guix_mirror_bot pushed a commit to branch misc-world-rebuild in repository guix.
commit 3605e066553a3554674633654fe4658b544704f1 Author: Yelninei <[email protected]> AuthorDate: Tue May 19 15:18:45 2026 +0000 gnu: libtirpc: Update to 1.3.7. * gnu/packages/patches/libtirpc-hurd.patch: Refresh patch. * gnu/packages/patches/libtirpc-CVE-2021-46828.patch: Delete patch. * gnu/local.mk (dist_patch_DATA): Deregister it. * gnu/packages/onc-rpc.scm (libtirpc): Update to 1.3.7. [source]<patches>: Remove the deleted patch. Change-Id: I2fb7acc4a053ef40f2f69e045d156bee3d87ce3d References: https://codeberg.org/guix/guix/pulls/8718 Signed-off-by: Nguyễn Gia Phong <[email protected]> --- gnu/local.mk | 1 - gnu/packages/onc-rpc.scm | 7 +- gnu/packages/patches/libtirpc-CVE-2021-46828.patch | 567 --------------------- gnu/packages/patches/libtirpc-hurd.patch | 154 ++++-- 4 files changed, 114 insertions(+), 615 deletions(-) diff --git a/gnu/local.mk b/gnu/local.mk index 82a45b613e..20dbc8cd3a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1831,7 +1831,6 @@ dist_patch_DATA = \ %D%/packages/patches/libtgvoip-disable-webrtc.patch \ %D%/packages/patches/libtheora-config-guess.patch \ %D%/packages/patches/libtiff-CVE-2022-34526.patch \ - %D%/packages/patches/libtirpc-CVE-2021-46828.patch \ %D%/packages/patches/libtirpc-hurd.patch \ %D%/packages/patches/libtool-grep-compat.patch \ %D%/packages/patches/libtool-skip-tests2.patch \ diff --git a/gnu/packages/onc-rpc.scm b/gnu/packages/onc-rpc.scm index 51c9c0b30f..f6625933fc 100644 --- a/gnu/packages/onc-rpc.scm +++ b/gnu/packages/onc-rpc.scm @@ -40,17 +40,16 @@ (define-public libtirpc (package (name "libtirpc") - (version "1.3.1") + (version "1.3.7") (source (origin (method url-fetch) (uri (string-append "mirror://sourceforge/libtirpc/libtirpc/" version "/libtirpc-" version ".tar.bz2")) - (patches (search-patches "libtirpc-hurd.patch" - "libtirpc-CVE-2021-46828.patch")) + (patches (search-patches "libtirpc-hurd.patch")) (sha256 (base32 - "05zf16ilwwkzv4cccaac32nssrj3rg444n9pskiwbgk6y359an14")))) + "00n7cq5dggfknvyqr193c5qxlx0681n9l0fh0m5faj9mkp0klzdl")))) (build-system gnu-build-system) (arguments (list diff --git a/gnu/packages/patches/libtirpc-CVE-2021-46828.patch b/gnu/packages/patches/libtirpc-CVE-2021-46828.patch deleted file mode 100644 index d7ecbd239d..0000000000 --- a/gnu/packages/patches/libtirpc-CVE-2021-46828.patch +++ /dev/null @@ -1,567 +0,0 @@ -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46828 -https://nvd.nist.gov/vuln/detail/CVE-2021-46828 - -http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=86529758570cef4c73fb9b9c4104fdc510f701ed - -From 86529758570cef4c73fb9b9c4104fdc510f701ed Mon Sep 17 00:00:00 2001 -From: Dai Ngo <[email protected]> -Date: Sat, 21 Aug 2021 13:16:23 -0400 -Subject: [PATCH] Fix DoS vulnerability in libtirpc - -Currently svc_run does not handle poll timeout and rendezvous_request -does not handle EMFILE error returned from accept(2 as it used to. -These two missing functionality were removed by commit b2c9430f46c4. - -The effect of not handling poll timeout allows idle TCP conections -to remain ESTABLISHED indefinitely. When the number of connections -reaches the limit of the open file descriptors (ulimit -n) then -accept(2) fails with EMFILE. Since there is no handling of EMFILE -error this causes svc_run() to get in a tight loop calling accept(2). -This resulting in the RPC service of svc_run is being down, it's -no longer able to service any requests. - -RPC service rpcbind, statd and mountd are effected by this -problem. - -Fix by enhancing rendezvous_request to keep the number of -SVCXPRT conections to 4/5 of the size of the file descriptor -table. When this thresold is reached, it destroys the idle -TCP connections or destroys the least active connection if -no idle connnction was found. - -Fixes: 44bf15b8 rpcbind: don't use obsolete svc_fdset interface of libtirpc -Signed-off-by: [email protected] -Signed-off-by: Steve Dickson <[email protected]> ---- - INSTALL | 371 +---------------------------------------------------------- - src/svc.c | 17 ++- - src/svc_vc.c | 62 +++++++++- - 3 files changed, 78 insertions(+), 372 deletions(-) - mode change 100644 => 120000 INSTALL - -diff --git a/INSTALL b/INSTALL -deleted file mode 100644 -index 2099840..0000000 ---- a/INSTALL -+++ /dev/null -@@ -1,370 +0,0 @@ --Installation Instructions --************************* -- --Copyright (C) 1994-1996, 1999-2002, 2004-2013 Free Software Foundation, --Inc. -- -- Copying and distribution of this file, with or without modification, --are permitted in any medium without royalty provided the copyright --notice and this notice are preserved. This file is offered as-is, --without warranty of any kind. -- --Basic Installation --================== -- -- Briefly, the shell command `./configure && make && make install' --should configure, build, and install this package. The following --more-detailed instructions are generic; see the `README' file for --instructions specific to this package. Some packages provide this --`INSTALL' file but do not implement all of the features documented --below. The lack of an optional feature in a given package is not --necessarily a bug. More recommendations for GNU packages can be found --in *note Makefile Conventions: (standards)Makefile Conventions. -- -- The `configure' shell script attempts to guess correct values for --various system-dependent variables used during compilation. It uses --those values to create a `Makefile' in each directory of the package. --It may also create one or more `.h' files containing system-dependent --definitions. Finally, it creates a shell script `config.status' that --you can run in the future to recreate the current configuration, and a --file `config.log' containing compiler output (useful mainly for --debugging `configure'). -- -- It can also use an optional file (typically called `config.cache' --and enabled with `--cache-file=config.cache' or simply `-C') that saves --the results of its tests to speed up reconfiguring. Caching is --disabled by default to prevent problems with accidental use of stale --cache files. -- -- If you need to do unusual things to compile the package, please try --to figure out how `configure' could check whether to do them, and mail --diffs or instructions to the address given in the `README' so they can --be considered for the next release. If you are using the cache, and at --some point `config.cache' contains results you don't want to keep, you --may remove or edit it. -- -- The file `configure.ac' (or `configure.in') is used to create --`configure' by a program called `autoconf'. You need `configure.ac' if --you want to change it or regenerate `configure' using a newer version --of `autoconf'. -- -- The simplest way to compile this package is: -- -- 1. `cd' to the directory containing the package's source code and type -- `./configure' to configure the package for your system. -- -- Running `configure' might take a while. While running, it prints -- some messages telling which features it is checking for. -- -- 2. Type `make' to compile the package. -- -- 3. Optionally, type `make check' to run any self-tests that come with -- the package, generally using the just-built uninstalled binaries. -- -- 4. Type `make install' to install the programs and any data files and -- documentation. When installing into a prefix owned by root, it is -- recommended that the package be configured and built as a regular -- user, and only the `make install' phase executed with root -- privileges. -- -- 5. Optionally, type `make installcheck' to repeat any self-tests, but -- this time using the binaries in their final installed location. -- This target does not install anything. Running this target as a -- regular user, particularly if the prior `make install' required -- root privileges, verifies that the installation completed -- correctly. -- -- 6. You can remove the program binaries and object files from the -- source code directory by typing `make clean'. To also remove the -- files that `configure' created (so you can compile the package for -- a different kind of computer), type `make distclean'. There is -- also a `make maintainer-clean' target, but that is intended mainly -- for the package's developers. If you use it, you may have to get -- all sorts of other programs in order to regenerate files that came -- with the distribution. -- -- 7. Often, you can also type `make uninstall' to remove the installed -- files again. In practice, not all packages have tested that -- uninstallation works correctly, even though it is required by the -- GNU Coding Standards. -- -- 8. Some packages, particularly those that use Automake, provide `make -- distcheck', which can by used by developers to test that all other -- targets like `make install' and `make uninstall' work correctly. -- This target is generally not run by end users. -- --Compilers and Options --===================== -- -- Some systems require unusual options for compilation or linking that --the `configure' script does not know about. Run `./configure --help' --for details on some of the pertinent environment variables. -- -- You can give `configure' initial values for configuration parameters --by setting variables in the command line or in the environment. Here --is an example: -- -- ./configure CC=c99 CFLAGS=-g LIBS=-lposix -- -- *Note Defining Variables::, for more details. -- --Compiling For Multiple Architectures --==================================== -- -- You can compile the package for more than one kind of computer at the --same time, by placing the object files for each architecture in their --own directory. To do this, you can use GNU `make'. `cd' to the --directory where you want the object files and executables to go and run --the `configure' script. `configure' automatically checks for the --source code in the directory that `configure' is in and in `..'. This --is known as a "VPATH" build. -- -- With a non-GNU `make', it is safer to compile the package for one --architecture at a time in the source code directory. After you have --installed the package for one architecture, use `make distclean' before --reconfiguring for another architecture. -- -- On MacOS X 10.5 and later systems, you can create libraries and --executables that work on multiple system types--known as "fat" or --"universal" binaries--by specifying multiple `-arch' options to the --compiler but only a single `-arch' option to the preprocessor. Like --this: -- -- ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ -- CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ -- CPP="gcc -E" CXXCPP="g++ -E" -- -- This is not guaranteed to produce working output in all cases, you --may have to build one architecture at a time and combine the results --using the `lipo' tool if you have problems. -- --Installation Names --================== -- -- By default, `make install' installs the package's commands under --`/usr/local/bin', include files under `/usr/local/include', etc. You --can specify an installation prefix other than `/usr/local' by giving --`configure' the option `--prefix=PREFIX', where PREFIX must be an --absolute file name. -- -- You can specify separate installation prefixes for --architecture-specific files and architecture-independent files. If you --pass the option `--exec-prefix=PREFIX' to `configure', the package uses --PREFIX as the prefix for installing programs and libraries. --Documentation and other data files still use the regular prefix. -- -- In addition, if