Commit Graph

20 Commits

Author SHA1 Message Date
Rafael Guterres Jeffman
69bac50266 ipa release 4.9.13-8
- rpcserver: validate Kerberos principal name before running kinit
  Resolves: RHEL-26153
- Vault: add additional fallback to RSA-OAEP wrapping algo
  Resolves: RHEL-28259

Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
2024-03-07 15:51:18 -03:00
Julien Rische
0322b80414 ipa release 4.9.13-7
- ipa-kdb: Fix double free in ipadb_reinit_mspac()
  Resolves: RHEL-25742
- kra: set RSA-OAEP as default wrapping algo when FIPS is enabled
  Resolves: RHEL-12153
- Vault: improve vault server archival/retrieval calls error handling
  Resolves: RHEL-12153
- Vault: add support for RSA-OAEP wrapping algo
  Resolves: RHEL-12153

Signed-off-by: Julien Rische <jrische@redhat.com>
2024-02-20 18:52:35 +01:00
Rafael Guterres Jeffman
a3e06a2ff6 ipa release 4.9.13-6
- ipatests: fix tasks.wait_for_replication() method
  Resolves: RHEL-25708
- ipa-kdb: Rework ipadb_reinit_mspac()
  Resolves: RHEL-25742
- ipatests: wait for replica update in test_dns_locations
  Resolves: RHEL-22373

Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
2024-02-16 14:30:21 -03:00
Rafael Guterres Jeffman
7027b51fb2 Pick-up build fixes for IPA.
Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
2024-02-13 12:32:42 -03:00
Rafael Guterres Jeffman
092d838da3 ipa release 4.9.13-5
- kdb: PAC generator: do not fail if canonical principal is missing
  Resolves: RHEL-23630
- ipa-kdb: Fix memory leak during PAC verification
  Resolves: RHEL-22644
- Fix session cookie access
  Resolves: RHEL-23622
- Do not ignore staged users in sidgen plugin\
  Resovlves: RHEL-23626
- ipa-kdb: Disable Bronze-Bit check if PAC not available
  Resolves: RHEL-22313
- krb5kdc: Fix start when pkinit and otp auth type are enabled
  Resolves: RHEL-4874
- hbactest was not collecting or returning messages
  Resolves: RHEL-12780

Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
2024-02-12 21:00:21 -03:00
Rafael Guterres Jeffman
8796589341 ipa release 4.9.13-4
- Improve server affinity for CA-less deployments
  Resolves: RHEL-22283
- host: update system: Manage Host Keytab permission
  Resolves: RHEL-22286
- adtrustinstance: make sure NetBIOS name defaults are set properly
  Resolves: RHEL-21938
- ipatests: Fix healthcheck report when nsslapd accesslog logbuffering is set to off
  Resolves: RHEL-19672

Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
2024-01-23 19:39:08 -03:00
Julien Rische
63f485919a ipa release 4.9.13-3
- ipa-kdb: Detect and block Bronze-Bit attacks
  Resolves: RHEL-9984
- Fix for CVE-2023-5455
  Resolves: RHEL-12578

Signed-off-by: Julien Rische <jrische@redhat.com>
2024-01-11 18:59:09 +01:00
Rafael Guterres Jeffman
4275b80109 ipa:
- Remove unused patches.
- Handle new samba exception types.
  Resolves: RHEL-17623
2023-11-30 13:28:27 -03:00
Rafael Guterres Jeffman
5ecaff0564 Rebuild due to MBS outage. 2023-11-22 09:11:21 -03:00
Rafael Guterres Jeffman
65401cfade ipa:
- Rebase to version 4.9.13
  Resolves: RHEL-16936

Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
2023-11-21 17:26:56 -03:00
Adam Samalik
64aaf7f1cd branching - update refs 2023-09-04 10:47:37 +02:00
Rafael Guterres Jeffman
2360d692bb ipa:
- ipatests: fix test_topology
  Resolves: RHBZ#2232351
- Installer: activate nss and pam services in sssd.conf
  Resolves: RHBZ#2216532

Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
2023-08-16 15:23:23 -03:00
Rafael Guterres Jeffman
acec914b2b ipa:
- ipa-kdb: fix error handling of is_master_host()
      Resolves: RHBZ#2214638
    - ipatests: enable firewall rule for http service on acme client
      Resolves: RHBZ#2230256
    - User plugin: improve error related to non existing idp
      Resolves: RHBZ#2224572
    - Prevent admin user from being deleted
      Resolves: RHBZ#1821181
    - Fix memory leak in the OTP last token plugin
      Resolves: RHBZ#2227783

ipa-healthcheck:

    - Error in DogtagCertsConnectivityCheckCA with external CA
      Resolves: #2223942

Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
2023-08-09 15:42:01 -03:00
Rafael Guterres Jeffman
bc033be7f4 Fix patch 0004 with correct data.
Related: RHBZ#2216551

Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
2023-07-17 15:02:28 -03:00
Rafael Guterres Jeffman
f908a4f6a2 ipa release 4.9.12-4
- kdb: Use-krb5_pac_full_sign_compat() when available
  Resolves: RHBZ#2176406
- OTP: fix-data-type-to-avoid-endianness-issue
  Resolves: RHBZ#2218293
- Upgrade: fix replica agreement
  Resolves: RHBZ#2216551
- Upgrade: add PKI drop-in file if missing
  Resolves: RHBZ#2215336
- Use the python-cryptography parser directly in cert-find
  Resolves: RHBZ#2164349
- Backport test updates
  Resolves: RHBZ#221884

Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
2023-06-30 22:36:19 -03:00
Rafael Guterres Jeffman
5c150f7be2 Don't use 'warn: false' parameter with Ansible shell builtin.
The 'warn' parameter of Ansible 'shell' and 'command' builtin plugins
was deprecated in Ansible 2.11 and removed in Ansible 2.14. This patch
fixes 'baseos-ci.redhat-module.tier0.functional' tests that were failing
due to the use of the parameter on newer versions of Ansible.
2023-06-20 10:32:01 -03:00
Rafael Guterres Jeffman
90588adfcf ipa:
- Use the OpenSSL certificate parser in cert-find.
    Resolves: RHBZ#2209947

Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
2023-05-25 14:19:40 -03:00
Rafael Guterres Jeffman
446c248859 ipa:
- Rebase ipa to 4.9.12
  Resolves: RHBZ#2196425
- user or group name: explain the supported format
  Resolves: RHBZ#2150217

Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
2023-05-24 15:20:33 -03:00
Adam Samalik
48adc0dfcc update refs 2023-02-23 11:47:58 +00:00
Adam Samalik
ab4fe72e38 update modulemd etc 2023-02-23 11:47:58 +00:00