The FreeIPA team would like to announce FreeIPA 4.9.12 release! It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for Fedora distributions will be available from the official repository soon.
[[highlights_in_4.9.12]] == Highlights in 4.9.12 *TODO RELEASE NOTES - put release notes (if any) to proper categories* * 9287: [RFE] makeapi should validate the generated API doc vs stored doc ''''' * 9298: [Tracker] Nightly test failure (updates-testing) in test_acme.py::TestACME::test_certbot_certonly_standalone :: ;; With Certbot update to 2.0.0, Certbot defaults to ECDSA certificate private keys for all new certificates. PKI ACME cert profile supports only rsa private keys, meaning that the key type needs to be forced to rsa when requesting an ACME certificate, using certbot --key-type rsa [...] ''''' *END TODO* === Enhancements [[known_issues]] === Known Issues [[bug_fixes]] === Bug fixes FreeIPA 4.9.12 is a stabilization release for the features delivered as a part of 4.9.0 version series. There are more than 30 bug-fixes since FreeIPA 4.9.11 release. Details of the bug-fixes can be seen in the list of resolved tickets below. == Upgrading Upgrade instructions are available on Upgrade page. == Feedback Please provide comments, bugs and other feedback via the freeipa-users mailing list (https://lists.fedoraproject.org/archives/list/freeipa-us...@lists.fedorahosted.org/) or #freeipa channel on libera.chat. [[resolved_tickets]] == Resolved tickets * https://pagure.io/freeipa/issue/5130[#5130] (https://bugzilla.redhat.com/show_bug.cgi?id=1243261[rhbz#1243261]) non-admin users cannot search hbac rules * https://pagure.io/freeipa/issue/6044[#6044] (https://bugzilla.redhat.com/show_bug.cgi?id=1353899[rhbz#1353899]) ipa-advise: object of type 'type' has no len() * https://pagure.io/freeipa/issue/9002[#9002] Nightly failure in test_fips.py::TestInstallFIPS::test_basic::setup * https://pagure.io/freeipa/issue/9124[#9124] Nightly test failure in test_smb.py::TestSMB::test_smb_service_s4u2self * https://pagure.io/freeipa/issue/9135[#9135] Nightly test failure (f37+): reverse zone not created * https://pagure.io/freeipa/issue/9195[#9195] (https://bugzilla.redhat.com/show_bug.cgi?id=2158775[rhbz#2158775]) Hiding a server does not completely clean up DNS records * https://pagure.io/freeipa/issue/9226[#9226] (https://bugzilla.redhat.com/show_bug.cgi?id=2124547[rhbz#2124547]) Infinite redirect loop in the WebUI for user root * https://pagure.io/freeipa/issue/9238[#9238] Nightly test failure (rawhide) in test_ipahealthcheck.py::TestIpaHealthCheck::test_ds_configcheck_passwordstorage * https://pagure.io/freeipa/issue/9279[#9279] ipa-otpd@.service: deprecated syslog setting * https://pagure.io/freeipa/issue/9282[#9282] Nightly test failure in test_webui/test_subid.py/test_subid/test_subid_range_deletion_not_allowed * https://pagure.io/freeipa/issue/9285[#9285] ipa-certupdate restarts HTTPd too early * https://pagure.io/freeipa/issue/9286[#9286] (https://bugzilla.redhat.com/show_bug.cgi?id=2056009[rhbz#2056009]) memberManager ACIs aren't allowing group-based manager access due to missing upgrade code * https://pagure.io/freeipa/issue/9287[#9287] [RFE] makeapi should validate the generated API doc vs stored doc * https://pagure.io/freeipa/issue/9290[#9290] (https://bugzilla.redhat.com/show_bug.cgi?id=2149889[rhbz#2149889]) idm:client is missing dependency on krb5-pkinit. * https://pagure.io/freeipa/issue/9291[#9291] Nightly test failure (rawhide) in test_ipa_dns_systemrecords_check * https://pagure.io/freeipa/issue/9298[#9298] [Tracker] Nightly test failure (updates-testing) in test_acme.py::TestACME::test_certbot_certonly_standalone * https://pagure.io/freeipa/issue/9306[#9306] (https://bugzilla.redhat.com/show_bug.cgi?id=2160389[rhbz#2160389]) 'ERROR Could not remove /tmp/tmpbkw6hawo.ipabkp' can be seen prior to 'ipa-client-install' command was successful. * https://pagure.io/freeipa/issue/9310[#9310] (https://bugzilla.redhat.com/show_bug.cgi?id=2162335[rhbz#2162335]) ipa-trust-add with --range-type=ipa-ad-trust-posix fails while creating an ID range * https://pagure.io/freeipa/issue/9314[#9314] Redundant build dependency on python3-paste (if with lint) * https://pagure.io/freeipa/issue/9315[#9315] [tests] test_ipa_healthcheck_fips_enabled fails on system without fips-mode-setup * https://pagure.io/freeipa/issue/9316[#9316] (https://bugzilla.redhat.com/show_bug.cgi?id=2166324[rhbz#2166324]) Passwordless (GSSAPI) SSH login with AD user * https://pagure.io/freeipa/issue/9318[#9318] Incomplete fast lint/codestyle check if both Python template files and Python modules were changed * https://pagure.io/freeipa/issue/9319[#9319] [tests] TestDNSResolver failures on systems without or empty /etc/resolv.conf * https://pagure.io/freeipa/issue/9320[#9320] (https://bugzilla.redhat.com/show_bug.cgi?id=2018198[rhbz#2018198]) RFE - Add a warning note about possible performance impact of the Auto Member rebuild task. * https://pagure.io/freeipa/issue/9324[#9324] ipatests: Frequent timeout of test_acme * https://pagure.io/freeipa/issue/9326[#9326] ipatests: timeout of test_trust * https://pagure.io/freeipa/issue/9329[#9329] Azure test: WebUI_Unit_Tests are failing * https://pagure.io/freeipa/issue/9332[#9332] Extend negative test coverage for automember * https://pagure.io/freeipa/issue/9333[#9333] ipa-client-install --pkinit-identity can block in unattended mode * https://pagure.io/freeipa/issue/9338[#9338] Update 'Auth indicators' doc string to show 'ipd' usage * https://pagure.io/freeipa/issue/9339[#9339] Broken support for dnspython < 2 * https://pagure.io/freeipa/issue/9347[#9347] Azure Ci does not work with Fedora Rawhide * https://pagure.io/freeipa/issue/9349[#9349] (https://bugzilla.redhat.com/show_bug.cgi?id=2180914[rhbz#2180914]) Sequence processing failures for group_add using server context * https://pagure.io/freeipa/issue/9355[#9355] support python cryptography 40.0 * https://pagure.io/freeipa/issue/9358[#9358] update_dna_shared_config sometimes blocks installation for 2 minutes [[detailed_changelog_since_4.9.11]] == Detailed changelog since 4.9.11 [[alexander_bokovoy_6]] === Alexander Bokovoy (6) * ipalib/x509: Implement abstract method Certificate.verify_directly_issued_by https://pagure.io/freeipa/c/e43b10858a8014b2b1b6e555bff48ab172f14a9b[commit] https://pagure.io/freeipa/issue/9355[#9355] * Fix tox in Azure CI https://pagure.io/freeipa/c/53ac81765aaad71ef18e720017454c33df0ab27c[commit] https://pagure.io/freeipa/issue/9347[#9347] * Use system-wide chromium for webui tests https://pagure.io/freeipa/c/3593a798cc6a6bc3130c59ec7acf3f534b69158f[commit] https://pagure.io/freeipa/issue/9347[#9347] * Don't fail if optional RPM macros file is missing https://pagure.io/freeipa/c/801308af209167ef84351987cd894c5721e3d853[commit] https://pagure.io/freeipa/issue/9347[#9347] * ipa-kdb: PAC consistency checker needs to handle child domains as well https://pagure.io/freeipa/c/2d7cc19d238e0a20a44bb5422fd369d1e5cf764f[commit] https://pagure.io/freeipa/issue/9316[#9316] * updates: fix memberManager ACI to allow managers from a specified group https://pagure.io/freeipa/c/651e28c1fb6b86ad1fbd4ea98644e00b7042499c[commit] https://pagure.io/freeipa/issue/9286[#9286] [[anuja_more_4]] === Anuja More (4) * ipatests: Test that non admin user can search hbac rule. https://pagure.io/freeipa/c/3599a4a7e35baa8b936b2c00abe4827be5473212[commit] https://pagure.io/freeipa/issue/5130[#5130] * ipatests: Test ipa-advise is not failing with error. https://pagure.io/freeipa/c/b2f197d3100d7ca95ead6180fa6b196f1aa77f74[commit] https://pagure.io/freeipa/issue/6044[#6044] * PRCI: update test_trust.py for nightly pipelines. https://pagure.io/freeipa/c/9577e0b1f5cc4b3569a71eea1657981355eb80f3[commit] https://pagure.io/freeipa/issue/9326[#9326] * Add test for SSH with GSSAPI auth. https://pagure.io/freeipa/c/ed1959dc0cf8823a0ce60e32ce0de7a389ecb942[commit] https://pagure.io/freeipa/issue/9316[#9316] [[antonio_torres_8]] === Antonio Torres (8) * Extend API documentation https://pagure.io/freeipa/c/f3d5e11b979e13c40158928302ff23169cd9cc9c[commit] * doc: allow notes on Param API Reference pages https://pagure.io/freeipa/c/f2bb386b44ef96a1e90d30ea4d3d37799fd01388[commit] * ipaserver: deepcopy objectclasses list from IPA config https://pagure.io/freeipa/c/62fe608390c41115edf4e356a6cff2ab1a6d0daf[commit] https://pagure.io/freeipa/issue/9349[#9349] * API doc: add usage guides for groups, HBAC and sudo rules https://pagure.io/freeipa/c/e96d91c104b616c175a8c66a6e93a60d5a06e7ab[commit] * API