|
|
 |
|
|
Changelog for ipa-server-4.2.0-15.0.1.el7.centos.19.x86_64.rpm :
Thu Sep 1 14:00:00 2016 CentOS Sources - 4.2.0-15.el7.centos.19
- Roll in CentOS Branding
Mon Aug 22 14:00:00 2016 Jan Cholasta - 4.2.0-15.19
- Resolves: #1351593 CVE-2016-5404 ipa: Insufficient privileges check in
certificate revocation
- cert-revoke: fix permission check bypass (CVE-2016-5404)
Mon Jun 27 14:00:00 2016 Jan Cholasta - 4.2.0-15.18
- Resolves: #1350305 Multiple clients cannot join domain simultaneously:
/var/run/httpd/ipa/clientcaches race condition?
- mod_auth_gssapi: enable unique credential caches names
- Related: #1347175 Multiple clients cannot join domain simultaneously:
/var/run/httpd/ipa/clientcaches race condition?
Tue May 24 14:00:00 2016 Jan Cholasta - 4.2.0-15.17
- Resolves: #1339304 CA installed on replica is always marked as renewal master
- replica install: do not set CA renewal master flag
Fri May 20 14:00:00 2016 Jan Cholasta - 4.2.0-15.16
- Resolves: #1337820 URI details missing and OCSP-URI details are incorrectly
displayed when certificate generated using IPA on RHEL 7.2up2.
- Prevent replica install from overwriting cert profiles
- Detect and repair incorrect caIPAserviceCert config
Mon Apr 18 14:00:00 2016 Jan Cholasta - 4.2.0-15.15
- Related: #1327197 Crash during IPA upgrade due to slapd
- spec file: update minimum required version of slapi-nis
Wed Apr 6 14:00:00 2016 Alexander Bokovoy - 4.2.0-15.14
- Rebuild against newer Samba version
- Related: #1322690
Tue Apr 5 14:00:00 2016 Jan Cholasta - 4.2.0-15.13
- Resolves: #1324060 Installers fail when there are multiple versions of the
same certificate
- certdb: never use the -r option of certutil
Thu Mar 17 13:00:00 2016 Jan Cholasta - 4.2.0-15.12
- Resolves: #1309382 issues with migration from RHEL 6 self-signed to RHEL 7 CA
IPA setup
- replica install: improvements in the handling of CA-related IPA config
entries
Thu Mar 17 13:00:00 2016 Jan Cholasta - 4.2.0-15.11
- Resolves: #1311470 ipa trust-add succeded but after that ipa trust-find
returns \"0 trusts matched\"
- Fix broken trust warnings
Wed Mar 2 13:00:00 2016 Jan Cholasta - 4.2.0-15.10
- Resolves: #1311470 ipa trust-add succeded but after that ipa trust-find
returns \"0 trusts matched\"
- Insure the admin_conn is disconnected on stop
- Fix connections to DS during installation
- Renamed patch 1011 to 0196, as it was merged upstream
Wed Feb 24 13:00:00 2016 Jan Cholasta - 4.2.0-15.9
- Resolves: #1311468 shared certificateProfiles container is missing on a
freshly installed RHEL7.2 system
- upgrade: unconditional import of certificate profiles into LDAP
- Resolves: #1311470 ipa trust-add succeded but after that ipa trust-find
returns \"0 trusts matched\"
- upgrade: fix config of sidgen and extdom plugins
- trusts: use ipaNTTrustPartner attribute to detect trust entries
- Warn user if trust is broken
- fix upgrade: wait for proper DS socket after DS restart
- Resolves: #1311502 [RFE] compat tree: show AD members of IPA groups
- slapi-nis: update configuration to allow external members of IPA groups
Tue Feb 23 13:00:00 2016 Jan Cholasta - 4.2.0-15.8
- Resolves: #1303052 install fails when locale is \"fr_FR.UTF-8\"
- Do not decode HTTP reason phrase from Dogtag
- Resolves: #1303059 --setup-dns and other options is forgotten for using an
external PKI
- installer: Propagate option values from components instead of copying them.
- installer: Fix logic of reading option values from cache.
- Resolves: #1309362 User should be notified for wrong password in password
reset page
- Fixed login error message box in LoginScreen page
- Resolves: #1309382 issues with migration from RHEL 6 self-signed to RHEL 7 CA
IPA setup
- ipa-ca-install: print more specific errors when CA is already installed
- cert renewal: import all external CA certs on IPA CA cert renewal
- CA install: explicitly set dogtag_version to 10
- fix standalone installation of externally signed CA on IPA master
- replica install: validate DS and HTTP server certificates
Mon Feb 8 13:00:00 2016 Jan Cholasta - 4.2.0-15.7
- Resolves: #1304333 In IPA-AD trust environment some secondary IPA based Posix
groups are missing
- ipa-kdb: map_groups() consider all results
Tue Feb 2 13:00:00 2016 Jan Cholasta - 4.2.0-15.6
- Resolves: #1298103 ipa-server-upgrade fails if certmonger is not running
- always start certmonger during IPA server configuration upgrade
Wed Jan 27 13:00:00 2016 Jan Cholasta - 4.2.0-15.5
- Resolves: #1298097 IPA server upgrade fails from RHEL 7.0 to RHEL 7.2 using
\"yum update ipa
* sssd\"
- Set minimal required version for openssl
Tue Jan 12 13:00:00 2016 Jan Cholasta - 4.2.0-15.4
- Resolves: #1298097 IPA server upgrade fails from RHEL 7.0 to RHEL 7.2 using
\"yum update ipa
* sssd\"
- Set minimal required version for openssl
- Resolves: #1298098 ipa-nis-manage does not update ldap with all NIS maps
- Upgrade: Fix upgrade of NIS Server configuration
- Resolves: #1298099 umask setting causes named-pkcs11 issue with directory
permissions on /var/lib/ipa/dnssec
- DNS: fix file permissions
- Explicitly call chmod on newly created directories
- Fix: replace mkdir with chmod
- Resolves: #1298100 Broken 7.2.0 to 7.2.z upgrade - flawed version comparison
- Fix version comparison
- use FFI call to rpmvercmp function for version comparison
- Resolves: #1298101 Sysrestore did not restore state if a key is specified in
mixed case
- Allow to used mixed case for sysrestore
- Resolves: #1298102 DNSSEC key purging is not handled properly
- DNSSEC: Improve error reporting from ipa-ods-exporter
- DNSSEC: Make sure that current state in OpenDNSSEC matches key state in
LDAP
- DNSSEC: Make sure that current key state in LDAP matches key state in BIND
- DNSSEC: remove obsolete TODO note
- DNSSEC: add debug mode to ldapkeydb.py
- DNSSEC: logging improvements in ipa-ods-exporter
- DNSSEC: remove keys purged by OpenDNSSEC from master HSM from LDAP
- DNSSEC: ipa-dnskeysyncd: Skip zones with old DNSSEC metadata in LDAP
- DNSSEC: ipa-ods-exporter: add ldap-cleanup command
- DNSSEC: ipa-dnskeysyncd: call ods-signer ldap-cleanup on zone removal
- DNSSEC: Log debug messages at log level DEBUG
- Resolves: #1298103 ipa-server-upgrade fails if certmonger is not running
- prevent crash of CA-less server upgrade due to absent certmonger
- Resolves: #1298104 The ipa -e skip_version_check=1 still issues
incompatibility error when called against RHEL 6 server
- ipalib: assume version 2.0 when skip_version_check is enabled
Wed Nov 25 13:00:00 2015 Jan Cholasta - 4.2.0-15.3
- Resolves: #1284052 IPA DNS Zone/DNS Forward Zone details missing after
upgrade from RHEL 7.0 to RHEL 7.2
- Fix upgrade of forwardzones when zone is in realmdomains
Tue Nov 24 13:00:00 2015 Jan Cholasta - 4.2.0-15.2
- Resolves: #1283890 installer options are not validated at the beginning of
installation
- Fix incorrectly rebased patch 0144
- Resolves: #1284803 Default CA ACL rule is not created during
ipa-replica-install
- disconnect ldap2 backend after adding default CA ACL profiles
- do not disconnect when using existing connection to check default CA ACLs
Tue Nov 24 13:00:00 2015 Jan Cholasta - 4.2.0-15.1
- Resolves: #1283882 IPA certificate auto renewal fail with \"Invalid
Credential\"
- cert renewal: make renewal of ipaCert atomic
- Resolves: #1283883 ipa upgrade causes vault internal error
- install: export KRA agent PEM file in ipa-kra-install
- Resolves: #1283884 ipa-kra-install: fails to apply updates
- suppress errors arising from adding existing LDAP entries during KRA
install
- Resolves: #1283890 installer options are not validated at the beginning of
installation
- install: fix command line option validation
- Resolves: #1283915 Caching of ipaconfig does not work in framework
- fix caching in get_ipa_config
- Resolves: #1284025 sshd_config change on ipa-client-install can prevent sshd
from starting up
- client install: do not corrupt OpenSSH config with Match sections
- Resolves: #1284052 IPA DNS Zone/DNS Forward Zone details missing after
upgrade from RHEL 7.0 to RHEL 7.2
- upgrade: fix migration of old dns forward zones
- Resolves: #1284803 Default CA ACL rule is not created during
ipa-replica-install
- TLS and Dogtag HTTPS request logging improvements
- Avoid race condition caused by profile delete and recreate
- Do not erroneously reinit NSS in Dogtag interface
- Add profiles and default CA ACL on migration
- Resolves: #1284811 ipa-cacert-manage renew fails on nonexistent ldap
connection
- ipa-cacert-renew: Fix connection to ldap.
- Resolves: #1284813 ipa-otptoken-import fails on nonexistent ldap connection
- ipa-otptoken-import: Fix connection to ldap.
Tue Oct 13 14:00:00 2015 Jan Cholasta - 4.2.0-15
- Resolves: #1252556 Missing CLI param and ACL for vault service operations
- vault: fix private service vault creation
Mon Oct 12 14:00:00 2015 Jan Cholasta - 4.2.0-14
- Resolves: #1262996 ipa vault internal error on replica without KRA
- upgrade: make sure ldap2 is connected in export_kra_agent_pem
- Resolves: #1270608 IPA upgrade fails for server with CA cert signed by
external CA
- schema: do not derive ipaVaultPublicKey from ipaPublicKey
Thu Oct 8 14:00:00 2015 Jan Cholasta - 4.2.0-13
- Resolves: #1217009 OTP sync in UI does not work for TOTP tokens
- Fix an integer underflow bug in libotp
- Resolves: #1262996 ipa vault internal error on replica without KRA
- install: always export KRA agent PEM file
- vault: select a server with KRA for vault operations
- Resolves: #1269777 IPA restore overwrites /etc/passwd and /etc/group files
- do not overwrite files with local users/groups when restoring authconfig
- Renamed patch 1011 to 0138, as it was merged upstream
Wed Sep 23 14:00:00 2015 Jan Cholasta - 4.2.0-12
- Resolves: #1204205 [RFE] ID Views: Automated migration tool from Winsync to
Trusts
- winsync-migrate: Convert entity names to posix friendly strings
- winsync-migrate: Properly handle collisions in the names of external groups
- Resolves: #1261074 Adjust Firefox configuration to new extension signing
policy
- webui: use manual Firefox configuration for Firefox >= 40
- Resolves: #1263337 IPA Restore failed with installed KRA
- ipa-backup: Add mechanism to store empty directory structure
- Resolves: #1264793 CVE-2015-5284 ipa: ipa-kra-install includes certificate
and private key in world readable file [rhel-7.2]
- install: fix KRA agent PEM file permissions
- Resolves: #1265086 Mark IdM API Browser as experimental
- WebUI: add API browser is experimental warning
- Resolves: #1265277 Fix kdcproxy user creation
- install: create kdcproxy user during server install
- platform: add option to create home directory when adding user
- install: fix kdcproxy user home directory
- Resolves: #1265559 GSS failure after ipa-restore
- destroy httpd ccache after stopping the service
Thu Sep 17 14:00:00 2015 Jan Cholasta - 4.2.0-11
- Resolves: #1258965 ipa vault: set owner of vault container
- baseldap: make subtree deletion optional in LDAPDelete
- vault: add vault container commands
- vault: set owner to current user on container creation
- vault: update access control
- vault: add permissions and administrator privilege
- install: support KRA update
- Resolves: #1261586 ipa config-mod addattr fails for ipauserobjectclasses
- config: allow user/host attributes with tagging options
- Resolves: #1262315 Unable to establish winsync replication
- winsync: Add inetUser objectclass to the passsync sysaccount
Wed Sep 16 14:00:00 2015 Jan Cholasta - 4.2.0-10
- Resolves: #1260663 crash of ipa-dnskeysync-replica component during
ipa-restore
- IPA Restore: allows to specify files that should be removed
- Resolves: #1261806 Installing ipa-server package breaks httpd
- Handle timeout error in ipa-httpd-kdcproxy
- Resolves: #1262322 Failed to backup CS.cfg message in upgrade.
- Server Upgrade: backup CS.cfg when dogtag is turned off
Wed Sep 9 14:00:00 2015 Jan Cholasta - 4.2.0-9
- Resolves: #1257074 The KRA agent cert is stored in a PEM file that is not
tracked
- cert renewal: Include KRA users in Dogtag LDAP update
- cert renewal: Automatically update KRA agent PEM file
- Resolves: #1257163 renaming certificatte profile with --rename option leads
to integrity issues
- certprofile: remove \'rename\' option
- Resolves: #1257968 kinit stop working after ipa-restore
- Backup: back up the hosts file
- Resolves: #1258926 Remove \'DNSSEC is experimental\' warnings
- DNSSEC: remove \"DNSSEC is experimental\" warnings
- Resolves: #1258929 Uninstallation of IPA leaves extra entry in /etc/hosts
- Installer: do not modify /etc/hosts before user agreement
- Resolves: #1258944 DNSSEC daemons may deadlock when processing more than 1
zone
- DNSSEC: backup and restore opendnssec zone list file
- DNSSEC: remove ccache and keytab of ipa-ods-exporter
- DNSSEC: prevent ipa-ods-exporter from looping after service auto-restart
- DNSSEC: Fix deadlock in ipa-ods-exporter <-> ods-enforcerd interaction
- DNSSEC: Fix HSM synchronization in ipa-dnskeysyncd when running on DNSSEC
key master
- DNSSEC: Fix key metadata export
- DNSSEC: Wrap master key using RSA OAEP instead of old PKCS v1.5.
- Resolves: #1258964 revert to use ldapi to add kra agent in KRA install
- Using LDAPI to setup CA and KRA agents.
- Resolves: #1259848 server closes connection and refuses commands after
deleting user that is still logged in
- ldap: Make ldap2 connection management thread-safe again
- Resolves: #1259996 AttributeError: \'NameSpace\' object has no attribute
\'ra_certprofile\' while ipa-ca-install
- load RA backend plugins during standalone CA install on CA-less IPA master
Wed Aug 26 14:00:00 2015 Jan Cholasta - 4.2.0-8
- Resolves: #1254689 Storing big file as a secret in vault raises traceback
- vault: Limit size of data stored in vault
- Resolves: #1255880 ipactl status should distinguish between different
pki-tomcat services
- ipactl: Do not start/stop/restart single service multiple times
Wed Aug 26 14:00:00 2015 Jan Cholasta - 4.2.0-7
- Resolves: #1256840 [webui] majority of required fields is no longer marked as
required
- fix missing information in object metadata
- Resolves: #1256842 [webui] no option to choose trust type when creating a
trust
- webui: add option to establish bidirectional trust
- Resolves: #1256853 Clear text passwords in KRA install log
- Removed clear text passwords from KRA install log.
- Resolves: #1257072 The \"Standard Vault\" MUST not be the default and must be
discouraged
- vault: change default vault type to symmetric
- Resolves: #1257163 renaming certificatte profile with --rename option leads
to integrity issues
- certprofile: prevent rename (modrdn)
Wed Aug 26 14:00:00 2015 Jan Cholasta - 4.2.0-6
- Resolves: #1249226 IPA dnssec-validation not working for AD dnsforwardzone
- DNSSEC: fix forward zone forwarders checks
- Resolves: #1250190 idrange is not added for sub domain
- trusts: format Kerberos principal properly when fetching trust topology
- Resolves: #1252334 User life cycle: missing ability to provision a stage user
from a preserved user
- Add user-stage command
- Resolves: #1252863 After applying RHBA-2015-1554 errata, IPA service fails to
start.
- spec file: Add Requires(post) on selinux-policy
- Resolves: #1254304 Changing vault encryption attributes
- Change internal rsa_(public|private)_key variable names
- Added support for changing vault encryption.
- Resolves: #1256715 Executing user-del --preserve twice removes the user
pernamently
- improve the usability of `ipa user-del --preserve` command
Wed Aug 19 14:00:00 2015 Jan Cholasta - 4.2.0-5
- Resolves: #1199530 [RFE] Provide user lifecycle managment capabilities
- user-undel: Fix error messages.
- Resolves: #1200694 [RFE] Support for multiple cert profiles
- Prohibit deletion of predefined profiles
- Resolves: #1232819 testing ipa-restore on fresh system install fails
- Backup/resore authentication control configuration
- Resolves: #1243331 pkispawn fails when migrating to 4.2 server from 3.0
server
- Require Dogtag PKI >= 10.2.6
- Resolves: #1245225 Asymmetric vault drops traceback when the key is not
proper
- Asymmetric vault: validate public key in client
- Resolves: #1248399 Missing DNSSEC related files in backup
- fix typo in BasePathNamespace member pointing to ods exporter config
- ipa-backup: archive DNSSEC zone file and kasp.db
- Resolves: #1248405 PassSync should be disabled after ipa-winsync-migrate is
finished
- winsync-migrate: Add warning about passsync
- winsync-migrate: Expand the man page
- Resolves: #1248524 User can\'t find any hosts using \"ipa host-find $HOSTNAME\"
- adjust search so that it works for non-admin users
- Resolves: #1250093 ipa certprofile-import accepts invalid config
- Require Dogtag PKI >= 10.2.6
- Resolves: #1250107 IPA framework should not allow modifying trust on AD trust
agents
- trusts: Detect missing Samba instance
- Resolves: #1250111 User lifecycle - preserved users can be assigned
membership
- ULC: Prevent preserved users from being assigned membership
- Resolves: #1250145 Add permission for user to bypass caacl enforcement
- Add permission for bypassing CA ACL enforcement
- Resolves: #1250190 idrange is not added for sub domain
- idranges: raise an error when local IPA ID range is being modified
- trusts: harden trust-fetch-domains oddjobd-based script
- Resolves: #1250928 Man page for ipa-server-install is out of sync
- install: Fix server and replica install options
- Resolves: #1251225 IPA default CAACL does not allow cert-request for services
after upgrade
- Fix default CA ACL added during upgrade
- Resolves: #1251561 ipa vault-add Unknown option: ipavaultpublickey
- validate mutually exclusive options in vault-add
- Resolves: #1251579 ipa vault-add --user should set container owner equal to
user on first run
- Fixed vault container ownership.
- Resolves: #1252517 cert-request rejects request with correct
krb5PrincipalName SAN
- Fix KRB5PrincipalName / UPN SAN comparison
- Resolves: #1252555 ipa vault-find doesn\'t work for services
- vault: Add container information to vault command results
- Add flag to list all service and user vaults
- Resolves: #1252556 Missing CLI param and ACL for vault service operations
- Added CLI param and ACL for vault service operations.
- Resolves: #1252557 certprofile: improve profile format documentation
- certprofile-import: improve profile format documentation
- certprofile: add profile format explanation
- Resolves: #1253443 ipa vault-add creates vault with invalid type
- vault: validate vault type
- Resolves: #1253480 ipa vault-add-owner does not fail when adding an existing
owner
- baseldap: Allow overriding member param label in LDAPModMember
- vault: Fix param labels in output of vault owner commands
- Resolves: #1253511 ipa vault-find does not use criteria
- vault: Fix vault-find with criteria
- Resolves: #1254038 ipa-replica-install pk12util error returns exit status 10
- install: Fix replica install with custom certificates
- Resolves: #1254262 ipa-dnskeysync-replica crash cannot contact kdc
- improve the handling of krb5-related errors in dnssec daemons
- Resolves: #1254412 when dirsrv is off ,upgrade from 7.1 to 7.2 fails with
starting CA and named-pkcs11.service
- Server Upgrade: Start DS before CA is started.
