-
Tue Dec 08 2015 EL Errata <el-errata_ww@oracle.com> - 4.2.0-15.0.1.3
- Drop redhat-access-plugin-ipa requires for OL7
Blank out header-logo.png product-name.png
Replace login-screen-logo.png [20362818]
-
Wed Nov 25 2015 Jan Cholasta <jcholast@redhat.com> - 4.2.0-15.3
- Resolves: #1284052 IPA DNS Zone/DNS Forward Zone details missing after
upgrade from RHEL 7.0 to RHEL 7.2
- Fix upgrade of forwardzones when zone is in realmdomains
-
Tue Nov 24 2015 Jan Cholasta <jcholast@redhat.com> - 4.2.0-15.2
- Resolves: #1283890 installer options are not validated at the beginning of
installation
- Fix incorrectly rebased patch 0144
- Resolves: #1284803 Default CA ACL rule is not created during
ipa-replica-install
- disconnect ldap2 backend after adding default CA ACL profiles
- do not disconnect when using existing connection to check default CA ACLs
-
Tue Nov 24 2015 Jan Cholasta <jcholast@redhat.com> - 4.2.0-15.1
- Resolves: #1283882 IPA certificate auto renewal fail with "Invalid
Credential"
- cert renewal: make renewal of ipaCert atomic
- Resolves: #1283883 ipa upgrade causes vault internal error
- install: export KRA agent PEM file in ipa-kra-install
- Resolves: #1283884 ipa-kra-install: fails to apply updates
- suppress errors arising from adding existing LDAP entries during KRA
install
- Resolves: #1283890 installer options are not validated at the beginning of
installation
- install: fix command line option validation
- Resolves: #1283915 Caching of ipaconfig does not work in framework
- fix caching in get_ipa_config
- Resolves: #1284025 sshd_config change on ipa-client-install can prevent sshd
from starting up
- client install: do not corrupt OpenSSH config with Match sections
- Resolves: #1284052 IPA DNS Zone/DNS Forward Zone details missing after
upgrade from RHEL 7.0 to RHEL 7.2
- upgrade: fix migration of old dns forward zones
- Resolves: #1284803 Default CA ACL rule is not created during
ipa-replica-install
- TLS and Dogtag HTTPS request logging improvements
- Avoid race condition caused by profile delete and recreate
- Do not erroneously reinit NSS in Dogtag interface
- Add profiles and default CA ACL on migration
- Resolves: #1284811 ipa-cacert-manage renew fails on nonexistent ldap
connection
- ipa-cacert-renew: Fix connection to ldap.
- Resolves: #1284813 ipa-otptoken-import fails on nonexistent ldap connection
- ipa-otptoken-import: Fix connection to ldap.
-
Tue Oct 13 2015 Jan Cholasta <jcholast@redhat.com> - 4.2.0-15
- Resolves: #1252556 Missing CLI param and ACL for vault service operations
- vault: fix private service vault creation
-
Mon Oct 12 2015 Jan Cholasta <jcholast@redhat.com> - 4.2.0-14
- Resolves: #1262996 ipa vault internal error on replica without KRA
- upgrade: make sure ldap2 is connected in export_kra_agent_pem
- Resolves: #1270608 IPA upgrade fails for server with CA cert signed by
external CA
- schema: do not derive ipaVaultPublicKey from ipaPublicKey
-
Thu Oct 08 2015 Jan Cholasta <jcholast@redhat.com> - 4.2.0-13
- Resolves: #1217009 OTP sync in UI does not work for TOTP tokens
- Fix an integer underflow bug in libotp
- Resolves: #1262996 ipa vault internal error on replica without KRA
- install: always export KRA agent PEM file
- vault: select a server with KRA for vault operations
- Resolves: #1269777 IPA restore overwrites /etc/passwd and /etc/group files
- do not overwrite files with local users/groups when restoring authconfig
- Renamed patch 1011 to 0138, as it was merged upstream
-
Wed Sep 23 2015 Jan Cholasta <jcholast@redhat.com> - 4.2.0-12
- Resolves: #1204205 [RFE] ID Views: Automated migration tool from Winsync to
Trusts
- winsync-migrate: Convert entity names to posix friendly strings
- winsync-migrate: Properly handle collisions in the names of external groups
- Resolves: #1261074 Adjust Firefox configuration to new extension signing
policy
- webui: use manual Firefox configuration for Firefox >= 40
- Resolves: #1263337 IPA Restore failed with installed KRA
- ipa-backup: Add mechanism to store empty directory structure
- Resolves: #1264793 CVE-2015-5284 ipa: ipa-kra-install includes certificate
and private key in world readable file [rhel-7.2]
- install: fix KRA agent PEM file permissions
- Resolves: #1265086 Mark IdM API Browser as experimental
- WebUI: add API browser is experimental warning
- Resolves: #1265277 Fix kdcproxy user creation
- install: create kdcproxy user during server install
- platform: add option to create home directory when adding user
- install: fix kdcproxy user home directory
- Resolves: #1265559 GSS failure after ipa-restore
- destroy httpd ccache after stopping the service
-
Thu Sep 17 2015 Jan Cholasta <jcholast@redhat.com> - 4.2.0-11
- Resolves: #1258965 ipa vault: set owner of vault container
- baseldap: make subtree deletion optional in LDAPDelete
- vault: add vault container commands
- vault: set owner to current user on container creation
- vault: update access control
- vault: add permissions and administrator privilege
- install: support KRA update
- Resolves: #1261586 ipa config-mod addattr fails for ipauserobjectclasses
- config: allow user/host attributes with tagging options
- Resolves: #1262315 Unable to establish winsync replication
- winsync: Add inetUser objectclass to the passsync sysaccount
-
Wed Sep 16 2015 Jan Cholasta <jcholast@redhat.com> - 4.2.0-10
- Resolves: #1260663 crash of ipa-dnskeysync-replica component during
ipa-restore
- IPA Restore: allows to specify files that should be removed
- Resolves: #1261806 Installing ipa-server package breaks httpd
- Handle timeout error in ipa-httpd-kdcproxy
- Resolves: #1262322 Failed to backup CS.cfg message in upgrade.
- Server Upgrade: backup CS.cfg when dogtag is turned off