Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: ipa-selinux-luna | Distribution: CentOS |
Version: 4.12.0 | Vendor: CentOS |
Release: 6.el9 | Build date: Thu Jul 18 14:55:07 2024 |
Group: Unspecified | Build host: aarch64-02.stream.rdu2.redhat.com |
Size: 10205 | Source RPM: ipa-4.12.0-6.el9.src.rpm |
Packager: builder@centos.org | |
Url: http://www.freeipa.org/ | |
Summary: FreeIPA SELinux policy for Thales Luna HSMs |
Custom SELinux policy module for Thales Luna HSMs
GPL-3.0-or-later
* Thu Jul 18 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.0-6 - Resolves: RHEL-47292 Include latest fixes in python3-ipatests packages - Resolves: RHEL-47146 Syntax error uninstalling the selinux-luna subpackage - Resolves: RHEL-46009 ipa-migrate with -Z option fails with ValueError: option error - Resolves: RHEL-46003 ipa-migrate -V options fails to display version - Resolves: RHEL-45463 ipa-migrate stage-mode is failing with error: Modifying a mapped attribute in a managed entry is not allowed - Resolves: RHEL-40890 ipa-server-install: token_password_file read in kra.install_check after calling hsm_validator in ca.install_check - Resolves: RHEL-40661 Adjust "ipa config-mod --addattr ipaconfigstring=EnforceLDAPOTP" to allow for non OTP users in some cases * Mon Jul 08 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.0-5 - Resolves: RHEL-37285 IPA Web UI not showing replication agreement for non-admin users - Resolves: RHEL-42703 PSKC.xml issues with ipa_otptoken_import.py - Resolves: RHEL-41194 ipa-client rpm post script creates always ssh_config.orig even if nothing needs to be changed - Resolves: RHEL-39477 kdc.crt certificate not getting automatically renewed by certmonger in IPA Hidden replica - Resolves: RHEL-46559 Include latest fixes in python3-ipatests packages - Resolves: RHEL-22188 [RFE] Allow IPA SIDgen task to continue if it finds an entity that SID can't be assigned to * Mon Jun 10 2024 Julien Rische <jrische@redhat.com> - 4.12.0-4 - Resolves: RHEL-29928 CVE-2024-3183 freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force - Resolves: RHEL-29691 CVE-2024-2698 freeipa: delegation rules allow a proxy service to impersonate any user to access another target service * Wed Jun 05 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.0-3 - Related: RHEL-34809 temporarily revert a commit that depends on newer version of python-jwcrypto * Tue Jun 04 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.0-2 - Resolves: RHEL-39950 ipa-client can't be installed because of a missing dependency * Wed May 29 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.0-1 - Resolves: RHEL-39140 Rebase ipa to the latest 4.12 version for RHEL 9.5 - Resolves: RHEL-34757 The change for preventing deletion of the admin user caused a regression in disable - Resolves: RHEL-30553 Depend on nfsv4-client-utils or nfs-utils - Resolves: RHEL-29762 IPA sidgen fails to create SID for manually set ID for a new range [rhel-9.5.0] - Resolves: RHEL-26261 Fix replica connection check for use with AD administrator - Resolves: RHEL-18062 ipa ca-show NAME --certificate-out=file creates empty file when NAME does not exist - Resolves: RHEL-12149 traceback in ipaserver/dcerpc.py - Resolves: RHEL-4810 [RFE] FreeIPA-to-FreeIPA migration - Resolves: RHEL-4807 [RFE] Support in IPA for HSM boxes * Tue Apr 30 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-11 - Resolves: RHEL-33645 - Update samba to version 4.20.0 * Fri Mar 29 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-10 - Resolves: RHEL-23377 Enforce OTP for ldap bind (in some scenarios) - Resolves: RHEL-29745 Unable to re-add broken AD trust - NT_STATUS_INVALID_PARAMETER - Resolves: RHEL-30905 Backport latest test fixes in ipa * Thu Mar 07 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-9 - Resolves: RHEL-28258 vault fails on non-fips client if server is in FIPS mode - Resolves: RHEL-26154 ipa: freeipa: specially crafted HTTP requests potentially lead to DoS or data exposure * Tue Feb 20 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-8 - Resolves: RHEL-12143 'ipa vault-add is failing with ipa: ERROR: an internal error has occurred in FIPS mode - Resolves: RHEL-25738 ipa-kdb: Cannot determine if PAC generator is available * Fri Feb 16 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-7 - Resolves: RHEL-25260 tier-1-upstream-dns-locations