Troy Dawson
605fed4ed0
Bump release for June 2024 mass rebuild
2024-06-24 08:51:28 -07:00
Julien Rische
38e4126e68
ipa-4.12.1-1
...
- CVE-2024-3183 freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force
Resolves: RHEL-32233
- CVE-2024-2698 freeipa: delegation rules allow a proxy service to impersonate any user to access another target service
Resolves: RHEL-40881
Signed-off-by: Julien Rische <jrische@redhat.com>
2024-06-12 17:57:09 +02:00
Florence Blanc-Renaud
90dae868c3
ipa-4.12.0-1
...
- Resolves: RHEL-39144 Rebase ipa to the latest 4.12 version for RHEL 10
- Resolves: RHEL-30537 ipa: freeipa: argument injection into the username field of the /ipa/session/login_password requests
2024-06-04 19:55:30 +02:00
Troy Dawson
123abb92ab
Bump release to rebuild on correct samba
...
Signed-off-by: Troy Dawson <tdawson@redhat.com>
2024-02-22 10:58:02 -08:00
Alexander Bokovoy
d41e5ca07b
Support 389-ds with lmdb backend
...
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2024-02-08 18:24:08 +02:00
Alexander Bokovoy
f407801376
Detect samba private libraries
...
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2024-01-30 20:11:07 +02:00
Alexander Bokovoy
7365e8a23f
More backports
...
remove CA affinity patch, not ready for backport yet.
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2024-01-30 18:09:49 +02:00
Alexander Bokovoy
f19c883a04
Rebuild against Samba 4.20rc1
...
Add upstream fixes
- Fix memory leak in Kerberos KDC driver
- Fix possible crash in IPA command line tool when accessing Kerberos credentials
- Compatibility fix for Python Cryptography 42.0.0
- Fix CA affinity when installing replica
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2024-01-30 17:40:53 +02:00
Fedora Release Engineering
dc24d637fb
Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
2024-01-24 12:01:16 +00:00
Fedora Release Engineering
9d0ac5b4ee
Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
2024-01-19 19:46:15 +00:00
Alexander Bokovoy
297837b973
FreeIPA security release for CVE-2023-5455
...
Release notes:
https://www.freeipa.org/release-notes/4-11-1.html
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2024-01-10 14:23:42 +02:00
Alexander Bokovoy
cbef046169
Backport various fixes found by RHEL and upstream tests
...
- timezone shift in handling certificates (due to py3.12 adaptation)
- 'reason' vs 'Reason' in PKI revocation JSON API response
- allow removal of minlength attribute from a custom password policy
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2023-11-08 11:50:46 +02:00
Alexander Bokovoy
eb660edcd1
Adopt to Samba changes in malformed SID processing
...
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2023-10-23 18:16:23 +03:00
Alexander Bokovoy
f81c02d7c7
FreeIPA 4.11.0 release
...
Update Fedora part of the spec file as we don't support building 4.11+
for versions below Fedora 39.
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2023-10-03 16:11:28 +03:00
Alexander Bokovoy
f3e42960a7
Depend on selinux-policy-38.28-1
...
- Depend on selinux-policy-38.28-1.fc39
- Add SELinux policy for passkey_child to be used without ipa-otpd
- Related: rhbz#2238474
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2023-09-18 15:31:55 +03:00
Alexander Bokovoy
2aa5a94633
Restore SELinux context during IPA client uninstallation
...
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2023-09-12 20:07:54 +03:00
Alexander Bokovoy
f52df9fbd5
Configure SSSD to access USB devices when enrolling IPA client
...
Resolves: rhbz#2238474
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2023-09-12 08:47:02 +03:00
Alexander Bokovoy
f4aadac5c3
Update to FreeIPA 4.11.0-beta1
...
Sync spec file to the upstream's template
2023-08-21 18:56:10 +03:00
Fedora Release Engineering
685d576312
Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2023-07-19 20:13:36 +00:00
Miro Hrončok
4ca56b848a
Use ssl.match_hostname from urllib3 as it was removed from Python 3.12
2023-07-05 08:53:26 +02:00
Python Maint
bdbff27a6d
Rebuilt for Python 3.12
2023-06-27 12:03:21 +02:00
Alexander Bokovoy
e2e40e4ca3
Upstream release 4.10.2
...
Synchronize patches with CentOS 9 Stream
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2023-06-13 14:46:27 +03:00
Alexander Bokovoy
4d4375dd2d
Support python-cryptography 40.0
...
