| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search | 
| Name: ipa-selinux-nfast | Distribution: CentOS | 
| Version: 4.12.2 | Vendor: CentOS | 
| Release: 23.el10 | Build date: Thu Jul 31 16:13:06 2025 | 
| Group: Unspecified | Build host: aarch64-01.stream.rdu2.redhat.com | 
| Size: 10292 | Source RPM: ipa-4.12.2-23.el10.src.rpm | 
| Packager: builder@centos.org | |
| Url: http://www.freeipa.org/ | |
| Summary: FreeIPA SELinux policy for nCipher nfast HSMs | |
Custom SELinux policy module for nCipher nfast HSMs
GPL-3.0-or-later
* Wed Jul 30 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-23 - Resolves: RHEL-105973 Include fixes in python3-ipatests package - Resolves: RHEL-105513 kdb: prevent double crash in RBCD ACL free - Resolves: RHEL-101708 ipatests: use "sos report" instead of "sosreport" command - Resolves: RHEL-95733 Incorrect use of external IdP GitHub trademark - Resolves: RHEL-95374 eDNS: multiple issues during encrypted DNS setup * Thu Jun 26 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-22 - Resolves: RHEL-95374 eDNS: multiple issues during encrypted DNS setup - Resolves: RHEL-89893 ipa: Privilege escalation from host to domain admin in FreeIPA - Resolves: RHEL-99316 Include latest fixes in python3-ipatests package - Resolves: RHEL-97053 ipa-idrange-fix: 'Env' object has no attribute 'basedn' - Resolves: RHEL-96936 Nightly test failure (rawhide) in test_trust.py::TestTrust::test_server_option_with_unreachable_ad - Resolves: RHEL-49440 kdb: support storing and retrieving multiple master keys * Thu Jun 12 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-21 - Related: RHEL-89870 Bump NVR, rebuild required after infra issue * Wed Jun 11 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-20 - Related: RHEL-89870 * Thu Jun 05 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-19 - Related: RHEL-89979 Bump version and rebuild because of rpm issue * Wed Jun 04 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-18 - Resolves: RHEL-89979 Support OpenSSL provider API - Resolves: RHEL-25007 [RFE] Give warning when adding user with UID out of any ID range - Resolves: RHEL-93484 Unable to modify IPA config; --ipaconfigstring="" causes internal error - Resolves: RHEL-89834 Include latest fixes in python3-ipatests package - Resolves: RHEL-88833 kdb: ipadb_get_connection() succeeds but returns null LDAP context - Resolves: RHEL-79072 ipa idrange-add --help should be more clear about required options - Resolves: RHEL-68803 ipa-migrate with LDIF file from backup of remote server, fails with error 'change collided with another change' - Resolves: RHEL-30825 IDM - When creating an ID range, should require a RID * Tue Apr 29 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-17 - Resolves: RHEL-88043 Server installation: dot-forwarder not added as a forwarder - Resolves: RHEL-86481 Include latest fixes in python3-ipatests package - Resolves: RHEL-85788 ipa-sidgen: fix memory leak in ipa_sidgen_add_post_op() - Resolves: RHEL-88899 [RFE] Add check on CA cert expiry for ipa-cert-fix * Mon Mar 24 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-16 - Resolves: RHEL-84648 ipa-cacert-manage install fails with CAs having the same subject DN (subject key mismatch info) - Resolves: RHEL-84279 IPU 9 -> 10: ipa-server breaks the in-place upgrade due to failed scriptlet - Resolves: RHEL-84275 Search size limit tooltip has Search time limit tooltip text - Resolves: RHEL-81200 Ipa client --raw --structured throws internal error - Resolves: RHEL-68803 ipa-migrate with LDIF file from backup of remote server, fails with error 'change collided with another change' - Resolves: RHEL-67686 [RFE] IDM support UIDs up to 4,294,967,293 - Resolves: RHEL-67633 ipa-healthcheck has tests which call fips-mode-setup - Resolves: RHEL-4845 Protect *all* IPA service principals * Wed Feb 12 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-15 - Resolves: RHEL-67912 Add DNS over TLS Support * Tue Feb 11 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-14 - Resolves: RHEL-78766 Include latest fixes in python3-ipatests package - Resolves: RHEL-77965 ipa-server-install failing on slow hsm * Tue Feb 11 2025 Thomas Woerner <twoerner@redhat.com> - 4.12.2-13 - Resolves: RHEL-67912 Add DNS over TLS Support, Require bind 32:9.18.33-2 and new bind-dyndb-ldap 11.11-1 * Tue Jan 28 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-12 - Resolves: RHEL-72580 A slow HSM can cause IPA server installation to fail setting up certificate tracking * Wed Jan 22 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-11 - Resolves: RHEL-75658 Include latest fixes in python3-ipatests package - Resolves: RHEL-74466 kinit with external idp user is failing * Thu Jan 16 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-10 - Resolves: RHEL-72580 A slow HSM can cause IPA server installation to fail setting up certificate tracking - Resolves: RHEL-71964 KRA installation failure caused by a certificate mismatch in NSS DB and configuration file - Resolves: RHEL-71262 Include latest fixes in python3-ipatests package - Resolves: RHEL-67190 CVE-2024-11029 ipa: Administrative user data leaked through systemd journal * Wed Dec 11 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-9 - Resolves: RHEL-70759 Fix typo in ipa-migrate log file i.e 'Privledges' to 'Privileges' - Resolves: RHEL-70477 ipa-server-upgrade fails after established trust with ad - Resolves: RHEL-70253 Upgrade to ipa-server-4.12.2-1.el9 OTP-based bind to LDAP without enforceldapotp is broken - Resolves: RHEL-69926 add support for python cryptography 44.0.0 - Resolves: RHEL-69635 All user groups are not being included during HSM token validation * Wed Nov 27 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-8 - Resolves: RHEL-69300 Support GSSAPI in Cockpit on IPA servers - Resolves: RHEL-68447 ipa trust-add fails in FIPS mode with an internal error has occurred - Resolves: RHEL-57674 Use RSNv3 and enable cert pruning by default in RHEL 10.0 * Fri Nov 08 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-7 - Resolves: RHEL-66599 vault-add fails in FIPS mode - Resolves: RHEL-66598 ipa-migrate should also migrate DNS forward zones - Resolves: RHEL-66597 ipa-migrate in stage mode fails with TypeError: 'NoneType' object is not iterable - Resolves: RHEL-66595 Sentences truncated in man pages - Resolves: RHEL-66592 IDP configuration in the IdM WebUI shows Organization is required - Resolves: RHEL-65650 ipa-server-install with setup-dns fails 'job for ipa.service failed because the control process exited with error code' * Thu Oct 31 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-6 - Resolves: RHEL-64018 Bump release for October 2024 mass rebuild * Tue Oct 29 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-5 - Resolves: RHEL-61636 Uninstall ACME separately during PKI uninstallation * Mon Oct 21 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-4 - Related: RHEL-59777 Rebase Samba to the latest 4.21.x release - Resolves: RHEL-59659 ipa dns-zone --allow-query '!198.18.2.0/24;any;' fails with Unrecognized IPAddress flags - Resolves: RHEL-61636 Uninstall ACME separately during PKI uninstallation - Resolves: RHEL-61723 Include latest fixes in python3-ipatests packages - Resolves: RHEL-63325 Last expired OTP token would be considered as still assigned to the user * Tue Sep 24 2024 Rafael Guteres Jeffman <rjeffman@redhat.com> - 4.12.2-3 - Resolves: RHEL-33818 Remove python3-ipalib's dependency on python3-netifaces * Wed Sep 18 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-2 - Resolves: RHEL-47294 SID generation task is failing when SELinux is in Enforcing mode - Resolves: RHEL-56472 Include latest fixes in python3-ipatests packages - Resolves: RHEL-56917 RFE add a tool to quickly detect and fix issues with IPA ID ranges - Resolves: RHEL-56965 Backport test fixes in python3-ipatests - Resolves: RHEL-58067 ipa replication installation fails in FIPS mode on rhel10 - Resolves: RHEL-59265 Default hbac rules are duplicated on remote server post ipa-migrate in prod-mode - Resolves: RHEL-59266 Also enable SSSD's ssh service when enabling sss_ssh_knownhosts * Thu Aug 22 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-1 - Resolves: RHEL-54545 Covscan issues: Resource Leak - Resolves: RHEL-54304 support for python cryptography 43.0.0 - Resolves: RHEL-49805 misleading warning for missing ipa-selinux-nfast package on luna hsm h/w - Resolves: RHEL-46897 With unreachable AD, ipa trust returns an internal error * Thu Aug 08 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.1-4 - Resolves: RHEL-53501 adtrustinstance only prints issues in check_inst() and does not log them - Resolves: RHEL-52305 Unconditionally add MS-PAC to global config - Resolves: RHEL-52223 ipa-replica/server-install with softhsm needs to check permission/ownership of /var/lib/softhsm/tokens to avoid install failure - Resolves: RHEL-51937 Include latest fixes in python3-ipatests packages - Resolves: RHEL-50805 ipa-migrate -Z with invalid cert options fails with 'ValueError: option error' - Resolves: RHEL-49805 misleading warning for missing ipa-selinux-nfast package on luna hsm h/w - Resolves: RHEL-49592 'Unable to log in as uid=admin-replica.testrealm.test,ou=people,o=ipaca' during replica install - Resolves: RHEL-4879 RFE - Keep the configured value for the "nsslapd-ignore-time-skew" after a "force-sync" * Thu Jul 18 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.1-3 - Resolves: RHEL-49452 Include latest fixes in python3-ipatests packages - Resolves: RHEL-49433 Adjust "ipa config-mod --addattr ipaconfigstring=EnforceLDAPOTP" to allow for non OTP users in some cases - Resolves: RHEL-49432 ipa-migrate stage-mode is failing with error: Modifying a mapped attribute in a managed entry is not allowed - Resolves: RHEL-49413 ipa-migrate with -Z option fails with ValueError: option error - Resolves: RHEL-47157 ipa-migrate -V options fails to display version - Resolves: RHEL-47148 Pagure #9629: Syntax error uninstalling the selinux-luna subpackage - Resolves: RHEL-40892 ipa-server-install: token_password_file read in kra.install_check after calling hsm_validator in ca.install_check * Mon Jul 08 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.1-2 - Resolves: RHEL-46607 kdc.crt certificate not getting automatically renewed by certmonger in IPA Hidden replica - Resolves: RHEL-46606 ipa-client rpm post script creates always ssh_config.orig even if nothing needs to be changed - Resolves: RHEL-46605 IPA Web UI not showing replication agreement for non-admin users - Resolves: RHEL-46592 [RFE] Allow IPA SIDgen task to continue if it finds an entity that SID can't be assigned to - Resolves: RHEL-46556 Include latest fixes in python3-ipatests packages - Resolves: RHEL-42705 PSKC.xml issues with ipa_otptoken_import.py * Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 4.12.1-1.1 - Bump release for June 2024 mass rebuild * Wed Jun 12 2024 Julien Rische <jrische@redhat.com> - 4.12.1-1 - Resolves: RHEL-32233 CVE-2024-3183 freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force - Resolves: RHEL-40881 CVE-2024-2698 freeipa: delegation rules allow a proxy service to impersonate any user to access another target service * Tue Jun 04 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.0-1 - Resolves: RHEL-39144 Rebase ipa to the latest 4.12 version for RHEL 10 - Resolves: RHEL-30537 ipa: freeipa: argument injection into the username field of the /ipa/session/login_password requests * Thu Feb 22 2024 Troy Dawson <tdawson@redhat.com> - 4.11.1-4 - Bump release to rebuild on correct samba * Thu Feb 08 2024 Alexander Bokovoy <abokovoy@redhat.com> - 4.11.1-3 - Support 389-ds with lmdb backend * Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 4.11.1-2 - Rebuild against Samba 4.20rc1 - Fix memory leak in Kerberos KDC driver - Fix possible crash in IPA command line tool when accessing Kerberos credentials - Compatibility fix for Python Cryptography 42.0.0 - NetBIOS defaults fix - Fix default host keytab retrieval permissions * Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 4.11.1-1.2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 4.11.1-1.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Wed Jan 10 2024 Alexander Bokovoy <abokovoy@redhat.com> - 4.11.1-1 - Security release: CVE-2023-5455 - Resolves: rhbz#2257646 * Wed Nov 08 2023 Alexander Bokovoy <abokovoy@redhat.com> - 4.11.0-7 - ipalib: fix the IPACertificate validity dates (python 3.12 compatibility) - Handle PKI revocation response differences in JSON API - Allow removal of minimal length from a custom password policy * Mon Oct 23 2023 Alexander Bokovoy <abokovoy@redhat.com> - 4.11.0-6 - Adopt trust to AD code to Samba changes in case SIDs are malformed * Tue Oct 03 2023 Alexander Bokovoy <abokovoy@redhat.com> - 4.11.0-5 - FreeIPA 4.11.0 release - Simplify Fedora spec file - Release notes: https://www.freeipa.org/release-notes/4-11-0.html * Mon Sep 18 2023 Alexander Bokovoy <abokovoy@redhat.com> - 4.11.0-4.beta1 - Depend on selinux-policy-38.28-1.fc39 - Add SELinux policy for passkey_child to be used without ipa-otpd - Related: rhbz#2238474 * Tue Sep 12 2023 Alexander Bokovoy <abokovoy@redhat.com> - 4.11.0-3.beta1 - Restore properly SELinux context during IPA client uninstallation - Related: rhbz#2238474 * Tue Sep 12 2023 Alexander Bokovoy <abokovoy@redhat.com> - 4.11.0-2.beta1 - Set 'sssd_use_usb' SELinux boolean when enrolling IPA client - Resolves: rhbz#2238474 * Mon Aug 21 2023 Alexander Bokovoy <abokovoy@redhat.com> - 4.11.0-1.beta1 - FreeIPA 4.11.0 beta 1 - Release notes: https://www.freeipa.org/release-notes/4-11-0-beta.html
/usr/share/selinux/packages/targeted/ipa-nfast.pp.bz2 /var/lib/selinux/targeted/active/modules/200/ipa-nfast
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Oct 21 05:35:13 2025