2.0.1-2 - Apply fixes for security issues

. CVE-2019-3885 (use-after-free with potential information disclosure) . CVE-2018-16877 (insufficient local IPC client-server authentication) . CVE-2018-16878 (insufficient verification inflicted preference of uncontrolled processes) Signed-off-by: Jan Pokorný <jpokorny@redhat.com>
2019-04-09 19:56:30 +02:00 · 2019-04-09 19:56:30 +02:00 · ccade529e9
commit ccade529e9
parent 4f0b9c09fd
1 changed files with 15 additions and 5 deletions
--- a/pacemaker.spec
+++ b/pacemaker.spec
@ -14,7 +14,7 @@
 ## can be incremented to build packages reliably considered "newer"
 ## than previously built packages with the same pcmkversion)
 %global pcmkversion 2.0.1
-%global specversion 1
+%global specversion 2

 ## Upstream commit (or git tag, such as "Pacemaker-" plus the
 ## {pcmkversion} macro for an official release) to use for this package
@ -144,6 +144,9 @@ Source0:       https://github.com/%{github_owner}/%{name}/archive/%{commit}/%{na
 Source1:       https://github.com/%{github_owner}/%{nagios_name}/archive/%{nagios_hash}/%{nagios_name}-%{nagios_hash}.tar.gz
 # ---
 # patches go here
+Patch0:        High-libservices-fix-use-after-free-wrt.-alert-handl.patch
+Patch1:        High-pacemakerd-vs.-IPC-procfs-confused-deputy-authentic.patch
+Patch2:        Med-controld-fix-possible-NULL-pointer-dereference.patch

 Requires:      resource-agents
 Requires:      %{name}-libs%{?_isa} = %{version}-%{release}
@ -188,7 +191,7 @@ BuildRequires: asciidoc inkscape publican
 %endif

 # git-style patch application
-#BuildRequires: git
+BuildRequires: git

 Provides:      pcmk-cluster-manager = %{version}-%{release}
 Provides:      pcmk-cluster-manager%{?_isa} = %{version}-%{release}
@ -346,9 +349,9 @@ monitor resources.

 %prep
 %setup -q -a 1 -n %{name}-%{commit}
-#global __scm git_am
-#__scm_setup_git
-#autopatch -p1
+%global __scm git_am
+%__scm_setup_git
+%autopatch -p1

 %build

@ -704,6 +707,13 @@ exit 0
 %license %{nagios_name}-%{nagios_hash}/COPYING

 %changelog
+* Wed Apr 17 2019 Jan Pokorný <jpokorny+rpm-pacemaker@redhat.com> - 2.0.1-2
+- Apply fixes for security issues:
+  . CVE-2019-3885 (use-after-free with potential information disclosure)
+  . CVE-2018-16877 (insufficient local IPC client-server authentication)
+  . CVE-2018-16878 (insufficient verification inflicted preference of
+                    uncontrolled processes)
+
 * Tue Mar 05 2019 Jan Pokorný <jpokorny+rpm-pacemaker@redhat.com> - 2.0.1-1
 - Update for new upstream tarball: Pacemaker-2.0.1,
  for full details, see included ChangeLog file or