[1.20.1-8.0.1] - Fixed race condition in krb5_set_password [Orabug: 33609767] [1.20.1-8] - Fix datetime parsing in kadmin on s390x - Resolves: rhbz#2169985 [1.20.1-7] - Fix double free on kdb5_util key creation failure - Resolves: rhbz#2166603 [1.20.1-6] - Add support for MS-PAC extended KDC signature - Resolves: rhbz#2165827 [1.20.1-5] - Bypass FIPS restrictions to use KRB5KDF in case AES SHA-1 HMAC is enabled - Lazily load MD4/5 from OpenSSL if using RADIUS or RC4 enctype in FIPS mode - Resolves: rhbz#2162461 [1.20.1-4] - Set aes256-cts-hmac-sha384-192 as EXAMLE.COM master key in kdc.conf - Add AES SHA-2 HMAC family as EXAMPLE.COM supported etypes in kdc.conf - Resolves: rhbz#2068535 [1.20.1-2] - Strip debugging data from ksu executable file - Resolves: rhbz#2159643 [1.20.1-1] - Make tests compatible with sssd-client - Resolves: rhbz#2151513 - Remove invalid password expiry warning - Resolves: rhbz#2121099 - Update error checking for OpenSSL CMS_verify - Resolves: rhbz#2063838 - New upstream version - Resolves: rhbz#2016312 - Fix integer overflows in PAC parsing - Resolves: rhbz#2140971 [1.19.1-23] - Fix kprop for propagating dump files larger than 4GB - Resolves: rhbz#2133014 [1.19.1-22] - Restore "supportedCMSTypes" attribute in PKINIT preauth requests - Set SHA-512 or SHA-256 with RSA as preferred CMS signature algorithms - Resolves: rhbz#2068935 [1.19.1-21] - Fix libkrad client cleanup - Allow use of larger RADIUS attributes in krad library - Resolves: rhbz#2100351 [1.19.1-20] - Fix OpenSSL 3 MD5 encyption in FIPS mode - Allow libkrad UDP/TCP connection to localhost in FIPS mode - Resolves: rhbz#2068458 [1.19.1-19] - Use p11-kit as default PKCS11 module - Resolves: rhbz#2030981 [1.19.1-18] - Try harder to avoid password change replay errors - Resolves: rhbz#2075186 [1.19.1-15] - Use SHA-256 instead of SHA-1 for PKINIT CMS digest [1.19.1-14] - Bypass FIPS restrictions to use KRB5KDF in case AES SHA-1 HMAC is enabled - Lazily load MD4/5 from OpenSSL if using RADIUS or RC4 enctype in FIPS mode [1.19.1-13] - Remove -specs= from krb5-config output - Resolves #1997021 [1.19.1-12] - Fix KDC null deref on TGS inner body null server - Resolves: #1997602 [1.19.1-11.1] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [1.19.1-11] - Fix KDC null deref on bad encrypted challenge - Resolves: #1983733 [1.19.1-10] - Update OpenSSL 3 provider handling to clean up properly - Resolves: #1955873 [1.19.1-9] - Sync openssl3 patches with upstream - Resolves: #1955873 [1.19.1-8] - Rebuild for rpminspect and mass rebuild cleanup; no code changes - Resolves: #1967505 [1.19.1-7] - Fix several fallback canonicalization problems - Resolves: #1967505 [1.19.1-6.1] - Rebuilt for RHEL 9 BETA for openssl 3.0 - Resolves: rhbz#1971065 [1.19.1-6] - Backport KCM retrieval fixes - Resolves: #1956403 [1.19.1-5] - Fix DES3 mention in KDFs - Resolves: #1955873 [1.19.1-4] - Port to OpenSSL 3 - Resolves: #1955873 [1.19.1-3.1] - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937