[freeipa] 3.3.3-3
Martin Kosek
mkosek at fedoraproject.org
Tue Dec 3 11:12:43 UTC 2013
commit e17b01f313bce18ba55533cdce643ab37ea73e99
Author: Martin Kosek <mkosek at redhat.com>
Date: Tue Dec 3 12:07:11 2013 +0100
3.3.3-3
Update to upstream 3.3.3, patch merged from F20.
Fix -Werror=format-security errors (#1037070)
.gitignore | 1 +
...t-of-adtrustinstance-for-case-without-tru.patch | 41 +
0001-Update-translations.patch | 5358 --------------------
0002-Fix-Wformat-security-warnings.patch | 84 +
freeipa.spec | 40 +-
sources | 2 +-
6 files changed, 152 insertions(+), 5374 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 6fcd30a..b529335 100644
--- a/.gitignore
+++ b/.gitignore
@@ -26,3 +26,4 @@
/freeipa-3.2.2.tar.gz
/freeipa-3.3.0.tar.gz
/freeipa-3.3.1.tar.gz
+/freeipa-3.3.3.tar.gz
diff --git a/0001-Guard-import-of-adtrustinstance-for-case-without-tru.patch b/0001-Guard-import-of-adtrustinstance-for-case-without-tru.patch
new file mode 100644
index 0000000..d72035a
--- /dev/null
+++ b/0001-Guard-import-of-adtrustinstance-for-case-without-tru.patch
@@ -0,0 +1,41 @@
+From ba5baea9cfd07559ca2f4f7a194999b982af2a24 Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <abokovoy at redhat.com>
+Date: Mon, 4 Nov 2013 17:15:23 +0200
+Subject: [PATCH] Guard import of adtrustinstance for case without trusts
+
+https://fedorahosted.org/freeipa/ticket/4011
+---
+ install/tools/ipa-server-install | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
+index b3dcf6d93a70e2910a3d7fa62139efbf640d1cbe..458ebba550d0fe7675bd874e23c7d730c53297e6 100755
+--- a/install/tools/ipa-server-install
++++ b/install/tools/ipa-server-install
+@@ -40,7 +40,12 @@ import pwd
+ import textwrap
+ from optparse import OptionGroup, OptionValueError
+
+-from ipaserver.install import adtrustinstance
++try:
++ from ipaserver.install import adtrustinstance
++ _server_trust_ad_installed = True
++except ImportError:
++ _server_trust_ad_installed = False
++
+ from ipaserver.install import dsinstance
+ from ipaserver.install import krbinstance
+ from ipaserver.install import bindinstance
+@@ -493,7 +498,8 @@ def uninstall():
+ httpinstance.HTTPInstance(fstore).uninstall()
+ krbinstance.KrbInstance(fstore).uninstall()
+ dsinstance.DsInstance(fstore=fstore).uninstall()
+- adtrustinstance.ADTRUSTInstance(fstore).uninstall()
++ if _server_trust_ad_installed:
++ adtrustinstance.ADTRUSTInstance(fstore).uninstall()
+ memcacheinstance.MemcacheInstance().uninstall()
+ otpdinstance.OtpdInstance().uninstall()
+ ipaservices.restore_network_configuration(fstore, sstore)
+--
+1.8.3.1
+
diff --git a/0002-Fix-Wformat-security-warnings.patch b/0002-Fix-Wformat-security-warnings.patch
new file mode 100644
index 0000000..1303291
--- /dev/null
+++ b/0002-Fix-Wformat-security-warnings.patch
@@ -0,0 +1,84 @@
+From 8c03b1dbcdf75ba76b96ccfcc148afe0e134e2d3 Mon Sep 17 00:00:00 2001
+From: Krzysztof Klimonda <kklimonda at syntaxhighlighted.com>
+Date: Tue, 3 Sep 2013 00:12:26 +0300
+Subject: [PATCH] Fix -Wformat-security warnings
+
+---
+ daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c | 6 +++---
+ daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c | 8 ++++----
+ 2 files changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c b/daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c
+index 9f884bd39233adf90b0f4eff1868885d587d351a..22c40f2bcfc527127b745e1efde5977b148c78a8 100644
+--- a/daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c
++++ b/daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c
+@@ -317,7 +317,7 @@ free_and_return:
+
+ if (krbLastPwdChange) slapi_ch_free_string(&krbLastPwdChange);
+
+- LOG(errMesg ? errMesg : "success\n");
++ LOG("%s", errMesg ? errMesg : "success\n");
+ slapi_send_ldap_result(pb, rc, NULL, errMesg, 0, NULL);
+
+ free(principal);
+@@ -344,7 +344,7 @@ ipaenrollment_extop(Slapi_PBlock *pb)
+ if (slapi_pblock_get(pb, SLAPI_EXT_OP_REQ_OID, &oid ) != 0) {
+ errMesg = "Could not get OID and value from request.\n";
+ rc = LDAP_OPERATIONS_ERROR;
+- LOG(errMesg);
++ LOG("%s", errMesg);
+ goto free_and_return;
+ }
+
+@@ -357,7 +357,7 @@ ipaenrollment_extop(Slapi_PBlock *pb)
+ rc = LDAP_OPERATIONS_ERROR;
+
+ free_and_return:
+- LOG(errMesg);
++ LOG("%s", errMesg);
+ slapi_send_ldap_result(pb, rc, NULL, errMesg, 0, NULL);
+
+ return SLAPI_PLUGIN_EXTENDED_SENT_RESULT;
+diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
+index 1058c313d1f2a193eb7fae621bc9c5d103fb6d5f..c3e0ebd9d90f393be031b26fadcedd00f6091a8d 100644
+--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
++++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
+@@ -573,7 +573,7 @@ free_and_return:
+ if (targetEntry) slapi_entry_free(targetEntry);
+ if (ber) ber_free(ber, 1);
+
+- LOG(errMesg ? errMesg : "success");
++ LOG("%s", errMesg ? errMesg : "success");
+ slapi_send_ldap_result(pb, rc, NULL, errMesg, 0, NULL);
+
+ return SLAPI_PLUGIN_EXTENDED_SENT_RESULT;
+@@ -1143,7 +1143,7 @@ free_and_return:
+
+ if (rc == LDAP_SUCCESS)
+ errMesg = NULL;
+- LOG(errMesg ? errMesg : "success");
++ LOG("%s", errMesg ? errMesg : "success");
+ slapi_send_ldap_result(pb, rc, NULL, errMesg, 0, NULL);
+
+ return SLAPI_PLUGIN_EXTENDED_SENT_RESULT;
+@@ -1170,7 +1170,7 @@ static int ipapwd_extop(Slapi_PBlock *pb)
+ if (slapi_pblock_get(pb, SLAPI_EXT_OP_REQ_OID, &oid) != 0) {
+ errMesg = "Could not get OID value from request.\n";
+ rc = LDAP_OPERATIONS_ERROR;
+- LOG(errMesg);
++ LOG("%s", errMesg);
+ goto free_and_return;
+ } else {
+ LOG("Received extended operation request with OID %s\n", oid);
+@@ -1193,7 +1193,7 @@ static int ipapwd_extop(Slapi_PBlock *pb)
+ free_and_return:
+ if (krbcfg) free_ipapwd_krbcfg(&krbcfg);
+
+- LOG(errMesg);
++ LOG("%s", errMesg);
+ slapi_send_ldap_result(pb, rc, NULL, errMesg, 0, NULL);
+
+ return SLAPI_PLUGIN_EXTENDED_SENT_RESULT;
+--
+1.8.3.1
+
diff --git a/freeipa.spec b/freeipa.spec
index df15ffa..606cc7f 100644
--- a/freeipa.spec
+++ b/freeipa.spec
@@ -4,11 +4,11 @@
%global plugin_dir %{_libdir}/dirsrv/plugins
%global POLICYCOREUTILSVER 2.1.14-37
%global gettext_domain ipa
-%global VERSION 3.3.1
+%global VERSION 3.3.3
Name: freeipa
-Version: 3.3.1
-Release: 2%{?dist}
+Version: 3.3.3
+Release: 3%{?dist}
Summary: The Identity, Policy and Audit system
Group: System Environment/Base
@@ -17,7 +17,8 @@ URL: http://www.freeipa.org/
Source0: http://www.freeipa.org/downloads/src/freeipa-%{VERSION}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-Patch1: 0001-Update-translations.patch
+Patch0001: 0001-Guard-import-of-adtrustinstance-for-case-without-tru.patch
+Patch0002: 0002-Fix-Wformat-security-warnings.patch
%if ! %{ONLY_CLIENT}
BuildRequires: 389-ds-base-devel >= 1.3.1.3
@@ -124,7 +125,7 @@ Requires: mod_auth_kerb >= 5.4-16
%else
Requires: mod_auth_kerb >= 5.4-8
%endif
-Requires: mod_nss
+Requires: mod_nss >= 1.0.8-24
Requires: python-ldap
Requires: python-krbV
Requires: acl
@@ -169,10 +170,6 @@ Conflicts: bind < 9.8.2-0.4.rc2
# member.
Conflicts: nss-pam-ldapd < 0.8.4
-# mod_proxy provides a single API to communicate over SSL. If mod_ssl
-# is even loaded into Apache then it grabs this interface.
-Conflicts: mod_ssl
-
Obsoletes: ipa-server >= 1.0
%description server
@@ -225,9 +222,9 @@ Requires(post): %{name}-server = %{version}-%{release}
Requires(postun): %{name}-server = %{version}-%{release}
# Specific requires
-Requires(pre): 389-ds-base = 1.3.1.3
+Requires(pre): 389-ds-base = 1.3.1.11
Requires: krb5-server = 1.11.3
-Requires: pki-ca = 10.0.4
+Requires: pki-ca = 10.0.5
%description server-strict
IPA is an integrated solution to provide centrally managed Identity (machine,
@@ -255,7 +252,7 @@ Requires: pam_krb5
Requires: wget
Requires: libcurl >= 7.21.7-2
Requires: xmlrpc-c >= 1.27.4
-Requires: sssd >= 1.11.0-0.1.beta2
+Requires: sssd >= 1.11.1
Requires: certmonger >= 0.65
Requires: nss-tools
Requires: bind-utils
@@ -471,8 +468,8 @@ install -m 644 init/ipa_memcached.conf %{buildroot}%{_sysconfdir}/sysconfig/ipa_
mkdir -p %{buildroot}%{_usr}/share/ipa/ui/js/plugins
# NOTE: systemd specific section
-mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d/
-install -m 0644 init/systemd/ipa.conf.tmpfiles %{buildroot}%{_sysconfdir}/tmpfiles.d/ipa.conf
+mkdir -p %{buildroot}%{_prefix}/lib/tmpfiles.d
+install -m 0644 init/systemd/ipa.conf.tmpfiles %{buildroot}%{_prefix}/lib/tmpfiles.d/%{name}.conf
# END
mkdir -p %{buildroot}%{_localstatedir}/run/
@@ -659,7 +656,7 @@ fi
%dir %attr(0700,apache,apache) %{_localstatedir}/run/ipa_memcached/
%dir %attr(0700,root,root) %{_localstatedir}/run/ipa/
# NOTE: systemd specific section
-%config(noreplace) %{_sysconfdir}/tmpfiles.d/ipa.conf
+%{_prefix}/lib/tmpfiles.d/%{name}.conf
%attr(644,root,root) %{_unitdir}/ipa.service
%attr(644,root,root) %{_unitdir}/ipa_memcached.service
%attr(644,root,root) %{_unitdir}/ipa-otpd.socket
@@ -892,6 +889,19 @@ fi
%endif # ONLY_CLIENT
%changelog
+* Tue Dec 3 2013 Martin Kosek <mkosek at redhat.com> - 3.3.3-3
+- Fix -Werror=format-security errors (#1037070)
+
+* Mon Nov 4 2013 Martin Kosek <mkosek at redhat.com> - 3.3.3-2
+- ipa-server-install crashed when freeipa-server-trust-ad subpackage was not
+ installed
+
+* Fri Nov 1 2013 Martin Kosek <mkosek at redhat.com> - 3.3.3-1
+- Update to upstream 3.3.3
+
+* Fri Oct 4 2013 Martin Kosek <mkosek at redhat.com> - 3.3.2-1
+- Update to upstream 3.3.2
+
* Thu Aug 29 2013 Petr Viktorin <pviktori at redhat.com> - 3.3.1-1
- Bring back Fedora-only changes
diff --git a/sources b/sources
index f82ebaf..39e8e00 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-ed8e51c47adbbfcc7013396ceb55f99a freeipa-3.3.1.tar.gz
+ba4546b837c5129524e2d1020986400f freeipa-3.3.3.tar.gz
More information about the scm-commits
mailing list