diff --git a/.gitignore b/.gitignore index f71f200..0146c04 100644 --- a/.gitignore +++ b/.gitignore @@ -47,3 +47,5 @@ /freeipa-4.4.1.tar.gz /freeipa-4.4.2.tar.gz /freeipa-4.4.3.tar.gz +/freeipa-4.4.4.tar.gz +/freeipa-4.4.4.tar.gz.asc diff --git a/0002-Support-DAL-version-5-and-version-6.patch b/0002-Support-DAL-version-5-and-version-6.patch deleted file mode 100644 index 60854e7..0000000 --- a/0002-Support-DAL-version-5-and-version-6.patch +++ /dev/null @@ -1,130 +0,0 @@ -From 2775042787be4ea236c0b99dd75337414e24b89d Mon Sep 17 00:00:00 2001 -From: Simo Sorce -Date: Tue, 1 Nov 2016 15:13:14 -0400 -Subject: [PATCH] Support DAL version 5 and version 6 - -https://fedorahosted.org/freeipa/ticket/6466 - -Signed-off-by: Simo Sorce -Reviewed-By: Tomas Krizek -Reviewed-By: Robbie Harwood ---- - daemons/ipa-kdb/ipa_kdb.c | 102 ++++++++++++++++++++++++++++------------------ - 1 file changed, 63 insertions(+), 39 deletions(-) - -diff --git a/daemons/ipa-kdb/ipa_kdb.c b/daemons/ipa-kdb/ipa_kdb.c -index fbcb03b..e96353f 100644 ---- a/daemons/ipa-kdb/ipa_kdb.c -+++ b/daemons/ipa-kdb/ipa_kdb.c -@@ -625,45 +625,69 @@ static void ipadb_free(krb5_context context, void *ptr) - - /* KDB Virtual Table */ - -+#if KRB5_KDB_DAL_MAJOR_VERSION == 5 - kdb_vftabl kdb_function_table = { -- KRB5_KDB_DAL_MAJOR_VERSION, /* major version number */ -- 0, /* minor version number */ -- ipadb_init_library, /* init_library */ -- ipadb_fini_library, /* fini_library */ -- ipadb_init_module, /* init_module */ -- ipadb_fini_module, /* fini_module */ -- ipadb_create, /* create */ -- NULL, /* destroy */ -- ipadb_get_age, /* get_age */ -- NULL, /* lock */ -- NULL, /* unlock */ -- ipadb_get_principal, /* get_principal */ -- ipadb_free_principal, /* free_principal */ -- ipadb_put_principal, /* put_principal */ -- ipadb_delete_principal, /* delete_principal */ -- ipadb_iterate, /* iterate */ -- ipadb_create_pwd_policy, /* create_policy */ -- ipadb_get_pwd_policy, /* get_policy */ -- ipadb_put_pwd_policy, /* put_policy */ -- ipadb_iterate_pwd_policy, /* iter_policy */ -- ipadb_delete_pwd_policy, /* delete_policy */ -- ipadb_free_pwd_policy, /* free_policy */ -- ipadb_alloc, /* alloc */ -- ipadb_free, /* free */ -- ipadb_fetch_master_key, /* fetch_master_key */ -- NULL, /* fetch_master_key_list */ -- ipadb_store_master_key_list, /* store_master_key_list */ -- NULL, /* dbe_search_enctype */ -- ipadb_change_pwd, /* change_pwd */ -- NULL, /* promote_db */ -- NULL, /* decrypt_key_data */ -- NULL, /* encrypt_key_data */ -- ipadb_sign_authdata, /* sign_authdata */ -- ipadb_check_transited_realms, /* check_transited_realms */ -- ipadb_check_policy_as, /* check_policy_as */ -- NULL, /* check_policy_tgs */ -- ipadb_audit_as_req, /* audit_as_req */ -- NULL, /* refresh_config */ -- ipadb_check_allowed_to_delegate /* check_allowed_to_delegate */ -+ .maj_ver = KRB5_KDB_DAL_MAJOR_VERSION, -+ .min_ver = 0, -+ .init_library = ipadb_init_library, -+ .fini_library = ipadb_fini_library, -+ .init_module = ipadb_init_module, -+ .fini_module = ipadb_fini_module, -+ .create = ipadb_create, -+ .get_age = ipadb_get_age, -+ .get_principal = ipadb_get_principal, -+ .free_principal = ipadb_free_principal, -+ .put_principal = ipadb_put_principal, -+ .delete_principal = ipadb_delete_principal, -+ .iterate = ipadb_iterate, -+ .create_policy = ipadb_create_pwd_policy, -+ .get_policy = ipadb_get_pwd_policy, -+ .put_policy = ipadb_put_pwd_policy, -+ .iter_policy = ipadb_iterate_pwd_policy, -+ .delete_policy = ipadb_delete_pwd_policy, -+ .free_policy = ipadb_free_pwd_policy, -+ .alloc = ipadb_alloc, -+ .free = ipadb_free, -+ .fetch_master_key = ipadb_fetch_master_key, -+ .store_master_key_list = ipadb_store_master_key_list, -+ .change_pwd = ipadb_change_pwd, -+ .sign_authdata = ipadb_sign_authdata, -+ .check_transited_realms = ipadb_check_transited_realms, -+ .check_policy_as = ipadb_check_policy_as, -+ .audit_as_req = ipadb_audit_as_req, -+ .check_allowed_to_delegate = ipadb_check_allowed_to_delegate - }; - -+#elif KRB5_KDB_DAL_MAJOR_VERSION == 6 -+kdb_vftabl kdb_function_table = { -+ .maj_ver = KRB5_KDB_DAL_MAJOR_VERSION, -+ .min_ver = 0, -+ .init_library = ipadb_init_library, -+ .fini_library = ipadb_fini_library, -+ .init_module = ipadb_init_module, -+ .fini_module = ipadb_fini_module, -+ .create = ipadb_create, -+ .get_age = ipadb_get_age, -+ .get_principal = ipadb_get_principal, -+ .put_principal = ipadb_put_principal, -+ .delete_principal = ipadb_delete_principal, -+ .iterate = ipadb_iterate, -+ .create_policy = ipadb_create_pwd_policy, -+ .get_policy = ipadb_get_pwd_policy, -+ .put_policy = ipadb_put_pwd_policy, -+ .iter_policy = ipadb_iterate_pwd_policy, -+ .delete_policy = ipadb_delete_pwd_policy, -+ .fetch_master_key = ipadb_fetch_master_key, -+ .store_master_key_list = ipadb_store_master_key_list, -+ .change_pwd = ipadb_change_pwd, -+ .sign_authdata = ipadb_sign_authdata, -+ .check_transited_realms = ipadb_check_transited_realms, -+ .check_policy_as = ipadb_check_policy_as, -+ .audit_as_req = ipadb_audit_as_req, -+ .check_allowed_to_delegate = ipadb_check_allowed_to_delegate -+}; -+ -+#else -+#error unsupported DAL major version -+#endif -+ --- -2.7.4 - diff --git a/0004-ipa-kdb-support-KDB-DAL-version-6.1.patch b/0004-ipa-kdb-support-KDB-DAL-version-6.1.patch deleted file mode 100644 index f5afcd9..0000000 --- a/0004-ipa-kdb-support-KDB-DAL-version-6.1.patch +++ /dev/null @@ -1,233 +0,0 @@ -From 985549be991c73c7455ed3b1393bd464ef4d197a Mon Sep 17 00:00:00 2001 -From: Alexander Bokovoy -Date: Tue, 24 Jan 2017 11:02:30 +0200 -Subject: [PATCH 1/1] ipa-kdb: support KDB DAL version 6.1 - -DAL version 6.0 removed support for a callback to free principal. -This broke KDB drivers which had complex e_data structure within -the principal structure. As result, FreeIPA KDB driver was leaking -memory with DAL version 6.0 (krb5 1.15). - -DAL version 6.1 added a special callback for freeing e_data structure. -See details at krb5/krb5#596 - -Restructure KDB driver code to provide this callback in case -we are built against DAL version that supports it. For DAL version -prior to 6.0 use this callback in the free_principal callback to -tidy the code. - -Use explicit KDB version dependency in Fedora 26+ via BuildRequires. - -With new DAL version, freeipa package will fail to build and -we'll have to add a support for new DAL version explicitly. - -https://fedorahosted.org/freeipa/ticket/6619 ---- - daemons/configure.ac | 21 ++++++++++++++++++ - daemons/ipa-kdb/ipa_kdb.c | 42 ++++++++++++++++++++++++++++++++++-- - daemons/ipa-kdb/ipa_kdb.h | 2 ++ - daemons/ipa-kdb/ipa_kdb_principals.c | 42 ++++++++++++++++++++---------------- - freeipa.spec.in | 9 ++++++++ - 5 files changed, 96 insertions(+), 20 deletions(-) - -diff --git a/daemons/configure.ac b/daemons/configure.ac -index 5c5a1046397aa97ba18cafc1b81dc2a6fb2dfd34..77a3be0397fac0364d364f2e4ac3f917cca7fff3 100644 ---- a/daemons/configure.ac -+++ b/daemons/configure.ac -@@ -66,6 +66,27 @@ AC_SUBST(KRB5_LIBS) - AC_SUBST(KRAD_LIBS) - AC_SUBST(krb5rundir) - -+AC_CHECK_HEADER(kdb.h, [], [AC_MSG_ERROR([kdb.h not found])]) -+AC_CHECK_MEMBER( -+ [kdb_vftabl.free_principal], -+ [AC_DEFINE([HAVE_KDB_FREEPRINCIPAL], [1], -+ [KDB driver API has free_principal callback])], -+ [AC_MSG_NOTICE([KDB driver API has no free_principal callback])], -+ [[#include ]]) -+AC_CHECK_MEMBER( -+ [kdb_vftabl.free_principal_e_data], -+ [AC_DEFINE([HAVE_KDB_FREEPRINCIPAL_EDATA], [1], -+ [KDB driver API has free_principal_e_data callback])], -+ [AC_MSG_NOTICE([KDB driver API has no free_principal_e_data callback])], -+ [[#include ]]) -+ -+if test "x$ac_cv_member_kdb_vftabl_free_principal" = "xno" \ -+ -a "x$ac_cv_member_kdb_vftable_free_principal_e_data" = "xno" ; then -+ AC_MSG_WARN([KDB driver API does not allow to free Kerberos principal data.]) -+ AC_MSG_WARN([KDB driver will leak memory on Kerberos principal use]) -+ AC_MSG_WARN([See https://github.com/krb5/krb5/pull/596 for details]) -+fi -+ - dnl --------------------------------------------------------------------------- - dnl - Check for Mozilla LDAP and OpenLDAP SDK - dnl --------------------------------------------------------------------------- -diff --git a/daemons/ipa-kdb/ipa_kdb.c b/daemons/ipa-kdb/ipa_kdb.c -index e96353fe2602652dbf12f68745080b64665ffed2..e74ab56270500c2d3753d76754b8a5f1c28200a0 100644 ---- a/daemons/ipa-kdb/ipa_kdb.c -+++ b/daemons/ipa-kdb/ipa_kdb.c -@@ -625,6 +625,9 @@ static void ipadb_free(krb5_context context, void *ptr) - - /* KDB Virtual Table */ - -+/* We explicitly want to keep different ABI tables below separate. */ -+/* Do not merge them together. Older ABI does not need to be updated */ -+ - #if KRB5_KDB_DAL_MAJOR_VERSION == 5 - kdb_vftabl