commit 3041ecd65d5bf7b2dff779668951a9f427e19d5d Author: overweight <5324761+overweight@user.noreply.gitee.com> Date: Mon Sep 30 11:16:23 2019 -0400 Package init diff --git a/CVE-2017-8779.patch b/CVE-2017-8779.patch new file mode 100644 index 0000000..5656364 --- /dev/null +++ b/CVE-2017-8779.patch @@ -0,0 +1,21 @@ +diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c +index 9c1c3af..fb14bb9 100644 +--- a/src/rpcb_svc_com.c ++++ b/src/rpcb_svc_com.c +@@ -48,6 +48,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -432,7 +433,7 @@ rpcbproc_taddr2uaddr_com(void *arg, struct svc_req *rqstp /*__unused*/, + static bool_t + xdr_encap_parms(XDR *xdrs, struct encap_parms *epp) + { +- return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), ~0)); ++ return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), RPC_MAXDATASIZE)); + } + + /* diff --git a/bugfix-listen-tcp-port-111.patch b/bugfix-listen-tcp-port-111.patch new file mode 100644 index 0000000..957a0f7 --- /dev/null +++ b/bugfix-listen-tcp-port-111.patch @@ -0,0 +1,17 @@ +diff --git a/systemd/rpcbind.socket b/systemd/rpcbind.socket +index 3b1a936..b99a36a 100644 +--- a/systemd/rpcbind.socket ++++ b/systemd/rpcbind.socket +@@ -7,12 +7,5 @@ Before=rpcbind.target + [Socket] + ListenStream=/run/rpcbind.sock + +-# RPC netconfig can't handle ipv6/ipv4 dual sockets +-BindIPv6Only=ipv6-only +-ListenStream=0.0.0.0:111 +-ListenDatagram=0.0.0.0:111 +-ListenStream=[::]:111 +-ListenDatagram=[::]:111 +- + [Install] + WantedBy=sockets.target diff --git a/bugfix-rpcbind-GETADDR-return-client-ip.patch b/bugfix-rpcbind-GETADDR-return-client-ip.patch new file mode 100644 index 0000000..a099cae --- /dev/null +++ b/bugfix-rpcbind-GETADDR-return-client-ip.patch @@ -0,0 +1,96 @@ +From 8e0eb02df52d15dd4317abeddec427cdbac4da3c Mon Sep 17 00:00:00 2001 +From: huyan +Date: Mon, 8 Jul 2019 02:10:44 +0000 +Subject: [PATCH] backport bugfix rpcbind GETADDR return client ip + +--- + src/util.c | 45 +++++++++++++++++++++++++++++++++++++++------ + 1 file changed, 39 insertions(+), 6 deletions(-) + +diff --git a/src/util.c b/src/util.c +index 74b0284..d722d4f 100644 +--- a/src/util.c ++++ b/src/util.c +@@ -103,7 +103,7 @@ char * + addrmerge(struct netbuf *caller, char *serv_uaddr, char *clnt_uaddr, + char *netid) + { +- struct ifaddrs *ifap, *ifp = NULL, *bestif; ++ struct ifaddrs *ifap, *ifp = NULL, *bestif, *exactif; + struct netbuf *serv_nbp = NULL, *hint_nbp = NULL, tbuf; + struct sockaddr *caller_sa, *hint_sa, *ifsa, *ifmasksa, *serv_sa; + struct sockaddr_storage ss; +@@ -157,7 +157,12 @@ addrmerge(struct netbuf *caller, char *serv_uaddr, char *clnt_uaddr, + * network portion of its address is equal to that of the client. + * If so, we have found the interface that we want to use. + */ +- bestif = NULL; ++ bestif = NULL; /* first interface UP with same network & family */ ++ exactif = NULL; /* the interface requested by the client */ ++ u_int8_t maskAllBits[16] = { /* 16 bytes for IPv6 */ ++ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, ++ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; ++ + for (ifap = ifp; ifap != NULL; ifap = ifap->ifa_next) { + ifsa = ifap->ifa_addr; + ifmasksa = ifap->ifa_netmask; +@@ -175,8 +180,21 @@ addrmerge(struct netbuf *caller, char *serv_uaddr, char *clnt_uaddr, + if (!bitmaskcmp(&SA2SINADDR(ifsa), + &SA2SINADDR(hint_sa), &SA2SINADDR(ifmasksa), + sizeof(struct in_addr))) { +- bestif = ifap; +- goto found; ++ if (getenv("RPCBIND_GETADDR_RETURN_CLIENT_IP") == NULL) { ++ bestif = ifap; ++ goto found; ++ } ++ ++ if(!bestif) /* for compatibility with previous code */ ++ bestif = ifap; ++ /* Is this an exact match? */ ++ if (!bitmaskcmp(&SA2SINADDR(ifsa), ++ &SA2SINADDR(hint_sa), maskAllBits, ++ sizeof(struct in_addr))) { ++ exactif = ifap; ++ goto found; ++ } ++ /* else go-on looking for an exact match */ + } + break; + #ifdef INET6 +@@ -197,8 +215,21 @@ addrmerge(struct netbuf *caller, char *serv_uaddr, char *clnt_uaddr, + } else if (!bitmaskcmp(&SA2SIN6ADDR(ifsa), + &SA2SIN6ADDR(hint_sa), &SA2SIN6ADDR(ifmasksa), + sizeof(struct in6_addr))) { +- bestif = ifap; +- goto found; ++ if (getenv("RPCBIND_GETADDR_RETURN_CLIENT_IP") == NULL) { ++ bestif = ifap; ++ goto found; ++ } ++ ++ if(!bestif) /* for compatibility with previous code */ ++ bestif = ifap; ++ /* Is this an exact match? */ ++ if (!bitmaskcmp(&SA2SIN6ADDR(ifsa), ++ &SA2SIN6ADDR(hint_sa), maskAllBits, ++ sizeof(struct in6_addr))) { ++ exactif = ifap; ++ goto found; ++ } ++ /* else go-on looking for an exact match */ + } + break; + #endif +@@ -219,6 +250,8 @@ addrmerge(struct netbuf *caller, char *serv_uaddr, char *clnt_uaddr, + goto freeit; + + found: ++ if(exactif) ++ bestif = exactif; + /* + * Construct the new address using the the address from + * `bestif', and the port number from `serv_uaddr'. +-- +1.7.12.4 + diff --git a/rpcbind-0.2.3-systemd-envfile.patch b/rpcbind-0.2.3-systemd-envfile.patch new file mode 100644 index 0000000..2bfc248 --- /dev/null +++ b/rpcbind-0.2.3-systemd-envfile.patch @@ -0,0 +1,11 @@ +diff -up rpcbind-0.2.4/systemd/rpcbind.service.in.orig rpcbind-0.2.4/systemd/rpcbind.service.in +--- rpcbind-0.2.4/systemd/rpcbind.service.in.orig 2017-12-16 15:49:07.830889473 -0500 ++++ rpcbind-0.2.4/systemd/rpcbind.service.in 2017-12-16 15:49:43.156610673 -0500 +@@ -12,6 +12,7 @@ Wants=rpcbind.target + [Service] + Type=notify + # distro can provide a drop-in adding EnvironmentFile=-/??? if needed. ++EnvironmentFile=/etc/sysconfig/rpcbind + ExecStart=@_sbindir@/rpcbind $RPCBIND_OPTIONS -w -f + + [Install] diff --git a/rpcbind-0.2.3-systemd-tmpfiles.patch b/rpcbind-0.2.3-systemd-tmpfiles.patch new file mode 100644 index 0000000..b9a8457 --- /dev/null +++ b/rpcbind-0.2.3-systemd-tmpfiles.patch @@ -0,0 +1,40 @@ +diff -up rpcbind-1.2.5/configure.ac.orig rpcbind-1.2.5/configure.ac +--- rpcbind-1.2.5/configure.ac.orig 2018-08-15 10:51:19.000000000 -0400 ++++ rpcbind-1.2.5/configure.ac 2018-08-15 11:14:23.933946110 -0400 +@@ -56,6 +56,17 @@ AC_ARG_WITH([systemdsystemunitdir], + fi + AM_CONDITIONAL(SYSTEMD, [test -n "$with_systemdsystemunitdir" -a "x$with_systemdsystemunitdir" != xno ]) + ++AC_ARG_WITH([systemdtmpfilesdir], ++ AS_HELP_STRING([--with-systemdtmpfilesdir=DIR], [Directory for systemd tmp files]), ++ [], [with_systemdtmpfilesdir=$($PKG_CONFIG --variable=tmpfilesdir systemd)]) ++ if test "x$with_systemdtmpfilesdir" != xno; then ++ AC_SUBST([systemdtmpfilesdir], [$with_systemdtmpfilesdir]) ++ PKG_CHECK_MODULES([SYSTEMD], [libsystemd], [], ++ [PKG_CHECK_MODULES([SYSTEMD], [libsystemd-daemon], [], ++ AC_MSG_ERROR([libsystemd support requested but found]))]) ++ fi ++AM_CONDITIONAL(SYSTEMD, [test -n "$with_systemdtmpfilesdir" -a "x$with_systemdtmpfilesdir" != xno ]) ++ + AS_IF([test x$enable_libwrap = xyes], [ + AC_CHECK_LIB([wrap], [hosts_access], , + AC_MSG_ERROR([libwrap support requested but unable to find libwrap])) +diff -up rpcbind-1.2.5/Makefile.am.orig rpcbind-1.2.5/Makefile.am +--- rpcbind-1.2.5/Makefile.am.orig 2018-08-15 10:51:19.000000000 -0400 ++++ rpcbind-1.2.5/Makefile.am 2018-08-15 11:14:23.934946111 -0400 +@@ -59,6 +59,9 @@ rpcbind_LDADD += $(SYSTEMD_LIBS) + systemdsystemunit_DATA = \ + systemd/rpcbind.service \ + systemd/rpcbind.socket ++ ++systemdtmpfiles_DATA = \ ++ systemd/rpcbind.conf + endif + + rpcinfo_SOURCES = src/rpcinfo.c +diff -up rpcbind-1.2.5/systemd/rpcbind.conf.orig rpcbind-1.2.5/systemd/rpcbind.conf +--- rpcbind-1.2.5/systemd/rpcbind.conf.orig 2018-08-15 11:14:23.934946111 -0400 ++++ rpcbind-1.2.5/systemd/rpcbind.conf 2018-08-15 11:14:23.934946111 -0400 +@@ -0,0 +1,2 @@ ++#Type Path Mode UID GID Age Argument ++D /run/rpcbind 0700 rpc rpc - - diff --git a/rpcbind-0.2.4-runstatdir.patch b/rpcbind-0.2.4-runstatdir.patch new file mode 100644 index 0000000..90c1dae --- /dev/null +++ b/rpcbind-0.2.4-runstatdir.patch @@ -0,0 +1,61 @@ +diff -up rpcbind-1.2.5/configure.ac.orig rpcbind-1.2.5/configure.ac +--- rpcbind-1.2.5/configure.ac.orig 2018-08-15 11:15:14.188974027 -0400 ++++ rpcbind-1.2.5/configure.ac 2018-08-15 11:15:44.948991114 -0400 +@@ -26,8 +26,8 @@ AC_ARG_ENABLE([rmtcalls], + AM_CONDITIONAL(RMTCALLS, test x$enable_rmtcalls = xyes) + + AC_ARG_WITH([statedir], +- AS_HELP_STRING([--with-statedir=ARG], [use ARG as state dir @<:@default=/var/run/rpcbind@:>@]) +- ,, [with_statedir=/var/run/rpcbind]) ++ AS_HELP_STRING([--with-statedir=ARG], [use ARG as state dir @<:@default=/run/rpcbind@:>@]) ++ ,, [with_statedir=/run/rpcbind]) + AC_SUBST([statedir], [$with_statedir]) + + AC_ARG_WITH([rpcuser], +diff -up rpcbind-1.2.5/configure.orig rpcbind-1.2.5/configure +--- rpcbind-1.2.5/configure.orig 2018-08-15 11:00:32.000000000 -0400 ++++ rpcbind-1.2.5/configure 2018-08-15 11:15:44.951991115 -0400 +@@ -1391,7 +1391,7 @@ Optional Features: + Optional Packages: + --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] + --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) +- --with-statedir=ARG use ARG as state dir [default=/var/run/rpcbind] ++ --with-statedir=ARG use ARG as state dir [default=/run/rpcbind] + + --with-rpcuser=ARG use ARG for RPC [default=root] + +@@ -3901,7 +3901,7 @@ fi + if test "${with_statedir+set}" = set; then : + withval=$with_statedir; + else +- with_statedir=/var/run/rpcbind ++ with_statedir=/run/rpcbind + fi + + statedir=$with_statedir +diff -up rpcbind-1.2.5/man/rpcbind-fr.8.orig rpcbind-1.2.5/man/rpcbind-fr.8 +--- rpcbind-1.2.5/man/rpcbind-fr.8.orig 2018-08-15 10:51:19.000000000 -0400 ++++ rpcbind-1.2.5/man/rpcbind-fr.8 2018-08-15 11:15:44.951991115 -0400 +@@ -138,8 +138,8 @@ est redémarré. + .Xr rpcbind 3 , + .Xr rpcinfo 8 + .Sh FILES +-.Bl -tag -width /var/run/rpcbind.sock -compact +-.It Pa /var/run/rpcbind.sock ++.Bl -tag -width /run/rpcbind.sock -compact ++.It Pa /run/rpcbind.sock + .Sh TRADUCTION + Aurelien CHARBON (Sept 2003) + .El +diff -up rpcbind-1.2.5/src/rpcbind.c.orig rpcbind-1.2.5/src/rpcbind.c +--- rpcbind-1.2.5/src/rpcbind.c.orig 2018-08-15 10:51:19.000000000 -0400 ++++ rpcbind-1.2.5/src/rpcbind.c 2018-08-15 11:15:44.952991116 -0400 +@@ -106,7 +106,7 @@ char *nss_modules = "files"; + /* who to suid to if -s is given */ + #define RUN_AS "daemon" + +-#define RPCBINDDLOCK "/var/run/rpcbind.lock" ++#define RPCBINDDLOCK RPCBIND_STATEDIR "/rpcbind.lock" + + int runasdaemon = 0; + int insecure = 0; diff --git a/rpcbind-0.2.4-systemd-rundir.patch b/rpcbind-0.2.4-systemd-rundir.patch new file mode 100644 index 0000000..da08d7a --- /dev/null +++ b/rpcbind-0.2.4-systemd-rundir.patch @@ -0,0 +1,35 @@ +diff -up rpcbind-0.2.4/src/rpcbind.c.orig rpcbind-0.2.4/src/rpcbind.c +--- rpcbind-0.2.4/src/rpcbind.c.orig 2017-03-21 10:12:35.005190509 -0400 ++++ rpcbind-0.2.4/src/rpcbind.c 2017-03-21 10:36:45.510507649 -0400 +@@ -144,6 +144,8 @@ static void rbllist_add(rpcprog_t, rpcve + static void terminate(int); + static void parseargs(int, char *[]); + ++char *systemdtmp = "/usr/bin/systemd-tmpfiles --create rpcbind.conf"; ++ + int + main(int argc, char *argv[]) + { +@@ -151,13 +153,21 @@ main(int argc, char *argv[]) + void *nc_handle; /* Net config handle */ + struct rlimit rl; + int maxrec = RPC_MAXDATASIZE; ++ int once = 1; + + parseargs(argc, argv); + ++tryagain: + /* Check that another rpcbind isn't already running. */ + if ((rpcbindlockfd = (open(RPCBINDDLOCK, +- O_RDONLY|O_CREAT, 0444))) == -1) ++ O_RDONLY|O_CREAT, 0444))) == -1) { ++ if (once) { ++ once = system(systemdtmp); /* set once to avoid a warning */ ++ once = 0; ++ goto tryagain; ++ } + err(1, "%s", RPCBINDDLOCK); ++ } + + if(flock(rpcbindlockfd, LOCK_EX|LOCK_NB) == -1 && errno == EWOULDBLOCK) + errx(1, "another rpcbind is already running. Aborting"); diff --git a/rpcbind-0.2.4-systemd-service.patch b/rpcbind-0.2.4-systemd-service.patch new file mode 100644 index 0000000..0350020 --- /dev/null +++ b/rpcbind-0.2.4-systemd-service.patch @@ -0,0 +1,13 @@ +diff -up rpcbind-0.2.4/systemd/rpcbind.service.in.orig rpcbind-0.2.4/systemd/rpcbind.service.in +--- rpcbind-0.2.4/systemd/rpcbind.service.in.orig 2017-12-16 15:46:12.896270101 -0500 ++++ rpcbind-0.2.4/systemd/rpcbind.service.in 2017-12-16 15:46:43.672027210 -0500 +@@ -7,7 +7,8 @@ RequiresMountsFor=@statedir@ + # Make sure we use the IP addresses listed for + # rpcbind.socket, no matter how this unit is started. + Requires=rpcbind.socket +-Wants=rpcbind.target ++Wants=rpcbind.target systemd-tmpfiles-setup.service ++After=systemd-tmpfiles-setup.service + + [Service] + Type=notify diff --git a/rpcbind-1.2.5.tar.bz2 b/rpcbind-1.2.5.tar.bz2 new file mode 100644 index 0000000..79c7225 Binary files /dev/null and b/rpcbind-1.2.5.tar.bz2 differ diff --git a/rpcbind.spec b/rpcbind.spec new file mode 100644 index 0000000..debb387 --- /dev/null +++ b/rpcbind.spec @@ -0,0 +1,118 @@ +%global rpcbind_user_group rpc +%global rpcbind_state_dir %{_rundir}/rpcbind + +Name: rpcbind +Version: 1.2.5 +Release: 1 +Summary: Universal addresses to RPC program number mapper +License: BSD + +URL: https://nfsv4.bullopensource.org +Source0: https://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.bz2 +Source1: %{name}.sysconfig + +Requires: glibc-common setup +Conflicts: man-pages < 2.43-12 +BuildRequires: automake autoconf