Commit Graph

65 Commits

Author SHA1 Message Date
Martin Kosek
3242eeabec 3.3.3-5
- Build crashed with rhino exception on s390 architectures (#1040576)
2014-01-03 13:44:59 +01:00
Martin Kosek
84f4ed20a9 Fix typo in patch specification part 2013-12-13 15:52:59 +01:00
Martin Kosek
2071255d02 3.3.3-4
- Build crashed rhino exception on some architectures (#1040576)
2013-12-13 15:48:01 +01:00
Martin Kosek
e17b01f313 3.3.3-3
Update to upstream 3.3.3, patch merged from F20.

Fix -Werror=format-security errors (#1037070)
2013-12-03 12:10:14 +01:00
Petr Viktorin
679f2cd646 Update release number 2013-09-26 13:12:08 +02:00
Petr Viktorin
404a6dfdfc Update translations from transifex 2013-09-26 12:12:13 +02:00
Petr Viktorin
54300af2fb Restore forgotten setup line 2013-08-30 12:39:29 +02:00
Petr Viktorin
1aec1ac2f5 Bring back Fedora-only changes 2013-08-29 17:41:58 +02:00
Petr Viktorin
3ee1e7d905 Update to upstream 3.3.1 2013-08-29 17:09:48 +02:00
Alexander Bokovoy
2e523789e0 upgrade: do not run sysv to systemd upgrade anymore 2013-08-14 14:29:52 +03:00
Martin Kosek
8a7e6ad5ed Update to upstream 3.3.0 2013-08-08 15:30:10 +02:00
Dennis Gilmore
7fbdddd791 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild 2013-08-03 06:53:55 -05:00
Martin Kosek
9f9581104f Update to upstream 3.2.2
- Drop freeipa-server-selinux subpackage
- Drop redundant directory /var/cache/ipa/sessions
- Do not create /var/lib/ipa/pki-ca/publish, retain reference as ghost
- Run ipa-upgradeconfig and server restart in posttrans to avoid inconsistency
  issues when there are still old parts of software (like entitlements plugin)
2013-07-18 15:09:09 +02:00
Rob Crittenden
12216fc83f Add OTP patches and patch to fix 389-ds ccache
The OTP patches add basic support for TOTP and Radius.

The 389-ds patch sets KRB5CCNAME in /etc/sysconfig/dirsrv so it can
get a usable ccache.
2013-05-14 16:28:58 -04:00
Rob Crittenden
5e12d2ddce Update to upstream 3.2.0 GA
- ipa-client-install fails if /etc/ipa does not exist (#961483)
- Certificate status is not visible in Service and Host page (#956718)
- ipa-client-install removes needed options from ldap.conf (#953991)
- Handle socket.gethostbyaddr() exceptions when verifying hostnames
  (#953957)
- Add triggerin scriptlet to support OpenSSH 6.2 (#953617)
- Require nss 3.14.3-12.0 to address certutil certificate import
  errors (#953485)
- Require pki-ca 10.0.2-3 to pull in fix for sslget and mixed IPv4/6
  environments. (#953464)
- ipa-client-install removes 'sss' from /etc/nsswitch.conf (#953453)
- ipa-server-install --uninstall doesn't stop dirsrv instances
  (#953432)
-   Add requires for openldap-2.4.35-4 to pickup fixed SASL_NOCANON
  behavior for socket based connections (#960222)
- Require libsss_nss_idmap-python
- Add Conflicts on nss-pam-ldapd < 0.8.4. The mapping from uniqueMember
  to member is now done automatically and having it in the config file
  raises an error.
- Add backup and restore tools, directory.
- require at least systemd 38 which provides the journal (we no longer
  need to require syslog.target)
- Update Requires on policycoreutils to 2.1.14-37
- Update Requires on selinux-policy to 3.12.1-42
- Update Requires on 389-ds-base to 1.3.1.0
2013-05-10 12:33:54 -04:00
Martin Kosek
45d13fba45 Update to upstream 3.2.0 Prerelease 1
Spec file was also merged with up-to-date upstream reference spec
file to keep them consistent.
2013-04-02 18:47:49 +02:00
Kevin Fenzi
c7811c4ad8 Rebuild for broken deps
- Fix 389-ds-base strict dep to be 1.3.0.5 and krb5-server 1.11.1
2013-03-30 11:49:49 -06:00
Kevin Fenzi
e432b0144a Rebuild for broken deps in rawhide
- Fix 389-ds-base strict dep to be 1.3.0.3
2013-02-23 12:57:28 -07:00
Dennis Gilmore
e3032bd32c - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild 2013-02-13 15:59:20 -06:00
Rob Crittenden
586582a2c2 Correct VERSION in the spec file 2013-01-23 17:28:20 -05:00
Rob Crittenden
ab5b2748dc Updated strict dependencies to 389-ds-base = 1.3.0.2 and pki-ca = 10.0.1 2013-01-23 17:16:53 -05:00
Rob Crittenden
3d64806b7a Update to upstream 3.1.2
- CVE-2012-4546: Incorrect CRLs publishing
- CVE-2012-5484: MITM Attack during Join process
- CVE-2013-0199: Cross-Realm Trust key leak
2013-01-23 17:13:20 -05:00
Martin Kosek
c6c1e1d976 Backport additional spec fixes from upstream
- Remove redundat Requires versions that are already in Fedora 17
- Replace python-crypto Requires with m2crypto
- Add missing Requires(post) for client and server-trust-ad subpackages
- Restart httpd service when server-trust-ad subpackage is installed
- Bump selinux-policy Requires to pick up PKI/LDAP port labeling fixes
2012-12-20 10:33:39 +01:00
Rob Crittenden
5e038ec750 Updated to upstream 3.1.0 GA
- Set minimum for sssd to 1.9.2
- Set minimum for pki-ca to 10.0.0-1
- Set minimum for 389-ds-base to 1.3.0
- Set minimum for selinux-policy to 3.11.1-60
- Remove unneeded dogtag package requires
2012-12-10 15:52:46 -05:00
Martin Kosek
0348a328fd Update Requires on krb5-server to 1.11 2012-11-23 14:49:15 +01:00
Rob Crittenden
e93bd136ff Configure CA replication to use TLS instead of SSL 2012-10-12 14:48:18 -04:00
Rob Crittenden
4de47b3304 Updated to upstream 3.0.0 GA
- Set minimum for samba to 4.0.0-153.
- Make sure server-trust-ad subpackage alternates winbind_krb5_locator.so
  plugin to /dev/null since they cannot be used when trusts are configured
- Restrict krb5-server to 1.10.
- Update minimum for 389-ds-base to 1.3.0
- Add directory /var/lib/ipa/pki-ca/publish for CRL published by pki-ca
- Add Requires on zip for generating FF browser extension
2012-10-12 12:02:17 -04:00
Rob Crittenden
8a8da0b567 - Updated to upstream 3.0.0 rc 2
- Include new FF configuration extension
2012-10-09 16:22:06 -04:00
Martin Kosek
53622bb0da Require samba packages instead of obsoleted samba4 packages 2012-10-02 08:36:19 +02:00
Rob Crittenden
23bbd3f9b4 Updated to upstream 3.0.0 rc 1
- Update BR for 389-ds-base to 1.2.11.14
- Update BR for krb5 to 1.10
- Update BR for samba4-devel to 4.0.0-139 (rc1)
- Add BR for python-polib
- Update Requires on policycoreutils to 2.1.12-5
- Update Requires on 389-ds-base to 1.2.11.14
- Update Requires on selinux-policy to 3.11.1-21
- Update Requires on dogtag to 10.0.0-0.33.a1
- Update Requires on certmonger to 0.60
- Update Requires on tomcat to 7.0.29
- Update minimum version of bind to 9.9.1-10.P3
- Update minimum version of bind-dyndb-ldap to 1.1.0-0.16.rc1
- Remove Requires on authconfig from python sub-package
2012-09-21 16:34:00 -04:00
Rob Crittenden
2d22c7100c Rebuild against samba4 beta8 2012-09-05 09:12:31 -04:00
Rob Crittenden
7caae3a676 Rebuild against samba4 beta7 2012-08-31 15:09:05 -04:00
Alexander Bokovoy
5c0f47e71d Adopt to samba4 beta6 and add samba4-winbind dependency to freeipa-server-trust-ad 2012-08-22 18:31:36 +03:00
Rob Crittenden
3c1392be1b Update to upstream 3.0.0 beta 2 2012-08-17 11:31:03 -04:00
Martin Kosek
3c91c125af Add missing 3.0.0 beta 2 development patches 2012-08-06 18:17:49 +02:00
Martin Kosek
23157c3804 Update to current upstream state of 3.0.0 beta 2 development 2012-08-06 17:16:15 +02:00
Alexander Bokovoy
10af3ccf36 Rebuild against samba4 beta4 2012-07-23 17:23:54 +03:00
Rob Crittenden
a0ca5be798 Update to upstream 3.0.0 beta 1 2012-07-02 15:55:25 -04:00
Rob Crittenden
b191f14e04 - Updated to upstream 2.2.0 GA
- Update minimum n-v-r of certmonger to 0.53
- Update minimum n-v-r of slapi-nis to 0.40
- Add Requires in client to oddjob-mkhomedir and python-krbV
- Update minimum selinux-policy to 3.10.0-110
2012-05-03 14:40:11 -04:00
Rob Crittenden
18a9ea07cd Update to 2.2.0 beta1, fix shell escaping to work with dogtag 9.0.18.
- Update to upstream 2.2.0 beta 1 (2.1.90.rc1)
- Set minimum n-v-r for pki-ca and pki-silent to 9.0.18.
- Add Conflicts on mod_ssl
- Update minimum n-v-r of 389-ds-base to 1.2.10.4
- Update minimum n-v-r of sssd to 1.8.0
- Update minimum n-v-r of slapi-nis to 0.38
- Update minimum n-v-r of pki-* to 9.0.18
- Update conflicts on bind-dyndb-ldap to < 1.1.0-0.9.b1
- Update conflicts on bind to < 9.9.0-1
- Drop requires on krb5-server-ldap
- Add patch to remove escaping arguments to pkisilent
2012-05-03 14:40:05 -04:00
Rob Crittenden
c3929a4ff3 Update to upstream 2.2.0 alpha 1 (2.1.90.pre1)
Remove unused patches, update tarball, sync spec to upstream spec

ipa_kpasswd has been dropped upstream
2012-02-06 14:51:43 -05:00
Alexander Bokovoy
fd3bdcaf1e - Force to use 389-ds 1.2.10-0.8.a7 or above
- Improve upgrade script to handle systemd 389-ds change
  - fixes FreeIPA tickets 2117 and 2300
- Fix freeipa to work with python-ldap 2.4.6
2012-02-01 21:25:07 +02:00
Martin Kosek
3d6f0d2911 Fix FreeIPA installation problems
This release fixes:
- ipa-replica-install crashes due to invalid Python calls
- ipa-server-install and ipa-dns-install may fail to produce log
- ipa-server-install crash due to sslget problem (#771357)
2012-01-11 11:34:54 +01:00
Alexander Bokovoy
0c5ab6443d Fix 769440
Rebuild SLAPI plugins against thread-safe ldap library as requirement of new 389-ds build
2011-12-21 14:49:37 +02:00
Alexander Bokovoy
e32f1a7067 Allow ipa-ldap-updater to wait for dirsrv service on systemd setups 2011-12-11 19:38:03 +02:00
Rob Crittenden
9cc2d9f70c Update to upstream 2.1.4 (CVE-2011-3636) 2011-12-06 12:09:19 -05:00
Rob Crittenden
44560406dd Update SELinux policy to allow ipa_kpasswd to connect ldap and
read /dev/urandom. (#759679)
2011-12-05 13:11:22 -05:00
Alexander Bokovoy
31a2cbeaa0 Update release 2011-11-30 15:36:42 +02:00
Alexander Bokovoy
ce4a13930d Fix wrong path in packaging freeipa-systemd-upgrade 2011-11-30 15:35:30 +02:00
Alexander Bokovoy
e95356d723 Introduce systemd upgrade script
As user has no means to recover existing FreeIPA install after
upgrading from SysV to systemd, introduce upgrade script.

The upgrade script does following:
    - restores symlinks in FreeIPA's Dogtag installation
    - converts FreeIPA directory server instances to systemd
    - converts FreeIPA directory server configuration to be compatible
      with systemd services
    - converts FreeIPA KDC configuration to be compatible
      with systemd services
    - re-enables FreeIPA

Script does nothing if FreeIPA is already active systemd service
2011-11-30 15:14:40 +02:00