Information for build ipa-4.10.2-4.el9
| ID | 27790 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Package Name | ipa | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Version | 4.10.2 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Release | 4.el9 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Epoch | Draft | False | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Source | ipa-4.10.2-4.el9.src.rpm | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Summary | The Identity, Policy and Audit system | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description | IPA is an integrated solution to provide centrally managed Identity (users, hosts, services), Authentication (SSO, 2FA), and Authorization (host access control, SELinux user roles, services). The solution provides features for further integration with Linux based clients (SUDO, automount) and integration with Active Directory based infrastructures (Trusts). | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Built by | circlekoji | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| State | complete | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Volume | DEFAULT | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Started | Wed, 22 Nov 2023 18:03:28 CST | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Completed | Wed, 22 Nov 2023 18:19:21 CST | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Task | build (dist-circle9, ipa-4.10.2-4.el9.src.rpm) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Extra | {'source': {'original_url': 'ipa-4.10.2-4.el9.src.rpm'}} | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Tags |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| RPMs |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Logs | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Changelog | * Thu Aug 17 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.10.2-4 - Resolves: rhbz#2231847 RHEL 8.8 & 9.2 fails to create AD trust with STIG applied - Resolves: rhbz#2232056 Include latest test fixes in python3-ipatests * Thu Aug 10 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.10.2-3 - Resolves: rhbz#2229712 Delete operation protection for admin user - Resolves: rhbz#2227831 Interrupt request processing in ipadb_fill_info3() if connection to 389ds is lost - Resolves: rhbz#2227784 libipa_otp_lasttoken plugin memory leak - Resolves: rhbz#2224570 Improved error messages are needed when attempting to add a non-existing idp to a user - Resolves: rhbz#2230251 Backport latest test fixes to python3-ipatests * Thu Jun 29 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.10.2-2 - Resolves: rhbz#2192969 Better handling of the command line and web UI cert search and/or list features - Resolves: rhbz#2214933 Uninstalling of the IPA server is encountering a failure during the unconfiguration of the CA (Unconfiguring CA) - Resolves: rhbz#2216114 After updating the RHEL from 8.7 to 8.8, IPA services fails to start - Resolves: rhbz#2216549 Upgrade to 4.9.10-6.0.1 fails: attributes are managed by topology plugin - Resolves: rhbz#2216611 Backport latest test fixes in python3-ipatests - Resolves: rhbz#2216872 User authentication failing on OTP validation using multiple tokens, succeeds with password only * Tue Jun 06 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.10.2-1 - Resolves: rhbz#2196426 [Rebase] Rebase ipa to latest 4.10.x release for RHEL 9.3 - Resolves: rhbz#2192969 Better handling of the command line and web UI cert search and/or list features - Resolves: rhbz#2192625 Better catch of the IPA web UI event "IPA Error 4301:CertificateOperationError", and IPA httpd error CertificateOperationError - Resolves: rhbz#2188567 IPA client Kerberos configuration incompatible with java - Resolves: rhbz#2182683 Tolerate absence of PAC ticket signature depending of domain and servers capabilities [rhel-9] - Resolves: rhbz#2180914 Sequence processing failures for group_add using server context - Resolves: rhbz#2165880 Add RBCD support to IPA - Resolves: rhbz#2160399 get_ranges - [file ipa_sidgen_common.c, line 276]: Failed to convert LDAP entry to range struct * Wed Feb 22 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.10.1-6 - Resolves: rhbz#2169632 Backport latest test