-
Mon Jul 29 2019 EL Errata <el-errata_ww@oracle.com> - 4.6.4-10.0.1
- Blank out header-logo.png product-name.png
- Replace login-screen-logo.png [20362818]
-
Thu Jun 06 2019 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.4-10.el7_6.6
- Resolves: 1716882 - ERROR: invalid 'PKINIT enabled server': all masters must have IPA master role enabled
- Consider configured servers as valid
-
Mon Feb 04 2019 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.4-10.el7_6.3
- Resolves: 1672343 pki spawn fails for IPA replica install from RHEL6 IPA master
- Update mod_nss cipher list so there is overlap with a 4.x master
- Resolves: 1672342 Fix compile issue with new 389-ds
- ipa-sidgen: make internal fetch_attr helper really internal
- Resolves: 1672176 host_del and host_disable fails, ra.find() search for every certificates instead of the host's certificate by subject
- Add workaround for slow host/service del
- Optimize cert remove case
- Resolves: 1672238 The ipa-replica-install command failed, exception: ValidationError: invalid 'dnszoneidnsname': only master zones can contain record
- replica installation: add master record only if in managed zone
- ipatests: add test for replica in forward zone
-
Tue Dec 18 2018 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.4-10.el7_6.2
- Resolves: 1659492 searching for ipa users by certificate fails
- ipaldap.py: fix method creating a ldap filter for IPACertificate
- ipatests: add xmlrpc test for user|host-find --certificate
- Resolves: 1659509 IPA Upgrade failed with "unable to convert the attribute u'cACertificate;binary'"
- ipa upgrade: handle double-encoded certificates
- ipatests: add upgrade test for double-encoded cacert
- ipatests: fix TestUpgrade::test_double_encoded_cacert
- Resolves: 1659500 'ipa vault-retrieve' is failing with "ipa: ERROR: an internal error has occurred"
- Add a shared-vault-retrieve test
- Add a "Find enabled services" ACI in 20-aci.update so that all users can find IPA servers and services. ACI suggested by Christian Heimes.
- Resolves: 1659511 ipa-pkinit-manage reports a switch from local pkinit to full pkinit configuration was successful although it was not.
- ipatest: add test for ipa-pkinit-manage enable|disable
- PKINIT: fix ipa-pkinit-manage enable|disable
- Resolves: 1659499 automember-rebuild crashes
- Find orphan automember rules
- Resolves: 1660389 ipa-replica-install fails migrating RHEL 6 to 7
- replication: check remote ds version before editing attributes
-
Tue Sep 18 2018 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.4-10.el7
- Resolves: 1630361 PKINIT fails in FIPS mode
- Ensure that public cert and CA bundle are readable
- Always make ipa.p11-kit world-readable
- Make /etc/httpd/alias world readable & executable
- Fix permission of public files in upgrader
-
Mon Sep 10 2018 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.4-9.el7
- Resolves: #1624755 Re-installing replica on the same system displays 'WARNING: cannot check if port 443 is already configured'
- ipa-replica-install: properly use the file store
- Resolves: #1623486 PKINIT configuration did not succeed message is received during Replica-install
- ipa-replica-install: fix pkinit setup
- Related: #1624289 AVC denials noticed during test execution for SUB-CA test-suite in FIPS mode
- Update minimum selinux-policy to 3.13.1-224
-
Tue Sep 04 2018 Tibor Dudlák <tdudlak@redhat.com> - 4.6.4-8.el7
- Resolves #1508498 Authn/TOTP defined users periodically prompt for just password credentials to access resources
- Clear next field when returnining list elements in queue.c
- Add cmocka unit tests for ipa otpd queue code
- Resolves #1622168 ipa-otpd: fix potential double-free and infinite loop in queue code
- Clear next field when returnining list elements in queue.c
- Add cmocka unit tests for ipa otpd queue code
- Resolves #1603444 ipa-server-install script is failing when using the "--no-dnssec-validation" parameter combined with the "--forwarder"
- ipa-server-install: do not perform forwarder validation with --no-dnssec-validation
-
Wed Aug 29 2018 Tibor Dudlák <tdudlak@redhat.com> - 4.6.4-7.el7
- Resolves: #1609882 ipaserver/plugins/cert.py: Add reason to raise of errors.NotFound
- ipaserver/plugins/cert.py: Added reason to raise of errors.NotFound
- Resolves: #1598662 Replica installation fails with connection refused error
- Do not set ca_host when --setup-ca is used
- Resolves: #1577108 Improve Custodia client and key distribution handling
- Fix KRA replica installation from CA master
- Resolves: #1515314 ipa-replica-install fails with PIN error [ CA-less environment ]
- Fix ipa-replica-install when key not protected by PIN
- Resolves: #1480502 ipa server uninstall with -v option displays "IOError: [Errno 9] Bad file descriptor Logged from file ipautil.py, line 442"
- uninstall -v: remove Tracebacks
- Resolves: #1368345 Replace ERROR: cannot connect to 'http://localhost:8888/ipa/json': [Errno 111] Connection refused with 'IPA is not configured on this system'
- ipa commands: print 'IPA is not configured' when ipa is not setup
- Disable message about log in ipa-backup if IPA is not configured
- Resolves: #1591824 Installation of replica against a specific master
- Do not set ca_host when --setup-ca is used
- Resolves: #1594141 Replication races in DogtagInstance.setup_admin
- Catch ACIError instead of invalid credentials
- Resolves: #1623112 ipa-replica-install defines nsds5replicabinddngroup before the group contains the DN of the replication manager
- DS replication settings: fix regression with <3.3 master
- Resolves: #1623113 Replica install: certmonger sometimes fails
- Wait for client certificates
- Auto-retry failed certmonger requests
-
Fri Aug 17 2018 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.4-6.el7
- Resolves: #1590647 ldapmodify userPassword reflects on krblastpwdchange on RHEL6 but not RHEL7
- In IPA 4.4 when updating userpassword with ldapmodify does not update krbPasswordExpiration nor krbLastPwdChange
- Resolves: #1600074 ipa-server-upgrade displays 'DN: cn=Schema Compatibility,cn=plugins,cn=config does not exists or haven't been updated'
- Re-open the ldif file to prevent error message
- Resolves: #1608783 ipa trust-add fails in FIPS mode.
- Move fips_enabled to a common library to share across different plugins
- ipasam: do not use RC4 in FIPS mode
-
Mon Aug 13 2018 Tibor Dudlák <tdudlak@redhat.com> - 4.6.4-5.el7
- Resolves: #1607616 Traceback in messages file during ipa-server-install: File "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit", line 541, in <module>#012
- Removing filesystem encoding check
- Resolves: #1598044 plugable.py:491:bootstrap:SystemEncodingError: System encoding must be UTF-8, 'ANSI_X3.4-1968' is not supported.
- Removing filesystem encoding check