From 954393d4a43397d883019ecc790b9b06572b4564 Mon Sep 17 00:00:00 2001 From: Steve Dickson Date: Wed, 5 Jul 2017 14:27:13 -0400 Subject: [PATCH] Updated to the latest upstream release: 1.0.2 Signed-off-by: Steve Dickson --- .gitignore | 8 +- libtirpc-0.2.4-rc3.patch | 838 ------------------ libtirpc-0.3.3-rc1.patch | 157 ---- libtirpc-0.3.3-rc2.patch | 837 ------------------ libtirpc-0.3.3-rc3.patch | 1288 ---------------------------- libtirpc-1.0.2-CVE-2017-8779.patch | 263 ------ libtirpc-1.0.2-rc1.patch | 365 -------- libtirpc-1.0.2-rc2.patch | 544 ------------ libtirpc-1.0.2-rc3.patch | 737 ---------------- libtirpc.spec | 12 +- sources | 2 +- 11 files changed, 8 insertions(+), 5043 deletions(-) delete mode 100644 libtirpc-0.2.4-rc3.patch delete mode 100644 libtirpc-0.3.3-rc1.patch delete mode 100644 libtirpc-0.3.3-rc2.patch delete mode 100644 libtirpc-0.3.3-rc3.patch delete mode 100644 libtirpc-1.0.2-CVE-2017-8779.patch delete mode 100644 libtirpc-1.0.2-rc1.patch delete mode 100644 libtirpc-1.0.2-rc2.patch delete mode 100644 libtirpc-1.0.2-rc3.patch diff --git a/.gitignore b/.gitignore index 413e977..98c1899 100644 --- a/.gitignore +++ b/.gitignore @@ -1,9 +1,5 @@ Makefile cscope* x86_64/ -libtirpc-0.3.1 -/libtirpc-0.3.1.tar.bz2 -libtirpc-0.3.2 -/libtirpc-0.3.2.tar.bz2 -/libtirpc-1.0.1.tar.bz2 -libtirpc-1.0.1 +/libtirpc-1.0.2.tar.bz2 +libtirpc-1.0.2 diff --git a/libtirpc-0.2.4-rc3.patch b/libtirpc-0.2.4-rc3.patch deleted file mode 100644 index bed768e..0000000 --- a/libtirpc-0.2.4-rc3.patch +++ /dev/null @@ -1,838 +0,0 @@ -diff -up libtirpc-0.2.3/autogen.sh.orig libtirpc-0.2.3/autogen.sh ---- libtirpc-0.2.3/autogen.sh.orig 2013-02-13 10:13:59.000000000 -0500 -+++ libtirpc-0.2.3/autogen.sh 2013-11-25 15:26:11.377054660 -0500 -@@ -37,6 +37,6 @@ fi - - aclocal - libtoolize --force --copy --autoheader -+#autoheader - automake --add-missing --copy --gnu # -Wall - autoconf # -Wall -diff -up libtirpc-0.2.3/configure.ac.orig libtirpc-0.2.3/configure.ac ---- libtirpc-0.2.3/configure.ac.orig 2013-02-13 10:13:59.000000000 -0500 -+++ libtirpc-0.2.3/configure.ac 2013-11-25 15:26:11.378054666 -0500 -@@ -1,19 +1,34 @@ - AC_INIT(libtirpc, 0.2.3) --AM_INIT_AUTOMAKE(libtirpc, 0.2.3) -+AM_INIT_AUTOMAKE - AM_MAINTAINER_MODE - AC_CONFIG_SRCDIR([src/auth_des.c]) - AC_CONFIG_MACRO_DIR([m4]) - - AC_ARG_ENABLE(gss,[ --enable-gss Turn on gss api], [case "${enableval}" in -- yes) gss=true ; AC_CHECK_LIB([gssapi],[gss_init_sec_context]) ;; -+ yes) gss=true ;; - no) gss=false ;; - *) AC_MSG_ERROR(bad value ${enableval} for --enable-gss) ;; - esac],[gss=false]) - AM_CONDITIONAL(GSS, test x$gss = xtrue) -+AC_ARG_WITH(gssglue, -+ [ --with-gssglue Use libgssglue], -+ [case "${enableval}" in -+ yes) gssglue=true ;; -+ no) gssglue=false ;; -+ *) AC_MSG_ERROR(bad value ${enableval} for --with-gssglue) ;; -+ esac], -+ [gssglue=false]) -+AM_CONDITIONAL(USEGSSGLUE, test x$gssglue = xtrue) - if test x$gss = xtrue; then -- AC_DEFINE(HAVE_LIBGSSAPI, 1, []) -- PKG_CHECK_MODULES(GSSGLUE, libgssglue, [], -- AC_MSG_ERROR([Unable to locate information required to use libgssglue.])) -+ if test x$gssglue = xtrue; then -+ PKG_CHECK_MODULES(GSSAPI, libgssglue, [], -+ AC_MSG_ERROR([Unable to locate information required to use libgssglue.])) -+ else -+ GSSAPI_CFLAGS=`krb5-config --cflags gssapi` -+ GSSAPI_LIBS=`krb5-config --libs gssapi` -+ AC_SUBST([GSSAPI_CFLAGS]) -+ AC_SUBST([GSSAPI_LIBS]) -+ fi - fi - AC_ARG_ENABLE(ipv6, - [AC_HELP_STRING([--disable-ipv6], [Disable IPv6 support @<:@default=no@:>@])], -@@ -24,7 +39,7 @@ if test "x$enable_ipv6" != xno; then - fi - - AC_PROG_CC --AM_CONFIG_HEADER(config.h) -+m4_pattern_allow(AM_CONFIG_HEADERS(config.h)) - AC_PROG_LIBTOOL - AC_HEADER_DIRENT - AC_PREFIX_DEFAULT(/usr) -diff -up libtirpc-0.2.3/INSTALL.orig libtirpc-0.2.3/INSTALL ---- libtirpc-0.2.3/INSTALL.orig 2013-02-13 10:13:59.000000000 -0500 -+++ libtirpc-0.2.3/INSTALL 2013-06-17 05:16:35.000000000 -0400 -@@ -1,35 +1,25 @@ --Copyright 1994, 1995, 1996, 1999, 2000, 2001, 2002 Free Software --Foundation, Inc. -+Installation Instructions -+************************* - -- This file is free documentation; the Free Software Foundation gives --unlimited permission to copy, distribute and modify it. -- -- --TI-RPC Library Quick Installation --================================= -- -- Without GSS API -- --$ ./configure --$ make --# make install -- -- To enable utilization of RPCSEC via GSS API use following commands --but you need to install libgssapi from the CITI before -- --$ ./configure --enable-gss --$ make --# make install -- -- Once installed, you can customize the /etc/netconfig configuration file --to configure the supported protocols. To support INET6 udp/tcp, uncomment --the udp6/tcp6 lines. -+Copyright (C) 1994-1996, 1999-2002, 2004-2013 Free Software Foundation, -+Inc. - -+ Copying and distribution of this file, with or without modification, -+are permitted in any medium without royalty provided the copyright -+notice and this notice are preserved. This file is offered as-is, -+without warranty of any kind. - - Basic Installation - ================== - -- These are generic installation instructions. -+ Briefly, the shell commands `./configure; make; make install' should -+configure, build, and install this package. The following -+more-detailed instructions are generic; see the `README' file for -+instructions specific to this package. Some packages provide this -+`INSTALL' file but do not implement all of the features documented -+below. The lack of an optional feature in a given package is not -+necessarily a bug. More recommendations for GNU packages can be found -+in *note Makefile Conventions: (standards)Makefile Conventions. - - The `configure' shell script attempts to guess correct values for - various system-dependent variables used during compilation. It uses -@@ -42,9 +32,9 @@ debugging `configure'). - - It can also use an optional file (typically called `config.cache' - and enabled with `--cache-file=config.cache' or simply `-C') that saves --the results of its tests to speed up reconfiguring. (Caching is -+the results of its tests to speed up reconfiguring. Caching is - disabled by default to prevent problems with accidental use of stale --cache files.) -+cache files. - - If you need to do unusual things to compile the package, please try - to figure out how `configure' could check whether to do them, and mail -@@ -54,30 +44,37 @@ some point `config.cache' contains resul - may remove or edit it. - - The file `configure.ac' (or `configure.in') is used to create --`configure' by a program called `autoconf'. You only need --`configure.ac' if you want to change it or regenerate `configure' using --a newer version of `autoconf'. -+`configure' by a program called `autoconf'. You need `configure.ac' if -+you want to change it or regenerate `configure' using a newer version -+of `autoconf'. - --The simplest way to compile this package is: -+ The simplest way to compile this package is: - - 1. `cd' to the directory containing the package's source code and type -- `./configure' to configure the package for your system. If you're -- using `csh' on an old version of System V, you might need to type -- `sh ./configure' instead to prevent `csh' from trying to execute -- `configure' itself. -+ `./configure' to configure the package for your system. - -- Running `configure' takes awhile. While running, it prints some -- messages telling which features it is checking for. -+ Running `configure' might take a while. While running, it prints -+ some messages telling which features it is checking for. - - 2. Type `make' to compile the package. - - 3. Optionally, type `make check' to run any self-tests that come with -- the package. -+ the package, generally using the just-built uninstalled binaries. - - 4. Type `make install' to install the programs and any data files and -- documentation. -+ documentation. When installing into a prefix owned by root, it is -+ recommended that the package be configured and built as a regular -+ user, and only the `make install' phase executed with root -+ privileges. -+ -+ 5. Optionally, type `make installcheck' to repeat any self-tests, but -+ this time using the binaries in their final installed location. -+ This target does not install anything. Running this target as a -+ regular user, particularly if the prior `make install' required -+ root privileges, verifies that the installation completed -+ correctly. - -- 5. You can remove the program binaries and object files from the -+ 6. You can remove the program binaries and object files from the - source code directory by typing `make clean'. To also remove the - files that `configure' created (so you can compile the package for - a different kind of computer), type `make distclean'. There is -@@ -86,6 +83,16 @@ The simplest way to compile this package - all sorts of other programs in order to regenerate files that came - with the distribution. - -+ 7. Often, you can also type `make uninstall' to remove the installed -+ files again. In practice, not all packages have tested that -+ uninstallation works correctly, even though it is required by the -+ GNU Coding Standards. -+ -+ 8. Some packages, particularly those that use Automake, provide `make -+ distcheck', which can by used by developers to test that all other -+ targets like `make install' and `make uninstall' work correctly. -+ This target is generally not run by end users. -+ - Compilers and Options - ===================== - -@@ -97,7 +104,7 @@ for details on some of the pertinent env - by setting variables in the command line or in the environment. Here - is an example: - -- ./configure CC=c89 CFLAGS=-O2 LIBS=-lposix -+ ./configure CC=c99 CFLAGS=-g LIBS=-lposix - - *Note Defining Variables::, for more details. - -@@ -106,44 +113,89 @@ Compiling For Multiple Architectures - - You can compile the package for more than one kind of computer at the - same time, by placing the object files for each architecture in their --own directory. To do this, you must use a version of `make' that --supports the `VPATH' variable, such as GNU `make'. `cd' to the -+own directory. To do this, you can use GNU `make'. `cd' to the - directory where you want the object files and executables to go and run - the `configure' script. `configure' automatically checks for the --source code in the directory that `configure' is in and in `..'. -+source code in the directory that `configure' is in and in `..'. This -+is known as a "VPATH" build. - -- If you have to use a `make' that does not support the `VPATH' --variable, you have to compile the package for one architecture at a --time in the source code directory. After you have installed the --package for one architecture, use `make distclean' before reconfiguring --for another architecture. -+ With a non-GNU `make', it is safer to compile the package for one -+architecture at a time in the source code directory. After you have -+installed the package for one architecture, use `make distclean' before -+reconfiguring for another architecture. -+ -+ On MacOS X 10.5 and later systems, you can create libraries and -+executables that work on multiple system types--known as "fat" or -+"universal" binaries--by specifying multiple `-arch' options to the -+compiler but only a single `-arch' option to the preprocessor. Like -+this: -+ -+ ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ -+ CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ -+ CPP="gcc -E" CXXCPP="g++ -E" -+ -+ This is not guaranteed to produce working output in all cases, you -+may have to build one architecture at a time and combine the results -+using the `lipo' tool if you have problems. - - Installation Names - ================== - -- By default, `make install' will install the package's files in --`/usr/local/bin', `/usr/local/man', etc. You can specify an --installation prefix other than `/usr/local' by giving `configure' the --option `--prefix=PATH'. -+ By default, `make install' installs the package's commands under -+`/usr/local/bin', include files under `/usr/local/include', etc. You -+can specify an installation prefix other than `/usr/local' by giving -+`configure' the option `--prefix=PREFIX', where PREFIX must be an -+absolute file name. - - You can specify separate installation prefixes for - architecture-specific files and architecture-independent files. If you --give `configure' the option `--exec-prefix=PATH', the package will use --PATH as the prefix for installing programs and libraries. --Documentation and other data files will still use the regular prefix. -+pass the option `--exec-prefix=PREFIX' to `configure', the package uses -+PREFIX as the prefix for installing programs and libraries. -+Documentation and other data files still use the regular prefix. - - In addition, if you use an unusual directory layout you can give --options like `--bindir=PATH' to specify different values for particular -+options like `--bindir=DIR' to specify different values for particular - kinds of files. Run `configure --help' for a list of the directories --you can set and what kinds of files go in them. -+you can set and what kinds of files go in them. In general, the -+default for these options is expressed in terms of `${prefix}', so that -+specifying just `--prefix' will affect all of the other directory -+specifications that were not explicitly provided. -+ -+ The most portable way to affect installation locations is to pass the -+correct locations to `configure'; however, many packages provide one or -+both of the following shortcuts of passing variable assignments to the -+`make install' command line to change installation locations without -+having to reconfigure or recompile. -+ -+ The first method involves providing an override variable for each -+affected directory. For example, `make install -+prefix=/alternate/directory' will choose an alternate location for all -+directory configuration variables that were expressed in terms of -+`${prefix}'. Any directories that were specified during `configure', -+but not in terms of `${prefix}', must each be overridden at install -+time for the entire installation to be relocated. The approach of -+makefile variable overrides for each directory variable is required by -+the GNU Coding Standards, and ideally causes no recompilation. -+However, some platforms have known limitations with the semantics of -+shared libraries that end up requiring recompilation when using this -+method, particularly noticeable in packages that use GNU Libtool. -+ -+ The second method involves providing the `DESTDIR' variable. For -+example, `make install DESTDIR=/alternate/directory' will prepend -+`/alternate/directory' before all installation names. The approach of -+`DESTDIR' overrides is not required by the GNU Coding Standards, and -+does not work on platforms that have drive letters. On the other hand, -+it does better at avoiding recompilation issues, and works well even -+when some directory options were not specified in terms of `${prefix}' -+at `configure' time. -+ -+Optional Features -+================= - - If the package supports it, you can cause programs to be installed - with an extra prefix or suffix on their names by giving `configure' the - option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. - --Optional Features --================= -- - Some packages pay attention to `--enable-FEATURE' options to - `configure', where FEATURE indicates an optional part of the package. - They may also pay attention to `--with-PACKAGE' options, where PACKAGE -@@ -156,6 +208,50 @@ find the X include and library files aut - you can use the `configure' options `--x-includes=DIR' and - `--x-libraries=DIR' to specify their locations. - -+ Some packages offer the ability to configure how verbose the -+execution of `make' will be. For these packages, running `./configure -+--enable-silent-rules' sets the default to minimal output, which can be -+overridden with `make V=1'; while running `./configure -+--disable-silent-rules' sets the default to verbose, which can be -+overridden with `make V=0'. -+ -+Particular systems -+================== -+ -+ On HP-UX, the default C compiler is not ANSI C compatible. If GNU -+CC is not installed, it is recommended to use the following options in -+order to use an ANSI C compiler: -+ -+ ./configure CC="cc -Ae -D_XOPEN_SOURCE=500" -+ -+and if that doesn't work, install pre-built binaries of GCC for HP-UX. -+ -+ HP-UX `make' updates targets which have the same time stamps as -+their prerequisites, which makes it generally unusable when shipped -+generated files such as `configure' are involved. Use GNU `make' -+instead. -+ -+ On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot -+parse its `' header file. The option `-nodtk' can be used as -+a workaround. If GNU CC is not installed, it is therefore recommended -+to try -+ -+ ./configure CC="cc" -+ -+and if that doesn't work, try -+ -+ ./configure CC="cc -nodtk" -+ -+ On Solaris, don't put `/usr/ucb' early in your `PATH'. This -+directory contains several dysfunctional programs; working variants of -+these programs are available in `/usr/bin'. So, if you need `/usr/ucb' -+in your `PATH', put it _after_ `/usr/bin'. -+ -+ On Haiku, software installed for all users goes in `/boot/common', -+not `/usr/local'. It is recommended to use the following options: -+ -+ ./configure --prefix=/boot/common -+ - Specifying the System Type - ========================== - -@@ -171,14 +267,15 @@ type, such as `sun4', or a canonical nam - - where SYSTEM can have one of these forms: - -- OS KERNEL-OS -+ OS -+ KERNEL-OS - - See the file `config.sub' for the possible values of each field. If - `config.sub' isn't included in this package, then this package doesn't - need to know the machine type. - - If you are _building_ compiler tools for cross-compiling, you should --use the `--target=TYPE' option to select the type of system they will -+use the option `--target=TYPE' to select the type of system they will - produce code for. - - If you want to _use_ a cross compiler, that generates code for a -@@ -208,9 +305,15 @@ them in the `configure' command line, us - - ./configure CC=/usr/local2/bin/gcc - --will cause the specified gcc to be used as the C compiler (unless it is -+causes the specified `gcc' to be used as the C compiler (unless it is - overridden in the site shell script). - -+Unfortunately, this technique does not work for `CONFIG_SHELL' due to -+an Autoconf limitation. Until the limitation is lifted, you can use -+this workaround: -+ -+ CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash -+ - `configure' Invocation - ====================== - -@@ -219,7 +322,14 @@ operates. - - `--help' - `-h' -- Print a summary of the options to `configure', and exit. -+ Print a summary of all of the options to `configure', and exit. -+ -+`--help=short' -+`--help=recursive' -+ Print a summary of the options unique to this package's -+ `configure', and exit. The `short' variant lists options used -+ only in the top level, while the `recursive' variant lists options -+ also present in any nested packages. - - `--version' - `-V' -@@ -246,6 +356,15 @@ operates. - Look for the package's source code in directory DIR. Usually - `configure' can determine that directory automatically. - -+`--prefix=DIR' -+ Use DIR as the installation prefix. *note Installation Names:: -+ for more details, including other options available for fine-tuning -+ the installation locations. -+ -+`--no-create' -+`-n' -+ Run the configure checks, but stop before creating any output -+ files. -+ - `configure' also accepts some other, not widely useful, options. Run - `configure --help' for more details. -- -diff -up libtirpc-0.2.3/src/auth_gss.c.orig libtirpc-0.2.3/src/auth_gss.c ---- libtirpc-0.2.3/src/auth_gss.c.orig 2013-02-13 10:13:59.000000000 -0500 -+++ libtirpc-0.2.3/src/auth_gss.c 2013-11-25 15:26:11.378054666 -0500 -@@ -269,6 +269,7 @@ authgss_get_private_data(AUTH *auth, str - * send an RPCSEC_GSS_DESTROY request which might inappropriately - * destroy the context. - */ -+ gd->ctx = GSS_C_NO_CONTEXT; - gd->gc.gc_ctx.length = 0; - gd->gc.gc_ctx.value = NULL; - -@@ -284,7 +285,8 @@ authgss_free_private_data(struct authgss - if (!pd) - return (FALSE); - -- pd->pd_ctx = NULL; -+ if (pd->pd_ctx != GSS_C_NO_CONTEXT) -+ gss_delete_sec_context(&min_stat, &pd->pd_ctx, NULL); - gss_release_buffer(&min_stat, &pd->pd_ctx_hndl); - memset(&pd->pd_ctx_hndl, 0, sizeof(pd->pd_ctx_hndl)); - pd->pd_seq_win = 0; -diff -up libtirpc-0.2.3/src/bindresvport.c.orig libtirpc-0.2.3/src/bindresvport.c ---- libtirpc-0.2.3/src/bindresvport.c.orig 2013-02-13 10:13:59.000000000 -0500 -+++ libtirpc-0.2.3/src/bindresvport.c 2013-11-25 15:26:11.378054666 -0500 -@@ -46,6 +46,9 @@ - #include - - #include -+#include -+ -+extern pthread_mutex_t port_lock; - - /* - * Bind a socket to a privileged IP port -@@ -80,16 +83,21 @@ bindresvport_sa(sd, sa) - static u_int16_t port; - static short startport = STARTPORT; - socklen_t salen; -- int nports = ENDPORT - startport + 1; -+ int nports; - int endport = ENDPORT; - int i; - -+ mutex_lock(&port_lock); -+ nports = ENDPORT - startport + 1; -+ - if (sa == NULL) { - salen = sizeof(myaddr); - sa = (struct sockaddr *)&myaddr; - -- if (getsockname(sd, (struct sockaddr *)&myaddr, &salen) == -1) -- return -1; /* errno is correctly set */ -+ if (getsockname(sd, (struct sockaddr *)&myaddr, &salen) == -1) { -+ mutex_unlock(&port_lock); -+ return -1; /* errno is correctly set */ -+ } - - af = myaddr.ss_family; - } else -@@ -112,6 +120,7 @@ bindresvport_sa(sd, sa) - #endif - default: - errno = EPFNOSUPPORT; -+ mutex_unlock(&port_lock); - return (-1); - } - sa->sa_family = af; -@@ -137,6 +146,8 @@ bindresvport_sa(sd, sa) - port = LOWPORT + port % (STARTPORT - LOWPORT); - goto again; - } -+ mutex_unlock(&port_lock); -+ - return (res); - } - #else -diff -up libtirpc-0.2.3/src/clnt_vc.c.orig libtirpc-0.2.3/src/clnt_vc.c ---- libtirpc-0.2.3/src/clnt_vc.c.orig 2013-02-13 10:13:59.000000000 -0500 -+++ libtirpc-0.2.3/src/clnt_vc.c 2013-11-25 15:26:11.378054666 -0500 -@@ -133,6 +133,7 @@ struct ct_data { - * should be the first thing fixed. One step at a time. - */ - static int *vc_fd_locks; -+extern pthread_mutex_t disrupt_lock; - extern mutex_t clnt_fd_lock; - static cond_t *vc_cv; - #define release_fd_lock(fd, mask) { \ -@@ -179,8 +180,10 @@ clnt_vc_create(fd, raddr, prog, vers, se - socklen_t slen; - struct __rpc_sockinfo si; - -+ mutex_lock(&disrupt_lock); - if (disrupt == 0) - disrupt = (u_int32_t)(long)raddr; -+ mutex_unlock(&disrupt_lock); - - cl = (CLIENT *)mem_alloc(sizeof (*cl)); - ct = (struct ct_data *)mem_alloc(sizeof (*ct)); -@@ -270,7 +273,9 @@ clnt_vc_create(fd, raddr, prog, vers, se - * Initialize call message - */ - (void)gettimeofday(&now, NULL); -+ mutex_lock(&disrupt_lock); - call_msg.rm_xid = ((u_int32_t)++disrupt) ^ __RPC_GETXID(&now); -+ mutex_unlock(&disrupt_lock); - call_msg.rm_direction = CALL; - call_msg.rm_call.cb_rpcvers = RPC_MSG_VERSION; - call_msg.rm_call.cb_prog = (u_int32_t)prog; -@@ -505,7 +510,7 @@ clnt_vc_control(cl, request, info) - sigset_t newmask; - int rpc_lock_value; - u_int32_t tmp; -- u_long ltmp; -+ u_int32_t ltmp; - - assert(cl != NULL); - -diff -up libtirpc-0.2.3/src/getnetconfig.c.orig libtirpc-0.2.3/src/getnetconfig.c ---- libtirpc-0.2.3/src/getnetconfig.c.orig 2013-02-13 10:13:59.000000000 -0500 -+++ libtirpc-0.2.3/src/getnetconfig.c 2013-11-25 15:26:11.379054666 -0500 -@@ -120,6 +120,7 @@ static struct netconfig *dup_ncp(struct - - static FILE *nc_file; /* for netconfig db */ - static struct netconfig_info ni = { 0, 0, NULL, NULL}; -+extern pthread_mutex_t nc_db_lock; - - #define MAXNETCONFIGLINE 1000 - -@@ -146,7 +147,8 @@ __nc_error() - return (&nc_error); - } - if ((nc_addr = (int *)thr_getspecific(nc_key)) == NULL) { -- nc_addr = (int *)malloc(sizeof (int)); -+ if((nc_addr = (int *)malloc(sizeof (int))) == NULL) -+ return (&nc_error); - if (thr_setspecific(nc_key, (void *) nc_addr) != 0) { - if (nc_addr) - free(nc_addr); -@@ -191,14 +193,17 @@ setnetconfig() - * For multiple calls, i.e. nc_file is not NULL, we just return the - * handle without reopening the netconfig db. - */ -+ mutex_lock(&nc_db_lock); - ni.ref++; - if ((nc_file != NULL) || (nc_file = fopen(NETCONFIG, "r")) != NULL) { - nc_vars->valid = NC_VALID; - nc_vars->flag = 0; - nc_vars->nc_configs = ni.head; -+ mutex_unlock(&nc_db_lock); - return ((void *)nc_vars); - } - ni.ref--; -+ mutex_unlock(&nc_db_lock); - nc_error = NC_NONETCONFIG; - free(nc_vars); - return (NULL); -@@ -221,12 +226,15 @@ void *handlep; - char *stringp; /* tmp string pointer */ - struct netconfig_list *list; - struct netconfig *np; -+ struct netconfig *result; - - /* - * Verify that handle is valid - */ -+ mutex_lock(&nc_db_lock); - if (ncp == NULL || nc_file == NULL) { - nc_error = NC_NOTINIT; -+ mutex_unlock(&nc_db_lock); - return (NULL); - } - -@@ -243,11 +251,14 @@ void *handlep; - if (ncp->flag == 0) { /* first time */ - ncp->flag = 1; - ncp->nc_configs = ni.head; -- if (ncp->nc_configs != NULL) /* entry already exist */ -+ if (ncp->nc_configs != NULL) /* entry already exist */ { -+ mutex_unlock(&nc_db_lock); - return(ncp->nc_configs->ncp); -+ } - } - else if (ncp->nc_configs != NULL && ncp->nc_configs->next != NULL) { - ncp->nc_configs = ncp->nc_configs->next; -+ mutex_unlock(&nc_db_lock); - return(ncp->nc_configs->ncp); - } - -@@ -255,16 +266,22 @@ void *handlep; - * If we cannot find the entry in the list and is end of file, - * we give up. - */ -- if (ni.eof == 1) return(NULL); -+ if (ni.eof == 1) { -+ mutex_unlock(&nc_db_lock); -+ return(NULL); -+ } - break; - default: - nc_error = NC_NOTINIT; -+ mutex_unlock(&nc_db_lock); - return (NULL); - } - - stringp = (char *) malloc(MAXNETCONFIGLINE); -- if (stringp == NULL) -- return (NULL); -+ if (stringp == NULL) { -+ mutex_unlock(&nc_db_lock); -+ return (NULL); -+ } - - #ifdef MEM_CHK - if (malloc_verify() == 0) { -@@ -280,6 +297,7 @@ void *handlep; - if (fgets(stringp, MAXNETCONFIGLINE, nc_file) == NULL) { - free(stringp); - ni.eof = 1; -+ mutex_unlock(&nc_db_lock); - return (NULL); - } - } while (*stringp == '#'); -@@ -287,12 +305,14 @@ void *handlep; - list = (struct netconfig_list *) malloc(sizeof (struct netconfig_list)); - if (list == NULL) { - free(stringp); -+ mutex_unlock(&nc_db_lock); - return(NULL); - } - np = (struct netconfig *) malloc(sizeof (struct netconfig)); - if (np == NULL) { - free(stringp); -- free(list); -+ free(list); -+ mutex_unlock(&nc_db_lock); - return(NULL); - } - list->ncp = np; -@@ -303,6 +323,7 @@ void *handlep; - free(stringp); - free(np); - free(list); -+ mutex_unlock(&nc_db_lock); - return (NULL); - } - else { -@@ -320,7 +341,9 @@ void *handlep; - ni.tail = ni.tail->next; - } - ncp->nc_configs = ni.tail; -- return(ni.tail->ncp); -+ result = ni.tail->ncp; -+ mutex_unlock(&nc_db_lock); -+ return result; - } - } - -@@ -354,8 +377,10 @@ void *handlep; - nc_handlep->valid = NC_INVALID; - nc_handlep->flag = 0; - nc_handlep->nc_configs = NULL; -+ mutex_lock(&nc_db_lock); - if (--ni.ref > 0) { -- free(nc_handlep); -+ mutex_unlock(&nc_db_lock); -+ free(nc_handlep); - return(0); - } - -@@ -376,9 +401,11 @@ void *handlep; - q = p; - } - free(nc_handlep); -- -- fclose(nc_file); -+ if(nc_file != NULL) { -+ fclose(nc_file); -+ } - nc_file = NULL; -+ mutex_unlock(&nc_db_lock); - return (0); - } - -@@ -426,16 +453,21 @@ getnetconfigent(netid) - * If all the netconfig db has been read and placed into the list and - * there is no match for the netid, return NULL. - */ -+ mutex_lock(&nc_db_lock); - if (ni.head != NULL) { - for (list = ni.head; list; list = list->next) { - if (strcmp(list->ncp->nc_netid, netid) == 0) { -- return(dup_ncp(list->ncp)); -+ ncp = dup_ncp(list->ncp); -+ mutex_unlock(&nc_db_lock); -+ return ncp; - } - } -- if (ni.eof == 1) /* that's all the entries */ -- return(NULL); -+ if (ni.eof == 1) { /* that's all the entries */ -+ mutex_unlock(&nc_db_lock); -+ return(NULL); -+ } - } -- -+ mutex_unlock(&nc_db_lock); - - if ((file = fopen(NETCONFIG, "r")) == NULL) { - nc_error = NC_NONETCONFIG; -diff -up libtirpc-0.2.3/src/Makefile.am.orig libtirpc-0.2.3/src/Makefile.am ---- libtirpc-0.2.3/src/Makefile.am.orig 2013-02-13 10:13:59.000000000 -0500 -+++ libtirpc-0.2.3/src/Makefile.am 2013-11-25 15:26:11.378054666 -0500 -@@ -6,7 +6,7 @@ - ## anything like that. - - --INCLUDES = -I$(top_srcdir)/tirpc -DPORTMAP -DINET6 -DVERSION="\"$(VERSION)\"" \ -+AM_CPPFLAGS = -I$(top_srcdir)/tirpc -DPORTMAP -DINET6 \ - -D_GNU_SOURCE -Wall -pipe - - lib_LTLIBRARIES = libtirpc.la -@@ -58,8 +58,8 @@ libtirpc_la_SOURCES += xdr.c xdr_rec.c x - ## Secure-RPC - if GSS - libtirpc_la_SOURCES += auth_gss.c authgss_prot.c svc_auth_gss.c -- libtirpc_la_LDFLAGS += $(GSSGLUE_LIBS) -- libtirpc_la_CFLAGS = -DHAVE_RPCSEC_GSS $(GSSGLUE_CFLAGS) -+ libtirpc_la_LDFLAGS += $(GSSAPI_LIBS) -+ libtirpc_la_CFLAGS = -DHAVE_RPCSEC_GSS $(GSSAPI_CFLAGS) - endif - - ## libtirpc_a_SOURCES += key_call.c key_prot_xdr.c getpublickey.c -diff -up libtirpc-0.2.3/src/mt_misc.c.orig libtirpc-0.2.3/src/mt_misc.c ---- libtirpc-0.2.3/src/mt_misc.c.orig 2013-02-13 10:13:59.000000000 -0500 -+++ libtirpc-0.2.3/src/mt_misc.c 2013-11-25 15:26:11.379054666 -0500 -@@ -91,6 +91,15 @@ pthread_mutex_t xprtlist_lock = PTHREAD_ - /* serializes calls to public key routines */ - pthread_mutex_t serialize_pkey = PTHREAD_MUTEX_INITIALIZER; - -+/* protects global variables ni and nc_file (getnetconfig.c) */ -+pthread_mutex_t nc_db_lock = PTHREAD_MUTEX_INITIALIZER; -+ -+/* protects static port and startport (bindresvport.c) */ -+pthread_mutex_t port_lock = PTHREAD_MUTEX_INITIALIZER; -+ -+/* protects static disrupt (clnt_vc.c) */ -+pthread_mutex_t disrupt_lock = PTHREAD_MUTEX_INITIALIZER; -+ - #undef rpc_createerr - - struct rpc_createerr rpc_createerr; -diff -up libtirpc-0.2.3/src/svc_dg.c.orig libtirpc-0.2.3/src/svc_dg.c ---- libtirpc-0.2.3/src/svc_dg.c.orig 2013-02-13 10:13:59.000000000 -0500 -+++ libtirpc-0.2.3/src/svc_dg.c 2013-11-25 15:26:11.379054666 -0500 -@@ -284,7 +284,6 @@ svc_dg_getargs(xprt, xdr_args, args_ptr) - { - if (! SVCAUTH_UNWRAP(xprt->xp_auth, &(su_data(xprt)->su_xdrs), - xdr_args, args_ptr)) { -- (void)svc_freeargs(xprt, xdr_args, args_ptr); - return FALSE; - } - return TRUE; -diff -up libtirpc-0.2.3/tirpc/rpc/auth.h.orig libtirpc-0.2.3/tirpc/rpc/auth.h ---- libtirpc-0.2.3/tirpc/rpc/auth.h.orig 2013-02-13 10:13:59.000000000 -0500 -+++ libtirpc-0.2.3/tirpc/rpc/auth.h 2013-11-25 15:26:11.380054663 -0500 -@@ -51,7 +51,6 @@ - #include - #include - #include --#include - - - #define MAX_AUTH_BYTES 400 -@@ -249,19 +248,11 @@ auth_put(AUTH *auth) - #define auth_refresh(auth, msg) \ - ((*((auth)->ah_ops->ah_refresh))(auth, msg)) - --#if defined(__GNUC__) && defined(DEBUG) --#define auth_log_debug(fmt,args...) printf(stderr, fmt, args) --#else --#define auth_log_debug(fmt,args...) --#endif -- - #define AUTH_DESTROY(auth) \ - do { \ - int refs; \ - if ((refs = auth_put((auth))) == 0) \ - ((*((auth)->ah_ops->ah_destroy))(auth));\ -- auth_log_debug("%s: auth_put(), refs %d\n", \ -- __func__, refs); \ - } while (0) - - #define auth_destroy(auth) \ -@@ -269,8 +260,6 @@ auth_put(AUTH *auth) - int refs; \ - if ((refs = auth_put((auth))) == 0) \ - ((*((auth)->ah_ops->ah_destroy))(auth));\ -- auth_log_debug("%s: auth_put(), refs %d\n", \ -- __func__, refs); \ - } while (0) - - #define AUTH_WRAP(auth, xdrs, xfunc, xwhere) \ diff --git a/libtirpc-0.3.3-rc1.patch b/libtirpc-0.3.3-rc1.patch deleted file mode 100644 index 3f11870..0000000 --- a/libtirpc-0.3.3-rc1.patch +++ /dev/null @@ -1,157 +0,0 @@ -diff --git a/src/Makefile.am b/src/Makefile.am -index 6cc567a..18b1cec 100644 ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -41,7 +41,7 @@ lib_LTLIBRARIES = libtirpc.la - # release number of your package. This is an abuse that only fosters - # misunderstanding of the purpose of library versions." - # --libtirpc_la_LDFLAGS = -lpthread -version-info 1:10:0 -+libtirpc_la_LDFLAGS = -Wl,-no-undefined -lpthread -version-info 1:10:0 - - libtirpc_la_SOURCES = auth_none.c auth_unix.c authunix_prot.c bindresvport.c clnt_bcast.c \ - clnt_dg.c clnt_generic.c clnt_perror.c clnt_raw.c clnt_simple.c \ -@@ -69,7 +69,7 @@ if GSS - endif - - libtirpc_la_SOURCES += key_call.c key_prot_xdr.c getpublickey.c --libtirpc_la_SOURCES += netname.c netnamer.c rtime.c -+libtirpc_la_SOURCES += netname.c netnamer.c rpcdname.c rtime.c - - CLEANFILES = cscope.* *~ - DISTCLEANFILES = Makefile.in -diff --git a/src/libtirpc.map b/src/libtirpc.map -index 063cddd..449b769 100644 ---- a/src/libtirpc.map -+++ b/src/libtirpc.map -@@ -316,6 +316,13 @@ TIRPC_0.3.2 { - xdr_unixcred; - } TIRPC_0.3.1; - -+TIRPC_0.3.3 { -+ __getpublickey_LOCAL; -+ __key_decryptsession_pk_LOCAL; -+ __key_encryptsession_pk_LOCAL; -+ __key_gendes_LOCAL; -+} TIRPC_0.3.2; -+ - TIRPC_PRIVATE { - global: - __libc_clntudp_bufcreate; -diff --git a/src/rpcdname.c b/src/rpcdname.c -new file mode 100644 -index 0000000..3e6a988 ---- /dev/null -+++ b/src/rpcdname.c -@@ -0,0 +1,72 @@ -+/* -+ * Copyright (c) 2009, Sun Microsystems, Inc. -+ * All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions are met: -+ * - Redistributions of source code must retain the above copyright notice, -+ * this list of conditions and the following disclaimer. -+ * - Redistributions in binary form must reproduce the above copyright notice, -+ * this list of conditions and the following disclaimer in the documentation -+ * and/or other materials provided with the distribution. -+ * - Neither the name of Sun Microsystems, Inc. nor the names of its -+ * contributors may be used to endorse or promote products derived -+ * from this software without specific prior written permission. -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE -+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -+ * POSSIBILITY OF SUCH DAMAGE. -+ */ -+ -+/* -+ * rpcdname.c -+ * Gets the default domain name -+ */ -+ -+#include -+#include -+#include -+ -+static char *default_domain = 0; -+ -+static char * -+get_default_domain() -+{ -+ char temp[256]; -+ -+ if (default_domain) -+ return (default_domain); -+ if (getdomainname(temp, sizeof(temp)) < 0) -+ return (0); -+ if ((int) strlen(temp) > 0) { -+ default_domain = (char *)malloc((strlen(temp)+(unsigned)1)); -+ if (default_domain == 0) -+ return (0); -+ (void) strcpy(default_domain, temp); -+ return (default_domain); -+ } -+ return (0); -+} -+ -+/* -+ * This is a wrapper for the system call getdomainname which returns a -+ * ypclnt.h error code in the failure case. It also checks to see that -+ * the domain name is non-null, knowing that the null string is going to -+ * get rejected elsewhere in the NIS client package. -+ */ -+int -+__rpc_get_default_domain(domain) -+ char **domain; -+{ -+ if ((*domain = get_default_domain()) != 0) -+ return (0); -+ return (-1); -+} -diff --git a/src/svc_generic.c b/src/svc_generic.c -index f49d776..7aae796 100644 ---- a/src/svc_generic.c -+++ b/src/svc_generic.c -@@ -283,6 +283,8 @@ svc_tli_create(fd, nconf, bindaddr, sendsz, recvsz) - xprt->xp_type = __rpc_socktype2seman(si.si_socktype); - - if (nconf) { -+ if (xprt->xp_netid != NULL) -+ free(xprt->xp_netid); - xprt->xp_netid = strdup(nconf->nc_netid); - xprt->xp_tp = strdup(nconf->nc_device); - } -diff --git a/src/svc_vc.c b/src/svc_vc.c -index 9824631..6848c09 100644 ---- a/src/svc_vc.c -+++ b/src/svc_vc.c -@@ -392,6 +392,12 @@ svc_vc_destroy(xprt) - __svc_vc_dodestroy(xprt); - } - -+static bool_t -+__svc_rendezvous_socket(xprt) -+ SVCXPRT *xprt; -+{ -+ return (xprt->xp_ops->xp_recv == rendezvous_request); -+} - static void - __svc_vc_dodestroy(xprt) - SVCXPRT *xprt; -@@ -403,7 +409,7 @@ __svc_vc_dodestroy(xprt) - - if (xprt->xp_fd != RPC_ANYFD) - (void)close(xprt->xp_fd); -- if (xprt->xp_port != 0) { -+ if (__svc_rendezvous_socket(xprt)) { - /* a rendezvouser socket */ - r = (struct cf_rendezvous *)xprt->xp_p1; - mem_free(r, sizeof (struct cf_rendezvous)); diff --git a/libtirpc-0.3.3-rc2.patch b/libtirpc-0.3.3-rc2.patch deleted file mode 100644 index 35f50da..0000000 --- a/libtirpc-0.3.3-rc2.patch +++ /dev/null @@ -1,837 +0,0 @@ -diff --git a/configure.ac b/configure.ac -index 99a0d33..06f2fca 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -5,6 +5,33 @@ AC_CONFIG_SRCDIR([src/auth_des.c]) - AC_CONFIG_MACRO_DIR([m4]) - AC_PROG_CC - -+# LT_VERSION_INFO="current:revision:age" -+# -+# From the libtool manual: -+# -+# 1. Start with version information of 0:0:0 for each libtool library. -+# 2. Update the version information only immediately before a public -+# release of your software. More frequent updates are unnecessary, -+# and only guarantee that the current interface number gets larger faster. -+# 3. If the library source code has changed at all since the last update, -+# then increment revision (c:r:a becomes c:r+1:a). -+# 4. If any interfaces have been added, removed, or changed since the last -+# update, increment current, and set revision to 0. -+# 5. If any interfaces have been added since the last public release, -+# then increment age. -+# 6. If any interfaces have been removed since the last public release, -+# then set age to 0. -+# -+# _Never_ try to set the interface numbers so that they correspond to the -+# release number of your package. This is an abuse that only fosters -+# misunderstanding of the purpose of library versions. -+# -+# In addition to these rules, symbol versioning is now in effect. soname -+# changes should be avoided. -+# -+LT_VERSION_INFO="2:0:1" -+AC_SUBST([LT_VERSION_INFO]) -+ - AC_CHECK_HEADER([gssapi/gssapi.h], [HAVE_GSSAPI_H=yes], [HAVE_GSSAPI_H=no]) - - AC_ARG_ENABLE(gssapi, -diff --git a/man/rpc_gss_get_mech_info.3t b/man/rpc_gss_get_mech_info.3t -index 1f3ba04..44f0df3 100644 ---- a/man/rpc_gss_get_mech_info.3t -+++ b/man/rpc_gss_get_mech_info.3t -@@ -29,28 +29,33 @@ - .Os - .Sh NAME - .Nm rpc_gss_get_mech_info --.Nd "Get extra information about a security mechanism" -+.Nd "Get Quality of Protection information for a security mechanism" - .Sh SYNOPSIS - .In rpc/rpcsec_gss.h - .Ft const char ** - .Fn rpc_gss_get_mech_info "const char *mech" "rpc_gss_service_t *service" - .Sh DESCRIPTION --This function looks up a mechanism by name by reading the file --/etc/gss/mech and queries it for its