From 064ae2d537700296b117922b277e7469b945737b Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Mar 21 2012 11:35:03 +0000 Subject: Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup --- diff --git a/0001-Fix-uninitialized-variable.patch b/0001-Fix-uninitialized-variable.patch new file mode 100644 index 0000000..5cd52ce --- /dev/null +++ b/0001-Fix-uninitialized-variable.patch @@ -0,0 +1,25 @@ +From b3671769f57521c4eeef850a4963e320f170082c Mon Sep 17 00:00:00 2001 +From: Jakub Hrozek +Date: Fri, 16 Mar 2012 09:36:38 -0400 +Subject: [PATCH] Fix uninitialized variable + +--- + src/providers/ldap/ldap_common.c | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c +index d5dc4a0af5590bbe6f8d474095c6094582deb542..949244183c0db7b8e576c7b3c5e63e2bb35cb39f 100644 +--- a/src/providers/ldap/ldap_common.c ++++ b/src/providers/ldap/ldap_common.c +@@ -1598,7 +1598,7 @@ errno_t list_missing_attrs(TALLOC_CTX *mem_ctx, + } + + if (k == 0) { +- *missing = NULL; ++ *missing_attrs = NULL; + } else { + /* Terminate the list */ + missing[k] = NULL; +-- +1.7.7.6 + diff --git a/0001-LDAP-Do-not-fail-if-RootDSE-check-cannot-determine-s.patch b/0001-LDAP-Do-not-fail-if-RootDSE-check-cannot-determine-s.patch deleted file mode 100644 index afb7a58..0000000 --- a/0001-LDAP-Do-not-fail-if-RootDSE-check-cannot-determine-s.patch +++ /dev/null @@ -1,254 +0,0 @@ -From cd59e5d02ec97ea309fd51d4d6a6a4421617cd12 Mon Sep 17 00:00:00 2001 -From: Stephen Gallagher -Date: Wed, 1 Feb 2012 14:03:36 -0500 -Subject: [PATCH] LDAP: Do not fail if RootDSE check cannot determine search - bases - -https://fedorahosted.org/sssd/ticket/1152 - -Conflicts: - - src/providers/ldap/sdap_async_services.c ---- - src/providers/ipa/ipa_netgroups.c | 7 +++++ - src/providers/ldap/ldap_common.c | 5 +-- - src/providers/ldap/sdap.c | 7 ++++- - src/providers/ldap/sdap_async_groups.c | 9 +++++++ - src/providers/ldap/sdap_async_initgroups.c | 35 +++++++++++++++++++++++++++- - src/providers/ldap/sdap_async_netgroups.c | 10 ++++++++ - src/providers/ldap/sdap_async_users.c | 9 +++++++ - src/providers/ldap/sdap_sudo.c | 9 +++++++ - 8 files changed, 86 insertions(+), 5 deletions(-) - -diff --git a/src/providers/ipa/ipa_netgroups.c b/src/providers/ipa/ipa_netgroups.c -index 78bcee1b44fec3c8d04fc5ba13b46db26396d1b1..7da1147c7d6fd1dec8872209e442ae99ee810aa1 100644 ---- a/src/providers/ipa/ipa_netgroups.c -+++ b/src/providers/ipa/ipa_netgroups.c -@@ -209,6 +209,13 @@ struct tevent_req *ipa_get_netgroups_send(TALLOC_CTX *memctx, - state->base_filter = filter; - state->netgr_base_iter = 0; - -+ if (!ipa_options->id->netgroup_search_bases) { -+ DEBUG(SSSDBG_CRIT_FAILURE, -+ ("Netgroup lookup request without a search base\n")); -+ ret = EINVAL; -+ goto done; -+ } -+ - ret = sss_hash_create(state, 32, &state->new_netgroups); - if (ret != EOK) goto done; - ret = sss_hash_create(state, 32, &state->new_users); -diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c -index 71921963a768a9975eca6432025704e06f28a2b8..c287b345217befeb872b25521d80d601fc27f0c7 100644 ---- a/src/providers/ldap/ldap_common.c -+++ b/src/providers/ldap/ldap_common.c -@@ -538,9 +538,8 @@ int ldap_get_sudo_options(TALLOC_CTX *memctx, - dp_opt_get_string(opts->basic, SDAP_SUDO_SEARCH_BASE))); - } - } else { -- /* FIXME: try to discover it later */ -- DEBUG(SSSDBG_OP_FAILURE, ("Error: no SUDO search base set\n")); -- return ENOENT; -+ DEBUG(SSSDBG_TRACE_FUNC, ("Search base not set, trying to discover it later " -+ "connecting to the LDAP server.\n")); - } - - ret = sdap_parse_search_base(opts, opts->basic, -diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c -index 3ca2e286146e1e88b1fd7abef341fa8c3aa699ad..2b29116949b2f8efae269a994a0f3da64a0ee612 100644 ---- a/src/providers/ldap/sdap.c -+++ b/src/providers/ldap/sdap.c -@@ -748,7 +748,12 @@ errno_t sdap_set_config_options_with_rootdse(struct sysdb_attrs *rootdse, - naming_context = get_naming_context(opts->basic, rootdse); - if (naming_context == NULL) { - DEBUG(1, ("get_naming_context failed.\n")); -- ret = EINVAL; -+ -+ /* This has to be non-fatal, since some servers offer -+ * multiple namingContexts entries. We will just -+ * add NULL checks for the search bases in the lookups. -+ */ -+ ret = EOK; - goto done; - } - } -diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c -index e59640997d78db525a98a63cd230d2bc1a74d1a1..fe5dbd49a159c0ca4f57d60b7f69a8792e9a42c9 100644 ---- a/src/providers/ldap/sdap_async_groups.c -+++ b/src/providers/ldap/sdap_async_groups.c -@@ -1217,7 +1217,16 @@ struct tevent_req *sdap_get_groups_send(TALLOC_CTX *memctx, - state->base_iter = 0; - state->search_bases = search_bases; - -+ if (!search_bases) { -+ DEBUG(SSSDBG_CRIT_FAILURE, -+ ("Group lookup request without a search base\n")); -+ ret = EINVAL; -+ goto done; -+ } -+ - ret = sdap_get_groups_next_base(req); -+ -+done: - if (ret != EOK) { - tevent_req_error(req, ret); - tevent_req_post(req, ev); -diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c -index 73ab25ea79cd66ff5fe7131ee7606cf71aa382e5..a769b100557b2d685cb022f09bea0d70ccfe3bb3 100644 ---- a/src/providers/ldap/sdap_async_initgroups.c -+++ b/src/providers/ldap/sdap_async_initgroups.c -@@ -303,6 +303,13 @@ struct tevent_req *sdap_initgr_rfc2307_send(TALLOC_CTX *memctx, - state->base_iter = 0; - state->search_bases = opts->group_search_bases; - -+ if (!state->search_bases) { -+ DEBUG(SSSDBG_CRIT_FAILURE, -+ ("Initgroups lookup request without a group search base\n")); -+ ret = EINVAL; -+ goto done; -+ } -+ - state->name = talloc_strdup(state, name); - if (!state->name) { - talloc_zfree(req); -@@ -337,6 +344,8 @@ struct tevent_req *sdap_initgr_rfc2307_send(TALLOC_CTX *memctx, - talloc_zfree(clean_name); - - ret = sdap_initgr_rfc2307_next_base(req); -+ -+done: - if (ret != EOK) { - tevent_req_error(req, ret); - tevent_req_post(req, ev); -@@ -1432,6 +1441,13 @@ static struct tevent_req *sdap_initgr_rfc2307bis_send( - state->base_iter = 0; - state->search_bases = opts->group_search_bases; - -+ if (!state->search_bases) { -+ DEBUG(SSSDBG_CRIT_FAILURE, -+ ("Initgroups lookup request without a group search base\n")); -+ ret = EINVAL; -+ goto done; -+ } -+ - ret = sss_hash_create(state, 32, &state->group_hash); - if (ret != EOK) { - talloc_free(req); -@@ -2006,9 +2022,17 @@ struct tevent_req *rfc2307bis_nested_groups_send( - SDAP_SEARCH_TIMEOUT); - state->base_iter = 0; - state->search_bases = opts->group_search_bases; -- -+ if (!state->search_bases) { -+ DEBUG(SSSDBG_CRIT_FAILURE, -+ ("Initgroups nested lookup request " -+ "without a group search base\n")); -+ ret = EINVAL; -+ goto done; -+ } - - ret = rfc2307bis_nested_groups_step(req); -+ -+done: - if (ret == EOK) { - /* All parent groups were already processed */ - tevent_req_done(req); -@@ -2378,9 +2402,16 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, - state->timeout = dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT); - state->user_base_iter = 0; - state->user_search_bases = id_ctx->opts->user_search_bases; -+ if (!state->user_search_bases) { -+ DEBUG(SSSDBG_CRIT_FAILURE, -+ ("Initgroups lookup request without a user search base\n")); -+ ret = EINVAL; -+ goto done; -+ } - - ret = sss_filter_sanitize(state, name, &clean_name); - if (ret != EOK) { -+ talloc_zfree(req); - return NULL; - } - -@@ -2402,6 +2433,8 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, - } - - ret = sdap_get_initgr_next_base(req); -+ -+done: - if (ret != EOK) { - tevent_req_error(req, ret); - tevent_req_post(req, ev); -diff --git a/src/providers/ldap/sdap_async_netgroups.c b/src/providers/ldap/sdap_async_netgroups.c -index 0888c7e2fcf03d0b133bcf93ad017086aedffe16..f3a378f6488cfd46001c22b3a5abf29724f2fd0d 100644 ---- a/src/providers/ldap/sdap_async_netgroups.c -+++ b/src/providers/ldap/sdap_async_netgroups.c -@@ -579,7 +579,17 @@ struct tevent_req *sdap_get_netgroups_send(TALLOC_CTX *memctx, - state->base_iter = 0; - state->search_bases = search_bases; - -+ if (!state->search_bases) { -+ DEBUG(SSSDBG_CRIT_FAILURE, -+ ("Netgroup lookup request without a netgroup search base\n")); -+ ret = EINVAL; -+ goto done; -+ } -+ -+ - ret = sdap_get_netgroups_next_base(req); -+ -+done: - if (ret != EOK) { - tevent_req_error(req, ret); - tevent_req_post(req, state->ev); -diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c -index ac856a64208cb87994f676ab50fdba6d82dbcb50..01168321951fa9d14f4b58d891cb922c6c44d2c2 100644 ---- a/src/providers/ldap/sdap_async_users.c -+++ b/src/providers/ldap/sdap_async_users.c -@@ -434,7 +434,16 @@ struct tevent_req *sdap_get_users_send(TALLOC_CTX *memctx, - state->search_bases = search_bases; - state->enumeration = enumeration; - -+ if (!state->search_bases) { -+ DEBUG(SSSDBG_CRIT_FAILURE, -+ ("User lookup request without a search base\n")); -+ ret = EINVAL; -+ goto done; -+ } -+ - ret = sdap_get_users_next_base(req); -+ -+done: - if (ret != EOK) { - tevent_req_error(req, ret); - tevent_req_post(req, state->ev); -diff --git a/src/providers/ldap/sdap_sudo.c b/src/providers/ldap/sdap_sudo.c -index 68cb47cd38952594d34ccc81913b7308caf9af10..aeae22eccf2a9adf3fb2fde831a3b492a6c4afb7 100644 ---- a/src/providers/ldap/sdap_sudo.c -+++ b/src/providers/ldap/sdap_sudo.c -@@ -237,6 +237,13 @@ struct tevent_req * sdap_sudo_load_sudoers_send(TALLOC_CTX *mem_ctx, - state->ldap_rules = NULL; - state->ldap_rules_count = 0; - -+ if (!state->search_bases) { -+ DEBUG(SSSDBG_CRIT_FAILURE, -+ ("SUDOERS lookup request without a search base\n")); -+ ret = EINVAL; -+ goto done; -+ } -+ - /* create filter */ - state->filter = sdap_sudo_build_filter(state, - state->opts->sudorule_map, -@@ -256,6 +263,8 @@ struct tevent_req * sdap_sudo_load_sudoers_send(TALLOC_CTX *mem_ctx, - - /* begin search */ - ret = sdap_sudo_load_sudoers_next_base(req); -+ -+done: - if (ret != EOK) { - tevent_req_error(req, ret); - tevent_req_post(req, sudo_ctx->be_ctx->ev); --- -1.7.7.6 - diff --git a/0002-DP-Fix-bugs-in-sss_dp_get_account_int.patch b/0002-DP-Fix-bugs-in-sss_dp_get_account_int.patch deleted file mode 100644 index