From patchwork Sun Jan 19 22:08:42 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 8435 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4YbngH19tRz3x3f for ; Sun, 19 Jan 2025 22:08:59 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E5" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4YbngF1mb9z2ZS; Sun, 19 Jan 2025 22:08:57 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4YbngF1Dflz33dN; Sun, 19 Jan 2025 22:08:57 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4Ybng65TVHz33dN for ; Sun, 19 Jan 2025 22:08:50 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4Ybng642x7z27Z; Sun, 19 Jan 2025 22:08:50 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1737324530; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=nyFIMgYPVLzAo76JmhMAhNiGVTUoXRScI26c/A1ennA=; b=z0PU7Nl1npI/HR539gyDxeaxV99bLjWgZaxlMd8JY6GYYhPA+3hXqwfwG2VuEPn+8ICsUx fTrERBq6nfadAOCA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1737324530; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=nyFIMgYPVLzAo76JmhMAhNiGVTUoXRScI26c/A1ennA=; b=lgX22PN5nKLlnj+R3UwfeT1Debn04yW0mQyeSsI2Vq5ciuoYHbVXIgp9wMLzLp8wrotSd2 S1QcZjNjXvvdb7nhz8Rh7fbyCjpD09B9cHmEzsZVXXLi/wcDnvXPjVKyiNY9l6PAT+c9qg l/4y8tNF+XLknbDOxZrKFX70WPM+hBu+Q7IktZIJO3VuVsAtmxmRBbIn2WAstIafG8J0Fa AoyUvVN+rs4SqFJBhOLuwS2vcWLqo7CgdSVOCSWcq0x5onX5cWC/QXw8VTUYzTldffK59G h+8S23gBq7XLwDGOtgmF62y5YMgDe3Rp7ecaC53c6SiSv6qc1BJShvNpgDn9iw== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] rpcbind: Update to version 1.2.7 Date: Sun, 19 Jan 2025 23:08:42 +0100 Message-ID: <20250119220844.3292084-3-adolf.belka@ipfire.org> In-Reply-To: <20250119220844.3292084-1-adolf.belka@ipfire.org> References: <20250119220844.3292084-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Message-ID-Hash: IKRMCZPGQYEIODTKN7QN6KDMLTKGCGYJ X-Message-ID-Hash: IKRMCZPGQYEIODTKN7QN6KDMLTKGCGYJ X-MailFrom: adolf.belka@ipfire.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: IPFire development talk Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: - Update from versio0n 1.2.6 to 1.2.7 - Update of rootfile - Changelog 1.2.7 rpcinfo: try connecting using abstract address. rpcinfo doesn't use library calls to set up the address for rpcbind. So to get to it try the new abstract address, we need to explicitly teach it how. Listen on an AF_UNIX abstract address if supported. As RPC is primarily a network service it is best, on Linux, to use network namespaces to isolate it. However contacting rpcbind via an AF_UNIX socket allows escape from the network namespace. If clients could use an abstract address, that would ensure clients contact an rpcbind in the same network namespace. systemd can pass in a listening abstract socket by providing an '@' prefix. However with libtirpc 1.3.3 or earlier attempting this will fail as the library mistakenly determines that the socket is not bound. This generates unsightly error messages. So it is best not to request the abstract address when it is not likely to work. A patch to fix this also proposes adding a define for _PATH_RPCBINDSOCK_ABSTRACT to the header files. We can check for this and only include the new ListenStream when that define is present. autotools/systemd: call rpcbind with -w only on enabled warm starts If rpcbind is configured with --disable-warmstarts it responds on -w with its usage string. This is not helpful in a systemd service, so pass -w conditionally. rpcbind: fix double free in init_transport $ rpcbind -h 127.0.0.1 free(): double free detected in tcache 2 Aborted Signed-off-by: Adolf Belka --- lfs/rpcbind | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lfs/rpcbind b/lfs/rpcbind index 31708192c..a707d9c05 100644 --- a/lfs/rpcbind +++ b/lfs/rpcbind @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2025 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config SUMMARY = Transport independent RPC portmapper -VER = 1.2.6 +VER = 1.2.7 THISAPP = rpcbind-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = rpcbind -PAK_VER = 7 +PAK_VER = 8 DEPS = @@ -48,7 +48,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = bb0e9f81e4747f8a732c9e25af561e79f2b6cd1c1955db586833871901b6da73f4b7ef32149a81b75daa81359b9c0554726670460b28857042dd66a2f861cac2 +$(DL_FILE)_BLAKE2 = f1e79b304ce5fe06c1c256d3512d999daffca782d956440f612b8a957ad7ddb35356b47aa4f4105d5b24d820daab32ec3a0f4a3b8ac76bb7adf5c3ed22d2ef01 install : $(TARGET)