krb5-pkinit-1.21.3-7.el10 RPM for s390x

From CentOS Stream 10 BaseOS for s390x

Kerberos is a network authentication system. The krb5-pkinit
package contains the PKINIT plugin, which allows clients
to obtain initial credentials from a KDC using a private key and a
certificate.

Provides

• krb5-pkinit
• krb5-pkinit(s390-64)
• krb5-pkinit-openssl

Requires

• krb5-libs(s390-64) = 1.21.3-7.el10
• libc.so.6()(64bit)
• libc.so.6(GLIBC_2.17)(64bit)
• libc.so.6(GLIBC_2.2)(64bit)
• libc.so.6(GLIBC_2.25)(64bit)
• libc.so.6(GLIBC_2.3.4)(64bit)
• libc.so.6(GLIBC_2.38)(64bit)
• libc.so.6(GLIBC_2.4)(64bit)
• libc.so.6(GLIBC_2.8)(64bit)
• libcom_err.so.2()(64bit)
• libcrypto.so.3()(64bit)
• libcrypto.so.3(OPENSSL_3.0.0)(64bit)
• libk5crypto.so.3()(64bit)
• libk5crypto.so.3(k5crypto_3_MIT)(64bit)
• libkeyutils.so.1()(64bit)
• libkrb5.so.3()(64bit)
• libkrb5.so.3(krb5_3_MIT)(64bit)
• libkrb5support.so.0()(64bit)
• libkrb5support.so.0(krb5support_0_MIT)(64bit)
• libresolv.so.2()(64bit)
• rpmlib(CompressedFileNames) <= 3.0.4-1
• rpmlib(FileDigests) <= 4.6.0-1
• rpmlib(PayloadFilesHavePrefix) <= 4.0-1
• rpmlib(PayloadIsZstd) <= 5.4.18-1
• rtld(GNU_HASH)

License

Brian-Gladman-2-Clause AND BSD-2-Clause AND (BSD-2-Clause OR GPL-2.0-or-later) AND BSD-2-Clause-first-lines AND BSD-3-Clause AND BSD-4-Clause AND CMU-Mach-nodoc AND FSFULLRWD AND HPND AND HPND-export2-US AND HPND-export-US AND HPND-export-US-acknowledgement AND HPND-export-US-modify AND ISC AND MIT AND MIT-CMU AND OLDAP-2.8 AND OpenVision

Changelog

* Wed Jan 29 2025 Julien Rische <jrische@redhat.com> - 1.21.3-7
  - Prevent overflow when calculating ulog block size (CVE-2025-24528)
    Resolves: RHEL-76758
* Fri Jan 17 2025 Julien Rische <jrische@redhat.com> - 1.21.3-6
  - Support PKCS11 EC client certs in PKINIT
    Resolves: RHEL-74373
  - kdb5_util: fix DB entry flags on modification
    Resolves: RHEL-56058
  - Add ECDH support for PKINIT (RFC5349)
    Resolves: RHEL-71881
* Mon Nov 04 2024 Julien Rische <jrische@redhat.com> - 1.21.3-5
  - Make test dependencies optional if not part of CentOS/RHEL 10
    Resolves: RHEL-65724
* Wed Oct 30 2024 Julien Rische <jrische@redhat.com> - 1.21.3-4
  - libkrad: implement support for Message-Authenticator (CVE-2024-3596)
    Resolves: RHEL-55427
  - Fix various issues detected by static analysis
    Resolves: RHEL-45165
  - Remove RSA protocol for PKINIT
    Resolves: RHEL-56070
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 1.21.3-3
  - Bump release for October 2024 mass rebuild:
    Resolves: RHEL-64018
* Fri Jul 12 2024 Julien Rische <jrische@redhat.com> - 1.21.3-2
  - Do not include files with "~" termination in krb5-tests
    Resolves: RHEL-45995
* Fri Jul 12 2024 Julien Rische <jrische@redhat.com> - 1.21.3-1
  - New upstream version (1.21.3)
  - CVE-2024-37370 CVE-2024-37371
    Fix vulnerabilities in GSS message token handling
    Resolves: RHEL-45387 RHEL-45378
  - Fix memory leak in GSSAPI interface
    Resolves: RHEL-47284
  - Fix memory leak in PMAP RPC interface
    Resolves: RHEL-47287
  - Fix memory leak in failing UTF-8 to UTF-16 re-encoding for PAC
    Resolves: RHEL-47285
  - Make TCP waiting time configurable
    Resolves: RHEL-47278
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1.21.2-7
  - Bump release for June 2024 mass rebuild
* Wed Jun 19 2024 Julien Rische <jrische@redhat.com> - 1.21.2-6
  - Add missing SPDX license identifiers
    Resolves: RHEL-44383
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.21.2-5
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.21.2-4
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Jan 17 2024 Julien Rische <jrische@redhat.com> - 1.21.2-3
  - Fix double free in klist's show_ccache()
    Resolves: rhbz#2257301
  - Store krb5-tests files in architecture-specific directories
    Resolves: rhbz#2244601
* Tue Oct 10 2023 Julien Rische <jrische@redhat.com> - 1.21.2-2
  - Use SPDX expression for license tag
  - Fix unimportant memory leaks
    Resolves: rhbz#2223274
* Wed Aug 16 2023 Julien Rische <jrische@redhat.com> - 1.21.2-1
  - New upstream version (1.21.2)
  - Fix double-free in KDC TGS processing (CVE-2023-39975)
    Resolves: rhbz#2229113
  - Make tests compatible with Python 3.12
    Resolves: rhbz#2224013
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.21-3
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Jun 29 2023 Marek Blaha <mblaha@redhat.com> - 1.21-2
  - Replace file dependency with package name
    Resolves: rhbz#2216903
* Mon Jun 12 2023 Julien Rische <jrische@redhat.com> - 1.21-1
  - New upstream version (1.21)
  - Do not disable PKINIT if some of the well-known DH groups are unavailable
    Resolves: rhbz#2214297
  - Make PKINIT CMS SHA-1 signature verification available in FIPS mode
    Resolves: rhbz#2214300
  - Allow to set PAC ticket signature as optional
    Resolves: rhbz#2181311
  - Add support for MS-PAC extended KDC signature (CVE-2022-37967)
    Resolves: rhbz#2166001
  - Fix syntax error in aclocal.m4
    Resolves: rhbz#2143306
* Tue Jan 31 2023 Julien Rische <jrische@redhat.com> - 1.20.1-9
  - Add support for MS-PAC extended KDC signature (CVE-2022-37967)
    Resolves: rhbz#2166001
* Mon Jan 30 2023 Julien Rische <jrische@redhat.com> - 1.20.1-8
  - Bypass FIPS restrictions to use KRB5KDF in case AES SHA-1 HMAC is enabled
  - Lazily load MD4/5 from OpenSSL if using RADIUS or RC4 enctype in FIPS mode

Files

/usr/lib/.build-id
/usr/lib/.build-id/f2
/usr/lib/.build-id/f2/b133049c7fe61245b3df10569e038b17d3dd5c
/usr/lib64/krb5
/usr/lib64/krb5/plugins
/usr/lib64/krb5/plugins/preauth
/usr/lib64/krb5/plugins/preauth/pkinit.so

Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Feb 11 08:47:05 2025