.fmf/version

@@ -0,0 +1 @@
+1

.gitignore

@@ -1,6 +1,2 @@
-SOURCES/openslp-2.0.0.tar.gz
+openslp-1.2.1.tar.gz
-SOURCES/slpd.8.gz
-SOURCES/slptool.1.gz
 /openslp-2.0.0.tar.gz
-/slpd.8.gz
-/slptool.1.gz

gating.yaml

@@ -1,6 +1,6 @@
 --- !Policy
 product_versions:
-  - rhel-8
+  - rhel-10
 decision_context: osci_compose_gate
 rules:
-  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
+  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}

openslp-2.0.0-cve-2019-5544.patch

@@ -0,0 +1,165 @@
+diff -up openslp-2.0.0/common/slp_buffer.c.orig openslp-2.0.0/common/slp_buffer.c
+--- openslp-2.0.0/common/slp_buffer.c.orig	2012-12-11 00:31:53.000000000 +0100
++++ openslp-2.0.0/common/slp_buffer.c	2019-12-09 10:39:16.422058793 +0100
+@@ -30,6 +30,13 @@
+  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+  *-------------------------------------------------------------------------*/
+ 
++/* Copyright (c) 2019 VMware, Inc.
++ * SPDX-License-Identifier: BSD-3-Clause
++ * This file is provided under the BSD-3-Clause license.
++ * See COPYING file for more details and other copyrights
++ * that may apply.
++ */
++
+ /** Functions for managing SLP message buffers.
+  *
+  * This file provides a higher level abstraction over malloc and free that
+@@ -153,4 +160,20 @@ void SLPBufferFree(SLPBuffer buf)
+    xfree(buf);
+ }
+ 
++/** Report remaining free buffer size in bytes.
++ *
++ * Check if buffer is allocated and if so return bytes left in a
++ * @c SLPBuffer object.
++ *
++ * @param[in] buf The SLPBuffer to be freed.
++ */
++size_t
++RemainingBufferSpace(SLPBuffer buf)
++{
++   if (buf->allocated == 0) {
++      return 0;
++   }
++   return buf->end - buf->curpos;
++}
++
+ /*=========================================================================*/
+diff -up openslp-2.0.0/common/slp_buffer.h.orig openslp-2.0.0/common/slp_buffer.h
+--- openslp-2.0.0/common/slp_buffer.h.orig	2012-11-28 18:07:04.000000000 +0100
++++ openslp-2.0.0/common/slp_buffer.h	2019-12-09 10:39:16.422058793 +0100
+@@ -30,6 +30,13 @@
+  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+  *-------------------------------------------------------------------------*/
+ 
++/* Copyright (c) 2019 VMware, Inc.
++ * SPDX-License-Identifier: BSD-3-Clause
++ * This file is provided under the BSD-3-Clause license.
++ * See COPYING file for more details and other copyrights
++ * that may apply.
++ */
++
+ /** Header file that defines SLP message buffer management routines.
+  *
+  * Includes structures, constants and functions that used to handle memory 
+@@ -78,6 +85,8 @@ SLPBuffer SLPBufferListRemove(SLPBuffer
+ 
+ SLPBuffer SLPBufferListAdd(SLPBuffer * list, SLPBuffer buf);
+ 
++size_t RemainingBufferSpace(SLPBuffer buf);
++
+ /*! @} */
+ 
+ #endif /* SLP_BUFFER_H_INCLUDED */
+diff -up openslp-2.0.0/slpd/slpd_process.c.orig openslp-2.0.0/slpd/slpd_process.c
+--- openslp-2.0.0/slpd/slpd_process.c.orig	2019-12-09 10:39:16.420058789 +0100
++++ openslp-2.0.0/slpd/slpd_process.c	2019-12-09 10:39:16.422058793 +0100
+@@ -30,6 +30,13 @@
+  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+  *-------------------------------------------------------------------------*/
+ 
++/* Copyright (c) 2019 VMware, Inc.
++ * SPDX-License-Identifier: BSD-3-Clause
++ * This file is provided under the BSD-3-Clause license.
++ * See COPYING file for more details and other copyrights
++ * that may apply.
++ */
++
+ /** Processes incoming SLP messages.
+  *
+  * @file       slpd_process.c
+@@ -523,13 +530,27 @@ RESPOND:
+    {
+       for (i = 0; i < db->urlcount; i++)
+       {
+-         /* urlentry is the url from the db result */
+          urlentry = db->urlarray[i];
++         if (urlentry->opaque != NULL) {
++            const int64_t newsize = size + urlentry->opaquelen;
++            if (urlentry->opaquelen <= 0 || newsize > INT_MAX)
++            {
++               SLPDLog("Invalid opaquelen %d or sizeo of opaque url is too big, size=%d\n",
++                       urlentry->opaquelen, size);
++               errorcode = SLP_ERROR_PARSE_ERROR;
++               goto FINISHED;
++            }
++            size +=  urlentry->opaquelen;
++         }
++         else
++         {
++            /* urlentry is the url from the db result */
++            size += urlentry->urllen + 6; /*  1 byte for reserved  */
++                                          /*  2 bytes for lifetime */
++                                          /*  2 bytes for urllen   */
++                                          /*  1 byte for authcount */
++          }
+ 
+-         size += urlentry->urllen + 6; /*  1 byte for reserved  */
+-                                       /*  2 bytes for lifetime */
+-                                       /*  2 bytes for urllen   */
+-                                       /*  1 byte for authcount */
+ #ifdef ENABLE_SLPv2_SECURITY
+          /* make room to include the authblock that was asked for */
+          if (G_SlpdProperty.securityEnabled
+@@ -603,7 +624,7 @@ RESPOND:
+          urlentry = db->urlarray[i];
+ 
+ #ifdef ENABLE_SLPv1
+-         if (urlentry->opaque == 0)
++         if (urlentry->opaque == NULL)
+          {
+             /* url-entry reserved */
+             *result->curpos++ = 0;
+@@ -615,8 +636,18 @@ RESPOND:
+             PutUINT16(&result->curpos, urlentry->urllen);
+ 
+             /* url-entry url */
+-            memcpy(result->curpos, urlentry->url, urlentry->urllen);
+-            result->curpos += urlentry->urllen;
++            if (RemainingBufferSpace(result) >= urlentry->urllen)
++            {
++               memcpy(result->curpos, urlentry->url, urlentry->urllen);
++               result->curpos = result->curpos + urlentry->urllen;
++            }
++            else
++            {
++                SLPDLog("Url too big (ask: %d have %" PRId64 "), failing request\n",
++                        urlentry->opaquelen, (int64_t) RemainingBufferSpace(result));
++                errorcode = SLP_ERROR_PARSE_ERROR;
++                goto FINISHED;
++            }
+ 
+             /* url-entry auths */
+             *result->curpos++ = 0;
+@@ -630,8 +661,18 @@ RESPOND:
+ 
+             /* TRICKY: Fix up the lifetime. */
+             TO_UINT16(urlentry->opaque + 1, urlentry->lifetime);
+-            memcpy(result->curpos, urlentry->opaque, urlentry->opaquelen);
+-            result->curpos += urlentry->opaquelen;
++            if (RemainingBufferSpace(result) >= urlentry->opaquelen)
++            {
++               memcpy(result->curpos, urlentry->opaque, urlentry->opaquelen);
++               result->curpos = result->curpos + urlentry->opaquelen;
++             }
++             else
++             {
++               SLPDLog("Opaque Url too big (ask: %d have %" PRId64 "), failing request\n",
++                       urlentry->opaquelen, (int64_t) RemainingBufferSpace(result));
++               errorcode = SLP_ERROR_PARSE_ERROR;
++               goto FINISHED;
++             }
+          }
+       }
+    }