- Resolves: #1254637 Add ACI and permission for managing user userCertificate
attribute
- add permission: System: Manage User Certificates
- Resolves: #1254641 Remove CSR allowed-extensions restriction
- cert-request: remove allowed extensions check
- Resolves: #1254693 vault --service does not normalize service principal
- vault: normalize service principal in service vault operations
- Resolves: #1254785 ipa-client-install does not properly handle dual stacked
hosts
- client: Add support for multiple IP addresses during installation.
- Add dependency to SSSD 1.13.1
- client: Add description of --ip-address and --all-ip-addresses to man page
Tue Aug 11 14:00:00 2015 Jan Cholasta - 4.2.0-4
- Resolves: #1072383 [RFE] Provide ability to map CAC identity certificates to
users in IdM
- store certificates issued for user entries as
- user-show: add --out option to save certificates to file
- Resolves: #1145748 [RFE] IPA running with One Way Trust
- Fix upgrade of sidgen and extdom plugins
- Resolves: #1195339 ipa-client-install changes the label on various files
which causes SELinux denials
- Use \'mv -Z\' in specfile to restore SELinux context
- Resolves: #1198796 Text in UI should describe differing LDAP vs Krb behavior
for combinations of \"User authentication types\"
- webui: add LDAP vs Kerberos behavior description to user auth
- Resolves: #1199530 [RFE] Provide user lifecycle managment capabilities
- ULC: Fix stageused-add --from-delete command
- Resolves: #1200694 [RFE] Support for multiple cert profiles
- certprofile-import: do not require profileId in profile data
- Give more info on virtual command access denial
- Allow SAN extension for cert-request self-service
- Add profile for DNP3 / IEC 62351-8 certificates
- Work around python-nss bug on unrecognised OIDs
- Resolves: #1204501 [RFE] Add Password Vault (KRA) functionality
- Validate vault\'s file parameters
- Fixed missing KRA agent cert on replica.
- Resolves: #1225866 display browser config options that apply to the browser.
- webui: add Kerberos configuration instructions for Chrome
- Remove ico files from Makefile
- Resolves: #1246342 Unapply idview raises internal error
- idviews: Check for the Default Trust View only if applying the view
- Resolves: #1248102 [webui] regression - incorrect/no failed auth messages
- webui: fix regressions failed auth messages
- Resolves: #1248396 Internal error in DomainValidator.__search_in_dc
- dcerpc: Fix UnboundLocalError for ccache_name
- Resolves: #1249455 ipa trust-add failed CIFS server configuration does not
allow access to \\\\pipe\\lsarpc
- Fix selector of protocol for LSA RPC binding string
- dcerpc: Simplify generation of LSA-RPC binding strings
- Resolves: #1250192 Error in ipa trust-fecth-domains
- Fix incorrect type comparison in trust-fetch-domains
- Resolves: #1251553 Winsync setup fails with unexpected error
- replication: Fix incorrect exception invocation
- Resolves: #1251854 ipa aci plugin is not parsing aci\'s correctly.
- ACI plugin: correctly parse bind rules enclosed in
- Resolves: #1252414 Trust agent install does not detect available replicas to
add to master
- adtrust-install: Correctly determine 4.2 FreeIPA servers
Fri Jul 24 14:00:00 2015 Jan Cholasta - 4.2.0-3
- Resolves: #1170770 [AD TRUST]IPA should detect inconsistent realm domains
that conflicts with AD DC
- trusts: Check for AD root domain among our trusted domains
- Resolves: #1195339 ipa-client-install changes the label on various files
which causes SELinux denials
- sysrestore: copy files instead of moving them to avoind SELinux issues
- Resolves: #1196656 [ipa-client][rhel71] enable debugging for spawned
commands / ntpd -qgc $tmpfile hangs
- enable debugging of ntpd during client installation
- Resolves: #1205264 Migration UI Does Not Work When Anonymous Bind is Disabled
- migration: Use api.env variables.
- Resolves: #1212719 abort-clean-ruv subcommand should allow
replica-certifyall: no
- Allow value \'no\' for replica-certify-all attr in abort-clean-ruv subcommand
- Resolves: #1216935 ipa trust-add shows ipa: ERROR: an internal error has
occurred
- dcerpc: Expand explanation for WERR_ACCESS_DENIED
- dcerpc: Fix UnboundLocalError for ccache_name
- Resolves: #1222778 idoverride group-del can delete user and user-del can
delete group
- dcerpc: Add get_trusted_domain_object_type method
- idviews: Restrict anchor to name and name to anchor conversions
- idviews: Enforce objectclass check in idoverride
*-del
- Resolves: #1234919 Be able to request certificates without certmonger service
running
- cermonger: Use private unix socket when DBus SystemBus is not available.
- ipa-client-install: Do not (re)start certmonger and DBus daemons.
- Resolves: #1240939 Please add dependency on bind-pkcs11
- Create server-dns sub-package.
- ipaplatform: Add constants submodule
- DNS: check if DNS package is installed
- Resolves: #1242914 Bump minimal selinux-policy and add booleans to allow
calling out oddjobd-activated services
- selinux: enable httpd_run_ipa to allow communicating with oddjobd services
- Resolves: #1243261 non-admin users cannot search hbac rules
- fix hbac rule search for non-admin users
- fix selinuxusermap search for non-admin users
- Resolves: #1243652 Client has missing dependency on memcache
- do not import memcache on client
- Resolves: #1243835 [webui] user change password dialog does not work
- webui: fix user reset password dialog
- Resolves: #1244802 spec: selinux denial during kdcproxy user creation
- Fix selinux denial during kdcproxy user creation
- Resolves: #1246132 trust-fetch-domains: Do not chown keytab to the sssd user
- oddjob: avoid chown keytab to sssd if sssd user does not exist
- Resolves: #1246136 Adding a privilege to a permission avoids validation
- Validate adding privilege to a permission
- Resolves: #1246141 DNS Administrators cannot search in zones
- DNS: Consolidate DNS RR types in API and schema
- Resolves: #1246143 User plugin - user-find doesn\'t work properly with manager
option
- fix broken search for users by their manager
Wed Jul 15 14:00:00 2015 Jan Cholasta - 4.2.0-2
- Resolves: #1131907 [ipa-client-install] cannot write certificate file
\'/etc/ipa/ca.crt.new\': must be string or buffer, not None
- Resolves: #1195775 unsaved changes dialog internally inconsistent
- Resolves: #1199530 [RFE] Provide user lifecycle managment capabilities
- Stageusedr-activate: show username instead of DN
- Resolves: #1200694 [RFE] Support for multiple cert profiles
- Prevent to rename certprofile profile id
- Resolves: #1222047 IPA to AD Trust: IPA ERROR 4016: Remote Retrieve Error
- Resolves: #1224769 copy-schema-to-ca.py does not overwrites schema files
- copy-schema-to-ca: allow to overwrite schema files
- Resolves: #1241941 kdc component installation of IPA failed
- spec file: Update minimum required version of krb5
- Resolves: #1242036 Replica install fails to update DNS records
- Fix DNS records installation for replicas
- Resolves: #1242884 Upgrade to 4.2.0 fails when enabling kdc proxy
- Start dirsrv for kdcproxy upgrade
Thu Jul 9 14:00:00 2015 Jan Cholasta - 4.2.0-1
- Resolves: #846033 [RFE] Documentation for JSONRPC IPA API
- Resolves: #989091 Ability to manage IdM/IPA directly from a standard LDAP
client
- Resolves: #1072383 [RFE] Provide ability to map CAC identity certificates to
users in IdM
- Resolves: #1115294 [RFE] Add support for DNSSEC
- Resolves: #1145748 [RFE] IPA running with One Way Trust
- Resolves: #1199520 [RFE] Introduce single upgrade tool - ipa-server-upgrade
- Resolves: #1199530 [RFE] Provide user lifecycle managment capabilities
- Resolves: #1200694 [RFE] Support for multiple cert profiles
- Resolves: #1200728 [RFE] Replicate PKI Profile information
- Resolves: #1200735 [RFE] Allow issuing certificates for user accounts
- Resolves: #1204054 SSSD database is not cleared between installs and
uninstalls of ipa
- Resolves: #1204205 [RFE] ID Views: Automated migration tool from Winsync to
Trusts
- Resolves: #1204501 [RFE] Add Password Vault (KRA) functionality
- Resolves: #1204504 [RFE] Add access control so hosts can create their own
services
- Resolves: #1206534 [RFE] Offer Kerberos over HTTP (kdcproxy) by default
- Resolves: #1206613 [RFE] Configure IPA to be a trust agent by default
- Resolves: #1209476 package ipa-client does not require package dbus-python
- Resolves: #1211589 [RFE] Add option to skip the verify_client_version
- Resolves: #1211608 [RFE] Generic support for unknown DNS RR types (RFC 3597)
- Resolves: #1215735 ipa-replica-prepare automatically adds a DNS zone
- Resolves: #1217010 OTP Manager field is not exposed in the UI
- Resolves: #1222475 krb5kdc : segfault at 0 ip 00007fa9f64d82bb sp
00007fffd68b2340 error 6 in libc-2.17.so
- Related: #1204809 Rebase ipa to 4.2
- Update to upstream 4.2.0
- Move /etc/ipa/kdcproxy to the server subpackage
Tue Jun 23 14:00:00 2015 Jan Cholasta - 4.2.0-0.2.alpha1
- Resolves: #1228671 pkispawn fails in ipa-ca-install and ipa-kra-install
- Related: #1204809 Rebase ipa to 4.2
- Fix minimum version of slapi-nis
- Require python-sss and python-sss-murmur (provided by sssd-1.13.0)
Mon Jun 22 14:00:00 2015 Jan Cholasta - 4.2.0-0.1.alpha1
- Resolves: #805188 [RFE] \"ipa migrate-ds\" ldapsearches with scope=1
- Resolves: #1019272 With 20000+ users, adding a user to a group intermittently
throws Internal server error
- Resolves: #1035494 Unable to add Kerberos principal via kadmin.local
- Resolves: #1045153 ipa-managed-entries --list -p still requires
DM password
- Resolves: #1125950 ipa-server-install --uinstall doesn\'t remove port 7389
from ldap_port_t
- Resolves: #1132540 [RFE] Expose service delegation rules in UI and CLI
- Resolves: #1145584 ipaserver/install/cainstance.py creates pkiuser not
matching uidgid
- Resolves: #1176036 IDM client registration failure in a high load environment
- Resolves: #1183116 Remove Requires: subscription-manager
- Resolves: #1186054 permission-add does not prompt to enter --right option in
interactive mode
- Resolves: #1187524 Replication agreement with replica not disabled when
ipa-restore done without IPA installed
- Resolves: #1188195 Fax number not displayed for user-show when kinit\'ed as
normal user.
- Resolves: #1189034 \"an internal error has occurred\" during ipa host-del
--updatedns
- Resolves: #1193554 ipa-client-automount: failing with error LDAP server
returned UNWILLING_TO_PERFORM. This likely means that minssf is enabled.
- Resolves: #1193759 IPA extdom plugin fails when encountering large groups
- Resolves: #1194312 [ipa-python] ipalib.errors.LDAPError: failed to decode
certificate: (SEC_ERROR_INVALID_ARGS) security library: invalid arguments.
- Resolves: #1194633 Default trust view can be deleted in lower case
- Resolves: #1196455 ipa-server-install step [8/27]: starting certificate
server instance - confusing CA staus message on TLS error
- Resolves: #1198263 Limit deadlocks between DS plugin DNA and slapi-nis
- Resolves: #1199527 [RFE] Use datepicker component for datetime fields
- Resolves: #1200867 [RFE] Make OTP validation window configurable
- Resolves: #1200883 [RFE] Switch apache to use mod_auth_gssapi
- Resolves: #1202998 CVE-2015-1827 ipa: memory corruption when using
get_user_grouplist() [rhel-7.2]
- Resolves: #1204637 slow group operations
- Resolves: #1204642 migrate-ds: slow add o users to default group
- Resolves: #1208461 IPA CA master server update stuck on checking getStatus
via https
- Resolves: #1211602 Hide ipa-server-install KDC master password option (-P)
- Resolves: #1211708 ipa-client-install gets stuck during NTP sync
- Resolves: #1215197 ipa-client-install ignores --ntp-server option during time
sync
- Resolves: #1215200 ipa-client-install configures IPA server as NTP source
even if IPA server has not ntpd configured
- Resolves: #1217009 OTP sync in UI does not work for TOTP tokens
- Related: #1204809 Rebase ipa to 4.2
- Update to upstream 4.2.0.alpha1
Thu Mar 19 13:00:00 2015 Jan Cholasta - 4.1.0-18.3
- [ipa-python] ipalib.errors.LDAPError: failed to decode certificate:
(SEC_ERROR_INVALID_ARGS) security library: invalid arguments. (#1194312)
Wed Mar 18 13:00:00 2015 Alexander Bokovoy - 4.1.0-18.2
- IPA extdom plugin fails when encountering large groups (#1193759)
- CVE-2015-0283 ipa: slapi-nis: infinite loop in getgrnam_r() and getgrgid_r()
(#1202998)
Thu Mar 5 13:00:00 2015 Jan Cholasta - 4.1.0-18.1
- \"an internal error has occurred\" during ipa host-del --updatedns (#1198431)
- Renamed patch 1013 to 0114, as it was merged upstream
- Fax number not displayed for user-show when kinit\'ed as normal user.
(#1198430)
- Replication agreement with replica not disabled when ipa-restore done without
IPA installed (#1199060)
- Limit deadlocks between DS plugin DNA and slapi-nis (#1199128)
Thu Jan 29 13:00:00 2015 Martin Kosek - 4.1.0-18
- Fix ipa-pwd-extop global configuration caching (#1187342)
- group-detach does not add correct objectclasses (#1187540)
Tue Jan 27 13:00:00 2015 Jan Cholasta - 4.1.0-17
- Wrong directories created on full restore (#1186398)
- ipa-restore crashes if replica is unreachable (#1186396)
- idoverrideuser-add option --sshpubkey does not work (#1185410)
Wed Jan 21 13:00:00 2015 Jan Cholasta - 4.1.0-16
- PassSync does not sync passwords due to missing ACIs (#1181093)
- ipa-replica-manage list does not list synced domain (#1181010)
- Do not assume certmonger is running in httpinstance (#1181767)
- ipa-replica-manage disconnect fails without password (#1183279)
- Put LDIF files to their original location in ipa-restore (#1175277)
- DUA profile not available anonymously (#1184149)
- IPA replica missing data after master upgraded (#1176995)
Wed Jan 14 13:00:00 2015 Jan Cholasta - 4.1.0-15
- Re-add accidentally removed patches for #1170695 and #1164896
Wed Jan 14 13:00:00 2015 Jan Cholasta - 4.1.0-14
- IPA Replicate creation fails with error \"Update failed! Status: [10 Total
update abortedLDAP error: Referral]\" (#1166265)
- running ipa-server-install --setup-dns results in a crash (#1072502)
- DNS zones are not migrated into forward zones if 4.0+ replica is added
(#1175384)
- gid is overridden by uid in default trust view (#1168904)
- When migrating warn user if compat is enabled (#1177133)
- Clean up debug log for trust-add (#1168376)
- No error message thrown on restore(full kind) on replica from full backup
taken on master (#1175287)
- ipa-restore proceed even IPA not configured (#1175326)
- Data replication not working as expected after data restore from full backup
(#1175277)
- IPA externally signed CA cert expiration warning missing from log (#1178128)
- ipa-upgradeconfig fails in CA-less installs (#1181767)
- IPA certs fail to autorenew simultaneouly (#1173207)
- More validation required on ipa-restore\'s options (#1176034)
Wed Dec 17 13:00:00 2014 Jan Cholasta - 4.1.0-13
- Expand the token auth/sync windows (#919228)
- Access is not rejected for disabled domain (#1172598)
- krb5kdc crash in ldap_pvt_search (#1170695)
- RHEL7.1 IPA server httpd avc denials after upgrade (#1164896)
Wed Dec 10 13:00:00 2014 Jan Cholasta - 4.1.0-12
- RHEL7.1 ipa-cacert-manage renewed certificate from MS ADCS not compatible
(#1169591)
- CLI doesn\'t show SSHFP records with SHA256 added via nsupdate (regression)
(#1172578)
Tue Dec 9 13:00:00 2014 Jan Cholasta - 4.1.0-11
- Throw zonemgr error message before installation proceeds (#1163849)
- Winsync: Setup is broken due to incorrect import of certificate (#1169867)
- Enable last token deletion when password auth type is configured (#919228)
- ipa-otp-lasttoken loads all user\'s tokens on every mod/del (#1166641)
- add --hosts and --hostgroup options to allow/retrieve keytab methods
(#1007367)
- Extend host-show to add the view attribute in set of default attributes
(#1168916)
- Prefer TCP connections to UDP in krb5 clients (#919228)
- [WebUI] Not able to unprovisioning service in IPA 4.1 (#1168214)
- webui: increase notification duration (#1171089)
- RHEL7.1 ipa automatic CA cert renewal stuck in submitting state (#1166931)
- RHEL7.1 ipa-cacert-manage cannot change external to self-signed ca cert
(#1170003)
- Improve validation of --instance and --backend options in ipa-restore
(#951581)
- RHEL7.1 ipa replica unable to replicate to rhel6 master (#1167964)
- Disable TLS 1.2 in nss.conf until mod_nss supports it (#1156466)
Wed Nov 26 13:00:00 2014 Jan Cholasta - 4.1.0-10
- Use NSS protocol range API to set available TLS protocols (#1156466)
Tue Nov 25 13:00:00 2014 Jan Cholasta - 4.1.0-9
- schema update on RHEL-6.6 using latest copy-schema-to-ca.py from RHEL-7.1
build fails (#1167196)
- Investigate & fix Coverity defects in IPA DS/KDC plugins (#1160756)
- \"ipa trust-add ... \" cmd says : (Trust status: Established and verified)
while in the logs we see \"WERR_ACCESS_DENIED\" during verification step.
(#1144121)
- POODLE: force using safe ciphers (non-SSLv3) in IPA client and server
(#1156466)
- Add support/hooks for a one-time password system like SecureID in IPA
(#919228)
- Tracebacks with latest build for --zonemgr cli option (#1167270)
- ID Views: Support migration from the sync solution to the trust solution
(#891984)
Mon Nov 24 13:00:00 2014 Jan Cholasta - 4.1.0-8
- Improve otptoken help messages (#919228)
- Ensure users exist when assigning tokens to them (#919228)
- Enable QR code display by default in otptoken-add (#919228)
- Show warning instead of error if CA did not start (#1158410)
- CVE-2014-7850 freeipa: XSS flaw can be used to escalate privileges (#1165774)
- Traceback when adding zone with long name (#1164859)
- Backup & Restore mechanism (#951581)
- ignoring user attributes in migrate-ds does not work if uppercase characters
are returned by ldap (#1159816)
- Allow ipa-getkeytab to optionally fetch existing keys (#1007367)
- Failure when installing on dual stacked system with external ca (#1128380)
- ipa-server should keep backup of CS.cfg (#1059135)
- Tracebacks with latest build for --zonemgr cli option (#1167270)
- webui: use domain name instead of domain SID in idrange adder dialog
(#891984)
- webui: normalize idview tab labels (#891984)
Wed Nov 19 13:00:00 2014 Jan Cholasta - 4.1.0-7
- ipa-csreplica-manage connect fails (#1157735)
- error message which is not understandable when IDNA2003 characters are
present in --zonemgr (#1163849)
- Fix warning message should not contain CLI commands (#1114013)
- Renewing the CA signing certificate does not extend its validity period end
(#1163498)
- RHEL7.1 ipa-server-install --uninstall Could not set SELinux booleans for
httpd (#1159330)
Thu Nov 13 13:00:00 2014 Jan Cholasta - 4.1.0-6
- Fix: DNS installer adds invalid zonemgr email (#1056202)
- ipaplatform: Use the dirsrv service, not target (#951581)
- Fix: DNS policy upgrade raises asertion error (#1161128)
- Fix upgrade referint plugin (#1161128)
- Upgrade: fix trusts objectclass violationi (#1161128)
- group-add doesn\'t accept gid parameter (#1149124)
Tue Nov 11 13:00:00 2014 Jan Cholasta - 4.1.0-5
- Update slapi-nis dependency to pull 0.54-2 (#891984)
- ipa-restore: Don\'t crash if AD trust is not installed (#951581)
- Prohibit setting --rid-base for ranges of ipa-trust-ad-posix type (#1138791)
- Trust setting not restored for CA cert with ipa-restore command (#1159011)
- ipa-server-install fails when restarting named (#1162340)
Thu Nov 6 13:00:00 2014 Jan Cholasta - 4.1.0-4
- Update Requires on pki-ca to 10.1.2-4 (#1129558)
- build: increase java stack size for all arches
- Add ipaSshPubkey and gidNumber to the ACI to read ID user overrides (#891984)
- Fix dns zonemgr validation regression (#1056202)
- Handle profile changes in dogtag-ipa-ca-renew-agent (#886645)
- Do not wait for new CA certificate to appear in LDAP in ipa-certupdate
(#886645)
- Add bind-dyndb-ldap working dir to IPA specfile
- Fail if certmonger can\'t see new CA certificate in LDAP in ipa-cacert-manage
(#886645)
- Investigate & fix Coverity defects in IPA DS/KDC plugins (#1160756)
- Deadlock in schema compat plugin (#1161131)
- ipactl stop should stop dirsrv last (#1161129)
- Upgrade 3.3.5 to 4.1 failed (#1161128)
- CVE-2014-7828 freeipa: password not required when OTP in use (#1160877)
Wed Oct 22 14:00:00 2014 Jan Cholasta - 4.1.0-3
- Do not check if port 8443 is available in step 2 of external CA install
(#1129481)
Wed Oct 22 14:00:00 2014 Jan Cholasta - 4.1.0-2
- Update Requires on selinux-policy to 3.13.1-4
Tue Oct 21 14:00:00 2014 Jan Cholasta - 4.1.0-1
- Update to upstream 4.1.0 (#1109726)
Mon Sep 29 14:00:00 2014 Jan Cholasta - 4.1.0-0.1.alpha1
- Update to upstream 4.1.0 Alpha 1 (#1109726)
Fri Sep 26 14:00:00 2014 Petr Vobornik - 4.0.3-3
- Add redhat-access-plugin-ipa dependency
Thu Sep 25 14:00:00 2014 Jan Cholasta - 4.0.3-2
- Re-enable otptoken_yubikey plugin
Mon Sep 15 14:00:00 2014 Jan Cholasta - 4.0.3-1
- Update to upstream 4.0.3 (#1109726)
Thu Aug 14 14:00:00 2014 Martin Kosek - 3.3.3-29
- Server installation fails using external signed certificates with
\"IndexError: list index out of range\" (#1111320)
- Add rhino to BuildRequires to fix Web UI build error
Tue Apr 1 14:00:00 2014 Martin Kosek - 3.3.3-28
- ipa-client-automount fails with incompatibility error when installed against
older IPA server (#1083108)
Wed Mar 26 13:00:00 2014 Martin Kosek - 3.3.3-27
- Proxy PKI URI /ca/ee/ca/profileSubmit to enable replication with future
PKI versions (#1080865)
Tue Mar 25 13:00:00 2014 Martin Kosek - 3.3.3-26
- When IdM server trusts multiple AD forests, IPA client returns invalid group
membership info (#1079498)
Thu Mar 13 13:00:00 2014 Martin Kosek - 3.3.3-25
- Deletion of active subdomain range should not be allowed (#1075615)
Thu Mar 13 13:00:00 2014 Martin Kosek - 3.3.3-24
- PKI database is ugraded during replica installation (#1075118)
Wed Mar 12 13:00:00 2014 Martin Kosek - 3.3.3-23
- Unable to add trust successfully with --trust-secret (#1075704)
Wed Mar 12 13:00:00 2014 Martin Kosek - 3.3.3-22
- ipa-replica-install never checks for 7389 port (#1075165)
- Non-terminated string may be passed to LDAP search (#1075091)
- ipa-sam may fail to translate group SID into GID (#1073829)
- Excessive LDAP calls by ipa-sam during Samba FS operations (#1075132)
Thu Mar 6 13:00:00 2014 Martin Kosek - 3.3.3-21
- Do not fetch a principal two times, remove potential memory leak (#1070924)
Wed Mar 5 13:00:00 2014 Martin Kosek - 3.3.3-20
- trustdomain-find with pkey-only fails (#1068611)
- Invalid credential cache in trust-add (#1069182)
- ipa-replica-install prints unexpected error (#1069722)
- Too big font in input fields in details facet in Firefox (#1069720)
- trust-add for POSIX AD does not fetch trustdomains (#1070925)
- Misleading trust-add error message in some cases (#1070926)
- Access is not rejected for disabled domain (#1070924)
Wed Feb 26 13:00:00 2014 Martin Kosek - 3.3.3-19
- Remove ipa-backup and ipa-restore functionality from RHEL (#1003933)
Wed Feb 12 13:00:00 2014 Martin Kosek - 3.3.3-18
- Display server name in ipa command\'s verbose mode (#1061703)
- Remove sourcehostcategory from default HBAC rule (#1061187)
- dnszone-add cannot add classless PTR zones (#1058688)
- Move ipa-otpd socket directory to /var/run/krb5kdc (#1063850)
Tue Feb 4 13:00:00 2014 Martin Kosek - 3.3.3-17
- Lockout plugin crashed during ipa-server-install (#912725)
Fri Jan 31 13:00:00 2014 Martin Kosek - 3.3.3-16
- Fallback to global policy in ipa lockout plugin (#912725)
- Migration does not add users to default group (#903232)
Fri Jan 24 13:00:00 2014 Daniel Mach - 3.3.3-15
- Mass rebuild 2014-01-24
Thu Jan 23 13:00:00 2014 Martin Kosek - 3.3.3-14
- Fix NetBIOS name generation in CLDAP plugin (#1030517)
Mon Jan 20 13:00:00 2014 Martin Kosek - 3.3.3-13
- Do not add krbPwdPolicyReference for new accounts, hardcode it (#1045218)
- Increase default timeout for IPA services (#1033273)
- Error while running trustdomain-find (#1054376)
- group-show lists SID instead of name for external groups (#1054391)
- Fix IPA server NetBIOS name in samba configuration (#1030517)
- dnsrecord-mod produces missing API version warning (#1054869)
- Hide trust-resolve command as internal (#1052860)
- Add Trust domain Web UI (#1054870)
- ipasam cannot delete multiple child trusted domains (#1056120)
Wed Jan 15 13:00:00 2014 Martin Kosek - 3.3.3-12
- Missing objectclasses when empty password passed to host-add (#1052979)
- sudoOrder missing in sudoers (#1052983)
- Missing examples in sudorule help (#1049464)
- Client automount does not uninstall when fstore is empty (#910899)
- Error not clear for invalid realm given to trust-fetch-domains (#1052981)
- trust-fetch-domains does not add idrange for subdomains found (#1049926)
- Add option to show if an AD subdomain is enabled/disabled (#1052973)
- ipa-adtrust-install still failed with long NetBIOS names (#1030517)
- Error not clear for invalid relam given to trustdomain-find (#1049455)
- renewed client cert not recognized during IPA CA renewal (#1033273)
Fri Jan 10 13:00:00 2014 Martin Kosek - 3.3.3-11
- hbactest does not work for external users (#848531)
Wed Jan 8 13:00:00 2014 Martin Kosek - 3.3.3-10
- PKI service restart after CA renewal failed (#1040018)
Mon Jan 6 13:00:00 2014 Martin Kosek - 3.3.3-9
- Move ipa-tests package to separate srpm (#1032668)
Fri Jan 3 13:00:00 2014 Martin Kosek - 3.3.3-8
- Fix status trust-add command status message (#910453)
- NetBIOS was not trimmed at 15 characters (#1030517)
- Harden CA subsystem certificate renewal on CA clones (#1040018)
Fri Dec 27 13:00:00 2013 Daniel Mach - 3.3.3-7
- Mass rebuild 2013-12-27
Mon Dec 2 13:00:00 2013 Martin Kosek - 3.3.3-6
- Remove \"Listen 443 http\" hack from deployed nss.conf (#1029046)
- Re-adding existing trust fails (#1033216)
- IPA uninstall exits with a samba error (#1033075)
- Added RELRO hardening on /usr/libexec/ipa-otpd (#1026260)
- Fixed ownership of /usr/share/ipa/ui/js (#1026260)
- ipa-tests: support external names for hosts (#1032668)
- ipa-client-install fail due fail to obtain host TGT (#1029354)
Fri Nov 22 13:00:00 2013 Martin Kosek - 3.3.3-5
- Trust add tries to add same value of --base-id for sub domain,
causing an error (#1033068)
- Improved error reporting for adding trust case (#1029856)
Wed Nov 13 13:00:00 2013 Martin Kosek - 3.3.3-4
- Winsync agreement cannot be created (#1023085)
Wed Nov 6 13:00:00 2013 Martin Kosek - 3.3.3-3
- Installer did not detect different server and IPA domain (#1026845)
- Allow kernel keyring CCACHE when supported (#1026861)
Tue Nov 5 13:00:00 2013 Martin Kosek - 3.3.3-2
- ipa-server-install crashes when AD subpackage is not installed (#1026434)
Fri Nov 1 13:00:00 2013 Martin Kosek - 3.3.3-1
- Update to upstream 3.3.3 (#991064)
Tue Oct 29 13:00:00 2013 Martin Kosek - 3.3.2-5
- Temporarily move ipa-backup and ipa-restore functionality