doc: add note about ipa show-mappings to usage guide https://pagure.io/freeipa/c/a6592c6a79f15b0e6eef02a3f3545b9b72bc1705[commit] * API doc: validate generated reference https://pagure.io/freeipa/c/34a06d7f06f35b9aad034f7a4ff99753a0426275[commit] https://pagure.io/freeipa/issue/9287[#9287] * API doc: add basic user management guide https://pagure.io/freeipa/c/84c4449e93d57f5236f978388cf6561a4866686a[commit] * Back to git snapshots https://pagure.io/freeipa/c/1b7fccd6d44361b9c175d9049313f0a5ac46bb57[commit] [[carla_martinez_1]] === Carla Martinez (1) * Update 'Auth indicators' doc string https://pagure.io/freeipa/c/42744ebbcab7ef0a6bf5f16d6fca513c323d2fa9[commit] https://pagure.io/freeipa/issue/9338[#9338] [[christian_heimes_3]] === Christian Heimes (3) * Speed up installer by restarting DS after DNA plugin https://pagure.io/freeipa/c/27e9181bdc684915a7f9f15631f4c3dd6ac5f884[commit] https://pagure.io/freeipa/issue/9358[#9358] * Don't block when kinit_pkinit() fails https://pagure.io/freeipa/c/03f544e83c1f775786bcda211a35f15a0b2a582f[commit] https://pagure.io/freeipa/issue/9333[#9333] * ipa-certupdate: Update client certs before KDC/HTTPd restart https://pagure.io/freeipa/c/f3052c17599c7318c385b27795678b368906fd26[commit] https://pagure.io/freeipa/issue/9285[#9285] [[chris_kelley_1]] === Chris Kelley (1) * Check that CADogtagCertsConfigCheck can handle cert renewal https://pagure.io/freeipa/c/bed21afd2b7bc43c5acd33ad450d284d04073a71[commit] [[david_pascual_2]] === David Pascual (2) * doc: Use case examples for PR-CI checker tool https://pagure.io/freeipa/c/faa485345cff6a4decbbd4a7542a3f640f2ca097[commit] * ipatests: fix (prci_checker) duplicated check & error return code https://pagure.io/freeipa/c/398e091863c8d64271205fb4df26e688dddfe81e[commit] [[erik_belko_1]] === Erik Belko (1) * ipatests: Test MemberManager ACI to allow managers from a specified group after upgrade scenario https://pagure.io/freeipa/c/2fb6f0216e7433e0e6459678863edb2a31c90cde[commit] https://pagure.io/freeipa/issue/9286[#9286] [[florence_blanc_renaud_16]] === Florence Blanc-Renaud (16) * ipatests: increase timeout for test_trust https://pagure.io/freeipa/c/a7147fa4c67ee5bdfa6f6020fdfb6278131f79d4[commit] https://pagure.io/freeipa/issue/9326[#9326] * ipatests: remove wrong job definition TestACMEPrune https://pagure.io/freeipa/c/bdd115239adeae9f84b016207552b60985d65854[commit] https://pagure.io/freeipa/issue/9324[#9324] * ipatests: increase timeout for test_acme https://pagure.io/freeipa/c/67131ae7f93e6ceab9be06d29151c37d74024699[commit] https://pagure.io/freeipa/issue/9324[#9324] * automember-rebuild: add a notice about high CPU usage https://pagure.io/freeipa/c/2deaaa788cbdde22d5b15566599fdcf7a10f02c6[commit] https://pagure.io/freeipa/issue/9320[#9320] * trust-add: handle missing msSFU30MaxGidNumber https://pagure.io/freeipa/c/703ab8c4dfb7f8fd1540c3849ad469d39695a26f[commit] https://pagure.io/freeipa/issue/9310[#9310] * Tests: force key type in ACME tests https://pagure.io/freeipa/c/16c37cf26c8bf3a032a2d6845b3ff406002590be[commit] https://pagure.io/freeipa/issue/9298[#9298] * server install: remove error log about missing bkup file https://pagure.io/freeipa/c/6f50b00953c0000d6da8db0f5e8974ae33d7b5d5[commit] https://pagure.io/freeipa/issue/9306[#9306] * ipatests: mark test_smb as xfail https://pagure.io/freeipa/c/1bdd8147e7fa1032025dc6f6868e26f285744ee1[commit] https://pagure.io/freeipa/issue/9124[#9124] * ipatests: update the xfail annotation for test_number_of_zones https://pagure.io/freeipa/c/cc9e568e5c769754a5882a52e2a32d6e1c3a64bc[commit] https://pagure.io/freeipa/issue/9135[#9135] * Spec file: bump krb5_kdb_version on rawhide https://pagure.io/freeipa/c/f2b4d019881232833e915fedba48537548d2ef60[commit] * FIPS setup: fix typo filtering camellia encryption https://pagure.io/freeipa/c/f2a337caaf82fca4a8d7c347454b412ba2b4a0dd[commit] * cert utilities: MAC verification is incompatible with FIPS mode https://pagure.io/freeipa/c/42381ebd036feee63fab2bbf8579b7a385624bf7[commit] * ipatests: update the fake fips mode expected message https://pagure.io/freeipa/c/1d01692cf241645ca59b7f3d3e2096ce738d6a05[commit] https://pagure.io/freeipa/issue/9002[#9002] * Spec file: ipa-client depends on krb5-pkinit-openssl https://pagure.io/freeipa/c/d7c5fe5f1cc3b68492da27cf4ea25b611412c834[commit] https://pagure.io/freeipa/issue/9290[#9290] * webui tests: fix assertion in test_subid.py https://pagure.io/freeipa/c/3801d0c1c8a3dbec54dead29666137de2649e109[commit] https://pagure.io/freeipa/issue/9282[#9282] * PRCI: update memory reqs for each topology https://pagure.io/freeipa/c/4f69f4cff32c0b5f8d4a36484a541a4b96c07e9d[commit] [[mbhalodi_4]] === mbhalodi (4) * ipatests: Test for sequence processing failures with server context https://pagure.io/freeipa/c/6e5c6b1a138c3ead57cb42483f45f364894342e3[commit] https://pagure.io/freeipa/issue/9349[#9349] * ipatests: add missing automember-cli tests https://pagure.io/freeipa/c/34c1574bed9fe6d35ea6a9e04f4e2e148fec9788[commit] https://pagure.io/freeipa/issue/9332[#9332] * ipatests: WebUI - ensure that ipa automember-rebuild prints a warning https://pagure.io/freeipa/c/ff50fe5f038be52207bb770179becc31fbc74e17[commit] https://pagure.io/freeipa/issue/9320[#9320] * ipatests: ensure that ipa automember-rebuild prints a warning https://pagure.io/freeipa/c/d035dc78cc7a1c88fc443719793a7c619af86fde[commit] https://pagure.io/freeipa/issue/9320[#9320] [[michal_polovka_1]] === Michal Polovka (1) * ipatest: loginscreen: do not use hardcoded password https://pagure.io/freeipa/c/2eca13e9660b3394fdd0a793142428dfe9d9ffa6[commit] https://pagure.io/freeipa/issue/9226[#9226] [[rob_crittenden_3]] === Rob Crittenden (3) * Wipe the ipa-ca DNS record when updating system records https://pagure.io/freeipa/c/b9387280543b86444cf4c258a7b720f492357baf[commit] https://pagure.io/freeipa/issue/9195[#9195] * tests: Add new ipa-ca error messages to IPADNSSystemRecordsCheck https://pagure.io/freeipa/c/f28cb79ffaf18b190642a8b07e8fc4ea00fa4c58[commit] https://pagure.io/freeipa/issue/9291[#9291] * tests: Add ipa_ca_name checking to DNS system records https://pagure.io/freeipa/c/0231ea8cd7895da6bc2bbc155f2d94b551ebac5c[commit] https://pagure.io/freeipa/issue/9291[#9291] [[stanislav_levin_9]] === Stanislav Levin (9) * fastlint: Correct concatenation of file lists https://pagure.io/freeipa/c/d8418ce63de206967bea5918615ee4471183cd06[commit] https://pagure.io/freeipa/issue/9318[#9318] * dns: Fix support for dnspython 1.1x https://pagure.io/freeipa/c/c57507f3a4ed1f3314d0f57ad4f3469220b2cb6b[commit] https://pagure.io/freeipa/issue/9339[#9339] * tests: webui: Update vendored qunit https://pagure.io/freeipa/c/9b15dca6095a44589c55aa6f8ef8c7646341d4d8[commit] https://pagure.io/freeipa/issue/9329[#9329] * AP: webui: List installed nodejs packages https://pagure.io/freeipa/c/1ec521d9aea95fa212f3a8acf966a9eca32c257f[commit] https://pagure.io/freeipa/issue/9329[#9329] * tests: webui: Load qunit only once https://pagure.io/freeipa/c/958a3958b4835fc2454e8bd71797638dcef9c460[commit] https://pagure.io/freeipa/issue/9329[#9329] * tests: webui: Allow file access from files in tests https://pagure.io/freeipa/c/a9f29047ab352757ddfeb5cda9701fee0a06032a[commit] https://pagure.io/freeipa/issue/9329[#9329] * tests: Configure DNSResolver as platform agnostic resolver https://pagure.io/freeipa/c/e6f1b363c40f6e04d7ce6eeb80597e89c5684875[commit] https://pagure.io/freeipa/issue/9319[#9319] * spec: Drop no longer used build dependency on paste https://pagure.io/freeipa/c/ebd4096f039964cfd1d95467630c10559d051e13[commit] https://pagure.io/freeipa/issue/9314[#9314] * ipatests: healthcheck: Handle missing fips-mode-setup https://pagure.io/freeipa/c/8d2c8fcf0ca498e9fc431cf3e531bbd39cb1d9a2[commit] https://pagure.io/freeipa/issue/9315[#9315] [[sumedh_sidhaye_1]] === Sumedh Sidhaye (1) * With the commit #99a74d7, 389-ds changed the message returned in ipa-healthcheck. https://pagure.io/freeipa/c/e8ef2c2f226704ce510525f07675107179124a95[commit] https://pagure.io/freeipa/issue/9238[#9238] [[sudhir_menon_1]] === Sudhir Menon (1) * Fixes: ipa-otpd@.service: deprecated syslog setting https://pagure.io/freeipa/c/05bba992a6f8ba9f3c4383d023f5977dff457382[commit] https://pagure.io/freeipa/issue/9279[#9279] [[thorsten_scherf_1]] === Thorsten Scherf (1) * external-idp: change idp server name to reference name https://pagure.io/freeipa/c/b9c6ea67d896e52b61bd40bfd84b8d84b69ec35e[commit] The FreeIPA team would like to announce FreeIPA 4.9.12 release! It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for Fedora distributions will be available from the official repository soon. [[highlights_in_4.9.12_1]] == Highlights in 4.9.12 *TODO RELEASE NOTES - put release notes (if any) to proper categories* * 9287: [RFE] makeapi should validate the generated API doc vs stored doc ''''' * 9298: [Tracker] Nightly test failure (updates-testing) in test_acme.py::TestACME::test_certbot_certonly_standalone :: ;; With Certbot update to 2.0.0, Certbot defaults to ECDSA certificate private keys for all new certificates. PKI ACME cert profile supports only rsa private keys, meaning that the key type needs to be forced to rsa when requesting an ACME certificate, using certbot --key-type rsa [...] ''''' *END TODO* [[enhancements_1]] === Enhancements [[known_issues_1]] === Known Issues [[bug_fixes_1]] === Bug fixes FreeIPA 4.9.12 is a stabilization release for the features delivered as a part of 4.9.0 version series. There are more than 30 bug-fixes since FreeIPA 4.9.11 release. Details of the bug-fixes can be seen in the list of resolved tickets below. [[upgrading_1]] == Upgrading Upgrade instructions are available on Upgrade page. [[feedback_1]] == Feedback Please provide comments, bugs and other feedback via the freeipa-users mailing list (https://lists.fedoraproject.org/archives/list/freeipa-us...@lists.fedorahosted.org/) or #freeipa channel on libera.chat. [[resolved_tickets_1]] == Resolved tickets * https://pagure.io/freeipa/issue/5130[#5130] (https://bugzilla.redhat.com/show_bug.cgi?id=1243261[rhbz#1243261]) non-admin users cannot search hbac rules * https://pagure.io/freeipa/issue/6044[#6044] (https://bugzilla.redhat.com/show_bug.cgi?id=1353899[rhbz#1353899]) ipa-advise: object of type 'type' has no len() * https://pagure.io/freeipa/issue/9002[#9002] Nightly failure in test_fips.py::TestInstallFIPS::test_basic::setup * https://pagure.io/freeipa/issue/9124[#9124] Nightly test failure in test_smb.py::TestSMB::test_smb_service_s4u2self * https://pagure.io/freeipa/issue/9135[#9135] Nightly test failure (f37+): reverse zone not created * https://pagure.io/freeipa/issue/9195[#9195] (https://bugzilla.redhat.com/show_bug.cgi?id=2158775[rhbz#2158775]) Hiding a server does not completely clean up DNS records * https://pagure.io/freeipa/issue/9226[#9226] (https://bugzilla.redhat.com/show_bug.cgi?id=2124547[rhbz#2124547]) Infinite redirect loop in the WebUI for user root * https://pagure.io/freeipa/issue/9238[#9238] Nightly test failure (rawhide) in test_ipahealthcheck.py::TestIpaHealthCheck::test_ds_configcheck_passwordstorage * https://pagure.io/freeipa/issue/9279[#9279] ipa-otpd@.service: deprecated syslog setting * https://pagure.io/freeipa/issue/9282[#9282] Nightly test failure in test_webui/test_subid.py/test_subid/test_subid_range_deletion_not_allowed * https://pagure.io/freeipa/issue/9285[#9285] ipa-certupdate restarts HTTPd too early * https://pagure.io/freeipa/issue/9286[#9286] (https://bugzilla.redhat.com/show_bug.cgi?id=2056009[rhbz#2056009]) memberManager ACIs aren't allowing group-based manager access due to missing upgrade code * https://pagure.io/freeipa/issue/9287[#9287] [RFE] makeapi should validate the generated API doc vs stored doc * https://pagure.io/freeipa/issue/9290[#9290] (https://bugzilla.redhat.com/show_bug.cgi?id=2149889[rhbz#2149889]) idm:client is missing dependency on krb5-pkinit. * https://pagure.io/freeipa/issue/9291[#9291] Nightly test failure (rawhide) in test_ipa_dns_systemrecords_check * https://pagure.io/freeipa/issue/9298[#9298] [Tracker] Nightly test failure (updates-testing) in test_acme.py::TestACME::test_certbot_certonly_standalone * https://pagure.io/freeipa/issue/9306[#9306] (https://bugzilla.redhat.com/show_bug.cgi?id=2160389[rhbz#2160389]) 'ERROR Could not remove /tmp/tmpbkw6hawo.ipabkp' can be seen prior to 'ipa-client-install' command was successful. * https://pagure.io/freeipa/issue/9310[#9310] (https://bugzilla.redhat.com/show_bug.cgi?id=2162335[rhbz#2162335]) ipa-trust-add with --range-type=ipa-ad-trust-posix fails while creating an ID range * https://pagure.io/freeipa/issue/9314[#9314] Redundant build dependency on python3-paste (if with lint) * https://pagure.io/freeipa/issue/9315[#9315] [tests] test_ipa_healthcheck_fips_enabled fails on system without fips-mode-setup * https://pagure.io/freeipa/issue/9316[#9316] (https://bugzilla.redhat.com/show_bug.cgi?id=2166324[rhbz#2166324]) Passwordless (GSSAPI) SSH login with AD user * https://pagure.io/freeipa/issue/9318[#9318] Incomplete fast lint/codestyle check if both Python template files and Python modules were changed * https://pagure.io/freeipa/issue/9319[#9319] [tests] TestDNSResolver failures on systems without or empty /etc/resolv.conf * https://pagure.io/freeipa/issue/9320[#9320] (https://bugzilla.redhat.com/show_bug.cgi?id=2018198[rhbz#2018198]) RFE - Add a warning note about possible performance impact of the Auto Member rebuild task. * https://pagure.io/freeipa/issue/9324[#9324] ipatests: Frequent timeout of test_acme * https://pagure.io/freeipa/issue/9326[#9326] ipatests: timeout of test_trust * https://pagure.io/freeipa/issue/9329[#9329] Azure test: WebUI_Unit_Tests are failing * https://pagure.io/freeipa/issue/9332[#9332] Extend negative test coverage for automember * https://pagure.io/freeipa/issue/9333[#9333] ipa-client-install --pkinit-identity can block in unattended mode * https://pagure.io/freeipa/issue/9338[#9338] Update 'Auth indicators' doc string to show 'ipd' usage * https://pagure.io/freeipa/issue/9339[#9339] Broken support for dnspython < 2 * https://pagure.io/freeipa/issue/9347[#9347] Azure Ci does not work with Fedora Rawhide * https://pagure.io/freeipa/issue/9349[#9349] (https://bugzilla.redhat.com/show_bug.cgi?id=2180914[rhbz#2180914]) Sequence processing failures for group_add using server context * https://pagure.io/freeipa/issue/9355[#9355] support python cryptography 40.0 * https://pagure.io/freeipa/issue/9358[#9358] update_dna_shared_config sometimes blocks installation for 2 minutes [[detailed_changelog_since_4.9.11_1]] == Detailed changelog since 4.9.11 [[alexander_bokovoy_6_1]] === Alexander Bokovoy (6) * ipalib/x509: Implement abstract method Certificate.verify_directly_issued_by https://pagure.io/freeipa/c/e43b10858a8014b2b1b6e555bff48ab172f14a9b[commit] https://pagure.io/freeipa/issue/9355[#9355] * Fix tox in Azure CI https://pagure.io/freeipa/c/53ac81765aaad71ef18e720017454c33df0ab27c[commit] https://pagure.io/freeipa/issue/9347[#9347] * Use system-wide chromium for webui tests https://pagure.io/freeipa/c/3593a798cc6a6bc3130c59ec7acf3f534b69158f[commit] https://pagure.io/freeipa/issue/9347[#9347] * Don't fail if optional RPM macros file is missing https://pagure.io/freeipa/c/801308af209167ef84351987cd894c5721e3d853[commit] https://pagure.io/freeipa/issue/9347[#9347] * ipa-kdb: PAC consistency checker needs to handle child domains as well https://pagure.io/freeipa/c/2d7cc19d238e0a20a44bb5422fd369d1e5cf764f[commit] https://pagure.io/freeipa/issue/9316[#9316] * updates: fix memberManager ACI to allow managers from a specified group https://pagure.io/freeipa/c/651e28c1fb6b86ad1fbd4ea98644e00b7042499c[commit] https://pagure.io/freeipa/issue/9286[#9286] [[anuja_more_4_1]] === Anuja More (4) * ipatests: Test that non admin user can search hbac rule. https://pagure.io/freeipa/c/3599a4a7e35baa8b936b2c00abe4827be5473212[commit] https://pagure.io/freeipa/issue/5130[#5130] * ipatests: Test ipa-advise is not failing with error. https://pagure.io/freeipa/c/b2f197d3100d7ca95ead6180fa6b196f1aa77f74[commit] https://pagure.io/freeipa/issue/6044[#6044] * PRCI: update test_trust.py for nightly pipelines. https://pagure.io/freeipa/c/9577e0b1f5cc4b3569a71eea1657981355eb80f3[commit] https://pagure.io/freeipa/issue/9326[#9326] * Add test for SSH with GSSAPI auth. https://pagure.io/freeipa/c/ed1959dc0cf8823a0ce60e32ce0de7a389ecb942[commit] https://pagure.io/freeipa/issue/9316[#9316] [[antonio_torres_8_1]] === Antonio Torres (8) * Extend API documentation https://pagure.io/freeipa/c/f3d5e11b979e13c40158928302ff23169cd9cc9c[commit] * doc: allow notes on Param API Reference pages https://pagure.io/freeipa/c/f2bb386b44ef96a1e90d30ea4d3d37799fd01388[commit] * ipaserver: deepcopy objectclasses list from IPA config https://pagure.io/freeipa/c/62fe608390c41115edf4e356a6cff2ab1a6d0daf[commit] https://pagure.io/freeipa/issue/9349[#9349] * API doc: add usage guides for groups, HBAC and sudo rules https://pagure.io/freeipa/c/e96d91c104b616c175a8c66a6e93a60d5a06e7ab[commit] * API doc: add note about ipa show-mappings to usage guide https://pagure.io/freeipa/c/a6592c6a79f15b0e6eef02a3f3545b9b72bc1705[commit] * API doc: validate generated reference https://pagure.io/freeipa/c/34a06d7f06f35b9aad034f7a4ff99753a0426275[commit] https://pagure.io/freeipa/issue/9287[#9287] * API doc: add basic user management guide https://pagure.io/freeipa/c/84c4449e93d57f5236f978388cf6561a4866686a[commit] * Back to git snapshots https://pagure.io/freeipa/c/1b7fccd6d44361b9c175d9049313f0a5ac46bb57[commit] [[carla_martinez_1_1]] === Carla Martinez (1) * Update 'Auth indicators' doc string https://pagure.io/freeipa/c/42744ebbcab7ef0a6bf5f16d6fca513c323d2fa9[commit] https://pagure.io/freeipa/issue/9338[#9338] [[christian_heimes_3_1]] === Christian Heimes (3) * Speed up installer by restarting DS after DNA plugin https://pagure.io/freeipa/c/27e9181bdc684915a7f9f15631f4c3dd6ac5f884[commit] https://pagure.io/freeipa/issue/9358[#9358] * Don't block when kinit_pkinit() fails https://pagure.io/freeipa/c/03f544e83c1f775786bcda211a35f15a0b2a582f[commit] https://pagure.io/freeipa/issue/9333[#9333] * ipa-certupdate: Update client certs before KDC/HTTPd restart https://pagure.io/freeipa/c/f3052c17599c7318c385b27795678b368906fd26[commit] https://pagure.io/freeipa/issue/9285[#9285] [[chris_kelley_1_1]] === Chris Kelley (1) * Check that CADogtagCertsConfigCheck can handle cert renewal https://pagure.io/freeipa/c/bed21afd2b7bc43c5acd33ad450d284d04073a71[commit] [[david_pascual_2_1]] === David Pascual (2) * doc: Use case examples for PR-CI checker tool https://pagure.io/freeipa/c/faa485345cff6a4decbbd4a7542a3f640f2ca097[commit] * ipatests: fix (prci_checker) duplicated check & error return code https://pagure.io/freeipa/c/398e091863c8d64271205fb4df26e688dddfe81e[commit] [[erik_belko_1_1]] === Erik Belko (1) * ipatests: Test MemberManager ACI to allow managers from a specified group after upgrade scenario https://pagure.io/freeipa/c/2fb6f0216e7433e0e6459678863edb2a31c90cde[commit] https://pagure.io/freeipa/issue/9286[#9286] [[florence_blanc_renaud_16_1]] === Florence Blanc-Renaud (16) * ipatests: increase timeout for test_trust https://pagure.io/freeipa/c/a7147fa4c67ee5bdfa6f6020fdfb6278131f79d4[commit] https://pagure.io/freeipa/issue/9326[#9326] * ipatests: remove wrong job definition TestACMEPrune https://pagure.io/freeipa/c/bdd115239adeae9f84b016207552b60985d65854[commit] https://pagure.io/freeipa/issue/9324[#9324] * ipatests: increase timeout for test_acme https://pagure.io/freeipa/c/67131ae7f93e6ceab9be06d29151c37d74024699[commit] https://pagure.io/freeipa/issue/9324[#9324] * automember-rebuild: add a notice about high CPU usage https://pagure.io/freeipa/c/2deaaa788cbdde22d5b15566599fdcf7a10f02c6[commit] https://pagure.io/freeipa/issue/9320[#9320] * trust-add: handle missing msSFU30MaxGidNumber https://pagure.io/freeipa/c/703ab8c4dfb7f8fd1540c3849ad469d39695a26f[commit] https://pagure.io/freeipa/issue/9310[#9310] * Tests: force key type in ACME tests https://pagure.io/freeipa/c/16c37cf26c8bf3a032a2d6845b3ff406002590be[commit] https://pagure.io/freeipa/issue/9298[#9298] * server install: remove error log about missing bkup file https://pagure.io/freeipa/c/6f50b00953c0000d6da8db0f5e8974ae33d7b5d5[commit] https://pagure.io/freeipa/issue/9306[#9306] * ipatests: mark test_smb as xfail https://pagure.io/freeipa/c/1bdd8147e7fa1032025dc6f6868e26f285744ee1[commit] https://pagure.io/freeipa/issue/9124[#9124] * ipatests: update the xfail annotation for test_number_of_zones https://pagure.io/freeipa/c/cc9e568e5c769754a5882a52e2a32d6e1c3a64bc[commit] https://pagure.io/freeipa/issue/9135[#9135] * Spec file: bump krb5_kdb_version on rawhide https://pagure.io/freeipa/c/f2b4d019881232833e915fedba48537548d2ef60[commit] * FIPS setup: fix typo filtering camellia encryption https://pagure.io/freeipa/c/f2a337caaf82fca4a8d7c347454b412ba2b4a0dd[commit] * cert utilities: MAC verification is incompatible with FIPS mode https://pagure.io/freeipa/c/42381ebd036feee63fab2bbf8579b7a385624bf7[commit] * ipatests: update the fake fips mode expected message https://pagure.io/freeipa/c/1d01692cf241645ca59b7f3d3e2096ce738d6a05[commit] https://pagure.io/freeipa/issue/9002[#9002] * Spec file: ipa-client depends on krb5-pkinit-openssl https://pagure.io/freeipa/c/d7c5fe5f1cc3b68492da27cf4ea25b611412c834[commit] https://pagure.io/freeipa/issue/9290[#9290] * webui tests: fix assertion in test_subid.py https://pagure.io/freeipa/c/3801d0c1c8a3dbec54dead29666137de2649e109[commit] https://pagure.io/freeipa/issue/9282[#9282] * PRCI: update memory reqs for each topology https://pagure.io/freeipa/c/4f69f4cff32c0b5f8d4a36484a541a4b96c07e9d[commit] [[mbhalodi_4_1]] === mbhalodi (4) * ipatests: Test for sequence processing failures with server context https://pagure.io/freeipa/c/6e5c6b1a138c3ead57cb42483f45f364894342e3[commit] https://pagure.io/freeipa/issue/9349[#9349] * ipatests: add missing automember-cli tests https://pagure.io/freeipa/c/34c1574bed9fe6d35ea6a9e04f4e2e148fec9788[commit] https://pagure.io/freeipa/issue/9332[#9332] * ipatests: WebUI - ensure that ipa automember-rebuild prints a warning https://pagure.io/freeipa/c/ff50fe5f038be52207bb770179becc31fbc74e17[commit] https://pagure.io/freeipa/issue/9320[#9320] * ipatests: ensure that ipa automember-rebuild prints a warning https://pagure.io/freeipa/c/d035dc78cc7a1c88fc443719793a7c619af86fde[commit] https://pagure.io/freeipa/issue/9320[#9320] [[michal_polovka_1_1]] === Michal Polovka (1) * ipatest: loginscreen: do not use hardcoded password https://pagure.io/freeipa/c/2eca13e9660b3394fdd0a793142428dfe9d9ffa6[commit] https://pagure.io/freeipa/issue/9226[#9226] [[rob_crittenden_3_1]] === Rob Crittenden (3) * Wipe the ipa-ca DNS record when updating system records https://pagure.io/freeipa/c/b9387280543b86444cf4c258a7b720f492357baf[commit] https://pagure.io/freeipa/issue/9195[#9195] * tests: Add new ipa-ca error messages to IPADNSSystemRecordsCheck https://pagure.io/freeipa/c/f28cb79ffaf18b190642a8b07e8fc4ea00fa4c58[commit] https://pagure.io/freeipa/issue/9291[#9291] * tests: Add ipa_ca_name checking to DNS system records https://pagure.io/freeipa/c/0231ea8cd7895da6bc2bbc155f2d94b551ebac5c[commit] https://pagure.io/freeipa/issue/9291[#9291] [[stanislav_levin_9_1]] === Stanislav Levin (9) * fastlint: Correct concatenation of file lists https://pagure.io/freeipa/c/d8418ce63de206967bea5918615ee4471183cd06[commit] https://pagure.io/freeipa/issue/9318[#9318] * dns: Fix support for dnspython 1.1x https://pagure.io/freeipa/c/c57507f3a4ed1f3314d0f57ad4f3469220b2cb6b[commit] https://pagure.io/freeipa/issue/9339[#9339] * tests: webui: Update vendored qunit https://pagure.io/freeipa/c/9b15dca6095a44589c55aa6f8ef8c7646341d4d8[commit] https://pagure.io/freeipa/issue/9329[#9329] * AP: webui: List installed nodejs packages https://pagure.io/freeipa/c/1ec521d9aea95fa212f3a8acf966a9eca32c257f[commit] https://pagure.io/freeipa/issue/9329[#9329] * tests: webui: Load qunit only once https://pagure.io/freeipa/c/958a3958b4835fc2454e8bd71797638dcef9c460[commit] https://pagure.io/freeipa/issue/9329[#9329] * tests: webui: Allow file access from files in tests https://pagure.io/freeipa/c/a9f29047ab352757ddfeb5cda9701fee0a06032a[commit] https://pagure.io/freeipa/issue/9329[#9329] * tests: Configure DNSResolver as platform agnostic resolver https://pagure.io/freeipa/c/e6f1b363c40f6e04d7ce6eeb80597e89c5684875[commit] https://pagure.io/freeipa/issue/9319[#9319] * spec: Drop no longer used build dependency on paste https://pagure.io/freeipa/c/ebd4096f039964cfd1d95467630c10559d051e13[commit] https://pagure.io/freeipa/issue/9314[#9314] * ipatests: healthcheck: Handle missing fips-mode-setup https://pagure.io/freeipa/c/8d2c8fcf0ca498e9fc431cf3e531bbd39cb1d9a2[commit] https://pagure.io/freeipa/issue/9315[#9315] [[sumedh_sidhaye_1_1]] === Sumedh Sidhaye (1) * With the commit #99a74d7, 389-ds changed the message returned in ipa-healthcheck. https://pagure.io/freeipa/c/e8ef2c2f226704ce510525f07675107179124a95[commit] https://pagure.io/freeipa/issue/9238[#9238] [[sudhir_menon_1_1]] === Sudhir Menon (1) * Fixes: ipa-otpd@.service: deprecated syslog setting https://pagure.io/freeipa/c/05bba992a6f8ba9f3c4383d023f5977dff457382[commit] https://pagure.io/freeipa/issue/9279[#9279] [[thorsten_scherf_1_1]] === Thorsten Scherf (1) * external-idp: change idp server name to reference name https://pagure.io/freeipa/c/b9c6ea67d896e52b61bd40bfd84b8d84b69ec35e[commit] _______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue