aboutsummaryrefslogtreecommitdiff
path: root/gnu
diff options
context:
space:
mode:
Diffstat (limited to 'gnu')
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/onc-rpc.scm12
-rw-r--r--gnu/packages/patches/libtirpc-CVE-2021-46828.patch567
3 files changed, 579 insertions, 1 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index bfaa1ea5db..a837d16e34 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1429,6 +1429,7 @@ dist_patch_DATA = \
%D%/packages/patches/libtgvoip-disable-sse2.patch \
%D%/packages/patches/libtgvoip-disable-webrtc.patch \
%D%/packages/patches/libtheora-config-guess.patch \
+ %D%/packages/patches/libtirpc-CVE-2021-46828.patch \
%D%/packages/patches/libtirpc-hurd.patch \
%D%/packages/patches/libtommath-fix-linkage.patch \
%D%/packages/patches/libtool-skip-tests2.patch \
diff --git a/gnu/packages/onc-rpc.scm b/gnu/packages/onc-rpc.scm
index f1cab94e08..873dc54c30 100644
--- a/gnu/packages/onc-rpc.scm
+++ b/gnu/packages/onc-rpc.scm
@@ -5,6 +5,7 @@
;;; Copyright © 2018, 2021 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2019 Marius Bakke <mbakke@fastmail.com>
;;; Copyright © 2020 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2022 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -38,6 +39,7 @@
(package
(name "libtirpc")
(version "1.3.1")
+ (replacement libtirpc/fixed)
(source (origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/libtirpc/libtirpc/"
@@ -74,7 +76,8 @@ IPv4 and IPv6. ONC RPC is notably used by the network file system (NFS).")
(package/inherit libtirpc
(name "libtirpc-hurd")
(source (origin (inherit (package-source libtirpc))
- (patches (search-patches "libtirpc-hurd.patch"))))
+ (patches (search-patches "libtirpc-hurd.patch"
+ "libtirpc-CVE-2021-46828.patch"))))
(arguments
(substitute-keyword-arguments (package-arguments libtirpc)
((#:configure-flags flags ''())
@@ -83,6 +86,13 @@ IPv4 and IPv6. ONC RPC is notably used by the network file system (NFS).")
(assoc-ref %build-inputs "mit-krb5")
"/bin/krb5-config")))))))
+(define libtirpc/fixed
+ (package
+ (inherit libtirpc)
+ (source (origin
+ (inherit (package-source libtirpc))
+ (patches (search-patches "libtirpc-CVE-2021-46828.patch"))))))
+
(define-public rpcbind
(package
(name "rpcbind")
diff --git a/gnu/packages/patches/libtirpc-CVE-2021-46828.patch b/gnu/packages/patches/libtirpc-CVE-2021-46828.patch
new file mode 100644
index 0000000000..d7ecbd239d
--- /dev/null
+++ b/gnu/packages/patches/libtirpc-CVE-2021-46828.patch
@@ -0,0 +1,567 @@
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46828
+https://nvd.nist.gov/vuln/detail/CVE-2021-46828
+
+http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=86529758570cef4c73fb9b9c4104fdc510f701ed
+
+From 86529758570cef4c73fb9b9c4104fdc510f701ed Mon Sep 17 00:00:00 2001
+From: Dai Ngo <dai.ngo@oracle.com>
+Date: Sat, 21 Aug 2021 13:16:23 -0400
+Subject: [PATCH] Fix DoS vulnerability in libtirpc
+
+Currently svc_run does not handle poll timeout and rendezvous_request
+does not handle EMFILE error returned from accept(2 as it used to.
+These two missing functionality were removed by commit b2c9430f46c4.
+
+The effect of not handling poll timeout allows idle TCP conections
+to remain ESTABLISHED indefinitely. When the number of connections
+reaches the limit of the open file descriptors (ulimit -n) then
+accept(2) fails with EMFILE. Since there is no handling of EMFILE
+error this causes svc_run() to get in a tight loop calling accept(2).
+This resulting in the RPC service of svc_run is being down, it's
+no longer able to service any requests.
+
+RPC service rpcbind, statd and mountd are effected by this
+problem.
+
+Fix by enhancing rendezvous_request to keep the number of
+SVCXPRT conections to 4/5 of the size of the file descriptor
+table. When this thresold is reached, it destroys the idle
+TCP connections or destroys the least active connection if
+no idle connnction was found.
+
+Fixes: 44bf15b8 rpcbind: don't use obsolete svc_fdset interface of libtirpc
+Signed-off-by: dai.ngo@oracle.com
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ INSTALL | 371 +----------------------------------------------------------
+ src/svc.c | 17 ++-
+ src/svc_vc.c | 62 +++++++++-
+ 3 files changed, 78 insertions(+), 372 deletions(-)
+ mode change 100644 => 120000 INSTALL
+
+diff --git a/INSTALL b/INSTALL
+deleted file mode 100644
+index 2099840..0000000
+--- a/INSTALL
++++ /dev/null
+@@ -1,370 +0,0 @@
+-Installation Instructions
+-*************************
+-
+-Copyright (C) 1994-1996, 1999-2002, 2004-2013 Free Software Foundation,
+-Inc.
+-
+- Copying and distribution of this file, with or without modification,
+-are permitted in any medium without royalty provided the copyright
+-notice and this notice are preserved. This file is offered as-is,
+-without warranty of any kind.
+-
+-Basic Installation
+-==================
+-
+- Briefly, the shell command `./configure && make && make install'
+-should configure, build, and install this package. The following
+-more-detailed instructions are generic; see the `README' file for
+-instructions specific to this package. Some packages provide this
+-`INSTALL' file but do not implement all of the features documented
+-below. The lack of an optional feature in a given package is not
+-necessarily a bug. More recommendations for GNU packages can be found
+-in *note Makefile Conventions: (standards)Makefile Conventions.
+-
+- The `configure' shell script attempts to guess correct values for
+-various system-dependent variables used during compilation. It uses
+-those values to create a `Makefile' in each directory of the package.
+-It may also create one or more `.h' files containing system-dependent
+-definitions. Finally, it creates a shell script `config.status' that
+-you can run in the future to recreate the current configuration, and a
+-file `config.log' containing compiler output (useful mainly for
+-debugging `configure').
+-
+- It can also use an optional file (typically called `config.cache'
+-and enabled with `--cache-file=config.cache' or simply `-C') that saves
+-the results of its tests to speed up reconfiguring. Caching is
+-disabled by default to prevent problems with accidental use of stale
+-cache files.
+-
+- If you need to do unusual things to compile the package, please try
+-to figure out how `configure' could check whether to do them, and mail
+-diffs or instructions to the address given in the `README' so they can
+-be considered for the next release. If you are using the cache, and at
+-some point `config.cache' contains results you don't want to keep, you
+-may remove or edit it.
+-
+- The file `configure.ac' (or `configure.in') is used to create
+-`configure' by a program called `autoconf'. You need `configure.ac' if
+-you want to change it or regenerate `configure' using a newer version
+-of `autoconf'.
+-
+- The simplest way to compile this package is:
+-
+- 1. `cd' to the directory containing the package's source code and type
+- `./configure' to configure the package for your system.
+-
+- Running `configure' might take a while. While running, it prints
+- some messages telling which features it is checking for.
+-
+- 2. Type `make' to compile the package.
+-
+- 3. Optionally, type `make check' to run any self-tests that come with
+- the package, generally using the just-built uninstalled binaries.
+-
+- 4. Type `make install' to install the programs and any data files and
+- documentation. When installing into a prefix owned by root, it is
+- recommended that the package be configured and built as a regular
+- user, and only the `make install' phase executed with root
+- privileges.
+-
+- 5. Optionally, type `make installcheck' to repeat any self-tests, but
+- this time using the binaries in their final installed location.
+- This target does not install anything. Running this target as a
+- regular user, particularly if the prior `make install' required
+- root privileges, verifies that the installation completed
+- correctly.
+-
+- 6. You can remove the program binaries and object files from the
+- source code directory by typing `make clean'. To also remove the
+- files that `configure' created (so you can compile the package for
+- a different kind of computer), type `make distclean'. There is
+- also a `make maintainer-clean' target, but that is intended mainly
+- for the package's developers. If you use it, you may have to get
+- all sorts of other programs in order to regenerate files that came
+- with the distribution.
+-
+- 7. Often, you can also type `make uninstall' to remove the installed
+- files again. In practice, not all packages have tested that
+- uninstallation works correctly, even though it is required by the
+- GNU Coding Standards.
+-
+- 8. Some packages, particularly those that use Automake, provide `make
+- distcheck', which can by used by developers to test that all other
+- targets like `make install' and `make uninstall' work correctly.
+- This target is generally not run by end users.
+-
+-Compilers and Options
+-=====================
+-
+- Some systems require unusual options for compilation or linking that
+-the `configure' script does not know about. Run `./configure --help'
+-for details on some of the pertinent environment variables.
+-
+- You can give `configure' initial values for configuration parameters
+-by setting variables in the command line or in the environment. Here
+-is an example:
+-
+- ./configure CC=c99 CFLAGS=-g LIBS=-lposix
+-
+- *Note Defining Variables::, for more details.
+-
+-Compiling For Multiple Architectures
+-====================================
+-
+- You can compile the package for more than one kind of computer at the
+-same time, by placing the object files for each architecture in their
+-own directory. To do this, you can use GNU `make'. `cd' to the
+-directory where you want the object files and executables to go and run
+-the `configure' script. `configure' automatically checks for the
+-source code in the directory that `configure' is in and in `..'. This
+-is known as a "VPATH" build.
+-
+- With a non-GNU `make', it is safer to compile the package for one
+-architecture at a time in the source code directory. After you have
+-installed the package for one architecture, use `make distclean' before
+-reconfiguring for another architecture.
+-
+- On MacOS X 10.5 and later systems, you can create libraries and
+-executables that work on multiple system types--known as "fat" or
+-"universal" binaries--by specifying multiple `-arch' options to the
+-compiler but only a single `-arch' option to the preprocessor. Like
+-this:
+-
+- ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
+- CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
+- CPP="gcc -E" CXXCPP="g++ -E"
+-
+- This is not guaranteed to produce working output in all cases, you
+-may have to build one architecture at a time and combine the results
+-using the `lipo' tool if you have problems.
+-
+-Installation Names
+-==================
+-
+- By default, `make install' installs the package's commands under
+-`/usr/local/bin', include files under `/usr/local/include', etc. You
+-can specify an installation prefix other than `/usr/local' by giving
+-`configure' the option `--prefix=PREFIX', where PREFIX must be an
+-absolute file name.
+-
+- You can specify separate installation prefixes for
+-architecture-specific files and architecture-independent files. If you
+-pass the option `--exec-prefix=PREFIX' to `configure', the package uses
+-PREFIX as the prefix for installing programs and libraries.
+-Documentation and other data files still use the regular prefix.
+-
+- In addition, if you use an unusual directory layout you can give
+-options like `--bindir=DIR' to specify different values for particular
+-kinds of files. Run `configure --help' for a list of the directories
+-you can set and what kinds of files go in them. In general, the
+-default for these options is expressed in terms of `${prefix}', so that
+-specifying just `--prefix' will affect all of the other directory
+-specifications that were not explicitly provided.
+-
+- The most portable way to affect installation locations is to pass the
+-correct locations to `configure'; however, many packages provide one or
+-both of the following shortcuts of passing variable assignments to the
+-`make install' command line to change installation locations without
+-having to reconfigure or recompile.
+-
+- The first method involves providing an override variable for each
+-affected directory. For example, `make install
+-prefix=/alternate/directory' will choose an alternate location for all
+-directory configuration variables that were expressed in terms of
+-`${prefix}'. Any directories that were specified during `configure',
+-but not in terms of `${prefix}', must each be overridden at install
+-time for the entire installation to be relocated. The approach of
+-makefile variable overrides for each directory variable is required by
+-the GNU Coding Standards, and ideally causes no recompilation.
+-However, some platforms have known limitations with the semantics of
+-shared libraries that end up requiring recompilation when using this
+-method, particularly noticeable in packages that use GNU Libtool.
+-
+- The second method involves providing the `DESTDIR' variable. For
+-example, `make install DESTDIR=/alternate/directory' will prepend
+-`/alternate/directory' before all installation names. The approach of
+-`DESTDIR' overrides is not required by the GNU Coding Standards, and
+-does not work on platforms that have drive letters. On the other hand,
+-it does better at avoiding recompilation issues, and works well even
+-when some directory options were not specified in terms of `${prefix}'
+-at `configure' time.
+-
+-Optional Features
+-=================
+-
+- If the package supports it, you can cause programs to be installed
+-with an extra prefix or suffix on their names by giving `configure' the
+-option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
+-
+- Some packages pay attention to `--enable-FEATURE' options to
+-`configure', where FEATURE indicates an optional part of the package.
+-They may also pay attention to `--with-PACKAGE' options, where PACKAGE
+-is something like `gnu-as' or `x' (for the X Window System). The
+-`README' should mention any `--enable-' and `--with-' options that the
+-package recognizes.
+-
+- For packages that use the X Window System, `configure' can usually
+-find the X include and library files automatically, but if it doesn't,
+-you can use the `configure' options `--x-includes=DIR' and
+-`--x-libraries=DIR' to specify their locations.
+-
+- Some packages offer the ability to configure how verbose the
+-execution of `make' will be. For these packages, running `./configure
+---enable-silent-rules' sets the default to minimal output, which can be
+-overridden with `make V=1'; while running `./configure
+---disable-silent-rules' sets the default to verbose, which can be
+-overridden with `make V=0'.
+-
+-Particular systems
+-==================
+-
+- On HP-UX, the default C compiler is not ANSI C compatible. If GNU
+-CC is not installed, it is recommended to use the following options in
+-order to use an ANSI C compiler:
+-
+- ./configure CC="cc -Ae -D_XOPEN_SOURCE=500"
+-
+-and if that doesn't work, install pre-built binaries of GCC for HP-UX.
+-
+- HP-UX `make' updates targets which have the same time stamps as
+-their prerequisites, which makes it generally unusable when shipped
+-generated files such as `configure' are involved. Use GNU `make'
+-instead.
+-
+- On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot
+-parse its `<wchar.h>' header file. The option `-nodtk' can be used as
+-a workaround. If GNU CC is not installed, it is therefore recommended
+-to try
+-
+- ./configure CC="cc"
+-
+-and if that doesn't work, try
+-
+- ./configure CC="cc -nodtk"
+-
+- On Solaris, don't put `/usr/ucb' early in your `PATH'. This
+-directory contains several dysfunctional programs; working variants of
+-these programs are available in `/usr/bin'. So, if you need `/usr/ucb'
+-in your `PATH', put it _after_ `/usr/bin'.
+-
+- On Haiku, software installed for all users goes in `/boot/common',
+-not `/usr/local'. It is recommended to use the following options:
+-
+- ./configure --prefix=/boot/common
+-
+-Specifying the System Type
+-==========================
+-
+- There may be some features `configure' cannot figure out
+-automatically, but needs to determine by the type of machine the package
+-will run on. Usually, assuming the package is built to be run on the
+-_same_ architectures, `configure' can figure that out, but if it prints
+-a message saying it cannot guess the machine type, give it the
+-`--build=TYPE' option. TYPE can either be a short name for the system
+-type, such as `sun4', or a canonical name which has the form:
+-
+- CPU-COMPANY-SYSTEM
+-
+-where SYSTEM can have one of these forms:
+-
+- OS
+- KERNEL-OS
+-
+- See the file `config.sub' for the possible values of each field. If
+-`config.sub' isn't included in this package, then this package doesn't
+-need to know the machine type.
+-
+- If you are _building_ compiler tools for cross-compiling, you should
+-use the option `--target=TYPE' to select the type of system they will
+-produce code for.
+-
+- If you want to _use_ a cross compiler, that generates code for a
+-platform different from the build platform, you should specify the
+-"host" platform (i.e., that on which the generated programs will
+-eventually be run) with `--host=TYPE'.
+-
+-Sharing Defaults
+-================
+-
+- If you want to set default values for `configure' scripts to share,
+-you can create a site shell script called `config.site' that gives
+-default values for variables like `CC', `cache_file', and `prefix'.
+-`configure' looks for `PREFIX/share/config.site' if it exists, then
+-`PREFIX/etc/config.site' if it exists. Or, you can set the
+-`CONFIG_SITE' environment variable to the location of the site script.
+-A warning: not all `configure' scripts look for a site script.
+-
+-Defining Variables
+-==================
+-
+- Variables not defined in a site shell script can be set in the
+-environment passed to `configure'. However, some packages may run
+-configure again during the build, and the customized values of these
+-variables may be lost. In order to avoid this problem, you should set
+-them in the `configure' command line, using `VAR=value'. For example:
+-
+- ./configure CC=/usr/local2/bin/gcc
+-
+-causes the specified `gcc' to be used as the C compiler (unless it is
+-overridden in the site shell script).
+-
+-Unfortunately, this technique does not work for `CONFIG_SHELL' due to
+-an Autoconf limitation. Until the limitation is lifted, you can use
+-this workaround:
+-
+- CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash
+-
+-`configure' Invocation
+-======================
+-
+- `configure' recognizes the following options to control how it
+-operates.
+-
+-`--help'
+-`-h'
+- Print a summary of all of the options to `configure', and exit.
+-
+-`--help=short'
+-`--help=recursive'
+- Print a summary of the options unique to this package's
+- `configure', and exit. The `short' variant lists options used
+- only in the top level, while the `recursive' variant lists options
+- also present in any nested packages.
+-
+-`--version'
+-`-V'
+- Print the version of Autoconf used to generate the `configure'
+- script, and exit.
+-
+-`--cache-file=FILE'
+- Enable the cache: use and save the results of the tests in FILE,
+- traditionally `config.cache'. FILE defaults to `/dev/null' to
+- disable caching.
+-
+-`--config-cache'
+-`-C'
+- Alias for `--cache-file=config.cache'.
+-
+-`--quiet'
+-`--silent'
+-`-q'
+- Do not print messages saying which checks are being made. To
+- suppress all normal output, redirect it to `/dev/null' (any error
+- messages will still be shown).
+-
+-`--srcdir=DIR'
+- Look for the package's source code in directory DIR. Usually
+- `configure' can determine that directory automatically.
+-
+-`--prefix=DIR'
+- Use DIR as the installation prefix. *note Installation Names::
+- for more details, including other options available for fine-tuning
+- the installation locations.
+-
+-`--no-create'
+-`-n'
+- Run the configure checks, but stop before creating any output
+- files.
+-
+-`configure' also accepts some other, not widely useful, options. Run
+-`configure --help' for more details.
+diff --git a/INSTALL b/INSTALL
+new file mode 120000
+index 0000000..e3f22c0
+--- /dev/null
++++ b/INSTALL
+@@ -0,0 +1 @@
++/usr/share/automake-1.16/INSTALL
+\ No newline at end of file
+diff --git a/src/svc.c b/src/svc.c
+index 6db164b..3a8709f 100644
+--- a/src/svc.c
++++ b/src/svc.c
+@@ -57,7 +57,7 @@
+
+ #define max(a, b) (a > b ? a : b)
+
+-static SVCXPRT **__svc_xports;
++SVCXPRT **__svc_xports;
+ int __svc_maxrec;
+
+ /*
+@@ -194,6 +194,21 @@ __xprt_do_unregister (xprt, dolock)
+ rwlock_unlock (&svc_fd_lock);
+ }
+
++int
++svc_open_fds()
++{
++ int ix;
++ int nfds = 0;
++
++ rwlock_rdlock (&svc_fd_lock);
++ for (ix = 0; ix < svc_max_pollfd; ++ix) {
++ if (svc_pollfd[ix].fd != -1)
++ nfds++;
++ }
++ rwlock_unlock (&svc_fd_lock);
++ return (nfds);
++}
++
+ /*
+ * Add a service program to the callout list.
+ * The dispatch routine will be called when a rpc request for this
+diff --git a/src/svc_vc.c b/src/svc_vc.c
+index f1d9f00..3dc8a75 100644
+--- a/src/svc_vc.c
++++ b/src/svc_vc.c
+@@ -64,6 +64,8 @@
+
+
+ extern rwlock_t svc_fd_lock;
++extern SVCXPRT **__svc_xports;
++extern int svc_open_fds();
+
+ static SVCXPRT *makefd_xprt(int, u_int, u_int);
+ static bool_t rendezvous_request(SVCXPRT *, struct rpc_msg *);
+@@ -82,6 +84,7 @@ static void svc_vc_ops(SVCXPRT *);
+ static bool_t svc_vc_control(SVCXPRT *xprt, const u_int rq, void *in);
+ static bool_t svc_vc_rendezvous_control (SVCXPRT *xprt, const u_int rq,
+ void *in);
++static int __svc_destroy_idle(int timeout);
+
+ struct cf_rendezvous { /* kept in xprt->xp_p1 for rendezvouser */
+ u_int sendsize;
+@@ -313,13 +316,14 @@ done:
+ return (xprt);
+ }
+
++
+ /*ARGSUSED*/
+ static bool_t
+ rendezvous_request(xprt, msg)
+ SVCXPRT *xprt;
+ struct rpc_msg *msg;
+ {
+- int sock, flags;
++ int sock, flags, nfds, cnt;
+ struct cf_rendezvous *r;
+ struct cf_conn *cd;
+ struct sockaddr_storage addr;
+@@ -379,6 +383,16 @@ again:
+
+ gettimeofday(&cd->last_recv_time, NULL);
+
++ nfds = svc_open_fds();
++ if (nfds >= (_rpc_dtablesize() / 5) * 4) {
++ /* destroy idle connections */
++ cnt = __svc_destroy_idle(15);
++ if (cnt == 0) {
++ /* destroy least active */
++ __svc_destroy_idle(0);
++ }
++ }
++
+ return (FALSE); /* there is never an rpc msg to be processed */
+ }
+
+@@ -820,3 +834,49 @@ __svc_clean_idle(fd_set *fds, int timeout, bool_t cleanblock)
+ {
+ return FALSE;
+ }
++
++static int
++__svc_destroy_idle(int timeout)
++{
++ int i, ncleaned = 0;
++ SVCXPRT *xprt, *least_active;
++ struct timeval tv, tdiff, tmax;
++ struct cf_conn *cd;
++
++ gettimeofday(&tv, NULL);
++ tmax.tv_sec = tmax.tv_usec = 0;
++ least_active = NULL;
++ rwlock_wrlock(&svc_fd_lock);
++
++ for (i = 0; i <= svc_max_pollfd; i++) {
++ if (svc_pollfd[i].fd == -1)
++ continue;
++ xprt = __svc_xports[i];
++ if (xprt == NULL || xprt->xp_ops == NULL ||
++ xprt->xp_ops->xp_recv != svc_vc_recv)
++ continue;
++ cd = (struct cf_conn *)xprt->xp_p1;
++ if (!cd->nonblock)
++ continue;
++ if (timeout == 0) {
++ timersub(&tv, &cd->last_recv_time, &tdiff);
++ if (timercmp(&tdiff, &tmax, >)) {
++ tmax = tdiff;
++ least_active = xprt;
++ }
++ continue;
++ }
++ if (tv.tv_sec - cd->last_recv_time.tv_sec > timeout) {
++ __xprt_unregister_unlocked(xprt);
++ __svc_vc_dodestroy(xprt);
++ ncleaned++;
++ }
++ }
++ if (timeout == 0 && least_active != NULL) {
++ __xprt_unregister_unlocked(least_active);
++ __svc_vc_dodestroy(least_active);
++ ncleaned++;
++ }
++ rwlock_unlock(&svc_fd_lock);
++ return (ncleaned);
++}
+--
+1.8.3.1
+