import libtirpc-1.1.4-5.el8
This commit is contained in:
CentOS Sources
Stepan Oksanichenko
parent
cd4c899f16
commit
b876658bcf
15
SOURCES/libtirpc-1.1.4-blacklist.patch
Normal file
15
SOURCES/libtirpc-1.1.4-blacklist.patch
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
diff -up libtirpc-1.1.4/doc/bindresvport.blacklist.save libtirpc-1.1.4/doc/bindresvport.blacklist
|
||||||
|
--- libtirpc-1.1.4/doc/bindresvport.blacklist.save 2021-04-17 13:04:20.092274589 -0400
|
||||||
|
+++ libtirpc-1.1.4/doc/bindresvport.blacklist 2021-04-17 13:04:45.609945925 -0400
|
||||||
|
@@ -8,6 +8,11 @@
|
||||||
|
631 # cups
|
||||||
|
636 # ldaps
|
||||||
|
664 # Secure ASF, used by IPMI on some cards
|
||||||
|
+749 # Kerberos V kadmin
|
||||||
|
+774 # rpasswd
|
||||||
|
+873 # rsyncd
|
||||||
|
921 # lwresd
|
||||||
|
+992 # SSL-enabled telnet
|
||||||
|
993 # imaps
|
||||||
|
+994 # irc
|
||||||
|
995 # pops
|
||||||
76
SOURCES/libtirpc-1.1.4-disallow-auth_refresh.patch
Normal file
76
SOURCES/libtirpc-1.1.4-disallow-auth_refresh.patch
Normal file
@ -0,0 +1,76 @@
|
|||||||
|
diff -up libtirpc-1.1.4/src/auth_gss.c.orig libtirpc-1.1.4/src/auth_gss.c
|
||||||
|
--- libtirpc-1.1.4/src/auth_gss.c.orig 2021-04-17 13:11:03.229880600 -0400
|
||||||
|
+++ libtirpc-1.1.4/src/auth_gss.c 2021-04-17 13:15:10.722391798 -0400
|
||||||
|
@@ -982,3 +982,9 @@ rpc_gss_max_data_length(AUTH *auth, int
|
||||||
|
rpc_gss_clear_error();
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+bool_t
|
||||||
|
+is_authgss_client(CLIENT *clnt)
|
||||||
|
+{
|
||||||
|
+ return (clnt->cl_auth->ah_ops == &authgss_ops);
|
||||||
|
+}
|
||||||
|
diff -up libtirpc-1.1.4/src/clnt_dg.c.orig libtirpc-1.1.4/src/clnt_dg.c
|
||||||
|
--- libtirpc-1.1.4/src/clnt_dg.c.orig 2018-08-27 10:06:49.000000000 -0400
|
||||||
|
+++ libtirpc-1.1.4/src/clnt_dg.c 2021-04-17 13:15:10.722391798 -0400
|
||||||
|
@@ -60,6 +60,9 @@
|
||||||
|
#include <sys/uio.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+#ifdef HAVE_RPCSEC_GSS
|
||||||
|
+#include <rpc/auth_gss.h>
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
#define MAX_DEFAULT_FDS 20000
|
||||||
|
|
||||||
|
@@ -356,6 +359,11 @@ clnt_dg_call(cl, proc, xargs, argsp, xre
|
||||||
|
salen = cu->cu_rlen;
|
||||||
|
}
|
||||||
|
|
||||||
|
+#ifdef HAVE_RPCSEC_GSS
|
||||||
|
+ if (is_authgss_client(cl))
|
||||||
|
+ nrefreshes = 0;
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
/* Clean up in case the last call ended in a longjmp(3) call. */
|
||||||
|
call_again:
|
||||||
|
xdrs = &(cu->cu_outxdrs);
|
||||||
|
diff -up libtirpc-1.1.4/src/clnt_vc.c.orig libtirpc-1.1.4/src/clnt_vc.c
|
||||||
|
--- libtirpc-1.1.4/src/clnt_vc.c.orig 2018-08-27 10:06:49.000000000 -0400
|
||||||
|
+++ libtirpc-1.1.4/src/clnt_vc.c 2021-04-17 13:15:10.723391824 -0400
|
||||||
|
@@ -68,6 +68,10 @@
|
||||||
|
#include <rpc/rpc.h>
|
||||||
|
#include "rpc_com.h"
|
||||||
|
|
||||||
|
+#ifdef HAVE_RPCSEC_GSS
|
||||||
|
+#include <rpc/auth_gss.h>
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
#define MCALL_MSG_SIZE 24
|
||||||
|
|
||||||
|
#define CMGROUP_MAX 16
|
||||||
|
@@ -380,6 +384,11 @@ clnt_vc_call(cl, proc, xdr_args, args_pt
|
||||||
|
(xdr_results == NULL && timeout.tv_sec == 0
|
||||||
|
&& timeout.tv_usec == 0) ? FALSE : TRUE;
|
||||||
|
|
||||||
|
+#ifdef HAVE_RPCSEC_GSS
|
||||||
|
+ if (is_authgss_client(cl))
|
||||||
|
+ refreshes = 0;
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
call_again:
|
||||||
|
xdrs->x_op = XDR_ENCODE;
|
||||||
|
ct->ct_error.re_status = RPC_SUCCESS;
|
||||||
|
diff -up libtirpc-1.1.4/tirpc/rpc/auth_gss.h.orig libtirpc-1.1.4/tirpc/rpc/auth_gss.h
|
||||||
|
--- libtirpc-1.1.4/tirpc/rpc/auth_gss.h.orig 2018-08-27 10:06:49.000000000 -0400
|
||||||
|
+++ libtirpc-1.1.4/tirpc/rpc/auth_gss.h 2021-04-17 13:15:10.723391824 -0400
|
||||||
|
@@ -120,6 +120,8 @@ void gss_log_debug (const char *fmt, ..
|
||||||
|
void gss_log_status (char *m, OM_uint32 major, OM_uint32 minor);
|
||||||
|
void gss_log_hexdump (const u_char *buf, int len, int offset);
|
||||||
|
|
||||||
|
+bool_t is_authgss_client (CLIENT *);
|
||||||
|
+
|
||||||
|
#ifdef __cplusplus
|
||||||
|
}
|
||||||
|
#endif
|
||||||
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
Name: libtirpc
|
Name: libtirpc
|
||||||
Version: 1.1.4
|
Version: 1.1.4
|
||||||
Release: 4%{?dist}
|
Release: 5%{?dist}
|
||||||
Summary: Transport Independent RPC Library
|
Summary: Transport Independent RPC Library
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
License: SISSL and BSD
|
License: SISSL and BSD
|
||||||
@ -23,6 +23,14 @@ Patch002: libtirpc-1.1.4-dup_ncp-bad-free.patch
|
|||||||
# bz 1641875
|
# bz 1641875
|
||||||
Patch003: libtirpc-1.1.4-fix-EOF-non-block.patch
|
Patch003: libtirpc-1.1.4-fix-EOF-non-block.patch
|
||||||
|
|
||||||
|
#
|
||||||
|
# RHEL 8.5
|
||||||
|
#
|
||||||
|
# bz 1854147
|
||||||
|
Patch004: libtirpc-1.1.4-blacklist.patch
|
||||||
|
# bz 1934866
|
||||||
|
Patch005: libtirpc-1.1.4-disallow-auth_refresh.patch
|
||||||
|
|
||||||
BuildRequires: automake, autoconf, libtool, pkgconfig
|
BuildRequires: automake, autoconf, libtool, pkgconfig
|
||||||
BuildRequires: krb5-devel
|
BuildRequires: krb5-devel
|
||||||
|
|
||||||
@ -142,6 +150,10 @@ mv %{buildroot}%{_mandir}/man3 %{buildroot}%{_mandir}/man3t
|
|||||||
%{_mandir}/*/*
|
%{_mandir}/*/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sat Apr 17 2021 Steve Dickson <steved@redhat.com> 1.1.4-5
|
||||||
|
- blacklist: Add a few more well known ports (bz 1854147)
|
||||||
|
- Disallow calling auth_refresh from clnt_call with RPCSEC_GSS (bz 1934866)
|
||||||
|
|
||||||
* Wed Jul 24 2019 Steve Dickson <steved@redhat.com> 1.1.4-4
|
* Wed Jul 24 2019 Steve Dickson <steved@redhat.com> 1.1.4-4
|
||||||
- Enable gating using reverse dependency testing of nfs-utils (bz 1681965)
|
- Enable gating using reverse dependency testing of nfs-utils (bz 1681965)
|
||||||
- Updated the URL (bz 1638671)
|
- Updated the URL (bz 1638671)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user