File freeipa.changes of Package freeipa

Overview Repositories Revisions Requests Users Attributes Meta

File freeipa.changes of Package freeipa

-------------------------------------------------------------------
Sun Aug 25 20:47:21 UTC 2024 - mhurron@saminds.com

- Update to version 4.12.2+git0.c7da7e0d:
  * Become IPA v4.12.2
  * ipatests: Test to check that the configured value for "nsslapd-ignore-time-skew" remains on even after a "force-sync" is done
  * ipatests: Replace 'usermod -r' command with 'gpasswd -d' in test_hsm.py
  * Fix some resource leaks identified by a static analyzer
  * Ignore TripleDES python-cryptography import warnings
  * Correct usage of public_key_algorithm_oid in ipalib/x509
  * trust-add: handle unavailable domain
  * HSM: fix the module name
  * ipatests: skip HSM test if pki < 11.5.9
  * ipatests: ipa-migrate tool with -Z option (CACERTFILE)

-------------------------------------------------------------------
Sat Jun 01 17:27:33 UTC 2024 - mhurron@saminds.com

- Update to version 4.12.0+git0.407408e9:
  * Become IPA 4.12.0
  * Update list of contributors
  * Update translations to FreeIPA master state
  * ipa-replica-manage list-ruvs: display FQDN in the output
  * console: for public errors only print a final one
  * custodia: do not use deprecated jwcrypto wrappers
  * frontend: add systemd journal audit of executed API commands
  * ipalib/rpc: Reformat after moving json code around
  * ipalib: move json formatter to a separate file
  * batch: add keeponly option

-------------------------------------------------------------------
Tue Mar 26 18:15:45 UTC 2024 - mhurron@saminds.com

- Update to version 4.11.1+git0.e18ac353:
  * Become IPA 4.11.1
  * Integration tests for verifying Referer header in the UI
  * Check the HTTP Referer header on all requests
  * Become IPA 4.11.0
  * Update contributors list
  * Update translations to FreeIPA ipa-4-11 state
  * Covscan issues: deadcode and Use after free
  * Add context manager to ipalib.API
  * Use datetime.timezone.utc instead of newer datetime.UTC alias
  * Workshop: fix broken Sphinx cross-references.

-------------------------------------------------------------------
Thu Aug 10 16:11:17 UTC 2023 - malcolmlewis@opensuse.org

- Update to version 4.10.2+git33.ff6cfcac:
  * ipatests: remove fixture call and wait to get things settle.
  * ipatests: update expected webui msg for admin deletion.
  * ipa-kdb: fix error handling of is_master_host().
  * Prevent the admin user from being deleted.
  * idp: when adding an IdP allow to override IdP options.
  * Fix memory leak in the OTP last token plugin.
  * ipatests: update expected cksum for epn.conf.
  * component: mail_from_realname config setting added to IPA-EPN.
  * selinux: Update SELinux policy.
  * xmlrpc tests: add a test for user plugin with non-existing idp.

-------------------------------------------------------------------
Sun Feb 05 11:06:14 UTC 2023 - ecsos@opensuse.org

- Update to version 4.10.1+git69.d24b6998:
  * tests: add wrapper around ACME RSNv3 test
  * ipatests: fix (prci_checker) duplicated check & error return code
  * automember-rebuild: add a notice about high CPU usage
  * doc: add the --run command for manual job execution
  * ipa-acme-manage: add certificate/request pruning management
  * tests: Configure DNSResolver as platform agnostic resolver
  * tests: Add new ipa-ca error messages to IPADNSSystemRecordsCheck
  * tests: Add ipa_ca_name checking to DNS system records
  * spec: Drop no longer used build dependency on paste
  * ipatests: healthcheck: Handle missing fips-mode-setup
  * doc: Design for certificate pruning
  * trust-add: handle missing msSFU30MaxGidNumber
  * Spec file: use %autosetup instead of %setup
  * Spec file: unify with RHEL9 spec
  * API doc: validate generated reference
  * ipa tests: Add LANG before kinit command to fix issue with locale settings
  * Installer: create RID base before domain object
  * Tests: force key type in ACME tests
  * server install: remove error log about missing bkup file
  * ipatests: mark test_smb as xfail
  * pylint: Replace deprecated cgi module
  * pylint: Fix useless-object-inheritance
  * pylint: Fix unhashable-member
  * pylint: Fix unnecessary-lambda-assignment
  * pylint: Fix modified-iterating-list
  * pylint: Fix used-before-assignment
  * pylint: Replace deprecated pipes
  * pylint: Fix cyclic-import
  * pylint: Replace deprecated extension-pkg-whitelist
  * pylint: More allowed C extensions
  * pylint: Lint in single process mode
  * pylint: disable deprecated-module message
  * pylint: fix comparison-of-constants
  * pylint: disable comparison-of-constants
  * pylint: fix consider-iterating-dictionary
  * pylint: globally disable useless-object-inheritance
  * pylint: disable unhashable-member
  * pylint: disable invalid-sequence-index
  * pylint: fix deprecated-class SafeConfigParser
  * pylint: fix duplicate-value
  * pylint: fix implicit-str-concat
  * pylint: disable missing-timeout message
  * pylint: globally disable unnecessary-lambda-assignment message
  * pylint: disable unnecessary-dunder-call message
  * pylint: disable using-constant-test
  * pylint: remove arguments-renamed warnings
  * pylint: disable modified-iterating-list
  * pylint: replace deprecated distutils module
  * pylint: disable used-before-assignment
  * pylint: disable redefined-slots-in-subclass
  * pylint: remove useless suppression
  * pylint: remove unneeded disable=unused-private-member
  * azure tests: move to fedora 37
  * ipatests: update the xfail annotation for test_number_of_zones
  * Spec file: bump krb5_kdb_version on rawhide
  * FIPS setup: fix typo filtering camellia encryption
  * cert utilities: MAC verification is incompatible with FIPS mode
  * ipatests: update the fake fips mode expected message
  * Fixes: ipa-otpd@.service: deprecated syslog setting
  * ipatests: xfail on all fedora for test_ipa_login_with_sso_user
  * Spec file: ipa-client depends on krb5-pkinit-openssl
  * API doc: add basic user management guide
  * ipa-certupdate: Update client certs before KDC/HTTPd restart
  * webui tests: fix assertion in test_subid.py
  * PRCI: update memory reqs for each topology
  * updates: fix memberManager ACI to allow managers from a specified group
  * API reference: update dnszone_add generated doc
  * API reference: update vault doc
  * Back to git snapshots
  * Become IPA 4.10.1
  * Update translations to FreeIPA ipa-4-10 state
  * Generate CNAMEs for TXT+URI location krb records
  * ipatests: update vagrant boxes
  * ipatests: remove xfail for tests using sssctl domain-status
  * spec file: bump sssd version
  * Vault: fix interoperability issues with older RHEL systems
  * ipatests: re-enable dnssec tests
  * Spec file: bump bind version on f37+
  * doc: Design for HSM support
  * Support tokens and optional password files when opening an NSS db
  * docs: add security section to idp
  * Add basic API usage guide
  * doc: generate API Reference
  * Pass the curl write callback by name instead of address
  * Add PKINIT support to ipa-client-install
  * webui: Add name to 'Certificates' table
  * ipatests: Test newly added certificate lable
  * webui: Add label name to 'Certificates' section
  * ipa-kdb: for delegation check, use different error codes before and after krb5 1.20
  * ipatests: Add test for grace login limit
  * ipatests: test for root using admin password in webUI
  * Explicitly use legacy ID generators by default
  * ipatests: xfail test_ipa_login_with_sso_user
  * ipa-kdb: fix comment to make sure we talk about krb5 1.20 or later
  * ipa-kdb: fix PAC requester check
  * ipa-kdb: handle empty S4U proxy in allowed_to_delegate
  * ipa-kdb: handle cross-realm TGT entries when generating PAC
  * ipa-kdb: add krb5 1.20 support
  * ipa-kdb: refactor MS-PAC processing to prepare for krb5 1.20
  * Spec file: bump the selinux-policy version
  * ipatests: add keycloak user login to ipa test
  * webui tests: fix test_subid suite
  * ipatests : Test query to AD specific attributes is successful.
