update buildroot to 2017.02.11

bsp/buildroot-2017.02.11/package/rpcbind/0001-Remove-yellow-pages-support.patch

@@ -0,0 +1,56 @@
+From 226b9c57ff403b407dbf1ff8a615da455a4cbd23 Mon Sep 17 00:00:00 2001
+From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+Date: Sat, 10 Nov 2012 22:03:43 +0100
+Subject: [PATCH] Remove yellow pages support
+
+This support requires yellow pages support in libtirpc, which isn't
+available. As most Buildroot users are most likely never going to need
+such feature, get rid of it.
+
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+---
+ src/security.c | 18 ------------------
+ 1 file changed, 18 deletions(-)
+
+diff --git a/src/security.c b/src/security.c
+index 0c9453f..abc81bb 100644
+--- a/src/security.c
++++ b/src/security.c
+@@ -24,9 +24,6 @@
+ #include <rpcsvc/mount.h>
+ #include <rpcsvc/rquota.h>
+ #include <rpcsvc/nfs_prot.h>
+-#include <rpcsvc/yp.h>
+-#include <rpcsvc/ypclnt.h>
+-#include <rpcsvc/yppasswd.h>
+ #else
+ # define MOUNTPROC_MNT	1
+ # define MOUNTPROC_UMNT	3
+@@ -325,24 +322,9 @@ check_callit(SVCXPRT *xprt, struct r_rmtcall_args *args, int versnum /*__unused*
+ 		    args->rmt_proc != MOUNTPROC_UMNT)
+ 			break;
+ 		goto deny;
+-	case YPBINDPROG:
+-		if (args->rmt_proc != YPBINDPROC_SETDOM)
+-			break;
+-		/* FALLTHROUGH */
+-	case YPPASSWDPROG:
+ 	case NFS_PROGRAM:
+ 	case RQUOTAPROG:
+ 		goto deny;
+-	case YPPROG:
+-		switch (args->rmt_proc) {
+-		case YPPROC_ALL:
+-		case YPPROC_MATCH:
+-		case YPPROC_FIRST:
+-		case YPPROC_NEXT:
+-			goto deny;
+-		default:
+-			break;
+-		}
+ 	default:
+ 		break;
+ 	}
+-- 
+2.4.5
+

bsp/buildroot-2017.02.11/package/rpcbind/0002-handle_reply-Don-t-use-the-xp_auth-pointer-directly.patch

@@ -0,0 +1,42 @@
+From 9194122389f2a56b1cd1f935e64307e2e963c2da Mon Sep 17 00:00:00 2001
+From: Steve Dickson <steved@redhat.com>
+Date: Mon, 2 Nov 2015 17:05:18 -0500
+Subject: [PATCH] handle_reply: Don't use the xp_auth pointer directly
+
+In the latest libtirpc version to access the xp_auth
+one must use the SVC_XP_AUTH macro. To be backwards
+compatible a couple ifdefs were added to use the
+macro when it exists.
+
+Signed-off-by: Steve Dickson <steved@redhat.com>
+[peda@axentia.se: backport from upstream]
+Signed-off-by: Peter Rosin <peda@axentia.se>
+---
+ src/rpcb_svc_com.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c
+index 4ae93f1..22d6c84 100644
+--- a/src/rpcb_svc_com.c
++++ b/src/rpcb_svc_com.c
+@@ -1295,10 +1295,17 @@ handle_reply(int fd, SVCXPRT *xprt)
+ 	a.rmt_localvers = fi->versnum;
+ 
+ 	xprt_set_caller(xprt, fi);
++#if defined(SVC_XP_AUTH)
++	SVC_XP_AUTH(xprt) = svc_auth_none;
++#else 
+ 	xprt->xp_auth = &svc_auth_none;
++#endif
+ 	svc_sendreply(xprt, (xdrproc_t) xdr_rmtcall_result, (char *) &a);
++#if !defined(SVC_XP_AUTH)
+ 	SVCAUTH_DESTROY(xprt->xp_auth);
+ 	xprt->xp_auth = NULL;
++#endif
++
+ done:
+ 	if (buffer)
+ 		free(buffer);
+-- 
+2.5.3
+

bsp/buildroot-2017.02.11/package/rpcbind/0003-src-remove-use-of-the-__P-macro.patch

