7a3070709b
freeipa (4.12.4-1) unstable; urgency=medium
.
* New upstream release.
- CVE-2024-11029 (Closes: #1093383)
- CVE-2025-4404 (Closes: #1108050)
* control: Demote libnss-myhostname to Suggests. (ref. #1006829)
* patches: Fix samba lock directory location. (Closes: #1012593)
* patches: Map nobody group to nogroup on Debian. (Closes: #1012592)
.
freeipa (4.12.2-3) unstable; urgency=medium
.
* control: Add libnss-myhostname to client depends. (Closes: #1006829)
* control: Add python3-ifaddr to ipalib depends. (Closes: #1089716)
* control: Add python3-sphinx to build-depends. (Closes: #1003179,
#1044642, #1049799)
.
freeipa (4.12.2-2) unstable; urgency=medium
.
* control: Migrate to bind9-dnsutils. (Closes: #1094939)
.
freeipa (4.12.2-1) unstable; urgency=medium
.
* New upstream release.
- CVE-2024-2698 (Closes: #1077682)
- CVE-2024-3183 (Closes: #1077683)
* control: Drop conflicts on systemd-timesyncd as upstream recognizes
it now. (Closes: #1072168)
* use-raw-strings.diff: Dropped, upstream.
* rules: Fix installing bash-completions. (Closes: #1089329)
* control: Drop python3-nose from build-depends, unused. (Closes:
#1018359)
.
freeipa (4.11.1-2.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Replace systemd Build-Depends with systemd-dev for systemd.pc.
(Closes: #1060469)
.
freeipa (4.11.1-2) unstable; urgency=medium
.
* use-raw-strings.diff: Import patch from upstream to fix noise when
installing. (LP: #2060298)
* map-ssh-service.diff: Map sshd service to use ssh.service. (LP:
#2061055)
.
freeipa (4.11.1-1) unstable; urgency=medium
.
* New upstream release.
* control: Add sssd-passkey to freeipa-client Recommends.
* control.server: Drop python3-paste from python3-ipatests depends,
obsolete.
* control, rules: Replace hardcoded librpm9 depends. (Closes:
#1067570)
.
freeipa (4.10.2-2) unstable; urgency=medium
.
[ Timo Aaltonen ]
* control: Bump certmonger dependency.
.
[ Helmut Grohne ]
* Fix FTBFS when systemd.pc changes systemdsystemunitdir. (Closes:
#1052641)
.
freeipa (4.10.2-1) unstable; urgency=medium
.
* New upstream release.
* control: Bump sssd, bind9 depends.
* source: Update extend-diff-ignore.
* copyright, source: Fix some lintian issues/overrides.
* server-trust-ad: Add a lintian override for the samba plugin rpath.
* source: Add a lintian override for client-only build; empty-debian-
tests-control.
.
freeipa (4.9.11-1) unstable; urgency=medium
.
* New upstream release. (Closes: #1029070)
* control: Add systemd-timesyncd to freeipa-client Conflicts. (Closes:
#1008195)
* patches: Drop upstreamed patches.
* source: Extend diff-ignore.
* server.install: Updated.
.
freeipa (4.9.8-1) unstable; urgency=medium
.
* New upstream release.
* patches: Drop upstreamed patch.
* server.install: Updated.
* Build only the client in order to be able to backport to bullseye.
(Closes: #996946)
* control: Depend on librpm9 instead of librpm8.
* tests: Disabled for a client-only build.
.
freeipa (4.9.7-3) unstable; urgency=medium
.
* tests: Set KRB5_TRACE to use stderr.
* patches: Fix apache group properly.
* client: Move .tmpfile -> .tmpfiles.
* control: Bump debhelper to 13, gain dh_installtmpfiles being run.
* control, rules: Add --without-ipa-join-xml and drop libxmlrpc from depends.
* server.postinst: Drop creating old ccaches for mod_auth_gssapi, obsolete.
* server.postinst: Drop old upgrade rules.
* patches: Fix named keytab name.
.
freeipa (4.9.7-2) unstable; urgency=medium
.
* lintian: Drop override on python-script-but-no-python-dep, which doesn't
exist anymore.
* rules: Add fortify flag to CFLAGS, as CPPFLAGS isn't used by the project.
* ci: Drop allowed failure for blhc, it passes now.
* control: Build-depend on libcurl4-openssl-dev.
* fix-paths.diff: Fix some paths in ipaplatform/base.
* fix-apache-group.diff: Fix apache group name in ipa.conf tmpfile.
* control: Depend on gpg instead of gnupg.
* control: Drop libwbclient-sssd from freeipa-client-samba Depends.
* patches: Import a patch to fix ipa cert-find. (Closes: #997952)
.
freeipa (4.9.7-1) unstable; urgency=medium
.
* New upstream release.
* control: Drop obsolete depends on python3-nss.
* pkcs11-openssl-for-bind.diff,
migrate-to-gpg.diff,
use-bind9.16.diff,
fix-chrony-service-name.diff:
- Dropped, upstream.
* watch: Fixed to find upstream rc's.
* source: Update extend-diff-ignore.
* control: Add libcurl-dev, libjansson-dev and libpwquality-dev to
build-depends.
* install: Added new files.
* rules: Drop ipasphinx files for now.
* control: Drop dependency on custodia, not needed.
* control: Bump 389-ds-base depends.
* control: Drop python3-coverage depends, it's not used.
* control: Bump dogtag depends.
79 lines
2.7 KiB
Bash
79 lines
2.7 KiB
Bash
#!/bin/sh
|
||
set -e
|
||
|
||
OUT=/dev/null
|
||
|
||
if [ "$1" = configure ]; then
|
||
if ! getent passwd kdcproxy > $OUT; then
|
||
adduser --quiet --system --home / \
|
||
--shell /usr/sbin/nologin --group \
|
||
--no-create-home --gecos "IPA KDC Proxy User" \
|
||
kdcproxy > $OUT
|
||
fi
|
||
if ! getent passwd ipaapi > $OUT; then
|
||
adduser --quiet --system --home / \
|
||
--shell /usr/sbin/nologin --group \
|
||
--no-create-home --gecos "IPA Framework User" \
|
||
ipaapi > $OUT
|
||
fi
|
||
|
||
chmod 711 /var/lib/ipa/sysrestore > $OUT || true
|
||
chmod 700 /var/lib/ipa/passwds > $OUT || true
|
||
chmod 700 /var/lib/ipa/private > $OUT || true
|
||
|
||
# add www-data to ipaapi group
|
||
if ! id -Gn www-data | grep '\bipaapi\b' >/dev/null; then
|
||
usermod www-data -a -G ipaapi
|
||
fi
|
||
|
||
if [ -e /usr/share/apache2/apache2-maintscript-helper ]; then
|
||
. /usr/share/apache2/apache2-maintscript-helper
|
||
if [ ! -e /etc/apache2/mods-enabled/auth_gssapi.load ]; then
|
||
apache2_invoke enmod auth_gssapi || exit $?
|
||
fi
|
||
if [ ! -e /etc/apache2/mods-enabled/authz_user.load ]; then
|
||
apache2_invoke enmod authz_user || exit $?
|
||
fi
|
||
if [ ! -e /etc/apache2/mods-enabled/deflate.load ]; then
|
||
apache2_invoke enmod deflate || exit $?
|
||
fi
|
||
if [ ! -e /etc/apache2/mods-enabled/expires.load ]; then
|
||
apache2_invoke enmod expires || exit $?
|
||
fi
|
||
if [ ! -e /etc/apache2/mods-enabled/headers.load ]; then
|
||
apache2_invoke enmod headers || exit $?
|
||
fi
|
||
if [ ! -e /etc/apache2/mods-enabled/lookup_identity.load ]; then
|
||
apache2_invoke enmod lookup_identity || exit $?
|
||
fi
|
||
if [ ! -e /etc/apache2/mods-enabled/proxy.load ]; then
|
||
apache2_invoke enmod proxy || exit $?
|
||
fi
|
||
if [ ! -e /etc/apache2/mods-enabled/proxy_ajp.load ]; then
|
||
apache2_invoke enmod proxy_ajp || exit $?
|
||
fi
|
||
if [ ! -e /etc/apache2/mods-enabled/proxy_http.load ]; then
|
||
apache2_invoke enmod proxy_http || exit $?
|
||
fi
|
||
if [ ! -e /etc/apache2/mods-enabled/rewrite.load ]; then
|
||
apache2_invoke enmod rewrite || exit $?
|
||
fi
|
||
if [ ! -e /etc/apache2/mods-enabled/session.load ]; then
|
||
apache2_invoke enmod session || exit $?
|
||
fi
|
||
if [ ! -e /etc/apache2/mods-enabled/session_cookie.load ]; then
|
||
apache2_invoke enmod session_cookie || exit $?
|
||
fi
|
||
if [ ! -e /etc/apache2/mods-enabled/ssl.load ]; then
|
||
apache2_invoke enmod ssl || exit $?
|
||
fi
|
||
|
||
# Enable default SSL site
|
||
if [ ! -e /etc/apache2/sites-enabled/default-ssl.conf ]; then
|
||
apache2_invoke ensite default-ssl || exit $?
|
||
fi
|
||
fi
|
||
fi
|
||
|
||
#DEBHELPER#
|