3.3.3-3

Update to upstream 3.3.3, patch merged from F20. Fix -Werror=format-security errors (#1037070)
2013-12-03 12:07:11 +01:00 · 2013-12-03 12:07:11 +01:00 · e17b01f313
commit e17b01f313
parent 679f2cd646
6 changed files with 152 additions and 5374 deletions
--- a/.gitignore
+++ b/.gitignore
@ -26,3 +26,4 @@
 /freeipa-3.2.2.tar.gz
 /freeipa-3.3.0.tar.gz
 /freeipa-3.3.1.tar.gz
+/freeipa-3.3.3.tar.gz
--- a/0001-Guard-import-of-adtrustinstance-for-case-without-tru.patch
+++ b/0001-Guard-import-of-adtrustinstance-for-case-without-tru.patch
@ -0,0 +1,41 @@
+From ba5baea9cfd07559ca2f4f7a194999b982af2a24 Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <abokovoy@redhat.com>
+Date: Mon, 4 Nov 2013 17:15:23 +0200
+Subject: [PATCH] Guard import of adtrustinstance for case without trusts
+
+https://fedorahosted.org/freeipa/ticket/4011
+---
+ install/tools/ipa-server-install | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
+index b3dcf6d93a70e2910a3d7fa62139efbf640d1cbe..458ebba550d0fe7675bd874e23c7d730c53297e6 100755
+--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
+@@ -40,7 +40,12 @@ import pwd
+ import textwrap
+ from optparse import OptionGroup, OptionValueError
+ 
+-from ipaserver.install import adtrustinstance
+try:
+    from ipaserver.install import adtrustinstance
+    _server_trust_ad_installed = True
+except ImportError:
+    _server_trust_ad_installed = False
+
+ from ipaserver.install import dsinstance
+ from ipaserver.install import krbinstance
+ from ipaserver.install import bindinstance
+@@ -493,7 +498,8 @@ def uninstall():
+     httpinstance.HTTPInstance(fstore).uninstall()
+     krbinstance.KrbInstance(fstore).uninstall()
+     dsinstance.DsInstance(fstore=fstore).uninstall()
+-    adtrustinstance.ADTRUSTInstance(fstore).uninstall()
+    if _server_trust_ad_installed:
+        adtrustinstance.ADTRUSTInstance(fstore).uninstall()
+     memcacheinstance.MemcacheInstance().uninstall()
+     otpdinstance.OtpdInstance().uninstall()
+     ipaservices.restore_network_configuration(fstore, sstore)
+-- 
+1.8.3.1
+
--- a/0001-Update-translations.patch
+++ b/0001-Update-translations.patch
--- a/0002-Fix-Wformat-security-warnings.patch
+++ b/0002-Fix-Wformat-security-warnings.patch
@ -0,0 +1,84 @@
+From 8c03b1dbcdf75ba76b96ccfcc148afe0e134e2d3 Mon Sep 17 00:00:00 2001
+From: Krzysztof Klimonda <kklimonda@syntaxhighlighted.com>
+Date: Tue, 3 Sep 2013 00:12:26 +0300
+Subject: [PATCH] Fix -Wformat-security warnings
+
+---
+ daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c | 6 +++---
+ daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c   | 8 ++++----
+ 2 files changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c b/daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c
