearch}/pysss.so
 %{python_sitearch}/pysss_murmur.so
-%dir %{python_sitelib}/SSSDConfig
-%{python_sitelib}/SSSDConfig/*.py*
+
+%files ldap -f sssd_ldap.lang
+%defattr(-,root,root,-)
+%doc COPYING
+%{_libdir}/%{name}/libsss_ldap.so
+%{_mandir}/man5/sssd-ldap.5*
+
+%files krb5-common
+%defattr(-,root,root,-)
+%doc COPYING
+%{_libdir}/%{name}/libsss_krb5_common.so
+%{_libexecdir}/%{servicename}/ldap_child
+%{_libexecdir}/%{servicename}/krb5_child
+
+%files krb5 -f sssd_krb5.lang
+%defattr(-,root,root,-)
+%doc COPYING
+%{_libdir}/%{name}/libsss_krb5.so
+%{_mandir}/man5/sssd-krb5.5*
+
+# RHEL 5 is too old to support the PAC responder
+%if !0%{?is_rhel5}
+%files common-pac
+%defattr(-,root,root,-)
+%doc COPYING
+%{_libexecdir}/%{servicename}/sssd_pac
+%endif
+
+%files ipa -f sssd_ipa.lang
+%defattr(-,root,root,-)
+%doc COPYING
+%attr(755,root,root) %dir %{pubconfpath}/krb5.include.d
+%{_libdir}/%{name}/libsss_ipa.so
+%{_mandir}/man5/sssd-ipa.5*
+
+%files ad -f sssd_ad.lang
+%defattr(-,root,root,-)
+%doc COPYING
+%{_libdir}/%{name}/libsss_ad.so
+%{_mandir}/man5/sssd-ad.5*
+
+%files proxy
+%defattr(-,root,root,-)
+%doc COPYING
+%{_libexecdir}/%{servicename}/proxy_child
+%{_libdir}/%{name}/libsss_proxy.so
 
 %files client -f sssd_client.lang
 %defattr(-,root,root,-)
 %doc src/sss_client/COPYING src/sss_client/COPYING.LESSER
-/%{_lib}/libnss_sss.so.2
-/%{_lib}/security/pam_sss.so
+%{_libdir}/libnss_sss.so.2
+%{_libdir}/security/pam_sss.so
 %{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so
 %{_libdir}/krb5/plugins/authdata/sssd_pac_plugin.so
 %{_mandir}/man8/pam_sss.8*
@@ -439,6 +622,11 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man8/sss_debuglevel.8*
 %{_mandir}/man8/sss_seed.8*
 
+%files -n python-sssdconfig -f python_sssdconfig.lang
+%defattr(-,root,root,-)
+%dir %{python_sitelib}/SSSDConfig
+%{python_sitelib}/SSSDConfig/*.py*
+
 %files -n libsss_idmap
 %defattr(-,root,root,-)
 %doc src/sss_client/COPYING src/sss_client/COPYING.LESSER
@@ -467,55 +655,36 @@ rm -rf $RPM_BUILD_ROOT
 %defattr(-,root,root,-)
 %{python_sitearch}/pyhbac.so
 
-%package -n libsss_autofs
-Summary: A library to allow communication between Autofs and SSSD
-Group: Development/Libraries
-License: LGPLv3+
-
-%description -n libsss_autofs
-A utility library to allow communication between Autofs and SSSD
-
-%files -n libsss_sudo
+%files -n libsss_nss_idmap
 %defattr(-,root,root,-)
 %doc src/sss_client/COPYING src/sss_client/COPYING.LESSER
-%{_libdir}/libsss_sudo.so*
+%{_libdir}/libsss_nss_idmap.so.*
 
-%files -n libsss_sudo-devel
-%doc libsss_sudo_doc/html
-%{_includedir}/sss_sudo.h
-
-%files -n libsss_autofs
+%files -n libsss_nss_idmap-devel
 %defattr(-,root,root,-)
-%doc src/sss_client/COPYING src/sss_client/COPYING.LESSER
-%{_libdir}/sssd/modules/libsss_autofs.so*
+%doc nss_idmap_doc/html
+%{_includedir}/sss_nss_idmap.h
+%{_libdir}/libsss_nss_idmap.so
+%{_libdir}/pkgconfig/sss_nss_idmap.pc
 
-%post
+%files -n libsss_nss_idmap-python
+%defattr(-,root,root,-)
+%{python_sitearch}/pysss_nss_idmap.so
+
+%post common
 if [ $1 -ge 1 ] ; then
     # Initial installation
     /bin/systemctl daemon-reload >/dev/null 2>&1 || :
 fi
 
-%preun
+%preun common
 if [ $1 -eq 0 ]; then
      # Package removal, not upgrade
     /bin/systemctl --no-reload disable sssd.service > /dev/null 2>&1 || :
     /bin/systemctl stop sssd.service > /dev/null 2>&1 || :
 fi
 
-%triggerun -- sssd < %{version}-%{release}
-if /sbin/chkconfig --level 3 sssd ; then
-        /bin/systemctl --no-reload enable sssd.service >/dev/null 2>&1 || :
-fi
-
-if /sbin/chkconfig --level 5 sssd ; then
-        /bin/systemctl --no-reload enable sssd.service >/dev/null 2>&1 || :
-fi
-
-/sbin/chkconfig --del sssd >/dev/null 2>&1 || :
-
-
-
-%postun
+%postun common
 /bin/systemctl daemon-reload >/dev/null 2>&1 || :
 if [ $1 -ge 1 ] ; then
     /bin/systemctl try-restart sssd.service >/dev/null 2>&1 || :
@@ -533,12 +702,155 @@ fi
 
 %postun -n libsss_idmap -p /sbin/ldconfig
 
-%post -n libsss_sudo -p /sbin/ldconfig
-
-%postun -n libsss_sudo -p /sbin/ldconfig
-
 %changelog
-* Fri Mar 01 2013 Stpehen Gallagher <sgallagh@redhat.com> - 1.9.5-9
+* Fri Apr 11 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.5.1-1
+- New upstream release 1.11.5.1
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1
+
+* Tue Apr 08 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.5-1
+- New upstream release 1.11.5
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5
+
+* Mon Feb 17 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.4-1
+- New upstream release 1.11.4
+- Remove upstreamed patch
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4
+
+* Wed Oct 30 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.3-1
+- New upstream release 1.11.3
+- Remove upstreamed patches
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3
+
+* Wed Oct 30 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-1
+- New upstream release 1.11.2
+- Remove upstreamed patches
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2
+
+* Wed Oct 16 2013 Sumit Bose <sbose@redhat.com> - 1.11.1-4
+- Fix potential crash with external groups in trusted IPA-AD setup
+
+* Tue Oct 08 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.1-3
+- Fix failover from Global Catalog to LDAP in case GC is not available
+
+* Fri Oct 04 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.1-2
+- Remove the ability to create public ccachedir (#1015089)
+
+* Fri Sep 27 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.1-1
+- New upstream release 1.11.1
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1
+
+* Thu Sep 26 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0-3
+- Fix multicast checks in the SSSD
+- Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source
+                           code getting the host info
+
+* Wed Aug 28 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0-2
+- Backport simplification of ccache management from 1.11.1
+- Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login
+
+* Wed Aug 28 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0-1
+- New upstream release 1.11.0
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0
+
+* Fri Aug 23 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0-0.2.beta2
+- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid:
+                      Process /usr/libexec/sssd/sssd_nss was killed by
+                      signal 11 (SIGSEGV)
+- Resolves: #996214 - sssd proxy_child segfault
+
+* Wed Aug 08 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0beta2
+- New upstream release 1.11 beta 2
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2
+
+* Wed Jul 31 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.1-2
+- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and
+                      pam libraries
+
+* Thu Jul 18 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.1-1
+- New upstream release 1.10.1
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1
+
+* Mon Jul 08 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-17
+- sssd-tools should require sssd-common, not sssd
+
+* Tue Jul 02 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.10.0-16
+- Move sssd_pac to the sssd-ipa and sssd-ad subpackages
+- Trim out RHEL5-specific macros since we don't build on RHEL 5
+- Trim out macros for Fedora older than F18
+- Update libldb requirement to 1.1.16
+- Trim RPM changelog down to the last year
+
+* Tue Jul 02 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.10.0-15
+- Move sssd_pac to the sssd-krb5 subpackage
+
+* Mon Jul 01 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.10.0-14
+- Fix Obsoletes: to account for dist tag
+- Convert post and pre scripts to run on the sssd-common subpackage
+- Remove old conversion from SYSV
+
+* Thu Jun 27 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-13
+- New upstream release 1.10
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0
+
+* Mon Jun 17 2013 Dan Horák <dan[at]danny.cz> - 1.10.0-12.beta2
+- the cmocka toolkit exists only on selected arches
+
+* Sun Jun 16 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-11.beta2
+- Apply a number of patches from upstream to fix issues found post-beta,
+  in particular:
+  -- segfault with a high DEBUG level
+  -- Fix IPA password migration (upstream #1873)
+  -- Fix fail over when retrying SRV resolution (upstream #1886)
+
+* Thu Jun 13 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-10.beta2
+- Only BuildRequire libcmocka on Fedora
+
+* Thu Jun 13 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-9.beta2
+- Fix typo in Requires that prevented an upgrade (#973916)
+- Use a hardcoded version in Conflicts, not less-than-current
+
+* Wed Jun 12 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-8.beta2
+- New upstream release 1.10 beta2
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2
+- BuildRequire libcmocka-devel in order to run all upstream tests during build
+- BuildRequire libnl3 instead of libnl1
+- No longer BuildRequire initscripts, we no longer use /sbin/service
+- Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any
+  older krb5-libs version
+
+* Thu Jun 06 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-7.beta1
+- Enable hardened build for RHEL7
+
+* Fri May 24 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-6.beta1
+- Apply a couple of patches from upstream git that resolve crashes when
+  ID mapping object was not initialized properly but needed later
+
+* Tue May 14 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-5.beta1
+- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during
+                          realm join
+- Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by
+                          default for AD Provider
+- Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file
+                          parent directory when logging in
+
+* Tue May  7 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-4.beta1
+- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug
+  in ding-libs
+- Fix SSH integration with fully-qualified domains
+- Add the ability to dynamically discover the NetBIOS name
+
+* Fri May  3 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-3.beta1
+- New upstream release 1.10 beta1
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1
+
+* Wed Apr 17 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-2.alpha1
+- Add a patch to fix krb5 ccache creation issue with krb5 1.11
+
+* Tue Apr  2 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-1.alpha1
+- New upstream release 1.10 alpha1
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1
+
+* Fri Mar 01 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.9.4-9
 - Split internal helper libraries into a shared object
 - Significantly reduce disk-space usage