[Pkg-freeipa-devel] freeipa: Changes to 'debian-unstable'
Timo Aaltonen
tjaalton-guest at alioth.debian.org
Sun Mar 18 08:11:45 UTC 2012
New branch 'debian-unstable' available with the following commits:
commit a29b24cfe0519a2710915cc2baf19834c6608ec1
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Sun Mar 18 10:09:00 2012 +0200
control: Update the maintainer address and repo location.
commit 1ab4bf744434ecff249a8bb381d67e065a940223
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Sun Mar 11 09:30:43 2012 +0200
control: client; Move libpam-krb5 to Suggests.
commit 0721c85c9b2976ca27b1add1b8acada50cba5087
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Fri Mar 2 12:41:52 2012 +0200
fix ipa_kpasswd initscript install path
commit e89ec31be4c2262c39015199fb1dba00268a348a
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Fri Mar 2 12:36:46 2012 +0200
really add create-client-dirs.patch
commit 7f6c2bb992723d9682fe765fb3fea4d1d46326d2
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Fri Mar 2 12:36:30 2012 +0200
Add DEP-3 compliant headers to the patches.
and drop obsolete patches
commit 3dfd8a91ee24ef9e134b714e797ecf361ce30417
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Fri Mar 2 12:19:14 2012 +0200
remove empty/obsolete README.{Debian,source}
commit 8f553aed98f34eebf3fcab29a77bcb348772ab57
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Fri Mar 2 12:16:48 2012 +0200
copyright: formatting fixes
commit 2bd171e7e67aabcb95622b9a144db38e3092874c
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Fri Mar 2 12:08:28 2012 +0200
bump the debhelper build-depends to 9
commit ec00aa321cad69db518926b5b0b4b3903f05ccfc
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Fri Mar 2 12:07:26 2012 +0200
remove debhelper temp files
commit 9d56b33e7dda2ca9e51c4a582a2b4fc552d526cf
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Fri Mar 2 12:05:59 2012 +0200
create-client-dirs.patch: Add a patch from upstream that creates /etc/ipa and /var/lib/ipa-client/sysrestore paths. Stop creating them in rules.
commit 17deb90d0a9454118514ea027b65f6adfedcd0e8
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Fri Feb 17 00:55:13 2012 +0200
fix compat version on the changelog
commit 35553bccee4e49b8f76ad043300c4e3c9611354e
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Fri Feb 17 00:54:01 2012 +0200
add the OpenSSL exception to copyright
commit ad17e81443e1a2647f736a3b45a04ee93768b031
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Fri Feb 17 00:21:46 2012 +0200
Use dh_python2.
commit 71f7e8b4214ab566af2917bdddecfc90ccef20ff
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Thu Feb 16 23:26:01 2012 +0200
fix-format-string.diff: Fix build errors, thanks Krzysztof Klimonda!
commit 4e1c7658f152831fa751f26a38de9a3275eabaa5
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Thu Feb 16 23:24:02 2012 +0200
rules: Strip the executable bit from translation files.
commit 8d7c2725994371d220450fde85a6cf5d9470eefb
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Thu Feb 16 23:14:48 2012 +0200
control: Add ${shlibs:Depends} to python-freeipa depends.
commit cd3d7b63cfe180be20b46d130195868d253b4a4e
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Thu Feb 16 23:13:08 2012 +0200
control: Add python-libipa-hbac to build-depends.
commit 9ff71a2a871a63eacd55fe87cc975d2891192151
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Thu Feb 16 23:12:25 2012 +0200
copyright: Updated.
commit 1dbfb814494c9381e3c1c58f0374937951ed3f71
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Thu Feb 16 22:27:17 2012 +0200
rename libdirsrv-dev build-dep to 389-ds-base-dev
commit 2d932c154bbd9e0bdbeda47dbcee696d77d85fb8
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Mon Jan 2 16:09:40 2012 +0200
various changes to enable server packaging
commit 83718fca87d8f7aeb2941bf81f064dc6d94b08c9
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Sat Dec 31 00:41:30 2011 +0200
bump the version
commit 7dd902290f5f9a5d6ca2f82816e2d95aa9d8bf90
Merge: 9118795 fc37d98
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Sat Dec 31 00:37:56 2011 +0200
Merge branch 'upstream-unstable' into debian-unstable
commit fc37d98b5d6b41a5d57d3d75659af5d8455ca6bb
Author: Rob Crittenden <rcritten at redhat.com>
Date: Mon Dec 5 16:45:02 2011 -0500
Become IPA 2.1.4
commit 1f6c69d41120f01ecb3002283aed6222954a55d8
Author: Rob Crittenden <rcritten at redhat.com>
Date: Mon Dec 5 16:43:01 2011 -0500
Remove extraneous trailing single quote in nis.uldif
commit 9f10fb20e918e867c44932b478275d9754265ee1
Author: Rob Crittenden <rcritten at redhat.com>
Date: Thu Oct 20 11:29:26 2011 -0400
Require an HTTP Referer header in the server. Send one in ipa tools.
This is to prevent a Cross-Site Request Forgery (CSRF) attack where
a rogue server tricks a user who was logged into the FreeIPA
management interface into visiting a specially-crafted URL where
the attacker could perform FreeIPA oonfiguration changes with the
privileges of the logged-in user.
https://bugzilla.redhat.com/show_bug.cgi?id=747710
commit 89d9ad428cf48a3aac55173ecf074e0a234a5ee5
Author: Evgeny Sinelnikov <sin at altlinux.ru>
Date: Sat Dec 3 09:44:38 2011 +0400
ipa_kpasswd: Update selinux policies for ldap and urandom
Fixes: https://fedorahosted.org/freeipa/ticket/2160
commit 455ce3c67e04bb7d0aa17c961f426ba4e073af84
Author: Martin Kosek <mkosek at redhat.com>
Date: Tue Nov 8 15:45:30 2011 +0100
Make ipa-server-install clean after itself
ipa-server-install may create some files in the first phase of
installation before the actual installation and configuring of
services starts. If the installation is interrupted, these files
may prevent installing the server again until IPA server is
uninstalled. This may be confusing and annoying for the user.
This patch safely recovers all known files that could be created
in the first phase of the installation. No clean up is done if
the actual installation has not started yet or the installation
returned success.
https://fedorahosted.org/freeipa/ticket/1980
commit 990553221fa53c7a294a80c07b8c89118ef6b3be
Author: Martin Kosek <mkosek at redhat.com>
Date: Mon Oct 17 13:56:21 2011 +0200
Enable automember for upgraded servers
automember functionality is depends on predefined data is in LDAP.
Since we add it for fresh installs only, automember cannot be used
for upgraded servers. Make sure that automember LDAP data is added
during upgrade too.
https://fedorahosted.org/freeipa/ticket/1992
commit 9eb703f408b01ece30e57e844bc533e3e459fb2c
Author: Ondrej Hamada <ohamada at redhat.com>
Date: Fri Nov 18 13:55:16 2011 +0100
Client install root privileges check
ipa-client-install was failing and returning traceback when
wasn't run by root. It was caused by logging initialization that
was taking part before the root privileges check. To correct it,
the check was moved before the logging initialization.
https://fedorahosted.org/freeipa/ticket/2123
commit 57841aad2939a8558b29e2cdde0ab651229deaf0
Author: Martin Kosek <mkosek at redhat.com>
Date: Wed Nov 16 09:22:41 2011 +0100
Let PublicError accept Gettext objects
Make sure that PublicError does not crash when it receives
Gettext/NGettext object. Instead of throwing a type error, do the
translation to receive the required unicode text.
https://fedorahosted.org/freeipa/ticket/2096
commit d301007e697b8dc6b67fe9c128f4a2b381cdf9d2
Author: Martin Kosek <mkosek at redhat.com>
Date: Tue Oct 25 15:34:45 2011 +0200
Fix ipa-managed-entries bind procedure
Make sure that when Directory Manager password is entered,
we directly do a simple bind instead of trying binding via GSSAPI.
Also capture ldap.INVALID_CREDENTIALS exception and provide nice
error message than crash.
https://fedorahosted.org/freeipa/ticket/1927
commit 452eaf5436bfff90c88d75f23c3f71e5be43eaec
Author: Rob Crittenden <rcritten at redhat.com>
Date: Tue Nov 8 17:04:26 2011 -0500
Don't allow default objectclass list to be empty.
https://fedorahosted.org/freeipa/ticket/1945
commit c6d19960d5efa1f896187d3239940abed3dbe9db
Author: Endi S. Dewata <edewata at redhat.com>
Date: Fri Nov 4 13:48:22 2011 -0500
Added current password field.
