Update to 2.2.0 beta1, fix shell escaping to work with dogtag 9.0.18.

- Update to upstream 2.2.0 beta 1 (2.1.90.rc1) - Set minimum n-v-r for pki-ca and pki-silent to 9.0.18. - Add Conflicts on mod_ssl - Update minimum n-v-r of 389-ds-base to 1.2.10.4 - Update minimum n-v-r of sssd to 1.8.0 - Update minimum n-v-r of slapi-nis to 0.38 - Update minimum n-v-r of pki-* to 9.0.18 - Update conflicts on bind-dyndb-ldap to < 1.1.0-0.9.b1 - Update conflicts on bind to < 9.9.0-1 - Drop requires on krb5-server-ldap - Add patch to remove escaping arguments to pkisilent
2012-03-19 14:30:56 -04:00 · 2012-03-19 14:30:56 -04:00 · 18a9ea07cd
commit 18a9ea07cd
parent c3929a4ff3
4 changed files with 86 additions and 21 deletions
--- a/.gitignore
+++ b/.gitignore
@ -12,3 +12,4 @@
 /freeipa-2.1.3-wait_for_socket.patch.gz
 /freeipa-2.1.4.tar.gz
 /freeipa-2.1.90.pre1.tar.gz
 /freeipa-2.1.90.rc1.tar.gz
--- a/freeipa-2.1.90-shellescape.patch
+++ b/freeipa-2.1.90-shellescape.patch
@ -0,0 +1,33 @@
 From 3bce02b17edfbdf90ecdac2f9643e28eb20a170a Mon Sep 17 00:00:00 2001
 From: Rob Crittenden <rcritten@redhat.com>
 Date: Tue, 13 Mar 2012 21:53:06 -0400
 Subject: [PATCH] No longer shell escape the DM password when calling
 pkisilent.
 pkisilent was modified to handle escaping characters itself in
 BZ https://bugzilla.redhat.com/show_bug.cgi?id=769388
 This removes the workaround from ticket 1636.
 https://fedorahosted.org/freeipa/ticket/2529
 ---
 ipaserver/install/cainstance.py |    3 ---
 1 files changed, 0 insertions(+), 3 deletions(-)
 diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
 index 6012ae1c7a00a87522fc0778f2cb355a3924d805..894e1951fa0c6f1a0f235cce0520c275724f227d 100644
 --- a/ipaserver/install/cainstance.py
 +++ b/ipaserver/install/cainstance.py
@@ -659,9 +659,6 @@ class CAInstance(service.Service):
                 args.append("-clone")
                 args.append("false")
 -            # pkisilent does not escape the arguments before passing them to shell
 -            args[2:] = [ipautil.shell_quote(i) for i in args[2:]]
 -
             # Define the things we don't want logged
             nolog = (self.admin_password, self.dm_password,)
 -- 
 1.7.6
--- a/freeipa.spec
+++ b/freeipa.spec
@ -11,24 +11,22 @@ distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
 %endif
 %global POLICYCOREUTILSVER 1.33.12-1
 %global gettext_domain ipa
-%global VERSION 2.1.90.pre1
+%global VERSION 2.1.90.rc1
 Name:           freeipa
 Version:        2.1.90
-Release:        0.1%{?dist}
+Release:        0.2%{?dist}
 Summary:        The Identity, Policy and Audit system
 Group:          System Environment/Base
 License:        GPLv3+
 URL:            http://www.freeipa.org/
-Source0:        freeipa-%{VERSION}.tar.gz
+Source0:        http://www.freeipa.org/downloads/src/freeipa-%{VERSION}.tar.gz
-Patch7:         freeipa-2.1.4-inifiles-support.patch
