diff options
Diffstat (limited to 'source/n/rpcbind')
-rw-r--r-- | source/n/rpcbind/0001-security.c-removed-warning.patch | 29 | ||||
-rw-r--r-- | source/n/rpcbind/0002-Fix-memory-corruption-in-PMAP_CALLIT-code.patch | 82 | ||||
-rw-r--r-- | source/n/rpcbind/0003-handle_reply-Don-t-use-the-xp_auth-pointer-directly.patch | 40 | ||||
-rw-r--r-- | source/n/rpcbind/0004-Delete-the-unix-socket-only-if-we-have-created-it.patch | 51 | ||||
-rw-r--r-- | source/n/rpcbind/01.rpcbind-manpage-statefile-explanation.patch | 25 | ||||
-rw-r--r-- | source/n/rpcbind/doinst.sh | 24 | ||||
-rw-r--r-- | source/n/rpcbind/rc.rpc | 64 | ||||
-rwxr-xr-x | source/n/rpcbind/rpcbind.SlackBuild | 149 | ||||
-rw-r--r-- | source/n/rpcbind/rpcbind.lwrap.needs.lnsl.diff | 14 | ||||
-rw-r--r-- | source/n/rpcbind/slack-desc | 19 |
10 files changed, 497 insertions, 0 deletions
diff --git a/source/n/rpcbind/0001-security.c-removed-warning.patch b/source/n/rpcbind/0001-security.c-removed-warning.patch new file mode 100644 index 000000000..6ca5b6d06 --- /dev/null +++ b/source/n/rpcbind/0001-security.c-removed-warning.patch @@ -0,0 +1,29 @@ +From de47f6323d8fb20feefee21d0195cf0529151e04 Mon Sep 17 00:00:00 2001 +From: Steve Dickson <steved@redhat.com> +Date: Thu, 17 Sep 2015 15:57:35 -0400 +Subject: [PATCH 1/4] security.c: removed warning + +src/security.c:100:8: warning: implicit declaration of function 'xlog' +[-Wimplicit-function-declaration] + +Signed-off-by: Steve Dickson <steved@redhat.com> +--- + src/security.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/security.c b/src/security.c +index 0c9453f..c54ce26 100644 +--- a/src/security.c ++++ b/src/security.c +@@ -17,6 +17,8 @@ + #include <syslog.h> + #include <netdb.h> + ++#include "xlog.h" ++ + /* + * XXX for special case checks in check_callit. + */ +-- +2.6.4 + diff --git a/source/n/rpcbind/0002-Fix-memory-corruption-in-PMAP_CALLIT-code.patch b/source/n/rpcbind/0002-Fix-memory-corruption-in-PMAP_CALLIT-code.patch new file mode 100644 index 000000000..6a80742f0 --- /dev/null +++ b/source/n/rpcbind/0002-Fix-memory-corruption-in-PMAP_CALLIT-code.patch @@ -0,0 +1,82 @@ +From d5dace219953c45d26ae42db238052b68540649a Mon Sep 17 00:00:00 2001 +From: Olaf Kirch <okir@suse.de> +Date: Fri, 30 Oct 2015 10:18:20 -0400 +Subject: [PATCH 2/4] Fix memory corruption in PMAP_CALLIT code + + - A PMAP_CALLIT call comes in on IPv4 UDP + - rpcbind duplicates the caller's address to a netbuf and stores it in + FINFO[0].caller_addr. caller_addr->buf now points to a memory region A + with a size of 16 bytes + - rpcbind forwards the call to the local service, receives a reply + - when processing the reply, it does this in xprt_set_caller: + xprt->xp_rtaddr = *FINFO[0].caller_addr + It sends out the reply, and then frees the netbuf caller_addr and + caller_addr.buf. + However, it does not clear xp_rtaddr, so xp_rtaddr.buf now refers + to memory region A, which is free. + - When the next call comes in on the UDP/IPv4 socket, svc_dg_recv will + be called, which will set xp_rtaddr to the client's address. + It will reuse the buffer inside xp_rtaddr, ie it will write a + sockaddr_in to region A + +Some time down the road, an incoming TCP connection is accepted, +allocating a fresh SVCXPRT. The memory region A is inside the +new SVCXPRT + + - While processing the TCP call, another UDP call comes in, again + overwriting region A with the client's address + - TCP client closes connection. In svc_destroy, we now trip over + the garbage left in region A + +We ran into the case where a commercial scanner was triggering +occasional rpcbind segfaults. The core file that was captured showed +a corrupted xprt->xp_netid pointer that was really a sockaddr_in. + +Signed-off-by: Olaf Kirch <okir@suse.de> +Signed-off-by: Steve Dickson <steved@redhat.com> +--- + src/rpcb_svc_com.c | 23 ++++++++++++++++++++++- + 1 file changed, 22 insertions(+), 1 deletion(-) + +diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c +index ff9ce6b..4ae93f1 100644 +--- a/src/rpcb_svc_com.c ++++ b/src/rpcb_svc_com.c +@@ -1183,12 +1183,33 @@ check_rmtcalls(struct pollfd *pfds, int nfds) + return (ncallbacks_found); + } + ++/* ++ * This is really a helper function defined in libtirpc, ++ * but unfortunately, it hasn't been exported yet. ++ */ ++static struct netbuf * ++__rpc_set_netbuf(struct netbuf *nb, const void *ptr, size_t len) ++{ ++ if (nb->len != len) { ++ if (nb->len) ++ mem_free(nb->buf, nb->len); ++ nb->buf = mem_alloc(len); ++ if (nb->buf == NULL) ++ return NULL; ++ ++ nb->maxlen = nb->len = len; ++ } ++ memcpy(nb->buf, ptr, len); ++ return nb; ++} ++ + static void + xprt_set_caller(SVCXPRT *xprt, struct finfo *fi) + { ++ const struct netbuf *caller = fi->caller_addr; + u_int32_t *xidp; + +- *(svc_getrpccaller(xprt)) = *(fi->caller_addr); ++ __rpc_set_netbuf(svc_getrpccaller(xprt), caller->buf, caller->len); + xidp = __rpcb_get_dg_xidp(xprt); + *xidp = fi->caller_xid; + } +-- +2.6.4 + diff --git a/source/n/rpcbind/0003-handle_reply-Don-t-use-the-xp_auth-pointer-directly.patch b/source/n/rpcbind/0003-handle_reply-Don-t-use-the-xp_auth-pointer-directly.patch new file mode 100644 index 000000000..9aa64791a --- /dev/null +++ b/source/n/rpcbind/0003-handle_reply-Don-t-use-the-xp_auth-pointer-directly.patch @@ -0,0 +1,40 @@ +From 9194122389f2a56b1cd1f935e64307e2e963c2da Mon Sep 17 00:00:00 2001 +From: Steve Dickson <steved@redhat.com> +Date: Mon, 2 Nov 2015 17:05:18 -0500 +Subject: [PATCH 3/4] handle_reply: Don't use the xp_auth pointer directly + +In the latest libtirpc version to access the xp_auth +one must use the SVC_XP_AUTH macro. To be backwards +compatible a couple ifdefs were added to use the +macro when it exists. + +Signed-off-by: Steve Dickson <steved@redhat.com> +--- + src/rpcb_svc_com.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c +index 4ae93f1..22d6c84 100644 +--- a/src/rpcb_svc_com.c ++++ b/src/rpcb_svc_com.c +@@ -1295,10 +1295,17 @@ handle_reply(int fd, SVCXPRT *xprt) + a.rmt_localvers = fi->versnum; + + xprt_set_caller(xprt, fi); ++#if defined(SVC_XP_AUTH) ++ SVC_XP_AUTH(xprt) = svc_auth_none; ++#else + xprt->xp_auth = &svc_auth_none; ++#endif + svc_sendreply(xprt, (xdrproc_t) xdr_rmtcall_result, (char *) &a); ++#if !defined(SVC_XP_AUTH) + SVCAUTH_DESTROY(xprt->xp_auth); + xprt->xp_auth = NULL; ++#endif ++ + done: + if (buffer) + free(buffer); +-- +2.6.4 + diff --git a/source/n/rpcbind/0004-Delete-the-unix-socket-only-if-we-have-created-it.patch b/source/n/rpcbind/0004-Delete-the-unix-socket-only-if-we-have-created-it.patch new file mode 100644 index 000000000..c54d542e7 --- /dev/null +++ b/source/n/rpcbind/0004-Delete-the-unix-socket-only-if-we-have-created-it.patch @@ -0,0 +1,51 @@ +From 3a664b1b5a310df39bd0f325b0edb1deb31c2249 Mon Sep 17 00:00:00 2001 +From: Laurent Bigonville <bigon@bigon.be> +Date: Wed, 18 Nov 2015 14:34:26 -0500 +Subject: [PATCH 4/4] Delete the unix socket only if we have created it + +From: Laurent Bigonville <bigon@bigon.be> + +If systemd has created the unix socket on our behalf, we shouldn't try +to delete it. + +https://bugzilla.redhat.com/show_bug.cgi?id=1279076 + +Signed-off-by: Laurent Bigonville <bigon@bigon.be +Signed-off-by: Steve Dickson <steved@redhat.com> +--- + src/rpcbind.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/rpcbind.c b/src/rpcbind.c +index 045daa1..c4265cd 100644 +--- a/src/rpcbind.c ++++ b/src/rpcbind.c +@@ -87,6 +87,7 @@ static inline void __nss_configure_lookup(const char *db, const char *s) {} + int debugging = 0; /* Tell me what's going on */ + int doabort = 0; /* When debugging, do an abort on errors */ + int dofork = 1; /* fork? */ ++int createdsocket = 0; /* Did I create the socket or systemd did it for me? */ + + rpcblist_ptr list_rbl; /* A list of version 3/4 rpcbind services */ + +@@ -445,6 +446,7 @@ init_transport(struct netconfig *nconf) + memset(&sun, 0, sizeof sun); + sun.sun_family = AF_LOCAL; + unlink(_PATH_RPCBINDSOCK); ++ createdsocket = 1; /* We are now in the process of creating the unix socket */ + strcpy(sun.sun_path, _PATH_RPCBINDSOCK); + addrlen = SUN_LEN(&sun); + sa = (struct sockaddr *)&sun; +@@ -846,7 +848,8 @@ static void + terminate(int dummy /*__unused*/) + { + close(rpcbindlockfd); +- unlink(_PATH_RPCBINDSOCK); ++ if(createdsocket) ++ unlink(_PATH_RPCBINDSOCK); + unlink(RPCBINDDLOCK); + #ifdef WARMSTART + write_warmstart(); /* Dump yourself */ +-- +2.6.4 + diff --git a/source/n/rpcbind/01.rpcbind-manpage-statefile-explanation.patch b/source/n/rpcbind/01.rpcbind-manpage-statefile-explanation.patch new file mode 100644 index 000000000..946dd1bd1 --- /dev/null +++ b/source/n/rpcbind/01.rpcbind-manpage-statefile-explanation.patch @@ -0,0 +1,25 @@ +--- rpcbind-0.2.3/man/rpcbind.8 2015-04-27 16:07:43.000000000 +0200 ++++ rpcbind-0.2.3/man/rpcbind.8 2015-09-22 16:25:40.000000000 +0200 +@@ -132,11 +132,20 @@ + .It Fl w + Cause + .Nm +-to do a "warm start" by read a state file when ++to do a "warm start" by attempting to read *.xdr state files from the ++state directory ++.%T /var/state/rpcbind ++when + .Nm +-starts up. The state file is created when ++starts up. The state files are created when + .Nm + terminates. ++.Pp ++This allows for restarting ++.Nm ++without the need to restart all RPC services that have previously registered. ++The state file serves similar purpose like the file created/restored by ++pmap_dump and pmap_set utilities, distributed with old portmap server package. + .El + .Sh NOTES + All RPC servers must be restarted if diff --git a/source/n/rpcbind/doinst.sh b/source/n/rpcbind/doinst.sh new file mode 100644 index 000000000..5f7dfaf55 --- /dev/null +++ b/source/n/rpcbind/doinst.sh @@ -0,0 +1,24 @@ +config() { + NEW="$1" + OLD="`dirname $NEW`/`basename $NEW .new`" + # If there's no config file by that name, mv it over: + if [ ! -r $OLD ]; then + mv $NEW $OLD + elif [ "`cat $OLD | md5sum`" = "`cat $NEW | md5sum`" ]; then # toss the redundant copy + rm $NEW + fi + # Otherwise, we leave the .new copy for the admin to consider... +} + +preserve_perms() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + if [ -e $OLD ]; then + cp -a $OLD ${NEW}.incoming + cat $NEW > ${NEW}.incoming + mv ${NEW}.incoming $NEW + fi + config $NEW +} + +preserve_perms etc/rc.d/rc.rpc.new diff --git a/source/n/rpcbind/rc.rpc b/source/n/rpcbind/rc.rpc new file mode 100644 index 000000000..c850c5560 --- /dev/null +++ b/source/n/rpcbind/rc.rpc @@ -0,0 +1,64 @@ +#!/bin/sh +# rc.rpc: start/stop/restart RPC daemons needed to use NFS. +# +# You must run these daemons in order to mount NFS partitions +# (unless you use the mount option '-o nolock', which can +# corrupt files and is not generally recommended unless you +# are mounting the partition(s) as read-only). +# +# To run an NFS server, starting these is mandatory. +# + +rpc_start() { + if [ -x /sbin/rpcbind -a -x /sbin/rpc.statd ]; then + if ! ps axc | grep -q rpcbind ; then + echo "Starting RPC portmapper: /sbin/rpcbind -l $1" + /sbin/rpcbind -l $1 + fi + if ! ps axc | grep -q rpc.statd ; then + echo "Starting RPC NSM (Network Status Monitor): /sbin/rpc.statd" + /sbin/rpc.statd + fi + else + echo "WARNING: Cannot start RPC daemons needed for NFS. One or more of" + echo " these required daemons is not executable or is not present" + echo " on your system:" + echo + echo " /sbin/rpcbind or /sbin/rpc.statd" + echo + fi +} + +rpc_stop() { + killall rpc.statd 2> /dev/null + sleep 1 + killall rpcbind 2> /dev/null + sleep 1 + killall -9 rpc.statd 2> /dev/null # make sure :) + sleep 1 + killall -9 rpcbind 2> /dev/null # make sure :) + sleep 1 +} + +rpc_restart() { + rpc_stop + rpc_start +} + +case "$1" in +'start') + # Warm restart by default (see "man rpcbind" for details about the -w option) + rpc_start -w + ;; +'cold_start') # Start without -w option + rpc_start + ;; +'stop') + rpc_stop + ;; +'restart') + rpc_restart + ;; +*) + echo "usage $0 start|stop|restart" +esac diff --git a/source/n/rpcbind/rpcbind.SlackBuild b/source/n/rpcbind/rpcbind.SlackBuild new file mode 100755 index 000000000..d10f5852f --- /dev/null +++ b/source/n/rpcbind/rpcbind.SlackBuild @@ -0,0 +1,149 @@ +#!/bin/sh + +# Copyright 2015 Patrick J. Volkerding, Sebeka, Minnesota, USA +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + +PKGNAM=rpcbind +VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} +BUILD=${BUILD:-1} + +# Automatically determine the architecture we're building on: +if [ -z "$ARCH" ]; then + case "$(uname -m)" in + i?86) ARCH=i586 ;; + arm*) readelf /usr/bin/file -A | egrep -q "Tag_CPU.*[4,5]" && ARCH=arm || ARCH=armv7hl ;; + # Unless $ARCH is already set, use uname -m for all other archs: + *) ARCH=$(uname -m) ;; + esac + export ARCH +fi + +NUMJOBS=${NUMJOBS:-" -j7 "} + +if [ "$ARCH" = "i386" ]; then + SLKCFLAGS="-O2 -march=i386 -mcpu=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i586" ]; then + SLKCFLAGS="-O2 -march=i586 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "s390" ]; then + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +elif [ "$ARCH" = "armv7hl" ]; then + SLKCFLAGS="-O3 -march=armv7-a -mfpu=vfpv3-d16" + LIBDIRSUFFIX="" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +CWD=$(pwd) +TMP=${TMP:-/tmp} +PKG=$TMP/package-$PKGNAM + +rm -rf $PKG +mkdir -p $TMP $PKG + +cd $TMP +rm -rf $PKGNAM-$VERSION +tar xvf $CWD/$PKGNAM-$VERSION.tar.?z* || exit 1 +cd $PKGNAM-$VERSION || exit 1 + +zcat $CWD/0001-security.c-removed-warning.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/0002-Fix-memory-corruption-in-PMAP_CALLIT-code.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/0003-handle_reply-Don-t-use-the-xp_auth-pointer-directly.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/0004-Delete-the-unix-socket-only-if-we-have-created-it.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/01.rpcbind-manpage-statefile-explanation.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/rpcbind.lwrap.needs.lnsl.diff.gz | patch -p1 --verbose || exit 1 + +# This is needed after the patch above: +autoreconf -vif || exit 1 + +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \; + +# Configure: +CFLAGS="$SLKCFLAGS" \ +./configure \ + --prefix=/usr \ + --bindir=/sbin \ + --libdir=/lib${LIBDIRSUFFIX} \ + --sysconfdir=/etc \ + --mandir=/usr/man \ + --enable-libwrap \ + --enable-warmstarts \ + --with-statedir=/var/state/rpcbind \ + --with-rpcuser=bin \ + --with-nss-modules="files" \ + --without-systemdsystemunitdir \ + --build=$ARCH-slackware-linux || exit 1 + +# Build and install: +make $NUMJOBS || make || exit 1 +make install DESTDIR=$PKG || exit 1 + +# Make state directory: +mkdir -p $PKG/var/state/rpcbind +chown bin:root $PKG/var/state/rpcbind + +# Install init script: +mkdir -p $PKG/etc/rc.d +zcat $CWD/rc.rpc.gz > $PKG/etc/rc.d/rc.rpc.new + +# Strip binaries: +( cd $PKG + find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null + find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null +) + +# Add a documentation directory: +mkdir -p $PKG/usr/doc/${PKGNAM}-$VERSION +cp -a \ + AUTHORS COPYING* NEWS README* \ + $PKG/usr/doc/${PKGNAM}-$VERSION + +# Compress manual pages: +find $PKG/usr/man -type f -exec gzip -9 {} \; +for i in $( find $PKG/usr/man -type l ) ; do + ln -s $( readlink $i ).gz $i.gz + rm $i +done + +mkdir -p $PKG/install +zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh +cat $CWD/slack-desc > $PKG/install/slack-desc + +cd $PKG +/sbin/makepkg -l y -c n $TMP/$PKGNAM-$VERSION-$ARCH-$BUILD.txz + diff --git a/source/n/rpcbind/rpcbind.lwrap.needs.lnsl.diff b/source/n/rpcbind/rpcbind.lwrap.needs.lnsl.diff new file mode 100644 index 000000000..43f2bdf8f --- /dev/null +++ b/source/n/rpcbind/rpcbind.lwrap.needs.lnsl.diff @@ -0,0 +1,14 @@ +--- ./configure.ac.orig 2015-04-27 09:07:43.000000000 -0500 ++++ ./configure.ac 2015-12-14 13:34:54.592931654 -0600 +@@ -52,6 +52,11 @@ + fi + AM_CONDITIONAL(SYSTEMD, [test -n "$with_systemdsystemunitdir" -a "x$with_systemdsystemunitdir" != xno ]) + ++AC_SEARCH_LIBS(yp_get_default_domain, nsl) ++AC_MSG_CHECKING([for hosts_access in -lwrap]) ++saved_LIBS="$LIBS" ++LIBS="$saved_LIBS -lwrap" ++ + AS_IF([test x$enable_libwrap = xyes], [ + AC_CHECK_LIB([wrap], [hosts_access], , + AC_MSG_ERROR([libwrap support requested but unable to find libwrap])) diff --git a/source/n/rpcbind/slack-desc b/source/n/rpcbind/slack-desc new file mode 100644 index 000000000..70adeb78d --- /dev/null +++ b/source/n/rpcbind/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +rpcbind: rpcbind (a daemon to manage RPC connections) +rpcbind: +rpcbind: This is a network daemon used to manage connections to RPC services. +rpcbind: It is meant as a replacement for the 'rpc.portmap' server from the +rpcbind: 'portmap' package. Daemons that offer RPC services (such as the +rpcbind: daemons for NFS) tell the rpcbind on what port they listen. +rpcbind: RPC network port numbers may change each time the system is booted. +rpcbind: +rpcbind: This package is required to use NFS or other RPC services. +rpcbind: +rpcbind: Homepage: http://sourceforge.net/projects/rpcbind/ |