[Pkg-freeipa-devel] freeipa: Changes to 'master-next'
Timo Aaltonen
tjaalton at moszumanska.debian.org
Fri Sep 25 11:53:13 UTC 2015
New branch 'master-next' available with the following commits:
commit 2c1bb40f7843698dbc777bf953c9c4ebd8949e8d
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Fri Sep 25 14:25:50 2015 +0300
releasing package freeipa version 4.1.4-1
commit e4390c363e82ec22132bf31c655a0c5e80f23156
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Fri Sep 25 12:53:40 2015 +0300
server.postrm: Clean logs on purge and disable apache modules on remove/purge.
commit a59df18572d3213e5450564111c298ac357e209e
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Fri Sep 25 07:58:16 2015 +0300
server.postinst: Run upgraders only if IPA is configured
commit d1f383fe85c3c25db6603898ae464b3b592f35c9
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Fri Sep 25 07:06:28 2015 +0300
Add some verbosity to server postinst
commit cca5d0e90f364f666c3d6c99311fc5de4c6de604
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Fri Sep 25 06:50:59 2015 +0300
begone, dnssec
commit e968c1e1667319ab239ba2141431982fa2cc37ef
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Fri Sep 25 06:05:08 2015 +0300
Revert DNSSEC changes to schema and ACI, makes upgrade tools fail.
commit 9e9d3f909fceb07a1d789657674a2527c5374b47
Merge: c015bbd 6a2bcdb
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu Sep 24 23:33:40 2015 +0300
Merge branch 'master' into master-next
commit 6a2bcdb46aa374e8fd313b5067837f9eb47b6609
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu Sep 24 23:22:44 2015 +0300
releasing package freeipa version 4.0.5-6
commit fcf048153b4a76d08b273236c1ccc9264d394c9c
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu Sep 24 23:21:35 2015 +0300
Rebuild against current krb5, there was an abi break which broke at least the setup phase.
commit c015bbd52cb719ec9c07308ae11c27b125eaca2f
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu Sep 24 19:14:37 2015 +0300
client.postrm: make rmdir non-fatal
commit 1164026eb2e039cb69dd4ab462e000624c97e81a
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu Sep 24 17:37:07 2015 +0300
server.postinst: Run ipa-ldap-updater and ipa-upgradeconfig on postinst.
commit 0d344d09d89a3ac2b490e16fe959f3a0671de5d7
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu Sep 24 17:34:13 2015 +0300
disable dnssec some more
commit f3f8f667b1fb2214dcaab8ab810cb99d0d8e4857
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu Sep 24 16:38:33 2015 +0300
close a few bugs on LP
commit c4c3b940cff3a9cf4a9a309cd3bba9abbc23a533
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu Sep 24 13:27:23 2015 +0300
platform, disable-dnssec-support.patch: Fix named.conf template.
commit 4c57292ec745f6ab94d1fd0502665e5c472e83e6
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu Sep 24 13:22:19 2015 +0300
platform: Add DebianNamedService.
commit 44a774c3cbb83d9ce19b26ca74a15900c571bbe5
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu Sep 24 06:10:10 2015 +0300
freeipa-client: Add /etc/ipa/nssdb, rework /etc/pki/nssdb handling.
commit 75fd43a8efec8ae0eba26b0e47a3aded1e23e9c2
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu Sep 24 05:57:51 2015 +0300
control: Bump python-nss depends.
commit b2bc83332c7a03591f808f1c8af75d1865f36891
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu Sep 24 05:51:36 2015 +0300
control: Bump certmonger depends.
commit 26e6614bbd001980d66d4a8d7e25573bc2a33639
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu Sep 24 05:45:01 2015 +0300
bump sssd dependencies
commit 560b11f44aa842ef9ab25e41a61ec7b49f390c23
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu Sep 24 05:33:56 2015 +0300
control: Server needs newer python-ldap, bump build-dep too.
commit 70ea426d96b5cd5bb48aa017a25c8b588ce08ab8
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu Sep 24 05:08:33 2015 +0300
control: Drop dogtag-pki-server-theme from server depends, it's not needed.
commit b94a04aafdca2e183a388ed5d5e7035e57a4ad81
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu Sep 24 05:08:00 2015 +0300
control: Bump 389-ds-base, pki-ca depends.
commit 868b5eaa200d6bfc4a67a14f1d496947c266eac4
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu Sep 24 05:02:49 2015 +0300
control: Bump Depends on slapi-nis for CVE fixes.
commit 3b6b7f287a0caf8b4798ee4c28c53866e425cad1
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu Sep 24 04:52:32 2015 +0300
wrap-and-sort -s
commit ac78bc5dbd219591cc9399227d2fd595592e4c96
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu Sep 24 04:51:14 2015 +0300
freeipa-{server,client}.install: Add new files.
commit 8b6c61b1a1dc57c40651af5b2dff32df4f7f5beb
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Sat Sep 5 07:06:18 2015 +0300
control: Add libsofthsm2-dev to build-depends and softhsm2 to server depends.
commit b20b4e683220ed89baf4b645da37968d6182bb31
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Sat Sep 5 06:52:02 2015 +0300
control Add gnupg-agent to python-freeipa depends, and change gnupg to gnupg2. (LP: #1492184)
commit 975dfdd861800921da81448197254dccfcd95b93
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu Sep 3 22:21:26 2015 +0300
control: Add gnupg-agent to python-freeipa depends, and change gnupg to gnupg2.
commit b9367b7da856b156bc399a18ecb88f7742681e8a
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Fri Apr 24 06:49:49 2015 +0300
control: Bump libsss-nss-idmap-dev build-dep.
commit 0c665ab1c3ec7eba49e12f7976a1791e3707dfbe
Merge: 88ba78b 244e2a2
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu Apr 9 23:51:46 2015 +0300
Merge branch 'master' into master-next
commit 88ba78bd910e09133cf5ac19dd05b1ca361ab935
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu Apr 9 14:29:41 2015 +0300
control: Add python-usb to build-depends and to python-freeipa depends.
commit 70a71bcee09d11238d5e5de174e61f253bd5b7bd
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu Apr 2 14:09:14 2015 +0300
disable dnssec, refresh patches
commit ce7d0703ea8c365c4c2c432c65905a7b691e522f
Merge: d76d671 1b46fad
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu Apr 2 13:03:54 2015 +0300
Merge branch 'experimental' into master-next
commit d76d671b13aa6a3f413f2b60497e10ec13d75516
Merge: 2a677a5 ddd86a9
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu Apr 2 13:01:20 2015 +0300
Merge branch 'master' into master-next
commit 1b46faded422b059996362b9df7fcf1e65283468
Author: Petr Vobornik <pvoborni at redhat.com>
Date: Thu Mar 26 15:28:46 2015 +0100
Become IPA 4.1.4
commit 93302a8c28731625a0e38e647be50a9598bb49e7
Author: Alexander Bokovoy <abokovoy at redhat.com>
Date: Thu Mar 26 14:59:03 2015 +0200
slapi-nis: require 0.54.2 for CVE-2015-0283 fixes
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>
commit fd8e796873f34c942b8ab28d486b5edfe1c27abd
Author: Sumit Bose <sbose at redhat.com>
Date: Wed Feb 25 10:28:22 2015 +0100
extdom: fix wrong realloc size
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Sumit Bose <sbose at redhat.com>
commit 447c5c7b0d76482dbb4273ea968a87cee2f4cddd
Author: Alexander Bokovoy <abokovoy at redhat.com>
Date: Wed Mar 18 17:09:06 2015 +0000
fix Makefile.am for daemons
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Sumit Bose <sbose at redhat.com>
commit d7863f3e1ee8cbd5acda26ce1170913ca936ce7e
Author: Martin Babinsky <mbabinsk at redhat.com>
Date: Mon Mar 16 12:36:25 2015 +0100
show the exception message thrown by dogtag._parse_ca_status during install
https://fedorahosted.org/freeipa/ticket/4885
Reviewed-By: Martin Basti <mbasti at redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal at redhat.com>
commit 3284cbf77347f054f07b4b810d86b4db221fec0e
Author: Martin Babinsky <mbabinsk at redhat.com>
Date: Tue Mar 17 14:39:54 2015 +0100
migrate-ds: print out failed attempts when no users/groups are migrated
This patch should fix both https://fedorahosted.org/freeipa/ticket/4846 and
https://fedorahosted.org/freeipa/ticket/4952.
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>
commit f0a49b962c268c32db6179c60017fc04826af179
Author: Jan Cholasta <jcholast at redhat.com>
Date: Tue Mar 17 08:23:40 2015 +0000
upload_cacrt: Fix empty cACertificate in cn=CAcert
https://fedorahosted.org/freeipa/ticket/4565
Reviewed-By: David Kupka <dkupka at redhat.com>
commit 6e672109ea48f995deac95094cea6d03650bdd13
Author: Jan Cholasta <jcholast at redhat.com>
Date: Tue Mar 17 09:35:49 2015 +0000
client: Fix ca_is_enabled calls
The command was added in API version 2.107. Old IPA servers may crash with
NetworkError on ca_is_enabled, handle this case gracefully.
https://fedorahosted.org/freeipa/ticket/4565
Reviewed-By: David Kupka <dkupka at redhat.com>
commit ad77613be6db202720bfb8e491d2f06bd5013aea
Author: Jan Cholasta <jcholast at redhat.com>
Date: Tue Mar 17 09:29:21 2015 +0000
client-install: Do not crash on invalid CA certificate in LDAP
When CA certificates in LDAP are corrupted, use the otherwise acquired CA
certificates from before.
https://fedorahosted.org/freeipa/ticket/4565
Reviewed-By: David Kupka <dkupka at redhat.com>
commit 4154c8893fda39c44af2558a3bb6ce0c6713feb9
Author: Jan Cholasta <jcholast at redhat.com>
Date: Tue Mar 17 09:28:47 2015 +0000
certstore: Make certificate retrieval more robust
https://fedorahosted.org/freeipa/ticket/4565
Reviewed-By: David Kupka <dkupka at redhat.com>
commit 179be3c222a9d27a147d5c0ff4be45e7def9b2d5
Author: Sumit Bose <sbose at redhat.com>
Date: Wed Mar 4 17:53:08 2015 +0100
extdom: fix memory leak
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
commit c55632374d3b41e23521461667da1699a7264947
Author: Sumit Bose <sbose at redhat.com>
Date: Wed Mar 4 13:39:04 2015 +0100
extdom: return LDAP_NO_SUCH_OBJECT to the client
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
commit ec7a55a05647c4abad4c2a1bb5b5094f1e1eec55
Author: Sumit Bose <sbose at redhat.com>
Date: Mon Mar 2 10:59:34 2015 +0100
extdom: make nss buffer configurable
The get*_r_wrapper() calls expect a maximum buffer size to avoid memory
shortage if too many threads try to allocate buffers e.g. for large
groups. With this patch this size can be configured by setting
ipaExtdomMaxNssBufSize in the plugin config object
cn=ipa_extdom_extop,cn=plugins,cn=config.
Related to https://fedorahosted.org/freeipa/ticket/4908
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
commit 5bd4b7a09df872a39fa15736f7e7322cbf27baeb
Author: Sumit Bose <sbose at redhat.com>
Date: Tue Feb 24 15:33:39 2015 +0100
extdom: handle ERANGE return code for getXXYYY_r() calls
The getXXYYY_r() calls require a buffer to store the variable data of
the passwd and group structs. If the provided buffer is too small ERANGE
is returned and the caller can try with a larger buffer again.
Cmocka/cwrap based unit-tests for get*_r_wrapper() are added.
Resolves https://fedorahosted.org/freeipa/ticket/4908
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
commit cc6fc3728c36d8fe07f336cdfc7da2e1a2812db3
Author: Sumit Bose <sbose at redhat.com>
Date: Tue Feb 24 15:29:00 2015 +0100
Add configure check for cwrap libraries
Currently only nss-wrapper is checked, checks for other crwap libraries
can be added e.g. as
AM_CHECK_WRAPPER(uid_wrapper, HAVE_UID_WRAPPER)
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
commit 41ca3fb499f42c740b183865acad2007e9916b48
Author: Martin Babinsky <mbabinsk at redhat.com>
Date: Thu Mar 12 16:14:22 2015 +0100
ipa-dns-install: use STARTTLS to connect to DS
BindInstance et al. now use STARTTLS to set up secure connection to DS during
ipa-dns-install. This fixes https://fedorahosted.org/freeipa/ticket/4933
Reviewed-By: Martin Basti <mbasti at redhat.com>
commit 80aeb445e2034776f08668bf04dfd711af477b25
Author: Nathan Kinder <nkinder at redhat.com>
Date: Wed Feb 25 15:19:47 2015 -0800
Timeout when performing time sync during client install
We use ntpd now to sync time before fetching a TGT during client
install. Unfortuantely, ntpd will hang forever if it is unable to
reach the NTP server.
This patch adds the ability for commands run via ipautil.run() to
have an optional timeout. This capability is used by the NTP sync
code that is run during ipa-client-install.
Ticket: https://fedorahosted.org/freeipa/ticket/4842
Reviewed-By: Martin Babinsky <mbabinsk at redhat.com>
commit 169a37d1a8585528c88985e19255c40f63bc831f
Author: Gabe <redhatrises at gmail.com>
Date: Fri Mar 13 07:34:49 2015 -0600
ipa-replica-prepare can only be created on the first master
https://fedorahosted.org/freeipa/ticket/4944
Reviewed-By: Martin Kosek <mkosek at redhat.com>
commit 939fd3dd6ccc0e96b79899069c479dbd8844a4b4
Author: Martin Basti <mbasti at redhat.com>
Date: Mon Mar 9 13:15:01 2015 +0100
Fix dead code in ipap11helper module
https://fedorahosted.org/freeipa/ticket/4657
Reviewed-By: Petr Spacek <pspacek at redhat.com>
commit 5f191e85e9beedbb40a7ce581069999761863289
Author: Martin Basti <mbasti at redhat.com>
Date: Wed Mar 4 15:13:48 2015 +0100
DNS: remove NSEC3PARAM from records
NSEC3PARAM is configurable only from zone commands. This patch removes
this record type from DNS records.
Ticket: https://fedorahosted.org/freeipa/ticket/4930
Reviewed-By: Petr Spacek <pspacek at redhat.com>
commit d89fca7ea99669a0183196b05cdfefa232c38091
Author: Martin Basti <mbasti at redhat.com>
Date: Wed Mar 4 15:09:24 2015 +0100
DNS fix: do not show part options for unsupported records
Do not show parts options in help output, if record is marked as unsupported.
Ticket: https://fedorahosted.org/freeipa/ticket/4930
Reviewed-By: Petr Spacek <pspacek at redhat.com>
commit 56f0eb443c58ba1f5a23d60e1fd8d8401eb154f4
Author: Martin Basti <mbasti at redhat.com>
Date: Wed Mar 4 12:52:16 2015 +0100
DNS fix: do not traceback if unsupported records are in LDAP
Show records which are unsupported, if they are in LDAP.
Those records are not editable, and web UI doesnt show them.
Fixes traceback caused by --structured option
Ticket: https://fedorahosted.org/freeipa/ticket/4930
Reviewed-By: Petr Spacek <pspacek at redhat.com>
commit 8fefd63152d5f5a28ac6cf51b504a150d8e7b360
Author: Petr Spacek <pspacek at redhat.com>
Date: Wed Mar 4 20:35:17 2015 +0100
p11helper: clarify error message
https://fedorahosted.org/freeipa/ticket/4657
Reviewed-By: Martin Basti <mbasti at redhat.com>
commit 40f56e5f38a0b95b9f30ccde5fe173f38b8a4e38
Author: Petr Spacek <pspacek at redhat.com>
Date: Wed Mar 4 15:40:33 2015 +0100
p11helper: use sizeof() instead of magic constants
https://fedorahosted.org/freeipa/ticket/4657
Reviewed-By: Martin Basti <mbasti at redhat.com>
commit a6d7e8df602b42c1822c0544d08f5aa9490471c6
Author: Petr Spacek <pspacek at redhat.com>
Date: Wed Mar 4 14:37:58 2015 +0100
p11helper: standardize indentation and other visual aspects of the code
https://fedorahosted.org/freeipa/ticket/4657
Reviewed-By: Martin Basti <mbasti at redhat.com>
commit 4e2ddfb5532c98dbab80a736391e98422c44dde8
Author: Martin Basti <mbasti at redhat.com>
Date: Wed Feb 25 12:37:57 2015 +0100
Remove unused method from ipap11pkcs helper module
Ticket: https://fedorahosted.org/freeipa/ticket/4657
Reviewed-By: Petr Spacek <pspacek at redhat.com>
commit 508ad92b7144496cfb46a1543762e7d9cca1c6b4
Author: Martin Basti <mbasti at redhat.com>
Date: Tue Feb 24 19:25:31 2015 +0100
Fix memory leaks in ipap11helper
Ticket: https://fedorahosted.org/freeipa/ticket/4657
Reviewed-By: Petr Spacek <pspacek at redhat.com>
commit c411d6a90819273e4b36d6b41b7c18aec0298ad7
Author: Martin Basti <mbasti at redhat.com>
Date: Wed Feb 11 14:05:46 2015 +0100
DNSSEC add support for CKM_RSA_PKCS_OAEP mechanism
Ticket: https://fedorahosted.org/freeipa/ticket/4657#comment:13
Reviewed-By: Petr Spacek <pspacek at redhat.com>
commit 5c3611481a5e0a4974ee368c60b8ef9ca34ea38a
Author: root <root at vm-035.idm.lab.eng.brq.redhat.com>
Date: Wed Mar 4 11:11:45 2015 +0100
Limit deadlocks between DS plugin DNA and slapi-nis
Deadlock can occur if DNA plugin (shared) config and Schema-compat plugin config
are updated at the same time.
