Update to FreeIPA 4.9.0 release candidate 2

2020-12-04 13:53:27 +02:00 · 2020-12-04 13:53:27 +02:00 · ae7e82eec2
commit ae7e82eec2
parent 41b946dfeb
3 changed files with 162 additions and 72 deletions
--- a/.gitignore
+++ b/.gitignore
@ -96,3 +96,5 @@
 /freeipa-4.8.10.tar.gz.asc
 /freeipa-4.9.0rc1.tar.gz
 /freeipa-4.9.0rc1.tar.gz.asc
 /freeipa-4.9.0rc2.tar.gz
 /freeipa-4.9.0rc2.tar.gz.asc
--- a/freeipa.spec
+++ b/freeipa.spec
@ -15,11 +15,9 @@
 # 389-ds-base 1.4 no longer supports i686 platform, build only client
 # packages, https://bugzilla.redhat.com/show_bug.cgi?id=1544386
 %if 0%{?fedora} >= 28 || 0%{?rhel} > 7
 %ifarch %{ix86}
    %{!?ONLY_CLIENT:%global ONLY_CLIENT 1}
 %endif
 %endif
 # Define ONLY_CLIENT to only make the ipa-client and ipa-python
 # subpackages
@ -35,10 +33,18 @@
 %endif
 # Whether to build ipatests
-%global with_ipatests_option %{?_with_ipatests}
+%if %{with ipatests}
    %global with_ipatests_option --with-ipatests
 %else
    %global with_ipatests_option --without-ipatests
 %endif
 # Whether to use XML-RPC with ipa-join
-%global with_ipa_join_xml_option %{?_with_ipa_join_xml}
+%if %{with ipa_join_xml}
    %global with_ipa_join_xml_option --with-ipa-join-xml
 %else
    %global with_ipa_join_xml_option --without-ipa-join-xml
 %endif
 # lint is not executed during rpmbuild
 # %%global with_lint 1
@ -49,7 +55,7 @@
 %endif
 # Include SELinux subpackage
-%if 0%{?fedora} >= 30 || 0%{?rhel}
+%if 0%{?fedora} >= 30 || 0%{?rhel} >= 8
    %global with_selinux 1
    %global selinuxtype targeted
    %global modulename ipa
@ -58,7 +64,7 @@
 %if 0%{?rhel}
 %global package_name ipa
 %global alt_name freeipa
-%global krb5_version 1.18.2
+%global krb5_version 1.18.2-2
 %global krb5_kdb_version 8.0
 # 0.7.16: https://github.com/drkjam/netaddr/issues/71
 %global python_netaddr_version 0.7.19
@ -73,25 +79,22 @@
 %global ds_version 1.4.2.4-6
 # Fix for TLS 1.3 PHA, RHBZ#1775158
 %global httpd_version 2.4.37-21
 %global bind_version 9.11.20-6
 %else
 # Fedora
 %global package_name freeipa
 %global alt_name ipa
-# Fix for CVE-2018-20217
+# Fix for CVE-2020-28196
-%global krb5_version 1.18
+%global krb5_version 1.18.2-29
 # 0.7.16: https://github.com/drkjam/netaddr/issues/71
 %global python_netaddr_version 0.7.16
 # Require 4.7.0 which brings Python 3 bindings
 # Require 4.12 which has DsRGetForestTrustInformation access rights fixes
-%global samba_version 2:4.12
+%global samba_version 2:4.12.10
-# SELinux context for dirsrv unit file, BZ 1820298
+# 3.14.5-45 or later includes a number of interfaces fixes for IPA interface
-%if 0%{?fedora} >= 32
+%global selinux_policy_version 3.14.5-45
 %global selinux_policy_version 3.14.5-39
 %else
 %global selinux_policy_version 3.14.4-52
 %endif
 %global slapi_nis_version 0.56.5
 %global krb5_kdb_version 8.0
@ -103,50 +106,53 @@
 %global ds_version 1.4.3
 # Fix for TLS 1.3 PHA, RHBZ#1775146
 %if 0%{?fedora} >= 31
 %global httpd_version 2.4.41-9
-%else
+
-%global httpd_version 2.4.41-6.1
+%global bind_version 9.11.24-1
 # Don't use Fedora's Python dependency generator on Fedora 30/rawhide yet.
 # Some packages don't provide new dist aliases.
 # https://docs.fedoraproject.org/en-US/packaging-guidelines/Python/
 %{?python_disable_dependency_generator}
 # Fedora
 %endif
 # BIND employs 'pkcs11' OpenSSL engine instead of native PKCS11
 # Fedora 31+ uses OpenSSL engine, as well as Fedora ELN (RHEL9)
-%if 0%{?fedora} || 0%{?rhel} > 8
+%if 0%{?fedora} || 0%{?rhel} >= 9
    %global openssl_pkcs11_version 0.4.10-6
    %global softhsm_version 2.5.0-4
 %else
    %global with_bind_pkcs11 1
 %endif
-# Don't use Fedora's Python dependency generator on Fedora 30/rawhide yet.
+%if 0%{?rhel} == 8
 # Some packages don't provide new dist aliases.
 # https://docs.fedoraproject.org/en-US/packaging-guidelines/Python/
 %{?python_disable_dependency_generator}
 # Fedora
 %endif
 # PKIConnection has been modified to always validate certs.
 # https://pagure.io/freeipa/issue/8379
 %global pki_version 10.9.0-0.4
 %else
 # New KRA profile, ACME support
 # https://pagure.io/freeipa/issue/8545
 %global pki_version 10.10.0-2
 %endif
-# https://pagure.io/certmonger/issue/90
+# RHEL 8.3+, F32+ has 0.79.13
-%global certmonger_version 0.79.7-1
+%global certmonger_version 0.79.7-3
-%global nss_version 3.41.0-1
+# RHEL 8.2+, F32+ has 3.58
 %global nss_version 3.44.0-4
-# One-Way Trust authenticated by trust secret
+# RHEL 8.3+, F32+
-# https://bugzilla.redhat.com/show_bug.cgi?id=1345975#c20
+%global sssd_version 2.4.0
 %global sssd_version 1.16.3-2
-%define krb5_base_version %(LC_ALL=C pkgconf --modversion krb5 | grep -Eo '^[^.]+\.[^.]+' || echo %krb5_version)
+%define krb5_base_version %(LC_ALL=C /usr/bin/pkgconf --modversion krb5 | grep -Eo '^[^.]+\.[^.]+' || echo %krb5_version)
 %global kdcproxy_version 0.4-3
-%if 0%{?fedora} >= 33
+%if 0%{?fedora} >= 33 || 0%{?rhel} >= 9
 # systemd with resolved enabled
 # see https://pagure.io/freeipa/issue/8275
 %global systemd_version 246.6-3
 %else
-%global systemd_version 245
+%global systemd_version 239
 %endif
 %global plugin_dir %{_libdir}/dirsrv/plugins
@ -158,24 +164,43 @@
 # Work-around fact that RPM SPEC parser does not accept
 # "Version: @VERSION@" in freeipa.spec.in used for Autoconf string replacement
 %define IPA_VERSION 4.9.0
-# Release candidate version -- set to %%nil (one percent sign) for a release
+# Release candidate version -- uncomment with one percent for RC versions
-%global rc_version rc1
+%global rc_version rc2
 %define AT_SIGN @
 # redefine IPA_VERSION only if its value matches the Autoconf placeholder
 %if "%{IPA_VERSION}" == "%{AT_SIGN}VERSION%{AT_SIGN}"
    %define IPA_VERSION nonsense.to.please.RPM.SPEC.parser
 %endif
 %define NON_DEVELOPER_BUILD ("%{lua: print(rpm.expand('%{suffix:%IPA_VERSION}'):find('^dev'))}" == "nil")
 Name:           %{package_name}
 Version:        %{IPA_VERSION}
-Release:        0.1%{?rc_version:.%rc_version}%{?dist}
+Release:        0.2%{?rc_version:.%rc_version}%{?dist}
 Summary:        The Identity, Policy and Audit system
 License:        GPLv3+
 URL:            http://www.freeipa.org/
 Source0:        https://releases.pagure.org/freeipa/freeipa-%{version}%{?rc_version}.tar.gz
 # Only use detached signature for the distribution builds. If it is a developer build, skip it
 %if %{NON_DEVELOPER_BUILD}
 Source1:        https://releases.pagure.org/freeipa/freeipa-%{version}%{?rc_version}.tar.gz.asc
-Patch1:         https://github.com/freeipa/freeipa/pull/5273.patch
+%endif
 # RHEL spec file only: START: Change branding to IPA and Identity Management
 # Moved branding logos and background to redhat-logos-ipa-80.4:
 # header-logo.png, login-screen-background.jpg, login-screen-logo.png,
 # product-name.png
 # RHEL spec file only: END: Change branding to IPA and Identity Management
 # RHEL spec file only: START
 %if 0%{?rhel} == 8 && %{NON_DEVELOPER_BUILD}
 Patch0001:      0001_util_Fix_client-only_build-upstream_5273.patch
 Patch1001:      1001-Change-branding-to-IPA-and-Identity-Management.patch
 Patch1002:      1002-4.8.0-Remove-csrgen.patch
 Patch1003:      1003-Revert-WebUI-use-python3-rjsmin-to-minify-JavaScript.patch
 %endif
 # RHEL spec file only: END
 # For the timestamp trick in patch application
 BuildRequires:  diffstat
@ -202,6 +227,7 @@ BuildRequires:  pkgconfig
 BuildRequires:  pkgconf
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  make
 BuildRequires:  libtool
 BuildRequires:  gettext
 BuildRequires:  gettext-devel
@ -226,7 +252,7 @@ BuildRequires:  libsss_certmap-devel
 BuildRequires:  libsss_nss_idmap-devel >= %{sssd_version}
 BuildRequires:  nodejs(abi)
 # use old dependency on RHEL 8 for now
-%if 0%{?fedora} >= 31 || 0%{?rhel} > 8
+%if 0%{?fedora} >= 31 || 0%{?rhel} >= 9
 BuildRequires:  python3-rjsmin
 %else
 BuildRequires:  uglify-js
@ -283,6 +309,7 @@ BuildRequires:  jsl
 BuildRequires:  nss-tools
 BuildRequires:  rpmlint
 BuildRequires:  softhsm
 BuildRequires:  keyutils
 BuildRequires:  python3-augeas
 BuildRequires:  python3-cffi
@ -309,7 +336,7 @@ BuildRequires:  python3-polib
 BuildRequires:  python3-pyasn1
 BuildRequires:  python3-pyasn1-modules
 BuildRequires:  python3-pycodestyle
-%if 0%{?fedora} || %{?rhel} > 8
+%if 0%{?fedora} || 0%{?rhel} > 8
 # https://bugzilla.redhat.com/show_bug.cgi?id=1648299
 BuildRequires:  python3-pylint >= 2.1.1-2
 %else
@ -339,10 +366,8 @@ BuildRequires:  krb5-server >= %{krb5_version}
 # ONLY_CLIENT
 %endif
 #
 # Build dependencies for SELinux policy
-# 3.14.6-9 includes fix for https://github.com/fedora-selinux/selinux-policy/pull/333
+%if %{with selinux}
 %if 0%{?with_selinux}
 BuildRequires:  selinux-policy-devel >= %{selinux_policy_version}
 %endif
@ -369,7 +394,6 @@ Requires: nss-tools >= %{nss_version}
 Requires(post): krb5-server >= %{krb5_version}
 Requires(post): krb5-server >= %{krb5_base_version}
 Requires: krb5-kdb-version = %{krb5_kdb_version}
 Requires: krb5-pkinit-openssl >= %{krb5_version}
 Requires: cyrus-sasl-gssapi%{?_isa}
 Requires: chrony
@ -431,6 +455,13 @@ Obsoletes: %{name}-server <= 4.2.0
 # member.
 Conflicts: nss-pam-ldapd < 0.8.4
 # RHEL spec file only: START: Do not build tests
 %if 0%{?rhel} == 8
 # ipa-tests subpackage was moved to separate srpm
 Conflicts: ipa-tests < 3.3.3-9
 %endif
 # RHEL spec file only: END: Do not build tests
 %description server
 IPA is an integrated solution to provide centrally managed Identity (users,
 hosts, services), Authentication (SSO, 2FA), and Authorization
@ -454,7 +485,7 @@ Requires: python3-dbus
 Requires: python3-dns >= 1.15
 Requires: python3-gssapi >= 1.2.0
 Requires: python3-ipaclient = %{version}-%{release}
-Requires: python3-kdcproxy >= 0.4.1
+Requires: python3-kdcproxy >= %{kdcproxy_version}
 Requires: python3-lxml
 Requires: python3-pki >= %{pki_version}
 Requires: python3-pyasn1 >= 0.3.2-2
@ -468,7 +499,6 @@ Requires: python3-urllib3 >= 1.24.2-3
 Requires: python3-urllib3 >= 1.25.7
 %endif
 %description -n python3-ipaserver
 IPA is an integrated solution to provide centrally managed Identity (users,
 hosts, services), Authentication (SSO, 2FA), and Authorization
@ -484,6 +514,10 @@ BuildArch: noarch
 Requires: %{name}-client-common = %{version}-%{release}
 Requires: httpd >= %{httpd_version}
 Requires: systemd-units >= %{systemd_version}
 Requires: custodia >= 0.3.1
 %if 0%{?rhel} >= 8
 Requires: redhat-logos-ipa >= 80.4
 %endif
 Provides: %{alt_name}-server-common = %{version}
 Conflicts: %{alt_name}-server-common
@ -502,22 +536,19 @@ If you are installing an IPA server, you need to install this package.
 Summary: IPA integrated DNS server with support for automatic DNSSEC signing
 BuildArch: noarch
 Requires: %{name}-server = %{version}-%{release}
-Requires: bind-dyndb-ldap >= 11.0-2
+Requires: bind-dyndb-ldap >= 11.2-2
-Requires: bind >= 9.11.0-6.P2
+Requires: bind >= %{bind_version}
-Requires: bind-utils >= 9.11.0-6.P2
+Requires: bind-utils >= %{bind_version}
 %if %{with bind_pkcs11}
-Requires: bind-pkcs11 >= 9.11.0-6.P2
+Requires: bind-pkcs11 >= %{bind_version}
-Requires: bind-pkcs11-utils >= 9.11.0-6.P2
+Requires: bind-pkcs11-utils >= %{bind_version}
 %else
 Requires: softhsm >= %{softhsm_version}
 Requires: openssl-pkcs11 >= %{openssl_pkcs11_version}
 %endif
 %if 0%{?fedora} >= 32 || 0%{?rhel} >= 9
 # See https://bugzilla.redhat.com/show_bug.cgi?id=1825812
 # RHEL 8.3+ and Fedora 32+ have 2.1
 Requires: opendnssec >= 2.1.6-5
 %else
 Requires: opendnssec >= 1.4.6-4
 %endif
 %{?systemd_requires}
 Provides: %{alt_name}-server-dns = %{version}
@ -540,7 +571,9 @@ Requires: %{name}-common = %{version}-%{release}
 Requires: samba >= %{samba_version}
 Requires: samba-winbind
 Requires: libsss_idmap
-
+%if 0%{?rhel}
 Obsoletes: ipa-idoverride-memberof-plugin <= 0.1
 %endif
 Requires(post): python3
 Requires: python3-samba
 Requires: python3-libsss_nss_idmap
@ -612,6 +645,11 @@ Obsoletes: %{alt_name}-admintools < 4.4.1
 Obsoletes: %{name}-admintools < 4.4.1
 Provides: %{name}-admintools = %{version}-%{release}
 %if 0%{?rhel} == 8
 # Conflict with crypto-policies < 20200629-1 to get AD-SUPPORT policy module
 Conflicts: crypto-policies < 20200629-1
 %endif
 %description client
 IPA is an integrated solution to provide centrally managed Identity (users,
 hosts, services), Authentication (SSO, 2FA), and Authorization
@ -642,12 +680,11 @@ on the machine enrolled into a FreeIPA environment
 %package client-epn
 Summary: Tools to configure Expiring Password Notification in IPA
 Group: System Environment/Base
-Requires: systemd-units
+Requires: %{name}-client = %{version}-%{release}
 Requires: systemd-units >= %{systemd_version}
 Requires(post): systemd-units >= %{systemd_version}
 Requires(preun): systemd-units >= %{systemd_version}
 Requires(postun): systemd-units >= %{systemd_version}
 Requires: %{name}-client = %{version}-%{release}
 %description client-epn
 This package provides a service to collect and send expiring password
@ -673,7 +710,6 @@ and integration with Active Directory based infrastructures (Trusts).
 If your network uses IPA for authentication, this package should be
 installed on every client machine.
 %package client-common
 Summary: Common files used by IPA client
 BuildArch: noarch
@ -753,10 +789,14 @@ Requires: python3-pyasn1-modules >= 0.3.2-2
 Requires: python3-pyusb
 Requires: python3-qrcode-core >= 5.0.0
 Requires: python3-requests
 Requires: python3-setuptools
 Requires: python3-six
 Requires: python3-sss-murmur
 Requires: python3-yubico >= 1.3.2-7
 %if 0%{?rhel} && 0%{?rhel} >= 8
 Requires: platform-python-setuptools
 %else
 Requires: python3-setuptools
 %endif
 %description -n python3-ipalib
 IPA is an integrated solution to provide centrally managed Identity (users,
@ -803,18 +843,25 @@ BuildArch: noarch
 Requires: python3-ipaclient = %{version}-%{release}
 Requires: python3-ipaserver = %{version}-%{release}
 Requires: iptables
 Requires: ldns-utils
 Requires: python3-coverage
 Requires: python3-cryptography >= 1.6
 %if 0%{?fedora}
 # These packages do not exist on RHEL and for ipatests use
 # they are installed on the controller through other means
 Requires: ldns-utils
 Requires: python3-polib
 Requires: python3-pytest >= 3.9.1
 Requires: python3-pytest-multihost >= 0.5
 Requires: python3-pytest-sourceorder
 Requires: sshpass
 %endif
 Requires: python3-sssdconfig >= %{sssd_version}
 Requires: tar
 Requires: xz
 Requires: openssh-clients
-Requires: sshpass
+%if 0%{?rhel}
 AutoReqProv: no
 %endif
 %description -n python3-ipatests
 IPA is an integrated solution to provide centrally managed Identity (users,
@ -824,21 +871,23 @@ features for further integration with Linux based clients (SUDO, automount)
 and integration with Active Directory based infrastructures (Trusts).
 This package contains tests that verify IPA functionality under Python 3.
