[ol7_latest_archive] ipa-server-4.4.0-14.0.1.el7_3.6.x86_64

Name:	ipa-server
Version:	4.4.0
Release:	14.0.1.el7_3.6
Architecture:	x86_64
Group:	System Environment/Base
Size:	1019072
License:	GPLv3+
RPM:	ipa-server-4.4.0-14.0.1.el7_3.6.x86_64.rpm
Source RPM:	ipa-4.4.0-14.0.1.el7_3.6.src.rpm
Build Date:	Thu Mar 02 2017
Build Host:	x86-ol7-builder-01.us.oracle.com
Vendor:	Oracle America
URL:	http://www.freeipa.org/
Summary:	The IPA authentication server
Description:	IPA is an integrated solution to provide centrally managed Identity (users, hosts, services), Authentication (SSO, 2FA), and Authorization (host access control, SELinux user roles, services). The solution provides features for further integration with Linux based clients (SUDO, automount) and integration with Active Directory based infrastructures (Trusts). If you are installing an IPA server, you need to install this package.

Changelog (Show File list) (Show related packages)

Thu Mar 02 2017 Kevin Lyons <kevin.x.lyons@oracle.com> - 4.4.0-14.0.1.el7_3.6

- Blank out header-logo.png product-name.png
  Replace login-screen-logo.png [20362818]

Tue Jan 31 2017 Jan Cholasta <jcholast@redhat.com> - 4.4.0-14.6

- Resolves: #1416488 replication race condition prevents IPA to install
  - wait_for_entry: use only DN as parameter
  - Wait until HTTPS principal entry is replicated to replica
  - Use proper logging for error messages

Tue Jan 31 2017 Jan Cholasta <jcholast@redhat.com> - 4.4.0-14.5

- Resolves: #1410760 ipa-ca-install fails on replica when IPA Master is
  installed without CA
  - Set up DS TLS on replica in CA-less topology
- Resolves: #1413137 CVE-2017-2590 ipa: Insufficient permission check for
  ca-del, ca-disable and ca-enable commands
  - ca: correctly authorise ca-del, ca-enable and ca-disable
- Resolves: #1416481 IPA replica install fails with dirsrv errors.
  - Do not configure PKI ajp redirection to use "::1"

Fri Dec 16 2016 Jan Cholasta <jcholast@redhat.com> - 4.4.0-14.4

- Resolves: #1370493 CVE-2016-7030 ipa: DoS attack against kerberized services
  by abusing password policy
  - ipa-kdb: search for password policies globally
- Renamed patches 1011 and 1012 to 0151 and 0150, as they were merged upstream

Tue Dec 13 2016 Jan Cholasta <jcholast@redhat.com> - 4.4.0-14.3

- Resolves: #1404338 Check IdM Topology for broken record caused by replication
  conflict before upgrading it
  - Check for conflict entries before raising domain level

Tue Dec 13 2016 Jan Cholasta <jcholast@redhat.com> - 4.4.0-14.2

- Resolves: #1401953 ipa-ca-install on promoted replica hangs on creating a
  temporary CA admin
  - replication: ensure bind DN group check interval is set on replica config
  - add missing attribute to ipaca replica during CA topology update
- Resolves: #1404169 IPA upgrade of replica without DNS fails during restart of
  named-pkcs11
  - bindinstance: use data in named.conf to determine configuration status
- Resolves: #1404171 Creation of replica for disconnected environment is
  failing with CA issuance errors; Need good steps.
  - gracefully handle setting replica bind dn group on old masters

Mon Dec 12 2016 Jan Cholasta <jcholast@redhat.com> - 4.4.0-14.1

- Resolves: #1370493 CVE-2016-7030 ipa: DoS attack against kerberized services
  by abusing password policy
  - password policy: Add explicit default password policy for hosts and
    services
- Resolves: #1395311 CVE-2016-9575 ipa: Insufficient permission check in
  certprofile-mod
  - certprofile-mod: correctly authorise config update

Tue Nov 01 2016 Jan Cholasta <jcholast@redhat.com> - 4.4.0-14

- Resolves: #1378353 Replica install fails with old IPA master sometimes during
  replication process
  - spec file: bump minimal required version of 389-ds-base
- Resolves: #1387779 Make httpd publish CA certificate on Domain Level 1
  - Fix missing file that fails DL1 replica installation
- Resolves: #1387782 WebUI: Services are not displayed correctly after upgrade
  - WebUI: services without canonical name are shown correctly
- Resolves: #1389709 Traceback seen in error_log when trustdomain-del is run
  - trustdomain-del: fix the way how subdomain is searched

Mon Oct 31 2016 Jan Cholasta <jcholast@redhat.com> - 4.4.0-13

- Resolves: #1318616 CA fails to start after doing ipa-ca-install --external-ca
  - Keep NSS trust flags of existing certificates
- Resolves: #1360813 ipa-server-certinstall does not update all certificate
  stores and doesn't set proper trust permissions
  - Add cert checks in ipa-server-certinstall
- Resolves: #1371479 cert-find --all does not show information about revocation
  - cert: add revocation reason back to cert-find output
- Resolves: #1375133 WinSync users who have First.Last casing creates users who
  can have their password set
  - ipa passwd: use correct normalizer for user principals
- Resolves: #1377858 Users with 2FA tokens are not able to login to IPA servers
  - Properly handle LDAP socket closures in ipa-otpd
- Resolves: #1387779 Make httpd publish CA certificate on Domain Level 1
  - Make httpd publish its CA certificate on DL1

Fri Sep 16 2016 Petr Vobornik <pvoborni@redhat.com> - 4.4.0-12

- Resolves: #1373910 IPA server upgrade fails with DNS timed out errors.
- Resolves: #1375269 ipa trust-fetch-domains throws internal error