diff --git a/krb5.spec b/krb5.spec index cfecc3c..c5eb6c0 100644 --- a/krb5.spec +++ b/krb5.spec @@ -15,7 +15,7 @@ Summary: The Kerberos network authentication system. Name: krb5 Version: 1.6 -Release: 2 +Release: 3 # Maybe we should explode from the now-available-to-everybody tarball instead? # http://web.mit.edu/kerberos/dist/krb5/1.5/krb5-1.5-signed.tar Source0: krb5-%{version}.tar.gz @@ -76,6 +76,9 @@ Patch44: krb5-1.4.3-enospc.patch Patch45: krb5-1.5-gssinit.patch Patch46: krb5-1.6-fix-sendto_kdc-memset.dif Patch47: krb5-1.6-sort-of-static.patch +Patch48: krb5-1.6-CVE-2007-0956-prelim.patch +Patch49: krb5-1.6-CVE-2007-0957-prelim.patch +Patch50: krb5-1.6-CVE-2007-1216-prelim.patch License: MIT, freely distributable. URL: http://web.mit.edu/kerberos/www/ @@ -190,6 +193,13 @@ installed on systems which are meant provide these services. %endif %changelog +* Tue Apr 3 2007 Nalin Dahyabhai 1.6-3 +- add patch to correct unauthorized access via krb5-aware telnet + daemon (#229782, CVE-2007-0956) +- add patch to fix buffer overflow in krb5kdc and kadmind + (#231528, CVE-2007-0957) +- add patch to fix double-free in kadmind (#231537, CVE-2007-1216) + * Thu Mar 22 2007 Nalin Dahyabhai - back out buildrequires: keyutils-libs-devel for now @@ -1074,6 +1084,9 @@ installed on systems which are meant provide these services. %if %{build_static} %patch47 -p1 -b .sort-of-static %endif +%patch48 -p0 -b .CVE-2007-0956 +%patch49 -p0 -b .CVE-2007-0957 +%patch50 -p0 -b .CVE-2007-1216 cp src/krb524/README README.krb524 gzip doc/*.ps