Changelog for
freeipa-common-4.12.1+git0.1664042f-15.38.x86_64.rpm :
* Sat Aug 10 2024 obs-service-tar-scmAATTinvalid- Update to version 4.12.1+git0.1664042f:
* Become IPA 4.12.1
* kdb: apply combinatorial logic for ticket flags
* kdb: fix vulnerability in GCD rules handling
* Become IPA 4.12.0
* Update list of contributors
* Update translations to FreeIPA master state
* ipa-replica-manage list-ruvs: display FQDN in the output
* console: for public errors only print a final one
* custodia: do not use deprecated jwcrypto wrappers
* frontend: add systemd journal audit of executed API commands
* Sat Jun 01 2024 mhurronAATTsaminds.com- Update to version 4.12.0+git0.407408e9:
* Become IPA 4.12.0
* Update list of contributors
* Update translations to FreeIPA master state
* ipa-replica-manage list-ruvs: display FQDN in the output
* console: for public errors only print a final one
* custodia: do not use deprecated jwcrypto wrappers
* frontend: add systemd journal audit of executed API commands
* ipalib/rpc: Reformat after moving json code around
* ipalib: move json formatter to a separate file
* batch: add keeponly option
* Tue Mar 26 2024 mhurronAATTsaminds.com- Update to version 4.11.1+git0.e18ac353:
* Become IPA 4.11.1
* Integration tests for verifying Referer header in the UI
* Check the HTTP Referer header on all requests
* Become IPA 4.11.0
* Update contributors list
* Update translations to FreeIPA ipa-4-11 state
* Covscan issues: deadcode and Use after free
* Add context manager to ipalib.API
* Use datetime.timezone.utc instead of newer datetime.UTC alias
* Workshop: fix broken Sphinx cross-references.
* Thu Aug 10 2023 malcolmlewisAATTopensuse.org- Update to version 4.10.2+git33.ff6cfcac:
* ipatests: remove fixture call and wait to get things settle.
* ipatests: update expected webui msg for admin deletion.
* ipa-kdb: fix error handling of is_master_host().
* Prevent the admin user from being deleted.
* idp: when adding an IdP allow to override IdP options.
* Fix memory leak in the OTP last token plugin.
* ipatests: update expected cksum for epn.conf.
* component: mail_from_realname config setting added to IPA-EPN.
* selinux: Update SELinux policy.
* xmlrpc tests: add a test for user plugin with non-existing idp.
* Sun Feb 05 2023 ecsosAATTopensuse.org- Update to version 4.10.1+git69.d24b6998:
* tests: add wrapper around ACME RSNv3 test
* ipatests: fix (prci_checker) duplicated check & error return code
* automember-rebuild: add a notice about high CPU usage
* doc: add the --run command for manual job execution
* ipa-acme-manage: add certificate/request pruning management
* tests: Configure DNSResolver as platform agnostic resolver
* tests: Add new ipa-ca error messages to IPADNSSystemRecordsCheck
* tests: Add ipa_ca_name checking to DNS system records
* spec: Drop no longer used build dependency on paste
* ipatests: healthcheck: Handle missing fips-mode-setup
* doc: Design for certificate pruning
* trust-add: handle missing msSFU30MaxGidNumber
* Spec file: use %autosetup instead of %setup
* Spec file: unify with RHEL9 spec
* API doc: validate generated reference
* ipa tests: Add LANG before kinit command to fix issue with locale settings
* Installer: create RID base before domain object
* Tests: force key type in ACME tests
* server install: remove error log about missing bkup file
* ipatests: mark test_smb as xfail
* pylint: Replace deprecated cgi module
* pylint: Fix useless-object-inheritance
* pylint: Fix unhashable-member
* pylint: Fix unnecessary-lambda-assignment
* pylint: Fix modified-iterating-list
* pylint: Fix used-before-assignment
* pylint: Replace deprecated pipes
* pylint: Fix cyclic-import