you use an unusual directory layout you can give --options like `--bindir=DIR' to specify different values for particular --kinds of files. Run `configure --help' for a list of the directories --you can set and what kinds of files go in them. In general, the --default for these options is expressed in terms of `${prefix}', so that --specifying just `--prefix' will affect all of the other directory --specifications that were not explicitly provided. -- -- The most portable way to affect installation locations is to pass the --correct locations to `configure'; however, many packages provide one or --both of the following shortcuts of passing variable assignments to the --`make install' command line to change installation locations without --having to reconfigure or recompile. -- -- The first method involves providing an override variable for each --affected directory. For example, `make install --prefix=/alternate/directory' will choose an alternate location for all --directory configuration variables that were expressed in terms of --`${prefix}'. Any directories that were specified during `configure', --but not in terms of `${prefix}', must each be overridden at install --time for the entire installation to be relocated. The approach of --makefile variable overrides for each directory variable is required by --the GNU Coding Standards, and ideally causes no recompilation. --However, some platforms have known limitations with the semantics of --shared libraries that end up requiring recompilation when using this --method, particularly noticeable in packages that use GNU Libtool. -- -- The second method involves providing the `DESTDIR' variable. For --example, `make install DESTDIR=/alternate/directory' will prepend --`/alternate/directory' before all installation names. The approach of --`DESTDIR' overrides is not required by the GNU Coding Standards, and --does not work on platforms that have drive letters. On the other hand, --it does better at avoiding recompilation issues, and works well even --when some directory options were not specified in terms of `${prefix}' --at `configure' time. -- --Optional Features --================= -- -- If the package supports it, you can cause programs to be installed --with an extra prefix or suffix on their names by giving `configure' the --option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. -- -- Some packages pay attention to `--enable-FEATURE' options to --`configure', where FEATURE indicates an optional part of the package. --They may also pay attention to `--with-PACKAGE' options, where PACKAGE --is something like `gnu-as' or `x' (for the X Window System). The --`README' should mention any `--enable-' and `--with-' options that the --package recognizes. -- -- For packages that use the X Window System, `configure' can usually --find the X include and library files automatically, but if it doesn't, --you can use the `configure' options `--x-includes=DIR' and --`--x-libraries=DIR' to specify their locations. -- -- Some packages offer the ability to configure how verbose the --execution of `make' will be. For these packages, running `./configure ----enable-silent-rules' sets the default to minimal output, which can be --overridden with `make V=1'; while running `./configure ----disable-silent-rules' sets the default to verbose, which can be --overridden with `make V=0'. -- --Particular systems --================== -- -- On HP-UX, the default C compiler is not ANSI C compatible. If GNU --CC is not installed, it is recommended to use the following options in --order to use an ANSI C compiler: -- -- ./configure CC="cc -Ae -D_XOPEN_SOURCE=500" -- --and if that doesn't work, install pre-built binaries of GCC for HP-UX. -- -- HP-UX `make' updates targets which have the same time stamps as --their prerequisites, which makes it generally unusable when