Use upstream fixes from https://pagure.io/freeipa/issue/9355
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2023-05-15 15:01:10 +03:00
Jerry James
c9357e5423
Change fontawesome-fonts R to match fontawesome 4.x
2023-03-30 10:40:45 -06:00
Rafael Guterres Jeffman
2c8ae7cea5
Migrated to SPDX license.
...
Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
2023-02-28 22:33:24 -03:00
Yaakov Selkowitz
61685c38bd
Update RHEL requirement versions
2023-02-01 10:32:13 -05:00
Alexander Bokovoy
796470e053
Rebuild against samba 4.18.0RC1
...
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2023-01-20 15:14:23 +02:00
Fedora Release Engineering
8ab874381a
Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2023-01-19 03:52:45 +00:00
Alexander Bokovoy
9ab0396eec
Rebuild against krb5 1.20.1
...
ABI change brings KDB version 9.0
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2022-12-01 17:42:46 +02:00
Alexander Bokovoy
bb102603da
FreeIPA upstream release 4.10.1
...
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2022-11-27 08:20:59 +02:00
Alexander Bokovoy
a8a38b93f4
Rebuild against final samba 4.17 version
...
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2022-09-14 12:55:28 +03:00
Adam Williamson
e554452b70
Rebuild against new samba-client-libs (for F37)
...
This is not actually needed on Rawhide, but I'm doing the rebuild
on both branches so Rawhide stays 'ahead' of F37 and the repos
stay in sync.
2022-08-24 11:30:05 -07:00
Thomas Woerner
7ca049e5b2
- Set passwordgracelimit to match global policy on group pw policies
...
- Fix dns resolver for nameservers with ports
- webui: Allow grace login limit
- Disabling gracelimit does not prevent LDAP binds
2022-08-24 14:08:02 +02:00
Adam Williamson
4c13a8ea64
Rebuild against new libndr
2022-08-09 09:50:09 -07:00
Alexander Bokovoy
cc272c95c6
Rebuild against samba 4.16.3-2.fc37
...
Resolves: rhbz#2110746
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2022-07-26 12:30:18 +03:00
Fedora Release Engineering
2cec094c03
Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-07-21 03:36:30 +00:00
Rob Crittenden
e304b9f95e
freeIPA 4.10.0 upstream release
...
Release notes: https://www.freeipa.org/page/Releases/4.10.0
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
2022-06-30 11:28:59 -04:00
Python Maint
6d962d6a46
Rebuilt for Python 3.11
2022-06-16 13:34:41 +02:00
Alexander Bokovoy
5a94ba182b
FreeIPA 4.9.10 upstream release
...
Release notes: https://www.freeipa.org/page/Releases/4.9.10
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2022-06-16 09:36:48 +03:00
Alexander Bokovoy
f720512e6b
Update dependencies given F34 retire
...
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2022-06-16 09:19:58 +03:00
Python Maint
a29398a07b
Rebuilt for Python 3.11
2022-06-15 19:09:59 +02:00
Alexander Bokovoy
f256fb899c
FreeIPA 4.9.9
...
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2022-04-27 17:53:56 +03:00
Alexander Bokovoy
95b29321ec
Use -H option for OpenLDAP client tools as -h and -p are deprecated now
...
Resolves: rhbz#2050921
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2022-02-07 13:08:53 +02:00
Fedora Release Engineering
de337079bd
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-01-20 03:24:33 +00:00
Alexander Bokovoy
81d6866ce9
Make possible to compile FreeIPA against OpenLDAP 2.6
...
Resolves: rhbz#2032701
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2022-01-12 09:15:09 +02:00
Alexander Bokovoy
e500f868ac
FreeIPA 4.9.8 upstream release
...
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-11-26 09:44:16 +02:00
Alexander Bokovoy
a60b978d36
Harden PAC processing -- trusted domains
...
Handle SIDs of the trusted domains during S4U extensions
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-11-11 20:32:05 +02:00
Alexander Bokovoy
ec142de931
Hardening for CVE-2020-25717
...
Generate SIDs for IPA users and groups by default
Verify MS-PAC consistency when it is generated or validated
Rebuild against samba-4.15.2
Resolves: rhbz#2021720
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-11-10 19:12:36 +02:00
Rob Crittenden
b0ff11761b
Make Dogtag return XML for ipa cert-find
...
Backport upstream patch from https://pagure.io/freeipa/issue/8980
Resolves : #2014658
2021-10-15 14:51:39 -04:00
Sahana Prasad
e1ba897218
Rebuilt with OpenSSL 3.0.0
2021-09-14 19:02:06 +02:00