Группа :: Система/Основа
Пакет: freeipa
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
23 мая 2023 Stanislav Levin <slev at altlinux.org> 4.9.12-alt1
- 4.9.11 -> 4.9.12.
- Added support for cryptography 40.0.
- 4.9.10 -> 4.9.11.
- Fixed FTBFS (openldap 2.6).
- Replaced removed register_interface with subclassing (closes: #43823).
- Stopped build of server packages on armh (Java 17).
- 4.9.8 -> 4.9.10.
- Fixed FTBFS (Pylint 2.12.2).
- 4.9.7 -> 4.9.8.
- 4.9.6 -> 4.9.7.
- 4.8.9 -> 4.9.6.
- Improved error message for missing supported NTP (closes: #40343).
- Dropped dependency on python-nss.
- Fixed FTBFS(new Pylint 2.8.2).
- Fixed FTBFS(new Pylint 2.7.2).
- 4.8.8 -> 4.8.9.
- Made SELinux optional (closes: #38788).
- Fixed FTBFS(new pylint 2.5.3).
- Fixed group ownership of pki instance nssdb.
- 4.8.6 -> 4.8.8.
- Applied upstream fixes.
- 4.7.4 -> 4.8.6.
- Fixed compatibility with Samba 4.11
- Backported fix Pylint with python3: Remove subclassing from object
- Fixed automount NFS share.
- Fixed trust creation.
- 4.7.3 -> 4.7.4 (fixes: CVE-2019-14867, CVE-2019-10195).
- 4.7.2 -> 4.7.3.
- ALT: Fixed upgrade 4.3.3 -> 4.7.2.
- Added support for CI testing (ALT).
- Fixed `without_lint` build.
- Fixed replica install.
- 4.7.1 -> 4.7.2.
- Enabled smoke tests.
- Backported upstream patches for 389-ds 1.4.1.2.
- Backport patch for samba-4.10.0 complatibility from upstream
- Rebuild with samba-4.10.0 (freeipa-server-trust-ad depens on libsmbconf.so.0)
- Fixed work with new 389-ds (1.4.x).
- Fixed support for gssproxy non-privileged user.
- Fixed support for Automount NFS.
- Dropped build of freeipa-server for i586.
- Drop Requires on selinux-policy (closes: #35686).
- Added support for separated IPA plugins.
- Fixed client upgrade from 4.6 to 4.7.
- 4.7.0 -> 4.7.1.
- Fixed client's requirements to server modules (by mrdrew@).
- Fixed JS errors on web pages(ssbrowser and unauthorized) at production mode.
- 4.6.3 -> 4.7.0.
- Build with new softhsm.
- Build with new openssl1.1.
- Improved formal deps (in python*-module-freeipa, dropped the
unnecessary explicit dep on setuptools in favor of autoreqs) so that
there is more flexibility in the base system where freeipa can be
installed (i.e., gcc won't be required since the split of
python*-module-setuptools-1:39.2.0-alt3).
- Rebuilt due to selinux update.
- Rebuild with samba-4.7
- Fix WebUI translations
- Fix upgrade process
- Fix applying of ipa rewrite rules
- v4.6.2 -> v4.6.3
- Fix build against krb5-1.16 (new KDB DAL version 7.0)
- 4.6.1 -> 4.6.2
- Fix ipa-cacert-manage renew scenario
- Add openntpd support (based on patches from Mikhail Efremov) (closes: #34307)
- Save and restore state of apache modules during installation/uninstallation
- 4.4.4 -> 4.6.1
- Fix ipa client schema cache: Handle malformed server info data gracefully
- Fix ipa client requirements
- Import patches from 4.3.3-alt9
- selinux: Allow digits in SELinux user names (closes: #33838).
- Require zip.
- Fix ipa server upgrade
- Import patches from 4.3.3-alt8
- Fix replica creation (closes: #33513):
+ Don't try to use bundled urllib3 in the python-module-request.
+ Use ipa CA certificate for https checks.
- Update to upstream's 4.4.4 version
- httpd2: Update existing ipa.conf for fontawesome path.
- Requires: fonts-ttf-fontawesome-web -> fonts-font-awesome.
- Change paths to fontawesome.
- Enabled tests.
- Add %apache_conf_dir macro.
- Move ipa_configured script to server-common subpackage.
- Init argument for slapi_pblock_get() (closes: #33538).
- Fix httpd2 configuration (closes: #33513, #33466).
- server: Require pki-kra.
- Run ipa-server-upgrade at package update.
- Add ipa_configured script.
- Fix ipa-server-upgrade (closes: #33463).
- Set JAVA_STACK_SIZE to 8m.
- Fix build with 389-ds-1.3.6.4.
- client: Require bind-utils.
- client: Require krb5-kinit.
- Updated to 4.3.3.
- Fix chown krb5.keytab.
- Use ALT-specific SELinux users.
- Grant read access to krb5.keytab file for _keytab group.
- ipaclient: Reduce ntpdate timeout.
- client: Require ntpdate.
- Explicitly require python-module-samba.
- Fixed %_runtimedir/ipa_memcached permissions.
- server-trust-ad: Require samba and samba-winbind (closes: #33084).
- openntpd support.
- Change dogtag default insecure port to 8090.
- client: Require libsss_sudo.
- client: Require nss-utils (closes: #33031).
- Patches from upstream:
+ Fixed CVE-2016-7030.
+ Fixed CVE-2016-9575.
- bindinstance: Drop 'generating rndc key' step.
- bindinstance: Use resolvconf if needed.
- tasks: Implement {set/restore}_control_state() functions.
- Disable bind chroot and fix paths in configs.
- altlinux/tasks.py: Implement check_selinux_status().
- ipa-client-automount: Configure nsswitch.conf for sssd.
- Configure nsswitch.conf for use sssd.
- Require ntpd in the client subpackage.
- Move some requires to client subpackage (closes: #32952).
- Require slapi-nis.
- Require fonts for web ui.
- web ui: Fix fonts.
- Use bash as default login shell.
- Update server-dns description.
- Disable DNSSEC support for now.
- Require openssl.
- Fix opendnssec paths.
- Update named.conf and paths.
- Increase httpd.service start timeout.
- Enable/disable apache2 modules/configs.
- Enable dyndb-ldap.
- Require java-1.8.0-openjdk.
- Require pki.
- Drop hack for old certmonger.
- Merge spec with Fedora.
- Patch from upstream:
+ ipa-kdb: Allow to build with samba 4.5 - Update spec.
- ipa-client-install: Hack for old certmonger.
- Fix opendnssec user/group.
- Disable dyndb-ldap stuff for now.
- Fix httpd2 confs paths.
- Fix user for ipa_memcached.
- Fix NSSCertificateDatabase path.
- ipa.conf: Fix paths.
- Add nss.conf.
- constants: Fix apache user name.
- Fix apache user name for oddjobd.
- Fix path to custodia socket.
- Hack bind configuration for now.
- Fix ipa.conf.
- Fix httpd.service.
- Add initial ALT Linux platform support.
- Updated to 4.3.2.
- Updated to 4.3.1.
- Updated to 4.2.3.
- new version
- first build for alt
- Remove mod_ssl conflict, it can now live with mod_nss installed
- Conform to tmpfiles.d packaging guidelines
- Add man pages to the tests subpackage
- Downgrade required version of python-paramiko for the tests subpackage
- Require slapi-nis 0.47.7 and sssd 1.11.0-0.1.beta2 required for core
features of 3.3.0 release
- Require pki-ca 10.0.4 which fixes external CA installation (#986901)
- Move requirement for keyutils from freeipa-server to freeipa-python
- Add tar and xz dependencies to freeipa-tests
- Bump minimum version of sssd to 1.10.92 to pick up latest SSSD 1.11 Beta
development
- Bump minimum version of sssd to 1.10.90 for the 'ipa_server_mode' option.
- Require selinux-policy 3.12.1-65 containing missing policy after removal of
freeipa-server-selinux subpackage
- Do not create /var/lib/ipa/pki-ca/publish, retain reference as ghost
- Run ipa-upgradeconfig and server restart in posttrans to avoid inconsistency
issues when there are still old parts of software (like entitlements plugin)
- Bump minimum version of 389-ds-base to 1.3.1.3 for user password change fix.
- Bump minimum version of 389-ds-base to 1.3.1.1 for SASL mapping priority
support.
- Add the freeipa-tests subpackage
- Drop freeipa-server-selinux subpackage
- Drop redundant directory /var/cache/ipa/sessions
- Add requires for openldap-2.4.35-4 to pickup fixed SASL_NOCANON behavior for
socket based connections (#960222)
- Require libsss_nss_idmap-python in Fedora 19+
- Web UI plugins
- Require pki-ca 10.0.2 for 501 response code on find for d9 -> d10 upgrades
- Add Conflicts on nss-pam-ldapd < 0.8.4. The mapping from uniqueMember to
member is now done automatically and having it in the config file raises
an error.
- Add triggerin scriptlet to update sshd_config on openssh-server update
- Update nss and nss-tools dependency to fix certutil problem (#872761)
- Require samba 4.0.5, includes new passdb API
- Require krb5 1.11.2-1, fixes missing PAC issue
- Change permissions on backup dir to 700
- Add backup and restore
- Own /var/lib/ipa/backup
- Make sure build against Krb5 1.11 in Fedora 18 environment creates proper dependencies
- Require 389-base-base >= 1.3.0.5 to pull the following fixes:
- upgrade deadlock caused by DNA plugin reconfiguration
- CVE-2013-1897: unintended information exposure when
nsslapd-allow-anonymous-access is set to rootdse
- Remove conflict with krb5-server > 1.11 as ipa-kdb is compatible
- ipa-ldap-updater show produce errors only
- update policycoreutils version to 2.1.12-5 to match Requires in Fedora
- require at least systemd 38 which provides the journal (we no longer
need to require syslog.target)
- Require selinux-policy 3.11.1-86 to fix Fedora 17 to 18 upgrade issue
- Set certmonger minimum version to 0.65 for NSS locking during
renewal - Set selinux-policy to 3.11.1-73 so certmonger can run in post
scriptlet
- Use ipa-ldap-updater --quiet instead of redirecting to /dev/null
- Add certmonger condrestart to server post scriptlet
- Make certmonger a (pre) Requires on the server subpackage
- dependency fix
- Add BuildRequires: java-1.7.0-openjdk.
- Removed BuildRequires: rhino
- Add Web UI layer JS files in ui/js/{dojo,freeipa,libs} directories
- Add BuildRequires: rhino
- Bump minimum version of 389-ds-base to 1.3.0 to get transaction support
- Bump minimum version of pki-ca to 10.0.0-0.54.b3
- Set min for selinux-policy to 3.11.1-60 to fix errors including sssd
domain mapping in krb5.conf (#873429)
- Replace python-crypto by m2crypto dependency
- Bump minimum version of slapi-nis to 0.44
- Remove compatibility definitions for unsupported Fedora versions (Fedora 16 and lower)
- Do not require specific package version when the package was available in Fedora 17
- Remove old SysV initscript compatibility code - we run on systemd now
- Add Requires for the new Dogtag 10 and dogtag-pki-server-theme
- Remove Requires on tomcat6 for Fedora 18 and later, Dogtag 10 pulls tomcat7 itself
- Add Requires for tar (used by ipa-replica-prepare)
- Set min for bind-dyndb-ldap to 2.3-2 to pick up disabling global
forwarder per-zone
- Restart httpd in post install of server-trust-ad
- Add strict Requires for 389-ds-base and policycoreutils to avoid user
removing them during package lifetime
- Print ipa-upgradeconfig errors during RPM update
- Add zip dependency, needed for creating unsigned Firefox extensions
- Make sure server-trust-ad subpackage alternates winbind_krb5_locator.so
plugin to /dev/null since they cannot be used when trusts are configured
- Add directory /var/lib/ipa/pki-ca/publish for CRL published by pki-ca
- Require samba packages instead of samba4 packages obsoleted in Fedora 18 and later
- Add libwbclient-devel BuildRequires to pick up libwbclient.h on Fedora 18 and later
- Set certmonger minimum version to 0.60 for Dogtag 10 support.
- Set min for 389-ds-base to 1.2.11.14-1 on F17+ to pull in updated
RUV code and nsslapd-readonly schema.
- Updated samba4-devel dependency due to API change
- Add samba4-winbind to build dependencies for AD server-side code
- Set min for 389-ds-base to 1.2.11.9-1 on F17+ to pull in warning about
low nsslapd-cachememsize.
- Set min for bind-dyndb-ldap to 1.1.0-0.16.rc1 to pick up complete zone transfer
support
- Set min for bind-dyndb-ldap to 1.1.0-0.15.rc1 to pick up SOA serial autoincrement
feature
- Set minimum certmonger to 0.58 for dogtag cert renewal
- Require samba4-devel >= 4.0.0-128 due to passdb API change in beta4
- Add Requires on openssl
- Set minimum tomcat6 to 6.0.35-4 in F-18
- Set minimum mod_auth_kerb to 5.4-16 in F-18
- Add extdom extop plugin
- Add client requires on libsss-autofs, autofs, libnfsidmap and nfs-utils
for configuring automount and NFS.
- Add Web UI reset password pages
- Set min for 389-ds-base to 1.2.11.5-1 on F17 to fix installation issue
- Set min for 389-ds-base to 1.2.10.10-1 on F16 (and lower) to fix CN case persistence
- Add directory /var/lib/ipa/sysupgrade for package upgrade metadata
- Set min for bind-dyndb-ldap to 1.1.0-0.12.rc1 to pick up persistent search
related bug fixes
- Add python-crypto to build dependencies for AD server-side code
- Add freeipa-server-trust-ad virtual package to capture all required dependencies
for Active Directory trust management
- Replace used DNS client library (acutil) with python-dns
- Set min for selinux-policy to 3.10.0-110 on F-17 to pick up certmonger
policy for restarting services. - Set min for certmonger to 0.53 so we have the -C option to set restart
commands.
- Bump minimum version of slapi-nis to 0.40
- Add python-krbV Requires on client package
- Set min for 389-ds-base to 1.2.10.4-2 to fix upgrade issue
- Add python-lxml and python-pyasn1 to BuildRequires
- Set min for bind-dyndb-ldap and bind to pick up new features and bug fixes
- Set min nvr of sssd to 1.8.0 for SSH support
- Add BuildRequires on sssd >= 1.8.0
- Add Web UI form based login page
- Removed ipa_migration.css
- Add Web UI logout page
- Add Requires to ipa-client on oddjob-mkhomedir
- Set min for bind-dyndb-ldap to 1.1.0-0.8.a2 to pick up new features
- Add Conflicts on mod_ssl
- Set min for 389-ds-base to 1.2.10.1-1 to fix install segfault,
schema replication.
- Set min for krb5-server to 1.9.2-6 to pick up needed s4u2proxy patches
- Set min for mod_auth_kerb to 5.4-8 to pick up s4u2proxy support
- Fix dependency for samba4-devel package
- Add CLDAP plugin
- Set min nvr of 389-ds-base to 1.2.10-0.5.a5 for SLAPI_PLUGIN_CONFIG_ENTRY
support
- Make sure changes to extension.js are not removed.
- Moved UI images into install/ui/images
- Removed hbac-deny-remove.html
- Default to systemd for Fedora 16 and onwards
- Set min nvr of 389-ds-base to 1.2.10-0.4.a4 for limits fixes (740942, 742324)
- Add explicit dependency on pki-setup.
- Make sure platform adaptation is packaged in -python sub-package
- Add soft dependency for bind and bind-dyndb-ldap required versions
- Set min nvr of 389-ds-base to 1.2.9.7-1 for BZ 728605
- Set min nvr of pki-ca to 9.0.12 for fix in BZ 700505
- Remove ipa_kpasswd.
- Add subscription-manager dependency for RHEL.
- Set min nvr of 389-ds-base to 1.2.9.6 for fix in BZ 725743,
723937, and 725542 - Set min nvr of pki-ca to 9.0.11 for fix in BZ 728332
- Set min nvr of xmlrpc-c and libcurl to make sure GSSAPI delegation
support is in
- Add *.ico files
- Add libipa_hbac-python dependency for hbactest plugin
- Set min nvr of pki-ca to 9.0.10 on F-15+ to pick up updated
caIPAserviceCert.cfg profile
- Make cyrus-sasl-gssapi requires arch-specific
- Add ipa-csreplica-manage tool.
