[ol7_latest] ipa-server-dns-4.6.8-5.0.1.el7_9.10.noarch

Name:	ipa-server-dns
Version:	4.6.8
Release:	5.0.1.el7_9.10
Architecture:	noarch
Group:	System Environment/Base
Size:	50698
License:	GPLv3+
RPM:	ipa-server-dns-4.6.8-5.0.1.el7_9.10.noarch.rpm
Source RPM:	ipa-4.6.8-5.0.1.el7_9.10.src.rpm
Build Date:	Thu Dec 16 2021
Build Host:	build-ol7-x86_64.oracle.com
Vendor:	Oracle America
URL:	http://www.freeipa.org/
Summary:	IPA integrated DNS server with support for automatic DNSSEC signing
Description:	IPA integrated DNS server with support for automatic DNSSEC signing. Integrated DNS server is BIND 9. OpenDNSSEC provides key management.

Changelog (Show File list) (Show related packages)

Thu Dec 16 2021 EL Errata <el-errata_ww@oracle.com> - 4.6.8-5.0.1

- Blank out header-logo.png product-name.png
- Replace login-screen-logo.png [Orabug: 20362818]

Thu Dec 02 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.8-5.el7_9.10

- Resolves: 2025848 - RHEL 8.6 IPA Replica Failed to configure PKINIT setup against a RHEL 7.9 IPA server 
  - Fix cert_request for KDC cert
- Resolves: 2021444 - CVE-2020-25719 ipa: samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets
  - SMB: switch IPA domain controller role

Wed Sep 08 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.8-5.el7_9.9

- Resolves: #2000261 - extdom: LDAP_INVALID_SYNTAX returned instead of LDAP_NO_SUCH_OBJECT
  - extdom: return LDAP_NO_SUCH_OBJECT if domains differ

Tue Jun 22 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.8-5.el7_9.7

- Resolves: #1956550 - IPA server installation fails when cert contains non-ASCII character
  - CA less installation: non ASCII chars in CA subject
  - ipatests: use non-ascii chars in CA-less install
- Resolves: #1974328 - Revise PKINIT upgrade code
  - Allow PKINIT to be enabled when updating from a pre-PKINIT IPA CA server

Tue May 11 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.8-5.el7_9.6
```
- Resolves: #1959349 - Need to bump pki + ds version
```

Tue Apr 06 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.8-5.el7_9.5

- Resolves: #1931405 krb5kdc crash - Segmentation fault in ldap_first_entry().
  - ipa-kdb: fix compiler warnings
  - ipa-kdb: add missing prototypes
  - ipa-kdb: reformat ipa_kdb_certauth
  - ipa-kdb: mark test functions as static
  - ipa-kdb: do not use OpenLDAP functions with NULL LDAP context
- Resolves: #1835741 krb5kdc crashing on ipa server
- Resolves: #1929372 krb5kdc is crashing intermittently on IPA server.

Fri Jan 29 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.8-5.el7_9.4

- Resolves: #1897253 IPA WebUI inaccessible after upgrading to RHEL 8.3.- idoverride-memberof.js missing
  - wgi/plugins.py: ignore empty plugin directories
- Resolves: #1895197 improve IPA PKI susbsystem detection by other means than a directory presence, use pki-server subsystem-find
  - Improve PKI subsystem detection
  - ipatests: add test for PKI subsystem detection
  - ipatest: fix test_upgrade.py::TestUpgrade::()::test_kra_detection
- Resolves: #1892793 Authentication and login times are over several seconds due to unindexed ipaExternalMember
  - Add more indices
- Resolves: #1884819 IdM Web UI shows users as disabled
  - fix cert-find errors in CA-less deployment
- Resolves: #1863619 CA-less install does not set required permissions on KDC certificate
  - CAless installation: set the perms on KDC cert file
  - ipatests: check KDC cert permissions in CA less install
- Resolves: #1859248 CVE-2020-11023 ipa: jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution
  - WebUI: Fix jQuery DOM manipulation issues
- Resolves: #1846349 cannot issue certs with multiple IP addresses corresponding to different hosts
  - fix iPAddress cert issuance for >1 host/service

Thu Jun 18 2020 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.8-5.el7

- Resolves: #1826659 IPA: Ldap authentication failure due to Kerberos principal expiration UTC timestamp
  -  ipa-pwd-extop: use timegm() instead of mktime() to preserve timezone offset

Fri Jun 05 2020 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.8-4.el7

- Resolves: #1842950 ipa-adtrust-install fails when replica is offline
  - ipa-adtrust-install: avoid failure when replica is offline
- Resolves: #1831856 CVE-2020-11022 ipa: jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method
  - WebUI: Apply jQuery patch to fix htmlPrefilter issue

Tue May 12 2020 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.8-3.el7

- Resolves: #1834385 Man page syntax issue detected by rpminspect
  - Man pages: fix syntax issues
- Resolves: #1829787 ipa service-del deletes the required principal when specified in lower/upper case
  - Make check_required_principal() case-insensitive
- Resolves: #1825829 ipa-advise on a RHEL7 IdM server generate a configuration script for client having hardcoded python3
  - ipa-advise: fallback to /usr/libexec/platform-python if python3 not found
- Resolves: #1812020 CVE-2015-9251 ipa: js-jquery: Cross-site scripting via cross-domain ajax requests
  - Web UI: Upgrade jQuery version 2.0.3 -> 3.4.1
- Resolves: #1713487 CVE-2019-11358 ipa: js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection
  - Web UI: Upgrade jQuery version 2.0.3 -> 3.4.1