Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Thomas Deutschmann <whissi@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: net-misc/oidentd/files/, net-misc/oidentd/
Date: Mon, 17 Feb 2020 18:38:29
Message-Id: 1581964691.1cc9a7d0c5b62ab36e04c724f5fa6877fb09a88f.whissi@gentoo
1 commit: 1cc9a7d0c5b62ab36e04c724f5fa6877fb09a88f
2 Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
3 AuthorDate: Mon Feb 17 18:38:11 2020 +0000
4 Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
5 CommitDate: Mon Feb 17 18:38:11 2020 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1cc9a7d0
7
8 net-misc/oidentd: security cleanup (#709454)
9
10 Bug: https://bugs.gentoo.org/709454
11 Package-Manager: Portage-2.3.89, Repoman-2.3.20
12 Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
13
14 net-misc/oidentd/Manifest | 1 -
15 net-misc/oidentd/files/oidentd-2.0.7-confd | 4 --
16 .../files/oidentd-2.0.8-bind-to-ipv6-too.patch | 17 ------
17 net-misc/oidentd/files/oidentd-2.0.8-gcc5.patch | 25 ---------
18 .../files/oidentd-2.0.8-log-conntrack-fails.patch | 52 ------------------
19 .../oidentd/files/oidentd-2.0.8-masquerading.patch | 43 ---------------
20 .../oidentd-2.0.8-no-conntrack-masquerading.patch | 41 --------------
21 net-misc/oidentd/files/oidentd.conf | 22 --------
22 net-misc/oidentd/files/oidentd.service | 9 ----
23 net-misc/oidentd/files/oidentd.socket | 10 ----
24 net-misc/oidentd/files/oidentd_at.service | 7 ---
25 net-misc/oidentd/files/oidentd_masq.conf | 10 ----
26 net-misc/oidentd/oidentd-2.0.8-r6.ebuild | 63 ----------------------
27 13 files changed, 304 deletions(-)
28
29 diff --git a/net-misc/oidentd/Manifest b/net-misc/oidentd/Manifest
30 index 4639109ca44..6d1c2163397 100644
31 --- a/net-misc/oidentd/Manifest
32 +++ b/net-misc/oidentd/Manifest
33 @@ -1,2 +1 @@
34 -DIST oidentd-2.0.8.tar.gz 212354 BLAKE2B 46f4c4478822e832885f5f38a2ab5b2132ff5c1e5071fd1dc6050e55992d50bd96be096064996853af69d16316e6aff648c5320714b53b60c038cc9aaedfedda SHA512 86229a4ef9892121c25a7140616e180f862ca34b73ea3ad9f0fbb008f657abb17e9f14c2c25ae14c14bfc14bf1ea10b50fd68318631a9c52227bbfd6e6d43288
35 DIST oidentd-2.4.0.tar.xz 188280 BLAKE2B e7a6cdcc78ae61b103b81335d6a4802bbc301adad256dbe9461245e7a2839e1f4786cf3bf7206df2f8fc6414351c4bb8f92c87d16d69f678e0793b9a760ee966 SHA512 3dc6f8ba1c374c21bbc721516f83c5b825d5bc75dbda390d5e5e0e72ceac31495380a6025c626edcec4f8685a009f5be9571606c50e28fc28dc9f73a20f1b2d0
36
37 diff --git a/net-misc/oidentd/files/oidentd-2.0.7-confd b/net-misc/oidentd/files/oidentd-2.0.7-confd
38 deleted file mode 100644
39 index 3116889e67e..00000000000
40 --- a/net-misc/oidentd/files/oidentd-2.0.7-confd
41 +++ /dev/null
42 @@ -1,4 +0,0 @@
43 -# oidentd start-up options
44 -USER="nobody"
45 -GROUP="nobody"
46 -OPTIONS=""
47
48 diff --git a/net-misc/oidentd/files/oidentd-2.0.8-bind-to-ipv6-too.patch b/net-misc/oidentd/files/oidentd-2.0.8-bind-to-ipv6-too.patch
49 deleted file mode 100644
50 index 2652622cdd4..00000000000
51 --- a/net-misc/oidentd/files/oidentd-2.0.8-bind-to-ipv6-too.patch
52 +++ /dev/null
53 @@ -1,17 +0,0 @@
54 -Patch to bind to ipv6 socket as well
55 -Patch supplied by Fabian Knittel <fabian.knittel@×××××.com>
56 ---- oidentd-2.0.8/src/oidentd_inet_util.c 2006-05-22 02:31:19.000000000 +0200
57 -+++ oidentd-2.0.8.new/src/oidentd_inet_util.c 2010-03-01 20:26:11.000000000 +0100
58 -@@ -60,6 +60,12 @@
59 - #ifdef WANT_IPV6
60 - case AF_INET6:
61 - SIN6(ai->ai_addr)->sin6_port = listen_port;
62 -+
63 -+ if (setsockopt(listenfd, IPPROTO_IPV6, IPV6_V6ONLY, &one,
64 -+ sizeof(one)) != 0) {
65 -+ debug("setsockopt IPV6_V6ONLY: %s", strerror(errno));
66 -+ return (-1);
67 -+ }
68 - break;
69 - #endif
70 -
71
72 diff --git a/net-misc/oidentd/files/oidentd-2.0.8-gcc5.patch b/net-misc/oidentd/files/oidentd-2.0.8-gcc5.patch
73 deleted file mode 100644
74 index a401a65d9bc..00000000000
75 --- a/net-misc/oidentd/files/oidentd-2.0.8-gcc5.patch
76 +++ /dev/null
77 @@ -1,25 +0,0 @@
78 -Description: Fix a failure to build with gcc5.
79 -Bug: http://bugs.debian.org/778035
80 -
81 ---- a/src/oidentd_util.c 2015-07-03 05:56:24.000000000 -0400
82 -+++ b/src/oidentd_util.c 2015-07-03 05:56:47.671378000 -0400
83 -@@ -75,7 +75,7 @@
84 - ** PRNG functions on systems whose libraries provide them.)
85 - */
86 -
87 --inline int randval(int i) {
88 -+extern __attribute__ ((gnu_inline)) int randval(int i) {
89 - /* Per _Numerical Recipes in C_: */
90 - return ((double) i * rand() / (RAND_MAX+1.0));
91 - }
92 ---- a/src/oidentd_util.h 2015-07-03 05:56:32.000000000 -0400
93 -+++ b/src/oidentd_util.h 2015-07-03 05:56:53.835378000 -0400
94 -@@ -58,7 +58,7 @@
95 - int find_group(const char *temp_group, gid_t *gid);
96 -
97 - int random_seed(void);
98 --inline int randval(int i);
99 -+extern __attribute__ ((gnu_inline)) int randval(int i);
100 -
101 - #ifndef HAVE_SNPRINTF
102 - int snprintf(char *str, size_t n, char const *fmt, ...);
103
104 diff --git a/net-misc/oidentd/files/oidentd-2.0.8-log-conntrack-fails.patch b/net-misc/oidentd/files/oidentd-2.0.8-log-conntrack-fails.patch
105 deleted file mode 100644
106 index d29479ec028..00000000000
107 --- a/net-misc/oidentd/files/oidentd-2.0.8-log-conntrack-fails.patch
108 +++ /dev/null
109 @@ -1,52 +0,0 @@
110 -From 612f1d85dd59fc39b124392df38586769ebc8add Mon Sep 17 00:00:00 2001
111 -From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@××××××.com>
112 -Date: Fri, 11 Mar 2016 10:00:59 +0100
113 -Subject: [PATCH] Log Linux core_init failures as normal error
114 -MIME-Version: 1.0
115 -Content-Type: text/plain; charset=UTF-8
116 -Content-Transfer-Encoding: 8bit
117 -
118 -Opening Linux conntracking table file failure for different reason than
119 -missing the file is fatal for deamon initizalization. But the failure
120 -was logged inly in debugging build.
121 -
122 -This patch makes the fatal error visible in normal log.
123 -
124 -https://bugzilla.redhat.com/show_bug.cgi?id=1316308
125 -Signed-off-by: Petr Písař <ppisar@××××××.com>
126 ----
127 - src/kernel/linux.c | 6 +++---
128 - 1 file changed, 3 insertions(+), 3 deletions(-)
129 -
130 -diff --git a/src/kernel/linux.c b/src/kernel/linux.c
131 -index 8bf265f..9103dbf 100644
132 ---- a/src/kernel/linux.c
133 -+++ b/src/kernel/linux.c
134 -@@ -73,21 +73,21 @@ bool core_init(void) {
135 - masq_fp = fopen(MASQFILE, "r");
136 - if (masq_fp == NULL) {
137 - if (errno != ENOENT) {
138 -- debug("fopen: %s: %s", MASQFILE, strerror(errno));
139 -+ o_log(NORMAL, "fopen: %s: %s", MASQFILE, strerror(errno));
140 - return false;
141 - }
142 -
143 - masq_fp = fopen(CONNTRACK, "r");
144 - if (masq_fp == NULL) {
145 - if (errno != ENOENT) {
146 -- debug("fopen: %s: %s", CONNTRACK, strerror(errno));
147 -+ o_log(NORMAL, "fopen: %s: %s", CONNTRACK, strerror(errno));
148 - return false;
149 - }
150 -
151 - masq_fp = fopen(NFCONNTRACK, "r");
152 - if (masq_fp == NULL) {
153 - if (errno != ENOENT) {
154 -- debug("fopen: %s: %s", NFCONNTRACK, strerror(errno));
155 -+ o_log(NORMAL, "fopen: %s: %s", NFCONNTRACK, strerror(errno));
156 - return false;
157 - }
158 - masq_fp = fopen("/dev/null", "r");
159 ---
160 -2.5.0
161 -
162
163 diff --git a/net-misc/oidentd/files/oidentd-2.0.8-masquerading.patch b/net-misc/oidentd/files/oidentd-2.0.8-masquerading.patch
164 deleted file mode 100644
165 index 191e9b95e64..00000000000
166 --- a/net-misc/oidentd/files/oidentd-2.0.8-masquerading.patch
167 +++ /dev/null
168 @@ -1,43 +0,0 @@
169 ---- oidentd.orig/src/kernel/linux.c 2006-05-22 06:58:53.000000000 +0300
170 -+++ oidentd-2.0.8/src/kernel/linux.c 2007-07-11 21:28:56.000000000 +0300
171 -@@ -48,6 +48,7 @@
172 - #define CFILE6 "/proc/net/tcp6"
173 - #define MASQFILE "/proc/net/ip_masquerade"
174 - #define CONNTRACK "/proc/net/ip_conntrack"
175 -+#define NFCONNTRACK "/proc/net/nf_conntrack"
176 -
177 - static int netlink_sock;
178 - extern struct sockaddr_storage proxy;
179 -@@ -82,7 +83,15 @@
180 - debug("fopen: %s: %s", CONNTRACK, strerror(errno));
181 - return false;
182 - }
183 -- masq_fp = fopen("/dev/null", "r");
184 -+
185 -+ masq_fp = fopen(NFCONNTRACK, "r");
186 -+ if (masq_fp == NULL) {
187 -+ if (errno != ENOENT) {
188 -+ debug("fopen: %s: %s", NFCONNTRACK, strerror(errno));
189 -+ return false;
190 -+ }
191 -+ masq_fp = fopen("/dev/null", "r");
192 -+ }
193 - }
194 -
195 - netfilter = true;
196 -@@ -367,6 +376,15 @@
197 - &nport_temp, &mport_temp);
198 - }
199 -
200 -+ if (ret != 21) {
201 -+ ret = sscanf(buf,
202 -+ "%*15s %*d %15s %*d %*d ESTABLISHED src=%d.%d.%d.%d dst=%d.%d.%d.%d sport=%d dport=%d packets=%*d bytes=%*d src=%d.%d.%d.%d dst=%d.%d.%d.%d sport=%d dport=%d",
203 -+ proto, &l1, &l2, &l3, &l4, &r1, &r2, &r3, &r4,
204 -+ &masq_lport_temp, &masq_fport_temp,
205 -+ &nl1, &nl2, &nl3, &nl4, &nr1, &nr2, &nr3, &nr4,
206 -+ &nport_temp, &mport_temp);
207 -+ }
208 -+
209 - if (ret != 21)
210 - continue;
211 -
212
213 diff --git a/net-misc/oidentd/files/oidentd-2.0.8-no-conntrack-masquerading.patch b/net-misc/oidentd/files/oidentd-2.0.8-no-conntrack-masquerading.patch
214 deleted file mode 100644
215 index 92ef0252316..00000000000
216 --- a/net-misc/oidentd/files/oidentd-2.0.8-no-conntrack-masquerading.patch
217 +++ /dev/null
218 @@ -1,41 +0,0 @@
219 -From 20a63ad8a90c36397cceedd34887298890dbafa3 Mon Sep 17 00:00:00 2001
220 -From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@××××××.com>
221 -Date: Fri, 11 Mar 2016 10:38:10 +0100
222 -Subject: [PATCH] Linux: Do not open conntracking table if masquerading is not
223 - enabled
224 -MIME-Version: 1.0
225 -Content-Type: text/plain; charset=UTF-8
226 -Content-Transfer-Encoding: 8bit
227 -
228 -The contracking table was always opened. This is unnecessary because
229 -the table is used only when masquerading feature is requested on run
230 -time.
