[Freeipa-interest] FreeIPA 4.9.2 released
Alexander Bokovoy
abokovoy at redhat.com
Mon Feb 15 19:12:28 UTC 2021
The FreeIPA team would like to announce FreeIPA 4.9.2 release!
It can be downloaded from http://www.freeipa.org/page/Downloads. Builds
for Fedora distributions will be available from the official repository
soon.
== Bug fixes
FreeIPA 4.9.2 is a stabilization release for the features delivered as a
part of 4.9 version series.
There are more than 20 bug-fixes since FreeIPA 4.9.1 release. Details of
the bug-fixes can be seen in the list of resolved tickets below.
== Upgrading
Upgrade instructions are available on Upgrade page.
== Feedback
Please provide comments, bugs and other feedback via the freeipa-users
mailing list
(https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/)
or #freeipa channel on Freenode.
== Resolved tickets
* https://pagure.io/freeipa/issue/6739[#6739] Cannot login to replica's WebUI
* https://pagure.io/freeipa/issue/8404[#8404] Detect and fail if not
enough memory is available for installation
* https://pagure.io/freeipa/issue/8452[#8452] update samba configuration
on IPA master to explicitly use 'server role' setting
* https://pagure.io/freeipa/issue/8506[#8506] Nightly failure in
ipa-server-install --uninstall: org.freedesktop.DBus.Error.NoReply
* https://pagure.io/freeipa/issue/8533[#8533] Nightly failure in
ipa-replica-install configuring renewals: DBusException:
org.freedesktop.DBus.Error.NoReply
* https://pagure.io/freeipa/issue/8550[#8550]
(https://bugzilla.redhat.com/show_bug.cgi?id=1902173[rhbz#1902173])
Uninstallation of server with KRA diplays error but proceeds
successfully (unable to access security domain)
* https://pagure.io/freeipa/issue/8554[#8554]
(https://bugzilla.redhat.com/show_bug.cgi?id=1891056[rhbz#1891056])
ipa-kdb: support subordinate/superior UPN suffixes
* https://pagure.io/freeipa/issue/8588[#8588] The 'ipactl status'
command exit code does not fail on a partial error
* https://pagure.io/freeipa/issue/8630[#8630]
(https://bugzilla.redhat.com/show_bug.cgi?id=1909876[rhbz#1909876]) Do
not resolve user/group UID/GID in the service constructors
* https://pagure.io/freeipa/issue/8636[#8636]
(https://bugzilla.redhat.com/show_bug.cgi?id=1923900[rhbz#1923900])
Samba on IdM member failure
* https://pagure.io/freeipa/issue/8647[#8647]
(https://bugzilla.redhat.com/show_bug.cgi?id=1912556[rhbz#1912556])
Incorrect DNSKEY created when DNSSEC enabled for zone
* https://pagure.io/freeipa/issue/8658[#8658]
(https://bugzilla.redhat.com/show_bug.cgi?id=1924501[rhbz#1924501])
Value stored to 'krberr' is never read in ipa-rmkeytab.c
* https://pagure.io/freeipa/issue/8669[#8669] Reduce difference between
upstream and downstream releases
* https://pagure.io/freeipa/issue/8675[#8675] Update failed: NSS is
built without support of the legacy database(DBM)
* https://pagure.io/freeipa/issue/8683[#8683] [ipatests]
`test_ipa_dns_systemrecords_check` and `test_ipa_healthcheck_no_errors`
fail in Azure Pipelines
* https://pagure.io/freeipa/issue/8685[#8685] KDC cert has no SAN DNSname
* https://pagure.io/freeipa/issue/8686[#8686]
(https://bugzilla.redhat.com/show_bug.cgi?id=1922955[rhbz#1922955])
Resubmitting KDC cert fails with internal server error
* https://pagure.io/freeipa/issue/8689[#8689] Add centos platform module
* https://pagure.io/freeipa/issue/8690[#8690] Add a tool to control
interactive programs on remote hosts in IPA tests
* https://pagure.io/freeipa/issue/8699[#8699]
(https://bugzilla.redhat.com/show_bug.cgi?id=1926699[rhbz#1926699]) avc
denial for gpg-agent with systemd-run
* https://pagure.io/freeipa/issue/8704[#8704]
(https://bugzilla.redhat.com/show_bug.cgi?id=1926910[rhbz#1926910]) ipa
cert-remove-hold returns an incorrect error message
* https://pagure.io/freeipa/issue/8712[#8712] Support new baseURL config
option for ACME
== Detailed changelog since 4.9.1
=== Alexander Bokovoy (14)
* Back to git commits
https://pagure.io/freeipa/c/811d130c66880208a244741b90a5e6de2429004a[commit]
* Become IPA 4.9.2
https://pagure.io/freeipa/c/34600a0ecac3ad3fbe7b7b5767c3a4c1a455dc45[commit]
* po: refresh translations to remove outdated strings
https://pagure.io/freeipa/c/66ffc9a612e932578b609061a5f1b38fc1c46c50[commit]
* po: update translations template
https://pagure.io/freeipa/c/d1313a595d63ced25b2df029029ef501e88ea596[commit]
* test_installutils: run gpg-agent under a specific SELinux context
https://pagure.io/freeipa/c/7ca2797eaca963fe94f7396353569f7f8ed6d09d[commit]
https://pagure.io/freeipa/issue/8699[#8699]
* Force-update translation after FreeIPA to IPA change: po/fr.po
https://pagure.io/freeipa/c/fc9652107e4424f0567bc5a010cad15047db7212[commit]
* Force-update translation after FreeIPA to IPA change: po/es.po
https://pagure.io/freeipa/c/12d92fe517504ac9bec2d76bc15e7303af2f89e5[commit]
* Force-update translation po/id.po
https://pagure.io/freeipa/c/e77d68900a1e8d0476670b0d59b13cea6e1b7f80[commit]
* Force-update translation po/fr.po
https://pagure.io/freeipa/c/cf054fc169879fcd3987b97ccec163402c706392[commit]
* Force-update translation po/es.po
https://pagure.io/freeipa/c/d8398815b10c53e678d96ea31afc9a0eb671f57b[commit]
* Force-update translation po/de.po
https://pagure.io/freeipa/c/7d00ad4b767eb17e218e03544aa53881c9333330[commit]
* client: synchronize ignored return codes with ipa-rmkeytab
https://pagure.io/freeipa/c/5a1ad476e04859e68809435a8098beef1d38c76d[commit]
https://pagure.io/freeipa/issue/8658[#8658]
* ipa-sam: return NetBIOS domain name instead of DNS one
https://pagure.io/freeipa/c/8a4cf2187a6298a46b52ba12ff04648b73f8dd56[commit]
https://pagure.io/freeipa/issue/8636[#8636]
* Back to git commits
https://pagure.io/freeipa/c/9690659ddf57e32a9255d8eed8d27b3ffa8a90cf[commit]
=== Antonio Torres (4)
* ipatests: test addition of invalid sudo command
https://pagure.io/freeipa/c/029daa5ffad5ee5f7be9c3661d88c98fe20398cb[commit]
* sudocmd: ensure command doesn't contain trailing dot before adding it
https://pagure.io/freeipa/c/602a4fa321560c69407d1c6d0a04f190a5350038[commit]
* WebUI: change FreeIPA naming to IPA in About dialog
https://pagure.io/freeipa/c/4f63dc994522243fde1cb932f6a8b5a26a171933[commit]
https://pagure.io/freeipa/issue/8669[#8669]
* Update samba configuration on IPA master to explicitly use 'server
role' setting
https://pagure.io/freeipa/c/2b64a4e8ad5563030650f6d293d4b0537d72cd2c[commit]
https://pagure.io/freeipa/issue/8452[#8452]
=== Christian Heimes (4)
* configure: ipaplatform falls back to ID_LIKE
https://pagure.io/freeipa/c/55180f6e9141bca391a7e2c9d9727948624c307f[commit]
https://pagure.io/freeipa/issue/8689[#8689]
* Don't install csrgen extra dependencies
https://pagure.io/freeipa/c/de3510211537f116a097d1212d2586f4b0726467[commit]
https://pagure.io/freeipa/issue/8669[#8669]
* Ensure that KDC cert has SAN DNS entry
https://pagure.io/freeipa/c/5ab290a048d34b03821716b1606f9a33f62964d9[commit]
https://pagure.io/freeipa/issue/8685[#8685]
* Fix cert_request for KDC cert
https://pagure.io/freeipa/c/2c48897ed1700725d3cd07a4a106e40f62d76c47[commit]
https://pagure.io/freeipa/issue/6739[#6739],
https://pagure.io/freeipa/issue/8686[#8686]
=== Florence Blanc-Renaud (8)
* ipatests: update expected error message
https://pagure.io/freeipa/c/9854c399da83a30259ccec9cf9277ffd97f7cd67[commit]
https://pagure.io/freeipa/issue/8704[#8704]
* xmlrpc tests: add a test for cert-remove-hold
https://pagure.io/freeipa/c/55c7e2121ea78eec102560d176ccb2c74146caf7[commit]
https://pagure.io/freeipa/issue/8704[#8704]
* cert plugin: propagate the error for non-existent cert
https://pagure.io/freeipa/c/45d7d15c1186bc563393ae0bf131ccf94b1d12c4[commit]
https://pagure.io/freeipa/issue/8704[#8704]
* ipatests: ipactl status now exits with 3 when a service is stopped
https://pagure.io/freeipa/c/8d30629801a88a8f03c94f2274ed93a1ff0a38be[commit]
https://pagure.io/freeipa/issue/8588[#8588]
* ipatests: fix ipahealthcheck fixture _modify_permission
https://pagure.io/freeipa/c/b784e1f8d4e393e31616430f74ccc3d158418619[commit]
* OpenDNSSEC: fix timezone in key creation date
https://pagure.io/freeipa/c/2a51892ab9688b6bc5282098a426003932462549[commit]
* ipatests: add a test for ZSK/KSK keytype in DNSKEY record
https://pagure.io/freeipa/c/dd21d068cb4500b0d8a8af14b0371f95cc40c974[commit]
https://pagure.io/freeipa/issue/8647[#8647]
* dnssec: fix the key type with OpenDNSSEC 2.1
https://pagure.io/freeipa/c/44762369fb05b67855a8dc81d647c8880d642902[commit]
https://pagure.io/freeipa/issue/8647[#8647]
=== Mohammad Rizwan (1)
* ipatests: Test if server setup without dns uninstall properly
https://pagure.io/freeipa/c/85674f16a18a6d4917dcf56330dc122902b53475[commit]
https://pagure.io/freeipa/issue/8630[#8630]
=== Rob Crittenden (20)
* Remove the option stop_certmonger from stop_tracking_*
https://pagure.io/freeipa/c/9872610f7df6576813715f5de239957042ca2c9d[commit]
https://pagure.io/freeipa/issue/8506[#8506],
https://pagure.io/freeipa/issue/8533[#8533]
* Add some logging around initial ACME deployment
https://pagure.io/freeipa/c/6526ab48a36b068de1970a2685dcedcf4b278bd3[commit]
https://pagure.io/freeipa/issue/8712[#8712]
* Add versions to the ACME config templates and update on upgrade
https://pagure.io/freeipa/c/31061c60af065d7251a7aaf6d5c93e86434d12f2[commit]
https://pagure.io/freeipa/issue/8712[#8712]
* Set the ACME baseURL in order to pin a client to a single IPA server
https://pagure.io/freeipa/c/a16dc59447bceab9df7d0597e81af2f1a525ce4c[commit]
https://pagure.io/freeipa/issue/8712[#8712]
* Add RHEL 9 UI branding patch reference
https://pagure.io/freeipa/c/dffe69573e1ee5a14af12d83c9c86084cfa3a58d[commit]
https://pagure.io/freeipa/issue/8669[#8669]
* Force-update translation after FreeIPA to IPA change: po/ipa.pot
https://pagure.io/freeipa/c/936f98e93e43f1e30d3109d37009654db349a241[commit]
* Remove references to rjsmin in UI compile.sh
https://pagure.io/freeipa/c/1478db894844ca4527e0017a7204d4d6f5695752[commit]
https://pagure.io/freeipa/issue/8669[#8669]
* Remove support for csrgen
https://pagure.io/freeipa/c/e35bec9a5214a836d938eae6c577a4f33fe5e4f9[commit]
https://pagure.io/freeipa/issue/8669[#8669]
* Change FreeIPA references to IPA and Identity Management
https://pagure.io/freeipa/c/f05ee29d10f2be294d707bd34bfc8399c06b63c5[commit]
https://pagure.io/freeipa/issue/8669[#8669]
* ipatests: Handle non-zero return code in test_ipactl_scenario_check
https://pagure.io/freeipa/c/00226adaa68935fbc1d85508eadafa420027edb5[commit]
https://pagure.io/freeipa/issue/8550[#8550]
* Add exit status to the ipactl man page
https://pagure.io/freeipa/c/302f9377e5c760bcf38be2b0503915ccadef8b67[commit]
https://pagure.io/freeipa/issue/8550[#8550]
* Ensure IPA is running (ideally) before uninstalling the KRA
https://pagure.io/freeipa/c/87ede26cc2bcbe543cb970a5e55cf1901791a100[commit]
https://pagure.io/freeipa/issue/8550[#8550]
* ipactl: support script status 3, program is not running
https://pagure.io/freeipa/c/ddb5414d56f57fdd18ad66fbc6a53410725dd9cd[commit]
https://pagure.io/freeipa/issue/8588[#8588]
* Use the new API introduced in PKI 10.8
https://pagure.io/freeipa/c/4d26ce5061c5b7f9383286a108fc48b19b5bc65a[commit]
* Change CA profile migration message from info to debug
https://pagure.io/freeipa/c/b99bc2d8b1e5226f61a7c980cfb7576dac222466[commit]
* Only build the UI with uglifyjs on RHEL 8
https://pagure.io/freeipa/c/5fb0cc43eab329e8cb0020ca96f70a05fa9bb4bd[commit]
https://pagure.io/freeipa/issue/8669[#8669]
* Provide more detailed logging around memory detection
https://pagure.io/freeipa/c/6eff5b9527d5d187922eed6f569d3e63d67e094d[commit]
https://pagure.io/freeipa/issue/8404[#8404]
* ipatests: Update NSSDatabase DBM test on non-DBM-capable installs
https://pagure.io/freeipa/c/7f1849e74a7c81213ec658058aec97033c84e038[commit]
https://pagure.io/freeipa/issue/8675[#8675]
* Ignore database errors when trying to extract ipaCert on upgrade
https://pagure.io/freeipa/c/348d4eef6f974c75cb546fc690bb3a20a789de28[commit]
https://pagure.io/freeipa/issue/8675[#8675]
* Report the NSS database directory if it cannot be opened
https://pagure.io/freeipa/c/b71c0c678430c38cbd22663cbf48229a23f19c8e[commit]
https://pagure.io/freeipa/issue/8675[#8675]
=== Stanislav Levin (3)
* rpm-spec: Require crypto-policies-scripts
https://pagure.io/freeipa/c/0b11a7ce5542fae4d3d2ab0584d3dfe0f67ef617[commit]
* ipatests: Handle AAAA records in test_ipa_dns_systemrecords_check
https://pagure.io/freeipa/c/151fa5040af0f044fe7bf0154c2dcfc58506a499[commit]
https://pagure.io/freeipa/issue/8683[#8683]
* Azure: Populate containers with self-AAAA records
https://pagure.io/freeipa/c/63b14839aff23db7977decbeb742949bd05a8219[commit]
https://pagure.io/freeipa/issue/8683[#8683]
=== Sergey Orlov (5)
* ipatests: use pexpect to control inetractive session of
ipa-adtrust-install
https://pagure.io/freeipa/c/34d72d16ee3ac4e3979eed5be7ddf31997a485b8[commit]
https://pagure.io/freeipa/issue/8690[#8690]
* ipatests: use pexpect to invoke ktutil
https://pagure.io/freeipa/c/1c15447e1345a3c93932e70dea1177f6a42fb2d4[commit]
https://pagure.io/freeipa/issue/8690[#8690]
* ipatests: add a tests-oriented wrapper for pexpect module
https://pagure.io/freeipa/c/29377901f7bc74baceda1bf42617dd69dacf10a2[commit]
https://pagure.io/freeipa/issue/8690[#8690]
* ipatests: rewrite test for requests routing to subordinate suffixes
https://pagure.io/freeipa/c/0d9f988f5eb5f07965582b84f1b3ac812125b63f[commit]
https://pagure.io/freeipa/issue/8554[#8554]
* fix collecting log files which are symlinks
https://pagure.io/freeipa/c/5517aa691805cccfa4d19a28a6dbf3319845c4a6[commit]
=== Thorsten Scherf (1)
* man: fix ipa-client-samba.1 typos
https://pagure.io/freeipa/c/b290bc12b25938db5e29b7742989a1a0c99f15f4[commit]
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
More information about the Freeipa-interest
mailing list