From b62bf7c05a8563bfcc46b7c3cd6964314899c4c185e3866956d34e944ecd1a8f Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Mon, 28 Oct 2019 10:03:38 +0000 Subject: [PATCH] Accepting request 738880 from home:pevik:branches:Base:System - Updated to libtirpc 1.1.5 rc2 (this includes changes in 1.1.4 release) - add libtirpc-1-1-5-rc1.patch and libtirpc-1-1-5-rc2.patch to reflect upstream changes after 1.1.4 release - remove /etc/bindresvport.blacklist as it's still supported by glibc although it's not compiled with --enable-obsolete-rpc - Drop patches accepted in previous releases or not needed - 000-bindresvport_blacklist.patch (accepted in 5b037cc9, libtirpc 1.1.4) - 001-new-rpcbindsock-path.patch (not needed, rpcbind now uses /var/run directory) - 002-revert-binddynport.patch (fixed in 2802259, libtirpc-1-0-4-rc1) - 0001-Fix-regression-introduced-by-change-rpc-version-orde.patch (backport of 25d38d7, libtirpc-1-0-4-rc1) - 0001-xdrstdio_create-buffers-do-not-output-encoded-values.patch (backport of 145272c, libtirpc-1-0-4-rc2) - Add fixes from upcomming release - 0001-Makefile.am-Use-LIBADD-instead-of-LDFLAGS-to-link-ag.patch - 0003-man-rpc_secure.3t-Fix-typo-in-manpage.patch - 0004-xdr-add-a-defensive-mask-in-xdr_int64_t-and-xdr_u_in.patch OBS-URL: https://build.opensuse.org/request/show/738880 OBS-URL: https://build.opensuse.org/package/show/Base:System/libtirpc?expand=0&rev=78 --- 000-bindresvport_blacklist.patch | 135 --------- ...ntroduced-by-change-rpc-version-orde.patch | 73 ----- ...LIBADD-instead-of-LDFLAGS-to-link-ag.patch | 36 +++ ...an-rpc_secure.3t-Fix-typo-in-manpage.patch | 31 +++ ...ive-mask-in-xdr_int64_t-and-xdr_u_in.patch | 44 +++ 001-new-rpcbindsock-path.patch | 35 --- 002-revert-binddynport.patch | 256 ------------------ libtirpc-1-1-5-rc1.patch | 170 ++++++++++++ libtirpc-1-1-5-rc2.patch | 148 ++++++++++ libtirpc-1.0.3.tar.bz2 | 3 - libtirpc-1.1.4.tar.bz2 | 3 + libtirpc.changes | 23 ++ libtirpc.spec | 19 +- 13 files changed, 460 insertions(+), 516 deletions(-) delete mode 100644 000-bindresvport_blacklist.patch delete mode 100644 0001-Fix-regression-introduced-by-change-rpc-version-orde.patch create mode 100644 0001-Makefile.am-Use-LIBADD-instead-of-LDFLAGS-to-link-ag.patch create mode 100644 0003-man-rpc_secure.3t-Fix-typo-in-manpage.patch create mode 100644 0004-xdr-add-a-defensive-mask-in-xdr_int64_t-and-xdr_u_in.patch delete mode 100644 001-new-rpcbindsock-path.patch delete mode 100644 002-revert-binddynport.patch create mode 100644 libtirpc-1-1-5-rc1.patch create mode 100644 libtirpc-1-1-5-rc2.patch delete mode 100644 libtirpc-1.0.3.tar.bz2 create mode 100644 libtirpc-1.1.4.tar.bz2 diff --git a/000-bindresvport_blacklist.patch b/000-bindresvport_blacklist.patch deleted file mode 100644 index 4271ee3..0000000 --- a/000-bindresvport_blacklist.patch +++ /dev/null @@ -1,135 +0,0 @@ -From: Olaf Kirch -Subject: make libtirpc honor /etc/bindresvport.blacklist - -Signed-off-by: Olaf Kirch - ---- src/bindresvport.c 2015-04-23 21:22:56.986448281 +0200 -+++ src/bindresvport.c 2015-04-23 21:48:06.501561665 +0200 -@@ -39,7 +39,10 @@ - #include - #include - -+#include -+#include - #include -+#include - #include - #include - -@@ -68,6 +71,80 @@ - #define ENDPORT (IPPORT_RESERVED - 1) - #define NPORTS (ENDPORT - STARTPORT + 1) - -+/* -+ * Read the file /etc/bindresvport.blacklist, so that we don't bind -+ * to these ports. -+ */ -+ -+static int blacklist_read; -+static int *list; -+static int list_size = 0; -+ -+static void -+load_blacklist (void) -+{ -+ FILE *fp; -+ char *buf = NULL; -+ size_t buflen = 0; -+ int size = 0, ptr = 0; -+ -+ blacklist_read = 1; -+ -+ fp = fopen ("/etc/bindresvport.blacklist", "r"); -+ if (NULL == fp) -+ return; -+ -+ while (!feof (fp)) -+ { -+ unsigned long port; -+ char *tmp, *cp; -+ ssize_t n = getline (&buf, &buflen, fp); -+ if (n < 1) -+ break; -+ -+ cp = buf; -+ tmp = strchr (cp, '#'); /* remove comments */ -+ if (tmp) -+ *tmp = '\0'; -+ while (isspace ((int)*cp)) /* remove spaces and tabs */ -+ ++cp; -+ if (*cp == '\0') /* ignore empty lines */ -+ continue; -+ if (cp[strlen (cp) - 1] == '\n') -+ cp[strlen (cp) - 1] = '\0'; -+ -+ port = strtoul (cp, &tmp, 0); -+ while (isspace(*tmp)) -+ ++tmp; -+ if (*tmp != '\0' || (port == ULONG_MAX && errno == ERANGE)) -+ continue; -+ -+ /* Don't bother with out-of-range ports */ -+ if (port < LOWPORT || port > ENDPORT) -+ continue; -+ -+ if (ptr >= size) -+ { -+ size += 10; -+ list = realloc (list, size * sizeof (int)); -+ if (list == NULL) -+ { -+ free (buf); -+ return; -+ } -+ } -+ -+ list[ptr++] = port; -+ } -+ -+ fclose (fp); -+ -+ if (buf) -+ free (buf); -+ -+ list_size = ptr; -+} -+ - int - bindresvport_sa(sd, sa) - int sd; -@@ -87,6 +164,9 @@ - int endport = ENDPORT; - int i; - -+ if (!blacklist_read) -+ load_blacklist(); -+ - mutex_lock(&port_lock); - nports = ENDPORT - startport + 1; - -@@ -132,12 +212,21 @@ - errno = EADDRINUSE; - again: - for (i = 0; i < nports; ++i) { -- *portp = htons(port++); -- if (port > endport) -- port = startport; -- res = bind(sd, sa, salen); -+ int j; -+ -+ /* Check if this port is not blacklisted. */ -+ for (j = 0; j < list_size; j++) -+ if (port == list[j]) -+ goto try_next_port; -+ -+ *portp = htons(port); -+ res = bind(sd, sa, salen); - if (res >= 0 || errno != EADDRINUSE) - break; -+ -+try_next_port: -+ if (++port > endport) -+ port = startport; - } - if (i == nports && startport != LOWPORT) { - startport = LOWPORT; diff --git a/0001-Fix-regression-introduced-by-change-rpc-version-orde.patch b/0001-Fix-regression-introduced-by-change-rpc-version-orde.patch deleted file mode 100644 index 7b2795b..0000000 --- a/0001-Fix-regression-introduced-by-change-rpc-version-orde.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 25d38d744997d5ff03d8b0f2cdd79c0fb7185cca Mon Sep 17 00:00:00 2001 -From: Thomas Blume -Date: Wed, 18 Apr 2018 08:44:49 -0400 -Subject: [PATCH] Fix regression introduced by change rpc version order patch - -Fix a socket leak introduced by commit 5e7b57bc20bd9cadff -(rpcinfo: change order of version to be tried to 4, 3, 2) -The new function __try_protocol_version_2 doesn't return -the client, so it can't be closed via CLNT_DESTROY in the -calling function. - -Signed-off-by: Thomas Blume -Signed-off-by: Steve Dickson ---- - src/rpcb_clnt.c | 18 ++++++++++++++---- - 1 file changed, 14 insertions(+), 4 deletions(-) - -diff --git a/src/rpcb_clnt.c b/src/rpcb_clnt.c -index a94fc73..4b44364 100644 ---- a/src/rpcb_clnt.c -+++ b/src/rpcb_clnt.c -@@ -752,7 +752,7 @@ __try_protocol_version_2(program, version, nconf, host, tp) - - client = getpmaphandle(nconf, host, &parms.r_addr); - if (client == NULL) -- return (NULL); -+ goto error; - - /* - * Set retry timeout. -@@ -771,11 +771,11 @@ __try_protocol_version_2(program, version, nconf, host, tp) - if (clnt_st != RPC_SUCCESS) { - rpc_createerr.cf_stat = RPC_PMAPFAILURE; - clnt_geterr(client, &rpc_createerr.cf_error); -- return (NULL); -+ goto error; - } else if (port == 0) { - pmapaddress = NULL; - rpc_createerr.cf_stat = RPC_PROGNOTREGISTERED; -- return (NULL); -+ goto error; - } - port = htons(port); - CLNT_CONTROL(client, CLGET_SVC_ADDR, (char *)&remote); -@@ -789,14 +789,24 @@ __try_protocol_version_2(program, version, nconf, host, tp) - free(pmapaddress); - pmapaddress = NULL; - } -- return (NULL); -+ goto error; - } - memcpy(pmapaddress->buf, remote.buf, remote.len); - memcpy(&((char *)pmapaddress->buf)[sizeof (short)], - (char *)(void *)&port, sizeof (short)); - pmapaddress->len = pmapaddress->maxlen = remote.len; - -+ CLNT_DESTROY(client); - return pmapaddress; -+ -+error: -+ if (client) { -+ CLNT_DESTROY(client); -+ client = NULL; -+ -+ } -+ return (NULL); -+ - } - #endif - --- -2.13.6 - diff --git a/0001-Makefile.am-Use-LIBADD-instead-of-LDFLAGS-to-link-ag.patch b/0001-Makefile.am-Use-LIBADD-instead-of-LDFLAGS-to-link-ag.patch new file mode 100644 index 0000000..3d8010f --- /dev/null +++ b/0001-Makefile.am-Use-LIBADD-instead-of-LDFLAGS-to-link-ag.patch @@ -0,0 +1,36 @@ +From 013cc45abef8055b3ee135fc072e402611a4a3f0 Mon Sep 17 00:00:00 2001 +From: Laurent Bigonville +Date: Tue, 11 Jun 2019 11:34:16 -0400 +Subject: [PATCH 1/7] Makefile.am: Use LIBADD instead of LDFLAGS to link + against krb5 + +LDFLAGS shouldn't be used to link against libraries as this would break +positional flags like --as-needed + +Use LIBADD instead + +Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1639032 + +Signed-off-by: Steve Dickson +Signed-off-by: Petr Vorel +[Upstream status: 013cc45abef8055b3ee135fc072e402611a4a3f0] +--- + src/Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/Makefile.am b/src/Makefile.am +index 932414d..b40a6b4 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -38,7 +38,7 @@ endif + if GSS + libtirpc_la_SOURCES += auth_gss.c authgss_prot.c svc_auth_gss.c \ + rpc_gss_utils.c +- libtirpc_la_LDFLAGS += $(GSSAPI_LIBS) ++ libtirpc_la_LIBADD = $(GSSAPI_LIBS) + libtirpc_la_CFLAGS = -DHAVE_RPCSEC_GSS $(GSSAPI_CFLAGS) + endif + +-- +2.23.0 + diff --git a/0003-man-rpc_secure.3t-Fix-typo-in-manpage.patch b/0003-man-rpc_secure.3t-Fix-typo-in-manpage.patch new file mode 100644 index 0000000..dfb1778 --- /dev/null +++ b/0003-man-rpc_secure.3t-Fix-typo-in-manpage.patch @@ -0,0 +1,31 @@ +From e51590d6c4ab61f1a22a2f47104053fe2966ecdd Mon Sep 17 00:00:00 2001 +From: Laurent Bigonville +Date: Tue, 11 Jun 2019 11:53:14 -0400 +Subject: [PATCH 3/7] man/rpc_secure.3t: Fix typo in manpage + +Currently the publickey parameter of the authdes_pk_create() function is +not displayed because of a typo + +Signed-off-by: Steve Dickson +Signed-off-by: Petr Vorel +[Upstream status: e51590d6c4ab61f1a22a2f47104053fe2966ecdd] +--- + man/rpc_secure.3t | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/man/rpc_secure.3t b/man/rpc_secure.3t +index 4a1ad93..404df0b 100644 +--- a/man/rpc_secure.3t ++++ b/man/rpc_secure.3t +@@ -19,7 +19,7 @@ + .Ft AUTH * + .Fo authdes_pk_create + .Fa "char *name" +-.FA "netobj *publickey" ++.Fa "netobj *publickey" + .Fa "unsigned window" + .Fa "struct sockaddr *addr" + .Fa "des_block *ckey" +-- +2.23.0 + diff --git a/0004-xdr-add-a-defensive-mask-in-xdr_int64_t-and-xdr_u_in.patch b/0004-xdr-add-a-defensive-mask-in-xdr_int64_t-and-xdr_u_in.patch new file mode 100644 index 0000000..4462fbe --- /dev/null +++ b/0004-xdr-add-a-defensive-mask-in-xdr_int64_t-and-xdr_u_in.patch @@ -0,0 +1,44 @@ +From d1208b5de7b52172a34e3a7262e96f99830c9770 Mon Sep 17 00:00:00 2001 +From: Stefano Garzarella +Date: Tue, 3 Sep 2019 10:54:11 -0400 +Subject: [PATCH 4/7] xdr: add a defensive mask in xdr_int64_t() and + xdr_u_int64_t() + +In order to be more defensive, we should mask bits of u_int64_t +value if we want to use only the first 32bit. + +Signed-off-by: Stefano Garzarella +Signed-off-by: Steve Dickson +Signed-off-by: Petr Vorel +[Upstream status: d1208b5de7b52172a34e3a7262e96f99830c9770] +--- + src/xdr.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/xdr.c b/src/xdr.c +index b9a1558..28d1382 100644 +--- a/src/xdr.c ++++ b/src/xdr.c +@@ -877,7 +877,8 @@ xdr_int64_t(xdrs, llp) + if (XDR_GETLONG(xdrs, (long *)&ul[1]) == FALSE) + return (FALSE); + *llp = (int64_t) +- (((u_int64_t)ul[0] << 32) | ((u_int64_t)ul[1])); ++ (((u_int64_t)ul[0] << 32) | ++ ((u_int64_t)(ul[1]) & 0xffffffff)); + return (TRUE); + case XDR_FREE: + return (TRUE); +@@ -910,7 +911,8 @@ xdr_u_int64_t(xdrs, ullp) + if (XDR_GETLONG(xdrs, (long *)&ul[1]) == FALSE) + return (FALSE); + *ullp = (u_int64_t) +- (((u_int64_t)ul[0] << 32) | ((u_int64_t)ul[1])); ++ (((u_int64_t)ul[0] << 32) | ++ ((u_int64_t)(ul[1]) & 0xffffffff)); + return (TRUE); + case XDR_FREE: + return (TRUE); +-- +2.23.0 + diff --git a/001-new-rpcbindsock-path.patch b/001-new-rpcbindsock-path.patch deleted file mode 100644 index eed3919..0000000 --- a/001-new-rpcbindsock-path.patch +++ /dev/null @@ -1,35 +0,0 @@ -Starting with openSUSE 13.1, rpcbind creates its socket in /var rather that /var/run. -Update libtirpc to go looking for it in the right place. - -Signed-off-by: Olaf Kirch ---- - tirpc/rpc/rpcb_prot.h | 2 +- - tirpc/rpc/rpcb_prot.x | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -Index: libtirpc-0.2.4-rc2/tirpc/rpc/rpcb_prot.h -=================================================================== ---- libtirpc-0.2.4-rc2/tirpc/rpc/rpcb_prot.h -+++ libtirpc-0.2.4-rc2/tirpc/rpc/rpcb_prot.h -@@ -476,7 +476,7 @@ extern bool_t xdr_netbuf(XDR *, struct n - #define RPCBVERS_3 RPCBVERS - #define RPCBVERS_4 RPCBVERS4 - --#define _PATH_RPCBINDSOCK "/var/run/rpcbind.sock" -+#define _PATH_RPCBINDSOCK "/run/rpcbind.sock" - - #else /* ndef _KERNEL */ - #ifdef __cplusplus -Index: libtirpc-0.2.4-rc2/tirpc/rpc/rpcb_prot.x -=================================================================== ---- libtirpc-0.2.4-rc2/tirpc/rpc/rpcb_prot.x -+++ libtirpc-0.2.4-rc2/tirpc/rpc/rpcb_prot.x -@@ -410,7 +410,7 @@ program RPCBPROG { - %#define RPCBVERS_3 RPCBVERS - %#define RPCBVERS_4 RPCBVERS4 - % --%#define _PATH_RPCBINDSOCK "/var/run/rpcbind.sock" -+%#define _PATH_RPCBINDSOCK "/run/rpcbind.sock" - % - %#else /* ndef _KERNEL */ - %#ifdef __cplusplus diff --git a/002-revert-binddynport.patch b/002-revert-binddynport.patch deleted file mode 100644 index ffec408..0000000 --- a/002-revert-binddynport.patch +++ /dev/null @@ -1,256 +0,0 @@ -diff --git a/src/Makefile.am b/src/Makefile.am -index 932414d..fba2aa4 100644 ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -15,9 +15,8 @@ lib_LTLIBRARIES = libtirpc.la - libtirpc_la_LDFLAGS = @LDFLAG_NOUNDEFINED@ -no-undefined -lpthread - libtirpc_la_LDFLAGS += -version-info @LT_VERSION_INFO@ - --libtirpc_la_SOURCES = auth_none.c auth_unix.c authunix_prot.c \ -- binddynport.c bindresvport.c \ -- clnt_bcast.c clnt_dg.c clnt_generic.c clnt_perror.c clnt_raw.c clnt_simple.c \ -+libtirpc_la_SOURCES = auth_none.c auth_unix.c authunix_prot.c bindresvport.c clnt_bcast.c \ -+ clnt_dg.c clnt_generic.c clnt_perror.c clnt_raw.c clnt_simple.c \ - clnt_vc.c rpc_dtablesize.c getnetconfig.c getnetpath.c getrpcent.c \ - getrpcport.c mt_misc.c pmap_clnt.c pmap_getmaps.c pmap_getport.c \ - pmap_prot.c pmap_prot2.c pmap_rmt.c rpc_prot.c rpc_commondata.c \ -diff --git a/src/binddynport.c b/src/binddynport.c -deleted file mode 100644 -index 062629a..0000000 ---- a/src/binddynport.c -+++ /dev/null -@@ -1,139 +0,0 @@ --/* -- * Copyright (c) 2018, Oracle America, Inc. -- * All rights reserved. -- * -- * Redistribution and use in source and binary forms, with or without -- * modification, are permitted provided that the following conditions are met: -- * - Redistributions of source code must retain the above copyright notice, -- * this list of conditions and the following disclaimer. -- * - Redistributions in binary form must reproduce the above copyright notice, -- * this list of conditions and the following disclaimer in the documentation -- * and/or other materials provided with the distribution. -- * - Neither the name of "Oracle America, Inc." nor the names of its -- * contributors may be used to endorse or promote products derived -- * from this software without specific prior written permission. -- * -- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -- * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE -- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -- * POSSIBILITY OF SUCH DAMAGE. -- */ -- --#include --#include --#include -- --#include --#include -- --#include --#include --#include --#include -- --#include -- --#include "reentrant.h" --#include "rpc_com.h" -- --extern pthread_mutex_t port_lock; -- --/* -- * Dynamic port range as defined in RFC 6335 Section 6. -- * This range avoids all IANA-assigned service port -- * numbers. -- */ --enum { -- LOWPORT = 49152, -- ENDPORT = 65534, -- NPORTS = ENDPORT - LOWPORT + 1, --}; -- --/* -- * Bind a socket to a dynamically-assigned IP port. -- * -- * @fd is an open but unbound socket. -- * -- * On each call, a port number is chosen at random from -- * within the dynamic/private port range, even if the -- * caller has CAP_NET_ADMIN_BIND. -- * -- * Returns 0 on success, -1 on failure. errno may be -- * set to a non-determinant value. -- * -- * This function is re-entrant. -- */ --int __binddynport(int fd) --{ -- struct sockaddr_storage ss; --#ifdef INET6 -- struct sockaddr_in6 *sin6; --#endif -- struct sockaddr_in *sin; -- static unsigned int seed; -- in_port_t port, *portp; -- struct sockaddr *sap; -- socklen_t salen; -- int i, res; -- -- if (__rpc_sockisbound(fd)) -- return 0; -- -- res = -1; -- sap = (struct sockaddr *)(void *)&ss; -- salen = sizeof(ss); -- memset(sap, 0, salen); -- -- mutex_lock(&port_lock); -- -- if (getsockname(fd, sap, &salen) == -1) -- goto out; -- -- switch (ss.ss_family) { -- case AF_INET: -- sin = (struct sockaddr_in *)(void *)&ss; -- portp = &sin->sin_port; -- salen = sizeof(struct sockaddr_in); -- break; --#ifdef INET6 -- case AF_INET6: -- sin6 = (struct sockaddr_in6 *)(void *)&ss; -- portp = &sin6->sin6_port; -- salen = sizeof(struct sockaddr_in6); -- break; --#endif -- default: -- goto out; -- } -- -- if (!seed) { -- struct timeval tv; -- -- gettimeofday(&tv, NULL); -- seed = tv.tv_usec * getpid(); -- } -- port = (rand_r(&seed) % NPORTS) + LOWPORT; -- for (i = 0; i < NPORTS; ++i) { -- *portp = htons(port++); -- res = bind(fd, sap, salen); -- if (res >= 0) { -- res = 0; -- break; -- } -- if (errno != EADDRINUSE) -- break; -- if (port > ENDPORT) -- port = LOWPORT; -- } -- --out: -- mutex_unlock(&port_lock); -- return res; --} -diff --git a/src/clnt_generic.c b/src/clnt_generic.c -index e5a314f..3f3dabf 100644 ---- a/src/clnt_generic.c -+++ b/src/clnt_generic.c -@@ -47,7 +47,6 @@ - - extern bool_t __rpc_is_local_host(const char *); - int __rpc_raise_fd(int); --extern int __binddynport(int fd); - - #ifndef NETIDLEN - #define NETIDLEN 32 -@@ -341,8 +340,7 @@ clnt_tli_create(int fd, const struct netconfig *nconf, - servtype = nconf->nc_semantics; - if (!__rpc_fd2sockinfo(fd, &si)) - goto err; -- if (__binddynport(fd) == -1) -- goto err; -+ bindresvport(fd, NULL); - } else { - if (!__rpc_fd2sockinfo(fd, &si)) - goto err; -diff --git a/src/rpc_soc.c b/src/rpc_soc.c -index af6c482..ed0892a 100644 ---- a/src/rpc_soc.c -+++ b/src/rpc_soc.c -@@ -67,8 +67,6 @@ - - extern mutex_t rpcsoc_lock; - --extern int __binddynport(int fd); -- - static CLIENT *clnt_com_create(struct sockaddr_in *, rpcprog_t, rpcvers_t, - int *, u_int, u_int, char *, int); - static SVCXPRT *svc_com_create(int, u_int, u_int, char *); -@@ -147,8 +145,7 @@ clnt_com_create(raddr, prog, vers, sockp, sendsz, recvsz, tp, flags) - bindaddr.maxlen = bindaddr.len = sizeof (struct sockaddr_in); - bindaddr.buf = raddr; - -- if (__binddynport(fd) == -1) -- goto err; -+ bindresvport(fd, NULL); - cl = clnt_tli_create(fd, nconf, &bindaddr, prog, vers, - sendsz, recvsz); - if (cl) { -@@ -316,6 +313,7 @@ svc_com_create(fd, sendsize, recvsize, netid) - SVCXPRT *svc; - int madefd = FALSE; - int port; -+ struct sockaddr_in sin; - - if ((nconf = __rpc_getconfip(netid)) == NULL) { - (void) syslog(LOG_ERR, "Could not get %s transport", netid); -@@ -332,6 +330,10 @@ svc_com_create(fd, sendsize, recvsize, netid) - madefd = TRUE; - } - -+ memset(&sin, 0, sizeof sin); -+ sin.sin_family = AF_INET; -+ bindresvport(fd, &sin); -+ listen(fd, SOMAXCONN); - svc = svc_tli_create(fd, nconf, NULL, sendsize, recvsize); - (void) freenetconfigent(nconf); - if (svc == NULL) { -diff --git a/src/svc_generic.c b/src/svc_generic.c -index 52a56c2..7aae796 100644 ---- a/src/svc_generic.c -+++ b/src/svc_generic.c -@@ -53,7 +53,6 @@ - #include - - extern int __svc_vc_setflag(SVCXPRT *, int); --extern int __binddynport(int fd); - - /* - * The highest level interface for server creation. -@@ -221,10 +220,15 @@ svc_tli_create(fd, nconf, bindaddr, sendsz, recvsz) - */ - if (madefd || !__rpc_sockisbound(fd)) { - if (bindaddr == NULL) { -- if (__binddynport(fd) == -1) { -- warnx( -+ if (bindresvport(fd, NULL) < 0) { -+ memset(&ss, 0, sizeof ss); -+ ss.ss_family = si.si_af; -+ if (bind(fd, (struct sockaddr *)(void *)&ss, -+ (socklen_t)si.si_alen) < 0) { -+ warnx( - "svc_tli_create: could not bind to anonymous port"); -- goto freedata; -+ goto freedata; -+ } - } - listen(fd, SOMAXCONN); - } else { diff --git a/libtirpc-1-1-5-rc1.patch b/libtirpc-1-1-5-rc1.patch new file mode 100644 index 0000000..9f0add1 --- /dev/null +++ b/libtirpc-1-1-5-rc1.patch @@ -0,0 +1,170 @@ +git diff libtirpc-1-1-4..libtirpc-1-1-5-rc1 + +Commits: +e49077d clnt_vc.c: remove a false positive from a covscan +4d2ceca svc_simple.c: resource_leak +92d4b35 svc_generic.c: resource_leak +3b2e537 rtime.c: resource_leak +830e3f6 rpcb_clnt.c: resource_leak +c0885a7 rpc_soc.c: buffer_size_warning +6db7f04 rpc_soc.c: resource_leak +710a713 rpc_generic.c: resource_leak +57d1529 getnetpath.c: resource_leak +a1fae25 getnetconfig.c: cppcheck_warning +55d1460 clnt_vc.c: resource_leak +757f379 clnt_bcast.c: resource_leak +489dd50 auth_gss.c: buffer_size_warning +25fdba9 auth_gss.c: resource_leak + +Signed-off-by: Petr Vorel +diff --git a/src/auth_gss.c b/src/auth_gss.c +index 5959893..7d08262 100644 +--- a/src/auth_gss.c ++++ b/src/auth_gss.c +@@ -207,6 +207,7 @@ authgss_create(CLIENT *clnt, gss_name_t name, struct rpc_gss_sec *sec) + rpc_createerr.cf_stat = RPC_SYSTEMERROR; + rpc_createerr.cf_error.re_errno = ENOMEM; + free(auth); ++ free(gd); + return (NULL); + } + } +@@ -592,7 +593,7 @@ _rpc_gss_refresh(AUTH *auth, rpc_gss_options_ret_t *options_ret) + if (rpc_gss_oid_to_mech(actual_mech_type, &mechanism)) { + strncpy(options_ret->actual_mechanism, + mechanism, +- sizeof(options_ret->actual_mechanism)); ++ (sizeof(options_ret->actual_mechanism)-1)); + } + + gd->established = TRUE; +diff --git a/src/clnt_bcast.c b/src/clnt_bcast.c +index 98cf061..2ad6c89 100644 +--- a/src/clnt_bcast.c ++++ b/src/clnt_bcast.c +@@ -330,6 +330,7 @@ rpc_broadcast_exp(prog, vers, proc, xargs, argsp, xresults, resultsp, + if (nettype == NULL) + nettype = "datagram_n"; + if ((handle = __rpc_setconf(nettype)) == NULL) { ++ AUTH_DESTROY(sys_auth); + return (RPC_UNKNOWNPROTO); + } + while ((nconf = __rpc_getconf(handle)) != NULL) { +diff --git a/src/getnetconfig.c b/src/getnetconfig.c +index 92e7c43..d67d97d 100644 +--- a/src/getnetconfig.c ++++ b/src/getnetconfig.c +@@ -709,6 +709,8 @@ struct netconfig *ncp; + p->nc_lookups = (char **)malloc((size_t)(p->nc_nlookups+1) * sizeof(char *)); + if (p->nc_lookups == NULL) { + free(p->nc_netid); ++ free(p); ++ free(tmp); + return(NULL); + } + for (i=0; i < p->nc_nlookups; i++) { +diff --git a/src/getnetpath.c b/src/getnetpath.c +index 7c19932..ea1a18c 100644 +--- a/src/getnetpath.c ++++ b/src/getnetpath.c +@@ -88,6 +88,7 @@ setnetpath() + } + if ((np_sessionp->nc_handlep = setnetconfig()) == NULL) { + syslog (LOG_ERR, "rpc: failed to open " NETCONFIG); ++ free(np_sessionp); + return (NULL); + } + np_sessionp->valid = NP_VALID; +diff --git a/src/rpc_generic.c b/src/rpc_generic.c +index 589cbd5..51f36ac 100644 +--- a/src/rpc_generic.c ++++ b/src/rpc_generic.c +@@ -319,6 +319,7 @@ __rpc_setconf(nettype) + handle->nflag = FALSE; + break; + default: ++ free(handle); + return (NULL); + } + +diff --git a/src/rpc_soc.c b/src/rpc_soc.c +index 5a6eeb7..a85cb17 100644 +--- a/src/rpc_soc.c ++++ b/src/rpc_soc.c +@@ -663,15 +663,17 @@ svcunix_create(sock, sendsize, recvsize, path) + strcmp(nconf->nc_protofmly, NC_LOOPBACK) == 0) + break; + } +- if (nconf == NULL) ++ if (nconf == NULL) { ++ endnetconfig(localhandle); + return(xprt); ++ } + + if ((sock = __rpc_nconf2fd(nconf)) < 0) + goto done; + + memset(&sun, 0, sizeof sun); + sun.sun_family = AF_LOCAL; +- strncpy(sun.sun_path, path, sizeof(sun.sun_path)); ++ strncpy(sun.sun_path, path, (sizeof(sun.sun_path)-1)); + addrlen = sizeof(struct sockaddr_un); + sa = (struct sockaddr *)&sun; + +@@ -692,6 +694,8 @@ svcunix_create(sock, sendsize, recvsize, path) + } + + xprt = (SVCXPRT *)svc_tli_create(sock, nconf, &taddr, sendsize, recvsize); ++ if (xprt == NULL) ++ close(sock); + + done: + endnetconfig(localhandle); +diff --git a/src/rpcb_clnt.c b/src/rpcb_clnt.c +index e45736a..0c34cb7 100644 +--- a/src/rpcb_clnt.c ++++ b/src/rpcb_clnt.c +@@ -547,6 +547,7 @@ try_nconf: + if (tmpnconf == NULL) { + rpc_createerr.cf_stat = RPC_UNKNOWNPROTO; + mutex_unlock(&loopnconf_lock); ++ endnetconfig(nc_handle); + return (NULL); + } + loopnconf = getnetconfigent(tmpnconf->nc_netid); +diff --git a/src/rtime.c b/src/rtime.c +index b642840..29fbf0a 100644 +--- a/src/rtime.c ++++ b/src/rtime.c +@@ -90,6 +90,7 @@ rtime(addrp, timep, timeout) + + /* TCP and UDP port are the same in this case */ + if ((serv = getservbyname("time", "tcp")) == NULL) { ++ do_close(s); + return(-1); + } + +diff --git a/src/svc_generic.c b/src/svc_generic.c +index 52a56c2..20abaa2 100644 +--- a/src/svc_generic.c ++++ b/src/svc_generic.c +@@ -113,6 +113,7 @@ svc_create(dispatch, prognum, versnum, nettype) + if (l == NULL) { + warnx("svc_create: no memory"); + mutex_unlock(&xprtlist_lock); ++ __rpc_endconf(handle); + return (0); + } + l->xprt = xprt; +diff --git a/src/svc_simple.c b/src/svc_simple.c +index cb58002..c32fe0a 100644 +--- a/src/svc_simple.c ++++ b/src/svc_simple.c +@@ -157,6 +157,7 @@ rpc_reg(prognum, versnum, procnum, progname, inproc, outproc, nettype) + ((netid = strdup(nconf->nc_netid)) == NULL)) { + warnx(rpc_reg_err, rpc_reg_msg, __no_mem_str); + SVC_DESTROY(svcxprt); ++ free(xdrbuf); + break; + } + madenow = TRUE; diff --git a/libtirpc-1-1-5-rc2.patch b/libtirpc-1-1-5-rc2.patch new file mode 100644 index 0000000..1873806 --- /dev/null +++ b/libtirpc-1-1-5-rc2.patch @@ -0,0 +1,148 @@ +git diff libtirpc-1-1-5-rc1..libtirpc-1-1-5-rc2 + +Commits: +3a17941 Fix EOF detection on non-blocking socket +e80e668 getrpcent.c: fix typo +9e738df __getpublickey_real: Removed a warning +959b200 getnetconfig.c: fix a BAD_FREE (CWE-763) + +Signed-off-by: Petr Vorel +diff --git a/src/getnetconfig.c b/src/getnetconfig.c +index d67d97d..cfd33c2 100644 +--- a/src/getnetconfig.c ++++ b/src/getnetconfig.c +@@ -681,6 +681,7 @@ struct netconfig *ncp; + { + struct netconfig *p; + char *tmp; ++ char *t; + u_int i; + + if ((tmp=malloc(MAXNETCONFIGLINE)) == NULL) +@@ -700,22 +701,21 @@ struct netconfig *ncp; + */ + *p = *ncp; + p->nc_netid = (char *)strcpy(tmp,ncp->nc_netid); +- tmp = strchr(tmp, 0) + 1; +- p->nc_protofmly = (char *)strcpy(tmp,ncp->nc_protofmly); +- tmp = strchr(tmp, 0) + 1; +- p->nc_proto = (char *)strcpy(tmp,ncp->nc_proto); +- tmp = strchr(tmp, 0) + 1; +- p->nc_device = (char *)strcpy(tmp,ncp->nc_device); ++ t = strchr(tmp, 0) + 1; ++ p->nc_protofmly = (char *)strcpy(t,ncp->nc_protofmly); ++ t = strchr(t, 0) + 1; ++ p->nc_proto = (char *)strcpy(t,ncp->nc_proto); ++ t = strchr(t, 0) + 1; ++ p->nc_device = (char *)strcpy(t,ncp->nc_device); + p->nc_lookups = (char **)malloc((size_t)(p->nc_nlookups+1) * sizeof(char *)); + if (p->nc_lookups == NULL) { +- free(p->nc_netid); + free(p); + free(tmp); + return(NULL); + } + for (i=0; i < p->nc_nlookups; i++) { +- tmp = strchr(tmp, 0) + 1; +- p->nc_lookups[i] = (char *)strcpy(tmp,ncp->nc_lookups[i]); ++ t = strchr(t, 0) + 1; ++ p->nc_lookups[i] = (char *)strcpy(t,ncp->nc_lookups[i]); + } + return(p); + } +diff --git a/src/getpublickey.c b/src/getpublickey.c +index 8cf4dc2..be37a24 100644 +--- a/src/getpublickey.c ++++ b/src/getpublickey.c +@@ -74,7 +74,7 @@ __getpublickey_real(netname, publickey) + return (0); + } + *p = '\0'; +- (void) strncpy(publickey, lookup, HEXKEYBYTES); ++ memcpy(publickey, lookup, HEXKEYBYTES); + publickey[HEXKEYBYTES] = '\0'; + return (1); + } +diff --git a/src/getrpcent.c b/src/getrpcent.c +index cba4cd8..e49dc05 100644 +--- a/src/getrpcent.c ++++ b/src/getrpcent.c +@@ -100,7 +100,7 @@ _rpcdata() + return (d); + } + +-#if !HAVE_GETRPCBYNYMBER ++#if !HAVE_GETRPCBYNUMBER + struct rpcent * + getrpcbynumber(number) + int number; +diff --git a/src/svc_vc.c b/src/svc_vc.c +index 97a76a3..c23cd36 100644 +--- a/src/svc_vc.c ++++ b/src/svc_vc.c +@@ -502,9 +502,14 @@ read_vc(xprtp, buf, len) + cfp = (struct cf_conn *)xprt->xp_p1; + + if (cfp->nonblock) { ++ /* Since len == 0 is returned on zero length ++ * read or EOF errno needs to be reset before ++ * the read ++ */ ++ errno = 0; + len = read(sock, buf, (size_t)len); + if (len < 0) { +- if (errno == EAGAIN) ++ if (errno == EAGAIN || errno == EWOULDBLOCK) + len = 0; + else + goto fatal_err; +diff --git a/src/xdr_rec.c b/src/xdr_rec.c +index 7d535cf..676cc82 100644 +--- a/src/xdr_rec.c ++++ b/src/xdr_rec.c +@@ -61,6 +61,7 @@ + #include + #include + #include ++#include + #include "rpc_com.h" + static bool_t xdrrec_getlong(XDR *, long *); + static bool_t xdrrec_putlong(XDR *, const long *); +@@ -537,7 +538,13 @@ __xdrrec_getrec(xdrs, statp, expectdata) + n = rstrm->readit(rstrm->tcp_handle, rstrm->in_hdrp, + (int)sizeof (rstrm->in_header) - rstrm->in_hdrlen); + if (n == 0) { +- *statp = expectdata ? XPRT_DIED : XPRT_IDLE; ++ /* EAGAIN or EWOULDBLOCK means a zero length ++ * read not an EOF. ++ */ ++ if (errno == EAGAIN || errno == EWOULDBLOCK) ++ *statp = XPRT_IDLE; ++ else ++ *statp = expectdata ? XPRT_DIED : XPRT_IDLE; + return FALSE; + } + if (n < 0) { +@@ -564,6 +571,7 @@ __xdrrec_getrec(xdrs, statp, expectdata) + rstrm->in_header &= ~LAST_FRAG; + rstrm->last_frag = TRUE; + } ++ rstrm->in_haveheader = 1; + } + + n = rstrm->readit(rstrm->tcp_handle, +@@ -576,7 +584,13 @@ __xdrrec_getrec(xdrs, statp, expectdata) + } + + if (n == 0) { +- *statp = expectdata ? XPRT_DIED : XPRT_IDLE; ++ /* EAGAIN or EWOULDBLOCK means a zero length ++ * read not an EOF. ++ */ ++ if (errno == EAGAIN || errno == EWOULDBLOCK) ++ *statp = XPRT_IDLE; ++ else ++ *statp = expectdata ? XPRT_DIED : XPRT_IDLE; + return FALSE; + } + diff --git a/libtirpc-1.0.3.tar.bz2 b/libtirpc-1.0.3.tar.bz2 deleted file mode 100644 index 3bb649e..0000000 --- a/libtirpc-1.0.3.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:86c3a78fc1bddefa96111dd233124c703b22a78884203c55c3e06b3be6a0fd5e -size 509831 diff --git a/libtirpc-1.1.4.tar.bz2 b/libtirpc-1.1.4.tar.bz2 new file mode 100644 index 0000000..09872c8 --- /dev/null +++ b/libtirpc-1.1.4.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2ca529f02292e10c158562295a1ffd95d2ce8af97820e3534fe1b0e3aec7561d +size 510924 diff --git a/libtirpc.changes b/libtirpc.changes index 8090540..130fac7 100644 --- a/libtirpc.changes +++ b/libtirpc.changes @@ -1,3 +1,26 @@ +------------------------------------------------------------------- +Wed Oct 16 11:46:28 UTC 2019 - Petr Vorel + +- Updated to libtirpc 1.1.5 rc2 (this includes changes in 1.1.4 release) + - add libtirpc-1-1-5-rc1.patch and libtirpc-1-1-5-rc2.patch to reflect + upstream changes after 1.1.4 release + - remove /etc/bindresvport.blacklist as it's still supported by glibc + although it's not compiled with --enable-obsolete-rpc + +- Drop patches accepted in previous releases or not needed + - 000-bindresvport_blacklist.patch (accepted in 5b037cc9, libtirpc 1.1.4) + - 001-new-rpcbindsock-path.patch (not needed, rpcbind now uses /var/run directory) + - 002-revert-binddynport.patch (fixed in 2802259, libtirpc-1-0-4-rc1) + - 0001-Fix-regression-introduced-by-change-rpc-version-orde.patch + (backport of 25d38d7, libtirpc-1-0-4-rc1) + - 0001-xdrstdio_create-buffers-do-not-output-encoded-values.patch + (backport of 145272c, libtirpc-1-0-4-rc2) + +- Add fixes from upcomming release + - 0001-Makefile.am-Use-LIBADD-instead-of-LDFLAGS-to-link-ag.patch + - 0003-man-rpc_secure.3t-Fix-typo-in-manpage.patch + - 0004-xdr-add-a-defensive-mask-in-xdr_int64_t-and-xdr_u_in.patch + ------------------------------------------------------------------- Mon Mar 11 15:23:12 UTC 2019 - Michal Suchanek diff --git a/libtirpc.spec b/libtirpc.spec index 024d1b9..2131bfc 100644 --- a/libtirpc.spec +++ b/libtirpc.spec @@ -18,7 +18,7 @@ Name: libtirpc # src/crypt_client.c and tirpc/rpcsvc/crypt.x have the BSD advertising clause -Version: 1.0.3 +Version: 1.1.4 Release: 0 Summary: Transport Independent RPC Library License: BSD-3-Clause @@ -34,13 +34,8 @@ BuildRequires: pkg-config Url: https://sourceforge.net/projects/libtirpc/ Source: %{name}-%{version}.tar.bz2 Source1: baselibs.conf -Patch0: 000-bindresvport_blacklist.patch -# only needed on openSUSE >= 13.1, SLE >= 12 -Patch1: 001-new-rpcbindsock-path.patch -# Revert upstream change until tirpc 1.0.4 with a final solutions comes out -Patch2: 002-revert-binddynport.patch -Patch3: 0001-Fix-regression-introduced-by-change-rpc-version-orde.patch -Patch16: 0001-xdrstdio_create-buffers-do-not-output-encoded-values.patch +Patch0: libtirpc-1-1-5-rc1.patch +Patch1: libtirpc-1-1-5-rc2.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %define debug_package_requires libtirpc3 = %{version}-%{release} @@ -85,13 +80,8 @@ TCP over IPv4. %prep %setup -q -n %name-%version -%patch0 -p0 -%if 0%{suse_version} >= 1310 +%patch0 -p1 %patch1 -p1 -%endif -%patch2 -p1 -%patch3 -p1 -%patch16 -p1 %build sed -i -e 's|@includedir@/tirpc|@includedir@|g' libtirpc.pc.in @@ -118,6 +108,7 @@ mv -v %{buildroot}/%{_lib}/pkgconfig %{buildroot}/%{_libdir} # they are now default mv -v %{buildroot}%{_includedir}/tirpc/* %{buildroot}%{_includedir} rmdir %{buildroot}%{_includedir}/tirpc +rm -v %{buildroot}/etc/bindresvport.blacklist %post -n libtirpc3 -p /sbin/ldconfig