diff options
Diffstat (limited to 'nonsystemd/rpcbind')
-rw-r--r-- | nonsystemd/rpcbind/CVE-2017-8779.diff | 21 | ||||
-rw-r--r-- | nonsystemd/rpcbind/PKGBUILD | 63 | ||||
-rw-r--r-- | nonsystemd/rpcbind/rpcbind-sunrpc.patch | 11 | ||||
-rw-r--r-- | nonsystemd/rpcbind/sysusers.d | 1 | ||||
-rw-r--r-- | nonsystemd/rpcbind/tmpfiles.d | 1 |
5 files changed, 97 insertions, 0 deletions
diff --git a/nonsystemd/rpcbind/CVE-2017-8779.diff b/nonsystemd/rpcbind/CVE-2017-8779.diff new file mode 100644 index 000000000..cef088bad --- /dev/null +++ b/nonsystemd/rpcbind/CVE-2017-8779.diff @@ -0,0 +1,21 @@ +diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c +index 5862c26..e11f61b 100644 +--- a/src/rpcb_svc_com.c ++++ b/src/rpcb_svc_com.c +@@ -48,6 +48,7 @@ + #include <rpc/rpc.h> + #include <rpc/rpcb_prot.h> + #include <rpc/svc_dg.h> ++#include <rpc/rpc_com.h> + #include <netconfig.h> + #include <errno.h> + #include <syslog.h> +@@ -432,7 +433,7 @@ rpcbproc_taddr2uaddr_com(void *arg, struct svc_req *rqstp /*__unused*/, + static bool_t + xdr_encap_parms(XDR *xdrs, struct encap_parms *epp) + { +- return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), ~0)); ++ return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), RPC_MAXDATASIZE)); + } + + /* diff --git a/nonsystemd/rpcbind/PKGBUILD b/nonsystemd/rpcbind/PKGBUILD new file mode 100644 index 000000000..11895bbd6 --- /dev/null +++ b/nonsystemd/rpcbind/PKGBUILD @@ -0,0 +1,63 @@ +# Maintainer: David P. <megver83@parabola.nu> +# Maintainer (Artix): artoo <artoo@artixlinux.org> +# Maintainer (Arch): Tobias Powalowski <tpowa@archlinux.org> + +pkgname=rpcbind +pkgver=1.2.6 +pkgrel=3 +pkgrel+=.nonsystemd1 +pkgdesc="portmap replacement which supports RPC over various protocols" +arch=(x86_64) +arch+=(armv7h i686) +url="http://rpcbind.sourceforge.net" +license=('custom') +depends=('bash' 'glibc' 'libtirpc') +options=('debug') +replaces=('portmap') +# see also http://git.linux-nfs.org/?p=steved/rpcbind.git;a=summary +source=(https://downloads.sourceforge.net/sourceforge/$pkgname/$pkgname-$pkgver.tar.bz2 + rpcbind-sunrpc.patch + tmpfiles.d + sysusers.d + CVE-2017-8779.diff) +sha1sums=('a6dad1d9454f42f2f25a92caba8d3d7bddf527e3' + '1b997ce76f9727efc8c72fc5f97189591c9a60e2' + 'eb8b7375a4ca31b3f61fa726f387884d5e4ca7a3' + '97fed152572790a44e972114cbb436ca517254f9' + '38044ce8f3376a0b69da8e078e988fd1645bd435') +sha256sums=('5613746489cae5ae23a443bb85c05a11741a5f12c8f55d2bb5e83b9defeee8de' + '7a32111c74e708ad431b7114580c60d7405c591273e6cc00baf5baff05952573' + '08b04f4da12b34d66cc8fefa0a6dcac239019b0de0090e08d61cb18cc36a6045' + '288edf4d317dbeb6607a049d4451ae7e708ab2ad284c674bed19f444036d55c1' + 'bfb7f022b44ca83309dec6dfcb1ff4a5e0b0a40078e3688a2c7ceaaaa19a9686') + +prepare() { + cd $pkgname-$pkgver + # patch for iana services file # FS#20273 + patch -Np1 -i ../rpcbind-sunrpc.patch + # http://seclists.org/oss-sec/2017/q2/209 + patch -Np1 -i ../CVE-2017-8779.diff +} + +build() { + cd $pkgname-$pkgver + ./configure --prefix=/usr --sbindir=/usr/bin \ + --with-rpcuser=rpc \ + --enable-warmstarts \ + --with-statedir=/var/lib/rpcbind \ + --with-systemdsystemunitdir=no \ + --enable-rmtcalls + make +} + +package() { + cd $pkgname-$pkgver + make DESTDIR="$pkgdir" install + # install missing man page - https://bugs.archlinux.org/task/21271 + install -m644 man/rpcinfo.8 "$pkgdir"/usr/share/man/man8/ + # systemd sysusers/tempfile + install -Dm644 ../tmpfiles.d "${pkgdir}"/usr/lib/tmpfiles.d/rpcbind.conf + install -Dm644 ../sysusers.d "${pkgdir}"/usr/lib/sysusers.d/rpcbind.conf + # install license + install -D -m644 COPYING "$pkgdir"/usr/share/licenses/rpcbind/COPYING +} diff --git a/nonsystemd/rpcbind/rpcbind-sunrpc.patch b/nonsystemd/rpcbind/rpcbind-sunrpc.patch new file mode 100644 index 000000000..099e83391 --- /dev/null +++ b/nonsystemd/rpcbind/rpcbind-sunrpc.patch @@ -0,0 +1,11 @@ +--- rpcbind-0.2.3/src/rpcbind.c 2015-04-27 16:07:43.000000000 +0200 ++++ rpcbind-0.2.3/src/rpcbind.c.new 2015-04-27 19:48:44.518124944 +0200 +@@ -132,7 +132,7 @@ + char *udp_uaddr; /* Universal UDP address */ + char *tcp_uaddr; /* Universal TCP address */ + #endif +-static char servname[] = "rpcbind"; ++static char servname[] = "sunrpc"; + static char superuser[] = "superuser"; + + int main __P((int, char *[])); diff --git a/nonsystemd/rpcbind/sysusers.d b/nonsystemd/rpcbind/sysusers.d new file mode 100644 index 000000000..213da3e3c --- /dev/null +++ b/nonsystemd/rpcbind/sysusers.d @@ -0,0 +1 @@ +u rpc 32 "Rpcbind Daemon" /var/lib/rpcbind diff --git a/nonsystemd/rpcbind/tmpfiles.d b/nonsystemd/rpcbind/tmpfiles.d new file mode 100644 index 000000000..09bfa3588 --- /dev/null +++ b/nonsystemd/rpcbind/tmpfiles.d @@ -0,0 +1 @@ +d /var/lib/rpcbind 0700 rpc rpc |