diff --git a/.gitignore b/.gitignore index e69de29..1af4815 100644 --- a/.gitignore +++ b/.gitignore @@ -0,0 +1,3 @@ +hesiod-3.0.2.tar.gz +hesiod-3.1.0.tar.gz +/hesiod-3.2.1.tar.gz diff --git a/Port-to-libidn2.patch b/Port-to-libidn2.patch new file mode 100644 index 0000000..34e7d7b --- /dev/null +++ b/Port-to-libidn2.patch @@ -0,0 +1,70 @@ +From 754ea50b570f72609b1931883bf9908d70ead089 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Mon, 19 Apr 2021 11:35:26 -0400 +Subject: [PATCH 3/3] Port to libidn2 + +Signed-off-by: Robbie Harwood +--- + configure.ac | 20 ++++++++++---------- + src/lib/hesiod.c | 7 +++---- + 2 files changed, 13 insertions(+), 14 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 9098afa..792345a 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -29,16 +29,16 @@ AC_PROG_LIBTOOL + # Checks for libraries. + hesiod_save_LIBS="$LIBS" + LIBS= +-AC_ARG_WITH([libidn], +- [AS_HELP_STRING([--with-libidn], [Support IDN (needs GNU libidn) @<:@check@:>@])], +- [with_libidn="$withval"], +- [with_libidn="check"]) +-AS_IF([test x"$with_libidn" != xno], +- [AC_SEARCH_LIBS([stringprep_check_version], [idn], +- [AC_DEFINE([HAVE_LIBIDN], [1], [Define if libidn is available.])], +- [AS_IF([test x"$with_idn" = xcheck], +- [AC_MSG_WARN([Unable to find libidn.])], +- [AC_MSG_ERROR([--with-libidn was given but libidn was not found.])])])]) ++AC_ARG_WITH([libidn2], ++ [AS_HELP_STRING([--with-libidn2], [Support IDN2 (needs libidn2) @<:@check@:>@])], ++ [with_libidn2="$withval"], ++ [with_libidn2="check"]) ++AS_IF([test x"$with_libidn2" != xno], ++ [AC_SEARCH_LIBS([idn2_to_ascii_8z], [idn2], ++ [AC_DEFINE([HAVE_LIBIDN2], [1], [Define if libidn2 is available.])], ++ [AS_IF([test x"$with_idn2" = xcheck], ++ [AC_MSG_WARN([Unable to find libidn2.])], ++ [AC_MSG_ERROR([--with-libidn2 was given but libidn2 was not found.])])])]) + + AC_CHECK_LIB([resolv], [res_mkquery], [], [ + AC_MSG_CHECKING([if res_mkquery is provided by libresolv with mangled symbols]) +diff --git a/src/lib/hesiod.c b/src/lib/hesiod.c +index e69a8ca..3745d69 100644 +--- a/src/lib/hesiod.c ++++ b/src/lib/hesiod.c +@@ -70,9 +70,8 @@ static const char rcsid[] = "$Id: hesiod.c,v 1.30 2002-04-03 21:40:55 ghudson Ex + #include + #include + #include +-#ifdef HAVE_LIBIDN +-#include +-#include ++#ifdef HAVE_LIBIDN2 ++#include + #endif + #include "hesiod.h" + +@@ -233,7 +232,7 @@ char *hesiod_to_bind(void *context, const char *name, const char *type) + hesiod_free_list(context, rhs_list); + + /* Make a copy of the result and return it to the caller. */ +-#ifdef HAVE_LIBIDN ++#ifdef HAVE_LIBIDN2 + rc = idna_to_ascii_lz(bindname, &idn_ret, 0); + if (rc != IDNA_SUCCESS) + { +-- +2.31.0 + diff --git a/Remove-hard-coded-defaults-for-LHS-and-RHS.patch b/Remove-hard-coded-defaults-for-LHS-and-RHS.patch new file mode 100644 index 0000000..2d93c31 --- /dev/null +++ b/Remove-hard-coded-defaults-for-LHS-and-RHS.patch @@ -0,0 +1,70 @@ +From 91e404cce156bcf74942309a7003fa0dc60b8258 Mon Sep 17 00:00:00 2001 +From: Nalin Dahyabhai +Date: Tue, 3 May 2016 13:34:32 -0400 +Subject: [PATCH 2/3] Remove hard-coded defaults for LHS and RHS + +Don't fall back to using a default LHS or RHS when the configuration +file can't be read. Instead, return an error. +Original report from https://bugzilla.redhat.com/show_bug.cgi?id=1332493 + +(cherry picked from commit 247e2ce1f2aff40040657acaae7f1a1d673d6618) +--- + src/lib/Makefile.am | 2 +- + src/lib/hesiod.c | 21 +-------------------- + 2 files changed, 2 insertions(+), 21 