From b50a79d5df8f08496a9a39e0ec668f5f1d250169 Mon Sep 17 00:00:00 2001 From: Ales Nezbeda Date: Tue, 14 Jan 2025 16:51:02 +0100 Subject: [PATCH 1/4] Fix uninitialized int causing different ports for IPv4 and IPv6 --- ypserv-4.2-uninitialized-int.patch | 80 ++++++++++++++++++++++++++++++ ypserv.spec | 6 ++- 2 files changed, 85 insertions(+), 1 deletion(-) create mode 100644 ypserv-4.2-uninitialized-int.patch diff --git a/ypserv-4.2-uninitialized-int.patch b/ypserv-4.2-uninitialized-int.patch new file mode 100644 index 0000000..aa56a04 --- /dev/null +++ b/ypserv-4.2-uninitialized-int.patch @@ -0,0 +1,80 @@ +From 2bc35f9592c8abc850fc6d3343a29227b45eb054 Mon Sep 17 00:00:00 2001 +From: Ales Nezbeda +Date: Tue, 1 Oct 2024 14:40:26 +0200 +Subject: [PATCH] Fix use of uninitialized variable as an value for sock opt + +Since it is possible to listen to IPv4 via IPv6 socket by default, we +have to disable this feature due to 'Disallow v4-in-v6 to allow +host-based access checks'. This also allows us to use the same port for +IPv4 and IPv6 socket. + +Disabling this feature is done via `setsockopt()` function where we pass +flag that we want to set - `IPV6_V6ONLY` and value. For value, we should +pass pointer to value and size of the value. We were passing pointer to +uninitialized integer as a value. This resulted in undefined behavior. + +Most likely, this undefined behavior resulted in the flag being set to +false. This also resulted in IPv4 and IPv6 not being able to share +the same port. This caused use of two neighboring ports instead of one. +When user then tried to set port in config file and then use port one +above it was not possible as it was already used. +--- + rpc.yppasswdd/yppasswdd.c | 2 +- + rpc.ypxfrd/ypxfrd.c | 2 +- + yppush/yppush.c | 3 ++- + ypserv/ypserv.c | 2 +- + 4 files changed, 5 insertions(+), 4 deletions(-) + +diff --git a/rpc.yppasswdd/yppasswdd.c b/rpc.yppasswdd/yppasswdd.c +index f9609eb..d7f6050 100644 +--- a/rpc.yppasswdd/yppasswdd.c ++++ b/rpc.yppasswdd/yppasswdd.c +@@ -476,7 +476,7 @@ main (int argc, char **argv) + { + /* Disallow v4-in-v6 to allow host-based access checks */ + +- int i; ++ int i = 1; + + if (setsockopt (sock, IPPROTO_IPV6, IPV6_V6ONLY, + &i, sizeof(i)) == -1) +diff --git a/rpc.ypxfrd/ypxfrd.c b/rpc.ypxfrd/ypxfrd.c +index f605c84..469e0e5 100644 +--- a/rpc.ypxfrd/ypxfrd.c ++++ b/rpc.ypxfrd/ypxfrd.c +@@ -385,7 +385,7 @@ main (int argc, char **argv) + { + /* Disallow v4-in-v6 to allow host-based access checks */ + +- int i; ++ int i = 1; + + if (setsockopt (sock, IPPROTO_IPV6, IPV6_V6ONLY, + &i, sizeof(i)) == -1) +diff --git a/yppush/yppush.c b/yppush/yppush.c +index d937b84..a5916be 100644 +--- a/yppush/yppush.c ++++ b/yppush/yppush.c +@@ -430,7 +430,8 @@ yppush_foreach (const char *host) + struct timeval tv = {10, 0}; + u_int transid; + char server[YPMAXPEER + 2]; +- int i, sock; ++ int i = 1; ++ int sock; + struct sigaction sig; + struct netconfig *nconf; + struct sockaddr *sa; +diff --git a/ypserv/ypserv.c b/ypserv/ypserv.c +index d8876e9..e27c2a4 100644 +--- a/ypserv/ypserv.c ++++ b/ypserv/ypserv.c +@@ -497,7 +497,7 @@ main (int argc, char **argv) + if (family == AF_INET6) + { + /* Disallow v4-in-v6 to allow host-based access checks */ +- int i; ++ int i = 1; + + if (setsockopt (sock, IPPROTO_IPV6, IPV6_V6ONLY, + &i, sizeof(i)) == -1) diff --git a/ypserv.spec b/ypserv.spec index 13a886e..4607429 100644 --- a/ypserv.spec +++ b/ypserv.spec @@ -2,7 +2,7 @@ Summary: The NIS (Network Information Service) server Name: ypserv Version: 4.2 -Release: 11%{?dist} +Release: 12%{?dist} License: GPL-2.0-only URL: https://www.thkukuk.de/nis/nis/ypserv/ @@ -33,6 +33,7 @@ Patch10: ypserv-2.31-netgrprecur.patch Patch12: ypserv-4.0-headers.patch Patch14: ypserv-4.0-selinux-context.patch Patch15: ypserv-4.2-implicit-int.patch +Patch16: ypserv-4.2-uninitialized-int.patch BuildRequires: make BuildRequires: gcc @@ -165,6 +166,9 @@ install -m 755 %{SOURCE4} $RPM_BUILD_ROOT%{_libexecdir}/rpc.yppasswdd.env %{_includedir}/rpcsvc %changelog +* Tue Jan 14 2025 Ales Nezbeda - 4.2-12 +- Fix uninitialized int causing different ports for IPv4 and IPv6 + * Sat Jul 20 2024 Fedora Release Engineering - 4.2-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild From 9a0de25a596573061d56bb0e91919298f9dea9a2 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sun, 19 Jan 2025 16:36:30 +0000 Subject: [PATCH 2/4] Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild --- ypserv.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ypserv.spec b/ypserv.spec index 4607429..4409a07 100644 --- a/ypserv.spec +++ b/ypserv.spec @@ -2,7 +2,7 @@ Summary: The NIS (Network Information Service) server Name: ypserv Version: 4.2 -Release: 12%{?dist} +Release: 13%{?dist} License: GPL-2.0-only URL: https://www.thkukuk.de/nis/nis/ypserv/ @@ -166,6 +166,9 @@ install -m 755 %{SOURCE4} $RPM_BUILD_ROOT%{_libexecdir}/rpc.yppasswdd.env %{_includedir}/rpcsvc %changelog +* Sun Jan 19 2025 Fedora Release Engineering - 4.2-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild + * Tue Jan 14 2025 Ales Nezbeda - 4.2-12 - Fix uninitialized int causing different ports for IPv4 and IPv6 From 1599677c3e178ebc3d2c25f8fd22fe856a390f17 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= Date: Sat, 1 Feb 2025 19:58:25 +0100 Subject: [PATCH 3/4] Add explicit BR: libxcrypt-devel MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Björn Esser --- ypserv.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ypserv.spec b/ypserv.spec index 4409a07..35393b3 100644 --- a/ypserv.spec +++ b/ypserv.spec @@ -2,7 +2,7 @@ Summary: The NIS (Network Information Service) server Name: ypserv Version: 4.2 -Release: 13%{?dist} +Release: 14%{?dist} License: GPL-2.0-only URL: https://www.thkukuk.de/nis/nis/ypserv/ @@ -36,6 +36,7 @@ Patch15: ypserv-4.2-implicit-int.patch Patch16: ypserv-4.2-uninitialized-int.patch BuildRequires: make +BuildRequires: libxcrypt-devel BuildRequires: gcc BuildRequires: tokyocabinet-devel BuildRequires: systemd @@ -166,6 +167,9 @@ install -m 755 %{SOURCE4} $RPM_BUILD_ROOT%{_libexecdir}/rpc.yppasswdd.env %{_includedir}/rpcsvc %changelog +* Sat Feb 01 2025 Björn Esser - 4.2-14 +- Add explicit BR: libxcrypt-devel + * Sun Jan 19 2025 Fedora Release Engineering - 4.2-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild From d173f7d0871cb18e15ef88609c5ea5e50651804f Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 25 Jul 2025 21:13:33 +0000 Subject: [PATCH 4/4] Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild --- ypserv.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ypserv.spec b/ypserv.spec index 35393b3..01a095e 100644 --- a/ypserv.spec +++ b/ypserv.spec @@ -2,7 +2,7 @@ Summary: The NIS (Network Information Service) server Name: ypserv Version: 4.2 -Release: 14%{?dist} +Release: 15%{?dist} License: GPL-2.0-only URL: https://www.thkukuk.de/nis/nis/ypserv/ @@ -167,6 +167,9 @@ install -m 755 %{SOURCE4} $RPM_BUILD_ROOT%{_libexecdir}/rpc.yppasswdd.env %{_includedir}/rpcsvc %changelog +* Fri Jul 25 2025 Fedora Release Engineering - 4.2-15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild + * Sat Feb 01 2025 Björn Esser - 4.2-14 - Add explicit BR: libxcrypt-devel