Schema-compat should ignore update on DNA config.
https://fedorahosted.org/freeipa/ticket/4927
Reviewed-By: Jan Cholasta <jcholast at redhat.com>
commit 2a677a5a05793d8cf731845b2d7de90d6d76a38d
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu Mar 5 15:27:03 2015 +0200
add a TODO file
commit 253f9adae7968af8df8aab0ae2441d26112deb2b
Author: David Kupka <dkupka at redhat.com>
Date: Wed Mar 4 10:06:47 2015 -0500
Restore default.conf and use it to build API.
When restoring ipa after uninstallation we need to extract and load
configuration of the restored environment.
https://fedorahosted.org/freeipa/ticket/4896
Reviewed-By: Jan Cholasta <jcholast at redhat.com>
commit 0344f246c294d5dcdf19ec4dd851de48a55e6274
Author: David Kupka <dkupka at redhat.com>
Date: Thu Feb 26 04:44:26 2015 -0500
Use IPA CA certificate when available and ignore NO_TLS_LDAP when not.
ipa-client-automount is run after ipa-client-install so the CA certificate
should be available. If the certificate is not available and ipadiscovery.ipacheckldap
returns NO_TLS_LDAP warn user and try to continue.
https://fedorahosted.org/freeipa/ticket/4902
Reviewed-By: Martin Basti <mbasti at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
commit 4c24e667e7770788c5846aef89314173eb198bb5
Merge: 5983241 997da94
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu Mar 5 00:33:32 2015 +0200
Merge branch 'master' into master-next
commit 5983241bea31420cc1f49a88400ca10ca1c17185
Merge: 7f560c5 65a0b58
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu Mar 5 00:33:22 2015 +0200
Merge branch 'upstream' into master-next
commit ddd7fb6a68fd413b1561eab9c29bac18882e5efd
Author: Gabe <redhatrises at gmail.com>
Date: Thu Feb 26 09:56:22 2015 -0700
ipatests: Add tests for valid and invalid ipa-advise
- Add test for invalid run of the ipa-advise command
- Add tests for valid runs of the ipa-advise command
https://fedorahosted.org/freeipa/ticket/4029
Reviewed-By: Tomas Babej <tbabej at redhat.com>
commit 3ab7f551f86bee75b5260901352ec6538ebda50e
Author: Gabe <redhatrises at gmail.com>
Date: Wed Feb 25 12:50:24 2015 -0700
ipa-replica-prepare should document ipv6 options
https://fedorahosted.org/freeipa/ticket/4877
Reviewed-By: Tomas Babej <tbabej at redhat.com>
commit e8b3ed3596fe1906185eb1169ecaff2cb62ff8e3
Author: Sumit Bose <sbose at redhat.com>
Date: Tue Feb 24 18:32:43 2015 +0100
ipa-range-check: do not treat missing objects as error
Currently the range check plugin will return a 'Range Check error'
message if a ldapmodify operation tries to change a non-existing object.
Since the range check plugin does not need to care about non-existing
objects we can just return 0 indicating that the range check plugin has
done its work.
Resolves https://fedorahosted.org/freeipa/ticket/4924
Reviewed-By: Tomas Babej <tbabej at redhat.com>
commit 96624f21895cbf66e743a8fa7871c69fcdadab72
Author: Tomas Babej <tbabej at redhat.com>
Date: Mon Feb 23 16:16:01 2015 +0100
idviews: Use case-insensitive detection of Default Trust View
The usage of lowercased varsion of 'Default Trust View' can no
longer be used to bypass the validation.
https://fedorahosted.org/freeipa/ticket/4915
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
commit 840903c4970f934a8cab412ca203cb338ecac6ae
Author: Simo Sorce <simo at redhat.com>
Date: Fri Feb 20 08:52:24 2015 -0500
Stop including the DES algorythm from openssl.
Since we dropped support for LANMAN hashes we do not need DES from OpenSSL
anymore. Stop including an testing for it.
Test for the MD4 algorythm instead whichis still used for the NT Hashes.
Signed-off-by: Simo Sorce <simo at redhat.com>
Reviewed-By: Nathaniel McCallum <npmccallum at redhat.com>
commit ecbef04692dd3833a985b96d8d849a651c9b3055
Author: Simo Sorce <simo at redhat.com>
Date: Fri Feb 20 08:46:40 2015 -0500
Add a clear OpenSSL exception.
We are linking with OpenSSL in 2 files, so make it clear we intentionally
add a GPLv3 exception to allow that linking by third parties.
Signed-off-by: Simo Sorce <simo at redhat.com>
Reviewed-By: Nathaniel McCallum <npmccallum at redhat.com>
commit 4ddcca6435ad685582293b1bac588ea0615e94e4
Author: Martin Kosek <mkosek at redhat.com>
Date: Fri Feb 20 15:12:25 2015 +0100
Remove references to GPL v2.0 license
All FreeIPA original code should be licensed to GPL v3+ license,
update the respective files:
- daemons/ipa-slapi-plugins/ipa-dns/ipa_dns.c
Remove GPL v2.0 license files from LDIFs or template to keep
consistency.
Reviewed-By: Simo Sorce <ssorce at redhat.com>
commit 73f6d69adfa2c10c9e3534f59d047ade3782b051
Author: Tomas Babej <tbabej at redhat.com>
Date: Thu Feb 19 17:10:37 2015 +0100
ipalib: Make sure correct attribute name is referenced for fax
Fixes the invalid attribute name reference in the
'System: Read User Addressbook Attributes' permission.
https://fedorahosted.org/freeipa/ticket/4883
Reviewed-By: Martin Kosek <mkosek at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
commit 6667701315ab80986211dd45c8d02a709e6306b8
Author: Tomas Babej <tbabej at redhat.com>
Date: Mon Jan 26 16:29:29 2015 +0100
ipatests: Add coverage for adding and removing sshpubkeys in ID overrides
Adds xmlrpc tests for:
- Adding a user ID override with sshpubkey
- Modifying a user ID override to contain sshpubkey
- Removing a sshpubkey value from a user ID override
https://fedorahosted.org/freeipa/ticket/4868
Reviewed-By: Martin Kosek <mkosek at redhat.com>
commit bfef4d249634042ad95298d307850f194d898115
Author: Petr Vobornik <pvoborni at redhat.com>
Date: Thu Feb 19 12:54:47 2015 +0100
ipatests: add missing ssh object classes to idoverrideuser
Reviewed-By: Martin Kosek <mkosek at redhat.com>
commit 7f560c5da14ad36ce9c3d9f17aac756c093ad659
Author: Petr Vobornik <pvoborni at ipa.test.org>
Date: Wed Feb 18 14:18:54 2015 +0100
Become IPA 4.1.3
commit c985de1ee6429c49e6273a037478212e7ee301c8
Author: Martin Babinsky <mbabinsk at redhat.com>
Date: Wed Jan 14 15:57:45 2015 +0100
Changing the token owner changes also the manager
This works if the change is made to a token which is owned and managed by the
same person. The new owner then automatically becomes token's manager unless
the attribute 'managedBy' is explicitly set otherwise.
https://fedorahosted.org/freeipa/ticket/4681
Reviewed-By: Nathaniel McCallum <npmccallum at redhat.com>
commit 2dd54c9f33c25d6c32f96e7b85850cfa3a990930
Author: Martin Kosek <mkosek at redhat.com>
Date: Fri Jan 30 13:11:30 2015 +0100
group-detach does not add correct objectclasses
https://fedorahosted.org/freeipa/ticket/4874
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>
commit f1abbbca456adb74827230b073fa8a53746340af
Author: Petr Vobornik <pvoborni at redhat.com>
Date: Fri Feb 13 19:12:43 2015 +0100
Fix TOTP Synchronization Window label
Reviewed-By: Nathaniel McCallum <npmccallum at redhat.com>
commit 0ffe759d0909a23788c9b321b5ff27c0417a99f5
Author: Gabe <redhatrises at gmail.com>
Date: Wed Feb 11 09:21:59 2015 -0700
permission-add does not prompt for ipapermright in interactive mode
- Add flag "ask_create" to ipalib/plugins/permission.py
- Bump API version
https://fedorahosted.org/freeipa/ticket/4872
Reviewed-By: Martin Basti <mbasti at redhat.com>
commit f7e6102ebfd6e2a87bd584fc2fbbcb9945ac7753
Author: Martin Babinsky <mbabinsk at redhat.com>
Date: Fri Feb 13 17:53:27 2015 +0100
migrate-ds: exit with error message if no users/groups to migrate are found
'ipa migrate-ds' will now exit with error message if no suitable users/groups
are found on LDAP server during migration.
https://fedorahosted.org/freeipa/ticket/4846
Reviewed-By: David Kupka <dkupka at redhat.com>
commit 6d6e924b1fe154812d66277f55c485f210e9c32d
Author: Alexander Bokovoy <abokovoy at redhat.com>
Date: Wed Dec 10 14:59:38 2014 +0200
ipa-kdb: reject principals from disabled domains as a KDC policy
Fixes https://fedorahosted.org/freeipa/ticket/4788
Reviewed-By: Sumit Bose <sbose at redhat.com>
Reviewed-By: Simo Sorce <ssorce at redhat.com>
commit 0d3b4cd3ec1caa209534314bfa5720f0f8bce89f
Author: Alexander Bokovoy <abokovoy at redhat.com>
Date: Fri Dec 5 21:22:23 2014 +0200
ipa-kdb: when processing transitions, hand over unknown ones to KDC
When processing cross-realm trust transitions, let the KDC to handle
those we don't know about. Admins might define the transitions as
explicit [capaths] in krb5.conf.
https://fedorahosted.org/freeipa/ticket/4791
Reviewed-By: Sumit Bose <sbose at redhat.com>
Reviewed-By: Simo Sorce <ssorce at redhat.com>
commit 6162426999e75fdf907faf13f5a158d72ed91be5
Author: Simo Sorce <simo at redhat.com>
Date: Tue Feb 3 12:06:24 2015 -0500
Handle DAL ABI change in MIT 1.13
In this new MIT version the DAL interface changes slightly but
KRB5_KDB_DAL_MAJOR_VERSION was not changed.
Luckily KRB5_KDB_API_VERSION did change and that's enough to know
what to compile in.
Resolves: https://fedorahosted.org/freeipa/ticket/4861
Signed-off-by: Simo Sorce <simo at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
commit caf70a11b28edbe1e0ba1e7aac89b34e1cff6edb
Author: Jan Cholasta <jcholast at redhat.com>
Date: Mon Jan 12 09:01:09 2015 +0000
Bump 389-ds-base and pki-ca dependencies for POODLE fixes
https://fedorahosted.org/freeipa/ticket/4653
Reviewed-By: Jan Cholasta <jcholast at redhat.com>
commit 2f4ed3cb32ce4401b53ccdf955e0c1394d166b80
Author: Martin Basti <mbasti at redhat.com>
Date: Mon Jan 12 13:05:53 2015 +0100
Fix reference counting in pkcs11 extension
* removed unneeded reference increment
* added increment of Py_None
Part of ticket: https://fedorahosted.org/freeipa/ticket/4657
Reviewed-By: Jan Cholasta <jcholast at redhat.com>
commit 919f0db93f46b891030d26e76ee6e90f1c6f07be
Author: Martin Babinsky <mbabinsk at redhat.com>
Date: Fri Jan 30 14:24:15 2015 +0100
ipa-client-install: put eol character after the last line of altered config file(s)
https://fedorahosted.org/freeipa/ticket/4864
Reviewed-By: Martin Basti <mbasti at redhat.com>
commit d251e5219ef829ec6c559ffef9501ada882a5945
Author: Gabe <redhatrises at gmail.com>
Date: Mon Feb 9 20:44:31 2015 -0700
Typos in ipa-rmkeytab options help and man page
https://fedorahosted.org/freeipa/ticket/4890
Reviewed-By: Martin Kosek <mkosek at redhat.com>
commit 5bad375656723595d60abba494992c27accebbe9
Author: Martin Babinsky <mbabinsk at redhat.com>
Date: Wed Jan 28 16:28:50 2015 +0100
OTP: emit a log message when LDAP entry for config record is not found
This patch proposes a fix to the following defect found by covscan of FreeIPA
master code:
"""
Error: CHECKED_RETURN (CWE-252):
/daemons/ipa-slapi-plugins/libotp/otp_config.c:239: check_return: Calling
"slapi_search_internal_get_entry" without checking return value (as is done
elsewhere 14 out of 16 times).
/daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c:402:
example_checked: Example 1: "slapi_search_internal_get_entry(sdn, NULL,
&config_entry, ipaenrollment_plugin_id)" has its value checked in "(rc =
slapi_search_internal_get_entry(sdn, NULL, &config_entry,
ipaenrollment_plugin_id)) != 0".
/daemons/ipa-slapi-plugins/ipa-lockout/ipa_lockout.c:207: example_assign:
Example 2: Assigning: "ret" = return value from
"slapi_search_internal_get_entry(sdn, NULL, &config_entry, getPluginID())".
/daemons/ipa-slapi-plugins/ipa-lockout/ipa_lockout.c:212: example_checked:
Example 2 (cont.): "ret" has its value checked in "ret".
/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c:651: example_assign: Example
3: Assigning: "search_result" = return value from
"slapi_search_internal_get_entry(sdn, attrlist, e2, ipapwd_plugin_id)".
/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c:653: example_checked:
Example 3 (cont.): "search_result" has its value checked in "search_result !=
0". /daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c:1035: example_assign:
Example 4: Assigning: "ret" = return value from
"slapi_search_internal_get_entry(tmp_dn, NULL, &pwdop->pwdata.target,
ipapwd_plugin_id)".
