Hello community,
here is the log from the commit of package openwsman for openSUSE:Factory
checked in at 2019-08-15 12:28:52
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openwsman (Old)
and /work/SRC/openSUSE:Factory/.openwsman.new.9556 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openwsman"
Thu Aug 15 12:28:52 2019 rev:68 rq:723295 version:2.6.10
Changes:
--------
--- /work/SRC/openSUSE:Factory/openwsman/openwsman.changes 2019-06-13
23:06:19.939194843 +0200
+++ /work/SRC/openSUSE:Factory/.openwsman.new.9556/openwsman.changes
2019-08-15 12:28:54.078520149 +0200
@@ -1,0 +2,11 @@
+Wed Aug 7 11:44:15 UTC 2019 - Klaus Kämpf <kkae...@suse.com>
+
+- Update to 2.6.10
+ * install firewalld configuration (Leap/SLE 15+, Fedora 15+)
+ * Fix possible denial of service (bsc#1122623, CVE-2019-3816, CVE-2019-3833)
+ * Pthread usage fixes (Alexander Usyskin)
+ * Convert sprintf to snprintf and strcpy to strncpy (Tomas Winkler)
+
+- drop bsc1122623.patch and debug_fix.patch, upstreamed
+
+-------------------------------------------------------------------
@@ -39,0 +51,3 @@
+
+- Switch license to BSD-3-Clause AND GPL-2.0-only, since redirect
+ plugin is under GPL 2.0 only license.
Old:
----
bsc1122623.patch
debug_fix.patch
openwsman-2.6.9.tar.bz2
New:
----
openwsman-2.6.10.tar.bz2
openwsman.firewalld
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openwsman.spec ++++++
--- /var/tmp/diff_new_pack.KS7JJK/_old 2019-08-15 12:28:55.342518977 +0200
+++ /var/tmp/diff_new_pack.KS7JJK/_new 2019-08-15 12:28:55.346518974 +0200
@@ -22,6 +22,12 @@
%define has_systemd 0
%endif
+%if 0%{?suse_version} > 1500 || 0%{?fedora_version} > 14
+%define has_firewalld 1
+%else
+%define has_firewalld 0
+%endif
+
%if 0%{?suse_version} >= 1500
%define want_python3 1
%else
@@ -131,8 +137,12 @@
%{?systemd_requires}
%endif
+%if 0%{?has_firewalld}
+BuildRequires: firewall-macros
+%endif
+
Requires(pre): sed coreutils grep /bin/hostname
-Version: 2.6.9
+Version: 2.6.10
Release: 0
# Mandriva:
# Release %%mkrel 1
@@ -153,8 +163,7 @@
Source3: %{name}.SuSEfirewall2
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Source4: %{name}.service
-Patch2: bsc1122623.patch
-Patch3: debug_fix.patch
+Source5: %{name}.firewalld
%description
OpenWSMAN is an implementation of the WS-Management protocol stack.
@@ -365,8 +374,6 @@
%if 0%{?fedora_version} || 0%{?centos_version} || 0%{?rhel_version} ||
0%{?fedora} || 0%{?rhel}
%patch1 -p1
%endif
-%patch2 -p1
-%patch3 -p1
%build
rm -rf build
@@ -412,7 +419,7 @@
%install
cd build
-DESTDIR=%{buildroot} make install
+%make_install
mkdir -p %{buildroot}/%{_docdir}
# don't copy ruby docs if they don't exist
[ -d bindings/ruby/html ] && cp -a bindings/ruby/html
%{buildroot}/%{_docdir}/openwsman-ruby-docs
@@ -431,13 +438,16 @@
install -m 755 build/etc/init/openwsmand.sh
%{buildroot}/%{_sysconfdir}/init.d/openwsmand
ln -sf %{_sysconfdir}/init.d/openwsmand %{buildroot}/%{_sbindir}/rcopenwsmand
%endif
+%if 0%{?has_firewalld}
+mkdir -p %{buildroot}/%{_libexecdir}/firewalld/services
+install -D -m 644 %{S:5}
%{buildroot}/%{_libexecdir}/firewalld/services/%{name}.xml
+%else
+install -D -m 644 %{S:3}
%{buildroot}/%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/openwsman
+%endif
install -m 644 etc/openwsman.conf %{buildroot}/%{_sysconfdir}/openwsman
install -m 644 etc/openwsman_client.conf %{buildroot}/%{_sysconfdir}/openwsman
install -m 644 etc/ssleay.cnf %{buildroot}/%{_sysconfdir}/openwsman
install -m 644 %{pamfile} %{buildroot}/%{_sysconfdir}/pam.d/openwsman
-%if 0%{?suse_version} > 1010
-install -D -m 644 %{S:3}
%{buildroot}/%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/openwsman
-%endif
%if 0%{?rhel_version} == 700
rm -f %{buildroot}/%{_bindir}/winrs
%endif
@@ -463,6 +473,9 @@
# FIXME: chkconfig?!
%endif
%endif
+%if 0%{?has_firewalld}
+%firewalld_reload
+%endif
%preun server
%if 0%{?has_systemd}
@@ -562,7 +575,11 @@
%config(noreplace) %{_sysconfdir}/openwsman/ssleay.cnf
%attr(0755,root,root) %{_sysconfdir}/openwsman/owsmangencert.sh
%config %{_sysconfdir}/pam.d/openwsman
-%if 0%{?suse_version} > 1010
+%if 0%{?has_firewalld}
+%dir %{_libexecdir}/firewalld
+%dir %{_libexecdir}/firewalld/services
+%{_libexecdir}/firewalld/services/%{name}.xml
+%else
%config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/openwsman
%endif
%if 0%{?has_systemd}
++++++ openwsman-2.6.9.tar.bz2 -> openwsman-2.6.10.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openwsman-2.6.9/CMakeLists.txt
new/openwsman-2.6.10/CMakeLists.txt
--- old/openwsman-2.6.9/CMakeLists.txt 2018-10-12 11:58:29.000000000 +0200
+++ new/openwsman-2.6.10/CMakeLists.txt 2019-08-07 13:43:36.000000000 +0200
@@ -19,7 +19,7 @@
cmake_policy(SET CMP0042 NEW)
endif ( POLICY CMP0042 )
if ( POLICY CMP0046 )
- cmake_policy(SET CMP0046 OLD)
+ cmake_policy(SET CMP0046 NEW)
endif ( POLICY CMP0046 )
endif(COMMAND cmake_policy)
@@ -251,18 +251,20 @@
# curl
-INCLUDE(FindCURL)
-IF ( NOT CURL_FOUND)
- MESSAGE( FATAL_ERROR " curl not found" )
-ELSE ( NOT CURL_FOUND)
- INCLUDE_DIRECTORIES(${CURL_INCLUDE_DIR})
- IF(CURL_VERSION_STRING)
- STRING(COMPARE LESS ${CURL_VERSION_STRING} "7.12.0" result)
- IF(result LESS 0)
- MESSAGE( FATAL_ERROR " curl version ${CURL_VERSION_STRING} is too low,
need 7.12.0 or greater" )
- ENDIF(result LESS 0)
- ENDIF(CURL_VERSION_STRING)
-ENDIF( NOT CURL_FOUND)
+IF(UNIX)
+ INCLUDE(FindCURL)
+ IF ( NOT CURL_FOUND)
+ MESSAGE( FATAL_ERROR " curl not found" )
+ ELSE ( NOT CURL_FOUND)
+ INCLUDE_DIRECTORIES(${CURL_INCLUDE_DIR})
+ IF(CURL_VERSION_STRING)
+ STRING(COMPARE LESS ${CURL_VERSION_STRING} "7.12.0" result)
+ IF(result LESS 0)
+ MESSAGE( FATAL_ERROR " curl version ${CURL_VERSION_STRING} is too low,
need 7.12.0 or greater" )
+ ENDIF(result LESS 0)
+ ENDIF(CURL_VERSION_STRING)
+ ENDIF( NOT CURL_FOUND)
+ENDIF(UNIX)
# xml2
@@ -275,12 +277,14 @@
# pthreads
-INCLUDE(FindThreads)
-IF( NOT CMAKE_USE_PTHREADS_INIT )
- MESSAGE( FATAL_ERROR " openwsman needs pthread" )
-ELSE( NOT CMAKE_USE_PTHREADS_INIT )
- SET(USE_PTHREAD TRUE)
-ENDIF( NOT CMAKE_USE_PTHREADS_INIT )
+IF(UNIX)
+ INCLUDE(FindThreads)
+ IF( NOT CMAKE_USE_PTHREADS_INIT )
+ MESSAGE( FATAL_ERROR " openwsman needs pthread" )
+ ELSE( NOT CMAKE_USE_PTHREADS_INIT )
+ SET(USE_PTHREAD TRUE)
+ ENDIF( NOT CMAKE_USE_PTHREADS_INIT )
+ENDIF(UNIX)
# dl
@@ -328,6 +332,18 @@
# Various include files
INCLUDE(CheckIncludeFile)
+INCLUDE(CheckFunctionExists)
+
+CHECK_FUNCTION_EXISTS( "alloca" HAVE_ALLOCA )
+IF (NOT HAVE_ALLOCA)
+ SET(HAVE_ALLOCA 0)
+ SET(C_ALLOCA 0)
+ CHECK_INCLUDE_FILE( "alloca.h" HAVE_ALLOCA_H )
+ELSE (NOT HAVE_ALLOCA)
+ SET(HAVE_ALLOCA 1)
+ SET(C_ALLOCA 1)
+ SET(HAVE_ALLOCA_H 0)
+ENDIF (NOT HAVE_ALLOCA)
#
# The wsman_config file checks include file existance via "#if",
@@ -337,8 +353,7 @@
# The code below ensures that "HAVE_xxx" is set to "0" or "1"
#
-SET (FILES_TO_TEST "crypt.h" "ctype.h" "CUnit/Basic.h" "dirent.h" "dlfcn.h"
"ifaddrs.h" "inttypes.h" "memory.h" "netinet/in.h" "net/if_dl.h" "net/if.h"
"pam/pam_appl.h" "pam/pam_misc.h" "pthread.h" "security/pam_appl.h"
"security/pam_misc.h" "stdarg.h" "stdint.h" "stdlib.h" "strings.h" "string.h"
"sys/ioctl.h" "sys/resource.h" "sys/select.h" "sys/sendfile.h" "sys/signal.h"
"sys/socket.h" "sys/sockio.h" "sys/stat.h" "sys/types.h" "unistd.h" "vararg.h" )
-#SET(FILES_TO_TEST "crypt.h")
+SET (FILES_TO_TEST "alloca.h" "crypt.h" "ctype.h" "CUnit/Basic.h" "dirent.h"
"dlfcn.h" "ifaddrs.h" "inttypes.h" "memory.h" "netinet/in.h" "net/if_dl.h"
"net/if.h" "pam/pam_appl.h" "pam/pam_misc.h" "pthread.h" "security/pam_appl.h"
"security/pam_misc.h" "stdarg.h" "stdint.h" "stdlib.h" "strings.h" "string.h"
"sys/ioctl.h" "sys/resource.h" "sys/select.h" "sys/sendfile.h" "sys/signal.h"
"sys/socket.h" "sys/sockio.h" "sys/stat.h" "sys/types.h" "unistd.h" "vararg.h" )
FOREACH( FILE ${FILES_TO_TEST})
STRING(REGEX REPLACE "\\." "_" FILEDOT ${FILE})
STRING(REGEX REPLACE "/" "_" FILESLASH ${FILEDOT})
@@ -364,24 +379,12 @@
# library functions
-INCLUDE(CheckFunctionExists)
CHECK_FUNCTION_EXISTS("getifaddrs" HAVE_GETIFADDRS)
#SIOCGIFHWADDR
#SIOCGARP
SET( CRAY_STACKSEG_END 0 )
-CHECK_FUNCTION_EXISTS( "alloca" HAVE_ALLOCA )
-IF (NOT HAVE_ALLOCA)
- SET(HAVE_ALLOCA 0)
- SET(C_ALLOCA 0)
- CHECK_INCLUDE_FILE( "alloca.h" HAVE_ALLOCA_H )
-ELSE (NOT HAVE_ALLOCA)
- SET(HAVE_ALLOCA 1)
- SET(C_ALLOCA 1)
- SET(HAVE_ALLOCA_H 0)
-ENDIF (NOT HAVE_ALLOCA)
-
#
# The wsman_config file checks functions existance via "#if",
# requiring a 0/1 argument
@@ -390,7 +393,7 @@
# The code below ensures that "HAVE_xxx" is set to "0" or "1"
#
-SET (FUNCS_TO_TEST "bcopy" "crypt" "daemon" "fnmatch" "getaddrinfo"
"getnameinfo" "getpid" "gettimeofday" "gmtime_r" "inet_aton" "inet_ntop"
"inet_pton" "sleep" "srandom" "strsep" "strtok_r" "syslog" "timegm" "memmove"
"unlink" "va_copy" )
+SET (FUNCS_TO_TEST "bcopy" "crypt" "daemon" "fnmatch" "getaddrinfo"
"getnameinfo" "getpid" "gettimeofday" "gmtime_r" "inet_aton" "inet_ntop"
"inet_pton" "sleep" "srandom" "ssl" "strsep" "strtok_r" "syslog" "timegm"
"memmove" "unlink" "va_copy" )
FOREACH( FUNC ${FUNCS_TO_TEST})
STRING(TOUPPER ${FUNC} UPNAME)
SET(HAVENAME "HAVE_${UPNAME}")
@@ -441,15 +444,17 @@
ENDIF(HAVE_SA_LEN)
IF (ENABLE_IPV6)
- # Check if struct sockaddr_in6 contains sin6
- CHECK_STRUCT_HAS_MEMBER("struct sockaddr_in6" sin6_addr netinet/in.h
HAVE_IPV6)
-
- IF (HAVE_IPV6)
- SET(ENABLE_IPV6 1)
- ELSE (HAVE_IPV6)
- MESSAGE( SEND_ERROR " IPv6 not supported by system, disabling" )
- SET(ENABLE_IPV6 0)
- ENDIF (HAVE_IPV6)
+ IF(NOT WIN32)
+ # Check if struct sockaddr_in6 contains sin6
+ CHECK_STRUCT_HAS_MEMBER("struct sockaddr_in6" sin6_addr netinet/in.h
HAVE_IPV6)
+
+ IF (HAVE_IPV6)
+ SET(ENABLE_IPV6 1)
+ ELSE (HAVE_IPV6)
+ MESSAGE( SEND_ERROR " IPv6 not supported by system, disabling" )
+ SET(ENABLE_IPV6 0)
+ ENDIF (HAVE_IPV6)
+ ENDIF(NOT WIN32)
ELSE (ENABLE_IPV6)
SET(ENABLE_IPV6 0)
ENDIF (ENABLE_IPV6)
@@ -479,7 +484,11 @@
SET(WSMAN_SERVER_PKG wsman_server)
SET(WSMAN_CLIENT_PKG wsman_client)
SET(WSMAN_CLIENTPP_PKG wsman_clientpp)
-SET(WSMAN_CLIENT_TRANSPORT_PKG wsman_curl_client_transport)
+IF(UNIX)
+ SET(WSMAN_CLIENT_TRANSPORT_PKG wsman_curl_client_transport)
+ELSE(UNIX)
+ SET(WSMAN_CLIENT_TRANSPORT_PKG wsman_win_client_transport)
+ENDIF(UNIX)
configure_file(${CMAKE_CURRENT_SOURCE_DIR}/wsman_config.h.cmake
${CMAKE_CURRENT_BINARY_DIR}/wsman_config.h)
configure_file(${CMAKE_CURRENT_SOURCE_DIR}/Doxyfile.in
${CMAKE_CURRENT_BINARY_DIR}/Doxyfile)
@@ -609,6 +618,7 @@
COMMAND ${CMAKE_COMMAND} -E copy
"${CMAKE_SOURCE_DIR}/package/openwsman.pam.rh" "${CMAKE_BINARY_DIR}/package"
COMMAND ${CMAKE_COMMAND} -E copy
"${CMAKE_SOURCE_DIR}/package/openwsman.rpmlintrc" "${CMAKE_BINARY_DIR}/package"
COMMAND ${CMAKE_COMMAND} -E copy
"${CMAKE_SOURCE_DIR}/package/openwsman.SuSEfirewall2"
"${CMAKE_BINARY_DIR}/package"
+ COMMAND ${CMAKE_COMMAND} -E copy
"${CMAKE_SOURCE_DIR}/package/openwsman.firewalld" "${CMAKE_BINARY_DIR}/package"
)
ADD_CUSTOM_TARGET( srcpackage_local
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openwsman-2.6.9/ChangeLog
new/openwsman-2.6.10/ChangeLog
--- old/openwsman-2.6.9/ChangeLog 2018-11-19 13:27:21.000000000 +0100
+++ new/openwsman-2.6.10/ChangeLog 2019-08-07 13:42:23.000000000 +0200
@@ -1,3 +1,18 @@
+2.6.10
+- Features
+ - rpm installs firewalld configuration
+- Bugfixes
+ - Pthread usage fixes (Alexander Usyskin)
+ - Convert sprintf to snprintf and strcpy to strncpy (Tomas Winkler)
+ - Fix configure for Windows (Alexander Usyskin)
+ - Fix possible denial of service (Adam Majer, Klaus Kaempf)
+ CVE-2019-3833:
+ "Openwsman, versions up to and including 2.6.9, are vulnerable to
+ infinite loop in process_connection() when parsing specially crafted
+ HTTP requests. A remote, unauthenticated attacker can exploit this
+ vulnerability by sending malicious HTTP request to cause denial of
+ service to openwsman server."
