Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

ipa-server-trust-ad-4.12.2-14.el9_6 RPM for aarch64

From AlmaLinux 9.6 AppStream for aarch64

Name: ipa-server-trust-ad Distribution: AlmaLinux
Version: 4.12.2 Vendor: AlmaLinux
Release: 14.el9_6 Build date: Tue May 13 09:12:57 2025
Group: Unspecified Build host: arm-builder01.almalinux.org
Size: 407743 Source RPM: ipa-4.12.2-14.el9_6.src.rpm
Packager: AlmaLinux Packaging Team <packager@almalinux.org>
Url: http://www.freeipa.org/
Summary: Virtual package to install packages required for Active Directory trusts
Cross-realm trusts with Active Directory in IPA require working Samba 4
installation. This package is provided for convenience to install all required
dependencies at once.

Provides

Requires

License

GPL-3.0-or-later

Changelog

* Thu Mar 20 2025 Thomas Woerner <twoerner@redhat.com> - 4.12.2-14
  - Resolves: RHEL-80345 Use new bind9.18-dyndb-ldap and bind9.18 only for DNS over TLS with the ipa-server-encrypted-dns package
* Wed Feb 12 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-13
  - Resolves: RHEL-67913 Add DNS over TLS Support
* Tue Feb 11 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-12
  - Resolves: RHEL-78726 ipa-server-install failing on slow hsm
* Tue Feb 11 2025 Thomas Woerner <twoerner@redhat.com> - 4.12.2-11
  - Resolves: RHEL-67913 Add DNS over TLS Support, Require bind9.18 32:9.18.29-2 and new bind-dyndb-ldap 11.11-1
* Tue Jan 28 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-10
  - Resolves: RHEL-73022 A slow HSM can cause IPA server installation to fail setting up certificate tracking
* Tue Jan 21 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-9
  - Resolves: RHEL-74465 kinit with external idp user is failing
  - Resolves: RHEL-75656 Include latest fixes in python3-ipatests package
* Thu Jan 16 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-8
  - Resolves: RHEL-73022 A slow HSM can cause IPA server installation to fail setting up certificate tracking [rhel-9]
  - Resolves: RHEL-71261 [RHEL-9.6] Include latest fixes in python3-ipatests package
  - Resolves: RHEL-67191 CVE-2024-11029 ipa: Administrative user data leaked through systemd journal [rhel-9.6]
  - Resolves: RHEL-59040 KRA installation failure caused by a certificate mismatch in NSS DB and configuration file.
* Wed Dec 11 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-7
  - Resolves: RHEL-70760 Fix typo in ipa-migrate log file i.e 'Privledges' to 'Privileges'
  - Resolves: RHEL-70481 ipa-server-upgrade fails after established trust with ad
  - Resolves: RHEL-69927 add support for python cryptography 44.0.0
  - Resolves: RHEL-69908 All user groups are not being included during HSM token validation
  - Resolves: RHEL-69900 Upgrade to ipa-server-4.12.2-1.el9 OTP-based bind to LDAP without enforceldapotp is broken
* Wed Nov 27 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-6
  - Resolves: RHEL-68448 ipa trust-add fails in FIPS mode with an internal error has occurred
  - Resolves: RHEL-69301 Support GSSAPI in Cockpit on IPA servers
* Wed Nov 20 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-5
  - Resolves: RHEL-67414 ipa dns-zone --allow-query '!198.18.2.0/24;any;' fails with Unrecognized IPAddress flags
  - Resolves: RHEL-67410 ipa-migrate should also migrate DNS forward zones
  - Resolves: RHEL-67409 ipa-migrate in stage mode fails with TypeError: 'NoneType' object is not iterable
  - Resolves: RHEL-66964 Include latest fixes in python3-ipatests packages
  - Resolves: RHEL-64135 IDP configuration in the IdM WebUI shows Organization is required
* Mon Nov 04 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-4
  - Bump release for rebuild
* Tue Oct 29 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-3
  - Resolves: RHEL-61642 Uninstall ACME separately during PKI uninstallation
* Mon Oct 21 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-2
  - Related: RHEL-59788 Rebase Samba to the latest 4.21.x release
  - Resolves: RHEL-61642 Uninstall ACME separately during PKI uninstallation
  - Resolves: RHEL-56963 SSSD offline causing test-adtrust-install failure
  - Resolves: RHEL-56473 Include latest fixes in python3-ipatests packages
  - Resolves: RHEL-48104 Default hbac rules are duplicated on remote server post ipa-migrate in prod-mode
  - Resolves: RHEL-45330 [RFE] add a tool to quickly detect and fix issues with IPA ID ranges
  - Resolves: RHEL-40376 SID generation task is failing when SELinux is in Enforcing mode
  - Resolves: RHEL-4915 Last expired OTP token would be considered as still assigned to the user
* Wed Aug 21 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-1
  - Resolves: RHEL-54546 Covscan issues: Resource Leak
  - Resolves: RHEL-49602 misleading warning for missing ipa-selinux-nfast package on luna hsm h/w
  - Resolves: RHEL-40359 With unreachable AD, ipa trust returns an internal error
* Thu Aug 08 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.0-7
  - Resolves: RHEL-53500 adtrustinstance only prints issues in check_inst() and does not log them
  - Resolves: RHEL-52306 Unconditionally add MS-PAC to global config
  - Resolves: RHEL-52300 RFE - Keep the configured value for the "nsslapd-ignore-time-skew" after a "force-sync"
  - Resolves: RHEL-52222 ipa-replica/server-install with softhsm needs to check permission/ownership of /var/lib/softhsm/tokens to avoid install failure
  - Resolves: RHEL-51944 Include latest fixes in python3-ipatests packages
  - Resolves: RHEL-50804 ipa-migrate -Z with invalid cert options fails with 'ValueError: option error'
  - Resolves: RHEL-49602 misleading warning for missing ipa-selinux-nfast package on luna hsm h/w
  - Resolves: RHEL-27856 'Unable to log in as uid=admin-replica.testrealm.test,ou=people,o=ipaca' during replica install
* Thu Jul 18 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.0-6
  - Resolves: RHEL-47292 Include latest fixes in python3-ipatests packages
  - Resolves: RHEL-47146 Syntax error uninstalling the selinux-luna subpackage
  - Resolves: RHEL-46009 ipa-migrate with -Z option fails with ValueError: option error
  - Resolves: RHEL-46003 ipa-migrate -V options fails to display version
  - Resolves: RHEL-45463 ipa-migrate stage-mode is failing with error: Modifying a mapped attribute in a managed entry is not allowed
  - Resolves: RHEL-40890 ipa-server-install: token_password_file read in kra.install_check after calling hsm_validator in ca.install_check
  - Resolves: RHEL-40661 Adjust "ipa config-mod --addattr ipaconfigstring=EnforceLDAPOTP" to allow for non OTP users in some cases
* Mon Jul 08 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.0-5
  - Resolves: RHEL-37285 IPA Web UI not showing replication agreement for non-admin users
  - Resolves: RHEL-42703 PSKC.xml issues with ipa_otptoken_import.py
  - Resolves: RHEL-41194 ipa-client rpm post script creates always ssh_config.orig even if nothing needs to be changed
  - Resolves: RHEL-39477 kdc.crt certificate not getting automatically renewed by certmonger in IPA Hidden replica
  - Resolves: RHEL-46559 Include latest fixes in python3-ipatests packages
  - Resolves: RHEL-22188 [RFE] Allow IPA SIDgen task to continue if it finds an entity that SID can't be assigned to
* Mon Jun 10 2024 Julien Rische <jrische@redhat.com> - 4.12.0-4
  - Resolves: RHEL-29928 CVE-2024-3183 freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force
  - Resolves: RHEL-29691 CVE-2024-2698 freeipa: delegation rules allow a proxy service to impersonate any user to access another target service
* Wed Jun 05 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.0-3
  - Related: RHEL-34809
  temporarily revert a commit that depends on newer version of python-jwcrypto
* Tue Jun 04 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.0-2
  - Resolves: RHEL-39950 ipa-client can't be installed because of a missing dependency
* Wed May 29 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.0-1
  - Resolves: RHEL-39140 Rebase ipa to the latest 4.12 version for RHEL 9.5
  - Resolves: RHEL-34757 The change for preventing deletion of the admin user caused a regression in disable
  - Resolves: RHEL-30553 Depend on nfsv4-client-utils or nfs-utils
  - Resolves: RHEL-29762 IPA sidgen fails to create SID for manually set ID for a new range [rhel-9.5.0]
  - Resolves: RHEL-26261 Fix replica connection check for use with AD administrator
  - Resolves: RHEL-18062 ipa ca-show NAME --certificate-out=file creates empty file when NAME does not exist
  - Resolves: RHEL-12149 traceback in ipaserver/dcerpc.py
  - Resolves: RHEL-4810 [RFE] FreeIPA-to-FreeIPA migration
  - Resolves: RHEL-4807 [RFE] Support in IPA for HSM boxes
* Tue Apr 30 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-11
  - Resolves: RHEL-33645 - Update samba to version 4.20.0
* Fri Mar 29 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-10
  - Resolves: RHEL-23377 Enforce OTP for ldap bind (in some scenarios)
  - Resolves: RHEL-29745 Unable to re-add broken AD trust - NT_STATUS_INVALID_PARAMETER
  - Resolves: RHEL-30905 Backport latest test fixes in ipa
* Thu Mar 07 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-9
  - Resolves: RHEL-28258 vault fails on non-fips client if server is in FIPS mode
  - Resolves: RHEL-26154 ipa: freeipa: specially crafted HTTP requests potentially lead to DoS or data exposure
* Tue Feb 20 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-8
  - Resolves: RHEL-12143 'ipa vault-add is failing with ipa: ERROR: an internal error has occurred in FIPS mode
  - Resolves: RHEL-25738 ipa-kdb: Cannot determine if PAC generator is available
* Fri Feb 16 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-7
  - Resolves: RHEL-25260 tier-1-upstream-dns-locations failed on RHEL8.8 gating
  - Resolves: RHEL-25738 ipa-kdb: Cannot determine if PAC generator is available
  - Resolves: RHEL-25815 Backport latest test fixes in python3-ipatests
* Fri Feb 09 2024 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-6
  - Resolves: RHEL-23627 IPA stops working if HTTP/... service principal was created before FreeIPA 4.4.0 and never modified
  - Resolves: RHEL-23625 sidgen plugin does not ignore staged users
  - Resolves: RHEL-23621 session cookie can't be read
  - Resolves: RHEL-22372 Gating-DL1 test failure in test_integration/test_dns_locations.py::TestDNSLocations::()::test_ipa_ca_records
  - Resolves: RHEL-21809 CA less servers are failing to be added in topology segment for domain suffix
  - Resolves: RHEL-17996 Memory leak in IdM's KDC
* Thu Jan 18 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-5
  - Resolves: RHEL-12589 ipa: Invalid CSRF protection
  - Resolves: RHEL-19748 ipa hbac-test did not report that it hit an arbitrary search limit
  - Resolves: RHEL-21059 'DogtagCertsConfigCheck' fails, displaying the error message 'Malformed directive: ca.signing.certnickname=caSigningCert cert-pki-ca'
  - Resolves: RHEL-21804 ipa client 4.10.2 - Failed to obtain host TGT
  - Resolves: RHEL-21809 CA less servers are failing to be added in topology segment for domain suffix
  - Resolves: RHEL-21810 ipa-client-install --automount-location does not work
  - Resolves: RHEL-21811 Handle change in behavior of pki-server ca-config-show in pki 11.5.0
  - Resolves: RHEL-21812 Backport latest test fixes in ipa
  - Resolves: RHEL-21813 krb5kdc fails to start when pkinit and otp auth type is enabled in ipa
  - Resolves: RHEL-21815 IPA 389ds plugins need to have better logging and tracing
  - Resolves: RHEL-21937 Make sure a default NetBIOS name is set if not passed in by ADTrust instance constructor
* Fri Dec 01 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-4
  - Resolves: RHEL-16985 Handle samba 4.19 changes in samba.security.dom_sid()
* Mon Nov 20 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-3
  - Resolves: RHEL-14428 healthcheck reports nsslapd-accesslog-logbuffering is set to 'off'
* Mon Nov 06 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-2
  - Resolves: RHEL-14292 Backport latest test fixes in python3-ipatests
  - Resolves: RHEL-15443 Server install: failure to install with externally signed CA because of timezone issue
  - Resolves: RHEL-15444 Minimum length parameter in pwpolicy cannot be removed with empty string
  - Resolves: RHEL-14842 Upstream xmlrpc tests are failing in RHEL9.4
* Fri Oct 06 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-1
  - Resolves: RHEL-11652 Rebase ipa to latest 4.11.x version for RHEL 9.4
* Thu Aug 17 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.10.2-4
  - Resolves: rhbz#2231847 RHEL 8.8 & 9.2 fails to create AD trust with STIG applied
  - Resolves: rhbz#2232056 Include latest test fixes in python3-ipatests
* Thu Aug 10 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.10.2-3
  - Resolves: rhbz#2229712 Delete operation protection for admin user
  - Resolves: rhbz#2227831 Interrupt request processing in ipadb_fill_info3() if connection to 389ds is lost
  - Resolves: rhbz#2227784 libipa_otp_lasttoken plugin memory leak
  - Resolves: rhbz#2224570 Improved error messages are needed when attempting to add a non-existing idp to a user
  - Resolves: rhbz#2230251 Backport latest test fixes to python3-ipatests
* Thu Jun 29 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.10.2-2
  - Resolves: rhbz#2192969 Better handling of the command line and web UI cert search and/or list features
  - Resolves: rhbz#2214933 Uninstalling of the IPA server is encountering a failure during the unconfiguration of the CA (Unconfiguring CA)
  - Resolves: rhbz#2216114 After updating the RHEL from 8.7 to 8.8, IPA services fails to start
  - Resolves: rhbz#2216549 Upgrade to 4.9.10-6.0.1 fails: attributes are managed by topology plugin
  - Resolves: rhbz#2216611 Backport latest test fixes in python3-ipatests
  - Resolves: rhbz#2216872 User authentication failing on OTP validation using multiple tokens, succeeds with password only
* Tue Jun 06 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.10.2-1
  - Resolves: rhbz#2196426 [Rebase] Rebase ipa to latest 4.10.x release for RHEL 9.3
  - Resolves: rhbz#2192969 Better handling of the command line and web UI cert search and/or list features
  - Resolves: rhbz#2192625 Better catch of the IPA web UI event "IPA Error 4301:CertificateOperationError", and IPA httpd error CertificateOperationError
  - Resolves: rhbz#2188567 IPA client Kerberos configuration incompatible with java
  - Resolves: rhbz#2182683 Tolerate absence of PAC ticket signature depending of domain and servers capabilities [rhel-9]
  - Resolves: rhbz#2180914 Sequence processing failures for group_add using server context
  - Resolves: rhbz#2165880 Add RBCD support to IPA
  - Resolves: rhbz#2160399 get_ranges - [file ipa_sidgen_common.c, line 276]: Failed to convert LDAP entry to range struct

