rpms/ipa
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to upstream 2.1.4 (CVE-2011-3636)

Browse Source
This commit is contained in:
Rob Crittenden 2011-12-06 11:58:03 -05:00
parent 44560406dd
commit 9cc2d9f70c
4 changed files with 7 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -10,3 +10,4 @@
/freeipa-2.1.3-systemd.patch.gz /freeipa-2.1.3-systemd.patch.gz
/freeipa-2.1.3.tar.gz /freeipa-2.1.3.tar.gz
/freeipa-2.1.3-wait_for_socket.patch.gz /freeipa-2.1.3-wait_for_socket.patch.gz
/freeipa-2.1.4.tar.gz

34
freeipa-2.1.3-kpasswd-selinux.patch
View File

@ -1,34 +0,0 @@
From 6e81b847eecd2e91523119e041f892716aa16e9c Mon Sep 17 00:00:00 2001
From: Evgeny Sinelnikov <sin@altlinux.ru>
Date: Sat, 3 Dec 2011 09:44:38 +0400
Subject: [PATCH] ipa_kpasswd: Update selinux policies for ldap and urandom
Fixes: https://fedorahosted.org/freeipa/ticket/2160
---
selinux/ipa_kpasswd/ipa_kpasswd.te | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/selinux/ipa_kpasswd/ipa_kpasswd.te b/selinux/ipa_kpasswd/ipa_kpasswd.te
index 292be7b..eefb70b 100644
--- a/selinux/ipa_kpasswd/ipa_kpasswd.te
+++ b/selinux/ipa_kpasswd/ipa_kpasswd.te
@@ -64,6 +64,7 @@ corenet_tcp_bind_all_nodes(ipa_kpasswd_t)
corenet_udp_bind_all_nodes(ipa_kpasswd_t)
corenet_tcp_bind_kerberos_admin_port(ipa_kpasswd_t)
corenet_udp_bind_kerberos_admin_port(ipa_kpasswd_t)
+corenet_tcp_connect_ldap_port(ipa_kpasswd_t)
require {
type krb5kdc_conf_t;
};
@@ -78,3 +79,8 @@ optional_policy(`
corenet_udp_bind_kerberos_password_port(ipa_kpasswd_t)
')
+require {
+ type urandom_device_t;
+}
+
+allow ipa_kpasswd_t urandom_device_t:chr_file { open read getattr };
--
1.7.7.3

13
freeipa.spec
View File

@ -13,8 +13,8 @@ distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
%global gettext_domain ipa %global gettext_domain ipa
Name: freeipa Name: freeipa
Version: 2.1.3 Version: 2.1.4
Release: 8%{?dist} Release: 1%{?dist}
Summary: The Identity, Policy and Audit system Summary: The Identity, Policy and Audit system
Group: System Environment/Base Group: System Environment/Base
@ -22,9 +22,6 @@ License: GPLv3+
URL: http://www.freeipa.org/ URL: http://www.freeipa.org/
Source0: freeipa-%{version}.tar.gz Source0: freeipa-%{version}.tar.gz
Source1: freeipa-systemd-upgrade Source1: freeipa-systemd-upgrade
Patch0: freeipa-2.1.3-systemd.patch.gz
Patch1: freeipa-2.1.3-wait_for_socket.patch.gz
Patch2: freeipa-2.1.3-kpasswd-selinux.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
%if ! %{ONLY_CLIENT} %if ! %{ONLY_CLIENT}
@ -218,9 +215,6 @@ package.
%prep %prep
%setup -n freeipa-%{version} -q %setup -n freeipa-%{version} -q
%patch0 -p1
%patch1 -p1
%patch2 -p1
cp %{SOURCE1} init/systemd/ cp %{SOURCE1} init/systemd/
%build %build
@ -543,6 +537,9 @@ fi
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/default.conf %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/default.conf
%changelog %changelog
* Tue Dec 6 2011 Rob Crittenden <rcritten@redhat.com> - 2.1.4-1
- Update to upstream 2.1.4 (CVE-2011-3636)
* Mon Dec 5 2011 Rob Crittenden <rcritten@redhat.com> - 2.1.3-8 * Mon Dec 5 2011 Rob Crittenden <rcritten@redhat.com> - 2.1.3-8
- Update SELinux policy to allow ipa_kpasswd to connect ldap and - Update SELinux policy to allow ipa_kpasswd to connect ldap and
read /dev/urandom. (#759679) read /dev/urandom. (#759679)

4
sources
View File

@ -1,3 +1 @@
8475a0768b90171f58b4be76d09d6820 freeipa-2.1.3.tar.gz 213047f62f3dfa5d6088fe916356c298 freeipa-2.1.4.tar.gz
558f5ccb5610cf66db1eeb969420cac2 freeipa-2.1.3-systemd.patch.gz
eee14c5b2640d9b1d6f694befc62e85f freeipa-2.1.3-wait_for_socket.patch.gz