- Add HTML file describing issues with HBAC deny rules
- Ship ipa-ca-install utility
- Set min nvr of selinux-policy to 3.9.16-18 on F-15+
- Set min nvr of pki-ca to 9.0.7 on F-15+
- Add BuildRequires on pylint, python-rhsm to enable a build with enforced
pylint check
- Bump version to 2.0.90
- Set min version of 389-ds-base to 1.2.8.0-1 for fix in BZ 693466.
- Automatically apply updates when the package is upgraded.
- Set minimum version of python-nss to 0.11 to make sure IPv6 support is in
- Set minimum version of sssd to 1.5.1
- Set min version of 389-ds-base to 1.2.8
- Set min version of mod_nss 1.0.8-10
- Set min version of selinux-policy to 3.9.7-27
- Apply changes discovered in Fedora package review process (#672986)
- Re-arrange doc and defattr to clean up rpmlint warnings
- Remove conditionals on older releases
- Move some man pages into admintools subpackage
- Remove some explicit Requires in client that aren't needed
- Consistent use of buildroot vs RPM_BUILD_ROOT
- Moved directory install/static to install/ui
- Remove dependency on nss_ldap/nss-pam-ldapd
- The official client is sssd and that's what we use by default.
- Remove radius subpackages
- Set minimum pki-ca and pki-silent versions to 9.0.0
- Drop BuildRequires on mozldap-devel
- Add Requires on krb5-pkinit-openssl
- Add ipa-host-net-manage script
- Add ipa init script
- Set minimum level of 389-ds-base to 1.2.7 for enhanced memberof plugin
- remove ipa-fix-CVE-2008-3274
- Remove duplicate %files entries on share/ipa/static
- Add python default encoding shared library
- Drop requires on python-configobj (not used any more)
- Drop ipa-ldap-updater message, upgrades are done differently now
- Drop conflicts on mod_nss
- Require nss-pam-ldapd on F-14 or higher instead of nss_ldap (#606847)
- Drop a slew of conditionals on older Fedora releases (< 12)
- Add a few conditionals against RHEL 6
- Add Requires of nss-tools on ipa-client
- Set minimum version of certmonger to 0.26 (to pck up #621670)
- Set minimum version of pki-silent to 1.3.4 (adds -key_algorithm)
- Set minimum version of pki-ca to 1.3.6
- Set minimum version of sssd to 1.2.1
- Add BuildRequires for authconfig
- Bump up minimum version of python-nss to pick up nss_is_initialize() API
- Change Requires from fedora-ds-base to 389-ds-base
- Set minimum level of 389-ds-base to 1.2.6 for the replication
version plugin.
- Removed python-asset based webui
- Drop Requires of python-krbV on ipa-client
- Load ipa_dogtag.pp in post install
- Set minimum level of sssd to 1.1.1 to pull in required hbac fixes.
- No need to create /var/log/ipa_error.log since we aren't using
TurboGears any more.
- Fixed share/ipa/wsgi.py so .pyc, .pyo files are included
- Added Require mod_wsgi, added share/ipa/wsgi.py
- Require python-wehjit >= 0.2.2
- Add sssd and certmonger as a Requires on ipa-client
- Require python-wehjit >= 0.2.0
- Add ipa-rmkeytab tool
- Set minimum of python-pyasn1 to 0.0.9a so we have support for the ASN.1
Any type
- Remove v1-style /etc/ipa/ipa.conf, replacing with /etc/ipa/default.conf
- Add bash completion script and own /etc/bash_completion.d in case it
doesn't already exist
- Remove ipa_webgui, its functions rolled into ipa_httpd
- Removed python-cherrypy from BuildRequires and Requires
- Added Requires python-assets, python-wehjit
- Added httpd SELinux policy so CRLs can be read
- Move ipalib to ipa-python subpackage
- Bump minimum version of slapi-nis to 0.15
- Set 0.14 as minimum version for slapi-nis
- Add Requires: python-nss to ipa-python sub-package
- Remove the IPA DNA plugin, use the DS one
- Build radius separately
- Fix a few minor issues
- Replace TurboGears requirement with python-cherrypy
- rebuild with new openssl
- Fix SELinux code
- Fix breakage caused by python-kerberos update to 1.1
- New upstream release 1.2.1
- Rebuild for Python 2.6
- Respin after the tarball has been re-released upstream
New hash is 506c9c92dcaf9f227cba5030e999f177
- Conditionally restart also dirsrv and httpd when upgrading
- Update to upstream version 1.2.0
- Set fedora-ds-base minimum version to 1.1.3 for winsync header
- Set the minimum version for SELinux policy
- Remove references to Fedora 7
- Fix for CVE-2008-3274
- Fix segfault in ipa-kpasswd in case getifaddrs returns a NULL interface
- Add fix for bug #453185
- Rebuild against openldap libraries, mozldap ones do not work properly
- TurboGears is currently broken in rawhide. Added patch to not build
the UI locales and removed them from the ipa-server files section.
