ipa-server-trust-ad-3.0.0-51.el6.centos$>uƄ(@Ƣ.<>8?d * s $<@GN z"<t    r  D d  86 6E6(89:7>_?g@oGxHڰIXY\<]t^kbMdeflCipa-server-trust-ad3.0.051.el6.centosVirtual package to install packages required for Active Directory trustsCross-realm trusts with Active Directory in IPA require working Samba 4 installation. This package is provided for convenience to install all required dependencies at once.Xhc1bm.rdu2.centos.org CentOSGPLv3+CentOS BuildSystem System Environment/Basehttp://www.freeipa.org/linuxx86_64/usr/sbin/update-alternatives --install /usr/lib64/krb5/plugins/libkrb5/winbind_krb5_locator.so \ winbind_krb5_locator.so /dev/null 90 python -c "import sys; from ipaserver.install import installutils; sys.exit(0 if installutils.is_ipa_configured() else 1);" > /dev/null 2>&1 if [ $? -eq 0 ]; then /sbin/service httpd condrestart >/dev/null 2>&1 || : fiif [ $1 -eq 0 ]; then /usr/sbin/update-alternatives --remove winbind_krb5_locator.so /dev/null fiif [ "$1" -ge "1" ]; then if [ "`readlink /etc/alternatives/winbind_krb5_locator.so`" == "/dev/null" ]; then /usr/sbin/alternatives --set winbind_krb5_locator.so /dev/null fi fiykkzqnqn4C(Np39$ u큤큤XXXXXXXXXXXXXXe5c7b6ab5382750ed463742fae2c2890339c7465266e84b42d280de6a05ae099da38b6414e3150deba179582c2cd870a0248bb8ccc9ed70f3b847c4d1fe144f2da38b6414e3150deba179582c2cd870a0248bb8ccc9ed70f3b847c4d1fe144f2c13d0812157e120f35ac5560adafa5dbf79b2cb72c354ab0f3e9f2249634b5ddb1479375a9a13bde5aeb323416bea50f562e1bb2460ba9f87ef73b5e1e387fe6b1479375a9a13bde5aeb323416bea50f562e1bb2460ba9f87ef73b5e1e387fe6078e37f606c77112d1f1aa493ff28b56b8f67ce51185affb26eb1922d8a3488c2c626b4195bdfa3d016397f169e71608674bbdefed99bf5d4e813691fb65da25860bfb6f4e75901ae8f0bfab743dbd637093eed564f31bf17c2b800cfdbb5697e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b8550109f79562345cb4ee7465e7150b4cc528a170aa943232957792c4ea369c064ce3b5a96a66cf380a1aff4bbf8ae6705db28a9391f020ae366b17d9b957a8a2738f8c32ff48bae57e2b73c9c795cc211125ab1a65f13a2fb309e58e8ceda9ac910ba8e58428d1e320075d001f4cfe2c7e84f9e18b6ad2b6ce2ae9ac5d3b5b7888@rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootipa-3.0.0-51.el6.centos.src.rpmipasam.so()(64bit)libipa_extdom_extop.so()(64bit)libipa_sidgen.so()(64bit)libipa_sidgen_task.so()(64bit)ipa-server-trust-adipa-server-trust-ad(x86-64)      @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ ipa-serverm2cryptosamba4-pythonsamba4libsss_idmapsamba4-winbindpython-sss/usr/sbin/update-alternativespython/usr/sbin/update-alternatives/usr/sbin/update-alternatives/bin/sh/bin/sh/bin/shrpmlib(PartialHardlinkSets)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(CompressedFileNames)libcom_err.so.2()(64bit)libcrypto.so.10()(64bit)libcrypto.so.10(libcrypto.so.10)(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.4)(64bit)libc.so.6(GLIBC_2.8)(64bit)libgcc_s.so.1()(64bit)libgcc_s.so.1(GCC_3.0)(64bit)libgcc_s.so.1(GCC_3.3.1)(64bit)libk5crypto.so.3()(64bit)libk5crypto.so.3(k5crypto_3_MIT)(64bit)libkrb5.so.3()(64bit)libkrb5.so.3(krb5_3_MIT)(64bit)liblber-2.4.so.2()(64bit)libldap_r-2.4.so.2()(64bit)libndr.so.0()(64bit)libndr.so.0(NDR_0.0.1)(64bit)libsamba-passdb.so.0()(64bit)libsamba-passdb.so.0(SAMBA_PASSDB_0.2.0)(64bit)libsamba-util.so.0()(64bit)libsamba-util.so.0(SAMBA_UTIL_0.0.1)(64bit)libsmbconf.so.0()(64bit)libsmbconf.so.0(SMBCONF_0)(64bit)libsmbldap.so.0()(64bit)libsmbldap.so.0(SMBLDAP_0)(64bit)libsss_idmap.so.0()(64bit)libsss_idmap.so.0(SSS_IDMAP_0.4)(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtevent.so.0()(64bit)libwbclient.so.0(WBCLIENT_0.9)(64bit)python(abi)rtld(GNU_HASH)/usr/bin/pythonrpmlib(PayloadIsXz)3.0.0-51.el6.centos4.0.0-314.0.4-14.6.0-14.0-13.0.4-12.65.2-14.8.0XX lWu@W@W @VS@Vy;@VD@USA@O>A@N@N@NN@NNN^Nj@NNNNx@Nx@Ns:@N_sNI @M@M@MMy@MM@M@Mx@MMTM~@Mx@MfH@MdMU$MOMOMGMA^@M=iM6@M4/@M.@M.@M-M-M M@L!LfLNLdLLLzLe3La?@LD>@L#HL#HL@K/KՀ@KK@KKs@Kie@K`*KK@K @JJ@J@J@JJB@J{IIIm@I1Iq@IKIFFI9I1.Ih@IIP@H@HXHO@H-w@H HHH@G߮GGgGs@G@G@G@G}G}G}GG@GC@GkGDG<4G)G(n@G3G@GJF@FS@FFuF@Johnny Hughes - 3.0.0-51.el6Jan Cholasta - 3.0.0-51.el6Jan Cholasta - 3.0.0-50.el6.3Jan Cholasta - 3.0.0-50.el6.2Alexander Bokovoy - 3.0.0-50.el6.1Jan Cholasta - 3.0.0-50.el6Martin Basti - 3.0.0-49.el6Jan Cholasta - 3.0.0-48.el6Petr Vobornik - 3.0.0-47.el6Petr Vobornik - 3.0.0-46.el6Petr Vobornik - 3.0.0-45.el6Petr Vobornik - 3.0.0-44.el6Petr Vobornik - 3.0.0-43.el6Martin Kosek - 3.0.0-42.el6Martin Kosek - 3.0.0-41.el6Martin Kosek - 3.0.0-40.el6Martin Kosek - 3.0.0-39.el6Martin Kosek - 3.0.0-38.el6Martin Kosek - 3.0.0-37.el6Martin Kosek - 3.0.0-36.el6Martin Kosek - 3.0.0-35.el6Martin Kosek - 3.0.0-34.el6Martin Kosek - 3.0.0-33.el6Martin Kosek - 3.0.0-32.el6Martin Kosek - 3.0.0-31.el6Martin Kosek - 3.0.0-30.el6Martin Kosek - 3.0.0-29.el6Martin Kosek - 3.0.0-28.el6Martin Kosek - 3.0.0-27.el6Rob Crittenden - 3.0.0-26.el6Rob Crittenden - 3.0.0-25.el6Rob Crittenden - 3.0.0-24.el6Rob Crittenden - 3.0.0-23.el6Martin Kosek - 3.0.0-22.el6Rob Crittenden - 3.0.0-21.el6Rob Crittenden - 3.0.0-20.el6Martin Kosek - 3.0.0-19.el6Martin Kosek - 3.0.0-18.el6Martin Kosek - 3.0.0-17.el6Martin Kosek - 3.0.0-16.el6Rob Crittenden - 3.0.0-15.el6Rob Crittenden - 3.0.0-14.el6Rob Crittenden - 3.0.0-13.el6Rob Crittenden - 3.0.0-12.el6Rob Crittenden - 3.0.0-11.el6Rob Crittenden - 3.0.0-10.el6Rob Crittenden - 3.0.0-9.el6Rob Crittenden - 3.0.0-8.el6Rob Crittenden - 3.0.0-7.el6Rob Crittenden - 3.0.0-6.el6Rob Crittenden - 3.0.0-5.el6Alexander Bokovoy - 3.0.0-4.el6Rob Crittenden - 3.0.0-3.el6Rob Crittenden - 3.0.0-2.el6Rob Crittenden - 3.0.0-1.el6Rob Crittenden - 2.2.0-16.el6Rob Crittenden - 2.2.0-15.el6Rob Crittenden - 2.2.0-14.el6Rob Crittenden - 2.2.0-13.el6Rob Crittenden - 2.2.0-12.el6Rob Crittenden - 2.2.0-11.el6Rob Crittenden - 2.2.0-10.el6Rob Crittenden - 2.2.0-9.el6Rob Crittenden - 2.2.0-8.el6Rob Crittenden - 2.2.0-7.el6Rob Crittenden - 2.2.0-6.el6Rob Crittenden - 2.2.0-5.el6Rob Crittenden - 2.2.0-4.el6Rob Crittenden - 2.2.0-3.el6Rob Crittenden - 2.2.0-2.el6Rob Crittenden - 2.2.0-1.el6Rob Crittenden - 2.1.3-9.el6Rob Crittenden - 2.1.3-8.el6Rob Crittenden - 2.1.3-7.el6Rob Crittenden - 2.1.3-6.el6Rob Crittenden - 2.1.3-5.el6Rob Crittenden - 2.1.3-4.el6Rob Crittenden - 2.1.3-3.el6Rob Crittenden - 2.1.3-2.el6Rob Crittenden - 2.1.3-1.el6Rob Crittenden - 2.1.2-2.el6Rob Crittenden - 2.1.2-1.el6Rob Crittenden - 2.1.1-4.el6Rob Crittenden - 2.1.1-3.el6Rob