From b3b562596324be7855e36335f1197a9f35db1753 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Nov 02 2022 16:09:00 +0000 Subject: import ipa-4.6.8-5.el7_9.12 --- diff --git a/SOURCES/0032-idviews-use-cached-ipaOriginalUid-value-when-resolvi.patch b/SOURCES/0032-idviews-use-cached-ipaOriginalUid-value-when-resolvi.patch new file mode 100644 index 0000000..410c5f3 --- /dev/null +++ b/SOURCES/0032-idviews-use-cached-ipaOriginalUid-value-when-resolvi.patch @@ -0,0 +1,51 @@ +From fef36da6e8d5f6f057a80c7b9bca0eae2ed2c367 Mon Sep 17 00:00:00 2001 +From: Alexander Bokovoy +Date: Thu, 9 Jun 2022 18:29:59 +0300 +Subject: [PATCH] idviews: use cached ipaOriginalUid value when resolving ID + override anchor + +For ID overrides 'ipaOriginalUid' value should be the human-readable +version of the ID override anchor. Since we would have it already set in +the ID override entry, prefer using it instead of looking up the +override anchor. + +This should speed up significantly operations which list all ID +overrides in the view, like Web UI views. + +Fixes: https://pagure.io/freeipa/issue/9178 +Signed-off-by: Alexander Bokovoy +Reviewed-By: Rob Crittenden +--- + ipaserver/plugins/idviews.py | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/ipaserver/plugins/idviews.py b/ipaserver/plugins/idviews.py +index 018c1f6056f514c5c99e6b47c7d78c2c7165bf55..7dc298a14ec7d7cce85f631e00675fea93800493 100644 +--- a/ipaserver/plugins/idviews.py ++++ b/ipaserver/plugins/idviews.py +@@ -746,8 +746,12 @@ class baseidoverride(LDAPObject): + + def convert_anchor_to_human_readable_form(self, entry_attrs, **options): + if not options.get('raw'): +- anchor = entry_attrs.single_value['ipaanchoruuid'] ++ if 'ipaoriginaluid' in entry_attrs: ++ originaluid = entry_attrs.single_value['ipaoriginaluid'] ++ entry_attrs.single_value['ipaanchoruuid'] = originaluid ++ return + ++ anchor = entry_attrs.single_value['ipaanchoruuid'] + if anchor: + try: + object_name = resolve_anchor_to_object_name( +@@ -991,7 +995,7 @@ class idoverrideuser(baseidoverride): + original_uid = resolve_anchor_to_object_name(self.backend, + self.override_object, + anchor) +- entry_attrs['ipaOriginalUid'] = original_uid ++ entry_attrs['ipaoriginaluid'] = original_uid + + except (errors.NotFound, errors.ValidationError): + # Anchor could not be resolved, this means we had to specify the +-- +2.37.3 + diff --git a/SOURCES/0033-ipa-otptoken-sync-return-error-when-sync-fails.patch b/SOURCES/0033-ipa-otptoken-sync-return-error-when-sync-fails.patch new file mode 100644 index 0000000..06f1bad --- /dev/null +++ b/SOURCES/0033-ipa-otptoken-sync-return-error-when-sync-fails.patch @@ -0,0 +1,78 @@ +From 5458c241af90f0fd7e06b5aac40171da7f08d038 Mon Sep 17 00:00:00 2001 +From: Florence Blanc-Renaud +Date: Wed, 28 Sep 2022 12:39:07 +0200 +Subject: [PATCH] ipa otptoken-sync: return error when sync fails + +The command ipa otptoken-sync does not properly handle +errors happening during the synchronization step. + +- Even if an error is detected (such as invalid password +provided), the command exits with return code = 0. An +error message is displayed but the exit code should be 1. + +- When an invalid token is provided, the token is not +synchronized but the error is not reported back to the +ipa otptoken-sync command. + +The first issue can be fixed by raising an exception