- Replace %%{_libdir} macro in BuildRequires (#1746882)
- Restore user-nsswitch.conf before calling authselect (#1746557)
- ipa service-find does not list cifs service created by
ipa-client-samba (#1731433)
- Occasional 'whoami.data is undefined' error in FreeIPA web UI
(#1699109)
- ipa-kra-install fails due to fs.protected_regular=1 (#1698384)
- New BuildRequires for nodejs and uglify-js
- New Requires for 389-ds-base-legacy-tools in server (RHBZ#1606541)
- Do not build python2-ipaserver and python2-ipatests for Fedora 29 and up
- Do not build any python2 packages for Fedora 30
- Added ipatest man pages to python3-ipatests packages also
- Added ipatest bindir links to python3-ipatests for Fedora up to 28
- Dropped explicit copy of freeipa.template, install is doing this now
- Added upstream fix: (f3faecb) Fix $-style format string in ipa_ldap_init
- Added upstream fix: (4b592fe,1a7baa2) Added reason to raise of errors.NotFound
- Fixes#1491053 Firefox reports insecure TLS configuration when visiting
FreeIPA web UI after standard server deployment
Signed-off-by: Tomas Krizek <tkrizek@redhat.com>
- Update to upstream 3.3.4
- Install CA anchor into standard location (#928478)
- ipa-client-install part of ipa-server-install fails on reinstall (#1044994)
- Remove mod_ssl workaround (RHEL bug #1029046)
- Enable syncrepl plugin to support bind-dyndb-ldap 4.0
- Drop freeipa-server-selinux subpackage
- Drop redundant directory /var/cache/ipa/sessions
- Do not create /var/lib/ipa/pki-ca/publish, retain reference as ghost
- Run ipa-upgradeconfig and server restart in posttrans to avoid inconsistency
issues when there are still old parts of software (like entitlements plugin)
- ipa-client-install fails if /etc/ipa does not exist (#961483)
- Certificate status is not visible in Service and Host page (#956718)
- ipa-client-install removes needed options from ldap.conf (#953991)
- Handle socket.gethostbyaddr() exceptions when verifying hostnames
(#953957)
- Add triggerin scriptlet to support OpenSSH 6.2 (#953617)
- Require nss 3.14.3-12.0 to address certutil certificate import
errors (#953485)
- Require pki-ca 10.0.2-3 to pull in fix for sslget and mixed IPv4/6
environments. (#953464)
- ipa-client-install removes 'sss' from /etc/nsswitch.conf (#953453)
- ipa-server-install --uninstall doesn't stop dirsrv instances
(#953432)
- Add requires for openldap-2.4.35-4 to pickup fixed SASL_NOCANON
behavior for socket based connections (#960222)
- Require libsss_nss_idmap-python
- Add Conflicts on nss-pam-ldapd < 0.8.4. The mapping from uniqueMember
to member is now done automatically and having it in the config file
raises an error.
- Add backup and restore tools, directory.
- require at least systemd 38 which provides the journal (we no longer
need to require syslog.target)
- Update Requires on policycoreutils to 2.1.14-37
- Update Requires on selinux-policy to 3.12.1-42
- Update Requires on 389-ds-base to 1.3.1.0
- Set minimum for sssd to 1.9.2
- Set minimum for pki-ca to 10.0.0-1
- Set minimum for 389-ds-base to 1.3.0
- Set minimum for selinux-policy to 3.11.1-60
- Remove unneeded dogtag package requires
