import rpcbind-1.2.5-8.el8

2021-05-18 02:39:15 -04:00 · 2021-05-18 02:39:15 -04:00 · 91bf1258d2
parent 5d3542e835
commit 91bf1258d2
2 changed files with 42 additions and 1 deletions
--- a/SOURCES/rpcbind-1.2.5-dowgrade-priority-callit.patch
+++ b/SOURCES/rpcbind-1.2.5-dowgrade-priority-callit.patch
@ -0,0 +1,30 @@
+From 7be92b30e47801c651e5316217d1651454653f68 Mon Sep 17 00:00:00 2001
+From: Roberto Bergantinos Corpas <rbergant@redhat.com>
+Date: Mon, 16 Nov 2020 08:39:36 -0500
+Subject: [PATCH] security: dowgrade priority for non-libwrap CALLIT logging
+
+Use aswell auth.warning for non-libwrap CALLIT logging, otherwise
+we'll broadcast everywhere for a call that is not allowed anyway
+
+Signed-off-by: Roberto Bergantinos Corpas <rbergant@redhat.com>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ src/security.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/security.c b/src/security.c
+index 329c53d..38967dd 100644
+--- a/src/security.c
+++ b/src/security.c
+@@ -346,7 +346,7 @@ deny:
+ 	logit(deny_severity, sa, args->rmt_proc, args->rmt_prog,
+ 	    ": indirect call not allowed");
+ #else
+-	logit(0, sa, args->rmt_proc, args->rmt_prog,
+	logit(LOG_AUTH|LOG_WARNING, sa, args->rmt_proc, args->rmt_prog,
+ 	    ": indirect call not allowed");
+ #endif
+ 	return 0;
+-- 
+2.26.2
+
--- a/SPECS/rpcbind.spec
+++ b/SPECS/rpcbind.spec
@ -4,7 +4,7 @@

 Name:           rpcbind
 Version:        1.2.5
-Release:        7%{?dist}
+Release:        8%{?dist}
 Summary:        Universal Addresses to RPC Program Number Mapper
 Group:          System Environment/Daemons
 License:        BSD
@ -32,6 +32,11 @@ Patch001: rpcbind-1.2.5-rpcinfo-bufoverflow.patch
 #
 Patch002: rpcbind-1.2.5-covscan-resource-leaks.patch

+#
+# RHEL 8.4
+#
+Patch003: rpcbind-1.2.5-dowgrade-priority-callit.patch
+
 Patch100: rpcbind-0.2.3-systemd-envfile.patch
 Patch101: rpcbind-0.2.3-systemd-tmpfiles.patch
 Patch102: rpcbind-0.2.4-runstatdir.patch
@ -55,6 +60,9 @@ RPC calls on a server on that machine.
 # 1602680 - Please review important issues found by covscan...
 %patch002 -p1

+# 1897122 - rpcbind : downgrade priority for non-libwrap CALLIT logging
+%patch003 -p1
+
 %patch100 -p1
 %patch101 -p1
 %patch102 -p1
@ -149,6 +157,9 @@ fi
 %attr(0700, %{rpcbind_user_group}, %{rpcbind_user_group}) %dir %{rpcbind_state_dir}

 %changelog
+* Thu Nov 19 2020 Steve Dickson <steved@redhat.com> - 1.2.5-8
+- security: dowgrade priority for non-libwrap CALLIT logging (bz 1897122)
+
 * Thu Feb  6 2020 Steve Dickson <steved@redhat.com> - 1.2.5-7
 - Clean up a error path found by a covscan (bz 1602680)