Your message dated Wed, 17 Nov 2021 14:35:01 +0000
with message-id <[email protected]>
and subject line Bug#997952: fixed in freeipa 4.9.7-2
has caused the Debian Bug report #997952,
regarding freeipa-server: IPA certificate API defaults to JSON when XML is
expected
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
997952: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=997952
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: freeipa-server
Version: 4.9.7-1
Severity: normal
Tags: upstream patch
X-Debbugs-Cc: [email protected]
When using "ipa cert-find" or accessing the certificate list via the Web UI,
the operation fails with the following error:
IPA Error 4301: CertificateOperationError
Certificate operation cannot be completed: Unable to communicate with CMS
(Start tag expected, '<' not found, line 1, column 1)
This issue stems from Dogtag expecting XML output from IPA's REST API, however,
IPA now defaults to returning JSON bodies if the format is not explicitly
specified.
Upstream has fixed this bug, but it has not yet been released. Fedora 35 opted
to backport the patch, since it was a minor change with no other effects.
The patch is available at
https://patch-diff.githubusercontent.com/raw/freeipa/freeipa/pull/6014.patch,
and needs
to be included in this release of FreeIPA as well. Without it, certificates
can't
be properly managed by either the command-line tools or the Web UI, and it's
likely
other operations will fail as well.
-- System Information:
Debian Release: bookworm/sid
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
'stable'), (1, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.14.0-3-amd64 (SMP w/4 CPU threads)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages freeipa-server depends on:
ii 389-ds-base 1.4.4.17-1
ii acl 2.3.1-1
ii adduser 3.118
ii apache2 2.4.51-2
ii certmonger 0.79.14+git20211010-2
ii chrony 4.1-4
ii fonts-font-awesome 5.0.10+really4.7.0~dfsg-4.1
ii fonts-open-sans 1.11-1.1
ii freeipa-client 4.9.7-1
ii freeipa-common 4.9.7-1
ii gssproxy 0.8.4-2
ii krb5-admin-server 1.18.3-7
ii krb5-kdc 1.18.3-7
ii krb5-kdc-ldap 1.18.3-7
ii krb5-otp 1.18.3-7
ii krb5-pkinit 1.18.3-7
ii ldap-utils 2.4.59+dfsg-1
ii libapache2-mod-auth-gssapi 1.6.3-1
ii libapache2-mod-lookup-identity 1.0.0-1
ii libapache2-mod-wsgi-py3 4.7.1-3+b1
ii libc6 2.32-4
ii libgssapi-krb5-2 1.18.3-7
ii libjs-dojo-core 1.15.4+dfsg1-1
ii libjs-jquery 3.5.1+dfsg+~3.5.5-8
ii libjs-scriptaculous 1.9.0-2.1
ii libk5crypto3 1.18.3-7
ii libkrad0 1.18.3-7
ii libkrb5-3 1.18.3-7
ii libldap-2.4-2 2.4.59+dfsg-1
ii libnss3-tools 2:3.70-1
ii libpopt0 1.18-3
ii libpwquality1 1.4.4-1
ii libsasl2-modules-gssapi-mit 2.1.27+dfsg-2.1
ii libssl1.1 1.1.1l-1
ii libsss-certmap0 2.5.2-4
ii libsss-nss-idmap0 2.5.2-4
ii libtalloc2 2.3.1-2+b1
ii libunistring2 0.9.10-6
ii libuuid1 2.37.2-4
ii libverto1 0.3.1-1
ii libwbclient0 2:4.13.5+dfsg-2
ii oddjob 0.34.6-1
ii p11-kit 0.24.0-5
ii pki-ca 11.0.0-1
ii pki-kra 11.0.0-1
ii python3 3.9.2-3
ii python3-dateutil 2.8.1-6
ii python3-gssapi 1.6.12-1
ii python3-ipaserver 4.9.7-1
ii python3-ldap 3.2.0-4+b3
ii python3-systemd 234-3+b4
ii samba-libs 2:4.13.5+dfsg-2
ii slapi-nis 0.56.7-1
ii ssl-cert 1.1.0+nmu1
ii sssd-dbus 2.5.2-4
ii systemd-sysv 249.5-1
Versions of packages freeipa-server recommends:
ii freeipa-server-dns 4.9.7-1
freeipa-server suggests no packages.
-- Configuration Files:
/etc/default/ipa-dnskeysyncd changed:
SOFTHSM2_CONF=/etc/ipa/dnssec/softhsm2.conf
-- no debconf information
>From 46f6c8df3dba0c5bd15e93c8249f3464799e7596 Mon Sep 17 00:00:00 2001
From: Chris Kelley <[email protected]>
Date: Fri, 10 Sep 2021 16:47:22 +0100
Subject: [PATCH] Make Dogtag return XML for ipa cert-find
Using JSON by default within Dogtag appears to cause ipa cert-find to
return JSON, when the request was made with XML. We can request that XML
is returned as before by specifying so in the request header.
Fixes: https://pagure.io/freeipa/issue/8980
Signed-off-by: Chris Kelley <[email protected]>
---
ipaserver/plugins/dogtag.py | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py
index be2e4bb4e2a..b4feddfac19 100644
--- a/ipaserver/plugins/dogtag.py
+++ b/ipaserver/plugins/dogtag.py
@@ -1832,7 +1832,8 @@ def convert_time(value):
method='POST',
headers={'Accept-Encoding': 'gzip, deflate',
'User-Agent': 'IPA',
- 'Content-Type': 'application/xml'},
+ 'Content-Type': 'application/xml',
+ 'Accept': 'application/xml'},
body=payload
)
--- End Message ---
--- Begin Message ---
Source: freeipa
Source-Version: 4.9.7-2
Done: Timo Aaltonen <[email protected]>
We believe that the bug you reported is fixed in the latest version of
freeipa, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Timo Aaltonen <[email protected]> (supplier of updated freeipa package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 17 Nov 2021 15:40:55 +0200
Source: freeipa
Built-For-Profiles: noudeb
Architecture: source
Version: 4.9.7-2
Distribution: unstable
Urgency: medium
Maintainer: Debian FreeIPA Team <[email protected]>
Changed-By: Timo Aaltonen <[email protected]>
Closes: 997952
Changes:
freeipa (4.9.7-2) unstable; urgency=medium
.
* lintian: Drop override on python-script-but-no-python-dep, which doesn't
exist anymore.
* rules: Add fortify flag to CFLAGS, as CPPFLAGS isn't used by the project.
* ci: Drop allowed failure for blhc, it passes now.
* control: Build-depend on libcurl4-openssl-dev.
* fix-paths.diff: Fix some paths in ipaplatform/base.
* fix-apache-group.diff: Fix apache group name in ipa.conf tmpfile.
* control: Depend on gpg instead of gnupg.
* control: Drop libwbclient-sssd from freeipa-client-samba Depends.
* patches: Import a patch to fix ipa cert-find. (Closes: #997952)
Checksums-Sha1:
dc458c91b7f390d74be38f36218c217bbffe3d12 3909 freeipa_4.9.7-2.dsc
04882d04e62a782a8890a564366b9ea4a0a4ff6d 281764 freeipa_4.9.7-2.debian.tar.xz
126134badedb533c1d83b61592293494f4381beb 9441 freeipa_4.9.7-2_source.buildinfo
Checksums-Sha256:
c379596dc3ab0b2f8716788c62ecd19bc81ef83dea204ef3cf1167d3c3246a4b 3909
freeipa_4.9.7-2.dsc
9bd864a950b83e3a18113c35b778a4a368f60e5852ea59cdd0db3a095d4b9558 281764
freeipa_4.9.7-2.debian.tar.xz
001aaece054ed2d835e0c9731711ff0f4022ce114066faad30d39781f23a0b6a 9441
freeipa_4.9.7-2_source.buildinfo
Files:
8faebeec9e74ba5a49e415361f789c78 3909 net optional freeipa_4.9.7-2.dsc
e656ada57d31867964b8b545fe2d94d2 281764 net optional
freeipa_4.9.7-2.debian.tar.xz
e7daac3a2f44f429243a9923b254f455 9441 net optional
freeipa_4.9.7-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEdS3ifE3rFwGbS2Yjy3AxZaiJhNwFAmGVBqIACgkQy3AxZaiJ
hNytQBAAiHLB1i3KRru4X/tDSIgwp2ZLanyvOixQ2wEA2Q+htWs7z6Yqj+9tneNL
JvJHEILcMmPgW+6ukzdUr8Y8Ntuf8u1tVA0SDotItS9HmxeuGsGZovVr8wcqSnjN
KugifWaxoeVPAQoKErti69xFFvErH6J1gO8p3lVV3YWNhUSqlV0pRTWsXZJ25SSA
U0LwfBsmfNdZ9CLMw41ZW7Xe534GVClKRxTlTS0pRo4Be4dXWAnvjd8ATr9+L8zC
S/CNoJsWd/rac6gr6y7IMnSjrxIj4HdS8lfrwQQKK/oL21HV5WrCmM8oWe4CFf4F
pDcDgnjedAlgxHw8r/WJI6ohPMFAaACuW6CXwDoXiSKJHLdy2QwfPdC9b+5ArxLh
duxPniZXLB6zq/CTo8UbkXWHWOqOoNAJHAfLm9dB6OerEfzOKsDO7Sj4o6J9taHV
Z7MF+mAiurMdtrrcrNkL0jFgEqIsJEdrVqmlxjlOeCcIo2pblEqNlSeXf/VmEyMk
vfSgCwJKqcyuFScSCr9/xIX0XSwRiuVR83z7dthIATF18dv4NmbhwBDE/HhTptpp
nzrEwL0ViYSrA2qbXJtoYfeZ6mLmZd50uztX5USehb73C1E8sn8rJEp3ZJouF3Mm
+8ofbhYVSQ7CVF4eX83pleUU+XkRdux0Qti5IeUN3ZCSA6r063A=
=6G9b
-----END PGP SIGNATURE-----
--- End Message ---