openslp.spec

@@ -2,9 +2,9 @@
 Summary: Open implementation of Service Location Protocol V2
 Name:    openslp
 Version: 2.0.0
-Release: 20%{?dist}
+Release: 38%{?dist}
 
-License: BSD
+License: BSD-3-Clause
 URL:     http://sourceforge.net/projects/openslp/
 Source0: http://downloads.sf.net/openslp/openslp-%{version}.tar.gz
 
@@ -30,7 +30,11 @@ Patch5:  openslp-2.0.0-cve-2016-7567.patch
 #   denial of service or potentially code execution,
 #   backported form upstream, CVE-2017-17833
 Patch6:  openslp-2.0.0-cve-2017-17833.patch
+# Patch7: fixes a heap overwrite vulnerability
+#   leading to remote code execution
+Patch7:  openslp-2.0.0-cve-2019-5544.patch
 
+BuildRequires: make
 BuildRequires: automake libtool
 BuildRequires: bison
 BuildRequires: flex 
@@ -55,9 +59,6 @@ OpenSLP header files and libraries.
 %package server
 Summary: OpenSLP server daemon
 Requires: %{name}%{?_isa} = %{version}-%{release}
-Requires(preun): chkconfig, /sbin/service
-Requires(post): chkconfig
-Requires(postun): /sbin/service
 Requires: iproute
 %description server
 OpenSLP server daemon to dynamically register services.
@@ -72,6 +73,7 @@ OpenSLP server daemon to dynamically register services.
 %patch4 -p1 -b .openssl-1.1-fix
 %patch5 -p1 -b .cve-2016-7567
 %patch6 -p1 -b .cve-2017-17833
+%patch7 -p1 -b .cve-2019-5544
 
 # tarball goof (?), it wants to re-automake anyway, so let's do it right.
 #libtoolize --force
@@ -98,7 +100,6 @@ export LDFLAGS="-pie -Wl,-z,now"
   --localstatedir=/var \
   --disable-dependency-tracking \
   --disable-static \
-  --enable-slpv2-security \
   --disable-rpath \
   --enable-async-api
 
@@ -131,13 +132,8 @@ rm -rf $RPM_BUILD_ROOT/usr/doc
 rm -f  $RPM_BUILD_ROOT%{_libdir}/lib*.la
 
 
-%clean
-rm -rf $RPM_BUILD_ROOT
 
-
+%ldconfig_scriptlets
-%post -p /sbin/ldconfig
-
-%postun -p /sbin/ldconfig
 
 %post server
 %systemd_post slpd.service
@@ -150,27 +146,24 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %files
-%defattr(-,root,root)
 %doc AUTHORS COPYING FAQ NEWS README THANKS
 %config(noreplace) %{_sysconfdir}/slp.conf
-%config(noreplace) %{_sysconfdir}/slp.spi
 %{_bindir}/slptool
 %{_libdir}/libslp.so.1*
 %{_mandir}/man1/*
 
 %files server
-%defattr(-,root,root)
 %doc doc/doc/html/IntroductionToSLP
 %doc doc/doc/html/UsersGuide
 %doc doc/doc/html/faq*
 %{_sbindir}/slpd
 %config(noreplace) %{_sysconfdir}/slp.reg
+%config(noreplace) %{_sysconfdir}/slp.spi
 %{_unitdir}/slpd.service
 %{_mandir}/man8/*
 /usr/lib/%{name}-server/slp-multicast-set.sh
 
 %files devel
-%defattr(-,root,root)
 %doc doc/doc/html/ProgrammersGuide
 %doc doc/doc/rfc
 %{_includedir}/slp.h
@@ -178,17 +171,74 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
-* Thu Jul 21 2022 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.0.0-20
+* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 2.0.0-38
-- Rebuild
+- Bump release for October 2024 mass rebuild:
-  Resolves: #2104692
+  Resolves: RHEL-64018
 
-* Tue Jun 15 2021 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.0.0-19
+* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 2.0.0-37
-- Move slp.spi from -server to the main package
+- Bump release for June 2024 mass rebuild
-  Resolves: #1965649
 
-* Thu May 17 2018 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.0.0-18
+* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.0-36
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.0-35
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.0-34
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Tue Apr 25 2023 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.0.0-33
+- SPDX migration
+
+* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.0-32
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.0-31
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.0-30
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.0-29
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Wed Mar 17 2021 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.0.0-28
+- Don't enable SLPv2 Security feature - it is disabled during run of
+  configure script anyway as it uses deprecated crypto
+
+* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.0.0-27
+- Rebuilt for updated systemd-rpm-macros
+  See https://pagure.io/fesco/issue/2583.
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.0-26
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.0-25
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.0-24
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Mon Dec 09 2019 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.0.0-23
+- Fix heap overwrite vulnerability, CVE-2019-5544
+  Resolves: #1780754
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.0-22
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.0-21
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.0-20
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Thu Jun 28 2018 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.0.0-19
+- Remove dependency on initscripts
+  Resolves: #1592378
+
+* Wed May 09 2018 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.0.0-18
 - Fix heap memory corruption, CVE-2017-17833
-  Resolves: #1575697
+  Related: #1572166
 
 * Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.0-17
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

plans/tier1.fmf

@@ -0,0 +1,16 @@
+---
+
+summary: Tier1 plan for openslp
+
+discover:
+  how: fmf
+  url: https://pkgs.devel.redhat.com/git/tests/openslp
+  ref: master
+  filter: tier:1
+
+execute:
+  how: tmt
+
+adjust:
+    enabled: false
+    when: distro == centos-stream or distro == fedora

sources

@@ -1,3 +1 @@
-SHA512 (openslp-2.0.0.tar.gz) = e7627417d45d5d0cc83d6e13d62fe192702ce7b763f1b4fb51aa5da8285405b16a34c3ac4f0a1ecffdf59557b29ec7d24925941e56ddee277c8897162f597ade
+18cf7940bcc444e32592cf34e84f833f  openslp-2.0.0.tar.gz
-SHA512 (slpd.8.gz) = 6b2af03fd3ecbf89d56ba70d2dc76bd677451ef53e5fd3b04e136752d09768f61dfac90c470a281885e5b07925db9ee1917e938c41d87260ac506ef1ec5596b2
-SHA512 (slptool.1.gz) = 17084c34ff40c4c7cb16970b3b6b108c082c4252314648cd88efb77fb04657a93e32554915ad0f5c20491ba0e32ced5726fc32c2549d2a01409e7adf796e7e85