The FreeIPA team would like to announce FreeIPA 4.9.3 release!
It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for Fedora distributions will be available from the official repository soon.
Highlights in 4.9.3#
Bug fixes#
FreeIPA 4.9.3 is a stabilization release for the features delivered as a part of 4.9.0 version series.
There are more than 30 bug-fixes since FreeIPA 4.9.2 release. Details of the bug-fixes can be seen in the list of resolved tickets below.
Upgrading#
Upgrade instructions are available on Upgrade page.
Feedback#
Please provide comments, bugs and other feedback via the freeipa-users mailing list (https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/) or #freeipa channel on Freenode.
Resolved tickets#
#7885 (rhbz#1690191) RFE: wrapper for Dogtag cert-fix command
#8155 Enhance error message for adding non-posix groups with a GID
#8244 The help for the –otp flag in “ipa passwd” could be clearer
#8423 Multiple permitopen in SSH-key
#8496 [Tracker] Multiple nightly test failures in test_dnssec, test_backup_and_restore and test_dns_locations
#8506 (rhbz#1930038) Nightly failure in ipa-server-install –uninstall: org.freedesktop.DBus.Error.NoReply
#8530 (rhbz#1859185) Running ipa-server-install fails on machine where libsss_sudo is not installed
#8550 (rhbz#1902173) Uninstallation of server with KRA diplays error but proceeds successfully (unable to access security domain)
#8553 Random failure in test_backup_and_restore.py::TestBackupRoles::test_rolecheck_Trust
#8565 Remove duplication in pkispawn exception output
#8600 ipa-cert-fix unable to fix certs no named ‘Server-cert’
#8605 (rhbz#1903250) backtrace using ipa-replica-manage
#8636 (rhbz#1923900) Samba on IdM member failure
#8654 DNSSEC key synchronization issues
#8669 Reduce difference between upstream and downstream releases
#8681 krb5kdc dumped core
#8695 Nightly failure in test_dnssec.py::TestInstallDNSSECFirst::test_resolvconf (fed33)
#8703 DNS resolvers issues in IPA tests
#8705 server installation fails against 389-ds 1.4.3.19
#8715 (rhbz#1924707) Establishing trust with AD domain using shared secret fails in FIPS mode
#8718 (rhbz#1928854) ipa-server-install ignores –zonemgr parameter
#8720 New pylint failures reported for inconsistent-return-statements
#8721 (rhbz#1779984) The ipa-cert-fix command failed. [Errno 2] No such file or directory: ‘/etc/pki/pki-tomcat/certs/27-renewed.crt’
#8725 Nightly test failure in test_cert
#8728 Random nightly test failure in test_commands.py::TestIPACommand::test_ssh_key_connection
#8735 ccache-sweeper removes valid ccaches
#8737 [ipatests] `test_source_ipahealthcheck_ipa_host_check_ipahostkeytab` fails against krb5 1.19.1
#8743 (rhbz#1922781) Inconsistent nsaccountlock field type in api response
#8747 Nightly failure in test_sssd.py::TestSSSDWithAdTrust::test_is_user_filtered
#8753 Adopt redhat ipaplatform to RHEL 9/ELN and RHEL 7/8 split
#8759 RFE: Extend logging to include execution time
#8768 rpmlint should be optional for fastcheck, devcheck and lint make targets
#8772 pylint 2.7.0-2.7.2 introduces new warnings
#8779 Nightly test failure (updates-testing) in test_ipahealthcheck.py::TestIpaHealthCheck::test_ipahealthcheck_ds_riplugincheck
#8780 RFE: Reduce number of LDAP operations during sudorule-mod
#8781 test_ipaserver/test_jsplugins.py::test_jsplugins::test_jsplugins fails in server-less environments
Detailed changelog since 4.9.2#
Armando Neto (1)#
ipatests: Update gating to Fedora 33 commit
Alexander Bokovoy (10)#
Become FreeIPA 4.9.3 commit
Update list of contributors commit
Update ipa.pot translations file commit
freeipa.spec: synchronize with Fedora for 389-ds and PKI versions commit #8705
ipa-kdb: mark test functions as static commit
ipa-kdb: reformat ipa_kdb_certauth commit
ipa-kdb: add missing prototypes commit
ipa-kdb: fix compiler warnings commit
ipa-kdb: do not use OpenLDAP functions with NULL LDAP context commit #8681
Back to git commits commit
Antonio Torres (11)#
sudorule: reduce number of LDAP searches during modification commit #8780
ipa passwd: make help for `–otp` option clearer commit #8244
ipatests: add test for multiple permitopen entries in SSH keys commit
Allow multiple permitopen/permitlisten in SSH keys commit #8423
ipatests: add test for group creation with GID and nonposix option commit
Enhance error message when adding non-posix group with a GID commit #8155
ipatests: expect boolean type for nsaccountlock in user module commit #8743
ipatests: check that zonemgr is set correctly during server install commit #8718
ipaserver: don’t ignore zonemgr option on install commit #8718
Alexander Scheel (1)#
Handle multiple AJP adapters during upgrade commit
François Cami (10)#
ipatests: check for the “no sudo present” string absence commit #8530
ipa-client-install: output a warning if sudo is not present (2) commit #8530
ipa-csreplica-manage, ipa-replica-manage: refactor commit #8605
ipalib/util.py: add print_replication_status commit
ipa-replica-manage: always display nsds5replicalastinitstatus commit #8605
freeipa.spec: client: depend on libsss_sudo and sudo commit #8530
ipa-client-install: output a warning if sudo is not present commit #8530
ipatests: tasks: handle uninstalling packages with nodeps commit
Florence Blanc-Renaud (11)#
ipatests: fix TestInstalDNSSECFirst::test_resolvconf logic commit #8695
ipatests: re-add test_dnssec.py::TestInstallDNSSECFirst in gating commit #8496
dnssec: concurrency issue when disabling old replica key commit #8654
dnssec: fix ipa-ods-exporter crash when master key missing commit #8654
ipatests: use whole date when calling journalctl –since commit #8728
freeipa.spec: bump the required version of 389ds commit #8496
ipatests: Update PRCI templates for ipa-4-9 commit
Fraser Tweedale (1)#
Jan Pazdziora (1)#
Avoid comparing ‘max’ with ‘maxn’. commit
Kaleemullah Siddiqui (1)#
Mohammad Rizwan (7)#
ipatests: Don’t rely on certmonger’s assigned request id commit #8725
ipatests: Enable certbot test on rhel commit
ipatests: introduce wait_for_replication in test_rolecheck_Trust commit #8553
ipatests: update nightly definition for ipa_cert_fix suite commit
ipatests: Test if ipa-cert-fix renews expired certs with kra installed commit #7885
Move fixture outside the class and add setup_kra capability commit
ipatests: Test if ipa-cert-fix renews expired certs commit #7885
Rob Crittenden (11)#
Increase timeout for TestIpaHealthCheck to 5400s commit #8506
Uninstall without starting the CA in cert expiration test commit #8506
ipatests: Test secure_ajp_connector works with multiple connectors commit
Allow overriding is_newer_tomcat_version() commit
Don’t renew non-IPA issued certs in ipa-cert-fix commit #8600
Set pki-core dependency to 10.3.3 for pki-server cert-fix bug commit
ipatests: test third-party 389-ds cert with ipa-cert-fix commit #8600
ipa-cert-fix: Don’t hardcode the NSS certificate nickname commit #8600
Don’t double-report any errors from pki-spawn failures commit #8565
Suppress error message if the CRL directory doesn’t exist commit #8565
Stanislav Levin (16)#
ipatests: Skip test_jsplugins in server less environments commit #8781
Azure: Don’t install pypi’s docker commit
Azure: Disable AppArmor profile for chrony commit
Azure: Warn about Host’s AVC and SECCOMP commit
Azure: Collect Host’s systemd journal commit
Azure: Run chronyd in Docker commit
Azure: Template docs build commit
Azure: Show disk usage commit
Azure: Make it possible to pass additional Pytest args commit
ipatests: Fix expectation about GSS error in test for healthcheck commit #8737
cleanup: Drop never used path for httpd’s ccache commit
Sergey Orlov (16)#
ipatests: log command spawned by pexpect commit
ipatests: allocate pseudo-terminal only for specific command commit
ipatests: update prci definitions for test_http_kdc_proxy commit
ipatests: add test for kdcproxy handling reply split to several TCP packets commit
ipatests: return result of kinit_as_user, pass raiseonerr parameter commit
ipatests: use proper template for TestMaskInstall commit
ipatests: do not configure nameserver when installing client and replica commit #8703
ipatests: always try to create A records for hosts in IPA domain commit #8703
ipatests: do not manually modify /etc/resolv.conf in tests commit #8703
ipatests: setup resolvers during replica and client installations commit #8703
ipatests: add utility for managing domain name resolvers commit #8703
ipatests: collect config files for NetworkManager and systemd-resolved commit #8703
ipatests: test Samba mount with NTLM authentication commit #8636
ipatests: skip tests for AD trust with shared secret in FIPS mode commit #8715
Sudhir Menon (1)#
ipatests: Test to check sosreport collects healthcheck.log file commit
Troy Dawson (1)#
platform-python only on RHEL8 commit