On Mon, 22 Apr 2019 09:07:04 +0200 Salvatore Bonaccorso <car...@debian.org> wrote:
>> Please see https://www.openwall.com/lists/oss-security/2019/04/17/1 > > Please note that when fixing the issues, in the original patchsets > there were some behaviour regressions, I think they should be adressed > in the followups as noted in > https://www.openwall.com/lists/oss-security/2019/04/18/2 Hi Salvatore, After several readings of the followup you linked to I think those "prior behavioral changes" are the fixes themselves, that is, the more thorough authorization checks. Don't you agree? I proceeded to apply the patches in the pull request to the pacemaker quilt queue. Unfortunately they introduce new symbols in libcrmcommon: crm_ipc_is_authentic_process and pcmk__ipc_is_authentic_process_active. Am I expected to update the libtool version info in light of this? -- Thanks, Feri
