diff --git a/sblim-sfcb-1.3.16-maxMsgLen.patch b/sblim-sfcb-1.3.16-maxMsgLen.patch new file mode 100644 index 0000000..a0dd816 --- /dev/null +++ b/sblim-sfcb-1.3.16-maxMsgLen.patch @@ -0,0 +1,14 @@ +diff -up sblim-sfcb-1.3.16/sfcb.cfg.pre.in.old sblim-sfcb-1.3.16/sfcb.cfg.pre.in +--- sblim-sfcb-1.3.16/sfcb.cfg.pre.in.old 2012-06-13 23:21:09.000000000 +0200 ++++ sblim-sfcb-1.3.16/sfcb.cfg.pre.in 2013-06-24 15:34:38.881992781 +0200 +@@ -113,8 +113,8 @@ provProcs: 32 + + ## Max message length, in bytes. This is a limit on the size of messages + ## written across sockets, for instance, between providers and SFCB. +-## Default is 10000000 +-maxMsgLen: 10000000 ++## Default is 100000000 ++maxMsgLen: 100000000 + + ## Location of the registration directory, where providerRegister can be found + ## Default is @localstatedir@/lib/sfcb/registration diff --git a/sblim-sfcb-1.4.8-default-ecdh-curve-name.patch b/sblim-sfcb-1.4.8-default-ecdh-curve-name.patch new file mode 100644 index 0000000..3268d49 --- /dev/null +++ b/sblim-sfcb-1.4.8-default-ecdh-curve-name.patch @@ -0,0 +1,26 @@ +diff -up sblim-sfcb-1.4.8/control.c.orig sblim-sfcb-1.4.8/control.c +--- sblim-sfcb-1.4.8/control.c.orig 2014-03-27 00:46:28.000000000 +0100 ++++ sblim-sfcb-1.4.8/control.c 2014-05-15 12:31:38.304169409 +0200 +@@ -170,7 +170,7 @@ static Control init[] = { + {"sslCertList", CTL_STRING, SFCB_CONFDIR "/clist.pem", {0}}, + {"sslCiphers", CTL_STRING, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH", {0}}, + {"sslDhParamsFilePath", CTL_STRING, NULL, {0}}, +- {"sslEcDhCurveName", CTL_STRING, "secp224r1", {0}}, ++ {"sslEcDhCurveName", CTL_STRING, "secp384r1", {0}}, + {"enableSslCipherServerPref", CTL_BOOL, NULL, {.b=0}}, + + {"registrationDir", CTL_STRING, SFCB_STATEDIR "/registration", {0}}, +diff -up sblim-sfcb-1.4.8/sfcb.cfg.pre.in.orig sblim-sfcb-1.4.8/sfcb.cfg.pre.in +--- sblim-sfcb-1.4.8/sfcb.cfg.pre.in.orig 2014-05-15 12:31:59.188244865 +0200 ++++ sblim-sfcb-1.4.8/sfcb.cfg.pre.in 2014-05-15 12:32:45.554408412 +0200 +@@ -293,8 +293,8 @@ sslCiphers: ALL:!ADH:!LOW:!EXP:!MD5:@STR + ## environment. If this value is not set, the indicated default is in effect. + ## If the value is set but the curve name is not recognized by the underlying + ## openssl implementation, SFCB will abort. +-## Default is secp224r1 +-#sslEcDhCurveName: secp224r1 ++## Default is secp384r1 ++#sslEcDhCurveName: secp384r1 + + ## When set to true, sets the SSL_OP_CIPHER_SERVER_PREFERENCE flag for the ssl + ## context, to enforce server's preference instead of the client preference for diff --git a/sblim-sfcb-1.4.9-fix-ftbfs.patch b/sblim-sfcb-1.4.9-fix-ftbfs.patch new file mode 100644 index 0000000..9548b3c --- /dev/null +++ b/sblim-sfcb-1.4.9-fix-ftbfs.patch @@ -0,0 +1,12 @@ +diff -up sblim-sfcb-1.4.9/control.c.orig sblim-sfcb-1.4.9/control.c +--- sblim-sfcb-1.4.9/control.c.orig 2015-07-13 15:06:21.331660336 +0200 ++++ sblim-sfcb-1.4.9/control.c 2015-07-13 15:08:38.031308917 +0200 +@@ -83,7 +83,7 @@ long httpReqHandlerTimeout; + * Kindly null terminate, always, even if might overwrite + * the last char of the truncated string. + */ +-inline char *strncpy_kind(char *to, char *from, size_t size) { ++char *strncpy_kind(char *to, char *from, size_t size) { + strncpy(to, from, size); + *(to + size - 1) = '\0'; + return to; diff --git a/sblim-sfcb-1.4.9-fix-null-content-type-crash.patch b/sblim-sfcb-1.4.9-fix-null-content-type-crash.patch new file mode 100644 index 0000000..4009126 --- /dev/null +++ b/sblim-sfcb-1.4.9-fix-null-content-type-crash.patch @@ -0,0 +1,47 @@ +Author: Adam Majer +Summary: Fix crash caused by NULL content_type + +Also, allow requests with Content-Type set to text/xml + +==31976== Invalid read of size 1 +==31976== at 0x5883DEB: scanCimXmlRequest (cimXmlParserProcessed.c:1739) +==31976== by 0x588C88E: handleCimRequest (cimRequest.c:1850) +==31976== by 0x4E3D95A: doHttpRequest (httpAdapter.c:1399) +==31976== by 0x4E3EC96: handleHttpRequest (httpAdapter.c:1741) +==31976== by 0x4E3EC96: acceptRequest (httpAdapter.c:2022) +==31976== by 0x4E40B0C: httpDaemon (httpAdapter.c:2464) +==31976== by 0x404866: startHttpd (sfcBroker.c:540) +==31976== by 0x4038B3: main (sfcBroker.c:1062) +==31976== Address 0x0 is not stack'd, malloc'd or (recently) free'd +==31976== +==31976== +==31976== Process terminating with default action of signal 11 (SIGSEGV): dumping core +==31976== Access not within mapped region at address 0x0 +==31976== at 0x5883DEB: scanCimXmlRequest (cimXmlParserProcessed.c:1739) +==31976== by 0x588C88E: handleCimRequest (cimRequest.c:1850) +==31976== by 0x4E3D95A: doHttpRequest (httpAdapter.c:1399) +==31976== by 0x4E3EC96: handleHttpRequest (httpAdapter.c:1741) +==31976== by 0x4E3EC96: acceptRequest (httpAdapter.c:2022) +==31976== by 0x4E40B0C: httpDaemon (httpAdapter.c:2464) +==31976== by 0x404866: startHttpd (sfcBroker.c:540) +==31976== by 0x4038B3: main (sfcBroker.c:1062) + +(gdb) p *ctx +$3 = {cimDoc = 0x69058c0 "", principal = 0x0, host = 0x69054d9 "xxx.xx.xxx.xxx:5989", contentType = 0x0, teTrailers = 0, + sessionId = 1, role = 0x0, cimDocLength = 0, commHndl = 0xffefffab0, chunkFncs = 0x5044798 , + className = 0x0, operation = 0, verb = 0x6905480 "POST", path = 0x6905485 "/"} + +Index: sblim-sfcb-1.4.8/httpAdapter.c +=================================================================== +--- sblim-sfcb-1.4.8.orig/httpAdapter.c ++++ sblim-sfcb-1.4.8/httpAdapter.c +@@ -1047,7 +1047,7 @@ doHttpRequest(CommHndl conn_fd) + + inBuf.authorization = ""; + inBuf.protocol = "HTTP/1.1"; +- inBuf.content_type = NULL; ++ inBuf.content_type = "application/xml"; + inBuf.content_length = UINT_MAX; + inBuf.host = NULL; + inBuf.useragent = ""; + diff --git a/sblim-sfcb-1.4.9-fix-null-deref.patch b/sblim-sfcb-1.4.9-fix-null-deref.patch new file mode 100644 index 0000000..353c2f8 --- /dev/null +++ b/sblim-sfcb-1.4.9-fix-null-deref.patch @@ -0,0 +1,13 @@ +diff -up sblim-sfcb-1.4.9/providerMgr.c.orig sblim-sfcb-1.4.9/providerMgr.c +--- sblim-sfcb-1.4.9/providerMgr.c.orig 2014-11-25 02:43:12.000000000 +0100 ++++ sblim-sfcb-1.4.9/providerMgr.c 2015-08-24 11:57:18.945280460 +0200 +@@ -355,6 +355,9 @@ lookupProviders(long type, char *classNa + + _SFCB_ENTER(TRACE_PROVIDERMGR, "lookupProviders"); + ++ if (className == NULL) ++ _SFCB_RETURN(NULL); ++ + id = malloc(strlen(nameSpace) + strlen(className) + 8); + strcpy(id, nameSpace); + strcat(id, "|"); diff --git a/sblim-sfcb-1.4.9.tar.bz2 b/sblim-sfcb-1.4.9.tar.bz2 new file mode 100644 index 0000000..f36d7b8 Binary files /dev/null and b/sblim-sfcb-1.4.9.tar.bz2 differ diff --git