.gitignore

@@ -1 +1 @@
-SOURCES/libtirpc-1.3.5.tar.bz2
+SOURCES/libtirpc-1.3.3.tar.bz2

.libtirpc.metadata

@@ -1 +1 @@
-f5b209b2a7f3ffcdcff5b5b54fefc6a90ddec0d3 SOURCES/libtirpc-1.3.5.tar.bz2
+6e52c39148494e4836e2d5d4f28b11ddfa65394b SOURCES/libtirpc-1.3.3.tar.bz2

SOURCES/libtirpc-1.3.3-blacklist-close.patch

@@ -0,0 +1,51 @@
+commit a013336ecdc476d7357398d9cd24b114070bb767
+Author: Rosen Penev <rosenp@gmail.com>
+Date:   Tue Oct 25 12:34:56 2022 -0400
+
+    Add missing extern
+    
+    Fixes compilation warning.
+    
+    Signed-off-by: Rosen Penev <rosenp@gmail.com>
+    Signed-off-by: Steve Dickson <steved@redhat.com>
+
+diff --git a/src/svc_auth.c b/src/svc_auth.c
+index ce8bbd8..789d6af 100644
+--- a/src/svc_auth.c
++++ b/src/svc_auth.c
+@@ -66,6 +66,9 @@ static struct authsvc *Auths = NULL;
+ 
+ extern SVCAUTH svc_auth_none;
+ 
++#ifdef AUTHDES_SUPPORT
++extern enum auth_stat _svcauth_des(struct svc_req *rqst, struct rpc_msg *msg);
++#endif
+ /*
+  * The call rpc message, msg has been obtained from the wire.  The msg contains
+  * the raw form of credentials and verifiers.  authenticate returns AUTH_OK
+
+commit 55526c52a449907e4d34b829b96141afab530b23
+Author: Zhi Li <yieli@redhat.com>
+Date:   Mon Oct 24 13:46:54 2022 -0400
+
+    bindresvport.c: fix a potential resource leakage
+    
+    Close the FILE *fp of load_blacklist() in another
+    return path to avoid potential resource leakage.
+    
+    Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2135405
+    Signed-off-by: Zhi Li <yieli@redhat.com>
+    Signed-off-by: Steve Dickson <steved@redhat.com>
+
+diff --git a/src/bindresvport.c b/src/bindresvport.c
+index 5c0ddcf..efeb1cc 100644
+--- a/src/bindresvport.c
++++ b/src/bindresvport.c
+@@ -130,6 +130,7 @@ load_blacklist (void)
+ 	  if (list == NULL)
+ 	    {
+ 	      free (buf);
++	      fclose (fp);
+ 	      return;
+ 	    }
+ 	}

SOURCES/libtirpc-1.3.3-clnt-raw-ptr.patch

@@ -0,0 +1,51 @@
+commit 4a2d85c64110ee9e21a8c4f9dafd6b0ae621506d
+Author: Zhi Li <yieli@redhat.com>
+Date:   Fri Oct 28 14:19:04 2022 -0400
+
+    clnt_raw.c: fix a possible null pointer dereference
+    
+    Since clntraw_private could be dereferenced before
+    allocated, protect it by checking its value in advance.
+    
+    Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2138317
+    Signed-off-by: Zhi Li <yieli@redhat.com>
+    Signed-off-by: Steve Dickson <steved@redhat.com>
+
+diff --git a/src/clnt_raw.c b/src/clnt_raw.c
+index 31f9d0c..03f839d 100644
+--- a/src/clnt_raw.c
++++ b/src/clnt_raw.c
+@@ -142,7 +142,7 @@ clnt_raw_call(h, proc, xargs, argsp, xresults, resultsp, timeout)
+ 	struct timeval timeout;
+ {
+ 	struct clntraw_private *clp = clntraw_private;
+-	XDR *xdrs = &clp->xdr_stream;
++	XDR *xdrs;
+ 	struct rpc_msg msg;
+ 	enum clnt_stat status;
+ 	struct rpc_err error;
+@@ -154,6 +154,7 @@ clnt_raw_call(h, proc, xargs, argsp, xresults, resultsp, timeout)
+ 		mutex_unlock(&clntraw_lock);
+ 		return (RPC_FAILED);
+ 	}
++	xdrs = &clp->xdr_stream;
+ 	mutex_unlock(&clntraw_lock);
+ 
+ call_again:
+@@ -245,7 +246,7 @@ clnt_raw_freeres(cl, xdr_res, res_ptr)
+ 	void *res_ptr;
+ {
+ 	struct clntraw_private *clp = clntraw_private;
+-	XDR *xdrs = &clp->xdr_stream;
++	XDR *xdrs;
+ 	bool_t rval;
+ 
+ 	mutex_lock(&clntraw_lock);
+@@ -254,6 +255,7 @@ clnt_raw_freeres(cl, xdr_res, res_ptr)
+ 		mutex_unlock(&clntraw_lock);
+ 		return (rval);
+ 	}
++	xdrs = &clp->xdr_stream;
+ 	mutex_unlock(&clntraw_lock);
+ 	xdrs->x_op = XDR_FREE;
+ 	return ((*xdr_res)(xdrs, res_ptr));

SOURCES/libtirpc-1.3.3-dos-sleep.patch

@@ -0,0 +1,31 @@
+commit f7f0abdf267698de3f74a0285405b1b01f40893b
+Author: Zhi Li <yieli@redhat.com>
+Date:   Wed Jan 11 11:19:31 2023 -0500
+
+    getnetconfigent: avoid potential DoS issue by removing unnecessary sleep
+    
+    By adapting CodeChecker for libtirpc related tests, it complains
+    an improper waiting time for function getnetconfigent with
+    a valid input value, either it should be treated as a wrong
+    input or just take it as a proper value without sleeping
+    
+    link: https://bugzilla.redhat.com/show_bug.cgi?id=2150611
+    Signed-off-by: Zhi Li <yieli@redhat.com>
+    Signed-off-by: Steve Dickson <steved@redhat.com>
+
+diff --git a/src/getnetconfig.c b/src/getnetconfig.c
+index cfd33c2..d547dce 100644
+--- a/src/getnetconfig.c
++++ b/src/getnetconfig.c
+@@ -436,11 +436,6 @@ getnetconfigent(netid)
+ 	fprintf(stderr, "in /etc/netconfig.\n");
+ 	fprintf(stderr, "Please change this to \"local\" manually ");
+ 	fprintf(stderr, "or run mergemaster(8).\n");
+-	fprintf(stderr, "See UPDATING entry 20021216 for details.\n");
+-	fprintf(stderr, "Continuing in 10 seconds\n\n");
+-	fprintf(stderr, "This warning will be removed 20030301\n");
+-	sleep(10);
+-
+     }
+ 
+     /*

SOURCES/libtirpc-1.3.3-double-free.patch

@@ -0,0 +1,32 @@
+commit 1d2e10afb2ffc35cb3623f57a15f712359f18e75
+Author: Herb Wartens <wartens2@llnl.gov>
+Date:   Tue Aug 1 10:36:16 2023 -0400
+
+    rpcb_clnt.c: Eliminate double frees in delete_cache()
+    
+    Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2224666
+    Signed-off-by: Steve Dickson <steved@redhat.com>
+
+diff --git a/src/rpcb_clnt.c b/src/rpcb_clnt.c
+index c0a9e12..68fe69a 100644
+--- a/src/rpcb_clnt.c
++++ b/src/rpcb_clnt.c
+@@ -262,12 +262,15 @@ delete_cache(addr)
+ 	for (cptr = front; cptr != NULL; cptr = cptr->ac_next) {
+ 		if (!memcmp(cptr->ac_taddr->buf, addr->buf, addr->len)) {
+ 			/* Unlink from cache. We'll destroy it after releasing the mutex. */
+-			if (cptr->ac_uaddr)
++			if (cptr->ac_uaddr) {
+ 				free(cptr->ac_uaddr);
+-			if (prevptr)
++				cptr->ac_uaddr = NULL;
++			}
++			if (prevptr) {
+ 				prevptr->ac_next = cptr->ac_next;
+-			else
++			} else {
+ 				front = cptr->ac_next;
++			}
+ 			cachesize--;
+ 			break;
+ 		}

SOURCES/libtirpc-1.3.3-gssd-context-creation.patch

@@ -0,0 +1,30 @@
+commit 22b1c0cd6076dcd7df822cd1181e98278dc865db
+Author: Olga Kornievskaia <kolga@netapp.com>
+Date:   Wed Jan 3 17:50:42 2024 -0500
+
+    gssapi: fix rpc_gss_seccreate passed in cred
+    
+    Fix rpc_gss_seccreate() usage of the passed in gss credential.
+    
+    Fixes: 5f1fe4dde861 ("Pass time_req and input_channel_bindings through to init_sec_context")
+    
+    Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
+    Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
+    Signed-off-by: Steve Dickson <steved@redhat.com>
+
+diff --git a/src/auth_gss.c b/src/auth_gss.c
+index e317664..9d18f96 100644
+--- a/src/auth_gss.c
++++ b/src/auth_gss.c
+@@ -842,9 +842,9 @@ rpc_gss_seccreate(CLIENT *clnt, char *principal, char *mechanism,
+ 	gd->sec = sec;
+ 
+ 	if (req) {
+-		sec.req_flags = req->req_flags;
++		gd->sec.req_flags = req->req_flags;
+ 		gd->time_req = req->time_req;
+-		sec.cred = req->my_cred;
++		gd->sec.cred = req->my_cred;
+ 		gd->icb = req->input_channel_bindings;
+ 	}
+ 

SOURCES/libtirpc-1.3.3-null-ptrs-not-reused-fixed.patch

@@ -0,0 +1,23 @@
+commit 6951a9c3139c9c7dbb0bdae70737996011fc7a37
+Author: Herb Wartens <wartens2@llnl.gov>
+Date:   Mon Mar 18 11:07:15 2024 -0400
+
+    rpcb_clnt.c: memory leak in destroy_addr
+    
+    Piece was dropped from original fix.
+    
+    Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2225226
+    Signed-off-by: Steve Dickson <steved@redhat.com>
+
+diff --git a/src/rpcb_clnt.c b/src/rpcb_clnt.c
+index 68fe69a..d909efc 100644
+--- a/src/rpcb_clnt.c
++++ b/src/rpcb_clnt.c
+@@ -121,6 +121,7 @@ destroy_addr(addr)
+ 			free(addr->ac_taddr->buf);
+ 			addr->ac_taddr->buf = NULL;
+ 		}
++		free(addr->ac_taddr);
+ 		addr->ac_taddr = NULL;
+ 	}
+ 	free(addr);

SOURCES/libtirpc-1.3.3-null-ptrs-not-reused.patch

@@ -0,0 +1,48 @@
+commit 89c63bdfd79b1c94384daaaa03a9e3582540f843
+Author: Herb Wartens <wartens2@llnl.gov>
+Date:   Tue Aug 1 10:21:42 2023 -0400
+
+    rpcb_clnt.c: memory leak in destroy_addr
+    
+    Null pointers so they are not used again
+    
+    Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2225226
+    Signed-off-by: Steve Dickson <steved@redhat.com>
+
+diff --git a/src/rpcb_clnt.c b/src/rpcb_clnt.c
+index d178d86..c0a9e12 100644
+--- a/src/rpcb_clnt.c
++++ b/src/rpcb_clnt.c
+@@ -104,17 +104,27 @@ destroy_addr(addr)
+ {
+ 	if (addr == NULL)
+ 		return;
+-	if(addr->ac_host != NULL)
++	if (addr->ac_host != NULL) {
+ 		free(addr->ac_host);
+-	if(addr->ac_netid != NULL)
++		addr->ac_host = NULL;
++	}
++	if (addr->ac_netid != NULL) {
+ 		free(addr->ac_netid);
+-	if(addr->ac_uaddr != NULL)
++		addr->ac_netid = NULL;
++	}
++	if (addr->ac_uaddr != NULL) {
+ 		free(addr->ac_uaddr);
+-	if(addr->ac_taddr != NULL) {
+-		if(addr->ac_taddr->buf != NULL)
++		addr->ac_uaddr = NULL;
++	}
++	if (addr->ac_taddr != NULL) {
++		if(addr->ac_taddr->buf != NULL) {
+ 			free(addr->ac_taddr->buf);
++			addr->ac_taddr->buf = NULL;
++		}
++		addr->ac_taddr = NULL;
+ 	}
+ 	free(addr);
++	addr = NULL;
+ }
+ 
+ /*

SPECS/libtirpc.spec

@@ -1,10 +1,10 @@
 %define _root_libdir    /%{_lib}
 
 Name:			libtirpc
-Version:		1.3.5
+Version:		1.3.3
-Release:		1%{?dist}
+Release:		8%{?dist}
 Summary:		Transport Independent RPC Library
-License:		SISSL AND BSD-3-Clause
+License:		SISSL and BSD
 URL:  			http://git.linux-nfs.org/?p=steved/libtirpc.git;a=summary
 Source0:		http://downloads.sourceforge.net/libtirpc/libtirpc-%{version}.tar.bz2
 
@@ -13,6 +13,25 @@ BuildRequires:		krb5-devel
 BuildRequires:		gcc
 BuildRequires: make
 
+#
+# RHEL9.2
+#
+Patch001: libtirpc-1.3.3-blacklist-close.patch
+Patch002: libtirpc-1.3.3-clnt-raw-ptr.patch
+
+#
+# RHEL9.2
+#
+Patch003: libtirpc-1.3.3-dos-sleep.patch
+
+#
+# RHEL9.4
+#
+Patch004: libtirpc-1.3.3-null-ptrs-not-reused.patch
+Patch005: libtirpc-1.3.3-gssd-context-creation.patch
+Patch006: libtirpc-1.3.3-double-free.patch
+Patch007: libtirpc-1.3.3-null-ptrs-not-reused-fixed.patch
+
 %description
 This package contains SunLib's implementation of transport-independent
 RPC (TI-RPC) documentation.  This library forms a piece of the base of 
@@ -112,72 +131,43 @@ mv %{buildroot}%{_mandir}/man3 %{buildroot}%{_mandir}/man3t
 %{_mandir}/*/*
 
 %changelog
-* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 1.3.5-1
+* Tue Mar 19 2024 Steve Dickson <steved@redhat.com> - 1.3.3-8
-- Bump release for October 2024 mass rebuild:
+- rpcb_clnt.c (fixed): Eliminate double frees in delete_cache() (RHEL-11183)
-  Resolves: RHEL-64018
-
-* Sat Jul 27 2024 Steve Dickson <steved@redhat.com> - 1.3.5-0
-- Updated to the latest upstream release: libtirpc-1_3_5 (RHEL-50728)
-
-* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1.3.4-1.rc2.3
-- Bump release for June 2024 mass rebuild
-
-* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.4-1.rc2.2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
-
-* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.4-1.rc2.1
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
-
-* Fri Jan  5 2024 Steve Dickson <steved@redhat.com> - 1.3.4-1.rc2
-- Updated to the latest upstream RC release: libtirpc-1-3-5-rc2
-
-* Wed Jan  3 2024 Steve Dickson <steved@redhat.com> - 1.3.4-1.rc1
-- Updated to the latest upstream RC release: libtirpc-1-3-5-rc1
-
-* Mon Oct 16 2023 Pavel Reichl <preichl@redhat.com> - 1.3.4-1
-- Convert License tag to SPDX format
-
-* Sat Oct  7 2023 Steve Dickson <steved@redhat.com> - 1.3.4-0
-- Updated to latest upstream release: libtirpc-1-3-4
-
-* Mon Aug  7 2023 Steve Dickson <steved@redhat.com> - 1.3.3-1.rc2
-- Updated to the latest upstream RC release: libtirpc-1-3-4-rc2
-
-* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.3-1.rc1.1
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
 
-* Fri Apr 21 2023 Steve Dickson <steved@redhat.com> - 1.3.3-1.rc1
+* Wed Mar 13 2024 Steve Dickson <steved@redhat.com> - 1.3.3-7
-- Updated to the latest upstream RC release: libtirpc-1-3-4-rc1 (bz 1725329)
+- exception build (RHEL-11183)
 
-* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.3-1
+* Tue Mar  5 2024 Steve Dickson <steved@redhat.com> - 1.3.3-6
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+- rpcb_clnt.c: Eliminate double frees in delete_cache() (RHEL-11183)
 
-* Sun Aug  7 2022 Steve Dickson <steved@redhat.com> - 1.3.3-0
+* Mon Mar  4 2024 Steve Dickson <steved@redhat.com> - 1.3.3-5
-- Updated to latest upstream release: libtirpc-1-3-3 (bz 2116171)
+- Fix rpc_gss_seccreate() usage of the passed in gss credential. (RHEL-27936)
 
-* Mon Aug  1 2022 Steve Dickson <steved@redhat.com> - 1.3.2-1.rc5
+* Mon Feb 19 2024 Pavel Reichl <preichl@redhat.com> - 1.3.3-4
-- Updated to the latest upstream RC release: libtirpc-1-3-3-rc5
+- Add gating tests (rhel-7883)
 
-* Thu Jul 28 2022 Steve Dickson <steved@redhat.com> - 1.3.2-1.rc4
+* Tue Jan  2 2024 Steve Dickson <steved@redhat.com> - 1.3.3-3
-- Updated to the latest upstream RC release: libtirpc-1-3-3-rc4
+- Null pointers so they are not used again (RHEL-11371)
 
-* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.2-1.rc1.2
+* Thu May 18 2023 Steve Dickson <steved@redhat.com> - 1.3.3-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+- getnetconfigent: avoid potential DoS (bz 2150611)
 
-* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.2-1.rc1.1
+* Thu Nov 03 2022 Steve Dickson <steved@redhat.com> - 1.3.3-1
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+- bindresvport.c: fix a potential resource leakage (bz 2135405)
+- clnt_raw.c: fix a possible null pointer dereference (bz 2138317)
 
-* Tue Sep 7 2021 Steve Dickson <steved@redhat.com> - 1.3.2-1.rc1
+* Mon Aug 15 2022 Steve Dickson <steved@redhat.com> - 1.3.3
-- Updated to the latest upstream RC release: libtirpc-1-3-3-rc1
+- Rebased to libtirpc-1.3.3 (bz 2118157)
 
-* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.2-1
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.3.2-1
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
 
-* Tue May 18 2021 Steve Dickson <steved@redhat.com> - 1.3.2-0
+* Tue Jun 15 2021 Steve Dickson <steved@redhat.com> - 1.3.2
-- Updated to latest upstream release: libtirpc-1-3-2 (bz 1959147)
+- Rebased to libtirpc-1.3.2 (bz 1959125)
 
-* Wed Apr  7 2021 Steve Dickson <steved@redhat.com> - 1.3.1.rc2
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.3.1-2
-- Updated to the latest upstream RC release: libtirpc-1-3-2-rc2
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
 
 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.1-1
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild