5 files changed, 97 insertions, 0 deletions

diff --git a/nonsystemd/rpcbind/CVE-2017-8779.diff b/nonsystemd/rpcbind/CVE-2017-8779.diff
new file mode 100644
index 000000000..cef088bad
--- /dev/null
+++ b/nonsystemd/rpcbind/CVE-2017-8779.diff
@@ -0,0 +1,21 @@
+diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c
+index 5862c26..e11f61b 100644
+--- a/src/rpcb_svc_com.c
++++ b/src/rpcb_svc_com.c
+@@ -48,6 +48,7 @@
+ #include <rpc/rpc.h>
+ #include <rpc/rpcb_prot.h>
+ #include <rpc/svc_dg.h>
++#include <rpc/rpc_com.h>
+ #include <netconfig.h>
+ #include <errno.h>
+ #include <syslog.h>
+@@ -432,7 +433,7 @@ rpcbproc_taddr2uaddr_com(void *arg, struct svc_req *rqstp /*__unused*/,
+ static bool_t
+ xdr_encap_parms(XDR *xdrs, struct encap_parms *epp)
+ {
+-	return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), ~0));
++	return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), RPC_MAXDATASIZE));
+ }
+ 
+ /*
diff --git a/nonsystemd/rpcbind/PKGBUILD b/nonsystemd/rpcbind/PKGBUILD
new file mode 100644
index 000000000..11895bbd6
--- /dev/null
+++ b/nonsystemd/rpcbind/PKGBUILD
@@ -0,0 +1,63 @@
+# Maintainer: David P. <megver83@parabola.nu>
+# Maintainer (Artix): artoo <artoo@artixlinux.org>
+# Maintainer (Arch): Tobias Powalowski <tpowa@archlinux.org>
+
+pkgname=rpcbind
+pkgver=1.2.6
+pkgrel=3
+pkgrel+=.nonsystemd1
+pkgdesc="portmap replacement which supports RPC over various protocols"
+arch=(x86_64)
+arch+=(armv7h i686)
+url="http://rpcbind.sourceforge.net"
+license=('custom')
+depends=('bash' 'glibc' 'libtirpc')
+options=('debug')
+replaces=('portmap')
+# see also http://git.linux-nfs.org/?p=steved/rpcbind.git;a=summary
+source=(https://downloads.sourceforge.net/sourceforge/$pkgname/$pkgname-$pkgver.tar.bz2
+        rpcbind-sunrpc.patch
+        tmpfiles.d
+        sysusers.d
+        CVE-2017-8779.diff)
+sha1sums=('a6dad1d9454f42f2f25a92caba8d3d7bddf527e3'
+          '1b997ce76f9727efc8c72fc5f97189591c9a60e2'
+          'eb8b7375a4ca31b3f61fa726f387884d5e4ca7a3'
+          '97fed152572790a44e972114cbb436ca517254f9'
+          '38044ce8f3376a0b69da8e078e988fd1645bd435')
+sha256sums=('5613746489cae5ae23a443bb85c05a11741a5f12c8f55d2bb5e83b9defeee8de'
+            '7a32111c74e708ad431b7114580c60d7405c591273e6cc00baf5baff05952573'
+            '08b04f4da12b34d66cc8fefa0a6dcac239019b0de0090e08d61cb18cc36a6045'
+            '288edf4d317dbeb6607a049d4451ae7e708ab2ad284c674bed19f444036d55c1'
+            'bfb7f022b44ca83309dec6dfcb1ff4a5e0b0a40078e3688a2c7ceaaaa19a9686')
+
+prepare() {
+  cd $pkgname-$pkgver
+  # patch for iana services file # FS#20273
+  patch -Np1 -i ../rpcbind-sunrpc.patch
+  # http://seclists.org/oss-sec/2017/q2/209
+  patch -Np1 -i ../CVE-2017-8779.diff
+}
+
+build() {
+  cd $pkgname-$pkgver
+  ./configure --prefix=/usr --sbindir=/usr/bin \
+    --with-rpcuser=rpc \
+    --enable-warmstarts \
+    --with-statedir=/var/lib/rpcbind \
+    --with-systemdsystemunitdir=no \
+    --enable-rmtcalls
+  make
+}
+
+package() {
+  cd $pkgname-$pkgver
+  make DESTDIR="$pkgdir" install
+  # install missing man page - https://bugs.archlinux.org/task/21271
+  install -m644 man/rpcinfo.8 "$pkgdir"/usr/share/man/man8/
+  # systemd sysusers/tempfile
+  install -Dm644 ../tmpfiles.d "${pkgdir}"/usr/lib/tmpfiles.d/rpcbind.conf
+  install -Dm644 ../sysusers.d "${pkgdir}"/usr/lib/sysusers.d/rpcbind.conf
+  # install license
+  install -D -m644 COPYING "$pkgdir"/usr/share/licenses/rpcbind/COPYING
+}
diff --git a/nonsystemd/rpcbind/rpcbind-sunrpc.patch b/nonsystemd/rpcbind/rpcbind-sunrpc.patch
new file mode 100644
index 000000000..099e83391
--- /dev/null
+++ b/nonsystemd/rpcbind/rpcbind-sunrpc.patch
@@ -0,0 +1,11 @@
+--- rpcbind-0.2.3/src/rpcbind.c	2015-04-27 16:07:43.000000000 +0200
++++ rpcbind-0.2.3/src/rpcbind.c.new	2015-04-27 19:48:44.518124944 +0200
+@@ -132,7 +132,7 @@
+ char *udp_uaddr;	/* Universal UDP address */
+ char *tcp_uaddr;	/* Universal TCP address */
+ #endif
+-static char servname[] = "rpcbind";
++static char servname[] = "sunrpc";
+ static char superuser[] = "superuser";
+ 
+ int main __P((int, char *[]));
diff --git a/nonsystemd/rpcbind/sysusers.d b/nonsystemd/rpcbind/sysusers.d
new file mode 100644
index 000000000..213da3e3c
--- /dev/null
+++ b/nonsystemd/rpcbind/sysusers.d
@@ -0,0 +1 @@
+u rpc 32 "Rpcbind Daemon" /var/lib/rpcbind
diff --git a/nonsystemd/rpcbind/tmpfiles.d b/nonsystemd/rpcbind/tmpfiles.d
new file mode 100644
index 000000000..09bfa3588
--- /dev/null
+++ b/nonsystemd/rpcbind/tmpfiles.d
@@ -0,0 +1 @@
+d /var/lib/rpcbind 0700 rpc rpc