back to make them available in public Beta (#1003933)
Tue Oct 29 13:00:00 2013 Martin Kosek - 3.3.2-4
- Server install failure during client enrollment shouldn\'t
roll back (#1023086)
- nsds5ReplicaStripAttrs are not set on agreements (#1023085)
- ipa-server conflicts with mod_ssl (#1018172)
Wed Oct 16 14:00:00 2013 Martin Kosek - 3.3.2-3
- Reinstalling ipa server hangs when configuring certificate
server (#1018804)
Fri Oct 11 14:00:00 2013 Martin Kosek - 3.3.2-2
- Deprecate --serial-autoincrement option (#1016645)
- CA installation always failed on replica (#1005446)
- Re-initializing a winsync connection exited with error (#994980)
Fri Oct 4 14:00:00 2013 Martin Kosek - 3.3.2-1
- Update to upstream 3.3.2 (#991064)
- Add delegation info to MS-PAC (#915799)
- Warn about incompatibility with AD when IPA realm and domain
differs (#1009044)
- Allow PKCS#12 files with empty password in install tools (#1002639)
- Privilege \"SELinux User Map Administrators\" did not list
permissions (#997085)
- SSH key upload broken when client joins an older server (#1009024)
Mon Sep 23 14:00:00 2013 Martin Kosek - 3.3.1-5
- Remove dependency on python-paramiko (#1002884)
- Broken redirection when deleting last entry of DNS resource
record (#1006360)
Tue Sep 10 14:00:00 2013 Martin Kosek - 3.3.1-4
- Remove ipa-backup and ipa-restore functionality from RHEL (#1003933)
Mon Sep 9 14:00:00 2013 Martin Kosek - 3.3.1-3
- Replica installation fails for RHEL 6.4 master (#1004680)
- Server uninstallation crashes if DS is not available (#998069)
Thu Sep 5 14:00:00 2013 Martin Kosek - 3.3.1-2
- Unable to remove replica by ipa-replica-manage (#1001662)
- Before uninstalling a server, warn about active replicas (#998069)
Thu Aug 29 14:00:00 2013 Rob Crittenden - 3.3.1-1
- Update to upstream 3.3.1 (#991064)
- Update minimum version of bind-dyndb-ldap to 3.5
Tue Aug 20 14:00:00 2013 Rob Crittenden - 3.3.0-7
- Fix replica installation failing on certificate subject (#983075)
Tue Aug 13 14:00:00 2013 Martin Kosek - 3.3.0-6
- Allow ipa-tests to work with older version (1.7.7) of python-paramiko
Tue Aug 13 14:00:00 2013 Martin Kosek - 3.3.0-5
- Prevent multilib failures in
*.pyo and
*.pyc files
Mon Aug 12 14:00:00 2013 Martin Kosek - 3.3.0-4
- ipa-server-install fails if --subject parameter is other than default
realm (#983075)
- do not allow configuring bind-dyndb-ldap without persistent search (#967876)
Mon Aug 12 14:00:00 2013 Martin Kosek - 3.3.0-3
- diffstat was missing as a build dependency causing multilib problems
Thu Aug 8 14:00:00 2013 Martin Kosek - 3.3.0-2
- Remove ipa-server-selinux obsoletes as upgrades from version prior to
3.3.0 are not allowed
- Wrap server-trust-ad subpackage description better
- Add (noreplace) flag for %{_sysconfdir}/tmpfiles.d/ipa.conf
- Change permissions on default_encoding_utf8.so to fix ipa-python Provides
Thu Aug 8 14:00:00 2013 Martin Kosek - 3.3.0-1
- Update to upstream 3.3.0 (#991064)
Thu Aug 8 14:00:00 2013 Martin Kosek - 3.3.0-0.2.beta2
- Require slapi-nis 0.47.7 delivering a core feature of 3.3.0 release
Wed Aug 7 14:00:00 2013 Martin Kosek - 3.3.0-0.1.beta2
- Update to upstream 3.3.0 Beta 2 (#991064)
Thu Jul 18 14:00:00 2013 Martin Kosek - 3.2.2-1
- Update to upstream 3.2.2
- Drop ipa-server-selinux subpackage
- Drop redundant directory /var/cache/ipa/sessions
- Do not create /var/lib/ipa/pki-ca/publish, retain reference as ghost
- Run ipa-upgradeconfig and server restart in posttrans to avoid inconsistency
issues when there are still old parts of software (like entitlements plugin)
Fri Jun 14 14:00:00 2013 Martin Kosek - 3.2.1-1
- Update to upstream 3.2.1
- Drop dogtag-pki-server-theme requires, it won\'t be build for RHEL-7.0
Tue May 14 14:00:00 2013 Rob Crittenden - 3.2.0-2
- Add OTP patches
- Add patch to set KRB5CCNAME for 389-ds-base
Fri May 10 14:00:00 2013 Rob Crittenden - 3.2.0-1
- Update to upstream 3.2.0 GA
- ipa-client-install fails if /etc/ipa does not exist (#961483)
- Certificate status is not visible in Service and Host page (#956718)
- ipa-client-install removes needed options from ldap.conf (#953991)
- Handle socket.gethostbyaddr() exceptions when verifying hostnames (#953957)
- Add triggerin scriptlet to support OpenSSH 6.2 (#953617)
- Require nss 3.14.3-12.0 to address certutil certificate import
errors (#953485)
- Require pki-ca 10.0.2-3 to pull in fix for sslget and mixed IPv4/6
environments. (#953464)
- ipa-client-install removes \'sss\' from /etc/nsswitch.conf (#953453)
- ipa-server-install --uninstall doesn\'t stop dirsrv instances (#953432)
- Add requires for openldap-2.4.35-4 to pickup fixed SASL_NOCANON behavior for
socket based connections (#960222)
- Require libsss_nss_idmap-python
- Add Conflicts on nss-pam-ldapd < 0.8.4. The mapping from uniqueMember to
member is now done automatically and having it in the config file raises
an error.
- Add backup and restore tools, directory.
- require at least systemd 38 which provides the journal (we no longer
need to require syslog.target)
- Update Requires on policycoreutils to 2.1.14-37
- Update Requires on selinux-policy to 3.12.1-42
- Update Requires on 389-ds-base to 1.3.1.0
- Remove a Requires for java-atk-wrapper
Tue Apr 23 14:00:00 2013 Rob Crittenden - 3.2.0-0.4.beta1
- Remove release from krb5-server in strict sub-package to allow for rebuilds.
Mon Apr 22 14:00:00 2013 Rob Crittenden - 3.2.0-0.3.beta1
- Add a Requires for java-atk-wrapper until we can determine which package
should be pulling it in, dogtag or tomcat.
Tue Apr 16 14:00:00 2013 Rob Crittenden - 3.2.0-0.2.beta1
- Update to upstream 3.2.0 Beta 1
Tue Apr 2 14:00:00 2013 Martin Kosek - 3.2.0-0.1.pre1
- Update to upstream 3.2.0 Prerelease 1
- Use upstream reference spec file as a base for Fedora spec file
Sat Mar 30 13:00:00 2013 Kevin Fenzi 3.1.2-4
- Rebuild for broken deps
- Fix 389-ds-base strict dep to be 1.3.0.5 and krb5-server 1.11.1
Sat Feb 23 13:00:00 2013 Kevin Fenzi - 3.1.2-3
- Rebuild for broken deps in rawhide
- Fix 389-ds-base strict dep to be 1.3.0.3
Wed Feb 13 13:00:00 2013 Fedora Release Engineering - 3.1.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
Wed Jan 23 13:00:00 2013 Rob Crittenden - 3.1.2-1
- Update to upstream 3.1.2
- CVE-2012-4546: Incorrect CRLs publishing
- CVE-2012-5484: MITM Attack during Join process
- CVE-2013-0199: Cross-Realm Trust key leak
- Updated strict dependencies to 389-ds-base = 1.3.0.2 and
pki-ca = 10.0.1
Thu Dec 20 13:00:00 2012 Martin Kosek - 3.1.0-2
- Remove redundat Requires versions that are already in Fedora 17
- Replace python-crypto Requires with m2crypto
- Add missing Requires(post) for client and server-trust-ad subpackages
- Restart httpd service when server-trust-ad subpackage is installed
- Bump selinux-policy Requires to pick up PKI/LDAP port labeling fixes
Mon Dec 10 13:00:00 2012 Rob Crittenden - 3.1.0-1
- Updated to upstream 3.1.0 GA
- Set minimum for sssd to 1.9.2
- Set minimum for pki-ca to 10.0.0-1
- Set minimum for 389-ds-base to 1.3.0
- Set minimum for selinux-policy to 3.11.1-60
- Remove unneeded dogtag package requires
Tue Oct 23 14:00:00 2012 Martin Kosek - 3.0.0-3
- Update Requires on krb5-server to 1.11
Fri Oct 12 14:00:00 2012 Rob Crittenden - 3.0.0-2
- Configure CA replication to use TLS instead of SSL
Fri Oct 12 14:00:00 2012 Rob Crittenden - 3.0.0-1
- Updated to upstream 3.0.0 GA
- Set minimum for samba to 4.0.0-153.
- Make sure server-trust-ad subpackage alternates winbind_krb5_locator.so
plugin to /dev/null since they cannot be used when trusts are configured
- Restrict krb5-server to 1.10.
- Update BR for 389-ds-base to 1.3.0
- Add directory /var/lib/ipa/pki-ca/publish for CRL published by pki-ca
- Add Requires on zip for generating FF browser extension
Fri Oct 5 14:00:00 2012 Rob Crittenden - 3.0.0-0.10
- Updated to upstream 3.0.0 rc 2
- Include new FF configuration extension
- Set minimum Requires of selinux-policy to 3.11.1-33
- Set minimum Requires dogtag to 10.0.0-0.43.b1
- Add new optional strict sub-package to allow users to limit other
package upgrades.
Tue Oct 2 14:00:00 2012 Martin Kosek - 3.0.0-0.9
- Require samba packages instead of obsoleted samba4 packages
Fri Sep 21 14:00:00 2012 Rob Crittenden - 3.0.0-0.8
- Updated to upstream 3.0.0 rc 1
- Update BR for 389-ds-base to 1.2.11.14
- Update BR for krb5 to 1.10
- Update BR for samba4-devel to 4.0.0-139 (rc1)
- Add BR for python-polib
- Update BR and Requires on sssd to 1.9.0
- Update Requires on policycoreutils to 2.1.12-5
- Update Requires on 389-ds-base to 1.2.11.14
- Update Requires on selinux-policy to 3.11.1-21
- Update Requires on dogtag to 10.0.0-0.33.a1
- Update Requires on certmonger to 0.60
- Update Requires on tomcat to 7.0.29
- Update minimum version of bind to 9.9.1-10.P3
- Update minimum version of bind-dyndb-ldap to 1.1.0-0.16.rc1
- Remove Requires on authconfig from python sub-package
Wed Sep 5 14:00:00 2012 Rob Crittenden - 3.0.0-0.7
- Rebuild against samba4 beta8
Fri Aug 31 14:00:00 2012 Rob Crittenden - 3.0.0-0.6
- Rebuild against samba4 beta7
Wed Aug 22 14:00:00 2012 Alexander Bokovoy - 3.0.0-0.5
- Adopt to samba4 beta6 (libsecurity -> libsamba-security)
- Add dependency to samba4-winbind
Fri Aug 17 14:00:00 2012 Rob Crittenden - 3.0.0-0.4
- Updated to upstream 3.0.0 beta 2
Mon Aug 6 14:00:00 2012 Martin Kosek - 3.0.0-0.3
- Updated to current upstream state of 3.0.0 beta 2 development
Mon Jul 23 14:00:00 2012 Alexander Bokovoy - 3.0.0-0.2
- Rebuild against samba4 beta4
Mon Jul 2 14:00:00 2012 Rob Crittenden - 3.0.0-0.1
- Updated to upstream 3.0.0 beta 1
Thu May 3 14:00:00 2012 Rob Crittenden - 2.2.0-1
- Updated to upstream 2.2.0 GA
- Update minimum n-v-r of certmonger to 0.53
- Update minimum n-v-r of slapi-nis to 0.40
- Add Requires in client to oddjob-mkhomedir and python-krbV
- Update minimum selinux-policy to 3.10.0-110
Mon Mar 19 13:00:00 2012 Rob Crittenden - 2.1.90-0.2
- Update to upstream 2.2.0 beta 1 (2.1.90.rc1)
- Set minimum n-v-r for pki-ca and pki-silent to 9.0.18.
