* [morty][PATCH 01/13] unfs3: Fix build with musl
@ 2018-03-15 17:29 Richard Purdie
2018-03-15 17:29 ` [morty][PATCH 02/13] libtirpc: Backport fixes from 1.0.2rc3 Richard Purdie
` (11 more replies)
0 siblings, 12 replies; 13+ messages in thread
From: Richard Purdie @ 2018-03-15 17:29 UTC (permalink / raw)
To: openembedded-core
From: Khem Raj <raj.khem@gmail.com>
Should also fix build on new build hosts where
with glibc 2.27 rpc support is dropped in favor
of libtirpc
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
meta/conf/distro/include/world-broken.inc | 5 ---
.../0001-daemon.c-Libtirpc-porting-fixes.patch | 37 ++++++++++++++++++++++
meta/recipes-devtools/unfs3/unfs3_0.9.22.r497.bb | 10 ++++--
3 files changed, 44 insertions(+), 8 deletions(-)
create mode 100644 meta/recipes-devtools/unfs3/unfs3/0001-daemon.c-Libtirpc-porting-fixes.patch
diff --git a/meta/conf/distro/include/world-broken.inc b/meta/conf/distro/include/world-broken.inc
index d4bdddf..0166963 100644
--- a/meta/conf/distro/include/world-broken.inc
+++ b/meta/conf/distro/include/world-broken.inc
@@ -5,11 +5,6 @@
# rt-tests needs PI mutex support in libc
EXCLUDE_FROM_WORLD_pn-rt-tests_libc-musl = "1"
-# error: no member named 'sin_port' in 'struct sockaddr_in6'
-# this is due to libtirpc using ipv6 but portmap rpc expecting ipv4
-EXCLUDE_FROM_WORLD_pn-portmap_libc-musl = "1"
-EXCLUDE_FROM_WORLD_pn-unfs3_libc-musl = "1"
-
# error: use of undeclared identifier '_STAT_VER'
EXCLUDE_FROM_WORLD_pn-pseudo_libc-musl = "1"
diff --git a/meta/recipes-devtools/unfs3/unfs3/0001-daemon.c-Libtirpc-porting-fixes.patch b/meta/recipes-devtools/unfs3/unfs3/0001-daemon.c-Libtirpc-porting-fixes.patch
new file mode 100644
index 0000000..6eee674
--- /dev/null
+++ b/meta/recipes-devtools/unfs3/unfs3/0001-daemon.c-Libtirpc-porting-fixes.patch
@@ -0,0 +1,37 @@
+From c7a2a65d6c2a433312540c207860740d6e4e7629 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Sun, 11 Mar 2018 17:32:54 -0700
+Subject: [PATCH] daemon.c: Libtirpc porting fixes
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+Upstream-Status: Pending
+
+ daemon.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/daemon.c b/daemon.c
+index 22f30f6..028a181 100644
+--- a/daemon.c
++++ b/daemon.c
+@@ -117,7 +117,7 @@ void logmsg(int prio, const char *fmt, ...)
+ */
+ struct in_addr get_remote(struct svc_req *rqstp)
+ {
+- return (svc_getcaller(rqstp->rq_xprt))->sin_addr;
++ return ((struct sockaddr_in*)svc_getcaller(rqstp->rq_xprt))->sin_addr;
+ }
+
+ /*
+@@ -125,7 +125,7 @@ struct in_addr get_remote(struct svc_req *rqstp)
+ */
+ short get_port(struct svc_req *rqstp)
+ {
+- return (svc_getcaller(rqstp->rq_xprt))->sin_port;
++ return ((struct sockaddr_in*)svc_getcaller(rqstp->rq_xprt))->sin_port;
+ }
+
+ /*
+--
+2.16.2
+
diff --git a/meta/recipes-devtools/unfs3/unfs3_0.9.22.r497.bb b/meta/recipes-devtools/unfs3/unfs3_0.9.22.r497.bb
index e7574fb..fd9a5cd 100644
--- a/meta/recipes-devtools/unfs3/unfs3_0.9.22.r497.bb
+++ b/meta/recipes-devtools/unfs3/unfs3_0.9.22.r497.bb
@@ -9,9 +9,11 @@ RECIPE_UPSTREAM_DATE = "Oct 08, 2015"
CHECK_DATE = "Dec 10, 2015"
DEPENDS = "flex-native bison-native flex"
-DEPENDS_append_libc-musl = " libtirpc"
+DEPENDS += "libtirpc"
DEPENDS_append_class-nativesdk = " flex-nativesdk"
+ASNEEDED = ""
+
MOD_PV = "497"
S = "${WORKDIR}/trunk"
SRC_URI = "svn://svn.code.sf.net/p/unfs3/code;module=trunk;rev=${MOD_PV};protocol=http \
@@ -22,7 +24,8 @@ SRC_URI = "svn://svn.code.sf.net/p/unfs3/code;module=trunk;rev=${MOD_PV};protoco
file://rename_fh_cache.patch \
file://relative_max_socket_path_len.patch \
file://tcp_no_delay.patch \
- "
+ file://0001-daemon.c-Libtirpc-porting-fixes.patch \
+ "
SRC_URI[md5sum] = "3687acc4ee992e536472365dd99712a7"
SRC_URI[sha256sum] = "274b43ada9c6eea1da26eb7010d72889c5278984ba0b50dff4e093057d4d64f8"
@@ -30,7 +33,8 @@ BBCLASSEXTEND = "native nativesdk"
inherit autotools
EXTRA_OECONF_append_class-native = " --sbindir=${bindir}"
-CFLAGS_append_libc-musl = " -I${STAGING_INCDIR}/tirpc"
+CFLAGS += " -I${STAGING_INCDIR}/tirpc"
+LDFLAGS += " -ltirpc"
# Turn off these header detects else the inode search
# will walk entire file systems and this is a real problem
--
2.7.4
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [morty][PATCH 02/13] libtirpc: Backport fixes from 1.0.2rc3
2018-03-15 17:29 [morty][PATCH 01/13] unfs3: Fix build with musl Richard Purdie
@ 2018-03-15 17:29 ` Richard Purdie
2018-03-15 17:29 ` [morty][PATCH 03/13] libtirpc: Expose key_secretkey_is_set API Richard Purdie
` (10 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: Richard Purdie @ 2018-03-15 17:29 UTC (permalink / raw)
To: openembedded-core
From: Khem Raj <raj.khem@gmail.com>
These fixes are needed for it to work with gcc7
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
...d-missing-rwlock_unlocks-in-xprt_register.patch | 62 --
.../libtirpc/libtirpc/libtirpc-1.0.2-rc3.patch | 743 +++++++++++++++++++++
.../libtirpc/remove-des-functionality.patch | 39 +-
meta/recipes-extended/libtirpc/libtirpc_1.0.1.bb | 4 +-
4 files changed, 762 insertions(+), 86 deletions(-)
delete mode 100644 meta/recipes-extended/libtirpc/libtirpc/0001-Add-missing-rwlock_unlocks-in-xprt_register.patch
create mode 100644 meta/recipes-extended/libtirpc/libtirpc/libtirpc-1.0.2-rc3.patch
diff --git a/meta/recipes-extended/libtirpc/libtirpc/0001-Add-missing-rwlock_unlocks-in-xprt_register.patch b/meta/recipes-extended/libtirpc/libtirpc/0001-Add-missing-rwlock_unlocks-in-xprt_register.patch
deleted file mode 100644
index 50613ba..0000000
--- a/meta/recipes-extended/libtirpc/libtirpc/0001-Add-missing-rwlock_unlocks-in-xprt_register.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-Subject: [PATCH] Add missing rwlock_unlocks in xprt_register
-
-It looks like in b2c9430f46c4ac848957fb8adaac176a3f6ac03f when svc_run
-switched to poll, an early return was added, but the rwlock was not
-unlocked.
-
-I observed that rpcbind built against libtirpc-1.0.1 would handle only
-one request before hanging, and tracked it down to a missing
-rwlock_unlock here.
-
-Fixes: b2c9430f46c4 ('Use poll() instead of select() in svc_run()')
-
-Upstream-Status: Backport
-
-Signed-off-by: Michael Forney <mforney@mforney.org>
-Signed-off-by: Steve Dickson <steved@redhat.com>
-Signed-off-by: Maxin B. John <maxin.john@intel.com>
----
- src/svc.c | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/src/svc.c b/src/svc.c
-index 9c41445..b59467b 100644
---- a/src/svc.c
-+++ b/src/svc.c
-@@ -99,7 +99,7 @@ xprt_register (xprt)
- {
- __svc_xports = (SVCXPRT **) calloc (_rpc_dtablesize(), sizeof (SVCXPRT *));
- if (__svc_xports == NULL)
-- return;
-+ goto unlock;
- }
- if (sock < _rpc_dtablesize())
- {
-@@ -120,14 +120,14 @@ xprt_register (xprt)
- svc_pollfd[i].fd = sock;
- svc_pollfd[i].events = (POLLIN | POLLPRI |
- POLLRDNORM | POLLRDBAND);
-- return;
-+ goto unlock;
- }
-
- new_svc_pollfd = (struct pollfd *) realloc (svc_pollfd,
- sizeof (struct pollfd)
- * (svc_max_pollfd + 1));
- if (new_svc_pollfd == NULL) /* Out of memory */
-- return;
-+ goto unlock;
- svc_pollfd = new_svc_pollfd;
- ++svc_max_pollfd;
-
-@@ -135,6 +135,7 @@ xprt_register (xprt)
- svc_pollfd[svc_max_pollfd - 1].events = (POLLIN | POLLPRI |
- POLLRDNORM | POLLRDBAND);
- }
-+unlock:
- rwlock_unlock (&svc_fd_lock);
- }
-
---
-2.5.3
-
diff --git a/meta/recipes-extended/libtirpc/libtirpc/libtirpc-1.0.2-rc3.patch b/meta/recipes-extended/libtirpc/libtirpc/libtirpc-1.0.2-rc3.patch
new file mode 100644
index 0000000..113dabe
--- /dev/null
+++ b/meta/recipes-extended/libtirpc/libtirpc/libtirpc-1.0.2-rc3.patch
@@ -0,0 +1,743 @@
+Backport the 1.0.2 RC3 changes, this fixes issues with gcc7
+
+Upstream-Status: Backport
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+diff --git a/src/Makefile.am b/src/Makefile.am
+index e4ed8aa..fba2aa4 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -24,7 +24,7 @@ libtirpc_la_SOURCES = auth_none.c auth_unix.c authunix_prot.c bindresvport.c cln
+ rpcb_st_xdr.c svc.c svc_auth.c svc_dg.c svc_auth_unix.c svc_auth_none.c \
+ svc_auth_des.c \
+ svc_generic.c svc_raw.c svc_run.c svc_simple.c svc_vc.c getpeereid.c \
+- auth_time.c auth_des.c authdes_prot.c debug.c
++ auth_time.c auth_des.c authdes_prot.c debug.c des_crypt.c des_impl.c
+
+ ## XDR
+ libtirpc_la_SOURCES += xdr.c xdr_rec.c xdr_array.c xdr_float.c xdr_mem.c xdr_reference.c xdr_stdio.c xdr_sizeof.c
+diff --git a/src/auth_des.c b/src/auth_des.c
+index 4d3639e..af2f61f 100644
+--- a/src/auth_des.c
++++ b/src/auth_des.c
+@@ -46,8 +46,8 @@
+ #include <rpc/clnt.h>
+ #include <rpc/xdr.h>
+ #include <sys/socket.h>
+-#undef NIS
+-#include <rpcsvc/nis.h>
++
++#include "nis.h"
+
+ #if defined(LIBC_SCCS) && !defined(lint)
+ #endif
+diff --git a/src/auth_gss.c b/src/auth_gss.c
+index 9b88c38..5959893 100644
+--- a/src/auth_gss.c
++++ b/src/auth_gss.c
+@@ -526,6 +526,14 @@ _rpc_gss_refresh(AUTH *auth, rpc_gss_options_ret_t *options_ret)
+ gr.gr_major != GSS_S_CONTINUE_NEEDED)) {
+ options_ret->major_status = gr.gr_major;
+ options_ret->minor_status = gr.gr_minor;
++ if (call_stat != RPC_SUCCESS) {
++ struct rpc_err err;
++ clnt_geterr(gd->clnt, &err);
++ LIBTIRPC_DEBUG(1, ("authgss_refresh: %s errno: %s",
++ clnt_sperrno(call_stat), strerror(err.re_errno)));
++ } else
++ gss_log_status("authgss_refresh:",
++ gr.gr_major, gr.gr_minor);
+ return FALSE;
+ }
+
+diff --git a/src/auth_time.c b/src/auth_time.c
+index 10e58eb..7f83ab4 100644
+--- a/src/auth_time.c
++++ b/src/auth_time.c
+@@ -44,8 +44,8 @@
+ #include <rpc/rpcb_prot.h>
+ //#include <clnt_soc.h>
+ #include <sys/select.h>
+-#undef NIS
+-#include <rpcsvc/nis.h>
++
++#include "nis.h"
+
+
+ #ifdef TESTING
+diff --git a/src/des_impl.c b/src/des_impl.c
+index c5b7ed6..9dbccaf 100644
+--- a/src/des_impl.c
++++ b/src/des_impl.c
+@@ -6,7 +6,8 @@
+ /* see <http://www.gnu.org/licenses/> to obtain a copy. */
+ #include <string.h>
+ #include <stdint.h>
+-#include <rpc/rpc_des.h>
++#include <sys/types.h>
++#include <rpc/des.h>
+
+
+ static const uint32_t des_SPtrans[8][64] =
+diff --git a/src/getpublickey.c b/src/getpublickey.c
+index 764a5f9..8cf4dc2 100644
+--- a/src/getpublickey.c
++++ b/src/getpublickey.c
+@@ -38,8 +38,10 @@
+ #include <pwd.h>
+ #include <rpc/rpc.h>
+ #include <rpc/key_prot.h>
++#ifdef YP
+ #include <rpcsvc/yp_prot.h>
+ #include <rpcsvc/ypclnt.h>
++#endif
+ #include <string.h>
+ #include <stdlib.h>
+
+diff --git a/src/nis.h b/src/nis.h
+new file mode 100644
+index 0000000..588c041
+--- /dev/null
++++ b/src/nis.h
+@@ -0,0 +1,70 @@
++/*
++ * Copyright (c) 2010, Oracle America, Inc.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions are
++ * met:
++ *
++ * * Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ * * Redistributions in binary form must reproduce the above
++ * copyright notice, this list of conditions and the following
++ * disclaimer in the documentation and/or other materials
++ * provided with the distribution.
++ * * Neither the name of the "Oracle America, Inc." nor the names of its
++ * contributors may be used to endorse or promote products derived
++ * from this software without specific prior written permission.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
++ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
++ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
++ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
++ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
++ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
++ * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
++ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
++ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
++ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
++ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ */
++
++#ifndef _INTERNAL_NIS_H
++#define _INTERNAL_NIS_H 1
++
++/* This file only contains the definition of nis_server, to be
++ able to compile libtirpc without the need to have a glibc
++ with sunrpc or a libnsl already installed. */
++
++#define NIS_PK_NONE 0
++
++struct nis_attr {
++ char *zattr_ndx;
++ struct {
++ u_int zattr_val_len;
++ char *zattr_val_val;
++ } zattr_val;
++};
++typedef struct nis_attr nis_attr;
++
++typedef char *nis_name;
++
++struct endpoint {
++ char *uaddr;
++ char *family;
++ char *proto;
++};
++typedef struct endpoint endpoint;
++
++struct nis_server {
++ nis_name name;
++ struct {
++ u_int ep_len;
++ endpoint *ep_val;
++ } ep;
++ uint32_t key_type;
++ netobj pkey;
++};
++typedef struct nis_server nis_server;
++
++#endif /* ! _INTERNAL_NIS_H */
+diff --git a/src/rpc_dtablesize.c b/src/rpc_dtablesize.c
+index 13d320c..3fe503a 100644
+--- a/src/rpc_dtablesize.c
++++ b/src/rpc_dtablesize.c
+@@ -27,22 +27,14 @@
+ */
+
+ #include <unistd.h>
+-
+ #include <sys/select.h>
+-
+-int _rpc_dtablesize(void); /* XXX */
++#include <rpc/clnt.h>
++#include <rpc/rpc_com.h>
+
+ /*
+ * Cache the result of getdtablesize(), so we don't have to do an
+ * expensive system call every time.
+ */
+-/*
+- * XXX In FreeBSD 2.x, you can have the maximum number of open file
+- * descriptors be greater than FD_SETSIZE (which us 256 by default).
+- *
+- * Since old programs tend to use this call to determine the first arg
+- * for _select(), having this return > FD_SETSIZE is a Bad Idea(TM)!
