rpms
/
xinetd
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import xinetd-2.3.15-24.el8

This commit is contained in:
CentOS Sources 2020-09-18 08:08:37 +00:00 committed by Andrew Lukoshko
commit 4d6477ac5d
31 changed files with 2951 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
SOURCES/xinetd-2.3.15.tar.gz

1
.xinetd.metadata Normal file
View File

@ -0,0 +1 @@
168d54aeb181e271e68f4c53847c3e6b2574dba6 SOURCES/xinetd-2.3.15.tar.gz

251
SOURCES/xinetd-2.3.14-autoconf.patch Normal file
View File

@ -0,0 +1,251 @@
--- xinetd-2.3.14/configure.in 2009-07-27 13:27:59.000000000 +0200
+++ xinetd-2.3.14-mod/configure.in 2009-07-29 10:05:44.000000000 +0200
@@ -20,34 +20,34 @@ AC_CHECK_FUNCS(ecvt, ,
AC_CHECK_FUNCS(gcvt, ,
AC_CHECK_LIB(m, gcvt))
-AC_CHECK_FUNC(strerror, [AC_DEFINE(HAVE_STRERROR)])
-AC_CHECK_FUNC(strcasecmp, [AC_DEFINE(HAVE_STRCASECMP)])
+AC_CHECK_FUNC(strerror, [AC_DEFINE(HAVE_STRERROR, 1, "")])
+AC_CHECK_FUNC(strcasecmp, [AC_DEFINE(HAVE_STRCASECMP, 1, "")])
AC_CHECK_FUNC(socket, ,
AC_CHECK_LIB(socket, socket, ,
AC_CHECK_LIB(nsl, socket)))
AC_CHECK_FUNC(inet_aton, ,
AC_CHECK_LIB(nsl, inet_aton, ,
AC_CHECK_LIB(socket, inet_aton, ,
- AC_CHECK_LIB(resolv, inet_aton, ,[AC_DEFINE(NO_INET_ATON)]))))
-AC_CHECK_FUNC(setenv,[AC_DEFINE(HAVE_SETENV)])
-AC_CHECK_FUNC(strsignal, [AC_DEFINE(HAVE_STRSIGNAL)])
-AC_CHECK_LIB(c, sys_siglist, [AC_DEFINE(HAVE_SYS_SIGLIST)])
-AC_CHECK_FUNC(gai_strerror,[AC_DEFINE(HAVE_GAI_STRERROR)])
-AC_CHECK_FUNC(freeaddrinfo,[AC_DEFINE(HAVE_FREEADDRINFO)])
-AC_CHECK_FUNC(getaddrinfo,[AC_DEFINE(HAVE_GETADDRINFO)])
+ AC_CHECK_LIB(resolv, inet_aton, ,[AC_DEFINE(NO_INET_ATON, 1, "")]))))
+AC_CHECK_FUNC(setenv,[AC_DEFINE(HAVE_SETENV, 1, "")])
+AC_CHECK_FUNC(strsignal, [AC_DEFINE(HAVE_STRSIGNAL, 1, "")])
+AC_CHECK_LIB(c, sys_siglist, [AC_DEFINE(HAVE_SYS_SIGLIST, 1, "")])
+AC_CHECK_FUNC(gai_strerror,[AC_DEFINE(HAVE_GAI_STRERROR, 1, "")])
+AC_CHECK_FUNC(freeaddrinfo,[AC_DEFINE(HAVE_FREEADDRINFO, 1, "")])
+AC_CHECK_FUNC(getaddrinfo,[AC_DEFINE(HAVE_GETADDRINFO, 1, "")])
AC_CHECK_HEADERS(sys/types.h sys/termios.h termios.h sys/ioctl.h sys/select.h rpc/rpc.h rpc/rpcent.h sys/file.h ftw.h machine/reg.h netdb.h)
-AC_CHECK_HEADER(sys/resource.h, [AC_DEFINE(HAVE_SYS_RESOURCE_H)])
-AC_CHECK_HEADER(arpa/inet.h, [AC_DEFINE(HAVE_ARPA_INET_H)])
-AC_CHECK_HEADER(grp.h, [AC_DEFINE(HAVE_GRP_H)])
-AC_CHECK_HEADER(rpc/pmap_clnt.h, [AC_DEFINE(HAVE_RPC_PMAP_CLNT_H)])
-AC_CHECK_HEADER(sys/socket.h, [AC_DEFINE(HAVE_SYS_SOCKET_H)])
-AC_CHECK_HEADER(sys/signal.h, [AC_DEFINE(HAVE_SYS_SIGNAL_H)])
-AC_CHECK_HEADER(crypt.h, [AC_DEFINE(HAVE_CRYPT_H)])
-AC_CHECK_HEADER(stdint.h, [AC_DEFINE(HAVE_STDINT_H)])
-AC_CHECK_HEADER(stdbool.h, [AC_DEFINE(HAVE_STDBOOL_H)])
-AC_CHECK_HEADER(sys/filio.h, [AC_DEFINE(HAVE_SYS_FILIO_H)])
-AC_CHECK_HEADER(DNSServiceDiscovery/DNSServiceDiscovery.h, [AC_DEFINE(HAVE_DNSREGISTRATION) AC_DEFINE(HAVE_MDNS)])
+AC_CHECK_HEADER(sys/resource.h, [AC_DEFINE(HAVE_SYS_RESOURCE_H, 1, "")])
+AC_CHECK_HEADER(arpa/inet.h, [AC_DEFINE(HAVE_ARPA_INET_H, 1, "")])
+AC_CHECK_HEADER(grp.h, [AC_DEFINE(HAVE_GRP_H, 1, "")])
+AC_CHECK_HEADER(rpc/pmap_clnt.h, [AC_DEFINE(HAVE_RPC_PMAP_CLNT_H, 1, "")])
+AC_CHECK_HEADER(sys/socket.h, [AC_DEFINE(HAVE_SYS_SOCKET_H, 1, "")])
+AC_CHECK_HEADER(sys/signal.h, [AC_DEFINE(HAVE_SYS_SIGNAL_H, 1, "")])
+AC_CHECK_HEADER(crypt.h, [AC_DEFINE(HAVE_CRYPT_H, 1, "")])
+AC_CHECK_HEADER(stdint.h, [AC_DEFINE(HAVE_STDINT_H, 1, "")])
+AC_CHECK_HEADER(stdbool.h, [AC_DEFINE(HAVE_STDBOOL_H, 1, "")])
+AC_CHECK_HEADER(sys/filio.h, [AC_DEFINE(HAVE_SYS_FILIO_H, 1, "")])
+AC_CHECK_HEADER(DNSServiceDiscovery/DNSServiceDiscovery.h, [AC_DEFINE(HAVE_DNSREGISTRATION, 1, "") AC_DEFINE(HAVE_MDNS, 1, "")])
AC_ARG_WITH(howl, [ --with-howl=PATH Compile in howl support.
PATH is the prefix where howl is installed,
@@ -56,7 +56,7 @@ AC_ARG_WITH(howl, [ --with-howl=PATH
OLDLDFLAGS=$LDFLAGS; LDFLAGS="-L$withval/lib/ $LDFLAGS";
OLDCPPFLAGS=$CPPFLAGS; CPPFLAGS="-I$withval/include/howl/ $CPPFLAGS";
AC_CHECK_HEADER($withval/include/howl/howl.h,
- [AC_DEFINE(HAVE_HOWL) AC_DEFINE(HAVE_MDNS)],
+ [AC_DEFINE(HAVE_HOWL, 1, "") AC_DEFINE(HAVE_MDNS, 1, "")],
[CFLAGS=$OLDCFLAGS; LDFLAGS=$OLDLDFLAGS; CPPFLAGS=$OLDCPPFLAGS;])
AC_CHECK_LIB(howl, sw_discovery_publish, [LIBS="-lhowl $LIBS"], [
OLDLIBS=$LIBS; LIBS="-lpthread $LIBS";
@@ -88,7 +88,7 @@ AC_CACHE_CHECK([for struct addrinfo], ac
)
])
if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
- AC_DEFINE(HAVE_STRUCT_ADDRINFO)
+ AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1, "")
fi
AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
@@ -103,7 +103,7 @@ AC_CACHE_CHECK([for struct in6_addr], ac
)
])
if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
- AC_DEFINE(HAVE_STRUCT_IN6_ADDR)
+ AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1, "")
fi
AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
@@ -118,7 +118,7 @@ AC_CACHE_CHECK([for struct sockaddr_in6]
)
])
if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
- AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6)
+ AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1, "")
fi
AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
@@ -133,15 +133,15 @@ AC_CACHE_CHECK([for struct sockaddr_stor
)
])
if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
- AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
+ AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1, "")
fi
case "$target_os" in
solaris*)
- AC_DEFINE(N0_SIGLIST)
- AC_DEFINE(solaris)
+ AC_DEFINE(N0_SIGLIST, 1, "")
+ AC_DEFINE(solaris, 1, "")
AC_MSG_CHECKING(whether to compile in loadavg)
AC_ARG_WITH(loadavg,
@@ -153,12 +153,12 @@ solaris*)
yes)
AC_MSG_RESULT(yes)
AC_CHECK_LIB(kstat, main)
- AC_CHECK_HEADER(kstat.h, [AC_DEFINE(HAVE_KSTAT_H)])
- AC_DEFINE(HAVE_LOADAVG)
+ AC_CHECK_HEADER(kstat.h, [AC_DEFINE(HAVE_KSTAT_H, 1, "")])
+ AC_DEFINE(HAVE_LOADAVG, 1, "")
;;
*)
AC_MSG_RESULT(yes)
- AC_DEFINE(HAVE_LOADAVG)
+ AC_DEFINE(HAVE_LOADAVG, 1, "")
;;
esac ], AC_MSG_RESULT(no) )
;;
@@ -172,11 +172,11 @@ osf*)
;;
yes)
AC_MSG_RESULT(yes)
- AC_DEFINE(HAVE_LOADAVG)
+ AC_DEFINE(HAVE_LOADAVG, 1, "")
;;
*)
AC_MSG_RESULT(yes)
- AC_DEFINE(HAVE_LOADAVG)
+ AC_DEFINE(HAVE_LOADAVG, 1, "")
;;
esac ], AC_MSG_RESULT(no))
;;
@@ -191,18 +191,18 @@ linux*|freebsd*)
;;
yes)
AC_MSG_RESULT(yes)
- AC_DEFINE(HAVE_LOADAVG)
+ AC_DEFINE(HAVE_LOADAVG, 1, "")
;;
*)
AC_MSG_RESULT(yes)
- AC_DEFINE(HAVE_LOADAVG)
+ AC_DEFINE(HAVE_LOADAVG, 1, "")
;;
esac ], AC_MSG_RESULT(no))
;;
darwin* | "Mac OS"*)
ac_cv_prog_RANLIB="ranlib"
# AC_CHECK_FUNCS doesn't look in the proper header file...
- AC_DEFINE(HAVE_ISATTY)
+ AC_DEFINE(HAVE_ISATTY, 1, "")
CFLAGS="$CFLAGS -no-cpp-precomp"
AC_MSG_CHECKING(whether to compile in loadavg)
AC_ARG_WITH(loadavg,,
@@ -212,11 +212,11 @@ darwin* | "Mac OS"*)
;;
yes)
AC_MSG_RESULT(yes)
- AC_DEFINE(HAVE_LOADAVG)
+ AC_DEFINE(HAVE_LOADAVG, 1, "")
;;
*)
AC_MSG_RESULT(yes)
- AC_DEFINE(HAVE_LOADAVG)
+ AC_DEFINE(HAVE_LOADAVG, 1, "")
;;
esac ], AC_MSG_RESULT(no))
;;
@@ -229,13 +229,13 @@ darwin* | "Mac OS"*)
;;
yes)
AC_MSG_RESULT(yes)
- AC_DEFINE(bsdi)
- AC_DEFINE(HAVE_LOADAVG)
+ AC_DEFINE(bsdi, 1, "")
+ AC_DEFINE(HAVE_LOADAVG, 1, "")
;;
*)
AC_MSG_RESULT(yes)
- AC_DEFINE(bsdi)
- AC_DEFINE(HAVE_LOADAVG)
+ AC_DEFINE(bsdi, 1, "")
+ AC_DEFINE(HAVE_LOADAVG, 1, "")
;;
esac ], AC_MSG_RESULT(no))
;;
@@ -245,7 +245,7 @@ esac
AC_CHECK_LIB(c, crypt, [:], [
AC_CHECK_LIB(crypt, crypt, [
LIBS="-lcrypt $LIBS"
- AC_DEFINE(HAVE_LIBCRYPT) ], []) ])
+ AC_DEFINE(HAVE_LIBCRYPT, 1, "") ], []) ])
AC_CHECK_LIB(m, log10, [ LIBS="-lm $LIBS" ], [])
@@ -263,16 +263,16 @@ AC_ARG_WITH(libwrap,
yes)
AC_MSG_RESULT(yes)
AC_CHECK_LIB(wrap, request_init, [
- AC_DEFINE(LIBWRAP)
+ AC_DEFINE(LIBWRAP, 1, "")
WRAPLIBS="-lwrap"
- AC_DEFINE(HAVE_LIBWRAP) ])
+ AC_DEFINE(HAVE_LIBWRAP, 1, "") ])
AC_CHECK_LIB(nsl, yp_get_default_domain, [
WRAPLIBS="$WRAPLIBS -lnsl" ])
LIBS="$WRAPLIBS $LIBS"
;;
*)
AC_MSG_RESULT(yes)
- AC_DEFINE(LIBWRAP)
+ AC_DEFINE(LIBWRAP, 1, "")
if test -d "$withval"; then
WRAPLIBS="-L$withval -lwrap"
else
@@ -299,13 +299,13 @@ AC_ARG_WITH(labeled-networking,
yes)
AC_MSG_RESULT(yes)
AC_CHECK_LIB(selinux, setexeccon, [
- AC_DEFINE(LABELED_NET)
+ AC_DEFINE(LABELED_NET, 1, "")
LABELLIBS="-lselinux" ])
LIBS="$LABELLIBS $LIBS"
;;
*)
AC_MSG_RESULT(yes)
- AC_DEFINE(LABELED_NET)
+ AC_DEFINE(LABELED_NET, 1, "")
if test -d "$withval"; then
LABELLIBS="-L$withval -lselinux"
else
--- xinetd-2.3.14/aclocal.m4 2003-02-19 18:29:27.000000000 +0100
+++ xinetd-2.3.14-mod/aclocal.m4 2009-07-29 10:10:03.000000000 +0200
@@ -22,6 +22,6 @@ AC_CACHE_VAL(xinetd_cv_type_$1,
#endif], xinetd_cv_type_$1=yes, xinetd_cv_type_$1=no)])dnl
AC_MSG_RESULT($xinetd_cv_type_$1)
if test $xinetd_cv_type_$1 = no; then
- AC_DEFINE($1, $2)
+ AC_DEFINE($1, $2, "")
fi
])

