ykohut/rpcbind
1
0
Fork 0
forked from rpms/rpcbind
Code Pull Requests Activity

import rpcbind-1.2.5-8.el8

Browse Source
This commit is contained in:
CentOS Sources 2021-03-30 11:27:00 -04:00 committed by Stepan Oksanichenko
parent 892fa2bb7c
commit 35346f966a
2 changed files with 42 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
SOURCES/rpcbind-1.2.5-dowgrade-priority-callit.patch Normal file
View File

@ -0,0 +1,30 @@
From 7be92b30e47801c651e5316217d1651454653f68 Mon Sep 17 00:00:00 2001
From: Roberto Bergantinos Corpas <rbergant@redhat.com>
Date: Mon, 16 Nov 2020 08:39:36 -0500
Subject: [PATCH] security: dowgrade priority for non-libwrap CALLIT logging
Use aswell auth.warning for non-libwrap CALLIT logging, otherwise
we'll broadcast everywhere for a call that is not allowed anyway
Signed-off-by: Roberto Bergantinos Corpas <rbergant@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
src/security.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/security.c b/src/security.c
index 329c53d..38967dd 100644
--- a/src/security.c
+++ b/src/security.c
@@ -346,7 +346,7 @@ deny:
logit(deny_severity, sa, args->rmt_proc, args->rmt_prog,
": indirect call not allowed");
#else
- logit(0, sa, args->rmt_proc, args->rmt_prog,
+ logit(LOG_AUTH|LOG_WARNING, sa, args->rmt_proc, args->rmt_prog,
": indirect call not allowed");
#endif
return 0;
--
2.26.2

13
SPECS/rpcbind.spec
View File

@ -4,7 +4,7 @@
Name: rpcbind Name: rpcbind
Version: 1.2.5 Version: 1.2.5
Release: 7%{?dist} Release: 8%{?dist}
Summary: Universal Addresses to RPC Program Number Mapper Summary: Universal Addresses to RPC Program Number Mapper
Group: System Environment/Daemons Group: System Environment/Daemons
License: BSD License: BSD
@ -32,6 +32,11 @@ Patch001: rpcbind-1.2.5-rpcinfo-bufoverflow.patch
# #
Patch002: rpcbind-1.2.5-covscan-resource-leaks.patch Patch002: rpcbind-1.2.5-covscan-resource-leaks.patch
#
# RHEL 8.4
#
Patch003: rpcbind-1.2.5-dowgrade-priority-callit.patch
Patch100: rpcbind-0.2.3-systemd-envfile.patch Patch100: rpcbind-0.2.3-systemd-envfile.patch
Patch101: rpcbind-0.2.3-systemd-tmpfiles.patch Patch101: rpcbind-0.2.3-systemd-tmpfiles.patch
Patch102: rpcbind-0.2.4-runstatdir.patch Patch102: rpcbind-0.2.4-runstatdir.patch
@ -55,6 +60,9 @@ RPC calls on a server on that machine.
# 1602680 - Please review important issues found by covscan... # 1602680 - Please review important issues found by covscan...
%patch002 -p1 %patch002 -p1
# 1897122 - rpcbind : downgrade priority for non-libwrap CALLIT logging
%patch003 -p1
%patch100 -p1 %patch100 -p1
%patch101 -p1 %patch101 -p1
%patch102 -p1 %patch102 -p1
@ -149,6 +157,9 @@ fi
%attr(0700, %{rpcbind_user_group}, %{rpcbind_user_group}) %dir %{rpcbind_state_dir} %attr(0700, %{rpcbind_user_group}, %{rpcbind_user_group}) %dir %{rpcbind_state_dir}
%changelog %changelog
* Thu Nov 19 2020 Steve Dickson <steved@redhat.com> - 1.2.5-8
- security: dowgrade priority for non-libwrap CALLIT logging (bz 1897122)
* Thu Feb 6 2020 Steve Dickson <steved@redhat.com> - 1.2.5-7 * Thu Feb 6 2020 Steve Dickson <steved@redhat.com> - 1.2.5-7
- Clean up a error path found by a covscan (bz 1602680) - Clean up a error path found by a covscan (bz 1602680)