import CS libtirpc-1.3.3-2.el9

2023-09-21 19:20:18 +00:00 · 2023-09-21 19:20:18 +00:00 · 39a6131dd6
parent 811080905f
commit 39a6131dd6
2 changed files with 40 additions and 1 deletions
--- a/SOURCES/libtirpc-1.3.3-dos-sleep.patch
+++ b/SOURCES/libtirpc-1.3.3-dos-sleep.patch
@ -0,0 +1,31 @@
+commit f7f0abdf267698de3f74a0285405b1b01f40893b
+Author: Zhi Li <yieli@redhat.com>
+Date:   Wed Jan 11 11:19:31 2023 -0500
+
+    getnetconfigent: avoid potential DoS issue by removing unnecessary sleep
+    
+    By adapting CodeChecker for libtirpc related tests, it complains
+    an improper waiting time for function getnetconfigent with
+    a valid input value, either it should be treated as a wrong
+    input or just take it as a proper value without sleeping
+    
+    link: https://bugzilla.redhat.com/show_bug.cgi?id=2150611
+    Signed-off-by: Zhi Li <yieli@redhat.com>
+    Signed-off-by: Steve Dickson <steved@redhat.com>
+
+diff --git a/src/getnetconfig.c b/src/getnetconfig.c
+index cfd33c2..d547dce 100644
+--- a/src/getnetconfig.c
+++ b/src/getnetconfig.c
+@@ -436,11 +436,6 @@ getnetconfigent(netid)
+ 	fprintf(stderr, "in /etc/netconfig.\n");
+ 	fprintf(stderr, "Please change this to \"local\" manually ");
+ 	fprintf(stderr, "or run mergemaster(8).\n");
+-	fprintf(stderr, "See UPDATING entry 20021216 for details.\n");
+-	fprintf(stderr, "Continuing in 10 seconds\n\n");
+-	fprintf(stderr, "This warning will be removed 20030301\n");
+-	sleep(10);
+-
+     }
+ 
+     /*
--- a/SPECS/libtirpc.spec
+++ b/SPECS/libtirpc.spec
@ -2,7 +2,7 @@

 Name:			libtirpc
 Version:		1.3.3
-Release:		1%{?dist}
+Release:		2%{?dist}
 Summary:		Transport Independent RPC Library
 License:		SISSL and BSD
 URL:  			http://git.linux-nfs.org/?p=steved/libtirpc.git;a=summary
@ -19,6 +19,11 @@ BuildRequires: make
 Patch001: libtirpc-1.3.3-blacklist-close.patch
 Patch002: libtirpc-1.3.3-clnt-raw-ptr.patch

+#
+# RHEL9.2
+#
+Patch003: libtirpc-1.3.3-dos-sleep.patch
+
 %description
 This package contains SunLib's implementation of transport-independent
 RPC (TI-RPC) documentation.  This library forms a piece of the base of 
@ -118,6 +123,9 @@ mv %{buildroot}%{_mandir}/man3 %{buildroot}%{_mandir}/man3t
 %{_mandir}/*/*

 %changelog
+* Thu May 18 2023 Steve Dickson <steved@redhat.com> - 1.3.3-2
+- getnetconfigent: avoid potential DoS (bz 2150611)
+
 * Thu Nov 03 2022 Steve Dickson <steved@redhat.com> - 1.3.3-1
 - bindresvport.c: fix a potential resource leakage (bz 2135405)
 - clnt_raw.c: fix a possible null pointer dereference (bz 2138317)