Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package libtirpc for openSUSE:Factory
checked in at 2023-10-12 23:38:47
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libtirpc (Old)
and /work/SRC/openSUSE:Factory/.libtirpc.new.1807 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libtirpc"
Thu Oct 12 23:38:47 2023 rev:60 rq:1117155 version:1.3.4
Changes:
--------
--- /work/SRC/openSUSE:Factory/libtirpc/libtirpc.changes 2022-08-21
14:10:47.882395666 +0200
+++ /work/SRC/openSUSE:Factory/.libtirpc.new.1807/libtirpc.changes
2023-10-12 23:38:49.433762374 +0200
@@ -1,0 +2,13 @@
+Wed Oct 11 12:38:02 UTC 2023 - Thomas Blume <thomas.bl...@suse.com>
+
+- update to 1.3.4 (bsc#1199467)
+ * binddynport.c honor ip_local_reserved_ports
+ * gss-api: expose gss major/minor error in authgss_refresh()
+ * rpcb_clnt.c: Eliminate double frees in delete_cache()
+ * rpcb_clnt.c: memory leak in destroy_addr
+ * portmapper: allow TCP-only portmapper
+ * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep
+ * clnt_raw.c: fix a possible null pointer dereference
+ * bindresvport.c: fix a potential resource leakage
+
+-------------------------------------------------------------------
Old:
----
libtirpc-1.3.3.tar.bz2
New:
----
libtirpc-1.3.4.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libtirpc.spec ++++++
--- /var/tmp/diff_new_pack.JFILz5/_old 2023-10-12 23:38:50.061785108 +0200
+++ /var/tmp/diff_new_pack.JFILz5/_new 2023-10-12 23:38:50.061785108 +0200
@@ -1,7 +1,7 @@
#
# spec file for package libtirpc
#
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
%define debug_package_requires libtirpc3 = %{version}-%{release}
Name: libtirpc
-Version: 1.3.3
+Version: 1.3.4
Release: 0
Summary: Transport Independent RPC Library
License: BSD-3-Clause
++++++ libtirpc-1.3.3.tar.bz2 -> libtirpc-1.3.4.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtirpc-1.3.3/configure new/libtirpc-1.3.4/configure
--- old/libtirpc-1.3.3/configure 2022-08-07 18:59:29.000000000 +0200
+++ new/libtirpc-1.3.4/configure 2023-10-07 09:55:23.000000000 +0200
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.71 for libtirpc 1.3.2.
+# Generated by GNU Autoconf 2.71 for libtirpc 1.3.4.
#
#
# Copyright (C) 1992-1996, 1998-2017, 2020-2021 Free Software Foundation,
@@ -618,8 +618,8 @@
# Identity of this package.
PACKAGE_NAME='libtirpc'
PACKAGE_TARNAME='libtirpc'
-PACKAGE_VERSION='1.3.2'
-PACKAGE_STRING='libtirpc 1.3.2'
+PACKAGE_VERSION='1.3.4'
+PACKAGE_STRING='libtirpc 1.3.4'
PACKAGE_BUGREPORT=''
PACKAGE_URL=''
@@ -1373,7 +1373,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures libtirpc 1.3.2 to adapt to many kinds of systems.
+\`configure' configures libtirpc 1.3.4 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1444,7 +1444,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of libtirpc 1.3.2:";;
+ short | recursive ) echo "Configuration of libtirpc 1.3.4:";;
esac
cat <<\_ACEOF
@@ -1559,7 +1559,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-libtirpc configure 1.3.2
+libtirpc configure 1.3.4
generated by GNU Autoconf 2.71
Copyright (C) 2021 Free Software Foundation, Inc.
@@ -1815,7 +1815,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by libtirpc $as_me 1.3.2, which was
+It was created by libtirpc $as_me 1.3.4, which was
generated by GNU Autoconf 2.71. Invocation command line was
$ $0$ac_configure_args_raw
@@ -3084,7 +3084,7 @@
# Define the identity of the package.
PACKAGE='libtirpc'
- VERSION='1.3.2'
+ VERSION='1.3.4'
printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h
@@ -14643,7 +14643,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by libtirpc $as_me 1.3.2, which was
+This file was extended by libtirpc $as_me 1.3.4, which was
generated by GNU Autoconf 2.71. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -14711,7 +14711,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config='$ac_cs_config_escaped'
ac_cs_version="\\
-libtirpc config.status 1.3.2
+libtirpc config.status 1.3.4
configured by $0, generated by GNU Autoconf 2.71,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtirpc-1.3.3/configure.ac
new/libtirpc-1.3.4/configure.ac
--- old/libtirpc-1.3.3/configure.ac 2022-08-02 20:55:33.000000000 +0200
+++ new/libtirpc-1.3.4/configure.ac 2023-10-07 09:54:42.000000000 +0200
@@ -1,4 +1,4 @@
-AC_INIT(libtirpc, 1.3.2)
+AC_INIT(libtirpc, 1.3.4)
AM_INIT_AUTOMAKE([silent-rules])
AM_SILENT_RULES([yes])
AC_CONFIG_SRCDIR([src/auth_des.c])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtirpc-1.3.3/src/auth_gss.c
new/libtirpc-1.3.4/src/auth_gss.c
--- old/libtirpc-1.3.3/src/auth_gss.c 2022-08-02 20:55:33.000000000 +0200
+++ new/libtirpc-1.3.4/src/auth_gss.c 2023-10-07 09:54:42.000000000 +0200
@@ -184,6 +184,7 @@
AUTH *auth, *save_auth;
struct rpc_gss_data *gd;
OM_uint32 min_stat = 0;
+ rpc_gss_options_ret_t ret;
gss_log_debug("in authgss_create()");
@@ -229,8 +230,12 @@
save_auth = clnt->cl_auth;
clnt->cl_auth = auth;
- if (!authgss_refresh(auth, NULL))
+ memset(&ret, 0, sizeof(rpc_gss_options_ret_t));
+ if (!authgss_refresh(auth, &ret)) {
auth = NULL;
+ sec->major_status = ret.major_status;
+ sec->minor_status = ret.minor_status;
+ }
else
authgss_auth_get(auth); /* Reference for caller */
@@ -619,12 +624,9 @@
}
static bool_t
-authgss_refresh(AUTH *auth, void *dummy)
+authgss_refresh(AUTH *auth, void *ret)
{
- rpc_gss_options_ret_t ret;
-
- memset(&ret, 0, sizeof(ret));
- return _rpc_gss_refresh(auth, &ret);
+ return _rpc_gss_refresh(auth, (rpc_gss_options_ret_t *)ret);
}
bool_t
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtirpc-1.3.3/src/binddynport.c
new/libtirpc-1.3.4/src/binddynport.c
--- old/libtirpc-1.3.3/src/binddynport.c 2022-08-02 20:55:33.000000000
+0200
+++ new/libtirpc-1.3.4/src/binddynport.c 2023-10-07 09:54:42.000000000
+0200
@@ -37,6 +37,7 @@
#include <unistd.h>
#include <errno.h>
#include <string.h>
+#include <syslog.h>
#include <rpc/rpc.h>
@@ -57,6 +58,84 @@
};
/*
+ * This function decodes information about given port from provided array and
+ * return if port is reserved or not.
+ *
+ * @reserved_ports an array of size at least "NPORTS / (8*sizeof(char)) + 1".
+ * @port port number within range LOWPORT and ENDPORT
+ *
+ * Returns 0 if port is not reserved, non-negative if port is reserved.
+ */
+static int is_reserved(char *reserved_ports, int port) {
+ port -= LOWPORT;
+ if (port < 0 || port >= NPORTS)
+ return 0;
+ return reserved_ports[port/(8*sizeof(char))] &
1<<(port%(8*sizeof(char)));
+}
+
+/*
+ * This function encodes information about given *reserved* port into provided
+ * array. Don't call this function for ports which are not reserved.
+ *
+ * @reserved_ports an array of size at least "NPORTS / (8*sizeof(char)) + 1".
+ * @port port number within range LOWPORT and ENDPORT
+ *
+ */
+static void set_reserved(char *reserved_ports, int port) {
+ port -= LOWPORT;
+ if (port < 0 || port >= NPORTS)
+ return;
+ reserved_ports[port/(8*sizeof(char))] |= 1<<(port%(8*sizeof(char)));
+}
+
+/*
+ * Parse local reserved ports obtained from
+ * /proc/sys/net/ipv4/ip_local_reserved_ports into bit array.
+ *
+ * @reserved_ports a zeroed array of size at least
+ * "NPORTS / (8*sizeof(char)) + 1". Will be used for bit-wise encoding of
+ * reserved ports.
+ *
+ * On each call, reserved ports are read from /proc and bit-wise stored into
+ * provided array
+ *
+ * Returns 0 on success, -1 on failure.
+ */
+
+static int parse_reserved_ports(char *reserved_ports) {
+ int from=0, to;
+ char delimiter = ',';
+ int res;
+ FILE * file_ptr =
fopen("/proc/sys/net/ipv4/ip_local_reserved_ports","r");
+ if (file_ptr == NULL) {
+ (void) syslog(LOG_ERR,
+ "Unable to open open
/proc/sys/net/ipv4/ip_local_reserved_ports.");
+ return -1;
+ }
+ do {
+ if ((res = fscanf(file_ptr, "%d", &to)) != 1) {
+ if (res == EOF) break;
+ goto err;
+ }
+ if (delimiter != '-') {
+ from = to;
+ }
+ for (int i = from; i <= to; ++i) {
+ set_reserved(reserved_ports, i);
+ }
+ } while ((res = fscanf(file_ptr, "%c", &delimiter)) == 1);
+ if (res != EOF)
+ goto err;
+ fclose(file_ptr);
+ return 0;
+err:
+ (void) syslog(LOG_ERR,
+ "An error occurred while parsing ip_local_reserved_ports.");
+ fclose(file_ptr);
+ return -1;
+}
+
+/*
* Bind a socket to a dynamically-assigned IP port.
*
* @fd is an open but unbound socket.
@@ -81,7 +160,8 @@
in_port_t port, *portp;
struct sockaddr *sap;
socklen_t salen;
- int i, res;
+ int i, res, array_size;
+ char *reserved_ports = NULL;
if (__rpc_sockisbound(fd))
return 0;
@@ -119,21 +199,33 @@
gettimeofday(&tv, NULL);
seed = tv.tv_usec * getpid();
}
+ array_size = NPORTS / (8*sizeof(char)) + 1;
+ reserved_ports = malloc(array_size);
+ if (!reserved_ports) {
+ goto out;
+ }
+ memset(reserved_ports, 0, array_size);
+ if (parse_reserved_ports(reserved_ports) < 0)
+ goto out;
+
port = (rand_r(&seed) % NPORTS) + LOWPORT;
for (i = 0; i < NPORTS; ++i) {
- *portp = htons(port++);
- res = bind(fd, sap, salen);
- if (res >= 0) {
- res = 0;
- break;
+ *portp = htons(port);
+ if (!is_reserved(reserved_ports, port++)) {
+ res = bind(fd, sap, salen);
+ if (res >= 0) {
+ res = 0;
+ break;
+ }
+ if (errno != EADDRINUSE)
+ break;
}
- if (errno != EADDRINUSE)
- break;
if (port > ENDPORT)
port = LOWPORT;
}
out:
+ free(reserved_ports);
mutex_unlock(&port_lock);
return res;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtirpc-1.3.3/src/bindresvport.c
new/libtirpc-1.3.4/src/bindresvport.c
--- old/libtirpc-1.3.3/src/bindresvport.c 2022-08-02 20:55:33.000000000
+0200
+++ new/libtirpc-1.3.4/src/bindresvport.c 2023-10-07 09:54:42.000000000
+0200
@@ -130,6 +130,7 @@
if (list == NULL)
{
free (buf);
+ fclose (fp);
return;
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtirpc-1.3.3/src/clnt_raw.c
new/libtirpc-1.3.4/src/clnt_raw.c
--- old/libtirpc-1.3.3/src/clnt_raw.c 2022-08-02 20:55:33.000000000 +0200
+++ new/libtirpc-1.3.4/src/clnt_raw.c 2023-10-07 09:54:42.000000000 +0200
@@ -142,7 +142,7 @@
struct timeval timeout;
{
struct clntraw_private *clp = clntraw_private;
- XDR *xdrs = &clp->xdr_stream;
+ XDR *xdrs;
struct rpc_msg msg;
enum clnt_stat status;
struct rpc_err error;
@@ -154,6 +154,7 @@
mutex_unlock(&clntraw_lock);
return (RPC_FAILED);
}
+ xdrs = &clp->xdr_stream;
mutex_unlock(&clntraw_lock);
call_again:
@@ -245,7 +246,7 @@
void *res_ptr;
{
struct clntraw_private *clp = clntraw_private;
- XDR *xdrs = &clp->xdr_stream;
+ XDR *xdrs;
bool_t rval;
mutex_lock(&clntraw_lock);
@@ -254,6 +255,7 @@
mutex_unlock(&clntraw_lock);
return (rval);
}
+ xdrs = &clp->xdr_stream;
mutex_unlock(&clntraw_lock);
xdrs->x_op = XDR_FREE;
return ((*xdr_res)(xdrs, res_ptr));
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtirpc-1.3.3/src/getnetconfig.c
new/libtirpc-1.3.4/src/getnetconfig.c
--- old/libtirpc-1.3.3/src/getnetconfig.c 2022-08-02 20:55:33.000000000
+0200
+++ new/libtirpc-1.3.4/src/getnetconfig.c 2023-10-07 09:54:42.000000000
+0200
