Import sfw build 136
Bugs Fixed
----------
6514945 webmin still refers to xmemfs usr/sfw/lib/webmin/mount/solaris-lib.pl
6633684 [nvb78] Webmin is not integrated with apache2.2
6641988 [nvb79] Webmin interface for mysql badly configured
6780832 Add SASL support to mutt
6796795 copy text from mutt in gnome-terminal to other application is adding spaces
6799158 Update SER to link the MySQL 5.1 instead of the MySQL 4.0
6804425 Mutt doesn't have header cache support
6809910 Webmin 1.170 (Solaris 10): newaliases is not called when clicking Delete on sendmail/edit_alias.cgi
6828622 libnet Makefile invokes gcc directly, it should use $(CC) instead.
6903750 mutt fails to read MH-style mail dirs
6909860 /usr/man/man4/ipmiconsole.conf.4 refer to nonexistent man/man5 man pages in osol_129 and osol_132
6914573 webmin bundled with Solaris vulnerable to three separate XSS vulnerab ilities
6920693 trousers should use newer software
6922082 CVE-2010-0393 - CUPS lppasswd utility vulnerability
6924985 CVE-2010-0302: incomplete fix for CUPS CR#6900557(CVE-2009-3553)
6927042 memleaks in libtspi
6930830 upgrade OpenSSL to 0.9.8m (and fix CVE-2009-3555)
6932600 completion failure with zfs destroy, some problems with _dladm
6933290 After pkg image-update and reboot, tomcat service falls into maintenance
6933533 PSARC/2009/232 implementation breaks nmap
6933649 webmin contains Sun's branding, which should be removed
6934512 Envelope is not redrawn in compose mode after return from the message edit
--- src/tspi/ps/tspps.c.orig Fri Jan 29 11:54:49 2010
+++ src/tspi/ps/tspps.c Fri Jan 29 11:54:15 2010
@@ -19,6 +19,21 @@
#include <sys/file.h>
#include <sys/stat.h>
#include <assert.h>
+#include <fcntl.h>
+#include <limits.h>
+#include <netdb.h>
+#if defined (HAVE_BYTEORDER_H)
+#include <sys/byteorder.h>
+#elif defined(HAVE_ENDIAN_H)
+#include <endian.h>
+#define LE_16 htole16
+#define LE_32 htole32
+#define LE_64 htole64
+#else
+#define LE_16(x) (x)
+#define LE_32(x) (x)
+#define LE_64(x) (x)
+#endif
#include "trousers/tss.h"
#include "trousers/trousers.h"
@@ -33,6 +48,17 @@
#if (defined (__FreeBSD__) || defined (__OpenBSD__))
static MUTEX_DECLARE_INIT(user_ps_path);
#endif
+#if defined (SOLARIS)
+static struct flock fl = {
+ 0,
+ 0,
+ 0,
+ 0,
+ 0,
+ 0,
+ {0, 0, 0, 0}
+};
+#endif
/*
@@ -62,6 +88,16 @@
euid = geteuid();
+#if defined (SOLARIS)
+ /*
+ * Solaris keeps user PS in a local directory instead of
+ * in the user's home directory, which may be shared
+ * by multiple systems.
+ *
+ * The directory path on Solaris is /var/tpm/userps/[EUID]/
+ */
+ rc = snprintf(buf, sizeof (buf), "%s/%d", TSS_USER_PS_DIR, euid);
+#else
setpwent();
while (1) {
#if (defined (__linux) || defined (linux))
@@ -93,8 +129,9 @@
return TSPERR(TSS_E_OUTOFMEMORY);
/* Tack on TSS_USER_PS_DIR and see if it exists */
- rc = snprintf(buf, PASSWD_BUFSIZE, "%s/%s", home_dir, TSS_USER_PS_DIR);
- if (rc == PASSWD_BUFSIZE) {
+ rc = snprintf(buf, sizeof (buf), "%s/%s", home_dir, TSS_USER_PS_DIR);
+#endif /* SOLARIS */
+ if (rc == sizeof (buf)) {
LogDebugFn("USER PS: Path to file too long! (> %d bytes)", PASSWD_BUFSIZE);
result = TSPERR(TSS_E_INTERNAL_ERROR);
goto done;
@@ -104,7 +141,7 @@
if ((rc = stat(buf, &stat_buf)) == -1) {
if (errno == ENOENT) {
errno = 0;
- /* Create the base directory, $HOME/.trousers */
+ /* Create the user's ps directory if it is not there. */
if ((rc = mkdir(buf, 0700)) == -1) {
LogDebugFn("USER PS: Error creating dir: %s: %s", buf,
strerror(errno));
@@ -119,10 +156,15 @@
}
/* Directory exists or has been created, return the path to the file */
- rc = snprintf(buf, PASSWD_BUFSIZE, "%s/%s/%s", home_dir, TSS_USER_PS_DIR,
+#if defined (SOLARIS)
+ rc = snprintf(buf, sizeof (buf), "%s/%d/%s", TSS_USER_PS_DIR, euid,
TSS_USER_PS_FILE);
- if (rc == PASSWD_BUFSIZE) {
- LogDebugFn("USER PS: Path to file too long! (> %d bytes)", PASSWD_BUFSIZE);
+#else
+ rc = snprintf(buf, sizeof (buf), "%s/%s/%s", home_dir, TSS_USER_PS_DIR,
+ TSS_USER_PS_FILE);
+#endif
+ if (rc == sizeof (buf)) {
+ LogDebugFn("USER PS: Path to file too long! (> %d bytes)", sizeof (buf));
} else
*file = strdup(buf);
@@ -143,12 +185,16 @@
/* check the global file handle first. If it exists, lock it and return */
if (user_ps_fd != -1) {
+#if defined (SOLARIS)
+ fl.l_type = F_WRLCK;
+ if ((rc = fcntl(user_ps_fd, F_SETLKW, &fl))) {
+#else
if ((rc = flock(user_ps_fd, LOCK_EX))) {
+#endif /* SOLARIS */
LogDebug("USER PS: failed to lock file: %s", strerror(errno));
MUTEX_UNLOCK(user_ps_lock);
return TSPERR(TSS_E_INTERNAL_ERROR);
}
-
*fd = user_ps_fd;
return TSS_SUCCESS;
}
@@ -167,8 +213,12 @@
MUTEX_UNLOCK(user_ps_lock);
return TSPERR(TSS_E_INTERNAL_ERROR);
}
-
+#if defined (SOLARIS)
+ fl.l_type = F_WRLCK;
+ if ((rc = fcntl(user_ps_fd, F_SETLKW, &fl))) {
+#else
if ((rc = flock(user_ps_fd, LOCK_EX))) {
+#endif /* SOLARIS */
LogDebug("USER PS: failed to get lock of %s: %s", file_name, strerror(errno));
free(file_name);
close(user_ps_fd);
@@ -190,7 +240,12 @@
fsync(fd);
/* release the file lock */
+#if defined (SOLARIS)
+ fl.l_type = F_UNLCK;
+ if ((rc = fcntl(fd, F_SETLKW, &fl))) {
+#else
if ((rc = flock(fd, LOCK_UN))) {
+#endif /* SOLARIS */
LogDebug("USER PS: failed to unlock file: %s", strerror(errno));
rc = -1;
}
@@ -365,6 +420,7 @@
LogDebug("read of %zd bytes: %s", sizeof(UINT32), strerror(errno));
return TSPERR(TSS_E_INTERNAL_ERROR);
}
+ num_keys = LE_32(num_keys);
if (increment)
num_keys++;
@@ -377,6 +433,7 @@
return TSPERR(TSS_E_INTERNAL_ERROR);
}
+ num_keys = LE_32(num_keys);
if ((result = write_data(fd, (void *)&num_keys, sizeof(UINT32)))) {
LogDebug("%s", __FUNCTION__);
return result;
@@ -498,16 +555,20 @@
}
