diff options
-rw-r--r-- | abs/core/rpcbind/CVE-2017-8779.diff | 21 | ||||
-rw-r--r-- | abs/core/rpcbind/PKGBUILD | 61 | ||||
-rw-r--r-- | abs/core/rpcbind/rpcbind-sunrpc.patch | 17 | ||||
-rw-r--r-- | abs/core/rpcbind/rpcbind.conf | 3 | ||||
-rw-r--r-- | abs/core/rpcbind/rpcbind.service | 11 | ||||
-rw-r--r-- | abs/core/rpcbind/systemd_service.diff | 10 | ||||
-rw-r--r-- | abs/core/rpcbind/sysusers.d | 1 | ||||
-rw-r--r-- | abs/core/rpcbind/tmpfiles.d | 1 |
8 files changed, 78 insertions, 47 deletions
diff --git a/abs/core/rpcbind/CVE-2017-8779.diff b/abs/core/rpcbind/CVE-2017-8779.diff new file mode 100644 index 0000000..cef088b --- /dev/null +++ b/abs/core/rpcbind/CVE-2017-8779.diff @@ -0,0 +1,21 @@ +diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c +index 5862c26..e11f61b 100644 +--- a/src/rpcb_svc_com.c ++++ b/src/rpcb_svc_com.c +@@ -48,6 +48,7 @@ + #include <rpc/rpc.h> + #include <rpc/rpcb_prot.h> + #include <rpc/svc_dg.h> ++#include <rpc/rpc_com.h> + #include <netconfig.h> + #include <errno.h> + #include <syslog.h> +@@ -432,7 +433,7 @@ rpcbproc_taddr2uaddr_com(void *arg, struct svc_req *rqstp /*__unused*/, + static bool_t + xdr_encap_parms(XDR *xdrs, struct encap_parms *epp) + { +- return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), ~0)); ++ return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), RPC_MAXDATASIZE)); + } + + /* diff --git a/abs/core/rpcbind/PKGBUILD b/abs/core/rpcbind/PKGBUILD index 75cb398..5bbcf8b 100644 --- a/abs/core/rpcbind/PKGBUILD +++ b/abs/core/rpcbind/PKGBUILD @@ -1,46 +1,63 @@ -# $Id: PKGBUILD 157234 2012-04-26 13:06:13Z tpowa $ +# $Id$ +# Maintainer: AndyRTR <andyrtr@archlinux.org> # Maintainer: Tobias Powalowski <tpowa@archlinux.org> pkgname=rpcbind -pkgver=0.2.0 -pkgrel=8 +pkgver=0.2.4 +pkgrel=4 pkgdesc="portmap replacement which supports RPC over various protocols" -arch=(i686 x86_64) -depends=('bash' 'glibc' 'libtirpc') +arch=(x86_64) +backup=('etc/conf.d/rpcbind') +makedepends=('systemd') +depends=('bash' 'glibc' 'libtirpc' 'libsystemd') url="http://rpcbind.sourceforge.net" license=('custom') replaces=('portmap') -source=(http://downloads.sourceforge.net/sourceforge/rpcbind/rpcbind-0.2.0.tar.bz2 +# see also http://git.infradead.org/users/steved/rpcbind.git +source=(https://downloads.sourceforge.net/sourceforge/$pkgname/$pkgname-$pkgver.tar.bz2 rpcbind-sunrpc.patch - rpcbind.service - rpcbind) -md5sums=('1a77ddb1aaea8099ab19c351eeb26316' - 'c02ac36a98baac70b8a26190524b7b73' - 'd2615f4c0d58f154aab6e294997ac9be' - '78a963654f57cbb209e228884767836e') + rpcbind.conf + systemd_service.diff + tmpfiles.d + sysusers.d + CVE-2017-8779.diff) +sha1sums=('8a6045dd3397e9f71bf3a7c9d269e255cca537bd' + '1b997ce76f9727efc8c72fc5f97189591c9a60e2' + '08246ff18d12cee01e5c9391c6ba8f5597cac936' + '3ebfcf09d01e41c70135124e68b3db681c768aa0' + 'eb8b7375a4ca31b3f61fa726f387884d5e4ca7a3' + '97fed152572790a44e972114cbb436ca517254f9' + '38044ce8f3376a0b69da8e078e988fd1645bd435') -build() { +prepare() { cd $srcdir/$pkgname-$pkgver - # patch for iana services file + # patch for iana services file # FS#20273 patch -Np1 -i ../rpcbind-sunrpc.patch - ./configure --prefix=/usr --enable-warmstarts --with-statedir=/run - make + # use distro config file; FS#52058 + patch -Np1 -i ../systemd_service.diff + # http://seclists.org/oss-sec/2017/q2/209 + patch -Np1 -i ../CVE-2017-8779.diff } -check() { +build() { cd $srcdir/$pkgname-$pkgver - make check + ./configure --prefix=/usr \ + --with-rpcuser=rpc \ + --enable-warmstarts \ + --with-statedir=/var/lib/rpcbind + make } package() { cd $srcdir/$pkgname-$pkgver make DESTDIR=$pkgdir install + # install rpcbind config file + install -D -m644 $srcdir/rpcbind.conf $pkgdir/etc/conf.d/rpcbind # install missing man page - https://bugs.archlinux.org/task/21271 install -m644 man/rpcinfo.8 $pkgdir/usr/share/man/man8/ - # install daemon - install -D -m755 $srcdir/rpcbind $pkgdir/etc/rc.d/rpcbind - # install systemd service file - install -D -m644 $srcdir/rpcbind.service $pkgdir/usr/lib/systemd/system/rpcbind.service + # systemd sysusers/tempfile + install -Dm644 ../tmpfiles.d ${pkgdir}/usr/lib/tmpfiles.d/rpcbind.conf + install -Dm644 ../sysusers.d ${pkgdir}/usr/lib/sysusers.d/rpcbind.conf # install license install -D -m644 COPYING $pkgdir/usr/share/licenses/rpcbind/COPYING } diff --git a/abs/core/rpcbind/rpcbind-sunrpc.patch b/abs/core/rpcbind/rpcbind-sunrpc.patch index 76cf54b..099e833 100644 --- a/abs/core/rpcbind/rpcbind-sunrpc.patch +++ b/abs/core/rpcbind/rpcbind-sunrpc.patch @@ -1,6 +1,6 @@ ---- rpcbind-0.1.7/src/rpcbind.c.orig 2008-11-19 14:17:34.000000000 +0100 -+++ rpcbind-0.1.7/src/rpcbind.c 2010-01-07 13:03:37.416632894 +0100 -@@ -114,7 +114,7 @@ +--- rpcbind-0.2.3/src/rpcbind.c 2015-04-27 16:07:43.000000000 +0200 ++++ rpcbind-0.2.3/src/rpcbind.c.new 2015-04-27 19:48:44.518124944 +0200 +@@ -132,7 +132,7 @@ char *udp_uaddr; /* Universal UDP address */ char *tcp_uaddr; /* Universal TCP address */ #endif @@ -9,14 +9,3 @@ static char superuser[] = "superuser"; int main __P((int, char *[])); ---- rpcbind-0.1.7/src/rpcinfo.c~ 2010-01-08 16:14:24.592156602 +0000 -+++ rpcbind-0.1.7/src/rpcinfo.c 2010-01-08 16:14:31.578838609 +0000 -@@ -633,7 +633,7 @@ - { - memset (&hints, 0, sizeof hints); - hints.ai_family = AF_INET; -- if ((error = getaddrinfo (host, "rpcbind", &hints, &res)) != 0 && -+ if ((error = getaddrinfo (host, "sunrpc", &hints, &res)) != 0 && - (error = getaddrinfo (host, "portmapper", &hints, &res)) != 0) - { - fprintf (stderr, "rpcinfo: %s: %s\n", diff --git a/abs/core/rpcbind/rpcbind.conf b/abs/core/rpcbind/rpcbind.conf new file mode 100644 index 0000000..4b35e37 --- /dev/null +++ b/abs/core/rpcbind/rpcbind.conf @@ -0,0 +1,3 @@ +# +# Optional arguments passed to rpcbind. See rpcbind(8) +RPCBIND_ARGS="" diff --git a/abs/core/rpcbind/rpcbind.service b/abs/core/rpcbind/rpcbind.service deleted file mode 100644 index 418ba1e..0000000 --- a/abs/core/rpcbind/rpcbind.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=RPC Bind -Requires=network.target - -[Service] -Type=forking -ExecStart=/usr/bin/rpcbind -Restart=always - -[Install] -WantedBy=multi-user.target diff --git a/abs/core/rpcbind/systemd_service.diff b/abs/core/rpcbind/systemd_service.diff new file mode 100644 index 0000000..fdab664 --- /dev/null +++ b/abs/core/rpcbind/systemd_service.diff @@ -0,0 +1,10 @@ +--- rpcbind-0.2.4/systemd/rpcbind.service.in 2016-11-28 21:47:28.000000000 +0100 ++++ rpcbind-0.2.4/systemd/rpcbind.service.in.new 2016-12-06 16:18:54.429326613 +0100 +@@ -11,6 +11,7 @@ + [Service] + Type=notify + # distro can provide a drop-in adding EnvironmentFile=-/??? if needed. ++EnvironmentFile=/etc/conf.d/rpcbind + ExecStart=@_bindir@/rpcbind $RPCBIND_OPTIONS -w -f + + [Install] diff --git a/abs/core/rpcbind/sysusers.d b/abs/core/rpcbind/sysusers.d new file mode 100644 index 0000000..213da3e --- /dev/null +++ b/abs/core/rpcbind/sysusers.d @@ -0,0 +1 @@ +u rpc 32 "Rpcbind Daemon" /var/lib/rpcbind diff --git a/abs/core/rpcbind/tmpfiles.d b/abs/core/rpcbind/tmpfiles.d new file mode 100644 index 0000000..09bfa35 --- /dev/null +++ b/abs/core/rpcbind/tmpfiles.d @@ -0,0 +1 @@ +d /var/lib/rpcbind 0700 rpc rpc |