fixes in python3-ipatests * Mon Feb 13 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.10.1-5 - Resolves: rhbz#2162656 Passwordless (GSSAPI) SSH not working for subdomain - Resolves: rhbz#2166326 Removing the last DNS type for ipa-ca does not work - Resolves: rhbz#2167473 RFE - Add a warning note about possible performance impact of the Auto Member rebuild task - Resolves: rhbz#2168244 requestsearchtimelimit=0 doesn't seems to be work with ipa-acme-manage pruning command * Mon Feb 06 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.10.1-4 - Resolves: rhbz#2161284 'ERROR Could not remove /tmp/tmpbkw6hawo.ipabkp' can be seen prior to 'ipa-client-install' command was successful - Resolves: rhbz#2164403 ipa-trust-add with --range-type=ipa-ad-trust-posix fails while creating an ID range - Resolves: rhbz#2162677 RFE: Implement support for PKI certificate and request pruning - Resolves: rhbz#2167312 - Backport latest test fixes in python3-ipatests * Wed Dec 21 2022 Alexander Bokovoy <abokovoy@redhat.com> - 4.10.1-3 - Rebuild against krb5 1.20.1 ABI - Resolves: rhbz#2155425 * Fri Dec 09 2022 Florence Blanc-Renaud <flo@redhat.com> - 4.10.1-2 - Resolves: rhbz#2148887 MemberManager with groups fails - Resolves: rhbz#2150335 idm:client is missing dependency on krb5-pkinit * Fri Nov 25 2022 Florence Blanc-Renaud <flo@redhat.com> - 4.10.1-1 - Resolves: rhbz#2141315 [Rebase] Rebase ipa to latest 4.10.x release for RHEL 9.2 - Resolves: rhbz#2094673 ipa-client-install should just use system wide CA store and do not specify TLS_CACERT in ldap.conf - Resolves: rhbz#2117167 After leapp upgrade on ipa-client ipa-server package installation failed. (`REQ_FULL_WITH_MEMBERS` returns object from wrong domain) - Resolves: rhbz#2127833 Password Policy Grace login limit allows invalid maximum value - Resolves: rhbz#2143224 [RFE] add certificate support to ipa-client instead of one time password - Resolves: rhbz#2144736 vault interoperability with older RHEL systems is broken - Resolves: rhbz#2148258 ipa-client-install does not maintain server affinity during installation - Resolves: rhbz#2148379 Add warning for empty targetattr when creating ACI with RBAC - Resolves: rhbz#2148380 OTP token sync always returns OK even with random numbers - Resolves: rhbz#2148381 Deprecated feature idnssoaserial in IdM appears when creating reverse dns zones - Resolves: rhbz#2148382 Introduction of URI records for kerberos breaks location functionality * Tue Oct 25 2022 Rafael Jeffman <rjeffman@redhat.com> - 4.10.0-7 - Resolves: rhbz#2124547 Attempt to log in as "root" user with admin's password in Web UI does not properly fail - Resolves: rhbz#2137555 Attempt to log in as "root" user with admin's password in Web UI does not properly fail [rhel-9.1.0.z] * Fri Aug 19 2022 Florence Blanc-Renaud <flo@redhat.com> - 4.10.0-6 - Resolves: rhbz#2110014 ldap bind occurs when admin user changes password with gracelimit=0 - Resolves: rhbz#2112901 RFE: Allow grace login limit to be set in IPA WebUI - Resolves: rhbz#2115495 group password policy by default does not allow grace logins - Resolves: rhbz#2116966 ipa-replica-manage displays traceback: Unexpected error: 'bool' object has no attribute 'lower' * Thu Jul 28 2022 Francisco Trivino <ftrivino@redhat.com> - 4.10.0-5 - Resolves: rhbz#2109645 - Rebuild for samba-4.16.3-101.el9 * Thu Jul 21 2022 Francisco Trivino <ftrivino@redhat.com> - 4.10.0-4 - Resolves: rhbz#2109645 - Rebuild for samba-4.16.3-100.el9 * Fri Jul 15 2022 Florence Blanc-Renaud <flo@redhat.com> - 4.10.0-3 - Resolves: rhbz#2105294 IdM WebUI Pagination Size should not allow empty value * Thu Jun 30 2022 Florence Blanc-Renaud <frenaud@redhat.com> - 4.10.0-2 - Resolves: rhbz#2091988 [RFE] Add code to check password expiration on ldap bind * Thu Jun 30 2022 Florence Blanc-Renaud <frenaud@redhat.com> - 4.10.0-1 - Resolves: rhbz#747959 [RFE] Support random serial numbers in IPA certificates - Resolves: rhbz#2100227 [UX] Preserving a user account produces output saying it was deleted * Fri Jun 17 2022 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.10-1 - Resolves: rhbz#2079469 [Rebase] Rebase ipa to latest 4.9.x release - Resolves: rhbz#2012911 named journalctl logs shows 'zone testrealm.test/IN: serial (serialnumber) write back to LDAP failed.' - Resolves: rhbz#2069202 [RFE] add support for authenticating against external IdP services using OAUTH2 preauthenticaiton mechanism provided by SSSD - Resolves: rhbz#2083218 ipa-dnskeysyncd floods /var/log/messages with DEBUG messages - Resolves: rhbz#2089750 RFE: Improve error message with more detail for ipa-replica-install command - Resolves: rhbz#2091988 [RFE] Add code to check password expiration on ldap bind - Resolves: rhbz#2094400 [RFE] ipa-client-install should provide option to enable subid: sss in /etc/nsswitch.conf - Resolves: rhbz#2096922 secret in ipa-pki-proxy.conf is not changed if new requiredSecret value is present in /etc/pki/pki-tomcat/server.xml * Wed Apr 06 2022 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.8-8 - Resolves: rhbz#2067971 Consequences of FIPS crypto policy tightening in RHEL 9 - tests: ensure AD-SUPPORT subpolicy is active in more cases - ipatests: fix check for AD topology being present * Thu Mar 24 2022 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.8-7 - Resolves: rhbz#2067971 Consequences of FIPS crypto policy tightening in RHEL 9 - KRB instance: make provision to work with crypto policy without SHA-1 HMAC types - tests: ensure AD-SUPPORT subpolicy is active - ipatests: extend AES keyset to SHA2-based ones - freeipa.spec: bump crypto-policies dependency for CentOS 9 Stream - Kerberos instance: default to AES256-SHA2 for master key encryption - test_otp: do not use paramiko unless it is really needed - test_krbtpolicy: skip SPAKE-related tests in FIPS mode - Support AES for KRA archival wrapping - Set AES as default for KRA archival wrapping * Thu Feb 24 2022 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.8-6 - Resolves: rhbz#2057467 Backport latest test fixes in python3-ipatests - ipatests: Tests for Autoprivate group. - mark xfail for test_idoverride_with_auto_private_group[hybrid] - Mark xfail test_gidnumber_not_corresponding_existing_group[true,hybrid] * Mon Feb 14 2022 Alexander Bokovoy <abokovoy@redhat.com> - 4.9.8-5 - Resolves: rhbz#2053025 - add IPA test suite fixes * Mon Feb 14 2022 Alexander Bokovoy <abokovoy@redhat.com> - 4.9.8-4 - Resolves: rhbz#2053586 IPA LDAP plugin ipa-cldap memory leak - fix memory leak in CLDAP responder * Fri Feb 11 2022 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.8-3 - Resolves: rhbz#2050540 Unable to join RHEL 8.5 Replica to RHEL 7.9 Master for migration purposes - Don't always override the port in import_included_profiles - Resolves: rhbz#2051582 Enable ipa-ccache-sweep.timer during server installation - Test ipa-ccache-sweep.timer enabled by default during installation - Enable the ccache sweep timer during installation - Resolves: rhbz#2051844 ipa-join tests are failing due to changes in expected output - Remove ipa-join errors from behind the debug option * Thu Feb 03 2022 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.8-2 - Resolves: rhbz#2040619 - Changing default pac type to 'nfs:NONE and MS-PAC' doesnot display error 'ipa: ERROR: no modifications to be performed' - Config plugin: return EmptyModlist when no change is applied - config plugin: add a test ensuring EmptyModlist is returned - Resolves: rhbz#2048510 - [rhel-9.0] Backport latest test fixes in python3-ipatests - ipatests: webui: Tests for subordinate ids. - ipatests: webui: Use safe-loader for loading YAML configuration file - ipatests: Fix test_ipa_cert_fix.py::TestCertFixReplica teardown - Test cases for ipa-replica-conncheck command - PEP8 Fixes - ipatests: Test empty cert request doesn't force certmonger to segfault - ipatests: Test default value of nsslapd-sizelimit. - Extend test to see if replica is not shown when running `ipa-replica-manage list -v <FQDN>` - Added test automation for SHA384withRSA CSR support - Resolves: rhbz#2049104 - User can't log in after ipa-user-mod --user-auth-type=hardened - ipa-kdb: do not remove keys for hardened auth-enabled users - ipatests: add case for hardened-only ticket policy - Resolves: rhbz#2049174 - KRA GetStatus service blocked by IPA proxy - ipa-pki-proxy.conf: provide access to /kra/admin/kra/getStatus * Thu Dec 02 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.8-1 - Resolves: rhbz#2015608 - [Rebase] Rebase