summaryrefslogtreecommitdiffstats
path: root/patches/source/rpcbind
diff options
context:
space:
mode:
Diffstat (limited to 'patches/source/rpcbind')
-rw-r--r--patches/source/rpcbind/0001-man-rpcibind.8-Clarify-state-file-usage-and-history.patch39
-rw-r--r--patches/source/rpcbind/0002-rpcbind-pair-all-svc_getargs-calls-with-svc_freeargs.patch218
-rw-r--r--patches/source/rpcbind/0003-pmapproc_dump-Fixed-typo-in-memory-leak-patch.patch29
-rw-r--r--patches/source/rpcbind/0004-rpcbind-fix-building-without-enable-debug.patch69
-rw-r--r--patches/source/rpcbind/0005-rpcbproc_callit_com-Stop-freeing-a-static-pointer.patch96
-rw-r--r--patches/source/rpcbind/0006-rpcbproc_callit_com-No-need-to-allocate-output-buffe.patch96
-rw-r--r--patches/source/rpcbind/01.rpcbind-manpage-statefile-explanation.patch25
-rw-r--r--patches/source/rpcbind/doinst.sh24
-rw-r--r--patches/source/rpcbind/rc.rpc64
-rwxr-xr-xpatches/source/rpcbind/rpcbind.SlackBuild155
-rw-r--r--patches/source/rpcbind/rpcbind.lwrap.needs.lnsl.diff14
-rw-r--r--patches/source/rpcbind/slack-desc19
12 files changed, 848 insertions, 0 deletions
diff --git a/patches/source/rpcbind/0001-man-rpcibind.8-Clarify-state-file-usage-and-history.patch b/patches/source/rpcbind/0001-man-rpcibind.8-Clarify-state-file-usage-and-history.patch
new file mode 100644
index 00000000..9ea5870d
--- /dev/null
+++ b/patches/source/rpcbind/0001-man-rpcibind.8-Clarify-state-file-usage-and-history.patch
@@ -0,0 +1,39 @@
+From a89ba6d07832cb62a86601971380fda7130c6826 Mon Sep 17 00:00:00 2001
+From: "Patrick J. Volkerding" <volkerdi@slackware.com>
+Date: Mon, 17 Jul 2017 23:09:36 -0500
+Subject: [PATCH 1/2] man/rpcibind.8: Clarify state file usage and history
+
+---
+ man/rpcbind.8 | 13 +++++++++++--
+ 1 file changed, 11 insertions(+), 2 deletions(-)
+
+diff --git a/man/rpcbind.8 b/man/rpcbind.8
+index af6200f..bdfb1c8 100644
+--- a/man/rpcbind.8
++++ b/man/rpcbind.8
+@@ -132,11 +132,20 @@ to connect to services from a privileged port.
+ .It Fl w
+ Cause
+ .Nm
+-to do a "warm start" by read a state file when
++to do a "warm start" by attempting to read *.xdr state files from the
++state directory
++.%T /var/run/rpcbind
++when
+ .Nm
+-starts up. The state file is created when
++starts up. The state files are created when
+ .Nm
+ terminates.
++.Pp
++This allows for restarting
++.Nm
++without the need to restart all RPC services that have previously registered.
++The state files serve a similar purpose to the files created/restored by the
++pmap_dump and pmap_set utilities distributed with the old portmap server package.
+ .El
+ .Sh NOTES
+ All RPC servers must be restarted if
+--
+2.13.2
+
diff --git a/patches/source/rpcbind/0002-rpcbind-pair-all-svc_getargs-calls-with-svc_freeargs.patch b/patches/source/rpcbind/0002-rpcbind-pair-all-svc_getargs-calls-with-svc_freeargs.patch
new file mode 100644
index 00000000..060614cc
--- /dev/null
+++ b/patches/source/rpcbind/0002-rpcbind-pair-all-svc_getargs-calls-with-svc_freeargs.patch
@@ -0,0 +1,218 @@
+From 7ea36eeece56b59f98e469934e4c20b4da043346 Mon Sep 17 00:00:00 2001
+From: Doran Moppert <dmoppert@redhat.com>
+Date: Thu, 11 May 2017 11:42:54 -0400
+Subject: [PATCH 2/6] rpcbind: pair all svc_getargs() calls with svc_freeargs()
+ to avoid memory leak
+
+This patch is to address CVE-2017-8779 "rpcbomb" in rpcbind, discussed
+at [1], [2], [3]. The last link suggests this issue is actually a bug
+in rpcbind, which led me here.
+
+The leak caused by the reproducer at [4] appears to come from
+rpcb_service_4(), in the case where svc_getargs() returns false and the
+function had an early return, rather than passing through the cleanup
+path at done:, as would otherwise occur.
+
+It also addresses a couple of other locations where the same fault seems
+to exist, though I haven't been able to exercise those. I hope someone
+more intimate with rpc(3) can confirm my understanding is correct, and
+that I haven't introduced any new bugs.
+
+Without this patch, using the reproducer (and variants) repeatedly
+against rpcbind with a numBytes argument of 1_000_000_000, /proc/$(pidof
+rpcbind)/status reports VmSize increase of 976564 kB each call, and
+VmRSS increase of around 260 kB every 33 calls - the specific numbers
+are probably an artifact of my rhel/glibc version. With the patch,
+there is a small (~50 kB) VmSize increase with the first message, but
+thereafter both VmSize and VmRSS remain steady.
+
+[1]: http://seclists.org/oss-sec/2017/q2/209
+[2]: https://bugzilla.redhat.com/show_bug.cgi?id=1448124
+[3]: https://sourceware.org/ml/libc-alpha/2017-05/msg00129.html
+[4]: https://github.com/guidovranken/rpcbomb/
+
+Signed-off-by: Doran Moppert <dmoppert@redhat.com>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ src/pmap_svc.c | 56 +++++++++++++++++++++++++++++++++++++++++++++---------
+ src/rpcb_svc.c | 2 +-
+ src/rpcb_svc_4.c | 2 +-
+ src/rpcb_svc_com.c | 8 ++++++++
+ 4 files changed, 57 insertions(+), 11 deletions(-)
+
+diff --git a/src/pmap_svc.c b/src/pmap_svc.c
+index 4c744fe..e926cdc 100644
+--- a/src/pmap_svc.c
++++ b/src/pmap_svc.c
+@@ -175,6 +175,7 @@ pmapproc_change(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt, unsigned long
+ long ans;
+ uid_t uid;
+ char uidbuf[32];
++ int rc = TRUE;
+
+ /*
+ * Can't use getpwnam here. We might end up calling ourselves
+@@ -194,7 +195,8 @@ pmapproc_change(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt, unsigned long
+
+ if (!svc_getargs(xprt, (xdrproc_t) xdr_pmap, (char *)&reg)) {
+ svcerr_decode(xprt);
+- return (FALSE);
++ rc = FALSE;
++ goto done;
+ }
+ #ifdef RPCBIND_DEBUG
+ if (debugging)
+@@ -205,7 +207,8 @@ pmapproc_change(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt, unsigned long
+
+ if (!check_access(xprt, op, reg.pm_prog, PMAPVERS)) {
+ svcerr_weakauth(xprt);
+- return (FALSE);
++ rc = (FALSE);
++ goto done;
+ }
+
+ rpcbreg.r_prog = reg.pm_prog;
+@@ -258,7 +261,16 @@ done_change:
+ rpcbs_set(RPCBVERS_2_STAT, ans);
+ else
+ rpcbs_unset(RPCBVERS_2_STAT, ans);
+- return (TRUE);
++done:
++ if (!svc_freeargs(xprt, (xdrproc_t) xdr_pmap, (char *)&reg)) {
++ if (debugging) {
++ (void) xlog(LOG_DEBUG, "unable to free arguments\n");
++ if (doabort) {
++ rpcbind_abort();
++ }
++ }
++ }
++ return (rc);
+ }
+
+ /* ARGSUSED */
+@@ -272,15 +284,18 @@ pmapproc_getport(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt)
+ #ifdef RPCBIND_DEBUG
+ char *uaddr;
+ #endif
++ int rc = TRUE;
+
+ if (!svc_getargs(xprt, (xdrproc_t) xdr_pmap, (char *)&reg)) {
+ svcerr_decode(xprt);
+- return (FALSE);
++ rc = FALSE;
++ goto done;
+ }
+
+ if (!check_access(xprt, PMAPPROC_GETPORT, reg.pm_prog, PMAPVERS)) {
+ svcerr_weakauth(xprt);
+- return FALSE;
++ rc = FALSE;
++ goto done;
+ }
+
+ #ifdef RPCBIND_DEBUG
+@@ -330,21 +345,34 @@ pmapproc_getport(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt)
+ pmap_ipprot2netid(reg.pm_prot) ?: "<unknown>",
+ port ? udptrans : "");
+
+- return (TRUE);
++done:
++ if (!svc_freeargs(xprt, (xdrproc_t) xdr_pmap, (char *)&reg)) {
++ if (debugging) {
++ (void) xlog(LOG_DEBUG, "unable to free arguments\n");
++ if (doabort) {
++ rpcbind_abort();
++ }
++ }
++ }
++ return (rc);
+ }
+
+ /* ARGSUSED */
+ static bool_t
+ pmapproc_dump(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt)
+ {
++ int rc = TRUE;
++
+ if (!svc_getargs(xprt, (xdrproc_t)xdr_void, NULL)) {
+ svcerr_decode(xprt);
+- return (FALSE);
++ rc = FALSE;
++ goto done;
+ }
+
+ if (!check_access(xprt, PMAPPROC_DUMP, 0, PMAPVERS)) {
+ svcerr_weakauth(xprt);
+- return FALSE;
++ rc = FALSE;
++ goto done;
+ }
+
+ if ((!svc_sendreply(xprt, (xdrproc_t) xdr_pmaplist_ptr,
+@@ -354,7 +382,17 @@ pmapproc_dump(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt)
+ rpcbind_abort();
+ }
+ }
+- return (TRUE);
++
++done:
++ if (!svc_freeargs(xprt, (xdrproc_t) xdr_pmap, (char *)NULL)) {
++ if (debugging) {
++ (void) xlog(LOG_DEBUG, "unable to free arguments\n");
++ if (doabort) {
++ rpcbind_abort();
++ }
++ }
++ }
++ return (rc);
+ }
+
+ int pmap_netid2ipprot(const char *netid)
+diff --git a/src/rpcb_svc.c b/src/rpcb_svc.c
+index 709e3fb..091f530 100644
+--- a/src/rpcb_svc.c
++++ b/src/rpcb_svc.c
+@@ -166,7 +166,7 @@ rpcb_service_3(struct svc_req *rqstp, SVCXPRT *transp)
+ svcerr_decode(transp);
+ if (debugging)
+ (void) xlog(LOG_DEBUG, "rpcbind: could not decode");
+- return;
++ goto done;
+ }
+
+ if (rqstp->rq_proc == RPCBPROC_SET
+diff --git a/src/rpcb_svc_4.c b/src/rpcb_svc_4.c
+index 5094879..eebbbbe 100644
+--- a/src/rpcb_svc_4.c
++++ b/src/rpcb_svc_4.c
+@@ -218,7 +218,7 @@ rpcb_service_4(struct svc_req *rqstp, SVCXPRT *transp)
+ svcerr_decode(transp);
+ if (debugging)
+ (void) xlog(LOG_DEBUG, "rpcbind: could not decode\n");
+- return;
++ goto done;
+ }
+
+ if (rqstp->rq_proc == RPCBPROC_SET
+diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c
+index 5862c26..cb63afd 100644
+--- a/src/rpcb_svc_com.c
++++ b/src/rpcb_svc_com.c
+@@ -927,6 +927,14 @@ error:
+ if (call_msg.rm_xid != 0)
+ (void) free_slot_by_xid(call_msg.rm_xid);
+ out:
++ if (!svc_freeargs(transp, (xdrproc_t) xdr_rmtcall_args, (char *) &a)) {
++ if (debugging) {
++ (void) xlog(LOG_DEBUG, "unable to free arguments\n");
++ if (doabort) {
++ rpcbind_abort();
++ }
++ }
++ }
+ if (local_uaddr)
+ free(local_uaddr);
+ if (buf_alloc)
+--
+2.13.0
+
diff --git a/patches/source/rpcbind/0003-pmapproc_dump-Fixed-typo-in-memory-leak-patch.patch b/patches/source/rpcbind/0003-pmapproc_dump-Fixed-typo-in-memory-leak-patch.patch
new file mode 100644
index 00000000..6cf885ac
--- /dev/null
+++ b/patches/source/rpcbind/0003-pmapproc_dump-Fixed-typo-in-memory-leak-patch.patch
@@ -0,0 +1,29 @@
+From c49a7ea639eb700823e174fd605bbbe183e229aa Mon Sep 17 00:00:00 2001
+From: Steve Dickson <steved@redhat.com>
+Date: Wed, 17 May 2017 10:52:25 -0400
+Subject: [PATCH 3/6] pmapproc_dump: Fixed typo in memory leak patch
+
+commit 7ea36eee introduce a typo that caused
+NIS (aka ypbind) to fail.
+
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ src/pmap_svc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/pmap_svc.c b/src/pmap_svc.c
+index e926cdc..26c31d0 100644
+--- a/src/pmap_svc.c
++++ b/src/pmap_svc.c
+@@ -384,7 +384,7 @@ pmapproc_dump(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt)
+ }
+
+ done:
+- if (!svc_freeargs(xprt, (xdrproc_t) xdr_pmap, (char *)NULL)) {
++ if (!svc_freeargs(xprt, (xdrproc_t) xdr_void, (char *)NULL)) {
+ if (debugging) {
+ (void) xlog(LOG_DEBUG, "unable to free arguments\n");
+ if (doabort) {
+--
+2.13.0
+
diff --git a/patches/source/rpcbind/0004-rpcbind-fix-building-without-enable-debug.patch b/patches/source/rpcbind/0004-rpcbind-fix-building-without-enable-debug.patch
new file mode 100644
index 00000000..f7c30794
--- /dev/null
+++ b/patches/source/rpcbind/0004-rpcbind-fix-building-without-enable-debug.patch
@@ -0,0 +1,69 @@
+From c0e38c9fd1b2c6785af90c86b26a07724c2488e8 Mon Sep 17 00:00:00 2001
+From: Nick Alcock <nick.alcock@oracle.com>
+Date: Thu, 25 May 2017 12:45:35 -0400
+Subject: [PATCH 4/6] rpcbind: fix building without --enable-debug
+
+All if (debugging) stanzas and their accompanying xlog()s and aborts
+should be within #ifdef RPCBIND_DEBUG.
