From b588fa1023ac3995dfa94f76be2d87335a97e683 Mon Sep 17 00:00:00 2001 From: CentOS Buildsys Date: May 15 2013 09:46:52 +0000 Subject: import yp-tools-2.14-1.el7.src.rpm --- diff --git a/.yp-tools.metadata b/.yp-tools.metadata new file mode 100644 index 0000000..e9e8e84 --- /dev/null +++ b/.yp-tools.metadata @@ -0,0 +1 @@ +430cb533f936dd553a92e6f4a33b732b053e4eee SOURCES/yp-tools-2.14.tar.bz2 diff --git a/README.md b/README.md deleted file mode 100644 index 0e7897f..0000000 --- a/README.md +++ /dev/null @@ -1,5 +0,0 @@ -The master branch has no content - -Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6 - -If you find this file in a distro specific branch, it means that no content has been checked in yet diff --git a/SOURCES/yp-tools-2.11-shadow.patch b/SOURCES/yp-tools-2.11-shadow.patch new file mode 100644 index 0000000..b468824 --- /dev/null +++ b/SOURCES/yp-tools-2.11-shadow.patch @@ -0,0 +1,11 @@ +diff -up ./src/yppasswd.c.shadow ./src/yppasswd.c +--- ./src/yppasswd.c.shadow 2010-04-21 11:24:15.000000000 +0200 ++++ ./src/yppasswd.c 2013-05-06 22:31:39.984229577 +0200 +@@ -449,6 +449,7 @@ verifypassword (struct passwd *pwd, char + + passwdlen = get_passwd_len (pwd->pw_passwd); + if (pwd->pw_passwd[0] ++ && 0 != strcmp (pwd->pw_passwd, "x") /* don't check shadow passwords */ + && !strncmp (pwd->pw_passwd, crypt (pwdstr, pwd->pw_passwd), passwdlen) + && uid) + { diff --git a/SOURCES/yp-tools-2.12-adjunct.patch b/SOURCES/yp-tools-2.12-adjunct.patch new file mode 100644 index 0000000..b1dd02d --- /dev/null +++ b/SOURCES/yp-tools-2.12-adjunct.patch @@ -0,0 +1,12 @@ +diff -up yp-tools-2.12/src/yppasswd.c.adjunct yp-tools-2.12/src/yppasswd.c +--- yp-tools-2.12/src/yppasswd.c.adjunct 2012-04-23 13:17:47.000988833 +0200 ++++ yp-tools-2.12/src/yppasswd.c 2012-04-23 13:18:01.209802938 +0200 +@@ -449,7 +449,7 @@ verifypassword (struct passwd *pwd, char + + passwdlen = get_passwd_len (pwd->pw_passwd); + if (pwd->pw_passwd[0] +- && 0 != strcmp (pwd->pw_passwd, "x") /* don't check shadow passwords */ ++ && 0 != strcmp (pwd->pw_passwd, "##") /* don't check passwords using passwd.adjunct feature */ + && uid) + { + char *crypted = crypt(pwdstr, pwd->pw_passwd); diff --git a/SOURCES/yp-tools-2.12-crypt.patch b/SOURCES/yp-tools-2.12-crypt.patch new file mode 100644 index 0000000..6d03d52 --- /dev/null +++ b/SOURCES/yp-tools-2.12-crypt.patch @@ -0,0 +1,68 @@ +diff -up yp-tools-2.12/src/yppasswd.c.crypt yp-tools-2.12/src/yppasswd.c +--- yp-tools-2.12/src/yppasswd.c.crypt 2012-04-23 13:01:35.599721168 +0200 ++++ yp-tools-2.12/src/yppasswd.c 2012-04-23 13:16:18.251261293 +0200 +@@ -448,13 +448,19 @@ verifypassword (struct passwd *pwd, char + } + + passwdlen = get_passwd_len (pwd->pw_passwd); +- if (pwd->pw_passwd[0] ++ if (pwd->pw_passwd[0] + && 0 != strcmp (pwd->pw_passwd, "x") /* don't check shadow passwords */ +- && !strncmp (pwd->pw_passwd, crypt (pwdstr, pwd->pw_passwd), passwdlen) + && uid) + { +- fputs (_("You cannot reuse the old password.\n"), stderr); +- return 0; ++ char *crypted = crypt(pwdstr, pwd->pw_passwd); ++ if(crypted == NULL) { ++ fputs (_("crypt() call failed.\n"), stderr); ++ return 0; ++ } ++ if(!strncmp (pwd->pw_passwd, crypted, passwdlen)) { ++ fputs (_("You cannot reuse the old password.\n"), stderr); ++ return 0; ++ } + } + + r = 0; +@@ -772,9 +778,16 @@ main (int argc, char **argv) + { + int passwdlen = get_passwd_len (pwd->pw_passwd); + char *sane_passwd = alloca (passwdlen + 1); ++ char *crypted; + strncpy (sane_passwd, pwd->pw_passwd, passwdlen); + sane_passwd[passwdlen] = 0; +- if (strcmp (crypt (s, sane_passwd), sane_passwd)) ++ crypted = crypt (s, sane_passwd); ++ if(crypted == NULL) ++ { ++ fprintf (stderr, _("Sorry - crypt() failed.