Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Sam James <sam@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: net-misc/netkit-rsh/files/patches/, net-misc/netkit-rsh/
Date: Fri, 25 Jun 2021 00:32:05
Message-Id: 1624581075.231787a2484df850fe2299a25ef3e715c00c0358.sam@gentoo
1 commit: 231787a2484df850fe2299a25ef3e715c00c0358
2 Author: Hank Leininger <hlein <AT> korelogic <DOT> com>
3 AuthorDate: Tue Jun 22 23:14:40 2021 +0000
4 Commit: Sam James <sam <AT> gentoo <DOT> org>
5 CommitDate: Fri Jun 25 00:31:15 2021 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=231787a2
7
8 net-misc/netkit-rsh: security fix, add myself as p-m
9
10 This updates one of our existing patches with Debian's fix for
11 CVE-2019-7282 and CVE-2019-7283. Minor other cleanups.
12
13 Signed-off-by: Hank Leininger <hlein <AT> korelogic.com>
14 Bug: https://bugs.gentoo.org/717794
15 Closes: https://bugs.gentoo.org/710960
16 Package-Manager: Portage-3.0.20, Repoman-3.0.3
17 Signed-off-by: Sam James <sam <AT> gentoo.org>
18
19 .../netkit-rsh/files/patches/000_all_sectty.patch | 32 +++
20 .../netkit-rsh/files/patches/010_all_rexec.patch | 55 +++++
21 .../netkit-rsh/files/patches/020_all_stdarg.patch | 43 ++++
22 .../netkit-rsh/files/patches/030_all_jbj.patch | 33 +++
23 .../netkit-rsh/files/patches/040_all_jbj4.patch | 14 ++
24 .../netkit-rsh/files/patches/050_all_prompt.patch | 37 +++
25 .../files/patches/060_all_rlogin-rsh.patch | 10 +
26 .../netkit-rsh/files/patches/070_all_nokrb.patch | 231 +++++++++++++++++++
27 .../netkit-rsh/files/patches/080_all_jbj5.patch | 29 +++
28 .../files/patches/090_all_userandhost.patch | 70 ++++++
29 .../netkit-rsh/files/patches/100_all_strip.patch | 66 ++++++
30 .../netkit-rsh/files/patches/110_all_lfs.patch | 25 ++
31 .../netkit-rsh/files/patches/120_all_chdir.patch | 57 +++++
32 .../files/patches/130_all_pam-nologin.patch | 14 ++
33 .../files/patches/140_all_nohostcheck.patch | 134 +++++++++++
34 .../files/patches/150_all_rexec-netrc.patch | 251 +++++++++++++++++++++
35 .../files/patches/160_all_pam-sess.patch | 12 +
36 .../netkit-rsh/files/patches/170_all_errno.patch | 51 +++++
37 .../files/patches/180_all_rexec-sig.patch | 17 ++
38 .../netkit-rsh/files/patches/190_all_nohost.patch | 63 ++++++
39 .../netkit-rsh/files/patches/200_all_ignchld.patch | 22 ++
40 .../files/patches/210_all_checkdir-r1.patch | 23 ++
41 .../netkit-rsh/files/patches/220_all_fbsd.patch | 222 ++++++++++++++++++
42 .../netkit-rsh/files/patches/230_all_MAX_ARG.patch | 96 ++++++++
43 net-misc/netkit-rsh/metadata.xml | 9 +-
44 net-misc/netkit-rsh/netkit-rsh-0.17-r12.ebuild | 78 +++++++
45 26 files changed, 1693 insertions(+), 1 deletion(-)
46
47 diff --git a/net-misc/netkit-rsh/files/patches/000_all_sectty.patch b/net-misc/netkit-rsh/files/patches/000_all_sectty.patch
48 new file mode 100644
49 index 00000000000..fdd761bd991
50 --- /dev/null
51 +++ b/net-misc/netkit-rsh/files/patches/000_all_sectty.patch
52 @@ -0,0 +1,32 @@
53 +--- a/rexecd/rexecd.c
54 ++++ b/rexecd/rexecd.c
55 +@@ -300,6 +300,7 @@
56 + PAM_password = pass;
57 + pam_error = pam_start("rexec", PAM_username, &PAM_conversation,&pamh);
58 + PAM_BAIL;
59 ++ (void) pam_set_item (pamh, PAM_TTY, "rexec"); /* we don't have a tty yet! */
60 + pam_error = pam_authenticate(pamh, 0);
61 + PAM_BAIL;
62 + pam_error = pam_acct_mgmt(pamh, 0);
63 +--- a/rlogind/auth.c
64 ++++ b/rlogind/auth.c
65 +@@ -123,7 +123,7 @@
66 + pam_set_item(pamh, PAM_USER, localuser);
67 + pam_set_item(pamh, PAM_RUSER, remoteuser);
68 + pam_set_item(pamh, PAM_RHOST, host);
69 +- pam_set_item(pamh, PAM_TTY, "tty"); /* ? */
70 ++ pam_set_item(pamh, PAM_TTY, "rlogin"); /* we don't have a tty yet! */
71 +
72 + network_confirm();
73 + retval = attempt_auth();
74 +--- a/rshd/rshd.c
75 ++++ b/rshd/rshd.c
76 +@@ -243,7 +243,7 @@
77 + }
78 + pam_set_item (pamh, PAM_RUSER, remuser);
79 + pam_set_item (pamh, PAM_RHOST, hostname);
80 +- pam_set_item (pamh, PAM_TTY, "tty");
81 ++ pam_set_item (pamh, PAM_TTY, "rsh"); /* we don't use a tty, so punt */
82 +
83 + retcode = pam_authenticate(pamh, 0);
84 + if (retcode == PAM_SUCCESS) {
85
86 diff --git a/net-misc/netkit-rsh/files/patches/010_all_rexec.patch b/net-misc/netkit-rsh/files/patches/010_all_rexec.patch
87 new file mode 100644
88 index 00000000000..ffdbdfffebc
89 --- /dev/null
90 +++ b/net-misc/netkit-rsh/files/patches/010_all_rexec.patch
91 @@ -0,0 +1,55 @@
92 +--- a/rexecd/rexecd.8
93 ++++ b/rexecd/rexecd.8
94 +@@ -68,8 +68,9 @@
95 + it is interpreted as the port number of a secondary
96 + stream to be used for the
97 + .Em stderr .
98 +-A second connection is then created to the specified
99 +-port on the client's machine.
100 ++A second connection will be created to the specified
101 ++port on the client's machine after receiving and authenticating
102 ++the user, password, and command from the client.
103 + .It
104 + A NUL terminated user name of at most 16 characters
105 + is retrieved on the initial socket.
106 +--- a/rexec/Makefile
107 ++++ b/rexec/Makefile
108 +@@ -1,30 +1,23 @@
109 +
110 + SHELL = /bin/sh
111 +
112 +-BINDIR = /usr/local/bin
113 +-MANDIR = /usr/local/man/man1
114 ++include ../MCONFIG
115 ++include ../MRULES
116 +
117 + # Uncomment this line if you get link errors under Solaris
118 + #LDLIBS=-lsocket -lnsl
119 +
120 + .PHONY: all
121 +
122 +-all: rexec install
123 ++all: rexec
124 +
125 + rexec: rexec.c
126 +
127 + rexec.1:
128 +
129 ++clean:
130 ++ rm -f *.o rexec
131 ++
132 + install: rexec rexec.1
133 +- @ echo "Installation: Press enter for defaults."; \
134 +- echo -n "Enter the location to install executable "; \
135 +- echo -n " (default: $(BINDIR)): "; \
136 +- read bindir; \
137 +- bindir=$${bindir:-$(BINDIR)}; \
138 +- echo -n "Enter the manpage location (default $(MANDIR)): ";\
139 +- read mandir; \
140 +- mandir=$${mandir:-$(MANDIR)}; \
141 +- cp rexec $$bindir; \
142 +- chmod a+rx $${bindir}/rexec; \
143 +- cp rexec.1 $$mandir; \
144 +- chmod a+r $${mandir}/rexec.1
145 ++ install -m 0755 rexec $(INSTALLROOT)/$(BINDIR)/rexec
146 ++ install -m 0644 rexec.1 $(INSTALLROOT)/$(MANDIR)/man1/rexec.1
147
148 diff --git a/net-misc/netkit-rsh/files/patches/020_all_stdarg.patch b/net-misc/netkit-rsh/files/patches/020_all_stdarg.patch
149 new file mode 100644
150 index 00000000000..a9ec010330a
151 --- /dev/null
152 +++ b/net-misc/netkit-rsh/files/patches/020_all_stdarg.patch
153 @@ -0,0 +1,43 @@
154 +--- a/rcp/rcp.c
155 ++++ b/rcp/rcp.c
156 +@@ -836,19 +836,33 @@
157 + error(const char *fmt, ...)
158 + {
159 + static FILE *fp;
160 +- va_list ap;
161 +-
162 +- va_start(ap, fmt);
163 ++ char buf[1000];
164 +
165 + ++errs;
166 + if (!fp && !(fp = fdopen(rem, "w")))
167 + return;
168 +- fprintf(fp, "%c", 0x01);
169 +- vfprintf(fp, fmt, ap);
170 ++
171 ++ /* (fmt,...) might need to go to two streams.
172 ++ *
173 ++ * In { va_start ; vfprintf ; vfprintf ; va_end }, second
174 ++ * vfprintf didn't restart (ie: vfprintf affects ap) (glibc)
175 ++ *
176 ++ * Is { va_start ; vfprintf ; va_end} * 2 even allowed?