when +the HTTP response contains an header with an error. +The second issue is fixed by returning LDAP_INVALID_CREDENTIALS +to ldap bind with the sync control if synchronization fails. + +Fixes: https://pagure.io/freeipa/issue/9248 + +Signed-off-by: Florence Blanc-Renaud +Reviewed-By: Rob Crittenden +--- + daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c | 3 +++ + ipaclient/plugins/otptoken.py | 13 ++++++++----- + 2 files changed, 11 insertions(+), 5 deletions(-) + +diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c +index ee5be3eba02b219f13e8771ce8ba6d510f1c397b..edf45df5957117771418f574cb1babab7ebaf0ed 100644 +--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c ++++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c +@@ -1502,6 +1502,9 @@ static int ipapwd_pre_bind(Slapi_PBlock *pb) + } + } + ++ /* Reset rc to make sure errors are reported*/ ++ rc = LDAP_INVALID_CREDENTIALS; ++ + /* Authenticate the user. */ + ret = ipapwd_authenticate(dn, entry, credentials); + if (ret) { +diff --git a/ipaclient/plugins/otptoken.py b/ipaclient/plugins/otptoken.py +index 14dee751c8f36a676c9115fbed0db1eca9ba0f1c..3f389c46be2feedf0bb7cb95bd451bf0e6fe6333 100644 +--- a/ipaclient/plugins/otptoken.py ++++ b/ipaclient/plugins/otptoken.py +@@ -22,6 +22,7 @@ import sys + + from ipaclient.frontend import MethodOverride + from ipalib import api, Str, Password, _ ++from ipalib import errors + from ipalib.messages import add_message, ResultFormattingError + from ipalib.plugable import Registry + from ipalib.frontend import Local +@@ -180,11 +181,13 @@ class otptoken_sync(Local): + status['result'][self.header] = rsp.info().get(self.header, 'unknown') + rsp.close() + ++ if status['result'][self.header] != "ok": ++ msg = {'error': 'Error contacting server!', ++ 'invalid-credentials': 'Invalid Credentials!', ++ }.get(status['result'][self.header], 'Unknown Error!') ++ raise errors.ExecutionError( ++ message=_("Unable to synchronize token: %s") % msg) + return status + + def output_for_cli(self, textui, result, *keys, **options): +- textui.print_plain({ +- 'ok': 'Token synchronized.', +- 'error': 'Error contacting server!', +- 'invalid-credentials': 'Invalid Credentials!', +- }.get(result['result'][self.header], 'Unknown Error!')) ++ textui.print_plain('Token synchronized.') +-- +2.37.3 + diff --git a/SOURCES/0034-ipatests-add-negative-test-for-otptoken-sync.patch b/SOURCES/0034-ipatests-add-negative-test-for-otptoken-sync.patch new file mode 100644 index 0000000..6d0ef2d --- /dev/null +++ b/SOURCES/0034-ipatests-add-negative-test-for-otptoken-sync.patch @@ -0,0 +1,110 @@ +From 1bfea5967bb909e1b1bdc3267368e1465f7c9345 Mon Sep 17 00:00:00 2001 +From: Florence Blanc-Renaud +Date: Wed, 28 Sep 2022 12:45:52 +0200 +Subject: [PATCH] ipatests: add negative test for otptoken-sync + +Scenario: call ipa otptoken-sync with +- an invalid password +- an invalid first token (containing non-digits) +- an invalid sequence of tokens + +The test expects a return code = 1. + +Related: https://pagure.io/freeipa/issue/9248 +Signed-off-by: Florence Blanc-Renaud +Reviewed-By: Rob Crittenden +--- + ipatests/test_integration/test_otp.py | 77 +++++++++++++++++++++++++++ + 1 file changed, 77 insertions(+) + +diff --git a/ipatests/test_integration/test_otp.py b/ipatests/test_integration/test_otp.py +index 