+
2.6.9
- Features
- Build with CURL 7.62 (vcrho...@redhat.com)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openwsman-2.6.9/VERSION.cmake
new/openwsman-2.6.10/VERSION.cmake
--- old/openwsman-2.6.9/VERSION.cmake 2018-11-19 13:23:26.000000000 +0100
+++ new/openwsman-2.6.10/VERSION.cmake 2019-08-07 12:57:22.000000000 +0200
@@ -44,10 +44,10 @@
# set COMPATMINOR to MINOR. (binary incompatible change)
#
-# Package version 2.6.9
+# Package version 2.6.10
SET(OPENWSMAN_MAJOR "2")
SET(OPENWSMAN_MINOR "6")
-SET(OPENWSMAN_PATCH "9")
+SET(OPENWSMAN_PATCH "10")
# Plugin API 2.2
SET(OPENWSMAN_PLUGIN_API_MAJOR "2")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openwsman-2.6.9/bindings/ruby/CMakeLists.txt
new/openwsman-2.6.10/bindings/ruby/CMakeLists.txt
--- old/openwsman-2.6.9/bindings/ruby/CMakeLists.txt 2018-10-12
11:58:29.000000000 +0200
+++ new/openwsman-2.6.10/bindings/ruby/CMakeLists.txt 2019-08-07
13:24:26.000000000 +0200
@@ -92,8 +92,8 @@
configure_file(${CMAKE_CURRENT_SOURCE_DIR}/openwsman.gemspec.in
${CMAKE_CURRENT_BINARY_DIR}/openwsman.gemspec)
SET(GEM_NAME "openwsman-${VERSION}.gem")
-ADD_CUSTOM_TARGET(ruby_gem ALL DEPENDS ${GEM_NAME})
-ADD_DEPENDENCIES(ruby_gem ${SWIG_OUTPUT})
+ADD_CUSTOM_TARGET(ruby_gem ALL DEPENDS ${GEM_NAME} ${SWIG_OUTPUT})
+#ADD_DEPENDENCIES(ruby_gem )
ADD_CUSTOM_COMMAND (
OUTPUT ${GEM_NAME}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openwsman-2.6.9/include/u/carpal.h
new/openwsman-2.6.10/include/u/carpal.h
--- old/openwsman-2.6.9/include/u/carpal.h 2014-07-25 17:08:56.000000000
+0200
+++ new/openwsman-2.6.10/include/u/carpal.h 2019-08-07 12:57:23.000000000
+0200
@@ -16,6 +16,7 @@
#include <u/log.h>
+#include "./debug_internal.h"
#ifdef __cplusplus
extern "C" {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openwsman-2.6.9/include/u/debug_internal.h
new/openwsman-2.6.10/include/u/debug_internal.h
--- old/openwsman-2.6.9/include/u/debug_internal.h 2018-10-12
11:58:29.000000000 +0200
+++ new/openwsman-2.6.10/include/u/debug_internal.h 2019-08-07
12:57:23.000000000 +0200
@@ -52,8 +52,8 @@
};
typedef struct _debug_handler_t debug_handler_t;
-void debug_full(debug_level_e level, const char *format, ...);
-void debug_full_verbose(debug_level_e level, char *file,
+int debug_full(debug_level_e level, const char *format, ...);
+int debug_full_verbose(debug_level_e level, char *file,
int line, const char *proc, const char *format, ...);
// #define ENABLE_TRACING
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openwsman-2.6.9/include/u/libu.h
new/openwsman-2.6.10/include/u/libu.h
--- old/openwsman-2.6.9/include/u/libu.h 2018-10-12 11:58:29.000000000
+0200
+++ new/openwsman-2.6.10/include/u/libu.h 2019-08-07 12:57:22.000000000
+0200
@@ -40,6 +40,9 @@
#define strnicmp _strnicmp
#define fileno _fileno
#define cputs _cputs
+#if _MSC_VER < 1900
+ #define snprintf _snprintf
+#endif /* _MSC_VER < 1900 */
#endif
#ifndef TRUE
#define TRUE 1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openwsman-2.6.9/include/u/os.h
new/openwsman-2.6.10/include/u/os.h
--- old/openwsman-2.6.9/include/u/os.h 2018-10-12 11:58:29.000000000 +0200
+++ new/openwsman-2.6.10/include/u/os.h 2019-08-07 12:57:22.000000000 +0200
@@ -41,7 +41,9 @@
#define strtoull(nptr, endptr, base) _strtoul_l(nptr, endptr, base, NULL)
#define strtoll(nptr, endptr, base) _strtol_l(nptr, endptr, base, NULL)
#define sleep(secs) Sleep( (secs) * 1000 )
-#define snprintf _snprintf /*!< The snprintf is called
_snprintf() in Win32 */
+#if _MSC_VER < 1900
+ #define snprintf _snprintf /*!< The snprintf is called
_snprintf() in Win32 */
+#endif /* _MSC_VER < 1900 */
#define popen _popen
#define getpid GetCurrentProcessId
#define pclose _pclose
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openwsman-2.6.9/package/openwsman.firewalld
new/openwsman-2.6.10/package/openwsman.firewalld
--- old/openwsman-2.6.9/package/openwsman.firewalld 1970-01-01
01:00:00.000000000 +0100
+++ new/openwsman-2.6.10/package/openwsman.firewalld 2019-08-07
13:31:08.000000000 +0200
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="utf-8"?>
+<service>
+ <short>Openwsman</short>
+ <description>Openwsman is a project intended to provide an open-source
implementation of the Web Services Management specification (WS-Management) and
to expose system management information on the Linux operating system using the
WS-Management protocol.</description>
+ <port protocol="tcp" port="5985"/>
+ <port protocol="tcp" port="5986"/>
+</service>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openwsman-2.6.9/package/openwsman.spec.in
new/openwsman-2.6.10/package/openwsman.spec.in
--- old/openwsman-2.6.9/package/openwsman.spec.in 2018-10-12
11:58:29.000000000 +0200
+++ new/openwsman-2.6.10/package/openwsman.spec.in 2019-08-07
13:41:47.000000000 +0200
@@ -22,6 +22,12 @@
%define has_systemd 0
%endif
+%if 0%{?suse_version} > 1500 || 0%{?fedora_version} > 14
+%define has_firewalld 1
+%else
+%define has_firewalld 0
+%endif
+
%if 0%{?suse_version} >= 1500
%define want_python3 1
%else
@@ -131,6 +137,10 @@
%{?systemd_requires}
%endif
+%if 0%{?has_firewalld}
+BuildRequires: firewall-macros
+%endif
+
Requires(pre): sed coreutils grep /bin/hostname
Version: @VERSION@
Release: 0
@@ -153,6 +163,7 @@
Source3: %{name}.SuSEfirewall2
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Source4: %{name}.service
+Source5: %{name}.firewalld
%description
OpenWSMAN is an implementation of the WS-Management protocol stack.
@@ -427,13 +438,16 @@
install -m 755 build/etc/init/openwsmand.sh
%{buildroot}/%{_sysconfdir}/init.d/openwsmand
ln -sf %{_sysconfdir}/init.d/openwsmand %{buildroot}/%{_sbindir}/rcopenwsmand
%endif
+%if 0%{?has_firewalld}
+mkdir -p %{buildroot}/%{_libexecdir}/firewalld/services
+install -D -m 644 %{S:5}
%{buildroot}/%{_libexecdir}/firewalld/services/%{name}.xml
+%else
+install -D -m 644 %{S:3}
%{buildroot}/%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/openwsman
+%endif
install -m 644 etc/openwsman.conf %{buildroot}/%{_sysconfdir}/openwsman
install -m 644 etc/openwsman_client.conf %{buildroot}/%{_sysconfdir}/openwsman
install -m 644 etc/ssleay.cnf %{buildroot}/%{_sysconfdir}/openwsman
install -m 644 %{pamfile} %{buildroot}/%{_sysconfdir}/pam.d/openwsman
-%if 0%{?suse_version} > 1010
-install -D -m 644 %{S:3}
%{buildroot}/%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/openwsman
-%endif
%if 0%{?rhel_version} == 700
rm -f %{buildroot}/%{_bindir}/winrs
%endif
@@ -460,6 +474,9 @@
# FIXME: chkconfig?!
%endif
%endif
+%if 0%{?has_firewalld}
+%firewalld_reload
+%endif
%preun server
%if 0%{?has_systemd}
@@ -559,7 +576,11 @@
%config(noreplace) %{_sysconfdir}/openwsman/ssleay.cnf
%attr(0755,root,root) %{_sysconfdir}/openwsman/owsmangencert.sh
%config %{_sysconfdir}/pam.d/openwsman
-%if 0%{?suse_version} > 1010
+%if 0%{?has_firewalld}
+%dir %{_libexecdir}/firewalld
+%dir %{_libexecdir}/firewalld/services
+%{_libexecdir}/firewalld/services/%{name}.xml
+#else
%config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/openwsman
%endif
%if 0%{?has_systemd}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openwsman-2.6.9/src/cpp/OpenWsmanClient.cpp
new/openwsman-2.6.10/src/cpp/OpenWsmanClient.cpp
--- old/openwsman-2.6.9/src/cpp/OpenWsmanClient.cpp 2018-10-12
11:58:29.000000000 +0200
+++ new/openwsman-2.6.10/src/cpp/OpenWsmanClient.cpp 2019-08-07
12:57:23.000000000 +0200
@@ -11,6 +11,7 @@
#include "OpenWsmanClient.h"
+#include <sstream>
extern "C" {
#include "u/libu.h"
@@ -408,15 +409,12 @@
bool CheckWsmanResponse(WsManClient* cl, WsXmlDocH& doc)
{
long lastError = wsmc_get_last_error(cl);
- string error;
if(lastError) {
- char tmp[11];
- error = "Failed to establish a connection with the server.\n";
- sprintf(tmp, "%ld", lastError);
- error.append("Openwsman last error = ").append(tmp);
+ std::stringstream ss1;
+ ss1 << "Failed to establish a connection with the server." <<
std::endl << "Openwsman last error = " << lastError;
ws_xml_destroy_doc(doc);
- throw WsmanClientException(error.c_str(), WSMAN_CONNECT_ERROR);
+ throw WsmanClientException(ss1.str().c_str(),
WSMAN_CONNECT_ERROR);
}
long responseCode = wsmc_get_response_code(cl);
@@ -424,19 +422,16 @@
responseCode != 400 &&
responseCode != 500)
{
- char tmp[11];
- error = "An HTTP error occurred.\n";
- sprintf(tmp, "%ld", responseCode);
- error.append("HTTP Error = ").append(tmp);
+ std::stringstream ss2;
+ ss2 << "An HTTP error occurred." << std::endl << "HTTP Error =
" << responseCode;
ws_xml_destroy_doc(doc);
- throw WsmanClientException(error.c_str(), WSMAN_HTTP_ERROR);
+ throw WsmanClientException(ss2.str().c_str(), WSMAN_HTTP_ERROR);
}
if(!doc)
throw WsmanClientException("The Wsman response was NULL.");
if (wsmc_check_for_fault(doc)) {
- char tmp[11];
WsManFault *fault = wsmc_fault_new();
wsmc_get_fault_data(doc, fault);
string subcode_s = fault->subcode ? string(fault->subcode) : "";
@@ -445,14 +440,14 @@
string detail_s = fault->fault_detail ?
string(fault->fault_detail) : "";
ws_xml_destroy_doc(doc);
wsmc_fault_destroy(fault);
- error = "A Soap Fault was received:";
- error.append("\nFaultCode: " + code_s);
- error.append("\nFaultSubCode: " + subcode_s);
- error.append("\nFaultReason: " + reason_s);
- error.append("\nFaultDetail: " + detail_s);
- sprintf(tmp, "%ld", responseCode);
- error.append("\nHttpCode: = ").append(tmp);
- throw WsmanSoapFault(error.c_str(), code_s, subcode_s,
reason_s, detail_s);
+
+ std::stringstream ss3;
+ ss3 << "FaultCode: " << code_s << std::endl;
+ ss3 << "FaultSubCode: " + subcode_s << std::endl;
+ ss3 << "FaultReason: " + reason_s<< std::endl;
+ ss3 << "FaultDetail: " + detail_s<< std::endl;
+ ss3 << "HttpCode: = " << responseCode;
+ throw WsmanSoapFault(ss3.str().c_str(), code_s, subcode_s,
reason_s, detail_s);
}
return true;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openwsman-2.6.9/src/lib/CMakeLists.txt
new/openwsman-2.6.10/src/lib/CMakeLists.txt
--- old/openwsman-2.6.9/src/lib/CMakeLists.txt 2018-10-12 11:58:29.000000000
+0200
+++ new/openwsman-2.6.10/src/lib/CMakeLists.txt 2019-08-07 12:57:23.000000000
+0200
@@ -49,10 +49,14 @@
ENDIF ( NOT DISABLE_SERVER )
########## wsman_curl_client_transport ###############
-
-SET( wsman_curl_client_transport_SOURCES wsman-client-transport.c
wsman-curl-client-transport.c )
-ADD_LIBRARY( ${WSMAN_CLIENT_TRANSPORT_PKG}
${wsman_curl_client_transport_SOURCES} )
-TARGET_LINK_LIBRARIES( ${WSMAN_CLIENT_TRANSPORT_PKG} ${CURL_LIBRARIES} )
+IF(UNIX)
+ SET( wsman_curl_client_transport_SOURCES wsman-client-transport.c
wsman-curl-client-transport.c )
+ ADD_LIBRARY( ${WSMAN_CLIENT_TRANSPORT_PKG}
${wsman_curl_client_transport_SOURCES} )
+ TARGET_LINK_LIBRARIES( ${WSMAN_CLIENT_TRANSPORT_PKG} ${CURL_LIBRARIES} )
+ELSE(UNIX)
+ SET( wsman_win_client_transport_SOURCES wsman-client-transport.c
wsman-win-client-transport.c )
+ ADD_LIBRARY( ${WSMAN_CLIENT_TRANSPORT_PKG}
${wsman_win_client_transport_SOURCES} )
+ENDIF(UNIX)
IF( ENABLE_EVENTING_SUPPORT )
TARGET_LINK_LIBRARIES( ${WSMAN_CLIENT_TRANSPORT_PKG} ${OPENSSL_LIBRARIES} )
ENDIF( ENABLE_EVENTING_SUPPORT )
@@ -64,7 +68,7 @@
SET( wsman_client_SOURCES wsman-client.c )
ADD_LIBRARY( ${WSMAN_CLIENT_PKG} ${wsman_client_SOURCES} )
-TARGET_LINK_LIBRARIES( ${WSMAN_CLIENT_PKG} wsman_curl_client_transport )
+TARGET_LINK_LIBRARIES( ${WSMAN_CLIENT_PKG} ${WSMAN_CLIENT_TRANSPORT_PKG} )
SET_TARGET_PROPERTIES( ${WSMAN_CLIENT_PKG} PROPERTIES VERSION 4.0.0 SOVERSION
4)
INSTALL(TARGETS ${WSMAN_CLIENT_PKG} DESTINATION ${LIB_INSTALL_DIR})
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openwsman-2.6.9/src/lib/u/debug.c
new/openwsman-2.6.10/src/lib/u/debug.c
--- old/openwsman-2.6.9/src/lib/u/debug.c 2014-07-25 17:08:56.000000000
+0200
+++ new/openwsman-2.6.10/src/lib/u/debug.c 2019-08-07 12:57:23.000000000
+0200
@@ -106,13 +106,14 @@
}
-void debug_full(debug_level_e level, const char *format, ...)
+int debug_full(debug_level_e level, const char *format, ...)
{
va_list args;
char *str;
+ int ret = 0;
if (handlers == NULL) {
- return;
+ return -1;
}
va_start(args, format);
@@ -120,13 +121,15 @@
va_end(args);
call_handlers(level, str);
+ ret = strlen(str);
u_free(str);
+ return ret;
}
-void
+int
debug_full_verbose(debug_level_e level,
char *file,
int line, const char *proc, const char *format, ...)
