Hi,
On Thu, Mar 26, 2020 at 11:16 AM Alexander Bokovoy via FreeIPA-devel
<freeipa-devel@lists.fedorahosted.org> wrote:
>
> Hi,
>
> below is a release notes draft for FreeIPA 4.8.6 release I'm intending
> to do today. I modified release-notes script to pick up release notes
> from the commits to complement Pagure tickets' changelog custom field.
>
> Please add your highlights in response to this email.
>
>
> {{ReleaseDate|2020-03-27}}
> The FreeIPA team would like to announce FreeIPA 4.8.6 release!
>
> It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for
> Fedora distributions will be available from the official repository soon.
>
> == Highlights in 4.8.6 ==
>
> '''TODO RELEASE NOTES - put release notes (if any) to proper categories'''
> * 8236: Enforce a check to prevent adding objects from IPA as external
> members of external groups
> :: Command 'ipa group-add-member' allowed to specify any user or group
> :: for '--external' option. A stricter check is added to verify that
> :: a group or user to be added as an external member does not come
> :: from IPA domain.
> --------
> '''END TODO'''
>
> === Enhancements ===
> === Known Issues ===
If the first KRA instance is installed on a hidden replica, more KRA
instances cannot be added to the cluster. As a workaround, temporarily
make the the hidden replica with the KRA role visible before adding
more KRA instances. The previously-hidden replica can be hidden again
as soon as ipa-kra-install is complete.
> === Bug fixes ===
> FreeIPA 4.8.6 is a stabilization release for the features delivered as a
> part of 4.8 version series.
>
> There are more than 30 bug-fixes details of which can be seen in
> the list of resolved tickets below.
>
> == Upgrading ==
> Upgrade instructions are available on [[Upgrade]] page.
>
> == Feedback ==
> Please provide comments, bugs and other feedback via the freeipa-users mailing
> list
> (https://lists.fedoraproject.org/archives/list/freeipa-us...@lists.fedorahosted.org/)
> or #freeipa channel on Freenode.
>
>
> == Resolved tickets ==
> * [https://pagure.io/freeipa/issue/5662 #5662] ID Views: do not allow custom
> Views for the masters
> * [https://pagure.io/freeipa/issue/6891 #6891] Move FreeIPA SELinux policy
> from system policy to project policy
> * [https://pagure.io/freeipa/issue/7181 #7181] ipa-replica-prepare fails for
> 2nd replica when passwordHistory is enabled
> * [https://pagure.io/freeipa/issue/7522 #7522] Disable cert publishing in
> dogtag
> * [https://pagure.io/freeipa/issue/7537 #7537] PR-CI: external_ca tests are
> hitting timeout
> * [https://pagure.io/freeipa/issue/7630 #7630] ipa-restore should check that
> optional feature packages are installed before restoring a backup using a
> feature
> * [https://pagure.io/freeipa/issue/7744 #7744] ipa-replica-install picks
> wrong replica for CA initial replication
> * [https://pagure.io/freeipa/issue/7830 #7830] FreeIPA installation fails
> with 389-DS 1.4.0.20-1
> * [https://pagure.io/freeipa/issue/7856 #7856] Nightly test failure in
> test_uninstallation.py::TestUninstallBase::()::test_failed_uninstall
> * [https://pagure.io/freeipa/issue/7861 #7861] Make IPADiscovery available in
> PyPI packages
> * [https://pagure.io/freeipa/issue/7895 #7895] ipa trust fetch-domains,
> server parameter ignored
> * [https://pagure.io/freeipa/issue/7909 #7909] Wrong evaluation of
> replication update status
> * [https://pagure.io/freeipa/issue/7917 #7917] Occasional 'whoami.data is
> undefined' error in FreeIPA web UI
> * [https://pagure.io/freeipa/issue/7941 #7941] ipapython/dn_ctypes.py:
