rpms/ipa
7
0
Fork 0
Code Issues Pull Requests Releases Activity
26 Commits 16 Branches 114 Tags 11 MiB
880d21b828
Commit Graph

26 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rafael Guterres Jeffman
880d21b828 Backports for 4.9.13-9 release: 
- Allow the admin user to be disabled
  Resolves: RHEL-34756
- ipa-otptoken-import: open the key file in binary mode
  Resolves: RHEL-39616
- ipa-crlgen-manage: manage the cert status task execution time
  Resolves: RHEL-30280
- idrange-add: add a warning because 389ds restart is required
  Resolves: RHEL-28996
- PKINIT certificate: fix renewal on hidden replica
  Resolves: RHEL-4913, RHEL-45908

Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
 2024-07-17 12:33:21 -03:00
Julien Rische
a74c5fe996 ipa release 4.9.13-11 
- Add missing part of backported CVE-2024-3183 fix
  Resolves: RHEL-29927

Signed-off-by: Julien Rische <jrische@redhat.com>
 2024-06-12 15:33:03 +02:00
Julien Rische
1c57bc6872 ipa release 4.9.13-10 
- kdb: apply combinatorial logic for ticket flags (CVE-2024-3183)
  Resolves: RHEL-29927
- kdb: fix vulnerability in GCD rules handling (CVE-2024-2698)
  Resolves: RHEL-29692

Signed-off-by: Julien Rische <jrische@redhat.com>
 2024-04-30 16:07:32 +02:00
Rafael Guterres Jeffman
7b21739b0c ipa release 4.9.13-9 
- dcerpc: invalidate forest trust intfo cache when filtering out realm domains
  Resolves: RHEL-28559
- Backport latests test fixes in python3-tests
  ipatests: add xfail for autoprivate group test with override
  ipatests: remove xfail thanks to sssd 2.9.4
  ipatests: adapt for new automembership fixup behavior
  ipatests: Fixes for test_ipahealthcheck_ipansschainvalidation testcases
  test_xmlrpc: adopt to automember plugin message changes in 389-ds
  Resolves: RHEL-29908

Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
 2024-04-12 12:30:06 -03:00
Rafael Guterres Jeffman
51eeb76a79 ipa release 4.9.13-8 
- rpcserver: validate Kerberos principal name before running kinit
  Resolves: RHEL-26153
- Vault: add additional fallback to RSA-OAEP wrapping algo
  Resolves: RHEL-28259

Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
 2024-03-07 14:18:08 -03:00
Julien Rische
cab5f5f833 ipa release 4.9.13-7 
- ipa-kdb: Fix double free in ipadb_reinit_mspac()
  Resolves: RHEL-25742
- kra: set RSA-OAEP as default wrapping algo when FIPS is enabled
  Resolves: RHEL-12153
- Vault: improve vault server archival/retrieval calls error handling
  Resolves: RHEL-12153
- Vault: add support for RSA-OAEP wrapping algo
  Resolves: RHEL-12153

Signed-off-by: Julien Rische <jrische@redhat.com>
 2024-02-20 18:40:24 +01:00
Rafael Guterres Jeffman
535e08e118 ipa release 4.9.13-6 
- ipatests: fix tasks.wait_for_replication() method
  Resolves: RHEL-25708

Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
 2024-02-16 11:48:41 -03:00
Julien Rische
8d7c3802f3 ipa release 4.9.13-6 
- ipa-kdb: Rework ipadb_reinit_mspac()
  Resolves: RHEL-25742
- ipatests: wait for replica update in test_dns_locations
  Resolves: RHEL-22373

Signed-off-by: Julien Rische <jrische@redhat.com>
 2024-02-16 10:23:32 +01:00
Rafael Guterres Jeffman
f285979474 ipa-kdb: Fix compilation issues. 
Related: RHEL-22313

Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
 2024-02-13 12:01:16 -03:00
Rafael Guterres Jeffman
4ced5cbefb IPA build for ITM 24 
- kdb: PAC generator: do not fail if canonical principal is missing
  Resolves: RHEL-23630
- ipa-kdb: Fix memory leak during PAC verification
  Resolves: RHEL-22644
- Fix session cookie access
  Resolves: RHEL-23622
- Do not ignore staged users in sidgen plugin\
  Resovlves: RHEL-23626
- ipa-kdb: Disable Bronze-Bit check if PAC not available
  Resolves: RHEL-22313
- krb5kdc: Fix start when pkinit and otp auth type are enabled
  Resolves: RHEL-4874
- hbactest was not collecting or returning messages
  Resolvez: RHEL-12780

Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
 2024-02-12 20:27:29 -03:00
Rafael Guterres Jeffman
3b5629ec63 ipa release 4.9.13-4 
- Improve server affinity for CA-less deployments
  Resolves: RHEL-22283
- host: update system: Manage Host Keytab permission
  Resolves: RHEL-22286
- adtrustinstance: make sure NetBIOS name defaults are set properly
  Resolves: RHEL-21938
- ipatests: Fix healthcheck report when nsslapd accesslog logbuffering is set to off
  Resolves: RHEL-19672

Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
 2024-01-23 18:39:46 -03:00
Julien Rische
a321f34b62 ipa release 4.9.13-3 
- ipa-kdb: Detect and block Bronze-Bit attacks
  Resolves: RHEL-9984
- Fix for CVE-2023-5455
  Resolves: RHEL-12578

Signed-off-by: Julien Rische <jrische@redhat.com>
 2024-01-10 17:35:52 +01:00
Rafael Guterres Jeffman
2005990bae ipa: 
- Remove unused patches.
- Handle new samba exception types.
  Resolves: RHEL-17623
 2023-11-30 13:13:35 -03:00
Rafael Guterres Jeffman
4d6406a1a1 ipa: 
- Rebase to version 4.9.13
  Resolves: RHEL-16936

Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
 2023-11-21 17:12:08 -03:00
Julien Rische
77b1872506 ipa-kdb: Make AD-SIGNEDPATH optional with krb5 DAL 8 and older 
Resolves: RHEL-10495

Signed-off-by: Julien Rische <jrische@redhat.com>
 2023-10-09 11:01:00 +02:00
Rafael Guterres Jeffman
1f0bd468b3 ipa: 
- ipatests: fix test_topology
  Resolves: RHBZ#2232351
- Installer: activate nss and pam services in sssd.conf
  Resolves: RHBZ#2216532

Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
 2023-08-16 15:11:42 -03:00
Rafael Guterres Jeffman
ff08f7c5db ipa release 4.9.12-6 
- ipa-kdb: fix error handling of is_master_host()
  Resolves: RHBZ#2214638
- ipatests: enable firewall rule for http service on acme client
  Resolves: RHBZ#2230256
- User plugin: improve error related to non existing idp
  Resolves: RHBZ#2224572
- Prevent admin user from being deleted
  Resolves: RHBZ#1821181
- Fix memory leak in the OTP last token plugin
  Resolves: RHBZ#2227783
 2023-08-09 15:15:08 -03:00
Rafael Guterres Jeffman
046e99f183 Fix patch 0004 with correct data. 
Related: RHBZ#2216551

Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
 2023-07-17 14:41:52 -03:00
Rafael Guterres Jeffman
9570499a0c ipa release 4.9.12-4 
- kdb: Use-krb5_pac_full_sign_compat() when available
  Resolves: RHBZ#2176406
- OTP: fix-data-type-to-avoid-endianness-issue
  Resolves: RHBZ#2218293
- Upgrade: fix replica agreement
  Resolves: RHBZ#2216551
- Upgrade: add PKI drop-in file if missing
  Resolves: RHBZ#2215336
- Use the python-cryptography parser directly in cert-find
  Resolves: RHBZ#2164349
- Backport test updates
  Resolves: RHBZ#221884

Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
 2023-06-30 21:03:35 -03:00
Julien Rische
0d91a32452 Rely on sssd-krb5 to include SSSD-generated krb5 configuration 
Resolves: RHBZ#2214563
Signed-off-by: Julien Rische <jrische@redhat.com>
 2023-06-21 16:01:26 +02:00
Rafael Guterres Jeffman
a7cb26cedd ipa: 
- Use the OpenSSL certificate parser in cert-find.
    Resolves: RHBZ#2209947
 2023-05-25 11:48:26 -03:00
Rafael Guterres Jeffman
2d7a6e674e First build for RHEL 8.9 
- Rebase ipa to 4.9.12
  Resolves: RHBZ#2196425
- user or group name: explain the supported format
  Resolves: RHBZ#2150217

Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
 2023-05-24 12:36:12 -03:00
James Antill
4471000467 Import rpm: a249616514dc5d61acb879b22759acf8a0fb5963 2023-02-23 20:03:34 -05:00
James Antill
a3a1bed87f Import rpm: a249616514dc5d61acb879b22759acf8a0fb5963 2023-02-23 12:41:36 -05:00
James Antill
fe3a12eb3a Convert from sha1 to sha512. 2022-08-31 15:27:01 -04:00
James Antill
8de80a61d3 Import rpm: a249616514dc5d61acb879b22759acf8a0fb5963 2022-08-08 12:29:10 -04:00