summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPatrick McLean <chutzpah@gentoo.org>2017-05-08 11:39:36 -0700
committerPatrick McLean <chutzpah@gentoo.org>2017-05-08 11:39:36 -0700
commiteae6e7a80bc2934ae1557731fc0ad71cd92af99b (patch)
tree053ad6aab4b7eadfa04e52050114543c782355bb
parentnet-libs/libtirpc: Revision bump to pull in patch for CVE-2017-8779 (diff)
downloadgentoo-eae6e7a80bc2934ae1557731fc0ad71cd92af99b.tar.gz
gentoo-eae6e7a80bc2934ae1557731fc0ad71cd92af99b.tar.bz2
gentoo-eae6e7a80bc2934ae1557731fc0ad71cd92af99b.zip
net-nds/rpcbind: Revision bump to pull in patch for CVE-2017-8779
Gentoo-Bug: 617472 Package-Manager: Portage-2.3.5, Repoman-2.3.2
-rw-r--r--net-nds/rpcbind/files/rpcbind-0.2.4-CVE-2017-8779.patch21
-rw-r--r--net-nds/rpcbind/rpcbind-0.2.4-r1.ebuild59
2 files changed, 80 insertions, 0 deletions
diff --git a/net-nds/rpcbind/files/rpcbind-0.2.4-CVE-2017-8779.patch b/net-nds/rpcbind/files/rpcbind-0.2.4-CVE-2017-8779.patch
new file mode 100644
index 00000000000..cef088badc9
--- /dev/null
+++ b/net-nds/rpcbind/files/rpcbind-0.2.4-CVE-2017-8779.patch
@@ -0,0 +1,21 @@
+diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c
+index 5862c26..e11f61b 100644
+--- a/src/rpcb_svc_com.c
++++ b/src/rpcb_svc_com.c
+@@ -48,6 +48,7 @@
+ #include <rpc/rpc.h>
+ #include <rpc/rpcb_prot.h>
+ #include <rpc/svc_dg.h>
++#include <rpc/rpc_com.h>
+ #include <netconfig.h>
+ #include <errno.h>
+ #include <syslog.h>
+@@ -432,7 +433,7 @@ rpcbproc_taddr2uaddr_com(void *arg, struct svc_req *rqstp /*__unused*/,
+ static bool_t
+ xdr_encap_parms(XDR *xdrs, struct encap_parms *epp)
+ {
+- return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), ~0));
++ return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), RPC_MAXDATASIZE));
+ }
+
+ /*
diff --git a/net-nds/rpcbind/rpcbind-0.2.4-r1.ebuild b/net-nds/rpcbind/rpcbind-0.2.4-r1.ebuild
new file mode 100644
index 00000000000..5c16cb5c982
--- /dev/null
+++ b/net-nds/rpcbind/rpcbind-0.2.4-r1.ebuild
@@ -0,0 +1,59 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="5"
+
+inherit eutils systemd
+
+if [[ ${PV} == "9999" ]] ; then
+ EGIT_REPO_URI="git://linux-nfs.org/~steved/rpcbind.git"
+ inherit autotools git-r3
+else
+ SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2"
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+fi
+
+DESCRIPTION="portmap replacement which supports RPC over various protocols"
+HOMEPAGE="https://sourceforge.net/projects/rpcbind/"
+
+LICENSE="BSD"
+SLOT="0"
+IUSE="debug selinux systemd tcpd warmstarts"
+
+CDEPEND=">=net-libs/libtirpc-1.0:=
+ systemd? ( sys-apps/systemd:= )
+ tcpd? ( sys-apps/tcp-wrappers )"
+DEPEND="${CDEPEND}
+ virtual/pkgconfig"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-rpcbind )"
+
+PATCHES=(
+ "${FILESDIR}/${P}-CVE-2017-8779.patch"
+)
+
+src_prepare() {
+ [[ ${PV} == "9999" ]] && eautoreconf
+ epatch "${PATCHES[@]}"
+ epatch_user
+}
+
+src_configure() {
+ econf \
+ --bindir="${EPREFIX}"/sbin \
+ --with-statedir="${EPREFIX}"/run/${PN} \
+ --with-rpcuser=root \
+ --with-systemdsystemunitdir=$(usex systemd "$(systemd_get_unitdir)" "no") \
+ $(use_enable tcpd libwrap) \
+ $(use_enable debug) \
+ $(use_enable warmstarts)
+}
+
+src_install() {
+ default
+
+ newinitd "${FILESDIR}"/${PN}.initd ${PN}
+ newconfd "${FILESDIR}"/${PN}.confd ${PN}
+
+ systemd_dounit "${FILESDIR}"/${PN}.service
+}