Pull in fix for CVE-2014-4341/CVE-2014-4342krb5-1.12.1-10.fc21

- pull in fix for denial of service by injection of malformed GSSAPI
  tokens (CVE-2014-4341, CVE-2014-4342, #1116181)

1 files changed, 9 insertions, 1 deletions

diff --git a/krb5.spec b/krb5.spec
index f6ad6af..9753759 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -41,7 +41,7 @@
 Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.12.1
-Release: 9%{?dist}
+Release: 10%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.12/krb5-1.12.1-signed.tar
 Source0: krb5-%{version}.tar.gz
@@ -104,6 +104,8 @@ Patch142: krb5-master-move-otp-sockets.patch
 Patch143: krb5-master-spnego-preserve-oid.patch
 Patch144: krb5-1.12-tcl86.patch
 Patch145: krb5-master-mechd.patch
+Patch146: krb5-1.12-CVE-2014-4341_4342.patch
+Patch147: krb5-1.12-CVE-2014-4341_4342-tests.patch
 Patch201: 0001-Don-t-try-to-stat-not-on-disk-ccache-residuals.patch
 Patch202: 0002-Use-an-in-memory-cache-until-we-need-the-target-s.patch
 Patch203: 0003-Learn-to-destroy-the-ccache-we-re-copying-from.patch
@@ -356,6 +358,8 @@ ln -s NOTICE LICENSE
 %patch143 -p1 -b .spnego-preserve-oid
 %patch144 -p1 -b .tcl86
 %patch145 -p1 -b .master-mechd
+%patch146 -p1 -b .CVE-2014-4341_4342
+%patch147 -p1 -b .CVE-2014-4341_4342
 
 # Take the execute bit off of documentation.
 chmod -x doc/krb5-protocol/*.txt doc/ccapi/*.html
@@ -1030,6 +1034,10 @@ exit 0
 %{_sbindir}/uuserver
 
 %changelog
+* Mon Jul  7 2014 Nalin Dahyabhai <nalin@redhat.com> - 1.12.1-10
+- pull in fix for denial of service by injection of malformed GSSAPI tokens
+  (CVE-2014-4341, CVE-2014-4342, #1116181)
+
 * Tue Jun 24 2014 Nalin Dahyabhai <nalin@redhat.com> - 1.12.1-9
 - pull in changes from upstream which add processing of the contents of
   /etc/gss/mech.d/*.conf when loading GSS modules (#1102839)