231 -
232 -This patch skips opening the conntracking table on Linux if
233 -masquerading is not requested.
234 -
235 -https://bugzilla.redhat.com/show_bug.cgi?id=1316308
236 -Signed-off-by: Petr Písař <ppisar@××××××.com>
237 ----
238 - src/kernel/linux.c | 5 +++++
239 - 1 file changed, 5 insertions(+)
240 -
241 -diff --git a/src/kernel/linux.c b/src/kernel/linux.c
242 -index 9103dbf..859f554 100644
243 ---- a/src/kernel/linux.c
244 -+++ b/src/kernel/linux.c
245 -@@ -70,6 +70,11 @@ bool netfilter;
246 - */
247 - bool core_init(void) {
248 - #ifdef MASQ_SUPPORT
249 -+ if (!opt_enabled(MASQ)) {
250 -+ masq_fp = NULL;
251 -+ return true;
252 -+ }
253 -+
254 - masq_fp = fopen(MASQFILE, "r");
255 - if (masq_fp == NULL) {
256 - if (errno != ENOENT) {
257 ---
258 -2.5.0
259 -
260
261 diff --git a/net-misc/oidentd/files/oidentd.conf b/net-misc/oidentd/files/oidentd.conf
262 deleted file mode 100644
263 index 03b28d82780..00000000000
264 --- a/net-misc/oidentd/files/oidentd.conf
265 +++ /dev/null
266 @@ -1,22 +0,0 @@
267 -# Configuration for oidentd
268 -# see oidentd.conf(5)
269 -#
270 -default {
271 - default {
272 - deny spoof
273 - deny spoof_all
274 - deny spoof_privport
275 - allow random
276 - allow random_numeric
277 - allow numeric
278 - deny hide
279 - }
280 -}
281 -
282 -# you may want to hide root connections
283 -#user "root" {
284 -# default {
285 -# force reply "UNKNOWN"
286 -# }
287 -#}
288 -
289
290 diff --git a/net-misc/oidentd/files/oidentd.service b/net-misc/oidentd/files/oidentd.service
291 deleted file mode 100644
292 index bf159d855b8..00000000000
293 --- a/net-misc/oidentd/files/oidentd.service
294 +++ /dev/null
295 @@ -1,9 +0,0 @@
296 -[Unit]
297 -Description=TCP/IP IDENT protocol server
298 -
299 -[Service]
300 -ExecStart=/usr/sbin/oidentd -i -S -u nobody -g nobody
301 -ExecReload=/bin/kill -HUP $MAINPID
302 -
303 -[Install]
304 -WantedBy=multi-user.target
305
306 diff --git a/net-misc/oidentd/files/oidentd.socket b/net-misc/oidentd/files/oidentd.socket
307 deleted file mode 100644
308 index 63df7036e54..00000000000
309 --- a/net-misc/oidentd/files/oidentd.socket
310 +++ /dev/null
311 @@ -1,10 +0,0 @@
312 -[Unit]
313 -Description=Ident (RFC 1413) socket
314 -Conflicts=oidentd.service
315 -
316 -[Socket]
317 -ListenStream=113
318 -Accept=yes
319 -
320 -[Install]
321 -WantedBy=sockets.target
322
323 diff --git a/net-misc/oidentd/files/oidentd_at.service b/net-misc/oidentd/files/oidentd_at.service
324 deleted file mode 100644
325 index ac03a94d6c8..00000000000
326 --- a/net-misc/oidentd/files/oidentd_at.service
327 +++ /dev/null
328 @@ -1,7 +0,0 @@
329 -[Unit]
330 -Description=Ident (RFC 1413) per-connection server
331 -
332 -[Service]
333 -ExecStart=/usr/sbin/oidentd -I -S -u nobody -g nobody
334 -ExecReload=/bin/kill -HUP $MAINPID
335 -StandardInput=socket
336
337 diff --git a/net-misc/oidentd/files/oidentd_masq.conf b/net-misc/oidentd/files/oidentd_masq.conf
338 deleted file mode 100644
339 index 6811288ff4c..00000000000
340 --- a/net-misc/oidentd/files/oidentd_masq.conf
341 +++ /dev/null
342 @@ -1,10 +0,0 @@
343 -# oident masquarded connections configuration
344 -
345 -# use this file if your host is masquarading connections for several
346 -# hosts and you want to return a reply based on the hostname of
347 -# the originating machine
348 -# add "-f" to OIDENT_OPTIONS in /etc/conf.d/oidentd if you want
349 -# to forward ident requests to the real host
350 -
351 -# add hosts in the following format, see oidentd_masq.conf(5) for details:
352 -# <ip or host>[/mask] <username> <os>
353
354 diff --git a/net-misc/oidentd/oidentd-2.0.8-r6.ebuild b/net-misc/oidentd/oidentd-2.0.8-r6.ebuild
355 deleted file mode 100644
356 index aa6c386da6e..00000000000
357 --- a/net-misc/oidentd/oidentd-2.0.8-r6.ebuild
358 +++ /dev/null
359 @@ -1,63 +0,0 @@
360 -# Copyright 1999-2020 Gentoo Authors
361 -# Distributed under the terms of the GNU General Public License v2
362 -
363 -EAPI=6
364 -
365 -inherit linux-info systemd
366 -
367 -DESCRIPTION="Another (RFC1413 compliant) ident daemon"
368 -HOMEPAGE="https://oidentd.janikrabe.com/"
369 -SRC_URI="mirror://sourceforge/ojnk/${P}.tar.gz"
370 -
371 -LICENSE="GPL-2"
372 -SLOT="0"
373 -KEYWORDS="~alpha amd64 arm hppa ia64 ~mips ppc ppc64 ~s390 ~sh ~sparc x86"
374 -IUSE="debug ipv6 masquerade selinux"
375 -
376 -DEPEND=""
377 -
378 -RDEPEND="${DEPEND}
379 - selinux? ( sec-policy/selinux-oident )"
380 -
381 -DOCS=( AUTHORS ChangeLog README TODO NEWS "${FILESDIR}"/${PN}_masq.conf "${FILESDIR}"/${PN}.conf )
382 -
383 -PATCHES=(
384 - "${FILESDIR}/${P}-masquerading.patch"
385 - "${FILESDIR}/${P}-bind-to-ipv6-too.patch"
386 - "${FILESDIR}/${P}-gcc5.patch"
387 - "${FILESDIR}/${P}-log-conntrack-fails.patch"
388 - "${FILESDIR}/${P}-no-conntrack-masquerading.patch"
389 -)
390 -
391 -pkg_setup() {
392 - local CONFIG_CHECK="~INET_TCP_DIAG"
393 -
394 - if use kernel_linux; then
395 - linux-info_pkg_setup
396 - fi
397 -}
398 -
399 -src_configure() {
400 - econf \
401 - $(use_enable debug) \
402 - $(use_enable ipv6) \
403 - $(use_enable masquerade masq) \
404 - $(use_enable masquerade nat)
405 -}
406 -
407 -src_install() {
408 - default
409 -
410 - newinitd "${FILESDIR}"/${PN}-2.0.7-init ${PN}
411 - newconfd "${FILESDIR}"/${PN}-2.0.7-confd ${PN}
412 -
413 - systemd_newunit "${FILESDIR}"/${PN}_at.service ${PN}@.service
414 - systemd_dounit "${FILESDIR}"/${PN}.socket
415 - systemd_dounit "${FILESDIR}"/${PN}.service
416 -}
417 -
418 -pkg_postinst() {
419 - echo
420 - elog "Example configuration files are in /usr/share/doc/${PF}"
421 - echo
422 -}
Report Message
Find on MARC Find on Google Groups