On 09/11/2014 04:31 PM, Petr Viktorin wrote:
On 09/11/2014 04:26 PM, Martin Kosek wrote:
On 09/11/2014 04:22 PM, Nathaniel McCallum wrote:
On Thu, 2014-09-11 at 16:21 +0200, Ludwig Krispenz wrote:
On 09/11/2014 04:17 PM, Nathaniel McCallum wrote:
On Thu, 2014-09-11 at 16:09 +0200, Ludwig Krispenz wrote:
On 09/11/2014 04:04 PM, Martin Kosek wrote:
On 09/11/2014 03:47 PM, Nathaniel McCallum wrote:
On Thu, 2014-09-11 at 15:46 +0200, Petr Viktorin wrote:
On 09/11/2014 01:37 PM, Martin Kosek wrote:
Hi team,

It seems we have pretty serious bug in our FreeIPA 4.0.2 release, breaking
upgrade from older releases:


We also have packaging fix requested by Fedora Server roles group:


It seems just these 2 bugs are enough for a quick FreeIPA 4.0.3 release... Makes sense? Any other tickets or patches we would like to get in?
Looks like it's just those two. I'll start releasing shortly.
I'd like to get a fix in for the missing ciphers in the new NSS. I can
have a patch on the list shortly.

Isn't this related to
? I think we do not work with the newest DS which fixed the default ciphers.
Don't we need to set our SSL ciphers setting to

tjhe attached patch tries this, but at the moment I failed to build and
also to upgrade to F21

attribute "allowweakcipher" not allowed

I suspect we are missing a spec file requirement on a newer version of 389...
yes, you need the latest build of DS, Noriko added the allowweakcipher
only yesterday.
That's the problem, I wanted to wait with the ipa side patch until
allowweakcipher was implemented and then on F21 ipa and 389 no longer
played well and now there is a rush

Also, we will need to add the F21 389-ds-base build to FreeIPA Copr:
so that F20 users can upgrade to the newest FreeIPA. Are there any known issues in the F21 389-ds-base build that would prevent upstream FreeIPA 4.0.x to be
based on it?

If yes, we may need to include the patch in Fedora 21 downstream only after all..

We're basing the Fedora 21 Alpha downstream on FreeIPA 4.0.3, so we couldn't include the patch even there.
There better be no such issues.
what do you mean by "no such issues" ? I don't think that 389/F21 will be the first bug free software. At the moment Thierry is investigating a crash in dna-plugin and Noriko a memory leak, which could be in F21 -

Freeipa-devel mailing list

Reply via email to