> libldap_r shared library missing
> * [https://pagure.io/freeipa/issue/7942 #7942] WebUI test for automount is
> broken
> * [https://pagure.io/freeipa/issue/7948 #7948] [FIPS] Use 3DES for
> certificate encryption when creating a PKCS#12
> * [https://pagure.io/freeipa/issue/7953 #7953] ipa-pwd-extop: do not remove
> MagicRegen mod, replace it
> * [https://pagure.io/freeipa/issue/7965 #7965] Stop using 389-ds legacy tools
> for backup and restore
> * [https://pagure.io/freeipa/issue/7974 #7974] Nightly test failure in
> ipatests.test_integration.test_user_permissions.TestUserPermissions
> * [https://pagure.io/freeipa/issue/7984 #7984] make sure 'make fastlint'
> processes Python .in files
> * [https://pagure.io/freeipa/issue/7987 #7987] Python shebang: Use isolated
> mode
> * [https://pagure.io/freeipa/issue/7990 #7990] Assumptions about systemd name
> of `named`
> * [https://pagure.io/freeipa/issue/7998 #7998] Use system-wide crypto policy
> in TLS client
> * [https://pagure.io/freeipa/issue/8004 #8004] RHEL 8 uses nis-domainname
> instead of rhel-domainname
> * [https://pagure.io/freeipa/issue/8159 #8159] please migrate to the new
> Fedora translation platform
> * [https://pagure.io/freeipa/issue/8193 #8193] Re-order
> 50-externalmembers.update to be after 80-schema_compat.update
> * [https://pagure.io/freeipa/issue/8228 #8228] Nightly failure in
> backup/restore while calling 'id admin'
> * [https://pagure.io/freeipa/issue/8233 #8233] 4.8.5 master Installation error
> * [https://pagure.io/freeipa/issue/8236 #8236] Enforce a check to prevent
> adding objects from IPA as external members of external groups
> * [https://pagure.io/freeipa/issue/8239 #8239] Actualize Bootstrap version
* [https://pagure.io/freeipa/issue/8240 #8240] KRA install fails if
all KRA members are Hidden Replicas
> * [https://pagure.io/freeipa/issue/8241 #8241] Build fails on Fedora 30
> == Detailed changelog since 4.8.5 ==
> === Alexander Bokovoy (34) ===
> * ipa-pwd-extop: don't check password policy for non-Kerberos account set by
> DM or a passsync manager
> [https://pagure.io/freeipa/c/bcbf64b1bf287d2b0b23bc7ac0cca9e8b789ba4a commit]
> [https://pagure.io/freeipa/issue/7181 #7181]
> * ipa-pwd-extop: use SLAPI_BIND_TARGET_SDN
> [https://pagure.io/freeipa/c/5bae736bc81eaa1167ec64a69a32506dad2ca286 commit]
> [https://pagure.io/freeipa/issue/7181 #7181]
> * ipatests: test sysaccount password change with a password policy applied
> [https://pagure.io/freeipa/c/313542e8a125c4904750826ef9eabdead7d874bd commit]
> [https://pagure.io/freeipa/issue/7181 #7181]
> * ipatests: allow changing sysaccount passwords as cn=Directory Manager
> [https://pagure.io/freeipa/c/f4dc10b8caac44f5c2a8edbb4c647e6dcf71c3bd commit]
> [https://pagure.io/freeipa/issue/7181 #7181]
> * Fix indentation levels
> [https://pagure.io/freeipa/c/c62b9e7f6ab0dec54540dc6cd389fe58f8858275 commit]
> * ipatests: always skip additional input for group-add-member --external
> [https://pagure.io/freeipa/c/74f36e7c2f7f6d17b56e06b5f05205edb8a286d7 commit]
> [https://pagure.io/freeipa/issue/8236 #8236]
> * po: update Chinese (China) translation
> [https://pagure.io/freeipa/c/c6adee04068ce946f8c9b8ad5db19721db13c602 commit]
> * po: update Ukrainian translation
> [https://pagure.io/freeipa/c/855a36b6c093fd21af7cf87524acc5d297692de3 commit]
> * po: update Tajik translation timestamp
> [https://pagure.io/freeipa/c/3d411cf29f29e1d391ed8f6eb159b88d450a332b commit]
> * po: update Slovak translation timestamp
> [https://pagure.io/freeipa/c/3c15e47a7c2212aab0ecdc320093bee2afa0bfdc commit]
> * po: update Russian translation
> [https://pagure.io/freeipa/c/db433fbe4e521d08dee2cdc2e65344d8203e03a4 commit]
> * po: update Portuguese (Brazil) translation timestamp
> [https://pagure.io/freeipa/c/eab195ff3884b482279279326b3a84ced4723b7e commit]
> * po: update Portuguese translation timestamp
> [https://pagure.io/freeipa/c/31a9da8efa793d492352f646fc804b902beec088 commit]
> * po: update Polish translation
> [https://pagure.io/freeipa/c/4e3867fcc49a8d2ff1085e630abd77666a06d838 commit]
> * po: update Punjabi translation timestamp
> [https://pagure.io/freeipa/c/e4dfb7409bd25dc5bc2cc1e99562f912a98509f8 commit]
> * po: update Dutch translation timestamp
> [https://pagure.io/freeipa/c/e7945284906998da0a798a1ff15a42dd3fdb96d9 commit]
> * po: update Marathi translation timestamp
> [https://pagure.io/freeipa/c/28a963eed0f27c214543b02fc34e15182e6fcc04 commit]
> * po: update Kannada translation timestamp
> [https://pagure.io/freeipa/c/89b048d1408834dde38321ac4f402083ebd30247 commit]
> * po: update Japanese translation timestamp
> [https://pagure.io/freeipa/c/89dbf88abb108cad7f44f92b4e94e66f21746cd3 commit]
> * po: update Indonesian translation timestamp
> [https://pagure.io/freeipa/c/124a563eb64d7f9a2190a13e9d68a7b608be2d22 commit]
> * po: update Hungarian translation timestamp
> [https://pagure.io/freeipa/c/595d5062b9e770a946156f69df2fe522d4745d9e commit]
> * po: update Hindi translation timestamp
> [https://pagure.io/freeipa/c/c4dd8b226ae97011bcc0546209f8473fbcd75ab8 commit]
> * po: update French translation
> [https://pagure.io/freeipa/c/a2ca393d35a1f34b2dbbd54c9c1d24b9f20960f0 commit]
> * po: update Basque translation timestamp
> [https://pagure.io/freeipa/c/92fb5c5268b8b1b02b7a1d12b9a6417c893a18f1 commit]
> * po: update Spanish translation
> [https://pagure.io/freeipa/c/7af52df7a8e54afe36649c5436fcfce759111751 commit]
> * po: update English (United Kingdom) translation timestamp
> [https://pagure.io/freeipa/c/37a1e927a1f123b8b9fdbaf815003cb04726f72c commit]
> * po: update German translation
> [https://pagure.io/freeipa/c/0d053d8b1df33f5602ae0e154743f1d1dce2c72d commit]
> * po: update Czech translation timestamp
> [https://pagure.io/freeipa/c/c8ba436c0dad467bf12dec4d4f141916d0b3fbbd commit]
> * po: update Catalan translation timestamp
> [https://pagure.io/freeipa/c/29e3ade05c8bea23c07ed1a1b5612af01f924d2d commit]
> * po: update Bengali translation timestamp
> [https://pagure.io/freeipa/c/16d9556c6f3d19f73256d6698a7659f78961a378 commit]
> * po: update ipa.pot template
> [https://pagure.io/freeipa/c/e23ba779d3aefd871e348b91e7b0fa003d97c96e commit]
> * Update translation infrastructure
> [https://pagure.io/freeipa/c/831f4dd320a93d01df6b06058c3ab618a98c9fd8 commit]
> [https://pagure.io/freeipa/issue/8159 #8159]
> * Keep ipa.pot translation file in git for weblate
> [https://pagure.io/freeipa/c/9ff7b4a411d13ca148d2f53603dbcc812d92380a commit]
> [https://pagure.io/freeipa/issue/8159 #8159]
> * Prevent adding IPA objects as external members of external groups
> [https://pagure.io/freeipa/c/127b8d9cf23bf65aa42e6ee9ed8d7f8628bbac19 commit]
> [https://pagure.io/freeipa/issue/8236 #8236]
>
> === Christian Heimes (5) ===
> * po: fix LINGUAS to use whitespace separation
> [https://pagure.io/freeipa/c/616ad399c99292542638e9e8f0995873e5c4f311 commit]
> [https://pagure.io/freeipa/issue/8159 #8159]
> * SELinux: apache_manage_pid_files for F30
> [https://pagure.io/freeipa/c/f08ced1b25e14f91526c82610a8219ae8ed898a3 commit]
> [https://pagure.io/freeipa/issue/8241 #8241]
> * Add pytest OpenSSH transport with password
> [https://pagure.io/freeipa/c/42aa86fadd7a7f2209e05291be9c76a8497998dd commit]
> * Move freeipa-selinux dependency to freeipa-common
> [https://pagure.io/freeipa/c/7d525ab4308060435808a311de55a76fb26a28c6 commit]
> [https://pagure.io/freeipa/issue/6891 #6891]
> * Integrate ipa_custodia policy
> [https://pagure.io/freeipa/c/04cc0450125e3c9e989c3e769a25ba2f1f336060 commit]
> [https://pagure.io/freeipa/issue/6891 #6891]
>
> === Florence Blanc-Renaud (3) ===
> * ipatests: wait for SSSD to become online in backup/restore tests
> [https://pagure.io/freeipa/c/ebb3c22ddb998997eb05e7bd4da2157e88b6c8f3 commit]
> [https://pagure.io/freeipa/issue/8228 #8228]
> * xmlrpc tests: add a test for idview-apply on a master
> [https://pagure.io/freeipa/c/c37a84628601d369f83546085b7e29be8fe11a59 commit]
> [https://pagure.io/freeipa/issue/5662 #5662]
> * idviews: prevent applying to a master
> [https://pagure.io/freeipa/c/7905891341197cb90faf635cf93ce63ae7a7a38b commit]
> [https://pagure.io/freeipa/issue/5662 #5662]
>
> === Mohammad Rizwan Yusuf (3) ===
> * ipatests: Skip test using paramiko when FIPS is enabled
> [https://pagure.io/freeipa/c/45507c1e86b634507fdc21dbb88ea9edd43e4166 commit]
> * Test if schema-compat-entry-attribute is set
> [https://pagure.io/freeipa/c/3f3fa403a944035cf5531939fe3a2e338da99612 commit]
> [https://pagure.io/freeipa/issue/8193 #8193]
> * Test if schema-compat-entry-attribute is set
> [https://pagure.io/freeipa/c/210619a98f0d8a042a181bab5891bdd595aa5351 commit]
> [https://pagure.io/freeipa/issue/8193 #8193]
>
> === Rob Crittenden (4) ===
> * Test that pwpolicy only applied on Kerberos entries
> [https://pagure.io/freeipa/c/b34063e700ac4c65b117705bafb0255c26bca060 commit]
> * Add ability to change a user password as the Directory Manager
> [https://pagure.io/freeipa/c/840671b1cdc508ea86f8412e6423f00b8c3bf809 commit]
> * Don't save password history on non-Kerberos accounts
> [https://pagure.io/freeipa/c/8b7bb96b327207284c8c0a45cf2979843482cf48 commit]
> * Test that ipa-healthcheck human output translates error strings
> [https://pagure.io/freeipa/c/7974ac9f8c7969df85f689d94f5b30c18e661daa commit]
>
> === Stanislav Levin (1) ===
> * pki-proxy: Don't rely on running apache until it's configured
> [https://pagure.io/freeipa/c/24c6ea3c9f2df757b3d714044c16083716e377ca commit]
> [https://pagure.io/freeipa/issue/8233 #8233]
>
> === Sergey Orlov (2) ===
> * ipatests: provide AD admin password when trying to establish trust
> [https://pagure.io/freeipa/c/814b47e85c87bc3c80c91ebd0aa9085ac06b521e commit]
> [https://pagure.io/freeipa/issue/7895 #7895]
> * ipatests: remove test_ordering
> [https://pagure.io/freeipa/c/0e9b020db201ff5797f0dabff05c3fc16a9bf79a commit]
>
> === Serhii Tsymbaliuk (1) ===
> * Web UI: Upgrade Bootstrap version 3.3.7 -> 3.4.1
> [https://pagure.io/freeipa/c/f1855dd51e1544a77f1b4a3d4c90f173c29fbed4 commit]
> [https://pagure.io/freeipa/issue/8239 #8239]
>
> === sumenon (1) ===
> * ipatests: Added testcase to check logrotate is added for healthcheck tool
> [https://pagure.io/freeipa/c/7d4687926e9866c378db8075dd7b55b3c40e71a9 commit]
>
> === Vit Mojzis (1) ===
> * selinux: disable ipa_custodia when installing custom policy
> [https://pagure.io/freeipa/c/f99cfa1443dfa33422eb4a7613d3dd9e921ccacd commit]
> [https://pagure.io/freeipa/issue/6891 #6891]
>
>
>
>
>
> --
> / Alexander Bokovoy
> Sr. Principal Software Engineer
> Security / Identity Management Engineering
> Red Hat Limited, Finland
> _______________________________________________
> FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
