[ol7_latest] ipa-server-trust-ad-4.6.8-5.0.1.el7_9.11.aarch64

Name:	ipa-server-trust-ad
Version:	4.6.8
Release:	5.0.1.el7_9.11
Architecture:	aarch64
Group:	System Environment/Base
Size:	273514
License:	GPLv3+
RPM:	ipa-server-trust-ad-4.6.8-5.0.1.el7_9.11.aarch64.rpm
Source RPM:	ipa-4.6.8-5.0.1.el7_9.11.src.rpm
Build Date:	Tue Jun 28 2022
Build Host:	build-ol7-aarch64.oracle.com
Vendor:	Oracle America
URL:	http://www.freeipa.org/
Summary:	Virtual package to install packages required for Active Directory trusts
Description:	Cross-realm trusts with Active Directory in IPA require working Samba 4 installation. This package is provided for convenience to install all required dependencies at once.

Changelog (Show File list) (Show related packages)

Tue Jun 28 2022 EL Errata <el-errata_ww@oracle.com> - 4.6.8-5.0.1

- Blank out header-logo.png product-name.png
- Replace login-screen-logo.png [Orabug: 20362818]

Tue May 10 2022 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.8-5.el7_9.11

- Resolves: 2082272 - [RFE] Require confirmation to change "Default host group" in IdM automember rules
  - WebUI: Add confirmation dialog for changing default user/host group

Thu Dec 02 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.8-5.el7_9.10

- Resolves: 2025848 - RHEL 8.6 IPA Replica Failed to configure PKINIT setup against a RHEL 7.9 IPA server 
  - Fix cert_request for KDC cert
- Resolves: 2021444 - CVE-2020-25719 ipa: samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets
  - SMB: switch IPA domain controller role

Wed Sep 08 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.8-5.el7_9.9

- Resolves: #2000261 - extdom: LDAP_INVALID_SYNTAX returned instead of LDAP_NO_SUCH_OBJECT
  - extdom: return LDAP_NO_SUCH_OBJECT if domains differ

Tue Jun 22 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.8-5.el7_9.7

- Resolves: #1956550 - IPA server installation fails when cert contains non-ASCII character
  - CA less installation: non ASCII chars in CA subject
  - ipatests: use non-ascii chars in CA-less install
- Resolves: #1974328 - Revise PKINIT upgrade code
  - Allow PKINIT to be enabled when updating from a pre-PKINIT IPA CA server

Tue May 11 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.8-5.el7_9.6
```
- Resolves: #1959349 - Need to bump pki + ds version
```

Tue Apr 06 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.8-5.el7_9.5

- Resolves: #1931405 krb5kdc crash - Segmentation fault in ldap_first_entry().
  - ipa-kdb: fix compiler warnings
  - ipa-kdb: add missing prototypes
  - ipa-kdb: reformat ipa_kdb_certauth
  - ipa-kdb: mark test functions as static
  - ipa-kdb: do not use OpenLDAP functions with NULL LDAP context
- Resolves: #1835741 krb5kdc crashing on ipa server
- Resolves: #1929372 krb5kdc is crashing intermittently on IPA server.

Fri Jan 29 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.8-5.el7_9.4

- Resolves: #1897253 IPA WebUI inaccessible after upgrading to RHEL 8.3.- idoverride-memberof.js missing
  - wgi/plugins.py: ignore empty plugin directories
- Resolves: #1895197 improve IPA PKI susbsystem detection by other means than a directory presence, use pki-server subsystem-find
  - Improve PKI subsystem detection
  - ipatests: add test for PKI subsystem detection
  - ipatest: fix test_upgrade.py::TestUpgrade::()::test_kra_detection
- Resolves: #1892793 Authentication and login times are over several seconds due to unindexed ipaExternalMember
  - Add more indices
- Resolves: #1884819 IdM Web UI shows users as disabled
  - fix cert-find errors in CA-less deployment
- Resolves: #1863619 CA-less install does not set required permissions on KDC certificate
  - CAless installation: set the perms on KDC cert file
  - ipatests: check KDC cert permissions in CA less install
- Resolves: #1859248 CVE-2020-11023 ipa: jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution
  - WebUI: Fix jQuery DOM manipulation issues
- Resolves: #1846349 cannot issue certs with multiple IP addresses corresponding to different hosts
  - fix iPAddress cert issuance for >1 host/service

Thu Jun 18 2020 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.8-5.el7

- Resolves: #1826659 IPA: Ldap authentication failure due to Kerberos principal expiration UTC timestamp
  -  ipa-pwd-extop: use timegm() instead of mktime() to preserve timezone offset

Fri Jun 05 2020 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.8-4.el7

- Resolves: #1842950 ipa-adtrust-install fails when replica is offline
  - ipa-adtrust-install: avoid failure when replica is offline
- Resolves: #1831856 CVE-2020-11022 ipa: jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method
  - WebUI: Apply jQuery patch to fix htmlPrefilter issue