-# with_ipatests
+# with ipatests
 %endif
 %if %{with selinux}
 # SELinux subpackage
 %package selinux
 Summary:             FreeIPA SELinux policy
 BuildArch:           noarch
 Requires:            %{name}-server = %{version}-%{release}
 Requires:            selinux-policy-%{selinuxtype}
 Requires(post):      selinux-policy-%{selinuxtype}
 %{?selinux_requires}
 %description selinux
 Custom SELinux policy module for FreeIPA
-# with_selinux
+# with selinux
 %endif
@ -925,6 +974,18 @@ ln -frs %{buildroot}%{_bindir}/ipa-test-task-%{python3_version} %{buildroot}%{_b
 # remove files which are useful only for make uninstall
 find %{buildroot} -wholename '*/site-packages/*/install_files.txt' -exec rm {} \;
 %if 0%{?rhel}
 # RHEL spec file only: START
 # Moved branding logos and background to redhat-logos-ipa-80.4:
 # header-logo.png, login-screen-background.jpg, login-screen-logo.png,
 # product-name.png
 rm -f %{buildroot}%{_usr}/share/ipa/ui/images/header-logo.png
 rm -f %{buildroot}%{_usr}/share/ipa/ui/images/login-screen-background.jpg
 rm -f %{buildroot}%{_usr}/share/ipa/ui/images/login-screen-logo.png
 rm -f %{buildroot}%{_usr}/share/ipa/ui/images/product-name.png
 %endif
 # RHEL spec file only: END
 %find_lang %{gettext_domain}
 %if ! %{ONLY_CLIENT}
@ -1006,6 +1067,11 @@ if [  $? -eq 0 ]; then
    if [  $? -eq 0 ]; then
        /bin/systemctl restart ipa.service >/dev/null
    fi
    /bin/systemctl is-enabled ipa-ccache-sweep.timer >/dev/null 2>&1
    if [  $? -eq 1 ]; then
        /bin/systemctl enable ipa-ccache-sweep.timer>/dev/null
    fi
 fi
 # END
@ -1188,6 +1254,7 @@ if [ -f '/etc/ssh/sshd_config' -a $restore -ge 2 ]; then
    fi
 fi
 %triggerin client -- openssh-server >= 8.2
 # Has the client been configured?
 restore=0
@ -1252,6 +1319,7 @@ fi
 %{_libexecdir}/certmonger/dogtag-ipa-ca-renew-agent-submit
 %{_libexecdir}/certmonger/ipa-server-guard
 %dir %{_libexecdir}/ipa
 %{_libexecdir}/ipa/ipa-ccache-sweeper
 %{_libexecdir}/ipa/ipa-custodia
 %{_libexecdir}/ipa/ipa-custodia-check
 %{_libexecdir}/ipa/ipa-httpd-kdcproxy
@ -1276,6 +1344,8 @@ fi
 %attr(644,root,root) %{_unitdir}/ipa.service
 %attr(644,root,root) %{_unitdir}/ipa-otpd.socket
 %attr(644,root,root) %{_unitdir}/ipa-otpd@.service
 %attr(644,root,root) %{_unitdir}/ipa-ccache-sweep.service
 %attr(644,root,root) %{_unitdir}/ipa-ccache-sweep.timer
 # END
 %attr(755,root,root) %{plugin_dir}/libipa_pwd_extop.so
 %attr(755,root,root) %{plugin_dir}/libipa_enrollment_extop.so
@ -1318,6 +1388,7 @@ fi
 %{_mandir}/man1/ipa-cert-fix.1*
 %{_mandir}/man1/ipa-acme-manage.1*
 %files -n python3-ipaserver
 %doc README.md Contributors.txt
 %license COPYING
@ -1373,8 +1444,15 @@ fi
 %{_usr}/share/ipa/ui/js/freeipa/core.js
 %dir %{_usr}/share/ipa/ui/js/plugins
 %dir %{_usr}/share/ipa/ui/images
 %if 0%{?rhel}
 %{_usr}/share/ipa/ui/images/facet-*.png
 # Moved branding logos and background to redhat-logos-ipa-80.4:
 # header-logo.png, login-screen-background.jpg, login-screen-logo.png,
 # product-name.png
 %else
 %{_usr}/share/ipa/ui/images/*.jpg
 %{_usr}/share/ipa/ui/images/*.png
 %endif
 %dir %{_usr}/share/ipa/wsgi
 %{_usr}/share/ipa/wsgi/plugins.py*
 %dir %{_sysconfdir}/ipa
@ -1472,6 +1550,7 @@ fi
 %{_sbindir}/ipa-client-samba
 %{_mandir}/man1/ipa-client-samba.1*
 %files client-epn
 %doc README.md Contributors.txt
 %dir %{_sysconfdir}/ipa/epn
@ -1502,6 +1581,9 @@ fi
 %dir %{python3_sitelib}/ipaclient/remote_plugins/2_*
 %{python3_sitelib}/ipaclient/remote_plugins/2_*/*.py
 %{python3_sitelib}/ipaclient/remote_plugins/2_*/__pycache__/*.py*
 %if 0%{?rhel}
 # RHEL spec file only: DELETED: Remove csrgen
 %else
 %dir %{python3_sitelib}/ipaclient/csrgen
 %dir %{python3_sitelib}/ipaclient/csrgen/profiles
 %{python3_sitelib}/ipaclient/csrgen/profiles/*.json
@ -1509,6 +1591,7 @@ fi
 %{python3_sitelib}/ipaclient/csrgen/rules/*.json
 %dir %{python3_sitelib}/ipaclient/csrgen/templates
 %{python3_sitelib}/ipaclient/csrgen/templates/*.tmpl
 %endif
 %{python3_sitelib}/ipaclient-*.egg-info
@ -1562,6 +1645,7 @@ fi
 %if %{with ipatests}
 %files -n python3-ipatests
 %doc README.md Contributors.txt
 %license COPYING
@ -1580,17 +1664,21 @@ fi
 %{_mandir}/man1/ipa-test-config.1*
 %{_mandir}/man1/ipa-test-task.1*
-# with_ipatests
+# with ipatests
 %endif
 %if %{with selinux}
 %files selinux
 %{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.*
 %ghost %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
-# with_selinux
+# with selinux
 %endif
 %changelog
 * Fri Dec  4 13:41:28 EET 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.9.0-0.2.rc2
 - FreeIPA 4.9.0 release candidate 2
 * Thu Nov 19 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.9.0-0.1.rc1
 - Use correct bind PKCS11 engine dependencies
 - Fix SELinux build requirement
--- a/4
+++ b/4
@ -1,2 +1,2 @@
-SHA512 (freeipa-4.9.0rc1.tar.gz) = 384ac0163f3977311ef523a6ed71ac8ceb33347d44f89763583e97e8e50eed2f9ec94e32f23dc8d9514c8e7e26d03ae859d045e9a1dd17b3f0cdd0fced82d464
+SHA512 (freeipa-4.9.0rc2.tar.gz) = bc4282102451195e4c25b38b72dcea76eaffbf0a9f516d1c09df1c104ba8fdee0185db7131c85aaee54d2fd0ef88f4730f30479f26980ea4d74ab52b4c4c4469
-SHA512 (freeipa-4.9.0rc1.tar.gz.asc) = 2be55c28456c07104bb45984d2c6d804730e90172e9288b21ae45dc5542fceddbb621b96c3e3e5e2b613ebfa55c792727adfb43b349d2069d150f42067c91bf2
+SHA512 (freeipa-4.9.0rc2.tar.gz.asc) = 21943770e057aaf85ed67582b6d64e5bdde7d10bd3b0588a3aae46a249467c740208838fc9e7cb8a687cad55588030005241a9ab9903e24b83b96cee96f770da
`@ -1,2 +1,2 @@`
	`SHA512 (freeipa-4.9.0rc1.tar.gz) = 384ac0163f3977311ef523a6ed71ac8ceb33347d44f89763583e97e8e50eed2f9ec94e32f23dc8d9514c8e7e26d03ae859d045e9a1dd17b3f0cdd0fced82d464`	`SHA512 (freeipa-4.9.0rc2.tar.gz) = bc4282102451195e4c25b38b72dcea76eaffbf0a9f516d1c09df1c104ba8fdee0185db7131c85aaee54d2fd0ef88f4730f30479f26980ea4d74ab52b4c4c4469`
	`SHA512 (freeipa-4.9.0rc1.tar.gz.asc) = 2be55c28456c07104bb45984d2c6d804730e90172e9288b21ae45dc5542fceddbb621b96c3e3e5e2b613ebfa55c792727adfb43b349d2069d150f42067c91bf2`	`SHA512 (freeipa-4.9.0rc2.tar.gz.asc) = 21943770e057aaf85ed67582b6d64e5bdde7d10bd3b0588a3aae46a249467c740208838fc9e7cb8a687cad55588030005241a9ab9903e24b83b96cee96f770da`