177 ++ *
178 ++ * => Dump (fmt,...) to buffer. */
179 ++
180 ++ {
181 ++ va_list ap;
182 ++ va_start(ap, fmt);
183 ++ vsnprintf(buf, sizeof(buf), fmt, ap);
184 ++ buf[sizeof(buf)-1] = 0;
185 ++ va_end(ap);
186 ++ }
187 ++
188 ++ fprintf(fp, "%c%s", 0x01, buf);
189 + fflush(fp);
190 +- if (!iamremote) vfprintf(stderr, fmt, ap);
191 +
192 +- va_end(ap);
193 ++ if (!iamremote) fputs(buf, stderr);
194 + }
195 +
196 + static void
197
198 diff --git a/net-misc/netkit-rsh/files/patches/030_all_jbj.patch b/net-misc/netkit-rsh/files/patches/030_all_jbj.patch
199 new file mode 100644
200 index 00000000000..3f5e661b705
201 --- /dev/null
202 +++ b/net-misc/netkit-rsh/files/patches/030_all_jbj.patch
203 @@ -0,0 +1,33 @@
204 +--- a/rcp/Makefile
205 ++++ b/rcp/Makefile
206 +@@ -7,7 +7,7 @@
207 + $(CC) $(LDFLAGS) $^ $(LIBS) -o $@
208 +
209 + install: rcp
210 +- install -s -o root -m$(SUIDMODE) rcp $(INSTALLROOT)$(BINDIR)
211 ++ install -s rcp $(INSTALLROOT)$(BINDIR)
212 + install -m$(MANMODE) rcp.1 $(INSTALLROOT)$(MANDIR)/man1
213 +
214 + clean:
215 +--- a/rlogin/Makefile
216 ++++ a/rlogin/Makefile
217 +@@ -10,7 +10,7 @@
218 + $(CC) $(LDFLAGS) $^ $(LIBS) -o $@
219 +
220 + install: $(PROG)
221 +- install -s -o root -m$(SUIDMODE) $(PROG) $(INSTALLROOT)$(BINDIR)
222 ++ install -s $(PROG) $(INSTALLROOT)$(BINDIR)
223 + install -m $(MANMODE) $(PROG).1 $(INSTALLROOT)$(MANDIR)/man1
224 +
225 + clean:
226 +--- a/rsh/Makefile
227 ++++ b/rsh/Makefile
228 +@@ -9,7 +9,7 @@
229 + $(CC) $(LDFLAGS) $^ $(LIBS) -o $@
230 +
231 + install: rsh
232 +- install -s -o root -m$(SUIDMODE) rsh $(INSTALLROOT)$(BINDIR)
233 ++ install -s rsh $(INSTALLROOT)$(BINDIR)
234 + install -m$(MANMODE) rsh.1 $(INSTALLROOT)$(MANDIR)/man1
235 +
236 + clean:
237
238 diff --git a/net-misc/netkit-rsh/files/patches/040_all_jbj4.patch b/net-misc/netkit-rsh/files/patches/040_all_jbj4.patch
239 new file mode 100644
240 index 00000000000..41c98d27606
241 --- /dev/null
242 +++ b/net-misc/netkit-rsh/files/patches/040_all_jbj4.patch
243 @@ -0,0 +1,14 @@
244 +--- a/rshd/Makefile
245 ++++ b/rshd/Makefile
246 +@@ -6,9 +6,8 @@
247 + OBJS = rshd.o
248 +
249 + ifeq ($(USE_PAM),1)
250 +-# ?
251 +-CFLAGS += # -DUSE_PAM
252 +-LIBS += -ldl # -lpam -lpam_misc
253 ++CFLAGS += -DUSE_PAM
254 ++LIBS += -ldl -lpam -lpam_misc
255 + endif
256 +
257 + rshd: $(OBJS)
258
259 diff --git a/net-misc/netkit-rsh/files/patches/050_all_prompt.patch b/net-misc/netkit-rsh/files/patches/050_all_prompt.patch
260 new file mode 100644
261 index 00000000000..5f6a89dc1d9
262 --- /dev/null
263 +++ b/net-misc/netkit-rsh/files/patches/050_all_prompt.patch
264 @@ -0,0 +1,37 @@
265 +--- a/rexec/rexec.c
266 ++++ b/rexec/rexec.c
267 +@@ -164,12 +164,30 @@
268 + user_name[strlen(user_name)-1] = '\0'; /* Hopefully fgets always adds
269 + a newline. */
270 + passwd = getpass("Password: ");
271 ++ } else {
272 ++
273 ++ if ( user_name == NULL )
274 ++ user_name = getenv("REXEC_USER");
275 ++ if ( user_name == NULL ) {
276 ++ uid_t uid = getuid();
277 ++ struct passwd *pw = getpwuid(uid);
278 ++ if (!(pw && pw->pw_name)) {
279 ++ fprintf(stderr, "Can't lookup uid %d\n", uid);
280 ++ exit(1);
281 ++ }
282 ++ user_name = strdup(pw->pw_name);
283 ++ }
284 ++ if ( passwd == NULL )
285 ++ passwd = getenv("REXEC_PASS");
286 ++ if ( passwd == NULL )
287 ++ passwd = getpass("Password: ");
288 + }
289 +
290 +- if ( user_name == NULL )
291 +- user_name = getenv("REXEC_USER");
292 +- if ( passwd == NULL )
293 +- passwd = getenv("REXEC_PASS");
294 ++ if (!(user_name && passwd)) {
295 ++ fprintf(stderr, "Can't use %s without supplying a user and password\n",
296 ++ progname);
297 ++ exit(1);
298 ++ }
299 +
300 + if ( (sock = rexec(&host, port_exec, user_name, passwd, command,
301 + p_to_aux_sock)) < 0 )
302
303 diff --git a/net-misc/netkit-rsh/files/patches/060_all_rlogin-rsh.patch b/net-misc/netkit-rsh/files/patches/060_all_rlogin-rsh.patch
304 new file mode 100644
305 index 00000000000..83a530765a9
306 --- /dev/null
307 +++ b/net-misc/netkit-rsh/files/patches/060_all_rlogin-rsh.patch
308 @@ -0,0 +1,10 @@
309 +--- a/rlogin/rlogin.c
310 ++++ b/rlogin/rlogin.c
311 +@@ -194,6 +194,7 @@
312 + p = argv[0];
313 +
314 + if (strcmp(p, "rlogin"))
315 ++ if (strcmp(p, "rsh"))
316 + host = p;
317 +
318 + /* handle "rlogin host flags" */
319
320 diff --git a/net-misc/netkit-rsh/files/patches/070_all_nokrb.patch b/net-misc/netkit-rsh/files/patches/070_all_nokrb.patch
321 new file mode 100644
322 index 00000000000..2d702937440
323 --- /dev/null
324 +++ b/net-misc/netkit-rsh/files/patches/070_all_nokrb.patch
325 @@ -0,0 +1,231 @@
326 +diff -uNr a/rcp/rcp.1 a/rcp/rcp.1
327 +--- a/rcp/rcp.1
328 ++++ b/rcp/rcp.1
329 +@@ -41,12 +41,10 @@
330 + .Sh SYNOPSIS
331 + .Nm rcp
332 + .Op Fl px
333 +-.Op Fl k Ar realm
334 + .Ar file1 file2
335 + .Nm rcp
336 + .Op Fl px
337 + .Op Fl r
338 +-.Op Fl k Ar realm
339 + .Ar file ...
340 + .Ar directory
341 + .Sh DESCRIPTION
342 +@@ -79,27 +77,6 @@
343 + modified by the
344 + .Xr umask 2
345 + on the destination host is used.
346 +-.It Fl k
347 +-The
348 +-.Fl k
349 +-option requests
350 +-.Nm rcp
351 +-to obtain tickets
352 +-for the remote host in realm
353 +-.Ar realm
354 +-instead of the remote host's realm as determined by
355 +-.Xr krb_realmofhost 3 .
356 +-.It Fl x
357 +-The
358 +-.Fl x
359 +-option turns on
360 +-.Tn DES
361 +-encryption for all data passed by
362 +-.Nm rcp .
363 +-This may impact response time and
364 +-.Tn CPU
365 +-utilization, but provides
366 +-increased security.
367 + .El
368 + .Pp
369 + If
370 +@@ -134,11 +111,6 @@
371 + .Nm rcp
372 + command appeared in
373 + .Bx 4.2 .
374 +-The version of
375 +-.Nm rcp
376 +-described here
377 +-has been reimplemented with Kerberos in
378 +-.Bx 4.3 Reno .
379 + .Sh BUGS
380 + Doesn't detect all cases where the target of a copy might
381 + be a file in cases where only a directory should be legal.
382 +diff -uNr a/rlogin/rlogin.1 a/rlogin/rlogin.1
383 +--- a/rlogin/rlogin.1
384 ++++ b/rlogin/rlogin.1
385 +@@ -42,7 +42,6 @@
386 + .Ar rlogin
387 + .Op Fl 8EKLdx
388 + .Op Fl e Ar char
389 +-.Op Fl k Ar realm
390 + .Op Fl l Ar username
391 + .Ar host
392 + .Sh DESCRIPTION
393 +@@ -50,9 +49,7 @@
394 + starts a terminal session on a remote host
395 + .Ar host .
396 + .Pp
397 +-.Nm Rlogin
398 +-first attempts to use the Kerberos authorization mechanism, described below.
399 +-If the remote host does not supporting Kerberos the standard Berkeley
400 ++The standard Berkeley
401 + .Pa rhosts
402 + authorization mechanism is used.
403 + The options are as follows:
404 +@@ -71,10 +68,6 @@
405 + When used with the
406 + .Fl 8
407 + option, this provides a completely transparent connection.
408 +-.It Fl K
409 +-The
410 +-.Fl K
411 +-option turns off all Kerberos authentication.
412 + .It Fl L
413 + The
414 + .Fl L
415 +@@ -94,25 +87,6 @@
416 + ``~'' by default.
417 + This specification may be as a literal character, or as an octal
418 + value in the form \ennn.
419 +-.It Fl k
420 +-The
421 +-.FL k
422 +-option requests rlogin to obtain tickets for the remote host
423 +-in realm
424 +-.Ar realm
425 +-instead of the remote host's realm as determined by
426 +-.Xr krb_realmofhost 3 .
427 +-.It Fl x
428 +-The
429 +-.Fl x
430 +-option turns on
431 +-.Tn DES
432 +-encryption for all data passed via the
433 +-rlogin session.
434 +-This may impact response time and
435 +-.Tn CPU
436 +-utilization, but provides
437 +-increased security.
438 + .El
439 + .Pp
440 + A line of the form ``<escape char>.'' disconnects from the remote host.
441 +@@ -129,35 +103,6 @@
442 + is transparent.
443 + Flow control via ^S/^Q and flushing of input and output on interrupts
444 + are handled properly.
445 +-.Sh KERBEROS AUTHENTICATION
446 +-Each user may have a private authorization list in the file
447 +-.Pa .klogin
448 +-in their home directory.
449 +-Each line in this file should contain a Kerberos principal name of the
450 +-form
451 +-.Ar principal.instance@realm .
452 +-If the originating user is authenticated to one of the principals named
453 +-in
454 +-.Pa .klogin ,
455 +-access is granted to the account.