deletions(-) + +diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am +index d092565..e6324b1 100644 +--- a/src/lib/Makefile.am ++++ b/src/lib/Makefile.am +@@ -15,7 +15,7 @@ noinst_PROGRAMS = hestest + hestest_SOURCES = hestest.c + hestest_LDADD = libhesiod.la + +-TESTS_ENVIRONMENT = ./hestest ++TESTS_ENVIRONMENT = HESIOD_CONFIG=$(srcdir)/hesiod.conf.sample ./hestest + TESTS = hestest.conf + + EXTRA_DIST = hesiod.conf.sample hestest.conf +diff --git a/src/lib/hesiod.c b/src/lib/hesiod.c +index 2738713..e69a8ca 100644 +--- a/src/lib/hesiod.c ++++ b/src/lib/hesiod.c +@@ -81,10 +81,6 @@ static const char rcsid[] = "$Id: hesiod.c,v 1.30 2002-04-03 21:40:55 ghudson Ex + #define T_TXT 16 + #endif + +-/* Defaults if the configuration file is not present. */ +-#define DEF_RHS ".athena.mit.edu" +-#define DEF_LHS ".ns" +- + /* Maximum size of a Hesiod response from the DNS. */ + #define MAX_HESRESP 1024 + +@@ -301,22 +297,7 @@ static int read_config_file(struct hesiod_p *ctx, const char *filename) + /* Try to open the configuration file. */ + fp = fopen(filename, "r"); + if (!fp) +- { +- /* Use compiled in default domain names. */ +- ctx->lhs = malloc(strlen(DEF_LHS) + 1); +- ctx->rhs = malloc(strlen(DEF_RHS) + 1); +- if (ctx->lhs && ctx->rhs) +- { +- strcpy(ctx->lhs, DEF_LHS); +- strcpy(ctx->rhs, DEF_RHS); +- return 0; +- } +- else +- { +- errno = ENOMEM; +- return -1; +- } +- } ++ return -1; + + ctx->lhs = NULL; + ctx->rhs = NULL; +-- +2.31.0 + diff --git a/Use-secure_getenv-when-it-s-available.patch b/Use-secure_getenv-when-it-s-available.patch new file mode 100644 index 0000000..7834800 --- /dev/null +++ b/Use-secure_getenv-when-it-s-available.patch @@ -0,0 +1,78 @@ +From bb33136afa333268705c26e4f7e75b93e88db9bd Mon Sep 17 00:00:00 2001 +From: Nalin Dahyabhai +Date: Tue, 3 May 2016 13:32:25 -0400 +Subject: [PATCH 1/3] Use secure_getenv() when it's available + +Factor out logic that attempts to only consult the environment when it's +safe to do so into its own function, and use secure_getenv() instead of +getenv() if it's available. Original report from +https://bugzilla.redhat.com/show_bug.cgi?id=1332508 + +(cherry picked from commit 39b21dac9bc6473365de04d94be0da94941c7c73) +--- + configure.ac | 3 ++- + src/lib/hesiod.c | 15 +++++++++++++-- + 2 files changed, 15 insertions(+), 3 deletions(-) + +diff --git a/configure.ac b/configure.ac +index e5e94d4..9098afa 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -9,6 +9,7 @@ m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) + AC_CONFIG_MACRO_DIR([m4]) + AC_CONFIG_SRCDIR([src/lib/hesiod.h]) + AC_CONFIG_HEADERS([config.h]) ++AC_USE_SYSTEM_EXTENSIONS + + # Checks for programs. + AC_PROG_CC +@@ -80,7 +81,7 @@ AC_EGREP_HEADER([pw_expire], [pwd.h], + # Checks for library functions. + AC_FUNC_MALLOC + AC_FUNC_REALLOC +-AC_CHECK_FUNCS([strchr strdup]) ++AC_CHECK_FUNCS([strchr strdup secure_getenv]) + + AC_CONFIG_FILES([ + Makefile +diff --git a/src/lib/hesiod.c b/src/lib/hesiod.c +index c96aebe..2738713 100644 +--- a/src/lib/hesiod.c ++++ b/src/lib/hesiod.c +@@ -99,6 +99,17 @@ static int read_config_file(struct hesiod_p *ctx, const char *filename); + static char **get_txt_records(struct hesiod_p *ctx, const char *name); + static int cistrcmp(const char *s1, const char *s2); + ++static const char *hesiod_getenv(const char *e) ++{ ++ if ((getuid() != geteuid()) || (getgid() != getegid())) ++ return NULL; ++#ifdef HAVE_SECURE_GETENV ++ return secure_getenv(e); ++#else ++ return getenv(e); ++#endif ++} ++ + /* This