\n")); ++ return 1; ++ } ++ if (strcmp (crypted, sane_passwd)) + { + fprintf (stderr, _("Sorry.\n")); + return 1; +@@ -789,6 +802,7 @@ main (int argc, char **argv) + char *error_msg; + #endif /* USE_CRACKLIB */ + char *buf, salt[37], *p = NULL; ++ char *crypted; + int tries = 0; + + buf = (char *) malloc (129); +@@ -869,7 +883,13 @@ main (int argc, char **argv) + break; + } + +- yppwd.newpw.pw_passwd = strdup (crypt (buf, salt)); ++ crypted = crypt (buf, salt); ++ if(crypted == NULL) { ++ fprintf (stderr, _("Sorry - crypt() failed.\n")); ++ return 1; ++ } else { ++ yppwd.newpw.pw_passwd = strdup (crypted); ++ } + } + + if (f_flag) diff --git a/SOURCES/yp-tools-2.12-hash.patch b/SOURCES/yp-tools-2.12-hash.patch new file mode 100644 index 0000000..e5aaa0b --- /dev/null +++ b/SOURCES/yp-tools-2.12-hash.patch @@ -0,0 +1,68 @@ +diff -up yp-tools-2.12/man/yppasswd.1.in.hash yp-tools-2.12/man/yppasswd.1.in +--- yp-tools-2.12/man/yppasswd.1.in.hash 2011-09-09 16:18:49.469037058 +0200 ++++ yp-tools-2.12/man/yppasswd.1.in 2011-09-09 16:20:19.101030930 +0200 +@@ -81,6 +81,12 @@ for authentication with the + .BR yppasswdd (8) + daemon. Subsequently, the + program prompts for the updated information: ++.P ++If we use shadowing passwords using passwd.adjunct, SHA-512 will be ++used for hashing a new password by default. If we want to use MD5, ++SHA_256 or older DES, we need to set the environment variable ++YP_PASSWD_HASH. Possible values are "DES", "MD5", "SHA-256" and ++"SHA-512" (value is case-insensitive). + .\" + .\" + .IP "\fByppasswd\fP or \fB-p\fP" +diff -up yp-tools-2.12/src/yppasswd.c.hash yp-tools-2.12/src/yppasswd.c +--- yp-tools-2.12/src/yppasswd.c.hash 2011-09-09 16:20:35.360029823 +0200 ++++ yp-tools-2.12/src/yppasswd.c 2011-09-09 16:25:21.589010245 +0200 +@@ -514,6 +514,32 @@ create_random_salt (char *salt, int num_ + close (fd); + } + ++ ++/* ++ * Reads environment variable YP_PASSWD_HASH and returns hash id. ++ * Possible values are MD5, SHA-256, SHA-512 and DES. ++ * If other value is set or it is not set at all, SHA-512 is used. ++ */ ++static int ++get_env_hash_id() ++{ ++ const char *v = getenv("YP_PASSWD_HASH"); ++ if (!v) ++ return SHA_512; ++ ++ if (!strcasecmp(v, "DES")) ++ return DES; ++ ++ if (!strcasecmp(v, "SHA-256")) ++ return SHA_256; ++ ++ if (!strcasecmp(v, "MD5")) ++ return MD5; ++ ++ return SHA_512; ++} ++ ++ + int + main (int argc, char **argv) + { +@@ -723,6 +749,15 @@ main (int argc, char **argv) + + hash_id = get_hash_id (pwd->pw_passwd); + ++ /* If we use passwd.adjunct, there is no magic value like $1$ in the ++ * beginning of password, but ##username instead. Thus, SHA_512 will be ++ * used for hashing a new password by default. If we want to use DES, ++ * MD5 or SHA_256, we need to set the environment variable ++ * YP_PASSWD_HASH (e.g. YP_PASSWD_HASH=DES). ++ */ ++ if (strncmp(pwd->pw_passwd, "##", 2) == 0) ++ hash_id = get_env_hash_id(); ++ + /* Preserve 'rounds=$' (if present) in case of SHA-2 */ + if (hash_id == SHA_256 || hash_id == SHA_512) + { diff --git a/SPECS/yp-tools.spec b/SPECS/yp-tools.spec new file mode 100644 index 0000000..44705e0 --- /dev/null +++ b/SPECS/yp-tools.spec @@ -0,0 +1,288 @@ +Summary: NIS (or YP) client programs +Name: yp-tools +Version: 2.14 +Release: 1%{?dist} +License: GPLv2 +Group: System Environment/Base +Source: http://www.linux-nis.org/download/yp-tools/yp-tools-%{version}.tar.bz2 +# Not sent to upstream +Patch0: yp-tools-2.11-shadow.patch +Patch3: yp-tools-2.12-hash.patch +Patch4: yp-tools-2.12-crypt.patch +Patch5: yp-tools-2.12-adjunct.patch +Url: http://www.linux-nis.org/nis/yp-tools/index.html +BuildRequires: autoconf, automake, gettext-devel +Requires: ypbind + +%description +The Network Information Service (NIS) is a system which provides +network information (login names, passwords, home directories, group +information) to all of the machines on a network. NIS can enable +users to login on any machine on the network, as long as the machine +has the NIS client programs running and the user's password is +recorded in the NIS passwd database. NIS was formerly known as Sun +Yellow Pages (YP). + +This package's NIS implementation is based on FreeBSD's YP and is a +special port for glibc 2.x and libc versions 5.4.21 and later. This +package only provides the NIS client programs. In order to use the +clients, you'll need to already have an NIS server running on your +network. An NIS server is provided in the ypserv package. + +Install the yp-tools package if you need NIS client programs for machines +on your network. You will also need to install the ypbind package on +every machine running NIS client programs. If you need an NIS server, +you'll need to install the ypserv package on one machine on the network. + +%prep +%setup -q +%patch0 -p1 -b .shadow +%patch3 -p1 -b .hash +%patch4 -p1 -b .crypt +%patch5 -p1 -b .adjunct +autoreconf -i -f + +%build +%configure --disable-domainname +make + +%install +make DESTDIR="$RPM_BUILD_ROOT" INSTALL_PROGRAM=install install + +%find_lang %name + +%files -f %{name}.lang +%doc AUTHORS COPYING README ChangeLog NEWS etc/nsswitch.conf +%doc THANKS TODO +%{_bindir}/* +%{_mandir}/*/* +%{_sbindir}/* +/var/yp/nicknames + +%changelog +* Mon May 06 2013 Honza Horak - 2.14-1 +- New upstream version 2.14 + +* Mon Mar 25 2013 Honza Horak - 2.12-13 +- Fix build for aarch64 + +* Fri Feb 15 2013 Fedora Release Engineering - 2.12-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Mon Sep 24 2012 Honza Horak - 2.12-12 +- Minor spec file fixes + +* Sun Jul 22 2012 Fedora Release Engineering - 2.12-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Wed Jul 11 2012 Honza Horak - 2.12-10 +- Minor spec file fixes + +* Mon Apr 23 2012 Honza Horak - 2.12-9 +- Do not check old passwords using passwd.adjunct feature +- Patch from Paul Wouters to handle crypt() returning NULL + Resolves: #814803 + +* Sat Jan 14 2012 Fedora Release Engineering - 2.12-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Fri Sep 09 2011 Honza Horak - 2.12-7 +- Added YP_PASSWD_HASH environment variable to set default + algorithm for hashing a new password + Resolves: #699666 + +* Wed May 04 2011 Honza Horak - 2.12-6 +- Applied -gethost patch to check return value + (rhbz#698619) + +* Fri Mar 18 2011 Honza Horak - 2.12-5 +- Applied -typo patch to fix a grammar mistake + (rhbz#668743) + +* Tue Feb 08 2011 Fedora Release Engineering - 2.12-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Tue Nov 23 2010 Karel Klic - 2.12-3 +- Reverted previous change + +* Tue Nov 23 2010 Karel Klic - 2.12-2 +- Added patch that removes ypclnt.c from being compiled into + ypmatch (rhbz#546149) + +* Fri Nov 19 2010 Karel Klic - 2.12-1 +- New upstream version + +* Fri Nov 19 2010 Karel Klic - 2.11-2 +- Added patch to fix yppasswd utility when used with shadow + passwords (rhbz#653921) +- Removed %%clean section + +* Tue Apr 20 2010 Karel Klic - 2.11-1 +- New upstream release +- MD5, SHA-2 passwords patch merged by upstream +- Removed BuildRoot tag + +* Thu Apr 15 2010 Karel Klic - 2.10-3 +- Added a new patch -passwords, which merges -md5 and -sha-2 patches + together, and adds proper MD5/SHA support to verifypassword() + #514061 + +* Mon Mar 01 2010 Karel Klic - 2.10-2 +- /var/yp is owned by the filesystem package (#569383) + +* Thu Dec 10 2009 Karel Klic - 2.10-1 +- Updated to new version +- Removed unnecessary obsoletes + +* Mon Aug 10 2009 Ville Skyttä - 2.9-8 +- Convert specfile to UTF-8. + +* Mon Jul 27 2009 Fedora Release Engineering - 2.9-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Mar 4 2009 Vitezslav Crhonek - 2.9-6 +- Add SHA-2 password hashes support + Resolves: #487607 + +* Wed Feb 25 2009 Fedora Release Engineering - 2.9-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Mon Aug 11 2008 Jason L Tibbitts III - 2.9-4 +- Fix license tag. + +* Mon Feb 11 2008 Vitezslav Crhonek - 2.9-3 +- Fix Buildroot + +* Tue Jul 31 2007 Steve Dickson 2.9-1 +- Changed install process to create an useful debuginfo package (bz 249961) + +* Wed Jul 12 2006 Jesse Keating - 2.9-0.1 +- rebuild + +* Mon Feb 13 2006 Chris Feist - 2.9-0 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 2.8-8.2 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Fri Jun 18 2004 Alan Cox +- Fix buffer overflow (non security) thanks to D Binderman + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Fri Feb 13 2004 Elliot Lee +- rebuilt + +* Wed Jun 04 2003 Elliot Lee +- rebuilt + +* Wed Apr 23 2003 Steve Dickson +- Update to 2.7 from upstream +- Updated yppasswd md5 patch + +* Wed Jan 22 2003 Tim Powers +- rebuilt + +* Mon Nov 18 2002 Tim Powers +- rebuild on all arches + +* Wed Aug 28 2002 Nalin Dahyabhai 2.7-3 +- properly terminate an alloca'ed string in yppasswd which would lead to + improper rejection of the request if the user's pw_passwd was visible + +* Fri Jun 21 2002 Tim Powers +- automated rebuild + +* Tue Jun 11 2002 Alexander Larsson +- Update to 2.7 from upstream +- Updated yppasswd md5 patch + +* Thu May 23 2002 Tim Powers +- automated rebuild + +* Mon Mar 25 2002 Alex Larsson 2.6-4 +- Updated passwd patch with Nalins comments + +* Fri Mar 22 2002 Alex Larsson 2.6-3 +- Add patch that handles MD5 passwords and HPU/X password aging. +- This should hopefully fix #19045 and #22667 + +* Wed Jan 09 2002 Tim Powers +- automated rebuild + +* Tue Jul 24 2001 Florian La Roche +- own /var/yp + +* Sun Jun 24 2001 Elliot Lee +- Bump release + rebuild. + +* Mon Feb 26 2001 Trond Eivind Glomsrød +- langify + +* Wed Sep 27 2000 Florian La Roche +- add another security patch + +* Sun Aug 20 2000 Florian La Roche +- allow passwords up to 128 characters + +* Tue Aug 15 2000 Nalin Dahyabhai +- change License from GNU to GPL +- fix handling of defaults in ypchfn (#13830) + +* Thu Jul 13 2000 Prospector +- automatic rebuild + +* Sun Jun 18 2000 Matt Wilson +- use %%{_mandir} + +* Thu Feb 03 2000 Cristian Gafton +- man pages are compressed +- version 2.4 + +* Tue Oct 26 1999 Bill Nottingham +- get rid of bogus messages. + +* Fri Aug 27 1999 Preston Brown +- patched /var/yp/nicknames so that hosts resolves to hosts.byname, +- not hosts.byaddr (bug # 2389) + +* Sun May 30 1999 Jeff Johnson +- update to 2.3. + +* Fri Apr 16 1999 Cristian Gafton +- version 2.2 +- make it obsolete older yp-clients package + +* Sun Mar 21 1999 Cristian Gafton +- auto rebuild in the new build environment (release 3) + +* Thu Dec 17 1998 Cristian Gafton +- build for glibc 2/1 +- version 2.1 +- require ypbind + +* Fri Jun 12 1998 Aron Griffis +- upgraded to 2.0 + +* Thu May 07 1998 Prospector System +- translations modified for de, fr, tr + +* Mon Apr 13 1998 Cristian Gafton +- upgraded to 1.4.1 + +* Thu Dec 04 1997 Cristian Gafton +- put yppasswd again in the package, 'cause it is the right thing to do + (sorry djb!) +- obsoletes old, unmaintained yppasswd package + +* Sat Nov 01 1997 Donnie Barnes +- removed yppasswd from this package. + +* Fri Oct 31 1997 Donnie Barnes +- pulled from contrib into distribution (got fresh sources). Thanks + to Thorsten Kukuk for the original. +- used fresh sources