+Patch10:        freeipa-2.1.90-shellescape.patch
 Patch8:         freeipa-2.1.4-python-ldap-2.4.6-support.patch
 Patch9:         freeipa-2.1.4-upgrade-systemd.patch
 BuildRoot:      %{_tmppath}/%{name}-%{VERSION}-%{release}-root-%(%{__id_u} -n)
 %if ! %{ONLY_CLIENT}
-BuildRequires:  389-ds-base-devel >= 1.2.10-0.6.a6
+BuildRequires:  389-ds-base-devel >= 1.2.10.4
 BuildRequires:  svrcore-devel
 BuildRequires:  /usr/share/selinux/devel/Makefile
 BuildRequires:  policycoreutils >= %{POLICYCOREUTILSVER}
@ -61,6 +59,8 @@ BuildRequires:  python-rhsm
 BuildRequires:  pyOpenSSL
 BuildRequires:  pylint
 BuildRequires:  libipa_hbac-python
 BuildRequires:  python-memcached
 BuildRequires:  sssd >= 1.8.0
 %description
 IPA is an integrated solution to provide centrally managed Identity (machine,
@ -76,31 +76,32 @@ Requires: %{name}-python = %{version}-%{release}
 Requires: %{name}-client = %{version}-%{release}
 Requires: %{name}-admintools = %{version}-%{release}
 Requires: %{name}-server-selinux = %{version}-%{release}
-Requires(pre): 389-ds-base >= 1.2.10-0.8.a7
+Requires(pre): 389-ds-base >= 1.2.10.4
 Requires: openldap-clients
 Requires: nss
 Requires: nss-tools
 Requires: krb5-server >= 1.10-2
 Requires: krb5-server-ldap
 Requires: krb5-pkinit-openssl
 Requires: cyrus-sasl-gssapi%{?_isa}
 Requires: ntp
 Requires: httpd
 Requires: mod_wsgi
-Requires: mod_auth_kerb
+Requires: mod_auth_kerb >= 5.4-9
 Requires: mod_nss >= 1.0.8-10
 Requires: python-ldap
 Requires: python-krbV
 Requires: acl
 Requires: python-pyasn1 >= 0.0.9a
 Requires: memcached
 Requires: python-memcached
 Requires: systemd-units >= 36-3
 Requires(pre): systemd-units
 Requires(post): systemd-units
 Requires: selinux-policy >= 3.10.0-82
 Requires(post): selinux-policy-base
-Requires: slapi-nis >= 0.36
+Requires: slapi-nis >= 0.38
-Requires: pki-ca >= 9.0.17
+Requires: pki-ca >= 9.0.18
-Requires: pki-silent >= 9.0.17
+Requires: pki-silent >= 9.0.18
 # Only tomcat6 greater than this version provides proper systemd support
 Requires: tomcat6 >= 6.0.32-17
 Requires: dogtag-pki-common-theme
@ -114,8 +115,12 @@ Requires(postun): python systemd-units
 # We have a soft-requires on bind. It is an optional part of
 # IPA but if it is configured we need a way to require versions
 # that work for us.
-Conflicts: bind-dyndb-ldap < 1.0.0-0.1.b1
+Conflicts: bind-dyndb-ldap < 1.1.0-0.9.b1
-Conflicts: bind < 9.8.1-1
+Conflicts: bind < 9.9.0-1
 # mod_proxy provides a single API to communicate over SSL. If mod_ssl
 # is even loaded into Apache then it grabs this interface.
 Conflicts: mod_ssl
 Obsoletes: ipa-server >= 1.0
@ -159,7 +164,7 @@ Requires: pam_krb5
 Requires: wget
 Requires: libcurl >= 7.21.7-2
 Requires: xmlrpc-c >= 1.27.4
-Requires: sssd >= 1.6.2
+Requires: sssd >= 1.8.0
 Requires: certmonger >= 0.26
 Requires: nss-tools
 Requires: bind-utils
@ -218,9 +223,7 @@ package.
