[Freeipa-devel] [DRAFT] FreeIPA 4.9.12 Release Notes

Antonio Torres via FreeIPA-devel Thu, 20 Apr 2023 05:07:06 -0700

The FreeIPA team would like to announce FreeIPA 4.9.12 release!

It can be downloaded from http://www.freeipa.org/page/Downloads. Builds
for Fedora distributions will be available from the official repository
soon.


[[highlights_in_4.9.12]]
== Highlights in 4.9.12

*TODO RELEASE NOTES - put release notes (if any) to proper categories*

* 9287: [RFE] makeapi should validate the generated API doc vs stored
doc

'''''

* 9298: [Tracker] Nightly test failure (updates-testing) in
test_acme.py::TestACME::test_certbot_certonly_standalone

::
  ;;
    With Certbot update to 2.0.0, Certbot defaults to ECDSA certificate
    private keys for all new certificates. PKI ACME cert profile
    supports only rsa private keys, meaning that the key type needs to
    be forced to rsa when requesting an ACME certificate, using certbot
    --key-type rsa [...]

'''''

*END TODO*

=== Enhancements

[[known_issues]]
=== Known Issues

[[bug_fixes]]
=== Bug fixes

FreeIPA 4.9.12 is a stabilization release for the features delivered as
a part of 4.9.0 version series.

There are more than 30 bug-fixes since FreeIPA 4.9.11 release. Details
of the bug-fixes can be seen in the list of resolved tickets below.

== Upgrading

Upgrade instructions are available on Upgrade page.

== Feedback

Please provide comments, bugs and other feedback via the freeipa-users
mailing list
(https://lists.fedoraproject.org/archives/list/freeipa-us...@lists.fedorahosted.org/)
or #freeipa channel on libera.chat.

[[resolved_tickets]]
== Resolved tickets

* https://pagure.io/freeipa/issue/5130[#5130]
(https://bugzilla.redhat.com/show_bug.cgi?id=1243261[rhbz#1243261])
non-admin users cannot search hbac rules
* https://pagure.io/freeipa/issue/6044[#6044]
(https://bugzilla.redhat.com/show_bug.cgi?id=1353899[rhbz#1353899])
ipa-advise: object of type 'type' has no len()
* https://pagure.io/freeipa/issue/9002[#9002] Nightly failure in
test_fips.py::TestInstallFIPS::test_basic::setup
* https://pagure.io/freeipa/issue/9124[#9124] Nightly test failure in
test_smb.py::TestSMB::test_smb_service_s4u2self
* https://pagure.io/freeipa/issue/9135[#9135] Nightly test failure
(f37+): reverse zone not created
* https://pagure.io/freeipa/issue/9195[#9195]
(https://bugzilla.redhat.com/show_bug.cgi?id=2158775[rhbz#2158775])
Hiding a server does not completely clean up DNS records
* https://pagure.io/freeipa/issue/9226[#9226]
(https://bugzilla.redhat.com/show_bug.cgi?id=2124547[rhbz#2124547])
Infinite redirect loop in the WebUI for user root
* https://pagure.io/freeipa/issue/9238[#9238] Nightly test failure
(rawhide) in
test_ipahealthcheck.py::TestIpaHealthCheck::test_ds_configcheck_passwordstorage
* https://pagure.io/freeipa/issue/9279[#9279] ipa-otpd@.service:
deprecated syslog setting
* https://pagure.io/freeipa/issue/9282[#9282] Nightly test failure in
test_webui/test_subid.py/test_subid/test_subid_range_deletion_not_allowed
* https://pagure.io/freeipa/issue/9285[#9285] ipa-certupdate restarts
HTTPd too early
* https://pagure.io/freeipa/issue/9286[#9286]
(https://bugzilla.redhat.com/show_bug.cgi?id=2056009[rhbz#2056009])
memberManager ACIs aren't allowing group-based manager access due to
missing upgrade code
* https://pagure.io/freeipa/issue/9287[#9287] [RFE] makeapi should
validate the generated API doc vs stored doc
* https://pagure.io/freeipa/issue/9290[#9290]
(https://bugzilla.redhat.com/show_bug.cgi?id=2149889[rhbz#2149889])
idm:client is missing dependency on krb5-pkinit.
* https://pagure.io/freeipa/issue/9291[#9291] Nightly test failure
(rawhide) in test_ipa_dns_systemrecords_check
* https://pagure.io/freeipa/issue/9298[#9298] [Tracker] Nightly test
failure (updates-testing) in
test_acme.py::TestACME::test_certbot_certonly_standalone
* https://pagure.io/freeipa/issue/9306[#9306]
(https://bugzilla.redhat.com/show_bug.cgi?id=2160389[rhbz#2160389])
'ERROR Could not remove /tmp/tmpbkw6hawo.ipabkp' can be seen prior to
'ipa-client-install' command was successful.
* https://pagure.io/freeipa/issue/9310[#9310]
(https://bugzilla.redhat.com/show_bug.cgi?id=2162335[rhbz#2162335])
ipa-trust-add with --range-type=ipa-ad-trust-posix fails while creating
an ID range
* https://pagure.io/freeipa/issue/9314[#9314] Redundant build dependency
on python3-paste (if with lint)
* https://pagure.io/freeipa/issue/9315[#9315] [tests]
test_ipa_healthcheck_fips_enabled fails on system without
fips-mode-setup
* https://pagure.io/freeipa/issue/9316[#9316]
(https://bugzilla.redhat.com/show_bug.cgi?id=2166324[rhbz#2166324])
Passwordless (GSSAPI) SSH login with AD user
* https://pagure.io/freeipa/issue/9318[#9318] Incomplete fast
lint/codestyle check if both Python template files and Python modules
were changed
* https://pagure.io/freeipa/issue/9319[#9319] [tests] TestDNSResolver
failures on systems without or empty /etc/resolv.conf
* https://pagure.io/freeipa/issue/9320[#9320]
(https://bugzilla.redhat.com/show_bug.cgi?id=2018198[rhbz#2018198]) RFE
- Add a warning note about possible performance impact of the Auto
Member rebuild task.
* https://pagure.io/freeipa/issue/9324[#9324] ipatests: Frequent timeout
of test_acme
* https://pagure.io/freeipa/issue/9326[#9326] ipatests: timeout of
test_trust
* https://pagure.io/freeipa/issue/9329[#9329] Azure test:
WebUI_Unit_Tests are failing
* https://pagure.io/freeipa/issue/9332[#9332] Extend negative test
coverage for automember
* https://pagure.io/freeipa/issue/9333[#9333] ipa-client-install
--pkinit-identity can block in unattended mode
* https://pagure.io/freeipa/issue/9338[#9338] Update 'Auth indicators'
doc string to show 'ipd' usage
* https://pagure.io/freeipa/issue/9339[#9339] Broken support for
dnspython < 2
* https://pagure.io/freeipa/issue/9347[#9347] Azure Ci does not work
with Fedora Rawhide
* https://pagure.io/freeipa/issue/9349[#9349]
(https://bugzilla.redhat.com/show_bug.cgi?id=2180914[rhbz#2180914])
Sequence processing failures for group_add using server context
* https://pagure.io/freeipa/issue/9355[#9355] support python
cryptography 40.0
* https://pagure.io/freeipa/issue/9358[#9358] update_dna_shared_config
sometimes blocks installation for 2 minutes

[[detailed_changelog_since_4.9.11]]
== Detailed changelog since 4.9.11

[[alexander_bokovoy_6]]
=== Alexander Bokovoy (6)

* ipalib/x509: Implement abstract method
Certificate.verify_directly_issued_by
https://pagure.io/freeipa/c/e43b10858a8014b2b1b6e555bff48ab172f14a9b[commit]
https://pagure.io/freeipa/issue/9355[#9355]
* Fix tox in Azure CI
https://pagure.io/freeipa/c/53ac81765aaad71ef18e720017454c33df0ab27c[commit]
https://pagure.io/freeipa/issue/9347[#9347]
* Use system-wide chromium for webui tests
https://pagure.io/freeipa/c/3593a798cc6a6bc3130c59ec7acf3f534b69158f[commit]
https://pagure.io/freeipa/issue/9347[#9347]
* Don't fail if optional RPM macros file is missing
https://pagure.io/freeipa/c/801308af209167ef84351987cd894c5721e3d853[commit]
https://pagure.io/freeipa/issue/9347[#9347]
* ipa-kdb: PAC consistency checker needs to handle child domains as well
https://pagure.io/freeipa/c/2d7cc19d238e0a20a44bb5422fd369d1e5cf764f[commit]
https://pagure.io/freeipa/issue/9316[#9316]
* updates: fix memberManager ACI to allow managers from a specified
group
https://pagure.io/freeipa/c/651e28c1fb6b86ad1fbd4ea98644e00b7042499c[commit]
https://pagure.io/freeipa/issue/9286[#9286]

[[anuja_more_4]]
=== Anuja More (4)

* ipatests: Test that non admin user can search hbac rule.
https://pagure.io/freeipa/c/3599a4a7e35baa8b936b2c00abe4827be5473212[commit]
https://pagure.io/freeipa/issue/5130[#5130]
* ipatests: Test ipa-advise is not failing with error.
https://pagure.io/freeipa/c/b2f197d3100d7ca95ead6180fa6b196f1aa77f74[commit]
https://pagure.io/freeipa/issue/6044[#6044]
* PRCI: update test_trust.py for nightly pipelines.
https://pagure.io/freeipa/c/9577e0b1f5cc4b3569a71eea1657981355eb80f3[commit]
https://pagure.io/freeipa/issue/9326[#9326]
* Add test for SSH with GSSAPI auth.
https://pagure.io/freeipa/c/ed1959dc0cf8823a0ce60e32ce0de7a389ecb942[commit]
https://pagure.io/freeipa/issue/9316[#9316]

[[antonio_torres_8]]
=== Antonio Torres (8)

* Extend API documentation
https://pagure.io/freeipa/c/f3d5e11b979e13c40158928302ff23169cd9cc9c[commit]
* doc: allow notes on Param API Reference pages
https://pagure.io/freeipa/c/f2bb386b44ef96a1e90d30ea4d3d37799fd01388[commit]
* ipaserver: deepcopy objectclasses list from IPA config
https://pagure.io/freeipa/c/62fe608390c41115edf4e356a6cff2ab1a6d0daf[commit]
https://pagure.io/freeipa/issue/9349[#9349]
* API doc: add usage guides for groups, HBAC and sudo rules
https://pagure.io/freeipa/c/e96d91c104b616c175a8c66a6e93a60d5a06e7ab[commit]
* API doc: add note about ipa show-mappings to usage guide
https://pagure.io/freeipa/c/a6592c6a79f15b0e6eef02a3f3545b9b72bc1705[commit]
* API doc: validate generated reference
https://pagure.io/freeipa/c/34a06d7f06f35b9aad034f7a4ff99753a0426275[commit]
https://pagure.io/freeipa/issue/9287[#9287]
* API doc: add basic user management guide
https://pagure.io/freeipa/c/84c4449e93d57f5236f978388cf6561a4866686a[commit]
* Back to git snapshots
https://pagure.io/freeipa/c/1b7fccd6d44361b9c175d9049313f0a5ac46bb57[commit]