036b8d12c7e8d872204a31fa6b7ed0e151bed86b..32b41b79ad8bf44a298b28c259351d5a71a7e9ea 100644 +--- a/ipatests/test_integration/test_otp.py ++++ b/ipatests/test_integration/test_otp.py +@@ -184,6 +184,83 @@ class TestOTPToken(IntegrationTest): + + del_otptoken(master, otpuid) + ++ @pytest.fixture ++ def desynchronized_hotp(self): ++ """ Create an hotp token for user """ ++ tasks.kinit_admin(self.master) ++ otpuid, hotp = add_otptoken(self.master, USER, otptype="hotp") ++ ++ # skipping too many OTP fails ++ otp1 = hotp.generate(10).decode("ascii") ++ kinit_otp(self.master, USER, password=PASSWORD, otp=otp1, success=False) ++ # Now the token is desynchronized ++ yield (otpuid, hotp) ++ ++ del_otptoken(self.master, otpuid) ++ ++ def test_otptoken_sync_incorrect_password(self, desynchronized_hotp): ++ """ Test if sync fails when incorrect password is provided """ ++ otpuid, hotp = desynchronized_hotp ++ ++ otp2 = hotp.generate(20).decode("ascii") ++ otp3 = hotp.generate(21).decode("ascii") ++ ++ # Try to sync with a wrong password ++ result = self.master.run_command( ++ ["ipa", "otptoken-sync", "--user", USER, otpuid], ++ stdin_text=f"invalidpwd\n{otp2}\n{otp3}\n", raiseonerr=False ++ ) ++ assert result.returncode == 1 ++ assert "Invalid Credentials!" in result.stderr_text ++ ++ # Now sync with the right values ++ self.master.run_command( ++ ["ipa", "otptoken-sync", "--user", USER, otpuid], ++ stdin_text=f"{PASSWORD}\n{otp2}\n{otp3}\n" ++ ) ++ ++ def test_otptoken_sync_incorrect_first_value(self, desynchronized_hotp): ++ """ Test if sync fails when incorrect 1st token value is provided """ ++ otpuid, hotp = desynchronized_hotp ++ ++ otp2 = "12345a" ++ otp3 = hotp.generate(20).decode("ascii") ++ otp4 = hotp.generate(21).decode("ascii") ++ ++ # Try to sync with a wrong first value (contains non-digit) ++ result = self.master.run_command( ++ ["ipa", "otptoken-sync", "--user", USER, otpuid], ++ stdin_text=f"{PASSWORD}\n{otp2}\n{otp3}\n", raiseonerr=False ++ ) ++ assert result.returncode == 1 ++ assert "Invalid Credentials!" in result.stderr_text ++ ++ # Now sync with the right values ++ self.master.run_command( ++ ["ipa", "otptoken-sync", "--user", USER, otpuid], ++ stdin_text=f"{PASSWORD}\n{otp3}\n{otp4}\n" ++ ) ++ ++ def test_otptoken_sync_incorrect_second_value(self, desynchronized_hotp): ++ """ Test if sync fails when incorrect 2nd token value is provided """ ++ otpuid, hotp = desynchronized_hotp ++ ++ otp2 = hotp.generate(20).decode("ascii") ++ otp3 = hotp.generate(21).decode("ascii") ++ # Try to sync with wrong order ++ result = self.master.run_command( ++ ["ipa", "otptoken-sync", "--user", USER, otpuid], ++ stdin_text=f"{PASSWORD}\n{otp3}\n{otp2}\n", raiseonerr=False ++ ) ++ assert result.returncode == 1 ++ assert "Invalid Credentials!" in result.stderr_text ++ ++ # Now sync with the right order ++ self.master.run_command( ++ ["ipa", "otptoken-sync", "--user", USER, otpuid], ++ stdin_text=f"{PASSWORD}\n{otp2}\n{otp3}\n" ++ ) ++ + def test_totp(self): + master = self.master + +-- +2.37.3 + diff --git a/SOURCES/0035-ipatests-python2-does-not-support-f-strings.patch b/SOURCES/0035-ipatests-python2-does-not-support-f-strings.patch new file mode 100644 index 0000000..bdcada3 --- /dev/null +++ b/SOURCES/0035-ipatests-python2-does-not-support-f-strings.patch @@ -0,0 +1,86 @@ +From bd555a05d0598b3ab65a50bcff431c2e00652b87 Mon Sep 17 00:00:00 2001 +From: Florence Blanc-Renaud +Date: Thu, 29 Sep 2022 16:10:10 +0200 +Subject: [PATCH] ipatests: python2 does not support f-strings + +Adapt the code in ipatests/test_integration/test_otp.py to python2 + +Related: https://pagure.io/freeipa/issue/9248 +Signed-off-by: Florence Blanc-Renaud +Reviewed-By: Rob Crittenden +--- + ipatests/test_integration/test_otp.py | 16 ++++++++++------ + 1 file changed, 10 insertions(+), 6 deletions(-) + +diff --git a/ipatests/test_integration/test_otp.py b/ipatests/test_integration/test_otp.py +index 32b41b79ad8bf44a298b28c259351d5a71a7e9ea..1df4d46a2551835ceb8fea8c70255afcb95b54f3 100644 +--- a/ipatests/test_integration/test_otp.py ++++ b/ipatests/test_integration/test_otp.py +@@ -30,6 +30,7 @@ except ImportError: + PASSWORD = "DummyPassword123" + USER = "opttestuser" + ARMOR = "/tmp/armor" ++OTP_SYNC_INPUT="{}\n{}\n{}\n" + logger = logging.getLogger(__name__) + + +@@ -208,7 +209,8 @@ class TestOTPToken(IntegrationTest): + # Try to sync with a wrong password + result = self.master.run_command( + ["ipa", "otptoken-sync", "--user", USER, otpuid], +- stdin_text=f"invalidpwd\n{otp2}\n{otp3}\n", raiseonerr=False ++ stdin_text=OTP_SYNC_INPUT.format("invalidpwd", otp2, otp3), ++ raiseonerr=False + ) + assert result.returncode == 1 + assert "Invalid Credentials!" in result.stderr_text +@@ -216,7 +218,7 @@ class TestOTPToken(IntegrationTest): + # Now sync with the right values + self.master.run_command( + ["ipa", "otptoken-sync", "--user", USER, otpuid], +- stdin_text=f"{PASSWORD}\n{otp2}\n{otp3}\n" ++ stdin_text=OTP_SYNC_INPUT.format(PASSWORD, otp2, otp3) + ) + + def test_otptoken_sync_incorrect_first_value(self, desynchronized_hotp): +@@ -230,7 +232,8 @@ class TestOTPToken(IntegrationTest): + # Try to sync with a wrong first value (contains non-digit) + result = self.master.run_command( + ["ipa", "otptoken-sync", "--user", USER, otpuid], +- stdin_text=f"{PASSWORD}\n{otp2}\n{otp3}\n", raiseonerr=False ++ stdin_text=OTP_SYNC_INPUT.format(PASSWORD, otp2, otp3), ++ raiseonerr=False + ) + assert result.returncode == 1 + assert "Invalid Credentials!" in result.stderr_text +@@ -238,7 +241,7 @@ class TestOTPToken(IntegrationTest): + # Now sync with the right values + self.master.run_command( + ["ipa", "otptoken-sync", "--user", USER, otpuid], +- stdin_text=f"{PASSWORD}\n{otp3}\n{otp4}\n" ++ stdin_text=OTP_SYNC_INPUT.format(PASSWORD, otp3, otp4) + ) + + def test_otptoken_sync_incorrect_second_value(self, desynchronized_hotp): +@@ -250,7 +253,8 @@ class TestOTPToken(IntegrationTest): + # Try to sync with wrong order + result = self.master.run_command( + ["ipa", "otptoken-sync", "--user", USER, otpuid], +- stdin_text=f"{PASSWORD}\n{otp3}\n{otp2}\n", raiseonerr=False ++ stdin_text=OTP_SYNC_INPUT.format(PASSWORD, otp3, otp2), ++ raiseonerr=False + ) + assert result.returncode == 1 + assert "Invalid Credentials!" in result.stderr_text +@@ -258,7 +262,7 @@ class TestOTPToken(IntegrationTest): + # Now sync with the right order + self.master.run_command( + ["ipa", "otptoken-sync", "--user", USER, otpuid], +- stdin_text=f"{PASSWORD}\n{otp2}\n{otp3}\n" ++ stdin_text=OTP_SYNC_INPUT.format(PASSWORD, otp2, otp3) + ) + + def test_totp(self): +-- +2.37.3 + diff --git a/SOURCES/0036-Fix-otptoken_sync-plugin.patch b/SOURCES/0036-Fix-otptoken_sync-plugin.patch new file mode 100644 index 0000000..931081a --- /dev/null +++ b/SOURCES/0036-Fix-otptoken_sync-plugin.patch @@ -0,0 +1,55 @@ +From bfe2e6a96570102d3485200c476510b5b0d6f9ba Mon Sep 17 00:00:00 2001 +From: Christian Heimes +Date: Thu, 28 Nov 2019 11:44:27 +0100 +Subject: [PATCH] Fix otptoken_sync plugin + +The plugin had two bugs: + +For one it did not work under Python 3 because urlencode() returns a string +but HTTPSHandler expects bytes as data argument. + +The primary key field name is not available in client plugins. Just pass +the token name and let server code convert the name to DN. + +Fixes: https://pagure.io/freeipa/issue/7804 +Signed-off-by: Christian Heimes +Reviewed-By: Alexander Bokovoy +Reviewed-By: Rob Crittenden +--- + ipaclient/plugins/otptoken.py | 11 +++++------ + 1 file changed, 5 insertions(+), 6 deletions(-) + +diff --git a/ipaclient/plugins/otptoken.py b/ipaclient/plugins/otptoken.py +index 3f389c46be2feedf0bb7cb95bd451bf0e6fe6333..e2dcb04a66648276b3f5dd033d048ab6df611b42 100644 +--- a/ipaclient/plugins/otptoken.py ++++ b/ipaclient/plugins/otptoken.py +@@ -27,7 +27,6 @@ from ipalib.messages import add_message, ResultFormattingError + from ipalib.plugable import Registry + from ipalib.frontend import Local + from ipalib.util import create_https_connection +-from ipapython.dn import DN + from ipapython.version import API_VERSION + + import locale +@@ -162,13 +161,13 @@ class otptoken_sync(Local): + sync_uri = urllib.parse.urlunparse(segments) + + # Prepare the query. +- query = {k: v for k, v in kwargs.items() +- if k in {x.name for x in self.takes_options}} ++ options = {x.name for x in self.takes_options} ++ query = {k: v for k, v in kwargs.items() if k in options} + if args and args[0] is not None: +- obj = self.api.Object.otptoken +- query['token'] = DN((obj.primary_key.name, args[0]), +- obj.container_dn, self.api.env.basedn) ++ # sync_token converts token name to token DN ++ query['token'] = args[0] + query = urllib.parse.urlencode(query) ++ query = query.encode('utf-8') + + # Sync the token. + # pylint: disable=E1101 +-- +2.37.3 + diff --git a/SOURCES/1001-Change-branding-to-IPA-and-Identity-Management.patch b/SOURCES/1001-Change-branding-to-IPA-and-Identity-Management.patch index 30398c9..73d9e4c 100644 --- a/SOURCES/1001-Change-branding-to-IPA-and-Identity-Management.patch +++ b/SOURCES/1001-Change-branding-to-IPA-and-Identity-Management.patch @@ -1,4 +1,4 @@ -From 1487b30fc127c54098ebb796847f72a98b2d9c22 Mon Sep 17 00:00:00 2001 +From 30f0bf5c45dfa3febbad283a248d942839957c11 Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Tue, 14 Mar 2017 15:48:07 +0000 Subject: [PATCH] Change branding to IPA and Identity Management @@ -1106,5 +1106,5 @@ index 643215985e932cae6e8d954596194032655b25d4..68baa0174ed88ede3f42092fb68150b5 """) + _(""" To enable the binddn run the following command to set the password: -- -2.34.3 +2.37.3 diff --git a/SOURCES/1002-Package-copy-schema-to-ca.py.patch b/SOURCES/1002-Package-copy-schema-to-ca.py.patch index f2f5ca2..d6b46fb 100644 --- a/SOURCES/1002-Package-copy-schema-to-ca.py.patch +++ b/SOURCES/1002-Package-copy-schema-to-ca.py.patch @@ -1,4 +1,4 @@ -From 0c5a4fa341964fd8c08cd7bfa7b2cc2ee2c839e4 Mon Sep 17 00:00:00 2001 +From eeebacdeaf864935f30221fdaa11ee56f07b7090 Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Tue, 14 Mar 2017 16:07:15 +0000 Subject: [PATCH] Package copy-schema-to-ca.py @@ -40,5 +40,5 @@ index 922185c4b948fa7a5d1bcab6b2be3b34e99f66d4..8fead26f50cb4f045db6d60f9ca71dd9 -- -2.34.3 +2.37.3 diff --git a/SOURCES/1003-Revert-Increased-mod_wsgi-socket-timeout.patch b/SOURCES/1003-Revert-Increased-mod_wsgi-socket-timeout.patch index 0cbf698..df8851a 100644 --- a/SOURCES/1003-Revert-Increased-mod_wsgi-socket-timeout.patch +++ b/SOURCES/1003-Revert-Increased-mod_wsgi-socket-timeout.patch @@ -1,4 +1,4 @@ -From 7531be93bf9c67b8c0137b87f70c47afa157f342 Mon Sep 17 00:00:00 2001 +From f96e4f5e24998cec67417d6401c36116e19fc253 Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Wed, 22 Jun 2016 13:53:46 +0200 Subject: [PATCH] Revert "Increased mod_wsgi socket-timeout" @@ -24,5 +24,5 @@ index 912a63c2240e0681dfbeeac223a902b15b304716..c5fc518f803d379287043b405efeb46d WSGIImportScript /usr/share/ipa/wsgi.py process-group=ipa application-group=ipa WSGIScriptAlias /ipa /usr/share/ipa/wsgi.py -- -2.34.3 +2.37.3 diff --git a/SOURCES/1004-Remove-csrgen.patch b/SOURCES/1004-Remove-csrgen.patch index 7d4b284..8600207 100644 --- a/SOURCES/1004-Remove-csrgen.patch +++ b/SOURCES/1004-Remove-csrgen.patch @@ -1,4 +1,4 @@ -From 85b0a51d4ffc2c22a13dca3f29e569357922bd47 Mon Sep 17 00:00:00 2001 +From 84addcb2cbdd327947a6c5849f31ac2a06177443 Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Thu, 16 Mar 2017 09:44:21 +0000 Subject: [PATCH] Remove csrgen @@ -403,5 +403,5 @@ index 79111ab686b4fe25227796509b3cd3fcb54af728..00000000000000000000000000000000 @@ -1 +0,0 @@ -{{ options|join(";") }} -- -2.34.3 +2.37.3 diff --git a/SOURCES/1005-Removing-filesystem-encoding-check.patch b/SOURCES/1005-Removing-filesystem-encoding-check.patch index 9ea1ff2..ec4d5bf 100644 --- a/SOURCES/1005-Removing-filesystem-encoding-check.patch +++ b/SOURCES/1005-Removing-filesystem-encoding-check.patch @@ -1,4 +1,4 @@ -From abc706d992c4b5b73eeab41ec1a02931371ca7f9 Mon Sep 17 00:00:00 2001 +From b4fc9155939f8ac9e356a9a3601f1625bade1d16 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tibor=20Dudl=C3=A1k?= Date: Fri, 10 Aug 2018 13:16:38 +0200 Subject: [PATCH] Removing filesystem encoding check @@ -126,5 +126,5 @@ index b660532bd6e8db964b8287845ed1b5ebbcb43b9b..60309c58f250a263c8c3d13b0b47773b IPA_NOT_CONFIGURED = b'IPA is not configured on this system' IPA_CLIENT_NOT_CONFIGURED = b'IPA client is not configured on this system' -- -2.34.3 +2.37.3 diff --git a/SPECS/ipa.spec b/SPECS/ipa.spec index 97e4cf5..08a259e 100644 --- a/SPECS/ipa.spec +++ b/SPECS/ipa.spec @@ -103,7 +103,7 @@ Name: ipa Version: %{IPA_VERSION} -Release: 5%{?dist}.11 +Release: 5%{?dist}.12 Summary: The Identity, Policy and Audit system Group: System Environment/Base @@ -111,9 +111,9 @@ License: GPLv3+ URL: http://www.freeipa.org/ Source0: https://releases.pagure.org/freeipa/freeipa-%{version}.tar.gz # RHEL spec file only: START: Change branding to IPA and Identity Management -#Source1: header-logo.png -#Source2: login-screen-background.jpg -#Source4: product-name.png +Source1: header-logo.png +Source2: login-screen-background.jpg +Source4: product-name.png # RHEL spec file only: END: Change branding to IPA and Identity Management BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -149,6 +149,11 @@ Patch0028: 0028-extdom-return-LDAP_NO_SUCH_OBJECT-if-domains-differ.patch