Crittenden - 2.1.1-2.el6Rob Crittenden - 2.1.1-1.el6John Dennis - 2.1.0-1.el6Rob Crittenden - 2.0.0-25Rob Crittenden - 2.0.0-24Rob Crittenden - 2.0.0-23Stephen Gallagher - 2.0.0-22Rob Crittenden - 2.0.0-21Rob Crittenden - 2.0.0-20Rob Crittenden - 2.0.0-19Rob Crittenden - 2.0.0-18Rob Crittenden - 2.0.0-17Rob Crittenden - 2.0.0-16Rob Crittenden - 2.0.0-15Rob Crittenden - 2.0.0-14Rob Crittenden - 2.0.0-13Rob Crittenden - 2.0.0-12Rob Crittenden - 2.0.0-11Rob Crittenden - 2.0.0-10Rob Crittenden - 2.0.0-9Rob Crittenden - 2.0.0-8Rob Crittenden - 2.0.0-7Rob Crittenden - 2.0.0-6Rob Crittenden - 2.0.0-5Rob Crittenden - 2.0.0-4Rob Crittenden - 2.0.0-3Rob Crittenden - 2.0.0-2Rob Crittenden - 2.0.0-1Rob Crittenden - 1.99-36Rob Crittenden - 1.99-35Jr Aquino - 1.99-34Simo Sorce - 1.99-33Rob Crittenden - 1.99-32Rob Crittenden - 1.99-31Rob Crittenden - 1.99-30Rob Crittenden - 1.99-29Rob Crittenden - 1.99-28Rob Crittenden - 1.99-27Rob Crittenden - 1.99-26Rob Crittenden - 1.99-25Adam Young - 1.99-24Rob Crittenden - 1.99-23Rob Crittenden - 1.99-22Rob Crittenden - 1.99-21Rob Crittenden - 1.99-20Rob Crittenden - 1.99-19Jason Gerard DeRose - 1.99-18Jason Gerard DeRose - 1.99-17Jason Gerard DeRose - 1.99-16Rob Crittenden - 1.99-15Jason Gerard DeRose - 1.99-14Rob Crittenden - 1.99-13Rob Crittenden - 1.99-12Rob Crittenden - 1.99-11Rob Crittenden - 1.99-10Rob Crittenden - 1.99-9Jason Gerard DeRose - 1.99-8Rob Crittenden - 1.99-7Rob Crittenden - 1.99-6Rob Crittenden - 1.99-5Rob Crittenden - 1.99-4Rob Crittenden - 1.99-3Rob Crittenden - 1.99-2Rob Crittenden - 1.99-1Tomas Mraz - 1.2.1-3Dan Walsh - 1.2.1-2Simo Sorce - 1.2.1-1Simo Sorce - 1.2.1-0Ignacio Vazquez-Abrams - 1.2.0-4Simo Sorce - 1.2.0-3Simo Sorce - 1.2.0-2Rob Crittenden - 1.2.0-1Simo Sorce - 1.1.0-3Rob Crittenden - 1.1.0-2Rob Crittenden - 1.1.0-1Rob Crittenden - 1.0.0-5Rob Crittenden - 1.0.0-4Rob Crittenden - 1.0.0-3Rob Crittenden - 1.0.0-2Rob Crittenden - 1.0.0-1Rob Crittenden 0.99-12Rob Crittenden 0.99-11Rob Crittenden 0.99-10Rob Crittenden 0.99-9Rob Crittenden 0.99-8Rob Crittenden 0.99-7Rob Crittenden 0.99-6Rob Crittenden 0.99-5Rob Crittenden 0.99-4Rob Crittenden 0.99-3Rob Crittenden 0.99-2Rob Crittenden 0.99-1Rob Crittenden - 0.6.0-2Karl MacMillan - 0.6.0-1Karl MacMillan - 0.5.0-1Rob Crittenden - 0.4.1-2Karl MacMillan - 0.4.1-1Karl MacMillan - 0.4.0-6Rob Crittenden - 0.4.0-5Rob Crittenden - 0.4.0-4Karl MacMillan - 0.4.0-3Karl MacMillan - 0.4.0-2Karl MacMillan - 0.2.0-1Rob Crittenden - 0.1.0-3Rob Crittenden - 0.1.0-2Karl MacMillan - 0.1.0-1- Roll in CentOS Branding- Resolves: #1321138 Missing dependency package "python-sss-murmur" in ipa-server-3.0.0-50.el6.x86_64 - SPEC: Require python2 version of sssd bindings - Resolves: #1367026 Document and test procedure for running IdM Server in TLS 1.2+ environment - Require 389-ds-base with TLS 1.0 disable switch- Resolves: #1322059 IPA Replica-Install from RHEL6 to RHEL7 Fails - Modififed NSSConnection not to shutdown existing database. - Do not erroneously reinit NSS in Dogtag interface - Make sure replication works after DM password is changed- Resolves: #1351593 CVE-2016-5404 ipa: Insufficient privileges check in certificate revocation - cert-revoke: fix permission check bypass (CVE-2016-5404)- Update IPA code to support Samba 4.2 - Related: #1322689- Resolves: #1225868 display browser config options that apply to the browser - Chrome - Remove ico files from Makefile - Resolves: #1232843 ipa-client-install errors out if client and server time are not in sync or unreachable - Skip time sync during client install when using --no-ntp - Resolves: #1288495 Add userCertificate index used in Smart Card authentication - add DS index for userCertificate attribute - Resolves: #1293588 JavaScript error in ssbrowser.html - TypeError: Cannot read property 'mozilla' of undefined - webui: fix browser detection in browserconfig.html and ssbrowser.html - Resolves: #1296124 Adjust Firefox configuration to new extension signing policy - webui: use manual Firefox configuration for Firefox >= 40 - Remove binary patching from patch 0140- Resolves: #1127211 ipa-server-install --uninstall produces avc - sysrestore: copy files instead of moving them to avoind SELinux issues - Use 'mv -Z' in specfile to restore SELinux context - Resolves: #1222999 ipa aci plugin is not parsing aci's correctly. - ACI plugin: correctly parse bind rules enclosed in parentheses - Resolves: #1225868 display browser config options that apply to the browser - Chrome - webui: add Kerberos configuration instructions for Chrome - Remove ico files from Makefile - WebUI: fix ipa_error.css - Resolves: #1232468 The Domain option is not correctly set in idmapd.conf when ipa-client-automount is executed. - Simplify adding options in ipachangeconf - ipachangeconf: Add ability to preserve section case - ipa-client-automount: Leverage IPAChangeConf to configure the domain for idmapd - Resolves: #1232899 ipa-client-install does not respect --realm option - Allow user to force Kerberos realm during installation. - Resolves: #1276358 Remove /usr/share/ipa/updates/50-lockout-policy.update file from IPA 3.0 releases - Remove 50-lockout-policy.update file- Resolves: #1263703 ipa-server-install with externally signed CA fails with NSS error (SEC_ERROR_BUSY) - Free NSS objects in --external-ca scenario - Resolves: #1263262 Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust - Do not lookup up the domain too early if only the SID is known - Do not store SID string in a local buffer - Allow ID-to-SID mappings in the extdom plugin- Resolves: #1220788 - Some IPA schema files are not RFC 4512 compliant- Use tls version range in NSSHTTPS initialization - Resolves: #1154687 - POODLE: force using safe ciphers (non-SSLv3) in IPA client and server - Resolves: #1012224 - host certificate not issued to client during ipa-client-install- Resolves: #1205660 - ipa-client rpm should require keyutils- Release 3.0.0-44 - Resolves: #1201454 - ipa breaks sshd config- Release 3.0.0-43 - Resolves: #1191040 - ipa-client-automount: failing with error LDAP server returned UNWILLING_TO_PERFORM. This likely means that minssf is enabled. - Resolves: #1185207 - ipa-client dont end new line character in /etc/nsswitch.conf - Resolves: #1166241 - CVE-2010-5312 CVE-2012-6662 ipa: various flaws - Resolves: #1161722 - IDM client registration failure in a high load environment - Resolves: #1154687 - POODLE: force using safe ciphers (non-SSLv3) in IPA client and server - Resolves: #1146870 - ipa-client-install fails with "KerbTransport instance has no attribute '__conn'" traceback - Resolves: #1132261 - ipa-client-install failing produces a traceback instead of useful error message - Resolves: #1131571 - Do not allow IdM server/replica/client installation in a FIPS-140 mode - Resolves: #1198160 - /usr/sbin/ipa-server-install --uninstall does not clean /var/lib/ipa/pki-ca - Resolves: #1198339 - ipa-client-install adds extra sss to sudoers in nsswitch.conf - Require: 389-ds-base >= 1.2.11.15-51 - Require: mod_nss >= 1.0.10 - Require: pki-ca >= 9.0.3-40 - Require: python-nss >= 0.16- Require 389-ds-base >= 1.2.11.15-38 to fix roken dereference control with the FreeIPA 4.0 ACIs (#1112698)- ipasam does not support deleting multiple child trusted domains due to LDAP delete operation (#1110664) - Excessive LDAP calls by ipa-sam during file operations to samba file share on freeipa master cause high CPU and slow performance (#1074314)- Explicitly specify auth mechanism when calling ldapmodify in the installers (#1108661) - Add support for DNS classless reverse domains (#1095250) - Multiple nsDS5ReplicaId attributes created in cn=replication,cn=etc (#1109050) - ipa-client-install should configure sudo automatically (#1111121)- Rebuild package to fix a brew tag- ipa-server-install intermittently crashed with "Unable to find preop.pin" (#905064) - Disabled sudo rules were still active in the sudoers tree (#1022199) - Replica installation fails if forward zone is not present (#1034478) - Administrative password change did not respect user password policy (#1029921) - Re-initializing a winsync connection exits with "Can't contact LDAP server" (#1016042) - Server checked for unknown attributes before "ipa" tool version check (#1015481) - CA subsystem certificate renewal was broken on CA clones (#1040009) - Lockout plugin worked inconsistently compared to KDC lockout mechanism. Also, default user policy may not have been applied if krbPwdPolicyReference was missing (#1088772) - ipa-client-automount was not backwards compatible (#1082590) - Increase service timeout from 120s to 300s as some services are known to start for more than 120s (#1060639) - Proxy calls to /ca/ee/ca/profileSubmit to PKI to enable installation of replicas with Dogtag 10 PKI (#1083878)- group-add-member command reported wrong error on duplicates (#970541) - ipa-client installation succeeding in ipa server instance (#1011044)- ipa-join failed when doing a forced host re-enrollment (#924009)- ipa-replica-manage del always exits with error (#1005448)- Host and Hostgroup commands were broken after upgrade (#1001810)- Fix coverity issue in AD 2012 stabilization patch fixing memleaks (#980409)- Fix coverity issue in AD 2012 support patch and add 2 related stabilization patches (#980409)- Require 389-ds-base >= 1.2.11.15-14 to pick up fix for CVE-2013-1897 (#928162) - Password policy lockout plugin does not work as expected (#907881 - Remove deprecated support of the HBAC source host (#924542) - ipa-client-install may not obtain CA certificate (#924004) - Allow client to re-enroll without first unenrolling (#924009) - Enrolling a host into may take two attempts (#950014) - Add userClass attribute for host objects (#955698) - Inconsistent replies from FreeIPA to Netlogon ping queries (#967870) - Performance improvement for IPA CLI and UI user and group related plugins (#970541) - Do not create /var/lib/ipa/pki-ca/publish, retain reference as ghost (#975431) - Add support for AD 2012 trusted domains (#980409) - XML-RPC server may return a wrong Content-Type (#976716) - Add missing openssh-clients Requires to ipa-server package (#983463) - Add an option to edit "Gecos" field from Web UI (#986211)- LDAP upload CA cert sometimes double-encodes the value (#948928) - wrong trust argument assigned to renewed certs in ipa cert automatic renew (#952241)- ipa-client-install fails to autodiscover on LDAP servers with disabled anonymous access (#922843)- ipa-adtrust-install and ipa-replica-conncheck may not parse krb5.conf correctly and crash (#916209)- Missing LDAP schema attributeType and objectClass after upgrade (#915745)- Significant decrease in migration performance. (#904119) - ipa-client-install failed to fall over to replica with master down (#905626) - During Migration - If Schema is unavailable migration fails (#906846)- Filter generated winbind dependencies so the right version of samba can be installed. (#905594)- Add certmonger condrestart to server post scriptlet (#903758) - Make certmonger a (pre) Requires (#903758) - Add selinux-policy to Requires(pre) to avoid post scriptlet AVCs (#903758) - Set minimum version of pki-ca to 9.0.3-30 and add to Requires(pre) to pick up certmonger upgrade fix (#902474) - Update anonymous access ACI to protect secret attributes (#902481)- Installer should not connect to 127.0.0.1. (#895561) - Don't initialize NSS if we don't have to. (#878220)- Set minimum version of bind-dyndb-ldap to 2.3-2 to pick up missing DNS zone SOA serial fix (#894131) - Stopped named service crashed ipa-upgradeconfig program (#895298) - ipa-replica-prepare crashed when manipulating DNS zone without SOA serial (#894143) - Use new certmonger locking to prevent NSS database corruption during CA subsystem renewal (#883484) - Set minimum selinux-policy to 3.7.19-193 to allow certmonger to talk to dbus in an rpm scriptlet. (related #883484) - Set minimum vresion of certmonger to 0.61-3 for new locking scheme (related #883484)- Properly handle migrated uniqueMember attributes (#894090) - ipa permission-find using valid targetgroup throws internal error (#893827) - Fix migration of CRLs to new directory location (#893722) - Installing IPA with a single realm component sometimes fails (#893187)- Set maxbersize to a large value to accomondate large CRLs during replica installation. (#888956) - Set minimum version of pki-ca, pki-slient and pki-setup to 9.0.3-29 to pick up default CA validity period of 20 years. (#891980)- Client installation crashes when Kerberos SRV record is not found (#889583) - Fix typo in patch 0048 for CVE-2012-5484 (#878220)- Cookie Expires date should be locale