[ol7_latest] ipa-server-dns-4.6.8-5.0.1.el7.noarch

Name:	ipa-server-dns
Version:	4.6.8
Release:	5.0.1.el7
Architecture:	noarch
Group:	System Environment/Base
Size:	50698
License:	GPLv3+
RPM:	ipa-server-dns-4.6.8-5.0.1.el7.noarch.rpm
Source RPM:	ipa-4.6.8-5.0.1.el7.src.rpm
Build Date:	Thu Oct 01 2020
Build Host:	jenkins-172-17-0-2-12b27883-eefe-46f1-997c-d21ca9f6b896.appad3iad.osdevelopmeniad.oraclevcn.com
Vendor:	Oracle America
URL:	http://www.freeipa.org/
Summary:	IPA integrated DNS server with support for automatic DNSSEC signing
Description:	IPA integrated DNS server with support for automatic DNSSEC signing. Integrated DNS server is BIND 9. OpenDNSSEC provides key management.

Changelog (Show File list) (Show related packages)

Wed Sep 30 2020 EL Errata <el-errata_ww@oracle.com> - 4.6.8-5.0.1

- Blank out header-logo.png product-name.png
- Replace login-screen-logo.png [Orabug: 20362818]

Thu Jun 18 2020 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.8-5.el7

- Resolves: #1826659 IPA: Ldap authentication failure due to Kerberos principal expiration UTC timestamp
  -  ipa-pwd-extop: use timegm() instead of mktime() to preserve timezone offset

Fri Jun 05 2020 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.8-4.el7

- Resolves: #1842950 ipa-adtrust-install fails when replica is offline
  - ipa-adtrust-install: avoid failure when replica is offline
- Resolves: #1831856 CVE-2020-11022 ipa: jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method
  - WebUI: Apply jQuery patch to fix htmlPrefilter issue

Tue May 12 2020 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.8-3.el7

- Resolves: #1834385 Man page syntax issue detected by rpminspect
  - Man pages: fix syntax issues
- Resolves: #1829787 ipa service-del deletes the required principal when specified in lower/upper case
  - Make check_required_principal() case-insensitive
- Resolves: #1825829 ipa-advise on a RHEL7 IdM server generate a configuration script for client having hardcoded python3
  - ipa-advise: fallback to /usr/libexec/platform-python if python3 not found
- Resolves: #1812020 CVE-2015-9251 ipa: js-jquery: Cross-site scripting via cross-domain ajax requests
  - Web UI: Upgrade jQuery version 2.0.3 -> 3.4.1
- Resolves: #1713487 CVE-2019-11358 ipa: js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection
  - Web UI: Upgrade jQuery version 2.0.3 -> 3.4.1

Wed Apr 15 2020 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.8-2.el7

- Resolves: #1802408 CVE-2020-1722 ipa: No password length restriction leads to denial of service
  - Add interactive prompt for the LDAP bind password to ipa-getkeytab
  - CVE-2020-1722: prevent use of too long passwords

Thu Apr 02 2020 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.8-1.el7

- Resolves: #1819725 - Rebase IPA to latest 4.6.x version
- Resolves: #1817927 - host-add --password logs cleartext userpassword to Apache error log
- Resolves: #1817923 - IPA upgrade is failing with error "Failed to get request: bus, object_path and dbus_interface must not be None."
- Resolves: #1817922 - covscan memory leaks report
- Resolves: #1817919 - Enable compat tree to provide information about AD users and groups on trust agents
- Resolves: #1817918 - Secure tomcat AJP connector
- Resolves: #1817886 - ipa group-add-member: prevent adding IPA objects as external members
- Resolves: #1788718 - ipa-server-install incorrectly setting slew mode (-x) when setting up ntpd

Tue Mar 24 2020 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.6-12.el7

- Resolves: #1754902 - Running ipa-server-install fails when RHEL 7.7 packages are installed on RHEL 7.6
- Resolves: #1404770 - ID Views: do not allow custom Views for the masters
  - idviews: prevent applying to a master
- Resolves: #1801791 - Compatibility Schema difference in functionality for systems following RHEL 7.5 -> 7.6 upgrade path as opposed to new RHEL 7.6 systems
  - install/updates: move external members past schema compat update
- Resolves: #1795890 - ipa-pkinit-manage enable fails on replica if it doesn't host the CA
  - pkinit setup: fix regression on master install
  - pkinit enable: use local dogtag only if host has CA
- Resolves: #1788907 - Renewed certs are not picked up by IPA CAs
  - Allow an empty cookie in dogtag-ipa-ca-renew-agent-submit
- Resolves: #1780548 - Man page ipa-cacert-manage does not display correctly on RHEL
  - ipa-cacert-manage man page: fix indentation
- Resolves: #1782587 - add "systemctl restart sssd" to warning message when adding trust agents to replicas
  - adtrust.py: mention restarting sssd when adding trust agents
- Resolves: #1771356 - Default client configuration breaks ssh in FIPS mode
  - Use default ssh host key algorithms
- Resolves: #1755535 - ipa-advise on a RHEL7 IdM server is not able to generate a configuration script for a RHEL8 IdM client
  - smartcard: make the ipa-advise script compatible with authselect/authconfig
- Resolves: #1758406 - KRA authentication fails when IPA CA has custom Subject DN
  - upgrade: fix ipakra people entry 'description' attribute
  - krainstance: set correct issuer DN in uid=ipakra entry
- Resolves: #1756568 - ipa-server-certinstall man page does not match built-in help
  - ipa-server-certinstall manpage: add missing options
- Resolves: #1206690 - UPG not being enforced properly
  - ipa user_add: do not check group if UPG is disabled
- Resolves: #1811982 - CVE-2018-14042 ipa: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip.
- Resolves: #1811978 - CVE-2018-14040 ipa: bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute
- Resolves: #1811972 - CVE-2016-10735 ipa: bootstrap: XSS in the data-target attribute
- Resolves: #1811969 -CVE-2018-20676 ipa: bootstrap: XSS in the tooltip data-viewport attribute
- Resolves: #1811966 - CVE-2018-20677 ipa: bootstrap: XSS in the affix configuration target property
- Resolves: #1811962 - CVE-2019-8331 ipa: bootstrap: XSS in the tooltip or popover data-template attribute
  - Web UI: Upgrade Bootstrap version 3.3.7 -> 3.4.1
- Resolves: #1769791 - Invisible part of notification area in Web UI intercepts clicks of some page elements
  - WebUI: Fix notification area layout
- Resolves: #1545755 - ipa-replica-prepare should not update pki admin password
  - Fix indentation levels
  - ipa-pwd-extop: use SLAPI_BIND_TARGET_SDN
  - ipa-pwd-extop: don't check password policy for non-Kerberos account set by DM or a passsync manager
  - Don't save password history on non-Kerberos accounts

Wed Dec 04 2019 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.6-11.el7

- Resolves: #1778777 - After upgrade AD Trust Agents were removed from LDAP
  - trust upgrade: ensure that host is member of adtrust agents

Tue Nov 26 2019 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.6-10.el7

- Resolves: #1728123 - EMBARGOED CVE-2019-10195 ipa: FreeIPA: batch API logging user passwords to /var/log/httpd/error_log [rhel-7]
  - CVE-2019-10195: Don't log passwords embedded in commands in calls using batch
- Resolves: #1773550 - IPA upgrade fails for latest ipa package when adtrust is installed
  - Do not run trust upgrade code if master lacks Samba bindings
- Resolves: #1767302 - EMBARGOED CVE-2019-14867 ipa: Denial of service in IPA server due to wrong use of ber_scanf() [rhel-7.8]
  - Make sure to have storage space for tag

Wed Oct 30 2019 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.6-9.el7

- Resolves: #1762317 - ipa-backup command is failing on rhel-7.8
  -  ipa-backup: fix python2 issue with os.mkdir