import CS libtirpc-1.3.3-8.el9_3

SOURCES/libtirpc-1.3.3-double-free.patch

@@ -0,0 +1,32 @@
+commit 1d2e10afb2ffc35cb3623f57a15f712359f18e75
+Author: Herb Wartens <wartens2@llnl.gov>
+Date:   Tue Aug 1 10:36:16 2023 -0400
+
+    rpcb_clnt.c: Eliminate double frees in delete_cache()
+    
+    Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2224666
+    Signed-off-by: Steve Dickson <steved@redhat.com>
+
+diff --git a/src/rpcb_clnt.c b/src/rpcb_clnt.c
+index c0a9e12..68fe69a 100644
+--- a/src/rpcb_clnt.c
++++ b/src/rpcb_clnt.c
+@@ -262,12 +262,15 @@ delete_cache(addr)
+ 	for (cptr = front; cptr != NULL; cptr = cptr->ac_next) {
+ 		if (!memcmp(cptr->ac_taddr->buf, addr->buf, addr->len)) {
+ 			/* Unlink from cache. We'll destroy it after releasing the mutex. */
+-			if (cptr->ac_uaddr)
++			if (cptr->ac_uaddr) {
+ 				free(cptr->ac_uaddr);
+-			if (prevptr)
++				cptr->ac_uaddr = NULL;
++			}
++			if (prevptr) {
+ 				prevptr->ac_next = cptr->ac_next;
+-			else
++			} else {
+ 				front = cptr->ac_next;
++			}
+ 			cachesize--;
+ 			break;
+ 		}

SOURCES/libtirpc-1.3.3-gssd-context-creation.patch

@@ -0,0 +1,30 @@
+commit 22b1c0cd6076dcd7df822cd1181e98278dc865db
+Author: Olga Kornievskaia <kolga@netapp.com>
+Date:   Wed Jan 3 17:50:42 2024 -0500
+
+    gssapi: fix rpc_gss_seccreate passed in cred
+    
+    Fix rpc_gss_seccreate() usage of the passed in gss credential.
+    
+    Fixes: 5f1fe4dde861 ("Pass time_req and input_channel_bindings through to init_sec_context")
+    
+    Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
+    Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
+    Signed-off-by: Steve Dickson <steved@redhat.com>
+
+diff --git a/src/auth_gss.c b/src/auth_gss.c
+index e317664..9d18f96 100644
+--- a/src/auth_gss.c
++++ b/src/auth_gss.c
+@@ -842,9 +842,9 @@ rpc_gss_seccreate(CLIENT *clnt, char *principal, char *mechanism,
+ 	gd->sec = sec;
+ 
+ 	if (req) {
+-		sec.req_flags = req->req_flags;
++		gd->sec.req_flags = req->req_flags;
+ 		gd->time_req = req->time_req;
+-		sec.cred = req->my_cred;
++		gd->sec.cred = req->my_cred;
+ 		gd->icb = req->input_channel_bindings;
+ 	}
+ 

SOURCES/libtirpc-1.3.3-null-ptrs-not-reused-fixed.patch

@@ -0,0 +1,23 @@
+commit 6951a9c3139c9c7dbb0bdae70737996011fc7a37
+Author: Herb Wartens <wartens2@llnl.gov>
+Date:   Mon Mar 18 11:07:15 2024 -0400
+
+    rpcb_clnt.c: memory leak in destroy_addr
+    
+    Piece was dropped from original fix.
+    
+    Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2225226
+    Signed-off-by: Steve Dickson <steved@redhat.com>
+
+diff --git a/src/rpcb_clnt.c b/src/rpcb_clnt.c
+index 68fe69a..d909efc 100644
+--- a/src/rpcb_clnt.c
++++ b/src/rpcb_clnt.c
+@@ -121,6 +121,7 @@ destroy_addr(addr)
+ 			free(addr->ac_taddr->buf);
+ 			addr->ac_taddr->buf = NULL;
+ 		}
++		free(addr->ac_taddr);
+ 		addr->ac_taddr = NULL;
+ 	}
+ 	free(addr);