failed on RHEL8.8 gating - Resolves: RHEL-25738 ipa-kdb: Cannot determine if PAC generator is available - Resolves: RHEL-25815 Backport latest test fixes in python3-ipatests * Fri Feb 09 2024 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-6 - Resolves: RHEL-23627 IPA stops working if HTTP/... service principal was created before FreeIPA 4.4.0 and never modified - Resolves: RHEL-23625 sidgen plugin does not ignore staged users - Resolves: RHEL-23621 session cookie can't be read - Resolves: RHEL-22372 Gating-DL1 test failure in test_integration/test_dns_locations.py::TestDNSLocations::()::test_ipa_ca_records - Resolves: RHEL-21809 CA less servers are failing to be added in topology segment for domain suffix - Resolves: RHEL-17996 Memory leak in IdM's KDC * Thu Jan 18 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-5 - Resolves: RHEL-12589 ipa: Invalid CSRF protection - Resolves: RHEL-19748 ipa hbac-test did not report that it hit an arbitrary search limit - Resolves: RHEL-21059 'DogtagCertsConfigCheck' fails, displaying the error message 'Malformed directive: ca.signing.certnickname=caSigningCert cert-pki-ca' - Resolves: RHEL-21804 ipa client 4.10.2 - Failed to obtain host TGT - Resolves: RHEL-21809 CA less servers are failing to be added in topology segment for domain suffix - Resolves: RHEL-21810 ipa-client-install --automount-location does not work - Resolves: RHEL-21811 Handle change in behavior of pki-server ca-config-show in pki 11.5.0 - Resolves: RHEL-21812 Backport latest test fixes in ipa - Resolves: RHEL-21813 krb5kdc fails to start when pkinit and otp auth type is enabled in ipa - Resolves: RHEL-21815 IPA 389ds plugins need to have better logging and tracing - Resolves: RHEL-21937 Make sure a default NetBIOS name is set if not passed in by ADTrust instance constructor * Fri Dec 01 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-4 - Resolves: RHEL-16985 Handle samba 4.19 changes in samba.security.dom_sid() * Mon Nov 20 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-3 - Resolves: RHEL-14428 healthcheck reports nsslapd-accesslog-logbuffering is set to 'off' * Mon Nov 06 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-2 - Resolves: RHEL-14292 Backport latest test fixes in python3-ipatests - Resolves: RHEL-15443 Server install: failure to install with externally signed CA because of timezone issue - Resolves: RHEL-15444 Minimum length parameter in pwpolicy cannot be removed with empty string - Resolves: RHEL-14842 Upstream xmlrpc tests are failing in RHEL9.4 * Fri Oct 06 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-1 - Resolves: RHEL-11652 Rebase ipa to latest 4.11.x version for RHEL 9.4 * Thu Aug 17 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.10.2-4 - Resolves: rhbz#2231847 RHEL 8.8 & 9.2 fails to create AD trust with STIG applied - Resolves: rhbz#2232056 Include latest test fixes in python3-ipatests * Thu Aug 10 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.10.2-3 - Resolves: rhbz#2229712 Delete operation protection for admin user - Resolves: rhbz#2227831 Interrupt request processing in ipadb_fill_info3() if connection to 389ds is lost - Resolves: rhbz#2227784 libipa_otp_lasttoken plugin memory leak - Resolves: rhbz#2224570 Improved error messages are needed when attempting to add a non-existing idp to a user - Resolves: rhbz#2230251 Backport latest test fixes to python3-ipatests * Thu Jun 29 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.10.2-2 - Resolves: rhbz#2192969 Better handling of the command line and web UI cert search and/or list features - Resolves: rhbz#2214933 Uninstalling of the IPA server is encountering a failure during the unconfiguration of the CA (Unconfiguring CA) - Resolves: rhbz#2216114 After updating the RHEL from 8.7 to 8.8, IPA services fails to start - Resolves: rhbz#2216549 Upgrade to 4.9.10-6.0.1 fails: attributes are managed by topology plugin - Resolves: rhbz#2216611 Backport latest test fixes in python3-ipatests - Resolves: rhbz#2216872 User authentication failing on OTP validation using multiple tokens, succeeds with password only * Tue Jun 06 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.10.2-1 - Resolves: rhbz#2196426 [Rebase] Rebase ipa to latest 4.10.x release for RHEL 9.3 - Resolves: rhbz#2192969 Better handling of the command line and web UI cert search and/or list features - Resolves: rhbz#2192625 Better catch of the IPA web UI event "IPA Error 4301:CertificateOperationError", and IPA httpd error CertificateOperationError - Resolves: rhbz#2188567 IPA client Kerberos configuration incompatible with java - Resolves: rhbz#2182683 Tolerate absence of PAC ticket signature depending of domain and servers capabilities [rhel-9] - Resolves: rhbz#2180914 Sequence processing failures for group_add using server context - Resolves: rhbz#2165880 Add RBCD support to IPA - Resolves: rhbz#2160399 get_ranges - [file ipa_sidgen_common.c, line 276]: Failed to convert LDAP entry to range struct * Wed Feb 22 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.10.1-6 - Resolves: rhbz#2169632 Backport latest test fixes in python3-ipatests * Mon Feb 13 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.10.1-5 - Resolves: rhbz#2162656 Passwordless (GSSAPI) SSH not working for subdomain - Resolves: rhbz#2166326 Removing the last DNS type for ipa-ca does not work - Resolves: rhbz#2167473 RFE - Add a warning note about possible performance impact of the Auto Member rebuild task - Resolves: rhbz#2168244 requestsearchtimelimit=0 doesn't seems to be work with ipa-acme-manage pruning command * Mon Feb 06 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.10.1-4 - Resolves: rhbz#2161284 'ERROR Could not remove /tmp/tmpbkw6hawo.ipabkp' can be seen prior to 'ipa-client-install' command was successful - Resolves: rhbz#2164403 ipa-trust-add with --range-type=ipa-ad-trust-posix fails while creating an ID range - Resolves: rhbz#2162677 RFE: Implement support for PKI certificate and request pruning - Resolves: rhbz#2167312 - Backport latest test fixes in python3-ipatests * Wed Dec 21 2022 Alexander Bokovoy <abokovoy@redhat.com> - 4.10.1-3 - Rebuild against krb5 1.20.1 ABI - Resolves: rhbz#2155425 * Fri Dec 09 2022 Florence Blanc-Renaud <flo@redhat.com> - 4.10.1-2 - Resolves: rhbz#2148887 MemberManager with groups fails - Resolves: rhbz#2150335 idm:client is missing dependency on krb5-pkinit * Fri Nov 25 2022 Florence Blanc-Renaud <flo@redhat.com> - 4.10.1-1 - Resolves: rhbz#2141315 [Rebase] Rebase ipa to latest 4.10.x release for RHEL 9.2 - Resolves: rhbz#2094673 ipa-client-install should just use system wide CA store and do not specify TLS_CACERT in ldap.conf - Resolves: rhbz#2117167 After leapp upgrade on ipa-client ipa-server package installation failed. (`REQ_FULL_WITH_MEMBERS` returns object from wrong domain) - Resolves: rhbz#2127833 Password Policy Grace login limit allows invalid maximum value - Resolves: rhbz#2143224 [RFE] add certificate support to ipa-client instead of one time password - Resolves: rhbz#2144736 vault interoperability with older RHEL systems is broken - Resolves: rhbz#2148258 ipa-client-install does not maintain server affinity during installation - Resolves: rhbz#2148379 Add warning for empty targetattr when creating ACI with RBAC - Resolves: rhbz#2148380 OTP token sync always returns OK even with random numbers - Resolves: rhbz#2148381 Deprecated feature idnssoaserial in IdM appears when creating reverse dns zones - Resolves: rhbz#2148382 Introduction of URI records for kerberos breaks location functionality * Tue Oct 25 2022 Rafael Jeffman <rjeffman@redhat.com> - 4.10.0-7 - Resolves: rhbz#2124547 Attempt to log in as "root" user with admin's password in Web UI does not properly fail - Resolves: rhbz#2137555 Attempt to log in as "root" user with admin's password in Web UI does not properly fail [rhel-9.1.0.z] * Fri Aug 19 2022 Florence Blanc-Renaud <flo@redhat.com> - 4.10.0-6 - Resolves: rhbz#2110014 ldap bind occurs when admin user changes password with gracelimit=0 - Resolves: rhbz#2112901 RFE: Allow grace login limit to be set in IPA WebUI - Resolves: rhbz#2115495 group password policy by default does not allow grace logins - Resolves: rhbz#2116966 ipa-replica-manage displays traceback: Unexpected error: 'bool' object has no attribute 'lower' * Thu Jul 28 2022 Francisco Trivino <ftrivino@redhat.com> - 4.10.0-5 - Resolves: rhbz#2109645 - Rebuild for samba-4.16.3-101.el9 * Thu Jul 21 2022 Francisco Trivino <ftrivino@redhat.com> - 4.10.0-4 - Resolves: rhbz#2109645 - Rebuild for samba-4.16.3-100.el9
/usr/share/selinux/packages/targeted/ipa-luna.pp.bz2 /var/lib/selinux/targeted/active/modules/200/ipa-luna
Generated by rpm2html 1.8.1
Fabrice Bellet, Wed Nov 13 07:24:57 2024