From f701b545c3da595238999261d0dde1782eac51c0 Mon Sep 17 00:00:00 2001
From: guibuilder_pel7x64builder0 <guibuilder@powerel.org>
Date: Thu, 26 Dec 2019 18:49:11 +0100
Subject: [PATCH] openslp package update

Signed-off-by: guibuilder_pel7x64builder0 <guibuilder@powerel.org>
---
 SOURCES/openslp-2.0.0-cve-2017-17833.patch    |  19 ++
 ...2.0.0-fortify-source-buffer-overflow.patch |  53 +++++
 SOURCES/openslp-2.0.0-multicast-set.patch     | 134 ++++++++++++
 SOURCES/slpd.8.gz                             | Bin 0 -> 428 bytes
 SOURCES/slpd.service                          |  11 +
 SOURCES/slptool.1.gz                          | Bin 0 -> 577 bytes
 SPECS/openslp.spec                            | 200 ++++++++++++++++++
 7 files changed, 417 insertions(+)
 create mode 100644 SOURCES/openslp-2.0.0-cve-2017-17833.patch
 create mode 100644 SOURCES/openslp-2.0.0-fortify-source-buffer-overflow.patch
 create mode 100644 SOURCES/openslp-2.0.0-multicast-set.patch
 create mode 100644 SOURCES/slpd.8.gz
 create mode 100644 SOURCES/slpd.service
 create mode 100644 SOURCES/slptool.1.gz
 create mode 100644 SPECS/openslp.spec

diff --git a/SOURCES/openslp-2.0.0-cve-2017-17833.patch b/SOURCES/openslp-2.0.0-cve-2017-17833.patch
new file mode 100644
index 0000000..eefce40
--- /dev/null
+++ b/SOURCES/openslp-2.0.0-cve-2017-17833.patch
@@ -0,0 +1,19 @@
+diff -up openslp-2.0.0/slpd/slpd_process.c.orig openslp-2.0.0/slpd/slpd_process.c
+--- openslp-2.0.0/slpd/slpd_process.c.orig	2018-05-09 13:08:06.185104375 +0200
++++ openslp-2.0.0/slpd/slpd_process.c	2018-05-09 13:07:21.017095089 +0200
+@@ -462,6 +462,15 @@ static int ProcessSrvRqst(SLPMessage * m
+          message->body.srvrqst.srvtype, 23, SLP_DA_SERVICE_TYPE) == 0)
+    {
+       errorcode = ProcessDASrvRqst(message, sendbuf, errorcode);
++
++      if (result != *sendbuf)
++      {
++         // The pointer stored at *sendbuf can be modified by a realloc
++         // operation in ProcessDASrvRqst().  Fix up the local copy of
++         // that pointer if necessary.
++         result = *sendbuf;
++      }
++
+       if (errorcode == 0)
+       {
+          /* Since we have an errorcode of 0, we were successful,
diff --git a/SOURCES/openslp-2.0.0-fortify-source-buffer-overflow.patch b/SOURCES/openslp-2.0.0-fortify-source-buffer-overflow.patch
new file mode 100644
index 0000000..0048606
--- /dev/null
+++ b/SOURCES/openslp-2.0.0-fortify-source-buffer-overflow.patch
@@ -0,0 +1,53 @@
+diff -up openslp-2.0.0/slpd/slpd_predicate.c.orig openslp-2.0.0/slpd/slpd_predicate.c
+--- openslp-2.0.0/slpd/slpd_predicate.c.orig	2012-12-11 00:31:53.000000000 +0100
++++ openslp-2.0.0/slpd/slpd_predicate.c	2015-01-14 13:17:45.115104003 +0100
+@@ -1425,6 +1425,8 @@ void freePredicateParseTree(SLPDPredicat
+          break;
+       }
+       pNextNode = pNode->next;
++      xfree(pNode->nodeBody.comparison.tag_str);
++      xfree(pNode->nodeBody.comparison.value_str);
+       xfree(pNode);
+       pNode = pNextNode;
+    }
+@@ -1643,26 +1645,28 @@ SLPDPredicateParseResult createPredicate
+       rhs = val_start;
+ 
+       /***** Create leaf node. *****/
+-      *ppNode = (SLPDPredicateTreeNode *)xmalloc(sizeof (SLPDPredicateTreeNode) + lhs_len + rhs_len);
++      *ppNode = (SLPDPredicateTreeNode *)xmalloc(sizeof (SLPDPredicateTreeNode));
+       if (!(*ppNode))
+          return PREDICATE_PARSE_INTERNAL_ERROR;
+ 
++      (*ppNode)->nodeBody.comparison.tag_str = (char *)xmalloc((lhs_len+1) * sizeof(char));
++      if (!((*ppNode)->nodeBody.comparison.tag_str))
++         return PREDICATE_PARSE_INTERNAL_ERROR;
++
++      (*ppNode)->nodeBody.comparison.value_str = (char *)xmalloc((rhs_len+1) * sizeof(char));
++      if (!((*ppNode)->nodeBody.comparison.value_str))
++         return PREDICATE_PARSE_INTERNAL_ERROR;
++
+       (*ppNode)->nodeType = op;
+       (*ppNode)->next = (SLPDPredicateTreeNode *)0;
+ 
+-      /* Finished with "operator" now - just use as temporary pointer to assist with copying the
+-       * attribute name (lhs) and required value (rhs) into the node
+-       */
+-      operator = (*ppNode)->nodeBody.comparison.storage;
+-      strncpy(operator, lhs, lhs_len);
+-      operator[lhs_len] = '\0';
+       (*ppNode)->nodeBody.comparison.tag_len = lhs_len;
+-      (*ppNode)->nodeBody.comparison.tag_str = operator;
+-      operator += lhs_len + 1;
+-      strncpy(operator, rhs, rhs_len);
+-      operator[rhs_len] = '\0';
++      strncpy((*ppNode)->nodeBody.comparison.tag_str, lhs, lhs_len);
++      (*ppNode)->nodeBody.comparison.tag_str[lhs_len] = '\0';
++
+       (*ppNode)->nodeBody.comparison.value_len = rhs_len;
+-      (*ppNode)->nodeBody.comparison.value_str = operator;
++      strncpy((*ppNode)->nodeBody.comparison.value_str, rhs, rhs_len);
++      (*ppNode)->nodeBody.comparison.value_str[rhs_len] = '\0';
+ 
+       return PREDICATE_PARSE_OK;
+    }
diff --git a/SOURCES/openslp-2.0.0-multicast-set.patch b/SOURCES/openslp-2.0.0-multicast-set.patch
new file mode 100644
index 0000000..bb4c945
--- /dev/null
+++ b/SOURCES/openslp-2.0.0-multicast-set.patch
@@ -0,0 +1,134 @@
+diff -up openslp-2.0.0/etc/slpd.all_init.orig openslp-2.0.0/etc/slpd.all_init
+--- openslp-2.0.0/etc/slpd.all_init.orig	2012-11-28 18:07:04.000000000 +0100
++++ openslp-2.0.0/etc/slpd.all_init	2013-06-24 13:27:34.375575496 +0200
+@@ -1,28 +1,5 @@
+ #!/bin/bash
+-#
+-#	/etc/rc.d/init.d/slpd
+-#
+-# slpd    Start/Stop the OpenSLP SA daemon (slpd).
+-#
+-# chkconfig: 345 13 87
+-# description: OpenSLP daemon for the Service Location Protocol
+-# processname: slpd
+-
+-# Author: Miquel van Smoorenburg, <miquels@drinkel.nl.mugnet.org>
+-#     Modified for RHS Linux by Damien Neil
+-#     Modified for COL by Raymund Will, <ray@lst.de>
+-#     Modified for OpenSLP by Matt Peterson <mpeterson@calderasystems.com>
+-#     Modified to be distribution agnostic by Bart Whiteley <bart@caldera.com>
+-
+-#//////////////////////////////////////////////////#
+-# Does nothing if a route exists that supports     # 
+-# multicast traffic. If no routes supporting       #
+-# multicast traffic exists, the function tries to  #
+-# add one.  A 0 is returned on success and a 1     #
+-# on failure. One parameter must be passed in.     #
+-# This variable determins verbosity. If parameter  #
+-# is non-zero debugging will appear                #
+-#//////////////////////////////////////////////////#
++
+ multicast_route_set() 
+ {
+     PING_OPTIONS_1='-c1 -w1'
+@@ -91,94 +68,11 @@ multicast_route_set()
+     return $retval
+ }
+ 
+-NAME=slpd
+-DAEMON=/usr/sbin/$NAME  
+-SUSE=0
+-
+-# Change to root
+-OLDDIR=`pwd`
+-cd /
+-
+-# Source function library.
+-if [ -f /etc/rc.d/init.d/functions ]; then
+-  . /etc/rc.d/init.d/functions
+-else
+-  SUSE=1
+-fi
+-  
+-test -x $DAEMON || exit 0
+-
+-if [ ! "$SVIlock" = "" ]; then
+-  unset LOCK
+-else
+-  LOCK=/var/lock/subsys/slpd
++multicast_route_set 1
++multicast_enabled=$?
++if [ "$multicast_enabled" != "0" ] ; then
++  echo "Failure: No Route Available for Multicast Traffic"
++  exit 1
+ fi
+ 
+-RETVAL=0
+-
+-#
+-#	See how we were called.
+-#
+-case "$1" in
+-  start)
+-    # Check if atd is already running
+-    # RH style
+-    if [ $SUSE -eq 0 ] && [ ! "$LOCK" = "" ] && [ -f $LOCK ]; then
+-      exit 0
+-    fi
+-    # Caldera Style
+-    if [ ! "$SVIlock" = "" ] && [ -f $SVIlock ]; then
+-      exit 0
+-    fi
+-    echo -n 'Starting slpd: '
+-
+-    multicast_route_set 1
+-    multicast_enabled=$?
+-    if [ "$multicast_enabled" != "0" ] ; then
+-      echo "Failure: No Route Available for Multicast Traffic"
+-      exit 1
+-    fi
+-    if [ $SUSE -eq 0 ]; then
+-      if [ -x /sbin/ssd ]; then
+-        ssd -S -n $NAME -x $DAEMON -- $OPTIONS
+-        [ ! "$SVIlock" = "" ] && touch $SVIlock
+-      else
+-        daemon $DAEMON
+-        RETVAL=$?
+-      fi
+-    else
+-      startproc $DAEMON $OPTIONS
+-    fi
+-    [ $SUSE -eq 0 ] && [ ! "$LOCK" = "" ] && [ $RETVAL -eq 0 ] && touch $LOCK
+-    echo
+-    ;;
+-  stop)
+-    echo -n 'Stopping slpd: '
+-    
+-    if [ -x /sbin/ssd ]; then
+-      ssd -K -p /var/run/$NAME.pid -n $NAME
+-      [ ! "$SVIlock" = "" ] && rm -f $SVIlock
+-    else
+-      killproc $DAEMON
+-      RETVAL=$?
+-    fi
+-    [ ! "$LOCK" = "" ] && [ $RETVAL -eq 0 ] && rm -f $LOCK
+-    echo
+-    ;;
+-  reload|restart)
+-    cd $OLDDIR
+-    $0 stop
+-    $0 start
+-	 cd /
+-    RETVAL=$?
+-    ;;
+-  status)
+-    status /usr/sbin/slpd
+-    RETVAL=$?
+-    ;;
+-  *)
+-    echo "Usage: /etc/rc.d/init.d/slpd {start|stop|restart|reload|status}"
+-    exit 1
+-esac
+-
+-exit $RETVAL
++exit 0
diff --git a/SOURCES/slpd.8.gz b/SOURCES/slpd.8.gz
new file mode 100644
index 0000000000000000000000000000000000000000..f87cc30d019d80101dba3cdde089ab437d649e54
GIT binary patch
literal 428
zcmV;d0aN}TiwFql?2u6a19NO}WG*-Wjgmia!Y~lU_k4;IOBXPdE?q%X0;&8FfuSl4
zCU%G=$Byg+#JBI+q?EuwheYx7-MgP(%vNJaKNllty|<t><!9*kUf<}`>q<bM_1I1#
z?~{<8J<1XWqEtqCbR3m6utud7D(PDZOUE!9Oh1y?y6FU85L}kl#J%)uHeaNZG+{#s
zCCT@uBep>A3^HqSwa=B7QP806-^ziL`|HT7?7>&+x~ia3;<`G*Q94i6+c<i@SWV_L
znmkz~Y(>v-LV#kEFO!iqF9?DTnH7*bTLKm`@Sw9=E3*g0GrQ@^HgJOr!DH<uSubzo
zg!||dOJW{QazUB}yF;!_U3;iwR3^8sjNfe_t&ooTxrru1=KP?s9cOeUW?gb*!2oW-
zG=bHzHK=N>fkfVT$8~ZFWhjPHde8ULKO;GE*QNSEBUos>r@8-a4XpdkXMA;T9;qX1
zbUy|Cjf|Qe80%ZpK&!P!qQYu%(IQ*rY(`mu690+H9n2*vvTtA<!|b%Mr;BTSbAcN{
Wx1_AXbX&!Pvg8LjY>ol20{{SxyUrf~

literal 0
HcmV?d00001

diff --git a/SOURCES/slpd.service b/SOURCES/slpd.service
new file mode 100644
index 0000000..1ac7fec
--- /dev/null
+++ b/SOURCES/slpd.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=OpenSLP daemon for the Service Location Protocol
+After=network.target
+
+[Service]
+Type=forking
+ExecStart=/usr/sbin/slpd
+ExecStartPre=/usr/lib/openslp-server/slp-multicast-set.sh
+
+[Install]
+WantedBy=multi-user.target
diff --git a/SOURCES/slptool.1.gz b/SOURCES/slptool.1.gz
new file mode 100644
index 0000000000000000000000000000000000000000..15c823d6f75074037345dc7e74d6e10189b86ab4
GIT binary patch
literal 577
zcmV-H0>1qpiwFoM<&aST19NO}bZ>8LE-?V5lTDA>Fc60C`4yv_7HRR4(3TddhusPZ
zBp^{krB;N42~M!&e8_fa^Y3e$goFsSlpa7H&%BR4<2PtChhXV%JZ}lMV}rfI6}Tg3
ztd@cmGS3;fXoU7eVpr{b6NJN;JWX+S5VnPaIjmn-Gpnf$hZ+abxdIr?2<U{V41TOV
zKUf47dV^YEZNqqx7n0_g2;;9iP+=_|njcTflw?vT4a4&{3vaCu3*V}Bkg7ZH$<#t~
z-wNZmaClPH@RV~fk%|cys#5I^;6O#ea3w$<3DgMzdEDFx^u4`;WU3F;B1I1=qP!pm
z80U=TKgj|172tE{DoqN^u_Sr~LK?glhz^nUhzw^*iIZE<CIu2F9fIr;Bu#IsX-ssg
zr=~qM%_QM5j)?e|wpvvOUG~srMk6dFjiVcAL9>LB7KF^()+Pvt=fB1V?OUrFeO^qJ
z5&21gGUka!L`|V82yA1@6mNH_!BTPoC1<eJOL`Eyu3n3TN|o}Mb1JJ&(!84qIZ0I4
z>I1l7YRG|fQ)Vk6vfxU|Wd+S5!znQ)o_&8^`O8^w>7w!81ygr3O)I@ZzosuQX?4tn
zL~1Z#Kk37r&nL{B!Ltcm9k>Jg3fCXb1$ST7^*Pt*)<Vt*O(w`0Blq3t+4<xm=fg+j
zz8~rM&KtC*X<_5ZV;5^5`;RkxL<8o~zmH-3zrfq0cnsL_=KTZdx;G;dseM!m64c*<
P?_0kC7={9`IR*d#J)#O(

literal 0
HcmV?d00001

diff --git a/SPECS/openslp.spec b/SPECS/openslp.spec
new file mode 100644
index 0000000..ff1b7b7
--- /dev/null
+++ b/SPECS/openslp.spec
@@ -0,0 +1,200 @@
+Name:			openslp
+Version:		2.0.0
+Release:		7%{?dist}
+Epoch:			1
+Summary:		Open implementation of Service Location Protocol V2
+
+Group:			System Environment/Libraries
+License:		BSD
+URL:			http://www.openslp.org
+Source0:		http://downloads.sourceforge.net/openslp/%{name}-%{version}.tar.gz
+# Source1,2: simple man pages (slightly modified help2man output)
+Source1:		slpd.8.gz
+Source2:		slptool.1.gz
+# Source3: service file
+Source3:		slpd.service
+BuildRoot:		%(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
+
+# Patch0: creates script from upstream init script that sets multicast
+#     prior to the start of the service
+Patch0:			openslp-2.0.0-multicast-set.patch
+# Patch1: fixes buffer overflow, rhbz#1181474
+Patch1:			openslp-2.0.0-fortify-source-buffer-overflow.patch
+# Patch2: fixes heap memory corruption in slpd/slpd_process.c, which allows
+#   denial of service or potentially code execution,
+#   backported form upstream, CVE-2017-17833
+Patch2:  openslp-2.0.0-cve-2017-17833.patch
+
+BuildRequires:		bison flex openssl-devel doxygen
+BuildRequires:		automake libtool
+BuildRequires:		systemd-units
+
+%description
+Service Location Protocol is an IETF standards track protocol that
+provides a framework to allow networking applications to discover the
+existence, location, and configuration of networked services in
+enterprise networks.
+
+OpenSLP is an open source implementation of the SLPv2 protocol as defined
+by RFC 2608 and RFC 2614.
+
+%package server
+Summary:		OpenSLP server daemon
+Group:			System Environment/Daemons
+Requires:		%{name} = %{epoch}:%{version}-%{release}
+Requires:		/bin/netstat
+Requires(preun):	chkconfig, /sbin/service
+Requires(post):		chkconfig
+Requires(postun):	/sbin/service
+
+%description server
+Service Location Protocol is an IETF standards track protocol that
+provides a framework that allows networking applications to discover
+the existence, location, and configuration of networked services in
+enterprise networks.
+
+This package contains the SLP server. Every system, which provides any
+services that should be used via an SLP client must run this server and
+register the service.
+
+%package devel
+Summary:		OpenSLP headers and libraries
+Group:			Development/Libraries
+Requires:		%{name} = %{epoch}:%{version}-%{release}
+
+%description devel
+Service Location Protocol is an IETF standards track protocol that
+provides a framework that allows networking applications to discover
+the existence, location, and configuration of networked services in
+enterprise networks.
+
+This package contains header and library files to compile applications
+with SLP support. It also contains developer documentation to develop
+such applications.
+
+%prep
+%setup -q
+%patch0 -p1 -b .multicast-set
+%patch1 -p1 -b .fortify-source-buffer-overflow
+%patch2 -p1 -b .cve-2017-17833
+
+
+%build
+export CFLAGS="-fPIC -fno-strict-aliasing -fPIE -DPIE $RPM_OPT_FLAGS"
+export LDFLAGS="-pie -Wl,-z,now"
+%configure \
+  --prefix=%{_prefix} \
+  --libdir=%{_libdir} \
+  --sysconfdir=%{_sysconfdir} \
+  --enable-async-api \
+  --disable-rpath \
+  --enable-slpv2-security \
+  --localstatedir=/var
+make %{?_smp_mflags}
+
+
+%install
+rm -rf $RPM_BUILD_ROOT
+make install DESTDIR=$RPM_BUILD_ROOT
+mkdir -p ${RPM_BUILD_ROOT}/%{_sysconfdir}/slp.reg.d
+# install script that sets multicast
+mkdir -p ${RPM_BUILD_ROOT}/usr/lib/%{name}-server
+install -m 0755 etc/slpd.all_init ${RPM_BUILD_ROOT}/usr/lib/%{name}-server/slp-multicast-set.sh
+# install service file
+mkdir -p ${RPM_BUILD_ROOT}/%{_unitdir}
+install -p -m 644 %{SOURCE3} ${RPM_BUILD_ROOT}/%{_unitdir}/slpd.service
+# install man page
+mkdir -p ${RPM_BUILD_ROOT}/%{_mandir}/man8/
+mkdir -p ${RPM_BUILD_ROOT}/%{_mandir}/man1/
+cp %SOURCE1 ${RPM_BUILD_ROOT}/%{_mandir}/man8/
+cp %SOURCE2 ${RPM_BUILD_ROOT}/%{_mandir}/man1/
+rm -f  $RPM_BUILD_ROOT%{_libdir}/lib*.a
+rm -f  $RPM_BUILD_ROOT%{_libdir}/lib*.la
+
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+
+%post -p /sbin/ldconfig
+
+%postun -p /sbin/ldconfig
+
+%post server
+%systemd_post slpd.service
+
+%postun server
+%systemd_postun_with_restart slpd.service
+
+%preun server
+%systemd_preun slpd.service
+
+
+%files
+%defattr(-,root,root,-)
+%doc AUTHORS COPYING ChangeLog NEWS README
+%doc doc/doc/*
+%{_libdir}/libslp.so.*
+%{_bindir}/slptool
+%config(noreplace) %{_sysconfdir}/slp.conf
+%config(noreplace) %{_sysconfdir}/slp.spi
+%{_mandir}/man1/*
+
+%files server
+%defattr(-,root,root,-)
+%dir /%{_sysconfdir}/slp.reg.d/
+%dir /usr/lib/%{name}-server
+/usr/lib/%{name}-server/slp-multicast-set.sh
+%{_sbindir}/slpd
+%config(noreplace) %{_sysconfdir}/slp.reg
+%{_unitdir}/slpd.service
+%{_mandir}/man8/*
+
+%files devel
+%defattr(-,root,root,-)
+%{_includedir}/slp.h
+%{_libdir}/libslp.so
+
+
+%changelog
+* Tue Jul 03 2018 Vitezslav Crhonek <vcrhonek@redhat.com> - 1:2.0.0-7
+- Fix possible heap memory corruption, CVE-2017-17833
+  Resolves: #1575698
+
+* Tue Jun 28 2016 Vitezslav Crhonek <vcrhonek@redhat.com> - 1:2.0.0-6
+- Fix buffer overflow termination of slpd with -D_FORTIFY_SOURCE=2
+  Resolves: #1181474
+
+* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 1:2.0.0-5
+- Mass rebuild 2014-01-24
+
+* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 1:2.0.0-4
+- Mass rebuild 2013-12-27
+
+* Wed Oct 16 2013 Vitezslav Crhonek <vcrhonek@redhat.com> - 1:2.0.0-3
+- Fix full relro
+  Resolves: #881226
+
+* Mon Jul 15 2013 Vitezslav Crhonek <vcrhonek@redhat.com> - 1:2.0.0-2
+- Fix -devel requires
+
+* Tue Jun 25 2013 Vitezslav Crhonek <vcrhonek@redhat.com> - 1:2.0.0-1
+- Update to openslp-2.0.0
+- Add systemd support
+- Require /bin/netstat
+
+* Wed May 15 2013 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.0-0.3.beta2
+- Add man pages for slptool and slpd
+- Add CFLAGS and LDFLAGS for full relro
+
+* Thu Jul 28 2011 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.0-0.2.beta2
+- Build with -fno-strict-aliasing
+
+* Wed Jul 20 2011 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.0-0.1.beta2
+- Fix N-V-R
+
+* Wed Jul 20 2011 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.0.beta2-2
+- Build
+
+* Tue Jul 19 2011 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.0.beta2-1
+- Initial support