diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2020-01-21 21:23:01 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2020-01-21 23:32:58 +0100 |
| commit | f6348b0bc1f332196f8a8c73fa6ba48ee3cb9310 (patch) | |
| tree | acd350c3910603b17ce1ba77027df00a4e761eb4 /source/n/krb5/patches/krb5-1.11-run_user_0.patch | |
| parent | ad9f88ee031d17270554ccca814496cf55f25bc5 (diff) | |
| download | current-7234d7951ba3de3d7a823cb8c0165704284b3b0f.tar.gz current-7234d7951ba3de3d7a823cb8c0165704284b3b0f.tar.xz | |
Tue Jan 21 21:23:01 UTC 202020200121212301
a/aaa_elflibs-15.0-x86_64-19.txz: Rebuilt.
Upgraded: libcap.so.2.31, libgmp.so.10.4.0, libgmpxx.so.4.6.0.
Added: libgssapi_krb5.so.2.2, libk5crypto.so.3.1, libkrb5.so.3.3,
libkrb5support.so.0.1.
a/util-linux-2.35-x86_64-1.txz: Upgraded.
d/python-pip-20.0.1-x86_64-1.txz: Upgraded.
l/Mako-1.1.1-x86_64-1.txz: Upgraded.
l/keyutils-1.6.1-x86_64-1.txz: Upgraded.
n/krb5-1.17-x86_64-1.txz: Added.
Nothing links to this yet, but we'll need it soon enough. :-)
n/php-7.4.2-x86_64-1.txz: Upgraded.
This update fixes bugs and security issues:
Standard: OOB read in php_strip_tags_ex
Mbstring: global buffer-overflow in 'mbfl_filt_conv_big5_wchar'
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7059
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7060
(* Security fix *)
n/samba-4.11.5-x86_64-1.txz: Upgraded.
This update fixes the following security issues:
Replication of ACLs set to inherit down a subtree on AD Directory
not automatic.
Crash after failed character conversion at log level 3 or above.
Use after free during DNS zone scavenging in Samba AD DC.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14902
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14907
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19344
(* Security fix *)
xap/gparted-1.1.0-x86_64-1.txz: Upgraded.
Diffstat (limited to 'source/n/krb5/patches/krb5-1.11-run_user_0.patch')
| -rw-r--r-- | source/n/krb5/patches/krb5-1.11-run_user_0.patch | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/source/n/krb5/patches/krb5-1.11-run_user_0.patch b/source/n/krb5/patches/krb5-1.11-run_user_0.patch new file mode 100644 index 000000000..10af564ba --- /dev/null +++ b/source/n/krb5/patches/krb5-1.11-run_user_0.patch @@ -0,0 +1,44 @@ +From 308f3826d44ab9ee114fc7d1c4fb61e9005025ad Mon Sep 17 00:00:00 2001 +From: Robbie Harwood <rharwood@redhat.com> +Date: Tue, 23 Aug 2016 16:49:57 -0400 +Subject: [PATCH] krb5-1.11-run_user_0.patch + +A hack: if we're looking at creating a ccache directory directly below +the /run/user/0 directory, and /run/user/0 doesn't exist, try to create +it, too. +--- + src/lib/krb5/ccache/cc_dir.c | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/src/lib/krb5/ccache/cc_dir.c b/src/lib/krb5/ccache/cc_dir.c +index 73f0fe6..4850c0d 100644 +--- a/src/lib/krb5/ccache/cc_dir.c ++++ b/src/lib/krb5/ccache/cc_dir.c +@@ -61,6 +61,8 @@ + + #include <dirent.h> + ++#define ROOT_SPECIAL_DCC_PARENT "/run/user/0" ++ + extern const krb5_cc_ops krb5_dcc_ops; + extern const krb5_cc_ops krb5_fcc_ops; + +@@ -237,6 +239,18 @@ verify_dir(krb5_context context, const char *dirname) + + if (stat(dirname, &st) < 0) { + if (errno == ENOENT) { ++ if (strncmp(dirname, ROOT_SPECIAL_DCC_PARENT "/", ++ sizeof(ROOT_SPECIAL_DCC_PARENT)) == 0 && ++ stat(ROOT_SPECIAL_DCC_PARENT, &st) < 0 && ++ errno == ENOENT) { ++#ifdef USE_SELINUX ++ selabel = krb5int_push_fscreatecon_for(ROOT_SPECIAL_DCC_PARENT); ++#endif ++ status = mkdir(ROOT_SPECIAL_DCC_PARENT, S_IRWXU); ++#ifdef USE_SELINUX ++ krb5int_pop_fscreatecon(selabel); ++#endif ++ } + #ifdef USE_SELINUX + selabel = krb5int_push_fscreatecon_for(dirname); + #endif |