libtool systemd-devel +BuildRequires: libtirpc-devel quota-devel systemd +Requires(pre): coreutils shadow-utils +Requires(post): chkconfig systemd +Requires(preun): systemd +Requires(postun): systemd coreutils + +Patch100: %{name}-0.2.3-systemd-envfile.patch +Patch101: %{name}-0.2.3-systemd-tmpfiles.patch +Patch102: %{name}-0.2.4-runstatdir.patch +Patch103: %{name}-0.2.4-systemd-service.patch +Patch104: %{name}-0.2.4-systemd-rundir.patch +Patch6000: bugfix-%{name}-GETADDR-return-client-ip.patch +Patch6001: CVE-2017-8779.patch +Patch9000: bugfix-listen-tcp-port-111.patch + +Provides: portmap = %{version}-%{release} +Obsoletes: portmap <= 4.0-65.3 + +%description +The %{name} utility is a server that converts RPC program +numbers into universal addresses. It must be running on the +host to be able to make RPC calls on a server on that machine. + +%package_help + +%prep +%autosetup -n %{name}-%{version} -p1 + +%build +autoreconf -fisv +%configure --enable-warmstarts --with-statedir="%rpcbind_state_dir" \ + --with-rpcuser="%rpcbind_user_group" --with-nss-modules="files altfiles" \ + --sbindir=%{_bindir} --enable-debug + +make all + +%install +install -m 0755 -d %{buildroot}{%{_sbindir},%{_bindir},/etc/sysconfig} +install -m 0755 -d %{buildroot}%{_unitdir} +install -m 0755 -d %{buildroot}%{_tmpfilesdir} +install -m 0755 -d %{buildroot}%{_mandir}/man8 +install -m 0755 -d %{buildroot}%{rpcbind_state_dir} +%make_install + +install -m 644 %{SOURCE1} %{buildroot}/etc/sysconfig/%{name} + +cd %{buildroot}%{_sbindir} +ln -sf ../bin/%{name} +ln -sf ../bin/rpcinfo + +%pre +getent group rpc >/dev/null || groupadd -f -g 32 -r rpc +if ! getent passwd rpc >/dev/null ; then + if ! getent passwd 32 >/dev/null ; then + useradd -l -c "Rpcbind Daemon" -d /var/lib/%{name} \ + -g rpc -M -s /sbin/nologin -o -u 32 rpc > /dev/null 2>&1 + else + useradd -l -c "Rpcbind Daemon" -d /var/lib/%{name} \ + -g rpc -M -s /sbin/nologin rpc > /dev/null 2>&1 + fi +fi + +%post +%systemd_post %{name}.service %{name}.socket + +%preun +%systemd_preun %{name}.service %{name}.socket + +%postun +%systemd_postun_with_restart %{name}.service %{name}.socket + +%triggerun -- %{name} < 0.2.0-15 +%{_bindir}/systemd-sysv-convert --save %{name} >/dev/null 2>&1 ||: +/bin/systemctl --no-reload enable %{name}.service >/dev/null 2>&1 +/sbin/chkconfig --del %{name} >/dev/null 2>&1 || : +/bin/systemctl try-restart %{name}.service >/dev/null 2>&1 || : + +%triggerin -- %{name} > 0.2.2-2.0 +if systemctl -q is-enabled %{name}.socket +then + /bin/systemctl reenable %{name}.socket >/dev/null 2>&1 || : + /bin/systemctl restart %{name}.socket >/dev/null 2>&1 || : +fi + +%files +%defattr(-,root,root) +%config(noreplace) /etc/sysconfig/%{name} +%doc AUTHORS +%{_sbindir}/* +%{_bindir}/* +%{_unitdir}/%{name}.* +%{_tmpfilesdir}/%{name}.conf +%attr(0700, %{rpcbind_user_group}, %{rpcbind_user_group}) %dir %{rpcbind_state_dir} + +%files help +%defattr(-,root,root) +%doc ChangeLog README +%{_mandir}/man8/*.8.gz + +%changelog +* Tue Sep 17 2019 openEuler Buildteam - 1.2.5-1 +- Package init diff --git a/rpcbind.sysconfig b/rpcbind.sysconfig new file mode 100644 index 0000000..4b35e37 --- /dev/null +++ b/rpcbind.sysconfig @@ -0,0 +1,3 @@ +# +# Optional arguments passed to rpcbind. See rpcbind(8) +RPCBIND_ARGS=""