forked from rpms/rpcbind
import rpcbind-1.2.5-8.el8
This commit is contained in:
CentOS Sources
parent
c0b884dbe0
commit
ea220b1c97
30
SOURCES/rpcbind-1.2.5-dowgrade-priority-callit.patch
Normal file
30
SOURCES/rpcbind-1.2.5-dowgrade-priority-callit.patch
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
From 7be92b30e47801c651e5316217d1651454653f68 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Roberto Bergantinos Corpas <rbergant@redhat.com>
|
||||||
|
Date: Mon, 16 Nov 2020 08:39:36 -0500
|
||||||
|
Subject: [PATCH] security: dowgrade priority for non-libwrap CALLIT logging
|
||||||
|
|
||||||
|
Use aswell auth.warning for non-libwrap CALLIT logging, otherwise
|
||||||
|
we'll broadcast everywhere for a call that is not allowed anyway
|
||||||
|
|
||||||
|
Signed-off-by: Roberto Bergantinos Corpas <rbergant@redhat.com>
|
||||||
|
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||||
|
---
|
||||||
|
src/security.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/security.c b/src/security.c
|
||||||
|
index 329c53d..38967dd 100644
|
||||||
|
--- a/src/security.c
|
||||||
|
+++ b/src/security.c
|
||||||
|
@@ -346,7 +346,7 @@ deny:
|
||||||
|
logit(deny_severity, sa, args->rmt_proc, args->rmt_prog,
|
||||||
|
": indirect call not allowed");
|
||||||
|
#else
|
||||||
|
- logit(0, sa, args->rmt_proc, args->rmt_prog,
|
||||||
|
+ logit(LOG_AUTH|LOG_WARNING, sa, args->rmt_proc, args->rmt_prog,
|
||||||
|
": indirect call not allowed");
|
||||||
|
#endif
|
||||||
|
return 0;
|
||||||
|
--
|
||||||
|
2.26.2
|
||||||
|
|
||||||
@ -4,7 +4,7 @@
|
|||||||
|
|
||||||
Name: rpcbind
|
Name: rpcbind
|
||||||
Version: 1.2.5
|
Version: 1.2.5
|
||||||
Release: 7%{?dist}
|
Release: 8%{?dist}
|
||||||
Summary: Universal Addresses to RPC Program Number Mapper
|
Summary: Universal Addresses to RPC Program Number Mapper
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
License: BSD
|
License: BSD
|
||||||
@ -32,6 +32,11 @@ Patch001: rpcbind-1.2.5-rpcinfo-bufoverflow.patch
|
|||||||
#
|
#
|
||||||
Patch002: rpcbind-1.2.5-covscan-resource-leaks.patch
|
Patch002: rpcbind-1.2.5-covscan-resource-leaks.patch
|
||||||
|
|
||||||
|
#
|
||||||
|
# RHEL 8.4
|
||||||
|
#
|
||||||
|
Patch003: rpcbind-1.2.5-dowgrade-priority-callit.patch
|
||||||
|
|
||||||
Patch100: rpcbind-0.2.3-systemd-envfile.patch
|
Patch100: rpcbind-0.2.3-systemd-envfile.patch
|
||||||
Patch101: rpcbind-0.2.3-systemd-tmpfiles.patch
|
Patch101: rpcbind-0.2.3-systemd-tmpfiles.patch
|
||||||
Patch102: rpcbind-0.2.4-runstatdir.patch
|
Patch102: rpcbind-0.2.4-runstatdir.patch
|
||||||
@ -55,6 +60,9 @@ RPC calls on a server on that machine.
|
|||||||
# 1602680 - Please review important issues found by covscan...
|
# 1602680 - Please review important issues found by covscan...
|
||||||
%patch002 -p1
|
%patch002 -p1
|
||||||
|
|
||||||
|
# 1897122 - rpcbind : downgrade priority for non-libwrap CALLIT logging
|
||||||
|
%patch003 -p1
|
||||||
|
|
||||||
%patch100 -p1
|
%patch100 -p1
|
||||||
%patch101 -p1
|
%patch101 -p1
|
||||||
%patch102 -p1
|
%patch102 -p1
|
||||||
@ -149,6 +157,9 @@ fi
|
|||||||
%attr(0700, %{rpcbind_user_group}, %{rpcbind_user_group}) %dir %{rpcbind_state_dir}
|
%attr(0700, %{rpcbind_user_group}, %{rpcbind_user_group}) %dir %{rpcbind_state_dir}
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Nov 19 2020 Steve Dickson <steved@redhat.com> - 1.2.5-8
|
||||||
|
- security: dowgrade priority for non-libwrap CALLIT logging (bz 1897122)
|
||||||
|
|
||||||
* Thu Feb 6 2020 Steve Dickson <steved@redhat.com> - 1.2.5-7
|
* Thu Feb 6 2020 Steve Dickson <steved@redhat.com> - 1.2.5-7
|
||||||
- Clean up a error path found by a covscan (bz 1602680)
|
- Clean up a error path found by a covscan (bz 1602680)
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user