Information for build ipa-4.10.0-8.el9_1
ID | 24224 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Package Name | ipa | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Version | 4.10.0 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Release | 8.el9_1 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Epoch | Draft | False | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Source | git+https://git.cclinux.org/stage/rpms/ipa.git#d87b51cf3062dd1a5de3373e4d30985cb8284bcd | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Summary | The Identity, Policy and Audit system | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Description | IPA is an integrated solution to provide centrally managed Identity (users, hosts, services), Authentication (SSO, 2FA), and Authorization (host access control, SELinux user roles, services). The solution provides features for further integration with Linux based clients (SUDO, automount) and integration with Active Directory based infrastructures (Trusts). | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Built by | distrobuild | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
State | complete | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Volume | DEFAULT | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Started | Tue, 24 Jan 2023 07:22:24 CST | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Completed | Tue, 24 Jan 2023 07:30:20 CST | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Task | build (dist-circle9_1-updates, /stage/rpms/ipa.git:d87b51cf3062dd1a5de3373e4d30985cb8284bcd) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Extra | {'source': {'original_url': 'git+https://git.cclinux.org/stage/rpms/ipa.git?#d87b51cf3062dd1a5de3373e4d30985cb8284bcd'}} | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Tags |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
RPMs |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Logs | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Changelog | * Tue Jan 24 2023 earthloong <earthloong@cclinux.org> - 4.10.0-8 - Add ipaplatform flag * Fri Dec 02 2022 Florence Blanc-Renaud <flo@redhat.com> - 4.10.0-8 - Resolves: rhbz#2149274 vault interoperability with older RHEL systems is broken [rhel-9.1.0.z] - Resolves: rhbz#2150270 ipa-client-install does not maintain server affinity during installation [rhel-9.1.0.z] * Tue Oct 25 2022 Rafael Jeffman <rjeffman@redhat.com> - 4.10.0-7 - Resolves: rhbz#2124547 Attempt to log in as "root" user with admin's password in Web UI does not properly fail - Resolves: rhbz#2137555 Attempt to log in as "root" user with admin's password in Web UI does not properly fail [rhel-9.1.0.z] * Fri Aug 19 2022 Florence Blanc-Renaud <flo@redhat.com> - 4.10.0-6 - Resolves: rhbz#2110014 ldap bind occurs when admin user changes password with gracelimit=0 - Resolves: rhbz#2112901 RFE: Allow grace login limit to be set in IPA WebUI - Resolves: rhbz#2115495 group password policy by default does not allow grace logins - Resolves: rhbz#2116966 ipa-replica-manage displays traceback: Unexpected error: 'bool' object has no attribute 'lower' * Thu Jul 28 2022 Francisco Trivino <ftrivino@redhat.com> - 4.10.0-5 - Resolves: rhbz#2109645 - Rebuild for samba-4.16.3-101.el9 * Thu Jul 21 2022 Francisco Trivino <ftrivino@redhat.com> - 4.10.0-4 - Resolves: rhbz#2109645 - Rebuild for samba-4.16.3-100.el9 * Fri Jul 15 2022 Florence Blanc-Renaud <flo@redhat.com> - 4.10.0-3 - Resolves: rhbz#2105294 IdM WebUI Pagination Size should not allow empty value * Thu Jun 30 2022 Florence Blanc-Renaud <frenaud@redhat.com> - 4.10.0-2 - Resolves: rhbz#2091988 [RFE] Add code to check password expiration on ldap bind * Thu Jun 30 2022 Florence Blanc-Renaud <frenaud@redhat.com> - 4.10.0-1 - Resolves: rhbz#747959 [RFE] Support random serial numbers in IPA certificates - Resolves: rhbz#2100227 [UX] Preserving a user account produces output saying it