import ipa-4.8.4-2.module+el8.2.0+5265+c70de5c4
This commit is contained in:
parent
7c8968e6e6
commit
d1dc358eba
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
||||
SOURCES/freeipa-4.7.90.pre1.tar.gz
|
||||
SOURCES/freeipa-4.8.4.tar.gz
|
||||
|
@ -1 +1 @@
|
||||
a61a3e7f174a021934368252c4773da6238de820 SOURCES/freeipa-4.7.90.pre1.tar.gz
|
||||
72c91f01b2039795223417dc6761edf8ee0f36ee SOURCES/freeipa-4.8.4.tar.gz
|
||||
|
@ -1,30 +0,0 @@
|
||||
From 486ba017ceab1fb240f2fc48fea6169bc8c97319 Mon Sep 17 00:00:00 2001
|
||||
From: Adam Williamson <awilliam@redhat.com>
|
||||
Date: Wed, 1 May 2019 16:19:53 -0700
|
||||
Subject: [PATCH] Correct default fontawesome path (broken by da2cf1c5)
|
||||
|
||||
On Fedora/RHEL, it does not have a dash in it. The changes in
|
||||
da2cf1c5 inadvertently added a dash to the path in the 'base'
|
||||
paths definition (used on Fedora/RHEL), so the font wasn't found.
|
||||
|
||||
Signed-off-by: Adam Williamson <awilliam@redhat.com>
|
||||
---
|
||||
ipaplatform/base/paths.py | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
|
||||
index 1cd2591bc..e1d396690 100644
|
||||
--- a/ipaplatform/base/paths.py
|
||||
+++ b/ipaplatform/base/paths.py
|
||||
@@ -249,7 +249,7 @@ class BasePathNamespace:
|
||||
USERADD = "/usr/sbin/useradd"
|
||||
FONTS_DIR = "/usr/share/fonts"
|
||||
FONTS_OPENSANS_DIR = "/usr/share/fonts/open-sans"
|
||||
- FONTS_FONTAWESOME_DIR = "/usr/share/fonts/font-awesome"
|
||||
+ FONTS_FONTAWESOME_DIR = "/usr/share/fonts/fontawesome"
|
||||
USR_SHARE_IPA_DIR = "/usr/share/ipa/"
|
||||
USR_SHARE_IPA_CLIENT_DIR = "/usr/share/ipa/client"
|
||||
CA_TOPOLOGY_ULDIF = "/usr/share/ipa/ca-topology.uldif"
|
||||
--
|
||||
2.21.0
|
||||
|
@ -0,0 +1,47 @@
|
||||
From 2c2cef7063315766d893b275185b422be3f3c019 Mon Sep 17 00:00:00 2001
|
||||
From: Thomas Woerner <twoerner@redhat.com>
|
||||
Date: Dec 16 2019 20:37:17 +0000
|
||||
Subject: DNS install check: Fix overlapping DNS zone from the master itself
|
||||
|
||||
|
||||
The change to allow overlapping zone to be from the master itself has
|
||||
introduced two issues: The check for the master itself should only executed
|
||||
if options.force and options.allow_zone_overlap are both false and the
|
||||
reverse zone check later on was still handling ValueError instead of
|
||||
dnsutil.DNSZoneAlreadyExists.
|
||||
|
||||
Both issues have been fixed and the deployment with existing name servers
|
||||
is properly working again.
|
||||
|
||||
Fixes: https://pagure.io/freeipa/issue/8150
|
||||
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
|
||||
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
|
||||
|
||||
---
|
||||
|
||||
diff --git a/ipaserver/install/dns.py b/ipaserver/install/dns.py
|
||||
index 36ba6f8..9f08e86 100644
|
||||
--- a/ipaserver/install/dns.py
|
||||
+++ b/ipaserver/install/dns.py
|
||||
@@ -135,15 +135,15 @@ def install_check(standalone, api, replica, options, hostname):
|
||||
logger.warning("%s Please make sure that the domain is "
|
||||
"properly delegated to this IPA server.",
|
||||
e)
|
||||
-
|
||||
- hst = dnsutil.DNSName(hostname).make_absolute().to_text()
|
||||
- if hst not in e.kwargs['ns']:
|
||||
- raise ValueError(str(e))
|
||||
+ else:
|
||||
+ hst = dnsutil.DNSName(hostname).make_absolute().to_text()
|
||||
+ if hst not in e.kwargs['ns']:
|
||||
+ raise ValueError(str(e))
|
||||
|
||||
for reverse_zone in options.reverse_zones:
|
||||
try:
|
||||
dnsutil.check_zone_overlap(reverse_zone)
|
||||
- except ValueError as e:
|
||||
+ except dnsutil.DNSZoneAlreadyExists as e:
|
||||
if options.force or options.allow_zone_overlap:
|
||||
logger.warning('%s', str(e))
|
||||
else:
|
||||
|
@ -1,32 +0,0 @@
|
||||
From b3378c32603e83ea3d4651cee3af99e644a30457 Mon Sep 17 00:00:00 2001
|
||||
From: Rob Crittenden <rcritten@redhat.com>
|
||||
Date: Fri, 20 Jul 2018 11:06:55 -0400
|
||||
Subject: [PATCH] No need to call rhel-specific domainname service
|
||||
|
||||
It was moved upstream into hostname package which named it
|
||||
nis-domainname. When it was in the initscripts package there were
|
||||
separate fedora-domainname and rhel-domainname services.
|
||||
|
||||
From F29+ it will be nis-domainname. We can use that as well in
|
||||
RHEL 8.
|
||||
---
|
||||
ipaplatform/rhel/services.py | 3 ---
|
||||
1 file changed, 3 deletions(-)
|
||||
|
||||
diff --git a/ipaplatform/rhel/services.py b/ipaplatform/rhel/services.py
|
||||
index 1403d08..06fa633 100644
|
||||
--- a/ipaplatform/rhel/services.py
|
||||
+++ b/ipaplatform/rhel/services.py
|
||||
@@ -30,9 +30,6 @@ from ipaplatform.redhat import services as redhat_services
|
||||
# to their actual systemd service names
|
||||
rhel_system_units = redhat_services.redhat_system_units
|
||||
|
||||
-# Service that sets domainname on RHEL is called rhel-domainname.service
|
||||
-rhel_system_units['domainname'] = 'rhel-domainname.service'
|
||||
-
|
||||
|
||||
# Service classes that implement RHEL-specific behaviour
|
||||
|
||||
--
|
||||
2.13.6
|
||||
|
@ -1,136 +0,0 @@
|
||||
From 8177734d3b6c141c251c74ee29d223a7d414ab13 Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Bokovoy <abokovoy@redhat.com>
|
||||
Date: Wed, 1 May 2019 21:25:31 +0300
|
||||
Subject: [PATCH] Revert "Require a minimum SASL security factor of 56"
|
||||
|
||||
This reverts commit 350954589774499d99bf87cb5631c664bb0707c4.
|
||||
---
|
||||
install/share/Makefile.am | 1 -
|
||||
install/share/min-ssf.ldif | 14 --------------
|
||||
ipalib/constants.py | 3 ---
|
||||
ipapython/ipaldap.py | 17 ++---------------
|
||||
ipaserver/install/dsinstance.py | 5 -----
|
||||
5 files changed, 2 insertions(+), 38 deletions(-)
|
||||
delete mode 100644 install/share/min-ssf.ldif
|
||||
|
||||
diff --git a/install/share/Makefile.am b/install/share/Makefile.am
|
||||
index be83bdf75..8d039d95c 100644
|
||||
--- a/install/share/Makefile.am
|
||||
+++ b/install/share/Makefile.am
|
||||
@@ -94,7 +94,6 @@ dist_app_DATA = \
|
||||
ipa-kdc-proxy.conf.template \
|
||||
ipa-pki-proxy.conf.template \
|
||||
ipa-rewrite.conf.template \
|
||||
- min-ssf.ldif \
|
||||
ipaca_default.ini \
|
||||
ipaca_customize.ini \
|
||||
ipaca_softhsm2.ini \
|
||||
diff --git a/install/share/min-ssf.ldif b/install/share/min-ssf.ldif
|
||||
deleted file mode 100644
|
||||
index 1c2566f84..000000000
|
||||
--- a/install/share/min-ssf.ldif
|
||||
+++ /dev/null
|
||||
@@ -1,14 +0,0 @@
|
||||
-# config
|
||||
-# pretend SSF for LDAPI connections
|
||||
-# nsslapd-localssf must be equal to or greater than nsslapd-minssf
|
||||
-dn: cn=config
|
||||
-changetype: modify
|
||||
-replace: nsslapd-localssf
|
||||
-nsslapd-localssf: 256
|
||||
-
|
||||
-# minimum security strength factor for SASL and TLS
|
||||
-# 56 is considered weak, but some old clients announce wrong SSF.
|
||||
-dn: cn=config
|
||||
-changetype: modify
|
||||
-replace: nsslapd-minssf
|
||||
-nsslapd-minssf: 56
|
||||
diff --git a/ipalib/constants.py b/ipalib/constants.py
|
||||
index bcf6f3373..c22dd26ae 100644
|
||||
--- a/ipalib/constants.py
|
||||
+++ b/ipalib/constants.py
|
||||
@@ -311,9 +311,6 @@ TLS_VERSIONS = [
|
||||
]
|
||||
TLS_VERSION_MINIMAL = "tls1.0"
|
||||
|
||||
-# minimum SASL secure strength factor for LDAP connections
|
||||
-# 56 provides backwards compatibility with old libraries.
|
||||
-LDAP_SSF_MIN_THRESHOLD = 56
|
||||
|
||||
# Use cache path
|
||||
USER_CACHE_PATH = (
|
||||
diff --git a/ipapython/ipaldap.py b/ipapython/ipaldap.py
|
||||
index d9d67be1d..9ff443fe4 100644
|
||||
--- a/ipapython/ipaldap.py
|
||||
+++ b/ipapython/ipaldap.py
|
||||
@@ -43,9 +43,7 @@ import six
|
||||
|
||||
# pylint: disable=ipa-forbidden-import
|
||||
from ipalib import errors, x509, _
|
||||
-from ipalib.constants import (
|
||||
- LDAP_GENERALIZED_TIME_FORMAT, LDAP_SSF_MIN_THRESHOLD
|
||||
-)
|
||||
+from ipalib.constants import LDAP_GENERALIZED_TIME_FORMAT
|
||||
# pylint: enable=ipa-forbidden-import
|
||||
from ipaplatform.paths import paths
|
||||
from ipapython.ipautil import format_netloc, CIDict
|
||||
@@ -105,8 +103,7 @@ def realm_to_ldapi_uri(realm_name):
|
||||
return 'ldapi://' + ldapurl.ldapUrlEscape(socketname)
|
||||
|
||||
|
||||
-def ldap_initialize(uri, cacertfile=None,
|
||||
- ssf_min_threshold=LDAP_SSF_MIN_THRESHOLD):
|
||||
+def ldap_initialize(uri, cacertfile=None):
|
||||
"""Wrapper around ldap.initialize()
|
||||
|
||||
The function undoes global and local ldap.conf settings that may cause
|
||||
@@ -117,10 +114,6 @@ def ldap_initialize(uri, cacertfile=None,
|
||||
locations, also known as system-wide trust store.
|
||||
* Cert validation is enforced.
|
||||
* SSLv2 and SSLv3 are disabled.
|
||||
- * Require a minimum SASL security factor of 56. That level ensures
|
||||
- data integrity and confidentiality. Although at least AES128 is
|
||||
- enforced pretty much everywhere, 56 is required for backwards
|
||||
- compatibility with systems that announce wrong SSF.
|
||||
"""
|
||||
conn = ldap.initialize(uri)
|
||||
|
||||
@@ -128,12 +121,6 @@ def ldap_initialize(uri, cacertfile=None,
|
||||
conn.set_option(ldap.OPT_X_SASL_NOCANON, ldap.OPT_ON)
|
||||
|
||||
if not uri.startswith('ldapi://'):
|
||||
- # require a minimum SSF for TCP connections, but don't lower SSF_MIN
|
||||
- # if the current value is already larger.
|
||||
- cur_min_ssf = conn.get_option(ldap.OPT_X_SASL_SSF_MIN)
|
||||
- if cur_min_ssf < ssf_min_threshold:
|
||||
- conn.set_option(ldap.OPT_X_SASL_SSF_MIN, ssf_min_threshold)
|
||||
-
|
||||
if cacertfile:
|
||||
if not os.path.isfile(cacertfile):
|
||||
raise IOError(errno.ENOENT, cacertfile)
|
||||
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
|
||||
index 8240e3043..9f05db1db 100644
|
||||
--- a/ipaserver/install/dsinstance.py
|
||||
+++ b/ipaserver/install/dsinstance.py
|
||||
@@ -324,8 +324,6 @@ class DsInstance(service.Service):
|
||||
else:
|
||||
self.step("importing CA certificates from LDAP",
|
||||
self.__import_ca_certs)
|
||||
- # set min SSF after DS is configured for TLS
|
||||
- self.step("require minimal SSF", self.__min_ssf)
|
||||
self.step("restarting directory server", self.__restart_instance)
|
||||
|
||||
self.start_creation()
|
||||
@@ -1243,9 +1241,6 @@ class DsInstance(service.Service):
|
||||
dm_password=self.dm_password
|
||||
)
|
||||
|
||||
- def __min_ssf(self):
|
||||
- self._ldap_mod("min-ssf.ldif")
|
||||
-
|
||||
def __add_sudo_binduser(self):
|
||||
self._ldap_mod("sudobind.ldif", self.sub_dict)
|
||||
|
||||
--
|
||||
2.21.0
|
||||
|
@ -1,44 +0,0 @@
|
||||
From 528a21996734467be193673e4f987e7e3acc3ad9 Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Bokovoy <abokovoy@redhat.com>
|
||||
Date: Sat, 11 May 2019 11:54:40 +0300
|
||||
Subject: [PATCH] upgrade: adtrust - catch empty result when retrieving list of
|
||||
trusts
|
||||
|
||||
Upgrade failure when ipa-server-upgrade is being run on a system with no
|
||||
trust established but trust configured
|
||||
|
||||
Fixes: https://pagure.io/freeipa/issue/7939
|
||||
---
|
||||
ipaserver/install/plugins/adtrust.py | 16 +++++++++++-----
|
||||
1 file changed, 11 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/ipaserver/install/plugins/adtrust.py b/ipaserver/install/plugins/adtrust.py
|
||||
index 6b4e2caa2..cdc3a8b04 100644
|
||||
--- a/ipaserver/install/plugins/adtrust.py
|
||||
+++ b/ipaserver/install/plugins/adtrust.py
|
||||
@@ -609,11 +609,17 @@ class update_tdo_to_new_layout(Updater):
|
||||
|
||||
trusts_dn = self.api.env.container_adtrusts + self.api.env.basedn
|
||||
|
||||
- trusts = ldap.get_entries(
|
||||
- base_dn=trusts_dn,
|
||||
- scope=ldap.SCOPE_ONELEVEL,
|
||||
- filter=self.trust_filter,
|
||||
- attrs_list=self.trust_attrs)
|
||||
+ # We might be in a situation when no trusts exist yet
|
||||
+ # In such case there is nothing to upgrade but we have to catch
|
||||
+ # an exception or it will abort the whole upgrade process
|
||||
+ try:
|
||||
+ trusts = ldap.get_entries(
|
||||
+ base_dn=trusts_dn,
|
||||
+ scope=ldap.SCOPE_ONELEVEL,
|
||||
+ filter=self.trust_filter,
|
||||
+ attrs_list=self.trust_attrs)
|
||||
+ except errors.EmptyResult:
|
||||
+ trusts = []
|
||||
|
||||
# For every trust, retrieve its principals and convert
|
||||
for t_entry in trusts:
|
||||
--
|
||||
2.21.0
|
||||
|
File diff suppressed because one or more lines are too long
@ -1,3 +1,12 @@
|
||||
Addtional patches that need to be partly reverted that are touching csrgen
|
||||
related files:
|
||||
|
||||
7b8a2af2197381058ca532d1ae206defb16fac88
|
||||
ac6568dcf58ec8d06df5493d14a28aa41845d4ef
|
||||
9c86d35a3f0af4a793fada7dfe726e9cc66782ea
|
||||
9836511a2b6d7cf48b1a54cb3158e5eac674081a
|
||||
b431e9b684df11c811892bd9d2a5711355f0076e
|
||||
|
||||
This is a collection of an existing patch to remove csrgen for 4.7.1 and
|
||||
additional patches that have been added for 4.7.90 pre1.
|
||||
|
||||
@ -91,10 +100,10 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1432630
|
||||
delete mode 100644 ipatests/test_ipaclient/data/test_csrgen/templates/identity_base.tmpl
|
||||
delete mode 100644 ipatests/test_ipaclient/test_csrgen.py
|
||||
|
||||
diff -urN freeipa-4.7.90.pre1.orig/freeipa.spec.in freeipa-4.7.90.pre1/freeipa.spec.in
|
||||
--- freeipa-4.7.90.pre1.orig/freeipa.spec.in 2019-04-29 08:28:24.722860593 +0200
|
||||
+++ freeipa-4.7.90.pre1/freeipa.spec.in 2019-05-06 18:31:26.443792711 +0200
|
||||
@@ -1225,13 +1225,6 @@
|
||||
diff -urN freeipa-4.8.0/freeipa.spec.in freeipa-4.8.0.removed_csrgen/freeipa.spec.in
|
||||
--- freeipa-4.8.0/freeipa.spec.in 2019-06-29 10:01:30.458735813 +0200
|
||||
+++ freeipa-4.8.0.removed_csrgen/freeipa.spec.in 2019-07-03 13:24:38.471222723 +0200
|
||||
@@ -1247,13 +1247,6 @@
|
||||
%dir %{python3_sitelib}/ipaclient/remote_plugins/2_*
|
||||
%{python3_sitelib}/ipaclient/remote_plugins/2_*/*.py
|
||||
%{python3_sitelib}/ipaclient/remote_plugins/2_*/__pycache__/*.py*
|
||||
@ -108,9 +117,9 @@ diff -urN freeipa-4.7.90.pre1.orig/freeipa.spec.in freeipa-4.7.90.pre1/freeipa.s
|
||||
%{python3_sitelib}/ipaclient-*.egg-info
|
||||
|
||||
|
||||
diff -urN freeipa-4.7.90.pre1.orig/ipaclient/csrgen/profiles/caIPAserviceCert.json freeipa-4.7.90.pre1/ipaclient/csrgen/profiles/caIPAserviceCert.json
|
||||
--- freeipa-4.7.90.pre1.orig/ipaclient/csrgen/profiles/caIPAserviceCert.json 2019-04-29 17:06:41.408224320 +0200
|
||||
+++ freeipa-4.7.90.pre1/ipaclient/csrgen/profiles/caIPAserviceCert.json 1970-01-01 01:00:00.000000000 +0100
|
||||
diff -urN freeipa-4.8.0/ipaclient/csrgen/profiles/caIPAserviceCert.json freeipa-4.8.0.removed_csrgen/ipaclient/csrgen/profiles/caIPAserviceCert.json
|
||||
--- freeipa-4.8.0/ipaclient/csrgen/profiles/caIPAserviceCert.json 2019-07-03 08:42:41.844539797 +0200
|
||||
+++ freeipa-4.8.0.removed_csrgen/ipaclient/csrgen/profiles/caIPAserviceCert.json 1970-01-01 01:00:00.000000000 +0100
|
||||
@@ -1,15 +0,0 @@
|
||||
-[
|
||||
- {
|
||||
@ -127,9 +136,9 @@ diff -urN freeipa-4.7.90.pre1.orig/ipaclient/csrgen/profiles/caIPAserviceCert.js
|
||||
- ]
|
||||
- }
|
||||
-]
|
||||
diff -urN freeipa-4.7.90.pre1.orig/ipaclient/csrgen/profiles/userCert.json freeipa-4.7.90.pre1/ipaclient/csrgen/profiles/userCert.json
|
||||
--- freeipa-4.7.90.pre1.orig/ipaclient/csrgen/profiles/userCert.json 2019-04-29 17:06:41.417224194 +0200
|
||||
+++ freeipa-4.7.90.pre1/ipaclient/csrgen/profiles/userCert.json 1970-01-01 01:00:00.000000000 +0100
|
||||
diff -urN freeipa-4.8.0/ipaclient/csrgen/profiles/userCert.json freeipa-4.8.0.removed_csrgen/ipaclient/csrgen/profiles/userCert.json
