diff --git a/krb5.spec b/krb5.spec
index 37c3b90..97aaf81 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -42,7 +42,7 @@
 Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.19.2
-Release: %{?zdpd}2%{?dist}
+Release: %{?zdpd}3%{?dist}
 
 # rharwood has trust path to signing key and verifies on check-in
 Source0: https://web.mit.edu/kerberos/dist/krb5/%{version}/krb5-%{version}%{?dashpre}.tar.gz
@@ -428,14 +428,9 @@ install -pdm 755 $RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/authdata
 # list of link flags, and it helps prevent file conflicts on multilib systems.
 sed -r -i -e 's|^libdir=/usr/lib(64)?$|libdir=/usr/lib|g' $RPM_BUILD_ROOT%{_bindir}/krb5-config
 
-# Temporay workaround for krb5-config reading too much from LDFLAGS.
-# Upstream: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8159
-sed -r -i -e "s/-specs=\/.+?\/redhat-hardened-ld//g" $RPM_BUILD_ROOT%{_bindir}/krb5-config
-
-if [[ "$(< $RPM_BUILD_ROOT%{_bindir}/krb5-config )" == *redhat-hardened-ld* ]] ; then
-    printf '# redhat-hardened-ld for krb5-config failed' 1>&2
-    exit 1
-fi
+# Workaround krb5-config reading too much from LDFLAGS.
+# https://bugzilla.redhat.com/show_bug.cgi?id=1997021
+sed -i -e "s/-specs=[^ ]*//g" $RPM_BUILD_ROOT%{_bindir}/krb5-config
 
 # Install processed man pages.
 for section in 1 5 8 ; do
@@ -652,6 +647,9 @@ exit 0
 %{_libdir}/libkadm5srv_mit.so.*
 
 %changelog
+* Tue Aug 24 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.2-3
+- Remove -specs= from krb5-config output
+
 * Thu Aug 19 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.2-2
 - Fix KDC null deref on TGS inner body null server (CVE-2021-37750)