import OL ipa-4.12.2-14.0.1.el9_6.3

2025-09-17 06:53:40 +00:00 · 2025-09-17 06:53:40 +00:00 · cb6ffd73bc
commit cb6ffd73bc
parent 209c9d5327
3 changed files with 100 additions and 2 deletions
--- a/SOURCES/0058-ipa-sidgen-fix-memory-leak-in-ipa_sidgen_add_post_op.patch
+++ b/SOURCES/0058-ipa-sidgen-fix-memory-leak-in-ipa_sidgen_add_post_op.patch
@ -0,0 +1,42 @@
+From 1aac0a5f7e0702e23e0ba6dad726734b5d75710d Mon Sep 17 00:00:00 2001
+From: Julien Rische <jrische@redhat.com>
+Date: Mon, 31 Mar 2025 11:50:41 +0200
+Subject: [PATCH] ipa-sidgen: fix memory leak in ipa_sidgen_add_post_op
+
+Also remove unused "search_pb" variable and its associated free
+functions.
+
+Fixes: https://pagure.io/freeipa/issue/9772
+Signed-off-by: Julien Rische <jrische@redhat.com>
+Reviewed-By: Rob Crittenden <rcritten@redhat.com>
+Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
+---
+ daemons/ipa-slapi-plugins/ipa-sidgen/ipa_sidgen.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/daemons/ipa-slapi-plugins/ipa-sidgen/ipa_sidgen.c b/daemons/ipa-slapi-plugins/ipa-sidgen/ipa_sidgen.c
+index 99e6b850b04145cefcb7830df5fe4b36adec45de..35ecef228d7fac1e7009dbf97983089755aa6768 100644
+--- a/daemons/ipa-slapi-plugins/ipa-sidgen/ipa_sidgen.c
+++ b/daemons/ipa-slapi-plugins/ipa-sidgen/ipa_sidgen.c
+@@ -81,7 +81,6 @@ static int ipa_sidgen_add_post_op(Slapi_PBlock *pb)
+     const char *dn_str;
+     Slapi_DN *dn = NULL;
+     struct ipa_sidgen_ctx *ctx;
+-    Slapi_PBlock *search_pb = NULL;
+     char *errmsg = NULL;
+ 
+     ret = slapi_pblock_get(pb, SLAPI_IS_REPLICATED_OPERATION, &is_repl_op);
+@@ -152,9 +151,8 @@ static int ipa_sidgen_add_post_op(Slapi_PBlock *pb)
+ 
+     ret = 0;
+ done:
+-    slapi_free_search_results_internal(search_pb);
+-    slapi_pblock_destroy(search_pb);
+     slapi_sdn_free(&dn);
+    slapi_entry_free(entry);
+ 
+     if (ret != 0) {
+         if (errmsg == NULL) {
+-- 
+2.50.0
+
--- a/SOURCES/0059-ipatests-use-sos-report-instead-of-sosreport-command.patch
+++ b/SOURCES/0059-ipatests-use-sos-report-instead-of-sosreport-command.patch
@ -0,0 +1,40 @@
+From 1c789f5ffde5d443fa2ce6ccfc4eb55f9a8afb4c Mon Sep 17 00:00:00 2001
+From: Florence Blanc-Renaud <flo@redhat.com>
+Date: Tue, 25 Feb 2025 10:24:56 +0100
+Subject: [PATCH] ipatests: use "sos report" instead of "sosreport" command
+
+The "soscommand" has been deprecated and "sos report" should be
+used instead. The redirector was removed in sos 4.9.
+
+Fixes: https://pagure.io/freeipa/issue/9752
+Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
+Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
+---
+ ipatests/test_integration/test_ipahealthcheck.py | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/ipatests/test_integration/test_ipahealthcheck.py b/ipatests/test_integration/test_ipahealthcheck.py
+index 7c3f5857a477070d8a9b52c04d41f35ac580c97f..05a0adb24a3f26d70d0690462e7c0fefbf98c6e6 100644
+--- a/ipatests/test_integration/test_ipahealthcheck.py
+++ b/ipatests/test_integration/test_ipahealthcheck.py
+@@ -1405,7 +1405,7 @@ class TestIpaHealthCheck(IntegrationTest):
+         msg = "[plugin:ipa] collecting path '{}'".format(HEALTHCHECK_LOG)
+         cmd = self.master.run_command(
+             [
+-                "sosreport",
+                "sos", "report",
+                 "-o",
+                 "ipa",
+                 "--case-id",
+@@ -1508,7 +1508,7 @@ class TestIpaHealthCheck(IntegrationTest):
+         caseid = "123456"
+         self.master.run_command(
+             [
+-                "sosreport",
+                "sos", "report",
+                 "-o",
+                 "ipa",
+                 "--case-id",
+-- 
+2.50.1
+
--- a/SPECS/freeipa.spec
+++ b/SPECS/freeipa.spec
@ -218,7 +218,7 @@

 Name:           %{package_name}
 Version:        %{IPA_VERSION}
-Release:        14%{?rc_version:.%rc_version}%{?dist}.1
+Release:        14%{?rc_version:.%rc_version}.0.1%{?dist}.3
 Summary:        The Identity, Policy and Audit system

 License:        GPL-3.0-or-later
@ -299,6 +299,8 @@ Patch0054:      0054-Align-startup_timeout-with-the-systemd-default-and-d.patch
 Patch0055:      0055-dns-only-disable-unbound-when-DoT-is-enabled.patch
 Patch0056:      0056-kdb-keep-ipadb_get_connection-from-succeeding-with-n.patch
 Patch0057:      0057-Set-krbCanonicalName-admin-REALM-on-the-admin-user.patch
+Patch0058:      0058-ipa-sidgen-fix-memory-leak-in-ipa_sidgen_add_post_op.patch
+Patch0059:      0059-ipatests-use-sos-report-instead-of-sosreport-command.patch
 Patch1001:      1001-Change-branding-to-IPA-and-Identity-Management.patch
 %endif
 %endif
@ -627,6 +629,7 @@ BuildArch: noarch
 Requires: %{name}-client-common = %{version}-%{release}
 Requires: httpd >= %{httpd_version}
 Requires: systemd-units >= %{systemd_version}
+Requires: bind >= %{bind_version}
 %if 0%{?rhel} >= 8 && ! 0%{?eln}
 Requires: system-logos-ipa >= 80.4
 %endif
@ -1101,7 +1104,8 @@ autoreconf -ivf
           %{enable_server_option} \
           %{with_ipatests_option} \
           %{with_ipa_join_xml_option} \
-           %{linter_options}
+           %{linter_options} \
+           --with-ipaplatform=rhel

 # run build in default dir
 # -Onone is workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1398405
@ -1945,6 +1949,18 @@ fi
 %endif

 %changelog
+* Tue Sep 16 2025 EL Errata <el-errata_ww@oracle.com> - 4.12.2-14.0.1.3
+- Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674]
+- Add bind to ipa-server-common Requires [Orabug: 36518596]
+
+* Tue Jul 29 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-14.3
+- Resolves: RHEL-106165
+  ipatests: use "sos report" instead of "sosreport" command
+
+* Tue Jul 22 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-14.2
+- Resolves: RHEL-104857
+  ipa-sidgen: fix memory leak in ipa_sidgen_add_post_op() [rhel-9.6.z]
+
 * Thu May 15 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-14.1
 - Resolves: RHEL-89908
  EMBARGOED CVE-2025-4404 ipa: Privilege escalation from host to domain admin in FreeIPA