Debian Package Tracker

general

source: freeipa (main)
version: 4.8.10-1
maintainer: Debian FreeIPA Team (archive) (DMD)
uploaders: Timo Aaltonen [DMD]
arch: all any
std-ver: 4.5.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

stable: 4.7.2-3
unstable: 4.8.10-1

versioned links

4.7.2-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.8.6-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.8.10-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

freeipa-client (4 bugs: 0, 3, 1, 0)
freeipa-client-epn
freeipa-client-samba
freeipa-common
freeipa-server (1 bugs: 0, 1, 0, 0)
freeipa-server-dns
freeipa-server-trust-ad
freeipa-tests
python3-ipaclient
python3-ipalib
python3-ipaserver
python3-ipatests

action needed

A new upstream version is available: 4.9.0rc1 high

A new upstream version 4.9.0rc1 is available, you should consider packaging it.

Created: 2020-11-19 Last update: 2020-11-23 21:03

Debci reports failed tests high

unstable: fail (log)
The tests ran in 0:00:28
Last run: 2020-11-12 21:26:07 UTC
Previous status: fail

testing: neutral (log)
The tests ran in 0:00:20
Last run: 2019-10-06 02:08:22 UTC
Previous status: neutral

Created: 2020-10-13 Last update: 2020-11-23 20:37

lintian reports 2 errors and 16 warnings high

Lintian reports 2 errors and 16 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2020-07-29 Last update: 2020-10-22 04:32

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2019-14826: A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session.

Please fix it.

Created: 2019-09-17 Last update: 2020-09-28 17:24

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 5-day delay is over. Check why.

Created: 2020-10-03 Last update: 2020-11-23 20:34

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2020-11-11 Last update: 2020-11-23 20:30

Depends on packages which need a new maintainer normal

The packages that freeipa depends on which need a new maintainer are:

rpm (#923352)
- Depends: librpm8
scriptaculous (#863696)
- Depends: libjs-scriptaculous
xmlrpc-c (#773435)
- Build-Depends: libxmlrpc-core-c3-dev
- Depends: libxmlrpc-core-c3

Created: 2019-11-22 Last update: 2020-11-23 19:38

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 4.8.10-2, distribution unstable) and new commits in its VCS. You should consider whether it's time to make an upload.

Created: 2020-09-29 Last update: 2020-11-23 19:05

Multiarch hinter reports 1 issue(s) normal

There are issues with the multiarch metadata for this package.

freeipa-client-epn could be marked Multi-Arch: same

Created: 2020-09-28 Last update: 2020-11-23 15:31

4 ignored security issues in buster low

There are 4 open security issues in buster.

4 issues skipped by the security teams:

CVE-2019-10195: A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with passwords as arguments or options is not performed by default in FreeIPA but is possible by third-party components. An attacker having access to system logs on FreeIPA masters could use this flaw to produce log file content with passwords exposed.
CVE-2019-14826: A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session.
CVE-2019-14867: A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger parsing of the krb principal key could cause the IPA server to crash or in some conditions, cause arbitrary code to be executed on the server hosting the IPA server.
CVE-2020-1722: A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this vulnerability is to system availability.

Please fix them.

Created: 2019-09-17 Last update: 2020-09-28 17:24

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2020-03-07 Last update: 2020-03-07 04:04

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.1 instead of 4.5.0).