Patch0029: 0029-Fix-cert_request-for-KDC-cert.patch Patch0030: 0030-SMB-switch-IPA-domain-controller-role.patch Patch0031: 0031-WebUI-Add-confirmation-dialog-for-changing-default-u.patch +Patch0032: 0032-idviews-use-cached-ipaOriginalUid-value-when-resolvi.patch +Patch0033: 0033-ipa-otptoken-sync-return-error-when-sync-fails.patch +Patch0034: 0034-ipatests-add-negative-test-for-otptoken-sync.patch +Patch0035: 0035-ipatests-python2-does-not-support-f-strings.patch +Patch0036: 0036-Fix-otptoken_sync-plugin.patch Patch1001: 1001-Change-branding-to-IPA-and-Identity-Management.patch Patch1002: 1002-Package-copy-schema-to-ca.py.patch Patch1003: 1003-Revert-Increased-mod_wsgi-socket-timeout.patch @@ -405,10 +410,7 @@ Requires: oddjob Requires: gssproxy >= 0.7.0-2 # 1.15.2: FindByNameAndCertificate (https://pagure.io/SSSD/sssd/issue/3050) Requires: sssd-dbus >= 1.15.2 - -%if 0%{?centos} == 0 Requires: system-logos >= 70.7.0 -%endif Provides: %{alt_name}-server = %{version} Conflicts: %{alt_name}-server @@ -965,9 +967,9 @@ cp -r %{_builddir}/freeipa-%{version} %{_builddir}/freeipa-%{version}-python3 # with_python3 # RHEL spec file only: START: Change branding to IPA and Identity Management -#cp %SOURCE1 install/ui/images/header-logo.png -#cp %SOURCE2 install/ui/images/login-screen-background.jpg -#cp %SOURCE4 install/ui/images/product-name.png +cp %SOURCE1 install/ui/images/header-logo.png +cp %SOURCE2 install/ui/images/login-screen-background.jpg +cp %SOURCE4 install/ui/images/product-name.png # RHEL spec file only: END: Change branding to IPA and Identity Management @@ -991,8 +993,7 @@ find \ %configure --with-vendor-suffix=-%{release} \ %{enable_server_option} \ %{with_ipatests_option} \ - %{linter_options} \ - --with-ipaplatform=rhel + %{linter_options} %make_build @@ -1013,8 +1014,7 @@ find \ %configure --with-vendor-suffix=-%{release} \ %{enable_server_option} \ %{with_ipatests_option} \ - %{linter_options} \ - --with-ipaplatform=rhel + %{linter_options} popd %endif # with_python3 @@ -1101,11 +1101,9 @@ ln -s %{_bindir}/ipa-test-task-%{python2_version} %{buildroot}%{_bindir}/ipa-tes # remove files which are useful only for make uninstall find %{buildroot} -wholename '*/site-packages/*/install_files.txt' -exec rm {} \; -%if 0%{?centos} == 0 # RHEL spec file only: START: Replace login-screen-logo.png with a symlink ln -sf %{_datadir}/pixmaps/fedora-gdm-logo.png %{buildroot}%{_usr}/share/ipa/ui/images/login-screen-logo.png # RHEL spec file only: END: Replace login-screen-logo.png with a symlink -%endif %find_lang %{gettext_domain} @@ -1762,8 +1760,14 @@ fi %changelog -* Tue Jun 28 2022 CentOS Sources - 4.6.8-5.el7.centos.11 -- Roll in CentOS Branding +* Wed Oct 5 2022 Florence Blanc-Renaud - 4.6.8-5.el7_9.12 +- Resolves: 2084223 - 'ipa idview-show idviewname' & IPA WebUI takes longer time to return the results + - idviews: use cached ipaOriginalUid value when resolving ID override +- Resolves: 2124369 - OTP token sync always returns OK even with random numbers + - ipa otptoken-sync: return error when sync fails + - ipatests: add negative test for otptoken-sync + - ipatests: python2 does not support f-strings + - Fix otptoken_sync plugin * Tue May 10 2022 Florence Blanc-Renaud - 4.6.8-5.el7_9.11 - Resolves: 2082272 - [RFE] Require confirmation to change "Default host group" in IdM automember rules