ipa security and bug fix update

[2.1.3-9.el6]

• Add current password prompt when changing own password in web UI (#751179)
• Remove extraneous trailing ’ from netgroup patch (#749352)
  [2.1.3-8.el6]
• Updated patch for CVE-2011-3636 to include CR in the HTTP headers.
  xmlrpc-c in RHEL-6 doesn’t suppose the dont_advertise option so that is
  not set any more. Another fake header, X-Original-User_Agent, is added
  so there is no more trailing junk after the Referer header. (#749870)
  [2.1.3-7.el6]
• Require an HTTP Referer header to address CSRF attackes. CVE-2011-3636.
  (#749870)
  [2.1.3-6.el6]
• Users not showing up in nis netgroup triple (#749352)
  [2.1.3-5.el6]
• Add update file to remove entitlement roles, privileges and
  permissions (#739060)
  [2.1.3-4.el6]
• Quote worker option in krb5kdc (#748754)
  [2.1.3-3.el6]
• hbactest fails while you have svcgroup in hbacrule (#746227)
• Add Kerberos domain mapping for system hostname (#747443)
• Format certificates as PEM in browser (#701325)
  [2.1.3-2.el6]
• ipa-client-install hangs if the discovered server is unresponsive (#745392)
• Fix minor problems in help system (#747028)
• Remove help fix from Disable automember patch (#746717)
• Update minimum version of sssd to 1.5.1-60 to pick up SELinux fix (#746265)
  [2.1.3-1.el6]
• Update to upstream 2.1.3 release (#736170)
• Additional branding (#742264)
• Disable automember cli (#746717)
• ipa-client-install sometimes fails to start sssd properly (#736954)
• ipa-client-install adds duplicate information to krb5.conf (#714597)
• ipa-client-install should configure hostname (#714919)
• inconsistency in enabling ‘delete’ buttons (#730751)
• hbactest does not resolve canonical names during simulation (#740850)
• Default DNS Administration Role - Permissions missing (#742327)
• named fails to start after installing ipa server when short (#742875)
• Duplicate hostgroup and netgroup should not be allowed (#743253)
• named fails to start (#743680)
• Global password policy should not be able to be deleted (#744074)
• Client install fails when anonymous bind is disabled (#744101)
• Internal Server Error adding invalid reverse DNS zone (#744234)
• ipa hbactest does not evaluate indirect members from groups. (#744410)
• Leaks KDC password and master password via command line arguments (#744422)
• Traceback when upgrading from ipa-server-2.1.1-1 (#744798)
• IPA User’s Primary GID is not being set to their UPG’s GID (#745552)
• –forwarder option of ipa-dns-install allows invalid IP addr (#745698)
• UI does not grant access based on roles (#745957)
• Unable to add external user for RunAs User for Sudo (#746056)
• Typo in error message while adding invalid ptr record. (#746199)
• Don’t use python 2.7-only syntax (#746229)
• Error when using ipa-client-install with --no-sssd option (#746276)
• Installation fails if sssd.conf exists and is already config (#746298)
• External hosts are not removed properly from sudorule (#709665)
• Competely remove entitlement support (#739060)
• Add winsync section to ipa-replica-manage man page (#744306)
  [2.1.2-2.el6]
• Remove python-rhsm as a Requires (#739060)
  [2.1.2-1.el6]
• Update to upstream 2.1.2 release (#736170)
• More completely disable entitlement support (#739060)
• Drop patch to ignore return value from restorecon (upstreamed)
• Set min version of 389-ds-base to 1.2.9.12-2
• Set min version of dogtag to 9.0.3-20
• Rebased hide-pkinit, ipa-RHEL-index and remove-persistent-search
  patches (#700586)
  [2.1.1-4.el6]
• Update RHEL patch (#740094)
  [2.1.1-3.el6]
• Ignore return value from restorecon (#739604)
• Disable entitlement support (#739060, #739061)
  [2.1.1-2.el6]
• Update minimum xmlrpc-c version (#736787)
• Fix package installation order causing SELinux problems (#737516)
  [2.1.1-1.el6]
• Update to upstream 2.1.1 release (#732803)
  [2.1.0-1.el6]
• Resolves: rhbz#708388 - Update to upstream 2.1.0 release
  [2.0.0-25]
• Remove client debug logging patch (#705800)
  [2.0.0-24]
• Wait for 389-ds tasks to complete (#698421)
• Set replica to restart ipa on boot (#705794)
• Improve client debug logging (#705800)
• Managed Entries not configured on replicas (#703869)
• Don’t create bogus aRecord when creating new zone (#704012)