insensitive to avoid CLI errors (#888915)- ipa delegation-find --group option returns internal error (#888524) - Add missing Requires for python-crypto replacement (#878969)- sssd is not enabled on client/server install (#888124)- ipa-server-install --uninstall doesn't clear certmonger dirs, which leads to install failing (#817080)- Compliant client side session cookie behavior. CVE-2012-5631. (#886371)- Use secure method to retrieve IPA CA during client enrollment. CVE-2012-5484 (#878220) - Reformat patch 0044 so it works with git-am- Include /var/lib/sss/pubconf/krb5.include.d/ for domain-realm mappings in krb5.conf (#883166) - Set minimum selinux-policy >= 3.7.19-184 to allow domains that can read sssd_public_t files to also list the directory (#881413) - Remove dist label from changelog entries. - Fix timestamp on patched files to avoid multilib warnings- Set Requires on httpd 2.2.15-24, mod_nss to 1.0.8-18 and patch to check for existing mod_ssl configuration. These versions allow mod_proxy to simultaneously support SSL servers using mod_ssl and mod_proxy (#761574) - IPA WebUI login for AD Trusted User fails (#875261) - Add 'disable_last_success' and 'disable_lockout' to the ipa_lockout plugin (#824488)- Make default group type POSIX in ui (#880655) - Write replacement for python-crypto (#878969) - ipa trust-add prints misleading information about required DNS setting (#878485) - Lookup user SIDs in external groups (#878480) - Special case NFS related ticket to avoid attaching MS-PACs (#878462) - IPA users are not available after ipa-server-install because sssd not running (#878288) - Incorrect error message when time difference between AD and IPA is too great (#877434) - Missing option to add SSH Public Key in Web UI after upgrade (#877324)- Update minimum BR and Requires of sssd to 1.9.2-25 (related #870278, related #871160, related #878262) - Replication agreement tools report errors with new single instance CA database (#878491) - If time is moved back on the IPA server, ipasam does not invalidate the existing ticket (#866576)- Server installation fails to find A/AAAA record for IPA hostname (#874935) - Out of range error when listing RUV on host with no agreements (#873726) - Tighten dependency on krb5-server to limit to 1.10 (#872707) - Default SELinuxusermaporder needs to mapped with default selinux users list (#870053) - Clarify trust-add help regarding multiple runs against the same domain (#869741) - Improve reliabilityof RA renewal script (#869663) - Add option to disable DNS forwarding by zone (#869658) - Update minimum version of bind-dyndb-ldap to 2.3-1 (#869658) - Improve information on passsync user in man page, command help (#869656) - Resolve external members from trusted domain via Global Catalog (#869616) - Process relative nameserver DNS record correctly (#868956) - ipa-adtrust-install does not reset all information when re-run (#867447) - Fix potential memory leak in KDB backend (#811989)- Fix type conversion of integers when doing modifications (#870446) - Set SECURE_NFS to lowercase yes rather than uppercase (#869654) - Add autofs service to sssd.conf before enabling it (#869649) - Add strict Requires for policycoreutils to avoid user removing them during package lifetime (#869281) - Make internal rename_s() call compatible with python-ldap-2.3.10 (#867902) - Update minimum version of bind-dyndb-ldap to 2.2-1.el6 (related #871583) - Restart httpd after running ipa-adtrust-install (#866966)- Add patch to override xmlrpc request method for session (#786199) - Bad link to Web UI config page after session is expired (#869279) - extdom plugin does not handle Posix UID and GID request (#867676) - ipa-server-install --setup-dns always installs reverse zone (#866978) - Inform user when ipa-upgradeconfig reports errors (#866977) - Certificate request fails when CSR has subjectAltnames (#866955) - ipa-adtrust-install checks for /usr/bin/smbpasswd, which is not required (#866572) - Instructions to uninstall are unclear (#856294) - Inconsistent service naming in ipa-server-install (#856292) - Improve instructions to generate certificate in Web UI (#856282) - /etc/ipa/default.conf is out of date (#855855) - Time synchronization is disabled in ipa-client-install (#854325) - ipa-replica-install httpd restart sometimes fails (#845405) - Improve error messages during ipa-replica-manage del (#835632) - Always log errors from dogtag (#813401)- Update to upstream 3.0.0 GA release (#827602) - Add zip dependency, needed for creating unsigned Firefox extensions - Filter generated winbind dependencies so the right version of samba can be installed. - Remove patch to support python-ldap 2.3.10. Fixed upstream. - Add directory /var/lib/ipa/pki-ca/publish for CRL published by pki-ca (#864533) - Add zip dependency, needed for creating unsigned Firefox extensions- Make sure server-trust-ad subpackage alternates winbind_krb5_locator.so plugin to /dev/null since they cannot be used when trusts are configured (related #864889) - Update BR and Requires of samba4 to 4.0.0-31 to pick up winbind_krb5_locator alternatives change. (related #864889)- Update to upstream 3.0.0.rc2 release (#827602) - Provide new Firefox extension. - Own /etc/ipa/ca.crt- Remove Requires on krb5-pkinit-openssl as part of disabling pkinit code. - Add missing subdirectories in site-packages/ipaserver discovered by rpmdiff. (#827602)- Update to upstream 3.0.0.rc1 release (#827602) - Update BR and Requires of 389-ds-base to 1.2.11.14 - Update BR and Requires of krb5 to 1.10 - Update BR and Requires of samba4 to 4.0.0-24 - Update BR and Requires of sssd to 1.9.0 - Update Requires on policycoreutils to 2.0.83-19.24 - Update Requires on httpd to httpd-2.2.15-17 to pick up #787247 - Update minimum version of bind-dyndb-ldap to 1.1.0-0.9.b1.el6_3.1 - Update minimum version of bind to 9.8.2-0.10.rc1.el6_3.2 - Sync upstream spec file Requires - Add patch to support python-ldap 2.3.10- SSH Tech Preview feature enabled by default (#825321)- Test for locked users before incrementing failed login counter (#822429)- Fix host page to display all data when DNS is not configured (#818868)- Make ipa 2.2 client capable of joining an older server (#817867)- Remove patch 0042 and add revert patch for handling which attributes are allowed in a