Pavel Vomacka
d3389e055a
4.4.2-4: CVE-2016-9575, CVE-2016-7030
...
Fixes 1395311 - CVE-2016-9575 ipa: Insufficient permission check in certprofile-mod
Fixes 1370493 - CVE-2016-7030 ipa: DoS attack against kerberized services
by abusing password policy
2016-12-14 22:19:06 +01:00
Petr Vobornik
26b01c4688
Fix bz 1389866
...
Support DAL version 5 and version 6 in KDB driver
https://bugzilla.redhat.com/show_bug.cgi?id=1389866
2016-11-29 10:22:46 +01:00
Petr Vobornik
064dc19e83
Rebuild against krb5-1.15
...
fixes : #1387460
2016-10-21 23:54:12 +02:00
Petr Vobornik
d16eb0d756
Update to upstream 4.4.2
2016-10-13 18:19:53 +02:00
Alexander Bokovoy
070313822d
Add changelog
2016-09-01 18:16:29 +03:00
Alexander Bokovoy
5f5010dd71
Update SELinux execmem workaround
...
dcerpc crypto changes were merged upstream
2016-09-01 17:05:35 +03:00
Alexander Bokovoy
64545c1505
Update sources
2016-09-01 16:52:24 +03:00
Alexander Bokovoy
47a0c67ac7
Update to upstream 4.4.1 release
2016-09-01 16:47:48 +03:00
Petr Vobornik
6b7ae28924
4.3.2-2: CVE-2016-5404
2016-08-19 15:14:46 +02:00
Petr Vobornik
56944c4963
Update to upstream 4.3.2
2016-07-22 18:08:20 +02:00
Petr Vobornik
a76abac86e
Fix typo in SELinux 'execmem' denials fix
...
According to https://fedorahosted.org/freeipa/ticket/5442#comment:7
2016-07-22 18:06:47 +02:00
Fedora Release Engineering
8b518cbb8f
- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
2016-07-19 07:06:29 +00:00
Petr Vobornik
1e163887b2
Rebase 0001-Workarounds-for-SELinux-execmem-violations-in-crypto.patch
2016-03-24 16:43:12 +01:00
Petr Vobornik
ffe6f461b2
Update to upstream 4.3.1
2016-03-24 16:21:34 +01:00
Petr Vobornik
21c82e0cbb
fix build with Samba 4.4
...
- Fix build with Samba 4.4
- Update SELinux requires to fix connection check during installation
2016-02-04 12:18:14 +01:00
Dennis Gilmore
101663ab3b
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
2016-02-03 20:46:39 +00:00
Petr Vobornik
f43314092f
spec: do not require arch specific ipalib package from noarch packages
...
noarch packages should not contain:
Requires: some-package-{?_isa}
2016-01-19 18:53:41 +01:00
Petr Vobornik
b2442d51ba
Workarounds for SELinux execmem violations in crypto
2015-12-18 17:48:36 +01:00
Petr Vobornik
00828c7569
Update to upstream 4.3.0
2015-12-18 17:48:36 +01:00
Petr Vobornik
a33b200323
Workarounds for SELinux execmem violations in cryptography
...
ipaserver.dcerpc uses M2Crypto again on Python 2.7 and Dogtag's
pki.client no longer tries to use PyOpenSSL instead of Python's ssl
module.
Some dependencies like Dogtag's pki.client library and custodia use
python-requsts to make HTTPS connection. python-requests prefers
PyOpenSSL over Python's stdlib ssl module. PyOpenSSL is build on top
of python-cryptography which trigger a execmem SELinux violation
in the context of Apache HTTPD (httpd_execmem).
When requests is imported, it always tries to import pyopenssl glue
code from urllib3's contrib directory. The import of PyOpenSSL is
enough to trigger the SELinux denial.
A hack in wsgi.py prevents the import by raising an ImportError.
2015-12-08 21:28:39 +01:00
Petr Vobornik
efcb307b47
Update to upstream 4.2.3
2015-11-02 19:58:16 +01:00
Alexander Bokovoy
5e5a1f4339
Rebuild against krb5 1.14
2015-10-21 19:45:51 +03:00
Alexander Bokovoy
08336be7d8
Add dependency to samba-common-tools to -trust-ad subpackage
...
Samba packaging moved samba-common to be multi-architecture-friendly
and moved net utility to samba-common-tools. We use net utility in
ipa-adtrust-install, thus we need to depend on the correct package.
2015-10-21 19:40:20 +03:00
Petr Vobornik
e26c3e5b2a
Update to upstream 4.2.2
2015-10-08 14:30:13 +02:00
Petr Vobornik
ece84f751e
Update to upstream 4.2.1
2015-09-07 19:01:45 +02:00
Dennis Gilmore
a944f13c98
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
2015-06-17 06:41:22 +00:00
Alexander Bokovoy
54c544a18d
Fix typo in the patch to fix trusts
2015-05-12 15:42:37 +03:00
Alexander Bokovoy
9e1a9ca424
Separate build- and install time requires for Samba
2015-05-11 20:44:44 +03:00
Alexander Bokovoy
3291aa48e8
Fix establishing trust when using Samba 4.2
...
Fixes: 1219834
2015-05-11 20:32:13 +03:00
Petr Vobornik
5e8ed97275
replace mod_auth-kerb with mod_auth_gssapi
2015-03-30 15:51:59 +02:00
Alexander Bokovoy
c25f465e18
Upstreamed patch
2015-03-26 16:54:08 +02:00
Alexander Bokovoy
32b772b3ee
Upstream 4.1.4 release to fix CVE-2015-1827
2015-03-26 16:46:20 +02:00
Petr Vobornik
37a047a11a
Timeout when performing time sync during client installation
...
https://fedorahosted.org/freeipa/ticket/4842
2015-03-17 10:35:32 +01:00
Petr Vobornik
b0ad0e0344
Add missing sssd python dependencies
...
https://bugzilla.redhat.com/show_bug.cgi?id=1197218
2015-03-04 18:49:31 +01:00
Petr Vobornik
fd86e26a5f
Update to upstream 4.1.3
...
- see http://www.freeipa.org/page/Releases/4.1.3
2015-02-18 18:32:22 +01:00
Alexander Bokovoy
a69b40e56b
Fix wrong date in the changelog
2015-01-19 11:26:26 +02:00
Alexander Bokovoy
c504f905a4
Unblock rawhide
...
- Support Samba PASSDB 0.2.0 with libsamba-passdb
- Fix marshalling of NETLOGON responses over CLDAP
- Use python-dateutil15 instead of python-dateutil 2.x until we validate
the new version
2015-01-19 11:22:49 +02:00
Petr Vobornik
81defaec91
Update to upstream 4.1.2
...
- see http://www.freeipa.org/page/Releases/4.1.2
- fix CVE-2014-7850
2014-11-25 14:36:38 +01:00
Simo Sorce
da888bc1a9
Patch blokers and feature freze exceptions
...
- Resolves: bz1165674
- Resolves: bz1165856 (CVE-2014-7850)
- Fixes DNS install issue that prevents the server from working
2014-11-21 13:18:37 +01:00
Martin Kosek
366080a717
Lower pki-ca requires to 10.1.2
...
Current Dogtag 10.2 and it's requirements are not properly packaged for
CentOS, yet. To enable FreeIPA running on CentOS 7.0, lower the
Requires on Fedora 20 and CentOS platform on Dogtag 10.1.2 which
has the patches required by FreeIPA backported and which has all
dependencies avaiable.
https://fedorahosted.org/freeipa/ticket/4737
2014-11-19 12:58:29 +01:00
Petr Spacek
9a877166ea
Fix minimal version of BIND for Fedora 20 and 21
2014-11-10 09:32:25 +01:00
Petr Vobornik
00870e3919
Update to upstream 4.1.1
...
- see http://www.freeipa.org/page/Releases/4.1.1
- fix CVE-2014-7828
2014-11-06 14:42:41 +01:00
Petr Vobornik
c8a68dfb66
Fix armv7 build failure, external CA install
2014-10-22 14:41:16 +02:00
Petr Vobornik
7ccb103e8e
Update to upstream 4.1.0
...
see http://www.freeipa.org/page/Releases/4.1.0
2014-10-21 19:02:12 +02:00
Petr Viktorin
743ef0138f
Update to upstream 4.0.3 - see http://www.freeipa.org/page/Releases/4.0.3
2014-09-12 21:59:09 +02:00
Petr Viktorin
694ce2174a
Update to upstream 4.0.1 - see http://www.freeipa.org/page/Releases/4.0.2
2014-09-05 19:56:45 +02:00
Pádraig Brady
c1d3c76c37
update to Java/8
...
Java/7 is no longer available in rawhide,
so update to allow rebuilds to proceed.
2014-09-02 18:40:34 +01:00
Pádraig Brady
cf4ceb30fb
rebuild for libunistring soname bump
2014-09-02 18:09:28 +01:00
Peter Robinson
21b496feed
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
2014-08-16 13:08:47 +00:00
Martin Kosek
f08947f751
Update to upstream 4.0.1
2014-07-25 14:14:39 +02:00