@@ -436,11 +436,6 @@
fprintf(stderr, "in /etc/netconfig.\n");
fprintf(stderr, "Please change this to \"local\" manually ");
fprintf(stderr, "or run mergemaster(8).\n");
- fprintf(stderr, "See UPDATING entry 20021216 for details.\n");
- fprintf(stderr, "Continuing in 10 seconds\n\n");
- fprintf(stderr, "This warning will be removed 20030301\n");
- sleep(10);
-
}
/*
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtirpc-1.3.3/src/rpcb_clnt.c
new/libtirpc-1.3.4/src/rpcb_clnt.c
--- old/libtirpc-1.3.3/src/rpcb_clnt.c 2022-08-02 20:55:33.000000000 +0200
+++ new/libtirpc-1.3.4/src/rpcb_clnt.c 2023-10-07 09:54:42.000000000 +0200
@@ -104,17 +104,27 @@
{
if (addr == NULL)
return;
- if(addr->ac_host != NULL)
+ if (addr->ac_host != NULL) {
free(addr->ac_host);
- if(addr->ac_netid != NULL)
+ addr->ac_host = NULL;
+ }
+ if (addr->ac_netid != NULL) {
free(addr->ac_netid);
- if(addr->ac_uaddr != NULL)
+ addr->ac_netid = NULL;
+ }
+ if (addr->ac_uaddr != NULL) {
free(addr->ac_uaddr);
- if(addr->ac_taddr != NULL) {
- if(addr->ac_taddr->buf != NULL)
+ addr->ac_uaddr = NULL;
+ }
+ if (addr->ac_taddr != NULL) {
+ if(addr->ac_taddr->buf != NULL) {
free(addr->ac_taddr->buf);
+ addr->ac_taddr->buf = NULL;
+ }
+ addr->ac_taddr = NULL;
}
free(addr);
+ addr = NULL;
}
/*
@@ -252,12 +262,15 @@
for (cptr = front; cptr != NULL; cptr = cptr->ac_next) {
if (!memcmp(cptr->ac_taddr->buf, addr->buf, addr->len)) {
/* Unlink from cache. We'll destroy it after releasing
the mutex. */
- if (cptr->ac_uaddr)
+ if (cptr->ac_uaddr) {
free(cptr->ac_uaddr);
- if (prevptr)
+ cptr->ac_uaddr = NULL;
+ }
+ if (prevptr) {
prevptr->ac_next = cptr->ac_next;
- else
+ } else {
front = cptr->ac_next;
+ }
cachesize--;
break;
}
@@ -496,11 +509,7 @@
CLIENT *client = NULL;
rpcvers_t pmapvers = 2;
- /*
- * Try UDP only - there are some portmappers out
- * there that use UDP only.
- */
- if (nconf == NULL || strcmp(nconf->nc_proto, NC_TCP) == 0) {
+ if (nconf == NULL) {
struct netconfig *newnconf;
if ((newnconf = getnetconfigent("udp")) == NULL) {
@@ -509,7 +518,8 @@
}
client = getclnthandle(hostname, newnconf, tgtaddr);
freenetconfigent(newnconf);
- } else if (strcmp(nconf->nc_proto, NC_UDP) == 0) {
+ } else if (strcmp(nconf->nc_proto, NC_UDP) == 0 ||
+ strcmp(nconf->nc_proto, NC_TCP) == 0) {
if (strcmp(nconf->nc_protofmly, NC_INET) != 0)
return NULL;
client = getclnthandle(hostname, nconf, tgtaddr);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtirpc-1.3.3/src/svc_auth.c
new/libtirpc-1.3.4/src/svc_auth.c
--- old/libtirpc-1.3.3/src/svc_auth.c 2022-08-02 20:55:33.000000000 +0200
+++ new/libtirpc-1.3.4/src/svc_auth.c 2023-10-07 09:54:42.000000000 +0200
@@ -66,6 +66,9 @@
extern SVCAUTH svc_auth_none;
+#ifdef AUTHDES_SUPPORT
+extern enum auth_stat _svcauth_des(struct svc_req *rqst, struct rpc_msg *msg);
+#endif
/*
* The call rpc message, msg has been obtained from the wire. The msg contains
* the raw form of credentials and verifiers. authenticate returns AUTH_OK
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtirpc-1.3.3/tirpc/rpc/auth_gss.h
new/libtirpc-1.3.4/tirpc/rpc/auth_gss.h
--- old/libtirpc-1.3.3/tirpc/rpc/auth_gss.h 2022-08-02 20:55:33.000000000
+0200
+++ new/libtirpc-1.3.4/tirpc/rpc/auth_gss.h 2023-10-07 09:54:42.000000000
+0200
@@ -64,6 +64,8 @@
rpc_gss_svc_t svc; /* service */
gss_cred_id_t cred; /* cred handle */
u_int req_flags; /* req flags for init_sec_context */
+ int major_status;
+ int minor_status;
};
/* Private data required for kernel implementation */
