FS#58502 - [libtirpc] 1.0.3 breaks connection from privileged ports

Attached to Project: Arch Linux
Opened by Sebastian Stammler (epinephrine) - Tuesday, 08 May 2018, 13:38 GMT
Last edited by Andreas Radke (AndyRTR) - Tuesday, 08 May 2018, 17:01 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To No-one
Architecture x86_64
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

I recently updated ypbind-mt from version 1.38 to 2.4 and suddenly couldn't login to my boxes anymore, which are still using NIS for the retrieval of shadow content. The server uses port security, i.e., requests are only accepted if coming from a privileged port. The server logs show the error
ypserv[3142]: refused connect from <ypbind client ip>:56878 to procedure ypproc_match (<domain>,shadow.byname;-1)

While NIS is not supported by official Arch packages anymore, this issue was still caused by the update of libtirpc from 1.0.2 to 1.0.3. Downgrading to 1.0.2 fixed this issue. The current maintainer of ypbind-mt calls version 1.0.3 "terribly broken" and that it shouldn't be used, see bug report [0]. Further details can also be found in this bug report.

So my question is if the upgrade of libtirpc to 1.0.3 was really safe?

[0] https://github.com/thkukuk/ypbind-mt/issues/1
This task depends upon

Closed by  Andreas Radke (AndyRTR)
Tuesday, 08 May 2018, 17:01 GMT
Reason for closing:  Fixed
Additional comments about closing:  patch applied to 1.0.3-2
Comment by Andreas Radke (AndyRTR) - Tuesday, 08 May 2018, 14:34 GMT Comment by Sebastian Stammler (epinephrine) - Tuesday, 08 May 2018, 15:14 GMT
This patch fixes my problem, thanks!
Now I'm just wondering why the maintainer of ypbind-mt considers 1.0.3. to be "terribly broken"... were other changes like this applied?

Loading...