Commit Graph

370 Commits

Author SHA1 Message Date
Peter Robinson
a14925ccb8 Add rhino as dependency to fix FTBFS 2014-04-16 15:15:57 +01:00
Martin Kosek
78bfe5614a Update to upstream 3.3.5 2014-03-28 13:34:35 +01:00
Martin Kosek
9ea7eb2ddf 3.3.4-3
- Move ipa-otpd socket directory to /var/run/krb5kdc
- Require krb5-server 1.11.5-3 supporting the new directory
- ipa_lockout plugin did not work with users's without krbPwdPolicyReference
2014-02-11 18:06:25 +01:00
Martin Kosek
5b79ddb067 3.3.4-2
- Fix hardened build
2014-01-29 08:54:27 +01:00
Martin Kosek
9d21232151 3.3.4-1
- Update to upstream 3.3.4
- Install CA anchor into standard location (#928478)
- ipa-client-install part of ipa-server-install fails on reinstall (#1044994)
- Remove mod_ssl workaround (RHEL bug #1029046)
- Enable syncrepl plugin to support bind-dyndb-ldap 4.0
2014-01-28 13:37:46 +01:00
Martin Kosek
3242eeabec 3.3.3-5
- Build crashed with rhino exception on s390 architectures (#1040576)
2014-01-03 13:44:59 +01:00
Martin Kosek
84f4ed20a9 Fix typo in patch specification part 2013-12-13 15:52:59 +01:00
Martin Kosek
2071255d02 3.3.3-4
- Build crashed rhino exception on some architectures (#1040576)
2013-12-13 15:48:01 +01:00
Martin Kosek
e17b01f313 3.3.3-3
Update to upstream 3.3.3, patch merged from F20.

Fix -Werror=format-security errors (#1037070)
2013-12-03 12:10:14 +01:00
Petr Viktorin
679f2cd646 Update release number 2013-09-26 13:12:08 +02:00
Petr Viktorin
404a6dfdfc Update translations from transifex 2013-09-26 12:12:13 +02:00
Petr Viktorin
54300af2fb Restore forgotten setup line 2013-08-30 12:39:29 +02:00
Petr Viktorin
1aec1ac2f5 Bring back Fedora-only changes 2013-08-29 17:41:58 +02:00
Petr Viktorin
3ee1e7d905 Update to upstream 3.3.1 2013-08-29 17:09:48 +02:00
Alexander Bokovoy
2e523789e0 upgrade: do not run sysv to systemd upgrade anymore 2013-08-14 14:29:52 +03:00
Martin Kosek
8a7e6ad5ed Update to upstream 3.3.0 2013-08-08 15:30:10 +02:00
Dennis Gilmore
7fbdddd791 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild 2013-08-03 06:53:55 -05:00
Martin Kosek
9f9581104f Update to upstream 3.2.2
- Drop freeipa-server-selinux subpackage
- Drop redundant directory /var/cache/ipa/sessions
- Do not create /var/lib/ipa/pki-ca/publish, retain reference as ghost
- Run ipa-upgradeconfig and server restart in posttrans to avoid inconsistency
  issues when there are still old parts of software (like entitlements plugin)
2013-07-18 15:09:09 +02:00
Rob Crittenden
12216fc83f Add OTP patches and patch to fix 389-ds ccache
The OTP patches add basic support for TOTP and Radius.