+- */
+ int
+ _rpc_dtablesize(void)
+ {
+diff --git a/src/rpc_soc.c b/src/rpc_soc.c
+index 1ec7b3f..ed0892a 100644
+--- a/src/rpc_soc.c
++++ b/src/rpc_soc.c
+@@ -61,8 +61,8 @@
+ #include <string.h>
+ #include <unistd.h>
+ #include <fcntl.h>
+-#include <rpcsvc/nis.h>
+
++#include "nis.h"
+ #include "rpc_com.h"
+
+ extern mutex_t rpcsoc_lock;
+diff --git a/src/rtime.c b/src/rtime.c
+index c34e0af..b642840 100644
+--- a/src/rtime.c
++++ b/src/rtime.c
+@@ -46,6 +46,7 @@
+ #include <unistd.h>
+ #include <errno.h>
+ #include <sys/types.h>
++#include <sys/poll.h>
+ #include <sys/socket.h>
+ #include <sys/time.h>
+ #include <netinet/in.h>
+@@ -67,7 +68,8 @@ rtime(addrp, timep, timeout)
+ struct timeval *timeout;
+ {
+ int s;
+- fd_set readfds;
++ struct pollfd fd;
++ int milliseconds;
+ int res;
+ unsigned long thetime;
+ struct sockaddr_in from;
+@@ -94,31 +96,32 @@ rtime(addrp, timep, timeout)
+ addrp->sin_port = serv->s_port;
+
+ if (type == SOCK_DGRAM) {
+- res = sendto(s, (char *)&thetime, sizeof(thetime), 0,
++ res = sendto(s, (char *)&thetime, sizeof(thetime), 0,
+ (struct sockaddr *)addrp, sizeof(*addrp));
+ if (res < 0) {
+ do_close(s);
+- return(-1);
++ return(-1);
+ }
+- do {
+- FD_ZERO(&readfds);
+- FD_SET(s, &readfds);
+- res = select(_rpc_dtablesize(), &readfds,
+- (fd_set *)NULL, (fd_set *)NULL, timeout);
+- } while (res < 0 && errno == EINTR);
++
++ milliseconds = (timeout->tv_sec * 1000) + (timeout->tv_usec / 1000);
++ fd.fd = s;
++ fd.events = POLLIN;
++ do
++ res = poll (&fd, 1, milliseconds);
++ while (res < 0 && errno == EINTR);
+ if (res <= 0) {
+ if (res == 0) {
+ errno = ETIMEDOUT;
+ }
+ do_close(s);
+- return(-1);
++ return(-1);
+ }
+ fromlen = sizeof(from);
+- res = recvfrom(s, (char *)&thetime, sizeof(thetime), 0,
++ res = recvfrom(s, (char *)&thetime, sizeof(thetime), 0,
+ (struct sockaddr *)&from, &fromlen);
+ do_close(s);
+ if (res < 0) {
+- return(-1);
++ return(-1);
+ }
+ } else {
+ if (connect(s, (struct sockaddr *)addrp, sizeof(*addrp)) < 0) {
+diff --git a/src/svc.c b/src/svc.c
+index 9c41445..b59467b 100644
+--- a/src/svc.c
++++ b/src/svc.c
+@@ -99,7 +99,7 @@ xprt_register (xprt)
+ {
+ __svc_xports = (SVCXPRT **) calloc (_rpc_dtablesize(), sizeof (SVCXPRT *));
+ if (__svc_xports == NULL)
+- return;
++ goto unlock;
+ }
+ if (sock < _rpc_dtablesize())
+ {
+@@ -120,14 +120,14 @@ xprt_register (xprt)
+ svc_pollfd[i].fd = sock;
+ svc_pollfd[i].events = (POLLIN | POLLPRI |
+ POLLRDNORM | POLLRDBAND);
+- return;
++ goto unlock;
+ }
+
+ new_svc_pollfd = (struct pollfd *) realloc (svc_pollfd,
+ sizeof (struct pollfd)
+ * (svc_max_pollfd + 1));
+ if (new_svc_pollfd == NULL) /* Out of memory */
+- return;
++ goto unlock;
+ svc_pollfd = new_svc_pollfd;
+ ++svc_max_pollfd;
+
+@@ -135,6 +135,7 @@ xprt_register (xprt)
+ svc_pollfd[svc_max_pollfd - 1].events = (POLLIN | POLLPRI |
+ POLLRDNORM | POLLRDBAND);
+ }
++unlock:
+ rwlock_unlock (&svc_fd_lock);
+ }
+
+diff --git a/src/svc_auth_des.c b/src/svc_auth_des.c
+index 5bc264c..2e90146 100644
+--- a/src/svc_auth_des.c
++++ b/src/svc_auth_des.c
+@@ -86,13 +86,13 @@ static struct cache_entry *authdes_cache/* [AUTHDES_CACHESZ] */;
+ static short *authdes_lru/* [AUTHDES_CACHESZ] */;
+
+ static void cache_init(); /* initialize the cache */
+-static short cache_spot(); /* find an entry in the cache */
+-static void cache_ref(/*short sid*/); /* note that sid was ref'd */
++static short cache_spot(des_block *key, char *name, struct timeval *timestamp); /* find an entry in the cache */
++static void cache_ref(short sid); /* note that sid was ref'd */
+
+-static void invalidate(); /* invalidate entry in cache */
++static void invalidate(char *cred); /* invalidate entry in cache */
+
+ /*
+- * cache statistics
++ * cache statistics
+ */
+ static struct {
+ u_long ncachehits; /* times cache hit, and is not replay */
+diff --git a/src/svc_auth_gss.c b/src/svc_auth_gss.c
+index b6aa407..bece46a 100644
+--- a/src/svc_auth_gss.c
++++ b/src/svc_auth_gss.c
+@@ -129,6 +129,8 @@ struct svc_rpc_gss_data {
+ ((struct svc_rpc_gss_data *)(auth)->svc_ah_private)
+
+ /* Global server credentials. */
++static u_int _svcauth_req_time = 0;
++static gss_OID_set_desc _svcauth_oid_set = {1, GSS_C_NULL_OID };
+ static gss_cred_id_t _svcauth_gss_creds;
+ static gss_name_t _svcauth_gss_name = GSS_C_NO_NAME;
+ static char * _svcauth_svc_name = NULL;
+@@ -167,6 +169,7 @@ svcauth_gss_import_name(char *service)
+ gss_name_t name;
+ gss_buffer_desc namebuf;
+ OM_uint32 maj_stat, min_stat;
++ bool_t result;
+
+ gss_log_debug("in svcauth_gss_import_name()");
+
+@@ -181,22 +184,21 @@ svcauth_gss_import_name(char *service)
+ maj_stat, min_stat);
+ return (FALSE);
+ }
+- if (svcauth_gss_set_svc_name(name) != TRUE) {
+- gss_release_name(&min_stat, &name);
+- return (FALSE);
+- }
+- return (TRUE);
++ result = svcauth_gss_set_svc_name(name);
++ gss_release_name(&min_stat, &name);
++ return result;
+ }
+
+ static bool_t
+-svcauth_gss_acquire_cred(u_int req_time, gss_OID_set_desc *oid_set)
++svcauth_gss_acquire_cred(void)
+ {
+ OM_uint32 maj_stat, min_stat;
+
+ gss_log_debug("in svcauth_gss_acquire_cred()");
+
+- maj_stat = gss_acquire_cred(&min_stat, _svcauth_gss_name, req_time,
+- oid_set, GSS_C_ACCEPT,
++ maj_stat = gss_acquire_cred(&min_stat, _svcauth_gss_name,
++ _svcauth_req_time, &_svcauth_oid_set,
++ GSS_C_ACCEPT,
+ &_svcauth_gss_creds, NULL, NULL);
+
+ if (maj_stat != GSS_S_COMPLETE) {
+@@ -300,6 +302,8 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst,
+ NULL,
+ &gd->deleg);
+
++ xdr_free((xdrproc_t)xdr_rpc_gss_init_args, (caddr_t)&recv_tok);
++
+ if (gr->gr_major != GSS_S_COMPLETE &&
+ gr->gr_major != GSS_S_CONTINUE_NEEDED) {
+ gss_log_status("svcauth_gss_accept_sec_context: accept_sec_context",
+@@ -352,8 +356,11 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst,
+ return (FALSE);
+
+ rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS;
+- rqst->rq_xprt->xp_verf.oa_base = checksum.value;
++ memcpy(rqst->rq_xprt->xp_verf.oa_base, checksum.value,
++ checksum.length);
+ rqst->rq_xprt->xp_verf.oa_length = checksum.length;
++
++ gss_release_buffer(&min_stat, &checksum);
+ }
+ return (TRUE);
+ }
+@@ -435,10 +442,13 @@ svcauth_gss_nextverf(struct svc_req *rqst, u_int num)
+ maj_stat, min_stat);
+ return (FALSE);
+ }
++
+ rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS;
+- rqst->rq_xprt->xp_verf.oa_base = (caddr_t)checksum.value;
++ memcpy(rqst->rq_xprt->xp_verf.oa_base, checksum.value, checksum.length);
+ rqst->rq_xprt->xp_verf.oa_length = (u_int)checksum.length;
+
++ gss_release_buffer(&min_stat, &checksum);
++
+ return (TRUE);
+ }
+
+@@ -568,6 +578,8 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
+ gss_qop_t qop;
+ struct svcauth_gss_cache_entry **ce;
+ time_t now;
++ enum auth_stat result = AUTH_OK;
++ OM_uint32 min_stat;
+
+ gss_log_debug("in svcauth_gss()");
+
+@@ -621,19 +633,25 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
+ XDR_DESTROY(&xdrs);
+
+ /* Check version. */
+- if (gc->gc_v != RPCSEC_GSS_VERSION)
+- return (AUTH_BADCRED);
++ if (gc->gc_v != RPCSEC_GSS_VERSION) {
++ result = AUTH_BADCRED;
++ goto out;
++ }
+
+ /* Check RPCSEC_GSS service. */
+ if (gc->gc_svc != RPCSEC_GSS_SVC_NONE &&
+ gc->gc_svc != RPCSEC_GSS_SVC_INTEGRITY &&
+- gc->gc_svc != RPCSEC_GSS_SVC_PRIVACY)
+- return (AUTH_BADCRED);
++ gc->gc_svc != RPCSEC_GSS_SVC_PRIVACY) {
++ result = AUTH_BADCRED;
++ goto out;
++ }
+
+ /* Check sequence number. */
+ if (gd->established) {
+- if (gc->gc_seq > MAXSEQ)
+- return (RPCSEC_GSS_CTXPROBLEM);
++ if (gc->gc_seq > MAXSEQ) {
++ result = RPCSEC_GSS_CTXPROBLEM;
++ goto out;
++ }
+
+ if ((offset = gd->seqlast - gc->gc_seq) < 0) {
+ gd->seqlast = gc->gc_seq;
+@@ -643,7 +661,8 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
+ }
+ else if (offset >= gd->win || (gd->seqmask & (1 << offset))) {
+ *no_dispatch = 1;
+- return (RPCSEC_GSS_CTXPROBLEM);
++ result = RPCSEC_GSS_CTXPROBLEM;
++ goto out;
+ }
+ gd->seq = gc->gc_seq;
+ gd->seqmask |= (1 << offset);
+@@ -654,35 +673,52 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
+ rqst->rq_svcname = (char *)gd->ctx;
+ }
+
++ rqst->rq_xprt->xp_verf.oa_base = msg->rm_call.cb_verf.oa_base;
++
+ /* Handle RPCSEC_GSS control procedure. */
+ switch (gc->gc_proc) {
+
+ case RPCSEC_GSS_INIT:
+ case RPCSEC_GSS_CONTINUE_INIT:
+- if (rqst->rq_proc != NULLPROC)
+- return (AUTH_FAILED); /* XXX ? */
++ if (rqst->rq_proc != NULLPROC) {
++ result = AUTH_FAILED; /* XXX ? */
++ break;
++ }
+
+ if (_svcauth_gss_name == GSS_C_NO_NAME) {
+- if (!svcauth_gss_import_name("nfs"))
+- return (AUTH_FAILED);
++ if (!svcauth_gss_import_name("nfs")) {
++ result = AUTH_FAILED;
++ break;
++ }
+ }
+
+- if (!svcauth_gss_acquire_cred(0, GSS_C_NULL_OID_SET))
+- return (AUTH_FAILED);
++ if (!svcauth_gss_acquire_cred()) {
++ result = AUTH_FAILED;
++ break;
++ }
+
+- if (!svcauth_gss_accept_sec_context(rqst, &gr))
+- return (AUTH_REJECTEDCRED);
++ if (!svcauth_gss_accept_sec_context(rqst, &gr)) {
++ result = AUTH_REJECTEDCRED;
++ break;
++ }
+
+- if (!svcauth_gss_nextverf(rqst, htonl(gr.gr_win)))
+- return (AUTH_FAILED);
++ if (!svcauth_gss_nextverf(rqst, htonl(gr.gr_win))) {
++ result = AUTH_FAILED;
++ break;
++ }
+
+ *no_dispatch = TRUE;
+
+ call_stat = svc_sendreply(rqst->rq_xprt,
+ (xdrproc_t)xdr_rpc_gss_init_res, (caddr_t)&gr);
+
+- if (!call_stat)
+- return (AUTH_FAILED);
++ gss_release_buffer(&min_stat, &gr.gr_token);
++ free(gr.gr_ctx.value);
++
++ if (!call_stat) {
++ result = AUTH_FAILED;
++ break;
++ }
+
+ if (gr.gr_major == GSS_S_COMPLETE)
+ gd->established = TRUE;
+@@ -690,27 +726,37 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
+ break;
+
+ case RPCSEC_GSS_DATA:
+- if (!svcauth_gss_validate(gd, msg, &qop))
+- return (RPCSEC_GSS_CREDPROBLEM);
++ if (!svcauth_gss_validate(gd, msg, &qop)) {
++ result = RPCSEC_GSS_CREDPROBLEM;
++ break;
++ }
+
+- if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq)))
+- return (AUTH_FAILED);
++ if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) {
++ result = AUTH_FAILED;
++ break;
++ }
+
+ if (!gd->callback_done) {
+ gd->callback_done = TRUE;
+ gd->sec.qop = qop;
+ (void)rpc_gss_num_to_qop(gd->rcred.mechanism,
+ gd->sec.qop, &gd->rcred.qop);
+- if (!svcauth_gss_callback(rqst, gd))
+- return (AUTH_REJECTEDCRED);
++ if (!svcauth_gss_callback(rqst, gd)) {
++ result = AUTH_REJECTEDCRED;
++ break;
++ }
+ }
+
+ if (gd->locked) {
+ if (gd->rcred.service !=
+- _rpc_gss_svc_to_service(gc->gc_svc))
+- return (AUTH_FAILED);
+- if (gd->sec.qop != qop)
+- return (AUTH_BADVERF);
++ _rpc_gss_svc_to_service(gc->gc_svc)) {
++ result = AUTH_FAILED;
++ break;
++ }
++ if (gd->sec.qop != qop) {
++ result = AUTH_BADVERF;
++ break;
++ }
+ }
+
+ if (gd->sec.qop != qop) {
+@@ -724,17 +770,25 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
+ break;
+
+ case RPCSEC_GSS_DESTROY:
+- if (rqst->rq_proc != NULLPROC)
+- return (AUTH_FAILED); /* XXX ? */
++ if (rqst->rq_proc != NULLPROC) {
++ result = AUTH_FAILED; /* XXX ? */
++ break;
++ }
+
+- if (!svcauth_gss_validate(gd, msg, &qop))
+- return (RPCSEC_GSS_CREDPROBLEM);
++ if (!svcauth_gss_validate(gd, msg, &qop)) {
++ result = RPCSEC_GSS_CREDPROBLEM;
++ break;
++ }
+
+- if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq)))
+- return (AUTH_FAILED);
++ if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) {
++ result = AUTH_FAILED;
++ break;
++ }
+
+- if (!svcauth_gss_release_cred())
+- return (AUTH_FAILED);
++ if (!svcauth_gss_release_cred()) {
++ result = AUTH_FAILED;
++ break;
++ }
+
+ SVCAUTH_DESTROY(&SVC_XP_AUTH(rqst->rq_xprt));
+ SVC_XP_AUTH(rqst->rq_xprt).svc_ah_ops = svc_auth_none.svc_ah_ops;
+@@ -743,10 +797,12 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
+ break;
+
+ default:
+- return (AUTH_REJECTEDCRED);
++ result = AUTH_REJECTEDCRED;
+ break;
+ }
+- return (AUTH_OK);
++out:
++ xdr_free((xdrproc_t)xdr_rpc_gss_cred, (caddr_t)gc);
++ return result;
+ }
+
+ static bool_t
+@@ -890,7 +946,6 @@ bool_t
+ rpc_gss_set_svc_name(char *principal, char *mechanism, u_int req_time,
+ u_int UNUSED(program), u_int UNUSED(version))
+ {
+- gss_OID_set_desc oid_set;
+ rpc_gss_OID oid;
+ char *save;
+
+@@ -902,14 +957,13 @@ rpc_gss_set_svc_name(char *principal, char *mechanism, u_int req_time,
+
+ if (!rpc_gss_mech_to_oid(mechanism, &oid))
+ goto out_err;
+- oid_set.count = 1;
+- oid_set.elements = (gss_OID)oid;
+
+ if (!svcauth_gss_import_name(principal))
+ goto out_err;
+- if (!svcauth_gss_acquire_cred(req_time, &oid_set))
+- goto out_err;
+
++ _svcauth_req_time = req_time;
++ _svcauth_oid_set.count = 1;
++ _svcauth_oid_set.elements = (gss_OID)oid;
+ free(_svcauth_svc_name);
+ _svcauth_svc_name = save;
+ return TRUE;
+diff --git a/src/svc_vc.c b/src/svc_vc.c
+index 6ae613d..97a76a3 100644
+--- a/src/svc_vc.c
++++ b/src/svc_vc.c
+@@ -270,14 +270,8 @@ makefd_xprt(fd, sendsize, recvsize)
+ struct cf_conn *cd;
+ const char *netid;
+ struct __rpc_sockinfo si;
+-
+- assert(fd != -1);
+
+- if (fd >= FD_SETSIZE) {
+- warnx("svc_vc: makefd_xprt: fd too high\n");
+- xprt = NULL;
+- goto done;
+- }
++ assert(fd != -1);
+
+ xprt = mem_alloc(sizeof(SVCXPRT));
+ if (xprt == NULL) {
+@@ -338,22 +332,10 @@ rendezvous_request(xprt, msg)
+ r = (struct cf_rendezvous *)xprt->xp_p1;
+ again:
+ len = sizeof addr;
+- if ((sock = accept(xprt->xp_fd, (struct sockaddr *)(void *)&addr,
+- &len)) < 0) {
++ sock = accept(xprt->xp_fd, (struct sockaddr *)(void *)&addr, &len);
++ if (sock < 0) {
+ if (errno == EINTR)
+ goto again;
+-
+- if (errno == EMFILE || errno == ENFILE) {
+- /* If there are no file descriptors available, then accept will fail.