29
SOURCES/xinetd-2.3.14-bind-ipv6.patch Normal file
View File

@ -0,0 +1,29 @@
--- xinetd-2.3.14/xinetd/service.c.old 2007-05-16 15:33:41.000000000 +0200
+++ xinetd-2.3.14/xinetd/service.c 2007-05-16 15:29:53.000000000 +0200
@@ -335,6 +335,15 @@
if ( SVC_FD(sp) == -1 )
{
+ if (SC_BIND_ADDR(scp) == NULL && SC_IPV6( scp ))
+ {
+ /* there was no bind address configured and IPv6 fails. Try IPv4 */
+ msg( LOG_NOTICE, func, "IPv6 socket creation failed for service %s, trying IPv4", SC_ID( scp ) ) ;
+ M_CLEAR(SC_XFLAGS(scp), SF_IPV6);
+ M_SET(SC_XFLAGS(scp), SF_IPV4);
+ return svc_activate(sp);
+ }
+
msg( LOG_ERR, func,
"socket creation failed (%m). service = %s", SC_ID( scp ) ) ;
return( FAILED ) ;
--- xinetd-2.3.14/xinetd/confparse.c.old 2007-05-16 15:33:26.000000000 +0200
+++ xinetd-2.3.14/xinetd/confparse.c 2007-05-16 15:15:22.000000000 +0200
@@ -245,7 +245,7 @@
M_SET(SC_XFLAGS(scp), SF_IPV6);
}
else
- M_SET(SC_XFLAGS(scp), SF_IPV4);
+ M_SET(SC_XFLAGS(scp), SF_IPV6); /*try bind IPv6 by default*/
}
if (SC_ORIG_BIND_ADDR(scp))

10
SOURCES/xinetd-2.3.14-clean-pfd.patch Normal file
View File

@ -0,0 +1,10 @@
--- xinetd-2.3.14/xinetd/service.c.orig 2010-03-18 17:09:20.000000000 +0100
+++ xinetd-2.3.14/xinetd/service.c 2010-03-18 17:09:37.000000000 +0100
@@ -470,6 +470,7 @@ void svc_deactivate( struct service *sp
{
#ifdef HAVE_POLL
SVC_EVENTS( sp ) = 0;
+ SVC_FD( sp ) = 0;
#else
FD_CLR( SVC_FD( sp ), &ps.rws.socket_mask ) ;
#endif /* HAVE_POLL */

126
SOURCES/xinetd-2.3.14-file-limit.patch Normal file
View File

@ -0,0 +1,126 @@
diff -Nurp xinetd-2.3.14-orig/xinetd/attr.h xinetd-2.3.14-files/xinetd/attr.h
--- xinetd-2.3.14-orig/xinetd/attr.h 2005-10-05 19:15:33.000000000 +0200
+++ xinetd-2.3.14-files/xinetd/attr.h 2009-10-20 13:08:45.000000000 +0200
@@ -61,12 +61,13 @@
#define A_DISABLED 43
#define A_MDNS 44
#define A_LIBWRAP 45
+#define A_RLIMIT_FILES 46
/*
* SERVICE_ATTRIBUTES is the number of service attributes and also
* the number from which defaults-only attributes start.
*/
-#define SERVICE_ATTRIBUTES ( A_MDNS + 1 )
+#define SERVICE_ATTRIBUTES ( A_MDNS + 2 )
/*
* Mask of attributes that must be specified.
diff -Nurp xinetd-2.3.14-orig/xinetd/child.c xinetd-2.3.14-files/xinetd/child.c
--- xinetd-2.3.14-orig/xinetd/child.c 2009-10-20 13:07:34.000000000 +0200
+++ xinetd-2.3.14-files/xinetd/child.c 2009-10-20 13:10:16.000000000 +0200
@@ -109,6 +109,10 @@ void exec_server( const struct server *s
#ifdef RLIMIT_NOFILE
+ if ( SC_RLIM_FILES( scp ))
+ {
+ ps.ros.max_descriptors = SC_RLIM_FILES( scp );
+ }
rl.rlim_max = rl.rlim_cur = ps.ros.max_descriptors ;
(void) setrlimit( RLIMIT_NOFILE, &rl ) ;
#endif
diff -Nurp xinetd-2.3.14-orig/xinetd/parse.c xinetd-2.3.14-files/xinetd/parse.c
--- xinetd-2.3.14-orig/xinetd/parse.c 2005-10-05 19:15:33.000000000 +0200
+++ xinetd-2.3.14-files/xinetd/parse.c 2009-10-20 13:08:45.000000000 +0200
@@ -92,6 +92,9 @@ static const struct attribute service_at
#ifdef RLIMIT_DATA
{ "rlimit_data", A_RLIMIT_DATA, 1, rlim_data_parser },
#endif
+#ifdef RLIMIT_NOFILE
+ { "rlimit_files", A_RLIMIT_FILES, 1, rlim_files_parser },
+#endif
#ifdef RLIMIT_RSS
{ "rlimit_rss", A_RLIMIT_RSS, 1, rlim_rss_parser },
#endif
diff -Nurp xinetd-2.3.14-orig/xinetd/parsers.c xinetd-2.3.14-files/xinetd/parsers.c
--- xinetd-2.3.14-orig/xinetd/parsers.c 2005-10-05 23:45:41.000000000 +0200
+++ xinetd-2.3.14-files/xinetd/parsers.c 2009-10-20 13:08:45.000000000 +0200
@@ -1415,6 +1415,29 @@ status_e rlim_data_parser( pset_h values
}
#endif
+#ifdef RLIMIT_NOFILE
+status_e rlim_files_parser( pset_h values,
+ struct service_config *scp,
+ enum assign_op op )
+{
+ char *mem = (char *) pset_pointer( values, 0 ) ;
+ const char *func = "rlim_files_parser" ;
+
+ if ( EQ( mem, "UNLIMITED" ) )
+ SC_RLIM_FILES(scp) = (rlim_t)RLIM_INFINITY ;
+ else
+ {
+ if ( get_limit ( mem, &SC_RLIM_FILES(scp)) )
+ {
+ parsemsg( LOG_ERR, func,
+ "Max files limit is invalid: %s", mem ) ;
+ return( FAILED ) ;
+ }
+ }
+ return( OK ) ;
+}
+#endif
+
#ifdef RLIMIT_RSS
status_e rlim_rss_parser( pset_h values,
struct service_config *scp,
diff -Nurp xinetd-2.3.14-orig/xinetd/parsers.h xinetd-2.3.14-files/xinetd/parsers.h
--- xinetd-2.3.14-orig/xinetd/parsers.h 2005-10-05 19:15:33.000000000 +0200
+++ xinetd-2.3.14-files/xinetd/parsers.h 2009-10-20 13:08:45.000000000 +0200
@@ -57,6 +57,9 @@ status_e rlim_cpu_parser(pset_h, struct
#ifdef RLIMIT_DATA
status_e rlim_data_parser(pset_h, struct service_config *, enum assign_op) ;
#endif
+#ifdef RLIMIT_NOFILE
+status_e rlim_files_parser(pset_h, struct service_config *, enum assign_op) ;
+#endif
#ifdef RLIMIT_RSS
status_e rlim_rss_parser(pset_h, struct service_config *, enum assign_op) ;
#endif
diff -Nurp xinetd-2.3.14-orig/xinetd/sconf.h xinetd-2.3.14-files/xinetd/sconf.h
--- xinetd-2.3.14-orig/xinetd/sconf.h 2009-10-20 13:07:34.000000000 +0200
+++ xinetd-2.3.14-files/xinetd/sconf.h 2009-10-20 13:08:45.000000000 +0200
@@ -143,6 +143,7 @@ struct service_config
rlim_t sc_rlim_as;
rlim_t sc_rlim_cpu;
rlim_t sc_rlim_data;
+ rlim_t sc_rlim_files;
rlim_t sc_rlim_rss;
rlim_t sc_rlim_stack;
mode_t sc_umask;
@@ -191,6 +192,7 @@ struct service_config
#define SC_RLIM_AS( scp ) (scp)->sc_rlim_as
#define SC_RLIM_CPU( scp ) (scp)->sc_rlim_cpu
#define SC_RLIM_DATA( scp ) (scp)->sc_rlim_data
+#define SC_RLIM_FILES( scp ) (scp)->sc_rlim_files
#define SC_RLIM_RSS( scp ) (scp)->sc_rlim_rss
#define SC_RLIM_STACK( scp ) (scp)->sc_rlim_stack
#define SC_TYPE( scp ) (scp)->sc_type
diff -Nurp xinetd-2.3.14-orig/xinetd/xinetd.conf.man xinetd-2.3.14-files/xinetd/xinetd.conf.man
--- xinetd-2.3.14-orig/xinetd/xinetd.conf.man 2009-10-20 13:07:34.000000000 +0200
+++ xinetd-2.3.14-files/xinetd/xinetd.conf.man 2009-10-20 13:08:45.000000000 +0200
@@ -569,6 +569,12 @@ is implemented, it is more useful to set
rlimit_rss and rlimit_stack. This resource limit is only implemented on
Linux systems.
.TP
+.B rlimit_files
+Sets the maximum number of open files that the service may use.
+One parameter is required, which is a positive integer representing
+the number of open file descriptors. Practical limit of this number
+is around 1024000.
+.TP
.B rlimit_cpu
Sets the maximum number of CPU seconds that the service may use.
One parameter is required, which is either a positive integer representing

