Hello community, here is the log from the commit of package kronosnet for openSUSE:Factory checked in at 2018-04-24 15:34:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kronosnet (Old) and /work/SRC/openSUSE:Factory/.kronosnet.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kronosnet" Tue Apr 24 15:34:42 2018 rev:3 rq:600283 version:1.3 Changes: -------- --- /work/SRC/openSUSE:Factory/kronosnet/kronosnet.changes 2018-03-05 13:46:04.786091263 +0100 +++ /work/SRC/openSUSE:Factory/.kronosnet.new/kronosnet.changes 2018-04-24 15:34:47.262622304 +0200 @@ -1,0 +2,13 @@ +Tue Apr 24 06:30:54 UTC 2018 - [email protected] + +- kronosnet-1.3 is available now(bsc#1090641) + changes since 1.2 + * Fix potential crashes in the crypto code + + changes since 1.1 + * Fix a potential crash when using external destination handlers + * Improve compression level validation by delegating the validation to + the external compression library + * Improve the build system to accommodate repeatable builds + +------------------------------------------------------------------- Old: ---- kronosnet-1.1.tar.gz New: ---- kronosnet-1.3.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kronosnet.spec ++++++ --- /var/tmp/diff_new_pack.iNIZ4q/_old 2018-04-24 15:34:47.966596834 +0200 +++ /var/tmp/diff_new_pack.iNIZ4q/_new 2018-04-24 15:34:47.970596689 +0200 @@ -77,11 +77,10 @@ %if %{with buildman} %global buildmanpages 1 %endif - # main (empty) package # http://www.rpm.org/max-rpm/s1-rpm-subpack-spec-file-changes.html Name: kronosnet -Version: 1.1 +Version: 1.3 Release: 0 Summary: Multipoint-to-Multipoint VPN daemon License: GPL-2.0+ AND LGPL-2.1+ @@ -92,6 +91,10 @@ ## Setup/build bits # Build dependencies BuildRequires: gcc +BuildRequires: pkgconfig +%if %{with overriderpmdebuginfo} +%undefine _enable_debug_packages +%endif # required to build man pages %if %{defined buildmanpages} BuildRequires: doxygen @@ -131,7 +134,6 @@ BuildRequires: automake BuildRequires: libtool %endif -BuildRequires: pkg-config %prep %setup -q -n %{name}-%{version}%{?numcomm:.%{numcomm}}%{?alphatag:-%{alphatag}}%{?dirty:-%{dirty}} @@ -143,7 +145,7 @@ ./autogen.sh %endif -%{configure} \ +%configure \ %if %{defined buildmanpages} --enable-man \ %else @@ -237,6 +239,8 @@ Requires: %{_sysconfdir}/pam.d/passwd Requires: pam %if %{defined buildkronosnetd} +Requires: %{_sysconfdir}/pam.d/passwd +Requires: pam Requires(post): shadow-utils Requires(preun): shadow-utils %if %{defined _unitdir} @@ -250,10 +254,6 @@ Requires(preun): chkconfig Requires(preun): initscripts %endif -Requires(post): shadow-utils -Requires(preun): shadow-utils -Requires: /etc/pam.d/passwd -Requires: pam %description -n kronosnetd The kronosnet daemon is a bridge between kronosnet switching engine @@ -326,6 +326,9 @@ %files -n libtap1 %doc COPYING.* COPYRIGHT %{_libdir}/libtap.so.* + +%post -n libtap1 -p /sbin/ldconfig +%postun -n libtap1 -p /sbin/ldconfig %endif %package -n libtap1-devel @@ -417,6 +420,7 @@ %files -n libknet1-compress-zlib-plugin %{_libdir}/kronosnet/compress_zlib.so %endif + %if %{defined buildcompresslz4} %package -n libknet1-compress-lz4-plugin Summary: LZ4 and LZ4HC support for libknet1 ++++++ add-version.patch ++++++ --- /var/tmp/diff_new_pack.iNIZ4q/_old 2018-04-24 15:34:47.994595821 +0200 +++ /var/tmp/diff_new_pack.iNIZ4q/_new 2018-04-24 15:34:47.994595821 +0200 @@ -1,4 +1,4 @@ --- /dev/null 2018-03-05 10:30:37.121221591 +0800 +++ kronosnet-1.1/.tarball-version 2018-03-05 10:30:37.907779088 +0800 @@ -0,0 +1 @@ -+1.1 ++1.3 ++++++ kronosnet-1.1.tar.gz -> kronosnet-1.3.