+- We want to delay here so the connection request can be dequeued;
+- otherwise we can bounce between polling and accepting, never
+- giving the request a chance to dequeue and eating an enormous
+- amount of cpu time in svc_run if we're polling on many file
+- descriptors. */
+- struct timespec ts = { .tv_sec = 0, .tv_nsec = 50000000 };
+- nanosleep (&ts, NULL);
+- goto again;
+- }
+ return (FALSE);
+ }
+ /*
+diff --git a/tirpc/rpc/des.h b/tirpc/rpc/des.h
+index d2881ad..018aa48 100644
+--- a/tirpc/rpc/des.h
++++ b/tirpc/rpc/des.h
+@@ -82,6 +82,6 @@ struct desparams {
+ /*
+ * Software DES.
+ */
+-extern int _des_crypt( char *, int, struct desparams * );
++extern int _des_crypt( char *, unsigned, struct desparams * );
+
+ #endif
+diff --git a/tirpc/rpc/rpcent.h b/tirpc/rpc/rpcent.h
+index 147f909..e07503c 100644
+--- a/tirpc/rpc/rpcent.h
++++ b/tirpc/rpc/rpcent.h
+@@ -60,10 +60,11 @@ struct rpcent {
+ extern struct rpcent *getrpcbyname(const char *);
+ extern struct rpcent *getrpcbynumber(int);
+ extern struct rpcent *getrpcent(void);
+-#endif
+
+ extern void setrpcent(int);
+ extern void endrpcent(void);
++#endif
++
+ #ifdef __cplusplus
+ }
+ #endif
diff --git a/meta/recipes-extended/libtirpc/libtirpc/remove-des-functionality.patch b/meta/recipes-extended/libtirpc/libtirpc/remove-des-functionality.patch
index 512e934..31e9774 100644
--- a/meta/recipes-extended/libtirpc/libtirpc/remove-des-functionality.patch
+++ b/meta/recipes-extended/libtirpc/libtirpc/remove-des-functionality.patch
@@ -6,21 +6,22 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Maxin B. John <maxin.john@intel.com>
---
-diff -Naur libtirpc-1.0.1-orig/src/Makefile.am libtirpc-1.0.1/src/Makefile.am
---- libtirpc-1.0.1-orig/src/Makefile.am 2015-10-30 17:15:14.000000000 +0200
-+++ libtirpc-1.0.1/src/Makefile.am 2015-12-21 15:56:17.094702429 +0200
-@@ -22,9 +22,8 @@
+Index: libtirpc-1.0.1/src/Makefile.am
+===================================================================
+--- libtirpc-1.0.1.orig/src/Makefile.am
++++ libtirpc-1.0.1/src/Makefile.am
+@@ -22,9 +22,8 @@ libtirpc_la_SOURCES = auth_none.c auth_u
pmap_prot.c pmap_prot2.c pmap_rmt.c rpc_prot.c rpc_commondata.c \
rpc_callmsg.c rpc_generic.c rpc_soc.c rpcb_clnt.c rpcb_prot.c \
rpcb_st_xdr.c svc.c svc_auth.c svc_dg.c svc_auth_unix.c svc_auth_none.c \
- svc_auth_des.c \
svc_generic.c svc_raw.c svc_run.c svc_simple.c svc_vc.c getpeereid.c \
-- auth_time.c auth_des.c authdes_prot.c debug.c
+- auth_time.c auth_des.c authdes_prot.c debug.c des_crypt.c des_impl.c
+ debug.c
## XDR
libtirpc_la_SOURCES += xdr.c xdr_rec.c xdr_array.c xdr_float.c xdr_mem.c xdr_reference.c xdr_stdio.c xdr_sizeof.c
-@@ -41,8 +40,8 @@
+@@ -41,8 +40,8 @@ if GSS
libtirpc_la_CFLAGS = -DHAVE_RPCSEC_GSS $(GSSAPI_CFLAGS)
endif
@@ -31,18 +32,11 @@ diff -Naur libtirpc-1.0.1-orig/src/Makefile.am libtirpc-1.0.1/src/Makefile.am
CLEANFILES = cscope.* *~
DISTCLEANFILES = Makefile.in
-diff -Naur libtirpc-1.0.1-orig/src/rpc_soc.c libtirpc-1.0.1/src/rpc_soc.c
---- libtirpc-1.0.1-orig/src/rpc_soc.c 2015-10-30 17:15:14.000000000 +0200
-+++ libtirpc-1.0.1/src/rpc_soc.c 2015-12-21 15:56:17.095702416 +0200
-@@ -61,7 +61,6 @@
- #include <string.h>
- #include <unistd.h>
- #include <fcntl.h>
--#include <rpcsvc/nis.h>
-
- #include "rpc_com.h"
-
-@@ -522,86 +521,6 @@
+Index: libtirpc-1.0.1/src/rpc_soc.c
+===================================================================
+--- libtirpc-1.0.1.orig/src/rpc_soc.c
++++ libtirpc-1.0.1/src/rpc_soc.c
+@@ -522,86 +522,6 @@ clnt_broadcast(prog, vers, proc, xargs,
}
/*
@@ -129,10 +123,11 @@ diff -Naur libtirpc-1.0.1-orig/src/rpc_soc.c libtirpc-1.0.1/src/rpc_soc.c
* Create a client handle for a unix connection. Obsoleted by clnt_vc_create()
*/
CLIENT *
-diff -Naur libtirpc-1.0.1-orig/src/svc_auth.c libtirpc-1.0.1/src/svc_auth.c
---- libtirpc-1.0.1-orig/src/svc_auth.c 2015-10-30 17:15:14.000000000 +0200
-+++ libtirpc-1.0.1/src/svc_auth.c 2015-12-21 15:56:17.095702416 +0200
-@@ -114,9 +114,6 @@
+Index: libtirpc-1.0.1/src/svc_auth.c
+===================================================================
+--- libtirpc-1.0.1.orig/src/svc_auth.c
++++ libtirpc-1.0.1/src/svc_auth.c
+@@ -114,9 +114,6 @@ _gss_authenticate(rqst, msg, no_dispatch
case AUTH_SHORT:
dummy = _svcauth_short(rqst, msg);
return (dummy);
diff --git a/meta/recipes-extended/libtirpc/libtirpc_1.0.1.bb b/meta/recipes-extended/libtirpc/libtirpc_1.0.1.bb
index e321d47..8ba5475 100644
--- a/meta/recipes-extended/libtirpc/libtirpc_1.0.1.bb
+++ b/meta/recipes-extended/libtirpc/libtirpc_1.0.1.bb
@@ -11,8 +11,8 @@ PROVIDES = "virtual/librpc"
SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BP}.tar.bz2;name=libtirpc \
${GENTOO_MIRROR}/${BPN}-glibc-nfs.tar.xz;name=glibc-nfs \
+ file://libtirpc-1.0.2-rc3.patch \
file://libtirpc-0.2.1-fortify.patch \
- file://0001-Add-missing-rwlock_unlocks-in-xprt_register.patch \
"
SRC_URI_append_libc-uclibc = " file://remove-des-functionality.patch \
@@ -32,7 +32,7 @@ inherit autotools pkgconfig
EXTRA_OECONF = "--disable-gssapi"
do_configure_prepend () {
- cp -r ${S}/../tirpc ${S}
+ cp -r ${WORKDIR}/tirpc ${S}
}
do_install_append() {
--
2.7.4
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [morty][PATCH 03/13] libtirpc: Expose key_secretkey_is_set API
2018-03-15 17:29 [morty][PATCH 01/13] unfs3: Fix build with musl Richard Purdie
2018-03-15 17:29 ` [morty][PATCH 02/13] libtirpc: Backport fixes from 1.0.2rc3 Richard Purdie
@ 2018-03-15 17:29 ` Richard Purdie
2018-03-15 17:30 ` [morty][PATCH 04/13] libtirpc: Enable des APIs for musl Richard Purdie
` (9 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: Richard Purdie @ 2018-03-15 17:29 UTC (permalink / raw)
To: openembedded-core
From: Khem Raj <raj.khem@gmail.com>
libnsl needs this API
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
.../libtirpc/export_key_secretkey_is_set.patch | 24 ++++++++++++++++++++++
meta/recipes-extended/libtirpc/libtirpc_1.0.1.bb | 1 +
2 files changed, 25 insertions(+)
create mode 100644 meta/recipes-extended/libtirpc/libtirpc/export_key_secretkey_is_set.patch
diff --git a/meta/recipes-extended/libtirpc/libtirpc/export_key_secretkey_is_set.patch b/meta/recipes-extended/libtirpc/libtirpc/export_key_secretkey_is_set.patch
new file mode 100644
index 0000000..a276ba2
--- /dev/null
+++ b/meta/recipes-extended/libtirpc/libtirpc/export_key_secretkey_is_set.patch
@@ -0,0 +1,24 @@
+Add key_secretkey_is_set to exported symbols map
+
+key_secret_is_set is a typo in libtirpc map
+Patch taken from
+
+https://sourceforge.net/p/libtirpc/discussion/637321/thread/fd73d431/
+
+Upstream-Status: Pending
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+Index: libtirpc-1.0.1/src/libtirpc.map
+===================================================================
+--- libtirpc-1.0.1.orig/src/libtirpc.map
++++ libtirpc-1.0.1/src/libtirpc.map
+@@ -298,7 +298,7 @@ TIRPC_0.3.2 {
+ key_gendes;
+ key_get_conv;
+ key_setsecret;
+- key_secret_is_set;
++ key_secretkey_is_set;
+ key_setnet;
+ netname2host;
+ netname2user;
diff --git a/meta/recipes-extended/libtirpc/libtirpc_1.0.1.bb b/meta/recipes-extended/libtirpc/libtirpc_1.0.1.bb
index 8ba5475..b96abc4 100644
--- a/meta/recipes-extended/libtirpc/libtirpc_1.0.1.bb
+++ b/meta/recipes-extended/libtirpc/libtirpc_1.0.1.bb
@@ -13,6 +13,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BP}.tar.bz2;name=libtirpc \
${GENTOO_MIRROR}/${BPN}-glibc-nfs.tar.xz;name=glibc-nfs \
file://libtirpc-1.0.2-rc3.patch \
file://libtirpc-0.2.1-fortify.patch \
+ file://export_key_secretkey_is_set.patch \
"
SRC_URI_append_libc-uclibc = " file://remove-des-functionality.patch \
--
2.7.4
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [morty][PATCH 04/13] libtirpc: Enable des APIs for musl
2018-03-15 17:29 [morty][PATCH 01/13] unfs3: Fix build with musl Richard Purdie
2018-03-15 17:29 ` [morty][PATCH 02/13] libtirpc: Backport fixes from 1.0.2rc3 Richard Purdie
2018-03-15 17:29 ` [morty][PATCH 03/13] libtirpc: Expose key_secretkey_is_set API Richard Purdie
@ 2018-03-15 17:30 ` Richard Purdie
2018-03-15 17:30 ` [morty][PATCH 05/13] libtirpc: Fix build error due to missing stdint.h> include Richard Purdie
` (8 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: Richard Purdie @ 2018-03-15 17:30 UTC (permalink / raw)
To: openembedded-core
From: Khem Raj <raj.khem@gmail.com>
Use memset() API instead of __bzero()
Drop the patch removing des_* functions for musl
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
.../0001-replace-__bzero-with-memset-API.patch | 30 +++++
.../libtirpc/remove-des-functionality.patch | 139 ---------------------
meta/recipes-extended/libtirpc/libtirpc_1.0.1.bb | 5 +-
3 files changed, 33 insertions(+), 141 deletions(-)
create mode 100644 meta/recipes-extended/libtirpc/libtirpc/0001-replace-__bzero-with-memset-API.patch
delete mode 100644 meta/recipes-extended/libtirpc/libtirpc/remove-des-functionality.patch
diff --git a/meta/recipes-extended/libtirpc/libtirpc/0001-replace-__bzero-with-memset-API.patch b/meta/recipes-extended/libtirpc/libtirpc/0001-replace-__bzero-with-memset-API.patch
new file mode 100644
index 0000000..d2b4da6
--- /dev/null
+++ b/meta/recipes-extended/libtirpc/libtirpc/0001-replace-__bzero-with-memset-API.patch
@@ -0,0 +1,30 @@
+From 20badc3e3608953fb5b36bb2e16fa51bd731aebc Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Tue, 18 Apr 2017 09:35:35 -0700
+Subject: [PATCH] replace __bzero() with memset() API
+
+memset is available across all libc implementation
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+Upstream-Status: Pending
+
+ src/des_impl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/des_impl.c b/src/des_impl.c
+index 9dbccaf..15bec2a 100644
+--- a/src/des_impl.c
++++ b/src/des_impl.c
+@@ -588,7 +588,7 @@ _des_crypt (char *buf, unsigned len, struct desparams *desp)
+ }
+ tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
+ tbuf[0] = tbuf[1] = 0;
+- __bzero (schedule, sizeof (schedule));
++ memset (schedule, 0, sizeof (schedule));
+
+ return (1);
+ }
+--
+2.12.2
+
diff --git a/meta/recipes-extended/libtirpc/libtirpc/remove-des-functionality.patch b/meta/recipes-extended/libtirpc/libtirpc/remove-des-functionality.patch
deleted file mode 100644
index 31e9774..0000000
--- a/meta/recipes-extended/libtirpc/libtirpc/remove-des-functionality.patch
+++ /dev/null
@@ -1,139 +0,0 @@
-uclibc and musl does not provide des functionality. Lets disable it.
-
-Upstream-Status: Inappropriate [uclibc and musl specific]
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
-Signed-off-by: Maxin B. John <maxin.john@intel.com>
----
-Index: libtirpc-1.0.1/src/Makefile.am
-===================================================================
---- libtirpc-1.0.1.orig/src/Makefile.am
-+++ libtirpc-1.0.1/src/Makefile.am
-@@ -22,9 +22,8 @@ libtirpc_la_SOURCES = auth_none.c auth_u
- pmap_prot.c pmap_prot2.c pmap_rmt.c rpc_prot.c rpc_commondata.c \
- rpc_callmsg.c rpc_generic.c rpc_soc.c rpcb_clnt.c rpcb_prot.c \
- rpcb_st_xdr.c svc.c svc_auth.c svc_dg.c svc_auth_unix.c svc_auth_none.c \
-- svc_auth_des.c \
- svc_generic.c svc_raw.c svc_run.c svc_simple.c svc_vc.c getpeereid.c \
-- auth_time.c auth_des.c authdes_prot.c debug.c des_crypt.c des_impl.c
-+ debug.c
-
- ## XDR
- libtirpc_la_SOURCES += xdr.c xdr_rec.c xdr_array.c xdr_float.c xdr_mem.c xdr_reference.c xdr_stdio.c xdr_sizeof.c
-@@ -41,8 +40,8 @@ if GSS
- libtirpc_la_CFLAGS = -DHAVE_RPCSEC_GSS $(GSSAPI_CFLAGS)
- endif
-
--libtirpc_la_SOURCES += key_call.c key_prot_xdr.c getpublickey.c
--libtirpc_la_SOURCES += netname.c netnamer.c rpcdname.c rtime.c
-+#libtirpc_la_SOURCES += key_call.c key_prot_xdr.c getpublickey.c
-+#libtirpc_la_SOURCES += netname.c netnamer.c rpcdname.c rtime.c
-
- CLEANFILES = cscope.* *~
- DISTCLEANFILES = Makefile.in
-Index: libtirpc-1.0.1/src/rpc_soc.c
-===================================================================
---- libtirpc-1.0.1.orig/src/rpc_soc.c
-+++ libtirpc-1.0.1/src/rpc_soc.c
-@@ -522,86 +522,6 @@ clnt_broadcast(prog, vers, proc, xargs,
- }
-
- /*
-- * Create the client des authentication object. Obsoleted by
-- * authdes_seccreate().
-- */
--AUTH *
--authdes_create(servername, window, syncaddr, ckey)
-- char *servername; /* network name of server */
-- u_int window; /* time to live */
-- struct sockaddr *syncaddr; /* optional hostaddr to sync with */
-- des_block *ckey; /* optional conversation key to use */
--{
-- AUTH *nauth;
-- char hostname[NI_MAXHOST];
--
-- if (syncaddr) {
-- /*
-- * Change addr to hostname, because that is the way
-- * new interface takes it.
-- */
-- switch (syncaddr->sa_family) {
-- case AF_INET:
-- if (getnameinfo(syncaddr, sizeof(struct sockaddr_in), hostname,
-- sizeof hostname, NULL, 0, 0) != 0)
-- goto fallback;
-- break;
-- case AF_INET6:
-- if (getnameinfo(syncaddr, sizeof(struct sockaddr_in6), hostname,
-- sizeof hostname, NULL, 0, 0) != 0)
-- goto fallback;
-- break;
-- default:
-- goto fallback;
-- }
-- nauth = authdes_seccreate(servername, window, hostname, ckey);
-- return (nauth);
-- }
--fallback:
-- return authdes_seccreate(servername, window, NULL, ckey);
--}
--
--/*
-- * Create the client des authentication object. Obsoleted by
-- * authdes_pk_seccreate().
-- */
--extern AUTH *authdes_pk_seccreate(const char *, netobj *, u_int, const char *,
-- const des_block *, nis_server *);
--
--AUTH *
--authdes_pk_create(servername, pkey, window, syncaddr, ckey)
-- char *servername; /* network name of server */
-- netobj *pkey; /* public key */
-- u_int window; /* time to live */
-- struct sockaddr *syncaddr; /* optional hostaddr to sync with */
-- des_block *ckey; /* optional conversation key to use */
--{
-- AUTH *nauth;
-- char hostname[NI_MAXHOST];
--
-- if (syncaddr) {
-- /*
-- * Change addr to hostname, because that is the way
-- * new interface takes it.
-- */
-- switch (syncaddr->sa_family) {
-- case AF_INET:
-- if (getnameinfo(syncaddr, sizeof(struct sockaddr_in), hostname,
-- sizeof hostname, NULL, 0, 0) != 0)
-- goto fallback;
-- break;
-- default:
-- goto fallback;
-- }
-- nauth = authdes_pk_seccreate(servername, pkey, window, hostname, ckey, NULL);
-- return (nauth);
-- }
--fallback:
-- return authdes_pk_seccreate(servername, pkey, window, NULL, ckey, NULL);
--}
--
--
--/*
- * Create a client handle for a unix connection. Obsoleted by clnt_vc_create()
- */
- CLIENT *
-Index: libtirpc-1.0.1/src/svc_auth.c
-===================================================================
---- libtirpc-1.0.1.orig/src/svc_auth.c
-+++ libtirpc-1.0.1/src/svc_auth.c
-@@ -114,9 +114,6 @@ _gss_authenticate(rqst, msg, no_dispatch
- case AUTH_SHORT:
- dummy = _svcauth_short(rqst, msg);
- return (dummy);
-- case AUTH_DES:
-- dummy = _svcauth_des(rqst, msg);
-- return (dummy);
- #ifdef HAVE_RPCSEC_GSS
- case RPCSEC_GSS:
- dummy = _svcauth_gss(rqst, msg, no_dispatch);
diff --git a/meta/recipes-extended/libtirpc/libtirpc_1.0.1.bb b/meta/recipes-extended/libtirpc/libtirpc_1.0.1.bb
index b96abc4..662c899 100644
--- a/meta/recipes-extended/libtirpc/libtirpc_1.0.1.bb
+++ b/meta/recipes-extended/libtirpc/libtirpc_1.0.1.bb
@@ -14,12 +14,13 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BP}.tar.bz2;name=libtirpc \
file://libtirpc-1.0.2-rc3.patch \
file://libtirpc-0.2.1-fortify.patch \
file://export_key_secretkey_is_set.patch \
- "
+ file://0001-replace-__bzero-with-memset-API.patch \
+ "
SRC_URI_append_libc-uclibc = " file://remove-des-functionality.patch \
"
-SRC_URI_append_libc-musl = " file://remove-des-functionality.patch \
+SRC_URI_append_libc-musl = " \
file://Use-netbsd-queue.h.patch \
"
--
2.7.4
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [morty][PATCH 05/13] libtirpc: Fix build error due to missing stdint.h> include
2018-03-15 17:29 [morty][PATCH 01/13] unfs3: Fix build with musl Richard Purdie
` (2 preceding siblings ...)
2018-03-15 17:30 ` [morty][PATCH 04/13] libtirpc: Enable des APIs for musl Richard Purdie
@ 2018-03-15 17:30 ` Richard Purdie
2018-03-15 17:30 ` [morty][PATCH 06/13] libtirpc: Fix CVE-2017-8779 Richard Purdie
` (7 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: Richard Purdie @ 2018-03-15 17:30 UTC (permalink / raw)
To: openembedded-core
From: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
.../0001-include-stdint.h-for-uintptr_t.patch | 32 ++++++++++++++++++++++
meta/recipes-extended/libtirpc/libtirpc_1.0.1.bb | 1 +
2 files changed, 33 insertions(+)
create mode 100644 meta/recipes-extended/libtirpc/libtirpc/0001-include-stdint.h-for-uintptr_t.patch
diff --git a/meta/recipes-extended/libtirpc/libtirpc/0001-include-stdint.h-for-uintptr_t.patch b/meta/recipes-extended/libtirpc/libtirpc/0001-include-stdint.h-for-uintptr_t.patch
new file mode 100644
index 0000000..1fe9833
--- /dev/null
+++ b/meta/recipes-extended/libtirpc/libtirpc/0001-include-stdint.h-for-uintptr_t.patch
@@ -0,0 +1,32 @@
+From b80d3b573c1dade2b29b22f8acc3b9e2c7ddefd7 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Sat, 20 May 2017 13:36:43 -0700
+Subject: [PATCH] include stdint.h for uintptr_t
+
+Fixes
+| ../../libtirpc-1.0.1/src/xdr_sizeof.c:93:13: error: 'uintptr_t' undeclared (first use in this function); did you mean '__intptr_t'?
+| if (len < (uintptr_t)xdrs->x_base) {
+| ^~~~~~~~~
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+Upstream-Status: Pending
+
+ src/xdr_sizeof.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/xdr_sizeof.c b/src/xdr_sizeof.c
+index d23fbd1..79d6707 100644
+--- a/src/xdr_sizeof.c
++++ b/src/xdr_sizeof.c
+@@ -39,6 +39,7 @@
+ #include <rpc/xdr.h>
+ #include <sys/types.h>
+ #include <stdlib.h>
++#include <stdint.h>
+ #include "un-namespace.h"
+
+ /* ARGSUSED */
+--
+2.13.0
+
diff --git a/meta/recipes-extended/libtirpc/libtirpc_1.0.1.bb b/meta/recipes-extended/libtirpc/libtirpc_1.0.1.bb
index 662c899..5518fb3 100644
--- a/meta/recipes-extended/libtirpc/libtirpc_1.0.1.bb
+++ b/meta/recipes-extended/libtirpc/libtirpc_1.0.1.bb
@@ -15,6 +15,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BP}.tar.bz2;name=libtirpc \
file://libtirpc-0.2.1-fortify.patch \
file://export_key_secretkey_is_set.patch \
file://0001-replace-__bzero-with-memset-API.patch \
+ file://0001-include-stdint.h-for-uintptr_t.patch \
"
SRC_URI_append_libc-uclibc = " file://remove-des-functionality.patch \
--
2.7.4
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [morty][PATCH 06/13] libtirpc: Fix CVE-2017-8779
2018-03-15 17:29 [morty][PATCH 01/13] unfs3: Fix build with musl Richard Purdie
` (3 preceding siblings ...)
2018-03-15 17:30 ` [morty][PATCH 05/13] libtirpc: Fix build error due to missing stdint.h> include Richard Purdie
@ 2018-03-15 17:30 ` Richard Purdie
2018-03-15 17:30 ` [morty][PATCH 07/13] libtirpc: upgrade to 1.0.2 Richard Purdie
` (6 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: Richard Purdie @ 2018-03-15 17:30 UTC (permalink / raw)
To: openembedded-core; +Cc: Fan Xin
From: Fan Xin <fan.xin@jp.fujitsu.com>
This vulnerability is also called "rpcbomb".
Backport upstream patch to fix this vulnerability.
CVE: CVE-2017-8779
Signed-off-by: Fan Xin<fan.xin@jp.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
.../libtirpc/0001-Fix-for-CVE-2017-8779.patch | 276 +++++++++++++++++++++
meta/recipes-extended/libtirpc/libtirpc_1.0.1.bb | 1 +
2 files changed, 277 insertions(+)
create mode 100644 meta/recipes-extended/libtirpc/libtirpc/0001-Fix-for-CVE-2017-8779.patch
diff --git a/meta/recipes-extended/libtirpc/libtirpc/0001-Fix-for-CVE-2017-8779.patch b/meta/recipes-extended/libtirpc/libtirpc/0001-Fix-for-CVE-2017-8779.patch
new file mode 100644
index 0000000..b3bae67
--- /dev/null
+++ b/meta/recipes-extended/libtirpc/libtirpc/0001-Fix-for-CVE-2017-8779.patch
@@ -0,0 +1,276 @@
+From dd9c7cf4f8f375c6d641b760d124650c418c2ce3 Mon Sep 17 00:00:00 2001
+From: Guido Vranken <guidovranken@gmail.com>
+Date: Mon, 15 May 2017 11:12:21 -0400
+Subject: [PATCH] Fix for CVE-2017-8779
+
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ src/rpc_generic.c | 8 ++++++++
+ src/rpcb_prot.c | 22 ++++++++++++++--------
+ src/rpcb_st_xdr.c | 9 +++++----
+ src/xdr.c | 30 +++++++++++++++++++++++++-----
+ 4 files changed, 52 insertions(+), 17 deletions(-)
+
+CVE: CVE-2017-8779
+Upstream-Status: Backport
+
+Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
+
+diff --git a/src/rpc_generic.c b/src/rpc_generic.c
+index 2f09a8f..589cbd5 100644
+--- a/src/rpc_generic.c
++++ b/src/rpc_generic.c
+@@ -615,6 +615,9 @@ __rpc_taddr2uaddr_af(int af, const struct netbuf *nbuf)
+
+ switch (af) {
+ case AF_INET:
++ if (nbuf->len < sizeof(*sin)) {
++ return NULL;
++ }
+ sin = nbuf->buf;
+ if (inet_ntop(af, &sin->sin_addr, namebuf, sizeof namebuf)
+ == NULL)
+@@ -626,6 +629,9 @@ __rpc_taddr2uaddr_af(int af, const struct netbuf *nbuf)
+ break;
+ #ifdef INET6
+ case AF_INET6:
++ if (nbuf->len < sizeof(*sin6)) {
++ return NULL;
++ }
+ sin6 = nbuf->buf;
+ if (inet_ntop(af, &sin6->sin6_addr, namebuf6, sizeof namebuf6)
+ == NULL)
+@@ -667,6 +673,8 @@ __rpc_uaddr2taddr_af(int af, const char *uaddr)
+
+ port = 0;
+ sin = NULL;
++ if (uaddr == NULL)
++ return NULL;
+ addrstr = strdup(uaddr);
+ if (addrstr == NULL)
+ return NULL;
+diff --git a/src/rpcb_prot.c b/src/rpcb_prot.c
+index 43fd385..a923c8e 100644
+--- a/src/rpcb_prot.c
++++ b/src/rpcb_prot.c
+@@ -41,6 +41,7 @@
+ #include <rpc/types.h>
+ #include <rpc/xdr.h>
+ #include <rpc/rpcb_prot.h>
++#include "rpc_com.h"
+
+ bool_t
+ xdr_rpcb(xdrs, objp)
+@@ -53,13 +54,13 @@ xdr_rpcb(xdrs, objp)
+ if (!xdr_u_int32_t(xdrs, &objp->r_vers)) {
+ return (FALSE);
+ }
+- if (!xdr_string(xdrs, &objp->r_netid, (u_int)~0)) {
++ if (!xdr_string(xdrs, &objp->r_netid, RPC_MAXDATASIZE)) {
+ return (FALSE);
+ }
+- if (!xdr_string(xdrs, &objp->r_addr, (u_int)~0)) {
++ if (!xdr_string(xdrs, &objp->r_addr, RPC_MAXDATASIZE)) {
+ return (FALSE);
+ }
+- if (!xdr_string(xdrs, &objp->r_owner, (u_int)~0)) {
++ if (!xdr_string(xdrs, &objp->r_owner, RPC_MAXDATASIZE)) {
+ return (FALSE);
+ }
+ return (TRUE);
+@@ -159,19 +160,19 @@ xdr_rpcb_entry(xdrs, objp)
+ XDR *xdrs;
+ rpcb_entry *objp;
+ {
+- if (!xdr_string(xdrs, &objp->r_maddr, (u_int)~0)) {
++ if (!xdr_string(xdrs, &objp->r_maddr, RPC_MAXDATASIZE)) {
+ return (FALSE);
+ }
+- if (!xdr_string(xdrs, &objp->r_nc_netid, (u_int)~0)) {
++ if (!xdr_string(xdrs, &objp->r_nc_netid, RPC_MAXDATASIZE)) {
+ return (FALSE);
+ }
+ if (!xdr_u_int32_t(xdrs, &objp->r_nc_semantics)) {
+ return (FALSE);
+ }
+- if (!xdr_string(xdrs, &objp->r_nc_protofmly, (u_int)~0)) {
++ if (!xdr_string(xdrs, &objp->r_nc_protofmly, RPC_MAXDATASIZE)) {
+ return (FALSE);
+ }
+- if (!xdr_string(xdrs, &objp->r_nc_proto, (u_int)~0)) {
++ if (!xdr_string(xdrs, &objp->r_nc_proto, RPC_MAXDATASIZE)) {
+ return (FALSE);
+ }
+ return (TRUE);
+@@ -292,7 +293,7 @@ xdr_rpcb_rmtcallres(xdrs, p)
+ bool_t dummy;
