Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

ipa-client-common-4.12.2-14.el9_6.5 RPM for noarch

From AlmaLinux 9.6 AppStream for s390x

Name: ipa-client-common Distribution: AlmaLinux
Version: 4.12.2 Vendor: AlmaLinux
Release: 14.el9_6.5 Build date: Wed Oct 22 12:34:32 2025
Group: Unspecified Build host: s390x-builder02.almalinux.org
Size: 49440 Source RPM: ipa-4.12.2-14.el9_6.5.src.rpm
Packager: AlmaLinux Packaging Team <packager@almalinux.org>
Url: http://www.freeipa.org/
Summary: Common files used by IPA client
IPA is an integrated solution to provide centrally managed Identity (users,
hosts, services), Authentication (SSO, 2FA), and Authorization
(host access control, SELinux user roles, services). The solution provides
features for further integration with Linux based clients (SUDO, automount)
and integration with Active Directory based infrastructures (Trusts).
If your network uses IPA for authentication, this package should be
installed on every client machine.

Provides

Requires

License

GPL-3.0-or-later

Changelog

* Thu Sep 11 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-14.5
  - Resolves: RHEL-110068
    EMBARGOED CVE-2025-7493 ipa: Privilege escalation from host to domain admin in FreeIPA
* Wed Sep 03 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-14.4
  - Resolves: RHEL-110068
    EMBARGOED CVE-2025-7493 ipa: Privilege escalation from host to domain admin in FreeIPA
* Tue Jul 29 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-14.3
  - Resolves: RHEL-106165
    ipatests: use "sos report" instead of "sosreport" command
* Tue Jul 22 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-14.2
  - Resolves: RHEL-104857
    ipa-sidgen: fix memory leak in ipa_sidgen_add_post_op() [rhel-9.6.z]
* Thu May 15 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-14.1
  - Resolves: RHEL-89908
    EMBARGOED CVE-2025-4404 ipa: Privilege escalation from host to domain admin in FreeIPA
  - Resolves: RHEL-89144
    kdb: ipadb_get_connection() succeeds but returns null LDAP context
* Thu Mar 20 2025 Thomas Woerner <twoerner@redhat.com> - 4.12.2-14
  - Resolves: RHEL-80345 Use new bind9.18-dyndb-ldap and bind9.18 only for DNS over TLS with the ipa-server-encrypted-dns package
* Wed Feb 12 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-13
  - Resolves: RHEL-67913 Add DNS over TLS Support
* Tue Feb 11 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-12
  - Resolves: RHEL-78726 ipa-server-install failing on slow hsm
* Tue Feb 11 2025 Thomas Woerner <twoerner@redhat.com> - 4.12.2-11
  - Resolves: RHEL-67913 Add DNS over TLS Support, Require bind9.18 32:9.18.29-2 and new bind-dyndb-ldap 11.11-1
* Tue Jan 28 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-10
  - Resolves: RHEL-73022 A slow HSM can cause IPA server installation to fail setting up certificate tracking
* Tue Jan 21 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-9
  - Resolves: RHEL-74465 kinit with external idp user is failing
  - Resolves: RHEL-75656 Include latest fixes in python3-ipatests package
* Thu Jan 16 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-8
  - Resolves: RHEL-73022 A slow HSM can cause IPA server installation to fail setting up certificate tracking [rhel-9]
  - Resolves: RHEL-71261 [RHEL-9.6] Include latest fixes in python3-ipatests package
  - Resolves: RHEL-67191 CVE-2024-11029 ipa: Administrative user data leaked through systemd journal [rhel-9.6]
  - Resolves: RHEL-59040 KRA installation failure caused by a certificate mismatch in NSS DB and configuration file.
* Wed Dec 11 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-7
  - Resolves: RHEL-70760 Fix typo in ipa-migrate log file i.e 'Privledges' to 'Privileges'
  - Resolves: RHEL-70481 ipa-server-upgrade fails after established trust with ad
  - Resolves: RHEL-69927 add support for python cryptography 44.0.0
  - Resolves: RHEL-69908 All user groups are not being included during HSM token validation
  - Resolves: RHEL-69900 Upgrade to ipa-server-4.12.2-1.el9 OTP-based bind to LDAP without enforceldapotp is broken
* Wed Nov 27 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-6
  - Resolves: RHEL-68448 ipa trust-add fails in FIPS mode with an internal error has occurred
  - Resolves: RHEL-69301 Support GSSAPI in Cockpit on IPA servers
* Wed Nov 20 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-5
  - Resolves: RHEL-67414 ipa dns-zone --allow-query '!198.18.2.0/24;any;' fails with Unrecognized IPAddress flags
  - Resolves: RHEL-67410 ipa-migrate should also migrate DNS forward zones
  - Resolves: RHEL-67409 ipa-migrate in stage mode fails with TypeError: 'NoneType' object is not iterable
  - Resolves: RHEL-66964 Include latest fixes in python3-ipatests packages
  - Resolves: RHEL-64135 IDP configuration in the IdM WebUI shows Organization is required
* Mon Nov 04 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-4
  - Bump release for rebuild
* Tue Oct 29 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-3
  - Resolves: RHEL-61642 Uninstall ACME separately during PKI uninstallation
* Mon Oct 21 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-2
  - Related: RHEL-59788 Rebase Samba to the latest 4.21.x release
  - Resolves: RHEL-61642 Uninstall ACME separately during PKI uninstallation
  - Resolves: RHEL-56963 SSSD offline causing test-adtrust-install failure
  - Resolves: RHEL-56473 Include latest fixes in python3-ipatests packages
  - Resolves: RHEL-48104 Default hbac rules are duplicated on remote server post ipa-migrate in prod-mode
  - Resolves: RHEL-45330 [RFE] add a tool to quickly detect and fix issues with IPA ID ranges
  - Resolves: RHEL-40376 SID generation task is failing when SELinux is in Enforcing mode
  - Resolves: RHEL-4915 Last expired OTP token would be considered as still assigned to the user
* Wed Aug 21 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-1
  - Resolves: RHEL-54546 Covscan issues: Resource Leak
  - Resolves: RHEL-49602 misleading warning for missing ipa-selinux-nfast package on luna hsm h/w
  - Resolves: RHEL-40359 With unreachable AD, ipa trust returns an internal error
* Thu Aug 08 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.0-7
  - Resolves: RHEL-53500 adtrustinstance only prints issues in check_inst() and does not log them
  - Resolves: RHEL-52306 Unconditionally add MS-PAC to global config
  - Resolves: RHEL-52300 RFE - Keep the configured value for the "nsslapd-ignore-time-skew" after a "force-sync"
  - Resolves: RHEL-52222 ipa-replica/server-install with softhsm needs to check permission/ownership of /var/lib/softhsm/tokens to avoid install failure
  - Resolves: RHEL-51944 Include latest fixes in python3-ipatests packages
  - Resolves: RHEL-50804 ipa-migrate -Z with invalid cert options fails with 'ValueError: option error'
  - Resolves: RHEL-49602 misleading warning for missing ipa-selinux-nfast package on luna hsm h/w
  - Resolves: RHEL-27856 'Unable to log in as uid=admin-replica.testrealm.test,ou=people,o=ipaca' during replica install
* Thu Jul 18 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.0-6
  - Resolves: RHEL-47292 Include latest fixes in python3-ipatests packages
  - Resolves: RHEL-47146 Syntax error uninstalling the selinux-luna subpackage
  - Resolves: RHEL-46009 ipa-migrate with -Z option fails with ValueError: option error
  - Resolves: RHEL-46003 ipa-migrate -V options fails to display version
  - Resolves: RHEL-45463 ipa-migrate stage-mode is failing with error: Modifying a mapped attribute in a managed entry is not allowed
  - Resolves: RHEL-40890 ipa-server-install: token_password_file read in kra.install_check after calling hsm_validator in ca.install_check
  - Resolves: RHEL-40661 Adjust "ipa config-mod --addattr ipaconfigstring=EnforceLDAPOTP" to allow for non OTP users in some cases
* Mon Jul 08 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.0-5
  - Resolves: RHEL-37285 IPA Web UI not showing replication agreement for non-admin users
  - Resolves: RHEL-42703 PSKC.xml issues with ipa_otptoken_import.py
  - Resolves: RHEL-41194 ipa-client rpm post script creates always ssh_config.orig even if nothing needs to be changed
  - Resolves: RHEL-39477 kdc.crt certificate not getting automatically renewed by certmonger in IPA Hidden replica
  - Resolves: RHEL-46559 Include latest fixes in python3-ipatests packages
  - Resolves: RHEL-22188 [RFE] Allow IPA SIDgen task to continue if it finds an entity that SID can't be assigned to
* Mon Jun 10 2024 Julien Rische <jrische@redhat.com> - 4.12.0-4
  - Resolves: RHEL-29928 CVE-2024-3183 freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force
  - Resolves: RHEL-29691 CVE-2024-2698 freeipa: delegation rules allow a proxy service to impersonate any user to access another target service
* Wed Jun 05 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.0-3
  - Related: RHEL-34809
  temporarily revert a commit that depends on newer version of python-jwcrypto
* Tue Jun 04 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.0-2
  - Resolves: RHEL-39950 ipa-client can't be installed because of a missing dependency
* Wed May 29 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.0-1
  - Resolves: RHEL-39140 Rebase ipa to the latest 4.12 version for RHEL 9.5
  - Resolves: RHEL-34757 The change for preventing deletion of the admin user caused a regression in disable
  - Resolves: RHEL-30553 Depend on nfsv4-client-utils or nfs-utils
  - Resolves: RHEL-29762 IPA sidgen fails to create SID for manually set ID for a new range [rhel-9.5.0]
  - Resolves: RHEL-26261 Fix replica connection check for use with AD administrator
  - Resolves: RHEL-18062 ipa ca-show NAME --certificate-out=file creates empty file when NAME does not exist
  - Resolves: RHEL-12149 traceback in ipaserver/dcerpc.py
  - Resolves: RHEL-4810 [RFE] FreeIPA-to-FreeIPA migration
  - Resolves: RHEL-4807 [RFE] Support in IPA for HSM boxes
* Tue Apr 30 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-11
  - Resolves: RHEL-33645 - Update samba to version 4.20.0
* Fri Mar 29 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-10
  - Resolves: RHEL-23377 Enforce OTP for ldap bind (in some scenarios)
  - Resolves: RHEL-29745 Unable to re-add broken AD trust - NT_STATUS_INVALID_PARAMETER
  - Resolves: RHEL-30905 Backport latest test fixes in ipa
* Thu Mar 07 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-9
  - Resolves: RHEL-28258 vault fails on non-fips client if server is in FIPS mode
  - Resolves: RHEL-26154 ipa: freeipa: specially crafted HTTP requests potentially lead to DoS or data exposure
* Tue Feb 20 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-8
  - Resolves: RHEL-12143 'ipa vault-add is failing with ipa: ERROR: an internal error has occurred in FIPS mode
  - Resolves: RHEL-25738 ipa-kdb: Cannot determine if PAC generator is available
* Fri Feb 16 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-7
  - Resolves: RHEL-25260 tier-1-upstream-dns-locations failed on RHEL8.8 gating
  - Resolves: RHEL-25738 ipa-kdb: Cannot determine if PAC generator is available
  - Resolves: RHEL-25815 Backport latest test fixes in python3-ipatests
* Fri Feb 09 2024 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-6
  - Resolves: RHEL-23627 IPA stops working if HTTP/... service principal was created before FreeIPA 4.4.0 and never modified
  - Resolves: RHEL-23625 sidgen plugin does not ignore staged users
  - Resolves: RHEL-23621 session cookie can't be read
  - Resolves: RHEL-22372 Gating-DL1 test failure in test_integration/test_dns_locations.py::TestDNSLocations::()::test_ipa_ca_records
  - Resolves: RHEL-21809 CA less servers are failing to be added in topology segment for domain suffix
  - Resolves: RHEL-17996 Memory leak in IdM's KDC
* Thu Jan 18 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-5
  - Resolves: RHEL-12589 ipa: Invalid CSRF protection
  - Resolves: RHEL-19748 ipa hbac-test did not report that it hit an arbitrary search limit
  - Resolves: RHEL-21059 'DogtagCertsConfigCheck' fails, displaying the error message 'Malformed directive: ca.signing.certnickname=caSigningCert cert-pki-ca'
  - Resolves: RHEL-21804 ipa client 4.10.2 - Failed to obtain host TGT
  - Resolves: RHEL-21809 CA less servers are failing to be added in topology segment for domain suffix
  - Resolves: RHEL-21810 ipa-client-install --automount-location does not work
  - Resolves: RHEL-21811 Handle change in behavior of pki-server ca-config-show in pki 11.5.0
  - Resolves: RHEL-21812 Backport latest test fixes in ipa
  - Resolves: RHEL-21813 krb5kdc fails to start when pkinit and otp auth type is enabled in ipa
  - Resolves: RHEL-21815 IPA 389ds plugins need to have better logging and tracing
  - Resolves: RHEL-21937 Make sure a default NetBIOS name is set if not passed in by ADTrust instance constructor
* Fri Dec 01 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-4
  - Resolves: RHEL-16985 Handle samba 4.19 changes in samba.security.dom_sid()
* Mon Nov 20 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-3
  - Resolves: RHEL-14428 healthcheck reports nsslapd-accesslog-logbuffering is set to 'off'
* Mon Nov 06 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-2
  - Resolves: RHEL-14292 Backport latest test fixes in python3-ipatests
  - Resolves: RHEL-15443 Server install: failure to install with externally signed CA because of timezone issue
  - Resolves: RHEL-15444 Minimum length parameter in pwpolicy cannot be removed with empty string
  - Resolves: RHEL-14842 Upstream xmlrpc tests are failing in RHEL9.4
* Fri Oct 06 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-1
  - Resolves: RHEL-11652 Rebase ipa to latest 4.11.x version for RHEL 9.4

