forked from rpms/rpcbind
import rpcbind-1.2.5-8.el8
This commit is contained in:
CentOS Sources
parent
c0b884dbe0
commit
ea220b1c97
30
SOURCES/rpcbind-1.2.5-dowgrade-priority-callit.patch
Normal file
30
SOURCES/rpcbind-1.2.5-dowgrade-priority-callit.patch
Normal file
@ -0,0 +1,30 @@
|
||||
From 7be92b30e47801c651e5316217d1651454653f68 Mon Sep 17 00:00:00 2001
|
||||
From: Roberto Bergantinos Corpas <rbergant@redhat.com>
|
||||
Date: Mon, 16 Nov 2020 08:39:36 -0500
|
||||
Subject: [PATCH] security: dowgrade priority for non-libwrap CALLIT logging
|
||||
|
||||
Use aswell auth.warning for non-libwrap CALLIT logging, otherwise
|
||||
we'll broadcast everywhere for a call that is not allowed anyway
|
||||
|
||||
Signed-off-by: Roberto Bergantinos Corpas <rbergant@redhat.com>
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
---
|
||||
src/security.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/security.c b/src/security.c
|
||||
index 329c53d..38967dd 100644
|
||||
--- a/src/security.c
|
||||
+++ b/src/security.c
|
||||
@@ -346,7 +346,7 @@ deny:
|
||||
logit(deny_severity, sa, args->rmt_proc, args->rmt_prog,
|
||||
": indirect call not allowed");
|
||||
#else
|
||||
- logit(0, sa, args->rmt_proc, args->rmt_prog,
|
||||
+ logit(LOG_AUTH|LOG_WARNING, sa, args->rmt_proc, args->rmt_prog,
|
||||
": indirect call not allowed");
|
||||
#endif
|
||||
return 0;
|
||||
--
|
||||
2.26.2
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
|
||||
Name: rpcbind
|
||||
Version: 1.2.5
|
||||
Release: 7%{?dist}
|
||||
Release: 8%{?dist}
|
||||
Summary: Universal Addresses to RPC Program Number Mapper
|
||||
Group: System Environment/Daemons
|
||||
License: BSD
|
||||
@ -32,6 +32,11 @@ Patch001: rpcbind-1.2.5-rpcinfo-bufoverflow.patch
|
||||
#
|
||||
Patch002: rpcbind-1.2.5-covscan-resource-leaks.patch
|
||||
|
||||
#
|
||||
# RHEL 8.4
|
||||
#
|
||||
Patch003: rpcbind-1.2.5-dowgrade-priority-callit.patch
|
||||
|
||||
Patch100: rpcbind-0.2.3-systemd-envfile.patch
|
||||
Patch101: rpcbind-0.2.3-systemd-tmpfiles.patch
|
||||
Patch102: rpcbind-0.2.4-runstatdir.patch
|
||||
@ -55,6 +60,9 @@ RPC calls on a server on that machine.
|
||||
# 1602680 - Please review important issues found by covscan...
|
||||
%patch002 -p1
|
||||
|
||||
# 1897122 - rpcbind : downgrade priority for non-libwrap CALLIT logging
|
||||
%patch003 -p1
|
||||
|
||||
%patch100 -p1
|
||||
%patch101 -p1
|
||||
%patch102 -p1
|
||||
@ -149,6 +157,9 @@ fi
|
||||
%attr(0700, %{rpcbind_user_group}, %{rpcbind_user_group}) %dir %{rpcbind_state_dir}
|
||||
|
||||
%changelog
|
||||
* Thu Nov 19 2020 Steve Dickson <steved@redhat.com> - 1.2.5-8
|
||||
- security: dowgrade priority for non-libwrap CALLIT logging (bz 1897122)
|
||||
|
||||
* Thu Feb 6 2020 Steve Dickson <steved@redhat.com> - 1.2.5-7
|
||||
- Clean up a error path found by a covscan (bz 1602680)
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user