Comments

77 Comments
karma

This update fixes the regression that was introduced with python-dns-2.4.2-2.fc39 in FreeIPA tests.

BZ#2263657 python-dns-2.6.1 is available
karma

Tested upgrade, server install, replica install with CA, DNS and KRA, uninstall The command "dnf swap nfs-utils nfsv4-client-utils" is also working and allows to use nfsv4-client-utils instead of nfs-utils.

BZ#2237130 freeipa-client depends on nfs-utils
karma

Tested upgrade, server install, replica install with CA, DNS and KRA, uninstall The command "dnf swap nfs-utils nfsv4-client-utils" is also working and allows to use nfsv4-client-utils instead of nfs-utils.

BZ#2237130 freeipa-client depends on nfs-utils
karma

With this update FreeIPA is facing a regression in a DNSSEC test. The issue is described in https://pagure.io/freeipa/issue/9585 A client querying a signed record fails to retrieve it.

Tested with ipa server and replica, the backup-restore issue is fixed.

BZ#2274188 With IPA, backup-restore using LMDB backend breaks CA functionality
karma

Test installation and CSRF protection, works well

BZ#2257646 CVE-2023-5455 freeipa: ipa: Invalid CSRF protection [fedora-all]
karma

Tested installation and CSRF protection, works well

BZ#2257646 CVE-2023-5455 freeipa: ipa: Invalid CSRF protection [fedora-all]
karma

Tested installation and CSRF protection, works well

BZ#2257646 CVE-2023-5455 freeipa: ipa: Invalid CSRF protection [fedora-all]

The update fixes a similar issue to BZ#2252567 for freeipa: without the patch, our wsgi python script fails because the annotation in https://github.com/pyca/cryptography/blob/bbf3003f518d81b23adc114f2da436d11d877e59/src/cryptography/hazmat/primitives/serialization/ssh.py#L88-L96 is not applied, and the import of cryptography.x509.base fails. With the patch our code works well.

BZ#2252567 Python 3.12.0-1 breaks Flask apps running from subinterpreters

Works for me: ipa_ods_exporter check is removed and stopping dirsrv does not make healthcheck traceback.

ipa-healthcheck --list-sources | grep ipa_ods_exporter

systemctl stop dirsrv@IPA-TEST.service

ipa-healthcheck --source ipahealthcheck.meta --check krb5kdc

Source 'ipahealthcheck.meta' is missing one or more requirements 'dirsrv'

Works for me: ipa_ods_exporter check is removed and stopping dirsrv does not make healthcheck traceback.

ipa-healthcheck --list-sources | grep ipa_ods_exporter

systemctl stop dirsrv@IPA-TEST.service

ipa-healthcheck --source ipahealthcheck.meta --check krb5kdc

Source 'ipahealthcheck.meta' is missing one or more requirements 'dirsrv'

Works for me: ipa_ods_exporter check is removed and stopping dirsrv does not make healthcheck traceback.

ipa-healthcheck --list-sources | grep ipa_ods_exporter

systemctl stop dirsrv@IPA-TEST.service

ipa-healthcheck --source ipahealthcheck.meta --check krb5kdc

Source 'ipahealthcheck.meta' is missing one or more requirements 'dirsrv'

Thanks for the update, works for me. Tested certificate revocation and pwpolicy.

Works for me, tested on fedora 39 with freeipa-server-4.11.0-6.fc39.x86_64

Works for me, tested on f38 with freeipa-server-4.10.2-1.fc38.x86_64

karma

Update works for me and solves https://pagure.io/freeipa/issue/9466

Works fine with the master branch of freeipa, fixes https://github.com/freeipa/freeipa-healthcheck/issues/298