The FreeIPA team would like to announce FreeIPA 4.6.1 release!

It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for Fedora 26 and 27 are available in the official COPR repository.

Highlights in 4.6.1#

Known Issues#

PyPI packages are broken since 4.6.0 #7132

Bug fixes#

FreeIPA 4.6.1 is a stabilization release for the features delivered as a part of 4.6.0. There are more than 10 bug-fixes details of which can be seen in the list of resolved tickets below.

Upgrading#

Upgrade instructions are available on Upgrade page.

Feedback#

Please provide comments, bugs and other feedback via the freeipa-users mailing list (https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/) or #freeipa channel on Freenode.

Resolved tickets#

  • #7157 [tracker] pyasn1 fails to parse kerberos principal name

  • #7150 Ipa-server-install update dse.ldif with wrong SELinux context

  • #7143 “unknown command ‘undefined’” error when changing user’s password via the web UI

  • #7135 Server deployment still sets up Firefox extension, this is no longer necessary and broken on F27+

  • #7129 ipa-server/replica-install fails with: “exception: BytesWarning: Comparison between bytes and string” when using ‘–dirsrv-config-file’ parameter

  • #7119 kdc_proxy: kinit admin fails with “Cannot contact any KDC for realm ‘IPA.TEST’ while getting initial credentials”

  • #7115 ipa-pki-retrieve-key: failure results in crash report

  • #7081 [ipatests] - installutils.is_ipa_configured() - users other then root cannot check if IPA is configured

  • #7027 Use TLS for cert-find

  • #6874 pylint 1.7.1 fails

  • #6848 Test IPA with OpenSSL-base libcurl for Fedora 27

  • #6566 [py3] session cookie not found with py3

  • #5121 [py3] Remove unnecessary calls to dict.keys()

Detailed changelog since 4.6.0#

Alexander Bokovoy (3)#

  • Make sure upgrade also checks for IPv6 stack commit #7083

  • OTP import: support hash names with HMAC- prefix commit #7146

  • dsinstance: Restore context after changing dse.ldif commit #7150

Felipe Volpone (2)#

  • Changing idoverrideuser-* to treat objectClass case insensitively commit #7074

  • Fixing how sssd.conf is updated when promoting a client to replica commit #7127

Florence Blanc-Renaud (3)#

  • Fix ipa-server-upgrade with server cert tracking commit #7141

  • Python3: Fix winsync replication agreement commit #7131

  • Fix ipa config-mod –ca-renewal-master commit #7120

Fraser Tweedale (2)#

  • ipa-pki-retrieve-key: ensure we do not crash commit #7115

  • issue_server_cert: avoid application of str to bytes commit #7131

Martin Basti (1)#

Petr Vobornik (1)#

  • browser config: cleanup after removal of Firefox extension commit #7135

Pavel Vomacka (3)#

  • WebUI: Fix calling undefined method during reset passwords commit #7143

  • WebUI: remove unused parameter from get_whoami_command commit #7143

  • Adds whoami DS plugin in case that plugin is missing commit #7126

Rob Crittenden (2)#

  • Add exec to /var/lib/ipa/sysrestore for install status inquiries commit #7081

  • Use TLS for the cert-find operation commit #7027

Stanislav Laznicka (28)#

  • Don’t write p11-kit EKU extension object if no EKU commit #7119

  • pylint: fix missing module commit

  • travis: run the same tests in python2/3 commit #7131

  • certmap testing: fix wrong cert construction commit #7131

  • ldap2: don’t use decode() on str instance commit #7131

  • client: fix retrieving certs from HTTP commit #7131

  • uninstall: remove deprecation warning commit #7131

  • ldif: handle attribute names as strings commit #7129

  • pkinit: fix sorting dictionaries commit #7131

  • pkinit: don’t fail when no pkinit servers found commit #7144

  • travis: remove “fast” from “makecache fast” commit #6874

  • Change Travis CI container to FreeIPA-owned commit #6874

  • Change the requirements for pylint in wheel commit #6874

  • rpcserver: don’t call xmlserver.Command commit #6874

  • secrets: disable relative-imports for custodia commit #6874

  • pylint: disable __hash__ for some classes commit #6874

  • install.util: disable no-value-for-parameter commit #6874

  • pylint: make unsupported-assignment-operation check local commit #6874

  • sudocmd: fix unsupported assignment commit #6874

  • pylint: Iterate through dictionaries commit #6874

  • parameters: convert Decimal.precision to int commit #6874

  • dcerpc: disable unbalanced-tuple-unpacking commit #6874

  • dcerpc: refactor assess_dcerpc_exception commit #6874

  • pylint: fix no-member in schema plugin commit #6874

  • csrgen: fix incorrect codec for pyasn BitString commit #6874

  • pylint: fix not-context-manager false positives commit #6874

  • Travis: archive logs of py3 jobs commit

  • travis: temporary workaround for Travis CI commit

Tomas Krizek (6)#

  • Become IPA 4.6.1 commit

  • Update contributors commit

  • Update translations commit

  • spec: bump python-pyasn1 to 0.3.2-2 commit #7157

  • prci: use f26 template for master commit

  • VERSION: set back to git snapshot commit