- Add call to /usr/sbin/upgradeconfig to post install
- Update to upstream version 1.1.0
- Patch for indexing memberof attribute
- Patch for indexing uidnumber and gidnumber
- Patch to change DNA default values for replicas
- Patch to fix uninitialized variable in ipa-getkeytab
- Set fedora-ds-base minimum version to 1.1.0.1-4 and mod_nss minimum
version to 1.0.7-4 so we pick up the NSS fixes. - Add selinux-policy-base(post) to Requires (446496)
- Add missing entry for /var/cache/ipa/kpasswd (444624)
- Added patch to fix permissions problems with the Apache NSS database.
- Added patch to fix problem with DNS querying where the query could be
returned as the answer. - Fix spec error where patch1 was in the wrong section
- Added patch to fix problem reported by ldapmodify
- Fix Requires for krb5-server that was missing for Fedora versions > 9
- Remove quotes around test for fedora version to package egg-info
- Update to upstream version 1.0.0
- Pull upstream changelog 722
- Add Conflicts mod_ssl (435360)
- Pull upstream changelog 698
- Fix ownership of /var/log/ipa_error.log during install (435119)
- Add pwpolicy command and man page
- Pull upstream changelog 678
- Add new subpackage, ipa-server-selinux
- Add Requires: authconfig to ipa-python (bz #433747)
- Package i18n files
- Pull upstream changelog 641
- Require minimum version of krb5-server on F-7 and F-8
- Package some new files
- Marked with wrong license. IPA is GPLv2.
- Ensure that /etc/ipa exists before moving user-modifiable html files there
- Put html files into /etc/ipa/html instead of /etc/ipa
- Pull upstream changelog 608 which renamed several files
- package the sessions dir /var/cache/ipa/sessions
- Pull upstream changelog 597
- Updated upstream pull (596) to fix bug in ipa_webgui that was causing the
UI to not start.
- Included LICENSE and README in all packages for documentation
- Move user-modifiable content to /etc/ipa and linked back to
/usr/share/ipa/html - Changed some references to /usr to the {_usr} macro and /etc
to {_sysconfdir} - Added popt-devel to BuildRequires for Fedora 8 and higher and
popt for Fedora 7 - Package the egg-info for Fedora 9 and higher for ipa-python
- Added auto* BuildRequires
- Unified spec file
- Fixed License in specfile
- Include files from /usr/lib/python*/site-packages/ipaserver
- Version bump for release
- Preverse mode on ipa-keytab-util
- Version bump for relase and rpm name change
- Broke invididual Requires and BuildRequires onto separate lines and
reordered them - Added python-tgexpandingformwidget as a dependency
- Require at least fedora-ds-base 1.1
- Version bump for release
- Add dep for freeipa-admintools and acl
- Add dependency for python-krbV
- Require mod_nss-1.0.7-2 for mod_proxy fixes
- Convert to autotools-based build
- * Fri Sep 7 2007 Karl MacMillan <kmacmill@redhat.com> - 0.3.0-1
- Added support for libipa-dna-plugin
- Added support for ipa_kpasswd and ipa_pwd_extop
- Abstracted client class to work directly or over RPC
- Add mod_auth_kerb and cyrus-sasl-gssapi to Requires
- Remove references to admin server in ipa-server-setupssl
- Generate a client certificate for the XML-RPC server to connect to LDAP with
- Create a keytab for Apache
- Create an ldif with a test user
- Provide a certmap.conf for doing SSL client authentication
- Initial rpm version