diff --git a/libs/keyutils/Makefile b/libs/keyutils/Makefile new file mode 100644 index 00000000..f88e4f48 --- /dev/null +++ b/libs/keyutils/Makefile @@ -0,0 +1,70 @@ +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=keyutils +PKG_VERSION:=1.6 +PKG_RELEASE:=3 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 +PKG_SOURCE_URL:=https://people.redhat.com/dhowells/keyutils/ +PKG_HASH:=d3aef20cec0005c0fa6b4be40079885567473185b1a57b629b030e67942c7115 + +PKG_INSTALL:=1 +PKG_BUILD_PARALLEL:=1 + +include $(INCLUDE_DIR)/package.mk + +define Package/libkeyutils + SECTION:=libs + CATEGORY:=Libraries + TITLE:=Key utilities library + URL:=https://people.redhat.com/dhowells/keyutils/ + LICENSE:=LGPL-2.1-or-later + LICENSE_FILES:=LICENSE.LGPL + ABI_VERSION:=1 +endef + +define Package/keyctl + SECTION:=utils + CATEGORY:=Utilities + SUBMENU:=Encryption + TITLE:=keyctl + DEPENDS:=+libkeyutils + LICENSE:=GPL-2.0-or-later + LICENSE_FILES:=LICENSE.GPL +endef + +define Package/keyutils/description + Key utilities +endef + +MAKE_FLAGS += \ + BINDIR=/usr/bin \ + LIBDIR=/usr/lib \ + SBINDIR=/usr/sbin \ + CFLAGS="$(TARGET_CFLAGS) $(FPIC)" + +define Build/InstallDev + $(INSTALL_DIR) $(1)/usr/include + $(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/ + $(INSTALL_DIR) $(1)/usr/lib/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libkeyutils.a $(1)/usr/lib/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libkeyutils.so.$(ABI_VERSION)* $(1)/usr/lib/ +endef + +define Package/libkeyutils/install + $(INSTALL_DIR) $(1)/usr/lib + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libkeyutils.so.$(ABI_VERSION)* $(1)/usr/lib/ +endef + +define Package/keyctl/install + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/keyctl $(1)/usr/bin +endef + +$(eval $(call BuildPackage,libkeyutils)) +$(eval $(call BuildPackage,keyctl)) diff --git a/libs/keyutils/patches/010-reproducible-build.patch b/libs/keyutils/patches/010-reproducible-build.patch new file mode 100644 index 00000000..3cf9b544 --- /dev/null +++ b/libs/keyutils/patches/010-reproducible-build.patch @@ -0,0 +1,11 @@ +--- a/Makefile ++++ b/Makefile +@@ -108,7 +108,7 @@ all: keyctl request-key key.dns_resolver + ############################################################################### + #RPATH = -Wl,-rpath,$(LIBDIR) + +-VCPPFLAGS := -DPKGBUILD="\"$(shell date -u +%F)\"" ++VCPPFLAGS := -DPKGBUILD="\"for OpenWrt"\" + VCPPFLAGS += -DPKGVERSION="\"keyutils-$(VERSION)\"" + VCPPFLAGS += -DAPIVERSION="\"libkeyutils-$(APIVERSION)\"" + diff --git a/libs/libtirpc/Makefile b/libs/libtirpc/Makefile index 1e42b14f..d7c8cd25 100644 --- a/libs/libtirpc/Makefile +++ b/libs/libtirpc/Makefile @@ -8,20 +8,22 @@ include $(TOPDIR)/rules.mk PKG_NAME:=libtirpc -PKG_VERSION:=1.0.3 +PKG_VERSION:=1.1.4 PKG_RELEASE:=1 PKG_SOURCE_URL:=@SF/libtirpc PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 -PKG_HASH:=86c3a78fc1bddefa96111dd233124c703b22a78884203c55c3e06b3be6a0fd5e +PKG_HASH:=2ca529f02292e10c158562295a1ffd95d2ce8af97820e3534fe1b0e3aec7561d PKG_MAINTAINER:=Andy Walsh PKG_LICENSE:=BSD-3-Clause PKG_FIXUP:=autoreconf +PKG_REMOVE_FILES:=autogen.sh aclocal.m4 PKG_INSTALL:=1 include $(INCLUDE_DIR)/package.mk +include $(INCLUDE_DIR)/host-build.mk define Package/libtirpc SECTION:=libs @@ -32,18 +34,16 @@ define Package/libtirpc endef CONFIGURE_ARGS += --disable-gssapi -# Info from Buildroot Makefile -# getrpcby{number,name} are only provided if 'GQ' is defined -TARGET_CFLAGS += -DGQ -#CONFIGURE_VARS += \ -# GSSGLUE_LIBS="-lkrb5 -lk5crypto -l:libcom_err.so.3 -lkeyutils -lresolv -gssapi_krb5" \ -# GSSGLUE_CFLAGS=-I$(STAGING_DIR)/usr/include/krb5/ +HOST_CONFIGURE_ARGS += --disable-gssapi -#EXTRA_LDFLAGS := -lgssapi_krb5 +TARGET_CFLAGS += -DGQ +HOST_CFLAGS += -DGQ define Package/libtirpc/install $(INSTALL_DIR) $(1)/usr/lib - $(CP) $(PKG_INSTALL_DIR)/usr/lib/libtirpc.so* $(1)/usr/lib + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libtirpc.so* $(1)/usr/lib/ + $(INSTALL_DIR) $(1)/etc + $(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/netconfig $(1)/etc/ endef define Build/InstallDev @@ -56,4 +56,5 @@ define Build/InstallDev $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libtirpc.pc $(1)/usr/lib/pkgconfig/libtirpc.pc endef +$(eval $(call HostBuild)) $(eval $(call BuildPackage,libtirpc)) diff --git a/libs/libtirpc/patches/001-musl.patch b/libs/libtirpc/patches/001-musl.patch new file mode 100644 index 00000000..0c3ce603 --- /dev/null +++ b/libs/libtirpc/patches/001-musl.patch @@ -0,0 +1,18 @@ +Consider musl provided built-in defines + +Helps compile libtirpc with musl + +Upstream-Status: Pending +Signed-off-by: Khem Raj + +--- ./tirpc/rpc/types.h.orig 2018-03-17 10:23:10.022055255 +0100 ++++ ./tirpc/rpc/types.h 2018-03-17 10:23:30.877751656 +0100 +@@ -66,7 +66,7 @@ + #define mem_free(ptr, bsize) free(ptr) + + +-#if defined __APPLE_CC__ || defined __FreeBSD__ ++#if defined __APPLE_CC__ || defined __FreeBSD__ || !defined(__GLIBC__) + # define __u_char_defined + # define __daddr_t_defined + #endif diff --git a/libs/libtirpc/patches/01-Disable-parts-of-TIRPC-requiring-NIS-support.patch b/libs/libtirpc/patches/01-Disable-parts-of-TIRPC-requiring-NIS-support.patch deleted file mode 100644 index eb1bef3d..00000000 --- a/libs/libtirpc/patches/01-Disable-parts-of-TIRPC-requiring-NIS-support.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 15adb318818f5d0ac609ef2b87643dd760487cb6 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?J=C3=B6rg=20Krause?= -Date: Mon, 20 Jul 2015 20:30:11 +0200 -Subject: [PATCH 1/1] Disable parts of TIRPC requiring NIS support -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Thomas Petazzoni -[yann.morin.1998@free.fr: update for 0.3.1] -Signed-off-by: "Yann E. MORIN" -[joerg.krause@embedded.rocks: update for 0.3.2] -Signed-off-by: Jörg Krause -[peda@axentia.se: update for 1.0.1] -Signed-off-by: Peter Rosin -[bernd.kuhls@t-online.de: update for 1.0.2] -Signed-off-by: Bernd Kuhls ---- - src/Makefile.am | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/Makefile.am b/src/Makefile.am -index 6cc567a..9834f9a 100644 ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -24,7 +24,7 @@ libtirpc_la_SOURCES = auth_none.c auth_unix.c authunix_prot.c bindresvport.c cln - rpcb_st_xdr.c svc.c svc_auth.c svc_dg.c svc_auth_unix.c svc_auth_none.c \ - svc_auth_des.c \ - svc_generic.c svc_raw.c svc_run.c svc_simple.c svc_vc.c getpeereid.c \ -- auth_time.c auth_des.c authdes_prot.c debug.c des_crypt.c des_impl.c -+ auth_des.c authdes_prot.c debug.c des_crypt.c des_impl.c - - ## XDR - libtirpc_la_SOURCES += xdr.c xdr_rec.c xdr_array.c xdr_float.c xdr_mem.c xdr_reference.c xdr_stdio.c xdr_sizeof.c -@@ -41,8 +41,8 @@ if GSS - libtirpc_la_CFLAGS = -DHAVE_RPCSEC_GSS $(GSSAPI_CFLAGS) - endif - --libtirpc_la_SOURCES += key_call.c key_prot_xdr.c getpublickey.c --libtirpc_la_SOURCES += netname.c netnamer.c rpcdname.c rtime.c -+#libtirpc_la_SOURCES += key_call.c key_prot_xdr.c getpublickey.c -+#libtirpc_la_SOURCES += netname.c netnamer.c rpcdname.c rtime.c - - CLEANFILES = cscope.* *~ - DISTCLEANFILES = Makefile.in --- -2.4.6 - diff --git a/libs/libtirpc/patches/02-uClibc-without-RPC-support-and-musl-does-not-install-rpcent.h.patch b/libs/libtirpc/patches/02-uClibc-without-RPC-support-and-musl-does-not-install-rpcent.h.patch deleted file mode 100644 index 51229a02..00000000 --- a/libs/libtirpc/patches/02-uClibc-without-RPC-support-and-musl-does-not-install-rpcent.h.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 7aa1fe6a0f9280571117c30c03c2cc521cd86ec3 Mon Sep 17 00:00:00 2001 -From: Thomas Petazzoni -Date: Sat, 23 Jun 2012 21:58:07 +0200 -Subject: [PATCH] uClibc without RPC support and musl does not install rpcent.h - -Signed-off-by: Thomas Petazzoni -[yann.morin.1998@free.fr: update for 0.3.1] -Signed-off-by: "Yann E. MORIN" -[joerg.krause@embedded.rocks: musl fix] -Signed-off-by: Jörg Krause -[bernd.kuhls@t-online.de: update for 1.0.2] -Signed-off-by: Bernd Kuhls ---- - tirpc/rpc/rpcent.h | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/tirpc/rpc/rpcent.h b/tirpc/rpc/rpcent.h -index 147f909..4a58180 100644 ---- a/tirpc/rpc/rpcent.h -+++ b/tirpc/rpc/rpcent.h -@@ -48,8 +48,9 @@ - extern "C" { - #endif - --/* These are defined in /usr/include/rpc/netdb.h */ --#if !defined(__GLIBC__) || defined(__UCLIBC__) -+/* These are defined in /usr/include/rpc/netdb.h, unless we are using -+ the C library without RPC support. */ -+#if defined(__UCLIBC__) && !defined(__UCLIBC_HAS_RPC__) || !defined(__GLIBC__) - struct rpcent { - char *r_name; /* name of server for this rpc program */ - char **r_aliases; /* alias list */ --- -1.9.1 - diff --git a/libs/libtirpc/patches/03-Disable-DES-authentification-support.patch b/libs/libtirpc/patches/03-Disable-DES-authentification-support.patch deleted file mode 100644 index 0c654724..00000000 --- a/libs/libtirpc/patches/03-Disable-DES-authentification-support.patch +++ /dev/null @@ -1,142 +0,0 @@ -From 79975eb4104667be85abd06874c258438826b674 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?J=C3=B6rg=20Krause?= -Date: Fri, 24 Jul 2015 14:45:52 +0200 -Subject: [PATCH] Disable DES authentification support -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -uClibc and musl does not provide DES authentication. - -Signed-off-by: Jörg Krause -[peda@axentia.se: update for 1.0.1] -Signed-off-by: Peter Rosin -[bernd.kuhls@t-online.de: update for 1.0.2] -Signed-off-by: Bernd Kuhls ---- - src/Makefile.am | 2 +- - src/rpc_soc.c | 32 -------------------------------- - 2 files changed, 1 insertion(+), 33 deletions(-) - -diff --git a/src/Makefile.am b/src/Makefile.am -index 960a522..3a88e31 100644 ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -22,9 +22,8 @@ libtirpc_la_SOURCES = auth_none.c auth_unix.c authunix_prot.c bindresvport.c cln - pmap_prot.c pmap_prot2.c pmap_rmt.c rpc_prot.c rpc_commondata.c \ - rpc_callmsg.c rpc_generic.c rpc_soc.c rpcb_clnt.c rpcb_prot.c \ - rpcb_st_xdr.c svc.c svc_auth.c svc_dg.c svc_auth_unix.c svc_auth_none.c \ -- svc_auth_des.c \ - svc_generic.c svc_raw.c svc_run.c svc_simple.c svc_vc.c getpeereid.c \ -- auth_des.c authdes_prot.c debug.c des_crypt.c des_impl.c -+ debug.c - - ## XDR - libtirpc_la_SOURCES += xdr.c xdr_rec.c xdr_array.c xdr_float.c xdr_mem.c xdr_reference.c xdr_stdio.c xdr_sizeof.c -diff --git a/src/svc_auth.c b/src/svc_auth.c ---- a/src/svc_auth.c -+++ b/src/svc_auth.c -@@ -114,9 +114,6 @@ _gss_authenticate(rqst, msg, no_dispatch) - case AUTH_SHORT: - dummy = _svcauth_short(rqst, msg); - return (dummy); -- case AUTH_DES: -- dummy = _svcauth_des(rqst, msg); -- return (dummy); - #ifdef HAVE_RPCSEC_GSS - case RPCSEC_GSS: - dummy = _svcauth_gss(rqst, msg, no_dispatch); -diff --git a/src/rpc_soc.c b/src/rpc_soc.c -index e146ed4..161a1ec 100644 ---- a/src/rpc_soc.c -+++ b/src/rpc_soc.c -@@ -522,86 +521,6 @@ clnt_broadcast(prog, vers, proc, xargs, argsp, xresults, resultsp, eachresult) - } - - /* -- * Create the client des authentication object. Obsoleted by -- * authdes_seccreate(). -- */ --AUTH * --authdes_create(servername, window, syncaddr, ckey) -- char *servername; /* network name of server */ -- u_int window; /* time to live */ -- struct sockaddr *syncaddr; /* optional hostaddr to sync with */ -- des_block *ckey; /* optional conversation key to use */ --{ -- AUTH *nauth; -- char hostname[NI_MAXHOST]; -- -- if (syncaddr) { -- /* -- * Change addr to hostname, because that is the way -- * new interface takes it. -- */ -- switch (syncaddr->sa_family) { -- case AF_INET: -- if (getnameinfo(syncaddr, sizeof(struct sockaddr_in), hostname, -- sizeof hostname, NULL, 0, 0) != 0) -- goto fallback; -- break; -- case AF_INET6: -- if (getnameinfo(syncaddr, sizeof(struct sockaddr_in6), hostname, -- sizeof hostname, NULL, 0, 0) != 0) -- goto fallback; -- break; -- default: -- goto fallback; -- } -- nauth = authdes_seccreate(servername, window, hostname, ckey); -- return (nauth); -- } --fallback: -- return authdes_seccreate(servername, window, NULL, ckey); --} -- --/* -- * Create the client des authentication object. Obsoleted by -- * authdes_pk_seccreate(). -- */ --extern AUTH *authdes_pk_seccreate(const char *, netobj *, u_int, const char *, -- const des_block *, nis_server *); -- --AUTH * --authdes_pk_create(servername, pkey, window, syncaddr, ckey) -- char *servername; /* network name of server */ -- netobj *pkey; /* public key */ -- u_int window; /* time to live */ -- struct sockaddr *syncaddr; /* optional hostaddr to sync with */ -- des_block *ckey; /* optional conversation key to use */ --{ -- AUTH *nauth; -- char hostname[NI_MAXHOST]; -- -- if (syncaddr) { -- /* -- * Change addr to hostname, because that is the way -- * new interface takes it. -- */ -- switch (syncaddr->sa_family) { -- case AF_INET: -- if (getnameinfo(syncaddr, sizeof(struct sockaddr_in), hostname, -- sizeof hostname, NULL, 0, 0) != 0) -- goto fallback; -- break; -- default: -- goto fallback; -- } -- nauth = authdes_pk_seccreate(servername, pkey, window, hostname, ckey, NULL); -- return (nauth); -- } --fallback: -- return authdes_pk_seccreate(servername, pkey, window, NULL, ckey, NULL); --} -- -- --/* - * Create a client handle for a unix connection. Obsoleted by clnt_vc_create() - */ - CLIENT * --- -2.4.6 - diff --git a/libs/libtirpc/patches/04-musl-rpc-fix-types.h.patch b/libs/libtirpc/patches/04-musl-rpc-fix-types.h.patch deleted file mode 100644 index b0616ead..00000000 --- a/libs/libtirpc/patches/04-musl-rpc-fix-types.h.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/tirpc/rpc/types.h 2018-03-27 -+++ b/tirpc/rpc/types.h 2018-03-27 -@@ -66,7 +66,7 @@ typedef int32_t rpc_inline_t; - #define mem_free(ptr, bsize) free(ptr) - - --#if defined __APPLE_CC__ || defined __FreeBSD__ -+#if defined __APPLE_CC__ || defined __FreeBSD__ || defined(_GNU_SOURCE) || defined(_BSD_SOURCE) - # define __u_char_defined - # define __daddr_t_defined - #endif diff --git a/net/rpcbind/Makefile b/net/rpcbind/Makefile new file mode 100644 index 00000000..a3edecea --- /dev/null +++ b/net/rpcbind/Makefile @@ -0,0 +1,84 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=rpcbind +PKG_VERSION:=1.2.5 +PKG_RELEASE:=4 + +PKG_SOURCE_URL:=@SF/rpcbind +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 +PKG_HASH:=2ce360683963b35c19c43f0ee2c7f18aa5b81ef41c3fdbd15ffcb00b8bffda7a + +PKG_MAINTAINER:=Andy Walsh +PKG_LICENSE:=BSD-3-Clause +PKG_CPE_ID:=cpe:/a:rpcbind_project:rpcbind + +PKG_FIXUP:=autoreconf +PKG_REMOVE_FILES:=autogen.sh aclocal.m4 +PKG_INSTALL:=1 + +PKG_CONFIG_DEPENDS:= \ + CONFIG_RPCBIND_LIBWRAP \ + CONFIG_RPCBIND_RMTCALLS + +include $(INCLUDE_DIR)/package.mk + +define Package/rpcbind + SECTION:=net + CATEGORY:=Network + DEPENDS:=+libtirpc +RPCBIND_LIBWRAP:libwrap + TITLE:=Universal addresses to RPC mapper + URL:=http://rpcbind.sourceforge.net/ + USERID:=rpc=65533:rpc=65533 +endef + +define Package/rpcbind/description + The rpcbind utility is a server that converts RPC program numbers into universal addresses. + It must be running on the host to be able to make RPC calls on a server on that machine. + + Rpcbind replaces portmap for NFS v2/v3. It has more features, like ipv6 support. + Note: Nfs4 only configurations can run without it. +endef + +define Package/rpcbind/config +if PACKAGE_rpcbind + config RPCBIND_LIBWRAP + bool "Enable libwrap (TCP wrappers) support." + default y + config RPCBIND_RMTCALLS + bool "Enable broadcast discovery support of rpc services." + help + Services such as Kodi (via libnfs) use this functionality to discover available NFS shares on the network. + default y + + +endif +endef + +CONFIGURE_ARGS += \ + --with-rpcuser=rpc \ + --without-systemdsystemunitdir \ + --enable-warmstarts + +ifeq ($(CONFIG_RPCBIND_LIBWRAP),y) + CONFIGURE_ARGS += --enable-libwrap +else + CONFIGURE_ARGS += --disable-libwrap +endif + +ifeq ($(CONFIG_RPCBIND_RMTCALLS),y) + CONFIGURE_ARGS += --enable-rmtcalls +else + CONFIGURE_ARGS += --disable-rmtcalls +endif + + +define Package/rpcbind/install + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/rpcinfo $(1)/usr/bin/ + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/rpcbind $(1)/usr/sbin/ + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/rpcbind.init $(1)/etc/init.d/rpcbind +endef + +$(eval $(call BuildPackage,rpcbind)) diff --git a/net/rpcbind/files/rpcbind.init b/net/rpcbind/files/rpcbind.init new file mode 100644 index 00000000..2e8ace04 --- /dev/null +++ b/net/rpcbind/files/rpcbind.init @@ -0,0 +1,13 @@ +#!