cd58c17..0000000 --- a/0002-DP-Fix-bugs-in-sss_dp_get_account_int.patch +++ /dev/null @@ -1,265 +0,0 @@ -From 707b20e80a5c5b86944dc55bbc652b392a4c6454 Mon Sep 17 00:00:00 2001 -From: Stephen Gallagher -Date: Sat, 21 Jan 2012 12:11:23 -0500 -Subject: [PATCH 5/5] DP: Fix bugs in sss_dp_get_account_int - -The conversion to the tevent_req style introduced numerous bugs -related to memory management of the various client requests. In -some circumstances, this could cause memory corruption and -segmentation faults in the NSS responder. This patch makes the -following changes: - -1) Rename the internal lookup from subreq to sidereq, to indicate -that it is not a sub-request of the current lookup (and therefore -is not cancelled if the current request is). - -2) Change the handling of the callback loops since they call -tevent_req_[done|error], which results in them being freed (and -therefore removed from the cb_list. This was the source of the -memory corruption that would occasionally result in dereferencing -an unreadable request. - -3) Remove the unnecessary sss_dp_get_account_int_recv() function -and change sss_dp_get_account_done() so that it only frees the -sidereq. All of the waiting processes have already been signaled -with the final results from sss_dp_get_account_int_done() ---- - src/responder/common/responder_dp.c | 110 +++++++++++----------------- - src/responder/nss/nsssrv_cmd.c | 1 + - src/responder/pam/pamsrv_cmd.c | 1 + - src/responder/sudo/sudosrv_get_sudorules.c | 1 + - 4 files changed, 47 insertions(+), 66 deletions(-) - -diff --git a/src/responder/common/responder_dp.c b/src/responder/common/responder_dp.c -index f51e2496a165cc2b776af776f2e9d1ea75b8e62c..9219037cc6055899e675eef846af54238d5c61e1 100644 ---- a/src/responder/common/responder_dp.c -+++ b/src/responder/common/responder_dp.c -@@ -92,11 +92,28 @@ static int sss_dp_req_destructor(void *ptr) - /* If there are callbacks that haven't been invoked, return - * an error now. - */ -- DLIST_FOR_EACH(cb, sdp_req->cb_list) { -+ while((cb = sdp_req->cb_list) != NULL) { - state = tevent_req_data(cb->req, struct dp_get_account_state); - state->err_maj = DP_ERR_FATAL; - state->err_min = EIO; -+ -+ /* tevent_req_done/error will free cb */ - tevent_req_error(cb->req, EIO); -+ -+ /* Freeing the cb removes it from the cb_list. -+ * Therefore, the cb_list should now be pointing -+ * at a new callback. If it's not, it means the -+ * callback handler didn't free cb and may leak -+ * memory. Be paranoid and protect against this -+ * situation. -+ */ -+ if (cb == sdp_req->cb_list) { -+ DEBUG(SSSDBG_FATAL_FAILURE, -+ ("BUG: a callback did not free its request. " -+ "May leak memory\n")); -+ /* Skip to the next since a memory leak is non-fatal */ -+ sdp_req->cb_list = sdp_req->cb_list->next; -+ } - } - - /* Destroy the hash entry */ -@@ -225,14 +242,6 @@ sss_dp_get_account_int_send(struct resp_ctx *rctx, - static void - sss_dp_get_account_done(struct tevent_req *subreq); - --static errno_t --sss_dp_get_account_int_recv(TALLOC_CTX *mem_ctx, -- struct tevent_req *req, -- dbus_uint16_t *err_maj, -- dbus_uint32_t *err_min, -- char **err_msg); -- -- - /* Send a request to the data provider - * Once this function is called, the communication - * with the data provider will always run to -@@ -252,7 +261,7 @@ sss_dp_get_account_send(TALLOC_CTX *mem_ctx, - errno_t ret; - int hret; - struct tevent_req *req; -- struct tevent_req *subreq; -+ struct tevent_req *sidereq; - struct dp_get_account_state *state; - struct sss_dp_req *sdp_req; - struct sss_dp_callback *cb; -@@ -343,19 +352,19 @@ sss_dp_get_account_send(TALLOC_CTX *mem_ctx, - */ - - value.type = HASH_VALUE_PTR; -- subreq = sss_dp_get_account_int_send(rctx, state->key, dom, -+ sidereq = sss_dp_get_account_int_send(rctx, state->key, dom, - be_type, filter); -- if (!subreq) { -+ if (!sidereq) { - ret = ENOMEM; - goto error; - } -- tevent_req_set_callback(subreq, sss_dp_get_account_done, NULL); -+ tevent_req_set_callback(sidereq, sss_dp_get_account_done, NULL); - - /* We should now be able to find the sdp_req in the hash table */ - hret = hash_lookup(rctx->dp_request_table, state->key, &value); - if (hret != HASH_SUCCESS) { - /* Something must have gone wrong with creating the request */ -- talloc_zfree(subreq); -+ talloc_zfree(sidereq); - ret = EIO; - goto error; - } -@@ -402,23 +411,10 @@ error: - } - - static void --sss_dp_get_account_done(struct tevent_req *subreq) -+sss_dp_get_account_done(struct tevent_req *sidereq) - { -- errno_t ret; -- struct tevent_req *req = tevent_req_callback_data(subreq, -- struct tevent_req); -- struct dp_get_account_state *state = -- tevent_req_data(req, struct dp_get_account_state); -- -- ret = sss_dp_get_account_int_recv(state, req, -- &state->err_maj, -- &state->err_min, -- &state->err_msg); -- if (ret != EOK) { -- tevent_req_done(req); -- } else { -- tevent_req_error(req, ret); -- } -+ /* Nothing to do here. The callbacks have already been invoked */ -+ talloc_zfree(sidereq); - } - - errno_t -@@ -599,7 +595,7 @@ static void sss_dp_get_account_int_done(DBusPendingCall *pending, void *ptr) - int ret; - struct tevent_req *req; - struct sss_dp_req *sdp_req; -- struct sss_dp_callback *cb, *prevcb = NULL; -+ struct sss_dp_callback *cb; - struct dp_get_account_int_state *state; - struct dp_get_account_state *cb_state; - -@@ -630,58 +626,40 @@ static void sss_dp_get_account_int_done(DBusPendingCall *pending, void *ptr) - } - - /* Check whether we need to issue any callbacks */ -- DLIST_FOR_EACH(cb, sdp_req->cb_list) { -+ while ((cb = sdp_req->cb_list) != NULL) { - cb_state = tevent_req_data(cb->req, struct dp_get_account_state); - cb_state->err_maj = sdp_req->err_maj; - cb_state->err_min = sdp_req->err_min; - cb_state->err_msg = talloc_strdup(cb_state, sdp_req->err_msg); - /* Don't bother checking for NULL. If it fails due to ENOMEM, -- * we can't really handle it annyway. -+ * we can't really handle it anyway. - */ - -+ /* tevent_req_done/error will free cb */ - if (ret == EOK) { - tevent_req_done(cb->req); - } else { - tevent_req_error(cb->req, ret); - } - -- /* Freeing the request removes it from the list */ -- if (prevcb) talloc_free(prevcb); -- prevcb = cb; -+ /* Freeing the cb removes it from the cb_list. -+ * Therefore, the cb_list should now be pointing -+ * at a new callback. If it's not, it means the -+ * callback handler didn't free cb and may leak -+ * memory. Be paranoid and protect against this -+ * situation. -+ */ -+ if (cb == sdp_req->cb_list) { -+ DEBUG(SSSDBG_FATAL_FAILURE, -+ ("BUG: a callback did not free its request. " -+ "May leak memory\n")); -+ /* Skip to the next since a memory leak is non-fatal */ -+ sdp_req->cb_list = sdp_req->cb_list->next; -+ } - } -- talloc_free(prevcb); - - /* We're done with this request. Free the sdp_req - * This will clean up the hash table entry as well - */ - talloc_zfree(sdp_req); - } -- --static errno_t --sss_dp_get_account_int_recv(TALLOC_CTX *mem_ctx, -- struct tevent_req *req, -- dbus_uint16_t *err_maj, -- dbus_uint32_t *err_min, -- char **err_msg) --{ -- struct dp_get_account_int_state *state = -- tevent_req_data(req, struct dp_get_account_int_state); -- -- enum tevent_req_state TRROEstate; -- uint64_t TRROEerr; -- -- *err_maj = state->sdp_req->err_maj; -- *err_min = state->sdp_req->err_min; -- *err_msg = talloc_steal(mem_ctx, state->sdp_req->err_msg); -- -- if (tevent_req_is_error(req, &TRROEstate, &TRROEerr)) { -- if (TRROEstate == TEVENT_REQ_USER_ERROR) { -- *err_maj = DP_ERR_FATAL; -- *err_min = TRROEerr; -- } else { -- return EIO; -- } -- } -- -- return EOK; --} -diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c -index 3bc30ab8641b1787ded15165890e61836e46e802..fc2dca8d7a9e9dc1e5d68c98f95a5d3d67231f4a 100644 ---- a/src/responder/nss/nsssrv_cmd.c -+++ b/src/responder/nss/nsssrv_cmd.c -@@ -700,6 +700,7 @@ static void nsssrv_dp_send_acct_req_done(struct tevent_req *req) - ret = sss_dp_get_account_recv(cb_ctx->mem_ctx, req, - &err_maj, &err_min, - &err_msg); -+ talloc_zfree(req); - if (ret != EOK) { - NSS_CMD_FATAL_ERROR(cb_ctx->cctx); - } -diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c -index 3b2d509e237b12516e1234a34a8542ae09752c43..2e544cd5aa5a566e5557f2d9280b57b24f39befd 100644 ---- a/src/responder/pam/pamsrv_cmd.c -+++ b/src/responder/pam/pamsrv_cmd.c -@@ -994,6 +994,7 @@ static void pam_dp_send_acct_req_done(struct tevent_req *req) - ret = sss_dp_get_account_recv(cb_ctx->mem_ctx, req, - &err_maj, &err_min, - &err_msg); -+ talloc_zfree(req); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, - ("Fatal error, killing connection!\n")); -diff --git a/src/responder/sudo/sudosrv_get_sudorules.c b/src/responder/sudo/sudosrv_get_sudorules.c -index 5d54f95ab78bc43338dd55205e85dbba7bd5f437..1723fd42c8222e72e46498a3b83e427099243369 100644 ---- a/src/responder/sudo/sudosrv_get_sudorules.c -+++ b/src/responder/sudo/sudosrv_get_sudorules.c -@@ -181,6 +181,7 @@ static void sudosrv_dp_send_acct_req_done(struct tevent_req *req) - ret = sss_dp_get_account_recv(cb_ctx->mem_ctx, req, - &err_maj, &err_min, - &err_msg); -+ talloc_zfree(req); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, - ("Fatal error, killing connection!\n")); --- -1.7.4.1 - diff --git a/sssd.spec b/sssd.spec index 4e903a1..6031a15 100644 --- a/sssd.spec +++ b/sssd.spec @@ -16,7 +16,7 @@ Name: sssd Version: 1.8.1 -Release: 7%{?dist} +Release: 8%{?dist} Group: Applications/System Summary: System Security Services Daemon License: GPLv3+ @@ -26,6 +26,8 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) ### Patches ### +Patch0001: 0001-Fix-uninitialized-variable.patch + ### Dependencies ### Conflicts: selinux-policy < 3.10.0-46 @@ -438,6 +440,10 @@ fi %postun -n libipa_hbac -p /sbin/ldconfig %changelog +* Wed Mar 21 2012 Stephen Gallagher - 1.8.1-8 +- Fix uninitialized value bug causing crashes throughout the code +- Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup + * Mon Mar 12 2012 Stephen Gallagher - 1.8.1-7 - New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an