summaryrefslogtreecommitdiff
path: root/source/n/rpcbind
diff options
context:
space:
mode:
authorPatrick J Volkerding <volkerdi@slackware.com>2018-05-28 19:12:29 +0000
committerEric Hameleers <alien@slackware.com>2018-05-31 23:39:35 +0200
commit646a5c1cbfd95873950a87b5f75d52073a967023 (patch)
treeb8b8d2ab3b0d432ea69ad1a64d1c789649d65020 /source/n/rpcbind
parentd31c50870d0bee042ce660e445c9294a59a3a65b (diff)
downloadcurrent-646a5c1cbfd95873950a87b5f75d52073a967023.tar.gz
Mon May 28 19:12:29 UTC 201820180528191229
a/pkgtools-15.0-noarch-13.txz: Rebuilt. installpkg: default line length for --terselength is the number of columns. removepkg: added --terse mode. upgradepkg: default line length for --terselength is the number of columns. upgradepkg: accept -option in addition to --option. ap/vim-8.1.0026-x86_64-1.txz: Upgraded. d/bison-3.0.5-x86_64-1.txz: Upgraded. e/emacs-26.1-x86_64-1.txz: Upgraded. kde/kopete-4.14.3-x86_64-8.txz: Rebuilt. Recompiled against libidn-1.35. n/conntrack-tools-1.4.5-x86_64-1.txz: Upgraded. n/libnetfilter_conntrack-1.0.7-x86_64-1.txz: Upgraded. n/libnftnl-1.1.0-x86_64-1.txz: Upgraded. n/links-2.16-x86_64-2.txz: Rebuilt. Rebuilt to enable X driver for -g mode. n/lynx-2.8.9dev.19-x86_64-1.txz: Upgraded. n/nftables-0.8.5-x86_64-1.txz: Upgraded. n/p11-kit-0.23.11-x86_64-1.txz: Upgraded. n/ulogd-2.0.7-x86_64-1.txz: Upgraded. n/whois-5.3.1-x86_64-1.txz: Upgraded. xap/network-manager-applet-1.8.12-x86_64-1.txz: Upgraded. xap/vim-gvim-8.1.0026-x86_64-1.txz: Upgraded.
Diffstat (limited to 'source/n/rpcbind')
-rw-r--r--source/n/rpcbind/0001-man-rpcibind.8-Clarify-state-file-usage-and-history.patch39
-rw-r--r--source/n/rpcbind/0001-security.c-removed-warning.patch29
-rw-r--r--source/n/rpcbind/0002-Fix-memory-corruption-in-PMAP_CALLIT-code.patch82
-rw-r--r--source/n/rpcbind/0002-rpcbind-pair-all-svc_getargs-calls-with-svc_freeargs.patch218
-rw-r--r--source/n/rpcbind/0003-handle_reply-Don-t-use-the-xp_auth-pointer-directly.patch40
-rw-r--r--source/n/rpcbind/0003-pmapproc_dump-Fixed-typo-in-memory-leak-patch.patch29
-rw-r--r--source/n/rpcbind/0004-Delete-the-unix-socket-only-if-we-have-created-it.patch51
-rw-r--r--source/n/rpcbind/0004-rpcbind-fix-building-without-enable-debug.patch69
-rw-r--r--source/n/rpcbind/0005-rpcbproc_callit_com-Stop-freeing-a-static-pointer.patch96
-rw-r--r--source/n/rpcbind/0006-rpcbproc_callit_com-No-need-to-allocate-output-buffe.patch96
-rw-r--r--source/n/rpcbind/01.rpcbind-manpage-statefile-explanation.patch25
-rw-r--r--source/n/rpcbind/doinst.sh1
-rw-r--r--source/n/rpcbind/rc.rpc29
-rw-r--r--source/n/rpcbind/rpc.default29
-rwxr-xr-xsource/n/rpcbind/rpcbind.SlackBuild53
-rw-r--r--source/n/rpcbind/slack-desc10
16 files changed, 643 insertions, 253 deletions
diff --git a/source/n/rpcbind/0001-man-rpcibind.8-Clarify-state-file-usage-and-history.patch b/source/n/rpcbind/0001-man-rpcibind.8-Clarify-state-file-usage-and-history.patch
new file mode 100644
index 00000000..9ea5870d
--- /dev/null
+++ b/source/n/rpcbind/0001-man-rpcibind.8-Clarify-state-file-usage-and-history.patch
@@ -0,0 +1,39 @@
+From a89ba6d07832cb62a86601971380fda7130c6826 Mon Sep 17 00:00:00 2001
+From: "Patrick J. Volkerding" <volkerdi@slackware.com>
+Date: Mon, 17 Jul 2017 23:09:36 -0500
+Subject: [PATCH 1/2] man/rpcibind.8: Clarify state file usage and history
+
+---
+ man/rpcbind.8 | 13 +++++++++++--
+ 1 file changed, 11 insertions(+), 2 deletions(-)
+
+diff --git a/man/rpcbind.8 b/man/rpcbind.8
+index af6200f..bdfb1c8 100644
+--- a/man/rpcbind.8
++++ b/man/rpcbind.8
+@@ -132,11 +132,20 @@ to connect to services from a privileged port.
+ .It Fl w
+ Cause
+ .Nm
+-to do a "warm start" by read a state file when
++to do a "warm start" by attempting to read *.xdr state files from the
++state directory
++.%T /var/run/rpcbind
++when
+ .Nm
+-starts up. The state file is created when
++starts up. The state files are created when
+ .Nm
+ terminates.
++.Pp
++This allows for restarting
++.Nm
++without the need to restart all RPC services that have previously registered.
++The state files serve a similar purpose to the files created/restored by the
++pmap_dump and pmap_set utilities distributed with the old portmap server package.
+ .El
+ .Sh NOTES
+ All RPC servers must be restarted if
+--
+2.13.2
+
diff --git a/source/n/rpcbind/0001-security.c-removed-warning.patch b/source/n/rpcbind/0001-security.c-removed-warning.patch
deleted file mode 100644
index 6ca5b6d0..00000000
--- a/source/n/rpcbind/0001-security.c-removed-warning.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From de47f6323d8fb20feefee21d0195cf0529151e04 Mon Sep 17 00:00:00 2001
-From: Steve Dickson <steved@redhat.com>
-Date: Thu, 17 Sep 2015 15:57:35 -0400
-Subject: [PATCH 1/4] security.c: removed warning
-
-src/security.c:100:8: warning: implicit declaration of function 'xlog'
-[-Wimplicit-function-declaration]
-
-Signed-off-by: Steve Dickson <steved@redhat.com>
----
- src/security.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/src/security.c b/src/security.c
-index 0c9453f..c54ce26 100644
---- a/src/security.c
-+++ b/src/security.c
-@@ -17,6 +17,8 @@
- #include <syslog.h>
- #include <netdb.h>
-
-+#include "xlog.h"
-+
- /*
- * XXX for special case checks in check_callit.
- */
---
-2.6.4
-
diff --git a/source/n/rpcbind/0002-Fix-memory-corruption-in-PMAP_CALLIT-code.patch b/source/n/rpcbind/0002-Fix-memory-corruption-in-PMAP_CALLIT-code.patch
deleted file mode 100644
index 6a80742f..00000000
--- a/source/n/rpcbind/0002-Fix-memory-corruption-in-PMAP_CALLIT-code.patch
+++ /dev/null
@@ -1,82 +0,0 @@
-From d5dace219953c45d26ae42db238052b68540649a Mon Sep 17 00:00:00 2001
-From: Olaf Kirch <okir@suse.de>
-Date: Fri, 30 Oct 2015 10:18:20 -0400
-Subject: [PATCH 2/4] Fix memory corruption in PMAP_CALLIT code
-
- - A PMAP_CALLIT call comes in on IPv4 UDP
- - rpcbind duplicates the caller's address to a netbuf and stores it in
- FINFO[0].caller_addr. caller_addr->buf now points to a memory region A
- with a size of 16 bytes
- - rpcbind forwards the call to the local service, receives a reply
- - when processing the reply, it does this in xprt_set_caller:
- xprt->xp_rtaddr = *FINFO[0].caller_addr
- It sends out the reply, and then frees the netbuf caller_addr and
- caller_addr.buf.
- However, it does not clear xp_rtaddr, so xp_rtaddr.buf now refers
- to memory region A, which is free.
- - When the next call comes in on the UDP/IPv4 socket, svc_dg_recv will
- be called, which will set xp_rtaddr to the client's address.
- It will reuse the buffer inside xp_rtaddr, ie it will write a
- sockaddr_in to region A
-
-Some time down the road, an incoming TCP connection is accepted,
-allocating a fresh SVCXPRT. The memory region A is inside the
-new SVCXPRT
-
- - While processing the TCP call, another UDP call comes in, again
- overwriting region A with the client's address
- - TCP client closes connection. In svc_destroy, we now trip over
- the garbage left in region A
-
-We ran into the case where a commercial scanner was triggering
-occasional rpcbind segfaults. The core file that was captured showed
-a corrupted xprt->xp_netid pointer that was really a sockaddr_in.
-
-Signed-off-by: Olaf Kirch <okir@suse.de>
-Signed-off-by: Steve Dickson <steved@redhat.com>
----
- src/rpcb_svc_com.c | 23 ++++++++++++++++++++++-
- 1 file changed, 22 insertions(+), 1 deletion(-)
-
-diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c
-index ff9ce6b..4ae93f1 100644
---- a/src/rpcb_svc_com.c
-+++ b/src/rpcb_svc_com.c
-@@ -1183,12 +1183,33 @@ check_rmtcalls(struct pollfd *pfds, int nfds)
- return (ncallbacks_found);
- }
-
-+/*
-+ * This is really a helper function defined in libtirpc,
-+ * but unfortunately, it hasn't been exported yet.
-+ */
-+static struct netbuf *
-+__rpc_set_netbuf(struct netbuf *nb, const void *ptr, size_t len)
-+{
-+ if (nb->len != len) {
-+ if (nb->len)
-+ mem_free(nb->buf, nb->len);
-+ nb->buf = mem_alloc(len);
-+ if (nb->buf == NULL)
-+ return NULL;
-+
-+ nb->maxlen = nb->len = len;
-+ }
-+ memcpy(nb->buf, ptr, len);
-+ return nb;
-+}
-+
- static void
- xprt_set_caller(SVCXPRT *xprt, struct finfo *fi)
- {
-+ const struct netbuf *caller = fi->caller_addr;
- u_int32_t *xidp;
-
-- *(svc_getrpccaller(xprt)) = *(fi->caller_addr);
-+ __rpc_set_netbuf(svc_getrpccaller(xprt), caller->buf, caller->len);
- xidp = __rpcb_get_dg_xidp(xprt);
- *xidp = fi->caller_xid;
- }
---
-2.6.4
-
diff --git a/source/n/rpcbind/0002-rpcbind-pair-all-svc_getargs-calls-with-svc_freeargs.patch b/source/n/rpcbind/0002-rpcbind-pair-all-svc_getargs-calls-with-svc_freeargs.patch
new file mode 100644
index 00000000..060614cc
--- /dev/null
+++ b/source/n/rpcbind/0002-rpcbind-pair-all-svc_getargs-calls-with-svc_freeargs.patch
@@ -0,0 +1,218 @@
+From 7ea36eeece56b59f98e469934e4c20b4da043346 Mon Sep 17 00:00:00 2001
+From: Doran Moppert <dmoppert@redhat.com>
+Date: Thu, 11 May 2017 11:42:54 -0400
+Subject: [PATCH 2/6] rpcbind: pair all svc_getargs() calls with svc_freeargs()
+ to avoid memory leak
+
+This patch is to address CVE-2017-8779 "rpcbomb" in rpcbind, discussed
+at [1], [2], [3]. The last link suggests this issue is actually a bug
+in rpcbind, which led me here.
+
+The leak caused by the reproducer at [4] appears to come from
+rpcb_service_4(), in the case where svc_getargs() returns false and the
+function had an early return, rather than passing through the cleanup
+path at done:, as would otherwise occur.
+
+It also addresses a couple of other locations where the same fault seems
+to exist, though I haven't been able to exercise those. I hope someone
+more intimate with rpc(3) can confirm my understanding is correct, and
+that I haven't introduced any new bugs.
+
+Without this patch, using the reproducer (and variants) repeatedly
+against rpcbind with a numBytes argument of 1_000_000_000, /proc/$(pidof
+rpcbind)/status reports VmSize increase of 976564 kB each call, and
+VmRSS increase of around 260 kB every 33 calls - the specific numbers
+are probably an artifact of my rhel/glibc version. With the patch,
+there is a small (~50 kB) VmSize increase with the first message, but
+thereafter both VmSize and VmRSS remain steady.
+
+[1]: http://seclists.org/oss-sec/2017/q2/209
+[2]: https://bugzilla.redhat.com/show_bug.cgi?id=1448124
+[3]: https://sourceware.org/ml/libc-alpha/2017-05/msg00129.html
+[4]: https://github.com/guidovranken/rpcbomb/
+
+Signed-off-by: Doran Moppert <dmoppert@redhat.com>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ src/pmap_svc.c | 56 +++++++++++++++++++++++++++++++++++++++++++++---------
+ src/rpcb_svc.c | 2 +-
+ src/rpcb_svc_4.c | 2 +-
+ src/rpcb_svc_com.c | 8 ++++++++
+ 4 files changed, 57 insertions(+), 11 deletions(-)
+
+diff --git a/src/pmap_svc.c b/src/pmap_svc.c
+index 4c744fe..e926cdc 100644
+--- a/src/pmap_svc.c
++++ b/src/pmap_svc.c
+@@ -175,6 +175,7 @@ pmapproc_change(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt, unsigned long
+ long ans;
+ uid_t uid;
+ char uidbuf[32];
++ int rc = TRUE;
+
+ /*
+ * Can't use getpwnam here. We might end up calling ourselves
+@@ -194,7 +195,8 @@ pmapproc_change(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt, unsigned long
+
+ if (!svc_getargs(xprt, (xdrproc_t) xdr_pmap, (char *)&reg)) {
+ svcerr_decode(xprt);
+- return (FALSE);
++ rc = FALSE;
++ goto done;
+ }
+ #ifdef RPCBIND_DEBUG
+ if (debugging)
+@@ -205,7 +207,8 @@ pmapproc_change(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt, unsigned long
+
+ if (!check_access(xprt, op, reg.pm_prog, PMAPVERS)) {
+ svcerr_weakauth(xprt);
+- return (FALSE);
++ rc = (FALSE);
++ goto done;
+ }
+
+ rpcbreg.r_prog = reg.pm_prog;
+@@ -258,7 +261,16 @@ done_change:
+ rpcbs_set(RPCBVERS_2_STAT, ans);
+ else
+ rpcbs_unset(RPCBVERS_2_STAT, ans);
+- return (TRUE);
++done:
++ if (!svc_freeargs(xprt, (xdrproc_t) xdr_pmap, (char *)&reg)) {
++ if (debugging) {
++ (void) xlog(LOG_DEBUG, "unable to free arguments\n");
++ if (doabort) {
++ rpcbind_abort();
++ }
++ }
++ }
++ return (rc);
+ }
+
+ /* ARGSUSED */
+@@ -272,15 +284,18 @@ pmapproc_getport(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt)
+ #ifdef RPCBIND_DEBUG
+ char *uaddr;
+ #endif
++ int rc = TRUE;
+
+ if (!svc_getargs(xprt, (xdrproc_t) xdr_pmap, (char *)&reg)) {
+ svcerr_decode(xprt);
+- return (FALSE);
++ rc = FALSE;
++ goto done;
+ }
+
+ if (!check_access(xprt, PMAPPROC_GETPORT, reg.pm_prog, PMAPVERS)) {
+ svcerr_weakauth(xprt);
+- return FALSE;
++ rc = FALSE;
++ goto done;
+ }
+
+ #ifdef RPCBIND_DEBUG
+@@ -330,21 +345,34 @@ pmapproc_getport(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt)
+ pmap_ipprot2netid(reg.pm_prot) ?: "<unknown>",
+ port ? udptrans : "");
+
+- return (TRUE);
++done:
++ if (!svc_freeargs(xprt, (xdrproc_t) xdr_pmap, (char *)&reg)) {
++ if (debugging) {
++ (void) xlog(LOG_DEBUG, "unable to free arguments\n");
++ if (doabort) {
++ rpcbind_abort();
++ }
++ }
++ }
++ return (rc);
+ }
+
+ /* ARGSUSED */
+ static bool_t
+ pmapproc_dump(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt)
+ {
++ int rc = TRUE;
++
+ if (!svc_getargs(xprt, (xdrproc_t)xdr_void, NULL)) {
+ svcerr_decode(xprt);
+- return (FALSE);
++ rc = FALSE;
++ goto done;
+ }
+
+ if (!check_access(xprt, PMAPPROC_DUMP, 0, PMAPVERS)) {
+ svcerr_weakauth(xprt);
+- return FALSE;
++ rc = FALSE;
++ goto done;
+ }
+
+ if ((!svc_sendreply(xprt, (xdrproc_t) xdr_pmaplist_ptr,
+@@ -354,7 +382,17 @@ pmapproc_dump(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt)
+ rpcbind_abort();
+ }
+ }
+- return (TRUE);
++
++done:
++ if (!svc_freeargs(xprt, (xdrproc_t) xdr_pmap, (char *)NULL)) {
++ if (debugging) {
++ (void) xlog(LOG_DEBUG, "unable to free arguments\n");
++ if (doabort) {
++ rpcbind_abort();
++ }
++ }
++ }
++ return (rc);
+ }
+
+ int pmap_netid2ipprot(const char *netid)
+diff --git a/src/rpcb_svc.c b/src/rpcb_svc.c
+index 709e3fb..091f530 100644
+--- a/src/rpcb_svc.c
++++ b/src/rpcb_svc.c
+@@ -166,7 +166,7 @@ rpcb_service_3(struct svc_req *rqstp, SVCXPRT *transp)
+ svcerr_decode(transp);
+ if (debugging)
