File freeipa.changes of Package freeipa
------------------------------------------------------------------- Sun Aug 25 20:47:21 UTC 2024 - mhurron@saminds.com - Update to version 4.12.2+git0.c7da7e0d: * Become IPA v4.12.2 * ipatests: Test to check that the configured value for "nsslapd-ignore-time-skew" remains on even after a "force-sync" is done * ipatests: Replace 'usermod -r' command with 'gpasswd -d' in test_hsm.py * Fix some resource leaks identified by a static analyzer * Ignore TripleDES python-cryptography import warnings * Correct usage of public_key_algorithm_oid in ipalib/x509 * trust-add: handle unavailable domain * HSM: fix the module name * ipatests: skip HSM test if pki < 11.5.9 * ipatests: ipa-migrate tool with -Z option (CACERTFILE) ------------------------------------------------------------------- Sat Jun 01 17:27:33 UTC 2024 - mhurron@saminds.com - Update to version 4.12.0+git0.407408e9: * Become IPA 4.12.0 * Update list of contributors * Update translations to FreeIPA master state * ipa-replica-manage list-ruvs: display FQDN in the output * console: for public errors only print a final one * custodia: do not use deprecated jwcrypto wrappers * frontend: add systemd journal audit of executed API commands * ipalib/rpc: Reformat after moving json code around * ipalib: move json formatter to a separate file * batch: add keeponly option ------------------------------------------------------------------- Tue Mar 26 18:15:45 UTC 2024 - mhurron@saminds.com - Update to version 4.11.1+git0.e18ac353: * Become IPA 4.11.1 * Integration tests for verifying Referer header in the UI * Check the HTTP Referer header on all requests * Become IPA 4.11.0 * Update contributors list * Update translations to FreeIPA ipa-4-11 state * Covscan issues: deadcode and Use after free * Add context manager to ipalib.API * Use datetime.timezone.utc instead of newer datetime.UTC alias * Workshop: fix broken Sphinx cross-references. ------------------------------------------------------------------- Thu Aug 10 16:11:17 UTC 2023 - malcolmlewis@opensuse.org - Update to version 4.10.2+git33.ff6cfcac: * ipatests: remove fixture call and wait to get things settle. * ipatests: update expected webui msg for admin deletion. * ipa-kdb: fix error handling of is_master_host(). * Prevent the admin user from being deleted. * idp: when adding an IdP allow to override IdP options. * Fix memory leak in the OTP last token plugin. * ipatests: update expected cksum for epn.conf. * component: mail_from_realname config setting added to IPA-EPN. * selinux: Update SELinux policy. * xmlrpc tests: add a test for user plugin with non-existing idp. ------------------------------------------------------------------- Sun Feb 05 11:06:14 UTC 2023 - ecsos@opensuse.org - Update to version 4.10.1+git69.d24b6998: * tests: add wrapper around ACME RSNv3 test * ipatests: fix (prci_checker) duplicated check & error return code * automember-rebuild: add a notice about high CPU usage * doc: add the --run command for manual job execution * ipa-acme-manage: add certificate/request pruning management * tests: Configure DNSResolver as platform agnostic resolver * tests: Add new ipa-ca error messages to IPADNSSystemRecordsCheck * tests: Add ipa_ca_name checking to DNS system records * spec: Drop no longer used build dependency on paste * ipatests: healthcheck: Handle missing fips-mode-setup * doc: Design for certificate pruning * trust-add: handle missing msSFU30MaxGidNumber * Spec file: use %autosetup instead of %setup * Spec file: unify with RHEL9 spec * API doc: validate generated reference * ipa tests: Add LANG before kinit command to fix issue with locale settings * Installer: create RID base before domain object * Tests: force key type in ACME tests * server install: remove error log about missing bkup file * ipatests: mark test_smb as xfail * pylint: Replace deprecated cgi module * pylint: Fix useless-object-inheritance * pylint: Fix unhashable-member * pylint: Fix unnecessary-lambda-assignment * pylint: Fix modified-iterating-list * pylint: Fix used-before-assignment * pylint: Replace deprecated pipes * pylint: Fix cyclic-import * pylint: Replace deprecated extension-pkg-whitelist * pylint: More allowed C extensions * pylint: Lint in single process mode * pylint: disable deprecated-module message * pylint: fix comparison-of-constants * pylint: disable comparison-of-constants * pylint: fix consider-iterating-dictionary * pylint: globally disable useless-object-inheritance * pylint: disable unhashable-member * pylint: disable invalid-sequence-index * pylint: fix deprecated-class SafeConfigParser * pylint: fix duplicate-value * pylint: fix implicit-str-concat * pylint: disable missing-timeout message * pylint: globally disable unnecessary-lambda-assignment message * pylint: disable unnecessary-dunder-call message * pylint: disable using-constant-test * pylint: remove arguments-renamed warnings * pylint: disable modified-iterating-list * pylint: replace deprecated distutils module * pylint: disable used-before-assignment * pylint: disable redefined-slots-in-subclass * pylint: remove useless suppression * pylint: remove unneeded disable=unused-private-member * azure tests: move to fedora 37 * ipatests: update the xfail annotation for test_number_of_zones * Spec file: bump krb5_kdb_version on rawhide * FIPS setup: fix typo filtering camellia encryption * cert utilities: MAC verification is incompatible with FIPS mode * ipatests: update the fake fips mode expected message * Fixes: ipa-otpd@.service: deprecated syslog setting * ipatests: xfail on all fedora for test_ipa_login_with_sso_user * Spec file: ipa-client depends on krb5-pkinit-openssl * API doc: add basic user management guide * ipa-certupdate: Update client certs before KDC/HTTPd restart * webui tests: fix assertion in test_subid.py * PRCI: update memory reqs for each topology * updates: fix memberManager ACI to allow managers from a specified group * API reference: update dnszone_add generated doc * API reference: update vault doc * Back to git snapshots * Become IPA 4.10.1 * Update translations to FreeIPA ipa-4-10 state * Generate CNAMEs for TXT+URI location krb records * ipatests: update vagrant boxes * ipatests: remove xfail for tests using sssctl domain-status * spec file: bump sssd version * Vault: fix interoperability issues with older RHEL systems * ipatests: re-enable dnssec tests * Spec file: bump bind version on f37+ * doc: Design for HSM support * Support tokens and optional password files when opening an NSS db * docs: add security section to idp * Add basic API usage guide * doc: generate API Reference * Pass the curl write callback by name instead of address * Add PKINIT support to ipa-client-install * webui: Add name to 'Certificates' table * ipatests: Test newly added certificate lable * webui: Add label name to 'Certificates' section * ipa-kdb: for delegation check, use different error codes before and after krb5 1.20 * ipatests: Add test for grace login limit * ipatests: test for root using admin password in webUI * Explicitly use legacy ID generators by default * ipatests: xfail test_ipa_login_with_sso_user * ipa-kdb: fix comment to make sure we talk about krb5 1.20 or later * ipa-kdb: fix PAC requester check * ipa-kdb: handle empty S4U proxy in allowed_to_delegate * ipa-kdb: handle cross-realm TGT entries when generating PAC * ipa-kdb: add krb5 1.20 support * ipa-kdb: refactor MS-PAC processing to prepare for krb5 1.20 * Spec file: bump the selinux-policy version * ipatests: add keycloak user login to ipa test * webui tests: fix test_subid suite * ipatests : Test query to AD specific attributes is successful. * Exclude installed policy module file from RPM verification * With the commit #99a74d7, 389-ds changed the message returned in ipa-healthcheck. * fix: Handle /proc/1/sched missing error * ipaclient: do not set TLS CA options in ldap.conf anymore * ipa-kdb: do not fail if certmap rule cannot be added * ipapython: Support openldap 2.6 * extdom: avoid sss_nss_getorigby*() calls when get*_r_wrapper() returns object from a wrong domain (performance optimization) * extdom: make sure result doesn't miss domain part * extdom: internal functions should be static * ipatests: mark xfail tests using dnssec * ipatests: mark xfail tests using sssctl domain-status * Tests: test on f37 and f36 * Remove empty translation for 'si' which breaks linter * Translated using Weblate (Korean) * Translated using Weblate (Korean) * Translated using Weblate (Korean) * Added translation using Weblate (Korean) * Translated using Weblate (Georgian) * Translated using Weblate (Georgian) * Translated using Weblate (Georgian) * Translated using Weblate (Finnish) * Translated using Weblate (Ukrainian) * Update translation files * Added translation using Weblate (Georgian) * Translated using Weblate (Finnish) * Translated using Weblate (Ukrainian) * Update translation files * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Polish) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Indonesian) * Translated using Weblate (Finnish) * Translated using Weblate (Ukrainian) * Update translation files * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Polish) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Update translation files * Translated using Weblate (Finnish) * Update translation files * ipa man page: format the EXAMPLES section * Update API and VERSION * webui: Set 'SOA serial' field as read-only * ipatest: Remove warning message for 'idnssoaserial' * Set 'idnssoaserial' to deprecated * Move client certificate request after krb5.conf is created * ipatests: add negative test for otptoken-sync * ipa otptoken-sync: return error when sync fails * Defer creating the final krb5.conf on clients * ipatests: add prci definitions for test_sso jobs * ipatests: add Keycloak Bridge test * webui: Show 'Sudo order' column * ipa-cacert-manage prune: remove all expired certs * Fix upper bound of password policy grace limit * x509: Replace removed register_interface with subclassing * Set pkeys in test_selinuxusermap.py::test_misc::delete_record * fix canonicalization issue in Web UI * Fix ipa-ccache-sweeper activation timer and clean up service file * ipa-otpd: initialize local pointers and handle gcc 10 * Remove pki_restart_configured_instance * ipatests: Rename create_quarkus to create_keycloak * Set default on group pwpolicy with no grace limit in upgrade * Set default gracelimit on group password policies to -1 * doc: Update LDAP grace period design with default values * gitignore: add install/oddjob/org.freeipa.server.config-enable-sid * ipatests: Fix expected object classes * DNSResolver: Fix use of nameservers with ports * upgrades: Don't restart the CA on ACME and profile schema change * check_repl_update: in progress is a boolean * Additional tests for RSN v3 * webui: Allow grace login limit * ipatests: ipa-client-install --subid adds entry in nsswitch.conf * azure tests: disable TestInstallDNSSECFirst * ipatest: fix prci checker target masked return code & add pylint * ipatests: WebUI: do not allow subid range deletion * Disabling gracelimit does not prevent LDAP binds * ipatests: healthcheck: test if system is FIPS enabled * ap: Constrain supported docutils * ap: Rearrange overloaded jobs * ap: Disable azure's security daemon * ap: Raise dbus timeout * Warn for permissions with read/write/search/compare and no attrs * ipatests: Checker script for prci definitions * Nightly tests: fix template for nightly_ipa-4-10_latest.yaml * webui: Do not allow empty pagination size * Only calculate LDAP password grace when the password is expired * Added a check while removing 'cert_dir'. The teardown method is called even if all the tests are skipped since the required PKI version is not present. The teardown is trying to remove a non-existent directory. * install: suggest --skip-mem-check when mem check fails * man: add --skip-mem-check to man pages * ipatests: add nightly definitions for ipa-4-10 branch * Back to git snapshots ------------------------------------------------------------------- Sun Feb 05 11:05:21 UTC 2023 - ecsos@opensuse.org - Update to version 4.10.0+git0.082ec006: * Become IPA 4.10.0 * Update FreeIPA translations to FreeIPA master state * Fix test_secure_ajp_connector.py failing with Python 3.6.8 * Add missing parameter to Suse modify_nsswitch_pam_stack * ipatests: Fix install_master for test_idp.py * ipaplatform/debian: Drop the path for ldap.so * ipaplatform/debian: Use multiarch path for libsofthsm2.so * ipatests: Healthcheck use subject base from IPA not REALM * Add end to end integration tests for external IdP * ipatests: update prci definitions for test_idp.py ------------------------------------------------------------------- Sun Feb 05 10:28:15 UTC 2023 - ecsos@opensuse.org - Update to version 4.9.11+git26.398e0918: * ipatests: fix (prci_checker) duplicated check & error return code * automember-rebuild: add a notice about high CPU usage * With the commit #99a74d7, 389-ds changed the message returned in ipa-healthcheck. * tests: Configure DNSResolver as platform agnostic resolver * tests: Add new ipa-ca error messages to IPADNSSystemRecordsCheck * tests: Add ipa_ca_name checking to DNS system records * spec: Drop no longer used build dependency on paste * ipatests: healthcheck: Handle missing fips-mode-setup * trust-add: handle missing msSFU30MaxGidNumber * API doc: validate generated reference ------------------------------------------------------------------- Fri Jun 24 00:13:51 UTC 2022 - Matthew Davis <opensuse@virtual.drop.net> - Update to version 4.9.10+git12: * Removed local patch for missing parameter in module. * Resolved rpmlint issue missing systemd scripts * Resolved rpmlint issues of config files outside of /etc or /var * Resolved rpmlint issue of missing rcipa-epd symlink * Resovled rpmlint issue of too many duplicate files * Resolved rpmlint issue of none standard group apache * Added rpmlintrc to resolve remaining rpmlint issues. * Updated Groups: in subpackages to be more accurate. * Enforce setting reported version number based on GIT tag ------------------------------------------------------------------- Thu Jun 16 03:36:32 UTC 2022 - opensuse@virtual.drop.net - Update to version 4.9.10+git1.3e90842b3: * Back to git snapshots * Become IPA 4.9.10 * Update list of contributors * Update translations to FreeIPA ipa-4-9 state * Create missing SSSD_PUBCONF_KRB5_INCLUDE_D_DIR * ipatests: xfail for test_ipahealthcheck_hidden_replica to respect pki version * Suse compatibility fix * idviews: use cached ipaOriginalUid value when resolving ID override anchor * Add switch for LDAP cache debug output * Remove extraneous AJP secret from server.xml on upgrades ------------------------------------------------------------------- Tue Sep 21 15:03:06 UTC 2021 - david.mulder@suse.com - krb5-client_paths.patch: Fix krb5-client paths in Tumbleweed and Leap > 15.4. - Add client dependencies krb5-client and python3-augeas. ------------------------------------------------------------------- Mon Sep 20 21:30:09 UTC 2021 - david.mulder@suse.com - Update to version 4.9.7+git28.865886401: * ipatests: Test that a user can be issued multiple certificates * Don't store entries with a usercertificate in the LDAP cache * ipatests: Log debug messages for locator plugin * krb5: Pin kpasswd server to a primary one * azure: Ignore tar errors * ipatests: fix expected msg in tasks.run_ssh_cmd * docs: Make use of `text` highlighting * ipatests: fix logic waiting for repl in TestIPACommand * migrate-ds: workaround to detect compat tree * ipatests: rpcclient now uses --use-kerberos=desired ------------------------------------------------------------------- Wed Feb 7 15:38:41 UTC 2018 - mrueckert@suse.de - Require sssd-ad for sssd_pac - split out freeipa-client-common ------------------------------------------------------------------- Tue Feb 6 16:36:01 UTC 2018 - mrueckert@suse.de - BR all the python libraries that we require in the client package - switch most BR to pkgconfig() flavor ------------------------------------------------------------------- Tue Feb 6 12:26:04 UTC 2018 - mrueckert@suse.de - switch to service ------------------------------------------------------------------- Thu Feb 1 19:42:27 UTC 2018 - mrueckert@suse.de - use python3 ------------------------------------------------------------------- Thu Feb 1 18:11:55 UTC 2018 - mrueckert@suse.de - add requires to the package and split out the client and common package ------------------------------------------------------------------- Thu Feb 1 18:11:48 UTC 2018 - mrueckert@suse.de - switch to patch for adding suse support ------------------------------------------------------------------- Thu Feb 1 14:05:46 UTC 2018 - mrueckert@suse.de - client support seems to work ------------------------------------------------------------------- Fri Mar 24 12:21:49 UTC 2017 - mrueckert@suse.de - initial package