The 389-ds patch sets KRB5CCNAME in /etc/sysconfig/dirsrv so it can
get a usable ccache.
2013-05-14 16:28:58 -04:00
Rob Crittenden
5e12d2ddce Update to upstream 3.2.0 GA
- ipa-client-install fails if /etc/ipa does not exist (#961483)
- Certificate status is not visible in Service and Host page (#956718)
- ipa-client-install removes needed options from ldap.conf (#953991)
- Handle socket.gethostbyaddr() exceptions when verifying hostnames
  (#953957)
- Add triggerin scriptlet to support OpenSSH 6.2 (#953617)
- Require nss 3.14.3-12.0 to address certutil certificate import
  errors (#953485)
- Require pki-ca 10.0.2-3 to pull in fix for sslget and mixed IPv4/6
  environments. (#953464)
- ipa-client-install removes 'sss' from /etc/nsswitch.conf (#953453)
- ipa-server-install --uninstall doesn't stop dirsrv instances
  (#953432)
-   Add requires for openldap-2.4.35-4 to pickup fixed SASL_NOCANON
  behavior for socket based connections (#960222)
- Require libsss_nss_idmap-python
- Add Conflicts on nss-pam-ldapd < 0.8.4. The mapping from uniqueMember
  to member is now done automatically and having it in the config file
  raises an error.
- Add backup and restore tools, directory.
- require at least systemd 38 which provides the journal (we no longer
  need to require syslog.target)
- Update Requires on policycoreutils to 2.1.14-37
- Update Requires on selinux-policy to 3.12.1-42
- Update Requires on 389-ds-base to 1.3.1.0
2013-05-10 12:33:54 -04:00
Martin Kosek
45d13fba45 Update to upstream 3.2.0 Prerelease 1
Spec file was also merged with up-to-date upstream reference spec
file to keep them consistent.
2013-04-02 18:47:49 +02:00
Kevin Fenzi
c7811c4ad8 Rebuild for broken deps
- Fix 389-ds-base strict dep to be 1.3.0.5 and krb5-server 1.11.1
2013-03-30 11:49:49 -06:00
Kevin Fenzi
e432b0144a Rebuild for broken deps in rawhide
- Fix 389-ds-base strict dep to be 1.3.0.3
2013-02-23 12:57:28 -07:00
Dennis Gilmore
e3032bd32c - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild 2013-02-13 15:59:20 -06:00
Rob Crittenden
586582a2c2 Correct VERSION in the spec file 2013-01-23 17:28:20 -05:00
Rob Crittenden
ab5b2748dc Updated strict dependencies to 389-ds-base = 1.3.0.2 and pki-ca = 10.0.1 2013-01-23 17:16:53 -05:00
Rob Crittenden
3d64806b7a Update to upstream 3.1.2
- CVE-2012-4546: Incorrect CRLs publishing
- CVE-2012-5484: MITM Attack during Join process
- CVE-2013-0199: Cross-Realm Trust key leak
2013-01-23 17:13:20 -05:00
Martin Kosek
c6c1e1d976 Backport additional spec fixes from upstream
- Remove redundat Requires versions that are already in Fedora 17
- Replace python-crypto Requires with m2crypto
- Add missing Requires(post) for client and server-trust-ad subpackages
- Restart httpd service when server-trust-ad subpackage is installed
- Bump selinux-policy Requires to pick up PKI/LDAP port labeling fixes
2012-12-20 10:33:39 +01:00
Rob Crittenden
5e038ec750 Updated to upstream 3.1.0 GA
- Set minimum for sssd to 1.9.2
- Set minimum for pki-ca to 10.0.0-1
- Set minimum for 389-ds-base to 1.3.0
- Set minimum for selinux-policy to 3.11.1-60
- Remove unneeded dogtag package requires
2012-12-10 15:52:46 -05:00
Martin Kosek
0348a328fd Update Requires on krb5-server to 1.11 2012-11-23 14:49:15 +01:00
Rob Crittenden
e93bd136ff Configure CA replication to use TLS instead of SSL 2012-10-12 14:48:18 -04:00
Rob Crittenden
4de47b3304 Updated to upstream 3.0.0 GA
- Set minimum for samba to 4.0.0-153.
- Make sure server-trust-ad subpackage alternates winbind_krb5_locator.so
  plugin to /dev/null since they cannot be used when trusts are configured
- Restrict krb5-server to 1.10.
- Update minimum for 389-ds-base to 1.3.0
