ELBA-2019-2241
- ULN >
- Oracle Linux Errata repository >
- ELBA-2019-2241
ELBA-2019-2241 - ipa bug fix and enhancement update
| Type: | BUG |
| Impact: | NA |
| Release Date: | 2019-08-13 |
Description
[4.6.5-11.0.1]
- Blank out header-logo.png product-name.png
- Replace login-screen-logo.png [Orabug: 20362818]
[4.6.5-11.el7]
- Resolves: 1723473 - ipa upgrade fails with trust entry already exists
- adtrust upgrade: fix wrong primary principal name, part 2
- Resolves: 1686302 - ipa trust fetch-domains, server parameter ignored
- trust-fetch-domains: make sure we use right KDC when --server is specified
[4.6.5-10.el7]
- Resolves: 1723473 - ipa upgrade fails with trust entry already exists
- adtrust upgrade: fix wrong primary principal name
[4.6.5-9.el7]
- Resolves: 1712794 - ERROR: invalid 'PKINIT enabled server': all masters must have IPA master role enabled
- Consider configured servers as valid
[4.6.5-8.el7]
- Resolves: 1702651 - Command ipa conole is broken
- ipa console: catch proper exception when history file can not be open
- Resolves: 1704796 - Wrong CA replication topology created with two replicas
- replica install: acknowledge ca_host override
- Resolves: 1708873 - Unable to upgrade ipa data: IPA version error: data needs to be upgraded (expected version '4.7.90.pre1-3.fc30', current version '4.7.2-8.fc30')
- upgrade: adtrust - catch empty result when retrieving list of trusts
[4.6.5-7.el7]
- Resolves: 1704227 - Wrong logic in ipactl restart leads to start instead of restart pki-tomcatd
- ipactl restart: fix wrong logic when checking service list
[4.6.5-6.el7]
- Resolves: 1700804 - Update Red Hat logo in IdM Server
[4.6.5-5.el7]
- Resolves: 1697242 Communication with oddjob helper fails
- Bypass D-BUS interface definition deficiences for trust-fetch-domains
[4.6.5-4.el7]
- Resolves: 1686302 ipa trust fetch-domains, server parameter ignored
- oddjob: allow to pass options to trust-fetch-domains
- Resolves: 1695481 ipa trust-add failing with CIFS server communication error
- adtrust: define Guests mapping after creating cifs/ principal
- net groupmap: force using empty config when mapping Guests
[4.6.5-3.el7]
- Resolves: 1694623 ipa-kra-install failing with invalid 'role_servrole': must be Unicode text error
- ipa-setup-kra: fix python2 parameter
- Resolves: 1694596 ipa-server-upgrade fails with ConversionError: invalid 'cn': must be Unicode text
- ipa-server-upgrade: fix add_systemd_user_hbac
[4.6.5-2.el7]
- Resolves: 1691334 New defect found in ipa-4.6.5-1.el7
- Coverity: fix issue in ipa_extdom_extop.c
- Resolves: 1666843 ipa-replica-manage force-sync --from keeps prompting 'No status yet'
- ipa-replica-manage: fix force-sync
- Resolves: 1594245 [RFE] sysadm_r should be included in default SELinux user map order
- Add sysadm_r to default SELinux user map order
- Resolves: 1527215 RFE: ipa client should setup openldap for GSSAPI
- RFE: ipa client should setup openldap for GSSAPI
- Resolves: 1518939 RFE: Extend IPA to support unadvertised replicas
- Unify and simplify LDAP service discovery
- Use api.env.container_masters
- Consolidate container_masters queries
- Add hidden replica feature
- ipatests: Exercise hidden replica feature
- Simplify and improve tests
- Implement server-state --state=enabled/hidden
- Consider hidden servers as role provider
- Improve config-show to show hidden servers
- More test fixes
- Dont allow to hide last server for a role
- Synchronize hidden state from IPA master role
- Test replica installation from hidden replica
- Add design draft
- Dont fail if config-show does not return servers
- Resolves: 1517886 double ca acl provoke console error.
- Add uniqueness constraint on CA ACL name
- Resolves: 1498110 Using --auto-reverse and --allow-zone-overlap does not skip zone overlap check
- Extend CALessBase::installer_server to accept extra_args
- Skip zone overlap check with auto-reverse
- Resolves: 1496963 [RFE] Provide an option to include FQDN in IDM topology graph
- Web UI (topology graph): Show FQDN for nodes if they have no common DNS zone
- Resolves: 1345975 [RFE] Support One-Way Trust authenticated by trust secret
- Replace hard-coded paths with path constants
- Support Samba 4.9
- Add design page for one-way trust to AD with shared secret
- trust: allow trust agents to read POSIX identities of trust
- trusts: add support for one-way shared secret trust
- upgrade: upgrade existing trust agreements to new layout
- upgrade: add trust upgrade to actual upgrade code
- Resolves: 1690191 [RFE] Offline Certificate Renewal System
- Extract ca_renewal cert update subroutine
- cainstance: add function to determine ca_renewal nickname
- constants: add ca_renewal container
- Add ipa-cert-fix tool
- ipa-cert-fix: add man page
- ipa-cert-fix: use customary exit statuses
- Resolves: 1631826 Create a warning that SSSD needs restart after idrange-mod
- Show a notification that sssd needs restarting after idrange-mod
[4.6.5-1.el7]
- Resolves: 1677197 Rebase IPA to latest 4.6.x version
- Resolves: 1690037[RFE] Add utility to promote CA replica to CRL master
- Resolves: 1689585 Cannot install ipa-server on rhel7.7
- Resolves: 1672184 Fix compile issue with new 389-ds
- Resolves: 1672180 pki spawn fails for IPA replica install from RHEL6 IPA master
- Resolves: 1669012 host_del and host_disable fails, ra.find() search for every certificates instead of the hosts certificate by subject
- Resolves: 1658701 ipa-replica-install fails migrating RHEL 6 to 7
- Resolves: 1651834 searching for ipa users by certificate fails
- Resolves: 1644874 IPA Upgrade failed with 'unable to convert the attribute u'cACertificate;binary''
- Resolves: 1638545 ipa-advise command points to old URL's.
- Resolves: 1637717 RFE: Validation and better error messages when novajoin fails because of SSL errors
- Resolves: 1599939 'ipa vault-retrieve' is failing with 'ipa: ERROR: an internal error has occurred'
- Resolves: 1593454 In IPA WebUI, a warning appears in the background(warning message behind the dialog box).
- Resolves: 1586268 [RFE] Red Hat Identity Manager IP SANs
- Resolves: 1579037 Adding 3rd Party CAs to IPA results in SmartCard preparation script failure
- Resolves: 1577967 Users with user creation/modification privileges fail to add the '--radius-username' option when creating users
- Resolves: 1572674 ipa-cacert-manage cannot import PKCS#7 files
- Resolves: 1562422 [RFE] Allow IPA Services to Start After the IPA Backup Has Completed
- Resolves: 1562396 IPA numeric username breaks sudo and getent
- Resolves: 1533228 The ipa-replica-install command failed, exception: ValidationError: invalid 'dnszoneidnsname': only master zones can contain records
- Resolves: 1497334 ipa-server-install should prevent installations with single label domains
- Resolves: 1493541 ipa-pkinit-manage reports a switch from local pkinit to full pkinit configuration was successful although it was not.
- Resolves: 1485217 [RFE] Warn or adjust umask if it is too restrictive to break installation
- Resolves: 1428690 ipa-backup does not create log file at /var/log/
- Resolves: 1408439 ipa idoverrideuser-find view --anchor fails to return output
- Resolves: 1390757 automember-rebuild crashes
- Resolves: 1376024 During one step replica install the command accepts both OTP and Admin password simultaneously
- Resolves: 1245626 ipa-client-install modifies /etc/openldap/ldap.conf in a way which is unhandy for openldap-clients
[4.6.4-12.el7]
- Resolves: 1672180 pki spawn fails for IPA replica install from RHEL6 IPA master
- Update mod_nss cipher list so there is overlap with a 4.x master
- Resolves: 1672184 Fix compile issue with new 389-ds
- ipa-sidgen: make internal fetch_attr helper really internal
- Resolves: 1669012 host_del and host_disable fails, ra.find() search for every certificates instead of the host's certificate by subject
- Add workaround for slow host/service del
- Optimize cert remove case
- Resolves: 1533228 The ipa-replica-install command failed, exception: ValidationError: invalid 'dnszoneidnsname': only master zones can contain record
- replica installation: add master record only if in managed zone
- ipatests: add test for replica in forward zone
[4.6.4-11.el7]
- Resolves: 1651834 searching for ipa users by certificate fails
- ipaldap.py: fix method creating a ldap filter for IPACertificate
- ipatests: add xmlrpc test for user|host-find --certificate
- Resolves: 1644874 IPA Upgrade failed with 'unable to convert the attribute u'cACertificate;binary''
- ipa upgrade: handle double-encoded certificates
- ipatests: add upgrade test for double-encoded cacert
- ipatests: fix TestUpgrade::test_double_encoded_cacert
- Resolves: 1599939 'ipa vault-retrieve' is failing with 'ipa: ERROR: an internal error has occurred'
- Add a shared-vault-retrieve test
- Add a 'Find enabled services' ACI in 20-aci.update so that all users can find IPA servers and services. ACI suggested by Christian Heimes.
