[Freeipa-interest] FreeIPA 4.8.10 released

Sat Sep 26 09:51:29 UTC 2020

Hello!

The FreeIPA team would like to announce FreeIPA 4.8.10 release!

It can be downloaded from http://www.freeipa.org/page/Downloads. Builds
for Fedora distributions will be available from the official repository
soon.

Fedora 33: https://bodhi.fedoraproject.org/updates/FEDORA-2020-e9e815177e
Fedora 32: https://bodhi.fedoraproject.org/updates/FEDORA-2020-6f072665c6

== Highlights in 4.8.10

* 8275: Support systemd-resolved

     FreeIPA DNS servers now detect systemd-resolved and configure it to
     pass through itself.

* 8404: Detect and fail if not enough memory is available for
installation

     FreeIPA server now requires at least 1.2 GiB RAM for installation to
     prevent performance degradation.

* 8488: SELinux blocks custodia key replication / retrieval for sub-CAs

     SELinux: Make sure ipa_custodia_t has the necessary rights ; add
     dedicated policy rules for ipa-pki-retrieve-key.

* 8490: It is not possible to edit KDC database when the FreeIPA server
is running

     kadmin.local command 'getprincs' is now supported

* 8503: pkispawn logs files are empty

     On recent versions of Dogtag PKI, pkispawn does not create logs by
     default, making debugging failed IPA installs impossible. Invoke
     pkispawn with --debug to revert to the previous behavior.

* 8507: [WebUI] Backport jQuery patches from newer versions of the
library (e.g. 3.5.0)

     Support reproducible builds for jQuery library

=== Enhancements

=== Known Issues

=== Bug fixes

FreeIPA 4.8.10 is a stabilization release for the features delivered as
a part of 4.8.10 version series.

There are more than 20 bug-fixes details of which can be seen in the
list of resolved tickets below.

== Upgrading

Upgrade instructions are available on Upgrade page.

== Feedback

Please provide comments, bugs and other feedback via the freeipa-users
mailing list
(https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/)
or #freeipa channel on Freenode.

== Resolved tickets

* https://pagure.io/freeipa/issue/5914[#5914]
(https://bugzilla.redhat.com/show_bug.cgi?id=1298288[rhbz#1298288])
invalid setting of DS lock table size

* https://pagure.io/freeipa/issue/6115[#6115]
(https://bugzilla.redhat.com/show_bug.cgi?id=1357495[rhbz#1357495]) ipa
command provides stack trace when provided with single hypen commands

* https://pagure.io/freeipa/issue/7125[#7125]
(https://bugzilla.redhat.com/show_bug.cgi?id=1480102[rhbz#1480102])
ipa-server-upgrade failes with "This entry already exists"

* https://pagure.io/freeipa/issue/8204[#8204]
(https://bugzilla.redhat.com/show_bug.cgi?id=1810148[rhbz#1810148])
ipa-server-certinstall -> certmonger add_subject template-subject dbus
'unable to set arguments' a\{sv}

* https://pagure.io/freeipa/issue/8248[#8248] httpd ccaches created
during server upgrade aren't cleaned up on uninstall/install

* https://pagure.io/freeipa/issue/8275[#8275]
(https://bugzilla.redhat.com/show_bug.cgi?id=1880628[rhbz#1880628])
Support systemd-resolved

* https://pagure.io/freeipa/issue/8344[#8344] Nightly test failure in
test_smb.py::TestSMB::test_smb_service_s4u2self

* https://pagure.io/freeipa/issue/8383[#8383] Test with dnspython 2.0

* https://pagure.io/freeipa/issue/8404[#8404] Detect and fail if not
enough memory is available for installation

* https://pagure.io/freeipa/issue/8443[#8443] ipa delegation-add can add
permissions and attributes several times

* https://pagure.io/freeipa/issue/8446[#8446] ipa dnszone-add ignores
--name-from-ip option if name is given

* https://pagure.io/freeipa/issue/8458[#8458] auto-upgrade will never
happen for existing installations

* https://pagure.io/freeipa/issue/8468[#8468] [pylint] new warnings on
dev branch

* https://pagure.io/freeipa/issue/8472[#8472] [tracker] Nightly test
failure in test_ipahealthcheck.py::TestIpaHealthCheckWithExternalCA

* https://pagure.io/freeipa/issue/8473[#8473] Nightly test failure in
all webui tests: Invalid or corrupt jarfile /opt/selenium.jar

* https://pagure.io/freeipa/issue/8474[#8474] Mozilla's NSS without DBM

* https://pagure.io/freeipa/issue/8475[#8475] Azure: tox task and
virtualenv 20+

* https://pagure.io/freeipa/issue/8481[#8481] Nightly test failure in
rawhide in tasks.configure_dns_for_trust

* https://pagure.io/freeipa/issue/8488[#8488]
(https://bugzilla.redhat.com/show_bug.cgi?id=1868432[rhbz#1868432])
SELinux blocks custodia key replication / retrieval for sub-CAs

* https://pagure.io/freeipa/issue/8490[#8490]
(https://bugzilla.redhat.com/show_bug.cgi?id=1875001[rhbz#1875001]) It
is not possible to edit KDC database when the FreeIPA server is running

* https://pagure.io/freeipa/issue/8491[#8491] Unindexed searches in
FreeIPA git master

* https://pagure.io/freeipa/issue/8494[#8494] Azure Pipelines are broken
due to docker compose tool upgrade

* https://pagure.io/freeipa/issue/8503[#8503]
(https://bugzilla.redhat.com/show_bug.cgi?id=1879604[rhbz#1879604])
pkispawn logs files are empty

* https://pagure.io/freeipa/issue/8505[#8505] Nightly failure (fedora31)
in test_integration/test_smb.py::TestSMB::test_smb_service_s4u2self

* https://pagure.io/freeipa/issue/8507[#8507] [WebUI] Backport jQuery
patches from newer versions of the library (e.g. 3.5.0)

* https://pagure.io/freeipa/issue/8511[#8511] The selinux subpackage
does not have a requirement to match the server install

* https://pagure.io/freeipa/issue/8512[#8512] Import of psutil can
trigger SELinux violation

* https://pagure.io/freeipa/issue/8513[#8513]
(https://bugzilla.redhat.com/show_bug.cgi?id=1868432[rhbz#1868432])
SELinux module fails to load: Re-declaration of type node_t

* https://pagure.io/freeipa/issue/8515[#8515]
(https://bugzilla.redhat.com/show_bug.cgi?id=1882340[rhbz#1882340])
nsslapd-db-locks patching no longer works

== Detailed changelog since 4.8.9

Detailed changelog is available at https://www.freeipa.org/page/Releases/4.8.10

-- 
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland