[ol7_latest] ipa-server-dns-4.6.4-10.0.1.el7.noarch

Name:	ipa-server-dns
Version:	4.6.4
Release:	10.0.1.el7
Architecture:	noarch
Group:	System Environment/Base
Size:	50071
License:	GPLv3+
RPM:	ipa-server-dns-4.6.4-10.0.1.el7.noarch.rpm
Source RPM:	ipa-4.6.4-10.0.1.el7.src.rpm
Build Date:	Wed Oct 31 2018
Build Host:	ca-build85.us.oracle.com
Vendor:	Oracle America
URL:	http://www.freeipa.org/
Summary:	IPA integrated DNS server with support for automatic DNSSEC signing
Description:	IPA integrated DNS server with support for automatic DNSSEC signing. Integrated DNS server is BIND 9. OpenDNSSEC provides key management.

Changelog (Show File list) (Show related packages)

Tue Oct 30 2018 EL Errata <el-errata_ww@oracle.com> - 4.6.4-10.0.1

- Blank out header-logo.png product-name.png
- Replace login-screen-logo.png [20362818]

Tue Sep 18 2018 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.4-10.el7

- Resolves: 1630361 PKINIT fails in FIPS mode
  - Ensure that public cert and CA bundle are readable
  - Always make ipa.p11-kit world-readable
  - Make /etc/httpd/alias world readable & executable
  - Fix permission of public files in upgrader

Mon Sep 10 2018 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.4-9.el7

- Resolves: #1624755 Re-installing replica on the same system displays 'WARNING: cannot check if port 443 is already configured'
  - ipa-replica-install: properly use the file store
- Resolves: #1623486 PKINIT configuration did not succeed message is received during Replica-install
  - ipa-replica-install: fix pkinit setup
- Related: #1624289 AVC denials noticed during test execution for SUB-CA test-suite in FIPS mode
  - Update minimum selinux-policy to 3.13.1-224

Tue Sep 04 2018 Tibor Dudlák <tdudlak@redhat.com> - 4.6.4-8.el7

- Resolves #1508498 Authn/TOTP defined users periodically prompt for just password credentials to access resources
  - Clear next field when returnining list elements in queue.c
  - Add cmocka unit tests for ipa otpd queue code
- Resolves #1622168 ipa-otpd: fix potential double-free and infinite loop in queue code
  - Clear next field when returnining list elements in queue.c
  - Add cmocka unit tests for ipa otpd queue code
- Resolves #1603444 ipa-server-install script is failing when using the "--no-dnssec-validation" parameter combined with the "--forwarder"
  - ipa-server-install: do not perform forwarder validation with --no-dnssec-validation

Wed Aug 29 2018 Tibor Dudlák <tdudlak@redhat.com> - 4.6.4-7.el7

- Resolves: #1609882 ipaserver/plugins/cert.py: Add reason to raise of errors.NotFound
  - ipaserver/plugins/cert.py: Added reason to raise of errors.NotFound
- Resolves: #1598662 Replica installation fails with connection refused error 
  - Do not set ca_host when --setup-ca is used
- Resolves: #1577108 Improve Custodia client and key distribution handling
  - Fix KRA replica installation from CA master
- Resolves: #1515314 ipa-replica-install fails with PIN error [ CA-less environment ]
  - Fix ipa-replica-install when key not protected by PIN
- Resolves: #1480502 ipa server uninstall with -v option displays "IOError: [Errno 9] Bad file descriptor Logged from file ipautil.py, line 442"
  - uninstall -v: remove Tracebacks
- Resolves: #1368345 Replace ERROR: cannot connect to 'http://localhost:8888/ipa/json': [Errno 111] Connection refused with 'IPA is not configured on this system'
  - ipa commands: print 'IPA is not configured' when ipa is not setup
  - Disable message about log in ipa-backup if IPA is not configured
- Resolves: #1591824 Installation of replica against a specific master
  - Do not set ca_host when --setup-ca is used
- Resolves: #1594141 Replication races in DogtagInstance.setup_admin
  - Catch ACIError instead of invalid credentials
- Resolves: #1623112  ipa-replica-install defines nsds5replicabinddngroup before the group contains the DN of the replication manager
  - DS replication settings: fix regression with <3.3 master
- Resolves: #1623113 Replica install: certmonger sometimes fails
  - Wait for client certificates
  - Auto-retry failed certmonger requests

