Hello community, here is the log from the commit of package libtirpc for openSUSE:Factory checked in at 2015-12-03 13:28:48 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libtirpc (Old) and /work/SRC/openSUSE:Factory/.libtirpc.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libtirpc" Changes: -------- --- /work/SRC/openSUSE:Factory/libtirpc/libtirpc.changes 2015-07-19 11:44:53.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.libtirpc.new/libtirpc.changes 2015-12-03 13:28:49.000000000 +0100 @@ -1,0 +2,32 @@ +Tue Nov 17 12:55:40 CET 2015 - [email protected] + +- Update to libtirpc-1.0.1 + - new major soname + - Adjust auth code to match other RPC implementations + - Implement more gss auth stuff + - use poll() instead of select() in svc_run() + - Add more sunrpc compat functions + - Sync compat headers with real functions + +- Drop 005-missing-symvers.patch (upstream) +- Drop 006-memleak1.patch (upstream) +- Drop 007-memleak2.patch (upstream) +- Drop 008-fix-undef-ref.patch (upstream) +- Drop 009-authdes_pk_create.patch (upstream) +- Drop 010-xdr_sizeof.patch (upstream) +- Drop 011-authdes_create.patch (upstream) +- Drop 012-xp_sock.patch (upstream) +- Drop 099-poll.patch (upstream) +- Add 005-libtirpc-1.0.2-rc1.patch (fixes deadlock) + +------------------------------------------------------------------- +Thu Jul 16 15:46:00 CEST 2015 - [email protected] + +- Update 099-poll.patch with newest version send upstream. + +------------------------------------------------------------------- +Fri Jul 10 14:56:02 CEST 2015 - [email protected] + +- Add 099-poll.patch: change svc_run from select() to poll(). + +------------------------------------------------------------------- Old: ---- 005-missing-symvers.patch 006-memleak1.patch 007-memleak2.patch 008-fix-undef-ref.patch 009-authdes_pk_create.patch 010-xdr_sizeof.patch 011-authdes_create.patch 012-xp_sock.patch libtirpc-0.3.2.tar.bz2 New: ---- 005-libtirpc-1.0.2-rc1.patch libtirpc-1.0.1.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libtirpc.spec ++++++ --- /var/tmp/diff_new_pack.bVscCT/_old 2015-12-03 13:28:50.000000000 +0100 +++ /var/tmp/diff_new_pack.bVscCT/_new 2015-12-03 13:28:50.000000000 +0100 @@ -17,9 +17,8 @@ Name: libtirpc -# src/crypt_client.c tirpc/spinlock.h and tirpc/rpcsvc/crypt.x have the BSD -# advertising clause -Version: 0.3.2 +# src/crypt_client.c and tirpc/rpcsvc/crypt.x have the BSD advertising clause +Version: 1.0.1 Release: 0 Summary: Transport Independent RPC Library License: BSD-4-Clause @@ -33,26 +32,18 @@ BuildRequires: libtool BuildRequires: pkg-config Url: http://sourceforge.net/projects/libtirpc/ -# http://downloads.sourceforge.net/project/%{name}/%{name}/%{version}/%{name}-%{version}.tar.bz2 Source: %{name}-%{version}.tar.bz2 Source1: baselibs.conf Patch0: 000-bindresvport_blacklist.patch # Patch2 is only needed for SLES11 Patch2: 002-old-automake.patch Patch4: 004-netconfig-prefer-IPv6.patch -Patch5: 005-missing-symvers.patch -Patch6: 006-memleak1.patch -Patch7: 007-memleak2.patch -Patch8: 008-fix-undef-ref.patch -Patch9: 009-authdes_pk_create.patch -Patch10: 010-xdr_sizeof.patch -Patch11: 011-authdes_create.patch -Patch12: 012-xp_sock.patch +Patch5: 005-libtirpc-1.0.2-rc1.patch Patch25: patch6_7.diff # Patch37 is only needed on openSUSE >= 13.1, SLE >= 12 Patch37: libtirpc-new-path-rpcbindsock.