Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

ipa-server-4.12.2-15.el10_0.1 RPM for x86_64_v2

From AlmaLinux 10.0 AppStream for x86_64_v2

Name: ipa-server Distribution: AlmaLinux
Version: 4.12.2 Vendor: AlmaLinux
Release: 15.el10_0.1 Build date: Mon Jul 7 15:56:08 2025
Group: Unspecified Build host: x64-builder04.almalinux.org
Size: 1177942 Source RPM: ipa-4.12.2-15.el10_0.1.src.rpm
Packager: AlmaLinux Packaging Team <packager@almalinux.org>
Url: http://www.freeipa.org/
Summary: The IPA authentication server
IPA is an integrated solution to provide centrally managed Identity (users,
hosts, services), Authentication (SSO, 2FA), and Authorization
(host access control, SELinux user roles, services). The solution provides
features for further integration with Linux based clients (SUDO, automount)
and integration with Active Directory based infrastructures (Trusts).
If you are installing an IPA server, you need to install this package.

Provides

Requires

License

GPL-3.0-or-later

Changelog

* Thu Jun 26 2025 Alex Burmashev <alexander.burmashev@oracle.com> - 4.12.2-15.el10_0.1
  - Resolves: RHEL-89908
    EMBARGOED CVE-2025-4404 ipa: Privilege escalation from host to domain admin in FreeIPA
  - Resolves: RHEL-89144
    kdb: ipadb_get_connection() succeeds but returns null LDAP context
* Wed Feb 12 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-15
  - Resolves: RHEL-67912 Add DNS over TLS Support
* Tue Feb 11 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-14
  - Resolves: RHEL-78766 Include latest fixes in python3-ipatests package
  - Resolves: RHEL-77965 ipa-server-install failing on slow hsm
* Tue Feb 11 2025 Thomas Woerner <twoerner@redhat.com> - 4.12.2-13
  - Resolves: RHEL-67912 Add DNS over TLS Support, Require bind 32:9.18.33-2 and new bind-dyndb-ldap 11.11-1
* Tue Jan 28 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-12
  - Resolves: RHEL-72580 A slow HSM can cause IPA server installation to fail setting up certificate tracking
* Wed Jan 22 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-11
  - Resolves: RHEL-75658 Include latest fixes in python3-ipatests package
  - Resolves: RHEL-74466 kinit with external idp user is failing
* Thu Jan 16 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-10
  - Resolves: RHEL-72580 A slow HSM can cause IPA server installation to fail setting up certificate tracking
  - Resolves: RHEL-71964 KRA installation failure caused by a certificate mismatch in NSS DB and configuration file
  - Resolves: RHEL-71262 Include latest fixes in python3-ipatests package
  - Resolves: RHEL-67190 CVE-2024-11029 ipa: Administrative user data leaked through systemd journal
* Wed Dec 11 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-9
  - Resolves: RHEL-70759 Fix typo in ipa-migrate log file i.e 'Privledges' to 'Privileges'
  - Resolves: RHEL-70477 ipa-server-upgrade fails after established trust with ad
  - Resolves: RHEL-70253 Upgrade to ipa-server-4.12.2-1.el9 OTP-based bind to LDAP without enforceldapotp is broken
  - Resolves: RHEL-69926 add support for python cryptography 44.0.0
  - Resolves: RHEL-69635 All user groups are not being included during HSM token validation
* Wed Nov 27 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-8
  - Resolves: RHEL-69300 Support GSSAPI in Cockpit on IPA servers
  - Resolves: RHEL-68447 ipa trust-add fails in FIPS mode with an internal error has occurred
  - Resolves: RHEL-57674 Use RSNv3 and enable cert pruning by default in RHEL 10.0
* Fri Nov 08 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-7
  - Resolves: RHEL-66599 vault-add fails in FIPS mode
  - Resolves: RHEL-66598 ipa-migrate should also migrate DNS forward zones
  - Resolves: RHEL-66597 ipa-migrate in stage mode fails with TypeError: 'NoneType' object is not iterable
  - Resolves: RHEL-66595 Sentences truncated in man pages
  - Resolves: RHEL-66592 IDP configuration in the IdM WebUI shows Organization is required
  - Resolves: RHEL-65650 ipa-server-install with setup-dns fails 'job for ipa.service failed because the control process exited with error code'
* Thu Oct 31 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-6
  - Resolves: RHEL-64018 Bump release for October 2024 mass rebuild
* Tue Oct 29 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-5
  - Resolves: RHEL-61636 Uninstall ACME separately during PKI uninstallation
* Mon Oct 21 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-4
  - Related: RHEL-59777 Rebase Samba to the latest 4.21.x release
  - Resolves: RHEL-59659 ipa dns-zone --allow-query '!198.18.2.0/24;any;' fails with Unrecognized IPAddress flags
  - Resolves: RHEL-61636 Uninstall ACME separately during PKI uninstallation
  - Resolves: RHEL-61723 Include latest fixes in python3-ipatests packages
  - Resolves: RHEL-63325 Last expired OTP token would be considered as still assigned to the user
* Tue Sep 24 2024 Rafael Guteres Jeffman <rjeffman@redhat.com> - 4.12.2-3
  - Resolves: RHEL-33818 Remove python3-ipalib's dependency on python3-netifaces
* Wed Sep 18 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-2
  - Resolves: RHEL-47294 SID generation task is failing when SELinux is in Enforcing mode
  - Resolves: RHEL-56472 Include latest fixes in python3-ipatests packages
  - Resolves: RHEL-56917 RFE add a tool to quickly detect and fix issues with IPA ID ranges
  - Resolves: RHEL-56965 Backport test fixes in python3-ipatests
  - Resolves: RHEL-58067 ipa replication installation fails in FIPS mode on rhel10
  - Resolves: RHEL-59265 Default hbac rules are duplicated on remote server post ipa-migrate in prod-mode
  - Resolves: RHEL-59266 Also enable SSSD's ssh service when enabling sss_ssh_knownhosts
* Thu Aug 22 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-1
  - Resolves: RHEL-54545 Covscan issues: Resource Leak
  - Resolves: RHEL-54304 support for python cryptography 43.0.0
  - Resolves: RHEL-49805 misleading warning for missing ipa-selinux-nfast package on luna hsm h/w
  - Resolves: RHEL-46897 With unreachable AD, ipa trust returns an internal error
* Thu Aug 08 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.1-4
  - Resolves: RHEL-53501 adtrustinstance only prints issues in check_inst() and does not log them
  - Resolves: RHEL-52305 Unconditionally add MS-PAC to global config
  - Resolves: RHEL-52223 ipa-replica/server-install with softhsm needs to check permission/ownership of /var/lib/softhsm/tokens to avoid install failure
  - Resolves: RHEL-51937 Include latest fixes in python3-ipatests packages
  - Resolves: RHEL-50805 ipa-migrate -Z with invalid cert options fails with 'ValueError: option error'
  - Resolves: RHEL-49805 misleading warning for missing ipa-selinux-nfast package on luna hsm h/w
  - Resolves: RHEL-49592 'Unable to log in as uid=admin-replica.testrealm.test,ou=people,o=ipaca' during replica install
  - Resolves: RHEL-4879 RFE - Keep the configured value for the "nsslapd-ignore-time-skew" after a "force-sync"
* Thu Jul 18 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.1-3
  - Resolves: RHEL-49452 Include latest fixes in python3-ipatests packages
  - Resolves: RHEL-49433 Adjust "ipa config-mod --addattr ipaconfigstring=EnforceLDAPOTP" to allow for non OTP users in some cases
  - Resolves: RHEL-49432 ipa-migrate stage-mode is failing with error: Modifying a mapped attribute in a managed entry is not allowed
  - Resolves: RHEL-49413 ipa-migrate with -Z option fails with ValueError: option error
  - Resolves: RHEL-47157 ipa-migrate -V options fails to display version
  - Resolves: RHEL-47148 Pagure #9629: Syntax error uninstalling the selinux-luna subpackage
  - Resolves: RHEL-40892 ipa-server-install: token_password_file read in kra.install_check after calling hsm_validator in ca.install_check
* Mon Jul 08 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.1-2
  - Resolves: RHEL-46607 kdc.crt certificate not getting automatically renewed by certmonger in IPA Hidden replica
  - Resolves: RHEL-46606 ipa-client rpm post script creates always ssh_config.orig even if nothing needs to be changed
  - Resolves: RHEL-46605 IPA Web UI not showing replication agreement for non-admin users
  - Resolves: RHEL-46592 [RFE] Allow IPA SIDgen task to continue if it finds an entity that SID can't be assigned to
  - Resolves: RHEL-46556 Include latest fixes in python3-ipatests packages
  - Resolves: RHEL-42705 PSKC.xml issues with ipa_otptoken_import.py
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 4.12.1-1.1
  - Bump release for June 2024 mass rebuild
* Wed Jun 12 2024 Julien Rische <jrische@redhat.com> - 4.12.1-1
  - Resolves: RHEL-32233 CVE-2024-3183 freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force
  - Resolves: RHEL-40881 CVE-2024-2698 freeipa: delegation rules allow a proxy service to impersonate any user to access another target service
* Tue Jun 04 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.0-1
  - Resolves: RHEL-39144 Rebase ipa to the latest 4.12 version for RHEL 10
  - Resolves: RHEL-30537 ipa: freeipa: argument injection into the username field of the /ipa/session/login_password requests
* Thu Feb 22 2024 Troy Dawson <tdawson@redhat.com> - 4.11.1-4
  - Bump release to rebuild on correct samba
* Thu Feb 08 2024 Alexander Bokovoy <abokovoy@redhat.com> - 4.11.1-3
  - Support 389-ds with lmdb backend
* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 4.11.1-2
  - Rebuild against Samba 4.20rc1
  - Fix memory leak in Kerberos KDC driver
  - Fix possible crash in IPA command line tool when accessing Kerberos credentials
  - Compatibility fix for Python Cryptography 42.0.0
  - NetBIOS defaults fix
  - Fix default host keytab retrieval permissions
* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 4.11.1-1.2
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 4.11.1-1.1
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Jan 10 2024 Alexander Bokovoy <abokovoy@redhat.com> - 4.11.1-1
  - Security release: CVE-2023-5455
  - Resolves: rhbz#2257646
* Wed Nov 08 2023 Alexander Bokovoy <abokovoy@redhat.com> - 4.11.0-7
  - ipalib: fix the IPACertificate validity dates (python 3.12 compatibility)
  - Handle PKI revocation response differences in JSON API
  - Allow removal of minimal length from a custom password policy
* Mon Oct 23 2023 Alexander Bokovoy <abokovoy@redhat.com> - 4.11.0-6
  - Adopt trust to AD code to Samba changes in case SIDs are malformed
* Tue Oct 03 2023 Alexander Bokovoy <abokovoy@redhat.com> - 4.11.0-5
  - FreeIPA 4.11.0 release
  - Simplify Fedora spec file
  - Release notes: https://www.freeipa.org/release-notes/4-11-0.html
* Mon Sep 18 2023 Alexander Bokovoy <abokovoy@redhat.com> - 4.11.0-4.beta1
  - Depend on selinux-policy-38.28-1.fc39
  - Add SELinux policy for passkey_child to be used without ipa-otpd
  - Related: rhbz#2238474
* Tue Sep 12 2023 Alexander Bokovoy <abokovoy@redhat.com> - 4.11.0-3.beta1
  - Restore properly SELinux context during IPA client uninstallation
  - Related: rhbz#2238474
* Tue Sep 12 2023 Alexander Bokovoy <abokovoy@redhat.com> - 4.11.0-2.beta1
  - Set 'sssd_use_usb' SELinux boolean when enrolling IPA client
  - Resolves: rhbz#2238474
* Mon Aug 21 2023 Alexander Bokovoy <abokovoy@redhat.com> - 4.11.0-1.beta1
  - FreeIPA 4.11.0 beta 1
  - Release notes: https://www.freeipa.org/release-notes/4-11-0-beta.html
* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 4.10.2-1.3
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Wed Jul 05 2023 Miro HronĨok <mhroncok@redhat.com> - 4.10.2-1.2
  - Use ssl.match_hostname from urllib3 as it was removed from Python 3.12
* Tue Jun 27 2023 Python Maint <python-maint@redhat.com> - 4.10.2-1.1
  - Rebuilt for Python 3.12

Files

/etc/dbus-1/system.d/org.freeipa.server.conf
/etc/oddjobd.conf.d/ipa-server.conf
/usr/lib/.build-id
/usr/lib/.build-id/04
/usr/lib/.build-id/04/838747709930816bae400ef35ecfeeadb3af96
/usr/lib/.build-id/10
/usr/lib/.build-id/10/88f49bf38618de029c60f04de8932b5aa34851
/usr/lib/.build-id/14
/usr/lib/.build-id/14/7e9be8697dc6a21e0aee4fb13c4446d9623138
/usr/lib/.build-id/23
/usr/lib/.build-id/23/81d1abd1ca3a15c61da401daae5167b9170f45
/usr/lib/.build-id/28
/usr/lib/.build-id/28/13b25823501b1cbaecf8eca91790e19f6724a4
/usr/lib/.build-id/36
/usr/lib/.build-id/36/9a4e170d4c49129612eb52bd3c9b6391685e4e
/usr/lib/.build-id/3c
/usr/lib/.build-id/3c/26762a31a20ffb8e07ce6c1dc736a02e459fcd
/usr/lib/.build-id/72
/usr/lib/.build-id/72/e9640838d03ba4ab43fc01685aa832f9dfba5b
/usr/lib/.build-id/7e
/usr/lib/.build-id/7e/1bf784807c05856612636ceed82fd37e7888a0
/usr/lib/.build-id/7f
/usr/lib/.build-id/7f/3dc7332781e12c405675a315dd6fd63d477cfb
/usr/lib/.build-id/8b
/usr/lib/.build-id/8b/fc21214c48c050461c2fea4b8c53b01a7fbb04
/usr/lib/.build-id/8e
/usr/lib/.build-id/8e/7718d83dde780d5536a683b4baff33d24eecc0
/usr/lib/.build-id/93
/usr/lib/.build-id/93/2be63882ba438a54743bc6b3d99ce5bee13dbd
/usr/lib/.build-id/aa
/usr/lib/.build-id/aa/bdf05c2cab2d6c0da1e601c94d082d66f48162
/usr/lib/.build-id/ae
/usr/lib/.build-id/ae/af79941d572723f03b2ade5ace2a36b9d8d255
/usr/lib/.build-id/bb
/usr/lib/.build-id/bb/10176a5f36f5f9edd22d2c46baf6e9bcfefff1
/usr/lib/.build-id/c3
/usr/lib/.build-id/c3/f48cff3396e07b307c709fc4e271144fceb411
/usr/lib/.build-id/cb
/usr/lib/.build-id/cb/775708e186fb1279e1f3d5eea6554b8b0ade29
/usr/lib/.build-id/cb/c0087859501748211e776ab0681d57ea56f683
/usr/lib/systemd/catalog/ipa.catalog
/usr/lib/systemd/system/ipa-ccache-sweep.service
/usr/lib/systemd/system/ipa-ccache-sweep.timer
/usr/lib/systemd/system/ipa-otpd.socket
/usr/lib/systemd/system/ipa-otpd@.service
/usr/lib/systemd/system/ipa.service
/usr/lib64/dirsrv/plugins/libipa_dns.so
/usr/lib64/dirsrv/plugins/libipa_enrollment_extop.so
/usr/lib64/dirsrv/plugins/libipa_extdom_extop.so
/usr/lib64/dirsrv/plugins/libipa_graceperiod.so
/usr/lib64/dirsrv/plugins/libipa_lockout.so
/usr/lib64/dirsrv/plugins/libipa_modrdn.so
/usr/lib64/dirsrv/plugins/libipa_otp_counter.so
/usr/lib64/dirsrv/plugins/libipa_otp_lasttoken.so
/usr/lib64/dirsrv/plugins/libipa_pwd_extop.so
/usr/lib64/dirsrv/plugins/libipa_range_check.so
/usr/lib64/dirsrv/plugins/libipa_repl_version.so
/usr/lib64/dirsrv/plugins/libipa_sidgen.so
/usr/lib64/dirsrv/plugins/libipa_sidgen_task.so
/usr/lib64/dirsrv/plugins/libipa_uuid.so
/usr/lib64/dirsrv/plugins/libipa_winsync.so
/usr/lib64/dirsrv/plugins/libtopology.so
/usr/lib64/krb5/plugins/kdb/ipadb.so
/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit
/usr/libexec/certmonger/ipa-server-guard
/usr/libexec/ipa
/usr/libexec/ipa/certmonger
/usr/libexec/ipa/certmonger/renew_ca_cert
/usr/libexec/ipa/certmonger/renew_kdc_cert
/usr/libexec/ipa/certmonger/renew_ra_cert
/usr/libexec/ipa/certmonger/renew_ra_cert_pre
/usr/libexec/ipa/certmonger/restart_dirsrv
/usr/libexec/ipa/certmonger/restart_httpd
/usr/libexec/ipa/certmonger/stop_pkicad
/usr/libexec/ipa/custodia
/usr/libexec/ipa/custodia/ipa-custodia-dmldap
/usr/libexec/ipa/custodia/ipa-custodia-pki-tomcat
/usr/libexec/ipa/custodia/ipa-custodia-pki-tomcat-wrapped
/usr/libexec/ipa/custodia/ipa-custodia-ra-agent
/usr/libexec/ipa/ipa-ccache-sweeper
/usr/libexec/ipa/ipa-custodia
/usr/libexec/ipa/ipa-custodia-check
/usr/libexec/ipa/ipa-httpd-kdcproxy
/usr/libexec/ipa/ipa-httpd-pwdreader
/usr/libexec/ipa/ipa-otpd
/usr/libexec/ipa/ipa-pki-retrieve-key
/usr/libexec/ipa/ipa-pki-wait-running
/usr/libexec/ipa/ipa-print-pac
/usr/libexec/ipa/ipa-subids
/usr/libexec/ipa/oddjob
/usr/libexec/ipa/oddjob/org.freeipa.server.config-enable-sid
/usr/libexec/ipa/oddjob/org.freeipa.server.conncheck
/usr/libexec/ipa/oddjob/org.freeipa.server.trust-enable-agent
/usr/sbin/ipa-acme-manage
/usr/sbin/ipa-advise
/usr/sbin/ipa-backup
/usr/sbin/ipa-ca-install
/usr/sbin/ipa-cacert-manage
/usr/sbin/ipa-cert-fix
/usr/sbin/ipa-compat-manage
/usr/sbin/ipa-crlgen-manage
/usr/sbin/ipa-csreplica-manage
/usr/sbin/ipa-idrange-fix
/usr/sbin/ipa-kra-install
/usr/sbin/ipa-ldap-updater
/usr/sbin/ipa-managed-entries
/usr/sbin/ipa-migrate
/usr/sbin/ipa-otptoken-import
/usr/sbin/ipa-pkinit-manage
/usr/sbin/ipa-replica-conncheck
/usr/sbin/ipa-replica-install
/usr/sbin/ipa-replica-manage
/usr/sbin/ipa-restore
/usr/sbin/ipa-server-certinstall
/usr/sbin/ipa-server-install
/usr/sbin/ipa-server-upgrade
/usr/sbin/ipa-winsync-migrate
/usr/sbin/ipactl
/usr/share/doc/ipa-server
/usr/share/doc/ipa-server/Contributors.txt
/usr/share/doc/ipa-server/README.md
/usr/share/licenses/ipa-server
/usr/share/licenses/ipa-server/COPYING
/usr/share/man/man1/ipa-acme-manage.1.gz
/usr/share/man/man1/ipa-advise.1.gz
/usr/share/man/man1/ipa-backup.1.gz
/usr/share/man/man1/ipa-ca-install.1.gz
/usr/share/man/man1/ipa-cacert-manage.1.gz
/usr/share/man/man1/ipa-cert-fix.1.gz
/usr/share/man/man1/ipa-compat-manage.1.gz
/usr/share/man/man1/ipa-crlgen-manage.1.gz
/usr/share/man/man1/ipa-csreplica-manage.1.gz
/usr/share/man/man1/ipa-idrange-fix.1.gz
/usr/share/man/man1/ipa-kra-install.1.gz
/usr/share/man/man1/ipa-ldap-updater.1.gz
/usr/share/man/man1/ipa-managed-entries.1.gz
/usr/share/man/man1/ipa-migrate.1.gz
/usr/share/man/man1/ipa-otptoken-import.1.gz
/usr/share/man/man1/ipa-pkinit-manage.1.gz
/usr/share/man/man1/ipa-replica-conncheck.1.gz
/usr/share/man/man1/ipa-replica-install.1.gz
/usr/share/man/man1/ipa-replica-manage.1.gz
/usr/share/man/man1/ipa-restore.1.gz
/usr/share/man/man1/ipa-server-certinstall.1.gz
/usr/share/man/man1/ipa-server-install.1.gz
/usr/share/man/man1/ipa-server-upgrade.1.gz
/usr/share/man/man1/ipa-winsync-migrate.1.gz
/usr/share/man/man8/ipactl.8.gz


Generated by rpm2html 1.8.1

Fabrice Bellet, Thu Oct 23 06:28:11 2025