22
SOURCES/xinetd-2.3.14-fix-type-punned-ptr.patch Normal file
View File

@ -0,0 +1,22 @@
diff --git a/sensor.c b/sensor.c
index 09d0877..e65018c 100644
--- a/xinetd/sensor.c
+++ b/xinetd/sensor.c
@@ -100,14 +100,15 @@ void process_sensor( const struct service *sp, const union xsockaddr *addr)
{
/* Here again, eh?...update time stamp. */
char *exp_time;
- time_t stored_time;
+ int stored_time;
item_matched--; /* Is # plus 1, to even get here must be >= 1 */
exp_time = pset_pointer( global_no_access_time, item_matched ) ;
if (exp_time == NULL)
return ;
- if ( parse_base10(exp_time, (int *)&stored_time) )
+ /* FIXME: Parse (long int) instead of (int) prior to possible Y2K38 bug. */
+ if ( parse_base10(exp_time, &stored_time ) )
{ /* if never let them off, bypass */
if (stored_time != -1)
{

42
SOURCES/xinetd-2.3.14-ident-bind.patch Normal file
View File

@ -0,0 +1,42 @@
448069: xinetd: socket bind: Invalid argument (errno = 22) when using USERID on ipv6
Use right size of addresses in bind() call. Also use getpeername addresses when
connecting to ident service to prevent address family mismatch between socket(),
bind() and connect() calls.
Author: Jan Safranek <jsafrane@redhat.com>
Reviewed-By: Adam Tkac <atkac@redhat.com>
diff -up xinetd-2.3.14/xinetd/ident.c.orig xinetd-2.3.14/xinetd/ident.c
--- xinetd-2.3.14/xinetd/ident.c.orig 2008-05-29 16:30:19.000000000 +0200
+++ xinetd-2.3.14/xinetd/ident.c 2008-05-29 16:29:57.000000000 +0200
@@ -97,7 +98,13 @@ idresult_e log_remote_user( const struct
}
CLEAR( sin_contact );
- sin_remote = *CONN_XADDRESS( SERVER_CONNECTION( serp ) ) ;
+
+ sin_len = sizeof( sin_remote );
+ if ( getpeername( SERVER_FD( serp ), &sin_remote.sa, &sin_len ) == -1 )
+ {
+ msg( LOG_ERR, func, "(%d) getpeername: %m", getpid() ) ;
+ return( IDR_ERROR ) ;
+ }
sin_contact = sin_remote;
memcpy( &sin_bind, &sin_local, sizeof(sin_bind) ) ;
local_port = 0;
@@ -121,7 +128,13 @@ idresult_e log_remote_user( const struct
msg( LOG_ERR, func, "socket creation: %m" ) ;
return( IDR_ERROR ) ;
}
- if ( bind(sd, &sin_bind.sa, sizeof(sin_bind.sa)) == -1 )
+
+ if ( sin_bind.sa.sa_family == AF_INET )
+ sin_len = sizeof( sin_bind.sa_in ) ;
+ else
+ sin_len = sizeof( sin_bind.sa_in6 ) ;
+
+ if ( bind(sd, &sin_bind.sa, sin_len) == -1 )
{
msg( LOG_ERR, func, "socket bind: %m" ) ;
(void) Sclose( sd ) ;

22
SOURCES/xinetd-2.3.14-instances.patch Normal file
View File

@ -0,0 +1,22 @@
--- xinetd-2.3.14/xinetd/access.c 2005-10-05 19:15:33.000000000 +0200
+++ xinetd-2.3.14-mod/xinetd/access.c 2012-03-05 14:54:30.935416926 +0100
@@ -73,6 +73,7 @@ static void cps_service_restart(void)
unsigned int i;
time_t nowtime;
const char *func = "cps_service_restart";
+ int rs;
nowtime = time(NULL);
for( i=0; i < pset_count( SERVICES(ps) ); i++ ) {
@@ -84,8 +85,11 @@ static void cps_service_restart(void)
if( SVC_STATE(sp) == SVC_DISABLED ) {
scp = SVC_CONF( sp );
if ( SC_TIME_REENABLE(scp) <= nowtime ) {
+ rs = SVC_RUNNING_SERVERS(sp);
/* re-enable the service */
if( svc_activate(sp) == OK ) {
+ /* remember running servers after restart */
+ SVC_RUNNING_SERVERS(sp) = rs;
msg(LOG_ERR, func,
"Activating service %s", SC_NAME(scp));
} else {

17
SOURCES/xinetd-2.3.14-ipv6confusion.patch Normal file
View File

@ -0,0 +1,17 @@
--- xinetd-2.3.14/xinetd/ident.c.jw 2010-03-10 17:49:53.000000000 +1100
+++ xinetd-2.3.14/xinetd/ident.c 2010-03-10 17:50:30.000000000 +1100
@@ -108,12 +108,12 @@
memcpy( &sin_bind, &sin_local, sizeof(sin_bind) ) ;
local_port = 0;
remote_port = 0;
- if( sin_remote.sa.sa_family == AF_INET ) {
+ if( sin_remote.sa.sa_family == AF_INET6 ) {
local_port = ntohs( sin_local.sa_in6.sin6_port ) ;
remote_port = ntohs( sin_remote.sa_in6.sin6_port ) ;
sin_contact.sa_in6.sin6_port = htons( IDENTITY_SERVICE_PORT ) ;
sin_bind.sa_in.sin_port = 0 ;
- } else if( sin_remote.sa.sa_family == AF_INET6 ) {
+ } else if( sin_remote.sa.sa_family == AF_INET ) {
local_port = ntohs( sin_local.sa_in.sin_port ) ;
remote_port = ntohs( sin_remote.sa_in.sin_port ) ;
sin_contact.sa_in.sin_port = htons( IDENTITY_SERVICE_PORT ) ;

41
SOURCES/xinetd-2.3.14-leaking-fds-2a.patch Normal file
View File

@ -0,0 +1,41 @@
diff -Naur xinetd-2.3.14-dist/xinetd/service.c xinetd-2.3.14/xinetd/service.c
--- xinetd-2.3.14-dist/xinetd/service.c 2012-04-03 08:59:19.000000000 +0200
+++ xinetd-2.3.14/xinetd/service.c 2012-04-03 09:02:34.588160317 +0200
@@ -366,12 +366,24 @@
msg( LOG_ERR, func,
"socket creation failed (%m). service = %s", SC_ID( scp ) ) ;
+#ifdef HAVE_POLL
+ SVC_EVENTS( sp ) = 0;
+ SVC_FD( sp ) = 0;
+#else
+ FD_CLR( SVC_FD( sp ), &ps.rws.socket_mask ) ;
+#endif /* HAVE_POLL */
return( FAILED ) ;
}
if ( set_fd_modes( sp ) == FAILED )
{
(void) Sclose( SVC_FD(sp) ) ;
+#ifdef HAVE_POLL
+ SVC_EVENTS( sp ) = 0;
+ SVC_FD( sp ) = 0;
+#else
+ FD_CLR( SVC_FD( sp ), &ps.rws.socket_mask ) ;
+#endif /* HAVE_POLL */
return( FAILED ) ;
}
@@ -385,6 +397,12 @@
if ( status == FAILED )
{
(void) Sclose( SVC_FD(sp) ) ;
+#ifdef HAVE_POLL
+ SVC_EVENTS( sp ) = 0;
+ SVC_FD( sp ) = 0;
+#else
+ FD_CLR( SVC_FD( sp ), &ps.rws.socket_mask ) ;
+#endif /* HAVE_POLL */
return( FAILED ) ;
}

52
SOURCES/xinetd-2.3.14-leaking-fds.patch Normal file
View File

@ -0,0 +1,52 @@
diff -up xinetd-2.3.14-dist/xinetd/service.c xinetd-2.3.14/xinetd/service.c
--- xinetd-2.3.14-dist/xinetd/service.c 2012-01-11 11:50:43.438650900 +0100
+++ xinetd-2.3.14/xinetd/service.c 2012-01-16 08:18:09.462620084 +0100
@@ -88,6 +88,7 @@ struct service *svc_new( struct service_
CLEAR( *sp ) ;
SVC_CONF(sp) = scp ;
+ sp->svc_pfd_index = -1;
return( sp ) ;
}
@@ -346,7 +347,16 @@ status_e svc_activate( struct service *s
ps.rws.pfds_last)*sizeof(struct pollfd));
ps.rws.pfd_array = tmp;
}
- SVC_POLLFD( sp ) = &ps.rws.pfd_array[ps.rws.pfds_last++] ;
+ if ( sp->svc_pfd_index >= 0 )
+ {
+ SVC_POLLFD( sp ) = &ps.rws.pfd_array[sp->svc_pfd_index] ;
+ }
+ else
+ {
+ sp->svc_pfd_index = ps.rws.pfds_last ;
+ SVC_POLLFD( sp ) = &ps.rws.pfd_array[ps.rws.pfds_last++] ;
+ }
+
#endif /* HAVE_POLL */
if( SC_IPV4( scp ) ) {
@@ -433,6 +443,11 @@ status_e svc_activate( struct service *s
static void deactivate( const struct service *sp )
{
(void) Sclose( SVC_FD( sp ) ) ;
+#ifdef HAVE_POLL
+ SVC_FD( sp ) = 0;
+#else
+ FD_CLR( SVC_FD( sp ), &ps.rws.socket_mask ) ;
+#endif
#ifdef HAVE_MDNS
xinetd_mdns_deregister(SVC_CONF(sp));
diff -up xinetd-2.3.14-dist/xinetd/service.h xinetd-2.3.14/xinetd/service.h
--- xinetd-2.3.14-dist/xinetd/service.h 2012-01-11 11:50:43.418650925 +0100
+++ xinetd-2.3.14/xinetd/service.h 2012-01-16 08:02:59.667553008 +0100
@@ -47,6 +47,7 @@ struct service
{
state_e svc_state ;
int svc_ref_count ; /* # of pters to this struct */
+ int svc_pfd_index; /* index of pfd in pfd_array */
struct service_config *svc_conf ; /* service configuration */
#ifdef HAVE_POLL

16
SOURCES/xinetd-2.3.14-man-section.patch Normal file
View File

@ -0,0 +1,16 @@
117746: xinetd.log man page in wrong section
Put xinetd.log to the right man section.
diff -up xinetd-2.3.13/Makefile.in.orig xinetd-2.3.13/Makefile.in
--- xinetd-2.3.13/Makefile.in.orig 2007-12-06 10:58:32.000000000 +0100
+++ xinetd-2.3.13/Makefile.in 2008-01-15 13:39:38.000000000 +0100
@@ -80,7 +80,7 @@ install: build
$(INSTALL_CMD) -m 755 xinetd/itox $(DAEMONDIR)
$(INSTALL_CMD) -m 755 $(SRCDIR)/xinetd/xconv.pl $(DAEMONDIR)
$(INSTALL_CMD) -m 644 $(SRCDIR)/xinetd/xinetd.conf.man $(MANDIR)/man5/xinetd.conf.5
- $(INSTALL_CMD) -m 644 $(SRCDIR)/xinetd/xinetd.log.man $(MANDIR)/man8/xinetd.log.8
+ $(INSTALL_CMD) -m 644 $(SRCDIR)/xinetd/xinetd.log.man $(MANDIR)/man5/xinetd.log.5
$(INSTALL_CMD) -m 644 $(SRCDIR)/xinetd/xinetd.man $(MANDIR)/man8/xinetd.8
$(INSTALL_CMD) -m 644 $(SRCDIR)/xinetd/itox.8 $(MANDIR)/man8/itox.8
$(INSTALL_CMD) -m 644 $(SRCDIR)/xinetd/xconv.pl.8 $(MANDIR)/man8/xconv.pl.8

27
SOURCES/xinetd-2.3.14-many-services.patch Normal file
View File

@ -0,0 +1,27 @@
--- xinetd-2.3.14-dist/xinetd/defs.h 2012-01-16 12:20:54.739041678 +0100
+++ xinetd-2.3.14/xinetd/defs.h 2012-01-17 08:06:56.800762230 +0100
@@ -115,8 +115,9 @@ union xsockaddr {
*/
#ifdef HAVE_POLL
-#define INIT_POLLFDS 1024
-#define MAX_POLLFDS 8192
+#define INIT_POLLFDS 4096
+/* FIXME: not used */
+#define MAX_POLLFDS 16384
#endif
/*
--- xinetd-2.3.14-dist/xinetd/service.c 2012-01-16 12:20:54.741041678 +0100
+++ xinetd-2.3.14/xinetd/service.c 2012-01-17 08:07:28.872746991 +0100
@@ -343,9 +343,9 @@ status_e svc_activate( struct service *s
out_of_memory( func );
return( FAILED );
}
+ ps.rws.pfd_array = tmp;
memset(&ps.rws.pfd_array[ps.rws.pfds_last], 0, (ps.rws.pfds_allocated-
ps.rws.pfds_last)*sizeof(struct pollfd));
- ps.rws.pfd_array = tmp;
}
if ( sp->svc_pfd_index >= 0 )
{

1202
SOURCES/xinetd-2.3.14-poll.patch Normal file
View File

File diff suppressed because it is too large Load Diff

77
SOURCES/xinetd-2.3.14-readable-debuginfo.patch Normal file
View File

@ -0,0 +1,77 @@
Generate debuginfo package with all include files readable.
The support libraries would install their header files with 640 permissions,
which is not what we want.
diff -up xinetd-2.3.14/libs/src/misc/Makefile.in.orig xinetd-2.3.14/libs/src/misc/Makefile.in
--- xinetd-2.3.14/libs/src/misc/Makefile.in.orig 2003-02-19 18:29:27.000000000 +0100
+++ xinetd-2.3.14/libs/src/misc/Makefile.in 2008-09-18 10:18:59.000000000 +0200
@@ -49,7 +49,7 @@ CC_FLAGS = $(DEBUG)
CFLAGS = @CFLAGS@ $(CPP_FLAGS) $(CC_FLAGS) -I$(INCLUDEDIR)
INSTALL = @INSTALL@
-FMODE = -m 640 # used by install
+FMODE = -m 644 # used by install
RANLIB = @RANLIB@
LIBNAME = lib$(NAME).a
diff -up xinetd-2.3.14/libs/src/portable/Makefile.in.orig xinetd-2.3.14/libs/src/portable/Makefile.in
--- xinetd-2.3.14/libs/src/portable/Makefile.in.orig 2003-02-19 18:29:27.000000000 +0100
+++ xinetd-2.3.14/libs/src/portable/Makefile.in 2008-09-18 10:19:09.000000000 +0200
@@ -44,7 +44,7 @@ CC_FLAGS = $(DEBUG)
CFLAGS = @CFLAGS@ $(CPP_FLAGS) $(CC_FLAGS) -I$(INCLUDEDIR)
INSTALL = @INSTALL@
-FMODE = -m 640 # used by install
+FMODE = -m 644 # used by install
RANLIB = @RANLIB@
LIBNAME = lib$(NAME).a
diff -up xinetd-2.3.14/libs/src/pset/Makefile.in.orig xinetd-2.3.14/libs/src/pset/Makefile.in
--- xinetd-2.3.14/libs/src/pset/Makefile.in.orig 2003-02-19 18:29:27.000000000 +0100
+++ xinetd-2.3.14/libs/src/pset/Makefile.in 2008-09-18 10:19:17.000000000 +0200
@@ -41,7 +41,7 @@ CC_FLAGS = $(DEBUG)
CFLAGS = @CFLAGS@ $(CPP_FLAGS) $(CC_FLAGS)
INSTALL = @INSTALL@
-FMODE = -m 640 # used by install
+FMODE = -m 644 # used by install
RANLIB = @RANLIB@
LIBNAME = lib$(NAME).a
diff -up xinetd-2.3.14/libs/src/sio/Makefile.in.orig xinetd-2.3.14/libs/src/sio/Makefile.in
--- xinetd-2.3.14/libs/src/sio/Makefile.in.orig 2003-02-19 18:29:27.000000000 +0100
+++ xinetd-2.3.14/libs/src/sio/Makefile.in 2008-09-18 10:19:25.000000000 +0200
@@ -40,7 +40,7 @@ CC_FLAGS = $(DEBUG)
CFLAGS = @CFLAGS@ $(CPP_FLAGS) $(CC_FLAGS) -I$(INCLUDEDIR)
INSTALL = @INSTALL@
-FMODE = -m 640 # used by install
+FMODE = -m 644 # used by install
RANLIB = @RANLIB@
LIBNAME = lib$(NAME).a
diff -up xinetd-2.3.14/libs/src/str/Makefile.in.orig xinetd-2.3.14/libs/src/str/Makefile.in
--- xinetd-2.3.14/libs/src/str/Makefile.in.orig 2003-02-19 18:29:27.000000000 +0100
+++ xinetd-2.3.14/libs/src/str/Makefile.in 2008-09-18 10:19:33.000000000 +0200
@@ -51,7 +51,7 @@ CC_FLAGS = $(DEBUG)
CFLAGS = @CFLAGS@ $(CPP_FLAGS) $(CC_FLAGS)
INSTALL = @INSTALL@
-FMODE = -m 640 # used by install
+FMODE = -m 644 # used by install
RANLIB = @RANLIB@
LIBNAME = lib$(NAME).a
diff -up xinetd-2.3.14/libs/src/xlog/Makefile.in.orig xinetd-2.3.14/libs/src/xlog/Makefile.in
--- xinetd-2.3.14/libs/src/xlog/Makefile.in.orig 2003-02-19 18:29:27.000000000 +0100
+++ xinetd-2.3.14/libs/src/xlog/Makefile.in 2008-09-18 10:19:41.000000000 +0200
@@ -46,7 +46,7 @@ CC_FLAGS = $(DEBUG)
CFLAGS = @CFLAGS@ $(CPP_FLAGS) $(CC_FLAGS)
INSTALL = @INSTALL@
-FMODE = -m 640 # used by install
+FMODE = -m 644 # used by install
RANLIB = @RANLIB@
LIBNAME = lib$(NAME).a

134
SOURCES/xinetd-2.3.14-realloc-remove.patch Normal file
View File

@ -0,0 +1,134 @@
diff -rup xinetd-2.3.14/xinetd/defs.h xinetd-2.3.14-mod/xinetd/defs.h
--- xinetd-2.3.14/xinetd/defs.h 2012-01-18 14:22:20.811100158 +0100
+++ xinetd-2.3.14-mod/xinetd/defs.h 2012-01-18 13:32:46.000000000 +0100
@@ -114,11 +114,7 @@ union xsockaddr {
* constants for limiting ps.rws.fd_list
*/
-#ifdef HAVE_POLL
-#define INIT_POLLFDS 4096
-/* FIXME: not used */
-#define MAX_POLLFDS 16384
-#endif
+#define MAX_FDS 4096
/*
* When explicit values are given for enum's, that is because the structures
diff -rup xinetd-2.3.14/xinetd/init.c xinetd-2.3.14-mod/xinetd/init.c
--- xinetd-2.3.14/xinetd/init.c 2012-01-18 14:22:20.779100171 +0100
+++ xinetd-2.3.14-mod/xinetd/init.c 2012-01-18 14:07:34.000000000 +0100
@@ -151,7 +151,7 @@ static void set_fd_limit(void)
}
if ( rl.rlim_max == RLIM_INFINITY )
- rl.rlim_max = FD_SETSIZE;
+ rl.rlim_max = MAX_FDS;
ps.ros.max_descriptors = rl.rlim_max ;
#else /* ! RLIMIT_NOFILE */
@@ -283,12 +283,12 @@ static void init_rw_state( void )
ps.rws.descriptors_free = ps.ros.max_descriptors - DESCRIPTORS_RESERVED ;
#ifdef HAVE_POLL
- ps.rws.pfds_allocated = INIT_POLLFDS ;
+ ps.rws.pfds_allocated = ps.ros.max_descriptors ;
ps.rws.pfd_array = (struct pollfd *)
malloc( sizeof( struct pollfd ) * ps.rws.pfds_allocated ) ;
if ( ps.rws.pfd_array == NULL )
{
- out_of_memory(func);
+ out_of_memory(func) ;
exit( 1 ) ;
}
ps.rws.pfds_last = 0 ;
diff -rup xinetd-2.3.14/xinetd/redirect.c xinetd-2.3.14-mod/xinetd/redirect.c
--- xinetd-2.3.14/xinetd/redirect.c 2012-01-18 14:22:20.780100170 +0100
+++ xinetd-2.3.14-mod/xinetd/redirect.c 2012-01-18 12:22:08.000000000 +0100
@@ -149,7 +149,7 @@ void redir_handler( struct server *serp
#ifdef HAVE_POLL
#define REDIR_DESCRIP_INDEX 0
#define REDIR_SERVER_INDEX 1
- pfd_array = (struct pollfd *)calloc(sizeof(struct pollfd),INIT_POLLFDS);
+ pfd_array = (struct pollfd *)calloc(sizeof(struct pollfd),MAX_FDS);
if (pfd_array == NULL)
{
msg( LOG_ERR, func, "Cannot allocate memory for file descriptors!\n");
diff -rup xinetd-2.3.14/xinetd/service.c xinetd-2.3.14-mod/xinetd/service.c
--- xinetd-2.3.14/xinetd/service.c 2012-01-18 14:22:20.812100157 +0100
+++ xinetd-2.3.14-mod/xinetd/service.c 2012-01-18 14:07:27.000000000 +0100
@@ -114,10 +114,6 @@ struct service *svc_make_special( struct
void svc_free( struct service *sp )
{
-#ifdef HAVE_POLL
- *SVC_POLLFD( sp ) = ps.rws.pfd_array[--ps.rws.pfds_last] ;
-#endif /* HAVE_POLL */
-
sc_free( SVC_CONF(sp) ) ;
CLEAR( *sp ) ;
FREE_SVC( sp ) ;
@@ -332,20 +328,10 @@ status_e svc_activate( struct service *s
}
#ifdef HAVE_POLL
- if ( ps.rws.pfds_last >= ps.rws.pfds_allocated )
+ if ( ps.rws.descriptors_free <= 0 )
{
- int pos;
- ps.rws.pfds_allocated += INIT_POLLFDS;
- struct pollfd *tmp = (struct pollfd *)realloc( ps.rws.pfd_array,
- ps.rws.pfds_allocated*sizeof(struct pollfd));
- if ( tmp == NULL )
- {
- out_of_memory( func );
- return( FAILED );
- }
- ps.rws.pfd_array = tmp;
- memset(&ps.rws.pfd_array[ps.rws.pfds_last], 0, (ps.rws.pfds_allocated-
- ps.rws.pfds_last)*sizeof(struct pollfd));
+ msg(LOG_ERR, func, "Maximum number of services reached") ;
+ return( FAILED ) ;
}
if ( sp->svc_pfd_index >= 0 )
{
diff -rup xinetd-2.3.14/xinetd/tcpint.c xinetd-2.3.14-mod/xinetd/tcpint.c
--- xinetd-2.3.14/xinetd/tcpint.c 2012-01-18 14:22:20.782100169 +0100
+++ xinetd-2.3.14-mod/xinetd/tcpint.c 2012-01-18 13:30:22.000000000 +0100
@@ -93,7 +93,7 @@ static void si_mux(void)
#ifdef HAVE_POLL
struct pollfd *pfd_array;
int pfds_last = 0;
- int pfds_allocated = INIT_POLLFDS;
+ int pfds_allocated = MAX_FDS;
#else
fd_set socket_mask ;
int mask_max ;
@@ -102,7 +102,7 @@ static void si_mux(void)
const char *func = "si_mux" ;
#ifdef HAVE_POLL
- pfd_array = calloc(sizeof(struct pollfd),INIT_POLLFDS);
+ pfd_array = calloc(sizeof(struct pollfd),MAX_FDS);
pfd_array[ pfds_last ].fd = INT_REMOTE( ip ) ;
pfd_array[ pfds_last++ ].events = POLLIN | POLLOUT;
#else
diff -rup xinetd-2.3.14/xinetd/udpint.c xinetd-2.3.14-mod/xinetd/udpint.c
--- xinetd-2.3.14/xinetd/udpint.c 2012-01-18 14:22:20.783100169 +0100
+++ xinetd-2.3.14-mod/xinetd/udpint.c 2012-01-18 12:22:00.000000000 +0100
@@ -103,14 +103,14 @@ static void di_mux(void)
#ifdef HAVE_POLL
struct pollfd *pfd_array;
int pfds_last = 0;
- int pfds_allocated = INIT_POLLFDS;
+ int pfds_allocated = MAX_FDS;
#else
fd_set socket_mask ;
int mask_max ;
#endif
#ifdef HAVE_POLL
- pfd_array = (struct pollfd *)calloc(sizeof(struct pollfd),INIT_POLLFDS);
+ pfd_array = (struct pollfd *)calloc(sizeof(struct pollfd),MAX_FDS);
pfd_array[ pfds_last ].fd = INT_REMOTE( ip );
pfd_array[ pfds_last++ ].events = POLLIN | POLLOUT;
#else

54
SOURCES/xinetd-2.3.14-retry-svc-activate-in-cps-restart.patch Normal file
View File

@ -0,0 +1,54 @@
diff -Napur xinetd-2.3.14.old/xinetd/access.c xinetd-2.3.14.new/xinetd/access.c
--- xinetd-2.3.14.old/xinetd/access.c 2005-10-05 10:15:33.000000000 -0700
+++ xinetd-2.3.14.new/xinetd/access.c 2012-02-22 20:12:09.120973124 -0800
@@ -89,9 +89,20 @@ static void cps_service_restart(void)
msg(LOG_ERR, func,
"Activating service %s", SC_NAME(scp));
} else {
- msg(LOG_ERR, func,
- "Error activating service %s",
- SC_NAME(scp)) ;
+ /* Try to restart the service */
+ SVC_ATTEMPTS(sp) += 1;
+ if ( SVC_ATTEMPTS(sp) < MAX_SVC_ATTEMPTS ) {
+ msg(LOG_ERR, func,
+ "Error activating service %s, retrying %d more time(s)...",
+ SC_NAME(scp),
+ MAX_SVC_ATTEMPTS - SVC_ATTEMPTS(sp));
+ xtimer_add(cps_service_restart, 1);
+ } else {
+ /* Give up */
+ msg(LOG_ERR, func,
+ "Error activating service %s",
+ SC_NAME(scp));
+ }
} /* else */
}
}
diff -Napur xinetd-2.3.14.old/xinetd/service.c xinetd-2.3.14.new/xinetd/service.c
--- xinetd-2.3.14.old/xinetd/service.c 2012-02-22 19:16:56.288912783 -0800
+++ xinetd-2.3.14.new/xinetd/service.c 2012-02-22 19:25:03.059356909 -0800
@@ -397,6 +408,7 @@ status_e svc_activate( struct service *s
* Initialize the service data
*/
SVC_RUNNING_SERVERS(sp) = SVC_RETRIES(sp) = 0 ;
+ SVC_ATTEMPTS(sp) = 0;
if ( SC_MUST_LISTEN( scp ) )
(void) listen( SVC_FD(sp), LISTEN_BACKLOG ) ;
diff -Napur xinetd-2.3.14.old/xinetd/xconfig.h xinetd-2.3.14.new/xinetd/xconfig.h
--- xinetd-2.3.14.old/xinetd/xconfig.h 2003-02-19 09:29:28.000000000 -0800
+++ xinetd-2.3.14.new/xinetd/xconfig.h 2012-02-22 19:20:20.360855514 -0800
@@ -59,6 +59,12 @@
#define DEFAULT_LOOP_TIME 10
/*
+ * The number of times to attempt re-activating a service after being
+ * deactivated due to the above.
+ */
+#define MAX_SVC_ATTEMPTS 30
+
+/*
* Signal-to-action mapping
*/
#ifndef RECONFIG_HARD_SIG

30
SOURCES/xinetd-2.3.14-rpc-specific-port.patch Normal file
View File

@ -0,0 +1,30 @@
commit 1b91f7b0f67fba11ea8bbcdddef844656434c53c
Author: Jeffrey Bastian <jbastian@redhat.com>
Date: Tue Aug 17 13:45:20 2010 -0500
Let RPC services bind to a port
diff --git a/xinetd/service.c b/xinetd/service.c
index 9f21f93..5d26885 100644
--- a/xinetd/service.c
+++ b/xinetd/service.c
@@ -165,6 +165,7 @@ static status_e activate_rpc( struct service *sp )
socklen_t sin_len = sizeof(tsin);
unsigned long vers ;
struct service_config *scp = SVC_CONF( sp ) ;
+ uint16_t service_port = SC_PORT( scp ) ;
struct rpc_data *rdp = SC_RPCDATA( scp ) ;
char *sid = SC_ID( scp ) ;
unsigned registered_versions = 0 ;
@@ -181,9 +182,11 @@ static status_e activate_rpc( struct service *sp )
}
if( SC_IPV4( scp ) ) {
tsin.sa_in.sin_family = AF_INET ;
+ tsin.sa_in.sin_port = htons( service_port ) ;
sin_len = sizeof(struct sockaddr_in);
} else if( SC_IPV6( scp ) ) {
tsin.sa_in6.sin6_family = AF_INET6 ;
+ tsin.sa_in6.sin6_port = htons( service_port );
sin_len = sizeof(struct sockaddr_in6);
}

27
SOURCES/xinetd-2.3.14-signal-log-hang.patch Normal file
View File

@ -0,0 +1,27 @@
--- a/xinetd/signals.c 2009-05-07 05:56:52.000000000 -0400
+++ b/xinetd/signals.c.new 2009-05-07 05:56:44.000000000 -0400
@@ -389,9 +390,11 @@
break ;
default:
- msg( LOG_NOTICE, func, "Unexpected signal %s", sig_name( sig ) ) ;
- if ( debug.on && sig == SIGINT )
- exit( 1 ) ;
+ /* Let my_handler() queue this signal for later logging.
+ Calling msg() and thus syslog() directly here can hang up
+ the process, trying to acquire an already acquired lock,
+ because another syslog() could have been the interrupted code. */
+ my_handler(sig);
}
}
@@ -495,6 +497,9 @@
default:
msg(LOG_ERR, func, "unexpected signal: %s in signal pipe",
sig_name(sig));
+
+ if ( debug.on && sig == SIGINT )
+ exit( 1 ) ;
}
}
}

16
SOURCES/xinetd-2.3.14-tcpmux.patch Normal file
View File

@ -0,0 +1,16 @@
--- xinetd-2.3.14/xinetd/service.c.tcpmux 2010-01-21 09:50:05.000000000 +0100
+++ xinetd-2.3.14/xinetd/service.c 2010-01-21 10:21:14.000000000 +0100
@@ -952,7 +952,12 @@ void close_all_svc_descriptors(void)
out_of_memory( "close_all_svc_descriptors" ) ;
for ( osp = SP( psi_start( iter ) ) ; osp ; osp = SP( psi_next( iter ) ) )
- (void) Sclose( SVC_FD( osp ) ) ;
+ {
+#ifdef HAVE_POLL
+ if ( osp && SVC_POLLFD( osp ) )
+#endif
+ (void) Sclose( SVC_FD( osp ) ) ;
+ }
psi_destroy( iter ) ;
}

12
SOURCES/xinetd-2.3.14-udp-reconfig.patch Normal file
View File

@ -0,0 +1,12 @@
--- xinetd-2.3.14/xinetd/reconfig.c.orig 2010-06-01 12:58:18.000000000 +0200
+++ xinetd-2.3.14/xinetd/reconfig.c 2010-06-01 12:58:23.000000000 +0200
@@ -138,8 +138,8 @@ void hard_reconfig( void )
* b. Terminate running servers and cancel retry attempts, in case
* of reconfiguration
*/
- svc_deactivate( osp ) ;
terminate_servers( osp ) ;
+ svc_deactivate( osp ) ;
cancel_service_retries( osp ) ;
/*

