Updated libtirpc packages that fix several bugs are now available for Red Hat Enterprise Linux 6.
The libtirpc packages contain SunLib's implementation of transport independent RPC (TI-RPC) documentation. This includes a library required by programs in the nfs-utils and rpcbind packages.
- Previously, the libtirpc library included the authgss_get_private_data() system call, but not the authgss_free_private_data() system call. As a consequence, private data were obtained but not freed afterwards. This caused the authgss_destroy_context() call to send an incorrect RPCSEC_GSS_DESTROY request, and the client was in turn not able to clear the state data on the server. With this update, authgss_free_private_data() has been added to libtirpc, and the data is now freed correctly. As a result, the client can now reset the server state as expected.
- Prior to this update, due to race conditions, using TI-RPC in the glibc library caused TI-RPC to terminate unexpectedly with a segmentation fault on some file operations, such as fclose() call and the endnetconfig() call. This update prevents the race conditions from occurring in the above scenario, and TI-RPC thus no longer crashes when used in glibc.
- Due to buffer overruns in libtrpc, the rpcbind utility sometimes terminated unexpectedly with a segmentation fault. With this update, buffer is allocated by the svcauth_gss_validate() call, which avoids the buffer overruns and thus prevents the rpcbind crashes.
- Previously, the libtirpc-devel RPM incorrectly installed the /lib64/libtirpc.a and /lib64/libtirpc.la static libraries, which caused compiling software that linked libtirpc to fail. This update removes libtirpc.a and libtirpc.la and compiling with libtirpc.so now works as expected.
- Due to a code error in libtirpc, the automount utility sometimes terminated unexpectedly with a segmentation fault when a RPC was rejected with an invalid rejection status. This update fixes this bug and automount no longer crashes when receiving an invalid server rejection.
Users of libtirpc are advised to upgrade to these updated packages, which fix these bugs.