Patch libtirpc and rpcbind for CVE-2017-8779.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@18771 af4574ff-66df-0310-9fd7-8a98e5e911e0
2025-01-25 07:42:13 +08:00 · 2017-05-31 00:07:31 +00:00 · 2017-05-31 00:07:31 +00:00 · 4df25bd054
commit 4df25bd054
parent 421e0cb291
4 changed files with 45 additions and 18 deletions
--- a/general.ent
+++ b/general.ent
@ -1,12 +1,12 @@
 <!-- $LastChangedBy$ $Date$ -->

-<!ENTITY day          "28">                   <!-- Always 2 digits -->
+<!ENTITY day          "30">                   <!-- Always 2 digits -->
 <!ENTITY month        "05">                   <!-- Always 2 digits -->
 <!ENTITY year         "2017">
 <!ENTITY copyrightdate "2001-&year;">
 <!ENTITY copyholder   "The BLFS Development Team">
 <!ENTITY version      "&year;-&month;-&day;">
-<!ENTITY releasedate  "May 28th &year;">
+<!ENTITY releasedate  "May 30th &year;">
 <!ENTITY pubdate      "&year;-&month;-&day;"> <!-- metadata req. by TLDP -->
 <!ENTITY blfs-version "svn">                  <!-- svn|[release #] -->
 <!ENTITY lfs-version  "development">          <!-- x.y|development -->
--- a/introduction/welcome/changelog.xml
+++ b/introduction/welcome/changelog.xml
@ -41,6 +41,17 @@
      </itemizedlist>
    </listitem>
 -->
+    <listitem>
+      <para>May 30th, 2017</para>
+      <itemizedlist>
+        <listitem>
+          <para>[ken] - Patch rpcbind and libtirpc for the so-called rpcbomb
+          vulnerability. Fixes
+          <ulink url="&blfs-ticket-root;9284">#9284</ulink>.</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
+
    <listitem>
      <para>May 28th, 2017</para>
      <itemizedlist>
--- a/networking/netlibs/libtirpc.xml
+++ b/networking/netlibs/libtirpc.xml
@ -72,6 +72,16 @@
      </listitem>
    </itemizedlist>

+    <bridgehead renderas="sect3">Additional Downloads</bridgehead>
+    <itemizedlist spacing="compact">
+      <listitem>
+        <para>
+          Required patch:
+          <ulink url="&patch-root;/libtirpc-&libtirpc-version;-vulnerability_fixes-1.patch"/>
+        </para>
+      </listitem>
+    </itemizedlist>
+
    <bridgehead renderas="sect3">libtirpc Dependencies</bridgehead>

    <bridgehead renderas="sect4">Optional</bridgehead>
@ -95,10 +105,12 @@
      commands:
    </para>

-<screen><userinput>./configure --prefix=/usr     \
-            --sysconfdir=/etc \
-            --disable-static  \
-            --disable-gssapi  &amp;&amp;
+<screen><userinput>
+patch -Np1 -i ../libtirpc-&libtirpc-version;-vulnerability_fixes-1.patch &amp;&amp;
+./configure --prefix=/usr                                   \
+            --sysconfdir=/etc                               \
+            --disable-static                                \
+            --disable-gssapi                                &amp;&amp;
 make</userinput></screen>

    <para>
--- a/networking/netprogs/rpcbind.xml
+++ b/networking/netprogs/rpcbind.xml
@ -56,17 +56,17 @@
        <para>Estimated build time: &rpcbind-time;</para>
      </listitem>
    </itemizedlist>
-<!--
+
    <bridgehead renderas="sect3">Additional Downloads</bridgehead>
    <itemizedlist spacing="compact">
      <listitem>
        <para>
          Required patch:
-          <ulink url="&patch-root;/rpcbind-&rpcbind-version;-tirpc_fix-1.patch"/>
+          <ulink url="&patch-root;/rpcbind-&rpcbind-version;-vulnerability_fixes-1.patch"/>
        </para>
      </listitem>
    </itemizedlist>
-->
+
    <bridgehead renderas="sect3">rpcbind Dependencies</bridgehead>

    <bridgehead renderas="sect4">Required</bridgehead>
@ -102,17 +102,21 @@ useradd -c "RPC Bind Daemon Owner" -d /dev/null -g rpc \
    <para>Install <application>rpcbind</application> by running the following
    commands:</para>

-<screen revision="sysv"><userinput>./configure --prefix=/usr       \
-            --bindir=/sbin      \
-            --with-rpcuser=root \
-            --enable-warmstarts \
-            --without-systemdsystemunitdir &amp;&amp;
+<screen revision="sysv"><userinput>patch -Np1 -i ../rpcbind-&rpcbind-version;-vulnerability_fixes-1.patch &amp;&amp;
+./configure --prefix=/usr                                  \
+            --bindir=/sbin                                 \
+            --with-rpcuser=root                            \
+            --enable-warmstarts                            \
+            --without-systemdsystemunitdir                 &amp;&amp;
 make</userinput></screen>

-<screen revision="systemd"><userinput>./configure --prefix=/usr  \
-            --bindir=/sbin \
-            --enable-warmstarts \
-            --with-rpcuser=rpc &amp;&amp;
+<screen revision="systemd">
+<userinput>
+patch -Np1 -i ../rpcbind-&rpcbind-version;-vulnerability_fixes-1.patch &amp;&amp;
+           ./configure --prefix=/usr                       \
+            --bindir=/sbin                                 \
+            --enable-warmstarts                            \
+            --with-rpcuser=rpc                             &amp;&amp;
 make</userinput></screen>

    <para>This package does not come with a test suite.</para>