Hello community, here is the log from the commit of package libtirpc for openSUSE:Factory checked in at 2018-03-24 16:06:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libtirpc (Old) and /work/SRC/openSUSE:Factory/.libtirpc.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libtirpc" Sat Mar 24 16:06:42 2018 rev:48 rq:589931 version:1.0.3 Changes: -------- --- /work/SRC/openSUSE:Factory/libtirpc/libtirpc.changes 2018-03-01 11:59:49.555296631 +0100 +++ /work/SRC/openSUSE:Factory/.libtirpc.new/libtirpc.changes 2018-03-24 16:06:44.290189229 +0100 @@ -1,0 +2,24 @@ +Thu Mar 15 23:10:46 UTC 2018 - [email protected] + +- Remove ineffective --with-pic. + +------------------------------------------------------------------- +Wed Mar 14 16:03:31 CET 2018 - [email protected] + +- Update to libtirpc 1.0.3 + - clnt_dg_call: Fix a buffer overflow (CVE-2016-4429) + - Avoid choosing reserved ports in legacy RPC APIs + - rpcinfo: change order of version to be tried to 4, 3, 2 + - includes 003-rpc-types.patch + - includes 004-replace-bzero-with-memset.patch + - includes 005-missing-includes.patch + - includes 011-Fix-typo-in-src-libtirpc.map-which-prevents-that-key.patch + - includes decls.patch +- Drop COPYING.GPLv2, GPLv2 code was removed from library + +------------------------------------------------------------------- +Mon Mar 5 11:58:44 CET 2018 - [email protected] + +- Adjust include directory [bsc#1083902] + +------------------------------------------------------------------- Old: ---- 003-rpc-types.patch 004-replace-bzero-with-memset.patch 005-missing-includes.patch 011-Fix-typo-in-src-libtirpc.map-which-prevents-that-key.patch COPYING.GPLv2 decls.patch libtirpc-1.0.2.tar.bz2 New: ---- libtirpc-1.0.3.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libtirpc.spec ++++++ --- /var/tmp/diff_new_pack.uqThaF/_old 2018-03-24 16:06:45.142158516 +0100 +++ /var/tmp/diff_new_pack.uqThaF/_new 2018-03-24 16:06:45.142158516 +0100 @@ -18,10 +18,10 @@ Name: libtirpc # src/crypt_client.c and tirpc/rpcsvc/crypt.x have the BSD advertising clause -Version: 1.0.2 +Version: 1.0.3 Release: 0 Summary: Transport Independent RPC Library -License: BSD-3-Clause AND GPL-2.0+ +License: BSD-3-Clause Group: Development/Libraries/C and C++ %if 0%{suse_version} >= 1300 BuildRequires: krb5-mini-devel @@ -31,18 +31,12 @@ BuildRequires: autoconf BuildRequires: libtool BuildRequires: pkg-config -Url: http://sourceforge.net/projects/libtirpc/ +Url: https://sourceforge.net/projects/libtirpc/ Source: %{name}-%{version}.tar.bz2 Source1: baselibs.conf -Source2: COPYING.GPLv2 Patch0: 000-bindresvport_blacklist.patch # only needed on openSUSE >= 13.1, SLE >= 12 Patch1: 001-new-rpcbindsock-path.patch -Patch3: 003-rpc-types.patch -Patch4: 004-replace-bzero-with-memset.patch -Patch5: 005-missing-includes.patch -Patch11: 011-Fix-typo-in-src-libtirpc.map-which-prevents-that-key.patch -Patch12: decls.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %define debug_package_requires libtirpc3 = %{version}-%{release} @@ -91,21 +85,14 @@ %if 0%{suse_version} >= 1310 %patch1 -p1 %endif -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch11 -p1 -%patch12 -p1 %build +sed -i -e 's|@includedir@/tirpc|@includedir@|g' libtirpc.pc.in %configure --disable-static \ - --with-pic \ %if 0%{suse_version} < 1200 --disable-gssapi \ %endif --libdir=/%{_lib} -# Copy GPLv2 COPYING -cp %{SOURCE2} . make %{?