20 changed files with 2123 additions and 277 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/libtirpc-1.3.3.tar.bz2
+SOURCES/libtirpc-1.1.4.tar.bz2
--- a/.libtirpc.metadata
+++ b/.libtirpc.metadata
@ -1 +1 @@
-6e52c39148494e4836e2d5d4f28b11ddfa65394b SOURCES/libtirpc-1.3.3.tar.bz2
+d85717035cb9bd6c45557a1eb1351d3af9a69ff7 SOURCES/libtirpc-1.1.4.tar.bz2
--- a/SOURCES/libtirpc-1.1.4-blacklist.patch
+++ b/SOURCES/libtirpc-1.1.4-blacklist.patch
@ -0,0 +1,15 @@
 diff -up libtirpc-1.1.4/doc/bindresvport.blacklist.save libtirpc-1.1.4/doc/bindresvport.blacklist
 --- libtirpc-1.1.4/doc/bindresvport.blacklist.save	2021-04-17 13:04:20.092274589 -0400
 +++ libtirpc-1.1.4/doc/bindresvport.blacklist	2021-04-17 13:04:45.609945925 -0400
@@ -8,6 +8,11 @@
 631     # cups
 636     # ldaps
 664     # Secure ASF, used by IPMI on some cards
 +749     # Kerberos V kadmin
 +774     # rpasswd
 +873     # rsyncd
 921     # lwresd
 +992     # SSL-enabled telnet
 993     # imaps
 +994     # irc
 995     # pops
--- a/SOURCES/libtirpc-1.1.4-covscan.patch
+++ b/SOURCES/libtirpc-1.1.4-covscan.patch
@ -0,0 +1,151 @@
 diff --git a/src/auth_gss.c b/src/auth_gss.c
 index 5959893..7d08262 100644
 --- a/src/auth_gss.c
 +++ b/src/auth_gss.c
@@ -207,6 +207,7 @@ authgss_create(CLIENT *clnt, gss_name_t name, struct rpc_gss_sec *sec)
 			rpc_createerr.cf_stat = RPC_SYSTEMERROR;
 			rpc_createerr.cf_error.re_errno = ENOMEM;
 			free(auth);
 +			free(gd);
 			return (NULL);
 		}
 	}
@@ -592,7 +593,7 @@ _rpc_gss_refresh(AUTH *auth, rpc_gss_options_ret_t *options_ret)
 			if (rpc_gss_oid_to_mech(actual_mech_type, &mechanism)) {
 				strncpy(options_ret->actual_mechanism,
 					mechanism,
 -					sizeof(options_ret->actual_mechanism));
 +					(sizeof(options_ret->actual_mechanism)-1));
 			}
 			gd->established = TRUE;
 diff --git a/src/clnt_bcast.c b/src/clnt_bcast.c
 index 98cf061..2ad6c89 100644
 --- a/src/clnt_bcast.c
 +++ b/src/clnt_bcast.c
@@ -330,6 +330,7 @@ rpc_broadcast_exp(prog, vers, proc, xargs, argsp, xresults, resultsp,
 	if (nettype == NULL)
 		nettype = "datagram_n";
 	if ((handle = __rpc_setconf(nettype)) == NULL) {
 +		AUTH_DESTROY(sys_auth);
 		return (RPC_UNKNOWNPROTO);
 	}
 	while ((nconf = __rpc_getconf(handle)) != NULL) {
 diff --git a/src/getnetconfig.c b/src/getnetconfig.c
 index 92e7c43..d67d97d 100644
 --- a/src/getnetconfig.c
 +++ b/src/getnetconfig.c
@@ -709,6 +709,8 @@ struct netconfig	*ncp;
     p->nc_lookups = (char **)malloc((size_t)(p->nc_nlookups+1) * sizeof(char *));
     if (p->nc_lookups == NULL) {
 	free(p->nc_netid);
 +	free(p);
 +	free(tmp);
 	return(NULL);
     }
     for (i=0; i < p->nc_nlookups; i++) {
 diff --git a/src/getnetpath.c b/src/getnetpath.c
 index 7c19932..ea1a18c 100644
 --- a/src/getnetpath.c
 +++ b/src/getnetpath.c
@@ -88,6 +88,7 @@ setnetpath()
     }
     if ((np_sessionp->nc_handlep = setnetconfig()) == NULL) {
 	syslog (LOG_ERR, "rpc: failed to open " NETCONFIG);
 +	free(np_sessionp);
 	return (NULL);
     }
     np_sessionp->valid = NP_VALID;
 diff --git a/src/rpc_generic.c b/src/rpc_generic.c
 index 589cbd5..51f36ac 100644
 --- a/src/rpc_generic.c
 +++ b/src/rpc_generic.c
@@ -319,6 +319,7 @@ __rpc_setconf(nettype)
 		handle->nflag = FALSE;
 		break;
 	default:
 +		free(handle);
 		return (NULL);
 	}
 diff --git a/src/rpc_soc.c b/src/rpc_soc.c
 index 5a6eeb7..a85cb17 100644
 --- a/src/rpc_soc.c
 +++ b/src/rpc_soc.c
@@ -663,15 +663,17 @@ svcunix_create(sock, sendsize, recvsize, path)
 		    strcmp(nconf->nc_protofmly, NC_LOOPBACK) == 0)
 			break;
 	}
 -	if (nconf == NULL)
 +	if (nconf == NULL) {
 +		endnetconfig(localhandle);
 		return(xprt);
 +	}
 	if ((sock = __rpc_nconf2fd(nconf)) < 0)
 		goto done;
 	memset(&sun, 0, sizeof sun);
 	sun.sun_family = AF_LOCAL;
 -	strncpy(sun.sun_path, path, sizeof(sun.sun_path));
 +	strncpy(sun.sun_path, path, (sizeof(sun.sun_path)-1));
 	addrlen = sizeof(struct sockaddr_un);
 	sa = (struct sockaddr *)&sun;
@@ -692,6 +694,8 @@ svcunix_create(sock, sendsize, recvsize, path)
 	}
 	xprt = (SVCXPRT *)svc_tli_create(sock, nconf, &taddr, sendsize, recvsize);
 +	if (xprt == NULL)
 +		close(sock);
 done:
 	endnetconfig(localhandle);
 diff --git a/src/rpcb_clnt.c b/src/rpcb_clnt.c
 index e45736a..0c34cb7 100644
 --- a/src/rpcb_clnt.c
 +++ b/src/rpcb_clnt.c
@@ -547,6 +547,7 @@ try_nconf:
 		if (tmpnconf == NULL) {
  			rpc_createerr.cf_stat = RPC_UNKNOWNPROTO;
 			mutex_unlock(&loopnconf_lock);
 +			endnetconfig(nc_handle);
 			return (NULL);
 		}
 		loopnconf = getnetconfigent(tmpnconf->nc_netid);
 diff --git a/src/rtime.c b/src/rtime.c
 index b642840..29fbf0a 100644
 --- a/src/rtime.c
 +++ b/src/rtime.c
@@ -90,6 +90,7 @@ rtime(addrp, timep, timeout)
 	/* TCP and UDP port are the same in this case */
 	if ((serv = getservbyname("time", "tcp")) == NULL) {
 +		do_close(s);
 		return(-1);
 	}
 diff --git a/src/svc_generic.c b/src/svc_generic.c
 index 52a56c2..20abaa2 100644
 --- a/src/svc_generic.c
 +++ b/src/svc_generic.c
@@ -113,6 +113,7 @@ svc_create(dispatch, prognum, versnum, nettype)
 				if (l == NULL) {
 					warnx("svc_create: no memory");
 					mutex_unlock(&xprtlist_lock);
 +					__rpc_endconf(handle);
 					return (0);
 				}
 				l->xprt = xprt;
 diff --git a/src/svc_simple.c b/src/svc_simple.c
 index cb58002..c32fe0a 100644
 --- a/src/svc_simple.c
 +++ b/src/svc_simple.c
@@ -157,6 +157,7 @@ rpc_reg(prognum, versnum, procnum, progname, inproc, outproc, nettype)
 				((netid = strdup(nconf->nc_netid)) == NULL)) {
 				warnx(rpc_reg_err, rpc_reg_msg, __no_mem_str);
 				SVC_DESTROY(svcxprt);
 +				free(xdrbuf);
 				break;
 			}
 			madenow = TRUE;
--- a/SOURCES/libtirpc-1.1.4-dgcall-free.patch
+++ b/SOURCES/libtirpc-1.1.4-dgcall-free.patch
@ -0,0 +1,14 @@
 diff -up libtirpc-1.1.4/src/clnt_dg.c.orig libtirpc-1.1.4/src/clnt_dg.c
 --- libtirpc-1.1.4/src/clnt_dg.c.orig	2022-05-31 08:14:09.408762537 -0400
 +++ libtirpc-1.1.4/src/clnt_dg.c	2022-05-31 08:17:28.950764885 -0400
@@ -478,9 +478,9 @@ get_reply:
 		 cmsg = CMSG_NXTHDR (&msg, cmsg))
 	      if (cmsg->cmsg_level == SOL_IP && cmsg->cmsg_type == IP_RECVERR)
 		{
 -		  mem_free(cbuf, (outlen + 256));
 		  e = (struct sock_extended_err *) CMSG_DATA(cmsg);
 		  cu->cu_error.re_errno = e->ee_errno;
 +		  mem_free(cbuf, (outlen + 256));
 		  release_fd_lock(cu->cu_fd, mask);
 		  return (cu->cu_error.re_status = RPC_CANTRECV);
 		}
--- a/SOURCES/libtirpc-1.1.4-disallow-auth_refresh.patch
+++ b/SOURCES/libtirpc-1.1.4-disallow-auth_refresh.patch
@ -0,0 +1,76 @@
 diff -up libtirpc-1.1.4/src/auth_gss.c.orig libtirpc-1.1.4/src/auth_gss.c
 --- libtirpc-1.1.4/src/auth_gss.c.orig	2021-04-17 13:11:03.229880600 -0400
 +++ libtirpc-1.1.4/src/auth_gss.c	2021-04-17 13:15:10.722391798 -0400
@@ -982,3 +982,9 @@ rpc_gss_max_data_length(AUTH *auth, int
 	rpc_gss_clear_error();
 	return result;
 }
 +
 +bool_t
 +is_authgss_client(CLIENT *clnt)
 +{
 +	return (clnt->cl_auth->ah_ops == &authgss_ops);
 +}
 diff -up libtirpc-1.1.4/src/clnt_dg.c.orig libtirpc-1.1.4/src/clnt_dg.c
 --- libtirpc-1.1.4/src/clnt_dg.c.orig	2018-08-27 10:06:49.000000000 -0400
 +++ libtirpc-1.1.4/src/clnt_dg.c	2021-04-17 13:15:10.722391798 -0400
@@ -60,6 +60,9 @@
 #include <sys/uio.h>
 #endif
 +#ifdef HAVE_RPCSEC_GSS
 +#include <rpc/auth_gss.h>
 +#endif
 #define MAX_DEFAULT_FDS                 20000
@@ -356,6 +359,11 @@ clnt_dg_call(cl, proc, xargs, argsp, xre
 		salen = cu->cu_rlen;
 	}
 +#ifdef HAVE_RPCSEC_GSS
 +	if (is_authgss_client(cl))
 +		nrefreshes = 0;
 +#endif
 +
 	/* Clean up in case the last call ended in a longjmp(3) call. */
 call_again:
 	xdrs = &(cu->cu_outxdrs);
 diff -up libtirpc-1.1.4/src/clnt_vc.c.orig libtirpc-1.1.4/src/clnt_vc.c
 --- libtirpc-1.1.4/src/clnt_vc.c.orig	2018-08-27 10:06:49.000000000 -0400
 +++ libtirpc-1.1.4/src/clnt_vc.c	2021-04-17 13:15:10.723391824 -0400
@@ -68,6 +68,10 @@
 #include <rpc/rpc.h>
 #include "rpc_com.h"
 +#ifdef HAVE_RPCSEC_GSS
 +#include <rpc/auth_gss.h>
 +#endif
 +
 #define MCALL_MSG_SIZE 24
 #define CMGROUP_MAX    16
@@ -380,6 +384,11 @@ clnt_vc_call(cl, proc, xdr_args, args_pt
 	    (xdr_results == NULL && timeout.tv_sec == 0
 	    && timeout.tv_usec == 0) ? FALSE : TRUE;
 +#ifdef HAVE_RPCSEC_GSS
 +	if (is_authgss_client(cl))
 +		refreshes = 0;
 +#endif
 +
 call_again:
 	xdrs->x_op = XDR_ENCODE;
 	ct->ct_error.re_status = RPC_SUCCESS;
 diff -up libtirpc-1.1.4/tirpc/rpc/auth_gss.h.orig libtirpc-1.1.4/tirpc/rpc/auth_gss.h
 --- libtirpc-1.1.4/tirpc/rpc/auth_gss.h.orig	2018-08-27 10:06:49.000000000 -0400
 +++ libtirpc-1.1.4/tirpc/rpc/auth_gss.h	2021-04-17 13:15:10.723391824 -0400
@@ -120,6 +120,8 @@ void	gss_log_debug		(const char *fmt, ..
 void	gss_log_status		(char *m, OM_uint32 major, OM_uint32 minor);
 void	gss_log_hexdump		(const u_char *buf, int len, int offset);
 +bool_t	is_authgss_client	(CLIENT *);
 +
 #ifdef __cplusplus
 }
 #endif
--- a/SOURCES/libtirpc-1.1.4-dos-fix.patch
+++ b/SOURCES/libtirpc-1.1.4-dos-fix.patch
@ -0,0 +1,154 @@
 diff --git a/src/rpc_com.h b/src/rpc_com.h
 index 10bec79..76badef 100644
 --- a/src/rpc_com.h
 +++ b/src/rpc_com.h
@@ -61,8 +61,7 @@ void __xprt_unregister_unlocked(SVCXPRT *);
 void __xprt_set_raddr(SVCXPRT *, const struct sockaddr_storage *);
 -SVCXPRT **__svc_xports;
 -int __svc_maxrec;
 +extern int __svc_maxrec;
 #ifdef __cplusplus
 }
 diff --git a/src/svc.c b/src/svc.c
 index b59467b..3a8709f 100644
 --- a/src/svc.c
 +++ b/src/svc.c
@@ -57,6 +57,9 @@
 #define max(a, b) (a > b ? a : b)
 +SVCXPRT **__svc_xports;
 +int __svc_maxrec;
 +
 /*
  * The services list
  * Each entry represents a set of procedures (an rpc program).
@@ -191,6 +194,21 @@ __xprt_do_unregister (xprt, dolock)
     rwlock_unlock (&svc_fd_lock);
 }
 +int
 +svc_open_fds()
 +{
 +	int ix;
 +	int nfds = 0;
 +
 +	rwlock_rdlock (&svc_fd_lock);
 +	for (ix = 0; ix < svc_max_pollfd; ++ix) {
 +		if (svc_pollfd[ix].fd != -1)
 +			nfds++;
 +	}
 +	rwlock_unlock (&svc_fd_lock);
 +	return (nfds);
 +}
 +
 /*
  * Add a service program to the callout list.
  * The dispatch routine will be called when a rpc request for this
 diff --git a/src/svc_vc.c b/src/svc_vc.c
 index c23cd36..1729963 100644
 --- a/src/svc_vc.c
 +++ b/src/svc_vc.c
@@ -64,6 +64,8 @@
 extern rwlock_t svc_fd_lock;
 +extern SVCXPRT **__svc_xports;
 +extern int svc_open_fds();
 static SVCXPRT *makefd_xprt(int, u_int, u_int);
 static bool_t rendezvous_request(SVCXPRT *, struct rpc_msg *);
@@ -82,6 +84,7 @@ static void svc_vc_ops(SVCXPRT *);
 static bool_t svc_vc_control(SVCXPRT *xprt, const u_int rq, void *in);
 static bool_t svc_vc_rendezvous_control (SVCXPRT *xprt, const u_int rq,
 				   	     void *in);
 +static int __svc_destroy_idle(int timeout);
 struct cf_rendezvous { /* kept in xprt->xp_p1 for rendezvouser */
 	u_int sendsize;
@@ -312,13 +315,14 @@ done:
 	return (xprt);
 }
 +
 /*ARGSUSED*/
 static bool_t
 rendezvous_request(xprt, msg)
 	SVCXPRT *xprt;
 	struct rpc_msg *msg;
 {
 -	int sock, flags;
 +	int sock, flags, nfds, cnt;
 	struct cf_rendezvous *r;
 	struct cf_conn *cd;
 	struct sockaddr_storage addr;
@@ -378,6 +382,16 @@ again:
 	gettimeofday(&cd->last_recv_time, NULL);
 +	nfds = svc_open_fds();
 +	if (nfds >= (_rpc_dtablesize() / 5) * 4) {
 +		/* destroy idle connections */
 +		cnt = __svc_destroy_idle(15);
 +		if (cnt == 0) {
 +			/* destroy least active */
 +			__svc_destroy_idle(0);
 +		}
 +	}
 +
 	return (FALSE); /* there is never an rpc msg to be processed */
 }
@@ -819,3 +833,49 @@ __svc_clean_idle(fd_set *fds, int timeout, bool_t cleanblock)
 {
 	return FALSE;
 }
 +
 +static int
 +__svc_destroy_idle(int timeout)
 +{
 +	int i, ncleaned = 0;
 +	SVCXPRT *xprt, *least_active;
 +	struct timeval tv, tdiff, tmax;
 +	struct cf_conn *cd;
 +
 +	gettimeofday(&tv, NULL);
 +	tmax.tv_sec = tmax.tv_usec = 0;
 +	least_active = NULL;
 +	rwlock_wrlock(&svc_fd_lock);
 +
 +	for (i = 0; i <= svc_max_pollfd; i++) {
 +		if (svc_pollfd[i].fd == -1)
 +			continue;
 +		xprt = __svc_xports[i];
 +		if (xprt == NULL || xprt->xp_ops == NULL ||
 +			xprt->xp_ops->xp_recv != svc_vc_recv)
 +			continue;
 +		cd = (struct cf_conn *)xprt->xp_p1;
 +		if (!cd->nonblock)
 +			continue;
 +		if (timeout == 0) {
 +			timersub(&tv, &cd->last_recv_time, &tdiff);
 +			if (timercmp(&tdiff, &tmax, >)) {
 +				tmax = tdiff;
 +				least_active = xprt;
 +			}
 +			continue;
 +		}
 +		if (tv.tv_sec - cd->last_recv_time.tv_sec > timeout) {
 +			__xprt_unregister_unlocked(xprt);
 +			__svc_vc_dodestroy(xprt);
 +			ncleaned++;
 +		}
 +	}
 +	if (timeout == 0 && least_active != NULL) {
 +		__xprt_unregister_unlocked(least_active);
 +		__svc_vc_dodestroy(least_active);
 +		ncleaned++;
 +	}
 +	rwlock_unlock(&svc_fd_lock);
 +	return (ncleaned);
 +}
--- a/SOURCES/libtirpc-1.1.4-double-free.patch
+++ b/SOURCES/libtirpc-1.1.4-double-free.patch
--- a/SOURCES/libtirpc-1.1.4-dup_ncp-bad-free.patch
+++ b/SOURCES/libtirpc-1.1.4-dup_ncp-bad-free.patch
@ -0,0 +1,51 @@
 commit 959b2001458bca8f9228014371aad6ccbeb95a68
 Author: Zhi Li <yieli@redhat.com>
 Date:   Wed Sep 26 14:05:29 2018 -0400
    getnetconfig.c: fix a BAD_FREE (CWE-763)
    Signed-off-by: Steve Dickson <steved@redhat.com>
 diff --git a/src/getnetconfig.c b/src/getnetconfig.c
 index d67d97d..cfd33c2 100644
 --- a/src/getnetconfig.c
 +++ b/src/getnetconfig.c
@@ -681,6 +681,7 @@ struct netconfig	*ncp;
 {
     struct netconfig	*p;
     char	*tmp;
 +    char	*t;
     u_int	i;
     if ((tmp=malloc(MAXNETCONFIGLINE)) == NULL)
@@ -700,22 +701,21 @@ struct netconfig	*ncp;
      */
     *p = *ncp;
     p->nc_netid = (char *)strcpy(tmp,ncp->nc_netid);
 -    tmp = strchr(tmp, 0) + 1;
 -    p->nc_protofmly = (char *)strcpy(tmp,ncp->nc_protofmly);
 -    tmp = strchr(tmp, 0) + 1;
 -    p->nc_proto = (char *)strcpy(tmp,ncp->nc_proto);
 -    tmp = strchr(tmp, 0) + 1;
 -    p->nc_device = (char *)strcpy(tmp,ncp->nc_device);
 +    t = strchr(tmp, 0) + 1;
 +    p->nc_protofmly = (char *)strcpy(t,ncp->nc_protofmly);
 +    t = strchr(t, 0) + 1;
 +    p->nc_proto = (char *)strcpy(t,ncp->nc_proto);
 +    t = strchr(t, 0) + 1;
 +    p->nc_device = (char *)strcpy(t,ncp->nc_device);
     p->nc_lookups = (char **)malloc((size_t)(p->nc_nlookups+1) * sizeof(char *));
     if (p->nc_lookups == NULL) {
 -	free(p->nc_netid);
 	free(p);
 	free(tmp);
 	return(NULL);
     }
     for (i=0; i < p->nc_nlookups; i++) {
 -    	tmp = strchr(tmp, 0) + 1;
 -    	p->nc_lookups[i] = (char *)strcpy(tmp,ncp->nc_lookups[i]);
 +	t = strchr(t, 0) + 1;
 +	p->nc_lookups[i] = (char *)strcpy(t,ncp->nc_lookups[i]);
     }
     return(p);
 }
--- a/SOURCES/libtirpc-1.1.4-fix-EOF-non-block.patch
+++ b/SOURCES/libtirpc-1.1.4-fix-EOF-non-block.patch
@ -0,0 +1,68 @@
 diff -up libtirpc-1.1.4/src/svc_vc.c.orig libtirpc-1.1.4/src/svc_vc.c
 --- libtirpc-1.1.4/src/svc_vc.c.orig	2018-08-27 10:06:49.000000000 -0400
 +++ libtirpc-1.1.4/src/svc_vc.c	2019-07-24 11:51:32.191485387 -0400
@@ -502,9 +502,14 @@ read_vc(xprtp, buf, len)
 	cfp = (struct cf_conn *)xprt->xp_p1;
 	if (cfp->nonblock) {
 +		/* Since len == 0 is returned on zero length
 +		 * read or EOF errno needs to be reset before
 +		 * the read
 +		 */
 +		errno = 0;
 		len = read(sock, buf, (size_t)len);
 		if (len < 0) {
 -			if (errno == EAGAIN)
 +			if (errno == EAGAIN || errno == EWOULDBLOCK)
 				len = 0;
 			else
 				goto fatal_err;
 diff -up libtirpc-1.1.4/src/xdr_rec.c.orig libtirpc-1.1.4/src/xdr_rec.c
 --- libtirpc-1.1.4/src/xdr_rec.c.orig	2018-08-27 10:06:49.000000000 -0400
 +++ libtirpc-1.1.4/src/xdr_rec.c	2019-07-24 11:51:32.191485387 -0400
@@ -61,6 +61,7 @@
 #include <rpc/svc.h>
 #include <rpc/clnt.h>
 #include <stddef.h>
 +#include <errno.h>
 #include "rpc_com.h"
 static bool_t	xdrrec_getlong(XDR *, long *);
 static bool_t	xdrrec_putlong(XDR *, const long *);
@@ -537,7 +538,13 @@ __xdrrec_getrec(xdrs, statp, expectdata)
 		n = rstrm->readit(rstrm->tcp_handle, rstrm->in_hdrp,
 		    (int)sizeof (rstrm->in_header) - rstrm->in_hdrlen);
 		if (n == 0) {
 -			*statp = expectdata ? XPRT_DIED : XPRT_IDLE;
 +			/* EAGAIN or EWOULDBLOCK means a zero length
 +			 * read not an EOF.
 +			 */
 +			if (errno == EAGAIN || errno == EWOULDBLOCK)
 +				*statp = XPRT_IDLE;
 +			else
 +				*statp = expectdata ? XPRT_DIED : XPRT_IDLE;
 			return FALSE;
 		}
 		if (n < 0) {
@@ -564,6 +571,7 @@ __xdrrec_getrec(xdrs, statp, expectdata)
 			rstrm->in_header &= ~LAST_FRAG;
 			rstrm->last_frag = TRUE;
 		}
 +		rstrm->in_haveheader = 1;
 	}
 	n =  rstrm->readit(rstrm->tcp_handle,
@@ -576,7 +584,13 @@ __xdrrec_getrec(xdrs, statp, expectdata)
 	}
 	if (n == 0) {
 -		*statp = expectdata ? XPRT_DIED : XPRT_IDLE;
 +		/* EAGAIN or EWOULDBLOCK means a zero length
 +		 * read not an EOF.
 +		 */
 +		if (errno == EAGAIN || errno == EWOULDBLOCK)
 +			*statp = XPRT_IDLE;
 +		else
 +			*statp = expectdata ? XPRT_DIED : XPRT_IDLE;
 		return FALSE;
 	}
--- a/SOURCES/libtirpc-1.1.4-ip_local_reserved_ports.patch
+++ b/SOURCES/libtirpc-1.1.4-ip_local_reserved_ports.patch
@ -0,0 +1,185 @@
 From 20148930201b732c5dd1003933dd70543d3e929d Mon Sep 17 00:00:00 2001
 From: Otto Hollmann <otto.hollmann@suse.com>
 Date: Sat, 7 Oct 2023 03:48:22 -0400
 Subject: [PATCH] binddynport.c honor ip_local_reserved_ports
 Read reserved ports from /proc/sys/net/ipv4/ip_local_reserved_ports,
 store them into bit-wise array and before binding to random port check
 if port is not reserved.
 Currently, there is no way how to reserve ports so then will not be
 used by rpcbind.
 Random ports are opened by rpcbind because of rmtcalls. There is
 compile-time flag for disabling them, but in some cases we can not
 simply disable them.
 One solution would be run time option --enable-rmtcalls as already
 discussed, but it was rejected. So if we want to keep rmtcalls enabled
 and also be able to reserve some ports, there is no other way than
 filtering available ports. The easiest and clearest way seems to be
 just respect kernel list of ip_reserved_ports.
 Unfortunately there is one known disadvantage/side effect - it affects
 probability of ports which are right after reserved ones. The bigger
 reserved block is, the higher is probability of selecting following
 unreserved port. But if there is no reserved port, impact of this patch
 is minimal/none.
 Signed-off-by: Otto Hollmann <otto.hollmann@suse.com>
 Signed-off-by: Steve Dickson <steved@redhat.com>
 ---
 src/binddynport.c | 108 ++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 100 insertions(+), 8 deletions(-)
 diff --git a/src/binddynport.c b/src/binddynport.c
 index 062629a..c2e9a20 100644
 --- a/src/binddynport.c
 +++ b/src/binddynport.c
@@ -37,6 +37,7 @@
 #include <unistd.h>
 #include <errno.h>
 #include <string.h>
 +#include <syslog.h>
 #include <rpc/rpc.h>
@@ -56,6 +57,84 @@ enum {
 	NPORTS		= ENDPORT - LOWPORT + 1,
 };
 +/*
 + * This function decodes information about given port from provided array and
 + * return if port is reserved or not.
 + *
 + * @reserved_ports an array of size at least "NPORTS / (8*sizeof(char)) + 1".
 + * @port port number within range LOWPORT and ENDPORT
 + *
 + * Returns 0 if port is not reserved, non-negative if port is reserved.
 + */
 +static int is_reserved(char *reserved_ports, int port) {
 +	port -= LOWPORT;
 +	if (port < 0 || port >= NPORTS)
 +		return 0;
 +	return reserved_ports[port/(8*sizeof(char))] & 1<<(port%(8*sizeof(char)));
 +}
 +
 +/*
 + * This function encodes information about given *reserved* port into provided
 + * array. Don't call this function for ports which are not reserved.
 + *
 + * @reserved_ports an array of size at least "NPORTS / (8*sizeof(char)) + 1".
 + * @port port number within range LOWPORT and ENDPORT
 + *
 + */
 +static void set_reserved(char *reserved_ports, int port) {
 +	port -= LOWPORT;
 +	if (port < 0 || port >= NPORTS)
 +		return;
 +	reserved_ports[port/(8*sizeof(char))] |= 1<<(port%(8*sizeof(char)));
 +}
 +
 +/*
 + * Parse local reserved ports obtained from
 + * /proc/sys/net/ipv4/ip_local_reserved_ports into bit array.
 + *
 + * @reserved_ports a zeroed array of size at least
 + * "NPORTS / (8*sizeof(char)) + 1". Will be used for bit-wise encoding of
 + * reserved ports.
 + *
 + * On each call, reserved ports are read from /proc and bit-wise stored into
 + * provided array
 + *
 + * Returns 0 on success, -1 on failure.
 + */
 +
 +static int parse_reserved_ports(char *reserved_ports) {
 +	int from=0, to;
 +	char delimiter = ',';
 +	int res;
 +	FILE * file_ptr = fopen("/proc/sys/net/ipv4/ip_local_reserved_ports","r");
 +	if (file_ptr == NULL) {
 +		(void) syslog(LOG_ERR,
 +			"Unable to open open /proc/sys/net/ipv4/ip_local_reserved_ports.");
 +		return -1;
 +	}
 +	do {
 +		if ((res = fscanf(file_ptr, "%d", &to)) != 1) {
 +			if (res == EOF) break;
 +			goto err;
 +		}
 +		if (delimiter != '-') {
 +			from = to;
 +		}
 +		for (int i = from; i <= to; ++i) {
 +			set_reserved(reserved_ports, i);
 +		}
 +	} while ((res = fscanf(file_ptr, "%c", &delimiter)) == 1);
 +	if (res != EOF)
 +		goto err;
 +	fclose(file_ptr);
 +	return 0;
 +err:
 +	(void) syslog(LOG_ERR,
 +		"An error occurred while parsing ip_local_reserved_ports.");
 +	fclose(file_ptr);
 +	return -1;
 +}
 +
 /*
  * Bind a socket to a dynamically-assigned IP port.
  *
@@ -81,7 +160,8 @@ int __binddynport(int fd)
 	in_port_t port, *portp;
 	struct sockaddr *sap;
 	socklen_t salen;
 -	int i, res;
 +	int i, res, array_size;
 +	char *reserved_ports = NULL;
 	if (__rpc_sockisbound(fd))
 		return 0;
@@ -119,21 +199,33 @@ int __binddynport(int fd)
 		gettimeofday(&tv, NULL);
 		seed = tv.tv_usec * getpid();
 	}
 +	array_size = NPORTS / (8*sizeof(char)) + 1;
 +	reserved_ports = malloc(array_size);
 +	if (!reserved_ports) {
 +		goto out;
 +	}
 +	memset(reserved_ports, 0, array_size);
 +	if (parse_reserved_ports(reserved_ports) < 0)
 +		goto out;
 +
 	port = (rand_r(&seed) % NPORTS) + LOWPORT;
 	for (i = 0; i < NPORTS; ++i) {
 -		*portp = htons(port++);
 -		res = bind(fd, sap, salen);
 -		if (res >= 0) {
 -			res = 0;
 -			break;
 +		*portp = htons(port);
 +		if (!is_reserved(reserved_ports, port++)) {
 +			res = bind(fd, sap, salen);
 +			if (res >= 0) {
 +				res = 0;
 +				break;
 +			}
 +			if (errno != EADDRINUSE)
 +				break;
 		}
 -		if (errno != EADDRINUSE)
 -			break;
 		if (port > ENDPORT)
 			port = LOWPORT;
 	}
 out:
 +	free(reserved_ports);
 	mutex_unlock(&port_lock);
 	return res;
 }
 -- 
 2.40.1
--- a/SOURCES/libtirpc-1.1.4-multithr-cleanup.patch
+++ b/SOURCES/libtirpc-1.1.4-multithr-cleanup.patch
--- a/SOURCES/libtirpc-1.1.4-null-ptrs-not-reused-fixed.patch
+++ b/SOURCES/libtirpc-1.1.4-null-ptrs-not-reused-fixed.patch
--- a/SOURCES/libtirpc-1.1.4-null-ptrs-not-reused.patch
+++ b/SOURCES/libtirpc-1.1.4-null-ptrs-not-reused.patch
--- a/SOURCES/libtirpc-1.1.4-v2proto-mech.patch
+++ b/SOURCES/libtirpc-1.1.4-v2proto-mech.patch
@ -0,0 +1,88 @@
 diff -up libtirpc-1.1.4/man/rpcbind.3t.orig libtirpc-1.1.4/man/rpcbind.3t
 --- libtirpc-1.1.4/man/rpcbind.3t.orig	2018-08-27 10:06:49.000000000 -0400
 +++ libtirpc-1.1.4/man/rpcbind.3t	2022-08-02 11:21:30.134642780 -0400
@@ -187,6 +187,8 @@ in
 .El
 .Sh AVAILABILITY
 These functions are part of libtirpc.
 +.Sh ENVIRONMENT
 +If RPCB_V2FIRST is defined, rpcbind protocol version tryout algorithm changes from v4,v2,v3 to v2,v4,v3.
 .Sh SEE ALSO
 .Xr rpc_clnt_calls 3 ,
 .Xr rpc_svc_calls 3 ,
 diff -up libtirpc-1.1.4/src/rpcb_clnt.c.orig libtirpc-1.1.4/src/rpcb_clnt.c
 --- libtirpc-1.1.4/src/rpcb_clnt.c.orig	2022-08-02 11:20:42.795833195 -0400
 +++ libtirpc-1.1.4/src/rpcb_clnt.c	2022-08-02 11:21:30.135642797 -0400
@@ -818,7 +818,8 @@ error:
  * The algorithm used: If the transports is TCP or UDP, it first tries
  * version 4 (srv4), then 3 and then fall back to version 2 (portmap).
  * With this algorithm, we get performance as well as a plan for
 - * obsoleting version 2.
 + * obsoleting version 2. This behaviour is reverted to old algorithm
 + * if RPCB_V2FIRST environment var is defined
  *
  * For all other transports, the algorithm remains as 4 and then 3.
  *
@@ -839,6 +840,10 @@ __rpcb_findaddr_timed(program, version,
 #ifdef NOTUSED
 	static bool_t check_rpcbind = TRUE;
 #endif
 +
 +#ifdef PORTMAP
 +	static bool_t portmap_first = FALSE;
 +#endif
 	CLIENT *client = NULL;
 	RPCB parms;
 	enum clnt_stat clnt_st;
@@ -895,8 +900,18 @@ __rpcb_findaddr_timed(program, version,
 		parms.r_addr = (char *) &nullstring[0];
 	}
 -	/* First try from start_vers(4) and then version 3 (RPCBVERS) */
 +	/* First try from start_vers(4) and then version 3 (RPCBVERS), except
 +	 * if env. var RPCB_V2FIRST is defined */
 +
 +#ifdef PORTMAP
 +	if (getenv(V2FIRST)) {
 +		portmap_first = TRUE;
 +		LIBTIRPC_DEBUG(3, ("__rpcb_findaddr_timed: trying v2-port first\n"));
 +		goto portmap;
 +	}
 +#endif
 +rpcbind:
 	CLNT_CONTROL(client, CLSET_RETRY_TIMEOUT, (char *) &rpcbrmttime);
 	for (vers = start_vers;  vers >= RPCBVERS; vers--) {
 		/* Set the version */
@@ -944,10 +959,17 @@ __rpcb_findaddr_timed(program, version,
 	}
 #ifdef PORTMAP 	/* Try version 2 for TCP or UDP */
 +	if (portmap_first)
 +		goto error; /* we tried all versions if reached here */
 +portmap:
 	if (strcmp(nconf->nc_protofmly, NC_INET) == 0) {
 		address = __try_protocol_version_2(program, version, nconf, host, tp);
 -		if (address == NULL)
 -			goto error;
 +		if (address == NULL) {
 +			if (portmap_first)
 +				goto rpcbind;
 +			else
 +				goto error;
 +		}
 	}
 #endif		/* PORTMAP */
 diff -up libtirpc-1.1.4/tirpc/rpc/pmap_prot.h.orig libtirpc-1.1.4/tirpc/rpc/pmap_prot.h
 --- libtirpc-1.1.4/tirpc/rpc/pmap_prot.h.orig	2018-08-27 10:06:49.000000000 -0400
 +++ libtirpc-1.1.4/tirpc/rpc/pmap_prot.h	2022-08-02 11:21:30.135642797 -0400
@@ -84,6 +84,8 @@
 #define PMAPPROC_DUMP		((u_long)4)
 #define PMAPPROC_CALLIT		((u_long)5)
 +#define V2FIRST		"RPCB_V2FIRST"
 +
 struct pmap {
 	long unsigned pm_prog;
 	long unsigned pm_vers;
--- a/SOURCES/libtirpc-1.3.3-blacklist-close.patch
+++ b/SOURCES/libtirpc-1.3.3-blacklist-close.patch
@ -1,51 +0,0 @@
 commit a013336ecdc476d7357398d9cd24b114070bb767
 Author: Rosen Penev <rosenp@gmail.com>
 Date:   Tue Oct 25 12:34:56 2022 -0400
    Add missing extern
    Fixes compilation warning.
    Signed-off-by: Rosen Penev <rosenp@gmail.com>
    Signed-off-by: Steve Dickson <steved@redhat.com>
 diff --git a/src/svc_auth.c b/src/svc_auth.c
 index ce8bbd8..789d6af 100644
 --- a/src/svc_auth.c
 +++ b/src/svc_auth.c
@@ -66,6 +66,9 @@ static struct authsvc *Auths = NULL;
 extern SVCAUTH svc_auth_none;
 +#ifdef AUTHDES_SUPPORT
 +extern enum auth_stat _svcauth_des(struct svc_req *rqst, struct rpc_msg *msg);
 +#endif
 /*
  * The call rpc message, msg has been obtained from the wire.  The msg contains
  * the raw form of credentials and verifiers.  authenticate returns AUTH_OK
 commit 55526c52a449907e4d34b829b96141afab530b23
 Author: Zhi Li <yieli@redhat.com>
 Date:   Mon Oct 24 13:46:54 2022 -0400
    bindresvport.c: fix a potential resource leakage
    Close the FILE *fp of load_blacklist() in another
    return path to avoid potential resource leakage.
    Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2135405
    Signed-off-by: Zhi Li <yieli@redhat.com>
    Signed-off-by: Steve Dickson <steved@redhat.com>
 diff --git a/src/bindresvport.c b/src/bindresvport.c
 index 5c0ddcf..efeb1cc 100644
 --- a/src/bindresvport.c
 +++ b/src/bindresvport.c
@@ -130,6 +130,7 @@ load_blacklist (void)
 	  if (list == NULL)
 	    {
 	      free (buf);
 +	      fclose (fp);
 	      return;
 	    }
 	}
--- a/SOURCES/libtirpc-1.3.3-clnt-raw-ptr.patch
+++ b/SOURCES/libtirpc-1.3.3-clnt-raw-ptr.patch
@ -1,51 +0,0 @@
 commit 4a2d85c64110ee9e21a8c4f9dafd6b0ae621506d
 Author: Zhi Li <yieli@redhat.com>
 Date:   Fri Oct 28 14:19:04 2022 -0400
    clnt_raw.c: fix a possible null pointer dereference
    Since clntraw_private could be dereferenced before
    allocated, protect it by checking its value in advance.
    Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2138317
    Signed-off-by: Zhi Li <yieli@redhat.com>
    Signed-off-by: Steve Dickson <steved@redhat.com>
 diff --git a/src/clnt_raw.c b/src/clnt_raw.c
 index 31f9d0c..03f839d 100644
 --- a/src/clnt_raw.c
 +++ b/src/clnt_raw.c
@@ -142,7 +142,7 @@ clnt_raw_call(h, proc, xargs, argsp, xresults, resultsp, timeout)
 	struct timeval timeout;
 {
 	struct clntraw_private *clp = clntraw_private;
 -	XDR *xdrs = &clp->xdr_stream;
 +	XDR *xdrs;
 	struct rpc_msg msg;
 	enum clnt_stat status;
 	struct rpc_err error;
@@ -154,6 +154,7 @@ clnt_raw_call(h, proc, xargs, argsp, xresults, resultsp, timeout)
 		mutex_unlock(&clntraw_lock);
 		return (RPC_FAILED);
 	}
 +	xdrs = &clp->xdr_stream;
 	mutex_unlock(&clntraw_lock);
 call_again:
@@ -245,7 +246,7 @@ clnt_raw_freeres(cl, xdr_res, res_ptr)
 	void *res_ptr;
 {
 	struct clntraw_private *clp = clntraw_private;
 -	XDR *xdrs = &clp->xdr_stream;
 +	XDR *xdrs;
 	bool_t rval;
 	mutex_lock(&clntraw_lock);
@@ -254,6 +255,7 @@ clnt_raw_freeres(cl, xdr_res, res_ptr)
 		mutex_unlock(&clntraw_lock);
 		return (rval);
 	}
 +	xdrs = &clp->xdr_stream;
 	mutex_unlock(&clntraw_lock);
 	xdrs->x_op = XDR_FREE;
 	return ((*xdr_res)(xdrs, res_ptr));
--- a/SOURCES/libtirpc-1.3.3-dos-sleep.patch
+++ b/SOURCES/libtirpc-1.3.3-dos-sleep.patch
@ -1,31 +0,0 @@
 commit f7f0abdf267698de3f74a0285405b1b01f40893b
 Author: Zhi Li <yieli@redhat.com>
 Date:   Wed Jan 11 11:19:31 2023 -0500
    getnetconfigent: avoid potential DoS issue by removing unnecessary sleep
    By adapting CodeChecker for libtirpc related tests, it complains
    an improper waiting time for function getnetconfigent with
    a valid input value, either it should be treated as a wrong
    input or just take it as a proper value without sleeping
    link: https://bugzilla.redhat.com/show_bug.cgi?id=2150611
    Signed-off-by: Zhi Li <yieli@redhat.com>
    Signed-off-by: Steve Dickson <steved@redhat.com>
 diff --git a/src/getnetconfig.c b/src/getnetconfig.c
 index cfd33c2..d547dce 100644
 --- a/src/getnetconfig.c
 +++ b/src/getnetconfig.c
@@ -436,11 +436,6 @@ getnetconfigent(netid)
 	fprintf(stderr, "in /etc/netconfig.\n");
 	fprintf(stderr, "Please change this to \"local\" manually ");
 	fprintf(stderr, "or run mergemaster(8).\n");
 -	fprintf(stderr, "See UPDATING entry 20021216 for details.\n");
 -	fprintf(stderr, "Continuing in 10 seconds\n\n");
 -	fprintf(stderr, "This warning will be removed 20030301\n");
 -	sleep(10);
 -
     }
     /*
--- a/SOURCES/libtirpc-1.3.3-gssd-context-creation.patch
+++ b/SOURCES/libtirpc-1.3.3-gssd-context-creation.patch
@ -1,30 +0,0 @@
 commit 22b1c0cd6076dcd7df822cd1181e98278dc865db
 Author: Olga Kornievskaia <kolga@netapp.com>
 Date:   Wed Jan 3 17:50:42 2024 -0500
    gssapi: fix rpc_gss_seccreate passed in cred
    Fix rpc_gss_seccreate() usage of the passed in gss credential.
    Fixes: 5f1fe4dde861 ("Pass time_req and input_channel_bindings through to init_sec_context")
    Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
    Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
    Signed-off-by: Steve Dickson <steved@redhat.com>
 diff --git a/src/auth_gss.c b/src/auth_gss.c
 index e317664..9d18f96 100644
 --- a/src/auth_gss.c
 +++ b/src/auth_gss.c
@@ -842,9 +842,9 @@ rpc_gss_seccreate(CLIENT *clnt, char *principal, char *mechanism,
 	gd->sec = sec;
 	if (req) {
 -		sec.req_flags = req->req_flags;
 +		gd->sec.req_flags = req->req_flags;
 		gd->time_req = req->time_req;
 -		sec.cred = req->my_cred;
 +		gd->sec.cred = req->my_cred;
 		gd->icb = req->input_channel_bindings;
 	}
--- a/SPECS/libtirpc.spec
+++ b/SPECS/libtirpc.spec
@ -1,36 +1,62 @@
 %define _root_libdir    /%{_lib}
 Name:			libtirpc
-Version:		1.3.3
+Version:		1.1.4
-Release:		8%{?dist}
+Release:		12%{?dist}
 Summary:		Transport Independent RPC Library
 Group:		  	System Environment/Libraries
 License:		SISSL and BSD
 URL:  			http://git.linux-nfs.org/?p=steved/libtirpc.git;a=summary
 Source0:		http://downloads.sourceforge.net/libtirpc/libtirpc-%{version}.tar.bz2
-BuildRequires:		automake, autoconf, libtool, pkgconfig
+#
-BuildRequires:		krb5-devel
+# RHEL 8.0
-BuildRequires:		gcc
+#
-BuildRequires: make
+# bz 1602598
 Patch001: libtirpc-1.1.4-covscan.patch
 # bz 1631614
 Patch002: libtirpc-1.1.4-dup_ncp-bad-free.patch 
 #
 # RHEL 8.1
 #
 # bz 1641875
 Patch003: libtirpc-1.1.4-fix-EOF-non-block.patch
 #
 # RHEL 8.5
 #
 # bz 1854147
 Patch004: libtirpc-1.1.4-blacklist.patch
 # bz 1934866
 Patch005: libtirpc-1.1.4-disallow-auth_refresh.patch
 #
-# RHEL9.2
+# RHEL 8.6
 #
-Patch001: libtirpc-1.3.3-blacklist-close.patch
+# bz 1940341 
-Patch002: libtirpc-1.3.3-clnt-raw-ptr.patch
+Patch006: libtirpc-1.1.4-dos-fix.patch
 #
-# RHEL9.2
+# RHEL 8.7
 #
-Patch003: libtirpc-1.3.3-dos-sleep.patch
+# bz 2042196
 Patch007: libtirpc-1.1.4-dgcall-free.patch
 # bz 2107650
 Patch008: libtirpc-1.1.4-v2proto-mech.patch
 # bz 2112116
 Patch009: libtirpc-1.1.4-multithr-cleanup.patch
 #
-# RHEL9.4
+# RHEL 8.10
 #
-Patch004: libtirpc-1.3.3-null-ptrs-not-reused.patch
+Patch010: libtirpc-1.1.4-null-ptrs-not-reused.patch
-Patch005: libtirpc-1.3.3-gssd-context-creation.patch
+Patch011: libtirpc-1.1.4-double-free.patch
-Patch006: libtirpc-1.3.3-double-free.patch
+Patch012: libtirpc-1.1.4-null-ptrs-not-reused-fixed.patch
-Patch007: libtirpc-1.3.3-null-ptrs-not-reused-fixed.patch
+Patch013: libtirpc-1.1.4-ip_local_reserved_ports.patch
 BuildRequires:		automake, autoconf, libtool, pkgconfig
 BuildRequires:		krb5-devel
 %description
 This package contains SunLib's implementation of transport-independent
@ -46,8 +72,9 @@ by almost 70 vendors on all major operating systems.  TS-RPC source code
 %package devel
 Summary:		Development files for the libtirpc library
 Group:			Development/Libraries
 Requires:		%{name}%{?_isa} = %{version}-%{release}
-Requires:		pkgconfig
+Requires:		pkgconfig man-db
 %description devel
 This package includes header files and libraries necessary for
@ -79,14 +106,30 @@ rm -f %{buildroot}%{_root_libdir}/*.{a,la}
 # Creat the man diretory
 mv %{buildroot}%{_mandir}/man3 %{buildroot}%{_mandir}/man3t
 %post  -p /sbin/ldconfig
 %postun -p /sbin/ldconfig
 %post devel
 # Register the new man section
 #if [ "$1" -eq 1 ]; then
 #	makewhatis -s 3t	
 #fi
 %postun devel 
 # Remove the existance of the man section
 #makewhatis -s 3t
 %files
 %defattr(-,root,root)
 %doc AUTHORS ChangeLog NEWS README
 %{_root_libdir}/libtirpc.so.*
 %config(noreplace)%{_sysconfdir}/netconfig
 %config(noreplace)%{_sysconfdir}/bindresvport.blacklist
 %files devel
 %defattr(0644,root,root,755)
 %{!?_licensedir:%global license %%doc}
 %license COPYING
 %dir %{_includedir}/tirpc
@ -131,115 +174,49 @@ mv %{buildroot}%{_mandir}/man3 %{buildroot}%{_mandir}/man3t
 %{_mandir}/*/*
 %changelog
-* Tue Mar 19 2024 Steve Dickson <steved@redhat.com> - 1.3.3-8
+* Fri Apr 26 2024 Steve Dickson <steved@redhat.com> 1.1.4-12
- rpcb_clnt.c (fixed): Eliminate double frees in delete_cache() (RHEL-11183)
+- binddynport.c honor ip_local_reserved_ports (RHEL-27005)
 * Wed Mar 13 2024 Steve Dickson <steved@redhat.com> - 1.3.3-7
 - exception build (RHEL-11183)
 * Tue Mar  5 2024 Steve Dickson <steved@redhat.com> - 1.3.3-6
 - rpcb_clnt.c: Eliminate double frees in delete_cache() (RHEL-11183)
 * Mon Mar  4 2024 Steve Dickson <steved@redhat.com> - 1.3.3-5
 - Fix rpc_gss_seccreate() usage of the passed in gss credential. (RHEL-27936)
-* Mon Feb 19 2024 Pavel Reichl <preichl@redhat.com> - 1.3.3-4
+* Tue Mar 19 2024 Steve Dickson <steved@redhat.com> 1.1.4-11
- Add gating tests (rhel-7883)
+- rpcb_clnt.c (fixed): Eliminate double frees in delete_cache() (RHEL-11293)
-* Tue Jan  2 2024 Steve Dickson <steved@redhat.com> - 1.3.3-3
+* Tue Mar  5 2024 Steve Dickson <steved@redhat.com> 1.1.4-10
- Null pointers so they are not used again (RHEL-11371)
+- rpcb_clnt.c: Eliminate double frees in delete_cache() (RHEL-11293)
-* Thu May 18 2023 Steve Dickson <steved@redhat.com> - 1.3.3-2
+* Mon Mar  4 2024 Steve Dickson <steved@redhat.com> 1.1.4-9
- getnetconfigent: avoid potential DoS (bz 2150611)
+- Null pointers so they are not used again (RHEL-11370)
-* Thu Nov 03 2022 Steve Dickson <steved@redhat.com> - 1.3.3-1
+* Wed Aug  3 2022 Steve Dickson <steved@redhat.com> 1.1.4-8
- bindresvport.c: fix a potential resource leakage (bz 2135405)
+- rpcb_clnt.c add mechanism to try v2 protocol first (bz 2107650)
- clnt_raw.c: fix a possible null pointer dereference (bz 2138317)
+- Multithreaded cleanup (bz 2112116)
-* Mon Aug 15 2022 Steve Dickson <steved@redhat.com> - 1.3.3
+* Tue May 31 2022 Steve Dickson <steved@redhat.com> 1.1.4-7
- Rebased to libtirpc-1.3.3 (bz 2118157)
+- clnt_dg_call: Fix use-after-free accessing the error number (bz 2042196)
-* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.3.2-1
+* Thu Dec  2 2021 Steve Dickson <steved@redhat.com> 1.1.4-6
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+- Fix DoS vulnerability in libtirpc (bz 1940341)
  Related: rhbz#1991688
-* Tue Jun 15 2021 Steve Dickson <steved@redhat.com> - 1.3.2
+* Sat Apr 17 2021 Steve Dickson <steved@redhat.com> 1.1.4-5
- Rebased to libtirpc-1.3.2 (bz 1959125)
+- blacklist: Add a few more well known ports (bz 1854147)
 - Disallow calling auth_refresh from clnt_call with RPCSEC_GSS (bz 1934866)
-* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.3.1-2
+* Wed Jul 24 2019 Steve Dickson <steved@redhat.com> 1.1.4-4
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+- Enable gating using reverse dependency testing of nfs-utils (bz 1681965)
 - Updated the URL (bz 1638671)
 - Fix EOF detection on non-blocking socket (bz 1641875)
-* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.1-1
+* Sat Oct  6 2018 Steve Dickson <steved@redhat.com> 1.1.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+- Fixed bad free in dup_ncp() (bz 1631614)
-* Thu Dec 03 2020 Steve Dickson <steved@redhat.com> - 1.3.1
+* Fri Sep 14 2018 Steve Dickson <steved@redhat.com> 1.1.4-2
- Updated to latest upstream release: libtirpc-1-3-1 (bz 1903615)
+- Removed a false positive from the covscan (bz 1602598)
-* Tue Aug 04 2020 Steve Dickson <steved@redhat.com> 1.2.6-1.rc4
+* Tue Sep 11 2018 Steve Dickson <steved@redhat.com> 1.1.4-1
- Updated to the latest upstream RC release: libtirpc-1-2-7-rc4
+- Fixed issues found by covscan (bz 1602598)
-* Tue Aug 04 2020 Tom Stellard <tstellar@redhat.com> - 1.2.6-2
+* Fri Sep  7 2018 Steve Dickson <steved@redhat.com> 1.1.4-0
 - Add BuildRequires: gcc
 - https://docs.fedoraproject.org/en-US/packaging-guidelines/C_and_C++/#_packaging
 * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.6-1
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 * Tue Apr 14 2020 Steve Dickson <steved@redhat.com> 1.2.6-0
 - Updated to the latest upstream release: libtirpc-1-2-6 (bz 1822751)
 * Tue Feb 18 2020 Steve Dickson <steved@redhat.com> 1.2.5-1.rc2
 - Updated to the latest upstream RC release: libtirpc-1-2-6-rc2 (bz 1799601)
 * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.5-1
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
 * Fri Dec 20 2019 Steve Dickson <steved@redhat.com> 1.2.5-0
 Updated to latest upstream release: libtirpc-1-2-5 (bz 1785684)
 * Fri Nov 01 2019 Petr Pisar <ppisar@redhat.com> - 1.1.4-3.rc3
 - Remove a useless dependency on man-db from libtirpc-devel package
  (bug #1496422)
 * Thu Sep 05 2019 Steve Dickson <steved@redhat.com> 1.1.4-2.rc3
 - Updated to latest upstream RC release: libtirpc-1-1-5-rc3
 * Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.4-2.rc2.2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 * Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.4-2.rc2.1
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 * Thu Nov  8 2018 Steve Dickson <steved@redhat.com> 1.1.4-2.rc2
 - Updated to latest upstream RC release: libtirpc-1-1-5-rc2
 * Tue Nov  6 2018 Steve Dickson <steved@redhat.com> 1.1.4-2.rc1
 - Remove ldconfig scriptlet (bz 1644103)
 * Thu Sep 13 2018 Steve Dickson <steved@redhat.com> 1.1.4-1.rc1
 - Removed a false positive from the covscan
 * Tue Sep 11 2018 Steve Dickson <steved@redhat.com> 1.1.4-0.rc1
 - Updated to latest upstream RC releasse (bz 1627832)
 * Mon Aug 27 2018 Steve Dickson <steved@redhat.com> 1.1.4
 - Updated to latest upstream release: libtirpc-1-1-4 (bz 1585558)
 * Tue Jul 31 2018 Florian Weimer <fweimer@redhat.com> - 1.0.3-4.rc2
 - Rebuild with fixed binutils
 * Sun Jul 29 2018 Steve Dickson <steved@redhat.com> 1.0.3-3.rc2
 - Update the libtirpc-1.0.4-rc2.patch to include big endian fixes (bz 1609208)
 * Fri Jul 20 2018 Steve Dickson <steved@redhat.com> 1.0.3-2.rc2
 - Updated to latest upstream RC release: libtirpc-1-0-4-rc2
 * Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.3-2.rc1.1
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 * Tue Jul 10 2018 Steve Dickson <steved@redhat.com> 1.0.3-2.rc1
 - Updated the URL (bz 1599795)
 * Wed Apr 18 2018 Steve Dickson <steved@redhat.com> 1.0.3-1.rc1
 - Updated to latest upstream RC release: libtirpc-1-0-4-rc1
`@ -1 +1 @@`
	`SOURCES/libtirpc-1.3.3.tar.bz2`	`SOURCES/libtirpc-1.1.4.tar.bz2`
`@ -1 +1 @@`
	`6e52c39148494e4836e2d5d4f28b11ddfa65394b SOURCES/libtirpc-1.3.3.tar.bz2`	`d85717035cb9bd6c45557a1eb1351d3af9a69ff7 SOURCES/libtirpc-1.1.4.tar.bz2`