summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Deutschmann <whissi@gentoo.org>2020-02-17 19:38:11 +0100
committerThomas Deutschmann <whissi@gentoo.org>2020-02-17 19:38:11 +0100
commit1cc9a7d0c5b62ab36e04c724f5fa6877fb09a88f (patch)
treef501dcbcab90a27e402e25349f2ba1978c370f3a /net-misc
parentdev-ml/zarith: took maintainership (diff)
downloadgentoo-1cc9a7d0c5b62ab36e04c724f5fa6877fb09a88f.tar.gz
gentoo-1cc9a7d0c5b62ab36e04c724f5fa6877fb09a88f.tar.bz2
gentoo-1cc9a7d0c5b62ab36e04c724f5fa6877fb09a88f.zip
net-misc/oidentd: security cleanup (#709454)
Bug: https://bugs.gentoo.org/709454 Package-Manager: Portage-2.3.89, Repoman-2.3.20 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
Diffstat (limited to 'net-misc')
-rw-r--r--net-misc/oidentd/Manifest1
-rw-r--r--net-misc/oidentd/files/oidentd-2.0.7-confd4
-rw-r--r--net-misc/oidentd/files/oidentd-2.0.8-bind-to-ipv6-too.patch17
-rw-r--r--net-misc/oidentd/files/oidentd-2.0.8-gcc5.patch25
-rw-r--r--net-misc/oidentd/files/oidentd-2.0.8-log-conntrack-fails.patch52
-rw-r--r--net-misc/oidentd/files/oidentd-2.0.8-masquerading.patch43
-rw-r--r--net-misc/oidentd/files/oidentd-2.0.8-no-conntrack-masquerading.patch41
-rw-r--r--net-misc/oidentd/files/oidentd.conf22
-rw-r--r--net-misc/oidentd/files/oidentd.service9
-rw-r--r--net-misc/oidentd/files/oidentd.socket10
-rw-r--r--net-misc/oidentd/files/oidentd_at.service7
-rw-r--r--net-misc/oidentd/files/oidentd_masq.conf10
-rw-r--r--net-misc/oidentd/oidentd-2.0.8-r6.ebuild63
13 files changed, 0 insertions, 304 deletions
diff --git a/net-misc/oidentd/Manifest b/net-misc/oidentd/Manifest
index 4639109ca442..6d1c2163397c 100644
--- a/net-misc/oidentd/Manifest
+++ b/net-misc/oidentd/Manifest
@@ -1,2 +1 @@
-DIST oidentd-2.0.8.tar.gz 212354 BLAKE2B 46f4c4478822e832885f5f38a2ab5b2132ff5c1e5071fd1dc6050e55992d50bd96be096064996853af69d16316e6aff648c5320714b53b60c038cc9aaedfedda SHA512 86229a4ef9892121c25a7140616e180f862ca34b73ea3ad9f0fbb008f657abb17e9f14c2c25ae14c14bfc14bf1ea10b50fd68318631a9c52227bbfd6e6d43288
DIST oidentd-2.4.0.tar.xz 188280 BLAKE2B e7a6cdcc78ae61b103b81335d6a4802bbc301adad256dbe9461245e7a2839e1f4786cf3bf7206df2f8fc6414351c4bb8f92c87d16d69f678e0793b9a760ee966 SHA512 3dc6f8ba1c374c21bbc721516f83c5b825d5bc75dbda390d5e5e0e72ceac31495380a6025c626edcec4f8685a009f5be9571606c50e28fc28dc9f73a20f1b2d0
diff --git a/net-misc/oidentd/files/oidentd-2.0.7-confd b/net-misc/oidentd/files/oidentd-2.0.7-confd
deleted file mode 100644
index 3116889e67e2..000000000000
--- a/net-misc/oidentd/files/oidentd-2.0.7-confd
+++ /dev/null
@@ -1,4 +0,0 @@
-# oidentd start-up options
-USER="nobody"
-GROUP="nobody"
-OPTIONS=""
diff --git a/net-misc/oidentd/files/oidentd-2.0.8-bind-to-ipv6-too.patch b/net-misc/oidentd/files/oidentd-2.0.8-bind-to-ipv6-too.patch
deleted file mode 100644
index 2652622cdd4f..000000000000
--- a/net-misc/oidentd/files/oidentd-2.0.8-bind-to-ipv6-too.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-Patch to bind to ipv6 socket as well
-Patch supplied by Fabian Knittel <fabian.knittel@avona.com>
---- oidentd-2.0.8/src/oidentd_inet_util.c 2006-05-22 02:31:19.000000000 +0200
-+++ oidentd-2.0.8.new/src/oidentd_inet_util.c 2010-03-01 20:26:11.000000000 +0100
-@@ -60,6 +60,12 @@
- #ifdef WANT_IPV6
- case AF_INET6:
- SIN6(ai->ai_addr)->sin6_port = listen_port;
-+
-+ if (setsockopt(listenfd, IPPROTO_IPV6, IPV6_V6ONLY, &one,
-+ sizeof(one)) != 0) {
-+ debug("setsockopt IPV6_V6ONLY: %s", strerror(errno));
-+ return (-1);
-+ }
- break;
- #endif
-
diff --git a/net-misc/oidentd/files/oidentd-2.0.8-gcc5.patch b/net-misc/oidentd/files/oidentd-2.0.8-gcc5.patch
deleted file mode 100644
index a401a65d9bc6..000000000000
--- a/net-misc/oidentd/files/oidentd-2.0.8-gcc5.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-Description: Fix a failure to build with gcc5.