function is called to initialize a hesiod_p. */ + int hesiod_init(void **context) + { +@@ -109,13 +120,13 @@ int hesiod_init(void **context) + if (ctx) + { + *context = ctx; +- configname = ((getuid() == geteuid()) && (getgid() == getegid())) ? getenv("HESIOD_CONFIG") : NULL; ++ configname = hesiod_getenv("HESIOD_CONFIG"); + if (!configname) + configname = SYSCONFDIR "/hesiod.conf"; + if (read_config_file(ctx, configname) >= 0) + { + /* The default rhs can be overridden by an environment variable. */ +- p = ((getuid() == geteuid()) && (getgid() == getegid())) ? getenv("HES_DOMAIN") : NULL; ++ p = hesiod_getenv("HES_DOMAIN"); + if (p) + { + if (ctx->rhs) +-- +2.31.0 + diff --git a/hesiod.spec b/hesiod.spec new file mode 100644 index 0000000..34ff9c2 --- /dev/null +++ b/hesiod.spec @@ -0,0 +1,315 @@ +Name: hesiod +Version: 3.2.1 +Release: 15%{?dist} +License: MIT +Summary: Shared libraries for querying the Hesiod naming service + +Source: ftp://athena-dist.mit.edu/pub/ATHENA/hesiod/hesiod-%{version}.tar.gz +Patch0: Use-secure_getenv-when-it-s-available.patch +Patch1: Remove-hard-coded-defaults-for-LHS-and-RHS.patch +Patch2: Port-to-libidn2.patch + +BuildRequires: autoconf, automake, libtool, libidn2-devel, git +Obsoletes: hesinfo < 3.2 + +%global _description\ +Hesiod is a system which uses existing DNS functionality to provide access\ +to databases of information that changes infrequently. It is often used to\ +distribute information kept in the /etc/passwd, /etc/group, and /etc/printcap\ +files, among others. + +%description %_description + +%package devel +Summary: Development libraries and headers for Hesiod +Requires: hesiod = %{version}-%{release} + +%description devel +Hesiod is a system which uses existing DNS functionality to provide access +to databases of information that changes infrequently. It is often used to +distribute information which might otherwise kept in the /etc/passwd, +/etc/group, and /etc/printcap files over a network, eliminating the need to +ensure the files are synchronized among multiple hosts. This package contains +the header files and libraries required for building programs which use Hesiod. + +%package -n compat-hesiod +Summary: %summary +Provides: hesiod = %{version}-%{release} +Obsoletes: hesiod <= %{version}-%{release} + +%description -n compat-hesiod %_description + +%prep +%autosetup -S git +autoreconf -vif + +%build +%configure --disable-static +make + +%install +make install DESTDIR=$RPM_BUILD_ROOT +# Remove libtool archives and static libs +find %{buildroot} -type f -name "*.la" -delete + +%post -p /sbin/ldconfig + +%postun -p /sbin/ldconfig + +%files -n compat-hesiod +%license COPYING +%doc README NEWS +%{_bindir}/* +%{_libdir}/libhesiod.so.* +%{_mandir}/man1/* +%{_mandir}/man5/* + +%files devel +%{_libdir}/libhesiod.so +%{_libdir}/pkgconfig/* +%{_includedir}/hesiod.h +%{_mandir}/man3/* + +%changelog +* Mon Apr 19 2021 Robbie Harwood - 3.2.1-15 +- Import from RHEL 8 and old Fedora; port to libidn2 +- Resolves: #1944157 + +* Thu Oct 11 2018 Robbie Harwood - 3.2.1-14 +- Fix CVE-2016-10152 (hardcoded DNS fallback) +- Fix CVE-2016-10151 (weak SUID check) +- Move package to autosetup + +* Fri Jul 13 2018 Fedora Release Engineering - 3.2.1-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Fri May 18 2018 Adam Williamson - 3.2.1-12 +- Rebuild for new libidn + +* Mon Apr 2 2018 Peter Robinson 3.2.1-11 +- Cleanup and modernise spec + +* Wed Feb 07 2018 Fedora Release Engineering - 3.2.1-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Wed Aug 02 2017 Fedora Release Engineering - 3.2.1-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 3.2.1-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Feb 10 2017 Fedora Release Engineering - 3.2.1-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Wed Feb 03 2016 Fedora Release Engineering - 3.2.1-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Jun 17 2015 Fedora Release Engineering - 3.2.