The FreeIPA team would like to announce FreeIPA 4.5.3 release!

It can be downloaded from Builds
for Fedora 25 and 26 will be available in the official COPR repository .

== Highlights in 4.5.3 ==
=== Known Issues ===

* When ipa-server-upgrade is executed during dnf system-upgrade, network
should come online and the ipa-server-upgrade should finish
successfully. If ipa-server-upgrade fails during system-upgrade, please
run it manually once network is online.

=== Bug fixes ===
FreeIPA 4.5.3 is a stabilization release for the features delivered as a
part of 4.5.
There are more than 10 bug-fixes details of which can be seen in the
list of resolved tickets below.

== Upgrading ==
Upgrade instructions are available on page:

== Feedback ==
Please provide comments, bugs and other feedback via the freeipa-users
mailing list
or #freeipa channel on Freenode.

== Resolved tickets ==
* 7039 FreeIPA upgrade script requires network to be up, but network is
not up during upgrade when using dnf system-upgrade
* 7037 Replica installation grants HTTP principal access in WebUI
* 7036 Advice plugins for smart card configuration produce scripts that
configure the feature incompletely
* 7029 Fix inconsistent reporting of server roles/attributes in
*config-show commands
* 7026 ipaserver installation fails in FIPS mode: OpenSSL internal
error, assertion failed: Digest MD4 forbidden in FIPS mode!
* 7021 ipa-server-install failure on checking matching interfaces -
invalid format of netmas
* 7007 Use CommonNameToSANDefault in default profile (new installs only)
* 6877 ipasam needs changes for Samba 4.7
* 6838 [ipa-replica-install] - 406 Client Error: Failed to validate
message: Incorrect number of results (0) searching forpublic key for host
* 4317 Allow --ip-address even when not present in local interface

== Detailed changelog since 4.5.2 ==
=== Alexander Bokovoy (2) ===
* ipa-sam: use smbldap_set_bind_callback for Samba 4.7 or later
* ipa-sam: use own private structure, not ldapsam_privates

=== Fraser Tweedale (1) ===
* Add CommonNameToSANDefault to default cert profile

=== Martin Babinsky (15) ===
* replica install: drop-in IPA specific config to tmpfiles.d
* Do not remove the old masters when setting the attribute fails
* *config-show: Do not show empty roles/attributes
* smart-card-advises: ensure that krb5-pkinit is installed on client
* smart card advise: use password when changing trust flags on HTTP cert
* smart card advises: use a wrapper around Bash `for` loops
* Use the compound statement formatting API for configuring PKINIT
* Fix indentation of statements in Smart card advises
* delegate formatting of compound Bash statements to dedicated classes
* advise: add an infrastructure for formatting Bash compound statements
* delegate the indentation handling in advises to dedicated class
* add a class that tracks the indentation in the generated advises
* Allow to pass in multiple CA cert paths to the smart card advises
* smart-card advises: add steps to store smart card signing CA cert
* smart-card advises: configure systemwide NSS DB also on master

=== Martin Basti (8) ===
* python-netifaces: update to reflect upstream changes
* Remove network and broadcast address warnings
* replica install: add missing check for non-local IP address
* Remove ip_netmask from option parser
* CheckedIPAddress: remove match_local param
* refactor CheckedIPAddress class
* ipa-dns-install: remove check for local ip address
* Fix local IP address validation

=== Sumit Bose (2) ===
* ipa_pwd_extop: do not generate NT hashes in FIPS mode
* ipa-sam: replace encode_nt_key() with E_md4hash()

=== Simo Sorce (2) ===
* Always check peer has keys before connecting
* Make sure we check ccaches in all rpcserver paths

=== Stanislav Laznicka (1) ===
* Ensure network is online prior to an upgrade

=== Tibor Dudlák (1) ===
* Removes error message from dictionary.

=== Tomas Krizek (3) ===
* Become IPA 4.5.3
* Update translations
* 4.5 set back to git snapshot

Tomas Krizek

PGP: 4A8B A48C 2AED 933B D495  C509 A1FB A5F7 EF8C 4869

Attachment: signature.asc
Description: OpenPGP digital signature

Freeipa-interest mailing list

Reply via email to