From 17585dc16d96ab4faa0e0dced8aaa6d0a9f4ec5b Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Oct 30 2018 05:07:20 +0000
Subject: import libtirpc-0.2.4-0.15.el7


---

diff --git a/SOURCES/libtirpc-0.2.4-covscan.patch b/SOURCES/libtirpc-0.2.4-covscan.patch
new file mode 100644
index 0000000..32adc91
--- /dev/null
+++ b/SOURCES/libtirpc-0.2.4-covscan.patch
@@ -0,0 +1,147 @@
+diff -up libtirpc-0.2.4/src/auth_gss.c.orig libtirpc-0.2.4/src/auth_gss.c
+--- libtirpc-0.2.4/src/auth_gss.c.orig	2017-05-25 09:53:19.659862958 -0400
++++ libtirpc-0.2.4/src/auth_gss.c	2018-09-11 13:16:34.644008111 -0400
+@@ -176,6 +176,7 @@ authgss_create(CLIENT *clnt, gss_name_t
+ 			rpc_createerr.cf_stat = RPC_SYSTEMERROR;
+ 			rpc_createerr.cf_error.re_errno = ENOMEM;
+ 			free(auth);
++			free(gd);
+ 			return (NULL);
+ 		}
+ 	}
+diff -up libtirpc-0.2.4/src/clnt_bcast.c.orig libtirpc-0.2.4/src/clnt_bcast.c
+--- libtirpc-0.2.4/src/clnt_bcast.c.orig	2017-05-25 09:53:19.659862958 -0400
++++ libtirpc-0.2.4/src/clnt_bcast.c	2018-09-11 13:16:34.644008111 -0400
+@@ -297,6 +297,7 @@ rpc_broadcast_exp(prog, vers, proc, xarg
+ 	if (nettype == NULL)
+ 		nettype = "datagram_n";
+ 	if ((handle = __rpc_setconf(nettype)) == NULL) {
++		AUTH_DESTROY(sys_auth);
+ 		return (RPC_UNKNOWNPROTO);
+ 	}
+ 	while ((nconf = __rpc_getconf(handle)) != NULL) {
+diff -up libtirpc-0.2.4/src/getnetconfig.c.orig libtirpc-0.2.4/src/getnetconfig.c
+--- libtirpc-0.2.4/src/getnetconfig.c.orig	2013-12-09 15:59:51.000000000 -0500
++++ libtirpc-0.2.4/src/getnetconfig.c	2018-09-11 13:16:34.644008111 -0400
+@@ -710,6 +710,8 @@ struct netconfig	*ncp;
+     p->nc_lookups = (char **)malloc((size_t)(p->nc_nlookups+1) * sizeof(char *));
+     if (p->nc_lookups == NULL) {
+ 	free(p->nc_netid);
++	free(p);
++	free(tmp);
+ 	return(NULL);
+     }
+     for (i=0; i < p->nc_nlookups; i++) {
+diff -up libtirpc-0.2.4/src/getnetpath.c.orig libtirpc-0.2.4/src/getnetpath.c
+--- libtirpc-0.2.4/src/getnetpath.c.orig	2013-12-09 15:59:51.000000000 -0500
++++ libtirpc-0.2.4/src/getnetpath.c	2018-09-11 13:16:34.645008107 -0400
+@@ -90,6 +90,7 @@ setnetpath()
+     }
+     if ((np_sessionp->nc_handlep = setnetconfig()) == NULL) {
+ 	syslog (LOG_ERR, "rpc: failed to open " NETCONFIG);
++	free(np_sessionp);
+ 	return (NULL);
+     }
+     np_sessionp->valid = NP_VALID;
+diff -up libtirpc-0.2.4/src/rpcb_clnt.c.orig libtirpc-0.2.4/src/rpcb_clnt.c
+--- libtirpc-0.2.4/src/rpcb_clnt.c.orig	2017-05-25 09:53:19.660862942 -0400
++++ libtirpc-0.2.4/src/rpcb_clnt.c	2018-09-11 13:16:34.645008107 -0400
+@@ -493,6 +493,7 @@ try_nconf:
+ 		if (tmpnconf == NULL) {
+  			rpc_createerr.cf_stat = RPC_UNKNOWNPROTO;
+ 			mutex_unlock(&loopnconf_lock);
++			endnetconfig(nc_handle);
+ 			return (NULL);
+ 		}
+ 		loopnconf = getnetconfigent(tmpnconf->nc_netid);
+diff -up libtirpc-0.2.4/src/rpc_generic.c.orig libtirpc-0.2.4/src/rpc_generic.c
+--- libtirpc-0.2.4/src/rpc_generic.c.orig	2017-05-25 09:53:19.669862794 -0400
++++ libtirpc-0.2.4/src/rpc_generic.c	2018-09-11 13:16:34.645008107 -0400
+@@ -320,6 +320,7 @@ __rpc_setconf(nettype)
+ 		handle->nflag = FALSE;
+ 		break;
+ 	default:
++		free(handle);
+ 		return (NULL);
+ 	}
+ 
+diff -up libtirpc-0.2.4/src/rpc_soc.c.orig libtirpc-0.2.4/src/rpc_soc.c
+--- libtirpc-0.2.4/src/rpc_soc.c.orig	2013-12-09 15:59:51.000000000 -0500
++++ libtirpc-0.2.4/src/rpc_soc.c	2018-09-11 13:16:34.645008107 -0400
+@@ -627,15 +627,17 @@ svcunix_create(sock, sendsize, recvsize,
+ 		    strcmp(nconf->nc_protofmly, NC_LOOPBACK) == 0)
+ 			break;
+ 	}
+-	if (nconf == NULL)
++	if (nconf == NULL) {
++		endnetconfig(localhandle);
+ 		return(xprt);
++	}
+ 
+ 	if ((sock = __rpc_nconf2fd(nconf)) < 0)
+ 		goto done;
+ 
+ 	memset(&sun, 0, sizeof sun);
+ 	sun.sun_family = AF_LOCAL;
+-	strncpy(sun.sun_path, path, sizeof(sun.sun_path));
++	strncpy(sun.sun_path, path, (sizeof(sun.sun_path)-1));
+ 	addrlen = sizeof(struct sockaddr_un);
+ 	sa = (struct sockaddr *)&sun;
+ 
+@@ -656,6 +658,8 @@ svcunix_create(sock, sendsize, recvsize,
+ 	}
+ 
+ 	xprt = (SVCXPRT *)svc_tli_create(sock, nconf, &taddr, sendsize, recvsize);
++	if (xprt == NULL)
++		close(sock);
+ 
+ done:
+ 	endnetconfig(localhandle);
+diff -up libtirpc-0.2.4/src/rtime.c.orig libtirpc-0.2.4/src/rtime.c
+--- libtirpc-0.2.4/src/rtime.c.orig	2017-05-25 09:53:19.667862827 -0400
++++ libtirpc-0.2.4/src/rtime.c	2018-09-11 13:16:34.645008107 -0400
+@@ -90,6 +90,7 @@ rtime(addrp, timep, timeout)
+ 
+ 	/* TCP and UDP port are the same in this case */
+ 	if ((serv = getservbyname("time", "tcp")) == NULL) {
++		do_close(s);
+ 		return(-1);
+ 	}
+ 
+diff -up libtirpc-0.2.4/src/svc_generic.c.orig libtirpc-0.2.4/src/svc_generic.c
+--- libtirpc-0.2.4/src/svc_generic.c.orig	2017-05-25 09:53:19.657862991 -0400
++++ libtirpc-0.2.4/src/svc_generic.c	2018-09-11 13:16:34.645008107 -0400
+@@ -112,6 +112,7 @@ svc_create(dispatch, prognum, versnum, n
+ 				if (l == NULL) {
+ 					warnx("svc_create: no memory");
+ 					mutex_unlock(&xprtlist_lock);
++					__rpc_endconf(handle);
+ 					return (0);
+ 				}
+ 				l->xprt = xprt;
+diff -up libtirpc-0.2.4/src/svc_simple.c.orig libtirpc-0.2.4/src/svc_simple.c
+--- libtirpc-0.2.4/src/svc_simple.c.orig	2013-12-09 15:59:51.000000000 -0500
++++ libtirpc-0.2.4/src/svc_simple.c	2018-09-11 13:16:34.646008103 -0400
+@@ -158,6 +158,7 @@ rpc_reg(prognum, versnum, procnum, progn
+ 				((netid = strdup(nconf->nc_netid)) == NULL)) {
+ 				warnx(rpc_reg_err, rpc_reg_msg, __no_mem_str);
+ 				SVC_DESTROY(svcxprt);
++				free(xdrbuf);
+ 				break;
+ 			}
+ 			madenow = TRUE;
+diff -up libtirpc-0.2.4/src/xdr.c.orig libtirpc-0.2.4/src/xdr.c
+--- libtirpc-0.2.4/src/xdr.c.orig	2017-05-25 09:53:19.669862794 -0400
++++ libtirpc-0.2.4/src/xdr.c	2017-05-25 11:50:19.154648294 -0400
+@@ -636,9 +636,11 @@ xdr_bytes(xdrs, cpp, sizep, maxsize)
+ 	/*
+ 	 * first deal with the length since xdr bytes are counted
+ 	 */
++	
+ 	if (! xdr_u_int(xdrs, sizep)) {
+ 		return (FALSE);
+ 	}
++
+ 	nodesize = *sizep;
+ 	if ((nodesize > maxsize) && (xdrs->x_op != XDR_FREE)) {
+ 		return (FALSE);
diff --git a/SOURCES/libtirpc-0.2.4-xdrstdio.patch b/SOURCES/libtirpc-0.2.4-xdrstdio.patch
new file mode 100644
index 0000000..0b701c0
--- /dev/null
+++ b/SOURCES/libtirpc-0.2.4-xdrstdio.patch
@@ -0,0 +1,42 @@
+diff -up libtirpc-0.2.4/src/xdr_stdio.c.orig libtirpc-0.2.4/src/xdr_stdio.c
+--- libtirpc-0.2.4/src/xdr_stdio.c.orig	2013-12-09 15:59:51.000000000 -0500
++++ libtirpc-0.2.4/src/xdr_stdio.c	2018-07-20 12:19:18.682840483 -0400
+@@ -39,6 +39,7 @@
+  */
+ 
+ #include <stdio.h>
++#include <stdint.h>
+ 
+ #include <arpa/inet.h>
+ #include <rpc/types.h>
+@@ -104,10 +105,12 @@ xdrstdio_getlong(xdrs, lp)
+ 	XDR *xdrs;
+ 	long *lp;
+ {
++	int32_t mycopy;
+ 
+-	if (fread(lp, sizeof(int32_t), 1, (FILE *)xdrs->x_private) != 1)
++	if (fread(&mycopy, sizeof(int32_t), 1, (FILE *)xdrs->x_private) != 1)
+ 		return (FALSE);
+-	*lp = (long)ntohl((u_int32_t)*lp);
++
++	*lp = (long)ntohl(mycopy);
+ 	return (TRUE);
+ }
+ 
+@@ -116,8 +119,14 @@ xdrstdio_putlong(xdrs, lp)
+ 	XDR *xdrs;
+ 	const long *lp;
+ {
+-	long mycopy = (long)htonl((u_int32_t)*lp);
++	int32_t mycopy;
++
++#if defined(_LP64)
++	if ((*lp > UINT32_MAX) || (*lp < INT32_MIN))
++		return (FALSE);
++#endif
+ 
++	mycopy = (int32_t)htonl((int32_t)*lp);
+ 	if (fwrite(&mycopy, sizeof(int32_t), 1, (FILE *)xdrs->x_private) != 1)
+ 		return (FALSE);
+ 	return (TRUE);
diff --git a/SPECS/libtirpc.spec b/SPECS/libtirpc.spec
index 36151e1..d0c060a 100644
--- a/SPECS/libtirpc.spec
+++ b/SPECS/libtirpc.spec
@@ -2,11 +2,11 @@
 
 Name:		   libtirpc
 Version:		0.2.4
-Release:		0.10%{?dist}
+Release:		0.15%{?dist}
 Summary:		Transport Independent RPC Library
 Group:		  	System Environment/Libraries
 License:		SISSL and BSD
-URL:  			http://nfsv4.bullopensource.org/
+URL:  			http://git.linux-nfs.org/?p=steved/libtirpc.git;a=summary
 
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Source0:	http://downloads.sourceforge.net/libtirpc/libtirpc-%{version}.tar.bz2
@@ -39,6 +39,11 @@ Patch007: libtirpc-0.2.4-clnt-mthr-create.patch
 Patch008: libtirpc-0.2.4-makefd_xprt-fd.patch
 Patch009: libtirpc-0.2.4-CVE-2017-8779.patch
 
+#
+# RHEL7.6
+Patch010: libtirpc-0.2.4-xdrstdio.patch
+Patch011: libtirpc-0.2.4-covscan.patch
+
 %description
 This package contains SunLib's implementation of transport-independent
 RPC (TI-RPC) documentation.  This library forms a piece of the base of 
@@ -82,6 +87,10 @@ developing programs which use the tirpc library.
 %patch008 -p1
 #  CVE-2017-8779 libtirpc: libtirpc, libntirpc: Memory leak....
 %patch009 -p1
+# 1261738 - xdrstdio_create buffers do not output encoded values on ppc
+%patch010 -p1
+# 1627856 - Backport important issues found by covscan in...
+%patch011 -p1
 
 # Remove .orig files
 find . -name "*.orig" | xargs rm -f
@@ -170,6 +179,21 @@ rm -rf %{buildroot}
 %{_mandir}/*/*
 
 %changelog
+* Wed Sep 19 2018 Steve Dickson <steved@redhat.com> 0.2.4-0.15
+- Fixed typo in spec file (bz 1627856)
+
+* Fri Sep 14 2018 Steve Dickson <steved@redhat.com> 0.2.4-0.14
+- Removed a false positive from the covscan (bz 1627856)
+
+* Tue Sep 11 2018 Steve Dickson <steved@redhat.com> 0.2.4-0.13
+- Fix issues found from covscan (bz 1627856)
+
+* Fri Jul 20 2018 Steve Dickson <steved@redhat.com> 0.2.4-0.12
+- xdrstdio_create buffers do not output encoded values on ppc (bz 1261738)
+
+* Tue Jul 10 2018 Steve Dickson <steved@redhat.com> 0.2.4-0.11
+- Updated the URL (bz 1583922)
+
 * Wed May 17 2017 Steve Dickson <steved@redhat.com> 0.2.4-0.10
 - Fix for CVE-2017-8779 (bz 1449463)