Upstream 4.1.4 release to fix CVE-2015-1827

.gitignore

@@ -37,3 +37,4 @@
 /freeipa-4.1.1.tar.gz
 /freeipa-4.1.2.tar.gz
 /freeipa-4.1.3.tar.gz
+/freeipa-4.1.4.tar.gz

freeipa.spec

@@ -19,13 +19,13 @@
 %global platform_module fedora
 %endif
 
-%global VERSION 4.1.3
+%global VERSION 4.1.4
 
 %define _hardened_build 1
 
 Name:           freeipa
 Version:        %{VERSION}
-Release:        3%{?dist}
+Release:        1%{?dist}
 Summary:        The Identity, Policy and Audit system
 
 Group:          System Environment/Base
@@ -136,7 +136,7 @@ Requires(pre): systemd-units
 Requires(post): systemd-units
 Requires: selinux-policy >= %{selinux_policy_version}
 Requires(post): selinux-policy-base
-Requires: slapi-nis >= 0.54.1-1
+Requires: slapi-nis >= 0.54.2-1
 %if (0%{?fedora} <= 20 || 0%{?rhel})
 # pki-ca 10.1.2-4 contains patches required by FreeIPA 4.1
 # The goal is to lower the requirement of pki-ca in Fedora 20
@@ -942,6 +942,11 @@ fi
 %endif # ONLY_CLIENT
 
 %changelog
+* Thu Mar 26 2015 Alexander Bokovoy <abokovoy@redhat.com> - 4.1.4-1
+- Update to upstream 4.1.4 - see http://www.freeipa.org/page/Releases/4.1.4
+- fix CVE-2015-1827 (#1206047)
+- Require slapi-nis 0.54.2 and newer for CVE-2015-0283 fixes
+
 * Tue Mar 17 2015 Petr Vobornik <pvoborni@redhat.com> - 4.1.3-3
 - Timeout ipa-client install if ntp server is unreachable #4842
 - Skip time sync during client install when using --no-ntp #4842

sources

@@ -1 +1 @@
-b416ad6738440c3f112820e227e4e7b6  freeipa-4.1.3.tar.gz
+377b1e6aaf7606bbf484d8f038380336  freeipa-4.1.4.tar.gz