Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package libnfs for openSUSE:Factory checked 
in at 2026-07-10 17:36:50
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libnfs (Old)
 and      /work/SRC/openSUSE:Factory/.libnfs.new.1991 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "libnfs"

Fri Jul 10 17:36:50 2026 rev:13 rq:1362601 version:6.0.2

Changes:
--------
--- /work/SRC/openSUSE:Factory/libnfs/libnfs.changes    2026-04-07 
16:47:16.652504150 +0200
+++ /work/SRC/openSUSE:Factory/.libnfs.new.1991/libnfs.changes  2026-07-10 
17:39:05.676617580 +0200
@@ -1,0 +2,17 @@
+Sat Jun 27 16:10:53 UTC 2026 - Michael Gorse <[email protected]>
+
+- Update to version 6.0.2:
+  + KRB5 / TLS support.
+  + Zero-Copy READ support.
+    New API and changed function signatures. Can be checked via
+    LIBNFS_API_V2.
+- sover is now 16.
+- Add krb5-gssapi to BuildRequires: new dependency.
+- Rebase libnfs-5.0.3-glibc-2_43.patch: use the upstream pr.
+- Drop libnfs-5.0.3-glibc-2_43-2.patch: no longer relevant.
+- Add libnfs-CVE-2026-53689.patch: ZDR: check the string size for
+  sanity (bsc#1268135 CVE-2026-53689).
+- Add libnfs-CVE-2026-57918.patch: socket: prevent an underflow in
+  xid (CVE-2026-57918).
+
+-------------------------------------------------------------------

Old:
----
  libnfs-5.0.3-glibc-2_43-2.patch
  libnfs-5.0.3.tar.gz

New:
----
  libnfs-6.0.2.tar.gz
  libnfs-CVE-2026-53689.patch
  libnfs-CVE-2026-57918.patch

----------(Old B)----------
  Old:- Rebase libnfs-5.0.3-glibc-2_43.patch: use the upstream pr.
- Drop libnfs-5.0.3-glibc-2_43-2.patch: no longer relevant.
- Add libnfs-CVE-2026-53689.patch: ZDR: check the string size for
----------(Old E)----------

----------(New B)----------
  New:- Drop libnfs-5.0.3-glibc-2_43-2.patch: no longer relevant.
- Add libnfs-CVE-2026-53689.patch: ZDR: check the string size for
  sanity (bsc#1268135 CVE-2026-53689).
  New:  sanity (bsc#1268135 CVE-2026-53689).
- Add libnfs-CVE-2026-57918.patch: socket: prevent an underflow in
  xid (CVE-2026-57918).
----------(New E)----------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ libnfs.spec ++++++
--- /var/tmp/diff_new_pack.S8mZGb/_old  2026-07-10 17:39:07.828691864 +0200
+++ /var/tmp/diff_new_pack.S8mZGb/_new  2026-07-10 17:39:07.832692002 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package libnfs
 #
-# Copyright (c) 2026 SUSE LLC
+# Copyright (c) 2026 SUSE LLC and contributors
 # Copyright (c) 2015 Bjørn Lie, Bryne, Norway.
 # Copyright (c) 2026 Andreas Stieger <[email protected]>
 #
@@ -18,9 +18,9 @@
 #
 
 
-%define sover   14
+%define sover   16
 Name:           libnfs
-Version:        5.0.3
+Version:        6.0.2
 Release:        0
 Summary:        Client library for accessing NFS shares over a network
 License:        BSD-2-Clause AND LGPL-2.1-or-later AND GPL-3.0-or-later
@@ -28,10 +28,14 @@
 URL:            https://github.com/sahlberg/libnfs
 Source0:        %{url}/archive/libnfs-%{version}.tar.gz
 Patch0:         libnfs-5.0.3-glibc-2_43.patch
-Patch1:         libnfs-5.0.3-glibc-2_43-2.patch
+# PATCH-FIX-UPSTREAM libnfs-CVE-2026-53689.patch bsc#1268135 [email protected] 
-- ZDR: check the string size for sanity.
+Patch1:         libnfs-CVE-2026-53689.patch
+# PATCH-FIX-UPSTReAM libnfs-CVE-2026-57918.patch [email protected] -- socket: 
prevent an underflow in xid.
+Patch2:         libnfs-CVE-2026-57918.patch
 BuildRequires:  autoconf
 BuildRequires:  libtool
 BuildRequires:  pkgconfig
+BuildRequires:  pkgconfig(krb5-gssapi)
 
 %description
 Package contains a library of functions for accessing NFSv2 and

++++++ libnfs-5.0.3-glibc-2_43.patch ++++++
--- /var/tmp/diff_new_pack.S8mZGb/_old  2026-07-10 17:39:07.864693107 +0200
+++ /var/tmp/diff_new_pack.S8mZGb/_new  2026-07-10 17:39:07.868693245 +0200
@@ -1,14 +1,25 @@
-Taken from https://github.com/sahlberg/libnfs/pull/576
-https://github.com/sahlberg/libnfs/pull/576/commits/89a795fee97a3da348c28dbd58500100a13dcec0
-https://github.com/sahlberg/libnfs/pull/576/commits/6a06cb6dba0065705179329729cca2f95a842a63
+From 89a795fee97a3da348c28dbd58500100a13dcec0 Mon Sep 17 00:00:00 2001
+From: Rudi Heitbaum <[email protected]>
+Date: Sun, 25 Jan 2026 08:30:43 +0000
+Subject: [PATCH 1/2] Do not edit const and use const qualifier from pointer
+ target type
 
