Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

ipa-common-4.12.2-19.el9 RPM for noarch

From CentOS Stream 9 AppStream for aarch64

Name: ipa-common Distribution: CentOS
Version: 4.12.2 Vendor: CentOS
Release: 19.el9 Build date: Mon Jun 30 21:44:29 2025
Group: Unspecified Build host: aarch64-02.stream.rdu2.redhat.com
Size: 4348055 Source RPM: ipa-4.12.2-19.el9.src.rpm
Packager: builder@centos.org
Url: http://www.freeipa.org/
Summary: Common files used by IPA
IPA is an integrated solution to provide centrally managed Identity (users,
hosts, services), Authentication (SSO, 2FA), and Authorization
(host access control, SELinux user roles, services). The solution provides
features for further integration with Linux based clients (SUDO, automount)
and integration with Active Directory based infrastructures (Trusts).
If you are using IPA, you need to install this package.

Provides

Requires

License

GPL-3.0-or-later

Changelog

* Thu Jun 26 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-19
  - Resolves: RHEL-100450 eDNS: multiple issues during encrypted DNS setup
  - Resolves: RHEL-89907 Privilege escalation from host to domain admin in FreeIPA
  - Resolves: RHEL-99315 Include latest fixes in python3-ipatests package
  - Resolves: RHEL-98565 ipa-idrange-fix: 'Env' object has no attribute 'basedn'
  - Resolves: RHEL-96920 Nightly test failure (rawhide) in test_trust.py::TestTrust::test_server_option_with_unreachable_ad
  - Resolves: RHEL-31907 kdb: support storing and retrieving multiple master keys
* Wed Jun 11 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-18
  - Related: RHEL-89873
* Wed Jun 04 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-17
  - Resolves: RHEL-95010 [RFE] Give warning when adding user with UID out of any ID range
  - Resolves: RHEL-93890 Include latest fixes in python3-ipatests package
  - Resolves: RHEL-93887 ipa idrange-add --help should be more clear about required options
  - Resolves: RHEL-93483 Unable to modify IPA config; --ipaconfigstring="" causes internal error
  - Resolves: RHEL-88834 kdb: ipadb_get_connection() succeeds but returns null LDAP context
  - Resolves: RHEL-68800 ipa-migrate with LDIF file from backup of remote server, fails with error 'change collided with another change'
* Tue Apr 29 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-16
  - Resolves: RHEL-88900 [RFE] Add check on CA cert expiry for ipa-cert-fix
  - Resolves: RHEL-88037 Server installation: dot-forwarder not added as a forwarder
  - Resolves: RHEL-86483 Include latest fixes in python3-ipatests package
  - Resolves: RHEL-41178 ipa-sidgen: fix memory leak in ipa_sidgen_add_post_op()
* Tue Mar 25 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-15
  - Resolves: RHEL-84481 Protect all IPA service principals
  - Resolves: RHEL-84277 [RFE] IDM support UIDs up to 4,294,967,293
  - Resolves: RHEL-84276 Ipa client --raw --structured throws internal error
  - Resolves: RHEL-82707 Search size limit tooltip has Search time limit tooltip text
  - Resolves: RHEL-82089 IPU 9 -> 10: ipa-server breaks the in-place upgrade due to failed scriptlet
  - Resolves: RHEL-68800 ipa-migrate with LDIF file from backup of remote server, fails with error 'change collided with another change'
  - Resolves: RHEL-30658 ipa-cacert-manage install fails with CAs having the same subject DN (subject key mismatch info)
* Thu Mar 20 2025 Thomas Woerner <twoerner@redhat.com> - 4.12.2-14
  - Resolves: RHEL-80345 Use new bind9.18-dyndb-ldap and bind9.18 only for DNS over TLS with the ipa-server-encrypted-dns package
* Wed Feb 12 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-13
  - Resolves: RHEL-67913 Add DNS over TLS Support
* Tue Feb 11 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-12
  - Resolves: RHEL-78726 ipa-server-install failing on slow hsm
* Tue Feb 11 2025 Thomas Woerner <twoerner@redhat.com> - 4.12.2-11
  - Resolves: RHEL-67913 Add DNS over TLS Support, Require bind9.18 32:9.18.29-2 and new bind-dyndb-ldap 11.11-1
* Tue Jan 28 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-10