|
||||
--- freeipa-4.8.0/ipaclient/csrgen/profiles/userCert.json 2019-07-03 08:42:41.848539737 +0200
|
||||
+++ freeipa-4.8.0.removed_csrgen/ipaclient/csrgen/profiles/userCert.json 1970-01-01 01:00:00.000000000 +0100
|
||||
@@ -1,15 +0,0 @@
|
||||
-[
|
||||
- {
|
||||
@ -146,9 +155,9 @@ diff -urN freeipa-4.7.90.pre1.orig/ipaclient/csrgen/profiles/userCert.json freei
|
||||
- ]
|
||||
- }
|
||||
-]
|
||||
diff -urN freeipa-4.7.90.pre1.orig/ipaclient/csrgen/rules/dataDNS.json freeipa-4.7.90.pre1/ipaclient/csrgen/rules/dataDNS.json
|
||||
--- freeipa-4.7.90.pre1.orig/ipaclient/csrgen/rules/dataDNS.json 2019-04-29 17:06:41.422224125 +0200
|
||||
+++ freeipa-4.7.90.pre1/ipaclient/csrgen/rules/dataDNS.json 1970-01-01 01:00:00.000000000 +0100
|
||||
diff -urN freeipa-4.8.0/ipaclient/csrgen/rules/dataDNS.json freeipa-4.8.0.removed_csrgen/ipaclient/csrgen/rules/dataDNS.json
|
||||
--- freeipa-4.8.0/ipaclient/csrgen/rules/dataDNS.json 2019-07-03 08:42:41.853539663 +0200
|
||||
+++ freeipa-4.8.0.removed_csrgen/ipaclient/csrgen/rules/dataDNS.json 1970-01-01 01:00:00.000000000 +0100
|
||||
@@ -1,8 +0,0 @@
|
||||
-{
|
||||
- "rule": {
|
||||
@ -158,9 +167,9 @@ diff -urN freeipa-4.7.90.pre1.orig/ipaclient/csrgen/rules/dataDNS.json freeipa-4
|
||||
- "data_source": "subject.krbprincipalname.0.partition('/')[2].partition('@')[0]"
|
||||
- }
|
||||
-}
|
||||
diff -urN freeipa-4.7.90.pre1.orig/ipaclient/csrgen/rules/dataEmail.json freeipa-4.7.90.pre1/ipaclient/csrgen/rules/dataEmail.json
|
||||
--- freeipa-4.7.90.pre1.orig/ipaclient/csrgen/rules/dataEmail.json 2019-04-29 17:06:41.426224069 +0200
|
||||
+++ freeipa-4.7.90.pre1/ipaclient/csrgen/rules/dataEmail.json 1970-01-01 01:00:00.000000000 +0100
|
||||
diff -urN freeipa-4.8.0/ipaclient/csrgen/rules/dataEmail.json freeipa-4.8.0.removed_csrgen/ipaclient/csrgen/rules/dataEmail.json
|
||||
--- freeipa-4.8.0/ipaclient/csrgen/rules/dataEmail.json 2019-07-03 08:42:41.857539603 +0200
|
||||
+++ freeipa-4.8.0.removed_csrgen/ipaclient/csrgen/rules/dataEmail.json 1970-01-01 01:00:00.000000000 +0100
|
||||
@@ -1,8 +0,0 @@
|
||||
-{
|
||||
- "rule": {
|
||||
@ -170,9 +179,9 @@ diff -urN freeipa-4.7.90.pre1.orig/ipaclient/csrgen/rules/dataEmail.json freeipa
|
||||
- "data_source": "subject.mail.0"
|
||||
- }
|
||||
-}
|
||||
diff -urN freeipa-4.7.90.pre1.orig/ipaclient/csrgen/rules/dataHostCN.json freeipa-4.7.90.pre1/ipaclient/csrgen/rules/dataHostCN.json
|
||||
--- freeipa-4.7.90.pre1.orig/ipaclient/csrgen/rules/dataHostCN.json 2019-04-29 17:06:41.430224013 +0200
|
||||
+++ freeipa-4.7.90.pre1/ipaclient/csrgen/rules/dataHostCN.json 1970-01-01 01:00:00.000000000 +0100
|
||||
diff -urN freeipa-4.8.0/ipaclient/csrgen/rules/dataHostCN.json freeipa-4.8.0.removed_csrgen/ipaclient/csrgen/rules/dataHostCN.json
|
||||
--- freeipa-4.8.0/ipaclient/csrgen/rules/dataHostCN.json 2019-07-03 08:42:41.861539544 +0200
|
||||
+++ freeipa-4.8.0.removed_csrgen/ipaclient/csrgen/rules/dataHostCN.json 1970-01-01 01:00:00.000000000 +0100
|
||||
@@ -1,8 +0,0 @@
|
||||
-{
|
||||
- "rule": {
|
||||
@ -182,9 +191,9 @@ diff -urN freeipa-4.7.90.pre1.orig/ipaclient/csrgen/rules/dataHostCN.json freeip
|
||||
- "data_source": "subject.krbprincipalname.0.partition('/')[2].partition('@')[0]"
|
||||
- }
|
||||
-}
|
||||
diff -urN freeipa-4.7.90.pre1.orig/ipaclient/csrgen/rules/dataSubjectBase.json freeipa-4.7.90.pre1/ipaclient/csrgen/rules/dataSubjectBase.json
|
||||
--- freeipa-4.7.90.pre1.orig/ipaclient/csrgen/rules/dataSubjectBase.json 2019-04-29 17:06:41.437223916 +0200
|
||||
+++ freeipa-4.7.90.pre1/ipaclient/csrgen/rules/dataSubjectBase.json 1970-01-01 01:00:00.000000000 +0100
|
||||
diff -urN freeipa-4.8.0/ipaclient/csrgen/rules/dataSubjectBase.json freeipa-4.8.0.removed_csrgen/ipaclient/csrgen/rules/dataSubjectBase.json
|
||||
--- freeipa-4.8.0/ipaclient/csrgen/rules/dataSubjectBase.json 2019-07-03 08:42:41.865539484 +0200
|
||||
+++ freeipa-4.8.0.removed_csrgen/ipaclient/csrgen/rules/dataSubjectBase.json 1970-01-01 01:00:00.000000000 +0100
|
||||
@@ -1,8 +0,0 @@
|
||||
-{
|
||||
- "rule": {
|
||||
@ -194,9 +203,9 @@ diff -urN freeipa-4.7.90.pre1.orig/ipaclient/csrgen/rules/dataSubjectBase.json f
|
||||
- "data_source": "config.ipacertificatesubjectbase.0"
|
||||
- }
|
||||
-}
|
||||
diff -urN freeipa-4.7.90.pre1.orig/ipaclient/csrgen/rules/dataUsernameCN.json freeipa-4.7.90.pre1/ipaclient/csrgen/rules/dataUsernameCN.json
|
||||
--- freeipa-4.7.90.pre1.orig/ipaclient/csrgen/rules/dataUsernameCN.json 2019-04-29 17:06:41.449223748 +0200
|
||||
+++ freeipa-4.7.90.pre1/ipaclient/csrgen/rules/dataUsernameCN.json 1970-01-01 01:00:00.000000000 +0100
|
||||
diff -urN freeipa-4.8.0/ipaclient/csrgen/rules/dataUsernameCN.json freeipa-4.8.0.removed_csrgen/ipaclient/csrgen/rules/dataUsernameCN.json
|
||||
--- freeipa-4.8.0/ipaclient/csrgen/rules/dataUsernameCN.json 2019-07-03 08:42:41.869539424 +0200
|
||||
+++ freeipa-4.8.0.removed_csrgen/ipaclient/csrgen/rules/dataUsernameCN.json 1970-01-01 01:00:00.000000000 +0100
|
||||
@@ -1,8 +0,0 @@
|
||||
-{
|
||||
- "rule": {
|
||||
@ -206,9 +215,9 @@ diff -urN freeipa-4.7.90.pre1.orig/ipaclient/csrgen/rules/dataUsernameCN.json fr
|
||||
- "data_source": "subject.uid.0"
|
||||
- }
|
||||
-}
|
||||
diff -urN freeipa-4.7.90.pre1.orig/ipaclient/csrgen/rules/syntaxSAN.json freeipa-4.7.90.pre1/ipaclient/csrgen/rules/syntaxSAN.json
|
||||
--- freeipa-4.7.90.pre1.orig/ipaclient/csrgen/rules/syntaxSAN.json 2019-04-29 17:06:41.456223650 +0200
|
||||
+++ freeipa-4.7.90.pre1/ipaclient/csrgen/rules/syntaxSAN.json 1970-01-01 01:00:00.000000000 +0100
|
||||
diff -urN freeipa-4.8.0/ipaclient/csrgen/rules/syntaxSAN.json freeipa-4.8.0.removed_csrgen/ipaclient/csrgen/rules/syntaxSAN.json
|
||||
--- freeipa-4.8.0/ipaclient/csrgen/rules/syntaxSAN.json 2019-07-03 08:42:41.874539350 +0200
|
||||
+++ freeipa-4.8.0.removed_csrgen/ipaclient/csrgen/rules/syntaxSAN.json 1970-01-01 01:00:00.000000000 +0100
|
||||
@@ -1,8 +0,0 @@
|
||||
-{
|
||||
- "rule": {
|
||||
@ -218,9 +227,9 @@ diff -urN freeipa-4.7.90.pre1.orig/ipaclient/csrgen/rules/syntaxSAN.json freeipa
|
||||
- "extension": true
|
||||
- }
|
||||
-}
|
||||
diff -urN freeipa-4.7.90.pre1.orig/ipaclient/csrgen/rules/syntaxSubject.json freeipa-4.7.90.pre1/ipaclient/csrgen/rules/syntaxSubject.json
|
||||
--- freeipa-4.7.90.pre1.orig/ipaclient/csrgen/rules/syntaxSubject.json 2019-04-29 17:06:41.461223581 +0200
|
||||
+++ freeipa-4.7.90.pre1/ipaclient/csrgen/rules/syntaxSubject.json 1970-01-01 01:00:00.000000000 +0100
|
||||
diff -urN freeipa-4.8.0/ipaclient/csrgen/rules/syntaxSubject.json freeipa-4.8.0.removed_csrgen/ipaclient/csrgen/rules/syntaxSubject.json
|
||||
--- freeipa-4.8.0/ipaclient/csrgen/rules/syntaxSubject.json 2019-07-03 08:42:41.878539290 +0200
|
||||
+++ freeipa-4.8.0.removed_csrgen/ipaclient/csrgen/rules/syntaxSubject.json 1970-01-01 01:00:00.000000000 +0100
|
||||
@@ -1,9 +0,0 @@
|