+
+Fixes a compilation failure due to non-inclusion of <syslog.h> in the
+non-debugging case.
+
+Signed-off-by: Nick Alcock <nick.alcock@oracle.com>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ src/pmap_svc.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/pmap_svc.c b/src/pmap_svc.c
+index 26c31d0..a53dd5f 100644
+--- a/src/pmap_svc.c
++++ b/src/pmap_svc.c
+@@ -263,12 +263,14 @@ done_change:
+ rpcbs_unset(RPCBVERS_2_STAT, ans);
+ done:
+ if (!svc_freeargs(xprt, (xdrproc_t) xdr_pmap, (char *)&reg)) {
++#ifdef RPCBIND_DEBUG
+ if (debugging) {
+ (void) xlog(LOG_DEBUG, "unable to free arguments\n");
+ if (doabort) {
+ rpcbind_abort();
+ }
+ }
++#endif
+ }
+ return (rc);
+ }
+@@ -347,12 +349,14 @@ pmapproc_getport(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt)
+
+ done:
+ if (!svc_freeargs(xprt, (xdrproc_t) xdr_pmap, (char *)&reg)) {
++#ifdef RPCBIND_DEBUG
+ if (debugging) {
+ (void) xlog(LOG_DEBUG, "unable to free arguments\n");
+ if (doabort) {
+ rpcbind_abort();
+ }
+ }
++#endif
+ }
+ return (rc);
+ }
+@@ -385,12 +389,14 @@ pmapproc_dump(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt)
+
+ done:
+ if (!svc_freeargs(xprt, (xdrproc_t) xdr_void, (char *)NULL)) {
++#ifdef RPCBIND_DEBUG
+ if (debugging) {
+ (void) xlog(LOG_DEBUG, "unable to free arguments\n");
+ if (doabort) {
+ rpcbind_abort();
+ }
+ }
++#endif
+ }
+ return (rc);
+ }
+--
+2.13.0
+
diff --git a/patches/source/rpcbind/0005-rpcbproc_callit_com-Stop-freeing-a-static-pointer.patch b/patches/source/rpcbind/0005-rpcbproc_callit_com-Stop-freeing-a-static-pointer.patch
new file mode 100644
index 00000000..ff42c9e4
--- /dev/null
+++ b/patches/source/rpcbind/0005-rpcbproc_callit_com-Stop-freeing-a-static-pointer.patch
@@ -0,0 +1,96 @@
+From 7c7590ad536c0e24bef790cb1e65702fc54db566 Mon Sep 17 00:00:00 2001
+From: Steve Dickson <steved@redhat.com>
+Date: Tue, 30 May 2017 11:27:22 -0400
+Subject: [PATCH 5/6] rpcbproc_callit_com: Stop freeing a static pointer
+
+commit 7ea36ee introduced a svc_freeargs() call
+that ended up freeing static pointer.
+
+It turns out the allocations for the rmt_args
+is not necessary . The xdr routines (xdr_bytes) will
+handle the memory management and the largest
+possible message size is UDPMSGSIZE (due to UDP only)
+which is smaller than RPC_BUF_MAX
+
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ src/rpcb_svc_com.c | 39 ++++++---------------------------------
+ 1 file changed, 6 insertions(+), 33 deletions(-)
+
+diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c
+index cb63afd..1fc2229 100644
+--- a/src/rpcb_svc_com.c
++++ b/src/rpcb_svc_com.c
+@@ -612,9 +612,9 @@ rpcbproc_callit_com(struct svc_req *rqstp, SVCXPRT *transp,
+ struct netconfig *nconf;
+ struct netbuf *caller;
+ struct r_rmtcall_args a;
+- char *buf_alloc = NULL, *outbufp;
++ char *outbufp;
+ char *outbuf_alloc = NULL;
+- char buf[RPC_BUF_MAX], outbuf[RPC_BUF_MAX];
++ char outbuf[RPC_BUF_MAX];
+ struct netbuf *na = (struct netbuf *) NULL;
+ struct rpc_msg call_msg;
+ int outlen;
+@@ -635,36 +635,10 @@ rpcbproc_callit_com(struct svc_req *rqstp, SVCXPRT *transp,
+ }
+ if (si.si_socktype != SOCK_DGRAM)
+ return; /* Only datagram type accepted */
+- sendsz = __rpc_get_t_size(si.si_af, si.si_proto, UDPMSGSIZE);
+- if (sendsz == 0) { /* data transfer not supported */
+- if (reply_type == RPCBPROC_INDIRECT)
+- svcerr_systemerr(transp);
+- return;
+- }
+- /*
+- * Should be multiple of 4 for XDR.
+- */
+- sendsz = ((sendsz + 3) / 4) * 4;
+- if (sendsz > RPC_BUF_MAX) {
+-#ifdef notyet
+- buf_alloc = alloca(sendsz); /* not in IDR2? */
+-#else
+- buf_alloc = malloc(sendsz);
+-#endif /* notyet */
+- if (buf_alloc == NULL) {
+- if (debugging)
+- xlog(LOG_DEBUG,
+- "rpcbproc_callit_com: No Memory!\n");
+- if (reply_type == RPCBPROC_INDIRECT)
+- svcerr_systemerr(transp);
+- return;
+- }
+- a.rmt_args.args = buf_alloc;
+- } else {
+- a.rmt_args.args = buf;
+- }
++ sendsz = UDPMSGSIZE;
+
+ call_msg.rm_xid = 0; /* For error checking purposes */
++ memset(&a, 0, sizeof(a)); /* Zero out the input buffer */
+ if (!svc_getargs(transp, (xdrproc_t) xdr_rmtcall_args, (char *) &a)) {
+ if (reply_type == RPCBPROC_INDIRECT)
+ svcerr_decode(transp);
+@@ -704,7 +678,8 @@ rpcbproc_callit_com(struct svc_req *rqstp, SVCXPRT *transp,
+ if (rbl == (rpcblist_ptr)NULL) {
+ #ifdef RPCBIND_DEBUG
+ if (debugging)
+- xlog(LOG_DEBUG, "not found\n");
++ xlog(LOG_DEBUG, "prog %lu vers %lu: not found\n",
++ a.rmt_prog, a.rmt_vers);
+ #endif
+ if (reply_type == RPCBPROC_INDIRECT)
+ svcerr_noprog(transp);
+@@ -937,8 +912,6 @@ out:
+ }
+ if (local_uaddr)
+ free(local_uaddr);
+- if (buf_alloc)
+- free(buf_alloc);
+ if (outbuf_alloc)
+ free(outbuf_alloc);
+ if (na) {
+--
+2.13.2
+
diff --git a/patches/source/rpcbind/0006-rpcbproc_callit_com-No-need-to-allocate-output-buffe.patch b/patches/source/rpcbind/0006-rpcbproc_callit_com-No-need-to-allocate-output-buffe.patch
new file mode 100644
index 00000000..1a0aa6cf
--- /dev/null
+++ b/patches/source/rpcbind/0006-rpcbproc_callit_com-No-need-to-allocate-output-buffe.patch
@@ -0,0 +1,96 @@
+From 1e2ddd4ebd7a9266e6070f275fa35752752fdfd6 Mon Sep 17 00:00:00 2001
+From: Steve Dickson <steved@redhat.com>
+Date: Tue, 30 May 2017 11:29:58 -0400
+Subject: [PATCH 6/6] rpcbproc_callit_com: No need to allocate output buffer
+
+Now that sendz is a fixed size (UDPMSGSIZE) which
+is small then RPC_BUF_MAX, no need to check the
+sendz size.
+
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ src/rpcb_svc_com.c | 33 +++++----------------------------
+ 1 file changed, 5 insertions(+), 28 deletions(-)
+
+diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c
+index 1fc2229..d36b090 100644
+--- a/src/rpcb_svc_com.c
++++ b/src/rpcb_svc_com.c
+@@ -612,8 +612,6 @@ rpcbproc_callit_com(struct svc_req *rqstp, SVCXPRT *transp,
+ struct netconfig *nconf;
+ struct netbuf *caller;
+ struct r_rmtcall_args a;
+- char *outbufp;
+- char *outbuf_alloc = NULL;
+ char outbuf[RPC_BUF_MAX];
+ struct netbuf *na = (struct netbuf *) NULL;
+ struct rpc_msg call_msg;
+@@ -674,7 +672,6 @@ rpcbproc_callit_com(struct svc_req *rqstp, SVCXPRT *transp,
+
+ rpcbs_rmtcall(versnum - 2, reply_type, a.rmt_prog, a.rmt_vers,
+ a.rmt_proc, transp->xp_netid, rbl);
+-
+ if (rbl == (rpcblist_ptr)NULL) {
+ #ifdef RPCBIND_DEBUG
+ if (debugging)
+@@ -793,24 +790,10 @@ rpcbproc_callit_com(struct svc_req *rqstp, SVCXPRT *transp,
+ call_msg.rm_call.cb_rpcvers = RPC_MSG_VERSION;
+ call_msg.rm_call.cb_prog = a.rmt_prog;
+ call_msg.rm_call.cb_vers = a.rmt_vers;
+- if (sendsz > RPC_BUF_MAX) {
+-#ifdef notyet
+- outbuf_alloc = alloca(sendsz); /* not in IDR2? */
+-#else
+- outbuf_alloc = malloc(sendsz);
+-#endif /* notyet */
+- if (outbuf_alloc == NULL) {
+- if (reply_type == RPCBPROC_INDIRECT)
+- svcerr_systemerr(transp);
+- if (debugging)
+- xlog(LOG_DEBUG,
+- "rpcbproc_callit_com: No memory!\n");
+- goto error;
+- }
+- xdrmem_create(&outxdr, outbuf_alloc, sendsz, XDR_ENCODE);
+- } else {
+- xdrmem_create(&outxdr, outbuf, sendsz, XDR_ENCODE);
+- }
++
++ memset(outbuf, '\0', sendsz); /* Zero out the output buffer */
++ xdrmem_create(&outxdr, outbuf, sendsz, XDR_ENCODE);
++
+ if (!xdr_callhdr(&outxdr, &call_msg)) {
+ if (reply_type == RPCBPROC_INDIRECT)
+ svcerr_systemerr(transp);
+@@ -875,10 +858,6 @@ rpcbproc_callit_com(struct svc_req *rqstp, SVCXPRT *transp,
+ goto error;
+ }
+ outlen = (int) XDR_GETPOS(&outxdr);
+- if (outbuf_alloc)
+- outbufp = outbuf_alloc;
+- else
+- outbufp = outbuf;
+
+ na = uaddr2taddr(nconf, local_uaddr);
+ if (!na) {
+@@ -887,7 +866,7 @@ rpcbproc_callit_com(struct svc_req *rqstp, SVCXPRT *transp,
+ goto error;
+ }
+
+- if (sendto(fd, outbufp, outlen, 0, (struct sockaddr *)na->buf, na->len)
++ if (sendto(fd, outbuf, outlen, 0, (struct sockaddr *)na->buf, na->len)
+ != outlen) {
+ if (debugging)
+ xlog(LOG_DEBUG,
+@@ -912,8 +891,6 @@ out:
+ }
+ if (local_uaddr)
+ free(local_uaddr);
+- if (outbuf_alloc)
+- free(outbuf_alloc);
+ if (na) {
+ free(na->buf);
+ free(na);
+--
+2.13.2
+
diff --git a/patches/source/rpcbind/01.rpcbind-manpage-statefile-explanation.patch b/patches/source/rpcbind/01.rpcbind-manpage-statefile-explanation.patch
new file mode 100644
index 00000000..946dd1bd
--- /dev/null
+++ b/patches/source/rpcbind/01.rpcbind-manpage-statefile-explanation.patch
@@ -0,0 +1,25 @@
+--- rpcbind-0.2.3/man/rpcbind.8 2015-04-27 16:07:43.000000000 +0200
++++ rpcbind-0.2.3/man/rpcbind.8 2015-09-22 16:25:40.000000000 +0200
+@@ -132,11 +132,20 @@
+ .It Fl w
+ Cause
+ .Nm
+-to do a "warm start" by read a state file when
++to do a "warm start" by attempting to read *.xdr state files from the
++state directory
++.%T /var/state/rpcbind
++when
+ .Nm
+-starts up. The state file is created when
++starts up. The state files are created when
+ .Nm
+ terminates.
++.Pp
++This allows for restarting
++.Nm
++without the need to restart all RPC services that have previously registered.
++The state file serves similar purpose like the file created/restored by
++pmap_dump and pmap_set utilities, distributed with old portmap server package.
+ .El
+ .Sh NOTES
+ All RPC servers must be restarted if
diff --git a/patches/source/rpcbind/doinst.sh b/patches/source/rpcbind/doinst.sh
new file mode 100644
index 00000000..5f7dfaf5
--- /dev/null
+++ b/patches/source/rpcbind/doinst.sh
@@ -0,0 +1,24 @@
+config() {
+ NEW="$1"
+ OLD="`dirname $NEW`/`basename $NEW .new`"
+ # If there's no config file by that name, mv it over:
+ if [ ! -r $OLD ]; then
+ mv $NEW $OLD
+ elif [ "`cat $OLD | md5sum`" = "`cat $NEW | md5sum`" ]; then # toss the redundant copy
+ rm $NEW
+ fi
+ # Otherwise, we leave the .new copy for the admin to consider...
+}
+
+preserve_perms() {
+ NEW="$1"
+ OLD="$(dirname $NEW)/$(basename $NEW .new)"
+ if [ -e $OLD ]; then
+ cp -a $OLD ${NEW}.incoming
+ cat $NEW > ${NEW}.incoming
+ mv ${NEW}.incoming $NEW
+ fi
+ config $NEW
+}
+
+preserve_perms etc/rc.d/rc.rpc.new
diff --git a/patches/source/rpcbind/rc.rpc b/patches/source/rpcbind/rc.rpc
new file mode 100644
index 00000000..c850c556
--- /dev/null
+++ b/patches/source/rpcbind/rc.rpc
@@ -0,0 +1,64 @@
+#!/bin/sh
+# rc.rpc: start/stop/restart RPC daemons needed to use NFS.
+#
+# You must run these daemons in order to mount NFS partitions
+# (unless you use the mount option '-o nolock', which can
+# corrupt files and is not generally recommended unless you
+# are mounting the partition(s) as read-only).
+#
+# To run an NFS server, starting these is mandatory.
+#
+
+rpc_start() {
+ if [ -x /sbin/rpcbind -a -x /sbin/rpc.statd ]; then
+ if ! ps axc | grep -q rpcbind ; then
+ echo "Starting RPC portmapper: /sbin/rpcbind -l $1"
+ /sbin/rpcbind -l $1
+ fi
+ if ! ps axc | grep -q rpc.statd ; then
+ echo "Starting RPC NSM (Network Status Monitor): /sbin/rpc.statd"
+ /sbin/rpc.statd
+ fi
+ else
+ echo "WARNING: Cannot start RPC daemons needed for NFS. One or more of"
+ echo " these required daemons is not executable or is not present"
+ echo " on your system:"
+ echo
+ echo " /sbin/rpcbind or /sbin/rpc.statd"
+ echo
+ fi
+}
+
+rpc_stop() {
+ killall rpc.statd 2> /dev/null
+ sleep 1
+ killall rpcbind 2> /dev/null
+ sleep 1
+ killall -9 rpc.statd 2> /dev/null # make sure :)
+ sleep 1
+ killall -9 rpcbind 2> /dev/null # make sure :)
+ sleep 1
+}
+
+rpc_restart() {
+ rpc_stop
+ rpc_start
+}
+
+case "$1" in
+'start')
+ # Warm restart by default (see "man rpcbind" for details about the -w option)
+ rpc_start -w
+ ;;
+'cold_start') # Start without -w option
+ rpc_start
+ ;;
+'stop')
+ rpc_stop
+ ;;
+'restart')
+ rpc_restart
+ ;;
+*)
+ echo "usage $0 start|stop|restart"
+esac
diff --git a/patches/source/rpcbind/rpcbind.SlackBuild b/patches/source/rpcbind/rpcbind.SlackBuild
new file mode 100755
index 00000000..894c7dbd
--- /dev/null
+++ b/patches/source/rpcbind/rpcbind.SlackBuild
@@ -0,0 +1,155 @@
+#!/bin/sh
+
+# Copyright 2015, 2017 Patrick J. Volkerding, Sebeka, Minnesota, USA
+# All rights reserved.
+#
+# Redistribution and use of this script, with or without modification, is
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of this script must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+PKGNAM=rpcbind
+VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
+BUILD=${BUILD:-2_slack14.2}
+
+# Automatically determine the architecture we're building on:
+if [ -z "$ARCH" ]; then
+ case "$(uname -m)" in
+ i?86) ARCH=i586 ;;
+ arm*) readelf /usr/bin/file -A | egrep -q "Tag_CPU.*[4,5]" && ARCH=arm || ARCH=armv7hl ;;
+ # Unless $ARCH is already set, use uname -m for all other archs:
+ *) ARCH=$(uname -m) ;;
+ esac
+ export ARCH
+fi
+
+NUMJOBS=${NUMJOBS:-" -j7 "}
+
+if [ "$ARCH" = "i386" ]; then
+ SLKCFLAGS="-O2 -march=i386 -mcpu=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "i486" ]; then
+ SLKCFLAGS="-O2 -march=i486 -mtune=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "i586" ]; then
+ SLKCFLAGS="-O2 -march=i586 -mtune=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "i686" ]; then
+ SLKCFLAGS="-O2 -march=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "s390" ]; then
+ SLKCFLAGS="-O2"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "x86_64" ]; then
+ SLKCFLAGS="-O2 -fPIC"
+ LIBDIRSUFFIX="64"
+elif [ "$ARCH" = "armv7hl" ]; then
+ SLKCFLAGS="-O3 -march=armv7-a -mfpu=vfpv3-d16"
+ LIBDIRSUFFIX=""
+else
+ SLKCFLAGS="-O2"
+ LIBDIRSUFFIX=""
+fi
+
+CWD=$(pwd)
+TMP=${TMP:-/tmp}
+PKG=$TMP/package-$PKGNAM
+
+rm -rf $PKG
+mkdir -p $TMP $PKG
+
+cd $TMP
+rm -rf $PKGNAM-$VERSION
+tar xvf $CWD/$PKGNAM-$VERSION.tar.?z* || exit 1
+cd $PKGNAM-$VERSION || exit 1
+
+# CVE-2017-8779
+zcat $CWD/0002-rpcbind-pair-all-svc_getargs-calls-with-svc_freeargs.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/0003-pmapproc_dump-Fixed-typo-in-memory-leak-patch.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/0004-rpcbind-fix-building-without-enable-debug.patch.gz | patch -p1 --verbose || exit 1
+
+# Fixes from git master
+zcat $CWD/0005-rpcbproc_callit_com-Stop-freeing-a-static-pointer.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/0006-rpcbproc_callit_com-No-need-to-allocate-output-buffe.patch.gz | patch -p1 --verbose || exit 1
+
+zcat $CWD/0001-man-rpcibind.8-Clarify-state-file-usage-and-history.patch | patch -p1 --verbose || exit 1
+zcat $CWD/rpcbind.lwrap.needs.lnsl.diff.gz | patch -p1 --verbose || exit 1
+
+# This is needed after the libwrap patch above:
+autoreconf -vif || exit 1
+./autogen.sh
+
+chown -R root:root .
+find . \
+ \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
+ -exec chmod 755 {} \; -o \
+ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
+ -exec chmod 644 {} \;
+
+# Configure:
+CFLAGS="$SLKCFLAGS" \
+./configure \
+ --prefix=/usr \
+ --bindir=/sbin \
+ --libdir=/lib${LIBDIRSUFFIX} \
+ --sysconfdir=/etc \
+ --mandir=/usr/man \
+ --enable-libwrap \
+ --enable-warmstarts \
+ --with-statedir=/var/run/rpcbind \
+ --with-rpcuser=rpc \
+ --with-nss-modules="files" \
+ --without-systemdsystemunitdir \
+ --build=$ARCH-slackware-linux || exit 1
+
+# Build and install:
+make $NUMJOBS || make || exit 1
+make install DESTDIR=$PKG || exit 1
+
+# Make state directory (not really needed as rpcbind does this on startup)
+mkdir -p $PKG/var/run/rpcbind
+chown rpc:root $PKG/var/run/rpcbind
+
+# Install init script:
+mkdir -p $PKG/etc/rc.d
+zcat $CWD/rc.rpc.gz > $PKG/etc/rc.d/rc.rpc.new
+
+# Strip binaries:
+( cd $PKG
+ find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
+ find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
+)
+
+# Add a documentation directory:
+mkdir -p $PKG/usr/doc/${PKGNAM}-$VERSION
+cp -a \
+ AUTHORS COPYING* NEWS README* \
+ $PKG/usr/doc/${PKGNAM}-$VERSION
+
+# Compress manual pages:
+find $PKG/usr/man -type f -exec gzip -9 {} \;
+for i in $( find $PKG/usr/man -type l ) ; do
+ ln -s $( readlink $i ).gz $i.gz
+ rm $i
+done
+
+mkdir -p $PKG/install
+zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh
+cat $CWD/slack-desc > $PKG/install/slack-desc
+
+cd $PKG
+/sbin/makepkg -l y -c n $TMP/$PKGNAM-$VERSION-$ARCH-$BUILD.txz
+
diff --git a/patches/source/rpcbind/rpcbind.lwrap.needs.lnsl.diff b/patches/source/rpcbind/rpcbind.lwrap.needs.lnsl.diff
new file mode 100644
index 00000000..43f2bdf8
--- /dev/null
+++ b/patches/source/rpcbind/rpcbind.lwrap.needs.lnsl.diff
@@ -0,0 +1,14 @@
+--- ./configure.ac.orig 2015-04-27 09:07:43.000000000 -0500
++++ ./configure.ac 2015-12-14 13:34:54.592931654 -0600
+@@ -52,6 +52,11 @@
+ fi
+ AM_CONDITIONAL(SYSTEMD, [test -n "$with_systemdsystemunitdir" -a "x$with_systemdsystemunitdir" != xno ])
+
++AC_SEARCH_LIBS(yp_get_default_domain, nsl)
++AC_MSG_CHECKING([for hosts_access in -lwrap])
++saved_LIBS="$LIBS"
++LIBS="$saved_LIBS -lwrap"
++
+ AS_IF([test x$enable_libwrap = xyes], [
+ AC_CHECK_LIB([wrap], [hosts_access], ,
+ AC_MSG_ERROR([libwrap support requested but unable to find libwrap]))
diff --git a/patches/source/rpcbind/slack-desc b/patches/source/rpcbind/slack-desc
new file mode 100644
index 00000000..70adeb78
--- /dev/null
+++ b/patches/source/rpcbind/slack-desc
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description. Line
+# up the first '|' above the ':' following the base package name, and the '|'
+# on the right side marks the last column you can put a character in. You must
+# make exactly 11 lines for the formatting to be correct. It's also
+# customary to leave one space after the ':'.
+
+ |-----handy-ruler------------------------------------------------------|
+rpcbind: rpcbind (a daemon to manage RPC connections)
+rpcbind:
+rpcbind: This is a network daemon used to manage connections to RPC services.
+rpcbind: It is meant as a replacement for the 'rpc.portmap' server from the
+rpcbind: 'portmap' package. Daemons that offer RPC services (such as the
+rpcbind: daemons for NFS) tell the rpcbind on what port they listen.
+rpcbind: RPC network port numbers may change each time the system is booted.
+rpcbind:
+rpcbind: This package is required to use NFS or other RPC services.
+rpcbind:
+rpcbind: Homepage: http://sourceforge.net/projects/rpcbind/