From: Bernd Kuhls Date: Sat, 22 Jul 2017 12:12:49 +0000 (+0200) Subject: package/libtirpc: security bump to version 1.0.2 X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=49a2bb396c95ba9ae66cd11fc175bb687449364c;p=buildroot.git package/libtirpc: security bump to version 1.0.2 Fixes CVE-2017-8779: http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commitdiff;h=dd9c7cf4f8f375c6d641b760d124650c418c2ce3 Rebased patches 0001, 0002 & 0006. Removed patch 0007, applied upstream: http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=4f1503e84b2f7bd229a097335e52fb8203f5bb0b Renumbered patch 0008. Signed-off-by: Bernd Kuhls Signed-off-by: Thomas Petazzoni --- diff --git a/package/libtirpc/0001-Disable-parts-of-TIRPC-requiring-NIS-support.patch b/package/libtirpc/0001-Disable-parts-of-TIRPC-requiring-NIS-support.patch index e51c5a44b2..eb1bef3dc1 100644 --- a/package/libtirpc/0001-Disable-parts-of-TIRPC-requiring-NIS-support.patch +++ b/package/libtirpc/0001-Disable-parts-of-TIRPC-requiring-NIS-support.patch @@ -13,6 +13,8 @@ Signed-off-by: "Yann E. MORIN" Signed-off-by: Jörg Krause [peda@axentia.se: update for 1.0.1] Signed-off-by: Peter Rosin +[bernd.kuhls@t-online.de: update for 1.0.2] +Signed-off-by: Bernd Kuhls --- src/Makefile.am | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) @@ -25,8 +27,8 @@ index 6cc567a..9834f9a 100644 rpcb_st_xdr.c svc.c svc_auth.c svc_dg.c svc_auth_unix.c svc_auth_none.c \ svc_auth_des.c \ svc_generic.c svc_raw.c svc_run.c svc_simple.c svc_vc.c getpeereid.c \ -- auth_time.c auth_des.c authdes_prot.c debug.c -+ auth_des.c authdes_prot.c debug.c +- auth_time.c auth_des.c authdes_prot.c debug.c des_crypt.c des_impl.c ++ auth_des.c authdes_prot.c debug.c des_crypt.c des_impl.c ## XDR libtirpc_la_SOURCES += xdr.c xdr_rec.c xdr_array.c xdr_float.c xdr_mem.c xdr_reference.c xdr_stdio.c xdr_sizeof.c diff --git a/package/libtirpc/0002-uClibc-without-RPC-support-and-musl-does-not-install-rpcent.h.patch b/package/libtirpc/0002-uClibc-without-RPC-support-and-musl-does-not-install-rpcent.h.patch index 643a57ed5a..51229a024d 100644 --- a/package/libtirpc/0002-uClibc-without-RPC-support-and-musl-does-not-install-rpcent.h.patch +++ b/package/libtirpc/0002-uClibc-without-RPC-support-and-musl-does-not-install-rpcent.h.patch @@ -8,6 +8,8 @@ Signed-off-by: Thomas Petazzoni Signed-off-by: "Yann E. MORIN" [joerg.krause@embedded.rocks: musl fix] Signed-off-by: Jörg Krause +[bernd.kuhls@t-online.de: update for 1.0.2] +Signed-off-by: Bernd Kuhls --- tirpc/rpc/rpcent.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) @@ -21,7 +23,7 @@ index 147f909..4a58180 100644 #endif -/* These are defined in /usr/include/rpc/netdb.h */ --#if !defined(__GLIBC__) +-#if !defined(__GLIBC__) || defined(__UCLIBC__) +/* These are defined in /usr/include/rpc/netdb.h, unless we are using + the C library without RPC support. */ +#if defined(__UCLIBC__) && !defined(__UCLIBC_HAS_RPC__) || !defined(__GLIBC__) diff --git a/package/libtirpc/0006-Disable-DES-authentification-support.patch b/package/libtirpc/0006-Disable-DES-authentification-support.patch index 59a77ffc1d..0c65472400 100644 --- a/package/libtirpc/0006-Disable-DES-authentification-support.patch +++ b/package/libtirpc/0006-Disable-DES-authentification-support.patch @@ -11,6 +11,8 @@ uClibc and musl does not provide DES authentication. Signed-off-by: Jörg Krause [peda@axentia.se: update for 1.0.1] Signed-off-by: Peter Rosin +[bernd.kuhls@t-online.de: update for 1.0.2] +Signed-off-by: Bernd Kuhls --- src/Makefile.am | 2 +- src/rpc_soc.c | 32 -------------------------------- @@ -26,7 +28,7 @@ index 960a522..3a88e31 100644 rpcb_st_xdr.c svc.c svc_auth.c svc_dg.c svc_auth_unix.c svc_auth_none.c \ - svc_auth_des.c \ svc_generic.c svc_raw.c svc_run.c svc_simple.c svc_vc.c getpeereid.c \ -- auth_des.c authdes_prot.c debug.c +- auth_des.c authdes_prot.c debug.c des_crypt.c des_impl.c + debug.c ## XDR @@ -48,14 +50,6 @@ diff --git a/src/rpc_soc.c b/src/rpc_soc.c index e146ed4..161a1ec 100644 --- a/src/rpc_soc.c +++ b/src/rpc_soc.c -@@ -61,7 +61,6 @@ #ifdef PORTMAP - #include - #include - #include --#include - - #include "rpc_com.h" - @@ -522,86 +521,6 @@ clnt_broadcast(prog, vers, proc, xargs, argsp, xresults, resultsp, eachresult) } diff --git a/package/libtirpc/0007-Add-missing-rwlock_unlocks-in-xprt_register.patch b/package/libtirpc/0007-Add-missing-rwlock_unlocks-in-xprt_register.patch deleted file mode 100644 index 56b5bf8392..0000000000 --- a/package/libtirpc/0007-Add-missing-rwlock_unlocks-in-xprt_register.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 4f1503e84b2f7bd229a097335e52fb8203f5bb0b Mon Sep 17 00:00:00 2001 -From: Michael Forney -Date: Wed, 4 Nov 2015 13:58:06 -0500 -Subject: [PATCH] Add missing rwlock_unlocks in xprt_register - -It looks like in b2c9430f46c4ac848957fb8adaac176a3f6ac03f when svc_run -switched to poll, an early return was added, but the rwlock was not -unlocked. - -I observed that rpcbind built against libtirpc-1.0.1 would handle only -one request before hanging, and tracked it down to a missing -rwlock_unlock here. - -Fixes: b2c9430f46c4 ('Use poll() instead of select() in svc_run()') -Signed-off-by: Michael Forney -Signed-off-by: Steve Dickson -[peda@axentia.se: backport from upstream] -Signed-off-by: Peter Rosin ---- - src/svc.c | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/src/svc.c b/src/svc.c -index 9c41445..b59467b 100644 ---- a/src/svc.c -+++ b/src/svc.c -@@ -99,7 +99,7 @@ xprt_register (xprt) - { - __svc_xports = (SVCXPRT **) calloc (_rpc_dtablesize(), sizeof (SVCXPRT *)); - if (__svc_xports == NULL) -- return; -+ goto unlock; - } - if (sock < _rpc_dtablesize()) - { -@@ -120,14 +120,14 @@ xprt_register (xprt) - svc_pollfd[i].fd = sock; - svc_pollfd[i].events = (POLLIN | POLLPRI | - POLLRDNORM | POLLRDBAND); -- return; -+ goto unlock; - } - - new_svc_pollfd = (struct pollfd *) realloc (svc_pollfd, - sizeof (struct pollfd) - * (svc_max_pollfd + 1)); - if (new_svc_pollfd == NULL) /* Out of memory */ -- return; -+ goto unlock; - svc_pollfd = new_svc_pollfd; - ++svc_max_pollfd; - -@@ -135,6 +135,7 @@ xprt_register (xprt) - svc_pollfd[svc_max_pollfd - 1].events = (POLLIN | POLLPRI | - POLLRDNORM | POLLRDBAND); - } -+unlock: - rwlock_unlock (&svc_fd_lock); - } - --- -2.5.3 - diff --git a/package/libtirpc/0007-include-stdint.h-for-uintptr_t.patch b/package/libtirpc/0007-include-stdint.h-for-uintptr_t.patch new file mode 100644 index 0000000000..62031613d6 --- /dev/null +++ b/package/libtirpc/0007-include-stdint.h-for-uintptr_t.patch @@ -0,0 +1,31 @@ +From 18f8a605e176f0362da22fd1203eb7cedb136aaf Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Tue, 20 Jun 2017 22:06:35 +0200 +Subject: [PATCH] include stdint.h for uintptr_t + +Fixes +| ../../libtirpc-1.0.1/src/xdr_sizeof.c:93:13: error: 'uintptr_t' undeclared (first use in this function); did you mean '__intptr_t'? +| if (len < (uintptr_t)xdrs->x_base) { +| ^~~~~~~~~ + +Signed-off-by: Khem Raj +Signed-off-by: Dmitrii Kolesnichenko +--- + src/xdr_sizeof.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/xdr_sizeof.c b/src/xdr_sizeof.c +index d23fbd1..79d6707 100644 +--- a/src/xdr_sizeof.c ++++ b/src/xdr_sizeof.c +@@ -39,6 +39,7 @@ + #include + #include + #include ++#include + #include "un-namespace.h" + + /* ARGSUSED */ +-- +2.9.4 + diff --git a/package/libtirpc/0008-include-stdint.h-for-uintptr_t.patch b/package/libtirpc/0008-include-stdint.h-for-uintptr_t.patch deleted file mode 100644 index 62031613d6..0000000000 --- a/package/libtirpc/0008-include-stdint.h-for-uintptr_t.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 18f8a605e176f0362da22fd1203eb7cedb136aaf Mon Sep 17 00:00:00 2001 -From: Khem Raj -Date: Tue, 20 Jun 2017 22:06:35 +0200 -Subject: [PATCH] include stdint.h for uintptr_t - -Fixes -| ../../libtirpc-1.0.1/src/xdr_sizeof.c:93:13: error: 'uintptr_t' undeclared (first use in this function); did you mean '__intptr_t'? -| if (len < (uintptr_t)xdrs->x_base) { -| ^~~~~~~~~ - -Signed-off-by: Khem Raj -Signed-off-by: Dmitrii Kolesnichenko ---- - src/xdr_sizeof.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/xdr_sizeof.c b/src/xdr_sizeof.c -index d23fbd1..79d6707 100644 ---- a/src/xdr_sizeof.c -+++ b/src/xdr_sizeof.c -@@ -39,6 +39,7 @@ - #include - #include - #include -+#include - #include "un-namespace.h" - - /* ARGSUSED */ --- -2.9.4 - diff --git a/package/libtirpc/libtirpc.hash b/package/libtirpc/libtirpc.hash index cd65164cb2..35ac6a2278 100644 --- a/package/libtirpc/libtirpc.hash +++ b/package/libtirpc/libtirpc.hash @@ -1,4 +1,4 @@ # From sourceforge's info on download page: -sha1 8da1636f98b5909c0d587e7534bc1e91f5c1a970 libtirpc-1.0.1.tar.bz2 +sha1 2a8dc0e6eecc45be6597c8287b1d8e15cbee46e3 libtirpc-1.0.2.tar.bz2 # Locally computed -sha256 5156974f31be7ccbc8ab1de37c4739af6d9d42c87b1d5caf4835dda75fcbb89e libtirpc-1.0.1.tar.bz2 +sha256 723c5ce92706cbb601a8db09110df1b4b69391643158f20ff587e20e7c5f90f5 libtirpc-1.0.2.tar.bz2 diff --git a/package/libtirpc/libtirpc.mk b/package/libtirpc/libtirpc.mk index 7747a1aa8c..d9bf22b83e 100644 --- a/package/libtirpc/libtirpc.mk +++ b/package/libtirpc/libtirpc.mk @@ -4,7 +4,7 @@ # ################################################################################ -LIBTIRPC_VERSION = 1.0.1 +LIBTIRPC_VERSION = 1.0.2 LIBTIRPC_SOURCE = libtirpc-$(LIBTIRPC_VERSION).tar.bz2 LIBTIRPC_SITE = http://downloads.sourceforge.net/project/libtirpc/libtirpc/$(LIBTIRPC_VERSION) LIBTIRPC_LICENSE = BSD-3-Clause