||||
-{
|
||||
- "rule": {
|
||||
@ -231,9 +240,9 @@ diff -urN freeipa-4.7.90.pre1.orig/ipaclient/csrgen/rules/syntaxSubject.json fre
|
||||
- "data_source_combinator": "and"
|
||||
- }
|
||||
-}
|
||||
diff -urN freeipa-4.7.90.pre1.orig/ipaclient/csrgen/templates/openssl_base.tmpl freeipa-4.7.90.pre1/ipaclient/csrgen/templates/openssl_base.tmpl
|
||||
--- freeipa-4.7.90.pre1.orig/ipaclient/csrgen/templates/openssl_base.tmpl 2019-04-29 17:06:41.469223469 +0200
|
||||
+++ freeipa-4.7.90.pre1/ipaclient/csrgen/templates/openssl_base.tmpl 1970-01-01 01:00:00.000000000 +0100
|
||||
diff -urN freeipa-4.8.0/ipaclient/csrgen/templates/openssl_base.tmpl freeipa-4.8.0.removed_csrgen/ipaclient/csrgen/templates/openssl_base.tmpl
|
||||
--- freeipa-4.8.0/ipaclient/csrgen/templates/openssl_base.tmpl 2019-07-03 08:42:41.882539231 +0200
|
||||
+++ freeipa-4.8.0.removed_csrgen/ipaclient/csrgen/templates/openssl_base.tmpl 1970-01-01 01:00:00.000000000 +0100
|
||||
@@ -1,17 +0,0 @@
|
||||
-{% raw -%}
|
||||
-{% import "openssl_macros.tmpl" as openssl -%}
|
||||
@ -252,9 +261,9 @@ diff -urN freeipa-4.7.90.pre1.orig/ipaclient/csrgen/templates/openssl_base.tmpl
|
||||
-{% endif %}
|
||||
-{{ openssl.openssl_sections|join('\n\n') }}
|
||||
-{%- endraw %}
|
||||
diff -urN freeipa-4.7.90.pre1.orig/ipaclient/csrgen/templates/openssl_macros.tmpl freeipa-4.7.90.pre1/ipaclient/csrgen/templates/openssl_macros.tmpl
|
||||
--- freeipa-4.7.90.pre1.orig/ipaclient/csrgen/templates/openssl_macros.tmpl 2019-04-29 17:06:41.475223385 +0200
|
||||
+++ freeipa-4.7.90.pre1/ipaclient/csrgen/templates/openssl_macros.tmpl 1970-01-01 01:00:00.000000000 +0100
|
||||
diff -urN freeipa-4.8.0/ipaclient/csrgen/templates/openssl_macros.tmpl freeipa-4.8.0.removed_csrgen/ipaclient/csrgen/templates/openssl_macros.tmpl
|
||||
--- freeipa-4.8.0/ipaclient/csrgen/templates/openssl_macros.tmpl 2019-07-03 08:42:41.886539171 +0200
|
||||
+++ freeipa-4.8.0.removed_csrgen/ipaclient/csrgen/templates/openssl_macros.tmpl 1970-01-01 01:00:00.000000000 +0100
|
||||
@@ -1,29 +0,0 @@
|
||||
-{# List containing rendered sections to be included at end #}
|
||||
-{% set openssl_sections = [] %}
|
||||
@ -285,10 +294,10 @@ diff -urN freeipa-4.7.90.pre1.orig/ipaclient/csrgen/templates/openssl_macros.tmp
|
||||
-[ {{ name }} ]
|
||||
-{{ contents -}}
|
||||
-{% endmacro %}
|
||||
diff -urN freeipa-4.7.90.pre1.orig/ipaclient/csrgen_ffi.py freeipa-4.7.90.pre1/ipaclient/csrgen_ffi.py
|
||||
--- freeipa-4.7.90.pre1.orig/ipaclient/csrgen_ffi.py 2019-04-29 17:06:41.367224892 +0200
|
||||
+++ freeipa-4.7.90.pre1/ipaclient/csrgen_ffi.py 1970-01-01 01:00:00.000000000 +0100
|
||||
@@ -1,331 +0,0 @@
|
||||
diff -urN freeipa-4.8.0/ipaclient/csrgen_ffi.py freeipa-4.8.0.removed_csrgen/ipaclient/csrgen_ffi.py
|
||||
--- freeipa-4.8.0/ipaclient/csrgen_ffi.py 2019-07-03 08:42:41.816540214 +0200
|
||||
+++ freeipa-4.8.0.removed_csrgen/ipaclient/csrgen_ffi.py 1970-01-01 01:00:00.000000000 +0100
|
||||
@@ -1,387 +0,0 @@
|
||||
-from cffi import FFI
|
||||
-import ctypes.util
|
||||
-
|
||||
@ -297,6 +306,48 @@ diff -urN freeipa-4.7.90.pre1.orig/ipaclient/csrgen_ffi.py freeipa-4.7.90.pre1/i
|
||||
-_ffi = FFI()
|
||||
-
|
||||
-_ffi.cdef('''
|
||||
-/* libcrypto/crypto.h */
|
||||
-unsigned long OpenSSL_version_num(void);
|
||||
-unsigned long SSLeay(void);
|
||||
-const char * OpenSSL_version(int t);
|
||||
-const char * SSLeay_version(int t);
|
||||
-
|
||||
-#define OPENSSL_VERSION 0
|
||||
-''')
|
||||
-
|
||||
-_libcrypto = _ffi.dlopen(ctypes.util.find_library('crypto'))
|
||||
-
|
||||
-# SSLeay_version has been renamed with OpenSSL_version in OpenSSL 1.1.0
|
||||
-# LibreSSL has OpenSSL_version since 2.7.0
|
||||
-try:
|
||||
- OpenSSL_version = _libcrypto.OpenSSL_version
|
||||
-except AttributeError:
|
||||
- OpenSSL_version = _libcrypto.SSLeay_version
|
||||
-
|
||||
-_version = OpenSSL_version(_libcrypto.OPENSSL_VERSION)
|
||||
-_version = _ffi.string(_version).decode('utf-8')
|
||||
-LIBRESSL = _version.startswith('LibreSSL')
|
||||
-if not _version.startswith("OpenSSL") and not LIBRESSL:
|
||||
- raise ImportError("Only LibreSSL and OpenSSL are supported")
|
||||
-
|
||||
-# SSLeay has been renamed with OpenSSL_version_num in OpenSSL 1.1.0
|
||||
-# LibreSSL has OpenSSL_version_num since 2.7.0
|
||||
-try:
|
||||
- OpenSSL_version_num = _libcrypto.OpenSSL_version_num
|
||||
-except AttributeError:
|
||||
- OpenSSL_version_num = _libcrypto.SSLeay
|
||||
-
|
||||
-# OpenSSL_version_num()/SSLeay() returns the value of OPENSSL_VERSION_NUMBER
|
||||
-#
|
||||
-# OPENSSL_VERSION_NUMBER is a numeric release version identifier:
|
||||
-# MNNFFPPS: major minor fix patch status
|
||||
-# For example,
|
||||
-# 0x000906000 == 0.9.6 dev
|
||||
-# 0x000906023 == 0.9.6b beta 3
|
||||
-# 0x00090605f == 0.9.6e release
|
||||
-_openssl_version = OpenSSL_version_num()
|
||||
-
|
||||
-_ffi.cdef('''
|
||||
-typedef ... CONF;
|
||||
-typedef ... CONF_METHOD;
|
||||
-typedef ... BIO;
|
||||
@ -350,7 +401,6 @@ diff -urN freeipa-4.7.90.pre1.orig/ipaclient/csrgen_ffi.py freeipa-4.7.90.pre1/i
|
||||
-typedef ... ASN1_BIT_STRING;
|
||||
-typedef ... ASN1_OBJECT;
|
||||
-typedef ... X509;
|
||||
-typedef ... X509_ALGOR;
|
||||
-typedef ... X509_CRL;
|
||||
-typedef ... X509_NAME;
|
||||
-typedef ... X509_PUBKEY;
|
||||
@ -364,14 +414,23 @@ diff -urN freeipa-4.7.90.pre1.orig/ipaclient/csrgen_ffi.py freeipa-4.7.90.pre1/i
|
||||
- /* d=2 hl=2 l= 0 cons: cont: 00 */
|
||||
- ipa_STACK_OF_X509_ATTRIBUTE *attributes; /* [ 0 ] */
|
||||
-} X509_REQ_INFO;
|
||||
-''')
|
||||
-
|
||||
-typedef struct X509_req_st {
|
||||
- X509_REQ_INFO *req_info;
|
||||
- X509_ALGOR *sig_alg;
|
||||
- ASN1_BIT_STRING *signature;
|
||||
- int references;
|
||||
-} X509_REQ;
|
||||
-# since OpenSSL 1.1.0 req_info field is no longer pointer to X509_REQ_INFO
|
||||
-if _openssl_version >= 0x10100000 and not LIBRESSL:
|
||||
- _ffi.cdef('''
|
||||
- typedef struct X509_req_st {
|
||||
- X509_REQ_INFO req_info;
|
||||
- } X509_REQ;
|
||||
- ''')
|
||||
-else:
|
||||
- _ffi.cdef('''
|
||||
- typedef struct X509_req_st {
|
||||
- X509_REQ_INFO *req_info;
|
||||
- } X509_REQ;
|
||||
- ''')
|
||||
-
|
||||
-_ffi.cdef('''
|
||||
-X509_REQ *X509_REQ_new(void);
|
||||
-void X509_REQ_free(X509_REQ *);
|
||||
-EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
|
||||
@ -409,10 +468,7 @@ diff -urN freeipa-4.7.90.pre1.orig/ipaclient/csrgen_ffi.py freeipa-4.7.90.pre1/i
|
||||
-char *ERR_error_string(unsigned long e, char *buf);
|
||||
-''') # noqa: E501
|
||||
-
|
||||
-_libcrypto = _ffi.dlopen(ctypes.util.find_library('crypto'))
|
||||
-
|
||||
-NULL = _ffi.NULL
|
||||
-
|
||||
-# openssl/conf.h
|
||||
-NCONF_new = _libcrypto.NCONF_new
|
||||
-NCONF_free = _libcrypto.NCONF_free
|
||||
@ -597,13 +653,22 @@ diff -urN freeipa-4.7.90.pre1.orig/ipaclient/csrgen_ffi.py freeipa-4.7.90.pre1/i
|
||||
- reqdata, ext_ctx, extn_section, req):
