Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libnfs for openSUSE:Factory checked in at 2026-07-10 17:36:50 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libnfs (Old) and /work/SRC/openSUSE:Factory/.libnfs.new.1991 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libnfs" Fri Jul 10 17:36:50 2026 rev:13 rq:1362601 version:6.0.2 Changes: -------- --- /work/SRC/openSUSE:Factory/libnfs/libnfs.changes 2026-04-07 16:47:16.652504150 +0200 +++ /work/SRC/openSUSE:Factory/.libnfs.new.1991/libnfs.changes 2026-07-10 17:39:05.676617580 +0200 @@ -1,0 +2,17 @@ +Sat Jun 27 16:10:53 UTC 2026 - Michael Gorse <[email protected]> + +- Update to version 6.0.2: + + KRB5 / TLS support. + + Zero-Copy READ support. + New API and changed function signatures. Can be checked via + LIBNFS_API_V2. +- sover is now 16. +- Add krb5-gssapi to BuildRequires: new dependency. +- Rebase libnfs-5.0.3-glibc-2_43.patch: use the upstream pr. +- Drop libnfs-5.0.3-glibc-2_43-2.patch: no longer relevant. +- Add libnfs-CVE-2026-53689.patch: ZDR: check the string size for + sanity (bsc#1268135 CVE-2026-53689). +- Add libnfs-CVE-2026-57918.patch: socket: prevent an underflow in + xid (CVE-2026-57918). + +------------------------------------------------------------------- Old: ---- libnfs-5.0.3-glibc-2_43-2.patch libnfs-5.0.3.tar.gz New: ---- libnfs-6.0.2.tar.gz libnfs-CVE-2026-53689.patch libnfs-CVE-2026-57918.patch ----------(Old B)---------- Old:- Rebase libnfs-5.0.3-glibc-2_43.patch: use the upstream pr. - Drop libnfs-5.0.3-glibc-2_43-2.patch: no longer relevant. - Add libnfs-CVE-2026-53689.patch: ZDR: check the string size for ----------(Old E)---------- ----------(New B)---------- New:- Drop libnfs-5.0.3-glibc-2_43-2.patch: no longer relevant. - Add libnfs-CVE-2026-53689.patch: ZDR: check the string size for sanity (bsc#1268135 CVE-2026-53689). New: sanity (bsc#1268135 CVE-2026-53689). - Add libnfs-CVE-2026-57918.patch: socket: prevent an underflow in xid (CVE-2026-57918). ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libnfs.spec ++++++ --- /var/tmp/diff_new_pack.S8mZGb/_old 2026-07-10 17:39:07.828691864 +0200 +++ /var/tmp/diff_new_pack.S8mZGb/_new 2026-07-10 17:39:07.832692002 +0200 @@ -1,7 +1,7 @@ # # spec file for package libnfs # -# Copyright (c) 2026 SUSE LLC +# Copyright (c) 2026 SUSE LLC and contributors # Copyright (c) 2015 Bjørn Lie, Bryne, Norway. # Copyright (c) 2026 Andreas Stieger <[email protected]> # @@ -18,9 +18,9 @@ # -%define sover 14 +%define sover 16 Name: libnfs -Version: 5.0.3 +Version: 6.0.2 Release: 0 Summary: Client library for accessing NFS shares over a network License: BSD-2-Clause AND LGPL-2.1-or-later AND GPL-3.0-or-later @@ -28,10 +28,14 @@ URL: https://github.com/sahlberg/libnfs Source0: %{url}/archive/libnfs-%{version}.tar.gz Patch0: libnfs-5.0.3-glibc-2_43.patch -Patch1: libnfs-5.0.3-glibc-2_43-2.patch +# PATCH-FIX-UPSTREAM libnfs-CVE-2026-53689.patch bsc#1268135 [email protected] -- ZDR: check the string size for sanity. +Patch1: libnfs-CVE-2026-53689.patch +# PATCH-FIX-UPSTReAM libnfs-CVE-2026-57918.patch [email protected] -- socket: prevent an underflow in xid. +Patch2: libnfs-CVE-2026-57918.patch BuildRequires: autoconf BuildRequires: libtool BuildRequires: pkgconfig +BuildRequires: pkgconfig(krb5-gssapi) %description Package contains a library of functions for accessing NFSv2 and ++++++ libnfs-5.0.3-glibc-2_43.patch ++++++ --- /var/tmp/diff_new_pack.S8mZGb/_old 2026-07-10 17:39:07.864693107 +0200 +++ /var/tmp/diff_new_pack.S8mZGb/_new 2026-07-10 17:39:07.868693245 +0200 @@ -1,14 +1,25 @@ -Taken from https://github.com/sahlberg/libnfs/pull/576 -https://github.com/sahlberg/libnfs/pull/576/commits/89a795fee97a3da348c28dbd58500100a13dcec0 -https://github.com/sahlberg/libnfs/pull/576/commits/6a06cb6dba0065705179329729cca2f95a842a63 +From 89a795fee97a3da348c28dbd58500100a13dcec0 Mon Sep 17 00:00:00 2001 +From: Rudi Heitbaum <[email protected]> +Date: Sun, 25 Jan 2026 08:30:43 +0000 +Subject: [PATCH 1/2] Do not edit const and use const qualifier from pointer + target type -Index: libnfs-libnfs-5.0.3/lib/libnfs.c -=================================================================== ---- libnfs-libnfs-5.0.3.orig/lib/libnfs.c -+++ libnfs-libnfs-5.0.3/lib/libnfs.c -@@ -336,9 +336,8 @@ nfs_set_context_args(struct nfs_context - } else if (!strcmp(arg, "mountport")) { - nfs_set_mountport(nfs, atoi(val)); +Fixes: + ../../lib/libnfs.c: In function 'nfs_set_context_args': + ../../lib/libnfs.c:301:30: error: initialization discards 'const' qualifier from pointer target type [-Werror=discarded-qualifiers] + 301 | char *strp = strchr(val, ','); + | ^~~~~~ +--- + lib/libnfs.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/lib/libnfs.c b/lib/libnfs.c +index bbe66667..162492ba 100755 +--- a/lib/libnfs.c ++++ b/lib/libnfs.c +@@ -316,9 +316,8 @@ nfs_set_context_args(struct nfs_context *nfs, const char *arg, const char *val) + } else if (!strcmp(arg, "wsize")) { + nfs_set_writemax(nfs, atoi(val)); } else if (!strcmp(arg, "readdir-buffer")) { - char *strp = strchr(val, ','); + const char *strp = strchr(val, ','); @@ -17,11 +28,38 @@ strp++; nfs_set_readdir_max_buffer_size(nfs, atoi(val), atoi(strp)); } else { -Index: libnfs-libnfs-5.0.3/lib/nfs_v3.c -=================================================================== ---- libnfs-libnfs-5.0.3.orig/lib/nfs_v3.c -+++ libnfs-libnfs-5.0.3/lib/nfs_v3.c -@@ -3218,7 +3218,7 @@ int + +From 6a06cb6dba0065705179329729cca2f95a842a63 Mon Sep 17 00:00:00 2001 +From: Rudi Heitbaum <[email protected]> +Date: Sun, 25 Jan 2026 08:42:18 +0000 +Subject: [PATCH 2/2] use const qualifier from pointer target type + +Fixes: + ../../lib/nfs_v3.c: In function 'nfs3_mknod_async': + ../../lib/nfs_v3.c:3260:13: error: assignment discards 'const' qualifier from pointer target type [-Werror=discarded-qualifiers] + 3260 | ptr = strrchr(path, '/'); + | ^ + ../../lib/nfs_v3.c: In function 'nfs3_unlink_async': + ../../lib/nfs_v3.c:3361:13: error: assignment discards 'const' qualifier from pointer target type [-Werror=discarded-qualifiers] + 3361 | ptr = strrchr(path, '/'); + | ^ + ../../lib/nfs_v3.c: In function 'nfs3_rmdir_async': + ../../lib/nfs_v3.c:3472:13: error: assignment discards 'const' qualifier from pointer target type [-Werror=discarded-qualifiers] + 3472 | ptr = strrchr(path, '/'); + | ^ + ../../lib/nfs_v3.c: In function 'nfs3_mkdir2_async': + ../../lib/nfs_v3.c:3574:13: error: assignment discards 'const' qualifier from pointer target type [-Werror=discarded-qualifiers] + 3574 | ptr = strrchr(path, '/'); + | ^ +--- + lib/nfs_v3.c | 24 ++++++++++++------------ + 1 file changed, 12 insertions(+), 12 deletions(-) + +diff --git a/lib/nfs_v3.c b/lib/nfs_v3.c +index addd0ae1..2c32fff7 100644 +--- a/lib/nfs_v3.c ++++ b/lib/nfs_v3.c +@@ -3244,7 +3244,7 @@ int nfs3_mknod_async(struct nfs_context *nfs, const char *path, int mode, int dev, nfs_cb cb, void *private_data) { @@ -30,7 +68,7 @@ struct mknod_cb_data *cb_data; cb_data = malloc(sizeof(struct mknod_cb_data)); -@@ -3236,8 +3236,8 @@ nfs3_mknod_async(struct nfs_context *nfs +@@ -3262,8 +3262,8 @@ nfs3_mknod_async(struct nfs_context *nfs, const char *path, int mode, int dev, "buffer for mknod path"); return -1; } @@ -41,7 +79,7 @@ } else { cb_data->path = malloc(strlen(path) + 2); if (cb_data->path == NULL) { -@@ -3327,7 +3327,7 @@ nfs3_unlink_async(struct nfs_context *nf +@@ -3353,7 +3353,7 @@ nfs3_unlink_async(struct nfs_context *nfs, const char *path, nfs_cb cb, void *private_data) { char *new_path; @@ -50,7 +88,7 @@ ptr = strrchr(path, '/'); if (ptr) { -@@ -3337,8 +3337,8 @@ nfs3_unlink_async(struct nfs_context *nf +@@ -3363,8 +3363,8 @@ nfs3_unlink_async(struct nfs_context *nfs, const char *path, nfs_cb cb, "buffer for unlink path"); return -1; } @@ -61,7 +99,7 @@ } else { new_path = malloc(strlen(path) + 2); if (new_path == NULL) { -@@ -3693,7 +3693,7 @@ nfs3_rmdir_async(struct nfs_context *nfs +@@ -3464,7 +3464,7 @@ nfs3_rmdir_async(struct nfs_context *nfs, const char *path, nfs_cb cb, void *private_data) { char *new_path; @@ -70,7 +108,7 @@ ptr = strrchr(path, '/'); if (ptr) { -@@ -3703,8 +3703,8 @@ nfs3_rmdir_async(struct nfs_context *nfs +@@ -3474,8 +3474,8 @@ nfs3_rmdir_async(struct nfs_context *nfs, const char *path, nfs_cb cb, "buffer for rmdir path"); return -1; } @@ -81,7 +119,7 @@ } else { new_path = malloc(strlen(path) + 2); if (new_path == NULL) { -@@ -3795,7 +3795,7 @@ nfs3_mkdir2_async(struct nfs_context *nf +@@ -3566,7 +3566,7 @@ nfs3_mkdir2_async(struct nfs_context *nfs, const char *path, int mode, nfs_cb cb, void *private_data) { char *new_path; @@ -90,7 +128,7 @@ ptr = strrchr(path, '/'); if (ptr) { -@@ -3805,8 +3805,8 @@ nfs3_mkdir2_async(struct nfs_context *nf +@@ -3576,8 +3576,8 @@ nfs3_mkdir2_async(struct nfs_context *nfs, const char *path, int mode, "buffer for mkdir path"); return -1; } ++++++ libnfs-5.0.3.tar.gz -> libnfs-6.0.2.tar.gz ++++++ ++++ 26881 lines of diff (skipped) ++++++ libnfs-CVE-2026-53689.patch ++++++ >From 55c18ea33a83d667f79f0ef209c96895795c729f Mon Sep 17 00:00:00 2001 From: Ronnie Sahlberg <[email protected]> Date: Wed, 10 Jun 2026 11:43:28 +1000 Subject: [PATCH] ZDR: check the string size for sanity It could otherwise cause an overflow in the bounds check later. Reported-by: Nick Hummel <[email protected]> Signed-off-by: Ronnie Sahlberg <[email protected]> --- lib/libnfs-zdr.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/libnfs-zdr.c b/lib/libnfs-zdr.c index 2945dc4..357b274 100644 --- a/lib/libnfs-zdr.c +++ b/lib/libnfs-zdr.c @@ -318,7 +318,9 @@ bool_t libnfs_zdr_string(ZDR *zdrs, char **strp, uint32_t maxsize) if (!libnfs_zdr_u_int(zdrs, &size)) { return FALSE; } - + if (size > zdrs->size) { + return FALSE; + } if (zdrs->pos + (int)size > zdrs->size) { return FALSE; } -- 2.54.0 ++++++ libnfs-CVE-2026-57918.patch ++++++ >From 935b8db712b3c6649bc57ddc276526c4a31680de Mon Sep 17 00:00:00 2001 From: Ronnie Sahlberg <[email protected]> Date: Wed, 10 Jun 2026 12:21:58 +1000 Subject: [PATCH] socket: prevent an underflow in xid if the expected pdu-size is larger than the absolute pdu size from the xid/record-marker. Reported-by: Nick Hummel <[email protected]> Signed-off-by: Ronnie Sahlberg <[email protected]> --- lib/socket.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/socket.c b/lib/socket.c index 57ffdb5..fea0479 100644 --- a/lib/socket.c +++ b/lib/socket.c @@ -980,6 +980,9 @@ rpc_read_from_socket(struct rpc_context *rpc) break; case READ_IOVEC: rpc->pdu->read_count -= rpc->pdu_size; + if (rpc->rm_xid[0] < rpc->pdu_size) { + return -1; + } rpc->rm_xid[0] -= rpc->pdu_size; if (!rpc->rm_xid[0]) { rpc_finished_pdu(rpc); -- 2.54.0
