SOURCES/rpcbind-1.2.5-double-free.patch

@@ -0,0 +1,15 @@
+diff -up rpcbind-1.2.5/src/rpcbind.c.orig rpcbind-1.2.5/src/rpcbind.c
+--- rpcbind-1.2.5/src/rpcbind.c.orig	2022-08-04 15:56:21.398070276 -0400
++++ rpcbind-1.2.5/src/rpcbind.c	2022-08-04 15:56:57.255699229 -0400
+@@ -563,8 +563,10 @@ init_transport(struct netconfig *nconf)
+ 				syslog(LOG_ERR, "cannot bind %s on %s: %m",
+ 					(hosts[nhostsbak] == NULL) ? "*" :
+ 					hosts[nhostsbak], nconf->nc_netid);
+-				if (res != NULL)
++				if (res != NULL) {
+ 					freeaddrinfo(res);
++					res = NULL;
++				}
+ 				continue;
+ 			} else
+ 				checkbind++;

SOURCES/rpcbind-1.2.5-dowgrade-priority-callit.patch

@@ -0,0 +1,30 @@
+From 7be92b30e47801c651e5316217d1651454653f68 Mon Sep 17 00:00:00 2001
+From: Roberto Bergantinos Corpas <rbergant@redhat.com>
+Date: Mon, 16 Nov 2020 08:39:36 -0500
+Subject: [PATCH] security: dowgrade priority for non-libwrap CALLIT logging
+
+Use aswell auth.warning for non-libwrap CALLIT logging, otherwise
+we'll broadcast everywhere for a call that is not allowed anyway
+
+Signed-off-by: Roberto Bergantinos Corpas <rbergant@redhat.com>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ src/security.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/security.c b/src/security.c
+index 329c53d..38967dd 100644
+--- a/src/security.c
++++ b/src/security.c
+@@ -346,7 +346,7 @@ deny:
+ 	logit(deny_severity, sa, args->rmt_proc, args->rmt_prog,
+ 	    ": indirect call not allowed");
+ #else
+-	logit(0, sa, args->rmt_proc, args->rmt_prog,
++	logit(LOG_AUTH|LOG_WARNING, sa, args->rmt_proc, args->rmt_prog,
+ 	    ": indirect call not allowed");
+ #endif
+ 	return 0;
+-- 
+2.26.2
+

SOURCES/rpcbind-1.2.5-network_init.patch

@@ -0,0 +1,12 @@
+diff -up rpcbind-1.2.5/src/util.c.orig rpcbind-1.2.5/src/util.c
+--- rpcbind-1.2.5/src/util.c.orig	2022-05-31 08:47:51.624211564 -0400
++++ rpcbind-1.2.5/src/util.c	2022-05-31 08:49:54.577060858 -0400
+@@ -287,7 +287,7 @@ network_init()
+ 	int s;
+ #endif
+ 	int ecode;
+-	struct addrinfo hints, *res;
++	struct addrinfo hints, *res = NULL;
+ 
+ 	memset(&hints, 0, sizeof hints);
+ 	hints.ai_family = AF_INET;

SPECS/rpcbind.spec

@@ -4,7 +4,7 @@
 
 Name:           rpcbind
 Version:        1.2.5
-Release:        7%{?dist}
+Release:        10%{?dist}
 Summary:        Universal Addresses to RPC Program Number Mapper
 Group:          System Environment/Daemons
 License:        BSD
@@ -32,6 +32,17 @@ Patch001: rpcbind-1.2.5-rpcinfo-bufoverflow.patch
 #
 Patch002: rpcbind-1.2.5-covscan-resource-leaks.patch
 
+#
+# RHEL 8.4
+#
+Patch003: rpcbind-1.2.5-dowgrade-priority-callit.patch
+
+#
+# RHEL 8.7
+#
+Patch004: rpcbind-1.2.5-network_init.patch
+Patch005: rpcbind-1.2.5-double-free.patch
+
 Patch100: rpcbind-0.2.3-systemd-envfile.patch
 Patch101: rpcbind-0.2.3-systemd-tmpfiles.patch
 Patch102: rpcbind-0.2.4-runstatdir.patch
@@ -55,6 +66,15 @@ RPC calls on a server on that machine.
 # 1602680 - Please review important issues found by covscan...
 %patch002 -p1
 
+# 1897122 - rpcbind : downgrade priority for non-libwrap CALLIT logging
+%patch003 -p1
+
+# 1959003 -  network_init: initialize response addrinfo list to NULL
+%patch004 -p1
+
+# 2115209 - rpcbind: free(): double free detected in tcache 2 
+%patch005 -p1
+
 %patch100 -p1
 %patch101 -p1
 %patch102 -p1
@@ -149,6 +169,15 @@ fi
 %attr(0700, %{rpcbind_user_group}, %{rpcbind_user_group}) %dir %{rpcbind_state_dir}
 
 %changelog
+* Thu Aug  4 2022 Steve Dickson <steved@redhat.com> - 1.2.5-10
+- rpcbind: fix double free in init_transport (bz 2115209)
+
+* Tue May 31 2022 Steve Dickson <steved@redhat.com> - 1.2.5-9
+- network_init: initialize response addrinfo list to NULL (bz 1959003)
+
+* Thu Nov 19 2020 Steve Dickson <steved@redhat.com> - 1.2.5-8
+- security: dowgrade priority for non-libwrap CALLIT logging (bz 1897122)
+
 * Thu Feb  6 2020 Steve Dickson <steved@redhat.com> - 1.2.5-7
 - Clean up a error path found by a covscan (bz 1602680)