The FreeIPA team would like to announce FreeIPA 4.5.3 release! It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for Fedora 25 and 26 will be available in the official COPR repository https://copr.fedorainfracloud.org/coprs/g/freeipa/freeipa-4-5/ .
== Highlights in 4.5.3 == === Known Issues === * When ipa-server-upgrade is executed during dnf system-upgrade, network should come online and the ipa-server-upgrade should finish successfully. If ipa-server-upgrade fails during system-upgrade, please run it manually once network is online. === Bug fixes === FreeIPA 4.5.3 is a stabilization release for the features delivered as a part of 4.5. There are more than 10 bug-fixes details of which can be seen in the list of resolved tickets below. == Upgrading == Upgrade instructions are available on page: https://www.freeipa.org/page/Upgrade == Feedback == Please provide comments, bugs and other feedback via the freeipa-users mailing list (https://lists.fedoraproject.org/archives/list/freeipa-us...@lists.fedorahosted.org/) or #freeipa channel on Freenode. == Resolved tickets == * 7039 FreeIPA upgrade script requires network to be up, but network is not up during upgrade when using dnf system-upgrade * 7037 Replica installation grants HTTP principal access in WebUI * 7036 Advice plugins for smart card configuration produce scripts that configure the feature incompletely * 7029 Fix inconsistent reporting of server roles/attributes in *config-show commands * 7026 ipaserver installation fails in FIPS mode: OpenSSL internal error, assertion failed: Digest MD4 forbidden in FIPS mode! * 7021 ipa-server-install failure on checking matching interfaces - invalid format of netmas * 7007 Use CommonNameToSANDefault in default profile (new installs only) * 6877 ipasam needs changes for Samba 4.7 * 6838 [ipa-replica-install] - 406 Client Error: Failed to validate message: Incorrect number of results (0) searching forpublic key for host * 4317 Allow --ip-address even when not present in local interface == Detailed changelog since 4.5.2 == === Alexander Bokovoy (2) === * ipa-sam: use smbldap_set_bind_callback for Samba 4.7 or later * ipa-sam: use own private structure, not ldapsam_privates === Fraser Tweedale (1) === * Add CommonNameToSANDefault to default cert profile === Martin Babinsky (15) === * replica install: drop-in IPA specific config to tmpfiles.d * Do not remove the old masters when setting the attribute fails * *config-show: Do not show empty roles/attributes * smart-card-advises: ensure that krb5-pkinit is installed on client * smart card advise: use password when changing trust flags on HTTP cert * smart card advises: use a wrapper around Bash `for` loops * Use the compound statement formatting API for configuring PKINIT * Fix indentation of statements in Smart card advises * delegate formatting of compound Bash statements to dedicated classes * advise: add an infrastructure for formatting Bash compound statements * delegate the indentation handling in advises to dedicated class * add a class that tracks the indentation in the generated advises * Allow to pass in multiple CA cert paths to the smart card advises * smart-card advises: add steps to store smart card signing CA cert * smart-card advises: configure systemwide NSS DB also on master === Martin Basti (8) === * python-netifaces: update to reflect upstream changes * Remove network and broadcast address warnings * replica install: add missing check for non-local IP address * Remove ip_netmask from option parser * CheckedIPAddress: remove match_local param * refactor CheckedIPAddress class * ipa-dns-install: remove check for local ip address * Fix local IP address validation === Sumit Bose (2) === * ipa_pwd_extop: do not generate NT hashes in FIPS mode * ipa-sam: replace encode_nt_key() with E_md4hash() === Simo Sorce (2) === * Always check peer has keys before connecting * Make sure we check ccaches in all rpcserver paths === Stanislav Laznicka (1) === * Ensure network is online prior to an upgrade === Tibor Dudlák (1) === * topology.py: Removes error message from dictionary. === Tomas Krizek (3) === * Become IPA 4.5.3 * Update translations * 4.5 set back to git snapshot -- Tomas Krizek PGP: 4A8B A48C 2AED 933B D495 C509 A1FB A5F7 EF8C 4869
Description: OpenPGP digital signature
_______________________________________________ Freeipa-interest mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-interest