Changelog for
krb5-devel-1.21.1-1.el9.x86_64.rpm :
* Tue Aug 08 2023 Julien Rische
- 1.21.1-1- New upstream version (1.21.1)- Fix double-free in KDC TGS processing (CVE-2023-39975)- Add support for \"pac_privsvr_enctype\" KDB string attribute Resolves: rhbz#2060421
* Thu Jun 08 2023 Julien Rische - 1.20.1-9- Do not disable PKINIT if some of the well-known DH groups are unavailable Resolves: rhbz#2187722- Make PKINIT CMS SHA-1 signature verification available in FIPS mode Resolves: rhbz#2155607- Allow to set PAC ticket signature as optional Resolves: rhbz#2178298
* Wed Feb 22 2023 Julien Rische - 1.20.1-8- Fix datetime parsing in kadmin on s390x Resolves: rhbz#2169985
* Tue Feb 14 2023 Julien Rische - 1.20.1-7- Fix double free on kdb5_util key creation failure Resolves: rhbz#2166603
* Tue Jan 31 2023 Julien Rische - 1.20.1-6- Add support for MS-PAC extended KDC signature (CVE-2022-37967) Resolves: rhbz#2165827
* Thu Jan 19 2023 Julien Rische - 1.20.1-5- Bypass FIPS restrictions to use KRB5KDF in case AES SHA-1 HMAC is enabled- Lazily load MD4/5 from OpenSSL if using RADIUS or RC4 enctype in FIPS mode Resolves: rhbz#2162461
* Thu Jan 12 2023 Julien Rische - 1.20.1-4- Set aes256-cts-hmac-sha384-192 as EXAMLE.COM master key in kdc.conf- Add AES SHA-2 HMAC family as EXAMPLE.COM supported etypes in kdc.conf Resolves: rhbz#2068535
* Tue Jan 10 2023 Julien Rische - 1.20.1-2- Strip debugging data from ksu executable file Resolves: rhbz#2159643
* Wed Dec 07 2022 Julien Rische - 1.20.1-1- Make tests compatible with sssd-client Resolves: rhbz#2151513- Remove invalid password expiry warning Resolves: rhbz#2121099- Update error checking for OpenSSL CMS_verify Resolves: rhbz#2063838- New upstream version (1.20.1) Resolves: rhbz#2016312- Fix integer overflows in PAC parsing (CVE-2022-42898) Resolves: rhbz#2140971
* Tue Oct 18 2022 Julien Rische - 1.19.1-23- Fix kprop for propagating dump files larger than 4GB Resolves: rhbz#2133014
* Fri Jul 08 2022 Julien Rische - 1.19.1-22- Restore \"supportedCMSTypes\" attribute in PKINIT preauth requests- Set SHA-512 or SHA-256 with RSA as preferred CMS signature algorithms Resolves: rhbz#2068935
* Thu Jun 23 2022 Julien Rische - 1.19.1-21- Fix libkrad client cleanup- Allow use of larger RADIUS attributes in krad library Resolves: rhbz#2100351
* Thu May 12 2022 Julien Rische - 1.19.1-20- Fix OpenSSL 3 MD5 encyption in FIPS mode- Allow libkrad UDP/TCP connection to localhost in FIPS mode Resolves: rhbz#2068458
* Mon May 02 2022 Julien Rische - 1.19.1-19- Use p11-kit as default PKCS11 module Resolves: rhbz#2030981
* Tue Apr 26 2022 Julien Rische - 1.19.1-18- Try harder to avoid password change replay errors Resolves: rhbz#2075186
* Mon Mar 14 2022 Julien Rische - 1.19.1-15- Use SHA-256 instead of SHA-1 for PKINIT CMS digest
* Thu Feb 24 2022 Julien Rische - 1.19.1-14- Bypass FIPS restrictions to use KRB5KDF in case AES SHA-1 HMAC is enabled- Lazily load MD4/5 from OpenSSL if using RADIUS or RC4 enctype in FIPS mode
* Fri Dec 17 2021 Antonio Torres - 1.19.1-13- Remove -specs= from krb5-config output- Resolves rhbz#1997021
* Wed Oct 20 2021 Antonio Torres - 1.19.1-12- Fix KDC null deref on TGS inner body null server (CVE-2021-37750) Resolves: rhbz#1997602
* Mon Aug 09 2021 Mohan Boddu - 1.19.1-11.1- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688