The FreeIPA team would like to announce FreeIPA 4.5.4 release! It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for Fedora 25 and 26 will be available in the official COPR repository https://copr.fedorainfracloud.org/coprs/g/freeipa/freeipa-4-5/ .
== Highlights in 4.5.4 == === Enhancements === === Known Issues === === Bug fixes === FreeIPA 4.5.4 is a stabilization release for the features delivered as a part of 4.5.0. There are more than 30 bug-fixes details of which can be seen in the list of resolved tickets below. == Upgrading == Upgrade instructions are available on [[Upgrade]] page. == Feedback == Please provide comments, bugs and other feedback via the freeipa-users mailing list (https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/) or #freeipa channel on Freenode. == Resolved tickets == * 7179 In case full PKINIT configuration is failing during server/replica install the error message should be more meaningful. * 7175 [Backport 7143 to ipa-4-5] "unknown command 'undefined'" error when changing user's password via the web UI * 7173 Switch from externally-signed to self-signed CA fails * 7172 Enterprise principals should be able to trigger a refresh of the trusted domain data in the KDC * 7146 ipa_otptoken_import.py fails to parse the correct suite defined under the AlrgorithmParameters * 7144 pkinit-status command fails after an upgrade from a pre-4.5 IPA * 7141 Updating from RHEL 7.3 fails with Server-Cert not found (ipa-server-upgrade) * 7127 sssd.conf not updated after promoting client to promotion * 7126 FreeIPA/IdM installations which were upgraded from versions with 389 DS prior to 1.3.3.0 doesn't have whomai plugin enabled and thus startup of Web UI fails * 7125 ipa-server-upgrade failes with "This entry already exists" * 7123 External CA renewal fails when IPA CA subject DN does not match "CN=Certificate Authority, {subject-base}" * 7120 Unable to set ca renewal master on replica * 7116 dnssec: fix localhsm.py with openhsm >= 2.2.0 * 7112 user-show command fails when sizelimit is configured to number <= number of entity which is user member of * 7108 ipa-backup broken because of cyclic import * 7106 TypeError in renew_ca_cert prevents from swiching back to self-signed CA * 7086 [ipatests] - add caless to cafull tests * 7083 failed ipa-server-upgrade , time out from dogtag services , custodia errors * 7074 IPA shouldn't allow objectclass if not all in lower case * 7066 WebUI: All columns of user in group table are clickable * 7035 ipa-otptoken-import - XML file is missing PBKDF2 parameters! * 7017 NULL LDAP context in call to ldap_search_ext_s during search in cn=ad,cn=trusts,dc=example,dc=com * 6999 ipa command throws backtrace instead of showing help with wrong syntax * 6979 Suggest user to install libyubikey package instead of traceback * 6952 Suggest CA installation command in KRA installation warning * 6622 [tests] ipatests.util.unlock_principal_password does not respect configured ldap_uri * 6605 make lint + make modifies PO files in place * 6592 [tracker] SELinux policy tracker for 4.5 * 6582 Web UI: Change "Host Based" and "Role Based" to "Host-Based" and "Role-Based" * 6447 [WebUI] Remove offline version of WebUI * 6261 Replace ERROR: cannot connect to 'http://localhost:8888/ipa/json': [Errno 111] Connection refused with 'IPA is not configured on this system' * 6176 Updating of dns system records rapidly slowdown uninstallation == Detailed changelog since 4.5.3 == === Alexander Bokovoy (2) === * Make sure upgrade also checks for IPv6 stack * OTP import: support hash names with HMAC- prefix === Abhijeet Kasurde (1) === * Vault testcase improvement === Alexander Koksharov (1) === * kra-install: better warning message === Aleksei Slaikovskii (2) === * ipaclient.plugins.dns: Cast DNS name to unicode. * Less confusing message for PKINIT configuration during install === Christian Heimes (1) === * Block PyOpenSSL to prevent SELinux execmem in wsgi === David Kreitschmann (2) === * Disable pylint in get_help function because of type confusion. * Store help in Schema before writing to disk === David Kupka (11) === * tests: Add LDAP URI to ldappasswd explicitly * tests: certmap: Add test for user-{add,remove}-certmap * tests: tracker: Add CertmapdataMixin tracker * tests: certmap: Add test for certmapconfig-{mod,show} * tests: tracker: Add CertmapconfigTracker to tests certmapconfig-* commands * tests: certmap: Test permissions for certmap * tests: certmap: Add basic tests for certmaprule commands * tests: tracker: Add CertmapTracker for testing certmap-* commands * tests: tracker: Add ConfigurationTracker to test *config-{mod,show} commands * tests: tracker: Add EnableTracker to test *-{enable,disable} commands * tests: tracker: Split Tracker into one-purpose Trackers === Felipe Volpone (4) === * Changing idoverrideuser-* to treat objectClass case insensitively * Fixing how sssd.conf is updated when promoting a client to replica * Removing part of circular dependency of ipalib in ipaplaform * Changing how commands handles error when it can't connect to IPA server === Florence Blanc-Renaud (5) === * ipa-cacert-manage renew: switch from ext-signed CA to self-signed * Backport 4-5: Fix ipa-server-upgrade with server cert tracking * Backport PR 1008 to ipa-4-5 Fix ipa-server-upgrade: This entry already exists * Backport PR 988 to ipa-4-5 Fix Certificate renewal (with ext ca) * Fix ipa config-mod --ca-renewal-master === Fraser Tweedale (2) === * Fix external renewal for CA with non-default subject DN * Restore old version of caIPAserviceCert for upgrade only === Martin Basti (1) === * DNS update: reduce timeout for CA records === Michal Reznik (3) === * test_caless: add replica ca-less to ca-full test (master caless) * test_caless: add server_replica ca-less to ca-full test * tests: fix external_ca test suite failing due to missing SKI === Nathaniel McCallum (1) === * ipa-otptoken-import: Make PBKDF2 refer to the pkcs5 namespace === Petr Čech (1) === * ipatests: Fix on logs collection === Petr Vobornik (2) === * log progress of wait_for_open_ports * control logging of host_port_open from caller === Pavel Vomacka (9) === * WebUI: Fix calling undefined method during reset passwords * WebUI: remove unused parameter from get_whoami_command * Adds whoami DS plugin in case that plugin is missing * WebUI: remove creating js/libs symlink from makefile * WebUI: Remove plugins symlink as it is unused * Remove all old JSON files * Revert "Web UI: Remove offline version of Web UI" * WebUI: Add hyphenate versions of Host(Role) Based strings * WebUI: fix incorrectly shown links in association tables === Rob Crittenden (1) === * Collect group membership without a size limit === Sumit Bose (1) === * ipa-kdb: reinit trusted domain data for enterprise principals === Stanislav Laznicka (4) === * travis: make tests fail if pep8 does not pass * Use correct container for ipa-4-5 testing * pkinit: don't fail when no pkinit servers found * travis: temporary workaround for Travis CI === Thierry Bordaz (1) === * NULL LDAP context in call to ldap_search_ext_s during search === Tibor Dudlák (1) === * otptoken_yubikey.py: Removed traceback when package missing. === Tomas Krizek (11) === * Become IPA 4.5.4 * Update contributors * Update translations * prci: use f26 template for ipa-4-5 * ipatests: collect log after ipa-ca-install * dnssec: fix localhsm.py utility script * prci: rename template to ci-ipa-4-5-f25 * prci: add caless tests * build: checkout *.po files at the end of makerpms.sh * freeipa-pr-ci: enable pull-request CI * 4.5 set back to git snapshot -- Tomas Krizek PGP: 4A8B A48C 2AED 933B D495 C509 A1FB A5F7 EF8C 4869
signature.asc
Description: OpenPGP digital signature
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
