diff --git a/pacemaker.spec b/pacemaker.spec index 92cd4e7..0123527 100644 --- a/pacemaker.spec +++ b/pacemaker.spec @@ -14,7 +14,7 @@ ## can be incremented to build packages reliably considered "newer" ## than previously built packages with the same pcmkversion) %global pcmkversion 2.0.1 -%global specversion 1 +%global specversion 2 ## Upstream commit (or git tag, such as "Pacemaker-" plus the ## {pcmkversion} macro for an official release) to use for this package @@ -144,6 +144,9 @@ Source0: https://github.com/%{github_owner}/%{name}/archive/%{commit}/%{na Source1: https://github.com/%{github_owner}/%{nagios_name}/archive/%{nagios_hash}/%{nagios_name}-%{nagios_hash}.tar.gz # --- # patches go here +Patch0: High-libservices-fix-use-after-free-wrt.-alert-handl.patch +Patch1: High-pacemakerd-vs.-IPC-procfs-confused-deputy-authentic.patch +Patch2: Med-controld-fix-possible-NULL-pointer-dereference.patch Requires: resource-agents Requires: %{name}-libs%{?_isa} = %{version}-%{release} @@ -188,7 +191,7 @@ BuildRequires: asciidoc inkscape publican %endif # git-style patch application -#BuildRequires: git +BuildRequires: git Provides: pcmk-cluster-manager = %{version}-%{release} Provides: pcmk-cluster-manager%{?_isa} = %{version}-%{release} @@ -346,9 +349,9 @@ monitor resources. %prep %setup -q -a 1 -n %{name}-%{commit} -#global __scm git_am -#__scm_setup_git -#autopatch -p1 +%global __scm git_am +%__scm_setup_git +%autopatch -p1 %build @@ -704,6 +707,13 @@ exit 0 %license %{nagios_name}-%{nagios_hash}/COPYING %changelog +* Wed Apr 17 2019 Jan Pokorný - 2.0.1-2 +- Apply fixes for security issues: + . CVE-2019-3885 (use-after-free with potential information disclosure) + . CVE-2018-16877 (insufficient local IPC client-server authentication) + . CVE-2018-16878 (insufficient verification inflicted preference of + uncontrolled processes) + * Tue Mar 05 2019 Jan Pokorný - 2.0.1-1 - Update for new upstream tarball: Pacemaker-2.0.1, for full details, see included ChangeLog file or