  - Resolves: RHEL-73022 A slow HSM can cause IPA server installation to fail setting up certificate tracking
* Tue Jan 21 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-9
  - Resolves: RHEL-74465 kinit with external idp user is failing
  - Resolves: RHEL-75656 Include latest fixes in python3-ipatests package
* Thu Jan 16 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-8
  - Resolves: RHEL-73022 A slow HSM can cause IPA server installation to fail setting up certificate tracking [rhel-9]
  - Resolves: RHEL-71261 [RHEL-9.6] Include latest fixes in python3-ipatests package
  - Resolves: RHEL-67191 CVE-2024-11029 ipa: Administrative user data leaked through systemd journal [rhel-9.6]
  - Resolves: RHEL-59040 KRA installation failure caused by a certificate mismatch in NSS DB and configuration file.
* Wed Dec 11 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-7
  - Resolves: RHEL-70760 Fix typo in ipa-migrate log file i.e 'Privledges' to 'Privileges'
  - Resolves: RHEL-70481 ipa-server-upgrade fails after established trust with ad
  - Resolves: RHEL-69927 add support for python cryptography 44.0.0
  - Resolves: RHEL-69908 All user groups are not being included during HSM token validation
  - Resolves: RHEL-69900 Upgrade to ipa-server-4.12.2-1.el9 OTP-based bind to LDAP without enforceldapotp is broken
* Wed Nov 27 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-6
  - Resolves: RHEL-68448 ipa trust-add fails in FIPS mode with an internal error has occurred
  - Resolves: RHEL-69301 Support GSSAPI in Cockpit on IPA servers
* Wed Nov 20 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-5
  - Resolves: RHEL-67414 ipa dns-zone --allow-query '!198.18.2.0/24;any;' fails with Unrecognized IPAddress flags
  - Resolves: RHEL-67410 ipa-migrate should also migrate DNS forward zones
  - Resolves: RHEL-67409 ipa-migrate in stage mode fails with TypeError: 'NoneType' object is not iterable
  - Resolves: RHEL-66964 Include latest fixes in python3-ipatests packages
  - Resolves: RHEL-64135 IDP configuration in the IdM WebUI shows Organization is required
* Mon Nov 04 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-4
  - Bump release for rebuild
* Tue Oct 29 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-3
  - Resolves: RHEL-61642 Uninstall ACME separately during PKI uninstallation
* Mon Oct 21 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-2
  - Related: RHEL-59788 Rebase Samba to the latest 4.21.x release
  - Resolves: RHEL-61642 Uninstall ACME separately during PKI uninstallation
  - Resolves: RHEL-56963 SSSD offline causing test-adtrust-install failure
  - Resolves: RHEL-56473 Include latest fixes in python3-ipatests packages
  - Resolves: RHEL-48104 Default hbac rules are duplicated on remote server post ipa-migrate in prod-mode
  - Resolves: RHEL-45330 [RFE] add a tool to quickly detect and fix issues with IPA ID ranges
  - Resolves: RHEL-40376 SID generation task is failing when SELinux is in Enforcing mode
  - Resolves: RHEL-4915 Last expired OTP token would be considered as still assigned to the user
* Wed Aug 21 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-1
  - Resolves: RHEL-54546 Covscan issues: Resource Leak
  - Resolves: RHEL-49602 misleading warning for missing ipa-selinux-nfast package on luna hsm h/w
  - Resolves: RHEL-40359 With unreachable AD, ipa trust returns an internal error
* Thu Aug 08 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.0-7
  - Resolves: RHEL-53500 adtrustinstance only prints issues in check_inst() and does not log them
  - Resolves: RHEL-52306 Unconditionally add MS-PAC to global config
  - Resolves: RHEL-52300 RFE - Keep the configured value for the "nsslapd-ignore-time-skew" after a "force-sync"
  - Resolves: RHEL-52222 ipa-replica/server-install with softhsm needs to check permission/ownership of /var/lib/softhsm/tokens to avoid install failure
  - Resolves: RHEL-51944 Include latest fixes in python3-ipatests packages
  - Resolves: RHEL-50804 ipa-migrate -Z with invalid cert options fails with 'ValueError: option error'
  - Resolves: RHEL-49602 misleading warning for missing ipa-selinux-nfast package on luna hsm h/w