- Add directory /var/lib/ipa/pki-ca/publish for CRL published by pki-ca
- Add Requires on zip for generating FF browser extension
2012-10-12 12:02:17 -04:00
Rob Crittenden
8a8da0b567 - Updated to upstream 3.0.0 rc 2
- Include new FF configuration extension
2012-10-09 16:22:06 -04:00
Martin Kosek
53622bb0da Require samba packages instead of obsoleted samba4 packages 2012-10-02 08:36:19 +02:00
Rob Crittenden
23bbd3f9b4 Updated to upstream 3.0.0 rc 1
- Update BR for 389-ds-base to 1.2.11.14
- Update BR for krb5 to 1.10
- Update BR for samba4-devel to 4.0.0-139 (rc1)
- Add BR for python-polib
- Update Requires on policycoreutils to 2.1.12-5
- Update Requires on 389-ds-base to 1.2.11.14
- Update Requires on selinux-policy to 3.11.1-21
- Update Requires on dogtag to 10.0.0-0.33.a1
- Update Requires on certmonger to 0.60
- Update Requires on tomcat to 7.0.29
- Update minimum version of bind to 9.9.1-10.P3
- Update minimum version of bind-dyndb-ldap to 1.1.0-0.16.rc1
- Remove Requires on authconfig from python sub-package
2012-09-21 16:34:00 -04:00
Rob Crittenden
2d22c7100c Rebuild against samba4 beta8 2012-09-05 09:12:31 -04:00
Rob Crittenden
7caae3a676 Rebuild against samba4 beta7 2012-08-31 15:09:05 -04:00
Alexander Bokovoy
5c0f47e71d Adopt to samba4 beta6 and add samba4-winbind dependency to freeipa-server-trust-ad 2012-08-22 18:31:36 +03:00
Rob Crittenden
3c1392be1b Update to upstream 3.0.0 beta 2 2012-08-17 11:31:03 -04:00
Martin Kosek
3c91c125af Add missing 3.0.0 beta 2 development patches 2012-08-06 18:17:49 +02:00
Martin Kosek
23157c3804 Update to current upstream state of 3.0.0 beta 2 development 2012-08-06 17:16:15 +02:00
Alexander Bokovoy
10af3ccf36 Rebuild against samba4 beta4 2012-07-23 17:23:54 +03:00
Rob Crittenden
a0ca5be798 Update to upstream 3.0.0 beta 1 2012-07-02 15:55:25 -04:00
Rob Crittenden
b191f14e04 - Updated to upstream 2.2.0 GA
- Update minimum n-v-r of certmonger to 0.53
- Update minimum n-v-r of slapi-nis to 0.40
- Add Requires in client to oddjob-mkhomedir and python-krbV
- Update minimum selinux-policy to 3.10.0-110
2012-05-03 14:40:11 -04:00
Rob Crittenden
18a9ea07cd Update to 2.2.0 beta1, fix shell escaping to work with dogtag 9.0.18.
- Update to upstream 2.2.0 beta 1 (2.1.90.rc1)
- Set minimum n-v-r for pki-ca and pki-silent to 9.0.18.
- Add Conflicts on mod_ssl
- Update minimum n-v-r of 389-ds-base to 1.2.10.4
- Update minimum n-v-r of sssd to 1.8.0
- Update minimum n-v-r of slapi-nis to 0.38
- Update minimum n-v-r of pki-* to 9.0.18
- Update conflicts on bind-dyndb-ldap to < 1.1.0-0.9.b1
- Update conflicts on bind to < 9.9.0-1
- Drop requires on krb5-server-ldap
- Add patch to remove escaping arguments to pkisilent
2012-05-03 14:40:05 -04:00
Rob Crittenden
c3929a4ff3 Update to upstream 2.2.0 alpha 1 (2.1.90.pre1)
Remove unused patches, update tarball, sync spec to upstream spec

ipa_kpasswd has been dropped upstream
2012-02-06 14:51:43 -05:00
Alexander Bokovoy
fd3bdcaf1e - Force to use 389-ds 1.2.10-0.8.a7 or above
- Improve upgrade script to handle systemd 389-ds change
  - fixes FreeIPA tickets 2117 and 2300
- Fix freeipa to work with python-ldap 2.4.6
2012-02-01 21:25:07 +02:00
Martin Kosek
3d6f0d2911 Fix FreeIPA installation problems
This release fixes:
- ipa-replica-install crashes due to invalid Python calls
- ipa-server-install and ipa-dns-install may fail to produce log
- ipa-server-install crash due to sslget problem (#771357)
2012-01-11 11:34:54 +01:00
Alexander Bokovoy
0c5ab6443d Fix 769440
Rebuild SLAPI plugins against thread-safe ldap library as requirement of new 389-ds build
2011-12-21 14:49:37 +02:00
Alexander Bokovoy
e32f1a7067 Allow ipa-ldap-updater to wait for dirsrv service on systemd setups 2011-12-11 19:38:03 +02:00