The FreeIPA team would like to announce FreeIPA 4.6.2 release!
It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for Fedora 26 and 27 will be available in the official COPR repository.
Highlights in 4.6.2#
Enhancements#
Known Issues#
Bug fixes#
FreeIPA 4.6.2 is a stabilization release for the features delivered as a part of 4.6.0. There are more than 20 bug-fixes details of which can be seen in the list of resolved tickets below.
Upgrading#
Upgrade instructions are available on Upgrade page.
Feedback#
Please provide comments, bugs and other feedback via the freeipa-users mailing list (https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/) or #freeipa channel on Freenode.
Resolved tickets#
#7275 Viewing DNS Records with WebUI fails
#7254 test_caless: fix http.p12 is not valid and provide domain_level for replica tests
#7226 Remove remaining references to Firefox configuration extension
#7213 Increase dbus client timeouts during CA install
#7210 Firefox reports insecure TLS configuration when visiting FreeIPA web UI after standard server deployment
#7208 freeipa: binary RPMs require both Python 2 and Python 3
#7190 Wrong info message from tasks.py
#7189 make check is failed
#7187 ipa-replica-manage should provide a debug option
#7186 testing: get back command outputs when running tests
#7155 test_caless: add caless to external CA test
#7154 test_external_ca: switch to python-cryptography
#7153 Switch “ipa-run-tests” symlink to “ipa-run-tests-3.6”
#7151 ipa-server-upgrade performs unneeded steps to stop tracking/start tracking certs
#7148 py3: ipa cert-request –principal –database fails with BytesWarning: str() on a bytes instance
#7142 py3: ipa ca-add fails with ‘an internal error has occurred’
#7134 ipa param-find: command displays internal error
#7133 tox -e pylint3 fails under Python 3.6
#7132 [4.6] PyPI packages are broken
#7124 [ipatests] - forced_client_reenrollment-domlevel-1 test suite fails due to missing dns records
#7033 vault: TypeError: … is not JSON serializable
#6994 RFE: Remove 389-ds tuning step
#6858 RFE - Option to add custom OID or display name in IPA Cert
#6844 ipa-restore fails when umask is set to 0027
#6702 Update Dogtag to 10.4
#5887 IDNA domains does not work under py3
#5442 [tracker] SELinux ‘execmem’ denials
Detailed changelog since 4.6.1#
Alexander Bokovoy (10)#
ipaserver/plugins/trust.py: pep8 compliance commit
trust: detect and error out when non-AD trust with IPA domain name exists commit #7264
ipaserver/plugins/trust.py; fix some indenting issues commit
test_dns_plugin: cope with missing IPv6 in Travis commit
travis-ci: collect logs from cmocka tests commit
ipa-kdb: override krb5.conf when testing KDC code in cmocka commit
adtrust: filter out subdomains when defining our topology to AD commit #6666
ipa-replica-manage: implicitly ignore initial time skew in force-sync commit #7211
ds: ignore time skew during initial replication step commit #7211
Abhijeet Kasurde (3)#
Alexander Koksharov (1)#
Aleksei Slaikovskii (6)#
Christian Heimes (23)#
Update IPA_GIT_BRANCH to ipa-4-6 commit
Add make targets for fast linting and testing commit
Add marker needs_ipaapi and option to skip tests commit
Update to python-ldap 3.0.0 commit
Update builddep command to install Python 3 and tox deps commit
Add workaround for pytest 3.3.0 bug commit
Reproducer for bug in structured dnsrecord_show commit #7275
Use Python 3 on Travis commit
Run tox tests for PyPI packages on Travis commit
Use namespace-aware meta importer for ipaplatform commit #6474
Test script for ipa-custodia commit
Remove ignore_import_errors commit
Use os.path.isfile() and isdir() commit
Block PyOpenSSL to prevent SELinux execmem in wsgi commit #5442
David Kupka (2)#
Felipe Barreto (6)#
Warning the user when using a loopback IP as forwarder commit #5801
Removing replica-s4u2proxy.ldif since it’s not used anymore commit #7174
Fix log capture when running pytests_multihosts commands commit #7186
Checks if replica-s4u2proxy.ldif should be applied commit #7174
Fixing param-{find,show} and output-{find,show} commands commit #7134
Florence Blanc-Renaud (10)#
Improve help message for ipa trust-add –range-type commit #7308
ipa-getkeytab man page: add more details about the -r option commit #7237
Fix ipa-replica-conncheck when called with –principal commit #7221
ipa-cacert-manage renew: switch from ext-signed CA to self-signed commit #7173
ipa-server-upgrade: do not add untracked certs to the request list commit #7151
ipa-server-upgrade: fix the logic for tracking certs commit #7151
Fraser Tweedale (22)#
ipa_certupdate: avoid classmethod and staticmethod commit #6577
Run certupdate after promoting to CA-ful deployment commit #7230
CertUpdate: make it easy to invoke from other programs commit #6577
Remove caJarSigningCert profile and related code commit #7226
CertDB: remove unused method issue_signing_cert commit #7226
Remove XPI and JAR MIME types from httpd config commit #7226
Remove mention of firefox plugin after CA-less install commit #7226
ipa-cacert-manage: avoid some duplicate string definitions commit #6858
ipa-cacert-manage: handle alternative tracking request CA name commit #6858
ipa-cacert-manage: support MS V2 template extension commit #6858
certmonger: refactor ‘resubmit_request’ and ‘modify’ commit #6858
ipa-ca-install: add –external-ca-profile option commit #6858
Remove duplicate references to external CA type commit #6858
John Morris (1)#
Increase dbus client timeouts during CA install commit
Michal Reznik (12)#
Mohammad Rizwan Yusuf (1)#
Petr Čech (2)#
Pavel Vomacka (1)#
Rob Crittenden (7)#
Rishabh Dave (1)#
Sumit Bose (1)#
Stanislav Laznicka (22)#
caless tests: decode cert bytes in debug log commit
caless tests: make debug log of certificates sensible commit
x509: remove subject_base() function commit
x509: remove the strip_header() function commit
PRCI: use a new template for py3 testing commit
csrgen_ffi: cast the DN value to unsigned char * commit #7131
parameters: introduce CertificateSigningRequest commit #7131
csrgen_ffi: pass bytes where “char *” is required commit #7131
travis: pep8 changes to pycodestyle commit
travis: make tests fail if pep8 does not pass commit
Thierry Bordaz (1)#
Tibor Dudlák (3)#
Tomas Krizek (13)#
prci: define testing topologies commit
prci: start testing PRs on fedora 27 commit
py3 spec: remove python2 dependencies from server-trust-ad commit #7208
py3 spec: remove python2 dependencies from freeipa-server commit #7208
ipatests: fix circular import for collect_logs commit
ipatests: collect logs for external_ca test suite commit
prci: add external_ca test commit
spec: bump 389-ds-base to 1.3.7.6-1 commit
prci: update F26 template commit
4.6 set back to git snapshot commit