freeipa - Debian Package Tracker

general

source: freeipa (main)
version: 4.8.10-2
maintainer: Debian FreeIPA Team (archive) (DMD)
uploaders: Timo Aaltonen [DMD]
arch: all any
std-ver: 4.5.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

stable: 4.7.2-3
unstable: 4.8.10-2

versioned links

4.7.2-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.8.10-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

freeipa-client (3 bugs: 0, 2, 1, 0)
freeipa-client-epn
freeipa-client-samba
freeipa-common
freeipa-server (1 bugs: 1, 0, 0, 0)
freeipa-server-dns
freeipa-server-trust-ad
freeipa-tests
python3-ipaclient
python3-ipalib
python3-ipaserver
python3-ipatests

action needed

Debci reports failed tests high

unstable: fail (log)
The tests ran in 0:12:53
Last run: 2021-06-14 03:44:46 UTC
Previous status: fail

testing: neutral (log)
The tests ran in 0:00:20
Last run: 2019-10-06 02:08:22 UTC
Previous status: neutral

Created: 2020-10-13 Last update: 2021-06-22 18:41

A new upstream version is available: 4.9.5 high

A new upstream version 4.9.5 is available, you should consider packaging it.

Created: 2020-11-19 Last update: 2021-06-22 14:09

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2019-14826: A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session.

Created: 2021-02-19 Last update: 2021-03-21 19:04

lintian reports 6 errors and 17 warnings high

Lintian reports 6 errors and 17 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2021-01-27 Last update: 2021-01-27 03:02

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 20-day delay is over. Check why.

Created: 2020-12-03 Last update: 2021-06-22 18:38

Depends on packages which need a new maintainer normal

The packages that freeipa depends on which need a new maintainer are:

rpm (#923352)
- Depends: librpm8
scriptaculous (#863696)
- Depends: libjs-scriptaculous
xmlrpc-c (#773435)
- Build-Depends: libxmlrpc-core-c3-dev
- Depends: libxmlrpc-core-c3

Created: 2019-11-22 Last update: 2021-06-22 17:08

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 4.9.5-1, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit e911f28d86d70b78c1ff33de58851eb9e94fbfc8
Author: Timo Aaltonen <tjaalton@debian.org>
Date:   Thu Jun 17 16:59:24 2021 +0300

    add wsgi to python3-ipaserver

commit acee2a296ba8235df3a43053e9a5c77420d75ae5
Author: Timo Aaltonen <tjaalton@debian.org>
Date:   Thu Jun 17 13:33:15 2021 +0300

    control: Drop dependency on custodia, not needed.

commit 2b0c6fe0d209ab72905b175a1b58eb0ab80c1e4c
Author: Timo Aaltonen <tjaalton@debian.org>
Date:   Thu Jun 17 13:11:43 2021 +0300

    client: Drop csrgen

commit 0a952abd71b98737ec59ad37071a1aba41e8fd73
Author: Timo Aaltonen <tjaalton@debian.org>
Date:   Thu Jun 17 13:01:14 2021 +0300

    bump the version

commit 3698c620029a0ab196872d5bce6661fc36ee861d
Merge: b8bea216c e045f118c
Author: Timo Aaltonen <tjaalton@debian.org>
Date:   Thu Jun 17 13:00:32 2021 +0300

    Merge branch 'upstream'

commit e045f118c87346bfab5b5634fd23f3054f082f7f
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Mon Jun 14 15:51:15 2021 +0300

    Become FreeIPA 4.9.5
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>

commit 0fd06f33b83aec19a88c594d3750bc476157ab83
Author: Stanislav Levin <slev@altlinux.org>
Date:   Thu Jun 10 11:04:21 2021 +0300

    gssproxy: Don't refresh expired delegated credentials
    
    `mod_auth_gssapi` exports delegated credentials into `/run/ipa/ccaches`
    and pass down that path as `KRB5CCNAME` env variable to WSGI worker.
    
    GSSProxy in turn, protects these credentials from direct usage of
    `ipa-api`. But the configuration of `service/ipa-api` (in particular,
    'cred_store = client_keytab:/var/lib/ipa/gssproxy/http.keytab') and
    default GSS name ('=None') dictates to refresh expired credentials
    with the client's keytab overwriting the origin credentials with
    initial credentials of keytab's principal.
    
    Signed-off-by: Stanislav Levin <slev@altlinux.org>
    Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>

commit 700be74975cad998e7dbcc4fb437e6b0bbd77305
Author: Stanislav Levin <slev@altlinux.org>
Date:   Fri Jun 4 12:53:25 2021 +0300

    krb_utils: Simplify get_credentials
    
    Previously, `get_credentials` raises either ValueError or re-raises
    GSSError. The former makes the handling of this function more difficult
    without a good reason.
    
    With this change:
    - `get_credentials` no longer handles exceptions by itself, but delegates
    this to the callers (which already process GSS errors).
    - `get_credentials_if_valid` doesn't raise any expected exceptions, but
    return valid credentials (on the moment of calling) or None. This makes
    it consistent with docs.
    
