import yp-tools-4.2.3-1.el8

2019-05-07 03:18:29 -04:00 · 2019-05-07 03:18:29 -04:00 · 23caff05ea
commit 23caff05ea
7 changed files with 488 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
 SOURCES/v4.2.3.tar.gz
--- a/.yp-tools.metadata
+++ b/.yp-tools.metadata
@ -0,0 +1 @@
 cc4a69be612195ccd5ddcc9bc39f01d4e1a8041b SOURCES/v4.2.3.tar.gz
--- a/SOURCES/yp-tools-2.12-adjunct.patch
+++ b/SOURCES/yp-tools-2.12-adjunct.patch
@ -0,0 +1,11 @@
 diff -up yp-tools-2.12/src/yppasswd.c.adjunct yp-tools-2.12/src/yppasswd.c
 --- yp-tools-2.12/src/yppasswd.c.adjunct	2012-04-23 13:17:47.000988833 +0200
 +++ yp-tools-2.12/src/yppasswd.c	2012-04-23 13:18:01.209802938 +0200
@@ -774,6 +775,7 @@
       /* We can't check the password with shadow passwords enabled. We
        * leave the checking to yppasswdd */
       if (uid != 0 && strcmp (pwd->pw_passwd, "x") != 0 &&
 +	  0 != strncmp (pwd->pw_passwd, "##", 2) && /* don't check passwords using passwd.adjunct feature */
 	  strcmp (pwd->pw_passwd, hashpass ) != 0)
 	{
 	  int passwdlen = get_passwd_len (pwd->pw_passwd);
--- a/SOURCES/yp-tools-2.12-crypt.patch
+++ b/SOURCES/yp-tools-2.12-crypt.patch
@ -0,0 +1,44 @@
 diff -up yp-tools-2.12/src/yppasswd.c.crypt yp-tools-2.12/src/yppasswd.c
 --- yp-tools-2.12/src/yppasswd.c.crypt	2012-04-23 13:01:35.599721168 +0200
 +++ yp-tools-2.12/src/yppasswd.c	2012-04-23 13:16:18.251261293 +0200
@@ -772,9 +778,16 @@ main (int argc, char **argv)
 	{
 	  int passwdlen = get_passwd_len (pwd->pw_passwd);
 	  char *sane_passwd = alloca (passwdlen + 1);
 +	  char *crypted;
 	  strncpy (sane_passwd, pwd->pw_passwd, passwdlen);
 	  sane_passwd[passwdlen] = 0;
 -	  if (strcmp (crypt (s, sane_passwd), sane_passwd))
 +	  crypted = crypt (s, sane_passwd);
 +	  if(crypted == NULL)
 +	    {
 +	      fprintf (stderr, _("Sorry - crypt() failed.\n"));
 +	      return 1;
 +	    }
 +	  if (strcmp (crypted, sane_passwd))
 	    {
 	      fprintf (stderr, _("Sorry.\n"));
 	      return 1;
@@ -789,6 +802,7 @@ main (int argc, char **argv)
       char *error_msg;
 #endif /* USE_CRACKLIB */
       char *buf, salt[37], *p = NULL;
 +      char *crypted;
       int tries = 0;
       buf = (char *) malloc (129);
@@ -869,7 +883,13 @@ main (int argc, char **argv)
 	  break;
 	}
 -      yppwd.newpw.pw_passwd = strdup (crypt (buf, salt));
 +      crypted = crypt (buf, salt);
 +      if(crypted == NULL) {
 +	fprintf (stderr, _("Sorry - crypt() failed.\n"));
 +	return 1;
 +      } else {
 +	yppwd.newpw.pw_passwd = strdup (crypted);
 +      }
     }
   if (f_flag)
--- a/SOURCES/yp-tools-2.12-hash.patch
+++ b/SOURCES/yp-tools-2.12-hash.patch
@ -0,0 +1,68 @@
 diff -up yp-tools-2.12/man/yppasswd.1.in.hash yp-tools-2.12/man/yppasswd.1.in
 --- yp-tools-2.12/man/yppasswd.1.in.hash	2011-09-09 16:18:49.469037058 +0200
 +++ yp-tools-2.12/man/yppasswd.1.in	2011-09-09 16:20:19.101030930 +0200
@@ -81,6 +81,12 @@ for authentication with the
 .BR yppasswdd (8)
 daemon. Subsequently, the
 program prompts for the updated information:
 +.P
 +If we use shadowing passwords using passwd.adjunct, SHA-512 will be 
 +used for hashing a new password by default. If we want to use MD5, 
 +SHA_256 or older DES, we need to set the environment variable 
 +YP_PASSWD_HASH. Possible values are "DES", "MD5", "SHA-256" and 
 +"SHA-512" (value is case-insensitive).
 .\"
 .\"
 .IP "\fByppasswd\fP or \fB-p\fP"
 diff -up yp-tools-2.12/src/yppasswd.c.hash yp-tools-2.12/src/yppasswd.c
 --- yp-tools-2.12/src/yppasswd.c.hash	2011-09-09 16:20:35.360029823 +0200
 +++ yp-tools-2.12/src/yppasswd.c	2011-09-09 16:25:21.589010245 +0200
@@ -514,6 +514,32 @@ create_random_salt (char *salt, int num_
     close (fd);
 }
 +
 +/*
 + * Reads environment variable YP_PASSWD_HASH and returns hash id.
 + * Possible values are MD5, SHA-256, SHA-512 and DES.
 + * If other value is set or it is not set at all, SHA-512 is used.
 + */ 
 +static int
 +get_env_hash_id()
 +{
 +  const char *v = getenv("YP_PASSWD_HASH");
 +  if (!v)
 +    return SHA_512;
 +
 +  if (!strcasecmp(v, "DES"))
 +    return DES;
 +
 +  if (!strcasecmp(v, "SHA-256"))
 +    return SHA_256;
 +
 +  if (!strcasecmp(v, "MD5"))
 +    return MD5;
 +
 +  return SHA_512;
 +}
 +
 +
 int
 main (int argc, char **argv)
 {
@@ -723,6 +749,15 @@ main (int argc, char **argv)
       hash_id = get_hash_id (pwd->pw_passwd);
 +      /* If we use passwd.adjunct, there is no magic value like $1$ in the 
 +       * beginning of password, but ##username instead. Thus, SHA_512 will be 
 +       * used for hashing a new password by default. If we want to use DES, 
 +       * MD5 or SHA_256, we need to set the environment variable 
 +       * YP_PASSWD_HASH (e.g. YP_PASSWD_HASH=DES).
 +       */
 +      if (strncmp(pwd->pw_passwd, "##", 2) == 0)
 +        hash_id = get_env_hash_id();
 +
       /* Preserve 'rounds=<N>$' (if present) in case of SHA-2 */
       if (hash_id == SHA_256 || hash_id == SHA_512)
 	{
--- a/SOURCES/yp-tools-4.2.2-strict-prototypes.patch
+++ b/SOURCES/yp-tools-4.2.2-strict-prototypes.patch
@ -0,0 +1,11 @@
 --- yp-tools-yp-tools-4.2.2/src/yppasswd.c.strict-protorypes	2017-02-21 15:51:03.452034055 +0100
 +++ yp-tools-yp-tools-4.2.2/src/yppasswd.c	2017-02-21 15:51:14.996030455 +0100
@@ -547,7 +547,7 @@ create_random_salt (char *salt, int num_
  * If other value is set or it is not set at all, SHA-512 is used.
  */ 
 static int
 -get_env_hash_id()
 +get_env_hash_id(void)
 {
   const char *v = getenv("YP_PASSWD_HASH");
   if (!v)
--- a/SPECS/yp-tools.spec
+++ b/SPECS/yp-tools.spec
@ -0,0 +1,352 @@
 Summary: NIS (or YP) client programs
 Name: yp-tools
 Version: 4.2.3
 Release: 1%{?dist}
 License: GPLv2
 Group: System Environment/Base
 Source: https://github.com/thkukuk/yp-tools/archive/v%{version}.tar.gz
 Patch1: yp-tools-2.12-hash.patch
 Patch2: yp-tools-2.12-crypt.patch
 Patch3: yp-tools-2.12-adjunct.patch
 Patch4: yp-tools-4.2.2-strict-prototypes.patch
 Url: http://www.linux-nis.org/nis/yp-tools/index.html
 BuildRequires: autoconf, automake, gettext-devel, libtool, libtirpc-devel, libnsl2-devel
 Requires: ypbind >= 3:2.4-2
 Requires: glibc
 %global __filter_GLIBC_PRIVATE 1
 %description
 The Network Information Service (NIS) is a system which provides
 network information (login names, passwords, home directories, groupinformation) to all of the machines on a network.  NIS can enable
 information) to all of the machines on a network.  NIS can enable
 users to login on any machine on the network, as long as the machine
 has the NIS client programs running and the user's password is
 recorded in the NIS passwd database.  NIS was formerly known as Sun
 Yellow Pages (YP).
 This package's NIS implementation is based on FreeBSD's YP and is a
 special port for glibc 2.x and libc versions 5.4.21 and later.  This
 package only provides the NIS client programs.  In order to use the
 clients, you'll need to already have an NIS server running on your
 network. An NIS server is provided in the ypserv package.
 Install the yp-tools package if you need NIS client programs for machines
 on your network.  You will also need to install the ypbind package on
 every machine running NIS client programs.  If you need an NIS server,
 you'll need to install the ypserv package on one machine on the network.
 %package devel
 Summary: NIS (or YP) client programs
 Group: System Environment/Base
 Requires: yp-tools
 %description devel
 Install yp-tools-devel package for developing applications that use yp-tools
 %prep
 %setup -q -n %{name}-%{version}
 %patch1 -p1 -b .hash
 %patch2 -p1 -b .crypt
 %patch3 -p1 -b .adjunct
 %patch4 -p1 -b .strict-prototypes
 autoreconf -i -f -v
 %build
 export CFLAGS="$CFLAGS %{optflags} -Wno-cast-function-type"
 %configure --disable-domainname
 %make_build
 %install
 make DESTDIR="$RPM_BUILD_ROOT" INSTALL_PROGRAM=install install
 %find_lang %name
 %files -f %{name}.lang
 %doc AUTHORS COPYING README ChangeLog NEWS etc/nsswitch.conf
 %doc THANKS
 %{_bindir}/*
 %{_mandir}/*/*
 %{_sbindir}/*
 /var/yp/nicknames
 %changelog
 * Thu Apr 19 2018 Petr Kubat <pkubat@redhat.com> - 4.2.3-1
 - Update to version 4.2.3
 * Thu Mar 15 2018 Matej Mužila <mmuzila@redhat.com> - 4.2.2-7
 - Disable cast-function-type warning
 * Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.2.2-6
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
 * Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 4.2.2-5
 - Rebuilt for switch to libxcrypt
 * Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 4.2.2-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
 * Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 4.2.2-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
 * Mon May 29 2017 Matej Mužila <mmuzila@redhat.com> - 4.2.2-2
 - Require ypbind >= 3:2.4-2
 * Fri May 19 2017 Matej Mužila <mmuzila@redhat.com> - 4.2.2-1
 - Update to version 4.2.2 supporting IPv6
 * Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.14-8
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
 * Mon Nov 28 2016 Petr Kubat <pkubat@redhat.com> - 2.14-7
 - Modified passwd.adjunct patch by Gilbert E. Detillieux (#1297955)
 * Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.14-6
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
 * Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.14-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
 * Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.14-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
 * Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.14-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
 * Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.14-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
 * Mon May 06 2013 Honza Horak <hhorak@redhat.com> - 2.14-1
 - New upstream version 2.14
 * Mon Mar 25 2013 Honza Horak <hhorak@redhat.com> - 2.12-13
 - Fix build for aarch64
 * Fri Feb 15 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.12-12
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
 * Mon Sep 24 2012 Honza Horak <hhorak@redhat.com> - 2.12-12
 - Minor spec file fixes
 * Sun Jul 22 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.12-11
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
 * Wed Jul 11 2012 Honza Horak <hhorak@redhat.com> - 2.12-10
 - Minor spec file fixes
 * Mon Apr 23 2012 Honza Horak <hhorak@redhat.com> - 2.12-9
 - Do not check old passwords using passwd.adjunct feature
 - Patch from Paul Wouters to handle crypt() returning NULL
  Resolves: #814803
 * Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.12-8
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
 * Fri Sep 09 2011 Honza Horak <hhorak@redhat.com> - 2.12-7
 - Added YP_PASSWD_HASH environment variable to set default
  algorithm for hashing a new password
  Resolves: #699666
 * Wed May 04 2011 Honza Horak <hhorak@redhat.com> - 2.12-6
 - Applied -gethost patch to check return value
  (rhbz#698619)
 * Fri Mar 18 2011 Honza Horak <hhorak@redhat.com> - 2.12-5
 - Applied -typo patch to fix a grammar mistake
  (rhbz#668743)
 * Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.12-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
 * Tue Nov 23 2010 Karel Klic <kklic@redhat.com> - 2.12-3
 - Reverted previous change
 * Tue Nov 23 2010 Karel Klic <kklic@redhat.com> - 2.12-2
 - Added patch that removes ypclnt.c from being compiled into
  ypmatch (rhbz#546149)
 * Fri Nov 19 2010 Karel Klic <kklic@redhat.com> - 2.12-1
 - New upstream version
 * Fri Nov 19 2010 Karel Klic <kklic@redhat.com> - 2.11-2
 - Added patch to fix yppasswd utility when used with shadow
  passwords (rhbz#653921)
 - Removed %%clean section
 * Tue Apr 20 2010 Karel Klic <kklic@redhat.com> - 2.11-1
 - New upstream release
 - MD5, SHA-2 passwords patch merged by upstream
 - Removed BuildRoot tag
 * Thu Apr 15 2010 Karel Klic <kklic@redhat.com> - 2.10-3
 - Added a new patch -passwords, which merges -md5 and -sha-2 patches
  together, and adds proper MD5/SHA support to verifypassword()
  #514061
 * Mon Mar 01 2010 Karel Klic <kklic@redhat.com> - 2.10-2
 - /var/yp is owned by the filesystem package (#569383)
 * Thu Dec 10 2009 Karel Klic <kklic@redhat.com> - 2.10-1
 - Updated to new version
 - Removed unnecessary obsoletes
 * Mon Aug 10 2009 Ville Skyttä <ville.skytta@iki.fi> - 2.9-8
 - Convert specfile to UTF-8.
 * Mon Jul 27 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.9-7
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
 * Wed Mar  4 2009 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.9-6
 - Add SHA-2 password hashes support
  Resolves: #487607
 * Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.9-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
 * Mon Aug 11 2008 Jason L Tibbitts III <tibbs@math.uh.edu> - 2.9-4
 - Fix license tag.
 * Mon Feb 11 2008 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.9-3
 - Fix Buildroot
 * Tue Jul 31 2007 Steve Dickson <steved@redhat.com> 2.9-1
 - Changed install process to create an useful debuginfo package (bz 249961) 
 * Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 2.9-0.1
 - rebuild
 * Mon Feb 13 2006 Chris Feist <cfeist@redhat.com> - 2.9-0
 - bump again for double-long bug on ppc(64)
 * Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 2.8-8.2
 - rebuilt for new gcc4.1 snapshot and glibc changes
 * Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
 - rebuilt
 * Fri Jun 18 2004 Alan Cox <alan@redhat.com>
 - Fix buffer overflow (non security) thanks to D Binderman
 * Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
 - rebuilt
 * Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
 - rebuilt
 * Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
 - rebuilt
 * Wed Apr 23 2003 Steve Dickson <SteveD@RedHat.com>
 - Update to 2.7 from upstream
 - Updated yppasswd md5 patch
 * Wed Jan 22 2003 Tim Powers <timp@redhat.com>
 - rebuilt
 * Mon Nov 18 2002 Tim Powers <timp@redhat.com>
 - rebuild on all arches
 * Wed Aug 28 2002 Nalin Dahyabhai <nalin@redhat.com> 2.7-3
 - properly terminate an alloca'ed string in yppasswd which would lead to
  improper rejection of the request if the user's pw_passwd was visible
 * Fri Jun 21 2002 Tim Powers <timp@redhat.com>
 - automated rebuild
 * Tue Jun 11 2002 Alexander Larsson <alexl@redhat.com>
 - Update to 2.7 from upstream
 - Updated yppasswd md5 patch
 * Thu May 23 2002 Tim Powers <timp@redhat.com>
 - automated rebuild
 * Mon Mar 25 2002 Alex Larsson <alexl@redhat.com> 2.6-4
 - Updated passwd patch with Nalins comments
 * Fri Mar 22 2002 Alex Larsson <alexl@redhat.com> 2.6-3
 - Add patch that handles MD5 passwords and HPU/X password aging.
 - This should hopefully fix #19045 and #22667
 * Wed Jan 09 2002 Tim Powers <timp@redhat.com>
 - automated rebuild
 * Tue Jul 24 2001 Florian La Roche <Florian.LaRoche@redhat.de>
 - own /var/yp
 * Sun Jun 24 2001 Elliot Lee <sopwith@redhat.com>
 - Bump release + rebuild.
 * Mon Feb 26 2001 Trond Eivind Glomsrød <teg@redhat.com>
 - langify
 * Wed Sep 27 2000 Florian La Roche <Florian.LaRoche@redhat.de>
 - add another security patch
 * Sun Aug 20 2000 Florian La Roche <Florian.LaRoche@redhat.com>
 - allow passwords up to 128 characters
 * Tue Aug 15 2000 Nalin Dahyabhai <nalin@redhat.com>
 - change License from GNU to GPL
 - fix handling of defaults in ypchfn (#13830)
 * Thu Jul 13 2000 Prospector <bugzilla@redhat.com>
 - automatic rebuild
 * Sun Jun 18 2000 Matt Wilson <msw@redhat.com>
 - use %%{_mandir}
 * Thu Feb 03 2000 Cristian Gafton <gafton@redhat.com>
 - man pages are compressed
 - version 2.4
 * Tue Oct 26 1999 Bill Nottingham <notting@redhat.com>
 - get rid of bogus messages.
 * Fri Aug 27 1999 Preston Brown <pbrown@redhat.com>
 - patched /var/yp/nicknames so that hosts resolves to hosts.byname,
 - not hosts.byaddr (bug # 2389)
 * Sun May 30 1999 Jeff Johnson <jbj@redhat.com>
 - update to 2.3.
 * Fri Apr 16 1999 Cristian Gafton <gafton@redhat.com>
 - version 2.2
 - make it obsolete older yp-clients package
 * Sun Mar 21 1999 Cristian Gafton <gafton@redhat.com> 
 - auto rebuild in the new build environment (release 3)
 * Thu Dec 17 1998 Cristian Gafton <gafton@redhat.com>
 - build for glibc 2/1
 - version 2.1
 - require ypbind
 * Fri Jun 12 1998 Aron Griffis <agriffis@coat.com>
 - upgraded to 2.0
 * Thu May 07 1998 Prospector System <bugs@redhat.com>
 - translations modified for de, fr, tr
 * Mon Apr 13 1998 Cristian Gafton <gafton@redhat.com>
 - upgraded to 1.4.1
 * Thu Dec 04 1997 Cristian Gafton <gafton@redhat.com>
 - put yppasswd again in the package, 'cause it is the right thing to do
  (sorry djb!)
 - obsoletes old, unmaintained yppasswd package
 * Sat Nov 01 1997 Donnie Barnes <djb@redhat.com>
 - removed yppasswd from this package.
 * Fri Oct 31 1997 Donnie Barnes <djb@redhat.com>
 - pulled from contrib into distribution (got fresh sources).  Thanks
  to Thorsten Kukuk <kukuk@vt.uni-paderborn.de> for the original.
 - used fresh sources
		`@ -0,0 +1 @@`
							`cc4a69be612195ccd5ddcc9bc39f01d4e1a8041b SOURCES/v4.2.3.tar.gz`