was deleted * Fri Jun 17 2022 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.10-1 - Resolves: rhbz#2079469 [Rebase] Rebase ipa to latest 4.9.x release - Resolves: rhbz#2012911 named journalctl logs shows 'zone testrealm.test/IN: serial (serialnumber) write back to LDAP failed.' - Resolves: rhbz#2069202 [RFE] add support for authenticating against external IdP services using OAUTH2 preauthenticaiton mechanism provided by SSSD - Resolves: rhbz#2083218 ipa-dnskeysyncd floods /var/log/messages with DEBUG messages - Resolves: rhbz#2089750 RFE: Improve error message with more detail for ipa-replica-install command - Resolves: rhbz#2091988 [RFE] Add code to check password expiration on ldap bind - Resolves: rhbz#2094400 [RFE] ipa-client-install should provide option to enable subid: sss in /etc/nsswitch.conf - Resolves: rhbz#2096922 secret in ipa-pki-proxy.conf is not changed if new requiredSecret value is present in /etc/pki/pki-tomcat/server.xml * Wed Apr 06 2022 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.8-8 - Resolves: rhbz#2067971 Consequences of FIPS crypto policy tightening in RHEL 9 - tests: ensure AD-SUPPORT subpolicy is active in more cases - ipatests: fix check for AD topology being present * Thu Mar 24 2022 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.8-7 - Resolves: rhbz#2067971 Consequences of FIPS crypto policy tightening in RHEL 9 - KRB instance: make provision to work with crypto policy without SHA-1 HMAC types - tests: ensure AD-SUPPORT subpolicy is active - ipatests: extend AES keyset to SHA2-based ones - freeipa.spec: bump crypto-policies dependency for CentOS 9 Stream - Kerberos instance: default to AES256-SHA2 for master key encryption - test_otp: do not use paramiko unless it is really needed - test_krbtpolicy: skip SPAKE-related tests in FIPS mode - Support AES for KRA archival wrapping - Set AES as default for KRA archival wrapping * Thu Feb 24 2022 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.8-6 - Resolves: rhbz#2057467 Backport latest test fixes in python3-ipatests - ipatests: Tests for Autoprivate group. - mark xfail for test_idoverride_with_auto_private_group[hybrid] - Mark xfail test_gidnumber_not_corresponding_existing_group[true,hybrid] * Mon Feb 14 2022 Alexander Bokovoy <abokovoy@redhat.com> - 4.9.8-5 - Resolves: rhbz#2053025 - add IPA test suite fixes * Mon Feb 14 2022 Alexander Bokovoy <abokovoy@redhat.com> - 4.9.8-4 - Resolves: rhbz#2053586 IPA LDAP plugin ipa-cldap memory leak - fix memory leak in CLDAP responder * Fri Feb 11 2022 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.8-3 - Resolves: rhbz#2050540 Unable to join RHEL 8.5 Replica to RHEL 7.9 Master for migration purposes - Don't always override the port in import_included_profiles - Resolves: rhbz#2051582 Enable ipa-ccache-sweep.timer during server installation - Test ipa-ccache-sweep.timer enabled by default during installation - Enable the ccache sweep timer during installation - Resolves: rhbz#2051844 ipa-join tests are failing due to changes in expected output - Remove ipa-join errors from behind the debug option * Thu Feb 03 2022 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.8-2 - Resolves: rhbz#2040619 - Changing default pac type to 'nfs:NONE and MS-PAC' doesnot display error 'ipa: ERROR: no modifications to be performed' - Config plugin: return EmptyModlist when no change is applied - config plugin: add a test ensuring EmptyModlist is returned - Resolves: rhbz#2048510 - [rhel-9.0] Backport latest test fixes in python3-ipatests - ipatests: webui: Tests for subordinate ids. - ipatests: webui: Use safe-loader for loading YAML configuration file - ipatests: Fix test_ipa_cert_fix.py::TestCertFixReplica teardown - Test cases for ipa-replica-conncheck command - PEP8 Fixes - ipatests: Test empty cert request doesn't force certmonger to segfault - ipatests: Test default value of nsslapd-sizelimit. - Extend test to