krb5-pkinit-1.21.1-6.el9 RPM for s390x

From CentOS Stream 9 BaseOS for s390x

Kerberos is a network authentication system. The krb5-pkinit
package contains the PKINIT plugin, which allows clients
to obtain initial credentials from a KDC using a private key and a
certificate.

Provides

• krb5-pkinit
• krb5-pkinit(s390-64)
• krb5-pkinit-openssl

Requires

• krb5-libs(s390-64) = 1.21.1-6.el9
• libc.so.6()(64bit)
• libc.so.6(GLIBC_2.17)(64bit)
• libc.so.6(GLIBC_2.2)(64bit)
• libc.so.6(GLIBC_2.25)(64bit)
• libc.so.6(GLIBC_2.3.4)(64bit)
• libc.so.6(GLIBC_2.4)(64bit)
• libc.so.6(GLIBC_2.8)(64bit)
• libcom_err.so.2()(64bit)
• libcrypto.so.3()(64bit)
• libcrypto.so.3(OPENSSL_3.0.0)(64bit)
• libk5crypto.so.3()(64bit)
• libk5crypto.so.3(k5crypto_3_MIT)(64bit)
• libkeyutils.so.1()(64bit)
• libkrb5.so.3()(64bit)
• libkrb5.so.3(krb5_3_MIT)(64bit)
• libkrb5support.so.0()(64bit)
• libkrb5support.so.0(krb5support_0_MIT)(64bit)
• libresolv.so.2()(64bit)
• rpmlib(CompressedFileNames) <= 3.0.4-1
• rpmlib(FileDigests) <= 4.6.0-1
• rpmlib(PayloadFilesHavePrefix) <= 4.0-1
• rpmlib(PayloadIsZstd) <= 5.4.18-1
• rtld(GNU_HASH)

License

MIT

Changelog

* Wed Jan 29 2025 Julien Rische <jrische@redhat.com> - 1.21.1-6
  - Prevent overflow when calculating ulog block size (CVE-2025-24528)
    Resolves: RHEL-76759
* Fri Jan 17 2025 Julien Rische <jrische@redhat.com> - 1.21.1-5
  - Support PKCS11 EC client certs in PKINIT
    Resolves: RHEL-74374
  - kdb5_util: fix DB entry flags on modification
    Resolves: RHEL-56059
  - Add ECDH support for PKINIT (RFC5349)
    Resolves: RHEL-4902
* Thu Oct 17 2024 Julien Rische <jrische@redhat.com> - 1.21.1-4
  - libkrad: implement support for Message-Authenticator (CVE-2024-3596)
    Resolves: RHEL-55423
  - Fix various issues detected by static analysis
    Resolves: RHEL-58216
  - Remove RSA protocol for PKINIT
    Resolves: RHEL-15323
* Fri Jul 05 2024 Julien Rische <jrische@redhat.com> - 1.21.1-3
  - CVE-2024-37370 CVE-2024-37371
    Fix vulnerabilities in GSS message token handling
    Resolves: RHEL-45402 RHEL-45392
* Wed Mar 20 2024 Julien Rische <jrische@redhat.com> - 1.21.1-2
  - Fix memory leak in GSSAPI interface
    Resolves: RHEL-27251
  - Fix memory leak in PMAP RPC interface
    Resolves: RHEL-27245
  - Fix memory leak in failing UTF-8 to UTF-16 re-encoding for PAC
    Resolves: RHEL-27253
  - Make TCP waiting time configurable
    Resolves: RHEL-17132
* Tue Aug 08 2023 Julien Rische <jrische@redhat.com> - 1.21.1-1
  - New upstream version (1.21.1)
  - Fix double-free in KDC TGS processing (CVE-2023-39975)
  - Add support for "pac_privsvr_enctype" KDB string attribute
    Resolves: rhbz#2060421
* Thu Jun 08 2023 Julien Rische <jrische@redhat.com> - 1.20.1-9
  - Do not disable PKINIT if some of the well-known DH groups are unavailable
    Resolves: rhbz#2187722
  - Make PKINIT CMS SHA-1 signature verification available in FIPS mode
    Resolves: rhbz#2155607
  - Allow to set PAC ticket signature as optional
    Resolves: rhbz#2178298
* Wed Feb 22 2023 Julien Rische <jrische@redhat.com> - 1.20.1-8
  - Fix datetime parsing in kadmin on s390x
    Resolves: rhbz#2169985
* Tue Feb 14 2023 Julien Rische <jrische@redhat.com> - 1.20.1-7
  - Fix double free on kdb5_util key creation failure
    Resolves: rhbz#2166603
* Tue Jan 31 2023 Julien Rische <jrische@redhat.com> - 1.20.1-6
  - Add support for MS-PAC extended KDC signature (CVE-2022-37967)
    Resolves: rhbz#2165827

Files

/usr/lib/.build-id
/usr/lib/.build-id/d8
/usr/lib/.build-id/d8/8c096c3b3b2fa6590570b0fb83c86bddb7e989
/usr/lib64/krb5
/usr/lib64/krb5/plugins
/usr/lib64/krb5/plugins/preauth
/usr/lib64/krb5/plugins/preauth/pkinit.so

Generated by rpm2html 1.8.1

Fabrice Bellet, Wed Feb 12 05:15:48 2025