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kronosnet-1.1/.gitattributes new/kronosnet-1.3/.gitattributes --- old/kronosnet-1.1/.gitattributes 1970-01-01 01:00:00.000000000 +0100 +++ new/kronosnet-1.3/.gitattributes 2018-04-23 07:30:43.000000000 +0200 @@ -0,0 +1 @@ +configure.ac export-subst diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kronosnet-1.1/Makefile.am new/kronosnet-1.3/Makefile.am --- old/kronosnet-1.1/Makefile.am 2018-02-25 05:31:46.000000000 +0100 +++ new/kronosnet-1.3/Makefile.am 2018-04-23 07:30:43.000000000 +0200 @@ -56,7 +56,7 @@ $(SPEC): $(SPEC).in .version config.status rm -f $@-t $@ - date="`LC_ALL=C date "+%a %b %d %Y"`" && \ + date="`LC_ALL=C $(UTC_DATE_AT)$(SOURCE_EPOCH) "+%a %b %d %Y"`" && \ if [ -f $(abs_srcdir)/.tarball-version ]; then \ gitver="`cat $(abs_srcdir)/.tarball-version`" && \ rpmver=$$gitver && \ @@ -191,6 +191,7 @@ dist-hook: gen-ChangeLog echo $(VERSION) > $(distdir)/.tarball-version + echo $(SOURCE_EPOCH) > $(distdir)/source_epoch gen_start_date = 2000-01-01 .PHONY: gen-ChangeLog diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kronosnet-1.1/build-aux/knet_valgrind_memcheck.supp new/kronosnet-1.3/build-aux/knet_valgrind_memcheck.supp --- old/kronosnet-1.1/build-aux/knet_valgrind_memcheck.supp 2018-02-25 05:31:46.000000000 +0100 +++ new/kronosnet-1.3/build-aux/knet_valgrind_memcheck.supp 2018-04-23 07:30:43.000000000 +0200 @@ -460,6 +460,22 @@ fun:start_thread } { + lzma internal stuff (Debian / Ubuntu) + Memcheck:Cond + obj:/lib/x86_64-linux-gnu/liblzma.so.5.2.2 + obj:/lib/x86_64-linux-gnu/liblzma.so.5.2.2 + obj:/lib/x86_64-linux-gnu/liblzma.so.5.2.2 + obj:/lib/x86_64-linux-gnu/liblzma.so.5.2.2 + fun:lzma_block_buffer_encode + fun:lzma_stream_buffer_encode + fun:lzma_easy_buffer_encode + fun:lzma_compress + fun:compress_lib_test + fun:compress_cfg + fun:knet_handle_compress + fun:test +} +{ lzma internal stuff (Ubuntu 17.10 i386) Memcheck:Cond obj:/lib/i386-linux-gnu/liblzma.so.5.2.2 @@ -494,6 +510,22 @@ fun:_handle_send_to_links_thread } { + lzma internal stuff (Ubuntu 17.10 i386) + Memcheck:Cond + obj:/lib/i386-linux-gnu/liblzma.so.5.2.2 + obj:/lib/i386-linux-gnu/liblzma.so.5.2.2 + obj:/lib/i386-linux-gnu/liblzma.so.5.2.2 + obj:/lib/i386-linux-gnu/liblzma.so.5.2.2 + obj:/lib/i386-linux-gnu/liblzma.so.5.2.2 + obj:/lib/i386-linux-gnu/liblzma.so.5.2.2 + fun:lzma_stream_buffer_encode + fun:lzma_easy_buffer_encode + fun:lzma_compress + fun:compress_lib_test + fun:compress_cfg + fun:knet_handle_compress +} +{ nss internal stuff (FreeBSD 11.1) Memcheck:Addr8 obj:/libexec/ld-elf.so.1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kronosnet-1.1/configure.ac new/kronosnet-1.3/configure.ac --- old/kronosnet-1.1/configure.ac 2018-02-25 05:31:46.000000000 +0100 +++ new/kronosnet-1.3/configure.ac 2018-04-23 07:30:43.000000000 +0200 @@ -454,6 +454,47 @@ AC_SUBST([AM_CFLAGS],["$OPT_CFLAGS $GDB_FLAGS $EXTRA_WARNINGS"]) +AX_PROG_DATE +AS_IF([test "$ax_cv_prog_date_gnu_date:$ax_cv_prog_date_gnu_utc" = yes:yes], + [UTC_DATE_AT="date -u -d@"], + [AS_IF([test "x$ax_cv_prog_date_bsd_date" = xyes], + [UTC_DATE_AT="date -u -r"], + [AC_MSG_ERROR([date utility unable to convert epoch to UTC])])]) +AC_SUBST([UTC_DATE_AT]) + +AC_ARG_VAR([SOURCE_EPOCH],[last modification date of the source]) +AC_MSG_NOTICE([trying to determine source epoch]) +AC_MSG_CHECKING([for source epoch in \$SOURCE_EPOCH]) +AS_IF([test -n "$SOURCE_EPOCH"], + [AC_MSG_RESULT([yes])], + [AC_MSG_RESULT([no]) + AC_MSG_CHECKING([for source epoch in source_epoch file]) + AS_IF([test -e "$srcdir/source_epoch"], + [read SOURCE_EPOCH <"$srcdir/source_epoch" + AC_MSG_RESULT([yes])], + [AC_MSG_RESULT([no]) + AC_MSG_CHECKING([for source epoch baked in by gitattributes export-subst]) + SOURCE_EPOCH='1524461443' # template for rewriting by git-archive + AS_CASE([$SOURCE_EPOCH], + [?Format:*], # was not rewritten + [AC_MSG_RESULT([no]) + AC_MSG_CHECKING([for source epoch in \$SOURCE_DATE_EPOCH]) + AS_IF([test "x$SOURCE_DATE_EPOCH" != x], + [SOURCE_EPOCH="$SOURCE_DATE_EPOCH" + AC_MSG_RESULT([yes])], + [AC_MSG_RESULT([no]) + AC_MSG_CHECKING([whether git log can provide a source epoch]) + SOURCE_EPOCH=f${SOURCE_EPOCH#\$F} # convert into git log --pretty format + SOURCE_EPOCH=$(cd "$srcdir" && git log -1 --pretty=${SOURCE_EPOCH%$} 2>/dev/null) + AS_IF([test -n "$SOURCE_EPOCH"], + [AC_MSG_RESULT([yes])], + [AC_MSG_RESULT([no, using current time and breaking reproducibility]) + SOURCE_EPOCH=$(date +%s)])])], + [AC_MSG_RESULT([yes])] + )]) + ]) +AC_MSG_NOTICE([using source epoch $($UTC_DATE_AT$SOURCE_EPOCH +'%F %T %Z')]) + AC_CONFIG_FILES([ Makefile init/Makefile @@ -471,4 +512,17 @@ poc-code/access-list/Makefile ]) +if test "x$VERSION" = "xUNKNOWN"; then + AC_MSG_ERROR([m4_text_wrap([ + configure was unable to determine the source tree's current version. This + generally happens when using git archive (or the github download button) + generated tarball/zip file. In order to workaround this issue, either use git + clone https://github.com/kronosnet/kronosnet.git or use an official release + tarball, available at https://kronosnet.org/releases/. Alternatively you + can add a compatible version in a .tarball-version file at the top of the + source tree, wipe your autom4te.cache dir and generated configure, and rerun + autogen.sh. + ], [ ], [ ], [76])]) +fi + AC_OUTPUT diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kronosnet-1.1/libknet/compress.c new/kronosnet-1.3/libknet/compress.c --- old/kronosnet-1.1/libknet/compress.c 2018-02-25 05:31:46.000000000 +0100 +++ new/kronosnet-1.3/libknet/compress.c 2018-04-23 07:30:43.000000000 +0200 @@ -87,7 +87,10 @@ int compress_model, int compress_level) { - return compress_modules_cmds[compress_model].ops->val_level(knet_h, compress_level); + if (compress_modules_cmds[compress_model].ops->val_level != NULL) { + return compress_modules_cmds[compress_model].ops->val_level(knet_h, compress_level); + } + return 0; } /* @@ -184,6 +187,47 @@ return 0; } +static int compress_lib_test(knet_handle_t knet_h) +{ + int savederrno = 0; + unsigned char src[KNET_DATABUFSIZE]; + unsigned char dst[KNET_DATABUFSIZE_COMPRESS]; + ssize_t dst_comp_len = KNET_DATABUFSIZE_COMPRESS, dst_decomp_len = KNET_DATABUFSIZE; + unsigned int i; + + memset(src, 0, KNET_DATABUFSIZE); + memset(dst, 0, KNET_DATABUFSIZE_COMPRESS); + + /* + * NOTE: we cannot use compress and decompress API calls due to locking + * so we need to call directly into the modules + */ + + if (compress_modules_cmds[knet_h->compress_model].ops->compress(knet_h, src, KNET_DATABUFSIZE, dst, &dst_comp_len) < 0) { + savederrno = errno; + log_err(knet_h, KNET_SUB_COMPRESS, "Unable to compress test buffer. Please check your compression settings: %s", strerror(savederrno)); + errno = savederrno; + return -1; + } + + if (compress_modules_cmds[knet_h->compress_model].ops->decompress(knet_h, dst, dst_comp_len, src, &dst_decomp_len) < 0) { + savederrno = errno; + log_err(knet_h, KNET_SUB_COMPRESS, "Unable to decompress test buffer. Please check your compression settings: %s", strerror(savederrno)); + errno = savederrno; + return -1; + } + + for (i = 0; i < KNET_DATABUFSIZE; i++) { + if (src[i] != 0) { + log_err(knet_h, KNET_SUB_COMPRESS, "Decompressed buffer contains incorrect data"); + errno = EINVAL; + return -1; + } + } + + return 0; +} + int compress_init( knet_handle_t knet_h) { @@ -277,15 +321,22 @@ goto out_unlock; } + knet_h->compress_model = cmp_model; + knet_h->compress_level = knet_handle_compress_cfg->compress_level; + + if (compress_lib_test(knet_h) < 0) { + savederrno = errno; + err = -1; + goto out_unlock; + } + out_unlock: pthread_rwlock_unlock(&shlib_rwlock); } - if (!err) { - knet_h->compress_model = cmp_model; - knet_h->compress_level = knet_handle_compress_cfg->compress_level; - } else { + if (err) { knet_h->compress_model = 0; + knet_h->compress_level = 0; } errno = savederrno; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kronosnet-1.1/libknet/compress_bzip2.c new/kronosnet-1.3/libknet/compress_bzip2.c --- old/kronosnet-1.1/libknet/compress_bzip2.c 2018-02-25 05:31:46.000000000 +0100 +++ new/kronosnet-1.3/libknet/compress_bzip2.c 2018-04-23 07:30:43.000000000 +0200 @@ -15,18 +15,6 @@ #include "logging.h" #include "compress_model.h" -static int bzip2_val_level( - knet_handle_t knet_h, - int compress_level) -{ - if ((compress_level < 1) || (compress_level > 9)) { - log_err(knet_h, KNET_SUB_BZIP2COMP, "bzip2 unsupported compression level %d (accepted values from 1 to 9)", compress_level); - errno = EINVAL; - return -1; - } - return 0; -} - static int bzip2_compress( knet_handle_t knet_h, const unsigned char *buf_in, @@ -120,7 +108,7 @@ NULL, NULL, NULL, - bzip2_val_level, + NULL, bzip2_compress, bzip2_decompress }; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kronosnet-1.1/libknet/compress_lz4.c new/kronosnet-1.3/libknet/compress_lz4.c --- old/kronosnet-1.1/libknet/compress_lz4.c 2018-02-25 05:31:46.000000000 +0100 +++ new/kronosnet-1.3/libknet/compress_lz4.c 2018-04-23 07:30:43.000000000 +0200 @@ -15,17 +15,6 @@ #include "logging.h" #include "compress_model.h" -static int lz4_val_level( - knet_handle_t knet_h, - int compress_level) -{ - if (compress_level <= 0) { - log_info(knet_h, KNET_SUB_LZ4COMP, "lz4 acceleration level 0 (or negatives) are automatically remapped to 1"); - } - - return 0; -} - static int lz4_compress( knet_handle_t knet_h, const unsigned char *buf_in, @@ -96,7 +85,7 @@ NULL, NULL, NULL, - lz4_val_level, + NULL, lz4_compress, lz4_decompress }; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kronosnet-1.1/libknet/compress_lz4hc.c new/kronosnet-1.3/libknet/compress_lz4hc.c --- old/kronosnet-1.1/libknet/compress_lz4hc.c 2018-02-25 05:31:46.000000000 +0100 +++ new/kronosnet-1.3/libknet/compress_lz4hc.c 2018-04-23 07:30:43.000000000 +0200 @@ -32,27 +32,6 @@ #define KNET_LZ4HC_MAX 16 #endif -static int lz4hc_val_level( - knet_handle_t knet_h, - int compress_level) -{ - if (compress_level < 1) { - log_err(knet_h, KNET_SUB_LZ4HCCOMP, "lz4hc supports only 1+ values for compression level"); - errno = EINVAL; - return -1; - } - - if (compress_level < 4) { - log_info(knet_h, KNET_SUB_LZ4HCCOMP, "lz4hc recommends 4+ compression level for better results"); - } - - if (compress_level > KNET_LZ4HC_MAX) { - log_warn(knet_h, KNET_SUB_LZ4HCCOMP, "lz4hc installed on this system supports up to compression level %d. Higher values behaves as %d", KNET_LZ4HC_MAX, KNET_LZ4HC_MAX); - } - - return 0; -} - static int lz4hc_compress( knet_handle_t knet_h, const unsigned char *buf_in, @@ -117,7 +96,7 @@ NULL, NULL, NULL, - lz4hc_val_level, + NULL, lz4hc_compress, lz4_decompress }; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kronosnet-1.1/libknet/compress_lzma.c new/kronosnet-1.3/libknet/compress_lzma.c --- old/kronosnet-1.1/libknet/compress_lzma.c 2018-02-25 05:31:46.000000000 +0100 +++ new/kronosnet-1.3/libknet/compress_lzma.c 2018-04-23 07:30:43.000000000 +0200 @@ -15,19 +15,6 @@ #include "logging.h" #include "compress_model.h" -static int lzma_val_level( - knet_handle_t knet_h, - int compress_level) -{ - if ((compress_level < 0) || (compress_level > 9)) { - log_err(knet_h, KNET_SUB_LZMACOMP, "lzma unsupported compression preset %d (accepted values from 0 to 9)", compress_level); - errno = EINVAL; - return -1; - } - - return 0; -} - static int lzma_compress( knet_handle_t knet_h, const unsigned char *buf_in, @@ -132,7 +119,7 @@ NULL, NULL, NULL, - lzma_val_level, + NULL, lzma_compress, lzma_decompress }; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kronosnet-1.1/libknet/compress_model.h new/kronosnet-1.3/libknet/compress_model.h --- old/kronosnet-1.1/libknet/compress_model.h 2018-02-25 05:31:46.000000000 +0100 +++ new/kronosnet-1.3/libknet/compress_model.h 2018-04-23 07:30:43.000000000 +0200 @@ -48,8 +48,6 @@ */ /* - * required functions - * * val_level is called upon compress configuration changes * to make sure that the requested compress_level is valid * within the context of a given module. @@ -58,6 +56,8 @@ int compress_level); /* + * required functions + * * hopefully those 2 don't require any explanation.... */ int (*compress) (knet_handle_t knet_h, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kronosnet-1.1/libknet/compress_zlib.c new/kronosnet-1.3/libknet/compress_zlib.c --- old/kronosnet-1.1/libknet/compress_zlib.c 2018-02-25 05:31:46.000000000 +0100 +++ new/kronosnet-1.3/libknet/compress_zlib.c 2018-04-23 07:30:43.000000000 +0200 @@ -15,25 +15,6 @@ #include "logging.h" #include "compress_model.h" -static int zlib_val_level( - knet_handle_t knet_h, - int compress_level) -{ - if (compress_level < 0) { - log_err(knet_h, KNET_SUB_ZLIBCOMP, "zlib does not support negative compression level %d", - compress_level); - return -1; - } - if (compress_level > 9) { - log_err(knet_h, KNET_SUB_ZLIBCOMP, "zlib does not support compression level higher than 9"); - return -1; - } - if (compress_level == 0) { - log_warn(knet_h, KNET_SUB_ZLIBCOMP, "zlib compress level 0 does NOT perform any compression"); - } - return 0; -} - static int zlib_compress( knet_handle_t knet_h, const unsigned char *buf_in, @@ -130,7 +111,7 @@ NULL, NULL, NULL, - zlib_val_level, + NULL, zlib_compress, zlib_decompress }; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kronosnet-1.1/libknet/crypto_nss.c new/kronosnet-1.3/libknet/crypto_nss.c --- old/kronosnet-1.1/libknet/crypto_nss.c 2018-02-25 05:31:46.000000000 +0100 +++ new/kronosnet-1.3/libknet/crypto_nss.c 2018-04-23 07:30:43.000000000 +0200 @@ -426,6 +426,11 @@ int datalen = buf_in_len - SALT_SIZE; int err = -1; + if (datalen <= 0) { + log_err(knet_h, KNET_SUB_NSSCRYPTO, "Packet is too short"); + goto out; + } + /* Create cipher context for decryption */ decrypt_param.type = siBuffer; decrypt_param.data = salt; @@ -466,7 +471,6 @@ return err; } - /* * hash/hmac/digest functions */ @@ -586,7 +590,7 @@ } if (!nss_db_is_init) { - if (NSS_NoDB_Init(".") != SECSuccess) { + if (NSS_NoDB_Init(NULL) != SECSuccess) { log_err(knet_h, KNET_SUB_NSSCRYPTO, "NSS DB initialization failed (err %d): %s", PR_GetError(), PR_ErrorToString(PR_GetError(), PR_LANGUAGE_I_DEFAULT)); errno = EAGAIN; @@ -672,7 +676,7 @@ unsigned char tmp_hash[nsshash_len[instance->crypto_hash_type]]; ssize_t temp_buf_len = buf_in_len - nsshash_len[instance->crypto_hash_type]; - if ((temp_buf_len < 0) || (temp_buf_len > KNET_MAX_PACKET_SIZE)) { + if ((temp_buf_len <= 0) || (temp_buf_len > KNET_MAX_PACKET_SIZE)) { log_err(knet_h, KNET_SUB_NSSCRYPTO, "Incorrect packet size."); return -1; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kronosnet-1.1/libknet/crypto_openssl.c new/kronosnet-1.3/libknet/crypto_openssl.c --- old/kronosnet-1.1/libknet/crypto_openssl.c 2018-02-25 05:31:46.000000000 +0100 +++ new/kronosnet-1.3/libknet/crypto_openssl.c 2018-04-23 07:30:43.000000000 +0200 @@ -229,7 +229,7 @@ ssize_t *buf_out_len) { struct opensslcrypto_instance *instance = knet_h->crypto_instance->model_instance; - EVP_CIPHER_CTX *ctx; + EVP_CIPHER_CTX *ctx = NULL; int tmplen1 = 0, tmplen2 = 0; unsigned char *salt = (unsigned char *)buf_in; unsigned char *data = salt + SALT_SIZE; @@ -237,6 +237,12 @@ int err = 0; char sslerr[SSLERR_BUF_SIZE]; + if (datalen <= 0) { + log_err(knet_h, KNET_SUB_OPENSSLCRYPTO, "Packet is too short"); + err = -1; + goto out; + } + ctx = EVP_CIPHER_CTX_new(); /* @@ -266,7 +272,9 @@ *buf_out_len = tmplen1 + tmplen2; out: - EVP_CIPHER_CTX_free(ctx); + if (ctx) { + EVP_CIPHER_CTX_free(ctx); + } return err; } #endif @@ -366,7 +374,7 @@ unsigned char tmp_hash[knet_h->sec_hash_size]; ssize_t temp_buf_len = buf_in_len - knet_h->sec_hash_size; - if ((temp_buf_len < 0) || (temp_buf_len > KNET_MAX_PACKET_SIZE)) { + if ((temp_buf_len <= 0) || (temp_buf_len > KNET_MAX_PACKET_SIZE)) { log_err(knet_h, KNET_SUB_OPENSSLCRYPTO, "Incorrect packet size."); return -1; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kronosnet-1.1/libknet/tests/api_knet_handle_compress.c new/kronosnet-1.3/libknet/tests/api_knet_handle_compress.c --- old/kronosnet-1.1/libknet/tests/api_knet_handle_compress.c 2018-02-25 05:31:46.000000000 +0100 +++ new/kronosnet-1.3/libknet/tests/api_knet_handle_compress.c 2018-04-23 07:30:43.000000000 +0200 @@ -81,14 +81,14 @@ flush_logs(logfds[0], stdout); - printf("Test knet_handle_compress with zlib compress and negative level\n"); + printf("Test knet_handle_compress with zlib compress and negative level (-2)\n"); memset(&knet_handle_compress_cfg, 0, sizeof(struct knet_handle_compress_cfg)); strncpy(knet_handle_compress_cfg.compress_model, "zlib", sizeof(knet_handle_compress_cfg.compress_model) - 1); - knet_handle_compress_cfg.compress_level = -1; + knet_handle_compress_cfg.compress_level = -2; if ((!knet_handle_compress(knet_h, &knet_handle_compress_cfg)) || (errno != EINVAL)) { - printf("knet_handle_compress accepted invalid (-1) compress level for zlib\n"); + printf("knet_handle_compress accepted invalid (-2) compress level for zlib\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kronosnet-1.1/libknet/threads_rx.c new/kronosnet-1.3/libknet/threads_rx.c --- old/kronosnet-1.1/libknet/threads_rx.c 2018-02-25 05:31:46.000000000 +0100 +++ new/kronosnet-1.3/libknet/threads_rx.c 2018-04-23 07:30:43.000000000 +0200 @@ -452,6 +452,10 @@ /* check if we are dst for this packet */ if (!bcast) { + if (dst_host_ids_entries > KNET_MAX_HOST) { + log_debug(knet_h, KNET_SUB_RX, "dst_host_filter_fn returned too many destinations"); + return; + } for (host_idx = 0; host_idx < dst_host_ids_entries; host_idx++) { if (dst_host_ids[host_idx] == knet_h->host_id) { found = 1; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kronosnet-1.1/libknet/threads_tx.c new/kronosnet-1.3/libknet/threads_tx.c --- old/kronosnet-1.1/libknet/threads_tx.c 2018-02-25 05:31:46.000000000 +0100 +++ new/kronosnet-1.3/libknet/threads_tx.c 2018-04-23 07:30:43.000000000 +0200 @@ -195,6 +195,14 @@ err = -1; goto out_unlock; } + + if ((!bcast) && + (dst_host_ids_entries_temp > KNET_MAX_HOST)) { + log_debug(knet_h, KNET_SUB_TX, "dst_host_filter_fn returned too many destinations"); + savederrno = EINVAL; + err = -1; + goto out_unlock; + } } /* Send to localhost if appropriate and enabled */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kronosnet-1.1/m4/ax_prog_date.m4 new/kronosnet-1.3/m4/ax_prog_date.m4 --- old/kronosnet-1.1/m4/ax_prog_date.m4 1970-01-01 01:00:00.000000000 +0100 +++ new/kronosnet-1.3/m4/ax_prog_date.m4 2018-04-23 07:30:43.000000000 +0200 @@ -0,0 +1,137 @@ +# =========================================================================== +# https://www.gnu.org/software/autoconf-archive/ax_prog_date.html +# =========================================================================== +# +# SYNOPSIS +# +# AX_PROG_DATE() +# +# DESCRIPTION +# +# This macro tries to determine the type of the date (1) command and some +# of its non-standard capabilities. +# +# The type is determined as follow: +# +# * If the version string contains "GNU", then: +# - The variable ax_cv_prog_date_gnu is set to "yes". +# - The variable ax_cv_prog_date_type is set to "gnu". +# +# * If date supports the "-v 1d" option, then: +# - The variable ax_cv_prog_date_bsd is set to "yes". +# - The variable ax_cv_prog_date_type is set to "bsd". +# +# * If both previous checks fail, then: +# - The variable ax_cv_prog_date_type is set to "unknown". +# +# The following capabilities