summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--abs/core/rpcbind/CVE-2017-8779.diff21
-rw-r--r--abs/core/rpcbind/PKGBUILD61
-rw-r--r--abs/core/rpcbind/rpcbind-sunrpc.patch17
-rw-r--r--abs/core/rpcbind/rpcbind.conf3
-rw-r--r--abs/core/rpcbind/rpcbind.service11
-rw-r--r--abs/core/rpcbind/systemd_service.diff10
-rw-r--r--abs/core/rpcbind/sysusers.d1
-rw-r--r--abs/core/rpcbind/tmpfiles.d1
8 files changed, 78 insertions, 47 deletions
diff --git a/abs/core/rpcbind/CVE-2017-8779.diff b/abs/core/rpcbind/CVE-2017-8779.diff
new file mode 100644
index 0000000..cef088b
--- /dev/null
+++ b/abs/core/rpcbind/CVE-2017-8779.diff
@@ -0,0 +1,21 @@
+diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c
+index 5862c26..e11f61b 100644
+--- a/src/rpcb_svc_com.c
++++ b/src/rpcb_svc_com.c
+@@ -48,6 +48,7 @@
+ #include <rpc/rpc.h>
+ #include <rpc/rpcb_prot.h>
+ #include <rpc/svc_dg.h>
++#include <rpc/rpc_com.h>
+ #include <netconfig.h>
+ #include <errno.h>
+ #include <syslog.h>
+@@ -432,7 +433,7 @@ rpcbproc_taddr2uaddr_com(void *arg, struct svc_req *rqstp /*__unused*/,
+ static bool_t
+ xdr_encap_parms(XDR *xdrs, struct encap_parms *epp)
+ {
+- return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), ~0));
++ return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), RPC_MAXDATASIZE));
+ }
+
+ /*
diff --git a/abs/core/rpcbind/PKGBUILD b/abs/core/rpcbind/PKGBUILD
index 75cb398..5bbcf8b 100644
--- a/abs/core/rpcbind/PKGBUILD
+++ b/abs/core/rpcbind/PKGBUILD
@@ -1,46 +1,63 @@
-# $Id: PKGBUILD 157234 2012-04-26 13:06:13Z tpowa $
+# $Id$
+# Maintainer: AndyRTR <andyrtr@archlinux.org>
# Maintainer: Tobias Powalowski <tpowa@archlinux.org>
pkgname=rpcbind
-pkgver=0.2.0
-pkgrel=8
+pkgver=0.2.4
+pkgrel=4
pkgdesc="portmap replacement which supports RPC over various protocols"
-arch=(i686 x86_64)
-depends=('bash' 'glibc' 'libtirpc')
+arch=(x86_64)
+backup=('etc/conf.d/rpcbind')
+makedepends=('systemd')
+depends=('bash' 'glibc' 'libtirpc' 'libsystemd')
url="http://rpcbind.sourceforge.net"
license=('custom')
replaces=('portmap')
-source=(http://downloads.sourceforge.net/sourceforge/rpcbind/rpcbind-0.2.0.tar.bz2
+# see also http://git.infradead.org/users/steved/rpcbind.git
+source=(https://downloads.sourceforge.net/sourceforge/$pkgname/$pkgname-$pkgver.tar.bz2
rpcbind-sunrpc.patch
- rpcbind.service
- rpcbind)
-md5sums=('1a77ddb1aaea8099ab19c351eeb26316'
- 'c02ac36a98baac70b8a26190524b7b73'
- 'd2615f4c0d58f154aab6e294997ac9be'
- '78a963654f57cbb209e228884767836e')
+ rpcbind.conf
+ systemd_service.diff
+ tmpfiles.d
+ sysusers.d
+ CVE-2017-8779.diff)
+sha1sums=('8a6045dd3397e9f71bf3a7c9d269e255cca537bd'
+ '1b997ce76f9727efc8c72fc5f97189591c9a60e2'
+ '08246ff18d12cee01e5c9391c6ba8f5597cac936'
+ '3ebfcf09d01e41c70135124e68b3db681c768aa0'
+ 'eb8b7375a4ca31b3f61fa726f387884d5e4ca7a3'
+ '97fed152572790a44e972114cbb436ca517254f9'
+ '38044ce8f3376a0b69da8e078e988fd1645bd435')
-build() {
+prepare() {
cd $srcdir/$pkgname-$pkgver
- # patch for iana services file
+ # patch for iana services file # FS#20273
patch -Np1 -i ../rpcbind-sunrpc.patch
- ./configure --prefix=/usr --enable-warmstarts --with-statedir=/run
- make
+ # use distro config file; FS#52058
+ patch -Np1 -i ../systemd_service.diff
+ # http://seclists.org/oss-sec/2017/q2/209
+ patch -Np1 -i ../CVE-2017-8779.diff
}
-check() {
+build() {
cd $srcdir/$pkgname-$pkgver
- make check
+ ./configure --prefix=/usr \
+ --with-rpcuser=rpc \
+ --enable-warmstarts \
+ --with-statedir=/var/lib/rpcbind
+ make
}
package() {
cd $srcdir/$pkgname-$pkgver
make DESTDIR=$pkgdir install
+ # install rpcbind config file
+ install -D -m644 $srcdir/rpcbind.conf $pkgdir/etc/conf.d/rpcbind
# install missing man page - https://bugs.archlinux.org/task/21271
install -m644 man/rpcinfo.8 $pkgdir/usr/share/man/man8/
- # install daemon
- install -D -m755 $srcdir/rpcbind $pkgdir/etc/rc.d/rpcbind
- # install systemd service file
- install -D -m644 $srcdir/rpcbind.service $pkgdir/usr/lib/systemd/system/rpcbind.service
+ # systemd sysusers/tempfile
+ install -Dm644 ../tmpfiles.d ${pkgdir}/usr/lib/tmpfiles.d/rpcbind.conf
+ install -Dm644 ../sysusers.d ${pkgdir}/usr/lib/sysusers.d/rpcbind.conf
# install license
install -D -m644 COPYING $pkgdir/usr/share/licenses/rpcbind/COPYING
}
diff --git a/abs/core/rpcbind/rpcbind-sunrpc.patch b/abs/core/rpcbind/rpcbind-sunrpc.patch
index 76cf54b..099e833 100644
--- a/abs/core/rpcbind/rpcbind-sunrpc.patch
+++ b/abs/core/rpcbind/rpcbind-sunrpc.patch
@@ -1,6 +1,6 @@
---- rpcbind-0.1.7/src/rpcbind.c.orig 2008-11-19 14:17:34.000000000 +0100
-+++ rpcbind-0.1.7/src/rpcbind.c 2010-01-07 13:03:37.416632894 +0100
-@@ -114,7 +114,7 @@
+--- rpcbind-0.2.3/src/rpcbind.c 2015-04-27 16:07:43.000000000 +0200
++++ rpcbind-0.2.3/src/rpcbind.c.new 2015-04-27 19:48:44.518124944 +0200
+@@ -132,7 +132,7 @@
char *udp_uaddr; /* Universal UDP address */
char *tcp_uaddr; /* Universal TCP address */
#endif
@@ -9,14 +9,3 @@
static char superuser[] = "superuser";
int main __P((int, char *[]));
---- rpcbind-0.1.7/src/rpcinfo.c~ 2010-01-08 16:14:24.592156602 +0000
-+++ rpcbind-0.1.7/src/rpcinfo.c 2010-01-08 16:14:31.578838609 +0000
-@@ -633,7 +633,7 @@
- {
- memset (&hints, 0, sizeof hints);
- hints.ai_family = AF_INET;
-- if ((error = getaddrinfo (host, "rpcbind", &hints, &res)) != 0 &&
-+ if ((error = getaddrinfo (host, "sunrpc", &hints, &res)) != 0 &&
- (error = getaddrinfo (host, "portmapper", &hints, &res)) != 0)
- {
- fprintf (stderr, "rpcinfo: %s: %s\n",
diff --git a/abs/core/rpcbind/rpcbind.conf b/abs/core/rpcbind/rpcbind.conf
new file mode 100644
index 0000000..4b35e37
--- /dev/null
+++ b/abs/core/rpcbind/rpcbind.conf
@@ -0,0 +1,3 @@
+#
+# Optional arguments passed to rpcbind. See rpcbind(8)
+RPCBIND_ARGS=""
diff --git a/abs/core/rpcbind/rpcbind.service b/abs/core/rpcbind/rpcbind.service
deleted file mode 100644
index 418ba1e..0000000
--- a/abs/core/rpcbind/rpcbind.service
+++ /dev/null
@@ -1,11 +0,0 @@
-[Unit]
-Description=RPC Bind
-Requires=network.target
-
-[Service]
-Type=forking
-ExecStart=/usr/bin/rpcbind
-Restart=always
-
-[Install]
-WantedBy=multi-user.target
diff --git a/abs/core/rpcbind/systemd_service.diff b/abs/core/rpcbind/systemd_service.diff
new file mode 100644
index 0000000..fdab664
--- /dev/null
+++ b/abs/core/rpcbind/systemd_service.diff
@@ -0,0 +1,10 @@
+--- rpcbind-0.2.4/systemd/rpcbind.service.in 2016-11-28 21:47:28.000000000 +0100
++++ rpcbind-0.2.4/systemd/rpcbind.service.in.new 2016-12-06 16:18:54.429326613 +0100
+@@ -11,6 +11,7 @@
+ [Service]
+ Type=notify
+ # distro can provide a drop-in adding EnvironmentFile=-/??? if needed.
++EnvironmentFile=/etc/conf.d/rpcbind
+ ExecStart=@_bindir@/rpcbind $RPCBIND_OPTIONS -w -f
+
+ [Install]
diff --git a/abs/core/rpcbind/sysusers.d b/abs/core/rpcbind/sysusers.d
new file mode 100644
index 0000000..213da3e
--- /dev/null
+++ b/abs/core/rpcbind/sysusers.d
@@ -0,0 +1 @@
+u rpc 32 "Rpcbind Daemon" /var/lib/rpcbind
diff --git a/abs/core/rpcbind/tmpfiles.d b/abs/core/rpcbind/tmpfiles.d
new file mode 100644
index 0000000..09bfa35
--- /dev/null
+++ b/abs/core/rpcbind/tmpfiles.d
@@ -0,0 +1 @@
+d /var/lib/rpcbind 0700 rpc rpc