/bin/sh /etc/rc.common + +START=19 +STOP=19 + +USE_PROCD=1 + +start_service() { + procd_open_instance + procd_set_param command /usr/sbin/rpcbind -f -w + procd_set_param respawn + procd_close_instance +} diff --git a/net/rpcbind/patches/001-CVE-2017-8779-dos-via-memory-consumption.patch b/net/rpcbind/patches/001-CVE-2017-8779-dos-via-memory-consumption.patch new file mode 100644 index 00000000..d8137d3c --- /dev/null +++ b/net/rpcbind/patches/001-CVE-2017-8779-dos-via-memory-consumption.patch @@ -0,0 +1,29 @@ +Submitted By: Ken Moffat +Date: 2017-05-29 +Initial Package Version: 0.2.4 (also affects earlier versions) +Upstream Status: Unknown +Origin: Guido Vranken +Description: Fixes CVE-2017-8779 (DOS by remote attackers - memory consumption +without subsequent free). + +diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c +index 5862c26..e11f61b 100644 +--- a/src/rpcb_svc_com.c ++++ b/src/rpcb_svc_com.c +@@ -48,6 +48,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -432,7 +433,7 @@ rpcbproc_taddr2uaddr_com(void *arg, struct svc_req *rqstp /*__unused*/, + static bool_t + xdr_encap_parms(XDR *xdrs, struct encap_parms *epp) + { +- return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), ~0)); ++ return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), RPC_MAXDATASIZE)); + } + + /* diff --git a/net/rpcbind/patches/002-fix_stack_buffer_overflow.patch b/net/rpcbind/patches/002-fix_stack_buffer_overflow.patch new file mode 100644 index 00000000..1a43dacb --- /dev/null +++ b/net/rpcbind/patches/002-fix_stack_buffer_overflow.patch @@ -0,0 +1,69 @@ +From 0bc1c0ae7ce61a7ac8a8e9a9b2086268f011abf0 Mon Sep 17 00:00:00 2001 +From: Steve Dickson +Date: Tue, 9 Oct 2018 09:19:50 -0400 +Subject: [PATCH 1/1] rpcinfo: Fix stack buffer overflow + +*** buffer overflow detected ***: rpcinfo terminated +======= Backtrace: ========= +/lib64/libc.so.6(+0x721af)[0x7ff24c4451af] +/lib64/libc.so.6(__fortify_fail+0x37)[0x7ff24c4ccdc7] +/lib64/libc.so.6(+0xf8050)[0x7ff24c4cb050] +rpcinfo(+0x435f)[0xef3be2635f] +rpcinfo(+0x1c62)[0xef3be23c62] +/lib64/libc.so.6(__libc_start_main+0xf5)[0x7ff24c3f36e5] +rpcinfo(+0x2739)[0xef3be24739] +======= Memory map: ======== +... +The patch below fixes it. + +Reviewed-by: Chuck Lever +Signed-off-by: Thomas Blume +Signed-off-by: Steve Dickson +--- + src/rpcinfo.c | 23 +++++++++++++++++------ + 1 file changed, 17 insertions(+), 6 deletions(-) + +diff --git a/src/rpcinfo.c b/src/rpcinfo.c +index 9b46864..cfdba88 100644 +--- a/src/rpcinfo.c ++++ b/src/rpcinfo.c +@@ -973,6 +973,7 @@ rpcbdump (dumptype, netid, argc, argv) + (" program version(s) netid(s) service owner\n"); + for (rs = rs_head; rs; rs = rs->next) + { ++ size_t netidmax = sizeof(buf) - 1; + char *p = buf; + + printf ("%10ld ", rs->prog); +@@ -985,12 +986,22 @@ rpcbdump (dumptype, netid, argc, argv) + } + printf ("%-10s", buf); + buf[0] = '\0'; +- for (nl = rs->nlist; nl; nl = nl->next) +- { +- strcat (buf, nl->netid); +- if (nl->next) +- strcat (buf, ","); +- } ++ ++ for (nl = rs->nlist; nl; nl = nl->next) ++ { ++ strncat (buf, nl->netid, netidmax); ++ if (strlen (nl->netid) < netidmax) ++ netidmax -= strlen(nl->netid); ++ else ++ break; ++ ++ if (nl->next && netidmax > 1) ++ { ++ strncat (buf, ",", netidmax); ++ netidmax --; ++ } ++ } ++ + printf ("%-32s", buf); + rpc = getrpcbynumber (rs->prog); + if (rpc) +-- +1.8.3.1 +