%bcond_with systemd %define _use_internal_dependency_generator 0 %define __find_requires %{SOURCE99} Summary: A secure replacement for inetd. Name: xinetd Version: 2.3.15 Release: 2%{?_dist_release}%{?with_systemd:.systemd} Group: servers Vendor: Project Vine Distribution: Vine Linux License: xinetd URL: https://github.com/xinetd-org/xinetd # https://github.com/xinetd-org/xinetd/archive/xinetd-2-3-15.tar.gz Source: http://www.xinetd.org/xinetd-%{version}.tar.gz Source1: xinetd.init Source2: xinetd.conf Source3: xinetd-inetdconvert Source4: xinetd-ttime Source5: xinetd-utime Source6: xinetd-tdtime Source7: xinetd-udtime Source8: xinetd-echo Source9: xinetd-uecho Source10: xinetd-chargen Source11: xinetd-uchargen Source12: xinetd.sysconf Source13: xinetd-services Source50: xinetd.service Source99: filter-requires-xinetd.sh Patch0: xinetd-2.3.15-pie.patch Patch4: xinetd-2.3.14-bind-ipv6.patch Patch6: xinetd-2.3.14-man-section.patch Patch8: xinetd-2.3.14-ident-bind.patch Patch9: xinetd-2.3.14-readable-debuginfo.patch # Patch for clean reconfiguration using newer versions of autotools Patch10: xinetd-2.3.14-autoconf.patch # Completely rewritten socket handling code (it uses poll() instead # of select() function) Patch11: xinetd-2.3.14-poll.patch # New configuration option (limit for files opened by child process) Patch12: xinetd-2.3.14-file-limit.patch # When using tcpmux, xinetd ended up with sigsegv # (detection of NULL pointer in pollfd structure was missing) Patch13: xinetd-2.3.14-tcpmux.patch # When service is destroyed, destroy also its # file descriptor in array given to poll function Patch14: xinetd-2.3.14-clean-pfd.patch # xinetd confuses ipv6 and ipv4 port parsing # - furtunately, they have the same format, so everything # works even without this patch Patch15: xinetd-2.3.14-ipv6confusion.patch # This fixes bug #593904 - online reconfiguration caused log message # flood when turning off UDP service Patch16: xinetd-2.3.14-udp-reconfig.patch Patch18: xinetd-2.3.14-rpc-specific-port.patch Patch19: xinetd-2.3.14-signal-log-hang.patch Patch20: xinetd-2.3.14-fix-type-punned-ptr.patch # Fix leaking file descriptors and pfd_array wasting # This fixes #702670 Patch21: xinetd-2.3.14-leaking-fds.patch # Fix memory corruption when loading a large number of services # This fixes #720390 Patch22: xinetd-2.3.14-many-services.patch # Remove realloc of fds that was causing memory corruption Patch23: xinetd-2.3.14-realloc-remove.patch # Fix leaking descriptor when starting a service fails Patch24: xinetd-2.3.14-leaking-fds-2a.patch # Fix #770858 - Instances limit in xinetd can be easily bypassed Patch25: xinetd-2.3.14-instances.patch # Fix #809272 - Service disabled due to bind failure Patch26: xinetd-2.3.14-retry-svc-activate-in-cps-restart.patch Patch27: xinetd-2.3.15-bad-port-check.patch # Fix #977873 - Use full path to server when checking selinux context Patch28: xinetd-2.3.15-context-exepath.patch Patch29: xinetd-2.3.15-creds.patch # Fix #1033528 - xinetd segfaults when connecting to tcpmux service Patch30: xinetd-2.3.15-tcpmux-nameinargs-disable-service.patch Patch31: xinetd-2.3.15-udp-wait.patch Patch32: xinetd-2.3.15-remove-deprecated-flask.h.patch BuildRoot: %{_tmppath}/%{name}-%{version}-root #BuildRequires: tcp_wrappers %if %{with systemd} %{?systemd_requires} %else Requires: initscripts setup fileutils Requires(pre): chkconfig initscripts %endif Provides: inetd %description Xinetd is a secure replacement for inetd, the Internet services daemon. Xinetd provides access control for all services based on the address of the remote host and/or on time of access and can prevent denial-of-access attacks. Xinetd provides extensive logging, has no limit on the number of server arguments, and lets you bind specific services to specific IP addresses on your host machine. Each service has its own specific configuration file for Xinetd; the files are located in the /etc/xinetd.d directory. %debug_package %prep %setup -q %autopatch -p1 aclocal autoconf %build %configure --with-loadavg --with-inet6 # --with-libwrap make CFLAGS="$CFLAGS -fpie $(pkg-config --cflags libtirpc)" LDFLAGS="$LDFLAGS $(pkg-config --libs libtirpc) -Wl,-z,relro,-z,now" %install mkdir -p $RPM_BUILD_ROOT/%{_mandir} %makeinstall DAEMONDIR=$RPM_BUILD_ROOT/usr/sbin MANDIR=$RPM_BUILD_ROOT/%{_mandir} mkdir -p $RPM_BUILD_ROOT/etc/xinetd.d/ install -m 644 %SOURCE2 $RPM_BUILD_ROOT/etc/xinetd.conf install -m 755 %SOURCE3 $RPM_BUILD_ROOT/usr/sbin/inetdconvert install -m 644 %SOURCE4 $RPM_BUILD_ROOT/etc/xinetd.d/time install -m 644 %SOURCE5 $RPM_BUILD_ROOT/etc/xinetd.d/time-udp install -m 644 %SOURCE6 $RPM_BUILD_ROOT/etc/xinetd.d/daytime install -m 644 %SOURCE7 $RPM_BUILD_ROOT/etc/xinetd.d/daytime-udp install -m 644 %SOURCE8 $RPM_BUILD_ROOT/etc/xinetd.d/echo install -m 644 %SOURCE9 $RPM_BUILD_ROOT/etc/xinetd.d/echo-udp install -m 644 %SOURCE10 $RPM_BUILD_ROOT/etc/xinetd.d/chargen install -m 644 %SOURCE11 $RPM_BUILD_ROOT/etc/xinetd.d/chargen-udp install -m 644 %SOURCE13 $RPM_BUILD_ROOT/etc/xinetd.d/services rm -f $RPM_BUILD_ROOT/%{_mandir}/man8/itox* rm -f $RPM_BUILD_ROOT/usr/sbin/itox rm -f $RPM_BUILD_ROOT/%{_mandir}/man8/xconv.pl* rm -f $RPM_BUILD_ROOT/usr/sbin/xconv.pl rm -f $RPM_BUILD_ROOT/%{_mandir}/*.3 mkdir -p $RPM_BUILD_ROOT/etc/sysconfig %if %{with systemd} install -Dpm644 %{SOURCE50} $RPM_BUILD_ROOT%{_unitdir}/xinetd.service %else mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d install -m 755 %SOURCE1 $RPM_BUILD_ROOT/etc/rc.d/init.d/xinetd install -m 644 %SOURCE12 $RPM_BUILD_ROOT/etc/sysconfig/xinetd %endif %post %if %{with systemd} %systemd_post xinetd.service %else if [ $1 = 1 ]; then /sbin/chkconfig --add xinetd fi %endif %preun %if %{with systemd} %systemd_preun xinetd.service %else if [ $1 = 0 -o -x /bin/systemctl]; then /sbin/service xinetd stop > /dev/null 2>&1 /sbin/chkconfig --del xinetd fi %endif %postun %if %{with systemd} %systemd_postun_with_restart xinetd.service %else if [ $1 -ge 1 ]; then /sbin/service xinetd condrestart >/dev/null 2>&1 fi %endif %files %defattr(-,root,root) %license COPYRIGHT %doc CHANGELOG README xinetd/sample.conf %config(noreplace) /etc/xinetd.conf %{_sbindir}/xinetd %{_sbindir}/inetdconvert %{_mandir}/*/* %config(noreplace) /etc/xinetd.d/* %if %{with systemd} %{_unitdir}/xinetd.service %else %config(noreplace) /etc/sysconfig/xinetd %config /etc/rc.d/init.d/xinetd %endif %changelog * Mon Mar 22 2021 Tomohiro "Tomo-p" KATO 2.3.15-2 - updated Patch0. - imported Patch4-32 from rawhide. - added systemd support (disabled as default). - dropped dependence on libwrap. * Sat Apr 06 2013 Toshiharu Kudoh 2.3.15-1 - new upstream release - deleted Patch2 (upstream merged) - fixed date in %%changelog * Wed Apr 06 