diff --git a/.gitignore b/.gitignore index 3756f7b..e4eb807 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,8 @@ ypserv-2.23.tar.bz2 /ypserv-2.31.tar.bz2 /ypserv-2.32.tar.bz2 /ypserv-2.32.1.tar.bz2 +/ypserv-ypserv-4.0.tar.gz +/ypserv-5bfba76.tar.gz +/ypserv-326857e.tar.gz +/v4.1.tar.gz +/v4.2.tar.gz diff --git a/sources b/sources index a315fe6..25f6116 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -21695231a816d150685eae870087291c ypserv-2.32.1.tar.bz2 +SHA512 (v4.2.tar.gz) = dd25170de44294d6556db1f757468d4db4484965230cad11295137c6546443a2e4e0303ac417783d0308b2af0d40201955bf3db675c43db33ad87f6f9bc90246 diff --git a/ypserv-2.13-nonedomain.patch b/ypserv-2.13-nonedomain.patch index b1f2a7f..b822169 100644 --- a/ypserv-2.13-nonedomain.patch +++ b/ypserv-2.13-nonedomain.patch @@ -2,7 +2,7 @@ diff -up ./scripts/ypMakefile.in.nonedomain ./scripts/ypMakefile.in --- ./scripts/ypMakefile.in.nonedomain 2013-05-06 18:30:46.772434725 +0200 +++ ./scripts/ypMakefile.in 2013-05-06 18:31:59.429495323 +0200 @@ -106,10 +106,18 @@ NETMASKS = $(YPSRCDIR)/netmasks - YPSERVERS = $(YPDIR)/ypservers # List of all NIS servers for a domain + YPSERVERS = $(YPDIR)/ypservers # List of all NIS slave servers target: Makefile +ifeq ($(shell /bin/domainname), (none)) diff --git a/ypserv-2.13-ypxfr-zeroresp.patch b/ypserv-2.13-ypxfr-zeroresp.patch index 33c6623..0b06549 100644 --- a/ypserv-2.13-ypxfr-zeroresp.patch +++ b/ypserv-2.13-ypxfr-zeroresp.patch @@ -2,8 +2,8 @@ diff -up ./ypxfr/ypxfr.c.ypxfr-zeroresp ./ypxfr/ypxfr.c --- ./ypxfr/ypxfr.c.ypxfr-zeroresp 2013-04-10 16:43:21.000000000 +0200 +++ ./ypxfr/ypxfr.c 2013-05-06 18:31:36.875476520 +0200 @@ -415,6 +415,7 @@ ypxfr (char *map, char *source_host, cha - struct hostent *h; - int sock, result; + time_t masterOrderNum; + int result; + memset(&resp_val, '\0', sizeof(resp_val)); /* Name of the map file */ diff --git a/ypserv-2.19-slp-warning.patch b/ypserv-2.19-slp-warning.patch index 6104c7b..8f1fd04 100644 --- a/ypserv-2.19-slp-warning.patch +++ b/ypserv-2.19-slp-warning.patch @@ -2,12 +2,12 @@ diff -up ./etc/ypserv.conf.slp-warning ./etc/ypserv.conf --- ./etc/ypserv.conf.slp-warning 2006-10-12 13:03:32.000000000 +0200 +++ ./etc/ypserv.conf 2013-05-06 18:32:16.581509617 +0200 @@ -13,9 +13,9 @@ - files: 30 - # Should we register ypserv with SLP ? + # Should we register ypserv with SLP? Only available if SLP support + # is compiled in. Deprecated functionality. -slp: no +# slp: no - # After how many seconds we should re-register ypserv with SLP ? + # After how many seconds we should re-register ypserv with SLP? -slp_timeout: 3600 +# slp_timeout: 3600 diff --git a/ypserv-2.21-path.patch b/ypserv-2.21-path.patch deleted file mode 100644 index e0e65c0..0000000 --- a/ypserv-2.21-path.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up ypserv-2.26/scripts/Makefile.am.path ypserv-2.26/scripts/Makefile.am ---- ypserv-2.26/scripts/Makefile.am.path 2012-01-12 15:46:16.868219281 +0100 -+++ ypserv-2.26/scripts/Makefile.am 2012-01-12 15:46:34.786218054 +0100 -@@ -8,7 +8,7 @@ CLEANFILES = *~ ${SCRIPTS} - - EXTRA_DIST = ${MANS} ${XMLS} - --varypdir = /var/yp -+varypdir = $(prefix)/../var/yp - - man_MANS = pwupdate.8 ypinit.8 - XMLS = pwupdate.8.xml ypinit.8.xml diff --git a/ypserv-2.24-aliases.patch b/ypserv-2.24-aliases.patch index 05af70e..57ee0e1 100644 --- a/ypserv-2.24-aliases.patch +++ b/ypserv-2.24-aliases.patch @@ -2,8 +2,8 @@ diff -up ypserv-2.32/acinclude.m4.aliases ypserv-2.32/acinclude.m4 --- ypserv-2.32/acinclude.m4.aliases 2005-04-07 14:38:44.000000000 +0200 +++ ypserv-2.32/acinclude.m4 2013-11-18 09:57:05.082162773 +0100 @@ -92,3 +92,18 @@ AC_DEFUN([TYPE_SOCKLEN_T], - AC_DEFINE([socklen_t], [int], [Define if socklen_t is missing]) - fi + fi + AC_MSG_RESULT($ac_cv___attribute__) ]) + + @@ -30,5 +30,5 @@ diff -up ypserv-2.32/configure.ac.aliases ypserv-2.32/configure.ac -AC_PATH_PROG(ALIASES, aliases, /etc/mail/aliases, /etc/mail:/etc) +FIND_ALIASES_PATH(/etc/aliases) - - + dnl Should we use a gethostbyname after gethostname to use FQDN ? default yes + AC_ARG_ENABLE(fqdn, AS_HELP_STRING([--disable-fqdn], diff --git a/ypserv-2.24-manfix.patch b/ypserv-2.24-manfix.patch deleted file mode 100644 index 75258c8..0000000 --- a/ypserv-2.24-manfix.patch +++ /dev/null @@ -1,92 +0,0 @@ -diff -up ypserv-2.32/rpc.yppasswdd/rpc.yppasswdd.8.manfix ypserv-2.32/rpc.yppasswdd/rpc.yppasswdd.8 ---- ypserv-2.32/rpc.yppasswdd/rpc.yppasswdd.8.manfix 2013-04-10 10:30:53.000000000 +0200 -+++ ypserv-2.32/rpc.yppasswdd/rpc.yppasswdd.8 2013-11-18 09:47:11.982160697 +0100 -@@ -53,6 +53,15 @@ customized for that NIS domain\. If no s - \fBMakefile\fR - is found, the scripts uses the generic one in - \fI/var/yp\fR\. -+.PP -+It is possible to pass -+\fBOPTIONS\fR -+to -+\fBrpc.yppasswdd\fR -+using the environment variable -+YPPASSWDD_ARGS -+and this variable can be set in -+\fB/etc/sysconfig/yppasswdd\fR\&. - .SH "OPTIONS" - .PP - The following options are available: -@@ -186,6 +195,8 @@ version\ 3\. Better still, look at - \fI/etc/passwd\fR - - \fI/etc/shadow\fR -+ -+\fI/etc/sysconfig/yppasswdd\fR - .SH "SEE ALSO" - .PP - -diff -up ypserv-2.32/rpc.ypxfrd/rpc.ypxfrd.8.manfix ypserv-2.32/rpc.ypxfrd/rpc.ypxfrd.8 ---- ypserv-2.32/rpc.ypxfrd/rpc.ypxfrd.8.manfix 2013-04-10 10:30:53.000000000 +0200 -+++ ypserv-2.32/rpc.ypxfrd/rpc.ypxfrd.8 2013-11-18 09:47:11.982160697 +0100 -@@ -47,6 +47,16 @@ could be started by inetd\. But since it - \fBypserv\fR - from - \fB/etc/init\.d/ypxfrd\fR\. -+ -+It is possible to pass -+\fBOPTIONS\fR -+to -+\fBrpc.ypxfrd\fR -+using the environment variable -+YPXFRD_ARGS -+and this variable can be set in -+\fB/etc/sysconfig/network\&.\fR -+ - .SH "OPTIONS" - .PP - \fB\-\-debug\fR -@@ -114,6 +124,12 @@ Configuration file for options and acces - .RS 4 - Configuration file for access rights - .RE -+.PP -+\fI/etc/sysconfig/network\fR -+.RS 4 -+Setting additional arguments to -+\fBrpc\.ypxfrd\fR\&. -+.RE - .SH "SEE ALSO" - .PP - -diff -up ypserv-2.32/ypserv/ypserv.8.manfix ypserv-2.32/ypserv/ypserv.8 ---- ypserv-2.32/ypserv/ypserv.8.manfix 2013-11-06 13:56:25.000000000 +0100 -+++ ypserv-2.32/ypserv/ypserv.8 2013-11-18 09:47:11.983160700 +0100 -@@ -65,6 +65,14 @@ may or may not be running on the same no - \fBypserv\fR - parses the file - /etc/ypserv\&.conf\&. -+It is also possible to pass -+\fBOPTIONS\fR -+to -+\fBypserv\fR -+using the environment variable -+YPSERV_ARGS -+and this variable can be set in -+\fB/etc/sysconfig/network\&.\fR - .SH "OPTIONS" - .PP - \fB\-d\fR, \fB\-\-debug \fR[\fIpath\fR] -@@ -151,6 +159,12 @@ configuration file\&. - which hosts are allowed to contact - \fBypserv\fR\&. - .RE -+.PP -+/etc/sysconfig/network -+.RS 4 -+setting additional arguments to -+\fBypserv\fR\&. -+.RE - .SH "SEE ALSO" - .PP - \fBdomainname\fR(1), diff --git a/ypserv-2.29-relro.patch b/ypserv-2.29-relro.patch deleted file mode 100644 index 390d497..0000000 --- a/ypserv-2.29-relro.patch +++ /dev/null @@ -1,48 +0,0 @@ -diff -up ./rpc.yppasswdd/Makefile.am.relro ./rpc.yppasswdd/Makefile.am ---- ./rpc.yppasswdd/Makefile.am.relro 2013-04-11 11:25:34.000000000 +0200 -+++ ./rpc.yppasswdd/Makefile.am 2013-05-06 18:48:10.888711995 +0200 -@@ -24,6 +24,8 @@ sbin_PROGRAMS = rpc.yppasswdd - - rpc_yppasswdd_SOURCES = update.c yppasswd_xdr.c yppasswdd.c - -+rpc_yppasswdd_LDFLAGS = -Wl,-z,relro,-z,now -+ - rpc_yppasswdd_LDADD = @PIE_LDFLAGS@ $(top_builddir)/lib/libyp.a $(LIBDBM) $(LIBCRYPT) $(LIBSYSTEMD_DAEMON) - rpc_yppasswdd_CFLAGS = @PIE_CFLAGS@ - -diff -up ./rpc.ypxfrd/Makefile.am.relro ./rpc.ypxfrd/Makefile.am ---- ./rpc.ypxfrd/Makefile.am.relro 2013-04-09 16:38:20.000000000 +0200 -+++ ./rpc.ypxfrd/Makefile.am 2013-05-06 18:46:36.455683217 +0200 -@@ -22,6 +22,8 @@ sbin_PROGRAMS = rpc.ypxfrd - - rpc_ypxfrd_SOURCES = ypxfrd.c ypxfrd_server.c ypxfrd_svc.c - -+rpc_ypxfrd_LDFLAGS = -Wl,-z,relro,-z,now -+ - rpc_ypxfrd_LDADD = @PIE_LDFLAGS@ $(top_builddir)/lib/libyp.a @LIBDBM@ $(LIBSYSTEMD_DAEMON) - rpc_ypxfrd_CFLAGS = @PIE_CFLAGS@ - -diff -up ./yppush/Makefile.am.relro ./yppush/Makefile.am ---- ./yppush/Makefile.am.relro 2009-04-02 14:15:35.000000000 +0200 -+++ ./yppush/Makefile.am 2013-05-06 18:46:36.456683217 +0200 -@@ -21,6 +21,8 @@ sbin_PROGRAMS = yppush - - yppush_SOURCES = yppush.c - -+yppush_LDFLAGS = -Wl,-z,relro,-z,now -+ - yppush_LDADD = @PIE_LDFLAGS@ @LIBDBM@ $(top_builddir)/lib/libyp.a - yppush_CFLAGS = @PIE_CFLAGS@ - -diff -up ./ypserv/Makefile.am.relro ./ypserv/Makefile.am ---- ./ypserv/Makefile.am.relro 2013-04-09 16:38:20.000000000 +0200 -+++ ./ypserv/Makefile.am 2013-05-06 18:46:36.457683217 +0200 -@@ -22,6 +22,8 @@ sbin_PROGRAMS = ypserv - - ypserv_SOURCES = ypserv.c server.c ypserv_xdr.c reg_slp.c - -+ypserv_LDFLAGS = -Wl,-z,relro,-z,now -+ - ypserv_LDADD = @PIE_LDFLAGS@ $(top_builddir)/lib/libyp.a @LIBDBM@ @LIBSLP@ $(LIBSYSTEMD_DAEMON) - ypserv_CFLAGS = @PIE_CFLAGS@ - diff --git a/ypserv-2.5-redhat.patch b/ypserv-2.5-redhat.patch index 1f73123..78d7d55 100644 --- a/ypserv-2.5-redhat.patch +++ b/ypserv-2.5-redhat.patch @@ -1,7 +1,6 @@ -diff -up ./scripts/ypMakefile.in.redhat ./scripts/ypMakefile.in ---- ./scripts/ypMakefile.in.redhat 2012-01-27 15:53:03.000000000 +0100 -+++ ./scripts/ypMakefile.in 2013-05-06 18:28:38.558327612 +0200 -@@ -109,8 +109,8 @@ target: Makefile +--- ./scripts/ypMakefile.in.redhat 2017-03-31 16:43:23.318556329 +0200 ++++ ./scripts/ypMakefile.in 2017-03-31 16:49:27.917561370 +0200 +@@ -107,8 +107,8 @@ target: Makefile # If you don't want some of these maps built, feel free to comment # them out from this list. @@ -9,6 +8,6 @@ diff -up ./scripts/ypMakefile.in.redhat ./scripts/ypMakefile.in - shadow publickey # networks ethers bootparams printcap \ +all: passwd group hosts rpc services netid protocols mail \ + # netgrp shadow publickey networks ethers bootparams printcap \ - # amd.home auto.master auto.home auto.local passwd.adjunct \ + # amd.home autofs passwd.adjunct \ # timezone locale netmasks diff --git a/ypserv-4.0-headers.patch b/ypserv-4.0-headers.patch new file mode 100644 index 0000000..499af39 --- /dev/null +++ b/ypserv-4.0-headers.patch @@ -0,0 +1,10 @@ +--- ypserv-4.2/makedbm/makedbm.c.headers 2017-02-21 13:57:23.933293831 +0100 ++++ ypserv-4.2/makedbm/makedbm.c 2017-02-21 13:57:48.141286207 +0100 +@@ -30,6 +30,7 @@ + #include + #include + #include ++#include "yp.h" + + #if defined (__NetBSD__) || (defined(__GLIBC__) && (__GLIBC__ == 2 && __GLIBC_MINOR__ == 0)) + /* is missing the prototype */ diff --git a/ypserv-4.0-manfix.patch b/ypserv-4.0-manfix.patch new file mode 100644 index 0000000..0c60ab5 --- /dev/null +++ b/ypserv-4.0-manfix.patch @@ -0,0 +1,65 @@ +diff -up ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.ypxfrd/rpc.ypxfrd.8.xml.manfix ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.ypxfrd/rpc.ypxfrd.8.xml +--- ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.ypxfrd/rpc.ypxfrd.8.xml.manfix 2018-06-11 14:52:20.441724121 +0200 ++++ ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.ypxfrd/rpc.ypxfrd.8.xml 2018-06-11 15:07:10.266529912 +0200 +@@ -58,6 +58,12 @@ + since it starts very slowly, it should be started after + ypserv from /etc/init.d/ypxfrd. + ++ ++ It is possible to pass OPTIONS to ++ rpc.ypxfrd using the environment variable ++ YPXFRD_ARGS and this variable can be set in ++ /etc/sysconfig/network. ++ + + + +@@ -155,6 +161,14 @@ + Configuration file for access rights + + ++ ++ /etc/sysconfig/network ++ ++ ++ Setting additional arguments to rpc.ypxfrd ++ ++ ++ + + + +diff -up ypserv-5bfba760283060087aefeb417342bcc66d349b2e/ypserv/ypserv.8.xml.manfix ypserv-5bfba760283060087aefeb417342bcc66d349b2e/ypserv/ypserv.8.xml +--- ypserv-5bfba760283060087aefeb417342bcc66d349b2e/ypserv/ypserv.8.xml.manfix 2018-06-11 15:08:05.639332959 +0200 ++++ ypserv-5bfba760283060087aefeb417342bcc66d349b2e/ypserv/ypserv.8.xml 2018-06-11 15:12:38.261286488 +0200 +@@ -61,7 +61,16 @@ but must be running somewhere + on the network. On startup + ypserv + parses the file +-/etc/ypserv.conf. ++/etc/ypserv.conf. ++It is also possible to pass ++OPTIONS ++to ++ypserv ++using the environment variable ++YPSERV_ARGS ++and this variable can be set in ++/etc/sysconfig/network. ++ + + + +@@ -184,6 +193,12 @@ for a map. + which hosts are allowed to contact ypserv. + + ++ ++ /etc/sysconfig/network ++ ++setting additional arguments to ypserv. ++ ++ + + + diff --git a/ypserv-4.0-oldaddr.patch b/ypserv-4.0-oldaddr.patch new file mode 100644 index 0000000..448b675 --- /dev/null +++ b/ypserv-4.0-oldaddr.patch @@ -0,0 +1,12 @@ +--- ypserv-5bfba760283060087aefeb417342bcc66d349b2e/lib/access.c.oldaddr 2017-04-07 13:23:34.403404792 +0200 ++++ ypserv-5bfba760283060087aefeb417342bcc66d349b2e/lib/access.c 2017-04-07 13:32:07.315466530 +0200 +@@ -151,6 +151,9 @@ copy_netbuf (struct netbuf *src) + static int + cmp_netbuf (struct netbuf *nbuf1, struct netbuf *nbuf2) + { ++ if (nbuf1 == NULL || nbuf2 == NULL) ++ return 1; ++ + if (nbuf1->len != nbuf2->len) + return 1; + diff --git a/ypserv-4.0-selinux-context.patch b/ypserv-4.0-selinux-context.patch new file mode 100644 index 0000000..2591d4e --- /dev/null +++ b/ypserv-4.0-selinux-context.patch @@ -0,0 +1,144 @@ +diff -up