Date: Saturday, September 19, 2015 @ 18:59:00 Author: andyrtr Revision: 246666
archrelease: copy trunk to testing-i686, testing-x86_64 Added: rpcbind/repos/testing-i686/ rpcbind/repos/testing-i686/PKGBUILD (from rev 246665, rpcbind/trunk/PKGBUILD) rpcbind/repos/testing-i686/bug-940191.patch (from rev 246665, rpcbind/trunk/bug-940191.patch) rpcbind/repos/testing-i686/rpcbind-sunrpc.patch (from rev 246665, rpcbind/trunk/rpcbind-sunrpc.patch) rpcbind/repos/testing-i686/rpcbind.conf (from rev 246665, rpcbind/trunk/rpcbind.conf) rpcbind/repos/testing-i686/rpcbind.install (from rev 246665, rpcbind/trunk/rpcbind.install) rpcbind/repos/testing-i686/rpcbind.service (from rev 246665, rpcbind/trunk/rpcbind.service) rpcbind/repos/testing-i686/rpcbind.socket (from rev 246665, rpcbind/trunk/rpcbind.socket) rpcbind/repos/testing-x86_64/ rpcbind/repos/testing-x86_64/PKGBUILD (from rev 246665, rpcbind/trunk/PKGBUILD) rpcbind/repos/testing-x86_64/bug-940191.patch (from rev 246665, rpcbind/trunk/bug-940191.patch) rpcbind/repos/testing-x86_64/rpcbind-sunrpc.patch (from rev 246665, rpcbind/trunk/rpcbind-sunrpc.patch) rpcbind/repos/testing-x86_64/rpcbind.conf (from rev 246665, rpcbind/trunk/rpcbind.conf) rpcbind/repos/testing-x86_64/rpcbind.install (from rev 246665, rpcbind/trunk/rpcbind.install) rpcbind/repos/testing-x86_64/rpcbind.service (from rev 246665, rpcbind/trunk/rpcbind.service) rpcbind/repos/testing-x86_64/rpcbind.socket (from rev 246665, rpcbind/trunk/rpcbind.socket) -------------------------------------+ testing-i686/PKGBUILD | 66 ++++++++++++++++++++++++++++ testing-i686/bug-940191.patch | 80 ++++++++++++++++++++++++++++++++++ testing-i686/rpcbind-sunrpc.patch | 11 ++++ testing-i686/rpcbind.conf | 3 + testing-i686/rpcbind.install | 8 +++ testing-i686/rpcbind.service | 11 ++++ testing-i686/rpcbind.socket | 8 +++ testing-x86_64/PKGBUILD | 66 ++++++++++++++++++++++++++++ testing-x86_64/bug-940191.patch | 80 ++++++++++++++++++++++++++++++++++ testing-x86_64/rpcbind-sunrpc.patch | 11 ++++ testing-x86_64/rpcbind.conf | 3 + testing-x86_64/rpcbind.install | 8 +++ testing-x86_64/rpcbind.service | 11 ++++ testing-x86_64/rpcbind.socket | 8 +++ 14 files changed, 374 insertions(+) Copied: rpcbind/repos/testing-i686/PKGBUILD (from rev 246665, rpcbind/trunk/PKGBUILD) =================================================================== --- testing-i686/PKGBUILD (rev 0) +++ testing-i686/PKGBUILD 2015-09-19 16:59:00 UTC (rev 246666) @@ -0,0 +1,66 @@ +# $Id$ +# Maintainer: AndyRTR <andy...@archlinux.org> +# Maintainer: Tobias Powalowski <tp...@archlinux.org> + +pkgname=rpcbind +pkgver=0.2.3 +pkgrel=2 +pkgdesc="portmap replacement which supports RPC over various protocols" +arch=(i686 x86_64) +backup=('etc/conf.d/rpcbind') +makedepends=('systemd') +depends=('bash' 'glibc' 'libtirpc' 'libsystemd') +url="http://rpcbind.sourceforge.net" +license=('custom') +replaces=('portmap') +# see also http://git.infradead.org/users/steved/rpcbind.git +source=(http://downloads.sourceforge.net/sourceforge/$pkgname/$pkgname-$pkgver.tar.bz2 + bug-940191.patch + rpcbind-sunrpc.patch + rpcbind.service + rpcbind.socket + rpcbind.conf) +install=rpcbind.install +sha1sums=('e79974a99d09b6d6fff9d86bf00225dc33723ce2' + '717e2700510b1b40f452eddb929a7be00df4292b' + '1b997ce76f9727efc8c72fc5f97189591c9a60e2' + '3534c7bcdecebda90182fe2328a16137353cb1ad' + 'c52f8396cd05181b788fbdf74898730343c03c9a' + '08246ff18d12cee01e5c9391c6ba8f5597cac936') + +prepare() { + cd $srcdir/$pkgname-$pkgver + # patch for iana services file # FS#20273 + patch -Np1 -i ../rpcbind-sunrpc.patch + + # fix a memory corruption crash when remote scanning + # https://bugs.archlinux.org/task/46341 + # http://seclists.org/oss-sec/2015/q3/581 + patch -Np1 -i ../bug-940191.patch +} + +build() { + cd $srcdir/$pkgname-$pkgver + ./configure --prefix=/usr \ + --with-rpcuser=rpc \ + --enable-warmstarts \ + --with-statedir=/var/lib/rpcbind + make +} + +package() { + cd $srcdir/$pkgname-$pkgver + make DESTDIR=$pkgdir install + # install rpcbind config file + install -D -m644 $srcdir/rpcbind.conf $pkgdir/etc/conf.d/rpcbind + # install missing man page - https://bugs.archlinux.org/task/21271 + install -m644 man/rpcinfo.8 $pkgdir/usr/share/man/man8/ + # install systemd service file + install -D -m644 $srcdir/rpcbind.service $pkgdir/usr/lib/systemd/system/rpcbind.service + # install system socket activation + install -D -m644 $srcdir/rpcbind.socket $pkgdir/usr/lib/systemd/system/rpcbind.socket + # add state directory + install -d -m 700 -o 32 -g 32 $pkgdir/var/lib/rpcbind + # install license + install -D -m644 COPYING $pkgdir/usr/share/licenses/rpcbind/COPYING +} Copied: rpcbind/repos/testing-i686/bug-940191.patch (from rev 246665, rpcbind/trunk/bug-940191.patch) =================================================================== --- testing-i686/bug-940191.patch (rev 0) +++ testing-i686/bug-940191.patch 2015-09-19 16:59:00 UTC (rev 246666) @@ -0,0 +1,80 @@ +commit 06f7ebb1dade2f0dbf872ea2bedf17cff4734bdd +Author: Olaf Kirch <okir () suse de> +Date: Thu Aug 6 16:27:20 2015 +0200 + + Fix memory corruption in PMAP_CALLIT code + + - A PMAP_CALLIT call comes in on IPv4 UDP + - rpcbind duplicates the caller's address to a netbuf and stores it in + FINFO[0].caller_addr. caller_addr->buf now points to a memory region A + with a size of 16 bytes + - rpcbind forwards the call to the local service, receives a reply + - when processing the reply, it does this in xprt_set_caller: + xprt->xp_rtaddr = *FINFO[0].caller_addr + It sends out the reply, and then frees the netbuf caller_addr and + caller_addr.buf. + However, it does not clear xp_rtaddr, so xp_rtaddr.buf now refers + to memory region A, which is free. + - When the next call comes in on the UDP/IPv4 socket, svc_dg_recv will + be called, which will set xp_rtaddr to the client's address. + It will reuse the buffer inside xp_rtaddr, ie it will write a + sockaddr_in to region A + + Some time down the road, an incoming TCP connection is accepted, + allocating a fresh SVCXPRT. The memory region A is inside the + new SVCXPRT + + - While processing the TCP call, another UDP call comes in, again + overwriting region A with the client's address + - TCP client closes connection. In svc_destroy, we now trip over + the garbage left in region A + + We ran into the case where a commercial scanner was triggering + occasional rpcbind segfaults. The core file that was captured showed + a corrupted xprt->xp_netid pointer that was really a sockaddr_in. + + Signed-off-by: Olaf Kirch <okir () suse de> + +--- + src/rpcb_svc_com.c | 23 ++++++++++++++++++++++- + 1 file changed, 22 insertions(+), 1 deletion(-) + +Index: rpcbind-0.1.6+git20080930/src/rpcb_svc_com.c +=================================================================== +--- rpcbind-0.1.6+git20080930.orig/src/rpcb_svc_com.c ++++ rpcbind-0.1.6+git20080930/src/rpcb_svc_com.c +@@ -1298,12 +1298,33 @@ check_rmtcalls(struct pollfd *pfds, int + return (ncallbacks_found); + } + ++/* ++ * This is really a helper function defined in libtirpc, but unfortunately, it hasn't ++ * been exported yet. ++ */ ++static struct netbuf * ++__rpc_set_netbuf(struct netbuf *nb, const void *ptr, size_t len) ++{ ++ if (nb->len != len) { ++ if (nb->len) ++ mem_free(nb->buf, nb->len); ++ nb->buf = mem_alloc(len); ++ if (nb->buf == NULL) ++ return NULL; ++ ++ nb->maxlen = nb->len = len; ++ } ++ memcpy(nb->buf, ptr, len); ++ return nb; ++} ++ + static void + xprt_set_caller(SVCXPRT *xprt, struct finfo *fi) + { ++ const struct netbuf *caller = fi->caller_addr; + u_int32_t *xidp; + +- *(svc_getrpccaller(xprt)) = *(fi->caller_addr); ++ __rpc_set_netbuf(svc_getrpccaller(xprt), caller->buf, caller->len); + xidp = __rpcb_get_dg_xidp(xprt); + *xidp = fi->caller_xid; + } Copied: rpcbind/repos/testing-i686/rpcbind-sunrpc.patch (from rev 246665, rpcbind/trunk/rpcbind-sunrpc.patch) =================================================================== --- testing-i686/rpcbind-sunrpc.patch (rev 0) +++ testing-i686/rpcbind-sunrpc.patch 2015-09-19 16:59:00 UTC (rev 246666) @@ -0,0 +1,11 @@ +--- rpcbind-0.2.3/src/rpcbind.c 2015-04-27 16:07:43.000000000 +0200 ++++ rpcbind-0.2.3/src/rpcbind.c.new 2015-04-27 19:48:44.518124944 +0200 +@@ -132,7 +132,7 @@ + char *udp_uaddr; /* Universal UDP address */ + char *tcp_uaddr; /* Universal TCP address */ + #endif +-static char servname[] = "rpcbind"; ++static char servname[] = "sunrpc"; + static char superuser[] = "superuser"; + + int main __P((int, char *[])); Copied: rpcbind/repos/testing-i686/rpcbind.conf (from rev 246665, rpcbind/trunk/rpcbind.conf) =================================================================== --- testing-i686/rpcbind.conf (rev 0) +++ testing-i686/rpcbind.conf 2015-09-19 16:59:00 UTC (rev 246666) @@ -0,0 +1,3 @@ +# +# Optional arguments passed to rpcbind. See rpcbind(8) +RPCBIND_ARGS="" Copied: rpcbind/repos/testing-i686/rpcbind.install (from rev 246665, rpcbind/trunk/rpcbind.install) =================================================================== --- testing-i686/rpcbind.install (rev 0) +++ testing-i686/rpcbind.install 2015-09-19 16:59:00 UTC (rev 246666) @@ -0,0 +1,8 @@ +post_install() { + getent group rpc &>/dev/null || groupadd -r -g 32 rpc >/dev/null + getent passwd rpc &>/dev/null || useradd -r -u 32 -g rpc -d /dev/null -s /bin/false -c "Rpcbind Daemon" rpc >/dev/null +} + +post_upgrade() { + post_install +} Copied: rpcbind/repos/testing-i686/rpcbind.service (from rev 246665, rpcbind/trunk/rpcbind.service) =================================================================== --- testing-i686/rpcbind.service (rev 0) +++ testing-i686/rpcbind.service 2015-09-19 16:59:00 UTC (rev 246666) @@ -0,0 +1,11 @@ +[Unit] +Description=RPC bind service +Requires=rpcbind.socket + +[Service] +Type=forking +EnvironmentFile=/etc/conf.d/rpcbind +ExecStart=/usr/bin/rpcbind -w ${RPCBIND_ARGS} + +[Install] +Also=rpcbind.socket Copied: rpcbind/repos/testing-i686/rpcbind.socket (from rev 246665, rpcbind/trunk/rpcbind.socket) =================================================================== --- testing-i686/rpcbind.socket (rev 0) +++ testing-i686/rpcbind.socket 2015-09-19 16:59:00 UTC (rev 246666) @@ -0,0 +1,8 @@ +[Unit] +Description=RPCbind Server Activation Socket + +[Socket] +ListenStream=/var/run/rpcbind.sock + +[Install] +WantedBy=sockets.target Copied: rpcbind/repos/testing-x86_64/PKGBUILD (from rev 246665, rpcbind/trunk/PKGBUILD) =================================================================== --- testing-x86_64/PKGBUILD (rev 0) +++ testing-x86_64/PKGBUILD 2015-09-19 16:59:00 UTC (rev 246666) @@ -0,0 +1,66 @@ +# $Id$ +# Maintainer: AndyRTR <andy...@archlinux.org> +# Maintainer: Tobias Powalowski <tp...@archlinux.org> + +pkgname=rpcbind +pkgver=0.2.3 +pkgrel=2 +pkgdesc="portmap replacement which supports RPC over various protocols" +arch=(i686 x86_64) +backup=('etc/conf.d/rpcbind') +makedepends=('systemd') +depends=('bash' 'glibc' 'libtirpc' 'libsystemd') +url="http://rpcbind.sourceforge.net" +license=('custom') +replaces=('portmap') +# see also http://git.infradead.org/users/steved/rpcbind.git +source=(http://downloads.sourceforge.net/sourceforge/$pkgname/$pkgname-$pkgver.tar.bz2 + bug-940191.patch + rpcbind-sunrpc.patch + rpcbind.service + rpcbind.socket + rpcbind.conf) +install=rpcbind.install +sha1sums=('e79974a99d09b6d6fff9d86bf00225dc33723ce2' + '717e2700510b1b40f452eddb929a7be00df4292b' + '1b997ce76f9727efc8c72fc5f97189591c9a60e2' + '3534c7bcdecebda90182fe2328a16137353cb1ad' + 'c52f8396cd05181b788fbdf74898730343c03c9a' + '08246ff18d12cee01e5c9391c6ba8f5597cac936') + +prepare() { + cd $srcdir/$pkgname-$pkgver + # patch for iana services file # FS#20273 + patch -Np1 -i ../rpcbind-sunrpc.patch + + # fix a memory corruption crash when remote scanning + # https://bugs.archlinux.org/task/46341 + # http://seclists.org/oss-sec/2015/q3/581 + patch -Np1 -i ../bug-940191.patch +} + +build() { + cd $srcdir/$pkgname-$pkgver + ./configure --prefix=/usr \ + --with-rpcuser=rpc \ + --enable-warmstarts \ + --with-statedir=/var/lib/rpcbind + make +} + +package() { + cd $srcdir/$pkgname-$pkgver + make DESTDIR=$pkgdir install + # install rpcbind config file + install -D -m644 $srcdir/rpcbind.conf $pkgdir/etc/conf.d/rpcbind + # install missing man page - https://bugs.archlinux.org/task/21271 + install -m644 man/rpcinfo.8 $pkgdir/usr/share/man/man8/ + # install systemd service file + install -D -m644 $srcdir/rpcbind.service $pkgdir/usr/lib/systemd/system/rpcbind.service + # install system socket activation + install -D -m644 $srcdir/rpcbind.socket $pkgdir/usr/lib/systemd/system/rpcbind.socket + # add state directory + install -d -m 700 -o 32 -g 32 $pkgdir/var/lib/rpcbind + # install license + install -D -m644 COPYING $pkgdir/usr/share/licenses/rpcbind/COPYING +} Copied: rpcbind/repos/testing-x86_64/bug-940191.patch (from rev 246665, rpcbind/trunk/bug-940191.patch) =================================================================== --- testing-x86_64/bug-940191.patch (rev 0) +++ testing-x86_64/bug-940191.patch 2015-09-19 16:59:00 UTC (rev 246666) @@ -0,0 +1,80 @@ +commit 06f7ebb1dade2f0dbf872ea2bedf17cff4734bdd +Author: Olaf Kirch <okir () suse de> +Date: Thu Aug 6 16:27:20 2015 +0200 + + Fix memory corruption in PMAP_CALLIT code + + - A PMAP_CALLIT call comes in on IPv4 UDP + - rpcbind duplicates the caller's address to a netbuf and stores it in + FINFO[0].caller_addr. caller_addr->buf now points to a memory region A + with a size of 16 bytes + - rpcbind forwards the call to the local service, receives a reply + - when processing the reply, it does this in xprt_set_caller: + xprt->xp_rtaddr = *FINFO[0].caller_addr + It sends out the reply, and then frees the netbuf caller_addr and + caller_addr.buf. + However, it does not clear xp_rtaddr, so xp_rtaddr.buf now refers + to memory region A, which is free. + - When the next call comes in on the UDP/IPv4 socket, svc_dg_recv will + be called, which will set xp_rtaddr to the client's address. + It will reuse the buffer inside xp_rtaddr, ie it will write a + sockaddr_in to region A + + Some time down the road, an incoming TCP connection is accepted, + allocating a fresh SVCXPRT. The memory region A is inside the + new SVCXPRT + + - While processing the TCP call, another UDP call comes in, again + overwriting region A with the client's address + - TCP client closes connection. In svc_destroy, we now trip over + the garbage left in region A + + We ran into the case where a commercial scanner was triggering + occasional rpcbind segfaults. The core file that was captured showed + a corrupted xprt->xp_netid pointer that was really a sockaddr_in. + + Signed-off-by: Olaf Kirch <okir () suse de> + +--- + src/rpcb_svc_com.c | 23 ++++++++++++++++++++++- + 1 file changed, 22 insertions(+), 1 deletion(-) + +Index: rpcbind-0.1.6+git20080930/src/rpcb_svc_com.c +=================================================================== +--- rpcbind-0.1.6+git20080930.orig/src/rpcb_svc_com.c ++++ rpcbind-0.1.6+git20080930/src/rpcb_svc_com.c +@@ -1298,12 +1298,33 @@ check_rmtcalls(struct pollfd *pfds, int + return (ncallbacks_found); + } + ++/* ++ * This is really a helper function defined in libtirpc, but unfortunately, it hasn't ++ * been exported yet. ++ */ ++static struct netbuf * ++__rpc_set_netbuf(struct netbuf *nb, const void *ptr, size_t len) ++{ ++ if (nb->len != len) { ++ if (nb->len) ++ mem_free(nb->buf, nb->len); ++ nb->buf = mem_alloc(len); ++ if (nb->buf == NULL) ++ return NULL; ++ ++ nb->maxlen = nb->len = len; ++ } ++ memcpy(nb->buf, ptr, len); ++ return nb; ++} ++ + static void + xprt_set_caller(SVCXPRT *xprt, struct finfo *fi) + { ++ const struct netbuf *caller = fi->caller_addr; + u_int32_t *xidp; + +- *(svc_getrpccaller(xprt)) = *(fi->caller_addr); ++ __rpc_set_netbuf(svc_getrpccaller(xprt), caller->buf, caller->len); + xidp = __rpcb_get_dg_xidp(xprt); + *xidp = fi->caller_xid; + } Copied: rpcbind/repos/testing-x86_64/rpcbind-sunrpc.patch (from rev 246665, rpcbind/trunk/rpcbind-sunrpc.patch) =================================================================== --- testing-x86_64/rpcbind-sunrpc.patch (rev 0) +++ testing-x86_64/rpcbind-sunrpc.patch 2015-09-19 16:59:00 UTC (rev 246666) @@ -0,0 +1,11 @@ +--- rpcbind-0.2.3/src/rpcbind.c 2015-04-27 16:07:43.000000000 +0200 ++++ rpcbind-0.2.3/src/rpcbind.c.new 2015-04-27 19:48:44.518124944 +0200 +@@ -132,7 +132,7 @@ + char *udp_uaddr; /* Universal UDP address */ + char *tcp_uaddr; /* Universal TCP address */ + #endif +-static char servname[] = "rpcbind"; ++static char servname[] = "sunrpc"; + static char superuser[] = "superuser"; + + int main __P((int, char *[])); Copied: rpcbind/repos/testing-x86_64/rpcbind.conf (from rev 246665, rpcbind/trunk/rpcbind.conf) =================================================================== --- testing-x86_64/rpcbind.conf (rev 0) +++ testing-x86_64/rpcbind.conf 2015-09-19 16:59:00 UTC (rev 246666) @@ -0,0 +1,3 @@ +# +# Optional arguments passed to rpcbind. See rpcbind(8) +RPCBIND_ARGS="" Copied: rpcbind/repos/testing-x86_64/rpcbind.install (from rev 246665, rpcbind/trunk/rpcbind.install) =================================================================== --- testing-x86_64/rpcbind.install (rev 0) +++ testing-x86_64/rpcbind.install 2015-09-19 16:59:00 UTC (rev 246666) @@ -0,0 +1,8 @@ +post_install() { + getent group rpc &>/dev/null || groupadd -r -g 32 rpc >/dev/null + getent passwd rpc &>/dev/null || useradd -r -u 32 -g rpc -d /dev/null -s /bin/false -c "Rpcbind Daemon" rpc >/dev/null +} + +post_upgrade() { + post_install +} Copied: rpcbind/repos/testing-x86_64/rpcbind.service (from rev 246665, rpcbind/trunk/rpcbind.service) =================================================================== --- testing-x86_64/rpcbind.service (rev 0) +++ testing-x86_64/rpcbind.service 2015-09-19 16:59:00 UTC (rev 246666) @@ -0,0 +1,11 @@ +[Unit] +Description=RPC bind service +Requires=rpcbind.socket + +[Service] +Type=forking +EnvironmentFile=/etc/conf.d/rpcbind +ExecStart=/usr/bin/rpcbind -w ${RPCBIND_ARGS} + +[Install] +Also=rpcbind.socket Copied: rpcbind/repos/testing-x86_64/rpcbind.socket (from rev 246665, rpcbind/trunk/rpcbind.socket) =================================================================== --- testing-x86_64/rpcbind.socket (rev 0) +++ testing-x86_64/rpcbind.socket 2015-09-19 16:59:00 UTC (rev 246666) @@ -0,0 +1,8 @@ +[Unit] +Description=RPCbind Server Activation Socket + +[Socket] +ListenStream=/var/run/rpcbind.sock + +[Install] +WantedBy=sockets.target