2011 Yoji TOYODA 2.3.14-3 - add BuildRequires: tcp_wrappers * Tue Apr 05 2011 Daisuke SUZUKI 2.3.14-2 - rebuild for Vine 6 * Wed Oct 15 2008 Shu KONNO 2.3.14-1vl5 - applied new versioning policy * Sun Nov 26 2006 KAZUKI SHIMURA 2.3.14-0vl2 - fix dependencies ([VineSeed:11559,12368], ) - remove Conflicts: inetd - add Provides: inetd * Wed Mar 1 2006 AKIYAMA Kazuhito 2.3.14-0vl1 - new upstream release - drop patch1 - remove Provides: inetd * Sun Feb 20 2005 Daisuke SUZUKI 2.3.13-2vl3 - remove Obosletes: inetd, add Conflicts: inetd * Sat Feb 12 2005 AKIYAMA Kazuhito 2.3.13-2vl2 - rebuild * Sat Sep 18 2004 AKIYAMA Kazuhito 2.3.13-2vl1 - build for VineSeed - remove Epoch - remove patch0 - remove Requires: filesystem >= 2.0.1 - remove BuildRequires: glibc-devel (included in build-essential) * Fri Feb 13 2004 Elliot Lee - rebuilt * Thu Jan 29 2004 Jay Fenlason 2.3.13-1 - Upgrade to new upstream version, which obsoletes most patches. - Add new tcp_rpc patch, to turn on the nolibwrap flag on tcp rpc services, since libwrap cannot be used on them. * Sun Dec 28 2003 Florian La Roche - use new technology to filter python dep for inetdconvert instead of changing the -x bit on file permissions * Wed Nov 12 2003 Jay Fenlason 2.3.12-3 - build in HEAD for pre FC-2 - merge from xinetd-3E-branch to fix bugzilla #103009 also includes: New upstream version, which obsoletes most of my patches Remove %{_mandir}/man8/xconv.pl* fixing #90730 Remove the servers service, which was removed from 2.3.12 Change localization: instead of using en_US in /etc/rc.d/init.d/xinetd (overriding the system default and preventing any customization), /etc/sysconfig/xinetd sets XINETD_LANG, which is either a locale to use or the word "none", which causes all locale environment variables to be cleared before xinetd is started. This fixes #91403 #77724 was fixed by the upgrade to 2.3.12 include post 2.3.12 patch from upstream (originally by Matthias Andree ) to add a new "libwrap" parameter. This closes bugs (#91555,#91135,#77724) by making xinetd's behavior documented and user-configurable. Removed the old libwrap/TCP/wait patch. If anyone actually cares, they can add "flags = NOLIBWRAP" to the configuration of TCP/wait services to get the old behavior. Mark /etc/sysconfig/xinetd as a config file in xinetd.spec Add pie support * Tue Sep 23 2003 Florian La Roche - allow compiling without tcp_wrappers * Wed Jun 04 2003 Elliot Lee - rebuilt * Mon Feb 24 2003 Elliot Lee - rebuilt * Fri Feb 21 2003 Jay Fenlason 2.3.10-5 - Merge various patches from xinetd-CVS, since 2.3.11 won't be out in time for our Red Hat Linux release. One improves range checking on file descriptors. (A potential security problem.) Another fixes bugzilla #84840: tcpmux doesn't work at all. A third improves error checking on tcpmux service entries. The last improves error checking on service startup. * Tue Feb 11 2003 Nalin Dahyabhai 2.3.10-4 - rebuild * Mon Feb 10 2003 Nalin Dahyabhai 2.3.10-3 - rebuild * Wed Jan 22 2003 Tim Powers - rebuilt * Tue Jan 7 2003 Jay Fenlason 2.3.10-1 - Fix #81770, #80612, #79219, #79274: New upstream version - May also fix #79085, #78903, #78699, #77781, #77760, #76727 - ... #73805, #60049, #58881, #58855 - Fix #79999: remove xinetd-ipv6 executable - Fix #82021: changed preun to turn off the server - try to Fix #74198 by quoting "${NETWORKING}" in