    Related: https://pagure.io/freeipa/issue/8873
    Signed-off-by: Stanislav Levin <slev@altlinux.org>
    Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>

commit 06a445aff10c1ab84e8784ab41b0a838e500e617
Author: Florence Blanc-Renaud <flo@redhat.com>
Date:   Thu Jun 10 11:31:41 2021 +0200

    ipa-cert-fix man page: add note about certmonger renewal
    
    ipa-cert-fix man page needs to explain that certmonger may
    trigger a renewal right after ipa-cert-fix completes because
    certmonger does not notice the updated certificates.
    
    Also add a similar note at the end of ipa-cert-fix.
    
    Fixes: https://pagure.io/freeipa/issue/8702
    Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
    Reviewed-By: Rob Crittenden <rcritten@redhat.com>

commit c9f5acc0d281f1a27471091648c36f94528c5a29
Author: Sergey Orlov <sorlov@redhat.com>
Date:   Thu Jun 10 17:26:17 2021 +0200

    ipatests: disable test_nfs.py::TestNFS in nightly runs on Fedora 33
    
    Also disable in Fedora 33 as it also has the faulty version of sssd
    which produces multi-gigabyte log file
    
    Related to https://pagure.io/freeipa/issue/8877
    
    Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>

commit 6eb535334d33f8f375b856e3a2d0b8853b318b4d
Author: Florence Blanc-Renaud <flo@redhat.com>
Date:   Tue Jun 8 15:40:00 2021 +0200

    freeipa.spec: bump 389-ds version
    
    IPA depends on the 389-ds version with the fix for
    https://github.com/389ds/389-ds-base/issues/4700
    Regression in winsync replication agreement
    
    The same 389-ds version also fixes
    https://github.com/389ds/389-ds-base/issues/4670
    389ds coredump in IPA nightly test
    test_caless.py::TestReplicaInstall::test_wildcard_http
    
    Fixes: https://pagure.io/freeipa/issue/8691
    Fixes: https://pagure.io/freeipa/issue/8756
    Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
    Reviewed-By: Rob Crittenden <rcritten@redhat.com>

commit 6ee14f513711ae9be799cfa2bd009f13c5248932
Author: Sergey Orlov <sorlov@redhat.com>
Date:   Tue Jun 8 21:17:58 2021 +0200

    ipatests: temporary disable execution of test_nfs.py::TestNFS in nightly runs
    
    During test run on Fedora 34 and 35 sssd produces multi-gigabyte log file
    which causes test runners to run out of disk space.
    
    Related to https://pagure.io/freeipa/issue/8877
    
    Reviewed-By: Francois Cami <fcami@redhat.com>

commit 2b22450dfdc1657b463683b09b9c69816f9152d9
Author: Florence Blanc-Renaud <flo@redhat.com>
Date:   Sat Jun 5 13:09:49 2021 +0200

    ipatests: delete the replica before uninstallation
    
    The test
    test_installation.py::TestInstallWithCA1::test_install_with_bad_ldap_conf
    is uninstalling a replica by calling ipa-server-install --uninstall
    directly, instead of deleting the replica first.
    
    Use tasks.uninstall_replica instead of tasks.uninstall_master
    to perform a proper uninstallation.
    
    Fixes: https://pagure.io/freeipa/issue/8876
    Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
    Reviewed-By: Rob Crittenden <rcritten@redhat.com>

commit 13b257d7a05fd255df472144712edb34604dbe06
Author: Florence Blanc-Renaud <flo@redhat.com>
Date:   Fri Jun 4 17:08:12 2021 +0200

    ipatests: set selinux context for fips mode
    
    In order to test FIPS mode, the test is faking a user-space
    FIPS environment by creating a file /var/tmp/userspace-fips
    and bind-mounting this file as /proc/sys/crypto/fips_enabled
    
    The security context needs to be properly set otherwise
    /proc/sys/crypto/fips_enabled inherits the security context
    unconfined_u:object_r:user_tmp_t:s0 and cannot be read,
    resulting in the test seeing fips_mode=false.
    
    Fixes: https://pagure.io/freeipa/issue/8868
    Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
    Reviewed-By: Rob Crittenden <rcritten@redhat.com>

commit 79e0919132adf0df764400f9c27268cbadd2578b
Author: Armando Neto <abiagion@redhat.com>
Date:   Mon May 31 15:34:02 2021 -0300

    ipatests: Bump PR-CI boxes
    
    Update Fedora 34 and 33 boxes to include new packages.
    
    Signed-off-by: Armando Neto <abiagion@redhat.com>
    Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>

commit 5238651da06547bb004de2434ae7d357422ba735
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Fri Jun 4 15:35:58 2021 +0300

    get_credentials: return ValueError for missing creds
    
    Related: https://pagure.io/freeipa/issue/8873
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>

commit b25f5bd9109b87916e097dd8353ea5f0dc49e398
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Fri Jun 4 12:27:55 2021 +0300

    Back to git snapshots
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>

commit d64d74df6fa75bea0a014083f1a9c815c6a6a3b8
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Fri Jun 4 12:26:34 2021 +0300

    Become FreeIPA 4.9.4
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>

commit 5b6a656147612d26003fa8aab6d0d033a1dfa2ac
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Fri Jun 4 12:25:16 2021 +0300

    po/uk.po: Update translations to FreeIPA ipa-4-9 state
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>

commit d6de84e711021dfd3477a5db5b7f9fde393d09d7
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Fri Jun 4 12:25:16 2021 +0300

    po/ru.po: Update translations to FreeIPA ipa-4-9 state
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>

commit 45232145d9ad3aa3ac45e2ccf63593ca2e61e50c
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Fri Jun 4 12:25:16 2021 +0300

    po/ipa.pot: Update translations to FreeIPA ipa-4-9 state
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>

commit 1157c5b14f994bce1a2f31fc0e0c7da139dd14fe
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Fri Jun 4 12:25:16 2021 +0300

    po/es.po: Update translations to FreeIPA ipa-4-9 state
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>

commit 3dd8c4d5134f7997ee75b18b282b83ff56ae5bbc
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Fri Jun 4 12:11:35 2021 +0300

    Depend on system-logos-ipa on RHEL/CentOS Stream
    
    Fedora ELN represents itself as a RHEL but it does not have
    redhat-logos-ipa package. CentOS Stream does not have redhat-logos-ipa
    but has centos-logos-ipa package. Both RHEL and CentOS Stream provide
    system-logos-ipa so we can depend on it instead.
    
    This allows to make IPA packages installable on CentOS Stream and on
    Fedora ELN.
    
    Fixes: https://pagure.io/freeipa/issue/8874
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>

commit 63d20c44760849a7ef65b234e7e231f9a073f61f
Author: Rob Crittenden <rcritten@redhat.com>
Date:   Thu Jun 3 14:17:56 2021 -0400

    Catch ValueError when trying to retrieve existing credentials
    
    get_credentials() was changed to raise ValueError instead of
    gssapi.exceptions.GSSError as part of the sweeper to clean up
    expired credentials caches.
    
    For WebUI users, this will prevent a 500 error if their
    associated credentials cache is expired or missing.
    
    https://pagure.io/freeipa/issue/8873
    
    Signed-off-by: Rob Crittenden <rcritten@redhat.com>
    Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>

commit dfbafafc3e38fd5b07fc3843c28fa019900a0ee7
Author: Serhii Tsymbaliuk <stsymbal@redhat.com>
Date:   Thu May 13 17:33:06 2021 +0200

    WebUI tests: Add test for 'ipaautoprivategroups' field on 'ID Ranges' page
    
    Add test_range_auto_private_groups test case to test_trust WebUI test suite to cover the field.
    
    Ticket: https://pagure.io/freeipa/issue/8837
    
    Signed-off-by: Serhii Tsymbaliuk <stsymbal@redhat.com>
    Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>

commit 15b47c8b0c7bb484240726f29a126411a2483393
Author: Serhii Tsymbaliuk <stsymbal@redhat.com>
Date:   Thu May 13 17:14:32 2021 +0200

    WebUI: Add support of 'ipaautoprivategroups' LDAP attribute on 'ID Ranges' page
    
    Add 'Auto private groups' field on 'Add ID range' form with the following options: true, false, hybrid.
    The field is optional and can be omitted.
    Its value can be also modified on 'Range Settings' page after the range is added.
    
    Ticket: https://pagure.io/freeipa/issue/8837
    
    Signed-off-by: Serhii Tsymbaliuk <stsymbal@redhat.com>
    Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>

commit d7f3c1ff4cbfc7840ca7c3015ca13eaeceee18ca
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Thu Jun 3 10:30:02 2021 +0300

    service: enforce keytab user when retrieving the keytab
    
    HTTP service uses different user for keytab ownership than the service
    user. On Fedora this leads to http.keytab being owned by 'apache' user
    after IPA deployment while it should be owned by 'root' to allow
    GSSPROXY configuration to work correctly.
    
    The situation is fixed during upgrade (ipa-server-upgrade) but it means
    for new deployments there might be a period of unexplained Web UI
    authentication failures.
    
    Fixes: https://pagure.io/freeipa/issue/8872
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Signed-off-by: Christian Heimes <cheimes@redhat.com>
    Reviewed-By: Christian Heimes <cheimes@redhat.com>

commit 8e05170f82c00d7873564cd6e811430a9fdc32da
Author: Stanislav Levin <slev@altlinux.org>
Date:   Wed Jun 2 17:20:56 2021 +0300

    ipatests: Fetch sudo rules without time offset
    
    As of 2.5.0 SSSD introduces a random timeout for the refresh
    of the SUDO rules [0]. With that change it's no longer possible
    to immediate fetch of SUDO rules unless the feature is disabled
    [1].
    