-Bug: http://bugs.debian.org/778035
-
---- a/src/oidentd_util.c 2015-07-03 05:56:24.000000000 -0400
-+++ b/src/oidentd_util.c 2015-07-03 05:56:47.671378000 -0400
-@@ -75,7 +75,7 @@
- ** PRNG functions on systems whose libraries provide them.)
- */
-
--inline int randval(int i) {
-+extern __attribute__ ((gnu_inline)) int randval(int i) {
- /* Per _Numerical Recipes in C_: */
- return ((double) i * rand() / (RAND_MAX+1.0));
- }
---- a/src/oidentd_util.h 2015-07-03 05:56:32.000000000 -0400
-+++ b/src/oidentd_util.h 2015-07-03 05:56:53.835378000 -0400
-@@ -58,7 +58,7 @@
- int find_group(const char *temp_group, gid_t *gid);
-
- int random_seed(void);
--inline int randval(int i);
-+extern __attribute__ ((gnu_inline)) int randval(int i);
-
- #ifndef HAVE_SNPRINTF
- int snprintf(char *str, size_t n, char const *fmt, ...);
diff --git a/net-misc/oidentd/files/oidentd-2.0.8-log-conntrack-fails.patch b/net-misc/oidentd/files/oidentd-2.0.8-log-conntrack-fails.patch
deleted file mode 100644
index d29479ec0284..000000000000
--- a/net-misc/oidentd/files/oidentd-2.0.8-log-conntrack-fails.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 612f1d85dd59fc39b124392df38586769ebc8add Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
-Date: Fri, 11 Mar 2016 10:00:59 +0100
-Subject: [PATCH] Log Linux core_init failures as normal error
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Opening Linux conntracking table file failure for different reason than
-missing the file is fatal for deamon initizalization. But the failure
-was logged inly in debugging build.
-
-This patch makes the fatal error visible in normal log.
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1316308
-Signed-off-by: Petr Písař <ppisar@redhat.com>
----
- src/kernel/linux.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/src/kernel/linux.c b/src/kernel/linux.c
-index 8bf265f..9103dbf 100644
---- a/src/kernel/linux.c
-+++ b/src/kernel/linux.c
-@@ -73,21 +73,21 @@ bool core_init(void) {
- masq_fp = fopen(MASQFILE, "r");
- if (masq_fp == NULL) {
- if (errno != ENOENT) {
-- debug("fopen: %s: %s", MASQFILE, strerror(errno));
-+ o_log(NORMAL, "fopen: %s: %s", MASQFILE, strerror(errno));
- return false;
- }
-
- masq_fp = fopen(CONNTRACK, "r");
- if (masq_fp == NULL) {
- if (errno != ENOENT) {
-- debug("fopen: %s: %s", CONNTRACK, strerror(errno));
-+ o_log(NORMAL, "fopen: %s: %s", CONNTRACK, strerror(errno));
- return false;
- }
-
- masq_fp = fopen(NFCONNTRACK, "r");
- if (masq_fp == NULL) {
- if (errno != ENOENT) {
-- debug("fopen: %s: %s", NFCONNTRACK, strerror(errno));
-+ o_log(NORMAL, "fopen: %s: %s", NFCONNTRACK, strerror(errno));
- return false;
- }
- masq_fp = fopen("/dev/null", "r");
---
-2.5.0
-
diff --git a/net-misc/oidentd/files/oidentd-2.0.8-masquerading.patch b/net-misc/oidentd/files/oidentd-2.0.8-masquerading.patch
deleted file mode 100644
index 191e9b95e64d..000000000000
--- a/net-misc/oidentd/files/oidentd-2.0.8-masquerading.patch
+++ /dev/null
@@ -1,43 +0,0 @@
---- oidentd.orig/src/kernel/linux.c 2006-05-22 06:58:53.000000000 +0300
-+++ oidentd-2.0.8/src/kernel/linux.c 2007-07-11 21:28:56.000000000 +0300
-@@ -48,6 +48,7 @@
- #define CFILE6 "/proc/net/tcp6"
- #define MASQFILE "/proc/net/ip_masquerade"
- #define CONNTRACK "/proc/net/ip_conntrack"
-+#define NFCONNTRACK "/proc/net/nf_conntrack"
-
- static int netlink_sock;
- extern struct sockaddr_storage proxy;
-@@ -82,7 +83,15 @@
- debug("fopen: %s: %s", CONNTRACK, strerror(errno));
- return false;
- }
-- masq_fp = fopen("/dev/null", "r");
-+
-+ masq_fp = fopen(NFCONNTRACK, "r");
-+ if (masq_fp == NULL) {
-+ if (errno != ENOENT) {
-+ debug("fopen: %s: %s", NFCONNTRACK, strerror(errno));
-+ return false;
-+ }
-+ masq_fp = fopen("/dev/null", "r");
-+ }
- }
-
- netfilter = true;
-@@ -367,6 +376,15 @@
- &nport_temp, &mport_temp);
- }
-
-+ if (ret != 21) {
-+ ret = sscanf(buf,
-+ "%*15s %*d %15s %*d %*d ESTABLISHED src=%d.%d.%d.%d dst=%d.%d.%d.%d sport=%d dport=%d packets=%*d bytes=%*d src=%d.%d.%d.%d dst=%d.%d.%d.%d sport=%d dport=%d",
-+ proto, &l1, &l2, &l3, &l4, &r1, &r2, &r3, &r4,
-+ &masq_lport_temp, &masq_fport_temp,
-+ &nl1, &nl2, &nl3, &nl4, &nr1, &nr2, &nr3, &nr4,
-+ &nport_temp, &mport_temp);
-+ }
-+
- if (ret != 21)
- continue;
-
diff --git a/net-misc/oidentd/files/oidentd-2.0.8-no-conntrack-masquerading.patch b/net-misc/oidentd/files/oidentd-2.0.8-no-conntrack-masquerading.patch
deleted file mode 100644
index 92ef02523160..000000000000
--- a/net-misc/oidentd/files/oidentd-2.0.8-no-conntrack-masquerading.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 20a63ad8a90c36397cceedd34887298890dbafa3 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
-Date: Fri, 11 Mar 2016 10:38:10 +0100
-Subject: [PATCH] Linux: Do not open conntracking table if masquerading is not
- enabled
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The contracking table was always opened. This is unnecessary because
-the table is used only when masquerading feature is requested on run
-time.
-
-This patch skips opening the conntracking table on Linux if
-masquerading is not requested.
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1316308
-Signed-off-by: Petr Písař <ppisar@redhat.com>
----
- src/kernel/linux.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/src/kernel/linux.c b/src/kernel/linux.c
-index 9103dbf..859f554 100644
---- a/src/kernel/linux.c
-+++ b/src/kernel/linux.c
-@@ -70,6 +70,11 @@ bool netfilter;
- */
- bool core_init(void) {
- #ifdef MASQ_SUPPORT
-+ if (!opt_enabled(MASQ)) {
-+ masq_fp = NULL;
-+ return true;
-+ }
-+
- masq_fp = fopen(MASQFILE, "r");
- if (masq_fp == NULL) {
- if (errno != ENOENT) {
---
-2.5.0
-
diff --git a/net-misc/oidentd/files/oidentd.conf b/net-misc/oidentd/files/oidentd.conf
deleted file mode 100644
index 03b28d827802..000000000000
--- a/net-misc/oidentd/files/oidentd.conf
+++ /dev/null
@@ -1,22 +0,0 @@
-# Configuration for oidentd
-# see oidentd.conf(5)
-#
-default {
- default {
- deny spoof
- deny spoof_all
- deny spoof_privport
- allow random
- allow random_numeric
- allow numeric
- deny hide
- }
-}
-
-# you may want to hide root connections
-#user "root" {
-# default {
-# force reply "UNKNOWN"
-# }
-#}
-
diff --git a/net-misc/oidentd/files/oidentd.service b/net-misc/oidentd/files/oidentd.service
deleted file mode 100644
index bf159d855b8d..000000000000
--- a/net-misc/oidentd/files/oidentd.service
+++ /dev/null
@@ -1,9 +0,0 @@
-[Unit]
-Description=TCP/IP IDENT protocol server
-
-[Service]
-ExecStart=/usr/sbin/oidentd -i -S -u nobody -g nobody
-ExecReload=/bin/kill -HUP $MAINPID
-
-[Install]
-WantedBy=multi-user.target
diff --git a/net-misc/oidentd/files/oidentd.socket b/net-misc/oidentd/files/oidentd.socket
deleted file mode 100644
index 63df7036e543..000000000000
--- a/net-misc/oidentd/files/oidentd.socket
+++ /dev/null
@@ -1,10 +0,0 @@
-[Unit]
-Description=Ident (RFC 1413) socket
-Conflicts=oidentd.service
-
-[Socket]
-ListenStream=113
-Accept=yes
-
-[Install]
-WantedBy=sockets.target
diff --git a/net-misc/oidentd/files/oidentd_at.service b/net-misc/oidentd/files/oidentd_at.service
deleted file mode 100644
index ac03a94d6c8a..000000000000
--- a/net-misc/oidentd/files/oidentd_at.service
+++ /dev/null
@@ -1,7 +0,0 @@
-[Unit]
-Description=Ident (RFC 1413) per-connection server
-
-[Service]
-ExecStart=/usr/sbin/oidentd -I -S -u nobody -g nobody
-ExecReload=/bin/kill -HUP $MAINPID
-StandardInput=socket
diff --git a/net-misc/oidentd/files/oidentd_masq.conf b/net-misc/oidentd/files/oidentd_masq.conf
deleted file mode 100644
index 6811288ff4cf..000000000000
--- a/net-misc/oidentd/files/oidentd_masq.conf
+++ /dev/null
@@ -1,10 +0,0 @@
-# oident masquarded connections configuration
-
-# use this file if your host is masquarading connections for several
-# hosts and you want to return a reply based on the hostname of
-# the originating machine
-# add "-f" to OIDENT_OPTIONS in /etc/conf.d/oidentd if you want
-# to forward ident requests to the real host
-
-# add hosts in the following format, see oidentd_masq.conf(5) for details:
-# <ip or host>[/mask] <username> <os>
diff --git a/net-misc/oidentd/oidentd-2.0.8-r6.ebuild b/net-misc/oidentd/oidentd-2.0.8-r6.ebuild
deleted file mode 100644
index aa6c386da6e5..000000000000
--- a/net-misc/oidentd/oidentd-2.0.8-r6.ebuild
+++ /dev/null
@@ -1,63 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit linux-info systemd
-
-DESCRIPTION="Another (RFC1413 compliant) ident daemon"
-HOMEPAGE="https://oidentd.janikrabe.com/"
-SRC_URI="mirror://sourceforge/ojnk/${P}.tar.gz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm hppa ia64 ~mips ppc ppc64 ~s390 ~sh ~sparc x86"
-IUSE="debug ipv6 masquerade selinux"
-
-DEPEND=""
-
-RDEPEND="${DEPEND}
- selinux? ( sec-policy/selinux-oident )"
-
-DOCS=( AUTHORS ChangeLog README TODO NEWS "${FILESDIR}"/${PN}_masq.conf "${FILESDIR}"/${PN}.conf )
-
-PATCHES=(
- "${FILESDIR}/${P}-masquerading.patch"
- "${FILESDIR}/${P}-bind-to-ipv6-too.patch"
- "${FILESDIR}/${P}-gcc5.patch"
- "${FILESDIR}/${P}-log-conntrack-fails.patch"
- "${FILESDIR}/${P}-no-conntrack-masquerading.patch"
-)
-
-pkg_setup() {
- local CONFIG_CHECK="~INET_TCP_DIAG"
-
- if use kernel_linux; then
- linux-info_pkg_setup
- fi
-}
-
-src_configure() {
- econf \
- $(use_enable debug) \
- $(use_enable ipv6) \
- $(use_enable masquerade masq) \
- $(use_enable masquerade nat)
-}
-
-src_install() {
- default
-
- newinitd "${FILESDIR}"/${PN}-2.0.7-init ${PN}
- newconfd "${FILESDIR}"/${PN}-2.0.7-confd ${PN}
-
- systemd_newunit "${FILESDIR}"/${PN}_at.service ${PN}@.service
- systemd_dounit "${FILESDIR}"/${PN}.socket
- systemd_dounit "${FILESDIR}"/${PN}.service
-}
-
-pkg_postinst() {
- echo
- elog "Example configuration files are in /usr/share/doc/${PF}"
- echo
-}