Files

/etc/ipa
/etc/ipa/ca.crt
/etc/ipa/default.conf
/etc/ipa/nssdb
/etc/ipa/nssdb/cert8.db
/etc/ipa/nssdb/cert9.db
/etc/ipa/nssdb/key3.db
/etc/ipa/nssdb/key4.db
/etc/ipa/nssdb/pkcs11.txt
/etc/ipa/nssdb/pwdfile.txt
/etc/ipa/nssdb/secmod.db
/etc/pki/ca-trust/source/ipa.p11-kit
/usr/share/doc/ipa-client-common
/usr/share/doc/ipa-client-common/Contributors.txt
/usr/share/doc/ipa-client-common/README.md
/usr/share/ipa/client
/usr/share/ipa/client/freeipa.template
/usr/share/ipa/client/ssh_ipa.conf.template
/usr/share/ipa/client/sshd_ipa.conf.template
/usr/share/ipa/client/unbound.conf.template
/usr/share/licenses/ipa-client-common
/usr/share/licenses/ipa-client-common/COPYING
/usr/share/man/man5/default.conf.5.gz
/var/lib/ipa-client
/var/lib/ipa-client/pki
/var/lib/ipa-client/sysrestore


Generated by rpm2html 1.8.1

Fabrice Bellet, Fri Oct 24 06:17:00 2025