 %prep
 %setup -n freeipa-%{VERSION} -q
-%patch7 -p1
+%patch10 -p1
 %patch8 -p1
 %patch9 -p1
 %build
 export CFLAGS="$CFLAGS %{optflags}"
@ -303,7 +306,17 @@ mkdir -p %{buildroot}%{_initrddir}
 mkdir -p %{buildroot}%{_unitdir}
 install -m 644 init/systemd/ipa.service %{buildroot}%{_unitdir}/ipa.service
 mkdir -p %{buildroot}%{_libexecdir}
 install -m 644 init/systemd/ipa_memcached.service %{buildroot}%{_unitdir}/ipa_memcached.service
 install -m 755 init/systemd/freeipa-systemd-upgrade %{buildroot}%{_libexecdir}/freeipa-systemd-upgrade
 mkdir -p %{buildroot}%{_initrddir}
 mkdir %{buildroot}%{_sysconfdir}/sysconfig/
 install -m 644 init/ipa_memcached.conf %{buildroot}%{_sysconfdir}/sysconfig/ipa_memcached
 mkdir -p %{buildroot}%{_localstatedir}/run/
 install -d -m 0700 %{buildroot}%{_localstatedir}/run/ipa_memcached/
 mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d/
 install -m 0644 init/systemd/ipa.conf.tmpfiles %{buildroot}%{_sysconfdir}/tmpfiles.d/ipa.conf
 %endif
 mkdir -p %{buildroot}%{_sysconfdir}/ipa/
@ -419,8 +432,12 @@ fi
 %{_sbindir}/ipa-upgradeconfig
 %{_sbindir}/ipa-compliance
 %{_sysconfdir}/cron.d/ipa-compliance
 %config(noreplace) %{_sysconfdir}/sysconfig/ipa_memcached
 %dir %attr(0700,apache,apache) %{_localstatedir}/run/ipa_memcached/
 %config %{_sysconfdir}/tmpfiles.d/ipa.conf
 # Use systemd scheme
 %attr(644,root,root) %{_unitdir}/ipa.service
 %attr(644,root,root) %{_unitdir}/ipa_memcached.service
 %{_libexecdir}/freeipa-systemd-upgrade
 %dir %{python_sitelib}/ipaserver
 %{python_sitelib}/ipaserver/*
@ -438,10 +455,11 @@ fi
 %{_usr}/share/ipa/migration/error.html
 %{_usr}/share/ipa/migration/index.html
 %{_usr}/share/ipa/migration/invalid.html
 %{_usr}/share/ipa/migration/ipa_migration.css
 %{_usr}/share/ipa/migration/migration.py*
 %dir %{_usr}/share/ipa/ui
 %{_usr}/share/ipa/ui/index.html
 %{_usr}/share/ipa/ui/login.html
 %{_usr}/share/ipa/ui/logout.html
 %{_usr}/share/ipa/ui/*.ico
 %{_usr}/share/ipa/ui/*.css
 %{_usr}/share/ipa/ui/*.js
@ -556,6 +574,19 @@ fi
 %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt
 %changelog
 * Mon Mar 19 2012 Rob Crittenden <rcritten@redhat.com> - 2.1.90-0.2
 - Update to upstream 2.2.0 beta 1 (2.1.90.rc1)
 - Set minimum n-v-r for pki-ca and pki-silent to 9.0.18.
 - Add Conflicts on mod_ssl
 - Update minimum n-v-r of 389-ds-base to 1.2.10.4
 - Update minimum n-v-r of sssd to 1.8.0
 - Update minimum n-v-r of slapi-nis to 0.38
 - Update minimum n-v-r of pki-* to 9.0.18
 - Update conflicts on bind-dyndb-ldap to < 1.1.0-0.9.b1
 - Update conflicts on bind to < 9.9.0-1
 - Drop requires on krb5-server-ldap
 - Add patch to remove escaping arguments to pkisilent
 * Mon Feb 06 2012 Rob Crittenden <rcritten@redhat.com> - 2.1.90-0.1
 - Update to upstream 2.2.0 alpha 1 (2.1.90.pre1)
--- a/2
+++ b/2
@ -1 +1 @@
-c0d9c3bbc2ba603d14f97098fe11057d  freeipa-2.1.90.pre1.tar.gz
+cca14e87c51ea081564dda7e15775d46  freeipa-2.1.90.rc1.tar.gz
`@ -1 +1 @@`
	`c0d9c3bbc2ba603d14f97098fe11057d freeipa-2.1.90.pre1.tar.gz`	`cca14e87c51ea081564dda7e15775d46 freeipa-2.1.90.rc1.tar.gz`