ipa to latest 4.9.x release RHEL9 - Resolves: rhbz#1825010 - Concerns regarding 'ipa pwpolicy-mod --minlife 24 --maxlife 1' - Resolves: rhbz#1966289 - Info about searchrecordslimit set search limit to 10,000 after upgrade - Resolves: rhbz#1980356 - reinstalling samba client causes winbindd coredump - Resolves: rhbz#1986054 - fix automountlocation-tofiles output - Resolves: rhbz#2020205 - Missing bind-pkcs11-utils causing failures in OpenDNSSec - Resolves: rhbz#2021445 - CVE-2020-25719 ipa: samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets - ipa-kdb: issue PAC_REQUESTER_SID only for TGTs - ipa-kdb: fix requester SID check according to MS-KILE and MS-SFU updates * Tue Oct 05 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.6-9 - Resolves: rhbz#2010701 ipa-server-install fails while 'configuring certificate server instance' - Parse getStatus as JSON not XML - Parse cert chain as JSON not XML - Specify PKI installation log paths - Make Dogtag return XML for ipa cert-find * Fri Sep 17 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.6-8 - Resolves: rhbz#2005864 ipa cert-request replaces user certificate instead of adding - Don't store entries with a usercertificate in the LDAP cache - ipatests: Test that a user can be issued multiple certificates * Fri Sep 10 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.6-7 - Resolves: rhbz#2003005 AVC denied { read } comm="ipa-custodia" on aarch64 during installation of ipa-server - selinux policy: allow custodia to access /proc/cpuinfo - Resolves: rhbz#2003004 extdom: LDAP_INVALID_SYNTAX returned instead of LDAP_NO_SUCH_OBJECT - extdom: return LDAP_NO_SUCH_OBJECT if domains differ - Resolves: rhbz#2003003 subid: subid-match displays the DN of the owner, not its UID. - subid: subid-match: display the owner's ID not DN - Resolves: rhbz#2013116 ipa migrate-ds command fails to warn when compat plugin is enabled - migrate-ds: workaround to detect compat tree * Thu Aug 26 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.6-6 - Resolves: rhbz#1998098 - Backport latest test fixes in python3-ipatests - ipatests: Test unsecure nsupdate. - ipatests: Fix TestAJPSecretUpgrade tests on systems without pkiuser - ipatests: test_ipahealthcheck: Verify permissions for /var/log/ files - ipatests: test to renew certs on replica using ipa-cert-fix - ipatests: wait while http/ldap/pkinit cert get renew on replica - ipatests: refactor test_ipa_cert_fix with tasks - ipatests: use whole date for journalctl --since * Tue Aug 17 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.6-5 - Resolves: rhbz#1988383 Do SRV discovery in ipa-getkeytab if -s and -H aren't provided - ipa-getkeytab: add option to discover servers using DNS SRV - ipa-getkeytab: fix compiler warnings - ipatests: test ipa-getkeytab server option - Resolves: rhbz#1986329 ipa-server install failure without DNS - Fix ldapupdate.get_sub_dict() for missing named user - Resolves: rhbz#1980734 Remove python3-pexpect as dependency for ipatests pkg - freeipa.spec.in: remove python3-pexpect from Requires - Resolves: rhbz#1992538 Backport recent test fixes in python3-ipatests - ipatests: use whole date when calling journalctl --since - ipatests: Fix for test_source_ipahealthcheck_ipa_host_check_ipahostkeytab - ipatests: test_ipahealthcheck: print a message if a system is healthy - ipatests: test_installation: move tracking_reqs dependency to ipalib constants ipaserver: krainstance: utilize moved tracking_reqs dependency - webui tests: close notification when revoking cert - ipatests: Test ipa-cert-fix warns when startup directive is missing from CS.cfg - webui tests: fix algo for finding available idrange - ipatests: smbclient "-k" => "--use-kerberos=desired" - test_acme: refactor with tasks - test_acme: make password renewal more robust - tasks.py: fix flake8-reported issues - ipatests: Test for OTP when the LDAP connection timed out. - ipatests: verify that getcert output includes the issued date - ipatests: Look for warning into stderr instead of stdout - ipatests: use krb5_trace in TestIpaAdTrustInstall - ipatests: Test ldapsearch with base scope works with compat tree. - ipatests: skip test_basesearch_compat_tree on fedora. - ipatests: Refactor test_check_otpd_after_idle_timeout |
