The subject of this email has a typo, 'leased' instead of 'released'.
The rest of the content is not affected. Sorry for that!
It can be downloaded from
http://www.freeipa.org/page/Downloads. Builds for
Fedora Rawhide will be available from the official repository soon.
We are not planning producing builds of release candidates for the Fedora 32/33
at this moment. Final FreeIPA 4.9.0 release might be produced for Fedora 33
depending on upgrade test results.
== Highlights in 4.9.0 release candidate 2 ==
=== Bug fixes ===
FreeIPA 4.9.0 release candidate 2 is a stabilization release for the features
delivered as a part of 4.9 version series.
There are more than 10 bug-fixes since FreeIPA 4.9.0 release candidate 1.
Details of the bug-fixes can be seen in the list of resolved tickets below.
== Upgrading ==
Upgrade instructions are available on [[Upgrade]] page.
== Feedback ==
Please provide comments, bugs and other feedback via the freeipa-users mailing
list
(
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorah...)
or #freeipa channel on Freenode.
== Resolved tickets ==
* [
https://pagure.io/freeipa/issue/3299 #3299] [RFE] Switch the client to JSON RPC
* [
https://pagure.io/freeipa/issue/7534 #7534]
([
https://bugzilla.redhat.com/show_bug.cgi?id=1569011 rhbz#1569011]) Investigate failures
to restore 389-ds attriubtes on upgrade failure
* [
https://pagure.io/freeipa/issue/7676 #7676]
([
https://bugzilla.redhat.com/show_bug.cgi?id=1544379 rhbz#1544379]) ipa-client-install
changes system wide ssh configuration
* [
https://pagure.io/freeipa/issue/7975 #7975] Accept 389-ds JSON replication status
messages
* [
https://pagure.io/freeipa/issue/8424 #8424] Add ipa.p11-kit to ipa-client-install man
page files list
* [
https://pagure.io/freeipa/issue/8514 #8514]
([
https://bugzilla.redhat.com/show_bug.cgi?id=1885126 rhbz#1885126]) Nightly failure
(enforcing mode) in test_acme.py::TestACME::test_mod_md
* [
https://pagure.io/freeipa/issue/8524 #8524]
([
https://bugzilla.redhat.com/show_bug.cgi?id=1851835 rhbz#1851835]) Deploy & manage
the ACME service topology wide from a single system
* [
https://pagure.io/freeipa/issue/8531 #8531] RFE: Use host keytab to obtain ticket for
ipa-certupdate
* [
https://pagure.io/freeipa/issue/8545 #8545]
([
https://bugzilla.redhat.com/show_bug.cgi?id=1869605 rhbz#1869605]) KRA Transport and
Storage Certificates do not renew
* [
https://pagure.io/freeipa/issue/8554 #8554]
([
https://bugzilla.redhat.com/show_bug.cgi?id=1891056 rhbz#1891056]) ipa-kdb: support
subordinate/superior UPN suffixes
* [
https://pagure.io/freeipa/issue/8581 #8581] Nightly test failure in
test_acme.py::TestACME::test_third_party_certs (updates-testing)
* [
https://pagure.io/freeipa/issue/8587 #8587] client-only build fails due to
unconditional use of pwquality features
* [
https://pagure.io/freeipa/issue/8589 #8589]
([
https://bugzilla.redhat.com/show_bug.cgi?id=1812871 rhbz#1812871]) Intermittent IdM
Client Registration Failures
* [
https://pagure.io/freeipa/issue/8590 #8590] Nightly test failure in
test_integration/test_krbtpolicy.py::TestPWPolicy::test_krbtpolicy_default::setup
* [
https://pagure.io/freeipa/issue/8595 #8595] Allow ipa-ca as a name for an IPA server
* [
https://pagure.io/freeipa/issue/8597 #8597]
([
https://bugzilla.redhat.com/show_bug.cgi?id=1901068 rhbz#1901068]) Traceback while doing
ipa-backup
* [
https://pagure.io/freeipa/issue/8601 #8601] Nightly test failure in
test_trust.py::TestTrust::test_subordinate_suffix
* [
https://pagure.io/freeipa/issue/8603 #8603]
([
https://bugzilla.redhat.com/show_bug.cgi?id=1902727 rhbz#1902727]) ipa-acme-manage
enable fails after upgrade
== Detailed changelog since 4.9.0rc1 ==
=== Armando Neto (1) ===
* ipatests: Bump PR-CI templates
[
https://pagure.io/freeipa/c/a3c5c71925b5fd8faa56379d92fa19631d230108
commit]
=== Alexander Bokovoy (5) ===
* Become FreeIPA 4.9.0rc2
[
https://pagure.io/freeipa/c/e74d6409902b83fb81a0aec251280375a90d6f07
commit] * Update contributors
[
https://pagure.io/freeipa/c/5f36ee51e4f9d270cc65668d9ab4666e0ac8c07f
commit] * freeipa.spec.in: unify spec files across upstream RHEL, and
Fedora
[
https://pagure.io/freeipa/c/4b56a4cbaa3bb71260ffbc35f304ddf5ee31baed
commit] * ad trust: accept subordinate domains of the forest trust
root
[
https://pagure.io/freeipa/c/381cc5e8eae1b7437fc15cb699983887d398f498
commit] [
https://pagure.io/freeipa/issue/8554 #8554]
* util: Fix client-only build
[
https://pagure.io/freeipa/c/244704cc156dba0731671c55661d82073f970c9b commit]
[
https://pagure.io/freeipa/issue/8587 #8587]
=== Antonio Torres MorÃÂñigo (1) ===
* ipa-client-install manpage: add ipa.p11-kit to list of files created
[
https://pagure.io/freeipa/c/08bbd0a2d712a5a7f1a02999390c4be2a9df3f0e commit]
[
https://pagure.io/freeipa/issue/8424 #8424]
=== Florence Blanc-Renaud (2) ===
* ipatests: fix TestTrust::test_subordinate_suffix
[
https://pagure.io/freeipa/c/bf1d652ff946e448a5b97a12df926ae4a7d9db01 commit]
[
https://pagure.io/freeipa/issue/8601 #8601]
* Always define the path DNSSEC_OPENSSL_CONF
[
https://pagure.io/freeipa/c/06a7db1838ad9b9ebbe565dbbde126968f9c296f commit]
[
https://pagure.io/freeipa/issue/8597 #8597]
=== Mark Reynolds (1) ===
* Accept 389-ds JSON replication status messages
[
https://pagure.io/freeipa/c/826dccc9cb99f4bce8bd24b47c531f918f19d8d6 commit]
[
https://pagure.io/freeipa/issue/7975 #7975]
=== Mohammad Rizwan (1) ===
* ipatests: Test certmonger IPA responder switched to JSONRPC
[
https://pagure.io/freeipa/c/25eebb21a2f85817691ce65c431d6b5de3bebe3b commit]
[
https://pagure.io/freeipa/issue/3299 #3299]
=== Rob Crittenden (25) ===
* Skip the ACME mod_md test when the client is in enforcing mode
[
https://pagure.io/freeipa/c/2d576d5b4b1e9e0c43aafde7636c6a25b5ca294f commit]
[
https://pagure.io/freeipa/issue/8514 #8514]
* Increase timeout for krbtpolicy to 4800
[
https://pagure.io/freeipa/c/28ed75ca0251724e34a447174ae775edca9763e2 commit]
[
https://pagure.io/freeipa/issue/8589 #8589]
* Enable the ccache sweep systemd timer
[
https://pagure.io/freeipa/c/068d08577d97258267917f81363a1a033a681803 commit]
[
https://pagure.io/freeipa/issue/8589 #8589]
* ipatests: test that stale caches are removed using the sweeper
[
https://pagure.io/freeipa/c/22fa1a7e5c49a677b55f71d95d47cc58e0f29c57 commit]
[
https://pagure.io/freeipa/issue/8589 #8589]
* Generate a unique cache for each connection
[
https://pagure.io/freeipa/c/51b186b6033bafaa39a2b0544b5cdc9c0298208c commit]
[
https://pagure.io/freeipa/issue/8589 #8589]
* Convert reset_to_default_policy into a pytest fixture
[
https://pagure.io/freeipa/c/848dffb59273493ef3abde2a86864e85c8d19eff commit]
[
https://pagure.io/freeipa/issue/8589 #8589]
* VERSION: back to git snapshots
[
https://pagure.io/freeipa/c/2e1cbcb7783704ef5d6c883e55003acac4ee1553
commit] * ipatests: Test that ipa-ca.$domain can retrieve CRLs without
redirect
[
https://pagure.io/freeipa/c/b478bf99d9f158dabae145169f242b2b5d26404c
commit] [
https://pagure.io/freeipa/issue/8595 #8595]
* Allow Apache to answer to ipa-ca requests without a redirect
[
https://pagure.io/freeipa/c/4ba6a0371b6d12adf46a654356468e52bf3ee33f commit]
[
https://pagure.io/freeipa/issue/8595 #8595]
* Move where the restore state is marked during IPA server upgrade
[
https://pagure.io/freeipa/c/20055ddaf169787c041f0baf0bd0cdca1f5fe7b5 commit]
[
https://pagure.io/freeipa/issue/7534 #7534]
* Reorder when ACME is enabled to fix failure on upgrade
[
https://pagure.io/freeipa/c/ea67962d5d2b4812234bb6c22c85b7716951b2f9 commit]
[
https://pagure.io/freeipa/issue/8603 #8603]
* Remove test for minimum ACME support and rely on package deps
[
https://pagure.io/freeipa/c/0d6caf5d0eae315797b36abfe8444827bdd71fb7
commit] * Require PKI 10.10+ for KRA profile and ACME support
[
https://pagure.io/freeipa/c/3e530e93c37ee71a560714e26285cd85e71557c9
commit] [
https://pagure.io/freeipa/issue/8524 #8524],
[
https://pagure.io/freeipa/issue/8545 #8545]
* Test that the KRA profiles can renewal its three certificates
[
https://pagure.io/freeipa/c/bd4771d75f8549fe1790540764f23d47bf3d187c commit]
[
https://pagure.io/freeipa/issue/8545 #8545]
* Change KRA profiles in certmonger tracking so they can renew
[
https://pagure.io/freeipa/c/a9e1c014f601a567f4aa5135d02883c498835268 commit]
[
https://pagure.io/freeipa/issue/8545 #8545]
* ipatests: Increase timeout for ACME in gating.yaml
[
https://pagure.io/freeipa/c/17f293e9da0375bac4871c0100c6146a8c2f8e55 commit]
[
https://pagure.io/freeipa/issue/8581 #8581]
* ipatests: honor class inheritance in TestACMEwithExternalCA
[
https://pagure.io/freeipa/c/75ad5757528491616f7f4e596bb9f6b152944d99 commit]
[
https://pagure.io/freeipa/issue/8581 #8581]
* ipatests: configure MDStoreDir for mod_md ACME test
[
https://pagure.io/freeipa/c/b474b263ed0161ba8411cc84014e4d08a44ac15f commit]
[
https://pagure.io/freeipa/issue/8581 #8581]
* ipatests: Clean up existing ACME registration and certs
[
https://pagure.io/freeipa/c/5d286e79515c8a6c856a5acde6300271422acfac commit]
[
https://pagure.io/freeipa/issue/8581 #8581]
* ipatests: Configure a replica in TestACMEwithExternalCA
[
https://pagure.io/freeipa/c/de5baf8516cde060f1606070b2a8824f71178f16 commit]
[
https://pagure.io/freeipa/issue/8581 #8581]
* ipatests: call the CALess install method to generate the CA
[
https://pagure.io/freeipa/c/3cd6b81a68be98ae9f60da67d2bc640831f0cf0c commit]
[
https://pagure.io/freeipa/issue/8581 #8581]
* ipatests: Test that Match ProxyCommand masks on no shell exec
[
https://pagure.io/freeipa/c/d89e3abf2714092baae1607afd83da1c944d6c9f commit]
[
https://pagure.io/freeipa/issue/7676 #7676]
* Create IPA ssh client configuration and move ProxyCommand
[
https://pagure.io/freeipa/c/a525b2ebf01ffff83d0a5925035f4be0fc5c700c commit]
[
https://pagure.io/freeipa/issue/7676 #7676]
* ipatests: Test that ipa-certupdate can run without credentials
[
https://pagure.io/freeipa/c/4941d3d4b1ba10ccddf5429463debcefac6fbd9f commit]
[
https://pagure.io/freeipa/issue/8531 #8531]
* Use host keytab to obtain credentials needed for ipa-certupdate
[
https://pagure.io/freeipa/c/1a09ce9f3fa503eeefe394856be538892652accf commit]
[
https://pagure.io/freeipa/issue/8531 #8531]
=== Robbie Harwood (1) ===
* Fix krbtpolicy tests
[
https://pagure.io/freeipa/c/17a4198a666453dbec55409d4e2acc37a37b57ac commit]
[
https://pagure.io/freeipa/issue/8590 #8590]
=== Sudhir Menon (2) ===
* ipatests: support subordinate upn suffixes
[
https://pagure.io/freeipa/c/7e605e958ef6d41584afc238433669c15458ac67
commit] * ipatests: Tests for ipahealthcheck.ds.nss_ssl
[
https://pagure.io/freeipa/c/46f114d9e751b2a092b975b909f0e890257a507d
commit]
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedoraho...
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland