From ccade529e95e665e509748a75584a0b72932f845 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20Pokorn=C3=BD?= <jpokorny@redhat.com>
Date: Tue, 9 Apr 2019 19:56:30 +0200
Subject: [PATCH] 2.0.1-2 - Apply fixes for security issues
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

. CVE-2019-3885 (use-after-free with potential information disclosure)
. CVE-2018-16877 (insufficient local IPC client-server authentication)
. CVE-2018-16878 (insufficient verification inflicted preference of
                  uncontrolled processes)

Signed-off-by: Jan Pokorný <jpokorny@redhat.com>
---
 pacemaker.spec | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/pacemaker.spec b/pacemaker.spec
index 92cd4e7..0123527 100644
--- a/pacemaker.spec
+++ b/pacemaker.spec
@@ -14,7 +14,7 @@
 ## can be incremented to build packages reliably considered "newer"
 ## than previously built packages with the same pcmkversion)
 %global pcmkversion 2.0.1
-%global specversion 1
+%global specversion 2
 
 ## Upstream commit (or git tag, such as "Pacemaker-" plus the
 ## {pcmkversion} macro for an official release) to use for this package
@@ -144,6 +144,9 @@ Source0:       https://github.com/%{github_owner}/%{name}/archive/%{commit}/%{na
 Source1:       https://github.com/%{github_owner}/%{nagios_name}/archive/%{nagios_hash}/%{nagios_name}-%{nagios_hash}.tar.gz
 # ---
 # patches go here
+Patch0:        High-libservices-fix-use-after-free-wrt.-alert-handl.patch
+Patch1:        High-pacemakerd-vs.-IPC-procfs-confused-deputy-authentic.patch
+Patch2:        Med-controld-fix-possible-NULL-pointer-dereference.patch
 
 Requires:      resource-agents
 Requires:      %{name}-libs%{?_isa} = %{version}-%{release}
@@ -188,7 +191,7 @@ BuildRequires: asciidoc inkscape publican
 %endif
 
 # git-style patch application
-#BuildRequires: git
+BuildRequires: git
 
 Provides:      pcmk-cluster-manager = %{version}-%{release}
 Provides:      pcmk-cluster-manager%{?_isa} = %{version}-%{release}
@@ -346,9 +349,9 @@ monitor resources.
 
 %prep
 %setup -q -a 1 -n %{name}-%{commit}
-#global __scm git_am
-#__scm_setup_git
-#autopatch -p1
+%global __scm git_am
+%__scm_setup_git
+%autopatch -p1
 
 %build
 
@@ -704,6 +707,13 @@ exit 0
 %license %{nagios_name}-%{nagios_hash}/COPYING
 
 %changelog
+* Wed Apr 17 2019 Jan Pokorný <jpokorny+rpm-pacemaker@redhat.com> - 2.0.1-2
+- Apply fixes for security issues:
+  . CVE-2019-3885 (use-after-free with potential information disclosure)
+  . CVE-2018-16877 (insufficient local IPC client-server authentication)
+  . CVE-2018-16878 (insufficient verification inflicted preference of
+                    uncontrolled processes)
+
 * Tue Mar 05 2019 Jan Pokorný <jpokorny+rpm-pacemaker@redhat.com> - 2.0.1-1
 - Update for new upstream tarball: Pacemaker-2.0.1,
   for full details, see included ChangeLog file or