a/sblim-sfcb.spec b/sblim-sfcb.spec new file mode 100644 index 0000000..fa335db --- /dev/null +++ b/sblim-sfcb.spec @@ -0,0 +1,92 @@ +Name: sblim-sfcb +Summary: Small Footprint CIM Broker (SFCB) +URL: http://sblim.sourceforge.net/wiki/index.php/Sfcb +Version: 1.4.9 +Release: 14 +License: EPL + +Source0: http://downloads.sourceforge.net/sblim/%{name}-%{version}.tar.bz2 +Source1: sfcb.service + +Patch0: sblim-sfcb-1.3.16-maxMsgLen.patch +Patch1: sblim-sfcb-1.4.8-default-ecdh-curve-name.patch +Patch2: sblim-sfcb-1.4.9-fix-ftbfs.patch +Patch3: sblim-sfcb-1.4.9-fix-null-deref.patch +Patch4: sblim-sfcb-1.4.9-fix-null-content-type-crash.patch + +Provides: cim-server = 0 +Requires: cim-schema sblim-sfcCommon +BuildRequires: libcurl-devel perl-generators zlib-devel openssl-devel +BuildRequires: pam-devel cim-schema bison flex sblim-cmpi-devel +BuildRequires: systemd sblim-sfcCommon-devel openslp-devel gcc +Requires(post): systemd-units +Requires(preun): systemd-units +Requires(postun): systemd-units + +%Description +SFCB is a CIM server for resource-constrained and embedded environments. +It is written in C and designed to be modular and lightweight. + +%prep +%autosetup -T -b 0 -p1 -n %{name}-%{version} + +%build +%configure --enable-debug --enable-uds --enable-ssl --enable-pam --enable-ipv6 \ + --enable-slp --enable-large_volume_support --enable-optimized-enumeration --enable-relax-mofsyntax \ + CFLAGS="$CFLAGS -D_GNU_SOURCE -fPIE -DPIE" LDFLAGS="$LDFLAGS -Wl,-z,now -pie" + +make + +%install +%make_install + +install -d %{buildroot}%{_unitdir} +install -p -m644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service + +mkdir -p %{buildroot}%{_mandir}/man1/ + +rm %{buildroot}%{_sysconfdir}/init.d/sfcb +%delete_la + +echo "%defattr(-,root,root,-)" > _pkg_list + +find %{buildroot}%{_datadir}/sfcb -type f | grep -v %{buildroot}%{_datadir}/sfcb/CIM >> _pkg_list +sed -i s?%{buildroot}??g _pkg_list > _pkg_list_2 +echo "%config(noreplace) %{_sysconfdir}/sfcb/*" >> _pkg_list +echo "%config(noreplace) %{_sysconfdir}/pam.d/*" >> _pkg_list +echo "%doc %{_docdir}/*" >> _pkg_list +echo "%{_mandir}/man1/*" >> _pkg_list +echo "%{_unitdir}/%{name}.service" >> _pkg_list +echo "%{_localstatedir}/lib/sfcb" >> _pkg_list +echo "%{_bindir}/*" >> _pkg_list +echo "%{_sbindir}/*" >> _pkg_list +echo "%{_libdir}/sfcb/*.so.*" >> _pkg_list +echo "%{_libdir}/sfcb/*.so" >> _pkg_list + +cat _pkg_list + +%pre +%{_bindir}/getent group sfcb >/dev/null || %{_sbindir}/groupadd -r sfcb +%{_sbindir}/usermod -a -G sfcb root > /dev/null 2>&1 || : + +%post +%{_datadir}/sfcb/genSslCert.sh %{_sysconfdir}/sfcb &>/dev/null || : +/sbin/ldconfig +%{_bindir}/sfcbrepos -f > /dev/null 2>1 +%systemd_post %{name}.service + +%preun +%systemd_preun %{name}.service + +%postun +/sbin/ldconfig +%systemd_postun_with_restart %{name}.service +if [ $1 -eq 0 ]; then + %{_sbindir}/groupdel sfcb > /dev/null 2>&1 || :; +fi; + +%files -f _pkg_list + +%changelog +* Fri Feb 14 2020 Senlin Xia - 1.4.9-14 +- Package init diff --git a/sfcb.service b/sfcb.service new file mode 100644 index 0000000..1fa6714 --- /dev/null +++ b/sfcb.service @@ -0,0 +1,9 @@ +[Unit] +Description=Small Footprint CIM Broker Service +After=syslog.target + +[Service] +ExecStart=/usr/sbin/sfcbd + +[Install] +WantedBy=multi-user.target