freeipa (4.4.4-3ubuntu1) artful; urgency=medium * fix-opendnssec-setup.diff: Use /usr/sbin prefix for ods binaries. -- Timo Aaltonen Sun, 15 Oct 2017 09:50:35 +0300 freeipa (4.4.4-3) unstable; urgency=medium * fix-opendnssec-setup.diff: Fix a typo. (Closes: #878095) -- Timo Aaltonen Mon, 09 Oct 2017 23:51:56 +0300 freeipa (4.4.4-2) unstable; urgency=medium * control: Add a dependency on fonts-open-sans. (LP: #1656236) * fix-opendnssec-install.diff: Updated for opendnssec 2.1.x. (LP: #1703836) -- Timo Aaltonen Mon, 09 Oct 2017 10:41:55 +0300 freeipa (4.4.4-1) unstable; urgency=medium * Upload to unstable. (Closes: #862846) * New upstream release. - CVE-2017-2590 - ipa-kdb-support-dal-version-5-and-6.diff: Dropped, upstream. - purge-firefox-extension.diff: Refreshed. * fix-is-running.diff: Add a third argument to is_running() in ipaplatform/debian/services.py. (Closes: #856533) * fix-kdcproxy-path.diff: Update debian/paths.py to use correct path for ipa-httpd-kdcproxy. * client.dirs: Ship /etc/krb5.conf.d, because not having that breaks the installer when krb5.conf tries to include that. * copyright, watch: Update source/release location. * control, ipaserver: Move adtrustinstance python files to python- ipaserver, and add samba-common to python-ipaserver depends so that uninstall works. * fix-pkcs11-helper.diff: Fix ipa-dnskeysyncd setup which was broken by softhsm 2.2. * fix-opendnssec-setup.diff: Opendnssec 2.0.x broke DNSSEC setup, fix it. -- Timo Aaltonen Wed, 17 May 2017 21:19:22 +0300 freeipa (4.4.3-3) experimental; urgency=medium * client.postinst: Fix logfile location. -- Timo Aaltonen Thu, 16 Feb 2017 11:26:08 +0200 freeipa (4.4.3-2) experimental; urgency=medium * control: Fix python-ipatests to depend on python-sss instead of python-sssdconfig. -- Timo Aaltonen Sat, 28 Jan 2017 00:15:53 +0200 freeipa (4.4.3-1) experimental; urgency=medium * New upstream release. (Closes: #848762) * configure-apache-from-installer.diff: Dropped, upstream. * fix-cve-2016-5404.diff: Dropped, upstream. * patches: Refreshed. * work-around-apache-fail.diff: Dropped, apache supports systemd now so this should not be needed. * watch: Use https url. * client.postinst: Use update_ipa_nssdb(), which also removes remnants from /etc/pki/nssdb. * control: Bump depends on slapi-nis to 0.56.1. * control: Add python-custodia and python-requests to ipalib depends. * control: Use python-netifaces instead of iproute. * control: Add python-sssdconfig to python-ipatests depends. * control: Bump depends on 389-ds-base to 1.3.5.6, upstream #5396 #2008. * control: Bump bind9-dyndb-ldap depends to 10, upstream #2008. * control: Add python-libsss-nss-idmap to build-depends. * control: Bump depends on sssd to 1.14.0. * install: Updated. * platform: - drop variables that were commented out - add some comments to tasks.py - migrate some services to use systemd - add & update some paths - add some stub services (LP: #1653245) * control: Add krb5-otp to server depends. (LP: #1640732) * control: Demote ntp to Recommends so that lxc containers can be enrolled without it. (LP: #1630911) -- Timo Aaltonen Sat, 14 Jan 2017 15:29:25 +0200 freeipa (4.3.2-5) unstable; urgency=medium * fix-cve-2016-5404.diff: Fix permission check bypass (Closes: #835131) - CVE-2016-5404 * ipa-kdb-support-dal-version-5-and-6.diff: Support mit-krb5 1.15. (Closes: #844114) -- Timo Aaltonen Sat, 03 Dec 2016 01:02:40 +0200 freeipa (4.3.2-4) unstable; urgency=medium * freeipa-client.post*: Use /var/log/ipaclient-upgrade.log instead of ipaupgrade.log, and remove it on purge. (Closes: #842071) * control: Bump dependency on libapache2-mod-auth-gssapi to verify upstream bug #5653 is resolved. * platform: Add Debian mapping for rpcgssd and rpcidmapd service files. (LP: #1645201) -- Timo Aaltonen Thu, 01 Dec 2016 08:12:27 +0200 freeipa (4.3.2-3) unstable; urgency=medium * rules: Add a check to override_dh_fixperms so that chmod is not run on arch-indep build where the targets don't exist. (Closes: #839844) -- Timo Aaltonen Thu, 06 Oct 2016 01:22:13 +0300 freeipa (4.3.2-2) unstable; urgency=medium * copyright: Since ffb9a09a0d all original code should be GPL-3+, so drop some exceptions. * control: Add libnss-sss, libpam-sss and libsss-sudo to client depends to ensure they get installed. (LP: #1600513) * fix-ipa-otpd-service.diff: Use correct path for ipa-otpd. (LP: #1628884) * add-debian-platform.diff: Fix libsofthsm2.so install path. * control: Bump dep on softhsm2 due to changed lib install path. * tests: Add simple autopkgtest to check that ipa-server-install works. -- Timo Aaltonen Wed, 05 Oct 2016 00:35:51 +0300 freeipa (4.3.2-1) experimental; urgency=medium * New upstream release. * copyright, missing-sources, README.source: Exclude minified javascript that the runtime does not need. Add unminified versions of others, update copyright to match. (Closes: #787593) * source/lintian-overrides: Document minified javascript issues. -- Timo Aaltonen Wed, 14 Sep 2016 13:03:54 +0300 freeipa (4.3.1-2) experimental; urgency=medium * control: python-ipalib can be arch:all now. -- Timo Aaltonen Mon, 25 Jul 2016 22:22:52 +0300 freeipa (4.3.1-1) unstable; urgency=medium * New upstream release. (Closes: #781607, #786411) (LP: #1449304) - drop no-test-lang.diff, obsolete * fix-match-hostname.diff, control: Drop the patch and python-openssl deps, not needed anymore * rules, platform, server.dirs, server.install: Add support for DNSSEC. * control, rules: Add support for kdcproxy. * control, server: Migrate to mod-auth-gssapi. * control, rules, fix-ipa-conf.diff: Add support for custodia. * control: - Add python-cryptography to build-deps and python-freeipa deps. - Add libp11-kit-dev to build-deps, p11-kit to server deps. - Depend on python-gssapi instead of python-kerberos/-krbV. - Add libini-config-dev and python-dbus to build-deps, replace wget with curl. - Bump libkrb5-dev build-dep. - Add pki-base to build-deps and pki-kra to server deps, bump pki-ca version. - Drop python-m2crypto from deps, obsolete. - Bump sssd deps to 1.13.1. - Add python-six to build-deps and python-freeipa deps. - Split python stuff from server, client, tests to python- ipa{server,client,tests}, rename python-freeipa to match and move translations to freeipa-common. Mark them Arch:all where possible, and add Breaks/Replaces. - Add oddjob to server and oddjob-mkhomedir to client deps. - Add python-setuptools to python-ipalib deps. - Bump 389-ds-base* deps. - Bump server and python-ipaserver dependency on python-ldap to 2.4.22 to fix a bug on ipa-server-upgrade. - Add pki-tools to python-ipaserver deps. - Add zip to python-ipaserver depends. - Add python-systemd to server depends. - Add opendnssec to freeipa-server-dns depends. - Add python-cffi to python-ipalib depends. - Bump dep on bind9-dyndb-ldap. - Bump certmonger dependency to version that has helpers in the correct place. * patches: - prefix.patch: Fix ipalib install too. - Drop bits of platform.diff and other patches that