-
Wed Mar 29 2023 EL Errata <el-errata_ww@oracle.com> - 1.20.1-8.0.1
- Fixed race condition in krb5_set_password() [Orabug: 33609767]
-
Wed Feb 22 2023 Julien Rische <jrische@redhat.com> - 1.20.1-8
- Fix datetime parsing in kadmin on s390x
- Resolves: rhbz#2169985
-
Tue Feb 14 2023 Julien Rische <jrische@redhat.com> - 1.20.1-7
- Fix double free on kdb5_util key creation failure
- Resolves: rhbz#2166603
-
Tue Jan 31 2023 Julien Rische <jrische@redhat.com> - 1.20.1-6
- Add support for MS-PAC extended KDC signature (CVE-2022-37967)
- Resolves: rhbz#2165827
-
Thu Jan 19 2023 Julien Rische <jrische@redhat.com> - 1.20.1-5
- Bypass FIPS restrictions to use KRB5KDF in case AES SHA-1 HMAC is enabled
- Lazily load MD4/5 from OpenSSL if using RADIUS or RC4 enctype in FIPS mode
- Resolves: rhbz#2162461
-
Thu Jan 12 2023 Julien Rische <jrische@redhat.com> - 1.20.1-4
- Set aes256-cts-hmac-sha384-192 as EXAMLE.COM master key in kdc.conf
- Add AES SHA-2 HMAC family as EXAMPLE.COM supported etypes in kdc.conf
- Resolves: rhbz#2068535
-
Tue Jan 10 2023 Julien Rische <jrische@redhat.com> - 1.20.1-2
- Strip debugging data from ksu executable file
- Resolves: rhbz#2159643
-
Wed Dec 07 2022 Julien Rische <jrische@redhat.com> - 1.20.1-1
- Make tests compatible with sssd-client
- Resolves: rhbz#2151513
- Remove invalid password expiry warning
- Resolves: rhbz#2121099
- Update error checking for OpenSSL CMS_verify
- Resolves: rhbz#2063838
- New upstream version (1.20.1)
- Resolves: rhbz#2016312
- Fix integer overflows in PAC parsing (CVE-2022-42898)
- Resolves: rhbz#2140971
-
Tue Oct 18 2022 Julien Rische <jrische@redhat.com> - 1.19.1-23
- Fix kprop for propagating dump files larger than 4GB
- Resolves: rhbz#2133014
-
Fri Jul 08 2022 Julien Rische <jrische@redhat.com> - 1.19.1-22
- Restore "supportedCMSTypes" attribute in PKINIT preauth requests
- Set SHA-512 or SHA-256 with RSA as preferred CMS signature algorithms
- Resolves: rhbz#2068935