@@ -134,9 +137,10 @@
va_list args;
char *str;
char *body;
+ int ret = 0;
if (handlers == NULL) {
- return;
+ return -1;
}
va_start(args, format);
@@ -147,6 +151,8 @@
u_free(body);
call_handlers(level, str);
+ ret = strlen(str);
u_free(str);
+ return ret;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openwsman-2.6.9/src/lib/u/iniparser.c
new/openwsman-2.6.10/src/lib/u/iniparser.c
--- old/openwsman-2.6.9/src/lib/u/iniparser.c 2018-07-04 15:05:17.000000000
+0200
+++ new/openwsman-2.6.10/src/lib/u/iniparser.c 2019-08-07 12:57:23.000000000
+0200
@@ -117,7 +117,8 @@
if ((s==NULL) || (l==NULL)) return NULL ;
memset(l, 0, ASCIILINESZ+1);
- strcpy(l, s);
+ strncpy(l, s, ASCIILINESZ + 1);
+ l[ASCIILINESZ] = '\0';
last = l + strlen(l);
while (last > l) {
if (!isspace((int)*(last-1)))
@@ -490,18 +491,19 @@
*/
static int iniparser_add_entry(
dictionary * d,
- char * sec,
- char * key,
+ const char * sec,
+ const char * key,
char * val)
{
char longkey[2*ASCIILINESZ+1];
/* Make a key as section:keyword */
if (key!=NULL) {
- sprintf(longkey, "%s:%s", sec, key);
+ snprintf(longkey, sizeof(longkey), "%s:%s", sec, key);
} else {
- strcpy(longkey, sec);
+ strncpy(longkey, sec, sizeof(longkey));
}
+ longkey[sizeof(longkey)-1] = 0;
/* Add (key,val) to dictionary */
return dictionary_set(d, longkey, val);
@@ -624,6 +626,7 @@
int nsec ;
char * secname ;
int seclen ;
+ int ret ;
if (d==NULL || f==NULL) return ;
@@ -641,8 +644,10 @@
secname = iniparser_getsecname(d, i) ;
seclen = (int)strlen(secname);
fprintf(f, "\n[%s]\n", secname);
- sprintf(keym, "%s:", secname);
- for (j=0 ; j<d->size ; j++) {
+ ret = snprintf(keym, sizeof(keym), "%s:", secname);
+ if (ret < 0 || ret >= sizeof(keym))
+ return;
+ for (j = 0 ; j < d->size ; j++) {
if (d->key[j]==NULL)
continue ;
if (!strncmp(d->key[j], keym, seclen+1)) {
@@ -922,7 +927,8 @@
if (sscanf(where, "[%[^]]", sec)==1) {
/* Valid section name */
- strcpy(sec, strlwc(sec, lc_key));
+ strncpy(sec, strlwc(sec, lc_key), sizeof(sec));
+ sec[sizeof(sec)-1] = 0;
if (iniparser_add_entry(d, sec, NULL, NULL) != 0) {
dictionary_del(d);
fclose(ini);
@@ -933,7 +939,8 @@
|| sscanf (where, "%[^=] = %[^;#]", key, val) == 2) {
char crop_key[ASCIILINESZ+1];
- strcpy(key, strlwc(strcrop(key, crop_key), lc_key));
+ strncpy(key, strlwc(strcrop(key, crop_key), lc_key),
sizeof(key));
+ key[sizeof(key)-1] = 0;
/*
* sscanf cannot handle "" or '' as empty value,
* this is done here
@@ -941,7 +948,8 @@
if (!strcmp(val, "\"\"") || !strcmp(val, "''")) {
val[0] = (char)0;
} else {
- strcpy(val, strcrop(val, crop_key));
+ strncpy(val, strcrop(val, crop_key), sizeof(val));
+ val[sizeof(val)-1] = 0;
}
if (iniparser_add_entry(d, sec, key, val) != 0) {
dictionary_del(d);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openwsman-2.6.9/src/lib/u/lock.c
new/openwsman-2.6.10/src/lib/u/lock.c
--- old/openwsman-2.6.9/src/lib/u/lock.c 2014-07-25 17:08:56.000000000
+0200
+++ new/openwsman-2.6.10/src/lib/u/lock.c 2019-08-07 13:06:36.000000000
+0200
@@ -61,6 +61,7 @@
pthread_mutexattr_settype( &attr, PTHREAD_MUTEX_RECURSIVE_NP );
if ( data != NULL )
pthread_mutex_init((pthread_mutex_t*)data, &attr);
+ pthread_mutexattr_destroy(&attr);
}
int u_try_lock(void* data)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openwsman-2.6.9/src/lib/u/pthreadx_win32.c
new/openwsman-2.6.10/src/lib/u/pthreadx_win32.c
--- old/openwsman-2.6.9/src/lib/u/pthreadx_win32.c 2014-07-25
17:08:56.000000000 +0200
+++ new/openwsman-2.6.10/src/lib/u/pthreadx_win32.c 2019-08-07
13:06:36.000000000 +0200
@@ -107,6 +107,13 @@
return 0;
}
+int
+pthread_mutexattr_destroy(pthread_mutexattr_t *attr)
+{
+ memset(attr, 0, sizeof(*attr));
+ return 0;
+}
+
int pthread_mutex_lock(pthread_mutex_t *mp)
{
EnterCriticalSection(mp);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openwsman-2.6.9/src/lib/u/uri.c
new/openwsman-2.6.10/src/lib/u/uri.c
--- old/openwsman-2.6.9/src/lib/u/uri.c 2018-10-12 11:58:29.000000000 +0200
+++ new/openwsman-2.6.10/src/lib/u/uri.c 2019-08-07 12:57:23.000000000
+0200
@@ -7,6 +7,7 @@
#ifdef HAVE_CONFIG_H
#include <wsman_config.h>
#endif
+#include <ctype.h>
#include <stdlib.h>
#include <string.h>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openwsman-2.6.9/src/lib/u/uuid.c
new/openwsman-2.6.10/src/lib/u/uuid.c
--- old/openwsman-2.6.9/src/lib/u/uuid.c 2018-10-12 11:58:29.000000000
+0200
+++ new/openwsman-2.6.10/src/lib/u/uuid.c 2019-08-07 12:57:22.000000000
+0200
@@ -191,14 +191,23 @@
if ((s = socket(PF_INET, SOCK_DGRAM, 0)) < 0)
return FALSE;
- sprintf(ifr.ifr_name, "eth0");
+
+ i = snprintf(ifr.ifr_name, IFNAMSIZ, "eth0");
+ if (i != strlen("eth0")) {
+ close(s)
+ return 0;
+ }
+
if (ioctl(s, SIOCGIFHWADDR, &ifr) < 0) {
close(s);
return 0;
}
+
sa = (struct sockaddr *)&ifr.ifr_addr;
- for (i = 0; i < MAC_LEN; i++)
+ for (i = 0; i < MAC_LEN; i++) {
data_ptr[i] = (unsigned char)(sa->sa_data[i] & 0xff);
+ }
+
close(s);
return 1;
}
@@ -348,20 +357,25 @@
*(short int*)(uuid+10) = (short int)timeMid;
*(int*)(uuid+12) = timeLow;
+ i = 0;
if ( !no_prefix )
{
- sprintf( ptr, "uuid:" );
- ptr += 5;
+ i = snprintf( ptr, size, "uuid:" );
+ if ( i != strlen("uuid:") )
+ return 0;
}
- sprintf( ptr,
"%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x",
+ i = snprintf( &ptr[i], size - i,
+
"%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x",
uuid[15], uuid[14], uuid[13], uuid[12],
uuid[11], uuid[10], uuid[9], uuid[8],
uuid[7], uuid[6], uuid[5], uuid[4],
uuid[3], uuid[2], uuid[1], uuid[0] );
- return 1;
+ if ( i != SIZE_OF_UUID_STRING)
+ return 0;
+ return 1;
}
#else /* Solaris */
@@ -372,8 +386,9 @@
{
int max_length = SIZE_OF_UUID_STRING;
char* ptr = buf;
- char uuid_str[UUID_PRINTABLE_STRING_LENGTH];
- uuid_t uuid;
+ char uuid_str[UUID_PRINTABLE_STRING_LENGTH];
+ uuid_t uuid;
+ int i;
if ( !no_prefix ) max_length += 5; // space for "uuid:"
if ( size < max_length )
@@ -382,23 +397,25 @@
if ( buf == NULL )
return 0;
+ i = 0;
if ( !no_prefix )
{
- sprintf( ptr, "uuid:" );
- ptr += 5;
+ i = snprintf( ptr, size, "uuid:" );
+ if ( i != strlen("uuid:") )
+ return 0;
}
+ ptr += i;
- uuid_generate(uuid);
- uuid_unparse(uuid, uuid_str);
-
- int uuidlen = strlen(uuid_str);
- if (((ptr - buf) + uuidlen) < size) {
- strlcpy(ptr, uuid_str, uuidlen);
- return 1;
- }
- else
- return 0;
+ uuid_generate(uuid);
+ uuid_unparse(uuid, uuid_str);
+ int uuidlen = strlen(uuid_str);