are now upstream. - fix-kdcproxy-paths.diff: Fix paths in kdcproxy configs. - fix-oddjobs.diff: Fix paths and uids in oddjob configs. - fix-replicainstall.diff: Use ldap instead of ldaps for conncheck. - fix-dnssec-services.diff: Debianize ipa-dnskeysyncd & ipa-ods- exporter units. - create-sysconfig-ods.diff: Create an empty file for opendnssec daemons, until opendnssec itself is fixed. - purge-firefox-extension.diff: Clean obsolete kerberosauth.xpi. - enable-mod-nss-during-setup.diff: Split from platform.diff, call a2enmod/a2dismod from httpinstance.py. - fix-memcached.diff: Split from platform.diff, debianize memcached conf & unit. - hack-libarch.diff: Don't use fedora libpaths. * add-debian-platform.diff: - Update paths.py to include all variables, comment out ones we don't modify. - Use systemwide certificate store; put ipa-ca.crt in /usr/local/share/ca-certificates, and run update-ca-certificates - Map smb service to smbd (LP: #1543230) - Don't ship /var/cache/bind/data, fix named.conf a bit. - Use DebianNoService() for dbus. (LP: #1564981) - Add more constants * Split freeipa-server-dns from freeipa-server, add -dns to -server Recommends. * server.postinst: Use ipa-server-upgrade. * admintools: Use the new location for bash completions. * rules: Remove obsolete configure.jar, preferences.html. * platform: Fix ipautil.run stdout handling, add support for systemd. * server.postinst, tmpfile: Create state directories for mod_auth_gssapi. * rules, server.install: Install scripts under /usr/lib instead of multiarch path to avoid hacking the code too much. * fix-ipa-otpd-install.diff, rules, server.install: Put ipa-otpd in /usr/lib/ipa instead of directly under multiarch lib path. * control, server*.install: Move dirsrv plugins from server-trust-ad to server, needed on upgrades even if trust-ad isn't set up. * server: Enable mod_proxy_ajp and mod_proxy_http on postinst, disable on postrm. * rules: Add SKIP_API_VERSION_CHECK, and adjust directories to clean. * rules: Don't enable systemd units on install. * client: Don't create /etc/pki/nssdb on postinst, it's not used anymore. * platform.diff, rules, server.install: Drop generate-rndc-key.sh, bind already generates the keyfile. -- Timo Aaltonen Mon, 18 Apr 2016 17:40:32 +0300 freeipa (4.1.4-1) experimental; urgency=medium * New upstream release. (LP: #1492226) - Refresh patches - platform-support.diff: Added NAMED_VAR_DIR. - fix-bind-conf.diff: Dropped, obsolete with above. - disable-dnssec-support.patch: Disable DNSSEC-support as we're missing the dependencies for now. * control: Add python-usb to build-depends and to python-freeipa depends. * control: Bump SSSD dependencies. * control: Add libsofthsm2-dev to build-depends and softhsm2 to server depends. * freeipa-{server,client}.install: Add new files. * control: Bump Depends on slapi-nis for CVE fixes. * control: Bump 389-ds-base, pki-ca depends. * control: Drop dogtag-pki-server-theme from server depends, it's not needed. * control: Server needs newer python-ldap, bump build-dep too. * control: Bump certmonger depends. * control: Bump python-nss depends. * freeipa-client: Add /etc/ipa/nssdb, rework /etc/pki/nssdb handling. * platform: Add DebianNamedService. * platform, disable-dnssec-support.patch: Fix named.conf template. * server.postinst: Run ipa-ldap-updater and ipa-upgradeconfig on postinst. * Revert DNSSEC changes to schema and ACI, makes upgrade tools fail. * server.postrm: Clean logs on purge and disable apache modules on remove/purge. -- Timo Aaltonen Fri, 25 Sep 2015 14:07:40 +0300 freeipa (4.0.5-6) unstable; urgency=medium * control Add gnupg-agent to python-freeipa depends, and change gnupg to gnupg2. (LP: #1492184) * Rebuild against current krb5, there was an abi break which broke at least the setup phase. -- Timo Aaltonen Thu, 24 Sep 2015 23:22:24 +0300 freeipa (4.0.5-5) unstable; urgency=medium * control: Drop selinux-policy-dev from build-depends, not needed anymore. * client.dirs,postrm: Drop removing /etc/pki/nssdb from postrm and let dpkg handle it. (Closes: #781114) -- Timo Aaltonen Thu, 09 Apr 2015 17:16:37 +0300 freeipa (4.0.5-4) unstable; urgency=medium * control: Fix freeipa-tests depends. * control: Add systemd-sysv to server depends. (Closes: #780386) * freeipa-client.postrm: Purge /etc/pki if empty. (Closes: #781114) * add-a-clear-openssl-exception.diff: Add a clear OpenSSL exception. (Closes: #772136) * control: Add systemd to build-depends. * dont-check-for-systemd-pc.diff: Dropped, not needed anymore. -- Timo Aaltonen Thu, 02 Apr 2015 10:53:55 +0300 freeipa (4.0.5-3) unstable; urgency=medium * rules: Set JAVA_STACK_SIZE to hopefully avoid FTBFS on exotic archs. * freeipa-client.postrm: Remove nssdb files on purge. (Closes: #775387) * freeipa-client.postinst: Fix bashism with echo. (Closes: #772242) -- Timo Aaltonen Wed, 04 Mar 2015 14:51:35 +0200 freeipa (4.0.5-2) unstable; urgency=medium * Team upload. * Let python-freeipa depend on python-pyasn1, because pyasn1 is imported by ipalib/pkcs10.py and ipalib/plugins/cert.py. * debian/copyright: Drop unused PD license section * debian/copyright: Fix paths of Javascript files -- Benjamin Drung Mon, 24 Nov 2014 12:32:36 +0100 freeipa (4.0.5-1) unstable; urgency=medium * New upstream release - Fix CVE-2014-7828. (Closes: #768294) * control: Update my email address. * fix-bind-conf.diff, add-debian-platform.diff: Fix bind config template to use Debian specific paths, and replace named.conf not named.conf.local. (Closes: #768122) * rules, -server.postinst: Create /var/cache/bind/data owned by bind user. * rules: Fix /var/lib/ipa/backup permissions. * Add non-standard-dir-perm to server lintian overrides. * copyright: Fix a typo. * control: Bump dependency on bind9-dyndb-ldap to 6.0-4~. * control: Move dependency on python-qrcode and python-yubico from server to python-freeipa and drop python-selinux which belongs to pki-server. * control: Relax libxmlrpc-core-c3-dev buil-dep and 389-ds-base dep for easier backporting. * control: Add python-dateutils to server, and python-dbus and python- memcache to python-freeipa dependencies. (Closes: #768187) * platform: Handle /etc/default/nfs-common and /etc/default/autofs, drop NSS_DB_DIR since it's inherited already. (Closes: #769037) * control: Bump policy to 3.9.6, no changes. -- Timo Aaltonen Tue, 11 Nov 2014 10:38:52 +0200 freeipa (4.0.4-2) unstable; urgency=medium * control: Add python-qrcode, python-selinux, python-yubico to freeipa-server dependencies. (Closes: #767427) * freeipa-server.postinst: Enable mod_authz_user and mod_deflate too, but since they should be part of the default apache2 install, don't disable them on uninstall like the other modules. (Closes: #767425) * control: Bump server dependency on -mod-nss to 1.0.10-2 which doesn't enable the module by default. -- Timo Aaltonen Fri, 31 Oct 2014 11:36:51 +0200 freeipa (4.0.4-1) unstable; urgency=medium * Initial release (Closes: #734703) -- Timo Aaltonen Sat, 25 Oct 2014 02:43:59 +0300