permission. (#783502) - ipa-client-install sets "KerberosAuthenticate yes" in sshd.conf, breaking SSSD auth (#817030) - pwpolicy_find does not sort by priority in UI (#815799) - Improve zonemgr validation (#745705)- Make new DNS permission mixed-case (#807361) - hbactest returns failure when hostgroups are chained (#801769) - Man Page : Document client IP addressing / FQDN requirements (#768257) - Login failed attempts counter or locked out status are not displayed (#759501) - Wrong title and icon in login and logout pages (#814752)- Don't interactively prompt for dnsrecord options provided on the command-line options (#790295) - Validate external hosts added to netgroups (#797256) - Handle invalid RDN for container in migration (#804807) - Unable to use permission-mod to rename permission object (#805478) - Migration: don't append basedn to container if it is included (#807371) - Raise correct exception when LDAP limits are exceeded (#808042) - Notify user that password needs to be reset in forms-based login (#811296) - DNS Resource records: add & delete A & AAAA record does not work in root (#811744) - user-mod --rename with an empty string fails (#811748) - DNS CNAME record: delete sometimes does not work (#811758) - Delegation UI does not allow to specify permission (#812110) - IPA uninstall after upgrade returns some sysrestore.state errors (#812391) - Improve migration plugin error when 2 groups have identical GID (#813389)- Fix password policy history enforcement (#810900) - Privilege page should not have choice to list permissions by "indirect membership" (#810350) - ipa-server-install fails when domain name is not resolvable (#809190) - Identity->DNS->Settings:Forward policy: change check box to radio buttons (#808620) - When adding permissions for a type, attributes that are not allowed are listed (#807755) - user-mod --rename is successful for more than max login characters (#807417) - Can't specify netgroup host, user category to all in Web UI (#807366) - Permission names cannot contains '<' or '>' (#807304) - ipa-server-install --uninstall errors out when trying to start dirsrv. (#801376) - Should not be allowed to run host-disable on an IPA Server or service-disable on an IPA Server service (#800119) - permission with filter or subtree does not allow attr to be specified (#783536) - Netgroups compat plugin not reporting users correctly (#767372) - certmonger renews server certificates ok but those services need a restart (related #766167) - Set minimum vresion of certmonger to 0.56 (related #766167) - Set minimum version of slapi-nis to 0.40 (#767372) - Unable to disable or enable hbacrule with --setattr (#810948) - When adding a user with --noprivate option gidNumber should be required (#805546) - Fix error when no value is given in --revocation-reason optional argument with "ipa cert-revoke" (#808099) - Set minimum version of bind-dyndb-ldap to 1.1.0-0.5.b1 (related #805814)- Fix ambiguous error msg in automount indirect map creation (#790131) - Invalid error message attempting to delete config attributes (#791373) - Enforce single-value attributes (#794746) - config-mod allowed to add additional certificate subjects bases (#794750) - Embedded carriage returns in a CSV not handled (#797569) - WebUI displays "Insufficient access: invalid credentials" when a password doesn't meet policy requirements (#802786) - Tech Preview: SELinux User Mapping (#803821) - Tech Preview: Add support for central management of the SSH keys (#803822) - Password Policy Failure Interval Reset is not working. (#804096) - Set SELinux booleans properly (#806330) - DNS records in LDAP are publicly accessible (#807361) - Upgrading replication agreements without nsDS5ReplicatedAttributeList fails (#808201) - IPA Upgrade Web UI failure with internal server error (#809262) - Do not create private groups for migrated users (#809560)- Remove version requirement from BuildRequires on sssd. (related #736865)- Set minimum version of 389-ds-base to 1.2.10.2-4 (related #803930) - Only split CSV on client (#797565) - Search allowed attributes in superior objectclasses (#783502) - Fix precallback validators in DNS plugin (#804562) - Fix memleak in KDB backend (#800363) - Harden raw record processing in DNS plugin (#804572) - Fix attributes that contain DNs when migrating (#804609) - Wait for child process to terminate after receiving SIGINT (#754635) - Avoid deleting DNS zone when a context is reused (#801380) - Fix default SOA serial format (#805427) - Set nsslapd-minssf-exclude-rootdse to on so the DSE is always available. (#803836) - Amend permissions for new DNS attributes (related #766073) - Improve user awareness about dnsconfig (#802864) - Fix uses of O=REALM instead of the configured certificate subject base. (#802912) - Fix dnsrecord-del interactive mode (#807230) - Add requires on python-krbV to client subpackage (#807362) - Tolerate UDP port failures in conncheck (#802860) - Netgroup nisdomain and hosts validation (#797256) - Remove Conflicts on mod_ssl (#804605) - Set minimum version of pki-ca, pki-slient and pki-setup to 9.0.3-24. Change location of TOMCAT_LOG to match tomcat6 changes (related #802396) - Add python-lxml, python-pyasn1 and sssd to BuildRequires - Set minimum selinux-policy >= 3.7.19-142 to pick up certmonger_t type (related #790967) - netgroup-add and netgroup-mod --nisdomain should not allow commas (#797237)- Set minimum version of pki-ca, pki-silent and pki-setup to 9.0.3-23. Either we shell escape or dogtag does, we can't both do it. (#802832) - Set dbdir in request context after a connection is created (#804128) - Don't overwrite content by an error message (#803050) - Don't allow IPA master hosts/services to be disabled (#800119) - Don't error out on empty option (#798792) - Populate gidnumber in entries added via winsync (#798352) - Set subjectKeyIdentifier in SSL certs that IPA issues (#797274) - Fix escaping and comma-separated value handling (#769491) - Display certificate serial numbers in both hex and deciaml (#746060) - Use attribute name/option name when returning errors (#718015) - DNS forwarder's value can consist of IP address and part (#766073) - Store DNS global options in LDAP (#766073) - Move extension.js to subdirectory to suppress rpm warning- Allow removing sudo commands with special characters (#800537) - Ignore case in yes/no prompts when deleting DNS records (#800483) - Refresh resolvers after DNS server configuration (#799335) - Fix nsslapd-anonlimitsdn in cn=config (#798361) - Handle more exceptions gracefully in ipa-client-install (#797567) - Fixed checkbox value in table without pkey (#791324) - Fix exception when removing all values from configuration (#782974) - Set httpd_manage_ipa SELinux boolean - Fix mask validator in network validator (#802848) - Don't shell escape arguments sent to pkisilent (#802832) - Reorder patches so those that disable unsupported features are applied last - Rebase disable persistent search patch- Rebase to upstream 2.1.90.rc1 release (#736865) - Remove dependency on krb5-server-ldap, we use our own backend now (#797564) - Set minimum mod_auth_kerb to 5.4-8 for S4U2Proxy support (related #767741) - Set minimum selinux-policy >= 3.7.19-137 to pick up ipa_memcache boolean - Set minimum python-memcached >= 1.43-6 to pick up status check fix - Set minimum version of 389-ds-base to 1.2.10.1-1 - Set minimum version of krb5-server to 1.9-27 - Set minimum version of sssd to 1.8.0-11 (#766068) - Add Requires: oddjob-mkhomedir to ipa-client (#786223) - Remove Requires on krb5-server-ldap (#797564) - Add Conflicts on mod_ssl (#761574) - Remove BuildRequires on python-rhsm - Renumber all patches - Don't remove dirsrv user on uninstall (#797566) - Don't allow host-del on active replicas (#797563) - Fix invalid hostnames when hostname contains trailing dot (#797562) - encode Bool attributes used in setattr/addattr/delattr (#797561) - Migration plugin raises Internal Server Error (#796401) - man page for ipa-replica-manage has typos in examples (#796347) - Can not add new user objectclass to ipa configuration (#794474) - Don't require SELinux to be enabled on client (#790513) - dnsrecord-add does not validate the record names with space in between (#790318) - Prompt for missing DNS options (#790295) - Resource Record type options should be more descriptive (#790017) - Correction in error message while deleting a invalid record (#789987) - Adding some of the RR type from the "allowed values" results in an error message (#789980) - IP address with just 3 octets are accepted as valid addresses (#789919) - Errors not reported correctly when logging into WebUI (#789459) - Need option for ipa-client-install to not call authconfig (#789413) - IPA nested netgroups not seen from ypcat (#788625) - gid number: 0 and negative number accepted (#786240) - Allow basedn to be passed into migrate-ds (#786185) - permission with filter or subtree does not allow attr to be specified (#783536) - ipa permission-add does not fail if using invalid attribute (#783502) - When migrating warn user if compat is enabled (#783270) - Make ipausers a non-posix group on new installs (#773488) - Need tool to update exclusive list in replication agreements (#772359) - Reverse DNS rec not created upon creation of fwd DNS rec (#772301) - Adding a netgroup with a "+" causes ns-slapd to crash (#772043) - Man Page : Document client IP addressing / FQDN requirements (#768257) - GSS-TSIG DNS updates should update reverse entries as well (#767725) - UI for SELinux user mapping (tech preview) - Allow forms based kerberos authentication (#766070) - Add support for central management of the SSH keys (tech preview) - Login failed attempts counter or locked out status are not displayed (#759501) - Better message for error diagnosis while adding an existing winsync agreement (#755450) - "force-sync, re-initialize and del" options for ipa-replica-manage fail against AD (#754973) - Connect after del using ipa-replica-manage fails (#754539) - Unable to delete migrated groups containing spaces (#753966) - support bind forward zones, aka DNS conditional forwarding (#753483) - IPA needs a check to ensure hostnames 'underscore' is not allowed when installing a replica (#752874) - Unable to select dns zone when only one exists in UI (#751529) - ipa-replica-conncheck does does not properly check UDP ports (#751063) - Adding loc records to a ipa-dns server breaks name resolution for some other records (#750947) - Allow specifying query and transfer policy settings for a zone (#701677)- Add missing changelog information caught by rpmdiff.- Update to upstream 2.1.90.pre2 release (#736865)- Add current password prompt when changing own password in web UI (#751179) - Remove extraneous trailing ' from netgroup patch (#749352)- Updated patch for CVE-2011-3636 to include CR in the HTTP headers. xmlrpc-c in RHEL-6 doesn't suppose the dont_advertise option so that is not set any more. Another fake header, X-Original-User_Agent, is added so there is no more trailing junk after the Referer header. (#749870)- Require an HTTP Referer header to address CSRF attackes. CVE-2011-3636. (#749870)- Users not showing up in nis netgroup triple (#749352)- Add update file to remove entitlement roles, privileges and permissions (#739060)- Quote worker option in krb5kdc (#748754)- hbactest fails while you have svcgroup in hbacrule (#746227) - Add Kerberos domain mapping for system hostname (#747443) - Format certificates as PEM in browser (#701325)- ipa-client-install hangs if the discovered server is unresponsive (#745392) - Fix minor problems in help system (#747028) - Remove help fix from Disable automember patch (#746717) - Update minimum version of sssd to 1.5.1-60 to pick up SELinux fix (#746265)- Update to upstream 2.1.3 release (#736170) - Additional branding (#742264) - Disable automember cli (#746717) - ipa-client-install sometimes fails to start sssd properly (#736954) - ipa-client-install adds duplicate information to krb5.conf (#714597) - ipa-client-install should configure hostname (#714919) - inconsistency in enabling "delete" buttons (#730751) - hbactest does not resolve canonical names during simulation (#740850) - Default DNS Administration Role - Permissions missing (#742327) - named fails to start after installing ipa server when short (#742875) - Duplicate hostgroup and netgroup should not be allowed (#743253) - named fails to start (#743680) - Global password policy should not be able to be deleted (#744074) - Client install fails when anonymous bind is disabled (#744101) - Internal Server Error adding invalid reverse DNS zone (#744234) - ipa hbactest does not evaluate indirect members from groups. (#744410) - Leaks KDC password and master password via command line arguments (#744422) - Traceback when upgrading from ipa-server-2.1.1-1 (#744798) - IPA User's Primary GID is not being set to their UPG's GID (#745552) - --forwarder option of ipa-dns-install allows invalid IP addr (#745698) - UI does not grant access based on roles (#745957) - Unable to add external user for RunAs User for Sudo (#746056) - Typo in error message while adding invalid ptr record. (#746199) - Don't use python 2.7-only syntax (#746229) - Error when using ipa-client-install with --no-sssd option (#746276) - Installation fails if sssd.conf exists and is already config (#746298) - External hosts are not removed properly from sudorule (#709665) - Competely remove entitlement support (#739060) - Add winsync section to ipa-replica-manage man page (#744306)- Remove python-rhsm as a Requires (#739060)- Update to upstream 2.1.2 release (#736170) - More completely disable entitlement support (#739060) - Drop patch to ignore return value from restorecon (upstreamed) - Set min version of 389-ds-base to 1.2.9.12-2 - Set min version of dogtag to 9.0.3-20 - Rebased hide-pkinit, ipa-RHEL-index and remove-persistent-search patches (#700586)- Update RHEL patch (#740094)- Ignore return value from restorecon (#739604) - Disable entitlement support (#739060, #739061)- Update minimum xmlrpc-c version (#736787) - Fix package installation order causing SELinux problems (#737516)- Update to upstream 2.1.1 release (#732803)- Resolves: rhbz#708388 - Update to upstream 2.1.0 release- Remove client debug logging patch (#705800)- Wait for 389-ds tasks to complete (#698421) - Set replica to restart ipa on boot (#705794) - Improve client debug logging (#705800) - Managed Entries not configured on replicas (#703869) - Don't create bogus aRecord when creating new zone (#704012)- Update ipa-Fix-traceback-in-nis-manage.patch to fix python error (#697583)- Resolves: rhbz#697583 - Can not enable ipa-nis-manage plugin- Default groups are missing ipaUniqueID attribute (#696508)- Set min version of 389-ds-base to 1.2.8.0-1 for fix in BZ 693466. - Fix some problems in IPA schema (#692978) - postalCode should be a string not an integer (#692945)- Port 7390 is managed by selinux-policy-3.7.19-80. Update ipa-repl_selinux.patch to not manage it any more. (#691883) - Patch to fix setting gidnumber when a user is created. (#692168)- Fix uninitialized variable in password plugin (#690595)- Wait for Directory Service ports to open (#688934) - Mixed case hostname can cause issues and confusion (#688622) - Wrong timeout parameter in ipapython (#684273) - Run ipa-ldap-updater on upgrades (#688931) - Internal Error and trace back when adding DNS AAAA record (#689452)- Use realm provided by installer in LDAP Updater (#684744) - Use args for domain and server when doing DNS discovery in client (#684780) - Fix 2 SELinux issues in dogtag replication (#684269)- Add Obsoletes so upgrade from ipa-client package is possible (#684931)- Update to upstream 2.0.0rc3 (#680993) - Set minimum version of sssd to 1.5.1-12 - Remove SuitespotGroup patch - Rebase remove-pkinit patch- Set the SuitespotGroup directive in the 389-ds installation template. This ensures group read/write to /var/run/dirsrv. (#680201) - Make single line out of python sitelib/sitearch code.- Update to upstream 2.0.0rc2 (#675282) - Set minimum version of sssd to 1.5.1-10 - Set minimum version of python-nss to 0.11 - Set minimum version of 389-ds to 1.2.8 - Add bind-utils as Requires in client subpackage - Remove unused BuildRequires e2fsprogs-devel and libcap-devel - Add branding patch - Add default.conf man page - Upstream moved some utilites from the admintools subpackage, reflect that here as well.- Add pyOpenSSL to BuildRequires. (#670954)- ExcludeArch doesn't do per-package exclusions, use ifarch to force ONLY_CLIENT on non-supported architectures. (#670954) - Manually install ipa-admintools since the upstream client-install target doesn't. - Move a lot of the BuildRequires out of the ! ONLY_CLIENT conditional because the API validator in the upstream code requires them.- Exclude building server and server-selinux on ppc, ppc64, s390 and s390x platforms. (#670954) - Add date variable to the release to make daily builds easier.- Merge in changes from FreeIPA beta 2 (#670954) - Add patches to disable pkinit- Set minimum version of dogtag to 9.0.0 and add Requires for the theme we need. (#658275) - Remove unnecessary moving of v1 CA serial number file in post script - Move some man pages into admintools subpackage- Drop specific Requires on libcurl and krb5-libs (#658275)- Consistent usage of buildroot vs RPM_BUILD_ROOT (#658275)- Drop Requires on nss-ldap (#658275)- Temporarily disable building on s390- Drop optional radius package, the underlying code isn't there - Re-arrange the doc lines so that defattr is first (#658275)- Initial 2.0.0 build (#658275) - This is IPA v2.0.0 beta 1 plus all patches through git commit 4da9228fb2ac34adab8eb1884ae414236adb84fa - Removed some Fedora conditionals- Drop BuildRequires on mozldap-devel- Add Requires on krb5-pkinit-openssl- Add ipa-host-net-manage script- Add ipa init script- Set minimum level of 389-ds-base to 1.2.7 for enhanced memberof plugin- remove ipa-fix-CVE-2008-3274- Remove duplicate %files entries on share/ipa/static - Add python default encoding shared library- Drop requires on python-configobj (not used any more) - Drop ipa-ldap-updater message, upgrades are done differently now- Drop conflicts on mod_nss - Require nss-pam-ldapd on F-14 or higher instead of nss_ldap (#606847) - Drop a slew of conditionals on older Fedora releases (< 12) - Add a few conditionals against RHEL 6 - Add Requires of nss-tools on ipa-client- Set minimum version of certmonger to 0.26 (to pck up #621670) - Set minimum version of pki-silent to 1.3.4 (adds -key_algorithm) - Set minimum version of pki-ca to 1.3.6 - Set minimum version of sssd to 1.2.1- Add BuildRequires for authconfig- Bump up minimum version of python-nss to pick up nss_is_initialize() API- Removed python-asset based webui- Change Requires from fedora-ds-base to 389-ds-base - Set minimum level of 389-ds-base to 1.2.6 for the replication version plugin.- Drop Requires of python-krbV on ipa-client- Load ipa_dogtag.pp in post install- Set minimum level of sssd to 1.1.1 to pull in required hbac fixes.- No need to create /var/log/ipa_error.log since we aren't using TurboGears any more.- Fixed share/ipa/wsgi.py so .pyc, .pyo files are included- Added Require mod_wsgi, added share/ipa/wsgi.py- Require python-wehjit >= 0.2.2- Add sssd and certmonger as a Requires on ipa-client- Require python-wehjit >= 0.2.0- Add ipa-rmkeytab tool- Set minimum of python-pyasn1 to 0.0.9a so we have support for the ASN.1 Any type- Remove v1-style /etc/ipa/ipa.conf, replacing with /etc/ipa/default.conf- Add bash completion script and own /etc/bash_completion.d in case it doesn't already exist- Remove ipa_webgui, its functions rolled into ipa_httpd- Removed python-cherrypy from BuildRequires and Requires - Added Requires python-assets, python-wehjit- Added httpd SELinux policy so CRLs can be read- Move ipalib to ipa-python subpackage - Bump minimum version of slapi-nis to 0.15- Set 0.14 as minimum version for slapi-nis- Add Requires: python-nss to ipa-python sub-package- Remove the IPA DNA plugin, use the DS one- Build radius separately - Fix a few minor issues- Replace TurboGears requirement with python-cherrypy- rebuild with new openssl- Fix SELinux code- Fix breakage caused by python-kerberos update to 1.1- New upstream release 1.2.1- Rebuild for Python 2.6- Respin after the tarball has been re-released upstream New hash is 506c9c92dcaf9f227cba5030e999f177- Conditionally restart also dirsrv and httpd when upgrading- Update to upstream version 1.2.0 - Set fedora-ds-base minimum version to 1.1.3 for winsync header - Set the minimum version for SELinux policy - Remove references to Fedora 7- Fix for CVE-2008-3274 - Fix segfault in ipa-kpasswd in case getifaddrs returns a NULL interface - Add fix for bug #453185 - Rebuild against openldap libraries, mozldap ones do not work properly - TurboGears is currently broken in rawhide. Added patch to not build the UI locales and removed them from the ipa-server files section.- Add call to /usr/sbin/upgradeconfig to post install- Update to upstream version 1.1.0 - Patch for indexing memberof attribute - Patch for indexing uidnumber and gidnumber - Patch to change DNA default values for replicas - Patch to fix uninitialized variable in ipa-getkeytab- Set fedora-ds-base minimum version to 1.1.0.1-4 and mod_nss minimum version to 1.0.7-4 so we pick up the NSS fixes. - Add selinux-policy-base(post) to Requires (446496)- Add missing entry for /var/cache/ipa/kpasswd (444624) - Added patch to fix permissions problems with the Apache NSS database. - Added patch to fix problem with DNS querying where the query could be returned as the answer. - Fix spec error where patch1 was in the wrong section- Added patch to fix problem reported by ldapmodify- Fix Requires for krb5-server that was missing for Fedora versions > 9 - Remove quotes around test for fedora version to package egg-info- Update to upstream version 1.0.0- Pull upstream changelog 722 - Add Conflicts mod_ssl (435360)- Pull upstream changelog 698 - Fix ownership of /var/log/ipa_error.log during install (435119) - Add pwpolicy command and man page- Pull upstream changelog 678 - Add new subpackage, ipa-server-selinux - Add Requires: authconfig to ipa-python (bz #433747) - Package i18n files- Pull upstream changelog 641 - Require minimum version of krb5-server on F-7 and F-8 - Package some new files- Marked with wrong license. IPA is GPLv2.- Ensure that /etc/ipa exists before moving user-modifiable html files there - Put html files into /etc/ipa/html instead of /etc/ipa- Pull upstream changelog 608 which renamed several files- package the sessions dir /var/cache/ipa/sessions - Pull upstream changelog 597- Updated upstream pull (596) to fix bug in ipa_webgui that was causing the UI to not start.- Included LICENSE and README in all packages for documentation - Move user-modifiable content to /etc/ipa and linked back to /usr/share/ipa/html - Changed some references to /usr to the {_usr} macro and /etc to {_sysconfdir} - Added popt-devel to BuildRequires for Fedora 8 and higher and popt for Fedora 7 - Package the egg-info for Fedora 9 and higher for ipa-python- Added auto* BuildRequires- Unified spec file- Fixed License in specfile - Include files from /usr/lib/python*/site-packages/ipaserver- Version bump for release- Preverse mode on ipa-keytab-util - Version bump for relase and rpm name change- Broke invididual Requires and BuildRequires onto separate lines and reordered them - Added python-tgexpandingformwidget as a dependency - Require at least fedora-ds-base 1.1- Version bump for release- Add dep for freeipa-admintools and acl- Add dependency for python-krbV- Require mod_nss-1.0.7-2 for mod_proxy fixes- Convert to autotools-based build* Fri Sep 7 2007 Karl MacMillan - 0.3.0-1 - Added support for libipa-dna-plugin- Added support for ipa_kpasswd and ipa_pwd_extop- Abstracted client class to work directly or over RPC- Add mod_auth_kerb and cyrus-sasl-gssapi to Requires - Remove references to admin server in ipa-server-setupssl - Generate a client certificate for the XML-RPC server to connect to LDAP with - Create a keytab for Apache - Create an ldif with a test user - Provide a certmap.conf for doing SSL client authentication- Initial rpm version/bin/sh/bin/sh/bin/sh 3.0.0-51.el6.centos3.0.0-51.el6.centosdcerpc.pydcerpc.pycdcerpc.pyoadtrustinstance.pyadtrustinstance.pycadtrustinstance.pyolibipa_extdom_extop.solibipa_sidgen.solibipa_sidgen_task.sowinbind_krb5_locator.soipasam.soipa-adtrust-installsmb.conf.emptyipa-adtrust-install.1.gz/usr/lib/python2.6/site-packages/ipaserver//usr/lib/python2.6/site-packages/ipaserver/install//usr/lib64/dirsrv/plugins//usr/lib64/krb5/plugins/libkrb5//usr/lib64/samba/pdb//usr/sbin//usr/share/ipa//usr/share/man/man1/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=genericdrpmxz2x86_64-redhat-linux-gnu?7zXZ !PH6]"k%<7WͶgʻf{&+pǂ ^iQ{d:!IɁB]qٿ2D|X `-#6o,*0> ^7O cHQ~1ӗPSGs59ku&Zʦj`{ 15{_OFfZ+x8&6sS)''}|; u<&?uQTK|-ܺvd.LLhܞ55dje1;%蘻>8cL=P4"@g k 9f`޲li "R 6B|;E>Z%z$^L 7dl%1Q0h u5[t \+qWҎ6Mk;w+KT*GO0UU)~XrB.ݨT&i/!s)D%{fZh5 /}2Ӕ9Q64{P>֥1vTY=nd<ܖ>\5aЎDmCZAf[3 mk v>Ot6Ǘ:s'm^w΁%C4! шEosUK?]訋P{Wg{SdMl~ jET$DqqUwG䰌[`-y1_ ŭM8, ͲDH_09] RVhg/RJf=< ă fM T*q/U ̥N8,v_b~9PxX/? qInV !8P>dM vڅ4]=UrnE>(BB"SQxP/WjT YZ