openslp package update

Signed-off-by: guibuilder_pel7x64builder0 <guibuilder@powerel.org>
5 years ago · f701b545c3
7 changed files with 417 additions and 0 deletions
--- a/SOURCES/openslp-2.0.0-cve-2017-17833.patch
+++ b/SOURCES/openslp-2.0.0-cve-2017-17833.patch
@ -0,0 +1,19 @@
				@@ -0,0 +1,19 @@
+diff -up openslp-2.0.0/slpd/slpd_process.c.orig openslp-2.0.0/slpd/slpd_process.c
+--- openslp-2.0.0/slpd/slpd_process.c.orig	2018-05-09 13:08:06.185104375 +0200
+++ openslp-2.0.0/slpd/slpd_process.c	2018-05-09 13:07:21.017095089 +0200
+@@ -462,6 +462,15 @@ static int ProcessSrvRqst(SLPMessage * m
+          message->body.srvrqst.srvtype, 23, SLP_DA_SERVICE_TYPE) == 0)
+    {
+       errorcode = ProcessDASrvRqst(message, sendbuf, errorcode);
+
+      if (result != *sendbuf)
+      {
+         // The pointer stored at *sendbuf can be modified by a realloc
+         // operation in ProcessDASrvRqst().  Fix up the local copy of
+         // that pointer if necessary.
+         result = *sendbuf;
+      }
+
+       if (errorcode == 0)
+       {
+          /* Since we have an errorcode of 0, we were successful,
--- a/SOURCES/openslp-2.0.0-fortify-source-buffer-overflow.patch
+++ b/SOURCES/openslp-2.0.0-fortify-source-buffer-overflow.patch
@ -0,0 +1,53 @@
				@@ -0,0 +1,53 @@
+diff -up openslp-2.0.0/slpd/slpd_predicate.c.orig openslp-2.0.0/slpd/slpd_predicate.c
+--- openslp-2.0.0/slpd/slpd_predicate.c.orig	2012-12-11 00:31:53.000000000 +0100
+++ openslp-2.0.0/slpd/slpd_predicate.c	2015-01-14 13:17:45.115104003 +0100
+@@ -1425,6 +1425,8 @@ void freePredicateParseTree(SLPDPredicat
+          break;
+       }
+       pNextNode = pNode->next;
+      xfree(pNode->nodeBody.comparison.tag_str);
+      xfree(pNode->nodeBody.comparison.value_str);
+       xfree(pNode);
+       pNode = pNextNode;
+    }
+@@ -1643,26 +1645,28 @@ SLPDPredicateParseResult createPredicate
+       rhs = val_start;
+ 
+       /***** Create leaf node. *****/
+-      *ppNode = (SLPDPredicateTreeNode *)xmalloc(sizeof (SLPDPredicateTreeNode) + lhs_len + rhs_len);
+      *ppNode = (SLPDPredicateTreeNode *)xmalloc(sizeof (SLPDPredicateTreeNode));
+       if (!(*ppNode))
+          return PREDICATE_PARSE_INTERNAL_ERROR;
+ 
+      (*ppNode)->nodeBody.comparison.tag_str = (char *)xmalloc((lhs_len+1) * sizeof(char));
+      if (!((*ppNode)->nodeBody.comparison.tag_str))
+         return PREDICATE_PARSE_INTERNAL_ERROR;
+
+      (*ppNode)->nodeBody.comparison.value_str = (char *)xmalloc((rhs_len+1) * sizeof(char));
+      if (!((*ppNode)->nodeBody.comparison.value_str))
+         return PREDICATE_PARSE_INTERNAL_ERROR;
+
+       (*ppNode)->nodeType = op;
+       (*ppNode)->next = (SLPDPredicateTreeNode *)0;
+ 
+-      /* Finished with "operator" now - just use as temporary pointer to assist with copying the
+-       * attribute name (lhs) and required value (rhs) into the node
+-       */
+-      operator = (*ppNode)->nodeBody.comparison.storage;
+-      strncpy(operator, lhs, lhs_len);
+-      operator[lhs_len] = '\0';
+       (*ppNode)->nodeBody.comparison.tag_len = lhs_len;
+-      (*ppNode)->nodeBody.comparison.tag_str = operator;
+-      operator += lhs_len + 1;
+-      strncpy(operator, rhs, rhs_len);
+-      operator[rhs_len] = '\0';
+      strncpy((*ppNode)->nodeBody.comparison.tag_str, lhs, lhs_len);
+      (*ppNode)->nodeBody.comparison.tag_str[lhs_len] = '\0';
+
+       (*ppNode)->nodeBody.comparison.value_len = rhs_len;
+-      (*ppNode)->nodeBody.comparison.value_str = operator;
+      strncpy((*ppNode)->nodeBody.comparison.value_str, rhs, rhs_len);
+      (*ppNode)->nodeBody.comparison.value_str[rhs_len] = '\0';
+ 
+       return PREDICATE_PARSE_OK;
+    }
--- a/SOURCES/openslp-2.0.0-multicast-set.patch
+++ b/SOURCES/openslp-2.0.0-multicast-set.patch
@ -0,0 +1,134 @@
				@@ -0,0 +1,134 @@
+diff -up openslp-2.0.0/etc/slpd.all_init.orig openslp-2.0.0/etc/slpd.all_init
+--- openslp-2.0.0/etc/slpd.all_init.orig	2012-11-28 18:07:04.000000000 +0100
+++ openslp-2.0.0/etc/slpd.all_init	2013-06-24 13:27:34.375575496 +0200
+@@ -1,28 +1,5 @@
+ #!/bin/bash
+-#
+-#	/etc/rc.d/init.d/slpd
+-#
+-# slpd    Start/Stop the OpenSLP SA daemon (slpd).
+-#
+-# chkconfig: 345 13 87
+-# description: OpenSLP daemon for the Service Location Protocol
+-# processname: slpd
+-
+-# Author: Miquel van Smoorenburg, <miquels@drinkel.nl.mugnet.org>
+-#     Modified for RHS Linux by Damien Neil
+-#     Modified for COL by Raymund Will, <ray@lst.de>
+-#     Modified for OpenSLP by Matt Peterson <mpeterson@calderasystems.com>
+-#     Modified to be distribution agnostic by Bart Whiteley <bart@caldera.com>
+-
+-#//////////////////////////////////////////////////#
+-# Does nothing if a route exists that supports     # 
+-# multicast traffic. If no routes supporting       #
+-# multicast traffic exists, the function tries to  #
+-# add one.  A 0 is returned on success and a 1     #
+-# on failure. One parameter must be passed in.     #
+-# This variable determins verbosity. If parameter  #
+-# is non-zero debugging will appear                #
+-#//////////////////////////////////////////////////#
+
+ multicast_route_set() 
+ {
+     PING_OPTIONS_1='-c1 -w1'
+@@ -91,94 +68,11 @@ multicast_route_set()
+     return $retval
+ }
+ 
+-NAME=slpd
+-DAEMON=/usr/sbin/$NAME  
+-SUSE=0
+-
+-# Change to root
+-OLDDIR=`pwd`
+-cd /
+-
+-# Source function library.
+-if [ -f /etc/rc.d/init.d/functions ]; then
+-  . /etc/rc.d/init.d/functions
+-else
+-  SUSE=1
+-fi
+-  
+-test -x $DAEMON || exit 0
+-
+-if [ ! "$SVIlock" = "" ]; then
+-  unset LOCK
+-else
+-  LOCK=/var/lock/subsys/slpd
+multicast_route_set 1
+multicast_enabled=$?
+if [ "$multicast_enabled" != "0" ] ; then
+  echo "Failure: No Route Available for Multicast Traffic"
+  exit 1
+ fi
+ 
+-RETVAL=0
+-
+-#
+-#	See how we were called.
+-#
+-case "$1" in
+-  start)
+-    # Check if atd is already running
+-    # RH style
+-    if [ $SUSE -eq 0 ] && [ ! "$LOCK" = "" ] && [ -f $LOCK ]; then
+-      exit 0
+-    fi
+-    # Caldera Style
+-    if [ ! "$SVIlock" = "" ] && [ -f $SVIlock ]; then
+-      exit 0
+-    fi
+-    echo -n 'Starting slpd: '
+-
+-    multicast_route_set 1
+-    multicast_enabled=$?
+-    if [ "$multicast_enabled" != "0" ] ; then
+-      echo "Failure: No Route Available for Multicast Traffic"
+-      exit 1
+-    fi
+-    if [ $SUSE -eq 0 ]; then
+-      if [ -x /sbin/ssd ]; then
+-        ssd -S -n $NAME -x $DAEMON -- $OPTIONS
+-        [ ! "$SVIlock" = "" ] && touch $SVIlock
+-      else
+-        daemon $DAEMON
+-        RETVAL=$?
+-      fi
+-    else
+-      startproc $DAEMON $OPTIONS
+-    fi
+-    [ $SUSE -eq 0 ] && [ ! "$LOCK" = "" ] && [ $RETVAL -eq 0 ] && touch $LOCK
+-    echo
+-    ;;
+-  stop)
+-    echo -n 'Stopping slpd: '
+-    
+-    if [ -x /sbin/ssd ]; then
+-      ssd -K -p /var/run/$NAME.pid -n $NAME
+-      [ ! "$SVIlock" = "" ] && rm -f $SVIlock
+-    else
+-      killproc $DAEMON
+-      RETVAL=$?
+-    fi
+-    [ ! "$LOCK" = "" ] && [ $RETVAL -eq 0 ] && rm -f $LOCK
+-    echo
+-    ;;
+-  reload|restart)
+-    cd $OLDDIR
+-    $0 stop
+-    $0 start
+-	 cd /
+-    RETVAL=$?
+-    ;;
+-  status)
+-    status /usr/sbin/slpd
+-    RETVAL=$?
+-    ;;
+-  *)
+-    echo "Usage: /etc/rc.d/init.d/slpd {start|stop|restart|reload|status}"
+-    exit 1
+-esac
+-
+-exit $RETVAL
+exit 0
--- a/SOURCES/slpd.8.gz
+++ b/SOURCES/slpd.8.gz
--- a/SOURCES/slpd.service
+++ b/SOURCES/slpd.service
@ -0,0 +1,11 @@
				@@ -0,0 +1,11 @@
+[Unit]
+Description=OpenSLP daemon for the Service Location Protocol
+After=network.target
+
+[Service]
+Type=forking
+ExecStart=/usr/sbin/slpd
+ExecStartPre=/usr/lib/openslp-server/slp-multicast-set.sh
+
+[Install]
+WantedBy=multi-user.target
--- a/SOURCES/slptool.1.gz
+++ b/SOURCES/slptool.1.gz
--- a/SPECS/openslp.spec
+++ b/SPECS/openslp.spec
@ -0,0 +1,200 @@
				@@ -0,0 +1,200 @@
+Name:			openslp
+Version:		2.0.0
+Release:		7%{?dist}
+Epoch:			1
+Summary:		Open implementation of Service Location Protocol V2
+
+Group:			System Environment/Libraries
+License:		BSD
+URL:			http://www.openslp.org
+Source0:		http://downloads.sourceforge.net/openslp/%{name}-%{version}.tar.gz
+# Source1,2: simple man pages (slightly modified help2man output)
+Source1:		slpd.8.gz
+Source2:		slptool.1.gz
+# Source3: service file
+Source3:		slpd.service
+BuildRoot:		%(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
+
+# Patch0: creates script from upstream init script that sets multicast
+#     prior to the start of the service
+Patch0:			openslp-2.0.0-multicast-set.patch
+# Patch1: fixes buffer overflow, rhbz#1181474
+Patch1:			openslp-2.0.0-fortify-source-buffer-overflow.patch
+# Patch2: fixes heap memory corruption in slpd/slpd_process.c, which allows
+#   denial of service or potentially code execution,
+#   backported form upstream, CVE-2017-17833
+Patch2:  openslp-2.0.0-cve-2017-17833.patch
+
+BuildRequires:		bison flex openssl-devel doxygen
+BuildRequires:		automake libtool
+BuildRequires:		systemd-units
+
+%description
+Service Location Protocol is an IETF standards track protocol that
+provides a framework to allow networking applications to discover the
+existence, location, and configuration of networked services in
+enterprise networks.
+
+OpenSLP is an open source implementation of the SLPv2 protocol as defined
+by RFC 2608 and RFC 2614.
+
+%package server
+Summary:		OpenSLP server daemon
+Group:			System Environment/Daemons
+Requires:		%{name} = %{epoch}:%{version}-%{release}
+Requires:		/bin/netstat
+Requires(preun):	chkconfig, /sbin/service
+Requires(post):		chkconfig
+Requires(postun):	/sbin/service
+
+%description server
+Service Location Protocol is an IETF standards track protocol that
+provides a framework that allows networking applications to discover
+the existence, location, and configuration of networked services in
+enterprise networks.
+
+This package contains the SLP server. Every system, which provides any
+services that should be used via an SLP client must run this server and
+register the service.
+
+%package devel
+Summary:		OpenSLP headers and libraries
+Group:			Development/Libraries
+Requires:		%{name} = %{epoch}:%{version}-%{release}
+
+%description devel
+Service Location Protocol is an IETF standards track protocol that
+provides a framework that allows networking applications to discover
+the existence, location, and configuration of networked services in
+enterprise networks.
+
+This package contains header and library files to compile applications
+with SLP support. It also contains developer documentation to develop
+such applications.
+
+%prep
+%setup -q
+%patch0 -p1 -b .multicast-set
+%patch1 -p1 -b .fortify-source-buffer-overflow
+%patch2 -p1 -b .cve-2017-17833
+
+
+%build
+export CFLAGS="-fPIC -fno-strict-aliasing -fPIE -DPIE $RPM_OPT_FLAGS"
+export LDFLAGS="-pie -Wl,-z,now"
+%configure \
+  --prefix=%{_prefix} \
+  --libdir=%{_libdir} \
+  --sysconfdir=%{_sysconfdir} \
+  --enable-async-api \
+  --disable-rpath \
+  --enable-slpv2-security \
+  --localstatedir=/var
+make %{?_smp_mflags}
+
+
+%install
+rm -rf $RPM_BUILD_ROOT
+make install DESTDIR=$RPM_BUILD_ROOT
+mkdir -p ${RPM_BUILD_ROOT}/%{_sysconfdir}/slp.reg.d
+# install script that sets multicast
+mkdir -p ${RPM_BUILD_ROOT}/usr/lib/%{name}-server
+install -m 0755 etc/slpd.all_init ${RPM_BUILD_ROOT}/usr/lib/%{name}-server/slp-multicast-set.sh
+# install service file
+mkdir -p ${RPM_BUILD_ROOT}/%{_unitdir}
+install -p -m 644 %{SOURCE3} ${RPM_BUILD_ROOT}/%{_unitdir}/slpd.service
+# install man page
+mkdir -p ${RPM_BUILD_ROOT}/%{_mandir}/man8/
+mkdir -p ${RPM_BUILD_ROOT}/%{_mandir}/man1/
+cp %SOURCE1 ${RPM_BUILD_ROOT}/%{_mandir}/man8/
+cp %SOURCE2 ${RPM_BUILD_ROOT}/%{_mandir}/man1/
+rm -f  $RPM_BUILD_ROOT%{_libdir}/lib*.a
+rm -f  $RPM_BUILD_ROOT%{_libdir}/lib*.la
+
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+
+%post -p /sbin/ldconfig
+
+%postun -p /sbin/ldconfig
+
+%post server
+%systemd_post slpd.service
+
+%postun server
+%systemd_postun_with_restart slpd.service
+
+%preun server
+%systemd_preun slpd.service
+
+
+%files
+%defattr(-,root,root,-)
+%doc AUTHORS COPYING ChangeLog NEWS README
+%doc doc/doc/*
+%{_libdir}/libslp.so.*
+%{_bindir}/slptool
+%config(noreplace) %{_sysconfdir}/slp.conf
+%config(noreplace) %{_sysconfdir}/slp.spi
+%{_mandir}/man1/*
+
+%files server
+%defattr(-,root,root,-)
+%dir /%{_sysconfdir}/slp.reg.d/
+%dir /usr/lib/%{name}-server
+/usr/lib/%{name}-server/slp-multicast-set.sh
+%{_sbindir}/slpd
+%config(noreplace) %{_sysconfdir}/slp.reg
+%{_unitdir}/slpd.service
+%{_mandir}/man8/*
+
+%files devel
+%defattr(-,root,root,-)
+%{_includedir}/slp.h
+%{_libdir}/libslp.so
+
+
+%changelog
+* Tue Jul 03 2018 Vitezslav Crhonek <vcrhonek@redhat.com> - 1:2.0.0-7
+- Fix possible heap memory corruption, CVE-2017-17833
+  Resolves: #1575698
+
+* Tue Jun 28 2016 Vitezslav Crhonek <vcrhonek@redhat.com> - 1:2.0.0-6
+- Fix buffer overflow termination of slpd with -D_FORTIFY_SOURCE=2
+  Resolves: #1181474
+
+* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 1:2.0.0-5
+- Mass rebuild 2014-01-24
+
+* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 1:2.0.0-4
+- Mass rebuild 2013-12-27
+
+* Wed Oct 16 2013 Vitezslav Crhonek <vcrhonek@redhat.com> - 1:2.0.0-3
+- Fix full relro
+  Resolves: #881226
+
+* Mon Jul 15 2013 Vitezslav Crhonek <vcrhonek@redhat.com> - 1:2.0.0-2
+- Fix -devel requires
+
+* Tue Jun 25 2013 Vitezslav Crhonek <vcrhonek@redhat.com> - 1:2.0.0-1
+- Update to openslp-2.0.0
+- Add systemd support
+- Require /bin/netstat
+
+* Wed May 15 2013 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.0-0.3.beta2
+- Add man pages for slptool and slpd
+- Add CFLAGS and LDFLAGS for full relro
+
+* Thu Jul 28 2011 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.0-0.2.beta2
+- Build with -fno-strict-aliasing
+
+* Wed Jul 20 2011 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.0-0.1.beta2
+- Fix N-V-R
+
+* Wed Jul 20 2011 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.0.beta2-2
+- Build
+
+* Tue Jul 19 2011 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.0.beta2-1
+- Initial support