Browse code
Apply patch for CVE-2018-14621 for libtirpc
Change-Id: I26718e341bb0c746f7a8567c77126dc40e74f56d
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/6264
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Sharath George
smaliakkal authored on 2018/12/01 06:21:23Showing 2 changed files
| 1 | 1 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,45 @@ |
| 0 |
+From fce98161d9815ea016855d9f00274276452c2c4b Mon Sep 17 00:00:00 2001 |
|
| 1 |
+From: Steve Dickson <steved@redhat.com> |
|
| 2 |
+Date: Thu, 3 Mar 2016 14:31:08 -0500 |
|
| 3 |
+Subject: [PATCH 1/1] rendezvous_request: fix endless loop in EMFILE case |
|
| 4 |
+ |
|
| 5 |
+With the port to poll, and endless loop can be created |
|
| 6 |
+when we run out of file descriptors. Remove the code |
|
| 7 |
+that tries to recover from that error |
|
| 8 |
+ |
|
| 9 |
+Signed-off-by: Steve Dickson <steved@redhat.com> |
|
| 10 |
+--- |
|
| 11 |
+ src/svc_vc.c | 16 ++-------------- |
|
| 12 |
+ 1 file changed, 2 insertions(+), 14 deletions(-) |
|
| 13 |
+ |
|
| 14 |
+diff --git a/src/svc_vc.c b/src/svc_vc.c |
|
| 15 |
+index 7415244..97a76a3 100644 |
|
| 16 |
+--- a/src/svc_vc.c |
|
| 17 |
+@@ -332,22 +332,10 @@ rendezvous_request(xprt, msg) |
|
| 18 |
+ r = (struct cf_rendezvous *)xprt->xp_p1; |
|
| 19 |
+ again: |
|
| 20 |
+ len = sizeof addr; |
|
| 21 |
+- if ((sock = accept(xprt->xp_fd, (struct sockaddr *)(void *)&addr, |
|
| 22 |
+- &len)) < 0) {
|
|
| 23 |
++ sock = accept(xprt->xp_fd, (struct sockaddr *)(void *)&addr, &len); |
|
| 24 |
++ if (sock < 0) {
|
|
| 25 |
+ if (errno == EINTR) |
|
| 26 |
+ goto again; |
|
| 27 |
+- |
|
| 28 |
+- if (errno == EMFILE || errno == ENFILE) {
|
|
| 29 |
+- /* If there are no file descriptors available, then accept will fail. |
|
| 30 |
+- We want to delay here so the connection request can be dequeued; |
|
| 31 |
+- otherwise we can bounce between polling and accepting, never |
|
| 32 |
+- giving the request a chance to dequeue and eating an enormous |
|
| 33 |
+- amount of cpu time in svc_run if we're polling on many file |
|
| 34 |
+- descriptors. */ |
|
| 35 |
+- struct timespec ts = { .tv_sec = 0, .tv_nsec = 50000000 };
|
|
| 36 |
+- nanosleep (&ts, NULL); |
|
| 37 |
+- goto again; |
|
| 38 |
+- } |
|
| 39 |
+ return (FALSE); |
|
| 40 |
+ } |
|
| 41 |
+ /* |
|
| 42 |
+-- |
|
| 43 |
+1.8.3.1 |
| ... | ... |
@@ -1,11 +1,12 @@ |
| 1 | 1 |
Summary: Libraries for Transport Independent RPC |
| 2 | 2 |
Name: libtirpc |
| 3 | 3 |
Version: 1.0.1 |
| 4 |
-Release: 7%{?dist}
|
|
| 4 |
+Release: 8%{?dist}
|
|
| 5 | 5 |
Source0: http://downloads.sourceforge.net/project/libtirpc/libtirpc/0.3.2/%{name}-%{version}.tar.bz2
|
| 6 | 6 |
%define sha1 libtirpc=8da1636f98b5909c0d587e7534bc1e91f5c1a970 |
| 7 | 7 |
Patch0: libtirpc-1.0.1-bindrsvport-blacklist.patch |
| 8 | 8 |
Patch1: libtirpc-CVE-2017-8779.patch |
| 9 |
+Patch2: libtirpc-CVE-2018-14621.patch |
|
| 9 | 10 |
License: BSD |
| 10 | 11 |
Group: System Environment/Libraries |
| 11 | 12 |
URL: http://nfsv4.bullopensource.org/ |
| ... | ... |
@@ -40,6 +41,7 @@ This package includes header files and libraries necessary for developing progra |
| 40 | 40 |
%setup -q |
| 41 | 41 |
%patch0 |
| 42 | 42 |
%patch1 -p1 |
| 43 |
+%patch2 -p1 |
|
| 43 | 44 |
|
| 44 | 45 |
%build |
| 45 | 46 |
./configure --prefix=%{_prefix} --sysconfdir=%{_sysconfdir}
|
| ... | ... |
@@ -70,6 +72,8 @@ make install DESTDIR=%{buildroot}
|
| 70 | 70 |
%{_libdir}/*.la
|
| 71 | 71 |
|
| 72 | 72 |
%changelog |
| 73 |
+* Fri Nov 30 2018 Siju Maliakkal <smaliakkal@vmware.com> 1.0.1-8 |
|
| 74 |
+- Apply patch for CVE-2018-14621 |
|
| 73 | 75 |
* Thu Aug 24 2017 Alexey Makhalov <amakhalov@vmware.com> 1.0.1-7 |
| 74 | 76 |
- Fix compilation issue for glibc-2.26 |
| 75 | 77 |
* Thu May 18 2017 Vinay Kulkarni <kulkarniv@vmware.com> 1.0.1-6 |