From f1e2465520becf6033dee4716f6cf4e51965bb62 Mon Sep 17 00:00:00 2001 From: Martin Kosek Date: Tue, 2 Apr 2013 16:25:46 +0200 Subject: Require 389-base-base 1.3.0.5 Pulls the following fixes: - upgrade deadlock caused by DNA plugin reconfiguration - CVE-2013-1897: unintended information exposure when rootdse is enabled https://fedorahosted.org/freeipa/ticket/3540 --- freeipa.spec.in | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/freeipa.spec.in b/freeipa.spec.in index 665a6d720..5e844534d 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -88,7 +88,7 @@ Requires: %{name}-python = %{version}-%{release} Requires: %{name}-client = %{version}-%{release} Requires: %{name}-admintools = %{version}-%{release} Requires: %{name}-server-selinux = %{version}-%{release} -Requires: 389-ds-base >= 1.3.0 +Requires: 389-ds-base >= 1.3.0.5 Requires: openldap-clients Requires: nss Requires: nss-tools @@ -139,6 +139,7 @@ Requires: zip Requires: policycoreutils >= %{POLICYCOREUTILSVER} Requires: tar Requires(pre): certmonger >= 0.65 +Requires(pre): 389-ds-base >= 1.3.0.5 # We have a soft-requires on bind. It is an optional part of # IPA but if it is configured we need a way to require versions @@ -782,6 +783,12 @@ fi %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt %changelog +* Tue Apr 2 2013 Martin Kosek - 3.1.99-2 +- Require 389-base-base >= 1.3.0.5 to pull the following fixes: + - upgrade deadlock caused by DNA plugin reconfiguration + - CVE-2013-1897: unintended information exposure when + nsslapd-allow-anonymous-access is set to rootdse + * Wed Mar 27 2013 Martin Kosek - 3.1.99-2 - Remove conflict with krb5-server > 1.11 as ipa-kdb is compatible - ipa-ldap-updater show produce errors only -- cgit