Jump to: navigation, search

Releases/4.5.3

Release date Released 2017-07-21

The FreeIPA team would like to announce FreeIPA 4.5.3 release!

It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for Fedora 25 and 26 will be available in the official COPR repository.

Highlights in 4.5.3

Enhancements

Known Issues

  • When ipa-server-upgrade is executed during dnf system-upgrade, network should come online and the ipa-server-upgrade should finish successfully. If ipa-server-upgrade fails during system-upgrade, please run it manually once network is online.

Bug fixes

FreeIPA 4.5.3 is a stabilization release for the features delivered as a part of 4.5.0. There are more than 10 bug-fixes details of which can be seen in the list of resolved tickets below.

Upgrading

Upgrade instructions are available on Upgrade page.

Feedback

Please provide comments, bugs and other feedback via the freeipa-users mailing list (https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/) or #freeipa channel on Freenode.


Resolved tickets

  • #7039 FreeIPA upgrade script requires network to be up, but network is not up during upgrade when using dnf system-upgrade
  • #7037 Replica installation grants HTTP principal access in WebUI
  • #7036 Advice plugins for smart card configuration produce scripts that configure the feature incompletely
  • #7029 Fix inconsistent reporting of server roles/attributes in *config-show commands
  • #7026 ipaserver installation fails in FIPS mode: OpenSSL internal error, assertion failed: Digest MD4 forbidden in FIPS mode!
  • #7021 ipa-server-install failure on checking matching interfaces - invalid format of netmas
  • #7007 Use CommonNameToSANDefault in default profile (new installs only)
  • #6877 ipasam needs changes for Samba 4.7
  • #6838 [ipa-replica-install] - 406 Client Error: Failed to validate message: Incorrect number of results (0) searching forpublic key for host
  • #4317 Allow --ip-address even when not present in local interface

Detailed changelog since 4.5.2

Alexander Bokovoy (2)

  • ipa-sam: use smbldap_set_bind_callback for Samba 4.7 or later commit #6877
  • ipa-sam: use own private structure, not ldapsam_privates commit #6877

Fraser Tweedale (1)

  • Add CommonNameToSANDefault to default cert profile commit #7007

Martin Babinsky (15)

  • replica install: drop-in IPA specific config to tmpfiles.d commit #7053
  • Do not remove the old masters when setting the attribute fails commit #7029
  • *config-show: Do not show empty roles/attributes commit #7029
  • smart-card-advises: ensure that krb5-pkinit is installed on client commit #7036
  • smart card advise: use password when changing trust flags on HTTP cert commit #7036
  • smart card advises: use a wrapper around Bash `for` loops commit #7036
  • Use the compound statement formatting API for configuring PKINIT commit #7036
  • Fix indentation of statements in Smart card advises commit #7036
  • delegate formatting of compound Bash statements to dedicated classes commit #7036
  • advise: add an infrastructure for formatting Bash compound statements commit #7036
  • delegate the indentation handling in advises to dedicated class commit #7036
  • add a class that tracks the indentation in the generated advises commit #7036
  • Allow to pass in multiple CA cert paths to the smart card advises commit #7036
  • smart-card advises: add steps to store smart card signing CA cert commit #7036
  • smart-card advises: configure systemwide NSS DB also on master commit #7036

Martin Basti (8)

  • python-netifaces: update to reflect upstream changes commit #7021
  • Remove network and broadcast address warnings commit #4317
  • replica install: add missing check for non-local IP address commit #4317
  • Remove ip_netmask from option parser commit #4317
  • CheckedIPAddress: remove match_local param commit #4317
  • refactor CheckedIPAddress class commit #4317
  • ipa-dns-install: remove check for local ip address commit #4317
  • Fix local IP address validation commit #4317

Sumit Bose (2)

  • ipa_pwd_extop: do not generate NT hashes in FIPS mode commit #7026
  • ipa-sam: replace encode_nt_key() with E_md4hash() commit #7026

Simo Sorce (2)

  • Always check peer has keys before connecting commit
  • Make sure we check ccaches in all rpcserver paths commit

Stanislav Laznicka (1)

  • Ensure network is online prior to an upgrade commit #7039

Tibor Dudlák (1)

  • topology.py: Removes error message from dictionary. commit #6533

Tomas Krizek (3)