- Add Conflicts on mod_ssl
- Update minimum n-v-r of 389-ds-base to 1.2.10.4
- Update minimum n-v-r of sssd to 1.8.0
- Update minimum n-v-r of slapi-nis to 0.38
- Update minimum n-v-r of pki-
* to 9.0.18
- Update conflicts on bind-dyndb-ldap to < 1.1.0-0.9.b1
- Update conflicts on bind to < 9.9.0-1
- Drop requires on krb5-server-ldap
- Add patch to remove escaping arguments to pkisilent
Mon Feb 6 13:00:00 2012 Rob Crittenden - 2.1.90-0.1
- Update to upstream 2.2.0 alpha 1 (2.1.90.pre1)
Wed Feb 1 13:00:00 2012 Alexander Bokovoy - 2.1.4-5
- Force to use 389-ds 1.2.10-0.8.a7 or above
- Improve upgrade script to handle systemd 389-ds change
- Fix freeipa to work with python-ldap 2.4.6
Wed Jan 11 13:00:00 2012 Martin Kosek - 2.1.4-4
- Fix ipa-replica-install crashes
- Fix ipa-server-install and ipa-dns-install logging
- Set minimum version of pki-ca to 9.0.17 to fix sslget problem
caused by FEDORA-2011-17400 update (#771357)
Wed Dec 21 13:00:00 2011 Alexander Bokovoy - 2.1.4-3
- Allow Web-based migration to work with tightened SE Linux policy (#769440)
- Rebuild slapi plugins against re-enterant version of libldap
Sun Dec 11 13:00:00 2011 Alexander Bokovoy - 2.1.4-2
- Allow longer dirsrv startup with systemd:
- IPAdmin class will wait until dirsrv instance is available up to 10 seconds
- Helps with restarts during upgrade for ipa-ldap-updater
- Fix pylint warnings from F16 and Rawhide
Tue Dec 6 13:00:00 2011 Rob Crittenden - 2.1.4-1
- Update to upstream 2.1.4 (CVE-2011-3636)
Mon Dec 5 13:00:00 2011 Rob Crittenden - 2.1.3-8
- Update SELinux policy to allow ipa_kpasswd to connect ldap and
read /dev/urandom. (#759679)
Wed Nov 30 13:00:00 2011 Alexander Bokovoy - 2.1.3-7
- Fix wrong path in packaging freeipa-systemd-upgrade
Wed Nov 30 13:00:00 2011 Alexander Bokovoy - 2.1.3-6
- Introduce upgrade script to recover existing configuration after systemd migration
as user has no means to recover FreeIPA from systemd migration
- Upgrade script:
- recovers symlinks in Dogtag instance install
- recovers systemd configuration for FreeIPA\'s directory server instances
- recovers freeipa.service
- migrates directory server and KDC configs to use proper keytabs for systemd services
Wed Oct 26 14:00:00 2011 Fedora Release Engineering - 2.1.3-5
- Rebuilt for glibc bug#747377
Wed Oct 19 14:00:00 2011 Alexander Bokovoy - 2.1.3-4
- clean up spec
- Depend on sssd >= 1.6.2 for better user experience
Tue Oct 18 14:00:00 2011 Alexander Bokovoy - 2.1.3-3
- Fix Fedora package changelog after merging systemd changes
Tue Oct 18 14:00:00 2011 Alexander Bokovoy - 2.1.3-2
- Fix postin scriplet for F-15/F-16
Tue Oct 18 14:00:00 2011 Alexander Bokovoy - 2.1.3-1
- 2.1.3
Mon Oct 17 14:00:00 2011 Alexander Bokovoy - 2.1.2-1
- Default to systemd for Fedora 16 and onwards
Tue Aug 16 14:00:00 2011 Rob Crittenden - 2.1.0-1
- Update to upstream 2.1.0
Fri May 6 14:00:00 2011 Simo Sorce - 2.0.1-2
- Fix bug #702633
Mon May 2 14:00:00 2011 Rob Crittenden - 2.0.1-1
- Update minimum selinux-policy to 3.9.16-18
- Update minimum pki-ca and pki-selinux to 9.0.7
- Update minimum 389-ds-base to 1.2.8.0-1
- Update to upstream 2.0.1
Thu Mar 24 13:00:00 2011 Rob Crittenden - 2.0.0-1
- Update to upstream GA release
- Automatically apply updates when the package is upgraded
Fri Feb 25 13:00:00 2011 Rob Crittenden - 2.0.0-0.4.rc2
- Update to upstream freeipa-2.0.0.rc2
- Set minimum version of python-nss to 0.11 to make sure IPv6 support is in
- Set minimum version of sssd to 1.5.1
- Patch to include SuiteSpotGroup when setting up 389-ds instances
- Move a lot of BuildRequires so this will build with ONLY_CLIENT enabled
Tue Feb 15 13:00:00 2011 Rob Crittenden - 2.0.0-0.3.rc1
- Set the N-V-R so rc1 is an update to beta2.
Mon Feb 14 13:00:00 2011 Rob Crittenden - 2.0.0-0.1.rc1
- Set minimum version of sssd to 1.5.1
- Update to upstream freeipa-2.0.0.rc1
- Move server-only binaries from admintools subpackage to server
Tue Feb 8 13:00:00 2011 Fedora Release Engineering - 2.0.0-0.2.beta2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
Thu Feb 3 13:00:00 2011 Rob Crittenden - 2.0.0-0.1.beta2
- Set min version of 389-ds-base to 1.2.8
- Set min version of mod_nss 1.0.8-10
- Set min version of selinux-policy to 3.9.7-27
- Add dogtag themes to Requires
- Update to upstream freeipa-2.0.0.pre2
Thu Jan 27 13:00:00 2011 Rob Crittenden - 2.0.0-0.2.beta.git80e87e7
- Remove unnecessary moving of v1 CA serial number file in post script
- Add Obsoletes for server-selinxu subpackage
- Using git snapshot 442d6ad30ce1156914e6245aa7502499e50ec0da
Wed Jan 26 13:00:00 2011 Rob Crittenden - 2.0.0-0.1.beta.git80e87e7
- Prepare spec file for release
- Using git snapshot 80e87e75bd6ab56e3e20c49ece55bd4d52f1a503
Tue Jan 25 13:00:00 2011 Rob Crittenden - 1.99-41
- Re-arrange doc and defattr to clean up rpmlint warnings
- Remove conditionals on older releases
- Move some man pages into admintools subpackage
- Remove some explicit Requires in client that aren\'t needed
- Consistent use of buildroot vs RPM_BUILD_ROOT
Wed Jan 19 13:00:00 2011 Adam Young - 1.99-40
- Moved directory install/static to install/ui
Thu Jan 13 13:00:00 2011 Simo Sorce - 1.99-39
- Remove dependency on nss_ldap/nss-pam-ldapd
- The official client is sssd and that\'s what we use by default.
Thu Jan 13 13:00:00 2011 Simo Sorce - 1.99-38
- Remove radius subpackages
Thu Jan 13 13:00:00 2011 Rob Crittenden - 1.99-37
- Set minimum pki-ca and pki-silent versions to 9.0.0
Wed Jan 12 13:00:00 2011 Rob Crittenden - 1.99-36
- Drop BuildRequires on mozldap-devel
Mon Dec 13 13:00:00 2010 Rob Crittenden - 1.99-35
- Add Requires on krb5-pkinit-openssl
Fri Dec 10 13:00:00 2010 Jr Aquino - 1.99-34
- Add ipa-host-net-manage script
Tue Dec 7 13:00:00 2010 Simo Sorce - 1.99-33
- Add ipa init script
Fri Nov 19 13:00:00 2010 Rob Crittenden - 1.99-32
- Set minimum level of 389-ds-base to 1.2.7 for enhanced memberof plugin
Wed Nov 3 13:00:00 2010 Rob Crittenden - 1.99-31
- remove ipa-fix-CVE-2008-3274
Wed Oct 6 14:00:00 2010 Rob Crittenden - 1.99-30
- Remove duplicate %files entries on share/ipa/static
- Add python default encoding shared library
Mon Sep 20 14:00:00 2010 Rob Crittenden - 1.99-29
- Drop requires on python-configobj (not used any more)
- Drop ipa-ldap-updater message, upgrades are done differently now
Wed Sep 8 14:00:00 2010 Rob Crittenden - 1.99-28
- Drop conflicts on mod_nss
- Require nss-pam-ldapd on F-14 or higher instead of nss_ldap (#606847)
- Drop a slew of conditionals on older Fedora releases (< 12)
- Add a few conditionals against RHEL 6
- Add Requires of nss-tools on ipa-client
Fri Aug 13 14:00:00 2010 Rob Crittenden - 1.99-27
- Set minimum version of certmonger to 0.26 (to pck up #621670)
- Set minimum version of pki-silent to 1.3.4 (adds -key_algorithm)
- Set minimum version of pki-ca to 1.3.6
- Set minimum version of sssd to 1.2.1
Tue Aug 10 14:00:00 2010 Rob Crittenden - 1.99-26
- Add BuildRequires for authconfig
Mon Jul 19 14:00:00 2010 Rob Crittenden - 1.99-25
- Bump up minimum version of python-nss to pick up nss_is_initialize() API
Thu Jun 24 14:00:00 2010 Adam Young - 1.99-24
- Removed python-asset based webui
Thu Jun 24 14:00:00 2010 Rob Crittenden - 1.99-23
- Change Requires from fedora-ds-base to 389-ds-base
- Set minimum level of 389-ds-base to 1.2.6 for the replication
version plugin.
Tue Jun 1 14:00:00 2010 Rob Crittenden - 1.99-22
- Drop Requires of python-krbV on ipa-client
Mon May 17 14:00:00 2010 Rob Crittenden - 1.99-21
- Load ipa_dogtag.pp in post install
Mon Apr 26 14:00:00 2010 Rob Crittenden - 1.99-20
- Set minimum level of sssd to 1.1.1 to pull in required hbac fixes.
Thu Mar 4 13:00:00 2010 Rob Crittenden - 1.99-19
- No need to create /var/log/ipa_error.log since we aren\'t using
TurboGears any more.
Mon Mar 1 13:00:00 2010 Jason Gerard DeRose - 1.99-18
- Fixed share/ipa/wsgi.py so .pyc, .pyo files are included
Wed Feb 24 13:00:00 2010 Jason Gerard DeRose - 1.99-17
- Added Require mod_wsgi, added share/ipa/wsgi.py
Thu Feb 11 13:00:00 2010 Jason Gerard DeRose - 1.99-16
- Require python-wehjit >= 0.2.2
Wed Feb 3 13:00:00 2010 Rob Crittenden - 1.99-15
- Add sssd and certmonger as a Requires on ipa-client
Wed Jan 27 13:00:00 2010 Jason Gerard DeRose - 1.99-14
- Require python-wehjit >= 0.2.0
Fri Dec 4 13:00:00 2009 Rob Crittenden - 1.99-13
- Add ipa-rmkeytab tool
Tue Dec 1 13:00:00 2009 Rob Crittenden - 1.99-12
- Set minimum of python-pyasn1 to 0.0.9a so we have support for the ASN.1
Any type
Wed Nov 25 13:00:00 2009 Rob Crittenden - 1.99-11
- Remove v1-style /etc/ipa/ipa.conf, replacing with /etc/ipa/default.conf
Fri Nov 13 13:00:00 2009 Rob Crittenden - 1.99-10
- Add bash completion script and own /etc/bash_completion.d in case it
doesn\'t already exist
Tue Nov 3 13:00:00 2009 Rob Crittenden - 1.99-9
- Remove ipa_webgui, its functions rolled into ipa_httpd
Mon Oct 12 14:00:00 2009 Jason Gerard DeRose - 1.99-8
- Removed python-cherrypy from BuildRequires and Requires
- Added Requires python-assets, python-wehjit
Mon Aug 24 14:00:00 2009 Rob Crittenden - 1.99-7
- Added httpd SELinux policy so CRLs can be read
Thu May 21 14:00:00 2009 Rob Crittenden - 1.99-6
- Move ipalib to ipa-python subpackage
- Bump minimum version of slapi-nis to 0.15
Wed May 6 14:00:00 2009 Rob Crittenden - 1.99-5
- Set 0.14 as minimum version for slapi-nis
Wed Apr 22 14:00:00 2009 Rob Crittenden - 1.99-4
- Add Requires: python-nss to ipa-python sub-package
Thu Mar 5 13:00:00 2009 Rob Crittenden - 1.99-3
- Remove the IPA DNA plugin, use the DS one
Wed Mar 4 13:00:00 2009 Rob Crittenden - 1.99-2
- Build radius separately
- Fix a few minor issues
Tue Feb 3 13:00:00 2009 Rob Crittenden - 1.99-1
- Replace TurboGears requirement with python-cherrypy
Sat Jan 17 13:00:00 2009 Tomas Mraz - 1.2.1-3
- rebuild with new openssl
Fri Dec 19 13:00:00 2008 Dan Walsh - 1.2.1-2
- Fix SELinux code
Mon Dec 15 13:00:00 2008 Simo Sorce - 1.2.1-1
- Fix breakage caused by python-kerberos update to 1.1
Fri Dec 5 13:00:00 2008 Simo Sorce - 1.2.1-0
- New upstream release 1.2.1
Sat Nov 29 13:00:00 2008 Ignacio Vazquez-Abrams - 1.2.0-4
- Rebuild for Python 2.6
Fri Nov 14 13:00:00 2008 Simo Sorce - 1.2.0-3
- Respin after the tarball has been re-released upstream
New hash is 506c9c92dcaf9f227cba5030e999f177
Thu Nov 13 13:00:00 2008 Simo Sorce - 1.2.0-2
- Conditionally restart also dirsrv and httpd when upgrading
Wed Oct 29 13:00:00 2008 Rob Crittenden - 1.2.0-1
- Update to upstream version 1.2.0
- Set fedora-ds-base minimum version to 1.1.3 for winsync header
- Set the minimum version for SELinux policy
- Remove references to Fedora 7
Wed Jul 23 14:00:00 2008 Simo Sorce - 1.1.0-3
- Fix for CVE-2008-3274
- Fix segfault in ipa-kpasswd in case getifaddrs returns a NULL interface
- Add fix for bug #453185
- Rebuild against openldap libraries, mozldap ones do not work properly
- TurboGears is currently broken in rawhide. Added patch to not build
the UI locales and removed them from the ipa-server files section.
Wed Jun 18 14:00:00 2008 Rob Crittenden - 1.1.0-2
- Add call to /usr/sbin/upgradeconfig to post install
Wed Jun 11 14:00:00 2008 Rob Crittenden - 1.1.0-1
- Update to upstream version 1.1.0
- Patch for indexing memberof attribute
- Patch for indexing uidnumber and gidnumber
- Patch to change DNA default values for replicas
- Patch to fix uninitialized variable in ipa-getkeytab
Fri May 16 14:00:00 2008 Rob Crittenden - 1.0.0-5
- Set fedora-ds-base minimum version to 1.1.0.1-4 and mod_nss minimum
version to 1.0.7-4 so we pick up the NSS fixes.
- Add selinux-policy-base(post) to Requires (446496)
Tue Apr 29 14:00:00 2008 Rob Crittenden - 1.0.0-4
- Add missing entry for /var/cache/ipa/kpasswd (444624)
- Added patch to fix permissions problems with the Apache NSS database.
- Added patch to fix problem with DNS querying where the query could be
returned as the answer.
- Fix spec error where patch1 was in the wrong section
Fri Apr 25 14:00:00 2008 Rob Crittenden - 1.0.0-3
- Added patch to fix problem reported by ldapmodify
Fri Apr 25 14:00:00 2008 Rob Crittenden - 1.0.0-2
- Fix Requires for krb5-server that was missing for Fedora versions > 9
- Remove quotes around test for fedora version to package egg-info
Fri Apr 18 14:00:00 2008 Rob Crittenden - 1.0.0-1
- Update to upstream version 1.0.0
Tue Mar 18 13:00:00 2008 Rob Crittenden 0.99-12
- Pull upstream changelog 722
- Add Conflicts mod_ssl (435360)
Fri Feb 29 13:00:00 2008 Rob Crittenden 0.99-11
- Pull upstream changelog 698
- Fix ownership of /var/log/ipa_error.log during install (435119)
- Add pwpolicy command and man page
Thu Feb 21 13:00:00 2008 Rob Crittenden 0.99-10
- Pull upstream changelog 678
- Add new subpackage, ipa-server-selinux
- Add Requires: authconfig to ipa-python (bz #433747)
- Package i18n files
Mon Feb 18 13:00:00 2008 Rob Crittenden 0.99-9
- Pull upstream changelog 641
- Require minimum version of krb5-server on F-7 and F-8
- Package some new files
Thu Jan 31 13:00:00 2008 Rob Crittenden 0.99-8
- Marked with wrong license. IPA is GPLv2.
Tue Jan 29 13:00:00 2008 Rob Crittenden 0.99-7
- Ensure that /etc/ipa exists before moving user-modifiable html files there
- Put html files into /etc/ipa/html instead of /etc/ipa
Tue Jan 29 13:00:00 2008 Rob Crittenden 0.99-6
- Pull upstream changelog 608 which renamed several files
Thu Jan 24 13:00:00 2008 Rob Crittenden 0.99-5
- package the sessions dir /var/cache/ipa/sessions
- Pull upstream changelog 597
Thu Jan 24 13:00:00 2008 Rob Crittenden 0.99-4
- Updated upstream pull (596) to fix bug in ipa_webgui that was causing the
UI to not start.
Thu Jan 24 13:00:00 2008 Rob Crittenden 0.99-3
- Included LICENSE and README in all packages for documentation
- Move user-modifiable content to /etc/ipa and linked back to
/usr/share/ipa/html
- Changed some references to /usr to the {_usr} macro and /etc
to {_sysconfdir}
- Added popt-devel to BuildRequires for Fedora 8 and higher and
popt for Fedora 7
- Package the egg-info for Fedora 9 and higher for ipa-python
Tue Jan 22 13:00:00 2008 Rob Crittenden 0.99-2
- Added auto
* BuildRequires
Mon Jan 21 13:00:00 2008 Rob Crittenden 0.99-1
- Unified spec file
Thu Jan 17 13:00:00 2008 Rob Crittenden - 0.6.0-2
- Fixed License in specfile
- Include files from /usr/lib/python
*/site-packages/ipaserver
Fri Dec 21 13:00:00 2007 Karl MacMillan - 0.6.0-1
- Version bump for release
Wed Nov 21 13:00:00 2007 Karl MacMillan - 0.5.0-1
- Preverse mode on ipa-keytab-util
- Version bump for relase and rpm name change
Thu Nov 15 13:00:00 2007 Rob Crittenden - 0.4.1-2
- Broke invididual Requires and BuildRequires onto separate lines and
reordered them
- Added python-tgexpandingformwidget as a dependency
- Require at least fedora-ds-base 1.1
Thu Nov 1 13:00:00 2007 Karl MacMillan - 0.4.1-1
- Version bump for release
Wed Oct 31 13:00:00 2007 Karl MacMillan - 0.4.0-6
- Add dep for freeipa-admintools and acl
Wed Oct 24 14:00:00 2007 Rob Crittenden - 0.4.0-5
- Add dependency for python-krbV
Fri Oct 19 14:00:00 2007 Rob Crittenden - 0.4.0-4
- Require mod_nss-1.0.7-2 for mod_proxy fixes
Thu Oct 18 14:00:00 2007 Karl MacMillan - 0.4.0-3 | |
