nckx pushed a commit to branch master
in repository guix.

commit f81b6e770324e2b0b31a9cfdfe7f6d9793cb73c9
Author: Tobias Geerinckx-Rice <m...@tobias.gr>
Date:   Thu Feb 8 18:21:02 2018 +0100

    gnu: libtirpc: Update to 1.0.2.
    
    * gnu/packages/onc-rpc.scm (libtirpc): Update to 1.0.2.
    [patches]: Remove patch for fixed CVE.
    * gnu/packages/patches/libtirpc-CVE-2017-8779.patch: Delete file.
    * gnu/local.mk (dist_patch_DATA): Remove it.
---
 gnu/local.mk                                      |   1 -
 gnu/packages/onc-rpc.scm                          |   6 +-
 gnu/packages/patches/libtirpc-CVE-2017-8779.patch | 263 ----------------------
 3 files changed, 3 insertions(+), 267 deletions(-)

diff --git a/gnu/local.mk b/gnu/local.mk
index 3f0023a..823469e 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -852,7 +852,6 @@ dist_patch_DATA =                                           
\
   %D%/packages/patches/libtiff-tiffgetfield-bugs.patch         \
   %D%/packages/patches/libtiff-tiffycbcrtorgb-integer-overflow.patch   \
   %D%/packages/patches/libtiff-tiffycbcrtorgbinit-integer-overflow.patch       
\
-  %D%/packages/patches/libtirpc-CVE-2017-8779.patch            \
   %D%/packages/patches/libtool-skip-tests2.patch               \
   %D%/packages/patches/libunistring-gnulib-multi-core.patch    \
   %D%/packages/patches/libusb-0.1-disable-tests.patch          \
diff --git a/gnu/packages/onc-rpc.scm b/gnu/packages/onc-rpc.scm
index a76ac36..61a643b 100644
--- a/gnu/packages/onc-rpc.scm
+++ b/gnu/packages/onc-rpc.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2014, 2017 Ludovic Courtès <l...@gnu.org>
 ;;; Copyright © 2016 John Darrington <j...@gnu.org>
 ;;; Copyright © 2017 Leo Famulari <l...@famulari.name>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <m...@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -30,16 +31,15 @@
 (define-public libtirpc
   (package
     (name "libtirpc")
-    (version "1.0.1")
+    (version "1.0.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://sourceforge/libtirpc/libtirpc/"
                                   version "/libtirpc-"
                                   version ".tar.bz2"))
-              (patches (search-patches "libtirpc-CVE-2017-8779.patch"))
               (sha256
                (base32
-                "17mqrdgsgp9m92pmq7bvr119svdg753prqqxmg4cnz5y657rfmji"))))
+                "1xchbxy0xql7yl7z4n1icj8r7dmly46i22fvm00vdjq64zlmqg3j"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
diff --git a/gnu/packages/patches/libtirpc-CVE-2017-8779.patch 
b/gnu/packages/patches/libtirpc-CVE-2017-8779.patch
deleted file mode 100644
index 742e64d..0000000
--- a/gnu/packages/patches/libtirpc-CVE-2017-8779.patch
+++ /dev/null
@@ -1,263 +0,0 @@
-Fix CVE-2017-8779:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8779
-
-Patch copied from the bug reporter's 3rd-party repository:
-
-https://github.com/guidovranken/rpcbomb/blob/master/libtirpc_patch.txt
-
-diff --git a/src/rpc_generic.c b/src/rpc_generic.c
-index 2f09a8f..589cbd5 100644
---- a/src/rpc_generic.c
-+++ b/src/rpc_generic.c
-@@ -615,6 +615,9 @@ __rpc_taddr2uaddr_af(int af, const struct netbuf *nbuf)
- 
-       switch (af) {
-       case AF_INET:
-+              if (nbuf->len < sizeof(*sin)) {
-+                      return NULL;
-+              }
-               sin = nbuf->buf;
-               if (inet_ntop(af, &sin->sin_addr, namebuf, sizeof namebuf)
-                   == NULL)
-@@ -626,6 +629,9 @@ __rpc_taddr2uaddr_af(int af, const struct netbuf *nbuf)
-               break;
- #ifdef INET6
-       case AF_INET6:
-+              if (nbuf->len < sizeof(*sin6)) {
-+                      return NULL;
-+              }
-               sin6 = nbuf->buf;
-               if (inet_ntop(af, &sin6->sin6_addr, namebuf6, sizeof namebuf6)
-                   == NULL)
-@@ -667,6 +673,8 @@ __rpc_uaddr2taddr_af(int af, const char *uaddr)
- 
-       port = 0;
-       sin = NULL;
-+      if (uaddr == NULL)
-+              return NULL;
-       addrstr = strdup(uaddr);
-       if (addrstr == NULL)
-               return NULL;
-diff --git a/src/rpcb_prot.c b/src/rpcb_prot.c
-index 43fd385..a923c8e 100644
---- a/src/rpcb_prot.c
-+++ b/src/rpcb_prot.c
-@@ -41,6 +41,7 @@
- #include <rpc/types.h>
- #include <rpc/xdr.h>
- #include <rpc/rpcb_prot.h>
-+#include "rpc_com.h"
- 
- bool_t
- xdr_rpcb(xdrs, objp)
-@@ -53,13 +54,13 @@ xdr_rpcb(xdrs, objp)
-       if (!xdr_u_int32_t(xdrs, &objp->r_vers)) {
-               return (FALSE);
-       }
--      if (!xdr_string(xdrs, &objp->r_netid, (u_int)~0)) {
-+      if (!xdr_string(xdrs, &objp->r_netid, RPC_MAXDATASIZE)) {
-               return (FALSE);
-       }
--      if (!xdr_string(xdrs, &objp->r_addr, (u_int)~0)) {
-+      if (!xdr_string(xdrs, &objp->r_addr, RPC_MAXDATASIZE)) {
-               return (FALSE);
-       }
--      if (!xdr_string(xdrs, &objp->r_owner, (u_int)~0)) {
-+      if (!xdr_string(xdrs, &objp->r_owner, RPC_MAXDATASIZE)) {
-               return (FALSE);
-       }
-       return (TRUE);
-@@ -159,19 +160,19 @@ xdr_rpcb_entry(xdrs, objp)
-       XDR *xdrs;
-       rpcb_entry *objp;
- {
--      if (!xdr_string(xdrs, &objp->r_maddr, (u_int)~0)) {
-+      if (!xdr_string(xdrs, &objp->r_maddr, RPC_MAXDATASIZE)) {
-               return (FALSE);
-       }
--      if (!xdr_string(xdrs, &objp->r_nc_netid, (u_int)~0)) {
-+      if (!xdr_string(xdrs, &objp->r_nc_netid, RPC_MAXDATASIZE)) {
-               return (FALSE);
-       }
-       if (!xdr_u_int32_t(xdrs, &objp->r_nc_semantics)) {
-               return (FALSE);
-       }
--      if (!xdr_string(xdrs, &objp->r_nc_protofmly, (u_int)~0)) {
-+      if (!xdr_string(xdrs, &objp->r_nc_protofmly, RPC_MAXDATASIZE)) {
-               return (FALSE);
-       }
--      if (!xdr_string(xdrs, &objp->r_nc_proto, (u_int)~0)) {
-+      if (!xdr_string(xdrs, &objp->r_nc_proto, RPC_MAXDATASIZE)) {
-               return (FALSE);
-       }
-       return (TRUE);
-@@ -292,7 +293,7 @@ xdr_rpcb_rmtcallres(xdrs, p)
-       bool_t dummy;
-       struct r_rpcb_rmtcallres *objp = (struct r_rpcb_rmtcallres *)(void *)p;
- 
--      if (!xdr_string(xdrs, &objp->addr, (u_int)~0)) {
-+      if (!xdr_string(xdrs, &objp->addr, RPC_MAXDATASIZE)) {
-               return (FALSE);
-       }
-       if (!xdr_u_int(xdrs, &objp->results.results_len)) {
-@@ -312,6 +313,11 @@ xdr_netbuf(xdrs, objp)
-       if (!xdr_u_int32_t(xdrs, (u_int32_t *) &objp->maxlen)) {
-               return (FALSE);
-       }
-+
-+      if (objp->maxlen > RPC_MAXDATASIZE) {
-+              return (FALSE);
-+      }
-+
-       dummy = xdr_bytes(xdrs, (char **)&(objp->buf),
-                       (u_int *)&(objp->len), objp->maxlen);
-       return (dummy);
-diff --git a/src/rpcb_st_xdr.c b/src/rpcb_st_xdr.c
-index 08db745..28e6a48 100644
---- a/src/rpcb_st_xdr.c
-+++ b/src/rpcb_st_xdr.c
-@@ -37,6 +37,7 @@
- 
- 
- #include <rpc/rpc.h>
-+#include "rpc_com.h"
- 
- /* Link list of all the stats about getport and getaddr */
- 
-@@ -58,7 +59,7 @@ xdr_rpcbs_addrlist(xdrs, objp)
-           if (!xdr_int(xdrs, &objp->failure)) {
-               return (FALSE);
-           }
--          if (!xdr_string(xdrs, &objp->netid, (u_int)~0)) {
-+          if (!xdr_string(xdrs, &objp->netid, RPC_MAXDATASIZE)) {
-               return (FALSE);
-           }
- 
-@@ -109,7 +110,7 @@ xdr_rpcbs_rmtcalllist(xdrs, objp)
-               IXDR_PUT_INT32(buf, objp->failure);
-               IXDR_PUT_INT32(buf, objp->indirect);
-       }
--      if (!xdr_string(xdrs, &objp->netid, (u_int)~0)) {
-+      if (!xdr_string(xdrs, &objp->netid, RPC_MAXDATASIZE)) {
-               return (FALSE);
-       }
-       if (!xdr_pointer(xdrs, (char **)&objp->next,
-@@ -147,7 +148,7 @@ xdr_rpcbs_rmtcalllist(xdrs, objp)
-               objp->failure = (int)IXDR_GET_INT32(buf);
-               objp->indirect = (int)IXDR_GET_INT32(buf);
-       }
--      if (!xdr_string(xdrs, &objp->netid, (u_int)~0)) {
-+      if (!xdr_string(xdrs, &objp->netid, RPC_MAXDATASIZE)) {
-               return (FALSE);
-       }
-       if (!xdr_pointer(xdrs, (char **)&objp->next,
-@@ -175,7 +176,7 @@ xdr_rpcbs_rmtcalllist(xdrs, objp)
-       if (!xdr_int(xdrs, &objp->indirect)) {
-               return (FALSE);
-       }
--      if (!xdr_string(xdrs, &objp->netid, (u_int)~0)) {
-+      if (!xdr_string(xdrs, &objp->netid, RPC_MAXDATASIZE)) {
-               return (FALSE);
-       }
-       if (!xdr_pointer(xdrs, (char **)&objp->next,
-diff --git a/src/xdr.c b/src/xdr.c
-index f3fb9ad..b9a1558 100644
---- a/src/xdr.c
-+++ b/src/xdr.c
-@@ -42,8 +42,10 @@
- #include <stdlib.h>
- #include <string.h>
- 
-+#include <rpc/rpc.h>
- #include <rpc/types.h>
- #include <rpc/xdr.h>
-+#include <rpc/rpc_com.h>
- 
- typedef quad_t          longlong_t;     /* ANSI long long type */
- typedef u_quad_t        u_longlong_t;   /* ANSI unsigned long long type */
-@@ -53,7 +55,6 @@ typedef u_quad_t        u_longlong_t;   /* ANSI unsigned 
long long type */
-  */
- #define XDR_FALSE     ((long) 0)
- #define XDR_TRUE      ((long) 1)
--#define LASTUNSIGNED  ((u_int) 0-1)
- 
- /*
-  * for unit alignment
-@@ -629,6 +630,7 @@ xdr_bytes(xdrs, cpp, sizep, maxsize)
- {
-       char *sp = *cpp;  /* sp is the actual string pointer */
-       u_int nodesize;
-+      bool_t ret, allocated = FALSE;
- 
-       /*
-        * first deal with the length since xdr bytes are counted
-@@ -652,6 +654,7 @@ xdr_bytes(xdrs, cpp, sizep, maxsize)
-               }
-               if (sp == NULL) {
-                       *cpp = sp = mem_alloc(nodesize);
-+                      allocated = TRUE;
-               }
-               if (sp == NULL) {
-                       warnx("xdr_bytes: out of memory");
-@@ -660,7 +663,14 @@ xdr_bytes(xdrs, cpp, sizep, maxsize)
-               /* FALLTHROUGH */
- 
-       case XDR_ENCODE:
--              return (xdr_opaque(xdrs, sp, nodesize));
-+              ret = xdr_opaque(xdrs, sp, nodesize);
-+              if ((xdrs->x_op == XDR_DECODE) && (ret == FALSE)) {
-+                      if (allocated == TRUE) {
-+                              free(sp);
-+                              *cpp = NULL;
-+                      }
-+              }
-+              return (ret);
- 
-       case XDR_FREE:
-               if (sp != NULL) {
-@@ -754,6 +764,7 @@ xdr_string(xdrs, cpp, maxsize)
-       char *sp = *cpp;  /* sp is the actual string pointer */
-       u_int size;
-       u_int nodesize;
-+      bool_t ret, allocated = FALSE;
- 
-       /*
-        * first deal with the length since xdr strings are counted-strings
-@@ -793,8 +804,10 @@ xdr_string(xdrs, cpp, maxsize)
-       switch (xdrs->x_op) {
- 
-       case XDR_DECODE:
--              if (sp == NULL)
-+              if (sp == NULL) {
-                       *cpp = sp = mem_alloc(nodesize);
-+                      allocated = TRUE;
-+              }
-               if (sp == NULL) {
-                       warnx("xdr_string: out of memory");
-                       return (FALSE);
-@@ -803,7 +816,14 @@ xdr_string(xdrs, cpp, maxsize)
-               /* FALLTHROUGH */
- 
-       case XDR_ENCODE:
--              return (xdr_opaque(xdrs, sp, size));
-+              ret = xdr_opaque(xdrs, sp, size);
-+              if ((xdrs->x_op == XDR_DECODE) && (ret == FALSE)) {
-+                      if (allocated == TRUE) {
-+                              free(sp);
-+                              *cpp = NULL;
-+                      }
-+              }
-+              return (ret);
- 
-       case XDR_FREE:
-               mem_free(sp, nodesize);
-@@ -823,7 +843,7 @@ xdr_wrapstring(xdrs, cpp)
-       XDR *xdrs;
-       char **cpp;
- {
--      return xdr_string(xdrs, cpp, LASTUNSIGNED);
-+      return xdr_string(xdrs, cpp, RPC_MAXDATASIZE);
- }
- 
- /*

Reply via email to