see if replica is not shown when running `ipa-replica-manage list -v <FQDN>` - Added test automation for SHA384withRSA CSR support - Resolves: rhbz#2049104 - User can't log in after ipa-user-mod --user-auth-type=hardened - ipa-kdb: do not remove keys for hardened auth-enabled users - ipatests: add case for hardened-only ticket policy - Resolves: rhbz#2049174 - KRA GetStatus service blocked by IPA proxy - ipa-pki-proxy.conf: provide access to /kra/admin/kra/getStatus * Thu Dec 02 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.8-1 - Resolves: rhbz#2015608 - [Rebase] Rebase ipa to latest 4.9.x release RHEL9 - Resolves: rhbz#1825010 - Concerns regarding 'ipa pwpolicy-mod --minlife 24 --maxlife 1' - Resolves: rhbz#1966289 - Info about searchrecordslimit set search limit to 10,000 after upgrade - Resolves: rhbz#1980356 - reinstalling samba client causes winbindd coredump - Resolves: rhbz#1986054 - fix automountlocation-tofiles output - Resolves: rhbz#2020205 - Missing bind-pkcs11-utils causing failures in OpenDNSSec - Resolves: rhbz#2021445 - CVE-2020-25719 ipa: samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets - ipa-kdb: issue PAC_REQUESTER_SID only for TGTs - ipa-kdb: fix requester SID check according to MS-KILE and MS-SFU updates * Tue Oct 05 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.6-9 - Resolves: rhbz#2010701 ipa-server-install fails while 'configuring certificate server instance' - Parse getStatus as JSON not XML - Parse cert chain as JSON not XML - Specify PKI installation log paths - Make Dogtag return XML for ipa cert-find * Fri Sep 17 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.6-8 - Resolves: rhbz#2005864 ipa cert-request replaces user certificate instead of adding - Don't store entries with a usercertificate in the LDAP cache - ipatests: Test that a user can be issued multiple certificates * Fri Sep 10 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.6-7 - Resolves: rhbz#2003005 AVC denied { read } comm="ipa-custodia" on aarch64 during installation of ipa-server - selinux policy: allow custodia to access /proc/cpuinfo - Resolves: rhbz#2003004 extdom: LDAP_INVALID_SYNTAX returned instead of LDAP_NO_SUCH_OBJECT - extdom: return LDAP_NO_SUCH_OBJECT if domains differ - Resolves: rhbz#2003003 subid: subid-match displays the DN of the owner, not its UID. - subid: subid-match: display the owner's ID not DN - Resolves: rhbz#2013116 ipa migrate-ds command fails to warn when compat plugin is enabled - migrate-ds: workaround to detect compat tree * Thu Aug 26 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.6-6 - Resolves: rhbz#1998098 - Backport latest test fixes in python3-ipatests - ipatests: Test unsecure nsupdate. - ipatests: Fix TestAJPSecretUpgrade tests on systems without pkiuser - ipatests: test_ipahealthcheck: Verify permissions for /var/log/ files - ipatests: test to renew certs on replica using ipa-cert-fix - ipatests: wait while http/ldap/pkinit cert get renew on replica - ipatests: refactor test_ipa_cert_fix with tasks - ipatests: use whole date for journalctl --since * Tue Aug 17 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.6-5 - Resolves: rhbz#1988383 Do SRV discovery in ipa-getkeytab if -s and -H aren't provided - ipa-getkeytab: add option to discover servers using DNS SRV - ipa-getkeytab: fix compiler warnings - ipatests: test ipa-getkeytab server option - Resolves: rhbz#1986329 ipa-server install failure without DNS - Fix ldapupdate.get_sub_dict() for missing named user - Resolves: rhbz#1980734 Remove python3-pexpect as dependency for ipatests pkg - freeipa.spec.in: remove python3-pexpect from Requires - Resolves: rhbz#1992538 Backport recent test fixes in python3-ipatests - ipatests: use whole date when calling journalctl --since - ipatests: Fix for test_source_ipahealthcheck_ipa_host_check_ipahostkeytab - ipatests: test_ipahealthcheck: print a message if a system is healthy - ipatests: test_installation: move tracking_reqs dependency to ipalib constants ipaserver: krainstance: utilize moved tracking_reqs dependency - webui tests: close notification when revoking cert - ipatests: Test ipa-cert-fix warns when startup directive is missing from CS.cfg - webui tests: fix algo for finding available idrange - ipatests: smbclient "-k" => "--use-kerberos=desired" - test_acme: refactor with tasks - test_acme: make password renewal more robust - tasks.py: fix flake8-reported issues - ipatests: Test for OTP when the LDAP connection timed out. - ipatests: verify that getcert output includes the issued date - ipatests: Look for warning into stderr instead of stdout - ipatests: use krb5_trace in TestIpaAdTrustInstall - ipatests: Test ldapsearch with base scope works with compat tree. - ipatests: skip test_basesearch_compat_tree on fedora. - ipatests: Refactor test_check_otpd_after_idle_timeout * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 4.9.6-4.1 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Fri Jul 23 2021 Rob Crittenden <rcritten@redhat.com> - 4.9.6-4 - Use new method in check to prevent removal of last KRA (#1985072) - ipatests: NAMED_CRYPTO_POLICY_FILE not defined for RHEL (#1982952) - Fix index definition for memberOf (#1952028) * Thu Jul 15 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.6-3 - Resolves: rhbz#1979629 Add checks to prevent assigning authentication indicators to internal IPA services - Resolves: rhbz#1982212 ipa-trust-add fails with "not enough quota" - Resolves: rhbz#1952028 [RFE] Add support for managing subuids and subgids in FreeIPA - Resolves: rhbz#1981789 [man page] contradiction in ipa-server-upgrade command's man page and usage * Fri Jul 09 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.6-2 - Resolves: rhbz#1955440 ipa installation fails to configure chrony - Resolves: rhbz#1976761 Package python3-ipatests (from CRB repo) Requires python3-coverage - Resolves: rhbz#1979609 Unable to set ipaUserAuthType with stageuser-add - Resolves: rhbz#1979629 Add checks to prevent assigning authentication indicators to internal IPA services * Wed Jun 30 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.6-1 - Resolves: rhbz#1969351 Rebase IPA to latest 4.9.x version - Resolves: rhbz#1976288 ansible-freeipa automember test fails with `automember_add_condition: testgroup: 'objectclass'` due to ldap cache - Resolves: rhbz#1975139 Upgrade error: Add failure missing required attribute "objectclass" - Resolves: rhbz#1973024 CA_less ipa-server-install fails if CA cert subject contains non ascii chars - Resolves: rhbz#1966101 [RFE] - IDM - Allow specifying permanent logging settings for BIND - Resolves: rhbz#1962570 IPA in c9s should not require redhat-logos-ipa as a runtime package - Resolves: rhbz#1957736 [RFE] IPA to allow configuring auto-private-groups at idrange level * Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 4.9.3-2.1 - Rebuilt for RHEL 9 BETA for openssl 3.0 Related: rhbz#1971065 * Tue Apr 20 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.3-2 - RHEL 9 Beta mass rebuild. Resolves: rhbz#1951304 * Wed Mar 31 2021 Alexander Bokovoy <abokovoy@redhat.com> - 4.9.3-1 - Upstream release FreeIPA 4.9.3 * Fri Feb 26 2021 Alexander Bokovoy <abokovoy@redhat.com> - 4.9.2-4 - Rebuild against 389-ds and PKI to fix https://github.com/389ds/389-ds-base/issues/4609 * Tue Feb 23 2021 Alexander Bokovoy <abokovoy@redhat.com> - 4.9.2-3 - Only use python-platform on RHEL 8 * Mon Feb 15 2021 Alexander Bokovoy <abokovoy@redhat.com> - 4.9.2-2 - Fix ipatests dependency to python3-pexpect * Mon Feb 15 2021 Alexander Bokovoy <abokovoy@redhat.com> - 4.9.2-1 - Upstream release FreeIPA 4.9.2 * Wed Jan 27 2021 Alexander Bokovoy <abokovoy@redhat.com> - 4.9.1-1 - Upstream release FreeIPA 4.9.1 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4.9.0-2.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild |