packages/sssd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!66 回合补丁

Browse Source 
From: @zhouchenchen123 
Reviewed-by: @zhujianwei001 
Signed-off-by: @zhujianwei001
This commit is contained in:
openeuler-ci-bot 2022-12-21 08:57:02 +00:00 committed by Gitee
commit 862ba9407a
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
4 changed files with 115 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
SDAP-sdap_get_generic_send-fix-mem-leak.patch Normal file
View File

@ -0,0 +1,28 @@
From cabc6cee761a2a10236e9fe6bdbacb9de5415160 Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Fri, 22 Apr 2022 20:21:31 +0200
Subject: [PATCH] SDAP: sdap_get_generic_send(): fix mem leak
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
---
src/providers/ldap/sdap_async.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c
index ebccd591e..1749c4f99 100644
--- a/src/providers/ldap/sdap_async.c
+++ b/src/providers/ldap/sdap_async.c
@@ -2124,6 +2124,7 @@ struct tevent_req *sdap_get_generic_send(TALLOC_CTX *memctx,
false, NULL, NULL, 0, timeout,
allow_paging);
if (subreq == NULL) {
+ talloc_zfree(req);
return NULL;
}
tevent_req_set_callback(subreq, sdap_get_generic_done, req);
--
2.32.0.windows.1

33
pam_sss_gss-KRB5CCNAME-may-be-NULL.patch Normal file
View File

@ -0,0 +1,33 @@
From 9aad30711a5928f0e8a3627305b6449291de507f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Mon, 23 May 2022 11:05:01 +0200
Subject: [PATCH] pam_sss_gss: KRB5CCNAME may be NULL
Resolves: https://github.com/SSSD/sssd/issues/6180
:fixes: A regression in pam_sss_gss module causing a failure if
KRB5CCNAME environment variable was not set was fixed.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
---
src/sss_client/pam_sss_gss.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/sss_client/pam_sss_gss.c b/src/sss_client/pam_sss_gss.c
index 51047efc3..77a58e4cf 100644
--- a/src/sss_client/pam_sss_gss.c
+++ b/src/sss_client/pam_sss_gss.c
@@ -492,7 +492,8 @@ static errno_t sss_cli_getenv(const char *variable_name, char **_value)
{
char *value = getenv(variable_name);
if (value == NULL) {
- return ENOENT;
+ *_value = NULL;
+ return EOK;
}
*_value = strdup(value);
--
2.32.0.windows.1

45
sssctl-free-one-malloc-allocated-variable.patch Normal file
View File

@ -0,0 +1,45 @@
From 886ff516cf98ade239677ba3a3e3591fa341ce9b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alejandro=20L=C3=B3pez?= <allopez@redhat.com>
Date: Wed, 6 Apr 2022 11:58:48 +0200
Subject: [PATCH] sssctl: free one malloc-allocated variable.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
One variable is allocated by popt using malloc and has to be freed.
As it is a const char *, we need to bypass the const modifier.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
---
src/tools/sssctl/sssctl_logs.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/tools/sssctl/sssctl_logs.c b/src/tools/sssctl/sssctl_logs.c
index bd758f272..c375700b4 100644
--- a/src/tools/sssctl/sssctl_logs.c
+++ b/src/tools/sssctl/sssctl_logs.c
@@ -356,9 +356,6 @@ errno_t sssctl_debug_level(struct sss_cmdline *cmdline,
CHECK_ROOT(ret, debug_prg_name);
- /* free pc_config_file? */
- /* free debug_as_string? */
-
debug_to_set = parse_debug_level(debug_as_string);
CHECK(debug_to_set == SSSDBG_INVALID, fini, "Invalid debug level.");
@@ -387,6 +384,10 @@ errno_t sssctl_debug_level(struct sss_cmdline *cmdline,
fini:
talloc_free(ctx);
+ /* pc_config_file is allocated by popt using malloc().
+ * debug_as_string is not allocated but points to the command line. */
+ free(discard_const(pc_config_file));
+
return ret;
}
--
2.32.0.windows.1

12
sssd.spec
View File

@ -1,11 +1,16 @@
Name: sssd Name: sssd
Version: 2.6.1 Version: 2.6.1
Release: 5 Release: 6
Summary: System Security Services Daemon Summary: System Security Services Daemon
License: GPLv3+ and LGPLv3+ License: GPLv3+ and LGPLv3+
URL: https://pagure.io/SSSD/sssd/ URL: https://pagure.io/SSSD/sssd/
Source0: https://github.com/SSSD/sssd/releases/download/%{version}/%{name}-%{version}.tar.gz Source0: https://github.com/SSSD/sssd/releases/download/%{version}/%{name}-%{version}.tar.gz
Patch6000: backport-UTILS-fixes-CWE-394.patch
Patch6001: pam_sss_gss-KRB5CCNAME-may-be-NULL.patch
Patch6002: SDAP-sdap_get_generic_send-fix-mem-leak.patch
Patch6003: sssctl-free-one-malloc-allocated-variable.patch
Requires: python3-sssd = %{version}-%{release} Requires: python3-sssd = %{version}-%{release}
Requires: libldb Requires: libldb
Requires: cyrus-sasl-gssapi%{?_isa} Requires: cyrus-sasl-gssapi%{?_isa}
@ -14,8 +19,6 @@ Recommends: bind-utils
Recommends: bind-utils Recommends: bind-utils
Recommends: adcli Recommends: adcli
Patch6000: backport-UTILS-fixes-CWE-394.patch
Provides: libsss_sudo-devel = %{version}-%{release} Provides: libsss_sudo-devel = %{version}-%{release}
Provides: sssd-common = %{version}-%{release} Provides: sssd-common = %{version}-%{release}
Provides: sssd-ldap = %{version}-%{release} Provides: sssd-ldap = %{version}-%{release}
@ -514,6 +517,9 @@ fi
%systemd_postun_with_restart sssd.service %systemd_postun_with_restart sssd.service
%changelog %changelog
* Wed Dec 21 2022 zhouchenchen<zhouchenchen@huawei.com> - 2.6.1-6
- backport some patch
* Tue Dec 20 2022 zhouchenchen <zhouchenchen@huawei.com> - 2.6.1-5 * Tue Dec 20 2022 zhouchenchen <zhouchenchen@huawei.com> - 2.6.1-5
- fix CWE-394 - fix CWE-394