- Previously, the libtirpc library included the authgss_get_private_data() system call, but not the authgss_free_private_data() system call. As a consequence, private data were obtained but not freed afterwards. This caused the authgss_destroy_context() call to send an incorrect RPCSEC_GSS_DESTROY request, and the client was in turn not able to clear the state data on the server. With this update, authgss_free_private_data() has been added to libtirpc, and the data is now freed correctly. As a result, the client can now reset the server state as expected.
- Prior to this update, due to race conditions, using TI-RPC in the glibc library caused TI-RPC to terminate unexpectedly with a segmentation fault on some file operations, such as fclose() call and the endnetconfig() call. This update prevents the race conditions from occurring in the above scenario, and TI-RPC thus no longer crashes when used in glibc.
- Due to buffer overruns in libtrpc, the rpcbind utility sometimes terminated unexpectedly with a segmentation fault. With this update, buffer is allocated by the svcauth_gss_validate() call, which avoids the buffer overruns and thus prevents the rpcbind crashes.
- Previously, the libtirpc-devel RPM incorrectly installed the /lib64/libtirpc.a and /lib64/libtirpc.la static libraries, which caused compiling software that linked libtirpc to fail. This update removes libtirpc.a and libtirpc.la and compiling with libtirpc.so now works as expected.
- Due to a code error in libtirpc, the automount utility sometimes terminated unexpectedly with a segmentation fault when a RPC was rejected with an invalid rejection status. This update fixes this bug and automount no longer crashes when receiving an invalid server rejection.