diff -Nru openwsman-2.4.3/bindings/openwsman.i openwsman-2.4.7/bindings/openwsman.i --- openwsman-2.4.3/bindings/openwsman.i 2013-12-23 10:47:33.000000000 +0000 +++ openwsman-2.4.7/bindings/openwsman.i 2014-05-21 08:16:17.000000000 +0000 @@ -271,7 +271,9 @@ /* Microsoft HyperV */ { 4, "Msvm", "http://schemas.microsoft.com/wbem/wsman/1/wmi" }, /* Dell DRAC */ - { 4, "DCIM", "http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2" }, + { 4, "DCIM", "http://schemas.dell.com/wbem/wscim/1/cim-schema/2" }, + /* Unisys */ + { 4, "SPAR", "http://schema.unisys.com/wbem/wscim/1/cim-schema/2" }, { 0, NULL, NULL } }; const char *schema_end; diff -Nru openwsman-2.4.3/bindings/python/CMakeLists.txt openwsman-2.4.7/bindings/python/CMakeLists.txt --- openwsman-2.4.3/bindings/python/CMakeLists.txt 2013-12-23 10:47:33.000000000 +0000 +++ openwsman-2.4.7/bindings/python/CMakeLists.txt 2014-05-21 08:16:17.000000000 +0000 @@ -36,7 +36,7 @@ ADD_LIBRARY( pywsman SHARED ${pywsman_SRCS} ) SET_TARGET_PROPERTIES( pywsman PROPERTIES PREFIX "_" ) -INCLUDE_DIRECTORIES( ${PYTHON_INCLUDE_PATH} ) +INCLUDE_DIRECTORIES( ${PYTHON_INCLUDE_DIRS} ) INCLUDE_DIRECTORIES( ${CMAKE_CURRENT_BINARY_DIR} ) INCLUDE_DIRECTORIES( ${CMAKE_SOURCE_DIR} ${CMAKE_SOURCE_DIR}/bindings ${CMAKE_SOURCE_DIR}/include ) diff -Nru openwsman-2.4.3/bindings/ruby/openwsman.gemspec.in openwsman-2.4.7/bindings/ruby/openwsman.gemspec.in --- openwsman-2.4.3/bindings/ruby/openwsman.gemspec.in 2013-12-23 10:47:33.000000000 +0000 +++ openwsman-2.4.7/bindings/ruby/openwsman.gemspec.in 2014-05-21 08:16:17.000000000 +0000 @@ -6,7 +6,7 @@ s.platform = Gem::Platform::RUBY s.authors = ["Klaus Kämpf"] s.email = ["kkaempf@suse.de"] - s.homepage = "http://www.github.com/openwsman/openwsman" + s.homepage = "http://openwsman.github.io" s.summary = "Ruby client bindings for Openwsman" s.description = "The openwsman gem provides a Ruby API to manage systems using the WS-Management protocol." diff -Nru openwsman-2.4.3/bindings/ruby/rdoc1_9.rb openwsman-2.4.7/bindings/ruby/rdoc1_9.rb --- openwsman-2.4.3/bindings/ruby/rdoc1_9.rb 1970-01-01 00:00:00.000000000 +0000 +++ openwsman-2.4.7/bindings/ruby/rdoc1_9.rb 2013-11-26 16:41:48.000000000 +0000 @@ -0,0 +1,67 @@ +#!/usr/bin/ruby1.8 +# +# RDoc: Documentation tool for source code +# (see lib/rdoc/rdoc.rb for more information) +# +# Copyright (c) 2003 Dave Thomas +# Released under the same terms as Ruby +# +# $Revision: 11708 $ + +## Transitional Hack #### +# +# RDoc was initially distributed independently, and installed +# itself into /lib/ruby/site_ruby//rdoc... +# +# Now that RDoc is part of the distribution, it's installed into +# /lib/ruby/, which unfortunately appears later in the +# search path. This means that if you have previously installed RDoc, +# and then install from ruby-lang, you'll pick up the old one by +# default. This hack checks for the condition, and readjusts the +# search path if necessary. + +def adjust_for_existing_rdoc(path) + + $stderr.puts %{ + It seems as if you have a previously-installed RDoc in + the directory #{path}. + + Because this is now out-of-date, you might want to consider + removing the directories: + + #{File.join(path, "rdoc")} + + and + + #{File.join(path, "markup")} + + } + + # Move all the site_ruby directories to the end + p $: + $:.replace($:.partition {|path| /site_ruby/ !~ path}.flatten) + p $: +end + +$:.each do |path| + if /site_ruby/ =~ path + rdoc_path = File.join(path, 'rdoc', 'rdoc.rb') + if File.exists?(rdoc_path) + adjust_for_existing_rdoc(path) + break + end + end +end + +## End of Transitional Hack ## + + +require 'rdoc/rdoc' + +begin + r = RDoc::RDoc.new + r.document(ARGV) +rescue RDoc::RDocError => e + $stderr.puts e.message + exit(1) +end diff -Nru openwsman-2.4.3/bindings/ruby/rdoc2_0.rb openwsman-2.4.7/bindings/ruby/rdoc2_0.rb --- openwsman-2.4.3/bindings/ruby/rdoc2_0.rb 1970-01-01 00:00:00.000000000 +0000 +++ openwsman-2.4.7/bindings/ruby/rdoc2_0.rb 2013-11-26 16:41:48.000000000 +0000 @@ -0,0 +1,67 @@ +#!/usr/bin/ruby1.8 +# +# RDoc: Documentation tool for source code +# (see lib/rdoc/rdoc.rb for more information) +# +# Copyright (c) 2003 Dave Thomas +# Released under the same terms as Ruby +# +# $Revision: 11708 $ + +## Transitional Hack #### +# +# RDoc was initially distributed independently, and installed +# itself into /lib/ruby/site_ruby//rdoc... +# +# Now that RDoc is part of the distribution, it's installed into +# /lib/ruby/, which unfortunately appears later in the +# search path. This means that if you have previously installed RDoc, +# and then install from ruby-lang, you'll pick up the old one by +# default. This hack checks for the condition, and readjusts the +# search path if necessary. + +def adjust_for_existing_rdoc(path) + + $stderr.puts %{ + It seems as if you have a previously-installed RDoc in + the directory #{path}. + + Because this is now out-of-date, you might want to consider + removing the directories: + + #{File.join(path, "rdoc")} + + and + + #{File.join(path, "markup")} + + } + + # Move all the site_ruby directories to the end + p $: + $:.replace($:.partition {|path| /site_ruby/ !~ path}.flatten) + p $: +end + +$:.each do |path| + if /site_ruby/ =~ path + rdoc_path = File.join(path, 'rdoc', 'rdoc.rb') + if File.exists?(rdoc_path) + adjust_for_existing_rdoc(path) + break + end + end +end + +## End of Transitional Hack ## + + +require 'rdoc/rdoc' + +begin + r = RDoc::RDoc.new + r.document(ARGV) +rescue RDoc::RDocError => e + $stderr.puts e.message + exit(1) +end diff -Nru openwsman-2.4.3/bindings/ruby/rdoc2.1 openwsman-2.4.7/bindings/ruby/rdoc2.1 --- openwsman-2.4.3/bindings/ruby/rdoc2.1 1970-01-01 00:00:00.000000000 +0000 +++ openwsman-2.4.7/bindings/ruby/rdoc2.1 2014-05-21 08:16:17.000000000 +0000 @@ -0,0 +1,10 @@ +#!/usr/bin/env ruby +require 'rdoc' + +require 'rdoc/encoding' +require 'rdoc/parser' + +# Simple must come first +require 'rdoc/parser/simple' +require File.join(File.dirname(__FILE__),'rdoc_parser_swig') +require File.join(File.dirname(__FILE__),'rdoc2_1') diff -Nru openwsman-2.4.3/bindings/ruby/rdoc2_1.rb openwsman-2.4.7/bindings/ruby/rdoc2_1.rb --- openwsman-2.4.3/bindings/ruby/rdoc2_1.rb 1970-01-01 00:00:00.000000000 +0000 +++ openwsman-2.4.7/bindings/ruby/rdoc2_1.rb 2013-11-26 16:41:48.000000000 +0000 @@ -0,0 +1,67 @@ +#!/usr/bin/ruby1.8 +# +# RDoc: Documentation tool for source code +# (see lib/rdoc/rdoc.rb for more information) +# +# Copyright (c) 2003 Dave Thomas +# Released under the same terms as Ruby +# +# $Revision: 11708 $ + +## Transitional Hack #### +# +# RDoc was initially distributed independently, and installed +# itself into /lib/ruby/site_ruby//rdoc... +# +# Now that RDoc is part of the distribution, it's installed into +# /lib/ruby/, which unfortunately appears later in the +# search path. This means that if you have previously installed RDoc, +# and then install from ruby-lang, you'll pick up the old one by +# default. This hack checks for the condition, and readjusts the +# search path if necessary. + +def adjust_for_existing_rdoc(path) + + $stderr.puts %{ + It seems as if you have a previously-installed RDoc in + the directory #{path}. + + Because this is now out-of-date, you might want to consider + removing the directories: + + #{File.join(path, "rdoc")} + + and + + #{File.join(path, "markup")} + + } + + # Move all the site_ruby directories to the end + p $: + $:.replace($:.partition {|path| /site_ruby/ !~ path}.flatten) + p $: +end + +$:.each do |path| + if /site_ruby/ =~ path + rdoc_path = File.join(path, 'rdoc', 'rdoc.rb') + if File.exists?(rdoc_path) + adjust_for_existing_rdoc(path) + break + end + end +end + +## End of Transitional Hack ## + + +require 'rdoc/rdoc' + +begin + r = RDoc::RDoc.new + r.document(ARGV) +rescue RDoc::RDocError => e + $stderr.puts e.message + exit(1) +end diff -Nru openwsman-2.4.3/bindings/ruby/README.rdoc openwsman-2.4.7/bindings/ruby/README.rdoc --- openwsman-2.4.3/bindings/ruby/README.rdoc 2013-12-23 10:47:33.000000000 +0000 +++ openwsman-2.4.7/bindings/ruby/README.rdoc 2014-05-21 08:16:17.000000000 +0000 @@ -2,9 +2,9 @@ home :: http://openwsman.github.io wiki :: https://github.com/Openwsman/openwsman/wiki -mailing list :: openwsman-devel@lists.sourceforge.net +mailing list :: mailto:openwsman-devel@lists.sourceforge.net source :: https://github.com/Openwsman/openwsman -rdoc :: http://www.suse.de/~kkaempf/openwsman +rdoc :: http://openwsman.github.io/rdoc bugs :: https://github.com/Openwsman/openwsman/issues code climate :: {

}[https://codeclimate.com/github/Openwsman/openwsman] diff -Nru openwsman-2.4.3/ChangeLog openwsman-2.4.7/ChangeLog --- openwsman-2.4.3/ChangeLog 2013-12-23 10:47:33.000000000 +0000 +++ openwsman-2.4.7/ChangeLog 2014-05-21 08:16:17.000000000 +0000 @@ -1,3 +1,52 @@ +2.4.7 +- Bugfixes + - file authenticator: allow password hash of up to 128 characters + - libu: don't exit() on malloc errors + +2.4.6 +- Features + - Support large hashes (like SHA512) in file authentication + - use constant-time password compare to prevent brute-force attacks + - Create server-plugin-ruby as separate RPM + - Add Unisys namespace and CIM class prefix 'SPAR' + - Alias openwsman and openwsmand systemd services + - Also create respective rc-commands: rcopenwsman, rcopenwsmand + (SUSE only) +- Bugfixes + - Fix crash on invalide resource URI + - Fix resource namespace for DCIM_ classes + +2.4.5 +- Features + - enforce SSL operation in systemd service + - Add /usr/sbin/rcopenwsman for systemd environments + - New environment variable 'OPENWSMAN_CURL_TRANSPORT_SSLVERSION' to + select SSL protocol version. Set it to 'tlsv1.2' for TLS-v1.2 + (anstein) +- Bugfixes + - Fix memory leaks in redirect plugin (Praveen K Paladugu) + - shttpd: Improve error reporting if SSL context fails + - Builds on Fedora 20 now + +2.4.4 +- Security update + - ws_xml_make_default_prefix() can overflow buf parameter via sprintf() + - ws_xml_make_default_prefix() can overflow buf parameter via sprintf() + - wsmc_create_request() potential buf[20] overflow via WSMAN_ACTION_RENEW + - LocalSubscriptionOpUpdate() unchecked fopen() + - Incorrect order of sanity guards in wsman_get_fault_status_from_doc() + - Unchecked memory allocation in wsman_init_plugins(), p->ifc + - Unchecked memory allocation in mem_double(), newptr + - Unchecked memory allocation in dictionary_new(), d, d->val, d->key, d->hash + - Unchecked memory allocation in u_error_new(), *error + - sighup_handler() in wsmand.c uses unsafe functions in a signal handler +- Features + - add rcopenwsman command to systemd environments + - add rcopenwsmand command for backwards compatibility +- Bindings + - support rdoc 2.1 in Ruby bindings + - cmake: use PYTHON_INCLUDE_DIRS + 2.4.3 - Bugfixes - Fix bindings for Java 1.5 diff -Nru openwsman-2.4.3/CMakeLists.txt openwsman-2.4.7/CMakeLists.txt --- openwsman-2.4.3/CMakeLists.txt 2013-12-23 10:47:33.000000000 +0000 +++ openwsman-2.4.7/CMakeLists.txt 2014-05-21 08:16:17.000000000 +0000 @@ -183,13 +183,17 @@ MESSAGE(STATUS "Building Python...") ENDIF (PYTHON_LINK_LIBS) ENDIF (PYTHON_LIBRARY) - IF(NOT PYTHON_INCLUDE_PATH ) + IF(NOT PYTHON_INCLUDE_DIRS ) + # fallback for older versions of cmake + SET(PYTHON_INCLUDE_DIRS PYTHON_INCLUDE_PATH) + ENDIF(NOT PYTHON_INCLUDE_DIRS ) + IF(NOT PYTHON_INCLUDE_DIRS ) IF(BUILD_PYTHON_EXPLICIT) NO_HEADERS_WARNING_EXPL(BUILD_PYTHON Python) ELSE(BUILD_PYTHON_EXPLICIT) NO_HEADERS_WARNING(BUILD_PYTHON Python) ENDIF(BUILD_PYTHON_EXPLICIT) - ENDIF(NOT PYTHON_INCLUDE_PATH ) + ENDIF(NOT PYTHON_INCLUDE_DIRS ) ENDIF( BUILD_PYTHON ) IF( BUILD_PERL ) @@ -258,6 +262,12 @@ MESSAGE( FATAL_ERROR " curl not found" ) ELSE ( NOT CURL_FOUND) INCLUDE_DIRECTORIES(${CURL_INCLUDE_DIR}) + IF(CURL_VERSION_STRING) + STRING(COMPARE LESS ${CURL_VERSION_STRING} "7.12.0" result) + IF(result LESS 0) + MESSAGE( FATAL_ERROR " curl version ${CURL_VERSION_STRING} is too low, need 7.12.0 or greater" ) + ENDIF(result LESS 0) + ENDIF(CURL_VERSION_STRING) ENDIF( NOT CURL_FOUND) # xml2 diff -Nru openwsman-2.4.3/configure.in openwsman-2.4.7/configure.in --- openwsman-2.4.3/configure.in 2013-12-23 10:47:33.000000000 +0000 +++ openwsman-2.4.7/configure.in 2014-05-21 08:16:17.000000000 +0000 @@ -3,7 +3,7 @@ dnl ******************************************* AC_PREREQ(2.53) -AC_INIT(openwsman, 2.3.7) +AC_INIT(openwsman, 2.4.4) AC_CONFIG_SRCDIR(src/server/wsmand.c) AC_CANONICAL_HOST AC_CONFIG_MACRO_DIR([m4]) diff -Nru openwsman-2.4.3/debian/changelog openwsman-2.4.7/debian/changelog --- openwsman-2.4.3/debian/changelog 2014-06-16 13:02:29.000000000 +0000 +++ openwsman-2.4.7/debian/changelog 2014-07-10 13:13:25.000000000 +0000 @@ -1,3 +1,15 @@ +openwsman (2.4.7-0ubuntu2) utopic; urgency=medium + + * Fix typo in control file. + + -- Kent Baxley Thu, 10 Jul 2014 08:13:06 -0500 + +openwsman (2.4.7-0ubuntu1) utopic; urgency=low + + * New upstream release (LP: #1334832) + + -- Kent Baxley Fri, 27 Jun 2014 11:07:16 -0500 + openwsman (2.4.3-0ubuntu4.1) trusty-security; urgency=low * SECURITY UPDATE: Add security fixes from upstream openwsman (LP: #1319089) diff -Nru openwsman-2.4.3/debian/control openwsman-2.4.7/debian/control --- openwsman-2.4.3/debian/control 2014-01-24 14:45:22.000000000 +0000 +++ openwsman-2.4.7/debian/control 2014-07-10 13:12:49.000000000 +0000 @@ -4,7 +4,7 @@ Maintainer: Ubuntu Developers Build-Depends: debhelper (>= 9.0.0), cmake (>= 2.8.5), libssl-dev, libpam0g-dev, libxml2-dev, libcurl4-openssl-dev, libcimcclient0-dev, swig, python-dev Standards-Version: 3.9.5 -Homepage: http://sourceforge.net/projects/openwsman/ +Homepage: http://openwsman.github.io/ Package: openwsman Architecture: any diff -Nru openwsman-2.4.3/debian/patches/cmake-python-includes.patch openwsman-2.4.7/debian/patches/cmake-python-includes.patch --- openwsman-2.4.3/debian/patches/cmake-python-includes.patch 2013-01-09 14:13:38.000000000 +0000 +++ openwsman-2.4.7/debian/patches/cmake-python-includes.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,22 +0,0 @@ -Description: Use all python include directories - PYTHON_INCLUDE_PATH seems deprecated anyway and when compiling the - C wrapper it needs the 64bit specific second include directory to - find pyconfig.h -Forwarded: pending -Origin: vendor, while importing a new upstream version -Author: Stefan Bader -Last-Update: 2013-01-09 - -Index: openwsman-2.3.6/bindings/python/CMakeLists.txt -=================================================================== ---- openwsman-2.3.6.orig/bindings/python/CMakeLists.txt 2013-01-09 15:12:41.319560389 +0100 -+++ openwsman-2.3.6/bindings/python/CMakeLists.txt 2013-01-09 15:13:07.727689493 +0100 -@@ -36,7 +36,7 @@ SET(pywsman_SRCS ${SWIG_OUTPUT} ${CMAKE_ - ADD_LIBRARY( pywsman SHARED ${pywsman_SRCS} ) - SET_TARGET_PROPERTIES( pywsman PROPERTIES PREFIX "_" ) - --INCLUDE_DIRECTORIES( ${PYTHON_INCLUDE_PATH} ) -+INCLUDE_DIRECTORIES( ${PYTHON_INCLUDE_DIRS} ) - INCLUDE_DIRECTORIES( ${CMAKE_CURRENT_BINARY_DIR} ) - INCLUDE_DIRECTORIES( ${CMAKE_SOURCE_DIR} ${CMAKE_SOURCE_DIR}/bindings ${CMAKE_SOURCE_DIR}/include ) - diff -Nru openwsman-2.4.3/debian/patches/increase-password-upper-limit.patch openwsman-2.4.7/debian/patches/increase-password-upper-limit.patch --- openwsman-2.4.3/debian/patches/increase-password-upper-limit.patch 2014-06-16 12:46:34.000000000 +0000 +++ openwsman-2.4.7/debian/patches/increase-password-upper-limit.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,20 +0,0 @@ -Subject: increase password upper limit to 128 characters (from 64) -Author: -Forwarded: not-needed -Origin: upstream, https://github.com/Openwsman/openwsman/commit/9b51b3c49600846751d3e06043da53d93c62b566 -Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089 -Last-Update: 2014-05-21 ---- ---- openwsman-2.4.3.orig/src/authenticators/file/file_auth.c -+++ openwsman-2.4.3/src/authenticators/file/file_auth.c -@@ -114,7 +114,7 @@ authorize(char *username, const char *password) - } - - while (fgets(l, sizeof(l), fp) != NULL) { -- if (sscanf(l, "%64[^:]:%64s", u, passwd) != 2) -+ if (sscanf(l, "%64[^:]:%128s", u, passwd) != 2) - continue; /* Ignore malformed lines */ - debug( "user: %s, passwd: XXXX", u); - min_len = strlen(u); - - diff -Nru openwsman-2.4.3/debian/patches/LocalSubscriptionOpUpdate-fix-fopen.patch openwsman-2.4.7/debian/patches/LocalSubscriptionOpUpdate-fix-fopen.patch --- openwsman-2.4.3/debian/patches/LocalSubscriptionOpUpdate-fix-fopen.patch 2014-06-16 12:46:34.000000000 +0000 +++ openwsman-2.4.7/debian/patches/LocalSubscriptionOpUpdate-fix-fopen.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,74 +0,0 @@ -Description: fix LocalSubscriptionOpUpdate() unchecked fopen() -Author: -Forwarded: not-needed -Origin: upstream, https://github.com/Openwsman/openwsman/commit/09c3fcf4d209f6890eb9cb9e554bff637eae73b5 -Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089 -Last-Update: 2014-02-27 - ---- ---- openwsman-2.4.3.orig/src/lib/wsman-subscription-repository.c -+++ openwsman-2.4.3/src/lib/wsman-subscription-repository.c -@@ -91,8 +91,12 @@ int LocalSubscriptionOpGet(char * uri_repository, char * uuid, unsigned char ** - if(LocalSubscriptionInitFlag == 0) return -1; - char *subs_path = u_strdup_printf ("%s/uuid:%s", uri_repository, uuid); - FILE *fp = fopen(subs_path, "r"); -+ if (fp == NULL) { -+ fprintf(stderr, "Can't open %s: %s", subs_path, strerror(errno)); -+ u_free(subs_path); -+ return -1; -+ } - u_free(subs_path); -- if(fp == NULL) return -1; - while(!feof(fp)) { - memset(block, 0, 512); - m = fread(block, 1, 511, fp); -@@ -116,8 +120,12 @@ int LocalSubscriptionOpSearch(char * uri_repository, char * uuid) - if(LocalSubscriptionInitFlag == 0) return -1; - char *subs_path = u_strdup_printf ("%s/uuid:%s", uri_repository, uuid); - FILE *fp = fopen(subs_path, "r"); -+ if (fp == NULL) { -+ fprintf(stderr, "Can't open %s: %s", subs_path, strerror(errno)); -+ u_free(subs_path); -+ return -1; -+ } - u_free(subs_path); -- if(fp == NULL) return -1; - fclose(fp); - return 0; - } -@@ -145,6 +153,11 @@ int LocalSubscriptionOpLoad (char * uri_repository, list_t * subscription_list) - } - char *subs_path = u_strdup_printf ("%s/%s", uri_repository, namelist[n]->d_name); - FILE *subs = fopen(subs_path, "r"); -+ if (subs == NULL) { -+ fprintf(stderr, "Can't open %s: %s", subs_path, strerror(errno)); -+ u_free(subs_path); -+ return -1; -+ } - u_free(subs_path); - count = 0; - buf = NULL; -@@ -180,7 +193,10 @@ int LocalSubscriptionOpSave (char * uri_repository, char * uuid, unsigned char * - if(LocalSubscriptionInitFlag == 0) return -1; - snprintf(buf, U_NAME_MAX, "%s/uuid:%s", uri_repository, uuid); - FILE *subsfile = fopen(buf, "w"); -- if(subsfile == NULL) return -1; -+ if (subsfile == NULL) { -+ fprintf(stderr, "Can't open %s: %s", buf, strerror(errno)); -+ return -1; -+ } - fprintf(subsfile, "%s", subscriptionDoc); - fclose(subsfile); - return 0; -@@ -201,6 +217,10 @@ int LocalSubscriptionOpUpdate(char * uri_repository, char * uuid, char *expire) - ws_xml_set_node_text(node, expire); - ws_xml_dump_memory_enc(doc, &temp, &len, "UTF-8"); - FILE *subsfile = fopen(buf, "w"); -+ if (subsfile == NULL) { -+ fprintf(stderr, "Can't open %s: %s", buf, strerror(errno)); -+ return -1; -+ } - fprintf(subsfile, "%s", temp); - fclose(subsfile); - ws_xml_free_memory(temp); - diff -Nru openwsman-2.4.3/debian/patches/mem-allocation-dictionary-new-fix.patch openwsman-2.4.7/debian/patches/mem-allocation-dictionary-new-fix.patch --- openwsman-2.4.3/debian/patches/mem-allocation-dictionary-new-fix.patch 2014-06-16 12:46:34.000000000 +0000 +++ openwsman-2.4.7/debian/patches/mem-allocation-dictionary-new-fix.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,58 +0,0 @@ -Description: fix unchecked memory allocation in dictionary_new(), d, d->val, - d->key, d->hash - . - iniparser_new might return NULL, handle this case in redirect.c -Author: -Forwarded: not-needed -Origin: https://github.com/Openwsman/openwsman/commit/638abcbf5faa97ccb2c3ab15faeb2f2cc9363b56 -Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089 -Last-Update: 2014-02-27 ---- ---- openwsman-2.4.3.orig/src/lib/u/iniparser.c -+++ openwsman-2.4.3/src/lib/u/iniparser.c -@@ -218,11 +218,16 @@ static dictionary * dictionary_new(int size) - if (sizesize = size ; -- d->val = (char **)calloc(size, sizeof(char*)); -- d->key = (char **)calloc(size, sizeof(char*)); -- d->hash = (unsigned int *)calloc(size, sizeof(unsigned)); -- -+ if (d != NULL) { -+ d->size = size ; -+ d->val = (char **)calloc(size, sizeof(char*)); -+ d->key = (char **)calloc(size, sizeof(char*)); -+ d->hash = (unsigned int *)calloc(size, sizeof(unsigned)); -+ } -+ if ((d == NULL) || (d->val == NULL) || (d->key == NULL) || (d->hash == NULL)) { -+ fprintf(stderr, "dictionary_new: memory allocation failure\n"); -+ d = NULL; -+ } - return d; - } - -@@ -884,6 +889,8 @@ dictionary * iniparser_new(char *ininame) - * Initialize a new dictionary entry - */ - d = dictionary_new(0); -+ if (d == NULL) -+ return d; - lineno = 0 ; - while (fgets(lin, ASCIILINESZ, ini)!=NULL) { - lineno++ ; ---- openwsman-2.4.3.orig/src/plugins/redirect/redirect.c -+++ openwsman-2.4.3/src/plugins/redirect/redirect.c -@@ -99,7 +99,10 @@ int init( void *self, void **data ) - dictionary *ini, *inc_ini; - filename = (char *) wsmand_options_get_config_file(); - ini = iniparser_new(filename); -- -+ if (ini == NULL) { -+ error("redirect: iniparser_new failed"); -+ return 0; -+ } - redirect_data = malloc (sizeof(struct __Redirect_Data)); - if (redirect_data == NULL){ - error("Failed while allocating memory for redirect_data"); - diff -Nru openwsman-2.4.3/debian/patches/mem-allocation-mem-double-newptr-fix.patch openwsman-2.4.7/debian/patches/mem-allocation-mem-double-newptr-fix.patch --- openwsman-2.4.3/debian/patches/mem-allocation-mem-double-newptr-fix.patch 2014-06-16 12:46:34.000000000 +0000 +++ openwsman-2.4.7/debian/patches/mem-allocation-mem-double-newptr-fix.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,37 +0,0 @@ -Description: fix unchecked memory allocation in mem_double(), newptr -Author: -Forwarded: not-needed -Origin: upstream, https://github.com/Openwsman/openwsman/commit/89dabd4582e3fbb88328dd780e89baf6efb4ad3f -Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089 -Last-Update: 2014-02-27 ---- ---- openwsman-2.4.3.orig/src/lib/u/iniparser.c -+++ openwsman-2.4.3/src/lib/u/iniparser.c -@@ -152,6 +152,10 @@ static void * mem_double(void * ptr, int size) - void *newptr; - - newptr = calloc(2*size, 1); -+ if (newptr == NULL) { -+ fprintf(stderr, "mem_double: allocation failed\n"); -+ return NULL; -+ } - memcpy(newptr, ptr, size); - free(ptr); - return newptr ; -@@ -346,8 +350,14 @@ static void dictionary_set(dictionary * d, char * key, char * val) - - /* Reached maximum size: reallocate blackboard */ - d->val = (char **)mem_double(d->val, d->size * sizeof(char*)) ; -+ if (d->val == NULL) -+ exit(1); - d->key = (char **)mem_double(d->key, d->size * sizeof(char*)) ; -+ if (d->key == NULL) -+ exit(1); - d->hash = (unsigned int *)mem_double(d->hash, d->size * sizeof(unsigned)) ; -+ if (d->hash == NULL) -+ exit(1); - - /* Double size */ - d->size *= 2 ; - - diff -Nru openwsman-2.4.3/debian/patches/mem-allocation-u-error-new-fix.patch openwsman-2.4.7/debian/patches/mem-allocation-u-error-new-fix.patch --- openwsman-2.4.3/debian/patches/mem-allocation-u-error-new-fix.patch 2014-06-16 12:46:34.000000000 +0000 +++ openwsman-2.4.7/debian/patches/mem-allocation-u-error-new-fix.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,22 +0,0 @@ -Description: fix unchecked memory allocation in u_error_new(), *error -Author: -Forwarded: not-needed -Origin: upstream, https://github.com/Openwsman/openwsman/commit/d9b48a472819b258a34746a07256516653d5a141 -Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089 -Last-Update: 2014-02-27 ---- ---- openwsman-2.4.3.orig/src/lib/u/uerr.c -+++ openwsman-2.4.3/src/lib/u/uerr.c -@@ -44,6 +44,10 @@ void u_error_new(u_error_t **error, int code, const char *format, ...) - return; - - *error = u_malloc(sizeof(u_error_t)); -+ if (*error == NULL) { -+ fprintf(stderr, "u_error_new: memory allocation failure\n"); -+ return; -+ } - (*error)->code = code; - va_start(args, format); - (*error)->message = u_strdup_vprintf(format, args); - - diff -Nru openwsman-2.4.3/debian/patches/mem-allocation-wsman-init-plugins-fix.patch openwsman-2.4.7/debian/patches/mem-allocation-wsman-init-plugins-fix.patch --- openwsman-2.4.3/debian/patches/mem-allocation-wsman-init-plugins-fix.patch 2014-06-16 12:46:34.000000000 +0000 +++ openwsman-2.4.7/debian/patches/mem-allocation-wsman-init-plugins-fix.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,52 +0,0 @@ -Description: unchecked memory allocation in wsman_init_plugins(), p->ifc - return NULL if alloc fails, handle NULL return in callers -Author: -Forwarded: not-needed -Origin: upstream, https://github.com/Openwsman/openwsman/commit/d51551bf791083c00105e5d8ef0b3bc24e5bb4b5 -Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089 -Last-Update: 2014-02-27 ---- ---- openwsman-2.4.3.orig/src/lib/wsman-server.c -+++ openwsman-2.4.3/src/lib/wsman-server.c -@@ -102,6 +102,10 @@ WsContextH wsman_init_plugins(WsManListenerH * listener) - - p->ifc = (WsDispatchInterfaceInfo *) - malloc(sizeof(WsDispatchInterfaceInfo)); -+ if (p->ifc == NULL) { -+ error("Memory allocation error while loading plugin"); -+ return NULL; -+ } - ifcinfo = p->ifc; - ifcinfo->extraData = p->data; - p->set_config = dlsym(p->p_handle, "set_config"); ---- openwsman-2.4.3.orig/src/server/wsmand-listener.c -+++ openwsman-2.4.3/src/server/wsmand-listener.c -@@ -674,21 +674,21 @@ WsManListenerH *wsmand_start_server(dictionary * ini) - WsManListenerH *listener = wsman_dispatch_list_new(); - listener->config = ini; - WsContextH cntx = wsman_init_plugins(listener); -- int num_threads=0; -- int max_threads=wsmand_options_get_max_threads(); -+ int num_threads = 0; -+ int max_threads = wsmand_options_get_max_threads(); - int max_connections_per_thread = wsmand_options_get_max_connections_per_thread(); -- if(max_threads && !max_connections_per_thread){ -+ if (max_threads && !max_connections_per_thread) { - error("max_threads: %d and max_connections_per_thread : %d", max_threads, max_connections_per_thread); - return listener; - } - -+ if (cntx == NULL) { -+ return listener; -+ } - #ifdef ENABLE_EVENTING_SUPPORT - wsman_event_init(cntx->soap); - #endif - -- if (cntx == NULL) { -- return listener; -- } - #ifndef HAVE_SSL - if (use_ssl) { - error("Server configured without SSL support"); - diff -Nru openwsman-2.4.3/debian/patches/remove-unsafe-debug-call-from-sighup-handler.patch openwsman-2.4.7/debian/patches/remove-unsafe-debug-call-from-sighup-handler.patch --- openwsman-2.4.3/debian/patches/remove-unsafe-debug-call-from-sighup-handler.patch 2014-06-16 12:46:34.000000000 +0000 +++ openwsman-2.4.7/debian/patches/remove-unsafe-debug-call-from-sighup-handler.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,19 +0,0 @@ -Description: remove (unsafe) debug() call from sighup_handler -Author: -Forwarded: not-needed -Origin: upstream, https://github.com/Openwsman/openwsman/commit/2cd98b07fa6930727a35da2b7409610b74535cae -Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089 -Last-Update: 2014-02-27 ---- ---- openwsman-2.4.3.orig/src/server/wsmand.c -+++ openwsman-2.4.3/src/server/wsmand.c -@@ -141,8 +141,6 @@ static void signal_handler(int sig_num) - - static void sighup_handler(int sig_num) - { -- debug("SIGHUP received; reloading data"); -- - if (wsmand_options_get_debug_level() == 0) { - int fd; - - diff -Nru openwsman-2.4.3/debian/patches/series openwsman-2.4.7/debian/patches/series --- openwsman-2.4.3/debian/patches/series 2014-06-16 12:46:34.000000000 +0000 +++ openwsman-2.4.7/debian/patches/series 1970-01-01 00:00:00.000000000 +0000 @@ -1,12 +0,0 @@ -cmake-python-includes.patch -ws-xml-make-default-prefix-buff-overflow-fix.patch -wsmc-create-request-fix-buff-overflow.patch -LocalSubscriptionOpUpdate-fix-fopen.patch -wsman-get-fault-status-sanity-guard-fix.patch -mem-allocation-wsman-init-plugins-fix.patch -mem-allocation-mem-double-newptr-fix.patch -mem-allocation-dictionary-new-fix.patch -mem-allocation-u-error-new-fix.patch -remove-unsafe-debug-call-from-sighup-handler.patch -SHA512-password-fixes.patch -increase-password-upper-limit.patch diff -Nru openwsman-2.4.3/debian/patches/SHA512-password-fixes.patch openwsman-2.4.7/debian/patches/SHA512-password-fixes.patch --- openwsman-2.4.3/debian/patches/SHA512-password-fixes.patch 2014-06-16 12:46:34.000000000 +0000 +++ openwsman-2.4.7/debian/patches/SHA512-password-fixes.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,82 +0,0 @@ -Description: support SHA512 password encoding, use safe_cmp to prevent - brute-force attacks - . - SHA512 passwords needs more space than 64bytes - . - The runtime of strcmp depends on the string size, thus allows for - brute-force password attacks. Replace it by constant-time safe_cmp - when comparing usernames and passwords. -Author: -Forwarded: not-needed -Origin: upstream, https://github.com/Openwsman/openwsman/commit/b1c2192f4b4fa04286dc1bb7e467b34926099720 -Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089 -Last-Update: 2014-05-19 ---- ---- openwsman-2.4.3.orig/src/authenticators/file/file_auth.c -+++ openwsman-2.4.3/src/authenticators/file/file_auth.c -@@ -70,14 +70,31 @@ int initialize(void *arg) { - return 0; - } - -+/* -+ * constant-time comparison to prevent brute-force attacks on authorize() -+ * -+ * returns zero only if s1 and s2 are bit-wise identical for the first len characters. -+ */ -+static int -+safe_cmp(unsigned const char *s1, unsigned const char *s2, size_t len) -+{ -+ size_t i = 0; -+ unsigned char result = 0; - -+ while (i++ < len) { -+ result |= *s1++ ^ *s2++; -+ } -+ return result; -+} - - int - authorize(char *username, const char *password) - { - int authorized = 0; -- char l[256], u[65], passwd[65]; -+ char l[256], u[65], passwd[129]; - char *newpw = NULL ; -+ size_t username_l; -+ size_t min_len; - - debug( "Checking basic for user: %s; password XXXXX", - username); -@@ -88,6 +105,7 @@ authorize(char *username, const char *password) - username); - return 0; - } -+ username_l = strlen(username); - FILE *fp = fopen(filename, "r"); - if (!fp) { - debug( "Couldn't open basic passwd file %s", -@@ -99,10 +117,20 @@ authorize(char *username, const char *password) - if (sscanf(l, "%64[^:]:%64s", u, passwd) != 2) - continue; /* Ignore malformed lines */ - debug( "user: %s, passwd: XXXX", u); -- if (!strcmp(username, u)) { -+ min_len = strlen(u); -+ if (username_l < min_len) { -+ min_len = username_l; -+ } -+ if (!safe_cmp(username, u, min_len)) { -+ size_t newpw_l; -+ min_len = strlen(passwd); - newpw = crypt(password, passwd); -+ newpw_l = strlen(newpw); -+ if (newpw_l < min_len) { -+ min_len = newpw_l; -+ } - debug( "user: %s, passwd: XXXXX", u ); -- authorized = ( strcmp (newpw, passwd) == 0 ); -+ authorized = ( safe_cmp (newpw, passwd, min_len) == 0 ); - break; - } - } - - diff -Nru openwsman-2.4.3/debian/patches/wsman-get-fault-status-sanity-guard-fix.patch openwsman-2.4.7/debian/patches/wsman-get-fault-status-sanity-guard-fix.patch --- openwsman-2.4.3/debian/patches/wsman-get-fault-status-sanity-guard-fix.patch 2014-06-16 12:46:34.000000000 +0000 +++ openwsman-2.4.7/debian/patches/wsman-get-fault-status-sanity-guard-fix.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,64 +0,0 @@ -Description: fix incorrect order of sanity guards in - wsman_get_fault_status_from_doc(). -Author: -Forwarded: not-needed -Origin: upstream, https://github.com/Openwsman/openwsman/commit/ca68ddd7c24b238cbb94bc97ffac349ff25f07bf -Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089 -Last-Update: 2014-02-27 ---- ---- openwsman-2.4.3.orig/src/lib/wsman-faults.c -+++ openwsman-2.4.3/src/lib/wsman-faults.c -@@ -607,22 +607,37 @@ void - wsman_get_fault_status_from_doc (WsXmlDocH doc, WsmanStatus *status) - { - int i; -- char *subcode_value=ws_xml_get_xpath_value(doc, FAULT_SUBCODE_VALUE_XPATH); -- char *subcode_value_msg =calloc(1,strlen(subcode_value)); -- char *start_pos = strchr(subcode_value,':'); -- strcpy(subcode_value_msg, start_pos+1); -- if (strlen(subcode_value)== 0 ) return ; -+ char *subcode_value = ws_xml_get_xpath_value(doc, FAULT_SUBCODE_VALUE_XPATH); -+ char *subcode_value_msg; -+ char *start_pos; -+ -+ if (strlen(subcode_value) == 0) -+ return; -+ -+ subcode_value_msg = calloc(1, strlen(subcode_value)); -+ if (subcode_value_msg == NULL) { -+ error("Out of memory"); -+ status->fault_code = WSMAN_INTERNAL_ERROR; -+ /* some default values */ -+ status->fault_detail_code = OWSMAN_SYSTEM_ERROR; -+ status->fault_msg = NULL; -+ return; -+ } -+ -+ start_pos = strchr(subcode_value, ':'); -+ if (start_pos != NULL) { -+ strcpy(subcode_value_msg, start_pos+1); - -- int nfaults = sizeof (fault_code_table) / sizeof (fault_code_table[0]); -- for (i = 0; i < nfaults; i++) { -- if (strcmp (subcode_value_msg , fault_code_table[i].subCode) == 0) { -- status->fault_code = fault_code_table[i].fault_code; -- //some default values -- status->fault_detail_code = 0; -- status->fault_msg='\0'; -- return; -+ int nfaults = sizeof (fault_code_table) / sizeof (fault_code_table[0]); -+ for (i = 0; i < nfaults; i++) { -+ if (strcmp (subcode_value_msg , fault_code_table[i].subCode) == 0) { -+ status->fault_code = fault_code_table[i].fault_code; -+ /* some default values */ -+ status->fault_detail_code = 0; -+ status->fault_msg = NULL; -+ return; -+ } - } -- - } - return; - } - - diff -Nru openwsman-2.4.3/debian/patches/wsmc-create-request-fix-buff-overflow.patch openwsman-2.4.7/debian/patches/wsmc-create-request-fix-buff-overflow.patch --- openwsman-2.4.3/debian/patches/wsmc-create-request-fix-buff-overflow.patch 2014-06-16 12:46:34.000000000 +0000 +++ openwsman-2.4.7/debian/patches/wsmc-create-request-fix-buff-overflow.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,41 +0,0 @@ -Description: wsmc_create_request() buffer overflow fix - wsmc_create_request() correct a potential buf[20] overflow via WSMAN_ACTION_RENEW. -Author: -Forwarded: not-needed -Origin: upstream, https://github.com/Openwsman/openwsman/commit/a61b2074a90c9fb3019f49b6b347ad651a3f80af -Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089 -Last-Update: 2014-02-27 - ---- ---- openwsman-2.4.3.orig/src/lib/wsman-client.c -+++ openwsman-2.4.3/src/lib/wsman-client.c -@@ -855,7 +855,6 @@ wsmc_create_request(WsManClient * cl, const char *resource_uri, - WsXmlNodeH header; - WsXmlNodeH node; - char *_action = NULL; -- char buf[20]; - if (action == WSMAN_ACTION_IDENTIFY) { - request = ws_xml_create_envelope(); - } else { -@@ -964,14 +963,18 @@ wsmc_create_request(WsManClient * cl, const char *resource_uri, - } - break; - case WSMAN_ACTION_RENEW: -+ { -+ char buf[20]; - node = ws_xml_add_child(body, - XML_NS_EVENTING, WSEVENT_RENEW, NULL); -- sprintf(buf, "PT%fS", options->expires); -+ /* %f default precision is 6 -> [-]ddd.ddd */ -+ snprintf(buf, 20, "PT%fS", options->expires); - ws_xml_add_child(node, XML_NS_EVENTING, WSEVENT_EXPIRES, buf); - if(data) { - if(((char *)data)[0] != 0) - add_subscription_context(ws_xml_get_soap_header(request), (char *)data); - } -+ } - break; - case WSMAN_ACTION_NONE: - case WSMAN_ACTION_TRANSFER_CREATE: - - diff -Nru openwsman-2.4.3/debian/patches/ws-xml-make-default-prefix-buff-overflow-fix.patch openwsman-2.4.7/debian/patches/ws-xml-make-default-prefix-buff-overflow-fix.patch --- openwsman-2.4.3/debian/patches/ws-xml-make-default-prefix-buff-overflow-fix.patch 2014-06-16 12:46:34.000000000 +0000 +++ openwsman-2.4.7/debian/patches/ws-xml-make-default-prefix-buff-overflow-fix.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,29 +0,0 @@ -Description: ws_xml_make_default_prefix() overflow fix - [PATCH] ws_xml_make_default_prefix() can overflow buf parameter via - sprintf(). -Author: -Forwarded: not-needed -Origin: upstream, https://github.com/Openwsman/openwsman/commit/1c21816f1d2cc63eee6326d0f1340d3341694e60 -Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089 -Last-Update: 2014-02-27 - ---- ---- openwsman-2.4.3.orig/src/lib/wsman-xml.c -+++ openwsman-2.4.3/src/lib/wsman-xml.c -@@ -94,13 +94,13 @@ ws_xml_make_default_prefix(WsXmlNodeH node, - for (i = 0; g_wsNsData[i].uri != NULL; i++) { - WsXmlNsData *nsd = &g_wsNsData[i]; - if (strcmp(uri, nsd->uri) == 0 && nsd->prefix) { -- sprintf(buf, "%s", nsd->prefix ); -+ snprintf(buf, bufsize, "%s", nsd->prefix ); - return; - } - } - } - if(g_wsNsData[i].uri == NULL && bufsize >= 12) -- sprintf(buf, "n%lu", ++doc->prefixIndex); -+ snprintf(buf, bufsize, "n%lu", ++doc->prefixIndex); - else - buf[0] = 0; - } - diff -Nru openwsman-2.4.3/etc/openwsman.conf openwsman-2.4.7/etc/openwsman.conf --- openwsman-2.4.3/etc/openwsman.conf 2013-12-23 10:47:33.000000000 +0000 +++ openwsman-2.4.7/etc/openwsman.conf 2014-05-21 08:16:17.000000000 +0000 @@ -91,7 +91,7 @@ #indication_profile_implementation_ns = root/interop # The following are in part fake namespaces for some publicly available CIM implementations. -vendor_namespaces = OpenWBEM=http://schema.openwbem.org/wbem/wscim/1/cim-schema/2,Linux=http://sblim.sf.net/wbem/wscim/1/cim-schema/2,OMC=http://schema.omc-project.org/wbem/wscim/1/cim-schema/2,PG=http://schema.openpegasus.org/wbem/wscim/1/cim-schema/2,RCP=http://schema.suse.com/wbem/wscim/1/cim-schema/2 +vendor_namespaces = OpenWBEM=http://schema.openwbem.org/wbem/wscim/1/cim-schema/2,Linux=http://sblim.sf.net/wbem/wscim/1/cim-schema/2,OMC=http://schema.omc-project.org/wbem/wscim/1/cim-schema/2,PG=http://schema.openpegasus.org/wbem/wscim/1/cim-schema/2,RCP=http://schema.suse.com/wbem/wscim/1/cim-schema/2,DCIM=http://schemas.dell.com/wbem/wscim/1/cim-schema/2,SPAR=http://schema.unisys.com/wbem/wscim/1/cim-schema/2 # CIMOM host, default is localhost # host = localhost diff -Nru openwsman-2.4.3/package/openwsman.service.in openwsman-2.4.7/package/openwsman.service.in --- openwsman-2.4.3/package/openwsman.service.in 2013-12-23 10:47:33.000000000 +0000 +++ openwsman-2.4.7/package/openwsman.service.in 2014-05-21 08:16:17.000000000 +0000 @@ -4,7 +4,7 @@ [Service] Type=forking -ExecStart=@prefix@/sbin/openwsmand +ExecStart=@prefix@/sbin/openwsmand -S [Install] WantedBy=multi-user.target diff -Nru openwsman-2.4.3/package/openwsman.spec.in openwsman-2.4.7/package/openwsman.spec.in --- openwsman-2.4.3/package/openwsman.spec.in 2013-12-23 10:47:33.000000000 +0000 +++ openwsman-2.4.7/package/openwsman.spec.in 2014-05-21 08:16:17.000000000 +0000 @@ -1,7 +1,7 @@ # # spec file for package openwsman # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -54,12 +54,15 @@ BuildRequires: pkgconfig BuildRequires: ruby +# RHEL6 is missing ruby-devel in OBS +%if 0%{?rhel_version} != 700 BuildRequires: ruby-devel %if 0%{?fedora} == 0 BuildRequires: ruby-rdoc %endif +%endif -%if 0%{?fedora} == 19 +%if 0%{?fedora} > 20 BuildRequires: rubypick %endif @@ -194,6 +197,16 @@ Openwsman Server and service libraries +%package server-plugin-ruby +Requires: openwsman-server +Summary: Openwsman Server Plugin for Ruby extensions +Group: System/Management + +%description server-plugin-ruby +This package provides a Openwsman server plugin to write a +WS-Management resource handler in Ruby + + %package python Summary: Python bindings for openwsman client API Group: Development/Libraries/Python @@ -210,8 +223,8 @@ %package ruby Requires: ruby -# RbConfig::CONFIG["ruby_version"] is empty in Fedora 19 !? -%if 0%{?fedora} == 19 +# RbConfig::CONFIG["ruby_version"] is empty in Fedora > 18 !? +%if 0%{?fedora} > 18 %{!?ruby_version: %global ruby_version %(ruby -r rbconfig -e 'print(RbConfig::CONFIG["RUBY_PROGRAM_VERSION"])')} %else %{!?ruby_version: %global ruby_version %(ruby -r rbconfig -e 'print(RbConfig::CONFIG["ruby_version"])')} @@ -336,7 +349,14 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/openwsman/authenticators/*.la [ -d $RPM_BUILD_ROOT%{ruby_sitelib} ] && rm -f $RPM_BUILD_ROOT%{ruby_sitelib}/openwsmanplugin.rb [ -d $RPM_BUILD_ROOT%{ruby_vendorlib} ] && rm -f $RPM_BUILD_ROOT%{ruby_vendorlib}/openwsmanplugin.rb -%if 0%{?suse_version} <= 1210 +%if 0%{?has_systemd} +install -D -m 644 %{S:4} $RPM_BUILD_ROOT%{_unitdir}/%{name}.service +# alias openwsman and openwsmand +ln -s %{_unitdir}/%{name}.service $RPM_BUILD_ROOT%{_unitdir}/%{name}d.service +# rcopenwsman, rcopenwsmand +ln -sf %{_sbindir}/service $RPM_BUILD_ROOT%{_sbindir}/rc%{name} +ln -sf %{_sbindir}/rcopenwsman $RPM_BUILD_ROOT%{_sbindir}/rc%{name}d +%else mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/init.d install -m 755 build/etc/init/openwsmand.sh $RPM_BUILD_ROOT%{_sysconfdir}/init.d/openwsmand ln -sf %{_sysconfdir}/init.d/openwsmand $RPM_BUILD_ROOT%{_sbindir}/rcopenwsmand @@ -348,9 +368,6 @@ %if 0%{?suse_version} > 1010 install -D -m 644 %{S:3} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/openwsman %endif -%if 0%{?has_systemd} -install -D -m 644 %{S:4} $RPM_BUILD_ROOT%{_unitdir}/%{name}.service -%endif %post -n libwsman1 -p /sbin/ldconfig @@ -469,10 +486,16 @@ %if 0%{?suse_version} > 1010 %config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/openwsman %endif -%if 0%{?suse_version} <= 1210 +%if 0%{?has_systemd} +%{_unitdir}/%{name}.service +%{_unitdir}/%{name}d.service +%{_sbindir}/rc%{name} +%{_sbindir}/rc%{name}d +%else %attr(0755,root,root) %{_sysconfdir}/init.d/openwsmand -%{_sbindir}/rcopenwsmand %endif +# backwards compatibility +%{_sbindir}/rcopenwsmand %dir %{_libdir}/openwsman %dir %{_libdir}/openwsman/authenticators %{_libdir}/openwsman/authenticators/*.so @@ -480,11 +503,13 @@ %dir %{_libdir}/openwsman/plugins %{_libdir}/openwsman/plugins/*.so %{_libdir}/openwsman/plugins/*.so.* +%exclude %{_libdir}/openwsman/plugins/*ruby*.so* %{_sbindir}/openwsmand %{_libdir}/libwsman_server.so.* -%if 0%{?has_systemd} -%{_unitdir}/%{name}.service -%endif + +%files server-plugin-ruby +%defattr(-,root,root) +%{_libdir}/openwsman/plugins/*ruby*.so %files -n libwsman_clientpp1 %defattr(-,root,root) diff -Nru openwsman-2.4.3/src/authenticators/file/file_auth.c openwsman-2.4.7/src/authenticators/file/file_auth.c --- openwsman-2.4.3/src/authenticators/file/file_auth.c 2013-12-23 10:47:33.000000000 +0000 +++ openwsman-2.4.7/src/authenticators/file/file_auth.c 2014-05-21 08:16:17.000000000 +0000 @@ -70,14 +70,31 @@ return 0; } +/* + * constant-time comparison to prevent brute-force attacks on authorize() + * + * returns zero only if s1 and s2 are bit-wise identical for the first len characters. + */ +static int +safe_cmp(unsigned const char *s1, unsigned const char *s2, size_t len) +{ + size_t i = 0; + unsigned char result = 0; + while (i++ < len) { + result |= *s1++ ^ *s2++; + } + return result; +} int authorize(char *username, const char *password) { int authorized = 0; - char l[256], u[65], passwd[65]; + char l[256], u[65], passwd[129]; char *newpw = NULL ; + size_t username_l; + size_t min_len; debug( "Checking basic for user: %s; password XXXXX", username); @@ -88,6 +105,7 @@ username); return 0; } + username_l = strlen(username); FILE *fp = fopen(filename, "r"); if (!fp) { debug( "Couldn't open basic passwd file %s", @@ -96,13 +114,23 @@ } while (fgets(l, sizeof(l), fp) != NULL) { - if (sscanf(l, "%64[^:]:%64s", u, passwd) != 2) + if (sscanf(l, "%64[^:]:%128s", u, passwd) != 2) continue; /* Ignore malformed lines */ debug( "user: %s, passwd: XXXX", u); - if (!strcmp(username, u)) { + min_len = strlen(u); + if (username_l < min_len) { + min_len = username_l; + } + if (!safe_cmp(username, u, min_len)) { + size_t newpw_l; + min_len = strlen(passwd); newpw = crypt(password, passwd); + newpw_l = strlen(newpw); + if (newpw_l < min_len) { + min_len = newpw_l; + } debug( "user: %s, passwd: XXXXX", u ); - authorized = ( strcmp (newpw, passwd) == 0 ); + authorized = ( safe_cmp (newpw, passwd, min_len) == 0 ); break; } } diff -Nru openwsman-2.4.3/src/lib/u/iniparser.c openwsman-2.4.7/src/lib/u/iniparser.c --- openwsman-2.4.3/src/lib/u/iniparser.c 2013-12-23 10:47:33.000000000 +0000 +++ openwsman-2.4.7/src/lib/u/iniparser.c 2014-05-21 08:16:17.000000000 +0000 @@ -31,6 +31,7 @@ #include #include #include +#include #ifndef WIN32 #include #endif @@ -152,6 +153,10 @@ void *newptr; newptr = calloc(2*size, 1); + if (newptr == NULL) { + fprintf(stderr, "mem_double: allocation failed\n"); + return NULL; + } memcpy(newptr, ptr, size); free(ptr); return newptr ; @@ -214,11 +219,16 @@ if (sizesize = size ; - d->val = (char **)calloc(size, sizeof(char*)); - d->key = (char **)calloc(size, sizeof(char*)); - d->hash = (unsigned int *)calloc(size, sizeof(unsigned)); - + if (d != NULL) { + d->size = size ; + d->val = (char **)calloc(size, sizeof(char*)); + d->key = (char **)calloc(size, sizeof(char*)); + d->hash = (unsigned int *)calloc(size, sizeof(unsigned)); + } + if ((d == NULL) || (d->val == NULL) || (d->key == NULL) || (d->hash == NULL)) { + fprintf(stderr, "dictionary_new: memory allocation failure\n"); + d = NULL; + } return d; } @@ -311,10 +321,12 @@ content to NULL is equivalent to deleting the variable from the dictionary. It is not possible (in this implementation) to have a key in the dictionary without value. + + return 0 on success, non-zero on failure. */ /*--------------------------------------------------------------------------*/ -static void dictionary_set(dictionary * d, char * key, char * val) +static int dictionary_set(dictionary * d, char * key, char * val) { int i ; unsigned hash ; @@ -346,8 +358,20 @@ /* Reached maximum size: reallocate blackboard */ d->val = (char **)mem_double(d->val, d->size * sizeof(char*)) ; + if (d->val == NULL) { + errno = -ENOMEM; + return 1; + } d->key = (char **)mem_double(d->key, d->size * sizeof(char*)) ; + if (d->key == NULL) { + errno = -ENOMEM; + return 1; + } d->hash = (unsigned int *)mem_double(d->hash, d->size * sizeof(unsigned)) ; + if (d->hash == NULL) { + errno = -ENOMEM; + return 1; + } /* Double size */ d->size *= 2 ; @@ -362,10 +386,21 @@ } /* Copy key */ d->key[i] = strdup(key); - d->val[i] = val ? strdup(val) : NULL ; + if (d->key[i] == NULL) { + return 1; + } + if (val) { + d->val[i] = strdup(val); + if (d->val[i] == NULL) { + return 1; + } + } + else { + d->val[i] = NULL; + } d->hash[i] = hash; d->n ++ ; - return ; + return 0; } /*-------------------------------------------------------------------------*/ @@ -451,8 +486,10 @@ #define ASCIILINESZ 1024 #define INI_INVALID_KEY ((char*)-1) -/* Private: add an entry to the dictionary */ -static void iniparser_add_entry( +/* Private: add an entry to the dictionary + return 0 on success, non-zero on error + */ +static int iniparser_add_entry( dictionary * d, char * sec, char * key, @@ -468,8 +505,7 @@ } /* Add (key,val) to dictionary */ - dictionary_set(d, longkey, val); - return ; + return dictionary_set(d, longkey, val); } @@ -818,8 +854,7 @@ int iniparser_setstr(dictionary * ini, char * entry, char * val) { - dictionary_set(ini, strlwc(entry), val); - return 0 ; + return dictionary_set(ini, strlwc(entry), val); } /*-------------------------------------------------------------------------*/ @@ -874,6 +909,8 @@ * Initialize a new dictionary entry */ d = dictionary_new(0); + if (d == NULL) + return d; lineno = 0 ; while (fgets(lin, ASCIILINESZ, ini)!=NULL) { lineno++ ; @@ -884,7 +921,9 @@ if (sscanf(where, "[%[^]]", sec)==1) { /* Valid section name */ strcpy(sec, strlwc(sec)); - iniparser_add_entry(d, sec, NULL, NULL); + if (iniparser_add_entry(d, sec, NULL, NULL) != 0) { + return NULL; + } } else if (sscanf (where, "%[^=] = \"%[^\"]\"", key, val) == 2 || sscanf (where, "%[^=] = '%[^\']'", key, val) == 2 || sscanf (where, "%[^=] = %[^;#]", key, val) == 2) { @@ -898,7 +937,9 @@ } else { strcpy(val, strcrop(val)); } - iniparser_add_entry(d, sec, key, val); + if (iniparser_add_entry(d, sec, key, val) != 0) { + return NULL; + } } } } diff -Nru openwsman-2.4.3/src/lib/u/uerr.c openwsman-2.4.7/src/lib/u/uerr.c --- openwsman-2.4.3/src/lib/u/uerr.c 2013-12-23 10:47:33.000000000 +0000 +++ openwsman-2.4.7/src/lib/u/uerr.c 2014-05-21 08:16:17.000000000 +0000 @@ -44,6 +44,10 @@ return; *error = u_malloc(sizeof(u_error_t)); + if (*error == NULL) { + fprintf(stderr, "u_error_new: memory allocation failure\n"); + return; + } (*error)->code = code; va_start(args, format); (*error)->message = u_strdup_vprintf(format, args); diff -Nru openwsman-2.4.3/src/lib/u/uoption.c openwsman-2.4.7/src/lib/u/uoption.c --- openwsman-2.4.3/src/lib/u/uoption.c 2013-12-23 10:47:33.000000000 +0000 +++ openwsman-2.4.7/src/lib/u/uoption.c 2014-05-21 08:16:17.000000000 +0000 @@ -199,8 +199,6 @@ print_help_buf(&help_buf); free_help_buf(&help_buf); - - exit (0); } static void print_long_help(u_option_context_t *ctx, char *hoption) @@ -260,8 +258,6 @@ print_help_buf(&help_buf); free_help_buf(&help_buf); - - exit (0); } static unsigned int context_get_number_entries(u_option_context_t *ctx) @@ -418,6 +414,7 @@ if (!strncmp(option, "help", strlen("help")) ) { if (ctx->mode & U_OPTION_CONTEXT_HELP_ENABLED) { print_long_help(ctx, option); + return NULL; } } @@ -455,6 +452,7 @@ if (option == '?') { if (ctx->mode & U_OPTION_CONTEXT_HELP_ENABLED) { print_short_help(ctx); + return NULL; } } diff -Nru openwsman-2.4.3/src/lib/wsman-client.c openwsman-2.4.7/src/lib/wsman-client.c --- openwsman-2.4.3/src/lib/wsman-client.c 2013-12-23 10:47:33.000000000 +0000 +++ openwsman-2.4.7/src/lib/wsman-client.c 2014-05-21 08:16:17.000000000 +0000 @@ -855,7 +855,6 @@ WsXmlNodeH header; WsXmlNodeH node; char *_action = NULL; - char buf[20]; if (action == WSMAN_ACTION_IDENTIFY) { request = ws_xml_create_envelope(); } else { @@ -964,14 +963,18 @@ } break; case WSMAN_ACTION_RENEW: + { + char buf[20]; node = ws_xml_add_child(body, XML_NS_EVENTING, WSEVENT_RENEW, NULL); - sprintf(buf, "PT%fS", options->expires); + /* %f default precision is 6 -> [-]ddd.ddd */ + snprintf(buf, 20, "PT%fS", options->expires); ws_xml_add_child(node, XML_NS_EVENTING, WSEVENT_EXPIRES, buf); if(data) { if(((char *)data)[0] != 0) add_subscription_context(ws_xml_get_soap_header(request), (char *)data); } + } break; case WSMAN_ACTION_NONE: case WSMAN_ACTION_TRANSFER_CREATE: diff -Nru openwsman-2.4.3/src/lib/wsman-curl-client-transport.c openwsman-2.4.7/src/lib/wsman-curl-client-transport.c --- openwsman-2.4.3/src/lib/wsman-curl-client-transport.c 2013-12-23 10:47:33.000000000 +0000 +++ openwsman-2.4.7/src/lib/wsman-curl-client-transport.c 2014-05-21 08:16:17.000000000 +0000 @@ -268,6 +268,8 @@ { CURL *curl; CURLcode r = CURLE_OK; + char *sslhack; + long sslversion; #define curl_err(str) debug("Error = %d (%s); %s", \ r, curl_easy_strerror(r), str); curl = curl_easy_init(); @@ -376,7 +378,33 @@ goto DONE; } - + /* enforce specific ssl version if requested */ + sslhack = getenv("OPENWSMAN_CURL_TRANSPORT_SSLVERSION"); + if (sslhack == NULL) { + sslversion = CURL_SSLVERSION_DEFAULT; + } else if (!strcmp(sslhack,"tlsv1")) { + sslversion = CURL_SSLVERSION_TLSv1; + } else if (!strcmp(sslhack,"sslv2")) { + sslversion = CURL_SSLVERSION_SSLv2; + } else if (!strcmp(sslhack,"sslv3")) { + sslversion = CURL_SSLVERSION_SSLv3; +#if LIBCURL_VERSION_NUM >= 0x072200 + } else if (!strcmp(sslhack,"tlsv1.0")) { + sslversion = CURL_SSLVERSION_TLSv1_0; + } else if (!strcmp(sslhack,"tlsv1.1")) { + sslversion = CURL_SSLVERSION_TLSv1_1; + } else if (!strcmp(sslhack,"tlsv1.2")) { + sslversion = CURL_SSLVERSION_TLSv1_2; +#endif + } + else { + sslversion = CURL_SSLVERSION_DEFAULT; + } + r = curl_easy_setopt(curl, CURLOPT_SSLVERSION, sslversion ); + if (r != 0) { + curl_err("Could not curl_easy_setopt(curl, CURLOPT_SSLVERSION, ..)"); + goto DONE; + } return (void *)curl; DONE: diff -Nru openwsman-2.4.3/src/lib/wsman-faults.c openwsman-2.4.7/src/lib/wsman-faults.c --- openwsman-2.4.3/src/lib/wsman-faults.c 2013-12-23 10:47:33.000000000 +0000 +++ openwsman-2.4.7/src/lib/wsman-faults.c 2014-05-21 08:16:17.000000000 +0000 @@ -607,22 +607,37 @@ wsman_get_fault_status_from_doc (WsXmlDocH doc, WsmanStatus *status) { int i; - char *subcode_value=ws_xml_get_xpath_value(doc, FAULT_SUBCODE_VALUE_XPATH); - char *subcode_value_msg =calloc(1,strlen(subcode_value)); - char *start_pos = strchr(subcode_value,':'); - strcpy(subcode_value_msg, start_pos+1); - if (strlen(subcode_value)== 0 ) return ; + char *subcode_value = ws_xml_get_xpath_value(doc, FAULT_SUBCODE_VALUE_XPATH); + char *subcode_value_msg; + char *start_pos; + + if (strlen(subcode_value) == 0) + return; + + subcode_value_msg = calloc(1, strlen(subcode_value)); + if (subcode_value_msg == NULL) { + error("Out of memory"); + status->fault_code = WSMAN_INTERNAL_ERROR; + /* some default values */ + status->fault_detail_code = OWSMAN_SYSTEM_ERROR; + status->fault_msg = NULL; + return; + } + + start_pos = strchr(subcode_value, ':'); + if (start_pos != NULL) { + strcpy(subcode_value_msg, start_pos+1); - int nfaults = sizeof (fault_code_table) / sizeof (fault_code_table[0]); - for (i = 0; i < nfaults; i++) { - if (strcmp (subcode_value_msg , fault_code_table[i].subCode) == 0) { - status->fault_code = fault_code_table[i].fault_code; - //some default values - status->fault_detail_code = 0; - status->fault_msg='\0'; - return; + int nfaults = sizeof (fault_code_table) / sizeof (fault_code_table[0]); + for (i = 0; i < nfaults; i++) { + if (strcmp (subcode_value_msg , fault_code_table[i].subCode) == 0) { + status->fault_code = fault_code_table[i].fault_code; + /* some default values */ + status->fault_detail_code = 0; + status->fault_msg = NULL; + return; + } } - } return; } diff -Nru openwsman-2.4.3/src/lib/wsman-server.c openwsman-2.4.7/src/lib/wsman-server.c --- openwsman-2.4.3/src/lib/wsman-server.c 2013-12-23 10:47:33.000000000 +0000 +++ openwsman-2.4.7/src/lib/wsman-server.c 2014-05-21 08:16:17.000000000 +0000 @@ -102,6 +102,10 @@ p->ifc = (WsDispatchInterfaceInfo *) malloc(sizeof(WsDispatchInterfaceInfo)); + if (p->ifc == NULL) { + error("Memory allocation error while loading plugin"); + return NULL; + } ifcinfo = p->ifc; ifcinfo->extraData = p->data; p->set_config = dlsym(p->p_handle, "set_config"); diff -Nru openwsman-2.4.3/src/lib/wsman-subscription-repository.c openwsman-2.4.7/src/lib/wsman-subscription-repository.c --- openwsman-2.4.3/src/lib/wsman-subscription-repository.c 2013-12-23 10:47:33.000000000 +0000 +++ openwsman-2.4.7/src/lib/wsman-subscription-repository.c 2014-05-21 08:16:17.000000000 +0000 @@ -49,16 +49,25 @@ #include "wsman-xml-binding.h" int LocalSubscriptionOpInit (char * uri_repository, void *opaqueData); -int LocalSubscriptionOpFinalize(char * uri_repository, void *opaqueData); -int LocalSubscriptionOpGet(char * uri_repository, char * uuid, unsigned char **subscriptionDoc, int *len); -int LocalSubscriptionOpSearch(char * uri_repository, char * uuid); +int LocalSubscriptionOpFinalize (char * uri_repository, void *opaqueData); +int LocalSubscriptionOpGet (char * uri_repository, char * uuid, unsigned char **subscriptionDoc, int *len); +int LocalSubscriptionOpSearch (char * uri_repository, char * uuid); int LocalSubscriptionOpLoad (char * uri_repository, list_t * subscription_list); int LocalSubscriptionOpSave (char * uri_repository, char * uuid, unsigned char *subscriptionDoc); -int LocalSubscriptionOpUpdate(char * uri_repository, char * uuid, char *expire); +int LocalSubscriptionOpUpdate (char * uri_repository, char * uuid, char *expire); int LocalSubscriptionOpDelete (char * uri_repository, char * uuid); -struct __SubsRepositoryOpSet subscription_repository_op_set = {LocalSubscriptionOpInit, LocalSubscriptionOpFinalize, LocalSubscriptionOpLoad, LocalSubscriptionOpGet, LocalSubscriptionOpSearch, LocalSubscriptionOpSave, LocalSubscriptionOpUpdate, LocalSubscriptionOpDelete}; +struct __SubsRepositoryOpSet subscription_repository_op_set = { + LocalSubscriptionOpInit, + LocalSubscriptionOpFinalize, + LocalSubscriptionOpLoad, + LocalSubscriptionOpGet, + LocalSubscriptionOpSearch, + LocalSubscriptionOpSave, + LocalSubscriptionOpUpdate, + LocalSubscriptionOpDelete +}; static int LocalSubscriptionInitFlag = 0; @@ -76,8 +85,7 @@ int LocalSubscriptionOpFinalize(char * uri_repository, void *opaqueData) { - if(LocalSubscriptionInitFlag == 0) return -1; - return 0; + return (LocalSubscriptionInitFlag == 0) ? -1 : 0; } int LocalSubscriptionOpGet(char * uri_repository, char * uuid, unsigned char **subscriptionDoc, int *len) @@ -86,24 +94,32 @@ unsigned char *buf = NULL; int count,m; int pre_count; + char *subs_path; + FILE *fp; + count = m = 0; *subscriptionDoc = NULL; - if(LocalSubscriptionInitFlag == 0) return -1; - char *subs_path = u_strdup_printf ("%s/uuid:%s", uri_repository, uuid); - FILE *fp = fopen(subs_path, "r"); + if (LocalSubscriptionInitFlag == 0) + return -1; + subs_path = u_strdup_printf ("%s/uuid:%s", uri_repository, uuid); + fp = fopen(subs_path, "r"); + if (fp == NULL) { + error("Can't open %s: %s", subs_path, strerror(errno)); + u_free(subs_path); + return -1; + } u_free(subs_path); - if(fp == NULL) return -1; - while(!feof(fp)) { - memset(block, 0, 512); - m = fread(block, 1, 511, fp); - if(m > 0) { - debug("read [%s] from file, len = %d",block, m); - pre_count = count; - count += m; - debug("buf = %0x, count = %d", buf, count); - buf = u_realloc(buf, count); - memcpy(buf+pre_count, block, m); - } + while (!feof(fp)) { + memset(block, 0, 512); + m = fread(block, 1, 511, fp); + if (m > 0) { + debug("read [%s] from file, len = %d",block, m); + pre_count = count; + count += m; + debug("buf = %0x, count = %d", buf, count); + buf = u_realloc(buf, count); + memcpy(buf+pre_count, block, m); + } } fclose(fp); *subscriptionDoc = buf; @@ -113,11 +129,18 @@ int LocalSubscriptionOpSearch(char * uri_repository, char * uuid) { - if(LocalSubscriptionInitFlag == 0) return -1; - char *subs_path = u_strdup_printf ("%s/uuid:%s", uri_repository, uuid); - FILE *fp = fopen(subs_path, "r"); + char *subs_path; + FILE *fp; + if (LocalSubscriptionInitFlag == 0) + return -1; + subs_path = u_strdup_printf ("%s/uuid:%s", uri_repository, uuid); + fp = fopen(subs_path, "r"); + if (fp == NULL) { + error("Can't open %s: %s", subs_path, strerror(errno)); + u_free(subs_path); + return -1; + } u_free(subs_path); - if(fp == NULL) return -1; fclose(fp); return 0; } @@ -129,29 +152,38 @@ int pre_count; char block[512]; unsigned char *buf = NULL; - if(LocalSubscriptionInitFlag == 0) return -1; - if(subscription_list == NULL) - return -1; - if (0 > (n = scandir (uri_repository, &namelist, 0, alphasort))) - { - return -1; - } else { - while (n--) - { + + if (LocalSubscriptionInitFlag == 0) + return -1; + if (subscription_list == NULL) + return -1; + if (0 > (n = scandir (uri_repository, &namelist, 0, alphasort))) { + return -1; + } + else { + while (n--) { + char *subs_path; + FILE *subs; lnode_t *node; - if(strstr(namelist[n]->d_name,"uuid") == NULL || strlen(namelist[n]->d_name) < 41) { + + if (strstr(namelist[n]->d_name,"uuid") == NULL || strlen(namelist[n]->d_name) < 41) { u_free(namelist[n]); continue; } - char *subs_path = u_strdup_printf ("%s/%s", uri_repository, namelist[n]->d_name); - FILE *subs = fopen(subs_path, "r"); + subs_path = u_strdup_printf ("%s/%s", uri_repository, namelist[n]->d_name); + subs = fopen(subs_path, "r"); + if (subs == NULL) { + error("Can't open %s: %s", subs_path, strerror(errno)); + u_free(subs_path); + return -1; + } u_free(subs_path); count = 0; buf = NULL; - while(!feof(subs)) { + while (!feof(subs)) { memset(block, 0, 512); m = fread(block, 1, 511, subs); - if(m > 0) { + if (m > 0) { pre_count = count; count += m; buf = u_realloc(buf, count); @@ -160,7 +192,7 @@ } fclose(subs); SubsRepositoryEntryH entry = u_malloc(sizeof(*entry)); - if(entry) { + if (entry) { entry->strdoc = buf; entry->len = count; entry->uuid = u_strdup(namelist[n]->d_name); @@ -170,37 +202,52 @@ } u_free(namelist[n]); } - u_free(namelist); + u_free(namelist); } return 0; } + int LocalSubscriptionOpSave (char * uri_repository, char * uuid, unsigned char *subscriptionDoc) { char buf[U_NAME_MAX]; - if(LocalSubscriptionInitFlag == 0) return -1; + FILE *subsfile; + + if (LocalSubscriptionInitFlag == 0) + return -1; snprintf(buf, U_NAME_MAX, "%s/uuid:%s", uri_repository, uuid); - FILE *subsfile = fopen(buf, "w"); - if(subsfile == NULL) return -1; + subsfile = fopen(buf, "w"); + if (subsfile == NULL) { + error("Can't open %s: %s", buf, strerror(errno)); + return -1; + } fprintf(subsfile, "%s", subscriptionDoc); fclose(subsfile); return 0; } + int LocalSubscriptionOpUpdate(char * uri_repository, char * uuid, char *expire) { char buf[U_NAME_MAX]; - if(LocalSubscriptionInitFlag == 0) return -1; - snprintf(buf, U_NAME_MAX, "%s/uuid:%s", uri_repository, uuid); WsXmlDocH doc= NULL; char *temp; int len = 0; + + if (LocalSubscriptionInitFlag == 0) + return -1; + snprintf(buf, U_NAME_MAX, "%s/uuid:%s", uri_repository, uuid); doc = xml_parser_file_to_doc( buf, "UTF-8", 0); - if(doc) { + if (doc) { + FILE *subsfile; WsXmlNodeH node = ws_xml_get_child(ws_xml_get_soap_body(doc), 0, XML_NS_EVENTING, WSEVENT_SUBSCRIBE); node = ws_xml_get_child(node, 0, XML_NS_EVENTING, WSEVENT_EXPIRES); ws_xml_set_node_text(node, expire); ws_xml_dump_memory_enc(doc, &temp, &len, "UTF-8"); - FILE *subsfile = fopen(buf, "w"); + subsfile = fopen(buf, "w"); + if (subsfile == NULL) { + error("Can't open %s: %s", buf, strerror(errno)); + return -1; + } fprintf(subsfile, "%s", temp); fclose(subsfile); ws_xml_free_memory(temp); @@ -208,13 +255,15 @@ } return 0; } + int LocalSubscriptionOpDelete (char * uri_repository, char * uuid) { char buf[U_NAME_MAX]; - if(LocalSubscriptionInitFlag == 0) return -1; + + if (LocalSubscriptionInitFlag == 0) + return -1; snprintf(buf, U_NAME_MAX, "%s/uuid:%s", uri_repository, uuid); - int r = unlink(buf); - if(r) { + if (unlink(buf)) { debug("unlink %s failed! %s", buf, strerror(errno)); } return 0; diff -Nru openwsman-2.4.3/src/lib/wsman-xml.c openwsman-2.4.7/src/lib/wsman-xml.c --- openwsman-2.4.3/src/lib/wsman-xml.c 2013-12-23 10:47:33.000000000 +0000 +++ openwsman-2.4.7/src/lib/wsman-xml.c 2014-05-21 08:16:17.000000000 +0000 @@ -94,13 +94,13 @@ for (i = 0; g_wsNsData[i].uri != NULL; i++) { WsXmlNsData *nsd = &g_wsNsData[i]; if (strcmp(uri, nsd->uri) == 0 && nsd->prefix) { - sprintf(buf, "%s", nsd->prefix ); + snprintf(buf, bufsize, "%s", nsd->prefix ); return; } } } if(g_wsNsData[i].uri == NULL && bufsize >= 12) - sprintf(buf, "n%lu", ++doc->prefixIndex); + snprintf(buf, bufsize, "n%lu", ++doc->prefixIndex); else buf[0] = 0; } diff -Nru openwsman-2.4.3/src/plugins/cim/sfcc-interface.c openwsman-2.4.7/src/plugins/cim/sfcc-interface.c --- openwsman-2.4.3/src/plugins/cim/sfcc-interface.c 2013-12-23 10:47:33.000000000 +0000 +++ openwsman-2.4.7/src/plugins/cim/sfcc-interface.c 2014-05-21 08:16:17.000000000 +0000 @@ -1141,7 +1141,14 @@ epr_t *epr; if (filter) { epr = (epr_t *)filter->epr; - class = strrchr(epr->refparams.uri, '/') + 1; + class = strrchr(epr->refparams.uri, '/'); + if (class == NULL) { + /* oops, resource uri has no slash ?! */ + status->fault_code = WSA_ENDPOINT_UNAVAILABLE; + status->fault_detail_code = WSMAN_DETAIL_INVALID_RESOURCEURI; + goto cleanup; + } + class++; /* inc behind slash */ objectpath = newCMPIObjectPath(client->cim_namespace, class, NULL); wsman_epr_selector_cb(filter->epr, diff -Nru openwsman-2.4.3/src/plugins/redirect/redirect.c openwsman-2.4.7/src/plugins/redirect/redirect.c --- openwsman-2.4.3/src/plugins/redirect/redirect.c 2013-12-23 10:47:33.000000000 +0000 +++ openwsman-2.4.7/src/plugins/redirect/redirect.c 2014-05-21 08:16:17.000000000 +0000 @@ -39,7 +39,7 @@ }; -static struct __Redirect_Data *redirect_data; +static struct __Redirect_Data *redirect_data =NULL; SER_START_ITEMS(Redirect) SER_END_ITEMS(Redirect); @@ -65,7 +65,7 @@ int i; list_t *l = list_create(LISTCOUNT_T_MAX); - WsSupportedNamespaces *ns = (WsSupportedNamespaces *)u_malloc( + WsSupportedNamespaces *ns = (WsSupportedNamespaces *)u_zalloc( sizeof(WsSupportedNamespaces)); ns->class_prefix = NULL; @@ -96,13 +96,18 @@ int init( void *self, void **data ) { char* filename; - dictionary *ini, *inc_ini; + dictionary *ini=NULL, *inc_ini=NULL; filename = (char *) wsmand_options_get_config_file(); ini = iniparser_new(filename); - redirect_data = malloc (sizeof(struct __Redirect_Data)); + if (ini == NULL) { + error("Redirect Plugin: iniparser_new failed"); + return 0; + } + + redirect_data = u_zalloc (sizeof(struct __Redirect_Data)); if (redirect_data == NULL){ - error("Failed while allocating memory for redirect_data"); + error("Redirect Plugin: Failed while allocating memory for redirect_data"); return 0; } @@ -127,7 +132,12 @@ error("Redirect Plugin: The required inputs are not provided in the config file"); return 0; } - + if (ini != NULL) + iniparser_free(ini); + + if (inc_ini != NULL) + iniparser_free (inc_ini); + return 1; } @@ -255,23 +265,23 @@ WsManClient* setup_redirect_client(WsContextH cntx, char *ws_username, char *ws_password) { - WsManClient *cl = malloc(sizeof(cl)); + WsManClient *cl = NULL; - if (cl == NULL){ - error("Error while allocating memory for client in redirect plugin"); - return NULL; - } - - cl = wsmc_create( get_remote_server() , get_remote_server_port() , get_remote_url_path(), get_remote_cainfo() ? "https" : "http", - get_remote_username() ? get_remote_username() : strdup(ws_username), - get_remote_password() ? get_remote_password() : strdup(ws_password) + /* wsmc_create duplicates the username/password passed, no need to duplicate again. */ + get_remote_username() ? get_remote_username() : ws_username, + get_remote_password() ? get_remote_password() : ws_password ); + if (cl == NULL){ + error("Redirect Plugin: Error while creating the client for redirection"); + return NULL; + } + wsman_transport_set_auth_method(cl, get_remote_authentication_method()); diff -Nru openwsman-2.4.3/src/plugins/redirect/redirect_stubs.c openwsman-2.4.7/src/plugins/redirect/redirect_stubs.c --- openwsman-2.4.3/src/plugins/redirect/redirect_stubs.c 2013-12-23 10:47:33.000000000 +0000 +++ openwsman-2.4.7/src/plugins/redirect/redirect_stubs.c 2014-05-21 08:16:17.000000000 +0000 @@ -122,7 +122,7 @@ WsXmlNodeH r_header=NULL, r_node=NULL, r_body=NULL, r_opt=NULL; WsXmlDocH r_response=NULL; - char *resource_uri, *remote_enumContext; + char *resource_uri, *remote_enumContext=NULL; int op; WsManClient *cl=NULL; @@ -161,7 +161,7 @@ - r_response = ws_xml_duplicate_doc(wsmc_build_envelope_from_response(cl)); + r_response = wsmc_build_envelope_from_response(cl); if ( wsman_is_fault_envelope(r_response)){ @@ -209,7 +209,8 @@ } wsmc_release(cl); - + if (remote_enumContext != NULL) + free(remote_enumContext); return 0; @@ -265,7 +266,7 @@ } - response = ws_xml_duplicate_doc(wsmc_build_envelope_from_response(cl)); + response = wsmc_build_envelope_from_response(cl); if ( ! wsman_is_fault_envelope(response) ) diff -Nru openwsman-2.4.3/src/plugins/swig/python/CMakeLists.txt openwsman-2.4.7/src/plugins/swig/python/CMakeLists.txt --- openwsman-2.4.3/src/plugins/swig/python/CMakeLists.txt 2013-12-23 10:47:33.000000000 +0000 +++ openwsman-2.4.7/src/plugins/swig/python/CMakeLists.txt 2014-05-21 08:16:17.000000000 +0000 @@ -16,7 +16,7 @@ ENDIF (NOT PYTHON_SITE_DIR) MESSAGE(STATUS "Python executable: ${PYTHON_EXECUTABLE}") -MESSAGE(STATUS "Python inc dir: ${PYTHON_INCLUDE_PATH}") +MESSAGE(STATUS "Python inc dir: ${PYTHON_INCLUDE_DIRS}") MESSAGE(STATUS "Python lib dir: ${PYTHON_LIB_DIR}") #MESSAGE(STATUS "Python libraries: ${PYTHON_LIBRARIES}") MESSAGE(STATUS "Python site dir: ${PYTHON_SITE_DIR}") @@ -43,7 +43,7 @@ INCLUDE_DIRECTORIES( ${CMAKE_BINARY_DIR} ) # all other wsman includes INCLUDE_DIRECTORIES( ${CMAKE_SOURCE_DIR}/include ) -INCLUDE_DIRECTORIES( ${PYTHON_INCLUDE_PATH} ) +INCLUDE_DIRECTORIES( ${PYTHON_INCLUDE_DIRS} ) # # wsman_python_plugin.so diff -Nru openwsman-2.4.3/src/server/shttpd/config.c openwsman-2.4.7/src/server/shttpd/config.c --- openwsman-2.4.3/src/server/shttpd/config.c 2013-12-23 10:47:33.000000000 +0000 +++ openwsman-2.4.7/src/server/shttpd/config.c 2014-05-21 08:16:17.000000000 +0000 @@ -91,12 +91,19 @@ arg = NULL; /* Unused */ /* Load SSL library dynamically */ - if ((lib = dlopen(SSL_LIB, RTLD_LAZY)) == NULL) + if ((lib = dlopen(SSL_LIB, RTLD_LAZY)) == NULL) { elog(E_FATAL, NULL, "set_ssl: cannot load %s", SSL_LIB); + ctx->ssl_ctx = NULL; + return; + } - for (fp = ssl_sw; fp->name != NULL; fp++) - if ((fp->ptr.v_void = dlsym(lib, fp->name)) == NULL) - elog(E_FATAL, NULL,"set_ssl: cannot find %s", fp->name); + for (fp = ssl_sw; fp->name != NULL; fp++) { + if ((fp->ptr.v_void = dlsym(lib, fp->name)) == NULL) { + elog(E_FATAL, NULL,"set_ssl: cannot find %s", fp->name); + ctx->ssl_ctx = NULL; + return; + } + } /* Initialize SSL crap */ static int ssl_library_initialized = 0; @@ -105,12 +112,19 @@ SSL_library_init(); ssl_library_initialized = 1; } - if ((CTX = SSL_CTX_new(SSLv23_server_method())) == NULL) + if ((CTX = SSL_CTX_new(SSLv23_server_method())) == NULL) { elog(E_FATAL, NULL, "SSL_CTX_new error"); - else if (wsmand_options_get_ssl_cert_file() && SSL_CTX_use_certificate_file(CTX, wsmand_options_get_ssl_cert_file(),SSL_FILETYPE_PEM) == 0) + } + else if (wsmand_options_get_ssl_cert_file() && SSL_CTX_use_certificate_file(CTX, wsmand_options_get_ssl_cert_file(),SSL_FILETYPE_PEM) == 0) { elog(E_FATAL, NULL, "cannot open %s : %s", pem, strerror(errno)); - else if (wsmand_options_get_ssl_key_file() && SSL_CTX_use_PrivateKey_file(CTX, wsmand_options_get_ssl_key_file(), SSL_FILETYPE_PEM) == 0) + SSL_CTX_free(CTX); + CTX = NULL; + } + else if (wsmand_options_get_ssl_key_file() && SSL_CTX_use_PrivateKey_file(CTX, wsmand_options_get_ssl_key_file(), SSL_FILETYPE_PEM) == 0) { elog(E_FATAL, NULL, "cannot open %s : %s", pem, strerror(errno)); + SSL_CTX_free(CTX); + CTX = NULL; + } ctx->ssl_ctx = CTX; } #endif /* NO_SSL */ diff -Nru openwsman-2.4.3/src/server/wsmand.c openwsman-2.4.7/src/server/wsmand.c --- openwsman-2.4.3/src/server/wsmand.c 2013-12-23 10:47:33.000000000 +0000 +++ openwsman-2.4.7/src/server/wsmand.c 2014-05-21 08:16:17.000000000 +0000 @@ -141,8 +141,6 @@ static void sighup_handler(int sig_num) { - debug("SIGHUP received; reloading data"); - if (wsmand_options_get_debug_level() == 0) { int fd; diff -Nru openwsman-2.4.3/src/server/wsmand-listener.c openwsman-2.4.7/src/server/wsmand-listener.c --- openwsman-2.4.3/src/server/wsmand-listener.c 2013-12-23 10:47:33.000000000 +0000 +++ openwsman-2.4.7/src/server/wsmand-listener.c 2014-05-21 08:16:17.000000000 +0000 @@ -674,21 +674,21 @@ WsManListenerH *listener = wsman_dispatch_list_new(); listener->config = ini; WsContextH cntx = wsman_init_plugins(listener); - int num_threads=0; - int max_threads=wsmand_options_get_max_threads(); + int num_threads = 0; + int max_threads = wsmand_options_get_max_threads(); int max_connections_per_thread = wsmand_options_get_max_connections_per_thread(); - if(max_threads && !max_connections_per_thread){ + if (max_threads && !max_connections_per_thread) { error("max_threads: %d and max_connections_per_thread : %d", max_threads, max_connections_per_thread); return listener; } + if (cntx == NULL) { + return listener; + } #ifdef ENABLE_EVENTING_SUPPORT wsman_event_init(cntx->soap); #endif - if (cntx == NULL) { - return listener; - } #ifndef HAVE_SSL if (use_ssl) { error("Server configured without SSL support"); diff -Nru openwsman-2.4.3/VERSION.cmake openwsman-2.4.7/VERSION.cmake --- openwsman-2.4.3/VERSION.cmake 2013-12-23 10:47:33.000000000 +0000 +++ openwsman-2.4.7/VERSION.cmake 2014-05-21 08:16:17.000000000 +0000 @@ -44,10 +44,10 @@ # set COMPATMINOR to MINOR. (binary incompatible change) # -# Package version 2.4.3 +# Package version 2.4.7 SET(OPENWSMAN_MAJOR "2") SET(OPENWSMAN_MINOR "4") -SET(OPENWSMAN_PATCH "3") +SET(OPENWSMAN_PATCH "7") # Plugin API 2.2 SET(OPENWSMAN_PLUGIN_API_MAJOR "2")