@@ -0,0 +1,243 @@
+From 2f7d15304e0544e4c693c86d8ab8b2f08b9e9886 Mon Sep 17 00:00:00 2001
+From: "Yann E. MORIN" <yann.morin.1998@free.fr>
+Date: Mon, 15 Aug 2016 16:36:40 +0200
+Subject: [PATCH] src: remove use of the __P() macro
+
+The __P() macro is a legacy compatibility macro aimed making pre-ANSI
+(i.e. K&R) compilers that do not support function prototypes happy,
+while still allowing such prototypes for ANSI-compliant compilers.
+
+Since virtually all compilers have been ANSI-compliant for a few decades
+now, use of __P() is totally useless.
+
+Furthermore, __P() is defined in the non-standard sys/cdefs.h header.
+This header is present in glibc and uClibc, and both have it included
+from many of their headers. So, sys/cdefs.h is automagically included in
+most cases and its macros are available.
+
+However, the musl C library does not provide this sys/cdefs.h header.
+Thus, the build breaks on musl.
+
+For all the above reasons, get rid of __P() wherever it is used; just
+always declare real function prototypes.
+
+Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
+Cc: Chuck Lever <chuck.lever@oracle.com>
+Cc: Steve Dickson <SteveD@redhat.com>
+---
+ src/check_bound.c  |  2 +-
+ src/pmap_svc.c     | 10 +++++-----
+ src/rpcb_svc.c     | 10 +++++-----
+ src/rpcb_svc_4.c   | 14 ++++++--------
+ src/rpcb_svc_com.c | 46 +++++++++++++++++++++++-----------------------
+ src/rpcbind.c      | 12 ++++++------
+ src/util.c         |  2 +-
+ src/warmstart.c    |  4 ++--
+ 8 files changed, 49 insertions(+), 51 deletions(-)
+
+diff --git a/src/check_bound.c b/src/check_bound.c
+index c70b845..92bfd36 100644
+--- a/src/check_bound.c
++++ b/src/check_bound.c
+@@ -70,7 +70,7 @@ static struct fdlist *fdhead;	/* Link list of the check fd's */
+ static struct fdlist *fdtail;
+ static char *nullstring = "";
+ 
+-static bool_t check_bound __P((struct fdlist *, char *uaddr));
++static bool_t check_bound(struct fdlist *, char *uaddr);
+ 
+ /*
+  * Returns 1 if the given address is bound for the given addr & transport
+diff --git a/src/pmap_svc.c b/src/pmap_svc.c
+index ad28b93..4c744fe 100644
+--- a/src/pmap_svc.c
++++ b/src/pmap_svc.c
+@@ -60,11 +60,11 @@ static	char sccsid[] = "@(#)pmap_svc.c 1.23 89/04/05 Copyr 1984 Sun Micro";
+ #include "rpcbind.h"
+ #include "xlog.h"
+ #include <rpc/svc_soc.h> /* svc_getcaller routine definition */
+-static struct pmaplist *find_service_pmap __P((rpcprog_t, rpcvers_t,
+-					       rpcprot_t));
+-static bool_t pmapproc_change __P((struct svc_req *, SVCXPRT *, u_long));
+-static bool_t pmapproc_getport __P((struct svc_req *, SVCXPRT *));
+-static bool_t pmapproc_dump __P((struct svc_req *, SVCXPRT *));
++static struct pmaplist *find_service_pmap(rpcprog_t, rpcvers_t,
++					       rpcprot_t);
++static bool_t pmapproc_change(struct svc_req *, SVCXPRT *, u_long);
++static bool_t pmapproc_getport(struct svc_req *, SVCXPRT *);
++static bool_t pmapproc_dump(struct svc_req *, SVCXPRT *);
+ 
+ /*
+  * Called for all the version 2 inquiries.
+diff --git a/src/rpcb_svc.c b/src/rpcb_svc.c
+index bd92201..709e3fb 100644
+--- a/src/rpcb_svc.c
++++ b/src/rpcb_svc.c
+@@ -53,10 +53,10 @@
+ #include "rpcbind.h"
+ #include "xlog.h"
+ 
+-static void *rpcbproc_getaddr_3_local __P((void *, struct svc_req *, SVCXPRT *,
+-					   rpcvers_t));
+-static void *rpcbproc_dump_3_local __P((void *, struct svc_req *, SVCXPRT *,
+-					rpcvers_t));
++static void *rpcbproc_getaddr_3_local(void *, struct svc_req *, SVCXPRT *,
++					   rpcvers_t);
++static void *rpcbproc_dump_3_local(void *, struct svc_req *, SVCXPRT *,
++					rpcvers_t);
+ 
+ /*
+  * Called by svc_getreqset. There is a separate server handle for
+@@ -75,7 +75,7 @@ rpcb_service_3(struct svc_req *rqstp, SVCXPRT *transp)
+ 	} argument;
+ 	char *result;
+ 	xdrproc_t xdr_argument, xdr_result;
+-	void *(*local) __P((void *, struct svc_req *, SVCXPRT *, rpcvers_t));
++	void *(*local)(void *, struct svc_req *, SVCXPRT *, rpcvers_t);
+ 	rpcprog_t setprog = 0;
+ 
+ 	rpcbs_procinfo(RPCBVERS_3_STAT, rqstp->rq_proc);
+diff --git a/src/rpcb_svc_4.c b/src/rpcb_svc_4.c
+index b673452..5094879 100644
+--- a/src/rpcb_svc_4.c
++++ b/src/rpcb_svc_4.c
+@@ -54,13 +54,11 @@
+ #include "rpcbind.h"
+ #include "xlog.h"
+ 
+-static void *rpcbproc_getaddr_4_local __P((void *, struct svc_req *, SVCXPRT *,
+-				      rpcvers_t));
+-static void *rpcbproc_getversaddr_4_local __P((void *, struct svc_req *, SVCXPRT *, rpcvers_t));
+-static void *rpcbproc_getaddrlist_4_local
+-	__P((void *, struct svc_req *, SVCXPRT *, rpcvers_t));
+-static void free_rpcb_entry_list __P((rpcb_entry_list_ptr *));
+-static void *rpcbproc_dump_4_local __P((void *, struct svc_req *, SVCXPRT *, rpcvers_t));
++static void *rpcbproc_getaddr_4_local(void *, struct svc_req *, SVCXPRT *, rpcvers_t);
++static void *rpcbproc_getversaddr_4_local(void *, struct svc_req *, SVCXPRT *, rpcvers_t);
++static void *rpcbproc_getaddrlist_4_local(void *, struct svc_req *, SVCXPRT *, rpcvers_t);
++static void free_rpcb_entry_list(rpcb_entry_list_ptr *);
++static void *rpcbproc_dump_4_local(void *, struct svc_req *, SVCXPRT *, rpcvers_t);
+ 
+ /*
+  * Called by svc_getreqset. There is a separate server handle for
+@@ -78,7 +76,7 @@ rpcb_service_4(struct svc_req *rqstp, SVCXPRT *transp)
+ 	} argument;
+ 	char *result;
+ 	xdrproc_t xdr_argument, xdr_result;
+-	void *(*local) __P((void *, struct svc_req *, SVCXPRT *, rpcvers_t));
++	void *(*local)(void *, struct svc_req *, SVCXPRT *, rpcvers_t);
+ 	rpcprog_t setprog = 0;
+ 
+ 	rpcbs_procinfo(RPCBVERS_4_STAT, rqstp->rq_proc);
+diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c
+index 148fe42..5862c26 100644
+--- a/src/rpcb_svc_com.c
++++ b/src/rpcb_svc_com.c
+@@ -100,29 +100,29 @@ struct finfo {
+ static struct finfo     FINFO[NFORWARD];
+ 
+ 
+-static bool_t xdr_encap_parms __P((XDR *, struct encap_parms *));
+-static bool_t xdr_rmtcall_args __P((XDR *, struct r_rmtcall_args *));
+-static bool_t xdr_rmtcall_result __P((XDR *, struct r_rmtcall_args *));
+-static bool_t xdr_opaque_parms __P((XDR *, struct r_rmtcall_args *));
+-static int find_rmtcallfd_by_netid __P((char *));
+-static SVCXPRT *find_rmtcallxprt_by_fd __P((int));
+-static int forward_register __P((u_int32_t, struct netbuf *, int, char *,
+-    rpcproc_t, rpcvers_t, u_int32_t *));
+-static struct finfo *forward_find __P((u_int32_t));
+-static int free_slot_by_xid __P((u_int32_t));
+-static int free_slot_by_index __P((int));
+-static int netbufcmp __P((struct netbuf *, struct netbuf *));
+-static struct netbuf *netbufdup __P((struct netbuf *));
+-static void netbuffree __P((struct netbuf *));
+-static int check_rmtcalls __P((struct pollfd *, int));
+-static void xprt_set_caller __P((SVCXPRT *, struct finfo *));
+-static void send_svcsyserr __P((SVCXPRT *, struct finfo *));
+-static void handle_reply __P((int, SVCXPRT *));
+-static void find_versions __P((rpcprog_t, char *, rpcvers_t *, rpcvers_t *));
+-static rpcblist_ptr find_service __P((rpcprog_t, rpcvers_t, char *));
+-static char *getowner __P((SVCXPRT *, char *, size_t));
+-static int add_pmaplist __P((RPCB *));
+-static int del_pmaplist __P((RPCB *));
++static bool_t xdr_encap_parms(XDR *, struct encap_parms *);
++static bool_t xdr_rmtcall_args(XDR *, struct r_rmtcall_args *);
++static bool_t xdr_rmtcall_result(XDR *, struct r_rmtcall_args *);
++static bool_t xdr_opaque_parms(XDR *, struct r_rmtcall_args *);
++static int find_rmtcallfd_by_netid(char *);
++static SVCXPRT *find_rmtcallxprt_by_fd(int);
++static int forward_register(u_int32_t, struct netbuf *, int, char *,
++    rpcproc_t, rpcvers_t, u_int32_t *);
++static struct finfo *forward_find(u_int32_t);
++static int free_slot_by_xid(u_int32_t);
++static int free_slot_by_index(int);
++static int netbufcmp(struct netbuf *, struct netbuf *);
++static struct netbuf *netbufdup(struct netbuf *);
++static void netbuffree(struct netbuf *);
++static int check_rmtcalls(struct pollfd *, int);
++static void xprt_set_caller(SVCXPRT *, struct finfo *);
++static void send_svcsyserr(SVCXPRT *, struct finfo *);
++static void handle_reply(int, SVCXPRT *);
++static void find_versions(rpcprog_t, char *, rpcvers_t *, rpcvers_t *);
++static rpcblist_ptr find_service(rpcprog_t, rpcvers_t, char *);
++static char *getowner(SVCXPRT *, char *, size_t);
++static int add_pmaplist(RPCB *);
++static int del_pmaplist(RPCB *);
+ 
+ /*
+  * Set a mapping of program, version, netid
+diff --git a/src/rpcbind.c b/src/rpcbind.c
+index c4265cd..87ccdc2 100644
+--- a/src/rpcbind.c
++++ b/src/rpcbind.c
+@@ -136,13 +136,13 @@ char *tcp_uaddr;	/* Universal TCP address */
+ static char servname[] = "rpcbind";
+ static char superuser[] = "superuser";
+ 
+-int main __P((int, char *[]));
++int main(int, char *[]);
+ 
+-static int init_transport __P((struct netconfig *));
+-static void rbllist_add __P((rpcprog_t, rpcvers_t, struct netconfig *,
+-			     struct netbuf *));
+-static void terminate __P((int));
+-static void parseargs __P((int, char *[]));
++static int init_transport(struct netconfig *);
++static void rbllist_add(rpcprog_t, rpcvers_t, struct netconfig *,
++			     struct netbuf *);
++static void terminate(int);
++static void parseargs(int, char *[]);
+ 
+ int
+ main(int argc, char *argv[])
+diff --git a/src/util.c b/src/util.c
+index a6c835b..74b0284 100644
+--- a/src/util.c
++++ b/src/util.c
+@@ -70,7 +70,7 @@ static struct sockaddr_in *local_in4;
+ static struct sockaddr_in6 *local_in6;
+ #endif
+ 
+-static int bitmaskcmp __P((void *, void *, void *, int));
++static int bitmaskcmp(void *, void *, void *, int);
+ 
+ /*
+  * For all bits set in "mask", compare the corresponding bits in
+diff --git a/src/warmstart.c b/src/warmstart.c
+index b6eb73e..122a058 100644
+--- a/src/warmstart.c
++++ b/src/warmstart.c
+@@ -58,8 +58,8 @@
+ #define	PMAPFILE	RPCBIND_STATEDIR "/portmap.xdr"
+ #endif
+ 
+-static bool_t write_struct __P((char *, xdrproc_t, void *));
+-static bool_t read_struct __P((char *, xdrproc_t, void *));
++static bool_t write_struct(char *, xdrproc_t, void *);
++static bool_t read_struct(char *, xdrproc_t, void *);
+ 
+ static bool_t
+ write_struct(char *filename, xdrproc_t structproc, void *list)
+-- 
+2.7.4
+

bsp/buildroot-2017.02.11/package/rpcbind/0004-rpcbind-pair-all-svc_getargs-calls-with-svc_freeargs.patch

@@ -0,0 +1,231 @@
+From 093bf65c79af417cffa09d6475f58923540eebcc Mon Sep 17 00:00:00 2001
+From: Doran Moppert <dmoppert@redhat.com>
+Date: Thu, 11 May 2017 11:42:54 -0400
+Subject: [PATCH] rpcbind: pair all svc_getargs() calls with svc_freeargs() to
+ avoid memory leak
+
+This patch is to address CVE-2017-8779 "rpcbomb" in rpcbind, discussed
+at [1], [2], [3].  The last link suggests this issue is actually a bug
+in rpcbind, which led me here.
+
+The leak caused by the reproducer at [4] appears to come from
+rpcb_service_4(), in the case where svc_getargs() returns false and the
+function had an early return, rather than passing through the cleanup
+path at done:, as would otherwise occur.
+
+It also addresses a couple of other locations where the same fault seems
+to exist, though I haven't been able to exercise those.  I hope someone
+more intimate with rpc(3) can confirm my understanding is correct, and
+that I haven't introduced any new bugs.
+
+Without this patch, using the reproducer (and variants) repeatedly
+against rpcbind with a numBytes argument of 1_000_000_000, /proc/$(pidof
+rpcbind)/status reports VmSize increase of 976564 kB each call, and
+VmRSS increase of around 260 kB every 33 calls - the specific numbers
+are probably an artifact of my rhel/glibc version.  With the patch,
+there is a small (~50 kB) VmSize increase with the first message, but
+thereafter both VmSize and VmRSS remain steady.
+
+[1]: http://seclists.org/oss-sec/2017/q2/209
+[2]: https://bugzilla.redhat.com/show_bug.cgi?id=1448124
+[3]: https://sourceware.org/ml/libc-alpha/2017-05/msg00129.html
+[4]: https://github.com/guidovranken/rpcbomb/
+
+Signed-off-by: Doran Moppert <dmoppert@redhat.com>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+(cherry picked from commit 7ea36eeece56b59f98e469934e4c20b4da043346)
+[Peter: unconditionally include syslog.h for LOG_DEBUG]
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ src/pmap_svc.c     | 58 ++++++++++++++++++++++++++++++++++++++++++++----------
+ src/rpcb_svc.c     |  2 +-
+ src/rpcb_svc_4.c   |  2 +-
+ src/rpcb_svc_com.c |  8 ++++++++
+ 4 files changed, 58 insertions(+), 12 deletions(-)
+
+diff --git a/src/pmap_svc.c b/src/pmap_svc.c
+index ad28b93..f730bed 100644
+--- a/src/pmap_svc.c
++++ b/src/pmap_svc.c
+@@ -53,8 +53,8 @@ static	char sccsid[] = "@(#)pmap_svc.c 1.23 89/04/05 Copyr 1984 Sun Micro";
+ #include <rpc/rpc.h>
+ #include <rpc/pmap_prot.h>
+ #include <rpc/rpcb_prot.h>
+-#ifdef RPCBIND_DEBUG
+ #include <syslog.h>
++#ifdef RPCBIND_DEBUG
+ #include <stdlib.h>
+ #endif
+ #include "rpcbind.h"
+@@ -175,6 +175,7 @@ pmapproc_change(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt, unsigned long
+ 	long ans;
+ 	uid_t uid;
+ 	char uidbuf[32];
++	int rc = TRUE;
+ 
+ 	/*
+ 	 * Can't use getpwnam here. We might end up calling ourselves
+@@ -194,7 +195,8 @@ pmapproc_change(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt, unsigned long
+ 
+ 	if (!svc_getargs(xprt, (xdrproc_t) xdr_pmap, (char *)&reg)) {
+ 		svcerr_decode(xprt);
+-		return (FALSE);
++		rc = FALSE;
++		goto done;
+ 	}
+ #ifdef RPCBIND_DEBUG
+ 	if (debugging)
+@@ -205,7 +207,8 @@ pmapproc_change(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt, unsigned long
+ 
+ 	if (!check_access(xprt, op, reg.pm_prog, PMAPVERS)) {
+ 		svcerr_weakauth(xprt);
+-		return (FALSE);
++		rc = (FALSE);
++		goto done;
+ 	}
+ 
+ 	rpcbreg.r_prog = reg.pm_prog;
+@@ -258,7 +261,16 @@ done_change:
+ 		rpcbs_set(RPCBVERS_2_STAT, ans);
+ 	else
+ 		rpcbs_unset(RPCBVERS_2_STAT, ans);
+-	return (TRUE);
++done:
++	if (!svc_freeargs(xprt, (xdrproc_t) xdr_pmap, (char *)&reg)) {
++		if (debugging) {
++			(void) xlog(LOG_DEBUG, "unable to free arguments\n");
++			if (doabort) {
++				rpcbind_abort();
++			}
++		}
++	}
++	return (rc);
+ }
+ 
+ /* ARGSUSED */
+@@ -272,15 +284,18 @@ pmapproc_getport(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt)
+ #ifdef RPCBIND_DEBUG
+ 	char *uaddr;
+ #endif
++	int rc = TRUE;
+ 
+ 	if (!svc_getargs(xprt, (xdrproc_t) xdr_pmap, (char *)&reg)) {
+ 		svcerr_decode(xprt);
+-		return (FALSE);
++		rc = FALSE;
++		goto done;
+ 	}
+ 
+ 	if (!check_access(xprt, PMAPPROC_GETPORT, reg.pm_prog, PMAPVERS)) {
+ 		svcerr_weakauth(xprt);
+-		return FALSE;
++		rc = FALSE;
++		goto done;
+ 	}
+ 
+ #ifdef RPCBIND_DEBUG
+@@ -330,21 +345,34 @@ pmapproc_getport(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt)
+ 		pmap_ipprot2netid(reg.pm_prot) ?: "<unknown>",
+ 		port ? udptrans : "");
+ 
+-	return (TRUE);
++done:
++	if (!svc_freeargs(xprt, (xdrproc_t) xdr_pmap, (char *)&reg)) {
++		if (debugging) {
++			(void) xlog(LOG_DEBUG, "unable to free arguments\n");
++			if (doabort) {
++				rpcbind_abort();
++			}
++		}
++	}
++	return (rc);
+ }
+ 
+ /* ARGSUSED */
+ static bool_t
+ pmapproc_dump(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt)
+ {
++	int rc = TRUE;
++
+ 	if (!svc_getargs(xprt, (xdrproc_t)xdr_void, NULL)) {
+ 		svcerr_decode(xprt);
+-		return (FALSE);
++		rc = FALSE;
++		goto done;
+ 	}
+ 
+ 	if (!check_access(xprt, PMAPPROC_DUMP, 0, PMAPVERS)) {
+ 		svcerr_weakauth(xprt);
+-		return FALSE;
++		rc = FALSE;
++		goto done;
+ 	}
+ 	
+ 	if ((!svc_sendreply(xprt, (xdrproc_t) xdr_pmaplist_ptr,
+@@ -354,7 +382,17 @@ pmapproc_dump(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt)
+ 			rpcbind_abort();
+ 		}
+ 	}
+-	return (TRUE);
++
++done:
++	if (!svc_freeargs(xprt, (xdrproc_t) xdr_pmap, (char *)NULL)) {
++		if (debugging) {
++			(void) xlog(LOG_DEBUG, "unable to free arguments\n");
++			if (doabort) {
++				rpcbind_abort();
++			}
++		}
++	}
++	return (rc);
+ }
+ 
+ int pmap_netid2ipprot(const char *netid)
+diff --git a/src/rpcb_svc.c b/src/rpcb_svc.c
+index bd92201..0c22a9d 100644
+--- a/src/rpcb_svc.c
++++ b/src/rpcb_svc.c
+@@ -166,7 +166,7 @@ rpcb_service_3(struct svc_req *rqstp, SVCXPRT *transp)
+ 		svcerr_decode(transp);
+ 		if (debugging)
+ 			(void) xlog(LOG_DEBUG, "rpcbind: could not decode");
+-		return;
++		goto done;
+ 	}
+ 
+ 	if (rqstp->rq_proc == RPCBPROC_SET
+diff --git a/src/rpcb_svc_4.c b/src/rpcb_svc_4.c
+index b673452..3e37b54 100644
+--- a/src/rpcb_svc_4.c
++++ b/src/rpcb_svc_4.c
+@@ -220,7 +220,7 @@ rpcb_service_4(struct svc_req *rqstp, SVCXPRT *transp)
+ 		svcerr_decode(transp);
+ 		if (debugging)
+ 			(void) xlog(LOG_DEBUG, "rpcbind: could not decode\n");
+-		return;
++		goto done;
+ 	}
+ 
+ 	if (rqstp->rq_proc == RPCBPROC_SET
+diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c
+index ff9ce6b..98ede61 100644
+--- a/src/rpcb_svc_com.c
++++ b/src/rpcb_svc_com.c
+@@ -931,6 +931,14 @@ error:
+ 	if (call_msg.rm_xid != 0)
+ 		(void) free_slot_by_xid(call_msg.rm_xid);
+ out:
++	if (!svc_freeargs(transp, (xdrproc_t) xdr_rmtcall_args, (char *) &a)) {
++		if (debugging) {
++			(void) xlog(LOG_DEBUG, "unable to free arguments\n");
++			if (doabort) {
++				rpcbind_abort();
++			}
++		}
++	}
+ 	if (local_uaddr)
+ 		free(local_uaddr);
+ 	if (buf_alloc)
+-- 
+2.11.0
+

bsp/buildroot-2017.02.11/package/rpcbind/0005-rpcbproc_callit_com-Stop-freeing-a-static-pointer.patch

@@ -0,0 +1,98 @@
+From 4e201b75928ff7d4894cd30ab0f5f67b9cd95f5c Mon Sep 17 00:00:00 2001
+From: Steve Dickson <steved@redhat.com>
+Date: Thu, 18 Jan 2018 17:33:56 +0000
+Subject: [PATCH] rpcbproc_callit_com: Stop freeing a static pointer
+
+commit 7ea36ee introduced a svc_freeargs() call
+that ended up freeing static pointer.
+
+It turns out the allocations for the rmt_args
+is not necessary . The xdr routines (xdr_bytes) will
+handle the memory management and the largest
+possible message size is UDPMSGSIZE (due to UDP only)
+which is smaller than RPC_BUF_MAX
+
+Signed-off-by: Steve Dickson <steved@redhat.com>
+(cherry picked from commit 7c7590ad536c0e24bef790cb1e65702fc54db566)
+Signed-off-by: Ed Blake <ed.blake@sondrel.com>
+---
+ src/rpcb_svc_com.c | 39 ++++++---------------------------------
+ 1 file changed, 6 insertions(+), 33 deletions(-)
+
+diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c
+index 0432b6f..64f1104 100644
+--- a/src/rpcb_svc_com.c
++++ b/src/rpcb_svc_com.c
+@@ -616,9 +616,9 @@ rpcbproc_callit_com(struct svc_req *rqstp, SVCXPRT *transp,
+ 	struct netconfig *nconf;
+ 	struct netbuf *caller;
+ 	struct r_rmtcall_args a;
+-	char *buf_alloc = NULL, *outbufp;
++	char *outbufp;
+ 	char *outbuf_alloc = NULL;
+-	char buf[RPC_BUF_MAX], outbuf[RPC_BUF_MAX];
++	char  outbuf[RPC_BUF_MAX];
+ 	struct netbuf *na = (struct netbuf *) NULL;
+ 	struct rpc_msg call_msg;
+ 	int outlen;
+@@ -639,36 +639,10 @@ rpcbproc_callit_com(struct svc_req *rqstp, SVCXPRT *transp,
+ 	}
+ 	if (si.si_socktype != SOCK_DGRAM)
+ 		return;	/* Only datagram type accepted */
+-	sendsz = __rpc_get_t_size(si.si_af, si.si_proto, UDPMSGSIZE);
+-	if (sendsz == 0) {	/* data transfer not supported */
+-		if (reply_type == RPCBPROC_INDIRECT)
+-			svcerr_systemerr(transp);
+-		return;
+-	}
+-	/*
+-	 * Should be multiple of 4 for XDR.
+-	 */
+-	sendsz = ((sendsz + 3) / 4) * 4;
+-	if (sendsz > RPC_BUF_MAX) {
+-#ifdef	notyet
+-		buf_alloc = alloca(sendsz);		/* not in IDR2? */
+-#else
+-		buf_alloc = malloc(sendsz);
+-#endif	/* notyet */
+-		if (buf_alloc == NULL) {
+-			if (debugging)
+-				xlog(LOG_DEBUG,
+-					"rpcbproc_callit_com:  No Memory!\n");
+-			if (reply_type == RPCBPROC_INDIRECT)
+-				svcerr_systemerr(transp);
+-			return;
+-		}
+-		a.rmt_args.args = buf_alloc;
+-	} else {
+-		a.rmt_args.args = buf;
+-	}
++	sendsz = UDPMSGSIZE;
+ 
+ 	call_msg.rm_xid = 0;	/* For error checking purposes */
++	memset(&a, 0, sizeof(a)); /* Zero out the input buffer */
+ 	if (!svc_getargs(transp, (xdrproc_t) xdr_rmtcall_args, (char *) &a)) {
+ 		if (reply_type == RPCBPROC_INDIRECT)
+ 			svcerr_decode(transp);
+@@ -708,7 +682,8 @@ rpcbproc_callit_com(struct svc_req *rqstp, SVCXPRT *transp,
+ 	if (rbl == (rpcblist_ptr)NULL) {
+ #ifdef RPCBIND_DEBUG
+ 		if (debugging)
+-			xlog(LOG_DEBUG, "not found\n");
++			xlog(LOG_DEBUG, "prog %lu vers %lu: not found\n", 
++				a.rmt_prog, a.rmt_vers);
+ #endif
+ 		if (reply_type == RPCBPROC_INDIRECT)
+ 			svcerr_noprog(transp);
+@@ -941,8 +916,6 @@ out:
+ 	}
+ 	if (local_uaddr)
+ 		free(local_uaddr);
+-	if (buf_alloc)
+-		free(buf_alloc);
+ 	if (outbuf_alloc)
+ 		free(outbuf_alloc);
+ 	if (na) {
+-- 
+2.11.0
+

bsp/buildroot-2017.02.11/package/rpcbind/0006-pmapproc_dump-Fixed-typo-in-memory-leak-patch.patch

@@ -0,0 +1,31 @@
+From d3f1f55e50e3c436a2ea91d60da84c3a94e6c53f Mon Sep 17 00:00:00 2001
+From: Steve Dickson <steved@redhat.com>
+Date: Thu, 18 Jan 2018 17:41:49 +0000
+Subject: [PATCH] pmapproc_dump: Fixed typo in memory leak patch
+
+commit 7ea36eee introduce a typo that caused
+NIS (aka ypbind) to fail.
+
+Signed-off-by: Steve Dickson <steved@redhat.com>
+(cherry picked from commit c49a7ea639eb700823e174fd605bbbe183e229aa)
+Signed-off-by: Ed Blake <ed.blake@sondrel.com>
+---
+ src/pmap_svc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/pmap_svc.c b/src/pmap_svc.c
+index bb57b05..ffca7df 100644
+--- a/src/pmap_svc.c
++++ b/src/pmap_svc.c
+@@ -384,7 +384,7 @@ pmapproc_dump(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt)
+ 	}
+ 
+ done:
+-	if (!svc_freeargs(xprt, (xdrproc_t) xdr_pmap, (char *)NULL)) {
++	if (!svc_freeargs(xprt, (xdrproc_t) xdr_void, (char *)NULL)) {
+ 		if (debugging) {
+ 			(void) xlog(LOG_DEBUG, "unable to free arguments\n");
+ 			if (doabort) {
+-- 
+2.11.0
+

bsp/buildroot-2017.02.11/package/rpcbind/Config.in

@@ -0,0 +1,15 @@
+config BR2_PACKAGE_RPCBIND
+	bool "rpcbind"
+	# We really need libtirpc and can't work with the native RPC
+	# implementation of toolchains.
+	depends on BR2_TOOLCHAIN_HAS_THREADS # libtirpc
+	select BR2_PACKAGE_LIBTIRPC
+	# fork()
+	depends on BR2_USE_MMU
+	help
+	  The rpcbind utility is a server that converts RPC program numbers
+	  into universal addresses.
+
+comment "rpcbind needs a toolchain w/ threads"
+	depends on !BR2_TOOLCHAIN_HAS_THREADS
+	depends on BR2_USE_MMU

bsp/buildroot-2017.02.11/package/rpcbind/S30rpcbind

@@ -0,0 +1,38 @@
+#!/bin/sh
+#
+# Starts rpcbind.
+#
+
+start() {
+	printf "Starting rpcbind: "
+	umask 077
+	start-stop-daemon -S -q -p /var/run/rpcbind.pid --exec /usr/bin/rpcbind
+	echo "OK"
+}
+stop() {
+	printf "Stopping rpcbind daemon: "
+	start-stop-daemon -K -q -p /var/run/rpcbind.pid
+	echo "OK"
+}
+restart() {
+	stop
+	start
+}
+
+case "$1" in
+  start)
+	start
+	;;
+  stop)
+	stop
+	;;
+  restart|reload)
+	restart
+	;;
+  *)
+	echo "Usage: $0 {start|stop|restart}"
+	exit 1
+esac
+
+exit $?
+

bsp/buildroot-2017.02.11/package/rpcbind/rpcbind.hash

@@ -0,0 +1,2 @@
+# Locally computed:
+sha256 9897823a9d820ea011d9ea02054d5ab99469b9ca5346265fee380713c8fed27b  rpcbind-0.2.3.tar.bz2

bsp/buildroot-2017.02.11/package/rpcbind/rpcbind.mk

@@ -0,0 +1,40 @@
+################################################################################
+#
+# rpcbind
+#
+################################################################################
+
+RPCBIND_VERSION = 0.2.3
+RPCBIND_SITE = http://downloads.sourceforge.net/project/rpcbind/rpcbind/$(RPCBIND_VERSION)
+RPCBIND_SOURCE = rpcbind-$(RPCBIND_VERSION).tar.bz2
+RPCBIND_LICENSE = BSD-3c
+RPCBIND_LICENSE_FILES = COPYING
+
+RPCBIND_CONF_ENV += \
+	CFLAGS="$(TARGET_CFLAGS) `$(PKG_CONFIG_HOST_BINARY) --cflags libtirpc`"
+RPCBIND_DEPENDENCIES += libtirpc host-pkgconf
+RPCBIND_CONF_OPTS += --with-rpcuser=root
+
+ifeq ($(BR2_INIT_SYSTEMD),y)
+RPCBIND_CONF_OPTS += --with-systemdsystemunitdir=/usr/lib/systemd/system
+else
+RPCBIND_CONF_OPTS += --with-systemdsystemunitdir=no
+endif
+
+define RPCBIND_INSTALL_INIT_SYSTEMD
+	$(INSTALL) -m 0644 -D package/rpcbind/rpcbind.service \
+		$(TARGET_DIR)/usr/lib/systemd/system/rpcbind.service
+	$(INSTALL) -m 0644 -D package/rpcbind/rpcbind.socket \
+		$(TARGET_DIR)/usr/lib/systemd/system/rpcbind.socket
+	mkdir -p $(TARGET_DIR)/etc/systemd/system/sockets.target.wants
+	ln -fs ../../../../usr/lib/systemd/system/rpcbind.socket \
+		$(TARGET_DIR)/etc/systemd/system/sockets.target.wants/rpcbind.socket
+endef
+
+define RPCBIND_INSTALL_INIT_SYSV
+	$(INSTALL) -m 0755 -D package/rpcbind/S30rpcbind \
+		$(TARGET_DIR)/etc/init.d/S30rpcbind
+endef
+
+
+$(eval $(autotools-package))

bsp/buildroot-2017.02.11/package/rpcbind/rpcbind.service

@@ -0,0 +1,10 @@
+[Unit]
+Description=RPC bind service
+Requires=rpcbind.socket
+
+[Service]
+Type=forking
+ExecStart=/usr/bin/rpcbind
+
+[Install]
+Also=rpcbind.socket

bsp/buildroot-2017.02.11/package/rpcbind/rpcbind.socket

@@ -0,0 +1,8 @@
+[Unit]
+Description=RPCbind Server Activation Socket
+
+[Socket]
+ListenStream=/var/run/rpcbind.sock
+
+[Install]
+WantedBy=sockets.target