From 4df25bd05444f96482c442c25e12c4c45df5f233 Mon Sep 17 00:00:00 2001
From: Ken Moffat <ken@linuxfromscratch.org>
Date: Wed, 31 May 2017 00:07:31 +0000
Subject: [PATCH] Patch libtirpc and rpcbind for CVE-2017-8779.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@18771 af4574ff-66df-0310-9fd7-8a98e5e911e0
---
 general.ent                        |  4 ++--
 introduction/welcome/changelog.xml | 11 +++++++++++
 networking/netlibs/libtirpc.xml    | 20 ++++++++++++++++----
 networking/netprogs/rpcbind.xml    | 28 ++++++++++++++++------------
 4 files changed, 45 insertions(+), 18 deletions(-)

diff --git a/general.ent b/general.ent
index e3b4051cd2..1fbcfe2ded 100644
--- a/general.ent
+++ b/general.ent
@@ -1,12 +1,12 @@
 <!-- $LastChangedBy$ $Date$ -->
 
-<!ENTITY day          "28">                   <!-- Always 2 digits -->
+<!ENTITY day          "30">                   <!-- Always 2 digits -->
 <!ENTITY month        "05">                   <!-- Always 2 digits -->
 <!ENTITY year         "2017">
 <!ENTITY copyrightdate "2001-&year;">
 <!ENTITY copyholder   "The BLFS Development Team">
 <!ENTITY version      "&year;-&month;-&day;">
-<!ENTITY releasedate  "May 28th &year;">
+<!ENTITY releasedate  "May 30th &year;">
 <!ENTITY pubdate      "&year;-&month;-&day;"> <!-- metadata req. by TLDP -->
 <!ENTITY blfs-version "svn">                  <!-- svn|[release #] -->
 <!ENTITY lfs-version  "development">          <!-- x.y|development -->
diff --git a/introduction/welcome/changelog.xml b/introduction/welcome/changelog.xml
index 240f46b340..8231ec038b 100644
--- a/introduction/welcome/changelog.xml
+++ b/introduction/welcome/changelog.xml
@@ -41,6 +41,17 @@
       </itemizedlist>
     </listitem>
 -->
+    <listitem>
+      <para>May 30th, 2017</para>
+      <itemizedlist>
+        <listitem>
+          <para>[ken] - Patch rpcbind and libtirpc for the so-called rpcbomb
+          vulnerability. Fixes
+          <ulink url="&blfs-ticket-root;9284">#9284</ulink>.</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
+
     <listitem>
       <para>May 28th, 2017</para>
       <itemizedlist>
diff --git a/networking/netlibs/libtirpc.xml b/networking/netlibs/libtirpc.xml
index 748b582fd3..6aaa243adf 100644
--- a/networking/netlibs/libtirpc.xml
+++ b/networking/netlibs/libtirpc.xml
@@ -72,6 +72,16 @@
       </listitem>
     </itemizedlist>
 
+    <bridgehead renderas="sect3">Additional Downloads</bridgehead>
+    <itemizedlist spacing="compact">
+      <listitem>
+        <para>
+          Required patch:
+          <ulink url="&patch-root;/libtirpc-&libtirpc-version;-vulnerability_fixes-1.patch"/>
+        </para>
+      </listitem>
+    </itemizedlist>
+
     <bridgehead renderas="sect3">libtirpc Dependencies</bridgehead>
 
     <bridgehead renderas="sect4">Optional</bridgehead>
@@ -95,10 +105,12 @@
       commands:
     </para>
 
-<screen><userinput>./configure --prefix=/usr     \
-            --sysconfdir=/etc \
-            --disable-static  \
-            --disable-gssapi  &amp;&amp;
+<screen><userinput>
+patch -Np1 -i ../libtirpc-&libtirpc-version;-vulnerability_fixes-1.patch &amp;&amp;
+./configure --prefix=/usr                                   \
+            --sysconfdir=/etc                               \
+            --disable-static                                \
+            --disable-gssapi                                &amp;&amp;
 make</userinput></screen>
 
     <para>
diff --git a/networking/netprogs/rpcbind.xml b/networking/netprogs/rpcbind.xml
index bc2247bc6d..5028c12d55 100644
--- a/networking/netprogs/rpcbind.xml
+++ b/networking/netprogs/rpcbind.xml
@@ -56,17 +56,17 @@
         <para>Estimated build time: &rpcbind-time;</para>
       </listitem>
     </itemizedlist>
-<!--
+
     <bridgehead renderas="sect3">Additional Downloads</bridgehead>
     <itemizedlist spacing="compact">
       <listitem>
         <para>
           Required patch:
-          <ulink url="&patch-root;/rpcbind-&rpcbind-version;-tirpc_fix-1.patch"/>
+          <ulink url="&patch-root;/rpcbind-&rpcbind-version;-vulnerability_fixes-1.patch"/>
         </para>
       </listitem>
     </itemizedlist>
--->
+
     <bridgehead renderas="sect3">rpcbind Dependencies</bridgehead>
 
     <bridgehead renderas="sect4">Required</bridgehead>
@@ -102,17 +102,21 @@ useradd -c "RPC Bind Daemon Owner" -d /dev/null -g rpc \
     <para>Install <application>rpcbind</application> by running the following
     commands:</para>
 
-<screen revision="sysv"><userinput>./configure --prefix=/usr       \
-            --bindir=/sbin      \
-            --with-rpcuser=root \
-            --enable-warmstarts \
-            --without-systemdsystemunitdir &amp;&amp;
+<screen revision="sysv"><userinput>patch -Np1 -i ../rpcbind-&rpcbind-version;-vulnerability_fixes-1.patch &amp;&amp;
+./configure --prefix=/usr                                  \
+            --bindir=/sbin                                 \
+            --with-rpcuser=root                            \
+            --enable-warmstarts                            \
+            --without-systemdsystemunitdir                 &amp;&amp;
 make</userinput></screen>
 
-<screen revision="systemd"><userinput>./configure --prefix=/usr  \
-            --bindir=/sbin \
-            --enable-warmstarts \
-            --with-rpcuser=rpc &amp;&amp;
+<screen revision="systemd">
+<userinput>
+patch -Np1 -i ../rpcbind-&rpcbind-version;-vulnerability_fixes-1.patch &amp;&amp;
+           ./configure --prefix=/usr                       \
+            --bindir=/sbin                                 \
+            --enable-warmstarts                            \
+            --with-rpcuser=rpc                             &amp;&amp;
 make</userinput></screen>
 
     <para>This package does not come with a test suite.</para>