    [0]: https://github.com/SSSD/sssd/issues/5609
    [1]: https://github.com/SSSD/sssd/issues/5635
    
    Related: https://pagure.io/freeipa/issue/8844
    Signed-off-by: Stanislav Levin <slev@altlinux.org>
    Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>

commit 94831c341962d20c5a3ba9d5a293db9b69b7e331
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Thu Jun 3 09:48:37 2021 +0300

    po/zh_CN.po: Update translations to FreeIPA ipa-4-9 state
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>

commit 5cf1340132a4f015e28cd1325e45eba8d1c0d581
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Thu Jun 3 09:48:37 2021 +0300

    po/tr.po: Update translations to FreeIPA ipa-4-9 state
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>

commit 3f74383c98a367abdfcb7afd02c84299c7c0b8d0
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Thu Jun 3 09:48:37 2021 +0300

    po/tg.po: Update translations to FreeIPA ipa-4-9 state
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>

commit 9905e38311e9e065a98176b2f5eb71eec0fd5ef3
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Thu Jun 3 09:48:37 2021 +0300

    po/sk.po: Update translations to FreeIPA ipa-4-9 state
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>

commit d3ef07ad5165d94bc399fb96d6b19d785e9a11ca
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Thu Jun 3 09:48:36 2021 +0300

    po/ru.po: Update translations to FreeIPA ipa-4-9 state
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>

commit 468c4852fee883f4769d1d4787822e5fa55f6aaf
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Thu Jun 3 09:48:36 2021 +0300

    po/pt_BR.po: Update translations to FreeIPA ipa-4-9 state
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>

commit e7bfe72c155859b0ea315d7c24ff415fdf8f82fb
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Thu Jun 3 09:48:36 2021 +0300

    po/pt.po: Update translations to FreeIPA ipa-4-9 state
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>

commit e8ba917032624e348d3f6ec864350633abd228c3
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Thu Jun 3 09:48:36 2021 +0300

    po/pa.po: Update translations to FreeIPA ipa-4-9 state
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>

commit fa15bf13d56789e6250172bbe12e2af2aaea20d5
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Thu Jun 3 09:48:36 2021 +0300

    po/nl.po: Update translations to FreeIPA ipa-4-9 state
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>

commit a4679b8bc592af77b9619e4472ed3cf8c5f9ae2b
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Thu Jun 3 09:48:36 2021 +0300

    po/mr.po: Update translations to FreeIPA ipa-4-9 state
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>

commit 8c5ca861e15720661b9edbcc74ab2f678a407102
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Thu Jun 3 09:48:36 2021 +0300

    po/kn.po: Update translations to FreeIPA ipa-4-9 state
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>

commit 44c57c274489a2c2da155bb58d74f6f63c07d6d9
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Thu Jun 3 09:48:36 2021 +0300

    po/ja.po: Update translations to FreeIPA ipa-4-9 state
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>

commit 0feda3dd7601da90109b5c303b6da0915faf6b9d
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Thu Jun 3 09:48:36 2021 +0300

    po/ipa.pot: Update translations to FreeIPA ipa-4-9 state
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>

commit 87150c2b6f95f34fc4efa9ffd01b716335961e24
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Thu Jun 3 09:48:36 2021 +0300

    po/id.po: Update translations to FreeIPA ipa-4-9 state
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>

commit 3eca1f9127ec67c9fb94f199c36f9ee78103690a
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Thu Jun 3 09:48:36 2021 +0300

    po/hu.po: Update translations to FreeIPA ipa-4-9 state
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>

commit 1de25fb8047f99fa45d9095e584086bc3ee1393b
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Thu Jun 3 09:48:36 2021 +0300

    po/hi.po: Update translations to FreeIPA ipa-4-9 state
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>

commit 00a0cb3abfcd9c38d202bde548868feddaee65cc
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Thu Jun 3 09:48:36 2021 +0300

    po/fr.po: Update translations to FreeIPA ipa-4-9 state
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>

commit 4f68174c09a1bad858bde69e9170a9057c31e5e9
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Thu Jun 3 09:48:36 2021 +0300

    po/eu.po: Update translations to FreeIPA ipa-4-9 state
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>

commit f9c667e81a204c5db68ccf9276faf17d1d6d584d
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Thu Jun 3 09:48:36 2021 +0300

    po/es.po: Update translations to FreeIPA ipa-4-9 state
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>

commit 9c34f7eac57395be459d417f58650e3ca7a1b835
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Thu Jun 3 09:48:36 2021 +0300

    po/en_GB.po: Update translations to FreeIPA ipa-4-9 state
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>

commit 5ed8987fba831154746f3131650f1efa83a5e7d8
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Thu Jun 3 09:48:36 2021 +0300

    po/de.po: Update translations to FreeIPA ipa-4-9 state
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>

commit 626c7f7d15de71ca78018d8ae339b35cb1af7a2e
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Thu Jun 3 09:48:36 2021 +0300

    po/cs.po: Update translations to FreeIPA ipa-4-9 state
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>

commit 7cb4ee0d1282cd1c292421585f92b07647aa2642
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Thu Jun 3 09:48:36 2021 +0300

    po/ca.po: Update translations to FreeIPA ipa-4-9 state
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>

commit d933123eda92b7259ce8d67c6d95fa00c8f683bd
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Thu Jun 3 09:48:36 2021 +0300

    po/bn_IN.po: Update translations to FreeIPA ipa-4-9 state
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>

commit 04a6583ce3c1304907d092b19e5c7cc915f6952a
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Mon May 31 12:53:55 2021 +0300

    ds: Support renaming of a replication plugin in 389-ds
    
    IPA topology plugin depends on the replication plugin but
    389-ds cannot handle older alias querying in the plugin
    configuration with 'nsslapd-plugin-depends-on-named: ..' attribute
    
    See https://github.com/389ds/389-ds-base/issues/4786 for details
    
    Fixes: https://pagure.io/freeipa/issue/8799
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Stanislav Levin <slev@altlinux.org>
    Reviewed-By: Christian Heimes <cheimes@redhat.com>

commit 519328382b678ae2b3330c4dfd7460768aa6121e
Author: MIZUTA Takeshi <mizuta.takeshi@fujitsu.com>
Date:   Sat May 22 01:21:56 2021 +0900

    Add --keyfile option to ipa-otptoken-import.1
    
    ipa-otptoken-import.1 describes the -k option.
    However, the long option --keyfile option is also available.
    Therefore, add the --keyfile option to ipa-otptoken-import.1.
    
    Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>

commit ab5aba2b78caace61079c229f30dd81e501446ef
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Wed May 26 17:57:34 2021 +0300

    Update IRC links to point to Libera.chat
    
    Update documentation now that we moved IRC channels #freeipa and #sssd
    to Libera.chat network.
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Christian Heimes <cheimes@redhat.com>

commit b8bea216c6d43eceb4b4e10cc91014eeee204a90
Author: Timo Aaltonen <tjaalton@debian.org>
Date:   Mon Apr 12 17:46:08 2021 +0300

    Revert "rules: Build only the client for bullseye."
    
    This reverts commit 420067e108b8803d41e0b3863a7491dbec5184a1.

commit 068131ea95f9c4948ef5ad98a0685ac3d97dfd81
Author: Timo Aaltonen <tjaalton@debian.org>
Date:   Thu Jan 7 11:29:00 2021 +0200

    rules: ipasphinx files are only built on server build

commit 956aab357efd013c40c7c3c2cc307a852ef0c7fe
Author: Timo Aaltonen <tjaalton@debian.org>
Date:   Thu Jan 7 11:15:56 2021 +0200

    drop upstreamed patches

commit 420067e108b8803d41e0b3863a7491dbec5184a1
Author: Timo Aaltonen <tjaalton@debian.org>
Date:   Thu Jan 7 11:09:18 2021 +0200

    rules: Build only the client for bullseye.

commit d323cfd5ec78c5df709fbf1ba25bda8edce78638
Author: Timo Aaltonen <tjaalton@debian.org>
Date:   Thu Jan 7 11:07:25 2021 +0200

    bump the version

commit 33481a1a58a104502bc941f6e06e448a798a0fa3
Merge: d63a654c3 44914cf1f
Author: Timo Aaltonen <tjaalton@debian.org>
Date:   Thu Jan 7 11:05:49 2021 +0200

    Merge branch 'upstream' into master-next

commit 44914cf1faaf3704c55c0ef39fe680e63710d3f0
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Wed Dec 23 16:33:22 2020 +0200

    Become FreeIPA 4.9.0
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>

commit 1354031def399ea79d6cbb7ed7e35f707a38f3ec
Author: Weblate <noreply@weblate.org>
Date:   Mon Dec 21 15:25:03 2020 +0100

    Update translation files
    
    Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.
    
    Co-authored-by: Weblate <noreply@weblate.org>
    Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/
    Translation: freeipa/master

commit a3058d528a0f7a647f5090b4bcd3b2a19e7b54fd
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Wed Dec 23 16:10:26 2020 +0200

    Update list of contributors
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>

commit eca22818c911646a111d2257213ee22737e2555f
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Tue Dec 22 09:25:01 2020 +0200

    odsexporterinstance: use late binding for UID/GID resolution
    
    Move actual resolution of UID/GID values for 'ods' entities to the code
    that needs them. This prevents failures when uninstalling IPA server set
    up without DNS feature. In particular, 'ods' user and group are created
    when 'opendnssec' package is installed and if 'opendnssec' package is
    not installed, uninstall fails in OpenDNSSEC Exporter instance
    constructor.
    
    We use common pattern of checking the service during uninstall:
    
     svc = SVCClass()
     if svc.is_configured():
        svc.uninstall()
    
    Thus, service class constructor must not do UID/GID resolution
    
    Fixes: https://pagure.io/freeipa/issue/8630
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Christian Heimes <cheimes@redhat.com>
    Reviewed-By: Stanislav Levin <slev@altlinux.org>

commit eae9f0d80c8fe67fdd44a9c772ce2c4234b35ba0
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Tue Dec 22 09:20:52 2020 +0200

    dnskeysyncinstance: use late binding for UID/GID resolution
    
    Move actual resolution of UID/GID values for 'ods' and 'named' entities
    to the code that needs them. This prevents failures when uninstalling
    IPA server set up without DNS feature. In particular, 'named' group is
    created when 'bind' package is installed and if 'bind' package is not
    installed, uninstall fails in OpenDNSSEC instance constructor.
    
    We use common pattern for all services during uninstall:
    
     svc = SVCClass(..)
     if svc.is_configured()
         svc.uninstall()
    
    This requires that the class constructor should not rely on artifacts
    that only exist when the service is configured.
    
    Fixes: https://pagure.io/freeipa/issue/8630
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Christian Heimes <cheimes@redhat.com>
    Reviewed-By: Stanislav Levin <slev@altlinux.org>

commit eb42b1097a89c5e863bd4fd1714d5ce84a47b718
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Tue Dec 22 09:11:51 2020 +0200

    opendnssecinstance: use late binding for UID/GID resolution
    
    Move actual resolution of UID/GID values for 'ods' and 'named' entities
    to the code that needs them. This prevents failures when uninstalling
    IPA server set up without DNS feature. In particular, 'named' group is
    created when 'bind' package is installed and if 'bind' package is not
    installed, uninstall fails in OpenDNSSEC instance constructor.
    
    We use common pattern for all services during uninstall:
    
     svc = SVCClass(..)
     if svc.is_configured()
         svc.uninstall()
    
    This requires that the class constructor should not rely on artifacts
    that only exist when the service is configured.
    
    Fixes: https://pagure.io/freeipa/issue/8630
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Christian Heimes <cheimes@redhat.com>
    Reviewed-By: Stanislav Levin <slev@altlinux.org>

commit 7d13d704b9552ab8ec1c7c5428655297fbdbf09c
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Sat Dec 19 14:46:16 2020 +0200

    tests_webui: fix wrong user name key for trail space case
    
    User name for trail space key was using the name for lead space key.
    As a result, when both tests were transformed, second one was
    unsuccessful as the original user was already created.
    
    Fix the user name data according to the test.
    
    Fixes: https://pagure.io/freeipa/issue/8629
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>

commit d9bdd3e93048ff4f08c2d53f1fd89b05dcd7861c
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Sat Dec 19 10:44:31 2020 +0200

    tests_webui: flip leading and trailing space password test
    
    With commit 809d9cb80f5f4471f125823888f37875aa37809e we now allow
    leading and trailing space in passwords. Fix Web UI tests to follow this
    change.
    
    Fixes: https://pagure.io/freeipa/issue/8629
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>

commit 6f8e48863549f387658ed82d00a1a1cffc015084
Author: François Cami <fcami@redhat.com>
Date:   Fri Dec 18 21:18:19 2020 +0100

    set SELinux back to Permissive in gating.xml
    
    Signed-off-by: François Cami <fcami@redhat.com>
    Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>

commit 2244a7a2922176c6930a23261883d53c5e0b9c49
Author: Carl George <carl@george.computer>
Date:   Fri Dec 18 23:27:26 2020 -0600

    Use uglifyjs on CentOS too
    
    Only checking for ID to equal "rhel" causes build failures on CentOS
    Stream.  Instead check both ID and ID_LIKE.  This should also work later
    on when rebuilds like CentOS Linux get this update.
    
    Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>

commit 0b3f87196dedbfb207dccb70893f5c1d466e96f7
Author: François Cami <fcami@redhat.com>
Date:   Wed Dec 16 10:44:44 2020 +0100

    set SELinux to Enforcing in gating.xml
    
    Signed-off-by: François Cami <fcami@redhat.com>
    Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Francois Cami <fcami@redhat.com>

commit e2f9912b78d723441f241abb453971dd78cf5d6e
Author: Vit Mojzis <vmojzis@redhat.com>
Date:   Mon Oct 19 18:23:15 2020 +0200

    selinux: Fix/waive issues reported by SELint
    
    - order permissions alphabeticaly
    - do not use semicollon after interfaces
    - gen_require should only be used in interfaces
    -- to resolve this issue, corresponding changes have to be made in
    distribution policy instead of ipa module - disabling check
    
    Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Francois Cami <fcami@redhat.com>

commit 4db85bed81ba9a8cca0f34ca067312d15c9f2868
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Fri Dec 18 13:50:04 2020 +0200

    Update IPA translation template before release
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Francois Cami <fcami@redhat.com>

commit 6c58f825ec84016753c89e8c573d7731181776d4
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Fri Dec 18 13:49:39 2020 +0200

    Update po/zh_CN translation before release
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Francois Cami <fcami@redhat.com>

commit bdb759ac7e23cedc19b91ddd2712ddf4f8bd2648
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Fri Dec 18 13:49:39 2020 +0200

    Update po/uk translation before release
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Francois Cami <fcami@redhat.com>

commit 29f797d442b4c9753ed6b789b9bb297df2019d51
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Fri Dec 18 13:49:39 2020 +0200

    Update po/tr translation before release
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Francois Cami <fcami@redhat.com>

commit 1bf4b41f1198388c039292d71c41e131fae3fa88
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Fri Dec 18 13:49:39 2020 +0200

    Update po/tg translation before release
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Francois Cami <fcami@redhat.com>

commit badd9551f3406109efa24a927ee73ca4861b9413
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Fri Dec 18 13:49:39 2020 +0200

    Update po/sk translation before release
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Francois Cami <fcami@redhat.com>

commit ad37d39ea4ccd7860adc98de11db33e45c92bede
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Fri Dec 18 13:49:39 2020 +0200

    Update po/ru translation before release
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Francois Cami <fcami@redhat.com>

commit acd2f3054af5ada3b3efb0f0a035775ffa8452a7
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Fri Dec 18 13:49:39 2020 +0200

    Update po/pt translation before release
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Francois Cami <fcami@redhat.com>

commit 970c4050abd6813d0a1817f57be06135b4e7cfab
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Fri Dec 18 13:49:39 2020 +0200

    Update po/pt_BR translation before release
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Francois Cami <fcami@redhat.com>

commit 9ed9eb7c85209717c574fb815629bfcdac7fc6e6
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Fri Dec 18 13:49:39 2020 +0200

    Update po/pl translation before release
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Francois Cami <fcami@redhat.com>

commit 4bf0a13a85411307d5430a1b5483770f90884c6c
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Fri Dec 18 13:49:39 2020 +0200

    Update po/pa translation before release
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Francois Cami <fcami@redhat.com>

commit 5ea6048240cd4dc5add0bb9b09a0c3276d3e0459
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Fri Dec 18 13:49:39 2020 +0200

    Update po/nl translation before release
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Francois Cami <fcami@redhat.com>

commit 58d201715287ee2784da85d760c88609f0ca9f3c
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Fri Dec 18 13:49:39 2020 +0200

    Update po/mr translation before release
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Francois Cami <fcami@redhat.com>

commit 162aa652295a46e1dafbe8102a9d8f3b0b36018c
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Fri Dec 18 13:49:39 2020 +0200

    Update po/kn translation before release
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Francois Cami <fcami@redhat.com>

commit 12de97fca7600e1d01dc5289387064845043a7b7
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Fri Dec 18 13:49:39 2020 +0200

    Update po/ja translation before release
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Francois Cami <fcami@redhat.com>

commit 036c96754dd0dca5cda2ecb07b1514c65c4a73fe
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Fri Dec 18 13:49:39 2020 +0200

    Update po/id translation before release
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Francois Cami <fcami@redhat.com>

commit 9d4d4d278887ad89657c1832eb2486da85968964
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Fri Dec 18 13:49:39 2020 +0200

    Update po/hu translation before release
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Francois Cami <fcami@redhat.com>

commit fa4ac630669200e84da69f150a6e3304fcc5751f
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Fri Dec 18 13:49:39 2020 +0200

    Update po/hi translation before release
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Francois Cami <fcami@redhat.com>

commit 33f4e6588f70aeef415260dd176b77e2c9ea285c
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Fri Dec 18 13:49:38 2020 +0200

    Update po/fr translation before release
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Francois Cami <fcami@redhat.com>

commit 0b02b0514abe5393f64590436598f8b7a2cc09c4
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Fri Dec 18 13:49:38 2020 +0200

    Update po/eu translation before release
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Francois Cami <fcami@redhat.com>

commit 03cf8ffe144e373c70145c01869b0f7e0c4977b9
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Fri Dec 18 13:49:38 2020 +0200

    Update po/es translation before release
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Francois Cami <fcami@redhat.com>

commit 09f97d2e1e5e6105a44be4e76b1e6570d7093de1
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Fri Dec 18 13:49:38 2020 +0200

    Update po/en_GB translation before release
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Francois Cami <fcami@redhat.com>

commit 9c166cfca6bc3bbe92bf0a9384b67e95ff70b266
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Fri Dec 18 13:49:38 2020 +0200

    Update po/de translation before release
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Francois Cami <fcami@redhat.com>

commit 7b63b5b84213731a3d324aac2988398bcde2111d
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Fri Dec 18 13:49:38 2020 +0200

    Update po/cs translation before release
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Francois Cami <fcami@redhat.com>

commit 57b41e0dd587e605dce34241d8e6053ccf43e7a8
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Fri Dec 18 13:49:38 2020 +0200

    Update po/ca translation before release
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Francois Cami <fcami@redhat.com>

commit 8f6b4a0780c704dfb58675f367ff8bb50e5e1788
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   Fri Dec 18 13:49:38 2020 +0200

    Update po/bn_IN translation before release
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Francois Cami <fcami@redhat.com>

commit f3a1b4af001bf843fbb07bad0b2b8cc37c49fa66
Author: Christian Heimes <cheimes@redhat.com>
Date:   Mon Dec 14 17:44:38 2020 +0100

    Change mkdir logic in DNSSEC
    
    - Create /var/named/dyndb-ldap/ipa/master/ early
    - Assume that /var/named/dyndb-ldap/ipa/master/ exists in BINDMgr.sync()
    
    Signed-off-by: Christian Heimes <cheimes@redhat.com>
    Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>

Created: 2021-06-17 Last update: 2021-06-22 15:34

Multiarch hinter reports 1 issue(s) normal

There are issues with the multiarch metadata for this package.

freeipa-client-epn could be marked Multi-Arch: same

Created: 2020-09-28 Last update: 2021-06-22 15:01

4 low-priority security issues in buster low

There are 4 open security issues in buster.