-Index: libnfs-libnfs-5.0.3/lib/libnfs.c
-===================================================================
---- libnfs-libnfs-5.0.3.orig/lib/libnfs.c
-+++ libnfs-libnfs-5.0.3/lib/libnfs.c
-@@ -336,9 +336,8 @@ nfs_set_context_args(struct nfs_context
-       } else if (!strcmp(arg, "mountport")) {
-               nfs_set_mountport(nfs, atoi(val));
+Fixes:
+    ../../lib/libnfs.c: In function 'nfs_set_context_args':
+    ../../lib/libnfs.c:301:30: error: initialization discards 'const' 
qualifier from pointer target type [-Werror=discarded-qualifiers]
+      301 |                 char *strp = strchr(val, ',');
+          |                              ^~~~~~
+---
+ lib/libnfs.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/lib/libnfs.c b/lib/libnfs.c
+index bbe66667..162492ba 100755
+--- a/lib/libnfs.c
++++ b/lib/libnfs.c
+@@ -316,9 +316,8 @@ nfs_set_context_args(struct nfs_context *nfs, const char 
*arg, const char *val)
+       } else if (!strcmp(arg, "wsize")) {
+               nfs_set_writemax(nfs, atoi(val));
        } else if (!strcmp(arg, "readdir-buffer")) {
 -              char *strp = strchr(val, ',');
 +              const char *strp = strchr(val, ',');
@@ -17,11 +28,38 @@
                        strp++;
                        nfs_set_readdir_max_buffer_size(nfs, atoi(val), 
atoi(strp));
                } else {
-Index: libnfs-libnfs-5.0.3/lib/nfs_v3.c
-===================================================================
---- libnfs-libnfs-5.0.3.orig/lib/nfs_v3.c
-+++ libnfs-libnfs-5.0.3/lib/nfs_v3.c
-@@ -3218,7 +3218,7 @@ int
+
+From 6a06cb6dba0065705179329729cca2f95a842a63 Mon Sep 17 00:00:00 2001
+From: Rudi Heitbaum <[email protected]>
+Date: Sun, 25 Jan 2026 08:42:18 +0000
+Subject: [PATCH 2/2] use const qualifier from pointer target type
+
+Fixes:
+    ../../lib/nfs_v3.c: In function 'nfs3_mknod_async':
+    ../../lib/nfs_v3.c:3260:13: error: assignment discards 'const' qualifier 
from pointer target type [-Werror=discarded-qualifiers]
+     3260 |         ptr = strrchr(path, '/');
+          |             ^
+    ../../lib/nfs_v3.c: In function 'nfs3_unlink_async':
+    ../../lib/nfs_v3.c:3361:13: error: assignment discards 'const' qualifier 
from pointer target type [-Werror=discarded-qualifiers]
+     3361 |         ptr = strrchr(path, '/');
+          |             ^
+    ../../lib/nfs_v3.c: In function 'nfs3_rmdir_async':
+    ../../lib/nfs_v3.c:3472:13: error: assignment discards 'const' qualifier 
from pointer target type [-Werror=discarded-qualifiers]
+     3472 |         ptr = strrchr(path, '/');
+          |             ^
+    ../../lib/nfs_v3.c: In function 'nfs3_mkdir2_async':
+    ../../lib/nfs_v3.c:3574:13: error: assignment discards 'const' qualifier 
from pointer target type [-Werror=discarded-qualifiers]
+     3574 |         ptr = strrchr(path, '/');
+          |             ^
+---
+ lib/nfs_v3.c | 24 ++++++++++++------------
+ 1 file changed, 12 insertions(+), 12 deletions(-)
+
+diff --git a/lib/nfs_v3.c b/lib/nfs_v3.c
+index addd0ae1..2c32fff7 100644
+--- a/lib/nfs_v3.c
++++ b/lib/nfs_v3.c
+@@ -3244,7 +3244,7 @@ int
  nfs3_mknod_async(struct nfs_context *nfs, const char *path, int mode, int dev,
                   nfs_cb cb, void *private_data)
  {
@@ -30,7 +68,7 @@
        struct mknod_cb_data *cb_data;
  
        cb_data = malloc(sizeof(struct mknod_cb_data));
-@@ -3236,8 +3236,8 @@ nfs3_mknod_async(struct nfs_context *nfs
+@@ -3262,8 +3262,8 @@ nfs3_mknod_async(struct nfs_context *nfs, const char 
*path, int mode, int dev,
                                        "buffer for mknod path");
                          return -1;
                  }
@@ -41,7 +79,7 @@
          } else {
                  cb_data->path = malloc(strlen(path) + 2);
                  if (cb_data->path == NULL) {
-@@ -3327,7 +3327,7 @@ nfs3_unlink_async(struct nfs_context *nf
+@@ -3353,7 +3353,7 @@ nfs3_unlink_async(struct nfs_context *nfs, const char 
*path, nfs_cb cb,
                    void *private_data)
  {
        char *new_path;
@@ -50,7 +88,7 @@
  
          ptr = strrchr(path, '/');
          if (ptr) {
-@@ -3337,8 +3337,8 @@ nfs3_unlink_async(struct nfs_context *nf
+@@ -3363,8 +3363,8 @@ nfs3_unlink_async(struct nfs_context *nfs, const char 
*path, nfs_cb cb,
                                        "buffer for unlink path");
                          return -1;
                  }
@@ -61,7 +99,7 @@
          } else {
                  new_path = malloc(strlen(path) + 2);
                  if (new_path == NULL) {
-@@ -3693,7 +3693,7 @@ nfs3_rmdir_async(struct nfs_context *nfs
+@@ -3464,7 +3464,7 @@ nfs3_rmdir_async(struct nfs_context *nfs, const char 
*path, nfs_cb cb,
                   void *private_data)
  {
        char *new_path;
@@ -70,7 +108,7 @@
  
          ptr = strrchr(path, '/');
          if (ptr) {
-@@ -3703,8 +3703,8 @@ nfs3_rmdir_async(struct nfs_context *nfs
+@@ -3474,8 +3474,8 @@ nfs3_rmdir_async(struct nfs_context *nfs, const char 
*path, nfs_cb cb,
                                        "buffer for rmdir path");
                          return -1;
                  }
@@ -81,7 +119,7 @@
          } else {
                  new_path = malloc(strlen(path) + 2);
                  if (new_path == NULL) {
-@@ -3795,7 +3795,7 @@ nfs3_mkdir2_async(struct nfs_context *nf
+@@ -3566,7 +3566,7 @@ nfs3_mkdir2_async(struct nfs_context *nfs, const char 
*path, int mode,
                   nfs_cb cb, void *private_data)
  {
        char *new_path;
@@ -90,7 +128,7 @@
  
          ptr = strrchr(path, '/');
          if (ptr) {
-@@ -3805,8 +3805,8 @@ nfs3_mkdir2_async(struct nfs_context *nf
+@@ -3576,8 +3576,8 @@ nfs3_mkdir2_async(struct nfs_context *nfs, const char 
*path, int mode,
                                        "buffer for mkdir path");
                          return -1;
                  }

++++++ libnfs-5.0.3.tar.gz -> libnfs-6.0.2.tar.gz ++++++
++++ 26881 lines of diff (skipped)

++++++ libnfs-CVE-2026-53689.patch ++++++
>From 55c18ea33a83d667f79f0ef209c96895795c729f Mon Sep 17 00:00:00 2001
From: Ronnie Sahlberg <[email protected]>
Date: Wed, 10 Jun 2026 11:43:28 +1000
Subject: [PATCH] ZDR: check the string size for sanity

It could otherwise cause an overflow in the bounds check later.

Reported-by: Nick Hummel <[email protected]>
Signed-off-by: Ronnie Sahlberg <[email protected]>
---
 lib/libnfs-zdr.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/libnfs-zdr.c b/lib/libnfs-zdr.c
index 2945dc4..357b274 100644
--- a/lib/libnfs-zdr.c
+++ b/lib/libnfs-zdr.c
@@ -318,7 +318,9 @@ bool_t libnfs_zdr_string(ZDR *zdrs, char **strp, uint32_t 
maxsize)
        if (!libnfs_zdr_u_int(zdrs, &size)) {
                return FALSE;
        }
-
+       if (size > zdrs->size) {
+               return FALSE;
+       }
        if (zdrs->pos + (int)size > zdrs->size) {
                return FALSE;
        }
-- 
2.54.0


++++++ libnfs-CVE-2026-57918.patch ++++++
>From 935b8db712b3c6649bc57ddc276526c4a31680de Mon Sep 17 00:00:00 2001
From: Ronnie Sahlberg <[email protected]>
Date: Wed, 10 Jun 2026 12:21:58 +1000
Subject: [PATCH] socket: prevent an underflow in xid

if the expected pdu-size is larger than the absolute pdu size
from the xid/record-marker.

Reported-by: Nick Hummel <[email protected]>
Signed-off-by: Ronnie Sahlberg <[email protected]>
---
 lib/socket.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/socket.c b/lib/socket.c
index 57ffdb5..fea0479 100644
--- a/lib/socket.c
+++ b/lib/socket.c
@@ -980,6 +980,9 @@ rpc_read_from_socket(struct rpc_context *rpc)
                                 break;
                         case READ_IOVEC:
                                 rpc->pdu->read_count -= rpc->pdu_size;
+                                if (rpc->rm_xid[0] < rpc->pdu_size) {
+                                        return -1;
+                                }
                                 rpc->rm_xid[0] -= rpc->pdu_size;
                                 if (!rpc->rm_xid[0]) {
                                         rpc_finished_pdu(rpc);
-- 
2.54.0

Reply via email to