3.3.3-3

Update to upstream 3.3.3, patch merged from F20. Fix -Werror=format-security errors (#1037070)
2013-12-03 12:07:11 +01:00 · 2013-12-03 12:07:11 +01:00 · e17b01f313
commit e17b01f313
parent 679f2cd646
6 changed files with 152 additions and 5374 deletions
--- a/.gitignore
+++ b/.gitignore
@ -26,3 +26,4 @@
 /freeipa-3.2.2.tar.gz
 /freeipa-3.3.0.tar.gz
 /freeipa-3.3.1.tar.gz
 /freeipa-3.3.3.tar.gz
--- a/0001-Guard-import-of-adtrustinstance-for-case-without-tru.patch
+++ b/0001-Guard-import-of-adtrustinstance-for-case-without-tru.patch
@ -0,0 +1,41 @@
 From ba5baea9cfd07559ca2f4f7a194999b982af2a24 Mon Sep 17 00:00:00 2001
 From: Alexander Bokovoy <abokovoy@redhat.com>
 Date: Mon, 4 Nov 2013 17:15:23 +0200
 Subject: [PATCH] Guard import of adtrustinstance for case without trusts
 https://fedorahosted.org/freeipa/ticket/4011
 ---
 install/tools/ipa-server-install | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)
 diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
 index b3dcf6d93a70e2910a3d7fa62139efbf640d1cbe..458ebba550d0fe7675bd874e23c7d730c53297e6 100755
 --- a/install/tools/ipa-server-install
 +++ b/install/tools/ipa-server-install
@@ -40,7 +40,12 @@ import pwd
 import textwrap
 from optparse import OptionGroup, OptionValueError
 -from ipaserver.install import adtrustinstance
 +try:
 +    from ipaserver.install import adtrustinstance
 +    _server_trust_ad_installed = True
 +except ImportError:
 +    _server_trust_ad_installed = False
 +
 from ipaserver.install import dsinstance
 from ipaserver.install import krbinstance
 from ipaserver.install import bindinstance
@@ -493,7 +498,8 @@ def uninstall():
     httpinstance.HTTPInstance(fstore).uninstall()
     krbinstance.KrbInstance(fstore).uninstall()
     dsinstance.DsInstance(fstore=fstore).uninstall()
 -    adtrustinstance.ADTRUSTInstance(fstore).uninstall()
 +    if _server_trust_ad_installed:
 +        adtrustinstance.ADTRUSTInstance(fstore).uninstall()
     memcacheinstance.MemcacheInstance().uninstall()
     otpdinstance.OtpdInstance().uninstall()
     ipaservices.restore_network_configuration(fstore, sstore)
 -- 
 1.8.3.1
--- a/0001-Update-translations.patch
+++ b/0001-Update-translations.patch
--- a/0002-Fix-Wformat-security-warnings.patch
+++ b/0002-Fix-Wformat-security-warnings.patch
@ -0,0 +1,84 @@
 From 8c03b1dbcdf75ba76b96ccfcc148afe0e134e2d3 Mon Sep 17 00:00:00 2001
 From: Krzysztof Klimonda <kklimonda@syntaxhighlighted.com>
 Date: Tue, 3 Sep 2013 00:12:26 +0300
 Subject: [PATCH] Fix -Wformat-security warnings
 ---
 daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c | 6 +++---
 daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c   | 8 ++++----
 2 files changed, 7 insertions(+), 7 deletions(-)
 diff --git a/daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c b/daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c
 index 9f884bd39233adf90b0f4eff1868885d587d351a..22c40f2bcfc527127b745e1efde5977b148c78a8 100644
 --- a/daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c
 +++ b/daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c
@@ -317,7 +317,7 @@ free_and_return:
     if (krbLastPwdChange) slapi_ch_free_string(&krbLastPwdChange);
 -    LOG(errMesg ? errMesg : "success\n");
 +    LOG("%s", errMesg ? errMesg : "success\n");
     slapi_send_ldap_result(pb, rc, NULL, errMesg, 0, NULL);
     free(principal);
@@ -344,7 +344,7 @@ ipaenrollment_extop(Slapi_PBlock *pb)
     if (slapi_pblock_get(pb, SLAPI_EXT_OP_REQ_OID, &oid ) != 0) {
         errMesg = "Could not get OID and value from request.\n";
         rc = LDAP_OPERATIONS_ERROR;
 -        LOG(errMesg);
 +        LOG("%s", errMesg);
         goto free_and_return;
     }
@@ -357,7 +357,7 @@ ipaenrollment_extop(Slapi_PBlock *pb)
     rc = LDAP_OPERATIONS_ERROR;
 free_and_return:
 -    LOG(errMesg);
 +    LOG("%s", errMesg);
     slapi_send_ldap_result(pb, rc, NULL, errMesg, 0, NULL);
     return SLAPI_PLUGIN_EXTENDED_SENT_RESULT;
 diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
 index 1058c313d1f2a193eb7fae621bc9c5d103fb6d5f..c3e0ebd9d90f393be031b26fadcedd00f6091a8d 100644
 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
 +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
@@ -573,7 +573,7 @@ free_and_return:
 	if (targetEntry) slapi_entry_free(targetEntry);
 	if (ber) ber_free(ber, 1);
 -	LOG(errMesg ? errMesg : "success");
 +	LOG("%s", errMesg ? errMesg : "success");
 	slapi_send_ldap_result(pb, rc, NULL, errMesg, 0, NULL);
 	return SLAPI_PLUGIN_EXTENDED_SENT_RESULT;
@@ -1143,7 +1143,7 @@ free_and_return:
         if (rc == LDAP_SUCCESS)
             errMesg = NULL;
 -	LOG(errMesg ? errMesg : "success");
 +	LOG("%s", errMesg ? errMesg : "success");
 	slapi_send_ldap_result(pb, rc, NULL, errMesg, 0, NULL);
 	return SLAPI_PLUGIN_EXTENDED_SENT_RESULT;
@@ -1170,7 +1170,7 @@ static int ipapwd_extop(Slapi_PBlock *pb)
 	if (slapi_pblock_get(pb, SLAPI_EXT_OP_REQ_OID, &oid) != 0) {
 		errMesg = "Could not get OID value from request.\n";
 		rc = LDAP_OPERATIONS_ERROR;
 -		LOG(errMesg);
 +		LOG("%s", errMesg);
 		goto free_and_return;
 	} else {
 	        LOG("Received extended operation request with OID %s\n", oid);
@@ -1193,7 +1193,7 @@ static int ipapwd_extop(Slapi_PBlock *pb)
 free_and_return:
 	if (krbcfg) free_ipapwd_krbcfg(&krbcfg);
 -	LOG(errMesg);
 +	LOG("%s", errMesg);
 	slapi_send_ldap_result(pb, rc, NULL, errMesg, 0, NULL);
 	return SLAPI_PLUGIN_EXTENDED_SENT_RESULT;
 -- 
 1.8.3.1
--- a/freeipa.spec
+++ b/freeipa.spec
@ -4,11 +4,11 @@
 %global plugin_dir %{_libdir}/dirsrv/plugins
 %global POLICYCOREUTILSVER 2.1.14-37
 %global gettext_domain ipa
-%global VERSION 3.3.1
+%global VERSION 3.3.3
 Name:           freeipa
-Version:        3.3.1
+Version:        3.3.3
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        The Identity, Policy and Audit system
 Group:          System Environment/Base
@ -17,7 +17,8 @@ URL:            http://www.freeipa.org/
 Source0:        http://www.freeipa.org/downloads/src/freeipa-%{VERSION}.tar.gz
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-Patch1:         0001-Update-translations.patch