  * Exclude installed policy module file from RPM verification
  * With the commit #99a74d7, 389-ds changed the message returned in ipa-healthcheck.
  * fix: Handle /proc/1/sched missing error
  * ipaclient: do not set TLS CA options in ldap.conf anymore
  * ipa-kdb: do not fail if certmap rule cannot be added
  * ipapython: Support openldap 2.6
  * extdom: avoid sss_nss_getorigby*() calls when get*_r_wrapper() returns object from a wrong domain (performance optimization)
  * extdom: make sure result doesn't miss domain part
  * extdom: internal functions should be static
  * ipatests: mark xfail tests using dnssec
  * ipatests: mark xfail tests using sssctl domain-status
  * Tests: test on f37 and f36
  * Remove empty translation for 'si' which breaks linter
  * Translated using Weblate (Korean)
  * Translated using Weblate (Korean)
  * Translated using Weblate (Korean)
  * Added translation using Weblate (Korean)
  * Translated using Weblate (Georgian)
  * Translated using Weblate (Georgian)
  * Translated using Weblate (Georgian)
  * Translated using Weblate (Finnish)
  * Translated using Weblate (Ukrainian)
  * Update translation files
  * Added translation using Weblate (Georgian)
  * Translated using Weblate (Finnish)
  * Translated using Weblate (Ukrainian)
  * Update translation files
  * Translated using Weblate (Finnish)
  * Translated using Weblate (Finnish)
  * Translated using Weblate (Finnish)
  * Translated using Weblate (Polish)
  * Translated using Weblate (Finnish)
  * Translated using Weblate (Finnish)
  * Translated using Weblate (Indonesian)
  * Translated using Weblate (Finnish)
  * Translated using Weblate (Ukrainian)
  * Update translation files
  * Translated using Weblate (Finnish)
  * Translated using Weblate (Finnish)
  * Translated using Weblate (Finnish)
  * Translated using Weblate (Finnish)
  * Translated using Weblate (Polish)
  * Translated using Weblate (Finnish)
  * Translated using Weblate (Finnish)
  * Translated using Weblate (Finnish)
  * Translated using Weblate (Finnish)
  * Translated using Weblate (Ukrainian)
  * Translated using Weblate (Ukrainian)
  * Translated using Weblate (Ukrainian)
  * Update translation files
  * Translated using Weblate (Finnish)
  * Update translation files
  * ipa man page: format the EXAMPLES section
  * Update API and VERSION
  * webui: Set 'SOA serial' field as read-only
  * ipatest: Remove warning message for 'idnssoaserial'
  * Set 'idnssoaserial' to deprecated
  * Move client certificate request after krb5.conf is created
  * ipatests: add negative test for otptoken-sync
  * ipa otptoken-sync: return error when sync fails
  * Defer creating the final krb5.conf on clients
  * ipatests: add prci definitions for test_sso jobs
  * ipatests: add Keycloak Bridge test
  * webui: Show 'Sudo order' column
  * ipa-cacert-manage prune: remove all expired certs
  * Fix upper bound of password policy grace limit
  * x509: Replace removed register_interface with subclassing
  * Set pkeys in test_selinuxusermap.py::test_misc::delete_record
  * fix canonicalization issue in Web UI
  * Fix ipa-ccache-sweeper activation timer and clean up service file
  * ipa-otpd: initialize local pointers and handle gcc 10
  * Remove pki_restart_configured_instance
  * ipatests: Rename create_quarkus to create_keycloak
  * Set default on group pwpolicy with no grace limit in upgrade
  * Set default gracelimit on group password policies to -1
  * doc: Update LDAP grace period design with default values
  * gitignore: add install/oddjob/org.freeipa.server.config-enable-sid
  * ipatests: Fix expected object classes
  * DNSResolver: Fix use of nameservers with ports
  * upgrades: Don't restart the CA on ACME and profile schema change
  * check_repl_update: in progress is a boolean
  * Additional tests for RSN v3
  * webui: Allow grace login limit
  * ipatests: ipa-client-install --subid adds entry in nsswitch.conf
  * azure tests: disable TestInstallDNSSECFirst
  * ipatest: fix prci checker target masked return code & add pylint
  * ipatests: WebUI: do not allow subid range deletion
  * Disabling gracelimit does not prevent LDAP binds
  * ipatests: healthcheck: test if system is FIPS enabled
  * ap: Constrain supported docutils
  * ap: Rearrange overloaded jobs
  * ap: Disable azure's security daemon
  * ap: Raise dbus timeout
  * Warn for permissions with read/write/search/compare and no attrs
  * ipatests: Checker script for prci definitions
  * Nightly tests: fix template for nightly_ipa-4-10_latest.yaml
  * webui: Do not allow empty pagination size
  * Only calculate LDAP password grace when the password is expired
  * Added a check while removing 'cert_dir'. The teardown method is called even if all the tests are skipped since the required PKI version is not present. The teardown is trying to remove a non-existent directory.
  * install: suggest --skip-mem-check when mem check fails
  * man: add --skip-mem-check to man pages
  * ipatests: add nightly definitions for ipa-4-10 branch
  * Back to git snapshots

-------------------------------------------------------------------
Sun Feb 05 11:05:21 UTC 2023 - ecsos@opensuse.org

- Update to version 4.10.0+git0.082ec006:
  * Become IPA 4.10.0
  * Update FreeIPA translations to FreeIPA master state
  * Fix test_secure_ajp_connector.py failing with Python 3.6.8
  * Add missing parameter to Suse modify_nsswitch_pam_stack
  * ipatests: Fix install_master for test_idp.py
  * ipaplatform/debian: Drop the path for ldap.so
  * ipaplatform/debian: Use multiarch path for libsofthsm2.so
  * ipatests: Healthcheck use subject base from IPA not REALM
  * Add end to end integration tests for external IdP
  * ipatests: update prci definitions for test_idp.py

-------------------------------------------------------------------
Sun Feb 05 10:28:15 UTC 2023 - ecsos@opensuse.org

- Update to version 4.9.11+git26.398e0918:
  * ipatests: fix (prci_checker) duplicated check & error return code
  * automember-rebuild: add a notice about high CPU usage
  * With the commit #99a74d7, 389-ds changed the message returned in ipa-healthcheck.
  * tests: Configure DNSResolver as platform agnostic resolver
  * tests: Add new ipa-ca error messages to IPADNSSystemRecordsCheck
  * tests: Add ipa_ca_name checking to DNS system records
  * spec: Drop no longer used build dependency on paste
  * ipatests: healthcheck: Handle missing fips-mode-setup
  * trust-add: handle missing msSFU30MaxGidNumber
  * API doc: validate generated reference

-------------------------------------------------------------------
Fri Jun 24 00:13:51 UTC 2022 - Matthew Davis <opensuse@virtual.drop.net>

- Update to version 4.9.10+git12:
  * Removed local patch for missing parameter in module.
  * Resolved rpmlint issue missing systemd scripts
  * Resolved rpmlint issues of config files outside of /etc or /var
  * Resolved rpmlint issue of missing rcipa-epd symlink
  * Resovled rpmlint issue of too many duplicate files
  * Resolved rpmlint issue of none standard group apache
  * Added rpmlintrc to resolve remaining rpmlint issues.
  * Updated Groups: in subpackages to be more accurate.
  * Enforce setting reported version number based on GIT tag

-------------------------------------------------------------------
Thu Jun 16 03:36:32 UTC 2022 - opensuse@virtual.drop.net

- Update to version 4.9.10+git1.3e90842b3:
  * Back to git snapshots
  * Become IPA 4.9.10
  * Update list of contributors
  * Update translations to FreeIPA ipa-4-9 state
  * Create missing SSSD_PUBCONF_KRB5_INCLUDE_D_DIR
  * ipatests: xfail for test_ipahealthcheck_hidden_replica to respect pki version
  * Suse compatibility fix
  * idviews: use cached ipaOriginalUid value when resolving ID override anchor
  * Add switch for LDAP cache debug output
  * Remove extraneous AJP secret from server.xml on upgrades

-------------------------------------------------------------------
Tue Sep 21 15:03:06 UTC 2021 - david.mulder@suse.com

- krb5-client_paths.patch: Fix krb5-client paths in Tumbleweed and
  Leap > 15.4.
- Add client dependencies krb5-client and python3-augeas.

-------------------------------------------------------------------
Mon Sep 20 21:30:09 UTC 2021 - david.mulder@suse.com

- Update to version 4.9.7+git28.865886401:
  * ipatests: Test that a user can be issued multiple certificates
  * Don't store entries with a usercertificate in the LDAP cache
  * ipatests: Log debug messages for locator plugin
  * krb5: Pin kpasswd server to a primary one
  * azure: Ignore tar errors
  * ipatests: fix expected msg in tasks.run_ssh_cmd
  * docs: Make use of `text` highlighting
  * ipatests: fix logic waiting for repl in TestIPACommand
  * migrate-ds: workaround to detect compat tree
  * ipatests: rpcclient now uses --use-kerberos=desired

-------------------------------------------------------------------
Wed Feb  7 15:38:41 UTC 2018 - mrueckert@suse.de

- Require sssd-ad for sssd_pac
- split out freeipa-client-common

-------------------------------------------------------------------
Tue Feb  6 16:36:01 UTC 2018 - mrueckert@suse.de

- BR all the python libraries that we require in the client package
- switch most BR to pkgconfig() flavor

-------------------------------------------------------------------
Tue Feb  6 12:26:04 UTC 2018 - mrueckert@suse.de

- switch to service

-------------------------------------------------------------------
Thu Feb  1 19:42:27 UTC 2018 - mrueckert@suse.de

- use python3

-------------------------------------------------------------------
Thu Feb  1 18:11:55 UTC 2018 - mrueckert@suse.de

- add requires to the package and split out the client and common
  package

-------------------------------------------------------------------
Thu Feb  1 18:11:48 UTC 2018 - mrueckert@suse.de

- switch to patch for adding suse support

-------------------------------------------------------------------
Thu Feb  1 14:05:46 UTC 2018 - mrueckert@suse.de

- client support seems to work

-------------------------------------------------------------------
Fri Mar 24 12:21:49 UTC 2017 - mrueckert@suse.de

- initial package

Places

File freeipa.changes of Package freeipa

Places