Update to upstream 4.1.1

- see http://www.freeipa.org/page/Releases/4.1.1 - fix CVE-2014-7828
2014-11-06 14:39:07 +01:00 · 2014-11-06 14:39:07 +01:00 · 00870e3919
commit 00870e3919
parent c8a68dfb66
4 changed files with 11 additions and 58 deletions
--- a/.gitignore
+++ b/.gitignore
@ -34,3 +34,4 @@
 /freeipa-4.0.2.tar.gz
 /freeipa-4.0.3.tar.gz
 /freeipa-4.1.0.tar.gz
 /freeipa-4.1.1.tar.gz
--- a/0001-Do-not-check-if-port-8443-is-available-in-step-2-of.patch
+++ b/0001-Do-not-check-if-port-8443-is-available-in-step-2-of.patch
@ -1,52 +0,0 @@
 >From 1a42a07cfa02753053298c75d3a76cb1cb3bf839 Mon Sep 17 00:00:00 2001
 From: Jan Cholasta <jcholast@redhat.com>
 Date: Wed, 22 Oct 2014 11:18:35 +0200
 Subject: [PATCH] Do not check if port 8443 is available in step 2 of external
 CA install
 The port is never available in step 2 of external CA install, as Dogtag is
 already running.
 https://fedorahosted.org/freeipa/ticket/4660
 ---
 install/tools/ipa-ca-install     | 3 ++-
 install/tools/ipa-server-install | 9 +++++----
 2 files changed, 7 insertions(+), 5 deletions(-)
 diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install
 index cb072e6..1bda22d 100755
 --- a/install/tools/ipa-ca-install
 +++ b/install/tools/ipa-ca-install
@@ -301,7 +301,8 @@ def install_master(safe_options, options):
     domain_name = api.env.domain
     host_name = api.env.host
 -    check_ca()
 +    if external != 2:
 +        check_ca()
     dirname = dsinstance.config_dirname(
         dsinstance.realm_to_serverid(realm_name))
 diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
 index 0394314..67dd21f 100755
 --- a/install/tools/ipa-server-install
 +++ b/install/tools/ipa-server-install
@@ -869,10 +869,11 @@ def main():
         # Make sure the 389-ds ports are available
         check_dirsrv(options.unattended)
 -    if setup_ca:
 -        if not cainstance.check_port():
 -            print "IPA requires port 8443 for PKI but it is currently in use."
 -            sys.exit("Aborting installation")
 +        if setup_ca:
 +            if not cainstance.check_port():
 +                print ("IPA requires port 8443 for PKI but it is currently in "
 +                       "use.")
 +                sys.exit("Aborting installation")
     if options.conf_ntp:
         try:
 -- 
 1.9.3
--- a/freeipa.spec
+++ b/freeipa.spec
@ -19,13 +19,13 @@
 %global platform_module fedora
 %endif
-%global VERSION 4.1.0
+%global VERSION 4.1.1
 %define _hardened_build 1
 Name:           freeipa
 Version:        %{VERSION}
-Release:        2%{?dist}
+Release:        1%{?dist}
 Summary:        The Identity, Policy and Audit system
 Group:          System Environment/Base
@ -34,8 +34,6 @@ URL:            http://www.freeipa.org/
 Source0:        http://www.freeipa.org/downloads/src/freeipa-%{VERSION}.tar.gz
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Patch0001:      0001-Do-not-check-if-port-8443-is-available-in-step-2-of.patch
 %if ! %{ONLY_CLIENT}
 BuildRequires:  389-ds-base-devel >= 1.3.3.5
 BuildRequires:  svrcore-devel
@ -134,7 +132,7 @@ Requires(pre): systemd-units
 Requires(post): systemd-units
 Requires: selinux-policy >= %{selinux_policy_version}
 Requires(post): selinux-policy-base
-Requires: slapi-nis >= 0.54-1
+Requires: slapi-nis >= 0.54.1-1
 Requires: pki-ca >= 10.2.0-3
 %if 0%{?rhel}
 Requires: subscription-manager
@ -447,6 +445,7 @@ mkdir -p %{buildroot}%{_usr}/share/ipa/html/
 /bin/touch %{buildroot}%{_usr}/share/ipa/html/preferences.html
 mkdir -p %{buildroot}%{_initrddir}
 mkdir %{buildroot}%{_sysconfdir}/sysconfig/
 mkdir -p %{buildroot}%{_localstatedir}/named/dyndb-ldap/ipa/
 install -m 644 init/ipa_memcached.conf %{buildroot}%{_sysconfdir}/sysconfig/ipa_memcached
 install -m 644 init/ipa-dnskeysyncd.conf %{buildroot}%{_sysconfdir}/sysconfig/ipa-dnskeysyncd
 install -m 644 init/ipa-ods-exporter.conf %{buildroot}%{_sysconfdir}/sysconfig/ipa-ods-exporter
@ -686,6 +685,7 @@ fi
 %config(noreplace) %{_sysconfdir}/sysconfig/ipa-ods-exporter
 %dir %attr(0700,apache,apache) %{_localstatedir}/run/ipa_memcached/
 %dir %attr(0700,root,root) %{_localstatedir}/run/ipa/
 %dir %attr(0770,named,named) %{_localstatedir}/named/dyndb-ldap/ipa/
 # NOTE: systemd specific section
 %{_tmpfilesdir}/%{name}.conf
 %attr(644,root,root) %{_unitdir}/ipa.service
@ -918,6 +918,10 @@ fi
 %endif # ONLY_CLIENT
 %changelog
 * Thu Nov 06 2014 Petr Vobornik <pvoborni@redhat.com> - 4.1.1-1
 - Update to upstream 4.1.1 - see http://www.freeipa.org/page/Releases/4.1.1
 - fix CVE-2014-7828
 * Wed Oct 22 2014 Petr Vobornik <pvoborni@redhat.com> - 4.1.0-2
 - fix armv7hl stack oversize build failure
 - fix https://fedorahosted.org/freeipa/ticket/4660
--- a/2
+++ b/2
@ -1 +1 @@
-15d4914499ff928a1f90b3c4d15998f8  freeipa-4.1.0.tar.gz
+6e1ec60f71aa17b65a2a3caadd688f3c  freeipa-4.1.1.tar.gz
`@ -1 +1 @@`
	`15d4914499ff928a1f90b3c4d15998f8 freeipa-4.1.0.tar.gz`	`6e1ec60f71aa17b65a2a3caadd688f3c freeipa-4.1.1.tar.gz`