Package init

CVE-2017-8779.patch

@@ -0,0 +1,21 @@
+diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c
+index 9c1c3af..fb14bb9 100644
+--- a/src/rpcb_svc_com.c
++++ b/src/rpcb_svc_com.c
+@@ -48,6 +48,7 @@
+ #include <rpc/rpc.h>
+ #include <rpc/rpcb_prot.h>
+ #include <rpc/svc_dg.h>
++#include <rpc/rpc_com.h>
+ #include <netconfig.h>
+ #include <errno.h>
+ #include <syslog.h>
+@@ -432,7 +433,7 @@ rpcbproc_taddr2uaddr_com(void *arg, struct svc_req *rqstp /*__unused*/,
+ static bool_t
+ xdr_encap_parms(XDR *xdrs, struct encap_parms *epp)
+ {
+-	return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), ~0));
++	return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), RPC_MAXDATASIZE));
+ }
+ 
+ /*

bugfix-listen-tcp-port-111.patch

@@ -0,0 +1,17 @@
+diff --git a/systemd/rpcbind.socket b/systemd/rpcbind.socket
+index 3b1a936..b99a36a 100644
+--- a/systemd/rpcbind.socket
++++ b/systemd/rpcbind.socket
+@@ -7,12 +7,5 @@ Before=rpcbind.target
+ [Socket]
+ ListenStream=/run/rpcbind.sock
+ 
+-# RPC netconfig can't handle ipv6/ipv4 dual sockets
+-BindIPv6Only=ipv6-only
+-ListenStream=0.0.0.0:111
+-ListenDatagram=0.0.0.0:111
+-ListenStream=[::]:111
+-ListenDatagram=[::]:111
+-
+ [Install]
+ WantedBy=sockets.target

bugfix-rpcbind-GETADDR-return-client-ip.patch

@@ -0,0 +1,96 @@
+From 8e0eb02df52d15dd4317abeddec427cdbac4da3c Mon Sep 17 00:00:00 2001
+From: huyan <hu.huyan@huawei.com>
+Date: Mon, 8 Jul 2019 02:10:44 +0000
+Subject: [PATCH] backport bugfix rpcbind GETADDR return client ip
+
+---
+ src/util.c | 45 +++++++++++++++++++++++++++++++++++++++------
+ 1 file changed, 39 insertions(+), 6 deletions(-)
+
+diff --git a/src/util.c b/src/util.c
+index 74b0284..d722d4f 100644
+--- a/src/util.c
++++ b/src/util.c
+@@ -103,7 +103,7 @@ char *
+ addrmerge(struct netbuf *caller, char *serv_uaddr, char *clnt_uaddr,
+ 	  char *netid)
+ {
+-	struct ifaddrs *ifap, *ifp = NULL, *bestif;
++	struct ifaddrs *ifap, *ifp = NULL, *bestif, *exactif;
+ 	struct netbuf *serv_nbp = NULL, *hint_nbp = NULL, tbuf;
+ 	struct sockaddr *caller_sa, *hint_sa, *ifsa, *ifmasksa, *serv_sa;
+ 	struct sockaddr_storage ss;
+@@ -157,7 +157,12 @@ addrmerge(struct netbuf *caller, char *serv_uaddr, char *clnt_uaddr,
+ 	 * network portion of its address is equal to that of the client.
+ 	 * If so, we have found the interface that we want to use.
+ 	 */
+-	bestif = NULL;
++	bestif = NULL;  /* first interface UP with same network & family */
++	exactif = NULL; /* the interface requested by the client */
++	u_int8_t maskAllBits[16] = {  /* 16 bytes for IPv6 */
++				    0xff, 0xff, 0xff, 0xff,  0xff, 0xff, 0xff, 0xff,
++				    0xff, 0xff, 0xff, 0xff,  0xff, 0xff, 0xff, 0xff };
++
+ 	for (ifap = ifp; ifap != NULL; ifap = ifap->ifa_next) {
+ 		ifsa = ifap->ifa_addr;
+ 		ifmasksa = ifap->ifa_netmask;
+@@ -175,8 +180,21 @@ addrmerge(struct netbuf *caller, char *serv_uaddr, char *clnt_uaddr,
+ 			if (!bitmaskcmp(&SA2SINADDR(ifsa),
+ 			    &SA2SINADDR(hint_sa), &SA2SINADDR(ifmasksa),
+ 			    sizeof(struct in_addr))) {
+-				bestif = ifap;
+-				goto found;
++				if (getenv("RPCBIND_GETADDR_RETURN_CLIENT_IP") == NULL) {
++					bestif = ifap;
++					goto found;
++				}
++
++				if(!bestif) /* for compatibility with previous code */
++					bestif = ifap;
++				/* Is this an exact match? */
++				if (!bitmaskcmp(&SA2SINADDR(ifsa),
++				    &SA2SINADDR(hint_sa), maskAllBits,
++				    sizeof(struct in_addr))) {
++					exactif = ifap;
++					goto found;
++				}
++				/* else go-on looking for an exact match */
+ 			}
+ 			break;
+ #ifdef INET6
+@@ -197,8 +215,21 @@ addrmerge(struct netbuf *caller, char *serv_uaddr, char *clnt_uaddr,
+ 			} else if (!bitmaskcmp(&SA2SIN6ADDR(ifsa),
+ 			    &SA2SIN6ADDR(hint_sa), &SA2SIN6ADDR(ifmasksa),
+ 			    sizeof(struct in6_addr))) {
+-				bestif = ifap;
+-				goto found;
++				if (getenv("RPCBIND_GETADDR_RETURN_CLIENT_IP") == NULL) {
++					bestif = ifap;
++					goto found;
++				}
++
++				if(!bestif) /* for compatibility with previous code */
++					bestif = ifap;
++				/* Is this an exact match? */
++				if (!bitmaskcmp(&SA2SIN6ADDR(ifsa),
++				    &SA2SIN6ADDR(hint_sa), maskAllBits,
++				    sizeof(struct in6_addr))) {
++					exactif = ifap;
++					goto found;
++				}
++				/* else go-on looking for an exact match */
+ 			}
+ 			break;
+ #endif
+@@ -219,6 +250,8 @@ addrmerge(struct netbuf *caller, char *serv_uaddr, char *clnt_uaddr,
+ 		goto freeit;
+ 
+ found:
++	if(exactif)
++		bestif = exactif;
+ 	/*
+ 	 * Construct the new address using the the address from
+ 	 * `bestif', and the port number from `serv_uaddr'.
+-- 
+1.7.12.4
+

rpcbind-0.2.3-systemd-envfile.patch

@@ -0,0 +1,11 @@
+diff -up rpcbind-0.2.4/systemd/rpcbind.service.in.orig rpcbind-0.2.4/systemd/rpcbind.service.in
+--- rpcbind-0.2.4/systemd/rpcbind.service.in.orig	2017-12-16 15:49:07.830889473 -0500
++++ rpcbind-0.2.4/systemd/rpcbind.service.in	2017-12-16 15:49:43.156610673 -0500
+@@ -12,6 +12,7 @@ Wants=rpcbind.target
+ [Service]
+ Type=notify
+ # distro can provide a drop-in adding EnvironmentFile=-/??? if needed.
++EnvironmentFile=/etc/sysconfig/rpcbind
+ ExecStart=@_sbindir@/rpcbind $RPCBIND_OPTIONS -w -f
+ 
+ [Install]

rpcbind-0.2.3-systemd-tmpfiles.patch

@@ -0,0 +1,40 @@
+diff -up rpcbind-1.2.5/configure.ac.orig rpcbind-1.2.5/configure.ac
+--- rpcbind-1.2.5/configure.ac.orig	2018-08-15 10:51:19.000000000 -0400
++++ rpcbind-1.2.5/configure.ac	2018-08-15 11:14:23.933946110 -0400
+@@ -56,6 +56,17 @@ AC_ARG_WITH([systemdsystemunitdir],
+   fi
+ AM_CONDITIONAL(SYSTEMD, [test -n "$with_systemdsystemunitdir" -a "x$with_systemdsystemunitdir" != xno ])
+ 
++AC_ARG_WITH([systemdtmpfilesdir],
++  AS_HELP_STRING([--with-systemdtmpfilesdir=DIR], [Directory for systemd tmp files]),
++  [], [with_systemdtmpfilesdir=$($PKG_CONFIG --variable=tmpfilesdir systemd)])
++  if test "x$with_systemdtmpfilesdir" != xno; then
++    AC_SUBST([systemdtmpfilesdir], [$with_systemdtmpfilesdir])
++     PKG_CHECK_MODULES([SYSTEMD], [libsystemd], [],
++	   [PKG_CHECK_MODULES([SYSTEMD], [libsystemd-daemon], [],
++	   AC_MSG_ERROR([libsystemd support requested but found]))])
++  fi
++AM_CONDITIONAL(SYSTEMD, [test -n "$with_systemdtmpfilesdir" -a "x$with_systemdtmpfilesdir" != xno ])
++
+ AS_IF([test x$enable_libwrap = xyes], [
+ 	AC_CHECK_LIB([wrap], [hosts_access], ,
+ 		AC_MSG_ERROR([libwrap support requested but unable to find libwrap]))
+diff -up rpcbind-1.2.5/Makefile.am.orig rpcbind-1.2.5/Makefile.am
+--- rpcbind-1.2.5/Makefile.am.orig	2018-08-15 10:51:19.000000000 -0400
++++ rpcbind-1.2.5/Makefile.am	2018-08-15 11:14:23.934946111 -0400
+@@ -59,6 +59,9 @@ rpcbind_LDADD += $(SYSTEMD_LIBS)
+ systemdsystemunit_DATA = \
+ 	systemd/rpcbind.service \
+ 	systemd/rpcbind.socket
++
++systemdtmpfiles_DATA = \
++	systemd/rpcbind.conf
+ endif
+ 
+ rpcinfo_SOURCES =       src/rpcinfo.c
+diff -up rpcbind-1.2.5/systemd/rpcbind.conf.orig rpcbind-1.2.5/systemd/rpcbind.conf
+--- rpcbind-1.2.5/systemd/rpcbind.conf.orig	2018-08-15 11:14:23.934946111 -0400
++++ rpcbind-1.2.5/systemd/rpcbind.conf	2018-08-15 11:14:23.934946111 -0400
+@@ -0,0 +1,2 @@
++#Type Path         Mode  UID  GID Age Argument
++D     /run/rpcbind 0700  rpc  rpc  -  -

rpcbind-0.2.4-runstatdir.patch

@@ -0,0 +1,61 @@
+diff -up rpcbind-1.2.5/configure.ac.orig rpcbind-1.2.5/configure.ac
+--- rpcbind-1.2.5/configure.ac.orig	2018-08-15 11:15:14.188974027 -0400
++++ rpcbind-1.2.5/configure.ac	2018-08-15 11:15:44.948991114 -0400
+@@ -26,8 +26,8 @@ AC_ARG_ENABLE([rmtcalls],
+ AM_CONDITIONAL(RMTCALLS, test x$enable_rmtcalls = xyes)
+ 
+ AC_ARG_WITH([statedir],
+-  AS_HELP_STRING([--with-statedir=ARG], [use ARG as state dir @<:@default=/var/run/rpcbind@:>@])
+-  ,, [with_statedir=/var/run/rpcbind])
++  AS_HELP_STRING([--with-statedir=ARG], [use ARG as state dir @<:@default=/run/rpcbind@:>@])
++  ,, [with_statedir=/run/rpcbind])
+ AC_SUBST([statedir], [$with_statedir])
+ 
+ AC_ARG_WITH([rpcuser],
+diff -up rpcbind-1.2.5/configure.orig rpcbind-1.2.5/configure
+--- rpcbind-1.2.5/configure.orig	2018-08-15 11:00:32.000000000 -0400
++++ rpcbind-1.2.5/configure	2018-08-15 11:15:44.951991115 -0400
+@@ -1391,7 +1391,7 @@ Optional Features:
+ Optional Packages:
+   --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
+   --without-PACKAGE       do not use PACKAGE (same as --with-PACKAGE=no)
+-  --with-statedir=ARG     use ARG as state dir [default=/var/run/rpcbind]
++  --with-statedir=ARG     use ARG as state dir [default=/run/rpcbind]
+ 
+   --with-rpcuser=ARG      use ARG for RPC [default=root]
+ 
+@@ -3901,7 +3901,7 @@ fi
+ if test "${with_statedir+set}" = set; then :
+   withval=$with_statedir;
+ else
+-  with_statedir=/var/run/rpcbind
++  with_statedir=/run/rpcbind
+ fi
+ 
+ statedir=$with_statedir
+diff -up rpcbind-1.2.5/man/rpcbind-fr.8.orig rpcbind-1.2.5/man/rpcbind-fr.8
+--- rpcbind-1.2.5/man/rpcbind-fr.8.orig	2018-08-15 10:51:19.000000000 -0400
++++ rpcbind-1.2.5/man/rpcbind-fr.8	2018-08-15 11:15:44.951991115 -0400
+@@ -138,8 +138,8 @@ est redémarré.
+ .Xr rpcbind 3 ,
+ .Xr rpcinfo 8
+ .Sh FILES
+-.Bl -tag -width /var/run/rpcbind.sock -compact
+-.It Pa /var/run/rpcbind.sock
++.Bl -tag -width /run/rpcbind.sock -compact
++.It Pa /run/rpcbind.sock
+ .Sh TRADUCTION
+ Aurelien CHARBON (Sept 2003)
+ .El
+diff -up rpcbind-1.2.5/src/rpcbind.c.orig rpcbind-1.2.5/src/rpcbind.c
+--- rpcbind-1.2.5/src/rpcbind.c.orig	2018-08-15 10:51:19.000000000 -0400
++++ rpcbind-1.2.5/src/rpcbind.c	2018-08-15 11:15:44.952991116 -0400
+@@ -106,7 +106,7 @@ char *nss_modules = "files";
+ /* who to suid to if -s is given */
+ #define RUN_AS  "daemon"
+ 
+-#define RPCBINDDLOCK "/var/run/rpcbind.lock"
++#define RPCBINDDLOCK RPCBIND_STATEDIR "/rpcbind.lock"
+ 
+ int runasdaemon = 0;
+ int insecure = 0;

rpcbind-0.2.4-systemd-rundir.patch

@@ -0,0 +1,35 @@
+diff -up rpcbind-0.2.4/src/rpcbind.c.orig rpcbind-0.2.4/src/rpcbind.c
+--- rpcbind-0.2.4/src/rpcbind.c.orig	2017-03-21 10:12:35.005190509 -0400
++++ rpcbind-0.2.4/src/rpcbind.c	2017-03-21 10:36:45.510507649 -0400
+@@ -144,6 +144,8 @@ static void rbllist_add(rpcprog_t, rpcve
+ static void terminate(int);
+ static void parseargs(int, char *[]);
+ 
++char *systemdtmp = "/usr/bin/systemd-tmpfiles --create rpcbind.conf";
++
+ int
+ main(int argc, char *argv[])
+ {
+@@ -151,13 +153,21 @@ main(int argc, char *argv[])
+ 	void *nc_handle;	/* Net config handle */
+ 	struct rlimit rl;
+ 	int maxrec = RPC_MAXDATASIZE;
++	int once = 1;
+ 
+ 	parseargs(argc, argv);
+ 
++tryagain:
+ 	/* Check that another rpcbind isn't already running. */
+ 	if ((rpcbindlockfd = (open(RPCBINDDLOCK,
+-	    O_RDONLY|O_CREAT, 0444))) == -1)
++	    O_RDONLY|O_CREAT, 0444))) == -1) {
++		if (once) {
++			once = system(systemdtmp); /* set once to avoid a warning */
++			once = 0;
++			goto tryagain; 
++		}
+ 		err(1, "%s", RPCBINDDLOCK);
++	}
+ 
+ 	if(flock(rpcbindlockfd, LOCK_EX|LOCK_NB) == -1 && errno == EWOULDBLOCK)
+ 		errx(1, "another rpcbind is already running. Aborting");

rpcbind-0.2.4-systemd-service.patch

@@ -0,0 +1,13 @@
+diff -up rpcbind-0.2.4/systemd/rpcbind.service.in.orig rpcbind-0.2.4/systemd/rpcbind.service.in
+--- rpcbind-0.2.4/systemd/rpcbind.service.in.orig	2017-12-16 15:46:12.896270101 -0500
++++ rpcbind-0.2.4/systemd/rpcbind.service.in	2017-12-16 15:46:43.672027210 -0500
+@@ -7,7 +7,8 @@ RequiresMountsFor=@statedir@
+ # Make sure we use the IP addresses listed for
+ # rpcbind.socket, no matter how this unit is started.
+ Requires=rpcbind.socket
+-Wants=rpcbind.target
++Wants=rpcbind.target systemd-tmpfiles-setup.service
++After=systemd-tmpfiles-setup.service
+ 
+ [Service]
+ Type=notify

rpcbind.spec

@@ -0,0 +1,118 @@
+%global rpcbind_user_group rpc
+%global rpcbind_state_dir %{_rundir}/rpcbind
+
+Name:              rpcbind
+Version:           1.2.5
+Release:           1
+Summary:           Universal addresses to RPC program number mapper
+License:           BSD
+
+URL:               https://nfsv4.bullopensource.org
+Source0:           https://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.bz2
+Source1:	   %{name}.sysconfig
+
+Requires:	   glibc-common setup
+Conflicts: 	   man-pages < 2.43-12
+BuildRequires: 	   automake autoconf libtool systemd-devel
+BuildRequires: 	   libtirpc-devel quota-devel systemd 
+Requires(pre):     coreutils shadow-utils
+Requires(post):    chkconfig systemd
+Requires(preun):   systemd
+Requires(postun):  systemd coreutils
+
+Patch100: 	   %{name}-0.2.3-systemd-envfile.patch
+Patch101: 	   %{name}-0.2.3-systemd-tmpfiles.patch
+Patch102: 	   %{name}-0.2.4-runstatdir.patch
+Patch103: 	   %{name}-0.2.4-systemd-service.patch
+Patch104: 	   %{name}-0.2.4-systemd-rundir.patch
+Patch6000: 	   bugfix-%{name}-GETADDR-return-client-ip.patch
+Patch6001: 	   CVE-2017-8779.patch
+Patch9000: 	   bugfix-listen-tcp-port-111.patch
+
+Provides: 	   portmap = %{version}-%{release}
+Obsoletes: 	   portmap <= 4.0-65.3
+
+%description
+The %{name} utility is a server that converts RPC program 
+numbers into universal addresses. It must be running on the 
+host to be able to make RPC calls on a server on that machine.
+
+%package_help
+
+%prep
+%autosetup -n %{name}-%{version} -p1 
+
+%build
+autoreconf -fisv
+%configure  --enable-warmstarts  --with-statedir="%rpcbind_state_dir" \
+    --with-rpcuser="%rpcbind_user_group"  --with-nss-modules="files altfiles" \
+    --sbindir=%{_bindir}  --enable-debug
+
+make all
+
+%install
+install -m 0755 -d %{buildroot}{%{_sbindir},%{_bindir},/etc/sysconfig}
+install -m 0755 -d %{buildroot}%{_unitdir}
+install -m 0755 -d %{buildroot}%{_tmpfilesdir}
+install -m 0755 -d %{buildroot}%{_mandir}/man8
+install -m 0755 -d %{buildroot}%{rpcbind_state_dir}
+%make_install
+
+install -m 644 %{SOURCE1} %{buildroot}/etc/sysconfig/%{name}
+
+cd %{buildroot}%{_sbindir}
+ln -sf ../bin/%{name}
+ln -sf ../bin/rpcinfo
+
+%pre
+getent group rpc >/dev/null || groupadd -f -g 32 -r rpc
+if ! getent passwd rpc >/dev/null ; then
+	if ! getent passwd 32 >/dev/null ; then
+	   useradd -l -c "Rpcbind Daemon" -d /var/lib/%{name}  \
+	      -g rpc -M -s /sbin/nologin -o -u 32 rpc > /dev/null 2>&1
+	else
+	   useradd -l -c "Rpcbind Daemon" -d /var/lib/%{name}  \
+	      -g rpc -M -s /sbin/nologin rpc > /dev/null 2>&1
+	fi
+fi
+
+%post
+%systemd_post %{name}.service %{name}.socket
+
+%preun
+%systemd_preun %{name}.service %{name}.socket
+
+%postun
+%systemd_postun_with_restart %{name}.service %{name}.socket
+
+%triggerun -- %{name} < 0.2.0-15
+%{_bindir}/systemd-sysv-convert --save %{name} >/dev/null 2>&1 ||:
+/bin/systemctl --no-reload enable %{name}.service >/dev/null 2>&1
+/sbin/chkconfig --del %{name} >/dev/null 2>&1 || :
+/bin/systemctl try-restart %{name}.service >/dev/null 2>&1 || :
+
+%triggerin -- %{name} > 0.2.2-2.0
+if systemctl -q is-enabled %{name}.socket
+then
+	/bin/systemctl reenable %{name}.socket  >/dev/null 2>&1 || :
+	/bin/systemctl restart %{name}.socket >/dev/null 2>&1 || :
+fi
+
+%files
+%defattr(-,root,root)
+%config(noreplace) /etc/sysconfig/%{name}
+%doc AUTHORS
+%{_sbindir}/*
+%{_bindir}/*
+%{_unitdir}/%{name}.*
+%{_tmpfilesdir}/%{name}.conf
+%attr(0700, %{rpcbind_user_group}, %{rpcbind_user_group}) %dir %{rpcbind_state_dir}
+
+%files help
+%defattr(-,root,root)
+%doc ChangeLog README
+%{_mandir}/man8/*.8.gz
+
+%changelog
+* Tue Sep 17 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.2.5-1
+- Package init

rpcbind.sysconfig

@@ -0,0 +1,3 @@
+#
+# Optional arguments passed to rpcbind. See rpcbind(8)
+RPCBIND_ARGS=""