_smp_mflags} %install @@ -130,7 +117,7 @@ %files -n libtirpc3 %defattr(-,root,root) -%license COPYING COPYING.GPLv2 +%license COPYING /%{_lib}/libtirpc.so.3* %files netconfig ++++++ libtirpc-1.0.2.tar.bz2 -> libtirpc-1.0.3.tar.bz2 ++++++ ++++ 1957 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libtirpc-1.0.2/compile new/libtirpc-1.0.3/compile --- old/libtirpc-1.0.2/compile 2017-07-05 17:04:37.000000000 +0200 +++ new/libtirpc-1.0.3/compile 2018-03-14 14:56:24.000000000 +0100 @@ -1,9 +1,9 @@ #! /bin/sh # Wrapper for compilers which do not understand '-c -o'. -scriptversion=2012-10-14.11; # UTC +scriptversion=2016-01-11.22; # UTC -# Copyright (C) 1999-2014 Free Software Foundation, Inc. +# Copyright (C) 1999-2017 Free Software Foundation, Inc. # Written by Tom Tromey <[email protected]>. # # This program is free software; you can redistribute it and/or modify @@ -255,7 +255,8 @@ echo "compile $scriptversion" exit $? ;; - cl | *[/\\]cl | cl.exe | *[/\\]cl.exe ) + cl | *[/\\]cl | cl.exe | *[/\\]cl.exe | \ + icl | *[/\\]icl | icl.exe | *[/\\]icl.exe ) func_cl_wrapper "$@" # Doesn't return... ;; esac @@ -342,6 +343,6 @@ # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-time-zone: "UTC" +# time-stamp-time-zone: "UTC0" # time-stamp-end: "; # UTC" # End: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libtirpc-1.0.2/configure.ac new/libtirpc-1.0.3/configure.ac --- old/libtirpc-1.0.2/configure.ac 2017-07-05 17:02:23.000000000 +0200 +++ new/libtirpc-1.0.3/configure.ac 2018-03-14 14:55:12.000000000 +0100 @@ -1,4 +1,4 @@ -AC_INIT(libtirpc, 1.0.2) +AC_INIT(libtirpc, 1.0.3) AM_INIT_AUTOMAKE([silent-rules]) AM_SILENT_RULES([yes]) AC_CONFIG_SRCDIR([src/auth_des.c]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libtirpc-1.0.2/missing new/libtirpc-1.0.3/missing --- old/libtirpc-1.0.2/missing 2017-07-05 17:04:37.000000000 +0200 +++ new/libtirpc-1.0.3/missing 2018-03-14 14:56:24.000000000 +0100 @@ -1,9 +1,9 @@ #! /bin/sh # Common wrapper for a few potentially missing GNU programs. -scriptversion=2013-10-28.13; # UTC +scriptversion=2016-01-11.22; # UTC -# Copyright (C) 1996-2014 Free Software Foundation, Inc. +# Copyright (C) 1996-2017 Free Software Foundation, Inc. # Originally written by Fran,cois Pinard <[email protected]>, 1996. # This program is free software; you can redistribute it and/or modify @@ -210,6 +210,6 @@ # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-time-zone: "UTC" +# time-stamp-time-zone: "UTC0" # time-stamp-end: "; # UTC" # End: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libtirpc-1.0.2/src/Makefile.am new/libtirpc-1.0.3/src/Makefile.am --- old/libtirpc-1.0.2/src/Makefile.am 2017-07-05 17:02:23.000000000 +0200 +++ new/libtirpc-1.0.3/src/Makefile.am 2018-03-14 14:55:12.000000000 +0100 @@ -15,8 +15,9 @@ libtirpc_la_LDFLAGS = @LDFLAG_NOUNDEFINED@ -no-undefined -lpthread libtirpc_la_LDFLAGS += -version-info @LT_VERSION_INFO@ -libtirpc_la_SOURCES = auth_none.c auth_unix.c authunix_prot.c bindresvport.c clnt_bcast.c \ - clnt_dg.c clnt_generic.c clnt_perror.c clnt_raw.c clnt_simple.c \ +libtirpc_la_SOURCES = auth_none.c auth_unix.c authunix_prot.c \ + binddynport.c bindresvport.c \ + clnt_bcast.c clnt_dg.c clnt_generic.c clnt_perror.c clnt_raw.c clnt_simple.c \ clnt_vc.c rpc_dtablesize.c getnetconfig.c getnetpath.c getrpcent.c \ getrpcport.c mt_misc.c pmap_clnt.c pmap_getmaps.c pmap_getport.c \ pmap_prot.c pmap_prot2.c pmap_rmt.c rpc_prot.c rpc_commondata.c \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libtirpc-1.0.2/src/auth_time.c new/libtirpc-1.0.3/src/auth_time.c --- old/libtirpc-1.0.2/src/auth_time.c 2017-07-05 17:02:23.000000000 +0200 +++ new/libtirpc-1.0.3/src/auth_time.c 2018-03-14 14:55:12.000000000 +0100 @@ -317,7 +317,7 @@ sprintf(ipuaddr, "%d.%d.%d.%d.0.111", a1, a2, a3, a4); useua = &ipuaddr[0]; - bzero((char *)&sin, sizeof(sin)); + memset(&sin, 0, sizeof(sin)); if (uaddr_to_sockaddr(useua, &sin)) { msg("unable to translate uaddr to sockaddr."); if (needfree) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libtirpc-1.0.2/src/binddynport.c new/libtirpc-1.0.3/src/binddynport.c --- old/libtirpc-1.0.2/src/binddynport.c 1970-01-01 01:00:00.000000000 +0100 +++ new/libtirpc-1.0.3/src/binddynport.c 2018-03-14 14:55:12.000000000 +0100 @@ -0,0 +1,139 @@ +/* + * Copyright (c) 2018, Oracle America, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * - Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * - Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * - Neither the name of "Oracle America, Inc." nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#include <sys/types.h> +#include <sys/socket.h> +#include <sys/time.h> + +#include <netdb.h> +#include <netinet/in.h> + +#include <stdlib.h> +#include <unistd.h> +#include <errno.h> +#include <string.h> + +#include <rpc/rpc.h> + +#include "reentrant.h" +#include "rpc_com.h" + +extern pthread_mutex_t port_lock; + +/* + * Dynamic port range as defined in RFC 6335 Section 6. + * This range avoids all IANA-assigned service port + * numbers. + */ +enum { + LOWPORT = 49152, + ENDPORT = 65534, + NPORTS = ENDPORT - LOWPORT + 1, +}; + +/* + * Bind a socket to a dynamically-assigned IP port. + * + * @fd is an open but unbound socket. + * + * On each call, a port number is chosen at random from + * within the dynamic/private port range, even if the + * caller has CAP_NET_ADMIN_BIND. + * + * Returns 0 on success, -1 on failure. errno may be + * set to a non-determinant value. + * + * This function is re-entrant. + */ +int __binddynport(int fd) +{ + struct sockaddr_storage ss; +#ifdef INET6 + struct sockaddr_in6 *sin6; +#endif + struct sockaddr_in *sin; + static unsigned int seed; + in_port_t port, *portp; + struct sockaddr *sap; + socklen_t salen; + int i, res; + + if (__rpc_sockisbound(fd)) + return 0; + + res = -1; + sap = (struct sockaddr *)(void *)&ss; + salen = sizeof(ss); + memset(sap, 0, salen); + + mutex_lock(&port_lock); + + if (getsockname(fd, sap, &salen) == -1) + goto out; + + switch (ss.ss_family) { + case AF_INET: + sin = (struct sockaddr_in *)(void *)&ss; + portp = &sin->sin_port; + salen = sizeof(struct sockaddr_in); + break; +#ifdef INET6 + case AF_INET6: + sin6 = (struct sockaddr_in6 *)(void *)&ss; + portp = &sin6->sin6_port; + salen = sizeof(struct sockaddr_in6); + break; +#endif + default: + goto out; + } + + if (!seed) { + struct timeval tv; + + gettimeofday(&tv, NULL); + seed = tv.tv_usec * getpid(); + } + port = (rand_r(&seed) % NPORTS) + LOWPORT; + for (i = 0; i < NPORTS; ++i) { + *portp = htons(port++); + res = bind(fd, sap, salen); + if (res >= 0) { + res = 0; + break; + } + if (errno != EADDRINUSE) + break; + if (port > ENDPORT) + port = LOWPORT; + } + +out: + mutex_unlock(&port_lock); + return res; +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libtirpc-1.0.2/src/clnt_dg.c new/libtirpc-1.0.3/src/clnt_dg.c --- old/libtirpc-1.0.2/src/clnt_dg.c 2017-07-05 17:02:23.000000000 +0200 +++ new/libtirpc-1.0.3/src/clnt_dg.c 2018-03-14 14:55:12.000000000 +0100 @@ -430,9 +430,14 @@ struct sockaddr_in err_addr; struct sockaddr_in *sin = (struct sockaddr_in *)&cu->cu_raddr; struct iovec iov; - char *cbuf = (char *) alloca (outlen + 256); + char *cbuf = (char *) mem_alloc((outlen + 256)); int ret; + if (cbuf == NULL) + { + cu->cu_error.re_errno = errno; + return (cu->cu_error.re_status = RPC_CANTRECV); + } iov.iov_base = cbuf + 256; iov.iov_len = outlen; msg.msg_name = (void *) &err_addr; @@ -457,11 +462,13 @@ cmsg = CMSG_NXTHDR (&msg, cmsg)) if (cmsg->cmsg_level == SOL_IP && cmsg->cmsg_type == IP_RECVERR) { + mem_free(cbuf, (outlen + 256)); e = (struct sock_extended_err *) CMSG_DATA(cmsg); cu->cu_error.re_errno = e->ee_errno; release_fd_lock(cu->cu_fd, mask); return (cu->cu_error.re_status = RPC_CANTRECV); } + mem_free(cbuf, (outlen + 256)); } #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libtirpc-1.0.2/src/clnt_generic.c new/libtirpc-1.0.3/src/clnt_generic.c --- old/libtirpc-1.0.2/src/clnt_generic.c 2017-07-05 17:02:23.000000000 +0200 +++ new/libtirpc-1.0.3/src/clnt_generic.c 2018-03-14 14:55:12.000000000 +0100 @@ -47,6 +47,7 @@ extern bool_t __rpc_is_local_host(const char *); int __rpc_raise_fd(int); +extern int __binddynport(int fd); #ifndef NETIDLEN #define NETIDLEN 32 @@ -340,7 +341,8 @@ servtype = nconf->nc_semantics; if (!__rpc_fd2sockinfo(fd, &si)) goto err; - bindresvport(fd, NULL); + if (__binddynport(fd) == -1) + goto err; } else { if (!__rpc_fd2sockinfo(fd, &si)) goto err; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libtirpc-1.0.2/src/debug.c new/libtirpc-1.0.3/src/debug.c --- old/libtirpc-1.0.2/src/debug.c 2017-07-05 17:02:23.000000000 +0200 +++ new/libtirpc-1.0.3/src/debug.c 2018-03-14 14:55:12.000000000 +0100 @@ -3,20 +3,28 @@ * * Copyright (C) 2014 Red Hat, Steve Dickson <[email protected]> * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 2 - * of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, - * Boston, MA 02110-1301, USA. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * - Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * - Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * - Neither the name of Sun Microsystems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. */ #include <sys/types.h> #include <stdio.h> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libtirpc-1.0.2/src/debug.h new/libtirpc-1.0.3/src/debug.h --- old/libtirpc-1.0.2/src/debug.h 2017-07-05 17:02:23.000000000 +0200 +++ new/libtirpc-1.0.3/src/debug.h 2018-03-14 14:55:12.000000000 +0100 @@ -3,20 +3,28 @@ * * Copyright (C) 2014 Red Hat, Steve Dickson <[email protected]> * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 2 - * of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, - * Boston, MA 02110-1301, USA. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * - Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * - Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * - Neither the name of Sun Microsystems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. */ #ifndef _DEBUG_H diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libtirpc-1.0.2/src/des_impl.c new/libtirpc-1.0.3/src/des_impl.c --- old/libtirpc-1.0.2/src/des_impl.c 2017-07-05 17:02:23.000000000 +0200 +++ new/libtirpc-1.0.3/src/des_impl.c 2018-03-14 14:55:12.000000000 +0100 @@ -588,7 +588,7 @@ } tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; tbuf[0] = tbuf[1] = 0; - __bzero (schedule, sizeof (schedule)); + memset (schedule, 0, sizeof (schedule)); return (1); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libtirpc-1.0.2/src/libtirpc.map new/libtirpc-1.0.3/src/libtirpc.map --- old/libtirpc-1.0.2/src/libtirpc.map 2017-07-05 17:02:23.000000000 +0200 +++ new/libtirpc-1.0.3/src/libtirpc.map 2018-03-14 14:55:12.000000000 +0100 @@ -298,7 +298,7 @@ key_gendes; key_get_conv; key_setsecret; - key_secret_is_set; + key_secretkey_is_set; key_setnet; netname2host; netname2user; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libtirpc-1.0.2/src/rpc_soc.c new/libtirpc-1.0.3/src/rpc_soc.c --- old/libtirpc-1.0.2/src/rpc_soc.c 2017-07-05 17:02:23.000000000 +0200 +++ new/libtirpc-1.0.3/src/rpc_soc.c 2018-03-14 14:55:12.000000000 +0100 @@ -67,6 +67,8 @@ extern mutex_t rpcsoc_lock; +extern int __binddynport(int fd); + static CLIENT *clnt_com_create(struct sockaddr_in *, rpcprog_t, rpcvers_t, int *, u_int, u_int, char *, int); static SVCXPRT *svc_com_create(int, u_int, u_int, char *); @@ -145,7 +147,8 @@ bindaddr.maxlen = bindaddr.len = sizeof (struct sockaddr_in); bindaddr.buf = raddr; - bindresvport(fd, NULL); + if (__binddynport(fd) == -1) + goto err; cl = clnt_tli_create(fd, nconf, &bindaddr, prog, vers, sendsz, recvsz); if (cl) { @@ -313,7 +316,6 @@ SVCXPRT *svc; int madefd = FALSE; int port; - struct sockaddr_in sin; if ((nconf = __rpc_getconfip(netid)) == NULL) { (void) syslog(LOG_ERR, "Could not get %s transport", netid); @@ -330,10 +332,6 @@ madefd = TRUE; } - memset(&sin, 0, sizeof sin); - sin.sin_family = AF_INET; - bindresvport(fd, &sin); - listen(fd, SOMAXCONN); svc = svc_tli_create(fd, nconf, NULL, sendsize, recvsize); (void) freenetconfigent(nconf); if (svc == NULL) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libtirpc-1.0.2/src/rpcb_clnt.c new/libtirpc-1.0.3/src/rpcb_clnt.c --- old/libtirpc-1.0.2/src/rpcb_clnt.c 2017-07-05 17:02:23.000000000 +0200 +++ new/libtirpc-1.0.3/src/rpcb_clnt.c 2018-03-14 14:55:12.000000000 +0100 @@ -729,14 +729,83 @@ } #endif +#ifdef PORTMAP +static struct netbuf * +__try_protocol_version_2(program, version, nconf, host, tp) + rpcprog_t program; + rpcvers_t version; + const struct netconfig *nconf; + const char *host; + struct timeval *tp; +{ + u_short port = 0; + struct netbuf remote; + struct pmap pmapparms; + CLIENT *client = NULL; + enum clnt_stat clnt_st; + struct netbuf *pmapaddress; + RPCB parms; + + if (strcmp(nconf->nc_proto, NC_UDP) != 0 + && strcmp(nconf->nc_proto, NC_TCP) != 0) + return (NULL); + + client = getpmaphandle(nconf, host, &parms.r_addr); + if (client == NULL) + return (NULL); + + /* + * Set retry timeout. + */ + CLNT_CONTROL(client, CLSET_RETRY_TIMEOUT, (char *)&rpcbrmttime); + + pmapparms.pm_prog = program; + pmapparms.pm_vers = version; + pmapparms.pm_prot = strcmp(nconf->nc_proto, NC_TCP) ? + IPPROTO_UDP : IPPROTO_TCP; + pmapparms.pm_port = 0; /* not needed */ + clnt_st = CLNT_CALL(client, (rpcproc_t)PMAPPROC_GETPORT, + (xdrproc_t) xdr_pmap, (caddr_t)(void *)&pmapparms, + (xdrproc_t) xdr_u_short, (caddr_t)(void *)&port, + *tp); + if (clnt_st != RPC_SUCCESS) { + rpc_createerr.cf_stat = RPC_PMAPFAILURE; + clnt_geterr(client, &rpc_createerr.cf_error); + return (NULL); + } else if (port == 0) { + pmapaddress = NULL; + rpc_createerr.cf_stat = RPC_PROGNOTREGISTERED; + return (NULL); + } + port = htons(port); + CLNT_CONTROL(client, CLGET_SVC_ADDR, (char *)&remote); + if (((pmapaddress = (struct netbuf *) + malloc(sizeof (struct netbuf))) == NULL) || + ((pmapaddress->buf = (char *) + malloc(remote.len)) == NULL)) { + rpc_createerr.cf_stat = RPC_SYSTEMERROR; + clnt_geterr(client, &rpc_createerr.cf_error); + if (pmapaddress) { + free(pmapaddress); + pmapaddress = NULL; + } + return (NULL); + } + memcpy(pmapaddress->buf, remote.buf, remote.len); + memcpy(&((char *)pmapaddress->buf)[sizeof (short)], + (char *)(void *)&port, sizeof (short)); + pmapaddress->len = pmapaddress->maxlen = remote.len; + + return pmapaddress; +} +#endif + /* * An internal function which optimizes rpcb_getaddr function. It also * returns the client handle that it uses to contact the remote rpcbind. * * The algorithm used: If the transports is TCP or UDP, it first tries - * version 2 (portmap), 4 and then 3 (svr4). This order should be - * changed in the next OS release to 4, 2 and 3. We are assuming that by - * that time, version 4 would be available on many machines on the network. + * version 4 (srv4), then 3 and then fall back to version 2 (portmap). * With this algorithm, we get performance as well as a plan for * obsoleting version 2. * @@ -781,71 +850,6 @@ */ if (tp == NULL) tp = &tottimeout; - -#ifdef PORTMAP - /* Try version 2 for TCP or UDP */ - if (strcmp(nconf->nc_protofmly, NC_INET) == 0) { - u_short port = 0; - struct netbuf remote; - struct pmap pmapparms; - - if (strcmp(nconf->nc_proto, NC_UDP) != 0 - && strcmp(nconf->nc_proto, NC_TCP) != 0) - goto try_rpcbind; - - client = getpmaphandle(nconf, host, &parms.r_addr); - if (client == NULL) - return (NULL); - - /* - * Set retry timeout. - */ - CLNT_CONTROL(client, CLSET_RETRY_TIMEOUT, (char *)&rpcbrmttime); - - pmapparms.pm_prog = program; - pmapparms.pm_vers = version; - pmapparms.pm_prot = strcmp(nconf->nc_proto, NC_TCP) ? - IPPROTO_UDP : IPPROTO_TCP; - pmapparms.pm_port = 0; /* not needed */ - clnt_st = CLNT_CALL(client, (rpcproc_t)PMAPPROC_GETPORT, - (xdrproc_t) xdr_pmap, (caddr_t)(void *)&pmapparms, - (xdrproc_t) xdr_u_short, (caddr_t)(void *)&port, - *tp); - if (clnt_st != RPC_SUCCESS) { - if ((clnt_st == RPC_PROGVERSMISMATCH) || - (clnt_st == RPC_PROGUNAVAIL)) - goto try_rpcbind; - rpc_createerr.cf_stat = RPC_PMAPFAILURE; - clnt_geterr(client, &rpc_createerr.cf_error); - goto error; - } else if (port == 0) { - address = NULL; - rpc_createerr.cf_stat = RPC_PROGNOTREGISTERED; - goto error; - } - port = htons(port); - CLNT_CONTROL(client, CLGET_SVC_ADDR, (char *)&remote); - if (((address = (struct netbuf *) - malloc(sizeof (struct netbuf))) == NULL) || - ((address->buf = (char *) - malloc(remote.len)) == NULL)) { - rpc_createerr.cf_stat = RPC_SYSTEMERROR; - clnt_geterr(client, &rpc_createerr.cf_error); - if (address) { - free(address); - address = NULL; - } - goto error; - } - memcpy(address->buf, remote.buf, remote.len); - memcpy(&((char *)address->buf)[sizeof (short)], - (char *)(void *)&port, sizeof (short)); - address->len = address->maxlen = remote.len; - goto done; - } - -try_rpcbind: -#endif /* PORTMAP */ parms.r_prog = program; parms.r_vers = version; @@ -923,6 +927,14 @@ } } +#ifdef PORTMAP /* Try version 2 for TCP or UDP */ + if (strcmp(nconf->nc_protofmly, NC_INET) == 0) { + address = __try_protocol_version_2(program, 2, nconf, host, tp); + if (address == NULL) + goto error; + } +#endif /* PORTMAP */ + if ((address == NULL) || (address->len == 0)) { rpc_createerr.cf_stat = RPC_PROGNOTREGISTERED; clnt_geterr(client, &rpc_createerr.cf_error); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libtirpc-1.0.2/src/svc_auth_des.c new/libtirpc-1.0.3/src/svc_auth_des.c --- old/libtirpc-1.0.2/src/svc_auth_des.c 2017-07-05 17:02:23.000000000 +0200 +++ new/libtirpc-1.0.3/src/svc_auth_des.c 2018-03-14 14:55:12.000000000 +0100 @@ -356,7 +356,7 @@ authdes_cache = (struct cache_entry *) mem_alloc(sizeof(struct cache_entry) * AUTHDES_CACHESZ); - bzero((char *)authdes_cache, + memset(authdes_cache, 0, sizeof(struct cache_entry) * AUTHDES_CACHESZ); authdes_lru = (short *)mem_alloc(sizeof(short) * AUTHDES_CACHESZ); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libtirpc-1.0.2/src/svc_generic.c new/libtirpc-1.0.3/src/svc_generic.c --- old/libtirpc-1.0.2/src/svc_generic.c 2017-07-05 17:02:23.000000000 +0200 +++ new/libtirpc-1.0.3/src/svc_generic.c 2018-03-14 14:55:12.000000000 +0100 @@ -53,6 +53,7 @@ #include <rpc/svc.h> extern int __svc_vc_setflag(SVCXPRT *, int); +extern int __binddynport(int fd); /* * The highest level interface for server creation. @@ -220,15 +221,10 @@ */ if (madefd || !__rpc_sockisbound(fd)) { if (bindaddr == NULL) { - if (bindresvport(fd, NULL) < 0) { - memset(&ss, 0, sizeof ss); - ss.ss_family = si.si_af; - if (bind(fd, (struct sockaddr *)(void *)&ss, - (socklen_t)si.si_alen) < 0) { - warnx( + if (__binddynport(fd) == -1) { + warnx( "svc_tli_create: could not bind to anonymous port"); - goto freedata; - } + goto freedata; } listen(fd, SOMAXCONN); } else { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libtirpc-1.0.2/src/xdr_sizeof.c new/libtirpc-1.0.3/src/xdr_sizeof.c --- old/libtirpc-1.0.2/src/xdr_sizeof.c 2017-07-05 17:02:23.000000000 +0200 +++ new/libtirpc-1.0.3/src/xdr_sizeof.c 2018-03-14 14:55:12.000000000 +0100 @@ -39,6 +39,7 @@ #include <rpc/xdr.h> #include <sys/types.h> #include <stdlib.h> +#include <stdint.h> #include "un-namespace.h" /* ARGSUSED */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libtirpc-1.0.2/tirpc/rpc/pmap_clnt.h new/libtirpc-1.0.3/tirpc/rpc/pmap_clnt.h --- old/libtirpc-1.0.2/tirpc/rpc/pmap_clnt.h 2017-07-05 17:02:23.000000000 +0200 +++ new/libtirpc-1.0.3/tirpc/rpc/pmap_clnt.h 2018-03-14 14:55:12.000000000 +0100 @@ -64,6 +64,10 @@ #ifndef _RPC_PMAP_CLNT_H_ #define _RPC_PMAP_CLNT_H_ +#include <rpc/types.h> +#include <rpc/xdr.h> +#include <rpc/clnt.h> + #ifdef __cplusplus extern "C" { #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libtirpc-1.0.2/tirpc/rpc/types.h new/libtirpc-1.0.3/tirpc/rpc/types.h --- old/libtirpc-1.0.2/tirpc/rpc/types.h 2017-07-05 17:02:23.000000000 +0200 +++ new/libtirpc-1.0.3/tirpc/rpc/types.h 2018-03-14 14:55:12.000000000 +0100 @@ -65,6 +65,28 @@ #define mem_alloc(bsize) calloc(1, bsize) #define mem_free(ptr, bsize) free(ptr) + +#if defined __APPLE_CC__ || defined __FreeBSD__ +# define __u_char_defined +# define __daddr_t_defined +#endif + +#ifndef __u_char_defined +typedef __u_char u_char; +typedef __u_short u_short; +typedef __u_int u_int; +typedef __u_long u_long; +typedef __quad_t quad_t; +typedef __u_quad_t u_quad_t; +typedef __fsid_t fsid_t; +# define __u_char_defined +#endif +#ifndef __daddr_t_defined +typedef __daddr_t daddr_t; +typedef __caddr_t caddr_t; +# define __daddr_t_defined +#endif + #include <sys/time.h> #include <sys/param.h> #include <stdlib.h>