capabilities. -+This function returns the list of QOP names supported by the -+GSS_API mechanism named "mech". - .Sh PARAMETERS - .Bl -tag -width ".It service" - .It mech --The mechanism to search for -+The name of a GSS_API mechanism. -+"kerberos_v5" is currently the only supported mechanism. - .It service --If the mechanism is found, the maximum supported service type is --returned in --.Fa *service -+Buffer in which maximum service type is planted - .El - .Sh RETURN VALUES --If the mechanism is found, --a list of the supported qualities of protection is returned, --otherwise --.Dv NULL . -+If the named GSS_API mechanism is recognized, -+a list of the supported Qualities of Protection is returned. -+The maximum supported service type for the mechanism is returned in -+.Fa *service . -+Otherwise -+.Dv NULL -+is returned. -+.Pp -+Note: The returned QOP list is statically allocated memory. -+The caller must not free this array. - .Sh AVAILABILITY - The - .Fn rpc_gss_get_mech_info -diff --git a/man/rpc_gss_getcred.3t b/man/rpc_gss_getcred.3t -index 8589f08..691df31 100644 ---- a/man/rpc_gss_getcred.3t -+++ b/man/rpc_gss_getcred.3t -@@ -51,7 +51,6 @@ If non-null, - .Fa *rcred - is set to point at the raw credentials for this request - .It ucred --.It rcred - If non-null, - .Fa *ucred - is set to point at the corresponding unix credentials -diff --git a/man/rpc_gss_is_installed.3t b/man/rpc_gss_is_installed.3t -index 274a1f0..d5f5e44 100644 ---- a/man/rpc_gss_is_installed.3t -+++ b/man/rpc_gss_is_installed.3t -@@ -29,23 +29,24 @@ - .Os - .Sh NAME - .Nm rpc_gss_is_installed --.Nd "Query for the presence os a security mechanism" -+.Nd "Query for the presence of a security mechanism" - .Sh SYNOPSIS - .In rpc/rpcsec_gss.h - .Ft bool_t - .Fn rpc_gss_is_installed "const char *mech" - .Sh DESCRIPTION --This function looks up a mechanism by name by reading the file --/etc/gss/mech. -+This function indicates whether the GSS_API mechanism named "mech" -+is installed and enabled. - .Sh PARAMETERS - .Bl -tag -width ".It mech" - .It mech --The mechanism to search for -+The name of a GSS_API mechanism. -+"kerberos_v5" is currently the only supported mechanism. - .El - .Sh RETURN VALUES - Returns - .Dv TRUE --if the mechanism is installed, -+if the named GSS_API mechanism is installed and enabled, - .Dv FALSE - otherwise. - .Sh AVAILABILITY -diff --git a/man/rpc_gss_mech_to_oid.3t b/man/rpc_gss_mech_to_oid.3t -index 8bbe616..4a1b25d 100644 ---- a/man/rpc_gss_mech_to_oid.3t -+++ b/man/rpc_gss_mech_to_oid.3t -@@ -35,22 +35,27 @@ - .Ft bool_t - .Fn rpc_gss_mech_to_oid "const char *mech" "gss_OID *oid_ret" - .Sh DESCRIPTION --This function looks up a mechanism by name by reading the file --/etc/gss/mech. -+This function returns the GSS OID associated with the GSS_API -+mechanism "mech". - .Sh PARAMETERS - .Bl -tag -width ".It oid_ret" - .It mech --The mechanism name to search for -+The name of a GSS_API mechanism. -+"kerberos_v5" is currently the only supported mechanism. - .It oid_ret --If the mechanism is found, the corresponding GSS-API oid is returned --in --.Fa *oid_ret -+Buffer in which to place the returned OID - .El - .Sh RETURN VALUES --If the mechanism is found, -+If the GSS_API mechanism name is recognized, - .Dv TRUE --is returned, otherwise --.Dv FALSE . -+is returned. -+The corresponding GSS-API oid is returned in -+.Fa *oid_ret . -+Otherwise -+.Dv FALSE -+is returned and -+.Fa *oid_ret -+is left untouched. - .Sh AVAILABILITY - The - .Fn rpc_gss_mech_to_oid -diff --git a/man/rpc_gss_qop_to_num.3t b/man/rpc_gss_qop_to_num.3t -index 3968216..7ac1a4c 100644 ---- a/man/rpc_gss_qop_to_num.3t -+++ b/man/rpc_gss_qop_to_num.3t -@@ -29,30 +29,37 @@ - .Os - .Sh NAME - .Nm rpc_gss_qop_to_num --.Nd "Convert a quality of protection name to number" -+.Nd "Convert a Quality of Protection name to number" - .Sh SYNOPSIS - .In rpc/rpcsec_gss.h - .Ft bool_t - .Fn rpc_gss_qop_to_num "const char *qop" "const char *mech" "u_int *num_ret" - .Sh DESCRIPTION --This function looks up a quality of protection by name by reading the file --/etc/gss/qop. -+This function returns the numeric QOP value associated with the -+GSS_API QOP "qop" and mechanism "mech." - .Sh PARAMETERS - .Bl -tag -width ".It number_ret" - .It qop --The quality of protection to search for -+The name of Quality of Protection associated with the -+GSS_API mechanism "mech". -+"GSS_C_QOP_DEFAULT" is currently the only supported QOP. - .It mech --The mechanism name to search for -+The name of a GSS_API mechanism. -+"kerberos_v5" is currently the only supported mechanism. - .It number_ret --If the quality of protection is found, the corresponding number is --returned in --.Fa *num_ret -+Buffer in which to place the returned QOP number - .El - .Sh RETURN VALUES --If the value is found, -+If the QOP and mechanism names are recognized, - .Dv TRUE --is returned, otherwise --.Dv FALSE . -+is returned. -+The corresponding QOP number is returned in -+.Fa *num_ret . -+Otherwise -+.Dv FALSE -+is returned and -+.It number_ret -+is left untouched. - .Sh AVAILABILITY - The - .Fn rpc_gss_qop_to_num -diff --git a/man/rpc_gss_seccreate.3t b/man/rpc_gss_seccreate.3t -index 9f526a6..b52df19 100644 ---- a/man/rpc_gss_seccreate.3t -+++ b/man/rpc_gss_seccreate.3t -@@ -55,9 +55,8 @@ For instance, a principal such as - .Qq nfs@server.example.com - might be used by an application which needs to contact an NFS server - .It mechanism --The desired mechanism for this security context. --The value of mechanism should be the name of one of the security --mechanisms listed in /etc/gss/mech. -+The name of the GSS_API mechanism to use for the new security context. -+"kerberos_v5" is currently the only supported mechanism. - .It service - Type of service requested. - .Bl -tag -width "rpc_gss_svc_integrity" -@@ -72,8 +71,9 @@ RPC headers and data are integrity protected by a checksum. - RPC headers are integrity protected by a checksum and data is encrypted. - .El - .It qop --Desired quality of protection or NULL for the default. --Available values are listed in /etc/gss/qop -+The name of the Quality of Protection to use for the new security context, -+or NULL to use the default QOP. -+"GSS_C_QOP_DEFAULT" is currently the only supported QOP. - .It options_req - Extra security context options to be passed to the underlying GSS-API - mechanism. -diff --git a/src/Makefile.am b/src/Makefile.am -index 6cc567a..0fb827b 100644 ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -12,36 +12,8 @@ AM_CPPFLAGS = -I$(top_srcdir)/tirpc -include config.h -DPORTMAP -DINET6 \ - - lib_LTLIBRARIES = libtirpc.la - --# --# Set the library version information --# --# According to the libtool manual: --# --# "This flag accepts an argument of the form current[:revision[:age]]. --# --# If either revision or age are omitted, they default to 0. Also note that --# age must be less than or equal to the current interface number. --# --# Here are a set of rules to help you update your library version information: --# --# 1. Start with version information of 0:0:0 for each libtool library. --# 2. Update the version information only immediately before a public --# release of your software. More frequent updates are unnecessary, --# and only guarantee that the current interface number gets larger faster. --# 3. If the library source code has changed at all since the last update, --# then increment revision (c:r:a becomes c:r+1:a). --# 4. If any interfaces have been added, removed, or changed since the last --# update, increment current, and set revision to 0. --# 5. If any interfaces have been added since the last public release, --# then increment age. --# 6. If any interfaces have been removed since the last public release, --# then set age to 0. --# --# _Never_ try to set the interface numbers so that they correspond to the --# release number of your package. This is an abuse that only fosters --# misunderstanding of the purpose of library versions." --# --libtirpc_la_LDFLAGS = -lpthread -version-info 1:10:0 -+libtirpc_la_LDFLAGS = -Wl,-no-undefined -lpthread -+libtirpc_la_LDFLAGS += -version-info @LT_VERSION_INFO@ - - libtirpc_la_SOURCES = auth_none.c auth_unix.c authunix_prot.c bindresvport.c clnt_bcast.c \ - clnt_dg.c clnt_generic.c clnt_perror.c clnt_raw.c clnt_simple.c \ -@@ -50,11 +22,12 @@ libtirpc_la_SOURCES = auth_none.c auth_unix.c authunix_prot.c bindresvport.c cln - pmap_prot.c pmap_prot2.c pmap_rmt.c rpc_prot.c rpc_commondata.c \ - rpc_callmsg.c rpc_generic.c rpc_soc.c rpcb_clnt.c rpcb_prot.c \ - rpcb_st_xdr.c svc.c svc_auth.c svc_dg.c svc_auth_unix.c svc_auth_none.c \ -+ svc_auth_des.c \ - svc_generic.c svc_raw.c svc_run.c svc_simple.c svc_vc.c getpeereid.c \ - auth_time.c auth_des.c authdes_prot.c debug.c - - ## XDR --libtirpc_la_SOURCES += xdr.c xdr_rec.c xdr_array.c xdr_float.c xdr_mem.c xdr_reference.c xdr_stdio.c -+libtirpc_la_SOURCES += xdr.c xdr_rec.c xdr_array.c xdr_float.c xdr_mem.c xdr_reference.c xdr_stdio.c xdr_sizeof.c - - if SYMVERS - libtirpc_la_LDFLAGS += -Wl,--version-script=$(srcdir)/libtirpc.map -@@ -69,7 +42,7 @@ if GSS - endif - - libtirpc_la_SOURCES += key_call.c key_prot_xdr.c getpublickey.c --libtirpc_la_SOURCES += netname.c netnamer.c rtime.c -+libtirpc_la_SOURCES += netname.c netnamer.c rpcdname.c rtime.c - - CLEANFILES = cscope.* *~ - DISTCLEANFILES = Makefile.in -diff --git a/src/auth_gss.c b/src/auth_gss.c -index 722d54c..4fa8568 100644 ---- a/src/auth_gss.c -+++ b/src/auth_gss.c -@@ -821,7 +821,6 @@ rpc_gss_seccreate(CLIENT *clnt, char *principal, char *mechanism, - clnt->cl_auth = auth; - - if (_rpc_gss_refresh(auth, ret) == FALSE) { -- authgss_destroy(auth); - auth = NULL; - } else { - rpc_gss_clear_error(); -diff --git a/src/libtirpc.map b/src/libtirpc.map -index 063cddd..7d7f40f 100644 ---- a/src/libtirpc.map -+++ b/src/libtirpc.map -@@ -316,6 +316,15 @@ TIRPC_0.3.2 { - xdr_unixcred; - } TIRPC_0.3.1; - -+TIRPC_0.3.3 { -+ __getpublickey_LOCAL; -+ __key_decryptsession_pk_LOCAL; -+ __key_encryptsession_pk_LOCAL; -+ __key_gendes_LOCAL; -+ xdr_sizeof; -+ authdes_pk_create; -+} TIRPC_0.3.2; -+ - TIRPC_PRIVATE { - global: - __libc_clntudp_bufcreate; -diff --git a/src/rpc_com.h b/src/rpc_com.h -index 52a8c48..10bec79 100644 ---- a/src/rpc_com.h -+++ b/src/rpc_com.h -@@ -40,47 +40,20 @@ - #ifndef _TIRPC_RPCCOM_H - #define _TIRPC_RPCCOM_H - -- --/* #pragma ident "@(#)rpc_com.h 1.11 93/07/05 SMI" */ -- --/* -- * The max size of the transport, if the size cannot be determined -- * by other means. -- */ --#define RPC_MAXDATASIZE 9000 --#define RPC_MAXADDRSIZE 1024 -- --#define __RPC_GETXID(now) ((u_int32_t)getpid() ^ (u_int32_t)(now)->tv_sec ^ \ -- (u_int32_t)(now)->tv_usec) -+#include - - #ifdef __cplusplus - extern "C" { - #endif --extern u_int __rpc_get_a_size(int); --extern int __rpc_dtbsize(void); --extern struct netconfig * __rpcgettp(int); --extern int __rpc_get_default_domain(char **); --struct netbuf *__rpc_set_netbuf(struct netbuf *, const void *, size_t); - --char *__rpc_taddr2uaddr_af(int, const struct netbuf *); --struct netbuf *__rpc_uaddr2taddr_af(int, const char *); --int __rpc_fixup_addr(struct netbuf *, const struct netbuf *); --int __rpc_sockinfo2netid(struct __rpc_sockinfo *, const char **); --int __rpc_seman2socktype(int); --int __rpc_socktype2seman(int); --void *rpc_nullproc(CLIENT *); --int __rpc_sockisbound(int); -+struct netbuf *__rpc_set_netbuf(struct netbuf *, const void *, size_t); - --struct netbuf *__rpcb_findaddr(rpcprog_t, rpcvers_t, const struct netconfig *, -- const char *, CLIENT **); - struct netbuf *__rpcb_findaddr_timed(rpcprog_t, rpcvers_t, - const struct netconfig *, const char *host, CLIENT **clpp, - struct timeval *tp); - - bool_t __rpc_control(int,void *); - --char *_get_next_token(char *, int); -- - bool_t __svc_clean_idle(fd_set *, int, bool_t); - bool_t __xdrrec_setnonblock(XDR *, int); - bool_t __xdrrec_getrec(XDR *, enum xprt_stat *, bool_t); -diff --git a/src/rpc_gss_utils.c b/src/rpc_gss_utils.c -index 9a7fed3..80fc78a 100644 ---- a/src/rpc_gss_utils.c -+++ b/src/rpc_gss_utils.c -@@ -159,6 +159,7 @@ static char *_rpc_gss_krb5_qop_names[] = { - NULL, - }; - -+/* GSS_MECH_KRB5_OID: Defined by RFC 1964 */ - static struct _rpc_gss_mechanism _rpc_gss_mech_kerberos_v5 = { - .mi_name = "kerberos_v5", - .mi_oid = { 9, "\052\206\110\206\367\022\001\002\002" }, -@@ -166,8 +167,17 @@ static struct _rpc_gss_mechanism _rpc_gss_mech_kerberos_v5 = { - .mi_qops = _rpc_gss_krb5_qops, - }; - -+/* GSS_KRB5_NT_PRINCIPAL_NAME: Defined by RFC 1964 */ -+static struct _rpc_gss_mechanism _rpc_gss_mech_kerberos_v5_princname = { -+ .mi_name = "kerberos_v5", -+ .mi_oid = { 10, "\052\206\110\206\367\022\001\002\002\001" }, -+ .mi_qop_names = _rpc_gss_krb5_qop_names, -+ .mi_qops = _rpc_gss_krb5_qops, -+}; -+ - static struct _rpc_gss_mechanism *_rpc_gss_mechanisms[] = { - &_rpc_gss_mech_kerberos_v5, -+ &_rpc_gss_mech_kerberos_v5_princname, - NULL, - }; - -@@ -187,13 +197,20 @@ _rpc_gss_find_mechanism(char *mechanism) - return NULL; - } - -+static bool_t -+_rpc_gss_OID_equal(rpc_gss_OID o1, rpc_gss_OID o2) -+{ -+ return (o1->length == o2->length) && -+ (memcmp(o1->elements, o2->elements, o1->length) == 0); -+} -+ - static struct _rpc_gss_mechanism * - _rpc_gss_find_oid(rpc_gss_OID oid) - { - unsigned int i; - - for (i = 0; _rpc_gss_mechanisms[i] != NULL; i++) -- if (g_OID_equal(oid, &_rpc_gss_mechanisms[i]->mi_oid)) -+ if (_rpc_gss_OID_equal(oid, &_rpc_gss_mechanisms[i]->mi_oid)) - return _rpc_gss_mechanisms[i]; - return NULL; - } -diff --git a/src/rpc_soc.c b/src/rpc_soc.c -index e146ed4..1ec7b3f 100644 ---- a/src/rpc_soc.c -+++ b/src/rpc_soc.c -@@ -61,6 +61,7 @@ - #include - #include - #include -+#include - - #include "rpc_com.h" - -@@ -531,7 +532,6 @@ authdes_create(servername, window, syncaddr, ckey) - struct sockaddr *syncaddr; /* optional hostaddr to sync with */ - des_block *ckey; /* optional conversation key to use */ - { -- AUTH *dummy; - AUTH *nauth; - char hostname[NI_MAXHOST]; - -@@ -540,19 +540,68 @@ authdes_create(servername, window, syncaddr, ckey) - * Change addr to hostname, because that is the way - * new interface takes it. - */ -- if (getnameinfo(syncaddr, sizeof(syncaddr), hostname, -- sizeof hostname, NULL, 0, 0) != 0) -- goto fallback; -- -+ switch (syncaddr->sa_family) { -+ case AF_INET: -+ if (getnameinfo(syncaddr, sizeof(struct sockaddr_in), hostname, -+ sizeof hostname, NULL, 0, 0) != 0) -+ goto fallback; -+ break; -+ case AF_INET6: -+ if (getnameinfo(syncaddr, sizeof(struct sockaddr_in6), hostname, -+ sizeof hostname, NULL, 0, 0) != 0) -+ goto fallback; -+ break; -+ default: -+ goto fallback; -+ } - nauth = authdes_seccreate(servername, window, hostname, ckey); - return (nauth); - } - fallback: -- dummy = authdes_seccreate(servername, window, NULL, ckey); -- return (dummy); -+ return authdes_seccreate(servername, window, NULL, ckey); - } - - /* -+ * Create the client des authentication object. Obsoleted by -+ * authdes_pk_seccreate(). -+ */ -+extern AUTH *authdes_pk_seccreate(const char *, netobj *, u_int, const char *, -+ const des_block *, nis_server *); -+ -+AUTH * -+authdes_pk_create(servername, pkey, window, syncaddr, ckey) -+ char *servername; /* network name of server */ -+ netobj *pkey; /* public key */ -+ u_int window; /* time to live */ -+ struct sockaddr *syncaddr; /* optional hostaddr to sync with */ -+ des_block *ckey; /* optional conversation key to use */ -+{ -+ AUTH *nauth; -+ char hostname[NI_MAXHOST]; -+ -+ if (syncaddr) { -+ /* -+ * Change addr to hostname, because that is the way -+ * new interface takes it. -+ */ -+ switch (syncaddr->sa_family) { -+ case AF_INET: -+ if (getnameinfo(syncaddr, sizeof(struct sockaddr_in), hostname, -+ sizeof hostname, NULL, 0, 0) != 0) -+ goto fallback; -+ break; -+ default: -+ goto fallback; -+ } -+ nauth = authdes_pk_seccreate(servername, pkey, window, hostname, ckey, NULL); -+ return (nauth); -+ } -+fallback: -+ return authdes_pk_seccreate(servername, pkey, window, NULL, ckey, NULL); -+} -+ -+ -+/* - * Create a client handle for a unix connection. Obsoleted by clnt_vc_create() - */ - CLIENT * -diff --git a/src/rpcdname.c b/src/rpcdname.c -new file mode 100644 -index 0000000..3e6a988 ---- /dev/null -+++ b/src/rpcdname.c -@@ -0,0 +1,72 @@ -+/* -+ * Copyright (c) 2009, Sun Microsystems, Inc. -+ * All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions are met: -+ * - Redistributions of source code must retain the above copyright notice, -+ * this list of conditions and the following disclaimer. -+ * - Redistributions in binary form must reproduce the above copyright notice, -+ * this list of conditions and the following disclaimer in the documentation -+ * and/or other materials provided with the distribution. -+ * - Neither the name of Sun Microsystems, Inc. nor the names of its -+ * contributors may be used to endorse or promote products derived -+ * from this software without specific prior written permission. -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE -+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -+ * POSSIBILITY OF SUCH DAMAGE. -+ */ -+ -+/* -+ * rpcdname.c -+ * Gets the default domain name -+ */ -+ -+#include -+#include -+#include -+ -+static char *default_domain = 0; -+ -+static char * -+get_default_domain() -+{ -+ char temp[256]; -+ -+ if (default_domain) -+ return (default_domain); -+ if (getdomainname(temp, sizeof(temp)) < 0) -+ return (0); -+ if ((int) strlen(temp) > 0) { -+ default_domain = (char *)malloc((strlen(temp)+(unsigned)1)); -+ if (default_domain == 0) -+ return (0); -+ (void) strcpy(default_domain, temp); -+ return (default_domain); -+ } -+ return (0); -+} -+ -+/* -+ * This is a wrapper for the system call getdomainname which returns a -+ * ypclnt.h error code in the failure case. It also checks to see that -+ * the domain name is non-null, knowing that the null string is going to -+ * get rejected elsewhere in the NIS client package. -+ */ -+int -+__rpc_get_default_domain(domain) -+ char **domain; -+{ -+ if ((*domain = get_default_domain()) != 0) -+ return (0); -+ return (-1); -+} -diff --git a/src/svc_auth.c b/src/svc_auth.c -index 31241c9..94029bb 100644 ---- a/src/svc_auth.c -+++ b/src/svc_auth.c -@@ -38,6 +38,7 @@ - #include - #include - #include -+#include - #include - - /* -@@ -109,11 +110,9 @@ _gss_authenticate(rqst, msg, no_dispatch) - case AUTH_SHORT: - dummy = _svcauth_short(rqst, msg); - return (dummy); --#ifdef DES_BUILTIN - case AUTH_DES: - dummy = _svcauth_des(rqst, msg); - return (dummy); --#endif - #ifdef HAVE_RPCSEC_GSS - case RPCSEC_GSS: - dummy = _svcauth_gss(rqst, msg, no_dispatch); -@@ -172,9 +171,7 @@ svc_auth_reg(cred_flavor, handler) - case AUTH_NULL: - case AUTH_SYS: - case AUTH_SHORT: --#ifdef DES_BUILTIN - case AUTH_DES: --#endif - #ifdef HAVE_RPCSEC_GSS - case RPCSEC_GSS: - #endif -diff --git a/src/svc_auth_des.c b/src/svc_auth_des.c -index 08e2bee..5bc264c 100644 ---- a/src/svc_auth_des.c -+++ b/src/svc_auth_des.c -@@ -433,7 +433,6 @@ cache_spot(key, name, timestamp) - } - - --#if (defined(sun) || defined(vax) || defined(__FreeBSD__)) - /* - * Local credential handling stuff. - * NOTE: bsd unix dependent. -@@ -528,5 +527,3 @@ invalidate(cred) - } - ((struct bsdcred *)cred)->grouplen = INVALID; - } --#endif -- -diff --git a/src/svc_auth_gss.c b/src/svc_auth_gss.c -index 016357b..0206e5e 100644 ---- a/src/svc_auth_gss.c -+++ b/src/svc_auth_gss.c -@@ -235,28 +235,20 @@ static bool_t - _rpc_gss_fill_in_creds(struct svc_rpc_gss_data *gd, struct rpc_gss_cred *gc) - { - rpc_gss_rawcred_t *rcred = &gd->rcred; -- OM_uint32 maj_stat, min_stat; -- gss_buffer_desc buf; - - rcred->version = gc->gc_v; - if (!rpc_gss_oid_to_mech(gd->sec.mech, &rcred->mechanism)) - return FALSE; - rcred->service = _rpc_gss_svc_to_service(gd->sec.svc); -- maj_stat = gss_export_name(&min_stat, gd->client_name, &buf); -- if (maj_stat != GSS_S_COMPLETE) { -- gss_log_status("gss_export_name", maj_stat, min_stat); -- return FALSE; -- } - - rcred->client_principal = calloc(1, sizeof(rpc_gss_principal_t) + -- buf.length); -- if (rcred->client_principal == NULL) { -- (void)gss_release_buffer(&min_stat, &buf); -+ gd->cname.length); -+ if (rcred->client_principal == NULL) - return FALSE; -- } -- rcred->client_principal->len = buf.length; -- (void)memcpy(rcred->client_principal->name, buf.value, buf.length); -- (void)gss_release_buffer(&min_stat, &buf); -+ -+ rcred->client_principal->len = gd->cname.length; -+ (void)memcpy(rcred->client_principal->name, -+ gd->cname.value, gd->cname.length); - - rcred->svc_principal = _svcauth_svc_name; - -diff --git a/src/svc_generic.c b/src/svc_generic.c -index f49d776..7aae796 100644 ---- a/src/svc_generic.c -+++ b/src/svc_generic.c -@@ -283,6 +283,8 @@ svc_tli_create(fd, nconf, bindaddr, sendsz, recvsz) - xprt->xp_type = __rpc_socktype2seman(si.si_socktype); - - if (nconf) { -+ if (xprt->xp_netid != NULL) -+ free(xprt->xp_netid); - xprt->xp_netid = strdup(nconf->nc_netid); - xprt->xp_tp = strdup(nconf->nc_device); - } -diff --git a/src/svc_vc.c b/src/svc_vc.c -index 9824631..6848c09 100644 ---- a/src/svc_vc.c -+++ b/src/svc_vc.c -@@ -392,6 +392,12 @@ svc_vc_destroy(xprt) - __svc_vc_dodestroy(xprt); - } - -+static bool_t -+__svc_rendezvous_socket(xprt) -+ SVCXPRT *xprt; -+{ -+ return (xprt->xp_ops->xp_recv == rendezvous_request); -+} - static void - __svc_vc_dodestroy(xprt) - SVCXPRT *xprt; -@@ -403,7 +409,7 @@ __svc_vc_dodestroy(xprt) - - if (xprt->xp_fd != RPC_ANYFD) - (void)close(xprt->xp_fd); -- if (xprt->xp_port != 0) { -+ if (__svc_rendezvous_socket(xprt)) { - /* a rendezvouser socket */ - r = (struct cf_rendezvous *)xprt->xp_p1; - mem_free(r, sizeof (struct cf_rendezvous)); -diff --git a/src/xdr_sizeof.c b/src/xdr_sizeof.c -index cc5414b..d23fbd1 100644 ---- a/src/xdr_sizeof.c -+++ b/src/xdr_sizeof.c -@@ -90,7 +90,7 @@ x_inline(xdrs, len) - if (xdrs->x_op != XDR_ENCODE) { - return (NULL); - } -- if (len < (u_int)xdrs->x_base) { -+ if (len < (uintptr_t)xdrs->x_base) { - /* x_private was already allocated */ - xdrs->x_handy += len; - return ((int32_t *) xdrs->x_private); -@@ -102,7 +102,7 @@ x_inline(xdrs, len) - xdrs->x_base = 0; - return (NULL); - } -- xdrs->x_base = (caddr_t) len; -+ xdrs->x_base = (caddr_t)(uintptr_t)len; - xdrs->x_handy += len; - return ((int32_t *) xdrs->x_private); - } -diff --git a/tirpc/rpc/auth.h b/tirpc/rpc/auth.h -index 3e44863..e67779c 100644 ---- a/tirpc/rpc/auth.h -+++ b/tirpc/rpc/auth.h -@@ -313,6 +313,8 @@ extern AUTH *authnone_create(void); /* takes no parameters */ - extern "C" { - #endif - extern AUTH *authdes_create (char *, u_int, struct sockaddr *, des_block *); -+extern AUTH *authdes_pk_create (char *, netobj *, u_int, -+ struct sockaddr *, des_block *); - extern AUTH *authdes_seccreate (const char *, const u_int, const char *, - const des_block *); - #ifdef __cplusplus -diff --git a/tirpc/rpc/auth_gss.h b/tirpc/rpc/auth_gss.h -index a17b34b..5316ed6 100644 ---- a/tirpc/rpc/auth_gss.h -+++ b/tirpc/rpc/auth_gss.h -@@ -73,11 +73,6 @@ struct authgss_private_data { - u_int pd_seq_win; /* Sequence window */ - }; - --#define g_OID_equal(o1, o2) \ -- (((o1)->length == (o2)->length) && \ -- ((o1)->elements != 0) && ((o2)->elements != 0) && \ -- (memcmp((o1)->elements, (o2)->elements, (int) (o1)->length) == 0)) -- - /* from kerberos source, gssapi_krb5.c */ - extern gss_OID_desc krb5oid; - extern gss_OID_desc spkm3oid; -diff --git a/tirpc/rpc/svc.h b/tirpc/rpc/svc.h -index 8273c95..f647095 100644 ---- a/tirpc/rpc/svc.h -+++ b/tirpc/rpc/svc.h -@@ -88,6 +88,7 @@ enum xprt_stat { - */ - typedef struct __rpc_svcxprt { - int xp_fd; -+#define xp_sock xp_fd - u_short xp_port; /* associated port number */ - const struct xp_ops { - /* receive incoming requests */ -diff --git a/tirpc/rpc/xdr.h b/tirpc/rpc/xdr.h -index 64069ab..80b35ce 100644 ---- a/tirpc/rpc/xdr.h -+++ b/tirpc/rpc/xdr.h -@@ -327,6 +327,7 @@ extern bool_t xdr_hyper(XDR *, quad_t *); - extern bool_t xdr_u_hyper(XDR *, u_quad_t *); - extern bool_t xdr_longlong_t(XDR *, quad_t *); - extern bool_t xdr_u_longlong_t(XDR *, u_quad_t *); -+extern u_long xdr_sizeof(xdrproc_t, void *); - #ifdef __cplusplus - } - #endif diff --git a/libtirpc-0.3.3-rc3.patch b/libtirpc-0.3.3-rc3.patch deleted file mode 100644 index 383470c..0000000 --- a/libtirpc-0.3.3-rc3.patch +++ /dev/null @@ -1,1288 +0,0 @@ -diff --git a/configure.ac b/configure.ac -index 99a0d33..4d18efa 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -5,6 +5,33 @@ AC_CONFIG_SRCDIR([src/auth_des.c]) - AC_CONFIG_MACRO_DIR([m4]) - AC_PROG_CC - -+# LT_VERSION_INFO="current:revision:age" -+# -+# From the libtool manual: -+# -+# 1. Start with version information of 0:0:0 for each libtool library. -+# 2. Update the version information only immediately before a public -+# release of your software. More frequent updates are unnecessary, -+# and only guarantee that the current interface number gets larger faster. -+# 3. If the library source code has changed at all since the last update, -+# then increment revision (c:r:a becomes c:r+1:a). -+# 4. If any interfaces have been added, removed, or changed since the last -+# update, increment current, and set revision to 0. -+# 5. If any interfaces have been added since the last public release, -+# then increment age. -+# 6. If any interfaces have been removed since the last public release, -+# then set age to 0. -+# -+# _Never_ try to set the interface numbers so that they correspond to the -+# release number of your package. This is an abuse that only fosters -+# misunderstanding of the purpose of library versions. -+# -+# In addition to these rules, symbol versioning is now in effect. soname -+# changes should be avoided. -+# -+LT_VERSION_INFO="2:0:1" -+AC_SUBST([LT_VERSION_INFO]) -+ - AC_CHECK_HEADER([gssapi/gssapi.h], [HAVE_GSSAPI_H=yes], [HAVE_GSSAPI_H=no]) - - AC_ARG_ENABLE(gssapi, -@@ -39,6 +66,21 @@ AC_ARG_ENABLE(symvers, - [],[enable_symvers=yes]) - AM_CONDITIONAL(SYMVERS, test "x$enable_symvers" = xyes) - -+AC_CANONICAL_BUILD -+# Check for which host we are on and setup a few things -+# specifically based on the host -+case $build_os in -+ linux*) -+ # Do something specific for linux -+ LDFLAG_NOUNDEFINED="-Wl,--no-undefined" -+ AC_SUBST(LDFLAG_NOUNDEFINED) -+ ;; -+ *) -+ #Default Case -+ ;; -+esac -+ -+ - AC_CONFIG_HEADERS([config.h]) - AC_PROG_LIBTOOL - AC_HEADER_DIRENT -diff --git a/man/rpc_gss_get_mech_info.3t b/man/rpc_gss_get_mech_info.3t -index 1f3ba04..44f0df3 100644 ---- a/man/rpc_gss_get_mech_info.3t -+++ b/man/rpc_gss_get_mech_info.3t -@@ -29,28 +29,33 @@ - .Os - .Sh NAME - .Nm rpc_gss_get_mech_info --.Nd "Get extra information about a security mechanism" -+.Nd "Get Quality of Protection information for a security mechanism" - .Sh SYNOPSIS - .In rpc/rpcsec_gss.h - .Ft const char ** - .Fn rpc_gss_get_mech_info "const char *mech" "rpc_gss_service_t *service" - .Sh DESCRIPTION --This function looks up a mechanism by name by reading the file --/etc/gss/mech and queries it for its capabilities. -+This function returns the list of QOP names supported by the -+GSS_API mechanism named "mech". - .Sh PARAMETERS - .Bl -tag -width ".It service" - .It mech --The mechanism to search for -+The name of a GSS_API mechanism. -+"kerberos_v5" is currently the only supported mechanism. - .It service --If the mechanism is found, the maximum supported service type is --returned in --.Fa *service -+Buffer in which maximum service type is planted - .El - .Sh RETURN VALUES --If the mechanism is found, --a list of the supported qualities of protection is returned, --otherwise --.Dv NULL . -+If the named GSS_API mechanism is recognized, -+a list of the supported Qualities of Protection is returned. -+The maximum supported service type for the mechanism is returned in -+.Fa *service . -+Otherwise -+.Dv NULL -+is returned. -+.Pp -+Note: The returned QOP list is statically allocated memory. -+The caller must not free this array. - .Sh AVAILABILITY - The - .Fn rpc_gss_get_mech_info -diff --git a/man/rpc_gss_getcred.3t b/man/rpc_gss_getcred.3t -index 8589f08..691df31 100644 ---- a/man/rpc_gss_getcred.3t -+++ b/man/rpc_gss_getcred.3t -@@ -51,7 +51,6 @@ If non-null, - .Fa *rcred - is set to point at the raw credentials for this request - .It ucred --.It rcred - If non-null, - .Fa *ucred - is set to point at the corresponding unix credentials -diff --git a/man/rpc_gss_is_installed.3t b/man/rpc_gss_is_installed.3t -index 274a1f0..d5f5e44 100644 ---- a/man/rpc_gss_is_installed.3t -+++ b/man/rpc_gss_is_installed.3t -@@ -29,23 +29,24 @@ - .Os - .Sh NAME - .Nm rpc_gss_is_installed --.Nd "Query for the presence os a security mechanism" -+.Nd "Query for the presence of a security mechanism" - .Sh SYNOPSIS - .In rpc/rpcsec_gss.h - .Ft bool_t - .Fn rpc_gss_is_installed "const char *mech" - .Sh DESCRIPTION --This function looks up a mechanism by name by reading the file --/etc/gss/mech. -+This function indicates whether the GSS_API mechanism named "mech" -+is installed and enabled. - .Sh PARAMETERS - .Bl -tag -width ".It mech" - .It mech --The mechanism to search for -+The name of a GSS_API mechanism. -+"kerberos_v5" is currently the only supported mechanism. - .El - .Sh RETURN VALUES - Returns - .Dv TRUE --if the mechanism is installed, -+if the named GSS_API mechanism is installed and enabled, - .Dv FALSE - otherwise. - .Sh AVAILABILITY -diff --git a/man/rpc_gss_mech_to_oid.3t b/man/rpc_gss_mech_to_oid.3t -index 8bbe616..4a1b25d 100644 ---- a/man/rpc_gss_mech_to_oid.3t -+++ b/man/rpc_gss_mech_to_oid.3t -@@ -35,22 +35,27 @@ - .Ft bool_t - .Fn rpc_gss_mech_to_oid "const char *mech" "gss_OID *oid_ret" - .Sh DESCRIPTION --This function looks up a mechanism by name by reading the file --/etc/gss/mech. -+This function returns the GSS OID associated with the GSS_API -+mechanism "mech". - .Sh PARAMETERS - .Bl -tag -width ".It oid_ret" - .It mech --The mechanism name to search for -+The name of a GSS_API mechanism. -+"kerberos_v5" is currently the only supported mechanism. - .It oid_ret --If the mechanism is found, the corresponding GSS-API oid is returned --in --.Fa *oid_ret -+Buffer in which to place the returned OID - .El - .Sh RETURN VALUES --If the mechanism is found, -+If the GSS_API mechanism name is recognized, - .Dv TRUE --is returned, otherwise --.Dv FALSE . -+is returned. -+The corresponding GSS-API oid is returned in -+.Fa *oid_ret . -+Otherwise -+.Dv FALSE -+is returned and -+.Fa *oid_ret -+is left untouched. - .Sh AVAILABILITY - The - .Fn rpc_gss_mech_to_oid -diff --git a/man/rpc_gss_qop_to_num.3t b/man/rpc_gss_qop_to_num.3t -index 3968216..7ac1a4c 100644 ---- a/man/rpc_gss_qop_to_num.3t -+++ b/man/rpc_gss_qop_to_num.3t -@@ -29,30 +29,37 @@ - .Os - .Sh NAME - .Nm rpc_gss_qop_to_num --.Nd "Convert a quality of protection name to number" -+.Nd "Convert a Quality of Protection name to number" - .Sh SYNOPSIS - .In rpc/rpcsec_gss.h - .Ft bool_t - .Fn rpc_gss_qop_to_num "const char *qop" "const char *mech" "u_int *num_ret" - .Sh DESCRIPTION --This function looks up a quality of protection by name by reading the file --/etc/gss/qop. -+This function returns the numeric QOP value associated with the -+GSS_API QOP "qop" and mechanism "mech." - .Sh PARAMETERS - .Bl -tag -width ".It number_ret" - .It qop --The quality of protection to search for -+The name of Quality of Protection associated with the -+GSS_API mechanism "mech". -+"GSS_C_QOP_DEFAULT" is currently the only supported QOP. - .It mech --The mechanism name to search for -+The name of a GSS_API mechanism. -+"kerberos_v5" is currently the only supported mechanism. - .It number_ret --If the quality of protection is found, the corresponding number is --returned in --.Fa *num_ret -+Buffer in which to place the returned QOP number - .El - .Sh RETURN VALUES --If the value is found, -+If the QOP and mechanism names are recognized, - .Dv TRUE --is returned, otherwise --.Dv FALSE . -+is returned. -+The corresponding QOP number is returned in -+.Fa *num_ret . -+Otherwise -+.Dv FALSE -+is returned and -+.It number_ret -+is left untouched. - .Sh AVAILABILITY - The - .Fn rpc_gss_qop_to_num -diff --git a/man/rpc_gss_seccreate.3t b/man/rpc_gss_seccreate.3t -index 9f526a6..b52df19 100644 ---- a/man/rpc_gss_seccreate.3t -+++ b/man/rpc_gss_seccreate.3t -@@ -55,9 +55,8 @@ For instance, a principal such as - .Qq nfs@server.example.com - might be used by an application which needs to contact an NFS server - .It mechanism --The desired mechanism for this security context. --The value of mechanism should be the name of one of the security --mechanisms listed in /etc/gss/mech. -+The name of the GSS_API mechanism to use for the new security context. -+"kerberos_v5" is currently the only supported mechanism. - .It service - Type of service requested. - .Bl -tag -width "rpc_gss_svc_integrity" -@@ -72,8 +71,9 @@ RPC headers and data are integrity protected by a checksum. - RPC headers are integrity protected by a checksum and data is encrypted. - .El - .It qop --Desired quality of protection or NULL for the default. --Available values are listed in /etc/gss/qop -+The name of the Quality of Protection to use for the new security context, -+or NULL to use the default QOP. -+"GSS_C_QOP_DEFAULT" is currently the only supported QOP. - .It options_req - Extra security context options to be passed to the underlying GSS-API - mechanism. -diff --git a/man/rpc_secure.3t b/man/rpc_secure.3t -index 7ad6e49..4a1ad93 100644 ---- a/man/rpc_secure.3t -+++ b/man/rpc_secure.3t -@@ -16,6 +16,14 @@ - .Fa "struct sockaddr *addr" - .Fa "des_block *ckey" - .Fc -+.Ft AUTH * -+.Fo authdes_pk_create -+.Fa "char *name" -+.FA "netobj *publickey" -+.Fa "unsigned window" -+.Fa "struct sockaddr *addr" -+.Fa "des_block *ckey" -+.Fc - .Ft int - .Fn authdes_getucred "struct authdes_cred *adc" "uid_t *uid" "gid_t *gid" "int *grouplen" "gid_t *groups" - .Ft int -@@ -113,6 +121,13 @@ key to be used for the encryption of credentials. - If it is supplied, however, then it will be used instead. - .Pp - The -+.Fn authdes_pk_create -+function is identical to -+.Fn authdes_create , -+except that the public key needs to be provided at calling time and -+will not looked up by this function itself. -+.Pp -+The - .Fn authdes_getucred - function, - the second of the two -diff --git a/src/Makefile.am b/src/Makefile.am -index 6cc567a..d94a8e9 100644 ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -12,36 +12,8 @@ AM_CPPFLAGS = -I$(top_srcdir)/tirpc -include config.h -DPORTMAP -DINET6 \ - - lib_LTLIBRARIES = libtirpc.la - --# --# Set the library version information --# --# According to the libtool manual: --# --# "This flag accepts an argument of the form current[:revision[:age]]. --# --# If either revision or age are omitted, they default to 0. Also note that --# age must be less than or equal to the current interface number. --# --# Here are a set of rules to help you update your library version information: --# --# 1. Start with version information of 0:0:0 for each libtool library. --# 2. Update the version information only immediately before a public --# release of your software. More frequent updates are unnecessary, --# and only guarantee that the current interface number gets larger faster. --# 3. If the library source code has changed at all since the last update, --# then increment revision (c:r:a becomes c:r+1:a). --# 4. If any interfaces have been added, removed, or changed since the last --# update, increment current, and set revision to 0. --# 5. If any interfaces have been added since the last public release, --# then increment age. --# 6. If any interfaces have been removed since the last public release, --# then set age to 0. --# --# _Never_ try to set the interface numbers so that they correspond to the --# release number of your package. This is an abuse that only fosters --# misunderstanding of the purpose of library versions." --# --libtirpc_la_LDFLAGS = -lpthread -version-info 1:10:0 -+libtirpc_la_LDFLAGS = @LDFLAG_NOUNDEFINED@ -lpthread -+libtirpc_la_LDFLAGS += -version-info @LT_VERSION_INFO@ - - libtirpc_la_SOURCES = auth_none.c auth_unix.c authunix_prot.c bindresvport.c clnt_bcast.c \ - clnt_dg.c clnt_generic.c clnt_perror.c clnt_raw.c clnt_simple.c \ -@@ -50,11 +22,12 @@ libtirpc_la_SOURCES = auth_none.c auth_unix.c authunix_prot.c bindresvport.c cln - pmap_prot.c pmap_prot2.c pmap_rmt.c rpc_prot.c rpc_commondata.c \ - rpc_callmsg.c rpc_generic.c rpc_soc.c rpcb_clnt.c rpcb_prot.c \ - rpcb_st_xdr.c svc.c svc_auth.c svc_dg.c svc_auth_unix.c svc_auth_none.c \ -+ svc_auth_des.c \ - svc_generic.c svc_raw.c svc_run.c svc_simple.c svc_vc.c getpeereid.c \ - auth_time.c auth_des.c authdes_prot.c debug.c - - ## XDR --libtirpc_la_SOURCES += xdr.c xdr_rec.c xdr_array.c xdr_float.c xdr_mem.c xdr_reference.c xdr_stdio.c -+libtirpc_la_SOURCES += xdr.c xdr_rec.c xdr_array.c xdr_float.c xdr_mem.c xdr_reference.c xdr_stdio.c xdr_sizeof.c - - if SYMVERS - libtirpc_la_LDFLAGS += -Wl,--version-script=$(srcdir)/libtirpc.map -@@ -69,7 +42,7 @@ if GSS - endif - - libtirpc_la_SOURCES += key_call.c key_prot_xdr.c getpublickey.c --libtirpc_la_SOURCES += netname.c netnamer.c rtime.c -+libtirpc_la_SOURCES += netname.c netnamer.c rpcdname.c rtime.c - - CLEANFILES = cscope.* *~ - DISTCLEANFILES = Makefile.in -diff --git a/src/auth_gss.c b/src/auth_gss.c -index 722d54c..4fa8568 100644 ---- a/src/auth_gss.c -+++ b/src/auth_gss.c -@@ -821,7 +821,6 @@ rpc_gss_seccreate(CLIENT *clnt, char *principal, char *mechanism, - clnt->cl_auth = auth; - - if (_rpc_gss_refresh(auth, ret) == FALSE) { -- authgss_destroy(auth); - auth = NULL; - } else { - rpc_gss_clear_error(); -diff --git a/src/libtirpc.map b/src/libtirpc.map -index 063cddd..f385de5 100644 ---- a/src/libtirpc.map -+++ b/src/libtirpc.map -@@ -316,6 +316,17 @@ TIRPC_0.3.2 { - xdr_unixcred; - } TIRPC_0.3.1; - -+TIRPC_0.3.3 { -+ __getpublickey_LOCAL; -+ __key_decryptsession_pk_LOCAL; -+ __key_encryptsession_pk_LOCAL; -+ __key_gendes_LOCAL; -+ xdr_sizeof; -+ authdes_pk_create; -+ svc_pollfd; -+ svc_max_pollfd; -+} TIRPC_0.3.2; -+ - TIRPC_PRIVATE { - global: - __libc_clntudp_bufcreate; -diff --git a/src/rpc_com.h b/src/rpc_com.h -index 52a8c48..10bec79 100644 ---- a/src/rpc_com.h -+++ b/src/rpc_com.h -@@ -40,47 +40,20 @@ - #ifndef _TIRPC_RPCCOM_H - #define _TIRPC_RPCCOM_H - -- --/* #pragma ident "@(#)rpc_com.h 1.11 93/07/05 SMI" */ -- --/* -- * The max size of the transport, if the size cannot be determined -- * by other means. -- */ --#define RPC_MAXDATASIZE 9000 --#define RPC_MAXADDRSIZE 1024 -- --#define __RPC_GETXID(now) ((u_int32_t)getpid() ^ (u_int32_t)(now)->tv_sec ^ \ -- (u_int32_t)(now)->tv_usec) -+#include - - #ifdef __cplusplus - extern "C" { - #endif --extern u_int __rpc_get_a_size(int); --extern int __rpc_dtbsize(void); --extern struct netconfig * __rpcgettp(int); --extern int __rpc_get_default_domain(char **); --struct netbuf *__rpc_set_netbuf(struct netbuf *, const void *, size_t); - --char *__rpc_taddr2uaddr_af(int, const struct netbuf *); --struct netbuf *__rpc_uaddr2taddr_af(int, const char *); --int __rpc_fixup_addr(struct netbuf *, const struct netbuf *); --int __rpc_sockinfo2netid(struct __rpc_sockinfo *, const char **); --int __rpc_seman2socktype(int); --int __rpc_socktype2seman(int); --void *rpc_nullproc(CLIENT *); --int __rpc_sockisbound(int); -+struct netbuf *__rpc_set_netbuf(struct netbuf *, const void *, size_t); - --struct netbuf *__rpcb_findaddr(rpcprog_t, rpcvers_t, const struct netconfig *, -- const char *, CLIENT **); - struct netbuf *__rpcb_findaddr_timed(rpcprog_t, rpcvers_t, - const struct netconfig *, const char *host, CLIENT **clpp, - struct timeval *tp); - - bool_t __rpc_control(int,void *); - --char *_get_next_token(char *, int); -- - bool_t __svc_clean_idle(fd_set *, int, bool_t); - bool_t __xdrrec_setnonblock(XDR *, int); - bool_t __xdrrec_getrec(XDR *, enum xprt_stat *, bool_t); -diff --git a/src/rpc_commondata.c b/src/rpc_commondata.c -index 5392306..918c1aa 100644 ---- a/src/rpc_commondata.c -+++ b/src/rpc_commondata.c -@@ -36,3 +36,6 @@ - struct opaque_auth _null_auth; - fd_set svc_fdset; - int svc_maxfd = -1; -+struct pollfd *svc_pollfd; -+int svc_max_pollfd; -+ -diff --git a/src/rpc_dtablesize.c b/src/rpc_dtablesize.c -index 5c6033e..13d320c 100644 ---- a/src/rpc_dtablesize.c -+++ b/src/rpc_dtablesize.c -@@ -50,8 +50,6 @@ _rpc_dtablesize(void) - - if (size == 0) { - size = getdtablesize(); -- if (size > FD_SETSIZE) -- size = FD_SETSIZE; - } - return (size); - } -diff --git a/src/rpc_gss_utils.c b/src/rpc_gss_utils.c -index 9a7fed3..80fc78a 100644 ---- a/src/rpc_gss_utils.c -+++ b/src/rpc_gss_utils.c -@@ -159,6 +159,7 @@ static char *_rpc_gss_krb5_qop_names[] = { - NULL, - }; - -+/* GSS_MECH_KRB5_OID: Defined by RFC 1964 */ - static struct _rpc_gss_mechanism _rpc_gss_mech_kerberos_v5 = { - .mi_name = "kerberos_v5", - .mi_oid = { 9, "\052\206\110\206\367\022\001\002\002" }, -@@ -166,8 +167,17 @@ static struct _rpc_gss_mechanism _rpc_gss_mech_kerberos_v5 = { - .mi_qops = _rpc_gss_krb5_qops, - }; - -+/* GSS_KRB5_NT_PRINCIPAL_NAME: Defined by RFC 1964 */ -+static struct _rpc_gss_mechanism _rpc_gss_mech_kerberos_v5_princname = { -+ .mi_name = "kerberos_v5", -+ .mi_oid = { 10, "\052\206\110\206\367\022\001\002\002\001" }, -+ .mi_qop_names = _rpc_gss_krb5_qop_names, -+ .mi_qops = _rpc_gss_krb5_qops, -+}; -+ - static struct _rpc_gss_mechanism *_rpc_gss_mechanisms[] = { - &_rpc_gss_mech_kerberos_v5, -+ &_rpc_gss_mech_kerberos_v5_princname, - NULL, - }; - -@@ -187,13 +197,20 @@ _rpc_gss_find_mechanism(char *mechanism) - return NULL; - } - -+static bool_t -+_rpc_gss_OID_equal(rpc_gss_OID o1, rpc_gss_OID o2) -+{ -+ return (o1->length == o2->length) && -+ (memcmp(o1->elements, o2->elements, o1->length) == 0); -+} -+ - static struct _rpc_gss_mechanism * - _rpc_gss_find_oid(rpc_gss_OID oid) - { - unsigned int i; - - for (i = 0; _rpc_gss_mechanisms[i] != NULL; i++) -- if (g_OID_equal(oid, &_rpc_gss_mechanisms[i]->mi_oid)) -+ if (_rpc_gss_OID_equal(oid, &_rpc_gss_mechanisms[i]->mi_oid)) - return _rpc_gss_mechanisms[i]; - return NULL; - } -diff --git a/src/rpc_soc.c b/src/rpc_soc.c -index e146ed4..1ec7b3f 100644 ---- a/src/rpc_soc.c -+++ b/src/rpc_soc.c -@@ -61,6 +61,7 @@ - #include - #include - #include -+#include - - #include "rpc_com.h" - -@@ -531,7 +532,6 @@ authdes_create(servername, window, syncaddr, ckey) - struct sockaddr *syncaddr; /* optional hostaddr to sync with */ - des_block *ckey; /* optional conversation key to use */ - { -- AUTH *dummy; - AUTH *nauth; - char hostname[NI_MAXHOST]; - -@@ -540,19 +540,68 @@ authdes_create(servername, window, syncaddr, ckey) - * Change addr to hostname, because that is the way - * new interface takes it. - */ -- if (getnameinfo(syncaddr, sizeof(syncaddr), hostname, -- sizeof hostname, NULL, 0, 0) != 0) -- goto fallback; -- -+ switch (syncaddr->sa_family) { -+ case AF_INET: -+ if (getnameinfo(syncaddr, sizeof(struct sockaddr_in), hostname, -+ sizeof hostname, NULL, 0, 0) != 0) -+ goto fallback; -+ break; -+ case AF_INET6: -+ if (getnameinfo(syncaddr, sizeof(struct sockaddr_in6), hostname, -+ sizeof hostname, NULL, 0, 0) != 0) -+ goto fallback; -+ break; -+ default: -+ goto fallback; -+ } - nauth = authdes_seccreate(servername, window, hostname, ckey); - return (nauth); - } - fallback: -- dummy = authdes_seccreate(servername, window, NULL, ckey); -- return (dummy); -+ return authdes_seccreate(servername, window, NULL, ckey); - } - - /* -+ * Create the client des authentication object. Obsoleted by -+ * authdes_pk_seccreate(). -+ */ -+extern AUTH *authdes_pk_seccreate(const char *, netobj *, u_int, const char *, -+ const des_block *, nis_server *); -+ -+AUTH * -+authdes_pk_create(servername, pkey, window, syncaddr, ckey) -+ char *servername; /* network name of server */ -+ netobj *pkey; /* public key */ -+ u_int window; /* time to live */ -+ struct sockaddr *syncaddr; /* optional hostaddr to sync with */ -+ des_block *ckey; /* optional conversation key to use */ -+{ -+ AUTH *nauth; -+ char hostname[NI_MAXHOST]; -+ -+ if (syncaddr) { -+ /* -+ * Change addr to hostname, because that is the way -+ * new interface takes it. -+ */ -+ switch (syncaddr->sa_family) { -+ case AF_INET: -+ if (getnameinfo(syncaddr, sizeof(struct sockaddr_in), hostname, -+ sizeof hostname, NULL, 0, 0) != 0) -+ goto fallback; -+ break; -+ default: -+ goto fallback; -+ } -+ nauth = authdes_pk_seccreate(servername, pkey, window, hostname, ckey, NULL); -+ return (nauth); -+ } -+fallback: -+ return authdes_pk_seccreate(servername, pkey, window, NULL, ckey, NULL); -+} -+ -+ -+/* - * Create a client handle for a unix connection. Obsoleted by clnt_vc_create() - */ - CLIENT * -diff --git a/src/rpcdname.c b/src/rpcdname.c -new file mode 100644 -index 0000000..3e6a988 ---- /dev/null -+++ b/src/rpcdname.c -@@ -0,0 +1,72 @@ -+/* -+ * Copyright (c) 2009, Sun Microsystems, Inc. -+ * All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions are met: -+ * - Redistributions of source code must retain the above copyright notice, -+ * this list of conditions and the following disclaimer. -+ * - Redistributions in binary form must reproduce the above copyright notice, -+ * this list of conditions and the following disclaimer in the documentation -+ * and/or other materials provided with the distribution. -+ * - Neither the name of Sun Microsystems, Inc. nor the names of its -+ * contributors may be used to endorse or promote products derived -+ * from this software without specific prior written permission. -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE -+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -+ * POSSIBILITY OF SUCH DAMAGE. -+ */ -+ -+/* -+ * rpcdname.c -+ * Gets the default domain name -+ */ -+ -+#include -+#include -+#include -+ -+static char *default_domain = 0; -+ -+static char * -+get_default_domain() -+{ -+ char temp[256]; -+ -+ if (default_domain) -+ return (default_domain); -+ if (getdomainname(temp, sizeof(temp)) < 0) -+ return (0); -+ if ((int) strlen(temp) > 0) { -+ default_domain = (char *)malloc((strlen(temp)+(unsigned)1)); -+ if (default_domain == 0) -+ return (0); -+ (void) strcpy(default_domain, temp); -+ return (default_domain); -+ } -+ return (0); -+} -+ -+/* -+ * This is a wrapper for the system call getdomainname which returns a -+ * ypclnt.h error code in the failure case. It also checks to see that -+ * the domain name is non-null, knowing that the null string is going to -+ * get rejected elsewhere in the NIS client package. -+ */ -+int -+__rpc_get_default_domain(domain) -+ char **domain; -+{ -+ if ((*domain = get_default_domain()) != 0) -+ return (0); -+ return (-1); -+} -diff --git a/src/svc.c b/src/svc.c -index 32c84f1..a4c6b3d 100644 ---- a/src/svc.c -+++ b/src/svc.c -@@ -100,16 +100,43 @@ xprt_register (xprt) - rwlock_wrlock (&svc_fd_lock); - if (__svc_xports == NULL) - { -- __svc_xports = (SVCXPRT **) mem_alloc (FD_SETSIZE * sizeof (SVCXPRT *)); -+ __svc_xports = (SVCXPRT **) calloc (_rpc_dtablesize(), sizeof (SVCXPRT *)); - if (__svc_xports == NULL) - return; -- memset (__svc_xports, '\0', FD_SETSIZE * sizeof (SVCXPRT *)); - } -- if (sock < FD_SETSIZE) -+ if (sock < _rpc_dtablesize()) - { -+ int i; -+ struct pollfd *new_svc_pollfd; -+ - __svc_xports[sock] = xprt; -- FD_SET (sock, &svc_fdset); -- svc_maxfd = max (svc_maxfd, sock); -+ if (sock < FD_SETSIZE) -+ { -+ FD_SET (sock, &svc_fdset); -+ svc_maxfd = max (svc_maxfd, sock); -+ } -+ -+ /* Check if we have an empty slot */ -+ for (i = 0; i < svc_max_pollfd; ++i) -+ if (svc_pollfd[i].fd == -1) -+ { -+ svc_pollfd[i].fd = sock; -+ svc_pollfd[i].events = (POLLIN | POLLPRI | -+ POLLRDNORM | POLLRDBAND); -+ return; -+ } -+ -+ new_svc_pollfd = (struct pollfd *) realloc (svc_pollfd, -+ sizeof (struct pollfd) -+ * (svc_max_pollfd + 1)); -+ if (new_svc_pollfd == NULL) /* Out of memory */ -+ return; -+ svc_pollfd = new_svc_pollfd; -+ ++svc_max_pollfd; -+ -+ svc_pollfd[svc_max_pollfd - 1].fd = sock; -+ svc_pollfd[svc_max_pollfd - 1].events = (POLLIN | POLLPRI | -+ POLLRDNORM | POLLRDBAND); - } - rwlock_unlock (&svc_fd_lock); - } -@@ -142,16 +169,25 @@ __xprt_do_unregister (xprt, dolock) - - if (dolock) - rwlock_wrlock (&svc_fd_lock); -- if ((sock < FD_SETSIZE) && (__svc_xports[sock] == xprt)) -+ if ((sock < _rpc_dtablesize() ) && (__svc_xports[sock] == xprt)) - { -+ int i; -+ - __svc_xports[sock] = NULL; -- FD_CLR (sock, &svc_fdset); -- if (sock >= svc_maxfd) -+ if (sock < FD_SETSIZE) - { -- for (svc_maxfd--; svc_maxfd >= 0; svc_maxfd--) -- if (__svc_xports[svc_maxfd]) -- break; -+ FD_CLR (sock, &svc_fdset); -+ if (sock >= svc_maxfd) -+ { -+ for (svc_maxfd--; svc_maxfd >= 0; svc_maxfd--) -+ if (__svc_xports[svc_maxfd]) -+ break; -+ } - } -+ -+ for (i = 0; i < svc_max_pollfd; ++i) -+ if (svc_pollfd[i].fd == sock) -+ svc_pollfd[i].fd = -1; - } - if (dolock) - rwlock_unlock (&svc_fd_lock); -@@ -606,11 +642,15 @@ svc_getreqset (readfds) - int bit, fd; - fd_mask mask, *maskp; - int sock; -+ int setsize; - - assert (readfds != NULL); - -+ setsize = _rpc_dtablesize (); -+ if (setsize > FD_SETSIZE) -+ setsize = FD_SETSIZE; - maskp = readfds->fds_bits; -- for (sock = 0; sock < FD_SETSIZE; sock += NFDBITS) -+ for (sock = 0; sock < setsize; sock += NFDBITS) - { - for (mask = *maskp++; (bit = ffsl(mask)) != 0; mask ^= (1L << (bit - 1))) - { -@@ -733,36 +773,22 @@ svc_getreq_poll (pfdp, pollretval) - struct pollfd *pfdp; - int pollretval; - { -- int i; -- int fds_found; -+ int fds_found, i; - -- for (i = fds_found = 0; fds_found < pollretval; i++) -+ for (i = fds_found = 0; i < svc_max_pollfd; ++i) - { - struct pollfd *p = &pfdp[i]; - -- if (p->revents) -+ if (p->fd != -1 && p->revents) - { -- /* fd has input waiting */ -- fds_found++; -- /* -- * We assume that this function is only called -- * via someone _select()ing from svc_fdset or -- * _poll()ing from svc_pollset[]. Thus it's safe -- * to handle the POLLNVAL event by simply turning -- * the corresponding bit off in svc_fdset. The -- * svc_pollset[] array is derived from svc_fdset -- * and so will also be updated eventually. -- * -- * XXX Should we do an xprt_unregister() instead? -- */ -- if (p->revents & POLLNVAL) -- { -- rwlock_wrlock (&svc_fd_lock); -- FD_CLR (p->fd, &svc_fdset); -- rwlock_unlock (&svc_fd_lock); -- } -- else -- svc_getreq_common (p->fd); -+ /* fd has input waiting */ -+ if (p->revents & POLLNVAL) -+ xprt_unregister (__svc_xports[p->fd]); -+ else -+ svc_getreq_common (p->fd); -+ -+ if (++fds_found >= pollretval) -+ break; - } - } - } -diff --git a/src/svc_auth.c b/src/svc_auth.c -index 31241c9..94029bb 100644 ---- a/src/svc_auth.c -+++ b/src/svc_auth.c -@@ -38,6 +38,7 @@ - #include - #include - #include -+#include - #include - - /* -@@ -109,11 +110,9 @@ _gss_authenticate(rqst, msg, no_dispatch) - case AUTH_SHORT: - dummy = _svcauth_short(rqst, msg); - return (dummy); --#ifdef DES_BUILTIN - case AUTH_DES: - dummy = _svcauth_des(rqst, msg); - return (dummy); --#endif - #ifdef HAVE_RPCSEC_GSS - case RPCSEC_GSS: - dummy = _svcauth_gss(rqst, msg, no_dispatch); -@@ -172,9 +171,7 @@ svc_auth_reg(cred_flavor, handler) - case AUTH_NULL: - case AUTH_SYS: - case AUTH_SHORT: --#ifdef DES_BUILTIN - case AUTH_DES: --#endif - #ifdef HAVE_RPCSEC_GSS - case RPCSEC_GSS: - #endif -diff --git a/src/svc_auth_des.c b/src/svc_auth_des.c -index 08e2bee..5bc264c 100644 ---- a/src/svc_auth_des.c -+++ b/src/svc_auth_des.c -@@ -433,7 +433,6 @@ cache_spot(key, name, timestamp) - } - - --#if (defined(sun) || defined(vax) || defined(__FreeBSD__)) - /* - * Local credential handling stuff. - * NOTE: bsd unix dependent. -@@ -528,5 +527,3 @@ invalidate(cred) - } - ((struct bsdcred *)cred)->grouplen = INVALID; - } --#endif -- -diff --git a/src/svc_auth_gss.c b/src/svc_auth_gss.c -index 016357b..0206e5e 100644 ---- a/src/svc_auth_gss.c -+++ b/src/svc_auth_gss.c -@@ -235,28 +235,20 @@ static bool_t - _rpc_gss_fill_in_creds(struct svc_rpc_gss_data *gd, struct rpc_gss_cred *gc) - { - rpc_gss_rawcred_t *rcred = &gd->rcred; -- OM_uint32 maj_stat, min_stat; -- gss_buffer_desc buf; - - rcred->version = gc->gc_v; - if (!rpc_gss_oid_to_mech(gd->sec.mech, &rcred->mechanism)) - return FALSE; - rcred->service = _rpc_gss_svc_to_service(gd->sec.svc); -- maj_stat = gss_export_name(&min_stat, gd->client_name, &buf); -- if (maj_stat != GSS_S_COMPLETE) { -- gss_log_status("gss_export_name", maj_stat, min_stat); -- return FALSE; -- } - - rcred->client_principal = calloc(1, sizeof(rpc_gss_principal_t) + -- buf.length); -- if (rcred->client_principal == NULL) { -- (void)gss_release_buffer(&min_stat, &buf); -+ gd->cname.length); -+ if (rcred->client_principal == NULL) - return FALSE; -- } -- rcred->client_principal->len = buf.length; -- (void)memcpy(rcred->client_principal->name, buf.value, buf.length); -- (void)gss_release_buffer(&min_stat, &buf); -+ -+ rcred->client_principal->len = gd->cname.length; -+ (void)memcpy(rcred->client_principal->name, -+ gd->cname.value, gd->cname.length); - - rcred->svc_principal = _svcauth_svc_name; - -diff --git a/src/svc_generic.c b/src/svc_generic.c -index f49d776..7aae796 100644 ---- a/src/svc_generic.c -+++ b/src/svc_generic.c -@@ -283,6 +283,8 @@ svc_tli_create(fd, nconf, bindaddr, sendsz, recvsz) - xprt->xp_type = __rpc_socktype2seman(si.si_socktype); - - if (nconf) { -+ if (xprt->xp_netid != NULL) -+ free(xprt->xp_netid); - xprt->xp_netid = strdup(nconf->nc_netid); - xprt->xp_tp = strdup(nconf->nc_device); - } -diff --git a/src/svc_run.c b/src/svc_run.c -index 783b1dc..f40314b 100644 ---- a/src/svc_run.c -+++ b/src/svc_run.c -@@ -34,10 +34,11 @@ - #include - #include - #include --#include - #include - #include - #include -+#include -+ - - #include - #include "rpc_com.h" -@@ -46,33 +47,54 @@ - void - svc_run() - { -- fd_set readfds, cleanfds; -- struct timeval timeout; -- extern rwlock_t svc_fd_lock; -+ int i; -+ struct pollfd *my_pollfd = NULL; -+ int last_max_pollfd = 0; -+ -+ for (;;) { -+ int max_pollfd = svc_max_pollfd; -+ if (max_pollfd == 0 && svc_pollfd == NULL) -+ break; -+ -+ if (last_max_pollfd != max_pollfd) -+ { -+ struct pollfd *new_pollfd -+ = realloc (my_pollfd, sizeof (struct pollfd) * max_pollfd); -+ -+ if (new_pollfd == NULL) -+ { -+ warn ("svc_run: - out of memory"); -+ break; -+ } -+ -+ my_pollfd = new_pollfd; -+ last_max_pollfd = max_pollfd; -+ } -+ -+ for (i = 0; i < max_pollfd; ++i) -+ { -+ my_pollfd[i].fd = svc_pollfd[i].fd; -+ my_pollfd[i].events = svc_pollfd[i].events; -+ my_pollfd[i].revents = 0; -+ } - -+ switch (i = poll (my_pollfd, max_pollfd, -1)) -+ { -+ case -1: -+ if (errno == EINTR) -+ continue; -+ warn ("svc_run: - poll failed"); -+ break; -+ case 0: -+ continue; -+ default: -+ svc_getreq_poll (my_pollfd, i); -+ continue; -+ } -+ break; -+ } - -- for (;;) { -- rwlock_rdlock(&svc_fd_lock); -- readfds = svc_fdset; -- cleanfds = svc_fdset; -- rwlock_unlock(&svc_fd_lock); -- timeout.tv_sec = 30; -- timeout.tv_usec = 0; -- switch (select(svc_maxfd+1, &readfds, NULL, NULL, &timeout)) { -- case -1: -- FD_ZERO(&readfds); -- if (errno == EINTR) { -- continue; -- } -- warn("svc_run: - select failed"); -- return; -- case 0: -- __svc_clean_idle(&cleanfds, 30, FALSE); -- continue; -- default: -- svc_getreqset(&readfds); -- } -- } -+ free (my_pollfd); - } - - /* -@@ -85,6 +107,8 @@ svc_exit() - extern rwlock_t svc_fd_lock; - - rwlock_wrlock(&svc_fd_lock); -- FD_ZERO(&svc_fdset); -+ free (svc_pollfd); -+ svc_pollfd = NULL; -+ svc_max_pollfd = 0; - rwlock_unlock(&svc_fd_lock); - } -diff --git a/src/svc_vc.c b/src/svc_vc.c -index 9824631..4bafbcf 100644 ---- a/src/svc_vc.c -+++ b/src/svc_vc.c -@@ -309,7 +309,6 @@ rendezvous_request(xprt, msg) - socklen_t len; - struct __rpc_sockinfo si; - SVCXPRT *newxprt; -- fd_set cleanfds; - - assert(xprt != NULL); - assert(msg != NULL); -@@ -321,13 +320,16 @@ again: - &len)) < 0) { - if (errno == EINTR) - goto again; -- /* -- * Clean out the most idle file descriptor when we're -- * running out. -- */ -+ - if (errno == EMFILE || errno == ENFILE) { -- cleanfds = svc_fdset; -- __svc_clean_idle(&cleanfds, 0, FALSE); -+ /* If there are no file descriptors available, then accept will fail. -+ We want to delay here so the connection request can be dequeued; -+ otherwise we can bounce between polling and accepting, never -+ giving the request a chance to dequeue and eating an enormous -+ amount of cpu time in svc_run if we're polling on many file -+ descriptors. */ -+ struct timespec ts = { .tv_sec = 0, .tv_nsec = 50000000 }; -+ nanosleep (&ts, NULL); - goto again; - } - return (FALSE); -@@ -337,6 +339,8 @@ again: - */ - - newxprt = makefd_xprt(sock, r->sendsize, r->recvsize); -+ if (!newxprt) -+ return (FALSE); - - if (!__rpc_set_netbuf(&newxprt->xp_rtaddr, &addr, len)) - return (FALSE); -@@ -392,6 +396,12 @@ svc_vc_destroy(xprt) - __svc_vc_dodestroy(xprt); - } - -+static bool_t -+__svc_rendezvous_socket(xprt) -+ SVCXPRT *xprt; -+{ -+ return (xprt->xp_ops->xp_recv == rendezvous_request); -+} - static void - __svc_vc_dodestroy(xprt) - SVCXPRT *xprt; -@@ -403,7 +413,7 @@ __svc_vc_dodestroy(xprt) - - if (xprt->xp_fd != RPC_ANYFD) - (void)close(xprt->xp_fd); -- if (xprt->xp_port != 0) { -+ if (__svc_rendezvous_socket(xprt)) { - /* a rendezvouser socket */ - r = (struct cf_rendezvous *)xprt->xp_p1; - mem_free(r, sizeof (struct cf_rendezvous)); -@@ -786,47 +796,17 @@ __rpc_get_local_uid(SVCXPRT *transp, uid_t *uid) { - * rpcbind are known to call this function. Do not alter or remove this - * API without changing the library's sonum. - */ -+/* Since this is an exported interface used by rpcbind, we cannot -+ remove it. But since poll() can handle much more and much higher -+ file descriptors, this code doesn't really work anymore, too. -+ So for now, keep it as dummy function and do nothing to not break -+ existing binaries. If we have ported rpcbind to the poll() interface -+ and find out, that we really need this cleanup stuff (but nobody -+ besides FreeBSD has this), we need to re-implement it using poll(). -+ But this means a new function name with different parameters. For -+ ABI/API compatibility, we cannot reuse this one. */ - bool_t - __svc_clean_idle(fd_set *fds, int timeout, bool_t cleanblock) - { -- int i, ncleaned; -- SVCXPRT *xprt, *least_active; -- struct timeval tv, tdiff, tmax; -- struct cf_conn *cd; -- -- gettimeofday(&tv, NULL); -- tmax.tv_sec = tmax.tv_usec = 0; -- least_active = NULL; -- rwlock_wrlock(&svc_fd_lock); -- for (i = ncleaned = 0; i <= svc_maxfd; i++) { -- if (FD_ISSET(i, fds)) { -- xprt = __svc_xports[i]; -- if (xprt == NULL || xprt->xp_ops == NULL || -- xprt->xp_ops->xp_recv != svc_vc_recv) -- continue; -- cd = (struct cf_conn *)xprt->xp_p1; -- if (!cleanblock && !cd->nonblock) -- continue; -- if (timeout == 0) { -- timersub(&tv, &cd->last_recv_time, &tdiff); -- if (timercmp(&tdiff, &tmax, >)) { -- tmax = tdiff; -- least_active = xprt; -- } -- continue; -- } -- if (tv.tv_sec - cd->last_recv_time.tv_sec > timeout) { -- __xprt_unregister_unlocked(xprt); -- __svc_vc_dodestroy(xprt); -- ncleaned++; -- } -- } -- } -- if (timeout == 0 && least_active != NULL) { -- __xprt_unregister_unlocked(least_active); -- __svc_vc_dodestroy(least_active); -- ncleaned++; -- } -- rwlock_unlock(&svc_fd_lock); -- return ncleaned > 0 ? TRUE : FALSE; -+ return FALSE; - } -diff --git a/src/xdr_sizeof.c b/src/xdr_sizeof.c -index cc5414b..d23fbd1 100644 ---- a/src/xdr_sizeof.c -+++ b/src/xdr_sizeof.c -@@ -90,7 +90,7 @@ x_inline(xdrs, len) - if (xdrs->x_op != XDR_ENCODE) { - return (NULL); - } -- if (len < (u_int)xdrs->x_base) { -+ if (len < (uintptr_t)xdrs->x_base) { - /* x_private was already allocated */ - xdrs->x_handy += len; - return ((int32_t *) xdrs->x_private); -@@ -102,7 +102,7 @@ x_inline(xdrs, len) - xdrs->x_base = 0; - return (NULL); - } -- xdrs->x_base = (caddr_t) len; -+ xdrs->x_base = (caddr_t)(uintptr_t)len; - xdrs->x_handy += len; - return ((int32_t *) xdrs->x_private); - } -diff --git a/tirpc/rpc/auth.h b/tirpc/rpc/auth.h -index 3e44863..e67779c 100644 ---- a/tirpc/rpc/auth.h -+++ b/tirpc/rpc/auth.h -@@ -313,6 +313,8 @@ extern AUTH *authnone_create(void); /* takes no parameters */ - extern "C" { - #endif - extern AUTH *authdes_create (char *, u_int, struct sockaddr *, des_block *); -+extern AUTH *authdes_pk_create (char *, netobj *, u_int, -+ struct sockaddr *, des_block *); - extern AUTH *authdes_seccreate (const char *, const u_int, const char *, - const des_block *); - #ifdef __cplusplus -diff --git a/tirpc/rpc/auth_gss.h b/tirpc/rpc/auth_gss.h -index a17b34b..5316ed6 100644 ---- a/tirpc/rpc/auth_gss.h -+++ b/tirpc/rpc/auth_gss.h -@@ -73,11 +73,6 @@ struct authgss_private_data { - u_int pd_seq_win; /* Sequence window */ - }; - --#define g_OID_equal(o1, o2) \ -- (((o1)->length == (o2)->length) && \ -- ((o1)->elements != 0) && ((o2)->elements != 0) && \ -- (memcmp((o1)->elements, (o2)->elements, (int) (o1)->length) == 0)) -- - /* from kerberos source, gssapi_krb5.c */ - extern gss_OID_desc krb5oid; - extern gss_OID_desc spkm3oid; -diff --git a/tirpc/rpc/svc.h b/tirpc/rpc/svc.h -index 8273c95..1ab6527 100644 ---- a/tirpc/rpc/svc.h -+++ b/tirpc/rpc/svc.h -@@ -88,6 +88,7 @@ enum xprt_stat { - */ - typedef struct __rpc_svcxprt { - int xp_fd; -+#define xp_sock xp_fd - u_short xp_port; /* associated port number */ - const struct xp_ops { - /* receive incoming requests */ -@@ -314,12 +315,10 @@ extern int rpc_reg(rpcprog_t, rpcvers_t, rpcproc_t, - * dynamic; must be inspected before each call to select - */ - extern int svc_maxfd; --#ifdef FD_SETSIZE - extern fd_set svc_fdset; - #define svc_fds svc_fdset.fds_bits[0] /* compatibility */ --#else --extern int svc_fds; --#endif /* def FD_SETSIZE */ -+extern struct pollfd *svc_pollfd; -+extern int svc_max_pollfd; - - /* - * a small program implemented by the svc_rpc implementation itself; -diff --git a/tirpc/rpc/xdr.h b/tirpc/rpc/xdr.h -index 64069ab..80b35ce 100644 ---- a/tirpc/rpc/xdr.h -+++ b/tirpc/rpc/xdr.h -@@ -327,6 +327,7 @@ extern bool_t xdr_hyper(XDR *, quad_t *); - extern bool_t xdr_u_hyper(XDR *, u_quad_t *); - extern bool_t xdr_longlong_t(XDR *, quad_t *); - extern bool_t xdr_u_longlong_t(XDR *, u_quad_t *); -+extern u_long xdr_sizeof(xdrproc_t, void *); - #ifdef __cplusplus - } - #endif diff --git a/libtirpc-1.0.2-CVE-2017-8779.patch b/libtirpc-1.0.2-CVE-2017-8779.patch deleted file mode 100644 index e70a222..0000000 --- a/libtirpc-1.0.2-CVE-2017-8779.patch +++ /dev/null @@ -1,263 +0,0 @@ -commit dd9c7cf4f8f375c6d641b760d124650c418c2ce3 -Author: Guido Vranken -Date: Mon May 15 11:12:21 2017 -0400 - - Fix for CVE-2017-8779 - - Signed-off-by: Steve Dickson - -diff --git a/src/rpc_generic.c b/src/rpc_generic.c -index 2f09a8f..589cbd5 100644 ---- a/src/rpc_generic.c -+++ b/src/rpc_generic.c -@@ -615,6 +615,9 @@ __rpc_taddr2uaddr_af(int af, const struct netbuf *nbuf) - - switch (af) { - case AF_INET: -+ if (nbuf->len < sizeof(*sin)) { -+ return NULL; -+ } - sin = nbuf->buf; - if (inet_ntop(af, &sin->sin_addr, namebuf, sizeof namebuf) - == NULL) -@@ -626,6 +629,9 @@ __rpc_taddr2uaddr_af(int af, const struct netbuf *nbuf) - break; - #ifdef INET6 - case AF_INET6: -+ if (nbuf->len < sizeof(*sin6)) { -+ return NULL; -+ } - sin6 = nbuf->buf; - if (inet_ntop(af, &sin6->sin6_addr, namebuf6, sizeof namebuf6) - == NULL) -@@ -667,6 +673,8 @@ __rpc_uaddr2taddr_af(int af, const char *uaddr) - - port = 0; - sin = NULL; -+ if (uaddr == NULL) -+ return NULL; - addrstr = strdup(uaddr); - if (addrstr == NULL) - return NULL; -diff --git a/src/rpcb_prot.c b/src/rpcb_prot.c -index 43fd385..a923c8e 100644 ---- a/src/rpcb_prot.c -+++ b/src/rpcb_prot.c -@@ -41,6 +41,7 @@ - #include - #include - #include -+#include "rpc_com.h" - - bool_t - xdr_rpcb(xdrs, objp) -@@ -53,13 +54,13 @@ xdr_rpcb(xdrs, objp) - if (!xdr_u_int32_t(xdrs, &objp->r_vers)) { - return (FALSE); - } -- if (!xdr_string(xdrs, &objp->r_netid, (u_int)~0)) { -+ if (!xdr_string(xdrs, &objp->r_netid, RPC_MAXDATASIZE)) { - return (FALSE); - } -- if (!xdr_string(xdrs, &objp->r_addr, (u_int)~0)) { -+ if (!xdr_string(xdrs, &objp->r_addr, RPC_MAXDATASIZE)) { - return (FALSE); - } -- if (!xdr_string(xdrs, &objp->r_owner, (u_int)~0)) { -+ if (!xdr_string(xdrs, &objp->r_owner, RPC_MAXDATASIZE)) { - return (FALSE); - } - return (TRUE); -@@ -159,19 +160,19 @@ xdr_rpcb_entry(xdrs, objp) - XDR *xdrs; - rpcb_entry *objp; - { -- if (!xdr_string(xdrs, &objp->r_maddr, (u_int)~0)) { -+ if (!xdr_string(xdrs, &objp->r_maddr, RPC_MAXDATASIZE)) { - return (FALSE); - } -- if (!xdr_string(xdrs, &objp->r_nc_netid, (u_int)~0)) { -+ if (!xdr_string(xdrs, &objp->r_nc_netid, RPC_MAXDATASIZE)) { - return (FALSE); - } - if (!xdr_u_int32_t(xdrs, &objp->r_nc_semantics)) { - return (FALSE); - } -- if (!xdr_string(xdrs, &objp->r_nc_protofmly, (u_int)~0)) { -+ if (!xdr_string(xdrs, &objp->r_nc_protofmly, RPC_MAXDATASIZE)) { - return (FALSE); - } -- if (!xdr_string(xdrs, &objp->r_nc_proto, (u_int)~0)) { -+ if (!xdr_string(xdrs, &objp->r_nc_proto, RPC_MAXDATASIZE)) { - return (FALSE); - } - return (TRUE); -@@ -292,7 +293,7 @@ xdr_rpcb_rmtcallres(xdrs, p) - bool_t dummy; - struct r_rpcb_rmtcallres *objp = (struct r_rpcb_rmtcallres *)(void *)p; - -- if (!xdr_string(xdrs, &objp->addr, (u_int)~0)) { -+ if (!xdr_string(xdrs, &objp->addr, RPC_MAXDATASIZE)) { - return (FALSE); - } - if (!xdr_u_int(xdrs, &objp->results.results_len)) { -@@ -312,6 +313,11 @@ xdr_netbuf(xdrs, objp) - if (!xdr_u_int32_t(xdrs, (u_int32_t *) &objp->maxlen)) { - return (FALSE); - } -+ -+ if (objp->maxlen > RPC_MAXDATASIZE) { -+ return (FALSE); -+ } -+ - dummy = xdr_bytes(xdrs, (char **)&(objp->buf), - (u_int *)&(objp->len), objp->maxlen); - return (dummy); -diff --git a/src/rpcb_st_xdr.c b/src/rpcb_st_xdr.c -index 08db745..28e6a48 100644 ---- a/src/rpcb_st_xdr.c -+++ b/src/rpcb_st_xdr.c -@@ -37,6 +37,7 @@ - - - #include -+#include "rpc_com.h" - - /* Link list of all the stats about getport and getaddr */ - -@@ -58,7 +59,7 @@ xdr_rpcbs_addrlist(xdrs, objp) - if (!xdr_int(xdrs, &objp->failure)) { - return (FALSE); - } -- if (!xdr_string(xdrs, &objp->netid, (u_int)~0)) { -+ if (!xdr_string(xdrs, &objp->netid, RPC_MAXDATASIZE)) { - return (FALSE); - } - -@@ -109,7 +110,7 @@ xdr_rpcbs_rmtcalllist(xdrs, objp) - IXDR_PUT_INT32(buf, objp->failure); - IXDR_PUT_INT32(buf, objp->indirect); - } -- if (!xdr_string(xdrs, &objp->netid, (u_int)~0)) { -+ if (!xdr_string(xdrs, &objp->netid, RPC_MAXDATASIZE)) { - return (FALSE); - } - if (!xdr_pointer(xdrs, (char **)&objp->next, -@@ -147,7 +148,7 @@ xdr_rpcbs_rmtcalllist(xdrs, objp) - objp->failure = (int)IXDR_GET_INT32(buf); - objp->indirect = (int)IXDR_GET_INT32(buf); - } -- if (!xdr_string(xdrs, &objp->netid, (u_int)~0)) { -+ if (!xdr_string(xdrs, &objp->netid, RPC_MAXDATASIZE)) { - return (FALSE); - } - if (!xdr_pointer(xdrs, (char **)&objp->next, -@@ -175,7 +176,7 @@ xdr_rpcbs_rmtcalllist(xdrs, objp) - if (!xdr_int(xdrs, &objp->indirect)) { - return (FALSE); - } -- if (!xdr_string(xdrs, &objp->netid, (u_int)~0)) { -+ if (!xdr_string(xdrs, &objp->netid, RPC_MAXDATASIZE)) { - return (FALSE); - } - if (!xdr_pointer(xdrs, (char **)&objp->next, -diff --git a/src/xdr.c b/src/xdr.c -index f3fb9ad..b9a1558 100644 ---- a/src/xdr.c -+++ b/src/xdr.c -@@ -42,8 +42,10 @@ - #include - #include - -+#include - #include - #include -+#include - - typedef quad_t longlong_t; /* ANSI long long type */ - typedef u_quad_t u_longlong_t; /* ANSI unsigned long long type */ -@@ -53,7 +55,6 @@ typedef u_quad_t u_longlong_t; /* ANSI unsigned long long type */ - */ - #define XDR_FALSE ((long) 0) - #define XDR_TRUE ((long) 1) --#define LASTUNSIGNED ((u_int) 0-1) - - /* - * for unit alignment -@@ -629,6 +630,7 @@ xdr_bytes(xdrs, cpp, sizep, maxsize) - { - char *sp = *cpp; /* sp is the actual string pointer */ - u_int nodesize; -+ bool_t ret, allocated = FALSE; - - /* - * first deal with the length since xdr bytes are counted -@@ -652,6 +654,7 @@ xdr_bytes(xdrs, cpp, sizep, maxsize) - } - if (sp == NULL) { - *cpp = sp = mem_alloc(nodesize); -+ allocated = TRUE; - } - if (sp == NULL) { - warnx("xdr_bytes: out of memory"); -@@ -660,7 +663,14 @@ xdr_bytes(xdrs, cpp, sizep, maxsize) - /* FALLTHROUGH */ - - case XDR_ENCODE: -- return (xdr_opaque(xdrs, sp, nodesize)); -+ ret = xdr_opaque(xdrs, sp, nodesize); -+ if ((xdrs->x_op == XDR_DECODE) && (ret == FALSE)) { -+ if (allocated == TRUE) { -+ free(sp); -+ *cpp = NULL; -+ } -+ } -+ return (ret); - - case XDR_FREE: - if (sp != NULL) { -@@ -754,6 +764,7 @@ xdr_string(xdrs, cpp, maxsize) - char *sp = *cpp; /* sp is the actual string pointer */ - u_int size; - u_int nodesize; -+ bool_t ret, allocated = FALSE; - - /* - * first deal with the length since xdr strings are counted-strings -@@ -793,8 +804,10 @@ xdr_string(xdrs, cpp, maxsize) - switch (xdrs->x_op) { - - case XDR_DECODE: -- if (sp == NULL) -+ if (sp == NULL) { - *cpp = sp = mem_alloc(nodesize); -+ allocated = TRUE; -+ } - if (sp == NULL) { - warnx("xdr_string: out of memory"); - return (FALSE); -@@ -803,7 +816,14 @@ xdr_string(xdrs, cpp, maxsize) - /* FALLTHROUGH */ - - case XDR_ENCODE: -- return (xdr_opaque(xdrs, sp, size)); -+ ret = xdr_opaque(xdrs, sp, size); -+ if ((xdrs->x_op == XDR_DECODE) && (ret == FALSE)) { -+ if (allocated == TRUE) { -+ free(sp); -+ *cpp = NULL; -+ } -+ } -+ return (ret); - - case XDR_FREE: - mem_free(sp, nodesize); -@@ -823,7 +843,7 @@ xdr_wrapstring(xdrs, cpp) - XDR *xdrs; - char **cpp; - { -- return xdr_string(xdrs, cpp, LASTUNSIGNED); -+ return xdr_string(xdrs, cpp, RPC_MAXDATASIZE); - } - - /* diff --git a/libtirpc-1.0.2-rc1.patch b/libtirpc-1.0.2-rc1.patch deleted file mode 100644 index b571c6d..0000000 --- a/libtirpc-1.0.2-rc1.patch +++ /dev/null @@ -1,365 +0,0 @@ -diff --git a/src/svc.c b/src/svc.c -index 9c41445..b59467b 100644 ---- a/src/svc.c -+++ b/src/svc.c -@@ -99,7 +99,7 @@ xprt_register (xprt) - { - __svc_xports = (SVCXPRT **) calloc (_rpc_dtablesize(), sizeof (SVCXPRT *)); - if (__svc_xports == NULL) -- return; -+ goto unlock; - } - if (sock < _rpc_dtablesize()) - { -@@ -120,14 +120,14 @@ xprt_register (xprt) - svc_pollfd[i].fd = sock; - svc_pollfd[i].events = (POLLIN | POLLPRI | - POLLRDNORM | POLLRDBAND); -- return; -+ goto unlock; - } - - new_svc_pollfd = (struct pollfd *) realloc (svc_pollfd, - sizeof (struct pollfd) - * (svc_max_pollfd + 1)); - if (new_svc_pollfd == NULL) /* Out of memory */ -- return; -+ goto unlock; - svc_pollfd = new_svc_pollfd; - ++svc_max_pollfd; - -@@ -135,6 +135,7 @@ xprt_register (xprt) - svc_pollfd[svc_max_pollfd - 1].events = (POLLIN | POLLPRI | - POLLRDNORM | POLLRDBAND); - } -+unlock: - rwlock_unlock (&svc_fd_lock); - } - -diff --git a/src/svc_auth_gss.c b/src/svc_auth_gss.c -index b6aa407..bece46a 100644 ---- a/src/svc_auth_gss.c -+++ b/src/svc_auth_gss.c -@@ -129,6 +129,8 @@ struct svc_rpc_gss_data { - ((struct svc_rpc_gss_data *)(auth)->svc_ah_private) - - /* Global server credentials. */ -+static u_int _svcauth_req_time = 0; -+static gss_OID_set_desc _svcauth_oid_set = {1, GSS_C_NULL_OID }; - static gss_cred_id_t _svcauth_gss_creds; - static gss_name_t _svcauth_gss_name = GSS_C_NO_NAME; - static char * _svcauth_svc_name = NULL; -@@ -167,6 +169,7 @@ svcauth_gss_import_name(char *service) - gss_name_t name; - gss_buffer_desc namebuf; - OM_uint32 maj_stat, min_stat; -+ bool_t result; - - gss_log_debug("in svcauth_gss_import_name()"); - -@@ -181,22 +184,21 @@ svcauth_gss_import_name(char *service) - maj_stat, min_stat); - return (FALSE); - } -- if (svcauth_gss_set_svc_name(name) != TRUE) { -- gss_release_name(&min_stat, &name); -- return (FALSE); -- } -- return (TRUE); -+ result = svcauth_gss_set_svc_name(name); -+ gss_release_name(&min_stat, &name); -+ return result; - } - - static bool_t --svcauth_gss_acquire_cred(u_int req_time, gss_OID_set_desc *oid_set) -+svcauth_gss_acquire_cred(void) - { - OM_uint32 maj_stat, min_stat; - - gss_log_debug("in svcauth_gss_acquire_cred()"); - -- maj_stat = gss_acquire_cred(&min_stat, _svcauth_gss_name, req_time, -- oid_set, GSS_C_ACCEPT, -+ maj_stat = gss_acquire_cred(&min_stat, _svcauth_gss_name, -+ _svcauth_req_time, &_svcauth_oid_set, -+ GSS_C_ACCEPT, - &_svcauth_gss_creds, NULL, NULL); - - if (maj_stat != GSS_S_COMPLETE) { -@@ -300,6 +302,8 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst, - NULL, - &gd->deleg); - -+ xdr_free((xdrproc_t)xdr_rpc_gss_init_args, (caddr_t)&recv_tok); -+ - if (gr->gr_major != GSS_S_COMPLETE && - gr->gr_major != GSS_S_CONTINUE_NEEDED) { - gss_log_status("svcauth_gss_accept_sec_context: accept_sec_context", -@@ -352,8 +356,11 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst, - return (FALSE); - - rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS; -- rqst->rq_xprt->xp_verf.oa_base = checksum.value; -+ memcpy(rqst->rq_xprt->xp_verf.oa_base, checksum.value, -+ checksum.length); - rqst->rq_xprt->xp_verf.oa_length = checksum.length; -+ -+ gss_release_buffer(&min_stat, &checksum); - } - return (TRUE); - } -@@ -435,10 +442,13 @@ svcauth_gss_nextverf(struct svc_req *rqst, u_int num) - maj_stat, min_stat); - return (FALSE); - } -+ - rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS; -- rqst->rq_xprt->xp_verf.oa_base = (caddr_t)checksum.value; -+ memcpy(rqst->rq_xprt->xp_verf.oa_base, checksum.value, checksum.length); - rqst->rq_xprt->xp_verf.oa_length = (u_int)checksum.length; - -+ gss_release_buffer(&min_stat, &checksum); -+ - return (TRUE); - } - -@@ -568,6 +578,8 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) - gss_qop_t qop; - struct svcauth_gss_cache_entry **ce; - time_t now; -+ enum auth_stat result = AUTH_OK; -+ OM_uint32 min_stat; - - gss_log_debug("in svcauth_gss()"); - -@@ -621,19 +633,25 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) - XDR_DESTROY(&xdrs); - - /* Check version. */ -- if (gc->gc_v != RPCSEC_GSS_VERSION) -- return (AUTH_BADCRED); -+ if (gc->gc_v != RPCSEC_GSS_VERSION) { -+ result = AUTH_BADCRED; -+ goto out; -+ } - - /* Check RPCSEC_GSS service. */ - if (gc->gc_svc != RPCSEC_GSS_SVC_NONE && - gc->gc_svc != RPCSEC_GSS_SVC_INTEGRITY && -- gc->gc_svc != RPCSEC_GSS_SVC_PRIVACY) -- return (AUTH_BADCRED); -+ gc->gc_svc != RPCSEC_GSS_SVC_PRIVACY) { -+ result = AUTH_BADCRED; -+ goto out; -+ } - - /* Check sequence number. */ - if (gd->established) { -- if (gc->gc_seq > MAXSEQ) -- return (RPCSEC_GSS_CTXPROBLEM); -+ if (gc->gc_seq > MAXSEQ) { -+ result = RPCSEC_GSS_CTXPROBLEM; -+ goto out; -+ } - - if ((offset = gd->seqlast - gc->gc_seq) < 0) { - gd->seqlast = gc->gc_seq; -@@ -643,7 +661,8 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) - } - else if (offset >= gd->win || (gd->seqmask & (1 << offset))) { - *no_dispatch = 1; -- return (RPCSEC_GSS_CTXPROBLEM); -+ result = RPCSEC_GSS_CTXPROBLEM; -+ goto out; - } - gd->seq = gc->gc_seq; - gd->seqmask |= (1 << offset); -@@ -654,35 +673,52 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) - rqst->rq_svcname = (char *)gd->ctx; - } - -+ rqst->rq_xprt->xp_verf.oa_base = msg->rm_call.cb_verf.oa_base; -+ - /* Handle RPCSEC_GSS control procedure. */ - switch (gc->gc_proc) { - - case RPCSEC_GSS_INIT: - case RPCSEC_GSS_CONTINUE_INIT: -- if (rqst->rq_proc != NULLPROC) -- return (AUTH_FAILED); /* XXX ? */ -+ if (rqst->rq_proc != NULLPROC) { -+ result = AUTH_FAILED; /* XXX ? */ -+ break; -+ } - - if (_svcauth_gss_name == GSS_C_NO_NAME) { -- if (!svcauth_gss_import_name("nfs")) -- return (AUTH_FAILED); -+ if (!svcauth_gss_import_name("nfs")) { -+ result = AUTH_FAILED; -+ break; -+ } - } - -- if (!svcauth_gss_acquire_cred(0, GSS_C_NULL_OID_SET)) -- return (AUTH_FAILED); -+ if (!svcauth_gss_acquire_cred()) { -+ result = AUTH_FAILED; -+ break; -+ } - -- if (!svcauth_gss_accept_sec_context(rqst, &gr)) -- return (AUTH_REJECTEDCRED); -+ if (!svcauth_gss_accept_sec_context(rqst, &gr)) { -+ result = AUTH_REJECTEDCRED; -+ break; -+ } - -- if (!svcauth_gss_nextverf(rqst, htonl(gr.gr_win))) -- return (AUTH_FAILED); -+ if (!svcauth_gss_nextverf(rqst, htonl(gr.gr_win))) { -+ result = AUTH_FAILED; -+ break; -+ } - - *no_dispatch = TRUE; - - call_stat = svc_sendreply(rqst->rq_xprt, - (xdrproc_t)xdr_rpc_gss_init_res, (caddr_t)&gr); - -- if (!call_stat) -- return (AUTH_FAILED); -+ gss_release_buffer(&min_stat, &gr.gr_token); -+ free(gr.gr_ctx.value); -+ -+ if (!call_stat) { -+ result = AUTH_FAILED; -+ break; -+ } - - if (gr.gr_major == GSS_S_COMPLETE) - gd->established = TRUE; -@@ -690,27 +726,37 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) - break; - - case RPCSEC_GSS_DATA: -- if (!svcauth_gss_validate(gd, msg, &qop)) -- return (RPCSEC_GSS_CREDPROBLEM); -+ if (!svcauth_gss_validate(gd, msg, &qop)) { -+ result = RPCSEC_GSS_CREDPROBLEM; -+ break; -+ } - -- if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) -- return (AUTH_FAILED); -+ if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) { -+ result = AUTH_FAILED; -+ break; -+ } - - if (!gd->callback_done) { - gd->callback_done = TRUE; - gd->sec.qop = qop; - (void)rpc_gss_num_to_qop(gd->rcred.mechanism, - gd->sec.qop, &gd->rcred.qop); -- if (!svcauth_gss_callback(rqst, gd)) -- return (AUTH_REJECTEDCRED); -+ if (!svcauth_gss_callback(rqst, gd)) { -+ result = AUTH_REJECTEDCRED; -+ break; -+ } - } - - if (gd->locked) { - if (gd->rcred.service != -- _rpc_gss_svc_to_service(gc->gc_svc)) -- return (AUTH_FAILED); -- if (gd->sec.qop != qop) -- return (AUTH_BADVERF); -+ _rpc_gss_svc_to_service(gc->gc_svc)) { -+ result = AUTH_FAILED; -+ break; -+ } -+ if (gd->sec.qop != qop) { -+ result = AUTH_BADVERF; -+ break; -+ } - } - - if (gd->sec.qop != qop) { -@@ -724,17 +770,25 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) - break; - - case RPCSEC_GSS_DESTROY: -- if (rqst->rq_proc != NULLPROC) -- return (AUTH_FAILED); /* XXX ? */ -+ if (rqst->rq_proc != NULLPROC) { -+ result = AUTH_FAILED; /* XXX ? */ -+ break; -+ } - -- if (!svcauth_gss_validate(gd, msg, &qop)) -- return (RPCSEC_GSS_CREDPROBLEM); -+ if (!svcauth_gss_validate(gd, msg, &qop)) { -+ result = RPCSEC_GSS_CREDPROBLEM; -+ break; -+ } - -- if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) -- return (AUTH_FAILED); -+ if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) { -+ result = AUTH_FAILED; -+ break; -+ } - -- if (!svcauth_gss_release_cred()) -- return (AUTH_FAILED); -+ if (!svcauth_gss_release_cred()) { -+ result = AUTH_FAILED; -+ break; -+ } - - SVCAUTH_DESTROY(&SVC_XP_AUTH(rqst->rq_xprt)); - SVC_XP_AUTH(rqst->rq_xprt).svc_ah_ops = svc_auth_none.svc_ah_ops; -@@ -743,10 +797,12 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) - break; - - default: -- return (AUTH_REJECTEDCRED); -+ result = AUTH_REJECTEDCRED; - break; - } -- return (AUTH_OK); -+out: -+ xdr_free((xdrproc_t)xdr_rpc_gss_cred, (caddr_t)gc); -+ return result; - } - - static bool_t -@@ -890,7 +946,6 @@ bool_t - rpc_gss_set_svc_name(char *principal, char *mechanism, u_int req_time, - u_int UNUSED(program), u_int UNUSED(version)) - { -- gss_OID_set_desc oid_set; - rpc_gss_OID oid; - char *save; - -@@ -902,14 +957,13 @@ rpc_gss_set_svc_name(char *principal, char *mechanism, u_int req_time, - - if (!rpc_gss_mech_to_oid(mechanism, &oid)) - goto out_err; -- oid_set.count = 1; -- oid_set.elements = (gss_OID)oid; - - if (!svcauth_gss_import_name(principal)) - goto out_err; -- if (!svcauth_gss_acquire_cred(req_time, &oid_set)) -- goto out_err; - -+ _svcauth_req_time = req_time; -+ _svcauth_oid_set.count = 1; -+ _svcauth_oid_set.elements = (gss_OID)oid; - free(_svcauth_svc_name); - _svcauth_svc_name = save; - return TRUE; diff --git a/libtirpc-1.0.2-rc2.patch b/libtirpc-1.0.2-rc2.patch deleted file mode 100644 index 3c8eb05..0000000 --- a/libtirpc-1.0.2-rc2.patch +++ /dev/null @@ -1,544 +0,0 @@ -diff --git a/src/rpc_dtablesize.c b/src/rpc_dtablesize.c -index 13d320c..3fe503a 100644 ---- a/src/rpc_dtablesize.c -+++ b/src/rpc_dtablesize.c -@@ -27,22 +27,14 @@ - */ - - #include -- - #include -- --int _rpc_dtablesize(void); /* XXX */ -+#include -+#include - - /* - * Cache the result of getdtablesize(), so we don't have to do an - * expensive system call every time. - */ --/* -- * XXX In FreeBSD 2.x, you can have the maximum number of open file -- * descriptors be greater than FD_SETSIZE (which us 256 by default). -- * -- * Since old programs tend to use this call to determine the first arg -- * for _select(), having this return > FD_SETSIZE is a Bad Idea(TM)! -- */ - int - _rpc_dtablesize(void) - { -diff --git a/src/rtime.c b/src/rtime.c -index c34e0af..b642840 100644 ---- a/src/rtime.c -+++ b/src/rtime.c -@@ -46,6 +46,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -67,7 +68,8 @@ rtime(addrp, timep, timeout) - struct timeval *timeout; - { - int s; -- fd_set readfds; -+ struct pollfd fd; -+ int milliseconds; - int res; - unsigned long thetime; - struct sockaddr_in from; -@@ -94,31 +96,32 @@ rtime(addrp, timep, timeout) - addrp->sin_port = serv->s_port; - - if (type == SOCK_DGRAM) { -- res = sendto(s, (char *)&thetime, sizeof(thetime), 0, -+ res = sendto(s, (char *)&thetime, sizeof(thetime), 0, - (struct sockaddr *)addrp, sizeof(*addrp)); - if (res < 0) { - do_close(s); -- return(-1); -+ return(-1); - } -- do { -- FD_ZERO(&readfds); -- FD_SET(s, &readfds); -- res = select(_rpc_dtablesize(), &readfds, -- (fd_set *)NULL, (fd_set *)NULL, timeout); -- } while (res < 0 && errno == EINTR); -+ -+ milliseconds = (timeout->tv_sec * 1000) + (timeout->tv_usec / 1000); -+ fd.fd = s; -+ fd.events = POLLIN; -+ do -+ res = poll (&fd, 1, milliseconds); -+ while (res < 0 && errno == EINTR); - if (res <= 0) { - if (res == 0) { - errno = ETIMEDOUT; - } - do_close(s); -- return(-1); -+ return(-1); - } - fromlen = sizeof(from); -- res = recvfrom(s, (char *)&thetime, sizeof(thetime), 0, -+ res = recvfrom(s, (char *)&thetime, sizeof(thetime), 0, - (struct sockaddr *)&from, &fromlen); - do_close(s); - if (res < 0) { -- return(-1); -+ return(-1); - } - } else { - if (connect(s, (struct sockaddr *)addrp, sizeof(*addrp)) < 0) { -diff --git a/src/svc.c b/src/svc.c -index 9c41445..b59467b 100644 ---- a/src/svc.c -+++ b/src/svc.c -@@ -99,7 +99,7 @@ xprt_register (xprt) - { - __svc_xports = (SVCXPRT **) calloc (_rpc_dtablesize(), sizeof (SVCXPRT *)); - if (__svc_xports == NULL) -- return; -+ goto unlock; - } - if (sock < _rpc_dtablesize()) - { -@@ -120,14 +120,14 @@ xprt_register (xprt) - svc_pollfd[i].fd = sock; - svc_pollfd[i].events = (POLLIN | POLLPRI | - POLLRDNORM | POLLRDBAND); -- return; -+ goto unlock; - } - - new_svc_pollfd = (struct pollfd *) realloc (svc_pollfd, - sizeof (struct pollfd) - * (svc_max_pollfd + 1)); - if (new_svc_pollfd == NULL) /* Out of memory */ -- return; -+ goto unlock; - svc_pollfd = new_svc_pollfd; - ++svc_max_pollfd; - -@@ -135,6 +135,7 @@ xprt_register (xprt) - svc_pollfd[svc_max_pollfd - 1].events = (POLLIN | POLLPRI | - POLLRDNORM | POLLRDBAND); - } -+unlock: - rwlock_unlock (&svc_fd_lock); - } - -diff --git a/src/svc_auth_des.c b/src/svc_auth_des.c -index 5bc264c..2e90146 100644 ---- a/src/svc_auth_des.c -+++ b/src/svc_auth_des.c -@@ -86,13 +86,13 @@ static struct cache_entry *authdes_cache/* [AUTHDES_CACHESZ] */; - static short *authdes_lru/* [AUTHDES_CACHESZ] */; - - static void cache_init(); /* initialize the cache */ --static short cache_spot(); /* find an entry in the cache */ --static void cache_ref(/*short sid*/); /* note that sid was ref'd */ -+static short cache_spot(des_block *key, char *name, struct timeval *timestamp); /* find an entry in the cache */ -+static void cache_ref(short sid); /* note that sid was ref'd */ - --static void invalidate(); /* invalidate entry in cache */ -+static void invalidate(char *cred); /* invalidate entry in cache */ - - /* -- * cache statistics -+ * cache statistics - */ - static struct { - u_long ncachehits; /* times cache hit, and is not replay */ -diff --git a/src/svc_auth_gss.c b/src/svc_auth_gss.c -index b6aa407..bece46a 100644 ---- a/src/svc_auth_gss.c -+++ b/src/svc_auth_gss.c -@@ -129,6 +129,8 @@ struct svc_rpc_gss_data { - ((struct svc_rpc_gss_data *)(auth)->svc_ah_private) - - /* Global server credentials. */ -+static u_int _svcauth_req_time = 0; -+static gss_OID_set_desc _svcauth_oid_set = {1, GSS_C_NULL_OID }; - static gss_cred_id_t _svcauth_gss_creds; - static gss_name_t _svcauth_gss_name = GSS_C_NO_NAME; - static char * _svcauth_svc_name = NULL; -@@ -167,6 +169,7 @@ svcauth_gss_import_name(char *service) - gss_name_t name; - gss_buffer_desc namebuf; - OM_uint32 maj_stat, min_stat; -+ bool_t result; - - gss_log_debug("in svcauth_gss_import_name()"); - -@@ -181,22 +184,21 @@ svcauth_gss_import_name(char *service) - maj_stat, min_stat); - return (FALSE); - } -- if (svcauth_gss_set_svc_name(name) != TRUE) { -- gss_release_name(&min_stat, &name); -- return (FALSE); -- } -- return (TRUE); -+ result = svcauth_gss_set_svc_name(name); -+ gss_release_name(&min_stat, &name); -+ return result; - } - - static bool_t --svcauth_gss_acquire_cred(u_int req_time, gss_OID_set_desc *oid_set) -+svcauth_gss_acquire_cred(void) - { - OM_uint32 maj_stat, min_stat; - - gss_log_debug("in svcauth_gss_acquire_cred()"); - -- maj_stat = gss_acquire_cred(&min_stat, _svcauth_gss_name, req_time, -- oid_set, GSS_C_ACCEPT, -+ maj_stat = gss_acquire_cred(&min_stat, _svcauth_gss_name, -+ _svcauth_req_time, &_svcauth_oid_set, -+ GSS_C_ACCEPT, - &_svcauth_gss_creds, NULL, NULL); - - if (maj_stat != GSS_S_COMPLETE) { -@@ -300,6 +302,8 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst, - NULL, - &gd->deleg); - -+ xdr_free((xdrproc_t)xdr_rpc_gss_init_args, (caddr_t)&recv_tok); -+ - if (gr->gr_major != GSS_S_COMPLETE && - gr->gr_major != GSS_S_CONTINUE_NEEDED) { - gss_log_status("svcauth_gss_accept_sec_context: accept_sec_context", -@@ -352,8 +356,11 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst, - return (FALSE); - - rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS; -- rqst->rq_xprt->xp_verf.oa_base = checksum.value; -+ memcpy(rqst->rq_xprt->xp_verf.oa_base, checksum.value, -+ checksum.length); - rqst->rq_xprt->xp_verf.oa_length = checksum.length; -+ -+ gss_release_buffer(&min_stat, &checksum); - } - return (TRUE); - } -@@ -435,10 +442,13 @@ svcauth_gss_nextverf(struct svc_req *rqst, u_int num) - maj_stat, min_stat); - return (FALSE); - } -+ - rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS; -- rqst->rq_xprt->xp_verf.oa_base = (caddr_t)checksum.value; -+ memcpy(rqst->rq_xprt->xp_verf.oa_base, checksum.value, checksum.length); - rqst->rq_xprt->xp_verf.oa_length = (u_int)checksum.length; - -+ gss_release_buffer(&min_stat, &checksum); -+ - return (TRUE); - } - -@@ -568,6 +578,8 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) - gss_qop_t qop; - struct svcauth_gss_cache_entry **ce; - time_t now; -+ enum auth_stat result = AUTH_OK; -+ OM_uint32 min_stat; - - gss_log_debug("in svcauth_gss()"); - -@@ -621,19 +633,25 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) - XDR_DESTROY(&xdrs); - - /* Check version. */ -- if (gc->gc_v != RPCSEC_GSS_VERSION) -- return (AUTH_BADCRED); -+ if (gc->gc_v != RPCSEC_GSS_VERSION) { -+ result = AUTH_BADCRED; -+ goto out; -+ } - - /* Check RPCSEC_GSS service. */ - if (gc->gc_svc != RPCSEC_GSS_SVC_NONE && - gc->gc_svc != RPCSEC_GSS_SVC_INTEGRITY && -- gc->gc_svc != RPCSEC_GSS_SVC_PRIVACY) -- return (AUTH_BADCRED); -+ gc->gc_svc != RPCSEC_GSS_SVC_PRIVACY) { -+ result = AUTH_BADCRED; -+ goto out; -+ } - - /* Check sequence number. */ - if (gd->established) { -- if (gc->gc_seq > MAXSEQ) -- return (RPCSEC_GSS_CTXPROBLEM); -+ if (gc->gc_seq > MAXSEQ) { -+ result = RPCSEC_GSS_CTXPROBLEM; -+ goto out; -+ } - - if ((offset = gd->seqlast - gc->gc_seq) < 0) { - gd->seqlast = gc->gc_seq; -@@ -643,7 +661,8 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) - } - else if (offset >= gd->win || (gd->seqmask & (1 << offset))) { - *no_dispatch = 1; -- return (RPCSEC_GSS_CTXPROBLEM); -+ result = RPCSEC_GSS_CTXPROBLEM; -+ goto out; - } - gd->seq = gc->gc_seq; - gd->seqmask |= (1 << offset); -@@ -654,35 +673,52 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) - rqst->rq_svcname = (char *)gd->ctx; - } - -+ rqst->rq_xprt->xp_verf.oa_base = msg->rm_call.cb_verf.oa_base; -+ - /* Handle RPCSEC_GSS control procedure. */ - switch (gc->gc_proc) { - - case RPCSEC_GSS_INIT: - case RPCSEC_GSS_CONTINUE_INIT: -- if (rqst->rq_proc != NULLPROC) -- return (AUTH_FAILED); /* XXX ? */ -+ if (rqst->rq_proc != NULLPROC) { -+ result = AUTH_FAILED; /* XXX ? */ -+ break; -+ } - - if (_svcauth_gss_name == GSS_C_NO_NAME) { -- if (!svcauth_gss_import_name("nfs")) -- return (AUTH_FAILED); -+ if (!svcauth_gss_import_name("nfs")) { -+ result = AUTH_FAILED; -+ break; -+ } - } - -- if (!svcauth_gss_acquire_cred(0, GSS_C_NULL_OID_SET)) -- return (AUTH_FAILED); -+ if (!svcauth_gss_acquire_cred()) { -+ result = AUTH_FAILED; -+ break; -+ } - -- if (!svcauth_gss_accept_sec_context(rqst, &gr)) -- return (AUTH_REJECTEDCRED); -+ if (!svcauth_gss_accept_sec_context(rqst, &gr)) { -+ result = AUTH_REJECTEDCRED; -+ break; -+ } - -- if (!svcauth_gss_nextverf(rqst, htonl(gr.gr_win))) -- return (AUTH_FAILED); -+ if (!svcauth_gss_nextverf(rqst, htonl(gr.gr_win))) { -+ result = AUTH_FAILED; -+ break; -+ } - - *no_dispatch = TRUE; - - call_stat = svc_sendreply(rqst->rq_xprt, - (xdrproc_t)xdr_rpc_gss_init_res, (caddr_t)&gr); - -- if (!call_stat) -- return (AUTH_FAILED); -+ gss_release_buffer(&min_stat, &gr.gr_token); -+ free(gr.gr_ctx.value); -+ -+ if (!call_stat) { -+ result = AUTH_FAILED; -+ break; -+ } - - if (gr.gr_major == GSS_S_COMPLETE) - gd->established = TRUE; -@@ -690,27 +726,37 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) - break; - - case RPCSEC_GSS_DATA: -- if (!svcauth_gss_validate(gd, msg, &qop)) -- return (RPCSEC_GSS_CREDPROBLEM); -+ if (!svcauth_gss_validate(gd, msg, &qop)) { -+ result = RPCSEC_GSS_CREDPROBLEM; -+ break; -+ } - -- if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) -- return (AUTH_FAILED); -+ if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) { -+ result = AUTH_FAILED; -+ break; -+ } - - if (!gd->callback_done) { - gd->callback_done = TRUE; - gd->sec.qop = qop; - (void)rpc_gss_num_to_qop(gd->rcred.mechanism, - gd->sec.qop, &gd->rcred.qop); -- if (!svcauth_gss_callback(rqst, gd)) -- return (AUTH_REJECTEDCRED); -+ if (!svcauth_gss_callback(rqst, gd)) { -+ result = AUTH_REJECTEDCRED; -+ break; -+ } - } - - if (gd->locked) { - if (gd->rcred.service != -- _rpc_gss_svc_to_service(gc->gc_svc)) -- return (AUTH_FAILED); -- if (gd->sec.qop != qop) -- return (AUTH_BADVERF); -+ _rpc_gss_svc_to_service(gc->gc_svc)) { -+ result = AUTH_FAILED; -+ break; -+ } -+ if (gd->sec.qop != qop) { -+ result = AUTH_BADVERF; -+ break; -+ } - } - - if (gd->sec.qop != qop) { -@@ -724,17 +770,25 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) - break; - - case RPCSEC_GSS_DESTROY: -- if (rqst->rq_proc != NULLPROC) -- return (AUTH_FAILED); /* XXX ? */ -+ if (rqst->rq_proc != NULLPROC) { -+ result = AUTH_FAILED; /* XXX ? */ -+ break; -+ } - -- if (!svcauth_gss_validate(gd, msg, &qop)) -- return (RPCSEC_GSS_CREDPROBLEM); -+ if (!svcauth_gss_validate(gd, msg, &qop)) { -+ result = RPCSEC_GSS_CREDPROBLEM; -+ break; -+ } - -- if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) -- return (AUTH_FAILED); -+ if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) { -+ result = AUTH_FAILED; -+ break; -+ } - -- if (!svcauth_gss_release_cred()) -- return (AUTH_FAILED); -+ if (!svcauth_gss_release_cred()) { -+ result = AUTH_FAILED; -+ break; -+ } - - SVCAUTH_DESTROY(&SVC_XP_AUTH(rqst->rq_xprt)); - SVC_XP_AUTH(rqst->rq_xprt).svc_ah_ops = svc_auth_none.svc_ah_ops; -@@ -743,10 +797,12 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) - break; - - default: -- return (AUTH_REJECTEDCRED); -+ result = AUTH_REJECTEDCRED; - break; - } -- return (AUTH_OK); -+out: -+ xdr_free((xdrproc_t)xdr_rpc_gss_cred, (caddr_t)gc); -+ return result; - } - - static bool_t -@@ -890,7 +946,6 @@ bool_t - rpc_gss_set_svc_name(char *principal, char *mechanism, u_int req_time, - u_int UNUSED(program), u_int UNUSED(version)) - { -- gss_OID_set_desc oid_set; - rpc_gss_OID oid; - char *save; - -@@ -902,14 +957,13 @@ rpc_gss_set_svc_name(char *principal, char *mechanism, u_int req_time, - - if (!rpc_gss_mech_to_oid(mechanism, &oid)) - goto out_err; -- oid_set.count = 1; -- oid_set.elements = (gss_OID)oid; - - if (!svcauth_gss_import_name(principal)) - goto out_err; -- if (!svcauth_gss_acquire_cred(req_time, &oid_set)) -- goto out_err; - -+ _svcauth_req_time = req_time; -+ _svcauth_oid_set.count = 1; -+ _svcauth_oid_set.elements = (gss_OID)oid; - free(_svcauth_svc_name); - _svcauth_svc_name = save; - return TRUE; -diff --git a/src/svc_vc.c b/src/svc_vc.c -index 6ae613d..97a76a3 100644 ---- a/src/svc_vc.c -+++ b/src/svc_vc.c -@@ -270,14 +270,8 @@ makefd_xprt(fd, sendsize, recvsize) - struct cf_conn *cd; - const char *netid; - struct __rpc_sockinfo si; -- -- assert(fd != -1); - -- if (fd >= FD_SETSIZE) { -- warnx("svc_vc: makefd_xprt: fd too high\n"); -- xprt = NULL; -- goto done; -- } -+ assert(fd != -1); - - xprt = mem_alloc(sizeof(SVCXPRT)); - if (xprt == NULL) { -@@ -338,22 +332,10 @@ rendezvous_request(xprt, msg) - r = (struct cf_rendezvous *)xprt->xp_p1; - again: - len = sizeof addr; -- if ((sock = accept(xprt->xp_fd, (struct sockaddr *)(void *)&addr, -- &len)) < 0) { -+ sock = accept(xprt->xp_fd, (struct sockaddr *)(void *)&addr, &len); -+ if (sock < 0) { - if (errno == EINTR) - goto again; -- -- if (errno == EMFILE || errno == ENFILE) { -- /* If there are no file descriptors available, then accept will fail. -- We want to delay here so the connection request can be dequeued; -- otherwise we can bounce between polling and accepting, never -- giving the request a chance to dequeue and eating an enormous -- amount of cpu time in svc_run if we're polling on many file -- descriptors. */ -- struct timespec ts = { .tv_sec = 0, .tv_nsec = 50000000 }; -- nanosleep (&ts, NULL); -- goto again; -- } - return (FALSE); - } - /* -diff --git a/tirpc/rpc/rpcent.h b/tirpc/rpc/rpcent.h -index 147f909..e07503c 100644 ---- a/tirpc/rpc/rpcent.h -+++ b/tirpc/rpc/rpcent.h -@@ -60,10 +60,11 @@ struct rpcent { - extern struct rpcent *getrpcbyname(const char *); - extern struct rpcent *getrpcbynumber(int); - extern struct rpcent *getrpcent(void); --#endif - - extern void setrpcent(int); - extern void endrpcent(void); -+#endif -+ - #ifdef __cplusplus - } - #endif diff --git a/libtirpc-1.0.2-rc3.patch b/libtirpc-1.0.2-rc3.patch deleted file mode 100644 index 3dde763..0000000 --- a/libtirpc-1.0.2-rc3.patch +++ /dev/null @@ -1,737 +0,0 @@ -diff --git a/src/Makefile.am b/src/Makefile.am -index e4ed8aa..fba2aa4 100644 ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -24,7 +24,7 @@ libtirpc_la_SOURCES = auth_none.c auth_unix.c authunix_prot.c bindresvport.c cln - rpcb_st_xdr.c svc.c svc_auth.c svc_dg.c svc_auth_unix.c svc_auth_none.c \ - svc_auth_des.c \ - svc_generic.c svc_raw.c svc_run.c svc_simple.c svc_vc.c getpeereid.c \ -- auth_time.c auth_des.c authdes_prot.c debug.c -+ auth_time.c auth_des.c authdes_prot.c debug.c des_crypt.c des_impl.c - - ## XDR - libtirpc_la_SOURCES += xdr.c xdr_rec.c xdr_array.c xdr_float.c xdr_mem.c xdr_reference.c xdr_stdio.c xdr_sizeof.c -diff --git a/src/auth_des.c b/src/auth_des.c -index 4d3639e..af2f61f 100644 ---- a/src/auth_des.c -+++ b/src/auth_des.c -@@ -46,8 +46,8 @@ - #include - #include - #include --#undef NIS --#include -+ -+#include "nis.h" - - #if defined(LIBC_SCCS) && !defined(lint) - #endif -diff --git a/src/auth_gss.c b/src/auth_gss.c -index 9b88c38..5959893 100644 ---- a/src/auth_gss.c -+++ b/src/auth_gss.c -@@ -526,6 +526,14 @@ _rpc_gss_refresh(AUTH *auth, rpc_gss_options_ret_t *options_ret) - gr.gr_major != GSS_S_CONTINUE_NEEDED)) { - options_ret->major_status = gr.gr_major; - options_ret->minor_status = gr.gr_minor; -+ if (call_stat != RPC_SUCCESS) { -+ struct rpc_err err; -+ clnt_geterr(gd->clnt, &err); -+ LIBTIRPC_DEBUG(1, ("authgss_refresh: %s errno: %s", -+ clnt_sperrno(call_stat), strerror(err.re_errno))); -+ } else -+ gss_log_status("authgss_refresh:", -+ gr.gr_major, gr.gr_minor); - return FALSE; - } - -diff --git a/src/auth_time.c b/src/auth_time.c -index 10e58eb..7f83ab4 100644 ---- a/src/auth_time.c -+++ b/src/auth_time.c -@@ -44,8 +44,8 @@ - #include - //#include - #include --#undef NIS --#include -+ -+#include "nis.h" - - - #ifdef TESTING -diff --git a/src/des_impl.c b/src/des_impl.c -index c5b7ed6..9dbccaf 100644 ---- a/src/des_impl.c -+++ b/src/des_impl.c -@@ -6,7 +6,8 @@ - /* see to obtain a copy. */ - #include - #include --#include -+#include -+#include - - - static const uint32_t des_SPtrans[8][64] = -diff --git a/src/getpublickey.c b/src/getpublickey.c -index 764a5f9..8cf4dc2 100644 ---- a/src/getpublickey.c -+++ b/src/getpublickey.c -@@ -38,8 +38,10 @@ - #include - #include - #include -+#ifdef YP - #include - #include -+#endif - #include - #include - -diff --git a/src/nis.h b/src/nis.h -new file mode 100644 -index 0000000..588c041 ---- /dev/null -+++ b/src/nis.h -@@ -0,0 +1,70 @@ -+/* -+ * Copyright (c) 2010, Oracle America, Inc. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions are -+ * met: -+ * -+ * * Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * * Redistributions in binary form must reproduce the above -+ * copyright notice, this list of conditions and the following -+ * disclaimer in the documentation and/or other materials -+ * provided with the distribution. -+ * * Neither the name of the "Oracle America, Inc." nor the names of its -+ * contributors may be used to endorse or promote products derived -+ * from this software without specific prior written permission. -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, -+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE -+ * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ */ -+ -+#ifndef _INTERNAL_NIS_H -+#define _INTERNAL_NIS_H 1 -+ -+/* This file only contains the definition of nis_server, to be -+ able to compile libtirpc without the need to have a glibc -+ with sunrpc or a libnsl already installed. */ -+ -+#define NIS_PK_NONE 0 -+ -+struct nis_attr { -+ char *zattr_ndx; -+ struct { -+ u_int zattr_val_len; -+ char *zattr_val_val; -+ } zattr_val; -+}; -+typedef struct nis_attr nis_attr; -+ -+typedef char *nis_name; -+ -+struct endpoint { -+ char *uaddr; -+ char *family; -+ char *proto; -+}; -+typedef struct endpoint endpoint; -+ -+struct nis_server { -+ nis_name name; -+ struct { -+ u_int ep_len; -+ endpoint *ep_val; -+ } ep; -+ uint32_t key_type; -+ netobj pkey; -+}; -+typedef struct nis_server nis_server; -+ -+#endif /* ! _INTERNAL_NIS_H */ -diff --git a/src/rpc_dtablesize.c b/src/rpc_dtablesize.c -index 13d320c..3fe503a 100644 ---- a/src/rpc_dtablesize.c -+++ b/src/rpc_dtablesize.c -@@ -27,22 +27,14 @@ - */ - - #include -- - #include -- --int _rpc_dtablesize(void); /* XXX */ -+#include -+#include - - /* - * Cache the result of getdtablesize(), so we don't have to do an - * expensive system call every time. - */ --/* -- * XXX In FreeBSD 2.x, you can have the maximum number of open file -- * descriptors be greater than FD_SETSIZE (which us 256 by default). -- * -- * Since old programs tend to use this call to determine the first arg -- * for _select(), having this return > FD_SETSIZE is a Bad Idea(TM)! -- */ - int - _rpc_dtablesize(void) - { -diff --git a/src/rpc_soc.c b/src/rpc_soc.c -index 1ec7b3f..ed0892a 100644 ---- a/src/rpc_soc.c -+++ b/src/rpc_soc.c -@@ -61,8 +61,8 @@ - #include - #include - #include --#include - -+#include "nis.h" - #include "rpc_com.h" - - extern mutex_t rpcsoc_lock; -diff --git a/src/rtime.c b/src/rtime.c -index c34e0af..b642840 100644 ---- a/src/rtime.c -+++ b/src/rtime.c -@@ -46,6 +46,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -67,7 +68,8 @@ rtime(addrp, timep, timeout) - struct timeval *timeout; - { - int s; -- fd_set readfds; -+ struct pollfd fd; -+ int milliseconds; - int res; - unsigned long thetime; - struct sockaddr_in from; -@@ -94,31 +96,32 @@ rtime(addrp, timep, timeout) - addrp->sin_port = serv->s_port; - - if (type == SOCK_DGRAM) { -- res = sendto(s, (char *)&thetime, sizeof(thetime), 0, -+ res = sendto(s, (char *)&thetime, sizeof(thetime), 0, - (struct sockaddr *)addrp, sizeof(*addrp)); - if (res < 0) { - do_close(s); -- return(-1); -+ return(-1); - } -- do { -- FD_ZERO(&readfds); -- FD_SET(s, &readfds); -- res = select(_rpc_dtablesize(), &readfds, -- (fd_set *)NULL, (fd_set *)NULL, timeout); -- } while (res < 0 && errno == EINTR); -+ -+ milliseconds = (timeout->tv_sec * 1000) + (timeout->tv_usec / 1000); -+ fd.fd = s; -+ fd.events = POLLIN; -+ do -+ res = poll (&fd, 1, milliseconds); -+ while (res < 0 && errno == EINTR); - if (res <= 0) { - if (res == 0) { - errno = ETIMEDOUT; - } - do_close(s); -- return(-1); -+ return(-1); - } - fromlen = sizeof(from); -- res = recvfrom(s, (char *)&thetime, sizeof(thetime), 0, -+ res = recvfrom(s, (char *)&thetime, sizeof(thetime), 0, - (struct sockaddr *)&from, &fromlen); - do_close(s); - if (res < 0) { -- return(-1); -+ return(-1); - } - } else { - if (connect(s, (struct sockaddr *)addrp, sizeof(*addrp)) < 0) { -diff --git a/src/svc.c b/src/svc.c -index 9c41445..b59467b 100644 ---- a/src/svc.c -+++ b/src/svc.c -@@ -99,7 +99,7 @@ xprt_register (xprt) - { - __svc_xports = (SVCXPRT **) calloc (_rpc_dtablesize(), sizeof (SVCXPRT *)); - if (__svc_xports == NULL) -- return; -+ goto unlock; - } - if (sock < _rpc_dtablesize()) - { -@@ -120,14 +120,14 @@ xprt_register (xprt) - svc_pollfd[i].fd = sock; - svc_pollfd[i].events = (POLLIN | POLLPRI | - POLLRDNORM | POLLRDBAND); -- return; -+ goto unlock; - } - - new_svc_pollfd = (struct pollfd *) realloc (svc_pollfd, - sizeof (struct pollfd) - * (svc_max_pollfd + 1)); - if (new_svc_pollfd == NULL) /* Out of memory */ -- return; -+ goto unlock; - svc_pollfd = new_svc_pollfd; - ++svc_max_pollfd; - -@@ -135,6 +135,7 @@ xprt_register (xprt) - svc_pollfd[svc_max_pollfd - 1].events = (POLLIN | POLLPRI | - POLLRDNORM | POLLRDBAND); - } -+unlock: - rwlock_unlock (&svc_fd_lock); - } - -diff --git a/src/svc_auth_des.c b/src/svc_auth_des.c -index 5bc264c..2e90146 100644 ---- a/src/svc_auth_des.c -+++ b/src/svc_auth_des.c -@@ -86,13 +86,13 @@ static struct cache_entry *authdes_cache/* [AUTHDES_CACHESZ] */; - static short *authdes_lru/* [AUTHDES_CACHESZ] */; - - static void cache_init(); /* initialize the cache */ --static short cache_spot(); /* find an entry in the cache */ --static void cache_ref(/*short sid*/); /* note that sid was ref'd */ -+static short cache_spot(des_block *key, char *name, struct timeval *timestamp); /* find an entry in the cache */ -+static void cache_ref(short sid); /* note that sid was ref'd */ - --static void invalidate(); /* invalidate entry in cache */ -+static void invalidate(char *cred); /* invalidate entry in cache */ - - /* -- * cache statistics -+ * cache statistics - */ - static struct { - u_long ncachehits; /* times cache hit, and is not replay */ -diff --git a/src/svc_auth_gss.c b/src/svc_auth_gss.c -index b6aa407..bece46a 100644 ---- a/src/svc_auth_gss.c -+++ b/src/svc_auth_gss.c -@@ -129,6 +129,8 @@ struct svc_rpc_gss_data { - ((struct svc_rpc_gss_data *)(auth)->svc_ah_private) - - /* Global server credentials. */ -+static u_int _svcauth_req_time = 0; -+static gss_OID_set_desc _svcauth_oid_set = {1, GSS_C_NULL_OID }; - static gss_cred_id_t _svcauth_gss_creds; - static gss_name_t _svcauth_gss_name = GSS_C_NO_NAME; - static char * _svcauth_svc_name = NULL; -@@ -167,6 +169,7 @@ svcauth_gss_import_name(char *service) - gss_name_t name; - gss_buffer_desc namebuf; - OM_uint32 maj_stat, min_stat; -+ bool_t result; - - gss_log_debug("in svcauth_gss_import_name()"); - -@@ -181,22 +184,21 @@ svcauth_gss_import_name(char *service) - maj_stat, min_stat); - return (FALSE); - } -- if (svcauth_gss_set_svc_name(name) != TRUE) { -- gss_release_name(&min_stat, &name); -- return (FALSE); -- } -- return (TRUE); -+ result = svcauth_gss_set_svc_name(name); -+ gss_release_name(&min_stat, &name); -+ return result; - } - - static bool_t --svcauth_gss_acquire_cred(u_int req_time, gss_OID_set_desc *oid_set) -+svcauth_gss_acquire_cred(void) - { - OM_uint32 maj_stat, min_stat; - - gss_log_debug("in svcauth_gss_acquire_cred()"); - -- maj_stat = gss_acquire_cred(&min_stat, _svcauth_gss_name, req_time, -- oid_set, GSS_C_ACCEPT, -+ maj_stat = gss_acquire_cred(&min_stat, _svcauth_gss_name, -+ _svcauth_req_time, &_svcauth_oid_set, -+ GSS_C_ACCEPT, - &_svcauth_gss_creds, NULL, NULL); - - if (maj_stat != GSS_S_COMPLETE) { -@@ -300,6 +302,8 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst, - NULL, - &gd->deleg); - -+ xdr_free((xdrproc_t)xdr_rpc_gss_init_args, (caddr_t)&recv_tok); -+ - if (gr->gr_major != GSS_S_COMPLETE && - gr->gr_major != GSS_S_CONTINUE_NEEDED) { - gss_log_status("svcauth_gss_accept_sec_context: accept_sec_context", -@@ -352,8 +356,11 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst, - return (FALSE); - - rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS; -- rqst->rq_xprt->xp_verf.oa_base = checksum.value; -+ memcpy(rqst->rq_xprt->xp_verf.oa_base, checksum.value, -+ checksum.length); - rqst->rq_xprt->xp_verf.oa_length = checksum.length; -+ -+ gss_release_buffer(&min_stat, &checksum); - } - return (TRUE); - } -@@ -435,10 +442,13 @@ svcauth_gss_nextverf(struct svc_req *rqst, u_int num) - maj_stat, min_stat); - return (FALSE); - } -+ - rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS; -- rqst->rq_xprt->xp_verf.oa_base = (caddr_t)checksum.value; -+ memcpy(rqst->rq_xprt->xp_verf.oa_base, checksum.value, checksum.length); - rqst->rq_xprt->xp_verf.oa_length = (u_int)checksum.length; - -+ gss_release_buffer(&min_stat, &checksum); -+ - return (TRUE); - } - -@@ -568,6 +578,8 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) - gss_qop_t qop; - struct svcauth_gss_cache_entry **ce; - time_t now; -+ enum auth_stat result = AUTH_OK; -+ OM_uint32 min_stat; - - gss_log_debug("in svcauth_gss()"); - -@@ -621,19 +633,25 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) - XDR_DESTROY(&xdrs); - - /* Check version. */ -- if (gc->gc_v != RPCSEC_GSS_VERSION) -- return (AUTH_BADCRED); -+ if (gc->gc_v != RPCSEC_GSS_VERSION) { -+ result = AUTH_BADCRED; -+ goto out; -+ } - - /* Check RPCSEC_GSS service. */ - if (gc->gc_svc != RPCSEC_GSS_SVC_NONE && - gc->gc_svc != RPCSEC_GSS_SVC_INTEGRITY && -- gc->gc_svc != RPCSEC_GSS_SVC_PRIVACY) -- return (AUTH_BADCRED); -+ gc->gc_svc != RPCSEC_GSS_SVC_PRIVACY) { -+ result = AUTH_BADCRED; -+ goto out; -+ } - - /* Check sequence number. */ - if (gd->established) { -- if (gc->gc_seq > MAXSEQ) -- return (RPCSEC_GSS_CTXPROBLEM); -+ if (gc->gc_seq > MAXSEQ) { -+ result = RPCSEC_GSS_CTXPROBLEM; -+ goto out; -+ } - - if ((offset = gd->seqlast - gc->gc_seq) < 0) { - gd->seqlast = gc->gc_seq; -@@ -643,7 +661,8 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) - } - else if (offset >= gd->win || (gd->seqmask & (1 << offset))) { - *no_dispatch = 1; -- return (RPCSEC_GSS_CTXPROBLEM); -+ result = RPCSEC_GSS_CTXPROBLEM; -+ goto out; - } - gd->seq = gc->gc_seq; - gd->seqmask |= (1 << offset); -@@ -654,35 +673,52 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) - rqst->rq_svcname = (char *)gd->ctx; - } - -+ rqst->rq_xprt->xp_verf.oa_base = msg->rm_call.cb_verf.oa_base; -+ - /* Handle RPCSEC_GSS control procedure. */ - switch (gc->gc_proc) { - - case RPCSEC_GSS_INIT: - case RPCSEC_GSS_CONTINUE_INIT: -- if (rqst->rq_proc != NULLPROC) -- return (AUTH_FAILED); /* XXX ? */ -+ if (rqst->rq_proc != NULLPROC) { -+ result = AUTH_FAILED; /* XXX ? */ -+ break; -+ } - - if (_svcauth_gss_name == GSS_C_NO_NAME) { -- if (!svcauth_gss_import_name("nfs")) -- return (AUTH_FAILED); -+ if (!svcauth_gss_import_name("nfs")) { -+ result = AUTH_FAILED; -+ break; -+ } - } - -- if (!svcauth_gss_acquire_cred(0, GSS_C_NULL_OID_SET)) -- return (AUTH_FAILED); -+ if (!svcauth_gss_acquire_cred()) { -+ result = AUTH_FAILED; -+ break; -+ } - -- if (!svcauth_gss_accept_sec_context(rqst, &gr)) -- return (AUTH_REJECTEDCRED); -+ if (!svcauth_gss_accept_sec_context(rqst, &gr)) { -+ result = AUTH_REJECTEDCRED; -+ break; -+ } - -- if (!svcauth_gss_nextverf(rqst, htonl(gr.gr_win))) -- return (AUTH_FAILED); -+ if (!svcauth_gss_nextverf(rqst, htonl(gr.gr_win))) { -+ result = AUTH_FAILED; -+ break; -+ } - - *no_dispatch = TRUE; - - call_stat = svc_sendreply(rqst->rq_xprt, - (xdrproc_t)xdr_rpc_gss_init_res, (caddr_t)&gr); - -- if (!call_stat) -- return (AUTH_FAILED); -+ gss_release_buffer(&min_stat, &gr.gr_token); -+ free(gr.gr_ctx.value); -+ -+ if (!call_stat) { -+ result = AUTH_FAILED; -+ break; -+ } - - if (gr.gr_major == GSS_S_COMPLETE) - gd->established = TRUE; -@@ -690,27 +726,37 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) - break; - - case RPCSEC_GSS_DATA: -- if (!svcauth_gss_validate(gd, msg, &qop)) -- return (RPCSEC_GSS_CREDPROBLEM); -+ if (!svcauth_gss_validate(gd, msg, &qop)) { -+ result = RPCSEC_GSS_CREDPROBLEM; -+ break; -+ } - -- if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) -- return (AUTH_FAILED); -+ if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) { -+ result = AUTH_FAILED; -+ break; -+ } - - if (!gd->callback_done) { - gd->callback_done = TRUE; - gd->sec.qop = qop; - (void)rpc_gss_num_to_qop(gd->rcred.mechanism, - gd->sec.qop, &gd->rcred.qop); -- if (!svcauth_gss_callback(rqst, gd)) -- return (AUTH_REJECTEDCRED); -+ if (!svcauth_gss_callback(rqst, gd)) { -+ result = AUTH_REJECTEDCRED; -+ break; -+ } - } - - if (gd->locked) { - if (gd->rcred.service != -- _rpc_gss_svc_to_service(gc->gc_svc)) -- return (AUTH_FAILED); -- if (gd->sec.qop != qop) -- return (AUTH_BADVERF); -+ _rpc_gss_svc_to_service(gc->gc_svc)) { -+ result = AUTH_FAILED; -+ break; -+ } -+ if (gd->sec.qop != qop) { -+ result = AUTH_BADVERF; -+ break; -+ } - } - - if (gd->sec.qop != qop) { -@@ -724,17 +770,25 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) - break; - - case RPCSEC_GSS_DESTROY: -- if (rqst->rq_proc != NULLPROC) -- return (AUTH_FAILED); /* XXX ? */ -+ if (rqst->rq_proc != NULLPROC) { -+ result = AUTH_FAILED; /* XXX ? */ -+ break; -+ } - -- if (!svcauth_gss_validate(gd, msg, &qop)) -- return (RPCSEC_GSS_CREDPROBLEM); -+ if (!svcauth_gss_validate(gd, msg, &qop)) { -+ result = RPCSEC_GSS_CREDPROBLEM; -+ break; -+ } - -- if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) -- return (AUTH_FAILED); -+ if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) { -+ result = AUTH_FAILED; -+ break; -+ } - -- if (!svcauth_gss_release_cred()) -- return (AUTH_FAILED); -+ if (!svcauth_gss_release_cred()) { -+ result = AUTH_FAILED; -+ break; -+ } - - SVCAUTH_DESTROY(&SVC_XP_AUTH(rqst->rq_xprt)); - SVC_XP_AUTH(rqst->rq_xprt).svc_ah_ops = svc_auth_none.svc_ah_ops; -@@ -743,10 +797,12 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) - break; - - default: -- return (AUTH_REJECTEDCRED); -+ result = AUTH_REJECTEDCRED; - break; - } -- return (AUTH_OK); -+out: -+ xdr_free((xdrproc_t)xdr_rpc_gss_cred, (caddr_t)gc); -+ return result; - } - - static bool_t -@@ -890,7 +946,6 @@ bool_t - rpc_gss_set_svc_name(char *principal, char *mechanism, u_int req_time, - u_int UNUSED(program), u_int UNUSED(version)) - { -- gss_OID_set_desc oid_set; - rpc_gss_OID oid; - char *save; - -@@ -902,14 +957,13 @@ rpc_gss_set_svc_name(char *principal, char *mechanism, u_int req_time, - - if (!rpc_gss_mech_to_oid(mechanism, &oid)) - goto out_err; -- oid_set.count = 1; -- oid_set.elements = (gss_OID)oid; - - if (!svcauth_gss_import_name(principal)) - goto out_err; -- if (!svcauth_gss_acquire_cred(req_time, &oid_set)) -- goto out_err; - -+ _svcauth_req_time = req_time; -+ _svcauth_oid_set.count = 1; -+ _svcauth_oid_set.elements = (gss_OID)oid; - free(_svcauth_svc_name); - _svcauth_svc_name = save; - return TRUE; -diff --git a/src/svc_vc.c b/src/svc_vc.c -index 6ae613d..97a76a3 100644 ---- a/src/svc_vc.c -+++ b/src/svc_vc.c -@@ -270,14 +270,8 @@ makefd_xprt(fd, sendsize, recvsize) - struct cf_conn *cd; - const char *netid; - struct __rpc_sockinfo si; -- -- assert(fd != -1); - -- if (fd >= FD_SETSIZE) { -- warnx("svc_vc: makefd_xprt: fd too high\n"); -- xprt = NULL; -- goto done; -- } -+ assert(fd != -1); - - xprt = mem_alloc(sizeof(SVCXPRT)); - if (xprt == NULL) { -@@ -338,22 +332,10 @@ rendezvous_request(xprt, msg) - r = (struct cf_rendezvous *)xprt->xp_p1; - again: - len = sizeof addr; -- if ((sock = accept(xprt->xp_fd, (struct sockaddr *)(void *)&addr, -- &len)) < 0) { -+ sock = accept(xprt->xp_fd, (struct sockaddr *)(void *)&addr, &len); -+ if (sock < 0) { - if (errno == EINTR) - goto again; -- -- if (errno == EMFILE || errno == ENFILE) { -- /* If there are no file descriptors available, then accept will fail. -- We want to delay here so the connection request can be dequeued; -- otherwise we can bounce between polling and accepting, never -- giving the request a chance to dequeue and eating an enormous -- amount of cpu time in svc_run if we're polling on many file -- descriptors. */ -- struct timespec ts = { .tv_sec = 0, .tv_nsec = 50000000 }; -- nanosleep (&ts, NULL); -- goto again; -- } - return (FALSE); - } - /* -diff --git a/tirpc/rpc/des.h b/tirpc/rpc/des.h -index d2881ad..018aa48 100644 ---- a/tirpc/rpc/des.h -+++ b/tirpc/rpc/des.h -@@ -82,6 +82,6 @@ struct desparams { - /* - * Software DES. - */ --extern int _des_crypt( char *, int, struct desparams * ); -+extern int _des_crypt( char *, unsigned, struct desparams * ); - - #endif -diff --git a/tirpc/rpc/rpcent.h b/tirpc/rpc/rpcent.h -index 147f909..e07503c 100644 ---- a/tirpc/rpc/rpcent.h -+++ b/tirpc/rpc/rpcent.h -@@ -60,10 +60,11 @@ struct rpcent { - extern struct rpcent *getrpcbyname(const char *); - extern struct rpcent *getrpcbynumber(int); - extern struct rpcent *getrpcent(void); --#endif - - extern void setrpcent(int); - extern void endrpcent(void); -+#endif -+ - #ifdef __cplusplus - } - #endif diff --git a/libtirpc.spec b/libtirpc.spec index 2b52896..9c23a0a 100644 --- a/libtirpc.spec +++ b/libtirpc.spec @@ -1,8 +1,8 @@ %define _root_libdir /%{_lib} Name: libtirpc -Version: 1.0.1 -Release: 4.rc3%{?dist} +Version: 1.0.2 +Release: 0%{?dist} Summary: Transport Independent RPC Library Group: System Environment/Libraries License: SISSL and BSD @@ -10,8 +10,6 @@ URL: http://nfsv4.bullopensource.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Source0: http://downloads.sourceforge.net/libtirpc/libtirpc-%{version}.tar.bz2 -Patch001: libtirpc-1.0.2-rc3.patch -Patch002: libtirpc-1.0.2-CVE-2017-8779.patch BuildRequires: automake, autoconf, libtool, pkgconfig BuildRequires: krb5-devel @@ -42,9 +40,6 @@ developing programs which use the tirpc library. %prep %setup -q -%patch001 -p1 -%patch002 -p1 - # Remove .orig files find . -name "*.orig" | xargs rm -f @@ -137,6 +132,9 @@ rm -rf %{buildroot} %{_mandir}/*/* %changelog +* Wed Jul 5 2017 Steve Dickson 1.0.2 +- Updated to the latest upstream release: 1.0.2 + * Mon May 15 2017 Steve Dickson 1.0.1-4.rc3 - Fix for CVE-2017-8779 (bz 1448127) diff --git a/sources b/sources index 6ae7f1c..e2ff77f 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -36ce1c0ff80863bb0839d54aa0b94014 libtirpc-1.0.1.tar.bz2 +SHA512 (libtirpc-1.0.2.tar.bz2) = 6c819019a8e81d8263d3c509b2eee59ba1ef092222c5a0a8d28f004c711afa252097eca7e6b0b919b2d780883dfd9ee7a363df4cee7fd2c9159a065257637cec