+index 9f884bd39233adf90b0f4eff1868885d587d351a..22c40f2bcfc527127b745e1efde5977b148c78a8 100644
+--- a/daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c
+++ b/daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c
+@@ -317,7 +317,7 @@ free_and_return:
+ 
+     if (krbLastPwdChange) slapi_ch_free_string(&krbLastPwdChange);
+ 
+-    LOG(errMesg ? errMesg : "success\n");
+    LOG("%s", errMesg ? errMesg : "success\n");
+     slapi_send_ldap_result(pb, rc, NULL, errMesg, 0, NULL);
+ 
+     free(principal);
+@@ -344,7 +344,7 @@ ipaenrollment_extop(Slapi_PBlock *pb)
+     if (slapi_pblock_get(pb, SLAPI_EXT_OP_REQ_OID, &oid ) != 0) {
+         errMesg = "Could not get OID and value from request.\n";
+         rc = LDAP_OPERATIONS_ERROR;
+-        LOG(errMesg);
+        LOG("%s", errMesg);
+         goto free_and_return;
+     }
+ 
+@@ -357,7 +357,7 @@ ipaenrollment_extop(Slapi_PBlock *pb)
+     rc = LDAP_OPERATIONS_ERROR;
+ 
+ free_and_return:
+-    LOG(errMesg);
+    LOG("%s", errMesg);
+     slapi_send_ldap_result(pb, rc, NULL, errMesg, 0, NULL);
+ 
+     return SLAPI_PLUGIN_EXTENDED_SENT_RESULT;
+diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
+index 1058c313d1f2a193eb7fae621bc9c5d103fb6d5f..c3e0ebd9d90f393be031b26fadcedd00f6091a8d 100644
+--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
+@@ -573,7 +573,7 @@ free_and_return:
+ 	if (targetEntry) slapi_entry_free(targetEntry);
+ 	if (ber) ber_free(ber, 1);
+ 
+-	LOG(errMesg ? errMesg : "success");
+	LOG("%s", errMesg ? errMesg : "success");
+ 	slapi_send_ldap_result(pb, rc, NULL, errMesg, 0, NULL);
+ 
+ 	return SLAPI_PLUGIN_EXTENDED_SENT_RESULT;
+@@ -1143,7 +1143,7 @@ free_and_return:
+ 
+         if (rc == LDAP_SUCCESS)
+             errMesg = NULL;
+-	LOG(errMesg ? errMesg : "success");
+	LOG("%s", errMesg ? errMesg : "success");
+ 	slapi_send_ldap_result(pb, rc, NULL, errMesg, 0, NULL);
+ 
+ 	return SLAPI_PLUGIN_EXTENDED_SENT_RESULT;
+@@ -1170,7 +1170,7 @@ static int ipapwd_extop(Slapi_PBlock *pb)
+ 	if (slapi_pblock_get(pb, SLAPI_EXT_OP_REQ_OID, &oid) != 0) {
+ 		errMesg = "Could not get OID value from request.\n";
+ 		rc = LDAP_OPERATIONS_ERROR;
+-		LOG(errMesg);
+		LOG("%s", errMesg);
+ 		goto free_and_return;
+ 	} else {
+ 	        LOG("Received extended operation request with OID %s\n", oid);
+@@ -1193,7 +1193,7 @@ static int ipapwd_extop(Slapi_PBlock *pb)
+ free_and_return:
+ 	if (krbcfg) free_ipapwd_krbcfg(&krbcfg);
+ 
+-	LOG(errMesg);
+	LOG("%s", errMesg);
+ 	slapi_send_ldap_result(pb, rc, NULL, errMesg, 0, NULL);
+ 
+ 	return SLAPI_PLUGIN_EXTENDED_SENT_RESULT;
+-- 
+1.8.3.1
+
--- a/freeipa.spec
+++ b/freeipa.spec
@ -4,11 +4,11 @@
 %global plugin_dir %{_libdir}/dirsrv/plugins
 %global POLICYCOREUTILSVER 2.1.14-37
 %global gettext_domain ipa
-%global VERSION 3.3.1
+%global VERSION 3.3.3

