Compare commits
No commits in common. "c8s" and "c9-beta" have entirely different histories.
3
.gitignore
vendored
3
.gitignore
vendored
@ -1,6 +1,3 @@
|
|||||||
SOURCES/openslp-2.0.0.tar.gz
|
SOURCES/openslp-2.0.0.tar.gz
|
||||||
SOURCES/slpd.8.gz
|
SOURCES/slpd.8.gz
|
||||||
SOURCES/slptool.1.gz
|
SOURCES/slptool.1.gz
|
||||||
/openslp-2.0.0.tar.gz
|
|
||||||
/slpd.8.gz
|
|
||||||
/slptool.1.gz
|
|
||||||
|
3
.openslp.metadata
Normal file
3
.openslp.metadata
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
e4630bfb986cdffab6bb829b37e9340c9152d838 SOURCES/openslp-2.0.0.tar.gz
|
||||||
|
83d5cb6e4da8c21641da2c2c819b617e622d5a78 SOURCES/slpd.8.gz
|
||||||
|
eafda4dfc1be5341ec8ed5c8c54b9a59e81d0e78 SOURCES/slptool.1.gz
|
165
SOURCES/openslp-2.0.0-cve-2019-5544.patch
Normal file
165
SOURCES/openslp-2.0.0-cve-2019-5544.patch
Normal file
@ -0,0 +1,165 @@
|
|||||||
|
diff -up openslp-2.0.0/common/slp_buffer.c.orig openslp-2.0.0/common/slp_buffer.c
|
||||||
|
--- openslp-2.0.0/common/slp_buffer.c.orig 2012-12-11 00:31:53.000000000 +0100
|
||||||
|
+++ openslp-2.0.0/common/slp_buffer.c 2019-12-09 10:39:16.422058793 +0100
|
||||||
|
@@ -30,6 +30,13 @@
|
||||||
|
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
*-------------------------------------------------------------------------*/
|
||||||
|
|
||||||
|
+/* Copyright (c) 2019 VMware, Inc.
|
||||||
|
+ * SPDX-License-Identifier: BSD-3-Clause
|
||||||
|
+ * This file is provided under the BSD-3-Clause license.
|
||||||
|
+ * See COPYING file for more details and other copyrights
|
||||||
|
+ * that may apply.
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
/** Functions for managing SLP message buffers.
|
||||||
|
*
|
||||||
|
* This file provides a higher level abstraction over malloc and free that
|
||||||
|
@@ -153,4 +160,20 @@ void SLPBufferFree(SLPBuffer buf)
|
||||||
|
xfree(buf);
|
||||||
|
}
|
||||||
|
|
||||||
|
+/** Report remaining free buffer size in bytes.
|
||||||
|
+ *
|
||||||
|
+ * Check if buffer is allocated and if so return bytes left in a
|
||||||
|
+ * @c SLPBuffer object.
|
||||||
|
+ *
|
||||||
|
+ * @param[in] buf The SLPBuffer to be freed.
|
||||||
|
+ */
|
||||||
|
+size_t
|
||||||
|
+RemainingBufferSpace(SLPBuffer buf)
|
||||||
|
+{
|
||||||
|
+ if (buf->allocated == 0) {
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+ return buf->end - buf->curpos;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
/*=========================================================================*/
|
||||||
|
diff -up openslp-2.0.0/common/slp_buffer.h.orig openslp-2.0.0/common/slp_buffer.h
|
||||||
|
--- openslp-2.0.0/common/slp_buffer.h.orig 2012-11-28 18:07:04.000000000 +0100
|
||||||
|
+++ openslp-2.0.0/common/slp_buffer.h 2019-12-09 10:39:16.422058793 +0100
|
||||||
|
@@ -30,6 +30,13 @@
|
||||||
|
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
*-------------------------------------------------------------------------*/
|
||||||
|
|
||||||
|
+/* Copyright (c) 2019 VMware, Inc.
|
||||||
|
+ * SPDX-License-Identifier: BSD-3-Clause
|
||||||
|
+ * This file is provided under the BSD-3-Clause license.
|
||||||
|
+ * See COPYING file for more details and other copyrights
|
||||||
|
+ * that may apply.
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
/** Header file that defines SLP message buffer management routines.
|
||||||
|
*
|
||||||
|
* Includes structures, constants and functions that used to handle memory
|
||||||
|
@@ -78,6 +85,8 @@ SLPBuffer SLPBufferListRemove(SLPBuffer
|
||||||
|
|
||||||
|
SLPBuffer SLPBufferListAdd(SLPBuffer * list, SLPBuffer buf);
|
||||||
|
|
||||||
|
+size_t RemainingBufferSpace(SLPBuffer buf);
|
||||||
|
+
|
||||||
|
/*! @} */
|
||||||
|
|
||||||
|
#endif /* SLP_BUFFER_H_INCLUDED */
|
||||||
|
diff -up openslp-2.0.0/slpd/slpd_process.c.orig openslp-2.0.0/slpd/slpd_process.c
|
||||||
|
--- openslp-2.0.0/slpd/slpd_process.c.orig 2019-12-09 10:39:16.420058789 +0100
|
||||||
|
+++ openslp-2.0.0/slpd/slpd_process.c 2019-12-09 10:39:16.422058793 +0100
|
||||||
|
@@ -30,6 +30,13 @@
|
||||||
|
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
*-------------------------------------------------------------------------*/
|
||||||
|
|
||||||
|
+/* Copyright (c) 2019 VMware, Inc.
|
||||||
|
+ * SPDX-License-Identifier: BSD-3-Clause
|
||||||
|
+ * This file is provided under the BSD-3-Clause license.
|
||||||
|
+ * See COPYING file for more details and other copyrights
|
||||||
|
+ * that may apply.
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
/** Processes incoming SLP messages.
|
||||||
|
*
|
||||||
|
* @file slpd_process.c
|
||||||
|
@@ -523,13 +530,27 @@ RESPOND:
|
||||||
|
{
|
||||||
|
for (i = 0; i < db->urlcount; i++)
|
||||||
|
{
|
||||||
|
- /* urlentry is the url from the db result */
|
||||||
|
urlentry = db->urlarray[i];
|
||||||
|
+ if (urlentry->opaque != NULL) {
|
||||||
|
+ const int64_t newsize = size + urlentry->opaquelen;
|
||||||
|
+ if (urlentry->opaquelen <= 0 || newsize > INT_MAX)
|
||||||
|
+ {
|
||||||
|
+ SLPDLog("Invalid opaquelen %d or sizeo of opaque url is too big, size=%d\n",
|
||||||
|
+ urlentry->opaquelen, size);
|
||||||
|
+ errorcode = SLP_ERROR_PARSE_ERROR;
|
||||||
|
+ goto FINISHED;
|
||||||
|
+ }
|
||||||
|
+ size += urlentry->opaquelen;
|
||||||
|
+ }
|
||||||
|
+ else
|
||||||
|
+ {
|
||||||
|
+ /* urlentry is the url from the db result */
|
||||||
|
+ size += urlentry->urllen + 6; /* 1 byte for reserved */
|
||||||
|
+ /* 2 bytes for lifetime */
|
||||||
|
+ /* 2 bytes for urllen */
|
||||||
|
+ /* 1 byte for authcount */
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- size += urlentry->urllen + 6; /* 1 byte for reserved */
|
||||||
|
- /* 2 bytes for lifetime */
|
||||||
|
- /* 2 bytes for urllen */
|
||||||
|
- /* 1 byte for authcount */
|
||||||
|
#ifdef ENABLE_SLPv2_SECURITY
|
||||||
|
/* make room to include the authblock that was asked for */
|
||||||
|
if (G_SlpdProperty.securityEnabled
|
||||||
|
@@ -603,7 +624,7 @@ RESPOND:
|
||||||
|
urlentry = db->urlarray[i];
|
||||||
|
|
||||||
|
#ifdef ENABLE_SLPv1
|
||||||
|
- if (urlentry->opaque == 0)
|
||||||
|
+ if (urlentry->opaque == NULL)
|
||||||
|
{
|
||||||
|
/* url-entry reserved */
|
||||||
|
*result->curpos++ = 0;
|
||||||
|
@@ -615,8 +636,18 @@ RESPOND:
|
||||||
|
PutUINT16(&result->curpos, urlentry->urllen);
|
||||||
|
|
||||||
|
/* url-entry url */
|
||||||
|
- memcpy(result->curpos, urlentry->url, urlentry->urllen);
|
||||||
|
- result->curpos += urlentry->urllen;
|
||||||
|
+ if (RemainingBufferSpace(result) >= urlentry->urllen)
|
||||||
|
+ {
|
||||||
|
+ memcpy(result->curpos, urlentry->url, urlentry->urllen);
|
||||||
|
+ result->curpos = result->curpos + urlentry->urllen;
|
||||||
|
+ }
|
||||||
|
+ else
|
||||||
|
+ {
|
||||||
|
+ SLPDLog("Url too big (ask: %d have %" PRId64 "), failing request\n",
|
||||||
|
+ urlentry->opaquelen, (int64_t) RemainingBufferSpace(result));
|
||||||
|
+ errorcode = SLP_ERROR_PARSE_ERROR;
|
||||||
|
+ goto FINISHED;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
/* url-entry auths */
|
||||||
|
*result->curpos++ = 0;
|
||||||
|
@@ -630,8 +661,18 @@ RESPOND:
|
||||||
|
|
||||||
|
/* TRICKY: Fix up the lifetime. */
|
||||||
|
TO_UINT16(urlentry->opaque + 1, urlentry->lifetime);
|
||||||
|
- memcpy(result->curpos, urlentry->opaque, urlentry->opaquelen);
|
||||||
|
- result->curpos += urlentry->opaquelen;
|
||||||
|
+ if (RemainingBufferSpace(result) >= urlentry->opaquelen)
|
||||||
|
+ {
|
||||||
|
+ memcpy(result->curpos, urlentry->opaque, urlentry->opaquelen);
|
||||||
|
+ result->curpos = result->curpos + urlentry->opaquelen;
|
||||||
|
+ }
|
||||||
|
+ else
|
||||||
|
+ {
|
||||||
|
+ SLPDLog("Opaque Url too big (ask: %d have %" PRId64 "), failing request\n",
|
||||||
|
+ urlentry->opaquelen, (int64_t) RemainingBufferSpace(result));
|
||||||
|
+ errorcode = SLP_ERROR_PARSE_ERROR;
|
||||||
|
+ goto FINISHED;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
@ -2,7 +2,7 @@
|
|||||||
Summary: Open implementation of Service Location Protocol V2
|
Summary: Open implementation of Service Location Protocol V2
|
||||||
Name: openslp
|
Name: openslp
|
||||||
Version: 2.0.0
|
Version: 2.0.0
|
||||||
Release: 20%{?dist}
|
Release: 30%{?dist}
|
||||||
|
|
||||||
License: BSD
|
License: BSD
|
||||||
URL: http://sourceforge.net/projects/openslp/
|
URL: http://sourceforge.net/projects/openslp/
|
||||||
@ -30,7 +30,11 @@ Patch5: openslp-2.0.0-cve-2016-7567.patch
|
|||||||
# denial of service or potentially code execution,
|
# denial of service or potentially code execution,
|
||||||
# backported form upstream, CVE-2017-17833
|
# backported form upstream, CVE-2017-17833
|
||||||
Patch6: openslp-2.0.0-cve-2017-17833.patch
|
Patch6: openslp-2.0.0-cve-2017-17833.patch
|
||||||
|
# Patch7: fixes a heap overwrite vulnerability
|
||||||
|
# leading to remote code execution
|
||||||
|
Patch7: openslp-2.0.0-cve-2019-5544.patch
|
||||||
|
|
||||||
|
BuildRequires: make
|
||||||
BuildRequires: automake libtool
|
BuildRequires: automake libtool
|
||||||
BuildRequires: bison
|
BuildRequires: bison
|
||||||
BuildRequires: flex
|
BuildRequires: flex
|
||||||
@ -55,9 +59,6 @@ OpenSLP header files and libraries.
|
|||||||
%package server
|
%package server
|
||||||
Summary: OpenSLP server daemon
|
Summary: OpenSLP server daemon
|
||||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||||
Requires(preun): chkconfig, /sbin/service
|
|
||||||
Requires(post): chkconfig
|
|
||||||
Requires(postun): /sbin/service
|
|
||||||
Requires: iproute
|
Requires: iproute
|
||||||
%description server
|
%description server
|
||||||
OpenSLP server daemon to dynamically register services.
|
OpenSLP server daemon to dynamically register services.
|
||||||
@ -72,6 +73,7 @@ OpenSLP server daemon to dynamically register services.
|
|||||||
%patch4 -p1 -b .openssl-1.1-fix
|
%patch4 -p1 -b .openssl-1.1-fix
|
||||||
%patch5 -p1 -b .cve-2016-7567
|
%patch5 -p1 -b .cve-2016-7567
|
||||||
%patch6 -p1 -b .cve-2017-17833
|
%patch6 -p1 -b .cve-2017-17833
|
||||||
|
%patch7 -p1 -b .cve-2019-5544
|
||||||
|
|
||||||
# tarball goof (?), it wants to re-automake anyway, so let's do it right.
|
# tarball goof (?), it wants to re-automake anyway, so let's do it right.
|
||||||
#libtoolize --force
|
#libtoolize --force
|
||||||
@ -98,7 +100,6 @@ export LDFLAGS="-pie -Wl,-z,now"
|
|||||||
--localstatedir=/var \
|
--localstatedir=/var \
|
||||||
--disable-dependency-tracking \
|
--disable-dependency-tracking \
|
||||||
--disable-static \
|
--disable-static \
|
||||||
--enable-slpv2-security \
|
|
||||||
--disable-rpath \
|
--disable-rpath \
|
||||||
--enable-async-api
|
--enable-async-api
|
||||||
|
|
||||||
@ -131,13 +132,8 @@ rm -rf $RPM_BUILD_ROOT/usr/doc
|
|||||||
rm -f $RPM_BUILD_ROOT%{_libdir}/lib*.la
|
rm -f $RPM_BUILD_ROOT%{_libdir}/lib*.la
|
||||||
|
|
||||||
|
|
||||||
%clean
|
|
||||||
rm -rf $RPM_BUILD_ROOT
|
|
||||||
|
|
||||||
|
%ldconfig_scriptlets
|
||||||
%post -p /sbin/ldconfig
|
|
||||||
|
|
||||||
%postun -p /sbin/ldconfig
|
|
||||||
|
|
||||||
%post server
|
%post server
|
||||||
%systemd_post slpd.service
|
%systemd_post slpd.service
|
||||||
@ -150,27 +146,24 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
|
|
||||||
|
|
||||||
%files
|
%files
|
||||||
%defattr(-,root,root)
|
|
||||||
%doc AUTHORS COPYING FAQ NEWS README THANKS
|
%doc AUTHORS COPYING FAQ NEWS README THANKS
|
||||||
%config(noreplace) %{_sysconfdir}/slp.conf
|
%config(noreplace) %{_sysconfdir}/slp.conf
|
||||||
%config(noreplace) %{_sysconfdir}/slp.spi
|
|
||||||
%{_bindir}/slptool
|
%{_bindir}/slptool
|
||||||
%{_libdir}/libslp.so.1*
|
%{_libdir}/libslp.so.1*
|
||||||
%{_mandir}/man1/*
|
%{_mandir}/man1/*
|
||||||
|
|
||||||
%files server
|
%files server
|
||||||
%defattr(-,root,root)
|
|
||||||
%doc doc/doc/html/IntroductionToSLP
|
%doc doc/doc/html/IntroductionToSLP
|
||||||
%doc doc/doc/html/UsersGuide
|
%doc doc/doc/html/UsersGuide
|
||||||
%doc doc/doc/html/faq*
|
%doc doc/doc/html/faq*
|
||||||
%{_sbindir}/slpd
|
%{_sbindir}/slpd
|
||||||
%config(noreplace) %{_sysconfdir}/slp.reg
|
%config(noreplace) %{_sysconfdir}/slp.reg
|
||||||
|
%config(noreplace) %{_sysconfdir}/slp.spi
|
||||||
%{_unitdir}/slpd.service
|
%{_unitdir}/slpd.service
|
||||||
%{_mandir}/man8/*
|
%{_mandir}/man8/*
|
||||||
/usr/lib/%{name}-server/slp-multicast-set.sh
|
/usr/lib/%{name}-server/slp-multicast-set.sh
|
||||||
|
|
||||||
%files devel
|
%files devel
|
||||||
%defattr(-,root,root)
|
|
||||||
%doc doc/doc/html/ProgrammersGuide
|
%doc doc/doc/html/ProgrammersGuide
|
||||||
%doc doc/doc/rfc
|
%doc doc/doc/rfc
|
||||||
%{_includedir}/slp.h
|
%{_includedir}/slp.h
|
||||||
@ -178,17 +171,50 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Thu Jul 21 2022 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.0.0-20
|
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.0.0-30
|
||||||
- Rebuild
|
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||||
Resolves: #2104692
|
Related: rhbz#1991688
|
||||||
|
|
||||||
* Tue Jun 15 2021 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.0.0-19
|
* Thu Jul 08 2021 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.0.0-29
|
||||||
- Move slp.spi from -server to the main package
|
- Explicitly disable use of deprecated SHA-1 algorithm
|
||||||
Resolves: #1965649
|
Resolves: #1936621
|
||||||
|
|
||||||
* Thu May 17 2018 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.0.0-18
|
* Tue Jun 22 2021 Mohan Boddu <mboddu@redhat.com> - 2.0.0-28
|
||||||
|
- Rebuilt for RHEL 9 BETA for openssl 3.0
|
||||||
|
Related: rhbz#1971065
|
||||||
|
|
||||||
|
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.0.0-27
|
||||||
|
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||||
|
|
||||||
|
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.0-26
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.0-25
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.0-24
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon Dec 09 2019 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.0.0-23
|
||||||
|
- Fix heap overwrite vulnerability, CVE-2019-5544
|
||||||
|
Resolves: #1780754
|
||||||
|
|
||||||
|
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.0-22
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.0-21
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.0-20
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Jun 28 2018 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.0.0-19
|
||||||
|
- Remove dependency on initscripts
|
||||||
|
Resolves: #1592378
|
||||||
|
|
||||||
|
* Wed May 09 2018 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.0.0-18
|
||||||
- Fix heap memory corruption, CVE-2017-17833
|
- Fix heap memory corruption, CVE-2017-17833
|
||||||
Resolves: #1575697
|
Related: #1572166
|
||||||
|
|
||||||
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.0-17
|
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.0-17
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
@ -1,6 +0,0 @@
|
|||||||
--- !Policy
|
|
||||||
product_versions:
|
|
||||||
- rhel-8
|
|
||||||
decision_context: osci_compose_gate
|
|
||||||
rules:
|
|
||||||
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
|
|
3
sources
3
sources
@ -1,3 +0,0 @@
|
|||||||
SHA512 (openslp-2.0.0.tar.gz) = e7627417d45d5d0cc83d6e13d62fe192702ce7b763f1b4fb51aa5da8285405b16a34c3ac4f0a1ecffdf59557b29ec7d24925941e56ddee277c8897162f597ade
|
|
||||||
SHA512 (slpd.8.gz) = 6b2af03fd3ecbf89d56ba70d2dc76bd677451ef53e5fd3b04e136752d09768f61dfac90c470a281885e5b07925db9ee1917e938c41d87260ac506ef1ec5596b2
|
|
||||||
SHA512 (slptool.1.gz) = 17084c34ff40c4c7cb16970b3b6b108c082c4252314648cd88efb77fb04657a93e32554915ad0f5c20491ba0e32ced5726fc32c2549d2a01409e7adf796e7e85
|
|
Loading…
Reference in New Issue
Block a user