Fri Aug 17 2018 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.4-6.el7

- Resolves: #1590647 ldapmodify userPassword reflects on krblastpwdchange on RHEL6 but not RHEL7
  - In IPA 4.4 when updating userpassword with ldapmodify does not update krbPasswordExpiration nor krbLastPwdChange
- Resolves: #1600074 ipa-server-upgrade displays 'DN: cn=Schema Compatibility,cn=plugins,cn=config does not exists or haven't been updated'
  - Re-open the ldif file to prevent error message
- Resolves: #1608783 ipa trust-add fails in FIPS mode.
  - Move fips_enabled to a common library to share across different plugins
  - ipasam: do not use RC4 in FIPS mode

Mon Aug 13 2018 Tibor Dudlák <tdudlak@redhat.com> - 4.6.4-5.el7

- Resolves: #1607616 Traceback in messages file during ipa-server-install: File "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit", line 541, in <module>#012
  - Removing filesystem encoding check
- Resolves: #1598044  plugable.py:491:bootstrap:SystemEncodingError: System encoding must be UTF-8, 'ANSI_X3.4-1968' is not supported.
  - Removing filesystem encoding check

Fri Aug 10 2018 Tibor Dudlák <tdudlak@redhat.com> - 4.6.4-4.el7

- Resolves: #1600525 ipa-client-install --uninstall fails to uninstall client.
  - ipa client uninstall: clean the state store when restoring hostname
- Resolves: #1598117 client uninstall fails when installed using non-existing hostname
  - ipa client uninstall: clean the state store when restoring hostname
- Resolves: #1596168 ipa help topics displays 'ipa: ERROR: an internal error has occurred'
  - Fix regression: Handle unicode where str is expected
- Resolves: #1591824 Installation of replica against a specific master
  - Query for server role IPA master
  - Only create DNS SRV records for ready server
  - Delay enabling services until end of installer
  - replicainstall: DS SSL replica install pick right certmonger host
  - Fix CA topology warning
  - Fix race condition in get_locations_records()
  - Fix DNSSEC install regression
  - Handle races in replica config
- Resolves: #1591647 Increase WSGI worker process count
  - Use 4 WSGI workers on 64bit systems
- Resolves: #1565633 nsds5ReplicaReleaseTimeout should be set by default.
  - Tune DS replication settings
- Resolves: #1607616 Traceback in messages file during ipa-server-install: File "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit", line 541, in <module>#012
  - Removing filesystem encoding check
- Resolves: #1598044  plugable.py:491:bootstrap:SystemEncodingError: System encoding must be UTF-8, 'ANSI_X3.4-1968' is not supported.
  - Removing filesystem encoding check

Mon Jul 23 2018 Alexander Bokovoy <abokovoy@redhat.com> - 4.6.4-3.el7

- Resolves: #1603514 Replica install fails with "Certificate issuance failed (CA_REJECTED)" - ACIError

Fri Jun 22 2018 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.4-2.el7

- Resolves: #1594142 SRV lookup doesn't correctly sort results
  - Sort and shuffle SRV record by priority and weight
- Resolves: #1594141 Replication races in DogtagInstance.setup_admin
  - Fix replication races in Dogtag admin code
  - Use common replication wait timeout of 5min
  - Improve and fix timeout bug in wait_for_entry()
- Resolves: #1591824 Installation of replica against a specific master
  - Always set ca_host when installing replica
- Resolves: #1591647 Increase WSGI worker process count
  - Increase WSGI process count to 5 on 64bit
- Resolves: #1394034 Custom SELinux User Map order is changed after updating IPA
  - Use replace instead of add to set new default ipaSELinuxUserMapOrder
- Resolves: #1381535 ipa config-mod returns "Configured size limit exceeded"
  - ipaserver config plugin: Increase search records minimum limit