Project ipa-4.9.13-16.module+el8.10.0+629+32a7f6fe
content_copy
Name
ipa
Epoch
0
Version
4.9.13
Release
16.module+el8.10.0+629+32a7f6fe
Website/URL
http://www.freeipa.org/
License
GPLv3+
Build Time
2025-04-23 21:29:10
Build Host
builder-x86-07.inferitos.ru
Summary
The Identity, Policy and Audit system
Repositories
AppStream
Description
IPA is an integrated solution to provide centrally managed Identity (users,
hosts, services), Authentication (SSO, 2FA), and Authorization
(host access control, SELinux user roles, services). The solution provides
features for further integration with Linux based clients (SUDO, automount)
and integration with Active Directory based infrastructures (Trusts).
Errata
—
×
* Mon Mar 31 2025 Rafael Jeffman <rjeffman@redhat.com> - 4.9.13-16
- Add a- heck into ipa-cert-fix tool to avoid updating certs if CA is close to expire
Resolves: RHEL-4941
- Fix rpminspect's 'patches' warnings
Resolves: RHEL-22497
* Mon Mar 10 2025 Rafael Jeffman <rjeffman@redhat.com> - 4.9.13-15
- Replica CA installation: ignore skew during initial replication
Resolves RHEL-80995
* Wed Nov 27 2024 Rafael Jeffman <rjeffman@redhat.com> - 4.9.13-14
- ipatests: Update ipa-adtrust-install test
Resolves: RHEL-40894
* Thu Nov 14 2024 Rafael Jeffman <rjeffman@redhat.com> - 4.9.13-13
- Add ipa-idrange-fix
Resolves: RHEL-56920
- Unconditionally add MS-PAC to global config on update
Resolves: RHEL-49437
- ipatests: Update ipa-adtrust-install test
Resolves: RHEL-40894
- Require python-qrcode version 5.3 or later
Related: RHEL-15090
* Wed Jul 17 2024 Rafael Jeffman <rjeffman@redhat.com> - 4.9.13-12
- Allow the admin user to be disabled
Resolves: RHEL-34756
- ipa-otptoken-import: open the key file in binary mode
Resolves: RHEL-39616
- ipa-crlgen-manage: manage the cert status task execution time
Resolves: RHEL-30280
- idrange-add: add a warning because 389ds restart is required
Resolves: RHEL-28996
- PKINIT certificate: fix renewal on hidden replica
Resolves: RHEL-4913, RHEL-45908
* Wed Jun 12 2024 Julien Rische <jrische@redhat.com> - 4.9.13-11
- Add missing part of backported CVE-2024-3183 fix
Resolves: RHEL-29927
* Tue Apr 30 2024 Julien Rische <jrische@redhat.com> - 4.9.13-10
- kdb: apply combinatorial logic for ticket flags (CVE-2024-3183)
Resolves: RHEL-29927
- kdb: fix vulnerability in GCD rules handling (CVE-2024-2698)
Resolves: RHEL-29692
* Fri Apr 12 2024 Rafael Jeffman <rjeffman@redhat.com> - 9.4.13-9
- dcerpc: invalidate forest trust intfo cache when filtering out realm domains
Resolves: RHEL-28559
- Backport latests test fixes in python3-tests
ipatests: add xfail for autoprivate group test with override
ipatests: remove xfail thanks to sssd 2.9.4
ipatests: adapt for new automembership fixup behavior
ipatests: Fixes for test_ipahealthcheck_ipansschainvalidation testcases
test_xmlrpc: adopt to automember plugin message changes in 389-ds
Resolves: RHEL-29908
* Thu Mar 07 2024 Rafael Jeffman <rjeffman@redhat.com> - 4.9.13-8
- rpcserver: validate Kerberos principal name before running kinit
Resolves: RHEL-26153
- Vault: add additional fallback to RSA-OAEP wrapping algo
Resolves: RHEL-28259
* Tue Feb 20 2024 Julien Rische <jrische@redhat.com> - 4.9.13-7
- ipa-kdb: Fix double free in ipadb_reinit_mspac()
Resolves: RHEL-25742
- kra: set RSA-OAEP as default wrapping algo when FIPS is enabled
Resolves: RHEL-12153
- Vault: improve vault server archival/retrieval calls error handling
Resolves: RHEL-12153
- Vault: add support for RSA-OAEP wrapping algo
Resolves: RHEL-12153