/* [UINT16 pub_data_size0 ] yes */
+ pub_key_size = LE_16(pub_key_size);
if ((result = write_data(fd, &pub_key_size, sizeof(UINT16)))) {
LogDebug("%s", __FUNCTION__);
goto done;
}
+ pub_key_size = LE_16(pub_key_size);
/* [UINT16 blob_size0 ] yes */
+ key_blob_size = LE_16(key_blob_size);
if ((result = write_data(fd, &key_blob_size, sizeof(UINT16)))) {
LogDebug("%s", __FUNCTION__);
goto done;
}
+ key_blob_size = LE_16(key_blob_size);
/* [UINT32 vendor_data_size0 ] yes */
if ((result = write_data(fd, &zero, sizeof(UINT32)))) {
@@ -516,10 +577,12 @@
}
/* [UINT16 cache_flags0 ] yes */
+ cache_flags = LE_16(cache_flags);
if ((result = write_data(fd, &cache_flags, sizeof(UINT16)))) {
LogDebug("%s", __FUNCTION__);
goto done;
}
+ cache_flags = LE_16(cache_flags);
/* [BYTE[] pub_data0 ] no */
if ((result = write_data(fd, (void *)key.pubKey.key, pub_key_size))) {
@@ -685,6 +748,7 @@
LogDebug("%s", __FUNCTION__);
goto err_exit;
}
+ tmp[i].pub_data_size = LE_16(tmp[i].pub_data_size);
DBG_ASSERT(tmp[i].pub_data_size <= 2048);
@@ -693,6 +757,7 @@
LogDebug("%s", __FUNCTION__);
goto err_exit;
}
+ tmp[i].blob_size = LE_16(tmp[i].blob_size);
DBG_ASSERT(tmp[i].blob_size <= 4096);
@@ -701,6 +766,7 @@
LogDebug("%s", __FUNCTION__);
goto err_exit;
}
+ tmp[i].vendor_data_size = LE_32(tmp[i].vendor_data_size);
/* cache flags */
if ((result = read_data(fd, &tmp[i].flags, sizeof(UINT16)))) {
@@ -707,6 +773,7 @@
LogDebug("%s", __FUNCTION__);
goto err_exit;
}
+ tmp[i].flags = LE_16(tmp[i].flags);
/* fast forward over the pub key */
offset = lseek(fd, tmp[i].pub_data_size, SEEK_CUR);
@@ -1031,6 +1098,8 @@
num_keys = 0;
}
+ /* The system PS file is written in little-endian */
+ num_keys = LE_32(num_keys);
return num_keys;
}
@@ -1109,7 +1178,7 @@
LogDebug("%s", __FUNCTION__);
return result;
}
-
+ c->pub_data_size = LE_16(c->pub_data_size);
DBG_ASSERT(c->pub_data_size <= 2048 && c->pub_data_size > 0);
/* blob size */
@@ -1117,7 +1186,7 @@
LogDebug("%s", __FUNCTION__);
return result;
}
-
+ c->blob_size = LE_16(c->blob_size);
DBG_ASSERT(c->blob_size <= 4096 && c->blob_size > 0);
/* vendor data size */
@@ -1125,6 +1194,7 @@
LogDebug("%s", __FUNCTION__);
return result;
}
+ c->vendor_data_size = LE_32(c->vendor_data_size);
/* cache flags */
if ((result = read_data(fd, &c->flags, sizeof(UINT16)))) {
@@ -1131,6 +1201,7 @@
LogDebug("%s", __FUNCTION__);
return result;
}
+ c->flags = LE_16(c->flags);
/* fast forward over the pub key */
offset = lseek(fd, c->pub_data_size, SEEK_CUR);
@@ -1198,6 +1269,7 @@
return result;
}
+ c->pub_data_size = LE_16(c->pub_data_size);
DBG_ASSERT(c->pub_data_size <= 2048 && c->pub_data_size > 0);
/* blob size */
@@ -1206,6 +1278,7 @@
return result;
}
+ c->blob_size = LE_16(c->blob_size);
DBG_ASSERT(c->blob_size <= 4096 && c->blob_size > 0);
/* vendor data size */
@@ -1213,6 +1286,7 @@
LogDebug("%s", __FUNCTION__);
return result;
}
+ c->vendor_data_size = LE_32(c->vendor_data_size);
/* cache flags */
if ((result = read_data(fd, &c->flags, sizeof(UINT16)))) {
@@ -1219,6 +1293,7 @@
LogDebug("%s", __FUNCTION__);
return result;
}
+ c->flags = LE_16(c->flags);
if (c->pub_data_size == pub_size) {
/* read in the pub key */