[ol9_u3_baseos_base] krb5-pkinit-1.21.1-1.0.1.el9.i686

Name:	krb5-pkinit
Version:	1.21.1
Release:	1.0.1.el9
Architecture:	i686
Group:	Unspecified
Size:	136178
License:	MIT
RPM:	krb5-pkinit-1.21.1-1.0.1.el9.i686.rpm
Source RPM:	krb5-1.21.1-1.0.1.el9.src.rpm
Build Date:	Mon Oct 23 2023
Build Host:	build-ol9-i386.oracle.com
Vendor:	Oracle America
URL:	https://web.mit.edu/kerberos/www/
Summary:	The PKINIT module for Kerberos 5
Description:	Kerberos is a network authentication system. The krb5-pkinit package contains the PKINIT plugin, which allows clients to obtain initial credentials from a KDC using a private key and a certificate.

Changelog (Show File list) (Show related packages)

Fri Oct 20 2023 Pooja Senthil Kumar <pooja.senthil.kumar@oracle.com> - 1.21.1-1.0.1
```
- Fixed race condition in krb5_set_password() [Orabug: 33609767]
```

Tue Aug 08 2023 Julien Rische <jrische@redhat.com> - 1.21.1-1

- New upstream version (1.21.1)
- Fix double-free in KDC TGS processing (CVE-2023-39975)
- Add support for "pac_privsvr_enctype" KDB string attribute
  Resolves: rhbz#2060421

Thu Jun 08 2023 Julien Rische <jrische@redhat.com> - 1.20.1-9

- Do not disable PKINIT if some of the well-known DH groups are unavailable
  Resolves: rhbz#2187722
- Make PKINIT CMS SHA-1 signature verification available in FIPS mode
  Resolves: rhbz#2155607
- Allow to set PAC ticket signature as optional
  Resolves: rhbz#2178298

Wed Feb 22 2023 Julien Rische <jrische@redhat.com> - 1.20.1-8

- Fix datetime parsing in kadmin on s390x
  Resolves: rhbz#2169985

Tue Feb 14 2023 Julien Rische <jrische@redhat.com> - 1.20.1-7

- Fix double free on kdb5_util key creation failure
  Resolves: rhbz#2166603

Tue Jan 31 2023 Julien Rische <jrische@redhat.com> - 1.20.1-6

- Add support for MS-PAC extended KDC signature (CVE-2022-37967)
  Resolves: rhbz#2165827

Thu Jan 19 2023 Julien Rische <jrische@redhat.com> - 1.20.1-5

- Bypass FIPS restrictions to use KRB5KDF in case AES SHA-1 HMAC is enabled
- Lazily load MD4/5 from OpenSSL if using RADIUS or RC4 enctype in FIPS mode
  Resolves: rhbz#2162461

Thu Jan 12 2023 Julien Rische <jrische@redhat.com> - 1.20.1-4

- Set aes256-cts-hmac-sha384-192 as EXAMLE.COM master key in kdc.conf
- Add AES SHA-2 HMAC family as EXAMPLE.COM supported etypes in kdc.conf
  Resolves: rhbz#2068535

Tue Jan 10 2023 Julien Rische <jrische@redhat.com> - 1.20.1-2

- Strip debugging data from ksu executable file
  Resolves: rhbz#2159643

Wed Dec 07 2022 Julien Rische <jrische@redhat.com> - 1.20.1-1

- Make tests compatible with sssd-client
  Resolves: rhbz#2151513
- Remove invalid password expiry warning
  Resolves: rhbz#2121099
- Update error checking for OpenSSL CMS_verify
  Resolves: rhbz#2063838
- New upstream version (1.20.1)
  Resolves: rhbz#2016312
- Fix integer overflows in PAC parsing (CVE-2022-42898)
  Resolves: rhbz#2140971