+ struct r_rpcb_rmtcallres *objp = (struct r_rpcb_rmtcallres *)(void *)p;
+
+- if (!xdr_string(xdrs, &objp->addr, (u_int)~0)) {
++ if (!xdr_string(xdrs, &objp->addr, RPC_MAXDATASIZE)) {
+ return (FALSE);
+ }
+ if (!xdr_u_int(xdrs, &objp->results.results_len)) {
+@@ -312,6 +313,11 @@ xdr_netbuf(xdrs, objp)
+ if (!xdr_u_int32_t(xdrs, (u_int32_t *) &objp->maxlen)) {
+ return (FALSE);
+ }
++
++ if (objp->maxlen > RPC_MAXDATASIZE) {
++ return (FALSE);
++ }
++
+ dummy = xdr_bytes(xdrs, (char **)&(objp->buf),
+ (u_int *)&(objp->len), objp->maxlen);
+ return (dummy);
+diff --git a/src/rpcb_st_xdr.c b/src/rpcb_st_xdr.c
+index 08db745..28e6a48 100644
+--- a/src/rpcb_st_xdr.c
++++ b/src/rpcb_st_xdr.c
+@@ -37,6 +37,7 @@
+
+
+ #include <rpc/rpc.h>
++#include "rpc_com.h"
+
+ /* Link list of all the stats about getport and getaddr */
+
+@@ -58,7 +59,7 @@ xdr_rpcbs_addrlist(xdrs, objp)
+ if (!xdr_int(xdrs, &objp->failure)) {
+ return (FALSE);
+ }
+- if (!xdr_string(xdrs, &objp->netid, (u_int)~0)) {
++ if (!xdr_string(xdrs, &objp->netid, RPC_MAXDATASIZE)) {
+ return (FALSE);
+ }
+
+@@ -109,7 +110,7 @@ xdr_rpcbs_rmtcalllist(xdrs, objp)
+ IXDR_PUT_INT32(buf, objp->failure);
+ IXDR_PUT_INT32(buf, objp->indirect);
+ }
+- if (!xdr_string(xdrs, &objp->netid, (u_int)~0)) {
++ if (!xdr_string(xdrs, &objp->netid, RPC_MAXDATASIZE)) {
+ return (FALSE);
+ }
+ if (!xdr_pointer(xdrs, (char **)&objp->next,
+@@ -147,7 +148,7 @@ xdr_rpcbs_rmtcalllist(xdrs, objp)
+ objp->failure = (int)IXDR_GET_INT32(buf);
+ objp->indirect = (int)IXDR_GET_INT32(buf);
+ }
+- if (!xdr_string(xdrs, &objp->netid, (u_int)~0)) {
++ if (!xdr_string(xdrs, &objp->netid, RPC_MAXDATASIZE)) {
+ return (FALSE);
+ }
+ if (!xdr_pointer(xdrs, (char **)&objp->next,
+@@ -175,7 +176,7 @@ xdr_rpcbs_rmtcalllist(xdrs, objp)
+ if (!xdr_int(xdrs, &objp->indirect)) {
+ return (FALSE);
+ }
+- if (!xdr_string(xdrs, &objp->netid, (u_int)~0)) {
++ if (!xdr_string(xdrs, &objp->netid, RPC_MAXDATASIZE)) {
+ return (FALSE);
+ }
+ if (!xdr_pointer(xdrs, (char **)&objp->next,
+diff --git a/src/xdr.c b/src/xdr.c
+index f3fb9ad..b9a1558 100644
+--- a/src/xdr.c
++++ b/src/xdr.c
+@@ -42,8 +42,10 @@
+ #include <stdlib.h>
+ #include <string.h>
+
++#include <rpc/rpc.h>
+ #include <rpc/types.h>
+ #include <rpc/xdr.h>
++#include <rpc/rpc_com.h>
+
+ typedef quad_t longlong_t; /* ANSI long long type */
+ typedef u_quad_t u_longlong_t; /* ANSI unsigned long long type */
+@@ -53,7 +55,6 @@ typedef u_quad_t u_longlong_t; /* ANSI unsigned long long type */
+ */
+ #define XDR_FALSE ((long) 0)
+ #define XDR_TRUE ((long) 1)
+-#define LASTUNSIGNED ((u_int) 0-1)
+
+ /*
+ * for unit alignment
+@@ -629,6 +630,7 @@ xdr_bytes(xdrs, cpp, sizep, maxsize)
+ {
+ char *sp = *cpp; /* sp is the actual string pointer */
+ u_int nodesize;
++ bool_t ret, allocated = FALSE;
+
+ /*
+ * first deal with the length since xdr bytes are counted
+@@ -652,6 +654,7 @@ xdr_bytes(xdrs, cpp, sizep, maxsize)
+ }
+ if (sp == NULL) {
+ *cpp = sp = mem_alloc(nodesize);
++ allocated = TRUE;
+ }
+ if (sp == NULL) {
+ warnx("xdr_bytes: out of memory");
+@@ -660,7 +663,14 @@ xdr_bytes(xdrs, cpp, sizep, maxsize)
+ /* FALLTHROUGH */
+
+ case XDR_ENCODE:
+- return (xdr_opaque(xdrs, sp, nodesize));
++ ret = xdr_opaque(xdrs, sp, nodesize);
++ if ((xdrs->x_op == XDR_DECODE) && (ret == FALSE)) {
++ if (allocated == TRUE) {
++ free(sp);
++ *cpp = NULL;
++ }
++ }
++ return (ret);
+
+ case XDR_FREE:
+ if (sp != NULL) {
+@@ -754,6 +764,7 @@ xdr_string(xdrs, cpp, maxsize)
+ char *sp = *cpp; /* sp is the actual string pointer */
+ u_int size;
+ u_int nodesize;
++ bool_t ret, allocated = FALSE;
+
+ /*
+ * first deal with the length since xdr strings are counted-strings
+@@ -793,8 +804,10 @@ xdr_string(xdrs, cpp, maxsize)
+ switch (xdrs->x_op) {
+
+ case XDR_DECODE:
+- if (sp == NULL)
++ if (sp == NULL) {
+ *cpp = sp = mem_alloc(nodesize);
++ allocated = TRUE;
++ }
+ if (sp == NULL) {
+ warnx("xdr_string: out of memory");
+ return (FALSE);
+@@ -803,7 +816,14 @@ xdr_string(xdrs, cpp, maxsize)
+ /* FALLTHROUGH */
+
+ case XDR_ENCODE:
+- return (xdr_opaque(xdrs, sp, size));
++ ret = xdr_opaque(xdrs, sp, size);
++ if ((xdrs->x_op == XDR_DECODE) && (ret == FALSE)) {
++ if (allocated == TRUE) {
++ free(sp);
++ *cpp = NULL;
++ }
++ }
++ return (ret);
+
+ case XDR_FREE:
+ mem_free(sp, nodesize);
+@@ -823,7 +843,7 @@ xdr_wrapstring(xdrs, cpp)
+ XDR *xdrs;
+ char **cpp;
+ {
+- return xdr_string(xdrs, cpp, LASTUNSIGNED);
++ return xdr_string(xdrs, cpp, RPC_MAXDATASIZE);
+ }
+
+ /*
+--
+1.9.1
+
diff --git a/meta/recipes-extended/libtirpc/libtirpc_1.0.1.bb b/meta/recipes-extended/libtirpc/libtirpc_1.0.1.bb
index 5518fb3..f41d2f3 100644
--- a/meta/recipes-extended/libtirpc/libtirpc_1.0.1.bb
+++ b/meta/recipes-extended/libtirpc/libtirpc_1.0.1.bb
@@ -16,6 +16,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BP}.tar.bz2;name=libtirpc \
file://export_key_secretkey_is_set.patch \
file://0001-replace-__bzero-with-memset-API.patch \
file://0001-include-stdint.h-for-uintptr_t.patch \
+ file://0001-Fix-for-CVE-2017-8779.patch \
"
SRC_URI_append_libc-uclibc = " file://remove-des-functionality.patch \
--
2.7.4
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [morty][PATCH 07/13] libtirpc: upgrade to 1.0.2
2018-03-15 17:29 [morty][PATCH 01/13] unfs3: Fix build with musl Richard Purdie
` (4 preceding siblings ...)
2018-03-15 17:30 ` [morty][PATCH 06/13] libtirpc: Fix CVE-2017-8779 Richard Purdie
@ 2018-03-15 17:30 ` Richard Purdie
2018-03-15 17:30 ` [morty][PATCH 08/13] libtirpc: stop dropping in NIS headers Richard Purdie
` (5 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: Richard Purdie @ 2018-03-15 17:30 UTC (permalink / raw)
To: openembedded-core
From: "Maxin B. John" <maxin.john@intel.com>
1.0.1 -> 1.0.2
Remove these Backported and upstreamed patches:
1. 0001-Fix-for-CVE-2017-8779.patch
2. libtirpc-0.2.1-fortify.patch
3. libtirpc-1.0.2-rc3.patc
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
.../libtirpc/0001-Fix-for-CVE-2017-8779.patch | 276 --------
.../libtirpc/libtirpc/libtirpc-0.2.1-fortify.patch | 26 -
.../libtirpc/libtirpc/libtirpc-1.0.2-rc3.patch | 743 ---------------------
.../{libtirpc_1.0.1.bb => libtirpc_1.0.2.bb} | 7 +-
4 files changed, 2 insertions(+), 1050 deletions(-)
delete mode 100644 meta/recipes-extended/libtirpc/libtirpc/0001-Fix-for-CVE-2017-8779.patch
delete mode 100644 meta/recipes-extended/libtirpc/libtirpc/libtirpc-0.2.1-fortify.patch
delete mode 100644 meta/recipes-extended/libtirpc/libtirpc/libtirpc-1.0.2-rc3.patch
rename meta/recipes-extended/libtirpc/{libtirpc_1.0.1.bb => libtirpc_1.0.2.bb} (82%)
diff --git a/meta/recipes-extended/libtirpc/libtirpc/0001-Fix-for-CVE-2017-8779.patch b/meta/recipes-extended/libtirpc/libtirpc/0001-Fix-for-CVE-2017-8779.patch
deleted file mode 100644
index b3bae67..0000000
--- a/meta/recipes-extended/libtirpc/libtirpc/0001-Fix-for-CVE-2017-8779.patch
+++ /dev/null
@@ -1,276 +0,0 @@
-From dd9c7cf4f8f375c6d641b760d124650c418c2ce3 Mon Sep 17 00:00:00 2001
-From: Guido Vranken <guidovranken@gmail.com>
-Date: Mon, 15 May 2017 11:12:21 -0400
-Subject: [PATCH] Fix for CVE-2017-8779
-
-Signed-off-by: Steve Dickson <steved@redhat.com>
----
- src/rpc_generic.c | 8 ++++++++
- src/rpcb_prot.c | 22 ++++++++++++++--------
- src/rpcb_st_xdr.c | 9 +++++----
- src/xdr.c | 30 +++++++++++++++++++++++++-----
- 4 files changed, 52 insertions(+), 17 deletions(-)
-
-CVE: CVE-2017-8779
-Upstream-Status: Backport
-
-Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
-
-diff --git a/src/rpc_generic.c b/src/rpc_generic.c
-index 2f09a8f..589cbd5 100644
---- a/src/rpc_generic.c
-+++ b/src/rpc_generic.c
-@@ -615,6 +615,9 @@ __rpc_taddr2uaddr_af(int af, const struct netbuf *nbuf)
-
- switch (af) {
- case AF_INET:
-+ if (nbuf->len < sizeof(*sin)) {
-+ return NULL;
-+ }
- sin = nbuf->buf;
- if (inet_ntop(af, &sin->sin_addr, namebuf, sizeof namebuf)
- == NULL)
-@@ -626,6 +629,9 @@ __rpc_taddr2uaddr_af(int af, const struct netbuf *nbuf)
- break;
- #ifdef INET6
- case AF_INET6:
-+ if (nbuf->len < sizeof(*sin6)) {
-+ return NULL;
-+ }
- sin6 = nbuf->buf;
- if (inet_ntop(af, &sin6->sin6_addr, namebuf6, sizeof namebuf6)
- == NULL)
-@@ -667,6 +673,8 @@ __rpc_uaddr2taddr_af(int af, const char *uaddr)
-
- port = 0;
- sin = NULL;
-+ if (uaddr == NULL)
-+ return NULL;
- addrstr = strdup(uaddr);
- if (addrstr == NULL)
- return NULL;
-diff --git a/src/rpcb_prot.c b/src/rpcb_prot.c
-index 43fd385..a923c8e 100644
---- a/src/rpcb_prot.c
-+++ b/src/rpcb_prot.c
-@@ -41,6 +41,7 @@
- #include <rpc/types.h>
- #include <rpc/xdr.h>
- #include <rpc/rpcb_prot.h>
-+#include "rpc_com.h"
-
- bool_t
- xdr_rpcb(xdrs, objp)
-@@ -53,13 +54,13 @@ xdr_rpcb(xdrs, objp)
- if (!xdr_u_int32_t(xdrs, &objp->r_vers)) {
- return (FALSE);
- }
-- if (!xdr_string(xdrs, &objp->r_netid, (u_int)~0)) {
-+ if (!xdr_string(xdrs, &objp->r_netid, RPC_MAXDATASIZE)) {
- return (FALSE);
- }
-- if (!xdr_string(xdrs, &objp->r_addr, (u_int)~0)) {
-+ if (!xdr_string(xdrs, &objp->r_addr, RPC_MAXDATASIZE)) {
- return (FALSE);
- }
-- if (!xdr_string(xdrs, &objp->r_owner, (u_int)~0)) {
-+ if (!xdr_string(xdrs, &objp->r_owner, RPC_MAXDATASIZE)) {
- return (FALSE);
- }
- return (TRUE);
-@@ -159,19 +160,19 @@ xdr_rpcb_entry(xdrs, objp)
- XDR *xdrs;
- rpcb_entry *objp;
- {
-- if (!xdr_string(xdrs, &objp->r_maddr, (u_int)~0)) {
-+ if (!xdr_string(xdrs, &objp->r_maddr, RPC_MAXDATASIZE)) {
- return (FALSE);
- }
-- if (!xdr_string(xdrs, &objp->r_nc_netid, (u_int)~0)) {
-+ if (!xdr_string(xdrs, &objp->r_nc_netid, RPC_MAXDATASIZE)) {
- return (FALSE);
- }
- if (!xdr_u_int32_t(xdrs, &objp->r_nc_semantics)) {
- return (FALSE);
- }
-- if (!xdr_string(xdrs, &objp->r_nc_protofmly, (u_int)~0)) {
-+ if (!xdr_string(xdrs, &objp->r_nc_protofmly, RPC_MAXDATASIZE)) {
- return (FALSE);
- }
-- if (!xdr_string(xdrs, &objp->r_nc_proto, (u_int)~0)) {
-+ if (!xdr_string(xdrs, &objp->r_nc_proto, RPC_MAXDATASIZE)) {
- return (FALSE);
- }
- return (TRUE);
-@@ -292,7 +293,7 @@ xdr_rpcb_rmtcallres(xdrs, p)
- bool_t dummy;
- struct r_rpcb_rmtcallres *objp = (struct r_rpcb_rmtcallres *)(void *)p;
-
-- if (!xdr_string(xdrs, &objp->addr, (u_int)~0)) {
-+ if (!xdr_string(xdrs, &objp->addr, RPC_MAXDATASIZE)) {
- return (FALSE);
- }
- if (!xdr_u_int(xdrs, &objp->results.results_len)) {
-@@ -312,6 +313,11 @@ xdr_netbuf(xdrs, objp)
- if (!xdr_u_int32_t(xdrs, (u_int32_t *) &objp->maxlen)) {
- return (FALSE);
- }
-+
-+ if (objp->maxlen > RPC_MAXDATASIZE) {
-+ return (FALSE);
-+ }
-+
- dummy = xdr_bytes(xdrs, (char **)&(objp->buf),
- (u_int *)&(objp->len), objp->maxlen);
- return (dummy);
-diff --git a/src/rpcb_st_xdr.c b/src/rpcb_st_xdr.c
