rpms/ipa
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to upstream 4.4.4

Browse Source
This commit is contained in:
Tomas Krizek 2017-03-24 13:55:56 +01:00
parent ffb418a5d6
commit 0cfff8c8ae
No known key found for this signature in database
GPG Key ID: 22A2A94B5E49415A
6 changed files with 20 additions and 438 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -47,3 +47,5 @@
/freeipa-4.4.1.tar.gz
/freeipa-4.4.2.tar.gz
/freeipa-4.4.3.tar.gz
/freeipa-4.4.4.tar.gz
/freeipa-4.4.4.tar.gz.asc

130
0002-Support-DAL-version-5-and-version-6.patch
View File

@ -1,130 +0,0 @@
From 2775042787be4ea236c0b99dd75337414e24b89d Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Tue, 1 Nov 2016 15:13:14 -0400
Subject: [PATCH] Support DAL version 5 and version 6
https://fedorahosted.org/freeipa/ticket/6466
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
Reviewed-By: Robbie Harwood <rharwood@redhat.com>
---
daemons/ipa-kdb/ipa_kdb.c | 102 ++++++++++++++++++++++++++++------------------
1 file changed, 63 insertions(+), 39 deletions(-)
diff --git a/daemons/ipa-kdb/ipa_kdb.c b/daemons/ipa-kdb/ipa_kdb.c
index fbcb03b..e96353f 100644
--- a/daemons/ipa-kdb/ipa_kdb.c
+++ b/daemons/ipa-kdb/ipa_kdb.c
@@ -625,45 +625,69 @@ static void ipadb_free(krb5_context context, void *ptr)
/* KDB Virtual Table */
+#if KRB5_KDB_DAL_MAJOR_VERSION == 5
kdb_vftabl kdb_function_table = {
- KRB5_KDB_DAL_MAJOR_VERSION, /* major version number */
- 0, /* minor version number */
- ipadb_init_library, /* init_library */
- ipadb_fini_library, /* fini_library */
- ipadb_init_module, /* init_module */
- ipadb_fini_module, /* fini_module */
- ipadb_create, /* create */
- NULL, /* destroy */
- ipadb_get_age, /* get_age */
- NULL, /* lock */
- NULL, /* unlock */
- ipadb_get_principal, /* get_principal */
- ipadb_free_principal, /* free_principal */
- ipadb_put_principal, /* put_principal */
- ipadb_delete_principal, /* delete_principal */
- ipadb_iterate, /* iterate */
- ipadb_create_pwd_policy, /* create_policy */
- ipadb_get_pwd_policy, /* get_policy */
- ipadb_put_pwd_policy, /* put_policy */
- ipadb_iterate_pwd_policy, /* iter_policy */
- ipadb_delete_pwd_policy, /* delete_policy */
- ipadb_free_pwd_policy, /* free_policy */
- ipadb_alloc, /* alloc */
- ipadb_free, /* free */
- ipadb_fetch_master_key, /* fetch_master_key */
- NULL, /* fetch_master_key_list */
- ipadb_store_master_key_list, /* store_master_key_list */
- NULL, /* dbe_search_enctype */
- ipadb_change_pwd, /* change_pwd */
- NULL, /* promote_db */
- NULL, /* decrypt_key_data */
- NULL, /* encrypt_key_data */
- ipadb_sign_authdata, /* sign_authdata */
- ipadb_check_transited_realms, /* check_transited_realms */
- ipadb_check_policy_as, /* check_policy_as */
- NULL, /* check_policy_tgs */
- ipadb_audit_as_req, /* audit_as_req */
- NULL, /* refresh_config */
- ipadb_check_allowed_to_delegate /* check_allowed_to_delegate */
+ .maj_ver = KRB5_KDB_DAL_MAJOR_VERSION,
+ .min_ver = 0,
+ .init_library = ipadb_init_library,
+ .fini_library = ipadb_fini_library,
+ .init_module = ipadb_init_module,
+ .fini_module = ipadb_fini_module,
+ .create = ipadb_create,
+ .get_age = ipadb_get_age,
+ .get_principal = ipadb_get_principal,
+ .free_principal = ipadb_free_principal,
+ .put_principal = ipadb_put_principal,
+ .delete_principal = ipadb_delete_principal,
+ .iterate = ipadb_iterate,
+ .create_policy = ipadb_create_pwd_policy,
+ .get_policy = ipadb_get_pwd_policy,
+ .put_policy = ipadb_put_pwd_policy,
+ .iter_policy = ipadb_iterate_pwd_policy,
+ .delete_policy = ipadb_delete_pwd_policy,
+ .free_policy = ipadb_free_pwd_policy,
+ .alloc = ipadb_alloc,
+ .free = ipadb_free,
+ .fetch_master_key = ipadb_fetch_master_key,
+ .store_master_key_list = ipadb_store_master_key_list,
+ .change_pwd = ipadb_change_pwd,
+ .sign_authdata = ipadb_sign_authdata,
+ .check_transited_realms = ipadb_check_transited_realms,
+ .check_policy_as = ipadb_check_policy_as,
+ .audit_as_req = ipadb_audit_as_req,
+ .check_allowed_to_delegate = ipadb_check_allowed_to_delegate
};
+#elif KRB5_KDB_DAL_MAJOR_VERSION == 6
+kdb_vftabl kdb_function_table = {
+ .maj_ver = KRB5_KDB_DAL_MAJOR_VERSION,
+ .min_ver = 0,
+ .init_library = ipadb_init_library,
+ .fini_library = ipadb_fini_library,
+ .init_module = ipadb_init_module,
+ .fini_module = ipadb_fini_module,
+ .create = ipadb_create,
+ .get_age = ipadb_get_age,
+ .get_principal = ipadb_get_principal,
+ .put_principal = ipadb_put_principal,
+ .delete_principal = ipadb_delete_principal,
+ .iterate = ipadb_iterate,
+ .create_policy = ipadb_create_pwd_policy,
+ .get_policy = ipadb_get_pwd_policy,
+ .put_policy = ipadb_put_pwd_policy,
+ .iter_policy = ipadb_iterate_pwd_policy,
+ .delete_policy = ipadb_delete_pwd_policy,
+ .fetch_master_key = ipadb_fetch_master_key,
+ .store_master_key_list = ipadb_store_master_key_list,
+ .change_pwd = ipadb_change_pwd,
+ .sign_authdata = ipadb_sign_authdata,
+ .check_transited_realms = ipadb_check_transited_realms,
+ .check_policy_as = ipadb_check_policy_as,
+ .audit_as_req = ipadb_audit_as_req,
+ .check_allowed_to_delegate = ipadb_check_allowed_to_delegate
+};
+
+#else
+#error unsupported DAL major version
+#endif
+
--
2.7.4

233
0004-ipa-kdb-support-KDB-DAL-version-6.1.patch
View File

@ -1,233 +0,0 @@
From 985549be991c73c7455ed3b1393bd464ef4d197a Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Tue, 24 Jan 2017 11:02:30 +0200
Subject: [PATCH 1/1] ipa-kdb: support KDB DAL version 6.1
DAL version 6.0 removed support for a callback to free principal.
This broke KDB drivers which had complex e_data structure within
the principal structure. As result, FreeIPA KDB driver was leaking
memory with DAL version 6.0 (krb5 1.15).
DAL version 6.1 added a special callback for freeing e_data structure.
See details at krb5/krb5#596
Restructure KDB driver code to provide this callback in case
we are built against DAL version that supports it. For DAL version
prior to 6.0 use this callback in the free_principal callback to
tidy the code.
Use explicit KDB version dependency in Fedora 26+ via BuildRequires.
With new DAL version, freeipa package will fail to build and
we'll have to add a support for new DAL version explicitly.
https://fedorahosted.org/freeipa/ticket/6619
---
daemons/configure.ac | 21 ++++++++++++++++++
daemons/ipa-kdb/ipa_kdb.c | 42 ++++++++++++++++++++++++++++++++++--
daemons/ipa-kdb/ipa_kdb.h | 2 ++
daemons/ipa-kdb/ipa_kdb_principals.c | 42 ++++++++++++++++++++----------------
freeipa.spec.in | 9 ++++++++
5 files changed, 96 insertions(+), 20 deletions(-)
diff --git a/daemons/configure.ac b/daemons/configure.ac
index 5c5a1046397aa97ba18cafc1b81dc2a6fb2dfd34..77a3be0397fac0364d364f2e4ac3f917cca7fff3 100644
--- a/daemons/configure.ac
+++ b/daemons/configure.ac
@@ -66,6 +66,27 @@ AC_SUBST(KRB5_LIBS)
AC_SUBST(KRAD_LIBS)
AC_SUBST(krb5rundir)
+AC_CHECK_HEADER(kdb.h, [], [AC_MSG_ERROR([kdb.h not found])])
+AC_CHECK_MEMBER(
+ [kdb_vftabl.free_principal],
+ [AC_DEFINE([HAVE_KDB_FREEPRINCIPAL], [1],
+ [KDB driver API has free_principal callback])],
+ [AC_MSG_NOTICE([KDB driver API has no free_principal callback])],
+ [[#include <kdb.h>]])
+AC_CHECK_MEMBER(
+ [kdb_vftabl.free_principal_e_data],
+ [AC_DEFINE([HAVE_KDB_FREEPRINCIPAL_EDATA], [1],
+ [KDB driver API has free_principal_e_data callback])],
+ [AC_MSG_NOTICE([KDB driver API has no free_principal_e_data callback])],
+ [[#include <kdb.h>]])
+
+if test "x$ac_cv_member_kdb_vftabl_free_principal" = "xno" \
+ -a "x$ac_cv_member_kdb_vftable_free_principal_e_data" = "xno" ; then
+ AC_MSG_WARN([KDB driver API does not allow to free Kerberos principal data.])
+ AC_MSG_WARN([KDB driver will leak memory on Kerberos principal use])
+ AC_MSG_WARN([See https://github.com/krb5/krb5/pull/596 for details])
+fi
+
dnl ---------------------------------------------------------------------------
dnl - Check for Mozilla LDAP and OpenLDAP SDK
dnl ---------------------------------------------------------------------------
diff --git a/daemons/ipa-kdb/ipa_kdb.c b/daemons/ipa-kdb/ipa_kdb.c
index e96353fe2602652dbf12f68745080b64665ffed2..e74ab56270500c2d3753d76754b8a5f1c28200a0 100644
--- a/daemons/ipa-kdb/ipa_kdb.c
+++ b/daemons/ipa-kdb/ipa_kdb.c
@@ -625,6 +625,9 @@ static void ipadb_free(krb5_context context, void *ptr)
/* KDB Virtual Table */
+/* We explicitly want to keep different ABI tables below separate. */
+/* Do not merge them together. Older ABI does not need to be updated */
+
#if KRB5_KDB_DAL_MAJOR_VERSION == 5
kdb_vftabl kdb_function_table = {
.maj_ver = KRB5_KDB_DAL_MAJOR_VERSION,
@@ -657,8 +660,9 @@ kdb_vftabl kdb_function_table = {
.audit_as_req = ipadb_audit_as_req,
.check_allowed_to_delegate = ipadb_check_allowed_to_delegate
};
+#endif
-#elif KRB5_KDB_DAL_MAJOR_VERSION == 6
+#if (KRB5_KDB_DAL_MAJOR_VERSION == 6) && !defined(HAVE_KDB_FREEPRINCIPAL_EDATA)
kdb_vftabl kdb_function_table = {
.maj_ver = KRB5_KDB_DAL_MAJOR_VERSION,
.min_ver = 0,
@@ -686,8 +690,42 @@ kdb_vftabl kdb_function_table = {
.audit_as_req = ipadb_audit_as_req,
.check_allowed_to_delegate = ipadb_check_allowed_to_delegate
};
+#endif
-#else
+#if (KRB5_KDB_DAL_MAJOR_VERSION == 6) && defined(HAVE_KDB_FREEPRINCIPAL_EDATA)
+kdb_vftabl kdb_function_table = {
+ .maj_ver = KRB5_KDB_DAL_MAJOR_VERSION,
+ .min_ver = 1,
+ .init_library = ipadb_init_library,
+ .fini_library = ipadb_fini_library,
+ .init_module = ipadb_init_module,
+ .fini_module = ipadb_fini_module,
+ .create = ipadb_create,
+ .get_age = ipadb_get_age,
+ .get_principal = ipadb_get_principal,
+ .put_principal = ipadb_put_principal,
+ .delete_principal = ipadb_delete_principal,
+ .iterate = ipadb_iterate,
+ .create_policy = ipadb_create_pwd_policy,
+ .get_policy = ipadb_get_pwd_policy,
+ .put_policy = ipadb_put_pwd_policy,
+ .iter_policy = ipadb_iterate_pwd_policy,
+ .delete_policy = ipadb_delete_pwd_policy,
+ .fetch_master_key = ipadb_fetch_master_key,
+ .store_master_key_list = ipadb_store_master_key_list,
+ .change_pwd = ipadb_change_pwd,
+ .sign_authdata = ipadb_sign_authdata,
+ .check_transited_realms = ipadb_check_transited_realms,
+ .check_policy_as = ipadb_check_policy_as,
+ .audit_as_req = ipadb_audit_as_req,
+ .check_allowed_to_delegate = ipadb_check_allowed_to_delegate,
+ /* The order is important, DAL version 6.1 added
+ * the free_principal_e_data callback */
+ .free_principal_e_data = ipadb_free_principal_e_data,
+};
+#endif
+
+#if (KRB5_KDB_DAL_MAJOR_VERSION != 5) && (KRB5_KDB_DAL_MAJOR_VERSION != 6)
#error unsupported DAL major version
#endif
diff --git a/daemons/ipa-kdb/ipa_kdb.h b/daemons/ipa-kdb/ipa_kdb.h
index 1fdb409df92f1f8d9a82af3423e6e73313c62ab7..d5a343345562062b309d14c2e493f8d3028a6780 100644
--- a/daemons/ipa-kdb/ipa_kdb.h
+++ b/daemons/ipa-kdb/ipa_kdb.h
@@ -180,6 +180,8 @@ krb5_error_code ipadb_get_principal(krb5_context kcontext,
unsigned int flags,
krb5_db_entry **entry);
void ipadb_free_principal(krb5_context kcontext, krb5_db_entry *entry);
+/* Helper function for DAL API 6.1 or later */
+void ipadb_free_principal_e_data(krb5_context kcontext, krb5_octet *e_data);
krb5_error_code ipadb_put_principal(krb5_context kcontext,
krb5_db_entry *entry,
char **db_args);
diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c
index 5b80909475565d6bb4fa8cba67629094daf51eb3..3bd8fb8c70c61b056a714bc0a8149bd8524beb1d 100644
--- a/daemons/ipa-kdb/ipa_kdb_principals.c
+++ b/daemons/ipa-kdb/ipa_kdb_principals.c
@@ -1274,11 +1274,32 @@ done:
return kerr;
}
+void ipadb_free_principal_e_data(krb5_context kcontext, krb5_octet *e_data)
+{
+ struct ipadb_e_data *ied;
+ int i;
+
+ ied = (struct ipadb_e_data *)e_data;
+ if (ied->magic == IPA_E_DATA_MAGIC) {
+ ldap_memfree(ied->entry_dn);
+ free(ied->passwd);
+ free(ied->pw_policy_dn);
+ for (i = 0; ied->pw_history && ied->pw_history[i]; i++) {
+ free(ied->pw_history[i]);
+ }
+ free(ied->pw_history);
+ for (i = 0; ied->authz_data && ied->authz_data[i]; i++) {
+ free(ied->authz_data[i]);
+ }
+ free(ied->authz_data);
+ free(ied->pol);
+ free(ied);
+ }
+}
+
void ipadb_free_principal(krb5_context kcontext, krb5_db_entry *entry)
{
- struct ipadb_e_data *ied;
krb5_tl_data *prev, *next;
- int i;
if (entry) {
krb5_free_principal(kcontext, entry->princ);
@@ -1292,22 +1313,7 @@ void ipadb_free_principal(krb5_context kcontext, krb5_db_entry *entry)
ipa_krb5_free_key_data(entry->key_data, entry->n_key_data);
if (entry->e_data) {
- ied = (struct ipadb_e_data *)entry->e_data;
- if (ied->magic == IPA_E_DATA_MAGIC) {
- ldap_memfree(ied->entry_dn);
- free(ied->passwd);
- free(ied->pw_policy_dn);
- for (i = 0; ied->pw_history && ied->pw_history[i]; i++) {
- free(ied->pw_history[i]);
- }
- free(ied->pw_history);
- for (i = 0; ied->authz_data && ied->authz_data[i]; i++) {
- free(ied->authz_data[i]);
- }
- free(ied->authz_data);
- free(ied->pol);
- free(ied);
- }
+ ipadb_free_principal_e_data(kcontext, entry->e_data);
}
free(entry);
diff --git a/freeipa.spec.in b/freeipa.spec.in
index 1dd8d0c60cacfc79554bb3c61fa8297e89b7b192..52ad0d4c1f1cec95821e17401e709f05ea9d97f6 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -57,7 +57,16 @@ BuildRequires: nspr-devel
BuildRequires: nss-devel
BuildRequires: openssl-devel
BuildRequires: openldap-devel
+# For KDB DAL version, make explicit dependency so that increase of version
+# will cause the build to fail due to unsatisfied dependencies.
+# DAL version change may cause code crash or memory leaks, it is better to fail early.
+%if 0%{?fedora} > 25
+BuildRequires: krb5-devel >= 1.15-5
+BuildRequires: krb5-kdb-version = 6.1
+%else
+# 1.12+: libkrad (http://krbdev.mit.edu/rt/Ticket/Display.html?id=7678)
BuildRequires: krb5-devel >= 1.13
+%endif
BuildRequires: krb5-workstation
BuildRequires: libuuid-devel
BuildRequires: libcurl-devel >= 7.21.7-2
--
2.9.3

60
0005-ca-correctly-authorise-ca-del-ca-enable-and-ca-disab.patch
View File

@ -1,60 +0,0 @@
From e9840aee2b1290db7f0f8ec785b338b17d57b569 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal@redhat.com>
Date: Fri, 13 Jan 2017 20:33:45 +1000
Subject: [PATCH] ca: correctly authorise ca-del, ca-enable and ca-disable
CAs consist of a FreeIPA and a corresponding Dogtag object. When
executing ca-del, ca-enable and ca-disable, changes are made to the
Dogtag object. In the case of ca-del, the corresponding FreeIPA
object is deleted after the Dogtag CA is deleted.
These operations were not correctly authorised; the FreeIPA
permissions are not checked before the Dogtag operations are
executed. This allows any user to delete, enable or disable a
lightweight CA (except the main IPA CA, for which there are
additional check to prevent deletion or disablement).
Add the proper authorisation checks to the ca-del, ca-enable and
ca-disable commands.
---
ipaserver/plugins/ca.py | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/ipaserver/plugins/ca.py b/ipaserver/plugins/ca.py
index d9ae8c81fdca51cbfee34e83cbb9ca6873ebad0b..227b08e0e1e9f7f48c4133da77093d58559562d9 100644
--- a/ipaserver/plugins/ca.py
+++ b/ipaserver/plugins/ca.py
@@ -213,6 +213,12 @@ class ca_del(LDAPDelete):
def pre_callback(self, ldap, dn, *keys, **options):
ca_enabled_check()
+ # ensure operator has permission to delete CA
+ # before contacting Dogtag
+ if not ldap.can_delete(dn):
+ raise errors.ACIError(info=_(
+ "Insufficient privilege to delete a CA."))
+
if keys[0] == IPA_CA_CN:
raise errors.ProtectedEntryError(
label=_("CA"),
@@ -251,9 +257,15 @@ class CAQuery(LDAPQuery):
def execute(self, cn, **options):
ca_enabled_check()
- ca_id = self.api.Command.ca_show(cn)['result']['ipacaid'][0]
+ ca_obj = self.api.Command.ca_show(cn)['result']
+
+ # ensure operator has permission to modify CAs
+ if not self.api.Backend.ldap2.can_write(ca_obj['dn'], 'description'):
+ raise errors.ACIError(info=_(
+ "Insufficient privilege to modify a CA."))
+
with self.api.Backend.ra_lightweight_ca as ca_api:
- self.perform_action(ca_api, ca_id)
+ self.perform_action(ca_api, ca_obj['ipacaid'][0])
return dict(
result=True,
--
2.9.3

30
freeipa.spec
View File

@ -32,26 +32,24 @@
%global platform_module fedora
%endif
%global VERSION 4.4.3
%global VERSION 4.4.4
%define _hardened_build 1
Name: freeipa
Version: %{VERSION}
Release: 8%{?dist}
Release: 1%{?dist}
Summary: The Identity, Policy and Audit system
Group: System Environment/Base
License: GPLv3+
URL: http://www.freeipa.org/
Source0: http://www.freeipa.org/downloads/src/freeipa-%{VERSION}.tar.gz
URL: https://www.freeipa.org/
Source0: https://releases.pagure.org/freeipa/freeipa-%{VERSION}.tar.gz
Source1: https://releases.pagure.org/freeipa/freeipa-%{VERSION}.tar.gz.asc
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Patch0001: 0001-Workarounds-for-SELinux-execmem-violations-in-crypto.patch
Patch0002: 0002-Support-DAL-version-5-and-version-6.patch
Patch0003: 0003-bind-dyndb-ldap-DNS-fixes.patch
Patch0004: 0004-ipa-kdb-support-KDB-DAL-version-6.1.patch
Patch0005: 0005-ca-correctly-authorise-ca-del-ca-enable-and-ca-disab.patch
Patch0002: 0003-bind-dyndb-ldap-DNS-fixes.patch
%if ! %{ONLY_CLIENT}
BuildRequires: 389-ds-base-devel >= 1.3.5.6
@ -105,7 +103,7 @@ BuildRequires: python-memcached
BuildRequires: python-lxml
BuildRequires: python-pyasn1 >= 0.0.9a
BuildRequires: python-qrcode-core >= 5.0.0
BuildRequires: python-dns >= 1.11.1
BuildRequires: python-dns >= 1.13
BuildRequires: libsss_idmap-devel
BuildRequires: libsss_nss_idmap-devel >= 1.14.0
BuildRequires: java-headless
@ -181,8 +179,8 @@ Requires(post): systemd-units
Requires: selinux-policy >= %{selinux_policy_version}
Requires(post): selinux-policy-base >= %{selinux_policy_version}
Requires: slapi-nis >= %{slapi_nis_version}
Requires: pki-ca >= 10.3.5-6
Requires: pki-kra >= 10.3.5-6
Requires: pki-ca >= 10.3.5-11
Requires: pki-kra >= 10.3.5-11
Requires(preun): python systemd-units
Requires(postun): python systemd-units
Requires: zip
@ -237,7 +235,7 @@ Requires: python-gssapi >= 1.1.2
Requires: python-sssdconfig
Requires: python-pyasn1
Requires: dbus-python
Requires: python-dns >= 1.11.1
Requires: python-dns >= 1.13
Requires: python-kdcproxy >= 0.3
Requires: rpm-libs
@ -387,7 +385,7 @@ BuildArch: noarch
Requires: %{name}-client-common = %{version}-%{release}
Requires: %{name}-common = %{version}-%{release}
Requires: python2-ipalib = %{version}-%{release}
Requires: python-dns >= 1.11.1
Requires: python-dns >= 1.13
%description -n python2-ipaclient
IPA is an integrated solution to provide centrally managed Identity (users,
@ -504,7 +502,7 @@ Requires: python-cffi
Requires: python-ldap >= 2.4.15
Requires: python-requests
Requires: python-custodia
Requires: python-dns >= 1.11.1
Requires: python-dns >= 1.13
Requires: python-netifaces >= 0.10.4
Requires: pyusb
@ -1485,6 +1483,10 @@ fi
%endif # ONLY_CLIENT
%changelog
* Fri Mar 24 2017 Tomas Krizek <tkrizek@redhat.com> - 4.4.4-1
- Update to upstream 4.4.4 - see https://www.freeipa.org/page/Releases/4.4.4
- Add upstream signature file for tarball
* Wed Mar 1 2017 Alexander Bokovoy <abokovoy@redhat.com> - 4.4.3-8
- Use different method to keep /usr/bin/ipa on Python 2
- Fixes #1426847

3
sources
View File

@ -1 +1,2 @@
SHA512 (freeipa-4.4.3.tar.gz) = d4e0fc1e6c2a18b03c4b015b3e48bd3181eb5dc1099320227830bdacbd2b6a1f759ff910e0221ba39e092ee1e179c51921679251a754c8735af2f9777a306869
SHA512 (freeipa-4.4.4.tar.gz) = f35d498529cbd487a93098cd70cd0c16de67e58a90ff576746f73e7a9f428ff465302ac50ca9481984fe838d5988fc36fec79b90dabcdef2029f8a2373e44b8c
SHA512 (freeipa-4.4.4.tar.gz.asc) = 174cba773266fe70dee695270da38f5a989f2e8328ef9b5761bcb50b4948a6836d6761e8aeca83db923bfc827ffae8b7760ef55968e5c3855cab158da2f60b1a