|
||||
- _raise_openssl_errors()
|
||||
-
|
||||
- der_len = i2d_X509_REQ_INFO(req.req_info, NULL)
|
||||
- if _openssl_version < 0x10100000 or LIBRESSL:
|
||||
- der_len = i2d_X509_REQ_INFO(req.req_info, NULL)
|
||||
- else:
|
||||
- req_info = _ffi.new("X509_REQ_INFO *", req.req_info)
|
||||
- der_len = i2d_X509_REQ_INFO(req_info, NULL)
|
||||
- req.req_info = req_info[0]
|
||||
- if der_len < 0:
|
||||
- _raise_openssl_errors()
|
||||
-
|
||||
- der_buf = _ffi.new("unsigned char[%d]" % der_len)
|
||||
- der_out = _ffi.new("unsigned char **", der_buf)
|
||||
- der_len = i2d_X509_REQ_INFO(req.req_info, der_out)
|
||||
- if _openssl_version < 0x10100000 or LIBRESSL:
|
||||
- der_len = i2d_X509_REQ_INFO(req.req_info, der_out)
|
||||
- else:
|
||||
- der_len = i2d_X509_REQ_INFO(req_info, der_out)
|
||||
- req.req_info = req_info[0]
|
||||
- if der_len < 0:
|
||||
- _raise_openssl_errors()
|
||||
-
|
||||
@ -620,9 +685,9 @@ diff -urN freeipa-4.7.90.pre1.orig/ipaclient/csrgen_ffi.py freeipa-4.7.90.pre1/i
|
||||
- BIO_free(pubkey_bio)
|
||||
- if pubkey != NULL:
|
||||
- EVP_PKEY_free(pubkey)
|
||||
diff -urN freeipa-4.7.90.pre1.orig/ipaclient/csrgen.py freeipa-4.7.90.pre1/ipaclient/csrgen.py
|
||||
--- freeipa-4.7.90.pre1.orig/ipaclient/csrgen.py 2019-04-29 17:06:41.360224990 +0200
|
||||
+++ freeipa-4.7.90.pre1/ipaclient/csrgen.py 1970-01-01 01:00:00.000000000 +0100
|
||||
diff -urN freeipa-4.8.0/ipaclient/csrgen.py freeipa-4.8.0.removed_csrgen/ipaclient/csrgen.py
|
||||
--- freeipa-4.8.0/ipaclient/csrgen.py 2019-07-03 08:42:41.811540288 +0200
|
||||
+++ freeipa-4.8.0.removed_csrgen/ipaclient/csrgen.py 1970-01-01 01:00:00.000000000 +0100
|
||||
@@ -1,488 +0,0 @@
|
||||
-#
|
||||
-# Copyright (C) 2016 FreeIPA Contributors see COPYING for license
|
||||
@ -1112,9 +1177,9 @@ diff -urN freeipa-4.7.90.pre1.orig/ipaclient/csrgen.py freeipa-4.7.90.pre1/ipacl
|
||||
-
|
||||
- def sign_csr(self, certification_request_info):
|
||||
- raise NotImplementedError('NSS is not yet supported')
|
||||
diff -urN freeipa-4.7.90.pre1.orig/ipaclient/plugins/cert.py freeipa-4.7.90.pre1/ipaclient/plugins/cert.py
|
||||
--- freeipa-4.7.90.pre1.orig/ipaclient/plugins/cert.py 2019-04-29 17:06:41.645221012 +0200
|
||||
+++ freeipa-4.7.90.pre1/ipaclient/plugins/cert.py 2019-05-06 18:31:28.384751096 +0200
|
||||
diff -urN freeipa-4.8.0/ipaclient/plugins/cert.py freeipa-4.8.0.removed_csrgen/ipaclient/plugins/cert.py
|
||||
--- freeipa-4.8.0/ipaclient/plugins/cert.py 2019-07-03 08:42:41.978537802 +0200
|
||||
+++ freeipa-4.8.0.removed_csrgen/ipaclient/plugins/cert.py 2019-07-03 13:24:38.477222594 +0200
|
||||
@@ -21,8 +21,6 @@
|
||||
|
||||
import base64
|
||||
@ -1222,9 +1287,9 @@ diff -urN freeipa-4.7.90.pre1.orig/ipaclient/plugins/cert.py freeipa-4.7.90.pre1
|
||||
|
||||
@register(override=True, no_fail=True)
|
||||
class cert_show(CertRetrieveOverride):
|
||||
diff -urN freeipa-4.7.90.pre1.orig/ipaclient/plugins/cert.py.orig freeipa-4.7.90.pre1/ipaclient/plugins/cert.py.orig
|
||||
--- freeipa-4.7.90.pre1.orig/ipaclient/plugins/cert.py.orig 1970-01-01 01:00:00.000000000 +0100
|
||||
+++ freeipa-4.7.90.pre1/ipaclient/plugins/cert.py.orig 2019-04-29 17:06:41.645221012 +0200
|
||||
diff -urN freeipa-4.8.0/ipaclient/plugins/cert.py.orig freeipa-4.8.0.removed_csrgen/ipaclient/plugins/cert.py.orig
|
||||
--- freeipa-4.8.0/ipaclient/plugins/cert.py.orig 1970-01-01 01:00:00.000000000 +0100
|
||||
+++ freeipa-4.8.0.removed_csrgen/ipaclient/plugins/cert.py.orig 2019-07-03 13:24:38.478222573 +0200
|
||||
@@ -0,0 +1,215 @@
|
||||
+# Authors:
|
||||
+# Andrew Wnuk <awnuk@redhat.com>
|
||||
@ -1441,9 +1506,9 @@ diff -urN freeipa-4.7.90.pre1.orig/ipaclient/plugins/cert.py.orig freeipa-4.7.90
|
||||
+ options.pop('file'))
|
||||
+
|
||||
+ return super(cert_find, self).forward(*args, **options)
|
||||
diff -urN freeipa-4.7.90.pre1.orig/ipaclient/plugins/csrgen.py freeipa-4.7.90.pre1/ipaclient/plugins/csrgen.py
|
||||
--- freeipa-4.7.90.pre1.orig/ipaclient/plugins/csrgen.py 2019-04-29 17:06:41.669220677 +0200
|
||||
+++ freeipa-4.7.90.pre1/ipaclient/plugins/csrgen.py 1970-01-01 01:00:00.000000000 +0100
|
||||
diff -urN freeipa-4.8.0/ipaclient/plugins/csrgen.py freeipa-4.8.0.removed_csrgen/ipaclient/plugins/csrgen.py
|
||||
--- freeipa-4.8.0/ipaclient/plugins/csrgen.py 2019-07-03 08:42:41.990537623 +0200
|
||||
+++ freeipa-4.8.0.removed_csrgen/ipaclient/plugins/csrgen.py 1970-01-01 01:00:00.000000000 +0100
|
||||
@@ -1,128 +0,0 @@
|
||||
-#
|
||||
-# Copyright (C) 2016 FreeIPA Contributors see COPYING for license
|
||||
@ -1573,9 +1638,9 @@ diff -urN freeipa-4.7.90.pre1.orig/ipaclient/plugins/csrgen.py freeipa-4.7.90.pr
|
||||
- return dict(
|
||||
- result=result
|
||||
- )
|
||||
diff -urN freeipa-4.7.90.pre1.orig/ipaclient/setup.py freeipa-4.7.90.pre1/ipaclient/setup.py
|
||||
--- freeipa-4.7.90.pre1.orig/ipaclient/setup.py 2019-04-29 17:06:41.393224529 +0200
|
||||
+++ freeipa-4.7.90.pre1/ipaclient/setup.py 2019-05-06 18:33:16.002443738 +0200
|
||||
diff -urN freeipa-4.8.0/ipaclient/setup.py freeipa-4.8.0.removed_csrgen/ipaclient/setup.py
|
||||
--- freeipa-4.8.0/ipaclient/setup.py 2019-07-03 08:42:41.836539916 +0200
|
||||
+++ freeipa-4.8.0.removed_csrgen/ipaclient/setup.py 2019-07-03 13:24:38.479222551 +0200
|
||||
@@ -41,13 +41,6 @@
|
||||
"ipaclient.remote_plugins.2_156",
|
||||
"ipaclient.remote_plugins.2_164",
|
||||
@ -1598,9 +1663,9 @@ diff -urN freeipa-4.7.90.pre1.orig/ipaclient/setup.py freeipa-4.7.90.pre1/ipacli
|
||||
"ldap": ["python-ldap"], # ipapython.ipaldap
|
||||
},
|
||||
zip_safe=False,
|
||||
diff -urN freeipa-4.7.90.pre1.orig/ipatests/test_ipaclient/data/test_csrgen/configs/caIPAserviceCert.conf freeipa-4.7.90.pre1/ipatests/test_ipaclient/data/test_csrgen/configs/caIPAserviceCert.conf
|
||||
--- freeipa-4.7.90.pre1.orig/ipatests/test_ipaclient/data/test_csrgen/configs/caIPAserviceCert.conf 2019-04-29 17:06:49.265114643 +0200
|
||||
+++ freeipa-4.7.90.pre1/ipatests/test_ipaclient/data/test_csrgen/configs/caIPAserviceCert.conf 1970-01-01 01:00:00.000000000 +0100
|
||||
diff -urN freeipa-4.8.0/ipatests/test_ipaclient/data/test_csrgen/configs/caIPAserviceCert.conf freeipa-4.8.0.removed_csrgen/ipatests/test_ipaclient/data/test_csrgen/configs/caIPAserviceCert.conf
|
||||
--- freeipa-4.8.0/ipatests/test_ipaclient/data/test_csrgen/configs/caIPAserviceCert.conf 2019-07-03 08:42:45.972478335 +0200
|
||||
+++ freeipa-4.8.0.removed_csrgen/ipatests/test_ipaclient/data/test_csrgen/configs/caIPAserviceCert.conf 1970-01-01 01:00:00.000000000 +0100
|
||||
@@ -1,16 +0,0 @@
|
||||
-[ req ]
|
||||
-prompt = no
|
||||
@ -1618,9 +1683,9 @@ diff -urN freeipa-4.7.90.pre1.orig/ipatests/test_ipaclient/data/test_csrgen/conf
|
||||
-
|
||||
-[ sec2 ]
|
||||
-subjectAltName = @sec1
|
||||
diff -urN freeipa-4.7.90.pre1.orig/ipatests/test_ipaclient/data/test_csrgen/configs/userCert.conf freeipa-4.7.90.pre1/ipatests/test_ipaclient/data/test_csrgen/configs/userCert.conf
|
||||
--- freeipa-4.7.90.pre1.orig/ipatests/test_ipaclient/data/test_csrgen/configs/userCert.conf 2019-04-29 17:06:49.277114475 +0200
|
||||
+++ freeipa-4.7.90.pre1/ipatests/test_ipaclient/data/test_csrgen/configs/userCert.conf 1970-01-01 01:00:00.000000000 +0100
|
||||
diff -urN freeipa-4.8.0/ipatests/test_ipaclient/data/test_csrgen/configs/userCert.conf freeipa-4.8.0.removed_csrgen/ipatests/test_ipaclient/data/test_csrgen/configs/userCert.conf
|
||||
--- freeipa-4.8.0/ipatests/test_ipaclient/data/test_csrgen/configs/userCert.conf 2019-07-03 08:42:45.976478276 +0200
|
||||
+++ freeipa-4.8.0.removed_csrgen/ipatests/test_ipaclient/data/test_csrgen/configs/userCert.conf 1970-01-01 01:00:00.000000000 +0100
|
||||
@@ -1,16 +0,0 @@
|
||||
-[ req ]
|
||||
-prompt = no
|
||||
@ -1638,9 +1703,9 @@ diff -urN freeipa-4.7.90.pre1.orig/ipatests/test_ipaclient/data/test_csrgen/conf
|
||||
-
|
||||
-[ sec2 ]
|
||||
-subjectAltName = @sec1
|
||||
diff -urN freeipa-4.7.90.pre1.orig/ipatests/test_ipaclient/data/test_csrgen/profiles/profile.json freeipa-4.7.90.pre1/ipatests/test_ipaclient/data/test_csrgen/profiles/profile.json
|
||||
--- freeipa-4.7.90.pre1.orig/ipatests/test_ipaclient/data/test_csrgen/profiles/profile.json 2019-04-29 17:06:49.283114391 +0200
|
||||
+++ freeipa-4.7.90.pre1/ipatests/test_ipaclient/data/test_csrgen/profiles/profile.json 1970-01-01 01:00:00.000000000 +0100
|
||||
diff -urN freeipa-4.8.0/ipatests/test_ipaclient/data/test_csrgen/profiles/profile.json freeipa-4.8.0.removed_csrgen/ipatests/test_ipaclient/data/test_csrgen/profiles/profile.json
|
||||
--- freeipa-4.8.0/ipatests/test_ipaclient/data/test_csrgen/profiles/profile.json 2019-07-03 08:42:45.980478216 +0200
|
||||
+++ freeipa-4.8.0.removed_csrgen/ipatests/test_ipaclient/data/test_csrgen/profiles/profile.json 1970-01-01 01:00:00.000000000 +0100
|
||||
@@ -1,8 +0,0 @@
|
||||
-[
|
||||
- {
|
||||
@ -1650,18 +1715,18 @@ diff -urN freeipa-4.7.90.pre1.orig/ipatests/test_ipaclient/data/test_csrgen/prof
|
||||
- ]
|
||||
- }
|
||||
-]
|
||||
diff -urN freeipa-4.7.90.pre1.orig/ipatests/test_ipaclient/data/test_csrgen/rules/basic.json freeipa-4.7.90.pre1/ipatests/test_ipaclient/data/test_csrgen/rules/basic.json
|
||||
--- freeipa-4.7.90.pre1.orig/ipatests/test_ipaclient/data/test_csrgen/rules/basic.json 2019-04-29 17:06:49.294114238 +0200
|
||||
+++ freeipa-4.7.90.pre1/ipatests/test_ipaclient/data/test_csrgen/rules/basic.json 1970-01-01 01:00:00.000000000 +0100
|
||||
diff -urN freeipa-4.8.0/ipatests/test_ipaclient/data/test_csrgen/rules/basic.json freeipa-4.8.0.removed_csrgen/ipatests/test_ipaclient/data/test_csrgen/rules/basic.json
|
||||
--- freeipa-4.8.0/ipatests/test_ipaclient/data/test_csrgen/rules/basic.json 2019-07-03 08:42:45.984478157 +0200
|
||||
+++ freeipa-4.8.0.removed_csrgen/ipatests/test_ipaclient/data/test_csrgen/rules/basic.json 1970-01-01 01:00:00.000000000 +0100
|
||||
@@ -1,5 +0,0 @@
|
||||
-{
|
||||
- "rule": {
|
||||
- "template": "openssl_rule"
|
||||
- }
|
||||
-}
|
||||
diff -urN freeipa-4.7.90.pre1.orig/ipatests/test_ipaclient/data/test_csrgen/rules/options.json freeipa-4.7.90.pre1/ipatests/test_ipaclient/data/test_csrgen/rules/options.json
|
||||
--- freeipa-4.7.90.pre1.orig/ipatests/test_ipaclient/data/test_csrgen/rules/options.json 2019-04-29 17:06:49.300114154 +0200
|
||||
+++ freeipa-4.7.90.pre1/ipatests/test_ipaclient/data/test_csrgen/rules/options.json 1970-01-01 01:00:00.000000000 +0100
|
||||
diff -urN freeipa-4.8.0/ipatests/test_ipaclient/data/test_csrgen/rules/options.json freeipa-4.8.0.removed_csrgen/ipatests/test_ipaclient/data/test_csrgen/rules/options.json
|
||||
--- freeipa-4.8.0/ipatests/test_ipaclient/data/test_csrgen/rules/options.json 2019-07-03 08:42:45.988478097 +0200
|
||||
+++ freeipa-4.8.0.removed_csrgen/ipatests/test_ipaclient/data/test_csrgen/rules/options.json 1970-01-01 01:00:00.000000000 +0100
|
||||
@@ -1,8 +0,0 @@
|
||||
-{
|
||||
- "rule": {
|
||||
@ -1671,14 +1736,14 @@ diff -urN freeipa-4.7.90.pre1.orig/ipatests/test_ipaclient/data/test_csrgen/rule
|
||||
- "rule_option": true
|
||||
- }
|
||||
-}
|
||||
diff -urN freeipa-4.7.90.pre1.orig/ipatests/test_ipaclient/data/test_csrgen/templates/identity_base.tmpl freeipa-4.7.90.pre1/ipatests/test_ipaclient/data/test_csrgen/templates/identity_base.tmpl
|
||||
--- freeipa-4.7.90.pre1.orig/ipatests/test_ipaclient/data/test_csrgen/templates/identity_base.tmpl 2019-04-29 17:06:49.313113973 +0200
|
||||
+++ freeipa-4.7.90.pre1/ipatests/test_ipaclient/data/test_csrgen/templates/identity_base.tmpl 1970-01-01 01:00:00.000000000 +0100
|
||||
diff -urN freeipa-4.8.0/ipatests/test_ipaclient/data/test_csrgen/templates/identity_base.tmpl freeipa-4.8.0.removed_csrgen/ipatests/test_ipaclient/data/test_csrgen/templates/identity_base.tmpl
|
||||
--- freeipa-4.8.0/ipatests/test_ipaclient/data/test_csrgen/templates/identity_base.tmpl 2019-07-03 08:42:45.993478023 +0200
|
||||
+++ freeipa-4.8.0.removed_csrgen/ipatests/test_ipaclient/data/test_csrgen/templates/identity_base.tmpl 1970-01-01 01:00:00.000000000 +0100
|
||||
@@ -1 +0,0 @@
|
||||
-{{ options|join(";") }}
|
||||
diff -urN freeipa-4.7.90.pre1.orig/ipatests/test_ipaclient/test_csrgen.py freeipa-4.7.90.pre1/ipatests/test_ipaclient/test_csrgen.py
|
||||
--- freeipa-4.7.90.pre1.orig/ipatests/test_ipaclient/test_csrgen.py 2019-04-29 17:06:49.251114838 +0200
|
||||
+++ freeipa-4.7.90.pre1/ipatests/test_ipaclient/test_csrgen.py 1970-01-01 01:00:00.000000000 +0100
|
||||
diff -urN freeipa-4.8.0/ipatests/test_ipaclient/test_csrgen.py freeipa-4.8.0.removed_csrgen/ipatests/test_ipaclient/test_csrgen.py
|
||||
--- freeipa-4.8.0/ipatests/test_ipaclient/test_csrgen.py 2019-07-03 08:42:45.963478469 +0200
|
||||
+++ freeipa-4.8.0.removed_csrgen/ipatests/test_ipaclient/test_csrgen.py 1970-01-01 01:00:00.000000000 +0100
|
||||
@@ -1,304 +0,0 @@
|
||||
-#
|
||||
-# Copyright (C) 2016 FreeIPA Contributors see COPYING for license
|
||||
@ -1941,7 +2006,7 @@ diff -urN freeipa-4.7.90.pre1.orig/ipatests/test_ipaclient/test_csrgen.py freeip
|
||||
-
|
||||
- with pytest.raises(
|
||||
- errors.CSRTemplateError,
|
||||
- message='unrecognised attribute type: X'):
|
||||
- match=r'^unrecognised attribute type: X$'):
|
||||
- csrgen_ffi.build_requestinfo(
|
||||
- config.encode('utf-8'), adaptor.get_subject_public_key_info())
|
||||
-
|
@ -1,16 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCgAdFiEEhAodHH8+xLL+UwQ1RxniuKu/YhoFAlzHE98ACgkQRxniuKu/
|
||||
YhrICw/8DE6jyt3bnUmzGiXdsV7q1KZUGSIC7GLpvbmewwpUVcXnplHiVCTjrNGI
|
||||
jw/jc6y9bIlvqfYNWjAmXNGXyB3AbXweaYRAEzntOHlAmFDlwMXv/D6JL0849/9/
|
||||
uRWEefIpHlw/P++WOxm+us7T9h/d6xEe1xY7vaaXVVPjRBewJqddG6ISJgWZ0DSR
|
||||
41b/kgOXEvBMOU+gsKCm1fCgKU6KcfwsFq39uSxmTfhKE/578eOUkSAracOwrP2Z
|
||||
RePKA4JKqw/Tttl26bgKAkAD8hxJhv6J1MYOSPKp7zssSKw1s1qiPbR6DdJGF/E0
|
||||
gqiJwLynZdkkMOsWqHvUK0NDT5LmDdluHBFDle+zupBy1CAE4y1fchsUh910wbRm
|
||||
LnrdtkXKUHtE+WGZianMSc1gHCB6EjipHx9iLTrcsGbjz9ziWRb6P6BLgbw2doPG
|
||||
mYQVMWBNLQi3gcAjN7IX1+dRWoam+ON/M0GMi5jSplqONBFUj5xwB8LFNV5VfIAu
|
||||
zJa0F5V0Qu5XbO7YFoihDcD1OF8fUyKtK+lGa0O/QazR37tl8m5mgYVjDErBx3F+
|
||||
ipiB40w+qA1MsJXqdOljoldTvJZCzN+kEJu8aMdQpKcIfkJjKQsrbrh0Ck3cmRHW
|
||||
vE3sApyx1p9XvoVtb6lz69B1XJu+Q+Gljlm7JSRLQ3p7GZTT7/Q=
|
||||
=5N4+
|
||||
-----END PGP SIGNATURE-----
|
16
SOURCES/freeipa-4.8.4.tar.gz.asc
Normal file
16
SOURCES/freeipa-4.8.4.tar.gz.asc
Normal file
@ -0,0 +1,16 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCgAdFiEEhAodHH8+xLL+UwQ1RxniuKu/YhoFAl302dsACgkQRxniuKu/
|
||||
Yhrd0RAAvUv30O5rSlww30kxqV3oQb5CIJYSGb/jpWMAhj1Nr+1Ye1P3rCyJLP4R
|
||||
+fVu23bgIywv8qkWPZdQxohkYCuiTZa8ogl3gXWJDRCp5f5oKWALzwU+Zlu8HlVj
|
||||
z8UAOFXEO1fYwvwpOPdr+gGiTS5pLq39EIBZSVjvuviXR0adwVcVvw0R2YXYmiLE
|
||||
x5uaM289YQ4hKY/V0rgqNn0nYiogFcFvSlhkM9oi4+JiKypocPqKTjM4n8EcdXv4
|
||||
rSJ6Zv6FgnyoREBITCZjKaTn8OTkhqhhzMOgMzWr8QSmNl44UKA9aq5ZIEJgEnMR
|
||||
N3vW6Br1f4TDJ3JyWeMoizQcNeTFyuoxN9HhGpvDotx+6g+j2yNfAK7ZZAtjULhm
|
||||
m13zb1svCbGtvRxB8QfIQe62l3drooimWRf5o9fgPVU0MIxgL7x7AulxrZekik6J
|
||||
NdwXiz75SKfbFZZWVdf9FjJkaBZ3CpJMJnDQiQyCs+xBWOpXYGYkz9a1NRoFgCdC
|
||||
y8bY9ErfzhLdcgjbZ3EE24FkWMBeUdW+BC4AYSChZlqUZ9CMTQIdyqPVSG/u5sc9
|
||||
2Rn1YasAfu0P3DJgRCI0BUcxkxFet5M8hfB0iuLE4OJTKnyhmmOUKmO2wUSw0QIr
|
||||
ogzzN9DF84wwXD1P4X6WFEzOOthCdLPUHyDo3u5fVIy4QWZZDlQ=
|
||||
=TTzs
|
||||
-----END PGP SIGNATURE-----
|
187
SPECS/ipa.spec
187
SPECS/ipa.spec
@ -55,26 +55,28 @@
|
||||
%if 0%{?rhel}
|
||||
%global package_name ipa
|
||||
%global alt_name freeipa
|
||||
%global krb5_version 1.16.1
|
||||
%global krb5_version 1.17-12
|
||||
%global krb5_kdb_version 7.0
|
||||
# 0.7.16: https://github.com/drkjam/netaddr/issues/71
|
||||
%global python_netaddr_version 0.7.16
|
||||
%global python_netaddr_version 0.7.19
|
||||
# Require 4.7.0 which brings Python 3 bindings
|
||||
%global samba_version 4.7.0
|
||||
%global selinux_policy_version 3.14.1-14
|
||||
%global samba_version 4.10.4-9
|
||||
# Require 3.14.3-24 - Allow ipa_ods_exporter_t domain to read krb5_keytab files
|
||||
%global selinux_policy_version 3.14.3-24
|
||||
%global slapi_nis_version 0.56.1-4
|
||||
%global python_ldap_version 3.1.0-1
|
||||
# python3-lib389
|
||||
# Fix for "Installation fails: Replica Busy"
|
||||
# https://pagure.io/389-ds-base/issue/49818
|
||||
%global ds_version 1.4.0.16
|
||||
# currently set to 1.4.1.3 until 389-ds rebases to 1.4.2
|
||||
%global ds_version 1.4.1.3
|
||||
|
||||
%else
|
||||
# Fedora
|
||||
%global package_name freeipa
|
||||
%global alt_name ipa
|
||||
# Fix for CVE-2018-20217
|
||||
%global krb5_version 1.17
|
||||
%global krb5_version 1.17-17
|
||||
%global krb5_kdb_version 7.0
|
||||
# 0.7.16: https://github.com/drkjam/netaddr/issues/71
|
||||
%global python_netaddr_version 0.7.16
|
||||
@ -101,10 +103,10 @@
|
||||
# 10.6.7 fixes UpdateNumberRange clone installation issue
|
||||
# https://pagure.io/freeipa/issue/7654 and empty token issue
|
||||
# and https://pagure.io/dogtagpki/issue/3073
|
||||
%global pki_version 10.6.8-3
|
||||
%global pki_version 10.8.0
|
||||
|
||||
# https://pagure.io/certmonger/issue/90
|
||||
%global certmonger_version 0.79.7-1
|
||||
%global certmonger_version 0.79.7-3
|
||||
|
||||
# NSS release with fix for p11-kit-proxy issue, affects F28
|
||||
# https://pagure.io/freeipa/issue/7810
|
||||
@ -114,15 +116,9 @@
|
||||
%global nss_version 3.41.0-1
|
||||
%endif
|
||||
|
||||
# There are issues currently with the sssd rebase to 2.1.0, therefore this
|
||||
# will be set to 2.0.0-43 for now.
|
||||
#global sssd_version 2.1.0-2
|
||||
%global sssd_version 2.0.0-43
|
||||
%global sssd_version 2.2.0-19
|
||||
|
||||
# python3-kdcproxy 0.4.1 is not in the repository, therefore 0.4 will be
|
||||
# used for now.
|
||||
#global kdcproxy_version 0.4.1
|
||||
%global kdcproxy_version 0.4
|
||||
%global kdcproxy_version 0.4-3
|
||||
|
||||
%global plugin_dir %{_libdir}/dirsrv/plugins
|
||||
%global etc_systemd_dir %{_sysconfdir}/systemd/system
|
||||
@ -132,16 +128,16 @@
|
||||
|
||||
# Work-around fact that RPM SPEC parser does not accept
|
||||
# "Version: @VERSION@" in freeipa.spec.in used for Autoconf string replacement
|
||||
%define IPA_VERSION 4.7.90.pre1
|
||||
%define IPA_VERSION 4.8.4
|
||||
%define AT_SIGN @
|
||||
# redefine IPA_VERSION only if its value matches the Autoconf placeholder
|
||||
%if "%{IPA_VERSION}" == "%{AT_SIGN}VERSION%{AT_SIGN}"
|
||||
%define IPA_VERSION nonsense.to.please.RPM.SPEC.parser
|
||||
%define IPA_VERSION nonsense.to.please.RPM.SPEC.parser
|
||||
%endif
|
||||
|
||||
Name: %{package_name}
|
||||
Version: %{IPA_VERSION}
|
||||
Release: 3%{?dist}
|
||||
Release: 2%{?dist}
|
||||
Summary: The Identity, Policy and Audit system
|
||||
|
||||
License: GPLv3+
|
||||
@ -156,16 +152,9 @@ Source1: https://releases.pagure.org/freeipa/freeipa-%{version}.tar.gz.as
|
||||
# RHEL spec file only: END: Change branding to IPA and Identity Management
|
||||
|
||||
# RHEL spec file only: START
|
||||
Patch0001: 0001-No-need-to-call-rhel-specific-domainname-service.patch
|
||||
|
||||
Patch0002: 0001-revert-minssf-defaults.patch
|
||||
# https://github.com/freeipa/freeipa/pull/3104
|
||||
# Fix an error in the path the webUI uses for fontawesome
|
||||
Patch0003: 0001-Correct-default-fontawesome-path-broken-by-da2cf1c5.patch
|
||||
Patch0004: 0002-upgrade-adtrust-when-no-trusts.patch
|
||||
|
||||
Patch0001: 0001-DNS-install-check-Fix-overlapping-DNS-zone-from-the-master-itself_2c2cef7_rhbz#1784003.patch
|
||||
Patch1001: 1001-Change-branding-to-IPA-and-Identity-Management.patch
|
||||
Patch1002: 1002-4.7.90pre1-Remove-csrgen.patch
|
||||
Patch1002: 1002-4.8.0-Remove-csrgen.patch
|
||||
# RHEL spec file only: END
|
||||
|
||||
# For the timestamp trick in patch application
|
||||
@ -325,6 +314,7 @@ Requires: openldap-clients > 2.4.35-4
|
||||
Requires: nss >= %{nss_version}
|
||||
Requires: nss-tools >= %{nss_version}
|
||||
Requires(post): krb5-server >= %{krb5_version}
|
||||
Requires(post): krb5-kdb-version = %{krb5_kdb_version}
|
||||
Requires: krb5-pkinit-openssl >= %{krb5_version}
|
||||
Requires: cyrus-sasl-gssapi%{?_isa}
|
||||
Requires: chrony
|
||||
@ -454,7 +444,7 @@ If you are installing an IPA server, you need to install this package.
|
||||
Summary: IPA integrated DNS server with support for automatic DNSSEC signing
|
||||
BuildArch: noarch
|
||||
Requires: %{name}-server = %{version}-%{release}
|
||||
Requires: bind-dyndb-ldap >= 11.0-2
|
||||
Requires: bind-dyndb-ldap >= 11.2-2
|
||||
Requires: bind >= 9.11.0-6.P2
|
||||
Requires: bind-utils >= 9.11.0-6.P2
|
||||
Requires: bind-pkcs11 >= 9.11.0-6.P2
|
||||
@ -558,6 +548,22 @@ If your network uses IPA for authentication, this package should be
|
||||
installed on every client machine.
|
||||
This package provides command-line tools for IPA administrators.
|
||||
|
||||
%package client-samba
|
||||
Summary: Tools to configure Samba on IPA client
|
||||
Group: System Environment/Base
|
||||
Requires: %{name}-client = %{version}-%{release}
|
||||
Requires: python3-samba
|
||||
Requires: samba-client
|
||||
Requires: samba-winbind
|
||||
Requires: samba-common-tools
|
||||
Requires: samba
|
||||
Requires: sssd-winbind-idmap
|
||||
Requires: tdb-tools
|
||||
Requires: cifs-utils
|
||||
|
||||
%description client-samba
|
||||
This package provides command-line tools to deploy Samba domain member
|
||||
on the machine enrolled into a FreeIPA environment
|
||||
|
||||
%package -n python3-ipaclient
|
||||
Summary: Python libraries used by IPA client
|
||||
@ -1001,11 +1007,17 @@ if [ $1 -gt 1 ] ; then
|
||||
cp /etc/ipa/ca.crt /var/lib/ipa-client/pki/kdc-ca-bundle.pem
|
||||
cp /etc/ipa/ca.crt /var/lib/ipa-client/pki/ca-bundle.pem
|
||||
fi
|
||||
|
||||
%{python} -c 'from ipaclient.install.client import configure_krb5_snippet; configure_krb5_snippet()' >>/var/log/ipaupgrade.log 2>&1
|
||||
fi
|
||||
|
||||
if [ $restore -ge 2 ]; then
|
||||
%{python} -c 'from ipaclient.install.client import update_ipa_nssdb; update_ipa_nssdb()' >/var/log/ipaupgrade.log 2>&1
|
||||
fi
|
||||
|
||||
if [ $restore -ge 2 ]; then
|
||||
sed -E --in-place=.orig 's/^(HostKeyAlgorithms ssh-rsa,ssh-dss)$/# disabled by ipa-client update\n# \1/' /etc/ssh/ssh_config
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
@ -1072,6 +1084,7 @@ fi
|
||||
%{_sbindir}/ipa-winsync-migrate
|
||||
%{_sbindir}/ipa-pkinit-manage
|
||||
%{_sbindir}/ipa-crlgen-manage
|
||||
%{_sbindir}/ipa-cert-fix
|
||||
%{_libexecdir}/certmonger/dogtag-ipa-ca-renew-agent-submit
|
||||
%{_libexecdir}/certmonger/ipa-server-guard
|
||||
%{_libexecdir}/ipa/custodia/ipa-custodia-dmldap
|
||||
@ -1136,6 +1149,7 @@ fi
|
||||
%{_mandir}/man1/ipa-winsync-migrate.1*
|
||||
%{_mandir}/man1/ipa-pkinit-manage.1*
|
||||
%{_mandir}/man1/ipa-crlgen-manage.1*
|
||||
%{_mandir}/man1/ipa-cert-fix.1*
|
||||
|
||||
|
||||
%files -n python3-ipaserver
|
||||
@ -1162,6 +1176,7 @@ fi
|
||||
%{_usr}/share/ipa/*.ldif
|
||||
%{_usr}/share/ipa/*.uldif
|
||||
%{_usr}/share/ipa/*.template
|
||||
%{_usr}/share/ipa/bind.ipa-ext.conf
|
||||
%dir %{_usr}/share/ipa/advise
|
||||
%dir %{_usr}/share/ipa/advise/legacy
|
||||
%{_usr}/share/ipa/advise/legacy/*.template
|
||||
@ -1208,6 +1223,7 @@ fi
|
||||
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/httpd/conf.d/ipa-pki-proxy.conf
|
||||
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/kdcproxy/ipa-kdc-proxy.conf
|
||||
%ghost %attr(0644,root,apache) %config(noreplace) %{_usr}/share/ipa/html/ca.crt
|
||||
%ghost %attr(0640,root,named) %config(noreplace) %{_sysconfdir}/named/ipa-ext.conf
|
||||
%ghost %attr(0644,root,apache) %{_usr}/share/ipa/html/krb.con
|
||||
%ghost %attr(0644,root,apache) %{_usr}/share/ipa/html/krb5.ini
|
||||
%ghost %attr(0644,root,apache) %{_usr}/share/ipa/html/krbrealm.con
|
||||
@ -1271,6 +1287,7 @@ fi
|
||||
%{_sbindir}/ipa-join
|
||||
%{_bindir}/ipa
|
||||
%config %{_sysconfdir}/bash_completion.d
|
||||
%config %{_sysconfdir}/sysconfig/certmonger
|
||||
%{_mandir}/man1/ipa.1*
|
||||
%{_mandir}/man1/ipa-getkeytab.1*
|
||||
%{_mandir}/man1/ipa-rmkeytab.1*
|
||||
@ -1279,6 +1296,11 @@ fi
|
||||
%{_mandir}/man1/ipa-certupdate.1*
|
||||
%{_mandir}/man1/ipa-join.1*
|
||||
|
||||
%files client-samba
|
||||
%doc README.md Contributors.txt
|
||||
%license COPYING
|
||||
%{_sbindir}/ipa-client-samba
|
||||
%{_mandir}/man1/ipa-client-samba.1*
|
||||
|
||||
%files -n python3-ipaclient
|
||||
%doc README.md Contributors.txt
|
||||
@ -1370,6 +1392,113 @@ fi
|
||||
|
||||
|
||||
%changelog
|
||||
* Mon Dec 14 2019 Thomas Woerner <twoerner@redhat.com> - 4.8.4-2
|
||||
- DNS install check: Fix overlapping DNS zone from the master itself
|
||||
Resolves: RHBZ#1784003
|
||||
|
||||
* Sat Dec 14 2019 Thomas Woerner <twoerner@redhat.com> - 4.8.4-1
|
||||
- Rebase to upstream release 4.8.4
|
||||
- Removed upstream patches 0001 to 0008 that are part of version 4.8.3-3
|
||||
Resolves: RHBZ#1782658
|
||||
Resolves: RHBZ#1782169
|
||||
Resolves: RHBZ#1783046
|
||||
Related: RHBZ#1748987
|
||||
|
||||
* Mon Dec 2 2019 Thomas Woerner <twoerner@redhat.com> - 4.8.3-3
|
||||
- Fix otptoken_sync plugin
|
||||
Resolves: RHBZ#1777811
|
||||
|
||||
* Mon Dec 2 2019 Thomas Woerner <twoerner@redhat.com> - 4.8.3-2
|
||||
- Use default crypto policy for TLS and enable TLS 1.3 support
|
||||
Resolves: RHBZ#1777809
|
||||
- Covscan fixes
|
||||
Resolves: RHBZ#1777920
|
||||
- Change pki_version to 10.8.0
|
||||
Related: RHBZ#1748987
|
||||
|
||||
* Thu Nov 28 2019 Alexander Bokovoy <abokovoy@redhat.com> - 4.8.3-1
|
||||
- Rebase to security release 4.8.3 (CVE-2019-14867, CVE-2019-10195)
|
||||
Resolves: RHBZ#1767304
|
||||
Resolves: RHBZ#1776939
|
||||
- Support KDC ticket policies for authentication indicators
|
||||
Resolves: RHBZ#1777564
|
||||
|
||||
* Tue Nov 26 2019 Alexander Bokovoy <abokovoy@redhat.com> - 4.8.2-4
|
||||
- CVE-2019-14867: Denial of service in IPA server due to wrong use of ber_scanf()
|
||||
Resolves: RHBZ#1767304
|
||||
- CVE-2019-10195: Don't log passwords embedded in commands in calls using batch
|
||||
Resolves: RHBZ#1776939
|
||||
|
||||
* Fri Nov 22 2019 Thomas Woerner <twoerner@redhat.com> - 4.8.2-3
|
||||
- Use default ssh host key algorithms
|
||||
Resolves: RHBZ#1756432
|
||||
- Do not run trust upgrade code if master lacks Samba bindings
|
||||
Resolves: RHBZ#1757064
|
||||
- Finish group membership management UI
|
||||
Resolves: RHBZ#1773528
|
||||
|
||||
* Mon Nov 18 2019 Thomas Woerner <twoerner@redhat.com> - 4.8.2-2
|
||||
- Update dependency for bind-dndb-ldap to 11.2-2
|
||||
Related: RHBZ#1762813
|
||||
|
||||
* Thu Nov 14 2019 Thomas Woerner <twoerner@redhat.com> - 4.8.2-1
|
||||
- Rebase to upstream release 4.8.2
|
||||
- Removed upstream patches 0001 to 0010 that are part of version 4.8.2
|
||||
- Updated branding patch
|
||||
Resolves: RHBZ#1748987
|
||||
|
||||
* Thu Aug 29 2019 Thomas Woerner <twoerner@redhat.com> - 4.8.0-10
|
||||
- Fix automount behavior with authselect
|
||||
Resolves: RHBZ#1740167
|
||||
|
||||
* Mon Aug 19 2019 Thomas Woerner <twoerner@redhat.com> - 4.8.0-9
|
||||
- extdom: unify error code handling especially LDAP_NO_SUCH_OBJECT
|
||||
Resolves: RHBZ#1741530
|
||||
|
||||
* Thu Aug 15 2019 Thomas Woerner <twoerner@redhat.com> - 4.8.0-8
|
||||
- FreeIPA 4.8.0 tarball lacks two update files that are in git
|
||||
Resolves: RHBZ#1741170
|
||||
|
||||
* Tue Aug 13 2019 Thomas Woerner <twoerner@redhat.com> - 4.8.0-7
|
||||
- Allow insecure binds for migration
|
||||
Resolves: RHBZ#1731963
|
||||
|
||||
* Fri Aug 2 2019 Thomas Woerner <twoerner@redhat.com> - 4.8.0-6
|
||||
- Fix --external-ca-profile not passed to CSR
|
||||
Resolves: RHBZ#1731813
|
||||
|
||||
* Tue Jul 30 2019 Thomas Woerner <twoerner@redhat.com> - 4.8.0-5
|
||||
- Remove posixAccount from service_find search filter
|
||||
Resolves: RHBZ#1731437
|
||||
- Fix repeated uninstallation of ipa-client-samba crashes
|
||||
Resolves: RHBZ#1732529
|
||||
- WebUI: Add PKINIT status field to 'Configuration' page
|
||||
Resolves: RHBZ#1518153
|
||||
|
||||
* Tue Jul 16 2019 Alexander Bokovoy <abokovoy@redhat.com> - 4.8.0-4
|
||||
- Fix krb5-kdb-server -> krb5-kdb-version
|
||||
Related: RHBZ#1700121
|
||||
|
||||
* Mon Jul 15 2019 Alexander Bokovoy <abokovoy@redhat.com> - 4.8.0-3
|
||||
- Make sure ipa-server depends on krb5-kdb-version to pick up
|
||||
right MIT Kerberos KDB ABI
|
||||
Related: RHBZ#1700121
|
||||
- User field separator uses '$$' within ipaSELInuxUserMapOrder
|
||||
Fixes: RHBZ#1729099
|
||||
|
||||
* Wed Jul 3 2019 Thomas Woerner <twoerner@redhat.com> - 4.8.0-2
|
||||
- Fixed kdcproxy_version to 0.4-3
|
||||
- Fixed krb5_version to 1.17-7
|
||||
Related: RHBZ#1684528
|
||||
|
||||
* Wed Jul 3 2019 Thomas Woerner <twoerner@redhat.com> - 4.8.0-1
|
||||
- New upstream release 4.8.0
|
||||
- New subpackage: freeipa-client-samba
|
||||
- Added command ipa-cert-fix with man page
|
||||
- New sysconfdir sysconfig/certmonger
|
||||
- Updated pki_version, certmonger_version, sssd_version and kdcproxy_version
|
||||
Related: RHBZ#1684528
|
||||
|
||||
* Tue May 21 2019 Alexander Bokovoy <abokovoy@redhat.com> - 4.7.90-3
|
||||
- Fix upgrade issue with AD trust when no trust yet established
|
||||
Fixes: RHBZ#1708874
|
||||
|
Loading…
Reference in New Issue
Block a user