diff options
Diffstat (limited to 'krb5.spec')
| -rw-r--r-- | krb5.spec | 10 |
1 files changed, 9 insertions, 1 deletions
@@ -41,7 +41,7 @@ Summary: The Kerberos network authentication system Name: krb5 Version: 1.12.1 -Release: 9%{?dist} +Release: 10%{?dist} # Maybe we should explode from the now-available-to-everybody tarball instead? # http://web.mit.edu/kerberos/dist/krb5/1.12/krb5-1.12.1-signed.tar Source0: krb5-%{version}.tar.gz @@ -104,6 +104,8 @@ Patch142: krb5-master-move-otp-sockets.patch Patch143: krb5-master-spnego-preserve-oid.patch Patch144: krb5-1.12-tcl86.patch Patch145: krb5-master-mechd.patch +Patch146: krb5-1.12-CVE-2014-4341_4342.patch +Patch147: krb5-1.12-CVE-2014-4341_4342-tests.patch Patch201: 0001-Don-t-try-to-stat-not-on-disk-ccache-residuals.patch Patch202: 0002-Use-an-in-memory-cache-until-we-need-the-target-s.patch Patch203: 0003-Learn-to-destroy-the-ccache-we-re-copying-from.patch @@ -356,6 +358,8 @@ ln -s NOTICE LICENSE %patch143 -p1 -b .spnego-preserve-oid %patch144 -p1 -b .tcl86 %patch145 -p1 -b .master-mechd +%patch146 -p1 -b .CVE-2014-4341_4342 +%patch147 -p1 -b .CVE-2014-4341_4342 # Take the execute bit off of documentation. chmod -x doc/krb5-protocol/*.txt doc/ccapi/*.html @@ -1030,6 +1034,10 @@ exit 0 %{_sbindir}/uuserver %changelog +* Mon Jul 7 2014 Nalin Dahyabhai <nalin@redhat.com> - 1.12.1-10 +- pull in fix for denial of service by injection of malformed GSSAPI tokens + (CVE-2014-4341, CVE-2014-4342, #1116181) + * Tue Jun 24 2014 Nalin Dahyabhai <nalin@redhat.com> - 1.12.1-9 - pull in changes from upstream which add processing of the contents of /etc/gss/mech.d/*.conf when loading GSS modules (#1102839) |