The reset password dialog for user has been modified to provide
a field to specify the current password when changing the user's
own password.
Ticket #2065
commit afece9771262ab6c9703631d4fca9e3dae43b691
Author: Simo Sorce <ssorce at redhat.com>
Date: Thu Nov 3 16:15:10 2011 -0400
Modify random salt creation for interoperability
port to ipa-2-1
ameneded math safety issue
See:
https://fedorahosted.org/freeipa/ticket/2038
commit 76c14525494a05ea623d082411180b015b502b05
Author: Martin Kosek <mkosek at redhat.com>
Date: Fri Nov 4 08:52:52 2011 +0100
Fix ipa-replica-conncheck port labels
https://fedorahosted.org/freeipa/ticket/2057
commit c960e0a4b0f74afd55d88c8bb20cc532351ee728
Author: Martin Kosek <mkosek at redhat.com>
Date: Thu Nov 3 11:08:26 2011 +0100
Fix ipa-server-install answer cache
Current Answer Cache storing mechanism is not ideal for storing
non-trivial Python types like arrays, custom classes, etc.
RawConfigParser just translates values to string, which
are not correctly decoded when the Answer Cache is parsed and
restored in the installer.
This patch replaces RawConfigParser with Python's standard pickle
module, which is a recommended way for serialization in Python.
https://fedorahosted.org/freeipa/ticket/2054
commit 911879543ad715f4e7964a1254a0a1db45d5c72b
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Wed Nov 2 09:19:54 2011 -0400
fix the debian platform code to start the correct daemons
commit b38a39ba0bc5cb25e1b92e59ffbb21019f23f4c1
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Wed Nov 2 09:13:16 2011 -0400
pass the supported platform option to make
commit 75dd956fd7ba02994600eb032c22c2ce05511ebc
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Wed Nov 2 09:03:25 2011 -0400
fix fix_dnsclient.py.patch typo
commit b582c79a2cff1a027f8f64a7a0c79d7f632e1442
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Nov 1 22:28:35 2011 -0400
client should depend on ntp instead of openntpd
commit 3f9041f41d8190e43103b03180e6697eab776f42
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Nov 1 20:00:09 2011 -0400
let pysupport handle the installation paths
commit a3520994066428674f19db6dcb4e93feb51a3c0f
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Nov 1 19:50:03 2011 -0400
add missing files to python-freeipa
commit f54adb995dfb4e6bde76ba15b079103d65d4d215
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Nov 1 19:40:30 2011 -0400
yet another python path fix
commit f7b06429d76765a5dbbc3c92b9fab9a7ed5fb05b
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Nov 1 19:30:59 2011 -0400
install phase needs to know it's not a git snapshot
commit c56f267f585ca9407d5a947e431da93942878a6c
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Nov 1 19:28:05 2011 -0400
fix paths some more
commit 9a5c464ae07ab81d4e2b384e10accc5086ef3359
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Nov 1 19:02:22 2011 -0400
add localization to python-freeipa
commit 51b4a207cb4c930255319a520de9d1977d7a0e93
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Nov 1 18:55:34 2011 -0400
Add --list-missing for dh_install.
commit c98d0cc5ef0031e7914824b6c044fd1b42a5c861
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Nov 1 18:54:19 2011 -0400
Add fix-python-path.patch to use --install-layout=deb.
commit 64a92a38a1a5a3afc822888dc18c5f2234b86821
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Nov 1 18:04:54 2011 -0400
fix clean some more
commit 535bac46cbd872498087428564ddf4ece492eb34
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Nov 1 17:52:25 2011 -0400
move version-update to dh_autoreconf
commit 5df39aac49990f79e42162ebda697a1229e372fc
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Nov 1 17:49:50 2011 -0400
fix clean
commit e2eb46a6bf36a66fc64d9c1780adb85ac3c0ac36
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Nov 1 17:00:10 2011 -0400
run version-update before autoconfigure
commit 51709c54fb7261011769cf369f65408f1b48871f
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Nov 1 15:31:20 2011 -0400
fix python installation paths
commit 90a54c3cc7e239ab9b28f6b5501c23712c74f3bc
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Nov 1 12:31:09 2011 -0400
Add missing files to freeipa.install.