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build -%define debug_package_requires libtirpc1 = %{version}-%{release} +%define debug_package_requires libtirpc3 = %{version}-%{release} %description The Transport Independent RPC library (TI-RPC) is a replacement for the @@ -60,11 +51,11 @@ This implementation allows the support of other transports than UDP and TCP over IPv4 -%package -n libtirpc1 +%package -n libtirpc3 Summary: Transport Independent RPC Library Group: System/Libraries -%description -n libtirpc1 +%description -n libtirpc3 The Transport Independent RPC library (TI-RPC) is a replacement for the standard SunRPC library in glibc which does not support IPv6 addresses. This implementation allows the support of other transports than UDP and @@ -76,7 +67,7 @@ Summary: Transport Independent RPC Library Group: Development/Libraries/C and C++ Requires: glibc-devel -Requires: libtirpc1 = %{version} +Requires: libtirpc3 = %{version} %description devel The Transport Independent RPC library (TI-RPC) is a replacement for the @@ -90,13 +81,6 @@ %patch2 -p1 %patch4 -p1 %patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 -%patch10 -p1 -%patch11 -p1 -%patch12 -p1 %patch25 -p1 %if 0%{suse_version} >= 1310 %patch37 -p1 @@ -118,7 +102,7 @@ # NO_BRP_CHECK_ROOTFS is for SLES11 only, but does not harm for Factory export NO_BRP_CHECK_ROOTFS=true make install DESTDIR=$RPM_BUILD_ROOT -# move devel so link to %{_libdir} +# move devel so link to _libdir mkdir -p $RPM_BUILD_ROOT%{_libdir} %{__ln_s} -v /%{_lib}/$(readlink %{buildroot}/%{_lib}/%{name}.so) %{buildroot}%{_libdir}/%{name}.so %{__rm} -v %{buildroot}/%{_lib}/%{name}.{la,so} @@ -127,14 +111,14 @@ %clean rm -rf $RPM_BUILD_ROOT -%post -n libtirpc1 -p /sbin/ldconfig +%post -n libtirpc3 -p /sbin/ldconfig -%postun -n libtirpc1 -p /sbin/ldconfig +%postun -n libtirpc3 -p /sbin/ldconfig -%files -n libtirpc1 +%files -n libtirpc3 %defattr(-,root,root) %config %{_sysconfdir}/netconfig -/%{_lib}/libtirpc.so.1* +/%{_lib}/libtirpc.so.3* %{_mandir}/man5/netconfig.5.gz %files devel ++++++ 002-old-automake.patch ++++++ --- /var/tmp/diff_new_pack.bVscCT/_old 2015-12-03 13:28:50.000000000 +0100 +++ /var/tmp/diff_new_pack.bVscCT/_new 2015-12-03 13:28:50.000000000 +0100 @@ -3,7 +3,7 @@ --- a/configure.ac +++ b/configure.ac @@ -1,5 +1,4 @@ - AC_INIT(libtirpc, 0.3.2) + AC_INIT(libtirpc, 1.0.1) -AM_INIT_AUTOMAKE([silent-rules]) +AM_INIT_AUTOMAKE -AM_SILENT_RULES([yes]) ++++++ 005-libtirpc-1.0.2-rc1.patch ++++++ diff --git a/src/svc.c b/src/svc.c index 9c41445..b59467b 100644 --- a/src/svc.c +++ b/src/svc.c @@ -99,7 +99,7 @@ xprt_register (xprt) { __svc_xports = (SVCXPRT **) calloc (_rpc_dtablesize(), sizeof (SVCXPRT *)); if (__svc_xports == NULL) - return; + goto unlock; } if (sock < _rpc_dtablesize()) { @@ -120,14 +120,14 @@ xprt_register (xprt) svc_pollfd[i].fd = sock; svc_pollfd[i].events = (POLLIN | POLLPRI | POLLRDNORM | POLLRDBAND); - return; + goto unlock; } new_svc_pollfd = (struct pollfd *) realloc (svc_pollfd, sizeof (struct pollfd) * (svc_max_pollfd + 1)); if (new_svc_pollfd == NULL) /* Out of memory */ - return; + goto unlock; svc_pollfd = new_svc_pollfd; ++svc_max_pollfd; @@ -135,6 +135,7 @@ xprt_register (xprt) svc_pollfd[svc_max_pollfd - 1].events = (POLLIN | POLLPRI | POLLRDNORM | POLLRDBAND); } +unlock: rwlock_unlock (&svc_fd_lock); } diff --git a/src/svc_auth_gss.c b/src/svc_auth_gss.c index b6aa407..bece46a 100644 --- a/src/svc_auth_gss.c +++ b/src/svc_auth_gss.c @@ -129,6 +129,8 @@ struct svc_rpc_gss_data { ((struct svc_rpc_gss_data *)(auth)->svc_ah_private) /* Global server credentials. */ +static u_int _svcauth_req_time = 0; +static gss_OID_set_desc _svcauth_oid_set = {1, GSS_C_NULL_OID }; static gss_cred_id_t _svcauth_gss_creds; static gss_name_t _svcauth_gss_name = GSS_C_NO_NAME; static char * _svcauth_svc_name = NULL; @@ -167,6 +169,7 @@ svcauth_gss_import_name(char *service) gss_name_t name; gss_buffer_desc namebuf; OM_uint32 maj_stat, min_stat; + bool_t result; gss_log_debug("in svcauth_gss_import_name()"); @@ -181,22 +184,21 @@ svcauth_gss_import_name(char *service) maj_stat, min_stat); return (FALSE); } - if (svcauth_gss_set_svc_name(name) != TRUE) { - gss_release_name(&min_stat, &name); - return (FALSE); - } - return (TRUE); + result = svcauth_gss_set_svc_name(name); + gss_release_name(&min_stat, &name); + return result; } static bool_t -svcauth_gss_acquire_cred(u_int req_time, gss_OID_set_desc *oid_set) +svcauth_gss_acquire_cred(void) { OM_uint32 maj_stat, min_stat; gss_log_debug("in svcauth_gss_acquire_cred()"); - maj_stat = gss_acquire_cred(&min_stat, _svcauth_gss_name, req_time, - oid_set, GSS_C_ACCEPT, + maj_stat = gss_acquire_cred(&min_stat, _svcauth_gss_name, + _svcauth_req_time, &_svcauth_oid_set, + GSS_C_ACCEPT, &_svcauth_gss_creds, NULL, NULL); if (maj_stat != GSS_S_COMPLETE) { @@ -300,6 +302,8 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst, NULL, &gd->deleg); + xdr_free((xdrproc_t)xdr_rpc_gss_init_args, (caddr_t)&recv_tok); + if (gr->gr_major != GSS_S_COMPLETE && gr->gr_major != GSS_S_CONTINUE_NEEDED) { gss_log_status("svcauth_gss_accept_sec_context: accept_sec_context", @@ -352,8 +356,11 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst, return (FALSE); rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS; - rqst->rq_xprt->xp_verf.oa_base = checksum.value; + memcpy(rqst->rq_xprt->xp_verf.oa_base, checksum.value, + checksum.length); rqst->rq_xprt->xp_verf.oa_length = checksum.length; + + gss_release_buffer(&min_stat, &checksum); } return (TRUE); } @@ -435,10 +442,13 @@ svcauth_gss_nextverf(struct svc_req *rqst, u_int num) maj_stat, min_stat); return (FALSE); } + rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS; - rqst->rq_xprt->xp_verf.oa_base = (caddr_t)checksum.value; + memcpy(rqst->rq_xprt->xp_verf.oa_base, checksum.value, checksum.length); rqst->rq_xprt->xp_verf.oa_length = (u_int)checksum.length; + gss_release_buffer(&min_stat, &checksum); + return (TRUE); } @@ -568,6 +578,8 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) gss_qop_t qop; struct svcauth_gss_cache_entry **ce; time_t now; + enum auth_stat result = AUTH_OK; + OM_uint32 min_stat; gss_log_debug("in svcauth_gss()"); @@ -621,19 +633,25 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) XDR_DESTROY(&xdrs); /* Check version. */ - if (gc->gc_v != RPCSEC_GSS_VERSION) - return (AUTH_BADCRED); + if (gc->gc_v != RPCSEC_GSS_VERSION) { + result = AUTH_BADCRED; + goto out; + } /* Check RPCSEC_GSS service. */ if (gc->gc_svc != RPCSEC_GSS_SVC_NONE && gc->gc_svc != RPCSEC_GSS_SVC_INTEGRITY && - gc->gc_svc != RPCSEC_GSS_SVC_PRIVACY) - return (AUTH_BADCRED); + gc->gc_svc != RPCSEC_GSS_SVC_PRIVACY) { + result = AUTH_BADCRED; + goto out; + } /* Check sequence number. */ if (gd->established) { - if (gc->gc_seq > MAXSEQ) - return (RPCSEC_GSS_CTXPROBLEM); + if (gc->gc_seq > MAXSEQ) { + result = RPCSEC_GSS_CTXPROBLEM; + goto out; + } if ((offset = gd->seqlast - gc->gc_seq) < 0) { gd->seqlast = gc->gc_seq; @@ -643,7 +661,8 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) } else if (offset >= gd->win || (gd->seqmask & (1 << offset))) { *no_dispatch = 1; - return (RPCSEC_GSS_CTXPROBLEM); + result = RPCSEC_GSS_CTXPROBLEM; + goto out; } gd->seq = gc->gc_seq; gd->seqmask |= (1 << offset); @@ -654,35 +673,52 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) rqst->rq_svcname = (char *)gd->ctx; } + rqst->rq_xprt->xp_verf.oa_base = msg->rm_call.cb_verf.oa_base; + /* Handle RPCSEC_GSS control procedure. */ switch (gc->gc_proc) { case RPCSEC_GSS_INIT: case RPCSEC_GSS_CONTINUE_INIT: - if (rqst->rq_proc != NULLPROC) - return (AUTH_FAILED); /* XXX ? */ + if (rqst->rq_proc != NULLPROC) { + result = AUTH_FAILED; /* XXX ? */ + break; + } if (_svcauth_gss_name == GSS_C_NO_NAME) { - if (!svcauth_gss_import_name("nfs")) - return (AUTH_FAILED); + if (!svcauth_gss_import_name("nfs")) { + result = AUTH_FAILED; + break; + } } - if (!svcauth_gss_acquire_cred(0, GSS_C_NULL_OID_SET)) - return (AUTH_FAILED); + if (!svcauth_gss_acquire_cred()) { + result = AUTH_FAILED; + break; + } - if (!svcauth_gss_accept_sec_context(rqst, &gr)) - return (AUTH_REJECTEDCRED); + if (!svcauth_gss_accept_sec_context(rqst, &gr)) { + result = AUTH_REJECTEDCRED; + break; + } - if (!svcauth_gss_nextverf(rqst, htonl(gr.gr_win))) - return (AUTH_FAILED); + if (!svcauth_gss_nextverf(rqst, htonl(gr.gr_win))) { + result = AUTH_FAILED; + break; + } *no_dispatch = TRUE; call_stat = svc_sendreply(rqst->rq_xprt, (xdrproc_t)xdr_rpc_gss_init_res, (caddr_t)&gr); - if (!call_stat) - return (AUTH_FAILED); + gss_release_buffer(&min_stat, &gr.gr_token); + free(gr.gr_ctx.value); + + if (!call_stat) { + result = AUTH_FAILED; + break; + } if (gr.gr_major == GSS_S_COMPLETE) gd->established = TRUE; @@ -690,27 +726,37 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) break; case RPCSEC_GSS_DATA: - if (!svcauth_gss_validate(gd, msg, &qop)) - return (RPCSEC_GSS_CREDPROBLEM); + if (!svcauth_gss_validate(gd, msg, &qop)) { + result = RPCSEC_GSS_CREDPROBLEM; + break; + } - if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) - return (AUTH_FAILED); + if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) { + result = AUTH_FAILED; + break; + } if (!gd->callback_done) { gd->callback_done = TRUE; gd->sec.qop = qop; (void)rpc_gss_num_to_qop(gd->rcred.mechanism, gd->sec.qop, &gd->rcred.qop); - if (!svcauth_gss_callback(rqst, gd)) - return (AUTH_REJECTEDCRED); + if (!svcauth_gss_callback(rqst, gd)) { + result = AUTH_REJECTEDCRED; + break; + } } if (gd->locked) { if (gd->rcred.service != - _rpc_gss_svc_to_service(gc->gc_svc)) - return (AUTH_FAILED); - if (gd->sec.qop != qop) - return (AUTH_BADVERF); + _rpc_gss_svc_to_service(gc->gc_svc)) { + result = AUTH_FAILED; + break; + } + if (gd->sec.qop != qop) { + result = AUTH_BADVERF; + break; + } } if (gd->sec.qop != qop) { @@ -724,17 +770,25 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) break; case RPCSEC_GSS_DESTROY: - if (rqst->rq_proc != NULLPROC) - return (AUTH_FAILED); /* XXX ? */ + if (rqst->rq_proc != NULLPROC) { + result = AUTH_FAILED; /* XXX ? */ + break; + } - if (!svcauth_gss_validate(gd, msg, &qop)) - return (RPCSEC_GSS_CREDPROBLEM); + if (!svcauth_gss_validate(gd, msg, &qop)) { + result = RPCSEC_GSS_CREDPROBLEM; + break; + } - if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) - return (AUTH_FAILED); + if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) { + result = AUTH_FAILED; + break; + } - if (!svcauth_gss_release_cred()) - return (AUTH_FAILED); + if (!svcauth_gss_release_cred()) { + result = AUTH_FAILED; + break; + } SVCAUTH_DESTROY(&SVC_XP_AUTH(rqst->rq_xprt)); SVC_XP_AUTH(rqst->rq_xprt).svc_ah_ops = svc_auth_none.svc_ah_ops; @@ -743,10 +797,12 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) break; default: - return (AUTH_REJECTEDCRED); + result = AUTH_REJECTEDCRED; break; } - return (AUTH_OK); +out: + xdr_free((xdrproc_t)xdr_rpc_gss_cred, (caddr_t)gc); + return result; } static bool_t @@ -890,7 +946,6 @@ bool_t rpc_gss_set_svc_name(char *principal, char *mechanism, u_int req_time, u_int UNUSED(program), u_int UNUSED(version)) { - gss_OID_set_desc oid_set; rpc_gss_OID oid; char *save; @@ -902,14 +957,13 @@ rpc_gss_set_svc_name(char *principal, char *mechanism, u_int req_time, if (!rpc_gss_mech_to_oid(mechanism, &oid)) goto out_err; - oid_set.count = 1; - oid_set.elements = (gss_OID)oid; if (!svcauth_gss_import_name(principal)) goto out_err; - if (!svcauth_gss_acquire_cred(req_time, &oid_set)) - goto out_err; + _svcauth_req_time = req_time; + _svcauth_oid_set.count = 1; + _svcauth_oid_set.elements = (gss_OID)oid; free(_svcauth_svc_name); _svcauth_svc_name = save; return TRUE; ++++++ baselibs.conf ++++++ --- /var/tmp/diff_new_pack.bVscCT/_old 2015-12-03 13:28:50.000000000 +0100 +++ /var/tmp/diff_new_pack.bVscCT/_new 2015-12-03 13:28:50.000000000 +0100 @@ -1 +1 @@ -libtirpc1 +libtirpc3 ++++++ libtirpc-0.3.2.tar.bz2 -> libtirpc-1.0.1.tar.bz2 ++++++ ++++ 2660 lines of diff (skipped)
