diff options
author | Juergen Daubert <jue@jue.li> | 2017-07-06 14:37:05 +0200 |
---|---|---|
committer | Juergen Daubert <jue@jue.li> | 2017-07-06 14:37:05 +0200 |
commit | 251e7dc40befcdd17585d3521b81cf695ce11df2 (patch) | |
tree | 0abbc7e6a6ca93dab6205154f508f172b3cf735e /rpcbind | |
parent | 0854b7051fbb821e38f94570c7438e756d560b72 (diff) | |
download | opt-251e7dc40befcdd17585d3521b81cf695ce11df2.tar.gz opt-251e7dc40befcdd17585d3521b81cf695ce11df2.tar.xz |
[notify] rpcbind: security fix for CVE-2017-8779
Diffstat (limited to 'rpcbind')
-rw-r--r-- | rpcbind/.md5sum | 1 | ||||
-rw-r--r-- | rpcbind/.signature | 5 | ||||
-rw-r--r-- | rpcbind/Pkgfile | 8 | ||||
-rw-r--r-- | rpcbind/rpcbind-CVE-2017-8779.patch | 24 |
4 files changed, 34 insertions, 4 deletions
diff --git a/rpcbind/.md5sum b/rpcbind/.md5sum index 7176974bf..6d612eb59 100644 --- a/rpcbind/.md5sum +++ b/rpcbind/.md5sum @@ -1,2 +1,3 @@ 78bfe054cf620249b228350f5e8730f7 rpcbind cf10cd41ed8228fc54c316191c1f07fe rpcbind-0.2.4.tar.bz2 +db5756cdc1cf70ccf2d3e90d44fe404a rpcbind-CVE-2017-8779.patch diff --git a/rpcbind/.signature b/rpcbind/.signature index 57e4dc2cd..3989fe19d 100644 --- a/rpcbind/.signature +++ b/rpcbind/.signature @@ -1,6 +1,7 @@ untrusted comment: verify with /etc/ports/opt.pub -RWSE3ohX2g5d/d9y8Yl3eCtT9N+wnpbYvi2w+YH1oCvL7e+iQX+otO1glXi/S+OmQxVNZRyl58rJ93rErED5wqc+msbFoegwCgc= -SHA256 (Pkgfile) = d3d0b4b4321359ef3a1f1fceb02d91bf6672d5e6480e170fd38c0e7caef6f552 +RWSE3ohX2g5d/T9IML5QmrNm6nBLf8eCB9F4jlaa3iPM9yOZbqP6cXts2i6nz42OOrOmQmxVau42wZpmGSGnXjQBNASFYFXIYAM= +SHA256 (Pkgfile) = 9d6a767db6fd04745a28b799260ba8edb25fba35b4083f045473ced826430e74 SHA256 (.footprint) = 6d7a05e556df2d89ba9965aa2c7afac7c362edb73ca0be465ba237dc4d2ac5e1 SHA256 (rpcbind-0.2.4.tar.bz2) = 074a9a530dc7c11e0d905aa59bcb0847c009313f02e98d3d798aa9568f414c66 +SHA256 (rpcbind-CVE-2017-8779.patch) = df10706a774370ea9dd0c3ba65d7574088a82a0ab80a6c87164f0382f30b83fe SHA256 (rpcbind) = b8173ec0b927705100eab42f24797ac36ea7c5987475cba47474b5c73a117f1a diff --git a/rpcbind/Pkgfile b/rpcbind/Pkgfile index 49d903388..9f8288ae5 100644 --- a/rpcbind/Pkgfile +++ b/rpcbind/Pkgfile @@ -5,13 +5,17 @@ name=rpcbind version=0.2.4 -release=1 +release=2 source=(http://downloads.sourceforge.net/project/$name/$name/$version/$name-$version.tar.bz2 \ - rpcbind) + rpcbind-CVE-2017-8779.patch rpcbind) build() { cd $name-$version + # security fix, see + #http://openwall.com/lists/oss-security/2017/05/03/12 + patch -p1 -i $SRC/rpcbind-CVE-2017-8779.patch + ./configure --prefix=/usr \ --bindir=/sbin \ --disable-libwrap \ diff --git a/rpcbind/rpcbind-CVE-2017-8779.patch b/rpcbind/rpcbind-CVE-2017-8779.patch new file mode 100644 index 000000000..5c58cab5f --- /dev/null +++ b/rpcbind/rpcbind-CVE-2017-8779.patch @@ -0,0 +1,24 @@ +# http://openwall.com/lists/oss-security/2017/05/03/12 +# https://github.com/guidovranken/rpcbomb + +diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c +index 5862c26..e11f61b 100644 +--- a/src/rpcb_svc_com.c ++++ b/src/rpcb_svc_com.c +@@ -48,6 +48,7 @@ + #include <rpc/rpc.h> + #include <rpc/rpcb_prot.h> + #include <rpc/svc_dg.h> ++#include <rpc/rpc_com.h> + #include <netconfig.h> + #include <errno.h> + #include <syslog.h> +@@ -432,7 +433,7 @@ rpcbproc_taddr2uaddr_com(void *arg, struct svc_req *rqstp /*__unused*/, + static bool_t + xdr_encap_parms(XDR *xdrs, struct encap_parms *epp) + { +- return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), ~0)); ++ return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), RPC_MAXDATASIZE)); + } + + /* |