- Resolves: 1493541 ipa-pkinit-manage reports a switch from local pkinit to full pkinit configuration was successful although it was not.
- ipatest: add test for ipa-pkinit-manage enable|disable
- PKINIT: fix ipa-pkinit-manage enable|disable
- Resolves: 1390757 automember-rebuild crashes
- Find orphan automember rules
- Resolves: 1658701 ipa-replica-install fails migrating RHEL 6 to 7
- replication: check remote ds version before editing attributes
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
| Oracle Linux 7 (aarch64) | ipa-4.6.5-11.0.1.el7.src.rpm | 594f465a15cabd210ce75de7ca1c46add0d0c02d6d41756780f104b89dad86d1 | ELSA-2024-3760 | ol7_aarch64_latest |
| ipa-4.6.5-11.0.1.el7.src.rpm | 594f465a15cabd210ce75de7ca1c46add0d0c02d6d41756780f104b89dad86d1 | ELSA-2024-3760 | ol7_aarch64_u7_base | |
| ipa-client-4.6.5-11.0.1.el7.aarch64.rpm | 5d2a3b680709435a1098aa077284f981e26e066958eeaf6e028c35e17d459cd3 | ELSA-2024-3760 | ol7_aarch64_latest | |
| ipa-client-4.6.5-11.0.1.el7.aarch64.rpm | 5d2a3b680709435a1098aa077284f981e26e066958eeaf6e028c35e17d459cd3 | ELSA-2024-3760 | ol7_aarch64_u7_base | |
| ipa-client-common-4.6.5-11.0.1.el7.noarch.rpm | 51d58c94d7f2b9f6c3f7d9693f3720338d81e008c3225a9023f67354e0798046 | ELSA-2024-3760 | ol7_aarch64_latest | |
| ipa-client-common-4.6.5-11.0.1.el7.noarch.rpm | 51d58c94d7f2b9f6c3f7d9693f3720338d81e008c3225a9023f67354e0798046 | ELSA-2024-3760 | ol7_aarch64_u7_base | |
| ipa-common-4.6.5-11.0.1.el7.noarch.rpm | f55bb28e6dfd63ece44b955430dd35abfb9ed0feabdeadc953de8bcbba8ed83d | ELSA-2024-3760 | ol7_aarch64_latest | |
| ipa-common-4.6.5-11.0.1.el7.noarch.rpm | f55bb28e6dfd63ece44b955430dd35abfb9ed0feabdeadc953de8bcbba8ed83d | ELSA-2024-3760 | ol7_aarch64_u7_base | |
| ipa-python-compat-4.6.5-11.0.1.el7.noarch.rpm | f7d630abfea836d2c5ea065a9e19f32144e0ff2f08143f4b63ff8477de1e05bd | ELSA-2024-3760 | ol7_aarch64_latest | |
| ipa-python-compat-4.6.5-11.0.1.el7.noarch.rpm | f7d630abfea836d2c5ea065a9e19f32144e0ff2f08143f4b63ff8477de1e05bd | ELSA-2024-3760 | ol7_aarch64_u7_base | |
| ipa-server-4.6.5-11.0.1.el7.aarch64.rpm | 9c48f6d38790cd8c8970e3e9dd2d54a5c56859b378cf2f29c060905ad390c67b | ELSA-2024-3760 | ol7_aarch64_latest | |
| ipa-server-4.6.5-11.0.1.el7.aarch64.rpm | 9c48f6d38790cd8c8970e3e9dd2d54a5c56859b378cf2f29c060905ad390c67b | ELSA-2024-3760 | ol7_aarch64_u7_base | |
| ipa-server-common-4.6.5-11.0.1.el7.noarch.rpm | 9d0c461155173242120a2aa482a81464b30324ea6e8d423e4c2db3a5778e4a64 | ELSA-2024-3760 | ol7_aarch64_latest | |
| ipa-server-common-4.6.5-11.0.1.el7.noarch.rpm | 9d0c461155173242120a2aa482a81464b30324ea6e8d423e4c2db3a5778e4a64 | ELSA-2024-3760 | ol7_aarch64_u7_base | |
| ipa-server-dns-4.6.5-11.0.1.el7.noarch.rpm | c698c3c5f2885bd27d863beb10ca91384631954a82fad1fa1543bf6468cb987d | ELSA-2024-3760 | ol7_aarch64_latest | |
| ipa-server-dns-4.6.5-11.0.1.el7.noarch.rpm | c698c3c5f2885bd27d863beb10ca91384631954a82fad1fa1543bf6468cb987d | ELSA-2024-3760 | ol7_aarch64_u7_base | |
| ipa-server-trust-ad-4.6.5-11.0.1.el7.aarch64.rpm | a282ff8b598ae2d843c8eb59aff8bb5b745582b6e869fde0f489a64d8d2d8bdb | ELSA-2024-3760 | ol7_aarch64_latest | |
| ipa-server-trust-ad-4.6.5-11.0.1.el7.aarch64.rpm | a282ff8b598ae2d843c8eb59aff8bb5b745582b6e869fde0f489a64d8d2d8bdb | ELSA-2024-3760 | ol7_aarch64_u7_base | |
| python2-ipaclient-4.6.5-11.0.1.el7.noarch.rpm | e32d76a15717507471d91580d763fdfbd8d59c664c2cd9233b7497d83004c9ff | ELSA-2024-3760 | ol7_aarch64_latest | |
| python2-ipaclient-4.6.5-11.0.1.el7.noarch.rpm | e32d76a15717507471d91580d763fdfbd8d59c664c2cd9233b7497d83004c9ff | ELSA-2024-3760 | ol7_aarch64_u7_base | |
| python2-ipalib-4.6.5-11.0.1.el7.noarch.rpm | f7c6c564f18292f93e36c08e0b95dd8e3fcaa2516cf46b4bf35ddbe57e69bd44 | ELSA-2024-3760 | ol7_aarch64_latest | |
| python2-ipalib-4.6.5-11.0.1.el7.noarch.rpm | f7c6c564f18292f93e36c08e0b95dd8e3fcaa2516cf46b4bf35ddbe57e69bd44 | ELSA-2024-3760 | ol7_aarch64_u7_base | |
| python2-ipaserver-4.6.5-11.0.1.el7.noarch.rpm | 7ba18921d72933dc37e2f9081ebf4d6fb76aa367e566830077a0de4d51ddecaf | ELSA-2024-3760 | ol7_aarch64_latest | |
| python2-ipaserver-4.6.5-11.0.1.el7.noarch.rpm | 7ba18921d72933dc37e2f9081ebf4d6fb76aa367e566830077a0de4d51ddecaf | ELSA-2024-3760 | ol7_aarch64_u7_base | |
| Oracle Linux 7 (x86_64) | ipa-4.6.5-11.0.1.el7.src.rpm | 594f465a15cabd210ce75de7ca1c46add0d0c02d6d41756780f104b89dad86d1 | ELSA-2024-3760 | ol7_x86_64_latest |
| ipa-4.6.5-11.0.1.el7.src.rpm | 594f465a15cabd210ce75de7ca1c46add0d0c02d6d41756780f104b89dad86d1 | ELSA-2024-3760 | ol7_x86_64_u7_base | |
| ipa-client-4.6.5-11.0.1.el7.x86_64.rpm | 84ca8bc4c0b81b11dd06804a9a7f051e9de12bd17e3713467713903674fd29db | ELSA-2024-3760 | ol7_x86_64_latest | |
| ipa-client-4.6.5-11.0.1.el7.x86_64.rpm | 84ca8bc4c0b81b11dd06804a9a7f051e9de12bd17e3713467713903674fd29db | ELSA-2024-3760 | ol7_x86_64_u7_base | |
| ipa-client-common-4.6.5-11.0.1.el7.noarch.rpm | 51d58c94d7f2b9f6c3f7d9693f3720338d81e008c3225a9023f67354e0798046 | ELSA-2024-3760 | ol7_x86_64_latest | |
| ipa-client-common-4.6.5-11.0.1.el7.noarch.rpm | 51d58c94d7f2b9f6c3f7d9693f3720338d81e008c3225a9023f67354e0798046 | ELSA-2024-3760 | ol7_x86_64_u7_base | |
| ipa-common-4.6.5-11.0.1.el7.noarch.rpm | f55bb28e6dfd63ece44b955430dd35abfb9ed0feabdeadc953de8bcbba8ed83d | ELSA-2024-3760 | ol7_x86_64_latest | |
| ipa-common-4.6.5-11.0.1.el7.noarch.rpm | f55bb28e6dfd63ece44b955430dd35abfb9ed0feabdeadc953de8bcbba8ed83d | ELSA-2024-3760 | ol7_x86_64_u7_base | |
| ipa-python-compat-4.6.5-11.0.1.el7.noarch.rpm | f7d630abfea836d2c5ea065a9e19f32144e0ff2f08143f4b63ff8477de1e05bd | ELSA-2024-3760 | ol7_x86_64_latest | |
| ipa-python-compat-4.6.5-11.0.1.el7.noarch.rpm | f7d630abfea836d2c5ea065a9e19f32144e0ff2f08143f4b63ff8477de1e05bd | ELSA-2024-3760 | ol7_x86_64_u7_base | |
| ipa-server-4.6.5-11.0.1.el7.x86_64.rpm | 160f4789dc621fa10948d6a784298541ae63806431aeee587d4629ab6aef35ef | ELSA-2024-3760 | ol7_x86_64_latest | |
| ipa-server-4.6.5-11.0.1.el7.x86_64.rpm | 160f4789dc621fa10948d6a784298541ae63806431aeee587d4629ab6aef35ef | ELSA-2024-3760 | ol7_x86_64_u7_base | |
| ipa-server-common-4.6.5-11.0.1.el7.noarch.rpm | 9d0c461155173242120a2aa482a81464b30324ea6e8d423e4c2db3a5778e4a64 | ELSA-2024-3760 | ol7_x86_64_latest | |
| ipa-server-common-4.6.5-11.0.1.el7.noarch.rpm | 9d0c461155173242120a2aa482a81464b30324ea6e8d423e4c2db3a5778e4a64 | ELSA-2024-3760 | ol7_x86_64_u7_base | |
| ipa-server-dns-4.6.5-11.0.1.el7.noarch.rpm | c698c3c5f2885bd27d863beb10ca91384631954a82fad1fa1543bf6468cb987d | ELSA-2024-3760 | ol7_x86_64_latest | |
| ipa-server-dns-4.6.5-11.0.1.el7.noarch.rpm | c698c3c5f2885bd27d863beb10ca91384631954a82fad1fa1543bf6468cb987d | ELSA-2024-3760 | ol7_x86_64_u7_base | |
| ipa-server-trust-ad-4.6.5-11.0.1.el7.x86_64.rpm | ece5ba3454ffab946551205c8e61017b14ac9e073e7e57e87f0f701f09dc65d2 | ELSA-2024-3760 | ol7_x86_64_latest | |
| ipa-server-trust-ad-4.6.5-11.0.1.el7.x86_64.rpm | ece5ba3454ffab946551205c8e61017b14ac9e073e7e57e87f0f701f09dc65d2 | ELSA-2024-3760 | ol7_x86_64_u7_base | |
| python2-ipaclient-4.6.5-11.0.1.el7.noarch.rpm | e32d76a15717507471d91580d763fdfbd8d59c664c2cd9233b7497d83004c9ff | ELSA-2024-3760 | ol7_x86_64_latest | |
| python2-ipaclient-4.6.5-11.0.1.el7.noarch.rpm | e32d76a15717507471d91580d763fdfbd8d59c664c2cd9233b7497d83004c9ff | ELSA-2024-3760 | ol7_x86_64_u7_base | |
| python2-ipalib-4.6.5-11.0.1.el7.noarch.rpm | f7c6c564f18292f93e36c08e0b95dd8e3fcaa2516cf46b4bf35ddbe57e69bd44 | ELSA-2024-3760 | ol7_x86_64_latest | |
| python2-ipalib-4.6.5-11.0.1.el7.noarch.rpm | f7c6c564f18292f93e36c08e0b95dd8e3fcaa2516cf46b4bf35ddbe57e69bd44 | ELSA-2024-3760 | ol7_x86_64_u7_base | |
| python2-ipaserver-4.6.5-11.0.1.el7.noarch.rpm | 7ba18921d72933dc37e2f9081ebf4d6fb76aa367e566830077a0de4d51ddecaf | ELSA-2024-3760 | ol7_x86_64_latest | |
| python2-ipaserver-4.6.5-11.0.1.el7.noarch.rpm | 7ba18921d72933dc37e2f9081ebf4d6fb76aa367e566830077a0de4d51ddecaf | ELSA-2024-3760 | ol7_x86_64_u7_base | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
