From 35346f966a2dd90211934805faee47fe4241256e Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 30 Mar 2021 11:27:00 -0400 Subject: [PATCH] import rpcbind-1.2.5-8.el8 --- ...cbind-1.2.5-dowgrade-priority-callit.patch | 30 +++++++++++++++++++ SPECS/rpcbind.spec | 13 +++++++- 2 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 SOURCES/rpcbind-1.2.5-dowgrade-priority-callit.patch diff --git a/SOURCES/rpcbind-1.2.5-dowgrade-priority-callit.patch b/SOURCES/rpcbind-1.2.5-dowgrade-priority-callit.patch new file mode 100644 index 0000000..4132790 --- /dev/null +++ b/SOURCES/rpcbind-1.2.5-dowgrade-priority-callit.patch @@ -0,0 +1,30 @@ +From 7be92b30e47801c651e5316217d1651454653f68 Mon Sep 17 00:00:00 2001 +From: Roberto Bergantinos Corpas +Date: Mon, 16 Nov 2020 08:39:36 -0500 +Subject: [PATCH] security: dowgrade priority for non-libwrap CALLIT logging + +Use aswell auth.warning for non-libwrap CALLIT logging, otherwise +we'll broadcast everywhere for a call that is not allowed anyway + +Signed-off-by: Roberto Bergantinos Corpas +Signed-off-by: Steve Dickson +--- + src/security.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/security.c b/src/security.c +index 329c53d..38967dd 100644 +--- a/src/security.c ++++ b/src/security.c +@@ -346,7 +346,7 @@ deny: + logit(deny_severity, sa, args->rmt_proc, args->rmt_prog, + ": indirect call not allowed"); + #else +- logit(0, sa, args->rmt_proc, args->rmt_prog, ++ logit(LOG_AUTH|LOG_WARNING, sa, args->rmt_proc, args->rmt_prog, + ": indirect call not allowed"); + #endif + return 0; +-- +2.26.2 + diff --git a/SPECS/rpcbind.spec b/SPECS/rpcbind.spec index 3ce893e..4064794 100644 --- a/SPECS/rpcbind.spec +++ b/SPECS/rpcbind.spec @@ -4,7 +4,7 @@ Name: rpcbind Version: 1.2.5 -Release: 7%{?dist} +Release: 8%{?dist} Summary: Universal Addresses to RPC Program Number Mapper Group: System Environment/Daemons License: BSD @@ -32,6 +32,11 @@ Patch001: rpcbind-1.2.5-rpcinfo-bufoverflow.patch # Patch002: rpcbind-1.2.5-covscan-resource-leaks.patch +# +# RHEL 8.4 +# +Patch003: rpcbind-1.2.5-dowgrade-priority-callit.patch + Patch100: rpcbind-0.2.3-systemd-envfile.patch Patch101: rpcbind-0.2.3-systemd-tmpfiles.patch Patch102: rpcbind-0.2.4-runstatdir.patch @@ -55,6 +60,9 @@ RPC calls on a server on that machine. # 1602680 - Please review important issues found by covscan... %patch002 -p1 +# 1897122 - rpcbind : downgrade priority for non-libwrap CALLIT logging +%patch003 -p1 + %patch100 -p1 %patch101 -p1 %patch102 -p1 @@ -149,6 +157,9 @@ fi %attr(0700, %{rpcbind_user_group}, %{rpcbind_user_group}) %dir %{rpcbind_state_dir} %changelog +* Thu Nov 19 2020 Steve Dickson - 1.2.5-8 +- security: dowgrade priority for non-libwrap CALLIT logging (bz 1897122) + * Thu Feb 6 2020 Steve Dickson - 1.2.5-7 - Clean up a error path found by a covscan (bz 1602680)