Created: 2020-11-17 Last update: 2020-11-17 05:41

testing migrations

This package will soon be part of the auto-openssl transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
excuses:
- Migration status for freeipa (- to 4.8.10-1): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- Updating freeipa introduces new bugs: #970230
- autopkgtest for freeipa/4.8.10-1: amd64: Regression ♻ , arm64: Regression ♻ , armhf: Regression ♻ , i386: Regression ♻ , ppc64el: Regression ♻
- missing build on armel
- Additional info:
- Piuparts tested OK - https://piuparts.debian.org/sid/source/f/freeipa.html
- 57 days old (needed 5 days)
- Not considered

news

[rss feed]

[2020-09-28] Accepted freeipa 4.8.10-1 (source) into unstable (Timo Aaltonen)
[2020-09-11] Accepted freeipa 4.8.8-2 (source amd64 all) into unstable, unstable (Debian FTP Masters) (signed by: Timo Aaltonen)
[2020-04-07] Accepted freeipa 4.8.6-1 (source) into unstable (Timo Aaltonen)
[2020-03-25] Accepted freeipa 4.8.5-1 (source) into unstable (Timo Aaltonen)
[2019-11-26] Accepted freeipa 4.8.3-1 (source) into unstable (Timo Aaltonen)
[2019-11-20] Accepted freeipa 4.8.2-1 (source) into unstable (Timo Aaltonen)
[2019-10-07] freeipa REMOVED from testing (Debian testing watch)
[2019-09-11] Accepted freeipa 4.8.1-2 (source) into unstable (Timo Aaltonen)
[2019-09-11] Accepted freeipa 4.8.1-1 (source amd64 all) into experimental, experimental (Timo Aaltonen)
[2019-06-12] freeipa 4.7.2-3 MIGRATED to testing (Debian testing watch)
[2019-05-06] Accepted freeipa 4.7.2-3 (source) into unstable (Timo Aaltonen)
[2019-02-24] freeipa 4.7.2-2 MIGRATED to testing (Debian testing watch)
[2019-02-12] Accepted freeipa 4.7.2-2+exp1 (source) into experimental (Timo Aaltonen)
[2019-02-12] Accepted freeipa 4.7.2-2 (source) into unstable (Timo Aaltonen)
[2019-02-11] freeipa 4.7.2-1 MIGRATED to testing (Debian testing watch)
[2019-02-05] Accepted freeipa 4.7.2-1+exp1 (source) into experimental (Timo Aaltonen)
[2019-02-05] Accepted freeipa 4.7.2-1 (source) into unstable (Timo Aaltonen)
[2018-12-06] Accepted freeipa 4.7.1-3 (source) into unstable (Timo Aaltonen)
[2018-10-18] Accepted freeipa 4.7.1-2 (source) into unstable (Timo Aaltonen)
[2018-10-09] Accepted freeipa 4.7.1-1 (source) into unstable (Timo Aaltonen)
[2018-09-28] Accepted freeipa 4.7.0-1 (source) into unstable (Timo Aaltonen)
[2018-07-22] Accepted freeipa 4.6.3-1.1 (source) into unstable (Sebastian Andrzej Siewior)
[2018-04-17] Accepted freeipa 4.7.0~pre1+git20180411-2 (source) into experimental (Timo Aaltonen)
[2018-04-12] Accepted freeipa 4.7.0~pre1+git20180411-1 (source) into experimental (Timo Aaltonen)
[2018-02-02] Accepted freeipa 4.6.3-1 (source) into unstable (Timo Aaltonen)
[2018-01-30] Accepted freeipa 4.6.2-4 (source) into unstable (Timo Aaltonen)
[2018-01-29] Accepted freeipa 4.6.2-3 (source) into unstable (Timo Aaltonen)
[2018-01-20] Accepted freeipa 4.6.2-2 (source) into unstable (Timo Aaltonen)
[2018-01-20] Accepted freeipa 4.6.2-1 (source) into unstable (Timo Aaltonen)
[2017-12-16] Accepted freeipa 4.4.4-4 (source) into unstable (Timo Aaltonen)

bugs [bug history graph]

all: 10
RC: 1
I&N: 8
M&W: 1
F&P: 0
patch: 1

links

homepage
lintian (2, 16)
buildd: logs, checks, clang, cross
popcon
browse source code
edit tags
other distros
security tracker
l10n (-, 20)
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 4.8.6-1ubuntu3
10 bugs
patches for 4.8.6-1ubuntu3