456 +-The principal
457 +-.Ar accountname.@localrealm
458 +-is granted access if
459 +-there is no
460 +-.Pa .klogin
461 +-file.
462 +-Otherwise a login and password will be prompted for on the remote machine
463 +-as in
464 +-.Xr login 1 .
465 +-To avoid certain security problems, the
466 +-.Pa .klogin
467 +-file must be owned by
468 +-the remote user.
469 +-.Pp
470 +-If Kerberos authentication fails, a warning message is printed and the
471 +-standard Berkeley
472 +-.Nm rlogin
473 +-is used instead.
474 + .Sh ENVIRONMENT
475 + The following environment variable is utilized by
476 + .Nm rlogin :
477 +@@ -167,9 +112,6 @@
478 + .El
479 + .Sh SEE ALSO
480 + .Xr rsh 1 ,
481 +-.Xr kerberos 3 ,
482 +-.Xr krb_sendauth 3 ,
483 +-.Xr krb_realmofhost 3
484 + .Sh HISTORY
485 + The
486 + .Nm rlogin
487 +diff -uNr a/rsh/rsh.1 a/rsh/rsh.1
488 +--- a/rsh/rsh.1
489 ++++ b/rsh/rsh.1
490 +@@ -41,7 +41,6 @@
491 + .Sh SYNOPSIS
492 + .Nm rsh
493 + .Op Fl Kdnx
494 +-.Op Fl k Ar realm
495 + .Op Fl l Ar username
496 + .Ar host
497 + .Op command
498 +@@ -62,10 +61,6 @@
499 + normally terminates when the remote command does.
500 + The options are as follows:
501 + .Bl -tag -width flag
502 +-.It Fl K
503 +-The
504 +-.Fl K
505 +-option turns off all Kerberos authentication.
506 + .It Fl d
507 + The
508 + .Fl d
509 +@@ -74,23 +69,11 @@
510 + on the
511 + .Tn TCP
512 + sockets used for communication with the remote host.
513 +-.It Fl k
514 +-The
515 +-.Fl k
516 +-option causes
517 +-.Nm rsh
518 +-to obtain tickets for the remote host in
519 +-.Ar realm
520 +-instead of the remote host's realm as determined by
521 +-.Xr krb_realmofhost 3 .
522 + .It Fl l
523 + By default, the remote username is the same as the local username.
524 + The
525 + .Fl l
526 + option allows the remote name to be specified.
527 +-Kerberos authentication is used, and authorization is determined
528 +-as in
529 +-.Xr rlogin 1 .
530 + .It Fl n
531 + The
532 + .Fl n
533 +@@ -99,13 +82,6 @@
534 + (see the
535 + .Sx BUGS
536 + section of this manual page).
537 +-.It Fl x
538 +-The
539 +-.Fl x
540 +-option turns on
541 +-.Tn DES
542 +-encryption for all data exchange.
543 +-This may introduce a significant delay in response time.
544 + .El
545 + .Pp
546 + If no
547 +@@ -142,9 +118,6 @@
548 + .El
549 + .Sh SEE ALSO
550 + .Xr rlogin 1 ,
551 +-.Xr kerberos 3 ,
552 +-.Xr krb_sendauth 3 ,
553 +-.Xr krb_realmofhost 3
554 + .Sh HISTORY
555 + The
556 + .Nm rsh
557
558 diff --git a/net-misc/netkit-rsh/files/patches/080_all_jbj5.patch b/net-misc/netkit-rsh/files/patches/080_all_jbj5.patch
559 new file mode 100644
560 index 00000000000..5bfd70ac91a
561 --- /dev/null
562 +++ b/net-misc/netkit-rsh/files/patches/080_all_jbj5.patch
563 @@ -0,0 +1,29 @@
564 +--- a/rlogind/auth.c
565 ++++ b/rlogind/auth.c
566 +@@ -37,6 +37,7 @@
567 + #include "rlogind.h"
568 +
569 + #ifdef USE_PAM
570 ++#include <grp.h>
571 +
572 + /*
573 + * Modifications for Linux-PAM: Al Longyear <longyear@××××××.com>
574 +@@ -158,18 +159,14 @@
575 + pwd = getpwnam(localuser);
576 + if (pwd==NULL) {
577 + syslog(LOG_ERR, "user returned by PAM does not exist\n");
578 +- /* don't print this - it tells people which accounts exist */
579 +- /*fprintf(stderr, "rlogind: internal error\n");*/
580 + return -1;
581 + }
582 + if (setgid(pwd->pw_gid) != 0) {
583 + syslog(LOG_ERR, "cannot assume gid for user returned by PAM\n");
584 +- fprintf(stderr, "rlogind: internal error\n");
585 + return -1;
586 + }
587 + if (initgroups(localuser, pwd->pw_gid) != 0) {
588 + syslog(LOG_ERR, "initgroups failed for user returned by PAM\n");
589 +- fprintf(stderr, "rlogind: internal error\n");
590 + return -1;
591 + }
592 + retval = pam_setcred(pamh, PAM_ESTABLISH_CRED);
593
594 diff --git a/net-misc/netkit-rsh/files/patches/090_all_userandhost.patch b/net-misc/netkit-rsh/files/patches/090_all_userandhost.patch
595 new file mode 100644
596 index 00000000000..42f135b6e2c
597 --- /dev/null
598 +++ b/net-misc/netkit-rsh/files/patches/090_all_userandhost.patch
599 @@ -0,0 +1,70 @@
600 +--- a/rlogind/rlogind.c
601 ++++ b/rlogind/rlogind.c
602 +@@ -333,9 +333,10 @@
603 +
604 +
605 + static void child(const char *hname, const char *termtype,
606 +- const char *localuser, int authenticated)
607 ++ const char *localuser, int authenticated,
608 ++ const char *rusername)
609 + {
610 +- char *termenv[2];
611 ++ char *termenv[4];
612 +
613 + setup_term(0, termtype);
614 +
615 +@@ -344,7 +345,17 @@
616 + strcpy(termenv[0], "TERM=");
617 + strcat(termenv[0], termtype);
618 + }
619 +- termenv[1] = NULL;
620 ++ termenv[1] = malloc(strlen(rusername)+12);
621 ++ if (termenv[1]) { /* shouldn't ever fail, mind you */
622 ++ strcpy(termenv[1], "REMOTEUSER=");
623 ++ strcat(termenv[1], rusername);
624 ++ }
625 ++ termenv[2] = malloc(strlen(hname)+12);
626 ++ if (termenv[2]) { /* shouldn't ever fail, mind you */
627 ++ strcpy(termenv[2], "REMOTEHOST=");
628 ++ strcat(termenv[2], hname);
629 ++ }
630 ++ termenv[3] = NULL;
631 +
632 + if (authenticated) {
633 + auth_finish();
634 +@@ -420,7 +431,7 @@
635 + if (pid == 0) {
636 + /* netfd should always be 0, but... */
637 + if (netfd > 2) close(netfd);
638 +- child(hname, termtype, lusername, authenticated);
639 ++ child(hname, termtype, lusername, authenticated, rusername);
640 + }
641 + on = 1;
642 + ioctl(netfd, FIONBIO, &on);
643 +--- a/rshd/rshd.c
644 ++++ b/rshd/rshd.c
645 +@@ -102,8 +102,10 @@
646 + char homedir[64] = "HOME=";
647 + char shell[64] = "SHELL=";
648 + char path[100] = "PATH=";
649 ++char remoteuser[20] = "REMOTEUSER=";
650 ++char remotehost[50] = "REMOTEHOST=";
651 + char *envinit[] =
652 +- {homedir, shell, path, username, 0};
653 ++ {homedir, shell, path, username, remoteuser, remotehost, 0};
654 + extern char **environ;
655 +
656 + static void error(const char *fmt, ...);
657 +@@ -460,6 +462,12 @@
658 + strncat(homedir, pwd->pw_dir, sizeof(homedir)-6);
659 + homedir[sizeof(homedir)-1] = 0;
660 +
661 ++ strncat(remoteuser, remuser, sizeof(remoteuser)-12);
662 ++ remoteuser[sizeof(remoteuser)-1] = 0;
663 ++
664 ++ strncat(remotehost, hostname, sizeof(remotehost)-12);
665 ++ remotehost[sizeof(remotehost)-1] = 0;
666 ++
667 + strcat(path, _PATH_DEFPATH);
668 +
669 + strncat(shell, theshell, sizeof(shell)-7);
670
671 diff --git a/net-misc/netkit-rsh/files/patches/100_all_strip.patch b/net-misc/netkit-rsh/files/patches/100_all_strip.patch
672 new file mode 100644
673 index 00000000000..c22765b10dc
674 --- /dev/null
675 +++ b/net-misc/netkit-rsh/files/patches/100_all_strip.patch
676 @@ -0,0 +1,66 @@
677 +--- a/rcp/Makefile
678 ++++ b/rcp/Makefile
679 +@@ -7,7 +7,7 @@
680 + $(CC) $(LDFLAGS) $^ $(LIBS) -o $@
681 +
682 + install: rcp
683 +- install -s rcp $(INSTALLROOT)$(BINDIR)
684 ++ install rcp $(INSTALLROOT)$(BINDIR)
685 + install -m$(MANMODE) rcp.1 $(INSTALLROOT)$(MANDIR)/man1
686 +
687 + clean:
688 +--- a/rexecd/Makefile
689 ++++ b/rexecd/Makefile
690 +@@ -27,7 +27,7 @@
691 + $(CC) $(LDFLAGS) $^ $(LIBS) -o $@
692 +
693 + install: rexecd
694 +- install -s -m$(DAEMONMODE) rexecd $(INSTALLROOT)$(SBINDIR)/in.rexecd
695 ++ install -m$(DAEMONMODE) rexecd $(INSTALLROOT)$(SBINDIR)/in.rexecd
696 + install -m$(MANMODE) rexecd.8 $(INSTALLROOT)$(MANDIR)/man8/in.rexecd.8
697 + ln -sf in.rexecd.8 $(INSTALLROOT)$(MANDIR)/man8/rexecd.8
698 + ifeq ($(USE_PAM),1)
699 +--- a/rlogin/Makefile
700 ++++ b/rlogin/Makefile
701 +@@ -10,7 +10,7 @@
702 + $(CC) $(LDFLAGS) $^ $(LIBS) -o $@
703 +
704 + install: $(PROG)
705 +- install -s $(PROG) $(INSTALLROOT)$(BINDIR)
706 ++ install $(PROG) $(INSTALLROOT)$(BINDIR)
707 + install -m $(MANMODE) $(PROG).1 $(INSTALLROOT)$(MANDIR)/man1
708 +
709 + clean:
710 +--- a/rlogind/Makefile
711 ++++ b/rlogind/Makefile
712 +@@ -20,7 +20,7 @@
713 + auth.o network.o: rlogind.h
714 +
715 + install: rlogind
716 +- install -s -m$(DAEMONMODE) rlogind $(INSTALLROOT)$(SBINDIR)/in.rlogind
717 ++ install -m$(DAEMONMODE) rlogind $(INSTALLROOT)$(SBINDIR)/in.rlogind
718 + install -m$(MANMODE) rlogind.8 $(INSTALLROOT)$(MANDIR)/man8/in.rlogind.8
719 + ln -sf in.rlogind.8 $(INSTALLROOT)$(MANDIR)/man8/rlogind.8
720 +
721 +--- a/rsh/Makefile
722 ++++ b/rsh/Makefile
723 +@@ -9,7 +9,7 @@
724 + $(CC) $(LDFLAGS) $^ $(LIBS) -o $@
725 +
726 + install: rsh
727 +- install -s rsh $(INSTALLROOT)$(BINDIR)
728 ++ install rsh $(INSTALLROOT)$(BINDIR)
729 + install -m$(MANMODE) rsh.1 $(INSTALLROOT)$(MANDIR)/man1
730 +
731 + clean:
732 +--- a/rshd/Makefile
733 ++++ b/rshd/Makefile
734 +@@ -14,7 +14,7 @@
735 + $(CC) $(LDFLAGS) $^ $(LIBS) -o $@
736 +
737 + install: rshd
738 +- install -s -m$(DAEMONMODE) rshd $(INSTALLROOT)$(SBINDIR)/in.rshd
739 ++ install -m$(DAEMONMODE) rshd $(INSTALLROOT)$(SBINDIR)/in.rshd
740 + install -m$(MANMODE) rshd.8 $(INSTALLROOT)$(MANDIR)/man8/in.rshd.8
741 + ln -sf in.rshd.8 $(INSTALLROOT)$(MANDIR)/man8/rshd.8
742 +
743
744 diff --git a/net-misc/netkit-rsh/files/patches/110_all_lfs.patch b/net-misc/netkit-rsh/files/patches/110_all_lfs.patch
745 new file mode 100644
746 index 00000000000..49a3970a03f
747 --- /dev/null
748 +++ b/net-misc/netkit-rsh/files/patches/110_all_lfs.patch
749 @@ -0,0 +1,25 @@
750 +--- a/rcp/rcp.c
751 ++++ b/rcp/rcp.c
752 +@@ -482,7 +482,7 @@
753 + }
754 + }
755 + (void)snprintf(buf, sizeof(buf),
756 +- "C%04o %ld %s\n", stb.st_mode&07777, stb.st_size, last);
757 ++ "C%04o %lld %s\n", stb.st_mode&07777, (long long)(stb.st_size), last);
758 + (void)write(rem, buf, (int)strlen(buf));
759 + if (response() < 0) {
760 + (void)close(f);
761 +@@ -614,11 +614,11 @@
762 + struct timeval tv[2];
763 + enum { YES, NO, DISPLAYED } wrerr;
764 + BUF *bp;
765 +- off_t i, j;
766 ++ off_t i, j, size;
767 + char ch, *targ;
768 + const char *why;
769 + int amt, count, exists, first, mask, mode;
770 +- int ofd, setimes, size, targisdir;
771 ++ int ofd, setimes, targisdir;
772 + char *np, *vect[1], buf[BUFSIZ];
773 +
774 + #define atime tv[0]
775
776 diff --git a/net-misc/netkit-rsh/files/patches/120_all_chdir.patch b/net-misc/netkit-rsh/files/patches/120_all_chdir.patch
777 new file mode 100644
778 index 00000000000..2309a118385
779 --- /dev/null
780 +++ b/net-misc/netkit-rsh/files/patches/120_all_chdir.patch
781 @@ -0,0 +1,57 @@
782 +--- a/rshd/rshd.c
783 ++++ b/rshd/rshd.c
784 +@@ -388,15 +388,6 @@
785 + remuser, hostname, locuser, cmdbuf);
786 + }
787 +
788 +- if (chdir(pwd->pw_dir) < 0) {
789 +- chdir("/");
790 +- /*
791 +- * error("No remote directory.\n");
792 +- * exit(1);
793 +- */
794 +- }
795 +-
796 +-
797 + if (pwd->pw_uid != 0 && !access(_PATH_NOLOGIN, F_OK)) {
798 + error("Logins currently disabled.\n");
799 + exit(1);
800 +@@ -456,6 +447,14 @@
801 + exit(1);
802 + }
803 + environ = envinit;
804 ++
805 ++ if (chdir(pwd->pw_dir) < 0) {
806 ++ chdir("/");
807 ++ /*
808 ++ * error("No remote directory.\n");
809 ++ * exit(1);
810 ++ */
811 ++ }
812 +
813 + strncat(homedir, pwd->pw_dir, sizeof(homedir)-6);
814 + homedir[sizeof(homedir)-1] = 0;
815 +--- a/rexecd/rexecd.c
816 ++++ b/rexecd/rexecd.c
817 +@@ -375,10 +375,6 @@
818 + /* Log successful attempts. */
819 + syslog(LOG_INFO, "login from %.128s as %s", remote, user);
820 +
821 +- if (chdir(pwd->pw_dir) < 0) {
822 +- fatal("No remote directory.\n");
823 +- }
824 +-
825 + write(2, "\0", 1);
826 + if (port) {
827 + /* If we have a port, dup STDERR on that port KRH */
828 +@@ -408,6 +404,10 @@
829 + if (setuid(pwd->pw_uid)) {
830 + perror("setuid");
831 + exit(1);
832 ++ }
833 ++
834 ++ if (chdir(pwd->pw_dir) < 0) {
835 ++ fatal("No remote directory.\n");
836 + }
837 +
838 + strcat(path, _PATH_DEFPATH);
839
840 diff --git a/net-misc/netkit-rsh/files/patches/130_all_pam-nologin.patch b/net-misc/netkit-rsh/files/patches/130_all_pam-nologin.patch
841 new file mode 100644
842 index 00000000000..b9e8cb147f3
843 --- /dev/null
844 +++ b/net-misc/netkit-rsh/files/patches/130_all_pam-nologin.patch
845 @@ -0,0 +1,14 @@
846 +--- a/rlogind/auth.c
847 ++++ b/rlogind/auth.c
848 +@@ -127,7 +127,10 @@
849 +
850 + network_confirm();
851 + retval = attempt_auth();
852 +- if (retval != PAM_SUCCESS) {
853 ++ if ((retval == PAM_ACCT_EXPIRED) || (retval == PAM_PERM_DENIED)) {
854 ++ syslog(LOG_ERR, "PAM authentication denied for in.rlogind");
855 ++ exit(1);
856 ++ } else if (retval != PAM_SUCCESS) {
857 + syslog(LOG_ERR, "PAM authentication failed for in.rlogind");
858 + return -1;
859 + }
860
861 diff --git a/net-misc/netkit-rsh/files/patches/140_all_nohostcheck.patch b/net-misc/netkit-rsh/files/patches/140_all_nohostcheck.patch
862 new file mode 100644
863 index 00000000000..022fc7fd3bc
864 --- /dev/null
865 +++ b/net-misc/netkit-rsh/files/patches/140_all_nohostcheck.patch
866 @@ -0,0 +1,134 @@
867 +--- a/rlogind/network.c
868 ++++ b/rlogind/network.c
869 +@@ -90,7 +90,7 @@
870 +
871 +
872 + static char *
873 +-find_hostname(const struct sockaddr_in *fromp, int *hostokp)
874 ++find_hostname(const struct sockaddr_in *fromp, int no_host_check, int *hostokp)
875 + {
876 + struct hostent *hop;
877 + char *hname;
878 +@@ -102,7 +102,7 @@
879 + hname = strdup(inet_ntoa(fromp->sin_addr));
880 + hostok = 1;
881 + }
882 +- else if (check_all || local_domain(hop->h_name)) {
883 ++ else if ((check_all || local_domain(hop->h_name )) && !no_host_check ) {
884 + /*
885 + * If name returned by gethostbyaddr is in our domain,
886 + * attempt to verify that we haven't been fooled by someone
887 +@@ -143,7 +143,7 @@
888 +
889 +
890 + char *
891 +-network_init(int f, int *hostokp)
892 ++network_init(int f, int no_host_check, int *hostokp)
893 + {
894 + struct sockaddr_in from, *fromp;
895 + socklen_t fromlen;
896 +@@ -177,7 +177,7 @@
897 +
898 + alarm(0);
899 +
900 +- hname = find_hostname(fromp, hostokp);
901 ++ hname = find_hostname(fromp,no_host_check, hostokp);
902 +
903 + port = ntohs(fromp->sin_port);
904 + if (fromp->sin_family != AF_INET ||
905 +--- a/rlogind/rlogind.c
906 ++++ b/rlogind/rlogind.c
907 +@@ -84,6 +84,7 @@
908 + int use_rhosts = 1;
909 + int allow_root_rhosts = 0;
910 + int deny_all_rhosts_hequiv = 0;
911 ++static int no_host_check = 0;
912 +
913 + static char oobdata[] = {(char)TIOCPKT_WINDOW};
914 + static char line[MAXPATHLEN];
915 +@@ -386,7 +387,7 @@
916 + int hostok;
917 + char lusername[32], rusername[32], termtype[256];
918 +
919 +- hname = network_init(netfd, &hostok);
920 ++ hname = network_init(netfd, no_host_check, &hostok);
921 +
922 + getstr(rusername, sizeof(rusername), "remuser too long");
923 + getstr(lusername, sizeof(lusername), "locuser too long");
924 +@@ -439,15 +440,16 @@
925 + openlog("rlogind", LOG_PID | LOG_CONS, LOG_AUTH);
926 +
927 + opterr = 0;
928 +- while ((ch = getopt(argc, argv, "ahLln")) != EOF) {
929 ++ while ((ch = getopt(argc, argv, "ahLlDn")) != EOF) {
930 + switch (ch) {
931 + case 'a': check_all = 1; break;
932 + case 'h': allow_root_rhosts = 1; break;
933 + case 'L': deny_all_rhosts_hequiv = 1; break;
934 + case 'l': use_rhosts = 0; break;
935 ++ case 'D': no_host_check = 1; break;
936 + case 'n': keepalive = 0; break;
937 + case '?': default:
938 +- syslog(LOG_ERR, "usage: rlogind [-ahLln]");
939 ++ syslog(LOG_ERR, "usage: rlogind [-ahLlDn]");
940 + break;
941 + }
942 + }
943 +--- a/rlogind/rlogind.h
944 ++++ b/rlogind/rlogind.h
945 +@@ -3,7 +3,7 @@
946 + void fatal(int f, const char *msg, int syserr);
947 +
948 + /* network.c */
949 +-char *network_init(int fd, int *hostokp);
950 ++char *network_init(int fd, int no_host_check, int *hostokp);
951 + void network_confirm(void);
952 + void network_anticonfirm(void);
953 + void network_close(void);
954 +--- a/rshd/rshd.c
955 ++++ b/rshd/rshd.c
956 +@@ -90,13 +90,14 @@
957 + static pam_handle_t *pamh;
958 + #endif /* USE_PAM */
959 +
960 +-#define OPTIONS "ahlLn"
961 ++#define OPTIONS "ahlLnD"
962 +
963 + static int keepalive = 1;
964 + static int check_all = 0;
965 + static int paranoid = 0;
966 + static int sent_null;
967 +-static int allow_root_rhosts=0;
968 ++static int allow_root_rhosts = 0;
969 ++static int no_host_check = 0;
970 +
971 + char username[20] = "USER=";
972 + char homedir[64] = "HOME=";
973 +@@ -305,6 +306,7 @@
974 + /*
975 + * Attempt to confirm the DNS.
