rpms/ipa
7
0
Fork 0
Code Issues Pull Requests Releases Activity
226 Commits 17 Branches 116 Tags 12 MiB
b4d8a0ae2d
Commit Graph

209 Commits

Author SHA1 Message Date
Alexander Bokovoy
5253080d71 Fix upgrade when using DNS-less setup and pull new slapi-nis 
Resolves rhbz#1573636 for nisserver underlinkage
Resolves rhbz#1573671 for DNS-less setup upgrade issues
 2018-05-02 10:40:46 +03:00
Alexander Bokovoy
49a9934df0 Require pki-symkey until pki-core has proper dependencies 2018-03-21 16:31:07 +02:00
Alexander Bokovoy
c7b3fb0668 Fix missing import in the upgrade patch 2018-03-21 16:09:44 +02:00
Alexander Bokovoy
445afe77e5 Fix changelog date 2018-03-21 13:46:13 +02:00
Alexander Bokovoy
533fcd195a Run upgrade under empty DIR: ccache collection 2018-03-21 13:44:28 +02:00
Alexander Bokovoy
4bae5f4bc8 More fixes to Fedora 28 beta 2018-03-21 10:45:19 +02:00
Adam Williamson
8bb66c5db7 Fix upgrades harder (extension of -3 patch) (#1558354) 2018-03-20 16:00:40 -07:00
Alexander Bokovoy
bc96e5049b Fix upgrade from F27 to F28 
Fixes rhbz#1558354
 2018-03-20 09:43:42 +02:00
Rob Crittenden
3d031dc162 Patch to fix GUI login for non-admin users 
Resolves: #1557609
 2018-03-19 17:28:51 -04:00
Rob Crittenden
2b035d369f Update to upstream 4.6.90.pre1 
Resolves: #1551830, #1551677, #1547959, #1496562, #1179220
 2018-03-16 13:59:09 -04:00
Rob Crittenden
5e4d8ce49d Disable i686 server build: 389-ds no longer provides that arch 
Build only the client pieces.

Resolves: #1544386
 2018-02-20 16:11:48 -05:00
Igor Gnatenko
cef13fada8
Remove %clean section 
None of currently supported distributions need that.
Last one was EL5 which is EOL for a while.

Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
 2018-02-14 07:13:09 +01:00
Igor Gnatenko
9926201380 Remove BuildRoot definition 
None of currently supported distributions need that.
It was needed last for EL5 which is EOL now

Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
 2018-02-13 23:23:25 +01:00
Igor Gnatenko
41d5c37399
Escape macros in %changelog 
Reference: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/Y2ZUKK2B7T2IKXPMODNF6HB2O5T5TS6H/
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
 2018-02-09 09:04:32 +01:00
Rob Crittenden
6c78f950c5 4.6.3-3: fix KRA upgrade issue, remove mod_wsgi confict 
- Don't fail on upgrades if KRA is not installed
- Remove Conflicts between mod_wsgi and python3-mod_wsgi
 2018-02-08 17:05:10 -05:00
Fedora Release Engineering
d54cd714b4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2018-02-07 10:08:07 +00:00
Rob Crittenden
a416470bc5 4.6.3-1: rebase to upstream 4.6.3 2018-01-31 12:03:52 -05:00
Lumir Balhar
b0ec377c08 Fix directory ownership in python3 subpackage 2018-01-03 15:33:08 +01:00
Rob Crittenden
b993dadc84 4.6.1-4 Update execmem patch 
Update workaround patch to prevent SELinux execmem AVC (#1491508)

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
 2017-10-17 10:58:52 +02:00
Alexander Bokovoy
cca65702ef Another attempt at fixing bug 1491053 2017-10-16 21:58:23 +03:00
Tomas Krizek
28ce588c87
4.6.1-2: Rebuild against krb5-1.16 
Signed-off-by: Tomas Krizek <tkrizek@redhat.com>
 2017-10-10 14:30:21 +02:00
Tomas Krizek
c777305290
4.6.1-1: rebase to upstream 4.6.1 
- Fixes #1491053  Firefox reports insecure TLS configuration when visiting
  FreeIPA web UI after standard server deployment

