Bug 167332 - critical upstream 2.4.2 fixes need porting to 2.4.1
Summary: critical upstream 2.4.2 fixes need porting to 2.4.1
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: tog-pegasus
Version: 4.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Jason Vas Dias
QA Contact:
URL:
Whiteboard:
Keywords: Security
Depends On:
Blocks: 145411
TreeView+ depends on / blocked
 
Reported: 2005-09-01 17:21 UTC by Jason Vas Dias
Modified: 2007-11-30 22:07 UTC (History)
0 users

(edit)
Clone Of:
(edit)
Last Closed: 2005-11-18 11:18:09 UTC


Attachments (Terms of Use)

Description Jason Vas Dias 2005-09-01 17:21:31 UTC
Description of problem:

The OpenGroup's Pegasus team have assessed, fixed and tested a number
of serious bugs in the 2.4.1 baseline release of tog-pegasus, and 
committed the fixes to the 2.4.2 baseline that should be ported to 
2.4.1.  These are:

2207 CIMOMHandle drops InvokeMethod request
        http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=2207
2217 Interrupts improperly handled in Unix Semaphore implement...
        http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=2217
2499 Initial Provider load/initialize is not thread safe.
        http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=2499
2503 IndicationHandlerService::_lookupHandlerForClass() not th...
        http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=2503
3416 SDK sample build fails on x86_64 2.4 rpm
        http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=3416
3858 _subscriptionClassesTable not threadsafe
        http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=3858
3958 cimserver crashs after many indications delivered
        http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=3958
4004 cimserver crash in MessageQueueService after running for ...
        http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=4004
4009 Double close causes EBADF ("Bad file descriptor") failures
        http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=4009
4014 host name validation in CIMObjectPathRep::isValidHostname...
        http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=4014
4023 Assignment operators should return object references
        http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=4023
4025 Thread class uses internal pthread functions
        http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=4025
4027 SSLCallbackInfo class does not declare a copy constructor...
        http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=4027
4028 CIMInstance::buildPath assumes key properties are specified
        http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=4028
4029 Add TestIndicationStressTest to 2.4-branch
        http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=4029
4042 TestIndicationStressTest not enabled in 2.4 branch.
        http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=4042
4050 Compile warning building SDK packaged consumer.
        http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=4050
4072 ThreadPool Test Failure - 2.4 version of Bug 2239
        http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=4072
4103 Timing window where in MessageQueue Service - Could cause...
        http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=4103
4120 HTTPConnection _handleReadEvent should complete connectio...
        http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=4120
4126 On shutdown, cimom::routing_proc loops attempting to send...
        http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=4126

Version-Release number of selected component (if applicable):
tog-pegasus-2.4.1-2.rhel4(-)

How reproducible:
100%

Steps to Reproduce:
Test any of the above bugs with tog-pegasus-2.4.1-2.rhel4 or earlier 
  
Actual results:
The above bugs can be reproduced .

Expected results:
Fixes need to be applied to Red Hat tog-pegasus release, and the above
bugs should not be reproducible.

Additional Info:
All the fixes for the above bugs have been extensively tested.

Comment 1 Jason Vas Dias 2005-09-01 17:22:48 UTC
There are security implications with the above bugs - see bug descriptions
for details.

All the bugs listed above are fixed with tog-pegasus-2.4.1-4.rhel4+ .


Comment 3 Mark J. Cox 2005-11-18 11:18:09 UTC
Was released as http://rhn.redhat.com/errata/RHEA-2005-494.html


Note You need to log in before you can comment on or make changes to this bug.