Hello community, here is the log from the commit of package openwsman for openSUSE:Factory checked in at 2016-06-23 13:36:59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openwsman (Old) and /work/SRC/openSUSE:Factory/.openwsman.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openwsman" Changes: -------- --- /work/SRC/openSUSE:Factory/openwsman/openwsman.changes 2015-12-24 12:16:03.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.openwsman.new/openwsman.changes 2016-06-23 13:37:08.000000000 +0200 @@ -1,0 +2,12 @@ +Mon Jun 20 13:20:46 UTC 2016 - kkae...@suse.com + +- update to 2.6.3 + - Bugfixes + - Prevent buffer overflow if digest realm too long + - Ensure path starts with '/' in client data endpoint + - Java bindings build fix + - Fix SSL library, usage is not thread safe (vcrhonek) + - Improve NetBSD and OSX builds (apjanke) + - Install winrs with correct name and permissions + +------------------------------------------------------------------- @@ -5,0 +18,5 @@ + +------------------------------------------------------------------- +Wed Dec 2 18:06:54 UTC 2015 - srinidhi...@microfocus.com + +- Install winrs with executable permissions Old: ---- add-shebang-to-winrs.patch openwsman-2.6.2.tar.bz2 New: ---- openwsman-2.6.3.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openwsman.spec ++++++ --- /var/tmp/diff_new_pack.zgMAbN/_old 2016-06-23 13:37:09.000000000 +0200 +++ /var/tmp/diff_new_pack.zgMAbN/_new 2016-06-23 13:37:09.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package openwsman # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -122,7 +122,7 @@ %endif Requires(pre): sed coreutils grep /bin/hostname -Version: 2.6.2 +Version: 2.6.3 Release: 0 # Mandriva: # Release %%mkrel 1 @@ -141,7 +141,6 @@ Source3: %{name}.SuSEfirewall2 BuildRoot: %{_tmppath}/%{name}-%{version}-build Source4: %{name}.service -Patch2: add-shebang-to-winrs.patch %description Opensource Implementation of WS-Management protocol stack @@ -325,7 +324,6 @@ %if 0%{?fedora_version} || 0%{?centos_version} || 0%{?rhel_version} || 0%{?fedora} || 0%{?rhel} %patch1 -p1 %endif -%patch2 -p1 %build rm -rf build @@ -390,10 +388,6 @@ install -D -m 644 %{S:3} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/openwsman %endif -# rename winrs.rb -> winrs -mv $RPM_BUILD_ROOT%{_bindir}/winrs.rb $RPM_BUILD_ROOT%{_bindir}/winrs -chmod 755 $RPM_BUILD_ROOT%{_bindir}/winrs - %post -n libwsman3 -p /sbin/ldconfig %postun -n libwsman3 ++++++ openwsman-2.6.2.tar.bz2 -> openwsman-2.6.3.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openwsman-2.6.2/CMakeLists.txt new/openwsman-2.6.3/CMakeLists.txt --- old/openwsman-2.6.2/CMakeLists.txt 2015-10-06 11:06:58.000000000 +0200 +++ new/openwsman-2.6.3/CMakeLists.txt 2016-06-21 13:21:10.000000000 +0200 @@ -14,6 +14,9 @@ if(COMMAND cmake_policy) cmake_policy(SET CMP0003 OLD) cmake_policy(SET CMP0005 OLD) + if ( POLICY CMP0042 ) + cmake_policy(SET CMP0042 NEW) + endif ( POLICY CMP0042 ) if ( POLICY CMP0046 ) cmake_policy(SET CMP0046 OLD) endif ( POLICY CMP0046 ) @@ -32,7 +35,7 @@ # Package architecture IF ( NOT DEFINED PACKAGE_ARCHITECTURE ) - EXECUTE_PROCESS(COMMAND "/bin/uname" "-m" OUTPUT_VARIABLE UNAME_M) + EXECUTE_PROCESS(COMMAND "uname" "-m" OUTPUT_VARIABLE UNAME_M) # strip trailing newline STRING(REPLACE "\n" "" PACKAGE_ARCHITECTURE ${UNAME_M}) ENDIF ( NOT DEFINED PACKAGE_ARCHITECTURE ) @@ -44,9 +47,13 @@ IF ( DEFINED LIB ) SET ( LIB_INSTALL_DIR "${CMAKE_INSTALL_PREFIX}/${LIB}" ) ELSE ( DEFINED LIB ) - IF (CMAKE_SIZEOF_VOID_P MATCHES "8") - SET( LIB_SUFFIX "64" ) - ENDIF(CMAKE_SIZEOF_VOID_P MATCHES "8") + IF (APPLE) + SET(LIB_SUFFIX "") + ELSE (APPLE) + IF (CMAKE_SIZEOF_VOID_P MATCHES "8") + SET( LIB_SUFFIX "64" ) + ENDIF(CMAKE_SIZEOF_VOID_P MATCHES "8") + ENDIF (APPLE) SET ( LIB_INSTALL_DIR "${CMAKE_INSTALL_PREFIX}/lib${LIB_SUFFIX}" ) ENDIF ( DEFINED LIB ) MESSAGE(STATUS "Libraries will be installed in ${LIB_INSTALL_DIR}" ) @@ -170,9 +177,9 @@ IF( BUILD_PYTHON ) MESSAGE(STATUS "Building Python bindings" ) - FIND_PACKAGE(PythonLibs) + FIND_PACKAGE(PythonLibs 2.6 REQUIRED) IF (PYTHON_LIBRARY) - FIND_PACKAGE(PythonInterp REQUIRED) + FIND_PACKAGE(PythonInterp 2.6 REQUIRED) MESSAGE(STATUS "Found PythonLibs...") FIND_PACKAGE(PythonLinkLibs) IF (PYTHON_LINK_LIBS) @@ -378,6 +385,10 @@ SET(HAVE_ALLOCA 0) SET(C_ALLOCA 0) CHECK_INCLUDE_FILE( "alloca.h" HAVE_ALLOCA_H ) +ELSE (NOT HAVE_ALLOCA) + SET(HAVE_ALLOCA 1) + SET(C_ALLOCA 1) + SET(HAVE_ALLOCA_H 0) ENDIF (NOT HAVE_ALLOCA) # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openwsman-2.6.2/ChangeLog new/openwsman-2.6.3/ChangeLog --- old/openwsman-2.6.2/ChangeLog 2015-10-14 14:53:14.000000000 +0200 +++ new/openwsman-2.6.3/ChangeLog 2016-06-21 12:38:11.000000000 +0200 @@ -1,3 +1,12 @@ +2.6.3 +- Bugfixes + - Prevent buffer overflow if digest realm too long + - Ensure path starts with '/' in client data endpoint + - Java bindings build fix + - Fix SSL library, usage is not thread safe (vcrhonek) + - Improve NetBSD and OSX builds (apjanke) + - Install winrs with correct name and permissions + 2.6.2 - Features - Install winrs.rb (Windows Remote Shell) to /usr/bin diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openwsman-2.6.2/VERSION.cmake new/openwsman-2.6.3/VERSION.cmake --- old/openwsman-2.6.2/VERSION.cmake 2015-10-14 14:45:51.000000000 +0200 +++ new/openwsman-2.6.3/VERSION.cmake 2016-06-21 12:38:11.000000000 +0200 @@ -44,10 +44,10 @@ # set COMPATMINOR to MINOR. (binary incompatible change) # -# Package version 2.6.2 +# Package version 2.6.3 SET(OPENWSMAN_MAJOR "2") SET(OPENWSMAN_MINOR "6") -SET(OPENWSMAN_PATCH "2") +SET(OPENWSMAN_PATCH "3") # Plugin API 2.2 SET(OPENWSMAN_PLUGIN_API_MAJOR "2") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openwsman-2.6.2/autoconfiscate.sh new/openwsman-2.6.3/autoconfiscate.sh --- old/openwsman-2.6.2/autoconfiscate.sh 2015-08-27 15:37:51.000000000 +0200 +++ new/openwsman-2.6.3/autoconfiscate.sh 2016-05-11 09:42:24.000000000 +0200 @@ -1,8 +1,18 @@ -#!/bin/sh +#!/bin/sh -echo "*** Autoconf/automake is deprecated for Openwsman" -echo "*** and might not fully work." -echo "*** Use cmake instead !" +cat <<EOS >&2 +*** Autoconf/automake is deprecated for Openwsman and might not fully work. +*** Please use CMake instead! +*** Pull requests welcome ;-) +EOS + +if [ "$1" != "--ignore-deprecation-warning" ]; then + cat <<EOS >&2 +*** To ignore this warning and proceed regardless, re-run as follows: +*** $0 --ignore-deprecation-warning +EOS + exit 1 +fi UNAME=`uname` diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openwsman-2.6.2/bindings/java/CMakeLists.txt new/openwsman-2.6.3/bindings/java/CMakeLists.txt --- old/openwsman-2.6.2/bindings/java/CMakeLists.txt 2015-08-26 10:12:49.000000000 +0200 +++ new/openwsman-2.6.3/bindings/java/CMakeLists.txt 2016-06-20 14:55:37.000000000 +0200 @@ -41,7 +41,7 @@ COMMAND ${JAVA_COMPILE} ${java_SOURCE} ${EXPLICIT_SOURCE} ${java_TARGET} ${EXPLICIT_TARGET} -d . *.java COMMAND ${CMAKE_COMMAND} -E echo_append "Creating JAR ..." COMMAND ${JAVA_ARCHIVE} cvf ${jar_NAME} *.so org/* - DEPENDS ${SWIG_OUTPUT} + DEPENDS jwsman ) ADD_CUSTOM_TARGET ( jwsman_all ALL diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openwsman-2.6.2/bindings/java/tests/identify.java new/openwsman-2.6.3/bindings/java/tests/identify.java --- old/openwsman-2.6.2/bindings/java/tests/identify.java 2015-08-26 10:12:49.000000000 +0200 +++ new/openwsman-2.6.3/bindings/java/tests/identify.java 2016-06-21 12:39:16.000000000 +0200 @@ -4,7 +4,10 @@ // Java test for WS-Identify // -import org.openwsman.*; +import org.openwsman.Client; +import org.openwsman.ClientOptions; +import org.openwsman.OpenWSManConstants; +import org.openwsman.XmlDoc; public class identify { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openwsman-2.6.2/bindings/python/CMakeLists.txt new/openwsman-2.6.3/bindings/python/CMakeLists.txt --- old/openwsman-2.6.2/bindings/python/CMakeLists.txt 2015-08-26 10:12:49.000000000 +0200 +++ new/openwsman-2.6.3/bindings/python/CMakeLists.txt 2016-04-29 09:22:52.000000000 +0200 @@ -12,7 +12,7 @@ add_subdirectory(tests) -EXECUTE_PROCESS(COMMAND ${PYTHON_EXECUTABLE} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)" OUTPUT_VARIABLE PYTHON_LIB_DIR) +EXECUTE_PROCESS(COMMAND ${PYTHON_EXECUTABLE} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))" OUTPUT_VARIABLE PYTHON_LIB_DIR) STRING(REPLACE "\n" "" PYTHON_LIB_DIR "${PYTHON_LIB_DIR}") MESSAGE(STATUS "Python executable: ${PYTHON_EXECUTABLE}") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openwsman-2.6.2/bindings/version.i new/openwsman-2.6.3/bindings/version.i --- old/openwsman-2.6.2/bindings/version.i 2015-07-24 14:33:56.000000000 +0200 +++ new/openwsman-2.6.3/bindings/version.i 1970-01-01 01:00:00.000000000 +0100 @@ -1,11 +0,0 @@ -/* - * version.i - * version definitions for openwsman swig bindings - * - */ - -#define OPENWSMAN_MAJOR 2 -#define OPENWSMAN_MINOR 6 -#define OPENWSMAN_PATCH 0 -#define OPENWSMAN_VERSION "2.6.0" - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openwsman-2.6.2/examples/CMakeLists.txt new/openwsman-2.6.3/examples/CMakeLists.txt --- old/openwsman-2.6.2/examples/CMakeLists.txt 2015-10-14 14:45:51.000000000 +0200 +++ new/openwsman-2.6.3/examples/CMakeLists.txt 2016-02-29 14:53:54.000000000 +0100 @@ -18,4 +18,4 @@ # winrs.rb -INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/winrs.rb DESTINATION ${CMAKE_INSTALL_PREFIX}/bin) +INSTALL(PROGRAMS ${CMAKE_CURRENT_SOURCE_DIR}/winrs.rb DESTINATION ${CMAKE_INSTALL_PREFIX}/bin RENAME winrs) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openwsman-2.6.2/examples/winrs.rb new/openwsman-2.6.3/examples/winrs.rb --- old/openwsman-2.6.2/examples/winrs.rb 2015-10-14 14:45:51.000000000 +0200 +++ new/openwsman-2.6.3/examples/winrs.rb 2016-02-29 14:53:54.000000000 +0100 @@ -1,3 +1,5 @@ +#!/usr/bin/env ruby +# # winrs.rb # # Windows Remote Shell diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openwsman-2.6.2/package/openwsman.spec.in new/openwsman-2.6.3/package/openwsman.spec.in --- old/openwsman-2.6.2/package/openwsman.spec.in 2015-10-14 14:49:41.000000000 +0200 +++ new/openwsman-2.6.3/package/openwsman.spec.in 2016-06-21 12:38:11.000000000 +0200 @@ -388,9 +388,6 @@ install -D -m 644 %{S:3} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/openwsman %endif -# rename winrs.rb -> winrs -mv $RPM_BUILD_ROOT%{_bindir}/winrs.rb $RPM_BUILD_ROOT%{_bindir}/winrs - %post -n libwsman3 -p /sbin/ldconfig %postun -n libwsman3 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openwsman-2.6.2/src/lib/CMakeLists.txt new/openwsman-2.6.3/src/lib/CMakeLists.txt --- old/openwsman-2.6.2/src/lib/CMakeLists.txt 2015-08-26 13:33:11.000000000 +0200 +++ new/openwsman-2.6.3/src/lib/CMakeLists.txt 2016-04-29 09:15:44.000000000 +0200 @@ -53,6 +53,9 @@ SET( wsman_curl_client_transport_SOURCES wsman-client-transport.c wsman-curl-client-transport.c ) ADD_LIBRARY( ${WSMAN_CLIENT_TRANSPORT_PKG} SHARED ${wsman_curl_client_transport_SOURCES} ) TARGET_LINK_LIBRARIES( ${WSMAN_CLIENT_TRANSPORT_PKG} ${CURL_LIBRARIES} ) +IF( ENABLE_EVENTING_SUPPORT ) +TARGET_LINK_LIBRARIES( ${WSMAN_CLIENT_TRANSPORT_PKG} ${OPENSSL_LIBRARIES} ) +ENDIF( ENABLE_EVENTING_SUPPORT ) SET_TARGET_PROPERTIES( ${WSMAN_CLIENT_TRANSPORT_PKG} PROPERTIES VERSION 1.0.0 SOVERSION 1) INSTALL(TARGETS ${WSMAN_CLIENT_TRANSPORT_PKG} DESTINATION ${LIB_INSTALL_DIR}) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openwsman-2.6.2/src/lib/wsman-client.c new/openwsman-2.6.3/src/lib/wsman-client.c --- old/openwsman-2.6.2/src/lib/wsman-client.c 2015-10-06 11:06:58.000000000 +0200 +++ new/openwsman-2.6.3/src/lib/wsman-client.c 2016-02-29 14:53:54.000000000 +0100 @@ -2028,8 +2028,11 @@ #ifdef _WIN32 wsc->session_handle = 0; #endif - wsc->data.endpoint = u_strdup_printf("%s://%s:%d%s", - wsc->data.scheme, wsc->data.hostname, wsc->data.port, wsc->data.path); + wsc->data.endpoint = u_strdup_printf("%s://%s:%d%s%s", + wsc->data.scheme, wsc->data.hostname, + wsc->data.port, + (*wsc->data.path == '/') ? "" : "/", + wsc->data.path); debug("Endpoint: %s", wsc->data.endpoint); wsc->authentication.verify_host = 1; //verify CN in server certicates by default wsc->authentication.verify_peer = 1; //validate server certificates by default diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openwsman-2.6.2/src/lib/wsman-curl-client-transport.c new/openwsman-2.6.3/src/lib/wsman-curl-client-transport.c --- old/openwsman-2.6.2/src/lib/wsman-curl-client-transport.c 2015-10-14 14:45:51.000000000 +0200 +++ new/openwsman-2.6.3/src/lib/wsman-curl-client-transport.c 2016-04-29 09:19:57.000000000 +0200 @@ -46,8 +46,10 @@ #include <curl/curl.h> #include <curl/easy.h> +#ifdef ENABLE_EVENTING_SUPPORT #include <openssl/opensslv.h> #include <openssl/ssl.h> +#endif #include "u/libu.h" #include "wsman-types.h" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openwsman-2.6.2/src/plugins/cim/cim_data_stubs.c new/openwsman-2.6.3/src/plugins/cim/cim_data_stubs.c --- old/openwsman-2.6.2/src/plugins/cim/cim_data_stubs.c 2015-08-26 10:12:50.000000000 +0200 +++ new/openwsman-2.6.3/src/plugins/cim/cim_data_stubs.c 2016-06-21 12:38:11.000000000 +0200 @@ -170,27 +170,30 @@ hscan_t hs; hnode_t *hn; int rv = 0; - if(!client){ + if (!client) { return 0; } - if (client->resource_uri && (strcmp( client->resource_uri, CIM_ALL_AVAILABLE_CLASSES ) ==0) ) { + if (!client->resource_uri) { + return 0; + } + if (strcmp( client->resource_uri, CIM_ALL_AVAILABLE_CLASSES ) == 0 ) { return 1; } - if ( client->resource_uri && (strstr( client->resource_uri, XML_NS_CIM_INTRINSIC ) != NULL )) { + if (strstr( client->resource_uri, XML_NS_CIM_INTRINSIC ) != NULL ) { return 1; } /* Ok if class schema is CIM, uri starts with XML_NS_CIM_CLASS * and method is not 'Create' (CIM_ is abstract, cannot be created) */ - if (client->requested_class && client->resource_uri && client->method + if (client->requested_class && client->method && (strncmp(client->requested_class, "CIM_", 4) == 0 ) && (strstr(client->resource_uri , XML_NS_CIM_CLASS) == client->resource_uri ) && (strcmp(client->method, TRANSFER_CREATE) != 0)) { return 1; } - if (client->requested_class && client->namespaces && client->resource_uri) { + if (client->requested_class && client->namespaces) { hash_scan_begin(&hs, client->namespaces); while ((hn = hash_scan_next(&hs))) { if ( ( strstr(client->requested_class, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openwsman-2.6.2/src/server/shttpd/auth.c new/openwsman-2.6.3/src/server/shttpd/auth.c --- old/openwsman-2.6.2/src/server/shttpd/auth.c 2014-07-25 17:08:56.000000000 +0200 +++ new/openwsman-2.6.3/src/server/shttpd/auth.c 2016-02-29 14:53:54.000000000 +0100 @@ -387,39 +387,66 @@ return (ret); } -void +int send_authorization_request(struct conn *c) { - char buf[512]; - int n = 0; +#define BUFSIZE 512 + char buf[BUFSIZE]; + char *bufptr = buf; + int n; + size_t remaining = BUFSIZE; int b = 0, d = 0; struct llhead *lp; struct uri_auth *auth; - n = snprintf(buf, sizeof(buf), "Unauthorized\r\n"); + n = snprintf(bufptr, remaining, "Unauthorized\r\n"); + bufptr += n; + remaining -= n; LL_FOREACH(&c->ctx->uri_auths, lp) { auth = LL_ENTRY(lp, struct uri_auth, link); if (auth->type == DIGEST_AUTH && d == 0) { - if (b ) { - n += snprintf(buf +n, sizeof(buf) - n, "\r\n"); - } - n += snprintf(buf +n, sizeof(buf) - n, - "WWW-Authenticate: Digest qop=\"auth\", realm=\"%s\", " - "nonce=\"%lu\"", c->ctx->auth_realm, (unsigned long) current_time); - d = 1; + if (b) { + n = snprintf(bufptr, remaining, "\r\n"); + if (n >= remaining) { + return -1; + } + bufptr += n; + remaining -= n; + } + n = snprintf(bufptr, remaining, + "WWW-Authenticate: Digest qop=\"auth\", realm=\"%s\", " + "nonce=\"%lu\"", c->ctx->auth_realm, (unsigned long) current_time); + if (n >= remaining) { + return -1; + } + bufptr += n; + remaining -= n; + d = 1; } if (auth->type == BASIC_AUTH && b == 0) { - if (d) { - n += snprintf(buf +n, sizeof(buf) - n, "\r\n"); - } - n += snprintf(buf +n, sizeof(buf) - n, - "WWW-Authenticate: Basic realm=\"%s\"", c->ctx->auth_realm); - b = 1; + if (d) { + n = snprintf(bufptr, remaining, "\r\n"); + if (n >= remaining) { + return -1; + } + bufptr += n; + remaining -= n; + } + n = snprintf(bufptr, remaining, + "WWW-Authenticate: Basic realm=\"%s\"", c->ctx->auth_realm); + if (n >= remaining) { + return -1; + } + bufptr += n; + remaining -= n; + b = 1; } } send_server_error(c, 401, buf); +#undef BUFSIZE + return 0; } /* diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openwsman-2.6.2/src/server/shttpd/shttpd.c new/openwsman-2.6.3/src/server/shttpd/shttpd.c --- old/openwsman-2.6.2/src/server/shttpd/shttpd.c 2015-08-26 10:12:50.000000000 +0200 +++ new/openwsman-2.6.3/src/server/shttpd/shttpd.c 2016-02-29 14:53:54.000000000 +0100 @@ -488,11 +488,14 @@ } #if !defined(NO_AUTH) - rc = check_authorization(c, path); - if(rc != 1) - { - if(rc != 2) /* 2 = multipass auth (GSS)*/ - send_authorization_request(c); + rc = check_authorization(c, path); + if (rc != 1) { + if (rc != 2) { /* 2 = multipass auth (GSS)*/ + if (send_authorization_request(c)) { + fprintf(stderr, "Digest realm overflows buffer\n"); + return; + } + } } else #endif /* NO_AUTH */ #ifdef EMBEDDED @@ -507,7 +510,10 @@ #if !defined(NO_AUTH) if ((c->method == METHOD_PUT || c->method == METHOD_DELETE) && (c->ctx->put_auth_file == NULL || !is_authorized_for_put(c))) { - send_authorization_request(c); + if (send_authorization_request(c)) { + fprintf(stderr, "Digest realm overflows buffer\n"); + return; + } } else #endif /* NO_AUTH */ if (c->method == METHOD_PUT) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openwsman-2.6.2/src/server/shttpd/shttpd_defs.h new/openwsman-2.6.3/src/server/shttpd/shttpd_defs.h --- old/openwsman-2.6.2/src/server/shttpd/shttpd_defs.h 2014-07-25 17:08:56.000000000 +0200 +++ new/openwsman-2.6.3/src/server/shttpd/shttpd_defs.h 2016-02-29 14:53:55.000000000 +0100 @@ -480,7 +480,7 @@ */ extern int check_authorization(struct conn *c, const char *path); extern int is_authorized_for_put(struct conn *c); -extern void send_authorization_request(struct conn *c); +extern int send_authorization_request(struct conn *c); extern int edit_passwords(const char *fname, const char *domain, const char *user, const char *pass); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openwsman-2.6.2/src/server/wsmand-listener.c new/openwsman-2.6.3/src/server/wsmand-listener.c --- old/openwsman-2.6.2/src/server/wsmand-listener.c 2015-08-26 13:33:12.000000000 +0200 +++ new/openwsman-2.6.3/src/server/wsmand-listener.c 2016-06-20 14:55:12.000000000 +0200 @@ -83,6 +83,10 @@ #endif #include <sys/socket.h> +/* SSL thread safe */ +#include <openssl/crypto.h> +static pthread_mutex_t *lock_cs; +static long *lock_count; static pthread_mutex_t shttpd_mutex; static pthread_cond_t shttpd_cond; @@ -107,6 +111,50 @@ int gss_encrypt(struct shttpd_arg *arg, char *input, int inlen, char **output, int *outlen); #endif +/* SSL thread safe */ +void pthreads_locking_callback(int mode, int type, char *file, int line) { + if (mode & CRYPTO_LOCK) { + pthread_mutex_lock(&(lock_cs[type])); + lock_count[type]++; + } + else { + pthread_mutex_unlock(&(lock_cs[type])); + } +} + +unsigned long pthreads_thread_id(void) { + unsigned long ret; + + ret = (unsigned long)pthread_self(); + return(ret); +} + +void thread_setup(void) { + int i; + + lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t)); + lock_count = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long)); + for (i = 0; i < CRYPTO_num_locks(); i++) { + lock_count[i] = 0; + pthread_mutex_init(&(lock_cs[i]), NULL); + } + + CRYPTO_set_id_callback((unsigned long (*)())pthreads_thread_id); + CRYPTO_set_locking_callback((void (*)())pthreads_locking_callback); +} + +void thread_cleanup(void) { + int i; + + CRYPTO_set_locking_callback(NULL); + for (i = 0; i < CRYPTO_num_locks(); i++) { + pthread_mutex_destroy(&(lock_cs[i])); + } + + OPENSSL_free(lock_cs); + OPENSSL_free(lock_count); +} + /* Check HTTP headers */ static int check_request_content_type(struct shttpd_arg *arg) { @@ -723,6 +771,10 @@ if (wsman_setup_thread(&pattrs) == 0 ) return listener; + + /* SSL thread safe */ + thread_setup(); + pthread_create(&tid, &pattrs, wsman_server_auxiliary_loop_thread, cntx); #ifdef ENABLE_EVENTING_SUPPORT @@ -749,5 +801,9 @@ } shttpd_add_socket(thread->ctx, sock, use_ssl); } + + /* SSL thread safe */ + thread_cleanup(); + return listener; }