diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..496f899 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/v4.2.3.tar.gz diff --git a/.yp-tools.metadata b/.yp-tools.metadata new file mode 100644 index 0000000..454b8e4 --- /dev/null +++ b/.yp-tools.metadata @@ -0,0 +1 @@ +cc4a69be612195ccd5ddcc9bc39f01d4e1a8041b SOURCES/v4.2.3.tar.gz diff --git a/SOURCES/yp-tools-2.12-adjunct.patch b/SOURCES/yp-tools-2.12-adjunct.patch new file mode 100644 index 0000000..a32b69d --- /dev/null +++ b/SOURCES/yp-tools-2.12-adjunct.patch @@ -0,0 +1,11 @@ +diff -up yp-tools-2.12/src/yppasswd.c.adjunct yp-tools-2.12/src/yppasswd.c +--- yp-tools-2.12/src/yppasswd.c.adjunct 2012-04-23 13:17:47.000988833 +0200 ++++ yp-tools-2.12/src/yppasswd.c 2012-04-23 13:18:01.209802938 +0200 +@@ -774,6 +775,7 @@ + /* We can't check the password with shadow passwords enabled. We + * leave the checking to yppasswdd */ + if (uid != 0 && strcmp (pwd->pw_passwd, "x") != 0 && ++ 0 != strncmp (pwd->pw_passwd, "##", 2) && /* don't check passwords using passwd.adjunct feature */ + strcmp (pwd->pw_passwd, hashpass ) != 0) + { + int passwdlen = get_passwd_len (pwd->pw_passwd); diff --git a/SOURCES/yp-tools-2.12-crypt.patch b/SOURCES/yp-tools-2.12-crypt.patch new file mode 100644 index 0000000..5e8ca41 --- /dev/null +++ b/SOURCES/yp-tools-2.12-crypt.patch @@ -0,0 +1,44 @@ +diff -up yp-tools-2.12/src/yppasswd.c.crypt yp-tools-2.12/src/yppasswd.c +--- yp-tools-2.12/src/yppasswd.c.crypt 2012-04-23 13:01:35.599721168 +0200 ++++ yp-tools-2.12/src/yppasswd.c 2012-04-23 13:16:18.251261293 +0200 +@@ -772,9 +778,16 @@ main (int argc, char **argv) + { + int passwdlen = get_passwd_len (pwd->pw_passwd); + char *sane_passwd = alloca (passwdlen + 1); ++ char *crypted; + strncpy (sane_passwd, pwd->pw_passwd, passwdlen); + sane_passwd[passwdlen] = 0; +- if (strcmp (crypt (s, sane_passwd), sane_passwd)) ++ crypted = crypt (s, sane_passwd); ++ if(crypted == NULL) ++ { ++ fprintf (stderr, _("Sorry - crypt() failed.\n")); ++ return 1; ++ } ++ if (strcmp (crypted, sane_passwd)) + { + fprintf (stderr, _("Sorry.\n")); + return 1; +@@ -789,6 +802,7 @@ main (int argc, char **argv) + char *error_msg; + #endif /* USE_CRACKLIB */ + char *buf, salt[37], *p = NULL; ++ char *crypted; + int tries = 0; + + buf = (char *) malloc (129); +@@ -869,7 +883,13 @@ main (int argc, char **argv) + break; + } + +- yppwd.newpw.pw_passwd = strdup (crypt (buf, salt)); ++ crypted = crypt (buf, salt); ++ if(crypted == NULL) { ++ fprintf (stderr, _("Sorry - crypt() failed.\n")); ++ return 1; ++ } else { ++ yppwd.newpw.pw_passwd = strdup (crypted); ++ } + } + + if (f_flag) diff --git a/SOURCES/yp-tools-2.12-hash.patch b/SOURCES/yp-tools-2.12-hash.patch new file mode 100644 index 0000000..e5aaa0b --- /dev/null +++ b/SOURCES/yp-tools-2.12-hash.patch @@ -0,0 +1,68 @@ +diff -up yp-tools-2.12/man/yppasswd.1.in.hash yp-tools-2.12/man/yppasswd.1.in +--- yp-tools-2.12/man/yppasswd.1.in.hash 2011-09-09 16:18:49.469037058 +0200 ++++ yp-tools-2.12/man/yppasswd.1.in 2011-09-09 16:20:19.101030930 +0200 +@@ -81,6 +81,12 @@ for authentication with the + .BR yppasswdd (8) + daemon. Subsequently, the + program prompts for the updated information: ++.P ++If we use shadowing passwords using passwd.adjunct, SHA-512 will be ++used for hashing a new password by default. If we want to use MD5, ++SHA_256 or older DES, we need to set the environment variable ++YP_PASSWD_HASH. Possible values are "DES", "MD5", "SHA-256" and ++"SHA-512" (value is case-insensitive). + .\" + .