The FreeIPA team would like to announce FreeIPA 4.5.3 release!
It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for Fedora 25 and 26 will be available in the official COPR repository https://copr.fedorainfracloud.org/coprs/g/freeipa/freeipa-4-5/ .
== Highlights in 4.5.3 == === Known Issues ===
* When ipa-server-upgrade is executed during dnf system-upgrade, network should come online and the ipa-server-upgrade should finish successfully. If ipa-server-upgrade fails during system-upgrade, please run it manually once network is online.
=== Bug fixes === FreeIPA 4.5.3 is a stabilization release for the features delivered as a part of 4.5. There are more than 10 bug-fixes details of which can be seen in the list of resolved tickets below.
== Upgrading == Upgrade instructions are available on page: https://www.freeipa.org/page/Upgrade
== Feedback == Please provide comments, bugs and other feedback via the freeipa-users mailing list (https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahost...) or #freeipa channel on Freenode.
== Resolved tickets == * 7039 FreeIPA upgrade script requires network to be up, but network is not up during upgrade when using dnf system-upgrade * 7037 Replica installation grants HTTP principal access in WebUI * 7036 Advice plugins for smart card configuration produce scripts that configure the feature incompletely * 7029 Fix inconsistent reporting of server roles/attributes in *config-show commands * 7026 ipaserver installation fails in FIPS mode: OpenSSL internal error, assertion failed: Digest MD4 forbidden in FIPS mode! * 7021 ipa-server-install failure on checking matching interfaces - invalid format of netmas * 7007 Use CommonNameToSANDefault in default profile (new installs only) * 6877 ipasam needs changes for Samba 4.7 * 6838 [ipa-replica-install] - 406 Client Error: Failed to validate message: Incorrect number of results (0) searching forpublic key for host * 4317 Allow --ip-address even when not present in local interface
== Detailed changelog since 4.5.2 == === Alexander Bokovoy (2) === * ipa-sam: use smbldap_set_bind_callback for Samba 4.7 or later * ipa-sam: use own private structure, not ldapsam_privates
=== Fraser Tweedale (1) === * Add CommonNameToSANDefault to default cert profile
=== Martin Babinsky (15) === * replica install: drop-in IPA specific config to tmpfiles.d * Do not remove the old masters when setting the attribute fails * *config-show: Do not show empty roles/attributes * smart-card-advises: ensure that krb5-pkinit is installed on client * smart card advise: use password when changing trust flags on HTTP cert * smart card advises: use a wrapper around Bash `for` loops * Use the compound statement formatting API for configuring PKINIT * Fix indentation of statements in Smart card advises * delegate formatting of compound Bash statements to dedicated classes * advise: add an infrastructure for formatting Bash compound statements * delegate the indentation handling in advises to dedicated class * add a class that tracks the indentation in the generated advises * Allow to pass in multiple CA cert paths to the smart card advises * smart-card advises: add steps to store smart card signing CA cert * smart-card advises: configure systemwide NSS DB also on master
=== Martin Basti (8) === * python-netifaces: update to reflect upstream changes * Remove network and broadcast address warnings * replica install: add missing check for non-local IP address * Remove ip_netmask from option parser * CheckedIPAddress: remove match_local param * refactor CheckedIPAddress class * ipa-dns-install: remove check for local ip address * Fix local IP address validation
=== Sumit Bose (2) === * ipa_pwd_extop: do not generate NT hashes in FIPS mode * ipa-sam: replace encode_nt_key() with E_md4hash()
=== Simo Sorce (2) === * Always check peer has keys before connecting * Make sure we check ccaches in all rpcserver paths
=== Stanislav Laznicka (1) === * Ensure network is online prior to an upgrade
=== Tibor Dudlák (1) === * topology.py: Removes error message from dictionary.
=== Tomas Krizek (3) === * Become IPA 4.5.3 * Update translations * 4.5 set back to git snapshot
freeipa-users@lists.fedorahosted.org