diff options
| author | Nalin Dahyabhai <nalin@fedoraproject.org> | 2010-02-16 21:45:25 +0000 |
|---|---|---|
| committer | Nalin Dahyabhai <nalin@fedoraproject.org> | 2010-02-16 21:45:25 +0000 |
| commit | b39e4cb33fc0bc29c45649a3803bfe781b91b937 (patch) | |
| tree | d0518789ada3f62a670265d26143dcaf2ae3ed1e | |
| parent | 6618668d766adb100a66bfb1340ee07dfdfa2e5f (diff) | |
| download | krb5-b39e4cb33fc0bc29c45649a3803bfe781b91b937.tar.gz krb5-b39e4cb33fc0bc29c45649a3803bfe781b91b937.tar.xz krb5-b39e4cb33fc0bc29c45649a3803bfe781b91b937.zip | |
- apply patch from upstream to fix KDC denial of service (CVE-2010-0283,
#566002)
| -rw-r--r-- | krb5.spec | 8 |
1 files changed, 7 insertions, 1 deletions
@@ -10,7 +10,7 @@ Summary: The Kerberos network authentication system Name: krb5 Version: 1.7.1 -Release: 1%{?dist} +Release: 2%{?dist} # Maybe we should explode from the now-available-to-everybody tarball instead? # http://web.mit.edu/kerberos/dist/krb5/1.7/krb5-1.7.1-signed.tar Source0: krb5-%{version}.tar.gz @@ -84,6 +84,7 @@ Patch90: krb5-1.7-openssl-1.0.patch Patch93: krb5-1.7-create_on_load.patch Patch95: krb5-1.7-opte.patch Patch96: krb5-1.7-exp_warn.patch +Patch97: http://web.mit.edu/kerberos/advisories/2010-001-patch.txt.asc License: MIT URL: http://web.mit.edu/kerberos/www/ @@ -222,6 +223,10 @@ to obtain initial credentials from a KDC using a private key and a certificate. %changelog +* Tue Feb 16 2010 Nalin Dahyabhai <nalin@redhat.com> - 1.7.1-2 +- apply patch from upstream to fix KDC denial of service (CVE-2010-0283, + #566002) + * Wed Feb 3 2010 Nalin Dahyabhai <nalin@redhat.com> - 1.7.1-1 - update to 1.7.1 - don't trip AD lockout on wrong password (#542687, #554351) @@ -1582,6 +1587,7 @@ popd %patch93 -p1 -b .create_on_load %patch95 -p1 -b .opte %patch96 -p1 -b .exp_warn +%patch97 -p1 -b .2010-001 gzip doc/*.ps sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex |