Author: ken
Date: Tue May 30 17:07:31 2017
New Revision: 18771
Log:
Patch libtirpc and rpcbind for CVE-2017-8779.
Modified:
trunk/BOOK/general.ent
trunk/BOOK/introduction/welcome/changelog.xml
trunk/BOOK/networking/netlibs/libtirpc.xml
trunk/BOOK/networking/netprogs/rpcbind.xml
Modified: trunk/BOOK/general.ent
==============================================================================
--- trunk/BOOK/general.ent Mon May 29 19:36:39 2017 (r18770)
+++ trunk/BOOK/general.ent Tue May 30 17:07:31 2017 (r18771)
@@ -1,12 +1,12 @@
<!-- $LastChangedBy$ $Date$ -->
-<!ENTITY day "28"> <!-- Always 2 digits -->
+<!ENTITY day "30"> <!-- Always 2 digits -->
<!ENTITY month "05"> <!-- Always 2 digits -->
<!ENTITY year "2017">
<!ENTITY copyrightdate "2001-&year;">
<!ENTITY copyholder "The BLFS Development Team">
<!ENTITY version "&year;-&month;-&day;">
-<!ENTITY releasedate "May 28th &year;">
+<!ENTITY releasedate "May 30th &year;">
<!ENTITY pubdate "&year;-&month;-&day;"> <!-- metadata req. by TLDP -->
<!ENTITY blfs-version "svn"> <!-- svn|[release #] -->
<!ENTITY lfs-version "development"> <!-- x.y|development -->
Modified: trunk/BOOK/introduction/welcome/changelog.xml
==============================================================================
--- trunk/BOOK/introduction/welcome/changelog.xml Mon May 29 19:36:39
2017 (r18770)
+++ trunk/BOOK/introduction/welcome/changelog.xml Tue May 30 17:07:31
2017 (r18771)
@@ -42,6 +42,17 @@
</listitem>
-->
<listitem>
+ <para>May 30th, 2017</para>
+ <itemizedlist>
+ <listitem>
+ <para>[ken] - Patch rpcbind and libtirpc for the so-called rpcbomb
+ vulnerability. Fixes
+ <ulink url="&blfs-ticket-root;9284">#9284</ulink>.</para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+
+ <listitem>
<para>May 28th, 2017</para>
<itemizedlist>
<listitem>
Modified: trunk/BOOK/networking/netlibs/libtirpc.xml
==============================================================================
--- trunk/BOOK/networking/netlibs/libtirpc.xml Mon May 29 19:36:39 2017
(r18770)
+++ trunk/BOOK/networking/netlibs/libtirpc.xml Tue May 30 17:07:31 2017
(r18771)
@@ -72,6 +72,16 @@
</listitem>
</itemizedlist>
+ <bridgehead renderas="sect3">Additional Downloads</bridgehead>
+ <itemizedlist spacing="compact">
+ <listitem>
+ <para>
+ Required patch:
+ <ulink
url="&patch-root;/libtirpc-&libtirpc-version;-vulnerability_fixes-1.patch"/>
+ </para>
+ </listitem>
+ </itemizedlist>
+
<bridgehead renderas="sect3">libtirpc Dependencies</bridgehead>
<bridgehead renderas="sect4">Optional</bridgehead>
@@ -95,10 +105,12 @@
commands:
</para>
-<screen><userinput>./configure --prefix=/usr \
- --sysconfdir=/etc \
- --disable-static \
- --disable-gssapi &&
+<screen><userinput>
+patch -Np1 -i ../libtirpc-&libtirpc-version;-vulnerability_fixes-1.patch
&&
+./configure --prefix=/usr \
+ --sysconfdir=/etc \
+ --disable-static \
+ --disable-gssapi &&
make</userinput></screen>
<para>
Modified: trunk/BOOK/networking/netprogs/rpcbind.xml
==============================================================================
--- trunk/BOOK/networking/netprogs/rpcbind.xml Mon May 29 19:36:39 2017
(r18770)
+++ trunk/BOOK/networking/netprogs/rpcbind.xml Tue May 30 17:07:31 2017
(r18771)
@@ -56,17 +56,17 @@
<para>Estimated build time: &rpcbind-time;</para>
</listitem>
</itemizedlist>
-<!--
+
<bridgehead renderas="sect3">Additional Downloads</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>
Required patch:
- <ulink
url="&patch-root;/rpcbind-&rpcbind-version;-tirpc_fix-1.patch"/>
+ <ulink
url="&patch-root;/rpcbind-&rpcbind-version;-vulnerability_fixes-1.patch"/>
</para>
</listitem>
</itemizedlist>
--->
+
<bridgehead renderas="sect3">rpcbind Dependencies</bridgehead>
<bridgehead renderas="sect4">Required</bridgehead>
@@ -102,17 +102,21 @@
<para>Install <application>rpcbind</application> by running the following
commands:</para>
-<screen revision="sysv"><userinput>./configure --prefix=/usr \
- --bindir=/sbin \
- --with-rpcuser=root \
- --enable-warmstarts \
- --without-systemdsystemunitdir &&
+<screen revision="sysv"><userinput>patch -Np1 -i
../rpcbind-&rpcbind-version;-vulnerability_fixes-1.patch &&
+./configure --prefix=/usr \
+ --bindir=/sbin \
+ --with-rpcuser=root \
+ --enable-warmstarts \
+ --without-systemdsystemunitdir &&
make</userinput></screen>
-<screen revision="systemd"><userinput>./configure --prefix=/usr \
- --bindir=/sbin \
- --enable-warmstarts \
- --with-rpcuser=rpc &&
+<screen revision="systemd">
+<userinput>
+patch -Np1 -i ../rpcbind-&rpcbind-version;-vulnerability_fixes-1.patch
&&
+ ./configure --prefix=/usr \
+ --bindir=/sbin \
+ --enable-warmstarts \
+ --with-rpcuser=rpc &&
make</userinput></screen>
<para>This package does not come with a test suite.</para>
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