 Name:           freeipa
-Version:        3.3.1
-Release:        2%{?dist}
+Version:        3.3.3
+Release:        3%{?dist}
 Summary:        The Identity, Policy and Audit system

 Group:          System Environment/Base
@ -17,7 +17,8 @@ URL:            http://www.freeipa.org/
 Source0:        http://www.freeipa.org/downloads/src/freeipa-%{VERSION}.tar.gz
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

-Patch1:         0001-Update-translations.patch
+Patch0001:      0001-Guard-import-of-adtrustinstance-for-case-without-tru.patch
+Patch0002:      0002-Fix-Wformat-security-warnings.patch

 %if ! %{ONLY_CLIENT}
 BuildRequires:  389-ds-base-devel >= 1.3.1.3
@ -124,7 +125,7 @@ Requires: mod_auth_kerb >= 5.4-16
 %else
 Requires: mod_auth_kerb >= 5.4-8
 %endif
-Requires: mod_nss
+Requires: mod_nss >= 1.0.8-24
 Requires: python-ldap
 Requires: python-krbV
 Requires: acl
@ -169,10 +170,6 @@ Conflicts: bind < 9.8.2-0.4.rc2
 # member.
 Conflicts: nss-pam-ldapd < 0.8.4

-# mod_proxy provides a single API to communicate over SSL. If mod_ssl
-# is even loaded into Apache then it grabs this interface.
-Conflicts: mod_ssl
-
 Obsoletes: ipa-server >= 1.0

 %description server
@ -225,9 +222,9 @@ Requires(post): %{name}-server = %{version}-%{release}
 Requires(postun): %{name}-server = %{version}-%{release}

 # Specific requires
-Requires(pre): 389-ds-base = 1.3.1.3
+Requires(pre): 389-ds-base = 1.3.1.11
 Requires: krb5-server = 1.11.3
-Requires: pki-ca = 10.0.4
+Requires: pki-ca = 10.0.5

 %description server-strict
 IPA is an integrated solution to provide centrally managed Identity (machine,
@ -255,7 +252,7 @@ Requires: pam_krb5
 Requires: wget
 Requires: libcurl >= 7.21.7-2
 Requires: xmlrpc-c >= 1.27.4
-Requires: sssd >= 1.11.0-0.1.beta2
+Requires: sssd >= 1.11.1
 Requires: certmonger >= 0.65
 Requires: nss-tools
 Requires: bind-utils
@ -471,8 +468,8 @@ install -m 644 init/ipa_memcached.conf %{buildroot}%{_sysconfdir}/sysconfig/ipa_
 mkdir -p %{buildroot}%{_usr}/share/ipa/ui/js/plugins

 # NOTE: systemd specific section
-mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d/
-install -m 0644 init/systemd/ipa.conf.tmpfiles %{buildroot}%{_sysconfdir}/tmpfiles.d/ipa.conf
+mkdir -p %{buildroot}%{_prefix}/lib/tmpfiles.d
+install -m 0644 init/systemd/ipa.conf.tmpfiles %{buildroot}%{_prefix}/lib/tmpfiles.d/%{name}.conf
 # END

 mkdir -p %{buildroot}%{_localstatedir}/run/
@ -659,7 +656,7 @@ fi
 %dir %attr(0700,apache,apache) %{_localstatedir}/run/ipa_memcached/
 %dir %attr(0700,root,root) %{_localstatedir}/run/ipa/
 # NOTE: systemd specific section
-%config(noreplace) %{_sysconfdir}/tmpfiles.d/ipa.conf
+%{_prefix}/lib/tmpfiles.d/%{name}.conf
 %attr(644,root,root) %{_unitdir}/ipa.service
 %attr(644,root,root) %{_unitdir}/ipa_memcached.service
 %attr(644,root,root) %{_unitdir}/ipa-otpd.socket
@ -892,6 +889,19 @@ fi
 %endif # ONLY_CLIENT

 %changelog
+* Tue Dec 3 2013 Martin Kosek <mkosek@redhat.com> - 3.3.3-3
+- Fix -Werror=format-security errors (#1037070)
+
+* Mon Nov 4 2013 Martin Kosek <mkosek@redhat.com> - 3.3.3-2
+- ipa-server-install crashed when freeipa-server-trust-ad subpackage was not
+  installed
+
+* Fri Nov 1 2013 Martin Kosek <mkosek@redhat.com> - 3.3.3-1
+- Update to upstream 3.3.3
+
+* Fri Oct 4 2013 Martin Kosek <mkosek@redhat.com> - 3.3.2-1
+- Update to upstream 3.3.2
+
 * Thu Aug 29 2013 Petr Viktorin <pviktori@redhat.com> - 3.3.1-1
 - Bring back Fedora-only changes

--- a/2
+++ b/2
@ -1 +1 @@
-ed8e51c47adbbfcc7013396ceb55f99a  freeipa-3.3.1.tar.gz
+ba4546b837c5129524e2d1020986400f  freeipa-3.3.3.tar.gz