+ if (((ptr - buf) + uuidlen) < size) {
+ strlcpy(ptr, uuid_str, uuidlen);
+ return 1;
+ }
+ else
+ return 0;
}
#endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openwsman-2.6.9/src/lib/wsman-client.c
new/openwsman-2.6.10/src/lib/wsman-client.c
--- old/openwsman-2.6.9/src/lib/wsman-client.c 2018-10-12 11:58:29.000000000
+0200
+++ new/openwsman-2.6.10/src/lib/wsman-client.c 2019-08-07 13:06:36.000000000
+0200
@@ -83,13 +83,18 @@
static char*
-wsman_make_action(char *uri, char *op_name)
+wsman_make_action(const char *uri, const char *op_name)
{
if (uri && op_name) {
size_t len = strlen(uri) + strlen(op_name) + 2;
- char *ptr = (char *) malloc(len);
+ char *ptr = (char *)u_malloc(len);
if (ptr) {
- sprintf(ptr, "%s/%s", uri, op_name);
+ int ret = snprintf(ptr, len, "%s/%s", uri, op_name);
+ if (ret < 0 || ret >= len) {
+ error("Error: formating action");
+ u_free(ptr);
+ return NULL;
+ }
return ptr;
}
}
@@ -155,9 +160,15 @@
}
if (options->timeout) {
/* FIXME: see wsman-xml-serialize.c */
- char buf[20];
- sprintf(buf, "PT%u.%uS", (unsigned int) options->timeout / 1000,
+ char buf[20];
+ int ret;
+ ret = snprintf(buf, sizeof(buf), "PT%u.%uS",
+ (unsigned int) options->timeout / 1000,
(unsigned int) options->timeout % 1000);
+ if (ret < 0 || ret >= sizeof(buf)) {
+ error("Error: formating time");
+ return NULL;
+ }
ws_serialize_str(serctx, header, buf,
XML_NS_WS_MAN, WSM_OPERATION_TIMEOUT, 0);
}
@@ -880,16 +891,18 @@
XML_NS_EVENTING, WSEVENT_SUBSCRIBE,NULL);
temp = ws_xml_add_child(node, XML_NS_EVENTING, WSEVENT_DELIVERY, NULL);
if(temp) {
- ws_xml_add_node_attr(temp, NULL, WSEVENT_DELIVERY_MODE,
- wsmc_create_delivery_mode_str(options->delivery_mode));
+ char *mode =
wsmc_create_delivery_mode_str(options->delivery_mode);
+ ws_xml_add_node_attr(temp, NULL, WSEVENT_DELIVERY_MODE, mode);
+ u_free(mode);
if(options->delivery_uri) {
node2 = ws_xml_add_child(temp, XML_NS_EVENTING,
WSEVENT_NOTIFY_TO, NULL);
ws_xml_add_child(node2, XML_NS_ADDRESSING, WSA_ADDRESS,
options->delivery_uri);
}
if(options->delivery_sec_mode) {
temp = ws_xml_add_child(temp, XML_NS_WS_MAN, WSM_AUTH,
NULL);
- ws_xml_add_node_attr(temp, NULL, WSM_PROFILE,
-
wsmc_create_delivery_sec_mode_str(options->delivery_sec_mode));
+ char *mode =
wsmc_create_delivery_sec_mode_str(options->delivery_sec_mode);
+ ws_xml_add_node_attr(temp, NULL, WSM_PROFILE, mode);
+ u_free(mode);
}
if(options->heartbeat_interval) {
snprintf(buf, 32, "PT%fS", options->heartbeat_interval);
@@ -2151,7 +2164,9 @@
int
wsmc_lock(WsManClient * cl)
{
- pthread_mutex_lock(&cl->mutex);
+ if (pthread_mutex_lock(&cl->mutex))
+ return 1;
+
if (cl->flags & WSMAN_CLIENT_BUSY) {
pthread_mutex_unlock(&cl->mutex);
return 1;
@@ -2165,7 +2180,9 @@
void
wsmc_unlock(WsManClient * cl)
{
- pthread_mutex_lock(&cl->mutex);
+ if (pthread_mutex_lock(&cl->mutex))
+ return;
+
cl->flags &= ~WSMAN_CLIENT_BUSY;
pthread_mutex_unlock(&cl->mutex);
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/openwsman-2.6.9/src/lib/wsman-curl-client-transport.c
new/openwsman-2.6.10/src/lib/wsman-curl-client-transport.c
--- old/openwsman-2.6.9/src/lib/wsman-curl-client-transport.c 2018-11-19
13:21:23.000000000 +0100
+++ new/openwsman-2.6.10/src/lib/wsman-curl-client-transport.c 2019-08-07
13:06:36.000000000 +0200
@@ -448,6 +448,7 @@
CURLcode r;
char *upwd = NULL;
char *usag = NULL;
+ size_t usag_len = 0;
struct curl_slist *headers=NULL;
char *buf = NULL;
int len;
@@ -495,7 +496,8 @@
snprintf(content_type, 64, "Content-Type:
application/soap+xml;charset=%s", cl->content_encoding);
headers = curl_slist_append(headers, content_type);
tmp_str = wsman_transport_get_agent(cl);
- usag = malloc(12 + strlen(tmp_str) + 1);
+ usag_len = strlen("User-Agent: ") + strlen(tmp_str) + 1;
+ usag = u_malloc(usag_len);
if (usag == NULL) {
r = CURLE_OUT_OF_MEMORY;
cl->fault_string = u_strdup("Could not malloc memory");
@@ -503,14 +505,14 @@
goto DONE;
}
- sprintf(usag, "User-Agent: %s", tmp_str);
+ snprintf(usag, usag_len, "User-Agent: %s", tmp_str);
free(tmp_str);
headers = curl_slist_append(headers, usag);
#if 0
soapaction = ws_xml_get_xpath_value(rqstDoc,
"/s:Envelope/s:Header/wsa:Action");
if (soapaction) {
- soapact_header = malloc(12 + strlen(soapaction) + 1);
+ soapact_header = u_malloc(12 + strlen(soapaction) + 1);
if (soapact_header) {
sprintf(soapact_header, "SOAPAction: %s", soapaction);
headers = curl_slist_append(headers, soapact_header);
@@ -701,16 +703,23 @@
{
CURLcode r;
- pthread_mutex_lock(&curl_mutex);
+ if (pthread_mutex_lock(&curl_mutex)) {
+ error("Error: Can't lock curl_mutex\n");
+ return 1;
+ }
if (cl->initialized) {
- pthread_mutex_unlock(&curl_mutex);
+ if (pthread_mutex_unlock(&curl_mutex)) {
+ error("Error: Can't unlock curl_mutex\n");
+ }
return 0;
}
r = curl_global_init(CURL_GLOBAL_SSL | CURL_GLOBAL_WIN32);
if (r == CURLE_OK) {
cl->initialized = 1;
}
- pthread_mutex_unlock(&curl_mutex);
+ if (pthread_mutex_unlock(&curl_mutex)) {
+ error("Error: Can't unlock curl_mutex\n");
+ }
if (r != CURLE_OK) {
debug("Error = %d (%s); Could not initialize curl globals",
r, curl_easy_strerror(r));
@@ -720,14 +729,21 @@
void wsmc_transport_fini(WsManClient *cl)
{
- pthread_mutex_lock(&curl_mutex);
+ if (pthread_mutex_lock(&curl_mutex)) {
+ error("Error: Can't lock curl_mutex\n");
+ return;
+ }
if (cl->initialized == 0 ) {
- pthread_mutex_unlock(&curl_mutex);
+ if (pthread_mutex_unlock(&curl_mutex)) {
+ error("Error: Can't unlock curl_mutex\n");
+ }
return;
}
curl_global_cleanup();
cl->initialized = 0;
- pthread_mutex_unlock(&curl_mutex);
+ if (pthread_mutex_unlock(&curl_mutex)) {
+ error("Error: Can't unlock curl_mutex\n");
+ }
return;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openwsman-2.6.9/src/lib/wsman-soap-envelope.c
new/openwsman-2.6.10/src/lib/wsman-soap-envelope.c
--- old/openwsman-2.6.9/src/lib/wsman-soap-envelope.c 2018-10-12
11:58:29.000000000 +0200
+++ new/openwsman-2.6.10/src/lib/wsman-soap-envelope.c 2019-08-07
13:02:18.000000000 +0200
@@ -126,7 +126,12 @@
size_t len = strlen(action) +
sizeof(WSFW_RESPONSE_STR) + 2;
char *tmp = (char *) u_malloc(sizeof(char) *
len);
if (tmp && action) {
- sprintf(tmp, "%s%s", action,
WSFW_RESPONSE_STR);
+ int ret;
+ ret = snprintf(tmp, len, "%s%s",
action, WSFW_RESPONSE_STR);
+ if (ret < 0 || ret >= len) {
+ u_free(tmp);
+ return NULL;
+ }
ws_xml_add_child(dstHeader,
XML_NS_ADDRESSING,
WSA_ACTION, tmp);
u_free(tmp);
@@ -666,11 +671,17 @@
node = ws_xml_get_child(node, 0, XML_NS_SE,
WSSE_USERNAMETOKEN);
if(node) {
temp = ws_xml_get_child(node, 0,
XML_NS_SE, WSSE_USERNAME);
- if(temp)
+ if(temp) {
+ if (subsInfo->username)
+
u_free(subsInfo->username);
subsInfo->username =
u_strdup(ws_xml_get_node_text(temp));
+ }
temp = ws_xml_get_child(node, 0,
XML_NS_SE, WSSE_PASSWORD);
- if(temp)
+ if(temp) {
+ if (subsInfo->password)
+
u_free(subsInfo->password);
subsInfo->password =
u_strdup(ws_xml_get_node_text(temp));
+ }
}
}
debug("subsInfo->username = %s, subsInfo->password =
%s", subsInfo->username, \
@@ -680,8 +691,11 @@
node = ws_xml_get_child(tnode, 0, XML_NS_TRUST,
WST_REQUESTEDSECURITYTOKEN);
if(node) {
node = ws_xml_get_child(node, 0, XML_NS_WS_MAN,
WSM_CERTIFICATETHUMBPRINT);
- if(node)
+ if(node) {
+ if (subsInfo->certificate_thumbprint)
+
u_free(subsInfo->certificate_thumbprint);
subsInfo->certificate_thumbprint =
u_strdup(ws_xml_get_node_text(node));
+ }
}
}
else {
@@ -700,7 +714,7 @@
WsmanFaultDetailType *detailcode)
{
WsXmlNodeH node;
- filter_t *wsman_f = NULL;
+ filter_t *wsman_f = NULL;
filter_t *wse_f = NULL;
if (!doc)
return 0;
@@ -716,11 +730,13 @@
wsman_f = filter_deserialize(node, XML_NS_WS_MAN);
wse_f = filter_deserialize(node, XML_NS_EVENTING);
- if (wsman_f && wse_f) {
- /* return wse:InvalidMessage if wsman:Filter and
wse:Filter are given
+ if (wsman_f && wse_f) {
+ /* return wse:InvalidMessage if wsman:Filter and
wse:Filter are given
* see R10.2.2-52 of DSP0226 */
- *faultcode = WSE_INVALID_MESSAGE;
- return -1;
+ *faultcode = WSE_INVALID_MESSAGE;
+ filter_destroy(wsman_f);
+ filter_destroy(wse_f);
+ return -1;
}
/* use the wse:Filter variant if wsman:Filter not given */
if (!wsman_f)
@@ -734,16 +750,19 @@
subsInfo->flags |= WSMAN_SUBSCRIPTION_WQL;
else {
*faultcode = WSE_FILTERING_NOT_SUPPORTED;
+ filter_destroy(wsman_f);
return -1;
}
} else {
if (is_existing_filter_epr(ws_xml_get_soap_header(doc),
&wsman_f)) {
*faultcode = WSE_FILTERING_NOT_SUPPORTED;
+ filter_destroy(wsman_f);
return -1;
} else {
subsInfo->flags |=
WSMAN_SUBSCRIPTION_SELECTORSET;
}
}
+ filter_destroy(wsman_f);
}
return 0;
@@ -1080,7 +1099,6 @@
WSM_NAME);
if (attrVal && !hash_lookup(h, attrVal)) {
- sentry = u_malloc(sizeof(*sentry));
epr = ws_xml_get_child(selector, 0, XML_NS_ADDRESSING,
WSA_EPR);
if (epr) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openwsman-2.6.9/src/lib/wsman-soap.c
new/openwsman-2.6.10/src/lib/wsman-soap.c
--- old/openwsman-2.6.9/src/lib/wsman-soap.c 2018-10-12 11:58:29.000000000
+0200
+++ new/openwsman-2.6.10/src/lib/wsman-soap.c 2019-08-07 13:06:36.000000000
+0200
@@ -154,7 +154,7 @@
return;
}
hash_delete_free(cntx->enuminfos,
- hash_lookup(cntx->enuminfos, enumInfo->enumId));
+ hash_lookup(cntx->enuminfos, enumInfo->enumId));
u_unlock(cntx->soap);
}
@@ -198,14 +198,22 @@
uuid = ws_xml_get_node_text(node);
}
if(uuid == NULL) return subsInfo;
- pthread_mutex_lock(&soap->lockSubs);
+ if (pthread_mutex_lock(&soap->lockSubs))
+ {
+ error("Error: Can't lock soap->lockSubs");
+ return NULL;
+ }
lnode = list_first(soapCntx->subscriptionMemList);
while(lnode) {
subsInfo = (WsSubscribeInfo *)lnode->list_data;
if(!strcmp(subsInfo->subsId, uuid+5)) break;
lnode = list_next(soapCntx->subscriptionMemList, lnode);
}
- pthread_mutex_unlock(&soap->lockSubs);
+ if (pthread_mutex_unlock(&soap->lockSubs))
+ {
+ error("Error: Can't unlock soap->lockSubs");
+ return NULL;
+ }
if(lnode == NULL) return NULL;
return subsInfo;
}
@@ -546,7 +554,7 @@
dispInfo = (WsManDispatcherInfo *) u_zalloc(size);
if (dispInfo == NULL) {
error("Could not allocate memory");
- u_free(soap);
+ soap_destroy(soap);
return NULL;
}
debug("Registering %d plugins", (int) list_count(interfaces));
@@ -1049,6 +1057,7 @@
ws_serialize_str(epcntx->serializercntx, resp_node,
enumInfo->enumId,
XML_NS_ENUMERATION, WSENUM_ENUMERATION_CONTEXT, 0);
insert_enum_info(soapCntx, enumInfo);
+ enumInfo = NULL;
}
DONE:
@@ -1057,6 +1066,9 @@
}
ws_destroy_context(epcntx);
u_free(status.fault_msg);
+ if (enumInfo) {
+ destroy_enuminfo(enumInfo);
+ }
return retVal;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openwsman-2.6.9/src/lib/wsman-win-client-transport.c
new/openwsman-2.6.10/src/lib/wsman-win-client-transport.c
--- old/openwsman-2.6.9/src/lib/wsman-win-client-transport.c 2014-07-25
17:08:56.000000000 +0200
+++ new/openwsman-2.6.10/src/lib/wsman-win-client-transport.c 2019-08-07
13:02:18.000000000 +0200
@@ -168,6 +168,7 @@
}
if (cl->session_handle == NULL) {
error("could not initialize session");
+ u_free(host);
return NULL;
}
@@ -499,6 +500,12 @@
pwd = convert_to_unicode(cl->data.pwd);
usr = convert_to_unicode(cl->data.user);
if ((pwd == NULL) || (usr == NULL)) {
+ if (pwd != NULL) {
+ u_free(pwd);
+ }
+ if (usr != NULL) {
+ u_free(usr);
+ }
bDone = TRUE;
bResults = 0;
break;
@@ -598,6 +605,12 @@
pwd = convert_to_unicode(cl->data.pwd);
usr = convert_to_unicode(cl->data.user);
if ((pwd == NULL) || (usr == NULL)) {
+ if (pwd != NULL) {
+ u_free(pwd);
+ }
+ if (usr != NULL) {
+ u_free(usr);
+ }
bDone = TRUE;
bResults = 0;
break;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openwsman-2.6.9/src/lib/wsman-xml.c
new/openwsman-2.6.10/src/lib/wsman-xml.c
--- old/openwsman-2.6.9/src/lib/wsman-xml.c 2018-10-12 11:58:29.000000000
+0200
+++ new/openwsman-2.6.10/src/lib/wsman-xml.c 2019-08-07 12:57:22.000000000
+0200
@@ -158,17 +158,23 @@
if (name && uri && name) {
size_t len = 1 + strlen(name);
WsXmlNsH ns = xml_parser_ns_find(node, uri, NULL, 1, 1);
- const char *prefix =
- (!ns) ? NULL : ws_xml_get_ns_prefix(ns);
+ const char *prefix = (!ns) ? NULL : ws_xml_get_ns_prefix(ns);
if (prefix != NULL)
len += 1 + strlen(prefix);
- if ((buf = u_malloc(len)) != NULL) {
- if (prefix != NULL && name != NULL)
- sprintf(buf, "%s:%s", prefix, name);
- else
- strcpy(buf, name);
+ buf = u_malloc(len);
+ if (!buf)
+ return buf;
+
+ if (prefix != NULL && name != NULL) {
+ int ret = snprintf(buf, len, "%s:%s", prefix, name);
+ if (ret < 0 || ret >= len) {
+ u_free(buf);
+ return NULL;
+ }
+ } else {
+ strncpy(buf, name, len);
}
}
return buf;
@@ -1263,7 +1269,9 @@
int retVal = -1;
if (node) {
char buf[12];
- sprintf(buf, "%lu", uVal);
+ int ret = snprintf(buf, sizeof(buf), "%lu", uVal);
+ if (ret < 0 || ret >= sizeof(buf))
+ return -1;
retVal = ws_xml_set_node_text(node, buf);
}
return retVal;
@@ -1274,7 +1282,9 @@
int retVal = -1;
if (node) {
char buf[12];
- sprintf(buf, "%ld", Val);
+ int ret = snprintf(buf, sizeof(buf), "%ld", Val);
+ if (ret < 0 || ret >= sizeof(buf))
+ return -1;
retVal = ws_xml_set_node_text(node, buf);
}
return retVal;
@@ -1286,7 +1296,9 @@
if (node) {
/* __builtin___sprintf_chk' output between 13 and 15 bytes */
char buf[15];
- sprintf(buf, "%E", Val);
+ int ret = snprintf(buf, sizeof(buf), "%E", Val);
+ if (ret < 0 || ret >= sizeof(buf))
+ return -1;
retVal = ws_xml_set_node_text(node, buf);
}
return retVal;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openwsman-2.6.9/src/server/shttpd/shttpd.c
new/openwsman-2.6.10/src/server/shttpd/shttpd.c
--- old/openwsman-2.6.9/src/server/shttpd/shttpd.c 2018-11-20
09:04:10.000000000 +0100
+++ new/openwsman-2.6.10/src/server/shttpd/shttpd.c 2019-08-07
12:57:23.000000000 +0200
@@ -21,11 +21,7 @@
int _shttpd_exit_flag; /* Program exit flag */
const struct vec _shttpd_known_http_methods[] = {
- {"GET", 3},
{"POST", 4},
- {"PUT", 3},
- {"DELETE", 6},
- {"HEAD", 4},
{NULL, 0}
};
@@ -336,10 +332,12 @@
}
static void
-remove_double_dots(char *s)
+remove_all_leading_and_double_dots(char *s)
{
char *p = s;
+ while (*s != '\0' && *s == '.') s++;
+
while (*s != '\0') {
*p++ = *s++;
if (s[-1] == '/' || s[-1] == '\\')
@@ -546,7 +544,7 @@
*c->query++ = '\0';
_shttpd_url_decode(c->uri, strlen(c->uri), c->uri, strlen(c->uri) + 1);
- remove_double_dots(c->uri);
+ remove_all_leading_and_double_dots(c->uri);
root = c->ctx->options[OPT_ROOT];
if (strlen(c->uri) + strlen(root) >= sizeof(path)) {
@@ -556,6 +554,7 @@
(void) _shttpd_snprintf(path, sizeof(path), "%s%s", root, c->uri);
+ DBG(("decide_what_to_do -> processed path: [%s]", path));
/* User may use the aliases - check URI for mount point */
if (is_alias(c->ctx, c->uri, &alias_uri, &alias_path) != NULL) {
(void) _shttpd_snprintf(path, sizeof(path), "%.*s%s",
@@ -572,7 +571,10 @@
if ((ruri = _shttpd_is_registered_uri(c->ctx, c->uri)) != NULL) {
_shttpd_setup_embedded_stream(c,
ruri->callback, ruri->callback_data);
- } else
+ } else {
+ _shttpd_send_server_error(c, 403, "Forbidden");
+ }
+#if 0
if (strstr(path, HTPASSWD)) {
/* Do not allow to view passwords files */
_shttpd_send_server_error(c, 403, "Forbidden");
@@ -656,6 +658,8 @@
} else {
_shttpd_send_server_error(c, 500, "Internal Error");
}
+#endif //0
+ return;
}
static int
@@ -698,11 +702,11 @@
_shttpd_send_server_error(c, 500, "Cannot allocate request");
}
+ io_inc_tail(&c->rem.io, req_len);
+
if (c->loc.flags & FLAG_CLOSED)
return;
- io_inc_tail(&c->rem.io, req_len);
-
DBG(("Conn %d: parsing request: [%.*s]", c->rem.chan.sock, req_len, s));
c->rem.flags |= FLAG_HEADERS_PARSED;
@@ -968,7 +972,7 @@
}
-static void
+static int
connection_desctructor(struct llhead *lp)
{
struct conn *c = LL_ENTRY(lp, struct conn, link);
@@ -992,7 +996,8 @@
* Check the "Connection: " header before we free c->request
* If it its 'keep-alive', then do not close the connection
*/
- do_close = (c->ch.connection.v_vec.len >= vec.len &&
+ do_close = c->rem.flags & FLAG_CLOSED ||
+ (c->ch.connection.v_vec.len >= vec.len &&
!_shttpd_strncasecmp(vec.ptr,c->ch.connection.v_vec.ptr,vec.len)) ||
(c->major_version < 1 ||
(c->major_version >= 1 && c->minor_version < 1));
@@ -1014,7 +1019,7 @@
io_clear(&c->loc.io);
c->birth_time = _shttpd_current_time;
if (io_data_len(&c->rem.io) > 0)
- process_connection(c, 0, 0);
+ return 1;
} else {
if (c->rem.io_class != NULL)
c->rem.io_class->close(&c->rem);
@@ -1025,6 +1030,8 @@
free(c);
}
+
+ return 0;
}
static void
@@ -1032,7 +1039,7 @@
{
struct worker *worker = LL_ENTRY(lp, struct worker, link);
- free_list(&worker->connections, connection_desctructor);
+ free_list(&worker->connections, (void (*)(struct llhead
*))connection_desctructor);
free(worker);
}
@@ -1065,6 +1072,7 @@
static void
process_connection(struct conn *c, int remote_ready, int local_ready)
{
+again:
/* Read from remote end if it is ready */
if (remote_ready && io_space_len(&c->rem.io))
read_stream(&c->rem);
@@ -1093,7 +1101,12 @@
if ((_shttpd_current_time > c->expire_time) ||
(c->rem.flags & FLAG_CLOSED) ||
((c->loc.flags & FLAG_CLOSED) && !io_data_len(&c->loc.io)))
- connection_desctructor(&c->link);
+ if (connection_desctructor(&c->link)) {
+ // More data to read and process ...
+ remote_ready = 0;
+ local_ready = 0;
+ goto again;
+ }
}
static int
@@ -1650,7 +1663,7 @@
while (worker->exit_flag == 0)
poll_worker(worker, 1000 * 10);
- free_list(&worker->connections, connection_desctructor);
+ free_list(&worker->connections, (void (*)(struct llhead
*))connection_desctructor);
free(worker);
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openwsman-2.6.9/src/server/wsmand.c
new/openwsman-2.6.10/src/server/wsmand.c
--- old/openwsman-2.6.9/src/server/wsmand.c 2018-10-12 11:58:29.000000000
+0200
+++ new/openwsman-2.6.10/src/server/wsmand.c 2019-08-07 12:57:23.000000000
+0200
@@ -198,6 +198,10 @@
int fd;
char *pid;
+ /* Change our CWD to / */
+ i=chdir("/");
+ assert(i == 0);
+
if (wsmand_options_get_foreground_debug() > 0) {
return;
}
@@ -214,10 +218,6 @@
log_pid = 0;
setsid();
- /* Change our CWD to / */
- i=chdir("/");
- assert(i == 0);
-
/* Close all file descriptors. */
for (i = getdtablesize(); i >= 0; --i)
close(i);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openwsman-2.6.9/tests/cve
new/openwsman-2.6.10/tests/cve
--- old/openwsman-2.6.9/tests/cve 1970-01-01 01:00:00.000000000 +0100
+++ new/openwsman-2.6.10/tests/cve 2019-03-08 11:38:03.000000000 +0100
@@ -0,0 +1,3 @@
+echo -e "POST /../../../../../etc/shadow HTTP/1.1\r\nContent-Type:
text/plain\r\nContent-Length: 6\r\nHello\r\n\r\n" | openssl s_client -connect
localhost:5986 -quiet
+
+# echo -e "POST /../../../../../etc/shadow HTTP/1.1\r\nContent-Type:
text/plain\r\nContent-Length: 6\r\n\r\nHello\r\n\r\n" | openssl s_client
-connect localhost:5986 -quiet
\ No newline at end of file
++++++ openwsman.firewalld ++++++
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>Openwsman</short>
<description>Openwsman is a project intended to provide an open-source
implementation of the Web Services Management specification (WS-Management) and
to expose system management information on the Linux operating system using the
WS-Management protocol.</description>
<port protocol="tcp" port="5985"/>
<port protocol="tcp" port="5986"/>
</service>
