Import rpm: c8s

2023-02-27 12:21:11 -05:00 · 2023-02-27 12:21:11 -05:00 · fa56ea37b7
commit fa56ea37b7
6 changed files with 148 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,2 @@
+SOURCES/authd-1.4.4.tar.gz
+/authd-1.4.4.tar.gz
--- a/auth.socket
+++ b/auth.socket
@ -0,0 +1,9 @@
+[Unit]
+Description=Authd Activation Socket
+
+[Socket]
+ListenStream=113
+Accept=true
+
+[Install]
+WantedBy=sockets.target
--- a/auth@.service
+++ b/auth@.service
@ -0,0 +1,8 @@
+[Unit]
+Description=Authd Ident Protocol Requests Server
+After=local-fs.target
+
+[Service]
+User=ident
+ExecStart=/usr/sbin/in.authd -t60 --xerror --os -E
+StandardInput=socket
--- a/authd-covscan.patch
+++ b/authd-covscan.patch
@ -0,0 +1,36 @@
+diff --git a/authd.c b/authd.c
+index a2072de..07c6f0d 100644
+--- a/authd.c
+++ b/authd.c
+@@ -539,7 +538,9 @@ static char *get_created_tok_addr(const char *peer_addr_hex) {
+             }
+             // hex addr must have even number of digits
+             if ((int) z & 1) {
+-                errno = EINVAL; return NULL;
+                free(addr);
+                errno = EINVAL;
+                return NULL;
+             }
+             while (z > 1) {
+                 unsigned long ul; char *endptr;
+@@ -548,7 +549,9 @@ static char *get_created_tok_addr(const char *peer_addr_hex) {
+                 addr_hex[z] = '\0'; z -= HEX_DIG;
+                 ul = strtoul(addr_hex + z, &endptr, 16);
+                 if (is_bad_strto(addr_hex + z, endptr)) {
+-                    errno = EINVAL; return NULL;
+                    free(addr); 
+                    errno = EINVAL;
+                    return NULL;
+                 }
+ 	        if ((!IS_IPV4 || 6 == z) && is_16_bits)
+                     *p++ = ':';
+@@ -809,7 +812,7 @@ static bool initialize_crypto(crypto_t *x, const char *filename) {
+         const EVP_MD *const HASH = EVP_md5();   // openssl compat: enc -pass
+         const size_t KEY_SIZE = EVP_CIPHER_key_length(x->cipher);
+         const size_t IV_SIZE = EVP_CIPHER_iv_length(x->cipher);
+-        char *pass = NULL; size_t z = 0;
+        unsigned char *pass = NULL; size_t z = 0;
+ 
+         if (!S_ISREG(file.st_mode)) return false;       // no dirs, devs, etc.
+         if  (file.st_mode & (S_IROTH | S_IWOTH)) return false;  // no ------rw-
+
--- a/authd.spec
+++ b/authd.spec
@ -0,0 +1,92 @@
+%global _hardened_build 1
+
+Summary: A RFC 1413 ident protocol daemon
+Name: authd
+Version: 1.4.4
+Release: 5%{?dist}.1
+License: GPLv2+
+URL: https://github.com/InfrastructureServices/authd
+Obsoletes: pidentd < 3.2
+Provides: pidentd = 3.2
+Requires(post): openssl
+Source0: https://github.com/InfrastructureServices/authd/releases/download/v1.4.4/authd-1.4.4.tar.gz
+Source1: auth.socket
+Source2: auth@.service
+BuildRequires:  gcc
+BuildRequires: openssl-devel gettext help2man systemd-units
+Requires(post): systemd-units
+Requires(preun): systemd-units
+Requires(postun): systemd-units
+
+Patch0: authd-covscan.patch
+
+%description
+authd is a small and fast RFC 1413 ident protocol daemon
+with both xinetd server and interactive modes that
+supports IPv6 and IPv4 as well as the more popular features
+of pidentd.
+
+%prep
+%autosetup
+
+%build
+make prefix=%{_prefix} CFLAGS="%{optflags}" \
+        LDFLAGS="-lcrypto %{build_ldflags}"
+
+%install
+%make_install datadir=%{buildroot}/%{_datadir} \
+	sbindir=%{buildroot}/%{_sbindir}
+
+install -d %{buildroot}%{_unitdir}/
+install -m 644 %{SOURCE1} %{buildroot}%{_unitdir}/
+install -m 644 %{SOURCE2} %{buildroot}%{_unitdir}/
+
+install -d %{buildroot}%{_sysconfdir}/
+touch %{buildroot}%{_sysconfdir}/ident.key
+
+install -d %{buildroot}/%{_mandir}/man1/
+help2man -N -v -V %{buildroot}/%{_sbindir}/in.authd -o \
+         %{buildroot}/%{_mandir}/man1/in.authd.1
+
+%find_lang %{name}
+
+%post
+/usr/sbin/adduser -s /sbin/nologin -u 98 -r -d '/' ident 2>/dev/null || true
+/usr/bin/openssl rand -base64 -out %{_sysconfdir}/ident.key 32
+echo CHANGE THE LINE ABOVE TO A PASSPHRASE >> %{_sysconfdir}/ident.key
+/bin/chown ident:ident %{_sysconfdir}/ident.key
+chmod o-rw %{_sysconfdir}/ident.key
+%systemd_post auth.socket
+
+%postun
+%systemd_postun_with_restart auth.socket
+
+%preun
+%systemd_preun auth.socket
+
+%files -f authd.lang
+%license COPYING
+%verify(not md5 size mtime user group) %config(noreplace) %attr(640,root,root) %{_sysconfdir}/ident.key
+%doc COPYING README.html rfc1413.txt
+%{_sbindir}/in.authd
+%{_mandir}/*/*
+%{_unitdir}/*
+
+%changelog
+* Wed Jul 17 2019 Pavel Zhukov <pzhukov@redhat.com> - 1.4.4-5.1
+- Resolves: #1722492 - Partially revert covscan fix 
+
+* Mon Feb 18 2019 Pavel Zhukov <pzhukov@redhat.com> - 1.4.4-5
+- Related: #1642073 - Properly pass hardened ld flags
+- Fix covscan reported errors
+
+* Sun Feb 17 2019 Pavel Zhukov <pzhukov@redhat.com> - 1.4.4-2
+- Related: #1642073 - Rebuild with RHEL CFLAGS
+- Enabled hardered build
+
+* Tue Feb 12 2019 Pavel Zhukov <pzhukov@redhat.com> - 1.4.4-1
+- Import from Fedora
+- New release (v1.4.4)
+- New upstream URL
+
+
--- a/1
+++ b/1
@ -0,0 +1 @@
+SHA512 (authd-1.4.4.tar.gz) = ef447006136b64b771dc0515dff09c729b0618c5652396ddfc9af5ed89dd71a3449ddbc70ffb9df317a84a0a7f8c9f080b044885bd6e6814a91d867d48414013
				`@ -0,0 +1 @@`
				`SHA512 (authd-1.4.4.tar.gz) = ef447006136b64b771dc0515dff09c729b0618c5652396ddfc9af5ed89dd71a3449ddbc70ffb9df317a84a0a7f8c9f080b044885bd6e6814a91d867d48414013`