From 972dcfcdbfe75dcfeb777150c136576cf1a71e99 Mon Sep 17 00:00:00 2001 From: Tudor Florea Date: Fri, 9 Oct 2015 22:59:03 +0200 Subject: initial commit for Enea Linux 5.0 arm Signed-off-by: Tudor Florea --- ...vices-from-inetd.conf-if-a-service-with-t.patch | 86 ++++++++++++++++ ...arious-fixes-from-the-previous-maintainer.patch | 79 +++++++++++++++ .../xinetd/xinetd/xinetd-CVE-2013-4342.patch | 32 ++++++ ...uld-be-able-to-listen-on-IPv6-even-in-ine.patch | 112 +++++++++++++++++++++ meta/recipes-extended/xinetd/xinetd/xinetd.conf | 11 ++ meta/recipes-extended/xinetd/xinetd/xinetd.default | 12 +++ meta/recipes-extended/xinetd/xinetd/xinetd.init | 64 ++++++++++++ 7 files changed, 396 insertions(+) create mode 100644 meta/recipes-extended/xinetd/xinetd/Disable-services-from-inetd.conf-if-a-service-with-t.patch create mode 100644 meta/recipes-extended/xinetd/xinetd/Various-fixes-from-the-previous-maintainer.patch create mode 100644 meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch create mode 100644 meta/recipes-extended/xinetd/xinetd/xinetd-should-be-able-to-listen-on-IPv6-even-in-ine.patch create mode 100644 meta/recipes-extended/xinetd/xinetd/xinetd.conf create mode 100644 meta/recipes-extended/xinetd/xinetd/xinetd.default create mode 100644 meta/recipes-extended/xinetd/xinetd/xinetd.init (limited to 'meta/recipes-extended/xinetd/xinetd') diff --git a/meta/recipes-extended/xinetd/xinetd/Disable-services-from-inetd.conf-if-a-service-with-t.patch b/meta/recipes-extended/xinetd/xinetd/Disable-services-from-inetd.conf-if-a-service-with-t.patch new file mode 100644 index 0000000000..cd6e6c1078 --- /dev/null +++ b/meta/recipes-extended/xinetd/xinetd/Disable-services-from-inetd.conf-if-a-service-with-t.patch @@ -0,0 +1,86 @@ +Upstream-Status: Pending [from other distro Debian] + +From d588b6530e1382a624898b3f4307f636c72c80a9 Mon Sep 17 00:00:00 2001 +From: Pierre Habouzit +Date: Wed, 28 Nov 2007 10:13:08 +0100 +Subject: [PATCH] Disable services from inetd.conf if a service with the same id exists. + + This way, if a service is enabled in /etc/xinetd* _and_ in +/etc/inetd.conf, the one (even if disabled) from /etc/xinetd* takes +precedence. + +Signed-off-by: Pierre Habouzit +--- + xinetd/inet.c | 22 +++++++++++++++++++--- + 1 files changed, 19 insertions(+), 3 deletions(-) + +diff --git a/xinetd/inet.c b/xinetd/inet.c +index 1cb2ba2..8caab45 100644 +--- a/xinetd/inet.c ++++ b/xinetd/inet.c +@@ -23,6 +23,8 @@ + #include "parsesup.h" + #include "nvlists.h" + ++static psi_h iter ; ++ + static int get_next_inet_entry( int fd, pset_h sconfs, + struct service_config *defaults); + +@@ -32,12 +34,15 @@ void parse_inet_conf_file( int fd, struct configuration *confp ) + struct service_config *default_config = CNF_DEFAULTS( confp ); + + line_count = 0; ++ iter = psi_create (sconfs); + + for( ;; ) + { + if (get_next_inet_entry(fd, sconfs, default_config) == -2) + break; + } ++ ++ psi_destroy(iter); + } + + static int get_next_inet_entry( int fd, pset_h sconfs, +@@ -46,7 +51,7 @@ static int get_next_inet_entry( int fd, pset_h sconfs, + char *p; + str_h strp; + char *line = next_line(fd); +- struct service_config *scp; ++ struct service_config *scp, *tmp; + unsigned u, i; + const char *func = "get_next_inet_entry"; + char *name = NULL, *rpcvers = NULL, *rpcproto = NULL; +@@ -405,7 +410,16 @@ static int get_next_inet_entry( int fd, pset_h sconfs, + SC_SPECIFY( scp, A_SOCKET_TYPE ); + SC_SPECIFY( scp, A_WAIT ); + +- if( ! pset_add(sconfs, scp) ) ++ for ( tmp = SCP( psi_start( iter ) ) ; tmp ; tmp = SCP( psi_next(iter)) ){ ++ if (EQ(SC_ID(scp), SC_ID(tmp))) { ++ parsemsg(LOG_DEBUG, func, "removing duplicate service %s", SC_NAME(scp)); ++ sc_free(scp); ++ scp = NULL; ++ break; ++ } ++ } ++ ++ if( scp && ! pset_add(sconfs, scp) ) + { + out_of_memory( func ); + pset_destroy(args); +@@ -414,7 +428,9 @@ static int get_next_inet_entry( int fd, pset_h sconfs, + } + + pset_destroy(args); +- parsemsg( LOG_DEBUG, func, "added service %s", SC_NAME(scp)); ++ if (scp) { ++ parsemsg( LOG_DEBUG, func, "added service %s", SC_NAME(scp)); ++ } + return 0; + } + +-- +1.5.3.6.2040.g15e6 + diff --git a/meta/recipes-extended/xinetd/xinetd/Various-fixes-from-the-previous-maintainer.patch b/meta/recipes-extended/xinetd/xinetd/Various-fixes-from-the-previous-maintainer.patch new file mode 100644 index 0000000000..8e59cdcaae --- /dev/null +++ b/meta/recipes-extended/xinetd/xinetd/Various-fixes-from-the-previous-maintainer.patch @@ -0,0 +1,79 @@ +Upstream-Status: Pending [from other distro Debian] + +From a3410b0bc81ab03a889d9ffc14e351badf8372f1 Mon Sep 17 00:00:00 2001 +From: Pierre Habouzit +Date: Mon, 26 Nov 2007 16:02:04 +0100 +Subject: [PATCH] Various fixes from the previous maintainer. + +--- + xinetd/child.c | 20 +++++++++++++++++--- + xinetd/service.c | 8 ++++---- + 2 files changed, 21 insertions(+), 7 deletions(-) + +diff --git a/xinetd/child.c b/xinetd/child.c +index 89ee54c..48e9615 100644 +--- a/xinetd/child.c ++++ b/xinetd/child.c +@@ -284,6 +284,7 @@ void child_process( struct server *serp ) + connection_s *cp = SERVER_CONNECTION( serp ) ; + struct service_config *scp = SVC_CONF( sp ) ; + const char *func = "child_process" ; ++ int fd, null_fd; + + signal_default_state(); + +@@ -296,9 +297,22 @@ void child_process( struct server *serp ) + signals_pending[0] = -1; + signals_pending[1] = -1; + +- Sclose(0); +- Sclose(1); +- Sclose(2); ++ if ( ( null_fd = open( "/dev/null", O_RDONLY ) ) == -1 ) ++ { ++ msg( LOG_ERR, func, "open('/dev/null') failed: %m") ; ++ _exit( 1 ) ; ++ } ++ ++ for ( fd = 0 ; fd <= MAX_PASS_FD ; fd++ ) ++ { ++ if ( fd != null_fd && dup2( null_fd, fd ) == -1 ) ++ { ++ msg( LOG_ERR, func, "dup2(%d, %d) failed: %m") ; ++ _exit( 1 ) ; ++ } ++ } ++ if ( null_fd > MAX_PASS_FD ) ++ (void) Sclose( null_fd ) ; + + + #ifdef DEBUG_SERVER +diff --git a/xinetd/service.c b/xinetd/service.c +index 3d68d78..0132d6c 100644 +--- a/xinetd/service.c ++++ b/xinetd/service.c +@@ -745,8 +745,8 @@ static status_e failed_service(struct service *sp, + return FAILED; + + if ( last == NULL ) { +- last = SAIN( calloc( 1, sizeof(union xsockaddr) ) ); +- SVC_LAST_DGRAM_ADDR(sp) = (union xsockaddr *)last; ++ SVC_LAST_DGRAM_ADDR(sp) = SAIN( calloc( 1, sizeof(union xsockaddr) ) ); ++ last = SAIN( SVC_LAST_DGRAM_ADDR(sp) ); + } + + (void) time( ¤t_time ) ; +@@ -772,8 +772,8 @@ static status_e failed_service(struct service *sp, + return FAILED; + + if( last == NULL ) { +- last = SAIN6(calloc( 1, sizeof(union xsockaddr) ) ); +- SVC_LAST_DGRAM_ADDR( sp ) = (union xsockaddr *)last; ++ SVC_LAST_DGRAM_ADDR(sp) = SAIN6(calloc( 1, sizeof(union xsockaddr) ) ); ++ last = SAIN6(SVC_LAST_DGRAM_ADDR(sp)); + } + + (void) time( ¤t_time ) ; +-- +1.5.3.6.2040.g15e6 + diff --git a/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch b/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch new file mode 100644 index 0000000000..0542dbe835 --- /dev/null +++ b/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch @@ -0,0 +1,32 @@ +xinetd: CVE-2013-4342 + +xinetd does not enforce the user and group configuration directives +for TCPMUX services, which causes these services to be run as root +and makes it easier for remote attackers to gain privileges by +leveraging another vulnerability in a service. +http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4342 + +the patch come from: +https://bugzilla.redhat.com/attachment.cgi?id=799732&action=diff + +Signed-off-by: Li Wang +--- + xinetd/builtins.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/xinetd/builtins.c b/xinetd/builtins.c +index 3b85579..34a5bac 100644 +--- a/xinetd/builtins.c ++++ b/xinetd/builtins.c +@@ -617,7 +617,7 @@ static void tcpmux_handler( const struct server *serp ) + if( SC_IS_INTERNAL( scp ) ) { + SC_INTERNAL(scp, nserp); + } else { +- exec_server(nserp); ++ child_process(nserp); + } + } + +-- +1.7.9.5 + diff --git a/meta/recipes-extended/xinetd/xinetd/xinetd-should-be-able-to-listen-on-IPv6-even-in-ine.patch b/meta/recipes-extended/xinetd/xinetd/xinetd-should-be-able-to-listen-on-IPv6-even-in-ine.patch new file mode 100644 index 0000000000..2365ca123b --- /dev/null +++ b/meta/recipes-extended/xinetd/xinetd/xinetd-should-be-able-to-listen-on-IPv6-even-in-ine.patch @@ -0,0 +1,112 @@ +Upstream-Status: Pending [from other distro Debian] + +From f44b218ccc779ab3f4aed072390ccf129d94b58d Mon Sep 17 00:00:00 2001 +From: David Madore +Date: Mon, 24 Mar 2008 12:45:36 +0100 +Subject: [PATCH] xinetd should be able to listen on IPv6 even in -inetd_compat mode + +xinetd does not bind to IPv6 addresses (and does not seem to have an +option to do so) when used in -inetd_compat mode. As current inetd's +are IPv6-aware, this is a problem: this means xinetd cannot be used as +a drop-in inetd replacement. + +The attached patch is a suggestion: it adds a -inetd_ipv6 global +option that, if used, causes inetd-compatibility lines to have an +implicit "IPv6" option. Perhaps this is not the best solution, but +there should definitely be a way to get inetd.conf to be read in +IPv6-aware mode. +--- + xinetd/confparse.c | 1 + + xinetd/inet.c | 17 +++++++++++++++++ + xinetd/options.c | 3 +++ + xinetd/xinetd.man | 6 ++++++ + 4 files changed, 27 insertions(+), 0 deletions(-) + +diff --git a/xinetd/confparse.c b/xinetd/confparse.c +index db9f431..d7b0bcc 100644 +--- a/xinetd/confparse.c ++++ b/xinetd/confparse.c +@@ -40,6 +40,7 @@ + #include "inet.h" + #include "main.h" + ++extern int inetd_ipv6; + extern int inetd_compat; + + /* +diff --git a/xinetd/inet.c b/xinetd/inet.c +index 8caab45..2e617ae 100644 +--- a/xinetd/inet.c ++++ b/xinetd/inet.c +@@ -25,6 +25,8 @@ + + static psi_h iter ; + ++extern int inetd_ipv6; ++ + static int get_next_inet_entry( int fd, pset_h sconfs, + struct service_config *defaults); + +@@ -360,6 +362,21 @@ static int get_next_inet_entry( int fd, pset_h sconfs, + } + SC_SERVER_ARGV(scp)[u] = p; + } ++ ++ /* Set the IPv6 flag if we were passed the -inetd_ipv6 option */ ++ if ( inetd_ipv6 ) ++ { ++ nvp = nv_find_value( service_flags, "IPv6" ); ++ if ( nvp == NULL ) ++ { ++ parsemsg( LOG_WARNING, func, "inetd.conf - Bad foo %s", name ) ; ++ pset_destroy(args); ++ sc_free(scp); ++ return -1; ++ } ++ M_SET(SC_XFLAGS(scp), nvp->value); ++ } ++ + /* Set the reuse flag, as this is the default for inetd */ + nvp = nv_find_value( service_flags, "REUSE" ); + if ( nvp == NULL ) +diff --git a/xinetd/options.c b/xinetd/options.c +index b058b6a..dc2f3a0 100644 +--- a/xinetd/options.c ++++ b/xinetd/options.c +@@ -30,6 +30,7 @@ int logprocs_option ; + unsigned logprocs_option_arg ; + int stayalive_option=0; + char *program_name ; ++int inetd_ipv6 = 0 ; + int inetd_compat = 0 ; + int dont_fork = 0; + +@@ -128,6 +129,8 @@ int opt_recognize( int argc, char *argv[] ) + fprintf(stderr, "\n"); + exit(0); + } ++ else if ( strcmp ( &argv[ arg ][ 1 ], "inetd_ipv6" ) == 0 ) ++ inetd_ipv6 = 1; + else if ( strcmp ( &argv[ arg ][ 1 ], "inetd_compat" ) == 0 ) + inetd_compat = 1; + } +diff --git a/xinetd/xinetd.man b/xinetd/xinetd.man +index c76c3c6..c9dd803 100644 +--- a/xinetd/xinetd.man ++++ b/xinetd/xinetd.man +@@ -106,6 +106,12 @@ This option causes xinetd to read /etc/inetd.conf in addition to the + standard xinetd config files. /etc/inetd.conf is read after the + standard xinetd config files. + .TP ++.BI \-inetd_ipv6 ++This option causes xinetd to bind to IPv6 (AF_INET6) addresses for ++inetd compatibility lines (see previous option). This only affects ++how /etc/inetd.conf is interpreted and thus only has any effect if ++the \-inetd_compat option is also used. ++.TP + .BI \-cc " interval" + This option instructs + .B xinetd +-- +1.5.5.rc0.127.gb4337 + diff --git a/meta/recipes-extended/xinetd/xinetd/xinetd.conf b/meta/recipes-extended/xinetd/xinetd/xinetd.conf new file mode 100644 index 0000000000..9e6ea2577e --- /dev/null +++ b/meta/recipes-extended/xinetd/xinetd/xinetd.conf @@ -0,0 +1,11 @@ +# Simple configuration file for xinetd +# +# Some defaults, and include /etc/xinetd.d/ + +defaults +{ + + +} + +includedir /etc/xinetd.d diff --git a/meta/recipes-extended/xinetd/xinetd/xinetd.default b/meta/recipes-extended/xinetd/xinetd/xinetd.default new file mode 100644 index 0000000000..20a38e3f3e --- /dev/null +++ b/meta/recipes-extended/xinetd/xinetd/xinetd.default @@ -0,0 +1,12 @@ +# Default settings for xinetd. This file is sourced by /bin/sh from +# /etc/init.d/xinetd + +# enable xinetd Inetd compat mode +INETD_COMPAT=Yes + +# Options to pass to xinetd +# +# -stayalive comes by default : it can be removed if xinetd is expected +# not to start when no service is configured +# +XINETD_OPTS="-stayalive" diff --git a/meta/recipes-extended/xinetd/xinetd/xinetd.init b/meta/recipes-extended/xinetd/xinetd/xinetd.init new file mode 100644 index 0000000000..777c2c8b46 --- /dev/null +++ b/meta/recipes-extended/xinetd/xinetd/xinetd.init @@ -0,0 +1,64 @@ +#!/bin/sh +# +# /etc/init.d/xinetd -- script to start and stop xinetd. + +# Source function library. +. /etc/init.d/functions + +if test -f /etc/default/xinetd; then + . /etc/default/xinetd +fi + + +test -x /usr/sbin/xinetd || exit 0 + +checkportmap () { + if grep "^[^ *#]" /etc/xinetd.conf | grep -q 'rpc/'; then + if ! rpcinfo -u localhost portmapper >/dev/null 2>&1; then + echo + echo "WARNING: portmapper inactive - RPC services unavailable!" + echo " Commenting out or removing the RPC services from" + echo " the /etc/xinetd.conf file will remove this message." + echo + fi + fi +} + +case "$1" in + start) + checkportmap + echo -n "Starting internet superserver: xinetd" + start-stop-daemon --start --quiet --background --exec /usr/sbin/xinetd -- -pidfile /var/run/xinetd.pid $XINETD_OPTS + echo "." + ;; + stop) + echo -n "Stopping internet superserver: xinetd" + start-stop-daemon --stop --signal 3 --quiet --exec /usr/sbin/xinetd + echo "." + ;; + status) + status /usr/sbin/xinetd; + exit $? + ;; + reload) + echo -n "Reloading internet superserver configuration: xinetd" + start-stop-daemon --stop --signal 1 --quiet --exec /usr/sbin/xinetd + echo "." + ;; + force-reload) + echo "$0 force-reload: Force Reload is deprecated" + echo -n "Forcefully reloading internet superserver configuration: xinetd" + start-stop-daemon --stop --signal 1 --quiet --exec /usr/sbin/xinetd + echo "." + ;; + restart) + $0 stop + $0 start + ;; + *) + echo "Usage: /etc/init.d/xinetd {start|stop|status|reload|force-reload|restart}" + exit 1 + ;; +esac + +exit 0 -- cgit v1.2.3-54-g00ecf