net-libs/libtirpc: Sync with Gentoo

It's from Gentoo commit 1fd13e4d6fb8ad865f249f6b723a0e5c7297c2e6.

sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/Manifest

@@ -1,2 +1,2 @@
-DIST libtirpc-1.3.2.tar.bz2 513151 BLAKE2B 375b7bb046244f4666522c4f148428349fe1867b095dc5e268d037ba26982f88df70b0ad21fbe2b99150f644806a46651b524c3b9f7fe2499469806ea50b0331 SHA512 8664d5c4f842ee5acf83b9c1cadb7871f17b8157a7c4500e2236dcfb3a25768cab39f7c5123758dcd7381e30eb028ddfa26a28f458283f2dcea3426c9878c255
+DIST libtirpc-1.3.4.tar.bz2 563292 BLAKE2B 33371e83e9f54e9d6d434b75d3a95bedefce63050846483471e302b1fbb3b63a18db90b652050c43e1c6e42b03e34bafb2fb6ae89787f05af0cf747319825424 SHA512 004e61b5853717324790c46cda5ff227d525909f189194ae72a1ec8f476ca35d7f4c1f03c0fbc690c1696d60a212675b09246dbe627fdbf1a9a47f5664e82b00
 DIST libtirpc-glibc-nfs.tar.xz 8948 BLAKE2B 7316623d9f2b6928e296137fe2bf6794b208d549c2ffba9e4a35b47f7b04bf023798a09f38c02d039debf6adc466d7689cf3c8274d71a22eaff08729642c0a28 SHA512 90255bf0a27af16164e0710dd940778609925d473f4343093ff19d98cc4f23023788bf4edf0178eae1961afc0ba8b69b273de95b7d7e2afdb706701d8ba6f7ba

sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/README.md

@@ -1,7 +0,0 @@
-This is a fork of gentoo package. We have it on overlay because:
-
-- We change the NETCONFIG macro value from `"/etc/netconfig"` to
-  `"/usr/share/tirpc/netconfig"`.
-
-- We update the installation of the netconfig accordingly to the
-  previous point.

sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/files/libtirpc-1.3.2-dos.patch

@@ -1,178 +0,0 @@
-From 86529758570cef4c73fb9b9c4104fdc510f701ed Mon Sep 17 00:00:00 2001
-From: Dai Ngo <dai.ngo@oracle.com>
-Date: Sat, 21 Aug 2021 13:16:23 -0400
-Subject: [PATCH] Fix DoS vulnerability in libtirpc
-
-Currently svc_run does not handle poll timeout and rendezvous_request
-does not handle EMFILE error returned from accept(2 as it used to.
-These two missing functionality were removed by commit b2c9430f46c4.
-
-The effect of not handling poll timeout allows idle TCP conections
-to remain ESTABLISHED indefinitely. When the number of connections
-reaches the limit of the open file descriptors (ulimit -n) then
-accept(2) fails with EMFILE. Since there is no handling of EMFILE
-error this causes svc_run() to get in a tight loop calling accept(2).
-This resulting in the RPC service of svc_run is being down, it's
-no longer able to service any requests.
-
-RPC service rpcbind, statd and mountd are effected by this
-problem.
-
-Fix by enhancing rendezvous_request to keep the number of
-SVCXPRT conections to 4/5 of the size of the file descriptor
-table. When this thresold is reached, it destroys the idle
-TCP connections or destroys the least active connection if
-no idle connnction was found.
-
-Fixes: 44bf15b8 rpcbind: don't use obsolete svc_fdset interface of libtirpc
-Signed-off-by: dai.ngo@oracle.com
-Signed-off-by: Steve Dickson <steved@redhat.com>
----
- INSTALL      | 371 +----------------------------------------------------------
- src/svc.c    |  17 ++-
- src/svc_vc.c |  62 +++++++++-
- 3 files changed, 78 insertions(+), 372 deletions(-)
- mode change 100644 => 120000 INSTALL
-
-diff --git a/src/svc.c b/src/svc.c
-index 6db164b..3a8709f 100644
---- a/src/svc.c
-+++ b/src/svc.c
-@@ -57,7 +57,7 @@
- 
- #define max(a, b) (a > b ? a : b)
- 
--static SVCXPRT **__svc_xports;
-+SVCXPRT **__svc_xports;
- int __svc_maxrec;
- 
- /*
-@@ -194,6 +194,21 @@ __xprt_do_unregister (xprt, dolock)
-     rwlock_unlock (&svc_fd_lock);
- }
- 
-+int
-+svc_open_fds()
-+{
-+	int ix;
-+	int nfds = 0;
-+
-+	rwlock_rdlock (&svc_fd_lock);
-+	for (ix = 0; ix < svc_max_pollfd; ++ix) {
-+		if (svc_pollfd[ix].fd != -1)
-+			nfds++;
-+	}
-+	rwlock_unlock (&svc_fd_lock);
-+	return (nfds);
-+}
-+
- /*
-  * Add a service program to the callout list.
-  * The dispatch routine will be called when a rpc request for this
-diff --git a/src/svc_vc.c b/src/svc_vc.c
-index f1d9f00..3dc8a75 100644
---- a/src/svc_vc.c
-+++ b/src/svc_vc.c
-@@ -64,6 +64,8 @@
- 
- 
- extern rwlock_t svc_fd_lock;
-+extern SVCXPRT **__svc_xports;
-+extern int svc_open_fds();
- 
- static SVCXPRT *makefd_xprt(int, u_int, u_int);
- static bool_t rendezvous_request(SVCXPRT *, struct rpc_msg *);
-@@ -82,6 +84,7 @@ static void svc_vc_ops(SVCXPRT *);
- static bool_t svc_vc_control(SVCXPRT *xprt, const u_int rq, void *in);
- static bool_t svc_vc_rendezvous_control (SVCXPRT *xprt, const u_int rq,
- 				   	     void *in);
-+static int __svc_destroy_idle(int timeout);
- 
- struct cf_rendezvous { /* kept in xprt->xp_p1 for rendezvouser */
- 	u_int sendsize;
-@@ -313,13 +316,14 @@ done:
- 	return (xprt);
- }
- 
-+
- /*ARGSUSED*/
- static bool_t
- rendezvous_request(xprt, msg)
- 	SVCXPRT *xprt;
- 	struct rpc_msg *msg;
- {
--	int sock, flags;
-+	int sock, flags, nfds, cnt;
- 	struct cf_rendezvous *r;
- 	struct cf_conn *cd;
- 	struct sockaddr_storage addr;
-@@ -379,6 +383,16 @@ again:
- 
- 	gettimeofday(&cd->last_recv_time, NULL);
- 
-+	nfds = svc_open_fds();
-+	if (nfds >= (_rpc_dtablesize() / 5) * 4) {
-+		/* destroy idle connections */
-+		cnt = __svc_destroy_idle(15);
-+		if (cnt == 0) {
-+			/* destroy least active */
-+			__svc_destroy_idle(0);
-+		}
-+	}
-+
- 	return (FALSE); /* there is never an rpc msg to be processed */
- }
- 
-@@ -820,3 +834,49 @@ __svc_clean_idle(fd_set *fds, int timeout, bool_t cleanblock)
- {
- 	return FALSE;
- }
-+
-+static int
-+__svc_destroy_idle(int timeout)
-+{
-+	int i, ncleaned = 0;
-+	SVCXPRT *xprt, *least_active;
-+	struct timeval tv, tdiff, tmax;
-+	struct cf_conn *cd;
-+
-+	gettimeofday(&tv, NULL);
-+	tmax.tv_sec = tmax.tv_usec = 0;
-+	least_active = NULL;
-+	rwlock_wrlock(&svc_fd_lock);
-+
-+	for (i = 0; i <= svc_max_pollfd; i++) {
-+		if (svc_pollfd[i].fd == -1)
-+			continue;
-+		xprt = __svc_xports[i];
-+		if (xprt == NULL || xprt->xp_ops == NULL ||
-+			xprt->xp_ops->xp_recv != svc_vc_recv)
-+			continue;
-+		cd = (struct cf_conn *)xprt->xp_p1;
-+		if (!cd->nonblock)
-+			continue;
-+		if (timeout == 0) {
-+			timersub(&tv, &cd->last_recv_time, &tdiff);
-+			if (timercmp(&tdiff, &tmax, >)) {
-+				tmax = tdiff;
-+				least_active = xprt;
-+			}
-+			continue;
-+		}
-+		if (tv.tv_sec - cd->last_recv_time.tv_sec > timeout) {
-+			__xprt_unregister_unlocked(xprt);
-+			__svc_vc_dodestroy(xprt);
-+			ncleaned++;
-+		}
-+	}
-+	if (timeout == 0 && least_active != NULL) {
-+		__xprt_unregister_unlocked(least_active);
-+		__svc_vc_dodestroy(least_active);
-+		ncleaned++;
-+	}
-+	rwlock_unlock(&svc_fd_lock);
-+	return (ncleaned);
-+}
--- 
-1.8.3.1
-

sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/files/libtirpc-1.3.2-memory-leak.patch

@@ -1,52 +0,0 @@
-From 63f3b9e883231ca08cf9c3cd8f5d582584412d94 Mon Sep 17 00:00:00 2001
-From: Ali Abdallah <ali.abdallah@suse.com>
-Date: Thu, 14 Jul 2022 13:47:32 -0400
-Subject: [PATCH] Fix potential memory leak of parms.r_addr
-
-During some valgrind test, the following is observed
-
-==11391== 64 bytes in 4 blocks are definitely lost in loss record 11 of 16
-==11391==    at 0x4C2A2AF: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
-==11391==    by 0x50ECED9: strdup (in /lib64/libc-2.22.so)
-==11391==    by 0x4E4AFBF: getclnthandle (in /lib64/libtirpc.so.3.0.0)
-==11391==    by 0x4E4BD8A: __rpcb_findaddr_timed (in /lib64/libtirpc.so.3.0.0)
-==11391==    by 0x4E443AF: clnt_tp_create_timed (in /lib64/libtirpc.so.3.0.0)
-==11391==    by 0x4E44580: clnt_create_timed (in /lib64/libtirpc.so.3.0.0)
-==11391==    by 0x400755: main (in /local/02/xdtadti/tirpc-test/client)
-
-Signed-off-by: Steve Dickson <steved@redhat.com>
----
- INSTALL         | 369 +-------------------------------------------------------
- src/rpcb_clnt.c |   8 ++
- 2 files changed, 9 insertions(+), 368 deletions(-)
- mode change 100644 => 120000 INSTALL
-
-diff --git a/src/rpcb_clnt.c b/src/rpcb_clnt.c
-index 0c34cb7..1a23cb1 100644
---- a/src/rpcb_clnt.c
-+++ b/src/rpcb_clnt.c
-@@ -798,6 +798,10 @@ __try_protocol_version_2(program, version, nconf, host, tp)
- 	pmapaddress->len = pmapaddress->maxlen = remote.len;
- 
- 	CLNT_DESTROY(client);
-+
-+	if (parms.r_addr != NULL && parms.r_addr != nullstring)
-+		free(parms.r_addr);
-+
- 	return pmapaddress;
- 
- error:
-@@ -806,6 +810,10 @@ error:
- 		client = NULL;
- 
- 	}
-+
-+	if (parms.r_addr != NULL && parms.r_addr != nullstring)
-+		free(parms.r_addr);
-+
- 	return (NULL);
- 
- }
--- 
-1.8.3.1
-

sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/files/libtirpc-1.3.2-use-after-free.patch

@@ -1,31 +0,0 @@
-From d0dc59e27263c6b53435d770010dcc6f397d58ee Mon Sep 17 00:00:00 2001
-From: Frank Sorenson <sorenson@redhat.com>
-Date: Mon, 17 Jan 2022 13:33:13 -0500
-Subject: [PATCH] libtirpc: Fix use-after-free accessing the error number
-
-Free the cbuf after obtaining the error number.
-
-Signed-off-by: Frank Sorenson <sorenson@redhat.com>
-Signed-off-by: Steve Dickson <steved@redhat.com>
----
- src/clnt_dg.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/clnt_dg.c b/src/clnt_dg.c
-index e1255de..b3d82e7 100644
---- a/src/clnt_dg.c
-+++ b/src/clnt_dg.c
-@@ -456,9 +456,9 @@ get_reply:
- 		 cmsg = CMSG_NXTHDR (&msg, cmsg))
- 	      if (cmsg->cmsg_level == SOL_IP && cmsg->cmsg_type == IP_RECVERR)
- 		{
--		  mem_free(cbuf, (outlen + 256));
- 		  e = (struct sock_extended_err *) CMSG_DATA(cmsg);
- 		  cu->cu_error.re_errno = e->ee_errno;
-+		  mem_free(cbuf, (outlen + 256));
- 		  release_fd_lock(cu->cu_fd_lock, mask);
- 		  return (cu->cu_error.re_status = RPC_CANTRECV);
- 		}
--- 
-1.8.3.1
-

sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/libtirpc-1.3.4.ebuild

@@ -1,47 +1,51 @@
-# Copyright 1999-2022 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
-EAPI=7
+EAPI=8
 
-inherit multilib-minimal usr-ldscript
+inherit flag-o-matic multilib-minimal toolchain-funcs usr-ldscript
 
 DESCRIPTION="Transport Independent RPC library (SunRPC replacement)"
-HOMEPAGE="https://sourceforge.net/projects/libtirpc/"
-SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2
-	mirror://gentoo/${PN}-glibc-nfs.tar.xz"
+HOMEPAGE="https://sourceforge.net/projects/libtirpc/ https://git.linux-nfs.org/?p=steved/libtirpc.git"
+SRC_URI="
+	mirror://sourceforge/${PN}/${P}.tar.bz2
+	mirror://gentoo/${PN}-glibc-nfs.tar.xz
+"
 
 LICENSE="BSD BSD-2 BSD-4 LGPL-2.1+"
 SLOT="0/3" # subslot matches SONAME major
-KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"
-IUSE="ipv6 kerberos static-libs"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"
+IUSE="kerberos static-libs"
 
 RDEPEND="kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
-	elibc_musl? ( sys-libs/queue-standalone )"
+DEPEND="
+	${RDEPEND}
+	elibc_musl? ( sys-libs/queue-standalone )
+"
 BDEPEND="
 	app-arch/xz-utils
-	virtual/pkgconfig"
+	virtual/pkgconfig
+"
 
 src_prepare() {
-	local PATCHES=(
-		"${FILESDIR}"/libtirpc-1.3.2-dos.patch
-		"${FILESDIR}"/libtirpc-1.3.2-use-after-free.patch
-		"${FILESDIR}"/libtirpc-1.3.2-memory-leak.patch
-	)
-	cp -r "${WORKDIR}"/tirpc "${S}"/ || die
-	default
+	cp -ra "${WORKDIR}"/tirpc "${S}"/ || die
 
-	# Flatcar: Set netconfig path to /usr so NFS works in
-	# PXE/ISO-booted systems.
-	sed -i -e "s,/etc,/usr/share/tirpc," "${S}/tirpc/netconfig.h" || die
+	default
 }
 
 multilib_src_configure() {
+	# ideally we want !tc-ld-is-bfd for best future-proofing, but it needs
+	# https://github.com/gentoo/gentoo/pull/28355
+	# mold needs this too but right now tc-ld-is-mold is also not available
+	if tc-ld-is-lld; then
+		append-ldflags -Wl,--undefined-version
+	fi
+
 	local myeconfargs=(
-		$(use_enable ipv6)
 		$(use_enable kerberos gssapi)
 		$(use_enable static-libs static)
 	)
+
 	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
 }
 
@@ -55,7 +59,7 @@ multilib_src_install() {
 multilib_src_install_all() {
 	einstalldocs
 
-	insinto /usr/share/tirpc
+	insinto /etc
 	doins doc/netconfig
 
 	insinto /usr/include/tirpc