- apply patch from upstream to fix KDC denial of service (CVE-2010-0283,

#566002)
2010-02-16 21:45:25 +00:00 · 2010-02-16 21:45:25 +00:00 · c84cd0185b
commit c84cd0185b
parent edcbea8d17
1 changed files with 7 additions and 1 deletions
--- a/krb5.spec
+++ b/krb5.spec
@ -10,7 +10,7 @@
 Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.7.1
-Release: 1%{?dist}
+Release: 2%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.7/krb5-1.7.1-signed.tar
 Source0: krb5-%{version}.tar.gz
@ -84,6 +84,7 @@ Patch90: krb5-1.7-openssl-1.0.patch
 Patch93: krb5-1.7-create_on_load.patch
 Patch95: krb5-1.7-opte.patch
 Patch96: krb5-1.7-exp_warn.patch
+Patch97: http://web.mit.edu/kerberos/advisories/2010-001-patch.txt.asc

 License: MIT
 URL: http://web.mit.edu/kerberos/www/
@ -222,6 +223,10 @@ to obtain initial credentials from a KDC using a private key and a
 certificate.

 %changelog
+* Tue Feb 16 2010 Nalin Dahyabhai <nalin@redhat.com> - 1.7.1-2
+- apply patch from upstream to fix KDC denial of service (CVE-2010-0283,
+  #566002)
+
 * Wed Feb  3 2010 Nalin Dahyabhai <nalin@redhat.com> - 1.7.1-1
 - update to 1.7.1
  - don't trip AD lockout on wrong password (#542687, #554351)
@ -1582,6 +1587,7 @@ popd
 %patch93 -p1 -b .create_on_load
 %patch95 -p1 -b .opte
 %patch96 -p1 -b .exp_warn
+%patch97 -p1 -b .2010-001
 gzip doc/*.ps

 sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex