ipa-selinux-nfast-4.12.2-1.el9> M Mv ĉJ4!!%joLne)Ip-Bm5 ']g'^releng@rockylinux.org p-Bm5 ']qĦ%Wd[%(4onaVJfxu6Ϻ3/dUxUK«aVF/Cݶ0zbo$hpeOAŐ>q3||,U NmL&88Ӱ|OR'}6$8;K**)KP)S}R4TlZL V)8 xoCy`YY{3 w g ̅lT9Ҍȭ>dN$Χ3g|P*3#?ZGWv1ΚUF yx7옠;umQ[80Mo5)jdBc,DqA+ɯLQWE솾 ױK'%QS(3в=1v}EI)69քJ0IÉ 凳JCpe8EiQ.vV9VvfkaB[u_E!,ع3f D&ॳqR*N&7bf15a6e461a9f81cf3d5975af5a5202aef85202ce8edc966610c82938570a045b15f5e4ce58656a9797087b9983b4b86d5a2d5eet8e3/ae*)X>>:?:d ! O =Iagn      4 h n (894: >7|@7G7H7I7X7Y7\7]7^7b8+d9e9f9l9t9u9v9::: :L:PCipa-selinux-nfast4.12.21.el9FreeIPA SELinux policy for nCipher nfast HSMsCustom SELinux policy module for nCipher nfast HSMsg'Zpb-67b63646-9cff-4b85-8f07-6543bd5de663-b-i686(2Rocky Linux 9.5Rocky Enterprise Software FoundationGPL-3.0-or-laterRocky Linux Build System (Peridot) Unspecifiedhttp://www.freeipa.org/linuxnoarch if [ -e /etc/selinux/config ]; then . /etc/selinux/config fi _policytype=targeted if [ -z "${_policytype}" ]; then _policytype="targeted" fi if [ "${SELINUXTYPE}" = "${_policytype}" ]; then /usr/sbin/semodule -n -s ${_policytype} -X 200 -i /usr/share/selinux/packages/targeted/ipa-nfast.pp.bz2 || : /usr/sbin/selinuxenabled && /usr/sbin/load_policy || : fiif [ $1 -eq 0 ]; then if [ -e /etc/selinux/config ]; then . /etc/selinux/config fi _policytype=targeted if [ -z "${_policytype}" ]; then _policytype="targeted" fi if [ $1 -eq 0 ]; then if [ "${SELINUXTYPE}" = "${_policytype}" ]; then /usr/sbin/semodule -n -X 200 -s ${_policytype} -r ipa-nfast &> /dev/null || : /usr/sbin/selinuxenabled && /usr/sbin/load_policy || : fi fi fi(2g'rg'ȅ4c4af30060d1619831cb3e78466cda34c5524aa1a408b22a350dac65fa06d612@rootrootrootrootipa-4.12.2-1.el9.src.rpmipa-selinux-nfast     /bin/sh/bin/shlibselinux-utilspolicycoreutilspolicycoreutils-python-utilsrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsZstd)selinux-policyselinux-policy-baseselinux-policy-targetedselinux-policy-targeted3.0.4-14.6.0-14.0-15.4.18-138.1.45-3.el938.1.45-3.el94.16.1.3ff@fffff`S@f_fWf0@f@e@eԔ@eN@eeeie[J@eH@ed d@dr@dcc&@cc@c#@c@cWFlorence Blanc-Renaud - 4.12.2-1Florence Blanc-Renaud - 4.12.0-7Florence Blanc-Renaud - 4.12.0-6Florence Blanc-Renaud - 4.12.0-5Julien Rische - 4.12.0-4Florence Blanc-Renaud - 4.12.0-3Florence Blanc-Renaud - 4.12.0-2Florence Blanc-Renaud - 4.12.0-1Florence Blanc-Renaud - 4.11.0-11Florence Blanc-Renaud - 4.11.0-10Florence Blanc-Renaud - 4.11.0-9Florence Blanc-Renaud - 4.11.0-8Florence Blanc-Renaud - 4.11.0-72024 Florence Blanc-Renaud - 4.11.0-6Florence Blanc-Renaud - 4.11.0-5Florence Blanc-Renaud - 4.11.0-4Florence Blanc-Renaud - 4.11.0-3Florence Blanc-Renaud - 4.11.0-2Florence Blanc-Renaud - 4.11.0-1Florence Blanc-Renaud - 4.10.2-4Florence Blanc-Renaud - 4.10.2-3Florence Blanc-Renaud - 4.10.2-2Florence Blanc-Renaud - 4.10.2-1Florence Blanc-Renaud - 4.10.1-6Florence Blanc-Renaud - 4.10.1-5Florence Blanc-Renaud - 4.10.1-4Alexander Bokovoy - 4.10.1-3Florence Blanc-Renaud - 4.10.1-2Florence Blanc-Renaud - 4.10.1-1Rafael Jeffman - 4.10.0-7- Resolves: RHEL-54546 Covscan issues: Resource Leak - Resolves: RHEL-49602 misleading warning for missing ipa-selinux-nfast package on luna hsm h/w - Resolves: RHEL-40359 With unreachable AD, ipa trust returns an internal error- Resolves: RHEL-53500 adtrustinstance only prints issues in check_inst() and does not log them - Resolves: RHEL-52306 Unconditionally add MS-PAC to global config - Resolves: RHEL-52300 RFE - Keep the configured value for the "nsslapd-ignore-time-skew" after a "force-sync" - Resolves: RHEL-52222 ipa-replica/server-install with softhsm needs to check permission/ownership of /var/lib/softhsm/tokens to avoid install failure - Resolves: RHEL-51944 Include latest fixes in python3-ipatests packages - Resolves: RHEL-50804 ipa-migrate -Z with invalid cert options fails with 'ValueError: option error' - Resolves: RHEL-49602 misleading warning for missing ipa-selinux-nfast package on luna hsm h/w - Resolves: RHEL-27856 'Unable to log in as uid=admin-replica.testrealm.test,ou=people,o=ipaca' during replica install- Resolves: RHEL-47292 Include latest fixes in python3-ipatests packages - Resolves: RHEL-47146 Syntax error uninstalling the selinux-luna subpackage - Resolves: RHEL-46009 ipa-migrate with -Z option fails with ValueError: option error - Resolves: RHEL-46003 ipa-migrate -V options fails to display version - Resolves: RHEL-45463 ipa-migrate stage-mode is failing with error: Modifying a mapped attribute in a managed entry is not allowed - Resolves: RHEL-40890 ipa-server-install: token_password_file read in kra.install_check after calling hsm_validator in ca.install_check - Resolves: RHEL-40661 Adjust "ipa config-mod --addattr ipaconfigstring=EnforceLDAPOTP" to allow for non OTP users in some cases- Resolves: RHEL-37285 IPA Web UI not showing replication agreement for non-admin users - Resolves: RHEL-42703 PSKC.xml issues with ipa_otptoken_import.py - Resolves: RHEL-41194 ipa-client rpm post script creates always ssh_config.orig even if nothing needs to be changed - Resolves: RHEL-39477 kdc.crt certificate not getting automatically renewed by certmonger in IPA Hidden replica - Resolves: RHEL-46559 Include latest fixes in python3-ipatests packages - Resolves: RHEL-22188 [RFE] Allow IPA SIDgen task to continue if it finds an entity that SID can't be assigned to- Resolves: RHEL-29928 CVE-2024-3183 freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force - Resolves: RHEL-29691 CVE-2024-2698 freeipa: delegation rules allow a proxy service to impersonate any user to access another target service- Related: RHEL-34809 temporarily revert a commit that depends on newer version of python-jwcrypto- Resolves: RHEL-39950 ipa-client can't be installed because of a missing dependency- Resolves: RHEL-39140 Rebase ipa to the latest 4.12 version for RHEL 9.5 - Resolves: RHEL-34757 The change for preventing deletion of the admin user caused a regression in disable - Resolves: RHEL-30553 Depend on nfsv4-client-utils or nfs-utils - Resolves: RHEL-29762 IPA sidgen fails to create SID for manually set ID for a new range [rhel-9.5.0] - Resolves: RHEL-26261 Fix replica connection check for use with AD administrator - Resolves: RHEL-18062 ipa ca-show NAME --certificate-out=file creates empty file when NAME does not exist - Resolves: RHEL-12149 traceback in ipaserver/dcerpc.py - Resolves: RHEL-4810 [RFE] FreeIPA-to-FreeIPA migration - Resolves: RHEL-4807 [RFE] Support in IPA for HSM boxes- Resolves: RHEL-33645 - Update samba to version 4.20.0- Resolves: RHEL-23377 Enforce OTP for ldap bind (in some scenarios) - Resolves: RHEL-29745 Unable to re-add broken AD trust - NT_STATUS_INVALID_PARAMETER - Resolves: RHEL-30905 Backport latest test fixes in ipa- Resolves: RHEL-28258 vault fails on non-fips client if server is in FIPS mode - Resolves: RHEL-26154 ipa: freeipa: specially crafted HTTP requests potentially lead to DoS or data exposure- Resolves: RHEL-12143 'ipa vault-add is failing with ipa: ERROR: an internal error has occurred in FIPS mode - Resolves: RHEL-25738 ipa-kdb: Cannot determine if PAC generator is available- Resolves: RHEL-25260 tier-1-upstream-dns-locations failed on RHEL8.8 gating - Resolves: RHEL-25738 ipa-kdb: Cannot determine if PAC generator is available - Resolves: RHEL-25815 Backport latest test fixes in python3-ipatests- Resolves: RHEL-23627 IPA stops working if HTTP/... service principal was created before FreeIPA 4.4.0 and never modified - Resolves: RHEL-23625 sidgen plugin does not ignore staged users - Resolves: RHEL-23621 session cookie can't be read - Resolves: RHEL-22372 Gating-DL1 test failure in test_integration/test_dns_locations.py::TestDNSLocations::()::test_ipa_ca_records - Resolves: RHEL-21809 CA less servers are failing to be added in topology segment for domain suffix - Resolves: RHEL-17996 Memory leak in IdM's KDC- Resolves: RHEL-12589 ipa: Invalid CSRF protection - Resolves: RHEL-19748 ipa hbac-test did not report that it hit an arbitrary search limit - Resolves: RHEL-21059 'DogtagCertsConfigCheck' fails, displaying the error message 'Malformed directive: ca.signing.certnickname=caSigningCert cert-pki-ca' - Resolves: RHEL-21804 ipa client 4.10.2 - Failed to obtain host TGT - Resolves: RHEL-21809 CA less servers are failing to be added in topology segment for domain suffix - Resolves: RHEL-21810 ipa-client-install --automount-location does not work - Resolves: RHEL-21811 Handle change in behavior of pki-server ca-config-show in pki 11.5.0 - Resolves: RHEL-21812 Backport latest test fixes in ipa - Resolves: RHEL-21813 krb5kdc fails to start when pkinit and otp auth type is enabled in ipa - Resolves: RHEL-21815 IPA 389ds plugins need to have better logging and tracing - Resolves: RHEL-21937 Make sure a default NetBIOS name is set if not passed in by ADTrust instance constructor- Resolves: RHEL-16985 Handle samba 4.19 changes in samba.security.dom_sid()- Resolves: RHEL-14428 healthcheck reports nsslapd-accesslog-logbuffering is set to 'off'- Resolves: RHEL-14292 Backport latest test fixes in python3-ipatests - Resolves: RHEL-15443 Server install: failure to install with externally signed CA because of timezone issue - Resolves: RHEL-15444 Minimum length parameter in pwpolicy cannot be removed with empty string - Resolves: RHEL-14842 Upstream xmlrpc tests are failing in RHEL9.4- Resolves: RHEL-11652 Rebase ipa to latest 4.11.x version for RHEL 9.4- Resolves: rhbz#2231847 RHEL 8.8 & 9.2 fails to create AD trust with STIG applied - Resolves: rhbz#2232056 Include latest test fixes in python3-ipatests- Resolves: rhbz#2229712 Delete operation protection for admin user - Resolves: rhbz#2227831 Interrupt request processing in ipadb_fill_info3() if connection to 389ds is lost - Resolves: rhbz#2227784 libipa_otp_lasttoken plugin memory leak - Resolves: rhbz#2224570 Improved error messages are needed when attempting to add a non-existing idp to a user - Resolves: rhbz#2230251 Backport latest test fixes to python3-ipatests- Resolves: rhbz#2192969 Better handling of the command line and web UI cert search and/or list features - Resolves: rhbz#2214933 Uninstalling of the IPA server is encountering a failure during the unconfiguration of the CA (Unconfiguring CA) - Resolves: rhbz#2216114 After updating the RHEL from 8.7 to 8.8, IPA services fails to start - Resolves: rhbz#2216549 Upgrade to 4.9.10-6.0.1 fails: attributes are managed by topology plugin - Resolves: rhbz#2216611 Backport latest test fixes in python3-ipatests - Resolves: rhbz#2216872 User authentication failing on OTP validation using multiple tokens, succeeds with password only- Resolves: rhbz#2196426 [Rebase] Rebase ipa to latest 4.10.x release for RHEL 9.3 - Resolves: rhbz#2192969 Better handling of the command line and web UI cert search and/or list features - Resolves: rhbz#2192625 Better catch of the IPA web UI event "IPA Error 4301:CertificateOperationError", and IPA httpd error CertificateOperationError - Resolves: rhbz#2188567 IPA client Kerberos configuration incompatible with java - Resolves: rhbz#2182683 Tolerate absence of PAC ticket signature depending of domain and servers capabilities [rhel-9] - Resolves: rhbz#2180914 Sequence processing failures for group_add using server context - Resolves: rhbz#2165880 Add RBCD support to IPA - Resolves: rhbz#2160399 get_ranges - [file ipa_sidgen_common.c, line 276]: Failed to convert LDAP entry to range struct- Resolves: rhbz#2169632 Backport latest test fixes in python3-ipatests- Resolves: rhbz#2162656 Passwordless (GSSAPI) SSH not working for subdomain - Resolves: rhbz#2166326 Removing the last DNS type for ipa-ca does not work - Resolves: rhbz#2167473 RFE - Add a warning note about possible performance impact of the Auto Member rebuild task - Resolves: rhbz#2168244 requestsearchtimelimit=0 doesn't seems to be work with ipa-acme-manage pruning command- Resolves: rhbz#2161284 'ERROR Could not remove /tmp/tmpbkw6hawo.ipabkp' can be seen prior to 'ipa-client-install' command was successful - Resolves: rhbz#2164403 ipa-trust-add with --range-type=ipa-ad-trust-posix fails while creating an ID range - Resolves: rhbz#2162677 RFE: Implement support for PKI certificate and request pruning - Resolves: rhbz#2167312 - Backport latest test fixes in python3-ipatests- Rebuild against krb5 1.20.1 ABI - Resolves: rhbz#2155425- Resolves: rhbz#2148887 MemberManager with groups fails - Resolves: rhbz#2150335 idm:client is missing dependency on krb5-pkinit- Resolves: rhbz#2141315 [Rebase] Rebase ipa to latest 4.10.x release for RHEL 9.2 - Resolves: rhbz#2094673 ipa-client-install should just use system wide CA store and do not specify TLS_CACERT in ldap.conf - Resolves: rhbz#2117167 After leapp upgrade on ipa-client ipa-server package installation failed. (`REQ_FULL_WITH_MEMBERS` returns object from wrong domain) - Resolves: rhbz#2127833 Password Policy Grace login limit allows invalid maximum value - Resolves: rhbz#2143224 [RFE] add certificate support to ipa-client instead of one time password - Resolves: rhbz#2144736 vault interoperability with older RHEL systems is broken - Resolves: rhbz#2148258 ipa-client-install does not maintain server affinity during installation - Resolves: rhbz#2148379 Add warning for empty targetattr when creating ACI with RBAC - Resolves: rhbz#2148380 OTP token sync always returns OK even with random numbers - Resolves: rhbz#2148381 Deprecated feature idnssoaserial in IdM appears when creating reverse dns zones - Resolves: rhbz#2148382 Introduction of URI records for kerberos breaks location functionality- Resolves: rhbz#2124547 Attempt to log in as "root" user with admin's password in Web UI does not properly fail - Resolves: rhbz#2137555 Attempt to log in as "root" user with admin's password in Web UI does not properly fail [rhel-9.1.0.z]/bin/sh/bin/sh4.12.2-1.el9ipa-nfast.pp.bz2ipa-nfast/usr/share/selinux/packages/targeted//var/lib/selinux/targeted/active/modules/200/-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m32 -march=i686 -mtune=generic -msse2 -mfpmath=sse -mstackrealign -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protectioncpiozstd19i686-redhat-linux-gnuutf-8ce2a89d999cbcea74d3a26559eb652ca66762eaf288f172f866d5666dd9ff68afa56785080386653b730b60b8ab819992a5a4be889972b1c6c8ca9b60923ff73? (/h=3S071081a4016727c87228337./usr/share/selinux/packages/targeted/ipa-nfast.pp.bz2BZh91AY&SYUj7_dݏ8=炁ψ> =xf 6S4=MLOHzIM!OhUPa@hdh4 @b@hhh 2H!! 4dFji%&@$RSFѣ@2z@hhѣAF@h@z = h=L2d 4AA  "h2 1hdi #@d *zs}P(b llOVG/GW&!_R)Q0|j3V`*УsJ' plN1sY{XN/q;rhq8Ox|Xw`?_1d{{'o#/ACtTyΤHO1ISiM^W ʳgvfu]_owӻ==ǟ9j7EGM4:-FKUSU55z^[6;*͝fk7;݅ET g w!@Hu o6ƓS놶GV@PY&Yq!(A A_eD6$!(.|Y{fi"A'+86@ kP sW$ֿA$=ۉf4N$@]PI$ ۾W4h =Qft4g3Q[BXE0,'ɾIYæ,ɍ f1p5. $K@([T@Y* %EfʪcL~Lۗ-ZXU[u8|:`|5FMim5QE_$(6Oj }zZ6RJ(kZֶ `~'|}xWN֓H",! J6lCb؉؈g|1Ni@Vq o )x-iO/~N3|`Js\@A8k 5kPP88wRi .͖ q۸-|Q0&;M1?grtcQsύ˵Cv4'= (21z  v`%z@;Y8w  κ<@Qx]k$p^9l~P~\喳۵)JrB֖, Ly23QoF Tni\BHC PW*@OE?DLT\[V>ľcfla9vsV98Sl[Ǐ$IC0Ǎ5~WD(ՎV bcKv"0ARu5&_šp(JKпxmjąɍ)AMg .8 a@8OFc$DL7Y^?]x̭G2`(! 6Ch| 0,Rw3hHF&q9Z֗JY5SKPEX(hm miqfZ-G% Sqy 'Lx8!.ZUVZT+p ,P@0EmPUCl`XCBmlMd67c. ڮ!PEaH0DfC2!&,SC2Gq76x QEJ5gxؘ'<! VPcOG@EB7aH[aJxe4(]α4a .|сax8^@c Ѝ @'L!#!I%B $,ICJIH0!]P8i"XAV`ZwP5GGdpD#F\F /{єu-4oƶi14}ޘ5K\= qr8f*^PWW{hk8G/y'Ȥr".kWoכKס`6oa9 G#zX 6`qm&6`qY)*x0'( %r{:y=MgtT$ HF]'|[vVe\8{\wpYͨV 5ͺsU9]iOm"UPEr8Iﺏ^=z%ް{F#':wm{؍CUN%]_zu%޶wFӭw{ӽ:}aqj+ޝIT}ޕMwF}m}u=v=bב 9W{Y9+.;yJ]wɒ9Iq;G,ȩ^Wx%=!GKqY\ ʑ r]bdz:װ׷zwj;W{>FF;޾A;5h;{[VQ0m"5>w]z6Em U!䧀{{n}z緷mOW-1UTyUV'|).jjIfD<\ڏ|%rܻm q֥Ž܎%(aڒso;V#amm0j66!mCIkQ`$L5mH6DE[`#Qib94&sF׶IxBfdN-2xj}嘌l\>e^{;I"ģ|i}ɫ]qpyaTseqV;n:|&G-V{uJVQ|X1O <j9L7Xi j5io0mbm 5KKq!5 9Ćj8L[f'0Q={ol/P3"ws\mU'w^-;ʪWY@TW;Idx&ٜΰ*KߕwqO뵙=Z!U(T%b:]KEt^^<CN;\ʙkiej5IUP]ݠpƐcJ`K1fYl16RVYʪx0,@hqg\iM6 i£'(BS ݿ(T)-M1 r1-Ir!""k.T"K]yk^ur*!CSF)"Zq-ZD 0pBHlV%NDKiorPP@J@l4MD6L  j'ňD!C"!DF 0/U>D2@[ QMa{܇03-AI 9x0)` eQZq?K߶<ϴۖ{ܙ}uÎ랗>ԩNnuc\t\1+yǮ2_]ěnMƥcбLר&c`D B wq`  .r^M+ߕ\6ƌqي$ֱZԞ&9< QX޵HA"fhc2}`R̽u^ԮT@P. E Q~ݍB XMCi@qzFUAeqDA59Kh4jg1/ol\Z.3A&gjЄy @כcdig`P`C F.BSU [P' spTz ,BkHka=d21(s-e,lln3q,S#xs`<ho|9ZT<0g&Kh*`ʔ:1 ,HӒ:%>0%G: @B0֐b&46oR#@(n$̡mA d'9J3ޭA|"I!W} cd-6K&UU"A /4W79llmn9HtϘ?MbW!7q@lX òX40cI䘀,arVeǐT{{iD68Z6*]mHМ+M@6qKȢWb_A`z\Y\C/'KyPIugFXM1Д( =iB#2"nE  Kx1l$a*_շ!>N TLr]EkIk&F8ƆREO`@ d@"cW:?:s0 $D} |6"2H\p!G|kfb€0 }֤ IIQ DlQWP_͞*Kp22،7F+HL,p.J o 3BIdcd<,<#y΋{J[? Z<ɐMPL80h-M6S!Z*|z"<=3n 0 V6 #.n;@c=fX;axJ `6Ȁq ÈbD )+PB yRxq0^ @3dXhZR["| %Jlp0!A&d;h L> {-sB&$2 pfCt(nmTitI N5c]8GQ0p}8w. Q@ LfkSH1 N ߭13ݗ]@4 ke08KZohEօe2;N[+=/JιxDdE2IU蒙f#B87PgF!L%)Uꚺ(1F)PT]  BM46R`;RI .AuUֶ)DZ;Z@mۈySKǐ!* `J dK2qۼ-SxCTpd1LJ؁18"A uN\5 (0w`BMNTTd$=2?:,lDO$з1rD)p;nAbPB?Y_y[$F:-9 JZ3^"I8?Xbe 561NƬ>c8<Ơp7R:R|.az$wF)nm2B׊@ Ԓ @ ^Mq;m{o^wf!!ywfwckV!"zLq-]Ğlo.ycerHAH&&t6 |]xA 4(!4mc-B֒b@0L$`($vQZe( lﭵ& d $LVSę@`0J kqeeľnnm6c *V0(cZKz#/ %BQUHFYڅcC'WRF)B~+U2C8 ц̫%6nSjn&gl3X/6(L #C[lF,q$n HDD#|ŚH"_ 3{m !U뼓R腳c&bP B雐P6l,ƠSO:u 1I$ L&b㦘((HH!G  M lMc!  Q&NajAdXGW `mL7海ADp.xBBAuba4@qRJ-!BA.Y,TT#p#,FX3cS);-SS8}۸ FHF7]8*z@ 3P0;xbgfk^4e`}M5(w I֨R9a (j6spU!$[5$• HKtuWa}ŁЅ̄6IHmTLcYDQ(J 0qDQ41cКH  SbTRAILER!!!y(@6c dP$1+4J9' o(dLd6#0΀fa@t[npPҼEHّ}ƚ]~]P`a);JCT4p-hNOpEzV$ؖ 5=1.9$ԃzE:?HV' {ڣ"]$*#S 17 83h&ZYʅu{90}ip s$؁i2w9!@LBs;[PB{ƺa7 ร