+ (void) xlog(LOG_DEBUG, "rpcbind: could not decode");
+- return;
++ goto done;
+ }
+
+ if (rqstp->rq_proc == RPCBPROC_SET
+diff --git a/src/rpcb_svc_4.c b/src/rpcb_svc_4.c
+index 5094879..eebbbbe 100644
+--- a/src/rpcb_svc_4.c
++++ b/src/rpcb_svc_4.c
+@@ -218,7 +218,7 @@ rpcb_service_4(struct svc_req *rqstp, SVCXPRT *transp)
+ svcerr_decode(transp);
+ if (debugging)
+ (void) xlog(LOG_DEBUG, "rpcbind: could not decode\n");
+- return;
++ goto done;
+ }
+
+ if (rqstp->rq_proc == RPCBPROC_SET
+diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c
+index 5862c26..cb63afd 100644
+--- a/src/rpcb_svc_com.c
++++ b/src/rpcb_svc_com.c
+@@ -927,6 +927,14 @@ error:
+ if (call_msg.rm_xid != 0)
+ (void) free_slot_by_xid(call_msg.rm_xid);
+ out:
++ if (!svc_freeargs(transp, (xdrproc_t) xdr_rmtcall_args, (char *) &a)) {
++ if (debugging) {
++ (void) xlog(LOG_DEBUG, "unable to free arguments\n");
++ if (doabort) {
++ rpcbind_abort();
++ }
++ }
++ }
+ if (local_uaddr)
+ free(local_uaddr);
+ if (buf_alloc)
+--
+2.13.0
+
diff --git a/source/n/rpcbind/0003-handle_reply-Don-t-use-the-xp_auth-pointer-directly.patch b/source/n/rpcbind/0003-handle_reply-Don-t-use-the-xp_auth-pointer-directly.patch
deleted file mode 100644
index 9aa64791..00000000
--- a/source/n/rpcbind/0003-handle_reply-Don-t-use-the-xp_auth-pointer-directly.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 9194122389f2a56b1cd1f935e64307e2e963c2da Mon Sep 17 00:00:00 2001
-From: Steve Dickson <steved@redhat.com>
-Date: Mon, 2 Nov 2015 17:05:18 -0500
-Subject: [PATCH 3/4] handle_reply: Don't use the xp_auth pointer directly
-
-In the latest libtirpc version to access the xp_auth
-one must use the SVC_XP_AUTH macro. To be backwards
-compatible a couple ifdefs were added to use the
-macro when it exists.
-
-Signed-off-by: Steve Dickson <steved@redhat.com>
----
- src/rpcb_svc_com.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c
-index 4ae93f1..22d6c84 100644
---- a/src/rpcb_svc_com.c
-+++ b/src/rpcb_svc_com.c
-@@ -1295,10 +1295,17 @@ handle_reply(int fd, SVCXPRT *xprt)
- a.rmt_localvers = fi->versnum;
-
- xprt_set_caller(xprt, fi);
-+#if defined(SVC_XP_AUTH)
-+ SVC_XP_AUTH(xprt) = svc_auth_none;
-+#else
- xprt->xp_auth = &svc_auth_none;
-+#endif
- svc_sendreply(xprt, (xdrproc_t) xdr_rmtcall_result, (char *) &a);
-+#if !defined(SVC_XP_AUTH)
- SVCAUTH_DESTROY(xprt->xp_auth);
- xprt->xp_auth = NULL;
-+#endif
-+
- done:
- if (buffer)
- free(buffer);
---
-2.6.4
-
diff --git a/source/n/rpcbind/0003-pmapproc_dump-Fixed-typo-in-memory-leak-patch.patch b/source/n/rpcbind/0003-pmapproc_dump-Fixed-typo-in-memory-leak-patch.patch
new file mode 100644
index 00000000..6cf885ac
--- /dev/null
+++ b/source/n/rpcbind/0003-pmapproc_dump-Fixed-typo-in-memory-leak-patch.patch
@@ -0,0 +1,29 @@
+From c49a7ea639eb700823e174fd605bbbe183e229aa Mon Sep 17 00:00:00 2001
+From: Steve Dickson <steved@redhat.com>
+Date: Wed, 17 May 2017 10:52:25 -0400
+Subject: [PATCH 3/6] pmapproc_dump: Fixed typo in memory leak patch
+
+commit 7ea36eee introduce a typo that caused
+NIS (aka ypbind) to fail.
+
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ src/pmap_svc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/pmap_svc.c b/src/pmap_svc.c
+index e926cdc..26c31d0 100644
+--- a/src/pmap_svc.c
++++ b/src/pmap_svc.c
+@@ -384,7 +384,7 @@ pmapproc_dump(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt)
+ }
+
+ done:
+- if (!svc_freeargs(xprt, (xdrproc_t) xdr_pmap, (char *)NULL)) {
++ if (!svc_freeargs(xprt, (xdrproc_t) xdr_void, (char *)NULL)) {
+ if (debugging) {
+ (void) xlog(LOG_DEBUG, "unable to free arguments\n");
+ if (doabort) {
+--
+2.13.0
+
diff --git a/source/n/rpcbind/0004-Delete-the-unix-socket-only-if-we-have-created-it.patch b/source/n/rpcbind/0004-Delete-the-unix-socket-only-if-we-have-created-it.patch
deleted file mode 100644
index c54d542e..00000000
--- a/source/n/rpcbind/0004-Delete-the-unix-socket-only-if-we-have-created-it.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From 3a664b1b5a310df39bd0f325b0edb1deb31c2249 Mon Sep 17 00:00:00 2001
-From: Laurent Bigonville <bigon@bigon.be>
-Date: Wed, 18 Nov 2015 14:34:26 -0500
-Subject: [PATCH 4/4] Delete the unix socket only if we have created it
-
-From: Laurent Bigonville <bigon@bigon.be>
-
-If systemd has created the unix socket on our behalf, we shouldn't try
-to delete it.
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1279076
-
-Signed-off-by: Laurent Bigonville <bigon@bigon.be
-Signed-off-by: Steve Dickson <steved@redhat.com>
----
- src/rpcbind.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/src/rpcbind.c b/src/rpcbind.c
-index 045daa1..c4265cd 100644
---- a/src/rpcbind.c
-+++ b/src/rpcbind.c
-@@ -87,6 +87,7 @@ static inline void __nss_configure_lookup(const char *db, const char *s) {}
- int debugging = 0; /* Tell me what's going on */
- int doabort = 0; /* When debugging, do an abort on errors */
- int dofork = 1; /* fork? */
-+int createdsocket = 0; /* Did I create the socket or systemd did it for me? */
-
- rpcblist_ptr list_rbl; /* A list of version 3/4 rpcbind services */
-
-@@ -445,6 +446,7 @@ init_transport(struct netconfig *nconf)
- memset(&sun, 0, sizeof sun);
- sun.sun_family = AF_LOCAL;
- unlink(_PATH_RPCBINDSOCK);
-+ createdsocket = 1; /* We are now in the process of creating the unix socket */
- strcpy(sun.sun_path, _PATH_RPCBINDSOCK);
- addrlen = SUN_LEN(&sun);
- sa = (struct sockaddr *)&sun;
-@@ -846,7 +848,8 @@ static void
- terminate(int dummy /*__unused*/)
- {
- close(rpcbindlockfd);
-- unlink(_PATH_RPCBINDSOCK);
-+ if(createdsocket)
-+ unlink(_PATH_RPCBINDSOCK);
- unlink(RPCBINDDLOCK);
- #ifdef WARMSTART
- write_warmstart(); /* Dump yourself */
---
-2.6.4
-
diff --git a/source/n/rpcbind/0004-rpcbind-fix-building-without-enable-debug.patch b/source/n/rpcbind/0004-rpcbind-fix-building-without-enable-debug.patch
new file mode 100644
index 00000000..f7c30794
--- /dev/null
+++ b/source/n/rpcbind/0004-rpcbind-fix-building-without-enable-debug.patch
@@ -0,0 +1,69 @@
+From c0e38c9fd1b2c6785af90c86b26a07724c2488e8 Mon Sep 17 00:00:00 2001
+From: Nick Alcock <nick.alcock@oracle.com>
+Date: Thu, 25 May 2017 12:45:35 -0400
+Subject: [PATCH 4/6] rpcbind: fix building without --enable-debug
+
+All if (debugging) stanzas and their accompanying xlog()s and aborts
+should be within #ifdef RPCBIND_DEBUG.
+
+Fixes a compilation failure due to non-inclusion of <syslog.h> in the
+non-debugging case.
+
+Signed-off-by: Nick Alcock <nick.alcock@oracle.com>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ src/pmap_svc.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/pmap_svc.c b/src/pmap_svc.c
+index 26c31d0..a53dd5f 100644
+--- a/src/pmap_svc.c
++++ b/src/pmap_svc.c
+@@ -263,12 +263,14 @@ done_change:
+ rpcbs_unset(RPCBVERS_2_STAT, ans);
+ done:
+ if (!svc_freeargs(xprt, (xdrproc_t) xdr_pmap, (char *)&reg)) {
++#ifdef RPCBIND_DEBUG
+ if (debugging) {
+ (void) xlog(LOG_DEBUG, "unable to free arguments\n");
+ if (doabort) {
+ rpcbind_abort();
+ }
+ }
++#endif
+ }
+ return (rc);
+ }
+@@ -347,12 +349,14 @@ pmapproc_getport(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt)
+
+ done:
+ if (!svc_freeargs(xprt, (xdrproc_t) xdr_pmap, (char *)&reg)) {
++#ifdef RPCBIND_DEBUG
+ if (debugging) {
+ (void) xlog(LOG_DEBUG, "unable to free arguments\n");
+ if (doabort) {
+ rpcbind_abort();
+ }
+ }
++#endif
+ }
+ return (rc);
+ }
+@@ -385,12 +389,14 @@ pmapproc_dump(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt)
+
+ done:
+ if (!svc_freeargs(xprt, (xdrproc_t) xdr_void, (char *)NULL)) {
++#ifdef RPCBIND_DEBUG
+ if (debugging) {
+ (void) xlog(LOG_DEBUG, "unable to free arguments\n");
+ if (doabort) {
+ rpcbind_abort();
+ }
+ }
++#endif
+ }
+ return (rc);
+ }
+--
+2.13.0
+
diff --git a/source/n/rpcbind/0005-rpcbproc_callit_com-Stop-freeing-a-static-pointer.patch b/source/n/rpcbind/0005-rpcbproc_callit_com-Stop-freeing-a-static-pointer.patch
new file mode 100644
index 00000000..ff42c9e4
--- /dev/null
+++ b/source/n/rpcbind/0005-rpcbproc_callit_com-Stop-freeing-a-static-pointer.patch
@@ -0,0 +1,96 @@
+From 7c7590ad536c0e24bef790cb1e65702fc54db566 Mon Sep 17 00:00:00 2001
+From: Steve Dickson <steved@redhat.com>
+Date: Tue, 30 May 2017 11:27:22 -0400
+Subject: [PATCH 5/6] rpcbproc_callit_com: Stop freeing a static pointer
+
+commit 7ea36ee introduced a svc_freeargs() call
+that ended up freeing static pointer.
+
+It turns out the allocations for the rmt_args
+is not necessary . The xdr routines (xdr_bytes) will
+handle the memory management and the largest
+possible message size is UDPMSGSIZE (due to UDP only)
+which is smaller than RPC_BUF_MAX
+
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ src/rpcb_svc_com.c | 39 ++++++---------------------------------
+ 1 file changed, 6 insertions(+), 33 deletions(-)
+
+diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c
+index cb63afd..1fc2229 100644
+--- a/src/rpcb_svc_com.c
++++ b/src/rpcb_svc_com.c
+@@ -612,9 +612,9 @@ rpcbproc_callit_com(struct svc_req *rqstp, SVCXPRT *transp,
+ struct netconfig *nconf;
+ struct netbuf *caller;
+ struct r_rmtcall_args a;
+- char *buf_alloc = NULL, *outbufp;
++ char *outbufp;
+ char *outbuf_alloc = NULL;
+- char buf[RPC_BUF_MAX], outbuf[RPC_BUF_MAX];
++ char outbuf[RPC_BUF_MAX];
+ struct netbuf *na = (struct netbuf *) NULL;
+ struct rpc_msg call_msg;
+ int outlen;
+@@ -635,36 +635,10 @@ rpcbproc_callit_com(struct svc_req *rqstp, SVCXPRT *transp,
+ }
+ if (si.si_socktype != SOCK_DGRAM)
+ return; /* Only datagram type accepted */
+- sendsz = __rpc_get_t_size(si.si_af, si.si_proto, UDPMSGSIZE);
+- if (sendsz == 0) { /* data transfer not supported */
+- if (reply_type == RPCBPROC_INDIRECT)
+- svcerr_systemerr(transp);
+- return;
+- }
+- /*
+- * Should be multiple of 4 for XDR.
+- */
+- sendsz = ((sendsz + 3) / 4) * 4;
+- if (sendsz > RPC_BUF_MAX) {
+-#ifdef notyet
+- buf_alloc = alloca(sendsz); /* not in IDR2? */
+-#else
+- buf_alloc = malloc(sendsz);
+-#endif /* notyet */
+- if (buf_alloc == NULL) {
+- if (debugging)
+- xlog(LOG_DEBUG,
+- "rpcbproc_callit_com: No Memory!\n");
+- if (reply_type == RPCBPROC_INDIRECT)
+- svcerr_systemerr(transp);
+- return;
+- }
+- a.rmt_args.args = buf_alloc;
+- } else {
+- a.rmt_args.args = buf;
+- }
++ sendsz = UDPMSGSIZE;
+
+ call_msg.rm_xid = 0; /* For error checking purposes */
++ memset(&a, 0, sizeof(a)); /* Zero out the input buffer */
+ if (!svc_getargs(transp, (xdrproc_t) xdr_rmtcall_args, (char *) &a)) {
+ if (reply_type == RPCBPROC_INDIRECT)
+ svcerr_decode(transp);
+@@ -704,7 +678,8 @@ rpcbproc_callit_com(struct svc_req *rqstp, SVCXPRT *transp,
+ if (rbl == (rpcblist_ptr)NULL) {
+ #ifdef RPCBIND_DEBUG
+ if (debugging)
+- xlog(LOG_DEBUG, "not found\n");
++ xlog(LOG_DEBUG, "prog %lu vers %lu: not found\n",
++ a.rmt_prog, a.rmt_vers);
+ #endif
+ if (reply_type == RPCBPROC_INDIRECT)
+ svcerr_noprog(transp);
+@@ -937,8 +912,6 @@ out:
+ }
+ if (local_uaddr)
+ free(local_uaddr);
+- if (buf_alloc)
+- free(buf_alloc);
+ if (outbuf_alloc)
+ free(outbuf_alloc);
+ if (na) {
+--
+2.13.2
+
diff --git a/source/n/rpcbind/0006-rpcbproc_callit_com-No-need-to-allocate-output-buffe.patch b/source/n/rpcbind/0006-rpcbproc_callit_com-No-need-to-allocate-output-buffe.patch
new file mode 100644
index 00000000..1a0aa6cf
--- /dev/null
+++ b/source/n/rpcbind/0006-rpcbproc_callit_com-No-need-to-allocate-output-buffe.patch
@@ -0,0 +1,96 @@
+From 1e2ddd4ebd7a9266e6070f275fa35752752fdfd6 Mon Sep 17 00:00:00 2001
+From: Steve Dickson <steved@redhat.com>
+Date: Tue, 30 May 2017 11:29:58 -0400
+Subject: [PATCH 6/6] rpcbproc_callit_com: No need to allocate output buffer
+
+Now that sendz is a fixed size (UDPMSGSIZE) which
+is small then RPC_BUF_MAX, no need to check the
+sendz size.
+
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ src/rpcb_svc_com.c | 33 +++++----------------------------
+ 1 file changed, 5 insertions(+), 28 deletions(-)
+
+diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c
+index 1fc2229..d36b090 100644
+--- a/src/rpcb_svc_com.c
++++ b/src/rpcb_svc_com.c
+@@ -612,8 +612,6 @@ rpcbproc_callit_com(struct svc_req *rqstp, SVCXPRT *transp,
+ struct netconfig *nconf;
+ struct netbuf *caller;
+ struct r_rmtcall_args a;
+- char *outbufp;
+- char *outbuf_alloc = NULL;
+ char outbuf[RPC_BUF_MAX];
+ struct netbuf *na = (struct netbuf *) NULL;
+ struct rpc_msg call_msg;
+@@ -674,7 +672,6 @@ rpcbproc_callit_com(struct svc_req *rqstp, SVCXPRT *transp,
+
+ rpcbs_rmtcall(versnum - 2, reply_type, a.rmt_prog, a.rmt_vers,
+ a.rmt_proc, transp->xp_netid, rbl);
+-
+ if (rbl == (rpcblist_ptr)NULL) {
+ #ifdef RPCBIND_DEBUG
+ if (debugging)
+@@ -793,24 +790,10 @@ rpcbproc_callit_com(struct svc_req *rqstp, SVCXPRT *transp,
+ call_msg.rm_call.cb_rpcvers = RPC_MSG_VERSION;
+ call_msg.rm_call.cb_prog = a.rmt_prog;
+ call_msg.rm_call.cb_vers = a.rmt_vers;
+- if (sendsz > RPC_BUF_MAX) {
+-#ifdef notyet
+- outbuf_alloc = alloca(sendsz); /* not in IDR2? */
+-#else
+- outbuf_alloc = malloc(sendsz);
+-#endif /* notyet */
+- if (outbuf_alloc == NULL) {
+- if (reply_type == RPCBPROC_INDIRECT)
+- svcerr_systemerr(transp);
+- if (debugging)
+- xlog(LOG_DEBUG,
+- "rpcbproc_callit_com: No memory!\n");
+- goto error;
+- }
+- xdrmem_create(&outxdr, outbuf_alloc, sendsz, XDR_ENCODE);
+- } else {
+- xdrmem_create(&outxdr, outbuf, sendsz, XDR_ENCODE);
+- }
++
++ memset(outbuf, '\0', sendsz); /* Zero out the output buffer */
++ xdrmem_create(&outxdr, outbuf, sendsz, XDR_ENCODE);
++
+ if (!xdr_callhdr(&outxdr, &call_msg)) {
+ if (reply_type == RPCBPROC_INDIRECT)
+ svcerr_systemerr(transp);
+@@ -875,10 +858,6 @@ rpcbproc_callit_com(struct svc_req *rqstp, SVCXPRT *transp,
+ goto error;
+ }
+ outlen = (int) XDR_GETPOS(&outxdr);
+- if (outbuf_alloc)
+- outbufp = outbuf_alloc;
+- else
+- outbufp = outbuf;
+
+ na = uaddr2taddr(nconf, local_uaddr);
+ if (!na) {
+@@ -887,7 +866,7 @@ rpcbproc_callit_com(struct svc_req *rqstp, SVCXPRT *transp,
+ goto error;
+ }
+
+- if (sendto(fd, outbufp, outlen, 0, (struct sockaddr *)na->buf, na->len)
++ if (sendto(fd, outbuf, outlen, 0, (struct sockaddr *)na->buf, na->len)
+ != outlen) {
+ if (debugging)
+ xlog(LOG_DEBUG,
+@@ -912,8 +891,6 @@ out:
+ }
+ if (local_uaddr)
+ free(local_uaddr);
+- if (outbuf_alloc)
+- free(outbuf_alloc);
+ if (na) {
+ free(na->buf);
+ free(na);
+--
+2.13.2
+
diff --git a/source/n/rpcbind/01.rpcbind-manpage-statefile-explanation.patch b/source/n/rpcbind/01.rpcbind-manpage-statefile-explanation.patch
deleted file mode 100644
index 946dd1bd..00000000
--- a/source/n/rpcbind/01.rpcbind-manpage-statefile-explanation.patch
+++ /dev/null
@@ -1,25 +0,0 @@
---- rpcbind-0.2.3/man/rpcbind.8 2015-04-27 16:07:43.000000000 +0200
-+++ rpcbind-0.2.3/man/rpcbind.8 2015-09-22 16:25:40.000000000 +0200
-@@ -132,11 +132,20 @@
- .It Fl w
- Cause
- .Nm
--to do a "warm start" by read a state file when
-+to do a "warm start" by attempting to read *.xdr state files from the
-+state directory
-+.%T /var/state/rpcbind
-+when
- .Nm
--starts up. The state file is created when
-+starts up. The state files are created when
- .Nm
- terminates.
-+.Pp
-+This allows for restarting
-+.Nm
-+without the need to restart all RPC services that have previously registered.
-+The state file serves similar purpose like the file created/restored by
-+pmap_dump and pmap_set utilities, distributed with old portmap server package.
- .El
- .Sh NOTES
- All RPC servers must be restarted if
diff --git a/source/n/rpcbind/doinst.sh b/source/n/rpcbind/doinst.sh
index 5f7dfaf5..67027941 100644
--- a/source/n/rpcbind/doinst.sh
+++ b/source/n/rpcbind/doinst.sh
@@ -21,4 +21,5 @@ preserve_perms() {
config $NEW
}
+config etc/default/rpc.new
preserve_perms etc/rc.d/rc.rpc.new
diff --git a/source/n/rpcbind/rc.rpc b/source/n/rpcbind/rc.rpc
index c850c556..a140d569 100644
--- a/source/n/rpcbind/rc.rpc
+++ b/source/n/rpcbind/rc.rpc
@@ -9,15 +9,36 @@
# To run an NFS server, starting these is mandatory.
#
+# Source default settings:
+if [ -r /etc/default/rpc ]; then
+ . /etc/default/rpc
+fi
+
rpc_start() {
if [ -x /sbin/rpcbind -a -x /sbin/rpc.statd ]; then
+ # Set up port for lockd:
+ if [ -n "$LOCKD_TCP_PORT" ]; then
+ /sbin/sysctl -w "fs.nfs.nlm_tcpport=$LOCKD_TCP_PORT" >/dev/null 2>&1
+ fi
+ if [ -n "$LOCKD_UDP_PORT" ]; then
+ /sbin/sysctl -w "fs.nfs.nlm_udpport=$LOCKD_UDP_PORT" >/dev/null 2>&1
+ fi
if ! ps axc | grep -q rpcbind ; then
- echo "Starting RPC portmapper: /sbin/rpcbind -l $1"
- /sbin/rpcbind -l $1
+ echo "Starting RPC portmapper: /sbin/rpcbind -l $* $RPCBIND_OPTS"
+ /sbin/rpcbind -l "$@" $RPCBIND_OPTS
fi
if ! ps axc | grep -q rpc.statd ; then
- echo "Starting RPC NSM (Network Status Monitor): /sbin/rpc.statd"
- /sbin/rpc.statd
+ if [ -n "$RPC_STATD_HOSTNAME" ]; then
+ RPC_STATD_OPTS="$RPC_STATD_OPTS -n $RPC_STATD_HOSTNAME"
+ fi
+ if [ -n "$RPC_STATD_PORT" ]; then
+ RPC_STATD_OPTS="$RPC_STATD_OPTS -p $RPC_STATD_PORT"
+ fi
+ if [ -n "$RPC_STATD_OUTGOING_PORT" ]; then
+ RPC_STATD_OPTS="$RPC_STATD_OPTS -o $RPC_STATD_OUTGOING_PORT"
+ fi
+ echo "Starting RPC NSM (Network Status Monitor): /sbin/rpc.statd $RPC_STATD_OPTS"
+ /sbin/rpc.statd $RPC_STATD_OPTS
fi
else
echo "WARNING: Cannot start RPC daemons needed for NFS. One or more of"
diff --git a/source/n/rpcbind/rpc.default b/source/n/rpcbind/rpc.default
new file mode 100644
index 00000000..e820fae8
--- /dev/null
+++ b/source/n/rpcbind/rpc.default
@@ -0,0 +1,29 @@
+# See also /etc/default/nfs
+
+# Optional arguments passed to rpcbind. See rpcbind(8)
+#RPCBIND_OPTS=""
+#
+# Optional arguments passed to rpc.statd. See rpc.statd(8)
+#RPC_STATD_OPTS=""
+# Optional hostname to start rpc.statd with.
+#RPC_STATD_HOSTNAME="darkstar"
+# Port rpc.statd should listen on.
+#RPC_STATD_PORT=32766
+# Outgoing port rpc.statd should use.
+#RPC_STATD_OUTGOING_PORT=32765
+#
+# Optional options passed to rquotad. See rquotad(8)
+#RPC_RQUOTAD_OPTS=""
+# Optional port rquotad should listen on:
+#RPC_RQUOTAD_PORT=32769
+#
+# TCP port rpc.lockd should listen on:
+#LOCKD_TCP_PORT=32768
+# UDP port rpc.lockd should listen on:
+#LOCKD_UDP_PORT=32768
+#
+# Optional arguments passed to rpc.mountd. See rpc.mountd(8)
+#RPC_MOUNTD_OPTS=""
+# Port rpc.mountd should listen on:
+#RPC_MOUNTD_PORT=32767
+#
diff --git a/source/n/rpcbind/rpcbind.SlackBuild b/source/n/rpcbind/rpcbind.SlackBuild
index d10f5852..4006dfd7 100755
--- a/source/n/rpcbind/rpcbind.SlackBuild
+++ b/source/n/rpcbind/rpcbind.SlackBuild
@@ -1,6 +1,6 @@
-#!/bin/sh
+#!/bin/bash
-# Copyright 2015 Patrick J. Volkerding, Sebeka, Minnesota, USA
+# Copyright 2015, 2018 Patrick J. Volkerding, Sebeka, Minnesota, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
@@ -20,10 +20,11 @@
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=rpcbind
-VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-1}
+VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
+BUILD=${BUILD:-4}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
@@ -36,6 +37,14 @@ if [ -z "$ARCH" ]; then
export ARCH
fi
+# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
+# the name of the created package would be, and then exit. This information
+# could be useful to other scripts.
+if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
+ echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz"
+ exit 0
+fi
+
NUMJOBS=${NUMJOBS:-" -j7 "}
if [ "$ARCH" = "i386" ]; then
@@ -64,7 +73,6 @@ else
LIBDIRSUFFIX=""
fi
-CWD=$(pwd)
TMP=${TMP:-/tmp}
PKG=$TMP/package-$PKGNAM
@@ -73,18 +81,25 @@ mkdir -p $TMP $PKG
cd $TMP
rm -rf $PKGNAM-$VERSION
-tar xvf $CWD/$PKGNAM-$VERSION.tar.?z* || exit 1
+tar xvf $CWD/$PKGNAM-$VERSION.tar.?z || exit 1
cd $PKGNAM-$VERSION || exit 1
-zcat $CWD/0001-security.c-removed-warning.patch.gz | patch -p1 --verbose || exit 1
-zcat $CWD/0002-Fix-memory-corruption-in-PMAP_CALLIT-code.patch.gz | patch -p1 --verbose || exit 1
-zcat $CWD/0003-handle_reply-Don-t-use-the-xp_auth-pointer-directly.patch.gz | patch -p1 --verbose || exit 1
-zcat $CWD/0004-Delete-the-unix-socket-only-if-we-have-created-it.patch.gz | patch -p1 --verbose || exit 1
-zcat $CWD/01.rpcbind-manpage-statefile-explanation.patch.gz | patch -p1 --verbose || exit 1
+# CVE-2017-8779
+zcat $CWD/0002-rpcbind-pair-all-svc_getargs-calls-with-svc_freeargs.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/0003-pmapproc_dump-Fixed-typo-in-memory-leak-patch.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/0004-rpcbind-fix-building-without-enable-debug.patch.gz | patch -p1 --verbose || exit 1
+
+# Fixes from git master
+zcat $CWD/0005-rpcbproc_callit_com-Stop-freeing-a-static-pointer.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/0006-rpcbproc_callit_com-No-need-to-allocate-output-buffe.patch.gz | patch -p1 --verbose || exit 1
+
+zcat $CWD/0001-man-rpcibind.8-Clarify-state-file-usage-and-history.patch | patch -p1 --verbose || exit 1
zcat $CWD/rpcbind.lwrap.needs.lnsl.diff.gz | patch -p1 --verbose || exit 1
-# This is needed after the patch above:
+
+# This is needed after the libwrap patch above:
autoreconf -vif || exit 1
+./autogen.sh
chown -R root:root .
find . \
@@ -103,8 +118,8 @@ CFLAGS="$SLKCFLAGS" \
--mandir=/usr/man \
--enable-libwrap \
--enable-warmstarts \
- --with-statedir=/var/state/rpcbind \
- --with-rpcuser=bin \
+ --with-statedir=/var/run/rpcbind \
+ --with-rpcuser=rpc \
--with-nss-modules="files" \
--without-systemdsystemunitdir \
--build=$ARCH-slackware-linux || exit 1
@@ -113,14 +128,18 @@ CFLAGS="$SLKCFLAGS" \
make $NUMJOBS || make || exit 1
make install DESTDIR=$PKG || exit 1
-# Make state directory:
-mkdir -p $PKG/var/state/rpcbind
-chown bin:root $PKG/var/state/rpcbind
+# Make state directory (not really needed as rpcbind does this on startup)
+mkdir -p $PKG/var/run/rpcbind
+chown rpc:root $PKG/var/run/rpcbind
# Install init script:
mkdir -p $PKG/etc/rc.d
zcat $CWD/rc.rpc.gz > $PKG/etc/rc.d/rc.rpc.new
+# Install defaults file:
+mkdir -p $PKG/etc/default
+cat $CWD/rpc.default > $PKG/etc/default/rpc.new
+
# Strip binaries:
( cd $PKG
find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
diff --git a/source/n/rpcbind/slack-desc b/source/n/rpcbind/slack-desc
index 70adeb78..48c27820 100644
--- a/source/n/rpcbind/slack-desc
+++ b/source/n/rpcbind/slack-desc
@@ -1,8 +1,8 @@
# HOW TO EDIT THIS FILE:
-# The "handy ruler" below makes it easier to edit a package description. Line
+# The "handy ruler" below makes it easier to edit a package description. Line
# up the first '|' above the ':' following the base package name, and the '|'
-# on the right side marks the last column you can put a character in. You must
-# make exactly 11 lines for the formatting to be correct. It's also
+# on the right side marks the last column you can put a character in. You must
+# make exactly 11 lines for the formatting to be correct. It's also
# customary to leave one space after the ':'.
|-----handy-ruler------------------------------------------------------|
@@ -10,10 +10,10 @@ rpcbind: rpcbind (a daemon to manage RPC connections)
rpcbind:
rpcbind: This is a network daemon used to manage connections to RPC services.
rpcbind: It is meant as a replacement for the 'rpc.portmap' server from the
-rpcbind: 'portmap' package. Daemons that offer RPC services (such as the
+rpcbind: 'portmap' package. Daemons that offer RPC services (such as the
rpcbind: daemons for NFS) tell the rpcbind on what port they listen.
rpcbind: RPC network port numbers may change each time the system is booted.
rpcbind:
rpcbind: This package is required to use NFS or other RPC services.
rpcbind:
-rpcbind: Homepage: http://sourceforge.net/projects/rpcbind/
+rpcbind: Homepage: http://sourceforge.net/projects/rpcbind/