7 files changed, 396 insertions, 0 deletions

diff --git a/meta/recipes-extended/xinetd/xinetd/Disable-services-from-inetd.conf-if-a-service-with-t.patch b/meta/recipes-extended/xinetd/xinetd/Disable-services-from-inetd.conf-if-a-service-with-t.patch
new file mode 100644
index 0000000000..cd6e6c1078
--- /dev/null
+++ b/meta/recipes-extended/xinetd/xinetd/Disable-services-from-inetd.conf-if-a-service-with-t.patch
@@ -0,0 +1,86 @@
+Upstream-Status: Pending [from other distro Debian]
+
+From d588b6530e1382a624898b3f4307f636c72c80a9 Mon Sep 17 00:00:00 2001
+From: Pierre Habouzit <madcoder@debian.org>
+Date: Wed, 28 Nov 2007 10:13:08 +0100
+Subject: [PATCH] Disable services from inetd.conf if a service with the same id exists.
+
+  This way, if a service is enabled in /etc/xinetd* _and_ in
+/etc/inetd.conf, the one (even if disabled) from /etc/xinetd* takes
+precedence.
+
+Signed-off-by: Pierre Habouzit <madcoder@debian.org>
+---
+ xinetd/inet.c |   22 +++++++++++++++++++---
+ 1 files changed, 19 insertions(+), 3 deletions(-)
+
+diff --git a/xinetd/inet.c b/xinetd/inet.c
+index 1cb2ba2..8caab45 100644
+--- a/xinetd/inet.c
++++ b/xinetd/inet.c
+@@ -23,6 +23,8 @@
+ #include "parsesup.h"
+ #include "nvlists.h"
+ 
++static psi_h iter ;
++
+ static int get_next_inet_entry( int fd, pset_h sconfs, 
+                           struct service_config *defaults);
+ 
+@@ -32,12 +34,15 @@ void parse_inet_conf_file( int fd, struct configuration *confp )
+    struct service_config *default_config = CNF_DEFAULTS( confp );
+    
+    line_count = 0;
++   iter = psi_create (sconfs);
+ 
+    for( ;; )
+    {   
+       if (get_next_inet_entry(fd, sconfs, default_config) == -2)
+          break;
+    }
++
++   psi_destroy(iter);
+ }
+ 
+ static int get_next_inet_entry( int fd, pset_h sconfs, 
+@@ -46,7 +51,7 @@ static int get_next_inet_entry( int fd, pset_h sconfs,
+    char *p;
+    str_h strp;
+    char *line = next_line(fd);
+-   struct service_config *scp;
++   struct service_config *scp, *tmp;
+    unsigned u, i;
+    const char *func = "get_next_inet_entry";
+    char *name = NULL, *rpcvers = NULL, *rpcproto = NULL;
+@@ -405,7 +410,16 @@ static int get_next_inet_entry( int fd, pset_h sconfs,
+    SC_SPECIFY( scp, A_SOCKET_TYPE );
+    SC_SPECIFY( scp, A_WAIT );
+ 
+-   if( ! pset_add(sconfs, scp) )
++   for ( tmp = SCP( psi_start( iter ) ) ; tmp ; tmp = SCP( psi_next(iter)) ){
++      if (EQ(SC_ID(scp), SC_ID(tmp))) {
++         parsemsg(LOG_DEBUG, func, "removing duplicate service %s", SC_NAME(scp));
++         sc_free(scp);
++         scp = NULL;
++         break;
++      }
++   }
++
++   if( scp && ! pset_add(sconfs, scp) )
+    {
+       out_of_memory( func );
+       pset_destroy(args);
+@@ -414,7 +428,9 @@ static int get_next_inet_entry( int fd, pset_h sconfs,
+    }
+ 
+    pset_destroy(args);
+-   parsemsg( LOG_DEBUG, func, "added service %s", SC_NAME(scp));
++   if (scp) {
++      parsemsg( LOG_DEBUG, func, "added service %s", SC_NAME(scp));
++   }
+    return 0;
+ }
+ 
+-- 
+1.5.3.6.2040.g15e6
+
diff --git a/meta/recipes-extended/xinetd/xinetd/Various-fixes-from-the-previous-maintainer.patch b/meta/recipes-extended/xinetd/xinetd/Various-fixes-from-the-previous-maintainer.patch
new file mode 100644
index 0000000000..8e59cdcaae
--- /dev/null
+++ b/meta/recipes-extended/xinetd/xinetd/Various-fixes-from-the-previous-maintainer.patch
@@ -0,0 +1,79 @@
+Upstream-Status: Pending [from other distro Debian]
+
+From a3410b0bc81ab03a889d9ffc14e351badf8372f1 Mon Sep 17 00:00:00 2001
+From: Pierre Habouzit <madcoder@debian.org>
+Date: Mon, 26 Nov 2007 16:02:04 +0100
+Subject: [PATCH] Various fixes from the previous maintainer.
