Signed-off-by: Marcel Lorenz marcel.lorenz@ipfire.org --- lfs/rpcbind | 10 ++++---- .../rpcbind-0.2.4-vulnerability_fixes-1.patch | 29 ++++++++++++++++++++++ 2 files changed, 34 insertions(+), 5 deletions(-) create mode 100644 src/patches/rpcbind-0.2.4-vulnerability_fixes-1.patch
diff --git a/lfs/rpcbind b/lfs/rpcbind index 046121f36..f6bd05d9c 100644 --- a/lfs/rpcbind +++ b/lfs/rpcbind @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2016 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2017 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 0.2.3 +VER = 0.2.4
THISAPP = rpcbind-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = rpcbind -PAK_VER = 2 +PAK_VER = 3
DEPS = "libtirpc"
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = c8875246b2688a1adfbd6ad43480278d +$(DL_FILE)_MD5 = cf10cd41ed8228fc54c316191c1f07fe
install : $(TARGET)
@@ -77,8 +77,8 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/rpcbind-0.2.4-vulnerability_fixes-1.patch cd $(DIR_APP) && sed -i "/servname/s:rpcbind:sunrpc:" src/rpcbind.c - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/rpcbind/rpcbind-0.2.3-tirpc_fix-1.patch cd $(DIR_APP) && ./configure --prefix=/usr --bindir=/sbin --with-rpcuser=root --without-systemdsystemunitdir --disable-ipv6 cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) cd $(DIR_APP) && make install diff --git a/src/patches/rpcbind-0.2.4-vulnerability_fixes-1.patch b/src/patches/rpcbind-0.2.4-vulnerability_fixes-1.patch new file mode 100644 index 000000000..d8137d3c9 --- /dev/null +++ b/src/patches/rpcbind-0.2.4-vulnerability_fixes-1.patch @@ -0,0 +1,29 @@ +Submitted By: Ken Moffat <ken at linuxfromscratch dot org> +Date: 2017-05-29 +Initial Package Version: 0.2.4 (also affects earlier versions) +Upstream Status: Unknown +Origin: Guido Vranken +Description: Fixes CVE-2017-8779 (DOS by remote attackers - memory consumption +without subsequent free). + +diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c +index 5862c26..e11f61b 100644 +--- a/src/rpcb_svc_com.c ++++ b/src/rpcb_svc_com.c +@@ -48,6 +48,7 @@ + #include <rpc/rpc.h> + #include <rpc/rpcb_prot.h> + #include <rpc/svc_dg.h> ++#include <rpc/rpc_com.h> + #include <netconfig.h> + #include <errno.h> + #include <syslog.h> +@@ -432,7 +433,7 @@ rpcbproc_taddr2uaddr_com(void *arg, struct svc_req *rqstp /*__unused*/, + static bool_t + xdr_encap_parms(XDR *xdrs, struct encap_parms *epp) + { +- return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), ~0)); ++ return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), RPC_MAXDATASIZE)); + } + + /*