From ae18bb3dedf33a59fb0e0923f8c01c0ed35d09f5 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Thu, 16 Sep 2021 22:56:05 +0200 Subject: [PATCH 1/2] net-libs/libtirpc: Sync with gentoo This is to get rid of EAPI 5. --- .../coreos-overlay/net-libs/libtirpc/Manifest | 2 +- .../libtirpc-1.0.2-bcopy-to-memmove.patch | 49 ------------------- .../libtirpc-1.0.2-bzero-to-memset.patch | 36 -------------- .../files/libtirpc-1.0.2-exports.patch | 17 ------- .../files/libtirpc-1.0.2-glibc-2.26.patch | 12 ----- ...-1.0.2-r1.ebuild => libtirpc-1.3.2.ebuild} | 43 +++++++--------- .../net-libs/libtirpc/metadata.xml | 3 +- 7 files changed, 21 insertions(+), 141 deletions(-) delete mode 100644 sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/files/libtirpc-1.0.2-bcopy-to-memmove.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/files/libtirpc-1.0.2-bzero-to-memset.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/files/libtirpc-1.0.2-exports.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/files/libtirpc-1.0.2-glibc-2.26.patch rename sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/{libtirpc-1.0.2-r1.ebuild => libtirpc-1.3.2.ebuild} (51%) diff --git a/sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/Manifest b/sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/Manifest index 16e60b3458..7f745c7d4b 100644 --- a/sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/Manifest @@ -1,2 +1,2 @@ -DIST libtirpc-1.0.2.tar.bz2 509601 BLAKE2B 7ccf23ca200e2027a66a3105d9b3d0612ac66a08498931f66526a291be6ddef8e7df533af4d44a0e4a1178edd6d51ae39ca50c2536b9b1be7179e7f17cfd165e SHA512 6c819019a8e81d8263d3c509b2eee59ba1ef092222c5a0a8d28f004c711afa252097eca7e6b0b919b2d780883dfd9ee7a363df4cee7fd2c9159a065257637cec +DIST libtirpc-1.3.2.tar.bz2 513151 BLAKE2B 375b7bb046244f4666522c4f148428349fe1867b095dc5e268d037ba26982f88df70b0ad21fbe2b99150f644806a46651b524c3b9f7fe2499469806ea50b0331 SHA512 8664d5c4f842ee5acf83b9c1cadb7871f17b8157a7c4500e2236dcfb3a25768cab39f7c5123758dcd7381e30eb028ddfa26a28f458283f2dcea3426c9878c255 DIST libtirpc-glibc-nfs.tar.xz 8948 BLAKE2B 7316623d9f2b6928e296137fe2bf6794b208d549c2ffba9e4a35b47f7b04bf023798a09f38c02d039debf6adc466d7689cf3c8274d71a22eaff08729642c0a28 SHA512 90255bf0a27af16164e0710dd940778609925d473f4343093ff19d98cc4f23023788bf4edf0178eae1961afc0ba8b69b273de95b7d7e2afdb706701d8ba6f7ba diff --git a/sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/files/libtirpc-1.0.2-bcopy-to-memmove.patch b/sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/files/libtirpc-1.0.2-bcopy-to-memmove.patch deleted file mode 100644 index 91619b7ac9..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/files/libtirpc-1.0.2-bcopy-to-memmove.patch +++ /dev/null @@ -1,49 +0,0 @@ -diff -Naurp libtirpc-1.0.2.orig/src/auth_time.c libtirpc-1.0.2/src/auth_time.c ---- libtirpc-1.0.2.orig/src/auth_time.c 2017-07-05 11:02:23.000000000 -0400 -+++ libtirpc-1.0.2/src/auth_time.c 2017-07-30 17:48:31.361420071 -0400 -@@ -104,7 +104,7 @@ static int uaddr_to_sockaddr(uaddr, sin) - p_bytes[1] = (unsigned char)a[5] & 0x000000FF; - - sin->sin_family = AF_INET; /* always */ -- bcopy((char *)&p_bytes, (char *)&sin->sin_port, 2); -+ memmove((char *)&sin->sin_port, (char *)&p_bytes, 2); - - return (0); - } -diff -Naurp libtirpc-1.0.2.orig/src/crypt_client.c libtirpc-1.0.2/src/crypt_client.c ---- libtirpc-1.0.2.orig/src/crypt_client.c 2017-07-05 11:02:23.000000000 -0400 -+++ libtirpc-1.0.2/src/crypt_client.c 2017-07-30 17:49:57.911419445 -0400 -@@ -75,8 +75,8 @@ _des_crypt_call(buf, len, dparms) - des_crypt_1_arg.desbuf.desbuf_val = buf; - des_crypt_1_arg.des_dir = dparms->des_dir; - des_crypt_1_arg.des_mode = dparms->des_mode; -- bcopy(dparms->des_ivec, des_crypt_1_arg.des_ivec, 8); -- bcopy(dparms->des_key, des_crypt_1_arg.des_key, 8); -+ memmove(des_crypt_1_arg.des_ivec, dparms->des_ivec, 8); -+ memmove(des_crypt_1_arg.des_key, dparms->des_key, 8); - - result_1 = des_crypt_1(&des_crypt_1_arg, clnt); - if (result_1 == (desresp *) NULL) { -@@ -88,8 +88,8 @@ _des_crypt_call(buf, len, dparms) - - if (result_1->stat == DESERR_NONE || - result_1->stat == DESERR_NOHWDEVICE) { -- bcopy(result_1->desbuf.desbuf_val, buf, len); -- bcopy(result_1->des_ivec, dparms->des_ivec, 8); -+ memmove(buf, result_1->desbuf.desbuf_val, len); -+ memmove(dparms->des_ivec, result_1->des_ivec, 8); - } - - clnt_freeres(clnt, (xdrproc_t)xdr_desresp, result_1); -diff -Naurp libtirpc-1.0.2.orig/src/svc_auth_des.c libtirpc-1.0.2/src/svc_auth_des.c ---- libtirpc-1.0.2.orig/src/svc_auth_des.c 2017-07-05 11:02:23.000000000 -0400 -+++ libtirpc-1.0.2/src/svc_auth_des.c 2017-07-30 17:50:36.591419165 -0400 -@@ -145,7 +145,7 @@ _svcauth_des(rqst, msg) - return (AUTH_BADCRED); - } - cred->adc_fullname.name = area->area_netname; -- bcopy((char *)ixdr, cred->adc_fullname.name, -+ memmove(cred->adc_fullname.name, (char *)ixdr, - (u_int)namelen); - cred->adc_fullname.name[namelen] = 0; - ixdr += (RNDUP(namelen) / BYTES_PER_XDR_UNIT); diff --git a/sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/files/libtirpc-1.0.2-bzero-to-memset.patch b/sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/files/libtirpc-1.0.2-bzero-to-memset.patch deleted file mode 100644 index 64b516ed82..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/files/libtirpc-1.0.2-bzero-to-memset.patch +++ /dev/null @@ -1,36 +0,0 @@ -diff -Naurp libtirpc-1.0.2.orig/src/auth_time.c libtirpc-1.0.2/src/auth_time.c ---- libtirpc-1.0.2.orig/src/auth_time.c 2017-07-05 11:02:23.000000000 -0400 -+++ libtirpc-1.0.2/src/auth_time.c 2017-07-30 17:46:39.481420880 -0400 -@@ -317,7 +317,7 @@ __rpc_get_time_offset(td, srv, thost, ua - sprintf(ipuaddr, "%d.%d.%d.%d.0.111", a1, a2, a3, a4); - useua = &ipuaddr[0]; - -- bzero((char *)&sin, sizeof(sin)); -+ memset((char *)&sin, 0, sizeof(sin)); - if (uaddr_to_sockaddr(useua, &sin)) { - msg("unable to translate uaddr to sockaddr."); - if (needfree) -diff -Naurp libtirpc-1.0.2.orig/src/des_impl.c libtirpc-1.0.2/src/des_impl.c ---- libtirpc-1.0.2.orig/src/des_impl.c 2017-07-05 11:02:23.000000000 -0400 -+++ libtirpc-1.0.2/src/des_impl.c 2017-07-30 17:46:49.581420807 -0400 -@@ -588,7 +588,7 @@ _des_crypt (char *buf, unsigned len, str - } - tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; - tbuf[0] = tbuf[1] = 0; -- __bzero (schedule, sizeof (schedule)); -+ memset (schedule, 0, sizeof (schedule)); - - return (1); - } -diff -Naurp libtirpc-1.0.2.orig/src/svc_auth_des.c libtirpc-1.0.2/src/svc_auth_des.c ---- libtirpc-1.0.2.orig/src/svc_auth_des.c 2017-07-05 11:02:23.000000000 -0400 -+++ libtirpc-1.0.2/src/svc_auth_des.c 2017-07-30 17:46:58.771420741 -0400 -@@ -356,7 +356,7 @@ cache_init() - - authdes_cache = (struct cache_entry *) - mem_alloc(sizeof(struct cache_entry) * AUTHDES_CACHESZ); -- bzero((char *)authdes_cache, -+ memset((char *)authdes_cache, 0, - sizeof(struct cache_entry) * AUTHDES_CACHESZ); - - authdes_lru = (short *)mem_alloc(sizeof(short) * AUTHDES_CACHESZ); diff --git a/sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/files/libtirpc-1.0.2-exports.patch b/sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/files/libtirpc-1.0.2-exports.patch deleted file mode 100644 index 174f4e3471..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/files/libtirpc-1.0.2-exports.patch +++ /dev/null @@ -1,17 +0,0 @@ -See -https://bugs.alpinelinux.org/issues/7041 -https://git.alpinelinux.org/cgit/aports/commit/?id=9edb53cea056101c4963a04b747bf102de23f919 -(just hit this myself when building libnsl) -... dilfridge - ---- a/src/libtirpc.map -+++ b/src/libtirpc.map -@@ -298,7 +298,7 @@ - key_gendes; - key_get_conv; - key_setsecret; -- key_secret_is_set; -+ key_secretkey_is_set; - key_setnet; - netname2host; - netname2user; diff --git a/sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/files/libtirpc-1.0.2-glibc-2.26.patch b/sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/files/libtirpc-1.0.2-glibc-2.26.patch deleted file mode 100644 index 6d583e6149..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/files/libtirpc-1.0.2-glibc-2.26.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff --git a/src/xdr_sizeof.c b/src/xdr_sizeof.c -index d23fbd1..79d6707 100644 ---- a/src/xdr_sizeof.c -+++ b/src/xdr_sizeof.c -@@ -39,6 +39,7 @@ - #include - #include - #include -+#include - #include "un-namespace.h" - - /* ARGSUSED */ diff --git a/sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/libtirpc-1.0.2-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/libtirpc-1.3.2.ebuild similarity index 51% rename from sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/libtirpc-1.0.2-r1.ebuild rename to sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/libtirpc-1.3.2.ebuild index 881e4b158b..ec87a46167 100644 --- a/sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/libtirpc-1.0.2-r1.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/libtirpc-1.3.2.ebuild @@ -1,48 +1,39 @@ -# Copyright 1999-2017 Gentoo Foundation +# Copyright 1999-2021 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI="5" +EAPI=7 -inherit autotools multilib-minimal toolchain-funcs eutils +inherit multilib-minimal usr-ldscript DESCRIPTION="Transport Independent RPC library (SunRPC replacement)" -HOMEPAGE="http://libtirpc.sourceforge.net/" +HOMEPAGE="https://sourceforge.net/projects/libtirpc/" SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2 mirror://gentoo/${PN}-glibc-nfs.tar.xz" LICENSE="GPL-2" SLOT="0/3" # subslot matches SONAME major -KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-linux ~arm-linux ~x86-linux" +KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux" IUSE="ipv6 kerberos static-libs" RDEPEND="kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )" DEPEND="${RDEPEND} + elibc_musl? ( sys-libs/queue-standalone )" +BDEPEND=" app-arch/xz-utils - >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]" - -PATCHES=( - "${FILESDIR}/${PN}-1.0.2-bcopy-to-memmove.patch" - "${FILESDIR}/${PN}-1.0.2-bzero-to-memset.patch" - "${FILESDIR}/${PN}-1.0.2-glibc-2.26.patch" - "${FILESDIR}/${PN}-1.0.2-exports.patch" -) + virtual/pkgconfig" src_prepare() { cp -r "${WORKDIR}"/tirpc "${S}"/ || die - epatch "${PATCHES[@]}" - epatch_user - eautoreconf - - # COREOS: Set netconfig path to /usr so NFS works in PXE/ISO-booted systems. - sed -i -e "s,/etc,/usr/share/tirpc," "${S}/tirpc/netconfig.h" || die + default } multilib_src_configure() { - ECONF_SOURCE=${S} \ - econf \ - $(use_enable ipv6) \ - $(use_enable kerberos gssapi) \ + local myeconfargs=( + $(use_enable ipv6) + $(use_enable kerberos gssapi) $(use_enable static-libs static) + ) + ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" } multilib_src_install() { @@ -55,7 +46,7 @@ multilib_src_install() { multilib_src_install_all() { einstalldocs - insinto /usr/share/tirpc + insinto /etc doins doc/netconfig insinto /usr/include/tirpc @@ -63,5 +54,7 @@ multilib_src_install_all() { # makes sure that the linking order for nfs-utils is proper, as # libtool would inject a libgssglue dependency in the list. - use static-libs || prune_libtool_files + if ! use static-libs ; then + find "${ED}" -name "*.la" -delete || die + fi } diff --git a/sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/metadata.xml b/sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/metadata.xml index 36e84cdfa7..2033e65a99 100644 --- a/sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/metadata.xml +++ b/sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/metadata.xml @@ -1,11 +1,12 @@ - + base-system@gentoo.org Gentoo Base System + cpe:/a:libtirpc_project:libtirpc libtirpc From 70236ec8de090e6089064dd134162359d37b7ffe Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Thu, 16 Sep 2021 23:07:18 +0200 Subject: [PATCH 2/2] net-libs/libtirpc: Apply Flatcar modifications --- .../net-libs/libtirpc/README.md | 10 + .../files/libtirpc-1.3.2-fix-dos.patch | 562 ++++++++++++++++++ .../net-libs/libtirpc/libtirpc-1.3.2.ebuild | 10 +- 3 files changed, 581 insertions(+), 1 deletion(-) create mode 100644 sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/README.md create mode 100644 sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/files/libtirpc-1.3.2-fix-dos.patch diff --git a/sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/README.md b/sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/README.md new file mode 100644 index 0000000000..9458af83d6 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/README.md @@ -0,0 +1,10 @@ +This is a fork of gentoo package. We have it on overlay because: + +- We change the NETCONFIG macro value from `"/etc/netconfig"` to + `"/usr/share/tirpc/netconfig"`. + +- We update the installation of the netconfig accordingly to the + previous point. + +- We include a patch that fixes a DOS vulnerability (comes from + https://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=86529758570cef4c73fb9b9c4104fdc510f701ed). diff --git a/sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/files/libtirpc-1.3.2-fix-dos.patch b/sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/files/libtirpc-1.3.2-fix-dos.patch new file mode 100644 index 0000000000..36bc16c3b5 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/files/libtirpc-1.3.2-fix-dos.patch @@ -0,0 +1,562 @@ +From 86529758570cef4c73fb9b9c4104fdc510f701ed Mon Sep 17 00:00:00 2001 +From: Dai Ngo +Date: Sat, 21 Aug 2021 13:16:23 -0400 +Subject: [PATCH] Fix DoS vulnerability in libtirpc + +Currently svc_run does not handle poll timeout and rendezvous_request +does not handle EMFILE error returned from accept(2 as it used to. +These two missing functionality were removed by commit b2c9430f46c4. + +The effect of not handling poll timeout allows idle TCP conections +to remain ESTABLISHED indefinitely. When the number of connections +reaches the limit of the open file descriptors (ulimit -n) then +accept(2) fails with EMFILE. Since there is no handling of EMFILE +error this causes svc_run() to get in a tight loop calling accept(2). +This resulting in the RPC service of svc_run is being down, it's +no longer able to service any requests. + +RPC service rpcbind, statd and mountd are effected by this +problem. + +Fix by enhancing rendezvous_request to keep the number of +SVCXPRT conections to 4/5 of the size of the file descriptor +table. When this thresold is reached, it destroys the idle +TCP connections or destroys the least active connection if +no idle connnction was found. + +Fixes: 44bf15b8 rpcbind: don't use obsolete svc_fdset interface of libtirpc +Signed-off-by: dai.ngo@oracle.com +Signed-off-by: Steve Dickson +--- + INSTALL | 371 +---------------------------------------------------------- + src/svc.c | 17 ++- + src/svc_vc.c | 62 +++++++++- + 3 files changed, 78 insertions(+), 372 deletions(-) + mode change 100644 => 120000 INSTALL + +diff --git a/INSTALL b/INSTALL +deleted file mode 100644 +index 2099840..0000000 +--- a/INSTALL ++++ /dev/null +@@ -1,370 +0,0 @@ +-Installation Instructions +-************************* +- +-Copyright (C) 1994-1996, 1999-2002, 2004-2013 Free Software Foundation, +-Inc. +- +- Copying and distribution of this file, with or without modification, +-are permitted in any medium without royalty provided the copyright +-notice and this notice are preserved. This file is offered as-is, +-without warranty of any kind. +- +-Basic Installation +-================== +- +- Briefly, the shell command `./configure && make && make install' +-should configure, build, and install this package. The following +-more-detailed instructions are generic; see the `README' file for +-instructions specific to this package. Some packages provide this +-`INSTALL' file but do not implement all of the features documented +-below. The lack of an optional feature in a given package is not +-necessarily a bug. More recommendations for GNU packages can be found +-in *note Makefile Conventions: (standards)Makefile Conventions. +- +- The `configure' shell script attempts to guess correct values for +-various system-dependent variables used during compilation. It uses +-those values to create a `Makefile' in each directory of the package. +-It may also create one or more `.h' files containing system-dependent +-definitions. Finally, it creates a shell script `config.status' that +-you can run in the future to recreate the current configuration, and a +-file `config.log' containing compiler output (useful mainly for +-debugging `configure'). +- +- It can also use an optional file (typically called `config.cache' +-and enabled with `--cache-file=config.cache' or simply `-C') that saves +-the results of its tests to speed up reconfiguring. Caching is +-disabled by default to prevent problems with accidental use of stale +-cache files. +- +- If you need to do unusual things to compile the package, please try +-to figure out how `configure' could check whether to do them, and mail +-diffs or instructions to the address given in the `README' so they can +-be considered for the next release. If you are using the cache, and at +-some point `config.cache' contains results you don't want to keep, you +-may remove or edit it. +- +- The file `configure.ac' (or `configure.in') is used to create +-`configure' by a program called `autoconf'. You need `configure.ac' if +-you want to change it or regenerate `configure' using a newer version +-of `autoconf'. +- +- The simplest way to compile this package is: +- +- 1. `cd' to the directory containing the package's source code and type +- `./configure' to configure the package for your system. +- +- Running `configure' might take a while. While running, it prints +- some messages telling which features it is checking for. +- +- 2. Type `make' to compile the package. +- +- 3. Optionally, type `make check' to run any self-tests that come with +- the package, generally using the just-built uninstalled binaries. +- +- 4. Type `make install' to install the programs and any data files and +- documentation. When installing into a prefix owned by root, it is +- recommended that the package be configured and built as a regular +- user, and only the `make install' phase executed with root +- privileges. +- +- 5. Optionally, type `make installcheck' to repeat any self-tests, but +- this time using the binaries in their final installed location. +- This target does not install anything. Running this target as a +- regular user, particularly if the prior `make install' required +- root privileges, verifies that the installation completed +- correctly. +- +- 6. You can remove the program binaries and object files from the +- source code directory by typing `make clean'. To also remove the +- files that `configure' created (so you can compile the package for +- a different kind of computer), type `make distclean'. There is +- also a `make maintainer-clean' target, but that is intended mainly +- for the package's developers. If you use it, you may have to get +- all sorts of other programs in order to regenerate files that came +- with the distribution. +- +- 7. Often, you can also type `make uninstall' to remove the installed +- files again. In practice, not all packages have tested that +- uninstallation works correctly, even though it is required by the +- GNU Coding Standards. +- +- 8. Some packages, particularly those that use Automake, provide `make +- distcheck', which can by used by developers to test that all other +- targets like `make install' and `make uninstall' work correctly. +- This target is generally not run by end users. +- +-Compilers and Options +-===================== +- +- Some systems require unusual options for compilation or linking that +-the `configure' script does not know about. Run `./configure --help' +-for details on some of the pertinent environment variables. +- +- You can give `configure' initial values for configuration parameters +-by setting variables in the command line or in the environment. Here +-is an example: +- +- ./configure CC=c99 CFLAGS=-g LIBS=-lposix +- +- *Note Defining Variables::, for more details. +- +-Compiling For Multiple Architectures +-==================================== +- +- You can compile the package for more than one kind of computer at the +-same time, by placing the object files for each architecture in their +-own directory. To do this, you can use GNU `make'. `cd' to the +-directory where you want the object files and executables to go and run +-the `configure' script. `configure' automatically checks for the +-source code in the directory that `configure' is in and in `..'. This +-is known as a "VPATH" build. +- +- With a non-GNU `make', it is safer to compile the package for one +-architecture at a time in the source code directory. After you have +-installed the package for one architecture, use `make distclean' before +-reconfiguring for another architecture. +- +- On MacOS X 10.5 and later systems, you can create libraries and +-executables that work on multiple system types--known as "fat" or +-"universal" binaries--by specifying multiple `-arch' options to the +-compiler but only a single `-arch' option to the preprocessor. Like +-this: +- +- ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ +- CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ +- CPP="gcc -E" CXXCPP="g++ -E" +- +- This is not guaranteed to produce working output in all cases, you +-may have to build one architecture at a time and combine the results +-using the `lipo' tool if you have problems. +- +-Installation Names +-================== +- +- By default, `make install' installs the package's commands under +-`/usr/local/bin', include files under `/usr/local/include', etc. You +-can specify an installation prefix other than `/usr/local' by giving +-`configure' the option `--prefix=PREFIX', where PREFIX must be an +-absolute file name. +- +- You can specify separate installation prefixes for +-architecture-specific files and architecture-independent files. If you +-pass the option `--exec-prefix=PREFIX' to `configure', the package uses +-PREFIX as the prefix for installing programs and libraries. +-Documentation and other data files still use the regular prefix. +- +- In addition, if you use an unusual directory layout you can give +-options like `--bindir=DIR' to specify different values for particular +-kinds of files. Run `configure --help' for a list of the directories +-you can set and what kinds of files go in them. In general, the +-default for these options is expressed in terms of `${prefix}', so that +-specifying just `--prefix' will affect all of the other directory +-specifications that were not explicitly provided. +- +- The most portable way to affect installation locations is to pass the +-correct locations to `configure'; however, many packages provide one or +-both of the following shortcuts of passing variable assignments to the +-`make install' command line to change installation locations without +-having to reconfigure or recompile. +- +- The first method involves providing an override variable for each +-affected directory. For example, `make install +-prefix=/alternate/directory' will choose an alternate location for all +-directory configuration variables that were expressed in terms of +-`${prefix}'. Any directories that were specified during `configure', +-but not in terms of `${prefix}', must each be overridden at install +-time for the entire installation to be relocated. The approach of +-makefile variable overrides for each directory variable is required by +-the GNU Coding Standards, and ideally causes no recompilation. +-However, some platforms have known limitations with the semantics of +-shared libraries that end up requiring recompilation when using this +-method, particularly noticeable in packages that use GNU Libtool. +- +- The second method involves providing the `DESTDIR' variable. For +-example, `make install DESTDIR=/alternate/directory' will prepend +-`/alternate/directory' before all installation names. The approach of +-`DESTDIR' overrides is not required by the GNU Coding Standards, and +-does not work on platforms that have drive letters. On the other hand, +-it does better at avoiding recompilation issues, and works well even +-when some directory options were not specified in terms of `${prefix}' +-at `configure' time. +- +-Optional Features +-================= +- +- If the package supports it, you can cause programs to be installed +-with an extra prefix or suffix on their names by giving `configure' the +-option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. +- +- Some packages pay attention to `--enable-FEATURE' options to +-`configure', where FEATURE indicates an optional part of the package. +-They may also pay attention to `--with-PACKAGE' options, where PACKAGE +-is something like `gnu-as' or `x' (for the X Window System). The +-`README' should mention any `--enable-' and `--with-' options that the +-package recognizes. +- +- For packages that use the X Window System, `configure' can usually +-find the X include and library files automatically, but if it doesn't, +-you can use the `configure' options `--x-includes=DIR' and +-`--x-libraries=DIR' to specify their locations. +- +- Some packages offer the ability to configure how verbose the +-execution of `make' will be. For these packages, running `./configure +---enable-silent-rules' sets the default to minimal output, which can be +-overridden with `make V=1'; while running `./configure +---disable-silent-rules' sets the default to verbose, which can be +-overridden with `make V=0'. +- +-Particular systems +-================== +- +- On HP-UX, the default C compiler is not ANSI C compatible. If GNU +-CC is not installed, it is recommended to use the following options in +-order to use an ANSI C compiler: +- +- ./configure CC="cc -Ae -D_XOPEN_SOURCE=500" +- +-and if that doesn't work, install pre-built binaries of GCC for HP-UX. +- +- HP-UX `make' updates targets which have the same time stamps as +-their prerequisites, which makes it generally unusable when shipped +-generated files such as `configure' are involved. Use GNU `make' +-instead. +- +- On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot +-parse its `' header file. The option `-nodtk' can be used as +-a workaround. If GNU CC is not installed, it is therefore recommended +-to try +- +- ./configure CC="cc" +- +-and if that doesn't work, try +- +- ./configure CC="cc -nodtk" +- +- On Solaris, don't put `/usr/ucb' early in your `PATH'. This +-directory contains several dysfunctional programs; working variants of +-these programs are available in `/usr/bin'. So, if you need `/usr/ucb' +-in your `PATH', put it _after_ `/usr/bin'. +- +- On Haiku, software installed for all users goes in `/boot/common', +-not `/usr/local'. It is recommended to use the following options: +- +- ./configure --prefix=/boot/common +- +-Specifying the System Type +-========================== +- +- There may be some features `configure' cannot figure out +-automatically, but needs to determine by the type of machine the package +-will run on. Usually, assuming the package is built to be run on the +-_same_ architectures, `configure' can figure that out, but if it prints +-a message saying it cannot guess the machine type, give it the +-`--build=TYPE' option. TYPE can either be a short name for the system +-type, such as `sun4', or a canonical name which has the form: +- +- CPU-COMPANY-SYSTEM +- +-where SYSTEM can have one of these forms: +- +- OS +- KERNEL-OS +- +- See the file `config.sub' for the possible values of each field. If +-`config.sub' isn't included in this package, then this package doesn't +-need to know the machine type. +- +- If you are _building_ compiler tools for cross-compiling, you should +-use the option `--target=TYPE' to select the type of system they will +-produce code for. +- +- If you want to _use_ a cross compiler, that generates code for a +-platform different from the build platform, you should specify the +-"host" platform (i.e., that on which the generated programs will +-eventually be run) with `--host=TYPE'. +- +-Sharing Defaults +-================ +- +- If you want to set default values for `configure' scripts to share, +-you can create a site shell script called `config.site' that gives +-default values for variables like `CC', `cache_file', and `prefix'. +-`configure' looks for `PREFIX/share/config.site' if it exists, then +-`PREFIX/etc/config.site' if it exists. Or, you can set the +-`CONFIG_SITE' environment variable to the location of the site script. +-A warning: not all `configure' scripts look for a site script. +- +-Defining Variables +-================== +- +- Variables not defined in a site shell script can be set in the +-environment passed to `configure'. However, some packages may run +-configure again during the build, and the customized values of these +-variables may be lost. In order to avoid this problem, you should set +-them in the `configure' command line, using `VAR=value'. For example: +- +- ./configure CC=/usr/local2/bin/gcc +- +-causes the specified `gcc' to be used as the C compiler (unless it is +-overridden in the site shell script). +- +-Unfortunately, this technique does not work for `CONFIG_SHELL' due to +-an Autoconf limitation. Until the limitation is lifted, you can use +-this workaround: +- +- CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash +- +-`configure' Invocation +-====================== +- +- `configure' recognizes the following options to control how it +-operates. +- +-`--help' +-`-h' +- Print a summary of all of the options to `configure', and exit. +- +-`--help=short' +-`--help=recursive' +- Print a summary of the options unique to this package's +- `configure', and exit. The `short' variant lists options used +- only in the top level, while the `recursive' variant lists options +- also present in any nested packages. +- +-`--version' +-`-V' +- Print the version of Autoconf used to generate the `configure' +- script, and exit. +- +-`--cache-file=FILE' +- Enable the cache: use and save the results of the tests in FILE, +- traditionally `config.cache'. FILE defaults to `/dev/null' to +- disable caching. +- +-`--config-cache' +-`-C' +- Alias for `--cache-file=config.cache'. +- +-`--quiet' +-`--silent' +-`-q' +- Do not print messages saying which checks are being made. To +- suppress all normal output, redirect it to `/dev/null' (any error +- messages will still be shown). +- +-`--srcdir=DIR' +- Look for the package's source code in directory DIR. Usually +- `configure' can determine that directory automatically. +- +-`--prefix=DIR' +- Use DIR as the installation prefix. *note Installation Names:: +- for more details, including other options available for fine-tuning +- the installation locations. +- +-`--no-create' +-`-n' +- Run the configure checks, but stop before creating any output +- files. +- +-`configure' also accepts some other, not widely useful, options. Run +-`configure --help' for more details. +diff --git a/INSTALL b/INSTALL +new file mode 120000 +index 0000000..e3f22c0 +--- /dev/null ++++ b/INSTALL +@@ -0,0 +1 @@ ++/usr/share/automake-1.16/INSTALL +\ No newline at end of file +diff --git a/src/svc.c b/src/svc.c +index 6db164b..3a8709f 100644 +--- a/src/svc.c ++++ b/src/svc.c +@@ -57,7 +57,7 @@ + + #define max(a, b) (a > b ? a : b) + +-static SVCXPRT **__svc_xports; ++SVCXPRT **__svc_xports; + int __svc_maxrec; + + /* +@@ -194,6 +194,21 @@ __xprt_do_unregister (xprt, dolock) + rwlock_unlock (&svc_fd_lock); + } + ++int ++svc_open_fds() ++{ ++ int ix; ++ int nfds = 0; ++ ++ rwlock_rdlock (&svc_fd_lock); ++ for (ix = 0; ix < svc_max_pollfd; ++ix) { ++ if (svc_pollfd[ix].fd != -1) ++ nfds++; ++ } ++ rwlock_unlock (&svc_fd_lock); ++ return (nfds); ++} ++ + /* + * Add a service program to the callout list. + * The dispatch routine will be called when a rpc request for this +diff --git a/src/svc_vc.c b/src/svc_vc.c +index f1d9f00..3dc8a75 100644 +--- a/src/svc_vc.c ++++ b/src/svc_vc.c +@@ -64,6 +64,8 @@ + + + extern rwlock_t svc_fd_lock; ++extern SVCXPRT **__svc_xports; ++extern int svc_open_fds(); + + static SVCXPRT *makefd_xprt(int, u_int, u_int); + static bool_t rendezvous_request(SVCXPRT *, struct rpc_msg *); +@@ -82,6 +84,7 @@ static void svc_vc_ops(SVCXPRT *); + static bool_t svc_vc_control(SVCXPRT *xprt, const u_int rq, void *in); + static bool_t svc_vc_rendezvous_control (SVCXPRT *xprt, const u_int rq, + void *in); ++static int __svc_destroy_idle(int timeout); + + struct cf_rendezvous { /* kept in xprt->xp_p1 for rendezvouser */ + u_int sendsize; +@@ -313,13 +316,14 @@ done: + return (xprt); + } + ++ + /*ARGSUSED*/ + static bool_t + rendezvous_request(xprt, msg) + SVCXPRT *xprt; + struct rpc_msg *msg; + { +- int sock, flags; ++ int sock, flags, nfds, cnt; + struct cf_rendezvous *r; + struct cf_conn *cd; + struct sockaddr_storage addr; +@@ -379,6 +383,16 @@ again: + + gettimeofday(&cd->last_recv_time, NULL); + ++ nfds = svc_open_fds(); ++ if (nfds >= (_rpc_dtablesize() / 5) * 4) { ++ /* destroy idle connections */ ++ cnt = __svc_destroy_idle(15); ++ if (cnt == 0) { ++ /* destroy least active */ ++ __svc_destroy_idle(0); ++ } ++ } ++ + return (FALSE); /* there is never an rpc msg to be processed */ + } + +@@ -820,3 +834,49 @@ __svc_clean_idle(fd_set *fds, int timeout, bool_t cleanblock) + { + return FALSE; + } ++ ++static int ++__svc_destroy_idle(int timeout) ++{ ++ int i, ncleaned = 0; ++ SVCXPRT *xprt, *least_active; ++ struct timeval tv, tdiff, tmax; ++ struct cf_conn *cd; ++ ++ gettimeofday(&tv, NULL); ++ tmax.tv_sec = tmax.tv_usec = 0; ++ least_active = NULL; ++ rwlock_wrlock(&svc_fd_lock); ++ ++ for (i = 0; i <= svc_max_pollfd; i++) { ++ if (svc_pollfd[i].fd == -1) ++ continue; ++ xprt = __svc_xports[i]; ++ if (xprt == NULL || xprt->xp_ops == NULL || ++ xprt->xp_ops->xp_recv != svc_vc_recv) ++ continue; ++ cd = (struct cf_conn *)xprt->xp_p1; ++ if (!cd->nonblock) ++ continue; ++ if (timeout == 0) { ++ timersub(&tv, &cd->last_recv_time, &tdiff); ++ if (timercmp(&tdiff, &tmax, >)) { ++ tmax = tdiff; ++ least_active = xprt; ++ } ++ continue; ++ } ++ if (tv.tv_sec - cd->last_recv_time.tv_sec > timeout) { ++ __xprt_unregister_unlocked(xprt); ++ __svc_vc_dodestroy(xprt); ++ ncleaned++; ++ } ++ } ++ if (timeout == 0 && least_active != NULL) { ++ __xprt_unregister_unlocked(least_active); ++ __svc_vc_dodestroy(least_active); ++ ncleaned++; ++ } ++ rwlock_unlock(&svc_fd_lock); ++ return (ncleaned); ++} +-- +1.8.3.1 + diff --git a/sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/libtirpc-1.3.2.ebuild b/sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/libtirpc-1.3.2.ebuild index ec87a46167..7bf4af9ed7 100644 --- a/sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/libtirpc-1.3.2.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/libtirpc-1.3.2.ebuild @@ -22,9 +22,17 @@ BDEPEND=" app-arch/xz-utils virtual/pkgconfig" +PATCHES=( + "${FILESDIR}/${PN}-1.3.2-fix-dos.patch" +) + src_prepare() { cp -r "${WORKDIR}"/tirpc "${S}"/ || die default + + # Flatcar: Set netconfig path to /usr so NFS works in + # PXE/ISO-booted systems. + sed -i -e "s,/etc,/usr/share/tirpc," "${S}/tirpc/netconfig.h" || die } multilib_src_configure() { @@ -46,7 +54,7 @@ multilib_src_install() { multilib_src_install_all() { einstalldocs - insinto /etc + insinto /usr/share/tirpc doins doc/netconfig insinto /usr/include/tirpc