-
Tue Feb 16 2016 EL Errata <el-errata_ww@oracle.com> - 4.2.0-15.0.1.6
- Drop redhat-access-plugin-ipa requires for OL7
Blank out header-logo.png product-name.png
Replace login-screen-logo.png [20362818]
-
Tue Feb 02 2016 Jan Cholasta <jcholast@redhat.com> - 4.2.0-15.6
- Resolves: #1298103 ipa-server-upgrade fails if certmonger is not running
- always start certmonger during IPA server configuration upgrade
-
Wed Jan 27 2016 Jan Cholasta <jcholast@redhat.com> - 4.2.0-15.5
- Resolves: #1298097 IPA server upgrade fails from RHEL 7.0 to RHEL 7.2 using
"yum update ipa* sssd"
- Set minimal required version for openssl
-
Tue Jan 12 2016 Jan Cholasta <jcholast@redhat.com> - 4.2.0-15.4
- Resolves: #1298097 IPA server upgrade fails from RHEL 7.0 to RHEL 7.2 using
"yum update ipa* sssd"
- Set minimal required version for openssl
- Resolves: #1298098 ipa-nis-manage does not update ldap with all NIS maps
- Upgrade: Fix upgrade of NIS Server configuration
- Resolves: #1298099 umask setting causes named-pkcs11 issue with directory
permissions on /var/lib/ipa/dnssec
- DNS: fix file permissions
- Explicitly call chmod on newly created directories
- Fix: replace mkdir with chmod
- Resolves: #1298100 Broken 7.2.0 to 7.2.z upgrade - flawed version comparison
- Fix version comparison
- use FFI call to rpmvercmp function for version comparison
- Resolves: #1298101 Sysrestore did not restore state if a key is specified in
mixed case
- Allow to used mixed case for sysrestore
- Resolves: #1298102 DNSSEC key purging is not handled properly
- DNSSEC: Improve error reporting from ipa-ods-exporter
- DNSSEC: Make sure that current state in OpenDNSSEC matches key state in
LDAP
- DNSSEC: Make sure that current key state in LDAP matches key state in BIND
- DNSSEC: remove obsolete TODO note
- DNSSEC: add debug mode to ldapkeydb.py
- DNSSEC: logging improvements in ipa-ods-exporter
- DNSSEC: remove keys purged by OpenDNSSEC from master HSM from LDAP
- DNSSEC: ipa-dnskeysyncd: Skip zones with old DNSSEC metadata in LDAP
- DNSSEC: ipa-ods-exporter: add ldap-cleanup command
- DNSSEC: ipa-dnskeysyncd: call ods-signer ldap-cleanup on zone removal
- DNSSEC: Log debug messages at log level DEBUG
- Resolves: #1298103 ipa-server-upgrade fails if certmonger is not running
- prevent crash of CA-less server upgrade due to absent certmonger
- Resolves: #1298104 The ipa -e skip_version_check=1 still issues
incompatibility error when called against RHEL 6 server
- ipalib: assume version 2.0 when skip_version_check is enabled
-
Wed Nov 25 2015 Jan Cholasta <jcholast@redhat.com> - 4.2.0-15.3
- Resolves: #1284052 IPA DNS Zone/DNS Forward Zone details missing after
upgrade from RHEL 7.0 to RHEL 7.2
- Fix upgrade of forwardzones when zone is in realmdomains
-
Tue Nov 24 2015 Jan Cholasta <jcholast@redhat.com> - 4.2.0-15.2
- Resolves: #1283890 installer options are not validated at the beginning of
installation
- Fix incorrectly rebased patch 0144
- Resolves: #1284803 Default CA ACL rule is not created during
ipa-replica-install
- disconnect ldap2 backend after adding default CA ACL profiles
- do not disconnect when using existing connection to check default CA ACLs
-
Tue Nov 24 2015 Jan Cholasta <jcholast@redhat.com> - 4.2.0-15.1
- Resolves: #1283882 IPA certificate auto renewal fail with "Invalid
Credential"
- cert renewal: make renewal of ipaCert atomic
- Resolves: #1283883 ipa upgrade causes vault internal error
- install: export KRA agent PEM file in ipa-kra-install
- Resolves: #1283884 ipa-kra-install: fails to apply updates
- suppress errors arising from adding existing LDAP entries during KRA
install
- Resolves: #1283890 installer options are not validated at the beginning of
installation
- install: fix command line option validation
- Resolves: #1283915 Caching of ipaconfig does not work in framework
- fix caching in get_ipa_config
- Resolves: #1284025 sshd_config change on ipa-client-install can prevent sshd
from starting up
- client install: do not corrupt OpenSSH config with Match sections
- Resolves: #1284052 IPA DNS Zone/DNS Forward Zone details missing after
upgrade from RHEL 7.0 to RHEL 7.2
- upgrade: fix migration of old dns forward zones
- Resolves: #1284803 Default CA ACL rule is not created during
ipa-replica-install
- TLS and Dogtag HTTPS request logging improvements
- Avoid race condition caused by profile delete and recreate
- Do not erroneously reinit NSS in Dogtag interface
- Add profiles and default CA ACL on migration
- Resolves: #1284811 ipa-cacert-manage renew fails on nonexistent ldap
connection
- ipa-cacert-renew: Fix connection to ldap.
- Resolves: #1284813 ipa-otptoken-import fails on nonexistent ldap connection
- ipa-otptoken-import: Fix connection to ldap.
-
Tue Oct 13 2015 Jan Cholasta <jcholast@redhat.com> - 4.2.0-15
- Resolves: #1252556 Missing CLI param and ACL for vault service operations
- vault: fix private service vault creation
-
Mon Oct 12 2015 Jan Cholasta <jcholast@redhat.com> - 4.2.0-14
- Resolves: #1262996 ipa vault internal error on replica without KRA
- upgrade: make sure ldap2 is connected in export_kra_agent_pem
- Resolves: #1270608 IPA upgrade fails for server with CA cert signed by
external CA
- schema: do not derive ipaVaultPublicKey from ipaPublicKey
-
Thu Oct 08 2015 Jan Cholasta <jcholast@redhat.com> - 4.2.0-13
- Resolves: #1217009 OTP sync in UI does not work for TOTP tokens
- Fix an integer underflow bug in libotp
- Resolves: #1262996 ipa vault internal error on replica without KRA
- install: always export KRA agent PEM file
- vault: select a server with KRA for vault operations
- Resolves: #1269777 IPA restore overwrites /etc/passwd and /etc/group files
- do not overwrite files with local users/groups when restoring authconfig
- Renamed patch 1011 to 0138, as it was merged upstream