4 issues left for the package maintainer to handle:

CVE-2019-10195: (needs triaging) A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with passwords as arguments or options is not performed by default in FreeIPA but is possible by third-party components. An attacker having access to system logs on FreeIPA masters could use this flaw to produce log file content with passwords exposed.
CVE-2019-14826: (needs triaging) A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session.
CVE-2019-14867: (needs triaging) A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger parsing of the krb principal key could cause the IPA server to crash or in some conditions, cause arbitrary code to be executed on the server hosting the IPA server.
CVE-2020-1722: (needs triaging) A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this vulnerability is to system availability.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-02-19 Last update: 2021-03-21 19:04

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2020-03-07 Last update: 2020-03-07 04:04

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.1 instead of 4.5.0).

Created: 2020-11-17 Last update: 2020-11-28 02:35

testing migrations

This package will soon be part of the auto-openssl transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
This package will soon be part of the auto-openldap transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
excuses:
- Migrates after: rpm
- Migration status for freeipa (- to 4.8.10-2): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- Updating freeipa introduces new bugs: #970880
- autopkgtest for freeipa/4.8.10-2: amd64: Regression ♻ , arm64: Regression ♻ , armhf: Regression ♻ , i386: Regression ♻ , ppc64el: Regression ♻
- blocked by freeze: is not in testing
- Depends: freeipa rpm
- Additional info:
- Piuparts tested OK - https://piuparts.debian.org/sid/source/f/freeipa.html
- 206 days old (needed 20 days)
- Not considered

news

[rss feed]

[2020-11-27] Accepted freeipa 4.8.10-2 (source) into unstable (Timo Aaltonen)
[2020-09-28] Accepted freeipa 4.8.10-1 (source) into unstable (Timo Aaltonen)
[2020-09-11] Accepted freeipa 4.8.8-2 (source amd64 all) into unstable, unstable (Debian FTP Masters) (signed by: Timo Aaltonen)
[2020-04-07] Accepted freeipa 4.8.6-1 (source) into unstable (Timo Aaltonen)
[2020-03-25] Accepted freeipa 4.8.5-1 (source) into unstable (Timo Aaltonen)
[2019-11-26] Accepted freeipa 4.8.3-1 (source) into unstable (Timo Aaltonen)
[2019-11-20] Accepted freeipa 4.8.2-1 (source) into unstable (Timo Aaltonen)
[2019-10-07] freeipa REMOVED from testing (Debian testing watch)
[2019-09-11] Accepted freeipa 4.8.1-2 (source) into unstable (Timo Aaltonen)
[2019-09-11] Accepted freeipa 4.8.1-1 (source amd64 all) into experimental, experimental (Timo Aaltonen)
[2019-06-12] freeipa 4.7.2-3 MIGRATED to testing (Debian testing watch)
[2019-05-06] Accepted freeipa 4.7.2-3 (source) into unstable (Timo Aaltonen)
[2019-02-24] freeipa 4.7.2-2 MIGRATED to testing (Debian testing watch)
[2019-02-12] Accepted freeipa 4.7.2-2+exp1 (source) into experimental (Timo Aaltonen)
[2019-02-12] Accepted freeipa 4.7.2-2 (source) into unstable (Timo Aaltonen)
[2019-02-11] freeipa 4.7.2-1 MIGRATED to testing (Debian testing watch)
[2019-02-05] Accepted freeipa 4.7.2-1+exp1 (source) into experimental (Timo Aaltonen)
[2019-02-05] Accepted freeipa 4.7.2-1 (source) into unstable (Timo Aaltonen)
[2018-12-06] Accepted freeipa 4.7.1-3 (source) into unstable (Timo Aaltonen)
[2018-10-18] Accepted freeipa 4.7.1-2 (source) into unstable (Timo Aaltonen)
[2018-10-09] Accepted freeipa 4.7.1-1 (source) into unstable (Timo Aaltonen)
[2018-09-28] Accepted freeipa 4.7.0-1 (source) into unstable (Timo Aaltonen)
[2018-07-22] Accepted freeipa 4.6.3-1.1 (source) into unstable (Sebastian Andrzej Siewior)
[2018-04-17] Accepted freeipa 4.7.0~pre1+git20180411-2 (source) into experimental (Timo Aaltonen)
[2018-04-12] Accepted freeipa 4.7.0~pre1+git20180411-1 (source) into experimental (Timo Aaltonen)
[2018-02-02] Accepted freeipa 4.6.3-1 (source) into unstable (Timo Aaltonen)
[2018-01-30] Accepted freeipa 4.6.2-4 (source) into unstable (Timo Aaltonen)
[2018-01-29] Accepted freeipa 4.6.2-3 (source) into unstable (Timo Aaltonen)
[2018-01-20] Accepted freeipa 4.6.2-2 (source) into unstable (Timo Aaltonen)
[2018-01-20] Accepted freeipa 4.6.2-1 (source) into unstable (Timo Aaltonen)

bugs [bug history graph]

all: 8
RC: 1
I&N: 6
M&W: 1
F&P: 0
patch: 0

links

homepage
lintian (6, 17)
buildd: logs, checks, clang, cross
popcon
browse source code
edit tags
other distros
security tracker
l10n (-, 20)
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 4.8.6-1ubuntu5
11 bugs
patches for 4.8.6-1ubuntu5