[[carla_martinez_1]]
=== Carla Martinez (1)

* Update 'Auth indicators' doc string
https://pagure.io/freeipa/c/42744ebbcab7ef0a6bf5f16d6fca513c323d2fa9[commit]
https://pagure.io/freeipa/issue/9338[#9338]

[[christian_heimes_3]]
=== Christian Heimes (3)

* Speed up installer by restarting DS after DNA plugin
https://pagure.io/freeipa/c/27e9181bdc684915a7f9f15631f4c3dd6ac5f884[commit]
https://pagure.io/freeipa/issue/9358[#9358]
* Don't block when kinit_pkinit() fails
https://pagure.io/freeipa/c/03f544e83c1f775786bcda211a35f15a0b2a582f[commit]
https://pagure.io/freeipa/issue/9333[#9333]
* ipa-certupdate: Update client certs before KDC/HTTPd restart
https://pagure.io/freeipa/c/f3052c17599c7318c385b27795678b368906fd26[commit]
https://pagure.io/freeipa/issue/9285[#9285]

[[chris_kelley_1]]
=== Chris Kelley (1)

* Check that CADogtagCertsConfigCheck can handle cert renewal
https://pagure.io/freeipa/c/bed21afd2b7bc43c5acd33ad450d284d04073a71[commit]

[[david_pascual_2]]
=== David Pascual (2)

* doc: Use case examples for PR-CI checker tool
https://pagure.io/freeipa/c/faa485345cff6a4decbbd4a7542a3f640f2ca097[commit]
* ipatests: fix (prci_checker) duplicated check & error return code
https://pagure.io/freeipa/c/398e091863c8d64271205fb4df26e688dddfe81e[commit]

[[erik_belko_1]]
=== Erik Belko (1)

* ipatests: Test MemberManager ACI to allow managers from a specified
group after upgrade scenario
https://pagure.io/freeipa/c/2fb6f0216e7433e0e6459678863edb2a31c90cde[commit]
https://pagure.io/freeipa/issue/9286[#9286]

[[florence_blanc_renaud_16]]
=== Florence Blanc-Renaud (16)

* ipatests: increase timeout for test_trust
https://pagure.io/freeipa/c/a7147fa4c67ee5bdfa6f6020fdfb6278131f79d4[commit]
https://pagure.io/freeipa/issue/9326[#9326]
* ipatests: remove wrong job definition TestACMEPrune
https://pagure.io/freeipa/c/bdd115239adeae9f84b016207552b60985d65854[commit]
https://pagure.io/freeipa/issue/9324[#9324]
* ipatests: increase timeout for test_acme
https://pagure.io/freeipa/c/67131ae7f93e6ceab9be06d29151c37d74024699[commit]
https://pagure.io/freeipa/issue/9324[#9324]
* automember-rebuild: add a notice about high CPU usage
https://pagure.io/freeipa/c/2deaaa788cbdde22d5b15566599fdcf7a10f02c6[commit]
https://pagure.io/freeipa/issue/9320[#9320]
* trust-add: handle missing msSFU30MaxGidNumber
https://pagure.io/freeipa/c/703ab8c4dfb7f8fd1540c3849ad469d39695a26f[commit]
https://pagure.io/freeipa/issue/9310[#9310]
* Tests: force key type in ACME tests
https://pagure.io/freeipa/c/16c37cf26c8bf3a032a2d6845b3ff406002590be[commit]
https://pagure.io/freeipa/issue/9298[#9298]
* server install: remove error log about missing bkup file
https://pagure.io/freeipa/c/6f50b00953c0000d6da8db0f5e8974ae33d7b5d5[commit]
https://pagure.io/freeipa/issue/9306[#9306]
* ipatests: mark test_smb as xfail
https://pagure.io/freeipa/c/1bdd8147e7fa1032025dc6f6868e26f285744ee1[commit]
https://pagure.io/freeipa/issue/9124[#9124]
* ipatests: update the xfail annotation for test_number_of_zones
https://pagure.io/freeipa/c/cc9e568e5c769754a5882a52e2a32d6e1c3a64bc[commit]
https://pagure.io/freeipa/issue/9135[#9135]
* Spec file: bump krb5_kdb_version on rawhide
https://pagure.io/freeipa/c/f2b4d019881232833e915fedba48537548d2ef60[commit]
* FIPS setup: fix typo filtering camellia encryption
https://pagure.io/freeipa/c/f2a337caaf82fca4a8d7c347454b412ba2b4a0dd[commit]
* cert utilities: MAC verification is incompatible with FIPS mode
https://pagure.io/freeipa/c/42381ebd036feee63fab2bbf8579b7a385624bf7[commit]
* ipatests: update the fake fips mode expected message
https://pagure.io/freeipa/c/1d01692cf241645ca59b7f3d3e2096ce738d6a05[commit]
https://pagure.io/freeipa/issue/9002[#9002]
* Spec file: ipa-client depends on krb5-pkinit-openssl
https://pagure.io/freeipa/c/d7c5fe5f1cc3b68492da27cf4ea25b611412c834[commit]
https://pagure.io/freeipa/issue/9290[#9290]
* webui tests: fix assertion in test_subid.py
https://pagure.io/freeipa/c/3801d0c1c8a3dbec54dead29666137de2649e109[commit]
https://pagure.io/freeipa/issue/9282[#9282]
* PRCI: update memory reqs for each topology
https://pagure.io/freeipa/c/4f69f4cff32c0b5f8d4a36484a541a4b96c07e9d[commit]

[[mbhalodi_4]]
=== mbhalodi (4)

* ipatests: Test for sequence processing failures with server context
https://pagure.io/freeipa/c/6e5c6b1a138c3ead57cb42483f45f364894342e3[commit]
https://pagure.io/freeipa/issue/9349[#9349]
* ipatests: add missing automember-cli tests
https://pagure.io/freeipa/c/34c1574bed9fe6d35ea6a9e04f4e2e148fec9788[commit]
https://pagure.io/freeipa/issue/9332[#9332]
* ipatests: WebUI - ensure that ipa automember-rebuild prints a warning
https://pagure.io/freeipa/c/ff50fe5f038be52207bb770179becc31fbc74e17[commit]
https://pagure.io/freeipa/issue/9320[#9320]
* ipatests: ensure that ipa automember-rebuild prints a warning
https://pagure.io/freeipa/c/d035dc78cc7a1c88fc443719793a7c619af86fde[commit]
https://pagure.io/freeipa/issue/9320[#9320]

[[michal_polovka_1]]
=== Michal Polovka (1)

* ipatest: loginscreen: do not use hardcoded password
https://pagure.io/freeipa/c/2eca13e9660b3394fdd0a793142428dfe9d9ffa6[commit]
https://pagure.io/freeipa/issue/9226[#9226]

[[rob_crittenden_3]]
=== Rob Crittenden (3)

* Wipe the ipa-ca DNS record when updating system records
https://pagure.io/freeipa/c/b9387280543b86444cf4c258a7b720f492357baf[commit]
https://pagure.io/freeipa/issue/9195[#9195]
* tests: Add new ipa-ca error messages to IPADNSSystemRecordsCheck
https://pagure.io/freeipa/c/f28cb79ffaf18b190642a8b07e8fc4ea00fa4c58[commit]
https://pagure.io/freeipa/issue/9291[#9291]
* tests: Add ipa_ca_name checking to DNS system records
https://pagure.io/freeipa/c/0231ea8cd7895da6bc2bbc155f2d94b551ebac5c[commit]
https://pagure.io/freeipa/issue/9291[#9291]

[[stanislav_levin_9]]
=== Stanislav Levin (9)

* fastlint: Correct concatenation of file lists
https://pagure.io/freeipa/c/d8418ce63de206967bea5918615ee4471183cd06[commit]
https://pagure.io/freeipa/issue/9318[#9318]
* dns: Fix support for dnspython 1.1x
https://pagure.io/freeipa/c/c57507f3a4ed1f3314d0f57ad4f3469220b2cb6b[commit]
https://pagure.io/freeipa/issue/9339[#9339]
* tests: webui: Update vendored qunit
https://pagure.io/freeipa/c/9b15dca6095a44589c55aa6f8ef8c7646341d4d8[commit]
https://pagure.io/freeipa/issue/9329[#9329]
* AP: webui: List installed nodejs packages
https://pagure.io/freeipa/c/1ec521d9aea95fa212f3a8acf966a9eca32c257f[commit]
https://pagure.io/freeipa/issue/9329[#9329]
* tests: webui: Load qunit only once
https://pagure.io/freeipa/c/958a3958b4835fc2454e8bd71797638dcef9c460[commit]
https://pagure.io/freeipa/issue/9329[#9329]
* tests: webui: Allow file access from files in tests
https://pagure.io/freeipa/c/a9f29047ab352757ddfeb5cda9701fee0a06032a[commit]
https://pagure.io/freeipa/issue/9329[#9329]
* tests: Configure DNSResolver as platform agnostic resolver
https://pagure.io/freeipa/c/e6f1b363c40f6e04d7ce6eeb80597e89c5684875[commit]
https://pagure.io/freeipa/issue/9319[#9319]
* spec: Drop no longer used build dependency on paste
https://pagure.io/freeipa/c/ebd4096f039964cfd1d95467630c10559d051e13[commit]
https://pagure.io/freeipa/issue/9314[#9314]
* ipatests: healthcheck: Handle missing fips-mode-setup
https://pagure.io/freeipa/c/8d2c8fcf0ca498e9fc431cf3e531bbd39cb1d9a2[commit]
https://pagure.io/freeipa/issue/9315[#9315]

[[sumedh_sidhaye_1]]
=== Sumedh Sidhaye (1)

* With the commit #99a74d7, 389-ds changed the message returned in
ipa-healthcheck.
https://pagure.io/freeipa/c/e8ef2c2f226704ce510525f07675107179124a95[commit]
https://pagure.io/freeipa/issue/9238[#9238]

[[sudhir_menon_1]]
=== Sudhir Menon (1)

* Fixes: ipa-otpd@.service: deprecated syslog setting
https://pagure.io/freeipa/c/05bba992a6f8ba9f3c4383d023f5977dff457382[commit]
https://pagure.io/freeipa/issue/9279[#9279]

[[thorsten_scherf_1]]
=== Thorsten Scherf (1)

* external-idp: change idp server name to reference name
https://pagure.io/freeipa/c/b9c6ea67d896e52b61bd40bfd84b8d84b69ec35e[commit]

The FreeIPA team would like to announce FreeIPA 4.9.12 release!

It can be downloaded from http://www.freeipa.org/page/Downloads. Builds
for Fedora distributions will be available from the official repository
soon.

[[highlights_in_4.9.12_1]]
== Highlights in 4.9.12

*TODO RELEASE NOTES - put release notes (if any) to proper categories*

* 9287: [RFE] makeapi should validate the generated API doc vs stored
doc

'''''

* 9298: [Tracker] Nightly test failure (updates-testing) in
test_acme.py::TestACME::test_certbot_certonly_standalone

::
  ;;
    With Certbot update to 2.0.0, Certbot defaults to ECDSA certificate
    private keys for all new certificates. PKI ACME cert profile
    supports only rsa private keys, meaning that the key type needs to
    be forced to rsa when requesting an ACME certificate, using certbot
    --key-type rsa [...]

'''''

*END TODO*

[[enhancements_1]]
=== Enhancements

[[known_issues_1]]
=== Known Issues

[[bug_fixes_1]]
=== Bug fixes

FreeIPA 4.9.12 is a stabilization release for the features delivered as
a part of 4.9.0 version series.

There are more than 30 bug-fixes since FreeIPA 4.9.11 release. Details
of the bug-fixes can be seen in the list of resolved tickets below.

[[upgrading_1]]
== Upgrading

Upgrade instructions are available on Upgrade page.

[[feedback_1]]
== Feedback

Please provide comments, bugs and other feedback via the freeipa-users
mailing list
(https://lists.fedoraproject.org/archives/list/freeipa-us...@lists.fedorahosted.org/)
or #freeipa channel on libera.chat.

[[resolved_tickets_1]]
== Resolved tickets

* https://pagure.io/freeipa/issue/5130[#5130]
(https://bugzilla.redhat.com/show_bug.cgi?id=1243261[rhbz#1243261])
non-admin users cannot search hbac rules
* https://pagure.io/freeipa/issue/6044[#6044]
(https://bugzilla.redhat.com/show_bug.cgi?id=1353899[rhbz#1353899])
ipa-advise: object of type 'type' has no len()
* https://pagure.io/freeipa/issue/9002[#9002] Nightly failure in
test_fips.py::TestInstallFIPS::test_basic::setup
* https://pagure.io/freeipa/issue/9124[#9124] Nightly test failure in
test_smb.py::TestSMB::test_smb_service_s4u2self
* https://pagure.io/freeipa/issue/9135[#9135] Nightly test failure
(f37+): reverse zone not created
* https://pagure.io/freeipa/issue/9195[#9195]
(https://bugzilla.redhat.com/show_bug.cgi?id=2158775[rhbz#2158775])
Hiding a server does not completely clean up DNS records
* https://pagure.io/freeipa/issue/9226[#9226]
(https://bugzilla.redhat.com/show_bug.cgi?id=2124547[rhbz#2124547])
Infinite redirect loop in the WebUI for user root
* https://pagure.io/freeipa/issue/9238[#9238] Nightly test failure
(rawhide) in
test_ipahealthcheck.py::TestIpaHealthCheck::test_ds_configcheck_passwordstorage
* https://pagure.io/freeipa/issue/9279[#9279] ipa-otpd@.service:
deprecated syslog setting
* https://pagure.io/freeipa/issue/9282[#9282] Nightly test failure in
test_webui/test_subid.py/test_subid/test_subid_range_deletion_not_allowed
* https://pagure.io/freeipa/issue/9285[#9285] ipa-certupdate restarts
HTTPd too early
* https://pagure.io/freeipa/issue/9286[#9286]
(https://bugzilla.redhat.com/show_bug.cgi?id=2056009[rhbz#2056009])
memberManager ACIs aren't allowing group-based manager access due to
missing upgrade code
* https://pagure.io/freeipa/issue/9287[#9287] [RFE] makeapi should
validate the generated API doc vs stored doc
* https://pagure.io/freeipa/issue/9290[#9290]
(https://bugzilla.redhat.com/show_bug.cgi?id=2149889[rhbz#2149889])
idm:client is missing dependency on krb5-pkinit.
* https://pagure.io/freeipa/issue/9291[#9291] Nightly test failure
(rawhide) in test_ipa_dns_systemrecords_check
* https://pagure.io/freeipa/issue/9298[#9298] [Tracker] Nightly test
failure (updates-testing) in
test_acme.py::TestACME::test_certbot_certonly_standalone
* https://pagure.io/freeipa/issue/9306[#9306]
(https://bugzilla.redhat.com/show_bug.cgi?id=2160389[rhbz#2160389])
'ERROR Could not remove /tmp/tmpbkw6hawo.ipabkp' can be seen prior to
'ipa-client-install' command was successful.
* https://pagure.io/freeipa/issue/9310[#9310]
(https://bugzilla.redhat.com/show_bug.cgi?id=2162335[rhbz#2162335])
ipa-trust-add with --range-type=ipa-ad-trust-posix fails while creating
an ID range
* https://pagure.io/freeipa/issue/9314[#9314] Redundant build dependency
on python3-paste (if with lint)
* https://pagure.io/freeipa/issue/9315[#9315] [tests]
test_ipa_healthcheck_fips_enabled fails on system without
fips-mode-setup
* https://pagure.io/freeipa/issue/9316[#9316]
(https://bugzilla.redhat.com/show_bug.cgi?id=2166324[rhbz#2166324])
Passwordless (GSSAPI) SSH login with AD user
* https://pagure.io/freeipa/issue/9318[#9318] Incomplete fast
lint/codestyle check if both Python template files and Python modules
were changed
* https://pagure.io/freeipa/issue/9319[#9319] [tests] TestDNSResolver
failures on systems without or empty /etc/resolv.conf
* https://pagure.io/freeipa/issue/9320[#9320]
(https://bugzilla.redhat.com/show_bug.cgi?id=2018198[rhbz#2018198]) RFE
- Add a warning note about possible performance impact of the Auto
Member rebuild task.
* https://pagure.io/freeipa/issue/9324[#9324] ipatests: Frequent timeout
of test_acme
* https://pagure.io/freeipa/issue/9326[#9326] ipatests: timeout of
test_trust
* https://pagure.io/freeipa/issue/9329[#9329] Azure test:
WebUI_Unit_Tests are failing
* https://pagure.io/freeipa/issue/9332[#9332] Extend negative test
coverage for automember
* https://pagure.io/freeipa/issue/9333[#9333] ipa-client-install
--pkinit-identity can block in unattended mode
* https://pagure.io/freeipa/issue/9338[#9338] Update 'Auth indicators'
doc string to show 'ipd' usage
* https://pagure.io/freeipa/issue/9339[#9339] Broken support for
dnspython < 2
* https://pagure.io/freeipa/issue/9347[#9347] Azure Ci does not work
with Fedora Rawhide
* https://pagure.io/freeipa/issue/9349[#9349]
(https://bugzilla.redhat.com/show_bug.cgi?id=2180914[rhbz#2180914])
Sequence processing failures for group_add using server context
* https://pagure.io/freeipa/issue/9355[#9355] support python
cryptography 40.0
* https://pagure.io/freeipa/issue/9358[#9358] update_dna_shared_config
sometimes blocks installation for 2 minutes

[[detailed_changelog_since_4.9.11_1]]
== Detailed changelog since 4.9.11

[[alexander_bokovoy_6_1]]
=== Alexander Bokovoy (6)

* ipalib/x509: Implement abstract method
Certificate.verify_directly_issued_by
https://pagure.io/freeipa/c/e43b10858a8014b2b1b6e555bff48ab172f14a9b[commit]
https://pagure.io/freeipa/issue/9355[#9355]
* Fix tox in Azure CI
https://pagure.io/freeipa/c/53ac81765aaad71ef18e720017454c33df0ab27c[commit]
https://pagure.io/freeipa/issue/9347[#9347]
* Use system-wide chromium for webui tests
https://pagure.io/freeipa/c/3593a798cc6a6bc3130c59ec7acf3f534b69158f[commit]
https://pagure.io/freeipa/issue/9347[#9347]
* Don't fail if optional RPM macros file is missing
https://pagure.io/freeipa/c/801308af209167ef84351987cd894c5721e3d853[commit]
https://pagure.io/freeipa/issue/9347[#9347]
* ipa-kdb: PAC consistency checker needs to handle child domains as well
https://pagure.io/freeipa/c/2d7cc19d238e0a20a44bb5422fd369d1e5cf764f[commit]
https://pagure.io/freeipa/issue/9316[#9316]
* updates: fix memberManager ACI to allow managers from a specified
group
https://pagure.io/freeipa/c/651e28c1fb6b86ad1fbd4ea98644e00b7042499c[commit]
https://pagure.io/freeipa/issue/9286[#9286]

[[anuja_more_4_1]]
=== Anuja More (4)

* ipatests: Test that non admin user can search hbac rule.
https://pagure.io/freeipa/c/3599a4a7e35baa8b936b2c00abe4827be5473212[commit]
https://pagure.io/freeipa/issue/5130[#5130]
* ipatests: Test ipa-advise is not failing with error.
https://pagure.io/freeipa/c/b2f197d3100d7ca95ead6180fa6b196f1aa77f74[commit]
https://pagure.io/freeipa/issue/6044[#6044]
* PRCI: update test_trust.py for nightly pipelines.
https://pagure.io/freeipa/c/9577e0b1f5cc4b3569a71eea1657981355eb80f3[commit]
https://pagure.io/freeipa/issue/9326[#9326]
* Add test for SSH with GSSAPI auth.
https://pagure.io/freeipa/c/ed1959dc0cf8823a0ce60e32ce0de7a389ecb942[commit]
https://pagure.io/freeipa/issue/9316[#9316]

[[antonio_torres_8_1]]
=== Antonio Torres (8)

* Extend API documentation
https://pagure.io/freeipa/c/f3d5e11b979e13c40158928302ff23169cd9cc9c[commit]
* doc: allow notes on Param API Reference pages
https://pagure.io/freeipa/c/f2bb386b44ef96a1e90d30ea4d3d37799fd01388[commit]
* ipaserver: deepcopy objectclasses list from IPA config
https://pagure.io/freeipa/c/62fe608390c41115edf4e356a6cff2ab1a6d0daf[commit]
https://pagure.io/freeipa/issue/9349[#9349]
* API doc: add usage guides for groups, HBAC and sudo rules
https://pagure.io/freeipa/c/e96d91c104b616c175a8c66a6e93a60d5a06e7ab[commit]
* API doc: add note about ipa show-mappings to usage guide
https://pagure.io/freeipa/c/a6592c6a79f15b0e6eef02a3f3545b9b72bc1705[commit]
* API doc: validate generated reference
https://pagure.io/freeipa/c/34a06d7f06f35b9aad034f7a4ff99753a0426275[commit]
https://pagure.io/freeipa/issue/9287[#9287]
* API doc: add basic user management guide
https://pagure.io/freeipa/c/84c4449e93d57f5236f978388cf6561a4866686a[commit]
* Back to git snapshots
https://pagure.io/freeipa/c/1b7fccd6d44361b9c175d9049313f0a5ac46bb57[commit]

[[carla_martinez_1_1]]
=== Carla Martinez (1)

* Update 'Auth indicators' doc string
https://pagure.io/freeipa/c/42744ebbcab7ef0a6bf5f16d6fca513c323d2fa9[commit]
https://pagure.io/freeipa/issue/9338[#9338]

[[christian_heimes_3_1]]
=== Christian Heimes (3)

* Speed up installer by restarting DS after DNA plugin
https://pagure.io/freeipa/c/27e9181bdc684915a7f9f15631f4c3dd6ac5f884[commit]
https://pagure.io/freeipa/issue/9358[#9358]
* Don't block when kinit_pkinit() fails
https://pagure.io/freeipa/c/03f544e83c1f775786bcda211a35f15a0b2a582f[commit]
https://pagure.io/freeipa/issue/9333[#9333]
* ipa-certupdate: Update client certs before KDC/HTTPd restart
https://pagure.io/freeipa/c/f3052c17599c7318c385b27795678b368906fd26[commit]
https://pagure.io/freeipa/issue/9285[#9285]

[[chris_kelley_1_1]]
=== Chris Kelley (1)

* Check that CADogtagCertsConfigCheck can handle cert renewal
https://pagure.io/freeipa/c/bed21afd2b7bc43c5acd33ad450d284d04073a71[commit]

[[david_pascual_2_1]]
=== David Pascual (2)

* doc: Use case examples for PR-CI checker tool
https://pagure.io/freeipa/c/faa485345cff6a4decbbd4a7542a3f640f2ca097[commit]
* ipatests: fix (prci_checker) duplicated check & error return code
https://pagure.io/freeipa/c/398e091863c8d64271205fb4df26e688dddfe81e[commit]

[[erik_belko_1_1]]
=== Erik Belko (1)

* ipatests: Test MemberManager ACI to allow managers from a specified
group after upgrade scenario
https://pagure.io/freeipa/c/2fb6f0216e7433e0e6459678863edb2a31c90cde[commit]
https://pagure.io/freeipa/issue/9286[#9286]

[[florence_blanc_renaud_16_1]]
=== Florence Blanc-Renaud (16)

* ipatests: increase timeout for test_trust
https://pagure.io/freeipa/c/a7147fa4c67ee5bdfa6f6020fdfb6278131f79d4[commit]
https://pagure.io/freeipa/issue/9326[#9326]
* ipatests: remove wrong job definition TestACMEPrune
https://pagure.io/freeipa/c/bdd115239adeae9f84b016207552b60985d65854[commit]
https://pagure.io/freeipa/issue/9324[#9324]
* ipatests: increase timeout for test_acme
https://pagure.io/freeipa/c/67131ae7f93e6ceab9be06d29151c37d74024699[commit]
https://pagure.io/freeipa/issue/9324[#9324]
* automember-rebuild: add a notice about high CPU usage
https://pagure.io/freeipa/c/2deaaa788cbdde22d5b15566599fdcf7a10f02c6[commit]
https://pagure.io/freeipa/issue/9320[#9320]
* trust-add: handle missing msSFU30MaxGidNumber
https://pagure.io/freeipa/c/703ab8c4dfb7f8fd1540c3849ad469d39695a26f[commit]
https://pagure.io/freeipa/issue/9310[#9310]
* Tests: force key type in ACME tests
https://pagure.io/freeipa/c/16c37cf26c8bf3a032a2d6845b3ff406002590be[commit]
https://pagure.io/freeipa/issue/9298[#9298]
* server install: remove error log about missing bkup file
https://pagure.io/freeipa/c/6f50b00953c0000d6da8db0f5e8974ae33d7b5d5[commit]
https://pagure.io/freeipa/issue/9306[#9306]
* ipatests: mark test_smb as xfail
https://pagure.io/freeipa/c/1bdd8147e7fa1032025dc6f6868e26f285744ee1[commit]
https://pagure.io/freeipa/issue/9124[#9124]
* ipatests: update the xfail annotation for test_number_of_zones
https://pagure.io/freeipa/c/cc9e568e5c769754a5882a52e2a32d6e1c3a64bc[commit]
https://pagure.io/freeipa/issue/9135[#9135]
* Spec file: bump krb5_kdb_version on rawhide
https://pagure.io/freeipa/c/f2b4d019881232833e915fedba48537548d2ef60[commit]
* FIPS setup: fix typo filtering camellia encryption
https://pagure.io/freeipa/c/f2a337caaf82fca4a8d7c347454b412ba2b4a0dd[commit]
* cert utilities: MAC verification is incompatible with FIPS mode
https://pagure.io/freeipa/c/42381ebd036feee63fab2bbf8579b7a385624bf7[commit]
* ipatests: update the fake fips mode expected message
https://pagure.io/freeipa/c/1d01692cf241645ca59b7f3d3e2096ce738d6a05[commit]
https://pagure.io/freeipa/issue/9002[#9002]
* Spec file: ipa-client depends on krb5-pkinit-openssl
https://pagure.io/freeipa/c/d7c5fe5f1cc3b68492da27cf4ea25b611412c834[commit]
https://pagure.io/freeipa/issue/9290[#9290]
* webui tests: fix assertion in test_subid.py
https://pagure.io/freeipa/c/3801d0c1c8a3dbec54dead29666137de2649e109[commit]
https://pagure.io/freeipa/issue/9282[#9282]
* PRCI: update memory reqs for each topology
https://pagure.io/freeipa/c/4f69f4cff32c0b5f8d4a36484a541a4b96c07e9d[commit]

[[mbhalodi_4_1]]
=== mbhalodi (4)

* ipatests: Test for sequence processing failures with server context
https://pagure.io/freeipa/c/6e5c6b1a138c3ead57cb42483f45f364894342e3[commit]
https://pagure.io/freeipa/issue/9349[#9349]
* ipatests: add missing automember-cli tests
https://pagure.io/freeipa/c/34c1574bed9fe6d35ea6a9e04f4e2e148fec9788[commit]
https://pagure.io/freeipa/issue/9332[#9332]
* ipatests: WebUI - ensure that ipa automember-rebuild prints a warning
https://pagure.io/freeipa/c/ff50fe5f038be52207bb770179becc31fbc74e17[commit]
https://pagure.io/freeipa/issue/9320[#9320]
* ipatests: ensure that ipa automember-rebuild prints a warning
https://pagure.io/freeipa/c/d035dc78cc7a1c88fc443719793a7c619af86fde[commit]
https://pagure.io/freeipa/issue/9320[#9320]

[[michal_polovka_1_1]]
=== Michal Polovka (1)

* ipatest: loginscreen: do not use hardcoded password
https://pagure.io/freeipa/c/2eca13e9660b3394fdd0a793142428dfe9d9ffa6[commit]
https://pagure.io/freeipa/issue/9226[#9226]

[[rob_crittenden_3_1]]
=== Rob Crittenden (3)

* Wipe the ipa-ca DNS record when updating system records
https://pagure.io/freeipa/c/b9387280543b86444cf4c258a7b720f492357baf[commit]
https://pagure.io/freeipa/issue/9195[#9195]
* tests: Add new ipa-ca error messages to IPADNSSystemRecordsCheck
https://pagure.io/freeipa/c/f28cb79ffaf18b190642a8b07e8fc4ea00fa4c58[commit]
https://pagure.io/freeipa/issue/9291[#9291]
* tests: Add ipa_ca_name checking to DNS system records
https://pagure.io/freeipa/c/0231ea8cd7895da6bc2bbc155f2d94b551ebac5c[commit]
https://pagure.io/freeipa/issue/9291[#9291]

[[stanislav_levin_9_1]]
=== Stanislav Levin (9)

* fastlint: Correct concatenation of file lists
https://pagure.io/freeipa/c/d8418ce63de206967bea5918615ee4471183cd06[commit]
https://pagure.io/freeipa/issue/9318[#9318]
* dns: Fix support for dnspython 1.1x
https://pagure.io/freeipa/c/c57507f3a4ed1f3314d0f57ad4f3469220b2cb6b[commit]
https://pagure.io/freeipa/issue/9339[#9339]
* tests: webui: Update vendored qunit
https://pagure.io/freeipa/c/9b15dca6095a44589c55aa6f8ef8c7646341d4d8[commit]
https://pagure.io/freeipa/issue/9329[#9329]
* AP: webui: List installed nodejs packages
https://pagure.io/freeipa/c/1ec521d9aea95fa212f3a8acf966a9eca32c257f[commit]
https://pagure.io/freeipa/issue/9329[#9329]
* tests: webui: Load qunit only once
https://pagure.io/freeipa/c/958a3958b4835fc2454e8bd71797638dcef9c460[commit]
https://pagure.io/freeipa/issue/9329[#9329]
* tests: webui: Allow file access from files in tests
https://pagure.io/freeipa/c/a9f29047ab352757ddfeb5cda9701fee0a06032a[commit]
https://pagure.io/freeipa/issue/9329[#9329]
* tests: Configure DNSResolver as platform agnostic resolver
https://pagure.io/freeipa/c/e6f1b363c40f6e04d7ce6eeb80597e89c5684875[commit]
https://pagure.io/freeipa/issue/9319[#9319]
* spec: Drop no longer used build dependency on paste
https://pagure.io/freeipa/c/ebd4096f039964cfd1d95467630c10559d051e13[commit]
https://pagure.io/freeipa/issue/9314[#9314]
* ipatests: healthcheck: Handle missing fips-mode-setup
https://pagure.io/freeipa/c/8d2c8fcf0ca498e9fc431cf3e531bbd39cb1d9a2[commit]
https://pagure.io/freeipa/issue/9315[#9315]

[[sumedh_sidhaye_1_1]]
=== Sumedh Sidhaye (1)

* With the commit #99a74d7, 389-ds changed the message returned in
ipa-healthcheck.
https://pagure.io/freeipa/c/e8ef2c2f226704ce510525f07675107179124a95[commit]
https://pagure.io/freeipa/issue/9238[#9238]

[[sudhir_menon_1_1]]
=== Sudhir Menon (1)

* Fixes: ipa-otpd@.service: deprecated syslog setting
https://pagure.io/freeipa/c/05bba992a6f8ba9f3c4383d023f5977dff457382[commit]
https://pagure.io/freeipa/issue/9279[#9279]

[[thorsten_scherf_1_1]]
=== Thorsten Scherf (1)

* external-idp: change idp server name to reference name
https://pagure.io/freeipa/c/b9c6ea67d896e52b61bd40bfd84b8d84b69ec35e[commit]
_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

[Freeipa-devel] [DRAFT] FreeIPA 4.9.12 Release Notes

Reply via email to