976 + */
977 ++
978 + #ifdef RES_DNSRCH
979 + _res.options &= ~RES_DNSRCH;
980 + #endif
981 +@@ -323,6 +325,8 @@
982 + }
983 + syslog(LOG_NOTICE, "Host addr %s not listed for host %s",
984 + inet_ntoa(fromp->sin_addr), hp->h_name);
985 ++ if ( no_host_check == 1 )
986 ++ return hostname;
987 + fail("Host address mismatch for %s\n",
988 + remuser, inet_ntoa(fromp->sin_addr), locuser, cmdbuf);
989 + return NULL; /* not reachable */
990 +@@ -596,6 +600,10 @@
991 + paranoid = 1;
992 + break;
993 +
994 ++ case 'D':
995 ++ no_host_check = 1;
996 ++ break;
997 ++
998 + case '?':
999 + default:
1000 + syslog(LOG_ERR, "usage: rshd [-%s]", OPTIONS);
1001
1002 diff --git a/net-misc/netkit-rsh/files/patches/150_all_rexec-netrc.patch b/net-misc/netkit-rsh/files/patches/150_all_rexec-netrc.patch
1003 new file mode 100644
1004 index 00000000000..13b4b84fad1
1005 --- /dev/null
1006 +++ b/net-misc/netkit-rsh/files/patches/150_all_rexec-netrc.patch
1007 @@ -0,0 +1,251 @@
1008 +--- a/rexec/ruserpass.c
1009 ++++ b/rexec/ruserpass.c
1010 +@@ -0,0 +1,214 @@
1011 ++/*
1012 ++ * Copyright (c) 1985 Regents of the University of California.
1013 ++ * All rights reserved.
1014 ++ *
1015 ++ * Redistribution and use in source and binary forms, with or without
1016 ++ * modification, are permitted provided that the following conditions
1017 ++ * are met:
1018 ++ * 1. Redistributions of source code must retain the above copyright
1019 ++ * notice, this list of conditions and the following disclaimer.
1020 ++ * 2. Redistributions in binary form must reproduce the above copyright
1021 ++ * notice, this list of conditions and the following disclaimer in the
1022 ++ * documentation and/or other materials provided with the distribution.
1023 ++ * 3. All advertising materials mentioning features or use of this software
1024 ++ * must display the following acknowledgement:
1025 ++ * This product includes software developed by the University of
1026 ++ * California, Berkeley and its contributors.
1027 ++ * 4. Neither the name of the University nor the names of its contributors
1028 ++ * may be used to endorse or promote products derived from this software
1029 ++ * without specific prior written permission.
1030 ++ *
1031 ++ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
1032 ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1033 ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
1034 ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
1035 ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
1036 ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
1037 ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1038 ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
1039 ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
1040 ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
1041 ++ * SUCH DAMAGE.
1042 ++ */
1043 ++
1044 ++/*
1045 ++ * from: @(#)ruserpass.c 5.3 (Berkeley) 3/1/91
1046 ++ */
1047 ++char ruserpass_rcsid[] =
1048 ++ "$Id: 150_all_rexec-netrc.patch,v 1.1 2006/10/14 23:09:28 drizzt Exp $";
1049 ++
1050 ++#include <stdio.h>
1051 ++#include <stdlib.h>
1052 ++#include <utmp.h>
1053 ++#include <ctype.h>
1054 ++#include <sys/stat.h>
1055 ++#include <sys/param.h>
1056 ++#include <errno.h>
1057 ++#include <string.h>
1058 ++#include <unistd.h>
1059 ++
1060 ++static FILE *cfile;
1061 ++static int token(void);
1062 ++
1063 ++#define MACBUF_LEN 4096
1064 ++
1065 ++#define DEFAULT 1
1066 ++#define LOGIN 2
1067 ++#define PASSWD 3
1068 ++#define ACCOUNT 4
1069 ++#define MACDEF 5
1070 ++#define ID 10
1071 ++#define MACH 11
1072 ++
1073 ++static char tokval[100];
1074 ++
1075 ++static struct toktab {
1076 ++ const char *tokstr;
1077 ++ int tval;
1078 ++} toktab[]= {
1079 ++ { "default", DEFAULT },
1080 ++ { "login", LOGIN },
1081 ++ { "password", PASSWD },
1082 ++ { "passwd", PASSWD },
1083 ++ { "account", ACCOUNT },
1084 ++ { "machine", MACH },
1085 ++ { "macdef", MACDEF },
1086 ++ { NULL, 0 }
1087 ++};
1088 ++
1089 ++int
1090 ++xruserpass(const char *host, char **aname, char **apass)
1091 ++{
1092 ++ const char *hdir;
1093 ++ char buf[BUFSIZ], *tmp;
1094 ++ char myname[MAXHOSTNAMELEN];
1095 ++ const char *mydomain;
1096 ++ int t, usedefault = 0;
1097 ++ struct stat stb;
1098 ++
1099 ++ hdir = getenv("HOME");
1100 ++ if (hdir == NULL)
1101 ++ hdir = ".";
1102 ++ snprintf(buf, sizeof(buf), "%s/.netrc", hdir);
1103 ++ cfile = fopen(buf, "r");
1104 ++ if (cfile == NULL) {
1105 ++ if (errno != ENOENT)
1106 ++ perror(buf);
1107 ++ return(0);
1108 ++ }
1109 ++ if (gethostname(myname, sizeof(myname)) < 0)
1110 ++ myname[0] = '\0';
1111 ++ if ((mydomain = strchr(myname, '.')) == NULL)
1112 ++ mydomain = "";
1113 ++next:
1114 ++ while ((t = token())) switch(t) {
1115 ++
1116 ++ case DEFAULT:
1117 ++ usedefault = 1;
1118 ++ /* FALL THROUGH */
1119 ++
1120 ++ case MACH:
1121 ++ if (!usedefault) {
1122 ++ if (token() != ID)
1123 ++ continue;
1124 ++ /*
1125 ++ * Allow match of incompletely-specified host in
1126 ++ * local domain.
