openembedded-core.git/meta/recipes-extended/rpcbind, branch jethro Mirror of openembedded-core rpcbind: Security Advisory - rpcbind - CVE-2015-7236 2015-12-08T08:18:12+00:00 Li Zhou li.zhou@windriver.com 2015-11-17T07:18:32+00:00 224bcc2ead676600bcd9e290ed23d9b2ed2f481e rpcbind: Fix memory corruption in PMAP_CALLIT code Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code. The patch comes from <http://www.openwall.com/lists/oss-security/2015/09/18/7>, and it hasn't been in rpcbind upstream yet. (From OE-Core master rev: cc4f62f3627f3804907e8ff9c68d9321979df32b) Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> 
rpcbind: Fix memory corruption in PMAP_CALLIT code

Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in
rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of
service (daemon crash) via crafted packets, involving a PMAP_CALLIT
code.

The patch comes from
<http://www.openwall.com/lists/oss-security/2015/09/18/7>, and it hasn't
been in rpcbind upstream yet.

(From OE-Core master rev: cc4f62f3627f3804907e8ff9c68d9321979df32b)

Signed-off-by: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
rpcbind: Fix build with uclibc 2015-10-24T11:17:22+00:00 Khem Raj raj.khem@gmail.com 2015-10-13T03:40:56+00:00 8b84e778fb481075d245e1d5cc1b3b81024681d5 The 0001-uclibc-nss.patch has been applied upstream in a bit different way but solves the issue at hand Change-Id: I7312d109d01c08338d4673383e2eaccee219b7bd Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
The 0001-uclibc-nss.patch has been applied upstream
in a bit different way but solves the issue at hand

Change-Id: I7312d109d01c08338d4673383e2eaccee219b7bd
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
rpcbind: 0.2.2 -> 0.2.3 2015-04-30T22:01:28+00:00 Robert Yang liezhi.yang@windriver.com 2015-04-29T07:29:56+00:00 713ac3bfbc95e58ce3332409bae838053fdeced8 * Updated 0001-Avoid-use-of-glibc-sys-cdefs.h-header.patch * Removed 0002-uclibc-rpcsvc-defines.patch since it is already in the source. Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
* Updated 0001-Avoid-use-of-glibc-sys-cdefs.h-header.patch
* Removed 0002-uclibc-rpcsvc-defines.patch since it is already in the
  source.

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
rpcbind: Fix build with musl 2015-04-08T09:45:27+00:00 Khem Raj raj.khem@gmail.com 2015-04-06T17:36:52+00:00 5ed97aeeb603506d772d252f97b9b6e02d84ae9a most patches are just removing glibc'ism e.g. using sys/queue.h of cdefs.h the one patch which is specific to musl is housed with overrides Change-Id: Ia15bf6c9c4b562c9392a704ef92e9090aa5f6381 Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
most patches are just removing glibc'ism e.g. using sys/queue.h
of cdefs.h the one patch which is specific to musl
is housed with overrides

Change-Id: Ia15bf6c9c4b562c9392a704ef92e9090aa5f6381
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
rpcbind: don't try to enable rpcbind.socket twice 2015-03-20T10:59:04+00:00 Martin Jansa martin.jansa@gmail.com 2015-03-13T18:43:23+00:00 8fe9a735584c7ad458eb000c2008d85ad36ada57 * rpcbind.service requires rpcbind.socket and systemctl tries to add it twice * see log.do_rootfs: Started /OE/build/shr-core/tmp-glibc/sysroots/x86_64-linux/usr/bin/systemctl --root=/OE/build/shr-core/tmp-glibc/work/nokia900-oe-linux-gnueabi/shr-image/2.0-r20/rootfs enable rpcbind.service rpcbind.socket Try to find location of rpcbind.service... Found rpcbind.service in /lib/systemd/system/rpcbind.service Also=rpcbind.socket found in rpcbind.service Started /OE/build/shr-core/tmp-glibc/sysroots/x86_64-linux/usr/bin/systemctl --root=/OE/build/shr-core/tmp-glibc/work/nokia900-oe-linux-gnueabi/shr-image/2.0-r20/rootfs enable rpcbind.socket Try to find location of rpcbind.socket... Found rpcbind.socket in /lib/systemd/system/rpcbind.socket WantedBy=sockets.target found in rpcbind.socket Enabled rpcbind.socket for sockets.target. Try to find location of rpcbind.socket... Found rpcbind.socket in /lib/systemd/system/rpcbind.socket WantedBy=sockets.target found in rpcbind.socket ln: failed to create symbolic link '/OE/build/shr-core/tmp-glibc/work/nokia900-oe-linux-gnueabi/shr-image/2.0-r20/rootfs/etc/systemd/system/sockets.target.wants/rpcbind.socket': File exists Enabled rpcbind.socket for sockets.target. Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
* rpcbind.service requires rpcbind.socket and systemctl tries to add it twice
* see log.do_rootfs:
  Started /OE/build/shr-core/tmp-glibc/sysroots/x86_64-linux/usr/bin/systemctl --root=/OE/build/shr-core/tmp-glibc/work/nokia900-oe-linux-gnueabi/shr-image/2.0-r20/rootfs enable rpcbind.service rpcbind.socket
  Try to find location of rpcbind.service...
  Found rpcbind.service in /lib/systemd/system/rpcbind.service
  Also=rpcbind.socket found in rpcbind.service
  Started /OE/build/shr-core/tmp-glibc/sysroots/x86_64-linux/usr/bin/systemctl --root=/OE/build/shr-core/tmp-glibc/work/nokia900-oe-linux-gnueabi/shr-image/2.0-r20/rootfs enable rpcbind.socket
  Try to find location of rpcbind.socket...
  Found rpcbind.socket in /lib/systemd/system/rpcbind.socket
  WantedBy=sockets.target found in rpcbind.socket
  Enabled rpcbind.socket for sockets.target.
  Try to find location of rpcbind.socket...
  Found rpcbind.socket in /lib/systemd/system/rpcbind.socket
  WantedBy=sockets.target found in rpcbind.socket
  ln: failed to create symbolic link '/OE/build/shr-core/tmp-glibc/work/nokia900-oe-linux-gnueabi/shr-image/2.0-r20/rootfs/etc/systemd/system/sockets.target.wants/rpcbind.socket': File exists
  Enabled rpcbind.socket for sockets.target.

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
rpcbind: add PACKAGECONFIG for systemd 2015-01-23T11:35:28+00:00 Hongxu Jia hongxu.jia@windriver.com 2015-01-13T02:24:23+00:00 e3d3534f30afd52c4c8f5e8f9f098964b2f03c4b Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> 
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
rpcbind: upgrade to 0.2.2 2015-01-23T11:35:28+00:00 Hongxu Jia hongxu.jia@windriver.com 2015-01-13T02:02:02+00:00 07a3ae994b293053c57f38b176e428322fb816bc Drop 0001-rpcbind-rpcuser-not-being-set-in-Makefile.am.patch which has been merged to 0.2.2 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> 
Drop 0001-rpcbind-rpcuser-not-being-set-in-Makefile.am.patch
which has been merged to 0.2.2

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
rpcbind: make service socket activated 2014-10-10T09:39:13+00:00 Chen Qi Qi.Chen@windriver.com 2014-10-09T05:35:07+00:00 176e91ef28800adb6295b29c455b2efb91a01876 Instead of setting 'Restart=always' in the service file, we should make the service socket activated, just like what Fedora does. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> 
Instead of setting 'Restart=always' in the service file, we should
make the service socket activated, just like what Fedora does.

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
rpcbind: avoid entering failed status after stopping daemon 2014-09-03T09:24:21+00:00 Chen Qi Qi.Chen@windriver.com 2014-09-03T07:09:11+00:00 1bfc6a45e7ba81d3537ea3ae8b176f5a9c206eaa Exiting with '2' is actually expected with rpcbind, because it catches SIGTERM and exits with '2' explicitly. The related code is as follows. (void) signal(SIGTERM, terminate); /* * Catch the signal and die */ static void terminate(int dummy /*__unused*/) { close(rpcbindlockfd); unlink(_PATH_RPCBINDSOCK); unlink(RPCBINDDLOCK); syslog(LOG_ERR, "rpcbind terminating on signal. Restart with \"rpcbind -w\""); write_warmstart(); /* Dump yourself */ exit(2); } Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Exiting with '2' is actually expected with rpcbind, because it catches
SIGTERM and exits with '2' explicitly.

The related code is as follows.

(void) signal(SIGTERM, terminate);

/*
 * Catch the signal and die
 */
static void
terminate(int dummy /*__unused*/)
{
        close(rpcbindlockfd);
        unlink(_PATH_RPCBINDSOCK);
        unlink(RPCBINDDLOCK);
        syslog(LOG_ERR,
                "rpcbind terminating on signal. Restart with \"rpcbind -w\"");
        write_warmstart(); /* Dump yourself */
        exit(2);
}

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
rpcbind: Make user's home directory / 2014-09-03T09:24:19+00:00 Dan McGregor dan.mcgregor@usask.ca 2014-08-29T21:15:15+00:00 fbd068e23e16746d89c0bb60c96edd705da27a35 Signed-off-by: Dan McGregor <dan.mcgregor@usask.ca> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Signed-off-by: Dan McGregor <dan.mcgregor@usask.ca>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>