backport some patch

2022-12-21 14:33:34 +08:00 · 2022-12-21 14:33:34 +08:00 · 3c967acac6
commit 3c967acac6
parent 185506c7eb
4 changed files with 115 additions and 3 deletions
--- a/SDAP-sdap_get_generic_send-fix-mem-leak.patch
+++ b/SDAP-sdap_get_generic_send-fix-mem-leak.patch
@ -0,0 +1,28 @@
+From cabc6cee761a2a10236e9fe6bdbacb9de5415160 Mon Sep 17 00:00:00 2001
+From: Alexey Tikhonov <atikhono@redhat.com>
+Date: Fri, 22 Apr 2022 20:21:31 +0200
+Subject: [PATCH] SDAP: sdap_get_generic_send(): fix mem leak
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+---
+ src/providers/ldap/sdap_async.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c
+index ebccd591e..1749c4f99 100644
+--- a/src/providers/ldap/sdap_async.c
+++ b/src/providers/ldap/sdap_async.c
+@@ -2124,6 +2124,7 @@ struct tevent_req *sdap_get_generic_send(TALLOC_CTX *memctx,
+                                              false, NULL, NULL, 0, timeout,
+                                              allow_paging);
+     if (subreq == NULL) {
+        talloc_zfree(req);
+         return NULL;
+     }
+     tevent_req_set_callback(subreq, sdap_get_generic_done, req);
+-- 
+2.32.0.windows.1
+
--- a/pam_sss_gss-KRB5CCNAME-may-be-NULL.patch
+++ b/pam_sss_gss-KRB5CCNAME-may-be-NULL.patch
@ -0,0 +1,33 @@
+From 9aad30711a5928f0e8a3627305b6449291de507f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
+Date: Mon, 23 May 2022 11:05:01 +0200
+Subject: [PATCH] pam_sss_gss: KRB5CCNAME may be NULL
+
+Resolves: https://github.com/SSSD/sssd/issues/6180
+
+:fixes: A regression in pam_sss_gss module causing a failure if
+  KRB5CCNAME environment variable was not set was fixed.
+
+Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
+Reviewed-by: Sumit Bose <sbose@redhat.com>
+---
+ src/sss_client/pam_sss_gss.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/sss_client/pam_sss_gss.c b/src/sss_client/pam_sss_gss.c
+index 51047efc3..77a58e4cf 100644
+--- a/src/sss_client/pam_sss_gss.c
+++ b/src/sss_client/pam_sss_gss.c
+@@ -492,7 +492,8 @@ static errno_t sss_cli_getenv(const char *variable_name, char **_value)
+ {
+     char *value = getenv(variable_name);
+     if (value == NULL) {
+-        return ENOENT;
+        *_value = NULL;
+        return EOK;
+     }
+ 
+     *_value = strdup(value);
+-- 
+2.32.0.windows.1
+
--- a/sssctl-free-one-malloc-allocated-variable.patch
+++ b/sssctl-free-one-malloc-allocated-variable.patch
@ -0,0 +1,45 @@
+From 886ff516cf98ade239677ba3a3e3591fa341ce9b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Alejandro=20L=C3=B3pez?= <allopez@redhat.com>
+Date: Wed, 6 Apr 2022 11:58:48 +0200
+Subject: [PATCH] sssctl: free one malloc-allocated variable.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+One variable is allocated by popt using malloc and has to be freed.
+As it is a const char *, we need to bypass the const modifier.
+
+Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+---
+ src/tools/sssctl/sssctl_logs.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/src/tools/sssctl/sssctl_logs.c b/src/tools/sssctl/sssctl_logs.c
+index bd758f272..c375700b4 100644
+--- a/src/tools/sssctl/sssctl_logs.c
+++ b/src/tools/sssctl/sssctl_logs.c
+@@ -356,9 +356,6 @@ errno_t sssctl_debug_level(struct sss_cmdline *cmdline,
+ 
+     CHECK_ROOT(ret, debug_prg_name);
+ 
+-    /* free pc_config_file? */
+-    /* free debug_as_string? */
+-
+     debug_to_set = parse_debug_level(debug_as_string);
+     CHECK(debug_to_set == SSSDBG_INVALID, fini, "Invalid debug level.");
+ 
+@@ -387,6 +384,10 @@ errno_t sssctl_debug_level(struct sss_cmdline *cmdline,
+ 
+ fini:
+     talloc_free(ctx);
+    /* pc_config_file is allocated by popt using malloc().
+     * debug_as_string is not allocated but points to the command line. */
+    free(discard_const(pc_config_file));
+
+     return ret;
+ }
+ 
+-- 
+2.32.0.windows.1
+
--- a/sssd.spec
+++ b/sssd.spec
@ -1,11 +1,16 @@
 Name: sssd
 Version: 2.6.1
-Release: 5
+Release: 6
 Summary: System Security Services Daemon
 License: GPLv3+ and LGPLv3+
 URL: https://pagure.io/SSSD/sssd/
 Source0: https://github.com/SSSD/sssd/releases/download/%{version}/%{name}-%{version}.tar.gz

+Patch6000: backport-UTILS-fixes-CWE-394.patch
+Patch6001: pam_sss_gss-KRB5CCNAME-may-be-NULL.patch
+Patch6002: SDAP-sdap_get_generic_send-fix-mem-leak.patch
+Patch6003: sssctl-free-one-malloc-allocated-variable.patch
+
 Requires: python3-sssd = %{version}-%{release}
 Requires: libldb
 Requires: cyrus-sasl-gssapi%{?_isa}
@ -14,8 +19,6 @@ Recommends: bind-utils
 Recommends: bind-utils
 Recommends: adcli

-Patch6000: backport-UTILS-fixes-CWE-394.patch
-
 Provides: libsss_sudo-devel = %{version}-%{release}
 Provides: sssd-common = %{version}-%{release}
 Provides: sssd-ldap = %{version}-%{release}
@ -514,6 +517,9 @@ fi
 %systemd_postun_with_restart sssd.service

 %changelog
+* Wed Dec 21 2022 zhouchenchen<zhouchenchen@huawei.com> - 2.6.1-6
+- backport some patch
+
 * Tue Dec 20 2022 zhouchenchen <zhouchenchen@huawei.com> - 2.6.1-5
 - fix CWE-394