\" + .IP "\fByppasswd\fP or \fB-p\fP" +diff -up yp-tools-2.12/src/yppasswd.c.hash yp-tools-2.12/src/yppasswd.c +--- yp-tools-2.12/src/yppasswd.c.hash 2011-09-09 16:20:35.360029823 +0200 ++++ yp-tools-2.12/src/yppasswd.c 2011-09-09 16:25:21.589010245 +0200 +@@ -514,6 +514,32 @@ create_random_salt (char *salt, int num_ + close (fd); + } + ++ ++/* ++ * Reads environment variable YP_PASSWD_HASH and returns hash id. ++ * Possible values are MD5, SHA-256, SHA-512 and DES. ++ * If other value is set or it is not set at all, SHA-512 is used. ++ */ ++static int ++get_env_hash_id() ++{ ++ const char *v = getenv("YP_PASSWD_HASH"); ++ if (!v) ++ return SHA_512; ++ ++ if (!strcasecmp(v, "DES")) ++ return DES; ++ ++ if (!strcasecmp(v, "SHA-256")) ++ return SHA_256; ++ ++ if (!strcasecmp(v, "MD5")) ++ return MD5; ++ ++ return SHA_512; ++} ++ ++ + int + main (int argc, char **argv) + { +@@ -723,6 +749,15 @@ main (int argc, char **argv) + + hash_id = get_hash_id (pwd->pw_passwd); + ++ /* If we use passwd.adjunct, there is no magic value like $1$ in the ++ * beginning of password, but ##username instead. Thus, SHA_512 will be ++ * used for hashing a new password by default. If we want to use DES, ++ * MD5 or SHA_256, we need to set the environment variable ++ * YP_PASSWD_HASH (e.g. YP_PASSWD_HASH=DES). ++ */ ++ if (strncmp(pwd->pw_passwd, "##", 2) == 0) ++ hash_id = get_env_hash_id(); ++ + /* Preserve 'rounds=$' (if present) in case of SHA-2 */ + if (hash_id == SHA_256 || hash_id == SHA_512) + { diff --git a/SOURCES/yp-tools-4.2.2-strict-prototypes.patch b/SOURCES/yp-tools-4.2.2-strict-prototypes.patch new file mode 100644 index 0000000..546eb6a --- /dev/null +++ b/SOURCES/yp-tools-4.2.2-strict-prototypes.patch @@ -0,0 +1,11 @@ +--- yp-tools-yp-tools-4.2.2/src/yppasswd.c.strict-protorypes 2017-02-21 15:51:03.452034055 +0100 ++++ yp-tools-yp-tools-4.2.2/src/yppasswd.c 2017-02-21 15:51:14.996030455 +0100 +@@ -547,7 +547,7 @@ create_random_salt (char *salt, int num_ + * If other value is set or it is not set at all, SHA-512 is used. + */ + static int +-get_env_hash_id() ++get_env_hash_id(void) + { + const char *v = getenv("YP_PASSWD_HASH"); + if (!v) diff --git a/SPECS/yp-tools.spec b/SPECS/yp-tools.spec new file mode 100644 index 0000000..ba87cf5 --- /dev/null +++ b/SPECS/yp-tools.spec @@ -0,0 +1,352 @@ +Summary: NIS (or YP) client programs +Name: yp-tools +Version: 4.2.3 +Release: 1%{?dist} +License: GPLv2 +Group: System Environment/Base +Source: https://github.com/thkukuk/yp-tools/archive/v%{version}.tar.gz +Patch1: yp-tools-2.12-hash.patch +Patch2: yp-tools-2.12-crypt.patch +Patch3: yp-tools-2.12-adjunct.patch +Patch4: yp-tools-4.2.2-strict-prototypes.patch +Url: http://www.linux-nis.org/nis/yp-tools/index.html +BuildRequires: autoconf, automake, gettext-devel, libtool, libtirpc-devel, libnsl2-devel +Requires: ypbind >= 3:2.4-2 +Requires: glibc + +%global __filter_GLIBC_PRIVATE 1 + +%description +The Network Information Service (NIS) is a system which provides +network information (login names, passwords, home directories, groupinformation) to all of the machines on a network. NIS can enable +information) to all of the machines on a network. NIS can enable +users to login on any machine on the network, as long as the machine +has the NIS client programs running and the user's password is +recorded in the NIS passwd database. NIS was formerly known as Sun +Yellow Pages (YP). + +This package's NIS implementation is based on FreeBSD's YP and is a +special port for glibc 2.x and libc versions 5.4.21 and later. This +package only provides the NIS client programs. In order to use the +clients, you'll need to already have an NIS server running on your +network. An NIS server is provided in the ypserv package. + +Install the yp-tools package if you need NIS client programs for machines +on your network. You will also need to install the ypbind package on +every machine running NIS client programs. If you need an NIS server, +you'll need to install the ypserv package on one machine on the network. + +%package devel +Summary: NIS (or YP) client programs +Group: System Environment/Base +Requires: yp-tools + +%description devel +Install yp-tools-devel package for developing applications that use yp-tools + + +%prep +%setup -q -n %{name}-%{version} +%patch1 -p1 -b .hash +%patch2 -p1 -b .crypt +%patch3 -p1 -b .adjunct +%patch4 -p1 -b .strict-prototypes + + +autoreconf -i -f -v + +%build + +export CFLAGS="$CFLAGS %{optflags} -Wno-cast-function-type" + +%configure --disable-domainname + +%make_build + +%install +make DESTDIR="$RPM_BUILD_ROOT" INSTALL_PROGRAM=install install + +%find_lang %name + +%files -f %{name}.lang +%doc AUTHORS COPYING README ChangeLog NEWS etc/nsswitch.conf +%doc THANKS +%{_bindir}/* + + +%{_mandir}/*/* +%{_sbindir}/* +/var/yp/nicknames + +%changelog +* Thu Apr 19 2018 Petr Kubat - 4.2.3-1 +- Update to version 4.2.3 + +* Thu Mar 15 2018 Matej Mužila - 4.2.2-7 +- Disable cast-function-type warning + +* Fri Feb 09 2018 Fedora Release Engineering - 4.2.2-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Sat Jan 20 2018 Björn Esser - 4.2.2-5 +- Rebuilt for switch to libxcrypt + +* Thu Aug 03 2017 Fedora Release Engineering - 4.2.2-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 4.2.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Mon May 29 2017 Matej Mužila - 4.2.2-2 +- Require ypbind >= 3:2.4-2 + +* Fri May 19 2017 Matej Mužila - 4.2.2-1 +- Update to version 4.2.2 supporting IPv6 + +* Sat Feb 11 2017 Fedora Release Engineering - 2.14-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Mon Nov 28 2016 Petr Kubat - 2.14-7 +- Modified passwd.adjunct patch by Gilbert E. Detillieux (#1297955) + +* Fri Feb 05 2016 Fedora Release Engineering - 2.14-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Fri Jun 19 2015 Fedora Release Engineering - 2.14-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Mon Aug 18 2014 Fedora Release Engineering - 2.14-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jun 07 2014 Fedora Release Engineering - 2.14-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Sun Aug 04 2013 Fedora Release Engineering - 2.14-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Mon May 06 2013 Honza Horak - 2.14-1 +- New upstream version 2.14 + +* Mon Mar 25 2013 Honza Horak - 2.12-13 +- Fix build for aarch64 + +* Fri Feb 15 2013 Fedora Release Engineering - 2.12-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Mon Sep 24 2012 Honza Horak - 2.12-12 +- Minor spec file fixes + +* Sun Jul 22 2012 Fedora Release Engineering - 2.12-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Wed Jul 11 2012 Honza Horak - 2.12-10 +- Minor spec file fixes + +* Mon Apr 23 2012 Honza Horak - 2.12-9 +- Do not check old passwords using passwd.adjunct feature +- Patch from Paul Wouters to handle crypt() returning NULL + Resolves: #814803 + +* Sat Jan 14 2012 Fedora Release Engineering - 2.12-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Fri Sep 09 2011 Honza Horak - 2.12-7 +- Added YP_PASSWD_HASH environment variable to set default + algorithm for hashing a new password + Resolves: #699666 + +* Wed May 04 2011 Honza Horak - 2.12-6 +- Applied -gethost patch to check return value + (rhbz#698619) + +* Fri Mar 18 2011 Honza Horak - 2.12-5 +- Applied -typo patch to fix a grammar mistake + (rhbz#668743) + +* Tue Feb 08 2011 Fedora Release Engineering - 2.12-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Tue Nov 23 2010 Karel Klic - 2.12-3 +- Reverted previous change + +* Tue Nov 23 2010 Karel Klic - 2.12-2 +- Added patch that removes ypclnt.c from being compiled into + ypmatch (rhbz#546149) + +* Fri Nov 19 2010 Karel Klic - 2.12-1 +- New upstream version + +* Fri Nov 19 2010 Karel Klic - 2.11-2 +- Added patch to fix yppasswd utility when used with shadow + passwords (rhbz#653921) +- Removed %%clean section + +* Tue Apr 20 2010 Karel Klic - 2.11-1 +- New upstream release +- MD5, SHA-2 passwords patch merged by upstream +- Removed BuildRoot tag + +* Thu Apr 15 2010 Karel Klic - 2.10-3 +- Added a new patch -passwords, which merges -md5 and -sha-2 patches + together, and adds proper MD5/SHA support to verifypassword() + #514061 + +* Mon Mar 01 2010 Karel Klic - 2.10-2 +- /var/yp is owned by the filesystem package (#569383) + +* Thu Dec 10 2009 Karel Klic - 2.10-1 +- Updated to new version +- Removed unnecessary obsoletes + +* Mon Aug 10 2009 Ville Skyttä - 2.9-8 +- Convert specfile to UTF-8. + +* Mon Jul 27 2009 Fedora Release Engineering - 2.9-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Mar 4 2009 Vitezslav Crhonek - 2.9-6 +- Add SHA-2 password hashes support + Resolves: #487607 + +* Wed Feb 25 2009 Fedora Release Engineering - 2.9-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Mon Aug 11 2008 Jason L Tibbitts III - 2.9-4 +- Fix license tag. + +* Mon Feb 11 2008 Vitezslav Crhonek - 2.9-3 +- Fix Buildroot + +* Tue Jul 31 2007 Steve Dickson 2.9-1 +- Changed install process to create an useful debuginfo package (bz 249961) + +* Wed Jul 12 2006 Jesse Keating - 2.9-0.1 +- rebuild + +* Mon Feb 13 2006 Chris Feist - 2.9-0 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 2.8-8.2 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Fri Jun 18 2004 Alan Cox +- Fix buffer overflow (non security) thanks to D Binderman + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Fri Feb 13 2004 Elliot Lee +- rebuilt + +* Wed Jun 04 2003 Elliot Lee +- rebuilt + +* Wed Apr 23 2003 Steve Dickson +- Update to 2.7 from upstream +- Updated yppasswd md5 patch + +* Wed Jan 22 2003 Tim Powers +- rebuilt + +* Mon Nov 18 2002 Tim Powers +- rebuild on all arches + +* Wed Aug 28 2002 Nalin Dahyabhai 2.7-3 +- properly terminate an alloca'ed string in yppasswd which would lead to + improper rejection of the request if the user's pw_passwd was visible + +* Fri Jun 21 2002 Tim Powers +- automated rebuild + +* Tue Jun 11 2002 Alexander Larsson +- Update to 2.7 from upstream +- Updated yppasswd md5 patch + +* Thu May 23 2002 Tim Powers +- automated rebuild + +* Mon Mar 25 2002 Alex Larsson 2.6-4 +- Updated passwd patch with Nalins comments + +* Fri Mar 22 2002 Alex Larsson 2.6-3 +- Add patch that handles MD5 passwords and HPU/X password aging. +- This should hopefully fix #19045 and #22667 + +* Wed Jan 09 2002 Tim Powers +- automated rebuild + +* Tue Jul 24 2001 Florian La Roche +- own /var/yp + +* Sun Jun 24 2001 Elliot Lee +- Bump release + rebuild. + +* Mon Feb 26 2001 Trond Eivind Glomsrød +- langify + +* Wed Sep 27 2000 Florian La Roche +- add another security patch + +* Sun Aug 20 2000 Florian La Roche +- allow passwords up to 128 characters + +* Tue Aug 15 2000 Nalin Dahyabhai +- change License from GNU to GPL +- fix handling of defaults in ypchfn (#13830) + +* Thu Jul 13 2000 Prospector +- automatic rebuild + +* Sun Jun 18 2000 Matt Wilson +- use %%{_mandir} + +* Thu Feb 03 2000 Cristian Gafton +- man pages are compressed +- version 2.4 + +* Tue Oct 26 1999 Bill Nottingham +- get rid of bogus messages. + +* Fri Aug 27 1999 Preston Brown +- patched /var/yp/nicknames so that hosts resolves to hosts.byname, +- not hosts.byaddr (bug # 2389) + +* Sun May 30 1999 Jeff Johnson +- update to 2.3. + +* Fri Apr 16 1999 Cristian Gafton +- version 2.2 +- make it obsolete older yp-clients package + +* Sun Mar 21 1999 Cristian Gafton +- auto rebuild in the new build environment (release 3) + +* Thu Dec 17 1998 Cristian Gafton +- build for glibc 2/1 +- version 2.1 +- require ypbind + +* Fri Jun 12 1998 Aron Griffis +- upgraded to 2.0 + +* Thu May 07 1998 Prospector System +- translations modified for de, fr, tr + +* Mon Apr 13 1998 Cristian Gafton +- upgraded to 1.4.1 + +* Thu Dec 04 1997 Cristian Gafton +- put yppasswd again in the package, 'cause it is the right thing to do + (sorry djb!) +- obsoletes old, unmaintained yppasswd package + +* Sat Nov 01 1997 Donnie Barnes +- removed yppasswd from this package. + +* Fri Oct 31 1997 Donnie Barnes +- pulled from contrib into distribution (got fresh sources). Thanks + to Thorsten Kukuk for the original. +- used fresh sources