1127 ++ */
1128 ++ if (strcasecmp(host, tokval) == 0)
1129 ++ goto match;
1130 ++ if ((tmp = index(host, '.')) != NULL &&
1131 ++ strcasecmp(tmp, mydomain) == 0 &&
1132 ++ strncasecmp(host, tokval, tmp - host) == 0 &&
1133 ++ tokval[tmp - host] == '\0')
1134 ++ goto match;
1135 ++ continue;
1136 ++ }
1137 ++ match:
1138 ++ while ((t = token()) && t != MACH && t != DEFAULT) switch(t) {
1139 ++
1140 ++ case LOGIN:
1141 ++ if (token()) {
1142 ++ if (*aname == 0) {
1143 ++ *aname = malloc((unsigned) strlen(tokval) + 1);
1144 ++ (void) strcpy(*aname, tokval);
1145 ++ } else {
1146 ++ if (strcmp(*aname, tokval))
1147 ++ goto next;
1148 ++ }
1149 ++ }
1150 ++ break;
1151 ++ case PASSWD:
1152 ++ if (*aname==NULL) {
1153 ++ fprintf(stderr, "Error: `password' must follow `login' in .netrc\n");
1154 ++ goto bad;
1155 ++ }
1156 ++ if (strcmp(*aname, "anonymous") &&
1157 ++ fstat(fileno(cfile), &stb) >= 0 &&
1158 ++ (stb.st_mode & 077) != 0) {
1159 ++ fprintf(stderr, "Error - .netrc file not correct permissions.\n");
1160 ++ fprintf(stderr, "Remove password or correct mode (should be 600).\n");
1161 ++ goto bad;
1162 ++ }
1163 ++ if (token() && *apass == 0) {
1164 ++ *apass = malloc((unsigned) strlen(tokval) + 1);
1165 ++ (void) strcpy(*apass, tokval);
1166 ++ }
1167 ++ break;
1168 ++ case ACCOUNT:
1169 ++ break;
1170 ++ case MACDEF:
1171 ++ break;
1172 ++ default:
1173 ++ fprintf(stderr, "Unknown .netrc keyword %s\n", tokval);
1174 ++ break;
1175 ++ }
1176 ++ goto done;
1177 ++ }
1178 ++done:
1179 ++ (void) fclose(cfile);
1180 ++ return(0);
1181 ++bad:
1182 ++ (void) fclose(cfile);
1183 ++ return(-1);
1184 ++}
1185 ++
1186 ++static
1187 ++int
1188 ++token(void)
1189 ++{
1190 ++ char *cp;
1191 ++ int c;
1192 ++ struct toktab *t;
1193 ++
1194 ++ if (feof(cfile))
1195 ++ return (0);
1196 ++ while ((c = getc(cfile)) != EOF &&
1197 ++ (c == '\n' || c == '\t' || c == ' ' || c == ','))
1198 ++ continue;
1199 ++ if (c == EOF)
1200 ++ return (0);
1201 ++ cp = tokval;
1202 ++ if (c == '"') {
1203 ++ while ((c = getc(cfile)) != EOF && c != '"') {
1204 ++ if (c == '\\')
1205 ++ c = getc(cfile);
1206 ++ *cp++ = c;
1207 ++ }
1208 ++ } else {
1209 ++ *cp++ = c;
1210 ++ while ((c = getc(cfile)) != EOF
1211 ++ && c != '\n' && c != '\t' && c != ' ' && c != ',') {
1212 ++ if (c == '\\')
1213 ++ c = getc(cfile);
1214 ++ *cp++ = c;
1215 ++ }
1216 ++ }
1217 ++ *cp = 0;
1218 ++ if (tokval[0] == 0)
1219 ++ return (0);
1220 ++ for (t = toktab; t->tokstr; t++)
1221 ++ if (!strcmp(t->tokstr, tokval))
1222 ++ return (t->tval);
1223 ++ return (ID);
1224 ++}
1225 +--- a/rexec/rexec.c
1226 ++++ b/rexec/rexec.c
1227 +@@ -100,6 +100,8 @@
1228 + void echo_sig(int sig);
1229 + void safe_write_error(const char *message);
1230 +
1231 ++int xruserpass(const char *host, char **aname, char **apass);
1232 ++
1233 + /* These need to be global for signal passing. */
1234 + int aux_sock=-1; /* Socket for auxiliary channel. */
1235 + int extra_error = 1; /* Setup special channel for standard error? */
1236 +@@ -165,7 +167,10 @@
1237 + a newline. */
1238 + passwd = getpass("Password: ");
1239 + } else {
1240 +-
1241 ++ if (xruserpass(host, &user_name, &passwd) < 0) {
1242 ++ user_name = NULL;
1243 ++ passwd = NULL;
1244 ++ }
1245 + if ( user_name == NULL )
1246 + user_name = getenv("REXEC_USER");
1247 + if ( user_name == NULL ) {
1248 +--- a/rexec/Makefile.netrc
1249 ++++ b/rexec/Makefile
1250 +@@ -11,7 +11,7 @@
1251 +
1252 + all: rexec
1253 +
1254 +-rexec: rexec.c
1255 ++rexec: rexec.o ruserpass.o
1256 +
1257 + rexec.1:
1258 +
1259
1260 diff --git a/net-misc/netkit-rsh/files/patches/160_all_pam-sess.patch b/net-misc/netkit-rsh/files/patches/160_all_pam-sess.patch
1261 new file mode 100644
1262 index 00000000000..e0d416576d1
1263 --- /dev/null
1264 +++ b/net-misc/netkit-rsh/files/patches/160_all_pam-sess.patch
1265 @@ -0,0 +1,12 @@
1266 +--- a/rexecd/rexecd.c
1267 ++++ b/rexecd/rexecd.c
1268 +@@ -307,6 +307,9 @@
1269 + PAM_BAIL;
1270 + pam_error = pam_setcred(pamh, PAM_ESTABLISH_CRED);
1271 + PAM_BAIL;
1272 ++ pam_error = pam_open_session(pamh, 0);
1273 ++ PAM_BAIL;
1274 ++ pam_close_session(pamh, 0);
1275 + pam_end(pamh, PAM_SUCCESS);
1276 + /* If this point is reached, the user has been authenticated. */
1277 + setpwent();
1278
1279 diff --git a/net-misc/netkit-rsh/files/patches/170_all_errno.patch b/net-misc/netkit-rsh/files/patches/170_all_errno.patch
1280 new file mode 100644
1281 index 00000000000..32b1d0ee01d
1282 --- /dev/null
1283 +++ b/net-misc/netkit-rsh/files/patches/170_all_errno.patch
1284 @@ -0,0 +1,51 @@
1285 +--- a/rcp/rcp.c
1286 ++++ b/rcp/rcp.c
1287 +@@ -613,6 +613,7 @@
1288 + struct stat stb;
1289 + struct timeval tv[2];
1290 + enum { YES, NO, DISPLAYED } wrerr;
1291 ++ int werrno = 0;
1292 + BUF *bp;
1293 + off_t i, j, size;
1294 + char ch, *targ;
1295 +@@ -766,6 +767,7 @@
1296 + cp = bp->buf;
1297 + count = 0;
1298 + wrerr = NO;
1299 ++ werrno = 0;
1300 + for (i = 0; i < size; i += BUFSIZ) {
1301 + amt = BUFSIZ;
1302 + if (i + amt > size)
1303 +@@ -784,16 +786,20 @@
1304 + } while (amt > 0);
1305 + if (count == bp->cnt) {
1306 + if (wrerr == NO &&
1307 +- write(ofd, bp->buf, count) != count)
1308 ++ write(ofd, bp->buf, count) != count) {
1309 + wrerr = YES;
1310 ++ werrno = errno;
1311 ++ }
1312 + count = 0;
1313 + cp = bp->buf;
1314 + }
1315 + }
1316 + if (count != 0 && wrerr == NO &&
1317 +- write(ofd, bp->buf, count) != count)
1318 ++ write(ofd, bp->buf, count) != count) {
1319 + wrerr = YES;
1320 +- if (ftruncate(ofd, size)) {
1321 ++ werrno = errno;
1322 ++ }
1323 ++ if (wrerr == NO && ftruncate(ofd, size)) {
1324 + error("rcp: can't truncate %s: %s\n", np,
1325 + strerror(errno));
1326 + wrerr = DISPLAYED;
1327 +@@ -810,7 +816,7 @@
1328 + }
1329 + switch(wrerr) {
1330 + case YES:
1331 +- error("rcp: %s: %s\n", np, strerror(errno));
1332 ++ error("rcp: %s: %s\n", np, strerror(werrno));
1333 + break;
1334 + case NO:
1335 + (void)write(rem, "", 1);
1336
1337 diff --git a/net-misc/netkit-rsh/files/patches/180_all_rexec-sig.patch b/net-misc/netkit-rsh/files/patches/180_all_rexec-sig.patch
1338 new file mode 100644
1339 index 00000000000..4896bfa2349
1340 --- /dev/null
1341 +++ b/net-misc/netkit-rsh/files/patches/180_all_rexec-sig.patch
1342 @@ -0,0 +1,17 @@
1343 +--- a/rexec/rexec.c
1344 ++++ b/rexec/rexec.c
1345 +@@ -434,10 +434,10 @@
1346 + break;
1347 + default:
1348 + if ( sigaction(sig, NULL, &action) < 0 )
1349 +- {
1350 +- perror(progname);
1351 +- exit(1);
1352 +- }
1353 ++ /* in the signal(7) you can found "...except SIGKILL and SIGSTOP",
1354 ++ * but we detect problems with more signals...
1355 ++ */
1356 ++ return;
1357 + if ( action.sa_handler != SIG_IGN )
1358 + {
1359 + action.sa_handler = handler;
1360
1361 diff --git a/net-misc/netkit-rsh/files/patches/190_all_nohost.patch b/net-misc/netkit-rsh/files/patches/190_all_nohost.patch
1362 new file mode 100644
1363 index 00000000000..8258eb10576
1364 --- /dev/null
1365 +++ b/net-misc/netkit-rsh/files/patches/190_all_nohost.patch
1366 @@ -0,0 +1,63 @@
1367 +--- a/rexecd/rexecd.8
1368 ++++ b/rexecd/rexecd.8
1369 +@@ -40,6 +40,16 @@
1370 + .Nd remote execution server
1371 + .Sh SYNOPSIS
1372 + .Nm rexecd
1373 ++[
1374 ++\fB\-D\fP
1375 ++]
1376 ++.Sh OPTIONS
1377 ++.Nm Rexec
1378 ++accepts one option:
1379 ++.Pp
1380 ++.Bl -tag -width Ds
1381 ++.It Sy -D
1382 ++Disable reverse DNS look up and in the log will be used client IP addresses.
