[ol7_latest_archive] ipa-server-common-4.4.0-14.0.1.el7_3.4.noarch

Name:	ipa-server-common
Version:	4.4.0
Release:	14.0.1.el7_3.4
Architecture:	noarch
Group:	System Environment/Base
Size:	2108788
License:	GPLv3+
RPM:	ipa-server-common-4.4.0-14.0.1.el7_3.4.noarch.rpm
Source RPM:	ipa-4.4.0-14.0.1.el7_3.4.src.rpm
Build Date:	Tue Jan 17 2017
Build Host:	x86-ol7-builder-02.us.oracle.com
Vendor:	Oracle America
URL:	http://www.freeipa.org/
Summary:	Common files used by IPA server
Description:	IPA is an integrated solution to provide centrally managed Identity (users, hosts, services), Authentication (SSO, 2FA), and Authorization (host access control, SELinux user roles, services). The solution provides features for further integration with Linux based clients (SUDO, automount) and integration with Active Directory based infrastructures (Trusts). If you are installing an IPA server, you need to install this package.

Changelog (Show File list) (Show related packages)

Tue Jan 17 2017 Kevin Lyons <kevin.x.lyons@oracle.com> - 4.4.0-14.0.1.el7_3.4

- Blank out header-logo.png product-name.png
  Replace login-screen-logo.png [20362818]

Fri Dec 16 2016 Jan Cholasta <jcholast@redhat.com> - 4.4.0-14.4

- Resolves: #1370493 CVE-2016-7030 ipa: DoS attack against kerberized services
  by abusing password policy
  - ipa-kdb: search for password policies globally
- Renamed patches 1011 and 1012 to 0151 and 0150, as they were merged upstream

Tue Dec 13 2016 Jan Cholasta <jcholast@redhat.com> - 4.4.0-14.3

- Resolves: #1404338 Check IdM Topology for broken record caused by replication
  conflict before upgrading it
  - Check for conflict entries before raising domain level

Tue Dec 13 2016 Jan Cholasta <jcholast@redhat.com> - 4.4.0-14.2

- Resolves: #1401953 ipa-ca-install on promoted replica hangs on creating a
  temporary CA admin
  - replication: ensure bind DN group check interval is set on replica config
  - add missing attribute to ipaca replica during CA topology update
- Resolves: #1404169 IPA upgrade of replica without DNS fails during restart of
  named-pkcs11
  - bindinstance: use data in named.conf to determine configuration status
- Resolves: #1404171 Creation of replica for disconnected environment is
  failing with CA issuance errors; Need good steps.
  - gracefully handle setting replica bind dn group on old masters

Mon Dec 12 2016 Jan Cholasta <jcholast@redhat.com> - 4.4.0-14.1

- Resolves: #1370493 CVE-2016-7030 ipa: DoS attack against kerberized services
  by abusing password policy
  - password policy: Add explicit default password policy for hosts and
    services
- Resolves: #1395311 CVE-2016-9575 ipa: Insufficient permission check in
  certprofile-mod
  - certprofile-mod: correctly authorise config update

Tue Nov 01 2016 Jan Cholasta <jcholast@redhat.com> - 4.4.0-14

- Resolves: #1378353 Replica install fails with old IPA master sometimes during
  replication process
  - spec file: bump minimal required version of 389-ds-base
- Resolves: #1387779 Make httpd publish CA certificate on Domain Level 1
  - Fix missing file that fails DL1 replica installation
- Resolves: #1387782 WebUI: Services are not displayed correctly after upgrade
  - WebUI: services without canonical name are shown correctly
- Resolves: #1389709 Traceback seen in error_log when trustdomain-del is run
  - trustdomain-del: fix the way how subdomain is searched

Mon Oct 31 2016 Jan Cholasta <jcholast@redhat.com> - 4.4.0-13

- Resolves: #1318616 CA fails to start after doing ipa-ca-install --external-ca
  - Keep NSS trust flags of existing certificates
- Resolves: #1360813 ipa-server-certinstall does not update all certificate
  stores and doesn't set proper trust permissions
  - Add cert checks in ipa-server-certinstall
- Resolves: #1371479 cert-find --all does not show information about revocation
  - cert: add revocation reason back to cert-find output
- Resolves: #1375133 WinSync users who have First.Last casing creates users who
  can have their password set
  - ipa passwd: use correct normalizer for user principals
- Resolves: #1377858 Users with 2FA tokens are not able to login to IPA servers
  - Properly handle LDAP socket closures in ipa-otpd
- Resolves: #1387779 Make httpd publish CA certificate on Domain Level 1
  - Make httpd publish its CA certificate on DL1

Fri Sep 16 2016 Petr Vobornik <pvoborni@redhat.com> - 4.4.0-12

- Resolves: #1373910 IPA server upgrade fails with DNS timed out errors.
- Resolves: #1375269 ipa trust-fetch-domains throws internal error

Tue Sep 13 2016 Jan Cholasta <jcholast@redhat.com> - 4.4.0-11

- Resolves: #1373359 ipa-certupdate fails with "CA is not configured"
  - Fix regression introduced in ipa-certupdate

Wed Sep 07 2016 Jan Cholasta <jcholast@redhat.com> - 4.4.0-10

- Resolves: #1355753 adding two way non transitive(external) trust displays
  internal error on the console
  - Always fetch forest info from root DCs when establishing two-way trust
  - factor out `populate_remote_domain` method into module-level function
  - Always fetch forest info from root DCs when establishing one-way trust
- Resolves: #1356101 Lightweight sub-CA certs are not tracked by certmonger
  after `ipa-replica-install`
  - Track lightweight CAs on replica installation
- Resolves: #1357488 ipa command stuck forever on higher versioned client with
  lower versioned server
  - compat: Save server's API version in for pre-schema servers
  - compat: Fix ping command call
  - schema cache: Store and check info for pre-schema servers
- Resolves: #1363905 man page for ipa-replica-manage has a typo in -c flag
  - Fix man page ipa-replica-manage: remove duplicate -c option
    from --no-lookup
- Resolves: #1367865 webui: cert_revoke should use --cacn to set correct CA
  when revoking certificate
  - cert: include CA name in cert command output
  - WebUI add support for sub-CAs while revoking certificates
- Resolves: #1368424 Unable to view certificates issued by Sub CA in Web UI
  - Add support for additional options taken from table facet
  - WebUI: Fix showing certificates issued by sub-CA
- Resolves: #1368557 dnsrecord-add does not prompt for missing record parts
  internactively
  - dns: normalize record type read interactively in dnsrecord_add
  - dns: prompt for missing record parts in CLI
  - dns: fix crash in interactive mode against old servers
- Resolves: #1370519 Certificate revocation in service-del and host-del isn't
  aware of Sub CAs
  - cert: fix cert-find --certificate when the cert is not in LDAP
  - Make host/service cert revocation aware of lightweight CAs
- Resolves: #1371901 Use OAEP padding with custodia
  - Use RSA-OAEP instead of RSA PKCS#1 v1.5
- Resolves: #1371915 When establishing external two-way trust, forest root
  Administrator account is used to fetch domain info
  - do not use trusted forest name to construct domain admin principal
- Resolves: #1372597 Incorrect CA ACL evaluation of SAN DNS names in
  certificate request
  - Fix CA ACL Check on SubjectAltNames
- Resolves: #1373272 CLI always sends default command version
  - cli: use full name when executing a command
- Resolves: #1373359 ipa-certupdate fails with "CA is not configured"
  - Fix ipa-certupdate for CA-less installation
- Resolves: #1373540 client-install with IPv6 address fails on link-local
  address (always)
  - Fix parse errors with link-local addresses