+Patch0001:      0001-Guard-import-of-adtrustinstance-for-case-without-tru.patch
 Patch0002:      0002-Fix-Wformat-security-warnings.patch
 %if ! %{ONLY_CLIENT}
 BuildRequires:  389-ds-base-devel >= 1.3.1.3
@ -124,7 +125,7 @@ Requires: mod_auth_kerb >= 5.4-16
 %else
 Requires: mod_auth_kerb >= 5.4-8
 %endif
-Requires: mod_nss
+Requires: mod_nss >= 1.0.8-24
 Requires: python-ldap
 Requires: python-krbV
 Requires: acl
@ -169,10 +170,6 @@ Conflicts: bind < 9.8.2-0.4.rc2
 # member.
 Conflicts: nss-pam-ldapd < 0.8.4
 # mod_proxy provides a single API to communicate over SSL. If mod_ssl
 # is even loaded into Apache then it grabs this interface.
 Conflicts: mod_ssl
 Obsoletes: ipa-server >= 1.0
 %description server
@ -225,9 +222,9 @@ Requires(post): %{name}-server = %{version}-%{release}
 Requires(postun): %{name}-server = %{version}-%{release}
 # Specific requires
-Requires(pre): 389-ds-base = 1.3.1.3
+Requires(pre): 389-ds-base = 1.3.1.11
 Requires: krb5-server = 1.11.3
-Requires: pki-ca = 10.0.4
+Requires: pki-ca = 10.0.5
 %description server-strict
 IPA is an integrated solution to provide centrally managed Identity (machine,
@ -255,7 +252,7 @@ Requires: pam_krb5
 Requires: wget
 Requires: libcurl >= 7.21.7-2
 Requires: xmlrpc-c >= 1.27.4
-Requires: sssd >= 1.11.0-0.1.beta2
+Requires: sssd >= 1.11.1
 Requires: certmonger >= 0.65
 Requires: nss-tools
 Requires: bind-utils
@ -471,8 +468,8 @@ install -m 644 init/ipa_memcached.conf %{buildroot}%{_sysconfdir}/sysconfig/ipa_
 mkdir -p %{buildroot}%{_usr}/share/ipa/ui/js/plugins
 # NOTE: systemd specific section
-mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d/
+mkdir -p %{buildroot}%{_prefix}/lib/tmpfiles.d
-install -m 0644 init/systemd/ipa.conf.tmpfiles %{buildroot}%{_sysconfdir}/tmpfiles.d/ipa.conf
+install -m 0644 init/systemd/ipa.conf.tmpfiles %{buildroot}%{_prefix}/lib/tmpfiles.d/%{name}.conf
 # END
 mkdir -p %{buildroot}%{_localstatedir}/run/
@ -659,7 +656,7 @@ fi
 %dir %attr(0700,apache,apache) %{_localstatedir}/run/ipa_memcached/
 %dir %attr(0700,root,root) %{_localstatedir}/run/ipa/
 # NOTE: systemd specific section
-%config(noreplace) %{_sysconfdir}/tmpfiles.d/ipa.conf
+%{_prefix}/lib/tmpfiles.d/%{name}.conf
 %attr(644,root,root) %{_unitdir}/ipa.service
 %attr(644,root,root) %{_unitdir}/ipa_memcached.service
 %attr(644,root,root) %{_unitdir}/ipa-otpd.socket
@ -892,6 +889,19 @@ fi
 %endif # ONLY_CLIENT
 %changelog
 * Tue Dec 3 2013 Martin Kosek <mkosek@redhat.com> - 3.3.3-3
 - Fix -Werror=format-security errors (#1037070)
 * Mon Nov 4 2013 Martin Kosek <mkosek@redhat.com> - 3.3.3-2
 - ipa-server-install crashed when freeipa-server-trust-ad subpackage was not
  installed
 * Fri Nov 1 2013 Martin Kosek <mkosek@redhat.com> - 3.3.3-1
 - Update to upstream 3.3.3
 * Fri Oct 4 2013 Martin Kosek <mkosek@redhat.com> - 3.3.2-1
 - Update to upstream 3.3.2
 * Thu Aug 29 2013 Petr Viktorin <pviktori@redhat.com> - 3.3.1-1
 - Bring back Fedora-only changes
--- a/2
+++ b/2
@ -1 +1 @@
-ed8e51c47adbbfcc7013396ceb55f99a  freeipa-3.3.1.tar.gz
+ba4546b837c5129524e2d1020986400f  freeipa-3.3.3.tar.gz
`@ -1 +1 @@`
	`ed8e51c47adbbfcc7013396ceb55f99a freeipa-3.3.1.tar.gz`	`ba4546b837c5129524e2d1020986400f freeipa-3.3.3.tar.gz`