commit 77b563c5d7f07002aad7e989b80cdcc4afd2ccf4
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Nov 1 12:12:14 2011 -0400
fix install override
commit bbdfca16d12874a698bbd07f8cd7e9c3a2130b2e
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Nov 1 12:02:08 2011 -0400
Bump compat to 8.
commit 7bc9b74b571e359337d8abf0fc7dc88cbce32204
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Nov 1 11:54:35 2011 -0400
don't run tests if building only the client
commit c27c73113097b46e04ff27e825fe7e9d3aa5ef12
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Nov 1 11:50:09 2011 -0400
fix configure phase
commit ec04537237495f59790fcf5748950ded3a68715e
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Nov 1 11:48:27 2011 -0400
Add no-testcert.patch to not fail make-testcert.
commit 9fddc744fa92782babee3c395c88518a0966ca4f
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Nov 1 10:53:18 2011 -0400
Add no-arrows.patch to not fail test_lang.
commit 4a5c019d71c0bb9d04cfa007791a0b4c8f0dd6b7
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Nov 1 09:53:04 2011 -0400
remove stray substvars file
commit 0be24fe96059d8fb60c1a7e614d9fcc4bc0facdd
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Nov 1 09:52:28 2011 -0400
Add include-stdint.patch from upstream to fix build errors.
commit 73f24a0ad989d6743022b9914e77f441ef8cefad
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Sat Oct 29 08:28:11 2011 +0300
fix silly mistakes in rules
commit fd9f36175f7bc084493a28319dfd3009bbe82e88
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Fri Oct 28 16:00:42 2011 +0300
rules: fix clean
commit 00bad901651a2deec2eb2bf0b579220dd0172166
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Fri Oct 28 15:57:29 2011 +0300
fix the platform name
commit a8e59d661940f2365b9778090509ba6084a62d8a
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Fri Oct 28 15:57:04 2011 +0300
Add add_debian.py.patch, platform support code.
commit 7992239b65a883017f2632ccbc1bb574d88059fb
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Fri Oct 28 15:44:52 2011 +0300
Add fix_dnsclient.py.patch, we don't use autconfig.
commit e6104fa819d3465a55c152e5c8c0dd368c558d78
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Fri Oct 28 15:42:24 2011 +0300
disable patch 02 for now
commit d1346314d7e30dd274976e39e7bacb04a68cd975
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Fri Oct 28 15:41:56 2011 +0300
fix patch 01 to apply
commit 4d6ea9704a09870c9de6aaffaa5d4d323be3621b
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Fri Oct 28 15:41:09 2011 +0300
add a conffile for dh_autoreconf
commit 90c7a287dd9973db79cfea39be205680734c8e6a
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Fri Oct 28 15:40:02 2011 +0300
Fix dependencies.
commit 88ab1f6e33d3ed7e3deb2eaf26e580966e8d4674
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Fri Oct 28 15:12:50 2011 +0300
Migrate to dh.
And build only the client for now. Server needs further work
commit e93ecbabbc05f29cf4a592c1ebc62f93acfb48ec
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Fri Oct 28 14:08:40 2011 +0300
Migrate to source format 3.0 (quilt).
commit a5d3cbc68b9e4a01b3eb2c818f2f95a5c64d847a
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Fri Oct 28 13:58:49 2011 +0300
janitorial
commit 194ae66ec6aa13dec4633381ede6a5d3ce216ae0
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Fri Oct 28 13:51:57 2011 +0300
update the vcs data
commit 60c21960ef58db0f335df2de26689f3836d78f5c
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Fri Oct 28 13:48:57 2011 +0300
wrap depends
commit b3eeede0e9e81b40cf159072da8e7e27a7ee8d8c
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Fri Oct 28 13:44:51 2011 +0300
Remove radius subpackages.
commit dd99473dcca559e8290b77120abddbd987d08145
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Fri Oct 28 13:42:53 2011 +0300
New upstream release.
commit 4026d69f556655c34859889b928d9f5b4e65f8ee
Merge: dbdbb4c c4ca29c
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Fri Oct 28 13:13:45 2011 +0300
Merge branch 'upstream' into debian
commit c10db54aeedad18e04a18d664687b147043b6bbd
Author: Rob Crittenden <rcritten at redhat.com>
Date: Wed Oct 26 17:42:59 2011 -0400
Fix nis netgroup config entry so users appear in netgroup triple.
https://fedorahosted.org/freeipa/ticket/2028
commit e366ae17f80ef9156295c1cbafbffeb8ea940a80
Author: Martin Kosek <mkosek at redhat.com>
Date: Tue Oct 4 10:52:47 2011 +0200
Fix ipa-managed-entries password option long form
https://fedorahosted.org/freeipa/ticket/1913
commit 7a5ff3bc205fb30b989988cfeb9f33c73d89e3fd
Author: Alexander Bokovoy <abokovoy at redhat.com>
Date: Tue Oct 25 18:41:32 2011 +0300
Quote multiple workers option
https://fedorahosted.org/freeipa/ticket/2023
commit fb7276f9c3a61821353b4560f7ff62faf547cc67
Author: Alexander Bokovoy <abokovoy at redhat.com>
Date: Mon Oct 17 12:21:40 2011 +0300
Update spec file to F-16
commit 5451328bc55fe964c61e7b87959310f9c6748cf8
Author: Alexander Bokovoy <abokovoy at redhat.com>
Date: Mon Oct 17 14:17:07 2011 +0300
Spin for connection success also when socket is not (yet) available
We were spinning for socket connection if attempt to connect returned errno 111
(connection refused). However, it is not enough for local AF_UNIX sockets as
heavy applications might not be able to start yet and therefore the whole path
might be missing. So spin for errno 2 (no such file or directory) as well.
Partial fix for
https://fedorahosted.org/freeipa/ticket/1990
commit 95d6a2256c6039c704fafe8fc5c8c85fb939c972
Author: Alexander Bokovoy <abokovoy at redhat.com>
Date: Mon Oct 10 15:25:15 2011 +0300
Add support for systemd environments and use it to support Fedora 16
https://fedorahosted.org/freeipa/ticket/1192
commit 7bde6a7da90dfc5f8953736f27cf9e17e82d14f2
Author: Rob Crittenden <rcritten at redhat.com>
Date: Tue Oct 18 13:32:36 2011 -0400
Fix problems in help system
Fixes 3 issues:
- If a topic has all its commands disabled, it should be disabled
- If a command is disabled its help should be disabled
- The show-mappings help was missing a doc string so no help was displayed
https://fedorahosted.org/freeipa/ticket/1998
commit 9b7639a89df70bdd5cbc29c0393ebe53395e566f
Author: John Dennis <jdennis at redhat.com>
Date: Tue Oct 18 18:19:25 2011 -0400
Ticket 1201 - Unable to Download Certificate with Browser
Certificates are passed through the IPA XML-RPC and JSON as binary
data in DER X509 format. Queries peformed against the LDAP server
also return binary DER X509 format. In all cases the binary DER
data is base-64 encoded.
PEM is standard text format for certificates. It also uses base64 to
encode the binary DER data, but had specific formatting
requirements. The base64 data must be wrapped inside PEM delimiters
and the base64 data must be line wrapped at 64 characters.
Most external software which accepts certificates as input will only
accept DER or PEM format (e.g. openssl & NSS). Although base64 is
closely related to PEM it is not PEM unless the PEM delimters are
present and the base64 data is line wrapped at 64 characters.
We already convert binary DER certificates which have been passed as
base64 in other parts of the IPA code. However this conversion has not
been available in the web UI. When the web UI presented certificates
it did so by filling a dialog box with a single line of base64 data. A
user could not copy this data and use it as input to openssl or NSS
for example.
We resolve this problem by introducing new javascript functions in
certificate.js. IPA.cert.pem_cert_format(text) will examine the text
input and if it's already in PEM format just return it unmodified,
otherwise it will line wrap the base64 data and add the PEM
delimiters. Thus it is safe to call on either a previously formated
PEM cert or a binary DER cert encoded as base64. This applies to
pem_csr_format() as well for CSR's.
Because pem_cert_format() is safe to call on either format the web UI
will see the use of the flag add_pem_delimiters was eliminated except
in the one case where the IPA.cert.download_dialog() was being abused
to display PKCS12 binary data (pkcs12 is neither a cert nor a cert
request). Because of the abuse of the cert.download_dialog() for
pkcs12 it was necessary to retain the flag which in effect said "do
not treat the data as PEM".
Modify the CSR (Certificate Signing Request) dialog box to accept a
PEM formatted CSR. Remove the artifical PEM delimiters above and below
the dialog box which were used to suggest the input needed to be sans
the delimiters. The dialog box continues to accept bare base64 thus
allowing either text format.
Also note this solves the display of certificate data in the UI
without touching anything existing code in the server or command line,
thus it's isolated.
commit 28692ef60fd4b3f277349613d4901e48857edefb
Author: Alexander Bokovoy <abokovoy at redhat.com>
Date: Mon Oct 17 00:23:26 2011 +0300
hbactest fails while you have svcgroup in hbacrule
https://fedorahosted.org/freeipa/ticket/1988
commit a2d0ca279441c669ee0dbd6469c546c371a5c925
Author: Martin Kosek <mkosek at redhat.com>
Date: Fri Oct 21 11:18:26 2011 +0200
Fix client krb5 domain mapping and DNS
Add Kerberos mapping for clients outside of server domain. Otherwise
certmonger had problems issuing the certificate. Also make sure that
client DNS records on the server are set before certmonger is started
and certificate is requested.
Based on Lars Sjostrom patch.
https://fedorahosted.org/freeipa/ticket/2006
commit c4ca29cfc2393481336880da20529a8b091100ad
Author: Rob Crittenden <rcritten at redhat.com>
Date: Mon Oct 17 15:47:42 2011 -0400
Become IPA 2.1.3
commit f3a5d4883666c7e04e23cb454e28ccc83c54f04a
Author: Petr Vobornik <pvoborni at redhat.com>
Date: Mon Oct 17 11:48:03 2011 +0200
Fixed: Unable to add external user for RunAs User for Sudo rules
https://fedorahosted.org/freeipa/ticket/1987
There is no way to add root or any external user as a RunAs User for a Sudo
Rule.
commit 5a3268fc7d731232844eb9391be722db2179f24c
Author: Martin Kosek <mkosek at redhat.com>
Date: Mon Oct 17 14:26:13 2011 +0200
Improve hostgroup/netgroup collision checks
When the NGP plugin is enabled, a managed netgroup is created for
every hostgroup. We already check that netgroup with the same
name does not exist and provide a meaningful error message.
However, this error message was also printed when a duplicate
hostgroup existed.
This patch checks for duplicate hostgroup existence first and
netgroup on the second place. It also makes sure that when NGP
plugin is (temporarily) disabled, a colliding netgroup cannot
be created.
https://fedorahosted.org/freeipa/ticket/1914
commit e365bc5379e38e2deb0e7ce88033e9e263cbd671
Author: Rob Crittenden <rcritten at redhat.com>
Date: Thu Oct 13 22:52:57 2011 -0400
Fix typo in invalid PTR record error message
https://fedorahosted.org/freeipa/ticket/1982
commit 3506dc8ed4e59f08c1094266482420744630f757
Author: Rob Crittenden <rcritten at redhat.com>
Date: Fri Oct 14 14:05:07 2011 -0400
If our domain is already configured in sssd.conf start with a new config.
https://fedorahosted.org/freeipa/ticket/1989
commit 1104a8898ca6d4e46f3671245703fe1ca8b40ec5
Author: Rob Crittenden <rcritten at redhat.com>
Date: Fri Oct 14 11:29:35 2011 -0400
Update all LDAP configuration files that we can.
LDAP can be configured in any number of places, we need to update everything
we find.
https://fedorahosted.org/freeipa/ticket/1986
commit cc0e30a1bbab1ee9823a1a80fe75654df2049a47
Author: Alexander Bokovoy <abokovoy at redhat.com>
Date: Fri Oct 14 17:40:26 2011 +0300
Use set class instead of dictview class as set is wider supported
commit c75b177dc6de395a377e56d772fc0b0762ec4814
Author: Rob Crittenden <rcritten at redhat.com>
Date: Fri Oct 14 09:36:26 2011 -0400
Handle an empty value in a name/value pair in config_replace_variables()
This would blow up if you tried to append a value to an entry that looked
like:
NAME=
https://fedorahosted.org/freeipa/ticket/1983
commit 0ead8b4194fe6c9403e4ed3ef595494fd0a912e8
Author: Rob Crittenden <rcritten at redhat.com>
Date: Fri Oct 14 08:36:38 2011 -0400
Set min nvr of 389-ds-base to 1.2.10-0.4.a4 for limits fixes (740942, 742324)
commit b73ac20a2b4e609a44e4a2071243f64c696885f4
Author: Martin Kosek <mkosek at redhat.com>
Date: Fri Oct 14 10:34:06 2011 +0200
Fix ipa-client-install -U option alignment
commit 440f96a373e45deffd01bf665851e910d994e521
Author: Alexander Bokovoy <abokovoy at redhat.com>
Date: Fri Oct 14 10:27:59 2011 +0300
Document --preserve-sssd option of ipa-client-install
Add documentation about --preserve-sssd, an ipa-client-install's option to
honor previously available SSSD configuration in case it is not possible to
merge it cleanly with the new one. In this case ipa-client-install will fail
and ask user to fix SSSD config before continuing.
Additional fix for
https://fedorahosted.org/freeipa/ticket/1750
https://fedorahosted.org/freeipa/ticket/1769
commit 2427d3bb6f7e20ef18d22ae547b57a03742da28f
Author: Rob Crittenden <rcritten at redhat.com>
Date: Thu Oct 13 18:34:23 2011 -0400
Add explicit instructions to ipa-replica-manage for winsync replication
https://fedorahosted.org/freeipa/ticket/1946
commit 16fc9f847c9f54dcb2e4ceea91bffdd0cb2c112d
Author: Rob Crittenden <rcritten at redhat.com>
Date: Thu Oct 13 17:58:27 2011 -0400
Save the value of hostname even if it doesn't appear in /etc/sysconfig/network
https://fedorahosted.org/freeipa/ticket/1871
commit 58918c4593fed9d546368483d4509798fbaa9322
Author: Martin Kosek <mkosek at redhat.com>
Date: Thu Oct 13 12:15:41 2011 +0200
Check /etc/hosts file in ipa-server-install
There may already be a record in /etc/hosts for chosen IP address
which may not be detected under some circumstances. Make sure
that /etc/hosts is checked properly.
https://fedorahosted.org/freeipa/ticket/1923
commit b8eafa43ac529a40e4c47005cb93adc1dec40b13
Author: Martin Kosek <mkosek at redhat.com>
Date: Thu Oct 13 12:16:15 2011 +0200
Hostname used by IPA must be a system hostname
Make sure that the hostname IPA uses is a system hostname. If user
passes a non-system hostname, update the network settings and
system hostname in the same way that ipa-client-install does.
This step should prevent various services failures which may not
be ready to talk to IPA with non-system hostname.
https://fedorahosted.org/freeipa/ticket/1931
commit 93feb5293236a5d0e22ae15eee35e7b9eb93e6e4
Author: Martin Kosek <mkosek at redhat.com>
Date: Fri Oct 7 14:23:20 2011 +0200
Check hostname resolution sanity
Always check (even with --setup-dns or --no-host-dns) that if the
host name or ip address resolves, it resolves to sane value. Otherwise
report an error. Misconfigured /etc/hosts causing these errors could
harm the installation later.
https://fedorahosted.org/freeipa/ticket/1923
commit edd334c67acf1f797103276c6e6a8978d9ff72e9
Author: Adam Young <ayoung at redhat.com>
Date: Thu Oct 13 14:48:55 2011 -0400
Fix dynamic display of UI tabs based on rights
Fixes the webui for the case wherea user is not admin but has a role. In
that case, the UI should show the full administrative tabset, but was
instead limited to the selfservice tabset.
The problem was rolegroup had been renamed to role but the UI hadn't
been updated to reflect this.
Addresses
https://bugzilla.redhat.com/show_bug.cgi?id=745957
https://fedorahosted.org/freeipa/ticket/1970
commit 411c303ae8a8eaa4076b36f641c363de98a97fcc
Author: Rob Crittenden <rcritten at redhat.com>
Date: Thu Oct 13 15:46:58 2011 -0400
Work around limits not being updatable in 389-ds.
The bug to fix updates, BZ 741744, isn't working. For the short
term add the attributes we want to update to the REPLACE
whitelist so rather than using an ADD and DEL operation it will
use a REPLACE.
https://fedorahosted.org/freeipa/ticket/1888
commit 36c63ee8eb8ab4d12feb0402e2fa58ada8a211ef
Author: Simo Sorce <ssorce at redhat.com>
Date: Tue Sep 27 14:59:21 2011 -0400
updates: Change default limits on ldap searches
Fixes: https://fedorahosted.org/freeipa/ticket/1867
https://fedorahosted.org/freeipa/ticket/1888
commit c0e647aa628c1c7e539ae73f4c0642534368c67c
Author: Rob Crittenden <rcritten at redhat.com>
Date: Thu Oct 13 13:07:49 2011 -0400
Fix has_upg() to work with relocated managed entries configuration.
https://fedorahosted.org/freeipa/ticket/1964
commit 7501b17895bc2cb3d25004646164d45686ca7b60
Author: Alexander Bokovoy <abokovoy at redhat.com>
Date: Wed Oct 12 19:14:55 2011 +0300
Refactor authconfig use in ipa-client-install
When certain features are being configured via authconfig, we need to
remember what was configured and what was the state before it so that
during uninstall we restore proper state of the services.
Mostly it affects sssd configuration with multiple domains but also
pre-existing LDAP and krb5 configurations.
This should fix following tickets:
https://fedorahosted.org/freeipa/ticket/1750
https://fedorahosted.org/freeipa/ticket/1769
commit c876461e10d57b49b3a692655c449dfbb125af17
Author: Martin Kosek <mkosek at redhat.com>
Date: Thu Oct 13 14:35:06 2011 +0200
Make IPv4 address parsing more strict
Let netaddr.IPAddress() use inet_pton() rather than inet_aton() for
IP address parsing. We will use the same function in IPv4/IPv6
conversions + be stricter and don't allow IP addresses such as
'1.1.1' at the same time.
https://fedorahosted.org/freeipa/ticket/1965
commit 5aa6e994d18c1caec29280b0c0e070e5f2f58740
Author: Martin Kosek <mkosek at redhat.com>
Date: Wed Oct 12 09:36:24 2011 +0200
Optimize member/memberof searches in LDAP
When investigating if member/memberof attribute is direct/indirect
we do a lot of LDAP SCOPE_SUBTREE searches when we actually search
just for one item. Make sure we search only with SCOPE_BASE to improve
the performance.
One not so efficient iteration was also changed to list comprehension
to speed things up a tiny bit.
https://fedorahosted.org/freeipa/ticket/1885
commit 7227ffe86485bcfc9d97ce302120cfae56541a03
Author: Martin Kosek <mkosek at redhat.com>
Date: Wed Oct 12 10:55:08 2011 +0200
ipa-client-install hangs if the discovered server is unresponsive
Add a timeout to the wget call to cover a case when autodiscovered
server does not response to our attempt to download ca.crt. Let
user specify a different IPA server in that case.
https://fedorahosted.org/freeipa/ticket/1960
commit 3608f85fcbab9c9dd3795508d277faaab5b4886b
Author: Martin Kosek <mkosek at redhat.com>
Date: Mon Oct 3 16:01:01 2011 +0200
Improve handling of GIDs when migrating groups
Since IPA v2 server already contain predefined groups that may collide
with groups in migrated (IPA v1) server (for example admins, ipausers),
users having colliding group as their primary group may happen to belong
to an unknown group on new IPA v2 server.
Implement --group-overwrite-gid option to overwrite GID of already
existing groups to prevent this issue.
https://fedorahosted.org/freeipa/ticket/1866
commit c4ef542164d8d1aed7b8bea1e6eda31194cc9a17
Author: John Dennis <jdennis at redhat.com>
Date: Tue Oct 11 16:19:54 2011 -0400
Ticket 1718 - Fix Spanish po translation file
There were quite errors in es.po, it was difficult or impossible to
track down where they came from, Transifex does not have good revision
history.
I fixed about 20% of the msgstr's in the file that had obvious
problems which could be spotted by a non-Spanish speaking person.
More information about the Pkg-freeipa-devel
mailing list