Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libtirpc for openSUSE:Factory checked in at 2022-08-21 14:10:46 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libtirpc (Old) and /work/SRC/openSUSE:Factory/.libtirpc.new.2083 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libtirpc" Sun Aug 21 14:10:46 2022 rev:59 rq:998199 version:1.3.3 Changes: -------- --- /work/SRC/openSUSE:Factory/libtirpc/libtirpc.changes 2021-09-21 21:12:16.202579425 +0200 +++ /work/SRC/openSUSE:Factory/.libtirpc.new.2083/libtirpc.changes 2022-08-21 14:10:47.882395666 +0200 @@ -1,0 +2,16 @@ +Fri Aug 19 15:27:29 UTC 2022 - Dirk M??ller <[email protected]> + +- update to 1.3.3 (bsc#1201680, CVE-2021-46828): + * Fix DoS vulnerability in libtirpc + * _rpc_dtablesize: use portable system call + * libtirpc: Fix use-after-free accessing the error number + * Fix potential memory leak of parms.r_addr + * rpcb_clnt.c add mechanism to try v2 protocol first + * Eliminate deadlocks in connects with an MT environment + * clnt_dg_freeres() uncleared set active state may deadlock + * thread safe clnt destruction + * SUNRPC: mutexed access blacklist_read state variable + * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c +- drop 0001-Fix-DoS-vulnerability-in-libtirpc.patch (upstream) + +------------------------------------------------------------------- Old: ---- 0001-Fix-DoS-vulnerability-in-libtirpc.patch libtirpc-1.3.2.tar.bz2 New: ---- libtirpc-1.3.3.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libtirpc.spec ++++++ --- /var/tmp/diff_new_pack.cgTbyR/_old 2022-08-21 14:10:48.414397132 +0200 +++ /var/tmp/diff_new_pack.cgTbyR/_new 2022-08-21 14:10:48.418397143 +0200 @@ -1,7 +1,7 @@ # # spec file for package libtirpc # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ %define debug_package_requires libtirpc3 = %{version}-%{release} Name: libtirpc -Version: 1.3.2 +Version: 1.3.3 Release: 0 Summary: Transport Independent RPC Library License: BSD-3-Clause @@ -26,7 +26,6 @@ URL: https://sourceforge.net/projects/libtirpc/ Source: https://download.sourceforge.net/libtirpc/%{name}-%{version}.tar.bz2 Source1: baselibs.conf -Patch1: 0001-Fix-DoS-vulnerability-in-libtirpc.patch BuildRequires: pkgconfig BuildRequires: pkgconfig(krb5) ++++++ libtirpc-1.3.2.tar.bz2 -> libtirpc-1.3.3.tar.bz2 ++++++ ++++ 20071 lines of diff (skipped)