of GNU date are checked: +# +# * If date supports the --date arg option, then: +# - The variable ax_cv_prog_date_gnu_date is set to "yes". +# +# * If date supports the --utc arg option, then: +# - The variable ax_cv_prog_date_gnu_utc is set to "yes". +# +# The following capabilities of BSD date are checked: +# +# * If date supports the -v 1d option, then: +# - The variable ax_cv_prog_date_bsd_adjust is set to "yes". +# +# * If date supports the -r arg option, then: +# - The variable ax_cv_prog_date_bsd_date is set to "yes". +# +# All the aforementioned variables are set to "no" before a check is +# performed. +# +# LICENSE +# +# Copyright (c) 2017 Enrico M. Crisostomo <[email protected]> +# +# This program is free software: you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation, either version 3 of the License, or (at your +# option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General +# Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program. If not, see <http://www.gnu.org/licenses/>. +# +# As a special exception, the respective Autoconf Macro's copyright owner +# gives unlimited permission to copy, distribute and modify the configure +# scripts that are the output of Autoconf when processing the Macro. You +# need not follow the terms of the GNU General Public License when using +# or distributing such scripts, even though portions of the text of the +# Macro appear in them. The GNU General Public License (GPL) does govern +# all other use of the material that constitutes the Autoconf Macro. +# +# This special exception to the GPL applies to versions of the Autoconf +# Macro released by the Autoconf Archive. When you make and distribute a +# modified version of the Autoconf Macro, you may extend this special +# exception to the GPL to apply to your modified version as well. + +#serial 3 + +AC_DEFUN([AX_PROG_DATE], [dnl + AC_CACHE_CHECK([for GNU date], [ax_cv_prog_date_gnu], [ + ax_cv_prog_date_gnu=no + if date --version 2>/dev/null | head -1 | grep -q GNU + then + ax_cv_prog_date_gnu=yes + fi + ]) + AC_CACHE_CHECK([for BSD date], [ax_cv_prog_date_bsd], [ + ax_cv_prog_date_bsd=no + if date -v 1d > /dev/null 2>&1 + then + ax_cv_prog_date_bsd=yes + fi + ]) + AC_CACHE_CHECK([for date type], [ax_cv_prog_date_type], [ + ax_cv_prog_date_type=unknown + if test "x${ax_cv_prog_date_gnu}" = "xyes" + then + ax_cv_prog_date_type=gnu + elif test "x${ax_cv_prog_date_bsd}" = "xyes" + then + ax_cv_prog_date_type=bsd + fi + ]) + AS_VAR_IF([ax_cv_prog_date_gnu], [yes], [ + AC_CACHE_CHECK([whether GNU date supports --date], [ax_cv_prog_date_gnu_date], [ + ax_cv_prog_date_gnu_date=no + if date --date=@1512031231 > /dev/null 2>&1 + then + ax_cv_prog_date_gnu_date=yes + fi + ]) + AC_CACHE_CHECK([whether GNU date supports --utc], [ax_cv_prog_date_gnu_utc], [ + ax_cv_prog_date_gnu_utc=no + if date --utc > /dev/null 2>&1 + then + ax_cv_prog_date_gnu_utc=yes + fi + ]) + ]) + AS_VAR_IF([ax_cv_prog_date_bsd], [yes], [ + AC_CACHE_CHECK([whether BSD date supports -r], [ax_cv_prog_date_bsd_date], [ + ax_cv_prog_date_bsd_date=no + if date -r 1512031231 > /dev/null 2>&1 + then + ax_cv_prog_date_bsd_date=yes + fi + ]) + ]) + AS_VAR_IF([ax_cv_prog_date_bsd], [yes], [ + AC_CACHE_CHECK([whether BSD date supports -v], [ax_cv_prog_date_bsd_adjust], [ + ax_cv_prog_date_bsd_adjust=no + if date -v 1d > /dev/null 2>&1 + then + ax_cv_prog_date_bsd_adjust=yes + fi + ]) + ]) +])dnl AX_PROG_DATE diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kronosnet-1.1/man/Makefile.am new/kronosnet-1.3/man/Makefile.am --- old/kronosnet-1.1/man/Makefile.am 2018-02-25 05:31:46.000000000 +0100 +++ new/kronosnet-1.3/man/Makefile.am 2018-04-23 07:30:43.000000000 +0200 @@ -101,7 +101,8 @@ doxyfile-knet.stamp: $(builddir)/doxyxml Doxyfile-knet $(top_srcdir)/libknet/libknet.h $(DOXYGEN) Doxyfile-knet - $(builddir)/doxyxml -m -P -o $(builddir) -s 3 -p @PACKAGE_NAME@ -H "Kronosnet Programmer's Manual" -d $(builddir)/xml-knet/ libknet_8h.xml + $(builddir)/doxyxml -m -P -o $(builddir) -s 3 -p @PACKAGE_NAME@ -H "Kronosnet Programmer's Manual" \ + $$($(UTC_DATE_AT)$(SOURCE_EPOCH) +"-D %F -Y %Y") -d $(builddir)/xml-knet/ libknet_8h.xml touch doxyfile-knet.stamp endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kronosnet-1.1/man/doxyxml.c new/kronosnet-1.3/man/doxyxml.c --- old/kronosnet-1.1/man/doxyxml.c 2018-02-25 05:31:46.000000000 +0100 +++ new/kronosnet-1.3/man/doxyxml.c 2018-04-23 07:30:43.000000000 +0200 @@ -44,6 +44,8 @@ static const char *output_dir="./"; static const char *xml_dir = XML_DIR; static const char *xml_file = XML_FILE; +static const char *manpage_date = NULL; +static long manpage_year = LONG_MIN; static struct qb_list_head params_list; static struct qb_list_head retval_list; static qb_map_t *function_map; @@ -432,6 +434,7 @@ { char manfilename[PATH_MAX]; char gendate[64]; + const char *dateptr = gendate; FILE *manfile; time_t t; struct tm *tm; @@ -455,6 +458,13 @@ } strftime(gendate, sizeof(gendate), "%Y-%m-%d", tm); + if (manpage_date) { + dateptr = manpage_date; + } + if (manpage_year == LONG_MIN) { + manpage_year = tm->tm_year+1900; + } + snprintf(manfilename, sizeof(manfilename), "%s/%s.%s", output_dir, name, man_section); manfile = fopen(manfilename, "w+"); if (!manfile) { @@ -486,7 +496,7 @@ /* Off we go */ fprintf(manfile, ".\\\" Automatically generated man page, do not edit\n"); - fprintf(manfile, ".TH %s %s %s \"%s\" \"%s\"\n", name, man_section, gendate, package_name, header); + fprintf(manfile, ".TH %s %s %s \"%s\" \"%s\"\n", name, man_section, dateptr, package_name, header); fprintf(manfile, ".SH NAME\n"); fprintf(manfile, "%s \\- %s\n", name, brief); @@ -580,7 +590,7 @@ fprintf(manfile, ".hy\n"); fprintf(manfile, ".SH \"COPYRIGHT\"\n"); fprintf(manfile, ".PP\n"); - fprintf(manfile, "Copyright (C) 2010-%4d Red Hat, Inc. All rights reserved.\n", tm->tm_year+1900); + fprintf(manfile, "Copyright (C) 2010-%4ld Red Hat, Inc. All rights reserved.\n", manpage_year); fclose(manfile); /* Free the params & retval info */ @@ -731,7 +741,7 @@ static void usage(char *name) { printf("Usage:\n"); - printf(" %s -[am] [-s <section>] [-p<packagename>] [-H <header>] [-o <output dir>] [<XML file>]\n", name); + printf(" %s [OPTIONS] [<XML file>]\n", name); printf("\n"); printf(" <XML file> defaults to %s\n", XML_FILE); printf("\n"); @@ -741,6 +751,8 @@ printf(" -s <s> Write man pages into section <s> <default 3)\n"); printf(" -p <package> Use <package> name. default <Kronosnet>\n"); printf(" -H <header> Set header (default \"Kronosnet Programmer's Manual\"\n"); + printf(" -D <date> Date to print at top of man pages (format not checked, default: today)\n"); + printf(" -Y <year> Year to print at end of copyright line (default: today's year)\n"); printf(" -o <dir> Write all man pages to <dir> (default .)\n"); printf(" -d <dir> Directory for XML files (default %s)\n", XML_DIR); printf(" -h Print this usage text\n"); @@ -754,7 +766,7 @@ int opt; char xml_filename[PATH_MAX]; - while ( (opt = getopt_long(argc, argv, "H:amPs:d:o:p:f:h?", NULL, NULL)) != EOF) + while ( (opt = getopt_long(argc, argv, "H:amPD:Y:s:d:o:p:f:h?", NULL, NULL)) != EOF) { switch(opt) { @@ -775,6 +787,21 @@ case 'd': xml_dir = optarg; break; + case 'D': + manpage_date = optarg; + break; + case 'Y': + manpage_year = strtol(optarg, NULL, 10); + /* + * Don't make too many assumptions about the year. I was on call at the + * 2000 rollover. #experience + */ + if (manpage_year == LONG_MIN || manpage_year == LONG_MAX || + manpage_year < 1900) { + fprintf(stderr, "Value passed to -Y is not a valid year number\n"); + return 1; + } + break; case 'p': package_name = optarg; break;