/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c:1039:
example_checked: Example 4 (cont.): "ret" has its value checked in "ret != 0".
/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c:817: example_assign: Example 5:
Assigning: "ret" = return value from "slapi_search_internal_get_entry(tmp_dn,
NULL, &e, getPluginID())".
/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c:820: example_checked: Example 5
(cont.): "ret" has its value checked in "ret == 10".
"""
The patch is a part of series related to
https://fedorahosted.org/freeipa/ticket/4795
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
commit f28facb3f92224c5819d1e408487c7c198f83c84
Author: Martin Babinsky <mbabinsk at redhat.com>
Date: Wed Jan 28 16:28:01 2015 +0100
ipa-uuid: emit a message when unexpected mod type is encountered
This patch is related to the following defect reported by covscan of FreeIPA
master code:
"""
Error: DEADCODE (CWE-561): /daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c:796:
cond_const: Condition "modtype != 1", taking false branch. Now the value of
"modtype" is equal to 1.
/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c:796:
cond_const: Condition "modtype != 4", taking false branch. Now the value of
"modtype" is equal to 4.
/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c:941:
equality_cond: Jumping to case "1".
/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c:957: equality_cond: Jumping to
case "4".
/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c:940: intervals: When
switching on "modtype", the value of "modtype" must be in one of the following
intervals: {[1,1], [4,4]}.
/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c:940: dead_error_condition: The
switch value "modtype" cannot reach the default case.
/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c:1031: dead_error_begin:
Execution cannot reach this statement: "default:".
"""
The patch is a part of series related to
https://fedorahosted.org/freeipa/ticket/4795
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
commit b5d29c77746e2f4933f69969459227915f77bb92
Author: Martin Babinsky <mbabinsk at redhat.com>
Date: Wed Jan 28 16:27:19 2015 +0100
ipa-pwd-extop: added an informational comment about intentional fallthrough
This patch is related to this defect reported by covscan in FreeIPA code:
"""
Error: MISSING_BREAK (CWE-484):
/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c:631: unterminated_case: The
case for value "2" is not terminated by a 'break' statement.
/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c:638: fallthrough: The above
case falls through to this one.
"""
Added a comment informing about intentional falltrough in this place, so that
future generations reading the code don't get confused.
The patch is the part of a series related to
https://fedorahosted.org/freeipa/ticket/4795
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
commit 8242660cbad35306a2ad2f102a1277f0725b7a31
Author: Martin Babinsky <mbabinsk at redhat.com>
Date: Wed Jan 28 16:26:14 2015 +0100
OTP: failed search for the user of last token emits an error message
This patch fixes the following defect reported by covscan:
"""
Error: CHECKED_RETURN (CWE-252):
/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c:119:
check_return: Calling "slapi_search_internal_get_entry" without checking
return value (as is done elsewhere 14 out of 16 times).
/daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c:402:
example_checked: Example 1: "slapi_search_internal_get_entry(sdn, NULL,
&config_entry, ipaenrollment_plugin_id)" has its value checked in "(rc =
slapi_search_internal_get_entry(sdn, NULL, &config_entry,
ipaenrollment_plugin_id)) != 0".
/daemons/ipa-slapi-plugins/ipa-lockout/ipa_lockout.c:207:
example_assign: Example 2: Assigning: "ret" = return value from
"slapi_search_internal_get_entry(sdn, NULL, &config_entry, getPluginID())".
/daemons/ipa-slapi-plugins/ipa-lockout/ipa_lockout.c:212:
example_checked: Example 2 (cont.): "ret" has its value checked in "ret".
/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c:651:
example_assign: Example 3: Assigning: "search_result" = return value from
"slapi_search_internal_get_entry(sdn, attrlist, e2, ipapwd_plugin_id)".
/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c:653:
example_checked: Example 3 (cont.): "search_result" has its value checked in
"search_result != 0".
/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c:1035:
example_assign: Example 4: Assigning: "ret" = return value from
"slapi_search_internal_get_entry(tmp_dn, NULL, &pwdop->pwdata.target,
ipapwd_plugin_id)".
/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c:1039:
example_checked: Example 4 (cont.): "ret" has its value checked in "ret != 0".
/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c:817:
example_assign: Example 5: Assigning: "ret" = return value from
"slapi_search_internal_get_entry(tmp_dn, NULL, &e, getPluginID())".
/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c:820:
example_checked: Example 5 (cont.): "ret" has its value checked in "ret ==
More information about the Pkg-freeipa-devel
mailing list