package/libtirpc: security bump to version 1.0.2

Fixes CVE-2017-8779: http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commitdiff;h=dd9c7cf4f8f375c6d641b760d124650c418c2ce3 Rebased patches 0001, 0002 & 0006. Removed patch 0007, applied upstream: http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=4f1503e84b2f7bd229a097335e52fb8203f5bb0b Renumbered patch 0008. Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-22 14:12:49 +02:00 · 2017-07-22 14:12:49 +02:00 · 49a2bb396c
commit 49a2bb396c
parent 8786ac2805
7 changed files with 13 additions and 78 deletions
--- a/package/libtirpc/0001-Disable-parts-of-TIRPC-requiring-NIS-support.patch
+++ b/package/libtirpc/0001-Disable-parts-of-TIRPC-requiring-NIS-support.patch
@ -13,6 +13,8 @@ Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
 Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
 [peda@axentia.se: update for 1.0.1]
 Signed-off-by: Peter Rosin <peda@axentia.se>
 [bernd.kuhls@t-online.de: update for 1.0.2]
 Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
 ---
 src/Makefile.am | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
@ -25,8 +27,8 @@ index 6cc567a..9834f9a 100644
         rpcb_st_xdr.c svc.c svc_auth.c svc_dg.c svc_auth_unix.c svc_auth_none.c \
 	svc_auth_des.c \
         svc_generic.c svc_raw.c svc_run.c svc_simple.c svc_vc.c getpeereid.c \
-        auth_time.c auth_des.c authdes_prot.c debug.c
+-        auth_time.c auth_des.c authdes_prot.c debug.c des_crypt.c des_impl.c
-+        auth_des.c authdes_prot.c debug.c
+        auth_des.c authdes_prot.c debug.c des_crypt.c des_impl.c
 ## XDR
 libtirpc_la_SOURCES += xdr.c xdr_rec.c xdr_array.c xdr_float.c xdr_mem.c xdr_reference.c xdr_stdio.c xdr_sizeof.c
--- a/package/libtirpc/0002-uClibc-without-RPC-support-and-musl-does-not-install-rpcent.h.patch
+++ b/package/libtirpc/0002-uClibc-without-RPC-support-and-musl-does-not-install-rpcent.h.patch
@ -8,6 +8,8 @@ Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
 [joerg.krause@embedded.rocks: musl fix]
 Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
 [bernd.kuhls@t-online.de: update for 1.0.2]
 Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
 ---
 tirpc/rpc/rpcent.h | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)
@ -21,7 +23,7 @@ index 147f909..4a58180 100644
 #endif
 -/* These are defined in /usr/include/rpc/netdb.h */
-#if !defined(__GLIBC__)
+-#if !defined(__GLIBC__) || defined(__UCLIBC__)
 +/* These are defined in /usr/include/rpc/netdb.h, unless we are using
 +   the C library without RPC support. */
 +#if defined(__UCLIBC__) && !defined(__UCLIBC_HAS_RPC__) || !defined(__GLIBC__)
--- a/package/libtirpc/0006-Disable-DES-authentification-support.patch
+++ b/package/libtirpc/0006-Disable-DES-authentification-support.patch
@ -11,6 +11,8 @@ uClibc and musl does not provide DES authentication.
 Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
 [peda@axentia.se: update for 1.0.1]
 Signed-off-by: Peter Rosin <peda@axentia.se>
 [bernd.kuhls@t-online.de: update for 1.0.2]
 Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
 ---
 src/Makefile.am |  2 +-
 src/rpc_soc.c   | 32 --------------------------------
@ -26,7 +28,7 @@ index 960a522..3a88e31 100644
         rpcb_st_xdr.c svc.c svc_auth.c svc_dg.c svc_auth_unix.c svc_auth_none.c \
 -	svc_auth_des.c \
         svc_generic.c svc_raw.c svc_run.c svc_simple.c svc_vc.c getpeereid.c \
-        auth_des.c authdes_prot.c debug.c
+-        auth_des.c authdes_prot.c debug.c des_crypt.c des_impl.c
 +        debug.c
 ## XDR
@ -48,14 +50,6 @@ diff --git a/src/rpc_soc.c b/src/rpc_soc.c
 index e146ed4..161a1ec 100644
 --- a/src/rpc_soc.c
 +++ b/src/rpc_soc.c
@@ -61,7 +61,6 @@ #ifdef PORTMAP
 #include <string.h>
 #include <unistd.h>
 #include <fcntl.h>
 -#include <rpcsvc/nis.h>
 #include "rpc_com.h"
@@ -522,86 +521,6 @@ clnt_broadcast(prog, vers, proc, xargs, argsp, xresults, resultsp, eachresult)
 }
--- a/package/libtirpc/0007-Add-missing-rwlock_unlocks-in-xprt_register.patch
+++ b/package/libtirpc/0007-Add-missing-rwlock_unlocks-in-xprt_register.patch
@ -1,63 +0,0 @@
 From 4f1503e84b2f7bd229a097335e52fb8203f5bb0b Mon Sep 17 00:00:00 2001
 From: Michael Forney <mforney@mforney.org>
 Date: Wed, 4 Nov 2015 13:58:06 -0500
 Subject: [PATCH] Add missing rwlock_unlocks in xprt_register
 It looks like in b2c9430f46c4ac848957fb8adaac176a3f6ac03f when svc_run
 switched to poll, an early return was added, but the rwlock was not
 unlocked.
 I observed that rpcbind built against libtirpc-1.0.1 would handle only
 one request before hanging, and tracked it down to a missing
 rwlock_unlock here.
 Fixes: b2c9430f46c4 ('Use poll() instead of select() in svc_run()')
 Signed-off-by: Michael Forney <mforney@mforney.org>
 Signed-off-by: Steve Dickson <steved@redhat.com>
 [peda@axentia.se: backport from upstream]
 Signed-off-by: Peter Rosin <peda@axentia.se>
 ---
 src/svc.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)
 diff --git a/src/svc.c b/src/svc.c
 index 9c41445..b59467b 100644
 --- a/src/svc.c
 +++ b/src/svc.c
@@ -99,7 +99,7 @@ xprt_register (xprt)
     {
       __svc_xports = (SVCXPRT **) calloc (_rpc_dtablesize(), sizeof (SVCXPRT *));
       if (__svc_xports == NULL)
 -	return;
 +            goto unlock;
     }
   if (sock < _rpc_dtablesize())
     {
@@ -120,14 +120,14 @@ xprt_register (xprt)
             svc_pollfd[i].fd = sock;
             svc_pollfd[i].events = (POLLIN | POLLPRI |
                                     POLLRDNORM | POLLRDBAND);
 -            return;
 +            goto unlock;
           }
       new_svc_pollfd = (struct pollfd *) realloc (svc_pollfd,
                                                   sizeof (struct pollfd)
                                                   * (svc_max_pollfd + 1));
       if (new_svc_pollfd == NULL) /* Out of memory */
 -        return;
 +        goto unlock;
       svc_pollfd = new_svc_pollfd;
       ++svc_max_pollfd;
@@ -135,6 +135,7 @@ xprt_register (xprt)
       svc_pollfd[svc_max_pollfd - 1].events = (POLLIN | POLLPRI |
                                                POLLRDNORM | POLLRDBAND);
     }
 +unlock:
   rwlock_unlock (&svc_fd_lock);
 }
 -- 
 2.5.3
--- a/package/libtirpc/0007-include-stdint.h-for-uintptr_t.patch
+++ b/package/libtirpc/0007-include-stdint.h-for-uintptr_t.patch
--- a/package/libtirpc/libtirpc.hash
+++ b/package/libtirpc/libtirpc.hash
@ -1,4 +1,4 @@
 # From sourceforge's info on download page:
-sha1   8da1636f98b5909c0d587e7534bc1e91f5c1a970  libtirpc-1.0.1.tar.bz2
+sha1 2a8dc0e6eecc45be6597c8287b1d8e15cbee46e3  libtirpc-1.0.2.tar.bz2
 # Locally computed
-sha256 5156974f31be7ccbc8ab1de37c4739af6d9d42c87b1d5caf4835dda75fcbb89e  libtirpc-1.0.1.tar.bz2
+sha256 723c5ce92706cbb601a8db09110df1b4b69391643158f20ff587e20e7c5f90f5  libtirpc-1.0.2.tar.bz2
--- a/package/libtirpc/libtirpc.mk
+++ b/package/libtirpc/libtirpc.mk
@ -4,7 +4,7 @@
 #
 ################################################################################
-LIBTIRPC_VERSION = 1.0.1
+LIBTIRPC_VERSION = 1.0.2
 LIBTIRPC_SOURCE = libtirpc-$(LIBTIRPC_VERSION).tar.bz2
 LIBTIRPC_SITE = http://downloads.sourceforge.net/project/libtirpc/libtirpc/$(LIBTIRPC_VERSION)
 LIBTIRPC_LICENSE = BSD-3-Clause