ypserv-5bfba760283060087aefeb417342bcc66d349b2e/configure.ac.selinux-context ypserv-5bfba760283060087aefeb417342bcc66d349b2e/configure.ac +--- ypserv-5bfba760283060087aefeb417342bcc66d349b2e/configure.ac.selinux-context 2018-06-13 15:08:56.011432773 +0200 ++++ ypserv-5bfba760283060087aefeb417342bcc66d349b2e/configure.ac 2018-06-13 15:08:56.017432861 +0200 +@@ -240,6 +240,26 @@ then + exit + fi + ++AC_ARG_WITH(selinux, ++ [AC_HELP_STRING([--with-selinux@<:@=yes|no@:>@],[Enables SELinux support [no]])], ++ ++ [ if test "$withval" = "yes"; then ++ AC_CHECK_HEADERS([selinux/selinux.h], [], ++ [AC_MSG_ERROR([Missing SELinux header files])]) ++ AC_CHECK_LIB(selinux, setfilecon_raw, [], ++ [AC_MSG_ERROR([Missing or incorrect SELinux library])]) ++ AC_CHECK_LIB(selinux, getfilecon_raw, [], ++ [AC_MSG_ERROR([Missing or incorrect SELinux library])]) ++ AC_CHECK_LIB(selinux, freecon, [], ++ [AC_MSG_ERROR([Missing or incorrect SELinux library])]) ++ fi ++ ],[]) ++ ++AC_SUBST(with_selinux) ++if test "$with_selinux" = "yes"; then ++ AC_DEFINE(WITH_SELINUX, 1, [Define to 1 if SELinux support is enabled]) ++fi ++ + AC_CHECK_LIB(crypt,crypt,LIBCRYPT="-lcrypt",LIBCRYPT="") + AC_CHECK_HEADERS(crypt.h) + AC_SUBST(LIBCRYPT) +diff -up ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.yppasswdd/Makefile.am.selinux-context ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.yppasswdd/Makefile.am +--- ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.yppasswdd/Makefile.am.selinux-context 2016-11-22 16:40:13.000000000 +0100 ++++ ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.yppasswdd/Makefile.am 2018-06-13 15:08:56.017432861 +0200 +@@ -24,7 +24,7 @@ sbin_PROGRAMS = rpc.yppasswdd + + rpc_yppasswdd_SOURCES = update.c yppasswd_xdr.c yppasswdd.c + +-rpc_yppasswdd_LDADD = @PIE_LDFLAGS@ $(top_builddir)/lib/libyp.a $(LIBDBM) $(LIBCRYPT) @SYSTEMD_LIBS@ @NSL_LIBS@ @TIRPC_LIBS@ ++rpc_yppasswdd_LDADD = @PIE_LDFLAGS@ $(top_builddir)/lib/libyp.a $(LIBDBM) $(LIBCRYPT) @SYSTEMD_LIBS@ @NSL_LIBS@ @TIRPC_LIBS@ $(LIBSELINUX) + rpc_yppasswdd_CFLAGS = @PIE_CFLAGS@ @SYSTEMD_CFLAGS@ @NSL_CFLAGS@ @TIRPC_CFLAGS@ + + if ENABLE_REGENERATE_MAN +diff -up ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.yppasswdd/update.c.selinux-context ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.yppasswdd/update.c +--- ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.yppasswdd/update.c.selinux-context 2016-11-22 16:40:13.000000000 +0100 ++++ ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.yppasswdd/update.c 2018-07-20 12:01:14.874866767 +0200 +@@ -41,6 +41,10 @@ + #include "yppwd_local.h" + #include "log_msg.h" + ++#ifdef WITH_SELINUX ++#include ++#endif /* WITH_SELINUX */ ++ + #ifndef CHECKROOT + /* Set to 0 if you don't want to check against the root password + of the NIS master server. */ +@@ -460,6 +464,9 @@ update_files (yppasswd *yppw, int *shado + FILE *oldpf = NULL, *newpf = NULL, *oldsf = NULL, *newsf = NULL; + struct stat passwd_stat, shadow_stat; + char *rootpass = "x"; ++#ifdef WITH_SELINUX ++ char *pSelCon = NULL; ++#endif /* WITH_SELINUX */ + + #if CHECKROOT + if ((pw = getpwnam ("root")) != NULL) +@@ -520,6 +527,39 @@ update_files (yppasswd *yppw, int *shado + return 1; + } + ++#ifdef WITH_SELINUX ++ if (is_selinux_enabled() == 1) ++ { ++ /* Get selinux context of the original file */ ++ if (getfilecon_raw(path_passwd, &pSelCon) < 0) ++ { ++ log_msg ("update %.12s (uid=%d) failed", ++ yppw->newpw.pw_name, yppw->newpw.pw_uid); ++ log_msg ("Can't get selinux context %s: %m", path_passwd); ++ freecon(pSelCon); ++ fclose (oldpf); ++ fclose (newpf); ++ unlink (path_passwd_tmp); ++ return 1; ++ } ++ ++ /* Set selinux context for tmp file */ ++ if (setfilecon_raw(path_passwd_tmp, pSelCon)) ++ { ++ log_msg ("update %.12s (uid=%d) failed", ++ yppw->newpw.pw_name, yppw->newpw.pw_uid); ++ log_msg ("Can't set selinux context %s: %m", path_passwd_tmp); ++ freecon(pSelCon); ++ fclose (oldpf); ++ fclose (newpf); ++ unlink (path_passwd_tmp); ++ return 1; ++ } ++ freecon(pSelCon); ++ pSelCon=NULL; ++ } ++# endif /* WITH_SELINUX */ ++ + /* Open the shadow file for reading. */ + if ((oldsf = fopen (path_shadow, "r")) != NULL) + { +@@ -558,6 +598,37 @@ update_files (yppasswd *yppw, int *shado + fclose (oldpf); + return 1; + } ++#ifdef WITH_SELINUX ++ if (is_selinux_enabled() == 1) ++ { ++ if (getfilecon_raw(path_shadow, &pSelCon) < 0) ++ { ++ log_msg ("update %.12s (uid=%d) failed", ++ yppw->newpw.pw_name, yppw->newpw.pw_uid); ++ log_msg ("Can't get selinux context %s: %m", path_shadow); ++ freecon(pSelCon); ++ fclose (newsf); ++ fclose (oldsf); ++ fclose (newpf); ++ fclose (oldpf); ++ return 1; ++ } ++ if (setfilecon_raw(path_shadow_tmp, pSelCon)) ++ { ++ log_msg ("update %.12s (uid=%d) failed", ++ yppw->newpw.pw_name, yppw->newpw.pw_uid); ++ log_msg ("Can't set selinux context %s: %m", path_shadow_tmp); ++ freecon(pSelCon); ++ fclose (newsf); ++ fclose (oldsf); ++ fclose (newpf); ++ fclose (oldpf); ++ return 1; ++ } ++ freecon(pSelCon); ++ pSelCon=NULL; ++ } ++#endif /* WITH_SELINUX */ + } + + /* Loop over all passwd entries */ diff --git a/ypserv-4.2-implicit-int.patch b/ypserv-4.2-implicit-int.patch new file mode 100644 index 0000000..42c9a10 --- /dev/null +++ b/ypserv-4.2-implicit-int.patch @@ -0,0 +1,12 @@ +diff -ruN ypserv-4.2/configure.ac ypserv-4.2.orig/configure.ac +--- ypserv-4.2/configure.ac 2022-12-01 13:22:38.493164313 +0100 ++++ ypserv-4.2.orig/configure.ac 2022-12-01 13:13:06.411943797 +0100 +@@ -99,7 +99,7 @@ + AC_CACHE_CHECK(for -fpie, libc_cv_fpie, [dnl + cat > conftest.c < +Date: Tue, 1 Oct 2024 14:40:26 +0200 +Subject: [PATCH] Fix use of uninitialized variable as an value for sock opt + +Since it is possible to listen to IPv4 via IPv6 socket by default, we +have to disable this feature due to 'Disallow v4-in-v6 to allow +host-based access checks'. This also allows us to use the same port for +IPv4 and IPv6 socket. + +Disabling this feature is done via `setsockopt()` function where we pass +flag that we want to set - `IPV6_V6ONLY` and value. For value, we should +pass pointer to value and size of the value. We were passing pointer to +uninitialized integer as a value. This resulted in undefined behavior. + +Most likely, this undefined behavior resulted in the flag being set to +false. This also resulted in IPv4 and IPv6 not being able to share +the same port. This caused use of two neighboring ports instead of one. +When user then tried to set port in config file and then use port one +above it was not possible as it was already used. +--- + rpc.yppasswdd/yppasswdd.c | 2 +- + rpc.ypxfrd/ypxfrd.c | 2 +- + yppush/yppush.c | 3 ++- + ypserv/ypserv.c | 2 +- + 4 files changed, 5 insertions(+), 4 deletions(-) + +diff --git a/rpc.yppasswdd/yppasswdd.c b/rpc.yppasswdd/yppasswdd.c +index f9609eb..d7f6050 100644 +--- a/rpc.yppasswdd/yppasswdd.c ++++ b/rpc.yppasswdd/yppasswdd.c +@@ -476,7 +476,7 @@ main (int argc, char **argv) + { + /* Disallow v4-in-v6 to allow host-based access checks */ + +- int i; ++ int i = 1; + + if (setsockopt (sock, IPPROTO_IPV6, IPV6_V6ONLY, + &i, sizeof(i)) == -1) +diff --git a/rpc.ypxfrd/ypxfrd.c b/rpc.ypxfrd/ypxfrd.c +index f605c84..469e0e5 100644 +--- a/rpc.ypxfrd/ypxfrd.c ++++ b/rpc.ypxfrd/ypxfrd.c +@@ -385,7 +385,7 @@ main (int argc, char **argv) + { + /* Disallow v4-in-v6 to allow host-based access checks */ + +- int i; ++ int i = 1; + + if (setsockopt (sock, IPPROTO_IPV6, IPV6_V6ONLY, + &i, sizeof(i)) == -1) +diff --git a/yppush/yppush.c b/yppush/yppush.c +index d937b84..a5916be 100644 +--- a/yppush/yppush.c ++++ b/yppush/yppush.c +@@ -430,7 +430,8 @@ yppush_foreach (const char *host) + struct timeval tv = {10, 0}; + u_int transid; + char server[YPMAXPEER + 2]; +- int i, sock; ++ int i = 1; ++ int sock; + struct sigaction sig; + struct netconfig *nconf; + struct sockaddr *sa; +diff --git a/ypserv/ypserv.c b/ypserv/ypserv.c +index d8876e9..e27c2a4 100644 +--- a/ypserv/ypserv.c ++++ b/ypserv/ypserv.c +@@ -497,7 +497,7 @@ main (int argc, char **argv) + if (family == AF_INET6) + { + /* Disallow v4-in-v6 to allow host-based access checks */ +- int i; ++ int i = 1; + + if (setsockopt (sock, IPPROTO_IPV6, IPV6_V6ONLY, + &i, sizeof(i)) == -1) diff --git a/ypserv.spec b/ypserv.spec index 86c2887..01a095e 100644 --- a/ypserv.spec +++ b/ypserv.spec @@ -1,13 +1,12 @@ -%global first_tc_version 2.29-2 - Summary: The NIS (Network Information Service) server -Url: http://www.linux-nis.org/nis/ypserv/index.html + Name: ypserv -Version: 2.32.1 -Release: 8%{?dist} -License: GPLv2 -Group: System Environment/Daemons -Source0: http://www.linux-nis.org/download/ypserv/ypserv-%{version}.tar.bz2 +Version: 4.2 +Release: 15%{?dist} +License: GPL-2.0-only +URL: https://www.thkukuk.de/nis/nis/ypserv/ + +Source0: https://github.com/thkukuk/%{name}/archive/v%{version}.tar.gz Source1: ypserv.service Source2: yppasswdd.service Source3: ypxfrd.service @@ -23,22 +22,31 @@ Requires(preun): systemd Requires(postun): systemd Patch0: ypserv-2.5-redhat.patch -Patch1: ypserv-2.21-path.patch Patch2: ypserv-2.5-nfsnobody2.patch Patch3: ypserv-2.13-ypxfr-zeroresp.patch Patch4: ypserv-2.13-nonedomain.patch Patch5: ypserv-2.19-slp-warning.patch -Patch6: ypserv-2.24-manfix.patch +Patch6: ypserv-4.0-manfix.patch Patch7: ypserv-2.24-aliases.patch Patch8: ypserv-2.27-confpost.patch -Patch9: ypserv-2.29-relro.patch Patch10: ypserv-2.31-netgrprecur.patch -Patch11: ypserv-2.32-systemdso.patch +Patch12: ypserv-4.0-headers.patch +Patch14: ypserv-4.0-selinux-context.patch +Patch15: ypserv-4.2-implicit-int.patch +Patch16: ypserv-4.2-uninitialized-int.patch +BuildRequires: make +BuildRequires: libxcrypt-devel +BuildRequires: gcc BuildRequires: tokyocabinet-devel BuildRequires: systemd BuildRequires: autoconf, automake BuildRequires: systemd-devel +BuildRequires: libnsl2-devel +BuildRequires: libtirpc-devel +BuildRequires: docbook-style-xsl +BuildRequires: libxslt +BuildRequires: libselinux-devel %description The Network Information Service (NIS) is a system that provides @@ -57,21 +65,15 @@ need to install the yp-tools and ypbind packages on any NIS client machines. %prep -%setup -q -%patch0 -p1 -b .redhat -%patch1 -p1 -b .path -%patch2 -p1 -b .nfsnobody -%patch3 -p1 -b .respzero -%patch4 -p1 -b .nonedomain -%patch5 -p1 -b .slp-warning -%patch6 -p1 -b .manfix -%patch7 -p1 -b .aliases -%patch8 -p1 -b .confpost -%patch9 -p1 -b .relro -%patch10 -p1 -b .netgrprecur -%patch11 -p1 -b .systemdso +%autosetup -n %{name}-%{version} -p1 -autoreconf +# Delete generated man pages. They will be generated later from source. +rm makedbm/makedbm.8 +rm mknetid/mknetid.8 +rm etc/netgroup.5 +rm etc/ypserv.conf.5 + +autoreconf -i %build cp etc/README etc/README.etc @@ -80,16 +82,22 @@ export CFLAGS="$RPM_OPT_FLAGS -fPIC" %else export CFLAGS="$RPM_OPT_FLAGS -fpic" %endif + +# Fix gcc12 issues (#2047138) +export CFLAGS="$CFLAGS -Wno-format-overflow" + %configure \ - --enable-checkroot \ - --enable-fqdn \ - --libexecdir=%{_libdir}/yp \ - --with-dbmliborder=tokyocabinet + --enable-checkroot \ + --enable-fqdn \ + --libexecdir=%{_libdir}/yp \ + --with-dbmliborder=tokyocabinet \ + --localstatedir=%{_localstatedir} \ + --with-selinux + make %install -#make install ROOT=$RPM_BUILD_ROOT -%makeinstall libexecdir=$RPM_BUILD_ROOT%{_libdir}/yp INSTALL_PROGRAM=install +%make_install mkdir -p $RPM_BUILD_ROOT%{_unitdir} mkdir -p $RPM_BUILD_ROOT%{_sysconfdir} mkdir -p $RPM_BUILD_ROOT%{_libexecdir} @@ -120,12 +128,12 @@ cat >$RPM_BUILD_ROOT/etc/sysconfig/yppasswdd <=18 - -# After switching from gdbm to Tokyo Cabinet we need to rebuild maps -# during update, but without pushing to slave servers -# In case domainname is not set, but it is defined in -# /etc/sysconfig/network, we do the same work as service yppasswdd -# do before starting. -# The original domainname value is set back in the end. -# The whole work is created before installing new ypserv, so we use old -# utilities and commands are stored into temporary file (that is necessary, -# because we cannot read old maps using new package) -# If old package used gdbm, the prepared script is executed after new package -# is installed. -%global rebuild_maps_script /var/yp/rpm_rebuild_maps -%pre -if [ $1 == 2 ] ; then - # stop ypserv if running and then start it again - ypservactive=0 - if /usr/bin/systemctl is-active ypserv.service>/dev/null 2>&1 ; then - ypservactive=1 - /usr/bin/systemctl stop ypserv.service>/dev/null 2>&1 - fi - # store old domainname and set the correct one - olddomain=`domainname` - [ -f /etc/sysconfig/network ] $$ . /etc/sysconfig/network - DOMAINNAME=`domainname` - if [ "$olddomain" = "(none)" -o "x$olddomain" = "x" ]; then - if [ -n "$NISDOMAIN" ]; then - domainname $NISDOMAIN - fi - fi - - newdomain=`domainname` - if [ "$newdomain" != "(none)" -a "x$newdomain" != "x" ]; then - pushd "/var/yp/$newdomain">/dev/null - echo "" > %rebuild_maps_script - chmod 0600 %rebuild_maps_script - # loop through maps - for map in * ; do - # this server is a master for this map - if %{_libdir}/yp/yphelper -i "$map" >/dev/null 2>&1 ; then - echo "rm -f `pwd`/$map" >> %rebuild_maps_script - # this server is a slave for this map - else - master=`%{_libdir}/yp/makedbm -u $map 2>/dev/null | grep YP_MASTER_NAME | sed -e 's/YP_MASTER_NAME//'` - if [ "x$master" != "x" ] ; then - echo "%{_libdir}/yp/ypxfr -f -h $master -c -d $newdomain $map" >> %rebuild_maps_script - fi - fi - done - echo "make NOPUSH=true -C /var/yp" >> %rebuild_maps_script - fi - /bin/domainname "$olddomain" - # if ypserv was running before, start it again - if [ $ypservactive -eq 1 ] ; then - /usr/bin/systemctl start ypserv.service>/dev/null 2>&1 - fi -fi - -%triggerpostun -- ypserv < %{first_tc_version} -if [ -e %rebuild_maps_script ] ; then - bash %rebuild_maps_script >/dev/null 2>&1 || : - rm -f %rebuild_maps_script >/dev/null 2>&1 -fi - -%endif - %files %doc AUTHORS README INSTALL ChangeLog TODO NEWS COPYING %doc etc/ypserv.conf etc/securenets etc/README.etc @@ -220,12 +161,127 @@ fi %config(noreplace) /var/yp/* %{_unitdir}/* %{_libexecdir}/* -%{_libdir}/yp +%{_libdir}/yp/* %{_sbindir}/* %{_mandir}/*/* %{_includedir}/rpcsvc %changelog +* Fri Jul 25 2025 Fedora Release Engineering - 4.2-15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild + +* Sat Feb 01 2025 Björn Esser - 4.2-14 +- Add explicit BR: libxcrypt-devel + +* Sun Jan 19 2025 Fedora Release Engineering - 4.2-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild + +* Tue Jan 14 2025 Ales Nezbeda - 4.2-12 +- Fix uninitialized int causing different ports for IPv4 and IPv6 + +* Sat Jul 20 2024 Fedora Release Engineering - 4.2-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + +* Tue Jan 30 2024 Ondrej Sloup - 4.2-10 +- Don't hard code _FORTIFY_SOURCE=2 +- Update license tag to the SPDX format (GPL-2.0-only) + +* Sat Jan 27 2024 Fedora Release Engineering - 4.2-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Sat Jul 22 2023 Fedora Release Engineering - 4.2-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Sat Jan 21 2023 Fedora Release Engineering - 4.2-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Thu Dec 01 2022 Timm Bäder - 4.2-6 +- Get rid of an implicit int during configure time +- See https://fedoraproject.org/wiki/Changes/PortingToModernC + +* Sat Jul 23 2022 Fedora Release Engineering - 4.2-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Tue Feb 01 2022 Marek Kulik - 4.2-4 +- Fix gcc12 compilation issues +- Resolves: #2047138 + +* Sat Jan 22 2022 Fedora Release Engineering - 4.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Fri Nov 12 2021 Björn Esser - 4.2-2 +- Rebuild(libnsl2) + +* Tue Sep 28 2021 Marek Kulik - 4.2-1 +- Update to new upstream version 4.2 + +* Fri Jul 23 2021 Fedora Release Engineering - 4.1-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek - 4.1-6 +- Rebuilt for updated systemd-rpm-macros + See https://pagure.io/fesco/issue/2583. + +* Thu Jan 28 2021 Fedora Release Engineering - 4.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Wed Jul 29 2020 Fedora Release Engineering - 4.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Fri Jan 31 2020 Fedora Release Engineering - 4.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Sat Jul 27 2019 Fedora Release Engineering - 4.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Tue Mar 19 2019 Matej Mužila - 4.1-1 +- Update to new upstream version 4.1 + +* Sun Feb 03 2019 Fedora Release Engineering - 4.0-15.20180831git326857e +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Mon Jan 14 2019 Björn Esser - 4.0-14.20180831git326857e +- Rebuilt for libcrypt.so.2 (#1666033) + +* Fri Aug 31 2018 Petr Kubat - 4.0-13.20180831git326857e +- Rebase ypserv to latest upstream commit + +* Fri Jul 20 2018 Matej Mužila - 4.0-12.20170331git5bfba76 +- rpc.yppasswd: presserve selinux context of shadow and passwd +- Resolves: #1255583 + +* Sat Jul 14 2018 Fedora Release Engineering - 4.0-11.20170331git5bfba76 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Tue Jun 12 2018 Matej Mužila - 4.0-10.20170331git5bfba76 +- Remove trailing whitespaces from spec + +* Tue Jun 12 2018 Matej Mužila - 4.0-9.20170331git5bfba76 +- Drop map rebuild (gdbm -> tokyocabinet) support + +* Mon Jun 11 2018 Matej Mužila - 4.0-8.20170331git5bfba76 +- Clean spec + +* Mon Jun 11 2018 Matej Mužila - 4.0-7.20170331git5bfba76 +- Remove no longer needed relro patch +- Fix man pages + +* Fri Feb 09 2018 Fedora Release Engineering - 4.0-6.20170331git5bfba76 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Sat Jan 20 2018 Björn Esser - 4.0-5.20170331git5bfba76 +- Rebuilt for switch to libxcrypt + +* Thu Aug 03 2017 Fedora Release Engineering - 4.0-4.20170331git5bfba76 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 4.0-3.20170331git5bfba76 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Thu Apr 6 2017 Matej Mužila - 4.0-2.20170331git5bfba76 +- Rebase to ypserv 4.0 +- Added IPv6 support + * Sat Feb 11 2017 Fedora Release Engineering - 2.32.1-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild @@ -279,7 +335,7 @@ fi * Mon May 06 2013 Honza Horak - 2.31-1 - Update to new upstream version - + * Mon Feb 04 2013 Honza Horak - 2.29-8 - Stop ypserv daemon temporary when reading info about maps @@ -338,18 +394,18 @@ fi Resolves: #809120 * Wed Feb 01 2012 Honza Horak - 2.27-1 -- Update to new upstream version, which fixes several bugs +- Update to new upstream version, which fixes several bugs (removing patches that aren't needed any more) * Thu Jan 12 2012 Honza Horak - 2.26-10 -- Added ypserv-pre-setdomain to respect NISDOMAIN environment variable +- Added ypserv-pre-setdomain to respect NISDOMAIN environment variable and set domainname if empty - Added autoreconf call (thus .path patch modified to keep impact) - Patch .aliases fixed Resolves: #699826 * Mon Dec 12 2011 Honza Horak - 2.26-9 -- Rebuild against compat_gdbm, because gdbm has changed license +- Rebuild against compat_gdbm, because gdbm has changed license to GPLv3+ and it is not compatible with ypserv GPLv2 * Mon Nov 28 2011 Honza Horak - 2.26-8 @@ -370,12 +426,12 @@ fi - Rebuild with new gdbm-1.9.1 * Fri Sep 30 2011 Honza Horak - 2.26-4 -- Added passwd.adjunct support in yppasswdd to recognize +- Added passwd.adjunct support in yppasswdd to recognize password format correctly when changing password using yppasswd Resolves: #699667 * Wed Aug 31 2011 Honza Horak - 2.26-3 -- fixed hiding the change request when external script is used +- fixed hiding the change request when external script is used in rpc.yppasswdd * Wed Aug 03 2011 Honza Horak - 2.26-2 @@ -386,7 +442,7 @@ fi Simplified systemd snippets in spec file * Tue Jun 14 2011 Honza Horak - 2.25-3 -- Adjust yppush man page and add a comment how to assign options +- Adjust yppush man page and add a comment how to assign options to yppush (#712239) * Tue May 10 2011 Honza Horak - 2.25-2 @@ -394,10 +450,10 @@ fi (#696903) * Tue May 10 2011 Honza Horak - 2.25-1 -- Update to new upstream version, which contains .staticanal patch +- Update to new upstream version, which contains .staticanal patch * Fri May 06 2011 Honza Horak - 2.24-4 -- Change default aliases file location to /etc/aliases to correspond +- Change default aliases file location to /etc/aliases to correspond with default MTAs' config (#699826) * Tue Apr 26 2011 Honza Horak - 2.24-3 @@ -429,12 +485,12 @@ fi merged by the upstream * Thu Jan 28 2010 Karel Klic - 2.21-4 -- Removed ypserv-2.21-iface.patch, because upstream refused to - merge it three times over 7 years. "Since this is - not supported by RPC (means portmapper still shows ypserv - for the other subnets and portmapper can forward requests - from other subnets via loopback), this will give quite some - unexpected behaviors and makes it pretty difficult to debug +- Removed ypserv-2.21-iface.patch, because upstream refused to + merge it three times over 7 years. "Since this is + not supported by RPC (means portmapper still shows ypserv + for the other subnets and portmapper can forward requests + from other subnets via loopback), this will give quite some + unexpected behaviors and makes it pretty difficult to debug such scenarios." * Wed Jan 27 2010 Karel Klic - 2.21-3 @@ -505,7 +561,7 @@ fi (bz #197646) * Wed Sep 13 2006 Steve Dickson - 2.19-3 -- Added range checks to port values given on command line +- Added range checks to port values given on command line (bz 205354) * Tue Jul 25 2006 Steve Dickson - 2.19-2 @@ -625,7 +681,7 @@ fi - Added patch to fix yppush timeout errors (#62429) * Wed Mar 27 2002 Alex Larsson 2.2-6 -- Make yppasswdd source /etc/sysconf/yppasswd for options (#52253) +- Make yppasswdd source /etc/sysconf/yppasswd for options (#52253) * Mon Mar 25 2002 Alex Larsson 2.2-5 - Add patch that fixes generation of services.byname. (#41851) @@ -746,7 +802,7 @@ fi * Fri Mar 26 1999 Cristian Gafton - version 1.3.6.91 -* Sun Mar 21 1999 Cristian Gafton +* Sun Mar 21 1999 Cristian Gafton - auto rebuild in the new build environment (release 4) * Mon Feb 8 1999 Bill Nottingham