stable

freeipa-4.8.6-1.fc32

FEDORA-2020-e3a79248dc created by abbra 4 years ago for Fedora 32

New upstream release. Please see release notest at https://www.freeipa.org/page/Releases/4.8.6 and https://www.freeipa.org/page/Releases/4.8.5

Major highlights:

  • openDNSSEC 2.1 support
  • AJP connector protection for Dogtag/FreeIPA communication for CVE-2020-1938 mitigation. Fedora and RHEL do not force encrypted AJP connector by default with 9.0.31 but FreeIPA 4.8.5 will convert to encrypted AJP channel on upgrade or at a new deployment. Use of AJP is limited to localhost connections with integrated CA already.
  • Default authentication indicators are now documented in FreeIPA workshop, https://freeipa.readthedocs.io/en/latest/workshop/11-kerberos-ticket-policy.html
  • FreeIPA SELinux policy is now part of the upstream packaging and replaces distribution-wide policies.
  • New internal mechanism to promote Trust Agents in ipa-adtrust-install, to allow configuring schema compatibility plugin on remote replicas.
  • New "ipa-cacert-manage delete" command to allow pruning a CA certificate from LDAP store

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2020-e3a79248dc

This update has been submitted for testing by abbra.

4 years ago

This update's test gating status has been changed to 'waiting'.

4 years ago

This update's test gating status has been changed to 'ignored'.

4 years ago

This update has been pushed to testing.

4 years ago
User Icon adamwill commented & provided feedback 4 years ago
karma

openQA tests are failing. See bug report.

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

4 years ago

abbra edited this update.

New build(s):

  • freeipa-4.8.6-1.fc32

Removed build(s):

  • freeipa-4.8.5-2.fc32

Karma has been reset.

4 years ago

This update has been submitted for testing by abbra.

4 years ago
User Icon abbra commented & provided feedback 4 years ago

OpenQA tests passed. There is one AVC related to pcscd, not connected to FreeIPA at all.

abbra edited this update.

4 years ago
User Icon adamwill commented & provided feedback 4 years ago
karma

yeah, that's happening on all tests, so this LGTM to now. Thanks!

BZ#1810963 Support OpenDNSSEC 2.1 in FreeIPA
BZ#1812169 Running ipa-replica-install fails with Certificate issuance failed (CA_UNREACHABLE: Server at https://ipa-master.example.test/ipa/xml failed request, will retry: 4016 (RPC failed at server. Failed to authenticate to CA REST API).)

This update has been pushed to testing.

4 years ago

This update's test gating status has been changed to 'greenwave_failed'.

4 years ago

This update's test gating status has been changed to 'ignored'.

4 years ago
User Icon kuosmanen commented & provided feedback 4 years ago
karma

basic funtionality tested. Works fine.

This update can be pushed to stable now if the maintainer wishes

4 years ago

This update has been submitted for stable by abbra.

4 years ago

This update has been pushed to stable.

4 years ago

Please login to add feedback.

Metadata
Type
enhancement
Severity
medium
Karma
2
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
4 years ago
in testing
4 years ago
in stable
4 years ago
modified
4 years ago
BZ#1810963 Support OpenDNSSEC 2.1 in FreeIPA
0
1
BZ#1812169 Running ipa-replica-install fails with Certificate issuance failed (CA_UNREACHABLE: Server at https://ipa-master.example.test/ipa/xml failed request, will retry: 4016 (RPC failed at server. Failed to authenticate to CA REST API).)
0
1

Automated Test Results