22
SOURCES/xinetd-2.3.15-PIE.patch Normal file
View File

@ -0,0 +1,22 @@
--- xinetd-2.3.15/Makefile.in 2012-05-14 09:22:22.661617117 +0200
+++ xinetd-2.3.15.new/Makefile.in 2012-05-14 09:32:05.260103054 +0200
@@ -14,7 +14,7 @@ topdir = @top_srcdir@
LIBS = -lsio -lstr -lmisc -lxlog -lportable -lpset @LIBS@
-CFLAGS += @CFLAGS@
+CFLAGS += @CFLAGS@ -fPIE
DCFLAGS = -Wall -Wredundant-decls -W -Wfloat-equal -Wundef -Wcast-qual -Wwrite-strings -Wmissing-noreturn -Wmissing-format-attribute -Wshadow -Wpointer-arith -Wno-unused -g
--- xinetd-2.3.15/xinetd/Makefile.in 2005-03-31 01:15:28.000000000 +0200
+++ xinetd-2.3.15.new/xinetd/Makefile.in 2012-05-14 09:32:24.183659971 +0200
@@ -119,7 +119,7 @@ itox: itox.c
$(CC) $(CFLAGS) $(DEBUG) $(SRCDIR)/itox.c -o $@ $(LDFLAGS) $(LIBS)
xinetd: $(OBJS)
- $(CC) $(CFLAGS) $(DEBUG) -o $@ $(OBJS) $(LDFLAGS) $(LIBS) || rm -f $@
+ $(CC) $(CFLAGS) $(DEBUG) -o $@ -PIE $(OBJS) $(LDFLAGS) $(LIBS) || rm -f $@
clean:
rm -f $(OBJS) $(NAME) core itox

106
SOURCES/xinetd-2.3.15-bad-port-check.patch Normal file
View File

@ -0,0 +1,106 @@
Re-introduce bad_port_check(), which upstream dropped between 2.3.13 and 2.3.14
for it having been "rather antiquated for years", with no justification given
for that claim.
--- xinetd-2.3.15/xinetd/builtins.c 2012-05-09 17:40:29.000000000 +0200
+++ xinetd-2.3.15.new/xinetd/builtins.c 2012-05-14 10:25:00.431529805 +0200
@@ -52,6 +52,7 @@ static void dgram_daytime(const struct s
static void stream_chargen(const struct server *) ;
static void dgram_chargen(const struct server *) ;
static void tcpmux_handler(const struct server *) ;
+static int bad_port_check(const union xsockaddr *, const char *);
/*
* SG - This is the call sequence to get to a built-in service
@@ -163,6 +164,25 @@ static void stream_echo( const struct se
Sclose(descriptor);
}
+/* For internal UDP services, make sure we don't respond to our ports
+ * on other servers and to low ports of other services (such as DNS).
+ * This can cause looping.
+ */
+static int bad_port_check( const union xsockaddr *sa, const char *func )
+{
+ uint16_t port = 0;
+
+ port = ntohs( xaddrport( sa ) );
+
+ if ( port < 1024 ) {
+ msg(LOG_WARNING, func,
+ "Possible Denial of Service attack from %s %d", xaddrname(sa), port);
+ return (-1);
+ }
+
+ return (0);
+}
+
static void dgram_echo( const struct server *serp )
{
char buf[ DATAGRAM_SIZE ] ;
@@ -170,6 +190,7 @@ static void dgram_echo( const struct ser
ssize_t cc ;
socklen_t sin_len = 0;
int descriptor = SERVER_FD( serp ) ;
+ const char *func = "dgram_echo" ;
if( SC_IPV4( SVC_CONF( SERVER_SERVICE( serp ) ) ) )
sin_len = sizeof( struct sockaddr_in );
@@ -178,6 +199,7 @@ static void dgram_echo( const struct ser
cc = recvfrom( descriptor, buf, sizeof( buf ), 0, (struct sockaddr *)( &lsin ), &sin_len ) ;
if ( cc != (ssize_t)-1 ) {
+ if( bad_port_check(&lsin, func) != 0 ) return;
(void) sendto( descriptor, buf, (size_t)cc, 0, SA( &lsin ), sizeof( lsin ) ) ;
}
}
@@ -292,6 +314,7 @@ static void dgram_daytime( const struct
unsigned int buflen = sizeof( time_buf ) ;
int descriptor = SERVER_FD( serp ) ;
ssize_t val;
+ const char *func = "dgram_daytime" ;
if ( SC_IPV4( SVC_CONF( SERVER_SERVICE( serp ) ) ) )
sin_len = sizeof( struct sockaddr_in );
@@ -303,6 +326,8 @@ static void dgram_daytime( const struct
if ( val == (ssize_t)-1 )
return ;
+ if( bad_port_check(&lsin, func) != 0 ) return;
+
daytime_protocol( time_buf, &buflen ) ;
(void) sendto( descriptor, time_buf, buflen, 0, SA(&lsin), sizeof( lsin ) ) ;
@@ -359,6 +384,7 @@ static void dgram_time( const struct ser
socklen_t sin_len = 0 ;
int fd = SERVER_FD( serp ) ;
ssize_t val;
+ const char *func = "dgram_time" ;
if ( SC_IPV4( SVC_CONF( SERVER_SERVICE( serp ) ) ) )
sin_len = sizeof( struct sockaddr_in );
@@ -368,6 +394,7 @@ static void dgram_time( const struct ser
val = recvfrom( fd, buf, sizeof( buf ), 0, (struct sockaddr *)( &lsin ), &sin_len );
if ( val == (ssize_t)-1 )
return ;
+ if( bad_port_check(&lsin, func) != 0 ) return;
time_protocol( time_buf ) ;
(void) sendto( fd, (char *) time_buf, 4, 0, SA( &lsin ), sin_len ) ;
@@ -466,6 +493,7 @@ static void dgram_chargen( const struct
int fd = SERVER_FD( serp ) ;
unsigned int left = sizeof( buf ) ;
ssize_t val;
+ const char *func = "dgram_chargen" ;
if ( SC_IPV4( SVC_CONF( SERVER_SERVICE( serp ) ) ) )
sin_len = sizeof( struct sockaddr_in );
@@ -480,6 +508,8 @@ static void dgram_chargen( const struct
bad_variable = 1 ; /* this will cause a compilation error */
#endif
+ if( bad_port_check(&lsin, func) != 0 ) return;
+
for ( p = buf ; left > 2 ; left -= len, p += len )
{
len = min( LINE_LENGTH+2, left ) ;

11
SOURCES/xinetd-2.3.15-context-exepath.patch Normal file
View File

@ -0,0 +1,11 @@
--- xinetd-2.3.15/xinetd/child.c 2013-06-25 14:12:24.599767760 +0200
+++ xinetd-2.3.15/xinetd/child.c.new 2013-06-25 14:14:57.463905500 +0200
@@ -532,7 +532,7 @@ static int set_context_from_socket( cons
if (getpeercon(fd, &peer_context) < 0)
goto fail;
- exepath = SC_SERVER_ARGV( scp )[0];
+ exepath = SC_SERVER( scp );
if (getfilecon(exepath, &exec_context) < 0)
goto fail;

49
SOURCES/xinetd-2.3.15-covscan.patch Normal file
View File

@ -0,0 +1,49 @@
diff --git a/xinetd/inet.c b/xinetd/inet.c
index 1cb2ba2..4e1237e 100644
--- a/xinetd/inet.c
+++ b/xinetd/inet.c
@@ -190,7 +190,7 @@ static int get_next_inet_entry( int fd, pset_h sconfs,
nvp = nv_find_value( service_types, "RPC" );
if ( nvp == NULL )
{
- parsemsg( LOG_WARNING, func, "inetd.conf - Bad foo %s", name ) ;
+ parsemsg( LOG_WARNING, func, "inetd.conf - Bad foo %s", SC_NAME(scp) ) ;
pset_destroy(args);
sc_free(scp);
return -1;
@@ -281,7 +281,7 @@ static int get_next_inet_entry( int fd, pset_h sconfs,
nvp = nv_find_value( service_types, "INTERNAL" );
if ( nvp == NULL )
{
- parsemsg( LOG_WARNING, func, "inetd.conf - Bad foo %s", name ) ;
+ parsemsg( LOG_WARNING, func, "inetd.conf - Bad foo %s", SC_NAME(scp) ) ;
pset_destroy(args);
sc_free(scp);
return -1;
@@ -359,7 +359,7 @@ static int get_next_inet_entry( int fd, pset_h sconfs,
nvp = nv_find_value( service_flags, "REUSE" );
if ( nvp == NULL )
{
- parsemsg( LOG_WARNING, func, "inetd.conf - Bad foo %s", name ) ;
+ parsemsg( LOG_WARNING, func, "inetd.conf - Bad foo %s", SC_NAME(scp) ) ;
pset_destroy(args);
sc_free(scp);
return -1;
@@ -370,7 +370,7 @@ static int get_next_inet_entry( int fd, pset_h sconfs,
nvp = nv_find_value( service_flags, "NOLIBWRAP" );
if ( nvp == NULL )
{
- parsemsg( LOG_WARNING, func, "inetd.conf - Bad foo %s", name ) ;
+ parsemsg( LOG_WARNING, func, "inetd.conf - Bad foo %s", SC_NAME(scp) ) ;
pset_destroy(args);
sc_free(scp);
return -1;
@@ -381,7 +381,7 @@ static int get_next_inet_entry( int fd, pset_h sconfs,
nvp = nv_find_value( service_flags, "NAMEINARGS" );
if ( nvp == NULL )
{
- parsemsg( LOG_WARNING, func, "inetd.conf - Bad foo %s", name ) ;
+ parsemsg( LOG_WARNING, func, "inetd.conf - Bad foo %s", SC_NAME(scp) ) ;
pset_destroy(args);
sc_free(scp);
return (-1);

15
SOURCES/xinetd-2.3.15-creds.patch Normal file
View File

@ -0,0 +1,15 @@
Patch by Thomas Swan <thomas.swan@gmail.com>
diff --git a/xinetd/builtins.c b/xinetd/builtins.c
index e61502f..a414cf3 100644
--- a/xinetd/builtins.c
+++ b/xinetd/builtins.c
@@ -695,7 +695,7 @@ static void tcpmux_handler( const struct server *serp )
if( SC_IS_INTERNAL( scp ) ) {
SC_INTERNAL(scp, nserp);
} else {
- exec_server(nserp);
+ child_process(nserp);
}
}