xinetd.init * Tue Dec 10 2002 Dan Walsh 2.3.7-6 - Fix Service startup script to check for id=0 * Tue Nov 19 2002 Bill Nottingham 2.3.7-5 - add new stream_wait patch (#74696) * Wed Nov 13 2002 Dan Walsh 2.3.7-4 - Fix Service Descriptions * Wed Nov 13 2002 Dan Walsh 2.3.7-3 - Fix #77710 Fix Service Descriptions * Thu Aug 15 2002 Trond Eivind Glomsr.A綬d 2.3.7-2 - Fix #71506 (mixed internal services) * Mon Aug 12 2002 Trond Eivind Glomsr綬d 2.3.7-1 - 2.3.7 - this fixes #70504 * Mon Aug 5 2002 Trond Eivind Glomsr綬d 2.3.5-6 - Initscript fixes (#70730) * Wed Jul 17 2002 Trond Eivind Glomsr綬d 2.3.5-5 - Add patch for improved cross compiling (#55927) * Wed Jul 3 2002 Trond Eivind Glomsr綬d 2.3.5-4 - #67701 * Wed Jun 26 2002 Trond Eivind Glomsr綬d 2.3.5=3 - Fix maks for access control (#65743) - some fixes for config file parsing * Fri Jun 21 2002 Tim Powers - automated rebuild * Thu May 30 2002 Trond Eivind Glomsr綬d 2.3.5-1 - 2.3.5 * Thu May 23 2002 Tim Powers - automated rebuild * Mon Apr 22 2002 Trond Eivind Glomsr綬d - 2.3.4 final (bah, never announced... has been out for 3 weeks) * Thu Apr 4 2002 Trond Eivind Glomsr綬d 2.3.4-0.8 - Add a patch to avoid fam haunting the system * Tue Apr 2 2002 Trond Eivind Glomsr綬d 2.3.4-0.7 - Add patch from Alex Larson in order not to use tcp_wrappers on tcp/wait - they'd always be 0.0.0.0 * Thu Mar 28 2002 Trond Eivind Glomsr綬d 2.3.4-0.6 - 2002-03-26. 2.3.4 final RSN * Fri Mar 1 2002 Trond Eivind Glomsr綬d 2.3.4-0.5 - 2002-02-28-1 * Sun Jan 6 2002 Trond Eivind Glomsr綬d 2.3.4-0.4 - 2002-01-04 - Update URLs * Fri Dec 14 2001 Trond Eivind Glomsr綬d 2.3.4-0.3 - 2001-12-13 * Mon Dec 3 2001 Trond Eivind Glomsr綬d 2.3.4-0.2 - 2001-12-03 (fixes #57001, #55738) * Fri Nov 30 2001 Trond Eivind Glomsr綬d 2.3.4-0.1 - 2001-11-29, which fixes #56487 - Add configuration files for the xinetd internal services listing current servers and services. It's off by default, and restricted to localhost when enabled (#52707) - Use SIGHUP for configuration reload (change in program) * Wed Aug 29 2001 Trond Eivind Glomsr綬d 2.3.3-1 - 2.3.3 - parser patch now obsolete * Thu Aug 23 2001 Trond Eivind Glomsr綬d 2.3.2-1 - 2.3.2, which contains the memory overwrite patch, the audit fixes, the conn_free patch and the filelog patch. - Fix handling of rpc_version with ranges (like "1-2") (#51737) * Wed Aug 15 2001 Trond Eivind Glomsr綬d 2.3.0-7 - Don't apply the skipjunk patch anymore - xinetd now skips files with ".", which include .rpmsave etc. - fix memory overwrite bug in env.c:grow() * Mon Aug 13 2001 Trond Eivind Glomsr綬d 2.3.0-6 - conn_free was called twice... - add cps = 25 30 to xinetd.conf. Thus, if a service has many connections (25 in a 1 second period), it will be disabled for 30 seconds. Without this, 10 connections to a service in a second would permanently disable the service (#49122) * Thu Aug 9 2001 Trond Eivind Glomsr綬d 2.3.0-5 - add the patch from "Solar Designer"'s audit * Thu Aug 9 2001 Trond Eivind Glomsr綬d 2.3.0-4 - Make it handle stop and status when IPv6 is enabled (#49621) * Mon Jul 23 2001 Trond Eivind Glomsr綬d - Add IPv6 support - separate binary, invoked if NETWORKING_IPV6 is set (#49621) - Make inetdconvert handle the "/usr/sbin/in.telnetd in.telnetd" scenario of inetd (#46449) * Tue Jul 3 2001 Trond Eivind Glomsr綬d - redo skipjunkfile patch * Fri Jun 29 2001 Trond Eivind Glomsr綬d - 2.3.0 * Thu Jun 21 2001 Trond Eivind Glomsr綬d - 2.1.8.9pre16 * Mon Jun 4 2001 Trond Eivind Glomsr綬d - Remove explicit dependancy on initscripts version * Sun May 20 2001 Trond Eivind Glomsr綬d - 2.1.8.9pre15, which should fix wait=yes with tcp (linuxconf is the only program I know of using this) - fix some problems with UDP internal services (#38669) - make /etc/xinetd.conf noreplace * Wed Apr 25 2001 Trond Eivind Glomsr綬d - Add the tcp wait=yes patch from the xinetd version in a different tree * Wed Apr 4 2001 Trond Eivind Glomsr綬d - Add /etc/sysconfig/xinetd so users can add extra options (#34321) * Tue Feb 27 2001 Preston Brown - noreplace the xinetd.d files * Mon Feb 5 2001 Preston Brown - built against newer tcp_wrappers that fixes name resolution problem (#16949) * Mon Feb 5 2001 Trond Eivind Glomsr綬d - Patch from nalin@redhat.com for terminating the environment variables properly * Tue Jan 30 2001 Trond Eivind Glomsr綬d - remove PID from log_on_failure flags (#22687) * Tue Jan 23 2001 Trond Eivind Glomsr綬d - improve gettextization - add "UNLISTED" to the internal udp services (#24279) * Thu Jan 18 2001 Trond Eivind Glomsr綬d - 2.1.8.9pre14 * Wed Jan 17 2001 Trond Eivind Glomsr綬d - gettextize * Sat Dec 30 2000 Jeff Johnson - remove python dependency. * Tue Dec 26 2000 Trond Eivind Glomsr綬d - remove RECORD from xinetd.conf for security reasons (no known holes, but better safe than sorry #22687) * Mon Dec 04 2000 Trond Eivind Glomsr綬d - unset a couple of environment variables(HOME,MAIL) in the initscript. This should avoid problems like bug #21663 * Fri Dec 01 2000 Trond Eivind Glomsr綬d - rebuild * Tue Nov 14 2000 Trond Eivind Glomsr綬d - 2.1.8.9pre13, which should fix #19355 - changes to initscript - set all locale environment variables to en_US, as the server doesn't know what locale the client expects and error messages can otherwise be confusing (partially #20566) * Thu Nov 09 2000 Trond Eivind Glomsr綬d - fix mismatch in documentation vs. reality, introduced when we changed the behaviour of the access control to use server names (#20567) * Tue Oct 31 2000 Trond Eivind Glomsr綬d - obsolete netkit-base, which was inetd's home until 6.2 * Thu Oct 19 2000 Trond Eivind Glomsr綬d - 2.1.8.9pre12, which has a new "-stayalive" option so xinetd stays alive even if no services are enabled. - use the above in the initscript (#18819) * Tue Oct 17 2000 Trond Eivind Glomsr綬d - 2.1.8.9pre11, which includes the previous bugfixes. - don't convert the internal services, include such files with xinetd (#17331, #18899) * Mon Oct 09 2000 Trond Eivind Glomsr綬d - Add patch to fix segfault problem (#18686) * Fri Oct 06 2000 Trond Eivind Glomsr綬d - apply patch from nalin@redhat.com for handling tcp connections with wait=yes properly * Tue Sep 26 2000 Trond Eivind Glomsr綬d - add explicit dependency on a modern version of initscripts (#17533) * Wed Aug 30 2000 Trond Eivind Glomsr綬d - 2.1.8.9pre10 - remove tcpwrapper and pidfile patches, as they are now in. - change default startup position to 56, so it starts after bind (#17047) * Thu Aug 17 2000 Trond Eivind Glomsr綬d - use the server name not the service name for libwrap checking (#16516). The new way was better, but this is sacrificed so old systems will continue to work and the documentation for tcp_wrappers can be correct. * Wed Aug 16 2000 Than Ngo - fix initscript, test network file before source it (Bug #16247) * Tue Aug 15 2000 Trond Eivind Glomsr綬d - added support for "-pidfile" option (#15531) * Fri Aug 04 2000 Trond Eivind Glomsr綬d - added patch to ignore .rpmsave, .rpmorig, .rpmnew, ~ suffixed files (#15304) * Thu Aug 03 2000 Trond Eivind Glomsr綬d - 2.1.8.9pre9, old patches are now integrated. * Wed Aug 02 2000 Trond Eivind Glomsr綬d - fix converting of "wait" argument (#13884) - remove tcpd and /usr/sbin/tcpd from inetd.conf services before converting - xinetd is linked against tcp_wrappers * Mon Jul 31 2000 Trond Eivind Glomsr綬d - fix linuxconf restart problem (#14856) - fix conditional restart - mark /etc/xinetd.conf as a configuration file * Tue Jul 25 2000 Bill Nottingham - um, we *need* to prereq /etc/init.d * Mon Jul 24 2000 Bernhard Rosenkraenzer - Don't require /etc/init.d * Sat Jul 22 2000 Bill Nottingham - rebuild * Tue Jul 18 2000 Trond Eivind Glomsr綬d - fix the sections of the man pages (#14244) * Tue Jul 18 2000 Trond Eivind Glomsr綬d - remove itox, as it wouldn't do the right thing with our configuration - same with xconv.pl - some changes to the installation process * Mon Jul 17 2000 Trond Eivind Glomsr綬d - move initscript back to /etc/rc.d/init.d * Fri Jul 14 2000 Trond Eivind Glomsr綬d - change process name in init file * Thu Jul 13 2000 Prospector - automatic rebuild * Fri Jul 7 2000 Nalin Dahyabhai - start the daemon with the "-reuse" flag * Thu Jul 06 2000 Trond Eivind Glomsr綬d - "Prereq:", not "Requires:" for /etc/init.d * Wed Jul 05 2000 Trond Eivind Glomsr綬d - require /etc/init.d * Wed Jul 5 2000 Florian La Roche - upper the number of instances to 60 * Sun Jul 2 2000 Nalin Dahyabhai - fix a memory-allocation bug * Wed Jun 28 2000 Trond Eivind Glomsr綬d - 2.1.8.9pre8 * Wed Jun 21 2000 Trond Eivind Glomsr綬d - moved to /etc/init.d * Wed Jun 21 2000 Trond Eivind Glomsr綬d - changed specfile and initfile to implement conditional restart * Sun Jun 18 2000 Trond Eivind Glomsr綬d - 2.1.8.9pre7 - now obsoletes inetd - use %%{_tmppath} * Sun Jun 04 2000 Trond Eivind Glomsr綬d - 2.1.8.9pre6 - added converter script which can convert specified or remaing uncoverted services - use %%{_mandir} - removed +x on xinetd.conf * Wed May 24 2000 Trond Eivind Glomsr綬d - 2.1.8.9pre4 - authpriv patch no longer needed * Tue May 23 2000 Trond Eivind Glomsr綬d - /etc/xinetd.d is now part of the filesystem package - more fixes to xinetd.init * Mon May 22 2000 Trond Eivind Glomsr綬d - fixed some obvious bugs in xinetd.init - added a default xinetd.conf - patched xinetd to understand LOG_AUTHPRIV * Fri May 19 2000 Trond Eivind Glomsr綬d - updated version - removed a define %ver (we already have %version) - removed some extra CFLAGS declarations - added configuration directory, /etc/xinetd.d * Mon Feb 21 2000 Tim Powers - fixed broken postun sections, should have been *preun* - fixed broken gzip of manpages * Wed Jan 19 2000 Bernhard Rosenkraenzer - 2.1.8.8p8 - Fix the init script (Bug #7277) - remove our patches (no longer required) * Tue Sep 21 1999 Bill Nottingham - add -lnsl * Tue Sep 7 1999 Tim Powers - modification top install routine * Mon Jul 26 1999 Tim Powers - updated source to 2.1.8.6b6 - built for 6.1 * Mon Apr 26 1999 Bill Nottingham - update to 2.1.8.6b5 - build for PowerTools * Mon Jan 11 1999 Bill Nottingham - update to 2.1.8.5p2 * Tue Dec 1 1998 Bill Nottingham - intial build