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Sat Aug 16 2014 Fedora Release Engineering - 3.2.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jun 07 2014 Fedora Release Engineering - 3.2.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Sat Aug 03 2013 Fedora Release Engineering - 3.2.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Wed Apr 3 2013 Nalin Dahyabhai - 3.2.1-1 +- update to 3.2.1 + - merged all patches or equivalents + - re-merged hesinfo, so we obsolete it now + - adds a pkgconfig configuration file for libhesiod +- correct inconsistent changelog dates, assuming day-of-week is correct +- add build requirement on libidn-devel +- package the license + +* Thu Feb 14 2013 Fedora Release Engineering - 3.1.0-23 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Thu Jul 19 2012 Fedora Release Engineering - 3.1.0-22 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Fri Jan 13 2012 Fedora Release Engineering - 3.1.0-21 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Wed Feb 09 2011 Fedora Release Engineering - 3.1.0-20 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Fri Feb 19 2010 Nalin Dahyabhai - 3.1.0-19 +- fix the release number noted for the previous changelog entry (#225884) +- remove unapplied "classes" patch (#225884) + +* Wed Jan 13 2010 Nalin Dahyabhai - 3.1.0-18 +- adjust buildroot location (guidelines) +- disable static libraries (guidelines) +- tweak default payload attributes (guidelines) + +* Tue Oct 13 2009 Nalin Dahyabhai - 3.1.0-17 +- add a disttag + +* Fri Jul 24 2009 Fedora Release Engineering - 3.1.0-16 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Tue Feb 24 2009 Fedora Release Engineering - 3.1.0-15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Tue Dec 2 2008 Nalin Dahyabhai - 3.1.0-14 +- adjust the package summary + +* Tue Jul 22 2008 Nalin Dahyabhai - 3.1.0-13 +- rebuild + +* Thu Jun 12 2008 Nalin Dahyabhai - 3.1.0-12 +- call aclocal directly, because autoreconf didn't see the magic comment in + the distributed version of aclocal.m4 which made it look like it was safe + to generate a new one (#449550) + +* Mon Jun 2 2008 Nalin Dahyabhai - 3.1.0-11 +- force autoreconf to overwrite files (should fix #449550) + +* Tue Feb 19 2008 Fedora Release Engineering - 3.1.0-10 +- Autorebuild for GCC 4.3 + +* Wed Aug 23 2006 Nalin Dahyabhai - 3.1.0-9 +- rebuild + +* Mon Jul 17 2006 Nalin Dahyabhai - 3.1.0-8 +- rebuild + +* Fri Jul 7 2006 Nalin Dahyabhai - 3.1.0-7 +- use the system libtool to consistently link libhesiod.la with libresolv + +* Fri Jul 7 2006 Nalin Dahyabhai - 3.1.0-6 +- run autoreconf instead of autoconf after untarring so that we get a + config.h.in which suits the changes we make to configure.in (part of #197938) + +* Tue Jun 20 2006 Nalin Dahyabhai - 3.1.0-5 +- don't override libtool's defaults for permissions on its .la file, because + we don't get debuginfo if the execute bit isn't set (pjones, in #190219) + +* Wed Jun 7 2006 Jeremy Katz - 3.1.0-4 +- rebuild for -devel deps + +* Thu Mar 30 2006 Nalin Dahyabhai - 3.1.0-3 +- no, we really did need that patch + +* Thu Mar 30 2006 Nalin Dahyabhai - 3.1.0-2 +- drop a no-longer-needed patch for detecting libresolv properly + +* Thu Mar 30 2006 Nalin Dahyabhai - 3.1.0-1 +- update to 3.1.0 (#187372) + +* Fri Feb 10 2006 Jesse Keating - 3.0.2-31.2.1 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 3.0.2-31.2 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Wed Mar 16 2005 Nalin Dahyabhai 3.0.2-31 +- rebuild + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Tue Mar 02 2004 Elliot Lee +- rebuilt + +* Fri Feb 13 2004 Elliot Lee +- rebuilt + +* Sun Oct 19 2003 Florian La Roche +- add a %%clean specfile target + +* Mon Jun 16 2003 Nalin Dahyabhai 3.0.2-28 +- rebuild + +* Wed Jun 04 2003 Elliot Lee +- rebuilt + +* Mon Jan 27 2003 Nalin Dahyabhai 3.0.2-26 +- link libhesiod with libresolv on all platforms + +* Wed Jan 22 2003 Tim Powers 3.0.2-25 +- rebuilt + +* Fri Jan 10 2003 Phil Knirsch 3.0.2-24 +- Fixed wrong .so name for s390/s390x. + +* Fri Jan 10 2003 Phil Knirsch 3.0.2-23 +- Build shared lib correctly on s390 and s390x (with gcc -shared -fPIC). + +* Wed Sep 25 2002 Nalin Dahyabhai 3.0.2-22 +- look harder for res_mkquery() in libresolv + +* Wed Aug 21 2002 Nalin Dahyabhai +- don't choke on large response packets + +* Fri Jun 21 2002 Tim Powers +- automated rebuild + +* Sun May 26 2002 Tim Powers +- automated rebuild + +* Thu May 16 2002 Nalin Dahyabhai 3.0.2-19 +- rebuild in new environment + +* Mon Apr 15 2002 Nalin Dahyabhai 3.0.2-18 +- add missing post/postun calls to ldconfig + +* Wed Feb 20 2002 Nalin Dahyabhai 3.0.2-17 +- rebuild in new environment + +* Wed Jan 09 2002 Tim Powers +- automated rebuild + +* Fri Oct 26 2001 Nalin Dahyabhai 3.0.2-15 +- actually set the soname in the shared library (ld doesn't automatically + set the soname to the output file's name, oops) + +* Fri Oct 5 2001 Nalin Dahyabhai 3.0.2-14 +- on second thought, put the shared library back in, using a soversion of 0 + to have a chance at providing compatibility with apps linked dynamically + on other distributions +- make -devel depend on the same version of the main package + +* Wed Oct 3 2001 Nalin Dahyabhai +- remove the shared library patch -- different packages with shared libraries + tend to use different sonames, so we'd run inevitably run into problems + +* Thu Aug 23 2001 Nalin Dahyabhai +- remove pre and post scripts -- authconfig handles that stuff now +- add the hesiod man page back in, as bind-devel doesn't provide it any more + +* Wed Jan 17 2001 Jeremy Katz +- hesiod-devel requires hesiod (bug #128) + +* Thu Sep 14 2000 Jeremy Katz +- remove hesiod man page from hesiod-devel as it conflicts with the one + from bind-devel + +* Thu Sep 14 2000 Jeremy Katz +- use rpm macros where possible and FHS-ify +- split into main and devel packages +- add back requires for nscd + +* Fri Jul 28 2000 Jeremy Katz +- rebuild in new environment + +* Thu Mar 16 2000 Jeremy Katz +- rebuild in new environment + +* Thu Sep 2 1999 Nalin Dahyabhai +- removed dependency on nscd +- changed requires: nscd back to caching-nameserver + +* Mon May 17 1999 Nalin Dahyabhai +- started changelog +- moved addition of hesiod to nsswitch.conf to this package because we + no longer use a separate libnss_hesiod.so +- changed requires: caching-nameserver to nscd +- added post-install script snippet to activate nscd on install diff --git a/sources b/sources new file mode 100644 index 0000000..9148a7f --- /dev/null +++ b/sources @@ -0,0 +1 @@ +d8fe6d7d081c9c14d5d3d8a466998eeb hesiod-3.2.1.tar.gz