22
SOURCES/xinetd-2.3.15-pie.patch Normal file
View File

@ -0,0 +1,22 @@
--- xinetd-2.3.15/Makefile.in 2012-05-14 09:22:22.661617117 +0200
+++ xinetd-2.3.15.new/Makefile.in 2012-05-14 09:32:05.260103054 +0200
@@ -14,7 +14,7 @@ topdir = @top_srcdir@
LIBS = -lsio -lstr -lmisc -lxlog -lportable -lpset @LIBS@
-CFLAGS += @CFLAGS@
+CFLAGS += @CFLAGS@ -fpie
DCFLAGS = -Wall -Wredundant-decls -W -Wfloat-equal -Wundef -Wcast-qual -Wwrite-strings -Wmissing-noreturn -Wmissing-format-attribute -Wshadow -Wpointer-arith -Wno-unused -g
--- xinetd-2.3.15/xinetd/Makefile.in 2005-03-31 01:15:28.000000000 +0200
+++ xinetd-2.3.15.new/xinetd/Makefile.in 2012-05-14 09:32:24.183659971 +0200
@@ -119,7 +119,7 @@ itox: itox.c
$(CC) $(CFLAGS) $(DEBUG) $(SRCDIR)/itox.c -o $@ $(LDFLAGS) $(LIBS)
xinetd: $(OBJS)
- $(CC) $(CFLAGS) $(DEBUG) -o $@ $(OBJS) $(LDFLAGS) $(LIBS) || rm -f $@
+ $(CC) $(CFLAGS) $(DEBUG) -o $@ -pie $(OBJS) $(LDFLAGS) $(LIBS) || rm -f $@
clean:
rm -f $(OBJS) $(NAME) core itox

50
SOURCES/xinetd-2.3.15-tcpmux-nameinargs-disable-service.patch Normal file
View File

@ -0,0 +1,50 @@
Xinetd parses and applies its configuration line by line. If a user wants to
specify NAMEINARGS as a flag, it has to be *before* specifying 'server_args'.
Author: Jan Synacek <jsynacek@redhat.com>
Resolves: #1033528
--- a/xinetd/parse.c 2013-11-21 10:51:25.025436376 +0100
+++ b/xinetd/parse.c 2013-11-21 14:45:44.374121057 +0100
@@ -633,7 +633,28 @@ static status_e identify_attribute( entr
if ( (*ap->a_parser)( attr_values, scp, op ) == OK )
{ /* This is the normal path. */
- SC_SPECIFY( scp, ap->a_id ) ;
+ /* If flags contain NAMEINARGS and server_args is already set, disable the service.
+ Server args are already set incorrectly. */
+ if ( strcmp( ap->a_name, "flags" ) == 0 &&
+ SC_SERVER_ARGV( scp ) )
+ {
+ int i = 0, n = pset_count( attr_values ) ;
+ for ( ; i < n ; i++ ) {
+ char *v = (char *)pset_pointer( attr_values, i ) ;
+ if ( strcmp( v, "NAMEINARGS" ) == 0 )
+ break ;
+ }
+
+ if ( i != n ) {
+ parsemsg( LOG_ERR, func,
+ "NAMEINARGS flag is set after server_args - DISABLING SERVICE" ) ;
+ SC_DISABLE( scp ) ;
+ }
+ }
+ else
+ {
+ SC_SPECIFY( scp, ap->a_id ) ;
+ }
}
else if ( entry_type == SERVICE_ENTRY )
{
--- a/xinetd/xinetd.conf.man 2013-12-03 10:06:35.717977075 +0100
+++ b/xinetd/xinetd.conf.man 2013-12-03 10:41:14.779089430 +0100
@@ -106,7 +106,8 @@
This will cause the first argument in "server_args" to be argv[0] when
executing the server, as specified in "server". This allows you to use
tcpd by putting tcpd in "server" and the name of the server in "server_args"
-like in normal inetd.
+like in normal inetd. This flag has to be specified before "server_args",
+otherwise is not taken into account.
.TP
.B NODELAY
If the service is a tcp service and the NODELAY flag is set, then the

16
SOURCES/xinetd.service Normal file
View File

@ -0,0 +1,16 @@
[Unit]
Description=Xinetd A Powerful Replacement For Inetd
After=syslog.target network.target
Documentation=man:xinetd
Documentation=man:xinetd.conf
Documentation=man:xinetd.log
[Service]
Type=forking
PIDFile=/var/run/xinetd.pid
ExecStart=/usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
ExecReload=/usr/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target