* pylint: Replace deprecated extension-pkg-whitelist
* pylint: More allowed C extensions
* pylint: Lint in single process mode
* pylint: disable deprecated-module message
* pylint: fix comparison-of-constants
* pylint: disable comparison-of-constants
* pylint: fix consider-iterating-dictionary
* pylint: globally disable useless-object-inheritance
* pylint: disable unhashable-member
* pylint: disable invalid-sequence-index
* pylint: fix deprecated-class SafeConfigParser
* pylint: fix duplicate-value
* pylint: fix implicit-str-concat
* pylint: disable missing-timeout message
* pylint: globally disable unnecessary-lambda-assignment message
* pylint: disable unnecessary-dunder-call message
* pylint: disable using-constant-test
* pylint: remove arguments-renamed warnings
* pylint: disable modified-iterating-list
* pylint: replace deprecated distutils module
* pylint: disable used-before-assignment
* pylint: disable redefined-slots-in-subclass
* pylint: remove useless suppression
* pylint: remove unneeded disable=unused-private-member
* azure tests: move to fedora 37
* ipatests: update the xfail annotation for test_number_of_zones
* Spec file: bump krb5_kdb_version on rawhide
* FIPS setup: fix typo filtering camellia encryption
* cert utilities: MAC verification is incompatible with FIPS mode
* ipatests: update the fake fips mode expected message
* Fixes: ipa-otpdAATT.service: deprecated syslog setting
* ipatests: xfail on all fedora for test_ipa_login_with_sso_user
* Spec file: ipa-client depends on krb5-pkinit-openssl
* API doc: add basic user management guide
* ipa-certupdate: Update client certs before KDC/HTTPd restart
* webui tests: fix assertion in test_subid.py
* PRCI: update memory reqs for each topology
* updates: fix memberManager ACI to allow managers from a specified group
* API reference: update dnszone_add generated doc
* API reference: update vault doc
* Back to git snapshots
* Become IPA 4.10.1
* Update translations to FreeIPA ipa-4-10 state
* Generate CNAMEs for TXT+URI location krb records
* ipatests: update vagrant boxes
* ipatests: remove xfail for tests using sssctl domain-status
* spec file: bump sssd version
* Vault: fix interoperability issues with older RHEL systems
* ipatests: re-enable dnssec tests
* Spec file: bump bind version on f37+
* doc: Design for HSM support
* Support tokens and optional password files when opening an NSS db
* docs: add security section to idp
* Add basic API usage guide
* doc: generate API Reference
* Pass the curl write callback by name instead of address
* Add PKINIT support to ipa-client-install
* webui: Add name to \'Certificates\' table
* ipatests: Test newly added certificate lable
* webui: Add label name to \'Certificates\' section
* ipa-kdb: for delegation check, use different error codes before and after krb5 1.20
* ipatests: Add test for grace login limit
* ipatests: test for root using admin password in webUI
* Explicitly use legacy ID generators by default
* ipatests: xfail test_ipa_login_with_sso_user
* ipa-kdb: fix comment to make sure we talk about krb5 1.20 or later
* ipa-kdb: fix PAC requester check
* ipa-kdb: handle empty S4U proxy in allowed_to_delegate
* ipa-kdb: handle cross-realm TGT entries when generating PAC
* ipa-kdb: add krb5 1.20 support
* ipa-kdb: refactor MS-PAC processing to prepare for krb5 1.20
* Spec file: bump the selinux-policy version
* ipatests: add keycloak user login to ipa test
* webui tests: fix test_subid suite
* ipatests : Test query to AD specific attributes is successful.
* Exclude installed policy module file from RPM verification
* With the commit #99a74d7, 389-ds changed the message returned in ipa-healthcheck.
* fix: Handle /proc/1/sched missing error
* ipaclient: do not set TLS CA options in ldap.conf anymore
* ipa-kdb: do not fail if certmap rule cannot be added
* ipapython: Support openldap 2.6
* extdom: avoid sss_nss_getorigby
*() calls when get
*_r_wrapper() returns object from a wrong domain (performance optimization)
* extdom: make sure result doesn\'t miss domain part
* extdom: internal functions should be static
* ipatests: mark xfail tests using dnssec
* ipatests: mark xfail tests using sssctl domain-status
* Tests: test on f37 and f36
* Remove empty translation for \'si\' which breaks linter
* Translated using Weblate (Korean)
* Translated using Weblate (Korean)
* Translated using Weblate (Korean)
* Added translation using Weblate (Korean)
* Translated using Weblate (Georgian)
* Translated using Weblate (Georgian)
* Translated using Weblate (Georgian)
* Translated using Weblate (Finnish)
* Translated using Weblate (Ukrainian)
* Update translation files
* Added translation using Weblate (Georgian)
* Translated using Weblate (Finnish)
* Translated using Weblate (Ukrainian)
* Update translation files
* Translated using Weblate (Finnish)
* Translated using Weblate (Finnish)
* Translated using Weblate (Finnish)
* Translated using Weblate (Polish)
* Translated using Weblate (Finnish)
* Translated using Weblate (Finnish)
* Translated using Weblate (Indonesian)
* Translated using Weblate (Finnish)
* Translated using Weblate (Ukrainian)
* Update translation files
* Translated using Weblate (Finnish)
* Translated using Weblate (Finnish)
* Translated using Weblate (Finnish)
* Translated using Weblate (Finnish)
* Translated using Weblate (Polish)
* Translated using Weblate (Finnish)
* Translated using Weblate (Finnish)
* Translated using Weblate (Finnish)
* Translated using Weblate (Finnish)
* Translated using Weblate (Ukrainian)
* Translated using Weblate (Ukrainian)
* Translated using Weblate (Ukrainian)
* Update translation files
* Translated using Weblate (Finnish)
* Update translation files
* ipa man page: format the EXAMPLES section
* Update API and VERSION
* webui: Set \'SOA serial\' field as read-only
* ipatest: Remove warning message for \'idnssoaserial\'
* Set \'idnssoaserial\' to deprecated
* Move client certificate request after krb5.conf is created
* ipatests: add negative test for otptoken-sync
* ipa otptoken-sync: return error when sync fails
* Defer creating the final krb5.conf on clients
* ipatests: add prci definitions for test_sso jobs
* ipatests: add Keycloak Bridge test
* webui: Show \'Sudo order\' column
* ipa-cacert-manage prune: remove all expired certs
* Fix upper bound of password policy grace limit
* x509: Replace removed register_interface with subclassing
* Set pkeys in test_selinuxusermap.py::test_misc::delete_record
* fix canonicalization issue in Web UI
* Fix ipa-ccache-sweeper activation timer and clean up service file
* ipa-otpd: initialize local pointers and handle gcc 10
* Remove pki_restart_configured_instance
* ipatests: Rename create_quarkus to create_keycloak
* Set default on group pwpolicy with no grace limit in upgrade
* Set default gracelimit on group password policies to -1
* doc: Update LDAP grace period design with default values
* gitignore: add install/oddjob/org.freeipa.server.config-enable-sid
* ipatests: Fix expected object classes
* DNSResolver: Fix use of nameservers with ports
* upgrades: Don\'t restart the CA on ACME and profile schema change
* check_repl_update: in progress is a boolean
* Additional tests for RSN v3
* webui: Allow grace login limit
* ipatests: ipa-client-install --subid adds entry in nsswitch.conf
* azure tests: disable TestInstallDNSSECFirst
* ipatest: fix prci checker target masked return code & add pylint
* ipatests: WebUI: do not allow subid range deletion
* Disabling gracelimit does not prevent LDAP binds
* ipatests: healthcheck: test if system is FIPS enabled
* ap: Constrain supported docutils
* ap: Rearrange overloaded jobs
* ap: Disable azure\'s security daemon
* ap: Raise dbus timeout
* Warn for permissions with read/write/search/compare and no attrs
* ipatests: Checker script for prci definitions
* Nightly tests: fix template for nightly_ipa-4-10_latest.yaml
* webui: Do not allow empty pagination size
* Only calculate LDAP password grace when the password is expired
* Added a check while removing \'cert_dir\'. The teardown method is called even if all the tests are skipped since the required PKI version is not present. The teardown is trying to remove a non-existent directory.
* install: suggest --skip-mem-check when mem check fails
* man: add --skip-mem-check to man pages
* ipatests: add nightly definitions for ipa-4-10 branch
* Back to git snapshots
* Sun Feb 05 2023 ecsosAATTopensuse.org- Update to version 4.10.0+git0.082ec006:
* Become IPA 4.10.0
* Update FreeIPA translations to FreeIPA master state
* Fix test_secure_ajp_connector.py failing with Python 3.6.8
* Add missing parameter to Suse modify_nsswitch_pam_stack
* ipatests: Fix install_master for test_idp.py
* ipaplatform/debian: Drop the path for ldap.so
* ipaplatform/debian: Use multiarch path for libsofthsm2.so
* ipatests: Healthcheck use subject base from IPA not REALM
* Add end to end integration tests for external IdP
* ipatests: update prci definitions for test_idp.py
* Sun Feb 05 2023 ecsosAATTopensuse.org- Update to version 4.9.11+git26.398e0918:
* ipatests: fix (prci_checker) duplicated check & error return code
* automember-rebuild: add a notice about high CPU usage
* With the commit #99a74d7, 389-ds changed the message returned in ipa-healthcheck.
* tests: Configure DNSResolver as platform agnostic resolver
* tests: Add new ipa-ca error messages to IPADNSSystemRecordsCheck
* tests: Add ipa_ca_name checking to DNS system records
* spec: Drop no longer used build dependency on paste
* ipatests: healthcheck: Handle missing fips-mode-setup
* trust-add: handle missing msSFU30MaxGidNumber
* API doc: validate generated reference
* Fri Jun 24 2022 Matthew Davis
- Update to version 4.9.10+git12:
* Removed local patch for missing parameter in module.
* Resolved rpmlint issue missing systemd scripts
* Resolved rpmlint issues of config files outside of /etc or /var
* Resolved rpmlint issue of missing rcipa-epd symlink
* Resovled rpmlint issue of too many duplicate files
* Resolved rpmlint issue of none standard group apache
* Added rpmlintrc to resolve remaining rpmlint issues.
* Updated Groups: in subpackages to be more accurate.
* Enforce setting reported version number based on GIT tag
* Thu Jun 16 2022 opensuseAATTvirtual.drop.net- Update to version 4.9.10+git1.3e90842b3:
* Back to git snapshots
* Become IPA 4.9.10
* Update list of contributors
* Update translations to FreeIPA ipa-4-9 state
* Create missing SSSD_PUBCONF_KRB5_INCLUDE_D_DIR
* ipatests: xfail for test_ipahealthcheck_hidden_replica to respect pki version
* Suse compatibility fix
* idviews: use cached ipaOriginalUid value when resolving ID override anchor
* Add switch for LDAP cache debug output
* Remove extraneous AJP secret from server.xml on upgrades
* Tue Sep 21 2021 david.mulderAATTsuse.com- krb5-client_paths.patch: Fix krb5-client paths in Tumbleweed and Leap > 15.4.- Add client dependencies krb5-client and python3-augeas.
* Mon Sep 20 2021 david.mulderAATTsuse.com- Update to version 4.9.7+git28.865886401:
* ipatests: Test that a user can be issued multiple certificates
* Don\'t store entries with a usercertificate in the LDAP cache
* ipatests: Log debug messages for locator plugin
* krb5: Pin kpasswd server to a primary one
* azure: Ignore tar errors
* ipatests: fix expected msg in tasks.run_ssh_cmd
* docs: Make use of `text` highlighting
* ipatests: fix logic waiting for repl in TestIPACommand
* migrate-ds: workaround to detect compat tree
* ipatests: rpcclient now uses --use-kerberos=desired