- Resolves: RHEL-120956
Rebase ipa to latest 4.13.x version for RHEL 10.2
- Resolves: RHEL-90121
Add modern WebUI as submodule and enable routing in Apache
- Resolves: RHEL-132337
Include latest fixes in python3-ipatests package
- Resolves: RHEL-129965
Fix ipatests for kdcproxy after CVE-2025-59088 fix
- Resolves: RHEL-129547
Switch IPA to use the PKI python API directly rather than RPC calls
- Resolves: RHEL-133342
After upgrade from 9.7 to 9.8 ipactl restart fails to restart winbind service
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
- CVE-2024-3183 freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force
Resolves: RHEL-32233
- CVE-2024-2698 freeipa: delegation rules allow a proxy service to impersonate any user to access another target service
Resolves: RHEL-40881
Signed-off-by: Julien Rische <jrische@redhat.com>
- Resolves: RHEL-39144 Rebase ipa to the latest 4.12 version for RHEL 10
- Resolves: RHEL-30537 ipa: freeipa: argument injection into the username field of the /ipa/session/login_password requests
Update Fedora part of the spec file as we don't support building 4.11+
for versions below Fedora 39.
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
- Replace %%{_libdir} macro in BuildRequires (#1746882)
- Restore user-nsswitch.conf before calling authselect (#1746557)
- ipa service-find does not list cifs service created by
ipa-client-samba (#1731433)
- Occasional 'whoami.data is undefined' error in FreeIPA web UI
(#1699109)
- ipa-kra-install fails due to fs.protected_regular=1 (#1698384)
- New BuildRequires for nodejs and uglify-js
- New Requires for 389-ds-base-legacy-tools in server (RHBZ#1606541)
- Do not build python2-ipaserver and python2-ipatests for Fedora 29 and up
- Do not build any python2 packages for Fedora 30
- Added ipatest man pages to python3-ipatests packages also
- Added ipatest bindir links to python3-ipatests for Fedora up to 28
- Dropped explicit copy of freeipa.template, install is doing this now
- Added upstream fix: (f3faecb) Fix $-style format string in ipa_ldap_init
- Added upstream fix: (4b592fe,1a7baa2) Added reason to raise of errors.NotFound
- Fixes#1491053 Firefox reports insecure TLS configuration when visiting
FreeIPA web UI after standard server deployment
Signed-off-by: Tomas Krizek <tkrizek@redhat.com>