  - Resolves: RHEL-27856 'Unable to log in as uid=admin-replica.testrealm.test,ou=people,o=ipaca' during replica install
* Thu Jul 18 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.0-6
  - Resolves: RHEL-47292 Include latest fixes in python3-ipatests packages
  - Resolves: RHEL-47146 Syntax error uninstalling the selinux-luna subpackage
  - Resolves: RHEL-46009 ipa-migrate with -Z option fails with ValueError: option error
  - Resolves: RHEL-46003 ipa-migrate -V options fails to display version
  - Resolves: RHEL-45463 ipa-migrate stage-mode is failing with error: Modifying a mapped attribute in a managed entry is not allowed
  - Resolves: RHEL-40890 ipa-server-install: token_password_file read in kra.install_check after calling hsm_validator in ca.install_check
  - Resolves: RHEL-40661 Adjust "ipa config-mod --addattr ipaconfigstring=EnforceLDAPOTP" to allow for non OTP users in some cases
* Mon Jul 08 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.0-5
  - Resolves: RHEL-37285 IPA Web UI not showing replication agreement for non-admin users
  - Resolves: RHEL-42703 PSKC.xml issues with ipa_otptoken_import.py
  - Resolves: RHEL-41194 ipa-client rpm post script creates always ssh_config.orig even if nothing needs to be changed
  - Resolves: RHEL-39477 kdc.crt certificate not getting automatically renewed by certmonger in IPA Hidden replica
  - Resolves: RHEL-46559 Include latest fixes in python3-ipatests packages
  - Resolves: RHEL-22188 [RFE] Allow IPA SIDgen task to continue if it finds an entity that SID can't be assigned to
* Mon Jun 10 2024 Julien Rische <jrische@redhat.com> - 4.12.0-4
  - Resolves: RHEL-29928 CVE-2024-3183 freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force
  - Resolves: RHEL-29691 CVE-2024-2698 freeipa: delegation rules allow a proxy service to impersonate any user to access another target service
* Wed Jun 05 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.0-3
  - Related: RHEL-34809
  temporarily revert a commit that depends on newer version of python-jwcrypto
* Tue Jun 04 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.0-2
  - Resolves: RHEL-39950 ipa-client can't be installed because of a missing dependency
* Wed May 29 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.0-1
  - Resolves: RHEL-39140 Rebase ipa to the latest 4.12 version for RHEL 9.5
  - Resolves: RHEL-34757 The change for preventing deletion of the admin user caused a regression in disable
  - Resolves: RHEL-30553 Depend on nfsv4-client-utils or nfs-utils
  - Resolves: RHEL-29762 IPA sidgen fails to create SID for manually set ID for a new range [rhel-9.5.0]
  - Resolves: RHEL-26261 Fix replica connection check for use with AD administrator
  - Resolves: RHEL-18062 ipa ca-show NAME --certificate-out=file creates empty file when NAME does not exist
  - Resolves: RHEL-12149 traceback in ipaserver/dcerpc.py
  - Resolves: RHEL-4810 [RFE] FreeIPA-to-FreeIPA migration
  - Resolves: RHEL-4807 [RFE] Support in IPA for HSM boxes
* Tue Apr 30 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-11
  - Resolves: RHEL-33645 - Update samba to version 4.20.0
* Fri Mar 29 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-10
  - Resolves: RHEL-23377 Enforce OTP for ldap bind (in some scenarios)
  - Resolves: RHEL-29745 Unable to re-add broken AD trust - NT_STATUS_INVALID_PARAMETER
  - Resolves: RHEL-30905 Backport latest test fixes in ipa
* Thu Mar 07 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-9
  - Resolves: RHEL-28258 vault fails on non-fips client if server is in FIPS mode
  - Resolves: RHEL-26154 ipa: freeipa: specially crafted HTTP requests potentially lead to DoS or data exposure
* Tue Feb 20 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-8
  - Resolves: RHEL-12143 'ipa vault-add is failing with ipa: ERROR: an internal error has occurred in FIPS mode
  - Resolves: RHEL-25738 ipa-kdb: Cannot determine if PAC generator is available
* Fri Feb 16 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-7
  - Resolves: RHEL-25260 tier-1-upstream-dns-locations failed on RHEL8.8 gating
  - Resolves: RHEL-25738 ipa-kdb: Cannot determine if PAC generator is available
  - Resolves: RHEL-25815 Backport latest test fixes in python3-ipatests
* Fri Feb 09 2024 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-6
  - Resolves: RHEL-23627 IPA stops working if HTTP/... service principal was created before FreeIPA 4.4.0 and never modified
  - Resolves: RHEL-23625 sidgen plugin does not ignore staged users
  - Resolves: RHEL-23621 session cookie can't be read
  - Resolves: RHEL-22372 Gating-DL1 test failure in test_integration/test_dns_locations.py::TestDNSLocations::()::test_ipa_ca_records
  - Resolves: RHEL-21809 CA less servers are failing to be added in topology segment for domain suffix
  - Resolves: RHEL-17996 Memory leak in IdM's KDC
* Thu Jan 18 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-5
  - Resolves: RHEL-12589 ipa: Invalid CSRF protection
  - Resolves: RHEL-19748 ipa hbac-test did not report that it hit an arbitrary search limit
  - Resolves: RHEL-21059 'DogtagCertsConfigCheck' fails, displaying the error message 'Malformed directive: ca.signing.certnickname=caSigningCert cert-pki-ca'
  - Resolves: RHEL-21804 ipa client 4.10.2 - Failed to obtain host TGT
  - Resolves: RHEL-21809 CA less servers are failing to be added in topology segment for domain suffix
  - Resolves: RHEL-21810 ipa-client-install --automount-location does not work
  - Resolves: RHEL-21811 Handle change in behavior of pki-server ca-config-show in pki 11.5.0
  - Resolves: RHEL-21812 Backport latest test fixes in ipa
  - Resolves: RHEL-21813 krb5kdc fails to start when pkinit and otp auth type is enabled in ipa
  - Resolves: RHEL-21815 IPA 389ds plugins need to have better logging and tracing
  - Resolves: RHEL-21937 Make sure a default NetBIOS name is set if not passed in by ADTrust instance constructor
* Fri Dec 01 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-4
  - Resolves: RHEL-16985 Handle samba 4.19 changes in samba.security.dom_sid()
* Mon Nov 20 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-3
  - Resolves: RHEL-14428 healthcheck reports nsslapd-accesslog-logbuffering is set to 'off'
* Mon Nov 06 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-2
  - Resolves: RHEL-14292 Backport latest test fixes in python3-ipatests
  - Resolves: RHEL-15443 Server install: failure to install with externally signed CA because of timezone issue
  - Resolves: RHEL-15444 Minimum length parameter in pwpolicy cannot be removed with empty string
  - Resolves: RHEL-14842 Upstream xmlrpc tests are failing in RHEL9.4
* Fri Oct 06 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-1
  - Resolves: RHEL-11652 Rebase ipa to latest 4.11.x version for RHEL 9.4
* Thu Aug 17 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.10.2-4
  - Resolves: rhbz#2231847 RHEL 8.8 & 9.2 fails to create AD trust with STIG applied
  - Resolves: rhbz#2232056 Include latest test fixes in python3-ipatests
* Thu Aug 10 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.10.2-3
  - Resolves: rhbz#2229712 Delete operation protection for admin user
  - Resolves: rhbz#2227831 Interrupt request processing in ipadb_fill_info3() if connection to 389ds is lost
  - Resolves: rhbz#2227784 libipa_otp_lasttoken plugin memory leak
  - Resolves: rhbz#2224570 Improved error messages are needed when attempting to add a non-existing idp to a user
  - Resolves: rhbz#2230251 Backport latest test fixes to python3-ipatests
* Thu Jun 29 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.10.2-2
  - Resolves: rhbz#2192969 Better handling of the command line and web UI cert search and/or list features
  - Resolves: rhbz#2214933 Uninstalling of the IPA server is encountering a failure during the unconfiguration of the CA (Unconfiguring CA)
  - Resolves: rhbz#2216114 After updating the RHEL from 8.7 to 8.8, IPA services fails to start
  - Resolves: rhbz#2216549 Upgrade to 4.9.10-6.0.1 fails: attributes are managed by topology plugin
  - Resolves: rhbz#2216611 Backport latest test fixes in python3-ipatests
  - Resolves: rhbz#2216872 User authentication failing on OTP validation using multiple tokens, succeeds with password only

Files

/usr/libexec/ipa
/usr/share/doc/ipa-common
/usr/share/doc/ipa-common/Contributors.txt
/usr/share/doc/ipa-common/README.md
/usr/share/ipa
/usr/share/licenses/ipa-common
/usr/share/licenses/ipa-common/COPYING
/usr/share/locale/bn_IN/LC_MESSAGES/ipa.mo
/usr/share/locale/ca/LC_MESSAGES/ipa.mo
/usr/share/locale/cs/LC_MESSAGES/ipa.mo
/usr/share/locale/de/LC_MESSAGES/ipa.mo
/usr/share/locale/en_GB/LC_MESSAGES/ipa.mo
/usr/share/locale/es/LC_MESSAGES/ipa.mo
/usr/share/locale/eu/LC_MESSAGES/ipa.mo
/usr/share/locale/fi/LC_MESSAGES/ipa.mo
/usr/share/locale/fr/LC_MESSAGES/ipa.mo
/usr/share/locale/hi/LC_MESSAGES/ipa.mo
/usr/share/locale/hu/LC_MESSAGES/ipa.mo
/usr/share/locale/id/LC_MESSAGES/ipa.mo
/usr/share/locale/ja/LC_MESSAGES/ipa.mo
/usr/share/locale/ka/LC_MESSAGES/ipa.mo
/usr/share/locale/kn/LC_MESSAGES/ipa.mo
/usr/share/locale/ko/LC_MESSAGES/ipa.mo
/usr/share/locale/mr/LC_MESSAGES/ipa.mo
/usr/share/locale/nl/LC_MESSAGES/ipa.mo
/usr/share/locale/pa/LC_MESSAGES/ipa.mo
/usr/share/locale/pl/LC_MESSAGES/ipa.mo
/usr/share/locale/pt/LC_MESSAGES/ipa.mo
/usr/share/locale/pt_BR/LC_MESSAGES/ipa.mo
/usr/share/locale/ru/LC_MESSAGES/ipa.mo
/usr/share/locale/sk/LC_MESSAGES/ipa.mo
/usr/share/locale/tg/LC_MESSAGES/ipa.mo
/usr/share/locale/tr/LC_MESSAGES/ipa.mo
/usr/share/locale/uk/LC_MESSAGES/ipa.mo
/usr/share/locale/zh_CN/LC_MESSAGES/ipa.mo


Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Oct 21 05:11:33 2025