Hello!
The FreeIPA team would like to announce FreeIPA 4.8.10 release!
It can be downloaded from
http://www.freeipa.org/page/Downloads. Builds
for Fedora distributions will be available from the official repository
soon.
Fedora 33:
https://bodhi.fedoraproject.org/updates/FEDORA-2020-e9e815177e
Fedora 32:
https://bodhi.fedoraproject.org/updates/FEDORA-2020-6f072665c6
== Highlights in 4.8.10
* 8275: Support systemd-resolved
FreeIPA DNS servers now detect systemd-resolved and configure it to
pass through itself.
* 8404: Detect and fail if not enough memory is available for
installation
FreeIPA server now requires at least 1.2 GiB RAM for installation to
prevent performance degradation.
* 8488: SELinux blocks custodia key replication / retrieval for sub-CAs
SELinux: Make sure ipa_custodia_t has the necessary rights ; add
dedicated policy rules for ipa-pki-retrieve-key.
* 8490: It is not possible to edit KDC database when the FreeIPA server
is running
kadmin.local command 'getprincs' is now supported
* 8503: pkispawn logs files are empty
On recent versions of Dogtag PKI, pkispawn does not create logs by
default, making debugging failed IPA installs impossible. Invoke
pkispawn with --debug to revert to the previous behavior.
* 8507: [WebUI] Backport jQuery patches from newer versions of the
library (e.g. 3.5.0)
Support reproducible builds for jQuery library
=== Enhancements
=== Known Issues
=== Bug fixes
FreeIPA 4.8.10 is a stabilization release for the features delivered as
a part of 4.8.10 version series.
There are more than 20 bug-fixes details of which can be seen in the
list of resolved tickets below.
== Upgrading
Upgrade instructions are available on Upgrade page.
== Feedback
Please provide comments, bugs and other feedback via the freeipa-users
mailing list
(
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorah...)
or #freeipa channel on Freenode.
== Resolved tickets
*
https://pagure.io/freeipa/issue/5914[#5914]
(
https://bugzilla.redhat.com/show_bug.cgi?id=1298288[rhbz#1298288])
invalid setting of DS lock table size
*
https://pagure.io/freeipa/issue/6115[#6115]
(
https://bugzilla.redhat.com/show_bug.cgi?id=1357495[rhbz#1357495]) ipa
command provides stack trace when provided with single hypen commands
*
https://pagure.io/freeipa/issue/7125[#7125]
(
https://bugzilla.redhat.com/show_bug.cgi?id=1480102[rhbz#1480102])
ipa-server-upgrade failes with "This entry already exists"
*
https://pagure.io/freeipa/issue/8204[#8204]
(
https://bugzilla.redhat.com/show_bug.cgi?id=1810148[rhbz#1810148])
ipa-server-certinstall -> certmonger add_subject template-subject dbus
'unable to set arguments' a\{sv}
*
https://pagure.io/freeipa/issue/8248[#8248] httpd ccaches created
during server upgrade aren't cleaned up on uninstall/install
*
https://pagure.io/freeipa/issue/8275[#8275]
(
https://bugzilla.redhat.com/show_bug.cgi?id=1880628[rhbz#1880628])
Support systemd-resolved
*
https://pagure.io/freeipa/issue/8344[#8344] Nightly test failure in
test_smb.py::TestSMB::test_smb_service_s4u2self
*
https://pagure.io/freeipa/issue/8383[#8383] Test with dnspython 2.0
*
https://pagure.io/freeipa/issue/8404[#8404] Detect and fail if not
enough memory is available for installation
*
https://pagure.io/freeipa/issue/8443[#8443] ipa delegation-add can add
permissions and attributes several times
*
https://pagure.io/freeipa/issue/8446[#8446] ipa dnszone-add ignores
--name-from-ip option if name is given
*
https://pagure.io/freeipa/issue/8458[#8458] auto-upgrade will never
happen for existing installations
*
https://pagure.io/freeipa/issue/8468[#8468] [pylint] new warnings on
dev branch
*
https://pagure.io/freeipa/issue/8472[#8472] [tracker] Nightly test
failure in test_ipahealthcheck.py::TestIpaHealthCheckWithExternalCA
*
https://pagure.io/freeipa/issue/8473[#8473] Nightly test failure in
all webui tests: Invalid or corrupt jarfile /opt/selenium.jar
*
https://pagure.io/freeipa/issue/8474[#8474] Mozilla's NSS without DBM
*
https://pagure.io/freeipa/issue/8475[#8475] Azure: tox task and
virtualenv 20+
*
https://pagure.io/freeipa/issue/8481[#8481] Nightly test failure in
rawhide in tasks.configure_dns_for_trust
*
https://pagure.io/freeipa/issue/8488[#8488]
(
https://bugzilla.redhat.com/show_bug.cgi?id=1868432[rhbz#1868432])
SELinux blocks custodia key replication / retrieval for sub-CAs
*
https://pagure.io/freeipa/issue/8490[#8490]
(
https://bugzilla.redhat.com/show_bug.cgi?id=1875001[rhbz#1875001]) It
is not possible to edit KDC database when the FreeIPA server is running
*
https://pagure.io/freeipa/issue/8491[#8491] Unindexed searches in
FreeIPA git master
*
https://pagure.io/freeipa/issue/8494[#8494] Azure Pipelines are broken
due to docker compose tool upgrade
*
https://pagure.io/freeipa/issue/8503[#8503]
(
https://bugzilla.redhat.com/show_bug.cgi?id=1879604[rhbz#1879604])
pkispawn logs files are empty
*
https://pagure.io/freeipa/issue/8505[#8505] Nightly failure (fedora31)
in test_integration/test_smb.py::TestSMB::test_smb_service_s4u2self
*
https://pagure.io/freeipa/issue/8507[#8507] [WebUI] Backport jQuery
patches from newer versions of the library (e.g. 3.5.0)
*
https://pagure.io/freeipa/issue/8511[#8511] The selinux subpackage
does not have a requirement to match the server install
*
https://pagure.io/freeipa/issue/8512[#8512] Import of psutil can
trigger SELinux violation
*
https://pagure.io/freeipa/issue/8513[#8513]
(
https://bugzilla.redhat.com/show_bug.cgi?id=1868432[rhbz#1868432])
SELinux module fails to load: Re-declaration of type node_t
*
https://pagure.io/freeipa/issue/8515[#8515]
(
https://bugzilla.redhat.com/show_bug.cgi?id=1882340[rhbz#1882340])
nsslapd-db-locks patching no longer works
== Detailed changelog since 4.8.9
Detailed changelog is available at
https://www.freeipa.org/page/Releases/4.8.10
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland