From f6348b0bc1f332196f8a8c73fa6ba48ee3cb9310 Mon Sep 17 00:00:00 2001
From: Patrick J Volkerding <volkerdi@slackware.com>
Date: Tue, 21 Jan 2020 21:23:01 +0000
Subject: Tue Jan 21 21:23:01 UTC 2020

a/aaa_elflibs-15.0-x86_64-19.txz:  Rebuilt.
  Upgraded:  libcap.so.2.31, libgmp.so.10.4.0, libgmpxx.so.4.6.0.
  Added:  libgssapi_krb5.so.2.2, libk5crypto.so.3.1, libkrb5.so.3.3,
  libkrb5support.so.0.1.
a/util-linux-2.35-x86_64-1.txz:  Upgraded.
d/python-pip-20.0.1-x86_64-1.txz:  Upgraded.
l/Mako-1.1.1-x86_64-1.txz:  Upgraded.
l/keyutils-1.6.1-x86_64-1.txz:  Upgraded.
n/krb5-1.17-x86_64-1.txz:  Added.
  Nothing links to this yet, but we'll need it soon enough. :-)
n/php-7.4.2-x86_64-1.txz:  Upgraded.
  This update fixes bugs and security issues:
  Standard: OOB read in php_strip_tags_ex
  Mbstring: global buffer-overflow in 'mbfl_filt_conv_big5_wchar'
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7059
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7060
  (* Security fix *)
n/samba-4.11.5-x86_64-1.txz:  Upgraded.
  This update fixes the following security issues:
  Replication of ACLs set to inherit down a subtree on AD Directory
  not automatic.
  Crash after failed character conversion at log level 3 or above.
  Use after free during DNS zone scavenging in Samba AD DC.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14902
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14907
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19344
  (* Security fix *)
xap/gparted-1.1.0-x86_64-1.txz:  Upgraded.
---
 source/n/krb5/patches/krb5-1.11-run_user_0.patch | 44 ++++++++++++++++++++++++
 1 file changed, 44 insertions(+)
 create mode 100644 source/n/krb5/patches/krb5-1.11-run_user_0.patch

(limited to 'source/n/krb5/patches/krb5-1.11-run_user_0.patch')

diff --git a/source/n/krb5/patches/krb5-1.11-run_user_0.patch b/source/n/krb5/patches/krb5-1.11-run_user_0.patch
new file mode 100644
index 000000000..10af564ba
--- /dev/null
+++ b/source/n/krb5/patches/krb5-1.11-run_user_0.patch
@@ -0,0 +1,44 @@
+From 308f3826d44ab9ee114fc7d1c4fb61e9005025ad Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Tue, 23 Aug 2016 16:49:57 -0400
+Subject: [PATCH] krb5-1.11-run_user_0.patch
+
+A hack: if we're looking at creating a ccache directory directly below
+the /run/user/0 directory, and /run/user/0 doesn't exist, try to create
+it, too.
+---
+ src/lib/krb5/ccache/cc_dir.c | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/src/lib/krb5/ccache/cc_dir.c b/src/lib/krb5/ccache/cc_dir.c
+index 73f0fe6..4850c0d 100644
+--- a/src/lib/krb5/ccache/cc_dir.c
++++ b/src/lib/krb5/ccache/cc_dir.c
+@@ -61,6 +61,8 @@
+ 
+ #include <dirent.h>
+ 
++#define ROOT_SPECIAL_DCC_PARENT "/run/user/0"
++
+ extern const krb5_cc_ops krb5_dcc_ops;
+ extern const krb5_cc_ops krb5_fcc_ops;
+ 
+@@ -237,6 +239,18 @@ verify_dir(krb5_context context, const char *dirname)
+ 
+     if (stat(dirname, &st) < 0) {
+         if (errno == ENOENT) {
++            if (strncmp(dirname, ROOT_SPECIAL_DCC_PARENT "/",
++                        sizeof(ROOT_SPECIAL_DCC_PARENT)) == 0 &&
++                stat(ROOT_SPECIAL_DCC_PARENT, &st) < 0 &&
++                errno == ENOENT) {
++#ifdef USE_SELINUX
++                selabel = krb5int_push_fscreatecon_for(ROOT_SPECIAL_DCC_PARENT);
++#endif
++                status = mkdir(ROOT_SPECIAL_DCC_PARENT, S_IRWXU);
++#ifdef USE_SELINUX
++                krb5int_pop_fscreatecon(selabel);
++#endif
++            }
+ #ifdef USE_SELINUX
+             selabel = krb5int_push_fscreatecon_for(dirname);
+ #endif
-- 
cgit v1.2.3