Comments
frenaud
Issue https://github.com/dogtagpki/pki/issues/4878 is fixed with this update.
Tested server installation, works well
Tested with - FEDORA-2025-6b7eba9a90 (softhsm-2.6.1-11.1.fc41) - FEDORA-2025-83633f8bbb (freeipa-4.12.2-8.fc41) - FEDORA-2025-5f71c114eb (opendnssec-2.1.14-1.fc41)
server installation, configuration of the master as dnssec master, addition of a dnssec-enabled zone, works well
Tested with - FEDORA-2025-6b7eba9a90 (softhsm-2.6.1-11.1.fc41) - FEDORA-2025-83633f8bbb (freeipa-4.12.2-8.fc41) - FEDORA-2025-5f71c114eb (opendnssec-2.1.14-1.fc41)
server installation, configuration of the master as dnssec master, addition of a dnssec-enabled zone, works well
Tested with - FEDORA-2025-6b7eba9a90 (softhsm-2.6.1-11.1.fc41) - FEDORA-2025-83633f8bbb (freeipa-4.12.2-8.fc41) - FEDORA-2025-5f71c114eb (opendnssec-2.1.14-1.fc41)
server installation, configuration of the master as dnssec master, addition of a dnssec-enabled zone, works well
CVE properly fixed
The CVE is properly fixed.
Works for me. Tested server installation with CA, KRA, DNS and replica installation with CA, KRA, DNS
Works for me. Tested server installation with CA, KRA, DNS and replica installation with CA, KRA, DNS
Works for me. Tested server installation with CA, KRA, DNS and replica installation with CA, KRA, DNS
This update fixes the regression that was introduced with python-dns-2.4.2-2.fc39 in FreeIPA tests.
Tested upgrade, server install, replica install with CA, DNS and KRA, uninstall The command "dnf swap nfs-utils nfsv4-client-utils" is also working and allows to use nfsv4-client-utils instead of nfs-utils.
Tested upgrade, server install, replica install with CA, DNS and KRA, uninstall The command "dnf swap nfs-utils nfsv4-client-utils" is also working and allows to use nfsv4-client-utils instead of nfs-utils.
With this update FreeIPA is facing a regression in a DNSSEC test. The issue is described in https://pagure.io/freeipa/issue/9585 A client querying a signed record fails to retrieve it.
Tested with ipa server and replica, the backup-restore issue is fixed.
Test installation and CSRF protection, works well
Tested installation and CSRF protection, works well
Tested installation and CSRF protection, works well
The update fixes a similar issue to BZ#2252567 for freeipa: without the patch, our wsgi python script fails because the annotation in https://github.com/pyca/cryptography/blob/bbf3003f518d81b23adc114f2da436d11d877e59/src/cryptography/hazmat/primitives/serialization/ssh.py#L88-L96 is not applied, and the import of cryptography.x509.base fails. With the patch our code works well.
Works for me and correctly fixes ticket https://github.com/freeipa/freeipa-healthcheck/issues/350