shipped --generated files such as `configure' are involved. Use GNU `make' --instead. -- -- On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot --parse its `<wchar.h>' header file. The option `-nodtk' can be used as --a workaround. If GNU CC is not installed, it is therefore recommended --to try -- -- ./configure CC="cc" -- --and if that doesn't work, try -- -- ./configure CC="cc -nodtk" -- -- On Solaris, don't put `/usr/ucb' early in your `PATH'. This --directory contains several dysfunctional programs; working variants of --these programs are available in `/usr/bin'. So, if you need `/usr/ucb' --in your `PATH', put it _after_ `/usr/bin'. -- -- On Haiku, software installed for all users goes in `/boot/common', --not `/usr/local'. It is recommended to use the following options: -- -- ./configure --prefix=/boot/common -- --Specifying the System Type --========================== -- -- There may be some features `configure' cannot figure out --automatically, but needs to determine by the type of machine the package --will run on. Usually, assuming the package is built to be run on the --_same_ architectures, `configure' can figure that out, but if it prints --a message saying it cannot guess the machine type, give it the --`--build=TYPE' option. TYPE can either be a short name for the system --type, such as `sun4', or a canonical name which has the form: -- -- CPU-COMPANY-SYSTEM -- --where SYSTEM can have one of these forms: -- -- OS -- KERNEL-OS -- -- See the file `config.sub' for the possible values of each field. If --`config.sub' isn't included in this package, then this package doesn't --need to know the machine type. -- -- If you are _building_ compiler tools for cross-compiling, you should --use the option `--target=TYPE' to select the type of system they will --produce code for. -- -- If you want to _use_ a cross compiler, that generates code for a --platform different from the build platform, you should specify the --"host" platform (i.e., that on which the generated programs will --eventually be run) with `--host=TYPE'. -- --Sharing Defaults --================ -- -- If you want to set default values for `configure' scripts to share, --you can create a site shell script called `config.site' that gives --default values for variables like `CC', `cache_file', and `prefix'. --`configure' looks for `PREFIX/share/config.site' if it exists, then --`PREFIX/etc/config.site' if it exists. Or, you can set the --`CONFIG_SITE' environment variable to the location of the site script. --A warning: not all `configure' scripts look for a site script. -- --Defining Variables --================== -- -- Variables not defined in a site shell script can be set in the --environment passed to `configure'. However, some packages may run --configure again during the build, and the customized values of these --variables may be lost. In order to avoid this problem, you should set --them in the `configure' command line, using `VAR=value'. For example: -- -- ./configure CC=/usr/local2/bin/gcc -- --causes the specified `gcc' to be used as the C compiler (unless it is --overridden in the site shell script). -- --Unfortunately, this technique does not work for `CONFIG_SHELL' due to --an Autoconf limitation. Until the limitation is lifted, you can use --this workaround: -- -- CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash -- --`configure' Invocation --====================== -- -- `configure' recognizes the following options to control how it --operates. -- --`--help' --`-h' -- Print a summary of all of the options to `configure', and exit. -- --`--help=short' --`--help=recursive' -- Print a summary of the options unique to this package's -- `configure', and exit. The `short' variant lists options used -- only in the top level, while the `recursive' variant lists options -- also present in any nested packages. -- --`--version' --`-V' -- Print the version of Autoconf used to generate the `configure' -- script, and exit. -- --`--cache-file=FILE' -- Enable the cache: use and save the results of the tests in FILE, -- traditionally `config.cache'. FILE defaults to `/dev/null' to -- disable caching. -- --`--config-cache' --`-C' -- Alias for `--cache-file=config.cache'. -- --`--quiet' --`--silent' --`-q' -- Do not print messages saying which checks are being made. To -- suppress all normal output, redirect it to `/dev/null' (any error -- messages will still be shown). -- --`--srcdir=DIR' -- Look for the package's source code in directory DIR. Usually -- `configure' can determine that directory automatically. -- --`--prefix=DIR' -- Use DIR as the installation prefix. *note Installation Names:: -- for more details, including other options available for fine-tuning -- the installation locations. -- --`--no-create' --`-n' -- Run the configure checks, but stop before creating any output -- files. -- --`configure' also accepts some other, not widely useful, options. Run --`configure --help' for more details. -diff --git a/INSTALL b/INSTALL -new file mode 120000 -index 0000000..e3f22c0 ---- /dev/null -+++ b/INSTALL -@@ -0,0 +1 @@ -+/usr/share/automake-1.16/INSTALL -\ No newline at end of file -diff --git a/src/svc.c b/src/svc.c -index 6db164b..3a8709f 100644 ---- a/src/svc.c -+++ b/src/svc.c -@@ -57,7 +57,7 @@ - - #define max(a, b) (a > b ? a : b) - --static SVCXPRT **__svc_xports; -+SVCXPRT **__svc_xports; - int __svc_maxrec; - - /* -@@ -194,6 +194,21 @@ __xprt_do_unregister (xprt, dolock) - rwlock_unlock (&svc_fd_lock); - } - -+int -+svc_open_fds() -+{ -+ int ix; -+ int nfds = 0; -+ -+ rwlock_rdlock (&svc_fd_lock); -+ for (ix = 0; ix < svc_max_pollfd; ++ix) { -+ if (svc_pollfd[ix].fd != -1) -+ nfds++; -+ } -+ rwlock_unlock (&svc_fd_lock); -+ return (nfds); -+} -+ - /* - * Add a service program to the callout list. - * The dispatch routine will be called when a rpc request for this -diff --git a/src/svc_vc.c b/src/svc_vc.c -index f1d9f00..3dc8a75 100644 ---- a/src/svc_vc.c -+++ b/src/svc_vc.c -@@ -64,6 +64,8 @@ - - - extern rwlock_t svc_fd_lock; -+extern SVCXPRT **__svc_xports; -+extern int svc_open_fds(); - - static SVCXPRT *makefd_xprt(int, u_int, u_int); - static bool_t rendezvous_request(SVCXPRT *, struct rpc_msg *); -@@ -82,6 +84,7 @@ static void svc_vc_ops(SVCXPRT *); - static bool_t svc_vc_control(SVCXPRT *xprt, const u_int rq, void *in); - static bool_t svc_vc_rendezvous_control (SVCXPRT *xprt, const u_int rq, - void *in); -+static int __svc_destroy_idle(int timeout); - - struct cf_rendezvous { /* kept in xprt->xp_p1 for rendezvouser */ - u_int sendsize; -@@ -313,13 +316,14 @@ done: - return (xprt); - } - -+ - /*ARGSUSED*/ - static bool_t - rendezvous_request(xprt, msg) - SVCXPRT *xprt; - struct rpc_msg *msg; - { -- int sock, flags; -+ int sock, flags, nfds, cnt; - struct cf_rendezvous *r; - struct cf_conn *cd; - struct sockaddr_storage addr; -@@ -379,6 +383,16 @@ again: - - gettimeofday(&cd->last_recv_time, NULL); - -+ nfds = svc_open_fds(); -+ if (nfds >= (_rpc_dtablesize() / 5) * 4) { -+ /* destroy idle connections */ -+ cnt = __svc_destroy_idle(15); -+ if (cnt == 0) { -+ /* destroy least active */ -+ __svc_destroy_idle(0); -+ } -+ } -+ - return (FALSE); /* there is never an rpc msg to be processed */ - } - -@@ -820,3 +834,49 @@ __svc_clean_idle(fd_set *fds, int timeout, bool_t cleanblock) - { - return FALSE; - } -+ -+static int -+__svc_destroy_idle(int timeout) -+{ -+ int i, ncleaned = 0; -+ SVCXPRT *xprt, *least_active; -+ struct timeval tv, tdiff, tmax; -+ struct cf_conn *cd; -+ -+ gettimeofday(&tv, NULL); -+ tmax.tv_sec = tmax.tv_usec = 0; -+ least_active = NULL; -+ rwlock_wrlock(&svc_fd_lock); -+ -+ for (i = 0; i <= svc_max_pollfd; i++) { -+ if (svc_pollfd[i].fd == -1) -+ continue; -+ xprt = __svc_xports[i]; -+ if (xprt == NULL || xprt->xp_ops == NULL || -+ xprt->xp_ops->xp_recv != svc_vc_recv) -+ continue; -+ cd = (struct cf_conn *)xprt->xp_p1; -+ if (!cd->nonblock) -+ continue; -+ if (timeout == 0) { -+ timersub(&tv, &cd->last_recv_time, &tdiff); -+ if (timercmp(&tdiff, &tmax, >)) { -+ tmax = tdiff; -+ least_active = xprt; -+ } -+ continue; -+ } -+ if (tv.tv_sec - cd->last_recv_time.tv_sec > timeout) { -+ __xprt_unregister_unlocked(xprt); -+ __svc_vc_dodestroy(xprt); -+ ncleaned++; -+ } -+ } -+ if (timeout == 0 && least_active != NULL) { -+ __xprt_unregister_unlocked(least_active); -+ __svc_vc_dodestroy(least_active); -+ ncleaned++; -+ } -+ rwlock_unlock(&svc_fd_lock); -+ return (ncleaned); -+} --- -1.8.3.1 - diff --git a/gnu/packages/patches/libtirpc-hurd.patch b/gnu/packages/patches/libtirpc-hurd.patch index cd625d696f..5ec73e7087 100644 --- a/gnu/packages/patches/libtirpc-hurd.patch +++ b/gnu/packages/patches/libtirpc-hurd.patch @@ -1,10 +1,10 @@ -This is a combination of two patches: +This is a combination of three patches: 1) Taken from https://salsa.debian.org/debian/libtirpc/-/raw/master/debian/patches/03-kfreebsd.diff Description: Fix build on non Linux architectures Author: Andreas Beckmann <[email protected]> -Last-Update: 2019-09-01 +Last-Update: 2025-03-17 2) Taken from https://salsa.debian.org/debian/libtirpc/-/raw/master/debian/patches/05-hurd-port.diff @@ -13,10 +13,39 @@ Description: Get source building on Hurd - Define MAXHOSTNAMELEN to 64 if missing. - Bind sockets on Hurd like on Linux. Author: Petter Reinholdtsen <[email protected]> +Last-Update: 2025-03-17 + +3) Taken from https://salsa.debian.org/debian/libtirpc/-/raw/master/debian/patches/06-hurd-client-port.diff +Description: Fix client code for hurd, avoiding malloc overflow + When trying to setup a inet connection, it happens the following: + - in libtirp, src/clnt_vc.c, clnt_vc_create gets called + - when trying to allocate vc_fd_locks, __rpc_dtbsize() is used as size + for that array of fd locks + - __rpc_dtbsize(), in src/rpc_generic.c, queries using rlimit the + maximum (rlim_max) number of file descriptors (RLIMIT_NOFILE): + - on Linux, the default is { rlim_cur = 1024, rlim_max = 4096 } + - on kFreeBSD, the default is { rlim_cur = 1024, rlim_max = 1024 } + - on Hurd, the default is { rlim_cur = 1024, rlim_max = RLIM_INFINITY } + meaning that on Hurd the memory allocation fails (as + __rpc_dtbsize() * sizeof(int) overflows and is negative) + + Change libtiprc so __rpc_dtbsize falls back on rlim_cur if rlim_max + is unlimited. + + This patch fixes the client connection using inet sockets; local unix + sockets are not working, for two reasons so far: + - getpeername on them gives EOPNOTSUPP + - SO_REUSEADDR is not implemented for them +Author: Pino Toscano <[email protected]> + +Bug-Debian: http://bugs.debian.org/739674 +Last-Update: 2020-03-03 + + --- a/src/svc_dg.c +++ b/src/svc_dg.c -@@ -648,6 +648,7 @@ +@@ -650,6 +650,7 @@ void svc_dg_enable_pktinfo(int fd, const struct __rpc_sockinfo *si) { @@ -24,7 +53,7 @@ Author: Petter Reinholdtsen <[email protected]> int val = 1; switch (si->si_af) { -@@ -660,6 +661,7 @@ +@@ -662,6 +663,7 @@ break; #endif } @@ -32,7 +61,7 @@ Author: Petter Reinholdtsen <[email protected]> } /* -@@ -670,6 +672,7 @@ +@@ -672,6 +674,7 @@ int svc_dg_valid_pktinfo(struct msghdr *msg) { @@ -40,7 +69,7 @@ Author: Petter Reinholdtsen <[email protected]> struct cmsghdr *cmsg; if (!msg->msg_name) -@@ -716,4 +719,7 @@ +@@ -718,4 +721,7 @@ } return 1; @@ -50,7 +79,7 @@ Author: Petter Reinholdtsen <[email protected]> } --- a/src/clnt_vc.c +++ b/src/clnt_vc.c -@@ -71,10 +71,12 @@ +@@ -76,10 +76,12 @@ #define MCALL_MSG_SIZE 24 #define CMGROUP_MAX 16 @@ -64,7 +93,7 @@ Author: Petter Reinholdtsen <[email protected]> /* * Credentials structure, used to verify the identity of a peer * process that has sent us a message. This is allocated by the -@@ -90,6 +92,7 @@ +@@ -95,6 +97,7 @@ short cmcred_ngroups; /* number or groups */ gid_t cmcred_groups[CMGROUP_MAX]; /* groups */ }; @@ -74,30 +103,18 @@ Author: Petter Reinholdtsen <[email protected]> struct cmsghdr cmsg; --- a/src/getpeereid.c +++ b/src/getpeereid.c -@@ -25,9 +25,14 @@ - */ - - -+#include "config.h" -+ +@@ -31,6 +31,7 @@ #include <sys/param.h> #include <sys/socket.h> #include <sys/un.h> -+#ifdef HAVE_SYS_USER_H -+# include <sys/user.h> -+#endif /* HAVE_SYS_USER_H */ ++#include <sys/user.h> #include <errno.h> #include <unistd.h> ---- a/src/getpeereid.c -+++ b/src/getpeereid.c -@@ -35,12 +36,25 @@ +@@ -40,12 +41,22 @@ int getpeereid(int s, uid_t *euid, gid_t *egid) { -+#ifndef HAVE_SYS_USER_H -+ return(-1); -+#else +#ifdef XUCRED_VERSION + struct xucred uc; +#define uid cr_uid @@ -117,34 +134,17 @@ Author: Petter Reinholdtsen <[email protected]> if (error != 0) return (error); // if (uc.cr_version != XUCRED_VERSION) -@@ -59,4 +66,5 @@ - *euid = uc.uid; - *egid = uc.gid; - return (0); -+#endif /* HAVE_SYS_USER_H */ - } --- a/tirpc/reentrant.h +++ b/tirpc/reentrant.h -@@ -36,7 +36,7 @@ +@@ -36,6 +36,6 @@ * These definitions are only guaranteed to be valid on Linux. */ --#if defined(__linux__) +-#if defined(__linux__) || defined(__APPLE__) +#if defined(__linux__) || defined(__GLIBC__) #include <pthread.h> - ---- a/configure.ac -+++ b/configure.ac -@@ -93,7 +93,7 @@ - AC_PROG_LIBTOOL - AC_HEADER_DIRENT - AC_PREFIX_DEFAULT(/usr) --AC_CHECK_HEADERS([arpa/inet.h fcntl.h libintl.h limits.h locale.h netdb.h netinet/in.h stddef.h stdint.h stdlib.h string.h sys/ioctl.h sys/param.h sys/socket.h sys/time.h syslog.h unistd.h features.h gssapi/gssapi_ext.h]) -+AC_CHECK_HEADERS([arpa/inet.h fcntl.h libintl.h limits.h locale.h netdb.h netinet/in.h stddef.h stdint.h stdlib.h string.h sys/ioctl.h sys/param.h sys/socket.h sys/time.h syslog.h unistd.h features.h gssapi/gssapi_ext.h sys/user.h]) - AC_CHECK_LIB([pthread], [pthread_create]) - AC_CHECK_FUNCS([getrpcbyname getrpcbynumber setrpcent endrpcent getrpcent]) - + --- a/src/auth_unix.c +++ b/src/auth_unix.c @@ -56,6 +56,11 @@ @@ -170,3 +170,71 @@ Author: Petter Reinholdtsen <[email protected]> #define STARTPORT 600 #define LOWPORT 512 +--- a/src/getpeereid.c ++++ b/src/getpeereid.c +@@ -28,10 +28,14 @@ + #include "config.h" + #endif + ++#include "config.h" ++ + #include <sys/param.h> + #include <sys/socket.h> + #include <sys/un.h> +-#include <sys/user.h> ++#ifdef HAVE_SYS_USER_H ++# include <sys/user.h> ++#endif /* HAVE_SYS_USER_H */ + + #include <errno.h> + #include <unistd.h> +@@ -41,6 +45,9 @@ + int + getpeereid(int s, uid_t *euid, gid_t *egid) + { ++#ifndef HAVE_SYS_USER_H ++ return(-1); ++#else + #ifdef XUCRED_VERSION + struct xucred uc; + #define uid cr_uid +@@ -64,6 +71,7 @@ + *euid = uc.uid; + *egid = uc.gid; + return (0); ++#endif /* HAVE_SYS_USER_H */ + } + + #endif +--- a/configure.ac ++++ b/configure.ac +@@ -200,7 +200,7 @@ + AC_CHECK_HEADERS([arpa/inet.h fcntl.h libintl.h limits.h locale.h + netdb.h netinet/in.h stddef.h stdint.h stdlib.h string.h sys/ioctl.h + sys/param.h sys/socket.h sys/time.h syslog.h unistd.h features.h +-gssapi/gssapi_ext.h endian.h machine/endian.h]) ++gssapi/gssapi_ext.h endian.h machine/endian.h sys/user.h]) + AX_PTHREAD + AC_CHECK_FUNCS([getpeereid getrpcbyname getrpcbynumber setrpcent endrpcent getrpcent]) + +--- a/src/rpc_generic.c ++++ b/src/rpc_generic.c +@@ -107,12 +107,17 @@ + { + static int tbsize; + struct rlimit rl; ++ rlim_t lim; + + if (tbsize) { + return (tbsize); + } + if (getrlimit(RLIMIT_NOFILE, &rl) == 0) { +- return (tbsize = (int)rl.rlim_cur); ++ lim = rl.rlim_max; ++ if (lim == RLIM_INFINITY) { ++ lim = rl.rlim_cur; ++ } ++ return (tbsize = (int)lim); + } + /* + * Something wrong. I'll try to save face by returning a
