[ol7_latest_archive] ipa-server-trust-ad-4.4.0-14.0.1.el7_3.6.x86_64

Name:	ipa-server-trust-ad
Version:	4.4.0
Release:	14.0.1.el7_3.6
Architecture:	x86_64
Group:	System Environment/Base
Size:	263486
License:	GPLv3+
RPM:	ipa-server-trust-ad-4.4.0-14.0.1.el7_3.6.x86_64.rpm
Source RPM:	ipa-4.4.0-14.0.1.el7_3.6.src.rpm
Build Date:	Thu Mar 02 2017
Build Host:	x86-ol7-builder-01.us.oracle.com
Vendor:	Oracle America
URL:	http://www.freeipa.org/
Summary:	Virtual package to install packages required for Active Directory trusts
Description:	Cross-realm trusts with Active Directory in IPA require working Samba 4 installation. This package is provided for convenience to install all required dependencies at once.

Changelog (Show File list) (Show related packages)

Thu Mar 02 2017 Kevin Lyons <kevin.x.lyons@oracle.com> - 4.4.0-14.0.1.el7_3.6

- Blank out header-logo.png product-name.png
  Replace login-screen-logo.png [20362818]

Tue Jan 31 2017 Jan Cholasta <jcholast@redhat.com> - 4.4.0-14.6

- Resolves: #1416488 replication race condition prevents IPA to install
  - wait_for_entry: use only DN as parameter
  - Wait until HTTPS principal entry is replicated to replica
  - Use proper logging for error messages

Tue Jan 31 2017 Jan Cholasta <jcholast@redhat.com> - 4.4.0-14.5

- Resolves: #1410760 ipa-ca-install fails on replica when IPA Master is
  installed without CA
  - Set up DS TLS on replica in CA-less topology
- Resolves: #1413137 CVE-2017-2590 ipa: Insufficient permission check for
  ca-del, ca-disable and ca-enable commands
  - ca: correctly authorise ca-del, ca-enable and ca-disable
- Resolves: #1416481 IPA replica install fails with dirsrv errors.
  - Do not configure PKI ajp redirection to use "::1"

Fri Dec 16 2016 Jan Cholasta <jcholast@redhat.com> - 4.4.0-14.4

- Resolves: #1370493 CVE-2016-7030 ipa: DoS attack against kerberized services
  by abusing password policy
  - ipa-kdb: search for password policies globally
- Renamed patches 1011 and 1012 to 0151 and 0150, as they were merged upstream

Tue Dec 13 2016 Jan Cholasta <jcholast@redhat.com> - 4.4.0-14.3

- Resolves: #1404338 Check IdM Topology for broken record caused by replication
  conflict before upgrading it
  - Check for conflict entries before raising domain level

Tue Dec 13 2016 Jan Cholasta <jcholast@redhat.com> - 4.4.0-14.2

- Resolves: #1401953 ipa-ca-install on promoted replica hangs on creating a
  temporary CA admin
  - replication: ensure bind DN group check interval is set on replica config
  - add missing attribute to ipaca replica during CA topology update
- Resolves: #1404169 IPA upgrade of replica without DNS fails during restart of
  named-pkcs11
  - bindinstance: use data in named.conf to determine configuration status
- Resolves: #1404171 Creation of replica for disconnected environment is
  failing with CA issuance errors; Need good steps.
  - gracefully handle setting replica bind dn group on old masters

Mon Dec 12 2016 Jan Cholasta <jcholast@redhat.com> - 4.4.0-14.1

- Resolves: #1370493 CVE-2016-7030 ipa: DoS attack against kerberized services
  by abusing password policy
  - password policy: Add explicit default password policy for hosts and
    services
- Resolves: #1395311 CVE-2016-9575 ipa: Insufficient permission check in
  certprofile-mod
  - certprofile-mod: correctly authorise config update

Tue Nov 01 2016 Jan Cholasta <jcholast@redhat.com> - 4.4.0-14

- Resolves: #1378353 Replica install fails with old IPA master sometimes during
  replication process
  - spec file: bump minimal required version of 389-ds-base
- Resolves: #1387779 Make httpd publish CA certificate on Domain Level 1
  - Fix missing file that fails DL1 replica installation
- Resolves: #1387782 WebUI: Services are not displayed correctly after upgrade
  - WebUI: services without canonical name are shown correctly
- Resolves: #1389709 Traceback seen in error_log when trustdomain-del is run
  - trustdomain-del: fix the way how subdomain is searched

Mon Oct 31 2016 Jan Cholasta <jcholast@redhat.com> - 4.4.0-13

- Resolves: #1318616 CA fails to start after doing ipa-ca-install --external-ca
  - Keep NSS trust flags of existing certificates
- Resolves: #1360813 ipa-server-certinstall does not update all certificate
  stores and doesn't set proper trust permissions
  - Add cert checks in ipa-server-certinstall
- Resolves: #1371479 cert-find --all does not show information about revocation
  - cert: add revocation reason back to cert-find output
- Resolves: #1375133 WinSync users who have First.Last casing creates users who
  can have their password set
  - ipa passwd: use correct normalizer for user principals
- Resolves: #1377858 Users with 2FA tokens are not able to login to IPA servers
  - Properly handle LDAP socket closures in ipa-otpd
- Resolves: #1387779 Make httpd publish CA certificate on Domain Level 1
  - Make httpd publish its CA certificate on DL1

Fri Sep 16 2016 Petr Vobornik <pvoborni@redhat.com> - 4.4.0-12

- Resolves: #1373910 IPA server upgrade fails with DNS timed out errors.
- Resolves: #1375269 ipa trust-fetch-domains throws internal error