-index 08db745..28e6a48 100644
---- a/src/rpcb_st_xdr.c
-+++ b/src/rpcb_st_xdr.c
-@@ -37,6 +37,7 @@
-
-
- #include <rpc/rpc.h>
-+#include "rpc_com.h"
-
- /* Link list of all the stats about getport and getaddr */
-
-@@ -58,7 +59,7 @@ xdr_rpcbs_addrlist(xdrs, objp)
- if (!xdr_int(xdrs, &objp->failure)) {
- return (FALSE);
- }
-- if (!xdr_string(xdrs, &objp->netid, (u_int)~0)) {
-+ if (!xdr_string(xdrs, &objp->netid, RPC_MAXDATASIZE)) {
- return (FALSE);
- }
-
-@@ -109,7 +110,7 @@ xdr_rpcbs_rmtcalllist(xdrs, objp)
- IXDR_PUT_INT32(buf, objp->failure);
- IXDR_PUT_INT32(buf, objp->indirect);
- }
-- if (!xdr_string(xdrs, &objp->netid, (u_int)~0)) {
-+ if (!xdr_string(xdrs, &objp->netid, RPC_MAXDATASIZE)) {
- return (FALSE);
- }
- if (!xdr_pointer(xdrs, (char **)&objp->next,
-@@ -147,7 +148,7 @@ xdr_rpcbs_rmtcalllist(xdrs, objp)
- objp->failure = (int)IXDR_GET_INT32(buf);
- objp->indirect = (int)IXDR_GET_INT32(buf);
- }
-- if (!xdr_string(xdrs, &objp->netid, (u_int)~0)) {
-+ if (!xdr_string(xdrs, &objp->netid, RPC_MAXDATASIZE)) {
- return (FALSE);
- }
- if (!xdr_pointer(xdrs, (char **)&objp->next,
-@@ -175,7 +176,7 @@ xdr_rpcbs_rmtcalllist(xdrs, objp)
- if (!xdr_int(xdrs, &objp->indirect)) {
- return (FALSE);
- }
-- if (!xdr_string(xdrs, &objp->netid, (u_int)~0)) {
-+ if (!xdr_string(xdrs, &objp->netid, RPC_MAXDATASIZE)) {
- return (FALSE);
- }
- if (!xdr_pointer(xdrs, (char **)&objp->next,
-diff --git a/src/xdr.c b/src/xdr.c
-index f3fb9ad..b9a1558 100644
---- a/src/xdr.c
-+++ b/src/xdr.c
-@@ -42,8 +42,10 @@
- #include <stdlib.h>
- #include <string.h>
-
-+#include <rpc/rpc.h>
- #include <rpc/types.h>
- #include <rpc/xdr.h>
-+#include <rpc/rpc_com.h>
-
- typedef quad_t longlong_t; /* ANSI long long type */
- typedef u_quad_t u_longlong_t; /* ANSI unsigned long long type */
-@@ -53,7 +55,6 @@ typedef u_quad_t u_longlong_t; /* ANSI unsigned long long type */
- */
- #define XDR_FALSE ((long) 0)
- #define XDR_TRUE ((long) 1)
--#define LASTUNSIGNED ((u_int) 0-1)
-
- /*
- * for unit alignment
-@@ -629,6 +630,7 @@ xdr_bytes(xdrs, cpp, sizep, maxsize)
- {
- char *sp = *cpp; /* sp is the actual string pointer */
- u_int nodesize;
-+ bool_t ret, allocated = FALSE;
-
- /*
- * first deal with the length since xdr bytes are counted
-@@ -652,6 +654,7 @@ xdr_bytes(xdrs, cpp, sizep, maxsize)
- }
- if (sp == NULL) {
- *cpp = sp = mem_alloc(nodesize);
-+ allocated = TRUE;
- }
- if (sp == NULL) {
- warnx("xdr_bytes: out of memory");
-@@ -660,7 +663,14 @@ xdr_bytes(xdrs, cpp, sizep, maxsize)
- /* FALLTHROUGH */
-
- case XDR_ENCODE:
-- return (xdr_opaque(xdrs, sp, nodesize));
-+ ret = xdr_opaque(xdrs, sp, nodesize);
-+ if ((xdrs->x_op == XDR_DECODE) && (ret == FALSE)) {
-+ if (allocated == TRUE) {
-+ free(sp);
-+ *cpp = NULL;
-+ }
-+ }
-+ return (ret);
-
- case XDR_FREE:
- if (sp != NULL) {
-@@ -754,6 +764,7 @@ xdr_string(xdrs, cpp, maxsize)
- char *sp = *cpp; /* sp is the actual string pointer */
- u_int size;
- u_int nodesize;
-+ bool_t ret, allocated = FALSE;
-
- /*
- * first deal with the length since xdr strings are counted-strings
-@@ -793,8 +804,10 @@ xdr_string(xdrs, cpp, maxsize)
- switch (xdrs->x_op) {
-
- case XDR_DECODE:
-- if (sp == NULL)
-+ if (sp == NULL) {
- *cpp = sp = mem_alloc(nodesize);
-+ allocated = TRUE;
-+ }
- if (sp == NULL) {
- warnx("xdr_string: out of memory");
- return (FALSE);
-@@ -803,7 +816,14 @@ xdr_string(xdrs, cpp, maxsize)
- /* FALLTHROUGH */
-
- case XDR_ENCODE:
-- return (xdr_opaque(xdrs, sp, size));
-+ ret = xdr_opaque(xdrs, sp, size);
-+ if ((xdrs->x_op == XDR_DECODE) && (ret == FALSE)) {
-+ if (allocated == TRUE) {
-+ free(sp);
-+ *cpp = NULL;
-+ }
-+ }
-+ return (ret);
-
- case XDR_FREE:
- mem_free(sp, nodesize);
-@@ -823,7 +843,7 @@ xdr_wrapstring(xdrs, cpp)
- XDR *xdrs;
- char **cpp;
- {
-- return xdr_string(xdrs, cpp, LASTUNSIGNED);
-+ return xdr_string(xdrs, cpp, RPC_MAXDATASIZE);
- }
-
- /*
---
-1.9.1
-
diff --git a/meta/recipes-extended/libtirpc/libtirpc/libtirpc-0.2.1-fortify.patch b/meta/recipes-extended/libtirpc/libtirpc/libtirpc-0.2.1-fortify.patch
deleted file mode 100644
index 4a785d3..0000000
--- a/meta/recipes-extended/libtirpc/libtirpc/libtirpc-0.2.1-fortify.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-Fix a possible overflow (reported by _FORTIFY_SOURCE=2)
-
-Ported from Gentoo
-
-Upstream-Status: Pending
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-
-Index: libtirpc-0.2.1/src/getrpcport.c
-===================================================================
---- libtirpc-0.2.1.orig/src/getrpcport.c
-+++ libtirpc-0.2.1/src/getrpcport.c
-@@ -54,11 +54,11 @@ getrpcport(host, prognum, versnum, proto
-
- if ((hp = gethostbyname(host)) == NULL)
- return (0);
-+ if (hp->h_length != sizeof(addr.sin_addr.s_addr))
-+ return (0);
- memset(&addr, 0, sizeof(addr));
- addr.sin_family = AF_INET;
- addr.sin_port = 0;
-- if (hp->h_length > sizeof(addr))
-- hp->h_length = sizeof(addr);
- memcpy(&addr.sin_addr.s_addr, hp->h_addr, (size_t)hp->h_length);
- /* Inconsistent interfaces need casts! :-( */
- return (pmap_getport(&addr, (u_long)prognum, (u_long)versnum,
diff --git a/meta/recipes-extended/libtirpc/libtirpc/libtirpc-1.0.2-rc3.patch b/meta/recipes-extended/libtirpc/libtirpc/libtirpc-1.0.2-rc3.patch
deleted file mode 100644
index 113dabe..0000000
--- a/meta/recipes-extended/libtirpc/libtirpc/libtirpc-1.0.2-rc3.patch
+++ /dev/null
@@ -1,743 +0,0 @@
-Backport the 1.0.2 RC3 changes, this fixes issues with gcc7
-
-Upstream-Status: Backport
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-
-diff --git a/src/Makefile.am b/src/Makefile.am
-index e4ed8aa..fba2aa4 100644
---- a/src/Makefile.am
-+++ b/src/Makefile.am
-@@ -24,7 +24,7 @@ libtirpc_la_SOURCES = auth_none.c auth_unix.c authunix_prot.c bindresvport.c cln
- rpcb_st_xdr.c svc.c svc_auth.c svc_dg.c svc_auth_unix.c svc_auth_none.c \
- svc_auth_des.c \
- svc_generic.c svc_raw.c svc_run.c svc_simple.c svc_vc.c getpeereid.c \
-- auth_time.c auth_des.c authdes_prot.c debug.c
-+ auth_time.c auth_des.c authdes_prot.c debug.c des_crypt.c des_impl.c
-
- ## XDR
- libtirpc_la_SOURCES += xdr.c xdr_rec.c xdr_array.c xdr_float.c xdr_mem.c xdr_reference.c xdr_stdio.c xdr_sizeof.c
-diff --git a/src/auth_des.c b/src/auth_des.c
-index 4d3639e..af2f61f 100644
---- a/src/auth_des.c
-+++ b/src/auth_des.c
-@@ -46,8 +46,8 @@
- #include <rpc/clnt.h>
- #include <rpc/xdr.h>
- #include <sys/socket.h>
--#undef NIS
--#include <rpcsvc/nis.h>
-+
-+#include "nis.h"
-
- #if defined(LIBC_SCCS) && !defined(lint)
- #endif
-diff --git a/src/auth_gss.c b/src/auth_gss.c
-index 9b88c38..5959893 100644
---- a/src/auth_gss.c
-+++ b/src/auth_gss.c
-@@ -526,6 +526,14 @@ _rpc_gss_refresh(AUTH *auth, rpc_gss_options_ret_t *options_ret)
- gr.gr_major != GSS_S_CONTINUE_NEEDED)) {
- options_ret->major_status = gr.gr_major;
- options_ret->minor_status = gr.gr_minor;
-+ if (call_stat != RPC_SUCCESS) {
-+ struct rpc_err err;
-+ clnt_geterr(gd->clnt, &err);
-+ LIBTIRPC_DEBUG(1, ("authgss_refresh: %s errno: %s",
-+ clnt_sperrno(call_stat), strerror(err.re_errno)));
-+ } else
-+ gss_log_status("authgss_refresh:",
-+ gr.gr_major, gr.gr_minor);
- return FALSE;
- }
-
-diff --git a/src/auth_time.c b/src/auth_time.c
-index 10e58eb..7f83ab4 100644
---- a/src/auth_time.c
-+++ b/src/auth_time.c
-@@ -44,8 +44,8 @@
- #include <rpc/rpcb_prot.h>
- //#include <clnt_soc.h>
- #include <sys/select.h>
--#undef NIS
--#include <rpcsvc/nis.h>
-+
-+#include "nis.h"
-
-
- #ifdef TESTING
-diff --git a/src/des_impl.c b/src/des_impl.c
-index c5b7ed6..9dbccaf 100644
---- a/src/des_impl.c
-+++ b/src/des_impl.c
-@@ -6,7 +6,8 @@
- /* see <http://www.gnu.org/licenses/> to obtain a copy. */
- #include <string.h>
- #include <stdint.h>
--#include <rpc/rpc_des.h>
-+#include <sys/types.h>
-+#include <rpc/des.h>
-
-
- static const uint32_t des_SPtrans[8][64] =
-diff --git a/src/getpublickey.c b/src/getpublickey.c
-index 764a5f9..8cf4dc2 100644
---- a/src/getpublickey.c
-+++ b/src/getpublickey.c
-@@ -38,8 +38,10 @@
- #include <pwd.h>
- #include <rpc/rpc.h>
- #include <rpc/key_prot.h>
-+#ifdef YP
- #include <rpcsvc/yp_prot.h>
- #include <rpcsvc/ypclnt.h>
-+#endif
- #include <string.h>
- #include <stdlib.h>
-
-diff --git a/src/nis.h b/src/nis.h
-new file mode 100644
-index 0000000..588c041
---- /dev/null
-+++ b/src/nis.h
-@@ -0,0 +1,70 @@
-+/*
-+ * Copyright (c) 2010, Oracle America, Inc.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions are
-+ * met:
-+ *
-+ * * Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ * * Redistributions in binary form must reproduce the above
-+ * copyright notice, this list of conditions and the following
-+ * disclaimer in the documentation and/or other materials
-+ * provided with the distribution.
-+ * * Neither the name of the "Oracle America, Inc." nor the names of its
-+ * contributors may be used to endorse or promote products derived
-+ * from this software without specific prior written permission.
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
-+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
-+ * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-+ */
-+
-+#ifndef _INTERNAL_NIS_H
-+#define _INTERNAL_NIS_H 1
-+
-+/* This file only contains the definition of nis_server, to be
-+ able to compile libtirpc without the need to have a glibc
-+ with sunrpc or a libnsl already installed. */
-+
-+#define NIS_PK_NONE 0
-+
-+struct nis_attr {
-+ char *zattr_ndx;
-+ struct {
-+ u_int zattr_val_len;
-+ char *zattr_val_val;
-+ } zattr_val;
-+};
-+typedef struct nis_attr nis_attr;
-+
-+typedef char *nis_name;
-+
-+struct endpoint {
-+ char *uaddr;
-+ char *family;
-+ char *proto;
-+};
-+typedef struct endpoint endpoint;
-+
-+struct nis_server {
-+ nis_name name;
-+ struct {
-+ u_int ep_len;
-+ endpoint *ep_val;
-+ } ep;
-+ uint32_t key_type;
-+ netobj pkey;
-+};
-+typedef struct nis_server nis_server;
-+
-+#endif /* ! _INTERNAL_NIS_H */
-diff --git a/src/rpc_dtablesize.c b/src/rpc_dtablesize.c
-index 13d320c..3fe503a 100644
---- a/src/rpc_dtablesize.c
-+++ b/src/rpc_dtablesize.c
-@@ -27,22 +27,14 @@
- */
-
- #include <unistd.h>
--
- #include <sys/select.h>
--
--int _rpc_dtablesize(void); /* XXX */
-+#include <rpc/clnt.h>
-+#include <rpc/rpc_com.h>
-
- /*
- * Cache the result of getdtablesize(), so we don't have to do an
- * expensive system call every time.
- */
--/*
-- * XXX In FreeBSD 2.x, you can have the maximum number of open file
-- * descriptors be greater than FD_SETSIZE (which us 256 by default).
-- *
-- * Since old programs tend to use this call to determine the first arg
-- * for _select(), having this return > FD_SETSIZE is a Bad Idea(TM)!
-- */
- int
- _rpc_dtablesize(void)
- {
-diff --git a/src/rpc_soc.c b/src/rpc_soc.c
-index 1ec7b3f..ed0892a 100644
---- a/src/rpc_soc.c
-+++ b/src/rpc_soc.c
-@@ -61,8 +61,8 @@
- #include <string.h>
- #include <unistd.h>
- #include <fcntl.h>
--#include <rpcsvc/nis.h>
-
-+#include "nis.h"
- #include "rpc_com.h"
-
- extern mutex_t rpcsoc_lock;
-diff --git a/src/rtime.c b/src/rtime.c
-index c34e0af..b642840 100644
---- a/src/rtime.c
-+++ b/src/rtime.c
-@@ -46,6 +46,7 @@
- #include <unistd.h>
- #include <errno.h>
- #include <sys/types.h>
-+#include <sys/poll.h>
- #include <sys/socket.h>
- #include <sys/time.h>
- #include <netinet/in.h>
-@@ -67,7 +68,8 @@ rtime(addrp, timep, timeout)
- struct timeval *timeout;
- {
- int s;
-- fd_set readfds;
-+ struct pollfd fd;
-+ int milliseconds;
- int res;
- unsigned long thetime;
- struct sockaddr_in from;
-@@ -94,31 +96,32 @@ rtime(addrp, timep, timeout)
- addrp->sin_port = serv->s_port;
-
- if (type == SOCK_DGRAM) {
-- res = sendto(s, (char *)&thetime, sizeof(thetime), 0,
-+ res = sendto(s, (char *)&thetime, sizeof(thetime), 0,
- (struct sockaddr *)addrp, sizeof(*addrp));
- if (res < 0) {
- do_close(s);
-- return(-1);
-+ return(-1);
- }
-- do {
-- FD_ZERO(&readfds);
-- FD_SET(s, &readfds);
-- res = select(_rpc_dtablesize(), &readfds,
-- (fd_set *)NULL, (fd_set *)NULL, timeout);
-- } while (res < 0 && errno == EINTR);
-+
-+ milliseconds = (timeout->tv_sec * 1000) + (timeout->tv_usec / 1000);
-+ fd.fd = s;
-+ fd.events = POLLIN;
-+ do
-+ res = poll (&fd, 1, milliseconds);
-+ while (res < 0 && errno == EINTR);
- if (res <= 0) {
- if (res == 0) {
- errno = ETIMEDOUT;
- }
- do_close(s);
-- return(-1);
-+ return(-1);
- }
- fromlen = sizeof(from);
-- res = recvfrom(s, (char *)&thetime, sizeof(thetime), 0,
-+ res = recvfrom(s, (char *)&thetime, sizeof(thetime), 0,
- (struct sockaddr *)&from, &fromlen);
- do_close(s);
- if (res < 0) {
-- return(-1);
-+ return(-1);
- }
- } else {
- if (connect(s, (struct sockaddr *)addrp, sizeof(*addrp)) < 0) {
-diff --git a/src/svc.c b/src/svc.c
-index 9c41445..b59467b 100644
---- a/src/svc.c
-+++ b/src/svc.c
-@@ -99,7 +99,7 @@ xprt_register (xprt)
- {
- __svc_xports = (SVCXPRT **) calloc (_rpc_dtablesize(), sizeof (SVCXPRT *));
- if (__svc_xports == NULL)
-- return;
-+ goto unlock;
- }
- if (sock < _rpc_dtablesize())
- {
-@@ -120,14 +120,14 @@ xprt_register (xprt)
- svc_pollfd[i].fd = sock;
- svc_pollfd[i].events = (POLLIN | POLLPRI |
- POLLRDNORM | POLLRDBAND);
-- return;
-+ goto unlock;
- }
-
- new_svc_pollfd = (struct pollfd *) realloc (svc_pollfd,
- sizeof (struct pollfd)
- * (svc_max_pollfd + 1));
- if (new_svc_pollfd == NULL) /* Out of memory */
-- return;
-+ goto unlock;
- svc_pollfd = new_svc_pollfd;
- ++svc_max_pollfd;
-
-@@ -135,6 +135,7 @@ xprt_register (xprt)
- svc_pollfd[svc_max_pollfd - 1].events = (POLLIN | POLLPRI |
- POLLRDNORM | POLLRDBAND);
- }
-+unlock:
- rwlock_unlock (&svc_fd_lock);
- }
-
-diff --git a/src/svc_auth_des.c b/src/svc_auth_des.c
-index 5bc264c..2e90146 100644
---- a/src/svc_auth_des.c
-+++ b/src/svc_auth_des.c
-@@ -86,13 +86,13 @@ static struct cache_entry *authdes_cache/* [AUTHDES_CACHESZ] */;
- static short *authdes_lru/* [AUTHDES_CACHESZ] */;
-
- static void cache_init(); /* initialize the cache */
--static short cache_spot(); /* find an entry in the cache */
--static void cache_ref(/*short sid*/); /* note that sid was ref'd */
-+static short cache_spot(des_block *key, char *name, struct timeval *timestamp); /* find an entry in the cache */
-+static void cache_ref(short sid); /* note that sid was ref'd */
-
--static void invalidate(); /* invalidate entry in cache */
-+static void invalidate(char *cred); /* invalidate entry in cache */
-
- /*
-- * cache statistics
-+ * cache statistics
- */
- static struct {
- u_long ncachehits; /* times cache hit, and is not replay */
-diff --git a/src/svc_auth_gss.c b/src/svc_auth_gss.c
-index b6aa407..bece46a 100644
---- a/src/svc_auth_gss.c
-+++ b/src/svc_auth_gss.c
-@@ -129,6 +129,8 @@ struct svc_rpc_gss_data {
- ((struct svc_rpc_gss_data *)(auth)->svc_ah_private)
-
- /* Global server credentials. */
-+static u_int _svcauth_req_time = 0;
-+static gss_OID_set_desc _svcauth_oid_set = {1, GSS_C_NULL_OID };
- static gss_cred_id_t _svcauth_gss_creds;
- static gss_name_t _svcauth_gss_name = GSS_C_NO_NAME;
- static char * _svcauth_svc_name = NULL;
-@@ -167,6 +169,7 @@ svcauth_gss_import_name(char *service)
- gss_name_t name;
- gss_buffer_desc namebuf;
- OM_uint32 maj_stat, min_stat;
-+ bool_t result;
-
- gss_log_debug("in svcauth_gss_import_name()");
-
-@@ -181,22 +184,21 @@ svcauth_gss_import_name(char *service)
- maj_stat, min_stat);
- return (FALSE);
- }
-- if (svcauth_gss_set_svc_name(name) != TRUE) {
-- gss_release_name(&min_stat, &name);
-- return (FALSE);
-- }
-- return (TRUE);
-+ result = svcauth_gss_set_svc_name(name);
-+ gss_release_name(&min_stat, &name);
-+ return result;
- }
-
- static bool_t
--svcauth_gss_acquire_cred(u_int req_time, gss_OID_set_desc *oid_set)
-+svcauth_gss_acquire_cred(void)
- {
- OM_uint32 maj_stat, min_stat;
-
- gss_log_debug("in svcauth_gss_acquire_cred()");
-
-- maj_stat = gss_acquire_cred(&min_stat, _svcauth_gss_name, req_time,
-- oid_set, GSS_C_ACCEPT,
-+ maj_stat = gss_acquire_cred(&min_stat, _svcauth_gss_name,
-+ _svcauth_req_time, &_svcauth_oid_set,
-+ GSS_C_ACCEPT,
- &_svcauth_gss_creds, NULL, NULL);
-
- if (maj_stat != GSS_S_COMPLETE) {
-@@ -300,6 +302,8 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst,
- NULL,
- &gd->deleg);
-
-+ xdr_free((xdrproc_t)xdr_rpc_gss_init_args, (caddr_t)&recv_tok);
-+
- if (gr->gr_major != GSS_S_COMPLETE &&
- gr->gr_major != GSS_S_CONTINUE_NEEDED) {
- gss_log_status("svcauth_gss_accept_sec_context: accept_sec_context",
-@@ -352,8 +356,11 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst,
- return (FALSE);
-
- rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS;
-- rqst->rq_xprt->xp_verf.oa_base = checksum.value;
-+ memcpy(rqst->rq_xprt->xp_verf.oa_base, checksum.value,
-+ checksum.length);
- rqst->rq_xprt->xp_verf.oa_length = checksum.length;
-+
-+ gss_release_buffer(&min_stat, &checksum);
- }
- return (TRUE);
- }
-@@ -435,10 +442,13 @@ svcauth_gss_nextverf(struct svc_req *rqst, u_int num)
- maj_stat, min_stat);
- return (FALSE);
- }
-+
- rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS;
-- rqst->rq_xprt->xp_verf.oa_base = (caddr_t)checksum.value;
-+ memcpy(rqst->rq_xprt->xp_verf.oa_base, checksum.value, checksum.length);
- rqst->rq_xprt->xp_verf.oa_length = (u_int)checksum.length;
-
-+ gss_release_buffer(&min_stat, &checksum);
-+
- return (TRUE);
- }
-
-@@ -568,6 +578,8 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
- gss_qop_t qop;
- struct svcauth_gss_cache_entry **ce;
- time_t now;
-+ enum auth_stat result = AUTH_OK;
-+ OM_uint32 min_stat;
-
- gss_log_debug("in svcauth_gss()");
-
-@@ -621,19 +633,25 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
- XDR_DESTROY(&xdrs);
-
- /* Check version. */
-- if (gc->gc_v != RPCSEC_GSS_VERSION)
-- return (AUTH_BADCRED);
-+ if (gc->gc_v != RPCSEC_GSS_VERSION) {
-+ result = AUTH_BADCRED;
-+ goto out;
-+ }
-
- /* Check RPCSEC_GSS service. */
- if (gc->gc_svc != RPCSEC_GSS_SVC_NONE &&
- gc->gc_svc != RPCSEC_GSS_SVC_INTEGRITY &&
-- gc->gc_svc != RPCSEC_GSS_SVC_PRIVACY)
-- return (AUTH_BADCRED);
-+ gc->gc_svc != RPCSEC_GSS_SVC_PRIVACY) {
-+ result = AUTH_BADCRED;
-+ goto out;
-+ }
-
- /* Check sequence number. */
- if (gd->established) {
-- if (gc->gc_seq > MAXSEQ)
-- return (RPCSEC_GSS_CTXPROBLEM);
-+ if (gc->gc_seq > MAXSEQ) {
-+ result = RPCSEC_GSS_CTXPROBLEM;
-+ goto out;
-+ }
-
- if ((offset = gd->seqlast - gc->gc_seq) < 0) {
- gd->seqlast = gc->gc_seq;
-@@ -643,7 +661,8 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
- }
- else if (offset >= gd->win || (gd->seqmask & (1 << offset))) {
- *no_dispatch = 1;
-- return (RPCSEC_GSS_CTXPROBLEM);
-+ result = RPCSEC_GSS_CTXPROBLEM;
-+ goto out;
- }
- gd->seq = gc->gc_seq;
- gd->seqmask |= (1 << offset);
-@@ -654,35 +673,52 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
- rqst->rq_svcname = (char *)gd->ctx;
- }
-
-+ rqst->rq_xprt->xp_verf.oa_base = msg->rm_call.cb_verf.oa_base;
-+
- /* Handle RPCSEC_GSS control procedure. */
- switch (gc->gc_proc) {
-
- case RPCSEC_GSS_INIT:
- case RPCSEC_GSS_CONTINUE_INIT:
-- if (rqst->rq_proc != NULLPROC)
-- return (AUTH_FAILED); /* XXX ? */
-+ if (rqst->rq_proc != NULLPROC) {
-+ result = AUTH_FAILED; /* XXX ? */
-+ break;
-+ }
-
- if (_svcauth_gss_name == GSS_C_NO_NAME) {
-- if (!svcauth_gss_import_name("nfs"))
-- return (AUTH_FAILED);
-+ if (!svcauth_gss_import_name("nfs")) {
-+ result = AUTH_FAILED;
-+ break;
-+ }
- }
-
-- if (!svcauth_gss_acquire_cred(0, GSS_C_NULL_OID_SET))
-- return (AUTH_FAILED);
-+ if (!svcauth_gss_acquire_cred()) {
-+ result = AUTH_FAILED;
-+ break;
-+ }
-
-- if (!svcauth_gss_accept_sec_context(rqst, &gr))
-- return (AUTH_REJECTEDCRED);
-+ if (!svcauth_gss_accept_sec_context(rqst, &gr)) {
-+ result = AUTH_REJECTEDCRED;
-+ break;
-+ }
-
-- if (!svcauth_gss_nextverf(rqst, htonl(gr.gr_win)))
-- return (AUTH_FAILED);
-+ if (!svcauth_gss_nextverf(rqst, htonl(gr.gr_win))) {
-+ result = AUTH_FAILED;
-+ break;
-+ }
-
- *no_dispatch = TRUE;
-
- call_stat = svc_sendreply(rqst->rq_xprt,
- (xdrproc_t)xdr_rpc_gss_init_res, (caddr_t)&gr);
-
-- if (!call_stat)
-- return (AUTH_FAILED);
-+ gss_release_buffer(&min_stat, &gr.gr_token);
-+ free(gr.gr_ctx.value);
-+
-+ if (!call_stat) {
-+ result = AUTH_FAILED;
-+ break;
-+ }
-
- if (gr.gr_major == GSS_S_COMPLETE)
- gd->established = TRUE;
-@@ -690,27 +726,37 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
- break;
-
- case RPCSEC_GSS_DATA:
-- if (!svcauth_gss_validate(gd, msg, &qop))
-- return (RPCSEC_GSS_CREDPROBLEM);
-+ if (!svcauth_gss_validate(gd, msg, &qop)) {
-+ result = RPCSEC_GSS_CREDPROBLEM;
-+ break;
-+ }
-
-- if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq)))
-- return (AUTH_FAILED);
-+ if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) {
-+ result = AUTH_FAILED;
-+ break;
-+ }
-
- if (!gd->callback_done) {
- gd->callback_done = TRUE;
- gd->sec.qop = qop;
- (void)rpc_gss_num_to_qop(gd->rcred.mechanism,
- gd->sec.qop, &gd->rcred.qop);
-- if (!svcauth_gss_callback(rqst, gd))
-- return (AUTH_REJECTEDCRED);
-+ if (!svcauth_gss_callback(rqst, gd)) {
-+ result = AUTH_REJECTEDCRED;
-+ break;
-+ }
- }
-
- if (gd->locked) {
- if (gd->rcred.service !=
-- _rpc_gss_svc_to_service(gc->gc_svc))
-- return (AUTH_FAILED);
-- if (gd->sec.qop != qop)
-- return (AUTH_BADVERF);
-+ _rpc_gss_svc_to_service(gc->gc_svc)) {
-+ result = AUTH_FAILED;
-+ break;
-+ }
-+ if (gd->sec.qop != qop) {
-+ result = AUTH_BADVERF;
-+ break;
-+ }
- }
-
- if (gd->sec.qop != qop) {
-@@ -724,17 +770,25 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
- break;
-
- case RPCSEC_GSS_DESTROY:
-- if (rqst->rq_proc != NULLPROC)
-- return (AUTH_FAILED); /* XXX ? */
-+ if (rqst->rq_proc != NULLPROC) {
-+ result = AUTH_FAILED; /* XXX ? */
-+ break;
-+ }
-
-- if (!svcauth_gss_validate(gd, msg, &qop))
-- return (RPCSEC_GSS_CREDPROBLEM);
-+ if (!svcauth_gss_validate(gd, msg, &qop)) {
-+ result = RPCSEC_GSS_CREDPROBLEM;
-+ break;
-+ }
-
-- if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq)))
-- return (AUTH_FAILED);
-+ if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) {
-+ result = AUTH_FAILED;
-+ break;
-+ }
-
-- if (!svcauth_gss_release_cred())
-- return (AUTH_FAILED);
-+ if (!svcauth_gss_release_cred()) {
-+ result = AUTH_FAILED;
-+ break;
-+ }
-
- SVCAUTH_DESTROY(&SVC_XP_AUTH(rqst->rq_xprt));
- SVC_XP_AUTH(rqst->rq_xprt).svc_ah_ops = svc_auth_none.svc_ah_ops;
-@@ -743,10 +797,12 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
- break;
-
- default:
-- return (AUTH_REJECTEDCRED);
-+ result = AUTH_REJECTEDCRED;
- break;
- }
-- return (AUTH_OK);
-+out:
-+ xdr_free((xdrproc_t)xdr_rpc_gss_cred, (caddr_t)gc);
-+ return result;
- }
-
- static bool_t
-@@ -890,7 +946,6 @@ bool_t
- rpc_gss_set_svc_name(char *principal, char *mechanism, u_int req_time,
- u_int UNUSED(program), u_int UNUSED(version))
- {
-- gss_OID_set_desc oid_set;
- rpc_gss_OID oid;
- char *save;
-
-@@ -902,14 +957,13 @@ rpc_gss_set_svc_name(char *principal, char *mechanism, u_int req_time,
-
- if (!rpc_gss_mech_to_oid(mechanism, &oid))
- goto out_err;
-- oid_set.count = 1;
-- oid_set.elements = (gss_OID)oid;
-
- if (!svcauth_gss_import_name(principal))
- goto out_err;
-- if (!svcauth_gss_acquire_cred(req_time, &oid_set))
-- goto out_err;
-
-+ _svcauth_req_time = req_time;
-+ _svcauth_oid_set.count = 1;
-+ _svcauth_oid_set.elements = (gss_OID)oid;
- free(_svcauth_svc_name);
- _svcauth_svc_name = save;
- return TRUE;
-diff --git a/src/svc_vc.c b/src/svc_vc.c
-index 6ae613d..97a76a3 100644
---- a/src/svc_vc.c
-+++ b/src/svc_vc.c
-@@ -270,14 +270,8 @@ makefd_xprt(fd, sendsize, recvsize)
- struct cf_conn *cd;
- const char *netid;
- struct __rpc_sockinfo si;
--
-- assert(fd != -1);
-
-- if (fd >= FD_SETSIZE) {
-- warnx("svc_vc: makefd_xprt: fd too high\n");
-- xprt = NULL;
-- goto done;
-- }
-+ assert(fd != -1);
-
- xprt = mem_alloc(sizeof(SVCXPRT));
- if (xprt == NULL) {
-@@ -338,22 +332,10 @@ rendezvous_request(xprt, msg)
- r = (struct cf_rendezvous *)xprt->xp_p1;
- again:
- len = sizeof addr;
-- if ((sock = accept(xprt->xp_fd, (struct sockaddr *)(void *)&addr,
-- &len)) < 0) {
-+ sock = accept(xprt->xp_fd, (struct sockaddr *)(void *)&addr, &len);
-+ if (sock < 0) {
- if (errno == EINTR)
- goto again;
--
-- if (errno == EMFILE || errno == ENFILE) {
-- /* If there are no file descriptors available, then accept will fail.
-- We want to delay here so the connection request can be dequeued;
-- otherwise we can bounce between polling and accepting, never
-- giving the request a chance to dequeue and eating an enormous
-- amount of cpu time in svc_run if we're polling on many file
-- descriptors. */
-- struct timespec ts = { .tv_sec = 0, .tv_nsec = 50000000 };
-- nanosleep (&ts, NULL);
-- goto again;
-- }
- return (FALSE);
- }
- /*
-diff --git a/tirpc/rpc/des.h b/tirpc/rpc/des.h
-index d2881ad..018aa48 100644
---- a/tirpc/rpc/des.h
-+++ b/tirpc/rpc/des.h
-@@ -82,6 +82,6 @@ struct desparams {
- /*
- * Software DES.
- */
--extern int _des_crypt( char *, int, struct desparams * );
-+extern int _des_crypt( char *, unsigned, struct desparams * );
-
- #endif
-diff --git a/tirpc/rpc/rpcent.h b/tirpc/rpc/rpcent.h
-index 147f909..e07503c 100644
---- a/tirpc/rpc/rpcent.h
-+++ b/tirpc/rpc/rpcent.h
-@@ -60,10 +60,11 @@ struct rpcent {
- extern struct rpcent *getrpcbyname(const char *);
- extern struct rpcent *getrpcbynumber(int);
- extern struct rpcent *getrpcent(void);
--#endif
-
- extern void setrpcent(int);
- extern void endrpcent(void);
-+#endif
-+
- #ifdef __cplusplus
- }
- #endif
diff --git a/meta/recipes-extended/libtirpc/libtirpc_1.0.1.bb b/meta/recipes-extended/libtirpc/libtirpc_1.0.2.bb
similarity index 82%
rename from meta/recipes-extended/libtirpc/libtirpc_1.0.1.bb
rename to meta/recipes-extended/libtirpc/libtirpc_1.0.2.bb
index f41d2f3..94fd5f9 100644
--- a/meta/recipes-extended/libtirpc/libtirpc_1.0.1.bb
+++ b/meta/recipes-extended/libtirpc/libtirpc_1.0.2.bb
@@ -11,12 +11,9 @@ PROVIDES = "virtual/librpc"
SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BP}.tar.bz2;name=libtirpc \
${GENTOO_MIRROR}/${BPN}-glibc-nfs.tar.xz;name=glibc-nfs \
- file://libtirpc-1.0.2-rc3.patch \
- file://libtirpc-0.2.1-fortify.patch \
file://export_key_secretkey_is_set.patch \
file://0001-replace-__bzero-with-memset-API.patch \
file://0001-include-stdint.h-for-uintptr_t.patch \
- file://0001-Fix-for-CVE-2017-8779.patch \
"
SRC_URI_append_libc-uclibc = " file://remove-des-functionality.patch \
@@ -26,8 +23,8 @@ SRC_URI_append_libc-musl = " \
file://Use-netbsd-queue.h.patch \
"
-SRC_URI[libtirpc.md5sum] = "36ce1c0ff80863bb0839d54aa0b94014"
-SRC_URI[libtirpc.sha256sum] = "5156974f31be7ccbc8ab1de37c4739af6d9d42c87b1d5caf4835dda75fcbb89e"
+SRC_URI[libtirpc.md5sum] = "d5a37f1dccec484f9cabe2b97e54e9a6"
+SRC_URI[libtirpc.sha256sum] = "723c5ce92706cbb601a8db09110df1b4b69391643158f20ff587e20e7c5f90f5"
SRC_URI[glibc-nfs.md5sum] = "5ae500b9d0b6b72cb875bc04944b9445"
SRC_URI[glibc-nfs.sha256sum] = "2677cfedf626f3f5a8f6e507aed5bb8f79a7453b589d684dbbc086e755170d83"
--
2.7.4
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [morty][PATCH 08/13] libtirpc: stop dropping in NIS headers
2018-03-15 17:29 [morty][PATCH 01/13] unfs3: Fix build with musl Richard Purdie
` (5 preceding siblings ...)
2018-03-15 17:30 ` [morty][PATCH 07/13] libtirpc: upgrade to 1.0.2 Richard Purdie
@ 2018-03-15 17:30 ` Richard Purdie
2018-03-15 17:30 ` [morty][PATCH 09/13] libtirpc: Extend to native and nativesdk recipes Richard Purdie
` (4 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: Richard Purdie @ 2018-03-15 17:30 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross.burton@intel.com>
libtirpc prior to 1.0.2 assumed that the system provided nis.h but this isn't
always true. Until now we've been using a tarball of the missing files from
Gentoo, but libtirpc 1.0.2 added a copy of nis.h to the sources so this isn't
required anymore.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
meta/recipes-extended/libtirpc/libtirpc_1.0.2.bb | 13 +++----------
1 file changed, 3 insertions(+), 10 deletions(-)
diff --git a/meta/recipes-extended/libtirpc/libtirpc_1.0.2.bb b/meta/recipes-extended/libtirpc/libtirpc_1.0.2.bb
index 94fd5f9..07e4c79 100644
--- a/meta/recipes-extended/libtirpc/libtirpc_1.0.2.bb
+++ b/meta/recipes-extended/libtirpc/libtirpc_1.0.2.bb
@@ -9,8 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=f835cce8852481e4b2bbbdd23b5e47f3 \
PROVIDES = "virtual/librpc"
-SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BP}.tar.bz2;name=libtirpc \
- ${GENTOO_MIRROR}/${BPN}-glibc-nfs.tar.xz;name=glibc-nfs \
+SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BP}.tar.bz2 \
file://export_key_secretkey_is_set.patch \
file://0001-replace-__bzero-with-memset-API.patch \
file://0001-include-stdint.h-for-uintptr_t.patch \
@@ -23,19 +22,13 @@ SRC_URI_append_libc-musl = " \
file://Use-netbsd-queue.h.patch \
"
-SRC_URI[libtirpc.md5sum] = "d5a37f1dccec484f9cabe2b97e54e9a6"
-SRC_URI[libtirpc.sha256sum] = "723c5ce92706cbb601a8db09110df1b4b69391643158f20ff587e20e7c5f90f5"
-SRC_URI[glibc-nfs.md5sum] = "5ae500b9d0b6b72cb875bc04944b9445"
-SRC_URI[glibc-nfs.sha256sum] = "2677cfedf626f3f5a8f6e507aed5bb8f79a7453b589d684dbbc086e755170d83"
+SRC_URI[md5sum] = "d5a37f1dccec484f9cabe2b97e54e9a6"
+SRC_URI[sha256sum] = "723c5ce92706cbb601a8db09110df1b4b69391643158f20ff587e20e7c5f90f5"
inherit autotools pkgconfig
EXTRA_OECONF = "--disable-gssapi"
-do_configure_prepend () {
- cp -r ${WORKDIR}/tirpc ${S}
-}
-
do_install_append() {
chown root:root ${D}${sysconfdir}/netconfig
}
--
2.7.4
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [morty][PATCH 09/13] libtirpc: Extend to native and nativesdk recipes
2018-03-15 17:29 [morty][PATCH 01/13] unfs3: Fix build with musl Richard Purdie
` (6 preceding siblings ...)
2018-03-15 17:30 ` [morty][PATCH 08/13] libtirpc: stop dropping in NIS headers Richard Purdie
@ 2018-03-15 17:30 ` Richard Purdie
2018-03-15 17:30 ` [morty][PATCH 10/13] unfs3: Fix libtirpc usage for unfs3-native version Richard Purdie
` (3 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: Richard Purdie @ 2018-03-15 17:30 UTC (permalink / raw)
To: openembedded-core
From: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
meta/recipes-extended/libtirpc/libtirpc_1.0.2.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-extended/libtirpc/libtirpc_1.0.2.bb b/meta/recipes-extended/libtirpc/libtirpc_1.0.2.bb
index 07e4c79..cea2338 100644
--- a/meta/recipes-extended/libtirpc/libtirpc_1.0.2.bb
+++ b/meta/recipes-extended/libtirpc/libtirpc_1.0.2.bb
@@ -32,3 +32,5 @@ EXTRA_OECONF = "--disable-gssapi"
do_install_append() {
chown root:root ${D}${sysconfdir}/netconfig
}
+
+BBCLASSEXTEND = "native nativesdk"
--
2.7.4
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [morty][PATCH 10/13] unfs3: Fix libtirpc usage for unfs3-native version
2018-03-15 17:29 [morty][PATCH 01/13] unfs3: Fix build with musl Richard Purdie
` (7 preceding siblings ...)
2018-03-15 17:30 ` [morty][PATCH 09/13] libtirpc: Extend to native and nativesdk recipes Richard Purdie
@ 2018-03-15 17:30 ` Richard Purdie
2018-03-15 17:30 ` [morty][PATCH 11/13] yocto-uninative: Upgrade to 1.8 version with glibc 2.27 Richard Purdie
` (2 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: Richard Purdie @ 2018-03-15 17:30 UTC (permalink / raw)
To: openembedded-core
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
meta/recipes-devtools/unfs3/unfs3_0.9.22.r497.bb | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-devtools/unfs3/unfs3_0.9.22.r497.bb b/meta/recipes-devtools/unfs3/unfs3_0.9.22.r497.bb
index fd9a5cd..0069425 100644
--- a/meta/recipes-devtools/unfs3/unfs3_0.9.22.r497.bb
+++ b/meta/recipes-devtools/unfs3/unfs3_0.9.22.r497.bb
@@ -33,8 +33,8 @@ BBCLASSEXTEND = "native nativesdk"
inherit autotools
EXTRA_OECONF_append_class-native = " --sbindir=${bindir}"
-CFLAGS += " -I${STAGING_INCDIR}/tirpc"
-LDFLAGS += " -ltirpc"
+CFLAGS_append = " -I${STAGING_INCDIR}/tirpc"
+LDFLAGS_append = " -ltirpc"
# Turn off these header detects else the inode search
# will walk entire file systems and this is a real problem
--
2.7.4
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [morty][PATCH 11/13] yocto-uninative: Upgrade to 1.8 version with glibc 2.27
2018-03-15 17:29 [morty][PATCH 01/13] unfs3: Fix build with musl Richard Purdie
` (8 preceding siblings ...)
2018-03-15 17:30 ` [morty][PATCH 10/13] unfs3: Fix libtirpc usage for unfs3-native version Richard Purdie
@ 2018-03-15 17:30 ` Richard Purdie
2018-03-15 17:30 ` [morty][PATCH 12/13] uninative: Add compatiblity version check Richard Purdie
2018-03-15 17:30 ` [morty][PATCH 13/13] world-broken.inc: blacklist portmap on musl Richard Purdie
11 siblings, 0 replies; 13+ messages in thread
From: Richard Purdie @ 2018-03-15 17:30 UTC (permalink / raw)
To: openembedded-core
Now distros are starting to ship glibc 2.27 we need a uninatve version
which contains glibc 2.27 which is in the 1.8 version.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
meta/conf/distro/include/yocto-uninative.inc | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/meta/conf/distro/include/yocto-uninative.inc b/meta/conf/distro/include/yocto-uninative.inc
index 839c19a..b3f8c24 100644
--- a/meta/conf/distro/include/yocto-uninative.inc
+++ b/meta/conf/distro/include/yocto-uninative.inc
@@ -6,6 +6,6 @@
# to the distro running on the build machine.
#
-UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/1.7/"
-UNINATIVE_CHECKSUM[i686] ?= "d7c341460035936c19d63fe02f354ef1bc993c62d694ae3a31458d1c6997f0c5"
-UNINATIVE_CHECKSUM[x86_64] ?= "ed033c868b87852b07957a4400f3b744c00aef5d6470346ea1a59b6d3e03075e"
+UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/1.8/"
+UNINATIVE_CHECKSUM[i686] ?= "427ce522ec97f65c75fd89587d90ef789e8cbca4a617abc4b5822abb01c2d0ae"
+UNINATIVE_CHECKSUM[x86_64] ?= "de4947e98e09e1432d069311cc2093974ecb9138a714fd5466f73524de66a693"
--
2.7.4
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [morty][PATCH 12/13] uninative: Add compatiblity version check
2018-03-15 17:29 [morty][PATCH 01/13] unfs3: Fix build with musl Richard Purdie
` (9 preceding siblings ...)
2018-03-15 17:30 ` [morty][PATCH 11/13] yocto-uninative: Upgrade to 1.8 version with glibc 2.27 Richard Purdie
@ 2018-03-15 17:30 ` Richard Purdie
2018-03-15 17:30 ` [morty][PATCH 13/13] world-broken.inc: blacklist portmap on musl Richard Purdie
11 siblings, 0 replies; 13+ messages in thread
From: Richard Purdie @ 2018-03-15 17:30 UTC (permalink / raw)
To: openembedded-core
If glibc is newer on the host than in uninative, the failure mode is
pretty nasty for clusters where the sstate is shared, including the Yocto
Project autobuilder.
This check aborts the use of uninative in such scenarios where a newer
glibc version appears and avoids corruption of sstate caches.
We use ldd to check the glibc version since that is included in libc-bin
(or equivalent) which locales use so it should always be present.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
meta/classes/uninative.bbclass | 7 +++++++
meta/conf/distro/include/yocto-uninative.inc | 2 ++
2 files changed, 9 insertions(+)
diff --git a/meta/classes/uninative.bbclass b/meta/classes/uninative.bbclass
index 241ca74..62a29a1 100644
--- a/meta/classes/uninative.bbclass
+++ b/meta/classes/uninative.bbclass
@@ -59,6 +59,11 @@ python uninative_event_fetchloader() {
if localpath != tarballpath and os.path.exists(localpath) and not os.path.exists(tarballpath):
os.symlink(localpath, tarballpath)
+ # ldd output is "ldd (Ubuntu GLIBC 2.23-0ubuntu10) 2.23", extract last option from first line
+ glibcver = subprocess.check_output(["ldd", "--version"]).decode('utf-8').split('\n')[0].split()[-1]
+ if bb.utils.vercmp_string(d.getVar("UNINATIVE_MAXGLIBCVERSION", True), glibcver) < 0:
+ raise RuntimeError("Your host glibc verson (%s) is newer than that in uninative (%s). Disabling uninative so that sstate is not corrupted." % (glibcver, d.getVar("UNINATIVE_MAXGLIBCVERSION", True)))
+
cmd = d.expand("mkdir -p ${UNINATIVE_STAGING_DIR}-uninative; cd ${UNINATIVE_STAGING_DIR}-uninative; tar -xjf ${UNINATIVE_DLDIR}/%s/${UNINATIVE_TARBALL}; ${UNINATIVE_STAGING_DIR}-uninative/relocate_sdk.py ${UNINATIVE_STAGING_DIR}-uninative/${BUILD_ARCH}-linux ${UNINATIVE_LOADER} ${UNINATIVE_LOADER} ${UNINATIVE_STAGING_DIR}-uninative/${BUILD_ARCH}-linux/${bindir_native}/patchelf-uninative ${UNINATIVE_STAGING_DIR}-uninative/${BUILD_ARCH}-linux${base_libdir_native}/libc*.so" % chksum)
subprocess.check_call(cmd, shell=True)
@@ -67,6 +72,8 @@ python uninative_event_fetchloader() {
enable_uninative(d)
+ except RuntimeError as e:
+ bb.warn(str(e))
except bb.fetch2.BBFetchException as exc:
bb.warn("Disabling uninative as unable to fetch uninative tarball: %s" % str(exc))
bb.warn("To build your own uninative loader, please bitbake uninative-tarball and set UNINATIVE_TARBALL appropriately.")
diff --git a/meta/conf/distro/include/yocto-uninative.inc b/meta/conf/distro/include/yocto-uninative.inc
index b3f8c24..cd5fc0b 100644
--- a/meta/conf/distro/include/yocto-uninative.inc
+++ b/meta/conf/distro/include/yocto-uninative.inc
@@ -6,6 +6,8 @@
# to the distro running on the build machine.
#
+UNINATIVE_MAXGLIBCVERSION = "2.27"
+
UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/1.8/"
UNINATIVE_CHECKSUM[i686] ?= "427ce522ec97f65c75fd89587d90ef789e8cbca4a617abc4b5822abb01c2d0ae"
UNINATIVE_CHECKSUM[x86_64] ?= "de4947e98e09e1432d069311cc2093974ecb9138a714fd5466f73524de66a693"
--
2.7.4
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [morty][PATCH 13/13] world-broken.inc: blacklist portmap on musl
2018-03-15 17:29 [morty][PATCH 01/13] unfs3: Fix build with musl Richard Purdie
` (10 preceding siblings ...)
2018-03-15 17:30 ` [morty][PATCH 12/13] uninative: Add compatiblity version check Richard Purdie
@ 2018-03-15 17:30 ` Richard Purdie
11 siblings, 0 replies; 13+ messages in thread
From: Richard Purdie @ 2018-03-15 17:30 UTC (permalink / raw)
To: openembedded-core
portmap was dropped in rocko and later and doesn't work with libtirpc
so don't build it for musl
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
meta/conf/distro/include/world-broken.inc | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/meta/conf/distro/include/world-broken.inc b/meta/conf/distro/include/world-broken.inc
index 0166963..8f56103 100644
--- a/meta/conf/distro/include/world-broken.inc
+++ b/meta/conf/distro/include/world-broken.inc
@@ -28,6 +28,10 @@ EXCLUDE_FROM_WORLD_pn-lttng-tools_libc-musl = "1"
EXCLUDE_FROM_WORLD_pn-systemtap_libc-musl = "1"
EXCLUDE_FROM_WORLD_pn-systemtap-uprobes_libc-musl = "1"
+# portmap.c:488:32: error: 'struct sockaddr_in6' has no member named 'sin_port'; did you mean 'sin6_port'?
+# We removed portmap in rocko onwards and it doesn't work with libtirpc
+EXCLUDE_FROM_WORLD_pn-portmap_libc-musl = "1"
+
# error: a parameter list without types is only allowed in a function definition
# void (*_function)(sigval_t);
EXCLUDE_FROM_WORLD_pn-qemu_libc-musl = "1"
--
2.7.4
^ permalink raw reply related [flat|nested] 13+ messages in thread
end of thread, other threads:[~2018-03-15 18:00 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-03-15 17:29 [morty][PATCH 01/13] unfs3: Fix build with musl Richard Purdie
2018-03-15 17:29 ` [morty][PATCH 02/13] libtirpc: Backport fixes from 1.0.2rc3 Richard Purdie
2018-03-15 17:29 ` [morty][PATCH 03/13] libtirpc: Expose key_secretkey_is_set API Richard Purdie
2018-03-15 17:30 ` [morty][PATCH 04/13] libtirpc: Enable des APIs for musl Richard Purdie
2018-03-15 17:30 ` [morty][PATCH 05/13] libtirpc: Fix build error due to missing stdint.h> include Richard Purdie
2018-03-15 17:30 ` [morty][PATCH 06/13] libtirpc: Fix CVE-2017-8779 Richard Purdie
2018-03-15 17:30 ` [morty][PATCH 07/13] libtirpc: upgrade to 1.0.2 Richard Purdie
2018-03-15 17:30 ` [morty][PATCH 08/13] libtirpc: stop dropping in NIS headers Richard Purdie
2018-03-15 17:30 ` [morty][PATCH 09/13] libtirpc: Extend to native and nativesdk recipes Richard Purdie
2018-03-15 17:30 ` [morty][PATCH 10/13] unfs3: Fix libtirpc usage for unfs3-native version Richard Purdie
2018-03-15 17:30 ` [morty][PATCH 11/13] yocto-uninative: Upgrade to 1.8 version with glibc 2.27 Richard Purdie
2018-03-15 17:30 ` [morty][PATCH 12/13] uninative: Add compatiblity version check Richard Purdie
2018-03-15 17:30 ` [morty][PATCH 13/13] world-broken.inc: blacklist portmap on musl Richard Purdie
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.