kdb_function_table = { - .maj_ver = KRB5_KDB_DAL_MAJOR_VERSION, -@@ -657,8 +660,9 @@ kdb_vftabl kdb_function_table = { - .audit_as_req = ipadb_audit_as_req, - .check_allowed_to_delegate = ipadb_check_allowed_to_delegate - }; -+#endif - --#elif KRB5_KDB_DAL_MAJOR_VERSION == 6 -+#if (KRB5_KDB_DAL_MAJOR_VERSION == 6) && !defined(HAVE_KDB_FREEPRINCIPAL_EDATA) - kdb_vftabl kdb_function_table = { - .maj_ver = KRB5_KDB_DAL_MAJOR_VERSION, - .min_ver = 0, -@@ -686,8 +690,42 @@ kdb_vftabl kdb_function_table = { - .audit_as_req = ipadb_audit_as_req, - .check_allowed_to_delegate = ipadb_check_allowed_to_delegate - }; -+#endif - --#else -+#if (KRB5_KDB_DAL_MAJOR_VERSION == 6) && defined(HAVE_KDB_FREEPRINCIPAL_EDATA) -+kdb_vftabl kdb_function_table = { -+ .maj_ver = KRB5_KDB_DAL_MAJOR_VERSION, -+ .min_ver = 1, -+ .init_library = ipadb_init_library, -+ .fini_library = ipadb_fini_library, -+ .init_module = ipadb_init_module, -+ .fini_module = ipadb_fini_module, -+ .create = ipadb_create, -+ .get_age = ipadb_get_age, -+ .get_principal = ipadb_get_principal, -+ .put_principal = ipadb_put_principal, -+ .delete_principal = ipadb_delete_principal, -+ .iterate = ipadb_iterate, -+ .create_policy = ipadb_create_pwd_policy, -+ .get_policy = ipadb_get_pwd_policy, -+ .put_policy = ipadb_put_pwd_policy, -+ .iter_policy = ipadb_iterate_pwd_policy, -+ .delete_policy = ipadb_delete_pwd_policy, -+ .fetch_master_key = ipadb_fetch_master_key, -+ .store_master_key_list = ipadb_store_master_key_list, -+ .change_pwd = ipadb_change_pwd, -+ .sign_authdata = ipadb_sign_authdata, -+ .check_transited_realms = ipadb_check_transited_realms, -+ .check_policy_as = ipadb_check_policy_as, -+ .audit_as_req = ipadb_audit_as_req, -+ .check_allowed_to_delegate = ipadb_check_allowed_to_delegate, -+ /* The order is important, DAL version 6.1 added -+ * the free_principal_e_data callback */ -+ .free_principal_e_data = ipadb_free_principal_e_data, -+}; -+#endif -+ -+#if (KRB5_KDB_DAL_MAJOR_VERSION != 5) && (KRB5_KDB_DAL_MAJOR_VERSION != 6) - #error unsupported DAL major version - #endif - -diff --git a/daemons/ipa-kdb/ipa_kdb.h b/daemons/ipa-kdb/ipa_kdb.h -index 1fdb409df92f1f8d9a82af3423e6e73313c62ab7..d5a343345562062b309d14c2e493f8d3028a6780 100644 ---- a/daemons/ipa-kdb/ipa_kdb.h -+++ b/daemons/ipa-kdb/ipa_kdb.h -@@ -180,6 +180,8 @@ krb5_error_code ipadb_get_principal(krb5_context kcontext, - unsigned int flags, - krb5_db_entry **entry); - void ipadb_free_principal(krb5_context kcontext, krb5_db_entry *entry); -+/* Helper function for DAL API 6.1 or later */ -+void ipadb_free_principal_e_data(krb5_context kcontext, krb5_octet *e_data); - krb5_error_code ipadb_put_principal(krb5_context kcontext, - krb5_db_entry *entry, - char **db_args); -diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c -index 5b80909475565d6bb4fa8cba67629094daf51eb3..3bd8fb8c70c61b056a714bc0a8149bd8524beb1d 100644 ---- a/daemons/ipa-kdb/ipa_kdb_principals.c -+++ b/daemons/ipa-kdb/ipa_kdb_principals.c -@@ -1274,11 +1274,32 @@ done: - return kerr; - } - -+void ipadb_free_principal_e_data(krb5_context kcontext, krb5_octet *e_data) -+{ -+ struct ipadb_e_data *ied; -+ int i; -+ -+ ied = (struct ipadb_e_data *)e_data; -+ if (ied->magic == IPA_E_DATA_MAGIC) { -+ ldap_memfree(ied->entry_dn); -+ free(ied->passwd); -+ free(ied->pw_policy_dn); -+ for (i = 0; ied->pw_history && ied->pw_history[i]; i++) { -+ free(ied->pw_history[i]); -+ } -+ free(ied->pw_history); -+ for (i = 0; ied->authz_data && ied->authz_data[i]; i++) { -+ free(ied->authz_data[i]); -+ } -+ free(ied->authz_data); -+ free(ied->pol); -+ free(ied); -+ } -+} -+ - void ipadb_free_principal(krb5_context kcontext, krb5_db_entry *entry) - { -- struct ipadb_e_data *ied; - krb5_tl_data *prev, *next; -- int i; - - if (entry) { - krb5_free_principal(kcontext, entry->princ); -@@ -1292,22 +1313,7 @@ void ipadb_free_principal(krb5_context kcontext, krb5_db_entry *entry) - ipa_krb5_free_key_data(entry->key_data, entry->n_key_data); - - if (entry->e_data) { -- ied = (struct ipadb_e_data *)entry->e_data; -- if (ied->magic == IPA_E_DATA_MAGIC) { -- ldap_memfree(ied->entry_dn); -- free(ied->passwd); -- free(ied->pw_policy_dn); -- for (i = 0; ied->pw_history && ied->pw_history[i]; i++) { -- free(ied->pw_history[i]); -- } -- free(ied->pw_history); -- for (i = 0; ied->authz_data && ied->authz_data[i]; i++) { -- free(ied->authz_data[i]); -- } -- free(ied->authz_data); -- free(ied->pol); -- free(ied); -- } -+ ipadb_free_principal_e_data(kcontext, entry->e_data); - } - - free(entry); -diff --git a/freeipa.spec.in b/freeipa.spec.in -index 1dd8d0c60cacfc79554bb3c61fa8297e89b7b192..52ad0d4c1f1cec95821e17401e709f05ea9d97f6 100644 ---- a/freeipa.spec.in -+++ b/freeipa.spec.in -@@ -57,7 +57,16 @@ BuildRequires: nspr-devel - BuildRequires: nss-devel - BuildRequires: openssl-devel - BuildRequires: openldap-devel -+# For KDB DAL version, make explicit dependency so that increase of version -+# will cause the build to fail due to unsatisfied dependencies. -+# DAL version change may cause code crash or memory leaks, it is better to fail early. -+%if 0%{?fedora} > 25 -+BuildRequires: krb5-devel >= 1.15-5 -+BuildRequires: krb5-kdb-version = 6.1 -+%else -+# 1.12+: libkrad (http://krbdev.mit.edu/rt/Ticket/Display.html?id=7678) - BuildRequires: krb5-devel >= 1.13 -+%endif - BuildRequires: krb5-workstation - BuildRequires: libuuid-devel - BuildRequires: libcurl-devel >= 7.21.7-2 --- -2.9.3 - diff --git a/0005-ca-correctly-authorise-ca-del-ca-enable-and-ca-disab.patch b/0005-ca-correctly-authorise-ca-del-ca-enable-and-ca-disab.patch deleted file mode 100644 index bc809f7..0000000 --- a/0005-ca-correctly-authorise-ca-del-ca-enable-and-ca-disab.patch +++ /dev/null @@ -1,60 +0,0 @@ -From e9840aee2b1290db7f0f8ec785b338b17d57b569 Mon Sep 17 00:00:00 2001 -From: Fraser Tweedale -Date: Fri, 13 Jan 2017 20:33:45 +1000 -Subject: [PATCH] ca: correctly authorise ca-del, ca-enable and ca-disable - -CAs consist of a FreeIPA and a corresponding Dogtag object. When -executing ca-del, ca-enable and ca-disable, changes are made to the -Dogtag object. In the case of ca-del, the corresponding FreeIPA -object is deleted after the Dogtag CA is deleted. - -These operations were not correctly authorised; the FreeIPA -permissions are not checked before the Dogtag operations are -executed. This allows any user to delete, enable or disable a -lightweight CA (except the main IPA CA, for which there are -additional check to prevent deletion or disablement). - -Add the proper authorisation checks to the ca-del, ca-enable and -ca-disable commands. ---- - ipaserver/plugins/ca.py | 16 ++++++++++++++-- - 1 file changed, 14 insertions(+), 2 deletions(-) - -diff --git a/ipaserver/plugins/ca.py b/ipaserver/plugins/ca.py -index d9ae8c81fdca51cbfee34e83cbb9ca6873ebad0b..227b08e0e1e9f7f48c4133da77093d58559562d9 100644 ---- a/ipaserver/plugins/ca.py -+++ b/ipaserver/plugins/ca.py -@@ -213,6 +213,12 @@ class ca_del(LDAPDelete): - def pre_callback(self, ldap, dn, *keys, **options): - ca_enabled_check() - -+ # ensure operator has permission to delete CA -+ # before contacting Dogtag -+ if not ldap.can_delete(dn): -+ raise errors.ACIError(info=_( -+ "Insufficient privilege to delete a CA.")) -+ - if keys[0] == IPA_CA_CN: - raise errors.ProtectedEntryError( - label=_("CA"), -@@ -251,9 +257,15 @@ class CAQuery(LDAPQuery): - def execute(self, cn, **options): - ca_enabled_check() - -- ca_id = self.api.Command.ca_show(cn)['result']['ipacaid'][0] -+ ca_obj = self.api.Command.ca_show(cn)['result'] -+ -+ # ensure operator has permission to modify CAs -+ if not self.api.Backend.ldap2.can_write(ca_obj['dn'], 'description'): -+ raise errors.ACIError(info=_( -+ "Insufficient privilege to modify a CA.")) -+ - with self.api.Backend.ra_lightweight_ca as ca_api: -- self.perform_action(ca_api, ca_id) -+ self.perform_action(ca_api, ca_obj['ipacaid'][0]) - - return dict( - result=True, --- -2.9.3 - diff --git a/freeipa.spec b/freeipa.spec index 70456f4..e88b55e 100644 --- a/freeipa.spec +++ b/freeipa.spec @@ -32,26 +32,24 @@ %global platform_module fedora %endif -%global VERSION 4.4.3 +%global VERSION 4.4.4 %define _hardened_build 1 Name: freeipa Version: %{VERSION} -Release: 8%{?dist} +Release: 1%{?dist} Summary: The Identity, Policy and Audit system Group: System Environment/Base License: GPLv3+ -URL: http://www.freeipa.org/ -Source0: http://www.freeipa.org/downloads/src/freeipa-%{VERSION}.tar.gz +URL: https://www.freeipa.org/ +Source0: https://releases.pagure.org/freeipa/freeipa-%{VERSION}.tar.gz +Source1: https://releases.pagure.org/freeipa/freeipa-%{VERSION}.tar.gz.asc BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Patch0001: 0001-Workarounds-for-SELinux-execmem-violations-in-crypto.patch -Patch0002: 0002-Support-DAL-version-5-and-version-6.patch -Patch0003: 0003-bind-dyndb-ldap-DNS-fixes.patch -Patch0004: 0004-ipa-kdb-support-KDB-DAL-version-6.1.patch -Patch0005: 0005-ca-correctly-authorise-ca-del-ca-enable-and-ca-disab.patch +Patch0002: 0003-bind-dyndb-ldap-DNS-fixes.patch %if ! %{ONLY_CLIENT} BuildRequires: 389-ds-base-devel >= 1.3.5.6 @@ -105,7 +103,7 @@ BuildRequires: python-memcached BuildRequires: python-lxml BuildRequires: python-pyasn1 >= 0.0.9a BuildRequires: python-qrcode-core >= 5.0.0 -BuildRequires: python-dns >= 1.11.1 +BuildRequires: python-dns >= 1.13 BuildRequires: libsss_idmap-devel BuildRequires: libsss_nss_idmap-devel >= 1.14.0 BuildRequires: java-headless @@ -181,8 +179,8 @@ Requires(post): systemd-units Requires: selinux-policy >= %{selinux_policy_version} Requires(post): selinux-policy-base >= %{selinux_policy_version} Requires: slapi-nis >= %{slapi_nis_version} -Requires: pki-ca >= 10.3.5-6 -Requires: pki-kra >= 10.3.5-6 +Requires: pki-ca >= 10.3.5-11 +Requires: pki-kra >= 10.3.5-11 Requires(preun): python systemd-units Requires(postun): python systemd-units Requires: zip @@ -237,7 +235,7 @@ Requires: python-gssapi >= 1.1.2 Requires: python-sssdconfig Requires: python-pyasn1 Requires: dbus-python -Requires: python-dns >= 1.11.1 +Requires: python-dns >= 1.13 Requires: python-kdcproxy >= 0.3 Requires: rpm-libs @@ -387,7 +385,7 @@ BuildArch: noarch Requires: %{name}-client-common = %{version}-%{release} Requires: %{name}-common = %{version}-%{release} Requires: python2-ipalib = %{version}-%{release} -Requires: python-dns >= 1.11.1 +Requires: python-dns >= 1.13 %description -n python2-ipaclient IPA is an integrated solution to provide centrally managed Identity (users, @@ -504,7 +502,7 @@ Requires: python-cffi Requires: python-ldap >= 2.4.15 Requires: python-requests Requires: python-custodia -Requires: python-dns >= 1.11.1 +Requires: python-dns >= 1.13 Requires: python-netifaces >= 0.10.4 Requires: pyusb @@ -1485,6 +1483,10 @@ fi %endif # ONLY_CLIENT %changelog +* Fri Mar 24 2017 Tomas Krizek - 4.4.4-1 +- Update to upstream 4.4.4 - see https://www.freeipa.org/page/Releases/4.4.4 +- Add upstream signature file for tarball + * Wed Mar 1 2017 Alexander Bokovoy - 4.4.3-8 - Use different method to keep /usr/bin/ipa on Python 2 - Fixes #1426847 diff --git a/sources b/sources index 1862db8..307b5a4 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ -SHA512 (freeipa-4.4.3.tar.gz) = d4e0fc1e6c2a18b03c4b015b3e48bd3181eb5dc1099320227830bdacbd2b6a1f759ff910e0221ba39e092ee1e179c51921679251a754c8735af2f9777a306869 +SHA512 (freeipa-4.4.4.tar.gz) = f35d498529cbd487a93098cd70cd0c16de67e58a90ff576746f73e7a9f428ff465302ac50ca9481984fe838d5988fc36fec79b90dabcdef2029f8a2373e44b8c +SHA512 (freeipa-4.4.4.tar.gz.asc) = 174cba773266fe70dee695270da38f5a989f2e8328ef9b5761bcb50b4948a6836d6761e8aeca83db923bfc827ffae8b7760ef55968e5c3855cab158da2f60b1a