1383 + .Sh DESCRIPTION
1384 + .Nm Rexecd
1385 + is the server for the
1386 +--- a/rexecd/rexecd.c
1387 ++++ b/rexecd/rexecd.c
1388 +@@ -82,7 +82,9 @@
1389 + #include <string.h>
1390 + #include <paths.h>
1391 + #include <grp.h>
1392 +-
1393 ++#include <arpa/inet.h>
1394 ++
1395 ++
1396 + #ifdef USE_SHADOW
1397 + #include <shadow.h>
1398 + #endif
1399 +@@ -141,16 +143,22 @@
1400 + refuse(&from_host);
1401 + remote = hosts_info(&from_host);
1402 + #else
1403 ++ if (argc > 1 && argv[1] && strcmp(argv[1], "-D")==0)
1404 + {
1405 +- struct hostent *h = gethostbyaddr((const char *)&from.sin_addr,
1406 +- sizeof(struct in_addr),
1407 +- AF_INET);
1408 +- if (!h || !h->h_name) {
1409 +- write(0, "\1Where are you?\n", 16);
1410 +- return 1;
1411 ++ /* use IP in logs -- this is workaround */
1412 ++ remote = strdup(inet_ntoa(from.sin_addr));
1413 + }
1414 +- /* Be advised that this may be utter nonsense. */
1415 +- remote = strdup(h->h_name);
1416 ++ else
1417 ++ {
1418 ++ struct hostent *h = gethostbyaddr((const char *)&from.sin_addr,
1419 ++ sizeof(struct in_addr),
1420 ++ AF_INET);
1421 ++ if (!h || !h->h_name) {
1422 ++ write(0, "\1Where are you?\n", 16);
1423 ++ return 1;
1424 ++ }
1425 ++ /* Be advised that this may be utter nonsense. */
1426 ++ remote = strdup(h->h_name);
1427 + }
1428 + #endif
1429 + syslog(allow_severity, "connect from %.128s", remote);
1430
1431 diff --git a/net-misc/netkit-rsh/files/patches/200_all_ignchld.patch b/net-misc/netkit-rsh/files/patches/200_all_ignchld.patch
1432 new file mode 100644
1433 index 00000000000..f916458d47d
1434 --- /dev/null
1435 +++ b/net-misc/netkit-rsh/files/patches/200_all_ignchld.patch
1436 @@ -0,0 +1,22 @@
1437 +--- a/rlogind/rlogind.c
1438 ++++ b/rlogind/rlogind.c
1439 +@@ -440,7 +440,7 @@
1440 + ioctl(master, TIOCPKT, &on);
1441 + signal(SIGCHLD, cleanup);
1442 + protocol(netfd, master);
1443 +- signal(SIGCHLD, SIG_IGN);
1444 ++ signal(SIGCHLD, SIG_DFL);
1445 + cleanup(0);
1446 + }
1447 +
1448 +--- a/rlogin/rlogin.c
1449 ++++ b/rlogin/rlogin.c
1450 +@@ -523,7 +523,7 @@
1451 + stop(char cmdc)
1452 + {
1453 + mode(0);
1454 +- signal(SIGCHLD, SIG_IGN);
1455 ++ signal(SIGCHLD, SIG_DFL);
1456 + kill(cmdc == defsusp ? 0 : getpid(), SIGTSTP);
1457 + signal(SIGCHLD, catch_child);
1458 + mode(1);
1459
1460 diff --git a/net-misc/netkit-rsh/files/patches/210_all_checkdir-r1.patch b/net-misc/netkit-rsh/files/patches/210_all_checkdir-r1.patch
1461 new file mode 100644
1462 index 00000000000..4fde4031550
1463 --- /dev/null
1464 +++ b/net-misc/netkit-rsh/files/patches/210_all_checkdir-r1.patch
1465 @@ -0,0 +1,23 @@
1466 +--- a/rcp/rcp.c
1467 ++++ b/rcp/rcp.c
1468 +@@ -716,6 +716,11 @@
1469 + size = size * 10 + (*cp++ - '0');
1470 + if (*cp++ != ' ')
1471 + SCREWUP("size not delimited");
1472 ++ if (*cp == '\0' || strchr(cp, '/') != NULL ||
1473 ++ strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) {
1474 ++ error("error: unexpected filename: %s", cp);
1475 ++ exit(1);
1476 ++ }
1477 + if (targisdir) {
1478 + static char *namebuf;
1479 + static int cursize;
1480 +@@ -735,6 +739,8 @@
1481 + np = targ;
1482 + exists = stat(np, &stb) == 0;
1483 + if (buf[0] == 'D') {
1484 ++ if (!iamrecursive)
1485 ++ SCREWUP("received directory without -r");
1486 + if (exists) {
1487 + if ((stb.st_mode&S_IFMT) != S_IFDIR) {
1488 + errno = ENOTDIR;
1489
1490 diff --git a/net-misc/netkit-rsh/files/patches/220_all_fbsd.patch b/net-misc/netkit-rsh/files/patches/220_all_fbsd.patch
1491 new file mode 100644
1492 index 00000000000..3b108c17f4a
1493 --- /dev/null
1494 +++ b/net-misc/netkit-rsh/files/patches/220_all_fbsd.patch
1495 @@ -0,0 +1,222 @@
1496 +--- a/configure
1497 ++++ b/configure
1498 +@@ -368,9 +368,35 @@
1499 +
1500 + ##################################################
1501 +
1502 ++echo -n 'Checking for rexec... '
1503 ++cat <<EOF >__conftest.c
1504 ++int main() { rexec(0, 0, 0, 0, 0, 0); }
1505 ++
1506 ++EOF
1507 ++
1508 ++if (
1509 ++ $CC $CFLAGS __conftest.c -o __conftest || exit 1
1510 ++ ) >/dev/null 2>&1; then
1511 ++ echo 'yes'
1512 ++else
1513 ++ if (
1514 ++ $CC $CFLAGS __conftest.c -lcompat -o __conftest || exit 1
1515 ++ ) >/dev/null 2>&1; then
1516 ++ echo '-lcompat'
1517 ++ LIBS="$LIBS -lcompat"
1518 ++ else
1519 ++ echo 'no'
1520 ++ echo 'This package requires rexec.'
1521 ++ rm -f __conftest*
1522 ++ exit
1523 ++ fi
1524 ++fi
1525 ++rm -f __conftest*
1526 ++
1527 ++##################################################
1528 ++
1529 + echo -n 'Checking for forkpty... '
1530 + cat <<EOF >__conftest.c
1531 +-#include <pty.h>
1532 + int main() { forkpty(0, 0, 0, 0); }
1533 +
1534 + EOF
1535 +--- a/rcp/rcp.c
1536 ++++ b/rcp/rcp.c
1537 +@@ -50,6 +50,7 @@
1538 + #include <sys/ioctl.h>
1539 + #include <sys/socket.h>
1540 + #include <sys/wait.h>
1541 ++#include <netinet/in_systm.h>
1542 + #include <netinet/in.h>
1543 + #include <netinet/ip.h>
1544 + #include <dirent.h>
1545 +@@ -100,7 +101,7 @@
1546 + static void error(const char *fmt, ...);
1547 +
1548 + int
1549 +-main(int argc, char *argv[])
1550 ++main(int argc, char *argv[], char **env)
1551 + {
1552 + struct servent *sp;
1553 + int ch, fflag, tflag;
1554 +@@ -108,8 +109,8 @@
1555 + const char *shell;
1556 + char *null = NULL;
1557 +
1558 +- saved_environ = __environ;
1559 +- __environ = &null;
1560 ++ saved_environ = env;
1561 ++ env = &null;
1562 +
1563 + fflag = tflag = 0;
1564 + while ((ch = getopt(argc, argv, OPTIONS)) != EOF)
1565 +--- a/rexec/Makefile
1566 ++++ b/rexec/Makefile
1567 +@@ -12,6 +12,7 @@
1568 + all: rexec
1569 +
1570 + rexec: rexec.o ruserpass.o
1571 ++ $(CC) $(CFLAGS) $(LDFLAGS) $^ $(LIBS) -o $@
1572 +
1573 + rexec.1:
1574 +
1575 +--- a/rexec/ruserpass.c
1576 ++++ b/rexec/ruserpass.c
1577 +@@ -39,6 +39,7 @@
1578 +
1579 + #include <stdio.h>
1580 + #include <stdlib.h>
1581 ++#include <sys/types.h>
1582 + #include <utmp.h>
1583 + #include <ctype.h>
1584 + #include <sys/stat.h>
1585 +--- a/rexecd/rexecd.c
1586 ++++ b/rexecd/rexecd.c
1587 +@@ -76,7 +76,9 @@
1588 + #include <errno.h>
1589 + #include <syslog.h>
1590 + #include <unistd.h>
1591 ++#if defined(__GLIBC__)
1592 + #include <crypt.h> /* apparently necessary in some glibcs */
1593 ++#endif
1594 + #include <stdio.h>
1595 + #include <stdlib.h>
1596 + #include <string.h>
1597 +--- a/rlogin/rlogin.c
1598 ++++ b/rlogin/rlogin.c
1599 +@@ -56,6 +56,7 @@
1600 + #include <sys/resource.h>
1601 + #include <sys/wait.h>
1602 + #include <sys/ioctl.h>
1603 ++#include <netinet/in_systm.h>
1604 + #include <netinet/in.h>
1605 + #include <netinet/ip.h>
1606 + #include <netdb.h>
1607 +@@ -96,6 +97,13 @@
1608 + #define SIGUSR1 30
1609 + #endif
1610 +
1611 ++#ifndef TABDLY
1612 ++#define TABDLY OXTABS
1613 ++#endif
1614 ++#ifndef TAB3
1615 ++#define TAB3 OXTABS
1616 ++#endif
1617 ++
1618 + struct termios defmodes;
1619 + struct termios ixon_state;
1620 + static int eight, litout, rem;
1621 +@@ -172,7 +180,7 @@
1622 + }
1623 +
1624 + int
1625 +-main(int argc, char **argv)
1626 ++main(int argc, char **argv, char **env)
1627 + {
1628 + struct passwd *pw;
1629 + struct servent *sp;
1630 +@@ -265,7 +273,7 @@
1631 + }
1632 + else snprintf(term, sizeof(term), "%.256s", t);
1633 +
1634 +- __environ = &null;
1635 ++ env = &null;
1636 +
1637 + get_window_size(0, &winsize);
1638 +
1639 +@@ -421,7 +429,7 @@
1640 + void
1641 + catch_child(int ignore)
1642 + {
1643 +- union wait status;
1644 ++ int status;
1645 + int pid;
1646 +
1647 + (void)ignore;
1648 +@@ -432,7 +440,7 @@
1649 + return;
1650 + /* if the child (reader) dies, just quit */
1651 + if (pid < 0 || (pid == childpid && !WIFSTOPPED(status)))
1652 +- done((int)(status.w_termsig | status.w_retcode));
1653 ++ done((int)(WTERMSIG(status) | WEXITSTATUS(status)));
1654 + }
1655 + /* NOTREACHED */
1656 + }
1657 +--- a/rlogind/auth.c
1658 ++++ b/rlogind/auth.c
1659 +@@ -31,6 +31,7 @@
1660 + * SUCH DAMAGE.
1661 + */
1662 +
1663 ++#include <stdio.h>
1664 + #include <sys/types.h>
1665 + #include <pwd.h>
1666 +
1667 +@@ -190,7 +191,7 @@
1668 + #include <sys/socket.h> /* for ruserok() in libc5 (!) */
1669 + #include <netdb.h> /* for ruserok() in glibc (!) */
1670 +
1671 +-#if defined(__GLIBC__) && (__GLIBC__ >= 2)
1672 ++#if !(defined(__GLIBC__) && (__GLIBC__ < 2))
1673 + #define _check_rhosts_file __check_rhosts_file
1674 + #endif
1675 + extern int _check_rhosts_file;
1676 +--- a/rsh/rsh.c
1677 ++++ b/rsh/rsh.c
1678 +@@ -69,7 +69,7 @@
1679 + static void usage(void);
1680 +
1681 + int
1682 +-main(int argc, char *argv[])
1683 ++main(int argc, char *argv[], char **env)
1684 + {
1685 + struct passwd *pw;
1686 + struct servent *sp;
1687 +@@ -80,8 +80,8 @@
1688 + char *null = NULL;
1689 + char **saved_environ;
1690 +
1691 +- saved_environ = __environ;
1692 +- __environ = &null;
1693 ++ saved_environ = env;
1694 ++ env = &null;
1695 +
1696 + argoff = asrsh = dflag = nflag = 0;
1697 + one = 1;
1698 +--- a/rshd/rshd.c
1699 ++++ b/rshd/rshd.c
1700 +@@ -80,7 +80,7 @@
1701 + #include <ctype.h>
1702 + #include <assert.h>
1703 +
1704 +-#if defined(__GLIBC__) && (__GLIBC__ >= 2)
1705 ++#if !(defined(__GLIBC__) && (__GLIBC__ < 2))
1706 + #define _check_rhosts_file __check_rhosts_file
1707 + #endif
1708 +
1709 +@@ -420,7 +420,7 @@
1710 + stderr_parent(sock, pv[0], pid);
1711 + /* NOTREACHED */
1712 + }
1713 +- setpgrp();
1714 ++ setpgid(0,0);
1715 + close(sock);
1716 + close(pv[0]);
1717 + dup2(pv[1], 2);
1718
1719 diff --git a/net-misc/netkit-rsh/files/patches/230_all_MAX_ARG.patch b/net-misc/netkit-rsh/files/patches/230_all_MAX_ARG.patch
1720 new file mode 100644
1721 index 00000000000..1b069b5c5e4
1722 --- /dev/null
1723 +++ b/net-misc/netkit-rsh/files/patches/230_all_MAX_ARG.patch
1724 @@ -0,0 +1,96 @@
1725 +fix building when ARG_MAX is not defined
1726 +
1727 +patch by Tom-Steve Watzke
1728 +
1729 +http://bugs.gentoo.org/225341
1730 +
1731 +--- a/rexecd/rexecd.c
1732 ++++ b/rexecd/rexecd.c
1733 +@@ -85,6 +85,7 @@ char rcsid[] =
1734 + #include <paths.h>
1735 + #include <grp.h>
1736 + #include <arpa/inet.h>
1737 ++#include <limits.h>
1738 +
1739 +
1740 + #ifdef USE_SHADOW
1741 +@@ -233,7 +234,8 @@ static struct pam_conv PAM_conversation = {
1742 + static void
1743 + doit(struct sockaddr_in *fromp)
1744 + {
1745 +- char cmdbuf[ARG_MAX+1];
1746 ++ char *cmdbuf;
1747 ++ int cmdbuflen;
1748 + char user[16], pass[16];
1749 + struct passwd *pwd;
1750 + int s = -1;
1751 +@@ -252,6 +254,15 @@ doit(struct sockaddr_in *fromp)
1752 + #endif
1753 + #endif /* USE_PAM */
1754 +
1755 ++ cmdbuflen = sysconf(_SC_ARG_MAX);
1756 ++ if (cmdbuflen < _POSIX_ARG_MAX)
1757 ++ cmdbuflen = _POSIX_ARG_MAX;
1758 ++ cmdbuf = malloc(cmdbuflen);
1759 ++ if (cmdbuf == NULL) {
1760 ++ syslog(LOG_ERR, "unable to malloc(%i) for command buffer: %s", cmdbuflen, strerror(errno));
1761 ++ fatal("out of memory\n");
1762 ++ }
1763 ++
1764 + signal(SIGINT, SIG_DFL);
1765 + signal(SIGQUIT, SIG_DFL);
1766 + signal(SIGTERM, SIG_DFL);
1767 +@@ -301,7 +312,7 @@ doit(struct sockaddr_in *fromp)
1768 +
1769 + getstr(user, sizeof(user), "username too long\n");
1770 + getstr(pass, sizeof(pass), "password too long\n");
1771 +- getstr(cmdbuf, sizeof(cmdbuf), "command too long\n");
1772 ++ getstr(cmdbuf, cmdbuflen, "command too long\n");
1773 + #ifdef USE_PAM
1774 + #define PAM_BAIL if (pam_error != PAM_SUCCESS) { \
1775 + pam_end(pamh, pam_error); exit(1); \
1776 +--- a/rshd/rshd.c
1777 ++++ b/rshd/rshd.c
1778 +@@ -79,6 +79,7 @@ char rcsid[] =
1779 + #include <stdarg.h>
1780 + #include <ctype.h>
1781 + #include <assert.h>
1782 ++#include <limits.h>
1783 +
1784 + #if !(defined(__GLIBC__) && (__GLIBC__ < 2))
1785 + #define _check_rhosts_file __check_rhosts_file
1786 +@@ -337,7 +338,8 @@ static const char *findhostname(struct sockaddr_in *fromp,
1787 + static void
1788 + doit(struct sockaddr_in *fromp)
1789 + {
1790 +- char cmdbuf[ARG_MAX+1];
1791 ++ char *cmdbuf;
1792 ++ int cmdbuflen;
1793 + const char *theshell, *shellname;
1794 + char locuser[16], remuser[16];
1795 + struct passwd *pwd;
1796 +@@ -346,6 +348,15 @@ doit(struct sockaddr_in *fromp)
1797 + u_short port;
1798 + int pv[2], pid, ifd;
1799 +
1800 ++ cmdbuflen = sysconf(_SC_ARG_MAX);
1801 ++ if (cmdbuflen < _POSIX_ARG_MAX)
1802 ++ cmdbuflen = _POSIX_ARG_MAX;
1803 ++ cmdbuf = malloc(cmdbuflen);
1804 ++ if (cmdbuf == NULL) {
1805 ++ syslog(LOG_ERR, "unable to malloc(%i) for command buffer: %s", cmdbuflen, strerror(errno));
1806 ++ exit(1);
1807 ++ }
1808 ++
1809 + signal(SIGINT, SIG_DFL);
1810 + signal(SIGQUIT, SIG_DFL);
1811 + signal(SIGTERM, SIG_DFL);
1812 +@@ -382,7 +393,7 @@ doit(struct sockaddr_in *fromp)
1813 +
1814 + getstr(remuser, sizeof(remuser), "remuser");
1815 + getstr(locuser, sizeof(locuser), "locuser");
1816 +- getstr(cmdbuf, sizeof(cmdbuf), "command");
1817 ++ getstr(cmdbuf, cmdbuflen, "command");
1818 + if (!strcmp(locuser, "root")) paranoid = 1;
1819 +
1820 + hostname = findhostname(fromp, remuser, locuser, cmdbuf);
1821
1822 diff --git a/net-misc/netkit-rsh/metadata.xml b/net-misc/netkit-rsh/metadata.xml
1823 index 7a38bb90096..d095ed4b8f8 100644
1824 --- a/net-misc/netkit-rsh/metadata.xml
1825 +++ b/net-misc/netkit-rsh/metadata.xml
1826 @@ -1,5 +1,12 @@
1827 <?xml version="1.0" encoding="UTF-8"?>
1828 <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
1829 <pkgmetadata>
1830 - <!-- maintainer-needed -->
1831 + <maintainer type="person" proxied="yes">
1832 + <email>hlein@×××××××××.com</email>
1833 + <name>Hank Leininger</name>
1834 + </maintainer>
1835 + <maintainer type="project" proxied="proxy">
1836 + <email>proxy-maint@g.o</email>
1837 + <name>Proxy Maintainers</name>
1838 + </maintainer>
1839 </pkgmetadata>
1840
1841 diff --git a/net-misc/netkit-rsh/netkit-rsh-0.17-r12.ebuild b/net-misc/netkit-rsh/netkit-rsh-0.17-r12.ebuild
1842 new file mode 100644
1843 index 00000000000..d8a316de1ce
1844 --- /dev/null
1845 +++ b/net-misc/netkit-rsh/netkit-rsh-0.17-r12.ebuild
1846 @@ -0,0 +1,78 @@
1847 +# Copyright 1999-2021 Gentoo Authors
1848 +# Distributed under the terms of the GNU General Public License v2
1849 +
1850 +EAPI=7
1851 +
1852 +inherit pam toolchain-funcs fcaps
1853 +
1854 +DESCRIPTION="Netkit's Remote Shell Suite: rexec{,d} rlogin{,d} rsh{,d}"
1855 +HOMEPAGE="ftp://ftp.uk.linux.org/pub/linux/Networking/netkit/"
1856 +SRC_URI="ftp://ftp.uk.linux.org/pub/linux/Networking/netkit/${P}.tar.gz
1857 + mirror://gentoo/rexec-1.5.tar.gz"
1858 +
1859 +LICENSE="BSD"
1860 +SLOT="0"
1861 +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"
1862 +IUSE="pam"
1863 +
1864 +RDEPEND="
1865 + sys-libs/ncurses:=
1866 + pam? ( >=sys-auth/pambase-20080219.1 )"
1867 +DEPEND="${RDEPEND}"
1868 +BDEPEND="app-arch/xz-utils"
1869 +
1870 +PATCHES=(
1871 + "${FILESDIR}"/patches/
1872 +)
1873 +
1874 +FILECAPS=( cap_net_bind_service usr/bin/r{cp,login,sh} )
1875 +
1876 +src_prepare() {
1877 + # This must happen before patches are applied
1878 + rm -r rexec || die
1879 + mv ../rexec rexec || die
1880 +
1881 + default
1882 +
1883 + if tc-is-cross-compiler ; then
1884 + # Can't do runtime tests when cross-compiling
1885 + sed -i -e "s|./__conftest|: ./__conftest|" configure || die
1886 + fi
1887 +}
1888 +
1889 +src_configure() {
1890 + tc-export CC
1891 + ${CONFIG_SHELL:-/bin/sh} ./configure $(usex pam '' '--without-pam') || die
1892 +
1893 + sed -i \
1894 + -e "s|-pipe -O2|${CFLAGS}|" \
1895 + -e "/^LDFLAGS=$/d" \
1896 + -e "s|-Wpointer-arith||" \
1897 + MCONFIG || die
1898 +}
1899 +
1900 +src_install() {
1901 + insinto /etc/xinetd.d
1902 +
1903 + local b
1904 + for b in rcp rexec{,d} rlogin{,d} rsh{,d} ; do
1905 + if [[ ${b} == *d ]] ; then
1906 + dosbin ${b}/${b}
1907 + dosym ${b} /usr/sbin/in.${b}
1908 + doman ${b}/${b}.8
1909 + else
1910 + dobin ${b}/${b}
1911 + doman ${b}/${b}.1
1912 + if [[ ${b} != rcp ]]; then
1913 + newins "${FILESDIR}"/${b}.xinetd ${b}
1914 +
1915 + if use pam; then
1916 + newpamd "${FILESDIR}/${b}.pamd-pambase" ${b}
1917 + fi
1918 + fi
1919 + fi
1920 + done
1921 +
1922 + dodoc README ChangeLog BUGS
1923 + newdoc rexec/README README.rexec
1924 +}
Report Message
Find on MARC Find on Google Groups