ipa-selinux-nfast-4.12.2-1.el9_5.2> M Mv ĉJ4!!%joLne)Ip-Bm5 ']gbWreleng@rockylinux.org p-Bm5 ']mO(3)4=iN3,_DTEp!\I^0<g(RO {|klB}y?}#o-+)}MԚqA<\eⅲdl ;W̎y.G<@c4#~023K!ꂻrZ/])VoOndA/ _ӽQz@)/sJ_,Mc5v &q\151Ï Ԩ3d!x'+D%튍wq3^pUz Cw2e3s$r_vbNxIm!vQ˴auAK*\P[9i|+)X%1P(~BFv{13҈c_ox,MT0,0_ٷS|ɻ?B)tCR.`캕,nV{&2<*8761a5891a2bb61bc06b0b15d17a2238f0515caebe0cf2e46570fb8f84309d34e5aa32dd39a3d384247ec7143707c898eaa62f56`$+:՟V$)X>>61?6!d % S AMekr      (< p v (89@: $>3@3G3H3 I3(X3,Y30\3D]3L^3gb3d5Xe5]f5bl5et5|u5v555555Cipa-selinux-nfast4.12.21.el9_5.2FreeIPA SELinux policy for nCipher nfast HSMsCustom SELinux policy module for nCipher nfast HSMsgbVpb-c6e15322-869e-4b59-a395-438e00f5fb23-b-i686(2Rocky Linux 9.5Rocky Enterprise Software FoundationGPL-3.0-or-laterRocky Linux Build System (Peridot) Unspecifiedhttp://www.freeipa.org/linuxnoarch if [ -e /etc/selinux/config ]; then . /etc/selinux/config fi _policytype=targeted if [ -z "${_policytype}" ]; then _policytype="targeted" fi if [ "${SELINUXTYPE}" = "${_policytype}" ]; then /usr/sbin/semodule -n -s ${_policytype} -X 200 -i /usr/share/selinux/packages/targeted/ipa-nfast.pp.bz2 || : /usr/sbin/selinuxenabled && /usr/sbin/load_policy || : fiif [ $1 -eq 0 ]; then if [ -e /etc/selinux/config ]; then . /etc/selinux/config fi _policytype=targeted if [ -z "${_policytype}" ]; then _policytype="targeted" fi if [ $1 -eq 0 ]; then if [ "${SELINUXTYPE}" = "${_policytype}" ]; then /usr/sbin/semodule -n -X 200 -s ${_policytype} -r ipa-nfast &> /dev/null || : /usr/sbin/selinuxenabled && /usr/sbin/load_policy || : fi fi fi(2gbVgbV4c4af30060d1619831cb3e78466cda34c5524aa1a408b22a350dac65fa06d612@rootrootrootrootipa-4.12.2-1.el9_5.2.src.rpmipa-selinux-nfast     /bin/sh/bin/shlibselinux-utilspolicycoreutilspolicycoreutils-python-utilsrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsZstd)selinux-policyselinux-policy-baseselinux-policy-targetedselinux-policy-targeted3.0.4-14.6.0-14.0-15.4.18-138.1.45-3.el9_538.1.45-3.el9_54.16.1.3gG g-@ff@fffff`S@f_fWf0@f@e@eԔ@eN@eeeie[J@eH@ed d@dr@dcc&@cc@c#@Florence Blanc-Renaud - 4.12.2-1.2Florence Blanc-Renaud - 4.12.2-1.1Florence Blanc-Renaud - 4.12.2-1Florence Blanc-Renaud - 4.12.0-7Florence Blanc-Renaud - 4.12.0-6Florence Blanc-Renaud - 4.12.0-5Julien Rische - 4.12.0-4Florence Blanc-Renaud - 4.12.0-3Florence Blanc-Renaud - 4.12.0-2Florence Blanc-Renaud - 4.12.0-1Florence Blanc-Renaud - 4.11.0-11Florence Blanc-Renaud - 4.11.0-10Florence Blanc-Renaud - 4.11.0-9Florence Blanc-Renaud - 4.11.0-8Florence Blanc-Renaud - 4.11.0-72024 Florence Blanc-Renaud - 4.11.0-6Florence Blanc-Renaud - 4.11.0-5Florence Blanc-Renaud - 4.11.0-4Florence Blanc-Renaud - 4.11.0-3Florence Blanc-Renaud - 4.11.0-2Florence Blanc-Renaud - 4.11.0-1Florence Blanc-Renaud - 4.10.2-4Florence Blanc-Renaud - 4.10.2-3Florence Blanc-Renaud - 4.10.2-2Florence Blanc-Renaud - 4.10.2-1Florence Blanc-Renaud - 4.10.1-6Florence Blanc-Renaud - 4.10.1-5Florence Blanc-Renaud - 4.10.1-4Alexander Bokovoy - 4.10.1-3Florence Blanc-Renaud - 4.10.1-2- Resolves: RHEL-69294 add a tool to quickly detect and fix issues with IPA ID ranges- Resolves: RHEL-66173 Last expired OTP token would be considered as still assigned to the user- Resolves: RHEL-54546 Covscan issues: Resource Leak - Resolves: RHEL-49602 misleading warning for missing ipa-selinux-nfast package on luna hsm h/w - Resolves: RHEL-40359 With unreachable AD, ipa trust returns an internal error- Resolves: RHEL-53500 adtrustinstance only prints issues in check_inst() and does not log them - Resolves: RHEL-52306 Unconditionally add MS-PAC to global config - Resolves: RHEL-52300 RFE - Keep the configured value for the "nsslapd-ignore-time-skew" after a "force-sync" - Resolves: RHEL-52222 ipa-replica/server-install with softhsm needs to check permission/ownership of /var/lib/softhsm/tokens to avoid install failure - Resolves: RHEL-51944 Include latest fixes in python3-ipatests packages - Resolves: RHEL-50804 ipa-migrate -Z with invalid cert options fails with 'ValueError: option error' - Resolves: RHEL-49602 misleading warning for missing ipa-selinux-nfast package on luna hsm h/w - Resolves: RHEL-27856 'Unable to log in as uid=admin-replica.testrealm.test,ou=people,o=ipaca' during replica install- Resolves: RHEL-47292 Include latest fixes in python3-ipatests packages - Resolves: RHEL-47146 Syntax error uninstalling the selinux-luna subpackage - Resolves: RHEL-46009 ipa-migrate with -Z option fails with ValueError: option error - Resolves: RHEL-46003 ipa-migrate -V options fails to display version - Resolves: RHEL-45463 ipa-migrate stage-mode is failing with error: Modifying a mapped attribute in a managed entry is not allowed - Resolves: RHEL-40890 ipa-server-install: token_password_file read in kra.install_check after calling hsm_validator in ca.install_check - Resolves: RHEL-40661 Adjust "ipa config-mod --addattr ipaconfigstring=EnforceLDAPOTP" to allow for non OTP users in some cases- Resolves: RHEL-37285 IPA Web UI not showing replication agreement for non-admin users - Resolves: RHEL-42703 PSKC.xml issues with ipa_otptoken_import.py - Resolves: RHEL-41194 ipa-client rpm post script creates always ssh_config.orig even if nothing needs to be changed - Resolves: RHEL-39477 kdc.crt certificate not getting automatically renewed by certmonger in IPA Hidden replica - Resolves: RHEL-46559 Include latest fixes in python3-ipatests packages - Resolves: RHEL-22188 [RFE] Allow IPA SIDgen task to continue if it finds an entity that SID can't be assigned to- Resolves: RHEL-29928 CVE-2024-3183 freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force - Resolves: RHEL-29691 CVE-2024-2698 freeipa: delegation rules allow a proxy service to impersonate any user to access another target service- Related: RHEL-34809 temporarily revert a commit that depends on newer version of python-jwcrypto- Resolves: RHEL-39950 ipa-client can't be installed because of a missing dependency- Resolves: RHEL-39140 Rebase ipa to the latest 4.12 version for RHEL 9.5 - Resolves: RHEL-34757 The change for preventing deletion of the admin user caused a regression in disable - Resolves: RHEL-30553 Depend on nfsv4-client-utils or nfs-utils - Resolves: RHEL-29762 IPA sidgen fails to create SID for manually set ID for a new range [rhel-9.5.0] - Resolves: RHEL-26261 Fix replica connection check for use with AD administrator - Resolves: RHEL-18062 ipa ca-show NAME --certificate-out=file creates empty file when NAME does not exist - Resolves: RHEL-12149 traceback in ipaserver/dcerpc.py - Resolves: RHEL-4810 [RFE] FreeIPA-to-FreeIPA migration - Resolves: RHEL-4807 [RFE] Support in IPA for HSM boxes- Resolves: RHEL-33645 - Update samba to version 4.20.0- Resolves: RHEL-23377 Enforce OTP for ldap bind (in some scenarios) - Resolves: RHEL-29745 Unable to re-add broken AD trust - NT_STATUS_INVALID_PARAMETER - Resolves: RHEL-30905 Backport latest test fixes in ipa- Resolves: RHEL-28258 vault fails on non-fips client if server is in FIPS mode - Resolves: RHEL-26154 ipa: freeipa: specially crafted HTTP requests potentially lead to DoS or data exposure- Resolves: RHEL-12143 'ipa vault-add is failing with ipa: ERROR: an internal error has occurred in FIPS mode - Resolves: RHEL-25738 ipa-kdb: Cannot determine if PAC generator is available- Resolves: RHEL-25260 tier-1-upstream-dns-locations failed on RHEL8.8 gating - Resolves: RHEL-25738 ipa-kdb: Cannot determine if PAC generator is available - Resolves: RHEL-25815 Backport latest test fixes in python3-ipatests- Resolves: RHEL-23627 IPA stops working if HTTP/... service principal was created before FreeIPA 4.4.0 and never modified - Resolves: RHEL-23625 sidgen plugin does not ignore staged users - Resolves: RHEL-23621 session cookie can't be read - Resolves: RHEL-22372 Gating-DL1 test failure in test_integration/test_dns_locations.py::TestDNSLocations::()::test_ipa_ca_records - Resolves: RHEL-21809 CA less servers are failing to be added in topology segment for domain suffix - Resolves: RHEL-17996 Memory leak in IdM's KDC- Resolves: RHEL-12589 ipa: Invalid CSRF protection - Resolves: RHEL-19748 ipa hbac-test did not report that it hit an arbitrary search limit - Resolves: RHEL-21059 'DogtagCertsConfigCheck' fails, displaying the error message 'Malformed directive: ca.signing.certnickname=caSigningCert cert-pki-ca' - Resolves: RHEL-21804 ipa client 4.10.2 - Failed to obtain host TGT - Resolves: RHEL-21809 CA less servers are failing to be added in topology segment for domain suffix - Resolves: RHEL-21810 ipa-client-install --automount-location does not work - Resolves: RHEL-21811 Handle change in behavior of pki-server ca-config-show in pki 11.5.0 - Resolves: RHEL-21812 Backport latest test fixes in ipa - Resolves: RHEL-21813 krb5kdc fails to start when pkinit and otp auth type is enabled in ipa - Resolves: RHEL-21815 IPA 389ds plugins need to have better logging and tracing - Resolves: RHEL-21937 Make sure a default NetBIOS name is set if not passed in by ADTrust instance constructor- Resolves: RHEL-16985 Handle samba 4.19 changes in samba.security.dom_sid()- Resolves: RHEL-14428 healthcheck reports nsslapd-accesslog-logbuffering is set to 'off'- Resolves: RHEL-14292 Backport latest test fixes in python3-ipatests - Resolves: RHEL-15443 Server install: failure to install with externally signed CA because of timezone issue - Resolves: RHEL-15444 Minimum length parameter in pwpolicy cannot be removed with empty string - Resolves: RHEL-14842 Upstream xmlrpc tests are failing in RHEL9.4- Resolves: RHEL-11652 Rebase ipa to latest 4.11.x version for RHEL 9.4- Resolves: rhbz#2231847 RHEL 8.8 & 9.2 fails to create AD trust with STIG applied - Resolves: rhbz#2232056 Include latest test fixes in python3-ipatests- Resolves: rhbz#2229712 Delete operation protection for admin user - Resolves: rhbz#2227831 Interrupt request processing in ipadb_fill_info3() if connection to 389ds is lost - Resolves: rhbz#2227784 libipa_otp_lasttoken plugin memory leak - Resolves: rhbz#2224570 Improved error messages are needed when attempting to add a non-existing idp to a user - Resolves: rhbz#2230251 Backport latest test fixes to python3-ipatests- Resolves: rhbz#2192969 Better handling of the command line and web UI cert search and/or list features - Resolves: rhbz#2214933 Uninstalling of the IPA server is encountering a failure during the unconfiguration of the CA (Unconfiguring CA) - Resolves: rhbz#2216114 After updating the RHEL from 8.7 to 8.8, IPA services fails to start - Resolves: rhbz#2216549 Upgrade to 4.9.10-6.0.1 fails: attributes are managed by topology plugin - Resolves: rhbz#2216611 Backport latest test fixes in python3-ipatests - Resolves: rhbz#2216872 User authentication failing on OTP validation using multiple tokens, succeeds with password only- Resolves: rhbz#2196426 [Rebase] Rebase ipa to latest 4.10.x release for RHEL 9.3 - Resolves: rhbz#2192969 Better handling of the command line and web UI cert search and/or list features - Resolves: rhbz#2192625 Better catch of the IPA web UI event "IPA Error 4301:CertificateOperationError", and IPA httpd error CertificateOperationError - Resolves: rhbz#2188567 IPA client Kerberos configuration incompatible with java - Resolves: rhbz#2182683 Tolerate absence of PAC ticket signature depending of domain and servers capabilities [rhel-9] - Resolves: rhbz#2180914 Sequence processing failures for group_add using server context - Resolves: rhbz#2165880 Add RBCD support to IPA - Resolves: rhbz#2160399 get_ranges - [file ipa_sidgen_common.c, line 276]: Failed to convert LDAP entry to range struct- Resolves: rhbz#2169632 Backport latest test fixes in python3-ipatests- Resolves: rhbz#2162656 Passwordless (GSSAPI) SSH not working for subdomain - Resolves: rhbz#2166326 Removing the last DNS type for ipa-ca does not work - Resolves: rhbz#2167473 RFE - Add a warning note about possible performance impact of the Auto Member rebuild task - Resolves: rhbz#2168244 requestsearchtimelimit=0 doesn't seems to be work with ipa-acme-manage pruning command- Resolves: rhbz#2161284 'ERROR Could not remove /tmp/tmpbkw6hawo.ipabkp' can be seen prior to 'ipa-client-install' command was successful - Resolves: rhbz#2164403 ipa-trust-add with --range-type=ipa-ad-trust-posix fails while creating an ID range - Resolves: rhbz#2162677 RFE: Implement support for PKI certificate and request pruning - Resolves: rhbz#2167312 - Backport latest test fixes in python3-ipatests- Rebuild against krb5 1.20.1 ABI - Resolves: rhbz#2155425- Resolves: rhbz#2148887 MemberManager with groups fails - Resolves: rhbz#2150335 idm:client is missing dependency on krb5-pkinit/bin/sh/bin/sh4.12.2-1.el9_5.2ipa-nfast.pp.bz2ipa-nfast/usr/share/selinux/packages/targeted//var/lib/selinux/targeted/active/modules/200/-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m32 -march=i686 -mtune=generic -msse2 -mfpmath=sse -mstackrealign -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protectioncpiozstd19i686-redhat-linux-gnuutf-86d3cc77ebe369ad34b15c8d587093f4ec7f63bae2dbdc9fa294d9b569a72dafcef0e363bd7593165034e6283a5f2f57c3e12be938f1a97b06faf6df68ec45edc? (/h53S071081a401676256aa2832037./usr/share/selinux/packages/targeted/ipa-nfast.pp.bz2BZh91AY&SYUj7_dݏ8=炁ψ> =xf 6S4=MLOHzIM!OhUPa@hdh4 @b@hhh 2H!! 4dFji%&@$RSFѣ@2z@hhѣAF@h@z = h=L2d 4AA  "h2 1hdi #@d *zs}P(b llOVG/GW&!_R)Q0|j3V`*УsJ' plN1sY{XN/q;rhq8Ox|Xw`?_1d{{'o#/ACtTyΤHO1ISiM^W ʳgvfu]_owӻ==ǟ9j7EGM4:-FKUSU55z^[6;*͝fk7;݅ET g w!@Hu o6ƓS놶GV@PY&Yq!(A A_eD6$!(.|Y{fi"A'+86@ kP sW$ֿA$=ۉf4N$@]PI$ ۾W4h =Qft4g3Q[BXE0,'ɾIYæ,ɍ f1p5. $K@([T@Y* %EfʪcL~Lۗ-ZXU[u8|:`|5FMim5QE_$(6Oj }zZ6RJ(kZֶ `~'|}xWN֓H",! J6lCb؉؈g|1Ni@Vq o )x-iO/~N3|`Js\@A8k 5kPP88wRi .͖ q۸-|Q0&;M1?grtcQsύ˵Cv4'= (21z  v`%z@;Y8w  κ<@Qx]k$p^9l~P~\喳۵)JrB֖, Ly23QoF Tni\BHC PW*@OE?DLT\[V>ľcfla9vsV98Sl[Ǐ$IC0Ǎ5~WD(ՎV bcKv"0ARu5&_šp(JKпxmjąɍ)AMg .8 a@8OFc$DL7Y^?]x̭G2`(! 6Ch| 0,Rw3hHF&q9Z֗JY5SKPEX(hm miqfZ-G% Sqy 'Lx8!.ZUVZT+p ,P@0EmPUCl`XCBmlMd67c. ڮ!PEaH0DfC2!&,SC2Gq76x QEJ5gxؘ'<! VPcOG@EB7aH[aJxe4(]α4a .|сax8^@c Ѝ @'L!#!I%B $,ICJIH0!]P8i"XAV`ZwP5GGdpD#F\F /{єu-4oƶi14}ޘ5K\= qr8f*^PWW{hk8G/y'Ȥr".kWoכKס`6oa9 G#zX 6`qm&6`qY)*x0'( %r{:y=MgtT$ HF]'|[vVe\8{\wpYͨV 5ͺsU9]iOm"UPEr8Iﺏ^=z%ް{F#':wm{؍CUN%]_zu%޶wFӭw{ӽ:}aqj+ޝIT}ޕMwF}m}u=v=bב 9W{Y9+.;yJ]wɒ9Iq;G,ȩ^Wx%=!GKqY\ ʑ r]bdz:װ׷zwj;W{>FF;޾A;5h;{[VQ0m"5>w]z6Em U!䧀{{n}z緷mOW-1UTyUV'|).jjIfD<\ڏ|%rܻm q֥Ž܎%(aڒso;V#amm0j66!mCIkQ`$L5mH6DE[`#Qib94&sF׶IxBfdN-2xj}嘌l\>e^{;I"ģ|i}ɫ]qpyaTseqV;n:|&G-V{uJVQ|X1O <j9L7Xi j5io0mbm 5KKq!5 9Ćj8L[f'0Q={ol/P3"ws\mU'w^-;ʪWY@TW;Idx&ٜΰ*KߕwqO뵙=Z!U(T%b:]KEt^^<CN;\ʙkiej5IUP]ݠpƐcJ`K1fYl16RVYʪx0,@hqg\iM6 i£'(BS ݿ(T)-M1 r1-Ir!""k.T"K]yk^ur*!CSF)"Zq-ZD 0pBHlV%NDKiorPP@J@l4MD6L  j'ňD!C"!DF 0/U>D2@[ QMa{܇03-AI 9x0)` eQZq?K߶<ϴۖ{ܙ}uÎ랗>ԩNnuc\t\1+yǮ2_]ěnMƥcбLר&c`D B wq`  .r^M+ߕ\6ƌqي$ֱZԞ&9< QX޵HA"fhc2}`R̽u^ԮT@P. E Q~ݍB XMCi@qzFUAeqDA59Kh4jg1/ol\Z.3A&gjЄy @כcdig`P`C F.BSU [P' spTz ,BkHka=d21(s-e,lln3q,S#xs`<ho|9ZT<0g&Kh*`ʔ:1 ,HӒ:%>0%G: @B0֐b&46oR#@(n$̡mA d'9J3ޭA|"I!W} cd-6K&UU"A /4W79llmn9HtϘ?MbW!7q@lX òX40cI䘀,arVeǐT{{iD68Z6*]mHМ+M@6qKȢWb_A`z\Y\C/'KyPIugFXM1Д( =iB#2"nE  Kx1l$a*_շ!>N TLr]EkIk&F8ƆREO`@ d@"cW:?:s0 $D} |6"2H\p!G|kfb€0 }֤ IIQ DlQWP_͞*Kp22،7F+HL,p.J o 3BIdcd<,<#y΋{J[? Z<ɐMPL80h-M6S!Z*|z"<=3n 0 V6 #.n;@c=fX;axJ `6Ȁq ÈbD )+PB yRxq0^ @3dXhZR["| %Jlp0!A&d;h L> {-sB&$2 pfCt(nmTitI N5c]8GQ0p}8w. Q@ LfkSH1 N ߭13ݗ]@4 ke08KZohEօe2;N[+=/JιxDdE2IU蒙f#B87PgF!L%)Uꚺ(1F)PT]  BM46R`;RI .AuUֶ)DZ;Z@mۈySKǐ!* `J dK2qۼ-SxCTpd1LJ؁18"A uN\5 (0w`BMNTTd$=2?:,lDO$з1rD)p;nAbPB?Y_y[$F:-9 JZ3^"I8?Xbe 561NƬ>c8<Ơp7R:R|.az$wF)nm2B׊@ Ԓ @ ^Mq;m{o^wf!!ywfwckV!"zLq-]Ğlo.ycerHAH&&t6 |]xA 4(!4mc-B֒b@0L$`($vQZe( lﭵ& d $LVSę@`0J kqeeľnnm6c *V0(cZKz#/ %BQUHFYڅcC'WRF)B~+U2C8 ц̫%6nSjn&gl3X/6(L #C[lF,q$n HDD#|ŚH"_ 3{m !U뼓R腳c&bP B雐P6l,ƠSO:u 1I$ L&b㦘((HH!G  M lMc!  Q&NajAdXGW `mL7海ADp.xBBAuba4@qRJ-!BA.Y,TT#p#,FX3cS);-SS8}۸ FHF7]8*z@ 3P0;xbgfk^4e`}M5(w I֨R9a (j6spU!$[5$• HKtuWa}ŁЅ̄6IHmTLcYDQ(J 0qDQ41cКH  SbTRAILER!!!x(@6cJdP$1+ҔJ9797J$2 hF` 3'.73k (By^"HƚU~UP`a);JCy[ k8w"4/UzV$G֊5=1.'$ ԃze:?H% sڣ䉿U"M$5$#S !7 83hN Z +1.u;91}4E>$2w)!D@BC;[P8B{1&