summaryrefslogtreecommitdiff
path: root/rpcbind
diff options
context:
space:
mode:
authorJuergen Daubert <jue@jue.li>2017-07-06 14:37:05 +0200
committerJuergen Daubert <jue@jue.li>2017-07-06 14:37:05 +0200
commit251e7dc40befcdd17585d3521b81cf695ce11df2 (patch)
tree0abbc7e6a6ca93dab6205154f508f172b3cf735e /rpcbind
parent0854b7051fbb821e38f94570c7438e756d560b72 (diff)
downloadopt-251e7dc40befcdd17585d3521b81cf695ce11df2.tar.gz
opt-251e7dc40befcdd17585d3521b81cf695ce11df2.tar.xz
[notify] rpcbind: security fix for CVE-2017-8779
Diffstat (limited to 'rpcbind')
-rw-r--r--rpcbind/.md5sum1
-rw-r--r--rpcbind/.signature5
-rw-r--r--rpcbind/Pkgfile8
-rw-r--r--rpcbind/rpcbind-CVE-2017-8779.patch24
4 files changed, 34 insertions, 4 deletions
diff --git a/rpcbind/.md5sum b/rpcbind/.md5sum
index 7176974bf..6d612eb59 100644
--- a/rpcbind/.md5sum
+++ b/rpcbind/.md5sum
@@ -1,2 +1,3 @@
78bfe054cf620249b228350f5e8730f7 rpcbind
cf10cd41ed8228fc54c316191c1f07fe rpcbind-0.2.4.tar.bz2
+db5756cdc1cf70ccf2d3e90d44fe404a rpcbind-CVE-2017-8779.patch
diff --git a/rpcbind/.signature b/rpcbind/.signature
index 57e4dc2cd..3989fe19d 100644
--- a/rpcbind/.signature
+++ b/rpcbind/.signature
@@ -1,6 +1,7 @@
untrusted comment: verify with /etc/ports/opt.pub
-RWSE3ohX2g5d/d9y8Yl3eCtT9N+wnpbYvi2w+YH1oCvL7e+iQX+otO1glXi/S+OmQxVNZRyl58rJ93rErED5wqc+msbFoegwCgc=
-SHA256 (Pkgfile) = d3d0b4b4321359ef3a1f1fceb02d91bf6672d5e6480e170fd38c0e7caef6f552
+RWSE3ohX2g5d/T9IML5QmrNm6nBLf8eCB9F4jlaa3iPM9yOZbqP6cXts2i6nz42OOrOmQmxVau42wZpmGSGnXjQBNASFYFXIYAM=
+SHA256 (Pkgfile) = 9d6a767db6fd04745a28b799260ba8edb25fba35b4083f045473ced826430e74
SHA256 (.footprint) = 6d7a05e556df2d89ba9965aa2c7afac7c362edb73ca0be465ba237dc4d2ac5e1
SHA256 (rpcbind-0.2.4.tar.bz2) = 074a9a530dc7c11e0d905aa59bcb0847c009313f02e98d3d798aa9568f414c66
+SHA256 (rpcbind-CVE-2017-8779.patch) = df10706a774370ea9dd0c3ba65d7574088a82a0ab80a6c87164f0382f30b83fe
SHA256 (rpcbind) = b8173ec0b927705100eab42f24797ac36ea7c5987475cba47474b5c73a117f1a
diff --git a/rpcbind/Pkgfile b/rpcbind/Pkgfile
index 49d903388..9f8288ae5 100644
--- a/rpcbind/Pkgfile
+++ b/rpcbind/Pkgfile
@@ -5,13 +5,17 @@
name=rpcbind
version=0.2.4
-release=1
+release=2
source=(http://downloads.sourceforge.net/project/$name/$name/$version/$name-$version.tar.bz2 \
- rpcbind)
+ rpcbind-CVE-2017-8779.patch rpcbind)
build() {
cd $name-$version
+ # security fix, see
+ #http://openwall.com/lists/oss-security/2017/05/03/12
+ patch -p1 -i $SRC/rpcbind-CVE-2017-8779.patch
+
./configure --prefix=/usr \
--bindir=/sbin \
--disable-libwrap \
diff --git a/rpcbind/rpcbind-CVE-2017-8779.patch b/rpcbind/rpcbind-CVE-2017-8779.patch
new file mode 100644
index 000000000..5c58cab5f
--- /dev/null
+++ b/rpcbind/rpcbind-CVE-2017-8779.patch
@@ -0,0 +1,24 @@
+# http://openwall.com/lists/oss-security/2017/05/03/12
+# https://github.com/guidovranken/rpcbomb
+
+diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c
+index 5862c26..e11f61b 100644
+--- a/src/rpcb_svc_com.c
++++ b/src/rpcb_svc_com.c
+@@ -48,6 +48,7 @@
+ #include <rpc/rpc.h>
+ #include <rpc/rpcb_prot.h>
+ #include <rpc/svc_dg.h>
++#include <rpc/rpc_com.h>
+ #include <netconfig.h>
+ #include <errno.h>
+ #include <syslog.h>
+@@ -432,7 +433,7 @@ rpcbproc_taddr2uaddr_com(void *arg, struct svc_req *rqstp /*__unused*/,
+ static bool_t
+ xdr_encap_parms(XDR *xdrs, struct encap_parms *epp)
+ {
+- return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), ~0));
++ return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), RPC_MAXDATASIZE));
+ }
+
+ /*

Generated by cgit