SOURCES/libtirpc-1.3.3-null-ptrs-not-reused.patch

@@ -0,0 +1,48 @@
+commit 89c63bdfd79b1c94384daaaa03a9e3582540f843
+Author: Herb Wartens <wartens2@llnl.gov>
+Date:   Tue Aug 1 10:21:42 2023 -0400
+
+    rpcb_clnt.c: memory leak in destroy_addr
+    
+    Null pointers so they are not used again
+    
+    Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2225226
+    Signed-off-by: Steve Dickson <steved@redhat.com>
+
+diff --git a/src/rpcb_clnt.c b/src/rpcb_clnt.c
+index d178d86..c0a9e12 100644
+--- a/src/rpcb_clnt.c
++++ b/src/rpcb_clnt.c
+@@ -104,17 +104,27 @@ destroy_addr(addr)
+ {
+ 	if (addr == NULL)
+ 		return;
+-	if(addr->ac_host != NULL)
++	if (addr->ac_host != NULL) {
+ 		free(addr->ac_host);
+-	if(addr->ac_netid != NULL)
++		addr->ac_host = NULL;
++	}
++	if (addr->ac_netid != NULL) {
+ 		free(addr->ac_netid);
+-	if(addr->ac_uaddr != NULL)
++		addr->ac_netid = NULL;
++	}
++	if (addr->ac_uaddr != NULL) {
+ 		free(addr->ac_uaddr);
+-	if(addr->ac_taddr != NULL) {
+-		if(addr->ac_taddr->buf != NULL)
++		addr->ac_uaddr = NULL;
++	}
++	if (addr->ac_taddr != NULL) {
++		if(addr->ac_taddr->buf != NULL) {
+ 			free(addr->ac_taddr->buf);
++			addr->ac_taddr->buf = NULL;
++		}
++		addr->ac_taddr = NULL;
+ 	}
+ 	free(addr);
++	addr = NULL;
+ }
+ 
+ /*

SPECS/libtirpc.spec

@@ -2,7 +2,7 @@
 
 Name:			libtirpc
 Version:		1.3.3
-Release:		2%{?dist}
+Release:		8%{?dist}
 Summary:		Transport Independent RPC Library
 License:		SISSL and BSD
 URL:  			http://git.linux-nfs.org/?p=steved/libtirpc.git;a=summary
@@ -24,6 +24,14 @@ Patch002: libtirpc-1.3.3-clnt-raw-ptr.patch
 #
 Patch003: libtirpc-1.3.3-dos-sleep.patch
 
+#
+# RHEL9.4
+#
+Patch004: libtirpc-1.3.3-null-ptrs-not-reused.patch
+Patch005: libtirpc-1.3.3-gssd-context-creation.patch
+Patch006: libtirpc-1.3.3-double-free.patch
+Patch007: libtirpc-1.3.3-null-ptrs-not-reused-fixed.patch
+
 %description
 This package contains SunLib's implementation of transport-independent
 RPC (TI-RPC) documentation.  This library forms a piece of the base of 
@@ -123,6 +131,24 @@ mv %{buildroot}%{_mandir}/man3 %{buildroot}%{_mandir}/man3t
 %{_mandir}/*/*
 
 %changelog
+* Tue Mar 19 2024 Steve Dickson <steved@redhat.com> - 1.3.3-8
+- rpcb_clnt.c (fixed): Eliminate double frees in delete_cache() (RHEL-11183)
+
+* Wed Mar 13 2024 Steve Dickson <steved@redhat.com> - 1.3.3-7
+- exception build (RHEL-11183)
+
+* Tue Mar  5 2024 Steve Dickson <steved@redhat.com> - 1.3.3-6
+- rpcb_clnt.c: Eliminate double frees in delete_cache() (RHEL-11183)
+
+* Mon Mar  4 2024 Steve Dickson <steved@redhat.com> - 1.3.3-5
+- Fix rpc_gss_seccreate() usage of the passed in gss credential. (RHEL-27936)
+
+* Mon Feb 19 2024 Pavel Reichl <preichl@redhat.com> - 1.3.3-4
+- Add gating tests (rhel-7883)
+
+* Tue Jan  2 2024 Steve Dickson <steved@redhat.com> - 1.3.3-3
+- Null pointers so they are not used again (RHEL-11371)
+
 * Thu May 18 2023 Steve Dickson <steved@redhat.com> - 1.3.3-2
 - getnetconfigent: avoid potential DoS (bz 2150611)