| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search | 
| Name: ipa-selinux-nfast | Distribution: CentOS | 
| Version: 4.12.2 | Vendor: CentOS | 
| Release: 21.el9 | Build date: Tue Aug 19 01:25:37 2025 | 
| Group: Unspecified | Build host: aarch64-06.stream.rdu2.redhat.com | 
| Size: 10290 | Source RPM: ipa-4.12.2-21.el9.src.rpm | 
| Packager: builder@centos.org | |
| Url: http://www.freeipa.org/ | |
| Summary: FreeIPA SELinux policy for nCipher nfast HSMs | |
Custom SELinux policy module for nCipher nfast HSMs
GPL-3.0-or-later
* Mon Aug 18 2025 Rafael Jeffman <rjeffman@redhat.com> - 4.12.2-21 - Resolves: RHEL-109768 Revert allow update of Kerberos master key * Wed Jul 30 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-20 - Resolves: RHEL-106285 Incorrect use of external IdP GitHub trademark - Resolves: RHEL-106026 Include fixes in python3-ipatests package - Resolves: RHEL-105512 kdb: prevent double crash in RBCD ACL free - Resolves: RHEL-101707 ipatests: use "sos report" instead of "sosreport" command - Resolves: RHEL-101544 ipa-client-encrypted-dns does not ensure bind-utils >= 9.18 for DoT-compatible nsupdate - Resolves: RHEL-100450 eDNS: multiple issues during encrypted DNS setup * Thu Jun 26 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-19 - Resolves: RHEL-100450 eDNS: multiple issues during encrypted DNS setup - Resolves: RHEL-89907 Privilege escalation from host to domain admin in FreeIPA - Resolves: RHEL-99315 Include latest fixes in python3-ipatests package - Resolves: RHEL-98565 ipa-idrange-fix: 'Env' object has no attribute 'basedn' - Resolves: RHEL-96920 Nightly test failure (rawhide) in test_trust.py::TestTrust::test_server_option_with_unreachable_ad - Resolves: RHEL-31907 kdb: support storing and retrieving multiple master keys * Wed Jun 11 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-18 - Related: RHEL-89873 * Wed Jun 04 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-17 - Resolves: RHEL-95010 [RFE] Give warning when adding user with UID out of any ID range - Resolves: RHEL-93890 Include latest fixes in python3-ipatests package - Resolves: RHEL-93887 ipa idrange-add --help should be more clear about required options - Resolves: RHEL-93483 Unable to modify IPA config; --ipaconfigstring="" causes internal error - Resolves: RHEL-88834 kdb: ipadb_get_connection() succeeds but returns null LDAP context - Resolves: RHEL-68800 ipa-migrate with LDIF file from backup of remote server, fails with error 'change collided with another change' * Tue Apr 29 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-16 - Resolves: RHEL-88900 [RFE] Add check on CA cert expiry for ipa-cert-fix - Resolves: RHEL-88037 Server installation: dot-forwarder not added as a forwarder - Resolves: RHEL-86483 Include latest fixes in python3-ipatests package - Resolves: RHEL-41178 ipa-sidgen: fix memory leak in ipa_sidgen_add_post_op() * Tue Mar 25 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-15 - Resolves: RHEL-84481 Protect all IPA service principals - Resolves: RHEL-84277 [RFE] IDM support UIDs up to 4,294,967,293 - Resolves: RHEL-84276 Ipa client --raw --structured throws internal error - Resolves: RHEL-82707 Search size limit tooltip has Search time limit tooltip text - Resolves: RHEL-82089 IPU 9 -> 10: ipa-server breaks the in-place upgrade due to failed scriptlet - Resolves: RHEL-68800 ipa-migrate with LDIF file from backup of remote server, fails with error 'change collided with another change' - Resolves: RHEL-30658 ipa-cacert-manage install fails with CAs having the same subject DN (subject key mismatch info) * Thu Mar 20 2025 Thomas Woerner <twoerner@redhat.com> - 4.12.2-14 - Resolves: RHEL-80345 Use new bind9.18-dyndb-ldap and bind9.18 only for DNS over TLS with the ipa-server-encrypted-dns package * Wed Feb 12 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-13 - Resolves: RHEL-67913 Add DNS over TLS Support * Tue Feb 11 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-12 - Resolves: RHEL-78726 ipa-server-install failing on slow hsm * Tue Feb 11 2025 Thomas Woerner <twoerner@redhat.com> - 4.12.2-11 - Resolves: RHEL-67913 Add DNS over TLS Support, Require bind9.18 32:9.18.29-2 and new bind-dyndb-ldap 11.11-1 * Tue Jan 28 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-10 - Resolves: RHEL-73022 A slow HSM can cause IPA server installation to fail setting up certificate tracking * Tue Jan 21 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-9 - Resolves: RHEL-74465 kinit with external idp user is failing - Resolves: RHEL-75656 Include latest fixes in python3-ipatests package * Thu Jan 16 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-8 - Resolves: RHEL-73022 A slow HSM can cause IPA server installation to fail setting up certificate tracking [rhel-9] - Resolves: RHEL-71261 [RHEL-9.6] Include latest fixes in python3-ipatests package - Resolves: RHEL-67191 CVE-2024-11029 ipa: Administrative user data leaked through systemd journal [rhel-9.6] - Resolves: RHEL-59040 KRA installation failure caused by a certificate mismatch in NSS DB and configuration file. * Wed Dec 11 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-7 - Resolves: RHEL-70760 Fix typo in ipa-migrate log file i.e 'Privledges' to 'Privileges' - Resolves: RHEL-70481 ipa-server-upgrade fails after established trust with ad - Resolves: RHEL-69927 add support for python cryptography 44.0.0 - Resolves: RHEL-69908 All user groups are not being included during HSM token validation - Resolves: RHEL-69900 Upgrade to ipa-server-4.12.2-1.el9 OTP-based bind to LDAP without enforceldapotp is broken * Wed Nov 27 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-6 - Resolves: RHEL-68448 ipa trust-add fails in FIPS mode with an internal error has occurred - Resolves: RHEL-69301 Support GSSAPI in Cockpit on IPA servers * Wed Nov 20 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-5 - Resolves: RHEL-67414 ipa dns-zone --allow-query '!198.18.2.0/24;any;' fails with Unrecognized IPAddress flags - Resolves: RHEL-67410 ipa-migrate should also migrate DNS forward zones - Resolves: RHEL-67409 ipa-migrate in stage mode fails with TypeError: 'NoneType' object is not iterable - Resolves: RHEL-66964 Include latest fixes in python3-ipatests packages - Resolves: RHEL-64135 IDP configuration in the IdM WebUI shows Organization is required * Mon Nov 04 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-4 - Bump release for rebuild * Tue Oct 29 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-3 - Resolves: RHEL-61642 Uninstall ACME separately during PKI uninstallation * Mon Oct 21 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-2 - Related: RHEL-59788 Rebase Samba to the latest 4.21.x release - Resolves: RHEL-61642 Uninstall ACME separately during PKI uninstallation - Resolves: RHEL-56963 SSSD offline causing test-adtrust-install failure - Resolves: RHEL-56473 Include latest fixes in python3-ipatests packages - Resolves: RHEL-48104 Default hbac rules are duplicated on remote server post ipa-migrate in prod-mode - Resolves: RHEL-45330 [RFE] add a tool to quickly detect and fix issues with IPA ID ranges - Resolves: RHEL-40376 SID generation task is failing when SELinux is in Enforcing mode - Resolves: RHEL-4915 Last expired OTP token would be considered as still assigned to the user * Wed Aug 21 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-1 - Resolves: RHEL-54546 Covscan issues: Resource Leak - Resolves: RHEL-49602 misleading warning for missing ipa-selinux-nfast package on luna hsm h/w - Resolves: RHEL-40359 With unreachable AD, ipa trust returns an internal error * Thu Aug 08 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.0-7 - Resolves: RHEL-53500 adtrustinstance only prints issues in check_inst() and does not log them - Resolves: RHEL-52306 Unconditionally add MS-PAC to global config - Resolves: RHEL-52300 RFE - Keep the configured value for the "nsslapd-ignore-time-skew" after a "force-sync" - Resolves: RHEL-52222 ipa-replica/server-install with softhsm needs to check permission/ownership of /var/lib/softhsm/tokens to avoid install failure - Resolves: RHEL-51944 Include latest fixes in python3-ipatests packages - Resolves: RHEL-50804 ipa-migrate -Z with invalid cert options fails with 'ValueError: option error' - Resolves: RHEL-49602 misleading warning for missing ipa-selinux-nfast package on luna hsm h/w - Resolves: RHEL-27856 'Unable to log in as uid=admin-replica.testrealm.test,ou=people,o=ipaca' during replica install * Thu Jul 18 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.0-6 - Resolves: RHEL-47292 Include latest fixes in python3-ipatests packages - Resolves: RHEL-47146 Syntax error uninstalling the selinux-luna subpackage - Resolves: RHEL-46009 ipa-migrate with -Z option fails with ValueError: option error - Resolves: RHEL-46003 ipa-migrate -V options fails to display version - Resolves: RHEL-45463 ipa-migrate stage-mode is failing with error: Modifying a mapped attribute in a managed entry is not allowed - Resolves: RHEL-40890 ipa-server-install: token_password_file read in kra.install_check after calling hsm_validator in ca.install_check - Resolves: RHEL-40661 Adjust "ipa config-mod --addattr ipaconfigstring=EnforceLDAPOTP" to allow for non OTP users in some cases * Mon Jul 08 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.0-5 - Resolves: RHEL-37285 IPA Web UI not showing replication agreement for non-admin users - Resolves: RHEL-42703 PSKC.xml issues with ipa_otptoken_import.py - Resolves: RHEL-41194 ipa-client rpm post script creates always ssh_config.orig even if nothing needs to be changed - Resolves: RHEL-39477 kdc.crt certificate not getting automatically renewed by certmonger in IPA Hidden replica - Resolves: RHEL-46559 Include latest fixes in python3-ipatests packages - Resolves: RHEL-22188 [RFE] Allow IPA SIDgen task to continue if it finds an entity that SID can't be assigned to * Mon Jun 10 2024 Julien Rische <jrische@redhat.com> - 4.12.0-4 - Resolves: RHEL-29928 CVE-2024-3183 freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force - Resolves: RHEL-29691 CVE-2024-2698 freeipa: delegation rules allow a proxy service to impersonate any user to access another target service * Wed Jun 05 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.0-3 - Related: RHEL-34809 temporarily revert a commit that depends on newer version of python-jwcrypto * Tue Jun 04 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.0-2 - Resolves: RHEL-39950 ipa-client can't be installed because of a missing dependency * Wed May 29 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.0-1 - Resolves: RHEL-39140 Rebase ipa to the latest 4.12 version for RHEL 9.5 - Resolves: RHEL-34757 The change for preventing deletion of the admin user caused a regression in disable - Resolves: RHEL-30553 Depend on nfsv4-client-utils or nfs-utils - Resolves: RHEL-29762 IPA sidgen fails to create SID for manually set ID for a new range [rhel-9.5.0] - Resolves: RHEL-26261 Fix replica connection check for use with AD administrator - Resolves: RHEL-18062 ipa ca-show NAME --certificate-out=file creates empty file when NAME does not exist - Resolves: RHEL-12149 traceback in ipaserver/dcerpc.py - Resolves: RHEL-4810 [RFE] FreeIPA-to-FreeIPA migration - Resolves: RHEL-4807 [RFE] Support in IPA for HSM boxes * Tue Apr 30 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-11 - Resolves: RHEL-33645 - Update samba to version 4.20.0 * Fri Mar 29 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-10 - Resolves: RHEL-23377 Enforce OTP for ldap bind (in some scenarios) - Resolves: RHEL-29745 Unable to re-add broken AD trust - NT_STATUS_INVALID_PARAMETER - Resolves: RHEL-30905 Backport latest test fixes in ipa * Thu Mar 07 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-9 - Resolves: RHEL-28258 vault fails on non-fips client if server is in FIPS mode - Resolves: RHEL-26154 ipa: freeipa: specially crafted HTTP requests potentially lead to DoS or data exposure * Tue Feb 20 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-8 - Resolves: RHEL-12143 'ipa vault-add is failing with ipa: ERROR: an internal error has occurred in FIPS mode - Resolves: RHEL-25738 ipa-kdb: Cannot determine if PAC generator is available * Fri Feb 16 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-7 - Resolves: RHEL-25260 tier-1-upstream-dns-locations failed on RHEL8.8 gating - Resolves: RHEL-25738 ipa-kdb: Cannot determine if PAC generator is available - Resolves: RHEL-25815 Backport latest test fixes in python3-ipatests * Fri Feb 09 2024 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-6 - Resolves: RHEL-23627 IPA stops working if HTTP/... service principal was created before FreeIPA 4.4.0 and never modified - Resolves: RHEL-23625 sidgen plugin does not ignore staged users - Resolves: RHEL-23621 session cookie can't be read - Resolves: RHEL-22372 Gating-DL1 test failure in test_integration/test_dns_locations.py::TestDNSLocations::()::test_ipa_ca_records - Resolves: RHEL-21809 CA less servers are failing to be added in topology segment for domain suffix - Resolves: RHEL-17996 Memory leak in IdM's KDC * Thu Jan 18 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-5 - Resolves: RHEL-12589 ipa: Invalid CSRF protection - Resolves: RHEL-19748 ipa hbac-test did not report that it hit an arbitrary search limit - Resolves: RHEL-21059 'DogtagCertsConfigCheck' fails, displaying the error message 'Malformed directive: ca.signing.certnickname=caSigningCert cert-pki-ca' - Resolves: RHEL-21804 ipa client 4.10.2 - Failed to obtain host TGT - Resolves: RHEL-21809 CA less servers are failing to be added in topology segment for domain suffix - Resolves: RHEL-21810 ipa-client-install --automount-location does not work - Resolves: RHEL-21811 Handle change in behavior of pki-server ca-config-show in pki 11.5.0 - Resolves: RHEL-21812 Backport latest test fixes in ipa - Resolves: RHEL-21813 krb5kdc fails to start when pkinit and otp auth type is enabled in ipa - Resolves: RHEL-21815 IPA 389ds plugins need to have better logging and tracing - Resolves: RHEL-21937 Make sure a default NetBIOS name is set if not passed in by ADTrust instance constructor * Fri Dec 01 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-4 - Resolves: RHEL-16985 Handle samba 4.19 changes in samba.security.dom_sid() * Mon Nov 20 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-3 - Resolves: RHEL-14428 healthcheck reports nsslapd-accesslog-logbuffering is set to 'off' * Mon Nov 06 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-2 - Resolves: RHEL-14292 Backport latest test fixes in python3-ipatests - Resolves: RHEL-15443 Server install: failure to install with externally signed CA because of timezone issue - Resolves: RHEL-15444 Minimum length parameter in pwpolicy cannot be removed with empty string - Resolves: RHEL-14842 Upstream xmlrpc tests are failing in RHEL9.4 * Fri Oct 06 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-1 - Resolves: RHEL-11652 Rebase ipa to latest 4.11.x version for RHEL 9.4
/usr/share/selinux/packages/targeted/ipa-nfast.pp.bz2 /var/lib/selinux/targeted/active/modules/200/ipa-nfast
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Oct 21 05:16:11 2025