- detect forged signatures - CVE-2006-4790 (#206411), patch from upstream

2006-09-14 12:39:29 +00:00 · 2006-09-14 12:39:29 +00:00 · 7baf89faa4
commit 7baf89faa4
parent 4e49f8ea07
1 changed files with 8 additions and 1 deletions
--- a/gnutls.spec
+++ b/gnutls.spec
@ -1,7 +1,7 @@
 Summary: A TLS protocol implementation.
 Name: gnutls
 Version: 1.4.1
-Release: 1
+Release: 2
 License: LGPL
 Group: System Environment/Libraries
 BuildRequires: libgcrypt-devel >= 1.2.2, gettext
@ -16,6 +16,7 @@ Source0: %{name}-%{version}-nosrp.tar.bz2
 Source1: libgnutls-config
 Patch0: gnutls-1.4.0-nosrp.patch
 Patch1: gnutls-1.4.1-enable-psk.patch
+Patch3: gnutls-1.4.2-cve-2006-4790.patch
 BuildRoot: %{_tmppath}/%{name}-root
 Requires: libgcrypt >= 1.2.2

@ -25,6 +26,7 @@ Group: Development/Libraries
 Requires: %{name} = %{version}-%{release}
 Requires: libgcrypt-devel
 Requires: zlib-devel
+Requires: pkgconfig

 %package utils
 Summary: Command line tools for TLS protocol.
@ -54,6 +56,7 @@ manipulation tools.
 %setup -q
 %patch0 -p1 -b .nosrp
 %patch1 -p1 -b .enable-psk
+%patch3 -p1 -b .no-params

 for i in auth_srp_rsa.c auth_srp_sb64.c auth_srp_passwd.c auth_srp.c gnutls_srp.c ext_srp.c; do
    touch lib/$i
@ -119,6 +122,10 @@ fi
 %{_mandir}/man1/*

 %changelog
+* Thu Sep 14 2006 Tomas Mraz <tmraz@redhat.com> 1.4.1-2
+- detect forged signatures - CVE-2006-4790 (#206411), patch
+  from upstream
+
 * Tue Jul 18 2006 Tomas Mraz <tmraz@redhat.com> - 1.4.1-1
 - upgrade to new upstream version, only minor changes