Проект ipa-4.12.2-1.el9_5.4 content_copy

×

* Thu Jan 23 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-1.4
- Resolves: RHEL-76011 kinit with external idp user is failing

* Tue Dec 17 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-1.3
- Resolves: RHEL-69928 add support for python cryptography 44.0.0
- Resolves: RHEL-70258 Upgrade to ipa-server-4.12.2-1.el9 OTP-based bind to LDAP without enforceldapotp is broken
- Resolves: RHEL-70482 ipa-server-upgrade fails after established trust with ad
- Resolves: RHEL-67192 CVE-2024-11029 ipa: Administrative user data leaked through systemd journal

* Wed Nov 27 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-1.2
- Resolves: RHEL-69294 add a tool to quickly detect and fix issues with IPA ID ranges

* Fri Nov 08 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-1.1
- Resolves: RHEL-66173 Last expired OTP token would be considered as still assigned to the user

* Wed Aug 21 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-1
- Resolves: RHEL-54546 Covscan issues: Resource Leak
- Resolves: RHEL-49602 misleading warning for missing ipa-selinux-nfast package on luna hsm h/w
- Resolves: RHEL-40359 With unreachable AD, ipa trust returns an internal error

* Thu Aug 08 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.0-7
- Resolves: RHEL-53500 adtrustinstance only prints issues in check_inst() and does not log them
- Resolves: RHEL-52306 Unconditionally add MS-PAC to global config
- Resolves: RHEL-52300 RFE - Keep the configured value for the "nsslapd-ignore-time-skew" after a "force-sync"
- Resolves: RHEL-52222 ipa-replica/server-install with softhsm needs to check permission/ownership of /var/lib/softhsm/tokens to avoid install failure
- Resolves: RHEL-51944 Include latest fixes in python3-ipatests packages
- Resolves: RHEL-50804 ipa-migrate -Z with invalid cert options fails with 'ValueError: option error'
- Resolves: RHEL-49602 misleading warning for missing ipa-selinux-nfast package on luna hsm h/w
- Resolves: RHEL-27856 'Unable to log in as uid=admin-replica.testrealm.test,ou=people,o=ipaca' during replica install

* Thu Jul 18 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.0-6
- Resolves: RHEL-47292 Include latest fixes in python3-ipatests packages
- Resolves: RHEL-47146 Syntax error uninstalling the selinux-luna subpackage
- Resolves: RHEL-46009 ipa-migrate with -Z option fails with ValueError: option error
- Resolves: RHEL-46003 ipa-migrate -V options fails to display version
- Resolves: RHEL-45463 ipa-migrate stage-mode is failing with error: Modifying a mapped attribute in a managed entry is not allowed
- Resolves: RHEL-40890 ipa-server-install: token_password_file read in kra.install_check after calling hsm_validator in ca.install_check
- Resolves: RHEL-40661 Adjust "ipa config-mod --addattr ipaconfigstring=EnforceLDAPOTP" to allow for non OTP users in some cases

* Mon Jul 08 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.0-5
- Resolves: RHEL-37285 IPA Web UI not showing replication agreement for non-admin users
- Resolves: RHEL-42703 PSKC.xml issues with ipa_otptoken_import.py
- Resolves: RHEL-41194 ipa-client rpm post script creates always ssh_config.orig even if nothing needs to be changed
- Resolves: RHEL-39477 kdc.crt certificate not getting automatically renewed by certmonger in IPA Hidden replica
- Resolves: RHEL-46559 Include latest fixes in python3-ipatests packages
- Resolves: RHEL-22188 [RFE] Allow IPA SIDgen task to continue if it finds an entity that SID can't be assigned to

* Mon Jun 10 2024 Julien Rische <jrische@redhat.com> - 4.12.0-4
- Resolves: RHEL-29928 CVE-2024-3183 freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force
- Resolves: RHEL-29691 CVE-2024-2698 freeipa: delegation rules allow a proxy service to impersonate any user to access another target service

* Wed Jun 05 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.0-3
- Related: RHEL-34809
temporarily revert a commit that depends on newer version of python-jwcrypto