packages/xinetd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Package init

Browse Source
This commit is contained in:
overweight 2019-09-30 11:20:12 -04:00
commit 57ba0dd877
35 changed files with 2804 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
connection.c-fix-pointer-dereference-before-NULL-che.patch Normal file
View File

@ -0,0 +1,33 @@
From 316adda751b9a871da0fd447210512723ee9814b Mon Sep 17 00:00:00 2001
From: Jan Synacek <jsynacek@redhat.com>
Date: Wed, 16 May 2012 08:55:08 +0200
Subject: [PATCH 04/16] connection.c: fix pointer dereference before NULL check
---
xinetd/connection.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/xinetd/connection.c b/xinetd/connection.c
index f01ae0d..7ba6261 100644
--- a/xinetd/connection.c
+++ b/xinetd/connection.c
@@ -165,13 +165,15 @@ connection_s *conn_new( struct service *sp )
*/
void conn_free( connection_s *cp, int release_mem )
{
- struct service *sp = cp->co_sp ;
+ struct service *sp ;
if( cp == NULL )
return;
if( debug.on )
msg( LOG_INFO, "conn_free", "freeing connection") ;
+ sp = cp->co_sp ;
+
if( (SVC_SOCKET_TYPE( sp ) == SOCK_DGRAM) && (SVC_IS_ACTIVE( sp )) )
drain( cp->co_descriptor ) ;
--
2.19.1

61
inet.c-avoid-using-pointer-after-free.patch Normal file
View File

@ -0,0 +1,61 @@
From dd00d6d0710dd3b644ac112b5c98b90f4cae5ac9 Mon Sep 17 00:00:00 2001
From: Jan Synacek <jsynacek@redhat.com>
Date: Wed, 16 May 2012 09:22:21 +0200
Subject: [PATCH 06/16] inet.c: avoid using pointer after free
---
xinetd/inet.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/xinetd/inet.c b/xinetd/inet.c
index 1cb2ba2..4e1237e 100644
--- a/xinetd/inet.c
+++ b/xinetd/inet.c
@@ -190,7 +190,7 @@ static int get_next_inet_entry( int fd, pset_h sconfs,
nvp = nv_find_value( service_types, "RPC" );
if ( nvp == NULL )
{
- parsemsg( LOG_WARNING, func, "inetd.conf - Bad foo %s", name ) ;
+ parsemsg( LOG_WARNING, func, "inetd.conf - Bad foo %s", SC_NAME(scp) ) ;
pset_destroy(args);
sc_free(scp);
return -1;
@@ -281,7 +281,7 @@ static int get_next_inet_entry( int fd, pset_h sconfs,
nvp = nv_find_value( service_types, "INTERNAL" );
if ( nvp == NULL )
{
- parsemsg( LOG_WARNING, func, "inetd.conf - Bad foo %s", name ) ;
+ parsemsg( LOG_WARNING, func, "inetd.conf - Bad foo %s", SC_NAME(scp) ) ;
pset_destroy(args);
sc_free(scp);
return -1;
@@ -359,7 +359,7 @@ static int get_next_inet_entry( int fd, pset_h sconfs,
nvp = nv_find_value( service_flags, "REUSE" );
if ( nvp == NULL )
{
- parsemsg( LOG_WARNING, func, "inetd.conf - Bad foo %s", name ) ;
+ parsemsg( LOG_WARNING, func, "inetd.conf - Bad foo %s", SC_NAME(scp) ) ;
pset_destroy(args);
sc_free(scp);
return -1;
@@ -370,7 +370,7 @@ static int get_next_inet_entry( int fd, pset_h sconfs,
nvp = nv_find_value( service_flags, "NOLIBWRAP" );
if ( nvp == NULL )
{
- parsemsg( LOG_WARNING, func, "inetd.conf - Bad foo %s", name ) ;
+ parsemsg( LOG_WARNING, func, "inetd.conf - Bad foo %s", SC_NAME(scp) ) ;
pset_destroy(args);
sc_free(scp);
return -1;
@@ -381,7 +381,7 @@ static int get_next_inet_entry( int fd, pset_h sconfs,
nvp = nv_find_value( service_flags, "NAMEINARGS" );
if ( nvp == NULL )
{
- parsemsg( LOG_WARNING, func, "inetd.conf - Bad foo %s", name ) ;
+ parsemsg( LOG_WARNING, func, "inetd.conf - Bad foo %s", SC_NAME(scp) ) ;
pset_destroy(args);
sc_free(scp);
return (-1);
--
2.19.1

28
sconf.c-fix-possible-memleak.patch Normal file
View File

@ -0,0 +1,28 @@
From 2df8f29306ea5d9d96f9c7a2313ae04cbdd1f54c Mon Sep 17 00:00:00 2001
From: Jan Synacek <jsynacek@redhat.com>
Date: Thu, 24 May 2012 08:43:22 +0200
Subject: [PATCH 11/16] sconf.c: fix possible memleak
---
xinetd/sconf.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/xinetd/sconf.c b/xinetd/sconf.c
index 71b6a30..c874d24 100644
--- a/xinetd/sconf.c
+++ b/xinetd/sconf.c
@@ -153,6 +153,11 @@ struct service_config *sc_make_special( const char *service_name,
if ( SC_ID(scp) == NULL )
{
out_of_memory( func ) ;
+ /*
+ * Since we're returning instead of exiting, it's probably a good idea to
+ * free scp
+ */
+ sc_free( scp );
return( NULL ) ;
}
SC_SPECIFY( scp, A_ID ) ;
--
2.19.1

27
service.c-avoid-dereferencing-NULL-pointer.patch Normal file
View File

@ -0,0 +1,27 @@
From 14842a4a7b6c14a9713cce45b8a699bfb54775be Mon Sep 17 00:00:00 2001
From: Jan Synacek <jsynacek@redhat.com>
Date: Wed, 23 May 2012 13:43:07 +0200
Subject: [PATCH 07/16] service.c: avoid dereferencing NULL pointer
---
xinetd/service.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/xinetd/service.c b/xinetd/service.c
index 5e4d406..cd02857 100644
--- a/xinetd/service.c
+++ b/xinetd/service.c
@@ -984,7 +984,10 @@ void close_all_svc_descriptors(void)
/* Have to close all other descriptors here */
iter = psi_create( SERVICES( ps ) ) ;
if ( iter == NULL )
+ {
out_of_memory( "close_all_svc_descriptors" ) ;
+ exit( 1 );
+ }
for ( osp = SP( psi_start( iter ) ) ; osp ; osp = SP( psi_next( iter ) ) )
{
--
2.19.1

52
tcpint.c-fix-memleak.patch Normal file
View File

@ -0,0 +1,52 @@
From e75406018196636b0d96ec67ac0b3951c7b7d374 Mon Sep 17 00:00:00 2001
From: Jan Synacek <jsynacek@redhat.com>
Date: Wed, 16 May 2012 09:11:56 +0200
Subject: [PATCH 05/16] tcpint.c: fix memleak
---
xinetd/tcpint.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/xinetd/tcpint.c b/xinetd/tcpint.c
index cd6474f..34a2ca9 100644
--- a/xinetd/tcpint.c
+++ b/xinetd/tcpint.c
@@ -134,7 +134,7 @@ static void si_mux(void)
#endif
if ( n_ready == -1 )
- return ;
+ goto free_iter ;
#ifdef HAVE_POLL
if ( pfd_array[0].revents & ( POLLIN | POLLOUT ) )
@@ -193,9 +193,9 @@ static void si_mux(void)
#else
if ( handle_io( iter, chp, &socket_mask, tcp_local_to_remote ) == FAILED )
#endif
- return ;
+ goto free_iter ;
if ( --n_ready == 0 )
- break ;
+ goto free_iter ;
}
#ifdef HAVE_POLL
@@ -216,12 +216,15 @@ static void si_mux(void)
if ( handle_io( iter, chp,
&socket_mask, tcp_remote_to_local ) == FAILED )
#endif
- return ;
+ goto free_iter ;
if ( --n_ready == 0 )
- break ;
+ goto free_iter ;
}
}
}
+free_iter:
+ psi_destroy( iter ) ;
+ return ;
}

251
xinetd-2.3.14-autoconf.patch Normal file
View File

@ -0,0 +1,251 @@
--- xinetd-2.3.14/configure.in 2009-07-27 13:27:59.000000000 +0200
+++ xinetd-2.3.14-mod/configure.in 2009-07-29 10:05:44.000000000 +0200
@@ -20,34 +20,34 @@ AC_CHECK_FUNCS(ecvt, ,
AC_CHECK_FUNCS(gcvt, ,
AC_CHECK_LIB(m, gcvt))
-AC_CHECK_FUNC(strerror, [AC_DEFINE(HAVE_STRERROR)])
-AC_CHECK_FUNC(strcasecmp, [AC_DEFINE(HAVE_STRCASECMP)])
+AC_CHECK_FUNC(strerror, [AC_DEFINE(HAVE_STRERROR, 1, "")])
+AC_CHECK_FUNC(strcasecmp, [AC_DEFINE(HAVE_STRCASECMP, 1, "")])
AC_CHECK_FUNC(socket, ,
AC_CHECK_LIB(socket, socket, ,
AC_CHECK_LIB(nsl, socket)))
AC_CHECK_FUNC(inet_aton, ,
AC_CHECK_LIB(nsl, inet_aton, ,
AC_CHECK_LIB(socket, inet_aton, ,
- AC_CHECK_LIB(resolv, inet_aton, ,[AC_DEFINE(NO_INET_ATON)]))))
-AC_CHECK_FUNC(setenv,[AC_DEFINE(HAVE_SETENV)])
-AC_CHECK_FUNC(strsignal, [AC_DEFINE(HAVE_STRSIGNAL)])
-AC_CHECK_LIB(c, sys_siglist, [AC_DEFINE(HAVE_SYS_SIGLIST)])
-AC_CHECK_FUNC(gai_strerror,[AC_DEFINE(HAVE_GAI_STRERROR)])
-AC_CHECK_FUNC(freeaddrinfo,[AC_DEFINE(HAVE_FREEADDRINFO)])
-AC_CHECK_FUNC(getaddrinfo,[AC_DEFINE(HAVE_GETADDRINFO)])
+ AC_CHECK_LIB(resolv, inet_aton, ,[AC_DEFINE(NO_INET_ATON, 1, "")]))))
+AC_CHECK_FUNC(setenv,[AC_DEFINE(HAVE_SETENV, 1, "")])
+AC_CHECK_FUNC(strsignal, [AC_DEFINE(HAVE_STRSIGNAL, 1, "")])
+AC_CHECK_LIB(c, sys_siglist, [AC_DEFINE(HAVE_SYS_SIGLIST, 1, "")])
+AC_CHECK_FUNC(gai_strerror,[AC_DEFINE(HAVE_GAI_STRERROR, 1, "")])
+AC_CHECK_FUNC(freeaddrinfo,[AC_DEFINE(HAVE_FREEADDRINFO, 1, "")])
+AC_CHECK_FUNC(getaddrinfo,[AC_DEFINE(HAVE_GETADDRINFO, 1, "")])
AC_CHECK_HEADERS(sys/types.h sys/termios.h termios.h sys/ioctl.h sys/select.h rpc/rpc.h rpc/rpcent.h sys/file.h ftw.h machine/reg.h netdb.h)
-AC_CHECK_HEADER(sys/resource.h, [AC_DEFINE(HAVE_SYS_RESOURCE_H)])
-AC_CHECK_HEADER(arpa/inet.h, [AC_DEFINE(HAVE_ARPA_INET_H)])
-AC_CHECK_HEADER(grp.h, [AC_DEFINE(HAVE_GRP_H)])
-AC_CHECK_HEADER(rpc/pmap_clnt.h, [AC_DEFINE(HAVE_RPC_PMAP_CLNT_H)])
-AC_CHECK_HEADER(sys/socket.h, [AC_DEFINE(HAVE_SYS_SOCKET_H)])
-AC_CHECK_HEADER(sys/signal.h, [AC_DEFINE(HAVE_SYS_SIGNAL_H)])
-AC_CHECK_HEADER(crypt.h, [AC_DEFINE(HAVE_CRYPT_H)])
-AC_CHECK_HEADER(stdint.h, [AC_DEFINE(HAVE_STDINT_H)])
-AC_CHECK_HEADER(stdbool.h, [AC_DEFINE(HAVE_STDBOOL_H)])
-AC_CHECK_HEADER(sys/filio.h, [AC_DEFINE(HAVE_SYS_FILIO_H)])
-AC_CHECK_HEADER(DNSServiceDiscovery/DNSServiceDiscovery.h, [AC_DEFINE(HAVE_DNSREGISTRATION) AC_DEFINE(HAVE_MDNS)])
+AC_CHECK_HEADER(sys/resource.h, [AC_DEFINE(HAVE_SYS_RESOURCE_H, 1, "")])
+AC_CHECK_HEADER(arpa/inet.h, [AC_DEFINE(HAVE_ARPA_INET_H, 1, "")])
+AC_CHECK_HEADER(grp.h, [AC_DEFINE(HAVE_GRP_H, 1, "")])
+AC_CHECK_HEADER(rpc/pmap_clnt.h, [AC_DEFINE(HAVE_RPC_PMAP_CLNT_H, 1, "")])
+AC_CHECK_HEADER(sys/socket.h, [AC_DEFINE(HAVE_SYS_SOCKET_H, 1, "")])
+AC_CHECK_HEADER(sys/signal.h, [AC_DEFINE(HAVE_SYS_SIGNAL_H, 1, "")])
+AC_CHECK_HEADER(crypt.h, [AC_DEFINE(HAVE_CRYPT_H, 1, "")])
+AC_CHECK_HEADER(stdint.h, [AC_DEFINE(HAVE_STDINT_H, 1, "")])
+AC_CHECK_HEADER(stdbool.h, [AC_DEFINE(HAVE_STDBOOL_H, 1, "")])
+AC_CHECK_HEADER(sys/filio.h, [AC_DEFINE(HAVE_SYS_FILIO_H, 1, "")])
+AC_CHECK_HEADER(DNSServiceDiscovery/DNSServiceDiscovery.h, [AC_DEFINE(HAVE_DNSREGISTRATION, 1, "") AC_DEFINE(HAVE_MDNS, 1, "")])
AC_ARG_WITH(howl, [ --with-howl=PATH Compile in howl support.
PATH is the prefix where howl is installed,
@@ -56,7 +56,7 @@ AC_ARG_WITH(howl, [ --with-howl=PATH
OLDLDFLAGS=$LDFLAGS; LDFLAGS="-L$withval/lib/ $LDFLAGS";
OLDCPPFLAGS=$CPPFLAGS; CPPFLAGS="-I$withval/include/howl/ $CPPFLAGS";
AC_CHECK_HEADER($withval/include/howl/howl.h,
- [AC_DEFINE(HAVE_HOWL) AC_DEFINE(HAVE_MDNS)],
+ [AC_DEFINE(HAVE_HOWL, 1, "") AC_DEFINE(HAVE_MDNS, 1, "")],
[CFLAGS=$OLDCFLAGS; LDFLAGS=$OLDLDFLAGS; CPPFLAGS=$OLDCPPFLAGS;])
AC_CHECK_LIB(howl, sw_discovery_publish, [LIBS="-lhowl $LIBS"], [
OLDLIBS=$LIBS; LIBS="-lpthread $LIBS";
@@ -88,7 +88,7 @@ AC_CACHE_CHECK([for struct addrinfo], ac
)
])
if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
- AC_DEFINE(HAVE_STRUCT_ADDRINFO)
+ AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1, "")
fi
AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
@@ -103,7 +103,7 @@ AC_CACHE_CHECK([for struct in6_addr], ac
)
])
if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
- AC_DEFINE(HAVE_STRUCT_IN6_ADDR)
+ AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1, "")
fi
AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
@@ -118,7 +118,7 @@ AC_CACHE_CHECK([for struct sockaddr_in6]
)
])
if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
- AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6)
+ AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1, "")
fi
AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
@@ -133,15 +133,15 @@ AC_CACHE_CHECK([for struct sockaddr_stor
)
])
if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
- AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
+ AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1, "")
fi
case "$target_os" in
solaris*)
- AC_DEFINE(N0_SIGLIST)
- AC_DEFINE(solaris)
+ AC_DEFINE(N0_SIGLIST, 1, "")
+ AC_DEFINE(solaris, 1, "")
AC_MSG_CHECKING(whether to compile in loadavg)
AC_ARG_WITH(loadavg,
@@ -153,12 +153,12 @@ solaris*)
yes)
AC_MSG_RESULT(yes)
AC_CHECK_LIB(kstat, main)
- AC_CHECK_HEADER(kstat.h, [AC_DEFINE(HAVE_KSTAT_H)])
- AC_DEFINE(HAVE_LOADAVG)
+ AC_CHECK_HEADER(kstat.h, [AC_DEFINE(HAVE_KSTAT_H, 1, "")])
+ AC_DEFINE(HAVE_LOADAVG, 1, "")
;;
*)
AC_MSG_RESULT(yes)
- AC_DEFINE(HAVE_LOADAVG)
+ AC_DEFINE(HAVE_LOADAVG, 1, "")
;;
esac ], AC_MSG_RESULT(no) )
;;
@@ -172,11 +172,11 @@ osf*)
;;
yes)
AC_MSG_RESULT(yes)
- AC_DEFINE(HAVE_LOADAVG)
+ AC_DEFINE(HAVE_LOADAVG, 1, "")
;;
*)
AC_MSG_RESULT(yes)
- AC_DEFINE(HAVE_LOADAVG)
+ AC_DEFINE(HAVE_LOADAVG, 1, "")
;;
esac ], AC_MSG_RESULT(no))
;;
@@ -191,18 +191,18 @@ linux*|freebsd*)
;;
yes)
AC_MSG_RESULT(yes)
- AC_DEFINE(HAVE_LOADAVG)
+ AC_DEFINE(HAVE_LOADAVG, 1, "")
;;
*)
AC_MSG_RESULT(yes)
- AC_DEFINE(HAVE_LOADAVG)
+ AC_DEFINE(HAVE_LOADAVG, 1, "")
;;
esac ], AC_MSG_RESULT(no))
;;
darwin* | "Mac OS"*)
ac_cv_prog_RANLIB="ranlib"
# AC_CHECK_FUNCS doesn't look in the proper header file...
- AC_DEFINE(HAVE_ISATTY)
+ AC_DEFINE(HAVE_ISATTY, 1, "")
CFLAGS="$CFLAGS -no-cpp-precomp"
AC_MSG_CHECKING(whether to compile in loadavg)
AC_ARG_WITH(loadavg,,
@@ -212,11 +212,11 @@ darwin* | "Mac OS"*)
;;
yes)
AC_MSG_RESULT(yes)
- AC_DEFINE(HAVE_LOADAVG)
+ AC_DEFINE(HAVE_LOADAVG, 1, "")
;;
*)
AC_MSG_RESULT(yes)
- AC_DEFINE(HAVE_LOADAVG)
+ AC_DEFINE(HAVE_LOADAVG, 1, "")
;;
esac ], AC_MSG_RESULT(no))
;;
@@ -229,13 +229,13 @@ darwin* | "Mac OS"*)
;;
yes)
AC_MSG_RESULT(yes)
- AC_DEFINE(bsdi)
- AC_DEFINE(HAVE_LOADAVG)
+ AC_DEFINE(bsdi, 1, "")
+ AC_DEFINE(HAVE_LOADAVG, 1, "")
;;
*)
AC_MSG_RESULT(yes)
- AC_DEFINE(bsdi)
- AC_DEFINE(HAVE_LOADAVG)
+ AC_DEFINE(bsdi, 1, "")
+ AC_DEFINE(HAVE_LOADAVG, 1, "")
;;
esac ], AC_MSG_RESULT(no))
;;
@@ -245,7 +245,7 @@ esac
AC_CHECK_LIB(c, crypt, [:], [
AC_CHECK_LIB(crypt, crypt, [
LIBS="-lcrypt $LIBS"
- AC_DEFINE(HAVE_LIBCRYPT) ], []) ])
+ AC_DEFINE(HAVE_LIBCRYPT, 1, "") ], []) ])
AC_CHECK_LIB(m, log10, [ LIBS="-lm $LIBS" ], [])
@@ -263,16 +263,16 @@ AC_ARG_WITH(libwrap,
yes)
AC_MSG_RESULT(yes)
AC_CHECK_LIB(wrap, request_init, [
- AC_DEFINE(LIBWRAP)
+ AC_DEFINE(LIBWRAP, 1, "")
WRAPLIBS="-lwrap"
- AC_DEFINE(HAVE_LIBWRAP) ])
+ AC_DEFINE(HAVE_LIBWRAP, 1, "") ])
AC_CHECK_LIB(nsl, yp_get_default_domain, [
WRAPLIBS="$WRAPLIBS -lnsl" ])
LIBS="$WRAPLIBS $LIBS"
;;
*)
AC_MSG_RESULT(yes)
- AC_DEFINE(LIBWRAP)
+ AC_DEFINE(LIBWRAP, 1, "")
if test -d "$withval"; then
WRAPLIBS="-L$withval -lwrap"
else
@@ -299,13 +299,13 @@ AC_ARG_WITH(labeled-networking,
yes)
AC_MSG_RESULT(yes)
AC_CHECK_LIB(selinux, setexeccon, [
- AC_DEFINE(LABELED_NET)
+ AC_DEFINE(LABELED_NET, 1, "")
LABELLIBS="-lselinux" ])
LIBS="$LABELLIBS $LIBS"
;;
*)
AC_MSG_RESULT(yes)
- AC_DEFINE(LABELED_NET)
+ AC_DEFINE(LABELED_NET, 1, "")
if test -d "$withval"; then
LABELLIBS="-L$withval -lselinux"
else
--- xinetd-2.3.14/aclocal.m4 2003-02-19 18:29:27.000000000 +0100
+++ xinetd-2.3.14-mod/aclocal.m4 2009-07-29 10:10:03.000000000 +0200
@@ -22,6 +22,6 @@ AC_CACHE_VAL(xinetd_cv_type_$1,
#endif], xinetd_cv_type_$1=yes, xinetd_cv_type_$1=no)])dnl
AC_MSG_RESULT($xinetd_cv_type_$1)
if test $xinetd_cv_type_$1 = no; then
- AC_DEFINE($1, $2)
+ AC_DEFINE($1, $2, "")
fi
])

29
xinetd-2.3.14-bind-ipv6.patch Normal file
View File

@ -0,0 +1,29 @@
--- xinetd-2.3.14/xinetd/service.c.old 2007-05-16 15:33:41.000000000 +0200
+++ xinetd-2.3.14/xinetd/service.c 2007-05-16 15:29:53.000000000 +0200
@@ -335,6 +335,15 @@
if ( SVC_FD(sp) == -1 )
{
+ if (SC_BIND_ADDR(scp) == NULL && SC_IPV6( scp ))
+ {
+ /* there was no bind address configured and IPv6 fails. Try IPv4 */
+ msg( LOG_NOTICE, func, "IPv6 socket creation failed for service %s, trying IPv4", SC_ID( scp ) ) ;
+ M_CLEAR(SC_XFLAGS(scp), SF_IPV6);
+ M_SET(SC_XFLAGS(scp), SF_IPV4);
+ return svc_activate(sp);
+ }
+
msg( LOG_ERR, func,
"socket creation failed (%m). service = %s", SC_ID( scp ) ) ;
return( FAILED ) ;
--- xinetd-2.3.14/xinetd/confparse.c.old 2007-05-16 15:33:26.000000000 +0200
+++ xinetd-2.3.14/xinetd/confparse.c 2007-05-16 15:15:22.000000000 +0200
@@ -245,7 +245,7 @@
M_SET(SC_XFLAGS(scp), SF_IPV6);
}
else
- M_SET(SC_XFLAGS(scp), SF_IPV4);
+ M_SET(SC_XFLAGS(scp), SF_IPV6); /*try bind IPv6 by default*/
}
if (SC_ORIG_BIND_ADDR(scp))

10
xinetd-2.3.14-clean-pfd.patch Normal file
View File

@ -0,0 +1,10 @@
--- xinetd-2.3.14/xinetd/service.c.orig 2010-03-18 17:09:20.000000000 +0100
+++ xinetd-2.3.14/xinetd/service.c 2010-03-18 17:09:37.000000000 +0100
@@ -470,6 +470,7 @@ void svc_deactivate( struct service *sp
{
#ifdef HAVE_POLL
SVC_EVENTS( sp ) = 0;
+ SVC_FD( sp ) = 0;
#else
FD_CLR( SVC_FD( sp ), &ps.rws.socket_mask ) ;
#endif /* HAVE_POLL */

126
xinetd-2.3.14-file-limit.patch Normal file
View File

@ -0,0 +1,126 @@
diff -Nurp xinetd-2.3.14-orig/xinetd/attr.h xinetd-2.3.14-files/xinetd/attr.h
--- xinetd-2.3.14-orig/xinetd/attr.h 2005-10-05 19:15:33.000000000 +0200
+++ xinetd-2.3.14-files/xinetd/attr.h 2009-10-20 13:08:45.000000000 +0200
@@ -61,12 +61,13 @@
#define A_DISABLED 43
#define A_MDNS 44
#define A_LIBWRAP 45
+#define A_RLIMIT_FILES 46
/*
* SERVICE_ATTRIBUTES is the number of service attributes and also
* the number from which defaults-only attributes start.
*/
-#define SERVICE_ATTRIBUTES ( A_MDNS + 1 )
+#define SERVICE_ATTRIBUTES ( A_MDNS + 2 )
/*
* Mask of attributes that must be specified.
diff -Nurp xinetd-2.3.14-orig/xinetd/child.c xinetd-2.3.14-files/xinetd/child.c
--- xinetd-2.3.14-orig/xinetd/child.c 2009-10-20 13:07:34.000000000 +0200
+++ xinetd-2.3.14-files/xinetd/child.c 2009-10-20 13:10:16.000000000 +0200
@@ -109,6 +109,10 @@ void exec_server( const struct server *s
#ifdef RLIMIT_NOFILE
+ if ( SC_RLIM_FILES( scp ))
+ {
+ ps.ros.max_descriptors = SC_RLIM_FILES( scp );
+ }
rl.rlim_max = rl.rlim_cur = ps.ros.max_descriptors ;
(void) setrlimit( RLIMIT_NOFILE, &rl ) ;
#endif
diff -Nurp xinetd-2.3.14-orig/xinetd/parse.c xinetd-2.3.14-files/xinetd/parse.c
--- xinetd-2.3.14-orig/xinetd/parse.c 2005-10-05 19:15:33.000000000 +0200
+++ xinetd-2.3.14-files/xinetd/parse.c 2009-10-20 13:08:45.000000000 +0200
@@ -92,6 +92,9 @@ static const struct attribute service_at
#ifdef RLIMIT_DATA
{ "rlimit_data", A_RLIMIT_DATA, 1, rlim_data_parser },
#endif
+#ifdef RLIMIT_NOFILE
+ { "rlimit_files", A_RLIMIT_FILES, 1, rlim_files_parser },
+#endif
#ifdef RLIMIT_RSS
{ "rlimit_rss", A_RLIMIT_RSS, 1, rlim_rss_parser },
#endif
diff -Nurp xinetd-2.3.14-orig/xinetd/parsers.c xinetd-2.3.14-files/xinetd/parsers.c
--- xinetd-2.3.14-orig/xinetd/parsers.c 2005-10-05 23:45:41.000000000 +0200
+++ xinetd-2.3.14-files/xinetd/parsers.c 2009-10-20 13:08:45.000000000 +0200
@@ -1415,6 +1415,29 @@ status_e rlim_data_parser( pset_h values
}
#endif
+#ifdef RLIMIT_NOFILE
+status_e rlim_files_parser( pset_h values,
+ struct service_config *scp,
+ enum assign_op op )
+{
+ char *mem = (char *) pset_pointer( values, 0 ) ;
+ const char *func = "rlim_files_parser" ;
+
+ if ( EQ( mem, "UNLIMITED" ) )
+ SC_RLIM_FILES(scp) = (rlim_t)RLIM_INFINITY ;
+ else
+ {
+ if ( get_limit ( mem, &SC_RLIM_FILES(scp)) )
+ {
+ parsemsg( LOG_ERR, func,
+ "Max files limit is invalid: %s", mem ) ;
+ return( FAILED ) ;
+ }
+ }
+ return( OK ) ;
+}
+#endif
+
#ifdef RLIMIT_RSS
status_e rlim_rss_parser( pset_h values,
struct service_config *scp,
diff -Nurp xinetd-2.3.14-orig/xinetd/parsers.h xinetd-2.3.14-files/xinetd/parsers.h
--- xinetd-2.3.14-orig/xinetd/parsers.h 2005-10-05 19:15:33.000000000 +0200
+++ xinetd-2.3.14-files/xinetd/parsers.h 2009-10-20 13:08:45.000000000 +0200
@@ -57,6 +57,9 @@ status_e rlim_cpu_parser(pset_h, struct
#ifdef RLIMIT_DATA
status_e rlim_data_parser(pset_h, struct service_config *, enum assign_op) ;
#endif
+#ifdef RLIMIT_NOFILE
+status_e rlim_files_parser(pset_h, struct service_config *, enum assign_op) ;
+#endif
#ifdef RLIMIT_RSS
status_e rlim_rss_parser(pset_h, struct service_config *, enum assign_op) ;
#endif
diff -Nurp xinetd-2.3.14-orig/xinetd/sconf.h xinetd-2.3.14-files/xinetd/sconf.h
--- xinetd-2.3.14-orig/xinetd/sconf.h 2009-10-20 13:07:34.000000000 +0200
+++ xinetd-2.3.14-files/xinetd/sconf.h 2009-10-20 13:08:45.000000000 +0200
@@ -143,6 +143,7 @@ struct service_config
rlim_t sc_rlim_as;
rlim_t sc_rlim_cpu;
rlim_t sc_rlim_data;
+ rlim_t sc_rlim_files;
rlim_t sc_rlim_rss;
rlim_t sc_rlim_stack;
mode_t sc_umask;
@@ -191,6 +192,7 @@ struct service_config
#define SC_RLIM_AS( scp ) (scp)->sc_rlim_as
#define SC_RLIM_CPU( scp ) (scp)->sc_rlim_cpu
#define SC_RLIM_DATA( scp ) (scp)->sc_rlim_data
+#define SC_RLIM_FILES( scp ) (scp)->sc_rlim_files
#define SC_RLIM_RSS( scp ) (scp)->sc_rlim_rss
#define SC_RLIM_STACK( scp ) (scp)->sc_rlim_stack
#define SC_TYPE( scp ) (scp)->sc_type
diff -Nurp xinetd-2.3.14-orig/xinetd/xinetd.conf.man xinetd-2.3.14-files/xinetd/xinetd.conf.man
--- xinetd-2.3.14-orig/xinetd/xinetd.conf.man 2009-10-20 13:07:34.000000000 +0200
+++ xinetd-2.3.14-files/xinetd/xinetd.conf.man 2009-10-20 13:08:45.000000000 +0200
@@ -569,6 +569,12 @@ is implemented, it is more useful to set
rlimit_rss and rlimit_stack. This resource limit is only implemented on
Linux systems.
.TP
+.B rlimit_files
+Sets the maximum number of open files that the service may use.
+One parameter is required, which is a positive integer representing
+the number of open file descriptors. Practical limit of this number
+is around 1024000.
+.TP
.B rlimit_cpu
Sets the maximum number of CPU seconds that the service may use.
One parameter is required, which is either a positive integer representing

22
xinetd-2.3.14-fix-type-punned-ptr.patch Normal file
View File

@ -0,0 +1,22 @@
diff --git a/sensor.c b/sensor.c
index 09d0877..e65018c 100644
--- a/xinetd/sensor.c
+++ b/xinetd/sensor.c
@@ -100,14 +100,15 @@ void process_sensor( const struct service *sp, const union xsockaddr *addr)
{
/* Here again, eh?...update time stamp. */
char *exp_time;
- time_t stored_time;
+ int stored_time;
item_matched--; /* Is # plus 1, to even get here must be >= 1 */
exp_time = pset_pointer( global_no_access_time, item_matched ) ;
if (exp_time == NULL)
return ;
- if ( parse_base10(exp_time, (int *)&stored_time) )
+ /* FIXME: Parse (long int) instead of (int) prior to possible Y2K38 bug. */
+ if ( parse_base10(exp_time, &stored_time ) )
{ /* if never let them off, bypass */
if (stored_time != -1)
{

42
xinetd-2.3.14-ident-bind.patch Normal file
View File

@ -0,0 +1,42 @@
448069: xinetd: socket bind: Invalid argument (errno = 22) when using USERID on ipv6
Use right size of addresses in bind() call. Also use getpeername addresses when
connecting to ident service to prevent address family mismatch between socket(),
bind() and connect() calls.
Author: Jan Safranek <jsafrane@redhat.com>
Reviewed-By: Adam Tkac <atkac@redhat.com>
diff -up xinetd-2.3.14/xinetd/ident.c.orig xinetd-2.3.14/xinetd/ident.c
--- xinetd-2.3.14/xinetd/ident.c.orig 2008-05-29 16:30:19.000000000 +0200
+++ xinetd-2.3.14/xinetd/ident.c 2008-05-29 16:29:57.000000000 +0200
@@ -97,7 +98,13 @@ idresult_e log_remote_user( const struct
}
CLEAR( sin_contact );
- sin_remote = *CONN_XADDRESS( SERVER_CONNECTION( serp ) ) ;
+
+ sin_len = sizeof( sin_remote );
+ if ( getpeername( SERVER_FD( serp ), &sin_remote.sa, &sin_len ) == -1 )
+ {
+ msg( LOG_ERR, func, "(%d) getpeername: %m", getpid() ) ;
+ return( IDR_ERROR ) ;
+ }
sin_contact = sin_remote;
memcpy( &sin_bind, &sin_local, sizeof(sin_bind) ) ;
local_port = 0;
@@ -121,7 +128,13 @@ idresult_e log_remote_user( const struct
msg( LOG_ERR, func, "socket creation: %m" ) ;
return( IDR_ERROR ) ;
}
- if ( bind(sd, &sin_bind.sa, sizeof(sin_bind.sa)) == -1 )
+
+ if ( sin_bind.sa.sa_family == AF_INET )
+ sin_len = sizeof( sin_bind.sa_in ) ;
+ else
+ sin_len = sizeof( sin_bind.sa_in6 ) ;
+
+ if ( bind(sd, &sin_bind.sa, sin_len) == -1 )
{
msg( LOG_ERR, func, "socket bind: %m" ) ;
(void) Sclose( sd ) ;

22
xinetd-2.3.14-instances.patch Normal file
View File

@ -0,0 +1,22 @@
--- xinetd-2.3.14/xinetd/access.c 2005-10-05 19:15:33.000000000 +0200
+++ xinetd-2.3.14-mod/xinetd/access.c 2012-03-05 14:54:30.935416926 +0100
@@ -73,6 +73,7 @@ static void cps_service_restart(void)
unsigned int i;
time_t nowtime;
const char *func = "cps_service_restart";
+ int rs;
nowtime = time(NULL);
for( i=0; i < pset_count( SERVICES(ps) ); i++ ) {
@@ -84,8 +85,11 @@ static void cps_service_restart(void)
if( SVC_STATE(sp) == SVC_DISABLED ) {
scp = SVC_CONF( sp );
if ( SC_TIME_REENABLE(scp) <= nowtime ) {
+ rs = SVC_RUNNING_SERVERS(sp);
/* re-enable the service */
if( svc_activate(sp) == OK ) {
+ /* remember running servers after restart */
+ SVC_RUNNING_SERVERS(sp) = rs;
msg(LOG_ERR, func,
"Activating service %s", SC_NAME(scp));
} else {

17
xinetd-2.3.14-ipv6confusion.patch Normal file
View File

@ -0,0 +1,17 @@
--- xinetd-2.3.14/xinetd/ident.c.jw 2010-03-10 17:49:53.000000000 +1100
+++ xinetd-2.3.14/xinetd/ident.c 2010-03-10 17:50:30.000000000 +1100
@@ -108,12 +108,12 @@
memcpy( &sin_bind, &sin_local, sizeof(sin_bind) ) ;
local_port = 0;
remote_port = 0;
- if( sin_remote.sa.sa_family == AF_INET ) {
+ if( sin_remote.sa.sa_family == AF_INET6 ) {
local_port = ntohs( sin_local.sa_in6.sin6_port ) ;
remote_port = ntohs( sin_remote.sa_in6.sin6_port ) ;
sin_contact.sa_in6.sin6_port = htons( IDENTITY_SERVICE_PORT ) ;
sin_bind.sa_in.sin_port = 0 ;
- } else if( sin_remote.sa.sa_family == AF_INET6 ) {
+ } else if( sin_remote.sa.sa_family == AF_INET ) {
local_port = ntohs( sin_local.sa_in.sin_port ) ;
remote_port = ntohs( sin_remote.sa_in.sin_port ) ;
sin_contact.sa_in.sin_port = htons( IDENTITY_SERVICE_PORT ) ;

41
xinetd-2.3.14-leaking-fds-2a.patch Normal file
View File

@ -0,0 +1,41 @@
diff -Naur xinetd-2.3.14-dist/xinetd/service.c xinetd-2.3.14/xinetd/service.c
--- xinetd-2.3.14-dist/xinetd/service.c 2012-04-03 08:59:19.000000000 +0200
+++ xinetd-2.3.14/xinetd/service.c 2012-04-03 09:02:34.588160317 +0200
@@ -366,12 +366,24 @@
msg( LOG_ERR, func,
"socket creation failed (%m). service = %s", SC_ID( scp ) ) ;
+#ifdef HAVE_POLL
+ SVC_EVENTS( sp ) = 0;
+ SVC_FD( sp ) = 0;
+#else
+ FD_CLR( SVC_FD( sp ), &ps.rws.socket_mask ) ;
+#endif /* HAVE_POLL */
return( FAILED ) ;
}
if ( set_fd_modes( sp ) == FAILED )
{
(void) Sclose( SVC_FD(sp) ) ;
+#ifdef HAVE_POLL
+ SVC_EVENTS( sp ) = 0;
+ SVC_FD( sp ) = 0;
+#else
+ FD_CLR( SVC_FD( sp ), &ps.rws.socket_mask ) ;
+#endif /* HAVE_POLL */
return( FAILED ) ;
}
@@ -385,6 +397,12 @@
if ( status == FAILED )
{
(void) Sclose( SVC_FD(sp) ) ;
+#ifdef HAVE_POLL
+ SVC_EVENTS( sp ) = 0;
+ SVC_FD( sp ) = 0;
+#else
+ FD_CLR( SVC_FD( sp ), &ps.rws.socket_mask ) ;
+#endif /* HAVE_POLL */
return( FAILED ) ;
}

52
xinetd-2.3.14-leaking-fds.patch Normal file
View File

@ -0,0 +1,52 @@
diff -up xinetd-2.3.14-dist/xinetd/service.c xinetd-2.3.14/xinetd/service.c
--- xinetd-2.3.14-dist/xinetd/service.c 2012-01-11 11:50:43.438650900 +0100
+++ xinetd-2.3.14/xinetd/service.c 2012-01-16 08:18:09.462620084 +0100
@@ -88,6 +88,7 @@ struct service *svc_new( struct service_
CLEAR( *sp ) ;
SVC_CONF(sp) = scp ;
+ sp->svc_pfd_index = -1;
return( sp ) ;
}
@@ -346,7 +347,16 @@ status_e svc_activate( struct service *s
ps.rws.pfds_last)*sizeof(struct pollfd));
ps.rws.pfd_array = tmp;
}
- SVC_POLLFD( sp ) = &ps.rws.pfd_array[ps.rws.pfds_last++] ;
+ if ( sp->svc_pfd_index >= 0 )
+ {
+ SVC_POLLFD( sp ) = &ps.rws.pfd_array[sp->svc_pfd_index] ;
+ }
+ else
+ {
+ sp->svc_pfd_index = ps.rws.pfds_last ;
+ SVC_POLLFD( sp ) = &ps.rws.pfd_array[ps.rws.pfds_last++] ;
+ }
+
#endif /* HAVE_POLL */
if( SC_IPV4( scp ) ) {
@@ -433,6 +443,11 @@ status_e svc_activate( struct service *s
static void deactivate( const struct service *sp )
{
(void) Sclose( SVC_FD( sp ) ) ;
+#ifdef HAVE_POLL
+ SVC_FD( sp ) = 0;
+#else
+ FD_CLR( SVC_FD( sp ), &ps.rws.socket_mask ) ;
+#endif
#ifdef HAVE_MDNS
xinetd_mdns_deregister(SVC_CONF(sp));
diff -up xinetd-2.3.14-dist/xinetd/service.h xinetd-2.3.14/xinetd/service.h
--- xinetd-2.3.14-dist/xinetd/service.h 2012-01-11 11:50:43.418650925 +0100
+++ xinetd-2.3.14/xinetd/service.h 2012-01-16 08:02:59.667553008 +0100
@@ -47,6 +47,7 @@ struct service
{
state_e svc_state ;
int svc_ref_count ; /* # of pters to this struct */
+ int svc_pfd_index; /* index of pfd in pfd_array */
struct service_config *svc_conf ; /* service configuration */
#ifdef HAVE_POLL

16
xinetd-2.3.14-man-section.patch Normal file
View File

@ -0,0 +1,16 @@
117746: xinetd.log man page in wrong section
Put xinetd.log to the right man section.
diff -up xinetd-2.3.13/Makefile.in.orig xinetd-2.3.13/Makefile.in
--- xinetd-2.3.13/Makefile.in.orig 2007-12-06 10:58:32.000000000 +0100
+++ xinetd-2.3.13/Makefile.in 2008-01-15 13:39:38.000000000 +0100
@@ -80,7 +80,7 @@ install: build
$(INSTALL_CMD) -m 755 xinetd/itox $(DAEMONDIR)
$(INSTALL_CMD) -m 755 $(SRCDIR)/xinetd/xconv.pl $(DAEMONDIR)
$(INSTALL_CMD) -m 644 $(SRCDIR)/xinetd/xinetd.conf.man $(MANDIR)/man5/xinetd.conf.5
- $(INSTALL_CMD) -m 644 $(SRCDIR)/xinetd/xinetd.log.man $(MANDIR)/man8/xinetd.log.8
+ $(INSTALL_CMD) -m 644 $(SRCDIR)/xinetd/xinetd.log.man $(MANDIR)/man5/xinetd.log.5
$(INSTALL_CMD) -m 644 $(SRCDIR)/xinetd/xinetd.man $(MANDIR)/man8/xinetd.8
$(INSTALL_CMD) -m 644 $(SRCDIR)/xinetd/itox.8 $(MANDIR)/man8/itox.8
$(INSTALL_CMD) -m 644 $(SRCDIR)/xinetd/xconv.pl.8 $(MANDIR)/man8/xconv.pl.8

27
xinetd-2.3.14-many-services.patch Normal file
View File

@ -0,0 +1,27 @@
--- xinetd-2.3.14-dist/xinetd/defs.h 2012-01-16 12:20:54.739041678 +0100
+++ xinetd-2.3.14/xinetd/defs.h 2012-01-17 08:06:56.800762230 +0100
@@ -115,8 +115,9 @@ union xsockaddr {
*/
#ifdef HAVE_POLL
-#define INIT_POLLFDS 1024
-#define MAX_POLLFDS 8192
+#define INIT_POLLFDS 4096
+/* FIXME: not used */
+#define MAX_POLLFDS 16384
#endif
/*
--- xinetd-2.3.14-dist/xinetd/service.c 2012-01-16 12:20:54.741041678 +0100
+++ xinetd-2.3.14/xinetd/service.c 2012-01-17 08:07:28.872746991 +0100
@@ -343,9 +343,9 @@ status_e svc_activate( struct service *s
out_of_memory( func );
return( FAILED );
}
+ ps.rws.pfd_array = tmp;
memset(&ps.rws.pfd_array[ps.rws.pfds_last], 0, (ps.rws.pfds_allocated-
ps.rws.pfds_last)*sizeof(struct pollfd));
- ps.rws.pfd_array = tmp;
}
if ( sp->svc_pfd_index >= 0 )
{

1202
xinetd-2.3.14-poll.patch Normal file
View File

File diff suppressed because it is too large Load Diff

77
xinetd-2.3.14-readable-debuginfo.patch Normal file
View File

@ -0,0 +1,77 @@
Generate debuginfo package with all include files readable.
The support libraries would install their header files with 640 permissions,
which is not what we want.
diff -up xinetd-2.3.14/libs/src/misc/Makefile.in.orig xinetd-2.3.14/libs/src/misc/Makefile.in
--- xinetd-2.3.14/libs/src/misc/Makefile.in.orig 2003-02-19 18:29:27.000000000 +0100
+++ xinetd-2.3.14/libs/src/misc/Makefile.in 2008-09-18 10:18:59.000000000 +0200
@@ -49,7 +49,7 @@ CC_FLAGS = $(DEBUG)
CFLAGS = @CFLAGS@ $(CPP_FLAGS) $(CC_FLAGS) -I$(INCLUDEDIR)
INSTALL = @INSTALL@
-FMODE = -m 640 # used by install
+FMODE = -m 644 # used by install
RANLIB = @RANLIB@
LIBNAME = lib$(NAME).a
diff -up xinetd-2.3.14/libs/src/portable/Makefile.in.orig xinetd-2.3.14/libs/src/portable/Makefile.in
--- xinetd-2.3.14/libs/src/portable/Makefile.in.orig 2003-02-19 18:29:27.000000000 +0100
+++ xinetd-2.3.14/libs/src/portable/Makefile.in 2008-09-18 10:19:09.000000000 +0200
@@ -44,7 +44,7 @@ CC_FLAGS = $(DEBUG)
CFLAGS = @CFLAGS@ $(CPP_FLAGS) $(CC_FLAGS) -I$(INCLUDEDIR)
INSTALL = @INSTALL@
-FMODE = -m 640 # used by install
+FMODE = -m 644 # used by install
RANLIB = @RANLIB@
LIBNAME = lib$(NAME).a
diff -up xinetd-2.3.14/libs/src/pset/Makefile.in.orig xinetd-2.3.14/libs/src/pset/Makefile.in
--- xinetd-2.3.14/libs/src/pset/Makefile.in.orig 2003-02-19 18:29:27.000000000 +0100
+++ xinetd-2.3.14/libs/src/pset/Makefile.in 2008-09-18 10:19:17.000000000 +0200
@@ -41,7 +41,7 @@ CC_FLAGS = $(DEBUG)
CFLAGS = @CFLAGS@ $(CPP_FLAGS) $(CC_FLAGS)
INSTALL = @INSTALL@
-FMODE = -m 640 # used by install
+FMODE = -m 644 # used by install
RANLIB = @RANLIB@
LIBNAME = lib$(NAME).a
diff -up xinetd-2.3.14/libs/src/sio/Makefile.in.orig xinetd-2.3.14/libs/src/sio/Makefile.in
--- xinetd-2.3.14/libs/src/sio/Makefile.in.orig 2003-02-19 18:29:27.000000000 +0100
+++ xinetd-2.3.14/libs/src/sio/Makefile.in 2008-09-18 10:19:25.000000000 +0200
@@ -40,7 +40,7 @@ CC_FLAGS = $(DEBUG)
CFLAGS = @CFLAGS@ $(CPP_FLAGS) $(CC_FLAGS) -I$(INCLUDEDIR)
INSTALL = @INSTALL@
-FMODE = -m 640 # used by install
+FMODE = -m 644 # used by install
RANLIB = @RANLIB@
LIBNAME = lib$(NAME).a
diff -up xinetd-2.3.14/libs/src/str/Makefile.in.orig xinetd-2.3.14/libs/src/str/Makefile.in
--- xinetd-2.3.14/libs/src/str/Makefile.in.orig 2003-02-19 18:29:27.000000000 +0100
+++ xinetd-2.3.14/libs/src/str/Makefile.in 2008-09-18 10:19:33.000000000 +0200
@@ -51,7 +51,7 @@ CC_FLAGS = $(DEBUG)
CFLAGS = @CFLAGS@ $(CPP_FLAGS) $(CC_FLAGS)
INSTALL = @INSTALL@
-FMODE = -m 640 # used by install
+FMODE = -m 644 # used by install
RANLIB = @RANLIB@
LIBNAME = lib$(NAME).a
diff -up xinetd-2.3.14/libs/src/xlog/Makefile.in.orig xinetd-2.3.14/libs/src/xlog/Makefile.in
--- xinetd-2.3.14/libs/src/xlog/Makefile.in.orig 2003-02-19 18:29:27.000000000 +0100
+++ xinetd-2.3.14/libs/src/xlog/Makefile.in 2008-09-18 10:19:41.000000000 +0200
@@ -46,7 +46,7 @@ CC_FLAGS = $(DEBUG)
CFLAGS = @CFLAGS@ $(CPP_FLAGS) $(CC_FLAGS)
INSTALL = @INSTALL@
-FMODE = -m 640 # used by install
+FMODE = -m 644 # used by install
RANLIB = @RANLIB@
LIBNAME = lib$(NAME).a

134
xinetd-2.3.14-realloc-remove.patch Normal file
View File

@ -0,0 +1,134 @@
diff -rup xinetd-2.3.14/xinetd/defs.h xinetd-2.3.14-mod/xinetd/defs.h
--- xinetd-2.3.14/xinetd/defs.h 2012-01-18 14:22:20.811100158 +0100
+++ xinetd-2.3.14-mod/xinetd/defs.h 2012-01-18 13:32:46.000000000 +0100
@@ -114,11 +114,7 @@ union xsockaddr {
* constants for limiting ps.rws.fd_list
*/
-#ifdef HAVE_POLL
-#define INIT_POLLFDS 4096
-/* FIXME: not used */
-#define MAX_POLLFDS 16384
-#endif
+#define MAX_FDS 4096
/*
* When explicit values are given for enum's, that is because the structures
diff -rup xinetd-2.3.14/xinetd/init.c xinetd-2.3.14-mod/xinetd/init.c
--- xinetd-2.3.14/xinetd/init.c 2012-01-18 14:22:20.779100171 +0100
+++ xinetd-2.3.14-mod/xinetd/init.c 2012-01-18 14:07:34.000000000 +0100
@@ -151,7 +151,7 @@ static void set_fd_limit(void)
}
if ( rl.rlim_max == RLIM_INFINITY )
- rl.rlim_max = FD_SETSIZE;
+ rl.rlim_max = MAX_FDS;
ps.ros.max_descriptors = rl.rlim_max ;
#else /* ! RLIMIT_NOFILE */
@@ -283,12 +283,12 @@ static void init_rw_state( void )
ps.rws.descriptors_free = ps.ros.max_descriptors - DESCRIPTORS_RESERVED ;
#ifdef HAVE_POLL
- ps.rws.pfds_allocated = INIT_POLLFDS ;
+ ps.rws.pfds_allocated = ps.ros.max_descriptors ;
ps.rws.pfd_array = (struct pollfd *)
malloc( sizeof( struct pollfd ) * ps.rws.pfds_allocated ) ;
if ( ps.rws.pfd_array == NULL )
{
- out_of_memory(func);
+ out_of_memory(func) ;
exit( 1 ) ;
}
ps.rws.pfds_last = 0 ;
diff -rup xinetd-2.3.14/xinetd/redirect.c xinetd-2.3.14-mod/xinetd/redirect.c
--- xinetd-2.3.14/xinetd/redirect.c 2012-01-18 14:22:20.780100170 +0100
+++ xinetd-2.3.14-mod/xinetd/redirect.c 2012-01-18 12:22:08.000000000 +0100
@@ -149,7 +149,7 @@ void redir_handler( struct server *serp
#ifdef HAVE_POLL
#define REDIR_DESCRIP_INDEX 0
#define REDIR_SERVER_INDEX 1
- pfd_array = (struct pollfd *)calloc(sizeof(struct pollfd),INIT_POLLFDS);
+ pfd_array = (struct pollfd *)calloc(sizeof(struct pollfd),MAX_FDS);
if (pfd_array == NULL)
{
msg( LOG_ERR, func, "Cannot allocate memory for file descriptors!\n");
diff -rup xinetd-2.3.14/xinetd/service.c xinetd-2.3.14-mod/xinetd/service.c
--- xinetd-2.3.14/xinetd/service.c 2012-01-18 14:22:20.812100157 +0100
+++ xinetd-2.3.14-mod/xinetd/service.c 2012-01-18 14:07:27.000000000 +0100
@@ -114,10 +114,6 @@ struct service *svc_make_special( struct
void svc_free( struct service *sp )
{
-#ifdef HAVE_POLL
- *SVC_POLLFD( sp ) = ps.rws.pfd_array[--ps.rws.pfds_last] ;
-#endif /* HAVE_POLL */
-
sc_free( SVC_CONF(sp) ) ;
CLEAR( *sp ) ;
FREE_SVC( sp ) ;
@@ -332,20 +328,10 @@ status_e svc_activate( struct service *s
}
#ifdef HAVE_POLL
- if ( ps.rws.pfds_last >= ps.rws.pfds_allocated )
+ if ( ps.rws.descriptors_free <= 0 )
{
- int pos;
- ps.rws.pfds_allocated += INIT_POLLFDS;
- struct pollfd *tmp = (struct pollfd *)realloc( ps.rws.pfd_array,
- ps.rws.pfds_allocated*sizeof(struct pollfd));
- if ( tmp == NULL )
- {
- out_of_memory( func );
- return( FAILED );
- }
- ps.rws.pfd_array = tmp;
- memset(&ps.rws.pfd_array[ps.rws.pfds_last], 0, (ps.rws.pfds_allocated-
- ps.rws.pfds_last)*sizeof(struct pollfd));
+ msg(LOG_ERR, func, "Maximum number of services reached") ;
+ return( FAILED ) ;
}
if ( sp->svc_pfd_index >= 0 )
{
diff -rup xinetd-2.3.14/xinetd/tcpint.c xinetd-2.3.14-mod/xinetd/tcpint.c
--- xinetd-2.3.14/xinetd/tcpint.c 2012-01-18 14:22:20.782100169 +0100
+++ xinetd-2.3.14-mod/xinetd/tcpint.c 2012-01-18 13:30:22.000000000 +0100
@@ -93,7 +93,7 @@ static void si_mux(void)
#ifdef HAVE_POLL
struct pollfd *pfd_array;
int pfds_last = 0;
- int pfds_allocated = INIT_POLLFDS;
+ int pfds_allocated = MAX_FDS;
#else
fd_set socket_mask ;
int mask_max ;
@@ -102,7 +102,7 @@ static void si_mux(void)
const char *func = "si_mux" ;
#ifdef HAVE_POLL
- pfd_array = calloc(sizeof(struct pollfd),INIT_POLLFDS);
+ pfd_array = calloc(sizeof(struct pollfd),MAX_FDS);
pfd_array[ pfds_last ].fd = INT_REMOTE( ip ) ;
pfd_array[ pfds_last++ ].events = POLLIN | POLLOUT;
#else
diff -rup xinetd-2.3.14/xinetd/udpint.c xinetd-2.3.14-mod/xinetd/udpint.c
--- xinetd-2.3.14/xinetd/udpint.c 2012-01-18 14:22:20.783100169 +0100
+++ xinetd-2.3.14-mod/xinetd/udpint.c 2012-01-18 12:22:00.000000000 +0100
@@ -103,14 +103,14 @@ static void di_mux(void)
#ifdef HAVE_POLL
struct pollfd *pfd_array;
int pfds_last = 0;
- int pfds_allocated = INIT_POLLFDS;
+ int pfds_allocated = MAX_FDS;
#else
fd_set socket_mask ;
int mask_max ;
#endif
#ifdef HAVE_POLL
- pfd_array = (struct pollfd *)calloc(sizeof(struct pollfd),INIT_POLLFDS);
+ pfd_array = (struct pollfd *)calloc(sizeof(struct pollfd),MAX_FDS);
pfd_array[ pfds_last ].fd = INT_REMOTE( ip );
pfd_array[ pfds_last++ ].events = POLLIN | POLLOUT;
#else

54
xinetd-2.3.14-retry-svc-activate-in-cps-restart.patch Normal file
View File

@ -0,0 +1,54 @@
diff -Napur xinetd-2.3.14.old/xinetd/access.c xinetd-2.3.14.new/xinetd/access.c
--- xinetd-2.3.14.old/xinetd/access.c 2005-10-05 10:15:33.000000000 -0700
+++ xinetd-2.3.14.new/xinetd/access.c 2012-02-22 20:12:09.120973124 -0800
@@ -89,9 +89,20 @@ static void cps_service_restart(void)
msg(LOG_ERR, func,
"Activating service %s", SC_NAME(scp));
} else {
- msg(LOG_ERR, func,
- "Error activating service %s",
- SC_NAME(scp)) ;
+ /* Try to restart the service */
+ SVC_ATTEMPTS(sp) += 1;
+ if ( SVC_ATTEMPTS(sp) < MAX_SVC_ATTEMPTS ) {
+ msg(LOG_ERR, func,
+ "Error activating service %s, retrying %d more time(s)...",
+ SC_NAME(scp),
+ MAX_SVC_ATTEMPTS - SVC_ATTEMPTS(sp));
+ xtimer_add(cps_service_restart, 1);
+ } else {
+ /* Give up */
+ msg(LOG_ERR, func,
+ "Error activating service %s",
+ SC_NAME(scp));
+ }
} /* else */
}
}
diff -Napur xinetd-2.3.14.old/xinetd/service.c xinetd-2.3.14.new/xinetd/service.c
--- xinetd-2.3.14.old/xinetd/service.c 2012-02-22 19:16:56.288912783 -0800
+++ xinetd-2.3.14.new/xinetd/service.c 2012-02-22 19:25:03.059356909 -0800
@@ -397,6 +408,7 @@ status_e svc_activate( struct service *s
* Initialize the service data
*/
SVC_RUNNING_SERVERS(sp) = SVC_RETRIES(sp) = 0 ;
+ SVC_ATTEMPTS(sp) = 0;
if ( SC_MUST_LISTEN( scp ) )
(void) listen( SVC_FD(sp), LISTEN_BACKLOG ) ;
diff -Napur xinetd-2.3.14.old/xinetd/xconfig.h xinetd-2.3.14.new/xinetd/xconfig.h
--- xinetd-2.3.14.old/xinetd/xconfig.h 2003-02-19 09:29:28.000000000 -0800
+++ xinetd-2.3.14.new/xinetd/xconfig.h 2012-02-22 19:20:20.360855514 -0800
@@ -59,6 +59,12 @@
#define DEFAULT_LOOP_TIME 10
/*
+ * The number of times to attempt re-activating a service after being
+ * deactivated due to the above.
+ */
+#define MAX_SVC_ATTEMPTS 30
+
+/*
* Signal-to-action mapping
*/
#ifndef RECONFIG_HARD_SIG

30
xinetd-2.3.14-rpc-specific-port.patch Normal file
View File

@ -0,0 +1,30 @@
commit 1b91f7b0f67fba11ea8bbcdddef844656434c53c
Author: Jeffrey Bastian <jbastian@redhat.com>
Date: Tue Aug 17 13:45:20 2010 -0500
Let RPC services bind to a port
diff --git a/xinetd/service.c b/xinetd/service.c
index 9f21f93..5d26885 100644
--- a/xinetd/service.c
+++ b/xinetd/service.c
@@ -165,6 +165,7 @@ static status_e activate_rpc( struct service *sp )
socklen_t sin_len = sizeof(tsin);
unsigned long vers ;
struct service_config *scp = SVC_CONF( sp ) ;
+ uint16_t service_port = SC_PORT( scp ) ;
struct rpc_data *rdp = SC_RPCDATA( scp ) ;
char *sid = SC_ID( scp ) ;
unsigned registered_versions = 0 ;
@@ -181,9 +182,11 @@ static status_e activate_rpc( struct service *sp )
}
if( SC_IPV4( scp ) ) {
tsin.sa_in.sin_family = AF_INET ;
+ tsin.sa_in.sin_port = htons( service_port ) ;
sin_len = sizeof(struct sockaddr_in);
} else if( SC_IPV6( scp ) ) {
tsin.sa_in6.sin6_family = AF_INET6 ;
+ tsin.sa_in6.sin6_port = htons( service_port );
sin_len = sizeof(struct sockaddr_in6);
}

27
xinetd-2.3.14-signal-log-hang.patch Normal file
View File

@ -0,0 +1,27 @@
--- a/xinetd/signals.c 2009-05-07 05:56:52.000000000 -0400
+++ b/xinetd/signals.c.new 2009-05-07 05:56:44.000000000 -0400
@@ -389,9 +390,11 @@
break ;
default:
- msg( LOG_NOTICE, func, "Unexpected signal %s", sig_name( sig ) ) ;
- if ( debug.on && sig == SIGINT )
- exit( 1 ) ;
+ /* Let my_handler() queue this signal for later logging.
+ Calling msg() and thus syslog() directly here can hang up
+ the process, trying to acquire an already acquired lock,
+ because another syslog() could have been the interrupted code. */
+ my_handler(sig);
}
}
@@ -495,6 +497,9 @@
default:
msg(LOG_ERR, func, "unexpected signal: %s in signal pipe",
sig_name(sig));
+
+ if ( debug.on && sig == SIGINT )
+ exit( 1 ) ;
}
}
}

16
xinetd-2.3.14-tcpmux.patch Normal file
View File

@ -0,0 +1,16 @@
--- xinetd-2.3.14/xinetd/service.c.tcpmux 2010-01-21 09:50:05.000000000 +0100
+++ xinetd-2.3.14/xinetd/service.c 2010-01-21 10:21:14.000000000 +0100
@@ -952,7 +952,12 @@ void close_all_svc_descriptors(void)
out_of_memory( "close_all_svc_descriptors" ) ;
for ( osp = SP( psi_start( iter ) ) ; osp ; osp = SP( psi_next( iter ) ) )
- (void) Sclose( SVC_FD( osp ) ) ;
+ {
+#ifdef HAVE_POLL
+ if ( osp && SVC_POLLFD( osp ) )
+#endif
+ (void) Sclose( SVC_FD( osp ) ) ;
+ }
psi_destroy( iter ) ;
}

12
xinetd-2.3.14-udp-reconfig.patch Normal file
View File

@ -0,0 +1,12 @@
--- xinetd-2.3.14/xinetd/reconfig.c.orig 2010-06-01 12:58:18.000000000 +0200
+++ xinetd-2.3.14/xinetd/reconfig.c 2010-06-01 12:58:23.000000000 +0200
@@ -138,8 +138,8 @@ void hard_reconfig( void )
* b. Terminate running servers and cancel retry attempts, in case
* of reconfiguration
*/
- svc_deactivate( osp ) ;
terminate_servers( osp ) ;
+ svc_deactivate( osp ) ;
cancel_service_retries( osp ) ;
/*

22
xinetd-2.3.15-add-pie.patch Normal file
View File

@ -0,0 +1,22 @@
--- xinetd-2.3.15/Makefile.in 2012-05-14 09:22:22.661617117 +0200
+++ xinetd-2.3.15.new/Makefile.in 2012-05-14 09:32:05.260103054 +0200
@@ -14,7 +14,7 @@ topdir = @top_srcdir@
LIBS = -lsio -lstr -lmisc -lxlog -lportable -lpset @LIBS@
-CFLAGS += @CFLAGS@
+CFLAGS += @CFLAGS@ -fpie
DCFLAGS = -Wall -Wredundant-decls -W -Wfloat-equal -Wundef -Wcast-qual -Wwrite-strings -Wmissing-noreturn -Wmissing-format-attribute -Wshadow -Wpointer-arith -Wno-unused -g
--- xinetd-2.3.15/xinetd/Makefile.in 2005-03-31 01:15:28.000000000 +0200
+++ xinetd-2.3.15.new/xinetd/Makefile.in 2012-05-14 09:32:24.183659971 +0200
@@ -119,7 +119,7 @@ itox: itox.c
$(CC) $(CFLAGS) $(DEBUG) $(SRCDIR)/itox.c -o $@ $(LDFLAGS) $(LIBS)
xinetd: $(OBJS)
- $(CC) $(CFLAGS) $(DEBUG) -o $@ $(OBJS) $(LDFLAGS) $(LIBS) || rm -f $@
+ $(CC) $(CFLAGS) $(DEBUG) -o $@ -pie $(OBJS) $(LDFLAGS) $(LIBS) || rm -f $@
clean:
rm -f $(OBJS) $(NAME) core itox

106
xinetd-2.3.15-bad-port-check.patch Normal file
View File

@ -0,0 +1,106 @@
Re-introduce bad_port_check(), which upstream dropped between 2.3.13 and 2.3.14
for it having been "rather antiquated for years", with no justification given
for that claim.
--- xinetd-2.3.15/xinetd/builtins.c 2012-05-09 17:40:29.000000000 +0200
+++ xinetd-2.3.15.new/xinetd/builtins.c 2012-05-14 10:25:00.431529805 +0200
@@ -52,6 +52,7 @@ static void dgram_daytime(const struct s
static void stream_chargen(const struct server *) ;
static void dgram_chargen(const struct server *) ;
static void tcpmux_handler(const struct server *) ;
+static int bad_port_check(const union xsockaddr *, const char *);
/*
* SG - This is the call sequence to get to a built-in service
@@ -163,6 +164,25 @@ static void stream_echo( const struct se
Sclose(descriptor);
}
+/* For internal UDP services, make sure we don't respond to our ports
+ * on other servers and to low ports of other services (such as DNS).
+ * This can cause looping.
+ */
+static int bad_port_check( const union xsockaddr *sa, const char *func )
+{
+ uint16_t port = 0;
+
+ port = ntohs( xaddrport( sa ) );
+
+ if ( port < 1024 ) {
+ msg(LOG_WARNING, func,
+ "Possible Denial of Service attack from %s %d", xaddrname(sa), port);
+ return (-1);
+ }
+
+ return (0);
+}
+
static void dgram_echo( const struct server *serp )
{
char buf[ DATAGRAM_SIZE ] ;
@@ -170,6 +190,7 @@ static void dgram_echo( const struct ser
ssize_t cc ;
socklen_t sin_len = 0;
int descriptor = SERVER_FD( serp ) ;
+ const char *func = "dgram_echo" ;
if( SC_IPV4( SVC_CONF( SERVER_SERVICE( serp ) ) ) )
sin_len = sizeof( struct sockaddr_in );
@@ -178,6 +199,7 @@ static void dgram_echo( const struct ser
cc = recvfrom( descriptor, buf, sizeof( buf ), 0, (struct sockaddr *)( &lsin ), &sin_len ) ;
if ( cc != (ssize_t)-1 ) {
+ if( bad_port_check(&lsin, func) != 0 ) return;
(void) sendto( descriptor, buf, (size_t)cc, 0, SA( &lsin ), sizeof( lsin ) ) ;
}
}
@@ -292,6 +314,7 @@ static void dgram_daytime( const struct
unsigned int buflen = sizeof( time_buf ) ;
int descriptor = SERVER_FD( serp ) ;
ssize_t val;
+ const char *func = "dgram_daytime" ;
if ( SC_IPV4( SVC_CONF( SERVER_SERVICE( serp ) ) ) )
sin_len = sizeof( struct sockaddr_in );
@@ -303,6 +326,8 @@ static void dgram_daytime( const struct
if ( val == (ssize_t)-1 )
return ;
+ if( bad_port_check(&lsin, func) != 0 ) return;
+
daytime_protocol( time_buf, &buflen ) ;
(void) sendto( descriptor, time_buf, buflen, 0, SA(&lsin), sizeof( lsin ) ) ;
@@ -359,6 +384,7 @@ static void dgram_time( const struct ser
socklen_t sin_len = 0 ;
int fd = SERVER_FD( serp ) ;
ssize_t val;
+ const char *func = "dgram_time" ;
if ( SC_IPV4( SVC_CONF( SERVER_SERVICE( serp ) ) ) )
sin_len = sizeof( struct sockaddr_in );
@@ -368,6 +394,7 @@ static void dgram_time( const struct ser
val = recvfrom( fd, buf, sizeof( buf ), 0, (struct sockaddr *)( &lsin ), &sin_len );
if ( val == (ssize_t)-1 )
return ;
+ if( bad_port_check(&lsin, func) != 0 ) return;
time_protocol( time_buf ) ;
(void) sendto( fd, (char *) time_buf, 4, 0, SA( &lsin ), sin_len ) ;
@@ -466,6 +493,7 @@ static void dgram_chargen( const struct
int fd = SERVER_FD( serp ) ;
unsigned int left = sizeof( buf ) ;
ssize_t val;
+ const char *func = "dgram_chargen" ;
if ( SC_IPV4( SVC_CONF( SERVER_SERVICE( serp ) ) ) )
sin_len = sizeof( struct sockaddr_in );
@@ -480,6 +508,8 @@ static void dgram_chargen( const struct
bad_variable = 1 ; /* this will cause a compilation error */
#endif
+ if( bad_port_check(&lsin, func) != 0 ) return;
+
for ( p = buf ; left > 2 ; left -= len, p += len )
{
len = min( LINE_LENGTH+2, left ) ;

11
xinetd-2.3.15-context-exepath.patch Normal file
View File

@ -0,0 +1,11 @@
--- xinetd-2.3.15/xinetd/child.c 2013-06-25 14:12:24.599767760 +0200
+++ xinetd-2.3.15/xinetd/child.c.new 2013-06-25 14:14:57.463905500 +0200
@@ -532,7 +532,7 @@ static int set_context_from_socket( cons
if (getpeercon(fd, &peer_context) < 0)
goto fail;
- exepath = SC_SERVER_ARGV( scp )[0];
+ exepath = SC_SERVER( scp );
if (getfilecon(exepath, &exec_context) < 0)
goto fail;

15
xinetd-2.3.15-creds.patch Normal file
View File

@ -0,0 +1,15 @@
Patch by Thomas Swan <thomas.swan@gmail.com>
diff --git a/xinetd/builtins.c b/xinetd/builtins.c
index e61502f..a414cf3 100644
--- a/xinetd/builtins.c
+++ b/xinetd/builtins.c
@@ -695,7 +695,7 @@ static void tcpmux_handler( const struct server *serp )
if( SC_IS_INTERNAL( scp ) ) {
SC_INTERNAL(scp, nserp);
} else {
- exec_server(nserp);
+ child_process(nserp);
}
}

22
xinetd-2.3.15-pie.patch Normal file
View File

@ -0,0 +1,22 @@
--- xinetd-2.3.15/Makefile.in 2012-05-14 09:22:22.661617117 +0200
+++ xinetd-2.3.15.new/Makefile.in 2012-05-14 09:32:05.260103054 +0200
@@ -14,7 +14,7 @@ topdir = @top_srcdir@
LIBS = -lsio -lstr -lmisc -lxlog -lportable -lpset @LIBS@
-CFLAGS += @CFLAGS@
+CFLAGS += @CFLAGS@ -fpie
DCFLAGS = -Wall -Wredundant-decls -W -Wfloat-equal -Wundef -Wcast-qual -Wwrite-strings -Wmissing-noreturn -Wmissing-format-attribute -Wshadow -Wpointer-arith -Wno-unused -g
--- xinetd-2.3.15/xinetd/Makefile.in 2005-03-31 01:15:28.000000000 +0200
+++ xinetd-2.3.15.new/xinetd/Makefile.in 2012-05-14 09:32:24.183659971 +0200
@@ -119,7 +119,7 @@ itox: itox.c
$(CC) $(CFLAGS) $(DEBUG) $(SRCDIR)/itox.c -o $@ $(LDFLAGS) $(LIBS)
xinetd: $(OBJS)
- $(CC) $(CFLAGS) $(DEBUG) -o $@ $(OBJS) $(LDFLAGS) $(LIBS) || rm -f $@
+ $(CC) $(CFLAGS) $(DEBUG) -o $@ -pie $(OBJS) $(LDFLAGS) $(LIBS) || rm -f $@
clean:
rm -f $(OBJS) $(NAME) core itox

50
xinetd-2.3.15-tcpmux-nameinargs-disable-service.patch Normal file
View File

@ -0,0 +1,50 @@
Xinetd parses and applies its configuration line by line. If a user wants to
specify NAMEINARGS as a flag, it has to be *before* specifying 'server_args'.
Author: Jan Synacek <jsynacek@redhat.com>
Resolves: #1033528
--- a/xinetd/parse.c 2013-11-21 10:51:25.025436376 +0100
+++ b/xinetd/parse.c 2013-11-21 14:45:44.374121057 +0100
@@ -633,7 +633,28 @@ static status_e identify_attribute( entr
if ( (*ap->a_parser)( attr_values, scp, op ) == OK )
{ /* This is the normal path. */
- SC_SPECIFY( scp, ap->a_id ) ;
+ /* If flags contain NAMEINARGS and server_args is already set, disable the service.
+ Server args are already set incorrectly. */
+ if ( strcmp( ap->a_name, "flags" ) == 0 &&
+ SC_SERVER_ARGV( scp ) )
+ {
+ int i = 0, n = pset_count( attr_values ) ;
+ for ( ; i < n ; i++ ) {
+ char *v = (char *)pset_pointer( attr_values, i ) ;
+ if ( strcmp( v, "NAMEINARGS" ) == 0 )
+ break ;
+ }
+
+ if ( i != n ) {
+ parsemsg( LOG_ERR, func,
+ "NAMEINARGS flag is set after server_args - DISABLING SERVICE" ) ;
+ SC_DISABLE( scp ) ;
+ }
+ }
+ else
+ {
+ SC_SPECIFY( scp, ap->a_id ) ;
+ }
}
else if ( entry_type == SERVICE_ENTRY )
{
--- a/xinetd/xinetd.conf.man 2013-12-03 10:06:35.717977075 +0100
+++ b/xinetd/xinetd.conf.man 2013-12-03 10:41:14.779089430 +0100
@@ -106,7 +106,8 @@
This will cause the first argument in "server_args" to be argv[0] when
executing the server, as specified in "server". This allows you to use
tcpd by putting tcpd in "server" and the name of the server in "server_args"
-like in normal inetd.
+like in normal inetd. This flag has to be specified before "server_args",
+otherwise is not taken into account.
.TP
.B NODELAY
If the service is a tcp service and the NODELAY flag is set, then the

37
xinetd-2.3.15-udp-wait.patch Normal file
View File

@ -0,0 +1,37 @@
Resolves: #1567239
--- a/xinetd/confparse.c 2018-05-04 11:00:11.019748833 +0200
+++ b/xinetd/confparse.c 2018-05-04 11:49:26.519996478 +0200
@@ -860,6 +860,14 @@ static status_e check_entry( struct serv
}
}
+ if ( SC_SOCKET_TYPE(scp) == SOCK_DGRAM && !SC_WAITS(scp) )
+ {
+ msg( LOG_ERR, func,
+ "Service %s has socket_type dgram, but does not wait",
+ SC_NAME(scp) );
+ return FAILED;
+ }
+
if ( service_attr_check( scp ) == FAILED )
return( FAILED ) ;
--- a/xinetd/main.c 2018-05-04 10:02:11.999315632 +0200
+++ b/xinetd/main.c 2018-05-04 10:03:44.124500979 +0200
@@ -296,6 +296,7 @@ static void find_bad_fd(void)
SVC_ID( sp ) ) ;
svc_deactivate( sp ) ;
found = TRUE ;
+ bad_fd_count++ ;
break ;
}
}
@@ -303,6 +304,7 @@ static void find_bad_fd(void)
{
#ifdef HAVE_POLL
ps.rws.pfd_array[fd].events = 0;
+ ps.rws.pfd_array[fd].fd = -1;
#else
FD_CLR( fd, &ps.rws.socket_mask ) ;
#endif

BIN
xinetd-2.3.15.tar.gz Normal file
View File

Binary file not shown.

16
xinetd.service Normal file
View File

@ -0,0 +1,16 @@
[Unit]
Description=Xinetd A Powerful Replacement For Inetd
After=syslog.target network.target
Documentation=man:xinetd
Documentation=man:xinetd.conf
Documentation=man:xinetd.log
[Service]
Type=forking
PIDFile=/var/run/xinetd.pid
ExecStart=/usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
ExecReload=/usr/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target

117
xinetd.spec Normal file
View File

@ -0,0 +1,117 @@
Name: xinetd
Epoch: 2
Version: 2.3.15
Release: 28
Summary: A super-server daemon that manages Internet-based connectivity
License: xinetd
URL: https://github.com/xinetd-org/xinetd
Source0: %{name}-%{version}.tar.gz
Source1: xinetd.service
#patches from the opensource fedora/redhat repository
Patch0001: xinetd-2.3.15-add-pie.patch
Patch0002: xinetd-2.3.14-bind-ipv6.patch
Patch0003: xinetd-2.3.14-man-section.patch
Patch0004: xinetd-2.3.14-ident-bind.patch
Patch0005: xinetd-2.3.14-readable-debuginfo.patch
Patch0006: xinetd-2.3.14-autoconf.patch
Patch0007: xinetd-2.3.14-poll.patch
Patch0008: xinetd-2.3.14-file-limit.patch
Patch0009: xinetd-2.3.14-tcpmux.patch
Patch0010: xinetd-2.3.14-clean-pfd.patch
Patch0011: xinetd-2.3.14-ipv6confusion.patch
Patch0012: xinetd-2.3.14-udp-reconfig.patch
Patch0013: xinetd-2.3.14-rpc-specific-port.patch
Patch0014: xinetd-2.3.14-signal-log-hang.patch
Patch0015: xinetd-2.3.14-fix-type-punned-ptr.patch
Patch0016: xinetd-2.3.14-leaking-fds.patch
Patch0017: xinetd-2.3.14-many-services.patch
Patch0018: xinetd-2.3.14-realloc-remove.patch
Patch0019: xinetd-2.3.14-leaking-fds-2a.patch
Patch0020: xinetd-2.3.14-instances.patch
Patch0021: xinetd-2.3.14-retry-svc-activate-in-cps-restart.patch
Patch0022: xinetd-2.3.15-bad-port-check.patch
Patch0023: xinetd-2.3.15-context-exepath.patch
Patch0024: xinetd-2.3.15-creds.patch
Patch0025: xinetd-2.3.15-tcpmux-nameinargs-disable-service.patch
Patch0026: xinetd-2.3.15-udp-wait.patch
#backport patches
Patch6001: connection.c-fix-pointer-dereference-before-NULL-che.patch
Patch6002: tcpint.c-fix-memleak.patch
Patch6003: inet.c-avoid-using-pointer-after-free.patch
Patch6004: service.c-avoid-dereferencing-NULL-pointer.patch
Patch6005: sconf.c-fix-possible-memleak.patch
BuildRequires: autoconf automake libtirpc-devel libselinux-devel >= 1.30 systemd-units
Requires: filesystem >= 2.0.1 setup
Requires(post): systemd-sysv systemd-units
Requires(preun): systemd-units systemd-units
Provides: inetd
%description
xinetd is a powerful replacement for inetd.
xinetd has access control mechanisms, extensive logging capabilities,
the ability to make services available based on time, can place
limits on the number of servers that can be started, and has deployable
defence mechanisms to protect against port scanners, among other things.
xinetd listens for incoming requests over a network and launches the
appropriate service for that request. Requests are made using port numbers
as identifiers and xinetd usually launches another daemon to handle the
request. It can be used to start services with both privileged and
non-privileged port numbers.
%package help
Summary: Help package for %{name}, containing some readme, man, etc. files
%description help
This is the help package for %{name} package. It includes some readme, man and other
related files.
%prep
%autosetup -n %{name}-%{version} -p1
%build
aclocal
autoconf
%configure --with-loadavg --with-inet6 --with-labeled-networking
make CFLAGS="$CFLAGS $(pkg-config --cflags libtirpc)" LDFLAGS="$LDFLAGS $(pkg-config --libs libtirpc) -Wl,-z,relro,-z,now"
%install
%make_install DAEMONDIR=%{buildroot}%{_sbindir} MANDIR=%{buildroot}%{_mandir}
mkdir -m 700 -p %{buildroot}%{_sysconfdir}/xinetd.d
install -Dm644 %{SOURCE1} %{buildroot}%{_unitdir}/xinetd.service
install -m600 contrib/xinetd.conf %{buildroot}%{_sysconfdir}
install -m600 contrib/xinetd.d/* %{buildroot}%{_sysconfdir}/xinetd.d
%post
%systemd_post xinetd
%preun
%systemd_preun xinetd
%postun
%systemd_postun_with_restart xinetd
%files
%doc COPYRIGHT
%config(noreplace) %{_sysconfdir}/xinetd.conf
%config(noreplace) %{_sysconfdir}/xinetd.d/*
%{_unitdir}/xinetd.service
%{_sbindir}/xinetd
%exclude %{_sysconfdir}/xinetd.d/ftp-sensor
%exclude %{_sbindir}/itox
%exclude %{_sbindir}/xconv.pl
%files help
%doc CHANGELOG README xinetd/sample.conf contrib/empty.conf
%{_mandir}/*/*
%exclude %{_mandir}/man8/itox*
%exclude %{_mandir}/man8/xconv.pl*
%changelog
* Thu Sep 12 2019 huzhiyu<huzhiyu1@huawei.com> - 2:2.3.15-28
- Package init