+
+---
+ xinetd/child.c   |   20 +++++++++++++++++---
+ xinetd/service.c |    8 ++++----
+ 2 files changed, 21 insertions(+), 7 deletions(-)
+
+diff --git a/xinetd/child.c b/xinetd/child.c
+index 89ee54c..48e9615 100644
+--- a/xinetd/child.c
++++ b/xinetd/child.c
+@@ -284,6 +284,7 @@ void child_process( struct server *serp )
+    connection_s            *cp  = SERVER_CONNECTION( serp ) ;
+    struct service_config   *scp = SVC_CONF( sp ) ;
+    const char              *func = "child_process" ;
++   int                     fd, null_fd;
+ 
+    signal_default_state();
+ 
+@@ -296,9 +297,22 @@ void child_process( struct server *serp )
+    signals_pending[0] = -1;
+    signals_pending[1] = -1;
+ 
+-   Sclose(0);
+-   Sclose(1);
+-   Sclose(2);
++   if ( ( null_fd = open( "/dev/null", O_RDONLY ) ) == -1 )
++   {
++      msg( LOG_ERR, func, "open('/dev/null') failed: %m") ;
++      _exit( 1 ) ;
++   }
++
++   for ( fd = 0 ; fd <= MAX_PASS_FD ; fd++ )
++   {
++      if ( fd != null_fd && dup2( null_fd, fd ) == -1 )
++      {
++         msg( LOG_ERR, func, "dup2(%d, %d) failed: %m") ;
++         _exit( 1 ) ;
++      }
++   }
++   if ( null_fd > MAX_PASS_FD )
++      (void) Sclose( null_fd ) ;
+ 
+ 
+ #ifdef DEBUG_SERVER
+diff --git a/xinetd/service.c b/xinetd/service.c
+index 3d68d78..0132d6c 100644
+--- a/xinetd/service.c
++++ b/xinetd/service.c
+@@ -745,8 +745,8 @@ static status_e failed_service(struct service *sp,
+                return FAILED;
+ 
+             if ( last == NULL ) {
+-               last = SAIN( calloc( 1, sizeof(union xsockaddr) ) );
+-              SVC_LAST_DGRAM_ADDR(sp) = (union xsockaddr *)last;
++           SVC_LAST_DGRAM_ADDR(sp) =  SAIN( calloc( 1, sizeof(union xsockaddr) ) );
++           last = SAIN( SVC_LAST_DGRAM_ADDR(sp) );
+             }
+ 
+             (void) time( &current_time ) ;
+@@ -772,8 +772,8 @@ static status_e failed_service(struct service *sp,
+                return FAILED;
+ 
+            if( last == NULL ) {
+-               last = SAIN6(calloc( 1, sizeof(union xsockaddr) ) );
+-              SVC_LAST_DGRAM_ADDR( sp ) = (union xsockaddr *)last;
++           SVC_LAST_DGRAM_ADDR(sp) = SAIN6(calloc( 1, sizeof(union xsockaddr) ) );
++            last = SAIN6(SVC_LAST_DGRAM_ADDR(sp));
+             }
+ 
+             (void) time( &current_time ) ;
+-- 
+1.5.3.6.2040.g15e6
+
diff --git a/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch b/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch
new file mode 100644
index 0000000000..0542dbe835
--- /dev/null
+++ b/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch
@@ -0,0 +1,32 @@
+xinetd: CVE-2013-4342
+
+xinetd does not enforce the user and group configuration directives
+for TCPMUX services, which causes these services to be run as root
+and makes it easier for remote attackers to gain privileges by
+leveraging another vulnerability in a service.
+http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4342
+
+the patch come from:
+https://bugzilla.redhat.com/attachment.cgi?id=799732&action=diff
+
+Signed-off-by: Li Wang <li.wang@windriver.com>
+---
+ xinetd/builtins.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/xinetd/builtins.c b/xinetd/builtins.c
+index 3b85579..34a5bac 100644
+--- a/xinetd/builtins.c
++++ b/xinetd/builtins.c
+@@ -617,7 +617,7 @@ static void tcpmux_handler( const struct server *serp )
+    if( SC_IS_INTERNAL( scp ) ) {
+       SC_INTERNAL(scp, nserp);
+    } else {
+-      exec_server(nserp);
++      child_process(nserp);
+    }
+ }
+ 
+-- 
+1.7.9.5
+
diff --git a/meta/recipes-extended/xinetd/xinetd/xinetd-should-be-able-to-listen-on-IPv6-even-in-ine.patch b/meta/recipes-extended/xinetd/xinetd/xinetd-should-be-able-to-listen-on-IPv6-even-in-ine.patch
new file mode 100644
index 0000000000..2365ca123b
--- /dev/null
+++ b/meta/recipes-extended/xinetd/xinetd/xinetd-should-be-able-to-listen-on-IPv6-even-in-ine.patch
@@ -0,0 +1,112 @@
+Upstream-Status: Pending [from other distro Debian]
+
+From f44b218ccc779ab3f4aed072390ccf129d94b58d Mon Sep 17 00:00:00 2001
+From: David Madore <david@pleiades.stars>
+Date: Mon, 24 Mar 2008 12:45:36 +0100
+Subject: [PATCH] xinetd should be able to listen on IPv6 even in -inetd_compat mode
+
+xinetd does not bind to IPv6 addresses (and does not seem to have an
+option to do so) when used in -inetd_compat mode.  As current inetd's
+are IPv6-aware, this is a problem: this means xinetd cannot be used as
+a drop-in inetd replacement.
+
+The attached patch is a suggestion: it adds a -inetd_ipv6 global
+option that, if used, causes inetd-compatibility lines to have an
+implicit "IPv6" option.  Perhaps this is not the best solution, but
+there should definitely be a way to get inetd.conf to be read in
+IPv6-aware mode.
+---
+ xinetd/confparse.c |    1 +
+ xinetd/inet.c      |   17 +++++++++++++++++
+ xinetd/options.c   |    3 +++
+ xinetd/xinetd.man  |    6 ++++++
+ 4 files changed, 27 insertions(+), 0 deletions(-)
+
+diff --git a/xinetd/confparse.c b/xinetd/confparse.c
+index db9f431..d7b0bcc 100644
+--- a/xinetd/confparse.c
++++ b/xinetd/confparse.c
+@@ -40,6 +40,7 @@
+ #include "inet.h"
+ #include "main.h"
+ 
++extern int inetd_ipv6;
+ extern int inetd_compat;
+ 
+ /*
+diff --git a/xinetd/inet.c b/xinetd/inet.c
+index 8caab45..2e617ae 100644
+--- a/xinetd/inet.c
++++ b/xinetd/inet.c
+@@ -25,6 +25,8 @@
+ 
+ static psi_h iter ;
+ 
++extern int inetd_ipv6;
++
+ static int get_next_inet_entry( int fd, pset_h sconfs, 
+                           struct service_config *defaults);
+ 
+@@ -360,6 +362,21 @@ static int get_next_inet_entry( int fd, pset_h sconfs,
+          }
+          SC_SERVER_ARGV(scp)[u] = p;
+       }
++
++      /* Set the IPv6 flag if we were passed the -inetd_ipv6 option */
++      if ( inetd_ipv6 )
++      {
++         nvp = nv_find_value( service_flags, "IPv6" );
++         if ( nvp == NULL )
++         {
++            parsemsg( LOG_WARNING, func, "inetd.conf - Bad foo %s", name ) ;
++            pset_destroy(args);
++            sc_free(scp);
++            return -1;
++         }
++         M_SET(SC_XFLAGS(scp), nvp->value);
++      }
++
+       /* Set the reuse flag, as this is the default for inetd */
+       nvp = nv_find_value( service_flags, "REUSE" );
+       if ( nvp == NULL )
+diff --git a/xinetd/options.c b/xinetd/options.c
+index b058b6a..dc2f3a0 100644
+--- a/xinetd/options.c
++++ b/xinetd/options.c
+@@ -30,6 +30,7 @@ int logprocs_option ;
+ unsigned logprocs_option_arg ;
+ int stayalive_option=0;
+ char *program_name ;
++int inetd_ipv6 = 0 ;
+ int inetd_compat = 0 ;
+ int dont_fork = 0;
+ 
+@@ -128,6 +129,8 @@ int opt_recognize( int argc, char *argv[] )
+             fprintf(stderr, "\n");
+             exit(0);
+          }
++         else if ( strcmp ( &argv[ arg ][ 1 ], "inetd_ipv6" ) == 0 )
++            inetd_ipv6 = 1;
+          else if ( strcmp ( &argv[ arg ][ 1 ], "inetd_compat" ) == 0 )
+             inetd_compat = 1;
+       }
+diff --git a/xinetd/xinetd.man b/xinetd/xinetd.man
+index c76c3c6..c9dd803 100644
+--- a/xinetd/xinetd.man
++++ b/xinetd/xinetd.man
+@@ -106,6 +106,12 @@ This option causes xinetd to read /etc/inetd.conf in addition to the
+ standard xinetd config files.  /etc/inetd.conf is read after the
+ standard xinetd config files.
+ .TP
++.BI \-inetd_ipv6
++This option causes xinetd to bind to IPv6 (AF_INET6) addresses for
++inetd compatibility lines (see previous option).  This only affects
++how /etc/inetd.conf is interpreted and thus only has any effect if
++the \-inetd_compat option is also used.
++.TP
+ .BI \-cc " interval"
+ This option instructs
+ .B xinetd
+-- 
+1.5.5.rc0.127.gb4337
+
diff --git a/meta/recipes-extended/xinetd/xinetd/xinetd.conf b/meta/recipes-extended/xinetd/xinetd/xinetd.conf
new file mode 100644
index 0000000000..9e6ea2577e
--- /dev/null
+++ b/meta/recipes-extended/xinetd/xinetd/xinetd.conf
@@ -0,0 +1,11 @@
+# Simple configuration file for xinetd
+#
+# Some defaults, and include /etc/xinetd.d/
+
+defaults
+{
+
+
+}
+
+includedir /etc/xinetd.d
diff --git a/meta/recipes-extended/xinetd/xinetd/xinetd.default b/meta/recipes-extended/xinetd/xinetd/xinetd.default
new file mode 100644
index 0000000000..20a38e3f3e
--- /dev/null
+++ b/meta/recipes-extended/xinetd/xinetd/xinetd.default
@@ -0,0 +1,12 @@
+# Default settings for xinetd. This file is sourced by /bin/sh from
+# /etc/init.d/xinetd
+
+# enable xinetd Inetd compat mode
+INETD_COMPAT=Yes
+
+# Options to pass to xinetd
+#
+# -stayalive comes by default : it can be removed if xinetd is expected
+# not to start when no service is configured
+#
+XINETD_OPTS="-stayalive"
diff --git a/meta/recipes-extended/xinetd/xinetd/xinetd.init b/meta/recipes-extended/xinetd/xinetd/xinetd.init
new file mode 100644
index 0000000000..777c2c8b46
--- /dev/null
+++ b/meta/recipes-extended/xinetd/xinetd/xinetd.init
@@ -0,0 +1,64 @@
+#!/bin/sh
+#
+# /etc/init.d/xinetd  --  script to start and stop xinetd.
+
+# Source function library.
+. /etc/init.d/functions
+
+if test -f /etc/default/xinetd; then
+        . /etc/default/xinetd
+fi
+
+
+test -x /usr/sbin/xinetd || exit 0
+
+checkportmap () {
+  if grep "^[^ *#]" /etc/xinetd.conf | grep -q 'rpc/'; then
+    if ! rpcinfo -u localhost portmapper >/dev/null 2>&1; then
+      echo
+      echo "WARNING: portmapper inactive - RPC services unavailable!"
+      echo "    Commenting out or removing the RPC services from"
+      echo "    the /etc/xinetd.conf file will remove this message."
+      echo
+    fi
+  fi
+} 
+
+case "$1" in
+    start)
+        checkportmap
+        echo -n "Starting internet superserver: xinetd"
+        start-stop-daemon --start --quiet --background --exec /usr/sbin/xinetd -- -pidfile /var/run/xinetd.pid $XINETD_OPTS
+        echo "."
+        ;;
+    stop)
+        echo -n "Stopping internet superserver: xinetd"
+        start-stop-daemon --stop --signal 3 --quiet --exec /usr/sbin/xinetd
+        echo "."
+        ;;
+    status)
+        status /usr/sbin/xinetd;
+        exit $?
+        ;;
+    reload)
+        echo -n "Reloading internet superserver configuration: xinetd"
+        start-stop-daemon --stop --signal 1 --quiet --exec /usr/sbin/xinetd
+        echo "."
+        ;;
+    force-reload)
+        echo "$0 force-reload: Force Reload is deprecated"
+        echo -n "Forcefully reloading internet superserver configuration: xinetd"
+        start-stop-daemon --stop --signal 1 --quiet --exec /usr/sbin/xinetd
+        echo "."
+        ;;
+    restart)
+        $0 stop
+        $0 start
+        ;;
+    *)
+        echo "Usage: /etc/init.d/xinetd {start|stop|status|reload|force-reload|restart}"
+        exit 1
+        ;;
+esac
+
+exit 0