451
SPECS/xinetd.spec Normal file
View File

@ -0,0 +1,451 @@
Summary: A secure replacement for inetd
Name: xinetd
Version: 2.3.15
Release: 24%{?dist}
License: xinetd
Group: System Environment/Daemons
Epoch: 2
URL: https://github.com/xinetd-org/xinetd
# source can be downloaded at
# https://github.com/xinetd-org/xinetd/archive/xinetd-2-3-15.tar.gz
Source: xinetd-%{version}.tar.gz
Source1: xinetd.service
Patch0: xinetd-2.3.15-pie.patch
Patch4: xinetd-2.3.14-bind-ipv6.patch
Patch6: xinetd-2.3.14-man-section.patch
Patch7: xinetd-2.3.15-PIE.patch
Patch8: xinetd-2.3.14-ident-bind.patch
Patch9: xinetd-2.3.14-readable-debuginfo.patch
# Patch for clean reconfiguration using newer versions of autotools
Patch10: xinetd-2.3.14-autoconf.patch
# Completely rewritten socket handling code (it uses poll() instead
# of select() function)
Patch11: xinetd-2.3.14-poll.patch
# New configuration option (limit for files opened by child process)
Patch12: xinetd-2.3.14-file-limit.patch
# When using tcpmux, xinetd ended up with sigsegv
# (detection of NULL pointer in pollfd structure was missing)
Patch13: xinetd-2.3.14-tcpmux.patch
# When service is destroyed, destroy also its
# file descriptor in array given to poll function
Patch14: xinetd-2.3.14-clean-pfd.patch
# xinetd confuses ipv6 and ipv4 port parsing
# - furtunately, they have the same format, so everything
# works even without this patch
Patch15: xinetd-2.3.14-ipv6confusion.patch
# This fixes bug #593904 - online reconfiguration caused log message
# flood when turning off UDP service
Patch16: xinetd-2.3.14-udp-reconfig.patch
Patch18: xinetd-2.3.14-rpc-specific-port.patch
Patch19: xinetd-2.3.14-signal-log-hang.patch
Patch20: xinetd-2.3.14-fix-type-punned-ptr.patch
# Fix leaking file descriptors and pfd_array wasting
# This fixes #702670
Patch21: xinetd-2.3.14-leaking-fds.patch
# Fix memory corruption when loading a large number of services
# This fixes #720390
Patch22: xinetd-2.3.14-many-services.patch
# Remove realloc of fds that was causing memory corruption
Patch23: xinetd-2.3.14-realloc-remove.patch
# Fix leaking descriptor when starting a service fails
Patch24: xinetd-2.3.14-leaking-fds-2a.patch
# Fix #770858 - Instances limit in xinetd can be easily bypassed
Patch25: xinetd-2.3.14-instances.patch
# Fix #809272 - Service disabled due to bind failure
Patch26: xinetd-2.3.14-retry-svc-activate-in-cps-restart.patch
Patch27: xinetd-2.3.15-bad-port-check.patch
# Fix #977873 - Use full path to server when checking selinux context
Patch28: xinetd-2.3.15-context-exepath.patch
Patch29: xinetd-2.3.15-creds.patch
# Fix #1033528 - xinetd segfaults when connecting to tcpmux service
Patch30: xinetd-2.3.15-tcpmux-nameinargs-disable-service.patch
Patch31: xinetd-2.3.15-covscan.patch
BuildRequires: autoconf, automake, libtirpc-devel
BuildRequires: libselinux-devel >= 1.30
BuildRequires: systemd-units
Requires(post): systemd-sysv
Requires(post): systemd-units
Requires(preun): systemd-units
Requires(postun): systemd-units
Requires: filesystem >= 2.0.1, setup
Provides: inetd
%description
Xinetd is a secure replacement for inetd, the Internet services
daemon. Xinetd provides access control for all services based on the
address of the remote host and/or on time of access and can prevent
denial-of-access attacks. Xinetd provides extensive logging, has no
limit on the number of server arguments, and lets you bind specific
services to specific IP addresses on your host machine. Each service
has its own specific configuration file for Xinetd; the files are
located in the /etc/xinetd.d directory.
%prep
%setup -q
# SPARC/SPARC64 needs -fPIE/-PIE
# This really should be detected by configure.
%ifarch sparcv9 sparc64
%patch7 -p1 -b .PIE
%else
%patch0 -p1 -b .pie
%endif
%patch4 -p1 -b .bind
%patch6 -p1 -b .man-section
%patch8 -p1 -b .ident-bind
%patch9 -p1 -b .readable-debuginfo
%patch10 -p1 -b .autoconf
%patch11 -p1 -b .poll
%patch12 -p1 -b .file-limit
%patch13 -p1 -b .tcpmux
%patch14 -p1 -b .clean-pfd
%patch15 -p1 -b .ipv6confusion
%patch16 -p1 -b .udp-reconfig
%patch18 -p1 -b .rpc-specific-port
%patch19 -p1 -b .signal-log-hang
%patch20 -p1 -b .fix-type-punned-ptr
%patch21 -p1 -b .leaking-fds
%patch22 -p1 -b .many-services
%patch23 -p1 -b .realloc-remove
%patch24 -p1 -b .leaking-fds-2a
%patch25 -p1 -b .instances
%patch26 -p1 -b .retry-svc-activate
%patch27 -p1 -b .bad-port-check
%patch28 -p1 -b .context-exepath
%patch29 -p1 -b .creds
%patch30 -p1
%patch31 -p1
aclocal
autoconf
%build
# -pie -PIE flags added by separate patches
%configure --with-loadavg --with-inet6 --with-labeled-networking
make CFLAGS="$CFLAGS $(pkg-config --cflags libtirpc)" LDFLAGS="$LDFLAGS $(pkg-config --libs libtirpc) -Wl,-z,relro,-z,now"
%install
mkdir -p $RPM_BUILD_ROOT%{_unitdir}
mkdir -m 700 -p $RPM_BUILD_ROOT/etc/xinetd.d/
# Remove unneeded service
rm -f contrib/xinetd.d/ftp-sensor
%make_install DAEMONDIR=$RPM_BUILD_ROOT/usr/sbin MANDIR=$RPM_BUILD_ROOT/%{_mandir}
install -m 600 contrib/xinetd.conf $RPM_BUILD_ROOT/etc
install -m 600 contrib/xinetd.d/* $RPM_BUILD_ROOT/etc/xinetd.d
install -m 644 %{SOURCE1} $RPM_BUILD_ROOT%{_unitdir}
rm -f $RPM_BUILD_ROOT/%{_mandir}/man8/itox*
rm -f $RPM_BUILD_ROOT/usr/sbin/itox
rm -f $RPM_BUILD_ROOT/%{_mandir}/man8/xconv.pl*
rm -f $RPM_BUILD_ROOT/usr/sbin/xconv.pl
%post
%systemd_post xinetd.service
%preun
%systemd_preun xinetd.service
%postun
%systemd_postun_with_restart xinetd.service
%files
%doc CHANGELOG COPYRIGHT README xinetd/sample.conf contrib/empty.conf
%config(noreplace) /etc/xinetd.conf
%{_unitdir}/xinetd.service
%config(noreplace) /etc/xinetd.d/*
/usr/sbin/xinetd
%{_mandir}/*/*
%changelog
* Mon Aug 5 2019 Jan Synáček <jsynacek@redhat.com> - 2:2.3.15-24
- fix covscan (#1607030)
* Tue May 22 2018 Jan Synáček <jsynacek@redhat.com> - 2:2.3.15-23
- fix compilation, missing rpc headers (#1580970)
* Mon Dec 4 2017 Jan Synáček <jsynacek@redhat.com> - 2:2.3.15-22
- remove build dependency on tcp_wrappers (#1518797)
* Tue Nov 07 2017 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2:2.3.15-21
- Remove old crufty coreutils requires
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2:2.3.15-20
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2:2.3.15-19
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2:2.3.15-18
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2:2.3.15-17
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2:2.3.15-16
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2:2.3.15-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2:2.3.15-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Mon Feb 24 2014 Jan Synáček <jsynacek@redhat.com> - 2:2.3.15-13
- drop sysconfig-related stuff
- add documentation reference to the service file
* Tue Jan 14 2014 Jan Synáček <jsynacek@redhat.com> - 2:2.3.15-12
- fix bad URL
* Fri Dec 13 2013 Jan Synáček <jsynacek@redhat.com> - 2:2.3.15-11
- fixup of the previous patch
- Resolves: #1042652
- Related: #1033528
* Tue Dec 3 2013 Jan Synáček <jsynacek@redhat.com> - 2:2.3.15-10
- xinetd segfaults when connecting to tcpmux service
- Resolves: #1033528
* Fri Oct 4 2013 Jan Synáček <jsynacek@redhat.com> - 2:2.3.15-9
- xinetd should not depend on NetworkManager-wait-online
- Resolves: #1002294
* Thu Oct 3 2013 Jan Synáček <jsynacek@redhat.com> - 2:2.3.15-8
- Honor user and group directives
- Resolves: CVE-2013-4342
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2:2.3.15-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Jun 26 2013 Jan Synáček <jsynacek@redhat.com> - 2:2.3.15-6
- Use full path to server when checking selinux context
- Resolves: #977873
* Fri Feb 15 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2:2.3.15-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Mon Sep 03 2012 Jan Synáček <jsynacek@redhat.com> - 2:2.3.15-4
- Change config files' permissions
- Resolves: #853144
* Wed Aug 22 2012 Jan Synáček <jsynacek@redhat.com> - 2:2.3.15-3
- Replace the makeinstall macro
- Add systemd-rpm macros
- Resolves: #850370
* Sun Jul 22 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2:2.3.15-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Mon May 14 2012 Jan Synáček <jsynacek@redhat.com> - 2:2.3.15-1
- Update to 2.3.15
- Drop patches merged by upstream
(-log-crash, -tcp_rpc, -label, -contextconf, -ssize_t)
- Update -pie, -PIE, -poll patch
- Resolves: #820927
- Add -bad-port-check patch
* Fri Apr 13 2012 Jan Synáček <jsynacek@redhat.com> - 2:2.3.14-46
- Fix: service file: avoid problems when name resolution is not ready
- Resolves: #748931
* Fri Apr 13 2012 Jan Synáček <jsynacek@redhat.com> - 2:2.3.14-45
- Fix: Service disabled due to bind failure
- Update patch: xinetd-2.3.14-leaking-fds-2.patch
- Resolves: #809272
* Mon Mar 05 2012 Jan Synáček <jsynacek@redhat.com> - 2:2.3.14-44
- Fix: Instances limit in xinetd can be easily bypassed
- Resolves: #770858
* Mon Mar 05 2012 Jan Synáček <jsynacek@redhat.com> - 2:2.3.14-43
- Fix xinetd.service permissions
- Remove useless INSTALL from package documentation
- Implement reload in xinetd.service
* Fri Mar 02 2012 Jan Synáček <jsynacek@redhat.com> - 2:2.3.14-42
- Fix leaking descriptor when starting a service fails (#795188)
* Wed Jan 18 2012 Jan Synáček <jsynacek@redhat.com> - 2:2.3.14-41
- Remove realloc inside svc_activate that was causing memory corruption
- Number of alloc'd file descriptors is now determined by system limits (ulimit -n)
- Add patch -realloc-remove
* Tue Jan 17 2012 Jan Synáček <jsynacek@redhat.com> - 2:2.3.14-40
- Fix memory corruption when loading a large number of services
- Resolves #720390
* Mon Jan 16 2012 Jan Synáček <jsynacek@redhat.com> - 2:2.3.14-39
- Fix leaking file descriptors
- Resolves: #702670
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2:2.3.14-38
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Mon Sep 12 2011 Tom Callaway <spot@fedoraproject.org> - 2:2.3.14-37
- covert to systemd
* Thu Apr 21 2011 Vojtech Vitek (V-Teq) <vvitek@redhat.com> - 2:2.3.14-36
- Fix build warning about "dereferencing type-punned pointer"
Related: #695674
- Avoid possible hang while logging an unexpected signal
Related: #501604
- Let RPC services bind to a specific port
Related: #624800
* Fri Feb 18 2011 Vojtech Vitek (V-Teq) <vvitek@redhat.com> - 2:2.3.14-35
- fix crash when application's logfile hit size limit
Related: #244063
* Mon Feb 14 2011 Vojtech Vitek (V-Teq) <vvitek@redhat.com> - 2:2.3.14-34
- Add -Wl,-z,relro,-z,now to LDFLAGS
* Mon Feb 07 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2:2.3.14-33
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Wed Jun 02 2010 Jan Zeleny <jzeleny@redhat.com> - 2:2.3.14-32
- fixed log message flooding when turning off UDP service during online
reconfiguration (#593904)
* Fri Mar 19 2010 Jan Zeleny <jzeleny@redhat.com> - 2:2.3.14-31
- corrected port parsing code (IPv4 and IPv6 were switched)
- commented patches I'm familiar with in spec file
* Fri Mar 19 2010 Jan Zeleny <jzeleny@redhat.com> - 2:2.3.14-30
- fixed flooding log with error messages when disabled service at runtime
- updated release number to 30 to prevent rpm from detecting this as downgrade
* Thu Jan 21 2010 Jan Zeleny <jzeleny@redhat.com> - 2:2.3.14-28
- fixed issue with tcpmux service (#543968)
* Tue Oct 20 2009 Jan Zeleny <jzeleny@redhat.com> - 2:2.3.14-27
- last update of init script modified to work with SELinux correctly
- added support for new configuration option - file limit for service
* Mon Oct 12 2009 Jan Zeleny <jzeleny@redhat.com> - 2:2.3.14-26
- updated init script (LSB compliance - #528154)
* Thu Sep 17 2009 Jan Zeleny <jzeleny@redhat.com> - 2:2.3.14-25
- correction of last patch replacing select() with poll()
* Mon Sep 14 2009 Jan Zeleny <jzeleny@redhat.com> - 2:2.3.14-24
- select() function and it's supporting macros replaced by poll() and it's supporting macros
- added patch of configure.in for clean compilation
* Mon Jul 27 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2:2.3.14-23
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2:2.3.14-22
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Thu Sep 18 2008 Jan Safranek <jsafranek@redhat.com> - 2:2.3.14-21
- fix glitches found during package review (#226560)
- make all files in .debuginfo package readable by everyone
* Wed Jul 16 2008 Jan Safranek <jsafranek@redhat.com> - 2:2.3.14-20
- fix wrong bind() call (#448069)
* Thu May 29 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 2:2.3.14-19
- fix sparc fPIE issues
* Thu Jan 31 2008 Jan Safranek <jsafranek@redhat.com> - 2:2.3.14-18
- fixed LABEL flag (#430929)
* Wed Jan 30 2008 Jan Safranek <jsafranek@redhat.com> - 2:2.3.14-17
- fixing init scripts (#430816)
* Mon Jan 28 2008 Jan Safranek <jsafranek@redhat.com> - 2:2.3.14-16
- xinetd.log man page is in the right section now (#428812)
* Thu Sep 6 2007 Jan Safranek <jsafranek@redhat.com> - 2:2.3.14-15
- initscript made LSB compliant (#247099)
* Thu Sep 6 2007 Jan Safranek <jsafranek@redhat.com> - 2:2.3.14-14
- removed inetdconvert script, nobody is using inetd
* Wed Aug 22 2007 Jan Safranek <jsafranek@redhat.com> - 2:2.3.14-13
- updated license field
* Wed May 16 2007 Jan Safranek <jsafranek@redhat.com> - 2:2.3.14-12
- bind IPv6 socket by default and switch to IPv4 on error
(bz#195265)
- service xinetd status returns actual status (bz#232887)
- use ssize_t instead of int (bz#211776)
* Mon Dec 4 2006 Thomas Woerner <twoerner@redhat.com> - 2:2.3.14-11
- tcp_wrappers has a new devel and libs sub package, therefore changing build
requirement for tcp_wrappers to tcp_wrappers-devel
* Fri Dec 01 2006 James Antill <james.antill@redhat.com> - 2:2.3.14-9
- Fix getpeercon() for LABELED networking MLS environments
- Resolves: rhbz#209379
* Sun Oct 01 2006 Jesse Keating <jkeating@redhat.com> - 2:2.3.14-8
- rebuilt for unwind info generation, broken in gcc-4.1.1-21
* Wed Sep 20 2006 Steve Grubb <sgrubb@redhat.com> 2:2.3.14-7
- Revised labeled networking patch to not allow redirection
* Tue Aug 29 2006 Steve Grubb <sgrubb@redhat.com> 2:2.3.14-6
- Revised labeled networking patch again
* Thu Aug 24 2006 Steve Grubb <sgrubb@redhat.com> 2:2.3.14-5
- Revised labeled networking patch
* Wed Aug 23 2006 Steve Grubb <sgrubb@redhat.com> 2:2.3.14-4
- Added labeled networking patch
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 2:2.3.14-3.1
- rebuild
* Fri Jun 16 2006 Steve Grubb <sgrubb@redhat.com> 2:2.3.14-3
- Rework spec file & use xinetd's sevice config files
* Fri Mar 24 2006 Jay Fenlason <fenlason@redhat.com> 2:2.3.14-2
- Upgrade to new upstream version. This obsoletes the -libwrap,
-rpc, -banner, -bug140084 and -gcc4 patches.
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 2:2.3.13-6.2.1
- bump again for double-long bug on ppc(64)
* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 2:2.3.13-6.2
- rebuilt for new gcc4.1 snapshot and glibc changes
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
- rebuilt
* Thu Feb 17 2005 Jay Fenlason <fenlason@redhat.com> 2:2.3.13-6
- include new patch to allow gcc4 to compile xinetd.
* Sat Jan 8 2005 Jay Fenlason <fenlason@redhat.com> 2:2.3.13-4
- Added patch committed to upstream CVS to fix bz#140084
(error logging accidentally using one of [012] as the syslog
descriptor)
* Fri Jun 18 2004 Jay Fenlason <fenlason@redhat.com> 2:2.3.13-3
- Add patch to fix #126242: banner's don't work
* Thu Jun 17 2004 Jay Fenlason <fenlason@redhat.com>
- Remove the configuration for the no-longer-present "services" service.
Closes #126169
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Fri May 14 2004 Jay Fenlason <fenlason@redhat.com>
- Add patch to allow multiple rpc services to cooexist as long as they're
different program numbers or different versions.
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Thu Jan 29 2004 Jay Fenlason <fenlason@redhat.com> 2.3.13-1
- Upgrade to new upstream version, which obsoletes most patches.
- Add new tcp_rpc patch, to turn on the nolibwrap flag on tcp rpc services,
since libwrap cannot be used on them.
* Sun Dec 28 2003 Florian La Roche <Florian.LaRoche@redhat.de>
- use new technology to filter python dep for inetdconvert instead
of changing the -x bit on file permissions