Files

/etc/dbus-1/system.d/oddjob-ipa-trust.conf
/etc/oddjobd.conf.d/oddjobd-ipa-trust.conf
/usr/lib/.build-id
/usr/lib/.build-id/23
/usr/lib/.build-id/23/788b2cadf86672fd5358c2d74d1978036deefe
/usr/lib/.build-id/33
/usr/lib/.build-id/33/0071c235059250de294c4cc4d3cf62252392ad
/usr/lib64/dirsrv/plugins/libipa_cldap.so
/usr/lib64/krb5/plugins/libkrb5/winbind_krb5_locator.so
/usr/lib64/samba/pdb/ipasam.so
/usr/libexec/ipa/oddjob/com.redhat.idm.trust-fetch-domains
/usr/sbin/ipa-adtrust-install
/usr/share/doc/ipa-server-trust-ad
/usr/share/doc/ipa-server-trust-ad/Contributors.txt
/usr/share/doc/ipa-server-trust-ad/README.md
/usr/share/ipa/ipa-cldap-conf.ldif
/usr/share/ipa/smb.conf.empty
/usr/share/licenses/ipa-server-trust-ad
/usr/share/licenses/ipa-server-trust-ad/COPYING
/usr/share/man/man1/ipa-adtrust-install.1.gz


Generated by rpm2html 1.8.1

Fabrice Bellet, Fri Oct 24 06:13:24 2025