Signed-off-by: Tomas Krizek <tkrizek@redhat.com>
 2017-09-22 13:49:57 +02:00
Adam Williamson
5376c6da20 Backport fixes for a couple more critical F27 Beta issues 2017-09-13 09:48:02 -07:00
Adam Williamson
f2fe300436 Backport fix for #1488640, BuildRequires diffstat 2017-09-06 08:19:08 -07:00
Tomas Krizek
4403f2b6fc
4.6.0-1: rebase to upstream 4.6.0 
Signed-off-by: Tomas Krizek <tkrizek@redhat.com>
 2017-09-04 13:49:25 +02:00
Fedora Release Engineering
a8d1e96588 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild 2017-08-02 20:46:40 +00:00
Fedora Release Engineering
dfcf49a987 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild 2017-07-26 08:44:20 +00:00
Tomas Krizek
4e8781975d
4.5.3-1: Update to upstream 4.5.3 
Signed-off-by: Tomas Krizek <tkrizek@redhat.com>
 2017-07-21 16:31:34 +02:00
Alexander Bokovoy
fe61781bfa Make sure tmpfiles.d snippet is in place after replica install 2017-07-13 10:34:49 +03:00
Alexander Bokovoy
ed08e3296d Increase Java stack size to 16m 
ppc64-le builds fail with a crash when running Rhino to compile js code.
In past such failures were associated with inadequate Java stack size.
Test this idea with a larger stack size.
 2017-07-10 12:30:58 +03:00
Alexander Bokovoy
8fa3823f90 Fix build with Samba 4.7.0-RC1 2017-07-10 09:56:04 +03:00
Tomas Krizek
71dac404bd
fix ip address checks and python-netifaces 
Important patches that will be part of 4.5.3 release.

Signed-off-by: Tomas Krizek <tkrizek@redhat.com>
 2017-06-20 14:33:05 +02:00
Tomas Krizek
eefef33439
Update to upstream 4.5.2 
Signed-off-by: Tomas Krizek <tkrizek@redhat.com>
 2017-06-18 20:09:59 +02:00
Tomas Krizek
c72eb707b4
Update to upstream 4.5.1 2017-05-25 15:11:33 +02:00
Tomas Krizek
1a7895e56c
4.4.4-2 bugfixes 
- Fixes #1448049 Subpackage freeipa-server-common has unmet dependencies on Rawhide
- Fixes #1430247 FreeIPA server deployment runs ipa-custodia on Python 3, should use Python 2
- Fixes #1446744 python2-ipaclient subpackage does not own %{python_sitelib}/ipaclient/plugins
- Fixes #1440525 surplus 'the' in output of `ipa-adtrust-install`
- Fixes #1411810 ipa-replica-install fails with 406 Client Error
- Fixes #1405814 ipa plugins: ERROR an internal error occured
 2017-05-23 12:36:52 +02:00
Tomas Krizek
0cfff8c8ae
Update to upstream 4.4.4 2017-03-24 14:27:06 +01:00
Alexander Bokovoy
ffb418a5d6 Use different method to keep /usr/bin/ipa on Python 2 
Fixes #1426847 - cannot upgrade freeipa-client on rawhide

Thanks to Petr Viktorin for coming up with the change
 2017-03-01 08:12:37 +02:00
Tomas Krizek
09bdd29080
4.4.3-7 
- Fixes #1413137 CVE-2017-2590 ipa: Insufficient permission check for
  ca-del, ca-disable and ca-enable commands
 2017-02-27 14:21:48 +01:00
Alexander Bokovoy
3f4b03b412 Rebuild to pick up system-python dependency change 
Fixes #1426847 -- Cannot upgrade freeipa-client on rawhide
 2017-02-27 10:36:26 +02:00
Tomas Krizek
99f783444d
Add support for KRB DAL 6.1 and bind-dyndb-ldap 11.0 2017-02-15 15:48:51 +01:00
Fedora Release Engineering
8a7de36eea - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild 2017-02-10 10:00:13 +00:00
Igor Gnatenko
11f9ba7934 Rebuild for xmlrpc-c 
Signed-off-by: Igor Gnatenko <ignatenko@redhat.com>
 2017-01-21 14:50:01 +01:00
Miro Hrončok
53083d6830 Rebuild for Python 3.6 2016-12-22 13:08:41 +01:00
Pavel Vomacka
f573742499 Update to upstream 4.4.3 2016-12-16 21:14:48 +01:00
Pavel Vomacka
d3389e055a 4.4.2-4: CVE-2016-9575, CVE-2016-7030 
Fixes 1395311 - CVE-2016-9575 ipa: Insufficient permission check in certprofile-mod
Fixes 1370493 - CVE-2016-7030 ipa: DoS attack against kerberized services
  by abusing password policy
 2016-12-14 22:19:06 +01:00
Petr Vobornik
26b01c4688 Fix bz 1389866 
Support DAL version 5 and version 6 in KDB driver

https://bugzilla.redhat.com/show_bug.cgi?id=1389866
 2016-11-29 10:22:46 +01:00
Petr Vobornik
064dc19e83 Rebuild against krb5-1.15 
fixes: #1387460
 2016-10-21 23:54:12 +02:00
Petr Vobornik
d16eb0d756 Update to upstream 4.4.2 2016-10-13 18:19:53 +02:00
Alexander Bokovoy
070313822d Add changelog 2016-09-01 18:16:29 +03:00
Alexander Bokovoy
47a0c67ac7 Update to upstream 4.4.1 release 2016-09-01 16:47:48 +03:00
Petr Vobornik
6b7ae28924 4.3.2-2: CVE-2016-5404 2016-08-19 15:14:46 +02:00
Petr Vobornik
56944c4963 Update to upstream 4.3.2 2016-07-22 18:08:20 +02:00
Fedora Release Engineering
8b518cbb8f - https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages 2016-07-19 07:06:29 +00:00
Petr Vobornik
ffe6f461b2 Update to upstream 4.3.1 2016-03-24 16:21:34 +01:00
Petr Vobornik
21c82e0cbb fix build with Samba 4.4 
- Fix build with Samba 4.4
- Update SELinux requires to fix connection check during installation
 2016-02-04 12:18:14 +01:00
Dennis Gilmore
101663ab3b - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild 2016-02-03 20:46:39 +00:00
Petr Vobornik
f43314092f spec: do not require arch specific ipalib package from noarch packages 
noarch packages should not contain:
  Requires: some-package-{?_isa}
 2016-01-19 18:53:41 +01:00
Petr Vobornik
b2442d51ba Workarounds for SELinux execmem violations in crypto 2015-12-18 17:48:36 +01:00
Petr Vobornik
00828c7569 Update to upstream 4.3.0 2015-12-18 17:48:36 +01:00
Petr Vobornik
a33b200323 Workarounds for SELinux execmem violations in cryptography 
ipaserver.dcerpc uses M2Crypto again on Python 2.7 and Dogtag's
pki.client no longer tries to use PyOpenSSL instead of Python's ssl
module.

Some dependencies like Dogtag's pki.client library and custodia use
python-requsts to make HTTPS connection. python-requests prefers
PyOpenSSL over Python's stdlib ssl module. PyOpenSSL is build on top
of python-cryptography which trigger a execmem SELinux violation
in the context of Apache HTTPD (httpd_execmem).
When requests is imported, it always tries to import pyopenssl glue
code from urllib3's contrib directory. The import of PyOpenSSL is
enough to trigger the SELinux denial.
A hack in wsgi.py prevents the import by raising an ImportError.
 2015-12-08 21:28:39 +01:00
Petr Vobornik
efcb307b47 Update to upstream 4.2.3 2015-11-02 19:58:16 +01:00
Alexander Bokovoy
5e5a1f4339 Rebuild against krb5 1.14 2015-10-21 19:45:51 +03:00
Alexander Bokovoy
08336be7d8 Add dependency to samba-common-tools to -trust-ad subpackage 
Samba packaging moved samba-common to be multi-architecture-friendly
and moved net utility to samba-common-tools. We use net utility in
ipa-adtrust-install, thus we need to depend on the correct package.
 2015-10-21 19:40:20 +03:00
Petr Vobornik
e26c3e5b2a Update to upstream 4.2.2 2015-10-08 14:30:13 +02:00
Petr Vobornik
ece84f751e Update to upstream 4.2.1 2015-09-07 19:01:45 +02:00
Dennis Gilmore
a944f13c98 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild 2015-06-17 06:41:22 +00:00
Alexander Bokovoy
54c544a18d Fix typo in the patch to fix trusts 2015-05-12 15:42:37 +03:00
Alexander Bokovoy
9e1a9ca424 Separate build- and install time requires for Samba 2015-05-11 20:44:44 +03:00
Alexander Bokovoy
3291aa48e8 Fix establishing trust when using Samba 4.2 
Fixes: 1219834
 2015-05-11 20:32:13 +03:00
Petr Vobornik
5e8ed97275 replace mod_auth-kerb with mod_auth_gssapi 2015-03-30 15:51:59 +02:00
Alexander Bokovoy
c25f465e18 Upstreamed patch 2015-03-26 16:54:08 +02:00
Alexander Bokovoy
32b772b3ee Upstream 4.1.4 release to fix CVE-2015-1827 2015-03-26 16:46:20 +02:00
Petr Vobornik
37a047a11a Timeout when performing time sync during client installation 
https://fedorahosted.org/freeipa/ticket/4842
 2015-03-17 10:35:32 +01:00
Petr Vobornik
b0ad0e0344 Add missing sssd python dependencies 
https://bugzilla.redhat.com/show_bug.cgi?id=1197218
 2015-03-04 18:49:31 +01:00
Petr Vobornik
fd86e26a5f Update to upstream 4.1.3 
- see http://www.freeipa.org/page/Releases/4.1.3
 2015-02-18 18:32:22 +01:00
Alexander Bokovoy
a69b40e56b Fix wrong date in the changelog 2015-01-19 11:26:26 +02:00
Alexander Bokovoy
c504f905a4 Unblock rawhide 
- Support Samba PASSDB 0.2.0 with libsamba-passdb
- Fix marshalling of NETLOGON responses over CLDAP
- Use python-dateutil15 instead of python-dateutil 2.x until we validate
  the new version
 2015-01-19 11:22:49 +02:00
Petr Vobornik
81defaec91 Update to upstream 4.1.2 
- see http://www.freeipa.org/page/Releases/4.1.2
- fix CVE-2014-7850
 2014-11-25 14:36:38 +01:00
Simo Sorce
da888bc1a9 Patch blokers and feature freze exceptions 
- Resolves: bz1165674
- Resolves: bz1165856 (CVE-2014-7850)
- Fixes DNS install issue that prevents the server from working
 2014-11-21 13:18:37 +01:00
Martin Kosek
366080a717 Lower pki-ca requires to 10.1.2 
Current Dogtag 10.2 and it's requirements are not properly packaged for
CentOS, yet. To enable FreeIPA running on CentOS 7.0, lower the
Requires on Fedora 20 and CentOS platform on Dogtag 10.1.2 which
has the patches required by FreeIPA backported and which has all
dependencies avaiable.

https://fedorahosted.org/freeipa/ticket/4737
 2014-11-19 12:58:29 +01:00
Petr Spacek
9a877166ea Fix minimal version of BIND for Fedora 20 and 21 2014-11-10 09:32:25 +01:00
Petr Vobornik
00870e3919 Update to upstream 4.1.1 
- see http://www.freeipa.org/page/Releases/4.1.1
- fix CVE-2014-7828
 2014-11-06 14:42:41 +01:00
Petr Vobornik
c8a68dfb66 Fix armv7 build failure, external CA install 2014-10-22 14:41:16 +02:00
Petr Vobornik
7ccb103e8e Update to upstream 4.1.0 
see http://www.freeipa.org/page/Releases/4.1.0
 2014-10-21 19:02:12 +02:00
Petr Viktorin
743ef0138f Update to upstream 4.0.3 - see http://www.freeipa.org/page/Releases/4.0.3 2014-09-12 21:59:09 +02:00
Petr Viktorin
694ce2174a Update to upstream 4.0.1 - see http://www.freeipa.org/page/Releases/4.0.2 2014-09-05 19:56:45 +02:00
Pádraig Brady
c1d3c76c37 update to Java/8 
Java/7 is no longer available in rawhide,
so update to allow rebuilds to proceed.
 2014-09-02 18:40:34 +01:00
Pádraig Brady
cf4ceb30fb rebuild for libunistring soname bump 2014-09-02 18:09:28 +01:00
Peter Robinson
21b496feed - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild 2014-08-16 13:08:47 +00:00
Martin Kosek
f08947f751 Update to upstream 4.0.1 2014-07-25 14:14:39 +02:00
Petr Viktorin
92ad420100 Update to upstream 4.0.0 
Remove Fedora patches, all are in the upstream release
Remove the freeipa-server-strict package
Update to upstream 4.0.0
 2014-07-07 19:25:32 +02:00
Dennis Gilmore
da4983b208 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild 2014-06-07 07:48:25 -05:00
Petr Vobornik
a291203c66 Increase Java Stack size for Web UI build on aarch64 2014-05-21 10:11:48 +02:00
Peter Robinson
a14925ccb8 Add rhino as dependency to fix FTBFS 2014-04-16 15:15:57 +01:00
Martin Kosek
78bfe5614a Update to upstream 3.3.5 2014-03-28 13:34:35 +01:00
Martin Kosek
9ea7eb2ddf 3.3.4-3 
- Move ipa-otpd socket directory to /var/run/krb5kdc
- Require krb5-server 1.11.5-3 supporting the new directory
- ipa_lockout plugin did not work with users's without krbPwdPolicyReference
 2014-02-11 18:06:25 +01:00
Martin Kosek
5b79ddb067 3.3.4-2 
- Fix hardened build
 2014-01-29 08:54:27 +01:00
Martin Kosek
9d21232151 3.3.4-1 
- Update to upstream 3.3.4
- Install CA anchor into standard location (#928478)
- ipa-client-install part of ipa-server-install fails on reinstall (#1044994)
- Remove mod_ssl workaround (RHEL bug #1029046)
- Enable syncrepl plugin to support bind-dyndb-ldap 4.0
 2014-01-28 13:37:46 +01:00
Martin Kosek
3242eeabec 3.3.3-5 
- Build crashed with rhino exception on s390 architectures (#1040576)
 2014-01-03 13:44:59 +01:00
Martin Kosek
84f4ed20a9 Fix typo in patch specification part 2013-12-13 15:52:59 +01:00