- apply patch from upstream to fix KDC denial of service (CVE-2010-0283,

    #566002)

1 files changed, 7 insertions, 1 deletions

diff --git a/krb5.spec b/krb5.spec
index 9c912be..bb61296 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -10,7 +10,7 @@
 Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.7.1
-Release: 1%{?dist}
+Release: 2%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.7/krb5-1.7.1-signed.tar
 Source0: krb5-%{version}.tar.gz
@@ -84,6 +84,7 @@ Patch90: krb5-1.7-openssl-1.0.patch
 Patch93: krb5-1.7-create_on_load.patch
 Patch95: krb5-1.7-opte.patch
 Patch96: krb5-1.7-exp_warn.patch
+Patch97: http://web.mit.edu/kerberos/advisories/2010-001-patch.txt.asc
 
 License: MIT
 URL: http://web.mit.edu/kerberos/www/
@@ -222,6 +223,10 @@ to obtain initial credentials from a KDC using a private key and a
 certificate.
 
 %changelog
+* Tue Feb 16 2010 Nalin Dahyabhai <nalin@redhat.com> - 1.7.1-2
+- apply patch from upstream to fix KDC denial of service (CVE-2010-0283,
+  #566002)
+
 * Wed Feb  3 2010 Nalin Dahyabhai <nalin@redhat.com> - 1.7.1-1
 - update to 1.7.1
   - don't trip AD lockout on wrong password (#542687, #554351)
@@ -1582,6 +1587,7 @@ popd
 %patch93 -p1 -b .create_on_load
 %patch95 -p1 -b .opte
 %patch96 -p1 -b .exp_warn
+%patch97 -p1 -b .2010-001
 gzip doc/*.ps
 
 sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex